mirror of
https://github.com/curl/curl.git
synced 2026-07-04 12:27:15 +03:00
bearssl: improved session handling, test exceptions
Add length to session saves, making it clear that we are storing a byte blob and allowing memcmp() on sameness check. Remove some pytest skips for bearssl to see if they now work properly in CI. Closes #15395
This commit is contained in:
parent
30f66c8ba4
commit
358eae42a4
3 changed files with 8 additions and 11 deletions
|
|
@ -609,12 +609,15 @@ static CURLcode bearssl_connect_step1(struct Curl_cfilter *cf,
|
|||
br_ssl_engine_set_x509(&backend->ctx.eng, &backend->x509.vtable);
|
||||
|
||||
if(ssl_config->primary.cache_session) {
|
||||
void *session;
|
||||
void *sdata;
|
||||
size_t slen;
|
||||
const br_ssl_session_parameters *session;
|
||||
|
||||
CURL_TRC_CF(data, cf, "connect_step1, check session cache");
|
||||
Curl_ssl_sessionid_lock(data);
|
||||
if(!Curl_ssl_getsessionid(cf, data, &connssl->peer,
|
||||
&session, NULL, NULL)) {
|
||||
if(!Curl_ssl_getsessionid(cf, data, &connssl->peer, &sdata, &slen, NULL) &&
|
||||
slen == sizeof(*session)) {
|
||||
session = sdata;
|
||||
br_ssl_engine_set_session_parameters(&backend->ctx.eng, session);
|
||||
session_set = 1;
|
||||
infof(data, "BearSSL: reusing session ID");
|
||||
|
|
@ -836,7 +839,8 @@ static CURLcode bearssl_connect_step3(struct Curl_cfilter *cf,
|
|||
return CURLE_OUT_OF_MEMORY;
|
||||
br_ssl_engine_get_session_parameters(&backend->ctx.eng, session);
|
||||
Curl_ssl_sessionid_lock(data);
|
||||
ret = Curl_ssl_set_sessionid(cf, data, &connssl->peer, NULL, session, 0,
|
||||
ret = Curl_ssl_set_sessionid(cf, data, &connssl->peer, NULL,
|
||||
session, sizeof(*session),
|
||||
bearssl_session_free);
|
||||
Curl_ssl_sessionid_unlock(data);
|
||||
if(ret)
|
||||
|
|
|
|||
|
|
@ -474,12 +474,6 @@ class TestDownload:
|
|||
# make extreme parallel h2 upgrades, check invalid conn reuse
|
||||
# before protocol switch has happened
|
||||
def test_02_25_h2_upgrade_x(self, env: Env, httpd, repeat):
|
||||
# not locally reproducible timeouts with certain SSL libs
|
||||
# Since this test is about connection reuse handling, we skip
|
||||
# it on these builds. Although we would certainly like to understand
|
||||
# why this happens.
|
||||
if env.curl_uses_lib('bearssl'):
|
||||
pytest.skip('CI workflows timeout on bearssl build')
|
||||
url = f'http://localhost:{env.http_port}/data-100k'
|
||||
client = LocalClient(name='h2-upgrade-extreme', env=env, timeout=15)
|
||||
if not client.exists():
|
||||
|
|
|
|||
|
|
@ -35,7 +35,6 @@ from testenv import Env, CurlClient
|
|||
log = logging.getLogger(__name__)
|
||||
|
||||
|
||||
@pytest.mark.skipif(condition=Env.curl_uses_lib('bearssl'), reason='BearSSL too slow')
|
||||
@pytest.mark.skipif(condition=not Env.have_ssl_curl(), reason="curl without SSL")
|
||||
class TestReuse:
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue