ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Documentation of TLSSocket behavior on AUTH_FAILURE

pull/9392/head
Michal Paszta 2019-01-16 09:18:34 +01:00
parent 31579fe4bb
commit 2cda5d28b8
6 changed files with 20 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
UNITTESTS/features/netsocket/DTLSSocketWrapper/test_DTLSSocketWrapper.cpp
View File

@ -163,7 +163,7 @@ TEST_F(TestDTLSSocketWrapper, connect_fail_ctr_drbg_seed)
stack.return_value = NSAPI_ERROR_OK; stack.return_value = NSAPI_ERROR_OK;
const SocketAddress a("127.0.0.1", 1024); const SocketAddress a("127.0.0.1", 1024);
stack.return_socketAddress = a; stack.return_socketAddress = a;
EXPECT_EQ(wrapper->connect(a), NSAPI_ERROR_PARAMETER); EXPECT_EQ(wrapper->connect(a), NSAPI_ERROR_AUTH_FAILURE);
mbedtls_stub.crt_expected_int = 0; mbedtls_stub.crt_expected_int = 0;
} }
@ -175,7 +175,7 @@ TEST_F(TestDTLSSocketWrapper, connect_fail_ssl_setup)
stack.return_value = NSAPI_ERROR_OK; stack.return_value = NSAPI_ERROR_OK;
const SocketAddress a("127.0.0.1", 1024); const SocketAddress a("127.0.0.1", 1024);
stack.return_socketAddress = a; stack.return_socketAddress = a;
EXPECT_EQ(wrapper->connect(a), NSAPI_ERROR_PARAMETER); EXPECT_EQ(wrapper->connect(a), NSAPI_ERROR_AUTH_FAILURE);
} }
/* send */ /* send */

4
UNITTESTS/features/netsocket/TLSSocketWrapper/test_TLSSocketWrapper.cpp
View File

@ -159,7 +159,7 @@ TEST_F(TestTLSSocketWrapper, connect_fail_ctr_drbg_seed)
mbedtls_stub.crt_expected_int = 1; // mbedtls_ctr_drbg_seed error mbedtls_stub.crt_expected_int = 1; // mbedtls_ctr_drbg_seed error
stack.return_value = NSAPI_ERROR_OK; stack.return_value = NSAPI_ERROR_OK;
const SocketAddress a("127.0.0.1", 1024); const SocketAddress a("127.0.0.1", 1024);
EXPECT_EQ(wrapper->connect(a), NSAPI_ERROR_PARAMETER); EXPECT_EQ(wrapper->connect(a), NSAPI_ERROR_AUTH_FAILURE);
mbedtls_stub.crt_expected_int = 0; mbedtls_stub.crt_expected_int = 0;
} }
@ -171,7 +171,7 @@ TEST_F(TestTLSSocketWrapper, connect_fail_ssl_setup)
mbedtls_stub.retArray[1] = 2; // mbedtls_ssl_setup error mbedtls_stub.retArray[1] = 2; // mbedtls_ssl_setup error
stack.return_value = NSAPI_ERROR_OK; stack.return_value = NSAPI_ERROR_OK;
const SocketAddress a("127.0.0.1", 1024); const SocketAddress a("127.0.0.1", 1024);
EXPECT_EQ(wrapper->connect(a), NSAPI_ERROR_PARAMETER); EXPECT_EQ(wrapper->connect(a), NSAPI_ERROR_AUTH_FAILURE);
} }
TEST_F(TestTLSSocketWrapper, connect_handshake_fail_ssl_handshake) TEST_F(TestTLSSocketWrapper, connect_handshake_fail_ssl_handshake)

3
features/netsocket/Socket.h
View File

@ -64,6 +64,9 @@ public:
* To reset the peer address, there must be zero initialized(default constructor) SocketAddress * To reset the peer address, there must be zero initialized(default constructor) SocketAddress
* objects in the address parameter. * objects in the address parameter.
* *
* @note If connect() fails it is recommended to close the Socket and create
* a new one before attempting to reconnect.
*
* @param address The SocketAddress of the remote peer. * @param address The SocketAddress of the remote peer.
* @return NSAPI_ERROR_OK on success, negative error code on failure. * @return NSAPI_ERROR_OK on success, negative error code on failure.
*/ */

3
features/netsocket/TLSSocket.h
View File

@ -82,6 +82,9 @@ public:
* Initiates a connection to a remote server specified by either * Initiates a connection to a remote server specified by either
* a domain name or an IP address and port. * a domain name or an IP address and port.
* *
* @note: In case connect() returns NSAPI_ERROR_AUTH_FAILURE,
* the socket must be freed either by calling close() or destroying it.
*
* @param host Hostname of the remote host. * @param host Hostname of the remote host.
* @param port Port of the remote host. * @param port Port of the remote host.
* @return 0 on success, negative error code on failure. * @return 0 on success, negative error code on failure.

4
features/netsocket/TLSSocketWrapper.cpp
View File

@ -171,7 +171,7 @@ nsapi_error_t TLSSocketWrapper::start_handshake(bool first_call)
(const unsigned char *) DRBG_PERS, (const unsigned char *) DRBG_PERS,
sizeof(DRBG_PERS))) != 0) { sizeof(DRBG_PERS))) != 0) {
print_mbedtls_error("mbedtls_crt_drbg_init", ret); print_mbedtls_error("mbedtls_crt_drbg_init", ret);
return NSAPI_ERROR_PARAMETER; return NSAPI_ERROR_AUTH_FAILURE;
} }
mbedtls_ssl_conf_rng(get_ssl_config(), mbedtls_ctr_drbg_random, &_ctr_drbg); mbedtls_ssl_conf_rng(get_ssl_config(), mbedtls_ctr_drbg_random, &_ctr_drbg);
@ -186,7 +186,7 @@ nsapi_error_t TLSSocketWrapper::start_handshake(bool first_call)
tr_debug("mbedtls_ssl_setup()"); tr_debug("mbedtls_ssl_setup()");
if ((ret = mbedtls_ssl_setup(&_ssl, get_ssl_config())) != 0) { if ((ret = mbedtls_ssl_setup(&_ssl, get_ssl_config())) != 0) {
print_mbedtls_error("mbedtls_ssl_setup", ret); print_mbedtls_error("mbedtls_ssl_setup", ret);
return NSAPI_ERROR_PARAMETER; return NSAPI_ERROR_AUTH_FAILURE;
} }
_transport->set_blocking(false); _transport->set_blocking(false);

9
features/netsocket/TLSSocketWrapper.h
View File

@ -76,6 +76,8 @@ public:
void set_hostname(const char *hostname); void set_hostname(const char *hostname);
/** Sets the certification of Root CA. /** Sets the certification of Root CA.
*
* @note Must be called before calling connect()
* *
* @param root_ca Root CA Certificate in any Mbed TLS-supported format. * @param root_ca Root CA Certificate in any Mbed TLS-supported format.
* @param len Length of certificate (including terminating 0 for PEM). * @param len Length of certificate (including terminating 0 for PEM).
@ -84,9 +86,10 @@ public:
nsapi_error_t set_root_ca_cert(const void *root_ca, size_t len); nsapi_error_t set_root_ca_cert(const void *root_ca, size_t len);
/** Sets the certification of Root CA. /** Sets the certification of Root CA.
*
* @note Must be called before calling connect()
* *
* @param root_ca_pem Root CA Certificate in PEM format. * @param root_ca_pem Root CA Certificate in PEM format.
* @return 0 on success, negative error code on failure.
*/ */
nsapi_error_t set_root_ca_cert(const char *root_ca_pem); nsapi_error_t set_root_ca_cert(const char *root_ca_pem);
@ -136,6 +139,10 @@ public:
/* = Functions inherited from Socket = */ /* = Functions inherited from Socket = */
virtual nsapi_error_t close(); virtual nsapi_error_t close();
/*
* @note: In case connect() returns an error, the state of the socket is
* unspecified. A new socket should be created before reconnecting.
*/
virtual nsapi_error_t connect(const SocketAddress &address = SocketAddress()); virtual nsapi_error_t connect(const SocketAddress &address = SocketAddress());
virtual nsapi_size_or_error_t sendto(const SocketAddress &address, const void *data, nsapi_size_t size); virtual nsapi_size_or_error_t sendto(const SocketAddress &address, const void *data, nsapi_size_t size);
virtual nsapi_size_or_error_t recvfrom(SocketAddress *address, virtual nsapi_size_or_error_t recvfrom(SocketAddress *address,