mirror of https://github.com/ARMmbed/mbed-os.git
Add missing documentation about tls testing
Marcin Tomczyk
parent
d8c2c6f97f
commit
da8dbca561
|
|
@ -51,7 +51,7 @@ echo.mbedcloudtesting.com has IPv6 address 2a05:d018:21f:3800:8584:60f8:bc9f:e61
|
|||
|
||||
- Echo protocol, [RFC 862](https://tools.ietf.org/html/rfc862) is enabled on both TCP and UDP on port 7. Port 2007 for TLS
|
||||
- Discard protocol, [RFC 863](https://tools.ietf.org/html/rfc863) is enabled in both TCP and UDP on port 9. Port 2009 for TLS.
|
||||
- Character generator protocol, [RFC 864](https://tools.ietf.org/html/rfc864) is enabled in both TCP and UDP on port 19. Output pattern should follow the proposed example pattern in RFC.
|
||||
- Character generator protocol, [RFC 864](https://tools.ietf.org/html/rfc864) is enabled in both TCP and UDP on port 19. Port 2019 for TLS. Output pattern should follow the proposed example pattern in RFC.
|
||||
- Daytime protocol, [RFC 867](https://tools.ietf.org/html/rfc867) in both TCP and UDP on port 13. Port 2013 for TLS.
|
||||
- Time protocol, [RFC 868](https://tools.ietf.org/html/rfc868) in both TCP and UDP on port 37.
|
||||
|
||||
|
|
@ -80,6 +80,82 @@ daytime stream tcp6 nowait root internal
|
|||
time stream tcp6 nowait root internal
|
||||
```
|
||||
|
||||
Below is an example of how to install these services in TLS version into a Debian/Ubuntu based Linux distribution using Stunnel4 Daemon:
|
||||
|
||||
```.sh
|
||||
$ sudo apt install stunnel4
|
||||
$ nano /etc/stunnel/stunnel.conf
|
||||
```
|
||||
|
||||
Enable following services from /etc/inetd.conf:
|
||||
|
||||
```
|
||||
; **************************************************************************
|
||||
; * Service definitions (remove all services for inetd mode) *
|
||||
; **************************************************************************
|
||||
|
||||
[echo]
|
||||
accept = :::2007
|
||||
connect = 7
|
||||
cert = /etc/letsencrypt/live/<test_server_url>/fullchain.pem
|
||||
key = /etc/letsencrypt/live/<test_server_url>/privkey.pem
|
||||
|
||||
[discard]
|
||||
accept = :::2009
|
||||
connect = 9
|
||||
cert = /etc/letsencrypt/live/<test_server_url>/fullchain.pem
|
||||
key = /etc/letsencrypt/live/<test_server_url>/privkey.pem
|
||||
|
||||
[daytime]
|
||||
accept = :::2013
|
||||
connect = 13
|
||||
cert =/etc/letsencrypt/live/<test_server_url>/fullchain.pem
|
||||
key = /etc/letsencrypt/live/<test_server_url>/privkey.pem
|
||||
|
||||
[chargen]
|
||||
accept = :::2019
|
||||
connect = 19
|
||||
cert = /etc/letsencrypt/live/<test_server_url>/fullchain.pem
|
||||
key = /etc/letsencrypt/live/<test_server_url>/privkey.pem
|
||||
|
||||
```
|
||||
|
||||
Get, update and install certificate files by certbot (Provided by Let's Encrypt <https://letsencrypt.org/>).
|
||||
|
||||
- Install lighthttpd server.
|
||||
|
||||
```.sh
|
||||
$ sudo apt-get install lighttpd
|
||||
$ sudo rm -rf /var/www/html/*
|
||||
$ sudo echo "<html><body><h1>Empty</h1>" > /var/www/html/index.html
|
||||
$ sudo echo "</body></html>" >> /var/www/html/index.html
|
||||
$ sudo chown www-data:www-data /var/www/html/index.html
|
||||
$ sudo systemctl restart lighttpd.service
|
||||
```
|
||||
|
||||
- Install and setup certbot.
|
||||
|
||||
```.sh
|
||||
$ sudo apt-get update
|
||||
$ sudo apt-get install software-properties-common
|
||||
$ sudo add-apt-repository ppa:certbot/certbot
|
||||
$ sudo apt-get update
|
||||
$ sudo apt-get install certbot
|
||||
$ sudo certbot certonly
|
||||
$ sudo certbot certonly --webroot -w /var/www/html -d <test_server_url>
|
||||
```
|
||||
|
||||
- Set test server to renew certificate before expiry.
|
||||
|
||||
```.sh
|
||||
$ sudo echo "SHELL=/bin/sh" > /etc/cron.d/certbot
|
||||
$ sudo echo "PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin" > /etc/cron.d/certbot
|
||||
$ sudo echo "0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew" > /etc/cron.d/certbot
|
||||
```
|
||||
|
||||
Where:
|
||||
<test_server_url> is test server url.
|
||||
|
||||
**Testing the connectivity**
|
||||
|
||||
You can connect to the test server with an NMAP tool like this:
|
||||
|
|
@ -1918,4 +1994,4 @@ Subset for driver test
|
|||
|
||||
### For socket layer driver (AT-driven, external IP stack):
|
||||
|
||||
All Socket, UDPSocket, TCPSocket and TLSSocket testcases.
|
||||
All Socket, UDPSocket, TCPSocket and TLSSocket testcases.
|
||||
|
|
|
|||
|
|
@ -0,0 +1,48 @@
|
|||
/*
|
||||
* Copyright (c) 2019, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include "tls_tests.h"
|
||||
|
||||
const char *tls_global::cert = \
|
||||
"-----BEGIN CERTIFICATE-----\n"
|
||||
"MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/\n"
|
||||
"MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT\n"
|
||||
"DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow\n"
|
||||
"SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT\n"
|
||||
"GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC\n"
|
||||
"AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF\n"
|
||||
"q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8\n"
|
||||
"SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0\n"
|
||||
"Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA\n"
|
||||
"a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj\n"
|
||||
"/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T\n"
|
||||
"AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG\n"
|
||||
"CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv\n"
|
||||
"bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k\n"
|
||||
"c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw\n"
|
||||
"VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC\n"
|
||||
"ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz\n"
|
||||
"MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu\n"
|
||||
"Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF\n"
|
||||
"AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo\n"
|
||||
"uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/\n"
|
||||
"wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu\n"
|
||||
"X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG\n"
|
||||
"PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6\n"
|
||||
"KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==\n"
|
||||
"-----END CERTIFICATE-----\n";
|
||||
|
||||
|
|
@ -27,6 +27,7 @@
|
|||
#include "utest.h"
|
||||
#include "utest/utest_stack_trace.h"
|
||||
#include "tls_tests.h"
|
||||
#include "cert.h"
|
||||
|
||||
#ifndef ECHO_SERVER_ADDR
|
||||
#error [NOT_SUPPORTED] Requires parameters for echo server
|
||||
|
|
@ -47,35 +48,6 @@ mbed_stats_socket_t tls_stats[MBED_CONF_NSAPI_SOCKET_STATS_MAX_COUNT];
|
|||
char tls_global::rx_buffer[RX_BUFF_SIZE];
|
||||
char tls_global::tx_buffer[TX_BUFF_SIZE];
|
||||
|
||||
const char *tls_global::cert = \
|
||||
"-----BEGIN CERTIFICATE-----\n"
|
||||
"MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/\n"
|
||||
"MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT\n"
|
||||
"DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow\n"
|
||||
"SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT\n"
|
||||
"GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC\n"
|
||||
"AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF\n"
|
||||
"q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8\n"
|
||||
"SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0\n"
|
||||
"Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA\n"
|
||||
"a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj\n"
|
||||
"/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T\n"
|
||||
"AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG\n"
|
||||
"CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv\n"
|
||||
"bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k\n"
|
||||
"c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw\n"
|
||||
"VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC\n"
|
||||
"ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz\n"
|
||||
"MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu\n"
|
||||
"Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF\n"
|
||||
"AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo\n"
|
||||
"uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/\n"
|
||||
"wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu\n"
|
||||
"X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG\n"
|
||||
"PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6\n"
|
||||
"KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==\n"
|
||||
"-----END CERTIFICATE-----\n";
|
||||
|
||||
void drop_bad_packets(TLSSocket &sock, int orig_timeout)
|
||||
{
|
||||
nsapi_error_t err;
|
||||
|
|
|
|||
Loading…
Reference in New Issue