server: add optional argument to -J disable hrr cookie

2022-08-26 12:27:32 +02:00 · 2022-08-26 12:27:32 +02:00 · 08b89fbef9
commit 08b89fbef9
parent 401cfbd8e4
2 changed files with 22 additions and 6 deletions
--- a/examples/server/server.c
+++ b/examples/server/server.c
@ -936,7 +936,8 @@ static const char* server_usage_msg[][65] = {
        "-Q          Request certificate from client post-handshake\n", /* 49 */
 #endif
 #ifdef WOLFSSL_SEND_HRR_COOKIE
-        "-J          Server sends Cookie Extension containing state\n", /* 50 */
+        "-J [n]      Server sends Cookie Extension containing state (n to "
+        "disable)\n", /* 50 */
 #endif
 #endif /* WOLFSSL_TLS13 */
 #ifdef WOLFSSL_EARLY_DATA
@ -1702,7 +1703,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
    /* Not Used: h, z, W, X */
    while ((ch = mygetopt_long(argc, argv, "?:"
                "abc:defgijk:l:mop:q:rstu;v:wxy"
-                "A:B:C:D:E:FGH:IJKL:MNO:PQR:S:T;UVYZ:"
+                "A:B:C:D:E:FGH:IJ;KL:MNO:PQR:S:T;UVYZ:"
                "01:23:4:567:89"
                "@#", long_options, 0)) != -1) {
        switch (ch) {
@ -2085,6 +2086,8 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
            case 'J' :
            #ifdef WOLFSSL_SEND_HRR_COOKIE
                hrrCookie = 1;
+                if (XSTRCMP(myoptarg, "n") == 0)
+                    hrrCookie = -1;
            #endif
                break;

@ -2959,10 +2962,13 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
 #endif /* !NO_CERTS */

 #ifdef WOLFSSL_SEND_HRR_COOKIE
-        if (hrrCookie && wolfSSL_send_hrr_cookie(ssl, NULL, 0)
+        if (hrrCookie == 1 && wolfSSL_send_hrr_cookie(ssl, NULL, 0)
            != WOLFSSL_SUCCESS) {
            err_sys("unable to set use of cookie with HRR msg");
        }
+        else if (hrrCookie == -1) {
+            wolfSSL_disable_hrr_cookie(ssl);
+        }
 #endif

 #if defined(WOLFSSL_STATIC_MEMORY) && defined(DEBUG_WOLFSSL)
--- a/tests/test-dtls13.conf
+++ b/tests/test-dtls13.conf
@ -129,17 +129,16 @@
 -l TLS13-AES128-GCM-SHA256
 -J

-# server DTLSv1.3
+# server DTLSv1.3 HelloRetryRequest with cookie
 -v 4
 -u
 -l TLS13-AES128-GCM-SHA256
 -J

-# client DTLSv1.3 HelloRetryRequest with cookie
+# client DTLSv1.3
 -v 4
 -u
 -l TLS13-AES128-GCM-SHA256
-J

 # server DTLSv1.3
 -v 4
@ -260,3 +259,14 @@
 -u
 -l TLS13-AES128-GCM-SHA256
 -f
+
+# server DTLSv1.3 no HelloRetryRequest cookie
+-u
+-v 4
+-l TLS_AES_128_GCM_SHA256
+-J n
+
+# client DTLSv1.3 defaults
+-u
+-v 4
+-l TLS_AES_128_GCM_SHA256