/testdata/.perfstats.txt
/doc/html
/doc/xml
+.idea
--- /dev/null
+FROM gcc:latest
+WORKDIR /usr/src/unbound
+RUN apt-get update
+# install semantic parser & lexical analyzer
+RUN apt-get install -y bison flex
+# install packages used in tests
+RUN apt-get install -y ldnsutils dnsutils xxd splint doxygen netcat
+# accept short rsa keys, which are used in tests
+RUN sed -i 's/SECLEVEL=2/SECLEVEL=1/g' /usr/lib/ssl/openssl.cnf
+
+CMD ["/bin/bash"]
LINTFLAGS+="-Dsigset_t=long"
# FreeBSD
LINTFLAGS+="-D__uint16_t=uint16_t" "-DEVP_PKEY_ASN1_METHOD=int" "-D_RuneLocale=int" "-D__va_list=va_list" "-D__uint32_t=uint32_t" "-D_Alignof(x)=x" "-D__aligned(x)=" "-D__requires_exclusive(x)=" "-D__requires_unlocked(x)=" "-D__locks_exclusive(x)=" "-D__trylocks_exclusive(x)=" "-D__unlocks(x)=" "-D__locks_shared(x)=" "-D__trylocks_shared(x)="
+# GCC Docker
+LINTFLAGS+=@GCC_DOCKER_LINTFLAGS@
INSTALL=$(SHELL) $(srcdir)/install-sh
PC_CRYPTO_DEPENDENCY
CONFIG_DATE
NETBSD_LINTFLAGS
+GCC_DOCKER_LINTFLAGS
PYUNBOUND_UNINSTALL
PYUNBOUND_INSTALL
PYUNBOUND_TARGET
NETBSD_LINTFLAGS='"-D__RENAME(x)=" -D_NETINET_IN_H_'
fi
+
+if test "`uname -o`" = "GNU/Linux"; then
+ # splint cannot parse modern c99 header files
+ GCC_DOCKER_LINTFLAGS='-syntax'
+fi
CONFIG_DATE=`date +%Y%m%d`
* xxd and nc (optional) - for (malformed) packet transmission.
The optional programs are detected and can be omitted.
+You can also use prepared Dockerfile to run tests inside docker based on latest gcc image:
+* build container: docker build -t unbound-tester .
+* run container: docker run -it --mount type=bind,source="$(pwd)",target=/usr/src/unbound --rm unbound-tester
+* configure environment: ./configure
+* run test: make test
+* run long tests: make longtest
+It is worth to mention that you need to enable [ipv6 in your docker daemon configuration](https://docs.docker.com/config/daemon/ipv6/) because some tests need ipv6 network stack.
+
testdata/ contains the data for tests.
testcode/ contains scripts and c code for the tests.
host[0] = 0;
while(read_ssl_line(ssl, buf, sizeof(buf))) {
if(verb>=2) printf("read: %s\n", buf);
- if(buf[0] == 0)
+ if(buf[0] == 0) {
+ int e = ERR_peek_error();
+ printf("error string: %s\n", ERR_reason_error_string(e));
return 1;
+ }
if(!process_one_header(buf, file, flen, host, hlen, vs))
return 0;
}
(void)SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
#endif
(void)SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3);
- if(!SSL_CTX_use_certificate_chain_file(ctx, cert))
+ if(!SSL_CTX_use_certificate_chain_file(ctx, cert)) {
+ int e = ERR_peek_error();
+ printf("error string: %s\n", ERR_reason_error_string(e));
print_exit("cannot read cert");
+ }
if(!SSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM))
print_exit("cannot read key");
if(!SSL_CTX_check_private_key(ctx))
PRE="../.."
OPT="-i"
-if nc -h 2>&1 | grep -- "-w secs" >/dev/null; then
+if nc -h 2>&1 | grep -E -- "-w (timeout|secs)" >/dev/null; then
OPT="-w"
fi
5504,
5505,
5506,
+5540,
5553,
5554,
5555,
if(want == SSL_ERROR_WANT_READ) {
if(c->ssl_shake_state == comm_ssl_shake_read)
return 1;
+ /* According to https://www.openssl.org/docs/man1.1.1/man3/SSL_do_handshake.html
+ * we should repeat handshake - for non blocking BIO
+ */
+ if(c->ssl_shake_state == comm_ssl_shake_write) {
+ comm_point_listen_for_rw(c, 0, 1);
+ return 1;
+ }
c->ssl_shake_state = comm_ssl_shake_read;
comm_point_listen_for_rw(c, 1, 0);
return 1;
projects / thirdparty / unbound.git / commitdiff
