-
Notifications
You must be signed in to change notification settings - Fork 26
add unit test for a client which crash during an handshake #60
Conversation
Hey @sbernard31, couldn't you have brought this up last week, i.e. before we released 1.0.0? ;-) My thoughts:
If not, this seems to be a regression we introduced with the improved session resumption behavior :-(
|
bad timing I say that to myself when I see your mail this morning. :p
Connection connection = connectionStore.get(peerAddress);
if (connection != null && connection.getOngoingHandshake() != null) {
// we are already in an ongoing handshake
// simply delegate the processing of the record to the handshaker
flight = connection.getOngoingHandshake().processMessage(record);
} else { ....
|
we found those issues testing eclipse-wakaama/wakaama#61 Also for restarting an handshake with a new credential type, it's something unusual but we can have real life while migrating device from one security mode to another one: we can be suffering reboot and rollback (for example our devices have automatic upgrade rollback if something wrong happen like multiple reboot or user app freaking out which can happen easly..). |
the commit above fix the 1) issue. |
you are right, I remember that I stumbled about this code section several weeks ago, wondering whether this is the right way to handle an incoming Handshake message. I was playing around with it for a while but couldn't get it right at the time being :-( If only I had been a little more persistent ... |
On second thought, the 2) issue is maybe not a real one. Because if some body is able to do IP spoofing during handshake, it will be able to abort the current handshake with something else than a CLIENT_HELLO. So this is not so important. |
Ok I propose a fix for this one. I use the random field of CLIENT_HELLO to know if this is retransmission or a new one. (This should fix 2 and 3) |
I have re-factored the code so that all test cases now succeed (incl. the one added by @sbernard31) to verify that a client start over with a new handshake after crashing ... Let me split up the changes into multiple commits in order to make them easier to swallow and create another pull request for you to review, ok? @sbernard31: since this has now become a noteworthy issue/fix, would you mind opening a bugzilla issue for it as well which I can refer to in the commit messages of the PR? |
The bugzilla issue is opened : https://bugs.eclipse.org/bugs/show_bug.cgi?id=483371 |
Thanks, Simon :-) |
I have created PR #61 containing Simon's unit test and the fix. Please review and test if this works for you ... |
This has been merged as part of #61 |
We have some issue with the last version of scandium when we try to start a fresh new handshake while the first one is still ongoing. (This could happen if the device crash during the handshake then restart a new handshake on the same IP)
In this case, the client will not be able to rehandshake as long as the session in stored.
I just create the test case corresponding to the issue, this will allow to start discussion.
This is the current exchange :
There is several issue :
pskStore
NPE.CLIENT_HELLO
with no cookie is handle by the handshaker, this expose us to IP spoofing attack during handshake.CLIENT_HELLO
, so we are unable to start a fresh new handshake.Possible solution :
pskStore
is null or always create an empty pskStore.(Do not merger this one, while we don't provide fix for this issue)