GH-837: Add test cases for mismatched Broker SSL configs

zeek · Jul 17, 2020 · 85fbdaf · 85fbdaf
1 parent c84a51a
commit 85fbdaf
Show file tree

Hide file tree

Showing 4 changed files with 74 additions and 1 deletion.
diff --git a/auxil/broker b/auxil/broker
diff --git a/testing/btest/Baseline/broker.ssl-mismatch/bad_connect.broker.error b/testing/btest/Baseline/broker.ssl-mismatch/bad_connect.broker.error
@@ -0,0 +1 @@
+Broker::PEER_UNAVAILABLE
diff --git a/testing/btest/Baseline/broker.ssl-mismatch/bad_connect_rev.broker.error b/testing/btest/Baseline/broker.ssl-mismatch/bad_connect_rev.broker.error
@@ -0,0 +1 @@
+Broker::PEER_UNAVAILABLE
diff --git a/testing/btest/broker/ssl-mismatch.zeek b/testing/btest/broker/ssl-mismatch.zeek
@@ -0,0 +1,71 @@
+# @TEST-PORT: BROKER_PORT
+#
+# @TEST-EXEC: btest-bg-run listen "zeek -b %INPUT connect=F Broker::disable_ssl=T"
+#
+# @TEST-EXEC: btest-bg-run good_connect "zeek -b %INPUT connect=T Broker::disable_ssl=T"
+# @TEST-EXEC: $SCRIPTS/wait-for-file good_connect/listen_ready 20 || (btest-bg-wait -k 1 && false)
+#
+# @TEST-EXEC: btest-bg-run bad_connect "zeek -b %INPUT connect=T Broker::disable_ssl=F"
+# @TEST-EXEC: $SCRIPTS/wait-for-file bad_connect/done 20 || (btest-bg-wait -k 1 && false)
+#
+# @TEST-EXEC: btest-bg-run last_connect "zeek -b %INPUT connect=T Broker::disable_ssl=T"
+#
+# @TEST-EXEC: btest-bg-wait 30
+# @TEST-EXEC: btest-diff bad_connect/broker.error
+#
+# And again, now reversing the SSL mismatch between client/server...
+#
+# @TEST-EXEC: btest-bg-run listen_rev "zeek -b %INPUT connect=F Broker::disable_ssl=F"
+#
+# @TEST-EXEC: btest-bg-run good_connect_rev "zeek -b %INPUT connect=T Broker::disable_ssl=F"
+# @TEST-EXEC: $SCRIPTS/wait-for-file good_connect_rev/listen_ready 20 || (btest-bg-wait -k 1 && false)
+#
+# @TEST-EXEC: btest-bg-run bad_connect_rev "zeek -b %INPUT connect=T Broker::disable_ssl=T"
+# @TEST-EXEC: $SCRIPTS/wait-for-file bad_connect_rev/done 20 || (btest-bg-wait -k 1 && false)
+#
+# @TEST-EXEC: btest-bg-run last_connect_rev "zeek -b %INPUT connect=T Broker::disable_ssl=F"
+#
+# @TEST-EXEC: btest-bg-wait 30
+# @TEST-EXEC: btest-diff bad_connect_rev/broker.error
+
+option connect = T;
+global num_connections = 0;
+
+event zeek_init()
+	{
+	if ( connect )
+		Broker::peer("127.0.0.1", to_port(getenv("BROKER_PORT")));
+	else
+		Broker::listen("127.0.0.1", to_port(getenv("BROKER_PORT")));
+	}
+
+event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string)
+	{
+	print "peer added";
+	++num_connections;
+
+	if ( connect )
+		{
+		system("touch listen_ready");
+		terminate();
+		}
+	else if ( num_connections == 2 )
+		terminate();
+	}
+
+event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
+	{
+	print "peer lost";
+	}
+
+event Broker::error(code: Broker::ErrorCode, msg: string) &priority=-10
+	{
+	if ( connect )
+		{
+		local f = open("broker.error");
+		print f, code;
+		close(f);
+		system("touch done");
+		terminate();
+		}
+	}