* MDF [tls] fix sync error

Signed-off-by: jaylin <[email protected]>
emqx · Jul 29, 2024 · 26708c7 · 26708c7
1 parent 5713155
commit 26708c7
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 39 deletions.
diff --git a/src/supplemental/tls/mbedtls/tls.c b/src/supplemental/tls/mbedtls/tls.c
@@ -485,8 +485,6 @@ config_psk_cb(void *arg, mbedtls_ssl_context *ssl,
 			    ssl, psk->key, psk->keylen));
 		}
 	}
-	nng_log_warn(
-	    "NNG-TLS-PSK-NO-IDENTITY", "TLS client PSK identity not found");
 	return (MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY);
 }
 
@@ -517,8 +515,6 @@ config_psk(nng_tls_engine_config *cfg, const char *identity,
 		         (const unsigned char *) identity,
 		         strlen(identity))) != 0) {
 			psk_free(newpsk);
-			tls_log_err("NNG-TLS-PSK-FAIL",
-			    "Failed to configure PSK identity", rv);
 			return (tls_mk_err(rv));
 		}
 	}

diff --git a/src/supplemental/tls/tls_test.c b/src/supplemental/tls/tls_test.c
@@ -1,5 +1,5 @@
 //
-// Copyright 2020 Staysail Systems, Inc. <[email protected]>
+// Copyright 2024 Staysail Systems, Inc. <[email protected]>
 //
 // This software is supplied under the terms of the MIT License, a
 // copy of which should be located in the distribution where this
@@ -16,6 +16,7 @@ test_tls_config_version(void)
 {
 	nng_tls_config *cfg;
 
+	NUTS_ENABLE_LOG(NNG_LOG_INFO);
 	NUTS_PASS(nng_tls_config_alloc(&cfg, NNG_TLS_MODE_SERVER));
 
 	// Verify that min ver < max ver
@@ -52,8 +53,9 @@ void
 test_tls_conn_refused(void)
 {
 	nng_stream_dialer *dialer;
-	nng_aio *          aio;
+	nng_aio           *aio;
 
+	NUTS_ENABLE_LOG(NNG_LOG_INFO);
 	NUTS_PASS(nng_aio_alloc(&aio, NULL, NULL));
 	nng_aio_set_timeout(aio, 5000); // 5 sec
 
@@ -71,20 +73,21 @@ void
 test_tls_large_message(void)
 {
 	nng_stream_listener *l;
-	nng_stream_dialer *  d;
-	nng_aio *            aio1, *aio2;
-	nng_stream *         s1;
-	nng_stream *         s2;
-	nng_tls_config *     c1;
-	nng_tls_config *     c2;
+	nng_stream_dialer   *d;
+	nng_aio             *aio1, *aio2;
+	nng_stream          *s1;
+	nng_stream          *s2;
+	nng_tls_config      *c1;
+	nng_tls_config      *c2;
 	char                 addr[32];
-	uint8_t *            buf1;
-	uint8_t *            buf2;
+	uint8_t             *buf1;
+	uint8_t             *buf2;
 	size_t               size = 450001;
-	void *               t1;
-	void *               t2;
+	void                *t1;
+	void                *t2;
 	int                  port;
 
+	NUTS_ENABLE_LOG(NNG_LOG_DEBUG);
 	// allocate messages
 	NUTS_ASSERT((buf1 = nng_alloc(size)) != NULL);
 	NUTS_ASSERT((buf2 = nng_alloc(size)) != NULL);
@@ -110,7 +113,7 @@ test_tls_large_message(void)
 	NUTS_TRUE(port > 0);
 	NUTS_TRUE(port < 65536);
 
-	snprintf(addr, sizeof (addr), "tls+tcp://127.0.0.1:%d", port);
+	snprintf(addr, sizeof(addr), "tls+tcp://127.0.0.1:%d", port);
 	NUTS_PASS(nng_stream_dialer_alloc(&d, addr));
 	NUTS_PASS(nng_tls_config_alloc(&c2, NNG_TLS_MODE_CLIENT));
 	NUTS_PASS(nng_tls_config_ca_chain(c2, nuts_server_crt, NULL));
@@ -155,6 +158,8 @@ test_tls_garbled_cert(void)
 	nng_stream_listener *l;
 	nng_tls_config      *c1;
 
+	NUTS_ENABLE_LOG(NNG_LOG_INFO);
+
 	// Allocate the listener first.  We use a wild-card port.
 	NUTS_PASS(nng_stream_listener_alloc(&l, "tls+tcp://127.0.0.1:0"));
 	NUTS_PASS(nng_tls_config_alloc(&c1, NNG_TLS_MODE_SERVER));
@@ -185,6 +190,7 @@ test_tls_psk(void)
 	void                *t2;
 	int                  port;
 
+	NUTS_ENABLE_LOG(NNG_LOG_DEBUG);
 	// allocate messages
 	NUTS_ASSERT((buf1 = nng_alloc(size)) != NULL);
 	NUTS_ASSERT((buf2 = nng_alloc(size)) != NULL);
@@ -270,6 +276,7 @@ test_tls_psk_server_identities(void)
 	char                *identity = "test_identity";
 	uint8_t              key[32];
 
+	NUTS_ENABLE_LOG(NNG_LOG_INFO);
 	// allocate messages
 	NUTS_ASSERT((buf1 = nng_alloc(size)) != NULL);
 	NUTS_ASSERT((buf2 = nng_alloc(size)) != NULL);
@@ -358,6 +365,7 @@ test_tls_psk_bad_identity(void)
 	int                  port;
 	uint8_t              key[32];
 
+	NUTS_ENABLE_LOG(NNG_LOG_INFO);
 	// allocate messages
 	NUTS_ASSERT((buf1 = nng_alloc(size)) != NULL);
 	NUTS_ASSERT((buf2 = nng_alloc(size)) != NULL);
@@ -430,6 +438,8 @@ test_tls_psk_key_too_big(void)
 	nng_tls_config *c1;
 	uint8_t         key[5000];
 
+	NUTS_ENABLE_LOG(NNG_LOG_INFO);
+
 	// Allocate the listener first.  We use a wild-card port.
 	NUTS_PASS(nng_tls_config_alloc(&c1, NNG_TLS_MODE_CLIENT));
 	NUTS_FAIL(
@@ -447,6 +457,8 @@ test_tls_psk_config_busy(void)
 
 	nng_aio_alloc(&aio, NULL, NULL);
 
+	NUTS_ENABLE_LOG(NNG_LOG_INFO);
+
 	NUTS_PASS(nng_stream_listener_alloc(&l, "tls+tcp://127.0.0.1:0"));
 	NUTS_PASS(nng_tls_config_alloc(&c1, NNG_TLS_MODE_SERVER));
 	NUTS_PASS(nng_tls_config_psk(c1, "identity", key, sizeof(key)));
@@ -465,12 +477,7 @@ TEST_LIST = {
 	{ "tls config version", test_tls_config_version },
 	{ "tls conn refused", test_tls_conn_refused },
 	{ "tls large message", test_tls_large_message },
-<<<<<<< HEAD
-<<<<<<< HEAD
-=======
-=======
 #ifndef NNG_TLS_ENGINE_WOLFSSL // wolfSSL doesn't validate certas until use
->>>>>>> d89d679d6 (TLS: make some tests conditional.)
 	{ "tls garbled cert", test_tls_garbled_cert },
 #endif
 #ifdef NNG_SUPP_TLS_PSK
@@ -479,10 +486,6 @@ TEST_LIST = {
 	{ "tls psk bad identity", test_tls_psk_bad_identity },
 	{ "tls psk key too big", test_tls_psk_key_too_big },
 	{ "tls psk key config busy", test_tls_psk_config_busy },
-<<<<<<< HEAD
->>>>>>> 0aeed90d9 (fixes #1846 Add support for TLS PSK)
-=======
 #endif
->>>>>>> d89d679d6 (TLS: make some tests conditional.)
 	{ NULL, NULL },
-};
+};
diff --git a/src/supplemental/tls/wolfssl/wolfssl.c b/src/supplemental/tls/wolfssl/wolfssl.c
@@ -101,7 +101,7 @@ tls_log_err(const char *msgid, const char *context, int errnum)
 {
 	char errbuf[256];
 	wolfSSL_ERR_error_string(errnum, errbuf);
-	nng_log_err(msgid, "%s: %s", context, errbuf);
+	// nng_log_err(msgid, "%s: %s", context, errbuf);
 }
 
 static int
@@ -384,14 +384,14 @@ psk_client_cb(WOLFSSL *ssl, const char *hint, char *identity,
 		strncpy(identity, psk->identity, id_max_len);
 		if (max_len < psk->keylen) {
 			// key overrun
-			nng_log_warn(
-			    "NNG-TLS-PSK-LEN", "Preshared key too long");
+			// nng_log_warn(
+			//     "NNG-TLS-PSK-LEN", "Preshared key too long");
 			return (0);
 		}
 		memcpy(key, psk->key, psk->keylen);
 		return (psk->keylen);
 	}
-	nng_log_warn("NNG-TLS-PSK-MISSING", "Preshared key missing");
+	// nng_log_warn("NNG-TLS-PSK-MISSING", "Preshared key missing");
 	return (0);
 }
 
@@ -412,18 +412,18 @@ psk_server_cb(
 		if (strcmp(psk->identity, identity) == 0) {
 			if (max_len < psk->keylen) {
 				// key overrun
-				nng_log_warn("NNG-TLS-PSK-LEN",
-				    "Preshared key too long");
+				// nng_log_warn("NNG-TLS-PSK-LEN",
+				//     "Preshared key too long");
 				return (0);
 			}
-			nng_log_info("NNG-TLS-PSK-IDENTITY",
-			    "TLS client using PSK identity %s", psk->identity);
+			// nng_log_info("NNG-TLS-PSK-IDENTITY",
+			//     "TLS client using PSK identity %s", psk->identity);
 			memcpy(key, psk->key, psk->keylen);
 			return (psk->keylen);
 		}
 	}
-	nng_log_warn(
-	    "NNG-TLS-PSK-NO-IDENTITY", "TLS client PSK identity not found");
+	// nng_log_warn(
+	//     "NNG-TLS-PSK-NO-IDENTITY", "TLS client PSK identity not found");
 	return (0);
 }
 #endif
@@ -443,8 +443,8 @@ wolf_config_psk(nng_tls_engine_config *cfg, const char *identity,
 	if (key_len > 64) {
 		// not exactly sure where the wolfSSL limits are, but this is
 		// enough for 512 bits of data.
-		nng_log_warn(
-		    "NNG-TLS-PSK-TOO-BIG", "PSK key length too large");
+		// nng_log_warn(
+		//     "NNG-TLS-PSK-TOO-BIG", "PSK key length too large");
 		return (NNG_ECRYPTO);
 	}
 	if (((psk = NNI_ALLOC_STRUCT(psk)) == NULL) ||