gnutls-cli: Add option to wait longer for resumption data
This adds the command line option --waitresumption to gnutls-cli to make the client to wait longer for the resumption data under TLS1.3. When the option is provided, the client will use a timeout increased by 5 seconds when waiting for the resumption data. If no ticket is received, then the execution continues as if the ticket was not sent by the server.
This is useful to force the client to wait for the resumption data when the server takes long to send the ticket, allowing the session resumption to be tested. This is a common scenario in CI systems where the testing machines have limited resources.
The changes were tested locally using https://github.com/tomato42/tlslite-ng server with the following patch applied to make the server to delay sending the resumption data:
diff --git a/tlslite/tlsconnection.py b/tlslite/tlsconnection.py
index 5c8dcc5..30cbd34 100644
--- a/tlslite/tlsconnection.py
+++ b/tlslite/tlsconnection.py
@@ -2452,6 +2452,9 @@ class TLSConnection(TLSRecordLayer):
encrypted_ticket = cipher.seal(iv, ticket.write(), b'')
+ # delay sending the ticket for a while
+ time.sleep(1)
+
# encapsulate the ticket and send to client
new_ticket = NewSessionTicket()
new_ticket.create(settings.ticketLifetime,Checklist
-
Commits have Signed-off-by:with name/author being identical to the commit author -
Code modified for feature -
Test suite updated with functionality tests -
Test suite updated with negative tests -
Documentation updated / NEWS entry present (for non-trivial changes) -
CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)
Reviewer's checklist:
-
Any issues marked for closing are addressed -
There is a test suite reasonably covering new functionality or modifications -
Function naming, parameters, return values, types, etc., are consistent and according to CONTRIBUTION.md -
This feature/change has adequate documentation added -
No obvious mistakes in the code