fix for macOS

.github/workflows/ci.yml

@@ -36,8 +36,8 @@ jobs:
       - name: run tests
         run: |
           source ~/.bashrc
-          ./test.sh
-          ./test_server.sh
+          ./test_macos.sh
+          ./test_server_macos.sh
 
   # thanks to https://github.com/docker/build-push-action/issues/225
   create-container:

install_macos.sh

@@ -2,8 +2,7 @@
 
 cd `dirname $0`
 
-brew install openssl
 brew install jq
-echo 'PATH=/usr/local/opt/openssl/bin:$PATH' >> ~/.bashrc
+brew install curl
 
 ./install_zig.sh

install_zig.sh

@@ -4,12 +4,21 @@ set -eux
 
 # Thanks to https://stackoverflow.com/questions/3466166/how-to-check-if-running-in-cygwin-mac-or-linux
 unames=$(uname -s)
+arch=$(uname -m)
 case "$unames" in
-    Linux*)     HOST_ARCH="x86_64-linux";;
-    Darwin*)    HOST_ARCH="x86_64-macos";;
+    Linux*)     OS="linux";;
+    Darwin*)    OS="macos";;
     *)          echo "Unknown HOST_ARCH=$(uname -s)"; exit 1;;
 esac
 
+case "$arch" in
+    x86_64*) ARCH="x86_64";;
+    arm64*)  ARCH="aarch64";;
+    *)       echo "Unknown $arch"; exit 1;;
+esac
+
+HOST_ARCH="$ARCH-$OS"
+
 ZIG_VERSION=0.13.0
 ZIG_VERSIONS=$(curl https://ziglang.org/download/index.json)
 

test.sh

@@ -40,7 +40,7 @@ do
             echo "Testing $GROUP-$SUITE(with cert $CERT_ALGO)."
 
             # Run openssl server
-            openssl s_server -tls1_3 -accept 8443 -cert cert.pem -key key.pem -www -ciphersuites $SUITE -groups $GROUP &
+            openssl s_server -tls1_3 -accept 8443 -cert cert.pem -key key.pem -www -cipher $SUITE -groups $GROUP &
 
             set +e
 

test_macos.sh

@@ -0,0 +1,76 @@
+#!/bin/bash
+
+TEST_CERT_ALGORITHM=(
+    "prime256v1 sha256"
+    "secp384r1 sha384"
+)
+
+TEST_CIPHER_SUITES=(
+    "TLS_AES_128_GCM_SHA256"
+    "TLS_AES_256_GCM_SHA384"
+    "TLS_CHACHA20_POLY1305_SHA256"
+)
+
+TEST_GROUPS=(
+    "X25519"
+    "P-256"
+)
+
+# force to use LibreSSL
+OPENSSL="/usr/bin/openssl"
+
+set -eux
+
+TMP_FIFO="/tmp/tls13-zig"
+rm -rf $TMP_FIFO
+
+mkfifo $TMP_FIFO
+
+cd $(dirname $0)
+
+for CERT_ALGO in "${TEST_CERT_ALGORITHM[@]}"
+do
+
+    # Generate testing certificate
+    set -- $CERT_ALGO
+    $OPENSSL req -x509 -nodes -days 365 -subj '/C=JP/ST=Kyoto/L=Kyoto/CN=localhost' -newkey ec:<(openssl ecparam -name $1) -nodes -$2 -keyout key.pem -out cert.pem
+    $OPENSSL x509 -text -noout -in cert.pem
+
+    for GROUP in "${TEST_GROUPS[@]}"
+    do
+        for SUITE in "${TEST_CIPHER_SUITES[@]}"
+        do
+            echo "Testing $GROUP-$SUITE(with cert $CERT_ALGO)."
+
+            # Run openssl server
+            $OPENSSL s_server -tls1_3 -accept 8443 -cert cert.pem -key key.pem -www -cipher $SUITE -groups $GROUP &
+
+            set +e
+
+            # Let's test!
+            NUM_OF_OK=`zig test src/main_test.zig --test-filter 'e2e with early_data'  2>&1 | grep "HTTP/1.0 200 ok" | wc -l`
+            if [ $? -ne 0 ]; then
+                echo "failed."
+                pkill -SIGKILL openssl
+                exit 1
+            fi
+
+            # LibreSSL does not send New Session Ticket.
+            # The second test must fail
+            if [ $NUM_OF_OK -ne 1 ]; then
+                echo "failed. NUM_OF_OK is not 1."
+                pkill -SIGKILL openssl
+                exit 1
+            fi
+            echo "OK."
+
+            set -e
+
+            pkill -SIGKILL openssl
+
+            sleep 1
+        done
+    done
+done
+
+rm -rf $TMP_FIFO

test_server.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-set -eux
+set -eux -o pipefail
 
 function cleanup() {
     set +e
@@ -14,15 +14,6 @@ cd $(dirname $0)
 
 cd test
 
-# macos uses libressl as an alias for openssl.
-# libressl does not have dh parameter x448.
-unames=$(uname -s)
-case "$unames" in
-    Linux*)     DH_X448="x448:";;
-    Darwin*)    DH_X448="";;
-    *)          echo "Unknown HOST_ARCH=$(uname -s)"; exit 1;;
-esac
-
 # Generate testing certificate
 ./gen_cert.sh
 
@@ -42,63 +33,20 @@ until nc -z localhost 8443; do sleep 1; done
 echo "READY"
 
 curl https://localhost:8443 --tlsv1.3 --insecure | grep tls13-zig
-if [ $? -eq 0 ]; then
-    echo  "OK"
-else
-    echo "FAILED"
-fi
 
 # Testing Hello Retry Request
-echo "GET / " | openssl s_client -groups ${DH_X448}X25519 -servername localhost -connect localhost:8443 -ign_eof | grep tls13-zig
-if [ $? -eq 0 ]; then
-    echo "OK"
-else
-    echo "FAILED"
-fi
-
-echo "GET / " | openssl s_client -groups ${DH_X448}secp256r1 -servername localhost -connect localhost:8443 -ign_eof | grep tls13-zig
-if [ $? -eq 0 ]; then
-    echo "OK"
-else
-    echo "FAILED"
-fi
+echo "GET / " | openssl s_client -groups x448:X25519 -servername localhost -connect localhost:8443 -ign_eof | grep tls13-zig
+echo "GET / " | openssl s_client -groups x448:secp256r1 -servername localhost -connect localhost:8443 -ign_eof | grep tls13-zig
 
 # Testing Resumption
 echo "GET / " | openssl s_client -servername localhost -connect localhost:8443 -ign_eof -sess_out sess.pem | grep tls13-zig
-if [ $? -eq 0 ]; then
-    echo "OK"
-else
-    echo "FAILED"
-fi
-
 echo "GET / " | openssl s_client -servername localhost -connect localhost:8443 -ign_eof -sess_in sess.pem | grep tls13-zig
-if [ $? -eq 0 ]; then
-    echo "OK"
-else
-    echo "FAILED"
-fi
 
 # Testing Resumption with Hello Retry Request
-echo "GET / " | openssl s_client -groups ${DH_X448}X25519 -servername localhost -connect localhost:8443 -ign_eof -sess_out sess.pem | grep tls13-zig
-if [ $? -eq 0 ]; then
-    echo "OK"
-else
-    echo "FAILED"
-fi
-
-echo "GET / " | openssl s_client -groups ${DH_X448}X25519 -servername localhost -connect localhost:8443 -ign_eof -sess_in sess.pem | grep tls13-zig
-if [ $? -eq 0 ]; then
-    echo "OK"
-else
-    echo "FAILED"
-fi
+echo "GET / " | openssl s_client -groups x448:X25519 -servername localhost -connect localhost:8443 -ign_eof -sess_out sess.pem | grep tls13-zig
+echo "GET / " | openssl s_client -groups x448:X25519 -servername localhost -connect localhost:8443 -ign_eof -sess_in sess.pem | grep tls13-zig
 
 # Testing 0-RTT Data
 echo "GET / " > early_data.txt
 RESULT=$(openssl s_client -servername localhost -connect localhost:8443 -ign_eof -sess_in sess.pem -early_data early_data.txt)
 echo $RESULT | grep "Early data was accepted.*tls13-zig" > /dev/null
-if [ $? -eq 0 ]; then
-    echo "OK"
-else
-    echo "FAILED"
-fi

test_server_macos.sh

@@ -0,0 +1,54 @@
+#!/bin/bash
+
+set -eux -o pipefail
+
+# force to use brew's curl
+CURL="/opt/homebrew/opt/curl/bin/curl"
+
+# force to use LibreSSL
+OPENSSL="/usr/bin/openssl"
+
+function cleanup() {
+    set +e
+    kill $ZIG_SERVER_PID
+    echo "exit"
+}
+
+trap cleanup EXIT
+
+cd $(dirname $0)
+
+cd test
+
+# macos uses libressl as an alias for openssl.
+# libressl does not have dh parameter x448.
+unames=$(uname -s)
+case "$unames" in
+    Linux*)     DH_X448="x448:";;
+    Darwin*)    DH_X448="";;
+    *)          echo "Unknown HOST_ARCH=$(uname -s)"; exit 1;;
+esac
+
+# Generate testing certificate
+./gen_cert.sh
+
+cd ../
+
+# Checking memory leak
+until nc -z localhost 8443; do sleep 1; done && curl https://localhost:8443 --insecure &
+zig test src/main_test_server.zig --test-filter 'e2e server'
+echo "Memory leak check passed"
+
+zig run src/main_test_server.zig &
+ZIG_SERVER_PID=$!
+
+# wait for server becoming ready
+until nc -z localhost 8443; do sleep 1; done
+
+echo "READY"
+
+$CURL https://localhost:8443 --tlsv1.3 --insecure | grep tls13-zig
+
+# Testing Resumption
+echo "GET / " | $OPENSSL s_client -servername localhost -connect localhost:8443 -ign_eof -sess_out sess.pem | grep tls13-zig
+echo "GET / " | $OPENSSL s_client -servername localhost -connect localhost:8443 -ign_eof -sess_in sess.pem | grep tls13-zig