tests/multi_net: Update DTLS multi-net test.

projectgus · projectgus · commit 1722c928f1a1 · 2025-06-05T15:33:56.000+10:00
The original version of this test had to exchange a 1 byte UDP packet
before the DTLS handshake. This is no longer needed due to MSG_PEEK
support.

The test also doesn't work with HelloVerify enabled, as the first
connection attempt always fails with an
MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED result. Anticipate this by listening
for the client twice on the server side.

This work was funded through GitHub Sponsors.

Signed-off-by: Angus Gratton &lt;angus@redyak.com.au&gt;
diff --git a/tests/multi_net/tls_dtls_server_client.py b/tests/multi_net/tls_dtls_server_client.py
@@ -34,28 +34,36 @@ def instance0():
 
     multitest.next()
 
-    # Wait for the client to connect.
-    data, client_addr = s.recvfrom(1)
-    print("incoming connection", data)
-
-    # Connect back to the client, so the UDP socket can be used like a stream.
-    s.connect(client_addr)
-
-    # Create the DTLS context and load the certificate.
     ctx = tls.SSLContext(tls.PROTOCOL_DTLS_SERVER)
     ctx.load_cert_chain(cert, key)
 
-    # Wrap the UDP socket in server mode.
-    print("wrap socket")
-    s = ctx.wrap_socket(s, server_side=1)
-
-    # Transfer some data.
-    for _ in range(4):
-        print(s.recv(16))
-        s.send(b"server to client")
-
-    # Close the DTLS and UDP connection.
-    s.close()
+    # Because of "hello verify required", we expect the peer
+    # to connect twice: once to set the cookie, then second time
+    # successfully.
+    #
+    # As this isn't a real server, we hard-code two connection attempts
+    for _ in range(2):
+        print("waiting")
+        # Wait for the client to connect so we know their address
+        _, client_addr = s.recvfrom(1, socket.MSG_PEEK)
+        print("incoming connection")
+        s.connect(client_addr)  # Connect back to the client
+
+        # Wrap the UDP socket in server mode.
+        try:
+            s = ctx.wrap_socket(s, server_side=1)
+        except OSError as e:
+            print(e)
+            continue  # wait for second connection
+
+        # Transfer some data.
+        for i in range(4):
+            print(s.recv(32))
+            s.send(b"server to client " + str(i).encode())
+
+        # Close the DTLS and UDP connection.
+        s.close()
+        break
 
 
 # DTLS client.
@@ -68,9 +76,6 @@ def instance1():
     print("connect")
     s.connect(addr)
 
-    # Send one byte to indicate a connection, and so the server can obtain our address.
-    s.write("X")
-
     # Create a DTLS context and load the certificate.
     ctx = tls.SSLContext(tls.PROTOCOL_DTLS_CLIENT)
     ctx.verify_mode = tls.CERT_REQUIRED
@@ -81,9 +86,9 @@ def instance1():
     s = ctx.wrap_socket(s, server_hostname="micropython.local")
 
     # Transfer some data.
-    for _ in range(4):
-        s.send(b"client to server")
-        print(s.recv(16))
+    for i in range(4):
+        s.send(b"client to server " + str(i).encode())
+        print(s.recv(32))
 
     # Close the DTLS and UDP connection.
     s.close()
diff --git a/tests/multi_net/tls_dtls_server_client.py.exp b/tests/multi_net/tls_dtls_server_client.py.exp
@@ -1,14 +1,17 @@
 --- instance0 ---
-incoming connection b'X'
-wrap socket
-b'client to server'
-b'client to server'
-b'client to server'
-b'client to server'
+waiting
+incoming connection
+(-27264, 'MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED')
+waiting
+incoming connection
+b'client to server 0'
+b'client to server 1'
+b'client to server 2'
+b'client to server 3'
 --- instance1 ---
 connect
 wrap socket
-b'server to client'
-b'server to client'
-b'server to client'
-b'server to client'
+b'server to client 0'
+b'server to client 1'
+b'server to client 2'
+b'server to client 3'
