X-Git-Url: https://git.openssl.org/?a=blobdiff_plain;f=test%2Fsslapitest.c;h=d87e9f6ba200d51a85e22ff6841ae3c24e11586e;hb=88e3cf0a1024f4afaf8e44553526eb326db102bc;hp=78c378bb669da463bc86df5718a3022b9d751bb5;hpb=80eff008ec8767f844534d28a7c252cd23c08835;p=openssl.git diff --git a/test/sslapitest.c b/test/sslapitest.c index 78c378bb66..d87e9f6ba2 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -5343,7 +5343,9 @@ static int test_ticket_callbacks(int tst) * Test 3: TLSv1.3, pending NewSessionTicket messages * Test 4: TLSv1.3, server continues to read/write after client shutdown, server * sends key update, client reads it - * Test 5: TLSv1.3, server continues to read/write after client shutdown, client + * Test 5: TLSv1.3, server continues to read/write after client shutdown, server + * sends CertificateRequest, client reads and ignores it + * Test 6: TLSv1.3, server continues to read/write after client shutdown, client * doesn't read it */ static int test_shutdown(int tst) @@ -5370,8 +5372,13 @@ static int test_shutdown(int tst) TLS1_VERSION, (tst <= 1) ? TLS1_2_VERSION : TLS1_3_VERSION, - &sctx, &cctx, cert, privkey)) - || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + &sctx, &cctx, cert, privkey))) + goto end; + + if (tst == 5) + SSL_CTX_set_post_handshake_auth(cctx, 1); + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, NULL))) goto end; @@ -5407,13 +5414,21 @@ static int test_shutdown(int tst) */ || !TEST_true(SSL_write(serverssl, msg, sizeof(msg)))) goto end; - if (tst == 4 && - (!TEST_true(SSL_key_update(serverssl, SSL_KEY_UPDATE_REQUESTED)) - || !TEST_true(SSL_write(serverssl, msg, sizeof(msg))))) + if (tst == 4 + && !TEST_true(SSL_key_update(serverssl, + SSL_KEY_UPDATE_REQUESTED))) + goto end; + if (tst == 5) { + SSL_set_verify(serverssl, SSL_VERIFY_PEER, NULL); + if (!TEST_true(SSL_verify_client_post_handshake(serverssl))) + goto end; + } + if ((tst == 4 || tst == 5) + && !TEST_true(SSL_write(serverssl, msg, sizeof(msg)))) goto end; if (!TEST_int_eq(SSL_shutdown(serverssl), 1)) goto end; - if (tst == 4) { + if (tst == 4 || tst == 5) { /* Should still be able to read data from server */ if (!TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes)) @@ -5448,7 +5463,7 @@ static int test_shutdown(int tst) || !TEST_true(SSL_SESSION_is_resumable(sess)) || !TEST_int_eq(SSL_shutdown(serverssl), 1)) goto end; - } else if (tst == 4) { + } else if (tst == 4 || tst == 5) { /* * In this test the client has sent close_notify and it has been * received by the server which has responded with a close_notify. The @@ -5460,7 +5475,7 @@ static int test_shutdown(int tst) goto end; } else { /* - * tst == 5 + * tst == 6 * * The client has sent close_notify and is expecting a close_notify * back, but instead there is application data first. The shutdown @@ -5482,6 +5497,102 @@ static int test_shutdown(int tst) return testresult; } +#if !defined(OPENSSL_NO_TLS1_2) || !defined(OPENSSL_NO_TLS1_3) +static int cert_cb_cnt; + +static int cert_cb(SSL *s, void *arg) +{ + SSL_CTX *ctx = (SSL_CTX *)arg; + + if (cert_cb_cnt == 0) { + /* Suspend the handshake */ + cert_cb_cnt++; + return -1; + } else if (cert_cb_cnt == 1) { + /* + * Update the SSL_CTX, set the certificate and private key and then + * continue the handshake normally. + */ + if (ctx != NULL && !TEST_ptr(SSL_set_SSL_CTX(s, ctx))) + return 0; + + if (!TEST_true(SSL_use_certificate_file(s, cert, SSL_FILETYPE_PEM)) + || !TEST_true(SSL_use_PrivateKey_file(s, privkey, + SSL_FILETYPE_PEM)) + || !TEST_true(SSL_check_private_key(s))) + return 0; + cert_cb_cnt++; + return 1; + } + + /* Abort the handshake */ + return 0; +} + +/* + * Test the certificate callback. + * Test 0: Callback fails + * Test 1: Success - no SSL_set_SSL_CTX() in the callback + * Test 2: Success - SSL_set_SSL_CTX() in the callback + */ +static int test_cert_cb_int(int prot, int tst) +{ + SSL_CTX *cctx = NULL, *sctx = NULL, *snictx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + int testresult = 0, ret; + + if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), + TLS_client_method(), + TLS1_VERSION, + prot, + &sctx, &cctx, NULL, NULL))) + goto end; + + if (tst == 0) + cert_cb_cnt = -1; + else + cert_cb_cnt = 0; + if (tst == 2) + snictx = SSL_CTX_new(TLS_server_method()); + SSL_CTX_set_cert_cb(sctx, cert_cb, snictx); + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL))) + goto end; + + ret = create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE); + if (!TEST_true(tst == 0 ? !ret : ret) + || (tst > 0 && !TEST_int_eq(cert_cb_cnt, 2))) { + goto end; + } + + testresult = 1; + + end: + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + SSL_CTX_free(snictx); + + return testresult; +} +#endif + +static int test_cert_cb(int tst) +{ + int testresult = 1; + +#ifndef OPENSSL_NO_TLS1_2 + testresult &= test_cert_cb_int(TLS1_2_VERSION, tst); +#endif +#ifndef OPENSSL_NO_TLS1_3 + testresult &= test_cert_cb_int(TLS1_3_VERSION, tst); +#endif + + return testresult; +} + int setup_tests(void) { if (!TEST_ptr(cert = test_get_argument(0)) @@ -5583,7 +5694,8 @@ int setup_tests(void) ADD_ALL_TESTS(test_ssl_pending, 2); ADD_ALL_TESTS(test_ssl_get_shared_ciphers, OSSL_NELEM(shared_ciphers_data)); ADD_ALL_TESTS(test_ticket_callbacks, 12); - ADD_ALL_TESTS(test_shutdown, 6); + ADD_ALL_TESTS(test_shutdown, 7); + ADD_ALL_TESTS(test_cert_cb, 3); return 1; }