Add ExpectedClientCANames

[openssl.git] / test / handshake_helper.c

diff --git a/test/handshake_helper.c b/test/handshake_helper.c
index 88f6aec89489cec8c41a4bbfc1ddee6fb828331a..4bccac1d4efd8aa8da424cb1d1ff0feb99fb5ed1 100644 (file)
--- a/test/handshake_helper.c
+++ b/test/handshake_helper.c
@@ -12,6 +12,9 @@
 #include <openssl/bio.h>
 #include <openssl/x509_vfy.h>
 #include <openssl/ssl.h>
+#ifndef OPENSSL_NO_SRP
+#include <openssl/srp.h>
+#endif
 
 #include "handshake_helper.h"
 #include "testutil.h"
@@ -31,6 +34,7 @@ void HANDSHAKE_RESULT_free(HANDSHAKE_RESULT *result)
     OPENSSL_free(result->server_npn_negotiated);
     OPENSSL_free(result->client_alpn_negotiated);
     OPENSSL_free(result->server_alpn_negotiated);
+    sk_X509_NAME_pop_free(result->client_ca_names, X509_NAME_free);
     OPENSSL_free(result);
 }
 
@@ -52,6 +56,8 @@ typedef struct ctx_data_st {
     size_t npn_protocols_len;
     unsigned char *alpn_protocols;
     size_t alpn_protocols_len;
+    char *srp_user;
+    char *srp_password;
 } CTX_DATA;
 
 /* |ctx_data| itself is stack-allocated. */
@@ -61,6 +67,10 @@ static void ctx_data_free_data(CTX_DATA *ctx_data)
     ctx_data->npn_protocols = NULL;
     OPENSSL_free(ctx_data->alpn_protocols);
     ctx_data->alpn_protocols = NULL;
+    OPENSSL_free(ctx_data->srp_user);
+    ctx_data->srp_user = NULL;
+    OPENSSL_free(ctx_data->srp_password);
+    ctx_data->srp_password = NULL;
 }
 
 static int ex_data_idx;
@@ -405,6 +415,28 @@ static int server_alpn_cb(SSL *s, const unsigned char **out,
         : SSL_TLSEXT_ERR_NOACK;
 }
 
+#ifndef OPENSSL_NO_SRP
+static char *client_srp_cb(SSL *s, void *arg)
+{
+    CTX_DATA *ctx_data = (CTX_DATA*)(arg);
+    return OPENSSL_strdup(ctx_data->srp_password);
+}
+
+static int server_srp_cb(SSL *s, int *ad, void *arg)
+{
+    CTX_DATA *ctx_data = (CTX_DATA*)(arg);
+    if (strcmp(ctx_data->srp_user, SSL_get_srp_username(s)) != 0)
+        return SSL3_AL_FATAL;
+    if (SSL_set_srp_server_param_pw(s, ctx_data->srp_user,
+                                    ctx_data->srp_password,
+                                    "2048" /* known group */) < 0) {
+        *ad = SSL_AD_INTERNAL_ERROR;
+        return SSL3_AL_FATAL;
+    }
+    return SSL_ERROR_NONE;
+}
+#endif  /* !OPENSSL_NO_SRP */
+
 /*
  * Configure callbacks and other properties that can't be set directly
  * in the server/client CONF.
@@ -562,6 +594,27 @@ static void configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *server2_ctx,
         break;
     }
 #endif
+#ifndef OPENSSL_NO_SRP
+    if (extra->server.srp_user != NULL) {
+        SSL_CTX_set_srp_username_callback(server_ctx, server_srp_cb);
+        server_ctx_data->srp_user = OPENSSL_strdup(extra->server.srp_user);
+        server_ctx_data->srp_password = OPENSSL_strdup(extra->server.srp_password);
+        SSL_CTX_set_srp_cb_arg(server_ctx, server_ctx_data);
+    }
+    if (extra->server2.srp_user != NULL) {
+        TEST_check(server2_ctx != NULL);
+        SSL_CTX_set_srp_username_callback(server2_ctx, server_srp_cb);
+        server2_ctx_data->srp_user = OPENSSL_strdup(extra->server2.srp_user);
+        server2_ctx_data->srp_password = OPENSSL_strdup(extra->server2.srp_password);
+        SSL_CTX_set_srp_cb_arg(server2_ctx, server2_ctx_data);
+    }
+    if (extra->client.srp_user != NULL) {
+        TEST_check(SSL_CTX_set_srp_username(client_ctx, extra->client.srp_user));
+        SSL_CTX_set_srp_client_pwd_callback(client_ctx, client_srp_cb);
+        client_ctx_data->srp_password = OPENSSL_strdup(extra->client.srp_password);
+        SSL_CTX_set_srp_cb_arg(client_ctx, client_ctx_data);
+    }
+#endif  /* !OPENSSL_NO_SRP */
 }
 
 /* Configure per-SSL callbacks and other properties. */
@@ -1070,6 +1123,7 @@ static HANDSHAKE_RESULT *do_handshake_internal(
     /* API dictates unsigned int rather than size_t. */
     unsigned int proto_len = 0;
     EVP_PKEY *tmp_key;
+    STACK_OF(X509_NAME) *names;
 
     memset(&server_ctx_data, 0, sizeof(server_ctx_data));
     memset(&server2_ctx_data, 0, sizeof(server2_ctx_data));
@@ -1207,6 +1261,9 @@ static HANDSHAKE_RESULT *do_handshake_internal(
         ret->session_ticket = SSL_TEST_SESSION_TICKET_NO;
     else
         ret->session_ticket = SSL_TEST_SESSION_TICKET_YES;
+    ret->compression = (SSL_get_current_compression(client.ssl) == NULL)
+                       ? SSL_TEST_COMPRESSION_NO
+                       : SSL_TEST_COMPRESSION_YES;
     ret->session_ticket_do_not_call = server_ex_data.session_ticket_do_not_call;
 
 #ifndef OPENSSL_NO_NEXTPROTONEG
@@ -1240,6 +1297,12 @@ static HANDSHAKE_RESULT *do_handshake_internal(
     SSL_get_peer_signature_type_nid(client.ssl, &ret->server_sign_type);
     SSL_get_peer_signature_type_nid(server.ssl, &ret->client_sign_type);
 
+    names = SSL_get_client_CA_list(client.ssl);
+    if (names == NULL)
+        ret->client_ca_names = NULL;
+    else
+        ret->client_ca_names = SSL_dup_CA_list(names);
+
     ret->server_cert_type = peer_pkey_type(client.ssl);
     ret->client_cert_type = peer_pkey_type(server.ssl);