/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
- * Licensed under the OpenSSL license (the "License"). You may not use
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
#define __STDC_FORMAT_MACROS
#endif
+#include "packeted_bio.h"
#include <openssl/e_os2.h>
#if !defined(OPENSSL_SYS_WINDOWS)
#include <vector>
#include "async_bio.h"
-#include "packeted_bio.h"
#include "test_config.h"
namespace bssl {
return 1;
}
+static int ServerNameCallback(SSL *ssl, int *out_alert, void *arg) {
+ // SNI must be accessible from the SNI callback.
+ const TestConfig *config = GetTestConfig(ssl);
+ const char *server_name = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
+ if (server_name == nullptr ||
+ std::string(server_name) != config->expected_server_name) {
+ fprintf(stderr, "servername mismatch (got %s; want %s)\n", server_name,
+ config->expected_server_name.c_str());
+ return SSL_TLSEXT_ERR_ALERT_FATAL;
+ }
+
+ return SSL_TLSEXT_ERR_OK;
+}
+
// Connect returns a new socket connected to localhost on |port| or -1 on
// error.
static int Connect(uint16_t port) {
!SSL_CTX_set_max_proto_version(ssl_ctx.get(), TLS1_3_VERSION)) {
return nullptr;
}
+#else
+ /* Ensure we don't negotiate TLSv1.3 until we can handle it */
+ if (!config->is_dtls &&
+ !SSL_CTX_set_max_proto_version(ssl_ctx.get(), TLS1_2_VERSION)) {
+ return nullptr;
+ }
#endif
std::string cipher_list = "ALL";
SSL_CTX_set_client_CA_list(ssl_ctx.get(), nullptr);
}
- SSL_CTX_set_session_id_context(ssl_ctx.get(),
- (const unsigned char *)sess_id_ctx,
- sizeof(sess_id_ctx) - 1);
+ if (!SSL_CTX_set_session_id_context(ssl_ctx.get(),
+ (const unsigned char *)sess_id_ctx,
+ sizeof(sess_id_ctx) - 1))
+ return nullptr;
+
+ if (!config->expected_server_name.empty()) {
+ SSL_CTX_set_tlsext_servername_callback(ssl_ctx.get(), ServerNameCallback);
+ }
return ssl_ctx;
}
if (!config->expected_server_name.empty()) {
const char *server_name =
SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
- if (server_name != config->expected_server_name) {
+ if (server_name == nullptr ||
+ std::string(server_name) != config->expected_server_name) {
fprintf(stderr, "servername mismatch (got %s; want %s)\n",
server_name, config->expected_server_name.c_str());
return false;
}
if (config->enable_all_curves) {
static const int kAllCurves[] = {
- NID_X9_62_prime256v1, NID_secp384r1, NID_secp521r1, NID_X25519,
+ NID_X25519, NID_X9_62_prime256v1, NID_X448, NID_secp521r1, NID_secp384r1
};
if (!SSL_set1_curves(ssl.get(), kAllCurves,
OPENSSL_ARRAY_SIZE(kAllCurves))) {
SSL_set_max_cert_list(ssl.get(), config->max_cert_list);
}
+ if (!config->async) {
+ SSL_set_mode(ssl.get(), SSL_MODE_AUTO_RETRY);
+ }
+
int sock = Connect(config->port);
if (sock == -1) {
return false;
}
// Reset the state to assert later that the callback isn't called in
- // renegotations.
+ // renegotiations.
GetTestState(ssl.get())->got_new_session = false;
}