+ return SSL_SESSION_set1_ticket_appdata(SSL_get_session(s), appdata,
+ strlen(appdata));
+}
+
+static SSL_TICKET_RETURN dec_tick_cb(SSL *s, SSL_SESSION *ss,
+ const unsigned char *keyname,
+ size_t keyname_length,
+ SSL_TICKET_STATUS status,
+ void *arg)
+{
+ void *tickdata;
+ size_t tickdlen;
+
+ dec_tick_called = 1;
+
+ if (status == SSL_TICKET_EMPTY)
+ return SSL_TICKET_RETURN_IGNORE_RENEW;
+
+ if (!TEST_true(status == SSL_TICKET_SUCCESS
+ || status == SSL_TICKET_SUCCESS_RENEW))
+ return SSL_TICKET_RETURN_ABORT;
+
+ if (!TEST_true(SSL_SESSION_get0_ticket_appdata(ss, &tickdata,
+ &tickdlen))
+ || !TEST_size_t_eq(tickdlen, strlen(appdata))
+ || !TEST_int_eq(memcmp(tickdata, appdata, tickdlen), 0))
+ return SSL_TICKET_RETURN_ABORT;
+
+ if (tick_key_cb_called) {
+ /* Don't change what the ticket key callback wanted to do */
+ switch (status) {
+ case SSL_TICKET_NO_DECRYPT:
+ return SSL_TICKET_RETURN_IGNORE_RENEW;
+
+ case SSL_TICKET_SUCCESS:
+ return SSL_TICKET_RETURN_USE;
+
+ case SSL_TICKET_SUCCESS_RENEW:
+ return SSL_TICKET_RETURN_USE_RENEW;
+
+ default:
+ return SSL_TICKET_RETURN_ABORT;
+ }
+ }
+ return tick_dec_ret;
+
+}
+
+static int tick_key_cb(SSL *s, unsigned char key_name[16],
+ unsigned char iv[EVP_MAX_IV_LENGTH], EVP_CIPHER_CTX *ctx,
+ HMAC_CTX *hctx, int enc)
+{
+ const unsigned char tick_aes_key[16] = "0123456789abcdef";
+ const unsigned char tick_hmac_key[16] = "0123456789abcdef";
+
+ tick_key_cb_called = 1;
+ memset(iv, 0, AES_BLOCK_SIZE);
+ memset(key_name, 0, 16);
+ if (!EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, tick_aes_key, iv, enc)
+ || !HMAC_Init_ex(hctx, tick_hmac_key, sizeof(tick_hmac_key),
+ EVP_sha256(), NULL))
+ return -1;
+
+ return tick_key_renew ? 2 : 1;
+}
+
+/*
+ * Test the various ticket callbacks
+ * Test 0: TLSv1.2, no ticket key callback, no ticket, no renewal
+ * Test 1: TLSv1.3, no ticket key callback, no ticket, no renewal
+ * Test 2: TLSv1.2, no ticket key callback, no ticket, renewal
+ * Test 3: TLSv1.3, no ticket key callback, no ticket, renewal
+ * Test 4: TLSv1.2, no ticket key callback, ticket, no renewal
+ * Test 5: TLSv1.3, no ticket key callback, ticket, no renewal
+ * Test 6: TLSv1.2, no ticket key callback, ticket, renewal
+ * Test 7: TLSv1.3, no ticket key callback, ticket, renewal
+ * Test 8: TLSv1.2, ticket key callback, ticket, no renewal
+ * Test 9: TLSv1.3, ticket key callback, ticket, no renewal
+ * Test 10: TLSv1.2, ticket key callback, ticket, renewal
+ * Test 11: TLSv1.3, ticket key callback, ticket, renewal
+ */
+static int test_ticket_callbacks(int tst)
+{
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ SSL_SESSION *clntsess = NULL;
+ int testresult = 0;
+
+#ifdef OPENSSL_NO_TLS1_2
+ if (tst % 2 == 0)
+ return 1;
+#endif
+#ifdef OPENSSL_NO_TLS1_3
+ if (tst % 2 == 1)
+ return 1;
+#endif
+
+ gen_tick_called = dec_tick_called = tick_key_cb_called = 0;
+
+ /* Which tests the ticket key callback should request renewal for */
+ if (tst == 10 || tst == 11)
+ tick_key_renew = 1;
+ else
+ tick_key_renew = 0;
+
+ /* Which tests the decrypt ticket callback should request renewal for */
+ switch (tst) {
+ case 0:
+ case 1:
+ tick_dec_ret = SSL_TICKET_RETURN_IGNORE;
+ break;
+
+ case 2:
+ case 3:
+ tick_dec_ret = SSL_TICKET_RETURN_IGNORE_RENEW;
+ break;
+
+ case 4:
+ case 5:
+ tick_dec_ret = SSL_TICKET_RETURN_USE;
+ break;
+
+ case 6:
+ case 7:
+ tick_dec_ret = SSL_TICKET_RETURN_USE_RENEW;
+ break;
+
+ default:
+ tick_dec_ret = SSL_TICKET_RETURN_ABORT;
+ }
+
+ if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
+ TLS_client_method(),
+ TLS1_VERSION,
+ ((tst % 2) == 0) ? TLS1_2_VERSION
+ : TLS1_3_VERSION,
+ &sctx, &cctx, cert, privkey)))
+ goto end;
+
+ /*
+ * We only want sessions to resume from tickets - not the session cache. So
+ * switch the cache off.
+ */
+ if (!TEST_true(SSL_CTX_set_session_cache_mode(sctx, SSL_SESS_CACHE_OFF)))
+ goto end;
+
+ if (!TEST_true(SSL_CTX_set_session_ticket_cb(sctx, gen_tick_cb, dec_tick_cb,
+ NULL)))
+ goto end;
+
+ if (tst >= 8
+ && !TEST_true(SSL_CTX_set_tlsext_ticket_key_cb(sctx, tick_key_cb)))
+ goto end;
+
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+ NULL, NULL))
+ || !TEST_true(create_ssl_connection(serverssl, clientssl,
+ SSL_ERROR_NONE)))
+ goto end;
+
+ /*
+ * The decrypt ticket key callback in TLSv1.2 should be called even though
+ * we have no ticket yet, because it gets called with a status of
+ * SSL_TICKET_EMPTY (the client indicates support for tickets but does not
+ * actually send any ticket data). This does not happen in TLSv1.3 because
+ * it is not valid to send empty ticket data in TLSv1.3.
+ */
+ if (!TEST_int_eq(gen_tick_called, 1)
+ || !TEST_int_eq(dec_tick_called, ((tst % 2) == 0) ? 1 : 0))
+ goto end;
+
+ gen_tick_called = dec_tick_called = 0;
+
+ clntsess = SSL_get1_session(clientssl);
+ SSL_shutdown(clientssl);
+ SSL_shutdown(serverssl);
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ serverssl = clientssl = NULL;
+
+ /* Now do a resumption */
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL,
+ NULL))
+ || !TEST_true(SSL_set_session(clientssl, clntsess))
+ || !TEST_true(create_ssl_connection(serverssl, clientssl,
+ SSL_ERROR_NONE)))
+ goto end;
+
+ if (tick_dec_ret == SSL_TICKET_RETURN_IGNORE
+ || tick_dec_ret == SSL_TICKET_RETURN_IGNORE_RENEW) {
+ if (!TEST_false(SSL_session_reused(clientssl)))
+ goto end;
+ } else {
+ if (!TEST_true(SSL_session_reused(clientssl)))
+ goto end;
+ }
+
+ if (!TEST_int_eq(gen_tick_called,
+ (tick_key_renew
+ || tick_dec_ret == SSL_TICKET_RETURN_IGNORE_RENEW
+ || tick_dec_ret == SSL_TICKET_RETURN_USE_RENEW)
+ ? 1 : 0)
+ || !TEST_int_eq(dec_tick_called, 1))
+ goto end;
+
+ testresult = 1;
+
+ end:
+ SSL_SESSION_free(clntsess);
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+
+ return testresult;
+}
+
+/*
+ * Test bi-directional shutdown.
+ * Test 0: TLSv1.2
+ * Test 1: TLSv1.2, server continues to read/write after client shutdown
+ * Test 2: TLSv1.3, no pending NewSessionTicket messages
+ * Test 3: TLSv1.3, pending NewSessionTicket messages
+ * Test 4: TLSv1.3, server continues to read/write after client shutdown, server
+ * sends key update, client reads it
+ * Test 5: TLSv1.3, server continues to read/write after client shutdown, server
+ * sends CertificateRequest, client reads and ignores it
+ * Test 6: TLSv1.3, server continues to read/write after client shutdown, client
+ * doesn't read it
+ */
+static int test_shutdown(int tst)
+{
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ int testresult = 0;
+ char msg[] = "A test message";
+ char buf[80];
+ size_t written, readbytes;
+ SSL_SESSION *sess;
+
+#ifdef OPENSSL_NO_TLS1_2
+ if (tst <= 1)
+ return 1;
+#endif
+#ifdef OPENSSL_NO_TLS1_3
+ if (tst >= 2)
+ return 1;
+#endif
+
+ if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
+ TLS_client_method(),
+ TLS1_VERSION,
+ (tst <= 1) ? TLS1_2_VERSION
+ : TLS1_3_VERSION,
+ &sctx, &cctx, cert, privkey)))
+ goto end;
+
+ if (tst == 5)
+ SSL_CTX_set_post_handshake_auth(cctx, 1);
+
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+ NULL, NULL)))
+ goto end;
+
+ if (tst == 3) {
+ if (!TEST_true(create_bare_ssl_connection(serverssl, clientssl,
+ SSL_ERROR_NONE, 1))
+ || !TEST_ptr_ne(sess = SSL_get_session(clientssl), NULL)
+ || !TEST_false(SSL_SESSION_is_resumable(sess)))
+ goto end;
+ } else if (!TEST_true(create_ssl_connection(serverssl, clientssl,
+ SSL_ERROR_NONE))
+ || !TEST_ptr_ne(sess = SSL_get_session(clientssl), NULL)
+ || !TEST_true(SSL_SESSION_is_resumable(sess))) {
+ goto end;
+ }
+
+ if (!TEST_int_eq(SSL_shutdown(clientssl), 0))
+ goto end;
+
+ if (tst >= 4) {
+ /*
+ * Reading on the server after the client has sent close_notify should
+ * fail and provide SSL_ERROR_ZERO_RETURN
+ */
+ if (!TEST_false(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
+ || !TEST_int_eq(SSL_get_error(serverssl, 0),
+ SSL_ERROR_ZERO_RETURN)
+ || !TEST_int_eq(SSL_get_shutdown(serverssl),
+ SSL_RECEIVED_SHUTDOWN)
+ /*
+ * Even though we're shutdown on receive we should still be
+ * able to write.
+ */
+ || !TEST_true(SSL_write(serverssl, msg, sizeof(msg))))
+ goto end;
+ if (tst == 4
+ && !TEST_true(SSL_key_update(serverssl,
+ SSL_KEY_UPDATE_REQUESTED)))
+ goto end;
+ if (tst == 5) {
+ SSL_set_verify(serverssl, SSL_VERIFY_PEER, NULL);
+ if (!TEST_true(SSL_verify_client_post_handshake(serverssl)))
+ goto end;
+ }
+ if ((tst == 4 || tst == 5)
+ && !TEST_true(SSL_write(serverssl, msg, sizeof(msg))))
+ goto end;
+ if (!TEST_int_eq(SSL_shutdown(serverssl), 1))
+ goto end;
+ if (tst == 4 || tst == 5) {
+ /* Should still be able to read data from server */
+ if (!TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf),
+ &readbytes))
+ || !TEST_size_t_eq(readbytes, sizeof(msg))
+ || !TEST_int_eq(memcmp(msg, buf, readbytes), 0)
+ || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf),
+ &readbytes))
+ || !TEST_size_t_eq(readbytes, sizeof(msg))
+ || !TEST_int_eq(memcmp(msg, buf, readbytes), 0))
+ goto end;
+ }
+ }
+
+ /* Writing on the client after sending close_notify shouldn't be possible */
+ if (!TEST_false(SSL_write_ex(clientssl, msg, sizeof(msg), &written)))
+ goto end;
+
+ if (tst < 4) {
+ /*
+ * For these tests the client has sent close_notify but it has not yet
+ * been received by the server. The server has not sent close_notify
+ * yet.
+ */
+ if (!TEST_int_eq(SSL_shutdown(serverssl), 0)
+ /*
+ * Writing on the server after sending close_notify shouldn't
+ * be possible.
+ */
+ || !TEST_false(SSL_write_ex(serverssl, msg, sizeof(msg), &written))
+ || !TEST_int_eq(SSL_shutdown(clientssl), 1)
+ || !TEST_ptr_ne(sess = SSL_get_session(clientssl), NULL)
+ || !TEST_true(SSL_SESSION_is_resumable(sess))
+ || !TEST_int_eq(SSL_shutdown(serverssl), 1))
+ goto end;
+ } else if (tst == 4 || tst == 5) {
+ /*
+ * In this test the client has sent close_notify and it has been
+ * received by the server which has responded with a close_notify. The
+ * client needs to read the close_notify sent by the server.
+ */
+ if (!TEST_int_eq(SSL_shutdown(clientssl), 1)
+ || !TEST_ptr_ne(sess = SSL_get_session(clientssl), NULL)
+ || !TEST_true(SSL_SESSION_is_resumable(sess)))
+ goto end;
+ } else {
+ /*
+ * tst == 6
+ *
+ * The client has sent close_notify and is expecting a close_notify
+ * back, but instead there is application data first. The shutdown
+ * should fail with a fatal error.
+ */
+ if (!TEST_int_eq(SSL_shutdown(clientssl), -1)
+ || !TEST_int_eq(SSL_get_error(clientssl, -1), SSL_ERROR_SSL))
+ goto end;
+ }
+
+ testresult = 1;
+
+ end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+
+ return testresult;
+}
+
+#if !defined(OPENSSL_NO_TLS1_2) || !defined(OPENSSL_NO_TLS1_3)
+static int cert_cb_cnt;
+
+static int cert_cb(SSL *s, void *arg)
+{
+ SSL_CTX *ctx = (SSL_CTX *)arg;
+ BIO *in = NULL;
+ EVP_PKEY *pkey = NULL;
+ X509 *x509 = NULL;
+
+ if (cert_cb_cnt == 0) {
+ /* Suspend the handshake */
+ cert_cb_cnt++;
+ return -1;
+ } else if (cert_cb_cnt == 1) {
+ /*
+ * Update the SSL_CTX, set the certificate and private key and then
+ * continue the handshake normally.
+ */
+ if (ctx != NULL && !TEST_ptr(SSL_set_SSL_CTX(s, ctx)))
+ return 0;
+
+ if (!TEST_true(SSL_use_certificate_file(s, cert, SSL_FILETYPE_PEM))
+ || !TEST_true(SSL_use_PrivateKey_file(s, privkey,
+ SSL_FILETYPE_PEM))
+ || !TEST_true(SSL_check_private_key(s)))
+ return 0;
+ cert_cb_cnt++;
+ return 1;
+ } else if (cert_cb_cnt == 3) {
+ int rv;
+ if (!TEST_ptr(in = BIO_new(BIO_s_file()))
+ || !TEST_int_ge(BIO_read_filename(in, cert), 0)
+ || !TEST_ptr(x509 = PEM_read_bio_X509(in, NULL, NULL, NULL)))
+ goto out;
+ BIO_free(in);
+ if (!TEST_ptr(in = BIO_new(BIO_s_file()))
+ || !TEST_int_ge(BIO_read_filename(in, privkey), 0)
+ || !TEST_ptr(pkey = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL)))
+ goto out;
+ rv = SSL_check_chain(s, x509, pkey, NULL);
+ /*
+ * If the cert doesn't show as valid here (e.g., because we don't
+ * have any shared sigalgs), then we will not set it, and there will
+ * be no certificate at all on the SSL or SSL_CTX. This, in turn,
+ * will cause tls_choose_sigalgs() to fail the connection.
+ */
+ if ((rv & CERT_PKEY_VALID)) {
+ if (!SSL_use_cert_and_key(s, x509, pkey, NULL, 1))
+ goto out;
+ }
+ BIO_free(in);
+ EVP_PKEY_free(pkey);
+ X509_free(x509);
+ return 1;
+ }
+
+ /* Abort the handshake */
+ out:
+ BIO_free(in);
+ EVP_PKEY_free(pkey);
+ X509_free(x509);
+ return 0;
+}
+
+/*
+ * Test the certificate callback.
+ * Test 0: Callback fails
+ * Test 1: Success - no SSL_set_SSL_CTX() in the callback
+ * Test 2: Success - SSL_set_SSL_CTX() in the callback
+ */
+static int test_cert_cb_int(int prot, int tst)
+{
+ SSL_CTX *cctx = NULL, *sctx = NULL, *snictx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ int testresult = 0, ret;
+
+ if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
+ TLS_client_method(),
+ TLS1_VERSION,
+ prot,
+ &sctx, &cctx, NULL, NULL)))
+ goto end;
+
+ if (tst == 0)
+ cert_cb_cnt = -1;
+ else if (tst == 3)
+ cert_cb_cnt = 3;
+ else
+ cert_cb_cnt = 0;
+ if (tst == 2)
+ snictx = SSL_CTX_new(TLS_server_method());
+ SSL_CTX_set_cert_cb(sctx, cert_cb, snictx);
+
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+ NULL, NULL)))
+ goto end;
+
+ ret = create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE);
+ if (!TEST_true(tst == 0 ? !ret : ret)
+ || (tst > 0
+ && !TEST_int_eq((cert_cb_cnt - 2) * (cert_cb_cnt - 3), 0))) {
+ goto end;
+ }
+
+ testresult = 1;
+
+ end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+ SSL_CTX_free(snictx);
+
+ return testresult;
+}
+#endif
+
+static int test_cert_cb(int tst)
+{
+ int testresult = 1;
+
+#ifndef OPENSSL_NO_TLS1_2
+ testresult &= test_cert_cb_int(TLS1_2_VERSION, tst);
+#endif
+#ifndef OPENSSL_NO_TLS1_3
+ testresult &= test_cert_cb_int(TLS1_3_VERSION, tst);
+#endif
+
+ return testresult;
+}
+
+static int client_cert_cb(SSL *ssl, X509 **x509, EVP_PKEY **pkey)
+{
+ X509 *xcert, *peer;
+ EVP_PKEY *privpkey;
+ BIO *in = NULL;
+
+ /* Check that SSL_get_peer_certificate() returns something sensible */
+ peer = SSL_get_peer_certificate(ssl);
+ if (!TEST_ptr(peer))
+ return 0;
+ X509_free(peer);
+
+ in = BIO_new_file(cert, "r");
+ if (!TEST_ptr(in))
+ return 0;
+
+ xcert = PEM_read_bio_X509(in, NULL, NULL, NULL);
+ BIO_free(in);
+ if (!TEST_ptr(xcert))
+ return 0;
+
+ in = BIO_new_file(privkey, "r");
+ if (!TEST_ptr(in)) {
+ X509_free(xcert);
+ return 0;
+ }
+
+ privpkey = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL);
+ BIO_free(in);
+ if (!TEST_ptr(privpkey)) {
+ X509_free(xcert);
+ return 0;
+ }
+
+ *x509 = xcert;
+ *pkey = privpkey;
+
+ return 1;
+}
+
+static int verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
+{
+ return 1;
+}
+
+static int test_client_cert_cb(int tst)
+{
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ int testresult = 0;
+
+#ifdef OPENSSL_NO_TLS1_2
+ if (tst == 0)
+ return 1;
+#endif
+#ifdef OPENSSL_NO_TLS1_3
+ if (tst == 1)
+ return 1;
+#endif
+
+ if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
+ TLS_client_method(),
+ TLS1_VERSION,
+ tst == 0 ? TLS1_2_VERSION
+ : TLS1_3_VERSION,
+ &sctx, &cctx, cert, privkey)))
+ goto end;
+
+ /*
+ * Test that setting a client_cert_cb results in a client certificate being
+ * sent.
+ */
+ SSL_CTX_set_client_cert_cb(cctx, client_cert_cb);
+ SSL_CTX_set_verify(sctx,
+ SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
+ verify_cb);
+
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+ NULL, NULL))
+ || !TEST_true(create_ssl_connection(serverssl, clientssl,
+ SSL_ERROR_NONE)))
+ goto end;
+
+ testresult = 1;
+
+ end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+
+ return testresult;
+}
+
+#if !defined(OPENSSL_NO_TLS1_2) || !defined(OPENSSL_NO_TLS1_3)
+/*
+ * Test setting certificate authorities on both client and server.
+ *
+ * Test 0: SSL_CTX_set0_CA_list() only
+ * Test 1: Both SSL_CTX_set0_CA_list() and SSL_CTX_set_client_CA_list()
+ * Test 2: Only SSL_CTX_set_client_CA_list()
+ */
+static int test_ca_names_int(int prot, int tst)
+{
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ int testresult = 0;
+ size_t i;
+ X509_NAME *name[] = { NULL, NULL, NULL, NULL };
+ char *strnames[] = { "Jack", "Jill", "John", "Joanne" };
+ STACK_OF(X509_NAME) *sk1 = NULL, *sk2 = NULL;
+ const STACK_OF(X509_NAME) *sktmp = NULL;
+
+ for (i = 0; i < OSSL_NELEM(name); i++) {
+ name[i] = X509_NAME_new();
+ if (!TEST_ptr(name[i])
+ || !TEST_true(X509_NAME_add_entry_by_txt(name[i], "CN",
+ MBSTRING_ASC,
+ (unsigned char *)
+ strnames[i],
+ -1, -1, 0)))
+ goto end;
+ }
+
+ if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
+ TLS_client_method(),
+ TLS1_VERSION,
+ prot,
+ &sctx, &cctx, cert, privkey)))
+ goto end;
+
+ SSL_CTX_set_verify(sctx, SSL_VERIFY_PEER, NULL);
+
+ if (tst == 0 || tst == 1) {
+ if (!TEST_ptr(sk1 = sk_X509_NAME_new_null())
+ || !TEST_true(sk_X509_NAME_push(sk1, X509_NAME_dup(name[0])))
+ || !TEST_true(sk_X509_NAME_push(sk1, X509_NAME_dup(name[1])))
+ || !TEST_ptr(sk2 = sk_X509_NAME_new_null())
+ || !TEST_true(sk_X509_NAME_push(sk2, X509_NAME_dup(name[0])))
+ || !TEST_true(sk_X509_NAME_push(sk2, X509_NAME_dup(name[1]))))
+ goto end;
+
+ SSL_CTX_set0_CA_list(sctx, sk1);
+ SSL_CTX_set0_CA_list(cctx, sk2);
+ sk1 = sk2 = NULL;
+ }
+ if (tst == 1 || tst == 2) {
+ if (!TEST_ptr(sk1 = sk_X509_NAME_new_null())
+ || !TEST_true(sk_X509_NAME_push(sk1, X509_NAME_dup(name[2])))
+ || !TEST_true(sk_X509_NAME_push(sk1, X509_NAME_dup(name[3])))
+ || !TEST_ptr(sk2 = sk_X509_NAME_new_null())
+ || !TEST_true(sk_X509_NAME_push(sk2, X509_NAME_dup(name[2])))
+ || !TEST_true(sk_X509_NAME_push(sk2, X509_NAME_dup(name[3]))))
+ goto end;
+
+ SSL_CTX_set_client_CA_list(sctx, sk1);
+ SSL_CTX_set_client_CA_list(cctx, sk2);
+ sk1 = sk2 = NULL;
+ }
+
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+ NULL, NULL))
+ || !TEST_true(create_ssl_connection(serverssl, clientssl,
+ SSL_ERROR_NONE)))
+ goto end;
+
+ /*
+ * We only expect certificate authorities to have been sent to the server
+ * if we are using TLSv1.3 and SSL_set0_CA_list() was used
+ */
+ sktmp = SSL_get0_peer_CA_list(serverssl);
+ if (prot == TLS1_3_VERSION
+ && (tst == 0 || tst == 1)) {
+ if (!TEST_ptr(sktmp)
+ || !TEST_int_eq(sk_X509_NAME_num(sktmp), 2)
+ || !TEST_int_eq(X509_NAME_cmp(sk_X509_NAME_value(sktmp, 0),
+ name[0]), 0)
+ || !TEST_int_eq(X509_NAME_cmp(sk_X509_NAME_value(sktmp, 1),
+ name[1]), 0))
+ goto end;
+ } else if (!TEST_ptr_null(sktmp)) {
+ goto end;
+ }
+
+ /*
+ * In all tests we expect certificate authorities to have been sent to the
+ * client. However, SSL_set_client_CA_list() should override
+ * SSL_set0_CA_list()
+ */
+ sktmp = SSL_get0_peer_CA_list(clientssl);
+ if (!TEST_ptr(sktmp)
+ || !TEST_int_eq(sk_X509_NAME_num(sktmp), 2)
+ || !TEST_int_eq(X509_NAME_cmp(sk_X509_NAME_value(sktmp, 0),
+ name[tst == 0 ? 0 : 2]), 0)
+ || !TEST_int_eq(X509_NAME_cmp(sk_X509_NAME_value(sktmp, 1),
+ name[tst == 0 ? 1 : 3]), 0))
+ goto end;
+
+ testresult = 1;
+
+ end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+ for (i = 0; i < OSSL_NELEM(name); i++)
+ X509_NAME_free(name[i]);
+ sk_X509_NAME_pop_free(sk1, X509_NAME_free);
+ sk_X509_NAME_pop_free(sk2, X509_NAME_free);
+
+ return testresult;
+}
+#endif
+
+static int test_ca_names(int tst)
+{
+ int testresult = 1;
+
+#ifndef OPENSSL_NO_TLS1_2
+ testresult &= test_ca_names_int(TLS1_2_VERSION, tst);
+#endif
+#ifndef OPENSSL_NO_TLS1_3
+ testresult &= test_ca_names_int(TLS1_3_VERSION, tst);
+#endif
+
+ return testresult;
+}
+
+
+OPT_TEST_DECLARE_USAGE("certfile privkeyfile srpvfile tmpfile\n")
+
+int setup_tests(void)
+{
+ if (!TEST_ptr(cert = test_get_argument(0))
+ || !TEST_ptr(privkey = test_get_argument(1))
+ || !TEST_ptr(srpvfile = test_get_argument(2))
+ || !TEST_ptr(tmpfilename = test_get_argument(3)))
+ return 0;
+
+ if (getenv("OPENSSL_TEST_GETCOUNTS") != NULL) {
+#ifdef OPENSSL_NO_CRYPTO_MDEBUG
+ TEST_error("not supported in this build");