mirror of https://github.com/openssl/openssl
Add a test for SSL_CTX_new_with_libctx()
We test that SSL_CTX_new_with_libctx() can be used to control the libctx that is in use for SSL operations. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10854)
This commit is contained in:
parent
0f00ed7720
commit
9aa78c36ec
|
@ -45,8 +45,8 @@ IF[{- !$disabled{tests} -}]
|
|||
dtlsv1listentest ct_test threadstest afalgtest d2i_test \
|
||||
ssl_test_ctx_test ssl_test x509aux cipherlist_test asynciotest \
|
||||
bio_callback_test bio_memleak_test param_build_test \
|
||||
bioprinttest sslapitest dtlstest sslcorrupttest bio_enc_test \
|
||||
pkey_meth_test pkey_meth_kdf_test evp_kdf_test uitest \
|
||||
bioprinttest sslapitest sslprovidertest dtlstest sslcorrupttest \
|
||||
bio_enc_test pkey_meth_test pkey_meth_kdf_test evp_kdf_test uitest \
|
||||
cipherbytes_test \
|
||||
asn1_encode_test asn1_decode_test asn1_string_table_test \
|
||||
x509_time_test x509_dup_cert_test x509_check_cert_pkey_test \
|
||||
|
@ -321,6 +321,10 @@ IF[{- !$disabled{tests} -}]
|
|||
INCLUDE[sslapitest]=../include ../apps/include ..
|
||||
DEPEND[sslapitest]=../libcrypto ../libssl libtestutil.a
|
||||
|
||||
SOURCE[sslprovidertest]=sslprovidertest.c ssltestlib.c
|
||||
INCLUDE[sslprovidertest]=../include ../apps/include ..
|
||||
DEPEND[sslprovidertest]=../libcrypto ../libssl libtestutil.a
|
||||
|
||||
SOURCE[ocspapitest]=ocspapitest.c
|
||||
INCLUDE[ocspapitest]=../include ../apps/include
|
||||
DEPEND[ocspapitest]=../libcrypto libtestutil.a
|
||||
|
|
|
@ -0,0 +1,21 @@
|
|||
#! /usr/bin/env perl
|
||||
# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
# in the file LICENSE in the source distribution or at
|
||||
# https://www.openssl.org/source/license.html
|
||||
|
||||
|
||||
use OpenSSL::Test::Utils;
|
||||
use OpenSSL::Test qw/:DEFAULT srctop_dir/;
|
||||
|
||||
setup("test_sslprovider");
|
||||
|
||||
plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build"
|
||||
if alldisabled(grep { $_ ne "ssl3" } available_protocols("tls"));
|
||||
|
||||
plan tests => 1;
|
||||
|
||||
ok(run(test(["sslprovidertest", srctop_dir("test", "certs")])),
|
||||
"running sslprovidertest");
|
|
@ -0,0 +1,128 @@
|
|||
/*
|
||||
* Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include <openssl/provider.h>
|
||||
|
||||
#include "ssltestlib.h"
|
||||
#include "testutil.h"
|
||||
|
||||
static char *cert = NULL;
|
||||
static char *privkey = NULL;
|
||||
|
||||
/* TODO(3.0): Re-enable this code. See comment in setup_tests() */
|
||||
#if 0
|
||||
OSSL_PROVIDER *defctxlegacy = NULL;
|
||||
#endif
|
||||
|
||||
static int test_different_libctx(void)
|
||||
{
|
||||
SSL_CTX *cctx = NULL, *sctx = NULL;
|
||||
SSL *clientssl = NULL, *serverssl = NULL;
|
||||
int testresult = 0;
|
||||
OPENSSL_CTX *libctx = OPENSSL_CTX_new();
|
||||
|
||||
/* TODO(3.0): Re-enable this code. See comment in setup_tests() */
|
||||
#if 0
|
||||
/* Verify that the default provider in the default libctx is not available */
|
||||
if (!TEST_false(OSSL_PROVIDER_available(NULL, "default")))
|
||||
goto end;
|
||||
#endif
|
||||
|
||||
cctx = SSL_CTX_new_with_libctx(libctx, NULL, TLS_client_method());
|
||||
if (!TEST_ptr(cctx))
|
||||
goto end;
|
||||
sctx = SSL_CTX_new_with_libctx(libctx, NULL, TLS_server_method());
|
||||
if (!TEST_ptr(sctx))
|
||||
goto end;
|
||||
|
||||
if (!TEST_true(create_ssl_ctx_pair(NULL,
|
||||
NULL,
|
||||
TLS1_VERSION,
|
||||
0,
|
||||
&sctx, NULL, cert, privkey)))
|
||||
goto end;
|
||||
|
||||
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
|
||||
NULL, NULL)))
|
||||
goto end;
|
||||
|
||||
/* This time we expect success */
|
||||
if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
|
||||
goto end;
|
||||
|
||||
/* TODO(3.0): Re-enable this code. See comment in setup_tests() */
|
||||
#if 0
|
||||
/*
|
||||
* Verify that the default provider in the default libctx is still not
|
||||
* available
|
||||
*/
|
||||
if (!TEST_false(OSSL_PROVIDER_available(NULL, "default")))
|
||||
goto end;
|
||||
#endif
|
||||
|
||||
testresult = 1;
|
||||
|
||||
end:
|
||||
SSL_free(serverssl);
|
||||
SSL_free(clientssl);
|
||||
SSL_CTX_free(sctx);
|
||||
SSL_CTX_free(cctx);
|
||||
|
||||
OPENSSL_CTX_free(libctx);
|
||||
|
||||
return testresult;
|
||||
}
|
||||
|
||||
int setup_tests(void)
|
||||
{
|
||||
char *certsdir = NULL;
|
||||
/*
|
||||
* TODO(3.0): Re-enable this code when key generation is provider aware. At
|
||||
* the moment the below causes the tests to fail because libssl attempts to
|
||||
* generate a key for the key_share, which ultimately invokes RAND_bytes().
|
||||
* However, because key generation is not yet provider aware it just uses
|
||||
* the default library context - and hence fails.
|
||||
*/
|
||||
#if 0
|
||||
/*
|
||||
* For tests in this file we want to ensure the default ctx does not have
|
||||
* the default provider loaded into the default ctx. So we load "legacy" to
|
||||
* prevent default from being auto-loaded. This tests that there is no
|
||||
* "leakage", i.e. when using SSL_CTX_new_with_libctx() we expect only the
|
||||
* specific libctx to be used - nothing should fall back to the default
|
||||
* libctx
|
||||
*/
|
||||
defctxlegacy = OSSL_PROVIDER_load(NULL, "legacy");
|
||||
#endif
|
||||
|
||||
if (!TEST_ptr(certsdir = test_get_argument(0)))
|
||||
return 0;
|
||||
|
||||
cert = test_mk_file_path(certsdir, "servercert.pem");
|
||||
if (cert == NULL)
|
||||
return 0;
|
||||
|
||||
privkey = test_mk_file_path(certsdir, "serverkey.pem");
|
||||
if (privkey == NULL) {
|
||||
OPENSSL_free(cert);
|
||||
return 0;
|
||||
}
|
||||
|
||||
ADD_TEST(test_different_libctx);
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
void cleanup_tests(void)
|
||||
{
|
||||
/* TODO(3.0): Re-enable this code. See comment in setup_tests() */
|
||||
#if 0
|
||||
OSSL_PROVIDER_unload(defctxlegacy);
|
||||
#endif
|
||||
}
|
|
@ -724,10 +724,18 @@ int create_ssl_ctx_pair(const SSL_METHOD *sm, const SSL_METHOD *cm,
|
|||
SSL_CTX *serverctx = NULL;
|
||||
SSL_CTX *clientctx = NULL;
|
||||
|
||||
if (!TEST_ptr(serverctx = SSL_CTX_new(sm))
|
||||
|| (cctx != NULL && !TEST_ptr(clientctx = SSL_CTX_new(cm))))
|
||||
if (*sctx != NULL)
|
||||
serverctx = *sctx;
|
||||
else if (!TEST_ptr(serverctx = SSL_CTX_new(sm)))
|
||||
goto err;
|
||||
|
||||
if (cctx != NULL) {
|
||||
if (*cctx != NULL)
|
||||
clientctx = *cctx;
|
||||
else if (!TEST_ptr(clientctx = SSL_CTX_new(cm)))
|
||||
goto err;
|
||||
}
|
||||
|
||||
if ((min_proto_version > 0
|
||||
&& !TEST_true(SSL_CTX_set_min_proto_version(serverctx,
|
||||
min_proto_version)))
|
||||
|
|
Loading…
Reference in New Issue