mirror of https://github.com/ctz/rustls
Embed test-ca files into the test binaries
When cross compiling to operating systems like Fuchsia, it's a little complicated to build the test binaries, copy them and the test-ca files to the target, and make sure that everything is executed with the correct working directory. This PR makes it much easier to test rustls by embedding the test-ca files directly into the test binaries, which now can recreate a temporary test-ca directory as needed. This allows us to just copy the executable over, which really simplifies testing.
This commit is contained in:
parent
bc8cec0c9c
commit
399ed16e29
|
@ -35,6 +35,7 @@ webpki-roots = "0.16"
|
|||
ct-logs = "0.5"
|
||||
regex = "1.0"
|
||||
vecio = "0.1"
|
||||
tempfile = "3.0"
|
||||
|
||||
[[example]]
|
||||
name = "bogo_shim"
|
||||
|
|
24
tests/api.rs
24
tests/api.rs
|
@ -2,7 +2,6 @@
|
|||
use std::sync::Arc;
|
||||
use std::sync::Mutex;
|
||||
use std::sync::atomic::{AtomicUsize, Ordering};
|
||||
use std::fs;
|
||||
use std::mem;
|
||||
use std::fmt;
|
||||
use std::io::{self, Write, Read};
|
||||
|
@ -26,6 +25,9 @@ use rustls::quic::{self, QuicExt, ClientQuicExt, ServerQuicExt};
|
|||
|
||||
use webpki;
|
||||
|
||||
#[allow(dead_code)]
|
||||
mod common;
|
||||
|
||||
fn transfer(left: &mut dyn Session, right: &mut dyn Session) -> usize {
|
||||
let mut buf = [0u8; 262144];
|
||||
let mut total = 0;
|
||||
|
@ -58,35 +60,31 @@ enum KeyType {
|
|||
static ALL_KEY_TYPES: [KeyType; 2] = [ KeyType::RSA, KeyType::ECDSA ];
|
||||
|
||||
impl KeyType {
|
||||
fn path_for(&self, part: &str) -> String {
|
||||
fn bytes_for(&self, part: &str) -> &'static [u8] {
|
||||
match self {
|
||||
KeyType::RSA => format!("test-ca/rsa/{}", part),
|
||||
KeyType::ECDSA => format!("test-ca/ecdsa/{}", part),
|
||||
KeyType::RSA => common::bytes_for("rsa", part),
|
||||
KeyType::ECDSA => common::bytes_for("ecdsa", part),
|
||||
}
|
||||
}
|
||||
|
||||
fn get_chain(&self) -> Vec<Certificate> {
|
||||
pemfile::certs(&mut io::BufReader::new(fs::File::open(self.path_for("end.fullchain"))
|
||||
.unwrap()))
|
||||
pemfile::certs(&mut io::BufReader::new(self.bytes_for("end.fullchain")))
|
||||
.unwrap()
|
||||
}
|
||||
|
||||
fn get_key(&self) -> PrivateKey {
|
||||
pemfile::pkcs8_private_keys(&mut io::BufReader::new(fs::File::open(self.path_for("end.key"))
|
||||
.unwrap()))
|
||||
pemfile::pkcs8_private_keys(&mut io::BufReader::new(self.bytes_for("end.key")))
|
||||
.unwrap()[0]
|
||||
.clone()
|
||||
}
|
||||
|
||||
fn get_client_chain(&self) -> Vec<Certificate> {
|
||||
pemfile::certs(&mut io::BufReader::new(fs::File::open(self.path_for("client.fullchain"))
|
||||
.unwrap()))
|
||||
pemfile::certs(&mut io::BufReader::new(self.bytes_for("client.fullchain")))
|
||||
.unwrap()
|
||||
}
|
||||
|
||||
fn get_client_key(&self) -> PrivateKey {
|
||||
pemfile::pkcs8_private_keys(&mut io::BufReader::new(fs::File::open(self.path_for("client.key"))
|
||||
.unwrap()))
|
||||
pemfile::pkcs8_private_keys(&mut io::BufReader::new(self.bytes_for("client.key")))
|
||||
.unwrap()[0]
|
||||
.clone()
|
||||
}
|
||||
|
@ -115,7 +113,7 @@ fn make_server_config_with_mandatory_client_auth(kt: KeyType) -> ServerConfig {
|
|||
|
||||
fn make_client_config(kt: KeyType) -> ClientConfig {
|
||||
let mut cfg = ClientConfig::new();
|
||||
let mut rootbuf = io::BufReader::new(fs::File::open(kt.path_for("ca.cert")).unwrap());
|
||||
let mut rootbuf = io::BufReader::new(kt.bytes_for("ca.cert"));
|
||||
cfg.root_store.add_pem_file(&mut rootbuf).unwrap();
|
||||
|
||||
cfg
|
||||
|
|
|
@ -7,7 +7,9 @@ use crate::common::OpenSSLServer;
|
|||
// but B is not.
|
||||
#[test]
|
||||
fn partial_chain() {
|
||||
let mut server = OpenSSLServer::new_rsa(3000);
|
||||
let test_ca = common::new_test_ca();
|
||||
|
||||
let mut server = OpenSSLServer::new_rsa(test_ca.path(), 3000);
|
||||
server.partial_chain();
|
||||
server.run();
|
||||
server.client()
|
||||
|
|
|
@ -7,7 +7,9 @@ use crate::common::OpenSSLServer;
|
|||
|
||||
#[test]
|
||||
fn ecdhe_rsa_aes_128_gcm_sha256() {
|
||||
let mut server = OpenSSLServer::new_rsa(5000);
|
||||
let test_ca = common::new_test_ca();
|
||||
|
||||
let mut server = OpenSSLServer::new_rsa(test_ca.path(), 5000);
|
||||
server.run();
|
||||
server.client()
|
||||
.verbose()
|
||||
|
@ -19,7 +21,9 @@ fn ecdhe_rsa_aes_128_gcm_sha256() {
|
|||
|
||||
#[test]
|
||||
fn ecdhe_rsa_aes_256_gcm_sha384() {
|
||||
let mut server = OpenSSLServer::new_rsa(5010);
|
||||
let test_ca = common::new_test_ca();
|
||||
|
||||
let mut server = OpenSSLServer::new_rsa(test_ca.path(), 5010);
|
||||
server.run();
|
||||
server.client()
|
||||
.verbose()
|
||||
|
@ -31,7 +35,9 @@ fn ecdhe_rsa_aes_256_gcm_sha384() {
|
|||
|
||||
#[test]
|
||||
fn ecdhe_ecdsa_aes_128_gcm_sha256() {
|
||||
let mut server = OpenSSLServer::new_ecdsa(5020);
|
||||
let test_ca = common::new_test_ca();
|
||||
|
||||
let mut server = OpenSSLServer::new_ecdsa(test_ca.path(), 5020);
|
||||
server.run();
|
||||
server.client()
|
||||
.verbose()
|
||||
|
@ -43,7 +49,9 @@ fn ecdhe_ecdsa_aes_128_gcm_sha256() {
|
|||
|
||||
#[test]
|
||||
fn ecdhe_ecdsa_aes_256_gcm_sha384() {
|
||||
let mut server = OpenSSLServer::new_ecdsa(5030);
|
||||
let test_ca = common::new_test_ca();
|
||||
|
||||
let mut server = OpenSSLServer::new_ecdsa(test_ca.path(), 5030);
|
||||
server.run();
|
||||
server.client()
|
||||
.verbose()
|
||||
|
|
|
@ -1,5 +1,9 @@
|
|||
use std::env;
|
||||
use std::net;
|
||||
|
||||
use std::fs::{self, File};
|
||||
use std::io::Write;
|
||||
use std::path::{Path, PathBuf};
|
||||
use std::process;
|
||||
use std::str;
|
||||
use std::thread;
|
||||
|
@ -7,6 +11,83 @@ use std::time;
|
|||
|
||||
use regex;
|
||||
use self::regex::Regex;
|
||||
use tempfile;
|
||||
|
||||
macro_rules! embed_files {
|
||||
(
|
||||
$(
|
||||
($name:ident, $keytype:expr, $path:expr);
|
||||
)+
|
||||
) => {
|
||||
$(
|
||||
const $name: &'static [u8] = include_bytes!(
|
||||
concat!("../../test-ca/", $keytype, "/", $path));
|
||||
)+
|
||||
|
||||
pub fn bytes_for(keytype: &str, path: &str) -> &'static [u8] {
|
||||
match (keytype, path) {
|
||||
$(
|
||||
($keytype, $path) => $name,
|
||||
)+
|
||||
_ => panic!("unknown keytype {} with path {}", keytype, path),
|
||||
}
|
||||
}
|
||||
|
||||
pub fn new_test_ca() -> tempfile::TempDir {
|
||||
let dir = tempfile::TempDir::new().unwrap();
|
||||
|
||||
fs::create_dir(dir.path().join("ecdsa")).unwrap();
|
||||
fs::create_dir(dir.path().join("rsa")).unwrap();
|
||||
|
||||
$(
|
||||
let mut f = File::create(dir.path().join($keytype).join($path)).unwrap();
|
||||
f.write($name).unwrap();
|
||||
)+
|
||||
|
||||
dir
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
embed_files! {
|
||||
(ECDSA_CA_CERT, "ecdsa", "ca.cert");
|
||||
(ECDSA_CA_DER, "ecdsa", "ca.der");
|
||||
(ECDSA_CA_KEY, "ecdsa", "ca.key");
|
||||
(ECDSA_CLIENT_CERT, "ecdsa", "client.cert");
|
||||
(ECDSA_CLIENT_CHAIN, "ecdsa", "client.chain");
|
||||
(ECDSA_CLIENT_FULLCHAIN, "ecdsa", "client.fullchain");
|
||||
(ECDSA_CLIENT_KEY, "ecdsa", "client.key");
|
||||
(ECDSA_CLIENT_REQ, "ecdsa", "client.req");
|
||||
(ECDSA_END_CERT, "ecdsa", "end.cert");
|
||||
(ECDSA_END_CHAIN, "ecdsa", "end.chain");
|
||||
(ECDSA_END_FULLCHAIN, "ecdsa", "end.fullchain");
|
||||
(ECDSA_END_KEY, "ecdsa", "end.key");
|
||||
(ECDSA_END_REQ, "ecdsa", "end.req");
|
||||
(ECDSA_INTER_CERT, "ecdsa", "inter.cert");
|
||||
(ECDSA_INTER_KEY, "ecdsa", "inter.key");
|
||||
(ECDSA_INTER_REQ, "ecdsa", "inter.req");
|
||||
(ECDSA_NISTP256_PEM, "ecdsa", "nistp256.pem");
|
||||
(ECDSA_NISTP384_PEM, "ecdsa", "nistp384.pem");
|
||||
|
||||
(RSA_CA_CERT, "rsa", "ca.cert");
|
||||
(RSA_CA_DER, "rsa", "ca.der");
|
||||
(RSA_CA_KEY, "rsa", "ca.key");
|
||||
(RSA_CLIENT_CERT, "rsa", "client.cert");
|
||||
(RSA_CLIENT_CHAIN, "rsa", "client.chain");
|
||||
(RSA_CLIENT_FULLCHAIN, "rsa", "client.fullchain");
|
||||
(RSA_CLIENT_KEY, "rsa", "client.key");
|
||||
(RSA_CLIENT_REQ, "rsa", "client.req");
|
||||
(RSA_CLIENT_RSA, "rsa", "client.rsa");
|
||||
(RSA_END_CERT, "rsa", "end.cert");
|
||||
(RSA_END_CHAIN, "rsa", "end.chain");
|
||||
(RSA_END_FULLCHAIN, "rsa", "end.fullchain");
|
||||
(RSA_END_KEY, "rsa", "end.key");
|
||||
(RSA_END_REQ, "rsa", "end.req");
|
||||
(RSA_END_RSA, "rsa", "end.rsa");
|
||||
(RSA_INTER_CERT, "rsa", "inter.cert");
|
||||
(RSA_INTER_KEY, "rsa", "inter.key");
|
||||
(RSA_INTER_REQ, "rsa", "inter.req");
|
||||
}
|
||||
|
||||
// For tests which connect to internet servers, don't go crazy.
|
||||
pub fn polite() {
|
||||
|
@ -102,9 +183,9 @@ pub struct TlsClient {
|
|||
pub hostname: String,
|
||||
pub port: u16,
|
||||
pub http: bool,
|
||||
pub cafile: Option<String>,
|
||||
pub client_auth_key: Option<String>,
|
||||
pub client_auth_certs: Option<String>,
|
||||
pub cafile: Option<PathBuf>,
|
||||
pub client_auth_key: Option<PathBuf>,
|
||||
pub client_auth_certs: Option<PathBuf>,
|
||||
pub cache: Option<String>,
|
||||
pub suites: Vec<String>,
|
||||
pub protos: Vec<Vec<u8>>,
|
||||
|
@ -141,14 +222,14 @@ impl TlsClient {
|
|||
}
|
||||
}
|
||||
|
||||
pub fn client_auth(&mut self, certs: &str, key: &str) -> &mut Self {
|
||||
self.client_auth_key = Some(key.to_string());
|
||||
self.client_auth_certs = Some(certs.to_string());
|
||||
pub fn client_auth(&mut self, certs: &Path, key: &Path) -> &mut Self {
|
||||
self.client_auth_key = Some(key.to_path_buf());
|
||||
self.client_auth_certs = Some(certs.to_path_buf());
|
||||
self
|
||||
}
|
||||
|
||||
pub fn cafile(&mut self, cafile: &str) -> &mut TlsClient {
|
||||
self.cafile = Some(cafile.to_string());
|
||||
pub fn cafile(&mut self, cafile: &Path) -> &mut TlsClient {
|
||||
self.cafile = Some(cafile.to_path_buf());
|
||||
self
|
||||
}
|
||||
|
||||
|
@ -245,17 +326,17 @@ impl TlsClient {
|
|||
|
||||
if self.cafile.is_some() {
|
||||
args.push("--cafile");
|
||||
args.push(self.cafile.as_ref().unwrap());
|
||||
args.push(self.cafile.as_ref().unwrap().to_str().unwrap());
|
||||
}
|
||||
|
||||
if self.client_auth_key.is_some() {
|
||||
args.push("--auth-key");
|
||||
args.push(self.client_auth_key.as_ref().unwrap());
|
||||
args.push(self.client_auth_key.as_ref().unwrap().to_str().unwrap());
|
||||
}
|
||||
|
||||
if self.client_auth_certs.is_some() {
|
||||
args.push("--auth-certs");
|
||||
args.push(self.client_auth_certs.as_ref().unwrap());
|
||||
args.push(self.client_auth_certs.as_ref().unwrap().to_str().unwrap());
|
||||
}
|
||||
|
||||
for suite in &self.suites {
|
||||
|
@ -321,37 +402,37 @@ pub struct OpenSSLServer {
|
|||
pub port: u16,
|
||||
pub http: bool,
|
||||
pub quiet: bool,
|
||||
pub key: String,
|
||||
pub cert: String,
|
||||
pub chain: String,
|
||||
pub intermediate: String,
|
||||
pub cacert: String,
|
||||
pub key: PathBuf,
|
||||
pub cert: PathBuf,
|
||||
pub chain: PathBuf,
|
||||
pub intermediate: PathBuf,
|
||||
pub cacert: PathBuf,
|
||||
pub extra_args: Vec<&'static str>,
|
||||
pub child: Option<process::Child>,
|
||||
}
|
||||
|
||||
impl OpenSSLServer {
|
||||
pub fn new(keytype: &str, start_port: u16) -> OpenSSLServer {
|
||||
pub fn new(test_ca: &Path, keytype: &str, start_port: u16) -> OpenSSLServer {
|
||||
OpenSSLServer {
|
||||
port: unused_port(start_port),
|
||||
http: true,
|
||||
quiet: true,
|
||||
key: format!("test-ca/{}/end.key", keytype),
|
||||
cert: format!("test-ca/{}/end.cert", keytype),
|
||||
chain: format!("test-ca/{}/end.chain", keytype),
|
||||
cacert: format!("test-ca/{}/ca.cert", keytype),
|
||||
intermediate: format!("test-ca/{}/inter.cert", keytype),
|
||||
key: test_ca.join(keytype).join("end.key"),
|
||||
cert: test_ca.join(keytype).join("end.cert"),
|
||||
chain: test_ca.join(keytype).join("end.chain"),
|
||||
cacert: test_ca.join(keytype).join("ca.cert"),
|
||||
intermediate: test_ca.join(keytype).join("inter.cert"),
|
||||
extra_args: Vec::new(),
|
||||
child: None,
|
||||
}
|
||||
}
|
||||
|
||||
pub fn new_rsa(start_port: u16) -> OpenSSLServer {
|
||||
OpenSSLServer::new("rsa", start_port)
|
||||
pub fn new_rsa(test_ca: &Path, start_port: u16) -> OpenSSLServer {
|
||||
OpenSSLServer::new(test_ca, "rsa", start_port)
|
||||
}
|
||||
|
||||
pub fn new_ecdsa(start_port: u16) -> OpenSSLServer {
|
||||
OpenSSLServer::new("ecdsa", start_port)
|
||||
pub fn new_ecdsa(test_ca: &Path, start_port: u16) -> OpenSSLServer {
|
||||
OpenSSLServer::new(test_ca, "ecdsa", start_port)
|
||||
}
|
||||
|
||||
pub fn partial_chain(&mut self) -> &mut Self {
|
||||
|
@ -431,34 +512,34 @@ pub struct TlsServer {
|
|||
pub port: u16,
|
||||
pub http: bool,
|
||||
pub echo: bool,
|
||||
pub certs: String,
|
||||
pub key: String,
|
||||
pub cafile: String,
|
||||
pub certs: PathBuf,
|
||||
pub key: PathBuf,
|
||||
pub cafile: PathBuf,
|
||||
pub suites: Vec<String>,
|
||||
pub protos: Vec<Vec<u8>>,
|
||||
used_suites: Vec<String>,
|
||||
used_protos: Vec<Vec<u8>>,
|
||||
pub resumes: bool,
|
||||
pub tickets: bool,
|
||||
pub client_auth_roots: String,
|
||||
pub client_auth_roots: Option<PathBuf>,
|
||||
pub client_auth_required: bool,
|
||||
pub verbose: bool,
|
||||
pub child: Option<process::Child>,
|
||||
}
|
||||
|
||||
impl TlsServer {
|
||||
pub fn new(port: u16) -> Self {
|
||||
Self::new_keytype(port, "rsa")
|
||||
pub fn new(test_ca: &Path, port: u16) -> Self {
|
||||
Self::new_keytype(test_ca, port, "rsa")
|
||||
}
|
||||
|
||||
pub fn new_keytype(port: u16, keytype: &str) -> Self {
|
||||
pub fn new_keytype(test_ca: &Path, port: u16, keytype: &str) -> Self {
|
||||
TlsServer {
|
||||
port: unused_port(port),
|
||||
http: false,
|
||||
echo: false,
|
||||
key: format!("test-ca/{}/end.key", keytype),
|
||||
certs: format!("test-ca/{}/end.fullchain", keytype),
|
||||
cafile: format!("test-ca/{}/ca.cert", keytype),
|
||||
key: test_ca.join(keytype).join("end.key"),
|
||||
certs: test_ca.join(keytype).join("end.fullchain"),
|
||||
cafile: test_ca.join(keytype).join("ca.cert"),
|
||||
verbose: false,
|
||||
suites: Vec::new(),
|
||||
protos: Vec::new(),
|
||||
|
@ -466,7 +547,7 @@ impl TlsServer {
|
|||
used_protos: Vec::new(),
|
||||
resumes: false,
|
||||
tickets: false,
|
||||
client_auth_roots: String::new(),
|
||||
client_auth_roots: None,
|
||||
client_auth_required: false,
|
||||
child: None,
|
||||
}
|
||||
|
@ -514,8 +595,8 @@ impl TlsServer {
|
|||
self
|
||||
}
|
||||
|
||||
pub fn client_auth_roots(&mut self, cafile: &str) -> &mut Self {
|
||||
self.client_auth_roots = cafile.to_string();
|
||||
pub fn client_auth_roots(&mut self, cafile: &Path) -> &mut Self {
|
||||
self.client_auth_roots = Some(cafile.to_path_buf());
|
||||
self
|
||||
}
|
||||
|
||||
|
@ -530,9 +611,9 @@ impl TlsServer {
|
|||
args.push("--port");
|
||||
args.push(&portstring);
|
||||
args.push("--key");
|
||||
args.push(&self.key);
|
||||
args.push(self.key.to_str().unwrap());
|
||||
args.push("--certs");
|
||||
args.push(&self.certs);
|
||||
args.push(self.certs.to_str().unwrap());
|
||||
|
||||
self.used_suites = self.suites.clone();
|
||||
for suite in &self.used_suites {
|
||||
|
@ -554,9 +635,9 @@ impl TlsServer {
|
|||
args.push("--tickets");
|
||||
}
|
||||
|
||||
if !self.client_auth_roots.is_empty() {
|
||||
if let Some(ref client_auth_roots) = self.client_auth_roots {
|
||||
args.push("--auth");
|
||||
args.push(&self.client_auth_roots);
|
||||
args.push(client_auth_roots.to_str().unwrap());
|
||||
|
||||
if self.client_auth_required {
|
||||
args.push("--require-auth");
|
||||
|
@ -612,8 +693,8 @@ impl Drop for TlsServer {
|
|||
|
||||
pub struct OpenSSLClient {
|
||||
pub port: u16,
|
||||
pub cafile: String,
|
||||
pub extra_args: Vec<&'static str>,
|
||||
pub cafile: PathBuf,
|
||||
pub extra_args: Vec<String>,
|
||||
pub expect_fails: bool,
|
||||
pub expect_output: Vec<String>,
|
||||
pub expect_log: Vec<String>,
|
||||
|
@ -623,7 +704,7 @@ impl OpenSSLClient {
|
|||
pub fn new(port: u16) -> OpenSSLClient {
|
||||
OpenSSLClient {
|
||||
port: port,
|
||||
cafile: "".to_string(),
|
||||
cafile: PathBuf::new(),
|
||||
extra_args: Vec::new(),
|
||||
expect_fails: false,
|
||||
expect_output: Vec::new(),
|
||||
|
@ -631,13 +712,13 @@ impl OpenSSLClient {
|
|||
}
|
||||
}
|
||||
|
||||
pub fn arg(&mut self, arg: &'static str) -> &mut Self {
|
||||
self.extra_args.push(arg);
|
||||
pub fn arg(&mut self, arg: &str) -> &mut Self {
|
||||
self.extra_args.push(arg.to_string());
|
||||
self
|
||||
}
|
||||
|
||||
pub fn cafile(&mut self, cafile: &str) -> &mut Self {
|
||||
self.cafile = cafile.to_string();
|
||||
pub fn cafile(&mut self, cafile: &Path) -> &mut Self {
|
||||
self.cafile = cafile.to_path_buf();
|
||||
self
|
||||
}
|
||||
|
||||
|
@ -657,7 +738,7 @@ impl OpenSSLClient {
|
|||
}
|
||||
|
||||
pub fn go(&mut self) -> Option<()> {
|
||||
let mut extra_args = Vec::<&'static str>::new();
|
||||
let mut extra_args = Vec::new();
|
||||
extra_args.extend(&self.extra_args);
|
||||
|
||||
let mut subp = process::Command::new(openssl_find());
|
||||
|
|
|
@ -6,7 +6,9 @@ use crate::common::OpenSSLServer;
|
|||
|
||||
#[test]
|
||||
fn curve_nistp256() {
|
||||
let mut server = OpenSSLServer::new_rsa(4000);
|
||||
let test_ca = common::new_test_ca();
|
||||
|
||||
let mut server = OpenSSLServer::new_rsa(test_ca.path(), 4000);
|
||||
server.arg("-named_curve").arg("prime256v1");
|
||||
server.run();
|
||||
server.client()
|
||||
|
@ -18,7 +20,9 @@ fn curve_nistp256() {
|
|||
|
||||
#[test]
|
||||
fn curve_nistp384() {
|
||||
let mut server = OpenSSLServer::new_rsa(4010);
|
||||
let test_ca = common::new_test_ca();
|
||||
|
||||
let mut server = OpenSSLServer::new_rsa(test_ca.path(), 4010);
|
||||
server.arg("-named_curve").arg("secp384r1");
|
||||
server.run();
|
||||
server.client()
|
||||
|
|
|
@ -6,7 +6,9 @@ use crate::common::OpenSSLServer;
|
|||
|
||||
#[test]
|
||||
fn no_ecdhe() {
|
||||
let mut server = OpenSSLServer::new_rsa(8010);
|
||||
let test_ca = common::new_test_ca();
|
||||
|
||||
let mut server = OpenSSLServer::new_rsa(test_ca.path(), 8010);
|
||||
if common::openssl_server_supports_no_echde() {
|
||||
server.arg("-no_ecdhe");
|
||||
} else {
|
||||
|
@ -25,7 +27,9 @@ fn no_ecdhe() {
|
|||
|
||||
#[test]
|
||||
fn tls11_only() {
|
||||
let mut server = OpenSSLServer::new_rsa(8020);
|
||||
let test_ca = common::new_test_ca();
|
||||
|
||||
let mut server = OpenSSLServer::new_rsa(test_ca.path(), 8020);
|
||||
server.arg("-tls1_1");
|
||||
server.run();
|
||||
|
||||
|
|
|
@ -12,7 +12,9 @@ fn alpn_offer() {
|
|||
return;
|
||||
}
|
||||
|
||||
let mut server = OpenSSLServer::new_rsa(9000);
|
||||
let test_ca = common::new_test_ca();
|
||||
|
||||
let mut server = OpenSSLServer::new_rsa(test_ca.path(), 9000);
|
||||
server.arg("-alpn")
|
||||
.arg("ponytown,breakfast,edgware")
|
||||
.arg("-tls1_2")
|
||||
|
@ -46,7 +48,9 @@ fn alpn_agree() {
|
|||
return;
|
||||
}
|
||||
|
||||
let mut server = TlsServer::new(9010);
|
||||
let test_ca = common::new_test_ca();
|
||||
|
||||
let mut server = TlsServer::new(test_ca.path(), 9010);
|
||||
server.proto(b"connaught")
|
||||
.proto(b"bonjour")
|
||||
.proto(b"egg")
|
||||
|
@ -78,13 +82,18 @@ fn alpn_agree() {
|
|||
|
||||
#[test]
|
||||
fn client_auth_by_client() {
|
||||
let mut server = OpenSSLServer::new_rsa(9020);
|
||||
let test_ca = common::new_test_ca();
|
||||
|
||||
let mut server = OpenSSLServer::new_rsa(test_ca.path(), 9020);
|
||||
server.arg("-verify").arg("0")
|
||||
.arg("-tls1_2");
|
||||
server.run();
|
||||
|
||||
server.client()
|
||||
.client_auth("test-ca/rsa/end.fullchain", "test-ca/rsa/end.rsa")
|
||||
.client_auth(
|
||||
&test_ca.path().join("rsa").join("end.fullchain"),
|
||||
&test_ca.path().join("rsa").join("end.rsa"),
|
||||
)
|
||||
.expect_log("Got CertificateRequest")
|
||||
.expect_log("Attempting client auth")
|
||||
.expect("Client certificate\n")
|
||||
|
@ -96,13 +105,18 @@ fn client_auth_by_client() {
|
|||
|
||||
#[test]
|
||||
fn client_auth_by_client_with_ecdsa_suite() {
|
||||
let mut server = OpenSSLServer::new_ecdsa(9025);
|
||||
let test_ca = common::new_test_ca();
|
||||
|
||||
let mut server = OpenSSLServer::new_ecdsa(test_ca.path(), 9025);
|
||||
server.arg("-verify").arg("0")
|
||||
.arg("-tls1_2");
|
||||
server.run();
|
||||
|
||||
server.client()
|
||||
.client_auth("test-ca/rsa/end.fullchain", "test-ca/rsa/end.rsa")
|
||||
.client_auth(
|
||||
&test_ca.path().join("rsa").join("end.fullchain"),
|
||||
&test_ca.path().join("rsa").join("end.rsa"),
|
||||
)
|
||||
.expect_log("Got CertificateRequest")
|
||||
.expect_log("Attempting client auth")
|
||||
.expect(r"AlertReceived\(UnknownCA\)")
|
||||
|
@ -114,7 +128,9 @@ fn client_auth_by_client_with_ecdsa_suite() {
|
|||
|
||||
#[test]
|
||||
fn client_auth_requested_but_unsupported() {
|
||||
let mut server = OpenSSLServer::new_rsa(9030);
|
||||
let test_ca = common::new_test_ca();
|
||||
|
||||
let mut server = OpenSSLServer::new_rsa(test_ca.path(), 9030);
|
||||
server.arg("-verify").arg("0")
|
||||
.arg("-tls1_2");
|
||||
server.run();
|
||||
|
@ -131,7 +147,9 @@ fn client_auth_requested_but_unsupported() {
|
|||
|
||||
#[test]
|
||||
fn client_auth_required_but_unsupported() {
|
||||
let mut server = OpenSSLServer::new_rsa(9040);
|
||||
let test_ca = common::new_test_ca();
|
||||
|
||||
let mut server = OpenSSLServer::new_rsa(test_ca.path(), 9040);
|
||||
server.arg("-Verify").arg("0")
|
||||
.arg("-tls1_2");
|
||||
server.run();
|
||||
|
@ -148,8 +166,10 @@ fn client_auth_required_but_unsupported() {
|
|||
|
||||
#[test]
|
||||
fn client_auth_by_server_accepted() {
|
||||
let mut server = TlsServer::new(9050);
|
||||
server.client_auth_roots("test-ca/rsa/client.chain")
|
||||
let test_ca = common::new_test_ca();
|
||||
|
||||
let mut server = TlsServer::new(test_ca.path(), 9050);
|
||||
server.client_auth_roots(&test_ca.path().join("rsa").join("client.chain"))
|
||||
.http_mode()
|
||||
.run();
|
||||
|
||||
|
@ -161,9 +181,9 @@ fn client_auth_by_server_accepted() {
|
|||
// And with
|
||||
server.client()
|
||||
.arg("-key")
|
||||
.arg("test-ca/rsa/client.key")
|
||||
.arg(test_ca.path().join("rsa").join("client.key").to_str().unwrap())
|
||||
.arg("-cert")
|
||||
.arg("test-ca/rsa/client.fullchain")
|
||||
.arg(test_ca.path().join("rsa").join("client.fullchain").to_str().unwrap())
|
||||
.expect("Acceptable client certificate CA names")
|
||||
.go();
|
||||
|
||||
|
@ -172,8 +192,10 @@ fn client_auth_by_server_accepted() {
|
|||
|
||||
#[test]
|
||||
fn client_auth_by_server_required() {
|
||||
let mut server = TlsServer::new(9060);
|
||||
server.client_auth_roots("test-ca/rsa/client.chain")
|
||||
let test_ca = common::new_test_ca();
|
||||
|
||||
let mut server = TlsServer::new(test_ca.path(), 9060);
|
||||
server.client_auth_roots(&test_ca.path().join("rsa").join("client.chain"))
|
||||
.client_auth_required()
|
||||
.http_mode()
|
||||
.run();
|
||||
|
@ -187,9 +209,9 @@ fn client_auth_by_server_required() {
|
|||
// ... but does with.
|
||||
server.client()
|
||||
.arg("-key")
|
||||
.arg("test-ca/rsa/client.key")
|
||||
.arg(test_ca.path().join("rsa").join("client.key").to_str().unwrap())
|
||||
.arg("-cert")
|
||||
.arg("test-ca/rsa/client.fullchain")
|
||||
.arg(test_ca.path().join("rsa").join("client.fullchain").to_str().unwrap())
|
||||
.expect("Acceptable client certificate CA names")
|
||||
.go();
|
||||
|
||||
|
@ -198,7 +220,9 @@ fn client_auth_by_server_required() {
|
|||
|
||||
#[test]
|
||||
fn client_resumes() {
|
||||
let mut server = OpenSSLServer::new_rsa(9070);
|
||||
let test_ca = common::new_test_ca();
|
||||
|
||||
let mut server = OpenSSLServer::new_rsa(test_ca.path(), 9070);
|
||||
server.arg("-tls1_2");
|
||||
server.run();
|
||||
|
||||
|
@ -234,7 +258,9 @@ fn client_resumes() {
|
|||
|
||||
#[test]
|
||||
fn server_resumes() {
|
||||
let mut server = TlsServer::new(9080);
|
||||
let test_ca = common::new_test_ca();
|
||||
|
||||
let mut server = TlsServer::new(test_ca.path(), 9080);
|
||||
server.resumes()
|
||||
.http_mode()
|
||||
.run();
|
||||
|
@ -277,7 +303,9 @@ fn server_resumes() {
|
|||
|
||||
#[test]
|
||||
fn server_resumes_with_tickets() {
|
||||
let mut server = TlsServer::new(9090);
|
||||
let test_ca = common::new_test_ca();
|
||||
|
||||
let mut server = TlsServer::new(test_ca.path(), 9090);
|
||||
server.tickets()
|
||||
.http_mode()
|
||||
.run();
|
||||
|
@ -305,7 +333,9 @@ fn server_resumes_with_tickets() {
|
|||
|
||||
#[test]
|
||||
fn recv_low_mtu() {
|
||||
let mut server = OpenSSLServer::new_rsa(9100);
|
||||
let test_ca = common::new_test_ca();
|
||||
|
||||
let mut server = OpenSSLServer::new_rsa(test_ca.path(), 9100);
|
||||
server.arg("-mtu").arg("32");
|
||||
server.run();
|
||||
|
||||
|
@ -316,7 +346,9 @@ fn recv_low_mtu() {
|
|||
|
||||
#[test]
|
||||
fn send_low_mtu() {
|
||||
let mut server = OpenSSLServer::new_rsa(9110);
|
||||
let test_ca = common::new_test_ca();
|
||||
|
||||
let mut server = OpenSSLServer::new_rsa(test_ca.path(), 9110);
|
||||
server.run();
|
||||
|
||||
server.client()
|
||||
|
@ -327,7 +359,9 @@ fn send_low_mtu() {
|
|||
|
||||
#[test]
|
||||
fn send_sni() {
|
||||
let mut server = OpenSSLServer::new_rsa(9115);
|
||||
let test_ca = common::new_test_ca();
|
||||
|
||||
let mut server = OpenSSLServer::new_rsa(test_ca.path(), 9115);
|
||||
server
|
||||
.arg("-servername_fatal")
|
||||
.arg("-servername")
|
||||
|
@ -342,7 +376,9 @@ fn send_sni() {
|
|||
|
||||
#[test]
|
||||
fn do_not_send_sni() {
|
||||
let mut server = OpenSSLServer::new_rsa(9116);
|
||||
let test_ca = common::new_test_ca();
|
||||
|
||||
let mut server = OpenSSLServer::new_rsa(test_ca.path(), 9116);
|
||||
server
|
||||
.arg("-servername_fatal")
|
||||
.arg("-servername")
|
||||
|
|
|
@ -7,7 +7,9 @@ use crate::common::TlsServer;
|
|||
|
||||
#[test]
|
||||
fn ecdhe_rsa_aes_128_gcm_sha256() {
|
||||
let mut server = TlsServer::new(7000);
|
||||
let test_ca = common::new_test_ca();
|
||||
|
||||
let mut server = TlsServer::new(test_ca.path(), 7000);
|
||||
|
||||
server.echo_mode()
|
||||
.suite("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256")
|
||||
|
@ -22,7 +24,9 @@ fn ecdhe_rsa_aes_128_gcm_sha256() {
|
|||
|
||||
#[test]
|
||||
fn ecdhe_rsa_aes_256_gcm_sha384() {
|
||||
let mut server = TlsServer::new(7010);
|
||||
let test_ca = common::new_test_ca();
|
||||
|
||||
let mut server = TlsServer::new(test_ca.path(), 7010);
|
||||
|
||||
server.echo_mode()
|
||||
.suite("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384")
|
||||
|
@ -37,7 +41,9 @@ fn ecdhe_rsa_aes_256_gcm_sha384() {
|
|||
|
||||
#[test]
|
||||
fn ecdhe_ecdsa_aes_128_gcm_sha256() {
|
||||
let mut server = TlsServer::new_keytype(7020, "ecdsa");
|
||||
let test_ca = common::new_test_ca();
|
||||
|
||||
let mut server = TlsServer::new_keytype(test_ca.path(), 7020, "ecdsa");
|
||||
|
||||
server.echo_mode()
|
||||
.suite("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256")
|
||||
|
@ -52,7 +58,9 @@ fn ecdhe_ecdsa_aes_128_gcm_sha256() {
|
|||
|
||||
#[test]
|
||||
fn ecdhe_ecdsa_aes_256_gcm_sha384() {
|
||||
let mut server = TlsServer::new_keytype(7030, "ecdsa");
|
||||
let test_ca = common::new_test_ca();
|
||||
|
||||
let mut server = TlsServer::new_keytype(test_ca.path(), 7030, "ecdsa");
|
||||
|
||||
server.echo_mode()
|
||||
.suite("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384")
|
||||
|
|
Loading…
Reference in New Issue