1 #![allow(unused_imports)]
2
3 use hex;
4 use std::env;
5 use std::fs::File;
6 use std::io::prelude::*;
7 use std::io::{self, BufReader};
8 use std::iter;
9 use std::mem;
10 use std::net::UdpSocket;
11 use std::net::{SocketAddr, TcpListener, TcpStream};
12 use std::path::Path;
13 use std::process::{Child, ChildStdin, Command, Stdio};
14 use std::sync::atomic::{AtomicBool, Ordering};
15 use std::thread;
16 use std::time::Duration;
17 use tempdir::TempDir;
18
19 use dh::Dh;
20 use error::ErrorStack;
21 use hash::MessageDigest;
22 use ocsp::{OcspResponse, OcspResponseStatus};
23 use pkey::PKey;
24 use srtp::SrtpProfileId;
25 use ssl;
26 use ssl::test::server::Server;
27 #[cfg(any(ossl110, ossl111, libressl261))]
28 use ssl::SslVersion;
29 #[cfg(ossl111)]
30 use ssl::{ClientHelloResponse, ExtensionContext};
31 use ssl::{
32 Error, HandshakeError, MidHandshakeSslStream, ShutdownResult, ShutdownState, Ssl, SslAcceptor,
33 SslAcceptorBuilder, SslConnector, SslContext, SslContextBuilder, SslFiletype, SslMethod,
34 SslOptions, SslSessionCacheMode, SslStream, SslStreamBuilder, SslVerifyMode, StatusType,
35 };
36 #[cfg(ossl102)]
37 use x509::store::X509StoreBuilder;
38 #[cfg(ossl102)]
39 use x509::verify::X509CheckFlags;
40 use x509::{X509Name, X509StoreContext, X509VerifyResult, X509};
41
42 mod server;
43
44 static ROOT_CERT: &[u8] = include_bytes!("../../../test/root-ca.pem");
45 static CERT: &[u8] = include_bytes!("../../../test/cert.pem");
46 static KEY: &[u8] = include_bytes!("../../../test/key.pem");
47
48 #[test]
verify_untrusted()49 fn verify_untrusted() {
50 let mut server = Server::builder();
51 server.should_error();
52 let server = server.build();
53
54 let mut client = server.client();
55 client.ctx().set_verify(SslVerifyMode::PEER);
56
57 client.connect_err();
58 }
59
60 #[test]
verify_trusted()61 fn verify_trusted() {
62 let server = Server::builder().build();
63
64 let mut client = server.client();
65 client.ctx().set_ca_file("test/root-ca.pem").unwrap();
66
67 client.connect();
68 }
69
70 #[test]
71 #[cfg(ossl102)]
verify_trusted_with_set_cert()72 fn verify_trusted_with_set_cert() {
73 let server = Server::builder().build();
74
75 let mut store = X509StoreBuilder::new().unwrap();
76 let x509 = X509::from_pem(ROOT_CERT).unwrap();
77 store.add_cert(x509).unwrap();
78
79 let mut client = server.client();
80 client.ctx().set_verify(SslVerifyMode::PEER);
81 client.ctx().set_verify_cert_store(store.build()).unwrap();
82
83 client.connect();
84 }
85
86 #[test]
verify_untrusted_callback_override_ok()87 fn verify_untrusted_callback_override_ok() {
88 let server = Server::builder().build();
89
90 let mut client = server.client();
91 client
92 .ctx()
93 .set_verify_callback(SslVerifyMode::PEER, |_, x509| {
94 assert!(x509.current_cert().is_some());
95 true
96 });
97
98 client.connect();
99 }
100
101 #[test]
verify_untrusted_callback_override_bad()102 fn verify_untrusted_callback_override_bad() {
103 let mut server = Server::builder();
104 server.should_error();
105 let server = server.build();
106
107 let mut client = server.client();
108 client
109 .ctx()
110 .set_verify_callback(SslVerifyMode::PEER, |_, _| false);
111
112 client.connect_err();
113 }
114
115 #[test]
verify_trusted_callback_override_ok()116 fn verify_trusted_callback_override_ok() {
117 let server = Server::builder().build();
118
119 let mut client = server.client();
120 client.ctx().set_ca_file("test/root-ca.pem").unwrap();
121 client
122 .ctx()
123 .set_verify_callback(SslVerifyMode::PEER, |_, x509| {
124 assert!(x509.current_cert().is_some());
125 true
126 });
127
128 client.connect();
129 }
130
131 #[test]
verify_trusted_callback_override_bad()132 fn verify_trusted_callback_override_bad() {
133 let mut server = Server::builder();
134 server.should_error();
135 let server = server.build();
136
137 let mut client = server.client();
138 client.ctx().set_ca_file("test/root-ca.pem").unwrap();
139 client
140 .ctx()
141 .set_verify_callback(SslVerifyMode::PEER, |_, _| false);
142
143 client.connect_err();
144 }
145
146 #[test]
verify_callback_load_certs()147 fn verify_callback_load_certs() {
148 let server = Server::builder().build();
149
150 let mut client = server.client();
151 client
152 .ctx()
153 .set_verify_callback(SslVerifyMode::PEER, |_, x509| {
154 assert!(x509.current_cert().is_some());
155 true
156 });
157
158 client.connect();
159 }
160
161 #[test]
verify_trusted_get_error_ok()162 fn verify_trusted_get_error_ok() {
163 let server = Server::builder().build();
164
165 let mut client = server.client();
166 client.ctx().set_ca_file("test/root-ca.pem").unwrap();
167 client
168 .ctx()
169 .set_verify_callback(SslVerifyMode::PEER, |_, x509| {
170 assert_eq!(x509.error(), X509VerifyResult::OK);
171 true
172 });
173
174 client.connect();
175 }
176
177 #[test]
verify_trusted_get_error_err()178 fn verify_trusted_get_error_err() {
179 let mut server = Server::builder();
180 server.should_error();
181 let server = server.build();
182
183 let mut client = server.client();
184 client
185 .ctx()
186 .set_verify_callback(SslVerifyMode::PEER, |_, x509| {
187 assert_ne!(x509.error(), X509VerifyResult::OK);
188 false
189 });
190
191 client.connect_err();
192 }
193
194 #[test]
verify_callback()195 fn verify_callback() {
196 static CALLED_BACK: AtomicBool = AtomicBool::new(false);
197
198 let server = Server::builder().build();
199
200 let mut client = server.client();
201 let expected = "59172d9313e84459bcff27f967e79e6e9217e584";
202 client
203 .ctx()
204 .set_verify_callback(SslVerifyMode::PEER, move |_, x509| {
205 CALLED_BACK.store(true, Ordering::SeqCst);
206 let cert = x509.current_cert().unwrap();
207 let digest = cert.digest(MessageDigest::sha1()).unwrap();
208 assert_eq!(hex::encode(&digest), expected);
209 true
210 });
211
212 client.connect();
213 assert!(CALLED_BACK.load(Ordering::SeqCst));
214 }
215
216 #[test]
ssl_verify_callback()217 fn ssl_verify_callback() {
218 static CALLED_BACK: AtomicBool = AtomicBool::new(false);
219
220 let server = Server::builder().build();
221
222 let mut client = server.client().build().builder();
223 let expected = "59172d9313e84459bcff27f967e79e6e9217e584";
224 client
225 .ssl()
226 .set_verify_callback(SslVerifyMode::PEER, move |_, x509| {
227 CALLED_BACK.store(true, Ordering::SeqCst);
228 let cert = x509.current_cert().unwrap();
229 let digest = cert.digest(MessageDigest::sha1()).unwrap();
230 assert_eq!(hex::encode(&digest), expected);
231 true
232 });
233
234 client.connect();
235 assert!(CALLED_BACK.load(Ordering::SeqCst));
236 }
237
238 #[test]
get_ctx_options()239 fn get_ctx_options() {
240 let ctx = SslContext::builder(SslMethod::tls()).unwrap();
241 ctx.options();
242 }
243
244 #[test]
set_ctx_options()245 fn set_ctx_options() {
246 let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
247 let opts = ctx.set_options(SslOptions::NO_TICKET);
248 assert!(opts.contains(SslOptions::NO_TICKET));
249 }
250
251 #[test]
clear_ctx_options()252 fn clear_ctx_options() {
253 let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
254 ctx.set_options(SslOptions::ALL);
255 let opts = ctx.clear_options(SslOptions::ALL);
256 assert!(!opts.contains(SslOptions::ALL));
257 }
258
259 #[test]
zero_length_buffers()260 fn zero_length_buffers() {
261 let server = Server::builder().build();
262
263 let mut s = server.client().connect();
264 assert_eq!(s.write(&[]).unwrap(), 0);
265 assert_eq!(s.read(&mut []).unwrap(), 0);
266 }
267
268 #[test]
peer_certificate()269 fn peer_certificate() {
270 let server = Server::builder().build();
271
272 let s = server.client().connect();
273 let cert = s.ssl().peer_certificate().unwrap();
274 let fingerprint = cert.digest(MessageDigest::sha1()).unwrap();
275 assert_eq!(
276 hex::encode(fingerprint),
277 "59172d9313e84459bcff27f967e79e6e9217e584"
278 );
279 }
280
281 #[test]
pending()282 fn pending() {
283 let mut server = Server::builder();
284 server.io_cb(|mut s| s.write_all(&[0; 10]).unwrap());
285 let server = server.build();
286
287 let mut s = server.client().connect();
288 s.read_exact(&mut [0]).unwrap();
289
290 assert_eq!(s.ssl().pending(), 9);
291 assert_eq!(s.read(&mut [0; 10]).unwrap(), 9);
292 }
293
294 #[test]
state()295 fn state() {
296 let server = Server::builder().build();
297
298 let s = server.client().connect();
299 assert_eq!(s.ssl().state_string(), "SSLOK ");
300 assert_eq!(
301 s.ssl().state_string_long(),
302 "SSL negotiation finished successfully"
303 );
304 }
305
306 /// Tests that when both the client as well as the server use SRTP and their
307 /// lists of supported protocols have an overlap -- with only ONE protocol
308 /// being valid for both.
309 #[test]
310 #[cfg_attr(libressl291, ignore)]
test_connect_with_srtp_ctx()311 fn test_connect_with_srtp_ctx() {
312 let listener = TcpListener::bind("127.0.0.1:0").unwrap();
313 let addr = listener.local_addr().unwrap();
314
315 let guard = thread::spawn(move || {
316 let stream = listener.accept().unwrap().0;
317 let mut ctx = SslContext::builder(SslMethod::dtls()).unwrap();
318 ctx.set_tlsext_use_srtp("SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32")
319 .unwrap();
320 ctx.set_certificate_file(&Path::new("test/cert.pem"), SslFiletype::PEM)
321 .unwrap();
322 ctx.set_private_key_file(&Path::new("test/key.pem"), SslFiletype::PEM)
323 .unwrap();
324 let mut ssl = Ssl::new(&ctx.build()).unwrap();
325 ssl.set_mtu(1500).unwrap();
326 let mut stream = ssl.accept(stream).unwrap();
327
328 let mut buf = [0; 60];
329 stream
330 .ssl()
331 .export_keying_material(&mut buf, "EXTRACTOR-dtls_srtp", None)
332 .unwrap();
333
334 stream.write_all(&[0]).unwrap();
335
336 buf
337 });
338
339 let stream = TcpStream::connect(addr).unwrap();
340 let mut ctx = SslContext::builder(SslMethod::dtls()).unwrap();
341 ctx.set_tlsext_use_srtp("SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32")
342 .unwrap();
343 let mut ssl = Ssl::new(&ctx.build()).unwrap();
344 ssl.set_mtu(1500).unwrap();
345 let mut stream = ssl.connect(stream).unwrap();
346
347 let mut buf = [1; 60];
348 {
349 let srtp_profile = stream.ssl().selected_srtp_profile().unwrap();
350 assert_eq!("SRTP_AES128_CM_SHA1_80", srtp_profile.name());
351 assert_eq!(SrtpProfileId::SRTP_AES128_CM_SHA1_80, srtp_profile.id());
352 }
353 stream
354 .ssl()
355 .export_keying_material(&mut buf, "EXTRACTOR-dtls_srtp", None)
356 .expect("extract");
357
358 stream.read_exact(&mut [0]).unwrap();
359
360 let buf2 = guard.join().unwrap();
361
362 assert_eq!(buf[..], buf2[..]);
363 }
364
365 /// Tests that when both the client as well as the server use SRTP and their
366 /// lists of supported protocols have an overlap -- with only ONE protocol
367 /// being valid for both.
368 #[test]
369 #[cfg_attr(libressl291, ignore)]
test_connect_with_srtp_ssl()370 fn test_connect_with_srtp_ssl() {
371 let listener = TcpListener::bind("127.0.0.1:0").unwrap();
372 let addr = listener.local_addr().unwrap();
373
374 let guard = thread::spawn(move || {
375 let stream = listener.accept().unwrap().0;
376 let mut ctx = SslContext::builder(SslMethod::dtls()).unwrap();
377 ctx.set_certificate_file(&Path::new("test/cert.pem"), SslFiletype::PEM)
378 .unwrap();
379 ctx.set_private_key_file(&Path::new("test/key.pem"), SslFiletype::PEM)
380 .unwrap();
381 let mut ssl = Ssl::new(&ctx.build()).unwrap();
382 ssl.set_tlsext_use_srtp("SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32")
383 .unwrap();
384 let mut profilenames = String::new();
385 for profile in ssl.srtp_profiles().unwrap() {
386 if !profilenames.is_empty() {
387 profilenames.push(':');
388 }
389 profilenames += profile.name();
390 }
391 assert_eq!(
392 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
393 profilenames
394 );
395 ssl.set_mtu(1500).unwrap();
396 let mut stream = ssl.accept(stream).unwrap();
397
398 let mut buf = [0; 60];
399 stream
400 .ssl()
401 .export_keying_material(&mut buf, "EXTRACTOR-dtls_srtp", None)
402 .unwrap();
403
404 stream.write_all(&[0]).unwrap();
405
406 buf
407 });
408
409 let stream = TcpStream::connect(addr).unwrap();
410 let ctx = SslContext::builder(SslMethod::dtls()).unwrap();
411 let mut ssl = Ssl::new(&ctx.build()).unwrap();
412 ssl.set_tlsext_use_srtp("SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32")
413 .unwrap();
414 ssl.set_mtu(1500).unwrap();
415 let mut stream = ssl.connect(stream).unwrap();
416
417 let mut buf = [1; 60];
418 {
419 let srtp_profile = stream.ssl().selected_srtp_profile().unwrap();
420 assert_eq!("SRTP_AES128_CM_SHA1_80", srtp_profile.name());
421 assert_eq!(SrtpProfileId::SRTP_AES128_CM_SHA1_80, srtp_profile.id());
422 }
423 stream
424 .ssl()
425 .export_keying_material(&mut buf, "EXTRACTOR-dtls_srtp", None)
426 .expect("extract");
427
428 stream.read_exact(&mut [0]).unwrap();
429
430 let buf2 = guard.join().unwrap();
431
432 assert_eq!(buf[..], buf2[..]);
433 }
434
435 /// Tests that when the `SslStream` is created as a server stream, the protocols
436 /// are correctly advertised to the client.
437 #[test]
438 #[cfg(any(ossl102, libressl261))]
test_alpn_server_advertise_multiple()439 fn test_alpn_server_advertise_multiple() {
440 let mut server = Server::builder();
441 server.ctx().set_alpn_select_callback(|_, client| {
442 ssl::select_next_proto(b"\x08http/1.1\x08spdy/3.1", client).ok_or(ssl::AlpnError::NOACK)
443 });
444 let server = server.build();
445
446 let mut client = server.client();
447 client.ctx().set_alpn_protos(b"\x08spdy/3.1").unwrap();
448 let s = client.connect();
449 assert_eq!(s.ssl().selected_alpn_protocol(), Some(&b"spdy/3.1"[..]));
450 }
451
452 #[test]
453 #[cfg(any(ossl110))]
test_alpn_server_select_none_fatal()454 fn test_alpn_server_select_none_fatal() {
455 let mut server = Server::builder();
456 server.ctx().set_alpn_select_callback(|_, client| {
457 ssl::select_next_proto(b"\x08http/1.1\x08spdy/3.1", client)
458 .ok_or(ssl::AlpnError::ALERT_FATAL)
459 });
460 server.should_error();
461 let server = server.build();
462
463 let mut client = server.client();
464 client.ctx().set_alpn_protos(b"\x06http/2").unwrap();
465 client.connect_err();
466 }
467
468 #[test]
469 #[cfg(any(ossl102, libressl261))]
test_alpn_server_select_none()470 fn test_alpn_server_select_none() {
471 let mut server = Server::builder();
472 server.ctx().set_alpn_select_callback(|_, client| {
473 ssl::select_next_proto(b"\x08http/1.1\x08spdy/3.1", client).ok_or(ssl::AlpnError::NOACK)
474 });
475 let server = server.build();
476
477 let mut client = server.client();
478 client.ctx().set_alpn_protos(b"\x06http/2").unwrap();
479 let s = client.connect();
480 assert_eq!(None, s.ssl().selected_alpn_protocol());
481 }
482
483 #[test]
484 #[cfg(any(ossl102, libressl261))]
test_alpn_server_unilateral()485 fn test_alpn_server_unilateral() {
486 let server = Server::builder().build();
487
488 let mut client = server.client();
489 client.ctx().set_alpn_protos(b"\x06http/2").unwrap();
490 let s = client.connect();
491 assert_eq!(None, s.ssl().selected_alpn_protocol());
492 }
493
494 #[test]
495 #[should_panic(expected = "blammo")]
write_panic()496 fn write_panic() {
497 struct ExplodingStream(TcpStream);
498
499 impl Read for ExplodingStream {
500 fn read(&mut self, buf: &mut [u8]) -> io::Result<usize> {
501 self.0.read(buf)
502 }
503 }
504
505 impl Write for ExplodingStream {
506 fn write(&mut self, _: &[u8]) -> io::Result<usize> {
507 panic!("blammo");
508 }
509
510 fn flush(&mut self) -> io::Result<()> {
511 self.0.flush()
512 }
513 }
514
515 let mut server = Server::builder();
516 server.should_error();
517 let server = server.build();
518
519 let stream = ExplodingStream(server.connect_tcp());
520
521 let ctx = SslContext::builder(SslMethod::tls()).unwrap();
522 let _ = Ssl::new(&ctx.build()).unwrap().connect(stream);
523 }
524
525 #[test]
526 #[should_panic(expected = "blammo")]
read_panic()527 fn read_panic() {
528 struct ExplodingStream(TcpStream);
529
530 impl Read for ExplodingStream {
531 fn read(&mut self, _: &mut [u8]) -> io::Result<usize> {
532 panic!("blammo");
533 }
534 }
535
536 impl Write for ExplodingStream {
537 fn write(&mut self, buf: &[u8]) -> io::Result<usize> {
538 self.0.write(buf)
539 }
540
541 fn flush(&mut self) -> io::Result<()> {
542 self.0.flush()
543 }
544 }
545
546 let mut server = Server::builder();
547 server.should_error();
548 let server = server.build();
549
550 let stream = ExplodingStream(server.connect_tcp());
551
552 let ctx = SslContext::builder(SslMethod::tls()).unwrap();
553 let _ = Ssl::new(&ctx.build()).unwrap().connect(stream);
554 }
555
556 #[test]
557 #[should_panic(expected = "blammo")]
flush_panic()558 fn flush_panic() {
559 struct ExplodingStream(TcpStream);
560
561 impl Read for ExplodingStream {
562 fn read(&mut self, buf: &mut [u8]) -> io::Result<usize> {
563 self.0.read(buf)
564 }
565 }
566
567 impl Write for ExplodingStream {
568 fn write(&mut self, buf: &[u8]) -> io::Result<usize> {
569 self.0.write(buf)
570 }
571
572 fn flush(&mut self) -> io::Result<()> {
573 panic!("blammo");
574 }
575 }
576
577 let mut server = Server::builder();
578 server.should_error();
579 let server = server.build();
580
581 let stream = ExplodingStream(server.connect_tcp());
582
583 let ctx = SslContext::builder(SslMethod::tls()).unwrap();
584 let _ = Ssl::new(&ctx.build()).unwrap().connect(stream);
585 }
586
587 #[test]
refcount_ssl_context()588 fn refcount_ssl_context() {
589 let mut ssl = {
590 let ctx = SslContext::builder(SslMethod::tls()).unwrap();
591 ssl::Ssl::new(&ctx.build()).unwrap()
592 };
593
594 {
595 let new_ctx_a = SslContext::builder(SslMethod::tls()).unwrap().build();
596 let _new_ctx_b = ssl.set_ssl_context(&new_ctx_a);
597 }
598 }
599
600 #[test]
601 #[cfg_attr(libressl250, ignore)]
602 #[cfg_attr(target_os = "windows", ignore)]
603 #[cfg_attr(all(target_os = "macos", feature = "vendored"), ignore)]
default_verify_paths()604 fn default_verify_paths() {
605 let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
606 ctx.set_default_verify_paths().unwrap();
607 ctx.set_verify(SslVerifyMode::PEER);
608 let ctx = ctx.build();
609 let s = match TcpStream::connect("google.com:443") {
610 Ok(s) => s,
611 Err(_) => return,
612 };
613 let mut ssl = Ssl::new(&ctx).unwrap();
614 ssl.set_hostname("google.com").unwrap();
615 let mut socket = ssl.connect(s).unwrap();
616
617 socket.write_all(b"GET / HTTP/1.0\r\n\r\n").unwrap();
618 let mut result = vec![];
619 socket.read_to_end(&mut result).unwrap();
620
621 println!("{}", String::from_utf8_lossy(&result));
622 assert!(result.starts_with(b"HTTP/1.0"));
623 assert!(result.ends_with(b"</HTML>\r\n") || result.ends_with(b"</html>"));
624 }
625
626 #[test]
add_extra_chain_cert()627 fn add_extra_chain_cert() {
628 let cert = X509::from_pem(CERT).unwrap();
629 let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
630 ctx.add_extra_chain_cert(cert).unwrap();
631 }
632
633 #[test]
634 #[cfg(ossl102)]
verify_valid_hostname()635 fn verify_valid_hostname() {
636 let server = Server::builder().build();
637
638 let mut client = server.client();
639 client.ctx().set_ca_file("test/root-ca.pem").unwrap();
640 client.ctx().set_verify(SslVerifyMode::PEER);
641
642 let mut client = client.build().builder();
643 client
644 .ssl()
645 .param_mut()
646 .set_hostflags(X509CheckFlags::NO_PARTIAL_WILDCARDS);
647 client.ssl().param_mut().set_host("foobar.com").unwrap();
648 client.connect();
649 }
650
651 #[test]
652 #[cfg(ossl102)]
verify_invalid_hostname()653 fn verify_invalid_hostname() {
654 let mut server = Server::builder();
655 server.should_error();
656 let server = server.build();
657
658 let mut client = server.client();
659 client.ctx().set_ca_file("test/root-ca.pem").unwrap();
660 client.ctx().set_verify(SslVerifyMode::PEER);
661
662 let mut client = client.build().builder();
663 client
664 .ssl()
665 .param_mut()
666 .set_hostflags(X509CheckFlags::NO_PARTIAL_WILDCARDS);
667 client.ssl().param_mut().set_host("bogus.com").unwrap();
668 client.connect_err();
669 }
670
671 #[test]
connector_valid_hostname()672 fn connector_valid_hostname() {
673 let server = Server::builder().build();
674
675 let mut connector = SslConnector::builder(SslMethod::tls()).unwrap();
676 connector.set_ca_file("test/root-ca.pem").unwrap();
677
678 let s = server.connect_tcp();
679 let mut s = connector.build().connect("foobar.com", s).unwrap();
680 s.read_exact(&mut [0]).unwrap();
681 }
682
683 #[test]
connector_invalid_hostname()684 fn connector_invalid_hostname() {
685 let mut server = Server::builder();
686 server.should_error();
687 let server = server.build();
688
689 let mut connector = SslConnector::builder(SslMethod::tls()).unwrap();
690 connector.set_ca_file("test/root-ca.pem").unwrap();
691
692 let s = server.connect_tcp();
693 connector.build().connect("bogus.com", s).unwrap_err();
694 }
695
696 #[test]
connector_invalid_no_hostname_verification()697 fn connector_invalid_no_hostname_verification() {
698 let server = Server::builder().build();
699
700 let mut connector = SslConnector::builder(SslMethod::tls()).unwrap();
701 connector.set_ca_file("test/root-ca.pem").unwrap();
702
703 let s = server.connect_tcp();
704 let mut s = connector
705 .build()
706 .configure()
707 .unwrap()
708 .verify_hostname(false)
709 .connect("bogus.com", s)
710 .unwrap();
711 s.read_exact(&mut [0]).unwrap();
712 }
713
714 #[test]
connector_no_hostname_still_verifies()715 fn connector_no_hostname_still_verifies() {
716 let mut server = Server::builder();
717 server.should_error();
718 let server = server.build();
719
720 let connector = SslConnector::builder(SslMethod::tls()).unwrap().build();
721
722 let s = server.connect_tcp();
723 assert!(connector
724 .configure()
725 .unwrap()
726 .verify_hostname(false)
727 .connect("fizzbuzz.com", s)
728 .is_err());
729 }
730
731 #[test]
connector_no_hostname_can_disable_verify()732 fn connector_no_hostname_can_disable_verify() {
733 let server = Server::builder().build();
734
735 let mut connector = SslConnector::builder(SslMethod::tls()).unwrap();
736 connector.set_verify(SslVerifyMode::NONE);
737 let connector = connector.build();
738
739 let s = server.connect_tcp();
740 let mut s = connector
741 .configure()
742 .unwrap()
743 .verify_hostname(false)
744 .connect("foobar.com", s)
745 .unwrap();
746 s.read_exact(&mut [0]).unwrap();
747 }
748
test_mozilla_server(new: fn(SslMethod) -> Result<SslAcceptorBuilder, ErrorStack>)749 fn test_mozilla_server(new: fn(SslMethod) -> Result<SslAcceptorBuilder, ErrorStack>) {
750 let listener = TcpListener::bind("127.0.0.1:0").unwrap();
751 let port = listener.local_addr().unwrap().port();
752
753 let t = thread::spawn(move || {
754 let key = PKey::private_key_from_pem(KEY).unwrap();
755 let cert = X509::from_pem(CERT).unwrap();
756 let mut acceptor = new(SslMethod::tls()).unwrap();
757 acceptor.set_private_key(&key).unwrap();
758 acceptor.set_certificate(&cert).unwrap();
759 let acceptor = acceptor.build();
760 let stream = listener.accept().unwrap().0;
761 let mut stream = acceptor.accept(stream).unwrap();
762
763 stream.write_all(b"hello").unwrap();
764 });
765
766 let mut connector = SslConnector::builder(SslMethod::tls()).unwrap();
767 connector.set_ca_file("test/root-ca.pem").unwrap();
768 let connector = connector.build();
769
770 let stream = TcpStream::connect(("127.0.0.1", port)).unwrap();
771 let mut stream = connector.connect("foobar.com", stream).unwrap();
772
773 let mut buf = [0; 5];
774 stream.read_exact(&mut buf).unwrap();
775 assert_eq!(b"hello", &buf);
776
777 t.join().unwrap();
778 }
779
780 #[test]
connector_client_server_mozilla_intermediate()781 fn connector_client_server_mozilla_intermediate() {
782 test_mozilla_server(SslAcceptor::mozilla_intermediate);
783 }
784
785 #[test]
connector_client_server_mozilla_modern()786 fn connector_client_server_mozilla_modern() {
787 test_mozilla_server(SslAcceptor::mozilla_modern);
788 }
789
790 #[test]
connector_client_server_mozilla_intermediate_v5()791 fn connector_client_server_mozilla_intermediate_v5() {
792 test_mozilla_server(SslAcceptor::mozilla_intermediate_v5);
793 }
794
795 #[test]
796 #[cfg(ossl111)]
connector_client_server_mozilla_modern_v5()797 fn connector_client_server_mozilla_modern_v5() {
798 test_mozilla_server(SslAcceptor::mozilla_modern_v5);
799 }
800
801 #[test]
shutdown()802 fn shutdown() {
803 let mut server = Server::builder();
804 server.io_cb(|mut s| {
805 assert_eq!(s.read(&mut [0]).unwrap(), 0);
806 assert_eq!(s.shutdown().unwrap(), ShutdownResult::Received);
807 });
808 let server = server.build();
809
810 let mut s = server.client().connect();
811
812 assert_eq!(s.get_shutdown(), ShutdownState::empty());
813 assert_eq!(s.shutdown().unwrap(), ShutdownResult::Sent);
814 assert_eq!(s.get_shutdown(), ShutdownState::SENT);
815 assert_eq!(s.shutdown().unwrap(), ShutdownResult::Received);
816 assert_eq!(
817 s.get_shutdown(),
818 ShutdownState::SENT | ShutdownState::RECEIVED
819 );
820 }
821
822 #[test]
client_ca_list()823 fn client_ca_list() {
824 let names = X509Name::load_client_ca_file("test/root-ca.pem").unwrap();
825 assert_eq!(names.len(), 1);
826
827 let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
828 ctx.set_client_ca_list(names);
829 }
830
831 #[test]
cert_store()832 fn cert_store() {
833 let server = Server::builder().build();
834
835 let mut client = server.client();
836 let cert = X509::from_pem(ROOT_CERT).unwrap();
837 client.ctx().cert_store_mut().add_cert(cert).unwrap();
838 client.ctx().set_verify(SslVerifyMode::PEER);
839
840 client.connect();
841 }
842
843 #[test]
tmp_dh_callback()844 fn tmp_dh_callback() {
845 static CALLED_BACK: AtomicBool = AtomicBool::new(false);
846
847 let mut server = Server::builder();
848 server.ctx().set_tmp_dh_callback(|_, _, _| {
849 CALLED_BACK.store(true, Ordering::SeqCst);
850 let dh = include_bytes!("../../../test/dhparams.pem");
851 Dh::params_from_pem(dh)
852 });
853
854 let server = server.build();
855
856 let mut client = server.client();
857 // TLS 1.3 has no DH suites, so make sure we don't pick that version
858 #[cfg(ossl111)]
859 client.ctx().set_options(super::SslOptions::NO_TLSV1_3);
860 client.ctx().set_cipher_list("EDH").unwrap();
861 client.connect();
862
863 assert!(CALLED_BACK.load(Ordering::SeqCst));
864 }
865
866 #[test]
867 #[cfg(all(ossl101, not(ossl110)))]
tmp_ecdh_callback()868 fn tmp_ecdh_callback() {
869 use ec::EcKey;
870 use nid::Nid;
871
872 static CALLED_BACK: AtomicBool = AtomicBool::new(false);
873
874 let mut server = Server::builder();
875 server.ctx().set_tmp_ecdh_callback(|_, _, _| {
876 CALLED_BACK.store(true, Ordering::SeqCst);
877 EcKey::from_curve_name(Nid::X9_62_PRIME256V1)
878 });
879
880 let server = server.build();
881
882 let mut client = server.client();
883 client.ctx().set_cipher_list("ECDH").unwrap();
884 client.connect();
885
886 assert!(CALLED_BACK.load(Ordering::SeqCst));
887 }
888
889 #[test]
tmp_dh_callback_ssl()890 fn tmp_dh_callback_ssl() {
891 static CALLED_BACK: AtomicBool = AtomicBool::new(false);
892
893 let mut server = Server::builder();
894 server.ssl_cb(|ssl| {
895 ssl.set_tmp_dh_callback(|_, _, _| {
896 CALLED_BACK.store(true, Ordering::SeqCst);
897 let dh = include_bytes!("../../../test/dhparams.pem");
898 Dh::params_from_pem(dh)
899 });
900 });
901
902 let server = server.build();
903
904 let mut client = server.client();
905 // TLS 1.3 has no DH suites, so make sure we don't pick that version
906 #[cfg(ossl111)]
907 client.ctx().set_options(super::SslOptions::NO_TLSV1_3);
908 client.ctx().set_cipher_list("EDH").unwrap();
909 client.connect();
910
911 assert!(CALLED_BACK.load(Ordering::SeqCst));
912 }
913
914 #[test]
915 #[cfg(all(ossl101, not(ossl110)))]
tmp_ecdh_callback_ssl()916 fn tmp_ecdh_callback_ssl() {
917 use ec::EcKey;
918 use nid::Nid;
919
920 static CALLED_BACK: AtomicBool = AtomicBool::new(false);
921
922 let mut server = Server::builder();
923 server.ssl_cb(|ssl| {
924 ssl.set_tmp_ecdh_callback(|_, _, _| {
925 CALLED_BACK.store(true, Ordering::SeqCst);
926 EcKey::from_curve_name(Nid::X9_62_PRIME256V1)
927 });
928 });
929
930 let server = server.build();
931
932 let mut client = server.client();
933 client.ctx().set_cipher_list("ECDH").unwrap();
934 client.connect();
935
936 assert!(CALLED_BACK.load(Ordering::SeqCst));
937 }
938
939 #[test]
idle_session()940 fn idle_session() {
941 let ctx = SslContext::builder(SslMethod::tls()).unwrap().build();
942 let ssl = Ssl::new(&ctx).unwrap();
943 assert!(ssl.session().is_none());
944 }
945
946 #[test]
active_session()947 fn active_session() {
948 let server = Server::builder().build();
949
950 let s = server.client().connect();
951
952 let session = s.ssl().session().unwrap();
953 let len = session.master_key_len();
954 let mut buf = vec![0; len - 1];
955 let copied = session.master_key(&mut buf);
956 assert_eq!(copied, buf.len());
957 let mut buf = vec![0; len + 1];
958 let copied = session.master_key(&mut buf);
959 assert_eq!(copied, len);
960 }
961
962 #[test]
status_callbacks()963 fn status_callbacks() {
964 static CALLED_BACK_SERVER: AtomicBool = AtomicBool::new(false);
965 static CALLED_BACK_CLIENT: AtomicBool = AtomicBool::new(false);
966
967 let mut server = Server::builder();
968 server
969 .ctx()
970 .set_status_callback(|ssl| {
971 CALLED_BACK_SERVER.store(true, Ordering::SeqCst);
972 let response = OcspResponse::create(OcspResponseStatus::UNAUTHORIZED, None).unwrap();
973 let response = response.to_der().unwrap();
974 ssl.set_ocsp_status(&response).unwrap();
975 Ok(true)
976 })
977 .unwrap();
978
979 let server = server.build();
980
981 let mut client = server.client();
982 client
983 .ctx()
984 .set_status_callback(|ssl| {
985 CALLED_BACK_CLIENT.store(true, Ordering::SeqCst);
986 let response = OcspResponse::from_der(ssl.ocsp_status().unwrap()).unwrap();
987 assert_eq!(response.status(), OcspResponseStatus::UNAUTHORIZED);
988 Ok(true)
989 })
990 .unwrap();
991
992 let mut client = client.build().builder();
993 client.ssl().set_status_type(StatusType::OCSP).unwrap();
994
995 client.connect();
996
997 assert!(CALLED_BACK_SERVER.load(Ordering::SeqCst));
998 assert!(CALLED_BACK_CLIENT.load(Ordering::SeqCst));
999 }
1000
1001 #[test]
new_session_callback()1002 fn new_session_callback() {
1003 static CALLED_BACK: AtomicBool = AtomicBool::new(false);
1004
1005 let mut server = Server::builder();
1006 server.ctx().set_session_id_context(b"foo").unwrap();
1007
1008 let server = server.build();
1009
1010 let mut client = server.client();
1011
1012 client
1013 .ctx()
1014 .set_session_cache_mode(SslSessionCacheMode::CLIENT | SslSessionCacheMode::NO_INTERNAL);
1015 client
1016 .ctx()
1017 .set_new_session_callback(|_, _| CALLED_BACK.store(true, Ordering::SeqCst));
1018
1019 client.connect();
1020
1021 assert!(CALLED_BACK.load(Ordering::SeqCst));
1022 }
1023
1024 #[test]
new_session_callback_swapped_ctx()1025 fn new_session_callback_swapped_ctx() {
1026 static CALLED_BACK: AtomicBool = AtomicBool::new(false);
1027
1028 let mut server = Server::builder();
1029 server.ctx().set_session_id_context(b"foo").unwrap();
1030
1031 let server = server.build();
1032
1033 let mut client = server.client();
1034
1035 client
1036 .ctx()
1037 .set_session_cache_mode(SslSessionCacheMode::CLIENT | SslSessionCacheMode::NO_INTERNAL);
1038 client
1039 .ctx()
1040 .set_new_session_callback(|_, _| CALLED_BACK.store(true, Ordering::SeqCst));
1041
1042 let mut client = client.build().builder();
1043
1044 let ctx = SslContextBuilder::new(SslMethod::tls()).unwrap().build();
1045 client.ssl().set_ssl_context(&ctx).unwrap();
1046
1047 client.connect();
1048
1049 assert!(CALLED_BACK.load(Ordering::SeqCst));
1050 }
1051
1052 #[test]
keying_export()1053 fn keying_export() {
1054 let listener = TcpListener::bind("127.0.0.1:0").unwrap();
1055 let addr = listener.local_addr().unwrap();
1056
1057 let label = "EXPERIMENTAL test";
1058 let context = b"my context";
1059
1060 let guard = thread::spawn(move || {
1061 let stream = listener.accept().unwrap().0;
1062 let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
1063 ctx.set_certificate_file(&Path::new("test/cert.pem"), SslFiletype::PEM)
1064 .unwrap();
1065 ctx.set_private_key_file(&Path::new("test/key.pem"), SslFiletype::PEM)
1066 .unwrap();
1067 let ssl = Ssl::new(&ctx.build()).unwrap();
1068 let mut stream = ssl.accept(stream).unwrap();
1069
1070 let mut buf = [0; 32];
1071 stream
1072 .ssl()
1073 .export_keying_material(&mut buf, label, Some(context))
1074 .unwrap();
1075
1076 stream.write_all(&[0]).unwrap();
1077
1078 buf
1079 });
1080
1081 let stream = TcpStream::connect(addr).unwrap();
1082 let ctx = SslContext::builder(SslMethod::tls()).unwrap();
1083 let ssl = Ssl::new(&ctx.build()).unwrap();
1084 let mut stream = ssl.connect(stream).unwrap();
1085
1086 let mut buf = [1; 32];
1087 stream
1088 .ssl()
1089 .export_keying_material(&mut buf, label, Some(context))
1090 .unwrap();
1091
1092 stream.read_exact(&mut [0]).unwrap();
1093
1094 let buf2 = guard.join().unwrap();
1095
1096 assert_eq!(buf, buf2);
1097 }
1098
1099 #[test]
1100 #[cfg(any(ossl110, libressl261))]
no_version_overlap()1101 fn no_version_overlap() {
1102 let mut server = Server::builder();
1103 server.ctx().set_min_proto_version(None).unwrap();
1104 server
1105 .ctx()
1106 .set_max_proto_version(Some(SslVersion::TLS1_1))
1107 .unwrap();
1108 #[cfg(any(ossl110g, libressl270))]
1109 assert_eq!(server.ctx().max_proto_version(), Some(SslVersion::TLS1_1));
1110 server.should_error();
1111 let server = server.build();
1112
1113 let mut client = server.client();
1114 client
1115 .ctx()
1116 .set_min_proto_version(Some(SslVersion::TLS1_2))
1117 .unwrap();
1118 #[cfg(ossl110g)]
1119 assert_eq!(client.ctx().min_proto_version(), Some(SslVersion::TLS1_2));
1120 client.ctx().set_max_proto_version(None).unwrap();
1121
1122 client.connect_err();
1123 }
1124
1125 #[test]
1126 #[cfg(ossl111)]
custom_extensions()1127 fn custom_extensions() {
1128 static FOUND_EXTENSION: AtomicBool = AtomicBool::new(false);
1129
1130 let mut server = Server::builder();
1131 server
1132 .ctx()
1133 .add_custom_ext(
1134 12345,
1135 ExtensionContext::CLIENT_HELLO,
1136 |_, _, _| -> Result<Option<&'static [u8]>, _> { unreachable!() },
1137 |_, _, data, _| {
1138 FOUND_EXTENSION.store(data == b"hello", Ordering::SeqCst);
1139 Ok(())
1140 },
1141 )
1142 .unwrap();
1143
1144 let server = server.build();
1145
1146 let mut client = server.client();
1147 client
1148 .ctx()
1149 .add_custom_ext(
1150 12345,
1151 ssl::ExtensionContext::CLIENT_HELLO,
1152 |_, _, _| Ok(Some(b"hello")),
1153 |_, _, _, _| unreachable!(),
1154 )
1155 .unwrap();
1156
1157 client.connect();
1158
1159 assert!(FOUND_EXTENSION.load(Ordering::SeqCst));
1160 }
1161
_check_kinds()1162 fn _check_kinds() {
1163 fn is_send<T: Send>() {}
1164 fn is_sync<T: Sync>() {}
1165
1166 is_send::<SslStream<TcpStream>>();
1167 is_sync::<SslStream<TcpStream>>();
1168 }
1169
1170 #[test]
1171 #[cfg(ossl111)]
stateless()1172 fn stateless() {
1173 use super::SslOptions;
1174
1175 #[derive(Debug)]
1176 struct MemoryStream {
1177 incoming: io::Cursor<Vec<u8>>,
1178 outgoing: Vec<u8>,
1179 }
1180
1181 impl MemoryStream {
1182 pub fn new() -> Self {
1183 Self {
1184 incoming: io::Cursor::new(Vec::new()),
1185 outgoing: Vec::new(),
1186 }
1187 }
1188
1189 pub fn extend_incoming(&mut self, data: &[u8]) {
1190 self.incoming.get_mut().extend_from_slice(data);
1191 }
1192
1193 pub fn take_outgoing(&mut self) -> Outgoing {
1194 Outgoing(&mut self.outgoing)
1195 }
1196 }
1197
1198 impl Read for MemoryStream {
1199 fn read(&mut self, buf: &mut [u8]) -> io::Result<usize> {
1200 let n = self.incoming.read(buf)?;
1201 if self.incoming.position() == self.incoming.get_ref().len() as u64 {
1202 self.incoming.set_position(0);
1203 self.incoming.get_mut().clear();
1204 }
1205 if n == 0 {
1206 return Err(io::Error::new(
1207 io::ErrorKind::WouldBlock,
1208 "no data available",
1209 ));
1210 }
1211 Ok(n)
1212 }
1213 }
1214
1215 impl Write for MemoryStream {
1216 fn write(&mut self, buf: &[u8]) -> io::Result<usize> {
1217 self.outgoing.write(buf)
1218 }
1219
1220 fn flush(&mut self) -> io::Result<()> {
1221 Ok(())
1222 }
1223 }
1224
1225 pub struct Outgoing<'a>(&'a mut Vec<u8>);
1226
1227 impl<'a> Drop for Outgoing<'a> {
1228 fn drop(&mut self) {
1229 self.0.clear();
1230 }
1231 }
1232
1233 impl<'a> ::std::ops::Deref for Outgoing<'a> {
1234 type Target = [u8];
1235 fn deref(&self) -> &[u8] {
1236 &self.0
1237 }
1238 }
1239
1240 impl<'a> AsRef<[u8]> for Outgoing<'a> {
1241 fn as_ref(&self) -> &[u8] {
1242 &self.0
1243 }
1244 }
1245
1246 fn send(from: &mut MemoryStream, to: &mut MemoryStream) {
1247 to.extend_incoming(&from.take_outgoing());
1248 }
1249
1250 fn hs<S: ::std::fmt::Debug>(
1251 stream: Result<SslStream<S>, HandshakeError<S>>,
1252 ) -> Result<SslStream<S>, MidHandshakeSslStream<S>> {
1253 match stream {
1254 Ok(stream) => Ok(stream),
1255 Err(HandshakeError::WouldBlock(stream)) => Err(stream),
1256 Err(e) => panic!("unexpected error: {:?}", e),
1257 }
1258 }
1259
1260 //
1261 // Setup
1262 //
1263
1264 let mut client_ctx = SslContext::builder(SslMethod::tls()).unwrap();
1265 client_ctx.clear_options(SslOptions::ENABLE_MIDDLEBOX_COMPAT);
1266 let client_stream = Ssl::new(&client_ctx.build()).unwrap();
1267
1268 let mut server_ctx = SslContext::builder(SslMethod::tls()).unwrap();
1269 server_ctx
1270 .set_certificate_file(&Path::new("test/cert.pem"), SslFiletype::PEM)
1271 .unwrap();
1272 server_ctx
1273 .set_private_key_file(&Path::new("test/key.pem"), SslFiletype::PEM)
1274 .unwrap();
1275 const COOKIE: &[u8] = b"chocolate chip";
1276 server_ctx.set_stateless_cookie_generate_cb(|_tls, buf| {
1277 buf[0..COOKIE.len()].copy_from_slice(COOKIE);
1278 Ok(COOKIE.len())
1279 });
1280 server_ctx.set_stateless_cookie_verify_cb(|_tls, buf| buf == COOKIE);
1281 let mut server_stream =
1282 ssl::SslStreamBuilder::new(Ssl::new(&server_ctx.build()).unwrap(), MemoryStream::new());
1283
1284 //
1285 // Handshake
1286 //
1287
1288 // Initial ClientHello
1289 let mut client_stream = hs(client_stream.connect(MemoryStream::new())).unwrap_err();
1290 send(client_stream.get_mut(), server_stream.get_mut());
1291 // HelloRetryRequest
1292 assert!(!server_stream.stateless().unwrap());
1293 send(server_stream.get_mut(), client_stream.get_mut());
1294 // Second ClientHello
1295 let mut client_stream = hs(client_stream.handshake()).unwrap_err();
1296 send(client_stream.get_mut(), server_stream.get_mut());
1297 // OldServerHello
1298 assert!(server_stream.stateless().unwrap());
1299 let mut server_stream = hs(server_stream.accept()).unwrap_err();
1300 send(server_stream.get_mut(), client_stream.get_mut());
1301 // Finished
1302 let mut client_stream = hs(client_stream.handshake()).unwrap();
1303 send(client_stream.get_mut(), server_stream.get_mut());
1304 hs(server_stream.handshake()).unwrap();
1305 }
1306
1307 #[cfg(not(osslconf = "OPENSSL_NO_PSK"))]
1308 #[test]
psk_ciphers()1309 fn psk_ciphers() {
1310 const CIPHER: &str = "PSK-AES128-CBC-SHA";
1311 const PSK: &[u8] = b"thisisaverysecurekey";
1312 const CLIENT_IDENT: &[u8] = b"thisisaclient";
1313 static CLIENT_CALLED: AtomicBool = AtomicBool::new(false);
1314 static SERVER_CALLED: AtomicBool = AtomicBool::new(false);
1315
1316 let mut server = Server::builder();
1317 server.ctx().set_cipher_list(CIPHER).unwrap();
1318 server.ctx().set_psk_server_callback(|_, identity, psk| {
1319 assert!(identity.unwrap_or(&[]) == CLIENT_IDENT);
1320 psk[..PSK.len()].copy_from_slice(PSK);
1321 SERVER_CALLED.store(true, Ordering::SeqCst);
1322 Ok(PSK.len())
1323 });
1324
1325 let server = server.build();
1326
1327 let mut client = server.client();
1328 // This test relies on TLS 1.2 suites
1329 #[cfg(ossl111)]
1330 client.ctx().set_options(super::SslOptions::NO_TLSV1_3);
1331 client.ctx().set_cipher_list(CIPHER).unwrap();
1332 client
1333 .ctx()
1334 .set_psk_client_callback(move |_, _, identity, psk| {
1335 identity[..CLIENT_IDENT.len()].copy_from_slice(&CLIENT_IDENT);
1336 identity[CLIENT_IDENT.len()] = 0;
1337 psk[..PSK.len()].copy_from_slice(PSK);
1338 CLIENT_CALLED.store(true, Ordering::SeqCst);
1339 Ok(PSK.len())
1340 });
1341
1342 client.connect();
1343
1344 assert!(CLIENT_CALLED.load(Ordering::SeqCst) && SERVER_CALLED.load(Ordering::SeqCst));
1345 }
1346
1347 #[test]
sni_callback_swapped_ctx()1348 fn sni_callback_swapped_ctx() {
1349 static CALLED_BACK: AtomicBool = AtomicBool::new(false);
1350
1351 let mut server = Server::builder();
1352
1353 let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
1354 ctx.set_servername_callback(|_, _| {
1355 CALLED_BACK.store(true, Ordering::SeqCst);
1356 Ok(())
1357 });
1358
1359 let keyed_ctx = mem::replace(server.ctx(), ctx).build();
1360 server.ssl_cb(move |ssl| ssl.set_ssl_context(&keyed_ctx).unwrap());
1361
1362 let server = server.build();
1363
1364 server.client().connect();
1365
1366 assert!(CALLED_BACK.load(Ordering::SeqCst));
1367 }
1368
1369 #[test]
1370 #[cfg(ossl111)]
client_hello()1371 fn client_hello() {
1372 static CALLED_BACK: AtomicBool = AtomicBool::new(false);
1373
1374 let mut server = Server::builder();
1375 server.ctx().set_client_hello_callback(|ssl, _| {
1376 assert!(!ssl.client_hello_isv2());
1377 assert_eq!(ssl.client_hello_legacy_version(), Some(SslVersion::TLS1_2));
1378 assert!(ssl.client_hello_random().is_some());
1379 assert!(ssl.client_hello_session_id().is_some());
1380 assert!(ssl.client_hello_ciphers().is_some());
1381 assert!(ssl.client_hello_compression_methods().is_some());
1382
1383 CALLED_BACK.store(true, Ordering::SeqCst);
1384 Ok(ClientHelloResponse::SUCCESS)
1385 });
1386
1387 let server = server.build();
1388 server.client().connect();
1389
1390 assert!(CALLED_BACK.load(Ordering::SeqCst));
1391 }
1392
1393 #[test]
1394 #[cfg(ossl111)]
openssl_cipher_name()1395 fn openssl_cipher_name() {
1396 assert_eq!(
1397 super::cipher_name("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"),
1398 "ECDHE-RSA-AES256-SHA384",
1399 );
1400
1401 assert_eq!(super::cipher_name("asdf"), "(NONE)");
1402 }
1403
1404 #[test]
session_cache_size()1405 fn session_cache_size() {
1406 let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
1407 ctx.set_session_cache_size(1234);
1408 let ctx = ctx.build();
1409 assert_eq!(ctx.session_cache_size(), 1234);
1410 }
1411