1 #![allow(unused_imports)]
2
3 use hex;
4 use std::env;
5 use std::fs::File;
6 use std::io::prelude::*;
7 use std::io::{self, BufReader};
8 use std::iter;
9 use std::mem;
10 use std::net::UdpSocket;
11 use std::net::{SocketAddr, TcpListener, TcpStream};
12 use std::path::Path;
13 use std::process::{Child, ChildStdin, Command, Stdio};
14 use std::sync::atomic::{AtomicBool, Ordering};
15 use std::thread;
16 use std::time::Duration;
17 use tempdir::TempDir;
18
19 use dh::Dh;
20 use error::ErrorStack;
21 use hash::MessageDigest;
22 use ocsp::{OcspResponse, OcspResponseStatus};
23 use pkey::PKey;
24 use srtp::SrtpProfileId;
25 use ssl;
26 use ssl::test::server::Server;
27 #[cfg(any(ossl110, ossl111, libressl261))]
28 use ssl::SslVersion;
29 #[cfg(ossl111)]
30 use ssl::{ClientHelloResponse, ExtensionContext};
31 use ssl::{
32 Error, HandshakeError, MidHandshakeSslStream, ShutdownResult, ShutdownState, Ssl, SslAcceptor,
33 SslAcceptorBuilder, SslConnector, SslContext, SslContextBuilder, SslFiletype, SslMethod,
34 SslOptions, SslSessionCacheMode, SslStream, SslVerifyMode, StatusType,
35 };
36 #[cfg(ossl102)]
37 use x509::store::X509StoreBuilder;
38 #[cfg(ossl102)]
39 use x509::verify::X509CheckFlags;
40 use x509::{X509Name, X509StoreContext, X509VerifyResult, X509};
41
42 mod server;
43
44 static ROOT_CERT: &[u8] = include_bytes!("../../../test/root-ca.pem");
45 static CERT: &[u8] = include_bytes!("../../../test/cert.pem");
46 static KEY: &[u8] = include_bytes!("../../../test/key.pem");
47
48 #[test]
verify_untrusted()49 fn verify_untrusted() {
50 let mut server = Server::builder();
51 server.should_error();
52 let server = server.build();
53
54 let mut client = server.client();
55 client.ctx().set_verify(SslVerifyMode::PEER);
56
57 client.connect_err();
58 }
59
60 #[test]
verify_trusted()61 fn verify_trusted() {
62 let server = Server::builder().build();
63
64 let mut client = server.client();
65 client.ctx().set_ca_file("test/root-ca.pem").unwrap();
66
67 client.connect();
68 }
69
70 #[test]
71 #[cfg(ossl102)]
verify_trusted_with_set_cert()72 fn verify_trusted_with_set_cert() {
73 let server = Server::builder().build();
74
75 let mut store = X509StoreBuilder::new().unwrap();
76 let x509 = X509::from_pem(ROOT_CERT).unwrap();
77 store.add_cert(x509).unwrap();
78
79 let mut client = server.client();
80 client.ctx().set_verify(SslVerifyMode::PEER);
81 client.ctx().set_verify_cert_store(store.build()).unwrap();
82
83 client.connect();
84 }
85
86 #[test]
verify_untrusted_callback_override_ok()87 fn verify_untrusted_callback_override_ok() {
88 let server = Server::builder().build();
89
90 let mut client = server.client();
91 client
92 .ctx()
93 .set_verify_callback(SslVerifyMode::PEER, |_, x509| {
94 assert!(x509.current_cert().is_some());
95 true
96 });
97
98 client.connect();
99 }
100
101 #[test]
verify_untrusted_callback_override_bad()102 fn verify_untrusted_callback_override_bad() {
103 let mut server = Server::builder();
104 server.should_error();
105 let server = server.build();
106
107 let mut client = server.client();
108 client
109 .ctx()
110 .set_verify_callback(SslVerifyMode::PEER, |_, _| false);
111
112 client.connect_err();
113 }
114
115 #[test]
verify_trusted_callback_override_ok()116 fn verify_trusted_callback_override_ok() {
117 let server = Server::builder().build();
118
119 let mut client = server.client();
120 client.ctx().set_ca_file("test/root-ca.pem").unwrap();
121 client
122 .ctx()
123 .set_verify_callback(SslVerifyMode::PEER, |_, x509| {
124 assert!(x509.current_cert().is_some());
125 true
126 });
127
128 client.connect();
129 }
130
131 #[test]
verify_trusted_callback_override_bad()132 fn verify_trusted_callback_override_bad() {
133 let mut server = Server::builder();
134 server.should_error();
135 let server = server.build();
136
137 let mut client = server.client();
138 client.ctx().set_ca_file("test/root-ca.pem").unwrap();
139 client
140 .ctx()
141 .set_verify_callback(SslVerifyMode::PEER, |_, _| false);
142
143 client.connect_err();
144 }
145
146 #[test]
verify_callback_load_certs()147 fn verify_callback_load_certs() {
148 let server = Server::builder().build();
149
150 let mut client = server.client();
151 client
152 .ctx()
153 .set_verify_callback(SslVerifyMode::PEER, |_, x509| {
154 assert!(x509.current_cert().is_some());
155 true
156 });
157
158 client.connect();
159 }
160
161 #[test]
verify_trusted_get_error_ok()162 fn verify_trusted_get_error_ok() {
163 let server = Server::builder().build();
164
165 let mut client = server.client();
166 client.ctx().set_ca_file("test/root-ca.pem").unwrap();
167 client
168 .ctx()
169 .set_verify_callback(SslVerifyMode::PEER, |_, x509| {
170 assert_eq!(x509.error(), X509VerifyResult::OK);
171 true
172 });
173
174 client.connect();
175 }
176
177 #[test]
verify_trusted_get_error_err()178 fn verify_trusted_get_error_err() {
179 let mut server = Server::builder();
180 server.should_error();
181 let server = server.build();
182
183 let mut client = server.client();
184 client
185 .ctx()
186 .set_verify_callback(SslVerifyMode::PEER, |_, x509| {
187 assert_ne!(x509.error(), X509VerifyResult::OK);
188 false
189 });
190
191 client.connect_err();
192 }
193
194 #[test]
verify_callback()195 fn verify_callback() {
196 static CALLED_BACK: AtomicBool = AtomicBool::new(false);
197
198 let server = Server::builder().build();
199
200 let mut client = server.client();
201 let expected = "59172d9313e84459bcff27f967e79e6e9217e584";
202 client
203 .ctx()
204 .set_verify_callback(SslVerifyMode::PEER, move |_, x509| {
205 CALLED_BACK.store(true, Ordering::SeqCst);
206 let cert = x509.current_cert().unwrap();
207 let digest = cert.digest(MessageDigest::sha1()).unwrap();
208 assert_eq!(hex::encode(&digest), expected);
209 true
210 });
211
212 client.connect();
213 assert!(CALLED_BACK.load(Ordering::SeqCst));
214 }
215
216 #[test]
ssl_verify_callback()217 fn ssl_verify_callback() {
218 static CALLED_BACK: AtomicBool = AtomicBool::new(false);
219
220 let server = Server::builder().build();
221
222 let mut client = server.client().build().builder();
223 let expected = "59172d9313e84459bcff27f967e79e6e9217e584";
224 client
225 .ssl()
226 .set_verify_callback(SslVerifyMode::PEER, move |_, x509| {
227 CALLED_BACK.store(true, Ordering::SeqCst);
228 let cert = x509.current_cert().unwrap();
229 let digest = cert.digest(MessageDigest::sha1()).unwrap();
230 assert_eq!(hex::encode(&digest), expected);
231 true
232 });
233
234 client.connect();
235 assert!(CALLED_BACK.load(Ordering::SeqCst));
236 }
237
238 #[test]
get_ctx_options()239 fn get_ctx_options() {
240 let ctx = SslContext::builder(SslMethod::tls()).unwrap();
241 ctx.options();
242 }
243
244 #[test]
set_ctx_options()245 fn set_ctx_options() {
246 let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
247 let opts = ctx.set_options(SslOptions::NO_TICKET);
248 assert!(opts.contains(SslOptions::NO_TICKET));
249 }
250
251 #[test]
clear_ctx_options()252 fn clear_ctx_options() {
253 let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
254 ctx.set_options(SslOptions::ALL);
255 let opts = ctx.clear_options(SslOptions::ALL);
256 assert!(!opts.contains(SslOptions::ALL));
257 }
258
259 #[test]
zero_length_buffers()260 fn zero_length_buffers() {
261 let server = Server::builder().build();
262
263 let mut s = server.client().connect();
264 assert_eq!(s.write(&[]).unwrap(), 0);
265 assert_eq!(s.read(&mut []).unwrap(), 0);
266 }
267
268 #[test]
peer_certificate()269 fn peer_certificate() {
270 let server = Server::builder().build();
271
272 let s = server.client().connect();
273 let cert = s.ssl().peer_certificate().unwrap();
274 let fingerprint = cert.digest(MessageDigest::sha1()).unwrap();
275 assert_eq!(
276 hex::encode(fingerprint),
277 "59172d9313e84459bcff27f967e79e6e9217e584"
278 );
279 }
280
281 #[test]
pending()282 fn pending() {
283 let mut server = Server::builder();
284 server.io_cb(|mut s| s.write_all(&[0; 10]).unwrap());
285 let server = server.build();
286
287 let mut s = server.client().connect();
288 s.read_exact(&mut [0]).unwrap();
289
290 assert_eq!(s.ssl().pending(), 9);
291 assert_eq!(s.read(&mut [0; 10]).unwrap(), 9);
292 }
293
294 #[test]
state()295 fn state() {
296 let server = Server::builder().build();
297
298 let s = server.client().connect();
299 assert_eq!(s.ssl().state_string(), "SSLOK ");
300 assert_eq!(
301 s.ssl().state_string_long(),
302 "SSL negotiation finished successfully"
303 );
304 }
305
306 /// Tests that when both the client as well as the server use SRTP and their
307 /// lists of supported protocols have an overlap -- with only ONE protocol
308 /// being valid for both.
309 #[test]
310 #[cfg_attr(libressl291, ignore)]
test_connect_with_srtp_ctx()311 fn test_connect_with_srtp_ctx() {
312 let listener = TcpListener::bind("127.0.0.1:0").unwrap();
313 let addr = listener.local_addr().unwrap();
314
315 let guard = thread::spawn(move || {
316 let stream = listener.accept().unwrap().0;
317 let mut ctx = SslContext::builder(SslMethod::dtls()).unwrap();
318 ctx.set_tlsext_use_srtp("SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32")
319 .unwrap();
320 ctx.set_certificate_file(&Path::new("test/cert.pem"), SslFiletype::PEM)
321 .unwrap();
322 ctx.set_private_key_file(&Path::new("test/key.pem"), SslFiletype::PEM)
323 .unwrap();
324 let mut ssl = Ssl::new(&ctx.build()).unwrap();
325 ssl.set_mtu(1500).unwrap();
326 let mut stream = ssl.accept(stream).unwrap();
327
328 let mut buf = [0; 60];
329 stream
330 .ssl()
331 .export_keying_material(&mut buf, "EXTRACTOR-dtls_srtp", None)
332 .unwrap();
333
334 stream.write_all(&[0]).unwrap();
335
336 buf
337 });
338
339 let stream = TcpStream::connect(addr).unwrap();
340 let mut ctx = SslContext::builder(SslMethod::dtls()).unwrap();
341 ctx.set_tlsext_use_srtp("SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32")
342 .unwrap();
343 let mut ssl = Ssl::new(&ctx.build()).unwrap();
344 ssl.set_mtu(1500).unwrap();
345 let mut stream = ssl.connect(stream).unwrap();
346
347 let mut buf = [1; 60];
348 {
349 let srtp_profile = stream.ssl().selected_srtp_profile().unwrap();
350 assert_eq!("SRTP_AES128_CM_SHA1_80", srtp_profile.name());
351 assert_eq!(SrtpProfileId::SRTP_AES128_CM_SHA1_80, srtp_profile.id());
352 }
353 stream
354 .ssl()
355 .export_keying_material(&mut buf, "EXTRACTOR-dtls_srtp", None)
356 .expect("extract");
357
358 stream.read_exact(&mut [0]).unwrap();
359
360 let buf2 = guard.join().unwrap();
361
362 assert_eq!(buf[..], buf2[..]);
363 }
364
365 /// Tests that when both the client as well as the server use SRTP and their
366 /// lists of supported protocols have an overlap -- with only ONE protocol
367 /// being valid for both.
368 #[test]
369 #[cfg_attr(libressl291, ignore)]
test_connect_with_srtp_ssl()370 fn test_connect_with_srtp_ssl() {
371 let listener = TcpListener::bind("127.0.0.1:0").unwrap();
372 let addr = listener.local_addr().unwrap();
373
374 let guard = thread::spawn(move || {
375 let stream = listener.accept().unwrap().0;
376 let mut ctx = SslContext::builder(SslMethod::dtls()).unwrap();
377 ctx.set_certificate_file(&Path::new("test/cert.pem"), SslFiletype::PEM)
378 .unwrap();
379 ctx.set_private_key_file(&Path::new("test/key.pem"), SslFiletype::PEM)
380 .unwrap();
381 let mut ssl = Ssl::new(&ctx.build()).unwrap();
382 ssl.set_tlsext_use_srtp("SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32")
383 .unwrap();
384 let mut profilenames = String::new();
385 for profile in ssl.srtp_profiles().unwrap() {
386 if !profilenames.is_empty() {
387 profilenames.push(':');
388 }
389 profilenames += profile.name();
390 }
391 assert_eq!(
392 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
393 profilenames
394 );
395 ssl.set_mtu(1500).unwrap();
396 let mut stream = ssl.accept(stream).unwrap();
397
398 let mut buf = [0; 60];
399 stream
400 .ssl()
401 .export_keying_material(&mut buf, "EXTRACTOR-dtls_srtp", None)
402 .unwrap();
403
404 stream.write_all(&[0]).unwrap();
405
406 buf
407 });
408
409 let stream = TcpStream::connect(addr).unwrap();
410 let ctx = SslContext::builder(SslMethod::dtls()).unwrap();
411 let mut ssl = Ssl::new(&ctx.build()).unwrap();
412 ssl.set_tlsext_use_srtp("SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32")
413 .unwrap();
414 ssl.set_mtu(1500).unwrap();
415 let mut stream = ssl.connect(stream).unwrap();
416
417 let mut buf = [1; 60];
418 {
419 let srtp_profile = stream.ssl().selected_srtp_profile().unwrap();
420 assert_eq!("SRTP_AES128_CM_SHA1_80", srtp_profile.name());
421 assert_eq!(SrtpProfileId::SRTP_AES128_CM_SHA1_80, srtp_profile.id());
422 }
423 stream
424 .ssl()
425 .export_keying_material(&mut buf, "EXTRACTOR-dtls_srtp", None)
426 .expect("extract");
427
428 stream.read_exact(&mut [0]).unwrap();
429
430 let buf2 = guard.join().unwrap();
431
432 assert_eq!(buf[..], buf2[..]);
433 }
434
435 /// Tests that when the `SslStream` is created as a server stream, the protocols
436 /// are correctly advertised to the client.
437 #[test]
438 #[cfg(any(ossl102, libressl261))]
test_alpn_server_advertise_multiple()439 fn test_alpn_server_advertise_multiple() {
440 let mut server = Server::builder();
441 server.ctx().set_alpn_select_callback(|_, client| {
442 ssl::select_next_proto(b"\x08http/1.1\x08spdy/3.1", client).ok_or(ssl::AlpnError::NOACK)
443 });
444 let server = server.build();
445
446 let mut client = server.client();
447 client.ctx().set_alpn_protos(b"\x08spdy/3.1").unwrap();
448 let s = client.connect();
449 assert_eq!(s.ssl().selected_alpn_protocol(), Some(&b"spdy/3.1"[..]));
450 }
451
452 #[test]
453 #[cfg(any(ossl110))]
test_alpn_server_select_none_fatal()454 fn test_alpn_server_select_none_fatal() {
455 let mut server = Server::builder();
456 server.ctx().set_alpn_select_callback(|_, client| {
457 ssl::select_next_proto(b"\x08http/1.1\x08spdy/3.1", client)
458 .ok_or(ssl::AlpnError::ALERT_FATAL)
459 });
460 server.should_error();
461 let server = server.build();
462
463 let mut client = server.client();
464 client.ctx().set_alpn_protos(b"\x06http/2").unwrap();
465 client.connect_err();
466 }
467
468 #[test]
469 #[cfg(any(ossl102, libressl261))]
test_alpn_server_select_none()470 fn test_alpn_server_select_none() {
471 let mut server = Server::builder();
472 server.ctx().set_alpn_select_callback(|_, client| {
473 ssl::select_next_proto(b"\x08http/1.1\x08spdy/3.1", client).ok_or(ssl::AlpnError::NOACK)
474 });
475 let server = server.build();
476
477 let mut client = server.client();
478 client.ctx().set_alpn_protos(b"\x06http/2").unwrap();
479 let s = client.connect();
480 assert_eq!(None, s.ssl().selected_alpn_protocol());
481 }
482
483 #[test]
484 #[cfg(any(ossl102, libressl261))]
test_alpn_server_unilateral()485 fn test_alpn_server_unilateral() {
486 let server = Server::builder().build();
487
488 let mut client = server.client();
489 client.ctx().set_alpn_protos(b"\x06http/2").unwrap();
490 let s = client.connect();
491 assert_eq!(None, s.ssl().selected_alpn_protocol());
492 }
493
494 #[test]
495 #[should_panic(expected = "blammo")]
write_panic()496 fn write_panic() {
497 struct ExplodingStream(TcpStream);
498
499 impl Read for ExplodingStream {
500 fn read(&mut self, buf: &mut [u8]) -> io::Result<usize> {
501 self.0.read(buf)
502 }
503 }
504
505 impl Write for ExplodingStream {
506 fn write(&mut self, _: &[u8]) -> io::Result<usize> {
507 panic!("blammo");
508 }
509
510 fn flush(&mut self) -> io::Result<()> {
511 self.0.flush()
512 }
513 }
514
515 let mut server = Server::builder();
516 server.should_error();
517 let server = server.build();
518
519 let stream = ExplodingStream(server.connect_tcp());
520
521 let ctx = SslContext::builder(SslMethod::tls()).unwrap();
522 let _ = Ssl::new(&ctx.build()).unwrap().connect(stream);
523 }
524
525 #[test]
526 #[should_panic(expected = "blammo")]
read_panic()527 fn read_panic() {
528 struct ExplodingStream(TcpStream);
529
530 impl Read for ExplodingStream {
531 fn read(&mut self, _: &mut [u8]) -> io::Result<usize> {
532 panic!("blammo");
533 }
534 }
535
536 impl Write for ExplodingStream {
537 fn write(&mut self, buf: &[u8]) -> io::Result<usize> {
538 self.0.write(buf)
539 }
540
541 fn flush(&mut self) -> io::Result<()> {
542 self.0.flush()
543 }
544 }
545
546 let mut server = Server::builder();
547 server.should_error();
548 let server = server.build();
549
550 let stream = ExplodingStream(server.connect_tcp());
551
552 let ctx = SslContext::builder(SslMethod::tls()).unwrap();
553 let _ = Ssl::new(&ctx.build()).unwrap().connect(stream);
554 }
555
556 #[test]
557 #[cfg_attr(libressl321, ignore)]
558 #[should_panic(expected = "blammo")]
flush_panic()559 fn flush_panic() {
560 struct ExplodingStream(TcpStream);
561
562 impl Read for ExplodingStream {
563 fn read(&mut self, buf: &mut [u8]) -> io::Result<usize> {
564 self.0.read(buf)
565 }
566 }
567
568 impl Write for ExplodingStream {
569 fn write(&mut self, buf: &[u8]) -> io::Result<usize> {
570 self.0.write(buf)
571 }
572
573 fn flush(&mut self) -> io::Result<()> {
574 panic!("blammo");
575 }
576 }
577
578 let mut server = Server::builder();
579 server.should_error();
580 let server = server.build();
581
582 let stream = ExplodingStream(server.connect_tcp());
583
584 let ctx = SslContext::builder(SslMethod::tls()).unwrap();
585 let _ = Ssl::new(&ctx.build()).unwrap().connect(stream);
586 }
587
588 #[test]
refcount_ssl_context()589 fn refcount_ssl_context() {
590 let mut ssl = {
591 let ctx = SslContext::builder(SslMethod::tls()).unwrap();
592 ssl::Ssl::new(&ctx.build()).unwrap()
593 };
594
595 {
596 let new_ctx_a = SslContext::builder(SslMethod::tls()).unwrap().build();
597 let _new_ctx_b = ssl.set_ssl_context(&new_ctx_a);
598 }
599 }
600
601 #[test]
602 #[cfg_attr(libressl250, ignore)]
603 #[cfg_attr(target_os = "windows", ignore)]
604 #[cfg_attr(all(target_os = "macos", feature = "vendored"), ignore)]
default_verify_paths()605 fn default_verify_paths() {
606 let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
607 ctx.set_default_verify_paths().unwrap();
608 ctx.set_verify(SslVerifyMode::PEER);
609 let ctx = ctx.build();
610 let s = match TcpStream::connect("google.com:443") {
611 Ok(s) => s,
612 Err(_) => return,
613 };
614 let mut ssl = Ssl::new(&ctx).unwrap();
615 ssl.set_hostname("google.com").unwrap();
616 let mut socket = ssl.connect(s).unwrap();
617
618 socket.write_all(b"GET / HTTP/1.0\r\n\r\n").unwrap();
619 let mut result = vec![];
620 socket.read_to_end(&mut result).unwrap();
621
622 println!("{}", String::from_utf8_lossy(&result));
623 assert!(result.starts_with(b"HTTP/1.0"));
624 assert!(result.ends_with(b"</HTML>\r\n") || result.ends_with(b"</html>"));
625 }
626
627 #[test]
add_extra_chain_cert()628 fn add_extra_chain_cert() {
629 let cert = X509::from_pem(CERT).unwrap();
630 let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
631 ctx.add_extra_chain_cert(cert).unwrap();
632 }
633
634 #[test]
635 #[cfg(ossl102)]
verify_valid_hostname()636 fn verify_valid_hostname() {
637 let server = Server::builder().build();
638
639 let mut client = server.client();
640 client.ctx().set_ca_file("test/root-ca.pem").unwrap();
641 client.ctx().set_verify(SslVerifyMode::PEER);
642
643 let mut client = client.build().builder();
644 client
645 .ssl()
646 .param_mut()
647 .set_hostflags(X509CheckFlags::NO_PARTIAL_WILDCARDS);
648 client.ssl().param_mut().set_host("foobar.com").unwrap();
649 client.connect();
650 }
651
652 #[test]
653 #[cfg(ossl102)]
verify_invalid_hostname()654 fn verify_invalid_hostname() {
655 let mut server = Server::builder();
656 server.should_error();
657 let server = server.build();
658
659 let mut client = server.client();
660 client.ctx().set_ca_file("test/root-ca.pem").unwrap();
661 client.ctx().set_verify(SslVerifyMode::PEER);
662
663 let mut client = client.build().builder();
664 client
665 .ssl()
666 .param_mut()
667 .set_hostflags(X509CheckFlags::NO_PARTIAL_WILDCARDS);
668 client.ssl().param_mut().set_host("bogus.com").unwrap();
669 client.connect_err();
670 }
671
672 #[test]
connector_valid_hostname()673 fn connector_valid_hostname() {
674 let server = Server::builder().build();
675
676 let mut connector = SslConnector::builder(SslMethod::tls()).unwrap();
677 connector.set_ca_file("test/root-ca.pem").unwrap();
678
679 let s = server.connect_tcp();
680 let mut s = connector.build().connect("foobar.com", s).unwrap();
681 s.read_exact(&mut [0]).unwrap();
682 }
683
684 #[test]
connector_invalid_hostname()685 fn connector_invalid_hostname() {
686 let mut server = Server::builder();
687 server.should_error();
688 let server = server.build();
689
690 let mut connector = SslConnector::builder(SslMethod::tls()).unwrap();
691 connector.set_ca_file("test/root-ca.pem").unwrap();
692
693 let s = server.connect_tcp();
694 connector.build().connect("bogus.com", s).unwrap_err();
695 }
696
697 #[test]
connector_invalid_no_hostname_verification()698 fn connector_invalid_no_hostname_verification() {
699 let server = Server::builder().build();
700
701 let mut connector = SslConnector::builder(SslMethod::tls()).unwrap();
702 connector.set_ca_file("test/root-ca.pem").unwrap();
703
704 let s = server.connect_tcp();
705 let mut s = connector
706 .build()
707 .configure()
708 .unwrap()
709 .verify_hostname(false)
710 .connect("bogus.com", s)
711 .unwrap();
712 s.read_exact(&mut [0]).unwrap();
713 }
714
715 #[test]
connector_no_hostname_still_verifies()716 fn connector_no_hostname_still_verifies() {
717 let mut server = Server::builder();
718 server.should_error();
719 let server = server.build();
720
721 let connector = SslConnector::builder(SslMethod::tls()).unwrap().build();
722
723 let s = server.connect_tcp();
724 assert!(connector
725 .configure()
726 .unwrap()
727 .verify_hostname(false)
728 .connect("fizzbuzz.com", s)
729 .is_err());
730 }
731
732 #[test]
connector_no_hostname_can_disable_verify()733 fn connector_no_hostname_can_disable_verify() {
734 let server = Server::builder().build();
735
736 let mut connector = SslConnector::builder(SslMethod::tls()).unwrap();
737 connector.set_verify(SslVerifyMode::NONE);
738 let connector = connector.build();
739
740 let s = server.connect_tcp();
741 let mut s = connector
742 .configure()
743 .unwrap()
744 .verify_hostname(false)
745 .connect("foobar.com", s)
746 .unwrap();
747 s.read_exact(&mut [0]).unwrap();
748 }
749
test_mozilla_server(new: fn(SslMethod) -> Result<SslAcceptorBuilder, ErrorStack>)750 fn test_mozilla_server(new: fn(SslMethod) -> Result<SslAcceptorBuilder, ErrorStack>) {
751 let listener = TcpListener::bind("127.0.0.1:0").unwrap();
752 let port = listener.local_addr().unwrap().port();
753
754 let t = thread::spawn(move || {
755 let key = PKey::private_key_from_pem(KEY).unwrap();
756 let cert = X509::from_pem(CERT).unwrap();
757 let mut acceptor = new(SslMethod::tls()).unwrap();
758 acceptor.set_private_key(&key).unwrap();
759 acceptor.set_certificate(&cert).unwrap();
760 let acceptor = acceptor.build();
761 let stream = listener.accept().unwrap().0;
762 let mut stream = acceptor.accept(stream).unwrap();
763
764 stream.write_all(b"hello").unwrap();
765 });
766
767 let mut connector = SslConnector::builder(SslMethod::tls()).unwrap();
768 connector.set_ca_file("test/root-ca.pem").unwrap();
769 let connector = connector.build();
770
771 let stream = TcpStream::connect(("127.0.0.1", port)).unwrap();
772 let mut stream = connector.connect("foobar.com", stream).unwrap();
773
774 let mut buf = [0; 5];
775 stream.read_exact(&mut buf).unwrap();
776 assert_eq!(b"hello", &buf);
777
778 t.join().unwrap();
779 }
780
781 #[test]
connector_client_server_mozilla_intermediate()782 fn connector_client_server_mozilla_intermediate() {
783 test_mozilla_server(SslAcceptor::mozilla_intermediate);
784 }
785
786 #[test]
connector_client_server_mozilla_modern()787 fn connector_client_server_mozilla_modern() {
788 test_mozilla_server(SslAcceptor::mozilla_modern);
789 }
790
791 #[test]
connector_client_server_mozilla_intermediate_v5()792 fn connector_client_server_mozilla_intermediate_v5() {
793 test_mozilla_server(SslAcceptor::mozilla_intermediate_v5);
794 }
795
796 #[test]
797 #[cfg(ossl111)]
connector_client_server_mozilla_modern_v5()798 fn connector_client_server_mozilla_modern_v5() {
799 test_mozilla_server(SslAcceptor::mozilla_modern_v5);
800 }
801
802 #[test]
shutdown()803 fn shutdown() {
804 let mut server = Server::builder();
805 server.io_cb(|mut s| {
806 assert_eq!(s.read(&mut [0]).unwrap(), 0);
807 assert_eq!(s.shutdown().unwrap(), ShutdownResult::Received);
808 });
809 let server = server.build();
810
811 let mut s = server.client().connect();
812
813 assert_eq!(s.get_shutdown(), ShutdownState::empty());
814 assert_eq!(s.shutdown().unwrap(), ShutdownResult::Sent);
815 assert_eq!(s.get_shutdown(), ShutdownState::SENT);
816 assert_eq!(s.shutdown().unwrap(), ShutdownResult::Received);
817 assert_eq!(
818 s.get_shutdown(),
819 ShutdownState::SENT | ShutdownState::RECEIVED
820 );
821 }
822
823 #[test]
client_ca_list()824 fn client_ca_list() {
825 let names = X509Name::load_client_ca_file("test/root-ca.pem").unwrap();
826 assert_eq!(names.len(), 1);
827
828 let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
829 ctx.set_client_ca_list(names);
830 }
831
832 #[test]
cert_store()833 fn cert_store() {
834 let server = Server::builder().build();
835
836 let mut client = server.client();
837 let cert = X509::from_pem(ROOT_CERT).unwrap();
838 client.ctx().cert_store_mut().add_cert(cert).unwrap();
839 client.ctx().set_verify(SslVerifyMode::PEER);
840
841 client.connect();
842 }
843
844 #[test]
845 #[cfg_attr(libressl321, ignore)]
tmp_dh_callback()846 fn tmp_dh_callback() {
847 static CALLED_BACK: AtomicBool = AtomicBool::new(false);
848
849 let mut server = Server::builder();
850 server.ctx().set_tmp_dh_callback(|_, _, _| {
851 CALLED_BACK.store(true, Ordering::SeqCst);
852 let dh = include_bytes!("../../../test/dhparams.pem");
853 Dh::params_from_pem(dh)
854 });
855
856 let server = server.build();
857
858 let mut client = server.client();
859 // TLS 1.3 has no DH suites, so make sure we don't pick that version
860 #[cfg(ossl111)]
861 client.ctx().set_options(super::SslOptions::NO_TLSV1_3);
862 client.ctx().set_cipher_list("EDH").unwrap();
863 client.connect();
864
865 assert!(CALLED_BACK.load(Ordering::SeqCst));
866 }
867
868 #[test]
869 #[cfg(all(ossl101, not(ossl110)))]
tmp_ecdh_callback()870 fn tmp_ecdh_callback() {
871 use ec::EcKey;
872 use nid::Nid;
873
874 static CALLED_BACK: AtomicBool = AtomicBool::new(false);
875
876 let mut server = Server::builder();
877 server.ctx().set_tmp_ecdh_callback(|_, _, _| {
878 CALLED_BACK.store(true, Ordering::SeqCst);
879 EcKey::from_curve_name(Nid::X9_62_PRIME256V1)
880 });
881
882 let server = server.build();
883
884 let mut client = server.client();
885 client.ctx().set_cipher_list("ECDH").unwrap();
886 client.connect();
887
888 assert!(CALLED_BACK.load(Ordering::SeqCst));
889 }
890
891 #[test]
892 #[cfg_attr(libressl321, ignore)]
tmp_dh_callback_ssl()893 fn tmp_dh_callback_ssl() {
894 static CALLED_BACK: AtomicBool = AtomicBool::new(false);
895
896 let mut server = Server::builder();
897 server.ssl_cb(|ssl| {
898 ssl.set_tmp_dh_callback(|_, _, _| {
899 CALLED_BACK.store(true, Ordering::SeqCst);
900 let dh = include_bytes!("../../../test/dhparams.pem");
901 Dh::params_from_pem(dh)
902 });
903 });
904
905 let server = server.build();
906
907 let mut client = server.client();
908 // TLS 1.3 has no DH suites, so make sure we don't pick that version
909 #[cfg(ossl111)]
910 client.ctx().set_options(super::SslOptions::NO_TLSV1_3);
911 client.ctx().set_cipher_list("EDH").unwrap();
912 client.connect();
913
914 assert!(CALLED_BACK.load(Ordering::SeqCst));
915 }
916
917 #[test]
918 #[cfg(all(ossl101, not(ossl110)))]
tmp_ecdh_callback_ssl()919 fn tmp_ecdh_callback_ssl() {
920 use ec::EcKey;
921 use nid::Nid;
922
923 static CALLED_BACK: AtomicBool = AtomicBool::new(false);
924
925 let mut server = Server::builder();
926 server.ssl_cb(|ssl| {
927 ssl.set_tmp_ecdh_callback(|_, _, _| {
928 CALLED_BACK.store(true, Ordering::SeqCst);
929 EcKey::from_curve_name(Nid::X9_62_PRIME256V1)
930 });
931 });
932
933 let server = server.build();
934
935 let mut client = server.client();
936 client.ctx().set_cipher_list("ECDH").unwrap();
937 client.connect();
938
939 assert!(CALLED_BACK.load(Ordering::SeqCst));
940 }
941
942 #[test]
idle_session()943 fn idle_session() {
944 let ctx = SslContext::builder(SslMethod::tls()).unwrap().build();
945 let ssl = Ssl::new(&ctx).unwrap();
946 assert!(ssl.session().is_none());
947 }
948
949 #[test]
950 #[cfg_attr(libressl321, ignore)]
active_session()951 fn active_session() {
952 let server = Server::builder().build();
953
954 let s = server.client().connect();
955
956 let session = s.ssl().session().unwrap();
957 let len = session.master_key_len();
958 let mut buf = vec![0; len - 1];
959 let copied = session.master_key(&mut buf);
960 assert_eq!(copied, buf.len());
961 let mut buf = vec![0; len + 1];
962 let copied = session.master_key(&mut buf);
963 assert_eq!(copied, len);
964 }
965
966 #[test]
status_callbacks()967 fn status_callbacks() {
968 static CALLED_BACK_SERVER: AtomicBool = AtomicBool::new(false);
969 static CALLED_BACK_CLIENT: AtomicBool = AtomicBool::new(false);
970
971 let mut server = Server::builder();
972 server
973 .ctx()
974 .set_status_callback(|ssl| {
975 CALLED_BACK_SERVER.store(true, Ordering::SeqCst);
976 let response = OcspResponse::create(OcspResponseStatus::UNAUTHORIZED, None).unwrap();
977 let response = response.to_der().unwrap();
978 ssl.set_ocsp_status(&response).unwrap();
979 Ok(true)
980 })
981 .unwrap();
982
983 let server = server.build();
984
985 let mut client = server.client();
986 client
987 .ctx()
988 .set_status_callback(|ssl| {
989 CALLED_BACK_CLIENT.store(true, Ordering::SeqCst);
990 let response = OcspResponse::from_der(ssl.ocsp_status().unwrap()).unwrap();
991 assert_eq!(response.status(), OcspResponseStatus::UNAUTHORIZED);
992 Ok(true)
993 })
994 .unwrap();
995
996 let mut client = client.build().builder();
997 client.ssl().set_status_type(StatusType::OCSP).unwrap();
998
999 client.connect();
1000
1001 assert!(CALLED_BACK_SERVER.load(Ordering::SeqCst));
1002 assert!(CALLED_BACK_CLIENT.load(Ordering::SeqCst));
1003 }
1004
1005 #[test]
1006 #[cfg_attr(libressl321, ignore)]
new_session_callback()1007 fn new_session_callback() {
1008 static CALLED_BACK: AtomicBool = AtomicBool::new(false);
1009
1010 let mut server = Server::builder();
1011 server.ctx().set_session_id_context(b"foo").unwrap();
1012
1013 let server = server.build();
1014
1015 let mut client = server.client();
1016
1017 client
1018 .ctx()
1019 .set_session_cache_mode(SslSessionCacheMode::CLIENT | SslSessionCacheMode::NO_INTERNAL);
1020 client
1021 .ctx()
1022 .set_new_session_callback(|_, _| CALLED_BACK.store(true, Ordering::SeqCst));
1023
1024 client.connect();
1025
1026 assert!(CALLED_BACK.load(Ordering::SeqCst));
1027 }
1028
1029 #[test]
1030 #[cfg_attr(libressl321, ignore)]
new_session_callback_swapped_ctx()1031 fn new_session_callback_swapped_ctx() {
1032 static CALLED_BACK: AtomicBool = AtomicBool::new(false);
1033
1034 let mut server = Server::builder();
1035 server.ctx().set_session_id_context(b"foo").unwrap();
1036
1037 let server = server.build();
1038
1039 let mut client = server.client();
1040
1041 client
1042 .ctx()
1043 .set_session_cache_mode(SslSessionCacheMode::CLIENT | SslSessionCacheMode::NO_INTERNAL);
1044 client
1045 .ctx()
1046 .set_new_session_callback(|_, _| CALLED_BACK.store(true, Ordering::SeqCst));
1047
1048 let mut client = client.build().builder();
1049
1050 let ctx = SslContextBuilder::new(SslMethod::tls()).unwrap().build();
1051 client.ssl().set_ssl_context(&ctx).unwrap();
1052
1053 client.connect();
1054
1055 assert!(CALLED_BACK.load(Ordering::SeqCst));
1056 }
1057
1058 #[test]
keying_export()1059 fn keying_export() {
1060 let listener = TcpListener::bind("127.0.0.1:0").unwrap();
1061 let addr = listener.local_addr().unwrap();
1062
1063 let label = "EXPERIMENTAL test";
1064 let context = b"my context";
1065
1066 let guard = thread::spawn(move || {
1067 let stream = listener.accept().unwrap().0;
1068 let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
1069 ctx.set_certificate_file(&Path::new("test/cert.pem"), SslFiletype::PEM)
1070 .unwrap();
1071 ctx.set_private_key_file(&Path::new("test/key.pem"), SslFiletype::PEM)
1072 .unwrap();
1073 let ssl = Ssl::new(&ctx.build()).unwrap();
1074 let mut stream = ssl.accept(stream).unwrap();
1075
1076 let mut buf = [0; 32];
1077 stream
1078 .ssl()
1079 .export_keying_material(&mut buf, label, Some(context))
1080 .unwrap();
1081
1082 stream.write_all(&[0]).unwrap();
1083
1084 buf
1085 });
1086
1087 let stream = TcpStream::connect(addr).unwrap();
1088 let ctx = SslContext::builder(SslMethod::tls()).unwrap();
1089 let ssl = Ssl::new(&ctx.build()).unwrap();
1090 let mut stream = ssl.connect(stream).unwrap();
1091
1092 let mut buf = [1; 32];
1093 stream
1094 .ssl()
1095 .export_keying_material(&mut buf, label, Some(context))
1096 .unwrap();
1097
1098 stream.read_exact(&mut [0]).unwrap();
1099
1100 let buf2 = guard.join().unwrap();
1101
1102 assert_eq!(buf, buf2);
1103 }
1104
1105 #[test]
1106 #[cfg(any(ossl110, libressl261))]
no_version_overlap()1107 fn no_version_overlap() {
1108 let mut server = Server::builder();
1109 server.ctx().set_min_proto_version(None).unwrap();
1110 server
1111 .ctx()
1112 .set_max_proto_version(Some(SslVersion::TLS1_1))
1113 .unwrap();
1114 #[cfg(any(ossl110g, libressl270))]
1115 assert_eq!(server.ctx().max_proto_version(), Some(SslVersion::TLS1_1));
1116 server.should_error();
1117 let server = server.build();
1118
1119 let mut client = server.client();
1120 client
1121 .ctx()
1122 .set_min_proto_version(Some(SslVersion::TLS1_2))
1123 .unwrap();
1124 #[cfg(ossl110g)]
1125 assert_eq!(client.ctx().min_proto_version(), Some(SslVersion::TLS1_2));
1126 client.ctx().set_max_proto_version(None).unwrap();
1127
1128 client.connect_err();
1129 }
1130
1131 #[test]
1132 #[cfg(ossl111)]
custom_extensions()1133 fn custom_extensions() {
1134 static FOUND_EXTENSION: AtomicBool = AtomicBool::new(false);
1135
1136 let mut server = Server::builder();
1137 server
1138 .ctx()
1139 .add_custom_ext(
1140 12345,
1141 ExtensionContext::CLIENT_HELLO,
1142 |_, _, _| -> Result<Option<&'static [u8]>, _> { unreachable!() },
1143 |_, _, data, _| {
1144 FOUND_EXTENSION.store(data == b"hello", Ordering::SeqCst);
1145 Ok(())
1146 },
1147 )
1148 .unwrap();
1149
1150 let server = server.build();
1151
1152 let mut client = server.client();
1153 client
1154 .ctx()
1155 .add_custom_ext(
1156 12345,
1157 ssl::ExtensionContext::CLIENT_HELLO,
1158 |_, _, _| Ok(Some(b"hello")),
1159 |_, _, _, _| unreachable!(),
1160 )
1161 .unwrap();
1162
1163 client.connect();
1164
1165 assert!(FOUND_EXTENSION.load(Ordering::SeqCst));
1166 }
1167
_check_kinds()1168 fn _check_kinds() {
1169 fn is_send<T: Send>() {}
1170 fn is_sync<T: Sync>() {}
1171
1172 is_send::<SslStream<TcpStream>>();
1173 is_sync::<SslStream<TcpStream>>();
1174 }
1175
1176 #[test]
1177 #[cfg(ossl111)]
stateless()1178 fn stateless() {
1179 use super::SslOptions;
1180
1181 #[derive(Debug)]
1182 struct MemoryStream {
1183 incoming: io::Cursor<Vec<u8>>,
1184 outgoing: Vec<u8>,
1185 }
1186
1187 impl MemoryStream {
1188 pub fn new() -> Self {
1189 Self {
1190 incoming: io::Cursor::new(Vec::new()),
1191 outgoing: Vec::new(),
1192 }
1193 }
1194
1195 pub fn extend_incoming(&mut self, data: &[u8]) {
1196 self.incoming.get_mut().extend_from_slice(data);
1197 }
1198
1199 pub fn take_outgoing(&mut self) -> Outgoing {
1200 Outgoing(&mut self.outgoing)
1201 }
1202 }
1203
1204 impl Read for MemoryStream {
1205 fn read(&mut self, buf: &mut [u8]) -> io::Result<usize> {
1206 let n = self.incoming.read(buf)?;
1207 if self.incoming.position() == self.incoming.get_ref().len() as u64 {
1208 self.incoming.set_position(0);
1209 self.incoming.get_mut().clear();
1210 }
1211 if n == 0 {
1212 return Err(io::Error::new(
1213 io::ErrorKind::WouldBlock,
1214 "no data available",
1215 ));
1216 }
1217 Ok(n)
1218 }
1219 }
1220
1221 impl Write for MemoryStream {
1222 fn write(&mut self, buf: &[u8]) -> io::Result<usize> {
1223 self.outgoing.write(buf)
1224 }
1225
1226 fn flush(&mut self) -> io::Result<()> {
1227 Ok(())
1228 }
1229 }
1230
1231 pub struct Outgoing<'a>(&'a mut Vec<u8>);
1232
1233 impl<'a> Drop for Outgoing<'a> {
1234 fn drop(&mut self) {
1235 self.0.clear();
1236 }
1237 }
1238
1239 impl<'a> ::std::ops::Deref for Outgoing<'a> {
1240 type Target = [u8];
1241 fn deref(&self) -> &[u8] {
1242 &self.0
1243 }
1244 }
1245
1246 impl<'a> AsRef<[u8]> for Outgoing<'a> {
1247 fn as_ref(&self) -> &[u8] {
1248 &self.0
1249 }
1250 }
1251
1252 fn send(from: &mut MemoryStream, to: &mut MemoryStream) {
1253 to.extend_incoming(&from.take_outgoing());
1254 }
1255
1256 //
1257 // Setup
1258 //
1259
1260 let mut client_ctx = SslContext::builder(SslMethod::tls()).unwrap();
1261 client_ctx.clear_options(SslOptions::ENABLE_MIDDLEBOX_COMPAT);
1262 let mut client_stream =
1263 SslStream::new(Ssl::new(&client_ctx.build()).unwrap(), MemoryStream::new()).unwrap();
1264
1265 let mut server_ctx = SslContext::builder(SslMethod::tls()).unwrap();
1266 server_ctx
1267 .set_certificate_file(&Path::new("test/cert.pem"), SslFiletype::PEM)
1268 .unwrap();
1269 server_ctx
1270 .set_private_key_file(&Path::new("test/key.pem"), SslFiletype::PEM)
1271 .unwrap();
1272 const COOKIE: &[u8] = b"chocolate chip";
1273 server_ctx.set_stateless_cookie_generate_cb(|_tls, buf| {
1274 buf[0..COOKIE.len()].copy_from_slice(COOKIE);
1275 Ok(COOKIE.len())
1276 });
1277 server_ctx.set_stateless_cookie_verify_cb(|_tls, buf| buf == COOKIE);
1278 let mut server_stream =
1279 SslStream::new(Ssl::new(&server_ctx.build()).unwrap(), MemoryStream::new()).unwrap();
1280
1281 //
1282 // Handshake
1283 //
1284
1285 // Initial ClientHello
1286 client_stream.connect().unwrap_err();
1287 send(client_stream.get_mut(), server_stream.get_mut());
1288 // HelloRetryRequest
1289 assert!(!server_stream.stateless().unwrap());
1290 send(server_stream.get_mut(), client_stream.get_mut());
1291 // Second ClientHello
1292 client_stream.do_handshake().unwrap_err();
1293 send(client_stream.get_mut(), server_stream.get_mut());
1294 // OldServerHello
1295 assert!(server_stream.stateless().unwrap());
1296 server_stream.accept().unwrap_err();
1297 send(server_stream.get_mut(), client_stream.get_mut());
1298 // Finished
1299 client_stream.do_handshake().unwrap();
1300 send(client_stream.get_mut(), server_stream.get_mut());
1301 server_stream.do_handshake().unwrap();
1302 }
1303
1304 #[cfg(not(osslconf = "OPENSSL_NO_PSK"))]
1305 #[test]
psk_ciphers()1306 fn psk_ciphers() {
1307 const CIPHER: &str = "PSK-AES128-CBC-SHA";
1308 const PSK: &[u8] = b"thisisaverysecurekey";
1309 const CLIENT_IDENT: &[u8] = b"thisisaclient";
1310 static CLIENT_CALLED: AtomicBool = AtomicBool::new(false);
1311 static SERVER_CALLED: AtomicBool = AtomicBool::new(false);
1312
1313 let mut server = Server::builder();
1314 server.ctx().set_cipher_list(CIPHER).unwrap();
1315 server.ctx().set_psk_server_callback(|_, identity, psk| {
1316 assert!(identity.unwrap_or(&[]) == CLIENT_IDENT);
1317 psk[..PSK.len()].copy_from_slice(PSK);
1318 SERVER_CALLED.store(true, Ordering::SeqCst);
1319 Ok(PSK.len())
1320 });
1321
1322 let server = server.build();
1323
1324 let mut client = server.client();
1325 // This test relies on TLS 1.2 suites
1326 #[cfg(ossl111)]
1327 client.ctx().set_options(super::SslOptions::NO_TLSV1_3);
1328 client.ctx().set_cipher_list(CIPHER).unwrap();
1329 client
1330 .ctx()
1331 .set_psk_client_callback(move |_, _, identity, psk| {
1332 identity[..CLIENT_IDENT.len()].copy_from_slice(&CLIENT_IDENT);
1333 identity[CLIENT_IDENT.len()] = 0;
1334 psk[..PSK.len()].copy_from_slice(PSK);
1335 CLIENT_CALLED.store(true, Ordering::SeqCst);
1336 Ok(PSK.len())
1337 });
1338
1339 client.connect();
1340
1341 assert!(CLIENT_CALLED.load(Ordering::SeqCst) && SERVER_CALLED.load(Ordering::SeqCst));
1342 }
1343
1344 #[test]
sni_callback_swapped_ctx()1345 fn sni_callback_swapped_ctx() {
1346 static CALLED_BACK: AtomicBool = AtomicBool::new(false);
1347
1348 let mut server = Server::builder();
1349
1350 let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
1351 ctx.set_servername_callback(|_, _| {
1352 CALLED_BACK.store(true, Ordering::SeqCst);
1353 Ok(())
1354 });
1355
1356 let keyed_ctx = mem::replace(server.ctx(), ctx).build();
1357 server.ssl_cb(move |ssl| ssl.set_ssl_context(&keyed_ctx).unwrap());
1358
1359 let server = server.build();
1360
1361 server.client().connect();
1362
1363 assert!(CALLED_BACK.load(Ordering::SeqCst));
1364 }
1365
1366 #[test]
1367 #[cfg(ossl111)]
client_hello()1368 fn client_hello() {
1369 static CALLED_BACK: AtomicBool = AtomicBool::new(false);
1370
1371 let mut server = Server::builder();
1372 server.ctx().set_client_hello_callback(|ssl, _| {
1373 assert!(!ssl.client_hello_isv2());
1374 assert_eq!(ssl.client_hello_legacy_version(), Some(SslVersion::TLS1_2));
1375 assert!(ssl.client_hello_random().is_some());
1376 assert!(ssl.client_hello_session_id().is_some());
1377 assert!(ssl.client_hello_ciphers().is_some());
1378 assert!(ssl.client_hello_compression_methods().is_some());
1379
1380 CALLED_BACK.store(true, Ordering::SeqCst);
1381 Ok(ClientHelloResponse::SUCCESS)
1382 });
1383
1384 let server = server.build();
1385 server.client().connect();
1386
1387 assert!(CALLED_BACK.load(Ordering::SeqCst));
1388 }
1389
1390 #[test]
1391 #[cfg(ossl111)]
openssl_cipher_name()1392 fn openssl_cipher_name() {
1393 assert_eq!(
1394 super::cipher_name("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"),
1395 "ECDHE-RSA-AES256-SHA384",
1396 );
1397
1398 assert_eq!(super::cipher_name("asdf"), "(NONE)");
1399 }
1400
1401 #[test]
session_cache_size()1402 fn session_cache_size() {
1403 let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
1404 ctx.set_session_cache_size(1234);
1405 let ctx = ctx.build();
1406 assert_eq!(ctx.session_cache_size(), 1234);
1407 }
1408