Fix ALPN tests when NPN is off

OPENSSL_NO_NEXTPROTONEG only disables NPN, not ALPN Reviewed-by: N Richard Levitte <levitte@openssl.org>

Fix ALPN tests when NPN is off
OPENSSL_NO_NEXTPROTONEG only disables NPN, not ALPN Reviewed-by: N Richard Levitte <levitte@openssl.org>
7b7cea6d · Emilia Kasper · 9f48bbac · 7b7cea6d · 7b7cea6d · 7b7cea6d
隐藏空白更改
内联并排

Showing with 7 addition and 11 deletion

test/handshake_helper.c test/handshake_helper.c +5 -8

test/recipes/80-test_ssl_new.t test/recipes/80-test_ssl_new.t +0 -1

test/ssl_test.c test/ssl_test.c +2 -2

未找到文件。
--- a/test/handshake_helper.c
+++ b/test/handshake_helper.c
@@ -164,7 +164,6 @@ static int do_not_call_session_ticket_cb(SSL *s, unsigned char *key_name,
    return 0;
 }

-#ifndef OPENSSL_NO_NEXTPROTONEG
 /* Parse the comma-separated list into TLS format. */
 static void parse_protos(const char *protos, unsigned char **out, size_t *outlen)
 {
@@ -200,6 +199,7 @@ static void parse_protos(const char *protos, unsigned char **out, size_t *outlen
    (*out)[prefix] = len - prefix;
 }

+#ifndef OPENSSL_NO_NEXTPROTONEG
 /*
 * The client SHOULD select the first protocol advertised by the server that it
 * also supports.  In the event that the client doesn't support any of server's
@@ -230,6 +230,7 @@ static int server_npn_cb(SSL *s, const unsigned char **data,
    *len = ctx_data->npn_protocols_len;
    return SSL_TLSEXT_ERR_OK;
 }
+#endif

 /*
 * The server SHOULD select the most highly preferred protocol that it supports
@@ -261,7 +262,6 @@ static int server_alpn_cb(SSL *s, const unsigned char **out,
    return ret == OPENSSL_NPN_NEGOTIATED ? SSL_TLSEXT_ERR_OK
        : SSL_TLSEXT_ERR_NOACK;
 }
-#endif

 /*
 * Configure callbacks and other properties that can't be set directly
@@ -339,6 +339,7 @@ static void configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *server2_ctx,
        SSL_CTX_set_next_proto_select_cb(client_ctx, client_npn_cb,
                                         client_ctx_data);
    }
+#endif
    if (extra->server.alpn_protocols != NULL) {
        parse_protos(extra->server.alpn_protocols,
                     &server_ctx_data->alpn_protocols,
@@ -362,7 +363,7 @@ static void configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *server2_ctx,
                                               alpn_protos_len) == 0);
        OPENSSL_free(alpn_protos);
    }
-#endif
+
    /*
     * Use fixed session ticket keys so that we can decrypt a ticket created with
     * one CTX in another CTX. Don't address server2 for the moment.
@@ -499,7 +500,6 @@ static handshake_status_t handshake_status(peer_status_t last_status,
    return INTERNAL_ERROR;
 }

-#ifndef OPENSSL_NO_NEXTPROTONEG
 /* Convert unsigned char buf's that shouldn't contain any NUL-bytes to char. */
 static char *dup_str(const unsigned char *in, size_t len)
 {
@@ -514,7 +514,6 @@ static char *dup_str(const unsigned char *in, size_t len)
    OPENSSL_assert(ret != NULL);
    return ret;
 }
-#endif

 static HANDSHAKE_RESULT *do_handshake_internal(
    SSL_CTX *server_ctx, SSL_CTX *server2_ctx, SSL_CTX *client_ctx,
@@ -532,11 +531,9 @@ static HANDSHAKE_RESULT *do_handshake_internal(
    unsigned char* tick = NULL;
    size_t tick_len = 0;
    SSL_SESSION* sess = NULL;
-#ifndef OPENSSL_NO_NEXTPROTONEG
    const unsigned char *proto = NULL;
    /* API dictates unsigned int rather than size_t. */
    unsigned int proto_len = 0;
-#endif

    memset(&server_ctx_data, 0, sizeof(server_ctx_data));
    memset(&server2_ctx_data, 0, sizeof(server2_ctx_data));
@@ -657,13 +654,13 @@ static HANDSHAKE_RESULT *do_handshake_internal(

    SSL_get0_next_proto_negotiated(server, &proto, &proto_len);
    ret->server_npn_negotiated = dup_str(proto, proto_len);
+#endif

    SSL_get0_alpn_selected(client, &proto, &proto_len);
    ret->client_alpn_negotiated = dup_str(proto, proto_len);

    SSL_get0_alpn_selected(server, &proto, &proto_len);
    ret->server_alpn_negotiated = dup_str(proto, proto_len);
-#endif

    ret->client_resumed = SSL_session_reused(client);
    ret->server_resumed = SSL_session_reused(server);

--- a/test/recipes/80-test_ssl_new.t
+++ b/test/recipes/80-test_ssl_new.t
@@ -53,7 +53,6 @@ my %conf_dependent_tests = (
 my %skip = (
  "07-dtls-protocol-version.conf" => $no_dtls,
  "08-npn.conf" => $no_tls || $no_npn,
-  "09-alpn.conf" => $no_tls || $no_npn,
  "10-resumption.conf" => disabled("tls1_1") || disabled("tls1_2"),
  "11-dtls_resumption.conf" => disabled("dtls1") || disabled("dtls1_2"),
 );

--- a/test/ssl_test.c
+++ b/test/ssl_test.c
@@ -159,6 +159,7 @@ static int check_npn(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
                         result->client_npn_negotiated);
    return ret;
 }
+#endif

 static int check_alpn(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
 {
@@ -171,7 +172,6 @@ static int check_alpn(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
                         result->client_alpn_negotiated);
    return ret;
 }
-#endif

 static int check_resumption(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
 {
@@ -205,8 +205,8 @@ static int check_test(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
        ret &= (result->session_ticket_do_not_call == 0);
 #ifndef OPENSSL_NO_NEXTPROTONEG
        ret &= check_npn(result, test_ctx);
-        ret &= check_alpn(result, test_ctx);
 #endif
+        ret &= check_alpn(result, test_ctx);
        ret &= check_resumption(result, test_ctx);
    }
    return ret;