Skip to content

O
openssl

btwise / openssl

通知 1
Star 0
Fork 0
O
openssl

体验新版 GitCode,发现更多精彩内容 >>

提交 c22365b3 编写于 作者: M Matt Caswell
浏览文件
操作

Improve testing of tickets with post-handshake auth 

Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5227)
上级 56548e86
隐藏空白更改
内联 并排
Showing with 51 addition and 18 deletion
test/sslapitest.c
浏览文件 @ c22365b3
......@@ -1184,11 +1184,35 @@ static int test_session_with_both_cache(void)
#endif
}
SSL_SESSION *sesscache[9];
static SSL_SESSION *sesscache[6];
static int do_cache;
static int new_cachesession_cb(SSL *ssl, SSL_SESSION *sess)
{
sesscache[new_called++] = sess;
if (do_cache) {
sesscache[new_called] = sess;
} else {
/* We don't need the reference to the session, so free it */
SSL_SESSION_free(sess);
}
new_called++;
return 1;
}
static int post_handshake_verify(SSL *sssl, SSL *cssl)
{
SSL_set_verify(sssl, SSL_VERIFY_PEER, NULL);
if (!TEST_true(SSL_verify_client_post_handshake(sssl)))
return 0;
/* Start handshake on the server and client */
if (!TEST_int_eq(SSL_do_handshake(sssl), 1)
|| !TEST_int_le(SSL_read(cssl, NULL, 0), 0)
|| !TEST_int_le(SSL_read(sssl, NULL, 0), 0)
|| !TEST_true(create_ssl_connection(sssl, cssl,
SSL_ERROR_NONE)))
return 0;
return 1;
}
......@@ -1203,6 +1227,7 @@ static int test_tickets(int idx)
/* idx is the test number, but also the number of tickets we want */
new_called = 0;
do_cache = 1;
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
TLS1_VERSION, TLS_MAX_VERSION, &sctx,
......@@ -1227,34 +1252,40 @@ static int test_tickets(int idx)
goto end;
/* After a post-handshake authentication we should get new tickets issued */
SSL_set_verify(serverssl, SSL_VERIFY_PEER, NULL);
if (!TEST_true(SSL_verify_client_post_handshake(serverssl)))
goto end;
/* Start handshake on the server and client */
if (!TEST_int_eq(SSL_do_handshake(serverssl), 1)
|| !TEST_int_le(SSL_read(clientssl, NULL, 0), 0)
|| !TEST_int_le(SSL_read(serverssl, NULL, 0), 0)
|| !TEST_true(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_NONE))
if (!post_handshake_verify(serverssl, clientssl)
|| !TEST_int_eq(idx * 2, new_called))
goto end;
SSL_CTX_sess_set_new_cb(cctx, NULL);
SSL_shutdown(clientssl);
SSL_shutdown(serverssl);
SSL_free(serverssl);
SSL_free(clientssl);
serverssl = clientssl = NULL;
/* Stop caching sessions - just count them */
do_cache = 0;
/* Test that we can resume with all the tickets we got given */
for (i = 0; i < new_called; i++) {
for (i = 0; i < idx * 2; i++) {
new_called = 0;
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
&clientssl, NULL, NULL))
|| !TEST_true(SSL_set_session(clientssl, sesscache[i]))
|| !TEST_true(create_ssl_connection(serverssl, clientssl,
|| !TEST_true(SSL_set_session(clientssl, sesscache[i])))
goto end;
SSL_force_post_handshake_auth(clientssl);
if (!TEST_true(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_NONE))
|| !TEST_true(SSL_session_reused(clientssl)))
|| !TEST_true(SSL_session_reused(clientssl))
/* Following a resumption we only get 1 ticket */
|| !TEST_int_eq(new_called, 1))
goto end;
new_called = 0;
/* After a post-handshake authentication we should get 1 new ticket */
if (!post_handshake_verify(serverssl, clientssl)
|| !TEST_int_eq(new_called, 1))
goto end;
SSL_shutdown(clientssl);
......@@ -1271,8 +1302,10 @@ static int test_tickets(int idx)
end:
SSL_free(serverssl);
SSL_free(clientssl);
for (j = 0; j < OSSL_NELEM(sesscache); j++)
for (j = 0; j < OSSL_NELEM(sesscache); j++) {
SSL_SESSION_free(sesscache[j]);
sesscache[j] = NULL;
}
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册