Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
btwise
openssl
提交
d9a268b9
O
openssl
项目概览
btwise
/
openssl
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
O
openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
d9a268b9
编写于
9月 05, 2010
作者:
B
Ben Laurie
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
NPN tests.
上级
5df2a249
变更
2
隐藏空白更改
内联
并排
Showing
2 changed file
with
139 addition
and
0 deletion
+139
-0
ssl/ssltest.c
ssl/ssltest.c
+128
-0
test/testssl
test/testssl
+11
-0
未找到文件。
ssl/ssltest.c
浏览文件 @
d9a268b9
...
@@ -249,6 +249,81 @@ static unsigned int psk_server_callback(SSL *ssl, const char *identity, unsigned
...
@@ -249,6 +249,81 @@ static unsigned int psk_server_callback(SSL *ssl, const char *identity, unsigned
static
BIO
*
bio_err
=
NULL
;
static
BIO
*
bio_err
=
NULL
;
static
BIO
*
bio_stdout
=
NULL
;
static
BIO
*
bio_stdout
=
NULL
;
#ifndef OPENSSL_NO_NPN
/* Note that this code assumes that this is only a one element list: */
static
const
char
NEXT_PROTO_STRING
[]
=
"
\x09
testproto"
;
int
npn_client
=
0
;
int
npn_server
=
0
;
int
npn_server_reject
=
0
;
static
int
cb_client_npn
(
SSL
*
s
,
unsigned
char
**
out
,
unsigned
char
*
outlen
,
const
unsigned
char
*
in
,
unsigned
int
inlen
,
void
*
arg
)
{
/* This callback only returns the protocol string, rather than a length
prefixed set. We assume that NEXT_PROTO_STRING is a one element list and
remove the first byte to chop off the length prefix. */
*
out
=
(
unsigned
char
*
)
NEXT_PROTO_STRING
+
1
;
*
outlen
=
sizeof
(
NEXT_PROTO_STRING
)
-
2
;
return
SSL_TLSEXT_ERR_OK
;
}
static
int
cb_server_npn
(
SSL
*
s
,
const
unsigned
char
**
data
,
unsigned
int
*
len
,
void
*
arg
)
{
*
data
=
(
const
unsigned
char
*
)
NEXT_PROTO_STRING
;
*
len
=
sizeof
(
NEXT_PROTO_STRING
)
-
1
;
return
SSL_TLSEXT_ERR_OK
;
}
static
int
cb_server_rejects_npn
(
SSL
*
s
,
const
unsigned
char
**
data
,
unsigned
int
*
len
,
void
*
arg
)
{
return
SSL_TLSEXT_ERR_NOACK
;
}
static
int
verify_npn
(
SSL
*
client
,
SSL
*
server
)
{
const
unsigned
char
*
client_s
;
unsigned
client_len
;
const
unsigned
char
*
server_s
;
unsigned
server_len
;
SSL_get0_next_proto_negotiated
(
client
,
&
client_s
,
&
client_len
);
SSL_get0_next_proto_negotiated
(
server
,
&
server_s
,
&
server_len
);
if
(
client_len
)
{
BIO_printf
(
bio_stdout
,
"Client NPN: "
);
BIO_write
(
bio_stdout
,
client_s
,
client_len
);
BIO_printf
(
bio_stdout
,
"
\n
"
);
}
if
(
server_len
)
{
BIO_printf
(
bio_stdout
,
"Server NPN: "
);
BIO_write
(
bio_stdout
,
server_s
,
server_len
);
BIO_printf
(
bio_stdout
,
"
\n
"
);
}
/* If an NPN string was returned, it must be the protocol that we
* expected to negotiate. */
if
(
client_len
&&
(
client_len
!=
sizeof
(
NEXT_PROTO_STRING
)
-
2
||
memcmp
(
client_s
,
NEXT_PROTO_STRING
+
1
,
client_len
)))
return
-
1
;
if
(
server_len
&&
(
server_len
!=
sizeof
(
NEXT_PROTO_STRING
)
-
2
||
memcmp
(
server_s
,
NEXT_PROTO_STRING
+
1
,
server_len
)))
return
-
1
;
if
(
!
npn_client
&&
client_len
)
return
-
1
;
if
(
!
npn_server
&&
server_len
)
return
-
1
;
if
(
npn_server_reject
&&
server_len
)
return
-
1
;
if
(
npn_client
&&
npn_server
&&
(
!
client_len
||
!
server_len
))
return
-
1
;
return
0
;
}
#endif
static
char
*
cipher
=
NULL
;
static
char
*
cipher
=
NULL
;
static
int
verbose
=
0
;
static
int
verbose
=
0
;
static
int
debug
=
0
;
static
int
debug
=
0
;
...
@@ -316,6 +391,11 @@ static void sv_usage(void)
...
@@ -316,6 +391,11 @@ static void sv_usage(void)
" (default is sect163r2).
\n
"
);
" (default is sect163r2).
\n
"
);
#endif
#endif
fprintf
(
stderr
,
" -test_cipherlist - verifies the order of the ssl cipher lists
\n
"
);
fprintf
(
stderr
,
" -test_cipherlist - verifies the order of the ssl cipher lists
\n
"
);
#ifndef OPENSSL_NO_NPN
fprintf
(
stderr
,
" -npn_client - have client side offer NPN
\n
"
);
fprintf
(
stderr
,
" -npn_server - have server side offer NPN
\n
"
);
fprintf
(
stderr
,
" -npn_server_reject - have server reject NPN
\n
"
);
#endif
}
}
static
void
print_details
(
SSL
*
c_ssl
,
const
char
*
prefix
)
static
void
print_details
(
SSL
*
c_ssl
,
const
char
*
prefix
)
...
@@ -680,6 +760,20 @@ int main(int argc, char *argv[])
...
@@ -680,6 +760,20 @@ int main(int argc, char *argv[])
{
{
test_cipherlist
=
1
;
test_cipherlist
=
1
;
}
}
#ifndef OPENSSL_NO_NPN
else
if
(
strcmp
(
*
argv
,
"-npn_client"
)
==
0
)
{
npn_client
=
1
;
}
else
if
(
strcmp
(
*
argv
,
"-npn_server"
)
==
0
)
{
npn_server
=
1
;
}
else
if
(
strcmp
(
*
argv
,
"-npn_server_reject"
)
==
0
)
{
npn_server_reject
=
1
;
}
#endif
else
else
{
{
fprintf
(
stderr
,
"unknown option %s
\n
"
,
*
argv
);
fprintf
(
stderr
,
"unknown option %s
\n
"
,
*
argv
);
...
@@ -941,6 +1035,26 @@ bad:
...
@@ -941,6 +1035,26 @@ bad:
#endif
#endif
}
}
#ifndef OPENSSL_NO_NPN
if
(
npn_client
)
{
SSL_CTX_set_next_proto_select_cb
(
c_ctx
,
cb_client_npn
,
NULL
);
}
if
(
npn_server
)
{
if
(
npn_server_reject
)
{
BIO_printf
(
bio_err
,
"Can't have both -npn_server and -npn_server_reject
\n
"
);
goto
end
;
}
SSL_CTX_set_next_protos_advertised_cb
(
s_ctx
,
cb_server_npn
,
NULL
);
}
if
(
npn_server_reject
)
{
SSL_CTX_set_next_protos_advertised_cb
(
s_ctx
,
cb_server_rejects_npn
,
NULL
);
}
#endif
c_ssl
=
SSL_new
(
c_ctx
);
c_ssl
=
SSL_new
(
c_ctx
);
s_ssl
=
SSL_new
(
s_ctx
);
s_ssl
=
SSL_new
(
s_ctx
);
...
@@ -1391,6 +1505,13 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
...
@@ -1391,6 +1505,13 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
if
(
verbose
)
if
(
verbose
)
print_details
(
c_ssl
,
"DONE via BIO pair: "
);
print_details
(
c_ssl
,
"DONE via BIO pair: "
);
#ifndef OPENSSL_NO_NPN
if
(
verify_npn
(
c_ssl
,
s_ssl
)
<
0
)
{
ret
=
1
;
goto
end
;
}
#endif
end:
end:
ret
=
0
;
ret
=
0
;
...
@@ -1686,6 +1807,13 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count)
...
@@ -1686,6 +1807,13 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count)
if
(
verbose
)
if
(
verbose
)
print_details
(
c_ssl
,
"DONE: "
);
print_details
(
c_ssl
,
"DONE: "
);
#ifndef OPENSSL_NO_NPN
if
(
verify_npn
(
c_ssl
,
s_ssl
)
<
0
)
{
ret
=
1
;
goto
err
;
}
#endif
ret
=
0
;
ret
=
0
;
err:
err:
/* We have to set the BIO's to NULL otherwise they will be
/* We have to set the BIO's to NULL otherwise they will be
...
...
test/testssl
浏览文件 @
d9a268b9
...
@@ -148,4 +148,15 @@ $ssltest -tls1 -cipher PSK -psk abc123 $extra || exit 1
...
@@ -148,4 +148,15 @@ $ssltest -tls1 -cipher PSK -psk abc123 $extra || exit 1
echo test
tls1 with PSK via BIO pair
echo test
tls1 with PSK via BIO pair
$ssltest
-bio_pair
-tls1
-cipher
PSK
-psk
abc123
$extra
||
exit
1
$ssltest
-bio_pair
-tls1
-cipher
PSK
-psk
abc123
$extra
||
exit
1
#############################################################################
# Next Protocol Negotiation Tests
$ssltest
-bio_pair
-tls1
-npn_client
||
exit
1
$ssltest
-bio_pair
-tls1
-npn_server
||
exit
1
$ssltest
-bio_pair
-tls1
-npn_server_reject
||
exit
1
$ssltest
-bio_pair
-tls1
-npn_client
-npn_server_reject
||
exit
1
$ssltest
-bio_pair
-tls1
-npn_client
-npn_server
||
exit
1
$ssltest
-bio_pair
-tls1
-npn_client
-npn_server
-num
2
||
exit
1
$ssltest
-bio_pair
-tls1
-npn_client
-npn_server
-num
2
-reuse
||
exit
1
exit
0
exit
0
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录