提交 b4982125 编写于 作者: M Matt Caswell

Split create_ssl_connection()

Split the create_ssl_connection() helper function into two steps: one to
create the SSL objects, and one to actually create the connection. This
provides the ability to make changes to the SSL object before the
connection is actually made.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
上级 d82dec40
...@@ -276,8 +276,13 @@ int main(int argc, char *argv[]) ...@@ -276,8 +276,13 @@ int main(int argc, char *argv[])
} }
/* BIOs get freed on error */ /* BIOs get freed on error */
if (!create_ssl_connection(serverctx, clientctx, &serverssl, &clientssl, if (!create_ssl_objects(serverctx, clientctx, &serverssl, &clientssl,
s_to_c_fbio, c_to_s_fbio)) { s_to_c_fbio, c_to_s_fbio)) {
printf("Test %d failed: Create SSL objects failed\n", test);
goto end;
}
if (!create_ssl_connection(serverssl, clientssl)) {
printf("Test %d failed: Create SSL connection failed\n", test); printf("Test %d failed: Create SSL connection failed\n", test);
goto end; goto end;
} }
......
...@@ -122,7 +122,9 @@ static int execute_test_session(SSL_SESSION_TEST_FIXTURE fix) ...@@ -122,7 +122,9 @@ static int execute_test_session(SSL_SESSION_TEST_FIXTURE fix)
SSL_CTX *sctx = NULL, *cctx = NULL; SSL_CTX *sctx = NULL, *cctx = NULL;
SSL *serverssl1 = NULL, *clientssl1 = NULL; SSL *serverssl1 = NULL, *clientssl1 = NULL;
SSL *serverssl2 = NULL, *clientssl2 = NULL; SSL *serverssl2 = NULL, *clientssl2 = NULL;
#ifndef OPENSSL_NO_TLS1_1
SSL *serverssl3 = NULL, *clientssl3 = NULL; SSL *serverssl3 = NULL, *clientssl3 = NULL;
#endif
SSL_SESSION *sess1 = NULL, *sess2 = NULL; SSL_SESSION *sess1 = NULL, *sess2 = NULL;
int testresult = 0; int testresult = 0;
...@@ -151,8 +153,13 @@ static int execute_test_session(SSL_SESSION_TEST_FIXTURE fix) ...@@ -151,8 +153,13 @@ static int execute_test_session(SSL_SESSION_TEST_FIXTURE fix)
| SSL_SESS_CACHE_NO_INTERNAL_STORE); | SSL_SESS_CACHE_NO_INTERNAL_STORE);
} }
if (!create_ssl_connection(sctx, cctx, &serverssl1, &clientssl1, NULL, if (!create_ssl_objects(sctx, cctx, &serverssl1, &clientssl1, NULL,
NULL)) { NULL)) {
printf("Unable to create SSL objects\n");
goto end;
}
if (!create_ssl_connection(serverssl1, clientssl1)) {
printf("Unable to create SSL connection\n"); printf("Unable to create SSL connection\n");
goto end; goto end;
} }
...@@ -173,8 +180,12 @@ static int execute_test_session(SSL_SESSION_TEST_FIXTURE fix) ...@@ -173,8 +180,12 @@ static int execute_test_session(SSL_SESSION_TEST_FIXTURE fix)
goto end; goto end;
} }
if (!create_ssl_connection(sctx, cctx, &serverssl2, &clientssl2, NULL, if (!create_ssl_objects(sctx, cctx, &serverssl2, &clientssl2, NULL, NULL)) {
NULL)) { printf("Unable to create second SSL objects\n");
goto end;
}
if (!create_ssl_connection(serverssl2, clientssl2)) {
printf("Unable to create second SSL connection\n"); printf("Unable to create second SSL connection\n");
goto end; goto end;
} }
...@@ -245,23 +256,24 @@ static int execute_test_session(SSL_SESSION_TEST_FIXTURE fix) ...@@ -245,23 +256,24 @@ static int execute_test_session(SSL_SESSION_TEST_FIXTURE fix)
#if !defined(OPENSSL_NO_TLS1_1) && !defined(OPENSSL_NO_TLS1_2) #if !defined(OPENSSL_NO_TLS1_1) && !defined(OPENSSL_NO_TLS1_2)
/* Force a connection failure */ /* Force a connection failure */
SSL_CTX_set_max_proto_version(sctx, TLS1_1_VERSION); SSL_CTX_set_max_proto_version(sctx, TLS1_1_VERSION);
clientssl3 = SSL_new(cctx);
if (clientssl3 == NULL) { if (!create_ssl_objects(sctx, cctx, &serverssl3, &clientssl3, NULL, NULL)) {
printf("Malloc failure\n"); printf("Unable to create third SSL objects\n");
goto end; goto end;
} }
if (!SSL_set_session(clientssl3, sess1)) { if (!SSL_set_session(clientssl3, sess1)) {
printf("Unable to set session for third connection\n"); printf("Unable to set session for third connection\n");
goto end; goto end;
} }
/* This should fail because of the mismatched protocol versions */ /* This should fail because of the mismatched protocol versions */
if (create_ssl_connection(sctx, cctx, &serverssl3, &clientssl3, NULL, if (create_ssl_connection(serverssl3, clientssl3)) {
NULL)) { printf("Unable to create third SSL connection\n");
printf("Unexpected success creating SSL connection\n");
goto end; goto end;
} }
/* We should have automatically removed the session from the cache */ /* We should have automatically removed the session from the cache */
if (fix.use_ext_cache && (new_called != 2 || remove_called != 3)) { if (fix.use_ext_cache && (new_called != 2 || remove_called != 3)) {
printf("Failed to call callback to remove session #2\n"); printf("Failed to call callback to remove session #2\n");
...@@ -284,8 +296,10 @@ static int execute_test_session(SSL_SESSION_TEST_FIXTURE fix) ...@@ -284,8 +296,10 @@ static int execute_test_session(SSL_SESSION_TEST_FIXTURE fix)
SSL_free(clientssl1); SSL_free(clientssl1);
SSL_free(serverssl2); SSL_free(serverssl2);
SSL_free(clientssl2); SSL_free(clientssl2);
#ifndef OPENSSL_NO_TLS1_1
SSL_free(serverssl3); SSL_free(serverssl3);
SSL_free(clientssl3); SSL_free(clientssl3);
#endif
SSL_SESSION_free(sess1); SSL_SESSION_free(sess1);
SSL_SESSION_free(sess2); SSL_SESSION_free(sess2);
/* /*
......
...@@ -567,11 +567,9 @@ int create_ssl_ctx_pair(const SSL_METHOD *sm, const SSL_METHOD *cm, ...@@ -567,11 +567,9 @@ int create_ssl_ctx_pair(const SSL_METHOD *sm, const SSL_METHOD *cm,
/* /*
* NOTE: Transfers control of the BIOs - this function will free them on error * NOTE: Transfers control of the BIOs - this function will free them on error
*/ */
int create_ssl_connection(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl, int create_ssl_objects(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl,
SSL **cssl, BIO *s_to_c_fbio, BIO *c_to_s_fbio) SSL **cssl, BIO *s_to_c_fbio, BIO *c_to_s_fbio)
{ {
int retc = -1, rets = -1, err, abortctr = 0;
int clienterr = 0, servererr = 0;
SSL *serverssl, *clientssl; SSL *serverssl, *clientssl;
BIO *s_to_c_bio = NULL, *c_to_s_bio = NULL; BIO *s_to_c_bio = NULL, *c_to_s_bio = NULL;
...@@ -589,8 +587,13 @@ int create_ssl_connection(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl, ...@@ -589,8 +587,13 @@ int create_ssl_connection(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl,
goto error; goto error;
} }
s_to_c_bio = BIO_new(BIO_s_mem()); if (SSL_is_dtls(clientssl)) {
c_to_s_bio = BIO_new(BIO_s_mem()); s_to_c_bio = BIO_new(bio_s_mempacket_test());
c_to_s_bio = BIO_new(bio_s_mempacket_test());;
} else {
s_to_c_bio = BIO_new(BIO_s_mem());
c_to_s_bio = BIO_new(BIO_s_mem());
}
if (s_to_c_bio == NULL || c_to_s_bio == NULL) { if (s_to_c_bio == NULL || c_to_s_bio == NULL) {
printf("Failed to create mem BIOs\n"); printf("Failed to create mem BIOs\n");
goto error; goto error;
...@@ -620,6 +623,27 @@ int create_ssl_connection(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl, ...@@ -620,6 +623,27 @@ int create_ssl_connection(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl,
s_to_c_bio = c_to_s_bio = NULL; s_to_c_bio = c_to_s_bio = NULL;
s_to_c_fbio = c_to_s_fbio = NULL; s_to_c_fbio = c_to_s_fbio = NULL;
*sssl = serverssl;
*cssl = clientssl;
return 1;
error:
SSL_free(serverssl);
SSL_free(clientssl);
BIO_free(s_to_c_bio);
BIO_free(c_to_s_bio);
BIO_free(s_to_c_fbio);
BIO_free(c_to_s_fbio);
return 0;
}
int create_ssl_connection(SSL *serverssl, SSL *clientssl)
{
int retc = -1, rets = -1, err, abortctr = 0;
int clienterr = 0, servererr = 0;
do { do {
err = SSL_ERROR_WANT_WRITE; err = SSL_ERROR_WANT_WRITE;
while (!clienterr && retc <= 0 && err == SSL_ERROR_WANT_WRITE) { while (!clienterr && retc <= 0 && err == SSL_ERROR_WANT_WRITE) {
...@@ -645,29 +669,12 @@ int create_ssl_connection(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl, ...@@ -645,29 +669,12 @@ int create_ssl_connection(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl,
servererr = 1; servererr = 1;
} }
if (clienterr && servererr) if (clienterr && servererr)
goto error; return 0;
if (++abortctr == MAXLOOPS) { if (++abortctr == MAXLOOPS) {
printf("No progress made\n"); printf("No progress made\n");
goto error; return 0;
} }
} while (retc <=0 || rets <= 0); } while (retc <=0 || rets <= 0);
*sssl = serverssl;
*cssl = clientssl;
return 1; return 1;
error:
if (*sssl == NULL) {
SSL_free(serverssl);
BIO_free(s_to_c_bio);
BIO_free(s_to_c_fbio);
}
if (*cssl == NULL) {
SSL_free(clientssl);
BIO_free(c_to_s_bio);
BIO_free(c_to_s_fbio);
}
return 0;
} }
...@@ -15,8 +15,9 @@ ...@@ -15,8 +15,9 @@
int create_ssl_ctx_pair(const SSL_METHOD *sm, const SSL_METHOD *cm, int create_ssl_ctx_pair(const SSL_METHOD *sm, const SSL_METHOD *cm,
SSL_CTX **sctx, SSL_CTX **cctx, char *certfile, SSL_CTX **sctx, SSL_CTX **cctx, char *certfile,
char *privkeyfile); char *privkeyfile);
int create_ssl_connection(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl, int create_ssl_objects(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl,
SSL **cssl, BIO *s_to_c_fbio, BIO *c_to_s_fbio); SSL **cssl, BIO *s_to_c_fbio, BIO *c_to_s_fbio);
int create_ssl_connection(SSL *serverssl, SSL *clientssl);
/* Note: Not thread safe! */ /* Note: Not thread safe! */
const BIO_METHOD *bio_f_tls_dump_filter(void); const BIO_METHOD *bio_f_tls_dump_filter(void);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册