Swift
summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTobias Markmann <tm@ayena.de>2019-01-21 13:01:53 (GMT)
committerTobias Markmann <tm@ayena.de>2019-01-21 13:01:53 (GMT)
commit54c71ab51b6c8d94492168e9cf6cf6045d7794f3 (patch)
tree4b8cde2ada29274c91de760568741d2cc084338f
parent68dd665d51c925a118cfced4583942b7157b59de (diff)
downloadswift-54c71ab51b6c8d94492168e9cf6cf6045d7794f3.zip
swift-54c71ab51b6c8d94492168e9cf6cf6045d7794f3.tar.bz2
Fix OpenSSLContext to work correctly with OpenSSL 1.1.1
The previous code only worked with 1.1.0j or older. Now the code works with 1.1.0j and OpenSSL 1.1.1. Adjusted ClientServerTest to be more graceful in case of errors, i.e. failing tests instead of crashing. Test-Information: Tested that without the changes, the tests pass with OpenSSL 1.1.0j and test fail or crash with OpenSSL 1.1.1 and OpenSSL 1.1.1a. Tested that with the changes, the tests pass with OpenSSL 1.1.0j, OpenSSL 1.1.1, and OpenSSL 1.1.1a. Tested on macOS 10.14.2 with system clang. Change-Id: Ic63774049727f6d949153166f63a8545e9a24892
Diffstat
-rw-r--r--Swiften/TLS/OpenSSL/OpenSSLContext.cpp4
-rw-r--r--Swiften/TLS/UnitTest/ClientServerTest.cpp83
2 files changed, 54 insertions, 33 deletions
diff --git a/Swiften/TLS/OpenSSL/OpenSSLContext.cpp b/Swiften/TLS/OpenSSL/OpenSSLContext.cpp
index e9889bc..5692e74 100644
--- a/Swiften/TLS/OpenSSL/OpenSSLContext.cpp
+++ b/Swiften/TLS/OpenSSL/OpenSSLContext.cpp
@@ -231,2 +231,3 @@ void OpenSSLContext::doAccept() {
sendPendingDataToNetwork();
+ sendPendingDataToApplication();
break;
@@ -256,2 +257,5 @@ void OpenSSLContext::doConnect() {
onConnected();
+ // The following is needed since OpenSSL 1.1.1 for the server to be able to calculate the
+ // TLS finish message.
+ sendPendingDataToNetwork();
break;
diff --git a/Swiften/TLS/UnitTest/ClientServerTest.cpp b/Swiften/TLS/UnitTest/ClientServerTest.cpp
index 24bd7c5..a356dcf 100644
--- a/Swiften/TLS/UnitTest/ClientServerTest.cpp
+++ b/Swiften/TLS/UnitTest/ClientServerTest.cpp
@@ -1,3 +1,3 @@
/*
- * Copyright (c) 2010-2018 Isode Limited.
+ * Copyright (c) 2010-2019 Isode Limited.
* All rights reserved.
@@ -410,3 +410,2 @@ class TLSEventToSafeByteArrayVisitor : public boost::static_visitor<SafeByteArra
}
-
};
@@ -461,2 +460,19 @@ class TLSClientServerEventHistory {
+ template<class TLSEventType>
+ boost::optional<TLSEventType> getEvent(const std::string& peer, size_t number = 0) {
+ for (const auto& pair : events) {
+ if (pair.first == peer) {
+ if (pair.second.type() == typeid(TLSEventType)) {
+ if (number == 0) {
+ return boost::optional<TLSEventType>(boost::get<TLSEventType>(pair.second));
+ }
+ else {
+ number--;
+ }
+ }
+ }
+ }
+ return {};
+ }
+
private:
@@ -604,8 +620,8 @@ TEST(ClientServerTest, testClientServerBasicCommunication) {
- ASSERT_EQ(safeByteArrayToString(createSafeByteArray("This is a test message from the client.")), safeByteArrayToString(boost::apply_visitor(TLSEventToSafeByteArrayVisitor(), std::find_if(events.events.begin(), events.events.end(), [](std::pair<std::string, TLSEvent>& event){
- return event.first == "server" && (event.second.type() == typeid(TLSDataForApplication));
- })->second)));
- ASSERT_EQ(safeByteArrayToString(createSafeByteArray("This is a test message from the server.")), safeByteArrayToString(boost::apply_visitor(TLSEventToSafeByteArrayVisitor(), std::find_if(events.events.begin(), events.events.end(), [](std::pair<std::string, TLSEvent>& event){
- return event.first == "client" && (event.second.type() == typeid(TLSDataForApplication));
- })->second)));
+ auto firstMessageFromClient = events.getEvent<TLSDataForApplication>("server");
+ ASSERT_EQ(true, firstMessageFromClient.is_initialized());
+ ASSERT_EQ(safeByteArrayToString(createSafeByteArray("This is a test message from the client.")), safeByteArrayToString(firstMessageFromClient->data));
+ auto firstMessageFromServer = events.getEvent<TLSDataForApplication>("client");
+ ASSERT_EQ(true, firstMessageFromServer.is_initialized());
+ ASSERT_EQ(safeByteArrayToString(createSafeByteArray("This is a test message from the server.")), safeByteArrayToString(firstMessageFromServer->data));
}
@@ -634,8 +650,8 @@ TEST(ClientServerTest, testClientServerBasicCommunicationEncryptedPrivateKeyRigh
- ASSERT_EQ(safeByteArrayToString(createSafeByteArray("This is a test message from the client.")), safeByteArrayToString(boost::apply_visitor(TLSEventToSafeByteArrayVisitor(), std::find_if(events.events.begin(), events.events.end(), [](std::pair<std::string, TLSEvent>& event){
- return event.first == "server" && (event.second.type() == typeid(TLSDataForApplication));
- })->second)));
- ASSERT_EQ(safeByteArrayToString(createSafeByteArray("This is a test message from the server.")), safeByteArrayToString(boost::apply_visitor(TLSEventToSafeByteArrayVisitor(), std::find_if(events.events.begin(), events.events.end(), [](std::pair<std::string, TLSEvent>& event){
- return event.first == "client" && (event.second.type() == typeid(TLSDataForApplication));
- })->second)));
+ auto firstMessageFromClient = events.getEvent<TLSDataForApplication>("server");
+ ASSERT_EQ(true, firstMessageFromClient.is_initialized());
+ ASSERT_EQ(safeByteArrayToString(createSafeByteArray("This is a test message from the client.")), safeByteArrayToString(firstMessageFromClient->data));
+ auto firstMessageFromServer = events.getEvent<TLSDataForApplication>("client");
+ ASSERT_EQ(true, firstMessageFromServer.is_initialized());
+ ASSERT_EQ(safeByteArrayToString(createSafeByteArray("This is a test message from the server.")), safeByteArrayToString(firstMessageFromServer->data));
}
@@ -741,10 +757,11 @@ TEST(ClientServerTest, testClientServerSNIRequestedHostAvailable) {
serverContext->handleDataFromApplication(createSafeByteArray("This is a test message from the server."));
- ASSERT_EQ("This is a test message from the client.", safeByteArrayToString(boost::apply_visitor(TLSEventToSafeByteArrayVisitor(), std::find_if(events.events.begin(), events.events.end(), [](std::pair<std::string, TLSEvent>& event){
- return event.first == "server" && (event.second.type() == typeid(TLSDataForApplication));
- })->second)));
- ASSERT_EQ("This is a test message from the server.", safeByteArrayToString(boost::apply_visitor(TLSEventToSafeByteArrayVisitor(), std::find_if(events.events.begin(), events.events.end(), [](std::pair<std::string, TLSEvent>& event){
- return event.first == "client" && (event.second.type() == typeid(TLSDataForApplication));
- })->second)));
- ASSERT_EQ("/CN=montague.example", boost::get<TLSConnected>(events.events[5].second).chain[0]->getSubjectName());
+ auto firstMessageFromClient = events.getEvent<TLSDataForApplication>("server");
+ ASSERT_EQ(true, firstMessageFromClient.is_initialized());
+ ASSERT_EQ(safeByteArrayToString(createSafeByteArray("This is a test message from the client.")), safeByteArrayToString(firstMessageFromClient->data));
+ auto firstMessageFromServer = events.getEvent<TLSDataForApplication>("client");
+ ASSERT_EQ(true, firstMessageFromServer.is_initialized());
+ ASSERT_EQ(safeByteArrayToString(createSafeByteArray("This is a test message from the server.")), safeByteArrayToString(firstMessageFromServer->data));
+
+ ASSERT_EQ("/CN=montague.example", events.getEvent<TLSConnected>("client")->chain[0]->getSubjectName());
}
@@ -827,8 +844,8 @@ TEST(ClientServerTest, testClientServerBasicCommunicationWith2048BitDHParams) {
- ASSERT_EQ(safeByteArrayToString(createSafeByteArray("This is a test message from the client.")), safeByteArrayToString(boost::apply_visitor(TLSEventToSafeByteArrayVisitor(), std::find_if(events.events.begin(), events.events.end(), [](std::pair<std::string, TLSEvent>& event){
- return event.first == "server" && (event.second.type() == typeid(TLSDataForApplication));
- })->second)));
- ASSERT_EQ(safeByteArrayToString(createSafeByteArray("This is a test message from the server.")), safeByteArrayToString(boost::apply_visitor(TLSEventToSafeByteArrayVisitor(), std::find_if(events.events.begin(), events.events.end(), [](std::pair<std::string, TLSEvent>& event){
- return event.first == "client" && (event.second.type() == typeid(TLSDataForApplication));
- })->second)));
+ auto firstMessageFromClient = events.getEvent<TLSDataForApplication>("server");
+ ASSERT_EQ(true, firstMessageFromClient.is_initialized());
+ ASSERT_EQ(safeByteArrayToString(createSafeByteArray("This is a test message from the client.")), safeByteArrayToString(firstMessageFromClient->data));
+ auto firstMessageFromServer = events.getEvent<TLSDataForApplication>("client");
+ ASSERT_EQ(true, firstMessageFromServer.is_initialized());
+ ASSERT_EQ(safeByteArrayToString(createSafeByteArray("This is a test message from the server.")), safeByteArrayToString(firstMessageFromServer->data));
}
@@ -859,8 +876,8 @@ TEST(ClientServerTest, testClientServerBasicCommunicationWith1024BitDHParams) {
- ASSERT_EQ(safeByteArrayToString(createSafeByteArray("This is a test message from the client.")), safeByteArrayToString(boost::apply_visitor(TLSEventToSafeByteArrayVisitor(), std::find_if(events.events.begin(), events.events.end(), [](std::pair<std::string, TLSEvent>& event){
- return event.first == "server" && (event.second.type() == typeid(TLSDataForApplication));
- })->second)));
- ASSERT_EQ(safeByteArrayToString(createSafeByteArray("This is a test message from the server.")), safeByteArrayToString(boost::apply_visitor(TLSEventToSafeByteArrayVisitor(), std::find_if(events.events.begin(), events.events.end(), [](std::pair<std::string, TLSEvent>& event){
- return event.first == "client" && (event.second.type() == typeid(TLSDataForApplication));
- })->second)));
+ auto firstMessageFromClient = events.getEvent<TLSDataForApplication>("server");
+ ASSERT_EQ(true, firstMessageFromClient.is_initialized());
+ ASSERT_EQ(safeByteArrayToString(createSafeByteArray("This is a test message from the client.")), safeByteArrayToString(firstMessageFromClient->data));
+ auto firstMessageFromServer = events.getEvent<TLSDataForApplication>("client");
+ ASSERT_EQ(true, firstMessageFromServer.is_initialized());
+ ASSERT_EQ(safeByteArrayToString(createSafeByteArray("This is a test message from the server.")), safeByteArrayToString(firstMessageFromServer->data));
}