summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTobias Markmann <tm@ayena.de>2019-01-21 13:01:53 (GMT)
committerTobias Markmann <tm@ayena.de>2019-01-21 13:01:53 (GMT)
commit54c71ab51b6c8d94492168e9cf6cf6045d7794f3 (patch)
tree4b8cde2ada29274c91de760568741d2cc084338f
parent68dd665d51c925a118cfced4583942b7157b59de (diff)
downloadswift-54c71ab51b6c8d94492168e9cf6cf6045d7794f3.zip
swift-54c71ab51b6c8d94492168e9cf6cf6045d7794f3.tar.bz2
Fix OpenSSLContext to work correctly with OpenSSL 1.1.1
The previous code only worked with 1.1.0j or older. Now the code works with 1.1.0j and OpenSSL 1.1.1. Adjusted ClientServerTest to be more graceful in case of errors, i.e. failing tests instead of crashing. Test-Information: Tested that without the changes, the tests pass with OpenSSL 1.1.0j and test fail or crash with OpenSSL 1.1.1 and OpenSSL 1.1.1a. Tested that with the changes, the tests pass with OpenSSL 1.1.0j, OpenSSL 1.1.1, and OpenSSL 1.1.1a. Tested on macOS 10.14.2 with system clang. Change-Id: Ic63774049727f6d949153166f63a8545e9a24892
-rw-r--r--Swiften/TLS/OpenSSL/OpenSSLContext.cpp4
-rw-r--r--Swiften/TLS/UnitTest/ClientServerTest.cpp83
2 files changed, 54 insertions, 33 deletions
diff --git a/Swiften/TLS/OpenSSL/OpenSSLContext.cpp b/Swiften/TLS/OpenSSL/OpenSSLContext.cpp
index e9889bc..5692e74 100644
--- a/Swiften/TLS/OpenSSL/OpenSSLContext.cpp
+++ b/Swiften/TLS/OpenSSL/OpenSSLContext.cpp
@@ -229,6 +229,7 @@ void OpenSSLContext::doAccept() {
onConnected();
// The following call is important so the client knowns the handshake is finished.
sendPendingDataToNetwork();
+ sendPendingDataToApplication();
break;
}
case SSL_ERROR_WANT_READ:
@@ -254,6 +255,9 @@ void OpenSSLContext::doConnect() {
//const char* comp = SSL_get_current_compression(handle_.get());
//std::cout << "Compression: " << SSL_COMP_get_name(comp) << std::endl;
onConnected();
+ // The following is needed since OpenSSL 1.1.1 for the server to be able to calculate the
+ // TLS finish message.
+ sendPendingDataToNetwork();
break;
}
case SSL_ERROR_WANT_READ:
diff --git a/Swiften/TLS/UnitTest/ClientServerTest.cpp b/Swiften/TLS/UnitTest/ClientServerTest.cpp
index 24bd7c5..a356dcf 100644
--- a/Swiften/TLS/UnitTest/ClientServerTest.cpp
+++ b/Swiften/TLS/UnitTest/ClientServerTest.cpp
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2010-2018 Isode Limited.
+ * Copyright (c) 2010-2019 Isode Limited.
* All rights reserved.
* See the COPYING file for more information.
*/
@@ -408,7 +408,6 @@ class TLSEventToSafeByteArrayVisitor : public boost::static_visitor<SafeByteArra
SafeByteArray operator()(const TLSServerNameRequested&) const {
return createSafeByteArray("");
}
-
};
class TLSEventToStringVisitor : public boost::static_visitor<std::string> {
@@ -459,6 +458,23 @@ class TLSClientServerEventHistory {
}
}
+ template<class TLSEventType>
+ boost::optional<TLSEventType> getEvent(const std::string& peer, size_t number = 0) {
+ for (const auto& pair : events) {
+ if (pair.first == peer) {
+ if (pair.second.type() == typeid(TLSEventType)) {
+ if (number == 0) {
+ return boost::optional<TLSEventType>(boost::get<TLSEventType>(pair.second));
+ }
+ else {
+ number--;
+ }
+ }
+ }
+ }
+ return {};
+ }
+
private:
void connectContext(const std::string& name, TLSContext* context) {
connections_.push_back(context->onDataForNetwork.connect([=](const SafeByteArray& data) {
@@ -602,12 +618,12 @@ TEST(ClientServerTest, testClientServerBasicCommunication) {
clientContext->handleDataFromApplication(createSafeByteArray("This is a test message from the client."));
serverContext->handleDataFromApplication(createSafeByteArray("This is a test message from the server."));
- ASSERT_EQ(safeByteArrayToString(createSafeByteArray("This is a test message from the client.")), safeByteArrayToString(boost::apply_visitor(TLSEventToSafeByteArrayVisitor(), std::find_if(events.events.begin(), events.events.end(), [](std::pair<std::string, TLSEvent>& event){
- return event.first == "server" && (event.second.type() == typeid(TLSDataForApplication));
- })->second)));
- ASSERT_EQ(safeByteArrayToString(createSafeByteArray("This is a test message from the server.")), safeByteArrayToString(boost::apply_visitor(TLSEventToSafeByteArrayVisitor(), std::find_if(events.events.begin(), events.events.end(), [](std::pair<std::string, TLSEvent>& event){
- return event.first == "client" && (event.second.type() == typeid(TLSDataForApplication));
- })->second)));
+ auto firstMessageFromClient = events.getEvent<TLSDataForApplication>("server");
+ ASSERT_EQ(true, firstMessageFromClient.is_initialized());
+ ASSERT_EQ(safeByteArrayToString(createSafeByteArray("This is a test message from the client.")), safeByteArrayToString(firstMessageFromClient->data));
+ auto firstMessageFromServer = events.getEvent<TLSDataForApplication>("client");
+ ASSERT_EQ(true, firstMessageFromServer.is_initialized());
+ ASSERT_EQ(safeByteArrayToString(createSafeByteArray("This is a test message from the server.")), safeByteArrayToString(firstMessageFromServer->data));
}
TEST(ClientServerTest, testClientServerBasicCommunicationEncryptedPrivateKeyRightPassword) {
@@ -632,12 +648,12 @@ TEST(ClientServerTest, testClientServerBasicCommunicationEncryptedPrivateKeyRigh
clientContext->handleDataFromApplication(createSafeByteArray("This is a test message from the client."));
serverContext->handleDataFromApplication(createSafeByteArray("This is a test message from the server."));
- ASSERT_EQ(safeByteArrayToString(createSafeByteArray("This is a test message from the client.")), safeByteArrayToString(boost::apply_visitor(TLSEventToSafeByteArrayVisitor(), std::find_if(events.events.begin(), events.events.end(), [](std::pair<std::string, TLSEvent>& event){
- return event.first == "server" && (event.second.type() == typeid(TLSDataForApplication));
- })->second)));
- ASSERT_EQ(safeByteArrayToString(createSafeByteArray("This is a test message from the server.")), safeByteArrayToString(boost::apply_visitor(TLSEventToSafeByteArrayVisitor(), std::find_if(events.events.begin(), events.events.end(), [](std::pair<std::string, TLSEvent>& event){
- return event.first == "client" && (event.second.type() == typeid(TLSDataForApplication));
- })->second)));
+ auto firstMessageFromClient = events.getEvent<TLSDataForApplication>("server");
+ ASSERT_EQ(true, firstMessageFromClient.is_initialized());
+ ASSERT_EQ(safeByteArrayToString(createSafeByteArray("This is a test message from the client.")), safeByteArrayToString(firstMessageFromClient->data));
+ auto firstMessageFromServer = events.getEvent<TLSDataForApplication>("client");
+ ASSERT_EQ(true, firstMessageFromServer.is_initialized());
+ ASSERT_EQ(safeByteArrayToString(createSafeByteArray("This is a test message from the server.")), safeByteArrayToString(firstMessageFromServer->data));
}
TEST(ClientServerTest, testClientServerBasicCommunicationWithChainedCert) {
@@ -739,14 +755,15 @@ TEST(ClientServerTest, testClientServerSNIRequestedHostAvailable) {
clientContext->handleDataFromApplication(createSafeByteArray("This is a test message from the client."));
serverContext->handleDataFromApplication(createSafeByteArray("This is a test message from the server."));
- ASSERT_EQ("This is a test message from the client.", safeByteArrayToString(boost::apply_visitor(TLSEventToSafeByteArrayVisitor(), std::find_if(events.events.begin(), events.events.end(), [](std::pair<std::string, TLSEvent>& event){
- return event.first == "server" && (event.second.type() == typeid(TLSDataForApplication));
- })->second)));
- ASSERT_EQ("This is a test message from the server.", safeByteArrayToString(boost::apply_visitor(TLSEventToSafeByteArrayVisitor(), std::find_if(events.events.begin(), events.events.end(), [](std::pair<std::string, TLSEvent>& event){
- return event.first == "client" && (event.second.type() == typeid(TLSDataForApplication));
- })->second)));
- ASSERT_EQ("/CN=montague.example", boost::get<TLSConnected>(events.events[5].second).chain[0]->getSubjectName());
+ auto firstMessageFromClient = events.getEvent<TLSDataForApplication>("server");
+ ASSERT_EQ(true, firstMessageFromClient.is_initialized());
+ ASSERT_EQ(safeByteArrayToString(createSafeByteArray("This is a test message from the client.")), safeByteArrayToString(firstMessageFromClient->data));
+ auto firstMessageFromServer = events.getEvent<TLSDataForApplication>("client");
+ ASSERT_EQ(true, firstMessageFromServer.is_initialized());
+ ASSERT_EQ(safeByteArrayToString(createSafeByteArray("This is a test message from the server.")), safeByteArrayToString(firstMessageFromServer->data));
+
+ ASSERT_EQ("/CN=montague.example", events.getEvent<TLSConnected>("client")->chain[0]->getSubjectName());
}
TEST(ClientServerTest, testClientServerSNIRequestedHostUnavailable) {
@@ -825,12 +842,12 @@ TEST(ClientServerTest, testClientServerBasicCommunicationWith2048BitDHParams) {
clientContext->handleDataFromApplication(createSafeByteArray("This is a test message from the client."));
serverContext->handleDataFromApplication(createSafeByteArray("This is a test message from the server."));
- ASSERT_EQ(safeByteArrayToString(createSafeByteArray("This is a test message from the client.")), safeByteArrayToString(boost::apply_visitor(TLSEventToSafeByteArrayVisitor(), std::find_if(events.events.begin(), events.events.end(), [](std::pair<std::string, TLSEvent>& event){
- return event.first == "server" && (event.second.type() == typeid(TLSDataForApplication));
- })->second)));
- ASSERT_EQ(safeByteArrayToString(createSafeByteArray("This is a test message from the server.")), safeByteArrayToString(boost::apply_visitor(TLSEventToSafeByteArrayVisitor(), std::find_if(events.events.begin(), events.events.end(), [](std::pair<std::string, TLSEvent>& event){
- return event.first == "client" && (event.second.type() == typeid(TLSDataForApplication));
- })->second)));
+ auto firstMessageFromClient = events.getEvent<TLSDataForApplication>("server");
+ ASSERT_EQ(true, firstMessageFromClient.is_initialized());
+ ASSERT_EQ(safeByteArrayToString(createSafeByteArray("This is a test message from the client.")), safeByteArrayToString(firstMessageFromClient->data));
+ auto firstMessageFromServer = events.getEvent<TLSDataForApplication>("client");
+ ASSERT_EQ(true, firstMessageFromServer.is_initialized());
+ ASSERT_EQ(safeByteArrayToString(createSafeByteArray("This is a test message from the server.")), safeByteArrayToString(firstMessageFromServer->data));
}
TEST(ClientServerTest, testClientServerBasicCommunicationWith1024BitDHParams) {
@@ -857,10 +874,10 @@ TEST(ClientServerTest, testClientServerBasicCommunicationWith1024BitDHParams) {
clientContext->handleDataFromApplication(createSafeByteArray("This is a test message from the client."));
serverContext->handleDataFromApplication(createSafeByteArray("This is a test message from the server."));
- ASSERT_EQ(safeByteArrayToString(createSafeByteArray("This is a test message from the client.")), safeByteArrayToString(boost::apply_visitor(TLSEventToSafeByteArrayVisitor(), std::find_if(events.events.begin(), events.events.end(), [](std::pair<std::string, TLSEvent>& event){
- return event.first == "server" && (event.second.type() == typeid(TLSDataForApplication));
- })->second)));
- ASSERT_EQ(safeByteArrayToString(createSafeByteArray("This is a test message from the server.")), safeByteArrayToString(boost::apply_visitor(TLSEventToSafeByteArrayVisitor(), std::find_if(events.events.begin(), events.events.end(), [](std::pair<std::string, TLSEvent>& event){
- return event.first == "client" && (event.second.type() == typeid(TLSDataForApplication));
- })->second)));
+ auto firstMessageFromClient = events.getEvent<TLSDataForApplication>("server");
+ ASSERT_EQ(true, firstMessageFromClient.is_initialized());
+ ASSERT_EQ(safeByteArrayToString(createSafeByteArray("This is a test message from the client.")), safeByteArrayToString(firstMessageFromClient->data));
+ auto firstMessageFromServer = events.getEvent<TLSDataForApplication>("client");
+ ASSERT_EQ(true, firstMessageFromServer.is_initialized());
+ ASSERT_EQ(safeByteArrayToString(createSafeByteArray("This is a test message from the server.")), safeByteArrayToString(firstMessageFromServer->data));
}