diff options
author | Tobias Markmann <tm@ayena.de> | 2019-01-21 13:01:53 (GMT) |
---|---|---|
committer | Tobias Markmann <tm@ayena.de> | 2019-01-21 13:01:53 (GMT) |
commit | 54c71ab51b6c8d94492168e9cf6cf6045d7794f3 (patch) | |
tree | 4b8cde2ada29274c91de760568741d2cc084338f /Swiften/TLS | |
parent | 68dd665d51c925a118cfced4583942b7157b59de (diff) | |
download | swift-54c71ab51b6c8d94492168e9cf6cf6045d7794f3.zip swift-54c71ab51b6c8d94492168e9cf6cf6045d7794f3.tar.bz2 |
Fix OpenSSLContext to work correctly with OpenSSL 1.1.1
The previous code only worked with 1.1.0j or older.
Now the code works with 1.1.0j and OpenSSL 1.1.1.
Adjusted ClientServerTest to be more graceful in case
of errors, i.e. failing tests instead of crashing.
Test-Information:
Tested that without the changes, the tests pass with
OpenSSL 1.1.0j and test fail or crash with OpenSSL
1.1.1 and OpenSSL 1.1.1a.
Tested that with the changes, the tests pass with OpenSSL
1.1.0j, OpenSSL 1.1.1, and OpenSSL 1.1.1a.
Tested on macOS 10.14.2 with system clang.
Change-Id: Ic63774049727f6d949153166f63a8545e9a24892
Diffstat (limited to 'Swiften/TLS')
-rw-r--r-- | Swiften/TLS/OpenSSL/OpenSSLContext.cpp | 4 | ||||
-rw-r--r-- | Swiften/TLS/UnitTest/ClientServerTest.cpp | 83 |
2 files changed, 54 insertions, 33 deletions
diff --git a/Swiften/TLS/OpenSSL/OpenSSLContext.cpp b/Swiften/TLS/OpenSSL/OpenSSLContext.cpp index e9889bc..5692e74 100644 --- a/Swiften/TLS/OpenSSL/OpenSSLContext.cpp +++ b/Swiften/TLS/OpenSSL/OpenSSLContext.cpp @@ -229,6 +229,7 @@ void OpenSSLContext::doAccept() { onConnected(); // The following call is important so the client knowns the handshake is finished. sendPendingDataToNetwork(); + sendPendingDataToApplication(); break; } case SSL_ERROR_WANT_READ: @@ -254,6 +255,9 @@ void OpenSSLContext::doConnect() { //const char* comp = SSL_get_current_compression(handle_.get()); //std::cout << "Compression: " << SSL_COMP_get_name(comp) << std::endl; onConnected(); + // The following is needed since OpenSSL 1.1.1 for the server to be able to calculate the + // TLS finish message. + sendPendingDataToNetwork(); break; } case SSL_ERROR_WANT_READ: diff --git a/Swiften/TLS/UnitTest/ClientServerTest.cpp b/Swiften/TLS/UnitTest/ClientServerTest.cpp index 24bd7c5..a356dcf 100644 --- a/Swiften/TLS/UnitTest/ClientServerTest.cpp +++ b/Swiften/TLS/UnitTest/ClientServerTest.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010-2018 Isode Limited. + * Copyright (c) 2010-2019 Isode Limited. * All rights reserved. * See the COPYING file for more information. */ @@ -408,7 +408,6 @@ class TLSEventToSafeByteArrayVisitor : public boost::static_visitor<SafeByteArra SafeByteArray operator()(const TLSServerNameRequested&) const { return createSafeByteArray(""); } - }; class TLSEventToStringVisitor : public boost::static_visitor<std::string> { @@ -459,6 +458,23 @@ class TLSClientServerEventHistory { } } + template<class TLSEventType> + boost::optional<TLSEventType> getEvent(const std::string& peer, size_t number = 0) { + for (const auto& pair : events) { + if (pair.first == peer) { + if (pair.second.type() == typeid(TLSEventType)) { + if (number == 0) { + return boost::optional<TLSEventType>(boost::get<TLSEventType>(pair.second)); + } + else { + number--; + } + } + } + } + return {}; + } + private: void connectContext(const std::string& name, TLSContext* context) { connections_.push_back(context->onDataForNetwork.connect([=](const SafeByteArray& data) { @@ -602,12 +618,12 @@ TEST(ClientServerTest, testClientServerBasicCommunication) { clientContext->handleDataFromApplication(createSafeByteArray("This is a test message from the client.")); serverContext->handleDataFromApplication(createSafeByteArray("This is a test message from the server.")); - ASSERT_EQ(safeByteArrayToString(createSafeByteArray("This is a test message from the client.")), safeByteArrayToString(boost::apply_visitor(TLSEventToSafeByteArrayVisitor(), std::find_if(events.events.begin(), events.events.end(), [](std::pair<std::string, TLSEvent>& event){ - return event.first == "server" && (event.second.type() == typeid(TLSDataForApplication)); - })->second))); - ASSERT_EQ(safeByteArrayToString(createSafeByteArray("This is a test message from the server.")), safeByteArrayToString(boost::apply_visitor(TLSEventToSafeByteArrayVisitor(), std::find_if(events.events.begin(), events.events.end(), [](std::pair<std::string, TLSEvent>& event){ - return event.first == "client" && (event.second.type() == typeid(TLSDataForApplication)); - })->second))); + auto firstMessageFromClient = events.getEvent<TLSDataForApplication>("server"); + ASSERT_EQ(true, firstMessageFromClient.is_initialized()); + ASSERT_EQ(safeByteArrayToString(createSafeByteArray("This is a test message from the client.")), safeByteArrayToString(firstMessageFromClient->data)); + auto firstMessageFromServer = events.getEvent<TLSDataForApplication>("client"); + ASSERT_EQ(true, firstMessageFromServer.is_initialized()); + ASSERT_EQ(safeByteArrayToString(createSafeByteArray("This is a test message from the server.")), safeByteArrayToString(firstMessageFromServer->data)); } TEST(ClientServerTest, testClientServerBasicCommunicationEncryptedPrivateKeyRightPassword) { @@ -632,12 +648,12 @@ TEST(ClientServerTest, testClientServerBasicCommunicationEncryptedPrivateKeyRigh clientContext->handleDataFromApplication(createSafeByteArray("This is a test message from the client.")); serverContext->handleDataFromApplication(createSafeByteArray("This is a test message from the server.")); - ASSERT_EQ(safeByteArrayToString(createSafeByteArray("This is a test message from the client.")), safeByteArrayToString(boost::apply_visitor(TLSEventToSafeByteArrayVisitor(), std::find_if(events.events.begin(), events.events.end(), [](std::pair<std::string, TLSEvent>& event){ - return event.first == "server" && (event.second.type() == typeid(TLSDataForApplication)); - })->second))); - ASSERT_EQ(safeByteArrayToString(createSafeByteArray("This is a test message from the server.")), safeByteArrayToString(boost::apply_visitor(TLSEventToSafeByteArrayVisitor(), std::find_if(events.events.begin(), events.events.end(), [](std::pair<std::string, TLSEvent>& event){ - return event.first == "client" && (event.second.type() == typeid(TLSDataForApplication)); - })->second))); + auto firstMessageFromClient = events.getEvent<TLSDataForApplication>("server"); + ASSERT_EQ(true, firstMessageFromClient.is_initialized()); + ASSERT_EQ(safeByteArrayToString(createSafeByteArray("This is a test message from the client.")), safeByteArrayToString(firstMessageFromClient->data)); + auto firstMessageFromServer = events.getEvent<TLSDataForApplication>("client"); + ASSERT_EQ(true, firstMessageFromServer.is_initialized()); + ASSERT_EQ(safeByteArrayToString(createSafeByteArray("This is a test message from the server.")), safeByteArrayToString(firstMessageFromServer->data)); } TEST(ClientServerTest, testClientServerBasicCommunicationWithChainedCert) { @@ -739,14 +755,15 @@ TEST(ClientServerTest, testClientServerSNIRequestedHostAvailable) { clientContext->handleDataFromApplication(createSafeByteArray("This is a test message from the client.")); serverContext->handleDataFromApplication(createSafeByteArray("This is a test message from the server.")); - ASSERT_EQ("This is a test message from the client.", safeByteArrayToString(boost::apply_visitor(TLSEventToSafeByteArrayVisitor(), std::find_if(events.events.begin(), events.events.end(), [](std::pair<std::string, TLSEvent>& event){ - return event.first == "server" && (event.second.type() == typeid(TLSDataForApplication)); - })->second))); - ASSERT_EQ("This is a test message from the server.", safeByteArrayToString(boost::apply_visitor(TLSEventToSafeByteArrayVisitor(), std::find_if(events.events.begin(), events.events.end(), [](std::pair<std::string, TLSEvent>& event){ - return event.first == "client" && (event.second.type() == typeid(TLSDataForApplication)); - })->second))); - ASSERT_EQ("/CN=montague.example", boost::get<TLSConnected>(events.events[5].second).chain[0]->getSubjectName()); + auto firstMessageFromClient = events.getEvent<TLSDataForApplication>("server"); + ASSERT_EQ(true, firstMessageFromClient.is_initialized()); + ASSERT_EQ(safeByteArrayToString(createSafeByteArray("This is a test message from the client.")), safeByteArrayToString(firstMessageFromClient->data)); + auto firstMessageFromServer = events.getEvent<TLSDataForApplication>("client"); + ASSERT_EQ(true, firstMessageFromServer.is_initialized()); + ASSERT_EQ(safeByteArrayToString(createSafeByteArray("This is a test message from the server.")), safeByteArrayToString(firstMessageFromServer->data)); + + ASSERT_EQ("/CN=montague.example", events.getEvent<TLSConnected>("client")->chain[0]->getSubjectName()); } TEST(ClientServerTest, testClientServerSNIRequestedHostUnavailable) { @@ -825,12 +842,12 @@ TEST(ClientServerTest, testClientServerBasicCommunicationWith2048BitDHParams) { clientContext->handleDataFromApplication(createSafeByteArray("This is a test message from the client.")); serverContext->handleDataFromApplication(createSafeByteArray("This is a test message from the server.")); - ASSERT_EQ(safeByteArrayToString(createSafeByteArray("This is a test message from the client.")), safeByteArrayToString(boost::apply_visitor(TLSEventToSafeByteArrayVisitor(), std::find_if(events.events.begin(), events.events.end(), [](std::pair<std::string, TLSEvent>& event){ - return event.first == "server" && (event.second.type() == typeid(TLSDataForApplication)); - })->second))); - ASSERT_EQ(safeByteArrayToString(createSafeByteArray("This is a test message from the server.")), safeByteArrayToString(boost::apply_visitor(TLSEventToSafeByteArrayVisitor(), std::find_if(events.events.begin(), events.events.end(), [](std::pair<std::string, TLSEvent>& event){ - return event.first == "client" && (event.second.type() == typeid(TLSDataForApplication)); - })->second))); + auto firstMessageFromClient = events.getEvent<TLSDataForApplication>("server"); + ASSERT_EQ(true, firstMessageFromClient.is_initialized()); + ASSERT_EQ(safeByteArrayToString(createSafeByteArray("This is a test message from the client.")), safeByteArrayToString(firstMessageFromClient->data)); + auto firstMessageFromServer = events.getEvent<TLSDataForApplication>("client"); + ASSERT_EQ(true, firstMessageFromServer.is_initialized()); + ASSERT_EQ(safeByteArrayToString(createSafeByteArray("This is a test message from the server.")), safeByteArrayToString(firstMessageFromServer->data)); } TEST(ClientServerTest, testClientServerBasicCommunicationWith1024BitDHParams) { @@ -857,10 +874,10 @@ TEST(ClientServerTest, testClientServerBasicCommunicationWith1024BitDHParams) { clientContext->handleDataFromApplication(createSafeByteArray("This is a test message from the client.")); serverContext->handleDataFromApplication(createSafeByteArray("This is a test message from the server.")); - ASSERT_EQ(safeByteArrayToString(createSafeByteArray("This is a test message from the client.")), safeByteArrayToString(boost::apply_visitor(TLSEventToSafeByteArrayVisitor(), std::find_if(events.events.begin(), events.events.end(), [](std::pair<std::string, TLSEvent>& event){ - return event.first == "server" && (event.second.type() == typeid(TLSDataForApplication)); - })->second))); - ASSERT_EQ(safeByteArrayToString(createSafeByteArray("This is a test message from the server.")), safeByteArrayToString(boost::apply_visitor(TLSEventToSafeByteArrayVisitor(), std::find_if(events.events.begin(), events.events.end(), [](std::pair<std::string, TLSEvent>& event){ - return event.first == "client" && (event.second.type() == typeid(TLSDataForApplication)); - })->second))); + auto firstMessageFromClient = events.getEvent<TLSDataForApplication>("server"); + ASSERT_EQ(true, firstMessageFromClient.is_initialized()); + ASSERT_EQ(safeByteArrayToString(createSafeByteArray("This is a test message from the client.")), safeByteArrayToString(firstMessageFromClient->data)); + auto firstMessageFromServer = events.getEvent<TLSDataForApplication>("client"); + ASSERT_EQ(true, firstMessageFromServer.is_initialized()); + ASSERT_EQ(safeByteArrayToString(createSafeByteArray("This is a test message from the server.")), safeByteArrayToString(firstMessageFromServer->data)); } |