#include <fcntl.h>
#include <signal.h>
#include <sys/types.h>
-#include <sys/utsname.h>
#include <fstream>
#include <iostream>
#include <set>
#include <thread>
+#ifdef FOLLY_HAVE_MSG_ERRQUEUE
+#include <sys/utsname.h>
+#endif
+
using std::string;
using std::vector;
using std::min;
<< strerror(errno);
}
if (fcntl(fds[idx], F_SETFL, flags | O_NONBLOCK) != 0) {
- FAIL() << "failed to put socket " << idx << " in non-blocking mode: "
- << strerror(errno);
+ FAIL() << "failed to put socket " << idx
+ << " in non-blocking mode: " << strerror(errno);
}
}
}
void getctx(
- std::shared_ptr<folly::SSLContext> clientCtx,
- std::shared_ptr<folly::SSLContext> serverCtx) {
+ std::shared_ptr<folly::SSLContext> clientCtx,
+ std::shared_ptr<folly::SSLContext> serverCtx) {
clientCtx->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
serverCtx->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
}
void sslsocketpair(
- EventBase* eventBase,
- AsyncSSLSocket::UniquePtr* clientSock,
- AsyncSSLSocket::UniquePtr* serverSock) {
+ EventBase* eventBase,
+ AsyncSSLSocket::UniquePtr* clientSock,
+ AsyncSSLSocket::UniquePtr* serverSock) {
auto clientCtx = std::make_shared<folly::SSLContext>();
auto serverCtx = std::make_shared<folly::SSLContext>();
int fds[2];
getfds(fds);
getctx(clientCtx, serverCtx);
- clientSock->reset(new AsyncSSLSocket(
- clientCtx, eventBase, fds[0], false));
- serverSock->reset(new AsyncSSLSocket(
- serverCtx, eventBase, fds[1], true));
+ clientSock->reset(new AsyncSSLSocket(clientCtx, eventBase, fds[0], false));
+ serverSock->reset(new AsyncSSLSocket(serverCtx, eventBase, fds[1], true));
// (*clientSock)->setSendTimeout(100);
// (*serverSock)->setSendTimeout(100);
}
// client protocol filters
-bool clientProtoFilterPickPony(unsigned char** client,
- unsigned int* client_len, const unsigned char*, unsigned int ) {
- //the protocol string in length prefixed byte string. the
- //length byte is not included in the length
- static unsigned char p[7] = {6,'p','o','n','i','e','s'};
+bool clientProtoFilterPickPony(
+ unsigned char** client,
+ unsigned int* client_len,
+ const unsigned char*,
+ unsigned int) {
+ // the protocol string in length prefixed byte string. the
+ // length byte is not included in the length
+ static unsigned char p[7] = {6, 'p', 'o', 'n', 'i', 'e', 's'};
*client = p;
*client_len = 7;
return true;
}
-bool clientProtoFilterPickNone(unsigned char**, unsigned int*,
- const unsigned char*, unsigned int) {
+bool clientProtoFilterPickNone(
+ unsigned char**,
+ unsigned int*,
+ const unsigned char*,
+ unsigned int) {
return false;
}
return cn;
}
+TEST(AsyncSSLSocketTest, ClientCertValidationResultTest) {
+ EventBase ev;
+ int fd = 0;
+
+ AsyncSSLSocket::UniquePtr sock(
+ new AsyncSSLSocket(std::make_shared<SSLContext>(), &ev, fd, false));
+
+ // Initially the cert is not validated, so no result is available.
+ EXPECT_EQ(nullptr, get_pointer(sock->getClientCertValidationResult()));
+
+ sock->setClientCertValidationResult(
+ make_optional(AsyncSSLSocket::CertValidationResult::CERT_VALID));
+
+ EXPECT_EQ(
+ AsyncSSLSocket::CertValidationResult::CERT_VALID,
+ *sock->getClientCertValidationResult());
+}
+
/**
* Test connecting to, writing to, reading from, and closing the
* connection to the SSL server.
// Set up SSL context.
std::shared_ptr<SSLContext> sslContext(new SSLContext());
sslContext->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
- //sslContext->loadTrustedCertificates("./trusted-ca-certificate.pem");
- //sslContext->authenticate(true, false);
+ // sslContext->loadTrustedCertificates("./trusted-ca-certificate.pem");
+ // sslContext->authenticate(true, false);
// connect
- auto socket = std::make_shared<BlockingSocket>(server.getAddress(),
- sslContext);
+ auto socket =
+ std::make_shared<BlockingSocket>(server.getAddress(), sslContext);
socket->open(std::chrono::milliseconds(10000));
// write()
sslContext->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
// connect
- auto socket = std::make_shared<BlockingSocket>(server.getAddress(),
- sslContext);
+ auto socket =
+ std::make_shared<BlockingSocket>(server.getAddress(), sslContext);
// read()
bool ex = false;
try {
sslContext->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
// connect
- auto socket = std::make_shared<BlockingSocket>(server.getAddress(),
- sslContext);
+ auto socket =
+ std::make_shared<BlockingSocket>(server.getAddress(), sslContext);
socket->open();
// write something to trigger ssl handshake
sslContext->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
// connect
- auto socket = std::make_shared<BlockingSocket>(server.getAddress(),
- sslContext);
+ auto socket =
+ std::make_shared<BlockingSocket>(server.getAddress(), sslContext);
socket->open();
// write something to trigger ssl handshake
sslContext->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
// connect
- auto socket = std::make_shared<BlockingSocket>(server.getAddress(),
- sslContext);
+ auto socket =
+ std::make_shared<BlockingSocket>(server.getAddress(), sslContext);
socket->open();
// write()
class NextProtocolTest : public testing::TestWithParam<NextProtocolTypePair> {
// For matching protos
public:
- void SetUp() override { getctx(clientCtx, serverCtx); }
+ void SetUp() override {
+ getctx(clientCtx, serverCtx);
+ }
void connect(bool unset = false) {
getfds(fds);
}
AsyncSSLSocket::UniquePtr clientSock(
- new AsyncSSLSocket(clientCtx, &eventBase, fds[0], false));
+ new AsyncSSLSocket(clientCtx, &eventBase, fds[0], false));
AsyncSSLSocket::UniquePtr serverSock(
- new AsyncSSLSocket(serverCtx, &eventBase, fds[1], true));
+ new AsyncSSLSocket(serverCtx, &eventBase, fds[1], true));
client = std::make_unique<NpnClient>(std::move(clientSock));
server = std::make_unique<NpnServer>(std::move(serverSock));
TEST_P(NextProtocolTest, NpnTestOverlap) {
clientCtx->setAdvertisedNextProtocols({"blub", "baz"}, GetParam().first);
- serverCtx->setAdvertisedNextProtocols({"foo", "bar", "baz"},
- GetParam().second);
+ serverCtx->setAdvertisedNextProtocols(
+ {"foo", "bar", "baz"}, GetParam().second);
connect();
// Identical to above test, except that we want unset NPN before
// looping.
clientCtx->setAdvertisedNextProtocols({"blub", "baz"}, GetParam().first);
- serverCtx->setAdvertisedNextProtocols({"foo", "bar", "baz"},
- GetParam().second);
+ serverCtx->setAdvertisedNextProtocols(
+ {"foo", "bar", "baz"}, GetParam().second);
connect(true /* unset */);
TEST_P(NextProtocolMismatchTest, NpnAlpnTestNoOverlap) {
clientCtx->setAdvertisedNextProtocols({"foo"}, GetParam().first);
- serverCtx->setAdvertisedNextProtocols({"foo", "bar", "baz"},
- GetParam().second);
+ serverCtx->setAdvertisedNextProtocols(
+ {"foo", "bar", "baz"}, GetParam().second);
connect();
// will fail on 1.0.2 before that.
TEST_P(NextProtocolTest, NpnTestNoOverlap) {
clientCtx->setAdvertisedNextProtocols({"blub"}, GetParam().first);
- serverCtx->setAdvertisedNextProtocols({"foo", "bar", "baz"},
- GetParam().second);
+ serverCtx->setAdvertisedNextProtocols(
+ {"foo", "bar", "baz"}, GetParam().second);
connect();
if (GetParam().first == SSLContext::NextProtocolType::ALPN ||
else if (
GetParam().first == SSLContext::NextProtocolType::ANY &&
GetParam().second == SSLContext::NextProtocolType::ANY) {
-# if FOLLY_OPENSSL_IS_110
+#if FOLLY_OPENSSL_IS_110
// OpenSSL 1.1.0 sends a fatal alert on mismatch, which is probavbly the
// correct behavior per RFC7301
expectHandshakeError();
-# else
+#else
// BoringSSL also doesn't fatal on mismatch but behaves slightly differently
// from OpenSSL 1.0.2h+ - it doesn't select a protocol if both ends support
// NPN *and* ALPN
expectNoProtocol();
-# endif
+#endif
}
#endif
- else {
+ else {
expectProtocol("blub");
expectProtocolType(
{SSLContext::NextProtocolType::NPN, SSLContext::NextProtocolType::NPN});
TEST_P(NextProtocolNPNOnlyTest, NpnTestClientProtoFilterHit) {
clientCtx->setAdvertisedNextProtocols({"blub"}, GetParam().first);
clientCtx->setClientProtocolFilterCallback(clientProtoFilterPickPony);
- serverCtx->setAdvertisedNextProtocols({"foo", "bar", "baz"},
- GetParam().second);
+ serverCtx->setAdvertisedNextProtocols(
+ {"foo", "bar", "baz"}, GetParam().second);
connect();
TEST_P(NextProtocolNPNOnlyTest, NpnTestClientProtoFilterMiss) {
clientCtx->setAdvertisedNextProtocols({"blub"}, GetParam().first);
clientCtx->setClientProtocolFilterCallback(clientProtoFilterPickNone);
- serverCtx->setAdvertisedNextProtocols({"foo", "bar", "baz"},
- GetParam().second);
+ serverCtx->setAdvertisedNextProtocols(
+ {"foo", "bar", "baz"}, GetParam().second);
connect();
// as negligible.
const int kTries = 64;
- clientCtx->setAdvertisedNextProtocols({"foo", "bar", "baz"},
- GetParam().first);
- serverCtx->setRandomizedAdvertisedNextProtocols({{1, {"foo"}}, {1, {"bar"}}},
- GetParam().second);
+ clientCtx->setAdvertisedNextProtocols(
+ {"foo", "bar", "baz"}, GetParam().first);
+ serverCtx->setRandomizedAdvertisedNextProtocols(
+ {{1, {"foo"}}, {1, {"bar"}}}, GetParam().second);
std::set<string> selectedProtocols;
for (int i = 0; i < kTries; ++i) {
INSTANTIATE_TEST_CASE_P(
AsyncSSLSocketTest,
NextProtocolNPNOnlyTest,
- ::testing::Values(NextProtocolTypePair(SSLContext::NextProtocolType::NPN,
- SSLContext::NextProtocolType::NPN)));
+ ::testing::Values(NextProtocolTypePair(
+ SSLContext::NextProtocolType::NPN,
+ SSLContext::NextProtocolType::NPN)));
#if FOLLY_OPENSSL_HAS_ALPN
INSTANTIATE_TEST_CASE_P(
AsyncSSLSocketTest,
NextProtocolMismatchTest,
- ::testing::Values(NextProtocolTypePair(SSLContext::NextProtocolType::NPN,
- SSLContext::NextProtocolType::ALPN),
- NextProtocolTypePair(SSLContext::NextProtocolType::ALPN,
- SSLContext::NextProtocolType::NPN)));
+ ::testing::Values(
+ NextProtocolTypePair(
+ SSLContext::NextProtocolType::NPN,
+ SSLContext::NextProtocolType::ALPN),
+ NextProtocolTypePair(
+ SSLContext::NextProtocolType::ALPN,
+ SSLContext::NextProtocolType::NPN)));
#endif
#ifndef OPENSSL_NO_TLSEXT
getctx(clientCtx, dfServerCtx);
AsyncSSLSocket::UniquePtr clientSock(
- new AsyncSSLSocket(clientCtx, &eventBase, fds[0], serverName));
+ new AsyncSSLSocket(clientCtx, &eventBase, fds[0], serverName));
AsyncSSLSocket::UniquePtr serverSock(
- new AsyncSSLSocket(dfServerCtx, &eventBase, fds[1], true));
+ new AsyncSSLSocket(dfServerCtx, &eventBase, fds[1], true));
SNIClient client(std::move(clientSock));
- SNIServer server(std::move(serverSock),
- dfServerCtx,
- hskServerCtx,
- serverName);
+ SNIServer server(
+ std::move(serverSock), dfServerCtx, hskServerCtx, serverName);
eventBase.loop();
getfds(fds);
getctx(clientCtx, dfServerCtx);
- AsyncSSLSocket::UniquePtr clientSock(
- new AsyncSSLSocket(clientCtx,
- &eventBase,
- fds[0],
- clientRequestingServerName));
+ AsyncSSLSocket::UniquePtr clientSock(new AsyncSSLSocket(
+ clientCtx, &eventBase, fds[0], clientRequestingServerName));
AsyncSSLSocket::UniquePtr serverSock(
- new AsyncSSLSocket(dfServerCtx, &eventBase, fds[1], true));
+ new AsyncSSLSocket(dfServerCtx, &eventBase, fds[1], true));
SNIClient client(std::move(clientSock));
- SNIServer server(std::move(serverSock),
- dfServerCtx,
- hskServerCtx,
- serverExpectedServerName);
+ SNIServer server(
+ std::move(serverSock),
+ dfServerCtx,
+ hskServerCtx,
+ serverExpectedServerName);
eventBase.loop();
*/
TEST(AsyncSSLSocketTest, SNITestChangeServerName) {
- EventBase eventBase;
+ EventBase eventBase;
std::shared_ptr<SSLContext> clientCtx(new SSLContext);
std::shared_ptr<SSLContext> dfServerCtx(new SSLContext);
// Use the same SSLContext to continue the handshake after
getctx(clientCtx, dfServerCtx);
AsyncSSLSocket::UniquePtr clientSock(
- new AsyncSSLSocket(clientCtx, &eventBase, fds[0], serverName));
- //Change the server name
+ new AsyncSSLSocket(clientCtx, &eventBase, fds[0], serverName));
+ // Change the server name
std::string newName("new.com");
clientSock->setServerName(newName);
AsyncSSLSocket::UniquePtr serverSock(
- new AsyncSSLSocket(dfServerCtx, &eventBase, fds[1], true));
+ new AsyncSSLSocket(dfServerCtx, &eventBase, fds[1], true));
SNIClient client(std::move(clientSock));
- SNIServer server(std::move(serverSock),
- dfServerCtx,
- hskServerCtx,
- serverName);
+ SNIServer server(
+ std::move(serverSock), dfServerCtx, hskServerCtx, serverName);
eventBase.loop();
getctx(clientCtx, dfServerCtx);
AsyncSSLSocket::UniquePtr clientSock(
- new AsyncSSLSocket(clientCtx, &eventBase, fds[0], false));
+ new AsyncSSLSocket(clientCtx, &eventBase, fds[0], false));
AsyncSSLSocket::UniquePtr serverSock(
- new AsyncSSLSocket(dfServerCtx, &eventBase, fds[1], true));
+ new AsyncSSLSocket(dfServerCtx, &eventBase, fds[1], true));
SNIClient client(std::move(clientSock));
- SNIServer server(std::move(serverSock),
- dfServerCtx,
- hskServerCtx,
- serverExpectedServerName);
+ SNIServer server(
+ std::move(serverSock),
+ dfServerCtx,
+ hskServerCtx,
+ serverExpectedServerName);
eventBase.loop();
cerr << "SSLClientTest test completed" << endl;
}
-
/**
* Test SSL client socket session re-use
*/
TEST(AsyncSSLSocketTest, SSLClientTimeoutTest) {
// Start listening on a local port
EmptyReadCallback readCallback;
- HandshakeCallback handshakeCallback(&readCallback,
- HandshakeCallback::EXPECT_ERROR);
+ HandshakeCallback handshakeCallback(
+ &readCallback, HandshakeCallback::EXPECT_ERROR);
HandshakeTimeoutCallback acceptCallback(&handshakeCallback);
TestSSLServer server(&acceptCallback);
// Start listening on a local port
WriteCallbackBase writeCallback;
ReadCallback readCallback(&writeCallback);
- HandshakeCallback handshakeCallback(&readCallback,
- HandshakeCallback::EXPECT_ERROR);
+ HandshakeCallback handshakeCallback(
+ &readCallback, HandshakeCallback::EXPECT_ERROR);
SSLServerAsyncCacheAcceptCallback acceptCallback(&handshakeCallback);
TestSSLAsyncCacheServer server(&acceptCallback, 500);
EventBaseAborter eba(&eventBase, 3000);
eventBase.loop();
- server.getEventBase().runInEventBaseThread([&handshakeCallback]{
- handshakeCallback.closeSocket();});
+ server.getEventBase().runInEventBaseThread(
+ [&handshakeCallback] { handshakeCallback.closeSocket(); });
// give time for the cache lookup to come back and find it closed
handshakeCallback.waitForHandshake();
EXPECT_TRUE(!server.handshakeError_);
}
+/**
+ * Verify that server is able to get client cert by getPeerCert() API.
+ */
+TEST(AsyncSSLSocketTest, GetClientCertificate) {
+ EventBase eventBase;
+ auto clientCtx = std::make_shared<SSLContext>();
+ auto serverCtx = std::make_shared<SSLContext>();
+ serverCtx->setVerificationOption(SSLContext::SSLVerifyPeerEnum::VERIFY);
+ serverCtx->ciphers("ECDHE-RSA-AES128-SHA:AES128-SHA:AES256-SHA");
+ serverCtx->loadPrivateKey(kTestKey);
+ serverCtx->loadCertificate(kTestCert);
+ serverCtx->loadTrustedCertificates(kClientTestCA);
+ serverCtx->loadClientCAList(kClientTestCA);
+
+ clientCtx->setVerificationOption(SSLContext::SSLVerifyPeerEnum::VERIFY);
+ clientCtx->ciphers("AES256-SHA:AES128-SHA");
+ clientCtx->loadPrivateKey(kClientTestKey);
+ clientCtx->loadCertificate(kClientTestCert);
+ clientCtx->loadTrustedCertificates(kTestCA);
+
+ std::array<int, 2> fds;
+ getfds(fds.data());
+
+ AsyncSSLSocket::UniquePtr clientSock(
+ new AsyncSSLSocket(clientCtx, &eventBase, fds[0], false));
+ AsyncSSLSocket::UniquePtr serverSock(
+ new AsyncSSLSocket(serverCtx, &eventBase, fds[1], true));
+
+ SSLHandshakeClient client(std::move(clientSock), true, true);
+ SSLHandshakeServerParseClientHello server(std::move(serverSock), true, true);
+
+ eventBase.loop();
+
+ // Handshake should succeed.
+ EXPECT_TRUE(client.handshakeSuccess_);
+ EXPECT_TRUE(server.handshakeSuccess_);
+
+ // Reclaim the sockets from SSLHandshakeBase.
+ auto cliSocket = std::move(client).moveSocket();
+ auto srvSocket = std::move(server).moveSocket();
+
+ // Client cert retrieved from server side.
+ folly::ssl::X509UniquePtr serverPeerCert = srvSocket->getPeerCert();
+ CHECK(serverPeerCert);
+
+ // Client cert retrieved from client side.
+ const X509* clientSelfCert = cliSocket->getSelfCert();
+ CHECK(clientSelfCert);
+
+ // The two certs should be the same.
+ EXPECT_EQ(0, X509_cmp(clientSelfCert, serverPeerCert.get()));
+}
+
TEST(AsyncSSLSocketTest, SSLParseClientHelloOnePacket) {
EventBase eventBase;
auto ctx = std::make_shared<SSLContext>();
cursor.write<uint32_t>(0);
SSL* ssl = ctx->createSSL();
- SCOPE_EXIT { SSL_free(ssl); };
+ SCOPE_EXIT {
+ SSL_free(ssl);
+ };
AsyncSSLSocket::UniquePtr sock(
new AsyncSSLSocket(ctx, &eventBase, fds[0], true));
sock->enableClientHelloParsing();
cursor.write<uint32_t>(0);
SSL* ssl = ctx->createSSL();
- SCOPE_EXIT { SSL_free(ssl); };
+ SCOPE_EXIT {
+ SSL_free(ssl);
+ };
AsyncSSLSocket::UniquePtr sock(
new AsyncSSLSocket(ctx, &eventBase, fds[0], true));
sock->enableClientHelloParsing();
// Test parsing with two packets with first packet size < 3
auto bufCopy = folly::IOBuf::copyBuffer(buf->data(), 2);
AsyncSSLSocket::clientHelloParsingCallback(
- 0, 0, SSL3_RT_HANDSHAKE, bufCopy->data(), bufCopy->length(),
- ssl, sock.get());
+ 0,
+ 0,
+ SSL3_RT_HANDSHAKE,
+ bufCopy->data(),
+ bufCopy->length(),
+ ssl,
+ sock.get());
bufCopy.reset();
bufCopy = folly::IOBuf::copyBuffer(buf->data() + 2, buf->length() - 2);
AsyncSSLSocket::clientHelloParsingCallback(
- 0, 0, SSL3_RT_HANDSHAKE, bufCopy->data(), bufCopy->length(),
- ssl, sock.get());
+ 0,
+ 0,
+ SSL3_RT_HANDSHAKE,
+ bufCopy->data(),
+ bufCopy->length(),
+ ssl,
+ sock.get());
bufCopy.reset();
auto parsedClientHello = sock->getClientHelloInfo();
cursor.write<uint32_t>(0);
SSL* ssl = ctx->createSSL();
- SCOPE_EXIT { SSL_free(ssl); };
+ SCOPE_EXIT {
+ SSL_free(ssl);
+ };
AsyncSSLSocket::UniquePtr sock(
new AsyncSSLSocket(ctx, &eventBase, fds[0], true));
sock->enableClientHelloParsing();
auto bufCopy = folly::IOBuf::copyBuffer(
buf->data() + i, std::min((uint64_t)3, buf->length() - i));
AsyncSSLSocket::clientHelloParsingCallback(
- 0, 0, SSL3_RT_HANDSHAKE, bufCopy->data(), bufCopy->length(),
- ssl, sock.get());
+ 0,
+ 0,
+ SSL3_RT_HANDSHAKE,
+ bufCopy->data(),
+ bufCopy->length(),
+ ssl,
+ sock.get());
bufCopy.reset();
}
dfServerCtx->setVerificationOption(SSLContext::SSLVerifyPeerEnum::VERIFY);
AsyncSSLSocket::UniquePtr clientSock(
- new AsyncSSLSocket(clientCtx, &eventBase, fds[0], false));
+ new AsyncSSLSocket(clientCtx, &eventBase, fds[0], false));
AsyncSSLSocket::UniquePtr serverSock(
- new AsyncSSLSocket(dfServerCtx, &eventBase, fds[1], true));
+ new AsyncSSLSocket(dfServerCtx, &eventBase, fds[1], true));
SSLHandshakeClient client(std::move(clientSock), true, true);
clientCtx->loadTrustedCertificates(kTestCA);
dfServerCtx->setVerificationOption(SSLContext::SSLVerifyPeerEnum::VERIFY);
AsyncSSLSocket::UniquePtr clientSock(
- new AsyncSSLSocket(clientCtx, &eventBase, fds[0], false));
+ new AsyncSSLSocket(clientCtx, &eventBase, fds[0], false));
AsyncSSLSocket::UniquePtr serverSock(
- new AsyncSSLSocket(dfServerCtx, &eventBase, fds[1], true));
+ new AsyncSSLSocket(dfServerCtx, &eventBase, fds[1], true));
SSLHandshakeClient client(std::move(clientSock), true, false);
clientCtx->loadTrustedCertificates(kTestCA);
dfServerCtx->setVerificationOption(SSLContext::SSLVerifyPeerEnum::VERIFY);
AsyncSSLSocket::UniquePtr clientSock(
- new AsyncSSLSocket(clientCtx, &eventBase, fds[0], false));
+ new AsyncSSLSocket(clientCtx, &eventBase, fds[0], false));
AsyncSSLSocket::UniquePtr serverSock(
- new AsyncSSLSocket(dfServerCtx, &eventBase, fds[1], true));
+ new AsyncSSLSocket(dfServerCtx, &eventBase, fds[1], true));
SSLHandshakeClientNoVerify client(std::move(clientSock), false, false);
clientCtx->loadTrustedCertificates(kTestCA);
dfServerCtx->setVerificationOption(SSLContext::SSLVerifyPeerEnum::VERIFY);
AsyncSSLSocket::UniquePtr clientSock(
- new AsyncSSLSocket(clientCtx, &eventBase, fds[0], false));
+ new AsyncSSLSocket(clientCtx, &eventBase, fds[0], false));
AsyncSSLSocket::UniquePtr serverSock(
- new AsyncSSLSocket(dfServerCtx, &eventBase, fds[1], true));
+ new AsyncSSLSocket(dfServerCtx, &eventBase, fds[1], true));
SSLHandshakeClient client(std::move(clientSock), false, true);
SSLHandshakeServer server(std::move(serverSock), true, true);
dfServerCtx->setVerificationOption(SSLContext::SSLVerifyPeerEnum::NO_VERIFY);
AsyncSSLSocket::UniquePtr clientSock(
- new AsyncSSLSocket(clientCtx, &eventBase, fds[0], false));
+ new AsyncSSLSocket(clientCtx, &eventBase, fds[0], false));
AsyncSSLSocket::UniquePtr serverSock(
- new AsyncSSLSocket(dfServerCtx, &eventBase, fds[1], true));
+ new AsyncSSLSocket(dfServerCtx, &eventBase, fds[1], true));
SSLHandshakeClient client(std::move(clientSock), false, false);
SSLHandshakeServer server(std::move(serverSock), false, false);
EXPECT_LE(0, server.handshakeTime.count());
}
-
/**
* Test requireClientCert with no client cert
*/
class ReadCallbackTerminator : public ReadCallback {
public:
- ReadCallbackTerminator(EventBase* base, WriteCallbackBase *wcb)
- : ReadCallback(wcb)
- , base_(base) {}
+ ReadCallbackTerminator(EventBase* base, WriteCallbackBase* wcb)
+ : ReadCallback(wcb), base_(base) {}
// Do not write data back, terminate the loop.
void readDataAvailable(size_t len) noexcept override {
socket_->setReadCB(nullptr);
base_->terminateLoopSoon();
}
+
private:
EventBase* base_;
};
-
/**
* Test a full unencrypted codepath
*/
int fds[2];
getfds(fds);
getctx(clientCtx, serverCtx);
- auto client = AsyncSSLSocket::newSocket(
- clientCtx, &base, fds[0], false, true);
- auto server = AsyncSSLSocket::newSocket(
- serverCtx, &base, fds[1], true, true);
+ auto client =
+ AsyncSSLSocket::newSocket(clientCtx, &base, fds[0], false, true);
+ auto server = AsyncSSLSocket::newSocket(serverCtx, &base, fds[1], true, true);
ReadCallbackTerminator readCallback(&base, nullptr);
server->setReadCB(&readCallback);
EXPECT_EQ(1, recv(fds[1], &c2, 1, MSG_PEEK));
EXPECT_NE('a', c2);
-
base.loop();
EXPECT_EQ(2, readCallback.buffers.size());
EXPECT_EQ(AsyncSSLSocket::STATE_ESTABLISHED, client->getSSLState());
}
+TEST(AsyncSSLSocketTest, ConnectUnencryptedTest) {
+ auto clientCtx = std::make_shared<folly::SSLContext>();
+ auto serverCtx = std::make_shared<folly::SSLContext>();
+ getctx(clientCtx, serverCtx);
+
+ WriteCallbackBase writeCallback;
+ ReadCallback readCallback(&writeCallback);
+ HandshakeCallback handshakeCallback(&readCallback);
+ SSLServerAcceptCallback acceptCallback(&handshakeCallback);
+ TestSSLServer server(&acceptCallback);
+
+ EventBase evb;
+ std::shared_ptr<AsyncSSLSocket> socket =
+ AsyncSSLSocket::newSocket(clientCtx, &evb, true);
+ socket->connect(nullptr, server.getAddress(), 0);
+
+ evb.loop();
+
+ EXPECT_EQ(AsyncSSLSocket::STATE_UNENCRYPTED, socket->getSSLState());
+ socket->sslConn(nullptr);
+ evb.loop();
+ EXPECT_EQ(AsyncSSLSocket::STATE_ESTABLISHED, socket->getSSLState());
+
+ // write()
+ std::array<uint8_t, 128> buf;
+ memset(buf.data(), 'a', buf.size());
+ socket->write(nullptr, buf.data(), buf.size());
+
+ socket->close();
+}
+
TEST(AsyncSSLSocketTest, ConnResetErrorString) {
// Start listening on a local port
WriteCallbackBase writeCallback;
WriteErrorCallback readCallback(&writeCallback);
- HandshakeCallback handshakeCallback(&readCallback,
- HandshakeCallback::EXPECT_ERROR);
+ HandshakeCallback handshakeCallback(
+ &readCallback, HandshakeCallback::EXPECT_ERROR);
SSLServerAcceptCallback acceptCallback(&handshakeCallback);
TestSSLServer server(&acceptCallback);
// Start listening on a local port
WriteCallbackBase writeCallback;
WriteErrorCallback readCallback(&writeCallback);
- HandshakeCallback handshakeCallback(&readCallback,
- HandshakeCallback::EXPECT_ERROR);
+ HandshakeCallback handshakeCallback(
+ &readCallback, HandshakeCallback::EXPECT_ERROR);
SSLServerAcceptCallback acceptCallback(&handshakeCallback);
TestSSLServer server(&acceptCallback);
// Start listening on a local port
WriteCallbackBase writeCallback;
WriteErrorCallback readCallback(&writeCallback);
- HandshakeCallback handshakeCallback(&readCallback,
- HandshakeCallback::EXPECT_ERROR);
+ HandshakeCallback handshakeCallback(
+ &readCallback, HandshakeCallback::EXPECT_ERROR);
SSLServerAcceptCallback acceptCallback(&handshakeCallback);
TestSSLServer server(&acceptCallback);
socket->close();
handshakeCallback.waitForHandshake();
- EXPECT_NE(handshakeCallback.errorString_.find("SSL routines"),
- std::string::npos);
+ EXPECT_NE(
+ handshakeCallback.errorString_.find("SSL routines"), std::string::npos);
#if defined(OPENSSL_IS_BORINGSSL)
EXPECT_NE(
handshakeCallback.errorString_.find("ENCRYPTED_LENGTH_TOO_LONG"),
std::string::npos);
#elif FOLLY_OPENSSL_IS_110
- EXPECT_NE(handshakeCallback.errorString_.find("packet length too long"),
- std::string::npos);
+ EXPECT_NE(
+ handshakeCallback.errorString_.find("packet length too long"),
+ std::string::npos);
#else
- EXPECT_NE(handshakeCallback.errorString_.find("unknown protocol"),
- std::string::npos);
+ EXPECT_NE(
+ handshakeCallback.errorString_.find("unknown protocol"),
+ std::string::npos);
#endif
}
sslContext->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
// connect
- auto socket = std::make_shared<BlockingSocket>(server.getAddress(),
- sslContext);
+ auto socket =
+ std::make_shared<BlockingSocket>(server.getAddress(), sslContext);
socket->open();
// Setting flags to "-1" to trigger "Invalid argument" error
cerr << "SendMsgParamsCallback test completed" << endl;
}
-#ifdef MSG_ERRQUEUE
+#ifdef FOLLY_HAVE_MSG_ERRQUEUE
/**
* Test connecting to, writing to, reading from, and closing the
* connection to the SSL server.
int major, minor;
folly::StringPiece extra;
if (folly::split<false>(
- '.', std::string(s_uname.release) + ".", major, minor, extra)) {
+ '.', std::string(s_uname.release) + ".", major, minor, extra)) {
if (major < 4 || (major == 4 && minor < 6)) {
LOG(INFO) << "Kernel version: 4.6 and newer required for this test ("
<< "kernel ver. " << s_uname.release << " detected).";
sslContext->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
// connect
- auto socket = std::make_shared<BlockingSocket>(server.getAddress(),
- sslContext);
+ auto socket =
+ std::make_shared<BlockingSocket>(server.getAddress(), sslContext);
socket->open();
// Adding MSG_EOR flag to the message flags - it'll trigger
// timestamp generation for the last byte of the message.
- msgCallback.resetFlags(MSG_DONTWAIT|MSG_NOSIGNAL|MSG_EOR);
+ msgCallback.resetFlags(MSG_DONTWAIT | MSG_NOSIGNAL | MSG_EOR);
// Init ancillary data buffer to trigger timestamp notification
union {
u.cmsg.cmsg_level = SOL_SOCKET;
u.cmsg.cmsg_type = SO_TIMESTAMPING;
u.cmsg.cmsg_len = CMSG_LEN(sizeof(uint32_t));
- uint32_t flags =
- SOF_TIMESTAMPING_TX_SCHED |
- SOF_TIMESTAMPING_TX_SOFTWARE |
+ uint32_t flags = SOF_TIMESTAMPING_TX_SCHED | SOF_TIMESTAMPING_TX_SOFTWARE |
SOF_TIMESTAMPING_TX_ACK;
memcpy(CMSG_DATA(&u.cmsg), &flags, sizeof(uint32_t));
std::vector<char> ctrl(CMSG_LEN(sizeof(uint32_t)));
cerr << "SendMsgDataCallback test completed" << endl;
}
-#endif // MSG_ERRQUEUE
+#endif // FOLLY_HAVE_MSG_ERRQUEUE
#endif
-} // namespace
+} // namespace folly
#ifdef SIGPIPE
///////////////////////////////////////////////////////////////////////////
}
};
Initializer initializer;
-} // anonymous
+} // namespace
#endif
projects / folly.git / blobdiff