*/
#include <folly/io/async/test/AsyncSSLSocketTest.h>
-#include <pthread.h>
#include <signal.h>
#include <folly/SocketAddress.h>
uint32_t TestSSLAsyncCacheServer::asyncLookups_ = 0;
uint32_t TestSSLAsyncCacheServer::lookupDelay_ = 0;
-const char* testCert = "folly/io/async/test/certs/tests-cert.pem";
-const char* testKey = "folly/io/async/test/certs/tests-key.pem";
-const char* testCA = "folly/io/async/test/certs/ca-cert.pem";
-
constexpr size_t SSLClient::kMaxReadBufferSz;
constexpr size_t SSLClient::kMaxReadsPerEvent;
-TestSSLServer::TestSSLServer(SSLServerAcceptCallbackBase* acb, bool enableTFO)
- : ctx_(new folly::SSLContext),
- acb_(acb),
- socket_(folly::AsyncServerSocket::newSocket(&evb_)) {
- // Set up the SSL context
- ctx_->loadCertificate(testCert);
- ctx_->loadPrivateKey(testKey);
- ctx_->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
-
- acb_->ctx_ = ctx_;
- acb_->base_ = &evb_;
-
- // Enable TFO
- if (enableTFO) {
- LOG(INFO) << "server TFO enabled";
- socket_->setTFOEnabled(true, 1000);
- }
-
- // set up the listening socket
- socket_->bind(0);
- socket_->getAddress(&address_);
- socket_->listen(100);
- socket_->addAcceptCallback(acb_, &evb_);
- socket_->startAccepting();
-
- int ret = pthread_create(&thread_, nullptr, Main, this);
- assert(ret == 0);
- (void)ret;
-
- std::cerr << "Accepting connections on " << address_ << std::endl;
-}
-
void getfds(int fds[2]) {
if (socketpair(PF_LOCAL, SOCK_STREAM, 0, fds) != 0) {
FAIL() << "failed to create socketpair: " << strerror(errno);
clientCtx->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
serverCtx->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
- serverCtx->loadCertificate(
- testCert);
- serverCtx->loadPrivateKey(
- testKey);
+ serverCtx->loadCertificate(kTestCert);
+ serverCtx->loadPrivateKey(kTestKey);
}
void sslsocketpair(
auto serverCtx = std::make_shared<SSLContext>();
serverCtx->setVerificationOption(SSLContext::SSLVerifyPeerEnum::VERIFY);
serverCtx->ciphers("ECDHE-RSA-AES128-SHA:AES128-SHA:AES256-SHA");
- serverCtx->loadPrivateKey(testKey);
- serverCtx->loadCertificate(testCert);
- serverCtx->loadTrustedCertificates(testCA);
- serverCtx->loadClientCAList(testCA);
+ serverCtx->loadPrivateKey(kTestKey);
+ serverCtx->loadCertificate(kTestCert);
+ serverCtx->loadTrustedCertificates(kTestCA);
+ serverCtx->loadClientCAList(kTestCA);
clientCtx->setVerificationOption(SSLContext::SSLVerifyPeerEnum::VERIFY);
clientCtx->ciphers("AES256-SHA:AES128-SHA");
- clientCtx->loadPrivateKey(testKey);
- clientCtx->loadCertificate(testCert);
- clientCtx->loadTrustedCertificates(testCA);
+ clientCtx->loadPrivateKey(kTestKey);
+ clientCtx->loadCertificate(kTestCert);
+ clientCtx->loadTrustedCertificates(kTestCA);
int fds[2];
getfds(fds);
new AsyncSSLSocket(dfServerCtx, &eventBase, fds[1], true));
SSLHandshakeClient client(std::move(clientSock), true, true);
- clientCtx->loadTrustedCertificates(testCA);
+ clientCtx->loadTrustedCertificates(kTestCA);
SSLHandshakeServer server(std::move(serverSock), true, true);
new AsyncSSLSocket(dfServerCtx, &eventBase, fds[1], true));
SSLHandshakeClient client(std::move(clientSock), true, false);
- clientCtx->loadTrustedCertificates(testCA);
+ clientCtx->loadTrustedCertificates(kTestCA);
SSLHandshakeServer server(std::move(serverSock), true, true);
new AsyncSSLSocket(dfServerCtx, &eventBase, fds[1], true));
SSLHandshakeClientNoVerify client(std::move(clientSock), false, false);
- clientCtx->loadTrustedCertificates(testCA);
+ clientCtx->loadTrustedCertificates(kTestCA);
SSLHandshakeServerNoVerify server(std::move(serverSock), false, false);
auto serverCtx = std::make_shared<SSLContext>();
serverCtx->setVerificationOption(SSLContext::SSLVerifyPeerEnum::NO_VERIFY);
serverCtx->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
- serverCtx->loadPrivateKey(testKey);
- serverCtx->loadCertificate(testCert);
- serverCtx->loadTrustedCertificates(testCA);
- serverCtx->loadClientCAList(testCA);
+ serverCtx->loadPrivateKey(kTestKey);
+ serverCtx->loadCertificate(kTestCert);
+ serverCtx->loadTrustedCertificates(kTestCA);
+ serverCtx->loadClientCAList(kTestCA);
clientCtx->setVerificationOption(SSLContext::SSLVerifyPeerEnum::NO_VERIFY);
clientCtx->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
- clientCtx->loadPrivateKey(testKey);
- clientCtx->loadCertificate(testCert);
- clientCtx->loadTrustedCertificates(testCA);
+ clientCtx->loadPrivateKey(kTestKey);
+ clientCtx->loadCertificate(kTestCert);
+ clientCtx->loadTrustedCertificates(kTestCA);
int fds[2];
getfds(fds);
serverCtx->setVerificationOption(
SSLContext::SSLVerifyPeerEnum::VERIFY_REQ_CLIENT_CERT);
serverCtx->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
- serverCtx->loadPrivateKey(testKey);
- serverCtx->loadCertificate(testCert);
- serverCtx->loadTrustedCertificates(testCA);
- serverCtx->loadClientCAList(testCA);
+ serverCtx->loadPrivateKey(kTestKey);
+ serverCtx->loadCertificate(kTestCert);
+ serverCtx->loadTrustedCertificates(kTestCA);
+ serverCtx->loadClientCAList(kTestCA);
clientCtx->setVerificationOption(SSLContext::SSLVerifyPeerEnum::VERIFY);
clientCtx->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
- clientCtx->loadPrivateKey(testKey);
- clientCtx->loadCertificate(testCert);
- clientCtx->loadTrustedCertificates(testCA);
+ clientCtx->loadPrivateKey(kTestKey);
+ clientCtx->loadCertificate(kTestCert);
+ clientCtx->loadTrustedCertificates(kTestCA);
int fds[2];
getfds(fds);
serverCtx->setVerificationOption(
SSLContext::SSLVerifyPeerEnum::VERIFY_REQ_CLIENT_CERT);
serverCtx->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
- serverCtx->loadPrivateKey(testKey);
- serverCtx->loadCertificate(testCert);
- serverCtx->loadTrustedCertificates(testCA);
- serverCtx->loadClientCAList(testCA);
+ serverCtx->loadPrivateKey(kTestKey);
+ serverCtx->loadCertificate(kTestCert);
+ serverCtx->loadTrustedCertificates(kTestCA);
+ serverCtx->loadClientCAList(kTestCA);
clientCtx->setVerificationOption(SSLContext::SSLVerifyPeerEnum::NO_VERIFY);
clientCtx->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
}
TEST(AsyncSSLSocketTest, LoadCertFromMemory) {
- auto cert = getFileAsBuf(testCert);
- auto key = getFileAsBuf(testKey);
+ auto cert = getFileAsBuf(kTestCert);
+ auto key = getFileAsBuf(kTestKey);
ssl::BioUniquePtr certBio(BIO_new(BIO_s_mem()));
BIO_write(certBio.get(), cert.data(), cert.size());
auto ctx = std::make_shared<SSLContext>();
ctx->loadPrivateKeyFromBufferPEM(key);
ctx->loadCertificateFromBufferPEM(cert);
- ctx->loadTrustedCertificates(testCA);
+ ctx->loadTrustedCertificates(kTestCA);
ssl::SSLUniquePtr ssl(ctx->createSSL());