/*
- * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
#include <openssl/srp.h>
#include <openssl/txt_db.h>
#include <openssl/aes.h>
+#include <openssl/x509v3.h>
#include "ssltestlib.h"
#include "testutil.h"
/* Verify changing the rbio/wbio directly does not cause leaks */
if (change_bio != NO_BIO_CHANGE) {
- if (!TEST_ptr(membio2 = BIO_new(BIO_s_mem())))
+ if (!TEST_ptr(membio2 = BIO_new(BIO_s_mem()))) {
+ ssl = NULL;
goto end;
+ }
if (change_bio == CHANGE_RBIO)
SSL_set0_rbio(ssl, membio2);
else
return testresult;
}
#endif
+/*
+ * Test that setting an ALPN does not violate RFC
+ */
+static int test_set_alpn(void)
+{
+ SSL_CTX *ctx = NULL;
+ SSL *ssl = NULL;
+ int testresult = 0;
+
+ unsigned char bad0[] = { 0x00, 'b', 'a', 'd' };
+ unsigned char good[] = { 0x04, 'g', 'o', 'o', 'd' };
+ unsigned char bad1[] = { 0x01, 'b', 'a', 'd' };
+ unsigned char bad2[] = { 0x03, 'b', 'a', 'd', 0x00};
+ unsigned char bad3[] = { 0x03, 'b', 'a', 'd', 0x01, 'b', 'a', 'd'};
+ unsigned char bad4[] = { 0x03, 'b', 'a', 'd', 0x06, 'b', 'a', 'd'};
+
+ /* Create an initial SSL_CTX with no certificate configured */
+ ctx = SSL_CTX_new(TLS_server_method());
+ if (!TEST_ptr(ctx))
+ goto end;
+
+ /* the set_alpn functions return 0 (false) on success, non-zero (true) on failure */
+ if (!TEST_false(SSL_CTX_set_alpn_protos(ctx, NULL, 2)))
+ goto end;
+ if (!TEST_false(SSL_CTX_set_alpn_protos(ctx, good, 0)))
+ goto end;
+ if (!TEST_false(SSL_CTX_set_alpn_protos(ctx, good, sizeof(good))))
+ goto end;
+ if (!TEST_true(SSL_CTX_set_alpn_protos(ctx, good, 1)))
+ goto end;
+ if (!TEST_true(SSL_CTX_set_alpn_protos(ctx, bad0, sizeof(bad0))))
+ goto end;
+ if (!TEST_true(SSL_CTX_set_alpn_protos(ctx, bad1, sizeof(bad1))))
+ goto end;
+ if (!TEST_true(SSL_CTX_set_alpn_protos(ctx, bad2, sizeof(bad2))))
+ goto end;
+ if (!TEST_true(SSL_CTX_set_alpn_protos(ctx, bad3, sizeof(bad3))))
+ goto end;
+ if (!TEST_true(SSL_CTX_set_alpn_protos(ctx, bad4, sizeof(bad4))))
+ goto end;
+
+ ssl = SSL_new(ctx);
+ if (!TEST_ptr(ssl))
+ goto end;
+
+ if (!TEST_false(SSL_set_alpn_protos(ssl, NULL, 2)))
+ goto end;
+ if (!TEST_false(SSL_set_alpn_protos(ssl, good, 0)))
+ goto end;
+ if (!TEST_false(SSL_set_alpn_protos(ssl, good, sizeof(good))))
+ goto end;
+ if (!TEST_true(SSL_set_alpn_protos(ssl, good, 1)))
+ goto end;
+ if (!TEST_true(SSL_set_alpn_protos(ssl, bad0, sizeof(bad0))))
+ goto end;
+ if (!TEST_true(SSL_set_alpn_protos(ssl, bad1, sizeof(bad1))))
+ goto end;
+ if (!TEST_true(SSL_set_alpn_protos(ssl, bad2, sizeof(bad2))))
+ goto end;
+ if (!TEST_true(SSL_set_alpn_protos(ssl, bad3, sizeof(bad3))))
+ goto end;
+ if (!TEST_true(SSL_set_alpn_protos(ssl, bad4, sizeof(bad4))))
+ goto end;
+
+ testresult = 1;
+
+end:
+ SSL_free(ssl);
+ SSL_CTX_free(ctx);
+ return testresult;
+}
+
+static int test_inherit_verify_param(void)
+{
+ int testresult = 0;
+
+ SSL_CTX *ctx = NULL;
+ X509_VERIFY_PARAM *cp = NULL;
+ SSL *ssl = NULL;
+ X509_VERIFY_PARAM *sp = NULL;
+ int hostflags = X509_CHECK_FLAG_NEVER_CHECK_SUBJECT;
+
+ ctx = SSL_CTX_new(TLS_server_method());
+ if (!TEST_ptr(ctx))
+ goto end;
+
+ cp = SSL_CTX_get0_param(ctx);
+ if (!TEST_ptr(cp))
+ goto end;
+ if (!TEST_int_eq(X509_VERIFY_PARAM_get_hostflags(cp), 0))
+ goto end;
+
+ X509_VERIFY_PARAM_set_hostflags(cp, hostflags);
+
+ ssl = SSL_new(ctx);
+ if (!TEST_ptr(ssl))
+ goto end;
+
+ sp = SSL_get0_param(ssl);
+ if (!TEST_ptr(sp))
+ goto end;
+ if (!TEST_int_eq(X509_VERIFY_PARAM_get_hostflags(sp), hostflags))
+ goto end;
+
+ testresult = 1;
+
+ end:
+ SSL_free(ssl);
+ SSL_CTX_free(ctx);
+
+ return testresult;
+}
int setup_tests(void)
{
#ifndef OPENSSL_NO_TLS1_3
ADD_TEST(test_sni_tls13);
#endif
+ ADD_TEST(test_set_alpn);
+ ADD_TEST(test_inherit_verify_param);
return 1;
}