diff options
| author | Steven Fackler <[email protected]> | 2015-04-05 16:45:24 -0700 |
|---|---|---|
| committer | Steven Fackler <[email protected]> | 2015-04-05 16:45:24 -0700 |
| commit | 36f264551ad410833877f3884ce390456b8127dd (patch) | |
| tree | 04afb895c278bb9db91523bb2427302ce87079f9 /openssl/src/ssl/tests.rs | |
| parent | Release v0.5.5 (diff) | |
| parent | Fix errors in tests (SslVerifyPeer -> SSL_VERIFY_PEER) (diff) | |
| download | rust-openssl-36f264551ad410833877f3884ce390456b8127dd.tar.xz rust-openssl-36f264551ad410833877f3884ce390456b8127dd.zip | |
Merge pull request #186 from manuels/set_raw_key
Use raw keys and certs in SslContext
Diffstat (limited to 'openssl/src/ssl/tests.rs')
| -rw-r--r-- | openssl/src/ssl/tests.rs | 94 |
1 files changed, 59 insertions, 35 deletions
diff --git a/openssl/src/ssl/tests.rs b/openssl/src/ssl/tests.rs index 5322ebde..05c9fe79 100644 --- a/openssl/src/ssl/tests.rs +++ b/openssl/src/ssl/tests.rs @@ -7,15 +7,18 @@ use std::path::Path; use std::net::TcpListener; #[cfg(feature = "npn")] use std::thread; +use std::fs::File; use crypto::hash::Type::{SHA256}; use ssl; use ssl::SslMethod::Sslv23; use ssl::{SslContext, SslStream, VerifyCallback}; -use ssl::SslVerifyMode::SslVerifyPeer; +use ssl::SSL_VERIFY_PEER; use x509::X509StoreContext; #[cfg(feature = "npn")] use x509::X509FileType; +use x509::X509; +use crypto::pkey::PKey; #[test] fn test_new_ctx() { @@ -32,7 +35,7 @@ fn test_new_sslstream() { fn test_verify_untrusted() { let stream = TcpStream::connect("127.0.0.1:15418").unwrap(); let mut ctx = SslContext::new(Sslv23).unwrap(); - ctx.set_verify(SslVerifyPeer, None); + ctx.set_verify(SSL_VERIFY_PEER, None); match SslStream::new(&ctx, stream) { Ok(_) => panic!("expected failure"), Err(err) => println!("error {:?}", err) @@ -43,10 +46,10 @@ fn test_verify_untrusted() { fn test_verify_trusted() { let stream = TcpStream::connect("127.0.0.1:15418").unwrap(); let mut ctx = SslContext::new(Sslv23).unwrap(); - ctx.set_verify(SslVerifyPeer, None); + ctx.set_verify(SSL_VERIFY_PEER, None); match ctx.set_CA_file(&Path::new("test/cert.pem")) { - None => {} - Some(err) => panic!("Unexpected error {:?}", err) + Ok(_) => {} + Err(err) => panic!("Unexpected error {:?}", err) } match SslStream::new(&ctx, stream) { Ok(_) => (), @@ -61,7 +64,7 @@ fn test_verify_untrusted_callback_override_ok() { } let stream = TcpStream::connect("127.0.0.1:15418").unwrap(); let mut ctx = SslContext::new(Sslv23).unwrap(); - ctx.set_verify(SslVerifyPeer, Some(callback as VerifyCallback)); + ctx.set_verify(SSL_VERIFY_PEER, Some(callback as VerifyCallback)); match SslStream::new(&ctx, stream) { Ok(_) => (), Err(err) => panic!("Expected success, got {:?}", err) @@ -75,7 +78,7 @@ fn test_verify_untrusted_callback_override_bad() { } let stream = TcpStream::connect("127.0.0.1:15418").unwrap(); let mut ctx = SslContext::new(Sslv23).unwrap(); - ctx.set_verify(SslVerifyPeer, Some(callback as VerifyCallback)); + ctx.set_verify(SSL_VERIFY_PEER, Some(callback as VerifyCallback)); assert!(SslStream::new(&ctx, stream).is_err()); } @@ -86,10 +89,10 @@ fn test_verify_trusted_callback_override_ok() { } let stream = TcpStream::connect("127.0.0.1:15418").unwrap(); let mut ctx = SslContext::new(Sslv23).unwrap(); - ctx.set_verify(SslVerifyPeer, Some(callback as VerifyCallback)); + ctx.set_verify(SSL_VERIFY_PEER, Some(callback as VerifyCallback)); match ctx.set_CA_file(&Path::new("test/cert.pem")) { - None => {} - Some(err) => panic!("Unexpected error {:?}", err) + Ok(_) => {} + Err(err) => panic!("Unexpected error {:?}", err) } match SslStream::new(&ctx, stream) { Ok(_) => (), @@ -104,10 +107,10 @@ fn test_verify_trusted_callback_override_bad() { } let stream = TcpStream::connect("127.0.0.1:15418").unwrap(); let mut ctx = SslContext::new(Sslv23).unwrap(); - ctx.set_verify(SslVerifyPeer, Some(callback as VerifyCallback)); + ctx.set_verify(SSL_VERIFY_PEER, Some(callback as VerifyCallback)); match ctx.set_CA_file(&Path::new("test/cert.pem")) { - None => {} - Some(err) => panic!("Unexpected error {:?}", err) + Ok(_) => {} + Err(err) => panic!("Unexpected error {:?}", err) } assert!(SslStream::new(&ctx, stream).is_err()); } @@ -120,7 +123,7 @@ fn test_verify_callback_load_certs() { } let stream = TcpStream::connect("127.0.0.1:15418").unwrap(); let mut ctx = SslContext::new(Sslv23).unwrap(); - ctx.set_verify(SslVerifyPeer, Some(callback as VerifyCallback)); + ctx.set_verify(SSL_VERIFY_PEER, Some(callback as VerifyCallback)); assert!(SslStream::new(&ctx, stream).is_ok()); } @@ -132,10 +135,10 @@ fn test_verify_trusted_get_error_ok() { } let stream = TcpStream::connect("127.0.0.1:15418").unwrap(); let mut ctx = SslContext::new(Sslv23).unwrap(); - ctx.set_verify(SslVerifyPeer, Some(callback as VerifyCallback)); + ctx.set_verify(SSL_VERIFY_PEER, Some(callback as VerifyCallback)); match ctx.set_CA_file(&Path::new("test/cert.pem")) { - None => {} - Some(err) => panic!("Unexpected error {:?}", err) + Ok(_) => {} + Err(err) => panic!("Unexpected error {:?}", err) } assert!(SslStream::new(&ctx, stream).is_ok()); } @@ -148,7 +151,7 @@ fn test_verify_trusted_get_error_err() { } let stream = TcpStream::connect("127.0.0.1:15418").unwrap(); let mut ctx = SslContext::new(Sslv23).unwrap(); - ctx.set_verify(SslVerifyPeer, Some(callback as VerifyCallback)); + ctx.set_verify(SSL_VERIFY_PEER, Some(callback as VerifyCallback)); assert!(SslStream::new(&ctx, stream).is_err()); } @@ -173,7 +176,7 @@ fn test_verify_callback_data() { // Please update if "test/cert.pem" will ever change let node_hash_str = "46e3f1a6d17a41ce70d0c66ef51cee2ab4ba67cac8940e23f10c1f944b49fb5c"; let node_id = node_hash_str.from_hex().unwrap(); - ctx.set_verify_with_data(SslVerifyPeer, callback, node_id); + ctx.set_verify_with_data(SSL_VERIFY_PEER, callback, node_id); ctx.set_verify_depth(1); match SslStream::new(&ctx, stream) { @@ -183,6 +186,27 @@ fn test_verify_callback_data() { } #[test] +fn test_set_certificate_and_private_key() { + let key_path = Path::new("test/key.pem"); + let cert_path = Path::new("test/cert.pem"); + let mut key_file = File::open(&key_path) + .ok() + .expect("Failed to open `test/key.pem`"); + let mut cert_file = File::open(&cert_path) + .ok() + .expect("Failed to open `test/cert.pem`"); + + let key = PKey::private_key_from_pem(&mut key_file).unwrap(); + let cert = X509::from_pem(&mut cert_file).unwrap(); + + let mut ctx = SslContext::new(Sslv23).unwrap(); + ctx.set_private_key(&key).unwrap(); + ctx.set_certificate(&cert).unwrap(); + + assert!(ctx.check_private_key().is_ok()); +} + +#[test] fn test_get_ctx_options() { let mut ctx = SslContext::new(Sslv23).unwrap(); ctx.get_options(); @@ -234,11 +258,11 @@ fn test_read() { fn test_connect_with_unilateral_npn() { let stream = TcpStream::connect("127.0.0.1:15418").unwrap(); let mut ctx = SslContext::new(Sslv23).unwrap(); - ctx.set_verify(SslVerifyPeer, None); + ctx.set_verify(SSL_VERIFY_PEER, None); ctx.set_npn_protocols(&[b"http/1.1", b"spdy/3.1"]); match ctx.set_CA_file(&Path::new("test/cert.pem")) { - None => {} - Some(err) => panic!("Unexpected error {:?}", err) + Ok(_)=> {} + Err(err) => panic!("Unexpected error {:?}", err) } let stream = match SslStream::new(&ctx, stream) { Ok(stream) => stream, @@ -258,11 +282,11 @@ fn test_connect_with_npn_successful_multiple_matching() { // NPN enabled. let stream = TcpStream::connect("127.0.0.1:15419").unwrap(); let mut ctx = SslContext::new(Sslv23).unwrap(); - ctx.set_verify(SslVerifyPeer, None); + ctx.set_verify(SSL_VERIFY_PEER, None); ctx.set_npn_protocols(&[b"spdy/3.1", b"http/1.1"]); match ctx.set_CA_file(&Path::new("test/cert.pem")) { - None => {} - Some(err) => panic!("Unexpected error {:?}", err) + Ok(_)=> {} + Err(err) => panic!("Unexpected error {:?}", err) } let stream = match SslStream::new(&ctx, stream) { Ok(stream) => stream, @@ -283,11 +307,11 @@ fn test_connect_with_npn_successful_single_match() { // NPN enabled. let stream = TcpStream::connect("127.0.0.1:15419").unwrap(); let mut ctx = SslContext::new(Sslv23).unwrap(); - ctx.set_verify(SslVerifyPeer, None); + ctx.set_verify(SSL_VERIFY_PEER, None); ctx.set_npn_protocols(&[b"spdy/3.1"]); match ctx.set_CA_file(&Path::new("test/cert.pem")) { - None => {} - Some(err) => panic!("Unexpected error {:?}", err) + Ok(_)=> {} + Err(err) => panic!("Unexpected error {:?}", err) } let stream = match SslStream::new(&ctx, stream) { Ok(stream) => stream, @@ -308,12 +332,12 @@ fn test_npn_server_advertise_multiple() { // We create a different context instance for the server... let listener_ctx = { let mut ctx = SslContext::new(Sslv23).unwrap(); - ctx.set_verify(SslVerifyPeer, None); + ctx.set_verify(SSL_VERIFY_PEER, None); ctx.set_npn_protocols(&[b"http/1.1", b"spdy/3.1"]); - ctx.set_certificate_file( - &Path::new("test/cert.pem"), X509FileType::PEM); + assert!(ctx.set_certificate_file( + &Path::new("test/cert.pem"), X509FileType::PEM).is_ok()); ctx.set_private_key_file( - &Path::new("test/key.pem"), X509FileType::PEM); + &Path::new("test/key.pem"), X509FileType::PEM).unwrap(); ctx }; // Have the listener wait on the connection in a different thread. @@ -323,11 +347,11 @@ fn test_npn_server_advertise_multiple() { }); let mut ctx = SslContext::new(Sslv23).unwrap(); - ctx.set_verify(SslVerifyPeer, None); + ctx.set_verify(SSL_VERIFY_PEER, None); ctx.set_npn_protocols(&[b"spdy/3.1"]); match ctx.set_CA_file(&Path::new("test/cert.pem")) { - None => {} - Some(err) => panic!("Unexpected error {:?}", err) + Ok(_)=> {} + Err(err) => panic!("Unexpected error {:?}", err) } // Now connect to the socket and make sure the protocol negotiation works... let stream = TcpStream::connect(localhost).unwrap(); |