diff options
| author | Steven Fackler <[email protected]> | 2015-03-23 23:29:44 -0400 |
|---|---|---|
| committer | Steven Fackler <[email protected]> | 2015-03-23 23:29:44 -0400 |
| commit | f664444ac58f03b6ea37996f44a81f3804cf938a (patch) | |
| tree | 8f85163aa252370b00a0b6dff4b72778c52e266b /openssl/src/ssl/tests.rs | |
| parent | Merge pull request #187 from manuels/x509_sign (diff) | |
| parent | openssl: Add tests for server-side NPN (diff) | |
| download | rust-openssl-f664444ac58f03b6ea37996f44a81f3804cf938a.tar.xz rust-openssl-f664444ac58f03b6ea37996f44a81f3804cf938a.zip | |
Merge pull request #185 from mlalic/npn-bindings
Add TLS Next Protocol Negotiation
Diffstat (limited to 'openssl/src/ssl/tests.rs')
| -rw-r--r-- | openssl/src/ssl/tests.rs | 117 |
1 files changed, 115 insertions, 2 deletions
diff --git a/openssl/src/ssl/tests.rs b/openssl/src/ssl/tests.rs index 5196b870..468b1053 100644 --- a/openssl/src/ssl/tests.rs +++ b/openssl/src/ssl/tests.rs @@ -1,15 +1,16 @@ use serialize::hex::FromHex; -use std::net::TcpStream; +use std::net::{TcpStream, TcpListener}; use std::io; use std::io::prelude::*; use std::path::Path; +use std::thread; use crypto::hash::Type::{SHA256}; use ssl; use ssl::SslMethod::Sslv23; use ssl::{SslContext, SslStream, VerifyCallback}; use ssl::SslVerifyMode::SslVerifyPeer; -use x509::{X509StoreContext}; +use x509::{X509StoreContext, X509FileType}; #[test] fn test_new_ctx() { @@ -220,3 +221,115 @@ fn test_read() { println!("written"); io::copy(&mut stream, &mut io::sink()).ok().expect("read error"); } + +/// Tests that connecting with the client using NPN, but the server not does not +/// break the existing connection behavior. +#[test] +#[cfg(feature = "npn")] +fn test_connect_with_unilateral_npn() { + let stream = TcpStream::connect("127.0.0.1:15418").unwrap(); + let mut ctx = SslContext::new(Sslv23).unwrap(); + ctx.set_verify(SslVerifyPeer, None); + ctx.set_npn_protocols(&[b"http/1.1", b"spdy/3.1"]); + match ctx.set_CA_file(&Path::new("test/cert.pem")) { + None => {} + Some(err) => panic!("Unexpected error {:?}", err) + } + let stream = match SslStream::new(&ctx, stream) { + Ok(stream) => stream, + Err(err) => panic!("Expected success, got {:?}", err) + }; + // Since the socket to which we connected is not configured to use NPN, + // there should be no selected protocol... + assert!(stream.get_selected_npn_protocol().is_none()); +} + +/// Tests that when both the client as well as the server use NPN and their +/// lists of supported protocols have an overlap, the correct protocol is chosen. +#[test] +#[cfg(feature = "npn")] +fn test_connect_with_npn_successful_multiple_matching() { + // A different port than the other tests: an `openssl` process that has + // NPN enabled. + let stream = TcpStream::connect("127.0.0.1:15419").unwrap(); + let mut ctx = SslContext::new(Sslv23).unwrap(); + ctx.set_verify(SslVerifyPeer, None); + ctx.set_npn_protocols(&[b"spdy/3.1", b"http/1.1"]); + match ctx.set_CA_file(&Path::new("test/cert.pem")) { + None => {} + Some(err) => panic!("Unexpected error {:?}", err) + } + let stream = match SslStream::new(&ctx, stream) { + Ok(stream) => stream, + Err(err) => panic!("Expected success, got {:?}", err) + }; + // The server prefers "http/1.1", so that is chosen, even though the client + // would prefer "spdy/3.1" + assert_eq!(b"http/1.1", stream.get_selected_npn_protocol().unwrap()); +} + +/// Tests that when both the client as well as the server use NPN and their +/// lists of supported protocols have an overlap -- with only ONE protocol +/// being valid for both. +#[test] +#[cfg(feature = "npn")] +fn test_connect_with_npn_successful_single_match() { + // A different port than the other tests: an `openssl` process that has + // NPN enabled. + let stream = TcpStream::connect("127.0.0.1:15419").unwrap(); + let mut ctx = SslContext::new(Sslv23).unwrap(); + ctx.set_verify(SslVerifyPeer, None); + ctx.set_npn_protocols(&[b"spdy/3.1"]); + match ctx.set_CA_file(&Path::new("test/cert.pem")) { + None => {} + Some(err) => panic!("Unexpected error {:?}", err) + } + let stream = match SslStream::new(&ctx, stream) { + Ok(stream) => stream, + Err(err) => panic!("Expected success, got {:?}", err) + }; + // The client now only supports one of the server's protocols, so that one + // is used. + assert_eq!(b"spdy/3.1", stream.get_selected_npn_protocol().unwrap()); +} + +/// Tests that when the `SslStream` is created as a server stream, the protocols +/// are correctly advertised to the client. +#[test] +#[cfg(feature = "npn")] +fn test_npn_server_advertise_multiple() { + let localhost = "127.0.0.1:15420"; + let listener = TcpListener::bind(localhost).unwrap(); + // We create a different context instance for the server... + let listener_ctx = { + let mut ctx = SslContext::new(Sslv23).unwrap(); + ctx.set_verify(SslVerifyPeer, None); + ctx.set_npn_protocols(&[b"http/1.1", b"spdy/3.1"]); + ctx.set_certificate_file( + &Path::new("test/cert.pem"), X509FileType::PEM); + ctx.set_private_key_file( + &Path::new("test/key.pem"), X509FileType::PEM); + ctx + }; + // Have the listener wait on the connection in a different thread. + thread::spawn(move || { + let (stream, _) = listener.accept().unwrap(); + let _ = SslStream::new_server(&listener_ctx, stream).unwrap(); + }); + + let mut ctx = SslContext::new(Sslv23).unwrap(); + ctx.set_verify(SslVerifyPeer, None); + ctx.set_npn_protocols(&[b"spdy/3.1"]); + match ctx.set_CA_file(&Path::new("test/cert.pem")) { + None => {} + Some(err) => panic!("Unexpected error {:?}", err) + } + // Now connect to the socket and make sure the protocol negotiation works... + let stream = TcpStream::connect(localhost).unwrap(); + let stream = match SslStream::new(&ctx, stream) { + Ok(stream) => stream, + Err(err) => panic!("Expected success, got {:?}", err) + }; + // SPDY is selected since that's the only thing the client supports. + assert_eq!(b"spdy/3.1", stream.get_selected_npn_protocol().unwrap()); +} |