Add support for OpenSSL 1.1.10.9.x

1 files changed, 33 insertions, 15 deletions

diff --git a/openssl/src/ssl/tests/mod.rs b/openssl/src/ssl/tests/mod.rs
index 1cc36c7f..b5d5a829 100644
--- a/openssl/src/ssl/tests/mod.rs
+++ b/openssl/src/ssl/tests/mod.rs
@@ -22,7 +22,7 @@ use ssl::{SslMethod, HandshakeError, SslContext, SslStream, Ssl, ShutdownResult,
           SslConnectorBuilder, SslAcceptorBuilder, Error, SSL_VERIFY_PEER, SSL_VERIFY_NONE,
           STATUS_TYPE_OCSP};
 use x509::{X509StoreContext, X509, X509Name, X509_FILETYPE_PEM};
-#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
+#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))]
 use x509::verify::X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS;
 use pkey::PKey;
 
@@ -138,14 +138,14 @@ macro_rules! run_test(
             use ssl::SSL_VERIFY_PEER;
             use hash::MessageDigest;
             use x509::X509StoreContext;
-            #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
+            #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))]
             use x509::X509;
-            #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
+            #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))]
             use x509::store::X509StoreBuilder;
             use hex::FromHex;
             use foreign_types::ForeignTypeRef;
             use super::Server;
-            #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
+            #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))]
             use super::ROOT_CERT;
 
             #[test]
@@ -186,7 +186,7 @@ run_test!(verify_trusted, |method, stream| {
     }
 });
 
-#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
+#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))]
 run_test!(verify_trusted_with_set_cert, |method, stream| {
     let x509 = X509::from_pem(ROOT_CERT).unwrap();
     let mut store = X509StoreBuilder::new().unwrap();
@@ -481,7 +481,7 @@ fn test_state() {
 /// Tests that connecting with the client using ALPN, but the server not does not
 /// break the existing connection behavior.
 #[test]
-#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
+#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))]
 fn test_connect_with_unilateral_alpn() {
     let (_s, stream) = Server::new();
     let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
@@ -525,7 +525,7 @@ fn test_connect_with_unilateral_npn() {
 /// Tests that when both the client as well as the server use ALPN and their
 /// lists of supported protocols have an overlap, the correct protocol is chosen.
 #[test]
-#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
+#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))]
 fn test_connect_with_alpn_successful_multiple_matching() {
     let (_s, stream) = Server::new_alpn();
     let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
@@ -546,8 +546,10 @@ fn test_connect_with_alpn_successful_multiple_matching() {
 
 /// Tests that when both the client as well as the server use NPN and their
 /// lists of supported protocols have an overlap, the correct protocol is chosen.
+// Ignore: NPN is removed on master.
 #[test]
-#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
+#[ignore]
+#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))]
 fn test_connect_with_npn_successful_multiple_matching() {
     let (_s, stream) = Server::new_alpn();
     let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
@@ -570,7 +572,7 @@ fn test_connect_with_npn_successful_multiple_matching() {
 /// lists of supported protocols have an overlap -- with only ONE protocol
 /// being valid for both.
 #[test]
-#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
+#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))]
 fn test_connect_with_alpn_successful_single_match() {
     let (_s, stream) = Server::new_alpn();
     let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
@@ -593,8 +595,10 @@ fn test_connect_with_alpn_successful_single_match() {
 /// Tests that when both the client as well as the server use NPN and their
 /// lists of supported protocols have an overlap -- with only ONE protocol
 /// being valid for both.
+// Ignore: NPN is removed on master.
 #[test]
-#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
+#[ignore]
+#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))]
 fn test_connect_with_npn_successful_single_match() {
     let (_s, stream) = Server::new_alpn();
     let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
@@ -615,7 +619,9 @@ fn test_connect_with_npn_successful_single_match() {
 
 /// Tests that when the `SslStream` is created as a server stream, the protocols
 /// are correctly advertised to the client.
+// Ignore: NPN is removed on master.
 #[test]
+#[ignore]
 #[cfg(not(any(libressl261, libressl262, libressl26x)))]
 fn test_npn_server_advertise_multiple() {
     let listener = TcpListener::bind("127.0.0.1:0").unwrap();
@@ -659,7 +665,7 @@ fn test_npn_server_advertise_multiple() {
 /// Tests that when the `SslStream` is created as a server stream, the protocols
 /// are correctly advertised to the client.
 #[test]
-#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
+#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))]
 fn test_alpn_server_advertise_multiple() {
     let listener = TcpListener::bind("127.0.0.1:0").unwrap();
     let localhost = listener.local_addr().unwrap();
@@ -702,7 +708,7 @@ fn test_alpn_server_advertise_multiple() {
 /// Test that Servers supporting ALPN don't report a protocol when none of their protocols match
 /// the client's reported protocol.
 #[test]
-#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
+#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))]
 fn test_alpn_server_select_none() {
     let listener = TcpListener::bind("127.0.0.1:0").unwrap();
     let localhost = listener.local_addr().unwrap();
@@ -804,7 +810,9 @@ fn test_write_nonblocking() {
     stream.write(" there".as_bytes()).unwrap();
 }
 
+// Ignore: the test is removed in master.
 #[test]
+#[ignore]
 #[cfg_attr(any(libressl, windows, target_arch = "arm"), ignore)] // FIXME(#467)
 fn test_read_nonblocking() {
     let (_s, stream) = Server::new();
@@ -967,7 +975,9 @@ fn default_verify_paths() {
     ctx.set_default_verify_paths().unwrap();
     ctx.set_verify(SSL_VERIFY_PEER);
     let s = TcpStream::connect("google.com:443").unwrap();
-    let mut socket = Ssl::new(&ctx.build()).unwrap().connect(s).unwrap();
+    let mut ssl = Ssl::new(&ctx.build()).unwrap();
+    ssl.set_hostname("google.com").unwrap();
+    let mut socket = ssl.connect(s).unwrap();
 
     socket.write_all(b"GET / HTTP/1.0\r\n\r\n").unwrap();
     let mut result = vec![];
@@ -987,7 +997,7 @@ fn add_extra_chain_cert() {
 }
 
 #[test]
-#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
+#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))]
 fn verify_valid_hostname() {
     let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
     ctx.set_default_verify_paths().unwrap();
@@ -998,6 +1008,7 @@ fn verify_valid_hostname() {
         X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS,
     );
     ssl.param_mut().set_host("google.com").unwrap();
+    ssl.set_hostname("google.com").unwrap();
 
     let s = TcpStream::connect("google.com:443").unwrap();
     let mut socket = ssl.connect(s).unwrap();
@@ -1012,7 +1023,7 @@ fn verify_valid_hostname() {
 }
 
 #[test]
-#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
+#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))]
 fn verify_invalid_hostname() {
     let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
     ctx.set_default_verify_paths().unwrap();
@@ -1052,7 +1063,10 @@ fn connector_invalid_hostname() {
     assert!(connector.connect("foobar.com", s).is_err());
 }
 
+// Ignored: Google's load balancer architecture changed. Connection without SNI will fail with
+// self signed certs.
 #[test]
+#[ignore]
 fn connector_invalid_no_hostname_verification() {
     let connector = SslConnectorBuilder::new(SslMethod::tls()).unwrap().build();
 
@@ -1231,6 +1245,8 @@ fn tmp_dh_callback() {
 
     let stream = TcpStream::connect(("127.0.0.1", port)).unwrap();
     let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
+    #[cfg(ossl111)]
+    ctx.set_options(super::SSL_OP_NO_TLSV1_3);
     ctx.set_cipher_list("EDH").unwrap();
     let ssl = Ssl::new(&ctx.build()).unwrap();
     ssl.connect(stream).unwrap();
@@ -1298,6 +1314,8 @@ fn tmp_dh_callback_ssl() {
 
     let stream = TcpStream::connect(("127.0.0.1", port)).unwrap();
     let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
+    #[cfg(ossl111)]
+    ctx.set_options(super::SSL_OP_NO_TLSV1_3);
     ctx.set_cipher_list("EDH").unwrap();
     let ssl = Ssl::new(&ctx.build()).unwrap();
     ssl.connect(stream).unwrap();