diff options
| author | Steven Fackler <[email protected]> | 2016-10-14 22:26:32 -0700 |
|---|---|---|
| committer | GitHub <[email protected]> | 2016-10-14 22:26:32 -0700 |
| commit | 1fe16382e034dea71f16bfcfc31c8952e66264a9 (patch) | |
| tree | 3fe52191316bf3a45c01f18f06ff2fe806e7e8b7 /openssl/src/ssl/tests/mod.rs | |
| parent | Merge pull request #470 from sfackler/confs (diff) | |
| parent | Fix test_alpn_server_select_none (diff) | |
| download | rust-openssl-1fe16382e034dea71f16bfcfc31c8952e66264a9.tar.xz rust-openssl-1fe16382e034dea71f16bfcfc31c8952e66264a9.zip | |
Merge pull request #472 from sfackler/alpn-test
Fix test_alpn_server_select_none
Diffstat (limited to 'openssl/src/ssl/tests/mod.rs')
| -rw-r--r-- | openssl/src/ssl/tests/mod.rs | 46 |
1 files changed, 34 insertions, 12 deletions
diff --git a/openssl/src/ssl/tests/mod.rs b/openssl/src/ssl/tests/mod.rs index b3500105..ce1ba8ca 100644 --- a/openssl/src/ssl/tests/mod.rs +++ b/openssl/src/ssl/tests/mod.rs @@ -726,10 +726,7 @@ fn test_alpn_server_advertise_multiple() { /// Test that Servers supporting ALPN don't report a protocol when none of their protocols match /// the client's reported protocol. #[test] -#[cfg(feature = "openssl-102")] -// TODO: not sure why this test is failing on OpenSSL 1.1.0, may be related to -// something about SSLv3 though? -#[cfg_attr(ossl110, ignore)] +#[cfg(all(feature = "openssl-102", ossl102))] fn test_alpn_server_select_none() { let listener = TcpListener::bind("127.0.0.1:0").unwrap(); let localhost = listener.local_addr().unwrap(); @@ -753,21 +750,46 @@ fn test_alpn_server_select_none() { let mut ctx = SslContext::new(Tls).unwrap(); ctx.set_verify(SSL_VERIFY_PEER); ctx.set_alpn_protocols(&[b"http/2"]); - match ctx.set_CA_file(&Path::new("test/root-ca.pem")) { - Ok(_) => {} - Err(err) => panic!("Unexpected error {:?}", err), - } + ctx.set_CA_file(&Path::new("test/root-ca.pem")).unwrap(); // Now connect to the socket and make sure the protocol negotiation works... let stream = TcpStream::connect(localhost).unwrap(); - let stream = match SslStream::connect(&ctx, stream) { - Ok(stream) => stream, - Err(err) => panic!("Expected success, got {:?}", err), - }; + let stream = SslStream::connect(&ctx, stream).unwrap(); // Since the protocols from the server and client don't overlap at all, no protocol is selected assert_eq!(None, stream.ssl().selected_alpn_protocol()); } +// In 1.1.0, ALPN negotiation failure is a fatal error +#[test] +#[cfg(all(feature = "openssl-102", ossl110))] +fn test_alpn_server_select_none() { + let listener = TcpListener::bind("127.0.0.1:0").unwrap(); + let localhost = listener.local_addr().unwrap(); + // We create a different context instance for the server... + let listener_ctx = { + let mut ctx = SslContext::new(Tls).unwrap(); + ctx.set_verify(SSL_VERIFY_PEER); + ctx.set_alpn_protocols(&[b"http/1.1", b"spdy/3.1"]); + assert!(ctx.set_certificate_file(&Path::new("test/cert.pem"), X509FileType::PEM) + .is_ok()); + ctx.set_private_key_file(&Path::new("test/key.pem"), X509FileType::PEM) + .unwrap(); + ctx + }; + // Have the listener wait on the connection in a different thread. + thread::spawn(move || { + let (stream, _) = listener.accept().unwrap(); + assert!(SslStream::accept(&listener_ctx, stream).is_err()); + }); + + let mut ctx = SslContext::new(Tls).unwrap(); + ctx.set_verify(SSL_VERIFY_PEER); + ctx.set_alpn_protocols(&[b"http/2"]); + ctx.set_CA_file(&Path::new("test/root-ca.pem")).unwrap(); + // Now connect to the socket and make sure the protocol negotiation works... + let stream = TcpStream::connect(localhost).unwrap(); + assert!(SslStream::connect(&ctx, stream).is_err()); +} #[cfg(test)] mod dtlsv1 { |