diff options
| author | Steven Fackler <[email protected]> | 2016-11-12 16:45:18 +0000 |
|---|---|---|
| committer | Steven Fackler <[email protected]> | 2016-11-12 16:45:18 +0000 |
| commit | 6b3599d319977ac3c60677638d29783a9e9f4f60 (patch) | |
| tree | 4af1ba1fc8eb01a018dc72c00a852aa6485f0bdf /openssl/src/ssl/tests | |
| parent | Simplify test logic a bit (diff) | |
| download | rust-openssl-6b3599d319977ac3c60677638d29783a9e9f4f60.tar.xz rust-openssl-6b3599d319977ac3c60677638d29783a9e9f4f60.zip | |
Add a connect method that does not perform hostname verification
The method name is intentionally painful to type to discourage its use
Diffstat (limited to 'openssl/src/ssl/tests')
| -rw-r--r-- | openssl/src/ssl/tests/mod.rs | 36 |
1 files changed, 32 insertions, 4 deletions
diff --git a/openssl/src/ssl/tests/mod.rs b/openssl/src/ssl/tests/mod.rs index 3cc3a28c..855903c9 100644 --- a/openssl/src/ssl/tests/mod.rs +++ b/openssl/src/ssl/tests/mod.rs @@ -17,10 +17,8 @@ use tempdir::TempDir; use dh::Dh; use hash::MessageDigest; use ssl; -use ssl::SSL_VERIFY_PEER; -use ssl::{SslMethod, HandshakeError}; -use ssl::{SslContext, SslStream, Ssl, ShutdownResult, SslConnectorBuilder, SslAcceptorBuilder, - Error}; +use ssl::{SslMethod, HandshakeError, SslContext, SslStream, Ssl, ShutdownResult, + SslConnectorBuilder, SslAcceptorBuilder, Error, SSL_VERIFY_PEER, SSL_VERIFY_NONE}; use x509::{X509StoreContext, X509, X509Name, X509_FILETYPE_PEM}; #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] use x509::verify::X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS; @@ -1091,6 +1089,36 @@ fn connector_invalid_hostname() { } #[test] +fn connector_invalid_no_hostname_verification() { + let connector = SslConnectorBuilder::new(SslMethod::tls()).unwrap().build(); + + let s = TcpStream::connect("google.com:443").unwrap(); + connector.connect_without_providing_domain_for_certificate_verification_and_server_name_indication(s) + .unwrap(); +} + +#[test] +fn connector_no_hostname_still_verifies() { + let (_s, tcp) = Server::new(); + + let connector = SslConnectorBuilder::new(SslMethod::tls()).unwrap().build(); + + assert!(connector.connect_without_providing_domain_for_certificate_verification_and_server_name_indication(tcp) + .is_err()); +} + +#[test] +fn connector_no_hostname_can_disable_verify() { + let (_s, tcp) = Server::new(); + + let mut connector = SslConnectorBuilder::new(SslMethod::tls()).unwrap(); + connector.builder_mut().set_verify(SSL_VERIFY_NONE); + let connector = connector.build(); + + connector.connect_without_providing_domain_for_certificate_verification_and_server_name_indication(tcp).unwrap(); +} + +#[test] fn connector_client_server_mozilla_intermediate() { let listener = TcpListener::bind("127.0.0.1:0").unwrap(); let port = listener.local_addr().unwrap().port(); |