Support hostname verification

Closes #206
author: Steven Fackler <[email protected]> 2016-10-14 17:39:31 -0700
committer: Steven Fackler <[email protected]> 2016-10-14 17:39:31 -0700
commit: af51b263b17faaa3e7cb0ecc5c305b858faea64c (patch)
tree: f575e98381860f043f0835564b8de6b4ad342fdd /openssl/src/ssl/tests
parent: Merge pull request #468 from sfackler/no-link-name (diff)
download: rust-openssl-af51b263b17faaa3e7cb0ecc5c305b858faea64c.tar.xz
rust-openssl-af51b263b17faaa3e7cb0ecc5c305b858faea64c.zip
1 files changed, 44 insertions, 0 deletions
diff --git a/openssl/src/ssl/tests/mod.rs b/openssl/src/ssl/tests/mod.rs
index f86895e5..6dba713f 100644
--- a/openssl/src/ssl/tests/mod.rs
+++ b/openssl/src/ssl/tests/mod.rs
@@ -21,9 +21,13 @@ use ssl::SslMethod::Tls;
 use ssl::{SslMethod, HandshakeError};
 use ssl::error::Error;
 use ssl::{SslContext, SslStream};
+#[cfg(feature = "openssl-110")]
+use ssl::IntoSsl;
 use x509::X509StoreContext;
 use x509::X509FileType;
 use x509::X509;
+#[cfg(feature = "openssl-110")]
+use x509::verify::X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS;
 use crypto::pkey::PKey;
 
 use std::net::UdpSocket;
@@ -1042,3 +1046,43 @@ fn add_extra_chain_cert() {
     let mut ctx = SslContext::new(SslMethod::Tls).unwrap();
     ctx.add_extra_chain_cert(&cert).unwrap();
 }
+
+#[test]
+#[cfg_attr(windows, ignore)] // don't have a trusted CA list easily available :(
+#[cfg(feature = "openssl-110")]
+fn valid_hostname() {
+    let mut ctx = SslContext::new(SslMethod::Tls).unwrap();
+    ctx.set_default_verify_paths().unwrap();
+    ctx.set_verify(SSL_VERIFY_PEER);
+
+    let mut ssl = ctx.into_ssl().unwrap();
+    ssl.param().set_hostflags(X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
+    ssl.param().set_host("google.com").unwrap();
+
+    let s = TcpStream::connect("google.com:443").unwrap();
+    let mut socket = SslStream::connect(ssl, s).unwrap();
+
+    socket.write_all(b"GET / HTTP/1.0\r\n\r\n").unwrap();
+    let mut result = vec![];
+    socket.read_to_end(&mut result).unwrap();
+
+    println!("{}", String::from_utf8_lossy(&result));
+    assert!(result.starts_with(b"HTTP/1.0"));
+    assert!(result.ends_with(b"</HTML>\r\n") || result.ends_with(b"</html>"));
+}
+
+#[test]
+#[cfg_attr(windows, ignore)] // don't have a trusted CA list easily available :(
+#[cfg(feature = "openssl-110")]
+fn invalid_hostname() {
+    let mut ctx = SslContext::new(SslMethod::Tls).unwrap();
+    ctx.set_default_verify_paths().unwrap();
+    ctx.set_verify(SSL_VERIFY_PEER);
+
+    let mut ssl = ctx.into_ssl().unwrap();
+    ssl.param().set_hostflags(X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
+    ssl.param().set_host("foobar.com").unwrap();
+
+    let s = TcpStream::connect("google.com:443").unwrap();
+    assert!(SslStream::connect(ssl, s).is_err());
+}
author	Steven Fackler <[email protected]>	2016-10-14 17:39:31 -0700
committer	Steven Fackler <[email protected]>	2016-10-14 17:39:31 -0700
commit	af51b263b17faaa3e7cb0ecc5c305b858faea64c (patch)
tree	f575e98381860f043f0835564b8de6b4ad342fdd /openssl/src/ssl/tests
parent	Merge pull request #468 from sfackler/no-link-name (diff)
download	rust-openssl-af51b263b17faaa3e7cb0ecc5c305b858faea64c.tar.xz rust-openssl-af51b263b17faaa3e7cb0ecc5c305b858faea64c.zip