diff options
| author | Benjamin Cheng <[email protected]> | 2018-06-02 13:47:52 -0400 |
|---|---|---|
| committer | Benjamin Cheng <[email protected]> | 2018-06-02 13:47:52 -0400 |
| commit | 5d8a44612d8fb0c0f6b4e3046084d6b79a9f2065 (patch) | |
| tree | d6c2e810c34eb42c0bb0d13e5896f4593155a5a8 /openssl | |
| parent | Merge remote-tracking branch 'origin/master' (diff) | |
| download | rust-openssl-5d8a44612d8fb0c0f6b4e3046084d6b79a9f2065.tar.xz rust-openssl-5d8a44612d8fb0c0f6b4e3046084d6b79a9f2065.zip | |
add test for psk; deprecated set_psk_callback
Diffstat (limited to 'openssl')
| -rw-r--r-- | openssl/src/ssl/mod.rs | 12 | ||||
| -rw-r--r-- | openssl/src/ssl/test.rs | 35 |
2 files changed, 47 insertions, 0 deletions
diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index b69247db..dac23114 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -1240,6 +1240,18 @@ impl SslContextBuilder { } } + #[deprecated(since = "0.10.10", note = "renamed to `set_psk_client_callback`")] + #[cfg(not(osslconf = "OPENSSL_NO_PSK"))] + pub fn set_psk_callback<F>(&mut self, callback: F) + where + F: Fn(&mut SslRef, Option<&[u8]>, &mut [u8], &mut [u8]) -> Result<usize, ErrorStack> + + 'static + + Sync + + Send, + { + self.set_psk_client_callback(callback) + } + /// Sets the callback for providing an identity and pre-shared key for a TLS-PSK server. /// /// The callback will be called with the SSL context, an identity provided by the client, diff --git a/openssl/src/ssl/test.rs b/openssl/src/ssl/test.rs index f5ec7b29..e590f1a1 100644 --- a/openssl/src/ssl/test.rs +++ b/openssl/src/ssl/test.rs @@ -1536,3 +1536,38 @@ fn stateless() { send(client_stream.get_mut(), server_stream.get_mut()); hs(server_stream.handshake()).unwrap(); } + +#[cfg(not(osslconf = "OPENSSL_NO_PSK"))] +#[test] +fn psk_ciphers() { + const PSK: &[u8] = b"thisisaverysecurekey"; + const CLIENT_IDENT: &[u8] = b"thisisaclient"; + + let listener = TcpListener::bind("127.0.0.1:0").unwrap(); + let port = listener.local_addr().unwrap().port(); + + thread::spawn(move || { + let stream = listener.accept().unwrap().0; + let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); + ctx.set_cipher_list("ECDHE-PSK-CHACHA20-POLY1305").unwrap(); + ctx.set_psk_server_callback(move |_, identity, psk| { + assert!(identity.unwrap_or(&[]) == CLIENT_IDENT); + psk[..PSK.len()].copy_from_slice(&PSK); + Ok(PSK.len()) + }); + let ssl = Ssl::new(&ctx.build()).unwrap(); + ssl.accept(stream).unwrap(); + }); + + let stream = TcpStream::connect(("127.0.0.1", port)).unwrap(); + let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); + ctx.set_cipher_list("ECDHE-PSK-CHACHA20-POLY1305").unwrap(); + ctx.set_psk_client_callback(move |_, _, identity, psk| { + identity[..CLIENT_IDENT.len()].copy_from_slice(&CLIENT_IDENT); + identity[CLIENT_IDENT.len()] = 0; + psk[..PSK.len()].copy_from_slice(&PSK); + Ok(PSK.len()) + }); + let ssl = Ssl::new(&ctx.build()).unwrap(); + ssl.connect(stream).unwrap(); +} |