aboutsummaryrefslogtreecommitdiff
path: root/openssl/src/ssl/tests/mod.rs
diff options
context:
space:
mode:
Diffstat (limited to 'openssl/src/ssl/tests/mod.rs')
-rw-r--r--openssl/src/ssl/tests/mod.rs48
1 files changed, 33 insertions, 15 deletions
diff --git a/openssl/src/ssl/tests/mod.rs b/openssl/src/ssl/tests/mod.rs
index 1cc36c7f..b5d5a829 100644
--- a/openssl/src/ssl/tests/mod.rs
+++ b/openssl/src/ssl/tests/mod.rs
@@ -22,7 +22,7 @@ use ssl::{SslMethod, HandshakeError, SslContext, SslStream, Ssl, ShutdownResult,
SslConnectorBuilder, SslAcceptorBuilder, Error, SSL_VERIFY_PEER, SSL_VERIFY_NONE,
STATUS_TYPE_OCSP};
use x509::{X509StoreContext, X509, X509Name, X509_FILETYPE_PEM};
-#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
+#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))]
use x509::verify::X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS;
use pkey::PKey;
@@ -138,14 +138,14 @@ macro_rules! run_test(
use ssl::SSL_VERIFY_PEER;
use hash::MessageDigest;
use x509::X509StoreContext;
- #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
+ #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))]
use x509::X509;
- #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
+ #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))]
use x509::store::X509StoreBuilder;
use hex::FromHex;
use foreign_types::ForeignTypeRef;
use super::Server;
- #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
+ #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))]
use super::ROOT_CERT;
#[test]
@@ -186,7 +186,7 @@ run_test!(verify_trusted, |method, stream| {
}
});
-#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
+#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))]
run_test!(verify_trusted_with_set_cert, |method, stream| {
let x509 = X509::from_pem(ROOT_CERT).unwrap();
let mut store = X509StoreBuilder::new().unwrap();
@@ -481,7 +481,7 @@ fn test_state() {
/// Tests that connecting with the client using ALPN, but the server not does not
/// break the existing connection behavior.
#[test]
-#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
+#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))]
fn test_connect_with_unilateral_alpn() {
let (_s, stream) = Server::new();
let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
@@ -525,7 +525,7 @@ fn test_connect_with_unilateral_npn() {
/// Tests that when both the client as well as the server use ALPN and their
/// lists of supported protocols have an overlap, the correct protocol is chosen.
#[test]
-#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
+#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))]
fn test_connect_with_alpn_successful_multiple_matching() {
let (_s, stream) = Server::new_alpn();
let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
@@ -546,8 +546,10 @@ fn test_connect_with_alpn_successful_multiple_matching() {
/// Tests that when both the client as well as the server use NPN and their
/// lists of supported protocols have an overlap, the correct protocol is chosen.
+// Ignore: NPN is removed on master.
#[test]
-#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
+#[ignore]
+#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))]
fn test_connect_with_npn_successful_multiple_matching() {
let (_s, stream) = Server::new_alpn();
let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
@@ -570,7 +572,7 @@ fn test_connect_with_npn_successful_multiple_matching() {
/// lists of supported protocols have an overlap -- with only ONE protocol
/// being valid for both.
#[test]
-#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
+#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))]
fn test_connect_with_alpn_successful_single_match() {
let (_s, stream) = Server::new_alpn();
let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
@@ -593,8 +595,10 @@ fn test_connect_with_alpn_successful_single_match() {
/// Tests that when both the client as well as the server use NPN and their
/// lists of supported protocols have an overlap -- with only ONE protocol
/// being valid for both.
+// Ignore: NPN is removed on master.
#[test]
-#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
+#[ignore]
+#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))]
fn test_connect_with_npn_successful_single_match() {
let (_s, stream) = Server::new_alpn();
let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
@@ -615,7 +619,9 @@ fn test_connect_with_npn_successful_single_match() {
/// Tests that when the `SslStream` is created as a server stream, the protocols
/// are correctly advertised to the client.
+// Ignore: NPN is removed on master.
#[test]
+#[ignore]
#[cfg(not(any(libressl261, libressl262, libressl26x)))]
fn test_npn_server_advertise_multiple() {
let listener = TcpListener::bind("127.0.0.1:0").unwrap();
@@ -659,7 +665,7 @@ fn test_npn_server_advertise_multiple() {
/// Tests that when the `SslStream` is created as a server stream, the protocols
/// are correctly advertised to the client.
#[test]
-#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
+#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))]
fn test_alpn_server_advertise_multiple() {
let listener = TcpListener::bind("127.0.0.1:0").unwrap();
let localhost = listener.local_addr().unwrap();
@@ -702,7 +708,7 @@ fn test_alpn_server_advertise_multiple() {
/// Test that Servers supporting ALPN don't report a protocol when none of their protocols match
/// the client's reported protocol.
#[test]
-#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
+#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))]
fn test_alpn_server_select_none() {
let listener = TcpListener::bind("127.0.0.1:0").unwrap();
let localhost = listener.local_addr().unwrap();
@@ -804,7 +810,9 @@ fn test_write_nonblocking() {
stream.write(" there".as_bytes()).unwrap();
}
+// Ignore: the test is removed in master.
#[test]
+#[ignore]
#[cfg_attr(any(libressl, windows, target_arch = "arm"), ignore)] // FIXME(#467)
fn test_read_nonblocking() {
let (_s, stream) = Server::new();
@@ -967,7 +975,9 @@ fn default_verify_paths() {
ctx.set_default_verify_paths().unwrap();
ctx.set_verify(SSL_VERIFY_PEER);
let s = TcpStream::connect("google.com:443").unwrap();
- let mut socket = Ssl::new(&ctx.build()).unwrap().connect(s).unwrap();
+ let mut ssl = Ssl::new(&ctx.build()).unwrap();
+ ssl.set_hostname("google.com").unwrap();
+ let mut socket = ssl.connect(s).unwrap();
socket.write_all(b"GET / HTTP/1.0\r\n\r\n").unwrap();
let mut result = vec![];
@@ -987,7 +997,7 @@ fn add_extra_chain_cert() {
}
#[test]
-#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
+#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))]
fn verify_valid_hostname() {
let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
ctx.set_default_verify_paths().unwrap();
@@ -998,6 +1008,7 @@ fn verify_valid_hostname() {
X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS,
);
ssl.param_mut().set_host("google.com").unwrap();
+ ssl.set_hostname("google.com").unwrap();
let s = TcpStream::connect("google.com:443").unwrap();
let mut socket = ssl.connect(s).unwrap();
@@ -1012,7 +1023,7 @@ fn verify_valid_hostname() {
}
#[test]
-#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
+#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))]
fn verify_invalid_hostname() {
let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
ctx.set_default_verify_paths().unwrap();
@@ -1052,7 +1063,10 @@ fn connector_invalid_hostname() {
assert!(connector.connect("foobar.com", s).is_err());
}
+// Ignored: Google's load balancer architecture changed. Connection without SNI will fail with
+// self signed certs.
#[test]
+#[ignore]
fn connector_invalid_no_hostname_verification() {
let connector = SslConnectorBuilder::new(SslMethod::tls()).unwrap().build();
@@ -1231,6 +1245,8 @@ fn tmp_dh_callback() {
let stream = TcpStream::connect(("127.0.0.1", port)).unwrap();
let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
+ #[cfg(ossl111)]
+ ctx.set_options(super::SSL_OP_NO_TLSV1_3);
ctx.set_cipher_list("EDH").unwrap();
let ssl = Ssl::new(&ctx.build()).unwrap();
ssl.connect(stream).unwrap();
@@ -1298,6 +1314,8 @@ fn tmp_dh_callback_ssl() {
let stream = TcpStream::connect(("127.0.0.1", port)).unwrap();
let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
+ #[cfg(ossl111)]
+ ctx.set_options(super::SSL_OP_NO_TLSV1_3);
ctx.set_cipher_list("EDH").unwrap();
let ssl = Ssl::new(&ctx.build()).unwrap();
ssl.connect(stream).unwrap();
generated by cgit v1.2.3 (git 2.25.1) at 2026-03-11 07:23:51 +0000