commit d4672273233d539889f85cad1676395e46e48ef7 Merge: accb726 9d019a7 Author: Nick Mathewson nickm@torproject.org Date: Fri Nov 13 09:58:16 2015 -0500
Merge remote-tracking branch 'public/ticket11150_client_only'
changes/11150 | 6 ++ src/common/tortls.c | 213 +---------------------------------------------- src/common/tortls.h | 3 - src/or/connection_or.c | 70 ++++------------ src/test/test_tortls.c | 216 ------------------------------------------------ 5 files changed, 28 insertions(+), 480 deletions(-)
diff --cc src/test/test_tortls.c index dceecf4,5f20269..b1d91a6 --- a/src/test/test_tortls.c +++ b/src/test/test_tortls.c @@@ -2309,66 -2104,64 +2168,8 @@@ test_tortls_write(void *ignored teardown_capture_of_logs(previous_log); tor_free(tls->ssl); tor_free(tls); -} - -static int fixed_ssl_renegotiate_result; - -static int -fixed_ssl_renegotiate(SSL *s) -{ - (void) s; - return fixed_ssl_renegotiate_result; -} - -static void -test_tortls_renegotiate(void *ignored) -{ - (void)ignored; - int ret; - tor_tls_t *tls; - SSL_CTX *ctx; - SSL_METHOD *method = give_me_a_test_method(); - int previous_log = setup_capture_of_logs(LOG_WARN); - - SSL_library_init(); - SSL_load_error_strings(); - - ctx = SSL_CTX_new(TLSv1_method()); - - tls = tor_malloc_zero(sizeof(tor_tls_t)); - tls->ssl = SSL_new(ctx); - tls->state = TOR_TLS_ST_OPEN; - - ret = tor_tls_renegotiate(tls); - tt_int_op(ret, OP_EQ, -9); - - tls->ssl->method = method; - method->ssl_renegotiate = fixed_ssl_renegotiate; - fixed_ssl_renegotiate_result = 0; - ERR_clear_error(); - ret = tor_tls_renegotiate(tls); - tt_int_op(ret, OP_EQ, -9); - - ERR_clear_error(); - tls->ssl->handshake_func = dummy_handshake_func; - tls->state = TOR_TLS_ST_RENEGOTIATE; - ret = tor_tls_renegotiate(tls); - tt_int_op(ret, OP_EQ, TOR_TLS_DONE); - - ERR_clear_error(); - tls->state = TOR_TLS_ST_OPEN; - fixed_ssl_renegotiate_result = -1; - ret = tor_tls_renegotiate(tls); - tt_int_op(ret, OP_EQ, -9); - - done: - teardown_capture_of_logs(previous_log); - SSL_free(tls->ssl); - SSL_CTX_free(ctx); - tor_free(tls); + tor_free(method); } - - static int fixed_ssl_renegotiate_result; - - static int - fixed_ssl_renegotiate(SSL *s) - { - (void) s; - return fixed_ssl_renegotiate_result; - } - - static void - test_tortls_renegotiate(void *ignored) - { - (void)ignored; - int ret; - tor_tls_t *tls; - SSL_CTX *ctx; - SSL_METHOD *method = give_me_a_test_method(); - int previous_log = setup_capture_of_logs(LOG_WARN); - - SSL_library_init(); - SSL_load_error_strings(); - - ctx = SSL_CTX_new(TLSv1_method()); - - tls = tor_malloc_zero(sizeof(tor_tls_t)); - tls->ssl = SSL_new(ctx); - tls->state = TOR_TLS_ST_OPEN; - - ret = tor_tls_renegotiate(tls); - tt_int_op(ret, OP_EQ, -9); - - tls->ssl->method = method; - method->ssl_renegotiate = fixed_ssl_renegotiate; - fixed_ssl_renegotiate_result = 0; - ERR_clear_error(); - ret = tor_tls_renegotiate(tls); - tt_int_op(ret, OP_EQ, -9); - - ERR_clear_error(); - tls->ssl->handshake_func = dummy_handshake_func; - tls->state = TOR_TLS_ST_RENEGOTIATE; - ret = tor_tls_renegotiate(tls); - tt_int_op(ret, OP_EQ, TOR_TLS_DONE); - - ERR_clear_error(); - tls->state = TOR_TLS_ST_OPEN; - fixed_ssl_renegotiate_result = -1; - ret = tor_tls_renegotiate(tls); - tt_int_op(ret, OP_EQ, -9); - - done: - teardown_capture_of_logs(previous_log); - SSL_free(tls->ssl); - SSL_CTX_free(ctx); - tor_free(tls); - tor_free(method); - } #endif
#ifndef OPENSSL_OPAQUE @@@ -2496,8 -2288,7 +2297,7 @@@ test_tortls_finish_handshake(void *igno SSL_load_error_strings();
X509 *c1 = read_cert_from(validCertString); -- X509 *c2 = read_cert_from(caCertString); + SESS_CERT_local *sess = NULL;
ctx = SSL_CTX_new(method);
@@@ -2537,33 -2328,25 +2337,20 @@@ tt_int_op(ret, OP_EQ, 0); tt_int_op(tls->wasV2Handshake, OP_EQ, 1);
-- tls->ssl->session->peer = c2; -- tls->wasV2Handshake = 1; -- ret = tor_tls_finish_handshake(tls); -- tt_int_op(ret, OP_EQ, 0); -- tt_int_op(tls->wasV2Handshake, OP_EQ, 0); -- -- sk_X509_push(sess->cert_chain, c2); -- tls->wasV2Handshake = 1; -- ret = tor_tls_finish_handshake(tls); -- tt_int_op(ret, OP_EQ, 0); -- tt_int_op(tls->wasV2Handshake, OP_EQ, 0); -- method->num_ciphers = fake_num_ciphers; ret = tor_tls_finish_handshake(tls); tt_int_op(ret, OP_EQ, -9);
done: - SSL_CTX_free(ctx); + if (sess) + sk_X509_free(sess->cert_chain); + if (tls->ssl && tls->ssl->session) { + tor_free(tls->ssl->session->sess_cert); + } + SSL_free(tls->ssl); tor_free(tls); + SSL_CTX_free(ctx); + tor_free(method); - X509_free(c1); } #endif
@@@ -3037,7 -2786,7 +2822,6 @@@ struct testcase_t tortls_tests[] = INTRUSIVE_TEST_CASE(get_peer_cert, 0), INTRUSIVE_TEST_CASE(peer_has_cert, 0), INTRUSIVE_TEST_CASE(shutdown, 0), -- INTRUSIVE_TEST_CASE(renegotiate, 0), INTRUSIVE_TEST_CASE(finish_handshake, 0), INTRUSIVE_TEST_CASE(handshake, 0), INTRUSIVE_TEST_CASE(write, 0),