[openssl-commits] [openssl] master update
Emilia Kasper
emilia at openssl.org
Mon Aug 8 10:20:28 UTC 2016
The branch master has been updated
via 7b7cea6d712c35d52b4e2031c8a9410866e2aab6 (commit)
from 9f48bbacd8cac8d08dff146db438ab3e19908a7a (commit)
- Log -----------------------------------------------------------------
commit 7b7cea6d712c35d52b4e2031c8a9410866e2aab6
Author: Emilia Kasper <emilia at openssl.org>
Date: Fri Aug 5 17:17:00 2016 +0200
Fix ALPN tests when NPN is off
OPENSSL_NO_NEXTPROTONEG only disables NPN, not ALPN
Reviewed-by: Richard Levitte <levitte at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
test/handshake_helper.c | 13 +++++--------
test/recipes/80-test_ssl_new.t | 1 -
test/ssl_test.c | 4 ++--
3 files changed, 7 insertions(+), 11 deletions(-)
diff --git a/test/handshake_helper.c b/test/handshake_helper.c
index 0da8c54..be689dc 100644
--- a/test/handshake_helper.c
+++ b/test/handshake_helper.c
@@ -164,7 +164,6 @@ static int do_not_call_session_ticket_cb(SSL *s, unsigned char *key_name,
return 0;
}
-#ifndef OPENSSL_NO_NEXTPROTONEG
/* Parse the comma-separated list into TLS format. */
static void parse_protos(const char *protos, unsigned char **out, size_t *outlen)
{
@@ -200,6 +199,7 @@ static void parse_protos(const char *protos, unsigned char **out, size_t *outlen
(*out)[prefix] = len - prefix;
}
+#ifndef OPENSSL_NO_NEXTPROTONEG
/*
* The client SHOULD select the first protocol advertised by the server that it
* also supports. In the event that the client doesn't support any of server's
@@ -230,6 +230,7 @@ static int server_npn_cb(SSL *s, const unsigned char **data,
*len = ctx_data->npn_protocols_len;
return SSL_TLSEXT_ERR_OK;
}
+#endif
/*
* The server SHOULD select the most highly preferred protocol that it supports
@@ -261,7 +262,6 @@ static int server_alpn_cb(SSL *s, const unsigned char **out,
return ret == OPENSSL_NPN_NEGOTIATED ? SSL_TLSEXT_ERR_OK
: SSL_TLSEXT_ERR_NOACK;
}
-#endif
/*
* Configure callbacks and other properties that can't be set directly
@@ -339,6 +339,7 @@ static void configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *server2_ctx,
SSL_CTX_set_next_proto_select_cb(client_ctx, client_npn_cb,
client_ctx_data);
}
+#endif
if (extra->server.alpn_protocols != NULL) {
parse_protos(extra->server.alpn_protocols,
&server_ctx_data->alpn_protocols,
@@ -362,7 +363,7 @@ static void configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *server2_ctx,
alpn_protos_len) == 0);
OPENSSL_free(alpn_protos);
}
-#endif
+
/*
* Use fixed session ticket keys so that we can decrypt a ticket created with
* one CTX in another CTX. Don't address server2 for the moment.
@@ -499,7 +500,6 @@ static handshake_status_t handshake_status(peer_status_t last_status,
return INTERNAL_ERROR;
}
-#ifndef OPENSSL_NO_NEXTPROTONEG
/* Convert unsigned char buf's that shouldn't contain any NUL-bytes to char. */
static char *dup_str(const unsigned char *in, size_t len)
{
@@ -514,7 +514,6 @@ static char *dup_str(const unsigned char *in, size_t len)
OPENSSL_assert(ret != NULL);
return ret;
}
-#endif
static HANDSHAKE_RESULT *do_handshake_internal(
SSL_CTX *server_ctx, SSL_CTX *server2_ctx, SSL_CTX *client_ctx,
@@ -532,11 +531,9 @@ static HANDSHAKE_RESULT *do_handshake_internal(
unsigned char* tick = NULL;
size_t tick_len = 0;
SSL_SESSION* sess = NULL;
-#ifndef OPENSSL_NO_NEXTPROTONEG
const unsigned char *proto = NULL;
/* API dictates unsigned int rather than size_t. */
unsigned int proto_len = 0;
-#endif
memset(&server_ctx_data, 0, sizeof(server_ctx_data));
memset(&server2_ctx_data, 0, sizeof(server2_ctx_data));
@@ -657,13 +654,13 @@ static HANDSHAKE_RESULT *do_handshake_internal(
SSL_get0_next_proto_negotiated(server, &proto, &proto_len);
ret->server_npn_negotiated = dup_str(proto, proto_len);
+#endif
SSL_get0_alpn_selected(client, &proto, &proto_len);
ret->client_alpn_negotiated = dup_str(proto, proto_len);
SSL_get0_alpn_selected(server, &proto, &proto_len);
ret->server_alpn_negotiated = dup_str(proto, proto_len);
-#endif
ret->client_resumed = SSL_session_reused(client);
ret->server_resumed = SSL_session_reused(server);
diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t
index 17e22f0..877a087 100644
--- a/test/recipes/80-test_ssl_new.t
+++ b/test/recipes/80-test_ssl_new.t
@@ -53,7 +53,6 @@ my %conf_dependent_tests = (
my %skip = (
"07-dtls-protocol-version.conf" => $no_dtls,
"08-npn.conf" => $no_tls || $no_npn,
- "09-alpn.conf" => $no_tls || $no_npn,
"10-resumption.conf" => disabled("tls1_1") || disabled("tls1_2"),
"11-dtls_resumption.conf" => disabled("dtls1") || disabled("dtls1_2"),
);
diff --git a/test/ssl_test.c b/test/ssl_test.c
index e4951f4..fcf48bc 100644
--- a/test/ssl_test.c
+++ b/test/ssl_test.c
@@ -159,6 +159,7 @@ static int check_npn(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
result->client_npn_negotiated);
return ret;
}
+#endif
static int check_alpn(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
{
@@ -171,7 +172,6 @@ static int check_alpn(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
result->client_alpn_negotiated);
return ret;
}
-#endif
static int check_resumption(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
{
@@ -205,8 +205,8 @@ static int check_test(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
ret &= (result->session_ticket_do_not_call == 0);
#ifndef OPENSSL_NO_NEXTPROTONEG
ret &= check_npn(result, test_ctx);
- ret &= check_alpn(result, test_ctx);
#endif
+ ret &= check_alpn(result, test_ctx);
ret &= check_resumption(result, test_ctx);
}
return ret;
More information about the openssl-commits
mailing list