[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Tue Mar 14 23:16:49 UTC 2017
The branch master has been updated
via f81f279a735591a106be555f3386dccbe3f96488 (commit)
via 162e120711490cbd26f8608bf268a906c42e2027 (commit)
via e29d7cea332e58678640aaa84c6ddfaa0adce74f (commit)
from e0926ef49df09a85117d7442db83f321aeb5b982 (commit)
- Log -----------------------------------------------------------------
commit f81f279a735591a106be555f3386dccbe3f96488
Author: Matt Caswell <matt at openssl.org>
Date: Tue Mar 14 17:29:11 2017 +0000
Re-enable some BoringSSL tests
The previous 2 commits fixed some issues in the Boring tests. This
re-enables those tests.
[extended tests]
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2942)
commit 162e120711490cbd26f8608bf268a906c42e2027
Author: Matt Caswell <matt at openssl.org>
Date: Tue Mar 14 17:27:46 2017 +0000
SSL_get_peer_cert_chain() does not work after a resumption
After a resumption it is documented that SSL_get_peer_cert_chain() will
return NULL. In BoringSSL it still returns the chain. We don't support that
so we should update the shim to call SSL_get_peer_certificate() instead
when checking whether a peer certificate is available.
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2942)
commit e29d7cea332e58678640aaa84c6ddfaa0adce74f
Author: Matt Caswell <matt at openssl.org>
Date: Tue Mar 14 17:26:46 2017 +0000
Ensure we set the session id context in ossl_shim
OpenSSL requires that we set the session id context. BoringSSL apparently
does not require this, so wasn't setting it.
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2942)
-----------------------------------------------------------------------
Summary of changes:
test/ossl_shim/ossl_config.json | 36 ------------------------------------
test/ossl_shim/ossl_shim.cc | 7 ++++++-
2 files changed, 6 insertions(+), 37 deletions(-)
diff --git a/test/ossl_shim/ossl_config.json b/test/ossl_shim/ossl_config.json
index cdde095..50433ed 100644
--- a/test/ossl_shim/ossl_config.json
+++ b/test/ossl_shim/ossl_config.json
@@ -45,10 +45,6 @@
"BadECDSA-4-1":"Test failure - reason unknown",
"BadECDSA-4-4":"Test failure - reason unknown",
"BadECDSA-4-3":"Test failure - reason unknown",
- "NoClientCertificate-Server-SSL3":"Test failure - reason unknown",
- "NoClientCertificate-Server-TLS1":"Test failure - reason unknown",
- "NoClientCertificate-Server-TLS11":"Test failure - reason unknown",
- "NoClientCertificate-Server-TLS12":"Test failure - reason unknown",
"SillyDH":"Test failure - reason unknown",
"VersionNegotiationExtension-TLS1-DTLS":"Test failure - reason unknown",
"NoSupportedVersions-DTLS":"Test failure - reason unknown",
@@ -158,29 +154,15 @@
"PointFormat-Client-MissingUncompressed":"Test failure - reason unknown",
"PointFormat-Server-MissingUncompressed":"Test failure - reason unknown",
"Basic-Client-RenewTicket-Sync":"Test failure - reason unknown",
- "CertificateVerificationSucceed-Server-SSL3-Sync":"Test failure - reason unknown",
- "CertificateVerificationSucceed-Server-TLS1-Sync":"Test failure - reason unknown",
- "CertificateVerificationSucceed-Server-TLS11-Sync":"Test failure - reason unknown",
- "CertificateVerificationSucceed-Server-TLS12-Sync":"Test failure - reason unknown",
"Renegotiate-Client-Sync":"Test failure - reason unknown",
"Shutdown-Shim-Sync":"Test failure - reason unknown",
"Basic-Client-RenewTicket-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
- "CertificateVerificationSucceed-Server-SSL3-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
- "CertificateVerificationSucceed-Server-TLS1-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
- "CertificateVerificationSucceed-Server-TLS11-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
- "CertificateVerificationSucceed-Server-TLS12-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
"Renegotiate-Client-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
"Shutdown-Shim-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
"Basic-Client-RenewTicket-Sync-PackHandshakeFlight":"Test failure - reason unknown",
- "CertificateVerificationSucceed-Server-SSL3-Sync-PackHandshakeFlight":"Test failure - reason unknown",
- "CertificateVerificationSucceed-Server-TLS1-Sync-PackHandshakeFlight":"Test failure - reason unknown",
- "CertificateVerificationSucceed-Server-TLS11-Sync-PackHandshakeFlight":"Test failure - reason unknown",
- "CertificateVerificationSucceed-Server-TLS12-Sync-PackHandshakeFlight":"Test failure - reason unknown",
"Renegotiate-Client-Sync-PackHandshakeFlight":"Test failure - reason unknown",
"Shutdown-Shim-Sync-PackHandshakeFlight":"Test failure - reason unknown",
"Basic-Client-RenewTicket-DTLS-Sync":"Test failure - reason unknown",
- "CertificateVerificationSucceed-Server-TLS1-DTLS-Sync":"Test failure - reason unknown",
- "CertificateVerificationSucceed-Server-TLS12-DTLS-Sync":"Test failure - reason unknown",
"Basic-Client-RenewTicket-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
"Basic-Server-Implicit-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
"ClientAuth-NoCertificate-Server-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
@@ -188,29 +170,13 @@
"Basic-Server-RSA-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
"Basic-Server-ECDHE-RSA-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
"Basic-Server-ECDHE-ECDSA-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
- "CertificateVerificationSucceed-Server-TLS1-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
- "CertificateVerificationSucceed-Server-TLS12-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
"Basic-Client-RenewTicket-Async":"Test failure - reason unknown",
- "CertificateVerificationSucceed-Server-SSL3-Async":"Test failure - reason unknown",
- "CertificateVerificationSucceed-Server-TLS1-Async":"Test failure - reason unknown",
- "CertificateVerificationSucceed-Server-TLS11-Async":"Test failure - reason unknown",
- "CertificateVerificationSucceed-Server-TLS12-Async":"Test failure - reason unknown",
"Shutdown-Shim-Async":"Test failure - reason unknown",
"Basic-Client-RenewTicket-Async-SplitHandshakeRecords":"Test failure - reason unknown",
- "CertificateVerificationSucceed-Server-SSL3-Async-SplitHandshakeRecords":"Test failure - reason unknown",
- "CertificateVerificationSucceed-Server-TLS1-Async-SplitHandshakeRecords":"Test failure - reason unknown",
- "CertificateVerificationSucceed-Server-TLS11-Async-SplitHandshakeRecords":"Test failure - reason unknown",
- "CertificateVerificationSucceed-Server-TLS12-Async-SplitHandshakeRecords":"Test failure - reason unknown",
"Shutdown-Shim-Async-SplitHandshakeRecords":"Test failure - reason unknown",
"Basic-Client-RenewTicket-Async-PackHandshakeFlight":"Test failure - reason unknown",
- "CertificateVerificationSucceed-Server-SSL3-Async-PackHandshakeFlight":"Test failure - reason unknown",
- "CertificateVerificationSucceed-Server-TLS1-Async-PackHandshakeFlight":"Test failure - reason unknown",
- "CertificateVerificationSucceed-Server-TLS11-Async-PackHandshakeFlight":"Test failure - reason unknown",
- "CertificateVerificationSucceed-Server-TLS12-Async-PackHandshakeFlight":"Test failure - reason unknown",
"Shutdown-Shim-Async-PackHandshakeFlight":"Test failure - reason unknown",
"Basic-Client-RenewTicket-DTLS-Async":"Test failure - reason unknown",
- "CertificateVerificationSucceed-Server-TLS1-DTLS-Async":"Test failure - reason unknown",
- "CertificateVerificationSucceed-Server-TLS12-DTLS-Async":"Test failure - reason unknown",
"Basic-Client-RenewTicket-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown",
"Basic-Server-Implicit-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown",
"ClientAuth-NoCertificate-Server-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown",
@@ -218,8 +184,6 @@
"Basic-Server-RSA-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown",
"Basic-Server-ECDHE-RSA-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown",
"Basic-Server-ECDHE-ECDSA-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown",
- "CertificateVerificationSucceed-Server-TLS1-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown",
- "CertificateVerificationSucceed-Server-TLS12-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown",
"SendUnencryptedFinished-DTLS":"Test failure - reason unknown",
"PartialEncryptedExtensionsWithServerHello":"Test failure - reason unknown",
"StrayChangeCipherSpec":"Test failure - reason unknown",
diff --git a/test/ossl_shim/ossl_shim.cc b/test/ossl_shim/ossl_shim.cc
index 79edadd..9607e52 100644
--- a/test/ossl_shim/ossl_shim.cc
+++ b/test/ossl_shim/ossl_shim.cc
@@ -518,6 +518,7 @@ class SocketCloser {
};
static bssl::UniquePtr<SSL_CTX> SetupCtx(const TestConfig *config) {
+ const char sess_id_ctx[] = "ossl_shim";
bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(
config->is_dtls ? DTLS_method() : TLS_method()));
if (!ssl_ctx) {
@@ -633,6 +634,10 @@ static bssl::UniquePtr<SSL_CTX> SetupCtx(const TestConfig *config) {
SSL_CTX_set_client_CA_list(ssl_ctx.get(), nullptr);
}
+ SSL_CTX_set_session_id_context(ssl_ctx.get(),
+ (const unsigned char *)sess_id_ctx,
+ sizeof(sess_id_ctx) - 1);
+
return ssl_ctx;
}
@@ -852,7 +857,7 @@ static bool CheckHandshakeProperties(SSL *ssl, bool is_resume) {
return false;
}
} else if (!config->is_server || config->require_any_client_certificate) {
- if (SSL_get_peer_cert_chain(ssl) == nullptr) {
+ if (SSL_get_peer_certificate(ssl) == nullptr) {
fprintf(stderr, "Received no peer certificate but expected one.\n");
return false;
}
More information about the openssl-commits
mailing list