diff options
| author | Benjamin Kaduk <bkaduk@akamai.com> | 2018-07-25 14:48:30 -0500 |
|---|---|---|
| committer | Benjamin Kaduk <kaduk@mit.edu> | 2018-07-26 15:06:53 -0500 |
| commit | 45a2353056da3f357a924131578ad0a4a2e5fbb7 (patch) | |
| tree | 72f0aaad7ab7de32d7a53e06e70d7ba5e1b4e14b /test/ossl_shim/ossl_shim.cc | |
| parent | 9d91530d2d7da1447b7be8631b269599023430e7 (diff) | |
Fix ossl_shim SNI handling
To start with, actually set an SNI callback (copied from bssl_shim); we
weren't actually testing much otherwise (and just happened to have been
passing due to buggy libssl behavior prior to
commit 1c4aa31d79821dee9be98e915159d52cc30d8403).
Also use proper C++ code for handling C strings -- when a C API
(SSL_get_servername()) returns NULL instead of a string, special-case
that instead of blindly trying to compare NULL against a std::string,
and perform the comparsion using the std::string operators instead of
falling back to pointer comparison.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6792)
Diffstat (limited to 'test/ossl_shim/ossl_shim.cc')
| -rw-r--r-- | test/ossl_shim/ossl_shim.cc | 21 |
1 files changed, 20 insertions, 1 deletions
diff --git a/test/ossl_shim/ossl_shim.cc b/test/ossl_shim/ossl_shim.cc index b1067e8420..90d1f1ef40 100644 --- a/test/ossl_shim/ossl_shim.cc +++ b/test/ossl_shim/ossl_shim.cc @@ -459,6 +459,20 @@ static int CustomExtensionParseCallback(SSL *ssl, unsigned extension_value, return 1; } +static int ServerNameCallback(SSL *ssl, int *out_alert, void *arg) { + // SNI must be accessible from the SNI callback. + const TestConfig *config = GetTestConfig(ssl); + const char *server_name = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name); + if (server_name == nullptr || + std::string(server_name) != config->expected_server_name) { + fprintf(stderr, "servername mismatch (got %s; want %s)\n", server_name, + config->expected_server_name.c_str()); + return SSL_TLSEXT_ERR_ALERT_FATAL; + } + + return SSL_TLSEXT_ERR_OK; +} + // Connect returns a new socket connected to localhost on |port| or -1 on // error. static int Connect(uint16_t port) { @@ -645,6 +659,10 @@ static bssl::UniquePtr<SSL_CTX> SetupCtx(const TestConfig *config) { sizeof(sess_id_ctx) - 1)) return nullptr; + if (!config->expected_server_name.empty()) { + SSL_CTX_set_tlsext_servername_callback(ssl_ctx.get(), ServerNameCallback); + } + return ssl_ctx; } @@ -809,7 +827,8 @@ static bool CheckHandshakeProperties(SSL *ssl, bool is_resume) { if (!config->expected_server_name.empty()) { const char *server_name = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name); - if (server_name != config->expected_server_name) { + if (server_name == nullptr || + std::string(server_name) != config->expected_server_name) { fprintf(stderr, "servername mismatch (got %s; want %s)\n", server_name, config->expected_server_name.c_str()); return false; |