kris
/
boringssl
1
0
Fork 0
Koodi Ongelmat 0 Pull-pyynnöt 0 Julkaisut 0 Wiki Toiminta
Selaa lähdekoodia

Test NULL client CA lists. 

The preceding client CA bug is actually almost unreachable since the
list is initialized to a non-NULL empty list. But if one tries hard
enough, a NULL one is possible.

Change-Id: I49e69511bf65b0178c4e0acdb887f8ba7d85faff
Reviewed-on: https://boringssl-review.googlesource.com/8769
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
kris/onging/CECPQ3_patch15
David Benjamin 8 vuotta sitten
committed by CQ bot account: commit-bot@chromium.org
vanhempi
111533049d
commit
2f8935de0f
4 muutettua tiedostoa jossa 21 lisäystä ja 0 poistoa
Jaettu näkymä
Diff Options
Show Stats Download Patch File Download Diff File
  1. +4
    -0
      ssl/test/bssl_shim.cc
  2. +15
    -0
      ssl/test/runner/runner.go
  3. +1
    -0
      ssl/test/test_config.cc
  4. +1
    -0
      ssl/test/test_config.h

+ 4
- 0
ssl/test/bssl_shim.cc Näytä tiedosto

@@ -873,6 +873,10 @@ static ScopedSSL_CTX SetupCtx(const TestConfig *config) {
return nullptr;
}

if (config->use_null_client_ca_list) {
SSL_CTX_set_client_CA_list(ssl_ctx.get(), nullptr);
}

return ssl_ctx;
}



+ 15
- 0
ssl/test/runner/runner.go Näytä tiedosto

@@ -2681,6 +2681,21 @@ func addClientAuthTests() {
shouldFail: true,
expectedError: ":UNEXPECTED_MESSAGE:",
})

// Regression test for a bug where the client CA list, if explicitly
// set to NULL, was mis-encoded.
testCases = append(testCases, testCase{
testType: serverTest,
name: "Null-Client-CA-List",
config: Config{
MaxVersion: VersionTLS12,
Certificates: []Certificate{rsaCertificate},
},
flags: []string{
"-require-any-client-certificate",
"-use-null-client-ca-list",
},
})
}

func addExtendedMasterSecretTests() {


+ 1
- 0
ssl/test/test_config.cc Näytä tiedosto

@@ -102,6 +102,7 @@ const Flag<bool> kBoolFlags[] = {
{ "-use-sparse-dh-prime", &TestConfig::use_sparse_dh_prime },
{ "-use-old-client-cert-callback",
&TestConfig::use_old_client_cert_callback },
{ "-use-null-client-ca-list", &TestConfig::use_null_client_ca_list },
};

const Flag<std::string> kStringFlags[] = {


+ 1
- 0
ssl/test/test_config.h Näytä tiedosto

@@ -107,6 +107,7 @@ struct TestConfig {
int expect_dhe_group_size = 0;
bool use_old_client_cert_callback = false;
int initial_timeout_duration_ms = 0;
bool use_null_client_ca_list = false;
};

bool ParseConfig(int argc, char **argv, TestConfig *out_config);


Kirjoita Esikatselu
Ladataan…
Peruuta
Tallenna