The branch master has been updated via f81f279a735591a106be555f3386dccbe3f96488 (commit) via 162e120711490cbd26f8608bf268a906c42e2027 (commit) via e29d7cea332e58678640aaa84c6ddfaa0adce74f (commit) from e0926ef49df09a85117d7442db83f321aeb5b982 (commit)
- Log ----------------------------------------------------------------- commit f81f279a735591a106be555f3386dccbe3f96488 Author: Matt Caswell <m...@openssl.org> Date: Tue Mar 14 17:29:11 2017 +0000 Re-enable some BoringSSL tests The previous 2 commits fixed some issues in the Boring tests. This re-enables those tests. [extended tests] Reviewed-by: Rich Salz <rs...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2942) commit 162e120711490cbd26f8608bf268a906c42e2027 Author: Matt Caswell <m...@openssl.org> Date: Tue Mar 14 17:27:46 2017 +0000 SSL_get_peer_cert_chain() does not work after a resumption After a resumption it is documented that SSL_get_peer_cert_chain() will return NULL. In BoringSSL it still returns the chain. We don't support that so we should update the shim to call SSL_get_peer_certificate() instead when checking whether a peer certificate is available. Reviewed-by: Rich Salz <rs...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2942) commit e29d7cea332e58678640aaa84c6ddfaa0adce74f Author: Matt Caswell <m...@openssl.org> Date: Tue Mar 14 17:26:46 2017 +0000 Ensure we set the session id context in ossl_shim OpenSSL requires that we set the session id context. BoringSSL apparently does not require this, so wasn't setting it. Reviewed-by: Rich Salz <rs...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2942) ----------------------------------------------------------------------- Summary of changes: test/ossl_shim/ossl_config.json | 36 ------------------------------------ test/ossl_shim/ossl_shim.cc | 7 ++++++- 2 files changed, 6 insertions(+), 37 deletions(-) diff --git a/test/ossl_shim/ossl_config.json b/test/ossl_shim/ossl_config.json index cdde095..50433ed 100644 --- a/test/ossl_shim/ossl_config.json +++ b/test/ossl_shim/ossl_config.json @@ -45,10 +45,6 @@ "BadECDSA-4-1":"Test failure - reason unknown", "BadECDSA-4-4":"Test failure - reason unknown", "BadECDSA-4-3":"Test failure - reason unknown", - "NoClientCertificate-Server-SSL3":"Test failure - reason unknown", - "NoClientCertificate-Server-TLS1":"Test failure - reason unknown", - "NoClientCertificate-Server-TLS11":"Test failure - reason unknown", - "NoClientCertificate-Server-TLS12":"Test failure - reason unknown", "SillyDH":"Test failure - reason unknown", "VersionNegotiationExtension-TLS1-DTLS":"Test failure - reason unknown", "NoSupportedVersions-DTLS":"Test failure - reason unknown", @@ -158,29 +154,15 @@ "PointFormat-Client-MissingUncompressed":"Test failure - reason unknown", "PointFormat-Server-MissingUncompressed":"Test failure - reason unknown", "Basic-Client-RenewTicket-Sync":"Test failure - reason unknown", - "CertificateVerificationSucceed-Server-SSL3-Sync":"Test failure - reason unknown", - "CertificateVerificationSucceed-Server-TLS1-Sync":"Test failure - reason unknown", - "CertificateVerificationSucceed-Server-TLS11-Sync":"Test failure - reason unknown", - "CertificateVerificationSucceed-Server-TLS12-Sync":"Test failure - reason unknown", "Renegotiate-Client-Sync":"Test failure - reason unknown", "Shutdown-Shim-Sync":"Test failure - reason unknown", "Basic-Client-RenewTicket-Sync-SplitHandshakeRecords":"Test failure - reason unknown", - "CertificateVerificationSucceed-Server-SSL3-Sync-SplitHandshakeRecords":"Test failure - reason unknown", - "CertificateVerificationSucceed-Server-TLS1-Sync-SplitHandshakeRecords":"Test failure - reason unknown", - "CertificateVerificationSucceed-Server-TLS11-Sync-SplitHandshakeRecords":"Test failure - reason unknown", - "CertificateVerificationSucceed-Server-TLS12-Sync-SplitHandshakeRecords":"Test failure - reason unknown", "Renegotiate-Client-Sync-SplitHandshakeRecords":"Test failure - reason unknown", "Shutdown-Shim-Sync-SplitHandshakeRecords":"Test failure - reason unknown", "Basic-Client-RenewTicket-Sync-PackHandshakeFlight":"Test failure - reason unknown", - "CertificateVerificationSucceed-Server-SSL3-Sync-PackHandshakeFlight":"Test failure - reason unknown", - "CertificateVerificationSucceed-Server-TLS1-Sync-PackHandshakeFlight":"Test failure - reason unknown", - "CertificateVerificationSucceed-Server-TLS11-Sync-PackHandshakeFlight":"Test failure - reason unknown", - "CertificateVerificationSucceed-Server-TLS12-Sync-PackHandshakeFlight":"Test failure - reason unknown", "Renegotiate-Client-Sync-PackHandshakeFlight":"Test failure - reason unknown", "Shutdown-Shim-Sync-PackHandshakeFlight":"Test failure - reason unknown", "Basic-Client-RenewTicket-DTLS-Sync":"Test failure - reason unknown", - "CertificateVerificationSucceed-Server-TLS1-DTLS-Sync":"Test failure - reason unknown", - "CertificateVerificationSucceed-Server-TLS12-DTLS-Sync":"Test failure - reason unknown", "Basic-Client-RenewTicket-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown", "Basic-Server-Implicit-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown", "ClientAuth-NoCertificate-Server-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown", @@ -188,29 +170,13 @@ "Basic-Server-RSA-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown", "Basic-Server-ECDHE-RSA-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown", "Basic-Server-ECDHE-ECDSA-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown", - "CertificateVerificationSucceed-Server-TLS1-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown", - "CertificateVerificationSucceed-Server-TLS12-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown", "Basic-Client-RenewTicket-Async":"Test failure - reason unknown", - "CertificateVerificationSucceed-Server-SSL3-Async":"Test failure - reason unknown", - "CertificateVerificationSucceed-Server-TLS1-Async":"Test failure - reason unknown", - "CertificateVerificationSucceed-Server-TLS11-Async":"Test failure - reason unknown", - "CertificateVerificationSucceed-Server-TLS12-Async":"Test failure - reason unknown", "Shutdown-Shim-Async":"Test failure - reason unknown", "Basic-Client-RenewTicket-Async-SplitHandshakeRecords":"Test failure - reason unknown", - "CertificateVerificationSucceed-Server-SSL3-Async-SplitHandshakeRecords":"Test failure - reason unknown", - "CertificateVerificationSucceed-Server-TLS1-Async-SplitHandshakeRecords":"Test failure - reason unknown", - "CertificateVerificationSucceed-Server-TLS11-Async-SplitHandshakeRecords":"Test failure - reason unknown", - "CertificateVerificationSucceed-Server-TLS12-Async-SplitHandshakeRecords":"Test failure - reason unknown", "Shutdown-Shim-Async-SplitHandshakeRecords":"Test failure - reason unknown", "Basic-Client-RenewTicket-Async-PackHandshakeFlight":"Test failure - reason unknown", - "CertificateVerificationSucceed-Server-SSL3-Async-PackHandshakeFlight":"Test failure - reason unknown", - "CertificateVerificationSucceed-Server-TLS1-Async-PackHandshakeFlight":"Test failure - reason unknown", - "CertificateVerificationSucceed-Server-TLS11-Async-PackHandshakeFlight":"Test failure - reason unknown", - "CertificateVerificationSucceed-Server-TLS12-Async-PackHandshakeFlight":"Test failure - reason unknown", "Shutdown-Shim-Async-PackHandshakeFlight":"Test failure - reason unknown", "Basic-Client-RenewTicket-DTLS-Async":"Test failure - reason unknown", - "CertificateVerificationSucceed-Server-TLS1-DTLS-Async":"Test failure - reason unknown", - "CertificateVerificationSucceed-Server-TLS12-DTLS-Async":"Test failure - reason unknown", "Basic-Client-RenewTicket-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown", "Basic-Server-Implicit-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown", "ClientAuth-NoCertificate-Server-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown", @@ -218,8 +184,6 @@ "Basic-Server-RSA-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown", "Basic-Server-ECDHE-RSA-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown", "Basic-Server-ECDHE-ECDSA-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown", - "CertificateVerificationSucceed-Server-TLS1-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown", - "CertificateVerificationSucceed-Server-TLS12-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown", "SendUnencryptedFinished-DTLS":"Test failure - reason unknown", "PartialEncryptedExtensionsWithServerHello":"Test failure - reason unknown", "StrayChangeCipherSpec":"Test failure - reason unknown", diff --git a/test/ossl_shim/ossl_shim.cc b/test/ossl_shim/ossl_shim.cc index 79edadd..9607e52 100644 --- a/test/ossl_shim/ossl_shim.cc +++ b/test/ossl_shim/ossl_shim.cc @@ -518,6 +518,7 @@ class SocketCloser { }; static bssl::UniquePtr<SSL_CTX> SetupCtx(const TestConfig *config) { + const char sess_id_ctx[] = "ossl_shim"; bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new( config->is_dtls ? DTLS_method() : TLS_method())); if (!ssl_ctx) { @@ -633,6 +634,10 @@ static bssl::UniquePtr<SSL_CTX> SetupCtx(const TestConfig *config) { SSL_CTX_set_client_CA_list(ssl_ctx.get(), nullptr); } + SSL_CTX_set_session_id_context(ssl_ctx.get(), + (const unsigned char *)sess_id_ctx, + sizeof(sess_id_ctx) - 1); + return ssl_ctx; } @@ -852,7 +857,7 @@ static bool CheckHandshakeProperties(SSL *ssl, bool is_resume) { return false; } } else if (!config->is_server || config->require_any_client_certificate) { - if (SSL_get_peer_cert_chain(ssl) == nullptr) { + if (SSL_get_peer_certificate(ssl) == nullptr) { fprintf(stderr, "Received no peer certificate but expected one.\n"); return false; } _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits