Browse Source

Fix ossl_shim SNI handling

To start with, actually set an SNI callback (copied from bssl_shim); we
weren't actually testing much otherwise (and just happened to have been
passing due to buggy libssl behavior prior to
commit 1c4aa31d79).

Also use proper C++ code for handling C strings -- when a C API
(SSL_get_servername()) returns NULL instead of a string, special-case
that instead of blindly trying to compare NULL against a std::string,
and perform the comparsion using the std::string operators instead of
falling back to pointer comparison.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6792)
master
Benjamin Kaduk 4 years ago
committed by Benjamin Kaduk
parent
commit
45a2353056
1 changed files with 20 additions and 1 deletions
  1. +20
    -1
      test/ossl_shim/ossl_shim.cc

+ 20
- 1
test/ossl_shim/ossl_shim.cc View File

@ -459,6 +459,20 @@ static int CustomExtensionParseCallback(SSL *ssl, unsigned extension_value,
return 1;
}
static int ServerNameCallback(SSL *ssl, int *out_alert, void *arg) {
// SNI must be accessible from the SNI callback.
const TestConfig *config = GetTestConfig(ssl);
const char *server_name = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
if (server_name == nullptr ||
std::string(server_name) != config->expected_server_name) {
fprintf(stderr, "servername mismatch (got %s; want %s)\n", server_name,
config->expected_server_name.c_str());
return SSL_TLSEXT_ERR_ALERT_FATAL;
}
return SSL_TLSEXT_ERR_OK;
}
// Connect returns a new socket connected to localhost on |port| or -1 on
// error.
static int Connect(uint16_t port) {
@ -645,6 +659,10 @@ static bssl::UniquePtr<SSL_CTX> SetupCtx(const TestConfig *config) {
sizeof(sess_id_ctx) - 1))
return nullptr;
if (!config->expected_server_name.empty()) {
SSL_CTX_set_tlsext_servername_callback(ssl_ctx.get(), ServerNameCallback);
}
return ssl_ctx;
}
@ -809,7 +827,8 @@ static bool CheckHandshakeProperties(SSL *ssl, bool is_resume) {
if (!config->expected_server_name.empty()) {
const char *server_name =
SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
if (server_name != config->expected_server_name) {
if (server_name == nullptr ||
std::string(server_name) != config->expected_server_name) {
fprintf(stderr, "servername mismatch (got %s; want %s)\n",
server_name, config->expected_server_name.c_str());
return false;


Loading…
Cancel
Save