Split create_ssl_connection()
Split the create_ssl_connection() helper function into two steps: one to create the SSL objects, and one to actually create the connection. This provides the ability to make changes to the SSL object before the connection is actually made. Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
Matt Caswell
parent
d82dec40ba
commit
b4982125e6
4 changed files with 64 additions and 37 deletions
|
|
@ -276,8 +276,13 @@ int main(int argc, char *argv[])
|
|||
}
|
||||
|
||||
/* BIOs get freed on error */
|
||||
if (!create_ssl_connection(serverctx, clientctx, &serverssl, &clientssl,
|
||||
s_to_c_fbio, c_to_s_fbio)) {
|
||||
if (!create_ssl_objects(serverctx, clientctx, &serverssl, &clientssl,
|
||||
s_to_c_fbio, c_to_s_fbio)) {
|
||||
printf("Test %d failed: Create SSL objects failed\n", test);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (!create_ssl_connection(serverssl, clientssl)) {
|
||||
printf("Test %d failed: Create SSL connection failed\n", test);
|
||||
goto end;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -122,7 +122,9 @@ static int execute_test_session(SSL_SESSION_TEST_FIXTURE fix)
|
|||
SSL_CTX *sctx = NULL, *cctx = NULL;
|
||||
SSL *serverssl1 = NULL, *clientssl1 = NULL;
|
||||
SSL *serverssl2 = NULL, *clientssl2 = NULL;
|
||||
#ifndef OPENSSL_NO_TLS1_1
|
||||
SSL *serverssl3 = NULL, *clientssl3 = NULL;
|
||||
#endif
|
||||
SSL_SESSION *sess1 = NULL, *sess2 = NULL;
|
||||
int testresult = 0;
|
||||
|
||||
|
|
@ -151,8 +153,13 @@ static int execute_test_session(SSL_SESSION_TEST_FIXTURE fix)
|
|||
| SSL_SESS_CACHE_NO_INTERNAL_STORE);
|
||||
}
|
||||
|
||||
if (!create_ssl_connection(sctx, cctx, &serverssl1, &clientssl1, NULL,
|
||||
if (!create_ssl_objects(sctx, cctx, &serverssl1, &clientssl1, NULL,
|
||||
NULL)) {
|
||||
printf("Unable to create SSL objects\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (!create_ssl_connection(serverssl1, clientssl1)) {
|
||||
printf("Unable to create SSL connection\n");
|
||||
goto end;
|
||||
}
|
||||
|
|
@ -173,8 +180,12 @@ static int execute_test_session(SSL_SESSION_TEST_FIXTURE fix)
|
|||
goto end;
|
||||
}
|
||||
|
||||
if (!create_ssl_connection(sctx, cctx, &serverssl2, &clientssl2, NULL,
|
||||
NULL)) {
|
||||
if (!create_ssl_objects(sctx, cctx, &serverssl2, &clientssl2, NULL, NULL)) {
|
||||
printf("Unable to create second SSL objects\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (!create_ssl_connection(serverssl2, clientssl2)) {
|
||||
printf("Unable to create second SSL connection\n");
|
||||
goto end;
|
||||
}
|
||||
|
|
@ -245,23 +256,24 @@ static int execute_test_session(SSL_SESSION_TEST_FIXTURE fix)
|
|||
#if !defined(OPENSSL_NO_TLS1_1) && !defined(OPENSSL_NO_TLS1_2)
|
||||
/* Force a connection failure */
|
||||
SSL_CTX_set_max_proto_version(sctx, TLS1_1_VERSION);
|
||||
clientssl3 = SSL_new(cctx);
|
||||
if (clientssl3 == NULL) {
|
||||
printf("Malloc failure\n");
|
||||
|
||||
if (!create_ssl_objects(sctx, cctx, &serverssl3, &clientssl3, NULL, NULL)) {
|
||||
printf("Unable to create third SSL objects\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (!SSL_set_session(clientssl3, sess1)) {
|
||||
printf("Unable to set session for third connection\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
/* This should fail because of the mismatched protocol versions */
|
||||
if (create_ssl_connection(sctx, cctx, &serverssl3, &clientssl3, NULL,
|
||||
NULL)) {
|
||||
printf("Unexpected success creating SSL connection\n");
|
||||
if (create_ssl_connection(serverssl3, clientssl3)) {
|
||||
printf("Unable to create third SSL connection\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
|
||||
/* We should have automatically removed the session from the cache */
|
||||
if (fix.use_ext_cache && (new_called != 2 || remove_called != 3)) {
|
||||
printf("Failed to call callback to remove session #2\n");
|
||||
|
|
@ -284,8 +296,10 @@ static int execute_test_session(SSL_SESSION_TEST_FIXTURE fix)
|
|||
SSL_free(clientssl1);
|
||||
SSL_free(serverssl2);
|
||||
SSL_free(clientssl2);
|
||||
#ifndef OPENSSL_NO_TLS1_1
|
||||
SSL_free(serverssl3);
|
||||
SSL_free(clientssl3);
|
||||
#endif
|
||||
SSL_SESSION_free(sess1);
|
||||
SSL_SESSION_free(sess2);
|
||||
/*
|
||||
|
|
|
|||
|
|
@ -567,11 +567,9 @@ int create_ssl_ctx_pair(const SSL_METHOD *sm, const SSL_METHOD *cm,
|
|||
/*
|
||||
* NOTE: Transfers control of the BIOs - this function will free them on error
|
||||
*/
|
||||
int create_ssl_connection(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl,
|
||||
int create_ssl_objects(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl,
|
||||
SSL **cssl, BIO *s_to_c_fbio, BIO *c_to_s_fbio)
|
||||
{
|
||||
int retc = -1, rets = -1, err, abortctr = 0;
|
||||
int clienterr = 0, servererr = 0;
|
||||
SSL *serverssl, *clientssl;
|
||||
BIO *s_to_c_bio = NULL, *c_to_s_bio = NULL;
|
||||
|
||||
|
|
@ -589,8 +587,13 @@ int create_ssl_connection(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl,
|
|||
goto error;
|
||||
}
|
||||
|
||||
s_to_c_bio = BIO_new(BIO_s_mem());
|
||||
c_to_s_bio = BIO_new(BIO_s_mem());
|
||||
if (SSL_is_dtls(clientssl)) {
|
||||
s_to_c_bio = BIO_new(bio_s_mempacket_test());
|
||||
c_to_s_bio = BIO_new(bio_s_mempacket_test());;
|
||||
} else {
|
||||
s_to_c_bio = BIO_new(BIO_s_mem());
|
||||
c_to_s_bio = BIO_new(BIO_s_mem());
|
||||
}
|
||||
if (s_to_c_bio == NULL || c_to_s_bio == NULL) {
|
||||
printf("Failed to create mem BIOs\n");
|
||||
goto error;
|
||||
|
|
@ -620,6 +623,27 @@ int create_ssl_connection(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl,
|
|||
s_to_c_bio = c_to_s_bio = NULL;
|
||||
s_to_c_fbio = c_to_s_fbio = NULL;
|
||||
|
||||
*sssl = serverssl;
|
||||
*cssl = clientssl;
|
||||
|
||||
return 1;
|
||||
|
||||
error:
|
||||
SSL_free(serverssl);
|
||||
SSL_free(clientssl);
|
||||
BIO_free(s_to_c_bio);
|
||||
BIO_free(c_to_s_bio);
|
||||
BIO_free(s_to_c_fbio);
|
||||
BIO_free(c_to_s_fbio);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int create_ssl_connection(SSL *serverssl, SSL *clientssl)
|
||||
{
|
||||
int retc = -1, rets = -1, err, abortctr = 0;
|
||||
int clienterr = 0, servererr = 0;
|
||||
|
||||
do {
|
||||
err = SSL_ERROR_WANT_WRITE;
|
||||
while (!clienterr && retc <= 0 && err == SSL_ERROR_WANT_WRITE) {
|
||||
|
|
@ -645,29 +669,12 @@ int create_ssl_connection(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl,
|
|||
servererr = 1;
|
||||
}
|
||||
if (clienterr && servererr)
|
||||
goto error;
|
||||
return 0;
|
||||
if (++abortctr == MAXLOOPS) {
|
||||
printf("No progress made\n");
|
||||
goto error;
|
||||
return 0;
|
||||
}
|
||||
} while (retc <=0 || rets <= 0);
|
||||
|
||||
*sssl = serverssl;
|
||||
*cssl = clientssl;
|
||||
|
||||
return 1;
|
||||
|
||||
error:
|
||||
if (*sssl == NULL) {
|
||||
SSL_free(serverssl);
|
||||
BIO_free(s_to_c_bio);
|
||||
BIO_free(s_to_c_fbio);
|
||||
}
|
||||
if (*cssl == NULL) {
|
||||
SSL_free(clientssl);
|
||||
BIO_free(c_to_s_bio);
|
||||
BIO_free(c_to_s_fbio);
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -15,8 +15,9 @@
|
|||
int create_ssl_ctx_pair(const SSL_METHOD *sm, const SSL_METHOD *cm,
|
||||
SSL_CTX **sctx, SSL_CTX **cctx, char *certfile,
|
||||
char *privkeyfile);
|
||||
int create_ssl_connection(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl,
|
||||
SSL **cssl, BIO *s_to_c_fbio, BIO *c_to_s_fbio);
|
||||
int create_ssl_objects(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl,
|
||||
SSL **cssl, BIO *s_to_c_fbio, BIO *c_to_s_fbio);
|
||||
int create_ssl_connection(SSL *serverssl, SSL *clientssl);
|
||||
|
||||
/* Note: Not thread safe! */
|
||||
const BIO_METHOD *bio_f_tls_dump_filter(void);
|
||||
|
|
|
|||
Loading…
Reference in a new issue