GitHub/libevent
1
0
Fork 0
mirror of https://github.com/libevent/libevent.git synced 2025-01-09 00:56:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

mbedtls3 does not support tls<1.3, and tls<1.3 does not support renegotiations. therefore, disable

Browse Source
This commit is contained in:
Kirill Rodriguez 2024-10-15 12:33:52 +01:00
parent 87c921f9fc
commit 370d99244d
No known key found for this signature in database
GPG Key ID: 2AA85EC2AD7F85EA
2 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
test/regress_mbedtls.c
View File

@ -47,7 +47,9 @@
#define get_ssl_ctx get_mbedtls_config #define get_ssl_ctx get_mbedtls_config
/* FIXME: clean this up, add some prefix, i.e. le_ssl_ */ /* FIXME: clean this up, add some prefix, i.e. le_ssl_ */
#if MBEDTLS_VERSION_MAJOR < 3
#define SSL_renegotiate mbedtls_ssl_renegotiate #define SSL_renegotiate mbedtls_ssl_renegotiate
#endif
#undef SSL_get_peer_certificate #undef SSL_get_peer_certificate
#define SSL_get_peer_certificate mbedtls_ssl_get_peer_cert #define SSL_get_peer_certificate mbedtls_ssl_get_peer_cert
#define SSL_get1_peer_certificate mbedtls_ssl_get_peer_cert #define SSL_get1_peer_certificate mbedtls_ssl_get_peer_cert

10
test/regress_ssl.c
View File

@ -114,7 +114,9 @@ enum regress_openssl_type
{ {
REGRESS_OPENSSL_SOCKETPAIR = 1, REGRESS_OPENSSL_SOCKETPAIR = 1,
REGRESS_OPENSSL_FILTER = 2, REGRESS_OPENSSL_FILTER = 2,
#ifdef SSL_renegotiate
REGRESS_OPENSSL_RENEGOTIATE = 4, REGRESS_OPENSSL_RENEGOTIATE = 4,
#endif
REGRESS_OPENSSL_OPEN = 8, REGRESS_OPENSSL_OPEN = 8,
REGRESS_OPENSSL_DIRTY_SHUTDOWN = 16, REGRESS_OPENSSL_DIRTY_SHUTDOWN = 16,
REGRESS_OPENSSL_FD = 32, REGRESS_OPENSSL_FD = 32,
@ -187,9 +189,11 @@ respond_to_number(struct bufferevent *bev, void *ctx)
bufferevent_free(bev); /* Should trigger close on other side. */ bufferevent_free(bev); /* Should trigger close on other side. */
return; return;
} }
#ifdef SSL_renegotiate
if ((type & REGRESS_OPENSSL_CLIENT) && n == renegotiate_at) { if ((type & REGRESS_OPENSSL_CLIENT) && n == renegotiate_at) {
SSL_renegotiate(bufferevent_ssl_get_ssl(bev)); SSL_renegotiate(bufferevent_ssl_get_ssl(bev));
} }
#endif
++n; ++n;
evbuffer_add_printf(bufferevent_get_output(bev), evbuffer_add_printf(bufferevent_get_output(bev),
"%d\n", n); "%d\n", n);
@ -332,6 +336,7 @@ regress_bufferevent_openssl(void *arg)
enum regress_openssl_type type; enum regress_openssl_type type;
type = (enum regress_openssl_type)data->setup_data; type = (enum regress_openssl_type)data->setup_data;
#ifdef SSL_renegotiate
if (type & REGRESS_OPENSSL_RENEGOTIATE) { if (type & REGRESS_OPENSSL_RENEGOTIATE) {
/* /*
* Disable TLS 1.3, so we negotiate something older to test * Disable TLS 1.3, so we negotiate something older to test
@ -347,6 +352,7 @@ regress_bufferevent_openssl(void *arg)
} }
renegotiate_at = 600; renegotiate_at = 600;
} }
#endif
ssl1 = SSL_new(get_ssl_ctx(SSL_IS_CLIENT)); ssl1 = SSL_new(get_ssl_ctx(SSL_IS_CLIENT));
ssl2 = SSL_new(get_ssl_ctx(SSL_IS_SERVER)); ssl2 = SSL_new(get_ssl_ctx(SSL_IS_SERVER));
@ -767,12 +773,14 @@ struct testcase_t TESTCASES_NAME[] = {
{ "bufferevent_filter_write_after_connect", regress_bufferevent_openssl, { "bufferevent_filter_write_after_connect", regress_bufferevent_openssl,
TT_ISOLATED, &ssl_setup, TT_ISOLATED, &ssl_setup,
T(REGRESS_OPENSSL_FILTER|REGRESS_OPENSSL_CLIENT_WRITE) }, T(REGRESS_OPENSSL_FILTER|REGRESS_OPENSSL_CLIENT_WRITE) },
#ifdef SSL_renegotiate
{ "bufferevent_renegotiate_socketpair", regress_bufferevent_openssl, { "bufferevent_renegotiate_socketpair", regress_bufferevent_openssl,
TT_ISOLATED, &ssl_setup, TT_ISOLATED, &ssl_setup,
T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_RENEGOTIATE) }, T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_RENEGOTIATE) },
{ "bufferevent_renegotiate_filter", regress_bufferevent_openssl, { "bufferevent_renegotiate_filter", regress_bufferevent_openssl,
TT_ISOLATED, &ssl_setup, TT_ISOLATED, &ssl_setup,
T(REGRESS_OPENSSL_FILTER | REGRESS_OPENSSL_RENEGOTIATE) }, T(REGRESS_OPENSSL_FILTER | REGRESS_OPENSSL_RENEGOTIATE) },
#endif
{ "bufferevent_socketpair_startopen", regress_bufferevent_openssl, { "bufferevent_socketpair_startopen", regress_bufferevent_openssl,
TT_ISOLATED, &ssl_setup, TT_ISOLATED, &ssl_setup,
T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_OPEN) }, T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_OPEN) },
@ -786,6 +794,7 @@ struct testcase_t TESTCASES_NAME[] = {
{ "bufferevent_filter_dirty_shutdown", regress_bufferevent_openssl, { "bufferevent_filter_dirty_shutdown", regress_bufferevent_openssl,
TT_ISOLATED, &ssl_setup, TT_ISOLATED, &ssl_setup,
T(REGRESS_OPENSSL_FILTER | REGRESS_OPENSSL_DIRTY_SHUTDOWN) }, T(REGRESS_OPENSSL_FILTER | REGRESS_OPENSSL_DIRTY_SHUTDOWN) },
#ifdef SSL_renegotiate
{ "bufferevent_renegotiate_socketpair_dirty_shutdown", { "bufferevent_renegotiate_socketpair_dirty_shutdown",
regress_bufferevent_openssl, regress_bufferevent_openssl,
TT_ISOLATED, TT_ISOLATED,
@ -796,6 +805,7 @@ struct testcase_t TESTCASES_NAME[] = {
TT_ISOLATED, TT_ISOLATED,
&ssl_setup, &ssl_setup,
T(REGRESS_OPENSSL_FILTER | REGRESS_OPENSSL_RENEGOTIATE | REGRESS_OPENSSL_DIRTY_SHUTDOWN) }, T(REGRESS_OPENSSL_FILTER | REGRESS_OPENSSL_RENEGOTIATE | REGRESS_OPENSSL_DIRTY_SHUTDOWN) },
#endif
{ "bufferevent_socketpair_startopen_dirty_shutdown", { "bufferevent_socketpair_startopen_dirty_shutdown",
regress_bufferevent_openssl, regress_bufferevent_openssl,
TT_ISOLATED, &ssl_setup, TT_ISOLATED, &ssl_setup,