Split create_ssl_connection()
Split the create_ssl_connection() helper function into two steps: one to
create the SSL objects, and one to actually create the connection. This
provides the ability to make changes to the SSL object before the
connection is actually made.
Reviewed-by: Richard Levitte <levitte@openssl.org>
diff --git a/test/asynciotest.c b/test/asynciotest.c
index de67cce..720cc7c 100644
--- a/test/asynciotest.c
+++ b/test/asynciotest.c
@@ -276,8 +276,13 @@
}
/* BIOs get freed on error */
- if (!create_ssl_connection(serverctx, clientctx, &serverssl, &clientssl,
- s_to_c_fbio, c_to_s_fbio)) {
+ if (!create_ssl_objects(serverctx, clientctx, &serverssl, &clientssl,
+ s_to_c_fbio, c_to_s_fbio)) {
+ printf("Test %d failed: Create SSL objects failed\n", test);
+ goto end;
+ }
+
+ if (!create_ssl_connection(serverssl, clientssl)) {
printf("Test %d failed: Create SSL connection failed\n", test);
goto end;
}
diff --git a/test/sslapitest.c b/test/sslapitest.c
index cb86217..cc790a0 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -122,7 +122,9 @@
SSL_CTX *sctx = NULL, *cctx = NULL;
SSL *serverssl1 = NULL, *clientssl1 = NULL;
SSL *serverssl2 = NULL, *clientssl2 = NULL;
+#ifndef OPENSSL_NO_TLS1_1
SSL *serverssl3 = NULL, *clientssl3 = NULL;
+#endif
SSL_SESSION *sess1 = NULL, *sess2 = NULL;
int testresult = 0;
@@ -151,8 +153,13 @@
| SSL_SESS_CACHE_NO_INTERNAL_STORE);
}
- if (!create_ssl_connection(sctx, cctx, &serverssl1, &clientssl1, NULL,
+ if (!create_ssl_objects(sctx, cctx, &serverssl1, &clientssl1, NULL,
NULL)) {
+ printf("Unable to create SSL objects\n");
+ goto end;
+ }
+
+ if (!create_ssl_connection(serverssl1, clientssl1)) {
printf("Unable to create SSL connection\n");
goto end;
}
@@ -173,8 +180,12 @@
goto end;
}
- if (!create_ssl_connection(sctx, cctx, &serverssl2, &clientssl2, NULL,
- NULL)) {
+ if (!create_ssl_objects(sctx, cctx, &serverssl2, &clientssl2, NULL, NULL)) {
+ printf("Unable to create second SSL objects\n");
+ goto end;
+ }
+
+ if (!create_ssl_connection(serverssl2, clientssl2)) {
printf("Unable to create second SSL connection\n");
goto end;
}
@@ -245,23 +256,24 @@
#if !defined(OPENSSL_NO_TLS1_1) && !defined(OPENSSL_NO_TLS1_2)
/* Force a connection failure */
SSL_CTX_set_max_proto_version(sctx, TLS1_1_VERSION);
- clientssl3 = SSL_new(cctx);
- if (clientssl3 == NULL) {
- printf("Malloc failure\n");
+
+ if (!create_ssl_objects(sctx, cctx, &serverssl3, &clientssl3, NULL, NULL)) {
+ printf("Unable to create third SSL objects\n");
goto end;
}
+
if (!SSL_set_session(clientssl3, sess1)) {
printf("Unable to set session for third connection\n");
goto end;
}
/* This should fail because of the mismatched protocol versions */
- if (create_ssl_connection(sctx, cctx, &serverssl3, &clientssl3, NULL,
- NULL)) {
- printf("Unexpected success creating SSL connection\n");
+ if (create_ssl_connection(serverssl3, clientssl3)) {
+ printf("Unable to create third SSL connection\n");
goto end;
}
+
/* We should have automatically removed the session from the cache */
if (fix.use_ext_cache && (new_called != 2 || remove_called != 3)) {
printf("Failed to call callback to remove session #2\n");
@@ -284,8 +296,10 @@
SSL_free(clientssl1);
SSL_free(serverssl2);
SSL_free(clientssl2);
+#ifndef OPENSSL_NO_TLS1_1
SSL_free(serverssl3);
SSL_free(clientssl3);
+#endif
SSL_SESSION_free(sess1);
SSL_SESSION_free(sess2);
/*
diff --git a/test/ssltestlib.c b/test/ssltestlib.c
index b0ea6c8..a6ca5ff 100644
--- a/test/ssltestlib.c
+++ b/test/ssltestlib.c
@@ -567,11 +567,9 @@
/*
* NOTE: Transfers control of the BIOs - this function will free them on error
*/
-int create_ssl_connection(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl,
+int create_ssl_objects(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl,
SSL **cssl, BIO *s_to_c_fbio, BIO *c_to_s_fbio)
{
- int retc = -1, rets = -1, err, abortctr = 0;
- int clienterr = 0, servererr = 0;
SSL *serverssl, *clientssl;
BIO *s_to_c_bio = NULL, *c_to_s_bio = NULL;
@@ -589,8 +587,13 @@
goto error;
}
- s_to_c_bio = BIO_new(BIO_s_mem());
- c_to_s_bio = BIO_new(BIO_s_mem());
+ if (SSL_is_dtls(clientssl)) {
+ s_to_c_bio = BIO_new(bio_s_mempacket_test());
+ c_to_s_bio = BIO_new(bio_s_mempacket_test());;
+ } else {
+ s_to_c_bio = BIO_new(BIO_s_mem());
+ c_to_s_bio = BIO_new(BIO_s_mem());
+ }
if (s_to_c_bio == NULL || c_to_s_bio == NULL) {
printf("Failed to create mem BIOs\n");
goto error;
@@ -620,6 +623,27 @@
s_to_c_bio = c_to_s_bio = NULL;
s_to_c_fbio = c_to_s_fbio = NULL;
+ *sssl = serverssl;
+ *cssl = clientssl;
+
+ return 1;
+
+ error:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ BIO_free(s_to_c_bio);
+ BIO_free(c_to_s_bio);
+ BIO_free(s_to_c_fbio);
+ BIO_free(c_to_s_fbio);
+
+ return 0;
+}
+
+int create_ssl_connection(SSL *serverssl, SSL *clientssl)
+{
+ int retc = -1, rets = -1, err, abortctr = 0;
+ int clienterr = 0, servererr = 0;
+
do {
err = SSL_ERROR_WANT_WRITE;
while (!clienterr && retc <= 0 && err == SSL_ERROR_WANT_WRITE) {
@@ -645,29 +669,12 @@
servererr = 1;
}
if (clienterr && servererr)
- goto error;
+ return 0;
if (++abortctr == MAXLOOPS) {
printf("No progress made\n");
- goto error;
+ return 0;
}
} while (retc <=0 || rets <= 0);
- *sssl = serverssl;
- *cssl = clientssl;
-
return 1;
-
- error:
- if (*sssl == NULL) {
- SSL_free(serverssl);
- BIO_free(s_to_c_bio);
- BIO_free(s_to_c_fbio);
- }
- if (*cssl == NULL) {
- SSL_free(clientssl);
- BIO_free(c_to_s_bio);
- BIO_free(c_to_s_fbio);
- }
-
- return 0;
}
diff --git a/test/ssltestlib.h b/test/ssltestlib.h
index 04952a6..27f7547 100644
--- a/test/ssltestlib.h
+++ b/test/ssltestlib.h
@@ -15,8 +15,9 @@
int create_ssl_ctx_pair(const SSL_METHOD *sm, const SSL_METHOD *cm,
SSL_CTX **sctx, SSL_CTX **cctx, char *certfile,
char *privkeyfile);
-int create_ssl_connection(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl,
- SSL **cssl, BIO *s_to_c_fbio, BIO *c_to_s_fbio);
+int create_ssl_objects(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl,
+ SSL **cssl, BIO *s_to_c_fbio, BIO *c_to_s_fbio);
+int create_ssl_connection(SSL *serverssl, SSL *clientssl);
/* Note: Not thread safe! */
const BIO_METHOD *bio_f_tls_dump_filter(void);
