WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #5875 from JacobBarthelmeh/Compatibility-Layer 

fix for handling DEFAULT:... cipher suite list
pull/5885/head
David Garske 2022-12-12 14:43:50 -08:00 committed by GitHub
parent 334042d7f5 f974bd4ad6
commit a1e883b43d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 72 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/internal.c
View File

@ -24360,7 +24360,10 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
haveRSA = 1; haveRSA = 1;
haveDH = 1; haveDH = 1;
haveECC = 1; haveECC = 1;
haveStaticECC = 1;
/* having static ECC will disable all RSA use, do not set
* static ECC suites here
* haveStaticECC = 1; */
haveStaticRSA = 1; haveStaticRSA = 1;
haveRSAsig = 1; haveRSAsig = 1;
havePSK = 1; havePSK = 1;

68
tests/api.c
View File

@ -7018,6 +7018,73 @@ static int test_wolfSSL_CTX_verifyDepth_ServerClient(void)
return res; return res;
} }
static int test_wolfSSL_CTX_set_cipher_list(void)
{
int res = TEST_SKIPPED;
#if defined(OPENSSL_ALL) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \
!defined(WOLFSSL_TIRTOS) && !defined(NO_AES) && !defined(WOLFSSL_NO_TLS12) \
&& !defined(NO_SHA256)
WOLFSSL_CTX* ctx;
WOLFSSL_CTX* ctxClient;
tcp_ready ready;
func_args client_args;
func_args server_args;
callback_functions client_cb;
callback_functions server_cb;
THREAD_TYPE serverThread;
XMEMSET(&client_args, 0, sizeof(func_args));
XMEMSET(&server_args, 0, sizeof(func_args));
StartTCP();
InitTcpReady(&ready);
XMEMSET(&client_cb, 0, sizeof(callback_functions));
XMEMSET(&server_cb, 0, sizeof(callback_functions));
AssertNotNull((ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method())));
AssertTrue(wolfSSL_CTX_set_cipher_list(ctx, "DEFAULT:!NULL"));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
AssertNotNull((ctxClient = wolfSSL_CTX_new(wolfTLSv1_2_client_method())));
AssertTrue(wolfSSL_CTX_set_cipher_list(ctxClient, "ECDHE-RSA-AES128-SHA256"));
client_cb.ctx = ctxClient;
server_cb.ctx = ctx;
/* we are responsible for free'ing WOLFSSL_CTX */
server_cb.isSharedCtx = client_cb.isSharedCtx = 1;
server_args.signal = &ready;
server_args.callbacks = &server_cb;
client_args.signal = &ready;
client_args.callbacks = &client_cb;
client_args.return_code = TEST_FAIL;
start_thread(test_server_nofail, &server_args, &serverThread);
wait_tcp_ready(&server_args);
test_client_nofail(&client_args, NULL);
join_thread(serverThread);
wolfSSL_CTX_free(client_cb.ctx);
wolfSSL_CTX_free(server_cb.ctx);
AssertIntEQ(server_args.return_code, TEST_SUCCESS);
FreeTcpReady(&ready);
res = TEST_RES_CHECK(1);
#endif
return res;
}
static int test_client_get_finished(void* args, cbType cb) static int test_client_get_finished(void* args, cbType cb)
{ {
#if defined(WOLFSSL_HAVE_TLS_UNIQUE) && !defined(NO_WOLFSSL_CLIENT) #if defined(WOLFSSL_HAVE_TLS_UNIQUE) && !defined(NO_WOLFSSL_CLIENT)
@ -59447,6 +59514,7 @@ TEST_CASE testCases[] = {
TEST_DECL(test_wolfSSL_read_write), TEST_DECL(test_wolfSSL_read_write),
TEST_DECL(test_wolfSSL_reuse_WOLFSSLobj), TEST_DECL(test_wolfSSL_reuse_WOLFSSLobj),
TEST_DECL(test_wolfSSL_CTX_verifyDepth_ServerClient), TEST_DECL(test_wolfSSL_CTX_verifyDepth_ServerClient),
TEST_DECL(test_wolfSSL_CTX_set_cipher_list),
TEST_DECL(test_wolfSSL_dtls_export), TEST_DECL(test_wolfSSL_dtls_export),
TEST_DECL(test_wolfSSL_tls_export), TEST_DECL(test_wolfSSL_tls_export),
#endif #endif