Split the create_ssl_connection() helper function into two steps: one to
create the SSL objects, and one to actually create the connection. This
provides the ability to make changes to the SSL object before the
connection is actually made.
Reviewed-by: Richard Levitte <levitte@openssl.org>
}
/* BIOs get freed on error */
}
/* BIOs get freed on error */
- if (!create_ssl_connection(serverctx, clientctx, &serverssl, &clientssl,
- s_to_c_fbio, c_to_s_fbio)) {
+ if (!create_ssl_objects(serverctx, clientctx, &serverssl, &clientssl,
+ s_to_c_fbio, c_to_s_fbio)) {
+ printf("Test %d failed: Create SSL objects failed\n", test);
+ goto end;
+ }
+
+ if (!create_ssl_connection(serverssl, clientssl)) {
printf("Test %d failed: Create SSL connection failed\n", test);
goto end;
}
printf("Test %d failed: Create SSL connection failed\n", test);
goto end;
}
SSL_CTX *sctx = NULL, *cctx = NULL;
SSL *serverssl1 = NULL, *clientssl1 = NULL;
SSL *serverssl2 = NULL, *clientssl2 = NULL;
SSL_CTX *sctx = NULL, *cctx = NULL;
SSL *serverssl1 = NULL, *clientssl1 = NULL;
SSL *serverssl2 = NULL, *clientssl2 = NULL;
+#ifndef OPENSSL_NO_TLS1_1
SSL *serverssl3 = NULL, *clientssl3 = NULL;
SSL *serverssl3 = NULL, *clientssl3 = NULL;
SSL_SESSION *sess1 = NULL, *sess2 = NULL;
int testresult = 0;
SSL_SESSION *sess1 = NULL, *sess2 = NULL;
int testresult = 0;
| SSL_SESS_CACHE_NO_INTERNAL_STORE);
}
| SSL_SESS_CACHE_NO_INTERNAL_STORE);
}
- if (!create_ssl_connection(sctx, cctx, &serverssl1, &clientssl1, NULL,
+ if (!create_ssl_objects(sctx, cctx, &serverssl1, &clientssl1, NULL,
+ printf("Unable to create SSL objects\n");
+ goto end;
+ }
+
+ if (!create_ssl_connection(serverssl1, clientssl1)) {
printf("Unable to create SSL connection\n");
goto end;
}
printf("Unable to create SSL connection\n");
goto end;
}
- if (!create_ssl_connection(sctx, cctx, &serverssl2, &clientssl2, NULL,
- NULL)) {
+ if (!create_ssl_objects(sctx, cctx, &serverssl2, &clientssl2, NULL, NULL)) {
+ printf("Unable to create second SSL objects\n");
+ goto end;
+ }
+
+ if (!create_ssl_connection(serverssl2, clientssl2)) {
printf("Unable to create second SSL connection\n");
goto end;
}
printf("Unable to create second SSL connection\n");
goto end;
}
#if !defined(OPENSSL_NO_TLS1_1) && !defined(OPENSSL_NO_TLS1_2)
/* Force a connection failure */
SSL_CTX_set_max_proto_version(sctx, TLS1_1_VERSION);
#if !defined(OPENSSL_NO_TLS1_1) && !defined(OPENSSL_NO_TLS1_2)
/* Force a connection failure */
SSL_CTX_set_max_proto_version(sctx, TLS1_1_VERSION);
- clientssl3 = SSL_new(cctx);
- if (clientssl3 == NULL) {
- printf("Malloc failure\n");
+
+ if (!create_ssl_objects(sctx, cctx, &serverssl3, &clientssl3, NULL, NULL)) {
+ printf("Unable to create third SSL objects\n");
if (!SSL_set_session(clientssl3, sess1)) {
printf("Unable to set session for third connection\n");
goto end;
}
/* This should fail because of the mismatched protocol versions */
if (!SSL_set_session(clientssl3, sess1)) {
printf("Unable to set session for third connection\n");
goto end;
}
/* This should fail because of the mismatched protocol versions */
- if (create_ssl_connection(sctx, cctx, &serverssl3, &clientssl3, NULL,
- NULL)) {
- printf("Unexpected success creating SSL connection\n");
+ if (create_ssl_connection(serverssl3, clientssl3)) {
+ printf("Unable to create third SSL connection\n");
/* We should have automatically removed the session from the cache */
if (fix.use_ext_cache && (new_called != 2 || remove_called != 3)) {
printf("Failed to call callback to remove session #2\n");
/* We should have automatically removed the session from the cache */
if (fix.use_ext_cache && (new_called != 2 || remove_called != 3)) {
printf("Failed to call callback to remove session #2\n");
SSL_free(clientssl1);
SSL_free(serverssl2);
SSL_free(clientssl2);
SSL_free(clientssl1);
SSL_free(serverssl2);
SSL_free(clientssl2);
+#ifndef OPENSSL_NO_TLS1_1
SSL_free(serverssl3);
SSL_free(clientssl3);
SSL_free(serverssl3);
SSL_free(clientssl3);
SSL_SESSION_free(sess1);
SSL_SESSION_free(sess2);
/*
SSL_SESSION_free(sess1);
SSL_SESSION_free(sess2);
/*
/*
* NOTE: Transfers control of the BIOs - this function will free them on error
*/
/*
* NOTE: Transfers control of the BIOs - this function will free them on error
*/
-int create_ssl_connection(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl,
+int create_ssl_objects(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl,
SSL **cssl, BIO *s_to_c_fbio, BIO *c_to_s_fbio)
{
SSL **cssl, BIO *s_to_c_fbio, BIO *c_to_s_fbio)
{
- int retc = -1, rets = -1, err, abortctr = 0;
- int clienterr = 0, servererr = 0;
SSL *serverssl, *clientssl;
BIO *s_to_c_bio = NULL, *c_to_s_bio = NULL;
SSL *serverssl, *clientssl;
BIO *s_to_c_bio = NULL, *c_to_s_bio = NULL;
- s_to_c_bio = BIO_new(BIO_s_mem());
- c_to_s_bio = BIO_new(BIO_s_mem());
+ if (SSL_is_dtls(clientssl)) {
+ s_to_c_bio = BIO_new(bio_s_mempacket_test());
+ c_to_s_bio = BIO_new(bio_s_mempacket_test());;
+ } else {
+ s_to_c_bio = BIO_new(BIO_s_mem());
+ c_to_s_bio = BIO_new(BIO_s_mem());
+ }
if (s_to_c_bio == NULL || c_to_s_bio == NULL) {
printf("Failed to create mem BIOs\n");
goto error;
if (s_to_c_bio == NULL || c_to_s_bio == NULL) {
printf("Failed to create mem BIOs\n");
goto error;
s_to_c_bio = c_to_s_bio = NULL;
s_to_c_fbio = c_to_s_fbio = NULL;
s_to_c_bio = c_to_s_bio = NULL;
s_to_c_fbio = c_to_s_fbio = NULL;
+ *sssl = serverssl;
+ *cssl = clientssl;
+
+ return 1;
+
+ error:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ BIO_free(s_to_c_bio);
+ BIO_free(c_to_s_bio);
+ BIO_free(s_to_c_fbio);
+ BIO_free(c_to_s_fbio);
+
+ return 0;
+}
+
+int create_ssl_connection(SSL *serverssl, SSL *clientssl)
+{
+ int retc = -1, rets = -1, err, abortctr = 0;
+ int clienterr = 0, servererr = 0;
+
do {
err = SSL_ERROR_WANT_WRITE;
while (!clienterr && retc <= 0 && err == SSL_ERROR_WANT_WRITE) {
do {
err = SSL_ERROR_WANT_WRITE;
while (!clienterr && retc <= 0 && err == SSL_ERROR_WANT_WRITE) {
servererr = 1;
}
if (clienterr && servererr)
servererr = 1;
}
if (clienterr && servererr)
if (++abortctr == MAXLOOPS) {
printf("No progress made\n");
if (++abortctr == MAXLOOPS) {
printf("No progress made\n");
}
} while (retc <=0 || rets <= 0);
}
} while (retc <=0 || rets <= 0);
- *sssl = serverssl;
- *cssl = clientssl;
-
-
- error:
- if (*sssl == NULL) {
- SSL_free(serverssl);
- BIO_free(s_to_c_bio);
- BIO_free(s_to_c_fbio);
- }
- if (*cssl == NULL) {
- SSL_free(clientssl);
- BIO_free(c_to_s_bio);
- BIO_free(c_to_s_fbio);
- }
-
- return 0;
int create_ssl_ctx_pair(const SSL_METHOD *sm, const SSL_METHOD *cm,
SSL_CTX **sctx, SSL_CTX **cctx, char *certfile,
char *privkeyfile);
int create_ssl_ctx_pair(const SSL_METHOD *sm, const SSL_METHOD *cm,
SSL_CTX **sctx, SSL_CTX **cctx, char *certfile,
char *privkeyfile);
-int create_ssl_connection(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl,
- SSL **cssl, BIO *s_to_c_fbio, BIO *c_to_s_fbio);
+int create_ssl_objects(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl,
+ SSL **cssl, BIO *s_to_c_fbio, BIO *c_to_s_fbio);
+int create_ssl_connection(SSL *serverssl, SSL *clientssl);
/* Note: Not thread safe! */
const BIO_METHOD *bio_f_tls_dump_filter(void);
/* Note: Not thread safe! */
const BIO_METHOD *bio_f_tls_dump_filter(void);