From: Matt Caswell <matt@openssl.org>
Date: Mon, 11 Sep 2023 12:57:35 +0000 (+0100)
Subject: Test that a client that does not supply ALPN fails as expected
X-Git-Tag: openssl-3.2.0-alpha2~85
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=122d4e20cd2e88daa64d8bfcd7b8a6e39a0260e4;p=thirdparty%2Fopenssl.git

Test that a client that does not supply ALPN fails as expected

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22066)
---

diff --git a/test/quicapitest.c b/test/quicapitest.c
index 8c78e14de9c..c471495aa21 100644
--- a/test/quicapitest.c
+++ b/test/quicapitest.c
@@ -1190,6 +1190,66 @@ static int test_quic_psk(void)
     return testresult;
 }
 
+/*
+ * Test that we correctly handle ALPN supplied by the application
+ * Test 0: ALPN is provided
+ * Test 1: No ALPN is provided
+ */
+static int test_alpn(int idx)
+{
+    SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
+    SSL *clientquic = NULL;
+    QUIC_TSERVER *qtserv = NULL;
+    int testresult = 0;
+    int ret;
+
+    /*
+     * Ensure we only configure ciphersuites that are available with both the
+     * default and fips providers to get the same output in both cases
+     */
+    if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, "TLS_AES_128_GCM_SHA256")))
+        goto err;
+
+    if (!TEST_ptr(cctx)
+            || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
+                                                    privkey,
+                                                    QTEST_FLAG_FAKE_TIME,
+                                                    &qtserv,
+                                                    &clientquic, NULL)))
+        goto err;
+
+    if (idx == 0) {
+        /*
+        * Clear the ALPN we set in qtest_create_quic_objects. We use TEST_false
+        * because SSL_set_alpn_protos returns 0 for success.
+        */
+        if (!TEST_false(SSL_set_alpn_protos(clientquic, NULL, 0)))
+            goto err;
+    }
+
+    ret = SSL_connect(clientquic);
+    if (!TEST_int_le(ret, 0))
+        goto err;
+    if (idx == 0) {
+        /* We expect an immediate error due to lack of ALPN */
+        if (!TEST_int_eq(SSL_get_error(clientquic, ret), SSL_ERROR_SSL))
+            goto err;
+    } else {
+        /* ALPN was provided so we expect the connection to succeed */
+        if (!TEST_int_eq(SSL_get_error(clientquic, ret), SSL_ERROR_WANT_READ)
+                || !TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
+            goto err;
+    }
+
+    testresult = 1;
+ err:
+    ossl_quic_tserver_free(qtserv);
+    SSL_free(clientquic);
+    SSL_CTX_free(cctx);
+
+    return testresult;
+}
+
 OPT_TEST_DECLARE_USAGE("provider config certsdir datadir\n")
 
 int setup_tests(void)
@@ -1262,6 +1322,7 @@ int setup_tests(void)
     ADD_TEST(test_multiple_dgrams);
     ADD_ALL_TESTS(test_non_io_retry, 2);
     ADD_TEST(test_quic_psk);
+    ADD_ALL_TESTS(test_alpn, 2);
     return 1;
  err:
     cleanup_tests();