From: Francis Dupont <fdupont@isc.org>
Date: Sat, 13 Mar 2021 19:53:32 +0000 (+0100)
Subject: [#1748] Fixed more CentOS 7 problems
X-Git-Tag: Kea-1.9.6~145
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8a72ecdf0dc6808f6119571ed440bba3a83c6f75;p=thirdparty%2Fkea.git

[#1748] Fixed more CentOS 7 problems
---

diff --git a/src/lib/asiolink/tests/tls_unittest.cc b/src/lib/asiolink/tests/tls_unittest.cc
index 93bf918c70..0ac9e61eb3 100644
--- a/src/lib/asiolink/tests/tls_unittest.cc
+++ b/src/lib/asiolink/tests/tls_unittest.cc
@@ -237,6 +237,10 @@ TEST(TLSTest, configure) {
     EXPECT_FALSE(ctx);
 }
 
+// Disabled tests for obsolete OpenSSL or Botan
+#ifdef WITH_OPENSSL
+#if defined(LIBRESSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+
 // Define a callback class.
 namespace { // anonymous namespace.
 
@@ -651,16 +655,10 @@ TEST(TLSTest, unknownClient) {
         service.run_one();
     }
     EXPECT_TRUE(server_cb.getCode());
-#ifdef WITH_OPENSSL
 #ifndef LIBRESSL_VERSION_NUMBER
-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
     string server_expected("wrong version number");
-#else
-    string server_expected("unknown protocol");
-#endif
 #else
     string server_expected("tlsv1 alert protocol version");
-#endif
 #endif
     EXPECT_EQ(server_expected, server_cb.getCode().message());
     EXPECT_FALSE(client_cb.getCode());
@@ -725,17 +723,13 @@ TEST(TLSTest, anotherClient) {
     EXPECT_TRUE(server_cb.getCode());
     // Full error is:
     // error 20 at 0 depth lookup:unable to get local issuer certificate
-#ifdef WITH_OPENSSL
 #ifndef LIBRESSL_VERSION_NUMBER
     string server_expected("certificate verify failed");
 #else
     string server_expected("tlsv1 alert unknown ca");
 #endif
     EXPECT_EQ(server_expected, server_cb.getCode().message());
-#if defined(LIBRESSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER >= 0x10100000L)
     EXPECT_FALSE(client_cb.getCode());
-#endif
-#endif
 
     // Close client and server.
     EXPECT_NO_THROW(client.lowest_layer().close());
@@ -797,28 +791,18 @@ TEST(TLSTest, selfSigned) {
     EXPECT_TRUE(server_cb.getCode());
     // Full error is:
     // error 18 at 0 depth lookup:self signed certificate
-#ifdef WITH_OPENSSL
 #ifndef LIBRESSL_VERSION_NUMBER
     string server_expected("certificate verify failed");
 #else
     string server_expected("tlsv1 alert unknown ca");
 #endif
     EXPECT_EQ(server_expected, server_cb.getCode().message());
-#if defined(LIBRESSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER >= 0x10100000L)
     EXPECT_FALSE(client_cb.getCode());
-#endif
-#endif
 
     // Close client and server.
     EXPECT_NO_THROW(client.lowest_layer().close());
     EXPECT_NO_THROW(server.lowest_layer().close());
 }
 
-
-
-
-
-
-
-
-
+#endif // defined(LIBRESSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+#endif // WITH_OPENSSL
diff --git a/src/lib/asiolink/testutils/Makefile.am b/src/lib/asiolink/testutils/Makefile.am
index b614e7fdd8..54feea9b3f 100644
--- a/src/lib/asiolink/testutils/Makefile.am
+++ b/src/lib/asiolink/testutils/Makefile.am
@@ -64,11 +64,11 @@ noinst_PROGRAMS = openssl_sample_client openssl_sample_server
 openssl_sample_client_SOURCES = openssl_sample_client.cc
 openssl_sample_client_CPPFLAGS = $(AM_CPPFLAGS)
 openssl_sample_client_LDFLAGS = $(AM_LDFLAGS) $(CRYPTO_LDFLAGS)
-openssl_sample_client_LDADD = $(CRYPTO_LIBS)
+openssl_sample_client_LDADD = $(BOOST_LIBS) $(CRYPTO_LIBS)
 
 openssl_sample_server_SOURCES = openssl_sample_server.cc
 openssl_sample_server_CPPFLAGS = $(AM_CPPFLAGS)
 openssl_sample_server_LDFLAGS = $(AM_LDFLAGS) $(CRYPTO_LDFLAGS)
-openssl_sample_server_LDADD = $(CRYPTO_LIBS)
+openssl_sample_server_LDADD = $(BOOST_LIBS) $(CRYPTO_LIBS)
 endif
 endif
diff --git a/src/lib/asiolink/testutils/openssl_sample_client.cc b/src/lib/asiolink/testutils/openssl_sample_client.cc
index 06b6a2d4e2..39cae99019 100644
--- a/src/lib/asiolink/testutils/openssl_sample_client.cc
+++ b/src/lib/asiolink/testutils/openssl_sample_client.cc
@@ -10,6 +10,8 @@
 
 #include <config.h>
 
+#ifdef HAVE_GENERIC_TLS_METHOD
+
 #include <cstdlib>
 #include <cstring>
 #include <functional>
@@ -32,7 +34,7 @@ class client
 public:
   client(boost::asio::io_service& io_context,
       boost::asio::ssl::context& context,
-      const tcp::resolver::results_type& endpoints)
+      const tcp::endpoint& endpoint)
     : socket_(io_context, context)
   {
     socket_.set_verify_mode(boost::asio::ssl::verify_peer |
@@ -40,7 +42,7 @@ public:
     socket_.set_verify_callback(
         std::bind(&client::verify_certificate, this, _1, _2));
 
-    connect(endpoints);
+    connect(endpoint);
   }
 
 private:
@@ -63,11 +65,10 @@ private:
     return preverified;
   }
 
-  void connect(const tcp::resolver::results_type& endpoints)
+  void connect(const tcp::endpoint& endpoint)
   {
-    boost::asio::async_connect(socket_.lowest_layer(), endpoints,
-        [this](const boost::system::error_code& error,
-          const tcp::endpoint& /*endpoint*/)
+    socket_.lowest_layer().async_connect(endpoint,
+        [this](const boost::system::error_code& error)
         {
           if (!error)
           {
@@ -147,30 +148,23 @@ int main(int argc, char* argv[])
   {
     if (argc != 3)
     {
-      std::cerr << "Usage: client <host> <port>\n";
+      std::cerr << "Usage: client <addr> <port>\n";
       return 1;
     }
 
     boost::asio::io_service io_context;
 
-    tcp::resolver resolver(io_context);
-    auto endpoints = resolver.resolve(argv[1], argv[2]);
+    using namespace std; // For atoi.
+    tcp::endpoint endpoint(
+      boost::asio::ip::address::from_string(argv[1]), atoi(argv[2]));
 
-#ifdef HAVE_GENERIC_TLS_METHOD
     boost::asio::ssl::context ctx(boost::asio::ssl::context::method::tls);
-#else
-#ifdef HAVE_TLS_1_2_METHOD
-    boost::asio::ssl::context ctx(boost::asio::ssl::context::method::tlsv12);
-#else
-    boost::asio::ssl::context ctx(boost::asio::ssl::context::method::tlsv1);
-#endif
-#endif
     ctx.load_verify_file(CA_("kea-ca.crt"));
     ctx.use_certificate_chain_file(CA_("kea-client.crt"));
     ctx.use_private_key_file(CA_("kea-client.key"),
                              boost::asio::ssl::context::pem);
 
-    client c(io_context, ctx, endpoints);
+    client c(io_context, ctx, endpoint);
 
     io_context.run();
   }
@@ -181,3 +175,13 @@ int main(int argc, char* argv[])
 
   return 0;
 }
+#else // !HAVE_GENERIC_TLS_METHOD
+
+#include <iostream>
+
+int main()
+{
+  std::cerr << "this tool requires recent boost version\n";
+  return 0;
+}
+#endif
diff --git a/src/lib/asiolink/testutils/openssl_sample_server.cc b/src/lib/asiolink/testutils/openssl_sample_server.cc
index 8dc39c522d..093294a676 100644
--- a/src/lib/asiolink/testutils/openssl_sample_server.cc
+++ b/src/lib/asiolink/testutils/openssl_sample_server.cc
@@ -13,6 +13,8 @@
 
 #include <config.h>
 
+#ifdef HAVE_GENERIC_TLS_METHOD
+
 #include <cstdlib>
 #include <iostream>
 #include <boost/bind/bind.hpp>
@@ -106,15 +108,7 @@ public:
     : io_context_(io_context),
       acceptor_(io_context,
           boost::asio::ip::tcp::endpoint(boost::asio::ip::tcp::v4(), port)),
-#ifdef HAVE_GENERIC_TLS_METHOD
       context_(boost::asio::ssl::context::method::tls)
-#else
-#ifdef HAVE_TLS_1_2_METHOD
-      context_(boost::asio::ssl::context::method::tlsv12)
-#else
-      context_(boost::asio::ssl::context::method::tlsv1)
-#endif
-#endif
   {
     //context_.set_options(
     //    boost::asio::ssl::context::default_workarounds
@@ -185,3 +179,15 @@ int main(int argc, char* argv[])
 
   return 0;
 }
+
+#else // !HAVE_GENERIC_TLS_METHOD
+
+#include <iostream>
+
+int main()
+{
+  std::cerr << "this tool requires recent boost version\n";
+  return 0;
+}
+#endif
+