}
return sess;
}
+
+#define NUM_EXTRA_CERTS 40
+
+int ssl_ctx_add_large_cert_chain(OSSL_LIB_CTX *libctx, SSL_CTX *sctx,
+ const char *cert_file)
+{
+ BIO *certbio = NULL;
+ X509 *chaincert = NULL;
+ int certlen;
+ int ret = 0;
+ int i;
+
+ if (!TEST_ptr(certbio = BIO_new_file(cert_file, "r")))
+ goto end;
+
+ if (!TEST_ptr(chaincert = X509_new_ex(libctx, NULL)))
+ goto end;
+
+ if (PEM_read_bio_X509(certbio, &chaincert, NULL, NULL) == NULL)
+ goto end;
+ BIO_free(certbio);
+ certbio = NULL;
+
+ /*
+ * We assume the supplied certificate is big enough so that if we add
+ * NUM_EXTRA_CERTS it will make the overall message large enough. The
+ * default buffer size is requested to be 16k, but due to the way BUF_MEM
+ * works, it ends up allocating a little over 21k (16 * 4/3). So, in this
+ * test we need to have a message larger than that.
+ */
+ certlen = i2d_X509(chaincert, NULL);
+ OPENSSL_assert(certlen * NUM_EXTRA_CERTS >
+ (SSL3_RT_MAX_PLAIN_LENGTH * 4) / 3);
+ for (i = 0; i < NUM_EXTRA_CERTS; i++) {
+ if (!X509_up_ref(chaincert))
+ goto end;
+ if (!SSL_CTX_add_extra_chain_cert(sctx, chaincert)) {
+ X509_free(chaincert);
+ goto end;
+ }
+ }
+
+ ret = 1;
+ end:
+ BIO_free(certbio);
+ X509_free(chaincert);
+ return ret;
+}
SSL_SESSION *create_a_psk(SSL *ssl, size_t mdsize);
+/* Add cert from `cert_file` multiple times to create large extra cert chain */
+int ssl_ctx_add_large_cert_chain(OSSL_LIB_CTX *libctx, SSL_CTX *sctx,
+ const char *cert_file);
+
#endif /* OSSL_TEST_SSLTESTLIB_H */
&clientquic, NULL, NULL)))
goto err;
+ if (idx > 1) {
+ if (!TEST_true(ssl_ctx_add_large_cert_chain(libctx, cctx, ccert))
+ || !TEST_true(ssl_ctx_add_large_cert_chain(libctx, sctx, cert)))
+ goto err;
+ }
+
if (idx == 0) {
if (!TEST_false(qtest_create_quic_connection(qtserv, clientquic)))
goto err;
ADD_TEST(test_multiple_dgrams);
ADD_ALL_TESTS(test_non_io_retry, 2);
ADD_TEST(test_quic_psk);
- ADD_ALL_TESTS(test_client_auth, 2);
+ ADD_ALL_TESTS(test_client_auth, 3);
ADD_ALL_TESTS(test_alpn, 2);
ADD_ALL_TESTS(test_noisy_dgram, 2);
ADD_TEST(test_get_shutdown);
static X509 *ocspcert = NULL;
#endif
-#define NUM_EXTRA_CERTS 40
#define CLIENT_VERSION_LEN 2
/*
}
#endif
-static int add_large_cert_chain(SSL_CTX *sctx)
-{
- BIO *certbio = NULL;
- X509 *chaincert = NULL;
- int certlen;
- int ret = 0;
- int i;
-
- if (!TEST_ptr(certbio = BIO_new_file(cert, "r")))
- goto end;
-
- if (!TEST_ptr(chaincert = X509_new_ex(libctx, NULL)))
- goto end;
-
- if (PEM_read_bio_X509(certbio, &chaincert, NULL, NULL) == NULL)
- goto end;
- BIO_free(certbio);
- certbio = NULL;
-
- /*
- * We assume the supplied certificate is big enough so that if we add
- * NUM_EXTRA_CERTS it will make the overall message large enough. The
- * default buffer size is requested to be 16k, but due to the way BUF_MEM
- * works, it ends up allocating a little over 21k (16 * 4/3). So, in this
- * test we need to have a message larger than that.
- */
- certlen = i2d_X509(chaincert, NULL);
- OPENSSL_assert(certlen * NUM_EXTRA_CERTS >
- (SSL3_RT_MAX_PLAIN_LENGTH * 4) / 3);
- for (i = 0; i < NUM_EXTRA_CERTS; i++) {
- if (!X509_up_ref(chaincert))
- goto end;
- if (!SSL_CTX_add_extra_chain_cert(sctx, chaincert)) {
- X509_free(chaincert);
- goto end;
- }
- }
-
- ret = 1;
- end:
- BIO_free(certbio);
- X509_free(chaincert);
- return ret;
-}
-
static int execute_test_large_message(const SSL_METHOD *smeth,
const SSL_METHOD *cmeth,
int min_version, int max_version,
SSL_CTX_set_read_ahead(cctx, 1);
}
- if (!add_large_cert_chain(sctx))
+ if (!ssl_ctx_add_large_cert_chain(libctx, sctx, cert))
goto end;
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
* Add a large amount of data to fill the buffering BIO used by the SSL
* object
*/
- if ((idx & 1) == 1 && !add_large_cert_chain(sctx))
+ if ((idx & 1) == 1 && !ssl_ctx_add_large_cert_chain(libctx, sctx, cert))
goto end;
/*
projects / thirdparty / openssl.git / commitdiff
