Skip to content

Commit

Permalink
test: pin optional client auth test to a TLS 1.2 policy (#4914)
Browse files Browse the repository at this point in the history
  • Loading branch information
@toidiu
toidiu authored Nov 21, 2024
1 parent a097d25 commit 72ae26d
Showing 1 changed file with 8 additions and 1 deletion.
9 changes: 8 additions & 1 deletion tests/unit/s2n_optional_client_auth_test.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,14 +35,14 @@ int main(int argc, char **argv)
struct s2n_cert_chain_and_key *chain_and_key = NULL;

BEGIN_TEST();
EXPECT_SUCCESS(s2n_disable_tls13_in_test());

EXPECT_NOT_NULL(cert_chain_pem = malloc(S2N_MAX_TEST_PEM_SIZE));
EXPECT_NOT_NULL(private_key_pem = malloc(S2N_MAX_TEST_PEM_SIZE));
EXPECT_NOT_NULL(dhparams_pem = malloc(S2N_MAX_TEST_PEM_SIZE));

/* Setup baseline server config and certs. */
EXPECT_NOT_NULL(server_config = s2n_config_new());
EXPECT_SUCCESS(s2n_config_set_cipher_preferences(server_config, "20240501"));
EXPECT_SUCCESS(s2n_read_test_pem(S2N_DEFAULT_TEST_CERT_CHAIN, cert_chain_pem, S2N_MAX_TEST_PEM_SIZE));
EXPECT_SUCCESS(s2n_read_test_pem(S2N_DEFAULT_TEST_PRIVATE_KEY, private_key_pem, S2N_MAX_TEST_PEM_SIZE));
EXPECT_SUCCESS(s2n_read_test_pem(S2N_DEFAULT_TEST_DHPARAMS, dhparams_pem, S2N_MAX_TEST_PEM_SIZE));
Expand All @@ -65,6 +65,7 @@ int main(int argc, char **argv)
*/

EXPECT_NOT_NULL(client_config = s2n_config_new());
EXPECT_SUCCESS(s2n_config_set_cipher_preferences(client_config, "20240501"));
EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(client_config, chain_and_key));
EXPECT_SUCCESS(s2n_config_disable_x509_verification(client_config));
EXPECT_SUCCESS(s2n_config_set_client_auth_type(client_config, S2N_CERT_AUTH_OPTIONAL));
Expand Down Expand Up @@ -129,6 +130,7 @@ int main(int argc, char **argv)
*/

EXPECT_NOT_NULL(client_config = s2n_config_new());
EXPECT_SUCCESS(s2n_config_set_cipher_preferences(client_config, "20240501"));
EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(client_config, chain_and_key));
EXPECT_SUCCESS(s2n_config_disable_x509_verification(client_config));
EXPECT_SUCCESS(s2n_config_set_client_auth_type(client_config, S2N_CERT_AUTH_OPTIONAL));
Expand Down Expand Up @@ -193,6 +195,7 @@ int main(int argc, char **argv)
*/

EXPECT_NOT_NULL(client_config = s2n_config_new());
EXPECT_SUCCESS(s2n_config_set_cipher_preferences(client_config, "20240501"));
EXPECT_SUCCESS(s2n_config_disable_x509_verification(client_config));
EXPECT_SUCCESS(s2n_config_set_client_auth_type(client_config, S2N_CERT_AUTH_OPTIONAL));

Expand Down Expand Up @@ -256,6 +259,7 @@ int main(int argc, char **argv)
*/

EXPECT_NOT_NULL(client_config = s2n_config_new());
EXPECT_SUCCESS(s2n_config_set_cipher_preferences(client_config, "20240501"));
EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(client_config, chain_and_key));
EXPECT_SUCCESS(s2n_config_disable_x509_verification(client_config));
EXPECT_SUCCESS(s2n_config_set_client_auth_type(client_config, S2N_CERT_AUTH_REQUIRED));
Expand Down Expand Up @@ -326,6 +330,7 @@ int main(int argc, char **argv)
*/

EXPECT_NOT_NULL(client_config = s2n_config_new());
EXPECT_SUCCESS(s2n_config_set_cipher_preferences(client_config, "20240501"));
EXPECT_SUCCESS(s2n_config_disable_x509_verification(client_config));
EXPECT_SUCCESS(s2n_config_set_client_auth_type(client_config, S2N_CERT_AUTH_REQUIRED));

Expand Down Expand Up @@ -397,13 +402,15 @@ int main(int argc, char **argv)
*/

EXPECT_NOT_NULL(client_config = s2n_config_new());
EXPECT_SUCCESS(s2n_config_set_cipher_preferences(client_config, "20240501"));
EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(client_config, chain_and_key));
EXPECT_SUCCESS(s2n_config_disable_x509_verification(client_config));
EXPECT_SUCCESS(s2n_config_set_client_auth_type(client_config, S2N_CERT_AUTH_OPTIONAL));

/* Server requires optional client auth but will reject the client cert. We need to reset the config, to turn validation back on*/
EXPECT_SUCCESS(s2n_config_free(server_config));
EXPECT_NOT_NULL(server_config = s2n_config_new());
EXPECT_SUCCESS(s2n_config_set_cipher_preferences(server_config, "20240501"));
EXPECT_SUCCESS(s2n_read_test_pem(S2N_DEFAULT_TEST_DHPARAMS, dhparams_pem, S2N_MAX_TEST_PEM_SIZE));
EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(server_config, chain_and_key));
EXPECT_SUCCESS(s2n_config_add_dhparams(server_config, dhparams_pem));
Expand Down

0 comments on commit 72ae26d

Please sign in to comment.