diff options
| author | Jacob Keeler <jacob.keeler@livioradio.com> | 2016-10-28 16:25:18 -0400 |
|---|---|---|
| committer | Jacob Keeler <jacob.keeler@livioradio.com> | 2017-01-10 17:07:23 -0500 |
| commit | 35d2403e4819a6d352a86cd3484e38eb69663cb2 (patch) | |
| tree | 0c49bd01d5cf48e833979b7618b548ba296f2fef | |
| parent | 3fcfbf34c55badf082555612bc6eecd0d5a9a217 (diff) | |
| download | sdl_core-feature/ubuntu_16_04_linux_support.tar.gz | |
Support OpenSSL built without SSL3feature/ubuntu_16_04_linux_support
Many linux distros such as Debian and Arch Linux are now shipping
OpenSSL libraries without SSL3 support. This commit allows the project
to be still be built with security in these instances.
| -rw-r--r-- | src/components/security_manager/src/crypto_manager_impl.cc | 5 | ||||
| -rw-r--r-- | src/components/security_manager/test/ssl_context_test.cc | 59 |
2 files changed, 42 insertions, 22 deletions
diff --git a/src/components/security_manager/src/crypto_manager_impl.cc b/src/components/security_manager/src/crypto_manager_impl.cc index f44198953b..6d88cb9233 100644 --- a/src/components/security_manager/src/crypto_manager_impl.cc +++ b/src/components/security_manager/src/crypto_manager_impl.cc @@ -136,8 +136,13 @@ bool CryptoManagerImpl::Init() { #endif switch (get_settings().security_manager_protocol_name()) { case SSLv3: +#ifdef OPENSSL_NO_SSL3 + LOG4CXX_WARN(logger_, "OpenSSL does not support SSL3 protocol"); + return false; +#else method = is_server ? SSLv3_server_method() : SSLv3_client_method(); break; +#endif case TLSv1: method = is_server ? TLSv1_server_method() : TLSv1_client_method(); break; diff --git a/src/components/security_manager/test/ssl_context_test.cc b/src/components/security_manager/test/ssl_context_test.cc index b35da3fc61..1c50c5833b 100644 --- a/src/components/security_manager/test/ssl_context_test.cc +++ b/src/components/security_manager/test/ssl_context_test.cc @@ -218,7 +218,7 @@ class SSLTestParam : public testing::TestWithParam<ProtocolAndCipher> { GetParam().server_ciphers_list); const bool crypto_manager_initialization = crypto_manager->Init(); - EXPECT_TRUE(crypto_manager_initialization); + ASSERT_TRUE(crypto_manager_initialization); mock_client_manager_settings_ = utils::MakeShared< NiceMock<security_manager_test::MockCryptoManagerSettings>>(); @@ -231,7 +231,7 @@ class SSLTestParam : public testing::TestWithParam<ProtocolAndCipher> { GetParam().client_ciphers_list); const bool client_manager_initialization = client_manager->Init(); - EXPECT_TRUE(client_manager_initialization); + ASSERT_TRUE(client_manager_initialization); server_ctx = crypto_manager->CreateSSLContext(); client_ctx = client_manager->CreateSSLContext(); @@ -251,9 +251,12 @@ class SSLTestParam : public testing::TestWithParam<ProtocolAndCipher> { } void TearDown() OVERRIDE { - crypto_manager->ReleaseSSLContext(server_ctx); - client_manager->ReleaseSSLContext(client_ctx); - + if (crypto_manager) { + crypto_manager->ReleaseSSLContext(server_ctx); + } + if (client_manager) { + client_manager->ReleaseSSLContext(client_ctx); + } delete crypto_manager; delete client_manager; } @@ -293,10 +296,10 @@ class SSLTestParam : public testing::TestWithParam<ProtocolAndCipher> { mock_crypto_manager_settings_; utils::SharedPtr<NiceMock<security_manager_test::MockCryptoManagerSettings>> mock_client_manager_settings_; - security_manager::CryptoManager* crypto_manager; - security_manager::CryptoManager* client_manager; - security_manager::SSLContext* server_ctx; - security_manager::SSLContext* client_ctx; + security_manager::CryptoManager* crypto_manager = NULL; + security_manager::CryptoManager* client_manager = NULL; + security_manager::SSLContext* server_ctx = NULL; + security_manager::SSLContext* client_ctx = NULL; std::string certificate_data_base64_; }; @@ -313,11 +316,15 @@ INSTANTIATE_TEST_CASE_P( ProtocolAndCipher(security_manager::TLSv1_1, security_manager::TLSv1_1, kFordCipher, - kFordCipher), + kFordCipher) +#ifndef OPENSSL_NO_SSL3 + , ProtocolAndCipher(security_manager::SSLv3, security_manager::SSLv3, kFordCipher, - kFordCipher))); + kFordCipher) +#endif + )); INSTANTIATE_TEST_CASE_P( IncorrectProtocolAndCiphers, @@ -326,18 +333,10 @@ INSTANTIATE_TEST_CASE_P( security_manager::TLSv1_1, kFordCipher, kFordCipher), - ProtocolAndCipher(security_manager::TLSv1, - security_manager::SSLv3, - kFordCipher, - kFordCipher), ProtocolAndCipher(security_manager::TLSv1_1, security_manager::TLSv1, kFordCipher, kFordCipher), - ProtocolAndCipher(security_manager::TLSv1_1, - security_manager::SSLv3, - kFordCipher, - kFordCipher), ProtocolAndCipher(security_manager::TLSv1_2, security_manager::TLSv1, kFordCipher, @@ -345,6 +344,16 @@ INSTANTIATE_TEST_CASE_P( ProtocolAndCipher(security_manager::TLSv1_2, security_manager::TLSv1_1, kFordCipher, + kFordCipher) +#ifndef OPENSSL_NO_SSL3 + , + ProtocolAndCipher(security_manager::TLSv1, + security_manager::SSLv3, + kFordCipher, + kFordCipher), + ProtocolAndCipher(security_manager::TLSv1_1, + security_manager::SSLv3, + kFordCipher, kFordCipher), ProtocolAndCipher(security_manager::TLSv1_2, security_manager::SSLv3, @@ -357,7 +366,9 @@ INSTANTIATE_TEST_CASE_P( ProtocolAndCipher(security_manager::SSLv3, security_manager::TLSv1_1, kFordCipher, - kFordCipher))); + kFordCipher) +#endif + )); TEST_F(SSLTest, OnTSL2Protocol_BrokenHandshake) { ASSERT_EQ(security_manager::SSLContext::Handshake_Result_Success, @@ -510,11 +521,15 @@ INSTANTIATE_TEST_CASE_P( ProtocolAndCipher(security_manager::TLSv1_1, security_manager::TLSv1_2, kFordCipher, - kFordCipher), + kFordCipher) +#ifndef OPENSSL_NO_SSL3 + , ProtocolAndCipher(security_manager::SSLv3, security_manager::TLSv1_2, kFordCipher, - kFordCipher))); + kFordCipher) +#endif + )); TEST_P(SSLTestForTLS1_2, HandshakeFailed) { ASSERT_EQ(security_manager::SSLContext::Handshake_Result_Success, |