diff options
-rw-r--r-- | src/components/security_manager/src/crypto_manager_impl.cc | 5 | ||||
-rw-r--r-- | src/components/security_manager/test/ssl_context_test.cc | 59 |
2 files changed, 42 insertions, 22 deletions
diff --git a/src/components/security_manager/src/crypto_manager_impl.cc b/src/components/security_manager/src/crypto_manager_impl.cc index f44198953b..6d88cb9233 100644 --- a/src/components/security_manager/src/crypto_manager_impl.cc +++ b/src/components/security_manager/src/crypto_manager_impl.cc @@ -136,8 +136,13 @@ bool CryptoManagerImpl::Init() { #endif switch (get_settings().security_manager_protocol_name()) { case SSLv3: +#ifdef OPENSSL_NO_SSL3 + LOG4CXX_WARN(logger_, "OpenSSL does not support SSL3 protocol"); + return false; +#else method = is_server ? SSLv3_server_method() : SSLv3_client_method(); break; +#endif case TLSv1: method = is_server ? TLSv1_server_method() : TLSv1_client_method(); break; diff --git a/src/components/security_manager/test/ssl_context_test.cc b/src/components/security_manager/test/ssl_context_test.cc index b35da3fc61..1c50c5833b 100644 --- a/src/components/security_manager/test/ssl_context_test.cc +++ b/src/components/security_manager/test/ssl_context_test.cc @@ -218,7 +218,7 @@ class SSLTestParam : public testing::TestWithParam<ProtocolAndCipher> { GetParam().server_ciphers_list); const bool crypto_manager_initialization = crypto_manager->Init(); - EXPECT_TRUE(crypto_manager_initialization); + ASSERT_TRUE(crypto_manager_initialization); mock_client_manager_settings_ = utils::MakeShared< NiceMock<security_manager_test::MockCryptoManagerSettings>>(); @@ -231,7 +231,7 @@ class SSLTestParam : public testing::TestWithParam<ProtocolAndCipher> { GetParam().client_ciphers_list); const bool client_manager_initialization = client_manager->Init(); - EXPECT_TRUE(client_manager_initialization); + ASSERT_TRUE(client_manager_initialization); server_ctx = crypto_manager->CreateSSLContext(); client_ctx = client_manager->CreateSSLContext(); @@ -251,9 +251,12 @@ class SSLTestParam : public testing::TestWithParam<ProtocolAndCipher> { } void TearDown() OVERRIDE { - crypto_manager->ReleaseSSLContext(server_ctx); - client_manager->ReleaseSSLContext(client_ctx); - + if (crypto_manager) { + crypto_manager->ReleaseSSLContext(server_ctx); + } + if (client_manager) { + client_manager->ReleaseSSLContext(client_ctx); + } delete crypto_manager; delete client_manager; } @@ -293,10 +296,10 @@ class SSLTestParam : public testing::TestWithParam<ProtocolAndCipher> { mock_crypto_manager_settings_; utils::SharedPtr<NiceMock<security_manager_test::MockCryptoManagerSettings>> mock_client_manager_settings_; - security_manager::CryptoManager* crypto_manager; - security_manager::CryptoManager* client_manager; - security_manager::SSLContext* server_ctx; - security_manager::SSLContext* client_ctx; + security_manager::CryptoManager* crypto_manager = NULL; + security_manager::CryptoManager* client_manager = NULL; + security_manager::SSLContext* server_ctx = NULL; + security_manager::SSLContext* client_ctx = NULL; std::string certificate_data_base64_; }; @@ -313,11 +316,15 @@ INSTANTIATE_TEST_CASE_P( ProtocolAndCipher(security_manager::TLSv1_1, security_manager::TLSv1_1, kFordCipher, - kFordCipher), + kFordCipher) +#ifndef OPENSSL_NO_SSL3 + , ProtocolAndCipher(security_manager::SSLv3, security_manager::SSLv3, kFordCipher, - kFordCipher))); + kFordCipher) +#endif + )); INSTANTIATE_TEST_CASE_P( IncorrectProtocolAndCiphers, @@ -326,18 +333,10 @@ INSTANTIATE_TEST_CASE_P( security_manager::TLSv1_1, kFordCipher, kFordCipher), - ProtocolAndCipher(security_manager::TLSv1, - security_manager::SSLv3, - kFordCipher, - kFordCipher), ProtocolAndCipher(security_manager::TLSv1_1, security_manager::TLSv1, kFordCipher, kFordCipher), - ProtocolAndCipher(security_manager::TLSv1_1, - security_manager::SSLv3, - kFordCipher, - kFordCipher), ProtocolAndCipher(security_manager::TLSv1_2, security_manager::TLSv1, kFordCipher, @@ -345,6 +344,16 @@ INSTANTIATE_TEST_CASE_P( ProtocolAndCipher(security_manager::TLSv1_2, security_manager::TLSv1_1, kFordCipher, + kFordCipher) +#ifndef OPENSSL_NO_SSL3 + , + ProtocolAndCipher(security_manager::TLSv1, + security_manager::SSLv3, + kFordCipher, + kFordCipher), + ProtocolAndCipher(security_manager::TLSv1_1, + security_manager::SSLv3, + kFordCipher, kFordCipher), ProtocolAndCipher(security_manager::TLSv1_2, security_manager::SSLv3, @@ -357,7 +366,9 @@ INSTANTIATE_TEST_CASE_P( ProtocolAndCipher(security_manager::SSLv3, security_manager::TLSv1_1, kFordCipher, - kFordCipher))); + kFordCipher) +#endif + )); TEST_F(SSLTest, OnTSL2Protocol_BrokenHandshake) { ASSERT_EQ(security_manager::SSLContext::Handshake_Result_Success, @@ -510,11 +521,15 @@ INSTANTIATE_TEST_CASE_P( ProtocolAndCipher(security_manager::TLSv1_1, security_manager::TLSv1_2, kFordCipher, - kFordCipher), + kFordCipher) +#ifndef OPENSSL_NO_SSL3 + , ProtocolAndCipher(security_manager::SSLv3, security_manager::TLSv1_2, kFordCipher, - kFordCipher))); + kFordCipher) +#endif + )); TEST_P(SSLTestForTLS1_2, HandshakeFailed) { ASSERT_EQ(security_manager::SSLContext::Handshake_Result_Success, |