diff options
Diffstat (limited to 'src/components/security_manager/test/ssl_context_test.cc')
| -rw-r--r-- | src/components/security_manager/test/ssl_context_test.cc | 271 |
1 files changed, 176 insertions, 95 deletions
diff --git a/src/components/security_manager/test/ssl_context_test.cc b/src/components/security_manager/test/ssl_context_test.cc index 945059e58c..05eeb802ad 100644 --- a/src/components/security_manager/test/ssl_context_test.cc +++ b/src/components/security_manager/test/ssl_context_test.cc @@ -41,16 +41,17 @@ #include "security_manager/ssl_context.h" #include "utils/custom_string.h" #include "security_manager/mock_security_manager_settings.h" -#include "utils/shared_ptr.h" -#include "utils/make_shared.h" using ::testing::Return; using ::testing::ReturnRef; using ::testing::NiceMock; namespace { -const size_t kUpdatesBeforeHour = 24; const std::string kCaPath = ""; +const std::string kClientCertPath = "client_certificate.crt"; +const std::string kClientPrivateKeyPath = "client_private.key"; +const std::string kServerCertPath = "server_certificate.crt"; +const std::string kServerPrivateKeyPath = "server_private.key"; const uint8_t* kServerBuf; const uint8_t* kClientBuf; const std::string kAllCiphers = "ALL"; @@ -70,19 +71,19 @@ namespace ssl_context_test { namespace custom_str = utils::custom_string; struct ProtocolAndCipher { - security_manager::Protocol server_protocol; - security_manager::Protocol client_protocol; - std::string server_ciphers_list; - std::string client_ciphers_list; + security_manager::Protocol server_protocol_; + security_manager::Protocol client_protocol_; + std::string server_ciphers_list_; + std::string client_ciphers_list_; ProtocolAndCipher(security_manager::Protocol s_protocol, security_manager::Protocol c_protocol, std::string s_ciphers_list, std::string c_ciphers_list) - : server_protocol(s_protocol) - , client_protocol(c_protocol) - , server_ciphers_list(s_ciphers_list) - , client_ciphers_list(c_ciphers_list) {} + : server_protocol_(s_protocol) + , client_protocol_(c_protocol) + , server_ciphers_list_(s_ciphers_list) + , client_ciphers_list_(c_ciphers_list) {} }; class SSLTest : public testing::Test { @@ -108,9 +109,9 @@ class SSLTest : public testing::Test { } virtual void SetUp() OVERRIDE { - mock_crypto_manager_settings_ = utils::MakeShared< + mock_crypto_manager_settings_ = std::make_shared< NiceMock<security_manager_test::MockCryptoManagerSettings> >(); - utils::SharedPtr<security_manager::CryptoManagerSettings> crypto_set( + std::shared_ptr<security_manager::CryptoManagerSettings> crypto_set( mock_crypto_manager_settings_); crypto_manager_ = new security_manager::CryptoManagerImpl(crypto_set); @@ -127,12 +128,22 @@ class SSLTest : public testing::Test { .WillRepeatedly(ReturnRef(kCaPath)); EXPECT_CALL(*mock_crypto_manager_settings_, verify_peer()) .WillOnce(Return(false)); + + ON_CALL(*mock_crypto_manager_settings_, force_unprotected_service()) + .WillByDefault(ReturnRef(forced_unprotected_service_)); + ON_CALL(*mock_crypto_manager_settings_, force_protected_service()) + .WillByDefault(ReturnRef(forced_protected_service_)); + ON_CALL(*mock_crypto_manager_settings_, module_cert_path()) + .WillByDefault(ReturnRef(kServerCertPath)); + ON_CALL(*mock_crypto_manager_settings_, module_key_path()) + .WillByDefault(ReturnRef(kServerPrivateKeyPath)); + const bool crypto_manager_initialization = crypto_manager_->Init(); EXPECT_TRUE(crypto_manager_initialization); - mock_client_manager_settings_ = utils::MakeShared< + mock_client_manager_settings_ = std::make_shared< NiceMock<security_manager_test::MockCryptoManagerSettings> >(); - utils::SharedPtr<security_manager::CryptoManagerSettings> client_crypto( + std::shared_ptr<security_manager::CryptoManagerSettings> client_crypto( mock_client_manager_settings_); client_manager_ = new security_manager::CryptoManagerImpl(client_crypto); @@ -150,6 +161,16 @@ class SSLTest : public testing::Test { .WillRepeatedly(ReturnRef(kCaPath)); EXPECT_CALL(*mock_client_manager_settings_, verify_peer()) .WillOnce(Return(false)); + + ON_CALL(*mock_client_manager_settings_, force_unprotected_service()) + .WillByDefault(ReturnRef(forced_unprotected_service_)); + ON_CALL(*mock_client_manager_settings_, force_protected_service()) + .WillByDefault(ReturnRef(forced_protected_service_)); + ON_CALL(*mock_client_manager_settings_, module_cert_path()) + .WillByDefault(ReturnRef(kClientCertPath)); + ON_CALL(*mock_client_manager_settings_, module_key_path()) + .WillByDefault(ReturnRef(kClientPrivateKeyPath)); + const bool client_manager_initialization = client_manager_->Init(); EXPECT_TRUE(client_manager_initialization); @@ -159,19 +180,19 @@ class SSLTest : public testing::Test { .WillByDefault(Return(kMaximumPayloadSize)); EXPECT_CALL(*mock_crypto_manager_settings_, security_manager_mode()) .WillRepeatedly(Return(security_manager::SERVER)); - server_ctx = crypto_manager_->CreateSSLContext(); + server_ctx_ = crypto_manager_->CreateSSLContext(); EXPECT_CALL(*mock_client_manager_settings_, security_manager_mode()) .Times(2) .WillRepeatedly(Return(security_manager::CLIENT)); - client_ctx = client_manager_->CreateSSLContext(); + client_ctx_ = client_manager_->CreateSSLContext(); using custom_str::CustomString; security_manager::SSLContext::HandshakeContext ctx(CustomString("SPT"), CustomString("client")); - server_ctx->SetHandshakeContext(ctx); + server_ctx_->SetHandshakeContext(ctx); ctx.expected_cn = "server"; - client_ctx->SetHandshakeContext(ctx); + client_ctx_->SetHandshakeContext(ctx); kServerBuf = NULL; kClientBuf = NULL; @@ -180,8 +201,8 @@ class SSLTest : public testing::Test { } void TearDown() OVERRIDE { - crypto_manager_->ReleaseSSLContext(server_ctx); - client_manager_->ReleaseSSLContext(client_ctx); + crypto_manager_->ReleaseSSLContext(server_ctx_); + client_manager_->ReleaseSSLContext(client_ctx_); delete crypto_manager_; delete client_manager_; @@ -190,15 +211,18 @@ class SSLTest : public testing::Test { const size_t kMaximumPayloadSize = 1000u; security_manager::CryptoManager* crypto_manager_; security_manager::CryptoManager* client_manager_; - utils::SharedPtr<NiceMock<security_manager_test::MockCryptoManagerSettings> > + std::shared_ptr<NiceMock<security_manager_test::MockCryptoManagerSettings> > mock_crypto_manager_settings_; - utils::SharedPtr<NiceMock<security_manager_test::MockCryptoManagerSettings> > + std::shared_ptr<NiceMock<security_manager_test::MockCryptoManagerSettings> > mock_client_manager_settings_; - security_manager::SSLContext* server_ctx; - security_manager::SSLContext* client_ctx; + security_manager::SSLContext* server_ctx_; + security_manager::SSLContext* client_ctx_; static std::string client_certificate_data_base64_; static std::string server_certificate_data_base64_; + + const std::vector<int> forced_unprotected_service_; + const std::vector<int> forced_protected_service_; }; std::string SSLTest::client_certificate_data_base64_; std::string SSLTest::server_certificate_data_base64_; @@ -218,41 +242,42 @@ class SSLTestParam : public testing::TestWithParam<ProtocolAndCipher> { ASSERT_FALSE(certificate.empty()) << "Certificate data file is empty"; certificate_data_base64_ = certificate; - mock_crypto_manager_settings_ = utils::MakeShared< + mock_crypto_manager_settings_ = std::make_shared< NiceMock<security_manager_test::MockCryptoManagerSettings> >(); - utils::SharedPtr<security_manager::CryptoManagerSettings> server_crypto( + std::shared_ptr<security_manager::CryptoManagerSettings> server_crypto( mock_crypto_manager_settings_); - crypto_manager = new security_manager::CryptoManagerImpl(server_crypto); + crypto_manager_ = new security_manager::CryptoManagerImpl(server_crypto); - SetServerInitialValues(GetParam().server_protocol, - GetParam().server_ciphers_list); + SetServerInitialValues(GetParam().server_protocol_, + GetParam().server_ciphers_list_); - const bool crypto_manager_initialization = crypto_manager->Init(); + const bool crypto_manager_initialization = crypto_manager_->Init(); EXPECT_TRUE(crypto_manager_initialization); - mock_client_manager_settings_ = utils::MakeShared< + mock_client_manager_settings_ = std::make_shared< NiceMock<security_manager_test::MockCryptoManagerSettings> >(); - utils::SharedPtr<security_manager::CryptoManagerSettings> client_crypto( + std::shared_ptr<security_manager::CryptoManagerSettings> client_crypto( mock_client_manager_settings_); - client_manager = new security_manager::CryptoManagerImpl(client_crypto); + client_manager_ = new security_manager::CryptoManagerImpl(client_crypto); - SetClientInitialValues(GetParam().client_protocol, - GetParam().client_ciphers_list); + SetClientInitialValues(GetParam().client_protocol_, + GetParam().client_ciphers_list_); - const bool client_manager_initialization = client_manager->Init(); + const bool client_manager_initialization = client_manager_->Init(); EXPECT_TRUE(client_manager_initialization); - server_ctx = crypto_manager->CreateSSLContext(); - client_ctx = client_manager->CreateSSLContext(); + server_ctx_ = crypto_manager_->CreateSSLContext(); + client_ctx_ = client_manager_->CreateSSLContext(); using custom_str::CustomString; - security_manager::SSLContext::HandshakeContext ctx(CustomString("SPT"), - CustomString("client")); - server_ctx->SetHandshakeContext(ctx); - ctx.expected_cn = "server"; - client_ctx->SetHandshakeContext(ctx); + server_ctx_->SetHandshakeContext( + security_manager::SSLContext::HandshakeContext(CustomString("SPT"), + CustomString("client"))); + client_ctx_->SetHandshakeContext( + security_manager::SSLContext::HandshakeContext(CustomString("SPT"), + CustomString("server"))); kServerBuf = NULL; kClientBuf = NULL; @@ -261,15 +286,19 @@ class SSLTestParam : public testing::TestWithParam<ProtocolAndCipher> { } void TearDown() OVERRIDE { - crypto_manager->ReleaseSSLContext(server_ctx); - client_manager->ReleaseSSLContext(client_ctx); + crypto_manager_->ReleaseSSLContext(server_ctx_); + client_manager_->ReleaseSSLContext(client_ctx_); - delete crypto_manager; - delete client_manager; + delete crypto_manager_; + delete client_manager_; } void SetServerInitialValues(security_manager::Protocol protocol, const std::string& server_ciphers_list) { + ON_CALL(*mock_crypto_manager_settings_, force_unprotected_service()) + .WillByDefault(ReturnRef(forced_unprotected_service_)); + ON_CALL(*mock_crypto_manager_settings_, force_protected_service()) + .WillByDefault(ReturnRef(forced_protected_service_)); ON_CALL(*mock_crypto_manager_settings_, security_manager_mode()) .WillByDefault(Return(security_manager::SERVER)); ON_CALL(*mock_crypto_manager_settings_, security_manager_protocol_name()) @@ -282,9 +311,18 @@ class SSLTestParam : public testing::TestWithParam<ProtocolAndCipher> { .WillByDefault(ReturnRef(kCaPath)); ON_CALL(*mock_crypto_manager_settings_, verify_peer()) .WillByDefault(Return(false)); + ON_CALL(*mock_crypto_manager_settings_, module_cert_path()) + .WillByDefault(ReturnRef(kServerCertPath)); + ON_CALL(*mock_crypto_manager_settings_, module_key_path()) + .WillByDefault(ReturnRef(kServerPrivateKeyPath)); } + void SetClientInitialValues(security_manager::Protocol protocol, const std::string& client_ciphers_list) { + ON_CALL(*mock_client_manager_settings_, force_unprotected_service()) + .WillByDefault(ReturnRef(forced_unprotected_service_)); + ON_CALL(*mock_client_manager_settings_, force_protected_service()) + .WillByDefault(ReturnRef(forced_protected_service_)); ON_CALL(*mock_client_manager_settings_, security_manager_mode()) .WillByDefault(Return(security_manager::CLIENT)); ON_CALL(*mock_client_manager_settings_, security_manager_protocol_name()) @@ -297,17 +335,23 @@ class SSLTestParam : public testing::TestWithParam<ProtocolAndCipher> { .WillByDefault(ReturnRef(kCaPath)); ON_CALL(*mock_client_manager_settings_, verify_peer()) .WillByDefault(Return(false)); + ON_CALL(*mock_client_manager_settings_, module_cert_path()) + .WillByDefault(ReturnRef(kClientCertPath)); + ON_CALL(*mock_client_manager_settings_, module_key_path()) + .WillByDefault(ReturnRef(kClientPrivateKeyPath)); } - utils::SharedPtr<NiceMock<security_manager_test::MockCryptoManagerSettings> > + std::shared_ptr<NiceMock<security_manager_test::MockCryptoManagerSettings> > mock_crypto_manager_settings_; - utils::SharedPtr<NiceMock<security_manager_test::MockCryptoManagerSettings> > + std::shared_ptr<NiceMock<security_manager_test::MockCryptoManagerSettings> > mock_client_manager_settings_; - security_manager::CryptoManager* crypto_manager; - security_manager::CryptoManager* client_manager; - security_manager::SSLContext* server_ctx; - security_manager::SSLContext* client_ctx; + security_manager::CryptoManager* crypto_manager_; + security_manager::CryptoManager* client_manager_; + security_manager::SSLContext* server_ctx_; + security_manager::SSLContext* client_ctx_; std::string certificate_data_base64_; + const std::vector<int> forced_unprotected_service_; + const std::vector<int> forced_protected_service_; }; class SSLTestForTLS1_2 : public SSLTestParam {}; @@ -316,17 +360,25 @@ class SSLTestForTLS1_2 : public SSLTestParam {}; INSTANTIATE_TEST_CASE_P( CorrectProtocolAndCiphers, SSLTestParam, - ::testing::Values(ProtocolAndCipher(security_manager::TLSv1, + ::testing::Values(ProtocolAndCipher(security_manager::TLSv1_1, security_manager::TLSv1, kFordCipher, kFordCipher), ProtocolAndCipher(security_manager::TLSv1_1, security_manager::TLSv1_1, kFordCipher, - kFordCipher), + kFordCipher) +#ifndef OPENSSL_NO_SSL3 + , ProtocolAndCipher(security_manager::SSLv3, security_manager::SSLv3, kFordCipher, + kFordCipher) +#endif + , + ProtocolAndCipher(security_manager::DTLSv1, + security_manager::DTLSv1, + kFordCipher, kFordCipher))); INSTANTIATE_TEST_CASE_P( @@ -336,27 +388,45 @@ INSTANTIATE_TEST_CASE_P( security_manager::TLSv1_1, kFordCipher, kFordCipher), - ProtocolAndCipher(security_manager::TLSv1, - security_manager::SSLv3, + ProtocolAndCipher(security_manager::TLSv1_1, + security_manager::TLSv1, kFordCipher, kFordCipher), - ProtocolAndCipher(security_manager::TLSv1_1, + ProtocolAndCipher(security_manager::TLSv1_2, security_manager::TLSv1, kFordCipher, kFordCipher), + ProtocolAndCipher(security_manager::TLSv1_2, + security_manager::TLSv1_1, + kFordCipher, + kFordCipher) +#ifndef OPENSSL_NO_SSL3 + , + ProtocolAndCipher(security_manager::TLSv1, + security_manager::SSLv3, + kFordCipher, + kFordCipher), ProtocolAndCipher(security_manager::TLSv1_1, security_manager::SSLv3, kFordCipher, kFordCipher), - ProtocolAndCipher(security_manager::TLSv1_2, - security_manager::TLSv1, + ProtocolAndCipher(security_manager::TLSv1, + security_manager::DTLSv1, kFordCipher, kFordCipher), - ProtocolAndCipher(security_manager::TLSv1_2, + ProtocolAndCipher(security_manager::DTLSv1, security_manager::TLSv1_1, kFordCipher, kFordCipher), ProtocolAndCipher(security_manager::TLSv1_2, + security_manager::DTLSv1, + kFordCipher, + kFordCipher), + ProtocolAndCipher(security_manager::TLSv1_1, + security_manager::DTLSv1, + kFordCipher, + kFordCipher), + ProtocolAndCipher(security_manager::TLSv1_2, security_manager::SSLv3, kFordCipher, kFordCipher), @@ -367,11 +437,14 @@ INSTANTIATE_TEST_CASE_P( ProtocolAndCipher(security_manager::SSLv3, security_manager::TLSv1_1, kFordCipher, - kFordCipher))); + kFordCipher) +#endif + )); TEST_F(SSLTest, OnTSL2Protocol_BrokenHandshake) { ASSERT_EQ(security_manager::SSLContext::Handshake_Result_Success, - client_ctx->StartHandshake(&kClientBuf, &client_buf_len)); + client_ctx_->StartHandshake(&kClientBuf, &client_buf_len)); + ASSERT_FALSE(NULL == kClientBuf); ASSERT_LT(0u, client_buf_len); // Broke 3 bytes for get abnormal fail of handshake @@ -379,26 +452,26 @@ TEST_F(SSLTest, OnTSL2Protocol_BrokenHandshake) { const_cast<uint8_t*>(kClientBuf)[client_buf_len / 2] ^= 0xFF; const_cast<uint8_t*>(kClientBuf)[client_buf_len - 1] ^= 0xFF; ASSERT_EQ(security_manager::SSLContext::Handshake_Result_AbnormalFail, - server_ctx->DoHandshakeStep( + server_ctx_->DoHandshakeStep( kClientBuf, client_buf_len, &kServerBuf, &server_buf_len)); - EXPECT_EQ("Initialization is not completed", server_ctx->LastError()); - EXPECT_EQ("Initialization is not completed", client_ctx->LastError()); + EXPECT_EQ("Initialization is not completed", server_ctx_->LastError()); + EXPECT_EQ("Initialization is not completed", client_ctx_->LastError()); } // TODO {AKozoriz} : Unexpected uncomplited init of SSL component. // In this and next tests. // Must be fixed after merge to develop. TEST_F(SSLTest, OnTSL2Protocol_Positive) { - ASSERT_EQ(client_ctx->StartHandshake(&kClientBuf, &client_buf_len), + ASSERT_EQ(client_ctx_->StartHandshake(&kClientBuf, &client_buf_len), security_manager::SSLContext::Handshake_Result_Success); - EXPECT_FALSE(server_ctx->IsInitCompleted()); + EXPECT_FALSE(server_ctx_->IsInitCompleted()); while (true) { ASSERT_TRUE(NULL != kClientBuf); ASSERT_LT(0u, client_buf_len); const security_manager::SSLContext::HandshakeResult server_result = - server_ctx->DoHandshakeStep( + server_ctx_->DoHandshakeStep( kClientBuf, client_buf_len, &kServerBuf, &server_buf_len); ASSERT_EQ(security_manager::SSLContext::Handshake_Result_Success, server_result); @@ -406,11 +479,11 @@ TEST_F(SSLTest, OnTSL2Protocol_Positive) { ASSERT_LT(0u, server_buf_len); const security_manager::SSLContext::HandshakeResult client_result = - client_ctx->DoHandshakeStep( + client_ctx_->DoHandshakeStep( kServerBuf, server_buf_len, &kClientBuf, &client_buf_len); ASSERT_EQ(security_manager::SSLContext::Handshake_Result_Success, client_result); - if (server_ctx->IsInitCompleted()) { + if (server_ctx_->IsInitCompleted()) { break; } @@ -421,22 +494,22 @@ TEST_F(SSLTest, OnTSL2Protocol_Positive) { ASSERT_TRUE(NULL == kClientBuf); ASSERT_EQ(0u, client_buf_len); // expect both side initialization complete - EXPECT_TRUE(client_ctx->IsInitCompleted()); - EXPECT_TRUE(server_ctx->IsInitCompleted()); + EXPECT_TRUE(client_ctx_->IsInitCompleted()); + EXPECT_TRUE(server_ctx_->IsInitCompleted()); // Encrypt text on client side const uint8_t* text = reinterpret_cast<const uint8_t*>("abra"); const uint8_t* encrypted_text = 0; size_t text_len = 4; size_t encrypted_text_len; - EXPECT_TRUE(client_ctx->Encrypt( + EXPECT_TRUE(client_ctx_->Encrypt( text, text_len, &encrypted_text, &encrypted_text_len)); ASSERT_NE(reinterpret_cast<void*>(NULL), encrypted_text); ASSERT_LT(0u, encrypted_text_len); // Decrypt text on server side - EXPECT_TRUE(server_ctx->Decrypt( + EXPECT_TRUE(server_ctx_->Decrypt( encrypted_text, encrypted_text_len, &text, &text_len)); ASSERT_NE(reinterpret_cast<void*>(NULL), text); ASSERT_LT(0u, text_len); @@ -446,34 +519,34 @@ TEST_F(SSLTest, OnTSL2Protocol_Positive) { TEST_F(SSLTest, OnTSL2Protocol_EcncryptionFail) { ASSERT_EQ(security_manager::SSLContext::Handshake_Result_Success, - client_ctx->StartHandshake(&kClientBuf, &client_buf_len)); + client_ctx_->StartHandshake(&kClientBuf, &client_buf_len)); - while (!server_ctx->IsInitCompleted()) { + while (!server_ctx_->IsInitCompleted()) { ASSERT_FALSE(NULL == kClientBuf); ASSERT_LT(0u, client_buf_len); ASSERT_EQ(security_manager::SSLContext::Handshake_Result_Success, - server_ctx->DoHandshakeStep( + server_ctx_->DoHandshakeStep( kClientBuf, client_buf_len, &kServerBuf, &server_buf_len)); ASSERT_FALSE(NULL == kServerBuf); ASSERT_LT(0u, server_buf_len); ASSERT_EQ(security_manager::SSLContext::Handshake_Result_Success, - client_ctx->DoHandshakeStep( + client_ctx_->DoHandshakeStep( kServerBuf, server_buf_len, &kClientBuf, &client_buf_len)); } // Expect empty buffers after init complete ASSERT_TRUE(NULL == kClientBuf); ASSERT_EQ(0u, client_buf_len); // Expect both side initialization complete - EXPECT_TRUE(client_ctx->IsInitCompleted()); - EXPECT_TRUE(server_ctx->IsInitCompleted()); + EXPECT_TRUE(client_ctx_->IsInitCompleted()); + EXPECT_TRUE(server_ctx_->IsInitCompleted()); // Encrypt text on client side const uint8_t* text = reinterpret_cast<const uint8_t*>("abra"); const uint8_t* encrypted_text = 0; size_t text_len = 4; size_t encrypted_text_len; - EXPECT_TRUE(client_ctx->Encrypt( + EXPECT_TRUE(client_ctx_->Encrypt( text, text_len, &encrypted_text, &encrypted_text_len)); ASSERT_NE(reinterpret_cast<void*>(NULL), encrypted_text); ASSERT_LT(0u, encrypted_text_len); @@ -486,29 +559,30 @@ TEST_F(SSLTest, OnTSL2Protocol_EcncryptionFail) { const uint8_t* out_text; size_t out_text_size; // Decrypt broken text on server side - EXPECT_FALSE(server_ctx->Decrypt( + EXPECT_FALSE(server_ctx_->Decrypt( &broken[0], broken.size(), &out_text, &out_text_size)); // Check after broken message that server encryption and decryption fail // Encrypte message on server side - EXPECT_FALSE(server_ctx->Decrypt( + EXPECT_FALSE(server_ctx_->Decrypt( encrypted_text, encrypted_text_len, &out_text, &out_text_size)); - EXPECT_FALSE(server_ctx->Encrypt( + EXPECT_FALSE(server_ctx_->Encrypt( text, text_len, &encrypted_text, &encrypted_text_len)); } TEST_P(SSLTestParam, ClientAndServerNotTLSv1_2_HandshakeFailed) { ASSERT_EQ(security_manager::SSLContext::Handshake_Result_AbnormalFail, - client_ctx->StartHandshake(&kClientBuf, &client_buf_len)); + client_ctx_->StartHandshake(&kClientBuf, &client_buf_len)); + EXPECT_TRUE(NULL == kClientBuf); EXPECT_EQ(0u, client_buf_len); ASSERT_EQ(security_manager::SSLContext::Handshake_Result_Success, - server_ctx->DoHandshakeStep( + server_ctx_->DoHandshakeStep( kClientBuf, client_buf_len, &kServerBuf, &server_buf_len)); EXPECT_TRUE(NULL == kServerBuf); EXPECT_EQ(0u, server_buf_len); - EXPECT_FALSE(server_ctx->IsInitCompleted()); + EXPECT_FALSE(server_ctx_->IsInitCompleted()); } INSTANTIATE_TEST_CASE_P( @@ -521,24 +595,31 @@ INSTANTIATE_TEST_CASE_P( ProtocolAndCipher(security_manager::TLSv1_1, security_manager::TLSv1_2, kFordCipher, - kFordCipher), + kFordCipher) +#ifndef OPENSSL_NO_SSL3 + , ProtocolAndCipher(security_manager::SSLv3, security_manager::TLSv1_2, kFordCipher, - kFordCipher))); + kFordCipher) +#endif + )); TEST_P(SSLTestForTLS1_2, HandshakeFailed) { ASSERT_EQ(security_manager::SSLContext::Handshake_Result_Success, - client_ctx->StartHandshake(&kClientBuf, &client_buf_len)); + client_ctx_->StartHandshake(&kClientBuf, &client_buf_len)); EXPECT_FALSE(NULL == kClientBuf); ASSERT_LT(0u, client_buf_len); + ASSERT_EQ(security_manager::SSLContext::Handshake_Result_AbnormalFail, - server_ctx->DoHandshakeStep( - kClientBuf, client_buf_len, &kServerBuf, &server_buf_len)); + server_ctx_->DoHandshakeStep( + kClientBuf, client_buf_len, &kServerBuf, &server_buf_len)) + << ERR_reason_error_string(ERR_get_error()); + EXPECT_TRUE(NULL == kServerBuf); EXPECT_EQ(0u, server_buf_len); - EXPECT_FALSE(server_ctx->IsInitCompleted()); + EXPECT_FALSE(server_ctx_->IsInitCompleted()); } } // namespace ssl_context_test |