summaryrefslogtreecommitdiff
path: root/cpp/test
diff options
context:
space:
mode:
authorJose <jose@zeroc.com>2014-10-21 20:16:27 +0200
committerJose <jose@zeroc.com>2014-10-21 20:16:27 +0200
commit1eb1b665e9c3ef8c2f7b9b06352d634b1f9d0e74 (patch)
treebc554207011272cc7d23eb2211ab74fb4363e045 /cpp/test
parentAdded ability to build just java tests against ice installation (diff)
downloadice-1eb1b665e9c3ef8c2f7b9b06352d634b1f9d0e74.tar.bz2
ice-1eb1b665e9c3ef8c2f7b9b06352d634b1f9d0e74.tar.xz
ice-1eb1b665e9c3ef8c2f7b9b06352d634b1f9d0e74.zip
Fixed (ICE-5758) - Disable SSLv3 by default
Diffstat (limited to 'cpp/test')
-rw-r--r--cpp/test/IceSSL/configuration/.depend.mak6
-rw-r--r--cpp/test/IceSSL/configuration/AllTests.cpp214
-rwxr-xr-xcpp/test/IceSSL/configuration/run.py2
3 files changed, 209 insertions, 13 deletions
diff --git a/cpp/test/IceSSL/configuration/.depend.mak b/cpp/test/IceSSL/configuration/.depend.mak
index a09fc686430..0b7721e0916 100644
--- a/cpp/test/IceSSL/configuration/.depend.mak
+++ b/cpp/test/IceSSL/configuration/.depend.mak
@@ -320,9 +320,6 @@ AllTests.obj: \
"$(includedir)\IceUtil\RecMutex.h" \
"$(includedir)\IceUtil\UUID.h" \
"Test.h" \
- "Util.h" \
- "$(includedir)\IceSSL\IceSSL.h" \
- "$(includedir)\IceSSL\EndpointInfo.h" \
TestI.obj: \
TestI.cpp \
@@ -450,9 +447,6 @@ TestI.obj: \
"$(includedir)\IceSSL\Plugin.h" \
"$(includedir)\IceSSL\Config.h" \
"$(includedir)\IceSSL\ConnectionInfo.h" \
- "Util.h" \
- "$(includedir)\IceSSL\IceSSL.h" \
- "$(includedir)\IceSSL\EndpointInfo.h" \
Server.obj: \
Server.cpp \
diff --git a/cpp/test/IceSSL/configuration/AllTests.cpp b/cpp/test/IceSSL/configuration/AllTests.cpp
index 2a6f922d385..64cbda75975 100644
--- a/cpp/test/IceSSL/configuration/AllTests.cpp
+++ b/cpp/test/IceSSL/configuration/AllTests.cpp
@@ -11,7 +11,6 @@
#include <IceSSL/Plugin.h>
#include <TestCommon.h>
#include <Test.h>
-#include <Util.h>
#include <fstream>
using namespace std;
@@ -1137,15 +1136,15 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool pfx, b
Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
test(fact);
Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, pfx);
- initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
+ d["IceSSL.CertAuthFile"] = "cacert1.pem";
if(pfx)
{
- initData.properties->setProperty("IceSSL.CertFile", "s_rsa_ca1.pfx");
+ d["IceSSL.CertFile"] = "s_rsa_ca1.pfx";
}
else
{
- initData.properties->setProperty("IceSSL.CertFile", "s_rsa_nopass_ca1_pub.pem");
- initData.properties->setProperty("IceSSL.KeyFile", "s_rsa_nopass_ca1_priv.pem");
+ d["IceSSL.CertFile"] = "s_rsa_nopass_ca1_pub.pem";
+ d["IceSSL.KeyFile"] = "s_rsa_nopass_ca1_priv.pem";
}
d["IceSSL.VerifyPeer"] = "0";
d["IceSSL.Protocols"] = "tls";
@@ -1201,6 +1200,102 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool pfx, b
}
fact->destroyServer(server);
comm->destroy();
+
+ //
+ // This should fail because the client only accept SSLv3 and the server
+ // use the default protocol set that disables SSLv3
+ //
+ {
+ InitializationData initData;
+ initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, pfx);
+ initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
+ if(pfx)
+ {
+ initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1.pfx");
+ }
+ else
+ {
+ initData.properties->setProperty("IceSSL.CertFile", "c_rsa_nopass_ca1_pub.pem");
+ initData.properties->setProperty("IceSSL.KeyFile", "c_rsa_nopass_ca1_priv.pem");
+ }
+ initData.properties->setProperty("IceSSL.VerifyPeer", "0");
+ initData.properties->setProperty("IceSSL.Protocols", "ssl3");
+ CommunicatorPtr comm = initialize(initData);
+
+ Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
+ test(fact);
+ Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, pfx);
+ d["IceSSL.CertAuthFile"] = "cacert1.pem";
+ if(pfx)
+ {
+ d["IceSSL.CertFile"] = "s_rsa_ca1.pfx";
+ }
+ else
+ {
+ d["IceSSL.CertFile"] = "s_rsa_nopass_ca1_pub.pem";
+ d["IceSSL.KeyFile"] = "s_rsa_nopass_ca1_priv.pem";
+ }
+ d["IceSSL.VerifyPeer"] = "0";
+ Test::ServerPrx server = fact->createServer(d);
+ try
+ {
+ server->ice_ping();
+ test(false);
+ }
+ catch(const ProtocolException&)
+ {
+ // Expected on some platforms.
+ }
+ catch(const ConnectionLostException&)
+ {
+ // Expected on some platforms.
+ }
+ catch(const LocalException&)
+ {
+ test(false);
+ }
+ fact->destroyServer(server);
+ comm->destroy();
+ }
+
+ //
+ // This should success because both have SSLv3 enabled
+ //
+ {
+ InitializationData initData;
+ initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, pfx);
+ initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
+ initData.properties->setProperty("IceSSL.Protocols", "ssl3");
+ CommunicatorPtr comm = initialize(initData);
+
+ Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
+ test(fact);
+ Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, pfx);
+ d["IceSSL.CertAuthFile"] = "cacert1.pem";
+ if(pfx)
+ {
+ d["IceSSL.CertFile"] = "s_rsa_ca1.pfx";
+ }
+ else
+ {
+ d["IceSSL.CertFile"] = "s_rsa_nopass_ca1_pub.pem";
+ d["IceSSL.KeyFile"] = "s_rsa_nopass_ca1_priv.pem";
+ }
+ d["IceSSL.VerifyPeer"] = "0";
+ d["IceSSL.Protocols"] = "ssl3, tls, tls1_1, tls1_2";
+ Test::ServerPrx server = fact->createServer(d);
+ try
+ {
+ server->ice_ping();
+ }
+ catch(const LocalException& ex)
+ {
+ cerr << ex << endl;
+ test(false);
+ }
+ fact->destroyServer(server);
+ comm->destroy();
+ }
#else
//
// This should fail because the client and server have no protocol
@@ -1263,6 +1358,113 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool pfx, b
}
fact->destroyServer(server);
comm->destroy();
+
+ //
+ // This should fail because the client only accept SSLv3 and the server
+ // use the default protocol set that disables SSLv3
+ //
+ {
+ InitializationData initData;
+ initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, pfx);
+ initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
+ if(pfx)
+ {
+ initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1.pfx");
+ }
+ else
+ {
+ initData.properties->setProperty("IceSSL.CertFile", "c_rsa_nopass_ca1_pub.pem");
+ initData.properties->setProperty("IceSSL.KeyFile", "c_rsa_nopass_ca1_priv.pem");
+ }
+ initData.properties->setProperty("IceSSL.VerifyPeer", "0");
+ initData.properties->setProperty("IceSSL.ProtocolVersionMin", "ssl3");
+ initData.properties->setProperty("IceSSL.ProtocolVersionMax", "ssl3");
+ CommunicatorPtr comm = initialize(initData);
+
+ Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
+ test(fact);
+ Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, pfx);
+ d["IceSSL.CertAuthFile"] = "cacert1.pem";
+ if(pfx)
+ {
+ d["IceSSL.CertFile"] = "s_rsa_ca1.pfx";
+ }
+ else
+ {
+ d["IceSSL.CertFile"] = "s_rsa_nopass_ca1_pub.pem";
+ d["IceSSL.KeyFile"] = "s_rsa_nopass_ca1_priv.pem";
+ }
+ d["IceSSL.VerifyPeer"] = "0";
+ Test::ServerPrx server = fact->createServer(d);
+ try
+ {
+ server->ice_ping();
+ test(false);
+ }
+ catch(const ProtocolException&)
+ {
+ // Expected on some platforms.
+ }
+ catch(const ConnectionLostException&)
+ {
+ // Expected on some platforms.
+ }
+ catch(const LocalException&)
+ {
+ test(false);
+ }
+ fact->destroyServer(server);
+ comm->destroy();
+ }
+
+ //
+ // This should success because both have SSLv3 enabled
+ //
+ {
+ InitializationData initData;
+ initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, pfx);
+ initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
+ if(pfx)
+ {
+ initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1.pfx");
+ }
+ else
+ {
+ initData.properties->setProperty("IceSSL.CertFile", "c_rsa_nopass_ca1_pub.pem");
+ initData.properties->setProperty("IceSSL.KeyFile", "c_rsa_nopass_ca1_priv.pem");
+ }
+ initData.properties->setProperty("IceSSL.VerifyPeer", "0");
+ initData.properties->setProperty("IceSSL.ProtocolVersionMin", "ssl3");
+ initData.properties->setProperty("IceSSL.ProtocolVersionMax", "ssl3");
+ CommunicatorPtr comm = initialize(initData);
+
+ Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
+ test(fact);
+ Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, pfx);
+ d["IceSSL.CertAuthFile"] = "cacert1.pem";
+ if(pfx)
+ {
+ d["IceSSL.CertFile"] = "s_rsa_ca1.pfx";
+ }
+ else
+ {
+ d["IceSSL.CertFile"] = "s_rsa_nopass_ca1_pub.pem";
+ d["IceSSL.KeyFile"] = "s_rsa_nopass_ca1_priv.pem";
+ }
+ d["IceSSL.VerifyPeer"] = "0";
+ d["IceSSL.ProtocolVersionMin"] = "ssl3";
+ Test::ServerPrx server = fact->createServer(d);
+ try
+ {
+ server->ice_ping();
+ }
+ catch(const LocalException&)
+ {
+ test(false);
+ }
+ fact->destroyServer(server);
+ comm->destroy();
+ }
#endif
}
cout << "ok" << endl;
@@ -1574,7 +1776,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool pfx, b
IceSSL::NativeConnectionInfoPtr::dynamicCast(server->ice_getConnection()->getInfo());
test(info->cipher.compare(0, cipherSub.size(), cipherSub) == 0);
}
- catch(const LocalException&)
+ catch(const LocalException& ex)
{
//
// OS X 10.10 bug the handshake fails attempting client auth
diff --git a/cpp/test/IceSSL/configuration/run.py b/cpp/test/IceSSL/configuration/run.py
index 61da2e86b04..37e92428317 100755
--- a/cpp/test/IceSSL/configuration/run.py
+++ b/cpp/test/IceSSL/configuration/run.py
@@ -27,8 +27,8 @@ keychainPath = os.path.abspath(os.path.join(certsPath, "Find.keychain"))
def keychainCleanup():
os.system("rm -rf %s ../certs/keychain" % keychainPath)
-atexit.register(keychainCleanup)
if TestUtil.isDarwin():
+ atexit.register(keychainCleanup)
keychainCleanup()
os.system("mkdir -p ../certs/keychain")
generated by cgit v1.2.3 (git 2.46.0) at 2025-08-03 19:24:41 +0000