2 * Copyright 2015 Facebook, Inc.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
16 #include <folly/io/async/test/AsyncSSLSocketTest.h>
21 #include <folly/io/async/AsyncSSLSocket.h>
22 #include <folly/io/async/EventBase.h>
23 #include <folly/SocketAddress.h>
25 #include <folly/io/async/test/BlockingSocket.h>
27 #include <gtest/gtest.h>
34 #include <sys/types.h>
35 #include <sys/socket.h>
36 #include <netinet/tcp.h>
37 #include <folly/io/Cursor.h>
47 uint32_t TestSSLAsyncCacheServer::asyncCallbacks_ = 0;
48 uint32_t TestSSLAsyncCacheServer::asyncLookups_ = 0;
49 uint32_t TestSSLAsyncCacheServer::lookupDelay_ = 0;
51 const char* testCert = "folly/io/async/test/certs/tests-cert.pem";
52 const char* testKey = "folly/io/async/test/certs/tests-key.pem";
53 const char* testCA = "folly/io/async/test/certs/ca-cert.pem";
55 constexpr size_t SSLClient::kMaxReadBufferSz;
56 constexpr size_t SSLClient::kMaxReadsPerEvent;
58 TestSSLServer::TestSSLServer(SSLServerAcceptCallbackBase *acb) :
59 ctx_(new folly::SSLContext),
61 socket_(folly::AsyncServerSocket::newSocket(&evb_)) {
62 // Set up the SSL context
63 ctx_->loadCertificate(testCert);
64 ctx_->loadPrivateKey(testKey);
65 ctx_->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
70 //set up the listening socket
72 socket_->getAddress(&address_);
74 socket_->addAcceptCallback(acb_, &evb_);
75 socket_->startAccepting();
77 int ret = pthread_create(&thread_, nullptr, Main, this);
80 std::cerr << "Accepting connections on " << address_ << std::endl;
83 void getfds(int fds[2]) {
84 if (socketpair(PF_LOCAL, SOCK_STREAM, 0, fds) != 0) {
85 FAIL() << "failed to create socketpair: " << strerror(errno);
87 for (int idx = 0; idx < 2; ++idx) {
88 int flags = fcntl(fds[idx], F_GETFL, 0);
90 FAIL() << "failed to get flags for socket " << idx << ": "
93 if (fcntl(fds[idx], F_SETFL, flags | O_NONBLOCK) != 0) {
94 FAIL() << "failed to put socket " << idx << " in non-blocking mode: "
101 std::shared_ptr<folly::SSLContext> clientCtx,
102 std::shared_ptr<folly::SSLContext> serverCtx) {
103 clientCtx->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
105 serverCtx->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
106 serverCtx->loadCertificate(
108 serverCtx->loadPrivateKey(
113 EventBase* eventBase,
114 AsyncSSLSocket::UniquePtr* clientSock,
115 AsyncSSLSocket::UniquePtr* serverSock) {
116 auto clientCtx = std::make_shared<folly::SSLContext>();
117 auto serverCtx = std::make_shared<folly::SSLContext>();
120 getctx(clientCtx, serverCtx);
121 clientSock->reset(new AsyncSSLSocket(
122 clientCtx, eventBase, fds[0], false));
123 serverSock->reset(new AsyncSSLSocket(
124 serverCtx, eventBase, fds[1], true));
126 // (*clientSock)->setSendTimeout(100);
127 // (*serverSock)->setSendTimeout(100);
130 // client protocol filters
131 bool clientProtoFilterPickPony(unsigned char** client,
132 unsigned int* client_len, const unsigned char*, unsigned int ) {
133 //the protocol string in length prefixed byte string. the
134 //length byte is not included in the length
135 static unsigned char p[7] = {6,'p','o','n','i','e','s'};
141 bool clientProtoFilterPickNone(unsigned char**, unsigned int*,
142 const unsigned char*, unsigned int) {
147 * Test connecting to, writing to, reading from, and closing the
148 * connection to the SSL server.
150 TEST(AsyncSSLSocketTest, ConnectWriteReadClose) {
151 // Start listening on a local port
152 WriteCallbackBase writeCallback;
153 ReadCallback readCallback(&writeCallback);
154 HandshakeCallback handshakeCallback(&readCallback);
155 SSLServerAcceptCallback acceptCallback(&handshakeCallback);
156 TestSSLServer server(&acceptCallback);
158 // Set up SSL context.
159 std::shared_ptr<SSLContext> sslContext(new SSLContext());
160 sslContext->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
161 //sslContext->loadTrustedCertificates("./trusted-ca-certificate.pem");
162 //sslContext->authenticate(true, false);
165 auto socket = std::make_shared<BlockingSocket>(server.getAddress(),
171 memset(buf, 'a', sizeof(buf));
172 socket->write(buf, sizeof(buf));
175 uint8_t readbuf[128];
176 uint32_t bytesRead = socket->readAll(readbuf, sizeof(readbuf));
177 EXPECT_EQ(bytesRead, 128);
178 EXPECT_EQ(memcmp(buf, readbuf, bytesRead), 0);
183 cerr << "ConnectWriteReadClose test completed" << endl;
187 * Negative test for handshakeError().
189 TEST(AsyncSSLSocketTest, HandshakeError) {
190 // Start listening on a local port
191 WriteCallbackBase writeCallback;
192 ReadCallback readCallback(&writeCallback);
193 HandshakeCallback handshakeCallback(&readCallback);
194 HandshakeErrorCallback acceptCallback(&handshakeCallback);
195 TestSSLServer server(&acceptCallback);
197 // Set up SSL context.
198 std::shared_ptr<SSLContext> sslContext(new SSLContext());
199 sslContext->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
202 auto socket = std::make_shared<BlockingSocket>(server.getAddress(),
209 uint8_t readbuf[128];
210 uint32_t bytesRead = socket->readAll(readbuf, sizeof(readbuf));
211 } catch (AsyncSocketException &e) {
218 cerr << "HandshakeError test completed" << endl;
222 * Negative test for readError().
224 TEST(AsyncSSLSocketTest, ReadError) {
225 // Start listening on a local port
226 WriteCallbackBase writeCallback;
227 ReadErrorCallback readCallback(&writeCallback);
228 HandshakeCallback handshakeCallback(&readCallback);
229 SSLServerAcceptCallback acceptCallback(&handshakeCallback);
230 TestSSLServer server(&acceptCallback);
232 // Set up SSL context.
233 std::shared_ptr<SSLContext> sslContext(new SSLContext());
234 sslContext->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
237 auto socket = std::make_shared<BlockingSocket>(server.getAddress(),
241 // write something to trigger ssl handshake
243 memset(buf, 'a', sizeof(buf));
244 socket->write(buf, sizeof(buf));
247 cerr << "ReadError test completed" << endl;
251 * Negative test for writeError().
253 TEST(AsyncSSLSocketTest, WriteError) {
254 // Start listening on a local port
255 WriteCallbackBase writeCallback;
256 WriteErrorCallback readCallback(&writeCallback);
257 HandshakeCallback handshakeCallback(&readCallback);
258 SSLServerAcceptCallback acceptCallback(&handshakeCallback);
259 TestSSLServer server(&acceptCallback);
261 // Set up SSL context.
262 std::shared_ptr<SSLContext> sslContext(new SSLContext());
263 sslContext->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
266 auto socket = std::make_shared<BlockingSocket>(server.getAddress(),
270 // write something to trigger ssl handshake
272 memset(buf, 'a', sizeof(buf));
273 socket->write(buf, sizeof(buf));
276 cerr << "WriteError test completed" << endl;
280 * Test a socket with TCP_NODELAY unset.
282 TEST(AsyncSSLSocketTest, SocketWithDelay) {
283 // Start listening on a local port
284 WriteCallbackBase writeCallback;
285 ReadCallback readCallback(&writeCallback);
286 HandshakeCallback handshakeCallback(&readCallback);
287 SSLServerAcceptCallbackDelay acceptCallback(&handshakeCallback);
288 TestSSLServer server(&acceptCallback);
290 // Set up SSL context.
291 std::shared_ptr<SSLContext> sslContext(new SSLContext());
292 sslContext->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
295 auto socket = std::make_shared<BlockingSocket>(server.getAddress(),
301 memset(buf, 'a', sizeof(buf));
302 socket->write(buf, sizeof(buf));
305 uint8_t readbuf[128];
306 uint32_t bytesRead = socket->readAll(readbuf, sizeof(readbuf));
307 EXPECT_EQ(bytesRead, 128);
308 EXPECT_EQ(memcmp(buf, readbuf, bytesRead), 0);
313 cerr << "SocketWithDelay test completed" << endl;
316 TEST(AsyncSSLSocketTest, NpnTestOverlap) {
318 std::shared_ptr<SSLContext> clientCtx(new SSLContext);
319 std::shared_ptr<SSLContext> serverCtx(new SSLContext);;
322 getctx(clientCtx, serverCtx);
324 clientCtx->setAdvertisedNextProtocols({"blub","baz"});
325 serverCtx->setAdvertisedNextProtocols({"foo","bar","baz"});
327 AsyncSSLSocket::UniquePtr clientSock(
328 new AsyncSSLSocket(clientCtx, &eventBase, fds[0], false));
329 AsyncSSLSocket::UniquePtr serverSock(
330 new AsyncSSLSocket(serverCtx, &eventBase, fds[1], true));
331 NpnClient client(std::move(clientSock));
332 NpnServer server(std::move(serverSock));
336 EXPECT_TRUE(client.nextProtoLength != 0);
337 EXPECT_EQ(client.nextProtoLength, server.nextProtoLength);
338 EXPECT_EQ(memcmp(client.nextProto, server.nextProto,
339 server.nextProtoLength), 0);
340 string selected((const char*)client.nextProto, client.nextProtoLength);
341 EXPECT_EQ(selected.compare("baz"), 0);
344 TEST(AsyncSSLSocketTest, NpnTestUnset) {
345 // Identical to above test, except that we want unset NPN before
348 std::shared_ptr<SSLContext> clientCtx(new SSLContext);
349 std::shared_ptr<SSLContext> serverCtx(new SSLContext);;
352 getctx(clientCtx, serverCtx);
354 clientCtx->setAdvertisedNextProtocols({"blub","baz"});
355 serverCtx->setAdvertisedNextProtocols({"foo","bar","baz"});
357 AsyncSSLSocket::UniquePtr clientSock(
358 new AsyncSSLSocket(clientCtx, &eventBase, fds[0], false));
359 AsyncSSLSocket::UniquePtr serverSock(
360 new AsyncSSLSocket(serverCtx, &eventBase, fds[1], true));
362 // unsetting NPN for any of [client, server] is enought to make NPN not
364 clientCtx->unsetNextProtocols();
366 NpnClient client(std::move(clientSock));
367 NpnServer server(std::move(serverSock));
371 EXPECT_TRUE(client.nextProtoLength == 0);
372 EXPECT_TRUE(server.nextProtoLength == 0);
373 EXPECT_TRUE(client.nextProto == nullptr);
374 EXPECT_TRUE(server.nextProto == nullptr);
377 TEST(AsyncSSLSocketTest, NpnTestNoOverlap) {
379 std::shared_ptr<SSLContext> clientCtx(new SSLContext);
380 std::shared_ptr<SSLContext> serverCtx(new SSLContext);;
383 getctx(clientCtx, serverCtx);
385 clientCtx->setAdvertisedNextProtocols({"blub"});
386 serverCtx->setAdvertisedNextProtocols({"foo","bar","baz"});
388 AsyncSSLSocket::UniquePtr clientSock(
389 new AsyncSSLSocket(clientCtx, &eventBase, fds[0], false));
390 AsyncSSLSocket::UniquePtr serverSock(
391 new AsyncSSLSocket(serverCtx, &eventBase, fds[1], true));
392 NpnClient client(std::move(clientSock));
393 NpnServer server(std::move(serverSock));
397 EXPECT_TRUE(client.nextProtoLength != 0);
398 EXPECT_EQ(client.nextProtoLength, server.nextProtoLength);
399 EXPECT_EQ(memcmp(client.nextProto, server.nextProto,
400 server.nextProtoLength), 0);
401 string selected((const char*)client.nextProto, client.nextProtoLength);
402 EXPECT_EQ(selected.compare("blub"), 0);
405 TEST(AsyncSSLSocketTest, NpnTestClientProtoFilterHit) {
407 auto clientCtx = std::make_shared<SSLContext>();
408 auto serverCtx = std::make_shared<SSLContext>();
411 getctx(clientCtx, serverCtx);
413 clientCtx->setAdvertisedNextProtocols({"blub"});
414 clientCtx->setClientProtocolFilterCallback(clientProtoFilterPickPony);
415 serverCtx->setAdvertisedNextProtocols({"foo","bar","baz"});
417 AsyncSSLSocket::UniquePtr clientSock(
418 new AsyncSSLSocket(clientCtx, &eventBase, fds[0], false));
419 AsyncSSLSocket::UniquePtr serverSock(
420 new AsyncSSLSocket(serverCtx, &eventBase, fds[1], true));
421 NpnClient client(std::move(clientSock));
422 NpnServer server(std::move(serverSock));
426 EXPECT_TRUE(client.nextProtoLength != 0);
427 EXPECT_EQ(client.nextProtoLength, server.nextProtoLength);
428 EXPECT_EQ(memcmp(client.nextProto, server.nextProto,
429 server.nextProtoLength), 0);
430 string selected((const char*)client.nextProto, client.nextProtoLength);
431 EXPECT_EQ(selected.compare("ponies"), 0);
434 TEST(AsyncSSLSocketTest, NpnTestClientProtoFilterMiss) {
436 auto clientCtx = std::make_shared<SSLContext>();
437 auto serverCtx = std::make_shared<SSLContext>();
440 getctx(clientCtx, serverCtx);
442 clientCtx->setAdvertisedNextProtocols({"blub"});
443 clientCtx->setClientProtocolFilterCallback(clientProtoFilterPickNone);
444 serverCtx->setAdvertisedNextProtocols({"foo","bar","baz"});
446 AsyncSSLSocket::UniquePtr clientSock(
447 new AsyncSSLSocket(clientCtx, &eventBase, fds[0], false));
448 AsyncSSLSocket::UniquePtr serverSock(
449 new AsyncSSLSocket(serverCtx, &eventBase, fds[1], true));
450 NpnClient client(std::move(clientSock));
451 NpnServer server(std::move(serverSock));
455 EXPECT_TRUE(client.nextProtoLength != 0);
456 EXPECT_EQ(client.nextProtoLength, server.nextProtoLength);
457 EXPECT_EQ(memcmp(client.nextProto, server.nextProto,
458 server.nextProtoLength), 0);
459 string selected((const char*)client.nextProto, client.nextProtoLength);
460 EXPECT_EQ(selected.compare("blub"), 0);
463 TEST(AsyncSSLSocketTest, RandomizedNpnTest) {
464 // Probability that this test will fail is 2^-64, which could be considered
466 const int kTries = 64;
468 std::set<string> selectedProtocols;
469 for (int i = 0; i < kTries; ++i) {
471 std::shared_ptr<SSLContext> clientCtx = std::make_shared<SSLContext>();
472 std::shared_ptr<SSLContext> serverCtx = std::make_shared<SSLContext>();
475 getctx(clientCtx, serverCtx);
477 clientCtx->setAdvertisedNextProtocols({"foo", "bar", "baz"});
478 serverCtx->setRandomizedAdvertisedNextProtocols({{1, {"foo"}},
482 AsyncSSLSocket::UniquePtr clientSock(
483 new AsyncSSLSocket(clientCtx, &eventBase, fds[0], false));
484 AsyncSSLSocket::UniquePtr serverSock(
485 new AsyncSSLSocket(serverCtx, &eventBase, fds[1], true));
486 NpnClient client(std::move(clientSock));
487 NpnServer server(std::move(serverSock));
491 EXPECT_TRUE(client.nextProtoLength != 0);
492 EXPECT_EQ(client.nextProtoLength, server.nextProtoLength);
493 EXPECT_EQ(memcmp(client.nextProto, server.nextProto,
494 server.nextProtoLength), 0);
495 string selected((const char*)client.nextProto, client.nextProtoLength);
496 selectedProtocols.insert(selected);
498 EXPECT_EQ(selectedProtocols.size(), 2);
502 #ifndef OPENSSL_NO_TLSEXT
504 * 1. Client sends TLSEXT_HOSTNAME in client hello.
505 * 2. Server found a match SSL_CTX and use this SSL_CTX to
506 * continue the SSL handshake.
507 * 3. Server sends back TLSEXT_HOSTNAME in server hello.
509 TEST(AsyncSSLSocketTest, SNITestMatch) {
511 std::shared_ptr<SSLContext> clientCtx(new SSLContext);
512 std::shared_ptr<SSLContext> dfServerCtx(new SSLContext);
513 // Use the same SSLContext to continue the handshake after
514 // tlsext_hostname match.
515 std::shared_ptr<SSLContext> hskServerCtx(dfServerCtx);
516 const std::string serverName("xyz.newdev.facebook.com");
519 getctx(clientCtx, dfServerCtx);
521 AsyncSSLSocket::UniquePtr clientSock(
522 new AsyncSSLSocket(clientCtx, &eventBase, fds[0], serverName));
523 AsyncSSLSocket::UniquePtr serverSock(
524 new AsyncSSLSocket(dfServerCtx, &eventBase, fds[1], true));
525 SNIClient client(std::move(clientSock));
526 SNIServer server(std::move(serverSock),
533 EXPECT_TRUE(client.serverNameMatch);
534 EXPECT_TRUE(server.serverNameMatch);
538 * 1. Client sends TLSEXT_HOSTNAME in client hello.
539 * 2. Server cannot find a matching SSL_CTX and continue to use
540 * the current SSL_CTX to do the handshake.
541 * 3. Server does not send back TLSEXT_HOSTNAME in server hello.
543 TEST(AsyncSSLSocketTest, SNITestNotMatch) {
545 std::shared_ptr<SSLContext> clientCtx(new SSLContext);
546 std::shared_ptr<SSLContext> dfServerCtx(new SSLContext);
547 // Use the same SSLContext to continue the handshake after
548 // tlsext_hostname match.
549 std::shared_ptr<SSLContext> hskServerCtx(dfServerCtx);
550 const std::string clientRequestingServerName("foo.com");
551 const std::string serverExpectedServerName("xyz.newdev.facebook.com");
555 getctx(clientCtx, dfServerCtx);
557 AsyncSSLSocket::UniquePtr clientSock(
558 new AsyncSSLSocket(clientCtx,
561 clientRequestingServerName));
562 AsyncSSLSocket::UniquePtr serverSock(
563 new AsyncSSLSocket(dfServerCtx, &eventBase, fds[1], true));
564 SNIClient client(std::move(clientSock));
565 SNIServer server(std::move(serverSock),
568 serverExpectedServerName);
572 EXPECT_TRUE(!client.serverNameMatch);
573 EXPECT_TRUE(!server.serverNameMatch);
576 * 1. Client sends TLSEXT_HOSTNAME in client hello.
577 * 2. We then change the serverName.
578 * 3. We expect that we get 'false' as the result for serNameMatch.
581 TEST(AsyncSSLSocketTest, SNITestChangeServerName) {
583 std::shared_ptr<SSLContext> clientCtx(new SSLContext);
584 std::shared_ptr<SSLContext> dfServerCtx(new SSLContext);
585 // Use the same SSLContext to continue the handshake after
586 // tlsext_hostname match.
587 std::shared_ptr<SSLContext> hskServerCtx(dfServerCtx);
588 const std::string serverName("xyz.newdev.facebook.com");
591 getctx(clientCtx, dfServerCtx);
593 AsyncSSLSocket::UniquePtr clientSock(
594 new AsyncSSLSocket(clientCtx, &eventBase, fds[0], serverName));
595 //Change the server name
596 std::string newName("new.com");
597 clientSock->setServerName(newName);
598 AsyncSSLSocket::UniquePtr serverSock(
599 new AsyncSSLSocket(dfServerCtx, &eventBase, fds[1], true));
600 SNIClient client(std::move(clientSock));
601 SNIServer server(std::move(serverSock),
608 EXPECT_TRUE(!client.serverNameMatch);
612 * 1. Client does not send TLSEXT_HOSTNAME in client hello.
613 * 2. Server does not send back TLSEXT_HOSTNAME in server hello.
615 TEST(AsyncSSLSocketTest, SNITestClientHelloNoHostname) {
617 std::shared_ptr<SSLContext> clientCtx(new SSLContext);
618 std::shared_ptr<SSLContext> dfServerCtx(new SSLContext);
619 // Use the same SSLContext to continue the handshake after
620 // tlsext_hostname match.
621 std::shared_ptr<SSLContext> hskServerCtx(dfServerCtx);
622 const std::string serverExpectedServerName("xyz.newdev.facebook.com");
626 getctx(clientCtx, dfServerCtx);
628 AsyncSSLSocket::UniquePtr clientSock(
629 new AsyncSSLSocket(clientCtx, &eventBase, fds[0], false));
630 AsyncSSLSocket::UniquePtr serverSock(
631 new AsyncSSLSocket(dfServerCtx, &eventBase, fds[1], true));
632 SNIClient client(std::move(clientSock));
633 SNIServer server(std::move(serverSock),
636 serverExpectedServerName);
640 EXPECT_TRUE(!client.serverNameMatch);
641 EXPECT_TRUE(!server.serverNameMatch);
646 * Test SSL client socket
648 TEST(AsyncSSLSocketTest, SSLClientTest) {
649 // Start listening on a local port
650 WriteCallbackBase writeCallback;
651 ReadCallback readCallback(&writeCallback);
652 HandshakeCallback handshakeCallback(&readCallback);
653 SSLServerAcceptCallbackDelay acceptCallback(&handshakeCallback);
654 TestSSLServer server(&acceptCallback);
658 std::shared_ptr<SSLClient> client(new SSLClient(&eventBase, server.getAddress(),
662 EventBaseAborter eba(&eventBase, 3000);
665 EXPECT_EQ(client->getMiss(), 1);
666 EXPECT_EQ(client->getHit(), 0);
668 cerr << "SSLClientTest test completed" << endl;
673 * Test SSL client socket session re-use
675 TEST(AsyncSSLSocketTest, SSLClientTestReuse) {
676 // Start listening on a local port
677 WriteCallbackBase writeCallback;
678 ReadCallback readCallback(&writeCallback);
679 HandshakeCallback handshakeCallback(&readCallback);
680 SSLServerAcceptCallbackDelay acceptCallback(&handshakeCallback);
681 TestSSLServer server(&acceptCallback);
685 std::shared_ptr<SSLClient> client(new SSLClient(&eventBase, server.getAddress(),
689 EventBaseAborter eba(&eventBase, 3000);
692 EXPECT_EQ(client->getMiss(), 1);
693 EXPECT_EQ(client->getHit(), 9);
695 cerr << "SSLClientTestReuse test completed" << endl;
699 * Test SSL client socket timeout
701 TEST(AsyncSSLSocketTest, SSLClientTimeoutTest) {
702 // Start listening on a local port
703 EmptyReadCallback readCallback;
704 HandshakeCallback handshakeCallback(&readCallback,
705 HandshakeCallback::EXPECT_ERROR);
706 HandshakeTimeoutCallback acceptCallback(&handshakeCallback);
707 TestSSLServer server(&acceptCallback);
711 std::shared_ptr<SSLClient> client(new SSLClient(&eventBase, server.getAddress(),
713 client->connect(true /* write before connect completes */);
714 EventBaseAborter eba(&eventBase, 3000);
718 // This is checking that the connectError callback precedes any queued
719 // writeError callbacks. This matches AsyncSocket's behavior
720 EXPECT_EQ(client->getWriteAfterConnectErrors(), 1);
721 EXPECT_EQ(client->getErrors(), 1);
722 EXPECT_EQ(client->getMiss(), 0);
723 EXPECT_EQ(client->getHit(), 0);
725 cerr << "SSLClientTimeoutTest test completed" << endl;
730 * Test SSL server async cache
732 TEST(AsyncSSLSocketTest, SSLServerAsyncCacheTest) {
733 // Start listening on a local port
734 WriteCallbackBase writeCallback;
735 ReadCallback readCallback(&writeCallback);
736 HandshakeCallback handshakeCallback(&readCallback);
737 SSLServerAsyncCacheAcceptCallback acceptCallback(&handshakeCallback);
738 TestSSLAsyncCacheServer server(&acceptCallback);
742 std::shared_ptr<SSLClient> client(new SSLClient(&eventBase, server.getAddress(),
746 EventBaseAborter eba(&eventBase, 3000);
749 EXPECT_EQ(server.getAsyncCallbacks(), 18);
750 EXPECT_EQ(server.getAsyncLookups(), 9);
751 EXPECT_EQ(client->getMiss(), 10);
752 EXPECT_EQ(client->getHit(), 0);
754 cerr << "SSLServerAsyncCacheTest test completed" << endl;
759 * Test SSL server accept timeout with cache path
761 TEST(AsyncSSLSocketTest, SSLServerTimeoutTest) {
762 // Start listening on a local port
763 WriteCallbackBase writeCallback;
764 ReadCallback readCallback(&writeCallback);
765 EmptyReadCallback clientReadCallback;
766 HandshakeCallback handshakeCallback(&readCallback);
767 SSLServerAcceptCallback acceptCallback(&handshakeCallback, 50);
768 TestSSLAsyncCacheServer server(&acceptCallback);
772 // only do a TCP connect
773 std::shared_ptr<AsyncSocket> sock = AsyncSocket::newSocket(&eventBase);
774 sock->connect(nullptr, server.getAddress());
775 clientReadCallback.tcpSocket_ = sock;
776 sock->setReadCB(&clientReadCallback);
778 EventBaseAborter eba(&eventBase, 3000);
781 EXPECT_EQ(readCallback.state, STATE_WAITING);
783 cerr << "SSLServerTimeoutTest test completed" << endl;
787 * Test SSL server accept timeout with cache path
789 TEST(AsyncSSLSocketTest, SSLServerAsyncCacheTimeoutTest) {
790 // Start listening on a local port
791 WriteCallbackBase writeCallback;
792 ReadCallback readCallback(&writeCallback);
793 HandshakeCallback handshakeCallback(&readCallback);
794 SSLServerAsyncCacheAcceptCallback acceptCallback(&handshakeCallback, 50);
795 TestSSLAsyncCacheServer server(&acceptCallback);
799 std::shared_ptr<SSLClient> client(new SSLClient(&eventBase, server.getAddress(),
803 EventBaseAborter eba(&eventBase, 3000);
806 EXPECT_EQ(server.getAsyncCallbacks(), 1);
807 EXPECT_EQ(server.getAsyncLookups(), 1);
808 EXPECT_EQ(client->getErrors(), 1);
809 EXPECT_EQ(client->getMiss(), 1);
810 EXPECT_EQ(client->getHit(), 0);
812 cerr << "SSLServerAsyncCacheTimeoutTest test completed" << endl;
816 * Test SSL server accept timeout with cache path
818 TEST(AsyncSSLSocketTest, SSLServerCacheCloseTest) {
819 // Start listening on a local port
820 WriteCallbackBase writeCallback;
821 ReadCallback readCallback(&writeCallback);
822 HandshakeCallback handshakeCallback(&readCallback,
823 HandshakeCallback::EXPECT_ERROR);
824 SSLServerAsyncCacheAcceptCallback acceptCallback(&handshakeCallback);
825 TestSSLAsyncCacheServer server(&acceptCallback, 500);
829 std::shared_ptr<SSLClient> client(new SSLClient(&eventBase, server.getAddress(),
833 EventBaseAborter eba(&eventBase, 3000);
836 server.getEventBase().runInEventBaseThread([&handshakeCallback]{
837 handshakeCallback.closeSocket();});
838 // give time for the cache lookup to come back and find it closed
841 EXPECT_EQ(server.getAsyncCallbacks(), 1);
842 EXPECT_EQ(server.getAsyncLookups(), 1);
843 EXPECT_EQ(client->getErrors(), 1);
844 EXPECT_EQ(client->getMiss(), 1);
845 EXPECT_EQ(client->getHit(), 0);
847 cerr << "SSLServerCacheCloseTest test completed" << endl;
851 * Verify Client Ciphers obtained using SSL MSG Callback.
853 TEST(AsyncSSLSocketTest, SSLParseClientHelloSuccess) {
855 auto clientCtx = std::make_shared<SSLContext>();
856 auto serverCtx = std::make_shared<SSLContext>();
857 serverCtx->setVerificationOption(SSLContext::SSLVerifyPeerEnum::VERIFY);
858 serverCtx->ciphers("RSA:!SHA:!NULL:!SHA256@STRENGTH");
859 serverCtx->loadPrivateKey(testKey);
860 serverCtx->loadCertificate(testCert);
861 serverCtx->loadTrustedCertificates(testCA);
862 serverCtx->loadClientCAList(testCA);
864 clientCtx->setVerificationOption(SSLContext::SSLVerifyPeerEnum::VERIFY);
865 clientCtx->ciphers("RC4-SHA:AES128-SHA:AES256-SHA:RC4-MD5");
866 clientCtx->loadPrivateKey(testKey);
867 clientCtx->loadCertificate(testCert);
868 clientCtx->loadTrustedCertificates(testCA);
873 AsyncSSLSocket::UniquePtr clientSock(
874 new AsyncSSLSocket(clientCtx, &eventBase, fds[0], false));
875 AsyncSSLSocket::UniquePtr serverSock(
876 new AsyncSSLSocket(serverCtx, &eventBase, fds[1], true));
878 SSLHandshakeClient client(std::move(clientSock), true, true);
879 SSLHandshakeServerParseClientHello server(std::move(serverSock), true, true);
883 EXPECT_EQ(server.clientCiphers_,
884 "RC4-SHA:AES128-SHA:AES256-SHA:RC4-MD5:00ff");
885 EXPECT_TRUE(client.handshakeVerify_);
886 EXPECT_TRUE(client.handshakeSuccess_);
887 EXPECT_TRUE(!client.handshakeError_);
888 EXPECT_TRUE(server.handshakeVerify_);
889 EXPECT_TRUE(server.handshakeSuccess_);
890 EXPECT_TRUE(!server.handshakeError_);
893 TEST(AsyncSSLSocketTest, SSLParseClientHelloOnePacket) {
895 auto ctx = std::make_shared<SSLContext>();
901 uint8_t majorVersion = 18;
902 uint8_t minorVersion = 25;
904 // Create callback buf
905 auto buf = IOBuf::create(bufLen);
907 folly::io::RWPrivateCursor cursor(buf.get());
908 cursor.write<uint8_t>(SSL3_MT_CLIENT_HELLO);
909 cursor.write<uint16_t>(0);
910 cursor.write<uint8_t>(38);
911 cursor.write<uint8_t>(majorVersion);
912 cursor.write<uint8_t>(minorVersion);
914 cursor.write<uint32_t>(0);
916 SSL* ssl = ctx->createSSL();
917 SCOPE_EXIT { SSL_free(ssl); };
918 AsyncSSLSocket::UniquePtr sock(
919 new AsyncSSLSocket(ctx, &eventBase, fds[0], true));
920 sock->enableClientHelloParsing();
922 // Test client hello parsing in one packet
923 AsyncSSLSocket::clientHelloParsingCallback(
924 0, 0, SSL3_RT_HANDSHAKE, buf->data(), buf->length(), ssl, sock.get());
927 auto parsedClientHello = sock->getClientHelloInfo();
928 EXPECT_TRUE(parsedClientHello != nullptr);
929 EXPECT_EQ(parsedClientHello->clientHelloMajorVersion_, majorVersion);
930 EXPECT_EQ(parsedClientHello->clientHelloMinorVersion_, minorVersion);
933 TEST(AsyncSSLSocketTest, SSLParseClientHelloTwoPackets) {
935 auto ctx = std::make_shared<SSLContext>();
941 uint8_t majorVersion = 18;
942 uint8_t minorVersion = 25;
944 // Create callback buf
945 auto buf = IOBuf::create(bufLen);
947 folly::io::RWPrivateCursor cursor(buf.get());
948 cursor.write<uint8_t>(SSL3_MT_CLIENT_HELLO);
949 cursor.write<uint16_t>(0);
950 cursor.write<uint8_t>(38);
951 cursor.write<uint8_t>(majorVersion);
952 cursor.write<uint8_t>(minorVersion);
954 cursor.write<uint32_t>(0);
956 SSL* ssl = ctx->createSSL();
957 SCOPE_EXIT { SSL_free(ssl); };
958 AsyncSSLSocket::UniquePtr sock(
959 new AsyncSSLSocket(ctx, &eventBase, fds[0], true));
960 sock->enableClientHelloParsing();
962 // Test parsing with two packets with first packet size < 3
963 auto bufCopy = folly::IOBuf::copyBuffer(buf->data(), 2);
964 AsyncSSLSocket::clientHelloParsingCallback(
965 0, 0, SSL3_RT_HANDSHAKE, bufCopy->data(), bufCopy->length(),
968 bufCopy = folly::IOBuf::copyBuffer(buf->data() + 2, buf->length() - 2);
969 AsyncSSLSocket::clientHelloParsingCallback(
970 0, 0, SSL3_RT_HANDSHAKE, bufCopy->data(), bufCopy->length(),
974 auto parsedClientHello = sock->getClientHelloInfo();
975 EXPECT_TRUE(parsedClientHello != nullptr);
976 EXPECT_EQ(parsedClientHello->clientHelloMajorVersion_, majorVersion);
977 EXPECT_EQ(parsedClientHello->clientHelloMinorVersion_, minorVersion);
980 TEST(AsyncSSLSocketTest, SSLParseClientHelloMultiplePackets) {
982 auto ctx = std::make_shared<SSLContext>();
988 uint8_t majorVersion = 18;
989 uint8_t minorVersion = 25;
991 // Create callback buf
992 auto buf = IOBuf::create(bufLen);
994 folly::io::RWPrivateCursor cursor(buf.get());
995 cursor.write<uint8_t>(SSL3_MT_CLIENT_HELLO);
996 cursor.write<uint16_t>(0);
997 cursor.write<uint8_t>(38);
998 cursor.write<uint8_t>(majorVersion);
999 cursor.write<uint8_t>(minorVersion);
1001 cursor.write<uint32_t>(0);
1003 SSL* ssl = ctx->createSSL();
1004 SCOPE_EXIT { SSL_free(ssl); };
1005 AsyncSSLSocket::UniquePtr sock(
1006 new AsyncSSLSocket(ctx, &eventBase, fds[0], true));
1007 sock->enableClientHelloParsing();
1009 // Test parsing with multiple small packets
1010 for (uint64_t i = 0; i < buf->length(); i += 3) {
1011 auto bufCopy = folly::IOBuf::copyBuffer(
1012 buf->data() + i, std::min((uint64_t)3, buf->length() - i));
1013 AsyncSSLSocket::clientHelloParsingCallback(
1014 0, 0, SSL3_RT_HANDSHAKE, bufCopy->data(), bufCopy->length(),
1019 auto parsedClientHello = sock->getClientHelloInfo();
1020 EXPECT_TRUE(parsedClientHello != nullptr);
1021 EXPECT_EQ(parsedClientHello->clientHelloMajorVersion_, majorVersion);
1022 EXPECT_EQ(parsedClientHello->clientHelloMinorVersion_, minorVersion);
1026 * Verify sucessful behavior of SSL certificate validation.
1028 TEST(AsyncSSLSocketTest, SSLHandshakeValidationSuccess) {
1029 EventBase eventBase;
1030 auto clientCtx = std::make_shared<SSLContext>();
1031 auto dfServerCtx = std::make_shared<SSLContext>();
1035 getctx(clientCtx, dfServerCtx);
1037 clientCtx->setVerificationOption(SSLContext::SSLVerifyPeerEnum::VERIFY);
1038 dfServerCtx->setVerificationOption(SSLContext::SSLVerifyPeerEnum::VERIFY);
1040 AsyncSSLSocket::UniquePtr clientSock(
1041 new AsyncSSLSocket(clientCtx, &eventBase, fds[0], false));
1042 AsyncSSLSocket::UniquePtr serverSock(
1043 new AsyncSSLSocket(dfServerCtx, &eventBase, fds[1], true));
1045 SSLHandshakeClient client(std::move(clientSock), true, true);
1046 clientCtx->loadTrustedCertificates(testCA);
1048 SSLHandshakeServer server(std::move(serverSock), true, true);
1052 EXPECT_TRUE(client.handshakeVerify_);
1053 EXPECT_TRUE(client.handshakeSuccess_);
1054 EXPECT_TRUE(!client.handshakeError_);
1055 EXPECT_TRUE(!server.handshakeVerify_);
1056 EXPECT_TRUE(server.handshakeSuccess_);
1057 EXPECT_TRUE(!server.handshakeError_);
1061 * Verify that the client's verification callback is able to fail SSL
1062 * connection establishment.
1064 TEST(AsyncSSLSocketTest, SSLHandshakeValidationFailure) {
1065 EventBase eventBase;
1066 auto clientCtx = std::make_shared<SSLContext>();
1067 auto dfServerCtx = std::make_shared<SSLContext>();
1071 getctx(clientCtx, dfServerCtx);
1073 clientCtx->setVerificationOption(SSLContext::SSLVerifyPeerEnum::VERIFY);
1074 dfServerCtx->setVerificationOption(SSLContext::SSLVerifyPeerEnum::VERIFY);
1076 AsyncSSLSocket::UniquePtr clientSock(
1077 new AsyncSSLSocket(clientCtx, &eventBase, fds[0], false));
1078 AsyncSSLSocket::UniquePtr serverSock(
1079 new AsyncSSLSocket(dfServerCtx, &eventBase, fds[1], true));
1081 SSLHandshakeClient client(std::move(clientSock), true, false);
1082 clientCtx->loadTrustedCertificates(testCA);
1084 SSLHandshakeServer server(std::move(serverSock), true, true);
1088 EXPECT_TRUE(client.handshakeVerify_);
1089 EXPECT_TRUE(!client.handshakeSuccess_);
1090 EXPECT_TRUE(client.handshakeError_);
1091 EXPECT_TRUE(!server.handshakeVerify_);
1092 EXPECT_TRUE(!server.handshakeSuccess_);
1093 EXPECT_TRUE(server.handshakeError_);
1097 * Verify that the options in SSLContext can be overridden in
1098 * sslConnect/Accept.i.e specifying that no validation should be performed
1099 * allows an otherwise-invalid certificate to be accepted and doesn't fire
1100 * the validation callback.
1102 TEST(AsyncSSLSocketTest, OverrideSSLCtxDisableVerify) {
1103 EventBase eventBase;
1104 auto clientCtx = std::make_shared<SSLContext>();
1105 auto dfServerCtx = std::make_shared<SSLContext>();
1109 getctx(clientCtx, dfServerCtx);
1111 clientCtx->setVerificationOption(SSLContext::SSLVerifyPeerEnum::VERIFY);
1112 dfServerCtx->setVerificationOption(SSLContext::SSLVerifyPeerEnum::VERIFY);
1114 AsyncSSLSocket::UniquePtr clientSock(
1115 new AsyncSSLSocket(clientCtx, &eventBase, fds[0], false));
1116 AsyncSSLSocket::UniquePtr serverSock(
1117 new AsyncSSLSocket(dfServerCtx, &eventBase, fds[1], true));
1119 SSLHandshakeClientNoVerify client(std::move(clientSock), false, false);
1120 clientCtx->loadTrustedCertificates(testCA);
1122 SSLHandshakeServerNoVerify server(std::move(serverSock), false, false);
1126 EXPECT_TRUE(!client.handshakeVerify_);
1127 EXPECT_TRUE(client.handshakeSuccess_);
1128 EXPECT_TRUE(!client.handshakeError_);
1129 EXPECT_TRUE(!server.handshakeVerify_);
1130 EXPECT_TRUE(server.handshakeSuccess_);
1131 EXPECT_TRUE(!server.handshakeError_);
1135 * Verify that the options in SSLContext can be overridden in
1136 * sslConnect/Accept. Enable verification even if context says otherwise.
1137 * Test requireClientCert with client cert
1139 TEST(AsyncSSLSocketTest, OverrideSSLCtxEnableVerify) {
1140 EventBase eventBase;
1141 auto clientCtx = std::make_shared<SSLContext>();
1142 auto serverCtx = std::make_shared<SSLContext>();
1143 serverCtx->setVerificationOption(SSLContext::SSLVerifyPeerEnum::NO_VERIFY);
1144 serverCtx->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
1145 serverCtx->loadPrivateKey(testKey);
1146 serverCtx->loadCertificate(testCert);
1147 serverCtx->loadTrustedCertificates(testCA);
1148 serverCtx->loadClientCAList(testCA);
1150 clientCtx->setVerificationOption(SSLContext::SSLVerifyPeerEnum::NO_VERIFY);
1151 clientCtx->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
1152 clientCtx->loadPrivateKey(testKey);
1153 clientCtx->loadCertificate(testCert);
1154 clientCtx->loadTrustedCertificates(testCA);
1159 AsyncSSLSocket::UniquePtr clientSock(
1160 new AsyncSSLSocket(clientCtx, &eventBase, fds[0], false));
1161 AsyncSSLSocket::UniquePtr serverSock(
1162 new AsyncSSLSocket(serverCtx, &eventBase, fds[1], true));
1164 SSLHandshakeClientDoVerify client(std::move(clientSock), true, true);
1165 SSLHandshakeServerDoVerify server(std::move(serverSock), true, true);
1169 EXPECT_TRUE(client.handshakeVerify_);
1170 EXPECT_TRUE(client.handshakeSuccess_);
1171 EXPECT_FALSE(client.handshakeError_);
1172 EXPECT_TRUE(server.handshakeVerify_);
1173 EXPECT_TRUE(server.handshakeSuccess_);
1174 EXPECT_FALSE(server.handshakeError_);
1178 * Verify that the client's verification callback is able to override
1179 * the preverification failure and allow a successful connection.
1181 TEST(AsyncSSLSocketTest, SSLHandshakeValidationOverride) {
1182 EventBase eventBase;
1183 auto clientCtx = std::make_shared<SSLContext>();
1184 auto dfServerCtx = std::make_shared<SSLContext>();
1188 getctx(clientCtx, dfServerCtx);
1190 clientCtx->setVerificationOption(SSLContext::SSLVerifyPeerEnum::VERIFY);
1191 dfServerCtx->setVerificationOption(SSLContext::SSLVerifyPeerEnum::VERIFY);
1193 AsyncSSLSocket::UniquePtr clientSock(
1194 new AsyncSSLSocket(clientCtx, &eventBase, fds[0], false));
1195 AsyncSSLSocket::UniquePtr serverSock(
1196 new AsyncSSLSocket(dfServerCtx, &eventBase, fds[1], true));
1198 SSLHandshakeClient client(std::move(clientSock), false, true);
1199 SSLHandshakeServer server(std::move(serverSock), true, true);
1203 EXPECT_TRUE(client.handshakeVerify_);
1204 EXPECT_TRUE(client.handshakeSuccess_);
1205 EXPECT_TRUE(!client.handshakeError_);
1206 EXPECT_TRUE(!server.handshakeVerify_);
1207 EXPECT_TRUE(server.handshakeSuccess_);
1208 EXPECT_TRUE(!server.handshakeError_);
1212 * Verify that specifying that no validation should be performed allows an
1213 * otherwise-invalid certificate to be accepted and doesn't fire the validation
1216 TEST(AsyncSSLSocketTest, SSLHandshakeValidationSkip) {
1217 EventBase eventBase;
1218 auto clientCtx = std::make_shared<SSLContext>();
1219 auto dfServerCtx = std::make_shared<SSLContext>();
1223 getctx(clientCtx, dfServerCtx);
1225 clientCtx->setVerificationOption(SSLContext::SSLVerifyPeerEnum::NO_VERIFY);
1226 dfServerCtx->setVerificationOption(SSLContext::SSLVerifyPeerEnum::NO_VERIFY);
1228 AsyncSSLSocket::UniquePtr clientSock(
1229 new AsyncSSLSocket(clientCtx, &eventBase, fds[0], false));
1230 AsyncSSLSocket::UniquePtr serverSock(
1231 new AsyncSSLSocket(dfServerCtx, &eventBase, fds[1], true));
1233 SSLHandshakeClient client(std::move(clientSock), false, false);
1234 SSLHandshakeServer server(std::move(serverSock), false, false);
1238 EXPECT_TRUE(!client.handshakeVerify_);
1239 EXPECT_TRUE(client.handshakeSuccess_);
1240 EXPECT_TRUE(!client.handshakeError_);
1241 EXPECT_TRUE(!server.handshakeVerify_);
1242 EXPECT_TRUE(server.handshakeSuccess_);
1243 EXPECT_TRUE(!server.handshakeError_);
1247 * Test requireClientCert with client cert
1249 TEST(AsyncSSLSocketTest, ClientCertHandshakeSuccess) {
1250 EventBase eventBase;
1251 auto clientCtx = std::make_shared<SSLContext>();
1252 auto serverCtx = std::make_shared<SSLContext>();
1253 serverCtx->setVerificationOption(
1254 SSLContext::SSLVerifyPeerEnum::VERIFY_REQ_CLIENT_CERT);
1255 serverCtx->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
1256 serverCtx->loadPrivateKey(testKey);
1257 serverCtx->loadCertificate(testCert);
1258 serverCtx->loadTrustedCertificates(testCA);
1259 serverCtx->loadClientCAList(testCA);
1261 clientCtx->setVerificationOption(SSLContext::SSLVerifyPeerEnum::VERIFY);
1262 clientCtx->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
1263 clientCtx->loadPrivateKey(testKey);
1264 clientCtx->loadCertificate(testCert);
1265 clientCtx->loadTrustedCertificates(testCA);
1270 AsyncSSLSocket::UniquePtr clientSock(
1271 new AsyncSSLSocket(clientCtx, &eventBase, fds[0], false));
1272 AsyncSSLSocket::UniquePtr serverSock(
1273 new AsyncSSLSocket(serverCtx, &eventBase, fds[1], true));
1275 SSLHandshakeClient client(std::move(clientSock), true, true);
1276 SSLHandshakeServer server(std::move(serverSock), true, true);
1280 EXPECT_TRUE(client.handshakeVerify_);
1281 EXPECT_TRUE(client.handshakeSuccess_);
1282 EXPECT_FALSE(client.handshakeError_);
1283 EXPECT_TRUE(server.handshakeVerify_);
1284 EXPECT_TRUE(server.handshakeSuccess_);
1285 EXPECT_FALSE(server.handshakeError_);
1290 * Test requireClientCert with no client cert
1292 TEST(AsyncSSLSocketTest, NoClientCertHandshakeError) {
1293 EventBase eventBase;
1294 auto clientCtx = std::make_shared<SSLContext>();
1295 auto serverCtx = std::make_shared<SSLContext>();
1296 serverCtx->setVerificationOption(
1297 SSLContext::SSLVerifyPeerEnum::VERIFY_REQ_CLIENT_CERT);
1298 serverCtx->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
1299 serverCtx->loadPrivateKey(testKey);
1300 serverCtx->loadCertificate(testCert);
1301 serverCtx->loadTrustedCertificates(testCA);
1302 serverCtx->loadClientCAList(testCA);
1303 clientCtx->setVerificationOption(SSLContext::SSLVerifyPeerEnum::NO_VERIFY);
1304 clientCtx->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
1309 AsyncSSLSocket::UniquePtr clientSock(
1310 new AsyncSSLSocket(clientCtx, &eventBase, fds[0], false));
1311 AsyncSSLSocket::UniquePtr serverSock(
1312 new AsyncSSLSocket(serverCtx, &eventBase, fds[1], true));
1314 SSLHandshakeClient client(std::move(clientSock), false, false);
1315 SSLHandshakeServer server(std::move(serverSock), false, false);
1319 EXPECT_FALSE(server.handshakeVerify_);
1320 EXPECT_FALSE(server.handshakeSuccess_);
1321 EXPECT_TRUE(server.handshakeError_);
1324 TEST(AsyncSSLSocketTest, MinWriteSizeTest) {
1327 // Set up SSL context.
1328 auto sslContext = std::make_shared<SSLContext>();
1329 sslContext->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
1331 // create SSL socket
1332 AsyncSSLSocket::UniquePtr socket(new AsyncSSLSocket(sslContext, &eb));
1334 EXPECT_EQ(1500, socket->getMinWriteSize());
1336 socket->setMinWriteSize(0);
1337 EXPECT_EQ(0, socket->getMinWriteSize());
1338 socket->setMinWriteSize(50000);
1339 EXPECT_EQ(50000, socket->getMinWriteSize());
1342 class ReadCallbackTerminator : public ReadCallback {
1344 ReadCallbackTerminator(EventBase* base, WriteCallbackBase *wcb)
1348 // Do not write data back, terminate the loop.
1349 void readDataAvailable(size_t len) noexcept override {
1350 std::cerr << "readDataAvailable, len " << len << std::endl;
1352 currentBuffer.length = len;
1354 buffers.push_back(currentBuffer);
1355 currentBuffer.reset();
1356 state = STATE_SUCCEEDED;
1358 socket_->setReadCB(nullptr);
1359 base_->terminateLoopSoon();
1367 * Test a full unencrypted codepath
1369 TEST(AsyncSSLSocketTest, UnencryptedTest) {
1372 auto clientCtx = std::make_shared<folly::SSLContext>();
1373 auto serverCtx = std::make_shared<folly::SSLContext>();
1376 getctx(clientCtx, serverCtx);
1377 auto client = AsyncSSLSocket::newSocket(
1378 clientCtx, &base, fds[0], false, true);
1379 auto server = AsyncSSLSocket::newSocket(
1380 serverCtx, &base, fds[1], true, true);
1382 ReadCallbackTerminator readCallback(&base, nullptr);
1383 server->setReadCB(&readCallback);
1384 readCallback.setSocket(server);
1387 memset(buf, 'a', sizeof(buf));
1388 client->write(nullptr, buf, sizeof(buf));
1390 // Check that bytes are unencrypted
1392 EXPECT_EQ(1, recv(fds[1], &c, 1, MSG_PEEK));
1395 EventBaseAborter eba(&base, 3000);
1398 EXPECT_EQ(1, readCallback.buffers.size());
1399 EXPECT_EQ(AsyncSSLSocket::STATE_UNENCRYPTED, client->getSSLState());
1401 server->setReadCB(&readCallback);
1404 server->sslAccept(nullptr);
1405 client->sslConn(nullptr);
1407 // Do NOT wait for handshake, writing should be queued and happen after
1409 client->write(nullptr, buf, sizeof(buf));
1411 // Check that bytes are *not* unencrypted
1413 EXPECT_EQ(1, recv(fds[1], &c2, 1, MSG_PEEK));
1419 EXPECT_EQ(2, readCallback.buffers.size());
1420 EXPECT_EQ(AsyncSSLSocket::STATE_ESTABLISHED, client->getSSLState());
1425 ///////////////////////////////////////////////////////////////////////////
1426 // init_unit_test_suite
1427 ///////////////////////////////////////////////////////////////////////////
1429 struct Initializer {
1431 signal(SIGPIPE, SIG_IGN);
1434 Initializer initializer;