From: Xiangyu Bu <xbu@fb.com>
Date: Tue, 11 Jul 2017 17:00:51 +0000 (-0700)
Subject: Update providedCiphersStr_ in one place.
X-Git-Tag: v2017.07.17.00~26
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=9d23df15330c1c21c4719bf0f05c04b21c5e6bb3;p=folly.git

Update providedCiphersStr_ in one place.

Summary:
The function `setCipherList` seems to forget to update the data member
`providedCipherString_`. This diff updates `providedCiphersString_` at
a single place `setCiphersOrThrow()`, and adds two test cases to make
sure the derived `SSL*` uses the desired set of ciphers.

Reviewed By: yfeldblum

Differential Revision: D5372758

fbshipit-source-id: 8144ab3bc518b2b9fa8090af62f3bd6475bbbece
---

diff --git a/folly/io/async/SSLContext.cpp b/folly/io/async/SSLContext.cpp
index b38ea2bb..5ef22353 100644
--- a/folly/io/async/SSLContext.cpp
+++ b/folly/io/async/SSLContext.cpp
@@ -102,7 +102,6 @@ SSLContext::~SSLContext() {
 }
 
 void SSLContext::ciphers(const std::string& ciphers) {
-  providedCiphersString_ = ciphers;
   setCiphersOrThrow(ciphers);
 }
 
@@ -188,6 +187,7 @@ void SSLContext::setCiphersOrThrow(const std::string& ciphers) {
   if (rc == 0) {
     throw std::runtime_error("SSL_CTX_set_cipher_list: " + getErrors());
   }
+  providedCiphersString_ = ciphers;
 }
 
 void SSLContext::setVerificationOption(const SSLContext::SSLVerifyPeerEnum&
diff --git a/folly/io/async/test/SSLContextTest.cpp b/folly/io/async/test/SSLContextTest.cpp
new file mode 100644
index 00000000..98f6467c
--- /dev/null
+++ b/folly/io/async/test/SSLContextTest.cpp
@@ -0,0 +1,51 @@
+/*
+ * Copyright 2017 Facebook, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <folly/io/async/SSLContext.h>
+#include <folly/portability/GTest.h>
+
+using namespace std;
+using namespace testing;
+
+namespace folly {
+
+class SSLContextTest : public testing::Test {
+ public:
+  SSLContext ctx;
+  void verifySSLCipherList(const vector<string>& ciphers);
+};
+
+void SSLContextTest::verifySSLCipherList(const vector<string>& ciphers) {
+  int i = 0;
+  SSL* ssl = ctx.createSSL();
+  for (auto& cipher : ciphers) {
+    ASSERT_STREQ(cipher.c_str(), SSL_get_cipher_list(ssl, i++));
+  }
+  ASSERT_EQ(nullptr, SSL_get_cipher_list(ssl, i));
+  SSL_free(ssl);
+}
+
+TEST_F(SSLContextTest, TestSetCipherString) {
+  ctx.ciphers("AES128-SHA:ECDHE-RSA-AES256-SHA384");
+  verifySSLCipherList({"AES128-SHA", "ECDHE-RSA-AES256-SHA384"});
+}
+
+TEST_F(SSLContextTest, TestSetCipherList) {
+  const vector<string> ciphers = {"ECDHE-RSA-AES128-SHA", "AES256-SHA"};
+  ctx.setCipherList(ciphers);
+  verifySSLCipherList(ciphers);
+}
+}