mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-03 08:05:21 +00:00
Code Issues Releases Wiki Activity

Add ALPN negotiation tests to TLS DNS test set

Browse Source 
This commits adds a set of unit tests to ensure that ALPN happens over
the connections and that the result of the negotiation can be checked.
This commit is contained in:
Artem Boldariev
2021-08-31 16:41:59 +03:00
parent 79d8af7354
commit 610bd2726e
1 changed files with 148 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

148
lib/isc/tests/netmgr_test.c
View File

@@ -2727,6 +2727,148 @@ tlsdns_half_recv_half_send(void **state __attribute__((unused))) {
CHECK_RANGE_HALF(ssends); CHECK_RANGE_HALF(ssends);
} }
static void
tlsdns_connect_connect_noalpn(isc_nmhandle_t *handle, isc_result_t eresult,
void *cbarg) {
isc_nmhandle_t *readhandle = NULL;
UNUSED(cbarg);
F();
isc_refcount_decrement(&active_cconnects);
if (eresult != ISC_R_SUCCESS || connect_readcb == NULL ||
!isc_nm_xfr_allowed(handle))
{
return;
}
atomic_fetch_add(&cconnects, 1);
isc_refcount_increment0(&active_creads);
isc_nmhandle_attach(handle, &readhandle);
isc_nm_read(handle, connect_readcb, NULL);
connect_send(handle);
}
static void
tlsdns_connect_noalpn(void **state __attribute__((unused))) {
isc_result_t result = ISC_R_SUCCESS;
isc_nmsocket_t *listen_sock = NULL;
isc_sockaddr_t connect_addr;
isc_tlsctx_t *connect_tlsctx_noalpn = NULL;
result = isc_tlsctx_createclient(&connect_tlsctx_noalpn);
assert_true(result == ISC_R_SUCCESS);
connect_addr = (isc_sockaddr_t){ .length = 0 };
isc_sockaddr_fromin6(&connect_addr, &in6addr_loopback, 0);
result = isc_nm_listentlsdns(listen_nm, &tcp_listen_addr, noop_recv_cb,
NULL, noop_accept_cb, NULL, 0, 0, NULL,
tcp_listen_tlsctx, &listen_sock);
assert_int_equal(result, ISC_R_SUCCESS);
isc_refcount_increment0(&active_cconnects);
isc_nm_tlsdnsconnect(connect_nm, &connect_addr, &tcp_listen_addr,
tlsdns_connect_connect_noalpn, NULL, T_CONNECT, 0,
connect_tlsctx_noalpn);
WAIT_FOR_EQ(active_cconnects, 0);
isc_nm_stoplistening(listen_sock);
isc_nmsocket_close(&listen_sock);
assert_null(listen_sock);
isc__netmgr_shutdown(connect_nm);
X(cconnects);
X(csends);
X(creads);
X(sreads);
X(ssends);
atomic_assert_int_eq(cconnects, 0);
atomic_assert_int_eq(csends, 0);
atomic_assert_int_eq(creads, 0);
atomic_assert_int_eq(sreads, 0);
atomic_assert_int_eq(ssends, 0);
isc_tlsctx_free(&connect_tlsctx_noalpn);
}
#ifdef HAVE_LIBNGHTTP2
static isc_result_t
tls_accept_cb_noalpn(isc_nmhandle_t *handle, isc_result_t eresult,
void *cbarg) {
F();
if (eresult != ISC_R_SUCCESS) {
return (eresult);
}
atomic_fetch_add(&saccepts, 1);
if (!isc_nm_xfr_allowed(handle)) {
return (ISC_R_FAILURE);
}
return (stream_accept_cb(handle, eresult, cbarg));
}
static void
tlsdns_listen_noalpn(void **state __attribute__((unused))) {
isc_result_t result = ISC_R_SUCCESS;
isc_nmsocket_t *listen_sock = NULL;
isc_sockaddr_t connect_addr;
isc_tlsctx_t *server_tlsctx_noalpn = NULL;
result = isc_tlsctx_createserver(NULL, NULL, &server_tlsctx_noalpn);
assert_true(result == ISC_R_SUCCESS);
connect_addr = (isc_sockaddr_t){ .length = 0 };
isc_sockaddr_fromin6(&connect_addr, &in6addr_loopback, 0);
/* We use TLS stream listener here intentionally, as it does not
* try to do ALPN. */
result = isc_nm_listentls(listen_nm, &tcp_listen_addr,
tls_accept_cb_noalpn, NULL, 0, 0, NULL,
server_tlsctx_noalpn, &listen_sock);
assert_int_equal(result, ISC_R_SUCCESS);
isc_refcount_increment0(&active_cconnects);
isc_nm_tlsdnsconnect(connect_nm, &connect_addr, &tcp_listen_addr,
connect_connect_cb, NULL, T_CONNECT, 0,
tcp_connect_tlsctx);
WAIT_FOR_EQ(saccepts, 1);
WAIT_FOR_EQ(cconnects, 1);
WAIT_FOR_EQ(csends, 1);
isc_nm_stoplistening(listen_sock);
isc_nmsocket_close(&listen_sock);
assert_null(listen_sock);
isc__netmgr_shutdown(connect_nm);
X(cconnects);
X(csends);
X(creads);
X(sreads);
X(ssends);
atomic_assert_int_eq(saccepts, 1);
atomic_assert_int_eq(cconnects, 1);
atomic_assert_int_eq(csends, 1);
atomic_assert_int_eq(creads, 0);
atomic_assert_int_eq(sreads, 0);
atomic_assert_int_eq(ssends, 0);
isc_tlsctx_free(&server_tlsctx_noalpn);
}
#endif /* HAVE_LIBNGHTTP2 */
int int
main(void) { main(void) {
const struct CMUnitTest tests[] = { const struct CMUnitTest tests[] = {
@@ -2920,6 +3062,12 @@ main(void) {
nm_teardown), nm_teardown),
cmocka_unit_test_setup_teardown(tlsdns_half_recv_half_send, cmocka_unit_test_setup_teardown(tlsdns_half_recv_half_send,
nm_setup, nm_teardown), nm_setup, nm_teardown),
cmocka_unit_test_setup_teardown(tlsdns_connect_noalpn, nm_setup,
nm_teardown),
#ifdef HAVE_LIBNGHTTP2
cmocka_unit_test_setup_teardown(tlsdns_listen_noalpn, nm_setup,
nm_teardown),
#endif
}; };
return (cmocka_run_group_tests(tests, _setup, _teardown)); return (cmocka_run_group_tests(tests, _setup, _teardown));