mirror of
https://github.com/mollyim/webrtc.git
synced 2025-05-13 05:40:42 +01:00
Fix SSLStreamAdapterTestDTLSCertChain when building with OpenSSL
These tests were failing when building WebRTC against OpenSSL instead of BoringSSL. The reason is that OpenSSLStreamAdapter::SSLVerifyCallback in the BoringSSL mode returns the full cert_chain by calling SSL_get0_peer_certificates. This API does not exist in OpenSSL, instead only a single certificate is fetched via X509_STORE_CTX_get0_cert. ifdef out the parts of the test that assert on cert[1] and cert[2]. An alternative but more involved way to fix these tests could be to use X509_STORE_CTX_get1_chain to fetch the full chain on the OpenSSL path. Bug: webrtc:15153 Change-Id: I1ede6a3c5a63d4afd2de849f5e44fcd67592aa3c Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/304400 Reviewed-by: Harald Alvestrand <hta@webrtc.org> Reviewed-by: Mirko Bonadei <mbonadei@webrtc.org> Commit-Queue: Mirko Bonadei <mbonadei@webrtc.org> Cr-Commit-Position: refs/heads/main@{#40022}
This commit is contained in:
Joachim Reiersen
WebRTC LUCI CQ
parent
2198f95118
commit
aac19d3136
1 changed files with 15 additions and 3 deletions
|
|
@ -1123,9 +1123,13 @@ TEST_F(SSLStreamAdapterTestDTLSCertChain, TwoCertHandshake) {
|
|||
std::unique_ptr<rtc::SSLCertChain> peer_cert_chain =
|
||||
client_ssl_->GetPeerSSLCertChain();
|
||||
ASSERT_NE(nullptr, peer_cert_chain);
|
||||
ASSERT_EQ(2u, peer_cert_chain->GetSize());
|
||||
EXPECT_EQ(kCERT_PEM, peer_cert_chain->Get(0).ToPEMString());
|
||||
// TODO(bugs.webrtc.org/15153): Fix peer_cert_chain to return multiple
|
||||
// certificates under OpenSSL. Today it only works with BoringSSL.
|
||||
#ifdef OPENSSL_IS_BORINGSSL
|
||||
ASSERT_EQ(2u, peer_cert_chain->GetSize());
|
||||
EXPECT_EQ(kCACert, peer_cert_chain->Get(1).ToPEMString());
|
||||
#endif
|
||||
}
|
||||
|
||||
TEST_F(SSLStreamAdapterTestDTLSCertChain, TwoCertHandshakeWithCopy) {
|
||||
|
|
@ -1135,9 +1139,13 @@ TEST_F(SSLStreamAdapterTestDTLSCertChain, TwoCertHandshakeWithCopy) {
|
|||
std::unique_ptr<rtc::SSLCertChain> peer_cert_chain =
|
||||
client_ssl_->GetPeerSSLCertChain();
|
||||
ASSERT_NE(nullptr, peer_cert_chain);
|
||||
ASSERT_EQ(2u, peer_cert_chain->GetSize());
|
||||
EXPECT_EQ(kCERT_PEM, peer_cert_chain->Get(0).ToPEMString());
|
||||
// TODO(bugs.webrtc.org/15153): Fix peer_cert_chain to return multiple
|
||||
// certificates under OpenSSL. Today it only works with BoringSSL.
|
||||
#ifdef OPENSSL_IS_BORINGSSL
|
||||
ASSERT_EQ(2u, peer_cert_chain->GetSize());
|
||||
EXPECT_EQ(kCACert, peer_cert_chain->Get(1).ToPEMString());
|
||||
#endif
|
||||
}
|
||||
|
||||
TEST_F(SSLStreamAdapterTestDTLSCertChain, ThreeCertHandshake) {
|
||||
|
|
@ -1147,10 +1155,14 @@ TEST_F(SSLStreamAdapterTestDTLSCertChain, ThreeCertHandshake) {
|
|||
std::unique_ptr<rtc::SSLCertChain> peer_cert_chain =
|
||||
client_ssl_->GetPeerSSLCertChain();
|
||||
ASSERT_NE(nullptr, peer_cert_chain);
|
||||
ASSERT_EQ(3u, peer_cert_chain->GetSize());
|
||||
EXPECT_EQ(kCERT_PEM, peer_cert_chain->Get(0).ToPEMString());
|
||||
// TODO(bugs.webrtc.org/15153): Fix peer_cert_chain to return multiple
|
||||
// certificates under OpenSSL. Today it only works with BoringSSL.
|
||||
#ifdef OPENSSL_IS_BORINGSSL
|
||||
ASSERT_EQ(3u, peer_cert_chain->GetSize());
|
||||
EXPECT_EQ(kIntCert1, peer_cert_chain->Get(1).ToPEMString());
|
||||
EXPECT_EQ(kCACert, peer_cert_chain->Get(2).ToPEMString());
|
||||
#endif
|
||||
}
|
||||
|
||||
// Test that closing the connection on one side updates the other side.
|
||||
|
|
|
|||
Loading…
Reference in a new issue