blob: 122ad4ca7b7aa2551464e292063f5553c40df2c1 [file] [log] [blame]
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
#include <proton/ssl.h>
#include "./pn_test.hpp"
TEST_CASE("ssl_protocols") {
if (!pn_ssl_present()) {
WARN("SSL not available, skipping");
return;
}
pn_test::auto_free<pn_ssl_domain_t, pn_ssl_domain_free> sd(
pn_ssl_domain(PN_SSL_MODE_CLIENT));
// Error no protocol set
CHECK(pn_ssl_domain_set_protocols(sd, "") == PN_ARG_ERR);
// Unknown protocol
CHECK(pn_ssl_domain_set_protocols(sd, "blah") == PN_ARG_ERR);
// Unknown protocol with known protocl prefix
CHECK(pn_ssl_domain_set_protocols(sd, "TLSv1.x") == PN_ARG_ERR);
// known protocols
CHECK(pn_ssl_domain_set_protocols(sd, "TLSv1") == 0);
CHECK(pn_ssl_domain_set_protocols(sd, "TLSv1.1") == 0);
CHECK(pn_ssl_domain_set_protocols(sd, "TLSv1.2") == 0);
// Check whether TLS 1.3 is supported
bool tls1_3 = (pn_ssl_domain_set_protocols(sd, "TLSv1.3") == 0);
// Multiple protocols
CHECK(pn_ssl_domain_set_protocols(sd, "TLSv1 TLSv1.1 TLSv1.2") == 0);
CHECK(pn_ssl_domain_set_protocols(sd, "TLSv1 TLSv1.1") == 0);
CHECK(pn_ssl_domain_set_protocols(sd, "TLSv1.1 TLSv1.2") == 0);
CHECK(pn_ssl_domain_set_protocols(sd, "TLSv1 TLSv1.2") == 0);
// Can only do these if we have tls 1.3
if (tls1_3) {
CHECK(pn_ssl_domain_set_protocols(sd, "TLSv1 TLSv1.1 TLSv1.2 TLSv1.3") == 0);
CHECK(pn_ssl_domain_set_protocols(sd, "TLSv1.2 TLSv1.3") == 0);
} else {
CHECK(pn_ssl_domain_set_protocols(sd, "TLSv1 TLSv1.1 TLSv1.2 TLSv1.3") == PN_ARG_ERR);
CHECK(pn_ssl_domain_set_protocols(sd, "TLSv1.2 TLSv1.3") == PN_ARG_ERR);
}
// Illegal separators
CHECK(pn_ssl_domain_set_protocols(sd, "TLSv1/TLSv1.1 TLSv1.2") == PN_ARG_ERR);
CHECK(pn_ssl_domain_set_protocols(sd, "TLSv1-TLSv1.1 TLSv1.2") == PN_ARG_ERR);
// Legal separators
CHECK(pn_ssl_domain_set_protocols(sd, "TLSv1,TLSv1.1;TLSv1.2 ; ") == 0);
CHECK(pn_ssl_domain_set_protocols(sd, "TLSv1;TLSv1.1 TLSv1.2,,,,") == 0);
// Known followed by unknown protocols
CHECK(pn_ssl_domain_set_protocols(sd, "TLSv1 TLSv1.x;TLSv1_2") == PN_ARG_ERR);
}