Fix tests for 1.1.0-era OpenSSL

rustls · Apr 10, 2017 · bf41f9e · bf41f9e
1 parent bc086c4
commit bf41f9e
Show file tree

Hide file tree

Showing 9 changed files with 92 additions and 42 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -28,6 +28,7 @@ mio = "0.5.1"
 docopt = "0.6"
 rustc-serialize = "0.3"
 webpki-roots = "0.7"
+regex = "0.2"
 
 [[example]]
 name = "bogo_shim"

diff --git a/src/msgs/enums.rs b/src/msgs/enums.rs
@@ -320,6 +320,7 @@ pub enum HandshakeType {
     ClientHello,
     ServerHello,
     NewSessionTicket,
+    EndOfEarlyData,
     HelloRetryRequest,
     EncryptedExtensions,
     Certificate,
@@ -332,6 +333,7 @@ pub enum HandshakeType {
     CertificateURL,
     CertificateStatus,
     KeyUpdate,
+    MessageHash,
     Unknown(u8),
 }
 
@@ -352,6 +354,7 @@ impl Codec for HandshakeType {
             0x01 => HandshakeType::ClientHello,
             0x02 => HandshakeType::ServerHello,
             0x04 => HandshakeType::NewSessionTicket,
+            0x05 => HandshakeType::EndOfEarlyData,
             0x06 => HandshakeType::HelloRetryRequest,
             0x08 => HandshakeType::EncryptedExtensions,
             0x0b => HandshakeType::Certificate,
@@ -364,6 +367,7 @@ impl Codec for HandshakeType {
             0x15 => HandshakeType::CertificateURL,
             0x16 => HandshakeType::CertificateStatus,
             0x18 => HandshakeType::KeyUpdate,
+            0xfe => HandshakeType::MessageHash,
             x => HandshakeType::Unknown(x),
         })
     }
@@ -376,6 +380,7 @@ impl HandshakeType {
             HandshakeType::ClientHello => 0x01,
             HandshakeType::ServerHello => 0x02,
             HandshakeType::NewSessionTicket => 0x04,
+            HandshakeType::EndOfEarlyData => 0x05,
             HandshakeType::HelloRetryRequest => 0x06,
             HandshakeType::EncryptedExtensions => 0x08,
             HandshakeType::Certificate => 0x0b,
@@ -388,6 +393,7 @@ impl HandshakeType {
             HandshakeType::CertificateURL => 0x15,
             HandshakeType::CertificateStatus => 0x16,
             HandshakeType::KeyUpdate => 0x18,
+            HandshakeType::MessageHash => 0xfe,
             HandshakeType::Unknown(v) => v,
         }
     }
@@ -471,6 +477,7 @@ pub enum AlertDescription {
     BadCertificateHashValue,
     UnknownPSKIdentity,
     CertificateRequired,
+    NoApplicationProtocol,
     Unknown(u8),
 }
 
@@ -520,6 +527,7 @@ impl Codec for AlertDescription {
             0x72 => AlertDescription::BadCertificateHashValue,
             0x73 => AlertDescription::UnknownPSKIdentity,
             0x74 => AlertDescription::CertificateRequired,
+            0x78 => AlertDescription::NoApplicationProtocol,
             x => AlertDescription::Unknown(x),
         })
     }
@@ -561,6 +569,7 @@ impl AlertDescription {
             AlertDescription::BadCertificateHashValue => 0x72,
             AlertDescription::UnknownPSKIdentity => 0x73,
             AlertDescription::CertificateRequired => 0x74,
+            AlertDescription::NoApplicationProtocol => 0x78,
             AlertDescription::Unknown(v) => v,
         }
     }
@@ -638,6 +647,8 @@ pub enum ExtensionType {
     Cookie,
     PSKKeyExchangeModes,
     TicketEarlyDataInfo,
+    CertificateAuthorities,
+    OIDFilters,
     NextProtocolNegotiation,
     ChannelId,
     RenegotiationInfo,
@@ -684,6 +695,8 @@ impl Codec for ExtensionType {
             0x002c => ExtensionType::Cookie,
             0x002d => ExtensionType::PSKKeyExchangeModes,
             0x002e => ExtensionType::TicketEarlyDataInfo,
+            0x002f => ExtensionType::CertificateAuthorities,
+            0x0030 => ExtensionType::OIDFilters,
             0x3374 => ExtensionType::NextProtocolNegotiation,
             0x754f => ExtensionType::ChannelId,
             0xff01 => ExtensionType::RenegotiationInfo,
@@ -722,6 +735,8 @@ impl ExtensionType {
             ExtensionType::Cookie => 0x002c,
             ExtensionType::PSKKeyExchangeModes => 0x002d,
             ExtensionType::TicketEarlyDataInfo => 0x002e,
+            ExtensionType::CertificateAuthorities => 0x002f,
+            ExtensionType::OIDFilters => 0x0030,
             ExtensionType::NextProtocolNegotiation => 0x3374,
             ExtensionType::ChannelId => 0x754f,
             ExtensionType::RenegotiationInfo => 0xff01,
@@ -2389,3 +2404,40 @@ impl KeyUpdateRequest {
         }
     }
 }
+
+/// The `CertificateStatusType` TLS protocol enum.  Values in this enum are taken
+/// from the various RFCs covering TLS, and are listed by IANA.
+/// The `Unknown` item is used when processing unrecognised ordinals.
+#[derive(Debug, PartialEq, Eq, Clone, Copy)]
+pub enum CertificateStatusType {
+    OCSP,
+    Unknown(u8),
+}
+
+impl Codec for CertificateStatusType {
+    fn encode(&self, bytes: &mut Vec<u8>) {
+        encode_u8(self.get_u8(), bytes);
+    }
+
+    fn read(r: &mut Reader) -> Option<CertificateStatusType> {
+        let u = read_u8(r);
+
+        if u.is_none() {
+            return None;
+        }
+
+        Some(match u.unwrap() {
+            0x01 => CertificateStatusType::OCSP,
+            x => CertificateStatusType::Unknown(x),
+        })
+    }
+}
+
+impl CertificateStatusType {
+    pub fn get_u8(&self) -> u8 {
+        match *self {
+            CertificateStatusType::OCSP => 0x01,
+            CertificateStatusType::Unknown(v) => v,
+        }
+    }
+}
diff --git a/src/msgs/enums_test.rs b/src/msgs/enums_test.rs
@@ -56,7 +56,7 @@ fn test_enums() {
     test_enum8::<HandshakeType>(HandshakeType::HelloRequest, HandshakeType::KeyUpdate);
     test_enum8::<AlertLevel>(AlertLevel::Warning, AlertLevel::Fatal);
     test_enum8::<AlertDescription>(AlertDescription::CloseNotify,
-                                   AlertDescription::CertificateRequired);
+                                   AlertDescription::NoApplicationProtocol);
     test_enum8::<HeartbeatMessageType>(HeartbeatMessageType::Request,
                                        HeartbeatMessageType::Response);
     test_enum16::<ExtensionType>(ExtensionType::ServerName, ExtensionType::RenegotiationInfo);

diff --git a/tests/badssl.rs b/tests/badssl.rs
@@ -18,7 +18,7 @@ mod online {
         polite();
         connect("cbc.badssl.com")
             .fails()
-            .expect("TLS error: AlertReceived(HandshakeFailure)")
+            .expect(r"TLS error: AlertReceived\(HandshakeFailure\)")
             .go()
             .unwrap();
     }
@@ -28,7 +28,7 @@ mod online {
         polite();
         connect("rc4.badssl.com")
             .fails()
-            .expect("TLS error: AlertReceived(HandshakeFailure)")
+            .expect(r"TLS error: AlertReceived\(HandshakeFailure\)")
             .go()
             .unwrap();
     }
@@ -38,7 +38,7 @@ mod online {
         polite();
         connect("expired.badssl.com")
             .fails()
-            .expect("TLS error: WebPKIError(CertExpired)")
+            .expect(r"TLS error: WebPKIError\(CertExpired\)")
             .go()
             .unwrap();
     }
@@ -48,7 +48,7 @@ mod online {
         polite();
         connect("wrong.host.badssl.com")
             .fails()
-            .expect("TLS error: WebPKIError(CertNotValidForName)")
+            .expect(r"TLS error: WebPKIError\(CertNotValidForName\)")
             .go()
             .unwrap();
     }
@@ -58,7 +58,7 @@ mod online {
         polite();
         connect("self-signed.badssl.com")
             .fails()
-            .expect("TLS error: WebPKIError(UnknownIssuer)")
+            .expect(r"TLS error: WebPKIError\(UnknownIssuer\)")
             .go()
             .unwrap();
     }
@@ -68,7 +68,7 @@ mod online {
         polite();
         connect("dh2048.badssl.com")
             .fails()
-            .expect("TLS error: AlertReceived(HandshakeFailure)")
+            .expect(r"TLS error: AlertReceived\(HandshakeFailure\)")
             .go()
             .unwrap();
     }
@@ -124,7 +124,7 @@ mod online {
         polite();
         connect("10000-sans.badssl.com")
             .fails()
-            .expect("TLS error: CorruptMessagePayload(Handshake)")
+            .expect(r"TLS error: CorruptMessagePayload\(Handshake\)")
             .go()
             .unwrap();
     }
@@ -143,7 +143,7 @@ mod online {
         polite();
         connect("sha1-2016.badssl.com")
             .fails()
-            .expect("TLS error: WebPKIError(CertExpired)")
+            .expect(r"TLS error: WebPKIError\(CertExpired\)")
             .go()
             .unwrap();
     }

diff --git a/tests/common/mod.rs b/tests/common/mod.rs
@@ -5,6 +5,9 @@ use std::time;
 use std::net;
 use std::env;
 
+extern crate regex;
+use self::regex::Regex;
+
 // For tests which connect to internet servers, don't go crazy.
 pub fn polite() {
     thread::sleep(time::Duration::from_secs(1));
@@ -266,15 +269,17 @@ impl TlsClient {
         let stderr_str = unsafe { String::from_utf8_unchecked(output.stderr.clone()) };
 
         for expect in &self.expect_output {
-            if stdout_str.find(expect).is_none() {
+            let re = Regex::new(expect).unwrap();
+            if re.find(&stdout_str).is_none() {
                 println!("We expected to find '{}' in the following output:", expect);
                 println!("{:?}", output);
                 panic!("Test failed");
             }
         }
 
         for expect in &self.expect_log {
-            if stderr_str.find(expect).is_none() {
+            let re = Regex::new(expect).unwrap();
+            if re.find(&stderr_str).is_none() {
                 println!("We expected to find '{}' in the following output:", expect);
                 println!("{:?}", output);
                 panic!("Test failed");
@@ -648,15 +653,17 @@ impl OpenSSLClient {
         print!("{}", stderr_str);
 
         for expect in &self.expect_output {
-            if stdout_str.find(expect).is_none() {
+            let re = Regex::new(expect).unwrap();
+            if re.find(&stdout_str).is_none() {
                 println!("We expected to find '{}' in the following output:", expect);
                 println!("{:?}", output);
                 panic!("Test failed");
             }
         }
 
         for expect in &self.expect_log {
-            if stderr_str.find(expect).is_none() {
+            let re = Regex::new(expect).unwrap();
+            if re.find(&stderr_str).is_none() {
                 println!("We expected to find '{}' in the following output:", expect);
                 println!("{:?}", output);
                 panic!("Test failed");

diff --git a/tests/curves.rs b/tests/curves.rs
@@ -11,8 +11,7 @@ fn curve_nistp256() {
     server.run();
     server.client()
         .verbose()
-        .expect_log("ECDHE curve is ECParameters { curve_type: NamedCurve, named_group: \
-                     secp256r1 }")
+        .expect_log(r"ECDHE curve is ECParameters \{ curve_type: NamedCurve, named_group: secp256r1 \}")
         .go();
     server.kill();
 }
@@ -24,8 +23,7 @@ fn curve_nistp384() {
     server.run();
     server.client()
         .verbose()
-        .expect_log("ECDHE curve is ECParameters { curve_type: NamedCurve, named_group: \
-                     secp384r1 }")
+        .expect_log(r"ECDHE curve is ECParameters \{ curve_type: NamedCurve, named_group: secp384r1 \}")
         .go();
     server.kill();
 }
diff --git a/tests/errors.rs b/tests/errors.rs
@@ -14,7 +14,7 @@ fn no_tls12() {
         .verbose()
         .fails()
         .expect_log("TLS alert received:")
-        .expect("TLS error: AlertReceived(HandshakeFailure)")
+        .expect(r"TLS error: AlertReceived\(HandshakeFailure\)")
         .go();
 }
 
@@ -33,7 +33,7 @@ fn no_ecdhe() {
         .verbose()
         .fails()
         .expect_log("TLS alert received:")
-        .expect("TLS error: AlertReceived(HandshakeFailure)")
+        .expect(r"TLS error: AlertReceived\(HandshakeFailure\)")
         .go();
 }
 
@@ -47,6 +47,6 @@ fn tls11_only() {
         .verbose()
         .fails()
         .expect_log("TLS alert received:")
-        .expect("TLS error: AlertReceived(HandshakeFailure)")
+        .expect(r"TLS error: AlertReceived\(HandshakeFailure\)")
         .go();
 }