diff --git a/Cargo.toml b/Cargo.toml index 3748944780..41c35d6d1b 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -35,6 +35,7 @@ webpki-roots = "0.16" ct-logs = "0.5" regex = "1.0" vecio = "0.1" +tempfile = "3.0" [[example]] name = "bogo_shim" diff --git a/tests/api.rs b/tests/api.rs index e81db7ccaa..a3c59bf93d 100644 --- a/tests/api.rs +++ b/tests/api.rs @@ -2,7 +2,6 @@ use std::sync::Arc; use std::sync::Mutex; use std::sync::atomic::{AtomicUsize, Ordering}; -use std::fs; use std::mem; use std::fmt; use std::io::{self, Write, Read}; @@ -26,6 +25,9 @@ use rustls::quic::{self, QuicExt, ClientQuicExt, ServerQuicExt}; use webpki; +#[allow(dead_code)] +mod common; + fn transfer(left: &mut dyn Session, right: &mut dyn Session) -> usize { let mut buf = [0u8; 262144]; let mut total = 0; @@ -58,35 +60,31 @@ enum KeyType { static ALL_KEY_TYPES: [KeyType; 2] = [ KeyType::RSA, KeyType::ECDSA ]; impl KeyType { - fn path_for(&self, part: &str) -> String { + fn bytes_for(&self, part: &str) -> &'static [u8] { match self { - KeyType::RSA => format!("test-ca/rsa/{}", part), - KeyType::ECDSA => format!("test-ca/ecdsa/{}", part), + KeyType::RSA => common::bytes_for("rsa", part), + KeyType::ECDSA => common::bytes_for("ecdsa", part), } } fn get_chain(&self) -> Vec { - pemfile::certs(&mut io::BufReader::new(fs::File::open(self.path_for("end.fullchain")) - .unwrap())) + pemfile::certs(&mut io::BufReader::new(self.bytes_for("end.fullchain"))) .unwrap() } fn get_key(&self) -> PrivateKey { - pemfile::pkcs8_private_keys(&mut io::BufReader::new(fs::File::open(self.path_for("end.key")) - .unwrap())) + pemfile::pkcs8_private_keys(&mut io::BufReader::new(self.bytes_for("end.key"))) .unwrap()[0] .clone() } fn get_client_chain(&self) -> Vec { - pemfile::certs(&mut io::BufReader::new(fs::File::open(self.path_for("client.fullchain")) - .unwrap())) + pemfile::certs(&mut io::BufReader::new(self.bytes_for("client.fullchain"))) .unwrap() } fn get_client_key(&self) -> PrivateKey { - pemfile::pkcs8_private_keys(&mut io::BufReader::new(fs::File::open(self.path_for("client.key")) - .unwrap())) + pemfile::pkcs8_private_keys(&mut io::BufReader::new(self.bytes_for("client.key"))) .unwrap()[0] .clone() } @@ -115,7 +113,7 @@ fn make_server_config_with_mandatory_client_auth(kt: KeyType) -> ServerConfig { fn make_client_config(kt: KeyType) -> ClientConfig { let mut cfg = ClientConfig::new(); - let mut rootbuf = io::BufReader::new(fs::File::open(kt.path_for("ca.cert")).unwrap()); + let mut rootbuf = io::BufReader::new(kt.bytes_for("ca.cert")); cfg.root_store.add_pem_file(&mut rootbuf).unwrap(); cfg diff --git a/tests/bugs.rs b/tests/bugs.rs index e48c08508b..a7448992d1 100644 --- a/tests/bugs.rs +++ b/tests/bugs.rs @@ -7,7 +7,9 @@ use crate::common::OpenSSLServer; // but B is not. #[test] fn partial_chain() { - let mut server = OpenSSLServer::new_rsa(3000); + let test_ca = common::new_test_ca(); + + let mut server = OpenSSLServer::new_rsa(test_ca.path(), 3000); server.partial_chain(); server.run(); server.client() diff --git a/tests/client_suites.rs b/tests/client_suites.rs index e73e637958..8617da2687 100644 --- a/tests/client_suites.rs +++ b/tests/client_suites.rs @@ -7,7 +7,9 @@ use crate::common::OpenSSLServer; #[test] fn ecdhe_rsa_aes_128_gcm_sha256() { - let mut server = OpenSSLServer::new_rsa(5000); + let test_ca = common::new_test_ca(); + + let mut server = OpenSSLServer::new_rsa(test_ca.path(), 5000); server.run(); server.client() .verbose() @@ -19,7 +21,9 @@ fn ecdhe_rsa_aes_128_gcm_sha256() { #[test] fn ecdhe_rsa_aes_256_gcm_sha384() { - let mut server = OpenSSLServer::new_rsa(5010); + let test_ca = common::new_test_ca(); + + let mut server = OpenSSLServer::new_rsa(test_ca.path(), 5010); server.run(); server.client() .verbose() @@ -31,7 +35,9 @@ fn ecdhe_rsa_aes_256_gcm_sha384() { #[test] fn ecdhe_ecdsa_aes_128_gcm_sha256() { - let mut server = OpenSSLServer::new_ecdsa(5020); + let test_ca = common::new_test_ca(); + + let mut server = OpenSSLServer::new_ecdsa(test_ca.path(), 5020); server.run(); server.client() .verbose() @@ -43,7 +49,9 @@ fn ecdhe_ecdsa_aes_128_gcm_sha256() { #[test] fn ecdhe_ecdsa_aes_256_gcm_sha384() { - let mut server = OpenSSLServer::new_ecdsa(5030); + let test_ca = common::new_test_ca(); + + let mut server = OpenSSLServer::new_ecdsa(test_ca.path(), 5030); server.run(); server.client() .verbose() diff --git a/tests/common/mod.rs b/tests/common/mod.rs index 94981d795c..bfe3455841 100644 --- a/tests/common/mod.rs +++ b/tests/common/mod.rs @@ -1,5 +1,9 @@ use std::env; use std::net; + +use std::fs::{self, File}; +use std::io::Write; +use std::path::{Path, PathBuf}; use std::process; use std::str; use std::thread; @@ -7,6 +11,83 @@ use std::time; use regex; use self::regex::Regex; +use tempfile; + +macro_rules! embed_files { + ( + $( + ($name:ident, $keytype:expr, $path:expr); + )+ + ) => { + $( + const $name: &'static [u8] = include_bytes!( + concat!("../../test-ca/", $keytype, "/", $path)); + )+ + + pub fn bytes_for(keytype: &str, path: &str) -> &'static [u8] { + match (keytype, path) { + $( + ($keytype, $path) => $name, + )+ + _ => panic!("unknown keytype {} with path {}", keytype, path), + } + } + + pub fn new_test_ca() -> tempfile::TempDir { + let dir = tempfile::TempDir::new().unwrap(); + + fs::create_dir(dir.path().join("ecdsa")).unwrap(); + fs::create_dir(dir.path().join("rsa")).unwrap(); + + $( + let mut f = File::create(dir.path().join($keytype).join($path)).unwrap(); + f.write($name).unwrap(); + )+ + + dir + } + } +} + +embed_files! { + (ECDSA_CA_CERT, "ecdsa", "ca.cert"); + (ECDSA_CA_DER, "ecdsa", "ca.der"); + (ECDSA_CA_KEY, "ecdsa", "ca.key"); + (ECDSA_CLIENT_CERT, "ecdsa", "client.cert"); + (ECDSA_CLIENT_CHAIN, "ecdsa", "client.chain"); + (ECDSA_CLIENT_FULLCHAIN, "ecdsa", "client.fullchain"); + (ECDSA_CLIENT_KEY, "ecdsa", "client.key"); + (ECDSA_CLIENT_REQ, "ecdsa", "client.req"); + (ECDSA_END_CERT, "ecdsa", "end.cert"); + (ECDSA_END_CHAIN, "ecdsa", "end.chain"); + (ECDSA_END_FULLCHAIN, "ecdsa", "end.fullchain"); + (ECDSA_END_KEY, "ecdsa", "end.key"); + (ECDSA_END_REQ, "ecdsa", "end.req"); + (ECDSA_INTER_CERT, "ecdsa", "inter.cert"); + (ECDSA_INTER_KEY, "ecdsa", "inter.key"); + (ECDSA_INTER_REQ, "ecdsa", "inter.req"); + (ECDSA_NISTP256_PEM, "ecdsa", "nistp256.pem"); + (ECDSA_NISTP384_PEM, "ecdsa", "nistp384.pem"); + + (RSA_CA_CERT, "rsa", "ca.cert"); + (RSA_CA_DER, "rsa", "ca.der"); + (RSA_CA_KEY, "rsa", "ca.key"); + (RSA_CLIENT_CERT, "rsa", "client.cert"); + (RSA_CLIENT_CHAIN, "rsa", "client.chain"); + (RSA_CLIENT_FULLCHAIN, "rsa", "client.fullchain"); + (RSA_CLIENT_KEY, "rsa", "client.key"); + (RSA_CLIENT_REQ, "rsa", "client.req"); + (RSA_CLIENT_RSA, "rsa", "client.rsa"); + (RSA_END_CERT, "rsa", "end.cert"); + (RSA_END_CHAIN, "rsa", "end.chain"); + (RSA_END_FULLCHAIN, "rsa", "end.fullchain"); + (RSA_END_KEY, "rsa", "end.key"); + (RSA_END_REQ, "rsa", "end.req"); + (RSA_END_RSA, "rsa", "end.rsa"); + (RSA_INTER_CERT, "rsa", "inter.cert"); + (RSA_INTER_KEY, "rsa", "inter.key"); + (RSA_INTER_REQ, "rsa", "inter.req"); +} // For tests which connect to internet servers, don't go crazy. pub fn polite() { @@ -102,9 +183,9 @@ pub struct TlsClient { pub hostname: String, pub port: u16, pub http: bool, - pub cafile: Option, - pub client_auth_key: Option, - pub client_auth_certs: Option, + pub cafile: Option, + pub client_auth_key: Option, + pub client_auth_certs: Option, pub cache: Option, pub suites: Vec, pub protos: Vec>, @@ -141,14 +222,14 @@ impl TlsClient { } } - pub fn client_auth(&mut self, certs: &str, key: &str) -> &mut Self { - self.client_auth_key = Some(key.to_string()); - self.client_auth_certs = Some(certs.to_string()); + pub fn client_auth(&mut self, certs: &Path, key: &Path) -> &mut Self { + self.client_auth_key = Some(key.to_path_buf()); + self.client_auth_certs = Some(certs.to_path_buf()); self } - pub fn cafile(&mut self, cafile: &str) -> &mut TlsClient { - self.cafile = Some(cafile.to_string()); + pub fn cafile(&mut self, cafile: &Path) -> &mut TlsClient { + self.cafile = Some(cafile.to_path_buf()); self } @@ -245,17 +326,17 @@ impl TlsClient { if self.cafile.is_some() { args.push("--cafile"); - args.push(self.cafile.as_ref().unwrap()); + args.push(self.cafile.as_ref().unwrap().to_str().unwrap()); } if self.client_auth_key.is_some() { args.push("--auth-key"); - args.push(self.client_auth_key.as_ref().unwrap()); + args.push(self.client_auth_key.as_ref().unwrap().to_str().unwrap()); } if self.client_auth_certs.is_some() { args.push("--auth-certs"); - args.push(self.client_auth_certs.as_ref().unwrap()); + args.push(self.client_auth_certs.as_ref().unwrap().to_str().unwrap()); } for suite in &self.suites { @@ -321,37 +402,37 @@ pub struct OpenSSLServer { pub port: u16, pub http: bool, pub quiet: bool, - pub key: String, - pub cert: String, - pub chain: String, - pub intermediate: String, - pub cacert: String, + pub key: PathBuf, + pub cert: PathBuf, + pub chain: PathBuf, + pub intermediate: PathBuf, + pub cacert: PathBuf, pub extra_args: Vec<&'static str>, pub child: Option, } impl OpenSSLServer { - pub fn new(keytype: &str, start_port: u16) -> OpenSSLServer { + pub fn new(test_ca: &Path, keytype: &str, start_port: u16) -> OpenSSLServer { OpenSSLServer { port: unused_port(start_port), http: true, quiet: true, - key: format!("test-ca/{}/end.key", keytype), - cert: format!("test-ca/{}/end.cert", keytype), - chain: format!("test-ca/{}/end.chain", keytype), - cacert: format!("test-ca/{}/ca.cert", keytype), - intermediate: format!("test-ca/{}/inter.cert", keytype), + key: test_ca.join(keytype).join("end.key"), + cert: test_ca.join(keytype).join("end.cert"), + chain: test_ca.join(keytype).join("end.chain"), + cacert: test_ca.join(keytype).join("ca.cert"), + intermediate: test_ca.join(keytype).join("inter.cert"), extra_args: Vec::new(), child: None, } } - pub fn new_rsa(start_port: u16) -> OpenSSLServer { - OpenSSLServer::new("rsa", start_port) + pub fn new_rsa(test_ca: &Path, start_port: u16) -> OpenSSLServer { + OpenSSLServer::new(test_ca, "rsa", start_port) } - pub fn new_ecdsa(start_port: u16) -> OpenSSLServer { - OpenSSLServer::new("ecdsa", start_port) + pub fn new_ecdsa(test_ca: &Path, start_port: u16) -> OpenSSLServer { + OpenSSLServer::new(test_ca, "ecdsa", start_port) } pub fn partial_chain(&mut self) -> &mut Self { @@ -431,34 +512,34 @@ pub struct TlsServer { pub port: u16, pub http: bool, pub echo: bool, - pub certs: String, - pub key: String, - pub cafile: String, + pub certs: PathBuf, + pub key: PathBuf, + pub cafile: PathBuf, pub suites: Vec, pub protos: Vec>, used_suites: Vec, used_protos: Vec>, pub resumes: bool, pub tickets: bool, - pub client_auth_roots: String, + pub client_auth_roots: Option, pub client_auth_required: bool, pub verbose: bool, pub child: Option, } impl TlsServer { - pub fn new(port: u16) -> Self { - Self::new_keytype(port, "rsa") + pub fn new(test_ca: &Path, port: u16) -> Self { + Self::new_keytype(test_ca, port, "rsa") } - pub fn new_keytype(port: u16, keytype: &str) -> Self { + pub fn new_keytype(test_ca: &Path, port: u16, keytype: &str) -> Self { TlsServer { port: unused_port(port), http: false, echo: false, - key: format!("test-ca/{}/end.key", keytype), - certs: format!("test-ca/{}/end.fullchain", keytype), - cafile: format!("test-ca/{}/ca.cert", keytype), + key: test_ca.join(keytype).join("end.key"), + certs: test_ca.join(keytype).join("end.fullchain"), + cafile: test_ca.join(keytype).join("ca.cert"), verbose: false, suites: Vec::new(), protos: Vec::new(), @@ -466,7 +547,7 @@ impl TlsServer { used_protos: Vec::new(), resumes: false, tickets: false, - client_auth_roots: String::new(), + client_auth_roots: None, client_auth_required: false, child: None, } @@ -514,8 +595,8 @@ impl TlsServer { self } - pub fn client_auth_roots(&mut self, cafile: &str) -> &mut Self { - self.client_auth_roots = cafile.to_string(); + pub fn client_auth_roots(&mut self, cafile: &Path) -> &mut Self { + self.client_auth_roots = Some(cafile.to_path_buf()); self } @@ -530,9 +611,9 @@ impl TlsServer { args.push("--port"); args.push(&portstring); args.push("--key"); - args.push(&self.key); + args.push(self.key.to_str().unwrap()); args.push("--certs"); - args.push(&self.certs); + args.push(self.certs.to_str().unwrap()); self.used_suites = self.suites.clone(); for suite in &self.used_suites { @@ -554,9 +635,9 @@ impl TlsServer { args.push("--tickets"); } - if !self.client_auth_roots.is_empty() { + if let Some(ref client_auth_roots) = self.client_auth_roots { args.push("--auth"); - args.push(&self.client_auth_roots); + args.push(client_auth_roots.to_str().unwrap()); if self.client_auth_required { args.push("--require-auth"); @@ -612,8 +693,8 @@ impl Drop for TlsServer { pub struct OpenSSLClient { pub port: u16, - pub cafile: String, - pub extra_args: Vec<&'static str>, + pub cafile: PathBuf, + pub extra_args: Vec, pub expect_fails: bool, pub expect_output: Vec, pub expect_log: Vec, @@ -623,7 +704,7 @@ impl OpenSSLClient { pub fn new(port: u16) -> OpenSSLClient { OpenSSLClient { port: port, - cafile: "".to_string(), + cafile: PathBuf::new(), extra_args: Vec::new(), expect_fails: false, expect_output: Vec::new(), @@ -631,13 +712,13 @@ impl OpenSSLClient { } } - pub fn arg(&mut self, arg: &'static str) -> &mut Self { - self.extra_args.push(arg); + pub fn arg(&mut self, arg: &str) -> &mut Self { + self.extra_args.push(arg.to_string()); self } - pub fn cafile(&mut self, cafile: &str) -> &mut Self { - self.cafile = cafile.to_string(); + pub fn cafile(&mut self, cafile: &Path) -> &mut Self { + self.cafile = cafile.to_path_buf(); self } @@ -657,7 +738,7 @@ impl OpenSSLClient { } pub fn go(&mut self) -> Option<()> { - let mut extra_args = Vec::<&'static str>::new(); + let mut extra_args = Vec::new(); extra_args.extend(&self.extra_args); let mut subp = process::Command::new(openssl_find()); diff --git a/tests/curves.rs b/tests/curves.rs index 3524c04871..2a8cac4ba2 100644 --- a/tests/curves.rs +++ b/tests/curves.rs @@ -6,7 +6,9 @@ use crate::common::OpenSSLServer; #[test] fn curve_nistp256() { - let mut server = OpenSSLServer::new_rsa(4000); + let test_ca = common::new_test_ca(); + + let mut server = OpenSSLServer::new_rsa(test_ca.path(), 4000); server.arg("-named_curve").arg("prime256v1"); server.run(); server.client() @@ -18,7 +20,9 @@ fn curve_nistp256() { #[test] fn curve_nistp384() { - let mut server = OpenSSLServer::new_rsa(4010); + let test_ca = common::new_test_ca(); + + let mut server = OpenSSLServer::new_rsa(test_ca.path(), 4010); server.arg("-named_curve").arg("secp384r1"); server.run(); server.client() diff --git a/tests/errors.rs b/tests/errors.rs index ee5429171d..8a2472dec5 100644 --- a/tests/errors.rs +++ b/tests/errors.rs @@ -6,7 +6,9 @@ use crate::common::OpenSSLServer; #[test] fn no_ecdhe() { - let mut server = OpenSSLServer::new_rsa(8010); + let test_ca = common::new_test_ca(); + + let mut server = OpenSSLServer::new_rsa(test_ca.path(), 8010); if common::openssl_server_supports_no_echde() { server.arg("-no_ecdhe"); } else { @@ -25,7 +27,9 @@ fn no_ecdhe() { #[test] fn tls11_only() { - let mut server = OpenSSLServer::new_rsa(8020); + let test_ca = common::new_test_ca(); + + let mut server = OpenSSLServer::new_rsa(test_ca.path(), 8020); server.arg("-tls1_1"); server.run(); diff --git a/tests/features.rs b/tests/features.rs index 3f42003e4b..1daac6e3b9 100644 --- a/tests/features.rs +++ b/tests/features.rs @@ -12,7 +12,9 @@ fn alpn_offer() { return; } - let mut server = OpenSSLServer::new_rsa(9000); + let test_ca = common::new_test_ca(); + + let mut server = OpenSSLServer::new_rsa(test_ca.path(), 9000); server.arg("-alpn") .arg("ponytown,breakfast,edgware") .arg("-tls1_2") @@ -46,7 +48,9 @@ fn alpn_agree() { return; } - let mut server = TlsServer::new(9010); + let test_ca = common::new_test_ca(); + + let mut server = TlsServer::new(test_ca.path(), 9010); server.proto(b"connaught") .proto(b"bonjour") .proto(b"egg") @@ -78,13 +82,18 @@ fn alpn_agree() { #[test] fn client_auth_by_client() { - let mut server = OpenSSLServer::new_rsa(9020); + let test_ca = common::new_test_ca(); + + let mut server = OpenSSLServer::new_rsa(test_ca.path(), 9020); server.arg("-verify").arg("0") .arg("-tls1_2"); server.run(); server.client() - .client_auth("test-ca/rsa/end.fullchain", "test-ca/rsa/end.rsa") + .client_auth( + &test_ca.path().join("rsa").join("end.fullchain"), + &test_ca.path().join("rsa").join("end.rsa"), + ) .expect_log("Got CertificateRequest") .expect_log("Attempting client auth") .expect("Client certificate\n") @@ -96,13 +105,18 @@ fn client_auth_by_client() { #[test] fn client_auth_by_client_with_ecdsa_suite() { - let mut server = OpenSSLServer::new_ecdsa(9025); + let test_ca = common::new_test_ca(); + + let mut server = OpenSSLServer::new_ecdsa(test_ca.path(), 9025); server.arg("-verify").arg("0") .arg("-tls1_2"); server.run(); server.client() - .client_auth("test-ca/rsa/end.fullchain", "test-ca/rsa/end.rsa") + .client_auth( + &test_ca.path().join("rsa").join("end.fullchain"), + &test_ca.path().join("rsa").join("end.rsa"), + ) .expect_log("Got CertificateRequest") .expect_log("Attempting client auth") .expect(r"AlertReceived\(UnknownCA\)") @@ -114,7 +128,9 @@ fn client_auth_by_client_with_ecdsa_suite() { #[test] fn client_auth_requested_but_unsupported() { - let mut server = OpenSSLServer::new_rsa(9030); + let test_ca = common::new_test_ca(); + + let mut server = OpenSSLServer::new_rsa(test_ca.path(), 9030); server.arg("-verify").arg("0") .arg("-tls1_2"); server.run(); @@ -131,7 +147,9 @@ fn client_auth_requested_but_unsupported() { #[test] fn client_auth_required_but_unsupported() { - let mut server = OpenSSLServer::new_rsa(9040); + let test_ca = common::new_test_ca(); + + let mut server = OpenSSLServer::new_rsa(test_ca.path(), 9040); server.arg("-Verify").arg("0") .arg("-tls1_2"); server.run(); @@ -148,8 +166,10 @@ fn client_auth_required_but_unsupported() { #[test] fn client_auth_by_server_accepted() { - let mut server = TlsServer::new(9050); - server.client_auth_roots("test-ca/rsa/client.chain") + let test_ca = common::new_test_ca(); + + let mut server = TlsServer::new(test_ca.path(), 9050); + server.client_auth_roots(&test_ca.path().join("rsa").join("client.chain")) .http_mode() .run(); @@ -161,9 +181,9 @@ fn client_auth_by_server_accepted() { // And with server.client() .arg("-key") - .arg("test-ca/rsa/client.key") + .arg(test_ca.path().join("rsa").join("client.key").to_str().unwrap()) .arg("-cert") - .arg("test-ca/rsa/client.fullchain") + .arg(test_ca.path().join("rsa").join("client.fullchain").to_str().unwrap()) .expect("Acceptable client certificate CA names") .go(); @@ -172,8 +192,10 @@ fn client_auth_by_server_accepted() { #[test] fn client_auth_by_server_required() { - let mut server = TlsServer::new(9060); - server.client_auth_roots("test-ca/rsa/client.chain") + let test_ca = common::new_test_ca(); + + let mut server = TlsServer::new(test_ca.path(), 9060); + server.client_auth_roots(&test_ca.path().join("rsa").join("client.chain")) .client_auth_required() .http_mode() .run(); @@ -187,9 +209,9 @@ fn client_auth_by_server_required() { // ... but does with. server.client() .arg("-key") - .arg("test-ca/rsa/client.key") + .arg(test_ca.path().join("rsa").join("client.key").to_str().unwrap()) .arg("-cert") - .arg("test-ca/rsa/client.fullchain") + .arg(test_ca.path().join("rsa").join("client.fullchain").to_str().unwrap()) .expect("Acceptable client certificate CA names") .go(); @@ -198,7 +220,9 @@ fn client_auth_by_server_required() { #[test] fn client_resumes() { - let mut server = OpenSSLServer::new_rsa(9070); + let test_ca = common::new_test_ca(); + + let mut server = OpenSSLServer::new_rsa(test_ca.path(), 9070); server.arg("-tls1_2"); server.run(); @@ -234,7 +258,9 @@ fn client_resumes() { #[test] fn server_resumes() { - let mut server = TlsServer::new(9080); + let test_ca = common::new_test_ca(); + + let mut server = TlsServer::new(test_ca.path(), 9080); server.resumes() .http_mode() .run(); @@ -277,7 +303,9 @@ fn server_resumes() { #[test] fn server_resumes_with_tickets() { - let mut server = TlsServer::new(9090); + let test_ca = common::new_test_ca(); + + let mut server = TlsServer::new(test_ca.path(), 9090); server.tickets() .http_mode() .run(); @@ -305,7 +333,9 @@ fn server_resumes_with_tickets() { #[test] fn recv_low_mtu() { - let mut server = OpenSSLServer::new_rsa(9100); + let test_ca = common::new_test_ca(); + + let mut server = OpenSSLServer::new_rsa(test_ca.path(), 9100); server.arg("-mtu").arg("32"); server.run(); @@ -316,7 +346,9 @@ fn recv_low_mtu() { #[test] fn send_low_mtu() { - let mut server = OpenSSLServer::new_rsa(9110); + let test_ca = common::new_test_ca(); + + let mut server = OpenSSLServer::new_rsa(test_ca.path(), 9110); server.run(); server.client() @@ -327,7 +359,9 @@ fn send_low_mtu() { #[test] fn send_sni() { - let mut server = OpenSSLServer::new_rsa(9115); + let test_ca = common::new_test_ca(); + + let mut server = OpenSSLServer::new_rsa(test_ca.path(), 9115); server .arg("-servername_fatal") .arg("-servername") @@ -342,7 +376,9 @@ fn send_sni() { #[test] fn do_not_send_sni() { - let mut server = OpenSSLServer::new_rsa(9116); + let test_ca = common::new_test_ca(); + + let mut server = OpenSSLServer::new_rsa(test_ca.path(), 9116); server .arg("-servername_fatal") .arg("-servername") diff --git a/tests/server_suites.rs b/tests/server_suites.rs index ca67587f98..18a3c7b299 100644 --- a/tests/server_suites.rs +++ b/tests/server_suites.rs @@ -7,7 +7,9 @@ use crate::common::TlsServer; #[test] fn ecdhe_rsa_aes_128_gcm_sha256() { - let mut server = TlsServer::new(7000); + let test_ca = common::new_test_ca(); + + let mut server = TlsServer::new(test_ca.path(), 7000); server.echo_mode() .suite("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256") @@ -22,7 +24,9 @@ fn ecdhe_rsa_aes_128_gcm_sha256() { #[test] fn ecdhe_rsa_aes_256_gcm_sha384() { - let mut server = TlsServer::new(7010); + let test_ca = common::new_test_ca(); + + let mut server = TlsServer::new(test_ca.path(), 7010); server.echo_mode() .suite("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384") @@ -37,7 +41,9 @@ fn ecdhe_rsa_aes_256_gcm_sha384() { #[test] fn ecdhe_ecdsa_aes_128_gcm_sha256() { - let mut server = TlsServer::new_keytype(7020, "ecdsa"); + let test_ca = common::new_test_ca(); + + let mut server = TlsServer::new_keytype(test_ca.path(), 7020, "ecdsa"); server.echo_mode() .suite("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256") @@ -52,7 +58,9 @@ fn ecdhe_ecdsa_aes_128_gcm_sha256() { #[test] fn ecdhe_ecdsa_aes_256_gcm_sha384() { - let mut server = TlsServer::new_keytype(7030, "ecdsa"); + let test_ca = common::new_test_ca(); + + let mut server = TlsServer::new_keytype(test_ca.path(), 7030, "ecdsa"); server.echo_mode() .suite("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384")