From d942be05023916f751d7f094a778b383a6df0d10 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 15 Apr 2024 15:11:06 +0100 Subject: [PATCH] Factor out commonality between client.c & server.c --- rustls-libssl/tests/client.c | 54 ++--------------------------- rustls-libssl/tests/helpers.h | 65 +++++++++++++++++++++++++++++++++++ rustls-libssl/tests/server.c | 54 ++--------------------------- 3 files changed, 69 insertions(+), 104 deletions(-) create mode 100644 rustls-libssl/tests/helpers.h diff --git a/rustls-libssl/tests/client.c b/rustls-libssl/tests/client.c index b27503c..4d57886 100644 --- a/rustls-libssl/tests/client.c +++ b/rustls-libssl/tests/client.c @@ -13,38 +13,10 @@ #include #include -#include #include #include -static int trace(int rc, const char *str) { - printf("%s: %d\n", str, rc); - return rc; -} - -#define TRACE(fn) trace((fn), #fn) - -static void hexdump(const char *label, const void *buf, int n) { - const uint8_t *ubuf = (const uint8_t *)buf; - printf("%s (%d bytes): ", label, n); - for (int i = 0; i < n; i++) { - printf("%02x", ubuf[i]); - } - printf("\n"); -} - -static void dump_openssl_error_stack(void) { - if (ERR_peek_error() != 0) { - printf("openssl error: %08lx\n", ERR_peek_error()); - ERR_print_errors_fp(stderr); - } -} - -static void state(const SSL *s) { - OSSL_HANDSHAKE_STATE st = SSL_get_state(s); - printf("state: %d (before:%d, init:%d, fin:%d)\n", st, SSL_in_before(s), - SSL_in_init(s), SSL_is_init_finished(s)); -} +#include "helpers.h" int main(int argc, char **argv) { if (argc != 4 && argc != 6) { @@ -128,29 +100,7 @@ int main(int argc, char **argv) { printf("verify-result: %ld\n", SSL_get_verify_result(ssl)); printf("cipher: %s\n", SSL_CIPHER_standard_name(SSL_get_current_cipher(ssl))); - // check the peer certificate and chain - X509 *cert = SSL_get1_peer_certificate(ssl); - if (cert) { - char *name = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0); - printf("server subject: %s\n", name); - free(name); - } else { - printf("server cert absent\n"); - } - X509_free(cert); - - STACK_OF(X509) *chain = SSL_get_peer_cert_chain(ssl); - if (chain) { - printf("%d certs in server chain\n", sk_X509_num(chain)); - for (int i = 0; i < sk_X509_num(chain); i++) { - X509 *cert = sk_X509_value(chain, i); - char *name = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0); - printf(" %d: %s\n", i, name); - free(name); - } - } else { - printf("server cert chain absent\n"); - } + show_peer_certificate("server", ssl); if (getenv("NO_ECHO")) { printf("NO_ECHO set, skipping echo test\n"); diff --git a/rustls-libssl/tests/helpers.h b/rustls-libssl/tests/helpers.h new file mode 100644 index 0000000..4a9392a --- /dev/null +++ b/rustls-libssl/tests/helpers.h @@ -0,0 +1,65 @@ +#ifndef TESTS_COMMON_H +#define TESTS_COMMON_H + +#include + +#include +#include +#include + +static int trace(int rc, const char *str) { + printf("%s: %d\n", str, rc); + return rc; +} + +#define TRACE(fn) trace((fn), #fn) + +static void hexdump(const char *label, const void *buf, int n) { + const uint8_t *ubuf = (const uint8_t *)buf; + printf("%s (%d bytes): ", label, n); + for (int i = 0; i < n; i++) { + printf("%02x", ubuf[i]); + } + printf("\n"); +} + +static void dump_openssl_error_stack(void) { + if (ERR_peek_error() != 0) { + printf("openssl error: %08lx\n", ERR_peek_error()); + ERR_print_errors_fp(stderr); + } +} + +static void state(const SSL *s) { + OSSL_HANDSHAKE_STATE st = SSL_get_state(s); + printf("state: %d (before:%d, init:%d, fin:%d)\n", st, SSL_in_before(s), + SSL_in_init(s), SSL_is_init_finished(s)); +} + +static void show_peer_certificate(const char *peer_name, const SSL *ssl) { + // check the peer certificate and chain + X509 *cert = SSL_get1_peer_certificate(ssl); + if (cert) { + char *name = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0); + printf("%s subject: %s\n", peer_name, name); + free(name); + } else { + printf("%s cert absent\n", peer_name); + } + X509_free(cert); + + STACK_OF(X509) *chain = SSL_get_peer_cert_chain(ssl); + if (chain) { + printf("%d certs in %s chain\n", sk_X509_num(chain), peer_name); + for (int i = 0; i < sk_X509_num(chain); i++) { + X509 *cert = sk_X509_value(chain, i); + char *name = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0); + printf(" %d: %s\n", i, name); + free(name); + } + } else { + printf("%s cert chain absent\n", peer_name); + } +} + +#endif // TESTS_COMMON_H diff --git a/rustls-libssl/tests/server.c b/rustls-libssl/tests/server.c index cc86dc2..3fbf152 100644 --- a/rustls-libssl/tests/server.c +++ b/rustls-libssl/tests/server.c @@ -14,38 +14,10 @@ #include #include -#include #include #include -static int trace(int rc, const char *str) { - printf("%s: %d\n", str, rc); - return rc; -} - -#define TRACE(fn) trace((fn), #fn) - -static void hexdump(const char *label, const void *buf, int n) { - const uint8_t *ubuf = (const uint8_t *)buf; - printf("%s (%d bytes): ", label, n); - for (int i = 0; i < n; i++) { - printf("%02x", ubuf[i]); - } - printf("\n"); -} - -static void dump_openssl_error_stack(void) { - if (ERR_peek_error() != 0) { - printf("openssl error: %08lx\n", ERR_peek_error()); - ERR_print_errors_fp(stderr); - } -} - -static void state(const SSL *s) { - OSSL_HANDSHAKE_STATE st = SSL_get_state(s); - printf("state: %d (before:%d, init:%d, fin:%d)\n", st, SSL_in_before(s), - SSL_in_init(s), SSL_is_init_finished(s)); -} +#include "helpers.h" int main(int argc, char **argv) { if (argc != 5) { @@ -121,29 +93,7 @@ int main(int argc, char **argv) { printf("verify-result: %ld\n", SSL_get_verify_result(ssl)); printf("cipher: %s\n", SSL_CIPHER_standard_name(SSL_get_current_cipher(ssl))); - // check the peer certificate and chain - X509 *cert = SSL_get1_peer_certificate(ssl); - if (cert) { - char *name = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0); - printf("client subject: %s\n", name); - free(name); - } else { - printf("client cert absent\n"); - } - X509_free(cert); - - STACK_OF(X509) *chain = SSL_get_peer_cert_chain(ssl); - if (chain) { - printf("%d certs in client chain\n", sk_X509_num(chain)); - for (int i = 0; i < sk_X509_num(chain); i++) { - X509 *cert = sk_X509_value(chain, i); - char *name = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0); - printf(" %d: %s\n", i, name); - free(name); - } - } else { - printf("client cert chain absent\n"); - } + show_peer_certificate("client", ssl); // read "request" while (1) {