def setup_client(self):
cmd_line = OpenSSLBase.setup_client(self)
early_data_file = self.options.early_data_file
if early_data_file and os.path.exists(early_data_file):
cmd_line.extend(['-early_data', early_data_file])
ticket_file = self.options.ticket_file
if ticket_file:
if os.path.exists(ticket_file):
cmd_line.extend(['-sess_in', ticket_file])
else:
cmd_line.extend(['-sess_out', self.options.ticket_file])
return cmd_line
def test_client_auth_with_s2n_client_with_cert(managed_process, cipher, curve, protocol, provider, certificate):
port = next(available_ports)
random_bytes = data_bytes(64)
client_options = ProviderOptions(
mode=Provider.ClientMode,
host="localhost",
port=port,
cipher=cipher,
curve=curve,
data_to_send=random_bytes,
use_client_auth=True,
client_key_file=certificate.key,
client_certificate_file=certificate.cert,
client_trust_store=Certificates.RSA_2048_SHA256_WILDCARD.cert,
insecure=False,
protocol=protocol)
server_options = copy.copy(client_options)
server_options.data_to_send = None
server_options.mode = Provider.ServerMode
server_options.key = Certificates.RSA_2048_SHA256_WILDCARD.key
server_options.cert = Certificates.RSA_2048_SHA256_WILDCARD.cert
# Passing the type of client and server as a parameter will
# allow us to use a fixture to enumerate all possibilities.
server = managed_process(provider, server_options, timeout=5)
client = managed_process(S2N, client_options, timeout=5)
# The client should connect and return without error
for results in client.get_results():
assert results.exception is None
assert results.exit_code == 0
# Openssl should indicate the procotol version in a successful connection.
for results in server.get_results():
assert results.exception is None
assert results.exit_code == 0
assert random_bytes in results.stdout
if protocol is Protocols.TLS13:
message = bytes("SSL_accept:SSLv3/TLS read client certificate\nSSL_accept:SSLv3/TLS read certificate verify\nSSL_accept:SSLv3/TLS read finished".encode('utf-8'))
else:
message = bytes('SSL_accept:SSLv3/TLS read client certificate\nSSL_accept:SSLv3/TLS read client key exchange\nSSL_accept:SSLv3/TLS read certificate verify\nSSL_accept:SSLv3/TLS read change cipher spec\nSSL_accept:SSLv3/TLS read finished'.encode('utf-8'))
if 'openssl-1.0.2' in OpenSSL.get_version():
message = bytes('SSL_accept:SSLv3 read client certificate A\nSSL_accept:SSLv3 read client key exchange A\nSSL_accept:SSLv3 read certificate verify A\nSSL_accept:SSLv3 read finished A'.encode('utf-8'))
assert message in results.stderr
def setup_server(self):
cmd_line = OpenSSLBase.setup_server(self)
if self.options.max_early_data > 0:
cmd_line.extend(['-early_data'])
return cmd_line
def __init__(self, options: ProviderOptions):
OpenSSLBase.__init__(self, options)