def setup_client(self): cmd_line = OpenSSLBase.setup_client(self) early_data_file = self.options.early_data_file if early_data_file and os.path.exists(early_data_file): cmd_line.extend(['-early_data', early_data_file]) ticket_file = self.options.ticket_file if ticket_file: if os.path.exists(ticket_file): cmd_line.extend(['-sess_in', ticket_file]) else: cmd_line.extend(['-sess_out', self.options.ticket_file]) return cmd_line
def test_client_auth_with_s2n_client_with_cert(managed_process, cipher, curve, protocol, provider, certificate): port = next(available_ports) random_bytes = data_bytes(64) client_options = ProviderOptions( mode=Provider.ClientMode, host="localhost", port=port, cipher=cipher, curve=curve, data_to_send=random_bytes, use_client_auth=True, client_key_file=certificate.key, client_certificate_file=certificate.cert, client_trust_store=Certificates.RSA_2048_SHA256_WILDCARD.cert, insecure=False, protocol=protocol) server_options = copy.copy(client_options) server_options.data_to_send = None server_options.mode = Provider.ServerMode server_options.key = Certificates.RSA_2048_SHA256_WILDCARD.key server_options.cert = Certificates.RSA_2048_SHA256_WILDCARD.cert # Passing the type of client and server as a parameter will # allow us to use a fixture to enumerate all possibilities. server = managed_process(provider, server_options, timeout=5) client = managed_process(S2N, client_options, timeout=5) # The client should connect and return without error for results in client.get_results(): assert results.exception is None assert results.exit_code == 0 # Openssl should indicate the procotol version in a successful connection. for results in server.get_results(): assert results.exception is None assert results.exit_code == 0 assert random_bytes in results.stdout if protocol is Protocols.TLS13: message = bytes("SSL_accept:SSLv3/TLS read client certificate\nSSL_accept:SSLv3/TLS read certificate verify\nSSL_accept:SSLv3/TLS read finished".encode('utf-8')) else: message = bytes('SSL_accept:SSLv3/TLS read client certificate\nSSL_accept:SSLv3/TLS read client key exchange\nSSL_accept:SSLv3/TLS read certificate verify\nSSL_accept:SSLv3/TLS read change cipher spec\nSSL_accept:SSLv3/TLS read finished'.encode('utf-8')) if 'openssl-1.0.2' in OpenSSL.get_version(): message = bytes('SSL_accept:SSLv3 read client certificate A\nSSL_accept:SSLv3 read client key exchange A\nSSL_accept:SSLv3 read certificate verify A\nSSL_accept:SSLv3 read finished A'.encode('utf-8')) assert message in results.stderr
def setup_server(self): cmd_line = OpenSSLBase.setup_server(self) if self.options.max_early_data > 0: cmd_line.extend(['-early_data']) return cmd_line
def __init__(self, options: ProviderOptions): OpenSSLBase.__init__(self, options)