1berry/qtbase
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

tst_QSslSocket::serverCipherPreferencies - fix for OpenSSL v3

Browse Source 
Test was not really good to start with - it was assuming the presence of
particular ciphersuites. Furthermore, it was ignoring the fact that
TLS 1.2 and TLS 1.3 set ciphersuites differently in OpenSSL.

Task-number: QTBUG-106018
Task-number: QTBUG-95123
Change-Id: I6c8ba20154cdeb9275878462ab945729d6c82ecc
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
(cherry picked from commit 17e8f322ebca42275d23b7a54b9f4161fc851c2b)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
This commit is contained in:
Timur Pocheptsov 2022-09-02 11:20:07 +02:00 committed by Qt Cherry-pick Bot
parent f47de579f6
commit 1a65c64b59
2 changed files with 33 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
tests/auto/network/ssl/qsslsocket/CMakeLists.txt
View File

@ -17,6 +17,7 @@ qt_internal_add_test(tst_qsslsocket
PUBLIC_LIBRARIES PUBLIC_LIBRARIES
Qt::CorePrivate Qt::CorePrivate
Qt::NetworkPrivate Qt::NetworkPrivate
Qt::TestPrivate
TESTDATA ${test_data} TESTDATA ${test_data}
QT_TEST_SERVER_LIST "squid" "danted" "cyrus" "apache2" "echo" # special case QT_TEST_SERVER_LIST "squid" "danted" "cyrus" "apache2" "echo" # special case
) )

43
tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
View File

@ -19,6 +19,8 @@
#include <QtNetwork/qtcpserver.h> #include <QtNetwork/qtcpserver.h>
#include <QtNetwork/qsslpresharedkeyauthenticator.h> #include <QtNetwork/qsslpresharedkeyauthenticator.h>
#include <QtTest/private/qemulationdetector_p.h>
#include <QTest> #include <QTest>
#include <QNetworkProxy> #include <QNetworkProxy>
#include <QAuthenticator> #include <QAuthenticator>
@ -1656,11 +1658,28 @@ void tst_QSslSocket::serverCipherPreferences()
if (setProxy) if (setProxy)
return; return;
// First using the default (server preference) QSslCipher testedCiphers[2];
{ {
// First using the default (server preference)
const auto supportedCiphers = QSslConfiguration::supportedCiphers();
int nSet = 0;
for (const auto &cipher : supportedCiphers) {
// Ciphersuites from TLS 1.2 and 1.3 are set separately,
// let's select 1.3 or above explicitly.
if (cipher.protocol() < QSsl::TlsV1_3)
continue;
testedCiphers[nSet++] = cipher;
if (nSet == 2)
break;
}
if (nSet != 2)
QSKIP("Failed to find two proper ciphersuites to test, bailing out.");
SslServer server; SslServer server;
server.protocol = Test::TlsV1_0; server.protocol = QSsl::TlsV1_2OrLater;
server.ciphers = {QSslCipher("AES128-SHA"), QSslCipher("AES256-SHA")}; server.ciphers = {testedCiphers[0], testedCiphers[1]};
QVERIFY(server.listen()); QVERIFY(server.listen());
QEventLoop loop; QEventLoop loop;
@ -1670,8 +1689,8 @@ void tst_QSslSocket::serverCipherPreferences()
socket = &client; socket = &client;
auto sslConfig = socket->sslConfiguration(); auto sslConfig = socket->sslConfiguration();
sslConfig.setProtocol(Test::TlsV1_0OrLater); sslConfig.setProtocol(QSsl::TlsV1_2OrLater);
sslConfig.setCiphers({QSslCipher("AES256-SHA"), QSslCipher("AES128-SHA")}); sslConfig.setCiphers({testedCiphers[1], testedCiphers[0]});
socket->setSslConfiguration(sslConfig); socket->setSslConfiguration(sslConfig);
// upon SSL wrong version error, errorOccurred will be triggered, not sslErrors // upon SSL wrong version error, errorOccurred will be triggered, not sslErrors
@ -1684,17 +1703,19 @@ void tst_QSslSocket::serverCipherPreferences()
loop.exec(); loop.exec();
QVERIFY(client.isEncrypted()); QVERIFY(client.isEncrypted());
QCOMPARE(client.sessionCipher().name(), QString("AES128-SHA")); QCOMPARE(client.sessionCipher().name(), testedCiphers[0].name());
} }
{ {
if (QTestPrivate::isRunningArmOnX86())
QSKIP("This test is known to crash on QEMU emulation for no good reason.");
// Now using the client preferences // Now using the client preferences
SslServer server; SslServer server;
QSslConfiguration config = QSslConfiguration::defaultConfiguration(); QSslConfiguration config = QSslConfiguration::defaultConfiguration();
config.setSslOption(QSsl::SslOptionDisableServerCipherPreference, true); config.setSslOption(QSsl::SslOptionDisableServerCipherPreference, true);
server.config = config; server.config = config;
server.protocol = Test::TlsV1_0OrLater; server.protocol = QSsl::TlsV1_2OrLater;
server.ciphers = {QSslCipher("AES128-SHA"), QSslCipher("AES256-SHA")}; server.ciphers = {testedCiphers[0], testedCiphers[1]};
QVERIFY(server.listen()); QVERIFY(server.listen());
QEventLoop loop; QEventLoop loop;
@ -1704,8 +1725,8 @@ void tst_QSslSocket::serverCipherPreferences()
socket = &client; socket = &client;
auto sslConfig = socket->sslConfiguration(); auto sslConfig = socket->sslConfiguration();
sslConfig.setProtocol(Test::TlsV1_0); sslConfig.setProtocol(QSsl::TlsV1_2OrLater);
sslConfig.setCiphers({QSslCipher("AES256-SHA"), QSslCipher("AES128-SHA")}); sslConfig.setCiphers({testedCiphers[1], testedCiphers[0]});
socket->setSslConfiguration(sslConfig); socket->setSslConfiguration(sslConfig);
// upon SSL wrong version error, errorOccurred will be triggered, not sslErrors // upon SSL wrong version error, errorOccurred will be triggered, not sslErrors
@ -1718,7 +1739,7 @@ void tst_QSslSocket::serverCipherPreferences()
loop.exec(); loop.exec();
QVERIFY(client.isEncrypted()); QVERIFY(client.isEncrypted());
QCOMPARE(client.sessionCipher().name(), QString("AES256-SHA")); QCOMPARE(client.sessionCipher().name(), testedCiphers[1].name());
} }
} }