tst_QSslSocket::serverCipherPreferencies - fix for OpenSSL v3

Test was not really good to start with - it was assuming the presence of particular ciphersuites. Furthermore, it was ignoring the fact that TLS 1.2 and TLS 1.3 set ciphersuites differently in OpenSSL. Task-number: QTBUG-106018 Task-number: QTBUG-95123 Change-Id: I6c8ba20154cdeb9275878462ab945729d6c82ecc Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org> Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io> (cherry picked from commit 17e8f322ebca42275d23b7a54b9f4161fc851c2b) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
2022-09-02 11:20:07 +02:00 · 2022-09-02 11:20:07 +02:00 · 1a65c64b59
commit 1a65c64b59
parent f47de579f6
2 changed files with 33 additions and 11 deletions
--- a/tests/auto/network/ssl/qsslsocket/CMakeLists.txt
+++ b/tests/auto/network/ssl/qsslsocket/CMakeLists.txt
@ -17,6 +17,7 @@ qt_internal_add_test(tst_qsslsocket
    PUBLIC_LIBRARIES
        Qt::CorePrivate
        Qt::NetworkPrivate
+        Qt::TestPrivate
    TESTDATA ${test_data}
    QT_TEST_SERVER_LIST "squid" "danted" "cyrus" "apache2" "echo" # special case
 )
--- a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
+++ b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
@ -19,6 +19,8 @@
 #include <QtNetwork/qtcpserver.h>
 #include <QtNetwork/qsslpresharedkeyauthenticator.h>

+#include <QtTest/private/qemulationdetector_p.h>
+
 #include <QTest>
 #include <QNetworkProxy>
 #include <QAuthenticator>
@ -1656,11 +1658,28 @@ void tst_QSslSocket::serverCipherPreferences()
    if (setProxy)
        return;

-    // First using the default (server preference)
+    QSslCipher testedCiphers[2];
    {
+        // First using the default (server preference)
+        const auto supportedCiphers = QSslConfiguration::supportedCiphers();
+        int nSet = 0;
+        for (const auto &cipher : supportedCiphers) {
+            // Ciphersuites from TLS 1.2 and 1.3 are set separately,
+            // let's select 1.3 or above explicitly.
+            if (cipher.protocol() < QSsl::TlsV1_3)
+                continue;
+
+            testedCiphers[nSet++] = cipher;
+            if (nSet == 2)
+                break;
+        }
+
+        if (nSet != 2)
+            QSKIP("Failed to find two proper ciphersuites to test, bailing out.");
+
        SslServer server;
-        server.protocol = Test::TlsV1_0;
-        server.ciphers = {QSslCipher("AES128-SHA"), QSslCipher("AES256-SHA")};
+        server.protocol = QSsl::TlsV1_2OrLater;
+        server.ciphers = {testedCiphers[0], testedCiphers[1]};
        QVERIFY(server.listen());

        QEventLoop loop;
@ -1670,8 +1689,8 @@ void tst_QSslSocket::serverCipherPreferences()
        socket = &client;

        auto sslConfig = socket->sslConfiguration();
-        sslConfig.setProtocol(Test::TlsV1_0OrLater);
-        sslConfig.setCiphers({QSslCipher("AES256-SHA"), QSslCipher("AES128-SHA")});
+        sslConfig.setProtocol(QSsl::TlsV1_2OrLater);
+        sslConfig.setCiphers({testedCiphers[1], testedCiphers[0]});
        socket->setSslConfiguration(sslConfig);

        // upon SSL wrong version error, errorOccurred will be triggered, not sslErrors
@ -1684,17 +1703,19 @@ void tst_QSslSocket::serverCipherPreferences()
        loop.exec();

        QVERIFY(client.isEncrypted());
-        QCOMPARE(client.sessionCipher().name(), QString("AES128-SHA"));
+        QCOMPARE(client.sessionCipher().name(), testedCiphers[0].name());
    }

    {
+        if (QTestPrivate::isRunningArmOnX86())
+            QSKIP("This test is known to crash on QEMU emulation for no good reason.");
        // Now using the client preferences
        SslServer server;
        QSslConfiguration config = QSslConfiguration::defaultConfiguration();
        config.setSslOption(QSsl::SslOptionDisableServerCipherPreference, true);
        server.config = config;
-        server.protocol = Test::TlsV1_0OrLater;
-        server.ciphers = {QSslCipher("AES128-SHA"), QSslCipher("AES256-SHA")};
+        server.protocol = QSsl::TlsV1_2OrLater;
+        server.ciphers = {testedCiphers[0], testedCiphers[1]};
        QVERIFY(server.listen());

        QEventLoop loop;
@ -1704,8 +1725,8 @@ void tst_QSslSocket::serverCipherPreferences()
        socket = &client;

        auto sslConfig = socket->sslConfiguration();
-        sslConfig.setProtocol(Test::TlsV1_0);
-        sslConfig.setCiphers({QSslCipher("AES256-SHA"), QSslCipher("AES128-SHA")});
+        sslConfig.setProtocol(QSsl::TlsV1_2OrLater);
+        sslConfig.setCiphers({testedCiphers[1], testedCiphers[0]});
        socket->setSslConfiguration(sslConfig);

        // upon SSL wrong version error, errorOccurred will be triggered, not sslErrors
@ -1718,7 +1739,7 @@ void tst_QSslSocket::serverCipherPreferences()
        loop.exec();

        QVERIFY(client.isEncrypted());
-        QCOMPARE(client.sessionCipher().name(), QString("AES256-SHA"));
+        QCOMPARE(client.sessionCipher().name(), testedCiphers[1].name());
    }
 }