IoCertificate *IoCertificate_rawClone(IoCertificate *proto)
{
IoObject *self = IoObject_rawClonePrimitive(proto);
IoObject_setDataPointer_(self, CERTIFICATE(proto));
//need to do more work for the copy to be correct
return self;
}
void IoCertificate_free(IoCertificate *self)
{
if(SHOULDFREE(self))
{
X509_free(X509(self));
}
free(CERTIFICATE(self));
}
/* Test various SSL connections between proactors*/
static void test_ssl(test_t *t) {
if (!pn_ssl_present()) {
TEST_LOGF(t, "Skip SSL test, no support");
return;
}
test_proactor_t tps[] ={ test_proactor(t, ssl_client_handler), test_proactor(t, ssl_server_handler) };
test_proactor_t *client = &tps[0], *server = &tps[1];
pn_ssl_domain_t *cd = client->handler.ssl_domain = pn_ssl_domain(PN_SSL_MODE_CLIENT);
pn_ssl_domain_t *sd = server->handler.ssl_domain = pn_ssl_domain(PN_SSL_MODE_SERVER);
TEST_CHECK(t, 0 == SET_CREDENTIALS(sd, "tserver"));
pn_listener_t *l = test_listen(server, "");
/* Basic SSL connection */
pn_proactor_connect2(client->proactor, NULL, NULL, listener_info(l).connect);
/* Open ok at both ends */
TEST_ETYPE_EQUAL(t, PN_CONNECTION_REMOTE_OPEN, TEST_PROACTORS_RUN(tps));
TEST_COND_EMPTY(t, last_condition);
TEST_ETYPE_EQUAL(t, PN_CONNECTION_REMOTE_OPEN, TEST_PROACTORS_RUN(tps));
TEST_COND_EMPTY(t, last_condition);
TEST_PROACTORS_RUN_UNTIL(tps, PN_TRANSPORT_CLOSED);
TEST_PROACTORS_RUN_UNTIL(tps, PN_TRANSPORT_CLOSED);
/* Verify peer with good hostname */
TEST_INT_EQUAL(t, 0, pn_ssl_domain_set_trusted_ca_db(cd, CERTIFICATE("tserver")));
TEST_INT_EQUAL(t, 0, pn_ssl_domain_set_peer_authentication(cd, PN_SSL_VERIFY_PEER_NAME, NULL));
pn_connection_t *c = pn_connection();
pn_connection_set_hostname(c, "test_server");
pn_proactor_connect2(client->proactor, c, NULL, listener_info(l).connect);
TEST_ETYPE_EQUAL(t, PN_CONNECTION_REMOTE_OPEN, TEST_PROACTORS_RUN(tps));
TEST_COND_EMPTY(t, last_condition);
TEST_ETYPE_EQUAL(t, PN_CONNECTION_REMOTE_OPEN, TEST_PROACTORS_RUN(tps));
TEST_COND_EMPTY(t, last_condition);
TEST_PROACTORS_RUN_UNTIL(tps, PN_TRANSPORT_CLOSED);
TEST_PROACTORS_RUN_UNTIL(tps, PN_TRANSPORT_CLOSED);
/* Verify peer with bad hostname */
c = pn_connection();
pn_connection_set_hostname(c, "wrongname");
pn_proactor_connect2(client->proactor, c, NULL, listener_info(l).connect);
TEST_ETYPE_EQUAL(t, PN_TRANSPORT_CLOSED, TEST_PROACTORS_RUN(tps));
TEST_COND_NAME(t, "amqp:connection:framing-error", last_condition);
TEST_COND_DESC(t, "SSL", last_condition);
TEST_PROACTORS_DRAIN(tps);
pn_ssl_domain_free(cd);
pn_ssl_domain_free(sd);
TEST_PROACTORS_DESTROY(tps);
}
