/* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ #include #include "./pn_test.hpp" TEST_CASE("ssl_protocols") { if (!pn_ssl_present()) { WARN("SSL not available, skipping"); return; } pn_test::auto_free sd( pn_ssl_domain(PN_SSL_MODE_CLIENT)); // Error no protocol set CHECK(pn_ssl_domain_set_protocols(sd, "") == PN_ARG_ERR); // Unknown protocol CHECK(pn_ssl_domain_set_protocols(sd, "blah") == PN_ARG_ERR); // Unknown protocol with known protocl prefix CHECK(pn_ssl_domain_set_protocols(sd, "TLSv1.x") == PN_ARG_ERR); // known protocols CHECK(pn_ssl_domain_set_protocols(sd, "TLSv1") == 0); CHECK(pn_ssl_domain_set_protocols(sd, "TLSv1.1") == 0); CHECK(pn_ssl_domain_set_protocols(sd, "TLSv1.2") == 0); // Check whether TLS 1.3 is supported bool tls1_3 = (pn_ssl_domain_set_protocols(sd, "TLSv1.3") == 0); // Multiple protocols CHECK(pn_ssl_domain_set_protocols(sd, "TLSv1 TLSv1.1 TLSv1.2") == 0); CHECK(pn_ssl_domain_set_protocols(sd, "TLSv1 TLSv1.1") == 0); CHECK(pn_ssl_domain_set_protocols(sd, "TLSv1.1 TLSv1.2") == 0); CHECK(pn_ssl_domain_set_protocols(sd, "TLSv1 TLSv1.2") == 0); // Can only do these if we have tls 1.3 if (tls1_3) { CHECK(pn_ssl_domain_set_protocols(sd, "TLSv1 TLSv1.1 TLSv1.2 TLSv1.3") == 0); CHECK(pn_ssl_domain_set_protocols(sd, "TLSv1.2 TLSv1.3") == 0); } else { CHECK(pn_ssl_domain_set_protocols(sd, "TLSv1 TLSv1.1 TLSv1.2 TLSv1.3") == PN_ARG_ERR); CHECK(pn_ssl_domain_set_protocols(sd, "TLSv1.2 TLSv1.3") == PN_ARG_ERR); } // Illegal separators CHECK(pn_ssl_domain_set_protocols(sd, "TLSv1/TLSv1.1 TLSv1.2") == PN_ARG_ERR); CHECK(pn_ssl_domain_set_protocols(sd, "TLSv1-TLSv1.1 TLSv1.2") == PN_ARG_ERR); // Legal separators CHECK(pn_ssl_domain_set_protocols(sd, "TLSv1,TLSv1.1;TLSv1.2 ; ") == 0); CHECK(pn_ssl_domain_set_protocols(sd, "TLSv1;TLSv1.1 TLSv1.2,,,,") == 0); // Known followed by unknown protocols CHECK(pn_ssl_domain_set_protocols(sd, "TLSv1 TLSv1.x;TLSv1_2") == PN_ARG_ERR); }