diff options
author | Timur Pocheptsov <timur.pocheptsov@qt.io> | 2022-09-02 11:20:07 +0200 |
---|---|---|
committer | Timur Pocheptsov <timur.pocheptsov@qt.io> | 2022-09-08 17:07:49 +0200 |
commit | 17e8f322ebca42275d23b7a54b9f4161fc851c2b (patch) | |
tree | 5d36ec1c4d53bfec4c642729ec426c481c32b8a7 /tests/auto/network/ssl | |
parent | 817f307a18d28143a1e8234f3846d019589c9d7a (diff) |
tst_QSslSocket::serverCipherPreferencies - fix for OpenSSL v3
Test was not really good to start with - it was assuming the presence of
particular ciphersuites. Furthermore, it was ignoring the fact that
TLS 1.2 and TLS 1.3 set ciphersuites differently in OpenSSL.
Pick-to: 6.4 6.3 6.2 5.15
Task-number: QTBUG-106018
Task-number: QTBUG-95123
Change-Id: I6c8ba20154cdeb9275878462ab945729d6c82ecc
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: MÃ¥rten Nordheim <marten.nordheim@qt.io>
Diffstat (limited to 'tests/auto/network/ssl')
-rw-r--r-- | tests/auto/network/ssl/qsslsocket/CMakeLists.txt | 1 | ||||
-rw-r--r-- | tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp | 43 |
2 files changed, 33 insertions, 11 deletions
diff --git a/tests/auto/network/ssl/qsslsocket/CMakeLists.txt b/tests/auto/network/ssl/qsslsocket/CMakeLists.txt index 4acb0deae8..8a7a069edd 100644 --- a/tests/auto/network/ssl/qsslsocket/CMakeLists.txt +++ b/tests/auto/network/ssl/qsslsocket/CMakeLists.txt @@ -20,6 +20,7 @@ qt_internal_add_test(tst_qsslsocket LIBRARIES Qt::CorePrivate Qt::NetworkPrivate + Qt::TestPrivate TESTDATA ${test_data} QT_TEST_SERVER_LIST "squid" "danted" "cyrus" "apache2" "echo" # special case ) diff --git a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp index fea4f301d0..3b0f315060 100644 --- a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp +++ b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp @@ -19,6 +19,8 @@ #include <QtNetwork/qtcpserver.h> #include <QtNetwork/qsslpresharedkeyauthenticator.h> +#include <QtTest/private/qemulationdetector_p.h> + #include <QTest> #include <QNetworkProxy> #include <QAuthenticator> @@ -1652,11 +1654,28 @@ void tst_QSslSocket::serverCipherPreferences() if (setProxy) return; - // First using the default (server preference) + QSslCipher testedCiphers[2]; { + // First using the default (server preference) + const auto supportedCiphers = QSslConfiguration::supportedCiphers(); + int nSet = 0; + for (const auto &cipher : supportedCiphers) { + // Ciphersuites from TLS 1.2 and 1.3 are set separately, + // let's select 1.3 or above explicitly. + if (cipher.protocol() < QSsl::TlsV1_3) + continue; + + testedCiphers[nSet++] = cipher; + if (nSet == 2) + break; + } + + if (nSet != 2) + QSKIP("Failed to find two proper ciphersuites to test, bailing out."); + SslServer server; - server.protocol = Test::TlsV1_0; - server.ciphers = {QSslCipher("AES128-SHA"), QSslCipher("AES256-SHA")}; + server.protocol = QSsl::TlsV1_2OrLater; + server.ciphers = {testedCiphers[0], testedCiphers[1]}; QVERIFY(server.listen()); QEventLoop loop; @@ -1666,8 +1685,8 @@ void tst_QSslSocket::serverCipherPreferences() socket = &client; auto sslConfig = socket->sslConfiguration(); - sslConfig.setProtocol(Test::TlsV1_0OrLater); - sslConfig.setCiphers({QSslCipher("AES256-SHA"), QSslCipher("AES128-SHA")}); + sslConfig.setProtocol(QSsl::TlsV1_2OrLater); + sslConfig.setCiphers({testedCiphers[1], testedCiphers[0]}); socket->setSslConfiguration(sslConfig); // upon SSL wrong version error, errorOccurred will be triggered, not sslErrors @@ -1680,17 +1699,19 @@ void tst_QSslSocket::serverCipherPreferences() loop.exec(); QVERIFY(client.isEncrypted()); - QCOMPARE(client.sessionCipher().name(), QString("AES128-SHA")); + QCOMPARE(client.sessionCipher().name(), testedCiphers[0].name()); } { + if (QTestPrivate::isRunningArmOnX86()) + QSKIP("This test is known to crash on QEMU emulation for no good reason."); // Now using the client preferences SslServer server; QSslConfiguration config = QSslConfiguration::defaultConfiguration(); config.setSslOption(QSsl::SslOptionDisableServerCipherPreference, true); server.config = config; - server.protocol = Test::TlsV1_0OrLater; - server.ciphers = {QSslCipher("AES128-SHA"), QSslCipher("AES256-SHA")}; + server.protocol = QSsl::TlsV1_2OrLater; + server.ciphers = {testedCiphers[0], testedCiphers[1]}; QVERIFY(server.listen()); QEventLoop loop; @@ -1700,8 +1721,8 @@ void tst_QSslSocket::serverCipherPreferences() socket = &client; auto sslConfig = socket->sslConfiguration(); - sslConfig.setProtocol(Test::TlsV1_0); - sslConfig.setCiphers({QSslCipher("AES256-SHA"), QSslCipher("AES128-SHA")}); + sslConfig.setProtocol(QSsl::TlsV1_2OrLater); + sslConfig.setCiphers({testedCiphers[1], testedCiphers[0]}); socket->setSslConfiguration(sslConfig); // upon SSL wrong version error, errorOccurred will be triggered, not sslErrors @@ -1714,7 +1735,7 @@ void tst_QSslSocket::serverCipherPreferences() loop.exec(); QVERIFY(client.isEncrypted()); - QCOMPARE(client.sessionCipher().name(), QString("AES256-SHA")); + QCOMPARE(client.sessionCipher().name(), testedCiphers[1].name()); } } |