tst_QSslSocket::serverCipherPreferencies - fix for OpenSSL v3

Test was not really good to start with - it was assuming the presence of particular ciphersuites. Furthermore, it was ignoring the fact that TLS 1.2 and TLS 1.3 set ciphersuites differently in OpenSSL. Task-number: QTBUG-106018 Task-number: QTBUG-95123 Change-Id: I6c8ba20154cdeb9275878462ab945729d6c82ecc Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org> Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io> (cherry picked from commit 17e8f322ebca42275d23b7a54b9f4161fc851c2b)
author: Timur Pocheptsov <timur.pocheptsov@qt.io> 2022-09-02 11:20:07 +0200
committer: Timur Pocheptsov <timur.pocheptsov@qt.io> 2022-09-13 12:58:23 +0200
commit: 3dbe047ec3974c580d0d2a28b52d940c6c5964de (patch)
tree: cc2f3f35143cec2b0f7f35df1cf9209084f6f645 /tests
parent: 351b89417178aa6fdda0634adc88593c89c20897 (diff)
2 files changed, 33 insertions, 7 deletions
diff --git a/tests/auto/network/ssl/qsslsocket/qsslsocket.pro b/tests/auto/network/ssl/qsslsocket/qsslsocket.pro
index 51fcff9a8d..0ee4d1b3e4 100644
--- a/tests/auto/network/ssl/qsslsocket/qsslsocket.pro
+++ b/tests/auto/network/ssl/qsslsocket/qsslsocket.pro
@@ -3,6 +3,8 @@ CONFIG += testcase
 SOURCES += tst_qsslsocket.cpp
 QT = core core-private network-private testlib
 
+INCLUDEPATH += ../../../../shared/
+
 TARGET = tst_qsslsocket
 
 win32 {
diff --git a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
index 9daf4f6bc6..010cc5d45c 100644
--- a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
+++ b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
@@ -50,6 +50,7 @@
 #include "private/qiodevice_p.h" // for QIODEVICE_BUFFERSIZE
 
 #include "../../../network-settings.h"
+#include "emulationdetector.h"
 
 #ifndef QT_NO_SSL
 
@@ -1400,10 +1401,28 @@ void tst_QSslSocket::serverCipherPreferences()
     if (setProxy)
         return;
 
-    // First using the default (server preference)
+    QSslCipher testedCiphers[2];
     {
+        // First using the default (server preference)
+        const auto supportedCiphers = QSslConfiguration::supportedCiphers();
+        int nSet = 0;
+        for (const auto &cipher : supportedCiphers) {
+            // Ciphersuites from TLS 1.2 and 1.3 are set separately,
+            // let's select 1.3 or above explicitly.
+            if (cipher.protocol() < QSsl::TlsV1_3)
+                continue;
+
+            testedCiphers[nSet++] = cipher;
+            if (nSet == 2)
+                break;
+        }
+
+        if (nSet != 2)
+            QSKIP("Failed to find two proper ciphersuites to test, bailing out.");
+
         SslServer server;
-        server.ciphers = {QSslCipher("AES128-SHA"), QSslCipher("AES256-SHA")};
+        server.protocol = QSsl::TlsV1_2OrLater;
+        server.ciphers = {testedCiphers[0], testedCiphers[1]};
         QVERIFY(server.listen());
 
         QEventLoop loop;
@@ -1413,7 +1432,8 @@ void tst_QSslSocket::serverCipherPreferences()
         socket = &client;
 
         auto sslConfig = socket->sslConfiguration();
-        sslConfig.setCiphers({QSslCipher("AES256-SHA"), QSslCipher("AES128-SHA")});
+        sslConfig.setProtocol(QSsl::TlsV1_2OrLater);
+        sslConfig.setCiphers({testedCiphers[1], testedCiphers[0]});
         socket->setSslConfiguration(sslConfig);
 
         // upon SSL wrong version error, errorOccurred will be triggered, not sslErrors
@@ -1426,16 +1446,19 @@ void tst_QSslSocket::serverCipherPreferences()
         loop.exec();
 
         QVERIFY(client.isEncrypted());
-        QCOMPARE(client.sessionCipher().name(), QString("AES128-SHA"));
+        QCOMPARE(client.sessionCipher().name(), testedCiphers[0].name());
     }
 
     {
+        if (EmulationDetector::isRunningArmOnX86())
+            QSKIP("This test is known to crash on QEMU emulation for no good reason.");
         // Now using the client preferences
         SslServer server;
         QSslConfiguration config = QSslConfiguration::defaultConfiguration();
         config.setSslOption(QSsl::SslOptionDisableServerCipherPreference, true);
         server.config = config;
-        server.ciphers = {QSslCipher("AES128-SHA"), QSslCipher("AES256-SHA")};
+        server.protocol = QSsl::TlsV1_2OrLater;
+        server.ciphers = {testedCiphers[0], testedCiphers[1]};
         QVERIFY(server.listen());
 
         QEventLoop loop;
@@ -1445,7 +1468,8 @@ void tst_QSslSocket::serverCipherPreferences()
         socket = &client;
 
         auto sslConfig = socket->sslConfiguration();
-        sslConfig.setCiphers({QSslCipher("AES256-SHA"), QSslCipher("AES128-SHA")});
+        sslConfig.setProtocol(QSsl::TlsV1_2OrLater);
+        sslConfig.setCiphers({testedCiphers[1], testedCiphers[0]});
         socket->setSslConfiguration(sslConfig);
 
         // upon SSL wrong version error, errorOccurred will be triggered, not sslErrors
@@ -1458,7 +1482,7 @@ void tst_QSslSocket::serverCipherPreferences()
         loop.exec();
 
         QVERIFY(client.isEncrypted());
-        QCOMPARE(client.sessionCipher().name(), QString("AES256-SHA"));
+        QCOMPARE(client.sessionCipher().name(), testedCiphers[1].name());
     }
 }
author	Timur Pocheptsov <timur.pocheptsov@qt.io>	2022-09-02 11:20:07 +0200
committer	Timur Pocheptsov <timur.pocheptsov@qt.io>	2022-09-13 12:58:23 +0200
commit	3dbe047ec3974c580d0d2a28b52d940c6c5964de (patch)
tree	cc2f3f35143cec2b0f7f35df1cf9209084f6f645 /tests
parent	351b89417178aa6fdda0634adc88593c89c20897 (diff)