diff options
author | Tor Brede Vekterli <vekterli@oath.com> | 2018-11-13 12:48:56 +0000 |
---|---|---|
committer | Tor Brede Vekterli <vekterli@oath.com> | 2019-01-24 12:29:20 +0000 |
commit | 04f493deab394c70d57472f7971a10e4a6a4e85b (patch) | |
tree | c9a1d6f37c15c865f45438c8e10834e20466c6bb /vespalib/src/tests/net/tls/transport_options/transport_options_reading_test.cpp | |
parent | 2a9c88419abf98fb0cb67f13aa5da1c44cf5d99a (diff) |
Add support for default cipher suite and `accepted-ciphers` config in C++
Since the TLS config file uses IANA cipher names but OpenSSL uses
its own cipher spec format internally, we explicitly remap the
provided names. We only support a modern subset of ciphers.
The default cipher suite contains ciphers that work across both
TLSv1.2 and TLSv1.3.
Diffstat (limited to 'vespalib/src/tests/net/tls/transport_options/transport_options_reading_test.cpp')
-rw-r--r-- | vespalib/src/tests/net/tls/transport_options/transport_options_reading_test.cpp | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/vespalib/src/tests/net/tls/transport_options/transport_options_reading_test.cpp b/vespalib/src/tests/net/tls/transport_options/transport_options_reading_test.cpp index c1e2c0b5f49..a54e2f29aa1 100644 --- a/vespalib/src/tests/net/tls/transport_options/transport_options_reading_test.cpp +++ b/vespalib/src/tests/net/tls/transport_options/transport_options_reading_test.cpp @@ -137,6 +137,24 @@ TEST("empty required-credentials array throws exception") { "\"required-credentials\" array can't be empty (would allow all peers)"); } +TEST("accepted cipher list is empty if not specified") { + const char* json = R"({"files":{"private-key":"dummy_privkey.txt", + "certificates":"dummy_certs.txt", + "ca-certificates":"dummy_ca_certs.txt"}})"; + EXPECT_TRUE(read_options_from_json_string(json)->accepted_ciphers().empty()); +} + +TEST("accepted cipher list is populated if specified") { + const char* json = R"({"files":{"private-key":"dummy_privkey.txt", + "certificates":"dummy_certs.txt", + "ca-certificates":"dummy_ca_certs.txt"}, + "accepted-ciphers":["foo", "bar"]})"; + auto ciphers = read_options_from_json_string(json)->accepted_ciphers(); + ASSERT_EQUAL(2u, ciphers.size()); + EXPECT_EQUAL("foo", ciphers[0]); + EXPECT_EQUAL("bar", ciphers[1]); +} + // TODO test parsing of multiple policies TEST_MAIN() { TEST_RUN_ALL(); } |