From 04f493deab394c70d57472f7971a10e4a6a4e85b Mon Sep 17 00:00:00 2001 From: Tor Brede Vekterli Date: Tue, 13 Nov 2018 12:48:56 +0000 Subject: Add support for default cipher suite and `accepted-ciphers` config in C++ Since the TLS config file uses IANA cipher names but OpenSSL uses its own cipher spec format internally, we explicitly remap the provided names. We only support a modern subset of ciphers. The default cipher suite contains ciphers that work across both TLSv1.2 and TLSv1.3. --- .../transport_options_reading_test.cpp | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'vespalib/src/tests/net/tls/transport_options/transport_options_reading_test.cpp') diff --git a/vespalib/src/tests/net/tls/transport_options/transport_options_reading_test.cpp b/vespalib/src/tests/net/tls/transport_options/transport_options_reading_test.cpp index c1e2c0b5f49..a54e2f29aa1 100644 --- a/vespalib/src/tests/net/tls/transport_options/transport_options_reading_test.cpp +++ b/vespalib/src/tests/net/tls/transport_options/transport_options_reading_test.cpp @@ -137,6 +137,24 @@ TEST("empty required-credentials array throws exception") { "\"required-credentials\" array can't be empty (would allow all peers)"); } +TEST("accepted cipher list is empty if not specified") { + const char* json = R"({"files":{"private-key":"dummy_privkey.txt", + "certificates":"dummy_certs.txt", + "ca-certificates":"dummy_ca_certs.txt"}})"; + EXPECT_TRUE(read_options_from_json_string(json)->accepted_ciphers().empty()); +} + +TEST("accepted cipher list is populated if specified") { + const char* json = R"({"files":{"private-key":"dummy_privkey.txt", + "certificates":"dummy_certs.txt", + "ca-certificates":"dummy_ca_certs.txt"}, + "accepted-ciphers":["foo", "bar"]})"; + auto ciphers = read_options_from_json_string(json)->accepted_ciphers(); + ASSERT_EQUAL(2u, ciphers.size()); + EXPECT_EQUAL("foo", ciphers[0]); + EXPECT_EQUAL("bar", ciphers[1]); +} + // TODO test parsing of multiple policies TEST_MAIN() { TEST_RUN_ALL(); } -- cgit v1.2.3