Skip to content

Commit

Permalink
Adding a unit test to check the SNI is present
Browse files Browse the repository at this point in the history
  • Loading branch information
thierryba committed Aug 12, 2024
1 parent 8ee4618 commit d977e65
Show file tree
Hide file tree
Showing 2 changed files with 79 additions and 0 deletions.
1 change: 1 addition & 0 deletions test/list_test.txt
Original file line number Diff line number Diff line change
Expand Up @@ -247,6 +247,7 @@ _test(SSLCertAndKeyFromMemory)
_test(SSLCiphers)
_test(SSLConnectVerboseOption)
_test(SSLHandshakeFirst)
_test(SSLServerNameIndication)
_test(SSLLoadCAFromMemory)
_test(SSLMultithreads)
_test(SSLReconnectWithAuthError)
Expand Down
78 changes: 78 additions & 0 deletions test/test.c
Original file line number Diff line number Diff line change
Expand Up @@ -21347,6 +21347,84 @@ void test_SSLHandshakeFirst(void)
#endif
}

void test_SSLServerNameIndication(void)
{
#if defined(NATS_HAS_TLS)
static const int BUFFER_SIZE = 1024; // should be enough to read a Client HELLO
natsStatus s = NATS_OK;
natsSock sock = NATS_SOCK_INVALID;
natsThread *t = NULL;
struct threadArg arg;
natsSockCtx ctx;
static const char *server = "tls://localhost:4222";

memset(&ctx, 0, sizeof(natsSockCtx));

s = _createDefaultThreadArgsForCbTests(&arg);
IFOK(s, natsOptions_Create(&(arg.opts)));
IFOK(s, natsOptions_SetSecure(arg.opts, true));
IFOK(s, natsOptions_TLSHandshakeFirst(arg.opts));
IFOK(s, natsOptions_SetServers(arg.opts, &server, 1));
if (s != NATS_OK)
FAIL("@@ Unable to setup test!");

test("Check that when initiating a TLS connection the SNI extension is set: ")

arg.control = 3;

_startMockupServer(&sock, "localhost", "4222");

// Start the thread that will try to connect to our server...
IFOK(s, natsThread_Create(&t, _connectToMockupServer, (void*) &arg));

if ((s == NATS_OK)
&& (((ctx.fd = accept(sock, NULL, NULL)) == NATS_SOCK_INVALID)
|| natsSock_SetCommonTcpOptions(ctx.fd) != NATS_OK))
{
s = NATS_SYS_ERROR;
}

testCond(s == NATS_OK);
testCond(ctx.fd > 0);

char buffer[BUFFER_SIZE] = {0};
int size = recv(ctx.fd, buffer, BUFFER_SIZE, 0);
if (size <= 0)
FAIL("Cound not read from the client socket");


// remove all null chars to allow the use of strstr on the result
for (int i = 0; i < size; ++i) {
if (buffer[i] == 0)
buffer[i] = '0';
}

bool found = strstr(buffer, "localhost");
#if defined(NATS_USE_OPENSSL_1_1)
testCond(found == true);
#else
testCond(found == false);
#endif

// Need to close those for the client side to unblock.
natsSock_Close(ctx.fd);
natsSock_Close(sock);

// Wait for the client to finish.
if (t != NULL)
{
natsThread_Join(t);
natsThread_Destroy(t);
}

_destroyDefaultThreadArgs(&arg);

#else
test("Skipped when built with no SSL support: ");
testCond(true);
#endif
}

#if defined(NATS_HAS_TLS)
static natsStatus
_elDummyAttach(void **userData, void *loop, natsConnection *nc, natsSock socket) { return NATS_OK; }
Expand Down

0 comments on commit d977e65

Please sign in to comment.