rpms/perl-Net-SSLeay
7
0
Fork 0
Code Issues Pull Requests Releases Activity
169a34f3d5
perl-Net-SSLeay/Net-SSLeay-1.90-OpenSSL3.patch

3338 lines
166 KiB
Diff
Raw Blame History

diff --git a/Changes b/Changes
index db61b2a..72886b3 100644
--- a/Changes
+++ b/Changes
@@ -1,5 +1,56 @@
Revision history for Perl extension Net::SSLeay.
+????
+ - Correct X509_STORE_CTX_init() return value to integer. Previous
+ versions of Net::SSLeay return nothing.
+ - Update tests to call close() to avoid problems seen with
+ test 44_sess.t, and possibly other tests, running on older
+ Windows Perl versions. Also add some missing calls in tests
+ to shutdown and free ssl structures.
+ - Fix multiple formatting errors in the documentation for Net::SSLeay.
+ Thanks to John Jetmore.
+ - Check for presence of libssl headers in Makefile.PL, and exit with an
+ error instead of generating an invalid Makefile if they cannot be found.
+ Fixes RT#105189. Thanks to James E Keenan for the report.
+ - Added support for SSL_CTX_set_msg_callback/SSL_set_msg_callback
+ Thanks to Tim Aerts.
+ - Adjust time in ASN1_TIME_timet based on current offset to GMT to
+ address GH-148. Thanks to Steffen Ullrich.
+ - Multiple updates to tests to match OpenSSL 3.0 behaviour.
+ Thanks to Michal Josef Špaček.
+ - OpenSSL 3.0 related changes in tests include:
+ - TLSv1 and TLSv1.1 require security level 0 starting with 3.0 alpha 5.
+ - SSL_CTX_set_ciphersuites() and SSL_set_ciphersuites() ignore
+ unknown ciphersuites starting with 3.0 alpha 11.
+ - Error code and error string packing and formatting changes.
+ - PEM_get_string_PrivateKey default algorithm requires legacy provider.
+ - See OpenSSL manual page migration_guide(7) for more information about
+ changes in OpenSSL 3.0.
+ - Automatically detect OpenSSL installed via Homebrew on ARM-based macOS
+ systems. Thanks to Graham Knop for the patch.
+ - Account for the divergence in TLSv1.3 ciphersuite names between OpenSSL and
+ LibreSSL, which was causing failures of some TLSv1.3 tests with LibreSSL.
+ - In 36_verify.t, account for the presence of the X509_V_FLAG_LEGACY_VERIFY
+ flag (signalling the use of the legacy X.509 verifier) in LibreSSL 3.3.2 and
+ above.
+ - In 43_misc_functions.t, account for the fact that LibreSSL 3.2.0 and above
+ implement TLSv1.3 without exposing a TLS1_3_VERSION constant.
+ - Expose OpenSSL 3.0 functions
+ OSSL_LIB_CTX_get0_global_default, OSSL_PROVIDER_load,
+ OSSL_PROVIDER_try_load, OSSL_PROVIDER_unload,
+ OSSL_PROVIDER_available, OSSL_PROVIDER_do_all
+ OSSL_PROVIDER_get0_name and OSSL_PROVIDER_self_test.
+ Add test files 22_provider.t, 22_provider_try_load.t and
+ 22_provider_try_load_zero_retain.t.
+ - With OpenSSL 3.0 and later, the legacy provider is loaded in
+ 33_x509_create_cert.t to allow PEM_get_string_PrivateKey to
+ continue working until its default encryption method is
+ updated. Fixes GH-272 and closes GH-273.
+ - Remove the test suite's optional dependency on the non-core modules
+ Test::Exception, Test::NoWarnings and Test::Warn. Tests that verify
+ Net::SSLeay's behaviour when errors occur are now executed regardless of the
+ availability of these modules.
+
1.90 2021-01-21
- New stable release incorporating all changes from developer releases
1.89_01 to 1.89_05.
diff --git a/MANIFEST b/MANIFEST
index dfc6f1f..cbad0d0 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -199,6 +199,9 @@ t/local/11_read.t
t/local/15_bio.t
t/local/20_autoload.t
t/local/21_constants.t
+t/local/22_provider.t
+t/local/22_provider_try_load.t
+t/local/22_provider_try_load_zero_retain.t
t/local/30_error.t
t/local/31_rsa_generate_key.t
t/local/32_x509_get_cert_info.t
@@ -215,6 +218,7 @@ t/local/42_info_callback.t
t/local/43_misc_functions.t
t/local/44_sess.t
t/local/45_exporter.t
+t/local/46_msg_callback.t
t/local/50_digest.t
t/local/61_threads-cb-crash.t
t/local/62_threads-ctx_new-deadlock.t
diff --git a/Makefile.PL b/Makefile.PL
index 6dcf155..eefa656 100644
--- a/Makefile.PL
+++ b/Makefile.PL
@@ -4,10 +4,22 @@ use strict;
use warnings;
use Config;
+use English qw( $OSNAME -no_match_vars );
use ExtUtils::MakeMaker;
use File::Basename ();
use File::Spec;
+use File::Spec::Functions qw(catfile);
use Symbol qw(gensym);
+use Text::Wrap;
+
+# According to http://cpanwiki.grango.org/wiki/CPANAuthorNotes, the ideal
+# behaviour to exhibit when a prerequisite does not exist is to use exit code 0
+# to ensure smoke testers stop immediately without reporting a FAIL; in all
+# other environments, we want to fail more loudly
+use constant MISSING_PREREQ => ( $ENV{AUTOMATED_TESTING} ? 0 : 1 );
+
+# Error messages displayed with alert() will be this many columns wide
+use constant ALERT_WIDTH => 78;
# Define this to one if you want to link the openssl libraries statically into
# the Net-SSLeay loadable object on Windows
@@ -34,7 +46,11 @@ my %eumm_args = (
VERSION_FROM => 'lib/Net/SSLeay.pm',
MIN_PERL_VERSION => '5.8.1',
CONFIGURE_REQUIRES => {
+ 'English' => '0',
'ExtUtils::MakeMaker' => '0',
+ 'File::Spec::Functions' => '0',
+ 'Text::Wrap' => '0',
+ 'constant' => '0',
},
TEST_REQUIRES => {
'Carp' => '0',
@@ -47,6 +63,7 @@ my %eumm_args = (
'SelectSaver' => '0',
'Socket' => '0',
'Storable' => '0',
+ 'Test::Builder' => '0',
'Test::More' => '0.60_01',
'base' => '0',
},
@@ -126,12 +143,38 @@ sub ssleay {
EOM
exit 0; # according https://wiki.cpantesters.org/wiki/CPANAuthorNotes this is best-practice when "missing library"
}
+
+ my $opts = ssleay_get_build_opts($prefix);
+
+ # Ensure libssl headers exist before continuing - compilation will fail
+ # without them
+ if ( !defined $opts->{inc_path} ) {
+ my $detail =
+ 'The libssl header files are required to build Net-SSLeay, but '
+ . 'they are missing from ' . $prefix . '. They would typically '
+ . 'reside in ' . catfile( $prefix, 'include', 'openssl' ) . '.';
+
+ if ( $OSNAME eq 'linux' ) {
+ $detail .=
+ "\n\n"
+ . 'If you are using the version of OpenSSL/LibreSSL packaged '
+ . 'by your Linux distribution, you may need to install the '
+ . 'corresponding "development" package via your package '
+ . 'manager (e.g. libssl-dev for OpenSSL on Debian and Ubuntu, '
+ . 'or openssl-devel for OpenSSL on Red Hat Enterprise Linux '
+ . 'and Fedora).';
+ }
+
+ alert( 'Could not find libssl headers', $detail );
+
+ exit MISSING_PREREQ;
+ }
+
check_openssl_version($prefix, $exec);
- my $opts = ssleay_get_build_opts($prefix, $exec);
my %args = (
CCCDLFLAGS => $opts->{cccdlflags},
OPTIMIZE => $opts->{optimize},
- INC => join(' ', map qq{-I"$_"}, @{$opts->{inc_paths}}),
+ INC => qq{-I"$opts->{inc_path}"},
LIBS => join(' ', (map '-L'.maybe_quote($_), @{$opts->{lib_paths}}), (map {"-l$_"} @{$opts->{lib_links}})),
);
# From HMBRAND to handle multple version of OPENSSL installed
@@ -145,15 +188,28 @@ EOM
sub maybe_quote { $_[0] =~ / / ? qq{"$_[0]"} : $_[0] }
sub ssleay_get_build_opts {
- my ($prefix, $exec) = @_;
+ my ($prefix) = @_;
my $opts = {
lib_links => [],
cccdlflags => '',
};
- for ("$prefix/include", "$prefix/inc32", '/usr/kerberos/include') {
- push @{$opts->{inc_paths}}, $_ if -f "$_/openssl/ssl.h";
+
+ my @try_includes = (
+ 'include' => sub { 1 },
+ 'inc32' => sub { $OSNAME eq 'MSWin32' },
+ );
+
+ while (
+ !defined $opts->{inc_path}
+ && defined( my $dir = shift @try_includes )
+ && defined( my $cond = shift @try_includes )
+ ) {
+ if ( $cond->() && -f "$prefix/$dir/openssl/ssl.h" ) {
+ $opts->{inc_path} = "$prefix/$dir";
+ }
}
+
for ($prefix, "$prefix/lib64", "$prefix/lib", "$prefix/out32dll") {
push @{$opts->{lib_paths}}, $_ if -d $_;
}
@@ -251,6 +307,7 @@ sub find_openssl_prefix {
my @guesses = (
'/home/linuxbrew/.linuxbrew/opt/openssl/bin/openssl' => '/home/linuxbrew/.linuxbrew/opt/openssl', # LinuxBrew openssl
+ '/opt/homebrew/opt/openssl/bin/openssl' => '/opt/homebrew/opt/openssl', # macOS ARM homebrew
'/usr/local/opt/openssl/bin/openssl' => '/usr/local/opt/openssl', # OSX homebrew openssl
'/usr/local/bin/openssl' => '/usr/local', # OSX homebrew openssl
'/opt/local/bin/openssl' => '/opt/local', # Macports openssl
@@ -364,3 +421,21 @@ sub fixpath {
$text =~ s{\b/}{$sep}g;
return $text;
}
+
+sub alert {
+ my ( $err, $detail ) = @_;
+
+ local $Text::Wrap::columns = ALERT_WIDTH - 4;
+
+ print "\n";
+
+ print '*' x ALERT_WIDTH, "\n";
+ print '* ', uc($err), ' ' x ( ALERT_WIDTH - length($err) - 4 ), ' *', "\n";
+ print '*', ' ' x ( ALERT_WIDTH - 2 ), '*', "\n";
+
+ for ( split /\n/, Text::Wrap::wrap( '', '', $detail ) ) {
+ print '* ', $_, ' ' x ( ALERT_WIDTH - length($_) - 4 ), ' *', "\n";
+ }
+
+ print '*' x ALERT_WIDTH, "\n";
+}
diff --git a/README b/README
index b720673..4d021f1 100644
--- a/README
+++ b/README
@@ -22,11 +22,11 @@ Perl 5.8.1 or higher.
One of the following libssl implementations:
* Any stable release of OpenSSL (https://www.openssl.org) in the
- 0.9.8 - 1.1.1 branches, except for OpenSSL 0.9.8 - 0.9.8b.
+ 0.9.8 - 3.0 branches, except for OpenSSL 0.9.8 - 0.9.8b.
* Any stable release of LibreSSL (https://www.libressl.org) in the
- 2.0 - 3.1 series.
+ 2.0 - 3.1 series or 3.3 series.
-Net-SSLeay may not compile or pass its tests against newer releases
+Net-SSLeay may not compile or pass its tests against releases other
than the ones listed above due to libssl API incompatibilities, or, in
the case of LibreSSL, because of deviations from the libssl API.
diff --git a/SSLeay.xs b/SSLeay.xs
index 02b81e7..350e0d7 100644
--- a/SSLeay.xs
+++ b/SSLeay.xs
@@ -195,6 +195,9 @@ which conflicts with perls
#if OPENSSL_VERSION_NUMBER >= 0x10000000L
#include <openssl/ocsp.h>
#endif
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+#include <openssl/provider.h>
+#endif
#undef BLOCK
/* Debugging output - to enable use:
@@ -1474,6 +1477,71 @@ void ssleay_ctx_info_cb_invoke(const SSL *ssl, int where, int ret)
LEAVE;
}
+void ssleay_msg_cb_invoke(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
+{
+ dSP;
+ SV *cb_func, *cb_data;
+
+ cb_func = cb_data_advanced_get(ssl, "ssleay_msg_cb!!func");
+ cb_data = cb_data_advanced_get(ssl, "ssleay_msg_cb!!data");
+
+ if ( ! SvROK(cb_func) || (SvTYPE(SvRV(cb_func)) != SVt_PVCV))
+ croak ("Net::SSLeay: ssleay_msg_cb_invoke called, but not set to point to any perl function.\n");
+
+ ENTER;
+ SAVETMPS;
+
+ PUSHMARK(SP);
+ XPUSHs(sv_2mortal(newSViv(write_p)));
+ XPUSHs(sv_2mortal(newSViv(version)));
+ XPUSHs(sv_2mortal(newSViv(content_type)));
+ XPUSHs(sv_2mortal(newSVpv((const char*)buf, len)));
+ XPUSHs(sv_2mortal(newSViv(len)));
+ XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
+ XPUSHs(sv_2mortal(newSVsv(cb_data)));
+ PUTBACK;
+
+ call_sv(cb_func, G_VOID);
+
+ SPAGAIN;
+ PUTBACK;
+ FREETMPS;
+ LEAVE;
+}
+
+void ssleay_ctx_msg_cb_invoke(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
+{
+ dSP;
+ SV *cb_func, *cb_data;
+ SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
+
+ cb_func = cb_data_advanced_get(ctx, "ssleay_ctx_msg_cb!!func");
+ cb_data = cb_data_advanced_get(ctx, "ssleay_ctx_msg_cb!!data");
+
+ if ( ! SvROK(cb_func) || (SvTYPE(SvRV(cb_func)) != SVt_PVCV))
+ croak ("Net::SSLeay: ssleay_ctx_msg_cb_invoke called, but not set to point to any perl function.\n");
+
+ ENTER;
+ SAVETMPS;
+
+ PUSHMARK(SP);
+ XPUSHs(sv_2mortal(newSViv(write_p)));
+ XPUSHs(sv_2mortal(newSViv(version)));
+ XPUSHs(sv_2mortal(newSViv(content_type)));
+ XPUSHs(sv_2mortal(newSVpv((const char*)buf, len)));
+ XPUSHs(sv_2mortal(newSViv(len)));
+ XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
+ XPUSHs(sv_2mortal(newSVsv(cb_data)));
+ PUTBACK;
+
+ call_sv(cb_func, G_VOID);
+
+ SPAGAIN;
+ PUTBACK;
+ FREETMPS;
+ LEAVE;
+}
+
/*
* Support for tlsext_ticket_key_cb_invoke was already in 0.9.8 but it was
* broken in various ways during the various 1.0.0* versions.
@@ -1652,9 +1720,45 @@ void ssleay_ssl_ctx_sess_remove_cb_invoke(SSL_CTX *ctx, SSL_SESSION *sess)
LEAVE;
}
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+int ossl_provider_do_all_cb_invoke(OSSL_PROVIDER *provider, void *cbdata) {
+ dSP;
+ int ret = 1;
+ int count = -1;
+ simple_cb_data_t *cb = cbdata;
+
+ PR1("STARTED: ossl_provider_do_all_cb_invoke\n");
+ if (cb->func && SvOK(cb->func)) {
+ ENTER;
+ SAVETMPS;
+
+ PUSHMARK(SP);
+ XPUSHs(sv_2mortal(newSViv(PTR2IV(provider))));
+ if (cb->data) XPUSHs(cb->data);
+
+ PUTBACK;
+
+ count = call_sv(cb->func, G_SCALAR);
+
+ SPAGAIN;
+
+ if (count != 1)
+ croak("Net::SSLeay: ossl_provider_do_all_cb_invoke perl function did not return a scalar\n");
+
+ ret = POPi;
+
+ PUTBACK;
+ FREETMPS;
+ LEAVE;
+ }
+
+ return ret;
+}
+#endif
+
/* ============= end of callback stuff, begin helper functions ============== */
-time_t ASN1_TIME_timet(ASN1_TIME *asn1t) {
+time_t ASN1_TIME_timet(ASN1_TIME *asn1t, time_t *gmtoff) {
struct tm t;
const char *p = (const char*) asn1t->data;
size_t msec = 0, tz = 0, i, l;
@@ -1720,7 +1824,14 @@ time_t ASN1_TIME_timet(ASN1_TIME *asn1t) {
result = mktime(&t);
if (result == -1) return 0; /* broken time */
- return result + adj + ( t.tm_isdst ? 3600:0 );
+ result += adj;
+ if (gmtoff && *gmtoff == -1) {
+ *gmtoff = result - mktime(gmtime(&result));
+ result += *gmtoff;
+ } else {
+ result += result - mktime(gmtime(&result));
+ }
+ return result;
}
X509 * find_issuer(X509 *cert,X509_STORE *store, STACK_OF(X509) *chain) {
@@ -4103,7 +4214,7 @@ X509V3_EXT_d2i(ext)
X509_STORE_CTX *
X509_STORE_CTX_new()
-void
+int
X509_STORE_CTX_init(ctx, store=NULL, x509=NULL, chain=NULL)
X509_STORE_CTX * ctx
X509_STORE * store
@@ -4336,6 +4447,10 @@ ASN1_TIME_free(s)
time_t
ASN1_TIME_timet(s)
ASN1_TIME *s
+ CODE:
+ RETVAL = ASN1_TIME_timet(s,NULL);
+ OUTPUT:
+ RETVAL
ASN1_TIME *
ASN1_TIME_new()
@@ -5447,6 +5562,39 @@ SSL_CTX_set_info_callback(ctx,callback,data=&PL_sv_undef)
SSL_CTX_set_info_callback(ctx, ssleay_ctx_info_cb_invoke);
}
+void
+SSL_set_msg_callback(ssl,callback,data=&PL_sv_undef)
+ SSL * ssl
+ SV * callback
+ SV * data
+ CODE:
+ if (callback==NULL || !SvOK(callback)) {
+ SSL_set_msg_callback(ssl, NULL);
+ cb_data_advanced_put(ssl, "ssleay_msg_cb!!func", NULL);
+ cb_data_advanced_put(ssl, "ssleay_msg_cb!!data", NULL);
+ } else {
+ cb_data_advanced_put(ssl, "ssleay_msg_cb!!func", newSVsv(callback));
+ cb_data_advanced_put(ssl, "ssleay_msg_cb!!data", newSVsv(data));
+ SSL_set_msg_callback(ssl, ssleay_msg_cb_invoke);
+ }
+
+void
+SSL_CTX_set_msg_callback(ctx,callback,data=&PL_sv_undef)
+ SSL_CTX * ctx
+ SV * callback
+ SV * data
+ CODE:
+ if (callback==NULL || !SvOK(callback)) {
+ SSL_CTX_set_msg_callback(ctx, NULL);
+ cb_data_advanced_put(ctx, "ssleay_ctx_msg_cb!!func", NULL);
+ cb_data_advanced_put(ctx, "ssleay_ctx_msg_cb!!data", NULL);
+ } else {
+ cb_data_advanced_put(ctx, "ssleay_ctx_msg_cb!!func", newSVsv(callback));
+ cb_data_advanced_put(ctx, "ssleay_ctx_msg_cb!!data", newSVsv(data));
+ SSL_CTX_set_msg_callback(ctx, ssleay_ctx_msg_cb_invoke);
+ }
+
+
int
SSL_set_purpose(s,purpose)
SSL * s
@@ -6172,7 +6320,7 @@ SSL_total_renegotiations(ssl)
OUTPUT:
RETVAL
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) || (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
void
SSL_SESSION_get_master_key(s)
SSL_SESSION * s
@@ -7348,6 +7496,7 @@ OCSP_response_results(rsp,...)
OCSP_BASICRESP *bsr;
int i,want_array;
time_t nextupd = 0;
+ time_t gmtoff = -1;
int getall,sksn;
bsr = OCSP_response_get1_basic(rsp);
@@ -7440,15 +7589,15 @@ OCSP_response_results(rsp,...)
hv_store(details,"statusType",10,
newSViv(status),0);
if (nextupdate) hv_store(details,"nextUpdate",10,
- newSViv(ASN1_TIME_timet(nextupdate)),0);
+ newSViv(ASN1_TIME_timet(nextupdate, &gmtoff)),0);
if (thisupdate) hv_store(details,"thisUpdate",10,
- newSViv(ASN1_TIME_timet(thisupdate)),0);
+ newSViv(ASN1_TIME_timet(thisupdate, &gmtoff)),0);
if (status == V_OCSP_CERTSTATUS_REVOKED) {
#if OPENSSL_VERSION_NUMBER < 0x10100000L
OCSP_REVOKEDINFO *rev = sir->certStatus->value.revoked;
revocationReason = ASN1_ENUMERATED_get(rev->revocationReason);
#endif
- hv_store(details,"revocationTime",14,newSViv(ASN1_TIME_timet(revocationTime)),0);
+ hv_store(details,"revocationTime",14,newSViv(ASN1_TIME_timet(revocationTime, &gmtoff)),0);
hv_store(details,"revocationReason",16,newSViv(revocationReason),0);
hv_store(details,"revocationReason_str",20,newSVpv(
OCSP_crl_reason_str(revocationReason),0),0);
@@ -7457,7 +7606,7 @@ OCSP_response_results(rsp,...)
XPUSHs(sv_2mortal(newRV_noinc((SV*)idav)));
} else if (!error) {
/* compute lowest nextUpdate */
- time_t nu = ASN1_TIME_timet(nextupdate);
+ time_t nu = ASN1_TIME_timet(nextupdate, &gmtoff);
if (!nextupd || nextupd>nu) nextupd = nu;
}
@@ -7599,4 +7748,71 @@ SSL_export_keying_material(ssl, outlen, label, context=&PL_sv_undef)
#endif
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+
+OSSL_LIB_CTX *
+OSSL_LIB_CTX_get0_global_default()
+
+
+OSSL_PROVIDER *
+OSSL_PROVIDER_load(SV *libctx, const char *name)
+ CODE:
+ OSSL_LIB_CTX *ctx = NULL;
+ if (libctx != &PL_sv_undef)
+ ctx = INT2PTR(OSSL_LIB_CTX *, SvIV(libctx));
+ RETVAL = OSSL_PROVIDER_load(ctx, name);
+ if (RETVAL == NULL)
+ XSRETURN_UNDEF;
+ OUTPUT:
+ RETVAL
+
+OSSL_PROVIDER *
+OSSL_PROVIDER_try_load(SV *libctx, const char *name, int retain_fallbacks)
+ CODE:
+ OSSL_LIB_CTX *ctx = NULL;
+ if (libctx != &PL_sv_undef)
+ ctx = INT2PTR(OSSL_LIB_CTX *, SvIV(libctx));
+ RETVAL = OSSL_PROVIDER_try_load(ctx, name, retain_fallbacks);
+ if (RETVAL == NULL)
+ XSRETURN_UNDEF;
+ OUTPUT:
+ RETVAL
+
+int
+OSSL_PROVIDER_unload(OSSL_PROVIDER *prov)
+
+int
+OSSL_PROVIDER_available(SV *libctx, const char *name)
+ CODE:
+ OSSL_LIB_CTX *ctx = NULL;
+ if (libctx != &PL_sv_undef)
+ ctx = INT2PTR(OSSL_LIB_CTX *, SvIV(libctx));
+ RETVAL = OSSL_PROVIDER_available(ctx, name);
+ OUTPUT:
+ RETVAL
+
+int
+OSSL_PROVIDER_do_all(SV *libctx, SV *perl_cb, SV *perl_cbdata = &PL_sv_undef)
+ PREINIT:
+ simple_cb_data_t* cbdata = NULL;
+ CODE:
+ OSSL_LIB_CTX *ctx = NULL;
+ if (libctx != &PL_sv_undef)
+ ctx = INT2PTR(OSSL_LIB_CTX *, SvIV(libctx));
+
+ /* setup our callback */
+ cbdata = simple_cb_data_new(perl_cb, perl_cbdata);
+ RETVAL = OSSL_PROVIDER_do_all(ctx, ossl_provider_do_all_cb_invoke, cbdata);
+ simple_cb_data_free(cbdata);
+ OUTPUT:
+ RETVAL
+
+const char *
+OSSL_PROVIDER_get0_name(const OSSL_PROVIDER *prov)
+
+int
+OSSL_PROVIDER_self_test(const OSSL_PROVIDER *prov)
+
+#endif
+
#define REM_EOF "/* EOF - SSLeay.xs */"
diff --git a/constants.c b/constants.c
index 722190c..cf5c0e7 100644
--- a/constants.c
+++ b/constants.c
@@ -4712,9 +4712,10 @@ constant (const char *name, size_t len) {
V_OCSP_CERTSTATUS_UNKNOWN X509_V_ERR_CA_MD_TOO_WEAK
X509_V_ERR_CERT_UNTRUSTED X509_V_ERR_EMAIL_MISMATCH
X509_V_ERR_INVALID_NON_CA X509_V_ERR_SUBTREE_MINMAX
- X509_V_FLAG_CRL_CHECK_ALL X509_V_FLAG_NOTIFY_POLICY
- X509_V_FLAG_NO_ALT_CHAINS X509_V_FLAG_NO_CHECK_TIME
- X509_V_FLAG_PARTIAL_CHAIN X509_V_FLAG_TRUSTED_FIRST */
+ X509_V_FLAG_CRL_CHECK_ALL X509_V_FLAG_LEGACY_VERIFY
+ X509_V_FLAG_NOTIFY_POLICY X509_V_FLAG_NO_ALT_CHAINS
+ X509_V_FLAG_NO_CHECK_TIME X509_V_FLAG_PARTIAL_CHAIN
+ X509_V_FLAG_TRUSTED_FIRST */
/* Offset 20 gives the best switch position. */
switch (name[20]) {
case '2':
@@ -4785,6 +4786,16 @@ constant (const char *name, size_t len) {
goto not_there;
#endif
+ }
+ if (!memcmp(name, "X509_V_FLAG_LEGACY_VERIFY", 25)) {
+ /* ^ */
+
+#ifdef X509_V_FLAG_LEGACY_VERIFY
+ return X509_V_FLAG_LEGACY_VERIFY;
+#else
+ goto not_there;
+#endif
+
}
break;
case 'F':
diff --git a/helper_script/regen_openssl_constants.pl b/helper_script/regen_openssl_constants.pl
index 6fd2908..4d6744b 100644
--- a/helper_script/regen_openssl_constants.pl
+++ b/helper_script/regen_openssl_constants.pl
@@ -94,14 +94,12 @@ sub t_file {
use lib 'inc';
use Net::SSLeay;
-use Test::Net::SSLeay;
+use Test::Net::SSLeay qw(dies_like);
-eval "use Test::Exception;";
-if (\$@) {
- plan skip_all => 'Some tests need Test::Exception';
-} else {
- plan tests => $count;
-}
+# We rely on symbolic references to run the dies_like() tests:
+no strict 'refs';
+
+plan tests => $count;
my \@c = (qw/
$list
@@ -110,9 +108,12 @@ $list
my \@missing;
my \%h = map { \$_=>1 } \@Net::SSLeay::EXPORT_OK;
-for (\@c) {
- like(eval("&Net::SSLeay::\$_; 'ok'") || \$\@, qr/^(ok|Your vendor has not defined SSLeay macro.*)\$/, "\$_");
- push(\@missing, \$_) unless \$h{\$_};
+for my \$c (\@c) {
+ dies_like(sub {
+ "Net::SSLeay::\$c"->();
+ die "ok\\n";
+ }, qr/^(ok\\n|Your vendor has not defined SSLeay macro.*)\$/, "\$c");
+ push(\@missing, \$c) unless \$h{\$c};
}
is(join(",", sort \@missing), '', 'constants missing in \@EXPORT_OK count='.scalar(\@missing));
@@ -670,6 +671,7 @@ X509_V_FLAG_EXTENDED_CRL_SUPPORT
X509_V_FLAG_IGNORE_CRITICAL
X509_V_FLAG_INHIBIT_ANY
X509_V_FLAG_INHIBIT_MAP
+X509_V_FLAG_LEGACY_VERIFY
X509_V_FLAG_NO_ALT_CHAINS
X509_V_FLAG_NO_CHECK_TIME
X509_V_FLAG_NOTIFY_POLICY
diff --git a/inc/Test/Net/SSLeay.pm b/inc/Test/Net/SSLeay.pm
index 9a85083..30d1199 100644
--- a/inc/Test/Net/SSLeay.pm
+++ b/inc/Test/Net/SSLeay.pm
@@ -11,6 +11,7 @@ use Cwd qw(abs_path);
use English qw( $EVAL_ERROR $OSNAME $PERL_VERSION -no_match_vars );
use File::Basename qw(dirname);
use File::Spec::Functions qw( abs2rel catfile );
+use Test::Builder;
use Test::Net::SSLeay::Socket;
our $VERSION = '1.90';
@@ -18,14 +19,21 @@ our $VERSION = '1.90';
our @EXPORT_OK = qw(
can_fork can_really_fork can_thread
data_file_path
+ dies_like
+ dies_ok
+ doesnt_warn
initialise_libssl
is_libressl is_openssl
is_protocol_usable
+ lives_ok
new_ctx
protocols
tcp_socket
+ warns_like
);
+my $tester = Test::Builder->new();
+
my $data_path = catfile( dirname(__FILE__), '..', '..', '..', 't', 'data' );
my $initialised = 0;
@@ -63,6 +71,29 @@ my %protos = (
},
);
+my ( $test_no_warnings, $test_no_warnings_name, @warnings );
+
+END {
+ _test_no_warnings() if $test_no_warnings;
+}
+
+sub _all {
+ my ( $sub, @list ) = @_;
+
+ for (@list) {
+ $sub->() or return 0;
+ }
+
+ return 1;
+}
+
+sub _diag {
+ my (%args) = @_;
+
+ $tester->diag( ' ' x 9, 'got: ', $args{got} );
+ $tester->diag( ' ' x 4, 'expected: ', $args{expected} );
+}
+
sub _libssl_fatal {
my ($context) = @_;
@@ -76,6 +107,17 @@ sub _load_net_ssleay {
return 1;
}
+sub _test_no_warnings {
+ my $got_str = join q{, }, map { qq{'$_'} } @warnings;
+ my $got_type = @warnings == 1 ? 'warning' : 'warnings';
+
+ $tester->ok( @warnings == 0, $test_no_warnings_name )
+ or _diag(
+ got => "$got_type $got_str",
+ expected => 'no warnings',
+ );
+}
+
sub import {
my ( $class, @imports ) = @_;
@@ -152,6 +194,69 @@ sub data_file_path {
return $rel_path;
}
+sub dies_like {
+ my ( $sub, $expected, $name ) = @_;
+
+ my ( $got, $ok );
+
+ if ( eval { $sub->(); 1 } ) {
+ $ok = $tester->ok ( 0, $name );
+
+ _diag(
+ got => 'subroutine lived',
+ expected => "subroutine died with exception matching $expected",
+ );
+ }
+ else {
+ $got = $EVAL_ERROR;
+
+ my $test = $got =~ $expected;
+
+ $ok = $tester->ok( $test, $name )
+ or _diag(
+ got => qq{subroutine died with exception '$got'},
+ expected => "subroutine died with exception matching $expected",
+ );
+ }
+
+ $EVAL_ERROR = $got;
+
+ return $ok;
+}
+
+sub dies_ok {
+ my ( $sub, $name ) = @_;
+
+ my ( $got, $ok );
+
+ if ( eval { $sub->(); 1 } ) {
+ $got = $EVAL_ERROR;
+
+ $ok = $tester->ok ( 0, $name );
+
+ _diag(
+ got => 'subroutine lived',
+ expected => 'subroutine died',
+ );
+ }
+ else {
+ $got = $EVAL_ERROR;
+
+ $ok = $tester->ok( 1, $name );
+ }
+
+ $EVAL_ERROR = $got;
+
+ return $ok;
+}
+
+sub doesnt_warn {
+ $test_no_warnings = 1;
+ $test_no_warnings_name = shift;
+
+ $SIG{__WARN__} = sub { push @warnings, shift };
+}
+
sub initialise_libssl {
return 1 if $initialised;
@@ -304,6 +409,32 @@ sub is_protocol_usable {
croak 'Unexpected TLS state machine sequence: ' . join( ', ', @states );
}
+sub lives_ok {
+ my ( $sub, $name ) = @_;
+
+ my ( $got, $ok );
+
+ if ( !eval { $sub->(); 1 } ) {
+ $got = $EVAL_ERROR;
+
+ $ok = $tester->ok ( 0, $name );
+
+ _diag(
+ got => qq{subroutine died with exception '$got'},
+ expected => 'subroutine lived',
+ );
+ }
+ else {
+ $got = $EVAL_ERROR;
+
+ $ok = $tester->ok( 1, $name );
+ }
+
+ $EVAL_ERROR = $got;
+
+ return $ok;
+}
+
sub new_ctx {
my ( $min_proto, $max_proto ) = @_;
@@ -362,6 +493,41 @@ sub tcp_socket {
return Test::Net::SSLeay::Socket->new( proto => 'tcp' );
}
+sub warns_like {
+ my ( $sub, $expected, $name ) = @_;
+
+ my @expected = ref $expected eq 'ARRAY'
+ ? @$expected
+ : ($expected);
+
+ my @got;
+
+ local $SIG{__WARN__} = sub { push @got, shift };
+
+ $sub->();
+
+ $SIG{__WARN__} = 'DEFAULT';
+
+ my $test = scalar @got == scalar @expected
+ && _all( sub { $got[$_] =~ $expected[$_] }, 0 .. $#got );
+
+ my $ok = $tester->ok( $test, $name )
+ or do {
+ my $got_str = join q{, }, map { qq{'$_'} } @got;
+ my $expected_str = join q{, }, map { qq{'$_'} } @expected;
+
+ my $got_plural = @got == 1 ? '' : 's';
+ my $expected_plural = @expected == 1 ? '' : 's';
+
+ _diag(
+ got => "warning$got_plural $got_str",
+ expected => "warning$expected_plural matching $expected_str",
+ );
+ };
+
+ return $ok;
+}
+
1;
__END__
@@ -466,6 +632,49 @@ this Perl, or false if not.
Returns the relative path to a given file in the test suite data directory
(C<t/local/>). Dies if the file does not exist.
+=head2 dies_like
+
+ dies_like(
+ sub { die 'This subroutine always dies' },
+ qr/always/,
+ 'A test that always passes'
+ );
+
+Similar to L<C<throws_ok> in Test::Exception|Test::Exception/throws_ok>:
+performs a L<Test::Builder> test that passes if a given subroutine dies with an
+exception string that matches a given pattern, or fails if the subroutine does
+not die or dies with an exception string that does not match the given pattern.
+
+This function preserves the value of C<$@> set by the given subroutine, so (for
+example) other tests can be performed on the value of C<$@> afterwards.
+
+=head2 dies_ok
+
+ dies_ok(
+ sub { my $x = 1 },
+ 'A test that always fails'
+ );
+
+Similar to L<C<dies_ok> in Test::Exception|Test::Exception/dies_ok>: performs a
+L<Test::Builder> test that passes if a given subroutine dies, or fails if it
+does not.
+
+This function preserves the value of C<$@> set by the given subroutine, so (for
+example) other tests can be performed on the value of C<$@> afterwards.
+
+=head2 doesnt_warn
+
+ doesnt_warn('Test script outputs no unexpected warnings');
+
+Offers similar functionality to L<Test::NoWarnings>: performs a L<Test::Builder>
+test at the end of the test script that passes if the test script executes from
+this point onwards without emitting any unexpected warnings, or fails if
+warnings are emitted before the test script ends.
+
+Warnings omitted by subroutines that are executed as part of a L</warns_like>
+test are not considered to be unexpected (even if the L</warns_like> test
+fails), and will therefore not cause this test to fail.
+
=head2 initialise_libssl
initialise_libssl();
@@ -514,6 +723,20 @@ C<no-ssl3>), or run-time configuration (e.g., the use of TLSv1.0 will be
forbidden if the OpenSSL configuration sets the default security level to 3 or
higher; see L<SSL_CTX_set_security_level(3)>).
+=head2 lives_ok
+
+ lives_ok(
+ sub { die 'Whoops' },
+ 'A test that always fails'
+ );
+
+Similar to L<C<lives_ok> in Test::Exception|Test::Exception/lives_ok>: performs
+a L<Test::Builder> test that passes if a given subroutine executes without
+dying, or fails if it dies during execution.
+
+This function preserves the value of C<$@> set by the given subroutine, so (for
+example) other tests can be performed on the value of C<$@> afterwards.
+
=head2 new_ctx
my $ctx = new_ctx();
@@ -566,6 +789,27 @@ closing connections.
Returns a L<Test::Net::SSLeay::Socket|Test::Net::SSLeay::Socket> object. Dies
on failure.
+=head2 warns_like
+
+ warns_like(
+ sub {
+ warn 'First warning';
+ warn 'Second warning';
+ },
+ [
+ qr/First/,
+ qr/Second/,
+ ],
+ 'A test that always passes'
+ );
+
+Similar to L<C<warnings_like> in Test::Warn|Test::Warn/warnings_like>: performs
+a L<Test::Builder> test that passes if a given subroutine emits a series of
+warnings that match the given sequence of patterns, or fails if the subroutine
+emits any other sequence of warnings (or no warnings at all). If a pattern is
+given instead of an array reference, the subroutine will be expected to emit a
+single warning matching the pattern.
+
=head1 BUGS
If you encounter a problem with this module that you believe is a bug, please
diff --git a/lib/Net/SSLeay.pm b/lib/Net/SSLeay.pm
index 99ac77f..fde0872 100644
--- a/lib/Net/SSLeay.pm
+++ b/lib/Net/SSLeay.pm
@@ -421,6 +421,7 @@ $VERSION = '1.90';
V_OCSP_CERTSTATUS_GOOD
V_OCSP_CERTSTATUS_REVOKED
V_OCSP_CERTSTATUS_UNKNOWN
+ X509_V_FLAG_LEGACY_VERIFY
);
sub AUTOLOAD {
diff --git a/lib/Net/SSLeay.pod b/lib/Net/SSLeay.pod
index 6036b36..f0e8a10 100644
--- a/lib/Net/SSLeay.pod
+++ b/lib/Net/SSLeay.pod
@@ -49,17 +49,17 @@ Net::SSLeay supports the following libssl implementations:
=item *
-Any stable release of L<OpenSSL|https://www.openssl.org> in the 0.9.8 - 1.1.1
+Any stable release of L<OpenSSL|https://www.openssl.org> in the 0.9.8 - 3.0
branches, except for OpenSSL 0.9.8 - 0.9.8b.
=item *
Any stable release of L<LibreSSL|https://www.libressl.org> in the 2.0 - 3.1
-series.
+series or 3.3 series.
=back
-Net::SSLeay may not function as expected with newer releases than the ones
+Net::SSLeay may not function as expected with releases other than the ones
listed above due to libssl API incompatibilities, or, in the case of LibreSSL,
because of deviations from the libssl API.
@@ -926,6 +926,7 @@ a session secret callback can be set up to be called when a session secret is se
by openssl.
Establish it like this:
+
Net::SSLeay::set_session_secret_cb($ssl, \&session_secret_cb, $somedata);
It will be called like this:
@@ -2576,7 +2577,7 @@ Check openssl doc L<http://www.openssl.org/docs/ssl/SSL_CTX_set_timeout.html|htt
=item * CTX_get_verify_depth
-Returns the verification depth limit currently set in $ctx. If no limit has been explicitly set, -1 is returned and the default value will be used.",
+Returns the verification depth limit currently set in $ctx. If no limit has been explicitly set, -1 is returned and the default value will be used.
my $rv = Net::SSLeay::CTX_get_verify_depth($ctx);
# $ctx - value corresponding to openssl's SSL_CTX structure
@@ -4624,6 +4625,34 @@ When callback is undef, an existing callback will be disabled.
Check openssl doc L<http://www.openssl.org/docs/ssl/SSL_CTX_set_info_callback.html|http://www.openssl.org/docs/ssl/SSL_CTX_set_info_callback.html>
+=item * set_msg_callback
+
+Sets the callback function, that can be used to obtain protocol messages information for $ssl during connection setup and use.
+When callback is undef, the callback setting currently valid for ctx is used.
+Note that set_msg_callback_arg is not provided as there is no need to explicitly set $arg, this is handled by set_msg_callback.
+
+ Net::SSLeay::set_msg_callback($ssl, $cb, [$arg]);
+ # $ssl - value corresponding to openssl's SSL structure
+ # $cb - sub { my ($write_p,$version,$content_type,$buf,$len,$ssl,$arg) = @_; ... }
+ #
+ # returns: no return value
+
+Check openssl doc L<http://www.openssl.org/docs/manmaster/man3/SSL_set_msg_callback.html|http://www.openssl.org/docs/manmaster/man3/SSL_set_msg_callback.html>
+
+=item * CTX_set_msg_callback
+
+Sets the callback function on ctx, that can be used to obtain protocol messages information for ssl connection setup and use.
+When callback is undef, the existing callback will be disabled.
+Note that CTX_set_msg_callback_arg is not provided as there is no need to explicitly set $arg, this is handled by CTX_set_msg_callback.
+
+ Net::SSLeay::CTX_set_msg_callback($ssl, $cb, [$arg]);
+ # $ssl - value corresponding to openssl's SSL structure
+ # $cb - sub { my ($write_p,$version,$content_type,$buf,$len,$ssl,$arg) = @_; ... }
+ #
+ # returns: no return value
+
+Check openssl doc L<http://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_msg_callback.html|http://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_msg_callback.html>
+
=item * set_pref_cipher
Sets the list of available ciphers for $ssl using the control string $str.
@@ -4709,13 +4738,13 @@ Setup pre-shared secret session resumption function.
# returns: no return value
The callback function will be called like:
-callback_function($secret, $ciphers, $pref_cipher, $data);
-# $secret is the current master session key, usually all 0s at the beginning of a session
-# $ciphers is ref to an array of peer cipher names
-# $pref_cipher is a ref to an index into the list of cipher names of
-# the preferred cipher. Set it if you want to specify a preferred cipher
-# $data is the data passed to set_session_secret_cb
+ callback_function($secret, $ciphers, $pref_cipher, $data);
+ # $secret is the current master session key, usually all 0s at the beginning of a session
+ # $ciphers is ref to an array of peer cipher names
+ # $pref_cipher is a ref to an index into the list of cipher names of
+ # the preferred cipher. Set it if you want to specify a preferred cipher
+ # $data is the data passed to set_session_secret_cb
The callback function should return 1 if it likes the suggested cipher (or has selected an alternative
by setting pref_cipher), else it should return 0 (in which case OpenSSL will select its own preferred cipher).
@@ -4735,12 +4764,12 @@ Setup encryption for TLS session tickets (stateless session reuse).
# returns: no return value
The callback function will be called like:
-getkey($data,[$key_name]) -> ($key,$current_key_name)
-# $data is the data passed to set_session_secret_cb
-# $key_name is the name of the key OpenSSL has extracted from the session ticket
-# $key is the requested key for ticket encryption + HMAC
-# $current_key_name is the name for the currently valid key
+ getkey($data,[$key_name]) -> ($key,$current_key_name)
+ # $data is the data passed to set_session_secret_cb
+ # $key_name is the name of the key OpenSSL has extracted from the session ticket
+ # $key is the requested key for ticket encryption + HMAC
+ # $current_key_name is the name for the currently valid key
OpenSSL will call the function without a key name if it generates a new ticket.
It then needs the callback to return the encryption+HMAC key and an identifier
@@ -4805,12 +4834,12 @@ Setup callback for TLS session tickets (stateless session reuse).
# returns: no return value
The callback function will be called like:
-getticket($ssl,$ticket,$data) -> $return_value
-# $ssl is a value corresponding to openssl's SSL structure
-# $ticket is a value of received TLS session ticket (can also be empty)
-# $data is the data passed to set_session_ticket_ext_cb
-# $return_value is either 0 (failure) or 1 (success)
+ getticket($ssl,$ticket,$data) -> $return_value
+ # $ssl is a value corresponding to openssl's SSL structure
+ # $ticket is a value of received TLS session ticket (can also be empty)
+ # $data is the data passed to set_session_ticket_ext_cb
+ # $return_value is either 0 (failure) or 1 (success)
This function is based on the OpenSSL function SSL_set_session_ticket_ext_cb.
@@ -4825,12 +4854,12 @@ Set TLS session ticket (stateless session reuse).
# returns: no return value
The callback function will be called like:
-getticket($ssl,$ticket,$data) -> $return_value
-# $ssl is a value corresponding to openssl's SSL structure
-# $ticket is a value of received TLS session ticket (can also be empty)
-# $data is the data passed to set_session_ticket_ext_cb
-# $return_value is either 0 (failure) or 1 (success)
+ getticket($ssl,$ticket,$data) -> $return_value
+ # $ssl is a value corresponding to openssl's SSL structure
+ # $ticket is a value of received TLS session ticket (can also be empty)
+ # $data is the data passed to set_session_ticket_ext_cb
+ # $return_value is either 0 (failure) or 1 (success)
This function is based on the OpenSSL function SSL_set_session_ticket_ext_cb.
@@ -6129,7 +6158,7 @@ Returns X509_EXTENSION from $x509 based on given NID.
Returns fingerprint of certificate $cert.
B<NOTE:> Does not exactly correspond to any low level API function. The implementation
-is basen on openssl's C<X509_digest()>.
+is based on openssl's C<X509_digest()>.
Net::SSLeay::X509_get_fingerprint($x509, $type);
# $x509 - value corresponding to openssl's X509 structure
@@ -7501,12 +7530,15 @@ returns a newly initialised X509_STORE_CTX structure.
X509_STORE_CTX_init() sets up an X509_STORE_CTX for a subsequent verification operation.
It must be called before each call to X509_verify_cert().
-Net::SSLeay::X509_STORE_CTX_init($x509_store_ctx, $x509_store, $x509, $chain);
-
-# $x509_store_ctx - value corresponding to openssl's X509_STORE_CTX structure (required)
-# $x509_store - value corresponding to openssl's X509_STORE structure (optional)
-# $x509 - value corresponding to openssl's X509 structure (optional)
-# $chain - value corresponding to openssl's STACK_OF(X509) structure (optional)
+ my $rv = Net::SSLeay::X509_STORE_CTX_init($x509_store_ctx, $x509_store, $x509, $chain);
+ # $x509_store_ctx - value corresponding to openssl's X509_STORE_CTX structure (required)
+ # $x509_store - value corresponding to openssl's X509_STORE structure (optional)
+ # $x509 - value corresponding to openssl's X509 structure (optional)
+ # $chain - value corresponding to openssl's STACK_OF(X509) structure (optional)
+ #
+ # returns: 1 on success, 0 on failure
+ #
+ # Note: returns nothing with Net::SSLeay 1.90 and earlier.
Check openssl doc L<https://www.openssl.org/docs/man1.0.2/crypto/X509_STORE_CTX_init.html|https://www.openssl.org/docs/man1.0.2/crypto/X509_STORE_CTX_init.html>
@@ -7514,7 +7546,7 @@ Check openssl doc L<https://www.openssl.org/docs/man1.0.2/crypto/X509_STORE_CTX_
Frees an X509_STORE_CTX structure.
-Net::SSLeay::X509_STORE_CTX_free($x509_store_ctx);
+ Net::SSLeay::X509_STORE_CTX_free($x509_store_ctx);
# $x509_store_ctx - value corresponding to openssl's X509_STORE_CTX structure
@@ -7527,10 +7559,10 @@ of the process is contained in the verify(1) manual page.
If this function returns 0, use X509_STORE_CTX_get_error to get additional error
information.
-my $rv = Net::SSLeay::X509_verify_cert($x509_store_ctx);
-# $x509_store_ctx - value corresponding to openssl's X509_STORE_CTX structure
-#
-# returns: 1 if a complete chain can be built and validated, otherwise 0
+ my $rv = Net::SSLeay::X509_verify_cert($x509_store_ctx);
+ # $x509_store_ctx - value corresponding to openssl's X509_STORE_CTX structure
+ #
+ # returns: 1 if a complete chain can be built and validated, otherwise 0
Check openssl doc L<https://www.openssl.org/docs/manmaster/man3/X509_verify_cert.html|https://www.openssl.org/docs/manmaster/man3/X509_verify_cert.html>
@@ -7633,27 +7665,27 @@ Check openssl doc L<http://www.openssl.org/docs/crypto/X509_STORE_CTX_new.html|h
Returns a newly initialized X509_STORE structure.
-my $rv = Net::SSLeay::X509_STORE_new();
-#
-# returns: value corresponding to openssl's X509_STORE structure (0 on failure)
+ my $rv = Net::SSLeay::X509_STORE_new();
+ #
+ # returns: value corresponding to openssl's X509_STORE structure (0 on failure)
=item * X509_STORE_free
Frees an X509_STORE structure
-Net::SSLeay::X509_STORE_free($x509_store);
-# $x509_store - value corresponding to openssl's X509_STORE structure
+ Net::SSLeay::X509_STORE_free($x509_store);
+ # $x509_store - value corresponding to openssl's X509_STORE structure
=item * X509_STORE_add_lookup
Adds a lookup to an X509_STORE for a given lookup method.
-my $method = &Net::SSLeay::X509_LOOKUP_hash_dir;
-my $rv = Net::SSLeay::X509_STORE_add_lookup($x509_store, $method);
-# $method - value corresponding to openssl's X509_LOOKUP_METHOD structure
-# $x509_store - value corresponding to openssl's X509_STORE structure
-#
-# returns: value corresponding to openssl's X509_LOOKUP structure
+ my $method = &Net::SSLeay::X509_LOOKUP_hash_dir;
+ my $rv = Net::SSLeay::X509_STORE_add_lookup($x509_store, $method);
+ # $method - value corresponding to openssl's X509_LOOKUP_METHOD structure
+ # $x509_store - value corresponding to openssl's X509_STORE structure
+ #
+ # returns: value corresponding to openssl's X509_LOOKUP structure
Check openssl doc L<https://www.openssl.org/docs/man1.1.1/man3/X509_load_crl_file.html|https://www.openssl.org/docs/man1.1.1/man3/X509_load_crl_file.html>
@@ -7705,9 +7737,9 @@ Returns an X509_LOOKUP structure that instructs an X509_STORE to
load files from a directory containing certificates with filenames
in the format I<hash.N> or crls with filenames in the format I<hash.>B<r>I<N>
-my $rv = Net::SSLeay::X509_LOOKUP_hash_dir();
-#
-# returns: value corresponding to openssl's X509_LOOKUP_METHOD structure, with the hashed directory method
+ my $rv = Net::SSLeay::X509_LOOKUP_hash_dir();
+ #
+ # returns: value corresponding to openssl's X509_LOOKUP_METHOD structure, with the hashed directory method
Check openssl doc L<https://www.openssl.org/docs/man1.1.1/man3/X509_load_crl_file.html|https://www.openssl.org/docs/man1.1.1/man3/X509_load_crl_file.html>
@@ -7716,13 +7748,13 @@ Check openssl doc L<https://www.openssl.org/docs/man1.1.1/man3/X509_load_crl_fil
Add a directory to an X509_LOOKUP structure, usually obtained from
X509_STORE_add_lookup.
-my $method = &Net::SSLeay::X509_LOOKUP_hash_dir;
-my $lookup = Net::SSLeay::X509_STORE_add_lookup($x509_store, $method);
-my $type = &Net::SSLeay::X509_FILETYPE_PEM;
-Net::SSLeay::X509_LOOKUP_add_dir($lookup, $dir, $type);
-# $lookup - value corresponding to openssl's X509_LOOKUP structure
-# $dir - string path to a directory
-s# $type - constant corresponding to the type of file in the directory - can be X509_FILETYPE_PEM, X509_FILETYPE_DEFAULT, or X509_FILETYPE_ASN1
+ my $method = &Net::SSLeay::X509_LOOKUP_hash_dir;
+ my $lookup = Net::SSLeay::X509_STORE_add_lookup($x509_store, $method);
+ my $type = &Net::SSLeay::X509_FILETYPE_PEM;
+ Net::SSLeay::X509_LOOKUP_add_dir($lookup, $dir, $type);
+ # $lookup - value corresponding to openssl's X509_LOOKUP structure
+ # $dir - string path to a directory
+ # $type - constant corresponding to the type of file in the directory - can be X509_FILETYPE_PEM, X509_FILETYPE_DEFAULT, or X509_FILETYPE_ASN1
=item * X509_STORE_set_flags
@@ -8525,9 +8557,10 @@ Check openssl doc L<http://www.openssl.org/docs/crypto/RSA_new.html|http://www.o
Returns a list of pointers to BIGNUMs representing the parameters of the key in
this order:
(n, e, d, p, q, dmp1, dmq1, iqmp)
+
Caution: returned list consists of SV pointers to BIGNUMs, which would need to be blessed as Crypt::OpenSSL::Bignum for further use
-my (@params) = RSA_get_key_parameters($r);
+ my (@params) = RSA_get_key_parameters($r);
=back
@@ -9128,7 +9161,7 @@ broader binary compatibility, e.g. make application work with both 1.0.2
and prior version (in which case call to SSL_ctrl with new code
returning error would have to be ignored when running with prior version).
-Net::SSLeay::get_tlsa_record_byname($name, $port, $type);
+ Net::SSLeay::get_tlsa_record_byname($name, $port, $type);
=back
@@ -9244,6 +9277,129 @@ These functions are only available since OpenSSL 1.1.1.
=back
+=head3 Low level API: OSSL_LIB_CTX and OSSL_PROVIDER related functions
+
+=over
+
+=item * OSSL_LIB_CTX_get0_global_default
+
+Returns a concrete (non NULL) reference to the global default library context.
+
+ my $libctx = Net::SSLeay::OSSL_LIB_CTX_get0_global_default();
+ # returns: a value corresponding to OSSL_LIB_CTX structure or false on failure
+
+Typically it's simpler to use undef with functions that take an
+OSSL_LIB_CTX argument when global default library context is needed.
+
+Check openssl doc L<https://www.openssl.org/docs/manmaster/man3/OSSL_LIB_CTX_get0_global_default.html|https://www.openssl.org/docs/manmaster/man3/OSSL_LIB_CTX_get0_global_default.html>
+
+=item * OSSL_PROVIDER_load
+
+Loads and initializes a provider
+
+ my $provider = Net::SSLeay::OSSL_PROVIDER_load($libctx, $name);
+ # $libctx - value corresponding to OSSL_LIB_CTX structure or undef
+ # $name - (string) provider name, e.g., 'legacy'
+ #
+ # returns: a value corresponding to OSSL_PROVIDER or false on failure
+
+Using undef loads the provider within the global default library context.
+
+ my $provider = Net::SSLeay::OSSL_PROVIDER_load(undef, 'legacy');
+
+Check openssl doc L<https://www.openssl.org/docs/manmaster/man3/OSSL_PROVIDER_load.html|https://www.openssl.org/docs/manmaster/man3/OSSL_PROVIDER_load.html>
+
+=item * OSSL_PROVIDER_try_load
+
+Loads and initializes a provider similar to OSSL_PROVIDER_load with additional fallback control.
+
+ my $provider = Net::SSLeay::OSSL_PROVIDER_try_load($libctx, $name, $retain_fallbacks);
+ # $libctx - value corresponding to OSSL_LIB_CTX structure or undef
+ # $name - (string) provider name, e.g., 'legacy'
+ # $retain_fallbacks - (integer) 0 or 1
+ #
+ # returns: a value corresponding to OSSL_PROVIDER or false on failure
+
+Check openssl doc L<https://www.openssl.org/docs/manmaster/man3/OSSL_PROVIDER_try_load.html|https://www.openssl.org/docs/manmaster/man3/OSSL_PROVIDER_try_load.html>
+
+=item * OSSL_PROVIDER_unload
+
+Unloads the given provider.
+
+ my $rv = Net::SSLeay::OSSL_PROVIDER_unload($provider);
+ # $provider - a value corresponding to OSSL_PROVIDER
+ #
+ # returns: (integer) 1 on success, 0 on error
+
+Check openssl doc L<https://www.openssl.org/docs/manmaster/man3/OSSL_PROVIDER_unload.html|https://www.openssl.org/docs/manmaster/man3/OSSL_PROVIDER_unload.html>
+
+=item * OSSL_PROVIDER_available
+
+Checks if a named provider is available for use.
+
+ my $rv = Net::SSLeay::OSSL_PROVIDER_available($libctx, $name);
+ # $libctx - value corresponding to OSSL_LIB_CTX structure or undef
+ # $name - (string) provider name, e.g., 'legacy'
+ #
+ # returns: (integer) 1 if the named provider is available, otherwise 0.
+
+Check openssl doc L<https://www.openssl.org/docs/manmaster/man3/OSSL_PROVIDER_available.html|https://www.openssl.org/docs/manmaster/man3/OSSL_PROVIDER_available.html>
+
+=item * OSSL_PROVIDER_do_all
+
+Iterates over all loaded providers. A callback is called for each provider.
+
+ my $rv = Net::SSLeay::OSSL_PROVIDER_do_all($libctx, $cb, $cbdata);
+ # $libctx - value corresponding to OSSL_LIB_CTX structure or undef
+ # $cb - reference to a perl callback function
+ $ $cbdata - data that will be passed to callback function
+ #
+ # returns: (integer) 1 if all callbacks returned 1, 0 the first time a callback returns 0.
+
+Example:
+
+ sub do_all_cb {
+ my ($provider, $cbdata) = @_;
+
+ my $name = Net::SSLeay::OSSL_PROVIDER_get0_name($provider);
+ print "Callback for provider: '$name', cbdata: '$cbdata'\n";
+ return 1;
+ }
+ my $data_for_cb = 'Hello';
+
+ # Triggers default provider automatic loading.
+ Net::SSLeay::OSSL_PROVIDER_available(undef, 'default') || die 'default provider not available';
+ Net::SSLeay::OSSL_PROVIDER_load(undef, 'legacy') || die 'load legacy';
+ Net::SSLeay::OSSL_PROVIDER_load(undef, 'null') || die 'load null';
+ Net::SSLeay::OSSL_PROVIDER_do_all(undef, \&do_all_cb, $data_for_cb) || die 'a callback failed';
+
+Check openssl doc L<https://www.openssl.org/docs/manmaster/man3/OSSL_PROVIDER_do_all.html|https://www.openssl.org/docs/manmaster/man3/OSSL_PROVIDER_do_all.html>
+
+=item * OSSL_PROVIDER_get0_name
+
+Returns the name of the given provider.
+
+ my $name = Net::SSLeay::OSSL_PROVIDER_get0_name($provider);
+ # $provider - a value corresponding to OSSL_PROVIDER
+ #
+ # returns: (string) provider name, e.g., 'legacy'
+
+Check openssl doc L<https://www.openssl.org/docs/manmaster/man3/OSSL_PROVIDER_get0_name.html|https://www.openssl.org/docs/manmaster/man3/OSSL_PROVIDER_get0_name.html>
+
+=item * OSSL_PROVIDER_self_test
+
+Runs the provider's self tests.
+
+ my $rv = Net::SSLeay::OSSL_PROVIDER_self_test($provider);
+ # $libctx - value corresponding to OSSL_LIB_CTX structure or undef
+ # $provider - a value corresponding to OSSL_PROVIDER
+ #
+ # returns: (integer) returns 1 if the self tests pass, 0 on error
+
+Check openssl doc L<https://www.openssl.org/docs/manmaster/man3/OSSL_PROVIDER_self_test.html|https://www.openssl.org/docs/manmaster/man3/OSSL_PROVIDER_self_test.html>
+
+=back
+
=head2 Constants
There are many openssl constants available in L<Net::SSLeay>. You can use them like this:
@@ -9269,190 +9425,191 @@ The list of all available constant names:
=for comment the next part is the output of: perl helper_script/regen_openssl_constants.pl -gen-pod
- ASN1_STRFLGS_ESC_CTRL NID_netscape R_UNKNOWN_REMOTE_ERROR_TYPE
- ASN1_STRFLGS_ESC_MSB NID_netscape_base_url R_UNKNOWN_STATE
- ASN1_STRFLGS_ESC_QUOTE NID_netscape_ca_policy_url R_X509_LIB
- ASN1_STRFLGS_RFC2253 NID_netscape_ca_revocation_url SENT_SHUTDOWN
- CB_ACCEPT_EXIT NID_netscape_cert_extension SESSION_ASN1_VERSION
- CB_ACCEPT_LOOP NID_netscape_cert_sequence SESS_CACHE_BOTH
- CB_ALERT NID_netscape_cert_type SESS_CACHE_CLIENT
- CB_CONNECT_EXIT NID_netscape_comment SESS_CACHE_NO_AUTO_CLEAR
- CB_CONNECT_LOOP NID_netscape_data_type SESS_CACHE_NO_INTERNAL
- CB_EXIT NID_netscape_renewal_url SESS_CACHE_NO_INTERNAL_LOOKUP
- CB_HANDSHAKE_DONE NID_netscape_revocation_url SESS_CACHE_NO_INTERNAL_STORE
- CB_HANDSHAKE_START NID_netscape_ssl_server_name SESS_CACHE_OFF
- CB_LOOP NID_ns_sgc SESS_CACHE_SERVER
- CB_READ NID_organizationName SSL3_VERSION
- CB_READ_ALERT NID_organizationalUnitName SSLEAY_BUILT_ON
- CB_WRITE NID_pbeWithMD2AndDES_CBC SSLEAY_CFLAGS
- CB_WRITE_ALERT NID_pbeWithMD2AndRC2_CBC SSLEAY_DIR
- ERROR_NONE NID_pbeWithMD5AndCast5_CBC SSLEAY_PLATFORM
- ERROR_SSL NID_pbeWithMD5AndDES_CBC SSLEAY_VERSION
- ERROR_SYSCALL NID_pbeWithMD5AndRC2_CBC ST_ACCEPT
- ERROR_WANT_ACCEPT NID_pbeWithSHA1AndDES_CBC ST_BEFORE
- ERROR_WANT_CONNECT NID_pbeWithSHA1AndRC2_CBC ST_CONNECT
- ERROR_WANT_READ NID_pbe_WithSHA1And128BitRC2_CBC ST_INIT
- ERROR_WANT_WRITE NID_pbe_WithSHA1And128BitRC4 ST_OK
- ERROR_WANT_X509_LOOKUP NID_pbe_WithSHA1And2_Key_TripleDES_CBC ST_READ_BODY
- ERROR_ZERO_RETURN NID_pbe_WithSHA1And3_Key_TripleDES_CBC ST_READ_HEADER
- EVP_PKS_DSA NID_pbe_WithSHA1And40BitRC2_CBC TLS1_1_VERSION
- EVP_PKS_EC NID_pbe_WithSHA1And40BitRC4 TLS1_2_VERSION
- EVP_PKS_RSA NID_pbes2 TLS1_3_VERSION
- EVP_PKT_ENC NID_pbmac1 TLS1_VERSION
- EVP_PKT_EXCH NID_pkcs TLSEXT_STATUSTYPE_ocsp
- EVP_PKT_EXP NID_pkcs3 VERIFY_CLIENT_ONCE
- EVP_PKT_SIGN NID_pkcs7 VERIFY_FAIL_IF_NO_PEER_CERT
- EVP_PK_DH NID_pkcs7_data VERIFY_NONE
- EVP_PK_DSA NID_pkcs7_digest VERIFY_PEER
- EVP_PK_EC NID_pkcs7_encrypted VERIFY_POST_HANDSHAKE
- EVP_PK_RSA NID_pkcs7_enveloped V_OCSP_CERTSTATUS_GOOD
- FILETYPE_ASN1 NID_pkcs7_signed V_OCSP_CERTSTATUS_REVOKED
- FILETYPE_PEM NID_pkcs7_signedAndEnveloped V_OCSP_CERTSTATUS_UNKNOWN
- F_CLIENT_CERTIFICATE NID_pkcs8ShroudedKeyBag WRITING
- F_CLIENT_HELLO NID_pkcs9 X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT
- F_CLIENT_MASTER_KEY NID_pkcs9_challengePassword X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS
- F_D2I_SSL_SESSION NID_pkcs9_contentType X509_CHECK_FLAG_NEVER_CHECK_SUBJECT
- F_GET_CLIENT_FINISHED NID_pkcs9_countersignature X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS
- F_GET_CLIENT_HELLO NID_pkcs9_emailAddress X509_CHECK_FLAG_NO_WILDCARDS
- F_GET_CLIENT_MASTER_KEY NID_pkcs9_extCertAttributes X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS
- F_GET_SERVER_FINISHED NID_pkcs9_messageDigest X509_FILETYPE_ASN1
- F_GET_SERVER_HELLO NID_pkcs9_signingTime X509_FILETYPE_DEFAULT
- F_GET_SERVER_VERIFY NID_pkcs9_unstructuredAddress X509_FILETYPE_PEM
- F_I2D_SSL_SESSION NID_pkcs9_unstructuredName X509_LOOKUP
- F_READ_N NID_private_key_usage_period X509_PURPOSE_ANY
- F_REQUEST_CERTIFICATE NID_rc2_40_cbc X509_PURPOSE_CRL_SIGN
- F_SERVER_HELLO NID_rc2_64_cbc X509_PURPOSE_NS_SSL_SERVER
- F_SSL_CERT_NEW NID_rc2_cbc X509_PURPOSE_OCSP_HELPER
- F_SSL_GET_NEW_SESSION NID_rc2_cfb64 X509_PURPOSE_SMIME_ENCRYPT
- F_SSL_NEW NID_rc2_ecb X509_PURPOSE_SMIME_SIGN
- F_SSL_READ NID_rc2_ofb64 X509_PURPOSE_SSL_CLIENT
- F_SSL_RSA_PRIVATE_DECRYPT NID_rc4 X509_PURPOSE_SSL_SERVER
- F_SSL_RSA_PUBLIC_ENCRYPT NID_rc4_40 X509_PURPOSE_TIMESTAMP_SIGN
- F_SSL_SESSION_NEW NID_rc5_cbc X509_TRUST_COMPAT
- F_SSL_SESSION_PRINT_FP NID_rc5_cfb64 X509_TRUST_EMAIL
- F_SSL_SET_FD NID_rc5_ecb X509_TRUST_OBJECT_SIGN
- F_SSL_SET_RFD NID_rc5_ofb64 X509_TRUST_OCSP_REQUEST
- F_SSL_SET_WFD NID_ripemd160 X509_TRUST_OCSP_SIGN
- F_SSL_USE_CERTIFICATE NID_ripemd160WithRSA X509_TRUST_SSL_CLIENT
- F_SSL_USE_CERTIFICATE_ASN1 NID_rle_compression X509_TRUST_SSL_SERVER
- F_SSL_USE_CERTIFICATE_FILE NID_rsa X509_TRUST_TSA
- F_SSL_USE_PRIVATEKEY NID_rsaEncryption X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH
- F_SSL_USE_PRIVATEKEY_ASN1 NID_rsadsi X509_V_ERR_AKID_SKID_MISMATCH
- F_SSL_USE_PRIVATEKEY_FILE NID_safeContentsBag X509_V_ERR_APPLICATION_VERIFICATION
- F_SSL_USE_RSAPRIVATEKEY NID_sdsiCertificate X509_V_ERR_CA_KEY_TOO_SMALL
- F_SSL_USE_RSAPRIVATEKEY_ASN1 NID_secretBag X509_V_ERR_CA_MD_TOO_WEAK
- F_SSL_USE_RSAPRIVATEKEY_FILE NID_serialNumber X509_V_ERR_CERT_CHAIN_TOO_LONG
- F_WRITE_PENDING NID_server_auth X509_V_ERR_CERT_HAS_EXPIRED
- GEN_DIRNAME NID_sha X509_V_ERR_CERT_NOT_YET_VALID
- GEN_DNS NID_sha1 X509_V_ERR_CERT_REJECTED
- GEN_EDIPARTY NID_sha1WithRSA X509_V_ERR_CERT_REVOKED
- GEN_EMAIL NID_sha1WithRSAEncryption X509_V_ERR_CERT_SIGNATURE_FAILURE
- GEN_IPADD NID_shaWithRSAEncryption X509_V_ERR_CERT_UNTRUSTED
- GEN_OTHERNAME NID_stateOrProvinceName X509_V_ERR_CRL_HAS_EXPIRED
- GEN_RID NID_subject_alt_name X509_V_ERR_CRL_NOT_YET_VALID
- GEN_URI NID_subject_key_identifier X509_V_ERR_CRL_PATH_VALIDATION_ERROR
- GEN_X400 NID_surname X509_V_ERR_CRL_SIGNATURE_FAILURE
- LIBRESSL_VERSION_NUMBER NID_sxnet X509_V_ERR_DANE_NO_MATCH
- MBSTRING_ASC NID_time_stamp X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
- MBSTRING_BMP NID_title X509_V_ERR_DIFFERENT_CRL_SCOPE
- MBSTRING_FLAG NID_undef X509_V_ERR_EE_KEY_TOO_SMALL
- MBSTRING_UNIV NID_uniqueIdentifier X509_V_ERR_EMAIL_MISMATCH
- MBSTRING_UTF8 NID_x509Certificate X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD
- MIN_RSA_MODULUS_LENGTH_IN_BYTES NID_x509Crl X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD
- MODE_ACCEPT_MOVING_WRITE_BUFFER NID_zlib_compression X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD
- MODE_AUTO_RETRY NOTHING X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD
- MODE_ENABLE_PARTIAL_WRITE OCSP_RESPONSE_STATUS_INTERNALERROR X509_V_ERR_EXCLUDED_VIOLATION
- MODE_RELEASE_BUFFERS OCSP_RESPONSE_STATUS_MALFORMEDREQUEST X509_V_ERR_HOSTNAME_MISMATCH
- NID_OCSP_sign OCSP_RESPONSE_STATUS_SIGREQUIRED X509_V_ERR_INVALID_CA
- NID_SMIMECapabilities OCSP_RESPONSE_STATUS_SUCCESSFUL X509_V_ERR_INVALID_CALL
- NID_X500 OCSP_RESPONSE_STATUS_TRYLATER X509_V_ERR_INVALID_EXTENSION
- NID_X509 OCSP_RESPONSE_STATUS_UNAUTHORIZED X509_V_ERR_INVALID_NON_CA
- NID_ad_OCSP OPENSSL_BUILT_ON X509_V_ERR_INVALID_POLICY_EXTENSION
- NID_ad_ca_issuers OPENSSL_CFLAGS X509_V_ERR_INVALID_PURPOSE
- NID_algorithm OPENSSL_DIR X509_V_ERR_IP_ADDRESS_MISMATCH
- NID_authority_key_identifier OPENSSL_ENGINES_DIR X509_V_ERR_KEYUSAGE_NO_CERTSIGN
- NID_basic_constraints OPENSSL_PLATFORM X509_V_ERR_KEYUSAGE_NO_CRL_SIGN
- NID_bf_cbc OPENSSL_VERSION X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE
- NID_bf_cfb64 OPENSSL_VERSION_NUMBER X509_V_ERR_NO_EXPLICIT_POLICY
- NID_bf_ecb OP_ALL X509_V_ERR_NO_VALID_SCTS
- NID_bf_ofb64 OP_ALLOW_NO_DHE_KEX X509_V_ERR_OCSP_CERT_UNKNOWN
- NID_cast5_cbc OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION X509_V_ERR_OCSP_VERIFY_FAILED
- NID_cast5_cfb64 OP_CIPHER_SERVER_PREFERENCE X509_V_ERR_OCSP_VERIFY_NEEDED
- NID_cast5_ecb OP_CISCO_ANYCONNECT X509_V_ERR_OUT_OF_MEM
- NID_cast5_ofb64 OP_COOKIE_EXCHANGE X509_V_ERR_PATH_LENGTH_EXCEEDED
- NID_certBag OP_CRYPTOPRO_TLSEXT_BUG X509_V_ERR_PATH_LOOP
- NID_certificate_policies OP_DONT_INSERT_EMPTY_FRAGMENTS X509_V_ERR_PERMITTED_VIOLATION
- NID_client_auth OP_ENABLE_MIDDLEBOX_COMPAT X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED
- NID_code_sign OP_EPHEMERAL_RSA X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED
- NID_commonName OP_LEGACY_SERVER_CONNECT X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION
- NID_countryName OP_MICROSOFT_BIG_SSLV3_BUFFER X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN
- NID_crlBag OP_MICROSOFT_SESS_ID_BUG X509_V_ERR_STORE_LOOKUP
- NID_crl_distribution_points OP_MSIE_SSLV2_RSA_PADDING X509_V_ERR_SUBJECT_ISSUER_MISMATCH
- NID_crl_number OP_NETSCAPE_CA_DN_BUG X509_V_ERR_SUBTREE_MINMAX
- NID_crl_reason OP_NETSCAPE_CHALLENGE_BUG X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256
- NID_delta_crl OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG X509_V_ERR_SUITE_B_INVALID_ALGORITHM
- NID_des_cbc OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG X509_V_ERR_SUITE_B_INVALID_CURVE
- NID_des_cfb64 OP_NON_EXPORT_FIRST X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM
- NID_des_ecb OP_NO_ANTI_REPLAY X509_V_ERR_SUITE_B_INVALID_VERSION
- NID_des_ede OP_NO_CLIENT_RENEGOTIATION X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED
- NID_des_ede3 OP_NO_COMPRESSION X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY
- NID_des_ede3_cbc OP_NO_ENCRYPT_THEN_MAC X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE
- NID_des_ede3_cfb64 OP_NO_QUERY_MTU X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE
- NID_des_ede3_ofb64 OP_NO_RENEGOTIATION X509_V_ERR_UNABLE_TO_GET_CRL
- NID_des_ede_cbc OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER
- NID_des_ede_cfb64 OP_NO_SSL_MASK X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT
- NID_des_ede_ofb64 OP_NO_SSLv2 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
- NID_des_ofb64 OP_NO_SSLv3 X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE
- NID_description OP_NO_TICKET X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION
- NID_desx_cbc OP_NO_TLSv1 X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION
- NID_dhKeyAgreement OP_NO_TLSv1_1 X509_V_ERR_UNNESTED_RESOURCE
- NID_dnQualifier OP_NO_TLSv1_2 X509_V_ERR_UNSPECIFIED
- NID_dsa OP_NO_TLSv1_3 X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX
- NID_dsaWithSHA OP_PKCS1_CHECK_1 X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE
- NID_dsaWithSHA1 OP_PKCS1_CHECK_2 X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE
- NID_dsaWithSHA1_2 OP_PRIORITIZE_CHACHA X509_V_ERR_UNSUPPORTED_NAME_SYNTAX
- NID_dsa_2 OP_SAFARI_ECDHE_ECDSA_BUG X509_V_FLAG_ALLOW_PROXY_CERTS
- NID_email_protect OP_SINGLE_DH_USE X509_V_FLAG_CB_ISSUER_CHECK
- NID_ext_key_usage OP_SINGLE_ECDH_USE X509_V_FLAG_CHECK_SS_SIGNATURE
- NID_ext_req OP_SSLEAY_080_CLIENT_DH_BUG X509_V_FLAG_CRL_CHECK
- NID_friendlyName OP_SSLREF2_REUSE_CERT_TYPE_BUG X509_V_FLAG_CRL_CHECK_ALL
- NID_givenName OP_TLSEXT_PADDING X509_V_FLAG_EXPLICIT_POLICY
- NID_hmacWithSHA1 OP_TLS_BLOCK_PADDING_BUG X509_V_FLAG_EXTENDED_CRL_SUPPORT
- NID_id_ad OP_TLS_D5_BUG X509_V_FLAG_IGNORE_CRITICAL
- NID_id_ce OP_TLS_ROLLBACK_BUG X509_V_FLAG_INHIBIT_ANY
- NID_id_kp READING X509_V_FLAG_INHIBIT_MAP
- NID_id_pbkdf2 RECEIVED_SHUTDOWN X509_V_FLAG_NOTIFY_POLICY
- NID_id_pe RSA_3 X509_V_FLAG_NO_ALT_CHAINS
- NID_id_pkix RSA_F4 X509_V_FLAG_NO_CHECK_TIME
- NID_id_qt_cps R_BAD_AUTHENTICATION_TYPE X509_V_FLAG_PARTIAL_CHAIN
- NID_id_qt_unotice R_BAD_CHECKSUM X509_V_FLAG_POLICY_CHECK
- NID_idea_cbc R_BAD_MAC_DECODE X509_V_FLAG_POLICY_MASK
- NID_idea_cfb64 R_BAD_RESPONSE_ARGUMENT X509_V_FLAG_SUITEB_128_LOS
- NID_idea_ecb R_BAD_SSL_FILETYPE X509_V_FLAG_SUITEB_128_LOS_ONLY
- NID_idea_ofb64 R_BAD_SSL_SESSION_ID_LENGTH X509_V_FLAG_SUITEB_192_LOS
- NID_info_access R_BAD_STATE X509_V_FLAG_TRUSTED_FIRST
- NID_initials R_BAD_WRITE_RETRY X509_V_FLAG_USE_CHECK_TIME
- NID_invalidity_date R_CHALLENGE_IS_DIFFERENT X509_V_FLAG_USE_DELTAS
- NID_issuer_alt_name R_CIPHER_TABLE_SRC_ERROR X509_V_FLAG_X509_STRICT
- NID_keyBag R_INVALID_CHALLENGE_LENGTH X509_V_OK
- NID_key_usage R_NO_CERTIFICATE_SET XN_FLAG_COMPAT
- NID_localKeyID R_NO_CERTIFICATE_SPECIFIED XN_FLAG_DN_REV
- NID_localityName R_NO_CIPHER_LIST XN_FLAG_DUMP_UNKNOWN_FIELDS
- NID_md2 R_NO_CIPHER_MATCH XN_FLAG_FN_ALIGN
- NID_md2WithRSAEncryption R_NO_PRIVATEKEY XN_FLAG_FN_LN
- NID_md5 R_NO_PUBLICKEY XN_FLAG_FN_MASK
- NID_md5WithRSA R_NULL_SSL_CTX XN_FLAG_FN_NONE
- NID_md5WithRSAEncryption R_PEER_DID_NOT_RETURN_A_CERTIFICATE XN_FLAG_FN_OID
- NID_md5_sha1 R_PEER_ERROR XN_FLAG_FN_SN
- NID_mdc2 R_PEER_ERROR_CERTIFICATE XN_FLAG_MULTILINE
- NID_mdc2WithRSA R_PEER_ERROR_NO_CIPHER XN_FLAG_ONELINE
- NID_ms_code_com R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE XN_FLAG_RFC2253
- NID_ms_code_ind R_PUBLIC_KEY_ENCRYPT_ERROR XN_FLAG_SEP_COMMA_PLUS
- NID_ms_ctl_sign R_PUBLIC_KEY_IS_NOT_RSA XN_FLAG_SEP_CPLUS_SPC
- NID_ms_efs R_READ_WRONG_PACKET_TYPE XN_FLAG_SEP_MASK
- NID_ms_ext_req R_SHORT_READ XN_FLAG_SEP_MULTILINE
- NID_ms_sgc R_SSL_SESSION_ID_IS_DIFFERENT XN_FLAG_SEP_SPLUS_SPC
- NID_name R_UNABLE_TO_EXTRACT_PUBLIC_KEY XN_FLAG_SPC_EQ
+ ASN1_STRFLGS_ESC_CTRL NID_netscape_base_url R_X509_LIB
+ ASN1_STRFLGS_ESC_MSB NID_netscape_ca_policy_url SENT_SHUTDOWN
+ ASN1_STRFLGS_ESC_QUOTE NID_netscape_ca_revocation_url SESSION_ASN1_VERSION
+ ASN1_STRFLGS_RFC2253 NID_netscape_cert_extension SESS_CACHE_BOTH
+ CB_ACCEPT_EXIT NID_netscape_cert_sequence SESS_CACHE_CLIENT
+ CB_ACCEPT_LOOP NID_netscape_cert_type SESS_CACHE_NO_AUTO_CLEAR
+ CB_ALERT NID_netscape_comment SESS_CACHE_NO_INTERNAL
+ CB_CONNECT_EXIT NID_netscape_data_type SESS_CACHE_NO_INTERNAL_LOOKUP
+ CB_CONNECT_LOOP NID_netscape_renewal_url SESS_CACHE_NO_INTERNAL_STORE
+ CB_EXIT NID_netscape_revocation_url SESS_CACHE_OFF
+ CB_HANDSHAKE_DONE NID_netscape_ssl_server_name SESS_CACHE_SERVER
+ CB_HANDSHAKE_START NID_ns_sgc SSL3_VERSION
+ CB_LOOP NID_organizationName SSLEAY_BUILT_ON
+ CB_READ NID_organizationalUnitName SSLEAY_CFLAGS
+ CB_READ_ALERT NID_pbeWithMD2AndDES_CBC SSLEAY_DIR
+ CB_WRITE NID_pbeWithMD2AndRC2_CBC SSLEAY_PLATFORM
+ CB_WRITE_ALERT NID_pbeWithMD5AndCast5_CBC SSLEAY_VERSION
+ ERROR_NONE NID_pbeWithMD5AndDES_CBC ST_ACCEPT
+ ERROR_SSL NID_pbeWithMD5AndRC2_CBC ST_BEFORE
+ ERROR_SYSCALL NID_pbeWithSHA1AndDES_CBC ST_CONNECT
+ ERROR_WANT_ACCEPT NID_pbeWithSHA1AndRC2_CBC ST_INIT
+ ERROR_WANT_CONNECT NID_pbe_WithSHA1And128BitRC2_CBC ST_OK
+ ERROR_WANT_READ NID_pbe_WithSHA1And128BitRC4 ST_READ_BODY
+ ERROR_WANT_WRITE NID_pbe_WithSHA1And2_Key_TripleDES_CBC ST_READ_HEADER
+ ERROR_WANT_X509_LOOKUP NID_pbe_WithSHA1And3_Key_TripleDES_CBC TLS1_1_VERSION
+ ERROR_ZERO_RETURN NID_pbe_WithSHA1And40BitRC2_CBC TLS1_2_VERSION
+ EVP_PKS_DSA NID_pbe_WithSHA1And40BitRC4 TLS1_3_VERSION
+ EVP_PKS_EC NID_pbes2 TLS1_VERSION
+ EVP_PKS_RSA NID_pbmac1 TLSEXT_STATUSTYPE_ocsp
+ EVP_PKT_ENC NID_pkcs VERIFY_CLIENT_ONCE
+ EVP_PKT_EXCH NID_pkcs3 VERIFY_FAIL_IF_NO_PEER_CERT
+ EVP_PKT_EXP NID_pkcs7 VERIFY_NONE
+ EVP_PKT_SIGN NID_pkcs7_data VERIFY_PEER
+ EVP_PK_DH NID_pkcs7_digest VERIFY_POST_HANDSHAKE
+ EVP_PK_DSA NID_pkcs7_encrypted V_OCSP_CERTSTATUS_GOOD
+ EVP_PK_EC NID_pkcs7_enveloped V_OCSP_CERTSTATUS_REVOKED
+ EVP_PK_RSA NID_pkcs7_signed V_OCSP_CERTSTATUS_UNKNOWN
+ FILETYPE_ASN1 NID_pkcs7_signedAndEnveloped WRITING
+ FILETYPE_PEM NID_pkcs8ShroudedKeyBag X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT
+ F_CLIENT_CERTIFICATE NID_pkcs9 X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS
+ F_CLIENT_HELLO NID_pkcs9_challengePassword X509_CHECK_FLAG_NEVER_CHECK_SUBJECT
+ F_CLIENT_MASTER_KEY NID_pkcs9_contentType X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS
+ F_D2I_SSL_SESSION NID_pkcs9_countersignature X509_CHECK_FLAG_NO_WILDCARDS
+ F_GET_CLIENT_FINISHED NID_pkcs9_emailAddress X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS
+ F_GET_CLIENT_HELLO NID_pkcs9_extCertAttributes X509_FILETYPE_ASN1
+ F_GET_CLIENT_MASTER_KEY NID_pkcs9_messageDigest X509_FILETYPE_DEFAULT
+ F_GET_SERVER_FINISHED NID_pkcs9_signingTime X509_FILETYPE_PEM
+ F_GET_SERVER_HELLO NID_pkcs9_unstructuredAddress X509_LOOKUP
+ F_GET_SERVER_VERIFY NID_pkcs9_unstructuredName X509_PURPOSE_ANY
+ F_I2D_SSL_SESSION NID_private_key_usage_period X509_PURPOSE_CRL_SIGN
+ F_READ_N NID_rc2_40_cbc X509_PURPOSE_NS_SSL_SERVER
+ F_REQUEST_CERTIFICATE NID_rc2_64_cbc X509_PURPOSE_OCSP_HELPER
+ F_SERVER_HELLO NID_rc2_cbc X509_PURPOSE_SMIME_ENCRYPT
+ F_SSL_CERT_NEW NID_rc2_cfb64 X509_PURPOSE_SMIME_SIGN
+ F_SSL_GET_NEW_SESSION NID_rc2_ecb X509_PURPOSE_SSL_CLIENT
+ F_SSL_NEW NID_rc2_ofb64 X509_PURPOSE_SSL_SERVER
+ F_SSL_READ NID_rc4 X509_PURPOSE_TIMESTAMP_SIGN
+ F_SSL_RSA_PRIVATE_DECRYPT NID_rc4_40 X509_TRUST_COMPAT
+ F_SSL_RSA_PUBLIC_ENCRYPT NID_rc5_cbc X509_TRUST_EMAIL
+ F_SSL_SESSION_NEW NID_rc5_cfb64 X509_TRUST_OBJECT_SIGN
+ F_SSL_SESSION_PRINT_FP NID_rc5_ecb X509_TRUST_OCSP_REQUEST
+ F_SSL_SET_FD NID_rc5_ofb64 X509_TRUST_OCSP_SIGN
+ F_SSL_SET_RFD NID_ripemd160 X509_TRUST_SSL_CLIENT
+ F_SSL_SET_WFD NID_ripemd160WithRSA X509_TRUST_SSL_SERVER
+ F_SSL_USE_CERTIFICATE NID_rle_compression X509_TRUST_TSA
+ F_SSL_USE_CERTIFICATE_ASN1 NID_rsa X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH
+ F_SSL_USE_CERTIFICATE_FILE NID_rsaEncryption X509_V_ERR_AKID_SKID_MISMATCH
+ F_SSL_USE_PRIVATEKEY NID_rsadsi X509_V_ERR_APPLICATION_VERIFICATION
+ F_SSL_USE_PRIVATEKEY_ASN1 NID_safeContentsBag X509_V_ERR_CA_KEY_TOO_SMALL
+ F_SSL_USE_PRIVATEKEY_FILE NID_sdsiCertificate X509_V_ERR_CA_MD_TOO_WEAK
+ F_SSL_USE_RSAPRIVATEKEY NID_secretBag X509_V_ERR_CERT_CHAIN_TOO_LONG
+ F_SSL_USE_RSAPRIVATEKEY_ASN1 NID_serialNumber X509_V_ERR_CERT_HAS_EXPIRED
+ F_SSL_USE_RSAPRIVATEKEY_FILE NID_server_auth X509_V_ERR_CERT_NOT_YET_VALID
+ F_WRITE_PENDING NID_sha X509_V_ERR_CERT_REJECTED
+ GEN_DIRNAME NID_sha1 X509_V_ERR_CERT_REVOKED
+ GEN_DNS NID_sha1WithRSA X509_V_ERR_CERT_SIGNATURE_FAILURE
+ GEN_EDIPARTY NID_sha1WithRSAEncryption X509_V_ERR_CERT_UNTRUSTED
+ GEN_EMAIL NID_shaWithRSAEncryption X509_V_ERR_CRL_HAS_EXPIRED
+ GEN_IPADD NID_stateOrProvinceName X509_V_ERR_CRL_NOT_YET_VALID
+ GEN_OTHERNAME NID_subject_alt_name X509_V_ERR_CRL_PATH_VALIDATION_ERROR
+ GEN_RID NID_subject_key_identifier X509_V_ERR_CRL_SIGNATURE_FAILURE
+ GEN_URI NID_surname X509_V_ERR_DANE_NO_MATCH
+ GEN_X400 NID_sxnet X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
+ LIBRESSL_VERSION_NUMBER NID_time_stamp X509_V_ERR_DIFFERENT_CRL_SCOPE
+ MBSTRING_ASC NID_title X509_V_ERR_EE_KEY_TOO_SMALL
+ MBSTRING_BMP NID_undef X509_V_ERR_EMAIL_MISMATCH
+ MBSTRING_FLAG NID_uniqueIdentifier X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD
+ MBSTRING_UNIV NID_x509Certificate X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD
+ MBSTRING_UTF8 NID_x509Crl X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD
+ MIN_RSA_MODULUS_LENGTH_IN_BYTES NID_zlib_compression X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD
+ MODE_ACCEPT_MOVING_WRITE_BUFFER NOTHING X509_V_ERR_EXCLUDED_VIOLATION
+ MODE_AUTO_RETRY OCSP_RESPONSE_STATUS_INTERNALERROR X509_V_ERR_HOSTNAME_MISMATCH
+ MODE_ENABLE_PARTIAL_WRITE OCSP_RESPONSE_STATUS_MALFORMEDREQUEST X509_V_ERR_INVALID_CA
+ MODE_RELEASE_BUFFERS OCSP_RESPONSE_STATUS_SIGREQUIRED X509_V_ERR_INVALID_CALL
+ NID_OCSP_sign OCSP_RESPONSE_STATUS_SUCCESSFUL X509_V_ERR_INVALID_EXTENSION
+ NID_SMIMECapabilities OCSP_RESPONSE_STATUS_TRYLATER X509_V_ERR_INVALID_NON_CA
+ NID_X500 OCSP_RESPONSE_STATUS_UNAUTHORIZED X509_V_ERR_INVALID_POLICY_EXTENSION
+ NID_X509 OPENSSL_BUILT_ON X509_V_ERR_INVALID_PURPOSE
+ NID_ad_OCSP OPENSSL_CFLAGS X509_V_ERR_IP_ADDRESS_MISMATCH
+ NID_ad_ca_issuers OPENSSL_DIR X509_V_ERR_KEYUSAGE_NO_CERTSIGN
+ NID_algorithm OPENSSL_ENGINES_DIR X509_V_ERR_KEYUSAGE_NO_CRL_SIGN
+ NID_authority_key_identifier OPENSSL_PLATFORM X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE
+ NID_basic_constraints OPENSSL_VERSION X509_V_ERR_NO_EXPLICIT_POLICY
+ NID_bf_cbc OPENSSL_VERSION_NUMBER X509_V_ERR_NO_VALID_SCTS
+ NID_bf_cfb64 OP_ALL X509_V_ERR_OCSP_CERT_UNKNOWN
+ NID_bf_ecb OP_ALLOW_NO_DHE_KEX X509_V_ERR_OCSP_VERIFY_FAILED
+ NID_bf_ofb64 OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION X509_V_ERR_OCSP_VERIFY_NEEDED
+ NID_cast5_cbc OP_CIPHER_SERVER_PREFERENCE X509_V_ERR_OUT_OF_MEM
+ NID_cast5_cfb64 OP_CISCO_ANYCONNECT X509_V_ERR_PATH_LENGTH_EXCEEDED
+ NID_cast5_ecb OP_COOKIE_EXCHANGE X509_V_ERR_PATH_LOOP
+ NID_cast5_ofb64 OP_CRYPTOPRO_TLSEXT_BUG X509_V_ERR_PERMITTED_VIOLATION
+ NID_certBag OP_DONT_INSERT_EMPTY_FRAGMENTS X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED
+ NID_certificate_policies OP_ENABLE_MIDDLEBOX_COMPAT X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED
+ NID_client_auth OP_EPHEMERAL_RSA X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION
+ NID_code_sign OP_LEGACY_SERVER_CONNECT X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN
+ NID_commonName OP_MICROSOFT_BIG_SSLV3_BUFFER X509_V_ERR_STORE_LOOKUP
+ NID_countryName OP_MICROSOFT_SESS_ID_BUG X509_V_ERR_SUBJECT_ISSUER_MISMATCH
+ NID_crlBag OP_MSIE_SSLV2_RSA_PADDING X509_V_ERR_SUBTREE_MINMAX
+ NID_crl_distribution_points OP_NETSCAPE_CA_DN_BUG X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256
+ NID_crl_number OP_NETSCAPE_CHALLENGE_BUG X509_V_ERR_SUITE_B_INVALID_ALGORITHM
+ NID_crl_reason OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG X509_V_ERR_SUITE_B_INVALID_CURVE
+ NID_delta_crl OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM
+ NID_des_cbc OP_NON_EXPORT_FIRST X509_V_ERR_SUITE_B_INVALID_VERSION
+ NID_des_cfb64 OP_NO_ANTI_REPLAY X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED
+ NID_des_ecb OP_NO_CLIENT_RENEGOTIATION X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY
+ NID_des_ede OP_NO_COMPRESSION X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE
+ NID_des_ede3 OP_NO_ENCRYPT_THEN_MAC X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE
+ NID_des_ede3_cbc OP_NO_QUERY_MTU X509_V_ERR_UNABLE_TO_GET_CRL
+ NID_des_ede3_cfb64 OP_NO_RENEGOTIATION X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER
+ NID_des_ede3_ofb64 OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT
+ NID_des_ede_cbc OP_NO_SSL_MASK X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
+ NID_des_ede_cfb64 OP_NO_SSLv2 X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE
+ NID_des_ede_ofb64 OP_NO_SSLv3 X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION
+ NID_des_ofb64 OP_NO_TICKET X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION
+ NID_description OP_NO_TLSv1 X509_V_ERR_UNNESTED_RESOURCE
+ NID_desx_cbc OP_NO_TLSv1_1 X509_V_ERR_UNSPECIFIED
+ NID_dhKeyAgreement OP_NO_TLSv1_2 X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX
+ NID_dnQualifier OP_NO_TLSv1_3 X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE
+ NID_dsa OP_PKCS1_CHECK_1 X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE
+ NID_dsaWithSHA OP_PKCS1_CHECK_2 X509_V_ERR_UNSUPPORTED_NAME_SYNTAX
+ NID_dsaWithSHA1 OP_PRIORITIZE_CHACHA X509_V_FLAG_ALLOW_PROXY_CERTS
+ NID_dsaWithSHA1_2 OP_SAFARI_ECDHE_ECDSA_BUG X509_V_FLAG_CB_ISSUER_CHECK
+ NID_dsa_2 OP_SINGLE_DH_USE X509_V_FLAG_CHECK_SS_SIGNATURE
+ NID_email_protect OP_SINGLE_ECDH_USE X509_V_FLAG_CRL_CHECK
+ NID_ext_key_usage OP_SSLEAY_080_CLIENT_DH_BUG X509_V_FLAG_CRL_CHECK_ALL
+ NID_ext_req OP_SSLREF2_REUSE_CERT_TYPE_BUG X509_V_FLAG_EXPLICIT_POLICY
+ NID_friendlyName OP_TLSEXT_PADDING X509_V_FLAG_EXTENDED_CRL_SUPPORT
+ NID_givenName OP_TLS_BLOCK_PADDING_BUG X509_V_FLAG_IGNORE_CRITICAL
+ NID_hmacWithSHA1 OP_TLS_D5_BUG X509_V_FLAG_INHIBIT_ANY
+ NID_id_ad OP_TLS_ROLLBACK_BUG X509_V_FLAG_INHIBIT_MAP
+ NID_id_ce READING X509_V_FLAG_LEGACY_VERIFY
+ NID_id_kp RECEIVED_SHUTDOWN X509_V_FLAG_NOTIFY_POLICY
+ NID_id_pbkdf2 RSA_3 X509_V_FLAG_NO_ALT_CHAINS
+ NID_id_pe RSA_F4 X509_V_FLAG_NO_CHECK_TIME
+ NID_id_pkix R_BAD_AUTHENTICATION_TYPE X509_V_FLAG_PARTIAL_CHAIN
+ NID_id_qt_cps R_BAD_CHECKSUM X509_V_FLAG_POLICY_CHECK
+ NID_id_qt_unotice R_BAD_MAC_DECODE X509_V_FLAG_POLICY_MASK
+ NID_idea_cbc R_BAD_RESPONSE_ARGUMENT X509_V_FLAG_SUITEB_128_LOS
+ NID_idea_cfb64 R_BAD_SSL_FILETYPE X509_V_FLAG_SUITEB_128_LOS_ONLY
+ NID_idea_ecb R_BAD_SSL_SESSION_ID_LENGTH X509_V_FLAG_SUITEB_192_LOS
+ NID_idea_ofb64 R_BAD_STATE X509_V_FLAG_TRUSTED_FIRST
+ NID_info_access R_BAD_WRITE_RETRY X509_V_FLAG_USE_CHECK_TIME
+ NID_initials R_CHALLENGE_IS_DIFFERENT X509_V_FLAG_USE_DELTAS
+ NID_invalidity_date R_CIPHER_TABLE_SRC_ERROR X509_V_FLAG_X509_STRICT
+ NID_issuer_alt_name R_INVALID_CHALLENGE_LENGTH X509_V_OK
+ NID_keyBag R_NO_CERTIFICATE_SET XN_FLAG_COMPAT
+ NID_key_usage R_NO_CERTIFICATE_SPECIFIED XN_FLAG_DN_REV
+ NID_localKeyID R_NO_CIPHER_LIST XN_FLAG_DUMP_UNKNOWN_FIELDS
+ NID_localityName R_NO_CIPHER_MATCH XN_FLAG_FN_ALIGN
+ NID_md2 R_NO_PRIVATEKEY XN_FLAG_FN_LN
+ NID_md2WithRSAEncryption R_NO_PUBLICKEY XN_FLAG_FN_MASK
+ NID_md5 R_NULL_SSL_CTX XN_FLAG_FN_NONE
+ NID_md5WithRSA R_PEER_DID_NOT_RETURN_A_CERTIFICATE XN_FLAG_FN_OID
+ NID_md5WithRSAEncryption R_PEER_ERROR XN_FLAG_FN_SN
+ NID_md5_sha1 R_PEER_ERROR_CERTIFICATE XN_FLAG_MULTILINE
+ NID_mdc2 R_PEER_ERROR_NO_CIPHER XN_FLAG_ONELINE
+ NID_mdc2WithRSA R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE XN_FLAG_RFC2253
+ NID_ms_code_com R_PUBLIC_KEY_ENCRYPT_ERROR XN_FLAG_SEP_COMMA_PLUS
+ NID_ms_code_ind R_PUBLIC_KEY_IS_NOT_RSA XN_FLAG_SEP_CPLUS_SPC
+ NID_ms_ctl_sign R_READ_WRONG_PACKET_TYPE XN_FLAG_SEP_MASK
+ NID_ms_efs R_SHORT_READ XN_FLAG_SEP_MULTILINE
+ NID_ms_ext_req R_SSL_SESSION_ID_IS_DIFFERENT XN_FLAG_SEP_SPLUS_SPC
+ NID_ms_sgc R_UNABLE_TO_EXTRACT_PUBLIC_KEY XN_FLAG_SPC_EQ
+ NID_name R_UNKNOWN_REMOTE_ERROR_TYPE
+ NID_netscape R_UNKNOWN_STATE
=head2 INTERNAL ONLY functions (do not use these)
diff --git a/t/local/04_basic.t b/t/local/04_basic.t
index d669782..92fe63e 100644
--- a/t/local/04_basic.t
+++ b/t/local/04_basic.t
@@ -3,24 +3,19 @@
use lib 'inc';
use Net::SSLeay;
-use Test::Net::SSLeay;
+use Test::Net::SSLeay qw(lives_ok);
plan tests => 16;
-eval "use Test::Exception;";
-SKIP: {
- skip 'Test::Exception required for some tests', 8 if $@;
- lives_ok( sub { Net::SSLeay::randomize() }, 'seed pseudorandom number generator' );
- lives_ok( sub { Net::SSLeay::ERR_load_crypto_strings() }, 'load libcrypto error strings' );
- lives_ok( sub { Net::SSLeay::load_error_strings() }, 'load libssl error strings' );
- lives_ok( sub { Net::SSLeay::library_init() }, 'register default TLS ciphers and digest functions' );
- lives_ok( sub { Net::SSLeay::OpenSSL_add_all_digests() }, 'register all digest functions' );
- #version numbers: 0x00903100 ~ 0.9.3, 0x0090600f ~ 0.6.9
- ok( Net::SSLeay::SSLeay() >= 0x00903100, 'SSLeay (version min 0.9.3)' );
- isnt( Net::SSLeay::SSLeay_version(), '', 'SSLeay (version string)' );
- is( Net::SSLeay::SSLeay_version(), Net::SSLeay::SSLeay_version(Net::SSLeay::SSLEAY_VERSION()), 'SSLeay_version optional argument' );
-}
-
+lives_ok( sub { Net::SSLeay::randomize() }, 'seed pseudorandom number generator' );
+lives_ok( sub { Net::SSLeay::ERR_load_crypto_strings() }, 'load libcrypto error strings' );
+lives_ok( sub { Net::SSLeay::load_error_strings() }, 'load libssl error strings' );
+lives_ok( sub { Net::SSLeay::library_init() }, 'register default TLS ciphers and digest functions' );
+lives_ok( sub { Net::SSLeay::OpenSSL_add_all_digests() }, 'register all digest functions' );
+#version numbers: 0x00903100 ~ 0.9.3, 0x0090600f ~ 0.6.9
+ok( Net::SSLeay::SSLeay() >= 0x00903100, 'SSLeay (version min 0.9.3)' );
+isnt( Net::SSLeay::SSLeay_version(), '', 'SSLeay (version string)' );
+is( Net::SSLeay::SSLeay_version(), Net::SSLeay::SSLeay_version(Net::SSLeay::SSLEAY_VERSION()), 'SSLeay_version optional argument' );
is(Net::SSLeay::hello(), 1, 'hello world');
if (exists &Net::SSLeay::OpenSSL_version)
diff --git a/t/local/06_tcpecho.t b/t/local/06_tcpecho.t
index bc5c90e..e92c0eb 100644
--- a/t/local/06_tcpecho.t
+++ b/t/local/06_tcpecho.t
@@ -30,7 +30,7 @@ my $pid;
ok(Net::SSLeay::tcp_write_all(uc($got)), 'tcp_write_all');
close Net::SSLeay::SSLCAT_S;
- $server->close();
+ $server->close() || die("server listen socket close: $!");
exit;
}
@@ -42,6 +42,8 @@ my @results;
push @results, [ $got eq uc($msg), 'sent and received correctly' ];
}
+$server->close() || die("client listen socket close: $!");
+
waitpid $pid, 0;
push @results, [ $? == 0, 'server exited with 0' ];
diff --git a/t/local/07_sslecho.t b/t/local/07_sslecho.t
index b0298e2..a430bfc 100644
--- a/t/local/07_sslecho.t
+++ b/t/local/07_sslecho.t
@@ -94,11 +94,11 @@ $ENV{RND_SEED} = '1234567890123456789012345678901234567890';
}
Net::SSLeay::free($ssl);
- close $ns;
+ close($ns) || die("server close: $!");
}
Net::SSLeay::CTX_free($ctx);
- $server->close();
+ $server->close() || die("server listen socket close: $!");
exit;
}
@@ -133,7 +133,7 @@ my @results;
Net::SSLeay::CTX_free($ctx);
shutdown($s, 2);
- close $s;
+ close($s) || die("client close: $!");
}
@@ -199,9 +199,9 @@ my @results;
push @results, [Net::SSLeay::shutdown($ssl3) >= 0, 'client side ssl3 shutdown' ];
shutdown $s3, 2;
- close $s1;
- close $s2;
- close $s3;
+ close($s1) || die("client close s1: $!");
+ close($s2) || die("client close s2: $!");
+ close($s3) || die("client close s3: $!");
Net::SSLeay::free($ssl1);
Net::SSLeay::free($ssl2);
@@ -314,9 +314,11 @@ my @results;
Net::SSLeay::free($ssl);
Net::SSLeay::CTX_free($ctx);
- close $s;
+ close($s) || die("client close: $!");
}
+$server->close() || die("client listen socket close: $!");
+
waitpid $pid, 0;
push @results, [ $? == 0, 'server exited with 0' ];
diff --git a/t/local/11_read.t b/t/local/11_read.t
index 876dc23..bab0ec0 100644
--- a/t/local/11_read.t
+++ b/t/local/11_read.t
@@ -59,8 +59,11 @@ sub server
my $msg = Net::SSLeay::read($ssl);
Net::SSLeay::write($ssl, $msg);
+ Net::SSLeay::shutdown($ssl);
+ Net::SSLeay::free($ssl);
+ close($cl) || die("client close: $!");
}
- $server->close();
+ $server->close() || die("server listen socket close: $!");
exit(0);
}
}
@@ -90,7 +93,9 @@ sub client
Net::SSLeay::shutdown($ssl);
Net::SSLeay::free($ssl);
+ close($cl) || die("client close: $!");
}
+ $server->close() || die("client listen socket close: $!");
return;
}
diff --git a/t/local/21_constants.t b/t/local/21_constants.t
index df12312..31b92ae 100644
--- a/t/local/21_constants.t
+++ b/t/local/21_constants.t
@@ -4,209 +4,211 @@
use lib 'inc';
use Net::SSLeay;
-use Test::Net::SSLeay;
+use Test::Net::SSLeay qw(dies_like);
-eval "use Test::Exception;";
-if ($@) {
- plan skip_all => 'Some tests need Test::Exception';
-} else {
- plan tests => 553;
-}
+# We rely on symbolic references to run the dies_like() tests:
+no strict 'refs';
+
+plan tests => 554;
my @c = (qw/
- ASN1_STRFLGS_ESC_CTRL NID_netscape R_UNKNOWN_REMOTE_ERROR_TYPE
- ASN1_STRFLGS_ESC_MSB NID_netscape_base_url R_UNKNOWN_STATE
- ASN1_STRFLGS_ESC_QUOTE NID_netscape_ca_policy_url R_X509_LIB
- ASN1_STRFLGS_RFC2253 NID_netscape_ca_revocation_url SENT_SHUTDOWN
- CB_ACCEPT_EXIT NID_netscape_cert_extension SESSION_ASN1_VERSION
- CB_ACCEPT_LOOP NID_netscape_cert_sequence SESS_CACHE_BOTH
- CB_ALERT NID_netscape_cert_type SESS_CACHE_CLIENT
- CB_CONNECT_EXIT NID_netscape_comment SESS_CACHE_NO_AUTO_CLEAR
- CB_CONNECT_LOOP NID_netscape_data_type SESS_CACHE_NO_INTERNAL
- CB_EXIT NID_netscape_renewal_url SESS_CACHE_NO_INTERNAL_LOOKUP
- CB_HANDSHAKE_DONE NID_netscape_revocation_url SESS_CACHE_NO_INTERNAL_STORE
- CB_HANDSHAKE_START NID_netscape_ssl_server_name SESS_CACHE_OFF
- CB_LOOP NID_ns_sgc SESS_CACHE_SERVER
- CB_READ NID_organizationName SSL3_VERSION
- CB_READ_ALERT NID_organizationalUnitName SSLEAY_BUILT_ON
- CB_WRITE NID_pbeWithMD2AndDES_CBC SSLEAY_CFLAGS
- CB_WRITE_ALERT NID_pbeWithMD2AndRC2_CBC SSLEAY_DIR
- ERROR_NONE NID_pbeWithMD5AndCast5_CBC SSLEAY_PLATFORM
- ERROR_SSL NID_pbeWithMD5AndDES_CBC SSLEAY_VERSION
- ERROR_SYSCALL NID_pbeWithMD5AndRC2_CBC ST_ACCEPT
- ERROR_WANT_ACCEPT NID_pbeWithSHA1AndDES_CBC ST_BEFORE
- ERROR_WANT_CONNECT NID_pbeWithSHA1AndRC2_CBC ST_CONNECT
- ERROR_WANT_READ NID_pbe_WithSHA1And128BitRC2_CBC ST_INIT
- ERROR_WANT_WRITE NID_pbe_WithSHA1And128BitRC4 ST_OK
- ERROR_WANT_X509_LOOKUP NID_pbe_WithSHA1And2_Key_TripleDES_CBC ST_READ_BODY
- ERROR_ZERO_RETURN NID_pbe_WithSHA1And3_Key_TripleDES_CBC ST_READ_HEADER
- EVP_PKS_DSA NID_pbe_WithSHA1And40BitRC2_CBC TLS1_1_VERSION
- EVP_PKS_EC NID_pbe_WithSHA1And40BitRC4 TLS1_2_VERSION
- EVP_PKS_RSA NID_pbes2 TLS1_3_VERSION
- EVP_PKT_ENC NID_pbmac1 TLS1_VERSION
- EVP_PKT_EXCH NID_pkcs TLSEXT_STATUSTYPE_ocsp
- EVP_PKT_EXP NID_pkcs3 VERIFY_CLIENT_ONCE
- EVP_PKT_SIGN NID_pkcs7 VERIFY_FAIL_IF_NO_PEER_CERT
- EVP_PK_DH NID_pkcs7_data VERIFY_NONE
- EVP_PK_DSA NID_pkcs7_digest VERIFY_PEER
- EVP_PK_EC NID_pkcs7_encrypted VERIFY_POST_HANDSHAKE
- EVP_PK_RSA NID_pkcs7_enveloped V_OCSP_CERTSTATUS_GOOD
- FILETYPE_ASN1 NID_pkcs7_signed V_OCSP_CERTSTATUS_REVOKED
- FILETYPE_PEM NID_pkcs7_signedAndEnveloped V_OCSP_CERTSTATUS_UNKNOWN
- F_CLIENT_CERTIFICATE NID_pkcs8ShroudedKeyBag WRITING
- F_CLIENT_HELLO NID_pkcs9 X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT
- F_CLIENT_MASTER_KEY NID_pkcs9_challengePassword X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS
- F_D2I_SSL_SESSION NID_pkcs9_contentType X509_CHECK_FLAG_NEVER_CHECK_SUBJECT
- F_GET_CLIENT_FINISHED NID_pkcs9_countersignature X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS
- F_GET_CLIENT_HELLO NID_pkcs9_emailAddress X509_CHECK_FLAG_NO_WILDCARDS
- F_GET_CLIENT_MASTER_KEY NID_pkcs9_extCertAttributes X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS
- F_GET_SERVER_FINISHED NID_pkcs9_messageDigest X509_FILETYPE_ASN1
- F_GET_SERVER_HELLO NID_pkcs9_signingTime X509_FILETYPE_DEFAULT
- F_GET_SERVER_VERIFY NID_pkcs9_unstructuredAddress X509_FILETYPE_PEM
- F_I2D_SSL_SESSION NID_pkcs9_unstructuredName X509_LOOKUP
- F_READ_N NID_private_key_usage_period X509_PURPOSE_ANY
- F_REQUEST_CERTIFICATE NID_rc2_40_cbc X509_PURPOSE_CRL_SIGN
- F_SERVER_HELLO NID_rc2_64_cbc X509_PURPOSE_NS_SSL_SERVER
- F_SSL_CERT_NEW NID_rc2_cbc X509_PURPOSE_OCSP_HELPER
- F_SSL_GET_NEW_SESSION NID_rc2_cfb64 X509_PURPOSE_SMIME_ENCRYPT
- F_SSL_NEW NID_rc2_ecb X509_PURPOSE_SMIME_SIGN
- F_SSL_READ NID_rc2_ofb64 X509_PURPOSE_SSL_CLIENT
- F_SSL_RSA_PRIVATE_DECRYPT NID_rc4 X509_PURPOSE_SSL_SERVER
- F_SSL_RSA_PUBLIC_ENCRYPT NID_rc4_40 X509_PURPOSE_TIMESTAMP_SIGN
- F_SSL_SESSION_NEW NID_rc5_cbc X509_TRUST_COMPAT
- F_SSL_SESSION_PRINT_FP NID_rc5_cfb64 X509_TRUST_EMAIL
- F_SSL_SET_FD NID_rc5_ecb X509_TRUST_OBJECT_SIGN
- F_SSL_SET_RFD NID_rc5_ofb64 X509_TRUST_OCSP_REQUEST
- F_SSL_SET_WFD NID_ripemd160 X509_TRUST_OCSP_SIGN
- F_SSL_USE_CERTIFICATE NID_ripemd160WithRSA X509_TRUST_SSL_CLIENT
- F_SSL_USE_CERTIFICATE_ASN1 NID_rle_compression X509_TRUST_SSL_SERVER
- F_SSL_USE_CERTIFICATE_FILE NID_rsa X509_TRUST_TSA
- F_SSL_USE_PRIVATEKEY NID_rsaEncryption X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH
- F_SSL_USE_PRIVATEKEY_ASN1 NID_rsadsi X509_V_ERR_AKID_SKID_MISMATCH
- F_SSL_USE_PRIVATEKEY_FILE NID_safeContentsBag X509_V_ERR_APPLICATION_VERIFICATION
- F_SSL_USE_RSAPRIVATEKEY NID_sdsiCertificate X509_V_ERR_CA_KEY_TOO_SMALL
- F_SSL_USE_RSAPRIVATEKEY_ASN1 NID_secretBag X509_V_ERR_CA_MD_TOO_WEAK
- F_SSL_USE_RSAPRIVATEKEY_FILE NID_serialNumber X509_V_ERR_CERT_CHAIN_TOO_LONG
- F_WRITE_PENDING NID_server_auth X509_V_ERR_CERT_HAS_EXPIRED
- GEN_DIRNAME NID_sha X509_V_ERR_CERT_NOT_YET_VALID
- GEN_DNS NID_sha1 X509_V_ERR_CERT_REJECTED
- GEN_EDIPARTY NID_sha1WithRSA X509_V_ERR_CERT_REVOKED
- GEN_EMAIL NID_sha1WithRSAEncryption X509_V_ERR_CERT_SIGNATURE_FAILURE
- GEN_IPADD NID_shaWithRSAEncryption X509_V_ERR_CERT_UNTRUSTED
- GEN_OTHERNAME NID_stateOrProvinceName X509_V_ERR_CRL_HAS_EXPIRED
- GEN_RID NID_subject_alt_name X509_V_ERR_CRL_NOT_YET_VALID
- GEN_URI NID_subject_key_identifier X509_V_ERR_CRL_PATH_VALIDATION_ERROR
- GEN_X400 NID_surname X509_V_ERR_CRL_SIGNATURE_FAILURE
- LIBRESSL_VERSION_NUMBER NID_sxnet X509_V_ERR_DANE_NO_MATCH
- MBSTRING_ASC NID_time_stamp X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
- MBSTRING_BMP NID_title X509_V_ERR_DIFFERENT_CRL_SCOPE
- MBSTRING_FLAG NID_undef X509_V_ERR_EE_KEY_TOO_SMALL
- MBSTRING_UNIV NID_uniqueIdentifier X509_V_ERR_EMAIL_MISMATCH
- MBSTRING_UTF8 NID_x509Certificate X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD
- MIN_RSA_MODULUS_LENGTH_IN_BYTES NID_x509Crl X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD
- MODE_ACCEPT_MOVING_WRITE_BUFFER NID_zlib_compression X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD
- MODE_AUTO_RETRY NOTHING X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD
- MODE_ENABLE_PARTIAL_WRITE OCSP_RESPONSE_STATUS_INTERNALERROR X509_V_ERR_EXCLUDED_VIOLATION
- MODE_RELEASE_BUFFERS OCSP_RESPONSE_STATUS_MALFORMEDREQUEST X509_V_ERR_HOSTNAME_MISMATCH
- NID_OCSP_sign OCSP_RESPONSE_STATUS_SIGREQUIRED X509_V_ERR_INVALID_CA
- NID_SMIMECapabilities OCSP_RESPONSE_STATUS_SUCCESSFUL X509_V_ERR_INVALID_CALL
- NID_X500 OCSP_RESPONSE_STATUS_TRYLATER X509_V_ERR_INVALID_EXTENSION
- NID_X509 OCSP_RESPONSE_STATUS_UNAUTHORIZED X509_V_ERR_INVALID_NON_CA
- NID_ad_OCSP OPENSSL_BUILT_ON X509_V_ERR_INVALID_POLICY_EXTENSION
- NID_ad_ca_issuers OPENSSL_CFLAGS X509_V_ERR_INVALID_PURPOSE
- NID_algorithm OPENSSL_DIR X509_V_ERR_IP_ADDRESS_MISMATCH
- NID_authority_key_identifier OPENSSL_ENGINES_DIR X509_V_ERR_KEYUSAGE_NO_CERTSIGN
- NID_basic_constraints OPENSSL_PLATFORM X509_V_ERR_KEYUSAGE_NO_CRL_SIGN
- NID_bf_cbc OPENSSL_VERSION X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE
- NID_bf_cfb64 OPENSSL_VERSION_NUMBER X509_V_ERR_NO_EXPLICIT_POLICY
- NID_bf_ecb OP_ALL X509_V_ERR_NO_VALID_SCTS
- NID_bf_ofb64 OP_ALLOW_NO_DHE_KEX X509_V_ERR_OCSP_CERT_UNKNOWN
- NID_cast5_cbc OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION X509_V_ERR_OCSP_VERIFY_FAILED
- NID_cast5_cfb64 OP_CIPHER_SERVER_PREFERENCE X509_V_ERR_OCSP_VERIFY_NEEDED
- NID_cast5_ecb OP_CISCO_ANYCONNECT X509_V_ERR_OUT_OF_MEM
- NID_cast5_ofb64 OP_COOKIE_EXCHANGE X509_V_ERR_PATH_LENGTH_EXCEEDED
- NID_certBag OP_CRYPTOPRO_TLSEXT_BUG X509_V_ERR_PATH_LOOP
- NID_certificate_policies OP_DONT_INSERT_EMPTY_FRAGMENTS X509_V_ERR_PERMITTED_VIOLATION
- NID_client_auth OP_ENABLE_MIDDLEBOX_COMPAT X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED
- NID_code_sign OP_EPHEMERAL_RSA X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED
- NID_commonName OP_LEGACY_SERVER_CONNECT X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION
- NID_countryName OP_MICROSOFT_BIG_SSLV3_BUFFER X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN
- NID_crlBag OP_MICROSOFT_SESS_ID_BUG X509_V_ERR_STORE_LOOKUP
- NID_crl_distribution_points OP_MSIE_SSLV2_RSA_PADDING X509_V_ERR_SUBJECT_ISSUER_MISMATCH
- NID_crl_number OP_NETSCAPE_CA_DN_BUG X509_V_ERR_SUBTREE_MINMAX
- NID_crl_reason OP_NETSCAPE_CHALLENGE_BUG X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256
- NID_delta_crl OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG X509_V_ERR_SUITE_B_INVALID_ALGORITHM
- NID_des_cbc OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG X509_V_ERR_SUITE_B_INVALID_CURVE
- NID_des_cfb64 OP_NON_EXPORT_FIRST X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM
- NID_des_ecb OP_NO_ANTI_REPLAY X509_V_ERR_SUITE_B_INVALID_VERSION
- NID_des_ede OP_NO_CLIENT_RENEGOTIATION X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED
- NID_des_ede3 OP_NO_COMPRESSION X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY
- NID_des_ede3_cbc OP_NO_ENCRYPT_THEN_MAC X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE
- NID_des_ede3_cfb64 OP_NO_QUERY_MTU X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE
- NID_des_ede3_ofb64 OP_NO_RENEGOTIATION X509_V_ERR_UNABLE_TO_GET_CRL
- NID_des_ede_cbc OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER
- NID_des_ede_cfb64 OP_NO_SSL_MASK X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT
- NID_des_ede_ofb64 OP_NO_SSLv2 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
- NID_des_ofb64 OP_NO_SSLv3 X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE
- NID_description OP_NO_TICKET X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION
- NID_desx_cbc OP_NO_TLSv1 X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION
- NID_dhKeyAgreement OP_NO_TLSv1_1 X509_V_ERR_UNNESTED_RESOURCE
- NID_dnQualifier OP_NO_TLSv1_2 X509_V_ERR_UNSPECIFIED
- NID_dsa OP_NO_TLSv1_3 X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX
- NID_dsaWithSHA OP_PKCS1_CHECK_1 X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE
- NID_dsaWithSHA1 OP_PKCS1_CHECK_2 X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE
- NID_dsaWithSHA1_2 OP_PRIORITIZE_CHACHA X509_V_ERR_UNSUPPORTED_NAME_SYNTAX
- NID_dsa_2 OP_SAFARI_ECDHE_ECDSA_BUG X509_V_FLAG_ALLOW_PROXY_CERTS
- NID_email_protect OP_SINGLE_DH_USE X509_V_FLAG_CB_ISSUER_CHECK
- NID_ext_key_usage OP_SINGLE_ECDH_USE X509_V_FLAG_CHECK_SS_SIGNATURE
- NID_ext_req OP_SSLEAY_080_CLIENT_DH_BUG X509_V_FLAG_CRL_CHECK
- NID_friendlyName OP_SSLREF2_REUSE_CERT_TYPE_BUG X509_V_FLAG_CRL_CHECK_ALL
- NID_givenName OP_TLSEXT_PADDING X509_V_FLAG_EXPLICIT_POLICY
- NID_hmacWithSHA1 OP_TLS_BLOCK_PADDING_BUG X509_V_FLAG_EXTENDED_CRL_SUPPORT
- NID_id_ad OP_TLS_D5_BUG X509_V_FLAG_IGNORE_CRITICAL
- NID_id_ce OP_TLS_ROLLBACK_BUG X509_V_FLAG_INHIBIT_ANY
- NID_id_kp READING X509_V_FLAG_INHIBIT_MAP
- NID_id_pbkdf2 RECEIVED_SHUTDOWN X509_V_FLAG_NOTIFY_POLICY
- NID_id_pe RSA_3 X509_V_FLAG_NO_ALT_CHAINS
- NID_id_pkix RSA_F4 X509_V_FLAG_NO_CHECK_TIME
- NID_id_qt_cps R_BAD_AUTHENTICATION_TYPE X509_V_FLAG_PARTIAL_CHAIN
- NID_id_qt_unotice R_BAD_CHECKSUM X509_V_FLAG_POLICY_CHECK
- NID_idea_cbc R_BAD_MAC_DECODE X509_V_FLAG_POLICY_MASK
- NID_idea_cfb64 R_BAD_RESPONSE_ARGUMENT X509_V_FLAG_SUITEB_128_LOS
- NID_idea_ecb R_BAD_SSL_FILETYPE X509_V_FLAG_SUITEB_128_LOS_ONLY
- NID_idea_ofb64 R_BAD_SSL_SESSION_ID_LENGTH X509_V_FLAG_SUITEB_192_LOS
- NID_info_access R_BAD_STATE X509_V_FLAG_TRUSTED_FIRST
- NID_initials R_BAD_WRITE_RETRY X509_V_FLAG_USE_CHECK_TIME
- NID_invalidity_date R_CHALLENGE_IS_DIFFERENT X509_V_FLAG_USE_DELTAS
- NID_issuer_alt_name R_CIPHER_TABLE_SRC_ERROR X509_V_FLAG_X509_STRICT
- NID_keyBag R_INVALID_CHALLENGE_LENGTH X509_V_OK
- NID_key_usage R_NO_CERTIFICATE_SET XN_FLAG_COMPAT
- NID_localKeyID R_NO_CERTIFICATE_SPECIFIED XN_FLAG_DN_REV
- NID_localityName R_NO_CIPHER_LIST XN_FLAG_DUMP_UNKNOWN_FIELDS
- NID_md2 R_NO_CIPHER_MATCH XN_FLAG_FN_ALIGN
- NID_md2WithRSAEncryption R_NO_PRIVATEKEY XN_FLAG_FN_LN
- NID_md5 R_NO_PUBLICKEY XN_FLAG_FN_MASK
- NID_md5WithRSA R_NULL_SSL_CTX XN_FLAG_FN_NONE
- NID_md5WithRSAEncryption R_PEER_DID_NOT_RETURN_A_CERTIFICATE XN_FLAG_FN_OID
- NID_md5_sha1 R_PEER_ERROR XN_FLAG_FN_SN
- NID_mdc2 R_PEER_ERROR_CERTIFICATE XN_FLAG_MULTILINE
- NID_mdc2WithRSA R_PEER_ERROR_NO_CIPHER XN_FLAG_ONELINE
- NID_ms_code_com R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE XN_FLAG_RFC2253
- NID_ms_code_ind R_PUBLIC_KEY_ENCRYPT_ERROR XN_FLAG_SEP_COMMA_PLUS
- NID_ms_ctl_sign R_PUBLIC_KEY_IS_NOT_RSA XN_FLAG_SEP_CPLUS_SPC
- NID_ms_efs R_READ_WRONG_PACKET_TYPE XN_FLAG_SEP_MASK
- NID_ms_ext_req R_SHORT_READ XN_FLAG_SEP_MULTILINE
- NID_ms_sgc R_SSL_SESSION_ID_IS_DIFFERENT XN_FLAG_SEP_SPLUS_SPC
- NID_name R_UNABLE_TO_EXTRACT_PUBLIC_KEY XN_FLAG_SPC_EQ
+ ASN1_STRFLGS_ESC_CTRL NID_netscape_base_url R_X509_LIB
+ ASN1_STRFLGS_ESC_MSB NID_netscape_ca_policy_url SENT_SHUTDOWN
+ ASN1_STRFLGS_ESC_QUOTE NID_netscape_ca_revocation_url SESSION_ASN1_VERSION
+ ASN1_STRFLGS_RFC2253 NID_netscape_cert_extension SESS_CACHE_BOTH
+ CB_ACCEPT_EXIT NID_netscape_cert_sequence SESS_CACHE_CLIENT
+ CB_ACCEPT_LOOP NID_netscape_cert_type SESS_CACHE_NO_AUTO_CLEAR
+ CB_ALERT NID_netscape_comment SESS_CACHE_NO_INTERNAL
+ CB_CONNECT_EXIT NID_netscape_data_type SESS_CACHE_NO_INTERNAL_LOOKUP
+ CB_CONNECT_LOOP NID_netscape_renewal_url SESS_CACHE_NO_INTERNAL_STORE
+ CB_EXIT NID_netscape_revocation_url SESS_CACHE_OFF
+ CB_HANDSHAKE_DONE NID_netscape_ssl_server_name SESS_CACHE_SERVER
+ CB_HANDSHAKE_START NID_ns_sgc SSL3_VERSION
+ CB_LOOP NID_organizationName SSLEAY_BUILT_ON
+ CB_READ NID_organizationalUnitName SSLEAY_CFLAGS
+ CB_READ_ALERT NID_pbeWithMD2AndDES_CBC SSLEAY_DIR
+ CB_WRITE NID_pbeWithMD2AndRC2_CBC SSLEAY_PLATFORM
+ CB_WRITE_ALERT NID_pbeWithMD5AndCast5_CBC SSLEAY_VERSION
+ ERROR_NONE NID_pbeWithMD5AndDES_CBC ST_ACCEPT
+ ERROR_SSL NID_pbeWithMD5AndRC2_CBC ST_BEFORE
+ ERROR_SYSCALL NID_pbeWithSHA1AndDES_CBC ST_CONNECT
+ ERROR_WANT_ACCEPT NID_pbeWithSHA1AndRC2_CBC ST_INIT
+ ERROR_WANT_CONNECT NID_pbe_WithSHA1And128BitRC2_CBC ST_OK
+ ERROR_WANT_READ NID_pbe_WithSHA1And128BitRC4 ST_READ_BODY
+ ERROR_WANT_WRITE NID_pbe_WithSHA1And2_Key_TripleDES_CBC ST_READ_HEADER
+ ERROR_WANT_X509_LOOKUP NID_pbe_WithSHA1And3_Key_TripleDES_CBC TLS1_1_VERSION
+ ERROR_ZERO_RETURN NID_pbe_WithSHA1And40BitRC2_CBC TLS1_2_VERSION
+ EVP_PKS_DSA NID_pbe_WithSHA1And40BitRC4 TLS1_3_VERSION
+ EVP_PKS_EC NID_pbes2 TLS1_VERSION
+ EVP_PKS_RSA NID_pbmac1 TLSEXT_STATUSTYPE_ocsp
+ EVP_PKT_ENC NID_pkcs VERIFY_CLIENT_ONCE
+ EVP_PKT_EXCH NID_pkcs3 VERIFY_FAIL_IF_NO_PEER_CERT
+ EVP_PKT_EXP NID_pkcs7 VERIFY_NONE
+ EVP_PKT_SIGN NID_pkcs7_data VERIFY_PEER
+ EVP_PK_DH NID_pkcs7_digest VERIFY_POST_HANDSHAKE
+ EVP_PK_DSA NID_pkcs7_encrypted V_OCSP_CERTSTATUS_GOOD
+ EVP_PK_EC NID_pkcs7_enveloped V_OCSP_CERTSTATUS_REVOKED
+ EVP_PK_RSA NID_pkcs7_signed V_OCSP_CERTSTATUS_UNKNOWN
+ FILETYPE_ASN1 NID_pkcs7_signedAndEnveloped WRITING
+ FILETYPE_PEM NID_pkcs8ShroudedKeyBag X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT
+ F_CLIENT_CERTIFICATE NID_pkcs9 X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS
+ F_CLIENT_HELLO NID_pkcs9_challengePassword X509_CHECK_FLAG_NEVER_CHECK_SUBJECT
+ F_CLIENT_MASTER_KEY NID_pkcs9_contentType X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS
+ F_D2I_SSL_SESSION NID_pkcs9_countersignature X509_CHECK_FLAG_NO_WILDCARDS
+ F_GET_CLIENT_FINISHED NID_pkcs9_emailAddress X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS
+ F_GET_CLIENT_HELLO NID_pkcs9_extCertAttributes X509_FILETYPE_ASN1
+ F_GET_CLIENT_MASTER_KEY NID_pkcs9_messageDigest X509_FILETYPE_DEFAULT
+ F_GET_SERVER_FINISHED NID_pkcs9_signingTime X509_FILETYPE_PEM
+ F_GET_SERVER_HELLO NID_pkcs9_unstructuredAddress X509_LOOKUP
+ F_GET_SERVER_VERIFY NID_pkcs9_unstructuredName X509_PURPOSE_ANY
+ F_I2D_SSL_SESSION NID_private_key_usage_period X509_PURPOSE_CRL_SIGN
+ F_READ_N NID_rc2_40_cbc X509_PURPOSE_NS_SSL_SERVER
+ F_REQUEST_CERTIFICATE NID_rc2_64_cbc X509_PURPOSE_OCSP_HELPER
+ F_SERVER_HELLO NID_rc2_cbc X509_PURPOSE_SMIME_ENCRYPT
+ F_SSL_CERT_NEW NID_rc2_cfb64 X509_PURPOSE_SMIME_SIGN
+ F_SSL_GET_NEW_SESSION NID_rc2_ecb X509_PURPOSE_SSL_CLIENT
+ F_SSL_NEW NID_rc2_ofb64 X509_PURPOSE_SSL_SERVER
+ F_SSL_READ NID_rc4 X509_PURPOSE_TIMESTAMP_SIGN
+ F_SSL_RSA_PRIVATE_DECRYPT NID_rc4_40 X509_TRUST_COMPAT
+ F_SSL_RSA_PUBLIC_ENCRYPT NID_rc5_cbc X509_TRUST_EMAIL
+ F_SSL_SESSION_NEW NID_rc5_cfb64 X509_TRUST_OBJECT_SIGN
+ F_SSL_SESSION_PRINT_FP NID_rc5_ecb X509_TRUST_OCSP_REQUEST
+ F_SSL_SET_FD NID_rc5_ofb64 X509_TRUST_OCSP_SIGN
+ F_SSL_SET_RFD NID_ripemd160 X509_TRUST_SSL_CLIENT
+ F_SSL_SET_WFD NID_ripemd160WithRSA X509_TRUST_SSL_SERVER
+ F_SSL_USE_CERTIFICATE NID_rle_compression X509_TRUST_TSA
+ F_SSL_USE_CERTIFICATE_ASN1 NID_rsa X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH
+ F_SSL_USE_CERTIFICATE_FILE NID_rsaEncryption X509_V_ERR_AKID_SKID_MISMATCH
+ F_SSL_USE_PRIVATEKEY NID_rsadsi X509_V_ERR_APPLICATION_VERIFICATION
+ F_SSL_USE_PRIVATEKEY_ASN1 NID_safeContentsBag X509_V_ERR_CA_KEY_TOO_SMALL
+ F_SSL_USE_PRIVATEKEY_FILE NID_sdsiCertificate X509_V_ERR_CA_MD_TOO_WEAK
+ F_SSL_USE_RSAPRIVATEKEY NID_secretBag X509_V_ERR_CERT_CHAIN_TOO_LONG
+ F_SSL_USE_RSAPRIVATEKEY_ASN1 NID_serialNumber X509_V_ERR_CERT_HAS_EXPIRED
+ F_SSL_USE_RSAPRIVATEKEY_FILE NID_server_auth X509_V_ERR_CERT_NOT_YET_VALID
+ F_WRITE_PENDING NID_sha X509_V_ERR_CERT_REJECTED
+ GEN_DIRNAME NID_sha1 X509_V_ERR_CERT_REVOKED
+ GEN_DNS NID_sha1WithRSA X509_V_ERR_CERT_SIGNATURE_FAILURE
+ GEN_EDIPARTY NID_sha1WithRSAEncryption X509_V_ERR_CERT_UNTRUSTED
+ GEN_EMAIL NID_shaWithRSAEncryption X509_V_ERR_CRL_HAS_EXPIRED
+ GEN_IPADD NID_stateOrProvinceName X509_V_ERR_CRL_NOT_YET_VALID
+ GEN_OTHERNAME NID_subject_alt_name X509_V_ERR_CRL_PATH_VALIDATION_ERROR
+ GEN_RID NID_subject_key_identifier X509_V_ERR_CRL_SIGNATURE_FAILURE
+ GEN_URI NID_surname X509_V_ERR_DANE_NO_MATCH
+ GEN_X400 NID_sxnet X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
+ LIBRESSL_VERSION_NUMBER NID_time_stamp X509_V_ERR_DIFFERENT_CRL_SCOPE
+ MBSTRING_ASC NID_title X509_V_ERR_EE_KEY_TOO_SMALL
+ MBSTRING_BMP NID_undef X509_V_ERR_EMAIL_MISMATCH
+ MBSTRING_FLAG NID_uniqueIdentifier X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD
+ MBSTRING_UNIV NID_x509Certificate X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD
+ MBSTRING_UTF8 NID_x509Crl X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD
+ MIN_RSA_MODULUS_LENGTH_IN_BYTES NID_zlib_compression X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD
+ MODE_ACCEPT_MOVING_WRITE_BUFFER NOTHING X509_V_ERR_EXCLUDED_VIOLATION
+ MODE_AUTO_RETRY OCSP_RESPONSE_STATUS_INTERNALERROR X509_V_ERR_HOSTNAME_MISMATCH
+ MODE_ENABLE_PARTIAL_WRITE OCSP_RESPONSE_STATUS_MALFORMEDREQUEST X509_V_ERR_INVALID_CA
+ MODE_RELEASE_BUFFERS OCSP_RESPONSE_STATUS_SIGREQUIRED X509_V_ERR_INVALID_CALL
+ NID_OCSP_sign OCSP_RESPONSE_STATUS_SUCCESSFUL X509_V_ERR_INVALID_EXTENSION
+ NID_SMIMECapabilities OCSP_RESPONSE_STATUS_TRYLATER X509_V_ERR_INVALID_NON_CA
+ NID_X500 OCSP_RESPONSE_STATUS_UNAUTHORIZED X509_V_ERR_INVALID_POLICY_EXTENSION
+ NID_X509 OPENSSL_BUILT_ON X509_V_ERR_INVALID_PURPOSE
+ NID_ad_OCSP OPENSSL_CFLAGS X509_V_ERR_IP_ADDRESS_MISMATCH
+ NID_ad_ca_issuers OPENSSL_DIR X509_V_ERR_KEYUSAGE_NO_CERTSIGN
+ NID_algorithm OPENSSL_ENGINES_DIR X509_V_ERR_KEYUSAGE_NO_CRL_SIGN
+ NID_authority_key_identifier OPENSSL_PLATFORM X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE
+ NID_basic_constraints OPENSSL_VERSION X509_V_ERR_NO_EXPLICIT_POLICY
+ NID_bf_cbc OPENSSL_VERSION_NUMBER X509_V_ERR_NO_VALID_SCTS
+ NID_bf_cfb64 OP_ALL X509_V_ERR_OCSP_CERT_UNKNOWN
+ NID_bf_ecb OP_ALLOW_NO_DHE_KEX X509_V_ERR_OCSP_VERIFY_FAILED
+ NID_bf_ofb64 OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION X509_V_ERR_OCSP_VERIFY_NEEDED
+ NID_cast5_cbc OP_CIPHER_SERVER_PREFERENCE X509_V_ERR_OUT_OF_MEM
+ NID_cast5_cfb64 OP_CISCO_ANYCONNECT X509_V_ERR_PATH_LENGTH_EXCEEDED
+ NID_cast5_ecb OP_COOKIE_EXCHANGE X509_V_ERR_PATH_LOOP
+ NID_cast5_ofb64 OP_CRYPTOPRO_TLSEXT_BUG X509_V_ERR_PERMITTED_VIOLATION
+ NID_certBag OP_DONT_INSERT_EMPTY_FRAGMENTS X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED
+ NID_certificate_policies OP_ENABLE_MIDDLEBOX_COMPAT X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED
+ NID_client_auth OP_EPHEMERAL_RSA X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION
+ NID_code_sign OP_LEGACY_SERVER_CONNECT X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN
+ NID_commonName OP_MICROSOFT_BIG_SSLV3_BUFFER X509_V_ERR_STORE_LOOKUP
+ NID_countryName OP_MICROSOFT_SESS_ID_BUG X509_V_ERR_SUBJECT_ISSUER_MISMATCH
+ NID_crlBag OP_MSIE_SSLV2_RSA_PADDING X509_V_ERR_SUBTREE_MINMAX
+ NID_crl_distribution_points OP_NETSCAPE_CA_DN_BUG X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256
+ NID_crl_number OP_NETSCAPE_CHALLENGE_BUG X509_V_ERR_SUITE_B_INVALID_ALGORITHM
+ NID_crl_reason OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG X509_V_ERR_SUITE_B_INVALID_CURVE
+ NID_delta_crl OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM
+ NID_des_cbc OP_NON_EXPORT_FIRST X509_V_ERR_SUITE_B_INVALID_VERSION
+ NID_des_cfb64 OP_NO_ANTI_REPLAY X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED
+ NID_des_ecb OP_NO_CLIENT_RENEGOTIATION X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY
+ NID_des_ede OP_NO_COMPRESSION X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE
+ NID_des_ede3 OP_NO_ENCRYPT_THEN_MAC X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE
+ NID_des_ede3_cbc OP_NO_QUERY_MTU X509_V_ERR_UNABLE_TO_GET_CRL
+ NID_des_ede3_cfb64 OP_NO_RENEGOTIATION X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER
+ NID_des_ede3_ofb64 OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT
+ NID_des_ede_cbc OP_NO_SSL_MASK X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
+ NID_des_ede_cfb64 OP_NO_SSLv2 X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE
+ NID_des_ede_ofb64 OP_NO_SSLv3 X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION
+ NID_des_ofb64 OP_NO_TICKET X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION
+ NID_description OP_NO_TLSv1 X509_V_ERR_UNNESTED_RESOURCE
+ NID_desx_cbc OP_NO_TLSv1_1 X509_V_ERR_UNSPECIFIED
+ NID_dhKeyAgreement OP_NO_TLSv1_2 X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX
+ NID_dnQualifier OP_NO_TLSv1_3 X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE
+ NID_dsa OP_PKCS1_CHECK_1 X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE
+ NID_dsaWithSHA OP_PKCS1_CHECK_2 X509_V_ERR_UNSUPPORTED_NAME_SYNTAX
+ NID_dsaWithSHA1 OP_PRIORITIZE_CHACHA X509_V_FLAG_ALLOW_PROXY_CERTS
+ NID_dsaWithSHA1_2 OP_SAFARI_ECDHE_ECDSA_BUG X509_V_FLAG_CB_ISSUER_CHECK
+ NID_dsa_2 OP_SINGLE_DH_USE X509_V_FLAG_CHECK_SS_SIGNATURE
+ NID_email_protect OP_SINGLE_ECDH_USE X509_V_FLAG_CRL_CHECK
+ NID_ext_key_usage OP_SSLEAY_080_CLIENT_DH_BUG X509_V_FLAG_CRL_CHECK_ALL
+ NID_ext_req OP_SSLREF2_REUSE_CERT_TYPE_BUG X509_V_FLAG_EXPLICIT_POLICY
+ NID_friendlyName OP_TLSEXT_PADDING X509_V_FLAG_EXTENDED_CRL_SUPPORT
+ NID_givenName OP_TLS_BLOCK_PADDING_BUG X509_V_FLAG_IGNORE_CRITICAL
+ NID_hmacWithSHA1 OP_TLS_D5_BUG X509_V_FLAG_INHIBIT_ANY
+ NID_id_ad OP_TLS_ROLLBACK_BUG X509_V_FLAG_INHIBIT_MAP
+ NID_id_ce READING X509_V_FLAG_LEGACY_VERIFY
+ NID_id_kp RECEIVED_SHUTDOWN X509_V_FLAG_NOTIFY_POLICY
+ NID_id_pbkdf2 RSA_3 X509_V_FLAG_NO_ALT_CHAINS
+ NID_id_pe RSA_F4 X509_V_FLAG_NO_CHECK_TIME
+ NID_id_pkix R_BAD_AUTHENTICATION_TYPE X509_V_FLAG_PARTIAL_CHAIN
+ NID_id_qt_cps R_BAD_CHECKSUM X509_V_FLAG_POLICY_CHECK
+ NID_id_qt_unotice R_BAD_MAC_DECODE X509_V_FLAG_POLICY_MASK
+ NID_idea_cbc R_BAD_RESPONSE_ARGUMENT X509_V_FLAG_SUITEB_128_LOS
+ NID_idea_cfb64 R_BAD_SSL_FILETYPE X509_V_FLAG_SUITEB_128_LOS_ONLY
+ NID_idea_ecb R_BAD_SSL_SESSION_ID_LENGTH X509_V_FLAG_SUITEB_192_LOS
+ NID_idea_ofb64 R_BAD_STATE X509_V_FLAG_TRUSTED_FIRST
+ NID_info_access R_BAD_WRITE_RETRY X509_V_FLAG_USE_CHECK_TIME
+ NID_initials R_CHALLENGE_IS_DIFFERENT X509_V_FLAG_USE_DELTAS
+ NID_invalidity_date R_CIPHER_TABLE_SRC_ERROR X509_V_FLAG_X509_STRICT
+ NID_issuer_alt_name R_INVALID_CHALLENGE_LENGTH X509_V_OK
+ NID_keyBag R_NO_CERTIFICATE_SET XN_FLAG_COMPAT
+ NID_key_usage R_NO_CERTIFICATE_SPECIFIED XN_FLAG_DN_REV
+ NID_localKeyID R_NO_CIPHER_LIST XN_FLAG_DUMP_UNKNOWN_FIELDS
+ NID_localityName R_NO_CIPHER_MATCH XN_FLAG_FN_ALIGN
+ NID_md2 R_NO_PRIVATEKEY XN_FLAG_FN_LN
+ NID_md2WithRSAEncryption R_NO_PUBLICKEY XN_FLAG_FN_MASK
+ NID_md5 R_NULL_SSL_CTX XN_FLAG_FN_NONE
+ NID_md5WithRSA R_PEER_DID_NOT_RETURN_A_CERTIFICATE XN_FLAG_FN_OID
+ NID_md5WithRSAEncryption R_PEER_ERROR XN_FLAG_FN_SN
+ NID_md5_sha1 R_PEER_ERROR_CERTIFICATE XN_FLAG_MULTILINE
+ NID_mdc2 R_PEER_ERROR_NO_CIPHER XN_FLAG_ONELINE
+ NID_mdc2WithRSA R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE XN_FLAG_RFC2253
+ NID_ms_code_com R_PUBLIC_KEY_ENCRYPT_ERROR XN_FLAG_SEP_COMMA_PLUS
+ NID_ms_code_ind R_PUBLIC_KEY_IS_NOT_RSA XN_FLAG_SEP_CPLUS_SPC
+ NID_ms_ctl_sign R_READ_WRONG_PACKET_TYPE XN_FLAG_SEP_MASK
+ NID_ms_efs R_SHORT_READ XN_FLAG_SEP_MULTILINE
+ NID_ms_ext_req R_SSL_SESSION_ID_IS_DIFFERENT XN_FLAG_SEP_SPLUS_SPC
+ NID_ms_sgc R_UNABLE_TO_EXTRACT_PUBLIC_KEY XN_FLAG_SPC_EQ
+ NID_name R_UNKNOWN_REMOTE_ERROR_TYPE
+ NID_netscape R_UNKNOWN_STATE
/);
my @missing;
my %h = map { $_=>1 } @Net::SSLeay::EXPORT_OK;
-for (@c) {
- like(eval("&Net::SSLeay::$_; 'ok'") || $@, qr/^(ok|Your vendor has not defined SSLeay macro.*)$/, "$_");
- push(@missing, $_) unless $h{$_};
+for my $c (@c) {
+ dies_like(sub {
+ "Net::SSLeay::$c"->();
+ die "ok\n";
+ }, qr/^(ok\n|Your vendor has not defined SSLeay macro.*)$/, "$c");
+ push(@missing, $c) unless $h{$c};
}
is(join(",", sort @missing), '', 'constants missing in @EXPORT_OK count='.scalar(@missing));
diff --git a/t/local/22_provider.t b/t/local/22_provider.t
new file mode 100644
index 0000000..f3a19a7
--- /dev/null
+++ b/t/local/22_provider.t
@@ -0,0 +1,103 @@
+use lib 'inc';
+
+use Net::SSLeay;
+use Test::Net::SSLeay (initialise_libssl);
+
+# We don't do intialise_libssl() now because we want to want to
+# trigger automatic loading of the default provider.
+#
+# Quote from
+# https://www.openssl.org/docs/manmaster/man7/OSSL_PROVIDER-default.html
+# about default provider:
+#
+# It is loaded automatically the first time that an algorithm is
+# fetched from a provider or a function acting on providers is
+# called and no other provider has been loaded yet.
+#
+#initialise_libssl(); # Don't do this
+
+if (defined &Net::SSLeay::OSSL_PROVIDER_load) {
+ plan(tests => 16);
+} else {
+ plan(skip_all => "no support for providers");
+}
+
+# provider loading, availability and unloading
+{
+ # See top of file why things are done in this order. We don't want
+ # to load the default provider automatically.
+
+ my $null_provider = Net::SSLeay::OSSL_PROVIDER_load(undef, 'null');
+ ok($null_provider, 'null provider load returns a pointer');
+ my $null_avail = Net::SSLeay::OSSL_PROVIDER_available(undef, 'null');
+ is($null_avail, 1, 'null provider loaded and available');
+
+ my $default_avail = Net::SSLeay::OSSL_PROVIDER_available(undef, 'default');
+ is($default_avail, 0, 'default provider not loaded, not available');
+ if ($default_avail)
+ {
+ diag('Default provider was already available. More provider tests in this and other provider test files may fail');
+ diag('If your configuration loads the default provider, consider ignoring the errors or using OPENSSL_CONF environment variable');
+ diag('For example: OPENSSL_CONF=/path/to/openssl/ssl/openssl.cnf.dist make test');
+ }
+
+ my $null_unload = Net::SSLeay::OSSL_PROVIDER_unload($null_provider);
+ is($null_unload, 1, 'null provider successfully unloaded');
+ $null_avail = Net::SSLeay::OSSL_PROVIDER_available(undef, 'null');
+ is($null_avail, 0, 'null provider is no longer available');
+
+ $default_avail = Net::SSLeay::OSSL_PROVIDER_available(undef, 'default');
+ is($default_avail, 0, 'default provider still not loaded, not available');
+
+ my $default_provider_undef_libctx = Net::SSLeay::OSSL_PROVIDER_load(undef, 'default');
+ ok($default_provider_undef_libctx, 'default provider with NULL libctx loaded successfully');
+
+ my $libctx = Net::SSLeay::OSSL_LIB_CTX_get0_global_default();
+ ok($libctx, 'OSSL_LIB_CTX_get0_global_default() returns a pointer');
+
+ my $default_provider_default_libctx = Net::SSLeay::OSSL_PROVIDER_load($libctx, 'default');
+ ok($default_provider_default_libctx, 'default provider with default libctx loaded successfully');
+ is($default_provider_default_libctx, $default_provider_undef_libctx, 'OSSL_PROVIDER_load with undef and defined libctx return the same pointer');
+}
+
+
+# get0_name, selftest
+{
+ my $null_provider = Net::SSLeay::OSSL_PROVIDER_load(undef, 'null');
+ my $default_provider = Net::SSLeay::OSSL_PROVIDER_load(undef, 'default');
+
+ is(Net::SSLeay::OSSL_PROVIDER_get0_name($null_provider), 'null', 'get0_name for null provider');
+ is(Net::SSLeay::OSSL_PROVIDER_get0_name($default_provider), 'default', 'get0_name for default provider');
+
+ is(Net::SSLeay::OSSL_PROVIDER_self_test($null_provider), 1, 'self_test for null provider');
+ is(Net::SSLeay::OSSL_PROVIDER_self_test($default_provider), 1, 'self_test for default provider');
+}
+
+
+# do_all
+{
+ my %seen_providers;
+ sub all_cb {
+ my ($provider_cb, $cbdata_cb) = @_;
+
+ fail('provider already seen') if exists $seen_providers{$provider_cb};
+ $seen_providers{$provider_cb} = $cbdata_cb;
+ return 1;
+ };
+
+ my $null_provider = Net::SSLeay::OSSL_PROVIDER_load(undef, 'null');
+ my $default_provider = Net::SSLeay::OSSL_PROVIDER_load(undef, 'default');
+ my $cbdata = 'data for cb';
+
+ Net::SSLeay::OSSL_PROVIDER_do_all(undef, \&all_cb, $cbdata);
+ foreach my $provider ($null_provider, $default_provider)
+ {
+ my $name = Net::SSLeay::OSSL_PROVIDER_get0_name($provider);
+ is(delete $seen_providers{$provider}, $cbdata, "provider '$name' was seen");
+ }
+ foreach my $provider (keys(%seen_providers))
+ {
+ my $name = Net::SSLeay::OSSL_PROVIDER_get0_name($provider);
+ diag("Provider '$name' was also seen by the callback");
+ }
+}
diff --git a/t/local/22_provider_try_load.t b/t/local/22_provider_try_load.t
new file mode 100644
index 0000000..88edd6b
--- /dev/null
+++ b/t/local/22_provider_try_load.t
@@ -0,0 +1,29 @@
+use lib 'inc';
+
+use Net::SSLeay;
+use Test::Net::SSLeay (initialise_libssl);
+
+# Avoid default provider automatic loading. See 22_provider.t for more
+# information.
+#
+#initialise_libssl(); # Don't do this
+#
+# We use a separate test file so that we get a newly loaded library
+# that still has triggers for automatic loading enabled.
+
+if (defined &Net::SSLeay::OSSL_PROVIDER_load) {
+ plan(tests => 3);
+} else {
+ plan(skip_all => "no support for providers");
+}
+
+my ($null_provider, $default_avail, $null_avail);
+
+$null_provider = Net::SSLeay::OSSL_PROVIDER_try_load(undef, 'null', 1);
+ok($null_provider, 'try_load("null", retain_fallbacks = 1) returns a pointer');
+
+$default_avail = Net::SSLeay::OSSL_PROVIDER_available(undef, 'default');
+is($default_avail, 1, 'default provider automatically loaded after try_load("null", retain_fallbacks = 1)');
+
+$null_avail = Net::SSLeay::OSSL_PROVIDER_available(undef, 'null');
+is($null_avail, 1, 'null provider loaded after try_load("null", retain_fallbacks = 1)');
diff --git a/t/local/22_provider_try_load_zero_retain.t b/t/local/22_provider_try_load_zero_retain.t
new file mode 100644
index 0000000..ea9ddeb
--- /dev/null
+++ b/t/local/22_provider_try_load_zero_retain.t
@@ -0,0 +1,29 @@
+use lib 'inc';
+
+use Net::SSLeay;
+use Test::Net::SSLeay (initialise_libssl);
+
+# Avoid default provider automatic loading. See 22_provider.t for more
+# information.
+#
+#initialise_libssl(); # Don't do this
+#
+# We use a separate test file so that we get a newly loaded library
+# that still has triggers for automatic loading enabled.
+
+if (defined &Net::SSLeay::OSSL_PROVIDER_load) {
+ plan(tests => 3);
+} else {
+ plan(skip_all => "no support for providers");
+}
+
+my ($null_provider, $default_avail, $null_avail);
+
+$null_provider = Net::SSLeay::OSSL_PROVIDER_try_load(undef, 'null', 0);
+ok($null_provider, 'try_load("null", retain_fallbacks = 0) returns a pointer');
+
+$default_avail = Net::SSLeay::OSSL_PROVIDER_available(undef, 'default');
+is($default_avail, 0, 'default provider not automatically loaded after try_load("null", retain_fallbacks = 0)');
+
+$null_avail = Net::SSLeay::OSSL_PROVIDER_available(undef, 'null');
+is($null_avail, 1, 'null provider loaded after try_load("null", retain_fallbacks = 0)');
diff --git a/t/local/30_error.t b/t/local/30_error.t
index 3f31ccd..8ad1560 100644
--- a/t/local/30_error.t
+++ b/t/local/30_error.t
@@ -1,17 +1,24 @@
use lib 'inc';
use Net::SSLeay;
-use Test::Net::SSLeay qw(initialise_libssl);
+use Test::Net::SSLeay qw(
+ dies_like doesnt_warn initialise_libssl lives_ok warns_like
+);
-eval "use Test::Exception; use Test::Warn; use Test::NoWarnings; 1;";
-if ($@) {
- plan skip_all => 'Requires Test::Exception, Test::Warn and Test::NoWarnings';
-} else {
- plan tests => 11;
-}
+plan tests => 11;
+
+doesnt_warn('tests run without outputting unexpected warnings');
initialise_libssl();
+# See below near 'sub put_err' for more about how error string and
+# erro code contents have changed between library versions.
+my $err_string = "foo $$: 1 - error:10000080:BIO routines:";
+$err_string = "foo $$: 1 - error:20000080:BIO routines:"
+ if Net::SSLeay::SSLeay_version(Net::SSLeay::SSLEAY_VERSION()) =~ m/^OpenSSL 3.0.0-alpha[1-4] /s;
+$err_string = "foo $$: 1 - error:2006D080:BIO routines:"
+ if (Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") || Net::SSLeay::constant("OPENSSL_VERSION_NUMBER") < 0x30000000);
+
# Note, die_now usually just prints the process id and the argument string eg:
# 57611: test
# but on some systems, perhaps if diagnostics are enabled, it might [roduce something like:
@@ -20,7 +27,7 @@ initialise_libssl();
# therefore the qr match strings below have been chnaged so they dont have tooccur at the
# beginning of the line.
{
- throws_ok(sub {
+ dies_like(sub {
Net::SSLeay::die_now('test')
}, qr/$$: test\n$/, 'die_now dies without errors');
@@ -29,12 +36,12 @@ initialise_libssl();
}, 'die_if_ssl_error lives without errors');
put_err();
- throws_ok(sub {
+ dies_like(sub {
Net::SSLeay::die_now('test');
}, qr/$$: test\n$/, 'die_now dies with errors');
put_err();
- throws_ok(sub {
+ dies_like(sub {
Net::SSLeay::die_if_ssl_error('test');
}, qr/$$: test\n$/, 'die_if_ssl_error dies with errors');
}
@@ -42,7 +49,7 @@ initialise_libssl();
{
local $Net::SSLeay::trace = 1;
- throws_ok(sub {
+ dies_like(sub {
Net::SSLeay::die_now('foo');
}, qr/$$: foo\n$/, 'die_now dies without arrors and with trace');
@@ -51,26 +58,46 @@ initialise_libssl();
}, 'die_if_ssl_error lives without errors and with trace');
put_err();
- warning_like(sub {
- throws_ok(sub {
+ warns_like(sub {
+ dies_like(sub {
Net::SSLeay::die_now('foo');
}, qr/^$$: foo\n$/, 'die_now dies with errors and trace');
- }, qr/foo $$: 1 - error:2006d080/i, 'die_now raises warnings about the occurred error when tracing');
+ }, qr/$err_string/i, 'die_now raises warnings about the occurred error when tracing');
put_err();
- warning_like(sub {
- throws_ok(sub {
+ warns_like(sub {
+ dies_like(sub {
Net::SSLeay::die_if_ssl_error('foo');
}, qr/^$$: foo\n$/, 'die_if_ssl_error dies with errors and trace');
- }, qr/foo $$: 1 - error:2006d080/i, 'die_if_ssl_error raises warnings about the occurred error when tracing');
+ }, qr/$err_string/i, 'die_if_ssl_error raises warnings about the occurred error when tracing');
}
+# The resulting error strings looks something like below. The number
+# after 'foo' is the process id. OpenSSL 3.0.0 drops function name and
+# changes how error code is packed.
+# - OpenSSL 3.0.0: foo 61488: 1 - error:10000080:BIO routines::no such file
+# - OpenSSL 3.0.0-alpha5: foo 16380: 1 - error:10000080:BIO routines::no such file
+# - OpenSSL 3.0.0-alpha1: foo 16293: 1 - error:20000080:BIO routines::no such file
+# - OpenSSL 1.1.1l: foo 61202: 1 - error:2006D080:BIO routines:BIO_new_file:no such file
+# - OpenSSL 1.1.0l: foo 61295: 1 - error:2006D080:BIO routines:BIO_new_file:no such file
+# - OpenSSL 1.0.2u: foo 61400: 1 - error:2006D080:BIO routines:BIO_new_file:no such file
+# - OpenSSL 1.0.1u: foo 13621: 1 - error:2006D080:BIO routines:BIO_new_file:no such file
+# - OpenSSL 1.0.0t: foo 14349: 1 - error:2006D080:BIO routines:BIO_new_file:no such file
+# - OpenSSL 0.9.8zh: foo 14605: 1 - error:2006D080:BIO routines:BIO_new_file:no such file
+# - OpenSSL 0.9.8f: foo 14692: 1 - error:2006D080:BIO routines:BIO_new_file:no such file
+#
+# 1.1.1 series and earlier create error by ORing together lib, func
+# and reason with 24 bit left shift, 12 bit left shift and without bit
+# shift, respectively.
+# 3.0.0 alpha1 drops function name from error string and alpha5
+# changes bit shift of lib to 23.
+# LibreSSL 2.5.1 drops function name from error string.
sub put_err {
Net::SSLeay::ERR_put_error(
- 32, #lib
- 109, #func
- 128, #reason
- 1, #file
- 1, #line
+ 32, #lib - 0x20 ERR_LIB_BIO 'BIO routines'
+ 109, #func - 0x6D BIO_F_BIO_NEW_FILE 'BIO_new_file'
+ 128, #reason - 0x80 BIO_R_NO_SUCH_FILE 'no such file'
+ 1, #file - file name (not packed into error code)
+ 1, #line - line number (not packed into error code)
);
}
diff --git a/t/local/31_rsa_generate_key.t b/t/local/31_rsa_generate_key.t
index 3a1efb3..dec3e80 100644
--- a/t/local/31_rsa_generate_key.t
+++ b/t/local/31_rsa_generate_key.t
@@ -1,14 +1,9 @@
use lib 'inc';
use Net::SSLeay;
-use Test::Net::SSLeay qw(initialise_libssl);
+use Test::Net::SSLeay qw( dies_like initialise_libssl lives_ok );
-eval 'use Test::Exception';
-if ($@) {
- plan skip_all => 'Test::Exception required';
-} else {
- plan tests => 14;
-}
+plan tests => 14;
initialise_libssl();
@@ -16,9 +11,9 @@ lives_ok(sub {
Net::SSLeay::RSA_generate_key(2048, 0x10001);
}, 'RSA_generate_key with valid callback');
-dies_ok(sub {
+dies_like(sub {
Net::SSLeay::RSA_generate_key(2048, 0x10001, 1);
-}, 'RSA_generate_key with invalid callback');
+}, qr/Undefined subroutine &main::1 called/, 'RSA_generate_key with invalid callback');
{
my $called = 0;
diff --git a/t/local/32_x509_get_cert_info.t b/t/local/32_x509_get_cert_info.t
index a1697ff..1f0f20a 100644
--- a/t/local/32_x509_get_cert_info.t
+++ b/t/local/32_x509_get_cert_info.t
@@ -8,8 +8,8 @@ use Test::Net::SSLeay qw(
use lib '.';
my $tests = ( is_openssl() && Net::SSLeay::SSLeay < 0x10100003 ) || is_libressl()
- ? 721
- : 724;
+ ? 723
+ : 726;
plan tests => $tests;
@@ -190,7 +190,7 @@ for my $f (keys (%$dump)) {
Net::SSLeay::SSLeay < 0x30000000
|| (
Net::SSLeay::SSLeay == 0x30000000
- && Net::SSLeay::SSLeay_version( Net::SSLeay::SSLEAY_VERSION() ) =~ /-alpha1/
+ && Net::SSLeay::SSLeay_version( Net::SSLeay::SSLEAY_VERSION() ) =~ /-alpha1\ /
)
)
) {
@@ -373,8 +373,8 @@ Net::SSLeay::X509_STORE_CTX_set_cert($ctx,$x509);
my $ca_filename = data_file_path('root-ca.cert.pem');
my $ca_bio = Net::SSLeay::BIO_new_file($ca_filename, 'rb');
my $ca_x509 = Net::SSLeay::PEM_read_bio_X509($ca_bio);
-Net::SSLeay::X509_STORE_add_cert($x509_store,$ca_x509);
-Net::SSLeay::X509_STORE_CTX_init($ctx, $x509_store, $x509);
+is (Net::SSLeay::X509_STORE_add_cert($x509_store,$ca_x509), 1, 'X509_STORE_add_cert');
+is (Net::SSLeay::X509_STORE_CTX_init($ctx, $x509_store, $x509), 1, 'X509_STORE_CTX_init');
SKIP: {
skip('X509_STORE_CTX_get0_cert requires OpenSSL 1.1.0-pre5+ or LibreSSL 2.7.0+', 1) unless defined (&Net::SSLeay::X509_STORE_CTX_get0_cert);
ok (my $x509_from_cert = Net::SSLeay::X509_STORE_CTX_get0_cert($ctx),'Get x509 from store ctx');
diff --git a/t/local/33_x509_create_cert.t b/t/local/33_x509_create_cert.t
index 3c5a2e8..3cad034 100755
--- a/t/local/33_x509_create_cert.t
+++ b/t/local/33_x509_create_cert.t
@@ -9,6 +9,13 @@ plan tests => 139;
initialise_libssl();
+if (defined &Net::SSLeay::OSSL_PROVIDER_load)
+{
+ my $provider = Net::SSLeay::OSSL_PROVIDER_load(undef, 'legacy');
+ diag('Failed to load legacy provider: PEM_get_string_PrivateKey may fail')
+ unless $provider;
+}
+
my $ca_crt_pem = data_file_path('root-ca.cert.pem');
my $ca_key_pem = data_file_path('root-ca.key.pem');
diff --git a/t/local/36_verify.t b/t/local/36_verify.t
index 0b84461..22017e5 100644
--- a/t/local/36_verify.t
+++ b/t/local/36_verify.t
@@ -7,7 +7,7 @@ use Test::Net::SSLeay qw(
can_fork data_file_path initialise_libssl is_libressl is_openssl tcp_socket
);
-plan tests => 103;
+plan tests => 105;
initialise_libssl();
@@ -40,9 +40,18 @@ SKIP: {
SKIP: {
skip 'openssl-0.9.8a required', 3 unless Net::SSLeay::SSLeay >= 0x0090801f;
- ok(Net::SSLeay::X509_VERIFY_PARAM_get_flags($pm) == Net::SSLeay::X509_V_FLAG_ALLOW_PROXY_CERTS(), 'X509_VERIFY_PARAM_get_flags');
+
+ # From version 3.3.2, LibreSSL signals the use of its legacy X.509 verifier
+ # via the X509_V_FLAG_LEGACY_VERIFY flag; this flag persists even after
+ # X509_VERIFY_PARAM_clear_flags() is called
+ my $base_flags =
+ is_libressl() && Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") >= 0x3030200f
+ ? Net::SSLeay::X509_V_FLAG_LEGACY_VERIFY()
+ : 0;
+
+ ok(Net::SSLeay::X509_VERIFY_PARAM_get_flags($pm) == ($base_flags | Net::SSLeay::X509_V_FLAG_ALLOW_PROXY_CERTS()), 'X509_VERIFY_PARAM_get_flags');
ok(Net::SSLeay::X509_VERIFY_PARAM_clear_flags($pm, Net::SSLeay::X509_V_FLAG_ALLOW_PROXY_CERTS()), 'X509_VERIFY_PARAM_clear_flags');
- ok(Net::SSLeay::X509_VERIFY_PARAM_get_flags($pm) == 0, 'X509_VERIFY_PARAM_get_flags');
+ ok(Net::SSLeay::X509_VERIFY_PARAM_get_flags($pm) == ($base_flags | 0), 'X509_VERIFY_PARAM_get_flags');
};
SKIP: {
@@ -86,8 +95,8 @@ SKIP: {
$server = tcp_socket();
- run_server();
- $server->close();
+ run_server(); # Forks: child does not return
+ $server->close() || die("client listen socket close: $!");
client();
}
@@ -223,7 +232,7 @@ sub verify_local_trust {
ok(my $store = Net::SSLeay::X509_STORE_new(), "X509_STORE_new creates new store");
ok(Net::SSLeay::X509_STORE_add_cert($store, $ca), "X509_STORE_add_cert CA cert");
ok(my $ctx = Net::SSLeay::X509_STORE_CTX_new(), "X509_STORE_CTX_new creates new store context");
- Net::SSLeay::X509_STORE_CTX_init($ctx, $store, $cert);
+ is(Net::SSLeay::X509_STORE_CTX_init($ctx, $store, $cert), 1, 'X509_STORE_CTX_init succeeds');
ok(!Net::SSLeay::X509_verify_cert($ctx), 'X509_verify_cert correctly fails');
is(Net::SSLeay::X509_STORE_CTX_get_error($ctx),
Net::SSLeay::X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY(), "X509_STORE_CTX_get_error returns unable to get local issuer certificate");
@@ -241,7 +250,7 @@ sub verify_local_trust {
ok($store = Net::SSLeay::X509_STORE_new(), "X509_STORE_new creates new store");
ok(Net::SSLeay::X509_STORE_add_cert($store, $ca), "X509_STORE_add_cert CA cert");
ok($ctx = Net::SSLeay::X509_STORE_CTX_new(), "X509_STORE_CTX_new creates new store context");
- Net::SSLeay::X509_STORE_CTX_init($ctx, $store, $cert, $x509_sk);
+ is(Net::SSLeay::X509_STORE_CTX_init($ctx, $store, $cert, $x509_sk), 1, 'X509_STORE_CTX_init succeeds');
ok(Net::SSLeay::X509_verify_cert($ctx), 'X509_verify_cert correctly succeeds');
is(Net::SSLeay::X509_STORE_CTX_get_error($ctx), Net::SSLeay::X509_V_OK(), "X509_STORE_CTX_get_error returns ok");
Net::SSLeay::X509_STORE_free($store);
@@ -295,7 +304,7 @@ sub client {
test_wildcard_checks($ctx, $cl) if $task eq 'wildcard_checks';
last if $task eq 'finish'; # Leaves $cl alive
- close($cl);
+ close($cl) || die("client close: $!");
}
# Tell the server to quit and see that our connection is still up
@@ -307,6 +316,8 @@ sub client {
Net::SSLeay::ssl_write_all($ssl, $end);
Net::SSLeay::shutdown($ssl);
ok($end eq Net::SSLeay::ssl_read_all($ssl), 'Successful termination');
+ Net::SSLeay::free($ssl);
+ close($cl) || die("client final close: $!");
return;
}
@@ -348,6 +359,10 @@ sub run_server
if (defined $msg and $msg eq 'end')
{
Net::SSLeay::ssl_write_all($ssl, 'end');
+ Net::SSLeay::shutdown($ssl);
+ Net::SSLeay::free($ssl);
+ close($cl) || die("server close: $!");
+ $server->close() || die("server listen socket close: $!");
exit (0);
}
}
diff --git a/t/local/39_pkcs12.t b/t/local/39_pkcs12.t
index 5c7fb8b..5083331 100644
--- a/t/local/39_pkcs12.t
+++ b/t/local/39_pkcs12.t
@@ -3,7 +3,7 @@ use lib 'inc';
use Net::SSLeay;
use Test::Net::SSLeay qw( data_file_path initialise_libssl );
-plan tests => 19;
+plan tests => 17;
initialise_libssl();
@@ -36,12 +36,24 @@ my $filename3 = data_file_path('simple-cert.p12');
my $ca1_subj_name = Net::SSLeay::X509_get_subject_name($cachain[0]);
my $ca2_subj_name = Net::SSLeay::X509_get_subject_name($cachain[1]);
is(Net::SSLeay::X509_NAME_oneline($subj_name), '/C=PL/O=Net-SSLeay/OU=Test Suite/CN=simple-cert.net-ssleay.example', "X509_NAME_oneline [2/1]");
- like(Net::SSLeay::X509_NAME_oneline($ca1_subj_name), qr/C=.*CN=.*/, "X509_NAME_oneline [2/2]");
- like(Net::SSLeay::X509_NAME_oneline($ca2_subj_name), qr/C=.*CN=.*/, "X509_NAME_oneline [2/3]");
- SKIP: {
- skip("cert order in CA chain is different in openssl pre-1.0.0", 2) unless Net::SSLeay::SSLeay >= 0x01000000;
- is(Net::SSLeay::X509_NAME_oneline($ca1_subj_name), '/C=PL/O=Net-SSLeay/OU=Test Suite/CN=Root CA', "X509_NAME_oneline [2/4]");
- is(Net::SSLeay::X509_NAME_oneline($ca2_subj_name), '/C=PL/O=Net-SSLeay/OU=Test Suite/CN=Intermediate CA', "X509_NAME_oneline [2/5]");
+ # OpenSSL versions 1.0.0-beta2 to 3.0.0-alpha6 inclusive and all versions of
+ # LibreSSL return the CA certificate chain with the root CA certificate at the
+ # end; all other versions return the certificate chain with the root CA
+ # certificate at the start
+ if (
+ Net::SSLeay::SSLeay < 0x10000002
+ || (
+ Net::SSLeay::SSLeay == 0x30000000
+ && Net::SSLeay::SSLeay_version( Net::SSLeay::SSLEAY_VERSION() ) !~ /-alpha[1-6] /
+ )
+ || Net::SSLeay::SSLeay > 0x30000000
+ ) {
+ is(Net::SSLeay::X509_NAME_oneline($ca1_subj_name), '/C=PL/O=Net-SSLeay/OU=Test Suite/CN=Intermediate CA', "X509_NAME_oneline [2/3]");
+ is(Net::SSLeay::X509_NAME_oneline($ca2_subj_name), '/C=PL/O=Net-SSLeay/OU=Test Suite/CN=Root CA', "X509_NAME_oneline [2/4]");
+ }
+ else {
+ is(Net::SSLeay::X509_NAME_oneline($ca1_subj_name), '/C=PL/O=Net-SSLeay/OU=Test Suite/CN=Root CA', "X509_NAME_oneline [2/3]");
+ is(Net::SSLeay::X509_NAME_oneline($ca2_subj_name), '/C=PL/O=Net-SSLeay/OU=Test Suite/CN=Intermediate CA', "X509_NAME_oneline [2/4]");
}
}
diff --git a/t/local/40_npn_support.t b/t/local/40_npn_support.t
index e7c9c34..ea2d09b 100644
--- a/t/local/40_npn_support.t
+++ b/t/local/40_npn_support.t
@@ -58,8 +58,8 @@ my @results;
Net::SSLeay::ssl_write_all($ssl, uc($got));
Net::SSLeay::free($ssl);
Net::SSLeay::CTX_free($ctx);
- close $ns;
- $server->close();
+ close($ns) || die("server close: $!");
+ $server->close() || die("server listen socket close: $!");
exit;
}
}
@@ -84,7 +84,8 @@ my @results;
Net::SSLeay::free($ssl1);
Net::SSLeay::CTX_free($ctx1);
- close $s1;
+ close($s1) || die("client close: $!");
+ $server->close() || die("client listen socket close: $!");
}
waitpid $pid, 0;
diff --git a/t/local/41_alpn_support.t b/t/local/41_alpn_support.t
index 052d17d..c3d5aa0 100644
--- a/t/local/41_alpn_support.t
+++ b/t/local/41_alpn_support.t
@@ -63,8 +63,8 @@ my @results;
Net::SSLeay::ssl_write_all($ssl, uc($got));
Net::SSLeay::free($ssl);
Net::SSLeay::CTX_free($ctx);
- close $ns;
- $server->close();
+ close($ns) || die("server close: $!");
+ $server->close() || die("server listen socket close: $!");
exit;
}
}
@@ -88,7 +88,8 @@ my @results;
Net::SSLeay::free($ssl1);
Net::SSLeay::CTX_free($ctx1);
- close $s1;
+ close($s1) || die("client close: $!");
+ $server->close() || die("client listen socket close: $!");
}
waitpid $pid, 0;
diff --git a/t/local/42_info_callback.t b/t/local/42_info_callback.t
index 6f6afdb..8ddcb0c 100644
--- a/t/local/42_info_callback.t
+++ b/t/local/42_info_callback.t
@@ -36,7 +36,9 @@ my $server = tcp_socket();
for(1,2) {
last if Net::SSLeay::shutdown($ssl)>0;
}
+ close($cl) || die("server close: $!");
}
+ $server->close() || die("server listen socket close: $!");
exit;
}
}
@@ -90,6 +92,8 @@ sub client {
} else {
fail("$where: @states");
}
+ close($cl) || die("client close: $!");
+
}
my $expect = qr{^
@@ -101,5 +105,6 @@ my $expect = qr{^
client('ctx',$expect);
client('ssl',$expect);
+$server->close() || die("client listen socket close: $!");
waitpid $pid, 0;
diff --git a/t/local/43_misc_functions.t b/t/local/43_misc_functions.t
index c67df75..09effc8 100644
--- a/t/local/43_misc_functions.t
+++ b/t/local/43_misc_functions.t
@@ -35,12 +35,19 @@ our %tls_1_2_aead_cipher_to_keyblock_size = (
'AES256-GCM-SHA384' => 88,
);
-our %tls_1_3_aead_cipher_to_keyblock_size = (
- # Only in TLS 1.3
- 'TLS_AES_128_GCM_SHA256' => 56,
- 'TLS_AES_256_GCM_SHA384' => 88,
- 'TLS_CHACHA20_POLY1305_SHA256' => 88,
- );
+# LibreSSL uses different names for the TLSv1.3 ciphersuites:
+our %tls_1_3_aead_cipher_to_keyblock_size =
+ is_libressl()
+ ? (
+ 'AEAD-AES128-GCM-SHA256' => 56,
+ 'AEAD-AES256-GCM-SHA384' => 88,
+ 'AEAD-CHACHA20-POLY1305-SHA256' => 88,
+ )
+ : (
+ 'TLS_AES_128_GCM_SHA256' => 56,
+ 'TLS_AES_256_GCM_SHA384' => 88,
+ 'TLS_CHACHA20_POLY1305_SHA256' => 88,
+ );
# Combine the AEAD hashes
our %aead_cipher_to_keyblock_size = (%tls_1_2_aead_cipher_to_keyblock_size, %tls_1_3_aead_cipher_to_keyblock_size);
@@ -48,14 +55,14 @@ our %aead_cipher_to_keyblock_size = (%tls_1_2_aead_cipher_to_keyblock_size, %tls
# Combine the hashes
our %cipher_to_keyblock_size = (%non_aead_cipher_to_keyblock_size, %aead_cipher_to_keyblock_size);
-our %version_str2int =
- (
- 'SSLv3' => sub {return eval {Net::SSLeay::SSL3_VERSION();}},
- 'TLSv1' => sub {return eval {Net::SSLeay::TLS1_VERSION();}},
- 'TLSv1.1' => sub {return eval {Net::SSLeay::TLS1_1_VERSION();}},
- 'TLSv1.2' => sub {return eval {Net::SSLeay::TLS1_2_VERSION();}},
- 'TLSv1.3' => sub {return eval {Net::SSLeay::TLS1_3_VERSION();}},
- );
+our %version_str2int = (
+ 'SSLv3' => sub { return eval { Net::SSLeay::SSL3_VERSION(); } },
+ 'TLSv1' => sub { return eval { Net::SSLeay::TLS1_VERSION(); } },
+ 'TLSv1.1' => sub { return eval { Net::SSLeay::TLS1_1_VERSION(); } },
+ 'TLSv1.2' => sub { return eval { Net::SSLeay::TLS1_2_VERSION(); } },
+ # LibreSSL >= 3.2.0 implements TLSv1.3, but doesn't define TLS1_3_VERSION
+ 'TLSv1.3' => sub { return is_libressl() ? 0x0304 : eval { Net::SSLeay::TLS1_3_VERSION(); } },
+);
# Tests that don't need a connection
client_test_ciphersuites();
@@ -96,6 +103,10 @@ my $server = tcp_socket();
# Echo back the termination request from client
my $end = Net::SSLeay::read($ssl);
Net::SSLeay::write($ssl, $end);
+ Net::SSLeay::shutdown($ssl);
+ Net::SSLeay::free($ssl);
+ close($cl) || die("server close: $!");
+ $server->close() || die("server listen socket close: $!");
exit(0);
}
}
@@ -121,6 +132,10 @@ sub client {
my $end = "end";
Net::SSLeay::write($ssl, $end);
ok($end eq Net::SSLeay::read($ssl), 'Successful termination');
+ Net::SSLeay::shutdown($ssl);
+ Net::SSLeay::free($ssl);
+ close($cl) || die("client close: $!");
+ $server->close() || die("client listen socket close: $!");
return;
}
@@ -245,6 +260,17 @@ sub client_test_ciphersuites
my $ciphersuites = join(':', keys(%tls_1_3_aead_cipher_to_keyblock_size));
+ # In OpenSSL 3.0.0 alpha 11 (commit c1e8a0c66e32b4144fdeb49bd5ff7acb76df72b9)
+ # SSL_CTX_set_ciphersuites() and SSL_set_ciphersuites() were
+ # changed to ignore unknown ciphers
+ my $ret_partially_bad_ciphersuites = 1;
+ if (Net::SSLeay::SSLeay() == 0x30000000) {
+ my $ssleay_version = Net::SSLeay::SSLeay_version(Net::SSLeay::SSLEAY_VERSION());
+ $ret_partially_bad_ciphersuites = 0 if ($ssleay_version =~ m/-alpha(\d+)/s) && $1 < 11;
+ } elsif (Net::SSLeay::SSLeay() < 0x30000000) {
+ $ret_partially_bad_ciphersuites = 0;
+ }
+
my ($ctx, $rv, $ssl);
$ctx = Net::SSLeay::CTX_new();
$rv = Net::SSLeay::CTX_set_ciphersuites($ctx, $ciphersuites);
@@ -257,7 +283,7 @@ sub client_test_ciphersuites
};
is($rv, 1, 'CTX set undef ciphersuites');
$rv = Net::SSLeay::CTX_set_ciphersuites($ctx, 'nosuchthing:' . $ciphersuites);
- is($rv, 0, 'CTX set partially bad ciphersuites');
+ is($rv, $ret_partially_bad_ciphersuites, 'CTX set partially bad ciphersuites');
$rv = Net::SSLeay::CTX_set_ciphersuites($ctx, 'nosuchthing:');
is($rv, 0, 'CTX set bad ciphersuites');
@@ -272,7 +298,7 @@ sub client_test_ciphersuites
};
is($rv, 1, 'SSL set undef ciphersuites');
$rv = Net::SSLeay::set_ciphersuites($ssl, 'nosuchthing:' . $ciphersuites);
- is($rv, 0, 'SSL set partially bad ciphersuites');
+ is($rv, $ret_partially_bad_ciphersuites, 'SSL set partially bad ciphersuites');
$rv = Net::SSLeay::set_ciphersuites($ssl, 'nosuchthing:');
is($rv, 0, 'SSL set bad ciphersuites');
diff --git a/t/local/44_sess.t b/t/local/44_sess.t
index 36603a0..ce14422 100644
--- a/t/local/44_sess.t
+++ b/t/local/44_sess.t
@@ -163,6 +163,8 @@ sub server
$ctx = new_ctx( $proto, $proto );
+ Net::SSLeay::CTX_set_security_level($ctx, 0)
+ if Net::SSLeay::SSLeay() >= 0x30000000 && ($proto eq 'TLSv1' || $proto eq 'TLSv1.1');
Net::SSLeay::set_cert_and_key($ctx, $cert_pem, $key_pem);
Net::SSLeay::CTX_set_session_cache_mode($ctx, Net::SSLeay::SESS_CACHE_SERVER());
# Need OP_NO_TICKET to enable server side (Session ID based) resumption.
@@ -212,6 +214,7 @@ sub server
Net::SSLeay::SESSION_free($sess) unless $ret; # Not cached, undo get1
Net::SSLeay::free($ssl);
+ close($cl) || die("server close: $!");
}
$cl = $server->accept();
@@ -219,9 +222,8 @@ sub server
print $cl "end\n";
print $cl unpack( 'H*', Storable::freeze(\%server_stats) ), "\n";
- close $cl;
-
- $server->close();
+ close($cl) || die("server close stats socket: $!");
+ $server->close() || die("server listen socket close: $!");
#use Data::Dumper; print "Server:\n" . Dumper(\%server_stats);
exit(0);
@@ -243,6 +245,8 @@ sub client {
$ctx = new_ctx( $proto, $proto );
+ Net::SSLeay::CTX_set_security_level($ctx, 0)
+ if Net::SSLeay::SSLeay() >= 0x30000000 && ($proto eq 'TLSv1' || $proto eq 'TLSv1.1');
Net::SSLeay::CTX_set_session_cache_mode($ctx, Net::SSLeay::SESS_CACHE_CLIENT());
Net::SSLeay::CTX_set_options($ctx, Net::SSLeay::OP_ALL());
Net::SSLeay::CTX_sess_set_new_cb($ctx, sub {client_new_cb(@_, $ctx, $round);});
@@ -250,7 +254,10 @@ sub client {
$ssl = Net::SSLeay::new($ctx);
Net::SSLeay::set_fd($ssl, $cl);
- Net::SSLeay::connect($ssl);
+ my $ret = Net::SSLeay::connect($ssl);
+ if ($ret <= 0) {
+ diag("Protocol $proto, connect() returns $ret, Error: ".Net::SSLeay::ERR_error_string(Net::SSLeay::ERR_get_error()));
+ }
my $msg = Net::SSLeay::read($ssl);
#print "server said: $msg\n";
@@ -267,6 +274,7 @@ sub client {
Net::SSLeay::shutdown($ssl);
Net::SSLeay::free($ssl);
+ close($cl) || die("client close: $!");
}
$cl = $server->connect();
@@ -276,7 +284,9 @@ sub client {
# Stats from server
chomp( my $server_stats = <$cl> );
my $server_stats_ref = Storable::thaw( pack( 'H*', $server_stats ) );
- close $cl;
+
+ close($cl) || die("client close stats socket: $!");
+ $server->close() || die("client listen socket close: $!");
test_stats($server_stats_ref, \%client_stats);
diff --git a/t/local/45_exporter.t b/t/local/45_exporter.t
index 2e3efdb..aaacc7b 100644
--- a/t/local/45_exporter.t
+++ b/t/local/45_exporter.t
@@ -56,6 +56,8 @@ sub server
$ctx = new_ctx( $round, $round );
+ Net::SSLeay::CTX_set_security_level($ctx, 0)
+ if Net::SSLeay::SSLeay() >= 0x30000000 && ($round eq 'TLSv1' || $round eq 'TLSv1.1');
Net::SSLeay::set_cert_and_key($ctx, $cert_pem, $key_pem);
$ssl = Net::SSLeay::new($ctx);
Net::SSLeay::set_fd($ssl, fileno($cl));
@@ -66,7 +68,9 @@ sub server
Net::SSLeay::shutdown($ssl);
Net::SSLeay::free($ssl);
+ close($cl) || die("server close: $!");
}
+ $server->close() || die("server listen socket close: $!");
exit(0);
}
}
@@ -78,9 +82,14 @@ sub client {
my $cl = $server->connect();
my $ctx = new_ctx( $round, $round );
+ Net::SSLeay::CTX_set_security_level($ctx, 0)
+ if Net::SSLeay::SSLeay() >= 0x30000000 && ($round eq 'TLSv1' || $round eq 'TLSv1.1');
my $ssl = Net::SSLeay::new($ctx);
Net::SSLeay::set_fd( $ssl, $cl );
- Net::SSLeay::connect($ssl);
+ my $ret = Net::SSLeay::connect($ssl);
+ if ($ret <= 0) {
+ diag("Protocol $round, connect() returns $ret, Error: ".Net::SSLeay::ERR_error_string(Net::SSLeay::ERR_get_error()));
+ }
my $msg = Net::SSLeay::read($ssl);
@@ -90,6 +99,7 @@ sub client {
Net::SSLeay::shutdown($ssl);
Net::SSLeay::free($ssl);
+ close($cl) || die("client close: $!");
}
else {
SKIP: {
@@ -97,6 +107,7 @@ sub client {
}
}
}
+ $server->close() || die("client listen socket close: $!");
return 1;
}
diff --git a/t/local/46_msg_callback.t b/t/local/46_msg_callback.t
new file mode 100644
index 0000000..587e5a0
--- /dev/null
+++ b/t/local/46_msg_callback.t
@@ -0,0 +1,114 @@
+use lib 'inc';
+
+use Net::SSLeay;
+use Test::Net::SSLeay qw(
+ can_fork data_file_path initialise_libssl new_ctx tcp_socket
+);
+
+if (not can_fork()) {
+ plan skip_all => "fork() not supported on this system";
+} else {
+ plan tests => 10;
+}
+
+initialise_libssl();
+
+my $pid;
+alarm(30);
+END { kill 9,$pid if $pid }
+
+my $server = tcp_socket();
+
+{
+ # SSL server - just handle single connect and shutdown connection
+ my $cert_pem = data_file_path('simple-cert.cert.pem');
+ my $key_pem = data_file_path('simple-cert.key.pem');
+
+ defined($pid = fork()) or BAIL_OUT("failed to fork: $!");
+ if ($pid == 0) {
+ for(qw(ctx ssl)) {
+ my $cl = $server->accept();
+ my $ctx = new_ctx();
+ Net::SSLeay::set_cert_and_key($ctx, $cert_pem, $key_pem);
+ my $ssl = Net::SSLeay::new($ctx);
+ Net::SSLeay::set_fd($ssl, fileno($cl));
+ Net::SSLeay::accept($ssl);
+ for(1,2) {
+ last if Net::SSLeay::shutdown($ssl)>0;
+ }
+ close($cl) || die("server close: $!");
+ }
+ $server->close() || die("server listen socket close: $!");
+ exit;
+ }
+}
+
+sub client {
+ my ($where) = @_;
+ # SSL client - connect and shutdown, all the while getting state updates
+ # with info callback
+
+ my @cb_data;
+ my @states;
+ my $msgcb = sub {
+ my ($write_p,$version,$content_type,$buf,$len,$ssl,$cb_data) = @_;
+ # buffer is of course randomized/timestamped, this is hard to test, so
+ # skip this
+ my $hex_buf = unpack("H*", $buf||'');
+
+ # version appears to be different running in different test envs that
+ # have a different openssl version, so we skip that too. This isn't a
+ # good test for that, and it's not up to Net::SSLeay to make all
+ # openssl implementations look the same
+
+ # the 3 things this sub needs to do:
+ # 1. not die
+ # 2. no memory leak
+ # 3. provide information
+ #
+ # The validness of the buffer can be checked, so we use this as a
+ # validation instead. This selftest is not here to validate the
+ # protocol and the intricacies of the possible implementation or
+ # version (ssl3 vs tls1 etc)
+
+ push @states,(defined $buf and length($buf) == $len)||0;
+
+ # cb_data can act as a check
+ push @cb_data, $cb_data;
+ };
+
+ my $cl = $server->connect();
+ my $ctx = new_ctx();
+ Net::SSLeay::CTX_set_options($ctx, &Net::SSLeay::OP_ALL);
+ Net::SSLeay::CTX_set_msg_callback($ctx, $msgcb, "CB_DATA") if $where eq 'ctx';
+ my $ssl = Net::SSLeay::new($ctx);
+ Net::SSLeay::set_fd($ssl, $cl);
+ Net::SSLeay::set_msg_callback($ssl, $msgcb, "CB_DATA") if $where eq 'ssl';
+ Net::SSLeay::connect($ssl);
+ for(1,2) {
+ last if Net::SSLeay::shutdown($ssl)>0;
+ }
+ close($cl) || die("client close: $!");
+
+ ok(scalar(@states) > 1, "at least 2 messages logged: $where");
+ my $all_ok = 1;
+ $all_ok &= $_ for @states;
+ is($all_ok, 1, "all states are OK: length(buf) = len for $where");
+
+ ok(scalar(@cb_data) > 1, "all cb data SV's are OK for $where (at least 2)");
+ my $all_cb_data_ok = 0;
+ $all_cb_data_ok++ for grep {$_ eq "CB_DATA"} grep {defined} @cb_data;
+ is(scalar(@cb_data), $all_cb_data_ok, "all cb data SV's are OK for $where");
+
+ eval {
+ Net::SSLeay::CTX_set_msg_callback($ctx, undef) if $where eq 'ctx';
+ Net::SSLeay::set_msg_callback($ssl, undef) if $where eq 'ssl';
+ };
+ is($@, '', "no error during set_msg_callback() for $where");
+}
+
+client('ctx');
+client('ssl');
+$server->close() || die("client listen socket close: $!");
+waitpid $pid, 0;
+
diff --git a/typemap b/typemap
index 373e711..c0547c6 100644
--- a/typemap
+++ b/typemap
@@ -81,6 +81,9 @@ cb_ssl_int_int_ret_void * T_PTR
cb_ssl_int_int_ret_RSA * T_PTR
cb_ssl_int_int_ret_DH * T_PTR
perl_filehandle_t T_PERL_IO_HANDLE
+OSSL_LIB_CTX * T_PTR
+OSSL_PROVIDER * T_PTR
+const OSSL_PROVIDER * T_PTR
INPUT
Reference in New Issue View Git Blame Copy Permalink