diff options
| author | Garrett D'Amore <garrett@damore.org> | 2024-11-23 11:03:17 -0800 |
|---|---|---|
| committer | Garrett D'Amore <garrett@damore.org> | 2024-11-23 11:03:17 -0800 |
| commit | b4ef0f3b1f365beb76a7c1bc1b6ae455cb58dfbc (patch) | |
| tree | 010c9dff14bcbe0a5ee5d3b0f56b8ba6d27f6de7 /src | |
| parent | 0421d8e9b0461c7bf9025dd736529aaf5f0fda9d (diff) | |
| download | nng-b4ef0f3b1f365beb76a7c1bc1b6ae455cb58dfbc.tar.gz nng-b4ef0f3b1f365beb76a7c1bc1b6ae455cb58dfbc.tar.bz2 nng-b4ef0f3b1f365beb76a7c1bc1b6ae455cb58dfbc.zip | |
tls: include error code from mbed in log messages
Also add a test case for mismatch verify.
Diffstat (limited to 'src')
| -rw-r--r-- | src/sp/transport/tls/tls_tran_test.c | 44 | ||||
| -rw-r--r-- | src/supplemental/tls/mbedtls/tls.c | 2 |
2 files changed, 41 insertions, 5 deletions
diff --git a/src/sp/transport/tls/tls_tran_test.c b/src/sp/transport/tls/tls_tran_test.c index d1a118ec..c6889b23 100644 --- a/src/sp/transport/tls/tls_tran_test.c +++ b/src/sp/transport/tls/tls_tran_test.c @@ -55,7 +55,6 @@ test_tls_port_zero_bind(void) nng_sockaddr sa; nng_listener l; nng_dialer d; - char addr[NNG_MAXADDRSTRLEN]; const nng_url *url; c1 = tls_server_config(); @@ -66,14 +65,12 @@ test_tls_port_zero_bind(void) NUTS_PASS(nng_listener_set_tls(l, c1)); NUTS_PASS(nng_listener_start(l, 0)); NUTS_PASS(nng_listener_get_url(l, &url)); - nng_url_sprintf(addr, sizeof(addr), url); NUTS_MATCH(nng_url_scheme(url), "tls+tcp"); - NUTS_TRUE(memcmp(addr, "tls+tcp://", 6) == 0); NUTS_PASS(nng_listener_get_addr(l, NNG_OPT_LOCADDR, &sa)); NUTS_TRUE(sa.s_in.sa_family == NNG_AF_INET); NUTS_TRUE(sa.s_in.sa_port != 0); NUTS_TRUE(sa.s_in.sa_addr = nuts_be32(0x7f000001)); - NUTS_PASS(nng_dialer_create(&d, s2, addr)); + NUTS_PASS(nng_dialer_create_url(&d, s2, url)); NUTS_PASS(nng_dialer_set_tls(d, c2)); NUTS_PASS(nng_dialer_start(d, 0)); NUTS_CLOSE(s2); @@ -83,6 +80,44 @@ test_tls_port_zero_bind(void) } void +test_tls_bad_cert_mutual(void) +{ + nng_socket s1; + nng_socket s2; + nng_tls_config *c1, *c2; + nng_sockaddr sa; + nng_listener l; + nng_dialer d; + const nng_url *url; + + c1 = tls_server_config(); + c2 = tls_client_config(); + + NUTS_ENABLE_LOG(NNG_LOG_DEBUG); + NUTS_OPEN(s1); + NUTS_OPEN(s2); + NUTS_PASS(nng_tls_config_auth_mode(c1, NNG_TLS_AUTH_MODE_REQUIRED)); + // a valid cert, but not the one that signed the config! + NUTS_PASS(nng_tls_config_ca_chain(c1, nuts_ecdsa_server_crt, NULL)); + NUTS_PASS(nng_listener_create(&l, s1, "tls+tcp://127.0.0.1:0")); + NUTS_PASS(nng_listener_set_tls(l, c1)); + NUTS_PASS(nng_listener_start(l, 0)); + NUTS_PASS(nng_listener_get_url(l, &url)); + NUTS_MATCH(nng_url_scheme(url), "tls+tcp"); + NUTS_PASS(nng_listener_get_addr(l, NNG_OPT_LOCADDR, &sa)); + NUTS_TRUE(sa.s_in.sa_family == NNG_AF_INET); + NUTS_TRUE(sa.s_in.sa_port != 0); + NUTS_TRUE(sa.s_in.sa_addr = nuts_be32(0x7f000001)); + NUTS_PASS(nng_dialer_create_url(&d, s2, url)); + NUTS_PASS(nng_dialer_set_tls(d, c2)); + NUTS_FAIL(nng_dialer_start(d, 0), NNG_ECRYPTO); + nng_msleep(50); + NUTS_CLOSE(s2); + NUTS_CLOSE(s1); + nng_tls_config_free(c1); + nng_tls_config_free(c2); +} +void test_tls_malformed_address(void) { nng_socket s1; @@ -285,5 +320,6 @@ NUTS_TESTS = { { "tls keep alive option", test_tls_keep_alive_option }, { "tls recv max", test_tls_recv_max }, { "tls pre-shared key", test_tls_psk }, + { "tsl bad cert mutual", test_tls_bad_cert_mutual }, { NULL, NULL }, }; diff --git a/src/supplemental/tls/mbedtls/tls.c b/src/supplemental/tls/mbedtls/tls.c index 8b62cd7f..9adae588 100644 --- a/src/supplemental/tls/mbedtls/tls.c +++ b/src/supplemental/tls/mbedtls/tls.c @@ -152,7 +152,7 @@ tls_log_warn(const char *msgid, const char *context, int errnum) { char errbuf[256]; mbedtls_strerror(errnum, errbuf, sizeof(errbuf)); - nng_log_warn(msgid, "%s: %s", context, errbuf); + nng_log_warn(msgid, "%s: %d - %s", context, errnum, errbuf); } // tls_mk_err converts an mbed error to an NNG error. |