summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/supplemental/tls/tls_common.c6
-rw-r--r--src/supplemental/tls/tls_test.c102
-rw-r--r--tests/testutil.c261
-rw-r--r--tests/testutil.h18
4 files changed, 385 insertions, 2 deletions
diff --git a/src/supplemental/tls/tls_common.c b/src/supplemental/tls/tls_common.c
index 7d89ea21..409c6600 100644
--- a/src/supplemental/tls/tls_common.c
+++ b/src/supplemental/tls/tls_common.c
@@ -1228,6 +1228,8 @@ nng_tls_engine_send(void *arg, const uint8_t *buf, size_t *szp)
// We are committed at this point to sending out len bytes.
// Update this now, so that we can use len to update.
*szp = len;
+ conn->tcp_send_len += len;
+ NNI_ASSERT(conn->tcp_send_len <= NNG_TLS_MAX_SEND_SIZE);
while (len > 0) {
if (head >= tail) {
@@ -1243,11 +1245,11 @@ nng_tls_engine_send(void *arg, const uint8_t *buf, size_t *szp)
buf += cnt;
head += cnt;
head %= NNG_TLS_MAX_SEND_SIZE;
- conn->tcp_send_len += cnt;
- conn->tcp_send_head = head;
len -= cnt;
}
+ conn->tcp_send_head = head;
+
tls_tcp_send_start(conn);
return (0);
}
diff --git a/src/supplemental/tls/tls_test.c b/src/supplemental/tls/tls_test.c
index bd96ae08..4857c4c7 100644
--- a/src/supplemental/tls/tls_test.c
+++ b/src/supplemental/tls/tls_test.c
@@ -53,7 +53,109 @@ test_tls_config_version(void)
nng_tls_config_free(cfg);
}
+void
+test_tls_conn_refused(void)
+{
+ nng_stream_dialer *dialer;
+ nng_aio * aio;
+
+ TEST_NNG_PASS(nng_aio_alloc(&aio, NULL, NULL));
+ nng_aio_set_timeout(aio, 5000); // 5 sec
+
+ // port 8 is generally not used for anything.
+ TEST_NNG_PASS(
+ nng_stream_dialer_alloc(&dialer, "tls+tcp://127.0.0.1:8"));
+ nng_stream_dialer_dial(dialer, aio);
+ nng_aio_wait(aio);
+ TEST_NNG_FAIL(nng_aio_result(aio), NNG_ECONNREFUSED);
+
+ nng_aio_free(aio);
+ nng_stream_dialer_free(dialer);
+}
+
+void
+test_tls_large_message(void)
+{
+ nng_stream_listener *l;
+ nng_stream_dialer * d;
+ nng_aio * aio1, *aio2;
+ nng_stream * s1;
+ nng_stream * s2;
+ nng_tls_config * c1;
+ nng_tls_config * c2;
+ char addr[32];
+ uint8_t * buf1;
+ uint8_t * buf2;
+ size_t size = 450001;
+ void * t1;
+ void * t2;
+
+ // allocate messages
+ TEST_CHECK((buf1 = nng_alloc(size)) != NULL);
+ TEST_CHECK((buf2 = nng_alloc(size)) != NULL);
+
+ for (size_t i = 0; i < size; i++) {
+ buf1[i] = rand() & 0xff;
+ }
+
+ TEST_NNG_PASS(nng_aio_alloc(&aio1, NULL, NULL));
+ TEST_NNG_PASS(nng_aio_alloc(&aio2, NULL, NULL));
+ nng_aio_set_timeout(aio1, 5000);
+ nng_aio_set_timeout(aio2, 5000);
+
+ testutil_scratch_addr("tls+tcp", sizeof(addr), addr);
+
+ TEST_NNG_PASS(nng_stream_dialer_alloc(&d, addr));
+ TEST_NNG_PASS(nng_stream_listener_alloc(&l, addr));
+
+ // set up TLS parameters
+
+ TEST_NNG_PASS(nng_tls_config_alloc(&c1, NNG_TLS_MODE_SERVER));
+ TEST_NNG_PASS(nng_tls_config_own_cert(
+ c1, testutil_server_crt, testutil_server_key, NULL));
+
+ TEST_NNG_PASS(nng_tls_config_alloc(&c2, NNG_TLS_MODE_CLIENT));
+ TEST_NNG_PASS(nng_tls_config_ca_chain(c2, testutil_server_crt, NULL));
+ TEST_NNG_PASS(nng_tls_config_server_name(c2, "localhost"));
+
+ TEST_NNG_PASS(nng_stream_listener_set_ptr(l, NNG_OPT_TLS_CONFIG, c1));
+ TEST_NNG_PASS(nng_stream_dialer_set_ptr(d, NNG_OPT_TLS_CONFIG, c2));
+
+ TEST_NNG_PASS(nng_stream_listener_listen(l));
+ nng_stream_listener_accept(l, aio1);
+ nng_stream_dialer_dial(d, aio2);
+
+ nng_aio_wait(aio1);
+ nng_aio_wait(aio2);
+
+ TEST_NNG_PASS(nng_aio_result(aio1));
+ TEST_NNG_PASS(nng_aio_result(aio2));
+
+ TEST_CHECK((s1 = nng_aio_get_output(aio1, 0)) != NULL);
+ TEST_CHECK((s2 = nng_aio_get_output(aio2, 0)) != NULL);
+
+ t1 = testutil_stream_send_start(s1, buf1, size);
+ t2 = testutil_stream_recv_start(s2, buf2, size);
+
+ TEST_NNG_PASS(testutil_stream_send_wait(t1));
+ TEST_NNG_PASS(testutil_stream_recv_wait(t2));
+ TEST_CHECK(memcmp(buf1, buf2, size) == 0);
+
+ nng_free(buf1, size);
+ nng_free(buf2, size);
+ nng_stream_free(s1);
+ nng_stream_free(s2);
+ nng_stream_dialer_free(d);
+ nng_stream_listener_free(l);
+ nng_tls_config_free(c1);
+ nng_tls_config_free(c2);
+ nng_aio_free(aio1);
+ nng_aio_free(aio2);
+}
+
TEST_LIST = {
{ "tls config version", test_tls_config_version },
+ { "tls conn refused", test_tls_conn_refused },
+ { "tls large message", test_tls_large_message },
{ NULL, NULL },
}; \ No newline at end of file
diff --git a/tests/testutil.c b/tests/testutil.c
index 2f6bf24d..4b20fc6a 100644
--- a/tests/testutil.c
+++ b/tests/testutil.c
@@ -389,3 +389,264 @@ done:
}
return (rv);
}
+
+typedef struct {
+ uint8_t * base;
+ size_t rem;
+ nng_iov iov;
+ nng_aio * upper_aio;
+ nng_aio * lower_aio;
+ nng_stream *s;
+ void (*submit)(nng_stream *, nng_aio *);
+} stream_xfr_t;
+
+static void
+stream_xfr_free(stream_xfr_t *x)
+{
+ if (x == NULL) {
+ return;
+ }
+ if (x->upper_aio != NULL) {
+ nng_aio_free(x->upper_aio);
+ }
+ if (x->lower_aio != NULL) {
+ nng_aio_free(x->lower_aio);
+ }
+ nng_free(x, sizeof(*x));
+}
+
+static void
+stream_xfr_start(stream_xfr_t *x)
+{
+ nng_iov iov;
+ iov.iov_buf = x->base;
+ iov.iov_len = x->rem;
+
+ nng_aio_set_iov(x->lower_aio, 1, &iov);
+ x->submit(x->s, x->lower_aio);
+}
+
+static void
+stream_xfr_cb(void *arg)
+{
+ stream_xfr_t *x = arg;
+ int rv;
+ size_t n;
+
+ rv = nng_aio_result(x->lower_aio);
+ if (rv != 0) {
+ nng_aio_finish(x->upper_aio, rv);
+ return;
+ }
+ n = nng_aio_count(x->lower_aio);
+
+ x->rem -= n;
+ x->base += n;
+
+ if (x->rem == 0) {
+ nng_aio_finish(x->upper_aio, 0);
+ return;
+ }
+
+ stream_xfr_start(x);
+}
+
+static stream_xfr_t *
+stream_xfr_alloc(nng_stream *s, void (*submit)(nng_stream *, nng_aio *),
+ void *buf, size_t size)
+{
+ stream_xfr_t *x;
+
+ if ((x = nng_alloc(size)) == NULL) {
+ return (NULL);
+ }
+ if (nng_aio_alloc(&x->upper_aio, NULL, NULL) != 0) {
+ stream_xfr_free(x);
+ return (NULL);
+ }
+ if (nng_aio_alloc(&x->lower_aio, stream_xfr_cb, x) != 0) {
+ stream_xfr_free(x);
+ return (NULL);
+ }
+
+ // Upper should not take more than 30 seconds, lower not more than 5.
+ nng_aio_set_timeout(x->upper_aio, 30000);
+ nng_aio_set_timeout(x->lower_aio, 5000);
+
+ nng_aio_begin(x->upper_aio);
+
+ x->s = s;
+ x->rem = size;
+ x->base = buf;
+ x->submit = submit;
+
+ return (x);
+}
+
+static int
+stream_xfr_wait(stream_xfr_t *x)
+{
+ int rv;
+ if (x == NULL) {
+ return (NNG_ENOMEM);
+ }
+ nng_aio_wait(x->upper_aio);
+ rv = nng_aio_result(x->upper_aio);
+ stream_xfr_free(x);
+ return (rv);
+}
+
+void *
+testutil_stream_recv_start(nng_stream *s, void *buf, size_t size)
+{
+ stream_xfr_t *x;
+
+ x = stream_xfr_alloc(s, nng_stream_recv, buf, size);
+ if (x == NULL) {
+ return (x);
+ }
+ stream_xfr_start(x);
+ return (x);
+}
+
+int
+testutil_stream_recv_wait(void *arg)
+{
+ return (stream_xfr_wait(arg));
+}
+
+void *
+testutil_stream_send_start(nng_stream *s, void *buf, size_t size)
+{
+ stream_xfr_t *x;
+
+ x = stream_xfr_alloc(s, nng_stream_send, buf, size);
+ if (x == NULL) {
+ return (x);
+ }
+ stream_xfr_start(x);
+ return (x);
+}
+
+int
+testutil_stream_send_wait(void *arg)
+{
+ return (stream_xfr_wait(arg));
+}
+
+// TLS certificates. These are pre-generated, and should not be used outside
+// of these test cases. They are all using RSA 2048 with SHA256.
+// All certs are signed by the root key (making the root self-signed).
+// They all expire in about 100 years -- so we don't have to worry about
+// expiration.
+//
+// The server cert uses CN 127.0.0.1.
+//
+// Country = XX
+// State = Utopia
+// Locality = Paradise
+// Organization = NNG Tests, Inc.
+//
+
+const char *testutil_server_key =
+ "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIIEowIBAAKCAQEAyPdnRbMrQj9902TGQsmMbG6xTSl9XKbJr55BcnyZifsrqA7B\n"
+ "bNSkndVw9Qq+OJQIDBTfRhGdG+o9j3h6SDVvIb62fWtwJ5Fe0eUmeYwPc1PKQzOm\n"
+ "MFlMYekXiZsx60yu5LeuUhGlb84+csImH+m3NbutInPJcStSq0WfSV6VNk6DN353\n"
+ "5ex66zV2Ms6ikys1vCC434YqIpe1VxUh+IC2widJcLDCxmmJt3TOlx5f9OcKMkxu\n"
+ "H4fMAzgjIEpIrUjdb19CGNVvsNrEEB2CShBMgBdqMaAnKFxpKgfzS0JFulxRGNtp\n"
+ "srweki+j+a4sJXTv40kELkRQS6uB6wWZNjcPywIDAQABAoIBAQCGSUsot+BgFCzv\n"
+ "5JbWafb7Pbwb421xS8HZJ9Zzue6e1McHNVTqc+zLyqQAGX2iMMhvykKnf32L+anJ\n"
+ "BKgxOANaeSVYCUKYLfs+JfDfp0druMGexhR2mjT/99FSkfF5WXREQLiq/j+dxiLU\n"
+ "bActq+5QaWf3bYddp6VF7O/TBvCNqBfD0+S0o0wtBdvxXItrKPTD5iKr9JfLWdAt\n"
+ "YNAk2QgFywFtY5zc2wt4queghF9GHeBzzZCuVj9QvPA4WdVq0mePaPTmvTYQUD0j\n"
+ "GT6X5j9JhqCwfh7trb/HfkmLHwwc62zPDFps+Dxao80+vss5b/EYZ4zY3S/K3vpG\n"
+ "f/e42S2BAoGBAP51HQYFJGC/wsNtOcX8RtXnRo8eYmyboH6MtBFrZxWl6ERigKCN\n"
+ "5Tjni7EI3nwi3ONg0ENPFkoQ8h0bcVFS7iW5kz5te73WaOFtpkU9rmuFDUz37eLP\n"
+ "d+JLZ5Kwfn2FM9HoiSAZAHowE0MIlmmIEXSnFtqA2zzorPQLO/4QlR+VAoGBAMov\n"
+ "R0yaHg3qPlxmCNyLXKiGaGNzvsvWjYw825uCGmVZfhzDhOiCFMaMb51BS5Uw/gwm\n"
+ "zHxmJjoqak8JjxaQ1qKPoeY1TJ5ps1+TRq9Wzm2/zGqJHOXnRPlqwBQ6AFllAMgt\n"
+ "Rlp5uqb8QJ+YEo6/1kdGhw9kZWCZEEue6MNQjxnfAoGARLkUkZ+p54di7qz9QX+V\n"
+ "EghYgibOpk6R1hviNiIvwSUByhZgbvxjwC6pB7NBg31W8wIevU8K0g4plbrnq/Md\n"
+ "5opsPhwLo4XY5albkq/J/7f7k6ISWYN2+WMsIe4Q+42SJUsMXeLiwh1h1mTnWrEp\n"
+ "JbxK69CJZbXhoDe4iDGqVNECgYAjlgS3n9ywWE1XmAHxR3osk1OmRYYMfJv3VfLV\n"
+ "QSYCNqkyyNsIzXR4qdkvVYHHJZNhcibFsnkB/dsuRCFyOFX+0McPLMxqiXIv3U0w\n"
+ "qVe2C28gRTfX40fJmpdqN/c9xMBJe2aJoClRIM8DCBIkG/HMI8a719DcGrS6iqKv\n"
+ "VeuKAwKBgEgD+KWW1KtoSjCBlS0NP8HjC/Rq7j99YhKE6b9h2slIa7JTO8RZKCa0\n"
+ "qbuomdUeJA3R8h+5CFkEKWqO2/0+dUdLNOjG+CaTFHaUJevzHOzIjpn+VsfCLV13\n"
+ "yupGzHG+tGtdrWgLn9Dzdp67cDfSnsSh+KODPECAAFfo+wPvD8DS\n"
+ "-----END RSA PRIVATE KEY-----\n";
+
+const char *testutil_server_crt =
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIDRzCCAi8CFCOIJGs6plMawgBYdDuCRV7UuJuyMA0GCSqGSIb3DQEBCwUAMF8x\n"
+ "CzAJBgNVBAYTAlhYMQ8wDQYDVQQIDAZVdG9waWExETAPBgNVBAcMCFBhcmFkaXNl\n"
+ "MRgwFgYDVQQKDA9OTkcgVGVzdHMsIEluYy4xEjAQBgNVBAMMCWxvY2FsaG9zdDAg\n"
+ "Fw0yMDA1MjMyMzMxMTlaGA8yMTIwMDQyOTIzMzExOVowXzELMAkGA1UEBhMCWFgx\n"
+ "DzANBgNVBAgMBlV0b3BpYTERMA8GA1UEBwwIUGFyYWRpc2UxGDAWBgNVBAoMD05O\n"
+ "RyBUZXN0cywgSW5jLjESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0B\n"
+ "AQEFAAOCAQ8AMIIBCgKCAQEAyPdnRbMrQj9902TGQsmMbG6xTSl9XKbJr55BcnyZ\n"
+ "ifsrqA7BbNSkndVw9Qq+OJQIDBTfRhGdG+o9j3h6SDVvIb62fWtwJ5Fe0eUmeYwP\n"
+ "c1PKQzOmMFlMYekXiZsx60yu5LeuUhGlb84+csImH+m3NbutInPJcStSq0WfSV6V\n"
+ "Nk6DN3535ex66zV2Ms6ikys1vCC434YqIpe1VxUh+IC2widJcLDCxmmJt3TOlx5f\n"
+ "9OcKMkxuH4fMAzgjIEpIrUjdb19CGNVvsNrEEB2CShBMgBdqMaAnKFxpKgfzS0JF\n"
+ "ulxRGNtpsrweki+j+a4sJXTv40kELkRQS6uB6wWZNjcPywIDAQABMA0GCSqGSIb3\n"
+ "DQEBCwUAA4IBAQA86Fqrd4aiih6R3fwiMLwV6IQJv+u5rQeqA4D0xu6v6siP42SJ\n"
+ "YMaI2DkNGrWdSFVSHUK/efceCrhnMlW7VM8I1cyl2F/qKMfnT72cxqqquiKtQKdT\n"
+ "NDTzv61QMUP9n86HxMzGS7jg0Pknu55BsIRNK6ndDvI3D/K/rzZs4xbqWSSfNfQs\n"
+ "fNFBbOuDrkS6/1h3p8SY1uPM18WLVv3GO2T3aeNMHn7YJAKSn+sfaxzAPyPIK3UT\n"
+ "W8ecGQSHOqBJJQELyUfMu7lx/FCYKUhN7/1uhU5Qf1pCR8hkIMegtqr64yVBNMOn\n"
+ "248fuiHbs9BRknuA/PqjxIDDZTwtDrfVSO/S\n"
+ "-----END CERTIFICATE-----\n";
+
+const char *testutil_client_key =
+ "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIIEowIBAAKCAQEArohAOr7gv5aNpTEviOPPBJ2fArUX2EajMEtU9tF8H/TTlcMB\n"
+ "oy+vYoyNe56jc7CWUfO0S54rg0XaQ7HTI5EWueSR9wrEVK4q+Zg6x1dwr4k5SxD5\n"
+ "NcStDXzUjiCi9ygZRxpOUz8jRhKZFENuCdLxSN7E2vuOIU9IR5FpatMlsD33rTOX\n"
+ "Pgyx7qNpBj63ZCzY3b09zWBAXc/sLd1mxjlNP/LbtVLrFeIT1j6Gv0UgzxIcEjQ3\n"
+ "vybV/EYK7THn7jLhudEa+7fC9jfzwozbuszfEje/U0h0/DF4coGyIQTfDh6Wmk3x\n"
+ "5YB2QaI/0jwn8cwracKGtNO+vLqV4yUWZxf5xwIDAQABAoIBADXIEJrJpPIEz6Me\n"
+ "0/oH0QwoEg7AhReFNNY18HmaNfiW9fhJPiDuGcpxa0uzp8SHntqkEWPX2qq6BLcl\n"
+ "fd2Q4QLpdz08GSHLBb0h9sLko/nDfF8wXMr/zx+/3rPpRK6KsbdiWM54P0NhicBf\n"
+ "wvHOCcIdu2WLbNHA35IGMgjUBeIXxAsje63RBS3Dd6RnASxF7bbC/GXiUouQnos1\n"
+ "VSLoR6fLQQYlrMOAJU3ruPvMRwkrgaHQ1jl3PL4ilZMuvt7LSAi/KUDKMLRHdLNe\n"
+ "tMPITE5CvQ/rBhiUHMsTn1Xb2/jmSuJieJtG2fEDmLFuYZMUFMg1XfQ+ZC9cDCGI\n"
+ "wiEYUbkCgYEA1NoKnHp7Zmc2AK1J78uYByEwr8z2nAYZNq5LFeKuCd4rky6v385x\n"
+ "IjIYhvPLiGXw/lDfF1T15lHHo2FDAQqDa2rbEe+ycDC7Qa3eJjcsN284n1RM2pl+\n"
+ "iNyyhS09YVadelBxWsMqnwdDlf5lrSa7DW1+/u/z2iAw8lGka8XpFpsCgYEA0emd\n"
+ "sYqNivonQFEqJxi2kGTBjX8HNEjeF9tTLuAAg0hjhbW4i1v3JsekW9thbG436THa\n"
+ "4zWUBmcaEwx0iTD1dqM+d+PbN/4vxoRx9kWQJicfR+sa6eJiwL5UmiqDdX4to5z9\n"
+ "MbahemNBzYybr7lcvw+RbL91Fr/z3GooDM9rxkUCgYAuF8mUeTGfy1n2a5BHTV9u\n"
+ "q9FPQKNmxitPnA7GfoARwvrMtJ+BZ8M4FIEbOFArCWhWqkylUNCvP6ZryvQnlY9A\n"
+ "A7PM/os1oFfssSoaPHhmyL8KQcciz3qHSMOf81wHaCpSAnmJnhnstjX8lUqPZIO9\n"
+ "NKj7rBqycaYn02Y3sHP5YQKBgQDQxOQNW5uCiWDYWuDtmWqZGVxW+euUWJRqbbvB\n"
+ "dw+LgkdZCG7OS1z3uL8CjKHMUaJRzz+/kd3ysEACifStLYAzyg+q9XdlrOyfJ8Kg\n"
+ "CHdhOq+lu3I9Aubsg19pJLcx95g0jUJUWysmqekcIagFkPlpHHaqDZDKW4aRxRKo\n"
+ "CvNJcQKBgA9DB8OzHA/gp8TztxUZu8hAVfehLxVORquFvMRF0cr8uxjbu/6sDhzc\n"
+ "TRUkXRUe4DGxxMzAd+1SF/IWlcuZlfcuZrytH1hbjmrN8H30y+yGXFsSGCI/rudk\n"
+ "rLXNS+vWEeuOV8lQuQY0fkokmxnmhkPDMXra5/3KrVMzm3ZNF5N8\n"
+ "-----END RSA PRIVATE KEY-----\n";
+
+const char *testutil_client_crt =
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIDdzCCAl8CFEzqJgxMn+OTdw7RjLtz8FlhrQ0HMA0GCSqGSIb3DQEBCwUAMHcx\n"
+ "CzAJBgNVBAYTAlhYMQ8wDQYDVQQIDAZVdG9waWExETAPBgNVBAcMCFBhcmFkaXNl\n"
+ "MRgwFgYDVQQKDA9OTkcgVGVzdHMsIEluYy4xFDASBgNVBAsMC0NsaWVudCBDZXJ0\n"
+ "MRQwEgYDVQQDDAtUZXN0IENsaWVudDAgFw0yMDA1MjMxODQ1MjZaGA8yMTIwMDQy\n"
+ "OTE4NDUyNlowdzELMAkGA1UEBhMCWFgxDzANBgNVBAgMBlV0b3BpYTERMA8GA1UE\n"
+ "BwwIUGFyYWRpc2UxGDAWBgNVBAoMD05ORyBUZXN0cywgSW5jLjEUMBIGA1UECwwL\n"
+ "Q2xpZW50IENlcnQxFDASBgNVBAMMC1Rlc3QgQ2xpZW50MIIBIjANBgkqhkiG9w0B\n"
+ "AQEFAAOCAQ8AMIIBCgKCAQEAoHWEJXvfaHDM33AyYbJHggKOllgcvwscEnsXztIt\n"
+ "OK+0jO6SRFSbtye1cjtrkGVCYBjeWMcOdEiNB0pw3PceVpF/Q9ifCuaSYsJA3sPH\n"
+ "wi/A3G7ZTe2KCH1i26I4zyw1Bn5AzkaDDXsaht2S9PEqIBCbWo/V1pWiv4QdYmLT\n"
+ "/UFYJDxFpFC3iKVC+BDv9yzziyaFXOYsQJXcaq8ZRD79bNV5NFfzUih8RoasIdD4\n"
+ "LoamBSbbr5XzstTISus+wu1JDKgKkYMJhLGA/tdU/eOKuTDx89yO4ba23W74xeqW\n"
+ "JYe0wPy+krmeB5M7UA7jIvg1JXhYACxujhieMp7wcC3FPwIDAQABMA0GCSqGSIb3\n"
+ "DQEBCwUAA4IBAQCMTQ89YnD19bCGIdUl/z6w2yx1x1kvTYHT+SzhUprsgiuS3KT1\n"
+ "RZNhjf5U3Yu+B6SrJCLuylv+L2zQfmHogp3lV7bayOA7r/rVy5fdmHS+Ei1w6LDL\n"
+ "t8jayiRMPG4VCgaG486yI73PFpK5DXnyFqSd23TlWvNoNeVag5gjlhzG+mHZBSB2\n"
+ "ExpGY3SPxrKSzDqIITVPVgzjW25N8qtgLXC6HODDiViNYq1nmuoS4O80NIYAPPs6\n"
+ "sxUMa5kT+zc17q57ZcgNq/sSGI3BU4b/E/8ntIwiui2xWSf/4JR6xtanih8uY5Pu\n"
+ "QTgg9qTtFgtu4WWUP7JhreoINTw6O4/g5Z18\n"
+ "-----END CERTIFICATE-----\n";
diff --git a/tests/testutil.h b/tests/testutil.h
index a297b603..15028106 100644
--- a/tests/testutil.h
+++ b/tests/testutil.h
@@ -56,6 +56,24 @@ extern int testutil_marry(nng_socket, nng_socket);
extern int testutil_marry_ex(
nng_socket, nng_socket, const char *, nng_pipe *, nng_pipe *);
+// testutil_stream_send_start and testutil_stream_recv_start are used
+// to initiate transfers asynchronously. They return a token which can
+// be used with testutil_stream_send_wait and testutil_stream_recv_wait.
+// Those wait functions will return the result of operation (0 on
+// success, an NNG error number otherwise.)
+extern void *testutil_stream_send_start(nng_stream *, void *, size_t);
+extern void *testutil_stream_recv_start(nng_stream *, void *, size_t);
+extern int testutil_stream_send_wait(void *);
+extern int testutil_stream_recv_wait(void *);
+
+// These are TLS certificates. The client and server are signed with the
+// root. The server uses CN 127.0.0.1. Other details are bogus, but
+// designed to prevent accidental use elsewhere.
+extern const char *testutil_server_key;
+extern const char *testutil_server_crt;
+extern const char *testutil_client_key;
+extern const char *testutil_client_crt;
+
// TEST_NNG_PASS tests for NNG success. It reports the failure if it
// did not.
#define TEST_NNG_PASS(cond) \
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2026-01-18 11:05:35 +0000