Only use BoringSSL time callback in unit tests.
The actual time used in production code should honor the epoch time.
BUG=webrtc:6737
Review-Url: https://codereview.webrtc.org/2526433002
Cr-Commit-Position: refs/heads/master@{#15282}
diff --git a/webrtc/base/opensslstreamadapter.cc b/webrtc/base/opensslstreamadapter.cc
index 6943cd3..873f7b1 100644
--- a/webrtc/base/opensslstreamadapter.cc
+++ b/webrtc/base/opensslstreamadapter.cc
@@ -38,6 +38,10 @@
#include "webrtc/base/timeutils.h"
#include "webrtc/base/thread.h"
+namespace {
+ bool g_use_time_callback_for_testing = false;
+}
+
namespace rtc {
#if (OPENSSL_VERSION_NUMBER >= 0x10001000L)
@@ -63,7 +67,8 @@
#endif
#ifdef OPENSSL_IS_BORINGSSL
-static void TimeCallback(const SSL* ssl, struct timeval* out_clock) {
+// Not used in production code. Actual time should be relative to Jan 1, 1970.
+static void TimeCallbackForTesting(const SSL* ssl, struct timeval* out_clock) {
int64_t time = TimeNanos();
out_clock->tv_sec = time / kNumNanosecsPerSec;
out_clock->tv_usec = (time % kNumNanosecsPerSec) / kNumNanosecsPerMicrosec;
@@ -1059,10 +1064,9 @@
DTLS1_2_VERSION : TLS1_2_VERSION);
break;
}
- // Set a time callback for BoringSSL because:
- // 1. Our time function is more accurate (doesn't just use gettimeofday).
- // 2. This allows us to inject a fake clock for testing.
- SSL_CTX_set_current_time_cb(ctx, &TimeCallback);
+ if (g_use_time_callback_for_testing) {
+ SSL_CTX_set_current_time_cb(ctx, &TimeCallbackForTesting);
+ }
#endif
if (identity_ && !identity_->ConfigureIdentity(ctx)) {
@@ -1263,6 +1267,10 @@
return false;
}
+void OpenSSLStreamAdapter::enable_time_callback_for_testing() {
+ g_use_time_callback_for_testing = true;
+}
+
} // namespace rtc
#endif // HAVE_OPENSSL_SSL_H
diff --git a/webrtc/base/opensslstreamadapter.h b/webrtc/base/opensslstreamadapter.h
index 76ff218..e7d2174 100644
--- a/webrtc/base/opensslstreamadapter.h
+++ b/webrtc/base/opensslstreamadapter.h
@@ -118,6 +118,10 @@
static bool IsAcceptableCipher(int cipher, KeyType key_type);
static bool IsAcceptableCipher(const std::string& cipher, KeyType key_type);
+ // Use our timeutils.h source of timing in BoringSSL, allowing us to test
+ // using a fake clock.
+ static void enable_time_callback_for_testing();
+
protected:
void OnEvent(StreamInterface* stream, int events, int err) override;
diff --git a/webrtc/base/sslstreamadapter.cc b/webrtc/base/sslstreamadapter.cc
index 17e758e..c3ef3bc 100644
--- a/webrtc/base/sslstreamadapter.cc
+++ b/webrtc/base/sslstreamadapter.cc
@@ -160,6 +160,9 @@
std::string SSLStreamAdapter::SslCipherSuiteToName(int cipher_suite) {
return OpenSSLStreamAdapter::SslCipherSuiteToName(cipher_suite);
}
+void SSLStreamAdapter::enable_time_callback_for_testing() {
+ OpenSSLStreamAdapter::enable_time_callback_for_testing();
+}
#endif // SSL_USE_OPENSSL
///////////////////////////////////////////////////////////////////////////////
diff --git a/webrtc/base/sslstreamadapter.h b/webrtc/base/sslstreamadapter.h
index 2b99f00..3910191 100644
--- a/webrtc/base/sslstreamadapter.h
+++ b/webrtc/base/sslstreamadapter.h
@@ -244,6 +244,10 @@
// depending on specific SSL implementation.
static std::string SslCipherSuiteToName(int cipher_suite);
+ // Use our timeutils.h source of timing in BoringSSL, allowing us to test
+ // using a fake clock.
+ static void enable_time_callback_for_testing();
+
sigslot::signal1<SSLHandshakeError> SignalSSLHandshakeError;
private:
diff --git a/webrtc/base/unittest_main.cc b/webrtc/base/unittest_main.cc
index 66a9a73..3de0528 100644
--- a/webrtc/base/unittest_main.cc
+++ b/webrtc/base/unittest_main.cc
@@ -19,6 +19,7 @@
#include "webrtc/base/gunit.h"
#include "webrtc/base/logging.h"
#include "webrtc/base/ssladapter.h"
+#include "webrtc/base/sslstreamadapter.h"
#include "webrtc/test/field_trial.h"
#include "webrtc/test/testsupport/fileutils.h"
@@ -103,6 +104,7 @@
// Initialize SSL which are used by several tests.
rtc::InitializeSSL();
+ rtc::SSLStreamAdapter::enable_time_callback_for_testing();
int res = RUN_ALL_TESTS();
