Split SSLAdapter/SSLStreamAdapter and deprecate SSL(Stream)Adapter::SetMode
since we do not need two adapters with TLS and DTLS modes.
SSLAdapter is the TLS adapter,
SSLStreamAdapter is the DTLS adapter.
BUG=webrtc:353750117
Change-Id: I223917c71c88437339380e1f196dcf3c0e2021c8
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/354940
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Commit-Queue: Philipp Hancke <phancke@meta.com>
Reviewed-by: Mirko Bonadei <mbonadei@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#42713}
diff --git a/p2p/base/dtls_transport.cc b/p2p/base/dtls_transport.cc
index 056b5a5..11ebaf7 100644
--- a/p2p/base/dtls_transport.cc
+++ b/p2p/base/dtls_transport.cc
@@ -376,7 +376,6 @@
}
dtls_->SetIdentity(local_certificate_->identity()->Clone());
- dtls_->SetMode(rtc::SSL_MODE_DTLS);
dtls_->SetMaxProtocolVersion(ssl_max_version_);
dtls_->SetServerRole(*dtls_role_);
dtls_->SetEventCallback(
diff --git a/rtc_base/openssl_adapter.h b/rtc_base/openssl_adapter.h
index 6c6c0f1..61b727c 100644
--- a/rtc_base/openssl_adapter.h
+++ b/rtc_base/openssl_adapter.h
@@ -56,7 +56,7 @@
void SetIgnoreBadCert(bool ignore) override;
void SetAlpnProtocols(const std::vector<std::string>& protos) override;
void SetEllipticCurves(const std::vector<std::string>& curves) override;
- void SetMode(SSLMode mode) override;
+ [[deprecated]] void SetMode(SSLMode mode) override;
void SetCertVerifier(SSLCertificateVerifier* ssl_cert_verifier) override;
void SetIdentity(std::unique_ptr<SSLIdentity> identity) override;
void SetRole(SSLRole role) override;
diff --git a/rtc_base/openssl_stream_adapter.cc b/rtc_base/openssl_stream_adapter.cc
index 9075f9a..2907fb1 100644
--- a/rtc_base/openssl_stream_adapter.cc
+++ b/rtc_base/openssl_stream_adapter.cc
@@ -292,7 +292,7 @@
permute_extension_(
!webrtc::field_trial::IsDisabled("WebRTC-PermuteTlsClientHello")),
#endif
- ssl_mode_(SSL_MODE_TLS),
+ ssl_mode_(SSL_MODE_DTLS),
ssl_max_version_(SSL_PROTOCOL_TLS_12) {
stream_->SetEventCallback(
[this](int events, int err) { OnEvent(events, err); });
diff --git a/rtc_base/openssl_stream_adapter.h b/rtc_base/openssl_stream_adapter.h
index 2620989..2116b2d 100644
--- a/rtc_base/openssl_stream_adapter.h
+++ b/rtc_base/openssl_stream_adapter.h
@@ -90,7 +90,7 @@
// Goes from state SSL_NONE to either SSL_CONNECTING or SSL_WAIT, depending
// on whether the underlying stream is already open or not.
int StartSSL() override;
- void SetMode(SSLMode mode) override;
+ [[deprecated]] void SetMode(SSLMode mode) override;
void SetMaxProtocolVersion(SSLProtocolVersion version) override;
void SetInitialRetransmissionTimeout(int timeout_ms) override;
diff --git a/rtc_base/ssl_adapter.h b/rtc_base/ssl_adapter.h
index 5ef9146..5e02a26 100644
--- a/rtc_base/ssl_adapter.h
+++ b/rtc_base/ssl_adapter.h
@@ -80,8 +80,8 @@
virtual void SetAlpnProtocols(const std::vector<std::string>& protos) = 0;
virtual void SetEllipticCurves(const std::vector<std::string>& curves) = 0;
- // Do DTLS or TLS (default is TLS, if unspecified)
- virtual void SetMode(SSLMode mode) = 0;
+ [[deprecated("Only TLS is supported by the adapter")]] virtual void SetMode(
+ SSLMode mode) = 0;
// Specify a custom certificate verifier for SSL.
virtual void SetCertVerifier(SSLCertificateVerifier* ssl_cert_verifier) = 0;
diff --git a/rtc_base/ssl_adapter_unittest.cc b/rtc_base/ssl_adapter_unittest.cc
index ec407c5..259b334 100644
--- a/rtc_base/ssl_adapter_unittest.cc
+++ b/rtc_base/ssl_adapter_unittest.cc
@@ -20,7 +20,6 @@
#include "rtc_base/ip_address.h"
#include "rtc_base/message_digest.h"
#include "rtc_base/ssl_identity.h"
-#include "rtc_base/ssl_stream_adapter.h"
#include "rtc_base/stream.h"
#include "rtc_base/string_encode.h"
#include "rtc_base/virtual_socket_server.h"
@@ -31,21 +30,16 @@
static const int kTimeout = 5000;
-static rtc::Socket* CreateSocket(const rtc::SSLMode& ssl_mode) {
+static rtc::Socket* CreateSocket() {
rtc::SocketAddress address(rtc::IPAddress(INADDR_ANY), 0);
rtc::Socket* socket = rtc::Thread::Current()->socketserver()->CreateSocket(
- address.family(),
- (ssl_mode == rtc::SSL_MODE_DTLS) ? SOCK_DGRAM : SOCK_STREAM);
+ address.family(), SOCK_STREAM);
socket->Bind(address);
return socket;
}
-static std::string GetSSLProtocolName(const rtc::SSLMode& ssl_mode) {
- return (ssl_mode == rtc::SSL_MODE_DTLS) ? "DTLS" : "TLS";
-}
-
// Simple mock for the certificate verifier.
class MockCertVerifier : public rtc::SSLCertificateVerifier {
public:
@@ -55,25 +49,24 @@
// TODO(benwright) - Move to using INSTANTIATE_TEST_SUITE_P instead of using
// duplicate test cases for simple parameter changes.
-class SSLAdapterTestDummyClient : public sigslot::has_slots<> {
+class SSLAdapterTestDummy : public sigslot::has_slots<> {
public:
- explicit SSLAdapterTestDummyClient(const rtc::SSLMode& ssl_mode)
- : ssl_mode_(ssl_mode) {
- rtc::Socket* socket = CreateSocket(ssl_mode_);
+ explicit SSLAdapterTestDummy() : socket_(CreateSocket()) {}
+ virtual ~SSLAdapterTestDummy() = default;
+ void CreateSSLAdapter(rtc::Socket* socket, rtc::SSLRole role) {
ssl_adapter_.reset(rtc::SSLAdapter::Create(socket));
- ssl_adapter_->SetMode(ssl_mode_);
-
// Ignore any certificate errors for the purpose of testing.
// Note: We do this only because we don't have a real certificate.
// NEVER USE THIS IN PRODUCTION CODE!
ssl_adapter_->SetIgnoreBadCert(true);
ssl_adapter_->SignalReadEvent.connect(
- this, &SSLAdapterTestDummyClient::OnSSLAdapterReadEvent);
+ this, &SSLAdapterTestDummy::OnSSLAdapterReadEvent);
ssl_adapter_->SignalCloseEvent.connect(
- this, &SSLAdapterTestDummyClient::OnSSLAdapterCloseEvent);
+ this, &SSLAdapterTestDummy::OnSSLAdapterCloseEvent);
+ ssl_adapter_->SetRole(role);
}
void SetIgnoreBadCert(bool ignore_bad_cert) {
@@ -100,27 +93,10 @@
const std::string& GetReceivedData() const { return data_; }
- int Connect(absl::string_view hostname, const rtc::SocketAddress& address) {
- RTC_LOG(LS_INFO) << "Initiating connection with " << address.ToString();
-
- int rv = ssl_adapter_->Connect(address);
-
- if (rv == 0) {
- RTC_LOG(LS_INFO) << "Starting " << GetSSLProtocolName(ssl_mode_)
- << " handshake with " << hostname;
-
- if (ssl_adapter_->StartSSL(hostname) != 0) {
- return -1;
- }
- }
-
- return rv;
- }
-
int Close() { return ssl_adapter_->Close(); }
int Send(absl::string_view message) {
- RTC_LOG(LS_INFO) << "Client sending '" << message << "'";
+ RTC_LOG(LS_INFO) << "Sending '" << message << "'";
return ssl_adapter_->Send(message.data(), message.length());
}
@@ -133,7 +109,7 @@
if (read != -1) {
buffer[read] = '\0';
- RTC_LOG(LS_INFO) << "Client received '" << buffer << "'";
+ RTC_LOG(LS_INFO) << "Received '" << buffer << "'";
data_ += buffer;
}
@@ -148,125 +124,50 @@
}
}
- private:
- const rtc::SSLMode ssl_mode_;
-
+ protected:
std::unique_ptr<rtc::SSLAdapter> ssl_adapter_;
+ std::unique_ptr<rtc::Socket> socket_;
+ private:
std::string data_;
};
-namespace {
-
-class SocketStream : public rtc::StreamInterface, public sigslot::has_slots<> {
+class SSLAdapterTestDummyClient : public SSLAdapterTestDummy {
public:
- explicit SocketStream(rtc::Socket* socket) : socket_(socket) {
- socket_->SignalConnectEvent.connect(this, &SocketStream::OnConnectEvent);
- socket_->SignalReadEvent.connect(this, &SocketStream::OnReadEvent);
- socket_->SignalWriteEvent.connect(this, &SocketStream::OnWriteEvent);
- socket_->SignalCloseEvent.connect(this, &SocketStream::OnCloseEvent);
+ explicit SSLAdapterTestDummyClient() : SSLAdapterTestDummy() {
+ CreateSSLAdapter(socket_.release(), rtc::SSL_CLIENT);
}
- ~SocketStream() override = default;
+ int Connect(absl::string_view hostname, const rtc::SocketAddress& address) {
+ RTC_LOG(LS_INFO) << "Initiating connection with " << address.ToString();
+ int rv = ssl_adapter_->Connect(address);
- rtc::StreamState GetState() const override {
- switch (socket_->GetState()) {
- case rtc::Socket::CS_CONNECTED:
- return rtc::SS_OPEN;
- case rtc::Socket::CS_CONNECTING:
- return rtc::SS_OPENING;
- case rtc::Socket::CS_CLOSED:
- default:
- return rtc::SS_CLOSED;
+ if (rv == 0) {
+ RTC_LOG(LS_INFO) << "Starting TLS handshake with " << hostname;
+
+ if (ssl_adapter_->StartSSL(hostname) != 0) {
+ return -1;
+ }
}
- }
- rtc::StreamResult Read(rtc::ArrayView<uint8_t> buffer,
- size_t& read,
- int& error) override {
- int result = socket_->Recv(buffer.data(), buffer.size(), nullptr);
- if (result < 0) {
- if (socket_->IsBlocking())
- return rtc::SR_BLOCK;
- error = socket_->GetError();
- return rtc::SR_ERROR;
- }
- if ((result > 0) || (buffer.size() == 0)) {
- read = result;
- return rtc::SR_SUCCESS;
- }
- return rtc::SR_EOS;
+ return rv;
}
-
- rtc::StreamResult Write(rtc::ArrayView<const uint8_t> data,
- size_t& written,
- int& error) override {
- int result = socket_->Send(data.data(), data.size());
- if (result < 0) {
- if (socket_->IsBlocking())
- return rtc::SR_BLOCK;
- error = socket_->GetError();
- return rtc::SR_ERROR;
- }
- written = result;
- return rtc::SR_SUCCESS;
- }
-
- void Close() override { socket_->Close(); }
-
- private:
- void OnConnectEvent(rtc::Socket* socket) {
- RTC_DCHECK_RUN_ON(&callback_sequence_);
- RTC_DCHECK_EQ(socket, socket_.get());
- FireEvent(rtc::SE_OPEN | rtc::SE_READ | rtc::SE_WRITE, 0);
- }
-
- void OnReadEvent(rtc::Socket* socket) {
- RTC_DCHECK_RUN_ON(&callback_sequence_);
- RTC_DCHECK_EQ(socket, socket_.get());
- FireEvent(rtc::SE_READ, 0);
- }
- void OnWriteEvent(rtc::Socket* socket) {
- RTC_DCHECK_RUN_ON(&callback_sequence_);
- RTC_DCHECK_EQ(socket, socket_.get());
- FireEvent(rtc::SE_WRITE, 0);
- }
- void OnCloseEvent(rtc::Socket* socket, int err) {
- RTC_DCHECK_RUN_ON(&callback_sequence_);
- RTC_DCHECK_EQ(socket, socket_.get());
- FireEvent(rtc::SE_CLOSE, err);
- }
-
- std::unique_ptr<rtc::Socket> socket_;
};
-} // namespace
-
-class SSLAdapterTestDummyServer : public sigslot::has_slots<> {
+class SSLAdapterTestDummyServer : public SSLAdapterTestDummy {
public:
- explicit SSLAdapterTestDummyServer(const rtc::SSLMode& ssl_mode,
- const rtc::KeyParams& key_params)
- : ssl_mode_(ssl_mode) {
- // Generate a key pair and a certificate for this host.
- ssl_identity_ = rtc::SSLIdentity::Create(GetHostname(), key_params);
+ explicit SSLAdapterTestDummyServer(const rtc::KeyParams& key_params)
+ : SSLAdapterTestDummy(),
+ ssl_identity_(rtc::SSLIdentity::Create(GetHostname(), key_params)) {
+ socket_->Listen(1);
+ socket_->SignalReadEvent.connect(this,
+ &SSLAdapterTestDummyServer::OnReadEvent);
- server_socket_.reset(CreateSocket(ssl_mode_));
-
- if (ssl_mode_ == rtc::SSL_MODE_TLS) {
- server_socket_->SignalReadEvent.connect(
- this, &SSLAdapterTestDummyServer::OnServerSocketReadEvent);
-
- server_socket_->Listen(1);
- }
-
- RTC_LOG(LS_INFO) << ((ssl_mode_ == rtc::SSL_MODE_DTLS) ? "UDP" : "TCP")
- << " server listening on "
- << server_socket_->GetLocalAddress().ToString();
+ RTC_LOG(LS_INFO) << "TCP server listening on "
+ << socket_->GetLocalAddress().ToString();
}
- rtc::SocketAddress GetAddress() const {
- return server_socket_->GetLocalAddress();
- }
+ rtc::SocketAddress GetAddress() const { return socket_->GetLocalAddress(); }
std::string GetHostname() const {
// Since we don't have a real certificate anyway, the value here doesn't
@@ -274,120 +175,26 @@
return "example.com";
}
- const std::string& GetReceivedData() const { return data_; }
-
- int Send(absl::string_view message) {
- if (ssl_stream_adapter_ == nullptr ||
- ssl_stream_adapter_->GetState() != rtc::SS_OPEN) {
- // No connection yet.
- return -1;
- }
-
- RTC_LOG(LS_INFO) << "Server sending '" << message << "'";
-
- size_t written;
- int error;
-
- rtc::StreamResult r = ssl_stream_adapter_->Write(
- rtc::MakeArrayView(reinterpret_cast<const uint8_t*>(message.data()),
- message.size()),
- written, error);
- if (r == rtc::SR_SUCCESS) {
- return written;
- } else {
- return -1;
- }
- }
-
- void AcceptConnection(const rtc::SocketAddress& address) {
- // Only a single connection is supported.
- ASSERT_TRUE(ssl_stream_adapter_ == nullptr);
-
- // This is only for DTLS.
- ASSERT_EQ(rtc::SSL_MODE_DTLS, ssl_mode_);
-
- // Transfer ownership of the socket to the SSLStreamAdapter object.
- rtc::Socket* socket = server_socket_.release();
-
- socket->Connect(address);
-
- DoHandshake(socket);
- }
-
- void OnServerSocketReadEvent(rtc::Socket* socket) {
- // Only a single connection is supported.
- ASSERT_TRUE(ssl_stream_adapter_ == nullptr);
-
- DoHandshake(server_socket_->Accept(nullptr));
- }
-
- void OnSSLStreamAdapterEvent(int sig, int err) {
- if (sig & rtc::SE_READ) {
- uint8_t buffer[4096] = "";
- size_t read;
- int error;
-
- // Read data received from the client and store it in our internal
- // buffer.
- rtc::StreamResult r = ssl_stream_adapter_->Read(buffer, read, error);
- if (r == rtc::SR_SUCCESS) {
- buffer[read] = '\0';
- // Here we assume that the buffer is interpretable as string.
- char* buffer_as_char = reinterpret_cast<char*>(buffer);
- RTC_LOG(LS_INFO) << "Server received '" << buffer_as_char << "'";
- data_ += buffer_as_char;
- }
+ protected:
+ void OnReadEvent(rtc::Socket* socket) {
+ CreateSSLAdapter(socket_->Accept(nullptr), rtc::SSL_SERVER);
+ ssl_adapter_->SetIdentity(ssl_identity_->Clone());
+ if (ssl_adapter_->StartSSL(GetHostname()) != 0) {
+ RTC_LOG(LS_ERROR) << "Starting SSL from server failed.";
}
}
private:
- void DoHandshake(rtc::Socket* socket) {
- ssl_stream_adapter_ =
- rtc::SSLStreamAdapter::Create(std::make_unique<SocketStream>(socket));
-
- ssl_stream_adapter_->SetMode(ssl_mode_);
- ssl_stream_adapter_->SetServerRole();
-
- // SSLStreamAdapter is normally used for peer-to-peer communication, but
- // here we're testing communication between a client and a server
- // (e.g. a WebRTC-based application and an RFC 5766 TURN server), where
- // clients are not required to provide a certificate during handshake.
- // Accordingly, we must disable client authentication here.
- ssl_stream_adapter_->SetClientAuthEnabledForTesting(false);
-
- ssl_stream_adapter_->SetIdentity(ssl_identity_->Clone());
-
- // Set a bogus peer certificate digest.
- unsigned char digest[20];
- size_t digest_len = sizeof(digest);
- ssl_stream_adapter_->SetPeerCertificateDigest(rtc::DIGEST_SHA_1, digest,
- digest_len);
-
- ssl_stream_adapter_->StartSSL();
-
- ssl_stream_adapter_->SetEventCallback(
- [this](int events, int err) { OnSSLStreamAdapterEvent(events, err); });
- }
-
- const rtc::SSLMode ssl_mode_;
-
- std::unique_ptr<rtc::Socket> server_socket_;
- std::unique_ptr<rtc::SSLStreamAdapter> ssl_stream_adapter_;
-
std::unique_ptr<rtc::SSLIdentity> ssl_identity_;
-
- std::string data_;
};
class SSLAdapterTestBase : public ::testing::Test, public sigslot::has_slots<> {
public:
- explicit SSLAdapterTestBase(const rtc::SSLMode& ssl_mode,
- const rtc::KeyParams& key_params)
- : ssl_mode_(ssl_mode),
- vss_(new rtc::VirtualSocketServer()),
+ explicit SSLAdapterTestBase(const rtc::KeyParams& key_params)
+ : vss_(new rtc::VirtualSocketServer()),
thread_(vss_.get()),
- server_(new SSLAdapterTestDummyServer(ssl_mode_, key_params)),
- client_(new SSLAdapterTestDummyClient(ssl_mode_)),
+ server_(new SSLAdapterTestDummyServer(key_params)),
+ client_(new SSLAdapterTestDummyClient()),
handshake_wait_(kTimeout) {}
void SetHandshakeWait(int wait) { handshake_wait_ = wait; }
@@ -430,26 +237,20 @@
// Now the state should be CS_CONNECTING
ASSERT_EQ(rtc::Socket::CS_CONNECTING, client_->GetState());
- if (ssl_mode_ == rtc::SSL_MODE_DTLS) {
- // For DTLS, call AcceptConnection() with the client's address.
- server_->AcceptConnection(client_->GetAddress());
- }
-
if (expect_success) {
// If expecting success, the client should end up in the CS_CONNECTED
// state after handshake.
EXPECT_EQ_WAIT(rtc::Socket::CS_CONNECTED, client_->GetState(),
handshake_wait_);
- RTC_LOG(LS_INFO) << GetSSLProtocolName(ssl_mode_)
- << " handshake complete.";
+ RTC_LOG(LS_INFO) << "TLS handshake complete.";
} else {
// On handshake failure the client should end up in the CS_CLOSED state.
EXPECT_EQ_WAIT(rtc::Socket::CS_CLOSED, client_->GetState(),
handshake_wait_);
- RTC_LOG(LS_INFO) << GetSSLProtocolName(ssl_mode_) << " handshake failed.";
+ RTC_LOG(LS_INFO) << "TLS handshake failed.";
}
}
@@ -472,8 +273,6 @@
}
protected:
- const rtc::SSLMode ssl_mode_;
-
std::unique_ptr<rtc::VirtualSocketServer> vss_;
rtc::AutoSocketServerThread thread_;
std::unique_ptr<SSLAdapterTestDummyServer> server_;
@@ -485,30 +284,14 @@
class SSLAdapterTestTLS_RSA : public SSLAdapterTestBase {
public:
- SSLAdapterTestTLS_RSA()
- : SSLAdapterTestBase(rtc::SSL_MODE_TLS, rtc::KeyParams::RSA()) {}
+ SSLAdapterTestTLS_RSA() : SSLAdapterTestBase(rtc::KeyParams::RSA()) {}
};
class SSLAdapterTestTLS_ECDSA : public SSLAdapterTestBase {
public:
- SSLAdapterTestTLS_ECDSA()
- : SSLAdapterTestBase(rtc::SSL_MODE_TLS, rtc::KeyParams::ECDSA()) {}
+ SSLAdapterTestTLS_ECDSA() : SSLAdapterTestBase(rtc::KeyParams::ECDSA()) {}
};
-class SSLAdapterTestDTLS_RSA : public SSLAdapterTestBase {
- public:
- SSLAdapterTestDTLS_RSA()
- : SSLAdapterTestBase(rtc::SSL_MODE_DTLS, rtc::KeyParams::RSA()) {}
-};
-
-class SSLAdapterTestDTLS_ECDSA : public SSLAdapterTestBase {
- public:
- SSLAdapterTestDTLS_ECDSA()
- : SSLAdapterTestBase(rtc::SSL_MODE_DTLS, rtc::KeyParams::ECDSA()) {}
-};
-
-// Basic tests: TLS
-
// Test that handshake works, using RSA
TEST_F(SSLAdapterTestTLS_RSA, TestTLSConnect) {
TestHandshake(true);
@@ -627,69 +410,3 @@
TestHandshake(true);
TestTransfer("Hello, world!");
}
-
-// Basic tests: DTLS
-
-// Test that handshake works, using RSA
-TEST_F(SSLAdapterTestDTLS_RSA, TestDTLSConnect) {
- TestHandshake(true);
-}
-
-// Test that handshake works with a custom verifier that returns true. DTLS_RSA.
-TEST_F(SSLAdapterTestDTLS_RSA, TestDTLSConnectCustomCertVerifierSucceeds) {
- SetMockCertVerifier(/*return_value=*/true);
- TestHandshake(/*expect_success=*/true);
-}
-
-// Test that handshake fails with a custom verifier that returns false.
-// DTLS_RSA.
-TEST_F(SSLAdapterTestDTLS_RSA, TestTLSConnectCustomCertVerifierFails) {
- SetMockCertVerifier(/*return_value=*/false);
- TestHandshake(/*expect_success=*/false);
-}
-
-// Test that handshake works, using ECDSA
-TEST_F(SSLAdapterTestDTLS_ECDSA, TestDTLSConnect) {
- TestHandshake(true);
-}
-
-// Test that handshake works with a custom verifier that returns true.
-// DTLS_ECDSA.
-TEST_F(SSLAdapterTestDTLS_ECDSA, TestDTLSConnectCustomCertVerifierSucceeds) {
- SetMockCertVerifier(/*return_value=*/true);
- TestHandshake(/*expect_success=*/true);
-}
-
-// Test that handshake fails with a custom verifier that returns false.
-// DTLS_ECDSA.
-TEST_F(SSLAdapterTestDTLS_ECDSA, TestTLSConnectCustomCertVerifierFails) {
- SetMockCertVerifier(/*return_value=*/false);
- TestHandshake(/*expect_success=*/false);
-}
-
-// Test transfer between client and server, using RSA
-TEST_F(SSLAdapterTestDTLS_RSA, TestDTLSTransfer) {
- TestHandshake(true);
- TestTransfer("Hello, world!");
-}
-
-// Test transfer between client and server, using RSA with custom cert verifier.
-TEST_F(SSLAdapterTestDTLS_RSA, TestDTLSTransferCustomCertVerifier) {
- SetMockCertVerifier(/*return_value=*/true);
- TestHandshake(/*expect_success=*/true);
- TestTransfer("Hello, world!");
-}
-
-// Test transfer between client and server, using ECDSA
-TEST_F(SSLAdapterTestDTLS_ECDSA, TestDTLSTransfer) {
- TestHandshake(true);
- TestTransfer("Hello, world!");
-}
-
-// Test transfer between client and server, using ECDSA with custom cert
-// verifier.
-TEST_F(SSLAdapterTestDTLS_ECDSA, TestDTLSTransferCustomCertVerifier) {
- SetMockCertVerifier(/*return_value=*/true);
- TestHandshake(/*expect_success=*/true);
- TestTransfer("Hello, world!");
-}
diff --git a/rtc_base/ssl_stream_adapter.h b/rtc_base/ssl_stream_adapter.h
index 5d22638..758d0e2 100644
--- a/rtc_base/ssl_stream_adapter.h
+++ b/rtc_base/ssl_stream_adapter.h
@@ -130,8 +130,8 @@
// TODO(ekr@rtfm.com): rename this SetRole to reflect its new function
virtual void SetServerRole(SSLRole role = SSL_SERVER) = 0;
- // Do DTLS or TLS.
- virtual void SetMode(SSLMode mode) = 0;
+ [[deprecated("Only DTLS is supported by the stream adapter")]] virtual void
+ SetMode(SSLMode mode) = 0;
// Set maximum supported protocol version. The highest version supported by
// both ends will be used for the connection, i.e. if one party supports
diff --git a/rtc_base/ssl_stream_adapter_unittest.cc b/rtc_base/ssl_stream_adapter_unittest.cc
index ab47a19..42d1fba 100644
--- a/rtc_base/ssl_stream_adapter_unittest.cc
+++ b/rtc_base/ssl_stream_adapter_unittest.cc
@@ -42,7 +42,6 @@
using ::testing::WithParamInterface;
using ::webrtc::SafeTask;
-static const int kBlockSize = 4096;
static const char kExporterLabel[] = "label";
static const unsigned char kExporterContext[] = "context";
static int kExporterContextLen = sizeof(kExporterContext);
@@ -354,7 +353,6 @@
rtc::BufferQueue buffer_;
};
-static const int kFifoBufferSize = 4096;
static const int kBufferCapacity = 1;
static const size_t kDefaultBufferSize = 2048;
@@ -513,8 +511,6 @@
}
void TestHandshake(bool expect_success = true) {
- server_ssl_->SetMode(dtls_ ? rtc::SSL_MODE_DTLS : rtc::SSL_MODE_TLS);
- client_ssl_->SetMode(dtls_ ? rtc::SSL_MODE_DTLS : rtc::SSL_MODE_TLS);
if (!dtls_) {
// Make sure we simulate a reliable network for TLS.
@@ -554,8 +550,6 @@
rtc::ScopedFakeClock clock;
int64_t time_start = clock.TimeNanos();
webrtc::TimeDelta time_increment = webrtc::TimeDelta::Millis(1000);
- server_ssl_->SetMode(dtls_ ? rtc::SSL_MODE_DTLS : rtc::SSL_MODE_TLS);
- client_ssl_->SetMode(dtls_ ? rtc::SSL_MODE_DTLS : rtc::SSL_MODE_TLS);
if (!dtls_) {
// Make sure we simulate a reliable network for TLS.
@@ -596,9 +590,6 @@
// and the identity will be verified after the fact. It also verifies that
// packets can't be read or written before the identity has been verified.
void TestHandshakeWithDelayedIdentity(bool valid_identity) {
- server_ssl_->SetMode(dtls_ ? rtc::SSL_MODE_DTLS : rtc::SSL_MODE_TLS);
- client_ssl_->SetMode(dtls_ ? rtc::SSL_MODE_DTLS : rtc::SSL_MODE_TLS);
-
if (!dtls_) {
// Make sure we simulate a reliable network for TLS.
// This is just a check to make sure that people don't write wrong
@@ -848,132 +839,6 @@
bool identities_set_;
};
-class SSLStreamAdapterTestTLS
- : public SSLStreamAdapterTestBase,
- public WithParamInterface<tuple<rtc::KeyParams, rtc::KeyParams>> {
- public:
- SSLStreamAdapterTestTLS()
- : SSLStreamAdapterTestBase("",
- "",
- false,
- ::testing::get<0>(GetParam()),
- ::testing::get<1>(GetParam())) {}
-
- std::unique_ptr<rtc::StreamInterface> CreateClientStream() override final {
- return absl::WrapUnique(
- new SSLDummyStream(this, "c2s", &client_buffer_, &server_buffer_));
- }
-
- std::unique_ptr<rtc::StreamInterface> CreateServerStream() override final {
- return absl::WrapUnique(
- new SSLDummyStream(this, "s2c", &server_buffer_, &client_buffer_));
- }
-
- // Test data transfer for TLS
- void TestTransfer(int size) override {
- RTC_LOG(LS_INFO) << "Starting transfer test with " << size << " bytes";
- // Create some dummy data to send.
- size_t received;
-
- send_stream_.ReserveSize(size);
- for (int i = 0; i < size; ++i) {
- uint8_t ch = static_cast<uint8_t>(i);
- size_t written;
- int error;
- send_stream_.Write(rtc::MakeArrayView(&ch, 1), written, error);
- }
- send_stream_.Rewind();
-
- // Prepare the receive stream.
- recv_stream_.ReserveSize(size);
-
- // Start sending
- WriteData();
-
- // Wait for the client to close
- EXPECT_TRUE_WAIT(server_ssl_->GetState() == rtc::SS_CLOSED, 10000);
-
- // Now check the data
- recv_stream_.GetSize(&received);
-
- EXPECT_EQ(static_cast<size_t>(size), received);
- EXPECT_EQ(0,
- memcmp(send_stream_.GetBuffer(), recv_stream_.GetBuffer(), size));
- }
-
- void WriteData() override {
- size_t position, tosend, size;
- rtc::StreamResult rv;
- size_t sent;
- uint8_t block[kBlockSize];
-
- send_stream_.GetSize(&size);
- if (!size)
- return;
-
- for (;;) {
- send_stream_.GetPosition(&position);
- int dummy_error;
- if (send_stream_.Read(block, tosend, dummy_error) != rtc::SR_EOS) {
- int error;
- rv = client_ssl_->Write(rtc::MakeArrayView(block, tosend), sent, error);
-
- if (rv == rtc::SR_SUCCESS) {
- send_stream_.SetPosition(position + sent);
- RTC_LOG(LS_VERBOSE) << "Sent: " << position + sent;
- } else if (rv == rtc::SR_BLOCK) {
- RTC_LOG(LS_VERBOSE) << "Blocked...";
- send_stream_.SetPosition(position);
- break;
- } else {
- ADD_FAILURE();
- break;
- }
- } else {
- // Now close
- RTC_LOG(LS_INFO) << "Wrote " << position << " bytes. Closing";
- client_ssl_->Close();
- break;
- }
- }
- }
-
- void ReadData(rtc::StreamInterface* stream) override final {
- uint8_t buffer[1600];
- size_t bread;
- int err2;
- rtc::StreamResult r;
-
- for (;;) {
- r = stream->Read(buffer, bread, err2);
-
- if (r == rtc::SR_ERROR || r == rtc::SR_EOS) {
- // Unfortunately, errors are the way that the stream adapter
- // signals close in OpenSSL.
- stream->Close();
- return;
- }
-
- if (r == rtc::SR_BLOCK)
- break;
-
- ASSERT_EQ(rtc::SR_SUCCESS, r);
- RTC_LOG(LS_VERBOSE) << "Read " << bread;
- size_t written;
- int error;
- recv_stream_.Write(rtc::MakeArrayView(buffer, bread), written, error);
- }
- }
-
- private:
- StreamWrapper client_buffer_{
- std::make_unique<rtc::FifoBuffer>(kFifoBufferSize)};
- StreamWrapper server_buffer_{
- std::make_unique<rtc::FifoBuffer>(kFifoBufferSize)};
- rtc::MemoryStream send_stream_;
- rtc::MemoryStream recv_stream_;
-};
-
class SSLStreamAdapterTestDTLSBase : public SSLStreamAdapterTestBase {
public:
SSLStreamAdapterTestDTLSBase(rtc::KeyParams param1, rtc::KeyParams param2)
@@ -1155,23 +1020,6 @@
}
};
-// Basic tests: TLS
-
-// Test that we can make a handshake work
-TEST_P(SSLStreamAdapterTestTLS, TestTLSConnect) {
- TestHandshake();
-}
-
-TEST_P(SSLStreamAdapterTestTLS, GetPeerCertChainWithOneCertificate) {
- TestHandshake();
- std::unique_ptr<rtc::SSLCertChain> cert_chain =
- client_ssl_->GetPeerSSLCertChain();
- ASSERT_NE(nullptr, cert_chain);
- EXPECT_EQ(1u, cert_chain->GetSize());
- EXPECT_EQ(cert_chain->Get(0).ToPEMString(),
- server_identity()->certificate().ToPEMString());
-}
-
TEST_F(SSLStreamAdapterTestDTLSCertChain, TwoCertHandshake) {
auto server_identity = rtc::SSLIdentity::CreateFromPEMChainStrings(
kRSA_PRIVATE_KEY_PEM, std::string(kCERT_PEM) + kCACert);
@@ -1222,92 +1070,6 @@
#endif
}
-// Test that closing the connection on one side updates the other side.
-TEST_P(SSLStreamAdapterTestTLS, TestTLSClose) {
- TestHandshake();
- client_ssl_->Close();
- EXPECT_EQ_WAIT(rtc::SS_CLOSED, server_ssl_->GetState(), handshake_wait_);
-}
-
-// Test transfer -- trivial
-TEST_P(SSLStreamAdapterTestTLS, TestTLSTransfer) {
- TestHandshake();
- TestTransfer(100000);
-}
-
-// Test read-write after close.
-TEST_P(SSLStreamAdapterTestTLS, ReadWriteAfterClose) {
- TestHandshake();
- TestTransfer(100000);
- client_ssl_->Close();
-
- rtc::StreamResult rv;
- uint8_t block[kBlockSize];
- size_t dummy;
- int error;
-
- // It's an error to write after closed.
- rv = client_ssl_->Write(block, dummy, error);
- ASSERT_EQ(rtc::SR_ERROR, rv);
-
- // But after closed read gives you EOS.
- rv = client_ssl_->Read(block, dummy, error);
- ASSERT_EQ(rtc::SR_EOS, rv);
-}
-
-// Test a handshake with a bogus peer digest
-TEST_P(SSLStreamAdapterTestTLS, TestTLSBogusDigest) {
- SetPeerIdentitiesByDigest(false, true);
- TestHandshake(false);
-}
-
-TEST_P(SSLStreamAdapterTestTLS, TestTLSDelayedIdentity) {
- TestHandshakeWithDelayedIdentity(true);
-}
-
-TEST_P(SSLStreamAdapterTestTLS, TestTLSDelayedIdentityWithBogusDigest) {
- TestHandshakeWithDelayedIdentity(false);
-}
-
-// Test that the correct error is returned when SetPeerCertificateDigest is
-// called with an unknown algorithm.
-TEST_P(SSLStreamAdapterTestTLS,
- TestSetPeerCertificateDigestWithUnknownAlgorithm) {
- unsigned char server_digest[20];
- size_t server_digest_len;
- bool rv;
- rtc::SSLPeerCertificateDigestError err;
-
- rv = server_identity()->certificate().ComputeDigest(
- rtc::DIGEST_SHA_1, server_digest, 20, &server_digest_len);
- ASSERT_TRUE(rv);
-
- rv = client_ssl_->SetPeerCertificateDigest("unknown algorithm", server_digest,
- server_digest_len, &err);
- EXPECT_EQ(rtc::SSLPeerCertificateDigestError::UNKNOWN_ALGORITHM, err);
- EXPECT_FALSE(rv);
-}
-
-// Test that the correct error is returned when SetPeerCertificateDigest is
-// called with an invalid digest length.
-TEST_P(SSLStreamAdapterTestTLS, TestSetPeerCertificateDigestWithInvalidLength) {
- unsigned char server_digest[20];
- size_t server_digest_len;
- bool rv;
- rtc::SSLPeerCertificateDigestError err;
-
- rv = server_identity()->certificate().ComputeDigest(
- rtc::DIGEST_SHA_1, server_digest, 20, &server_digest_len);
- ASSERT_TRUE(rv);
-
- rv = client_ssl_->SetPeerCertificateDigest(rtc::DIGEST_SHA_1, server_digest,
- server_digest_len - 1, &err);
- EXPECT_EQ(rtc::SSLPeerCertificateDigestError::INVALID_LENGTH, err);
- EXPECT_FALSE(rv);
-}
-
-// Test moving a bunch of data
-
// Basic tests: DTLS
// Test that we can make a handshake work
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnect) {
@@ -1627,15 +1389,6 @@
// 2048?. The reason is test case slowness; testing two sizes to exercise
// parametrization is sufficient.
INSTANTIATE_TEST_SUITE_P(
- SSLStreamAdapterTestsTLS,
- SSLStreamAdapterTestTLS,
- Combine(Values(rtc::KeyParams::RSA(1024, 65537),
- rtc::KeyParams::RSA(1152, 65537),
- rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)),
- Values(rtc::KeyParams::RSA(1024, 65537),
- rtc::KeyParams::RSA(1152, 65537),
- rtc::KeyParams::ECDSA(rtc::EC_NIST_P256))));
-INSTANTIATE_TEST_SUITE_P(
SSLStreamAdapterTestsDTLS,
SSLStreamAdapterTestDTLS,
Combine(Values(rtc::KeyParams::RSA(1024, 65537),
