Update regress for the libressl to libtls rename.

author: jsing <> 2014-10-31 14:10:55 +0000
committer: jsing <> 2014-10-31 14:10:55 +0000
commit: 2a2d69e980b92952f465a204eaeac2db737eb070 (patch)
tree: 31393896541297e40332eb6510e90c96ca5d9178
parent: 0832c4987f7c76663376596ce39d96366e9f82e5 (diff)
download: openbsd-2a2d69e980b92952f465a204eaeac2db737eb070.tar.gz
openbsd-2a2d69e980b92952f465a204eaeac2db737eb070.tar.bz2
openbsd-2a2d69e980b92952f465a204eaeac2db737eb070.zip
4 files changed, 288 insertions, 0 deletions
diff --git a/src/regress/lib/libtls/Makefile b/src/regress/lib/libtls/Makefile
new file mode 100644
index 0000000000..fc1e97a3b5
--- /dev/null
+++ b/src/regress/lib/libtls/Makefile
@@ -0,0 +1,8 @@
+#       $OpenBSD: Makefile,v 1.1 2014/10/31 14:10:55 jsing Exp $
+SUBDIR= \
+        gotls
+install:
+.include <bsd.subdir.mk>
diff --git a/src/regress/lib/libtls/gotls/Makefile b/src/regress/lib/libtls/gotls/Makefile
new file mode 100644
index 0000000000..56286feec9
--- /dev/null
+++ b/src/regress/lib/libtls/gotls/Makefile
@@ -0,0 +1,15 @@
+#       $OpenBSD: Makefile,v 1.1 2014/10/31 14:10:55 jsing Exp $
+GO_VERSION != sh -c "(go version) 2>/dev/null || true"
+.if empty(GO_VERSION)
+regress:
+        @echo golang is required for this regress... skipping
+.endif
+REGRESS_TARGETS=regress-gotls
+regress-gotls:
+        cd ${.CURDIR} && go test -test.v .
+.include <bsd.regress.mk>
diff --git a/src/regress/lib/libtls/gotls/tls.go b/src/regress/lib/libtls/gotls/tls.go
new file mode 100644
index 0000000000..7f490492bc
--- /dev/null
+++ b/src/regress/lib/libtls/gotls/tls.go
@@ -0,0 +1,165 @@
+// Package tls provides a Go interface to the libtls library.
+package tls
+/*
+#cgo LDFLAGS: -ltls -lssl -lcrypto
+#include <stdlib.h>
+#include <tls.h>
+typedef void *tls;
+*/
+import "C"
+import (
+        "errors"
+        "fmt"
+        "unsafe"
+)
+// TLSConfig provides configuration options for a TLS context.
+type TLSConfig struct {
+        caFile *C.char
+        tlsCfg *C.struct_tls_config
+}
+// TLS encapsulates the TLS context.
+type TLS struct {
+        cfg *TLSConfig
+        ctx *C.struct_tls
+}
+// Init initialises the TLS library.
+func Init() error {
+        if C.tls_init() != 0 {
+                return errors.New("initialisation failed")
+        }
+        return nil
+}
+// NewConfig returns a new TLS configuration.
+func NewConfig() (*TLSConfig, error) {
+        cfg := C.tls_config_new()
+        if cfg == nil {
+                return nil, errors.New("failed to allocate config")
+        }
+        return &TLSConfig{
+                tlsCfg: cfg,
+        }, nil
+}
+// SetCAFile sets the CA file to be used for connections.
+func (c *TLSConfig) SetCAFile(filename string) {
+        if c.caFile != nil {
+                C.free(unsafe.Pointer(c.caFile))
+        }
+        c.caFile = C.CString(filename)
+        C.tls_config_set_ca_file(c.tlsCfg, c.caFile)
+}
+// InsecureNoVerifyCert disables certificate verification for the connection.
+func (c *TLSConfig) InsecureNoVerifyCert() {
+        C.tls_config_insecure_noverifycert(c.tlsCfg)
+}
+// InsecureNoVerifyHost disables hostname verification for the connection.
+func (c *TLSConfig) InsecureNoVerifyHost() {
+        C.tls_config_insecure_noverifyhost(c.tlsCfg)
+}
+// SetSecure enables verification for the connection.
+func (c *TLSConfig) SetVerify() {
+        C.tls_config_verify(c.tlsCfg)
+}
+// Free frees resources associated with the TLS configuration.
+func (c *TLSConfig) Free() {
+        if c.tlsCfg == nil {
+                return
+        }
+        C.tls_config_free(c.tlsCfg)
+        c.tlsCfg = nil
+}
+// NewClient returns a new TLS client context, using the optional configuration.
+// If no configuration is specified the default configuration will be used.
+func NewClient(config *TLSConfig) (*TLS, error) {
+        var sslCfg *C.struct_tls_config
+        if config != nil {
+                sslCfg = config.tlsCfg
+        }
+        ctx := C.tls_client()
+        if ctx == nil {
+                return nil, errors.New("tls client failed")
+        }
+        if C.tls_configure(ctx, sslCfg) != 0 {
+                return nil, errors.New("tls configure failed")
+        }
+        return &TLS{
+                cfg: config,
+                ctx: ctx,
+        }, nil
+}
+// Error returns the error message from the TLS context.
+func (t *TLS) Error() string {
+        if msg := C.tls_error(t.ctx); msg != nil {
+                return C.GoString(msg)
+        }
+        return ""
+}
+// Connect attempts to establish an TLS connection to the specified host on
+// the given port. The host may optionally contain a colon separated port
+// value if the port string is specified as an empty string.
+func (t *TLS) Connect(host, port string) error {
+        h := C.CString(host)
+        var p *C.char
+        if port != "" {
+                p = C.CString(port)
+        }
+        defer C.free(unsafe.Pointer(h))
+        defer C.free(unsafe.Pointer(p))
+        if C.tls_connect(t.ctx, h, p) != 0 {
+                return fmt.Errorf("connect failed: %v", t.Error())
+        }
+        return nil
+}
+// Read reads data the TLS connection into the given buffer.
+func (t *TLS) Read(buf []byte) (int, error) {
+        var inlen C.size_t
+        if C.tls_read(t.ctx, unsafe.Pointer(&buf[0]), C.size_t(len(buf)), (*C.size_t)(unsafe.Pointer(&inlen))) != 0 {
+                return -1, fmt.Errorf("read failed: %v", t.Error())
+        }
+        return int(inlen), nil
+}
+// Write writes the given data to the TLS connection.
+func (t *TLS) Write(buf []byte) (int, error) {
+        var outlen C.size_t
+        p := C.CString(string(buf))
+        defer C.free(unsafe.Pointer(p))
+        if C.tls_write(t.ctx, unsafe.Pointer(p), C.size_t(len(buf)), (*C.size_t)(unsafe.Pointer(&outlen))) != 0 {
+                return -1, fmt.Errorf("write failed: %v", t.Error())
+        }
+        return int(outlen), nil
+}
+// Close closes the TLS connection.
+func (t *TLS) Close() error {
+        if C.tls_close(t.ctx) != 0 {
+                return fmt.Errorf("close failed: %v", t.Error())
+        }
+        return nil
+}
+// Free frees resources associated with the TLS context.
+func (t *TLS) Free() {
+        if t.ctx == nil {
+                return
+        }
+        C.tls_free(t.ctx)
+        t.ctx = nil
+}
diff --git a/src/regress/lib/libtls/gotls/tls_test.go b/src/regress/lib/libtls/gotls/tls_test.go
new file mode 100644
index 0000000000..f709fcb455
--- /dev/null
+++ b/src/regress/lib/libtls/gotls/tls_test.go
@@ -0,0 +1,100 @@
+package tls
+import (
+        "encoding/pem"
+        "fmt"
+        "io/ioutil"
+        "net/http"
+        "net/http/httptest"
+        "net/url"
+        "os"
+        "strings"
+        "testing"
+)
+// createCAFile writes a PEM encoded version of the certificate out to a
+// temporary file, for use by libtls.
+func createCAFile(cert []byte) (string, error) {
+        f, err := ioutil.TempFile("", "tls")
+        if err != nil {
+                return "", fmt.Errorf("failed to create file: %v", err)
+        }
+        defer f.Close()
+        block := &pem.Block{
+                Type:  "CERTIFICATE",
+                Bytes: cert,
+        }
+        if err := pem.Encode(f, block); err != nil {
+                return "", fmt.Errorf("failed to encode certificate: %v", err)
+        }
+        return f.Name(), nil
+}
+const httpContent = "Hello, TLS!"
+func TestTLSBasic(t *testing.T) {
+        ts := httptest.NewTLSServer(
+                http.HandlerFunc(
+                        func(w http.ResponseWriter, r *http.Request) {
+                                fmt.Fprintln(w, httpContent)
+                        },
+                ),
+        )
+        defer ts.Close()
+        u, err := url.Parse(ts.URL)
+        if err != nil {
+                t.Fatalf("Failed to parse URL %q: %v", ts.URL, err)
+        }
+        caFile, err := createCAFile(ts.TLS.Certificates[0].Certificate[0])
+        if err != nil {
+                t.Fatalf("Failed to create CA file: %v", err)
+        }
+        defer os.Remove(caFile)
+        if err := Init(); err != nil {
+                t.Fatal(err)
+        }
+        cfg, err := NewConfig()
+        if err != nil {
+                t.Fatal(err)
+        }
+        defer cfg.Free()
+        cfg.SetCAFile(caFile)
+        tls, err := NewClient(cfg)
+        if err != nil {
+                t.Fatal(err)
+        }
+        defer tls.Free()
+        t.Logf("Connecting to %s", u.Host)
+        if err := tls.Connect(u.Host, ""); err != nil {
+                t.Fatal(err)
+        }
+        defer func() {
+                if err := tls.Close(); err != nil {
+                        t.Logf("Close failed: %v", err)
+                }
+        }()
+        n, err := tls.Write([]byte("GET / HTTP/1.0\n\n"))
+        if err != nil {
+                t.Fatal(err)
+        }
+        t.Logf("Wrote %d bytes...", n)
+        buf := make([]byte, 1024)
+        n, err = tls.Read(buf)
+        if err != nil {
+                t.Fatal(err)
+        }
+        t.Logf("Read %d bytes...", n)
+        if !strings.Contains(string(buf), httpContent) {
+                t.Errorf("Response does not contain %q", httpContent)
+        }
+}
author	jsing <>	2014-10-31 14:10:55 +0000
committer	jsing <>	2014-10-31 14:10:55 +0000
commit	2a2d69e980b92952f465a204eaeac2db737eb070 (patch)
tree	31393896541297e40332eb6510e90c96ca5d9178
parent	0832c4987f7c76663376596ce39d96366e9f82e5 (diff)
download	openbsd-2a2d69e980b92952f465a204eaeac2db737eb070.tar.gz openbsd-2a2d69e980b92952f465a204eaeac2db737eb070.tar.bz2 openbsd-2a2d69e980b92952f465a204eaeac2db737eb070.zip

diff --git a/src/regress/lib/libtls/Makefile b/src/regress/lib/libtls/Makefile new file mode 100644 index 0000000000..fc1e97a3b5 --- /dev/null +++ b/src/regress/lib/libtls/Makefile
@@ -0,0 +1,8 @@
	1	# $OpenBSD: Makefile,v 1.1 2014/10/31 14:10:55 jsing Exp $
	2
	3	SUBDIR= \
	4	gotls
	5
	6	install:
	7
	8	.include <bsd.subdir.mk>


diff --git a/src/regress/lib/libtls/gotls/Makefile b/src/regress/lib/libtls/gotls/Makefile new file mode 100644 index 0000000000..56286feec9 --- /dev/null +++ b/src/regress/lib/libtls/gotls/Makefile
@@ -0,0 +1,15 @@
	1	# $OpenBSD: Makefile,v 1.1 2014/10/31 14:10:55 jsing Exp $
	2
	3	GO_VERSION != sh -c "(go version) 2>/dev/null \|\| true"
	4
	5	.if empty(GO_VERSION)
	6	regress:
	7	@echo golang is required for this regress... skipping
	8	.endif
	9
	10	REGRESS_TARGETS=regress-gotls
	11
	12	regress-gotls:
	13	cd ${.CURDIR} && go test -test.v .
	14
	15	.include <bsd.regress.mk>


diff --git a/src/regress/lib/libtls/gotls/tls.go b/src/regress/lib/libtls/gotls/tls.go new file mode 100644 index 0000000000..7f490492bc --- /dev/null +++ b/src/regress/lib/libtls/gotls/tls.go
@@ -0,0 +1,165 @@
	1	// Package tls provides a Go interface to the libtls library.
	2	package tls
	3
	4	/*
	5	#cgo LDFLAGS: -ltls -lssl -lcrypto
	6
	7	#include <stdlib.h>
	8
	9	#include <tls.h>
	10
	11	typedef void *tls;
	12	*/
	13	import "C"
	14
	15	import (
	16	"errors"
	17	"fmt"
	18	"unsafe"
	19	)
	20
	21	// TLSConfig provides configuration options for a TLS context.
	22	type TLSConfig struct {
	23	caFile *C.char
	24	tlsCfg *C.struct_tls_config
	25	}
	26
	27	// TLS encapsulates the TLS context.
	28	type TLS struct {
	29	cfg *TLSConfig
	30	ctx *C.struct_tls
	31	}
	32
	33	// Init initialises the TLS library.
	34	func Init() error {
	35	if C.tls_init() != 0 {
	36	return errors.New("initialisation failed")
	37	}
	38	return nil
	39	}
	40
	41	// NewConfig returns a new TLS configuration.
	42	func NewConfig() (*TLSConfig, error) {
	43	cfg := C.tls_config_new()
	44	if cfg == nil {
	45	return nil, errors.New("failed to allocate config")
	46	}
	47	return &TLSConfig{
	48	tlsCfg: cfg,
	49	}, nil
	50	}
	51
	52	// SetCAFile sets the CA file to be used for connections.
	53	func (c *TLSConfig) SetCAFile(filename string) {
	54	if c.caFile != nil {
	55	C.free(unsafe.Pointer(c.caFile))
	56	}
	57	c.caFile = C.CString(filename)
	58	C.tls_config_set_ca_file(c.tlsCfg, c.caFile)
	59	}
	60
	61	// InsecureNoVerifyCert disables certificate verification for the connection.
	62	func (c *TLSConfig) InsecureNoVerifyCert() {
	63	C.tls_config_insecure_noverifycert(c.tlsCfg)
	64	}
	65
	66	// InsecureNoVerifyHost disables hostname verification for the connection.
	67	func (c *TLSConfig) InsecureNoVerifyHost() {
	68	C.tls_config_insecure_noverifyhost(c.tlsCfg)
	69	}
	70
	71	// SetSecure enables verification for the connection.
	72	func (c *TLSConfig) SetVerify() {
	73	C.tls_config_verify(c.tlsCfg)
	74	}
	75
	76	// Free frees resources associated with the TLS configuration.
	77	func (c *TLSConfig) Free() {
	78	if c.tlsCfg == nil {
	79	return
	80	}
	81	C.tls_config_free(c.tlsCfg)
	82	c.tlsCfg = nil
	83	}
	84
	85	// NewClient returns a new TLS client context, using the optional configuration.
	86	// If no configuration is specified the default configuration will be used.
	87	func NewClient(config TLSConfig) (TLS, error) {
	88	var sslCfg *C.struct_tls_config
	89	if config != nil {
	90	sslCfg = config.tlsCfg
	91	}
	92	ctx := C.tls_client()
	93	if ctx == nil {
	94	return nil, errors.New("tls client failed")
	95	}
	96	if C.tls_configure(ctx, sslCfg) != 0 {
	97	return nil, errors.New("tls configure failed")
	98	}
	99	return &TLS{
	100	cfg: config,
	101	ctx: ctx,
	102	}, nil
	103	}
	104
	105	// Error returns the error message from the TLS context.
	106	func (t *TLS) Error() string {
	107	if msg := C.tls_error(t.ctx); msg != nil {
	108	return C.GoString(msg)
	109	}
	110	return ""
	111	}
	112
	113	// Connect attempts to establish an TLS connection to the specified host on
	114	// the given port. The host may optionally contain a colon separated port
	115	// value if the port string is specified as an empty string.
	116	func (t *TLS) Connect(host, port string) error {
	117	h := C.CString(host)
	118	var p *C.char
	119	if port != "" {
	120	p = C.CString(port)
	121	}
	122	defer C.free(unsafe.Pointer(h))
	123	defer C.free(unsafe.Pointer(p))
	124	if C.tls_connect(t.ctx, h, p) != 0 {
	125	return fmt.Errorf("connect failed: %v", t.Error())
	126	}
	127	return nil
	128	}
	129
	130	// Read reads data the TLS connection into the given buffer.
	131	func (t *TLS) Read(buf []byte) (int, error) {
	132	var inlen C.size_t
	133	if C.tls_read(t.ctx, unsafe.Pointer(&buf[0]), C.size_t(len(buf)), (*C.size_t)(unsafe.Pointer(&inlen))) != 0 {
	134	return -1, fmt.Errorf("read failed: %v", t.Error())
	135	}
	136	return int(inlen), nil
	137	}
	138
	139	// Write writes the given data to the TLS connection.
	140	func (t *TLS) Write(buf []byte) (int, error) {
	141	var outlen C.size_t
	142	p := C.CString(string(buf))
	143	defer C.free(unsafe.Pointer(p))
	144	if C.tls_write(t.ctx, unsafe.Pointer(p), C.size_t(len(buf)), (*C.size_t)(unsafe.Pointer(&outlen))) != 0 {
	145	return -1, fmt.Errorf("write failed: %v", t.Error())
	146	}
	147	return int(outlen), nil
	148	}
	149
	150	// Close closes the TLS connection.
	151	func (t *TLS) Close() error {
	152	if C.tls_close(t.ctx) != 0 {
	153	return fmt.Errorf("close failed: %v", t.Error())
	154	}
	155	return nil
	156	}
	157
	158	// Free frees resources associated with the TLS context.
	159	func (t *TLS) Free() {
	160	if t.ctx == nil {
	161	return
	162	}
	163	C.tls_free(t.ctx)
	164	t.ctx = nil
	165	}


diff --git a/src/regress/lib/libtls/gotls/tls_test.go b/src/regress/lib/libtls/gotls/tls_test.go new file mode 100644 index 0000000000..f709fcb455 --- /dev/null +++ b/src/regress/lib/libtls/gotls/tls_test.go
@@ -0,0 +1,100 @@
	1	package tls
	2
	3	import (
	4	"encoding/pem"
	5	"fmt"
	6	"io/ioutil"
	7	"net/http"
	8	"net/http/httptest"
	9	"net/url"
	10	"os"
	11	"strings"
	12	"testing"
	13	)
	14
	15	// createCAFile writes a PEM encoded version of the certificate out to a
	16	// temporary file, for use by libtls.
	17	func createCAFile(cert []byte) (string, error) {
	18	f, err := ioutil.TempFile("", "tls")
	19	if err != nil {
	20	return "", fmt.Errorf("failed to create file: %v", err)
	21	}
	22	defer f.Close()
	23	block := &pem.Block{
	24	Type: "CERTIFICATE",
	25	Bytes: cert,
	26	}
	27	if err := pem.Encode(f, block); err != nil {
	28	return "", fmt.Errorf("failed to encode certificate: %v", err)
	29	}
	30	return f.Name(), nil
	31	}
	32
	33	const httpContent = "Hello, TLS!"
	34
	35	func TestTLSBasic(t *testing.T) {
	36	ts := httptest.NewTLSServer(
	37	http.HandlerFunc(
	38	func(w http.ResponseWriter, r *http.Request) {
	39	fmt.Fprintln(w, httpContent)
	40	},
	41	),
	42	)
	43	defer ts.Close()
	44
	45	u, err := url.Parse(ts.URL)
	46	if err != nil {
	47	t.Fatalf("Failed to parse URL %q: %v", ts.URL, err)
	48	}
	49
	50	caFile, err := createCAFile(ts.TLS.Certificates[0].Certificate[0])
	51	if err != nil {
	52	t.Fatalf("Failed to create CA file: %v", err)
	53	}
	54	defer os.Remove(caFile)
	55
	56	if err := Init(); err != nil {
	57	t.Fatal(err)
	58	}
	59
	60	cfg, err := NewConfig()
	61	if err != nil {
	62	t.Fatal(err)
	63	}
	64	defer cfg.Free()
	65	cfg.SetCAFile(caFile)
	66
	67	tls, err := NewClient(cfg)
	68	if err != nil {
	69	t.Fatal(err)
	70	}
	71	defer tls.Free()
	72
	73	t.Logf("Connecting to %s", u.Host)
	74
	75	if err := tls.Connect(u.Host, ""); err != nil {
	76	t.Fatal(err)
	77	}
	78	defer func() {
	79	if err := tls.Close(); err != nil {
	80	t.Logf("Close failed: %v", err)
	81	}
	82	}()
	83
	84	n, err := tls.Write([]byte("GET / HTTP/1.0\n\n"))
	85	if err != nil {
	86	t.Fatal(err)
	87	}
	88	t.Logf("Wrote %d bytes...", n)
	89
	90	buf := make([]byte, 1024)
	91	n, err = tls.Read(buf)
	92	if err != nil {
	93	t.Fatal(err)
	94	}
	95	t.Logf("Read %d bytes...", n)
	96
	97	if !strings.Contains(string(buf), httpContent) {
	98	t.Errorf("Response does not contain %q", httpContent)
	99	}
	100	}