#3299: NetSSL: Allow per-Context InvalidCertificateHandler

2025-10-20 14:02:38 +02:00 · 2021-06-06 18:11:05 +02:00
parent 3249abe2a4
commit ab010473b9
14 changed files with 166 additions and 27 deletions
--- a/NetSSL_OpenSSL/testsuite/src/TCPServerTest.cpp
+++ b/NetSSL_OpenSSL/testsuite/src/TCPServerTest.cpp
@@ -18,6 +18,8 @@
 #include "Poco/Net/SecureStreamSocket.h"
 #include "Poco/Net/SecureServerSocket.h"
 #include "Poco/Net/Context.h"
+#include "Poco/Net/RejectCertificateHandler.h"
+#include "Poco/Net/AcceptCertificateHandler.h"
 #include "Poco/Net/Session.h"
 #include "Poco/Net/SSLManager.h"
 #include "Poco/Util/Application.h"
@@ -70,6 +72,26 @@ namespace
 			}
 		}
 	};
+
+	class NullConnection: public TCPServerConnection
+	{
+	public:
+		NullConnection(const StreamSocket& s): TCPServerConnection(s)
+		{
+		}
+
+		void run()
+		{
+			SecureStreamSocket& ss = static_cast<SecureStreamSocket&>(socket());
+			try
+			{
+				ss.completeHandshake();
+			}
+			catch (...)
+			{
+			}
+		}
+	};
 }


@@ -381,6 +403,50 @@ void TCPServerTest::testReuseSession()
 }


+void TCPServerTest::testContextInvalidCertificateHandler()
+{
+	SecureServerSocket svs(0);
+	TCPServer srv(new TCPServerConnectionFactoryImpl<NullConnection>(), svs);
+	srv.start();
+
+	Context::Ptr pClientContext = new Context(
+		Context::CLIENT_USE,
+		"",
+		"",
+		"",
+		Context::VERIFY_RELAXED,
+		9,
+		true,
+		"ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
+
+	pClientContext->setInvalidCertificateHandler(new Poco::Net::RejectCertificateHandler(false));
+
+	SocketAddress sa("127.0.0.1", svs.address().port());
+
+	try
+	{
+		SecureStreamSocket ss1(sa, pClientContext);
+		fail("must throw with RejectCertificateHandler");
+	}
+	catch (...)
+	{
+	}
+
+	pClientContext->setInvalidCertificateHandler(new Poco::Net::AcceptCertificateHandler(false));
+
+	try
+	{
+		SecureStreamSocket ss1(sa, pClientContext);
+	}
+	catch (...)
+	{
+		fail("must not throw with AcceptCertificateHandler");
+	}
+
+	srv.stop();
+}
+
+
 void TCPServerTest::setUp()
 {
 }
@@ -400,6 +466,7 @@ CppUnit::Test* TCPServerTest::suite()
 	CppUnit_addTest(pSuite, TCPServerTest, testMultiConnections);
 	CppUnit_addTest(pSuite, TCPServerTest, testReuseSocket);
 	CppUnit_addTest(pSuite, TCPServerTest, testReuseSession);
+	CppUnit_addTest(pSuite, TCPServerTest, testContextInvalidCertificateHandler);

 	return pSuite;
 }
--- a/NetSSL_OpenSSL/testsuite/src/TCPServerTest.h
+++ b/NetSSL_OpenSSL/testsuite/src/TCPServerTest.h
@@ -29,6 +29,7 @@ public:
 	void testMultiConnections();
 	void testReuseSocket();
 	void testReuseSession();
+	void testContextInvalidCertificateHandler();

 	void setUp();
 	void tearDown();