diff options
author | Joel Sing <jsing@cvs.openbsd.org> | 2014-10-31 14:10:56 +0000 |
---|---|---|
committer | Joel Sing <jsing@cvs.openbsd.org> | 2014-10-31 14:10:56 +0000 |
commit | a17d6bf53ab09d09bb87a7de7080dc396564f208 (patch) | |
tree | 4609ff33cc74e2a82d70497e680ea46552a92565 | |
parent | 6823694d2f683d8a1d136c4f3cbb2fbfe8817287 (diff) |
Update regress for the libressl to libtls rename.
-rw-r--r-- | regress/lib/Makefile | 4 | ||||
-rw-r--r-- | regress/lib/libressl/Makefile | 8 | ||||
-rw-r--r-- | regress/lib/libressl/goressl/ressl.go | 161 | ||||
-rw-r--r-- | regress/lib/libtls/Makefile | 8 | ||||
-rw-r--r-- | regress/lib/libtls/gotls/Makefile (renamed from regress/lib/libressl/goressl/Makefile) | 6 | ||||
-rw-r--r-- | regress/lib/libtls/gotls/tls.go | 165 | ||||
-rw-r--r-- | regress/lib/libtls/gotls/tls_test.go (renamed from regress/lib/libressl/goressl/ressl_test.go) | 30 |
7 files changed, 193 insertions, 189 deletions
diff --git a/regress/lib/Makefile b/regress/lib/Makefile index e98bd496fd8..2df295114e4 100644 --- a/regress/lib/Makefile +++ b/regress/lib/Makefile @@ -1,6 +1,6 @@ -# $OpenBSD: Makefile,v 1.17 2014/07/14 01:05:36 jsing Exp $ +# $OpenBSD: Makefile,v 1.18 2014/10/31 14:10:55 jsing Exp $ -SUBDIR+= csu libc libcrypto libevent libm libpthread libressl libskey libssl \ +SUBDIR+= csu libc libcrypto libevent libm libpthread libskey libssl libtls \ libutil install: diff --git a/regress/lib/libressl/Makefile b/regress/lib/libressl/Makefile deleted file mode 100644 index 563753a1f07..00000000000 --- a/regress/lib/libressl/Makefile +++ /dev/null @@ -1,8 +0,0 @@ -# $OpenBSD: Makefile,v 1.1 2014/07/12 16:01:28 jsing Exp $ - -SUBDIR= \ - goressl - -install: - -.include <bsd.subdir.mk> diff --git a/regress/lib/libressl/goressl/ressl.go b/regress/lib/libressl/goressl/ressl.go deleted file mode 100644 index 17f457d1bfe..00000000000 --- a/regress/lib/libressl/goressl/ressl.go +++ /dev/null @@ -1,161 +0,0 @@ -// Package ressl provides a Go interface to the libressl library. -package ressl - -/* -#cgo LDFLAGS: -lressl -lssl -lcrypto - -#include <stdlib.h> - -#include <ressl.h> - -typedef void *ressl; -*/ -import "C" - -import ( - "errors" - "fmt" - "unsafe" -) - -// ResslConfig provides configuration options for a Ressl context. -type ResslConfig struct { - caFile *C.char - resslCfg *C.struct_ressl_config -} - -// Ressl encapsulates the context for ressl. -type Ressl struct { - cfg *ResslConfig - ctx *C.struct_ressl -} - -// Init initialises the ressl library. -func Init() error { - if C.ressl_init() != 0 { - return errors.New("initialisation failed") - } - return nil -} - -// NewConfig returns a new ressl configuration. -func NewConfig() (*ResslConfig, error) { - cfg := C.ressl_config_new() - if cfg == nil { - return nil, errors.New("failed to allocate config") - } - return &ResslConfig{ - resslCfg: cfg, - }, nil -} - -// SetCAFile sets the CA file to be used for connections. -func (c *ResslConfig) SetCAFile(filename string) { - if c.caFile != nil { - C.free(unsafe.Pointer(c.caFile)) - } - c.caFile = C.CString(filename) - C.ressl_config_set_ca_file(c.resslCfg, c.caFile) -} - -// SetInsecure disables verification for the connection. -func (c *ResslConfig) InsecureNoVerify() { - C.ressl_config_insecure_no_verify(c.resslCfg) -} - -// SetSecure enables verification for the connection. -func (c *ResslConfig) SetVerify() { - C.ressl_config_verify(c.resslCfg) -} - -// Free frees resources associated with the ressl configuration. -func (c *ResslConfig) Free() { - if c.resslCfg == nil { - return - } - C.ressl_config_free(c.resslCfg) - c.resslCfg = nil -} - -// NewClient returns a new ressl client context, using the optional -// configuration. If no configuration is specified the default configuration -// will be used. -func NewClient(config *ResslConfig) (*Ressl, error) { - var sslCfg *C.struct_ressl_config - if config != nil { - sslCfg = config.resslCfg - } - ctx := C.ressl_client() - if ctx == nil { - return nil, errors.New("ressl client failed") - } - if C.ressl_configure(ctx, sslCfg) != 0 { - return nil, errors.New("ressl configure failed") - } - return &Ressl{ - cfg: config, - ctx: ctx, - }, nil -} - -// Error returns the error message from the ressl context. -func (r *Ressl) Error() string { - if msg := C.ressl_error(r.ctx); msg != nil { - return C.GoString(msg) - } - return "" -} - -// Connect attempts to establish an SSL connection to the specified host on -// the given port. The host may optionally contain a colon separated port -// value if the port string is specified as an empty string. -func (r *Ressl) Connect(host, port string) error { - h := C.CString(host) - var p *C.char - if port != "" { - p = C.CString(port) - } - defer C.free(unsafe.Pointer(h)) - defer C.free(unsafe.Pointer(p)) - if C.ressl_connect(r.ctx, h, p) != 0 { - return fmt.Errorf("connect failed: %v", r.Error()) - } - return nil -} - -// Read reads data the SSL connection into the given buffer. -func (r *Ressl) Read(buf []byte) (int, error) { - var inlen C.size_t - if C.ressl_read(r.ctx, unsafe.Pointer(&buf[0]), C.size_t(len(buf)), (*C.size_t)(unsafe.Pointer(&inlen))) != 0 { - return -1, fmt.Errorf("read failed: %v", r.Error()) - } - return int(inlen), nil -} - -// Write writes the given data to the SSL connection. -func (r *Ressl) Write(buf []byte) (int, error) { - var outlen C.size_t - p := C.CString(string(buf)) - defer C.free(unsafe.Pointer(p)) - if C.ressl_write(r.ctx, unsafe.Pointer(p), C.size_t(len(buf)), (*C.size_t)(unsafe.Pointer(&outlen))) != 0 { - return -1, fmt.Errorf("write failed: %v", r.Error()) - } - return int(outlen), nil -} - -// Close closes the SSL connection. -func (r *Ressl) Close() error { - if C.ressl_close(r.ctx) != 0 { - return fmt.Errorf("close failed: %v", r.Error()) - } - return nil -} - -// Free frees resources associated with the ressl context. -func (r *Ressl) Free() { - if r.ctx == nil { - return - } - C.ressl_free(r.ctx) - r.ctx = nil -} diff --git a/regress/lib/libtls/Makefile b/regress/lib/libtls/Makefile new file mode 100644 index 00000000000..fc1e97a3b5e --- /dev/null +++ b/regress/lib/libtls/Makefile @@ -0,0 +1,8 @@ +# $OpenBSD: Makefile,v 1.1 2014/10/31 14:10:55 jsing Exp $ + +SUBDIR= \ + gotls + +install: + +.include <bsd.subdir.mk> diff --git a/regress/lib/libressl/goressl/Makefile b/regress/lib/libtls/gotls/Makefile index d938db3f370..56286feec92 100644 --- a/regress/lib/libressl/goressl/Makefile +++ b/regress/lib/libtls/gotls/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.1 2014/07/12 16:01:28 jsing Exp $ +# $OpenBSD: Makefile,v 1.1 2014/10/31 14:10:55 jsing Exp $ GO_VERSION != sh -c "(go version) 2>/dev/null || true" @@ -7,9 +7,9 @@ regress: @echo golang is required for this regress... skipping .endif -REGRESS_TARGETS=regress-goressl +REGRESS_TARGETS=regress-gotls -regress-goressl: +regress-gotls: cd ${.CURDIR} && go test -test.v . .include <bsd.regress.mk> diff --git a/regress/lib/libtls/gotls/tls.go b/regress/lib/libtls/gotls/tls.go new file mode 100644 index 00000000000..7f490492bc9 --- /dev/null +++ b/regress/lib/libtls/gotls/tls.go @@ -0,0 +1,165 @@ +// Package tls provides a Go interface to the libtls library. +package tls + +/* +#cgo LDFLAGS: -ltls -lssl -lcrypto + +#include <stdlib.h> + +#include <tls.h> + +typedef void *tls; +*/ +import "C" + +import ( + "errors" + "fmt" + "unsafe" +) + +// TLSConfig provides configuration options for a TLS context. +type TLSConfig struct { + caFile *C.char + tlsCfg *C.struct_tls_config +} + +// TLS encapsulates the TLS context. +type TLS struct { + cfg *TLSConfig + ctx *C.struct_tls +} + +// Init initialises the TLS library. +func Init() error { + if C.tls_init() != 0 { + return errors.New("initialisation failed") + } + return nil +} + +// NewConfig returns a new TLS configuration. +func NewConfig() (*TLSConfig, error) { + cfg := C.tls_config_new() + if cfg == nil { + return nil, errors.New("failed to allocate config") + } + return &TLSConfig{ + tlsCfg: cfg, + }, nil +} + +// SetCAFile sets the CA file to be used for connections. +func (c *TLSConfig) SetCAFile(filename string) { + if c.caFile != nil { + C.free(unsafe.Pointer(c.caFile)) + } + c.caFile = C.CString(filename) + C.tls_config_set_ca_file(c.tlsCfg, c.caFile) +} + +// InsecureNoVerifyCert disables certificate verification for the connection. +func (c *TLSConfig) InsecureNoVerifyCert() { + C.tls_config_insecure_noverifycert(c.tlsCfg) +} + +// InsecureNoVerifyHost disables hostname verification for the connection. +func (c *TLSConfig) InsecureNoVerifyHost() { + C.tls_config_insecure_noverifyhost(c.tlsCfg) +} + +// SetSecure enables verification for the connection. +func (c *TLSConfig) SetVerify() { + C.tls_config_verify(c.tlsCfg) +} + +// Free frees resources associated with the TLS configuration. +func (c *TLSConfig) Free() { + if c.tlsCfg == nil { + return + } + C.tls_config_free(c.tlsCfg) + c.tlsCfg = nil +} + +// NewClient returns a new TLS client context, using the optional configuration. +// If no configuration is specified the default configuration will be used. +func NewClient(config *TLSConfig) (*TLS, error) { + var sslCfg *C.struct_tls_config + if config != nil { + sslCfg = config.tlsCfg + } + ctx := C.tls_client() + if ctx == nil { + return nil, errors.New("tls client failed") + } + if C.tls_configure(ctx, sslCfg) != 0 { + return nil, errors.New("tls configure failed") + } + return &TLS{ + cfg: config, + ctx: ctx, + }, nil +} + +// Error returns the error message from the TLS context. +func (t *TLS) Error() string { + if msg := C.tls_error(t.ctx); msg != nil { + return C.GoString(msg) + } + return "" +} + +// Connect attempts to establish an TLS connection to the specified host on +// the given port. The host may optionally contain a colon separated port +// value if the port string is specified as an empty string. +func (t *TLS) Connect(host, port string) error { + h := C.CString(host) + var p *C.char + if port != "" { + p = C.CString(port) + } + defer C.free(unsafe.Pointer(h)) + defer C.free(unsafe.Pointer(p)) + if C.tls_connect(t.ctx, h, p) != 0 { + return fmt.Errorf("connect failed: %v", t.Error()) + } + return nil +} + +// Read reads data the TLS connection into the given buffer. +func (t *TLS) Read(buf []byte) (int, error) { + var inlen C.size_t + if C.tls_read(t.ctx, unsafe.Pointer(&buf[0]), C.size_t(len(buf)), (*C.size_t)(unsafe.Pointer(&inlen))) != 0 { + return -1, fmt.Errorf("read failed: %v", t.Error()) + } + return int(inlen), nil +} + +// Write writes the given data to the TLS connection. +func (t *TLS) Write(buf []byte) (int, error) { + var outlen C.size_t + p := C.CString(string(buf)) + defer C.free(unsafe.Pointer(p)) + if C.tls_write(t.ctx, unsafe.Pointer(p), C.size_t(len(buf)), (*C.size_t)(unsafe.Pointer(&outlen))) != 0 { + return -1, fmt.Errorf("write failed: %v", t.Error()) + } + return int(outlen), nil +} + +// Close closes the TLS connection. +func (t *TLS) Close() error { + if C.tls_close(t.ctx) != 0 { + return fmt.Errorf("close failed: %v", t.Error()) + } + return nil +} + +// Free frees resources associated with the TLS context. +func (t *TLS) Free() { + if t.ctx == nil { + return + } + C.tls_free(t.ctx) + t.ctx = nil +} diff --git a/regress/lib/libressl/goressl/ressl_test.go b/regress/lib/libtls/gotls/tls_test.go index a2d1a04a5bc..f709fcb455d 100644 --- a/regress/lib/libressl/goressl/ressl_test.go +++ b/regress/lib/libtls/gotls/tls_test.go @@ -1,4 +1,4 @@ -package ressl +package tls import ( "encoding/pem" @@ -13,9 +13,9 @@ import ( ) // createCAFile writes a PEM encoded version of the certificate out to a -// temporary file, for use by ressl. +// temporary file, for use by libtls. func createCAFile(cert []byte) (string, error) { - f, err := ioutil.TempFile("", "ressl") + f, err := ioutil.TempFile("", "tls") if err != nil { return "", fmt.Errorf("failed to create file: %v", err) } @@ -30,9 +30,9 @@ func createCAFile(cert []byte) (string, error) { return f.Name(), nil } -const httpContent = "Hello, ressl!" +const httpContent = "Hello, TLS!" -func TestResslBasic(t *testing.T) { +func TestTLSBasic(t *testing.T) { ts := httptest.NewTLSServer( http.HandlerFunc( func(w http.ResponseWriter, r *http.Request) { @@ -64,27 +64,31 @@ func TestResslBasic(t *testing.T) { defer cfg.Free() cfg.SetCAFile(caFile) - ssl, err := NewClient(cfg) + tls, err := NewClient(cfg) if err != nil { t.Fatal(err) } - defer ssl.Free() + defer tls.Free() t.Logf("Connecting to %s", u.Host) - if err := ssl.Connect(u.Host, ""); err != nil { + if err := tls.Connect(u.Host, ""); err != nil { t.Fatal(err) } - defer ssl.Close() + defer func() { + if err := tls.Close(); err != nil { + t.Logf("Close failed: %v", err) + } + }() - n, err := ssl.Write([]byte("GET / HTTP/1.0\n\n")) + n, err := tls.Write([]byte("GET / HTTP/1.0\n\n")) if err != nil { t.Fatal(err) } t.Logf("Wrote %d bytes...", n) buf := make([]byte, 1024) - n, err = ssl.Read(buf) + n, err = tls.Read(buf) if err != nil { t.Fatal(err) } @@ -93,8 +97,4 @@ func TestResslBasic(t *testing.T) { if !strings.Contains(string(buf), httpContent) { t.Errorf("Response does not contain %q", httpContent) } - - if err := ssl.Close(); err != nil { - t.Fatal(err) - } } |