expose SSL_set_compliance_policy
This commit is contained in:
Shih-Chiang Chien
Rushil Mehra
parent
49a8d0906a
commit
220bedf239
|
|
@ -3784,6 +3784,13 @@ impl SslRef {
|
||||||
ffi::SSL_set_enable_ech_grease(self.as_ptr(), enable);
|
ffi::SSL_set_enable_ech_grease(self.as_ptr(), enable);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// Sets the compliance policy on `SSL`.
|
||||||
|
#[cfg(not(feature = "fips-compat"))]
|
||||||
|
#[corresponds(SSL_set_compliance_policy)]
|
||||||
|
pub fn set_compliance_policy(&mut self, policy: CompliancePolicy) -> Result<(), ErrorStack> {
|
||||||
|
unsafe { cvt_0i(ffi::SSL_set_compliance_policy(self.as_ptr(), policy.0)).map(|_| ()) }
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// An SSL stream midway through the handshake process.
|
/// An SSL stream midway through the handshake process.
|
||||||
|
|
|
||||||
|
|
@ -1070,3 +1070,52 @@ fn test_info_callback() {
|
||||||
client.connect();
|
client.connect();
|
||||||
assert!(CALLED_BACK.load(Ordering::Relaxed));
|
assert!(CALLED_BACK.load(Ordering::Relaxed));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[cfg(not(feature = "fips-compat"))]
|
||||||
|
#[test]
|
||||||
|
fn test_ssl_set_compliance() {
|
||||||
|
let ctx = SslContext::builder(SslMethod::tls()).unwrap().build();
|
||||||
|
let mut ssl = Ssl::new(&ctx).unwrap();
|
||||||
|
ssl.set_compliance_policy(CompliancePolicy::FIPS_202205)
|
||||||
|
.unwrap();
|
||||||
|
|
||||||
|
assert_eq!(ssl.max_proto_version().unwrap(), SslVersion::TLS1_3);
|
||||||
|
assert_eq!(ssl.min_proto_version().unwrap(), SslVersion::TLS1_2);
|
||||||
|
|
||||||
|
const FIPS_CIPHERS: [&str; 4] = [
|
||||||
|
"ECDHE-ECDSA-AES128-GCM-SHA256",
|
||||||
|
"ECDHE-RSA-AES128-GCM-SHA256",
|
||||||
|
"ECDHE-ECDSA-AES256-GCM-SHA384",
|
||||||
|
"ECDHE-RSA-AES256-GCM-SHA384",
|
||||||
|
];
|
||||||
|
|
||||||
|
let ciphers = ssl.ciphers();
|
||||||
|
assert_eq!(ciphers.len(), FIPS_CIPHERS.len());
|
||||||
|
|
||||||
|
for cipher in ciphers.into_iter().zip(FIPS_CIPHERS) {
|
||||||
|
assert_eq!(cipher.0.name(), cipher.1)
|
||||||
|
}
|
||||||
|
|
||||||
|
let ctx = SslContext::builder(SslMethod::tls()).unwrap().build();
|
||||||
|
let mut ssl = Ssl::new(&ctx).unwrap();
|
||||||
|
ssl.set_compliance_policy(CompliancePolicy::WPA3_192_202304)
|
||||||
|
.unwrap();
|
||||||
|
|
||||||
|
assert_eq!(ssl.max_proto_version().unwrap(), SslVersion::TLS1_3);
|
||||||
|
assert_eq!(ssl.min_proto_version().unwrap(), SslVersion::TLS1_2);
|
||||||
|
|
||||||
|
const WPA3_192_CIPHERS: [&str; 2] = [
|
||||||
|
"ECDHE-ECDSA-AES256-GCM-SHA384",
|
||||||
|
"ECDHE-RSA-AES256-GCM-SHA384",
|
||||||
|
];
|
||||||
|
|
||||||
|
let ciphers = ssl.ciphers();
|
||||||
|
assert_eq!(ciphers.len(), WPA3_192_CIPHERS.len());
|
||||||
|
|
||||||
|
for cipher in ciphers.into_iter().zip(WPA3_192_CIPHERS) {
|
||||||
|
assert_eq!(cipher.0.name(), cipher.1)
|
||||||
|
}
|
||||||
|
|
||||||
|
ssl.set_compliance_policy(CompliancePolicy::NONE)
|
||||||
|
.expect_err("Testing expect err if set compliance policy to NONE");
|
||||||
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue