Add unit test for setting server cipher preferences in the CH callback#4550
Closed
Add unit test for setting server cipher preferences in the CH callback#4550
Conversation
Contributor
|
Thanks for the PR ! We'll have a look. |
goatgoose
reviewed
May 14, 2024
Contributor
goatgoose
left a comment
goatgoose
left a comment
There was a problem hiding this comment.
Thanks for the PR!
Within this callback, are calls to
s2n_connection_set_cipher_preferencesalso valid?
Yes, I believe this should be valid, since the client hello callback is invoked before a cipher suite is negotiated.
Co-authored-by: Sam Clark <3758302+goatgoose@users.noreply.github.com>
goatgoose
reviewed
May 20, 2024
| exit(result); | ||
| } | ||
|
|
||
| bool security_policy_contains_cipher(const char* security_policy_name, uint8_t* cipher_iana) { |
Contributor
There was a problem hiding this comment.
Nice, it looks like this is working with the FIPS test now. The only failing test is for clang-format:
Suggested change
| bool security_policy_contains_cipher(const char* security_policy_name, uint8_t* cipher_iana) { | |
| bool security_policy_contains_cipher(const char *security_policy_name, uint8_t *cipher_iana) | |
| { |
Comment on lines
+25
to
26
| #include "tls/s2n_security_policies.h" | ||
| #include "tls/s2n_internal.h" |
Contributor
There was a problem hiding this comment.
clang-format:
Suggested change
| #include "tls/s2n_security_policies.h" | |
| #include "tls/s2n_internal.h" | |
| #include "tls/s2n_internal.h" | |
| #include "tls/s2n_security_policies.h" |
|
This PR has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description of changes:
This adds a new unit test for changing server cipher preferences in the ClientHello callback
From the documentation of s2n_client_hello_fn:
Within this callback, are calls to
s2n_connection_set_cipher_preferencesalso valid? I found no documentation or unit test that confirms this, so I'm contributing one under the premise that this is the case.Testing
I confirmed that removing the
s2n_connection_set_cipher_preferences()call from the test callback fails the new unit test.By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.