commit b2e2e32c35a228d9e690c90fd5e1bb575dbb0984
author David Benjamin <davidben@google.com> Tue Nov 01 17:32:54 2016 -0400
committer CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Wed Nov 02 13:53:40 2016 +0000
tree db6ca638a9b448a5a1ef9be1b5824b971c57aa79
parent 997c706d43504e3cab9de281c0b459534e30508f

Test that client and server enforce session timeouts.

We were only testing one side.

Change-Id: Ieb755e27b235aaf1317bd2c8e5fb374cb0ecfdb3
Reviewed-on: https://boringssl-review.googlesource.com/12001
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>

ssl/ssl_test.cc

diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc
index 55ac923..ab1a599 100644
--- a/ssl/ssl_test.cc
+++ b/ssl/ssl_test.cc
@@ -2047,58 +2047,68 @@
   }
 
   for (uint16_t version : kTLSVersions) {
-    static const int kStartTime = 1000;
-    g_current_time.tv_sec = kStartTime;
+    for (bool server_test : std::vector<bool>{false, true}) {
+      static const int kStartTime = 1000;
+      g_current_time.tv_sec = kStartTime;
 
-    bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
-    bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
-    if (!server_ctx || !client_ctx ||
-        !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
-        !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
-        !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
-        !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
-        !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
-        !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
-      return false;
-    }
+      bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
+      bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
+      if (!server_ctx || !client_ctx ||
+          !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
+          !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
+          !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
+          !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
+          !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
+          !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
+        return false;
+      }
 
-    SSL_CTX_set_session_cache_mode(client_ctx.get(), SSL_SESS_CACHE_BOTH);
+      SSL_CTX_set_session_cache_mode(client_ctx.get(), SSL_SESS_CACHE_BOTH);
+      SSL_CTX_set_session_cache_mode(server_ctx.get(), SSL_SESS_CACHE_BOTH);
 
-    SSL_CTX_set_session_cache_mode(server_ctx.get(), SSL_SESS_CACHE_BOTH);
-    SSL_CTX_set_current_time_cb(server_ctx.get(), CurrentTimeCallback);
+      // Both client and server must enforce session timeouts.
+      if (server_test) {
+        SSL_CTX_set_current_time_cb(server_ctx.get(), CurrentTimeCallback);
+      } else {
+        SSL_CTX_set_current_time_cb(client_ctx.get(), CurrentTimeCallback);
+      }
 
-    bssl::UniquePtr<SSL_SESSION> session =
-        CreateClientSession(client_ctx.get(), server_ctx.get());
-    if (!session) {
-      fprintf(stderr, "Error getting session (version = %04x).\n", version);
-      return false;
-    }
+      bssl::UniquePtr<SSL_SESSION> session =
+          CreateClientSession(client_ctx.get(), server_ctx.get());
+      if (!session) {
+        fprintf(stderr, "Error getting session (version = %04x).\n", version);
+        return false;
+      }
 
-    // Advance the clock just behind the timeout.
-    g_current_time.tv_sec += SSL_DEFAULT_SESSION_TIMEOUT;
+      // Advance the clock just behind the timeout.
+      g_current_time.tv_sec += SSL_DEFAULT_SESSION_TIMEOUT;
 
-    if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
-                             true /* expect session reused */)) {
-      fprintf(stderr, "Error resuming session (version = %04x).\n", version);
-      return false;
-    }
+      if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
+                               session.get(),
+                               true /* expect session reused */)) {
+        fprintf(stderr, "Error resuming session (version = %04x).\n", version);
+        return false;
+      }
 
-    // Advance the clock one more second.
-    g_current_time.tv_sec++;
+      // Advance the clock one more second.
+      g_current_time.tv_sec++;
 
-    if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
-                             false /* expect session not reused */)) {
-      fprintf(stderr, "Error resuming session (version = %04x).\n", version);
-      return false;
-    }
+      if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
+                               session.get(),
+                               false /* expect session not reused */)) {
+        fprintf(stderr, "Error resuming session (version = %04x).\n", version);
+        return false;
+      }
 
-    // Rewind the clock to before the session was minted.
-    g_current_time.tv_sec = kStartTime - 1;
+      // Rewind the clock to before the session was minted.
+      g_current_time.tv_sec = kStartTime - 1;
 
-    if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
-                             false /* expect session not reused */)) {
-      fprintf(stderr, "Error resuming session (version = %04x).\n", version);
-      return false;
+      if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
+                               session.get(),
+                               false /* expect session not reused */)) {
+        fprintf(stderr, "Error resuming session (version = %04x).\n", version);
+        return false;
+      }
     }
   }