1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140

//#[macro_use]
//extern crate cfg_if;

use std::io;
use std::net::ToSocketAddrs;
use std::str;
use std::error;

use futures::Future;
use tokio_io::io::{flush, read_to_end, write_all};
use tokio_core::net::TcpStream;
use tokio_core::reactor::Core;

use env_logger;

use tls_api;

use tls_api::TlsConnectorBuilder as tls_api_TlsConnectorBuilder;

use tokio_tls_api;


macro_rules! t {
    ($e:expr) => (match $e {
        Ok(e) => e,
        Err(e) => panic!("{} failed with {:?}", stringify!($e), e),
    })
}

/*
cfg_if! {
    if #[cfg(feature = "force-rustls")] {
        fn assert_bad_hostname_error(err: &Error) {
            let err = err.to_string();
            assert!(err.contains("CertNotValidForName"), "bad error: {}", err);
        }
    } else if #[cfg(any(feature = "force-openssl",
                        all(not(target_os = "macos"),
                            not(target_os = "windows"),
                            not(target_os = "ios"))))] {
        extern crate openssl;

        use openssl::ssl;
        use tls_api::backend::openssl::ErrorExt;

        fn assert_bad_hostname_error(err: &Error) {
            let err = err.get_ref().unwrap();
            let err = err.downcast_ref::<tls_api::Error>().unwrap();
            let errs = match *err.openssl_error() {
                ssl::Error::Ssl(ref v) => v,
                ref e => panic!("not an ssl eror: {:?}", e),
            };
            assert!(errs.errors().iter().any(|e| {
                e.reason() == Some("certificate verify failed")
            }), "bad errors: {:?}", errs);
        }
    } else if #[cfg(any(target_os = "macos", target_os = "ios"))] {
        use tls_api::backend::security_framework::ErrorExt;

        fn assert_bad_hostname_error(err: &Error) {
            let err = err.get_ref().unwrap();
            let err = err.downcast_ref::<tls_api::Error>().unwrap();
            let err = err.security_framework_error();
            assert_eq!(err.message().unwrap(), "The trust policy was not trusted.");
        }
    } else {
        extern crate winapi;

        use tls_api::backend::schannel::ErrorExt;

        fn assert_bad_hostname_error(err: &Error) {
            let err = err.get_ref().unwrap();
            let err = err.downcast_ref::<tls_api::Error>().unwrap();
            let err = err.schannel_error();
            let code = err.raw_os_error().unwrap();
            assert_eq!(code as usize, winapi::CERT_E_CN_NO_MATCH as usize);
        }
    }
}
*/

fn native2io(e: tls_api::Error) -> io::Error {
    io::Error::new(io::ErrorKind::Other, e)
}

pub fn fetch_google<C : tls_api::TlsConnector>() {
    drop(env_logger::try_init());

    // First up, resolve google.com
    let addr = t!("google.com:443".to_socket_addrs()).next().unwrap();

    // Create an event loop and connect a socket to our resolved address.c
    let mut l = t!(Core::new());
    let client = TcpStream::connect(&addr, &l.handle());


    // Send off the request by first negotiating an SSL handshake, then writing
    // of our request, then flushing, then finally read off the response.
    let data = client.and_then(move |socket| {
                                   let builder = t!(C::builder());
                                   let connector = t!(builder.build());
                                   tokio_tls_api::connect_async(&connector, "google.com", socket).map_err(native2io)
                               })
        .and_then(|socket| write_all(socket, b"GET / HTTP/1.0\r\n\r\n"))
        .and_then(|(socket, _)| flush(socket))
        .and_then(|socket| read_to_end(socket, Vec::new()));

    let (_, data) = t!(l.run(data));

    // any response code is fine
    assert!(data.starts_with(b"HTTP/1.0 "));

    let data = String::from_utf8_lossy(&data);
    let data = data.trim_right();
    assert!(data.ends_with("</html>") || data.ends_with("</HTML>"));
}

// see comment in bad.rs for ignore reason
//#[cfg_attr(all(target_os = "macos", feature = "force-openssl"), ignore)]
//#[test]
pub fn wrong_hostname_error<C : tls_api::TlsConnector>() -> tls_api::Error {
    drop(env_logger::try_init());

    let addr = t!("google.com:443".to_socket_addrs()).next().unwrap();

    let mut l = t!(Core::new());
    let client = TcpStream::connect(&addr, &l.handle());
    let data = client.and_then(move |socket| {
        let builder = t!(C::builder());
        let connector = t!(builder.build());
        tokio_tls_api::connect_async(&connector, "rust-lang.org", socket)
            .map_err(native2io)
    });

    let res = l.run(data);
    assert!(res.is_err());
    let err: io::Error = res.unwrap_err();
    let inner: Box<error::Error> = err.into_inner().unwrap();
    *inner.downcast().unwrap()
}