regress_ssl.c revision 316722 
195584Sanholt/*
295584Sanholt * Copyright (c) 2009-2012 Niels Provos and Nick Mathewson
395584Sanholt *
495584Sanholt * Redistribution and use in source and binary forms, with or without
595584Sanholt * modification, are permitted provided that the following conditions
695584Sanholt * are met:
795584Sanholt * 1. Redistributions of source code must retain the above copyright
895584Sanholt *    notice, this list of conditions and the following disclaimer.
995584Sanholt * 2. Redistributions in binary form must reproduce the above copyright
1095584Sanholt *    notice, this list of conditions and the following disclaimer in the
1195584Sanholt *    documentation and/or other materials provided with the distribution.
1295584Sanholt * 3. The name of the author may not be used to endorse or promote products
1395584Sanholt *    derived from this software without specific prior written permission.
1495584Sanholt *
1595584Sanholt * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
1695584Sanholt * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
1795584Sanholt * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
1895584Sanholt * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
1995584Sanholt * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
2095584Sanholt * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
2195584Sanholt * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
2295584Sanholt * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
2395584Sanholt * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
2495584Sanholt * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
2595584Sanholt */
2695584Sanholt
2795584Sanholt// Get rid of OSX 10.7 and greater deprecation warnings.
2895584Sanholt#if defined(__APPLE__) && defined(__clang__)
2995584Sanholt#pragma clang diagnostic ignored "-Wdeprecated-declarations"
30112015Sanholt#endif
3195584Sanholt
3295584Sanholt#ifdef _WIN32
3395584Sanholt#include <winsock2.h>
3495584Sanholt#include <windows.h>
3595584Sanholt#endif
3695584Sanholt
3795584Sanholt#ifndef _WIN32
3895584Sanholt#include <sys/types.h>
3995584Sanholt#include <sys/socket.h>
40112015Sanholt#include <netinet/in.h>
4195746Sanholt#endif
4295584Sanholt
4395584Sanholt#include "event2/util.h"
4495584Sanholt#include "event2/event.h"
4595584Sanholt#include "event2/bufferevent_ssl.h"
4695584Sanholt#include "event2/buffer.h"
4795584Sanholt#include "event2/listener.h"
4895584Sanholt
4995584Sanholt#include "regress.h"
5095584Sanholt#include "tinytest.h"
5195584Sanholt#include "tinytest_macros.h"
5295584Sanholt
5395584Sanholt#include <openssl/asn1.h>
5495584Sanholt#include <openssl/ssl.h>
5595584Sanholt#include <openssl/bio.h>
56112015Sanholt#include <openssl/crypto.h>
5795584Sanholt#include <openssl/err.h>
5895584Sanholt#include <openssl/pem.h>
5995584Sanholt#include <openssl/opensslv.h>
6095584Sanholt#include <openssl/x509.h>
6195584Sanholt
6295584Sanholt#include <string.h>
6395584Sanholt
64112015Sanholt#if OPENSSL_VERSION_NUMBER < 0x10100000L
6595584Sanholt#define OpenSSL_version_num SSLeay
6695584Sanholt#endif /* OPENSSL_VERSION_NUMBER */
6795584Sanholt
6895584Sanholt/* A short pre-generated key, to save the cost of doing an RSA key generation
6995584Sanholt * step during the unit tests.  It's only 512 bits long, and it is published
7095584Sanholt * in this file, so you would have to be very foolish to consider using it in
71112015Sanholt * your own code. */
7295584Sanholtstatic const char KEY[] =
7395584Sanholt    "-----BEGIN RSA PRIVATE KEY-----\n"
7495584Sanholt    "MIIBOgIBAAJBAKibTEzXjj+sqpipePX1lEk5BNFuL/dDBbw8QCXgaJWikOiKHeJq\n"
7595584Sanholt    "3FQ0OmCnmpkdsPFE4x3ojYmmdgE2i0dJwq0CAwEAAQJAZ08gpUS+qE1IClps/2gG\n"
7695584Sanholt    "AAer6Bc31K2AaiIQvCSQcH440cp062QtWMC3V5sEoWmdLsbAHFH26/9ZHn5zAflp\n"
7795584Sanholt    "gQIhANWOx/UYeR8HD0WREU5kcuSzgzNLwUErHLzxP7U6aojpAiEAyh2H35CjN/P7\n"
78112015Sanholt    "NhcZ4QYw3PeUWpqgJnaE/4i80BSYkSUCIQDLHFhLYLJZ80HwHTADif/ISn9/Ow6b\n"
7995584Sanholt    "p6BWh3DbMar/eQIgBPS6azH5vpp983KXkNv9AL4VZi9ac/b+BeINdzC6GP0CIDmB\n"
8095584Sanholt    "U6GFEQTZ3IfuiVabG5pummdC4DNbcdI+WKrSFNmQ\n"
8195584Sanholt    "-----END RSA PRIVATE KEY-----\n";
8295584Sanholt
83112015Sanholtstatic EVP_PKEY *
8495584Sanholtgetkey(void)
8595584Sanholt{
8695584Sanholt	EVP_PKEY *key;
8795584Sanholt	BIO *bio;
8895584Sanholt
89112015Sanholt	/* new read-only BIO backed by KEY. */
9095584Sanholt	bio = BIO_new_mem_buf((char*)KEY, -1);
9195584Sanholt	tt_assert(bio);
9295584Sanholt
9395584Sanholt	key = PEM_read_bio_PrivateKey(bio,NULL,NULL,NULL);
9495584Sanholt	BIO_free(bio);
9595584Sanholt	tt_assert(key);
9695584Sanholt
97112015Sanholt	return key;
9895584Sanholtend:
9995584Sanholt	return NULL;
10095584Sanholt}
10195584Sanholt
10295584Sanholtstatic X509 *
10395584Sanholtgetcert(void)
10495584Sanholt{
10595584Sanholt	/* Dummy code to make a quick-and-dirty valid certificate with
10695584Sanholt	   OpenSSL.  Don't copy this code into your own program! It does a
10795584Sanholt	   number of things in a stupid and insecure way. */
10895584Sanholt	X509 *x509 = NULL;
10995584Sanholt	X509_NAME *name = NULL;
11095584Sanholt	EVP_PKEY *key = getkey();
11195584Sanholt	int nid;
11295584Sanholt	time_t now = time(NULL);
11395584Sanholt
11495584Sanholt	tt_assert(key);
11595584Sanholt
11695584Sanholt	x509 = X509_new();
11795584Sanholt	tt_assert(x509);
118112015Sanholt	tt_assert(0 != X509_set_version(x509, 2));
11995584Sanholt	tt_assert(0 != ASN1_INTEGER_set(X509_get_serialNumber(x509),
12095584Sanholt		(long)now));
12195584Sanholt
12295584Sanholt	name = X509_NAME_new();
12395584Sanholt	tt_assert(name);
124112015Sanholt	nid = OBJ_txt2nid("commonName");
12595584Sanholt	tt_assert(NID_undef != nid);
12695584Sanholt	tt_assert(0 != X509_NAME_add_entry_by_NID(
12795584Sanholt		    name, nid, MBSTRING_ASC, (unsigned char*)"example.com",
12895584Sanholt		    -1, -1, 0));
12995584Sanholt
13095584Sanholt	X509_set_subject_name(x509, name);
13195584Sanholt	X509_set_issuer_name(x509, name);
13295584Sanholt
13395584Sanholt#if OPENSSL_VERSION_NUMBER < 0x10100000L
13495584Sanholt	X509_time_adj(X509_get_notBefore(x509), 0, &now);
13595584Sanholt	now += 3600;
13695584Sanholt	X509_time_adj(X509_get_notAfter(x509), 0, &now);
13795584Sanholt#else /* OPENSSL_VERSION_NUMBER >= 0x10100000L */
13895584Sanholt	X509_time_adj(X509_getm_notBefore(x509), 0, &now);
13995584Sanholt	now += 3600;
14095584Sanholt	X509_time_adj(X509_getm_notAfter(x509), 0, &now);
14195584Sanholt#endif /* OPENSSL_VERSION_NUMBER */
14295584Sanholt	X509_set_pubkey(x509, key);
14395584Sanholt	tt_assert(0 != X509_sign(x509, key, EVP_sha1()));
14495584Sanholt
14595584Sanholt	return x509;
14695584Sanholtend:
14795584Sanholt	X509_free(x509);
14895584Sanholt	return NULL;
14995584Sanholt}
15095584Sanholt
15195584Sanholtstatic int disable_tls_11_and_12 = 0;
15295584Sanholtstatic SSL_CTX *the_ssl_ctx = NULL;
15395584Sanholt
15495584Sanholtstatic SSL_CTX *
15595584Sanholtget_ssl_ctx(void)
15695584Sanholt{
15795584Sanholt	if (the_ssl_ctx)
15895584Sanholt		return the_ssl_ctx;
15995584Sanholt	the_ssl_ctx = SSL_CTX_new(SSLv23_method());
16095584Sanholt	if (!the_ssl_ctx)
16195584Sanholt		return NULL;
162112015Sanholt	if (disable_tls_11_and_12) {
163112015Sanholt#ifdef SSL_OP_NO_TLSv1_2
164112015Sanholt		SSL_CTX_set_options(the_ssl_ctx, SSL_OP_NO_TLSv1_2);
165112015Sanholt#endif
16695584Sanholt#ifdef SSL_OP_NO_TLSv1_1
167112015Sanholt		SSL_CTX_set_options(the_ssl_ctx, SSL_OP_NO_TLSv1_1);
168112015Sanholt#endif
169112015Sanholt	}
170112015Sanholt	return the_ssl_ctx;
171112015Sanholt}
172112015Sanholt
173112015Sanholtstatic void
17495584Sanholtinit_ssl(void)
17595584Sanholt{
17695584Sanholt	SSL_library_init();
17795584Sanholt	ERR_load_crypto_strings();
17895584Sanholt	SSL_load_error_strings();
17995584Sanholt	OpenSSL_add_all_algorithms();
18095584Sanholt	if (OpenSSL_version_num() != OPENSSL_VERSION_NUMBER) {
18195584Sanholt		TT_DECLARE("WARN", ("Version mismatch for openssl: compiled with %lx but running with %lx", (unsigned long)OPENSSL_VERSION_NUMBER, (unsigned long) OpenSSL_version_num()));
18295584Sanholt	}
18395584Sanholt}
18495584Sanholt
18595584Sanholt/* ====================
18695584Sanholt   Here's a simple test: we read a number from the input, increment it, and
18795584Sanholt   reply, until we get to 1001.
18895584Sanholt*/
18995584Sanholt
19095584Sanholtstatic int test_is_done = 0;
19195584Sanholtstatic int n_connected = 0;
19295584Sanholtstatic int got_close = 0;
19395584Sanholtstatic int got_error = 0;
19495584Sanholtstatic int renegotiate_at = -1;
19595584Sanholtstatic int stop_when_connected = 0;
19695584Sanholtstatic int pending_connect_events = 0;
19795584Sanholtstatic struct event_base *exit_base = NULL;
19895584Sanholt
19995584Sanholtstatic void
20095584Sanholtrespond_to_number(struct bufferevent *bev, void *ctx)
20195584Sanholt{
20295584Sanholt	struct evbuffer *b = bufferevent_get_input(bev);
20395584Sanholt	char *line;
20495584Sanholt	int n;
20595584Sanholt	line = evbuffer_readln(b, NULL, EVBUFFER_EOL_LF);
20695584Sanholt	if (! line)
20795584Sanholt		return;
20895584Sanholt	n = atoi(line);
20995584Sanholt	if (n <= 0)
21095584Sanholt		TT_FAIL(("Bad number: %s", line));
211112015Sanholt	free(line);
21295584Sanholt	TT_BLATHER(("The number was %d", n));
21395584Sanholt	if (n == 1001) {
21495584Sanholt		++test_is_done;
21595584Sanholt		bufferevent_free(bev); /* Should trigger close on other side. */
21695584Sanholt		return;
21795584Sanholt	}
21895584Sanholt	if (!strcmp(ctx, "client") && n == renegotiate_at) {
219112015Sanholt		SSL_renegotiate(bufferevent_openssl_get_ssl(bev));
22095584Sanholt	}
22195584Sanholt	++n;
22295584Sanholt	evbuffer_add_printf(bufferevent_get_output(bev),
22395584Sanholt	    "%d\n", n);
22495584Sanholt	TT_BLATHER(("Done reading; now writing."));
22595584Sanholt	bufferevent_enable(bev, EV_WRITE);
22695584Sanholt	bufferevent_disable(bev, EV_READ);
22795584Sanholt}
22895584Sanholt
22995584Sanholtstatic void
23095584Sanholtdone_writing_cb(struct bufferevent *bev, void *ctx)
23195584Sanholt{
23295584Sanholt	struct evbuffer *b = bufferevent_get_output(bev);
23395584Sanholt	if (evbuffer_get_length(b))
23495584Sanholt		return;
23595584Sanholt	TT_BLATHER(("Done writing."));
23695584Sanholt	bufferevent_disable(bev, EV_WRITE);
23795584Sanholt	bufferevent_enable(bev, EV_READ);
23895584Sanholt}
23995584Sanholt
24095584Sanholtstatic void
24195584Sanholteventcb(struct bufferevent *bev, short what, void *ctx)
24295584Sanholt{
24395584Sanholt	TT_BLATHER(("Got event %d", (int)what));
24495584Sanholt	if (what & BEV_EVENT_CONNECTED) {
24595584Sanholt		SSL *ssl;
24695584Sanholt		X509 *peer_cert;
24795584Sanholt		++n_connected;
24895584Sanholt		ssl = bufferevent_openssl_get_ssl(bev);
24995584Sanholt		tt_assert(ssl);
25095584Sanholt		peer_cert = SSL_get_peer_certificate(ssl);
25195584Sanholt		if (0==strcmp(ctx, "server")) {
25295584Sanholt			tt_assert(peer_cert == NULL);
25395584Sanholt		} else {
254112015Sanholt			tt_assert(peer_cert != NULL);
25595584Sanholt		}
25695584Sanholt		if (stop_when_connected) {
25795584Sanholt			if (--pending_connect_events == 0)
25895584Sanholt				event_base_loopexit(exit_base, NULL);
25995584Sanholt		}
26095584Sanholt	} else if (what & BEV_EVENT_EOF) {
26195584Sanholt		TT_BLATHER(("Got a good EOF"));
262112015Sanholt		++got_close;
26395584Sanholt		bufferevent_free(bev);
26495584Sanholt	} else if (what & BEV_EVENT_ERROR) {
26595584Sanholt		TT_BLATHER(("Got an error."));
26695584Sanholt		++got_error;
26795584Sanholt		bufferevent_free(bev);
26895584Sanholt	}
26995584Sanholtend:
27095584Sanholt	;
271112015Sanholt}
27295584Sanholt
27395584Sanholtstatic void
27495584Sanholtopen_ssl_bufevs(struct bufferevent **bev1_out, struct bufferevent **bev2_out,
27595584Sanholt    struct event_base *base, int is_open, int flags, SSL *ssl1, SSL *ssl2,
27695584Sanholt    evutil_socket_t *fd_pair, struct bufferevent **underlying_pair)
27795584Sanholt{
27895584Sanholt	int state1 = is_open ? BUFFEREVENT_SSL_OPEN :BUFFEREVENT_SSL_CONNECTING;
27995584Sanholt	int state2 = is_open ? BUFFEREVENT_SSL_OPEN :BUFFEREVENT_SSL_ACCEPTING;
28095584Sanholt	if (fd_pair) {
28195584Sanholt		*bev1_out = bufferevent_openssl_socket_new(
28295584Sanholt			base, fd_pair[0], ssl1, state1, flags);
28395584Sanholt		*bev2_out = bufferevent_openssl_socket_new(
28495584Sanholt			base, fd_pair[1], ssl2, state2, flags);
28595584Sanholt	} else {
28695584Sanholt		*bev1_out = bufferevent_openssl_filter_new(
28795584Sanholt			base, underlying_pair[0], ssl1, state1, flags);
28895584Sanholt		*bev2_out = bufferevent_openssl_filter_new(
28995584Sanholt			base, underlying_pair[1], ssl2, state2, flags);
29095584Sanholt
29195584Sanholt	}
29295584Sanholt	bufferevent_setcb(*bev1_out, respond_to_number, done_writing_cb,
29395584Sanholt	    eventcb, (void*)"client");
29495584Sanholt	bufferevent_setcb(*bev2_out, respond_to_number, done_writing_cb,
29595584Sanholt	    eventcb, (void*)"server");
29695584Sanholt}
29795584Sanholt
29895584Sanholtstatic void
29995584Sanholtregress_bufferevent_openssl(void *arg)
30095584Sanholt{
30195584Sanholt	struct basic_test_data *data = arg;
30295584Sanholt
30395584Sanholt	struct bufferevent *bev1, *bev2;
30495584Sanholt	SSL *ssl1, *ssl2;
30595584Sanholt	X509 *cert = getcert();
30695584Sanholt	EVP_PKEY *key = getkey();
30795584Sanholt	const int start_open = strstr((char*)data->setup_data, "open")!=NULL;
30895584Sanholt	const int filter = strstr((char*)data->setup_data, "filter")!=NULL;
30995584Sanholt	int flags = BEV_OPT_DEFER_CALLBACKS;
31095584Sanholt	struct bufferevent *bev_ll[2] = { NULL, NULL };
311112015Sanholt	evutil_socket_t *fd_pair = NULL;
31295584Sanholt
31395584Sanholt	tt_assert(cert);
31495584Sanholt	tt_assert(key);
31595584Sanholt
316112015Sanholt	init_ssl();
31795584Sanholt
31895584Sanholt	if (strstr((char*)data->setup_data, "renegotiate")) {
31995584Sanholt		if (OpenSSL_version_num() >= 0x10001000 &&
32095584Sanholt		    OpenSSL_version_num() <  0x1000104f) {
32195584Sanholt			/* 1.0.1 up to 1.0.1c has a bug where TLS1.1 and 1.2
32295584Sanholt			 * can't renegotiate with themselves. Disable. */
32395584Sanholt			disable_tls_11_and_12 = 1;
32495584Sanholt		}
32595584Sanholt		renegotiate_at = 600;
32695584Sanholt	}
32795584Sanholt
328112015Sanholt	ssl1 = SSL_new(get_ssl_ctx());
32995584Sanholt	ssl2 = SSL_new(get_ssl_ctx());
33095584Sanholt
33195584Sanholt	SSL_use_certificate(ssl2, cert);
33295584Sanholt	SSL_use_PrivateKey(ssl2, key);
33395584Sanholt
33495584Sanholt	if (! start_open)
33595584Sanholt		flags |= BEV_OPT_CLOSE_ON_FREE;
33695584Sanholt
33795584Sanholt	if (!filter) {
33895584Sanholt		tt_assert(strstr((char*)data->setup_data, "socketpair"));
33995584Sanholt		fd_pair = data->pair;
34095584Sanholt	} else {
34195584Sanholt		bev_ll[0] = bufferevent_socket_new(data->base, data->pair[0],
34295584Sanholt		    BEV_OPT_CLOSE_ON_FREE);
34395584Sanholt		bev_ll[1] = bufferevent_socket_new(data->base, data->pair[1],
34495584Sanholt		    BEV_OPT_CLOSE_ON_FREE);
34595584Sanholt	}
34695584Sanholt
34795584Sanholt	open_ssl_bufevs(&bev1, &bev2, data->base, 0, flags, ssl1, ssl2,
34895584Sanholt	    fd_pair, bev_ll);
34995584Sanholt
35095584Sanholt	if (!filter) {
35195584Sanholt		tt_int_op(bufferevent_getfd(bev1), ==, data->pair[0]);
35295584Sanholt	} else {
35395584Sanholt		tt_ptr_op(bufferevent_get_underlying(bev1), ==, bev_ll[0]);
35495584Sanholt	}
35595584Sanholt
35695584Sanholt	if (start_open) {
357112015Sanholt		pending_connect_events = 2;
35895584Sanholt		stop_when_connected = 1;
35995584Sanholt		exit_base = data->base;
36095584Sanholt		event_base_dispatch(data->base);
36195584Sanholt		/* Okay, now the renegotiation is done.  Make new
36295584Sanholt		 * bufferevents to test opening in BUFFEREVENT_SSL_OPEN */
36395584Sanholt		flags |= BEV_OPT_CLOSE_ON_FREE;
36495584Sanholt		bufferevent_free(bev1);
36595584Sanholt		bufferevent_free(bev2);
36695584Sanholt		bev1 = bev2 = NULL;
36795584Sanholt		open_ssl_bufevs(&bev1, &bev2, data->base, 1, flags, ssl1, ssl2,
36895584Sanholt		    fd_pair, bev_ll);
36995584Sanholt	}
37095584Sanholt
37195584Sanholt	bufferevent_enable(bev1, EV_READ|EV_WRITE);
37295584Sanholt	bufferevent_enable(bev2, EV_READ|EV_WRITE);
37395584Sanholt
37495584Sanholt	evbuffer_add_printf(bufferevent_get_output(bev1), "1\n");
37595584Sanholt
37695584Sanholt	event_base_dispatch(data->base);
37795584Sanholt
37895584Sanholt	tt_assert(test_is_done == 1);
37995584Sanholt	tt_assert(n_connected == 2);
38095584Sanholt
38195584Sanholt	/* We don't handle shutdown properly yet.
38295584Sanholt	   tt_int_op(got_close, ==, 1);
38395584Sanholt	   tt_int_op(got_error, ==, 0);
38495584Sanholt	*/
38595584Sanholtend:
38695584Sanholt	return;
38795584Sanholt}
38895584Sanholt
38995584Sanholtstatic void
39095584Sanholtacceptcb(struct evconnlistener *listener, evutil_socket_t fd,
39195584Sanholt    struct sockaddr *addr, int socklen, void *arg)
39295584Sanholt{
39395584Sanholt	struct basic_test_data *data = arg;
39495584Sanholt	struct bufferevent *bev;
395112015Sanholt	SSL *ssl = SSL_new(get_ssl_ctx());
39695584Sanholt
39795584Sanholt	SSL_use_certificate(ssl, getcert());
39895584Sanholt	SSL_use_PrivateKey(ssl, getkey());
39995584Sanholt
40095584Sanholt	bev = bufferevent_openssl_socket_new(
40195584Sanholt		data->base,
40295584Sanholt		fd,
40395584Sanholt		ssl,
40495584Sanholt		BUFFEREVENT_SSL_ACCEPTING,
40595584Sanholt		BEV_OPT_CLOSE_ON_FREE|BEV_OPT_DEFER_CALLBACKS);
40695584Sanholt
40795584Sanholt	bufferevent_setcb(bev, respond_to_number, NULL, eventcb,
40895584Sanholt	    (void*)"server");
40995584Sanholt
41095584Sanholt	bufferevent_enable(bev, EV_READ|EV_WRITE);
41195584Sanholt
41295584Sanholt	/* Only accept once, then disable ourself. */
41395584Sanholt	evconnlistener_disable(listener);
41495584Sanholt}
41595584Sanholt
41695584Sanholtstatic void
41795584Sanholtregress_bufferevent_openssl_connect(void *arg)
41895584Sanholt{
41995584Sanholt	struct basic_test_data *data = arg;
42095584Sanholt
42195584Sanholt	struct event_base *base = data->base;
42295584Sanholt
42395584Sanholt	struct evconnlistener *listener;
42495584Sanholt	struct bufferevent *bev;
42595584Sanholt	struct sockaddr_in sin;
42695584Sanholt	struct sockaddr_storage ss;
427112015Sanholt	ev_socklen_t slen;
42895584Sanholt
42995584Sanholt	init_ssl();
43095584Sanholt
43195584Sanholt	memset(&sin, 0, sizeof(sin));
43295584Sanholt	sin.sin_family = AF_INET;
43395584Sanholt	sin.sin_addr.s_addr = htonl(0x7f000001);
43495584Sanholt
43595584Sanholt	memset(&ss, 0, sizeof(ss));
43695584Sanholt	slen = sizeof(ss);
43795584Sanholt
43895584Sanholt	listener = evconnlistener_new_bind(base, acceptcb, data,
43995584Sanholt	    LEV_OPT_CLOSE_ON_FREE|LEV_OPT_REUSEABLE,
44095584Sanholt	    -1, (struct sockaddr *)&sin, sizeof(sin));
44195584Sanholt
44295584Sanholt	tt_assert(listener);
44395584Sanholt	tt_assert(evconnlistener_get_fd(listener) >= 0);
44495584Sanholt
44595584Sanholt	bev = bufferevent_openssl_socket_new(
44695584Sanholt		data->base, -1, SSL_new(get_ssl_ctx()),
44795584Sanholt		BUFFEREVENT_SSL_CONNECTING,
44895584Sanholt		BEV_OPT_CLOSE_ON_FREE|BEV_OPT_DEFER_CALLBACKS);
44995584Sanholt	tt_assert(bev);
45095584Sanholt
45195584Sanholt	bufferevent_setcb(bev, respond_to_number, NULL, eventcb,
45295584Sanholt	    (void*)"client");
45395584Sanholt
45495584Sanholt	tt_assert(getsockname(evconnlistener_get_fd(listener),
45595584Sanholt		(struct sockaddr*)&ss, &slen) == 0);
45695584Sanholt	tt_assert(slen == sizeof(struct sockaddr_in));
45795584Sanholt	tt_int_op(((struct sockaddr*)&ss)->sa_family, ==, AF_INET);
45895584Sanholt	tt_int_op(((struct sockaddr*)&ss)->sa_family, ==, AF_INET);
45995584Sanholt
46095584Sanholt	tt_assert(0 ==
461112015Sanholt	    bufferevent_socket_connect(bev, (struct sockaddr*)&ss, slen));
46295584Sanholt	evbuffer_add_printf(bufferevent_get_output(bev), "1\n");
46395584Sanholt	bufferevent_enable(bev, EV_READ|EV_WRITE);
46495584Sanholt
465112015Sanholt	event_base_dispatch(base);
46695584Sanholtend:
46795584Sanholt	;
46895584Sanholt}
46995584Sanholt
47095584Sanholtstruct testcase_t ssl_testcases[] = {
47195584Sanholt
47295584Sanholt	{ "bufferevent_socketpair", regress_bufferevent_openssl, TT_ISOLATED,
47395584Sanholt	  &basic_setup, (void*)"socketpair" },
47495584Sanholt	{ "bufferevent_filter", regress_bufferevent_openssl,
47595584Sanholt	  TT_ISOLATED,
47695584Sanholt	  &basic_setup, (void*)"filter" },
47795584Sanholt	{ "bufferevent_renegotiate_socketpair", regress_bufferevent_openssl,
47895584Sanholt	  TT_ISOLATED,
47995584Sanholt	  &basic_setup, (void*)"socketpair renegotiate" },
48095584Sanholt	{ "bufferevent_renegotiate_filter", regress_bufferevent_openssl,
48195584Sanholt	  TT_ISOLATED,
48295584Sanholt	  &basic_setup, (void*)"filter renegotiate" },
48395584Sanholt	{ "bufferevent_socketpair_startopen", regress_bufferevent_openssl,
48495584Sanholt	  TT_ISOLATED, &basic_setup, (void*)"socketpair open" },
48595584Sanholt	{ "bufferevent_filter_startopen", regress_bufferevent_openssl,
48695584Sanholt	  TT_ISOLATED, &basic_setup, (void*)"filter open" },
48795584Sanholt
48895584Sanholt	{ "bufferevent_connect", regress_bufferevent_openssl_connect,
48995584Sanholt	  TT_FORK|TT_NEED_BASE, &basic_setup, NULL },
49095584Sanholt
49195584Sanholt	END_OF_TESTCASES,
49295584Sanholt};
49395584Sanholt