fix test dtls

webrtc-rs · Apr 22, 2024 · be9ce12 · be9ce12
1 parent 6a7f0cc
commit be9ce12
Show file tree

Hide file tree

Showing 2 changed files with 120 additions and 115 deletions.
diff --git a/dtls/src/conn/conn_test.rs b/dtls/src/conn/conn_test.rs
@@ -992,56 +992,57 @@ async fn test_client_certificate() -> Result<()> {
             },
             false,
         ),
-        //(
-        //    "VerifyClientCertIfGiven_cert",
-        //    Config {
-        //        roots_cas: srv_ca_pool.clone(),
-        //        server_name: server_name.clone(),
-        //        certificates: vec![cert.clone()],
-        //        ..Default::default()
-        //    },
-        //    Config {
-        //        certificates: vec![srv_cert.clone()],
-        //        client_auth: ClientAuthType::VerifyClientCertIfGiven,
-        //        client_cas: ca_pool.clone(),
-        //        roots_cas: gen_self_signed_localhost_root_cert(),
-        //        ..Default::default()
-        //    },
-        //    false,
-        //),
-        //(
-        //    "VerifyClientCertIfGiven_error",
-        //    Config {
-        //        roots_cas: srv_ca_pool.clone(),
-        //        server_name: server_name.clone(),
-        //        certificates: vec![cert.clone()],
-        //        ..Default::default()
-        //    },
-        //    Config {
-        //        certificates: vec![srv_cert.clone()],
-        //        client_auth: ClientAuthType::VerifyClientCertIfGiven,
-        //        roots_cas: gen_self_signed_localhost_root_cert(),
-        //        ..Default::default()
-        //    },
-        //    true,
-        //),
-        //(
-        //    "RequireAndVerifyClientCert",
-        //    Config {
-        //        roots_cas: srv_ca_pool.clone(),
-        //        server_name: server_name.clone(),
-        //        certificates: vec![cert.clone()],
-        //        ..Default::default()
-        //    },
-        //    Config {
-        //        certificates: vec![srv_cert.clone()],
-        //        client_auth: ClientAuthType::RequireAndVerifyClientCert,
-        //        client_cas: ca_pool.clone(),
-        //        roots_cas: gen_self_signed_localhost_root_cert(),
-        //        ..Default::default()
-        //    },
-        //    false,
-        //),
+        (
+            "VerifyClientCertIfGiven_cert",
+            Config {
+                roots_cas: srv_ca_pool.clone(),
+                server_name: server_name.clone(),
+                certificates: vec![cert.clone()],
+                ..Default::default()
+            },
+            Config {
+                certificates: vec![srv_cert.clone()],
+                client_auth: ClientAuthType::VerifyClientCertIfGiven,
+                client_cas: ca_pool.clone(),
+                roots_cas: gen_self_signed_localhost_root_cert(),
+                ..Default::default()
+            },
+            false,
+        ),
+        (
+            "VerifyClientCertIfGiven_error",
+            Config {
+                roots_cas: srv_ca_pool.clone(),
+                server_name: server_name.clone(),
+                certificates: vec![cert.clone()],
+                ..Default::default()
+            },
+            Config {
+                certificates: vec![srv_cert.clone()],
+                client_auth: ClientAuthType::VerifyClientCertIfGiven,
+                roots_cas: gen_self_signed_localhost_root_cert(),
+                client_cas: gen_self_signed_localhost_root_cert(),
+                ..Default::default()
+            },
+            true,
+        ),
+        (
+            "RequireAndVerifyClientCert",
+            Config {
+                roots_cas: srv_ca_pool.clone(),
+                server_name: server_name.clone(),
+                certificates: vec![cert.clone()],
+                ..Default::default()
+            },
+            Config {
+                certificates: vec![srv_cert.clone()],
+                client_auth: ClientAuthType::RequireAndVerifyClientCert,
+                client_cas: ca_pool.clone(),
+                roots_cas: gen_self_signed_localhost_root_cert(),
+                ..Default::default()
+            },
+            false,
+        ),
     ];
 
     for (name, client_cfg, server_cfg, want_err) in tests {
@@ -1438,70 +1439,70 @@ async fn test_server_certificate() -> Result<()> {
             },
             false,
         ),
-        //(
-        //    "good_ca_verify_custom_verify_peer",
-        //    Config {
-        //        roots_cas: ca_pool.clone(),
-        //        server_name: server_name.clone(),
-        //        certificates: vec![cert.clone()],
-        //        ..Default::default()
-        //    },
-        //    Config {
-        //        certificates: vec![cert.clone()],
-        //        client_auth: ClientAuthType::RequireAndVerifyClientCert,
-        //        roots_cas: gen_self_signed_localhost_root_cert(),
-        //        client_cas: ca_pool.clone(),
-        //        verify_peer_certificate: Some(Arc::new(fn_expected_chain)),
-        //        ..Default::default()
-        //    },
-        //    false,
-        //),
-        //(
-        //    "good_ca_custom_verify_peer",
-        //    Config {
-        //        roots_cas: ca_pool.clone(),
-        //        server_name: server_name.clone(),
-        //        verify_peer_certificate: Some(Arc::new(fn_wrong_cert)),
-        //        ..Default::default()
-        //    },
-        //    Config {
-        //        certificates: vec![cert.clone()],
-        //        roots_cas: gen_self_signed_localhost_root_cert(),
-        //        client_auth: ClientAuthType::NoClientCert,
-        //        ..Default::default()
-        //    },
-        //    true,
-        //),
-        //(
-        //    "server_name",
-        //    Config {
-        //        roots_cas: ca_pool.clone(),
-        //        server_name: server_name.clone(),
-        //        ..Default::default()
-        //    },
-        //    Config {
-        //        certificates: vec![cert.clone()],
-        //        client_auth: ClientAuthType::NoClientCert,
-        //        roots_cas: gen_self_signed_localhost_root_cert(),
-        //        ..Default::default()
-        //    },
-        //    false,
-        //),
-        //(
-        //    "server_name_error",
-        //    Config {
-        //        roots_cas: ca_pool.clone(),
-        //        server_name: "barfoo".to_owned(),
-        //        ..Default::default()
-        //    },
-        //    Config {
-        //        certificates: vec![cert.clone()],
-        //        client_auth: ClientAuthType::NoClientCert,
-        //        roots_cas: gen_self_signed_localhost_root_cert(),
-        //        ..Default::default()
-        //    },
-        //    true,
-        //),
+        (
+            "good_ca_verify_custom_verify_peer",
+            Config {
+                roots_cas: ca_pool.clone(),
+                server_name: server_name.clone(),
+                certificates: vec![cert.clone()],
+                ..Default::default()
+            },
+            Config {
+                certificates: vec![cert.clone()],
+                client_auth: ClientAuthType::RequireAndVerifyClientCert,
+                roots_cas: gen_self_signed_localhost_root_cert(),
+                client_cas: ca_pool.clone(),
+                verify_peer_certificate: Some(Arc::new(fn_expected_chain)),
+                ..Default::default()
+            },
+            false,
+        ),
+        (
+            "good_ca_custom_verify_peer",
+            Config {
+                roots_cas: ca_pool.clone(),
+                server_name: server_name.clone(),
+                verify_peer_certificate: Some(Arc::new(fn_wrong_cert)),
+                ..Default::default()
+            },
+            Config {
+                certificates: vec![cert.clone()],
+                roots_cas: gen_self_signed_localhost_root_cert(),
+                client_auth: ClientAuthType::NoClientCert,
+                ..Default::default()
+            },
+            true,
+        ),
+        (
+            "server_name",
+            Config {
+                roots_cas: ca_pool.clone(),
+                server_name: server_name.clone(),
+                ..Default::default()
+            },
+            Config {
+                certificates: vec![cert.clone()],
+                client_auth: ClientAuthType::NoClientCert,
+                roots_cas: gen_self_signed_localhost_root_cert(),
+                ..Default::default()
+            },
+            false,
+        ),
+        (
+            "server_name_error",
+            Config {
+                roots_cas: ca_pool.clone(),
+                server_name: "barfoo".to_owned(),
+                ..Default::default()
+            },
+            Config {
+                certificates: vec![cert.clone()],
+                client_auth: ClientAuthType::NoClientCert,
+                roots_cas: gen_self_signed_localhost_root_cert(),
+                ..Default::default()
+            },
+            true,
+        ),
     ];
 
     for (name, client_cfg, server_cfg, want_err) in tests {

diff --git a/dtls/src/conn/mod.rs b/dtls/src/conn/mod.rs
@@ -216,7 +216,11 @@ impl DTLSConn {
             client_cert_verifier: if config.client_auth as u8
                 >= ClientAuthType::VerifyClientCertIfGiven as u8
             {
-                Some(rustls::server::WebPkiClientVerifier::no_client_auth())
+                Some(rustls::server::WebPkiClientVerifier::builder(
+                    Arc::new(config.client_cas)
+                ).allow_unauthenticated()
+                    .build()
+                    .unwrap())
             } else {
                 None
             },