Move test/SSLUtil into its own translation unit

Summary: Title, per the comments in D24542765 Reviewed By: mingtaoy Differential Revision: D25339949 fbshipit-source-id: a203dcd9ee4d2f3282d9d0f8706f8af9f084551c

Move test/SSLUtil into its own translation unit
Summary: Title, per the comments in D24542765 Reviewed By: mingtaoy Differential Revision: D25339949 fbshipit-source-id: a203dcd9ee4d2f3282d9d0f8706f8af9f084551c
20006c60 · Andrew Huang · Facebook GitHub Bot · bf3b5e1e · 20006c60 · 20006c60
Commit 20006c60 authored Dec 07, 2020 by Andrew Huang Committed by Facebook GitHub Bot Dec 07, 2020
Showing with 79 additions and 40 deletions

CMakeLists.txt CMakeLists.txt +2 -0

folly/io/async/test/SSLUtil.cpp folly/io/async/test/SSLUtil.cpp +75 -0

folly/io/async/test/SSLUtil.h folly/io/async/test/SSLUtil.h +2 -40

No files found.
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -519,6 +519,8 @@ if (BUILD_TESTS)
    ${FOLLY_DIR}/io/async/test/ScopedBoundPort.h
    ${FOLLY_DIR}/io/async/test/SocketPair.cpp
    ${FOLLY_DIR}/io/async/test/SocketPair.h
+    ${FOLLY_DIR}/io/async/test/SSLUtil.cpp
+    ${FOLLY_DIR}/io/async/test/SSLUtil.h
    ${FOLLY_DIR}/io/async/test/TestSSLServer.cpp
    ${FOLLY_DIR}/io/async/test/TestSSLServer.h
    ${FOLLY_DIR}/io/async/test/TimeUtil.cpp

--- a/folly/io/async/test/SSLUtil.cpp
+++ b/folly/io/async/test/SSLUtil.cpp
+/*
+ * Copyright (c) Facebook, Inc. and its affiliates.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <algorithm>
+#include <set>
+
+#include <folly/io/async/test/SSLUtil.h>
+
+namespace {
+
+std::set<std::string> const suitesFor13{
+    "TLS_AES_256_GCM_SHA384",
+    "TLS_CHACHA20_POLY1305_SHA256",
+    "TLS_AES_128_GCM_SHA256",
+    "TLS_AES_128_CCM_8_SHA256",
+    "TLS_AES_128_CCM_SHA256",
+};
+
+} // namespace
+
+namespace folly {
+namespace test {
+
+std::vector<std::string> getCiphersFromSSL(SSL* s) {
+  std::vector<std::string> osslCiphers;
+  for (int i = 0;; i++) {
+    auto c = SSL_get_cipher_list(s, i);
+    if (c == nullptr) {
+      break;
+    }
+    osslCiphers.emplace_back(std::move(c));
+  }
+
+  return osslCiphers;
+}
+
+std::vector<std::string> getNonTLS13CipherList(SSL* s) {
+  // OpenSSL 1.1.1 added TLS 1.3 support; SSL_get_cipher_list will return
+  // TLS 1.3 ciphersuites, even if they are not explicitly added by
+  // SSL_CTX_set_cipher_list (This is to ensure that applications built against
+  // 1.1.0 which did not have TLS 1.3 support would still be able to
+  // transparently begin negotiating TLS 1.3).
+  //
+  // For the time being, filter out any TLS 1.3 ciphers that appear in the
+  // returned list. A more accurate test would be to determine at runtime
+  // if TLS 1.3 support is available, and assert that the TLS 1.3 ciphersuites
+  // are added regardless of what we put in SSL_CTX_set_cipher_list
+
+  auto ciphers = getCiphersFromSSL(s);
+  ciphers.erase(
+      std::remove_if(
+          begin(ciphers),
+          end(ciphers),
+          [](const std::string& cipher) {
+            return suitesFor13.count(cipher) > 0;
+          }),
+      end(ciphers));
+  return ciphers;
+}
+
+} // namespace test
+} // namespace folly
--- a/folly/io/async/test/SSLUtil.h
+++ b/folly/io/async/test/SSLUtil.h
@@ -26,47 +26,9 @@
 namespace folly {
 namespace test {

-static std::vector<std::string> getCiphersFromSSL(SSL* s) {
-  std::vector<std::string> osslCiphers;
-  for (int i = 0;; i++) {
-    auto c = SSL_get_cipher_list(s, i);
-    if (c == nullptr) {
-      break;
-    }
-    osslCiphers.emplace_back(std::move(c));
-  }
+std::vector<std::string> getCiphersFromSSL(SSL* s);

-  return osslCiphers;
-}
-
-static std::vector<std::string> getNonTLS13CipherList(SSL* s) {
-  // OpenSSL 1.1.1 added TLS 1.3 support; SSL_get_cipher_list will return
-  // TLS 1.3 ciphersuites, even if they are not explicitly added by
-  // SSL_CTX_set_cipher_list (This is to ensure that applications built against
-  // 1.1.0 which did not have TLS 1.3 support would still be able to
-  // transparently begin negotiating TLS 1.3).
-  //
-  // For the time being, filter out any TLS 1.3 ciphers that appear in the
-  // returned list. A more accurate test would be to determine at runtime
-  // if TLS 1.3 support is available, and assert that the TLS 1.3 ciphersuites
-  // are added regardless of what we put in SSL_CTX_set_cipher_list
-  static std::set<std::string> const suitesFor13{
-      "TLS_AES_256_GCM_SHA384",
-      "TLS_CHACHA20_POLY1305_SHA256",
-      "TLS_AES_128_GCM_SHA256",
-  };
-
-  auto ciphers = getCiphersFromSSL(s);
-  ciphers.erase(
-      std::remove_if(
-          begin(ciphers),
-          end(ciphers),
-          [](const std::string& cipher) {
-            return suitesFor13.count(cipher) > 0;
-          }),
-      end(ciphers));
-  return ciphers;
-}
+std::vector<std::string> getNonTLS13CipherList(SSL* s);

 } // namespace test
 } // namespace folly