Add a CertificateIdentityVerifier to AsyncSSLSocket

Summary: This diff introduces a callback, `CertificateIdentityVerifier` that can probe peer end-entity certificates during a TLS handshake in `AsyncSSLSocket`. The verifier gets called only if regular chain verification (OpenSSL's and a `HandshakeCB`'s) succeeds and can return a `Try` with a `CertificateIdentityVerifierException` to indicate that a failure occurred. `AsyncSSLSocket` will then fail the TLS handshake. The diff also adds a new `AsyncSSLSocket` constructor with a new `Options` parameter that groups together some optional properties, including the verifier. We can eventually refactor the other constructors to use it too. Reviewed By: mingtaoy Differential Revision: D22821714 fbshipit-source-id: b63b141862b5703eb5274fb6ef8aa98934a55df0

Add a CertificateIdentityVerifier to AsyncSSLSocket
Summary: This diff introduces a callback, `CertificateIdentityVerifier` that can probe peer end-entity certificates during a TLS handshake in `AsyncSSLSocket`. The verifier gets called only if regular chain verification (OpenSSL's and a `HandshakeCB`'s) succeeds and can return a `Try` with a `CertificateIdentityVerifierException` to indicate that a failure occurred. `AsyncSSLSocket` will then fail the TLS handshake. The diff also adds a new `AsyncSSLSocket` constructor with a new `Options` parameter that groups together some optional properties, including the verifier. We can eventually refactor the other constructors to use it too. Reviewed By: mingtaoy Differential Revision: D22821714 fbshipit-source-id: b63b141862b5703eb5274fb6ef8aa98934a55df0
25e3fd32 · Sotirios Delimanolis · Facebook GitHub Bot · 0666e8d5 · 25e3fd32 · 25e3fd32
Commit 25e3fd32 authored Sep 14, 2020 by Sotirios Delimanolis Committed by Facebook GitHub Bot Sep 14, 2020
5 changed files
--- a/folly/io/async/AsyncSSLSocket.cpp
+++ b/folly/io/async/AsyncSSLSocket.cpp
@@ -209,6 +209,47 @@ class AsyncSSLSocketConnector : public AsyncSocket::ConnectCallback,
  }
 };

+AsyncSSLSocket::AsyncSSLSocket(
+    shared_ptr<SSLContext> ctx,
+    EventBase* evb,
+    Options&& options)
+    : AsyncSocket(evb),
+      server_{options.isServer},
+      ctx_{std::move(ctx)},
+      certificateIdentityVerifier_{std::move(options.verifier)},
+      handshakeTimeout_{this, evb},
+      connectionTimeout_{this, evb} {
+  init();
+  if (options.isServer) {
+    SSL_CTX_set_info_callback(
+        ctx_->getSSLCtx(), AsyncSSLSocket::sslInfoCallback);
+  }
+  if (options.deferSecurityNegotiation) {
+    sslState_ = STATE_UNENCRYPTED;
+  }
+}
+
+AsyncSSLSocket::AsyncSSLSocket(
+    std::shared_ptr<folly::SSLContext> ctx,
+    AsyncSocket::UniquePtr oldAsyncSocket,
+    Options&& options)
+    : AsyncSocket(std::move(oldAsyncSocket)),
+      server_{options.isServer},
+      ctx_{std::move(ctx)},
+      certificateIdentityVerifier_{std::move(options.verifier)},
+      handshakeTimeout_{this, AsyncSocket::getEventBase()},
+      connectionTimeout_{this, AsyncSocket::getEventBase()} {
+  noTransparentTls_ = true;
+  init();
+  if (options.isServer) {
+    SSL_CTX_set_info_callback(
+        ctx_->getSSLCtx(), AsyncSSLSocket::sslInfoCallback);
+  }
+  if (options.deferSecurityNegotiation) {
+    sslState_ = STATE_UNENCRYPTED;
+  }
+}
+
 /**
 * Create a client AsyncSSLSocket
 */
@@ -1805,9 +1846,51 @@ int AsyncSSLSocket::sslVerifyCallback(
  VLOG(3) << "AsyncSSLSocket::sslVerifyCallback() this=" << self << ", "
          << "fd=" << self->fd_ << ", preverifyOk=" << preverifyOk;

-  return (self->handshakeCallback_)
-      ? self->handshakeCallback_->handshakeVer(self, preverifyOk, x509Ctx)
-      : preverifyOk;
+  if (self->handshakeCallback_) {
+    int callbackOk =
+        (self->handshakeCallback_->handshakeVer(self, preverifyOk, x509Ctx))
+        ? 1
+        : 0;
+
+    if (preverifyOk != callbackOk) {
+      // HandshakeCB overwrites result from OpenSSL. One way or another, do not
+      // call CertificateIdentityVerifier.
+      return callbackOk;
+    }
+  }
+
+  if (!preverifyOk) {
+    // OpenSSL verification failure, no need to call CertificateIdentityVerifier
+    return 0;
+  }
+
+  // only invoke the CertificateIdentityVerifier for the leaf certificate and
+  // only if OpenSSL's preverify and the HandshakeCB's handshakeVer succeeded
+
+  int currentDepth = X509_STORE_CTX_get_error_depth(x509Ctx);
+  if (currentDepth != 0 || self->certificateIdentityVerifier_ == nullptr) {
+    return 1;
+  }
+
+  X509* peerX509 = X509_STORE_CTX_get_current_cert(x509Ctx);
+  X509_up_ref(peerX509);
+  folly::ssl::X509UniquePtr peer{peerX509};
+  auto cn = OpenSSLUtils::getCommonName(peerX509);
+  auto cert = std::make_unique<BasicTransportCertificate>(
+      std::move(cn), std::move(peer));
+
+  auto certVerifyResult =
+      self->certificateIdentityVerifier_->verifyLeaf(*cert.get());
+
+  if (certVerifyResult.hasException()) {
+    LOG(ERROR) << "AsyncSSLSocket::sslVerifyCallback(this=" << self
+               << ", fd=" << self->fd_
+               << ") Failed to verify leaf certificate identity(ies): "
+               << folly::exceptionStr(certVerifyResult.exception());
+    return 0;
+  }
+
+  return 1;
 }

 void AsyncSSLSocket::enableClientHelloParsing() {

--- a/folly/io/async/AsyncSSLSocket.h
+++ b/folly/io/async/AsyncSSLSocket.h
@@ -26,6 +26,7 @@
 #include <folly/io/async/AsyncPipe.h>
 #include <folly/io/async/AsyncSocket.h>
 #include <folly/io/async/AsyncTimeout.h>
+#include <folly/io/async/CertificateIdentityVerifier.h>
 #include <folly/io/async/SSLContext.h>
 #include <folly/io/async/TimeoutManager.h>
 #include <folly/io/async/ssl/OpenSSLUtils.h>
@@ -196,6 +197,40 @@ class AsyncSSLSocket : public AsyncSocket {
    DestructorGuard dg_;
  };

+  /**
+   * Struct to consolidate constructor arguments.
+   */
+  struct Options {
+    // If this verifier is set, it's used during the TLS handshake. It will be
+    // invoked to verify the peer's end-entity leaf certificate after OpenSSL's
+    // chain validation and after calling the HandshakeCB's handshakeVer() and
+    // only if these are successful.
+    std::shared_ptr<CertificateIdentityVerifier> verifier;
+    bool deferSecurityNegotiation{};
+    bool isServer{};
+  };
+
+  /**
+   * Initialize this AsyncSSLSocket object with the given Options.
+   *
+   * @param options optional arguments for this AsyncSSLSocket instance
+   */
+  AsyncSSLSocket(
+      std::shared_ptr<folly::SSLContext> ctx,
+      EventBase* evb,
+      Options&& options);
+
+  /**
+   * Initialize this AsyncSSLSocket object with the given Options from an
+   * already connected AsyncSocket.
+   *
+   * @param options optional arguments for this AsyncSSLSocket instance
+   */
+  AsyncSSLSocket(
+      std::shared_ptr<folly::SSLContext> ctx,
+      AsyncSocket::UniquePtr oldAsyncSocket,
+      Options&& options);
+
  /**
   * Create a client AsyncSSLSocket
   */
@@ -927,6 +962,7 @@ class AsyncSSLSocket : public AsyncSocket {
  std::shared_ptr<folly::SSLContext> ctx_;
  // Callback for SSL_accept() or SSL_connect()
  HandshakeCB* handshakeCallback_{nullptr};
+  std::shared_ptr<CertificateIdentityVerifier> certificateIdentityVerifier_;
  ssl::SSLUniquePtr ssl_;
  Timeout handshakeTimeout_;
  Timeout connectionTimeout_;

--- a/folly/io/async/CertificateIdentityVerifier.h
+++ b/folly/io/async/CertificateIdentityVerifier.h
+/*
+ * Copyright (c) Facebook, Inc. and its affiliates.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include <folly/Try.h>
+#include <folly/Unit.h>
+#include <folly/io/async/AsyncTransportCertificate.h>
+
+namespace folly {
+
+/**
+ * CertificateIdentityVerifier implementations are used during TLS handshakes to
+ * extract and verify end-entity certificate identities. AsyncSSLSocket first
+ * performs OpenSSL certificate chain validation and then invokes any registered
+ * HandshakeCB's handshakeVer() method. Only if both of these succeed, it then
+ * calls the verifyLeaf method to further verify a peer's certificate.
+ *
+ * TLS connections must pass all these checks in order for an AsyncSSLSocket's
+ * registered HandshakeCB to receive handshakeSuc().
+ *
+ * Instances can be shared across AsyncSSLSockets so implementations should be
+ * thread-safe.
+ */
+class CertificateIdentityVerifier {
+ public:
+  virtual ~CertificateIdentityVerifier() = default;
+
+  /**
+   * AsyncSSLSocket calls verifyLeaf() during a TLS handshake after chain
+   * verification, only if certificate verification is required/requested,
+   * with the peer's leaf certificate provided as an argument.
+   *
+   * Returns an Try with a CertificateIdentityVerifierException set if
+   * verification fails.
+   *
+   * @param leafCertificate leaf X509 certificate of the connected peer
+   */
+  FOLLY_NODISCARD virtual Try<Unit> verifyLeaf(
+      const AsyncTransportCertificate& leafCertificate) const noexcept = 0;
+};
+
+/**
+ * Base of exception hierarchy for CertificateIdentityVerifier failure reasons.
+ */
+class FOLLY_EXPORT CertificateIdentityVerifierException
+    : public std::runtime_error {
+ public:
+  using std::runtime_error::runtime_error;
+};
+
+} // namespace folly
--- a/folly/io/async/test/AsyncSSLSocketTest.cpp
+++ b/folly/io/async/test/AsyncSSLSocketTest.cpp
@@ -1261,6 +1261,354 @@ TEST(AsyncSSLSocketTest, SSLHandshakeValidationFailure) {
  EXPECT_LE(0, server.handshakeTime.count());
 }

+/**
+ * Verify that the client successfully handshakes when
+ * CertificateIdentityVerifier is set and returns with no exception.
+ */
+TEST(AsyncSSLSocketTest, SSLCertificateIdentityVerifierReturns) {
+  EventBase eventBase;
+  auto clientCtx = std::make_shared<folly::SSLContext>();
+  auto serverCtx = std::make_shared<folly::SSLContext>();
+  getctx(clientCtx, serverCtx);
+  // the client socket will default to USE_CTX, so set VERIFY here
+  clientCtx->setVerificationOption(SSLContext::SSLVerifyPeerEnum::VERIFY);
+  // load root certificate
+  clientCtx->loadTrustedCertificates(kTestCA);
+
+  // prepare a basic server (callbacks have a few EXPECTS to fullfil)
+  ReadCallback readCallback(nullptr);
+  // expects successful handshake
+  HandshakeCallback handshakeCallback(&readCallback);
+  SSLServerAcceptCallback acceptCallback(&handshakeCallback);
+  TestSSLServer server(&acceptCallback, serverCtx);
+
+  // return success in the Try with folly::unit
+  Try<Unit> verifyResult{unit};
+
+  std::shared_ptr<MockCertificateIdentityVerifier> verifier =
+      std::make_shared<MockCertificateIdentityVerifier>();
+
+  // expecting to only verify once, with the leaf certificate
+  // (kTestCert)
+  EXPECT_CALL(
+      *verifier,
+      verifyLeafImpl(Property(
+          &AsyncTransportCertificate::getIdentity, StrEq("Asox Company"))))
+      .WillOnce(Return(ByMove(verifyResult)));
+
+  AsyncSSLSocket::Options opts;
+  opts.verifier = std::move(verifier);
+
+  // connect to server and handshake
+  AsyncSSLSocket::UniquePtr socket(
+      new AsyncSSLSocket(clientCtx, &eventBase, std::move(opts)));
+  socket->connect(nullptr, server.getAddress(), 0);
+
+  // write to satisfy server ReadCallback EXPECTs
+  std::array<uint8_t, 128> buf;
+  memset(buf.data(), 'a', buf.size());
+  socket->write(nullptr, buf.data(), buf.size());
+
+  eventBase.loop();
+
+  socket->close();
+}
+
+class TestCertificateIdentityVerifierException
+    : public CertificateIdentityVerifierException {
+ public:
+  explicit TestCertificateIdentityVerifierException(const char* content)
+      : CertificateIdentityVerifierException(content) {}
+};
+
+/**
+ * Verify that the client fails to connect during handshake because
+ * CertificateIdentityVerifier returns a failure while verifying the server's
+ * leaf certificate.
+ */
+TEST(AsyncSSLSocketTest, SSLCertificateIdentityVerifierFailsToConnect) {
+  EventBase eventBase;
+  auto clientCtx = std::make_shared<folly::SSLContext>();
+  auto serverCtx = std::make_shared<folly::SSLContext>();
+  getctx(clientCtx, serverCtx);
+  // the client socket will default to USE_CTX, so set VERIFY here
+  clientCtx->setVerificationOption(SSLContext::SSLVerifyPeerEnum::VERIFY);
+  // load root certificate
+  clientCtx->loadTrustedCertificates(kTestCA);
+
+  // prepare a basic server (callbacks have a few EXPECTS to fullfil)
+  ReadCallback readCallback(nullptr);
+  // expects a failed handshake
+  HandshakeCallback handshakeCallback(
+      &readCallback, HandshakeCallback::ExpectType::EXPECT_ERROR);
+  SSLServerAcceptCallback acceptCallback(&handshakeCallback);
+  TestSSLServer server(&acceptCallback, serverCtx);
+
+  std::shared_ptr<MockCertificateIdentityVerifier> verifier =
+      std::make_shared<MockCertificateIdentityVerifier>();
+
+  // return a failed result Try
+  TestCertificateIdentityVerifierException failed{"a failed test reason"};
+  Try<Unit> result{failed};
+
+  // expecting to only verify once, with the leaf certificate (kTestCert)
+  EXPECT_CALL(
+      *verifier,
+      verifyLeafImpl(Property(
+          &AsyncTransportCertificate::getIdentity, StrEq("Asox Company"))))
+      .WillOnce(Return(ByMove(result)));
+
+  AsyncSSLSocket::Options opts;
+  opts.verifier = std::move(verifier);
+
+  // connect to server and handshake
+  AsyncSSLSocket::UniquePtr socket(
+      new AsyncSSLSocket(clientCtx, &eventBase, std::move(opts)));
+  socket->connect(nullptr, server.getAddress(), 0);
+
+  eventBase.loop();
+
+  socket->close();
+}
+
+/**
+ * Verify that the client's CertificateIdentityVerifier is not invoked if
+ * OpenSSL's verification fails. (With no HandshakeCB.)
+ */
+TEST(AsyncSSLSocketTest, SSLCertificateIdentityVerifierNotInvokedX509Failure) {
+  EventBase eventBase;
+  auto clientCtx = std::make_shared<folly::SSLContext>();
+  auto serverCtx = std::make_shared<folly::SSLContext>();
+  getctx(clientCtx, serverCtx);
+  // the client socket will default to USE_CTX, so set VERIFY here
+  clientCtx->setVerificationOption(SSLContext::SSLVerifyPeerEnum::VERIFY);
+  // DO NOT load root certificate, so that server certificate is rejected
+
+  // prepare a basic server (callbacks have a few EXPECTS to fullfil)
+  ReadCallback readCallback(nullptr);
+  // expects successful handshake
+  HandshakeCallback handshakeCallback(
+      &readCallback, HandshakeCallback::ExpectType::EXPECT_ERROR);
+  SSLServerAcceptCallback acceptCallback(&handshakeCallback);
+  TestSSLServer server(&acceptCallback, serverCtx);
+
+  // should not get called
+  std::shared_ptr<StrictMock<MockCertificateIdentityVerifier>> verifier =
+      std::make_shared<StrictMock<MockCertificateIdentityVerifier>>();
+
+  AsyncSSLSocket::Options opts;
+  opts.verifier = std::move(verifier);
+
+  // connect to server and handshake
+  AsyncSSLSocket::UniquePtr socket(
+      new AsyncSSLSocket(clientCtx, &eventBase, std::move(opts)));
+  socket->connect(nullptr, server.getAddress(), 0);
+
+  eventBase.loop();
+
+  socket->close();
+}
+
+/**
+ * Verify that the client CertificateIdentityVerifier is not invoked if
+ * HandshakeCB::handshakeVer verification fails.
+ */
+TEST(
+    AsyncSSLSocketTest,
+    SSLCertificateIdentityVerifierNotInvokedHandshakeCBFailure) {
+  EventBase eventBase;
+  auto clientCtx = std::make_shared<folly::SSLContext>();
+  auto serverCtx = std::make_shared<folly::SSLContext>();
+  getctx(clientCtx, serverCtx);
+  // the client socket will default to USE_CTX, so set VERIFY here
+  clientCtx->setVerificationOption(SSLContext::SSLVerifyPeerEnum::VERIFY);
+  // load root certificate
+  clientCtx->loadTrustedCertificates(kTestCA);
+
+  NetworkSocket fds[2];
+  getfds(fds);
+
+  AsyncSocket::UniquePtr rawClient(new AsyncSocket(&eventBase, fds[0]));
+  AsyncSocket::UniquePtr rawServer(new AsyncSocket(&eventBase, fds[1]));
+
+  // should not be invoked
+  std::shared_ptr<StrictMock<MockCertificateIdentityVerifier>> verifier =
+      std::make_shared<StrictMock<MockCertificateIdentityVerifier>>();
+
+  AsyncSSLSocket::Options clientOpts;
+  clientOpts.verifier = verifier;
+
+  AsyncSSLSocket::Options serverOpts;
+  serverOpts.isServer = true;
+
+  AsyncSSLSocket::UniquePtr clientSock(new AsyncSSLSocket(
+      clientCtx, std::move(rawClient), std::move(clientOpts)));
+  AsyncSSLSocket::UniquePtr serverSock(new AsyncSSLSocket(
+      serverCtx, std::move(rawServer), std::move(serverOpts)));
+
+  serverSock->sslAccept(nullptr, std::chrono::milliseconds::zero());
+
+  StrictMock<MockHandshakeCB> clientHandshakeCB;
+  EXPECT_CALL(clientHandshakeCB, handshakeVerImpl(clientSock.get(), true, _))
+      // CA root certificate succeeds
+      .WillOnce(Return(true))
+      // leaf fails
+      .WillOnce(Return(false));
+
+  // failure callback to verify handshake failed
+  EXPECT_CALL(clientHandshakeCB, handshakeErrImpl(clientSock.get(), _))
+      .WillOnce(Return());
+
+  clientSock->sslConn(&clientHandshakeCB);
+
+  eventBase.loop();
+
+  clientSock->close();
+  serverSock->close();
+}
+
+MATCHER_P(
+    hasError,
+    error,
+    "X509_STORE_CTX matcher to check for verification error code") {
+  return X509_STORE_CTX_get_error(arg) == error;
+}
+
+/**
+ * Verify that the client CertificateIdentityVerifier is not invoked if
+ * OpenSSL preverify fails but HandshakeCB::handshakeVer succeeds.
+ */
+TEST(
+    AsyncSSLSocketTest,
+    SSLCertificateIdentityVerifierHandshakeCBOverrideOpenSSLResult) {
+  EventBase eventBase;
+  auto clientCtx = std::make_shared<folly::SSLContext>();
+  auto serverCtx = std::make_shared<folly::SSLContext>();
+  getctx(clientCtx, serverCtx);
+  // the client socket will default to USE_CTX, so set VERIFY here
+  clientCtx->setVerificationOption(SSLContext::SSLVerifyPeerEnum::VERIFY);
+  // DO NOT load root certificate, will cause X509 chain validation error
+
+  NetworkSocket fds[2];
+  getfds(fds);
+
+  AsyncSocket::UniquePtr rawClient(new AsyncSocket(&eventBase, fds[0]));
+  AsyncSocket::UniquePtr rawServer(new AsyncSocket(&eventBase, fds[1]));
+
+  // should not be invoked
+  std::shared_ptr<StrictMock<MockCertificateIdentityVerifier>> verifier =
+      std::make_shared<StrictMock<MockCertificateIdentityVerifier>>();
+
+  AsyncSSLSocket::Options clientOpts;
+  clientOpts.verifier = verifier;
+
+  AsyncSSLSocket::Options serverOpts;
+  serverOpts.isServer = true;
+
+  AsyncSSLSocket::UniquePtr clientSock(new AsyncSSLSocket(
+      clientCtx, std::move(rawClient), std::move(clientOpts)));
+  AsyncSSLSocket::UniquePtr serverSock(new AsyncSSLSocket(
+      serverCtx, std::move(rawServer), std::move(serverOpts)));
+
+  serverSock->sslAccept(nullptr, std::chrono::milliseconds::zero());
+
+  StrictMock<MockHandshakeCB> clientHandshakeCB;
+  // first OpenSSL failure
+  EXPECT_CALL(
+      clientHandshakeCB,
+      handshakeVerImpl(
+          clientSock.get(),
+          false,
+          hasError(X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY)))
+      // overwrite OpenSSL error
+      .WillOnce(Return(true));
+  // second OpenSSL failure
+  EXPECT_CALL(
+      clientHandshakeCB,
+      handshakeVerImpl(
+          clientSock.get(),
+          false,
+          hasError(X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE)))
+      // overwrite OpenSSL error
+      .WillOnce(Return(true));
+
+  // success callback to confirm handshake succeeded
+  EXPECT_CALL(clientHandshakeCB, handshakeSucImpl(clientSock.get()))
+      .WillOnce(Return());
+
+  clientSock->sslConn(&clientHandshakeCB);
+
+  eventBase.loop();
+
+  clientSock->close();
+  serverSock->close();
+}
+
+/**
+ * Verify that the client CertificateIdentityVerifier is invoked on a server
+ * socket when peer verification is requested.
+ */
+TEST(AsyncSSLSocketTest, SSLCertificateIdentityVerifierSucceedsOnServer) {
+  EventBase eventBase;
+  auto clientCtx = std::make_shared<folly::SSLContext>();
+  auto serverCtx = std::make_shared<folly::SSLContext>();
+  getctx(clientCtx, serverCtx);
+  // the client socket will default to USE_CTX, so set VERIFY here
+  clientCtx->setVerificationOption(SSLContext::SSLVerifyPeerEnum::VERIFY);
+  // load root certificate
+  clientCtx->loadTrustedCertificates(kTestCA);
+  // load identity and key on client, it's the same identity as server just for
+  // convenience
+  clientCtx->loadCertificate(kTestCert);
+  clientCtx->loadPrivateKey(kTestKey);
+  // instruct server to verify client
+  serverCtx->setVerificationOption(SSLContext::SSLVerifyPeerEnum::VERIFY);
+  serverCtx->loadTrustedCertificates(kTestCA);
+
+  NetworkSocket fds[2];
+  getfds(fds);
+
+  AsyncSocket::UniquePtr rawClient(new AsyncSocket(&eventBase, fds[0]));
+  AsyncSocket::UniquePtr rawServer(new AsyncSocket(&eventBase, fds[1]));
+
+  // client and server verifiers should verify only once each
+  std::shared_ptr<MockCertificateIdentityVerifier> clientVerifier =
+      std::make_shared<MockCertificateIdentityVerifier>();
+  EXPECT_CALL(
+      *clientVerifier,
+      verifyLeafImpl(Property(
+          &AsyncTransportCertificate::getIdentity, StrEq("Asox Company"))))
+      .WillOnce(Return(Try<Unit>{unit}));
+  std::shared_ptr<StrictMock<MockCertificateIdentityVerifier>> serverVerifier =
+      std::make_shared<StrictMock<MockCertificateIdentityVerifier>>();
+  EXPECT_CALL(
+      *serverVerifier,
+      verifyLeafImpl(Property(
+          &AsyncTransportCertificate::getIdentity, StrEq("Asox Company"))))
+      .WillOnce(Return(Try<Unit>{unit}));
+
+  AsyncSSLSocket::Options clientOpts;
+  clientOpts.verifier = clientVerifier;
+
+  AsyncSSLSocket::Options serverOpts;
+  serverOpts.isServer = true;
+  serverOpts.verifier = serverVerifier;
+
+  AsyncSSLSocket::UniquePtr clientSock(new AsyncSSLSocket(
+      clientCtx, std::move(rawClient), std::move(clientOpts)));
+  AsyncSSLSocket::UniquePtr serverSock(new AsyncSSLSocket(
+      serverCtx, std::move(rawServer), std::move(serverOpts)));
+
+  // no HandshakeCBs anywhere
+  serverSock->sslAccept(nullptr, std::chrono::milliseconds::zero());
+  clientSock->sslConn(nullptr);
+
+  eventBase.loop();
+
+  clientSock->close();
+  serverSock->close();
+}
+
 /**
 * Verify that the options in SSLContext can be overridden in
 * sslConnect/Accept.i.e specifying that no validation should be performed

--- a/folly/io/async/test/AsyncSSLSocketTest.h
+++ b/folly/io/async/test/AsyncSSLSocketTest.h
@@ -31,6 +31,7 @@
 #include <folly/io/async/EventBase.h>
 #include <folly/io/async/ssl/SSLErrors.h>
 #include <folly/io/async/test/TestSSLServer.h>
+#include <folly/portability/GMock.h>
 #include <folly/portability/GTest.h>
 #include <folly/portability/PThread.h>
 #include <folly/portability/Sockets.h>
@@ -538,6 +539,43 @@ class EmptyReadCallback : public ReadCallback {
  std::shared_ptr<AsyncSocket> tcpSocket_;
 };

+class MockCertificateIdentityVerifier : public CertificateIdentityVerifier {
+ public:
+  MOCK_CONST_METHOD1(
+      verifyLeafImpl,
+      Try<Unit>(const AsyncTransportCertificate&));
+  // decorate to add noexcept
+  virtual Try<Unit> verifyLeaf(const AsyncTransportCertificate& leafCertificate)
+      const noexcept override {
+    return verifyLeafImpl(leafCertificate);
+  }
+};
+
+class MockHandshakeCB : public AsyncSSLSocket::HandshakeCB {
+ public:
+  MOCK_METHOD3(handshakeVerImpl, bool(AsyncSSLSocket*, bool, X509_STORE_CTX*));
+  virtual bool handshakeVer(
+      AsyncSSLSocket* sock,
+      bool preverifyOk,
+      X509_STORE_CTX* ctx) noexcept override {
+    return handshakeVerImpl(sock, preverifyOk, ctx);
+  }
+
+  MOCK_METHOD1(handshakeSucImpl, void(AsyncSSLSocket*));
+  virtual void handshakeSuc(AsyncSSLSocket* sock) noexcept override {
+    handshakeSucImpl(sock);
+  }
+
+  MOCK_METHOD2(
+      handshakeErrImpl,
+      void(AsyncSSLSocket*, const AsyncSocketException&));
+  virtual void handshakeErr(
+      AsyncSSLSocket* sock,
+      const AsyncSocketException& ex) noexcept override {
+    handshakeErrImpl(sock, ex);
+  }
+};
+
 class HandshakeCallback : public AsyncSSLSocket::HandshakeCB {
 public:
  enum ExpectType { EXPECT_SUCCESS, EXPECT_ERROR };