Fix TLSv1.3 support

LinuxJedi · LinuxJedi · commit 9d22a8544515 · 2022-07-15T11:07:43.000+01:00
There were some missing pieces to the TLSv1.3 support, this adds them in
along with tests.
diff --git a/examples/client.py b/examples/client.py
@@ -53,8 +53,10 @@ def build_arg_parser():
     )
 
     parser.add_argument(
-        "-v", metavar="version", type=int, choices=[0, 1, 2, 3, 4], default=4,
-        help="SSL version [0-4] (SSLv3, TLSv1, TLSv1.1, TLSv1.2, SSLv23)"
+        "-v", metavar="version", type=int, choices=[0, 1, 2, 3, 4, 5],
+        default=5,
+        help="SSL version [0-4]"
+             "(SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3, SSLv23)"
     )
 
     parser.add_argument(
@@ -96,6 +98,7 @@ def get_method(index):
         wolfssl.PROTOCOL_TLSv1,
         wolfssl.PROTOCOL_TLSv1_1,
         wolfssl.PROTOCOL_TLSv1_2,
+        wolfssl.PROTOCOL_TLSv1_3,
         wolfssl.PROTOCOL_SSLv23
     )[index]
 
diff --git a/examples/server.py b/examples/server.py
@@ -48,8 +48,10 @@ def build_arg_parser():
     )
 
     parser.add_argument(
-        "-v", metavar="version", type=int, choices=[0, 1, 2, 3, 4], default=4,
-        help="SSL version [0-4] (SSLv3, TLSv1, TLSv1.1, TLSv1.2, SSLv23)"
+        "-v", metavar="version", type=int, choices=[0, 1, 2, 3, 4, 5],
+        default=5,
+        help="SSL version [0-4]"
+             "(SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1_3, SSLv23)"
     )
 
     parser.add_argument(
@@ -96,6 +98,7 @@ def get_method(index):
         wolfssl.PROTOCOL_TLSv1,
         wolfssl.PROTOCOL_TLSv1_1,
         wolfssl.PROTOCOL_TLSv1_2,
+        wolfssl.PROTOCOL_TLSv1_3,
         wolfssl.PROTOCOL_SSLv23
     )[index]
 
@@ -144,6 +147,7 @@ def main():
 
         finally:
             if secure_socket:
+                secure_socket.shutdown(socket.SHUT_RDWR)
                 secure_socket.close()
 
         if not args.i:
diff --git a/tests/conftest.py b/tests/conftest.py
@@ -45,11 +45,13 @@ def ssl_provider(request):
 
 
 @pytest.fixture(
-    params=["TLSv1.1", "TLSv1.2", "SSLv23"])
+    params=["TLSv1.1", "TLSv1.2", "TLSv1.3", "SSLv23"])
 def ssl_context(ssl_provider, request):
     if request.param == "TLSv1.1":
         return ssl_provider.SSLContext(ssl_provider.PROTOCOL_TLSv1_1)
     if request.param == "TLSv1.2":
         return ssl_provider.SSLContext(ssl_provider.PROTOCOL_TLSv1_2)
+    if request.param == "TLSv1.3":
+        return ssl_provider.SSLContext(ssl_provider.PROTOCOL_TLSv1_3)
     if request.param == "SSLv23":
         return ssl_provider.SSLContext(ssl_provider.PROTOCOL_SSLv23)
diff --git a/tests/test_methods.py b/tests/test_methods.py
@@ -25,7 +25,7 @@
 import pytest
 from wolfssl._methods import (WolfSSLMethod, PROTOCOL_SSLv3, PROTOCOL_SSLv23,
                               PROTOCOL_TLS, PROTOCOL_TLSv1, PROTOCOL_TLSv1_1,
-                              PROTOCOL_TLSv1_2)
+                              PROTOCOL_TLSv1_2, PROTOCOL_TLSv1_3)
 from wolfssl._ffi import ffi as _ffi
 
 
@@ -37,8 +37,9 @@ def unsupported_method(request):
 
 
 @pytest.fixture(
-    params=[PROTOCOL_SSLv23, PROTOCOL_TLS, PROTOCOL_TLSv1_1, PROTOCOL_TLSv1_2],
-    ids=["SSLv23", "TLS", "TLSv1_1", "TLSv1_2"])
+    params=[PROTOCOL_SSLv23, PROTOCOL_TLS, PROTOCOL_TLSv1_1, PROTOCOL_TLSv1_2,
+            PROTOCOL_TLSv1_3],
+    ids=["SSLv23", "TLS", "TLSv1_1", "TLSv1_2", "TLSv1_3"])
 def supported_method(request):
     yield request.param
 
diff --git a/wolfssl/_build_ffi.py b/wolfssl/_build_ffi.py
@@ -366,6 +366,9 @@ def generate_libwolfssl():
     WOLFSSL_METHOD* wolfTLSv1_2_server_method(void);
     WOLFSSL_METHOD* wolfTLSv1_2_client_method(void);
 
+    WOLFSSL_METHOD* wolfTLSv1_3_server_method(void);
+    WOLFSSL_METHOD* wolfTLSv1_3_client_method(void);
+
     WOLFSSL_METHOD* wolfSSLv23_server_method(void);
     WOLFSSL_METHOD* wolfSSLv23_client_method(void);
 
diff --git a/wolfssl/_openssl.py b/wolfssl/_openssl.py
@@ -63,6 +63,7 @@ def construct_cdef(optional_funcs):
         static const long SSL_OP_NO_TLSv1;
         static const long SSL_OP_NO_TLSv1_1;
         static const long SSL_OP_NO_TLSv1_2;
+        static const long SSL_OP_NO_TLSv1_3;
         static const long SSL_MODE_RELEASE_BUFFERS;
         static const long SSL_OP_SINGLE_DH_USE;
         static const long SSL_OP_SINGLE_ECDH_USE;
@@ -175,11 +176,14 @@ def construct_cdef(optional_funcs):
         SSL_METHOD* TLSv1_1_client_method(void);
         SSL_METHOD* TLSv1_2_server_method(void);
         SSL_METHOD* TLSv1_2_client_method(void);
+        SSL_METHOD* TLSv1_3_server_method(void);
+        SSL_METHOD* TLSv1_3_client_method(void);
         SSL_METHOD* SSLv23_server_method(void);
         SSL_METHOD* SSLv23_client_method(void);
         SSL_METHOD* SSLv23_method(void);
         SSL_METHOD* TLSv1_1_method(void);
         SSL_METHOD* TLSv1_2_method(void);
+        SSL_METHOD* TLSv1_3_method(void);
 
         /**
          * SSL/TLS Context functions
diff --git a/wolfssl/_version.py b/wolfssl/_version.py
@@ -8,4 +8,4 @@
 #
 # MAJOR.MINOR.BUILD-POST
 
-__version__ = "5.4.0-0"
+__version__ = "5.4.0-1"

Original file line number	Diff line number	Diff line change
`@@ -8,4 +8,4 @@`
`8`	`8`	`#`
`9`	`9`	`# MAJOR.MINOR.BUILD-POST`
`10`	`10`
`11`		`-__version__ = "5.4.0-0"`
	`11`	`+__version__ = "5.4.0-1"`