From e7d767eca0a65cf1d1af0c917b8b1cc4a53f018c Mon Sep 17 00:00:00 2001 From: Thierry Bastian Date: Mon, 12 Aug 2024 18:48:10 +0200 Subject: [PATCH] Fixing setting handshake_first without setting secure in the natsOptions (#789) * Fixing setting handshake_first without setting secure in the natsOptions some tests seem unstable... * code review + rebuild * more code review unstable tests... --------- Co-authored-by: Lev <1187448+levb@users.noreply.github.com> --- src/opts.c | 7 +++++-- test/test.c | 16 ++++++++++++++++ 2 files changed, 21 insertions(+), 2 deletions(-) diff --git a/src/opts.c b/src/opts.c index da72a3d99..32776afb8 100644 --- a/src/opts.c +++ b/src/opts.c @@ -371,8 +371,11 @@ natsOptions_TLSHandshakeFirst(natsOptions *opts) LOCK_AND_CHECK_OPTIONS(opts, 0); - opts->tlsHandshakeFirst = true; - opts->secure = true; + s = natsOptions_SetSecure(opts, true); + if (s == NATS_OK) + { + opts->tlsHandshakeFirst = true; + } UNLOCK_OPTS(opts); diff --git a/test/test.c b/test/test.c index 5f2965a61..021c983a0 100644 --- a/test/test.c +++ b/test/test.c @@ -21324,6 +21324,22 @@ void test_SSLHandshakeFirst(void) s = natsOptions_TLSHandshakeFirst(opts); testCond(s == NATS_OK); + test("Set TLSHandshakeFirst option without setting secure: "); + { + // we start with a new natsOptions struct so that we can test + // that it does not crash with a minimal config + natsOptions *no_secure_opts = NULL; + s = natsOptions_Create(&no_secure_opts); + IFOK(s, natsOptions_SetURL(no_secure_opts, "nats://127.0.0.1:4443")); + IFOK(s, natsOptions_SetTimeout(no_secure_opts, 500)); + IFOK(s, natsOptions_TLSHandshakeFirst(no_secure_opts)); + IFOK(s, natsConnection_Connect(&nc, no_secure_opts)); + // expecting an error because cert valiation will fail; the goal here is to avoid a crash + testCond(s == NATS_SSL_ERROR); + natsOptions_Destroy(no_secure_opts); + nats_clearLastError(); + } + test("Check that connect succeeds: "); s = natsConnection_Connect(&nc, opts); testCond(s == NATS_OK);