lib/cpp-httplib
1
0
Fork 0
mirror of synced 2025-11-03 19:53:13 +03:00
Code Activity

Fix #2251

Browse Source
This commit is contained in:
yhirose
2025-10-25 22:06:42 -04:00
parent afa88dbe70
commit 2d8d524178
2 changed files with 47 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
httplib.h
View File

@@ -11208,6 +11208,11 @@ inline bool SSLClient::initialize_ssl(Socket &socket, Error &error) {
return true; return true;
} }
if (ctx_ == nullptr) {
error = Error::SSLConnection;
last_openssl_error_ = ERR_get_error();
}
shutdown_socket(socket); shutdown_socket(socket);
close_socket(socket); close_socket(socket);
return false; return false;

42
test/test.cc
View File

@@ -8380,6 +8380,48 @@ TEST(SSLClientTest, ErrorReportingWhenInvalid) {
EXPECT_EQ(Error::SSLConnection, res.error()); EXPECT_EQ(Error::SSLConnection, res.error());
} }
TEST(SSLClientTest, Issue2251_SwappedClientCertAndKey) {
// Test for Issue #2251: SSL error not properly reported when client cert
// and key paths are swapped or mismatched
// This simulates the scenario where user accidentally swaps the cert and key
// files
// Using client cert file as private key and vice versa (completely wrong)
SSLClient cli("localhost", 8080, "client.key.pem", "client.cert.pem");
// Should fail validation due to cert/key mismatch
ASSERT_FALSE(cli.is_valid());
// Attempt to make a request should fail with proper error
auto res = cli.Get("/");
ASSERT_FALSE(res);
EXPECT_EQ(Error::SSLConnection, res.error());
// SSL error should be recorded in the Result object (this is the key fix for
// Issue #2251)
auto openssl_error = res.ssl_openssl_error();
EXPECT_NE(0u, openssl_error);
}
TEST(SSLClientTest, Issue2251_ClientCertFileNotMatchingKey) {
// Another variant: using valid file paths but with mismatched cert/key pair
// This tests the case where files exist but contain incompatible key material
// Using client cert with wrong key (cert2 key)
SSLClient cli("localhost", 8080, "client.cert.pem", "key.pem");
// Should fail validation
ASSERT_FALSE(cli.is_valid());
auto res = cli.Get("/");
ASSERT_FALSE(res);
// Must report error properly, not appear as success
EXPECT_EQ(Error::SSLConnection, res.error());
// OpenSSL error should be captured in Result
EXPECT_NE(0u, res.ssl_openssl_error());
}
#if 0 #if 0
TEST(SSLClientTest, SetInterfaceWithINET6) { TEST(SSLClientTest, SetInterfaceWithINET6) {
auto cli = std::make_shared<httplib::Client>("https://httpbin.org"); auto cli = std::make_shared<httplib::Client>("https://httpbin.org");