summaryrefslogtreecommitdiffstats
path: root/test/handshake_helper.c
diff options
context:
space:
mode:
authorEmilia Kasper <emilia@openssl.org>2016-04-07 19:07:50 +0200
committerEmilia Kasper <emilia@openssl.org>2016-05-12 19:02:42 +0200
commita263f320ebdb32ccc058ef02a617edbfe4a63e7f (patch)
treeaa0e8b9d93f591a7752cc312053d9333caecae33 /test/handshake_helper.c
parentAppease ubsan (diff)
downloadopenssl-a263f320ebdb32ccc058ef02a617edbfe4a63e7f.tar.xz
openssl-a263f320ebdb32ccc058ef02a617edbfe4a63e7f.zip
Remove proxy tests. Add verify callback tests.
The old proxy tests test the implementation of an application proxy policy callback defined in the test itself, which is not particularly useful. It is, however, useful to test cert verify overrides in general. Therefore, replace these tests with tests for cert verify callback behaviour. Also glob the ssl test inputs on the .in files to catch missing generated files. Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'test/handshake_helper.c')
-rw-r--r--test/handshake_helper.c37
1 files changed, 36 insertions, 1 deletions
diff --git a/test/handshake_helper.c b/test/handshake_helper.c
index 4682d45bfb..0a27324899 100644
--- a/test/handshake_helper.c
+++ b/test/handshake_helper.c
@@ -11,6 +11,7 @@
#include <string.h>
#include <openssl/bio.h>
+#include <openssl/x509_vfy.h>
#include <openssl/ssl.h>
#include "handshake_helper.h"
@@ -40,6 +41,37 @@ static void info_callback(const SSL *s, int where, int ret)
}
}
+static int verify_reject_callback(X509_STORE_CTX *ctx, void *arg) {
+ X509_STORE_CTX_set_error(ctx, X509_V_ERR_APPLICATION_VERIFICATION);
+ return 0;
+}
+
+static int verify_accept_callback(X509_STORE_CTX *ctx, void *arg) {
+ return 1;
+}
+
+/*
+ * Configure callbacks and other properties that can't be set directly
+ * in the server/client CONF.
+ */
+static void configure_handshake(SSL_CTX *server_ctx, SSL_CTX *client_ctx,
+ const SSL_TEST_CTX *test_ctx)
+{
+ switch (test_ctx->client_verify_callback) {
+ case SSL_TEST_VERIFY_ACCEPT_ALL:
+ SSL_CTX_set_cert_verify_callback(client_ctx, &verify_accept_callback,
+ NULL);
+ break;
+ case SSL_TEST_VERIFY_REJECT_ALL:
+ SSL_CTX_set_cert_verify_callback(client_ctx, &verify_reject_callback,
+ NULL);
+ break;
+ default:
+ break;
+ }
+}
+
+
typedef enum {
PEER_SUCCESS,
PEER_RETRY,
@@ -139,7 +171,8 @@ static handshake_status_t handshake_status(peer_status_t last_status,
return INTERNAL_ERROR;
}
-HANDSHAKE_RESULT do_handshake(SSL_CTX *server_ctx, SSL_CTX *client_ctx)
+HANDSHAKE_RESULT do_handshake(SSL_CTX *server_ctx, SSL_CTX *client_ctx,
+ const SSL_TEST_CTX *test_ctx)
{
SSL *server, *client;
BIO *client_to_server, *server_to_client;
@@ -149,6 +182,8 @@ HANDSHAKE_RESULT do_handshake(SSL_CTX *server_ctx, SSL_CTX *client_ctx)
peer_status_t client_status = PEER_RETRY, server_status = PEER_RETRY;
handshake_status_t status = HANDSHAKE_RETRY;
+ configure_handshake(server_ctx, client_ctx, test_ctx);
+
server = SSL_new(server_ctx);
client = SSL_new(client_ctx);
OPENSSL_assert(server != NULL && client != NULL);