diff options
author | Emilia Kasper <emilia@openssl.org> | 2016-04-07 19:07:50 +0200 |
---|---|---|
committer | Emilia Kasper <emilia@openssl.org> | 2016-05-12 19:02:42 +0200 |
commit | a263f320ebdb32ccc058ef02a617edbfe4a63e7f (patch) | |
tree | aa0e8b9d93f591a7752cc312053d9333caecae33 /test/handshake_helper.c | |
parent | Appease ubsan (diff) | |
download | openssl-a263f320ebdb32ccc058ef02a617edbfe4a63e7f.tar.xz openssl-a263f320ebdb32ccc058ef02a617edbfe4a63e7f.zip |
Remove proxy tests. Add verify callback tests.
The old proxy tests test the implementation of an application proxy
policy callback defined in the test itself, which is not particularly
useful.
It is, however, useful to test cert verify overrides in
general. Therefore, replace these tests with tests for cert verify
callback behaviour.
Also glob the ssl test inputs on the .in files to catch missing
generated files.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'test/handshake_helper.c')
-rw-r--r-- | test/handshake_helper.c | 37 |
1 files changed, 36 insertions, 1 deletions
diff --git a/test/handshake_helper.c b/test/handshake_helper.c index 4682d45bfb..0a27324899 100644 --- a/test/handshake_helper.c +++ b/test/handshake_helper.c @@ -11,6 +11,7 @@ #include <string.h> #include <openssl/bio.h> +#include <openssl/x509_vfy.h> #include <openssl/ssl.h> #include "handshake_helper.h" @@ -40,6 +41,37 @@ static void info_callback(const SSL *s, int where, int ret) } } +static int verify_reject_callback(X509_STORE_CTX *ctx, void *arg) { + X509_STORE_CTX_set_error(ctx, X509_V_ERR_APPLICATION_VERIFICATION); + return 0; +} + +static int verify_accept_callback(X509_STORE_CTX *ctx, void *arg) { + return 1; +} + +/* + * Configure callbacks and other properties that can't be set directly + * in the server/client CONF. + */ +static void configure_handshake(SSL_CTX *server_ctx, SSL_CTX *client_ctx, + const SSL_TEST_CTX *test_ctx) +{ + switch (test_ctx->client_verify_callback) { + case SSL_TEST_VERIFY_ACCEPT_ALL: + SSL_CTX_set_cert_verify_callback(client_ctx, &verify_accept_callback, + NULL); + break; + case SSL_TEST_VERIFY_REJECT_ALL: + SSL_CTX_set_cert_verify_callback(client_ctx, &verify_reject_callback, + NULL); + break; + default: + break; + } +} + + typedef enum { PEER_SUCCESS, PEER_RETRY, @@ -139,7 +171,8 @@ static handshake_status_t handshake_status(peer_status_t last_status, return INTERNAL_ERROR; } -HANDSHAKE_RESULT do_handshake(SSL_CTX *server_ctx, SSL_CTX *client_ctx) +HANDSHAKE_RESULT do_handshake(SSL_CTX *server_ctx, SSL_CTX *client_ctx, + const SSL_TEST_CTX *test_ctx) { SSL *server, *client; BIO *client_to_server, *server_to_client; @@ -149,6 +182,8 @@ HANDSHAKE_RESULT do_handshake(SSL_CTX *server_ctx, SSL_CTX *client_ctx) peer_status_t client_status = PEER_RETRY, server_status = PEER_RETRY; handshake_status_t status = HANDSHAKE_RETRY; + configure_handshake(server_ctx, client_ctx, test_ctx); + server = SSL_new(server_ctx); client = SSL_new(client_ctx); OPENSSL_assert(server != NULL && client != NULL); |