diff options
author | Michael Catanzaro <mcatanzaro@redhat.com> | 2022-10-12 16:42:00 -0500 |
---|---|---|
committer | Michael Catanzaro <mcatanzaro@redhat.com> | 2022-10-12 16:42:00 -0500 |
commit | a6df61edaf40fb3fc988ddf190e788d9f577274f (patch) | |
tree | 4d3f218cfb372a332e4dab37180a9b07faa3168d | |
parent | 2ba1cdd916e2e3d64c3065f55fe26c8438c20424 (diff) | |
download | glib-networking-mcatanzaro/#200.tar.gz |
wip: add a test that doesn't workmcatanzaro/#200
-rw-r--r-- | tls/tests/connection.c | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/tls/tests/connection.c b/tls/tests/connection.c index b008dcd..49d4e27 100644 --- a/tls/tests/connection.c +++ b/tls/tests/connection.c @@ -3120,6 +3120,70 @@ test_connection_missing_server_identity (TestConnection *test, g_assert_no_error (test->server_error); } +static void +test_connection_missing_server_private_key (TestConnection *test, + gconstpointer data) +{ + GTlsBackend *backend; + GInputStream *istream; + GOutputStream *ostream; + GIOStream *base_connection; + GIOStream *connection; + GTlsCertificate *server_cert; + char *cert_data = NULL; + GError *error = NULL; + + backend = g_tls_backend_get_default (); + + /* Prepare the server cert. */ + g_file_get_contents (tls_test_file_path ("server-intermediate.pem"), + &cert_data, NULL, &error); + g_assert_no_error (error); + g_assert_nonnull (cert_data); + + server_cert = g_initable_new (g_tls_backend_get_certificate_type (backend), + NULL, &error, + "certificate-pem", cert_data, + NULL); + g_assert_no_error (error); + g_assert_nonnull (server_cert); + g_free (cert_data); + + /* Prepare a fake iostream. */ + istream = g_memory_input_stream_new (); + ostream = g_memory_output_stream_new_resizable (); + base_connection = g_simple_io_stream_new (istream, ostream); + g_object_unref (istream); + g_object_unref (ostream); + + /* Creating a GTlsServerConnection using a certificate with no private key + * should fail. + */ + connection = g_tls_server_connection_new (base_connection, server_cert, &error); + g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE); + g_assert_null (connection); + g_clear_error (&error); + + /* Creating a GTlsServerConnection with no certificate at all should be OK. + * A certificate must be set before the connection can be used, though. + */ + connection = g_tls_server_connection_new (base_connection, NULL, &error); + g_assert_no_error (error); + g_assert_nonnull (connection); + g_object_unref (base_connection); + + /* Ideally setting a certificate with no private key later on would fail, but + * that's not possible because there is no error parameter. Trying to + * handshake should instantly fail, though. + */ + g_tls_connection_set_certificate (G_TLS_CONNECTION (connection), server_cert); + g_tls_connection_handshake (G_TLS_CONNECTION (connection), NULL, &error); + g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE); + + g_object_unref (connection); + g_object_unref (server_cert); +} + typedef struct { TestConnection *test; gboolean peer_certificate_notified; @@ -3467,6 +3531,8 @@ main (int argc, setup_connection, test_socket_timeout, teardown_connection); g_test_add ("/tls/" BACKEND "/connection/missing-server-identity", TestConnection, NULL, setup_connection, test_connection_missing_server_identity, teardown_connection); + g_test_add ("/tls/" BACKEND "/connection/missing-server-private-key", TestConnection, NULL, + setup_connection, test_connection_missing_server_private_key, teardown_connection); g_test_add ("/tls/" BACKEND "/connection/peer-certificate-notify", TestConnection, NULL, setup_connection, test_peer_certificate_notify, teardown_connection); g_test_add ("/tls/" BACKEND "/connection/binding/match-tls-unique", TestConnection, NULL, |