diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-11-03 14:33:24 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2017-11-03 16:10:58 +0000 |
commit | a630d5a5d0ba58766092ba3489e17d73a53b96cd (patch) | |
tree | 0780b4e3e0858f015e0c2b2c2d0115d59c0a2387 | |
parent | 418b2e12b5d589f81987ccdaae09b4cc33384ee6 (diff) | |
download | gnutls-a630d5a5d0ba58766092ba3489e17d73a53b96cd.tar.gz |
tests: enhanced PKCS#11 loading test
Test whether implicit initialization in trusted module (e.g.,
via verification), would result to proper initialization of additional
modules once a PCKS#11 function is called.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rwxr-xr-x | tests/destructive/p11-kit-load.sh | 8 | ||||
-rw-r--r-- | tests/pkcs11/list-tokens.c | 6 |
2 files changed, 14 insertions, 0 deletions
diff --git a/tests/destructive/p11-kit-load.sh b/tests/destructive/p11-kit-load.sh index 2fe6394fe2..86e8eb3600 100755 --- a/tests/destructive/p11-kit-load.sh +++ b/tests/destructive/p11-kit-load.sh @@ -141,4 +141,12 @@ if test "$nr" != 1;then ${builddir}/pkcs11/list-tokens -m -v fi +# Check whether all modules are listed after certificate verification +# is performed then a PKCS#11 function is called. +${builddir}/pkcs11/list-tokens -v -d|wc -l +if test "$nr" != 2;then + echo "Error in test 6: did not find all modules" + ${builddir}/pkcs11/list-tokens -v +fi + exit 0 diff --git a/tests/pkcs11/list-tokens.c b/tests/pkcs11/list-tokens.c index a835ef9c60..42092b45f9 100644 --- a/tests/pkcs11/list-tokens.c +++ b/tests/pkcs11/list-tokens.c @@ -70,6 +70,7 @@ int main(int argc, char **argv) while((opt = getopt(argc, argv, "mvatd")) != -1) { switch(opt) { case 'm': + /* initialize manually - i.e., do no module loading */ ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL); if (ret != 0) { fprintf(stderr, "error at %d: %s\n", __LINE__, gnutls_strerror(ret)); @@ -77,9 +78,12 @@ int main(int argc, char **argv) } break; case 'd': + /* when call _gnutls_pkcs11_token_get_url() do proper initialization + * if none done */ flag = 0; break; case 'a': + /* initialize auto - i.e., do module loading */ ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_AUTO, NULL); if (ret != 0) { fprintf(stderr, "error at %d: %s\n", __LINE__, gnutls_strerror(ret)); @@ -87,6 +91,7 @@ int main(int argc, char **argv) } break; case 't': + /* do trusted module loading */ ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_AUTO_TRUSTED, NULL); if (ret != 0) { fprintf(stderr, "error at %d: %s\n", __LINE__, gnutls_strerror(ret)); @@ -94,6 +99,7 @@ int main(int argc, char **argv) } break; case 'v': + /* do verification which should trigger trusted module loading */ assert(gnutls_certificate_allocate_credentials(&cred) >= 0); assert(gnutls_certificate_set_x509_system_trust(cred) >= 0); gnutls_certificate_free_credentials(cred); |