tests: added check for insecure key

That is, a check which verified whether a connection to a server with a very small key will fail the certificate verification check.
author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2016-09-17 12:52:41 +0200
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2016-09-17 12:54:34 +0200
commit: 568418fbc9c2529874e17a3f151d099a8e9fc717 (patch)
tree: ab82670ad6746a55bbf976567d5d3b12f9d02c41 /tests/utils-adv.c
parent: 1f3ba01e82579c0bf02a2dc8fca3636097108e3d (diff)
download: gnutls-568418fbc9c2529874e17a3f151d099a8e9fc717.tar.gz
1 files changed, 35 insertions, 4 deletions
diff --git a/tests/utils-adv.c b/tests/utils-adv.c
index 8592f93e31..f19fad2d76 100644
--- a/tests/utils-adv.c
+++ b/tests/utils-adv.c
@@ -42,11 +42,12 @@ int _gnutls_server_name_set_raw(gnutls_session_t session,
 const char *side = NULL;
 
 /* if @host is NULL certificate check is skipped */
-void
-test_cli_serv(gnutls_certificate_credentials_t server_cred,
+static int
+_test_cli_serv(gnutls_certificate_credentials_t server_cred,
 	      gnutls_certificate_credentials_t client_cred,
-	      const char *prio, const char *host, 
-	      void *priv, callback_func *client_cb, callback_func *server_cb)
+	      const char *prio, const char *host,
+	      void *priv, callback_func *client_cb, callback_func *server_cb,
+	      unsigned expect_verification_failure)
 {
 	int exit_code = EXIT_SUCCESS;
 	int ret;
@@ -113,6 +114,13 @@ test_cli_serv(gnutls_certificate_credentials_t server_cred,
 			exit(1);
 		}
 
+		if (expect_verification_failure && status != 0) {
+			ret = status;
+			goto cleanup;
+		} else if (expect_verification_failure && status == 0) {
+			fail("expected verification failure but verification succeeded!\n");
+		}
+
 		if (status != 0) {
 			gnutls_datum_t t;
 			assert(gnutls_certificate_verification_status_print(status, GNUTLS_CRT_X509, &t, 0)>=0);
@@ -137,6 +145,8 @@ test_cli_serv(gnutls_certificate_credentials_t server_cred,
 		}
 	}
 
+	ret = 0;
+ cleanup:
 	if (client_cb)
 		client_cb(client, priv);
 	if (server_cb)
@@ -154,4 +164,25 @@ test_cli_serv(gnutls_certificate_credentials_t server_cred,
 		else
 			puts("Self-test failed");
 	}
+
+	return ret;
+}
+
+/* An expected to succeed run */
+void
+test_cli_serv(gnutls_certificate_credentials_t server_cred,
+	      gnutls_certificate_credentials_t client_cred,
+	      const char *prio, const char *host,
+	      void *priv, callback_func *client_cb, callback_func *server_cb)
+{
+	_test_cli_serv(server_cred, client_cred, prio, host, priv, client_cb, server_cb, 0);
+}
+
+/* An expected to fail verification run. Returns verification status */
+unsigned
+test_cli_serv_vf(gnutls_certificate_credentials_t server_cred,
+	      gnutls_certificate_credentials_t client_cred,
+	      const char *prio, const char *host)
+{
+	return _test_cli_serv(server_cred, client_cred, prio, host, NULL, NULL, NULL, 1);
 }
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2016-09-17 12:52:41 +0200
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2016-09-17 12:54:34 +0200
commit	568418fbc9c2529874e17a3f151d099a8e9fc717 (patch)
tree	ab82670ad6746a55bbf976567d5d3b12f9d02c41 /tests/utils-adv.c
parent	1f3ba01e82579c0bf02a2dc8fca3636097108e3d (diff)
download	gnutls-568418fbc9c2529874e17a3f151d099a8e9fc717.tar.gz