diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2016-09-17 12:52:41 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2016-09-17 12:54:34 +0200 |
commit | 568418fbc9c2529874e17a3f151d099a8e9fc717 (patch) | |
tree | ab82670ad6746a55bbf976567d5d3b12f9d02c41 /tests/utils-adv.c | |
parent | 1f3ba01e82579c0bf02a2dc8fca3636097108e3d (diff) | |
download | gnutls-568418fbc9c2529874e17a3f151d099a8e9fc717.tar.gz |
tests: added check for insecure key
That is, a check which verified whether a connection to a server with
a very small key will fail the certificate verification check.
Diffstat (limited to 'tests/utils-adv.c')
-rw-r--r-- | tests/utils-adv.c | 39 |
1 files changed, 35 insertions, 4 deletions
diff --git a/tests/utils-adv.c b/tests/utils-adv.c index 8592f93e31..f19fad2d76 100644 --- a/tests/utils-adv.c +++ b/tests/utils-adv.c @@ -42,11 +42,12 @@ int _gnutls_server_name_set_raw(gnutls_session_t session, const char *side = NULL; /* if @host is NULL certificate check is skipped */ -void -test_cli_serv(gnutls_certificate_credentials_t server_cred, +static int +_test_cli_serv(gnutls_certificate_credentials_t server_cred, gnutls_certificate_credentials_t client_cred, - const char *prio, const char *host, - void *priv, callback_func *client_cb, callback_func *server_cb) + const char *prio, const char *host, + void *priv, callback_func *client_cb, callback_func *server_cb, + unsigned expect_verification_failure) { int exit_code = EXIT_SUCCESS; int ret; @@ -113,6 +114,13 @@ test_cli_serv(gnutls_certificate_credentials_t server_cred, exit(1); } + if (expect_verification_failure && status != 0) { + ret = status; + goto cleanup; + } else if (expect_verification_failure && status == 0) { + fail("expected verification failure but verification succeeded!\n"); + } + if (status != 0) { gnutls_datum_t t; assert(gnutls_certificate_verification_status_print(status, GNUTLS_CRT_X509, &t, 0)>=0); @@ -137,6 +145,8 @@ test_cli_serv(gnutls_certificate_credentials_t server_cred, } } + ret = 0; + cleanup: if (client_cb) client_cb(client, priv); if (server_cb) @@ -154,4 +164,25 @@ test_cli_serv(gnutls_certificate_credentials_t server_cred, else puts("Self-test failed"); } + + return ret; +} + +/* An expected to succeed run */ +void +test_cli_serv(gnutls_certificate_credentials_t server_cred, + gnutls_certificate_credentials_t client_cred, + const char *prio, const char *host, + void *priv, callback_func *client_cb, callback_func *server_cb) +{ + _test_cli_serv(server_cred, client_cred, prio, host, priv, client_cb, server_cb, 0); +} + +/* An expected to fail verification run. Returns verification status */ +unsigned +test_cli_serv_vf(gnutls_certificate_credentials_t server_cred, + gnutls_certificate_credentials_t client_cred, + const char *prio, const char *host) +{ + return _test_cli_serv(server_cred, client_cred, prio, host, NULL, NULL, NULL, 1); } |