diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-11-14 15:20:08 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2018-11-18 19:54:14 +0100 |
| commit | b44430523cca648364386e758c1b7df161c2a29d (patch) | |
| tree | a5347aad3142a3200528066eb7af95f6a2ce848e /tests | |
| parent | 5ad1afa2c65c1ce9d0946dbb835edf93ec6d0ead (diff) | |
| download | gnutls-b44430523cca648364386e758c1b7df161c2a29d.tar.gz | |
gnutls_certificate_type_get*: ensure that the default type is returned
That is, ensure that unless we negotiate something else than
X509, the default certificate type is returned to applications.
Previously we wouldn't do that for TLS1.3 resumed sessions, and
we would return zero (invalid type) instead.
That addresses issues with applications checking explicitly
for X509 certificate type being present.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/mini-x509-2.c | 4 | ||||
| -rw-r--r-- | tests/mini-x509.c | 3 | ||||
| -rw-r--r-- | tests/resume.c | 3 |
3 files changed, 10 insertions, 0 deletions
diff --git a/tests/mini-x509-2.c b/tests/mini-x509-2.c index 8badfc1ecb..e20d45b7ff 100644 --- a/tests/mini-x509-2.c +++ b/tests/mini-x509-2.c @@ -303,6 +303,8 @@ void start(const char *prio) exit(1); } gnutls_free(scert.data); + + assert(gnutls_certificate_type_get(server)==GNUTLS_CRT_X509); } /* check gnutls_certificate_get_ours() - client side */ @@ -336,6 +338,8 @@ void start(const char *prio) exit(1); } gnutls_free(ccert.data); + + assert(gnutls_certificate_type_get(client)==GNUTLS_CRT_X509); } /* check the number of certificates received */ diff --git a/tests/mini-x509.c b/tests/mini-x509.c index 52c650aa7f..c26b13f716 100644 --- a/tests/mini-x509.c +++ b/tests/mini-x509.c @@ -124,6 +124,9 @@ void start(const char *prio, unsigned expect_max) } } + assert(gnutls_certificate_type_get(server)==GNUTLS_CRT_X509); + assert(gnutls_certificate_type_get(client)==GNUTLS_CRT_X509); + /* check the number of certificates received and verify */ { unsigned cert_list_size = 0; diff --git a/tests/resume.c b/tests/resume.c index 5e545cc658..3ce3e293c1 100644 --- a/tests/resume.c +++ b/tests/resume.c @@ -391,6 +391,9 @@ static void verify_server_params(gnutls_session_t session, unsigned counter, str #if defined(USE_X509) unsigned int l; + if (gnutls_certificate_type_get(session) != GNUTLS_CRT_X509) + fail("did not find the expected X509 certificate type! (%d)\n", gnutls_certificate_type_get(session)); + if (counter == 0 && gnutls_certificate_get_ours(session) == NULL) fail("no certificate returned on server side (%s)\n", counter?"resumed session":"first session"); else if (counter != 0 && gnutls_certificate_get_ours(session) != NULL) |