diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2017-04-06 05:14:25 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-04-06 12:36:22 +0200 |
commit | d9e79425d1f095ebcd39fb67537a166ee8dc9234 (patch) | |
tree | 6e62d71c8add0c6cfc54d324a836f51488819992 /tests | |
parent | c0eb46d3463cd21b3f822ac377ff37f067f66b8d (diff) | |
download | gnutls-d9e79425d1f095ebcd39fb67537a166ee8dc9234.tar.gz |
tests: added basic check for system trust store
This checks whether the gnutls_certificate_set_x509_system_trust()
and thus the trust list equivalent function operate as expected
and return a positive number of certificates. The test is ignored
in systems where these functions return GNUTLS_E_UNIMPLEMENTED_FEATURE.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Diffstat (limited to 'tests')
-rw-r--r-- | tests/Makefile.am | 2 | ||||
-rw-r--r-- | tests/trust-store.c | 73 |
2 files changed, 74 insertions, 1 deletions
diff --git a/tests/Makefile.am b/tests/Makefile.am index 05041b5342..b44c3e53f3 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -140,7 +140,7 @@ ctests = mini-record-2 simple gc set_pkcs12_cred cert certuniqueid \ hostname-check-utf8 pkcs8-key-decode-encrypted priority-mix pkcs7 \ send-data-before-handshake recv-data-before-handshake crt_inv_write \ x509sign-verify-error rng-op-nonce rng-op-random rng-op-key x509-dn-decode-compat \ - ip-check mini-x509-ipaddr + ip-check mini-x509-ipaddr trust-store if HAVE_SECCOMP_TESTS ctests += dtls-with-seccomp tls-with-seccomp dtls-client-with-seccomp tls-client-with-seccomp diff --git a/tests/trust-store.c b/tests/trust-store.c new file mode 100644 index 0000000000..ae21998f6f --- /dev/null +++ b/tests/trust-store.c @@ -0,0 +1,73 @@ +/* + * Copyright (C) 2017 Nikos Mavrogiannopoulos + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <sys/types.h> +#include <gnutls/gnutls.h> +#include <assert.h> + +#include "utils.h" + +/* Test for gnutls_certificate_set_x509_system_trust() + */ + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "<%d>| %s", level, str); +} + + +void doit(void) +{ + gnutls_certificate_credentials_t x509_cred; + int ret; + + global_init(); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + assert(gnutls_certificate_allocate_credentials(&x509_cred) >= 0); + + ret = gnutls_certificate_set_x509_system_trust(x509_cred); + if (ret == GNUTLS_E_UNIMPLEMENTED_FEATURE) { + exit(77); + } else if (ret < 0) { + fail("error loading system trust store: %s\n", gnutls_strerror(ret)); + } else if (ret == 0) { + fail("no certificates were found in system trust store!\n"); + } + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("success"); +} |