diff options
| author | Carlos MartÃn Nieto <cmn@dwim.me> | 2017-01-06 10:51:31 +0000 |
|---|---|---|
| committer | Edward Thomson <ethomson@github.com> | 2017-01-06 17:09:52 +0000 |
| commit | 98d66240ecb7765e191da19b535c75c92ccc90fe (patch) | |
| tree | 35a9eea48348385cc0a7a2e660bcf7c6656a5523 | |
| parent | 9a64e62f0f20c9cf9b2e1609f037060eb2d8eb22 (diff) | |
| download | libgit2-98d66240ecb7765e191da19b535c75c92ccc90fe.tar.gz | |
http: perform 'badssl' check also via certificate callback
Make sure that the callbacks do also get a 'valid' value of zero when
the certificate we're looking at is in valid and assert that within the
test.
| -rw-r--r-- | tests/online/badssl.c | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/tests/online/badssl.c b/tests/online/badssl.c index 66b090df4..f3470f6d7 100644 --- a/tests/online/badssl.c +++ b/tests/online/badssl.c @@ -10,37 +10,66 @@ static bool g_has_ssl = true; static bool g_has_ssl = false; #endif +static int cert_check_assert_invalid(git_cert *cert, int valid, const char* host, void *payload) +{ + GIT_UNUSED(cert); GIT_UNUSED(host); GIT_UNUSED(payload); + + cl_assert_equal_i(0, valid); + + return GIT_ECERTIFICATE; +} + void test_online_badssl__expired(void) { + git_clone_options opts = GIT_CLONE_OPTIONS_INIT; + opts.fetch_opts.callbacks.certificate_check = cert_check_assert_invalid; + if (!g_has_ssl) cl_skip(); cl_git_fail_with(GIT_ECERTIFICATE, git_clone(&g_repo, "https://expired.badssl.com/fake.git", "./fake", NULL)); + + cl_git_fail_with(GIT_ECERTIFICATE, + git_clone(&g_repo, "https://expired.badssl.com/fake.git", "./fake", &opts)); } void test_online_badssl__wrong_host(void) { + git_clone_options opts = GIT_CLONE_OPTIONS_INIT; + opts.fetch_opts.callbacks.certificate_check = cert_check_assert_invalid; + if (!g_has_ssl) cl_skip(); cl_git_fail_with(GIT_ECERTIFICATE, git_clone(&g_repo, "https://wrong.host.badssl.com/fake.git", "./fake", NULL)); + cl_git_fail_with(GIT_ECERTIFICATE, + git_clone(&g_repo, "https://wrong.host.badssl.com/fake.git", "./fake", &opts)); } void test_online_badssl__self_signed(void) { + git_clone_options opts = GIT_CLONE_OPTIONS_INIT; + opts.fetch_opts.callbacks.certificate_check = cert_check_assert_invalid; + if (!g_has_ssl) cl_skip(); cl_git_fail_with(GIT_ECERTIFICATE, git_clone(&g_repo, "https://self-signed.badssl.com/fake.git", "./fake", NULL)); + cl_git_fail_with(GIT_ECERTIFICATE, + git_clone(&g_repo, "https://self-signed.badssl.com/fake.git", "./fake", &opts)); } void test_online_badssl__old_cipher(void) { + git_clone_options opts = GIT_CLONE_OPTIONS_INIT; + opts.fetch_opts.callbacks.certificate_check = cert_check_assert_invalid; + if (!g_has_ssl) cl_skip(); cl_git_fail(git_clone(&g_repo, "https://rc4.badssl.com/fake.git", "./fake", NULL)); + cl_git_fail(git_clone(&g_repo, "https://rc4.badssl.com/fake.git", "./fake", &opts)); } |