summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDan Winship <danw@gnome.org>2011-09-19 18:03:33 -0400
committerDan Winship <danw@gnome.org>2011-09-19 18:03:33 -0400
commit2e63943561e774a385be66e7bc5864bb58ead14c (patch)
treea2b17b34e14d9d9faa1373614f58dd69baa56815
parent5b272126556b18bbe6614a71ff552946e32b3a40 (diff)
downloadlibsoup-2e63943561e774a385be66e7bc5864bb58ead14c.tar.gz
tests/ssl-test: belatedly commit this
-rw-r--r--tests/ssl-test.c166
1 files changed, 166 insertions, 0 deletions
diff --git a/tests/ssl-test.c b/tests/ssl-test.c
new file mode 100644
index 00000000..bdc8ae86
--- /dev/null
+++ b/tests/ssl-test.c
@@ -0,0 +1,166 @@
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "libsoup/soup.h"
+
+#include "test-utils.h"
+
+static void
+do_properties_test_for_session (SoupSession *session, char *uri)
+{
+ SoupMessage *msg;
+ GTlsCertificate *cert;
+ GTlsCertificateFlags flags;
+
+ msg = soup_message_new ("GET", uri);
+ soup_session_send_message (session, msg);
+ if (msg->status_code != SOUP_STATUS_OK) {
+ debug_printf (1, " FAILED: %d %s\n",
+ msg->status_code, msg->reason_phrase);
+ errors++;
+ }
+
+ if (soup_message_get_https_status (msg, &cert, &flags)) {
+ if (!G_IS_TLS_CERTIFICATE (cert)) {
+ debug_printf (1, " No certificate?\n");
+ errors++;
+ }
+ if (flags != G_TLS_CERTIFICATE_UNKNOWN_CA) {
+ debug_printf (1, " Wrong cert flags (got %x, wanted %x)\n",
+ flags, G_TLS_CERTIFICATE_UNKNOWN_CA);
+ errors++;
+ }
+ } else {
+ debug_printf (1, " Response not https\n");
+ errors++;
+ }
+
+ g_object_unref (msg);
+}
+
+static void
+do_properties_tests (char *uri)
+{
+ SoupSession *session;
+
+ debug_printf (1, "\nSoupMessage properties\n");
+
+ debug_printf (1, " async\n");
+ session = soup_test_session_new (SOUP_TYPE_SESSION_ASYNC, NULL);
+ g_object_set (G_OBJECT (session),
+ SOUP_SESSION_SSL_CA_FILE, "/dev/null",
+ SOUP_SESSION_SSL_STRICT, FALSE,
+ NULL);
+ do_properties_test_for_session (session, uri);
+ soup_test_session_abort_unref (session);
+
+ debug_printf (1, " sync\n");
+ session = soup_test_session_new (SOUP_TYPE_SESSION_SYNC, NULL);
+ g_object_set (G_OBJECT (session),
+ SOUP_SESSION_SSL_CA_FILE, "/dev/null",
+ SOUP_SESSION_SSL_STRICT, FALSE,
+ NULL);
+ do_properties_test_for_session (session, uri);
+ soup_test_session_abort_unref (session);
+}
+
+static void
+do_one_strict_test (SoupSession *session, char *uri,
+ gboolean strict, gboolean with_ca_list,
+ guint expected_status)
+{
+ SoupMessage *msg;
+
+ /* Note that soup_test_session_new() sets
+ * SOUP_SESSION_SSL_CA_FILE by default, and turns off
+ * SOUP_SESSION_SSL_STRICT.
+ */
+
+ g_object_set (G_OBJECT (session),
+ SOUP_SESSION_SSL_STRICT, strict,
+ SOUP_SESSION_SSL_CA_FILE, with_ca_list ? SRCDIR "/test-cert.pem" : "/dev/null",
+ NULL);
+ /* Close existing connections with old params */
+ soup_session_abort (session);
+
+ msg = soup_message_new ("GET", uri);
+ soup_session_send_message (session, msg);
+ if (msg->status_code != expected_status) {
+ debug_printf (1, " FAILED: %d %s (expected %d %s)\n",
+ msg->status_code, msg->reason_phrase,
+ expected_status,
+ soup_status_get_phrase (expected_status));
+ errors++;
+ }
+ g_object_unref (msg);
+}
+
+static void
+do_strict_tests (char *uri)
+{
+ SoupSession *session;
+
+ debug_printf (1, "strict/nonstrict\n");
+
+ session = soup_test_session_new (SOUP_TYPE_SESSION_ASYNC, NULL);
+ debug_printf (1, " async with CA list\n");
+ do_one_strict_test (session, uri, TRUE, TRUE, SOUP_STATUS_OK);
+ debug_printf (1, " async without CA list\n");
+ do_one_strict_test (session, uri, TRUE, FALSE, SOUP_STATUS_SSL_FAILED);
+ debug_printf (1, " async non-strict with CA list\n");
+ do_one_strict_test (session, uri, FALSE, TRUE, SOUP_STATUS_OK);
+ debug_printf (1, " async non-strict without CA list\n");
+ do_one_strict_test (session, uri, FALSE, FALSE, SOUP_STATUS_OK);
+ soup_test_session_abort_unref (session);
+
+ session = soup_test_session_new (SOUP_TYPE_SESSION_SYNC, NULL);
+ debug_printf (1, " sync with CA list\n");
+ do_one_strict_test (session, uri, TRUE, TRUE, SOUP_STATUS_OK);
+ debug_printf (1, " sync without CA list\n");
+ do_one_strict_test (session, uri, TRUE, FALSE, SOUP_STATUS_SSL_FAILED);
+ debug_printf (1, " sync non-strict with CA list\n");
+ do_one_strict_test (session, uri, FALSE, TRUE, SOUP_STATUS_OK);
+ debug_printf (1, " sync non-strict without CA list\n");
+ do_one_strict_test (session, uri, FALSE, FALSE, SOUP_STATUS_OK);
+ soup_test_session_abort_unref (session);
+}
+
+static void
+server_handler (SoupServer *server,
+ SoupMessage *msg,
+ const char *path,
+ GHashTable *query,
+ SoupClientContext *client,
+ gpointer user_data)
+{
+ soup_message_set_status (msg, SOUP_STATUS_OK);
+ soup_message_set_response (msg, "text/plain",
+ SOUP_MEMORY_STATIC,
+ "ok\r\n", 4);
+}
+
+int
+main (int argc, char **argv)
+{
+ SoupServer *server;
+ char *uri;
+
+ test_init (argc, argv, NULL);
+
+ if (tls_available) {
+ server = soup_test_server_new_ssl (TRUE);
+ soup_server_add_handler (server, NULL, server_handler, NULL, NULL);
+ uri = g_strdup_printf ("https://127.0.0.1:%u/",
+ soup_server_get_port (server));
+
+ do_strict_tests (uri);
+ do_properties_tests (uri);
+
+ g_free (uri);
+ soup_test_server_quit_unref (server);
+ }
+
+ test_cleanup ();
+ return errors != 0;
+}