diff options
Diffstat (limited to 'tests/ssl-test.c')
-rw-r--r-- | tests/ssl-test.c | 321 |
1 files changed, 132 insertions, 189 deletions
diff --git a/tests/ssl-test.c b/tests/ssl-test.c index 6d96bc79..e6bbb615 100644 --- a/tests/ssl-test.c +++ b/tests/ssl-test.c @@ -2,8 +2,10 @@ #include "test-utils.h" +static char *uri; + static void -do_properties_test_for_session (SoupSession *session, char *uri) +do_properties_test_for_session (SoupSession *session, const char *uri) { SoupMessage *msg; GTlsCertificate *cert; @@ -11,42 +13,27 @@ do_properties_test_for_session (SoupSession *session, char *uri) msg = soup_message_new ("GET", uri); soup_session_send_message (session, msg); - if (msg->status_code != SOUP_STATUS_OK) { - debug_printf (1, " FAILED: %d %s\n", - msg->status_code, msg->reason_phrase); - errors++; - } + soup_test_assert_message_status (msg, SOUP_STATUS_OK); if (soup_message_get_https_status (msg, &cert, &flags)) { - if (!G_IS_TLS_CERTIFICATE (cert)) { - debug_printf (1, " No certificate?\n"); - errors++; - } - if (flags != G_TLS_CERTIFICATE_UNKNOWN_CA) { - debug_printf (1, " Wrong cert flags (got %x, wanted %x)\n", - flags, G_TLS_CERTIFICATE_UNKNOWN_CA); - errors++; - } - } else { - debug_printf (1, " Response not https\n"); - errors++; - } - if (soup_message_get_flags (msg) & SOUP_MESSAGE_CERTIFICATE_TRUSTED) { - debug_printf (1, " CERTIFICATE_TRUSTED set?\n"); - errors++; - } + g_assert_true (G_IS_TLS_CERTIFICATE (cert)); + g_assert_cmpuint (flags, ==, G_TLS_CERTIFICATE_UNKNOWN_CA); + } else + soup_test_assert (FALSE, "Response not https"); + + g_test_bug ("665182"); + g_assert_false (soup_message_get_flags (msg) & SOUP_MESSAGE_CERTIFICATE_TRUSTED); g_object_unref (msg); } static void -do_properties_tests (char *uri) +do_async_properties_tests (void) { SoupSession *session; - debug_printf (1, "\nSoupMessage properties\n"); + SOUP_TEST_SKIP_IF_NO_TLS; - debug_printf (1, " async\n"); session = soup_test_session_new (SOUP_TYPE_SESSION_ASYNC, NULL); g_object_set (G_OBJECT (session), SOUP_SESSION_SSL_CA_FILE, "/dev/null", @@ -54,8 +41,15 @@ do_properties_tests (char *uri) NULL); do_properties_test_for_session (session, uri); soup_test_session_abort_unref (session); +} + +static void +do_sync_properties_tests (void) +{ + SoupSession *session; + + SOUP_TEST_SKIP_IF_NO_TLS; - debug_printf (1, " sync\n"); session = soup_test_session_new (SOUP_TYPE_SESSION_SYNC, NULL); g_object_set (G_OBJECT (session), SOUP_SESSION_SSL_CA_FILE, "/dev/null", @@ -65,81 +59,74 @@ do_properties_tests (char *uri) soup_test_session_abort_unref (session); } +typedef struct { + const char *name; + gboolean sync; + gboolean strict; + gboolean with_ca_list; + guint expected_status; +} StrictnessTest; + +static const StrictnessTest strictness_tests[] = { + { "/ssl/strictness/async/strict/with-ca", + FALSE, TRUE, TRUE, SOUP_STATUS_OK }, + { "/ssl/strictness/async/strict/without-ca", + FALSE, TRUE, FALSE, SOUP_STATUS_SSL_FAILED }, + { "/ssl/strictness/async/non-strict/with-ca", + FALSE, FALSE, TRUE, SOUP_STATUS_OK }, + { "/ssl/strictness/async/non-strict/without-ca", + FALSE, FALSE, FALSE, SOUP_STATUS_OK }, + { "/ssl/strictness/sync/strict/with-ca", + TRUE, TRUE, TRUE, SOUP_STATUS_OK }, + { "/ssl/strictness/sync/strict/without-ca", + TRUE, TRUE, FALSE, SOUP_STATUS_SSL_FAILED }, + { "/ssl/strictness/sync/non-strict/with-ca", + TRUE, FALSE, TRUE, SOUP_STATUS_OK }, + { "/ssl/strictness/sync/non-strict/without-ca", + TRUE, FALSE, FALSE, SOUP_STATUS_OK }, +}; + static void -do_one_strict_test (SoupSession *session, char *uri, - gboolean strict, gboolean with_ca_list, - guint expected_status) +do_strictness_test (gconstpointer data) { + const StrictnessTest *test = data; + SoupSession *session; SoupMessage *msg; + GTlsCertificateFlags flags = 0; - /* Note that soup_test_session_new() sets - * SOUP_SESSION_SSL_CA_FILE by default, and turns off - * SOUP_SESSION_SSL_STRICT. - */ + SOUP_TEST_SKIP_IF_NO_TLS; - g_object_set (G_OBJECT (session), - SOUP_SESSION_SSL_STRICT, strict, - SOUP_SESSION_SSL_CA_FILE, with_ca_list ? SRCDIR "/test-cert.pem" : "/dev/null", - NULL); - /* Close existing connections with old params */ - soup_session_abort (session); + session = soup_test_session_new (test->sync ? SOUP_TYPE_SESSION_SYNC : SOUP_TYPE_SESSION_ASYNC, + NULL); + if (!test->strict) { + g_object_set (G_OBJECT (session), + SOUP_SESSION_SSL_STRICT, FALSE, + NULL); + } + if (!test->with_ca_list) { + g_object_set (G_OBJECT (session), + SOUP_SESSION_SSL_CA_FILE, "/dev/null", + NULL); + } msg = soup_message_new ("GET", uri); soup_session_send_message (session, msg); - if (msg->status_code != expected_status) { - debug_printf (1, " FAILED: %d %s (expected %d %s)\n", - msg->status_code, msg->reason_phrase, - expected_status, - soup_status_get_phrase (expected_status)); - if (msg->status_code == SOUP_STATUS_SSL_FAILED) { - GTlsCertificateFlags flags = 0; - - soup_message_get_https_status (msg, NULL, &flags); - debug_printf (1, " tls error flags: 0x%x\n", flags); - } - errors++; - } else if (with_ca_list && SOUP_STATUS_IS_SUCCESSFUL (msg->status_code)) { - if (!(soup_message_get_flags (msg) & SOUP_MESSAGE_CERTIFICATE_TRUSTED)) { - debug_printf (1, " CERTIFICATE_TRUSTED not set?\n"); - errors++; - } - } else { - if (with_ca_list && soup_message_get_flags (msg) & SOUP_MESSAGE_CERTIFICATE_TRUSTED) { - debug_printf (1, " CERTIFICATE_TRUSTED set?\n"); - errors++; - } - } - - g_object_unref (msg); -} + soup_test_assert_message_status (msg, test->expected_status); -static void -do_strict_tests (char *uri) -{ - SoupSession *session; + g_test_bug ("690176"); + g_assert_true (soup_message_get_https_status (msg, NULL, &flags)); - debug_printf (1, "\nstrict/nonstrict\n"); + g_test_bug ("665182"); + if (test->with_ca_list && SOUP_STATUS_IS_SUCCESSFUL (msg->status_code)) + g_assert_true (soup_message_get_flags (msg) & SOUP_MESSAGE_CERTIFICATE_TRUSTED); + else + g_assert_false (soup_message_get_flags (msg) & SOUP_MESSAGE_CERTIFICATE_TRUSTED); - session = soup_test_session_new (SOUP_TYPE_SESSION_ASYNC, NULL); - debug_printf (1, " async with CA list\n"); - do_one_strict_test (session, uri, TRUE, TRUE, SOUP_STATUS_OK); - debug_printf (1, " async without CA list\n"); - do_one_strict_test (session, uri, TRUE, FALSE, SOUP_STATUS_SSL_FAILED); - debug_printf (1, " async non-strict with CA list\n"); - do_one_strict_test (session, uri, FALSE, TRUE, SOUP_STATUS_OK); - debug_printf (1, " async non-strict without CA list\n"); - do_one_strict_test (session, uri, FALSE, FALSE, SOUP_STATUS_OK); - soup_test_session_abort_unref (session); + if (msg->status_code == SOUP_STATUS_SSL_FAILED && + test->expected_status != SOUP_STATUS_SSL_FAILED) + debug_printf (1, " tls error flags: 0x%x\n", flags); - session = soup_test_session_new (SOUP_TYPE_SESSION_SYNC, NULL); - debug_printf (1, " sync with CA list\n"); - do_one_strict_test (session, uri, TRUE, TRUE, SOUP_STATUS_OK); - debug_printf (1, " sync without CA list\n"); - do_one_strict_test (session, uri, TRUE, FALSE, SOUP_STATUS_SSL_FAILED); - debug_printf (1, " sync non-strict with CA list\n"); - do_one_strict_test (session, uri, FALSE, TRUE, SOUP_STATUS_OK); - debug_printf (1, " sync non-strict without CA list\n"); - do_one_strict_test (session, uri, FALSE, FALSE, SOUP_STATUS_OK); + g_object_unref (msg); soup_test_session_abort_unref (session); } @@ -160,7 +147,9 @@ do_session_property_tests (void) char *ca_file; SoupSession *session; - debug_printf (1, "session properties\n"); + g_test_bug ("673678"); + + SOUP_TEST_SKIP_IF_NO_TLS; session = soup_session_async_new (); g_signal_connect (session, "notify::ssl-use-system-ca-file", @@ -175,20 +164,12 @@ do_session_property_tests (void) "tls-database", &tlsdb, "ssl-ca-file", &ca_file, NULL); - if (use_system) { - debug_printf (1, " ssl-use-system-ca-file defaults to TRUE?\n"); - errors++; - } - if (tlsdb) { - debug_printf (1, " tls-database set by default?\n"); - errors++; - g_object_unref (tlsdb); - } - if (ca_file) { - debug_printf (1, " ca-file set by default?\n"); - errors++; - g_free (ca_file); - } + soup_test_assert (!use_system, + "ssl-use-system-ca-file defaults to TRUE"); + soup_test_assert (tlsdb == NULL, + "tls-database set by default"); + soup_test_assert (ca_file == NULL, + "ca-file set by default"); use_system_changed = tlsdb_changed = ca_file_changed = FALSE; g_object_set (G_OBJECT (session), @@ -199,68 +180,37 @@ do_session_property_tests (void) "tls-database", &tlsdb, "ssl-ca-file", &ca_file, NULL); - if (!use_system) { - debug_printf (1, " setting ssl-use-system-ca-file failed\n"); - errors++; - } - if (!tlsdb) { - debug_printf (1, " setting ssl-use-system-ca-file didn't set tls-database\n"); - errors++; - } else - g_object_unref (tlsdb); - if (ca_file) { - debug_printf (1, " setting ssl-use-system-ca-file set ssl-ca-file\n"); - errors++; - g_free (ca_file); - } - if (!use_system_changed) { - debug_printf (1, " setting ssl-use-system-ca-file didn't emit notify::ssl-use-system-ca-file\n"); - errors++; - } - if (!tlsdb_changed) { - debug_printf (1, " setting ssl-use-system-ca-file didn't emit notify::tls-database\n"); - errors++; - } - if (ca_file_changed) { - debug_printf (1, " setting ssl-use-system-ca-file emitted notify::ssl-ca-file\n"); - errors++; - } + soup_test_assert (use_system, + "setting ssl-use-system-ca-file failed"); + g_assert_true (use_system_changed); + soup_test_assert (tlsdb != NULL, + "setting ssl-use-system-ca-file didn't set tls-database"); + g_assert_true (tlsdb_changed); + g_clear_object (&tlsdb); + soup_test_assert (ca_file == NULL, + "setting ssl-use-system-ca-file set ssl-ca-file"); + g_assert_false (ca_file_changed); use_system_changed = tlsdb_changed = ca_file_changed = FALSE; g_object_set (G_OBJECT (session), - "ssl-ca-file", SRCDIR "/test-cert.pem", + "ssl-ca-file", g_test_get_filename (G_TEST_DIST, "/test-cert.pem", NULL), NULL); g_object_get (G_OBJECT (session), "ssl-use-system-ca-file", &use_system, "tls-database", &tlsdb, "ssl-ca-file", &ca_file, NULL); - if (use_system) { - debug_printf (1, " setting ssl-ca-file left ssl-use-system-ca-file set\n"); - errors++; - } - if (!tlsdb) { - debug_printf (1, " setting ssl-ca-file didn't set tls-database\n"); - errors++; - } else - g_object_unref (tlsdb); - if (!ca_file) { - debug_printf (1, " setting ssl-ca-file failed\n"); - errors++; - } else - g_free (ca_file); - if (!use_system_changed) { - debug_printf (1, " setting ssl-ca-file didn't emit notify::ssl-use-system-ca-file\n"); - errors++; - } - if (!tlsdb_changed) { - debug_printf (1, " setting ssl-ca-file didn't emit notify::tls-database\n"); - errors++; - } - if (!ca_file_changed) { - debug_printf (1, " setting ssl-ca-file didn't emit notify::ssl-ca-file\n"); - errors++; - } + soup_test_assert (!use_system, + "setting ssl-ca-file left ssl-use-system-ca-file set"); + g_assert_true (use_system_changed); + soup_test_assert (tlsdb != NULL, + "setting ssl-ca-file didn't set tls-database"); + g_assert_true (tlsdb_changed); + g_clear_object (&tlsdb); + soup_test_assert (ca_file != NULL, + "setting ssl-ca-file failed"); + g_assert_true (ca_file_changed); + g_free (ca_file); use_system_changed = tlsdb_changed = ca_file_changed = FALSE; g_object_set (G_OBJECT (session), @@ -271,32 +221,15 @@ do_session_property_tests (void) "tls-database", &tlsdb, "ssl-ca-file", &ca_file, NULL); - if (use_system) { - debug_printf (1, " setting tls-database NULL left ssl-use-system-ca-file set\n"); - errors++; - } - if (tlsdb) { - debug_printf (1, " setting tls-database NULL failed\n"); - errors++; - g_object_unref (tlsdb); - } - if (ca_file) { - debug_printf (1, " setting tls-database didn't clear ssl-ca-file\n"); - errors++; - g_free (ca_file); - } - if (use_system_changed) { - debug_printf (1, " setting tls-database emitted notify::ssl-use-system-ca-file\n"); - errors++; - } - if (!tlsdb_changed) { - debug_printf (1, " setting tls-database didn't emit notify::tls-database\n"); - errors++; - } - if (!ca_file_changed) { - debug_printf (1, " setting tls-database didn't emit notify::ssl-ca-file\n"); - errors++; - } + soup_test_assert (!use_system, + "setting tls-database NULL left ssl-use-system-ca-file set"); + g_assert_false (use_system_changed); + soup_test_assert (tlsdb == NULL, + "setting tls-database NULL failed"); + g_assert_true (tlsdb_changed); + soup_test_assert (ca_file == NULL, + "setting tls-database didn't clear ssl-ca-file"); + g_assert_true (ca_file_changed); soup_test_session_abort_unref (session); } @@ -319,7 +252,7 @@ int main (int argc, char **argv) { SoupServer *server; - char *uri; + int i, ret; test_init (argc, argv, NULL); @@ -328,15 +261,25 @@ main (int argc, char **argv) soup_server_add_handler (server, NULL, server_handler, NULL, NULL); uri = g_strdup_printf ("https://127.0.0.1:%u/", soup_server_get_port (server)); + } - do_session_property_tests (); - do_strict_tests (uri); - do_properties_tests (uri); + g_test_add_func ("/ssl/session-properties", do_session_property_tests); + g_test_add_func ("/ssl/message-properties/async", do_async_properties_tests); + g_test_add_func ("/ssl/message-properties/sync", do_sync_properties_tests); + for (i = 0; i < G_N_ELEMENTS (strictness_tests); i++) { + g_test_add_data_func (strictness_tests[i].name, + &strictness_tests[i], + do_strictness_test); + } + + ret = g_test_run (); + + if (tls_available) { g_free (uri); soup_test_server_quit_unref (server); } test_cleanup (); - return errors != 0; + return ret; } |