|
 |
43fe83 |
From 252f0445c26644a711dc2c41ee2fcebe42eac742 Mon Sep 17 00:00:00 2001
|
|
|
43fe83 |
Message-Id: <252f0445c26644a711dc2c41ee2fcebe42eac742.1377873637.git.jdenemar@redhat.com>
|
|
|
43fe83 |
From: "Daniel P. Berrange" <berrange@redhat.com>
|
|
|
43fe83 |
Date: Tue, 13 Aug 2013 11:32:47 +0100
|
|
|
43fe83 |
Subject: [PATCH] Change data passed into TLS test cases
|
|
|
43fe83 |
|
|
|
43fe83 |
For https://bugzilla.redhat.com/show_bug.cgi?id=994158
|
|
|
43fe83 |
|
|
|
43fe83 |
Currently a 'struct testTLSCertReq' instance is passed into
|
|
|
43fe83 |
the TLS test cases. This is not flexible enough to cope with
|
|
|
43fe83 |
certificate chains, where one file now corresponds to multiple
|
|
|
43fe83 |
certificates. Change the test cases so that we pass in filenames
|
|
|
43fe83 |
instead.
|
|
|
43fe83 |
|
|
|
43fe83 |
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
|
|
|
43fe83 |
(cherry picked from commit b93bd78ed36570c1afe594182df927d94ea6ebaa)
|
|
|
43fe83 |
---
|
|
|
43fe83 |
tests/virnettlscontexttest.c | 96 +++++++++++++++++++++---------------------
|
|
|
43fe83 |
tests/virnettlssessiontest.c | 99 ++++++++++++++++++++++++--------------------
|
|
|
43fe83 |
2 files changed, 102 insertions(+), 93 deletions(-)
|
|
|
43fe83 |
|
|
|
43fe83 |
diff --git a/tests/virnettlscontexttest.c b/tests/virnettlscontexttest.c
|
|
|
43fe83 |
index 4211a74..3012c4a 100644
|
|
|
43fe83 |
--- a/tests/virnettlscontexttest.c
|
|
|
43fe83 |
+++ b/tests/virnettlscontexttest.c
|
|
|
43fe83 |
@@ -42,8 +42,8 @@
|
|
|
43fe83 |
|
|
|
43fe83 |
struct testTLSContextData {
|
|
|
43fe83 |
bool isServer;
|
|
|
43fe83 |
- struct testTLSCertReq careq;
|
|
|
43fe83 |
- struct testTLSCertReq certreq;
|
|
|
43fe83 |
+ const char *cacrt;
|
|
|
43fe83 |
+ const char *crt;
|
|
|
43fe83 |
bool expectFail;
|
|
|
43fe83 |
};
|
|
|
43fe83 |
|
|
|
43fe83 |
@@ -63,17 +63,17 @@ static int testTLSContextInit(const void *opaque)
|
|
|
43fe83 |
int ret = -1;
|
|
|
43fe83 |
|
|
|
43fe83 |
if (data->isServer) {
|
|
|
43fe83 |
- ctxt = virNetTLSContextNewServer(data->careq.filename,
|
|
|
43fe83 |
+ ctxt = virNetTLSContextNewServer(data->cacrt,
|
|
|
43fe83 |
NULL,
|
|
|
43fe83 |
- data->certreq.filename,
|
|
|
43fe83 |
+ data->crt,
|
|
|
43fe83 |
keyfile,
|
|
|
43fe83 |
NULL,
|
|
|
43fe83 |
true,
|
|
|
43fe83 |
true);
|
|
|
43fe83 |
} else {
|
|
|
43fe83 |
- ctxt = virNetTLSContextNewClient(data->careq.filename,
|
|
|
43fe83 |
+ ctxt = virNetTLSContextNewClient(data->cacrt,
|
|
|
43fe83 |
NULL,
|
|
|
43fe83 |
- data->certreq.filename,
|
|
|
43fe83 |
+ data->crt,
|
|
|
43fe83 |
keyfile,
|
|
|
43fe83 |
true,
|
|
|
43fe83 |
true);
|
|
|
43fe83 |
@@ -82,14 +82,14 @@ static int testTLSContextInit(const void *opaque)
|
|
|
43fe83 |
if (ctxt) {
|
|
|
43fe83 |
if (data->expectFail) {
|
|
|
43fe83 |
VIR_WARN("Expected failure %s against %s",
|
|
|
43fe83 |
- data->careq.filename, data->certreq.filename);
|
|
|
43fe83 |
+ data->cacrt, data->crt);
|
|
|
43fe83 |
goto cleanup;
|
|
|
43fe83 |
}
|
|
|
43fe83 |
} else {
|
|
|
43fe83 |
virErrorPtr err = virGetLastError();
|
|
|
43fe83 |
if (!data->expectFail) {
|
|
|
43fe83 |
VIR_WARN("Unexpected failure %s against %s",
|
|
|
43fe83 |
- data->careq.filename, data->certreq.filename);
|
|
|
43fe83 |
+ data->cacrt, data->crt);
|
|
|
43fe83 |
goto cleanup;
|
|
|
43fe83 |
}
|
|
|
43fe83 |
VIR_DEBUG("Got error %s", err ? err->message : "<unknown>");
|
|
|
43fe83 |
@@ -111,14 +111,14 @@ mymain(void)
|
|
|
43fe83 |
|
|
|
43fe83 |
testTLSInit();
|
|
|
43fe83 |
|
|
|
43fe83 |
-# define DO_CTX_TEST(_isServer, _caReq, _certReq, _expectFail) \
|
|
|
43fe83 |
+# define DO_CTX_TEST(_isServer, _caCrt, _crt, _expectFail) \
|
|
|
43fe83 |
do { \
|
|
|
43fe83 |
static struct testTLSContextData data; \
|
|
|
43fe83 |
data.isServer = _isServer; \
|
|
|
43fe83 |
- data.careq = _caReq; \
|
|
|
43fe83 |
- data.certreq = _certReq; \
|
|
|
43fe83 |
+ data.cacrt = _caCrt; \
|
|
|
43fe83 |
+ data.crt = _crt; \
|
|
|
43fe83 |
data.expectFail = _expectFail; \
|
|
|
43fe83 |
- if (virtTestRun("TLS Context " #_caReq " + " #_certReq, 1, \
|
|
|
43fe83 |
+ if (virtTestRun("TLS Context " #_caCrt " + " #_crt, 1, \
|
|
|
43fe83 |
testTLSContextInit, &data) < 0) \
|
|
|
43fe83 |
ret = -1; \
|
|
|
43fe83 |
} while (0)
|
|
|
43fe83 |
@@ -127,7 +127,7 @@ mymain(void)
|
|
|
43fe83 |
co, cn, an1, an2, ia1, ia2, bce, bcc, bci, \
|
|
|
43fe83 |
kue, kuc, kuv, kpe, kpc, kpo1, kpo2, so, eo) \
|
|
|
43fe83 |
static struct testTLSCertReq varname = { \
|
|
|
43fe83 |
- NULL, #varname ".pem", \
|
|
|
43fe83 |
+ NULL, #varname "-ctx.pem", \
|
|
|
43fe83 |
co, cn, an1, an2, ia1, ia2, bce, bcc, bci, \
|
|
|
43fe83 |
kue, kuc, kuv, kpe, kpc, kpo1, kpo2, so, eo \
|
|
|
43fe83 |
}; \
|
|
|
43fe83 |
@@ -137,7 +137,7 @@ mymain(void)
|
|
|
43fe83 |
co, cn, an1, an2, ia1, ia2, bce, bcc, bci, \
|
|
|
43fe83 |
kue, kuc, kuv, kpe, kpc, kpo1, kpo2, so, eo) \
|
|
|
43fe83 |
static struct testTLSCertReq varname = { \
|
|
|
43fe83 |
- NULL, #varname ".pem", \
|
|
|
43fe83 |
+ NULL, #varname "-ctx.pem", \
|
|
|
43fe83 |
co, cn, an1, an2, ia1, ia2, bce, bcc, bci, \
|
|
|
43fe83 |
kue, kuc, kuv, kpe, kpc, kpo1, kpo2, so, eo \
|
|
|
43fe83 |
}; \
|
|
|
43fe83 |
@@ -167,8 +167,8 @@ mymain(void)
|
|
|
43fe83 |
true, true, GNUTLS_KP_TLS_WWW_CLIENT, NULL,
|
|
|
43fe83 |
0, 0);
|
|
|
43fe83 |
|
|
|
43fe83 |
- DO_CTX_TEST(true, cacertreq, servercertreq, false);
|
|
|
43fe83 |
- DO_CTX_TEST(false, cacertreq, clientcertreq, false);
|
|
|
43fe83 |
+ DO_CTX_TEST(true, cacertreq.filename, servercertreq.filename, false);
|
|
|
43fe83 |
+ DO_CTX_TEST(false, cacertreq.filename, clientcertreq.filename, false);
|
|
|
43fe83 |
|
|
|
43fe83 |
|
|
|
43fe83 |
/* Some other CAs which are good */
|
|
|
43fe83 |
@@ -215,9 +215,9 @@ mymain(void)
|
|
|
43fe83 |
true, true, GNUTLS_KP_TLS_WWW_SERVER, NULL,
|
|
|
43fe83 |
0, 0);
|
|
|
43fe83 |
|
|
|
43fe83 |
- DO_CTX_TEST(true, cacert1req, servercert1req, false);
|
|
|
43fe83 |
- DO_CTX_TEST(true, cacert2req, servercert2req, false);
|
|
|
43fe83 |
- DO_CTX_TEST(true, cacert3req, servercert3req, false);
|
|
|
43fe83 |
+ DO_CTX_TEST(true, cacert1req.filename, servercert1req.filename, false);
|
|
|
43fe83 |
+ DO_CTX_TEST(true, cacert2req.filename, servercert2req.filename, false);
|
|
|
43fe83 |
+ DO_CTX_TEST(true, cacert3req.filename, servercert3req.filename, false);
|
|
|
43fe83 |
|
|
|
43fe83 |
/* Now some bad certs */
|
|
|
43fe83 |
|
|
|
43fe83 |
@@ -266,9 +266,9 @@ mymain(void)
|
|
|
43fe83 |
* be rejected. GNUTLS < 3 does not reject it and
|
|
|
43fe83 |
* we don't anticipate them changing this behaviour
|
|
|
43fe83 |
*/
|
|
|
43fe83 |
- DO_CTX_TEST(true, cacert4req, servercert4req, GNUTLS_VERSION_MAJOR >= 3);
|
|
|
43fe83 |
- DO_CTX_TEST(true, cacert5req, servercert5req, true);
|
|
|
43fe83 |
- DO_CTX_TEST(true, cacert6req, servercert6req, true);
|
|
|
43fe83 |
+ DO_CTX_TEST(true, cacert4req.filename, servercert4req.filename, GNUTLS_VERSION_MAJOR >= 3);
|
|
|
43fe83 |
+ DO_CTX_TEST(true, cacert5req.filename, servercert5req.filename, true);
|
|
|
43fe83 |
+ DO_CTX_TEST(true, cacert6req.filename, servercert6req.filename, true);
|
|
|
43fe83 |
|
|
|
43fe83 |
|
|
|
43fe83 |
/* Various good servers */
|
|
|
43fe83 |
@@ -322,13 +322,13 @@ mymain(void)
|
|
|
43fe83 |
true, false, GNUTLS_KP_TLS_WWW_CLIENT, GNUTLS_KP_TLS_WWW_SERVER,
|
|
|
43fe83 |
0, 0);
|
|
|
43fe83 |
|
|
|
43fe83 |
- DO_CTX_TEST(true, cacertreq, servercert7req, false);
|
|
|
43fe83 |
- DO_CTX_TEST(true, cacertreq, servercert8req, false);
|
|
|
43fe83 |
- DO_CTX_TEST(true, cacertreq, servercert9req, false);
|
|
|
43fe83 |
- DO_CTX_TEST(true, cacertreq, servercert10req, false);
|
|
|
43fe83 |
- DO_CTX_TEST(true, cacertreq, servercert11req, false);
|
|
|
43fe83 |
- DO_CTX_TEST(true, cacertreq, servercert12req, false);
|
|
|
43fe83 |
- DO_CTX_TEST(true, cacertreq, servercert13req, false);
|
|
|
43fe83 |
+ DO_CTX_TEST(true, cacertreq.filename, servercert7req.filename, false);
|
|
|
43fe83 |
+ DO_CTX_TEST(true, cacertreq.filename, servercert8req.filename, false);
|
|
|
43fe83 |
+ DO_CTX_TEST(true, cacertreq.filename, servercert9req.filename, false);
|
|
|
43fe83 |
+ DO_CTX_TEST(true, cacertreq.filename, servercert10req.filename, false);
|
|
|
43fe83 |
+ DO_CTX_TEST(true, cacertreq.filename, servercert11req.filename, false);
|
|
|
43fe83 |
+ DO_CTX_TEST(true, cacertreq.filename, servercert12req.filename, false);
|
|
|
43fe83 |
+ DO_CTX_TEST(true, cacertreq.filename, servercert13req.filename, false);
|
|
|
43fe83 |
/* Bad servers */
|
|
|
43fe83 |
|
|
|
43fe83 |
/* usage:cert-sign:critical */
|
|
|
43fe83 |
@@ -353,9 +353,9 @@ mymain(void)
|
|
|
43fe83 |
false, false, NULL, NULL,
|
|
|
43fe83 |
0, 0);
|
|
|
43fe83 |
|
|
|
43fe83 |
- DO_CTX_TEST(true, cacertreq, servercert14req, true);
|
|
|
43fe83 |
- DO_CTX_TEST(true, cacertreq, servercert15req, true);
|
|
|
43fe83 |
- DO_CTX_TEST(true, cacertreq, servercert16req, true);
|
|
|
43fe83 |
+ DO_CTX_TEST(true, cacertreq.filename, servercert14req.filename, true);
|
|
|
43fe83 |
+ DO_CTX_TEST(true, cacertreq.filename, servercert15req.filename, true);
|
|
|
43fe83 |
+ DO_CTX_TEST(true, cacertreq.filename, servercert16req.filename, true);
|
|
|
43fe83 |
|
|
|
43fe83 |
|
|
|
43fe83 |
|
|
|
43fe83 |
@@ -410,13 +410,13 @@ mymain(void)
|
|
|
43fe83 |
true, false, GNUTLS_KP_TLS_WWW_CLIENT, GNUTLS_KP_TLS_WWW_SERVER,
|
|
|
43fe83 |
0, 0);
|
|
|
43fe83 |
|
|
|
43fe83 |
- DO_CTX_TEST(false, cacertreq, clientcert1req, false);
|
|
|
43fe83 |
- DO_CTX_TEST(false, cacertreq, clientcert2req, false);
|
|
|
43fe83 |
- DO_CTX_TEST(false, cacertreq, clientcert3req, false);
|
|
|
43fe83 |
- DO_CTX_TEST(false, cacertreq, clientcert4req, false);
|
|
|
43fe83 |
- DO_CTX_TEST(false, cacertreq, clientcert5req, false);
|
|
|
43fe83 |
- DO_CTX_TEST(false, cacertreq, clientcert6req, false);
|
|
|
43fe83 |
- DO_CTX_TEST(false, cacertreq, clientcert7req, false);
|
|
|
43fe83 |
+ DO_CTX_TEST(false, cacertreq.filename, clientcert1req.filename, false);
|
|
|
43fe83 |
+ DO_CTX_TEST(false, cacertreq.filename, clientcert2req.filename, false);
|
|
|
43fe83 |
+ DO_CTX_TEST(false, cacertreq.filename, clientcert3req.filename, false);
|
|
|
43fe83 |
+ DO_CTX_TEST(false, cacertreq.filename, clientcert4req.filename, false);
|
|
|
43fe83 |
+ DO_CTX_TEST(false, cacertreq.filename, clientcert5req.filename, false);
|
|
|
43fe83 |
+ DO_CTX_TEST(false, cacertreq.filename, clientcert6req.filename, false);
|
|
|
43fe83 |
+ DO_CTX_TEST(false, cacertreq.filename, clientcert7req.filename, false);
|
|
|
43fe83 |
/* Bad clients */
|
|
|
43fe83 |
|
|
|
43fe83 |
/* usage:cert-sign:critical */
|
|
|
43fe83 |
@@ -441,9 +441,9 @@ mymain(void)
|
|
|
43fe83 |
false, false, NULL, NULL,
|
|
|
43fe83 |
0, 0);
|
|
|
43fe83 |
|
|
|
43fe83 |
- DO_CTX_TEST(false, cacertreq, clientcert8req, true);
|
|
|
43fe83 |
- DO_CTX_TEST(false, cacertreq, clientcert9req, true);
|
|
|
43fe83 |
- DO_CTX_TEST(false, cacertreq, clientcert10req, true);
|
|
|
43fe83 |
+ DO_CTX_TEST(false, cacertreq.filename, clientcert8req.filename, true);
|
|
|
43fe83 |
+ DO_CTX_TEST(false, cacertreq.filename, clientcert9req.filename, true);
|
|
|
43fe83 |
+ DO_CTX_TEST(false, cacertreq.filename, clientcert10req.filename, true);
|
|
|
43fe83 |
|
|
|
43fe83 |
|
|
|
43fe83 |
|
|
|
43fe83 |
@@ -474,9 +474,9 @@ mymain(void)
|
|
|
43fe83 |
true, true, GNUTLS_KP_TLS_WWW_CLIENT, NULL,
|
|
|
43fe83 |
0, -1);
|
|
|
43fe83 |
|
|
|
43fe83 |
- DO_CTX_TEST(true, cacertexpreq, servercertexpreq, true);
|
|
|
43fe83 |
- DO_CTX_TEST(true, cacertreq, servercertexp1req, true);
|
|
|
43fe83 |
- DO_CTX_TEST(false, cacertreq, clientcertexp1req, true);
|
|
|
43fe83 |
+ DO_CTX_TEST(true, cacertexpreq.filename, servercertexpreq.filename, true);
|
|
|
43fe83 |
+ DO_CTX_TEST(true, cacertreq.filename, servercertexp1req.filename, true);
|
|
|
43fe83 |
+ DO_CTX_TEST(false, cacertreq.filename, clientcertexp1req.filename, true);
|
|
|
43fe83 |
|
|
|
43fe83 |
|
|
|
43fe83 |
/* Not activated stuff */
|
|
|
43fe83 |
@@ -506,9 +506,9 @@ mymain(void)
|
|
|
43fe83 |
true, true, GNUTLS_KP_TLS_WWW_CLIENT, NULL,
|
|
|
43fe83 |
1, 2);
|
|
|
43fe83 |
|
|
|
43fe83 |
- DO_CTX_TEST(true, cacertnewreq, servercertnewreq, true);
|
|
|
43fe83 |
- DO_CTX_TEST(true, cacertreq, servercertnew1req, true);
|
|
|
43fe83 |
- DO_CTX_TEST(false, cacertreq, clientcertnew1req, true);
|
|
|
43fe83 |
+ DO_CTX_TEST(true, cacertnewreq.filename, servercertnewreq.filename, true);
|
|
|
43fe83 |
+ DO_CTX_TEST(true, cacertreq.filename, servercertnew1req.filename, true);
|
|
|
43fe83 |
+ DO_CTX_TEST(false, cacertreq.filename, clientcertnew1req.filename, true);
|
|
|
43fe83 |
|
|
|
43fe83 |
testTLSDiscardCert(&cacertreq);
|
|
|
43fe83 |
testTLSDiscardCert(&cacert1req);
|
|
|
43fe83 |
diff --git a/tests/virnettlssessiontest.c b/tests/virnettlssessiontest.c
|
|
|
43fe83 |
index 370ba52..8636fc8 100644
|
|
|
43fe83 |
--- a/tests/virnettlssessiontest.c
|
|
|
43fe83 |
+++ b/tests/virnettlssessiontest.c
|
|
|
43fe83 |
@@ -39,10 +39,10 @@
|
|
|
43fe83 |
# define VIR_FROM_THIS VIR_FROM_RPC
|
|
|
43fe83 |
|
|
|
43fe83 |
struct testTLSSessionData {
|
|
|
43fe83 |
- struct testTLSCertReq careq;
|
|
|
43fe83 |
- struct testTLSCertReq othercareq;
|
|
|
43fe83 |
- struct testTLSCertReq serverreq;
|
|
|
43fe83 |
- struct testTLSCertReq clientreq;
|
|
|
43fe83 |
+ const char *servercacrt;
|
|
|
43fe83 |
+ const char *clientcacrt;
|
|
|
43fe83 |
+ const char *servercrt;
|
|
|
43fe83 |
+ const char *clientcrt;
|
|
|
43fe83 |
bool expectServerFail;
|
|
|
43fe83 |
bool expectClientFail;
|
|
|
43fe83 |
const char *hostname;
|
|
|
43fe83 |
@@ -104,32 +104,29 @@ static int testTLSSessionInit(const void *opaque)
|
|
|
43fe83 |
* want to make sure that problems are being
|
|
|
43fe83 |
* detected at the TLS session validation stage
|
|
|
43fe83 |
*/
|
|
|
43fe83 |
- serverCtxt = virNetTLSContextNewServer(data->careq.filename,
|
|
|
43fe83 |
+ serverCtxt = virNetTLSContextNewServer(data->servercacrt,
|
|
|
43fe83 |
NULL,
|
|
|
43fe83 |
- data->serverreq.filename,
|
|
|
43fe83 |
+ data->servercrt,
|
|
|
43fe83 |
keyfile,
|
|
|
43fe83 |
data->wildcards,
|
|
|
43fe83 |
false,
|
|
|
43fe83 |
true);
|
|
|
43fe83 |
|
|
|
43fe83 |
- clientCtxt = virNetTLSContextNewClient(data->othercareq.filename ?
|
|
|
43fe83 |
- data->othercareq.filename :
|
|
|
43fe83 |
- data->careq.filename,
|
|
|
43fe83 |
+ clientCtxt = virNetTLSContextNewClient(data->clientcacrt,
|
|
|
43fe83 |
NULL,
|
|
|
43fe83 |
- data->clientreq.filename,
|
|
|
43fe83 |
+ data->clientcrt,
|
|
|
43fe83 |
keyfile,
|
|
|
43fe83 |
false,
|
|
|
43fe83 |
true);
|
|
|
43fe83 |
|
|
|
43fe83 |
if (!serverCtxt) {
|
|
|
43fe83 |
VIR_WARN("Unexpected failure loading %s against %s",
|
|
|
43fe83 |
- data->careq.filename, data->serverreq.filename);
|
|
|
43fe83 |
+ data->servercacrt, data->servercrt);
|
|
|
43fe83 |
goto cleanup;
|
|
|
43fe83 |
}
|
|
|
43fe83 |
if (!clientCtxt) {
|
|
|
43fe83 |
VIR_WARN("Unexpected failure loading %s against %s",
|
|
|
43fe83 |
- data->othercareq.filename ? data->othercareq.filename :
|
|
|
43fe83 |
- data->careq.filename, data->clientreq.filename);
|
|
|
43fe83 |
+ data->clientcacrt, data->clientcrt);
|
|
|
43fe83 |
goto cleanup;
|
|
|
43fe83 |
}
|
|
|
43fe83 |
|
|
|
43fe83 |
@@ -140,13 +137,12 @@ static int testTLSSessionInit(const void *opaque)
|
|
|
43fe83 |
|
|
|
43fe83 |
if (!serverSess) {
|
|
|
43fe83 |
VIR_WARN("Unexpected failure using %s against %s",
|
|
|
43fe83 |
- data->careq.filename, data->serverreq.filename);
|
|
|
43fe83 |
+ data->servercacrt, data->servercrt);
|
|
|
43fe83 |
goto cleanup;
|
|
|
43fe83 |
}
|
|
|
43fe83 |
if (!clientSess) {
|
|
|
43fe83 |
VIR_WARN("Unexpected failure using %s against %s",
|
|
|
43fe83 |
- data->othercareq.filename ? data->othercareq.filename :
|
|
|
43fe83 |
- data->careq.filename, data->clientreq.filename);
|
|
|
43fe83 |
+ data->clientcacrt, data->clientcrt);
|
|
|
43fe83 |
goto cleanup;
|
|
|
43fe83 |
}
|
|
|
43fe83 |
|
|
|
43fe83 |
@@ -242,38 +238,37 @@ mymain(void)
|
|
|
43fe83 |
|
|
|
43fe83 |
testTLSInit();
|
|
|
43fe83 |
|
|
|
43fe83 |
-# define DO_SESS_TEST(_caReq, _serverReq, _clientReq, _expectServerFail,\
|
|
|
43fe83 |
+# define DO_SESS_TEST(_caCrt, _serverCrt, _clientCrt, _expectServerFail, \
|
|
|
43fe83 |
_expectClientFail, _hostname, _wildcards) \
|
|
|
43fe83 |
do { \
|
|
|
43fe83 |
static struct testTLSSessionData data; \
|
|
|
43fe83 |
- static struct testTLSCertReq other; \
|
|
|
43fe83 |
- data.careq = _caReq; \
|
|
|
43fe83 |
- data.othercareq = other; \
|
|
|
43fe83 |
- data.serverreq = _serverReq; \
|
|
|
43fe83 |
- data.clientreq = _clientReq; \
|
|
|
43fe83 |
+ data.servercacrt = _caCrt; \
|
|
|
43fe83 |
+ data.clientcacrt = _caCrt; \
|
|
|
43fe83 |
+ data.servercrt = _serverCrt; \
|
|
|
43fe83 |
+ data.clientcrt = _clientCrt; \
|
|
|
43fe83 |
data.expectServerFail = _expectServerFail; \
|
|
|
43fe83 |
data.expectClientFail = _expectClientFail; \
|
|
|
43fe83 |
data.hostname = _hostname; \
|
|
|
43fe83 |
data.wildcards = _wildcards; \
|
|
|
43fe83 |
- if (virtTestRun("TLS Session " #_serverReq " + " #_clientReq, \
|
|
|
43fe83 |
+ if (virtTestRun("TLS Session " #_serverCrt " + " #_clientCrt, \
|
|
|
43fe83 |
1, testTLSSessionInit, &data) < 0) \
|
|
|
43fe83 |
ret = -1; \
|
|
|
43fe83 |
} while (0)
|
|
|
43fe83 |
|
|
|
43fe83 |
-# define DO_SESS_TEST_EXT(_caReq, _othercaReq, _serverReq, _clientReq, \
|
|
|
43fe83 |
+# define DO_SESS_TEST_EXT(_serverCaCrt, _clientCaCrt, _serverCrt, _clientCrt, \
|
|
|
43fe83 |
_expectServerFail, _expectClientFail, \
|
|
|
43fe83 |
_hostname, _wildcards) \
|
|
|
43fe83 |
do { \
|
|
|
43fe83 |
static struct testTLSSessionData data; \
|
|
|
43fe83 |
- data.careq = _caReq; \
|
|
|
43fe83 |
- data.othercareq = _othercaReq; \
|
|
|
43fe83 |
- data.serverreq = _serverReq; \
|
|
|
43fe83 |
- data.clientreq = _clientReq; \
|
|
|
43fe83 |
+ data.servercacrt = _serverCaCrt; \
|
|
|
43fe83 |
+ data.clientcacrt = _clientCaCrt; \
|
|
|
43fe83 |
+ data.servercrt = _serverCrt; \
|
|
|
43fe83 |
+ data.clientcrt = _clientCrt; \
|
|
|
43fe83 |
data.expectServerFail = _expectServerFail; \
|
|
|
43fe83 |
data.expectClientFail = _expectClientFail; \
|
|
|
43fe83 |
data.hostname = _hostname; \
|
|
|
43fe83 |
data.wildcards = _wildcards; \
|
|
|
43fe83 |
- if (virtTestRun("TLS Session " #_serverReq " + " #_clientReq, \
|
|
|
43fe83 |
+ if (virtTestRun("TLS Session " #_serverCrt " + " #_clientCrt, \
|
|
|
43fe83 |
1, testTLSSessionInit, &data) < 0) \
|
|
|
43fe83 |
ret = -1; \
|
|
|
43fe83 |
} while (0)
|
|
|
43fe83 |
@@ -282,7 +277,7 @@ mymain(void)
|
|
|
43fe83 |
co, cn, an1, an2, ia1, ia2, bce, bcc, bci, \
|
|
|
43fe83 |
kue, kuc, kuv, kpe, kpc, kpo1, kpo2, so, eo) \
|
|
|
43fe83 |
static struct testTLSCertReq varname = { \
|
|
|
43fe83 |
- NULL, #varname ".pem", \
|
|
|
43fe83 |
+ NULL, #varname "-sess.pem", \
|
|
|
43fe83 |
co, cn, an1, an2, ia1, ia2, bce, bcc, bci, \
|
|
|
43fe83 |
kue, kuc, kuv, kpe, kpc, kpo1, kpo2, so, so \
|
|
|
43fe83 |
}; \
|
|
|
43fe83 |
@@ -292,7 +287,7 @@ mymain(void)
|
|
|
43fe83 |
co, cn, an1, an2, ia1, ia2, bce, bcc, bci, \
|
|
|
43fe83 |
kue, kuc, kuv, kpe, kpc, kpo1, kpo2, so, eo) \
|
|
|
43fe83 |
static struct testTLSCertReq varname = { \
|
|
|
43fe83 |
- NULL, #varname ".pem", \
|
|
|
43fe83 |
+ NULL, #varname "-sess.pem", \
|
|
|
43fe83 |
co, cn, an1, an2, ia1, ia2, bce, bcc, bci, \
|
|
|
43fe83 |
kue, kuc, kuv, kpe, kpc, kpo1, kpo2, so, so \
|
|
|
43fe83 |
}; \
|
|
|
43fe83 |
@@ -335,8 +330,10 @@ mymain(void)
|
|
|
43fe83 |
true, true, GNUTLS_KP_TLS_WWW_CLIENT, NULL,
|
|
|
43fe83 |
0, 0);
|
|
|
43fe83 |
|
|
|
43fe83 |
- DO_SESS_TEST(cacertreq, servercertreq, clientcertreq, false, false, "libvirt.org", NULL);
|
|
|
43fe83 |
- DO_SESS_TEST_EXT(cacertreq, altcacertreq, servercertreq, clientcertaltreq, true, true, "libvirt.org", NULL);
|
|
|
43fe83 |
+ DO_SESS_TEST(cacertreq.filename, servercertreq.filename, clientcertreq.filename,
|
|
|
43fe83 |
+ false, false, "libvirt.org", NULL);
|
|
|
43fe83 |
+ DO_SESS_TEST_EXT(cacertreq.filename, altcacertreq.filename, servercertreq.filename,
|
|
|
43fe83 |
+ clientcertaltreq.filename, true, true, "libvirt.org", NULL);
|
|
|
43fe83 |
|
|
|
43fe83 |
|
|
|
43fe83 |
/* When an altname is set, the CN is ignored, so it must be duplicated
|
|
|
43fe83 |
@@ -355,13 +352,19 @@ mymain(void)
|
|
|
43fe83 |
true, true, GNUTLS_KP_TLS_WWW_SERVER, NULL,
|
|
|
43fe83 |
0, 0);
|
|
|
43fe83 |
|
|
|
43fe83 |
- DO_SESS_TEST(cacertreq, servercertalt1req, clientcertreq, false, false, "libvirt.org", NULL);
|
|
|
43fe83 |
- DO_SESS_TEST(cacertreq, servercertalt1req, clientcertreq, false, false, "www.libvirt.org", NULL);
|
|
|
43fe83 |
- DO_SESS_TEST(cacertreq, servercertalt1req, clientcertreq, false, true, "wiki.libvirt.org", NULL);
|
|
|
43fe83 |
+ DO_SESS_TEST(cacertreq.filename, servercertalt1req.filename, clientcertreq.filename,
|
|
|
43fe83 |
+ false, false, "libvirt.org", NULL);
|
|
|
43fe83 |
+ DO_SESS_TEST(cacertreq.filename, servercertalt1req.filename, clientcertreq.filename,
|
|
|
43fe83 |
+ false, false, "www.libvirt.org", NULL);
|
|
|
43fe83 |
+ DO_SESS_TEST(cacertreq.filename, servercertalt1req.filename, clientcertreq.filename,
|
|
|
43fe83 |
+ false, true, "wiki.libvirt.org", NULL);
|
|
|
43fe83 |
|
|
|
43fe83 |
- DO_SESS_TEST(cacertreq, servercertalt2req, clientcertreq, false, true, "libvirt.org", NULL);
|
|
|
43fe83 |
- DO_SESS_TEST(cacertreq, servercertalt2req, clientcertreq, false, false, "www.libvirt.org", NULL);
|
|
|
43fe83 |
- DO_SESS_TEST(cacertreq, servercertalt2req, clientcertreq, false, false, "wiki.libvirt.org", NULL);
|
|
|
43fe83 |
+ DO_SESS_TEST(cacertreq.filename, servercertalt2req.filename, clientcertreq.filename,
|
|
|
43fe83 |
+ false, true, "libvirt.org", NULL);
|
|
|
43fe83 |
+ DO_SESS_TEST(cacertreq.filename, servercertalt2req.filename, clientcertreq.filename,
|
|
|
43fe83 |
+ false, false, "www.libvirt.org", NULL);
|
|
|
43fe83 |
+ DO_SESS_TEST(cacertreq.filename, servercertalt2req.filename, clientcertreq.filename,
|
|
|
43fe83 |
+ false, false, "wiki.libvirt.org", NULL);
|
|
|
43fe83 |
|
|
|
43fe83 |
const char *const wildcards1[] = {
|
|
|
43fe83 |
"C=UK,CN=dogfood",
|
|
|
43fe83 |
@@ -389,12 +392,18 @@ mymain(void)
|
|
|
43fe83 |
NULL,
|
|
|
43fe83 |
};
|
|
|
43fe83 |
|
|
|
43fe83 |
- DO_SESS_TEST(cacertreq, servercertreq, clientcertreq, true, false, "libvirt.org", wildcards1);
|
|
|
43fe83 |
- DO_SESS_TEST(cacertreq, servercertreq, clientcertreq, false, false, "libvirt.org", wildcards2);
|
|
|
43fe83 |
- DO_SESS_TEST(cacertreq, servercertreq, clientcertreq, false, false, "libvirt.org", wildcards3);
|
|
|
43fe83 |
- DO_SESS_TEST(cacertreq, servercertreq, clientcertreq, true, false, "libvirt.org", wildcards4);
|
|
|
43fe83 |
- DO_SESS_TEST(cacertreq, servercertreq, clientcertreq, false, false, "libvirt.org", wildcards5);
|
|
|
43fe83 |
- DO_SESS_TEST(cacertreq, servercertreq, clientcertreq, false, false, "libvirt.org", wildcards6);
|
|
|
43fe83 |
+ DO_SESS_TEST(cacertreq.filename, servercertreq.filename, clientcertreq.filename,
|
|
|
43fe83 |
+ true, false, "libvirt.org", wildcards1);
|
|
|
43fe83 |
+ DO_SESS_TEST(cacertreq.filename, servercertreq.filename, clientcertreq.filename,
|
|
|
43fe83 |
+ false, false, "libvirt.org", wildcards2);
|
|
|
43fe83 |
+ DO_SESS_TEST(cacertreq.filename, servercertreq.filename, clientcertreq.filename,
|
|
|
43fe83 |
+ false, false, "libvirt.org", wildcards3);
|
|
|
43fe83 |
+ DO_SESS_TEST(cacertreq.filename, servercertreq.filename, clientcertreq.filename,
|
|
|
43fe83 |
+ true, false, "libvirt.org", wildcards4);
|
|
|
43fe83 |
+ DO_SESS_TEST(cacertreq.filename, servercertreq.filename, clientcertreq.filename,
|
|
|
43fe83 |
+ false, false, "libvirt.org", wildcards5);
|
|
|
43fe83 |
+ DO_SESS_TEST(cacertreq.filename, servercertreq.filename, clientcertreq.filename,
|
|
|
43fe83 |
+ false, false, "libvirt.org", wildcards6);
|
|
|
43fe83 |
|
|
|
43fe83 |
testTLSDiscardCert(&clientcertreq);
|
|
|
43fe83 |
testTLSDiscardCert(&clientcertaltreq);
|
|
|
43fe83 |
--
|
|
|
43fe83 |
1.8.3.2
|
|
|
43fe83 |
|