diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-03-17 15:04:50 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-03-23 11:38:37 +0100 |
commit | 9dc9c64fe15005bec634f7ae6cba0474b6293f98 (patch) | |
tree | b4e5328227c6e229c9a4b1918adc5b96c261abf7 | |
parent | 27e61632048c156a578e688a7d3b2cfc277848c2 (diff) | |
download | gnutls-9dc9c64fe15005bec634f7ae6cba0474b6293f98.tar.gz |
tests: check whether we fallback to CN unconditionally
This is a unit test for:
"gnutls_x509_crt_check_hostname2: do not fallback to CN unconditionally"
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | tests/hostname-check.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/tests/hostname-check.c b/tests/hostname-check.c index 84b60cb3b7..ceebf58359 100644 --- a/tests/hostname-check.c +++ b/tests/hostname-check.c @@ -1067,6 +1067,12 @@ void doit(void) if (!ret) fail("%d: Hostname incorrectly does not match (%d)\n", __LINE__, ret); + /* test that we don't fallback to CN matching if a supported SAN (IP addresses + * in that case) is found. */ + ret = gnutls_x509_crt_check_hostname(x509, "server-0"); + if (ret) + fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret); + /* test flag GNUTLS_VERIFY_DO_NOT_ALLOW_IP_MATCHES */ ret = gnutls_x509_crt_check_hostname2(x509, "127.0.0.1", GNUTLS_VERIFY_DO_NOT_ALLOW_IP_MATCHES); if (ret) |