tests: check whether we fallback to CN unconditionally

This is a unit test for: "gnutls_x509_crt_check_hostname2: do not fallback to CN unconditionally" Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-03-17 15:04:50 +0100
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-03-23 11:38:37 +0100
commit: 9dc9c64fe15005bec634f7ae6cba0474b6293f98 (patch)
tree: b4e5328227c6e229c9a4b1918adc5b96c261abf7
parent: 27e61632048c156a578e688a7d3b2cfc277848c2 (diff)
download: gnutls-9dc9c64fe15005bec634f7ae6cba0474b6293f98.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/tests/hostname-check.c b/tests/hostname-check.c
index 84b60cb3b7..ceebf58359 100644
--- a/tests/hostname-check.c
+++ b/tests/hostname-check.c
@@ -1067,6 +1067,12 @@ void doit(void)
 	if (!ret)
 		fail("%d: Hostname incorrectly does not match (%d)\n", __LINE__, ret);
 
+	/* test that we don't fallback to CN matching if a supported SAN (IP addresses
+	 * in that case) is found. */
+	ret = gnutls_x509_crt_check_hostname(x509, "server-0");
+	if (ret)
+		fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret);
+
 	/* test flag GNUTLS_VERIFY_DO_NOT_ALLOW_IP_MATCHES */
 	ret = gnutls_x509_crt_check_hostname2(x509, "127.0.0.1", GNUTLS_VERIFY_DO_NOT_ALLOW_IP_MATCHES);
 	if (ret)
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-03-17 15:04:50 +0100
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-03-23 11:38:37 +0100
commit	9dc9c64fe15005bec634f7ae6cba0474b6293f98 (patch)
tree	b4e5328227c6e229c9a4b1918adc5b96c261abf7
parent	27e61632048c156a578e688a7d3b2cfc277848c2 (diff)
download	gnutls-9dc9c64fe15005bec634f7ae6cba0474b6293f98.tar.gz