From cd3c0e56490050eaf0ab635b5d18d374ccdcd3e2 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Thu, 8 Sep 2016 15:03:00 +0200 Subject: tests: enhanced set_x509_key tests to include index verification That is, verify that correct indexes are returned, and these can be used with gnutls_certificate_get_crt_raw() afterwards. --- tests/set_x509_key.c | 94 +++++++++++++++++++++++++++++----------------------- 1 file changed, 53 insertions(+), 41 deletions(-) diff --git a/tests/set_x509_key.c b/tests/set_x509_key.c index 51177ed05c..deae8a335b 100644 --- a/tests/set_x509_key.c +++ b/tests/set_x509_key.c @@ -64,79 +64,91 @@ static time_t mytime(time_t * t) return then; } -static void basic(void) +static unsigned import_key(gnutls_certificate_credentials_t xcred, const gnutls_datum_t *skey, const gnutls_datum_t *cert) { - gnutls_certificate_credentials_t x509_cred; - gnutls_certificate_credentials_t clicred; gnutls_pcert_st pcert_list[16]; gnutls_privkey_t key; - unsigned pcert_list_size; - const char *names[] = {"localhost", "localhost2"}; + unsigned pcert_list_size, idx, i; gnutls_datum_t tcert; + const char *names[] = {"localhost", "localhost2"}; int ret; - /* this must be called once in the program - */ - global_init(); - - gnutls_global_set_time_function(mytime); - - gnutls_global_set_log_function(tls_log_func); - if (debug) - gnutls_global_set_log_level(6); - - assert(gnutls_certificate_allocate_credentials(&clicred) >= 0); - assert(gnutls_certificate_allocate_credentials(&x509_cred)>=0); assert(gnutls_privkey_init(&key)>=0); - ret = gnutls_certificate_set_x509_trust_mem(clicred, &ca_cert, GNUTLS_X509_FMT_PEM); - if (ret < 0) - fail("set_x509_trust_file failed: %s\n", gnutls_strerror(ret)); - pcert_list_size = sizeof(pcert_list)/sizeof(pcert_list[0]); ret = gnutls_pcert_list_import_x509_raw(pcert_list, &pcert_list_size, - &server_cert, GNUTLS_X509_FMT_PEM, 0); + cert, GNUTLS_X509_FMT_PEM, 0); if (ret < 0) { fail("error in gnutls_pcert_list_import_x509_raw: %s\n", gnutls_strerror(ret)); } - ret = gnutls_privkey_import_x509_raw(key, &server_key, GNUTLS_X509_FMT_PEM, NULL, 0); + ret = gnutls_privkey_import_x509_raw(key, skey, GNUTLS_X509_FMT_PEM, NULL, 0); if (ret < 0) { fail("error in key import: %s\n", gnutls_strerror(ret)); } - ret = gnutls_certificate_set_key(x509_cred, names, 2, pcert_list, + ret = gnutls_certificate_set_key(xcred, names, 2, pcert_list, pcert_list_size, key); if (ret < 0) { fail("error in gnutls_certificate_set_key: %s\n", gnutls_strerror(ret)); exit(1); } + /* return index */ + idx = ret; + /* verify whether the stored certificate match the ones we have */ - ret = gnutls_certificate_get_crt_raw(x509_cred, 0, 0, &tcert); - if (ret < 0) { - fail("error in %d: %s\n", __LINE__, gnutls_strerror(ret)); - exit(1); + for (i=0;i= 0); + assert(gnutls_certificate_allocate_credentials(&x509_cred)>=0); + + ret = gnutls_certificate_set_x509_trust_mem(clicred, &ca_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("set_x509_trust_file failed: %s\n", gnutls_strerror(ret)); + + idx = import_key(x509_cred, &server_key, &server_cert); + assert(idx == 0); test_cli_serv(x509_cred, clicred, "NORMAL", "localhost", NULL, NULL, NULL); + /* verify that we can add certs, and that their index will change */ + for (i=0;i<16;i++) { + idx = import_key(x509_cred, &server_ecc_key, &server_ecc_cert); + assert(idx == 1+i); + } + gnutls_certificate_free_credentials(x509_cred); gnutls_certificate_free_credentials(clicred); -- cgit v1.2.1