diff options
| author | Carlos MartÃn Nieto <carlosmn@github.com> | 2017-01-09 20:26:28 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-01-09 20:26:28 +0000 |
| commit | 83283d5c0a4833a8aa564821d31ecf7df461c468 (patch) | |
| tree | cd9fc5bdb7db437807626b03e9d9389855c013db /tests | |
| parent | 428e18f8d4765b8ad6cf4022080a81ab16f6fdc4 (diff) | |
| parent | 45a2ee3f401d0e2f23d84b987099e0dc34a68117 (diff) | |
| download | libgit2-maint/v0.24.tar.gz | |
Merge pull request #4075 from libgit2/cmn/sec-update-24v0.24.6maint/v0.24
Security updates for v0.24
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/online/badssl.c | 36 |
1 files changed, 35 insertions, 1 deletions
diff --git a/tests/online/badssl.c b/tests/online/badssl.c index 66b090df4..aa4c24d9c 100644 --- a/tests/online/badssl.c +++ b/tests/online/badssl.c @@ -10,37 +10,71 @@ static bool g_has_ssl = true; static bool g_has_ssl = false; #endif +static int cert_check_assert_invalid(git_cert *cert, int valid, const char* host, void *payload) +{ + GIT_UNUSED(cert); GIT_UNUSED(host); GIT_UNUSED(payload); + + cl_assert_equal_i(0, valid); + + return GIT_ECERTIFICATE; +} + void test_online_badssl__expired(void) { + git_clone_options opts = GIT_CLONE_OPTIONS_INIT; + opts.fetch_opts.callbacks.certificate_check = cert_check_assert_invalid; + if (!g_has_ssl) cl_skip(); cl_git_fail_with(GIT_ECERTIFICATE, git_clone(&g_repo, "https://expired.badssl.com/fake.git", "./fake", NULL)); + + cl_git_fail_with(GIT_ECERTIFICATE, + git_clone(&g_repo, "https://expired.badssl.com/fake.git", "./fake", &opts)); } void test_online_badssl__wrong_host(void) { + git_clone_options opts = GIT_CLONE_OPTIONS_INIT; + opts.fetch_opts.callbacks.certificate_check = cert_check_assert_invalid; + if (!g_has_ssl) cl_skip(); cl_git_fail_with(GIT_ECERTIFICATE, git_clone(&g_repo, "https://wrong.host.badssl.com/fake.git", "./fake", NULL)); + cl_git_fail_with(GIT_ECERTIFICATE, + git_clone(&g_repo, "https://wrong.host.badssl.com/fake.git", "./fake", &opts)); } void test_online_badssl__self_signed(void) { + git_clone_options opts = GIT_CLONE_OPTIONS_INIT; + opts.fetch_opts.callbacks.certificate_check = cert_check_assert_invalid; + if (!g_has_ssl) cl_skip(); cl_git_fail_with(GIT_ECERTIFICATE, git_clone(&g_repo, "https://self-signed.badssl.com/fake.git", "./fake", NULL)); + cl_git_fail_with(GIT_ECERTIFICATE, + git_clone(&g_repo, "https://self-signed.badssl.com/fake.git", "./fake", &opts)); } void test_online_badssl__old_cipher(void) { + git_clone_options opts = GIT_CLONE_OPTIONS_INIT; + opts.fetch_opts.callbacks.certificate_check = cert_check_assert_invalid; + + /* FIXME: we don't actually reject RC4 anywhere, figure out what to tweak */ + cl_skip(); + if (!g_has_ssl) cl_skip(); - cl_git_fail(git_clone(&g_repo, "https://rc4.badssl.com/fake.git", "./fake", NULL)); + cl_git_fail_with(GIT_ECERTIFICATE, + git_clone(&g_repo, "https://rc4.badssl.com/fake.git", "./fake", NULL)); + cl_git_fail_with(GIT_ECERTIFICATE, + git_clone(&g_repo, "https://rc4.badssl.com/fake.git", "./fake", &opts)); } |