diff options
| author | Joe Orton <joe@manyfish.uk> | 2021-03-08 13:40:27 +0000 |
|---|---|---|
| committer | Joe Orton <joe@manyfish.uk> | 2021-03-21 15:03:17 +0000 |
| commit | 4d4fbb43b155e6c541e9bf74967a4ed6aee512ca (patch) | |
| tree | 7f0caec1593d35691c643f4616606633528341a0 /test/ssl.c | |
| parent | aca4f7fb70fc85c55da8703183402d08716a833d (diff) | |
| download | neon-git-cert-hdigest.tar.gz | |
Add ne_ssl_cert_hdigest, alternative to ne_ssl_cert_digest.cert-hdigest
* src/ne_openssl.c (ne_ssl_cert_hdigest): New function.
(hash_to_md): Factor out of ne_vstrhash.
(ne_vstrhash): Use it.
* test/ssl.c (cert_hdigests): New test.
* test/stubs.c (stub_ssl): Test for ne_ssl_cert_hdigest.
* src/ne_gnutls.c (ne_ssl_cert_hdigest, hash_to_alg): New functions.
(ne_vstrhash): Use hash_to_alg.
* src/neon.vers: Add to library versioning.
Diffstat (limited to 'test/ssl.c')
| -rw-r--r-- | test/ssl.c | 47 |
1 files changed, 47 insertions, 0 deletions
@@ -1434,6 +1434,52 @@ static int cert_fingerprint(void) return OK; } +static int cert_hdigests(void) +{ + static const struct { + unsigned int flags; + const char *digest; + } ts[] = { + { NE_HASH_MD5|NE_HASH_COLON, "76:26:eb:db:09:e8:53:5c:79:61:0c:30:3d:77:ed:65" }, + { NE_HASH_MD5, "7626ebdb09e8535c79610c303d77ed65" }, + { NE_HASH_SHA256, "ea4a4f4f08a91a83e841e772171a2befa3f6e576b5cd9f5cd6d12e9683fe89b3" }, + { NE_HASH_SHA512, "35373c533f4000ee9b6173a45eedae732f6c953dcf76f5fba5ffb7be380de559893d0679e94051950be2a5917fa7922fbf50ef10222d5be4eea53ba948cf7703" }, + { 0, NULL } + }; + unsigned int n, passed = 0; + char *fn = ne_concat(srcdir, "/notvalid.pem", NULL); + ne_ssl_certificate *cert = ne_ssl_cert_read(fn); + + ONN("could not load notvalid.pem", cert == NULL); + + for (n = 0; ts[n].flags; n++) { + char *dig = ne_ssl_cert_hdigest(cert, ts[n].flags); + + /* Can reasonably for almost any hash (either too modern or + * too old), so what can you do? */ + if (dig == NULL) { + t_warning("failed to htdigest with flags %u", ts[n].flags); + continue; + } + + NE_DEBUG(NE_DBG_SSL, "ssl: hDigest %u got %s, expected %s\n", + ts[n].flags, dig, ts[n].digest); + + ONV(strcmp(dig, ts[n].digest), + ("digest was %s not %s", dig, ts[n].digest)); + + passed++; + ne_free(dig); + } + + ONN("no algorithms supported for ne_ssl_cert_hdigest", passed == 0); + + ne_ssl_cert_free(cert); + ne_free(fn); + + return OK; +} + /* verify that identity of certificate in filename 'fname' is 'identity' */ static int check_identity(const char *fname, const char *identity) { @@ -1883,6 +1929,7 @@ ne_test tests[] = { T(trust_default_ca), T(cert_fingerprint), + T(cert_hdigests), T(cert_identities), T(cert_validity), T(cert_compare), |