diff options
Diffstat (limited to 'test/sslapitest.c')
| -rw-r--r-- | test/sslapitest.c | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/test/sslapitest.c b/test/sslapitest.c index 3fa60538e9..06d8e80200 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -641,6 +641,61 @@ end: return testresult; } +static int test_ssl_build_cert_chain(void) +{ + int ret = 0; + SSL_CTX *ssl_ctx = NULL; + SSL *ssl = NULL; + char *skey = test_mk_file_path(certsdir, "leaf.key"); + char *leaf_chain = test_mk_file_path(certsdir, "leaf-chain.pem"); + + if (!TEST_ptr(ssl_ctx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method()))) + goto end; + if (!TEST_ptr(ssl = SSL_new(ssl_ctx))) + goto end; + /* leaf_chain contains leaf + subinterCA + interCA + rootCA */ + if (!TEST_int_eq(SSL_use_certificate_chain_file(ssl, leaf_chain), 1) + || !TEST_int_eq(SSL_use_PrivateKey_file(ssl, skey, SSL_FILETYPE_PEM), 1) + || !TEST_int_eq(SSL_check_private_key(ssl), 1)) + goto end; + if (!TEST_true(SSL_build_cert_chain(ssl, SSL_BUILD_CHAIN_FLAG_NO_ROOT + | SSL_BUILD_CHAIN_FLAG_CHECK))) + goto end; + ret = 1; +end: + SSL_free(ssl); + SSL_CTX_free(ssl_ctx); + OPENSSL_free(leaf_chain); + OPENSSL_free(skey); + return ret; +} + +static int test_ssl_ctx_build_cert_chain(void) +{ + int ret = 0; + SSL_CTX *ctx = NULL; + char *skey = test_mk_file_path(certsdir, "leaf.key"); + char *leaf_chain = test_mk_file_path(certsdir, "leaf-chain.pem"); + + if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method()))) + goto end; + /* leaf_chain contains leaf + subinterCA + interCA + rootCA */ + if (!TEST_int_eq(SSL_CTX_use_certificate_chain_file(ctx, leaf_chain), 1) + || !TEST_int_eq(SSL_CTX_use_PrivateKey_file(ctx, skey, + SSL_FILETYPE_PEM), 1) + || !TEST_int_eq(SSL_CTX_check_private_key(ctx), 1)) + goto end; + if (!TEST_true(SSL_CTX_build_cert_chain(ctx, SSL_BUILD_CHAIN_FLAG_NO_ROOT + | SSL_BUILD_CHAIN_FLAG_CHECK))) + goto end; + ret = 1; +end: + SSL_CTX_free(ctx); + OPENSSL_free(leaf_chain); + OPENSSL_free(skey); + return ret; +} + #ifndef OPENSSL_NO_TLS1_2 static int full_client_hello_callback(SSL *s, int *al, void *arg) { @@ -8710,6 +8765,8 @@ int setup_tests(void) ADD_TEST(test_keylog_no_master_key); #endif ADD_TEST(test_client_cert_verify_cb); + ADD_TEST(test_ssl_build_cert_chain); + ADD_TEST(test_ssl_ctx_build_cert_chain); #ifndef OPENSSL_NO_TLS1_2 ADD_TEST(test_client_hello_cb); ADD_TEST(test_no_ems); |