X-Git-Url: https://git.openssl.org/gitweb/?a=blobdiff_plain;f=test%2Fdanetest.c;h=b0d6ffe563b8a28488732d06507f659c8e624562;hb=HEAD;hp=049661854e64ace7bad8bc13ec79200e5030156a;hpb=909f1a2e510bb2909dc78efead432460c6ab50d2;p=openssl.git

diff --git a/test/danetest.c b/test/danetest.c
index 049661854e..d7ef87b6d2 100644
--- a/test/danetest.c
+++ b/test/danetest.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -20,7 +20,7 @@
 #include <openssl/err.h>
 #include <openssl/conf.h>
 #ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
+# include <openssl/engine.h>
 #endif
 #include "testutil.h"
 
@@ -57,34 +57,31 @@ static int verify_chain(SSL *ssl, STACK_OF(X509) *chain)
     X509_STORE_CTX *store_ctx = NULL;
     SSL_CTX *ssl_ctx = NULL;
     X509_STORE *store = NULL;
-    X509 *cert = NULL;
     int ret = 0;
     int store_ctx_idx = SSL_get_ex_data_X509_STORE_CTX_idx();
 
     if (!TEST_ptr(store_ctx = X509_STORE_CTX_new())
             || !TEST_ptr(ssl_ctx = SSL_get_SSL_CTX(ssl))
             || !TEST_ptr(store = SSL_CTX_get_cert_store(ssl_ctx))
-            || !TEST_ptr(cert = sk_X509_value(chain, 0))
-            || !TEST_true(X509_STORE_CTX_init(store_ctx, store, cert, chain))
+            || !TEST_true(X509_STORE_CTX_init(store_ctx, store, NULL, chain))
             || !TEST_true(X509_STORE_CTX_set_ex_data(store_ctx, store_ctx_idx,
                                                      ssl)))
         goto end;
 
-    X509_STORE_CTX_set_default(store_ctx,
-            SSL_is_server(ssl) ? "ssl_client" : "ssl_server");
+    X509_STORE_CTX_set_default(store_ctx, SSL_is_server(ssl)
+                               ? "ssl_client" : "ssl_server");
     X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(store_ctx),
-            SSL_get0_param(ssl));
+                           SSL_get0_param(ssl));
     store_ctx_dane_init(store_ctx, ssl);
 
     if (SSL_get_verify_callback(ssl) != NULL)
         X509_STORE_CTX_set_verify_cb(store_ctx, SSL_get_verify_callback(ssl));
 
     /* Mask "internal failures" (-1) from our return value. */
-    if (!TEST_int_ge(ret = X509_verify_cert(store_ctx), 0))
+    if (!TEST_int_ge(ret = X509_STORE_CTX_verify(store_ctx), 0))
         ret = 0;
 
     SSL_set_verify_result(ssl, X509_STORE_CTX_get_error(store_ctx));
-    X509_STORE_CTX_cleanup(store_ctx);
 
 end:
     X509_STORE_CTX_free(store_ctx);
@@ -98,7 +95,7 @@ static STACK_OF(X509) *load_chain(BIO *fp, int nelem)
     char *header = 0;
     unsigned char *data = 0;
     long len;
-    char *errtype = 0;                /* if error: cert or pkey? */
+    char *errtype = 0; /* if error: cert or pkey? */
     STACK_OF(X509) *chain;
     typedef X509 *(*d2i_X509_t)(X509 **, const unsigned char **, long);
 
@@ -110,8 +107,8 @@ static STACK_OF(X509) *load_chain(BIO *fp, int nelem)
          && PEM_read_bio(fp, &name, &header, &data, &len) == 1;
          ++count) {
         if (strcmp(name, PEM_STRING_X509) == 0
-                    || strcmp(name, PEM_STRING_X509_TRUSTED) == 0
-                    || strcmp(name, PEM_STRING_X509_OLD) == 0) {
+                || strcmp(name, PEM_STRING_X509_TRUSTED) == 0
+                || strcmp(name, PEM_STRING_X509_OLD) == 0) {
             d2i_X509_t d = strcmp(name, PEM_STRING_X509_TRUSTED) != 0
                 ? d2i_X509_AUX : d2i_X509;
             X509 *cert;
@@ -146,16 +143,16 @@ err:
     OPENSSL_free(name);
     OPENSSL_free(header);
     OPENSSL_free(data);
-    sk_X509_pop_free(chain, X509_free);
+    OSSL_STACK_OF_X509_free(chain);
     return NULL;
 }
 
 static char *read_to_eol(BIO *f)
 {
-    static char buf[1024];
+    static char buf[4096];
     int n;
 
-    if (!BIO_gets(f, buf, sizeof(buf)))
+    if (BIO_gets(f, buf, sizeof(buf)) <= 0)
         return NULL;
 
     n = strlen(buf);
@@ -347,7 +344,7 @@ static int test_tlsafile(SSL_CTX *ctx, const char *base_name,
         }
 
         ok = verify_chain(ssl, chain);
-        sk_X509_pop_free(chain, X509_free);
+        OSSL_STACK_OF_X509_free(chain);
         err = SSL_get_verify_result(ssl);
         /*
          * Peek under the hood, normally TLSA match data is hidden when
@@ -393,11 +390,9 @@ static int run_tlsatest(void)
     if (!TEST_ptr(f = BIO_new_file(tlsafile, "r"))
             || !TEST_ptr(ctx = SSL_CTX_new(TLS_client_method()))
             || !TEST_int_gt(SSL_CTX_dane_enable(ctx), 0)
-            || !TEST_true(SSL_CTX_load_verify_locations(ctx, CAfile, NULL))
-            || !TEST_int_gt(SSL_CTX_dane_mtype_set(ctx, EVP_sha512(), 2, 1),
-                            0)
-            || !TEST_int_gt(SSL_CTX_dane_mtype_set(ctx, EVP_sha256(), 1, 2),
-                            0)
+            || !TEST_true(SSL_CTX_load_verify_file(ctx, CAfile))
+            || !TEST_int_gt(SSL_CTX_dane_mtype_set(ctx, EVP_sha512(), 2, 1), 0)
+            || !TEST_int_gt(SSL_CTX_dane_mtype_set(ctx, EVP_sha256(), 1, 2), 0)
             || !TEST_int_gt(test_tlsafile(ctx, basedomain, f, tlsafile), 0))
         goto end;
     ret = 1;
@@ -409,14 +404,19 @@ end:
     return ret;
 }
 
+OPT_TEST_DECLARE_USAGE("basedomain CAfile tlsafile\n")
+
 int setup_tests(void)
 {
+    if (!test_skip_common_options()) {
+        TEST_error("Error parsing test options\n");
+        return 0;
+    }
+
     if (!TEST_ptr(basedomain = test_get_argument(0))
             || !TEST_ptr(CAfile = test_get_argument(1))
-            || !TEST_ptr(tlsafile = test_get_argument(2))) {
-        TEST_error("Usage error: danetest basedomain CAfile tlsafile");
+            || !TEST_ptr(tlsafile = test_get_argument(2)))
         return 0;
-    }
 
     ADD_TEST(run_tlsatest);
     return 1;