/*
- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
*
- * Licensed under the OpenSSL license (the "License"). You may not use
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
#include <openssl/err.h>
#include <openssl/conf.h>
#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
+# include <openssl/engine.h>
#endif
#include "testutil.h"
-#include "e_os.h"
+#include "internal/nelem.h"
#define _UC(c) ((unsigned char)(c))
X509_STORE_CTX *store_ctx = NULL;
SSL_CTX *ssl_ctx = NULL;
X509_STORE *store = NULL;
- X509 *cert = NULL;
int ret = 0;
int store_ctx_idx = SSL_get_ex_data_X509_STORE_CTX_idx();
if (!TEST_ptr(store_ctx = X509_STORE_CTX_new())
|| !TEST_ptr(ssl_ctx = SSL_get_SSL_CTX(ssl))
|| !TEST_ptr(store = SSL_CTX_get_cert_store(ssl_ctx))
- || !TEST_ptr(cert = sk_X509_value(chain, 0))
- || !TEST_true(X509_STORE_CTX_init(store_ctx, store, cert, chain))
+ || !TEST_true(X509_STORE_CTX_init(store_ctx, store, NULL, chain))
|| !TEST_true(X509_STORE_CTX_set_ex_data(store_ctx, store_ctx_idx,
ssl)))
goto end;
- X509_STORE_CTX_set_default(store_ctx,
- SSL_is_server(ssl) ? "ssl_client" : "ssl_server");
+ X509_STORE_CTX_set_default(store_ctx, SSL_is_server(ssl)
+ ? "ssl_client" : "ssl_server");
X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(store_ctx),
- SSL_get0_param(ssl));
+ SSL_get0_param(ssl));
store_ctx_dane_init(store_ctx, ssl);
if (SSL_get_verify_callback(ssl) != NULL)
X509_STORE_CTX_set_verify_cb(store_ctx, SSL_get_verify_callback(ssl));
/* Mask "internal failures" (-1) from our return value. */
- if (!TEST_int_ge(ret = X509_verify_cert(store_ctx), 0))
+ if (!TEST_int_ge(ret = X509_STORE_CTX_verify(store_ctx), 0))
ret = 0;
SSL_set_verify_result(ssl, X509_STORE_CTX_get_error(store_ctx));
- X509_STORE_CTX_cleanup(store_ctx);
end:
X509_STORE_CTX_free(store_ctx);
char *header = 0;
unsigned char *data = 0;
long len;
- char *errtype = 0; /* if error: cert or pkey? */
+ char *errtype = 0; /* if error: cert or pkey? */
STACK_OF(X509) *chain;
typedef X509 *(*d2i_X509_t)(X509 **, const unsigned char **, long);
&& PEM_read_bio(fp, &name, &header, &data, &len) == 1;
++count) {
if (strcmp(name, PEM_STRING_X509) == 0
- || strcmp(name, PEM_STRING_X509_TRUSTED) == 0
- || strcmp(name, PEM_STRING_X509_OLD) == 0) {
+ || strcmp(name, PEM_STRING_X509_TRUSTED) == 0
+ || strcmp(name, PEM_STRING_X509_OLD) == 0) {
d2i_X509_t d = strcmp(name, PEM_STRING_X509_TRUSTED) != 0
? d2i_X509_AUX : d2i_X509;
X509 *cert;
OPENSSL_free(name);
OPENSSL_free(header);
OPENSSL_free(data);
+ name = header = NULL;
+ data = NULL;
}
if (count == nelem) {
OPENSSL_free(name);
OPENSSL_free(header);
OPENSSL_free(data);
- sk_X509_pop_free(chain, X509_free);
+ OSSL_STACK_OF_X509_free(chain);
return NULL;
}
static char *read_to_eol(BIO *f)
{
- static char buf[1024];
+ static char buf[4096];
int n;
- if (!BIO_gets(f, buf, sizeof(buf)))
+ if (BIO_gets(f, buf, sizeof(buf)) <= 0)
return NULL;
n = strlen(buf);
}
ok = verify_chain(ssl, chain);
- sk_X509_pop_free(chain, X509_free);
+ OSSL_STACK_OF_X509_free(chain);
err = SSL_get_verify_result(ssl);
/*
* Peek under the hood, normally TLSA match data is hidden when
return ret;
}
-static int run_tlsatest()
+static int run_tlsatest(void)
{
SSL_CTX *ctx = NULL;
BIO *f = NULL;
if (!TEST_ptr(f = BIO_new_file(tlsafile, "r"))
|| !TEST_ptr(ctx = SSL_CTX_new(TLS_client_method()))
|| !TEST_int_gt(SSL_CTX_dane_enable(ctx), 0)
- || !TEST_true(SSL_CTX_load_verify_locations(ctx, CAfile, NULL))
- || !TEST_int_gt(SSL_CTX_dane_mtype_set(ctx, EVP_sha512(), 2, 1),
- 0)
- || !TEST_int_gt(SSL_CTX_dane_mtype_set(ctx, EVP_sha256(), 1, 2),
- 0)
+ || !TEST_true(SSL_CTX_load_verify_file(ctx, CAfile))
+ || !TEST_int_gt(SSL_CTX_dane_mtype_set(ctx, EVP_sha512(), 2, 1), 0)
+ || !TEST_int_gt(SSL_CTX_dane_mtype_set(ctx, EVP_sha256(), 1, 2), 0)
|| !TEST_int_gt(test_tlsafile(ctx, basedomain, f, tlsafile), 0))
goto end;
ret = 1;
return ret;
}
-int test_main(int argc, char *argv[])
-{
- int ret = 0;
+OPT_TEST_DECLARE_USAGE("basedomain CAfile tlsafile\n")
- if (argc != 4) {
- TEST_error("Usage error: danetest basedomain CAfile tlsafile");
+int setup_tests(void)
+{
+ if (!test_skip_common_options()) {
+ TEST_error("Error parsing test options\n");
return 0;
}
- basedomain = argv[1];
- CAfile = argv[2];
- tlsafile = argv[3];
- ADD_TEST(run_tlsatest);
+ if (!TEST_ptr(basedomain = test_get_argument(0))
+ || !TEST_ptr(CAfile = test_get_argument(1))
+ || !TEST_ptr(tlsafile = test_get_argument(2)))
+ return 0;
- ret = run_tests(argv[0]);
- return ret;
+ ADD_TEST(run_tlsatest);
+ return 1;
}
-#include <internal/dane.h>
+#include "internal/dane.h"
static void store_ctx_dane_init(X509_STORE_CTX *store_ctx, SSL *ssl)
{