-/* danetest.c */
/* ====================================================================
* Copyright (c) 2015 The OpenSSL Project. All rights reserved.
*
#include "../e_os.h"
+#define _UC(c) ((unsigned char)(c))
+
static const char *progname;
/*
return (ret);
}
-static STACK_OF(X509) *load_chain(FILE *fp, int nelem)
+static STACK_OF(X509) *load_chain(BIO *fp, int nelem)
{
int count;
char *name = 0;
for (count = 0;
count < nelem && errtype == 0
- && PEM_read(fp, &name, &header, &data, &len);
+ && PEM_read_bio(fp, &name, &header, &data, &len);
++count) {
const unsigned char *p = data;
return NULL;
}
-static char *read_to_eol(FILE *f)
+static char *read_to_eol(BIO *f)
{
static char buf[1024];
int n;
- if (fgets(buf, sizeof(buf), f)== NULL)
+ if (!BIO_gets(f, buf, sizeof(buf)))
return NULL;
n = strlen(buf);
}
/* Trim trailing whitespace */
- while (n > 0 && isspace(buf[n-1]))
+ while (n > 0 && isspace(_UC(buf[n-1])))
buf[--n] = '\0';
return buf;
for (byte = 0; *in; ++in) {
char c;
- if (isspace(*in))
+ if (isspace(_UC(*in)))
continue;
- c = tolower(*in);
+ c = tolower(_UC(*in));
if ('0' <= c && c <= '9') {
byte |= c - '0';
} else if ('a' <= c && c <= 'f') {
e = restore_errno();
if (((v == LONG_MIN || v == LONG_MAX) && e == ERANGE) ||
- endp == cp || !isspace(*endp) ||
+ endp == cp || !isspace(_UC(*endp)) ||
v != (*(uint8_t *)result = (uint8_t) v)) {
return -1;
}
- for (cp = endp; isspace(*cp); ++cp)
+ for (cp = endp; isspace(_UC(*cp)); ++cp)
continue;
return cp - in;
}
static int allws(const char *cp)
{
while (*cp)
- if (!isspace(*cp++))
+ if (!isspace(_UC(*cp++)))
return 0;
return 1;
}
static int test_tlsafile(SSL_CTX *ctx, const char *basename,
- FILE *f, const char *path)
+ BIO *f, const char *path)
{
char *line;
int testno = 0;
ok = verify_chain(ssl, chain);
sk_X509_pop_free(chain, X509_free);
err = SSL_get_verify_result(ssl);
+ /*
+ * Peek under the hood, normally TLSA match data is hidden when
+ * verification fails, we can obtain any suppressed data by setting the
+ * verification result to X509_V_OK before looking.
+ */
+ SSL_set_verify_result(ssl, X509_V_OK);
mdpth = SSL_get0_dane_authority(ssl, NULL, NULL);
+ /* Not needed any more, but lead by example and put the error back. */
+ SSL_set_verify_result(ssl, err);
SSL_free(ssl);
if (ok < 0) {
int main(int argc, char *argv[])
{
- FILE *f;
+ BIO *f;
BIO *bio_err;
SSL_CTX *ctx = NULL;
const char *basedomain;
CAfile = argv[2];
tlsafile = argv[3];
+ bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+
p = getenv("OPENSSL_DEBUG_MEMORY");
if (p != NULL && strcmp(p, "on") == 0)
CRYPTO_set_mem_debug(1);
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
- f = fopen(tlsafile, "r");
+ f = BIO_new_file(tlsafile, "r");
if (f == NULL) {
fprintf(stderr, "%s: Error opening tlsa record file: '%s': %s\n",
progname, tlsafile, strerror(errno));
return 0;
}
- bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
-
- SSL_library_init();
- SSL_load_error_strings();
ctx = SSL_CTX_new(TLS_client_method());
if (SSL_CTX_dane_enable(ctx) <= 0) {
end:
- (void) fclose(f);
+ BIO_free(f);
SSL_CTX_free(ctx);
-#ifndef OPENSSL_NO_ENGINE
- ENGINE_cleanup();
-#endif
- CONF_modules_unload(1);
- CRYPTO_cleanup_all_ex_data();
- ERR_free_strings();
- ERR_remove_thread_state(NULL);
- EVP_cleanup();
#ifndef OPENSSL_NO_CRYPTO_MDEBUG
- CRYPTO_mem_leaks(bio_err);
+ if (CRYPTO_mem_leaks(bio_err) <= 0)
+ ret = 1;
#endif
BIO_free(bio_err);
EXIT(ret);