/*
- * Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
#include <openssl/err.h>
#include <openssl/conf.h>
#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
+# include <openssl/engine.h>
#endif
#include "testutil.h"
X509_STORE_CTX *store_ctx = NULL;
SSL_CTX *ssl_ctx = NULL;
X509_STORE *store = NULL;
- X509 *cert = NULL;
int ret = 0;
int store_ctx_idx = SSL_get_ex_data_X509_STORE_CTX_idx();
if (!TEST_ptr(store_ctx = X509_STORE_CTX_new())
|| !TEST_ptr(ssl_ctx = SSL_get_SSL_CTX(ssl))
|| !TEST_ptr(store = SSL_CTX_get_cert_store(ssl_ctx))
- || !TEST_ptr(cert = sk_X509_value(chain, 0))
- || !TEST_true(X509_STORE_CTX_init(store_ctx, store, cert, chain))
+ || !TEST_true(X509_STORE_CTX_init(store_ctx, store, NULL, chain))
|| !TEST_true(X509_STORE_CTX_set_ex_data(store_ctx, store_ctx_idx,
ssl)))
goto end;
- X509_STORE_CTX_set_default(store_ctx,
- SSL_is_server(ssl) ? "ssl_client" : "ssl_server");
+ X509_STORE_CTX_set_default(store_ctx, SSL_is_server(ssl)
+ ? "ssl_client" : "ssl_server");
X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(store_ctx),
- SSL_get0_param(ssl));
+ SSL_get0_param(ssl));
store_ctx_dane_init(store_ctx, ssl);
if (SSL_get_verify_callback(ssl) != NULL)
X509_STORE_CTX_set_verify_cb(store_ctx, SSL_get_verify_callback(ssl));
/* Mask "internal failures" (-1) from our return value. */
- if (!TEST_int_ge(ret = X509_verify_cert(store_ctx), 0))
+ if (!TEST_int_ge(ret = X509_STORE_CTX_verify(store_ctx), 0))
ret = 0;
SSL_set_verify_result(ssl, X509_STORE_CTX_get_error(store_ctx));
- X509_STORE_CTX_cleanup(store_ctx);
end:
X509_STORE_CTX_free(store_ctx);
char *header = 0;
unsigned char *data = 0;
long len;
- char *errtype = 0; /* if error: cert or pkey? */
+ char *errtype = 0; /* if error: cert or pkey? */
STACK_OF(X509) *chain;
typedef X509 *(*d2i_X509_t)(X509 **, const unsigned char **, long);
&& PEM_read_bio(fp, &name, &header, &data, &len) == 1;
++count) {
if (strcmp(name, PEM_STRING_X509) == 0
- || strcmp(name, PEM_STRING_X509_TRUSTED) == 0
- || strcmp(name, PEM_STRING_X509_OLD) == 0) {
+ || strcmp(name, PEM_STRING_X509_TRUSTED) == 0
+ || strcmp(name, PEM_STRING_X509_OLD) == 0) {
d2i_X509_t d = strcmp(name, PEM_STRING_X509_TRUSTED) != 0
? d2i_X509_AUX : d2i_X509;
X509 *cert;
OPENSSL_free(name);
OPENSSL_free(header);
OPENSSL_free(data);
- sk_X509_pop_free(chain, X509_free);
+ OSSL_STACK_OF_X509_free(chain);
return NULL;
}
static char *read_to_eol(BIO *f)
{
- static char buf[1024];
+ static char buf[4096];
int n;
- if (!BIO_gets(f, buf, sizeof(buf)))
+ if (BIO_gets(f, buf, sizeof(buf)) <= 0)
return NULL;
n = strlen(buf);
}
ok = verify_chain(ssl, chain);
- sk_X509_pop_free(chain, X509_free);
+ OSSL_STACK_OF_X509_free(chain);
err = SSL_get_verify_result(ssl);
/*
* Peek under the hood, normally TLSA match data is hidden when
if (!TEST_ptr(f = BIO_new_file(tlsafile, "r"))
|| !TEST_ptr(ctx = SSL_CTX_new(TLS_client_method()))
|| !TEST_int_gt(SSL_CTX_dane_enable(ctx), 0)
- || !TEST_true(SSL_CTX_load_verify_locations(ctx, CAfile, NULL))
- || !TEST_int_gt(SSL_CTX_dane_mtype_set(ctx, EVP_sha512(), 2, 1),
- 0)
- || !TEST_int_gt(SSL_CTX_dane_mtype_set(ctx, EVP_sha256(), 1, 2),
- 0)
+ || !TEST_true(SSL_CTX_load_verify_file(ctx, CAfile))
+ || !TEST_int_gt(SSL_CTX_dane_mtype_set(ctx, EVP_sha512(), 2, 1), 0)
+ || !TEST_int_gt(SSL_CTX_dane_mtype_set(ctx, EVP_sha256(), 1, 2), 0)
|| !TEST_int_gt(test_tlsafile(ctx, basedomain, f, tlsafile), 0))
goto end;
ret = 1;
return ret;
}
+OPT_TEST_DECLARE_USAGE("basedomain CAfile tlsafile\n")
+
int setup_tests(void)
{
+ if (!test_skip_common_options()) {
+ TEST_error("Error parsing test options\n");
+ return 0;
+ }
+
if (!TEST_ptr(basedomain = test_get_argument(0))
|| !TEST_ptr(CAfile = test_get_argument(1))
- || !TEST_ptr(tlsafile = test_get_argument(2))) {
- TEST_error("Usage error: danetest basedomain CAfile tlsafile");
+ || !TEST_ptr(tlsafile = test_get_argument(2)))
return 0;
- }
ADD_TEST(run_tlsatest);
return 1;