Remove proxy tests. Add verify callback tests.

[openssl.git] / test / handshake_helper.c
diff --git a/test/handshake_helper.c b/test/handshake_helper.c

index 4682d45bfb40a6e0b6ff4c4735801fe02bbf6028..0a27324899c569b292e095e0a99be95b18039231 100644 (file)
--- a/test/handshake_helper.c
+++ b/test/handshake_helper.c
@@ -11,6 +11,7 @@
  #include <string.h>
  
  #include <openssl/bio.h>
  #include <string.h>
  
  #include <openssl/bio.h>
+#include <openssl/x509_vfy.h>
  #include <openssl/ssl.h>
  
  #include "handshake_helper.h"
  #include <openssl/ssl.h>
  
  #include "handshake_helper.h"
@@ -40,6 +41,37 @@ static void info_callback(const SSL *s, int where, int ret)
      }
  }
  
      }
  }
  
+static int verify_reject_callback(X509_STORE_CTX *ctx, void *arg) {
+    X509_STORE_CTX_set_error(ctx, X509_V_ERR_APPLICATION_VERIFICATION);
+    return 0;
+}
+
+static int verify_accept_callback(X509_STORE_CTX *ctx, void *arg) {
+    return 1;
+}
+
+/*
+ * Configure callbacks and other properties that can't be set directly
+ * in the server/client CONF.
+ */
+static void configure_handshake(SSL_CTX *server_ctx, SSL_CTX *client_ctx,
+                                const SSL_TEST_CTX *test_ctx)
+{
+    switch (test_ctx->client_verify_callback) {
+    case SSL_TEST_VERIFY_ACCEPT_ALL:
+        SSL_CTX_set_cert_verify_callback(client_ctx, &verify_accept_callback,
+                                         NULL);
+        break;
+    case SSL_TEST_VERIFY_REJECT_ALL:
+        SSL_CTX_set_cert_verify_callback(client_ctx, &verify_reject_callback,
+                                         NULL);
+        break;
+    default:
+        break;
+    }
+}
+
+
  typedef enum {
      PEER_SUCCESS,
      PEER_RETRY,
  typedef enum {
      PEER_SUCCESS,
      PEER_RETRY,
@@ -139,7 +171,8 @@ static handshake_status_t handshake_status(peer_status_t last_status,
      return INTERNAL_ERROR;
  }
  
      return INTERNAL_ERROR;
  }
  
-HANDSHAKE_RESULT do_handshake(SSL_CTX *server_ctx, SSL_CTX *client_ctx)
+HANDSHAKE_RESULT do_handshake(SSL_CTX *server_ctx, SSL_CTX *client_ctx,
+                              const SSL_TEST_CTX *test_ctx)
  {
      SSL *server, *client;
      BIO *client_to_server, *server_to_client;
  {
      SSL *server, *client;
      BIO *client_to_server, *server_to_client;
@@ -149,6 +182,8 @@ HANDSHAKE_RESULT do_handshake(SSL_CTX *server_ctx, SSL_CTX *client_ctx)
      peer_status_t client_status = PEER_RETRY, server_status = PEER_RETRY;
      handshake_status_t status = HANDSHAKE_RETRY;
  
      peer_status_t client_status = PEER_RETRY, server_status = PEER_RETRY;
      handshake_status_t status = HANDSHAKE_RETRY;
  
+    configure_handshake(server_ctx, client_ctx, test_ctx);
+
      server = SSL_new(server_ctx);
      client = SSL_new(client_ctx);
      OPENSSL_assert(server != NULL && client != NULL);
      server = SSL_new(server_ctx);
      client = SSL_new(client_ctx);
      OPENSSL_assert(server != NULL && client != NULL);