OPENSSL_free(result->server_npn_negotiated);
OPENSSL_free(result->client_alpn_negotiated);
OPENSSL_free(result->server_alpn_negotiated);
+ sk_X509_NAME_pop_free(result->server_ca_names, X509_NAME_free);
sk_X509_NAME_pop_free(result->client_ca_names, X509_NAME_free);
OPENSSL_free(result);
}
/* API dictates unsigned int rather than size_t. */
unsigned int proto_len = 0;
EVP_PKEY *tmp_key;
- STACK_OF(X509_NAME) *names;
+ const STACK_OF(X509_NAME) *names;
memset(&server_ctx_data, 0, sizeof(server_ctx_data));
memset(&server2_ctx_data, 0, sizeof(server2_ctx_data));
SSL_get_peer_signature_type_nid(client.ssl, &ret->server_sign_type);
SSL_get_peer_signature_type_nid(server.ssl, &ret->client_sign_type);
- names = SSL_get_client_CA_list(client.ssl);
+ names = SSL_get0_peer_CA_list(client.ssl);
if (names == NULL)
ret->client_ca_names = NULL;
else
ret->client_ca_names = SSL_dup_CA_list(names);
+ names = SSL_get0_peer_CA_list(server.ssl);
+ if (names == NULL)
+ ret->server_ca_names = NULL;
+ else
+ ret->server_ca_names = SSL_dup_CA_list(names);
+
ret->server_cert_type = peer_pkey_type(client.ssl);
ret->client_cert_type = peer_pkey_type(server.ssl);
return 0;
}
-static int check_tmp_key(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
-{
- return check_nid("Tmp key", test_ctx->expected_tmp_key_type,
- result->tmp_key_type);
-}
-
-static int check_server_cert_type(HANDSHAKE_RESULT *result,
- SSL_TEST_CTX *test_ctx)
-{
- return check_nid("Server certificate", test_ctx->expected_server_cert_type,
- result->server_cert_type);
-}
-
-static int check_server_sign_hash(HANDSHAKE_RESULT *result,
- SSL_TEST_CTX *test_ctx)
-{
- return check_nid("Server signing hash", test_ctx->expected_server_sign_hash,
- result->server_sign_hash);
-}
-
-static int check_server_sign_type(HANDSHAKE_RESULT *result,
- SSL_TEST_CTX *test_ctx)
-{
- return check_nid("Server signing", test_ctx->expected_server_sign_type,
- result->server_sign_type);
-}
-
-static int check_client_cert_type(HANDSHAKE_RESULT *result,
- SSL_TEST_CTX *test_ctx)
-{
- return check_nid("Client certificate", test_ctx->expected_client_cert_type,
- result->client_cert_type);
-}
-
-static int check_client_sign_hash(HANDSHAKE_RESULT *result,
- SSL_TEST_CTX *test_ctx)
-{
- return check_nid("Client signing hash", test_ctx->expected_client_sign_hash,
- result->client_sign_hash);
-}
-
-static int check_client_sign_type(HANDSHAKE_RESULT *result,
- SSL_TEST_CTX *test_ctx)
-{
- return check_nid("Client signing", test_ctx->expected_client_sign_type,
- result->client_sign_type);
-}
-
static void print_ca_names(STACK_OF(X509_NAME) *names)
{
BIO *err;
return 0;
}
+static int check_tmp_key(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
+{
+ return check_nid("Tmp key", test_ctx->expected_tmp_key_type,
+ result->tmp_key_type);
+}
+
+static int check_server_cert_type(HANDSHAKE_RESULT *result,
+ SSL_TEST_CTX *test_ctx)
+{
+ return check_nid("Server certificate", test_ctx->expected_server_cert_type,
+ result->server_cert_type);
+}
+
+static int check_server_sign_hash(HANDSHAKE_RESULT *result,
+ SSL_TEST_CTX *test_ctx)
+{
+ return check_nid("Server signing hash", test_ctx->expected_server_sign_hash,
+ result->server_sign_hash);
+}
+
+static int check_server_sign_type(HANDSHAKE_RESULT *result,
+ SSL_TEST_CTX *test_ctx)
+{
+ return check_nid("Server signing", test_ctx->expected_server_sign_type,
+ result->server_sign_type);
+}
+
+static int check_server_ca_names(HANDSHAKE_RESULT *result,
+ SSL_TEST_CTX *test_ctx)
+{
+ return check_ca_names("Server CA names",
+ test_ctx->expected_server_ca_names,
+ result->server_ca_names);
+}
+
+static int check_client_cert_type(HANDSHAKE_RESULT *result,
+ SSL_TEST_CTX *test_ctx)
+{
+ return check_nid("Client certificate", test_ctx->expected_client_cert_type,
+ result->client_cert_type);
+}
+
+static int check_client_sign_hash(HANDSHAKE_RESULT *result,
+ SSL_TEST_CTX *test_ctx)
+{
+ return check_nid("Client signing hash", test_ctx->expected_client_sign_hash,
+ result->client_sign_hash);
+}
+
+static int check_client_sign_type(HANDSHAKE_RESULT *result,
+ SSL_TEST_CTX *test_ctx)
+{
+ return check_nid("Client signing", test_ctx->expected_client_sign_type,
+ result->client_sign_type);
+}
+
static int check_client_ca_names(HANDSHAKE_RESULT *result,
SSL_TEST_CTX *test_ctx)
{
ret &= check_server_cert_type(result, test_ctx);
ret &= check_server_sign_hash(result, test_ctx);
ret &= check_server_sign_type(result, test_ctx);
+ ret &= check_server_ca_names(result, test_ctx);
ret &= check_client_cert_type(result, test_ctx);
ret &= check_client_sign_hash(result, test_ctx);
ret &= check_client_sign_type(result, test_ctx);
*pnames = SSL_load_client_CA_file(value);
return *pnames != NULL;
}
+__owur static int parse_expected_server_ca_names(SSL_TEST_CTX *test_ctx,
+ const char *value)
+{
+ return parse_expected_ca_names(&test_ctx->expected_server_ca_names, value);
+}
__owur static int parse_expected_client_ca_names(SSL_TEST_CTX *test_ctx,
const char *value)
{
{ "ExpectedServerCertType", &parse_expected_server_cert_type },
{ "ExpectedServerSignHash", &parse_expected_server_sign_hash },
{ "ExpectedServerSignType", &parse_expected_server_sign_type },
+ { "ExpectedServerCANames", &parse_expected_server_ca_names },
{ "ExpectedClientCertType", &parse_expected_client_cert_type },
{ "ExpectedClientSignHash", &parse_expected_client_sign_hash },
{ "ExpectedClientSignType", &parse_expected_client_sign_type },
ssl_test_ctx_free_extra_data(ctx);
OPENSSL_free(ctx->expected_npn_protocol);
OPENSSL_free(ctx->expected_alpn_protocol);
+ sk_X509_NAME_pop_free(ctx->expected_server_ca_names, X509_NAME_free);
sk_X509_NAME_pop_free(ctx->expected_client_ca_names, X509_NAME_free);
OPENSSL_free(ctx);
}
projects / openssl.git / commitdiff