Add tests for conf_diagnostics

Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from #24275)
openssl · May 9, 2024 · 3e191f4 · 3e191f4
1 parent 64bfdeb
commit 3e191f4
Show file tree

Hide file tree

Showing 5 changed files with 85 additions and 3 deletions.
diff --git a/test/context_internal_test.c b/test/context_internal_test.c
@@ -48,8 +48,36 @@ static int test_set0_default(void)
     return testresult;
 }
 
+static int test_set_get_conf_diagnostics(void)
+{
+    OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
+    int res = 0;
+
+    if (!TEST_ptr(ctx))
+        goto err;
+
+    if (!TEST_false(OSSL_LIB_CTX_get_conf_diagnostics(ctx)))
+        goto err;
+
+    OSSL_LIB_CTX_set_conf_diagnostics(ctx, 1);
+
+    if (!TEST_true(OSSL_LIB_CTX_get_conf_diagnostics(ctx)))
+        goto err;
+
+    OSSL_LIB_CTX_set_conf_diagnostics(ctx, 0);
+
+    if (!TEST_false(OSSL_LIB_CTX_get_conf_diagnostics(ctx)))
+        goto err;
+
+    res = 1;
+ err:
+    OSSL_LIB_CTX_free(ctx);
+    return res;
+}
+
 int setup_tests(void)
 {
     ADD_TEST(test_set0_default);
+    ADD_TEST(test_set_get_conf_diagnostics);
     return 1;
 }
diff --git a/test/recipes/90-test_sysdefault.t b/test/recipes/90-test_sysdefault.t
@@ -8,16 +8,24 @@
 
 
 use OpenSSL::Test::Utils;
-use OpenSSL::Test qw/:DEFAULT srctop_file/;
+use OpenSSL::Test qw/:DEFAULT data_file/;
 
 my $test_name = "test_sysdefault";
 setup($test_name);
 
 plan skip_all => "$test_name is not supported in this build"
     if disabled("tls1_2") || disabled("rsa");
 
-plan tests => 1;
+plan tests => 3;
 
-$ENV{OPENSSL_CONF} = srctop_file("test", "sysdefault.cnf");
+$ENV{OPENSSL_CONF} = data_file("sysdefault.cnf");
+
+ok(run(test(["sysdefaulttest"])), "sysdefaulttest");
+
+$ENV{OPENSSL_CONF} = data_file("sysdefault-bad.cnf");
+
+ok(!run(test(["sysdefaulttest"])), "sysdefaulttest");
+
+$ENV{OPENSSL_CONF} = data_file("sysdefault-ignore.cnf");
 
 ok(run(test(["sysdefaulttest"])), "sysdefaulttest");
diff --git a/test/sysdefault.cnf → ...0-test_sysdefault_data/sysdefault-bad.cnf b/test/sysdefault.cnf → ...0-test_sysdefault_data/sysdefault-bad.cnf
diff --git a/test/recipes/90-test_sysdefault_data/sysdefault-ignore.cnf b/test/recipes/90-test_sysdefault_data/sysdefault-ignore.cnf
@@ -0,0 +1,23 @@
+# Configuration file to test system default SSL configuration
+
+# We ignore configuration errors with config_diagnostics unset
+# config_diagnostics = 1
+
+openssl_conf = default_conf
+
+[ default_conf ]
+
+ssl_conf = ssl_sect
+oid_section = oid_sect
+
+[oid_sect]
+new-sig-oid = 1.1.1.1.1.1.1.1.1.1.1.1.1.1
+
+[ssl_sect]
+
+system_default = ssl_default_sect
+
+[ssl_default_sect]
+SignatureAlgorithms = RSA+SHA256:nonex
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
diff --git a/test/recipes/90-test_sysdefault_data/sysdefault.cnf b/test/recipes/90-test_sysdefault_data/sysdefault.cnf
@@ -0,0 +1,23 @@
+# Configuration file to test system default SSL configuration
+
+# Comment out the next line to ignore configuration errors
+config_diagnostics = 1
+
+openssl_conf = default_conf
+
+[ default_conf ]
+
+ssl_conf = ssl_sect
+oid_section = oid_sect
+
+[oid_sect]
+new-sig-oid = 1.1.1.1.1.1.1.1.1.1.1.1.1.1
+
+[ssl_sect]
+
+system_default = ssl_default_sect
+
+[ssl_default_sect]
+SignatureAlgorithms = RSA+SHA256:?nonex
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2