Add tests for matched, unmatched and bad wildcards for STARTTLS and SSL

author: Vivek Dasmohapatra <vivek@collabora.co.uk> 2012-05-08 19:04:36 +0100
committer: Vivek Dasmohapatra <vivek@collabora.co.uk> 2012-05-09 17:01:57 +0100
commit: deba3a4d4a817ae93735382f309eec09d09de15d (patch)
tree: d054e88ec4b8a8e3e20ad5570a63c67e510be5ed /tests
parent: d841c407daa7c966884368d221329ff2749f4dcf (diff)
3 files changed, 101 insertions, 1 deletions
diff --git a/tests/wocky-connector-test.c b/tests/wocky-connector-test.c
index f1ec388..a3a1c21 100644
--- a/tests/wocky-connector-test.c
+++ b/tests/wocky-connector-test.c
@@ -173,7 +173,7 @@ test_t tests[] =
       { { TLS_SUPPORT, AUTH_MECH_OR_NULL_FOR_ALL  },
         { SERVER_PROBLEM..., CONNECTOR_PROBLEM... },
         { USERNAME, PASSWORD },
-        SERVER_LISTEN_PORT },
+        SERVER_LISTEN_PORT, SERVER_CERT },
 
       // Fake DNS Record:
       // SRV_HOSTs SRV record → { HOSTNAME, PORT }
@@ -2746,6 +2746,54 @@ test_t tests[] =
           { "moose@tomato-juice.org", "something", PLAIN, TLS },
           { NULL, 0, XMPP_V1 } } },
 
+    { "/connector/cert-verification/tls/wildcard/ok",
+      QUIET,
+      { S_NO_ERROR },
+      { { TLS, NULL },
+        { SERVER_PROBLEM_NO_PROBLEM, CONNECTOR_OK },
+        { "moose", "something" },
+        PORT_XMPP, CERT_WILDCARD },
+        { "foo.weasel-juice.org", PORT_XMPP, "thud.org", REACHABLE, UNREACHABLE },
+        { TLS_REQUIRED,
+          { "moose@foo.weasel-juice.org", "something", PLAIN, TLS },
+          { NULL, 0, XMPP_V1, STARTTLS, CERT_CHECK_STRICT, TLS_CA_DIR } } },
+
+    { "/connector/cert-verification/tls/wildcard/level-mismatch/fail",
+      QUIET,
+      { S_WOCKY_TLS_CERT_ERROR, WOCKY_TLS_CERT_NAME_MISMATCH, -1 },
+      { { TLS, NULL },
+        { SERVER_PROBLEM_NO_PROBLEM, CONNECTOR_OK },
+        { "moose", "something" },
+        PORT_XMPP, CERT_WILDCARD },
+        { "weasel-juice.org", PORT_XMPP, "thud.org", REACHABLE, UNREACHABLE },
+        { PLAINTEXT_OK,
+          { "moose@weasel-juice.org", "something", PLAIN, TLS },
+          { NULL, 0, XMPP_V1, STARTTLS, CERT_CHECK_STRICT, TLS_CA_DIR } } },
+
+    { "/connector/cert-verification/tls/wildcard/glob-mismatch/fail",
+      QUIET,
+      { S_WOCKY_TLS_CERT_ERROR, WOCKY_TLS_CERT_NAME_MISMATCH, -1 },
+      { { TLS, NULL },
+        { SERVER_PROBLEM_NO_PROBLEM, CONNECTOR_OK },
+        { "moose", "something" },
+        PORT_XMPP, CERT_WILDCARD },
+        { "foo.diesel-juice.org", PORT_XMPP, "thud.org", REACHABLE, UNREACHABLE },
+        { TLS_REQUIRED,
+          { "moose@foo.diesel-juice.org", "something", PLAIN, TLS },
+          { NULL, 0, XMPP_V1, STARTTLS, CERT_CHECK_STRICT, TLS_CA_DIR } } },
+
+    { "/connector/cert-verification/tls/bad-wildcard/fail",
+      QUIET,
+      { S_WOCKY_TLS_CERT_ERROR, WOCKY_TLS_CERT_NAME_MISMATCH, -1 },
+      { { TLS, NULL },
+        { SERVER_PROBLEM_NO_PROBLEM, CONNECTOR_OK },
+        { "moose", "something" },
+        PORT_XMPP, CERT_BADWILD },
+        { "weasel-juice.org", PORT_XMPP, "thud.org", REACHABLE, UNREACHABLE },
+        { TLS_REQUIRED,
+          { "moose@weasel-juice.org", "something", PLAIN, TLS },
+          { NULL, 0, XMPP_V1, STARTTLS, CERT_CHECK_STRICT, TLS_CA_DIR } } },
+
     /* ********************************************************************* */
     /* as above but with legacy ssl                                          */
     { "/connector/cert-verification/ssl/nohost/ok",
@@ -2844,6 +2892,54 @@ test_t tests[] =
           { "moose@weasel-juice.org", "something", PLAIN, TLS },
           { NULL, 0, XMPP_V1, OLD_SSL } } },
 
+    { "/connector/cert-verification/ssl/wildcard/ok",
+      QUIET,
+      { S_NO_ERROR },
+      { { TLS, NULL },
+        { SERVER_PROBLEM_NO_PROBLEM, { XMPP_PROBLEM_OLD_SSL, OK, OK, OK, OK } },
+        { "moose", "something" },
+        PORT_XMPP, CERT_WILDCARD },
+        { "foo.weasel-juice.org", PORT_XMPP, "thud.org", REACHABLE, UNREACHABLE },
+        { TLS_REQUIRED,
+          { "moose@foo.weasel-juice.org", "something", PLAIN, TLS },
+          { NULL, 0, XMPP_V1, OLD_SSL, CERT_CHECK_STRICT, TLS_CA_DIR } } },
+
+    { "/connector/cert-verification/ssl/wildcard/level-mismatch/fail",
+      QUIET,
+      { S_WOCKY_TLS_CERT_ERROR, WOCKY_TLS_CERT_NAME_MISMATCH, -1 },
+      { { TLS, NULL },
+        { SERVER_PROBLEM_NO_PROBLEM, { XMPP_PROBLEM_OLD_SSL, OK, OK, OK, OK } },
+        { "moose", "something" },
+        PORT_XMPP, CERT_WILDCARD },
+        { "weasel-juice.org", PORT_XMPP, "thud.org", REACHABLE, UNREACHABLE },
+        { PLAINTEXT_OK,
+          { "moose@weasel-juice.org", "something", PLAIN, TLS },
+          { NULL, 0, XMPP_V1, OLD_SSL, CERT_CHECK_STRICT, TLS_CA_DIR } } },
+
+    { "/connector/cert-verification/ssl/wildcard/glob-mismatch/fail",
+      QUIET,
+      { S_WOCKY_TLS_CERT_ERROR, WOCKY_TLS_CERT_NAME_MISMATCH, -1 },
+      { { TLS, NULL },
+        { SERVER_PROBLEM_NO_PROBLEM, { XMPP_PROBLEM_OLD_SSL, OK, OK, OK, OK } },
+        { "moose", "something" },
+        PORT_XMPP, CERT_WILDCARD },
+        { "foo.diesel-juice.org", PORT_XMPP, "thud.org", REACHABLE, UNREACHABLE },
+        { TLS_REQUIRED,
+          { "moose@foo.diesel-juice.org", "something", PLAIN, TLS },
+          { NULL, 0, XMPP_V1, OLD_SSL, CERT_CHECK_STRICT, TLS_CA_DIR } } },
+
+    { "/connector/cert-verification/ssl/bad-wildcard/fail",
+      QUIET,
+      { S_WOCKY_TLS_CERT_ERROR, WOCKY_TLS_CERT_NAME_MISMATCH, -1 },
+      { { TLS, NULL },
+        { SERVER_PROBLEM_NO_PROBLEM, { XMPP_PROBLEM_OLD_SSL, OK, OK, OK, OK } },
+        { "moose", "something" },
+        PORT_XMPP, CERT_BADWILD },
+        { "weasel-juice.org", PORT_XMPP, "thud.org", REACHABLE, UNREACHABLE },
+        { TLS_REQUIRED,
+          { "moose@weasel-juice.org", "something", PLAIN, TLS },
+          { NULL, 0, XMPP_V1, OLD_SSL, CERT_CHECK_STRICT, TLS_CA_DIR } } },
+
     /* ********************************************************************* */
     /* certificate non-verification tests                                    */
     { "/connector/cert-nonverification/tls/nohost/ok",
diff --git a/tests/wocky-test-connector-server.c b/tests/wocky-test-connector-server.c
index 9919f9e..c72d923 100644
--- a/tests/wocky-test-connector-server.c
+++ b/tests/wocky-test-connector-server.c
@@ -82,6 +82,8 @@ static struct { CertSet set; const gchar *key; const gchar *crt; } certs[] =
     { CERT_UNKNOWN,  TLS_UNKNOWN_KEY_FILE, TLS_UNKNOWN_CRT_FILE },
     { CERT_SELFSIGN, TLS_SS_KEY_FILE,      TLS_SS_CRT_FILE      },
     { CERT_REVOKED,  TLS_REV_KEY_FILE,     TLS_REV_CRT_FILE     },
+    { CERT_WILDCARD, TLS_WILD_KEY_FILE,    TLS_WILD_CRT_FILE    },
+    { CERT_BADWILD,  TLS_BADWILD_KEY_FILE, TLS_BADWILD_CRT_FILE },
     { CERT_NONE,     NULL,                 NULL                 } };
 
 struct _TestConnectorServerPrivate
diff --git a/tests/wocky-test-connector-server.h b/tests/wocky-test-connector-server.h
index 4846a32..2380d97 100644
--- a/tests/wocky-test-connector-server.h
+++ b/tests/wocky-test-connector-server.h
@@ -119,6 +119,8 @@ typedef enum
   CERT_UNKNOWN,
   CERT_SELFSIGN,
   CERT_REVOKED,
+  CERT_WILDCARD,
+  CERT_BADWILD,
   CERT_NONE,
 } CertSet;
author	Vivek Dasmohapatra <vivek@collabora.co.uk>	2012-05-08 19:04:36 +0100
committer	Vivek Dasmohapatra <vivek@collabora.co.uk>	2012-05-09 17:01:57 +0100
commit	deba3a4d4a817ae93735382f309eec09d09de15d (patch)
tree	d054e88ec4b8a8e3e20ad5570a63c67e510be5ed /tests
parent	d841c407daa7c966884368d221329ff2749f4dcf (diff)