diff options
author | Vivek Dasmohapatra <vivek@collabora.co.uk> | 2012-05-08 19:04:36 +0100 |
---|---|---|
committer | Vivek Dasmohapatra <vivek@collabora.co.uk> | 2012-05-09 17:01:57 +0100 |
commit | deba3a4d4a817ae93735382f309eec09d09de15d (patch) | |
tree | d054e88ec4b8a8e3e20ad5570a63c67e510be5ed /tests | |
parent | d841c407daa7c966884368d221329ff2749f4dcf (diff) |
Add tests for matched, unmatched and bad wildcards for STARTTLS and SSL
Diffstat (limited to 'tests')
-rw-r--r-- | tests/wocky-connector-test.c | 98 | ||||
-rw-r--r-- | tests/wocky-test-connector-server.c | 2 | ||||
-rw-r--r-- | tests/wocky-test-connector-server.h | 2 |
3 files changed, 101 insertions, 1 deletions
diff --git a/tests/wocky-connector-test.c b/tests/wocky-connector-test.c index f1ec388..a3a1c21 100644 --- a/tests/wocky-connector-test.c +++ b/tests/wocky-connector-test.c @@ -173,7 +173,7 @@ test_t tests[] = { { TLS_SUPPORT, AUTH_MECH_OR_NULL_FOR_ALL }, { SERVER_PROBLEM..., CONNECTOR_PROBLEM... }, { USERNAME, PASSWORD }, - SERVER_LISTEN_PORT }, + SERVER_LISTEN_PORT, SERVER_CERT }, // Fake DNS Record: // SRV_HOSTs SRV record → { HOSTNAME, PORT } @@ -2746,6 +2746,54 @@ test_t tests[] = { "moose@tomato-juice.org", "something", PLAIN, TLS }, { NULL, 0, XMPP_V1 } } }, + { "/connector/cert-verification/tls/wildcard/ok", + QUIET, + { S_NO_ERROR }, + { { TLS, NULL }, + { SERVER_PROBLEM_NO_PROBLEM, CONNECTOR_OK }, + { "moose", "something" }, + PORT_XMPP, CERT_WILDCARD }, + { "foo.weasel-juice.org", PORT_XMPP, "thud.org", REACHABLE, UNREACHABLE }, + { TLS_REQUIRED, + { "moose@foo.weasel-juice.org", "something", PLAIN, TLS }, + { NULL, 0, XMPP_V1, STARTTLS, CERT_CHECK_STRICT, TLS_CA_DIR } } }, + + { "/connector/cert-verification/tls/wildcard/level-mismatch/fail", + QUIET, + { S_WOCKY_TLS_CERT_ERROR, WOCKY_TLS_CERT_NAME_MISMATCH, -1 }, + { { TLS, NULL }, + { SERVER_PROBLEM_NO_PROBLEM, CONNECTOR_OK }, + { "moose", "something" }, + PORT_XMPP, CERT_WILDCARD }, + { "weasel-juice.org", PORT_XMPP, "thud.org", REACHABLE, UNREACHABLE }, + { PLAINTEXT_OK, + { "moose@weasel-juice.org", "something", PLAIN, TLS }, + { NULL, 0, XMPP_V1, STARTTLS, CERT_CHECK_STRICT, TLS_CA_DIR } } }, + + { "/connector/cert-verification/tls/wildcard/glob-mismatch/fail", + QUIET, + { S_WOCKY_TLS_CERT_ERROR, WOCKY_TLS_CERT_NAME_MISMATCH, -1 }, + { { TLS, NULL }, + { SERVER_PROBLEM_NO_PROBLEM, CONNECTOR_OK }, + { "moose", "something" }, + PORT_XMPP, CERT_WILDCARD }, + { "foo.diesel-juice.org", PORT_XMPP, "thud.org", REACHABLE, UNREACHABLE }, + { TLS_REQUIRED, + { "moose@foo.diesel-juice.org", "something", PLAIN, TLS }, + { NULL, 0, XMPP_V1, STARTTLS, CERT_CHECK_STRICT, TLS_CA_DIR } } }, + + { "/connector/cert-verification/tls/bad-wildcard/fail", + QUIET, + { S_WOCKY_TLS_CERT_ERROR, WOCKY_TLS_CERT_NAME_MISMATCH, -1 }, + { { TLS, NULL }, + { SERVER_PROBLEM_NO_PROBLEM, CONNECTOR_OK }, + { "moose", "something" }, + PORT_XMPP, CERT_BADWILD }, + { "weasel-juice.org", PORT_XMPP, "thud.org", REACHABLE, UNREACHABLE }, + { TLS_REQUIRED, + { "moose@weasel-juice.org", "something", PLAIN, TLS }, + { NULL, 0, XMPP_V1, STARTTLS, CERT_CHECK_STRICT, TLS_CA_DIR } } }, + /* ********************************************************************* */ /* as above but with legacy ssl */ { "/connector/cert-verification/ssl/nohost/ok", @@ -2844,6 +2892,54 @@ test_t tests[] = { "moose@weasel-juice.org", "something", PLAIN, TLS }, { NULL, 0, XMPP_V1, OLD_SSL } } }, + { "/connector/cert-verification/ssl/wildcard/ok", + QUIET, + { S_NO_ERROR }, + { { TLS, NULL }, + { SERVER_PROBLEM_NO_PROBLEM, { XMPP_PROBLEM_OLD_SSL, OK, OK, OK, OK } }, + { "moose", "something" }, + PORT_XMPP, CERT_WILDCARD }, + { "foo.weasel-juice.org", PORT_XMPP, "thud.org", REACHABLE, UNREACHABLE }, + { TLS_REQUIRED, + { "moose@foo.weasel-juice.org", "something", PLAIN, TLS }, + { NULL, 0, XMPP_V1, OLD_SSL, CERT_CHECK_STRICT, TLS_CA_DIR } } }, + + { "/connector/cert-verification/ssl/wildcard/level-mismatch/fail", + QUIET, + { S_WOCKY_TLS_CERT_ERROR, WOCKY_TLS_CERT_NAME_MISMATCH, -1 }, + { { TLS, NULL }, + { SERVER_PROBLEM_NO_PROBLEM, { XMPP_PROBLEM_OLD_SSL, OK, OK, OK, OK } }, + { "moose", "something" }, + PORT_XMPP, CERT_WILDCARD }, + { "weasel-juice.org", PORT_XMPP, "thud.org", REACHABLE, UNREACHABLE }, + { PLAINTEXT_OK, + { "moose@weasel-juice.org", "something", PLAIN, TLS }, + { NULL, 0, XMPP_V1, OLD_SSL, CERT_CHECK_STRICT, TLS_CA_DIR } } }, + + { "/connector/cert-verification/ssl/wildcard/glob-mismatch/fail", + QUIET, + { S_WOCKY_TLS_CERT_ERROR, WOCKY_TLS_CERT_NAME_MISMATCH, -1 }, + { { TLS, NULL }, + { SERVER_PROBLEM_NO_PROBLEM, { XMPP_PROBLEM_OLD_SSL, OK, OK, OK, OK } }, + { "moose", "something" }, + PORT_XMPP, CERT_WILDCARD }, + { "foo.diesel-juice.org", PORT_XMPP, "thud.org", REACHABLE, UNREACHABLE }, + { TLS_REQUIRED, + { "moose@foo.diesel-juice.org", "something", PLAIN, TLS }, + { NULL, 0, XMPP_V1, OLD_SSL, CERT_CHECK_STRICT, TLS_CA_DIR } } }, + + { "/connector/cert-verification/ssl/bad-wildcard/fail", + QUIET, + { S_WOCKY_TLS_CERT_ERROR, WOCKY_TLS_CERT_NAME_MISMATCH, -1 }, + { { TLS, NULL }, + { SERVER_PROBLEM_NO_PROBLEM, { XMPP_PROBLEM_OLD_SSL, OK, OK, OK, OK } }, + { "moose", "something" }, + PORT_XMPP, CERT_BADWILD }, + { "weasel-juice.org", PORT_XMPP, "thud.org", REACHABLE, UNREACHABLE }, + { TLS_REQUIRED, + { "moose@weasel-juice.org", "something", PLAIN, TLS }, + { NULL, 0, XMPP_V1, OLD_SSL, CERT_CHECK_STRICT, TLS_CA_DIR } } }, + /* ********************************************************************* */ /* certificate non-verification tests */ { "/connector/cert-nonverification/tls/nohost/ok", diff --git a/tests/wocky-test-connector-server.c b/tests/wocky-test-connector-server.c index 9919f9e..c72d923 100644 --- a/tests/wocky-test-connector-server.c +++ b/tests/wocky-test-connector-server.c @@ -82,6 +82,8 @@ static struct { CertSet set; const gchar *key; const gchar *crt; } certs[] = { CERT_UNKNOWN, TLS_UNKNOWN_KEY_FILE, TLS_UNKNOWN_CRT_FILE }, { CERT_SELFSIGN, TLS_SS_KEY_FILE, TLS_SS_CRT_FILE }, { CERT_REVOKED, TLS_REV_KEY_FILE, TLS_REV_CRT_FILE }, + { CERT_WILDCARD, TLS_WILD_KEY_FILE, TLS_WILD_CRT_FILE }, + { CERT_BADWILD, TLS_BADWILD_KEY_FILE, TLS_BADWILD_CRT_FILE }, { CERT_NONE, NULL, NULL } }; struct _TestConnectorServerPrivate diff --git a/tests/wocky-test-connector-server.h b/tests/wocky-test-connector-server.h index 4846a32..2380d97 100644 --- a/tests/wocky-test-connector-server.h +++ b/tests/wocky-test-connector-server.h @@ -119,6 +119,8 @@ typedef enum CERT_UNKNOWN, CERT_SELFSIGN, CERT_REVOKED, + CERT_WILDCARD, + CERT_BADWILD, CERT_NONE, } CertSet; |