diff options
| author | beck <> | 2015-09-11 12:57:24 +0000 |
|---|---|---|
| committer | beck <> | 2015-09-11 12:57:24 +0000 |
| commit | 3bf67a554dd9037e5a46b507f8256bb1a07e7955 (patch) | |
| tree | 81490b911a735fa08d10bb7a65fe0c0ac62d6e27 | |
| parent | 68048eefb0353c6cb686c092af50ba61fca67874 (diff) | |
| download | openbsd-3bf67a554dd9037e5a46b507f8256bb1a07e7955.tar.gz openbsd-3bf67a554dd9037e5a46b507f8256bb1a07e7955.tar.bz2 openbsd-3bf67a554dd9037e5a46b507f8256bb1a07e7955.zip | |
fix verify to allow for servername->name
ok jsing@
| -rw-r--r-- | src/regress/lib/libtls/verify/verifytest.c | 50 |
1 files changed, 25 insertions, 25 deletions
diff --git a/src/regress/lib/libtls/verify/verifytest.c b/src/regress/lib/libtls/verify/verifytest.c index 632cacd271..5f4ac8c111 100644 --- a/src/regress/lib/libtls/verify/verifytest.c +++ b/src/regress/lib/libtls/verify/verifytest.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: verifytest.c,v 1.3 2015/02/22 15:14:32 jsing Exp $ */ | 1 | /* $OpenBSD: verifytest.c,v 1.4 2015/09/11 12:57:24 beck Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -22,81 +22,81 @@ | |||
| 22 | #include <openssl/x509v3.h> | 22 | #include <openssl/x509v3.h> |
| 23 | #include <tls.h> | 23 | #include <tls.h> |
| 24 | 24 | ||
| 25 | extern int tls_check_servername(struct tls *ctx, X509 *cert, const char *name); | 25 | extern int tls_check_name(struct tls *ctx, X509 *cert, const char *name); |
| 26 | 26 | ||
| 27 | struct verify_test { | 27 | struct verify_test { |
| 28 | const char common_name[128]; | 28 | const char common_name[128]; |
| 29 | const char alt_name[128]; | 29 | const char alt_name[128]; |
| 30 | int alt_name_len; | 30 | int alt_name_len; |
| 31 | int alt_name_type; | 31 | int alt_name_type; |
| 32 | const char servername[128]; | 32 | const char name[128]; |
| 33 | int want; | 33 | int want; |
| 34 | }; | 34 | }; |
| 35 | 35 | ||
| 36 | struct verify_test verify_tests[] = { | 36 | struct verify_test verify_tests[] = { |
| 37 | { | 37 | { |
| 38 | .common_name = "www.openbsd.org", | 38 | .common_name = "www.openbsd.org", |
| 39 | .servername = "www.openbsd.org", | 39 | .name = "www.openbsd.org", |
| 40 | .want = 0, | 40 | .want = 0, |
| 41 | }, | 41 | }, |
| 42 | { | 42 | { |
| 43 | .common_name = "www.openbsd.org", | 43 | .common_name = "www.openbsd.org", |
| 44 | .servername = "", | 44 | .name = "", |
| 45 | .want = -1, | 45 | .want = -1, |
| 46 | }, | 46 | }, |
| 47 | { | 47 | { |
| 48 | .common_name = "*.openbsd.org", | 48 | .common_name = "*.openbsd.org", |
| 49 | .servername = "www.openbsd.org", | 49 | .name = "www.openbsd.org", |
| 50 | .want = 0, | 50 | .want = 0, |
| 51 | }, | 51 | }, |
| 52 | { | 52 | { |
| 53 | .common_name = "www.openbsdfoundation.org", | 53 | .common_name = "www.openbsdfoundation.org", |
| 54 | .servername = "www.openbsd.org", | 54 | .name = "www.openbsd.org", |
| 55 | .want = -1, | 55 | .want = -1, |
| 56 | }, | 56 | }, |
| 57 | { | 57 | { |
| 58 | .common_name = "w*.openbsd.org", | 58 | .common_name = "w*.openbsd.org", |
| 59 | .servername = "www.openbsd.org", | 59 | .name = "www.openbsd.org", |
| 60 | .want = -1, | 60 | .want = -1, |
| 61 | }, | 61 | }, |
| 62 | { | 62 | { |
| 63 | .common_name = "www.*.org", | 63 | .common_name = "www.*.org", |
| 64 | .servername = "www.openbsd.org", | 64 | .name = "www.openbsd.org", |
| 65 | .want = -1, | 65 | .want = -1, |
| 66 | }, | 66 | }, |
| 67 | { | 67 | { |
| 68 | .common_name = "www.openbsd.*", | 68 | .common_name = "www.openbsd.*", |
| 69 | .servername = "www.openbsd.org", | 69 | .name = "www.openbsd.org", |
| 70 | .want = -1, | 70 | .want = -1, |
| 71 | }, | 71 | }, |
| 72 | { | 72 | { |
| 73 | .common_name = "*", | 73 | .common_name = "*", |
| 74 | .servername = "www.openbsd.org", | 74 | .name = "www.openbsd.org", |
| 75 | .want = -1, | 75 | .want = -1, |
| 76 | }, | 76 | }, |
| 77 | { | 77 | { |
| 78 | .common_name = "*.org", | 78 | .common_name = "*.org", |
| 79 | .servername = "www.openbsd.org", | 79 | .name = "www.openbsd.org", |
| 80 | .want = -1, | 80 | .want = -1, |
| 81 | }, | 81 | }, |
| 82 | { | 82 | { |
| 83 | .common_name = "*.org", | 83 | .common_name = "*.org", |
| 84 | .servername = "openbsd.org", | 84 | .name = "openbsd.org", |
| 85 | .want = -1, | 85 | .want = -1, |
| 86 | }, | 86 | }, |
| 87 | { | 87 | { |
| 88 | .common_name = "1.2.3.4", | 88 | .common_name = "1.2.3.4", |
| 89 | .servername = "1.2.3.4", | 89 | .name = "1.2.3.4", |
| 90 | .want = 0, | 90 | .want = 0, |
| 91 | }, | 91 | }, |
| 92 | { | 92 | { |
| 93 | .common_name = "*.2.3.4", | 93 | .common_name = "*.2.3.4", |
| 94 | .servername = "1.2.3.4", | 94 | .name = "1.2.3.4", |
| 95 | .want = -1, | 95 | .want = -1, |
| 96 | }, | 96 | }, |
| 97 | { | 97 | { |
| 98 | .common_name = "cafe::beef", | 98 | .common_name = "cafe::beef", |
| 99 | .servername = "cafe::beef", | 99 | .name = "cafe::beef", |
| 100 | .want = 0, | 100 | .want = 0, |
| 101 | }, | 101 | }, |
| 102 | { | 102 | { |
| @@ -104,7 +104,7 @@ struct verify_test verify_tests[] = { | |||
| 104 | .alt_name = "ftp.openbsd.org", | 104 | .alt_name = "ftp.openbsd.org", |
| 105 | .alt_name_len = -1, | 105 | .alt_name_len = -1, |
| 106 | .alt_name_type = GEN_DNS, | 106 | .alt_name_type = GEN_DNS, |
| 107 | .servername = "ftp.openbsd.org", | 107 | .name = "ftp.openbsd.org", |
| 108 | .want = 0, | 108 | .want = 0, |
| 109 | }, | 109 | }, |
| 110 | { | 110 | { |
| @@ -112,7 +112,7 @@ struct verify_test verify_tests[] = { | |||
| 112 | .alt_name = "*.openbsd.org", | 112 | .alt_name = "*.openbsd.org", |
| 113 | .alt_name_len = -1, | 113 | .alt_name_len = -1, |
| 114 | .alt_name_type = GEN_DNS, | 114 | .alt_name_type = GEN_DNS, |
| 115 | .servername = "www.openbsd.org", | 115 | .name = "www.openbsd.org", |
| 116 | .want = 0, | 116 | .want = 0, |
| 117 | }, | 117 | }, |
| 118 | { | 118 | { |
| @@ -120,7 +120,7 @@ struct verify_test verify_tests[] = { | |||
| 120 | .alt_name = "*.org", | 120 | .alt_name = "*.org", |
| 121 | .alt_name_len = -1, | 121 | .alt_name_len = -1, |
| 122 | .alt_name_type = GEN_DNS, | 122 | .alt_name_type = GEN_DNS, |
| 123 | .servername = "www.openbsd.org", | 123 | .name = "www.openbsd.org", |
| 124 | .want = -1, | 124 | .want = -1, |
| 125 | }, | 125 | }, |
| 126 | { | 126 | { |
| @@ -128,7 +128,7 @@ struct verify_test verify_tests[] = { | |||
| 128 | .alt_name = "1.2.3.4", | 128 | .alt_name = "1.2.3.4", |
| 129 | .alt_name_len = -1, | 129 | .alt_name_len = -1, |
| 130 | .alt_name_type = GEN_DNS, | 130 | .alt_name_type = GEN_DNS, |
| 131 | .servername = "1.2.3.4", | 131 | .name = "1.2.3.4", |
| 132 | .want = -1, | 132 | .want = -1, |
| 133 | }, | 133 | }, |
| 134 | { | 134 | { |
| @@ -136,7 +136,7 @@ struct verify_test verify_tests[] = { | |||
| 136 | .alt_name = {0x1, 0x2, 0x3, 0x4}, | 136 | .alt_name = {0x1, 0x2, 0x3, 0x4}, |
| 137 | .alt_name_len = 4, | 137 | .alt_name_len = 4, |
| 138 | .alt_name_type = GEN_IPADD, | 138 | .alt_name_type = GEN_IPADD, |
| 139 | .servername = "1.2.3.4", | 139 | .name = "1.2.3.4", |
| 140 | .want = 0, | 140 | .want = 0, |
| 141 | }, | 141 | }, |
| 142 | { | 142 | { |
| @@ -147,7 +147,7 @@ struct verify_test verify_tests[] = { | |||
| 147 | }, | 147 | }, |
| 148 | .alt_name_len = 16, | 148 | .alt_name_len = 16, |
| 149 | .alt_name_type = GEN_IPADD, | 149 | .alt_name_type = GEN_IPADD, |
| 150 | .servername = "cafe::beef", | 150 | .name = "cafe::beef", |
| 151 | .want = 0, | 151 | .want = 0, |
| 152 | }, | 152 | }, |
| 153 | }; | 153 | }; |
| @@ -213,10 +213,10 @@ do_verify_test(int test_no, struct verify_test *vt) | |||
| 213 | sk_GENERAL_NAME_pop_free(alt_name_stack, GENERAL_NAME_free); | 213 | sk_GENERAL_NAME_pop_free(alt_name_stack, GENERAL_NAME_free); |
| 214 | } | 214 | } |
| 215 | 215 | ||
| 216 | if (tls_check_servername(tls, cert, vt->servername) != vt->want) { | 216 | if (tls_check_name(tls, cert, vt->name) != vt->want) { |
| 217 | fprintf(stderr, "FAIL: test %i failed with common name " | 217 | fprintf(stderr, "FAIL: test %i failed with common name " |
| 218 | "'%s', alt name '%s' and servername '%s'\n", test_no, | 218 | "'%s', alt name '%s' and name '%s'\n", test_no, |
| 219 | vt->common_name, vt->alt_name, vt->servername); | 219 | vt->common_name, vt->alt_name, vt->name); |
| 220 | return (1); | 220 | return (1); |
| 221 | } | 221 | } |
| 222 | 222 | ||