summaryrefslogtreecommitdiff
path: root/src/regress/lib/libssl
diff options
context:
space:
mode:
authortb <>2023-05-24 08:54:59 +0000
committertb <>2023-05-24 08:54:59 +0000
commit61c81a83de1329c6eec47a61f17e68b7c5a335f9 (patch)
tree4af95fd970f26f3389693ed73c570d428a1f9675 /src/regress/lib/libssl
parent6ba3c246f09904342136fa7405a22d78b3db14ae (diff)
downloadopenbsd-61c81a83de1329c6eec47a61f17e68b7c5a335f9.tar.gz
openbsd-61c81a83de1329c6eec47a61f17e68b7c5a335f9.tar.bz2
openbsd-61c81a83de1329c6eec47a61f17e68b7c5a335f9.zip
Add a test to verify that an SSL inherits the hostflags from the SSL_CTX
This is currently an expected failure that will be fixed shortly.
Diffstat (limited to 'src/regress/lib/libssl')
-rw-r--r--src/regress/lib/libssl/unit/Makefile7
-rw-r--r--src/regress/lib/libssl/unit/ssl_verify_param.c99
2 files changed, 105 insertions, 1 deletions
diff --git a/src/regress/lib/libssl/unit/Makefile b/src/regress/lib/libssl/unit/Makefile
index 191aadf2bb..413307b7a0 100644
--- a/src/regress/lib/libssl/unit/Makefile
+++ b/src/regress/lib/libssl/unit/Makefile
@@ -1,9 +1,10 @@
1# $OpenBSD: Makefile,v 1.14 2022/12/02 01:15:11 tb Exp $ 1# $OpenBSD: Makefile,v 1.15 2023/05/24 08:54:59 tb Exp $
2 2
3PROGS += cipher_list 3PROGS += cipher_list
4PROGS += ssl_get_shared_ciphers 4PROGS += ssl_get_shared_ciphers
5PROGS += ssl_methods 5PROGS += ssl_methods
6PROGS += ssl_set_alpn_protos 6PROGS += ssl_set_alpn_protos
7PROGS += ssl_verify_param
7PROGS += ssl_versions 8PROGS += ssl_versions
8PROGS += tls_ext_alpn 9PROGS += tls_ext_alpn
9PROGS += tls_prf 10PROGS += tls_prf
@@ -15,4 +16,8 @@ CFLAGS+= -DLIBRESSL_INTERNAL -Wall -Wundef -Werror
15CFLAGS+= -DCERTSDIR=\"${.CURDIR}/../certs\" 16CFLAGS+= -DCERTSDIR=\"${.CURDIR}/../certs\"
16CFLAGS+= -I${.CURDIR}/../../../../lib/libssl 17CFLAGS+= -I${.CURDIR}/../../../../lib/libssl
17 18
19LDADD_ssl_verify_param = ${LIBSSL} ${CRYPTO_INT}
20
21REGRESS_EXPECTED_FAILURES+= run-regress-ssl_verify_param
22
18.include <bsd.regress.mk> 23.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/unit/ssl_verify_param.c b/src/regress/lib/libssl/unit/ssl_verify_param.c
new file mode 100644
index 0000000000..cdb52c56a8
--- /dev/null
+++ b/src/regress/lib/libssl/unit/ssl_verify_param.c
@@ -0,0 +1,99 @@
1/* $OpenBSD: ssl_verify_param.c,v 1.1 2023/05/24 08:54:59 tb Exp $ */
2
3/*
4 * Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
5 *
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 */
18
19#include <err.h>
20#include <stdio.h>
21
22#include <openssl/ssl.h>
23#include <openssl/x509v3.h>
24
25unsigned int X509_VERIFY_PARAM_get_hostflags(X509_VERIFY_PARAM *param);
26
27static int
28ssl_verify_param_flags_inherited(void)
29{
30 SSL_CTX *ssl_ctx = NULL;
31 SSL *ssl = NULL;
32 X509_VERIFY_PARAM *param;
33 unsigned int defaultflags = 0;
34 unsigned int newflags = X509_CHECK_FLAG_NEVER_CHECK_SUBJECT;
35 unsigned int flags;
36 int failed = 1;
37
38 if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL)
39 errx(1, "SSL_CTX_new");
40
41 if ((param = SSL_CTX_get0_param(ssl_ctx)) == NULL) {
42 fprintf(stderr, "FAIL: no verify param on ssl_ctx\n");
43 goto failure;
44 }
45
46 if ((flags = X509_VERIFY_PARAM_get_hostflags(param)) != defaultflags) {
47 fprintf(stderr, "FAIL: SSL_CTX default hostflags, "
48 "want: %x, got: %x\n", defaultflags, flags);
49 goto failure;
50 }
51
52 X509_VERIFY_PARAM_set_hostflags(param, newflags);
53
54 if ((flags = X509_VERIFY_PARAM_get_hostflags(param)) != newflags) {
55 fprintf(stderr, "FAIL: SSL_CTX new hostflags, "
56 "want: %x, got: %x\n", newflags, flags);
57 goto failure;
58 }
59
60 if ((ssl = SSL_new(ssl_ctx)) == NULL)
61 errx(1, "SSL_new");
62
63 if ((param = SSL_get0_param(ssl)) == NULL) {
64 fprintf(stderr, "FAIL: no verify param on ssl\n");
65 goto failure;
66 }
67
68 if ((flags = X509_VERIFY_PARAM_get_hostflags(param)) != newflags) {
69 fprintf(stderr, "FAIL: SSL inherited hostflags, "
70 "want: %x, got: %x\n", newflags, flags);
71 goto failure;
72 }
73
74 SSL_set_hostflags(ssl, defaultflags);
75
76 if ((flags = X509_VERIFY_PARAM_get_hostflags(param)) != defaultflags) {
77 fprintf(stderr, "FAIL: SSL set hostflags, "
78 "want: %x, got: %x\n", defaultflags, flags);
79 goto failure;
80 }
81
82 failed = 0;
83
84 failure:
85 SSL_CTX_free(ssl_ctx);
86 SSL_free(ssl);
87
88 return failed;
89}
90
91int
92main(void)
93{
94 int failed = 0;
95
96 failed |= ssl_verify_param_flags_inherited();
97
98 return failed;
99}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-17 20:50:34 +0000