aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/lib/cert/x509/x509path.cpp3
-rw-r--r--src/tests/unit_tls.cpp72
-rw-r--r--src/tests/unit_x509.cpp2
3 files changed, 48 insertions, 29 deletions
diff --git a/src/lib/cert/x509/x509path.cpp b/src/lib/cert/x509/x509path.cpp
index c1b68e72d..e8e44f653 100644
--- a/src/lib/cert/x509/x509path.cpp
+++ b/src/lib/cert/x509/x509path.cpp
@@ -171,7 +171,8 @@ check_chain(const std::vector<X509_Certificate>& cert_path,
if(!crl_p)
{
- status.insert(Certificate_Status_Code::NO_REVOCATION_DATA);
+ if(restrictions.require_revocation_information())
+ status.insert(Certificate_Status_Code::NO_REVOCATION_DATA);
continue;
}
diff --git a/src/tests/unit_tls.cpp b/src/tests/unit_tls.cpp
index af3627217..875fe8a48 100644
--- a/src/tests/unit_tls.cpp
+++ b/src/tests/unit_tls.cpp
@@ -136,33 +136,20 @@ Credentials_Manager* create_creds(RandomNumberGenerator& rng)
return new Credentials_Manager_Test(server_cert, ca_cert, server_key);
}
-
-size_t test_handshake()
+size_t basic_test_handshake(RandomNumberGenerator& rng,
+ TLS::Protocol_Version offer_version,
+ Credentials_Manager& creds,
+ TLS::Policy& policy)
{
- AutoSeeded_RNG rng;
- TLS::Policy default_policy;
-
- std::auto_ptr<Credentials_Manager> creds(create_creds(rng));
-
TLS::Session_Manager_In_Memory server_sessions(rng);
TLS::Session_Manager_In_Memory client_sessions(rng);
std::vector<byte> c2s_q, s2c_q, c2s_data, s2c_data;
- auto handshake_complete = [](const TLS::Session& session) -> bool
+ auto handshake_complete = [&](const TLS::Session& session) -> bool
{
- if(false)
- {
- std::cout << "Handshake complete, " << session.version().to_string()
- << " using " << session.ciphersuite().to_string() << "\n";
-
- if(!session.session_id().empty())
- std::cout << "Session ID " << hex_encode(session.session_id()) << "\n";
-
- if(!session.session_ticket().empty())
- std::cout << "Session ticket " << hex_encode(session.session_ticket()) << "\n";
- }
-
+ if(session.version() != offer_version)
+ std::cout << "Wrong version negotiated\n";
return true;
};
@@ -188,9 +175,18 @@ size_t test_handshake()
print_alert,
handshake_complete,
server_sessions,
- *creds,
- default_policy,
- rng);
+ creds,
+ policy,
+ rng,
+ { "test/1", "test/2" });
+
+ auto next_protocol_chooser = [&](std::vector<std::string> protos) {
+ if(protos.size() != 2)
+ std::cout << "Bad protocol size\n";
+ if(protos[0] != "test/1" || protos[1] != "test/2")
+ std::cout << "Bad protocol values\n";
+ return "test/3";
+ };
TLS::Client client([&](const byte buf[], size_t sz)
{ c2s_q.insert(c2s_q.end(), buf, buf+sz); },
@@ -198,16 +194,23 @@ size_t test_handshake()
print_alert,
handshake_complete,
client_sessions,
- *creds,
- default_policy,
- rng);
+ creds,
+ policy,
+ rng,
+ TLS::Server_Information(),
+ offer_version,
+ next_protocol_chooser);
while(true)
{
if(client.is_active())
client.send("1");
if(server.is_active())
+ {
+ if(server.next_protocol() != "test/3")
+ std::cout << "Wrong protocol " << server.next_protocol() << "\n";
server.send("2");
+ }
/*
* Use this as a temp value to hold the queues as otherwise they
@@ -265,13 +268,28 @@ size_t test_handshake()
return 0;
}
+class Test_Policy : public TLS::Policy
+ {
+ public:
+ bool acceptable_protocol_version(TLS::Protocol_Version) const { return true; }
+ };
+
}
size_t test_tls()
{
size_t errors = 0;
- errors += test_handshake();
+ Test_Policy default_policy;
+ AutoSeeded_RNG rng;
+ std::auto_ptr<Credentials_Manager> basic_creds(create_creds(rng));
+
+ errors += basic_test_handshake(rng, TLS::Protocol_Version::SSL_V3, *basic_creds, default_policy);
+ errors += basic_test_handshake(rng, TLS::Protocol_Version::TLS_V10, *basic_creds, default_policy);
+ errors += basic_test_handshake(rng, TLS::Protocol_Version::TLS_V11, *basic_creds, default_policy);
+ errors += basic_test_handshake(rng, TLS::Protocol_Version::TLS_V12, *basic_creds, default_policy);
+
+ test_report("TLS", 4, errors);
return errors;
}
diff --git a/src/tests/unit_x509.cpp b/src/tests/unit_x509.cpp
index a6d6f98de..dd681c894 100644
--- a/src/tests/unit_x509.cpp
+++ b/src/tests/unit_x509.cpp
@@ -182,7 +182,7 @@ size_t test_x509()
store.add_certificate(ca_cert);
- Path_Validation_Restrictions restrictions;
+ Path_Validation_Restrictions restrictions(false);
Path_Validation_Result result_u1 = x509_path_validate(user1_cert, restrictions, store);
if(!result_u1.successful_validation())