diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/lib/cert/x509/x509path.cpp | 3 | ||||
-rw-r--r-- | src/tests/unit_tls.cpp | 72 | ||||
-rw-r--r-- | src/tests/unit_x509.cpp | 2 |
3 files changed, 48 insertions, 29 deletions
diff --git a/src/lib/cert/x509/x509path.cpp b/src/lib/cert/x509/x509path.cpp index c1b68e72d..e8e44f653 100644 --- a/src/lib/cert/x509/x509path.cpp +++ b/src/lib/cert/x509/x509path.cpp @@ -171,7 +171,8 @@ check_chain(const std::vector<X509_Certificate>& cert_path, if(!crl_p) { - status.insert(Certificate_Status_Code::NO_REVOCATION_DATA); + if(restrictions.require_revocation_information()) + status.insert(Certificate_Status_Code::NO_REVOCATION_DATA); continue; } diff --git a/src/tests/unit_tls.cpp b/src/tests/unit_tls.cpp index af3627217..875fe8a48 100644 --- a/src/tests/unit_tls.cpp +++ b/src/tests/unit_tls.cpp @@ -136,33 +136,20 @@ Credentials_Manager* create_creds(RandomNumberGenerator& rng) return new Credentials_Manager_Test(server_cert, ca_cert, server_key); } - -size_t test_handshake() +size_t basic_test_handshake(RandomNumberGenerator& rng, + TLS::Protocol_Version offer_version, + Credentials_Manager& creds, + TLS::Policy& policy) { - AutoSeeded_RNG rng; - TLS::Policy default_policy; - - std::auto_ptr<Credentials_Manager> creds(create_creds(rng)); - TLS::Session_Manager_In_Memory server_sessions(rng); TLS::Session_Manager_In_Memory client_sessions(rng); std::vector<byte> c2s_q, s2c_q, c2s_data, s2c_data; - auto handshake_complete = [](const TLS::Session& session) -> bool + auto handshake_complete = [&](const TLS::Session& session) -> bool { - if(false) - { - std::cout << "Handshake complete, " << session.version().to_string() - << " using " << session.ciphersuite().to_string() << "\n"; - - if(!session.session_id().empty()) - std::cout << "Session ID " << hex_encode(session.session_id()) << "\n"; - - if(!session.session_ticket().empty()) - std::cout << "Session ticket " << hex_encode(session.session_ticket()) << "\n"; - } - + if(session.version() != offer_version) + std::cout << "Wrong version negotiated\n"; return true; }; @@ -188,9 +175,18 @@ size_t test_handshake() print_alert, handshake_complete, server_sessions, - *creds, - default_policy, - rng); + creds, + policy, + rng, + { "test/1", "test/2" }); + + auto next_protocol_chooser = [&](std::vector<std::string> protos) { + if(protos.size() != 2) + std::cout << "Bad protocol size\n"; + if(protos[0] != "test/1" || protos[1] != "test/2") + std::cout << "Bad protocol values\n"; + return "test/3"; + }; TLS::Client client([&](const byte buf[], size_t sz) { c2s_q.insert(c2s_q.end(), buf, buf+sz); }, @@ -198,16 +194,23 @@ size_t test_handshake() print_alert, handshake_complete, client_sessions, - *creds, - default_policy, - rng); + creds, + policy, + rng, + TLS::Server_Information(), + offer_version, + next_protocol_chooser); while(true) { if(client.is_active()) client.send("1"); if(server.is_active()) + { + if(server.next_protocol() != "test/3") + std::cout << "Wrong protocol " << server.next_protocol() << "\n"; server.send("2"); + } /* * Use this as a temp value to hold the queues as otherwise they @@ -265,13 +268,28 @@ size_t test_handshake() return 0; } +class Test_Policy : public TLS::Policy + { + public: + bool acceptable_protocol_version(TLS::Protocol_Version) const { return true; } + }; + } size_t test_tls() { size_t errors = 0; - errors += test_handshake(); + Test_Policy default_policy; + AutoSeeded_RNG rng; + std::auto_ptr<Credentials_Manager> basic_creds(create_creds(rng)); + + errors += basic_test_handshake(rng, TLS::Protocol_Version::SSL_V3, *basic_creds, default_policy); + errors += basic_test_handshake(rng, TLS::Protocol_Version::TLS_V10, *basic_creds, default_policy); + errors += basic_test_handshake(rng, TLS::Protocol_Version::TLS_V11, *basic_creds, default_policy); + errors += basic_test_handshake(rng, TLS::Protocol_Version::TLS_V12, *basic_creds, default_policy); + + test_report("TLS", 4, errors); return errors; } diff --git a/src/tests/unit_x509.cpp b/src/tests/unit_x509.cpp index a6d6f98de..dd681c894 100644 --- a/src/tests/unit_x509.cpp +++ b/src/tests/unit_x509.cpp @@ -182,7 +182,7 @@ size_t test_x509() store.add_certificate(ca_cert); - Path_Validation_Restrictions restrictions; + Path_Validation_Restrictions restrictions(false); Path_Validation_Result result_u1 = x509_path_validate(user1_cert, restrictions, store); if(!result_u1.successful_validation()) |