diff options
| author | Rob Percival <robpercival@google.com> | 2016-06-07 17:56:02 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2016-06-20 11:54:56 +0100 |
| commit | 876a1a83adb926303c0b3e602e1fb44be6020a44 (patch) | |
| tree | 7ed8fa04ae5e42442e7c5bb02ee073e4cdc63480 /test/ct_test.c | |
| parent | 4fc31f7583596e326fdb09b5d08133d2b2fac01b (diff) | |
Tests should check validation status directly
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Diffstat (limited to 'test/ct_test.c')
| -rw-r--r-- | test/ct_test.c | 92 |
1 files changed, 47 insertions, 45 deletions
diff --git a/test/ct_test.c b/test/ct_test.c index c42391c682..8cc97e25ff 100644 --- a/test/ct_test.c +++ b/test/ct_test.c @@ -223,6 +223,51 @@ end: return result; } +static int assert_validity(CT_TEST_FIXTURE fixture, + STACK_OF(SCT) *scts, + CT_POLICY_EVAL_CTX *policy_ctx) { + int invalid_sct_count = 0; + int valid_sct_count = 0; + int i; + + if (SCT_LIST_validate(scts, policy_ctx) < 0) { + fprintf(stderr, "Error verifying SCTs\n"); + return 0; + } + + for (i = 0; i < sk_SCT_num(scts); ++i) { + SCT *sct_i = sk_SCT_value(scts, i); + switch (SCT_get_validation_status(sct_i)) { + case SCT_VALIDATION_STATUS_VALID: + ++valid_sct_count; + break; + case SCT_VALIDATION_STATUS_INVALID: + ++invalid_sct_count; + break; + default: + /* Ignore other validation statuses. */ + break; + } + } + + if (valid_sct_count != fixture.expected_sct_count) { + int unverified_sct_count = sk_SCT_num(scts) - + invalid_sct_count - valid_sct_count; + + fprintf(stderr, + "%d SCTs failed verification\n" + "%d SCTs passed verification (%d expected)\n" + "%d SCTs were unverified\n", + invalid_sct_count, + valid_sct_count, + fixture.expected_sct_count, + unverified_sct_count); + return 0; + } + + return 1; +} + static int execute_cert_test(CT_TEST_FIXTURE fixture) { int success = 0; @@ -293,7 +338,6 @@ static int execute_cert_test(CT_TEST_FIXTURE fixture) } if (fixture.test_validity) { - int are_scts_validated = 0; int i; scts = X509V3_EXT_d2i(sct_extension); @@ -307,44 +351,8 @@ static int execute_cert_test(CT_TEST_FIXTURE fixture) } } - are_scts_validated = SCT_LIST_validate(scts, ct_policy_ctx); - if (are_scts_validated < 0) { - fprintf(stderr, "Error verifying SCTs\n"); - goto end; - } else if (!are_scts_validated) { - int invalid_sct_count = 0; - int valid_sct_count = 0; - - for (i = 0; i < sk_SCT_num(scts); ++i) { - SCT *sct_i = sk_SCT_value(scts, i); - switch (SCT_get_validation_status(sct_i)) { - case SCT_VALIDATION_STATUS_VALID: - ++valid_sct_count; - break; - case SCT_VALIDATION_STATUS_INVALID: - ++invalid_sct_count; - break; - default: - /* Ignore other validation statuses. */ - break; - } - } - - if (valid_sct_count != fixture.expected_sct_count) { - int unverified_sct_count = sk_SCT_num(scts) - - invalid_sct_count - valid_sct_count; - - fprintf(stderr, - "%d SCTs failed verification\n" - "%d SCTs passed verification (%d expected)\n" - "%d SCTs were unverified\n", - invalid_sct_count, - valid_sct_count, - fixture.expected_sct_count, - unverified_sct_count); - } + if (!assert_validity(fixture, scts, ct_policy_ctx)) goto end; - } } } else if (sct_extension != NULL) { fprintf(stderr, @@ -362,14 +370,8 @@ static int execute_cert_test(CT_TEST_FIXTURE fixture) } if (fixture.test_validity && cert != NULL) { - int is_sct_validated = SCT_validate(sct, ct_policy_ctx); - if (is_sct_validated < 0) { - fprintf(stderr, "Error validating SCT\n"); + if (!assert_validity(fixture, scts, ct_policy_ctx)) goto end; - } else if (!is_sct_validated) { - fprintf(stderr, "SCT failed verification\n"); - goto end; - } } if (fixture.sct_text_file |