diff options
| author | Christian Heimes <christian@python.org> | 2021-03-30 12:02:42 +0200 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2021-05-21 11:01:16 +0200 |
| commit | fdb4cbd20f50e60fc266d9de4b83890e995d3502 (patch) | |
| tree | 8759ef655b3de395d6e0e1b482575e6646856a9f /test | |
| parent | 7e12c2b3d9ccf97186e4d2cb27aafb084c893ce5 (diff) | |
Inherit hostflags verify params even without hosts
X509_VERIFY_PARAM_inherit() now copies hostflags independently of hosts.
Previously hostflags were only copied when at least one host was set.
Typically applications don't configure hosts on SSL_CTX. The change
enables applications to configure hostflags on SSL_CTX and have OpenSSL
copy the flags from SSL_CTX to SSL.
Fixes: https://github.com/openssl/openssl/issues/14579
Signed-off-by: Christian Heimes <christian@python.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14856)
Diffstat (limited to 'test')
| -rw-r--r-- | test/sslapitest.c | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/test/sslapitest.c b/test/sslapitest.c index b866135065..7ae8b0638a 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -17,6 +17,7 @@ #include <openssl/srp.h> #include <openssl/txt_db.h> #include <openssl/aes.h> +#include <openssl/x509v3.h> #include "ssltestlib.h" #include "testutil.h" @@ -6787,6 +6788,47 @@ end: return testresult; } +static int test_inherit_verify_param(void) +{ + int testresult = 0; + + SSL_CTX *ctx = NULL; + X509_VERIFY_PARAM *cp = NULL; + SSL *ssl = NULL; + X509_VERIFY_PARAM *sp = NULL; + int hostflags = X509_CHECK_FLAG_NEVER_CHECK_SUBJECT; + + ctx = SSL_CTX_new(TLS_server_method()); + if (!TEST_ptr(ctx)) + goto end; + + cp = SSL_CTX_get0_param(ctx); + if (!TEST_ptr(cp)) + goto end; + if (!TEST_int_eq(X509_VERIFY_PARAM_get_hostflags(cp), 0)) + goto end; + + X509_VERIFY_PARAM_set_hostflags(cp, hostflags); + + ssl = SSL_new(ctx); + if (!TEST_ptr(ssl)) + goto end; + + sp = SSL_get0_param(ssl); + if (!TEST_ptr(sp)) + goto end; + if (!TEST_int_eq(X509_VERIFY_PARAM_get_hostflags(sp), hostflags)) + goto end; + + testresult = 1; + + end: + SSL_free(ssl); + SSL_CTX_free(ctx); + + return testresult; +} + int setup_tests(void) { if (!TEST_ptr(certsdir = test_get_argument(0)) @@ -6914,6 +6956,7 @@ int setup_tests(void) ADD_TEST(test_sni_tls13); #endif ADD_TEST(test_set_alpn); + ADD_TEST(test_inherit_verify_param); return 1; } |