diff options
| author | Hugo Landau <hlandau@openssl.org> | 2022-04-04 14:36:20 +0100 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2022-04-06 18:21:11 +0200 |
| commit | 948cf521798a801cfde47a137343e6f958d71f04 (patch) | |
| tree | 5e73fc3f59569d876d98ffeacebc3427d805a104 /test | |
| parent | ed7c64fc540c5808efe4092465af1147c76555a1 (diff) | |
Add SSL_(CTX_)?get0_(verify|chain)_cert_store functions
Currently we do not have any way to retrieve these values once set.
Fixes #18035.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18038)
Diffstat (limited to 'test')
| -rw-r--r-- | test/sslapitest.c | 168 |
1 files changed, 168 insertions, 0 deletions
diff --git a/test/sslapitest.c b/test/sslapitest.c index b95d6201ed..a490961d80 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -9541,6 +9541,172 @@ end: return testresult; } +/* + * Test SSL_CTX_set1_verify/chain_cert_store and SSL_CTX_get_verify/chain_cert_store. + */ +static int test_set_verify_cert_store_ssl_ctx(void) +{ + SSL_CTX *ctx = NULL; + int testresult = 0; + X509_STORE *store = NULL, *new_store = NULL, + *cstore = NULL, *new_cstore = NULL; + + /* Create an initial SSL_CTX. */ + ctx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method()); + if (!TEST_ptr(ctx)) + goto end; + + /* Retrieve verify store pointer. */ + if (!TEST_true(SSL_CTX_get0_verify_cert_store(ctx, &store))) + goto end; + + /* Retrieve chain store pointer. */ + if (!TEST_true(SSL_CTX_get0_chain_cert_store(ctx, &cstore))) + goto end; + + /* We haven't set any yet, so this should be NULL. */ + if (!TEST_ptr_null(store) || !TEST_ptr_null(cstore)) + goto end; + + /* Create stores. We use separate stores so pointers are different. */ + new_store = X509_STORE_new(); + if (!TEST_ptr(new_store)) + goto end; + + new_cstore = X509_STORE_new(); + if (!TEST_ptr(new_cstore)) + goto end; + + /* Set stores. */ + if (!TEST_true(SSL_CTX_set1_verify_cert_store(ctx, new_store))) + goto end; + + if (!TEST_true(SSL_CTX_set1_chain_cert_store(ctx, new_cstore))) + goto end; + + /* Should be able to retrieve the same pointer. */ + if (!TEST_true(SSL_CTX_get0_verify_cert_store(ctx, &store))) + goto end; + + if (!TEST_true(SSL_CTX_get0_chain_cert_store(ctx, &cstore))) + goto end; + + if (!TEST_ptr_eq(store, new_store) || !TEST_ptr_eq(cstore, new_cstore)) + goto end; + + /* Should be able to unset again. */ + if (!TEST_true(SSL_CTX_set1_verify_cert_store(ctx, NULL))) + goto end; + + if (!TEST_true(SSL_CTX_set1_chain_cert_store(ctx, NULL))) + goto end; + + /* Should now be NULL. */ + if (!TEST_true(SSL_CTX_get0_verify_cert_store(ctx, &store))) + goto end; + + if (!TEST_true(SSL_CTX_get0_chain_cert_store(ctx, &cstore))) + goto end; + + if (!TEST_ptr_null(store) || !TEST_ptr_null(cstore)) + goto end; + + testresult = 1; + +end: + X509_STORE_free(new_store); + X509_STORE_free(new_cstore); + SSL_CTX_free(ctx); + return testresult; +} + +/* + * Test SSL_set1_verify/chain_cert_store and SSL_get_verify/chain_cert_store. + */ +static int test_set_verify_cert_store_ssl(void) +{ + SSL_CTX *ctx = NULL; + SSL *ssl = NULL; + int testresult = 0; + X509_STORE *store = NULL, *new_store = NULL, + *cstore = NULL, *new_cstore = NULL; + + /* Create an initial SSL_CTX. */ + ctx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method()); + if (!TEST_ptr(ctx)) + goto end; + + /* Create an SSL object. */ + ssl = SSL_new(ctx); + if (!TEST_ptr(ssl)) + goto end; + + /* Retrieve verify store pointer. */ + if (!TEST_true(SSL_get0_verify_cert_store(ssl, &store))) + goto end; + + /* Retrieve chain store pointer. */ + if (!TEST_true(SSL_get0_chain_cert_store(ssl, &cstore))) + goto end; + + /* We haven't set any yet, so this should be NULL. */ + if (!TEST_ptr_null(store) || !TEST_ptr_null(cstore)) + goto end; + + /* Create stores. We use separate stores so pointers are different. */ + new_store = X509_STORE_new(); + if (!TEST_ptr(new_store)) + goto end; + + new_cstore = X509_STORE_new(); + if (!TEST_ptr(new_cstore)) + goto end; + + /* Set stores. */ + if (!TEST_true(SSL_set1_verify_cert_store(ssl, new_store))) + goto end; + + if (!TEST_true(SSL_set1_chain_cert_store(ssl, new_cstore))) + goto end; + + /* Should be able to retrieve the same pointer. */ + if (!TEST_true(SSL_get0_verify_cert_store(ssl, &store))) + goto end; + + if (!TEST_true(SSL_get0_chain_cert_store(ssl, &cstore))) + goto end; + + if (!TEST_ptr_eq(store, new_store) || !TEST_ptr_eq(cstore, new_cstore)) + goto end; + + /* Should be able to unset again. */ + if (!TEST_true(SSL_set1_verify_cert_store(ssl, NULL))) + goto end; + + if (!TEST_true(SSL_set1_chain_cert_store(ssl, NULL))) + goto end; + + /* Should now be NULL. */ + if (!TEST_true(SSL_get0_verify_cert_store(ssl, &store))) + goto end; + + if (!TEST_true(SSL_get0_chain_cert_store(ssl, &cstore))) + goto end; + + if (!TEST_ptr_null(store) || !TEST_ptr_null(cstore)) + goto end; + + testresult = 1; + +end: + X509_STORE_free(new_store); + X509_STORE_free(new_cstore); + SSL_free(ssl); + SSL_CTX_free(ctx); + return testresult; +} + + static int test_inherit_verify_param(void) { int testresult = 0; @@ -9842,6 +10008,8 @@ int setup_tests(void) #endif ADD_TEST(test_inherit_verify_param); ADD_TEST(test_set_alpn); + ADD_TEST(test_set_verify_cert_store_ssl_ctx); + ADD_TEST(test_set_verify_cert_store_ssl); ADD_ALL_TESTS(test_session_timeout, 1); return 1; |