1 files changed, 57 insertions, 0 deletions

diff --git a/test/ssl_test.c b/test/ssl_test.c
index 948eb17d78..387f3a6557 100644
--- a/test/ssl_test.c
+++ b/test/ssl_test.c
@@ -255,6 +255,62 @@ static int check_client_sign_type(HANDSHAKE_RESULT *result,
                      result->client_sign_type);
 }
 
+static void print_ca_names(STACK_OF(X509_NAME) *names)
+{
+    BIO *err;
+    int i;
+
+    if (names == NULL || sk_X509_NAME_num(names) == 0) {
+        fprintf(stderr, "    <empty>\n");
+        return;
+    }
+    err = BIO_new_fp(stderr, BIO_NOCLOSE);
+    for (i = 0; i < sk_X509_NAME_num(names); i++) {
+        X509_NAME_print_ex(err, sk_X509_NAME_value(names, i), 4,
+                           XN_FLAG_ONELINE);
+        BIO_puts(err, "\n");
+    }
+    BIO_free(err);
+}
+
+static int check_ca_names(const char *name,
+                          STACK_OF(X509_NAME) *expected_names,
+                          STACK_OF(X509_NAME) *names)
+{
+    int i;
+
+    if (expected_names == NULL)
+        return 1;
+    if (names == NULL || sk_X509_NAME_num(names) == 0) {
+        if (sk_X509_NAME_num(expected_names) == 0)
+            return 1;
+        goto err;
+    }
+    if (sk_X509_NAME_num(names) != sk_X509_NAME_num(expected_names))
+        goto err;
+    for (i = 0; i < sk_X509_NAME_num(names); i++) {
+        if (X509_NAME_cmp(sk_X509_NAME_value(names, i),
+                          sk_X509_NAME_value(expected_names, i)) != 0) {
+            goto err;
+        }
+    }
+    return 1;
+    err:
+    fprintf(stderr, "%s: list mismatch\nExpected Names:\n", name);
+    print_ca_names(expected_names);
+    fprintf(stderr, "Received Names:\n");
+    print_ca_names(names);
+    return 0;
+}
+
+static int check_client_ca_names(HANDSHAKE_RESULT *result,
+                                 SSL_TEST_CTX *test_ctx)
+{
+    return check_ca_names("Client CA names",
+                          test_ctx->expected_client_ca_names,
+                          result->client_ca_names);
+}
+
 /*
  * This could be further simplified by constructing an expected
  * HANDSHAKE_RESULT, and implementing comparison methods for
@@ -283,6 +339,7 @@ static int check_test(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
         ret &= check_client_cert_type(result, test_ctx);
         ret &= check_client_sign_hash(result, test_ctx);
         ret &= check_client_sign_type(result, test_ctx);
+        ret &= check_client_ca_names(result, test_ctx);
     }
     return ret;
 }