proxmox-mirrors/libgit2
1
0
Fork 0
mirror of https://git.proxmox.com/git/libgit2 synced 2025-08-06 16:39:23 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

http: perform 'badssl' check also via certificate callback

Browse Source 
Make sure that the callbacks do also get a 'valid' value of zero when
the certificate we're looking at is in valid and assert that within the
test.
This commit is contained in:
Carlos Martín Nieto 2017-01-06 10:51:31 +00:00 committed by Edward Thomson
parent 9a64e62f0f
commit 98d66240ec
1 changed files with 29 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
tests/online/badssl.c
View File

@ -10,37 +10,66 @@ static bool g_has_ssl = true;
static bool g_has_ssl = false; static bool g_has_ssl = false;
#endif #endif
static int cert_check_assert_invalid(git_cert *cert, int valid, const char* host, void *payload)
{
GIT_UNUSED(cert); GIT_UNUSED(host); GIT_UNUSED(payload);
cl_assert_equal_i(0, valid);
return GIT_ECERTIFICATE;
}
void test_online_badssl__expired(void) void test_online_badssl__expired(void)
{ {
git_clone_options opts = GIT_CLONE_OPTIONS_INIT;
opts.fetch_opts.callbacks.certificate_check = cert_check_assert_invalid;
if (!g_has_ssl) if (!g_has_ssl)
cl_skip(); cl_skip();
cl_git_fail_with(GIT_ECERTIFICATE, cl_git_fail_with(GIT_ECERTIFICATE,
git_clone(&g_repo, "https://expired.badssl.com/fake.git", "./fake", NULL)); git_clone(&g_repo, "https://expired.badssl.com/fake.git", "./fake", NULL));
cl_git_fail_with(GIT_ECERTIFICATE,
git_clone(&g_repo, "https://expired.badssl.com/fake.git", "./fake", &opts));
} }
void test_online_badssl__wrong_host(void) void test_online_badssl__wrong_host(void)
{ {
git_clone_options opts = GIT_CLONE_OPTIONS_INIT;
opts.fetch_opts.callbacks.certificate_check = cert_check_assert_invalid;
if (!g_has_ssl) if (!g_has_ssl)
cl_skip(); cl_skip();
cl_git_fail_with(GIT_ECERTIFICATE, cl_git_fail_with(GIT_ECERTIFICATE,
git_clone(&g_repo, "https://wrong.host.badssl.com/fake.git", "./fake", NULL)); git_clone(&g_repo, "https://wrong.host.badssl.com/fake.git", "./fake", NULL));
cl_git_fail_with(GIT_ECERTIFICATE,
git_clone(&g_repo, "https://wrong.host.badssl.com/fake.git", "./fake", &opts));
} }
void test_online_badssl__self_signed(void) void test_online_badssl__self_signed(void)
{ {
git_clone_options opts = GIT_CLONE_OPTIONS_INIT;
opts.fetch_opts.callbacks.certificate_check = cert_check_assert_invalid;
if (!g_has_ssl) if (!g_has_ssl)
cl_skip(); cl_skip();
cl_git_fail_with(GIT_ECERTIFICATE, cl_git_fail_with(GIT_ECERTIFICATE,
git_clone(&g_repo, "https://self-signed.badssl.com/fake.git", "./fake", NULL)); git_clone(&g_repo, "https://self-signed.badssl.com/fake.git", "./fake", NULL));
cl_git_fail_with(GIT_ECERTIFICATE,
git_clone(&g_repo, "https://self-signed.badssl.com/fake.git", "./fake", &opts));
} }
void test_online_badssl__old_cipher(void) void test_online_badssl__old_cipher(void)
{ {
git_clone_options opts = GIT_CLONE_OPTIONS_INIT;
opts.fetch_opts.callbacks.certificate_check = cert_check_assert_invalid;
if (!g_has_ssl) if (!g_has_ssl)
cl_skip(); cl_skip();
cl_git_fail(git_clone(&g_repo, "https://rc4.badssl.com/fake.git", "./fake", NULL)); cl_git_fail(git_clone(&g_repo, "https://rc4.badssl.com/fake.git", "./fake", NULL));
cl_git_fail(git_clone(&g_repo, "https://rc4.badssl.com/fake.git", "./fake", &opts));
} }