cron2 has submitted this change. ( http://gerrit.openvpn.net/c/openvpn/+/730?usp=email )
Change subject: Add a test for loading certificate and key using file: URI ...................................................................... Add a test for loading certificate and key using file: URI We do not load any providers, so only file: URI internally supported by OpenSSL 3+ is tested. On non-OpenSSL 3 builds the test prints "SKIPPED". v2: avoid dead code; rebase to current master Change-Id: I7615116b5251319aa1f13d671bab7013f3a043ea Signed-off-by: Selva Nair <selva.n...@gmail.com> Acked-by: Frank Lichtenheld <fr...@lichtenheld.com> Message-Id: <20240906103900.37037-1-fr...@lichtenheld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg29076.html Signed-off-by: Gert Doering <g...@greenie.muc.de> --- M tests/unit_tests/openvpn/test_ssl.c 1 file changed, 44 insertions(+), 0 deletions(-) diff --git a/tests/unit_tests/openvpn/test_ssl.c b/tests/unit_tests/openvpn/test_ssl.c index a5c58a0..a1ca344 100644 --- a/tests/unit_tests/openvpn/test_ssl.c +++ b/tests/unit_tests/openvpn/test_ssl.c @@ -66,6 +66,10 @@ } #endif +#if defined(ENABLE_CRYPTO_OPENSSL) && (OPENSSL_VERSION_NUMBER > 0x30000000L) +#define HAVE_OPENSSL_STORE +#endif + /* stubs for some unused functions instead of pulling in too many dependencies */ bool get_user_pass_cr(struct user_pass *up, const char *auth_file, const char *prefix, @@ -234,6 +238,45 @@ tls_ctx_free(&ctx); } +/* test loading cert and key using file:/path URI */ +static void +test_load_certificate_and_key_uri(void **state) +{ + (void) state; + +#if !defined(HAVE_OPENSSL_STORE) + skip(); +#else /* HAVE_OPENSSL_STORE */ + + struct tls_root_ctx ctx = { 0 }; + const char *certfile = global_state.certfile; + const char *keyfile = global_state.keyfile; + struct gc_arena *gc = &global_state.gc; + + struct buffer certuri = alloc_buf_gc(6 + strlen(certfile) + 1, gc); /* 6 bytes for "file:/" */ + struct buffer keyuri = alloc_buf_gc(6 + strlen(keyfile) + 1, gc); /* 6 bytes for "file:/" */ + + /* Windows temp file path starts with drive letter -- add a leading slash for URI */ + const char *lead = ""; +#ifdef _WIN32 + lead = "/"; +#endif /* _WIN32 */ + assert_true(buf_printf(&certuri, "file:%s%s", lead, certfile)); + assert_true(buf_printf(&keyuri, "file:%s%s", lead, keyfile)); + + /* On Windows replace any '\' in path by '/' required for URI */ +#ifdef _WIN32 + string_mod(BSTR(&certuri), CC_ANY, CC_BACKSLASH, '/'); + string_mod(BSTR(&keyuri), CC_ANY, CC_BACKSLASH, '/'); +#endif /* _WIN32 */ + + tls_ctx_client_new(&ctx); + tls_ctx_load_cert_file(&ctx, BSTR(&certuri), false); + assert_int_equal(tls_ctx_load_priv_file(&ctx, BSTR(&keyuri), false), 0); + tls_ctx_free(&ctx); +#endif /* HAVE_OPENSSL_STORE */ +} + static void init_implicit_iv(struct crypto_options *co) { @@ -469,6 +512,7 @@ const struct CMUnitTest tests[] = { cmocka_unit_test(crypto_pem_encode_certificate), cmocka_unit_test(test_load_certificate_and_key), + cmocka_unit_test(test_load_certificate_and_key_uri), cmocka_unit_test(test_data_channel_roundtrip_aes_128_gcm), cmocka_unit_test(test_data_channel_roundtrip_aes_192_gcm), cmocka_unit_test(test_data_channel_roundtrip_aes_256_gcm), -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/730?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I7615116b5251319aa1f13d671bab7013f3a043ea Gerrit-Change-Number: 730 Gerrit-PatchSet: 3 Gerrit-Owner: selvanair <selva.n...@gmail.com> Gerrit-Reviewer: flichtenheld <fr...@lichtenheld.com> Gerrit-Reviewer: plaisthos <arne-open...@rfc2549.org> Gerrit-CC: openvpn-devel <openvpn-devel@lists.sourceforge.net> Gerrit-MessageType: merged
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
