sync code with last fixes and improvements from OpenBSD
This commit is contained in:
parent
4b78db449c
commit
bf0676207f
2406 changed files with 6353 additions and 434004 deletions
|
@ -1,2 +1,4 @@
|
|||
# Use this variable when the test needs internal symbols from libcrypto
|
||||
CRYPTO_INT= -Wl,-Bstatic -lcrypto -Wl,-Bdynamic
|
||||
# Use this variable when the test needs internal symbols from libssl
|
||||
SSL_INT= -Wl,-Bstatic -lssl -Wl,-Bdynamic
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
# $OpenBSD: Makefile,v 1.9 2022/05/10 19:27:21 tb Exp $
|
||||
# $OpenBSD: Makefile,v 1.10 2023/06/04 11:33:45 tb Exp $
|
||||
|
||||
OPENSSL_RUBY_TESTS = /usr/local/share/openssl-ruby-tests
|
||||
.if exists(/usr/local/bin/ruby31)
|
||||
RUBY_BINREV = 31
|
||||
.else
|
||||
RUBY_BINREV = 30
|
||||
RUBY_BINREV = 32
|
||||
.endif
|
||||
RUBY = ruby${RUBY_BINREV}
|
||||
|
||||
|
|
|
@ -1,9 +1,10 @@
|
|||
# $OpenBSD: Makefile,v 1.14 2022/12/02 01:15:11 tb Exp $
|
||||
# $OpenBSD: Makefile,v 1.16 2023/05/24 09:15:14 tb Exp $
|
||||
|
||||
PROGS += cipher_list
|
||||
PROGS += ssl_get_shared_ciphers
|
||||
PROGS += ssl_methods
|
||||
PROGS += ssl_set_alpn_protos
|
||||
PROGS += ssl_verify_param
|
||||
PROGS += ssl_versions
|
||||
PROGS += tls_ext_alpn
|
||||
PROGS += tls_prf
|
||||
|
@ -15,4 +16,6 @@ CFLAGS+= -DLIBRESSL_INTERNAL -Wall -Wundef -Werror
|
|||
CFLAGS+= -DCERTSDIR=\"${.CURDIR}/../certs\"
|
||||
CFLAGS+= -I${.CURDIR}/../../../../lib/libssl
|
||||
|
||||
LDADD_ssl_verify_param = ${LIBSSL} ${CRYPTO_INT}
|
||||
|
||||
.include <bsd.regress.mk>
|
||||
|
|
99
regress/lib/libssl/unit/ssl_verify_param.c
Normal file
99
regress/lib/libssl/unit/ssl_verify_param.c
Normal file
|
@ -0,0 +1,99 @@
|
|||
/* $OpenBSD: ssl_verify_param.c,v 1.1 2023/05/24 08:54:59 tb Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
#include <err.h>
|
||||
#include <stdio.h>
|
||||
|
||||
#include <openssl/ssl.h>
|
||||
#include <openssl/x509v3.h>
|
||||
|
||||
unsigned int X509_VERIFY_PARAM_get_hostflags(X509_VERIFY_PARAM *param);
|
||||
|
||||
static int
|
||||
ssl_verify_param_flags_inherited(void)
|
||||
{
|
||||
SSL_CTX *ssl_ctx = NULL;
|
||||
SSL *ssl = NULL;
|
||||
X509_VERIFY_PARAM *param;
|
||||
unsigned int defaultflags = 0;
|
||||
unsigned int newflags = X509_CHECK_FLAG_NEVER_CHECK_SUBJECT;
|
||||
unsigned int flags;
|
||||
int failed = 1;
|
||||
|
||||
if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL)
|
||||
errx(1, "SSL_CTX_new");
|
||||
|
||||
if ((param = SSL_CTX_get0_param(ssl_ctx)) == NULL) {
|
||||
fprintf(stderr, "FAIL: no verify param on ssl_ctx\n");
|
||||
goto failure;
|
||||
}
|
||||
|
||||
if ((flags = X509_VERIFY_PARAM_get_hostflags(param)) != defaultflags) {
|
||||
fprintf(stderr, "FAIL: SSL_CTX default hostflags, "
|
||||
"want: %x, got: %x\n", defaultflags, flags);
|
||||
goto failure;
|
||||
}
|
||||
|
||||
X509_VERIFY_PARAM_set_hostflags(param, newflags);
|
||||
|
||||
if ((flags = X509_VERIFY_PARAM_get_hostflags(param)) != newflags) {
|
||||
fprintf(stderr, "FAIL: SSL_CTX new hostflags, "
|
||||
"want: %x, got: %x\n", newflags, flags);
|
||||
goto failure;
|
||||
}
|
||||
|
||||
if ((ssl = SSL_new(ssl_ctx)) == NULL)
|
||||
errx(1, "SSL_new");
|
||||
|
||||
if ((param = SSL_get0_param(ssl)) == NULL) {
|
||||
fprintf(stderr, "FAIL: no verify param on ssl\n");
|
||||
goto failure;
|
||||
}
|
||||
|
||||
if ((flags = X509_VERIFY_PARAM_get_hostflags(param)) != newflags) {
|
||||
fprintf(stderr, "FAIL: SSL inherited hostflags, "
|
||||
"want: %x, got: %x\n", newflags, flags);
|
||||
goto failure;
|
||||
}
|
||||
|
||||
SSL_set_hostflags(ssl, defaultflags);
|
||||
|
||||
if ((flags = X509_VERIFY_PARAM_get_hostflags(param)) != defaultflags) {
|
||||
fprintf(stderr, "FAIL: SSL set hostflags, "
|
||||
"want: %x, got: %x\n", defaultflags, flags);
|
||||
goto failure;
|
||||
}
|
||||
|
||||
failed = 0;
|
||||
|
||||
failure:
|
||||
SSL_CTX_free(ssl_ctx);
|
||||
SSL_free(ssl);
|
||||
|
||||
return failed;
|
||||
}
|
||||
|
||||
int
|
||||
main(void)
|
||||
{
|
||||
int failed = 0;
|
||||
|
||||
failed |= ssl_verify_param_flags_inherited();
|
||||
|
||||
return failed;
|
||||
}
|
Loading…
Add table
Add a link
Reference in a new issue