mirror/openvpn
0
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn.git synced 2024-09-19 19:42:30 +02:00
Code

Add a test for loading certificate and key using file: URI

Browse Source 
We do not load any providers, so only file: URI internally supported by
OpenSSL 3+ is tested. On non-OpenSSL 3 builds the test prints "SKIPPED".

v2: avoid dead code; rebase to current master

Change-Id: I7615116b5251319aa1f13d671bab7013f3a043ea
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
Message-Id: <20240906103900.37037-1-frank@lichtenheld.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg29076.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
This commit is contained in:
Selva Nair 2024-09-06 12:39:00 +02:00 committed by Gert Doering
parent 0fe3a98774
commit f086a49b55
1 changed files with 44 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
tests/unit_tests/openvpn/test_ssl.c
View File

@ -66,6 +66,10 @@ throw_signal(const int signum)
} }
#endif #endif
#if defined(ENABLE_CRYPTO_OPENSSL) && (OPENSSL_VERSION_NUMBER > 0x30000000L)
#define HAVE_OPENSSL_STORE
#endif
/* stubs for some unused functions instead of pulling in too many dependencies */ /* stubs for some unused functions instead of pulling in too many dependencies */
bool bool
get_user_pass_cr(struct user_pass *up, const char *auth_file, const char *prefix, get_user_pass_cr(struct user_pass *up, const char *auth_file, const char *prefix,
@ -234,6 +238,45 @@ test_load_certificate_and_key(void **state)
tls_ctx_free(&ctx); tls_ctx_free(&ctx);
} }
/* test loading cert and key using file:/path URI */
static void
test_load_certificate_and_key_uri(void **state)
{
(void) state;
#if !defined(HAVE_OPENSSL_STORE)
skip();
#else /* HAVE_OPENSSL_STORE */
struct tls_root_ctx ctx = { 0 };
const char *certfile = global_state.certfile;
const char *keyfile = global_state.keyfile;
struct gc_arena *gc = &global_state.gc;
struct buffer certuri = alloc_buf_gc(6 + strlen(certfile) + 1, gc); /* 6 bytes for "file:/" */
struct buffer keyuri = alloc_buf_gc(6 + strlen(keyfile) + 1, gc); /* 6 bytes for "file:/" */
/* Windows temp file path starts with drive letter -- add a leading slash for URI */
const char *lead = "";
#ifdef _WIN32
lead = "/";
#endif /* _WIN32 */
assert_true(buf_printf(&certuri, "file:%s%s", lead, certfile));
assert_true(buf_printf(&keyuri, "file:%s%s", lead, keyfile));
/* On Windows replace any '\' in path by '/' required for URI */
#ifdef _WIN32
string_mod(BSTR(&certuri), CC_ANY, CC_BACKSLASH, '/');
string_mod(BSTR(&keyuri), CC_ANY, CC_BACKSLASH, '/');
#endif /* _WIN32 */
tls_ctx_client_new(&ctx);
tls_ctx_load_cert_file(&ctx, BSTR(&certuri), false);
assert_int_equal(tls_ctx_load_priv_file(&ctx, BSTR(&keyuri), false), 0);
tls_ctx_free(&ctx);
#endif /* HAVE_OPENSSL_STORE */
}
static void static void
init_implicit_iv(struct crypto_options *co) init_implicit_iv(struct crypto_options *co)
{ {
@ -469,6 +512,7 @@ main(void)
const struct CMUnitTest tests[] = { const struct CMUnitTest tests[] = {
cmocka_unit_test(crypto_pem_encode_certificate), cmocka_unit_test(crypto_pem_encode_certificate),
cmocka_unit_test(test_load_certificate_and_key), cmocka_unit_test(test_load_certificate_and_key),
cmocka_unit_test(test_load_certificate_and_key_uri),
cmocka_unit_test(test_data_channel_roundtrip_aes_128_gcm), cmocka_unit_test(test_data_channel_roundtrip_aes_128_gcm),
cmocka_unit_test(test_data_channel_roundtrip_aes_192_gcm), cmocka_unit_test(test_data_channel_roundtrip_aes_192_gcm),
cmocka_unit_test(test_data_channel_roundtrip_aes_256_gcm), cmocka_unit_test(test_data_channel_roundtrip_aes_256_gcm),