diff options
| author | David Benjamin <davidben@chromium.org> | 2014-07-12 23:47:52 +0400 |
|---|---|---|
| committer | Adam Langley <agl@google.com> | 2014-07-15 01:45:57 +0400 |
| commit | 67666e7823297fa2e01291dbfe140d250dc458f2 (patch) | |
| tree | 5d0d6ca3256ad112fdd8da7ea3df8936054709eb | |
| parent | 51b1f7427b6e153675ae4bcb75f3f5a6b44648f4 (diff) | |
Add tests for the server accepting client certificates.
Change-Id: I9acc4363c6b9804d5fe464053393cf16ffb7785c
Reviewed-on: https://boringssl-review.googlesource.com/1159
Reviewed-by: Adam Langley <agl@google.com>
| -rw-r--r-- | ssl/test/bssl_shim.cc | 7 | ||||
| -rw-r--r-- | ssl/test/runner/runner.go | 20 |
2 files changed, 25 insertions, 2 deletions
diff --git a/ssl/test/bssl_shim.cc b/ssl/test/bssl_shim.cc index 72be47ee..9dd0edff 100644 --- a/ssl/test/bssl_shim.cc +++ b/ssl/test/bssl_shim.cc @@ -64,6 +64,10 @@ int select_certificate_callback(const struct ssl_early_callback_ctx *ctx) { return 1; } +int skip_verify(int preverify_ok, X509_STORE_CTX *store_ctx) { + return 1; +} + SSL *setup_test(int is_server) { if (!SSL_library_init()) { return NULL; @@ -181,6 +185,9 @@ int main(int argc, char **argv) { } // Conveniently, 00 is not a certificate type. expected_certificate_types = argv[i]; + } else if (strcmp(argv[i], "-require-any-client-certificate") == 0) { + SSL_set_verify(ssl, SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT, + skip_verify); } else { fprintf(stderr, "Unknown argument: %s\n", argv[i]); return 1; diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go index 3d3e538e..0e226233 100644 --- a/ssl/test/runner/runner.go +++ b/ssl/test/runner/runner.go @@ -536,7 +536,7 @@ func addClientAuthTests() { testCases = append(testCases, testCase{ testType: clientTest, - name: ver.name + "-ClientAuth-RSA", + name: ver.name + "-Client-ClientAuth-RSA", config: Config{ MinVersion: ver.version, MaxVersion: ver.version, @@ -550,7 +550,7 @@ func addClientAuthTests() { }) testCases = append(testCases, testCase{ testType: clientTest, - name: ver.name + "-ClientAuth-ECDSA", + name: ver.name + "-Client-ClientAuth-ECDSA", config: Config{ MinVersion: ver.version, MaxVersion: ver.version, @@ -562,6 +562,22 @@ func addClientAuthTests() { "-key-file", ecdsaKeyFile, }, }) + testCases = append(testCases, testCase{ + testType: serverTest, + name: ver.name + "-Server-ClientAuth-RSA", + config: Config{ + Certificates: []Certificate{rsaCertificate}, + }, + flags: []string{"-require-any-client-certificate"}, + }) + testCases = append(testCases, testCase{ + testType: serverTest, + name: ver.name + "-Server-ClientAuth-ECDSA", + config: Config{ + Certificates: []Certificate{ecdsaCertificate}, + }, + flags: []string{"-require-any-client-certificate"}, + }) } } |