diff options
Diffstat (limited to 'test/ssl_test.c')
-rw-r--r-- | test/ssl_test.c | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/test/ssl_test.c b/test/ssl_test.c index 948eb17d78..387f3a6557 100644 --- a/test/ssl_test.c +++ b/test/ssl_test.c @@ -255,6 +255,62 @@ static int check_client_sign_type(HANDSHAKE_RESULT *result, result->client_sign_type); } +static void print_ca_names(STACK_OF(X509_NAME) *names) +{ + BIO *err; + int i; + + if (names == NULL || sk_X509_NAME_num(names) == 0) { + fprintf(stderr, " <empty>\n"); + return; + } + err = BIO_new_fp(stderr, BIO_NOCLOSE); + for (i = 0; i < sk_X509_NAME_num(names); i++) { + X509_NAME_print_ex(err, sk_X509_NAME_value(names, i), 4, + XN_FLAG_ONELINE); + BIO_puts(err, "\n"); + } + BIO_free(err); +} + +static int check_ca_names(const char *name, + STACK_OF(X509_NAME) *expected_names, + STACK_OF(X509_NAME) *names) +{ + int i; + + if (expected_names == NULL) + return 1; + if (names == NULL || sk_X509_NAME_num(names) == 0) { + if (sk_X509_NAME_num(expected_names) == 0) + return 1; + goto err; + } + if (sk_X509_NAME_num(names) != sk_X509_NAME_num(expected_names)) + goto err; + for (i = 0; i < sk_X509_NAME_num(names); i++) { + if (X509_NAME_cmp(sk_X509_NAME_value(names, i), + sk_X509_NAME_value(expected_names, i)) != 0) { + goto err; + } + } + return 1; + err: + fprintf(stderr, "%s: list mismatch\nExpected Names:\n", name); + print_ca_names(expected_names); + fprintf(stderr, "Received Names:\n"); + print_ca_names(names); + return 0; +} + +static int check_client_ca_names(HANDSHAKE_RESULT *result, + SSL_TEST_CTX *test_ctx) +{ + return check_ca_names("Client CA names", + test_ctx->expected_client_ca_names, + result->client_ca_names); +} + /* * This could be further simplified by constructing an expected * HANDSHAKE_RESULT, and implementing comparison methods for @@ -283,6 +339,7 @@ static int check_test(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) ret &= check_client_cert_type(result, test_ctx); ret &= check_client_sign_hash(result, test_ctx); ret &= check_client_sign_type(result, test_ctx); + ret &= check_client_ca_names(result, test_ctx); } return ret; } |