commit a263f320ebdb32ccc058ef02a617edbfe4a63e7f
author Emilia Kasper <emilia@openssl.org> Thu Apr 07 19:07:50 2016 +0200
committer Emilia Kasper <emilia@openssl.org> Thu May 12 19:02:42 2016 +0200
tree aa0e8b9d93f591a7752cc312053d9333caecae33
parent d82c27589b5f9e9128f1ae9fce89fadd03c1c229

Remove proxy tests. Add verify callback tests.

The old proxy tests test the implementation of an application proxy
policy callback defined in the test itself, which is not particularly
useful.

It is, however, useful to test cert verify overrides in
general. Therefore, replace these tests with tests for cert verify
callback behaviour.

Also glob the ssl test inputs on the .in files to catch missing
generated files.

Reviewed-by: Rich Salz <rsalz@openssl.org>

test/handshake_helper.c

diff --git a/test/handshake_helper.c b/test/handshake_helper.c
index 4682d45..0a27324 100644
--- a/test/handshake_helper.c
+++ b/test/handshake_helper.c
@@ -11,6 +11,7 @@
 #include <string.h>
 
 #include <openssl/bio.h>
+#include <openssl/x509_vfy.h>
 #include <openssl/ssl.h>
 
 #include "handshake_helper.h"
@@ -40,6 +41,37 @@
     }
 }
 
+static int verify_reject_callback(X509_STORE_CTX *ctx, void *arg) {
+    X509_STORE_CTX_set_error(ctx, X509_V_ERR_APPLICATION_VERIFICATION);
+    return 0;
+}
+
+static int verify_accept_callback(X509_STORE_CTX *ctx, void *arg) {
+    return 1;
+}
+
+/*
+ * Configure callbacks and other properties that can't be set directly
+ * in the server/client CONF.
+ */
+static void configure_handshake(SSL_CTX *server_ctx, SSL_CTX *client_ctx,
+                                const SSL_TEST_CTX *test_ctx)
+{
+    switch (test_ctx->client_verify_callback) {
+    case SSL_TEST_VERIFY_ACCEPT_ALL:
+        SSL_CTX_set_cert_verify_callback(client_ctx, &verify_accept_callback,
+                                         NULL);
+        break;
+    case SSL_TEST_VERIFY_REJECT_ALL:
+        SSL_CTX_set_cert_verify_callback(client_ctx, &verify_reject_callback,
+                                         NULL);
+        break;
+    default:
+        break;
+    }
+}
+
+
 typedef enum {
     PEER_SUCCESS,
     PEER_RETRY,
@@ -139,7 +171,8 @@
     return INTERNAL_ERROR;
 }
 
-HANDSHAKE_RESULT do_handshake(SSL_CTX *server_ctx, SSL_CTX *client_ctx)
+HANDSHAKE_RESULT do_handshake(SSL_CTX *server_ctx, SSL_CTX *client_ctx,
+                              const SSL_TEST_CTX *test_ctx)
 {
     SSL *server, *client;
     BIO *client_to_server, *server_to_client;
@@ -149,6 +182,8 @@
     peer_status_t client_status = PEER_RETRY, server_status = PEER_RETRY;
     handshake_status_t status = HANDSHAKE_RETRY;
 
+    configure_handshake(server_ctx, client_ctx, test_ctx);
+
     server = SSL_new(server_ctx);
     client = SSL_new(client_ctx);
     OPENSSL_assert(server != NULL && client != NULL);