External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-07-06 18:05:45 +00:00
Code Issues Packages Projects Releases Wiki Activity
d8de4f2770
libvirt/tests/virnettlssessiontest.c

496 lines
17 KiB
C
Raw Normal View History

Split TLS test into two separate tests The virnettlscontexttest.c tests both virNetTLSContext and virNetTLSSession functionality. Split into two separate tests, to make the code size more manageable Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-05 15:49:24 +00:00
/*
Require spaces around equality comparisons Commit a1cbe4b5 added a check for spaces around assignments and this patch extends it to checks for spaces around '=='. One exception is virAssertCmpInt where comma after '==' is acceptable (since it is a macro and '==' is its argument). Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-03-17 09:38:38 +00:00
* Copyright (C) 2011-2012, 2014 Red Hat, Inc.
Split TLS test into two separate tests The virnettlscontexttest.c tests both virNetTLSContext and virNetTLSSession functionality. Split into two separate tests, to make the code size more manageable Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-05 15:49:24 +00:00
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library. If not, see
* <http://www.gnu.org/licenses/>.
*/
#include <config.h>
#include <fcntl.h>
#include "testutils.h"
#include "virnettlshelpers.h"
#include "virutil.h"
#include "virlog.h"
#include "virfile.h"
lib: Prefer WITH_* prefix for #if conditionals Currently, we are mixing: #if HAVE_BLAH with #if WITH_BLAH. Things got way better with Pavel's work on meson, but apparently, mixing these two lead to confusing and easy to miss bugs (see 31fb929eca for instance). While we were forced to use HAVE_ prefix with autotools, we are free to chose our own prefix with meson and since WITH_ prefix appears to be more popular let's use it everywhere. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-09-01 11:27:44 +00:00
#if !defined WIN32 && WITH_LIBTASN1_H && LIBGNUTLS_VERSION_NUMBER >= 0x020600
Split TLS test into two separate tests The virnettlscontexttest.c tests both virNetTLSContext and virNetTLSSession functionality. Split into two separate tests, to make the code size more manageable Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-05 15:49:24 +00:00
# define VIR_FROM_THIS VIR_FROM_RPC
Add virLogSource variables to all source files Any source file which calls the logging APIs now needs to have a VIR_LOG_INIT("source.name") declaration at the start of the file. This provides a static variable of the virLogSource type. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-02-28 12:16:17 +00:00
VIR_LOG_INIT("tests.nettlssessiontest");
Fix parallel runs of TLS test suites Use a separate keyfile name for the two TLS test suites so that they don't clash when running tests in parallel Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-08 22:08:25 +00:00
# define KEYFILE "key-sess.pem"
Split TLS test into two separate tests The virnettlscontexttest.c tests both virNetTLSContext and virNetTLSSession functionality. Split into two separate tests, to make the code size more manageable Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-05 15:49:24 +00:00
struct testTLSSessionData {
Change data passed into TLS test cases Currently a 'struct testTLSCertReq' instance is passed into the TLS test cases. This is not flexible enough to cope with certificate chains, where one file now corresponds to multiple certificates. Change the test cases so that we pass in filenames instead. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-06 10:35:49 +00:00
const char *servercacrt;
const char *clientcacrt;
const char *servercrt;
const char *clientcrt;
Split TLS test into two separate tests The virnettlscontexttest.c tests both virNetTLSContext and virNetTLSSession functionality. Split into two separate tests, to make the code size more manageable Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-05 15:49:24 +00:00
bool expectServerFail;
bool expectClientFail;
const char *hostname;
const char *const* wildcards;
};
static ssize_t testWrite(const char *buf, size_t len, void *opaque)
{
int *fd = opaque;
syntax-check: sc_avoid_write: Don't use blanket file exceptions Adding an exception for the whole file usually defeats the purpose of a syntax check and is also likely to get forgotten once the file is removed. In case of the suggestion of using 'safewrite' instead of write even the comment for safewrite states that the function needs to be used only in certain cases. Remove the blanket exceptions for files and use an exclude string instead. The only instance where we keep the full file exception is for src/libvirt-stream.c as there are multiple uses in example code in comments where I couldn't find a nicer targetted wapproach. Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-02-14 15:39:00 +00:00
return write(*fd, buf, len); /* sc_avoid_write */
Split TLS test into two separate tests The virnettlscontexttest.c tests both virNetTLSContext and virNetTLSSession functionality. Split into two separate tests, to make the code size more manageable Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-05 15:49:24 +00:00
}
static ssize_t testRead(char *buf, size_t len, void *opaque)
{
int *fd = opaque;
return read(*fd, buf, len);
}
/*
* This tests validation checking of peer certificates
*
* This is replicating the checks that are done for an
* active TLS session after handshake completes. To
* simulate that we create our TLS contexts, skipping
virnettlssessiontest.c: fix grammar Signed-off-by: Nitesh Konkar <nitkon12@linux.vnet.ibm.com>
2017-01-25 09:12:38 +00:00
* sanity checks. We then get a socketpair, and
Split TLS test into two separate tests The virnettlscontexttest.c tests both virNetTLSContext and virNetTLSSession functionality. Split into two separate tests, to make the code size more manageable Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-05 15:49:24 +00:00
* initiate a TLS session across them. Finally do
virnettlssessiontest.c: fix grammar Signed-off-by: Nitesh Konkar <nitkon12@linux.vnet.ibm.com>
2017-01-25 09:12:38 +00:00
* actual cert validation tests
Split TLS test into two separate tests The virnettlscontexttest.c tests both virNetTLSContext and virNetTLSSession functionality. Split into two separate tests, to make the code size more manageable Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-05 15:49:24 +00:00
*/
static int testTLSSessionInit(const void *opaque)
{
struct testTLSSessionData *data = (struct testTLSSessionData *)opaque;
lib: Drop internal virXXXPtr typedefs Historically, we declared pointer type to our types: typedef struct _virXXX virXXX; typedef virXXX *virXXXPtr; But usefulness of such declaration is questionable, at best. Unfortunately, we can't drop every such declaration - we have to carry some over, because they are part of public API (e.g. virDomainPtr). But for internal types - we can do drop them and use what every other C project uses 'virXXX *'. This change was generated by a very ugly shell script that generated sed script which was then called over each file in the repository. For the shell script refer to the cover letter: https://listman.redhat.com/archives/libvir-list/2021-March/msg00537.html Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2021-03-11 07:16:13 +00:00
virNetTLSContext *clientCtxt = NULL;
virNetTLSContext *serverCtxt = NULL;
virNetTLSSession *clientSess = NULL;
virNetTLSSession *serverSess = NULL;
Split TLS test into two separate tests The virnettlscontexttest.c tests both virNetTLSContext and virNetTLSSession functionality. Split into two separate tests, to make the code size more manageable Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-05 15:49:24 +00:00
int ret = -1;
int channel[2];
bool clientShake = false;
bool serverShake = false;
/* We'll use this for our fake client-server connection */
if (socketpair(AF_UNIX, SOCK_STREAM, 0, channel) < 0)
abort();
/*
* We have an evil loop to do the handshake in a single
* thread, so we need these non-blocking to avoid deadlock
* of ourselves
*/
ignore_value(virSetNonBlock(channel[0]));
ignore_value(virSetNonBlock(channel[1]));
/* We skip initial sanity checks here because we
* want to make sure that problems are being
* detected at the TLS session validation stage
*/
Change data passed into TLS test cases Currently a 'struct testTLSCertReq' instance is passed into the TLS test cases. This is not flexible enough to cope with certificate chains, where one file now corresponds to multiple certificates. Change the test cases so that we pass in filenames instead. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-06 10:35:49 +00:00
serverCtxt = virNetTLSContextNewServer(data->servercacrt,
Split TLS test into two separate tests The virnettlscontexttest.c tests both virNetTLSContext and virNetTLSSession functionality. Split into two separate tests, to make the code size more manageable Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-05 15:49:24 +00:00
NULL,
Change data passed into TLS test cases Currently a 'struct testTLSCertReq' instance is passed into the TLS test cases. This is not flexible enough to cope with certificate chains, where one file now corresponds to multiple certificates. Change the test cases so that we pass in filenames instead. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-06 10:35:49 +00:00
data->servercrt,
Fix parallel runs of TLS test suites Use a separate keyfile name for the two TLS test suites so that they don't clash when running tests in parallel Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-08 22:08:25 +00:00
KEYFILE,
Split TLS test into two separate tests The virnettlscontexttest.c tests both virNetTLSContext and virNetTLSSession functionality. Split into two separate tests, to make the code size more manageable Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-05 15:49:24 +00:00
data->wildcards,
tests: force use of "NORMAL" TLS priority in test suite When generating certificates we rely on GNUTLS' built-in default setup for the ciphers used in the certs. We then currently run with the distro specific TLS priority setup which can be much stronger, to the extent that the certificates we generate are considered untrustworthy. We don't care about the quality of the ciphers we use in the test suite, so just force the priority to "NORMAL" which should ensure our certs are accepted by GNUTLS. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-03-05 12:46:16 +00:00
"NORMAL",
Split TLS test into two separate tests The virnettlscontexttest.c tests both virNetTLSContext and virNetTLSSession functionality. Split into two separate tests, to make the code size more manageable Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-05 15:49:24 +00:00
false,
true);
Change data passed into TLS test cases Currently a 'struct testTLSCertReq' instance is passed into the TLS test cases. This is not flexible enough to cope with certificate chains, where one file now corresponds to multiple certificates. Change the test cases so that we pass in filenames instead. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-06 10:35:49 +00:00
clientCtxt = virNetTLSContextNewClient(data->clientcacrt,
Split TLS test into two separate tests The virnettlscontexttest.c tests both virNetTLSContext and virNetTLSSession functionality. Split into two separate tests, to make the code size more manageable Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-05 15:49:24 +00:00
NULL,
Change data passed into TLS test cases Currently a 'struct testTLSCertReq' instance is passed into the TLS test cases. This is not flexible enough to cope with certificate chains, where one file now corresponds to multiple certificates. Change the test cases so that we pass in filenames instead. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-06 10:35:49 +00:00
data->clientcrt,
Fix parallel runs of TLS test suites Use a separate keyfile name for the two TLS test suites so that they don't clash when running tests in parallel Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-08 22:08:25 +00:00
KEYFILE,
tests: force use of "NORMAL" TLS priority in test suite When generating certificates we rely on GNUTLS' built-in default setup for the ciphers used in the certs. We then currently run with the distro specific TLS priority setup which can be much stronger, to the extent that the certificates we generate are considered untrustworthy. We don't care about the quality of the ciphers we use in the test suite, so just force the priority to "NORMAL" which should ensure our certs are accepted by GNUTLS. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-03-05 12:46:16 +00:00
"NORMAL",
Split TLS test into two separate tests The virnettlscontexttest.c tests both virNetTLSContext and virNetTLSSession functionality. Split into two separate tests, to make the code size more manageable Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-05 15:49:24 +00:00
false,
true);
if (!serverCtxt) {
VIR_WARN("Unexpected failure loading %s against %s",
Change data passed into TLS test cases Currently a 'struct testTLSCertReq' instance is passed into the TLS test cases. This is not flexible enough to cope with certificate chains, where one file now corresponds to multiple certificates. Change the test cases so that we pass in filenames instead. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-06 10:35:49 +00:00
data->servercacrt, data->servercrt);
Split TLS test into two separate tests The virnettlscontexttest.c tests both virNetTLSContext and virNetTLSSession functionality. Split into two separate tests, to make the code size more manageable Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-05 15:49:24 +00:00
goto cleanup;
}
if (!clientCtxt) {
VIR_WARN("Unexpected failure loading %s against %s",
Change data passed into TLS test cases Currently a 'struct testTLSCertReq' instance is passed into the TLS test cases. This is not flexible enough to cope with certificate chains, where one file now corresponds to multiple certificates. Change the test cases so that we pass in filenames instead. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-06 10:35:49 +00:00
data->clientcacrt, data->clientcrt);
Split TLS test into two separate tests The virnettlscontexttest.c tests both virNetTLSContext and virNetTLSSession functionality. Split into two separate tests, to make the code size more manageable Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-05 15:49:24 +00:00
goto cleanup;
}
/* Now the real part of the test, setup the sessions */
serverSess = virNetTLSSessionNew(serverCtxt, NULL);
clientSess = virNetTLSSessionNew(clientCtxt, data->hostname);
if (!serverSess) {
VIR_WARN("Unexpected failure using %s against %s",
Change data passed into TLS test cases Currently a 'struct testTLSCertReq' instance is passed into the TLS test cases. This is not flexible enough to cope with certificate chains, where one file now corresponds to multiple certificates. Change the test cases so that we pass in filenames instead. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-06 10:35:49 +00:00
data->servercacrt, data->servercrt);
Split TLS test into two separate tests The virnettlscontexttest.c tests both virNetTLSContext and virNetTLSSession functionality. Split into two separate tests, to make the code size more manageable Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-05 15:49:24 +00:00
goto cleanup;
}
if (!clientSess) {
VIR_WARN("Unexpected failure using %s against %s",
Change data passed into TLS test cases Currently a 'struct testTLSCertReq' instance is passed into the TLS test cases. This is not flexible enough to cope with certificate chains, where one file now corresponds to multiple certificates. Change the test cases so that we pass in filenames instead. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-06 10:35:49 +00:00
data->clientcacrt, data->clientcrt);
Split TLS test into two separate tests The virnettlscontexttest.c tests both virNetTLSContext and virNetTLSSession functionality. Split into two separate tests, to make the code size more manageable Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-05 15:49:24 +00:00
goto cleanup;
}
/* For handshake to work, we need to set the I/O callbacks
* to read/write over the socketpair
*/
virNetTLSSessionSetIOCallbacks(serverSess, testWrite, testRead, &channel[0]);
virNetTLSSessionSetIOCallbacks(clientSess, testWrite, testRead, &channel[1]);
/*
* Finally we loop around & around doing handshake on each
* session until we get an error, or the handshake completes.
* This relies on the socketpair being nonblocking to avoid
* deadlocking ourselves upon handshake
*/
do {
int rv;
if (!serverShake) {
rv = virNetTLSSessionHandshake(serverSess);
if (rv < 0)
goto cleanup;
if (rv == VIR_NET_TLS_HANDSHAKE_COMPLETE)
serverShake = true;
}
if (!clientShake) {
rv = virNetTLSSessionHandshake(clientSess);
if (rv < 0)
goto cleanup;
if (rv == VIR_NET_TLS_HANDSHAKE_COMPLETE)
clientShake = true;
}
tests: fix TLS handshake failure with TLS 1.3 When gnutls negotiates TLS 1.3 instead of 1.2, the order of messages sent by the handshake changes. This exposed a logic bug in the test suite which caused us to wait for the server to see handshake completion, but not wait for the client to see completion. The result was the client didn't receive the certificate for verification and the test failed. This is exposed in Fedora 29 rawhide which has just enabled TLS 1.3 in its GNUTLS builds. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-07-18 18:21:06 +00:00
} while (!clientShake || !serverShake);
Split TLS test into two separate tests The virnettlscontexttest.c tests both virNetTLSContext and virNetTLSSession functionality. Split into two separate tests, to make the code size more manageable Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-05 15:49:24 +00:00
/* Finally make sure the server validation does what
* we were expecting
*/
if (virNetTLSContextCheckCertificate(serverCtxt,
serverSess) < 0) {
if (!data->expectServerFail) {
VIR_WARN("Unexpected server cert check fail");
goto cleanup;
} else {
VIR_DEBUG("Got expected server cert fail");
}
} else {
if (data->expectServerFail) {
VIR_WARN("Expected server cert check fail");
goto cleanup;
} else {
Fix validation of CA certificate chains The code added to validate CA certificates did not take into account the possibility that the cacert.pem file can contain multiple (concatenated) cert data blocks. Extend the code for loading CA certs to use the gnutls APIs for loading cert lists. Add test cases to check that multi-level trees of certs will validate correctly. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-06 11:31:20 +00:00
VIR_DEBUG("No unexpected server cert fail");
Split TLS test into two separate tests The virnettlscontexttest.c tests both virNetTLSContext and virNetTLSSession functionality. Split into two separate tests, to make the code size more manageable Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-05 15:49:24 +00:00
}
}
/*
* And the same for the client validation check
*/
if (virNetTLSContextCheckCertificate(clientCtxt,
clientSess) < 0) {
if (!data->expectClientFail) {
VIR_WARN("Unexpected client cert check fail");
goto cleanup;
} else {
VIR_DEBUG("Got expected client cert fail");
}
} else {
if (data->expectClientFail) {
VIR_WARN("Expected client cert check fail");
goto cleanup;
} else {
Fix validation of CA certificate chains The code added to validate CA certificates did not take into account the possibility that the cacert.pem file can contain multiple (concatenated) cert data blocks. Extend the code for loading CA certs to use the gnutls APIs for loading cert lists. Add test cases to check that multi-level trees of certs will validate correctly. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-06 11:31:20 +00:00
VIR_DEBUG("No unexpected client cert fail");
Split TLS test into two separate tests The virnettlscontexttest.c tests both virNetTLSContext and virNetTLSSession functionality. Split into two separate tests, to make the code size more manageable Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-05 15:49:24 +00:00
}
}
ret = 0;
Indent top-level labels by one space in tests/
2014-03-25 06:53:44 +00:00
cleanup:
Split TLS test into two separate tests The virnettlscontexttest.c tests both virNetTLSContext and virNetTLSSession functionality. Split into two separate tests, to make the code size more manageable Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-05 15:49:24 +00:00
virObjectUnref(serverCtxt);
virObjectUnref(clientCtxt);
virObjectUnref(serverSess);
virObjectUnref(clientSess);
VIR_FORCE_CLOSE(channel[0]);
VIR_FORCE_CLOSE(channel[1]);
return ret;
}
static int
mymain(void)
{
int ret = 0;
src: switch to use g_setenv/g_unsetenv Eliminate direct use of normal setenv/unsetenv calls in favour of GLib's wrapper. This eliminates two gnulib modules Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-18 17:16:19 +00:00
g_setenv("GNUTLS_FORCE_FIPS_MODE", "2", TRUE);
tests: force FIPS testing mode with new enough GNU TLS versions Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2014-09-04 09:23:16 +00:00
Fix parallel runs of TLS test suites Use a separate keyfile name for the two TLS test suites so that they don't clash when running tests in parallel Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-08 22:08:25 +00:00
testTLSInit(KEYFILE);
Split TLS test into two separate tests The virnettlscontexttest.c tests both virNetTLSContext and virNetTLSSession functionality. Split into two separate tests, to make the code size more manageable Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-05 15:49:24 +00:00
Change data passed into TLS test cases Currently a 'struct testTLSCertReq' instance is passed into the TLS test cases. This is not flexible enough to cope with certificate chains, where one file now corresponds to multiple certificates. Change the test cases so that we pass in filenames instead. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-06 10:35:49 +00:00
# define DO_SESS_TEST(_caCrt, _serverCrt, _clientCrt, _expectServerFail, \
Remove backslash alignment attempts Right-aligning backslashes when defining macros or using complex commands in Makefiles looks cute, but as soon as any changes is required to the code you end up with either distractingly broken alignment or unnecessarily big diffs where most of the changes are just pushing all backslashes a few characters to one side. Generated using $ git grep -El '[[:blank:]][[:blank:]]\\$' | \ grep -E '*\.([chx]|am|mk)$$' | \ while read f; do \ sed -Ei 's/[[:blank:]]*[[:blank:]]\\$/ \\/g' "$f"; \ done Signed-off-by: Andrea Bolognani <abologna@redhat.com>
2017-11-03 12:09:47 +00:00
_expectClientFail, _hostname, _wildcards) \
do { \
static struct testTLSSessionData data; \
data.servercacrt = _caCrt; \
data.clientcacrt = _caCrt; \
data.servercrt = _serverCrt; \
data.clientcrt = _clientCrt; \
data.expectServerFail = _expectServerFail; \
data.expectClientFail = _expectClientFail; \
data.hostname = _hostname; \
data.wildcards = _wildcards; \
if (virTestRun("TLS Session " #_serverCrt " + " #_clientCrt, \
testTLSSessionInit, &data) < 0) \
ret = -1; \
Split TLS test into two separate tests The virnettlscontexttest.c tests both virNetTLSContext and virNetTLSSession functionality. Split into two separate tests, to make the code size more manageable Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-05 15:49:24 +00:00
} while (0)
Change data passed into TLS test cases Currently a 'struct testTLSCertReq' instance is passed into the TLS test cases. This is not flexible enough to cope with certificate chains, where one file now corresponds to multiple certificates. Change the test cases so that we pass in filenames instead. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-06 10:35:49 +00:00
# define DO_SESS_TEST_EXT(_serverCaCrt, _clientCaCrt, _serverCrt, _clientCrt, \
Remove backslash alignment attempts Right-aligning backslashes when defining macros or using complex commands in Makefiles looks cute, but as soon as any changes is required to the code you end up with either distractingly broken alignment or unnecessarily big diffs where most of the changes are just pushing all backslashes a few characters to one side. Generated using $ git grep -El '[[:blank:]][[:blank:]]\\$' | \ grep -E '*\.([chx]|am|mk)$$' | \ while read f; do \ sed -Ei 's/[[:blank:]]*[[:blank:]]\\$/ \\/g' "$f"; \ done Signed-off-by: Andrea Bolognani <abologna@redhat.com>
2017-11-03 12:09:47 +00:00
_expectServerFail, _expectClientFail, \
_hostname, _wildcards) \
do { \
static struct testTLSSessionData data; \
data.servercacrt = _serverCaCrt; \
data.clientcacrt = _clientCaCrt; \
data.servercrt = _serverCrt; \
data.clientcrt = _clientCrt; \
data.expectServerFail = _expectServerFail; \
data.expectClientFail = _expectClientFail; \
data.hostname = _hostname; \
data.wildcards = _wildcards; \
if (virTestRun("TLS Session " #_serverCrt " + " #_clientCrt, \
testTLSSessionInit, &data) < 0) \
ret = -1; \
Split TLS test into two separate tests The virnettlscontexttest.c tests both virNetTLSContext and virNetTLSSession functionality. Split into two separate tests, to make the code size more manageable Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-05 15:49:24 +00:00
} while (0)
tests: use VIR_WARNINGS_NO_DECLARATION_AFTER_STATEMENT Some test rely too much on declaring variables in the middle of the function. Use the macro to locally suppress the warning Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-08-03 15:32:22 +00:00
VIR_WARNINGS_NO_DECLARATION_AFTER_STATEMENT
Remove backslash alignment attempts Right-aligning backslashes when defining macros or using complex commands in Makefiles looks cute, but as soon as any changes is required to the code you end up with either distractingly broken alignment or unnecessarily big diffs where most of the changes are just pushing all backslashes a few characters to one side. Generated using $ git grep -El '[[:blank:]][[:blank:]]\\$' | \ grep -E '*\.([chx]|am|mk)$$' | \ while read f; do \ sed -Ei 's/[[:blank:]]*[[:blank:]]\\$/ \\/g' "$f"; \ done Signed-off-by: Andrea Bolognani <abologna@redhat.com>
2017-11-03 12:09:47 +00:00
# define TLS_CERT_REQ(varname, cavarname, \
co, cn, an1, an2, ia1, ia2, bce, bcc, bci, \
kue, kuc, kuv, kpe, kpc, kpo1, kpo2, so, eo) \
static struct testTLSCertReq varname = { \
NULL, #varname "-sess.pem", \
co, cn, an1, an2, ia1, ia2, bce, bcc, bci, \
kue, kuc, kuv, kpe, kpc, kpo1, kpo2, so, so \
}; \
Avoid re-generating certs every time Currently every test case in the TLS test suite generates the certs fresh. This is a waste of time, since its parameters don't change across test cases. Create certs once in main method. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-05 16:08:17 +00:00
testTLSGenerateCert(&varname, cavarname.crt)
Remove backslash alignment attempts Right-aligning backslashes when defining macros or using complex commands in Makefiles looks cute, but as soon as any changes is required to the code you end up with either distractingly broken alignment or unnecessarily big diffs where most of the changes are just pushing all backslashes a few characters to one side. Generated using $ git grep -El '[[:blank:]][[:blank:]]\\$' | \ grep -E '*\.([chx]|am|mk)$$' | \ while read f; do \ sed -Ei 's/[[:blank:]]*[[:blank:]]\\$/ \\/g' "$f"; \ done Signed-off-by: Andrea Bolognani <abologna@redhat.com>
2017-11-03 12:09:47 +00:00
# define TLS_ROOT_REQ(varname, \
co, cn, an1, an2, ia1, ia2, bce, bcc, bci, \
kue, kuc, kuv, kpe, kpc, kpo1, kpo2, so, eo) \
static struct testTLSCertReq varname = { \
NULL, #varname "-sess.pem", \
co, cn, an1, an2, ia1, ia2, bce, bcc, bci, \
kue, kuc, kuv, kpe, kpc, kpo1, kpo2, so, so \
}; \
Avoid re-generating certs every time Currently every test case in the TLS test suite generates the certs fresh. This is a waste of time, since its parameters don't change across test cases. Create certs once in main method. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-05 16:08:17 +00:00
testTLSGenerateCert(&varname, NULL)
Split TLS test into two separate tests The virnettlscontexttest.c tests both virNetTLSContext and virNetTLSSession functionality. Split into two separate tests, to make the code size more manageable Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-05 15:49:24 +00:00
/* A perfect CA, perfect client & perfect server */
/* Basic:CA:critical */
Avoid re-generating certs every time Currently every test case in the TLS test suite generates the certs fresh. This is a waste of time, since its parameters don't change across test cases. Create certs once in main method. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-05 16:08:17 +00:00
TLS_ROOT_REQ(cacertreq,
"UK", "libvirt CA", NULL, NULL, NULL, NULL,
true, true, true,
true, true, GNUTLS_KEY_KEY_CERT_SIGN,
false, false, NULL, NULL,
0, 0);
TLS_ROOT_REQ(altcacertreq,
"UK", "libvirt CA 1", NULL, NULL, NULL, NULL,
true, true, true,
false, false, 0,
false, false, NULL, NULL,
0, 0);
TLS_CERT_REQ(servercertreq, cacertreq,
"UK", "libvirt.org", NULL, NULL, NULL, NULL,
true, true, false,
true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT,
true, true, GNUTLS_KP_TLS_WWW_SERVER, NULL,
0, 0);
TLS_CERT_REQ(clientcertreq, cacertreq,
"UK", "libvirt", NULL, NULL, NULL, NULL,
true, true, false,
true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT,
true, true, GNUTLS_KP_TLS_WWW_CLIENT, NULL,
0, 0);
TLS_CERT_REQ(clientcertaltreq, altcacertreq,
"UK", "libvirt", NULL, NULL, NULL, NULL,
true, true, false,
true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT,
true, true, GNUTLS_KP_TLS_WWW_CLIENT, NULL,
0, 0);
Split TLS test into two separate tests The virnettlscontexttest.c tests both virNetTLSContext and virNetTLSSession functionality. Split into two separate tests, to make the code size more manageable Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-05 15:49:24 +00:00
Change data passed into TLS test cases Currently a 'struct testTLSCertReq' instance is passed into the TLS test cases. This is not flexible enough to cope with certificate chains, where one file now corresponds to multiple certificates. Change the test cases so that we pass in filenames instead. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-06 10:35:49 +00:00
DO_SESS_TEST(cacertreq.filename, servercertreq.filename, clientcertreq.filename,
false, false, "libvirt.org", NULL);
DO_SESS_TEST_EXT(cacertreq.filename, altcacertreq.filename, servercertreq.filename,
clientcertaltreq.filename, true, true, "libvirt.org", NULL);
Avoid re-generating certs every time Currently every test case in the TLS test suite generates the certs fresh. This is a waste of time, since its parameters don't change across test cases. Create certs once in main method. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-05 16:08:17 +00:00
Split TLS test into two separate tests The virnettlscontexttest.c tests both virNetTLSContext and virNetTLSSession functionality. Split into two separate tests, to make the code size more manageable Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-05 15:49:24 +00:00
/* When an altname is set, the CN is ignored, so it must be duplicated
* as an altname for it to match */
Avoid re-generating certs every time Currently every test case in the TLS test suite generates the certs fresh. This is a waste of time, since its parameters don't change across test cases. Create certs once in main method. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-05 16:08:17 +00:00
TLS_CERT_REQ(servercertalt1req, cacertreq,
"UK", "libvirt.org", "www.libvirt.org", "libvirt.org", "192.168.122.1", "fec0::dead:beaf",
true, true, false,
true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT,
true, true, GNUTLS_KP_TLS_WWW_SERVER, NULL,
0, 0);
Split TLS test into two separate tests The virnettlscontexttest.c tests both virNetTLSContext and virNetTLSSession functionality. Split into two separate tests, to make the code size more manageable Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-05 15:49:24 +00:00
/* This intentionally doesn't replicate */
Avoid re-generating certs every time Currently every test case in the TLS test suite generates the certs fresh. This is a waste of time, since its parameters don't change across test cases. Create certs once in main method. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-05 16:08:17 +00:00
TLS_CERT_REQ(servercertalt2req, cacertreq,
"UK", "libvirt.org", "www.libvirt.org", "wiki.libvirt.org", "192.168.122.1", "fec0::dead:beaf",
true, true, false,
true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT,
true, true, GNUTLS_KP_TLS_WWW_SERVER, NULL,
0, 0);
Split TLS test into two separate tests The virnettlscontexttest.c tests both virNetTLSContext and virNetTLSSession functionality. Split into two separate tests, to make the code size more manageable Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-05 15:49:24 +00:00
Change data passed into TLS test cases Currently a 'struct testTLSCertReq' instance is passed into the TLS test cases. This is not flexible enough to cope with certificate chains, where one file now corresponds to multiple certificates. Change the test cases so that we pass in filenames instead. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-06 10:35:49 +00:00
DO_SESS_TEST(cacertreq.filename, servercertalt1req.filename, clientcertreq.filename,
false, false, "libvirt.org", NULL);
DO_SESS_TEST(cacertreq.filename, servercertalt1req.filename, clientcertreq.filename,
false, false, "www.libvirt.org", NULL);
DO_SESS_TEST(cacertreq.filename, servercertalt1req.filename, clientcertreq.filename,
false, true, "wiki.libvirt.org", NULL);
Split TLS test into two separate tests The virnettlscontexttest.c tests both virNetTLSContext and virNetTLSSession functionality. Split into two separate tests, to make the code size more manageable Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-05 15:49:24 +00:00
Change data passed into TLS test cases Currently a 'struct testTLSCertReq' instance is passed into the TLS test cases. This is not flexible enough to cope with certificate chains, where one file now corresponds to multiple certificates. Change the test cases so that we pass in filenames instead. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-06 10:35:49 +00:00
DO_SESS_TEST(cacertreq.filename, servercertalt2req.filename, clientcertreq.filename,
false, true, "libvirt.org", NULL);
DO_SESS_TEST(cacertreq.filename, servercertalt2req.filename, clientcertreq.filename,
false, false, "www.libvirt.org", NULL);
DO_SESS_TEST(cacertreq.filename, servercertalt2req.filename, clientcertreq.filename,
false, false, "wiki.libvirt.org", NULL);
Split TLS test into two separate tests The virnettlscontexttest.c tests both virNetTLSContext and virNetTLSSession functionality. Split into two separate tests, to make the code size more manageable Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-05 15:49:24 +00:00
const char *const wildcards1[] = {
"C=UK,CN=dogfood",
NULL,
};
const char *const wildcards2[] = {
"C=UK,CN=libvirt",
NULL,
};
const char *const wildcards3[] = {
"C=UK,CN=dogfood",
"C=UK,CN=libvirt",
NULL,
};
const char *const wildcards4[] = {
"C=UK,CN=libvirtstuff",
NULL,
};
const char *const wildcards5[] = {
"C=UK,CN=libvirt*",
NULL,
};
const char *const wildcards6[] = {
"C=UK,CN=*virt*",
NULL,
};
Change data passed into TLS test cases Currently a 'struct testTLSCertReq' instance is passed into the TLS test cases. This is not flexible enough to cope with certificate chains, where one file now corresponds to multiple certificates. Change the test cases so that we pass in filenames instead. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-06 10:35:49 +00:00
DO_SESS_TEST(cacertreq.filename, servercertreq.filename, clientcertreq.filename,
true, false, "libvirt.org", wildcards1);
DO_SESS_TEST(cacertreq.filename, servercertreq.filename, clientcertreq.filename,
false, false, "libvirt.org", wildcards2);
DO_SESS_TEST(cacertreq.filename, servercertreq.filename, clientcertreq.filename,
false, false, "libvirt.org", wildcards3);
DO_SESS_TEST(cacertreq.filename, servercertreq.filename, clientcertreq.filename,
true, false, "libvirt.org", wildcards4);
DO_SESS_TEST(cacertreq.filename, servercertreq.filename, clientcertreq.filename,
false, false, "libvirt.org", wildcards5);
DO_SESS_TEST(cacertreq.filename, servercertreq.filename, clientcertreq.filename,
false, false, "libvirt.org", wildcards6);
Split TLS test into two separate tests The virnettlscontexttest.c tests both virNetTLSContext and virNetTLSSession functionality. Split into two separate tests, to make the code size more manageable Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-05 15:49:24 +00:00
Fix validation of CA certificate chains The code added to validate CA certificates did not take into account the possibility that the cacert.pem file can contain multiple (concatenated) cert data blocks. Extend the code for loading CA certs to use the gnutls APIs for loading cert lists. Add test cases to check that multi-level trees of certs will validate correctly. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-06 11:31:20 +00:00
TLS_ROOT_REQ(cacertrootreq,
"UK", "libvirt root", NULL, NULL, NULL, NULL,
true, true, true,
true, true, GNUTLS_KEY_KEY_CERT_SIGN,
false, false, NULL, NULL,
0, 0);
TLS_CERT_REQ(cacertlevel1areq, cacertrootreq,
"UK", "libvirt level 1a", NULL, NULL, NULL, NULL,
true, true, true,
true, true, GNUTLS_KEY_KEY_CERT_SIGN,
false, false, NULL, NULL,
0, 0);
TLS_CERT_REQ(cacertlevel1breq, cacertrootreq,
"UK", "libvirt level 1b", NULL, NULL, NULL, NULL,
true, true, true,
true, true, GNUTLS_KEY_KEY_CERT_SIGN,
false, false, NULL, NULL,
0, 0);
TLS_CERT_REQ(cacertlevel2areq, cacertlevel1areq,
"UK", "libvirt level 2a", NULL, NULL, NULL, NULL,
true, true, true,
true, true, GNUTLS_KEY_KEY_CERT_SIGN,
false, false, NULL, NULL,
0, 0);
TLS_CERT_REQ(servercertlevel3areq, cacertlevel2areq,
"UK", "libvirt.org", NULL, NULL, NULL, NULL,
true, true, false,
true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT,
true, true, GNUTLS_KP_TLS_WWW_SERVER, NULL,
0, 0);
TLS_CERT_REQ(clientcertlevel2breq, cacertlevel1breq,
"UK", "libvirt client level 2b", NULL, NULL, NULL, NULL,
true, true, false,
true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT,
true, true, GNUTLS_KP_TLS_WWW_CLIENT, NULL,
0, 0);
gnutls_x509_crt_t certchain[] = {
cacertrootreq.crt,
cacertlevel1areq.crt,
cacertlevel1breq.crt,
cacertlevel2areq.crt,
};
tests: Fix parallel runs of TLS test suites I noticed this yesterday and fixed it in a different way, but ended up with one more problem. It was probably the way I fixed it combined with one more filename changed. Anyway, why I'm saying this is that one more filename should be renamed in order to avoid a race (which I was unable to reproduce, though). I checked this is the last file those two tests have in common by going through the code and the re-checked by this "script": strace -o session.trace -e open ./virnettlssessiontest strace -o context.trace -e open ./virnettlscontexttest sort \ <(sed -n '/^open/s/open("\([^"]*\)",.*$/\1/p' context.trace | sort -u)\ <(sed -n '/^open/s/open("\([^"]*\)",.*$/\1/p' session.trace | sort -u)\ | uniq -d| grep '.pem$' So it should be enough to make these tests independent of each other. Signed-off-by: Eric Blake <eblake@redhat.com>
2013-08-09 07:53:30 +00:00
testTLSWriteCertChain("cacertchain-sess.pem",
Fix validation of CA certificate chains The code added to validate CA certificates did not take into account the possibility that the cacert.pem file can contain multiple (concatenated) cert data blocks. Extend the code for loading CA certs to use the gnutls APIs for loading cert lists. Add test cases to check that multi-level trees of certs will validate correctly. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-06 11:31:20 +00:00
certchain,
Use G_N_ELEMENTS instead of ARRAY_CARDINALITY Prefer the GLib version of the macro. Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-10-15 11:55:26 +00:00
G_N_ELEMENTS(certchain));
Fix validation of CA certificate chains The code added to validate CA certificates did not take into account the possibility that the cacert.pem file can contain multiple (concatenated) cert data blocks. Extend the code for loading CA certs to use the gnutls APIs for loading cert lists. Add test cases to check that multi-level trees of certs will validate correctly. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-06 11:31:20 +00:00
tests: Fix parallel runs of TLS test suites I noticed this yesterday and fixed it in a different way, but ended up with one more problem. It was probably the way I fixed it combined with one more filename changed. Anyway, why I'm saying this is that one more filename should be renamed in order to avoid a race (which I was unable to reproduce, though). I checked this is the last file those two tests have in common by going through the code and the re-checked by this "script": strace -o session.trace -e open ./virnettlssessiontest strace -o context.trace -e open ./virnettlscontexttest sort \ <(sed -n '/^open/s/open("\([^"]*\)",.*$/\1/p' context.trace | sort -u)\ <(sed -n '/^open/s/open("\([^"]*\)",.*$/\1/p' session.trace | sort -u)\ | uniq -d| grep '.pem$' So it should be enough to make these tests independent of each other. Signed-off-by: Eric Blake <eblake@redhat.com>
2013-08-09 07:53:30 +00:00
DO_SESS_TEST("cacertchain-sess.pem", servercertlevel3areq.filename, clientcertlevel2breq.filename,
Fix validation of CA certificate chains The code added to validate CA certificates did not take into account the possibility that the cacert.pem file can contain multiple (concatenated) cert data blocks. Extend the code for loading CA certs to use the gnutls APIs for loading cert lists. Add test cases to check that multi-level trees of certs will validate correctly. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-06 11:31:20 +00:00
false, false, "libvirt.org", NULL);
tests: use VIR_WARNINGS_NO_DECLARATION_AFTER_STATEMENT Some test rely too much on declaring variables in the middle of the function. Use the macro to locally suppress the warning Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-08-03 15:32:22 +00:00
VIR_WARNINGS_RESET
Avoid re-generating certs every time Currently every test case in the TLS test suite generates the certs fresh. This is a waste of time, since its parameters don't change across test cases. Create certs once in main method. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-05 16:08:17 +00:00
testTLSDiscardCert(&clientcertreq);
testTLSDiscardCert(&clientcertaltreq);
testTLSDiscardCert(&servercertreq);
testTLSDiscardCert(&servercertalt1req);
testTLSDiscardCert(&servercertalt2req);
testTLSDiscardCert(&cacertreq);
testTLSDiscardCert(&altcacertreq);
Fix validation of CA certificate chains The code added to validate CA certificates did not take into account the possibility that the cacert.pem file can contain multiple (concatenated) cert data blocks. Extend the code for loading CA certs to use the gnutls APIs for loading cert lists. Add test cases to check that multi-level trees of certs will validate correctly. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-06 11:31:20 +00:00
testTLSDiscardCert(&cacertrootreq);
testTLSDiscardCert(&cacertlevel1areq);
testTLSDiscardCert(&cacertlevel1breq);
testTLSDiscardCert(&cacertlevel2areq);
testTLSDiscardCert(&servercertlevel3areq);
testTLSDiscardCert(&clientcertlevel2breq);
tests: Fix parallel runs of TLS test suites I noticed this yesterday and fixed it in a different way, but ended up with one more problem. It was probably the way I fixed it combined with one more filename changed. Anyway, why I'm saying this is that one more filename should be renamed in order to avoid a race (which I was unable to reproduce, though). I checked this is the last file those two tests have in common by going through the code and the re-checked by this "script": strace -o session.trace -e open ./virnettlssessiontest strace -o context.trace -e open ./virnettlscontexttest sort \ <(sed -n '/^open/s/open("\([^"]*\)",.*$/\1/p' context.trace | sort -u)\ <(sed -n '/^open/s/open("\([^"]*\)",.*$/\1/p' session.trace | sort -u)\ | uniq -d| grep '.pem$' So it should be enough to make these tests independent of each other. Signed-off-by: Eric Blake <eblake@redhat.com>
2013-08-09 07:53:30 +00:00
unlink("cacertchain-sess.pem");
Fix validation of CA certificate chains The code added to validate CA certificates did not take into account the possibility that the cacert.pem file can contain multiple (concatenated) cert data blocks. Extend the code for loading CA certs to use the gnutls APIs for loading cert lists. Add test cases to check that multi-level trees of certs will validate correctly. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-06 11:31:20 +00:00
Fix parallel runs of TLS test suites Use a separate keyfile name for the two TLS test suites so that they don't clash when running tests in parallel Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-08 22:08:25 +00:00
testTLSCleanup(KEYFILE);
Split TLS test into two separate tests The virnettlscontexttest.c tests both virNetTLSContext and virNetTLSSession functionality. Split into two separate tests, to make the code size more manageable Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-05 15:49:24 +00:00
Require spaces around equality comparisons Commit a1cbe4b5 added a check for spaces around assignments and this patch extends it to checks for spaces around '=='. One exception is virAssertCmpInt where comma after '==' is acceptable (since it is a macro and '==' is its argument). Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-03-17 09:38:38 +00:00
return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
Split TLS test into two separate tests The virnettlscontexttest.c tests both virNetTLSContext and virNetTLSSession functionality. Split into two separate tests, to make the code size more manageable Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-05 15:49:24 +00:00
}
tests: Drop needless virrandom mock from two tests Nothing in virnettlscontexttest nor virnettlssessiontest calls any of random number generator functions overridden virrandommock. GnuTLS handles RNG within itself. Therefore, there's no need to preload the mock. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-11-21 11:40:21 +00:00
VIR_TEST_MAIN(mymain);
Split TLS test into two separate tests The virnettlscontexttest.c tests both virNetTLSContext and virNetTLSSession functionality. Split into two separate tests, to make the code size more manageable Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-05 15:49:24 +00:00
#else
int
main(void)
{
return EXIT_AM_SKIP;
}
#endif
Reference in New Issue Copy Permalink