commit 283ce30c536568129f0a2b531d4c195c93c7ff52 Merge: b81e24cda 7142f3e43 Author: Nick Mathewson nickm@torproject.org Date: Thu Jul 9 09:28:53 2020 -0400
Merge branch 'maint-0.3.5' into maint-0.4.2
changes/bug33119 | 4 +++ src/lib/tls/tortls_nss.c | 47 +++++++++++++++++++++++---- src/test/test_tortls.c | 73 ++++++++++++++++++++++++++++++++++++++++++ src/test/test_tortls_openssl.c | 70 ---------------------------------------- 4 files changed, 118 insertions(+), 76 deletions(-)
diff --cc src/test/test_tortls_openssl.c index 81e2d3aa4,f039980a2..93135d0b1 --- a/src/test/test_tortls_openssl.c +++ b/src/test/test_tortls_openssl.c @@@ -477,77 -477,8 +477,8 @@@ fake_x509_free(X509 *cert tor_free(cert); } } -#endif +#endif /* !defined(OPENSSL_OPAQUE) */
- static tor_x509_cert_t *fixed_x509_cert = NULL; - static tor_x509_cert_t * - get_peer_cert_mock_return_fixed(tor_tls_t *tls) - { - (void)tls; - if (fixed_x509_cert) - return tor_x509_cert_dup(fixed_x509_cert); - else - return NULL; - } - - static void - test_tortls_cert_matches_key(void *ignored) - { - (void)ignored; - - X509 *cert1 = NULL, *cert2 = NULL, *cert3 = NULL, *cert4 = NULL; - tor_x509_cert_t *c1 = NULL, *c2 = NULL, *c3 = NULL, *c4 = NULL; - crypto_pk_t *k1 = NULL, *k2 = NULL, *k3 = NULL; - - k1 = pk_generate(1); - k2 = pk_generate(2); - k3 = pk_generate(3); - - cert1 = tor_tls_create_certificate(k1, k2, "A", "B", 1000); - cert2 = tor_tls_create_certificate(k1, k3, "C", "D", 1000); - cert3 = tor_tls_create_certificate(k2, k3, "C", "D", 1000); - cert4 = tor_tls_create_certificate(k3, k2, "E", "F", 1000); - - tt_assert(cert1 && cert2 && cert3 && cert4); - - c1 = tor_x509_cert_new(cert1); cert1 = NULL; - c2 = tor_x509_cert_new(cert2); cert2 = NULL; - c3 = tor_x509_cert_new(cert3); cert3 = NULL; - c4 = tor_x509_cert_new(cert4); cert4 = NULL; - - tt_assert(c1 && c2 && c3 && c4); - - MOCK(tor_tls_get_peer_cert, get_peer_cert_mock_return_fixed); - - fixed_x509_cert = NULL; - /* If the peer has no certificate, it shouldn't match anything. */ - tt_assert(! tor_tls_cert_matches_key(NULL, c1)); - tt_assert(! tor_tls_cert_matches_key(NULL, c2)); - tt_assert(! tor_tls_cert_matches_key(NULL, c3)); - tt_assert(! tor_tls_cert_matches_key(NULL, c4)); - fixed_x509_cert = c1; - /* If the peer has a certificate, it should match every cert with the same - * subject key. */ - tt_assert(tor_tls_cert_matches_key(NULL, c1)); - tt_assert(tor_tls_cert_matches_key(NULL, c2)); - tt_assert(! tor_tls_cert_matches_key(NULL, c3)); - tt_assert(! tor_tls_cert_matches_key(NULL, c4)); - - done: - tor_x509_cert_free(c1); - tor_x509_cert_free(c2); - tor_x509_cert_free(c3); - tor_x509_cert_free(c4); - if (cert1) X509_free(cert1); - if (cert2) X509_free(cert2); - if (cert3) X509_free(cert3); - if (cert4) X509_free(cert4); - crypto_pk_free(k1); - crypto_pk_free(k2); - crypto_pk_free(k3); - UNMOCK(tor_tls_get_peer_cert); - } - #ifndef OPENSSL_OPAQUE static void test_tortls_cert_get_key(void *ignored)