"KPpdzvvtTnOPlC7SQZSYmdunr3Bf9b77AiC/ZidstK36dRILKz7OA54=\n"
"-----END CERTIFICATE-----\n";
+// A time at which the certs above are valid.
+const time_t cert_strings_valid_at = 1741267580;
+
static tor_x509_cert_t *fixed_x509_cert = NULL;
static tor_x509_cert_t *
get_peer_cert_mock_return_fixed(tor_tls_t *tls)
crypto_pk_t *k = NULL;
tor_x509_cert_impl_t *cert1 = NULL, *cert2 = NULL, *invalidCert = NULL,
*validCert = NULL, *caCert = NULL;
+ time_t now = cert_strings_valid_at;
validCert = read_cert_from(validCertString);
caCert = read_cert_from(caCertString);
MOCK(try_to_extract_certs_from_tls, fixed_try_to_extract_certs_from_tls);
fixed_try_to_extract_certs_from_tls_cert_out_result = cert1;
- ret = tor_tls_verify(LOG_WARN, tls, &k);
+ ret = tor_tls_verify(LOG_WARN, tls, now, &k);
tt_int_op(ret, OP_EQ, -1);
fixed_try_to_extract_certs_from_tls_id_cert_out_result = cert2;
- ret = tor_tls_verify(LOG_WARN, tls, &k);
+ ret = tor_tls_verify(LOG_WARN, tls, now, &k);
tt_int_op(ret, OP_EQ, -1);
fixed_try_to_extract_certs_from_tls_cert_out_result = invalidCert;
fixed_try_to_extract_certs_from_tls_id_cert_out_result = invalidCert;
- ret = tor_tls_verify(LOG_WARN, tls, &k);
+ ret = tor_tls_verify(LOG_WARN, tls, now, &k);
tt_int_op(ret, OP_EQ, -1);
fixed_try_to_extract_certs_from_tls_cert_out_result = validCert;
fixed_try_to_extract_certs_from_tls_id_cert_out_result = caCert;
- ret = tor_tls_verify(LOG_WARN, tls, &k);
+ ret = tor_tls_verify(LOG_WARN, tls, now, &k);
tt_int_op(ret, OP_EQ, 0);
tt_assert(k);
(void)ignored;
int ret;
tor_x509_cert_t *cert = NULL, *scert = NULL;
+ time_t now = cert_strings_valid_at;
scert = tor_malloc_zero(sizeof(tor_x509_cert_t));
- ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, time(NULL), 0);
+ ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, now, 0);
tt_int_op(ret, OP_EQ, 0);
cert = tor_malloc_zero(sizeof(tor_x509_cert_t));
- ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, time(NULL), 0);
+ ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, now, 0);
tt_int_op(ret, OP_EQ, 0);
tor_free(scert);
tor_free(cert);
cert = tor_x509_cert_new(read_cert_from(validCertString));
scert = tor_x509_cert_new(read_cert_from(caCertString));
- ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, time(NULL), 0);
+ ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, now, 0);
tt_int_op(ret, OP_EQ, 1);
#ifndef OPENSSL_OPAQUE
ASN1_TIME_free(cert->cert->cert_info->validity->notAfter);
cert->cert->cert_info->validity->notAfter =
ASN1_TIME_set(NULL, time(NULL)-1000000);
- ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, time(NULL), 0);
+ ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, now, 0);
tt_int_op(ret, OP_EQ, 0);
tor_x509_cert_free(cert);
scert = tor_x509_cert_new(read_cert_from(caCertString));
X509_PUBKEY_free(cert->cert->cert_info->key);
cert->cert->cert_info->key = NULL;
- ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, time(NULL), 1);
+ ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, now, 1);
tt_int_op(ret, OP_EQ, 0);
#endif /* !defined(OPENSSL_OPAQUE) */
scert = tor_x509_cert_new(read_cert_from(caCertString));
/* This doesn't actually change the key in the cert. XXXXXX */
BN_one(EVP_PKEY_get1_RSA(X509_get_pubkey(cert->cert))->n);
- ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, time(NULL), 1);
+ ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, now, 1);
tt_int_op(ret, OP_EQ, 0);
tor_x509_cert_free(cert);
scert = tor_x509_cert_new(read_cert_from(caCertString));
/* This doesn't actually change the key in the cert. XXXXXX */
X509_get_pubkey(cert->cert)->type = EVP_PKEY_EC;
- ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, time(NULL), 1);
+ ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, now, 1);
tt_int_op(ret, OP_EQ, 0);
tor_x509_cert_free(cert);
scert = tor_x509_cert_new(read_cert_from(caCertString));
/* This doesn't actually change the key in the cert. XXXXXX */
X509_get_pubkey(cert->cert)->type = EVP_PKEY_EC;
- ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, time(NULL), 0);
+ ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, now, 0);
tt_int_op(ret, OP_EQ, 1);
tor_x509_cert_free(cert);
/* This doesn't actually change the key in the cert. XXXXXX */
X509_get_pubkey(cert->cert)->type = EVP_PKEY_EC;
X509_get_pubkey(cert->cert)->ameth = NULL;
- ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, time(NULL), 0);
+ ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, now, 0);
tt_int_op(ret, OP_EQ, 0);
#endif /* 0 */
projects / thirdparty / tor.git / commitdiff
