From: Tomas Mraz Date: Thu, 2 May 2024 13:58:11 +0000 (+0200) Subject: Add tests for conf_diagnostics X-Git-Tag: openssl-3.4.0-alpha1~577 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3e191f487907a474b6bd6e497043d1560972e7d7;p=thirdparty%2Fopenssl.git Add tests for conf_diagnostics Reviewed-by: Paul Dale Reviewed-by: Neil Horman (Merged from https://github.com/openssl/openssl/pull/24275) --- diff --git a/test/context_internal_test.c b/test/context_internal_test.c index 8fea53fee16..c829d8111d0 100644 --- a/test/context_internal_test.c +++ b/test/context_internal_test.c @@ -48,8 +48,36 @@ static int test_set0_default(void) return testresult; } +static int test_set_get_conf_diagnostics(void) +{ + OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new(); + int res = 0; + + if (!TEST_ptr(ctx)) + goto err; + + if (!TEST_false(OSSL_LIB_CTX_get_conf_diagnostics(ctx))) + goto err; + + OSSL_LIB_CTX_set_conf_diagnostics(ctx, 1); + + if (!TEST_true(OSSL_LIB_CTX_get_conf_diagnostics(ctx))) + goto err; + + OSSL_LIB_CTX_set_conf_diagnostics(ctx, 0); + + if (!TEST_false(OSSL_LIB_CTX_get_conf_diagnostics(ctx))) + goto err; + + res = 1; + err: + OSSL_LIB_CTX_free(ctx); + return res; +} + int setup_tests(void) { ADD_TEST(test_set0_default); + ADD_TEST(test_set_get_conf_diagnostics); return 1; } diff --git a/test/recipes/90-test_sysdefault.t b/test/recipes/90-test_sysdefault.t index 308a592abac..6984bc10673 100644 --- a/test/recipes/90-test_sysdefault.t +++ b/test/recipes/90-test_sysdefault.t @@ -8,7 +8,7 @@ use OpenSSL::Test::Utils; -use OpenSSL::Test qw/:DEFAULT srctop_file/; +use OpenSSL::Test qw/:DEFAULT data_file/; my $test_name = "test_sysdefault"; setup($test_name); @@ -16,8 +16,16 @@ setup($test_name); plan skip_all => "$test_name is not supported in this build" if disabled("tls1_2") || disabled("rsa"); -plan tests => 1; +plan tests => 3; -$ENV{OPENSSL_CONF} = srctop_file("test", "sysdefault.cnf"); +$ENV{OPENSSL_CONF} = data_file("sysdefault.cnf"); + +ok(run(test(["sysdefaulttest"])), "sysdefaulttest"); + +$ENV{OPENSSL_CONF} = data_file("sysdefault-bad.cnf"); + +ok(!run(test(["sysdefaulttest"])), "sysdefaulttest"); + +$ENV{OPENSSL_CONF} = data_file("sysdefault-ignore.cnf"); ok(run(test(["sysdefaulttest"])), "sysdefaulttest"); diff --git a/test/sysdefault.cnf b/test/recipes/90-test_sysdefault_data/sysdefault-bad.cnf similarity index 100% rename from test/sysdefault.cnf rename to test/recipes/90-test_sysdefault_data/sysdefault-bad.cnf diff --git a/test/recipes/90-test_sysdefault_data/sysdefault-ignore.cnf b/test/recipes/90-test_sysdefault_data/sysdefault-ignore.cnf new file mode 100644 index 00000000000..2b04caf83f7 --- /dev/null +++ b/test/recipes/90-test_sysdefault_data/sysdefault-ignore.cnf @@ -0,0 +1,23 @@ +# Configuration file to test system default SSL configuration + +# We ignore configuration errors with config_diagnostics unset +# config_diagnostics = 1 + +openssl_conf = default_conf + +[ default_conf ] + +ssl_conf = ssl_sect +oid_section = oid_sect + +[oid_sect] +new-sig-oid = 1.1.1.1.1.1.1.1.1.1.1.1.1.1 + +[ssl_sect] + +system_default = ssl_default_sect + +[ssl_default_sect] +SignatureAlgorithms = RSA+SHA256:nonex +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 diff --git a/test/recipes/90-test_sysdefault_data/sysdefault.cnf b/test/recipes/90-test_sysdefault_data/sysdefault.cnf new file mode 100644 index 00000000000..f2cfa10f550 --- /dev/null +++ b/test/recipes/90-test_sysdefault_data/sysdefault.cnf @@ -0,0 +1,23 @@ +# Configuration file to test system default SSL configuration + +# Comment out the next line to ignore configuration errors +config_diagnostics = 1 + +openssl_conf = default_conf + +[ default_conf ] + +ssl_conf = ssl_sect +oid_section = oid_sect + +[oid_sect] +new-sig-oid = 1.1.1.1.1.1.1.1.1.1.1.1.1.1 + +[ssl_sect] + +system_default = ssl_default_sect + +[ssl_default_sect] +SignatureAlgorithms = RSA+SHA256:?nonex +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2