tests: added unit test of GNUTLS_VERIFY_DO_NOT_ALLOW_IP_MATCHES

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

diff --git a/tests/hostname-check.c b/tests/hostname-check.c
index 2a79915704f0f40ab0b4993d841e285481fad90c..84b60cb3b7c1d7646b9e696595a7d0e0c9e45e58 100644 (file)
--- a/tests/hostname-check.c
+++ b/tests/hostname-check.c
@@ -1067,6 +1067,19 @@ void doit(void)
        if (!ret)
                fail("%d: Hostname incorrectly does not match (%d)\n", __LINE__, ret);
 
+       /* test flag GNUTLS_VERIFY_DO_NOT_ALLOW_IP_MATCHES */
+       ret = gnutls_x509_crt_check_hostname2(x509, "127.0.0.1", GNUTLS_VERIFY_DO_NOT_ALLOW_IP_MATCHES);
+       if (ret)
+               fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret);
+
+       ret = gnutls_x509_crt_check_hostname2(x509, "::1", GNUTLS_VERIFY_DO_NOT_ALLOW_IP_MATCHES);
+       if (ret)
+               fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret);
+
+       ret = gnutls_x509_crt_check_hostname2(x509, "127.0.0.2", GNUTLS_VERIFY_DO_NOT_ALLOW_IP_MATCHES);
+       if (ret)
+               fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret);
+
        if (debug)
                success("Testing multi-cns...\n");
        data.data = (unsigned char *) multi_cns;