(void) data;
MOCK(tor_tls_cert_matches_key, mock_tls_cert_matches_key);
crypto_pk_t *key1 = NULL, *key2 = NULL;
+ SSL_METHOD *method = NULL;
+ SSL_CTX *ctx = NULL;
+
key1 = pk_generate(2);
key2 = pk_generate(3);
tt_assert(!tls);
#ifndef OPENSSL_OPAQUE
- SSL_METHOD *method = give_me_a_test_method();
- SSL_CTX *ctx = SSL_CTX_new(method);
+ method = give_me_a_test_method();
+ ctx = SSL_CTX_new(method);
method->num_ciphers = fake_num_ciphers;
client_tls_context->ctx = ctx;
tls = tor_tls_new(-1, 0);
crypto_pk_free(key1);
crypto_pk_free(key2);
tor_tls_free(tls);
+ tor_free(method);
+ tor_tls_free_all();
}
#define NS_MODULE tortls
scert = tor_malloc_zero(sizeof(tor_x509_cert_t));
ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, 0);
tt_int_op(ret, OP_EQ, 0);
+ tor_free(scert);
cert = tor_x509_cert_new(read_cert_from(validCertString));
scert = tor_x509_cert_new(read_cert_from(caCertString));
tor_x509_cert_free(scert);
cert = tor_x509_cert_new(read_cert_from(validCertString));
scert = tor_x509_cert_new(read_cert_from(caCertString));
+ ASN1_TIME_free(cert->cert->cert_info->validity->notAfter);
cert->cert->cert_info->validity->notAfter =
ASN1_TIME_set(NULL, time(NULL)-1000000);
ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, 0);
tor_x509_cert_free(scert);
cert = tor_x509_cert_new(read_cert_from(validCertString));
scert = tor_x509_cert_new(read_cert_from(caCertString));
+ X509_PUBKEY_free(cert->cert->cert_info->key);
cert->cert->cert_info->key = NULL;
ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, 1);
tt_int_op(ret, OP_EQ, 0);
#endif
+#if 0
tor_x509_cert_free(cert);
tor_x509_cert_free(scert);
cert = tor_x509_cert_new(read_cert_from(validCertString));
scert = tor_x509_cert_new(read_cert_from(caCertString));
+ /* This doesn't actually change the key in the cert. XXXXXX */
BN_one(EVP_PKEY_get1_RSA(X509_get_pubkey(cert->cert))->n);
ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, 1);
tt_int_op(ret, OP_EQ, 0);
tor_x509_cert_free(scert);
cert = tor_x509_cert_new(read_cert_from(validCertString));
scert = tor_x509_cert_new(read_cert_from(caCertString));
+ /* This doesn't actually change the key in the cert. XXXXXX */
X509_get_pubkey(cert->cert)->type = EVP_PKEY_EC;
ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, 1);
tt_int_op(ret, OP_EQ, 0);
tor_x509_cert_free(scert);
cert = tor_x509_cert_new(read_cert_from(validCertString));
scert = tor_x509_cert_new(read_cert_from(caCertString));
+ /* This doesn't actually change the key in the cert. XXXXXX */
X509_get_pubkey(cert->cert)->type = EVP_PKEY_EC;
ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, 0);
tt_int_op(ret, OP_EQ, 1);
tor_x509_cert_free(scert);
cert = tor_x509_cert_new(read_cert_from(validCertString));
scert = tor_x509_cert_new(read_cert_from(caCertString));
+ /* This doesn't actually change the key in the cert. XXXXXX */
X509_get_pubkey(cert->cert)->type = EVP_PKEY_EC;
X509_get_pubkey(cert->cert)->ameth = NULL;
ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, 0);
tt_int_op(ret, OP_EQ, 0);
+#endif
done:
tor_x509_cert_free(cert);
struct testcase_t tortls_tests[] = {
LOCAL_TEST_CASE(errno_to_tls_error, 0),
LOCAL_TEST_CASE(err_to_string, 0),
- LOCAL_TEST_CASE(tor_tls_new, 0),
+ LOCAL_TEST_CASE(tor_tls_new, TT_FORK),
LOCAL_TEST_CASE(tor_tls_get_error, 0),
LOCAL_TEST_CASE(get_state_description, TT_FORK),
LOCAL_TEST_CASE(get_by_ssl, TT_FORK),
projects / thirdparty / tor.git / commitdiff
