Google Git
Sign in
fuchsia / third_party / libgit2 / 0d38f1b26da2cfae07a0bf8347fe43dd2a2e942a^! / .
commit0d38f1b26da2cfae07a0bf8347fe43dd2a2e942a[log] [tgz]
authorCarlos Martín Nieto <cmn@dwim.me>Fri Jan 06 10:51:31 2017 +0000
committerEdward Thomson <ethomson@github.com>Mon Jan 09 14:05:03 2017 -0500
treeafc0d64b5793e44bab2cedc19df45806876ebc26
parentddcf37abfff55c6e09ca16c7e83584aeec4f49c8 [diff]
http: perform 'badssl' check also via certificate callback

Make sure that the callbacks do also get a 'valid' value of zero when
the certificate we're looking at is in valid and assert that within the
test.

diff --git a/tests/online/badssl.c b/tests/online/badssl.c
index 12badbd..f3470f6 100644
--- a/tests/online/badssl.c
+++ b/tests/online/badssl.c

@@ -10,29 +10,66 @@
 static bool g_has_ssl = false;
 #endif
 
+static int cert_check_assert_invalid(git_cert *cert, int valid, const char* host, void *payload)
+{
+	GIT_UNUSED(cert); GIT_UNUSED(host); GIT_UNUSED(payload);
+
+	cl_assert_equal_i(0, valid);
+
+	return GIT_ECERTIFICATE;
+}
+
 void test_online_badssl__expired(void)
 {
+	git_clone_options opts = GIT_CLONE_OPTIONS_INIT;
+	opts.fetch_opts.callbacks.certificate_check = cert_check_assert_invalid;
+
 	if (!g_has_ssl)
 		cl_skip();
 
 	cl_git_fail_with(GIT_ECERTIFICATE,
 			 git_clone(&g_repo, "https://expired.badssl.com/fake.git", "./fake", NULL));
+
+	cl_git_fail_with(GIT_ECERTIFICATE,
+			 git_clone(&g_repo, "https://expired.badssl.com/fake.git", "./fake", &opts));
 }
 
 void test_online_badssl__wrong_host(void)
 {
+	git_clone_options opts = GIT_CLONE_OPTIONS_INIT;
+	opts.fetch_opts.callbacks.certificate_check = cert_check_assert_invalid;
+
 	if (!g_has_ssl)
 		cl_skip();
 
 	cl_git_fail_with(GIT_ECERTIFICATE,
 			 git_clone(&g_repo, "https://wrong.host.badssl.com/fake.git", "./fake", NULL));
+	cl_git_fail_with(GIT_ECERTIFICATE,
+			 git_clone(&g_repo, "https://wrong.host.badssl.com/fake.git", "./fake", &opts));
 }
 
 void test_online_badssl__self_signed(void)
 {
+	git_clone_options opts = GIT_CLONE_OPTIONS_INIT;
+	opts.fetch_opts.callbacks.certificate_check = cert_check_assert_invalid;
+
 	if (!g_has_ssl)
 		cl_skip();
 
 	cl_git_fail_with(GIT_ECERTIFICATE,
 			 git_clone(&g_repo, "https://self-signed.badssl.com/fake.git", "./fake", NULL));
+	cl_git_fail_with(GIT_ECERTIFICATE,
+			 git_clone(&g_repo, "https://self-signed.badssl.com/fake.git", "./fake", &opts));
+}
+
+void test_online_badssl__old_cipher(void)
+{
+	git_clone_options opts = GIT_CLONE_OPTIONS_INIT;
+	opts.fetch_opts.callbacks.certificate_check = cert_check_assert_invalid;
+
+	if (!g_has_ssl)
+		cl_skip();
+
+	cl_git_fail(git_clone(&g_repo, "https://rc4.badssl.com/fake.git", "./fake", NULL));
+	cl_git_fail(git_clone(&g_repo, "https://rc4.badssl.com/fake.git", "./fake", &opts));
 }