EmpTLSCertificateRejectReason reason = 0;
GError *error = NULL;
EmpathyTLSVerifier *verifier;
+ const gchar *reference_identities[] = {
+ "www.collabora.co.uk",
+ NULL
+ };
/*
* In this test the mock TLS connection only has one certificate
test->mock = mock_tls_certificate_new_and_register (test->dbus,
"dhansak-collabora.cer", NULL);
- /* We add teh collabora directory with the collabora root */
+ /* We add the collabora directory with the collabora root */
add_pkcs11_module_for_testing (test, "gkm-roots-store-standalone.so",
"collabora-ca");
ensure_certificate_proxy (test);
- verifier = empathy_tls_verifier_new (test->cert, "www.collabora.co.uk");
+ verifier = empathy_tls_verifier_new (test->cert, "www.collabora.co.uk",
+ reference_identities);
empathy_tls_verifier_verify_async (verifier, fetch_callback_result, test);
g_main_loop_run (test->loop);
if (!empathy_tls_verifier_verify_finish (verifier, test->result, &reason,
EmpTLSCertificateRejectReason reason = 0;
GError *error = NULL;
EmpathyTLSVerifier *verifier;
+ const gchar *reference_identities[] = {
+ "www.collabora.co.uk",
+ NULL
+ };
/*
* In this test the mock TLS connection has a full certificate
test->mock = mock_tls_certificate_new_and_register (test->dbus,
"dhansak-collabora.cer", "collabora-ca/collabora-ca.cer", NULL);
- /* We add teh collabora directory with the collabora root */
+ /* We add the collabora directory with the collabora root */
add_pkcs11_module_for_testing (test, "gkm-roots-store-standalone.so",
"collabora-ca");
ensure_certificate_proxy (test);
- verifier = empathy_tls_verifier_new (test->cert, "www.collabora.co.uk");
+ verifier = empathy_tls_verifier_new (test->cert, "www.collabora.co.uk",
+ reference_identities);
empathy_tls_verifier_verify_async (verifier, fetch_callback_result, test);
g_main_loop_run (test->loop);
if (!empathy_tls_verifier_verify_finish (verifier, test->result, &reason,
EmpTLSCertificateRejectReason reason = 0;
GError *error = NULL;
EmpathyTLSVerifier *verifier;
+ const gchar *reference_identities[] = {
+ "www.collabora.co.uk",
+ NULL
+ };
test->mock = mock_tls_certificate_new_and_register (test->dbus,
"dhansak-collabora.cer", NULL);
ensure_certificate_proxy (test);
- verifier = empathy_tls_verifier_new (test->cert, "www.collabora.co.uk");
+ verifier = empathy_tls_verifier_new (test->cert, "www.collabora.co.uk",
+ reference_identities);
empathy_tls_verifier_verify_async (verifier, fetch_callback_result, test);
g_main_loop_run (test->loop);
EmpTLSCertificateRejectReason reason = 0;
GError *error = NULL;
EmpathyTLSVerifier *verifier;
+ const gchar *reference_identities[] = {
+ "www.collabora.co.uk",
+ NULL
+ };
test->mock = mock_tls_certificate_new_and_register (test->dbus,
"dhansak-collabora.cer", "collabora-ca/collabora-ca.cer", NULL);
ensure_certificate_proxy (test);
- verifier = empathy_tls_verifier_new (test->cert, "www.collabora.co.uk");
+ verifier = empathy_tls_verifier_new (test->cert, "www.collabora.co.uk",
+ reference_identities);
empathy_tls_verifier_verify_async (verifier, fetch_callback_result, test);
g_main_loop_run (test->loop);
}
static void
-test_certificate_verify_hostname_invalid (Test *test,
+test_certificate_verify_identities_invalid (Test *test,
gconstpointer data G_GNUC_UNUSED)
{
EmpTLSCertificateRejectReason reason = 0;
GError *error = NULL;
EmpathyTLSVerifier *verifier;
+ const gchar *reference_identities[] = {
+ "invalid.host.name",
+ NULL
+ };
+
+ test->mock = mock_tls_certificate_new_and_register (test->dbus,
+ "dhansak-collabora.cer", "collabora-ca/collabora-ca.cer", NULL);
+
+ /* We add the collabora directory with the collabora root */
+ add_pkcs11_module_for_testing (test, "gkm-roots-store-standalone.so",
+ "collabora-ca");
+
+ ensure_certificate_proxy (test);
+
+ verifier = empathy_tls_verifier_new (test->cert, "invalid.host.name",
+ reference_identities);
+ empathy_tls_verifier_verify_async (verifier, fetch_callback_result, test);
+ g_main_loop_run (test->loop);
+
+ if (empathy_tls_verifier_verify_finish (verifier, test->result, &reason,
+ NULL, &error))
+ g_assert_not_reached ();
+
+ /* And it should say we're self-signed (oddly enough) */
+ g_assert_cmpuint (reason, ==, EMP_TLS_CERTIFICATE_REJECT_REASON_HOSTNAME_MISMATCH);
+
+ g_clear_error (&error);
+ g_object_unref (verifier);
+}
+
+static void
+test_certificate_verify_uses_reference_identities (Test *test,
+ gconstpointer data G_GNUC_UNUSED)
+{
+ EmpTLSCertificateRejectReason reason = 0;
+ GError *error = NULL;
+ EmpathyTLSVerifier *verifier;
+ const gchar *reference_identities[] = {
+ "invalid.host.name",
+ NULL
+ };
test->mock = mock_tls_certificate_new_and_register (test->dbus,
"dhansak-collabora.cer", "collabora-ca/collabora-ca.cer", NULL);
- /* We add teh collabora directory with the collabora root */
+ /* We add the collabora directory with the collabora root */
add_pkcs11_module_for_testing (test, "gkm-roots-store-standalone.so",
"collabora-ca");
ensure_certificate_proxy (test);
- verifier = empathy_tls_verifier_new (test->cert, "invalid.host.name");
+ /* Should be using the reference_identities and not host name for checks */
+ verifier = empathy_tls_verifier_new (test->cert, "www.collabora.co.uk",
+ reference_identities);
empathy_tls_verifier_verify_async (verifier, fetch_callback_result, test);
g_main_loop_run (test->loop);
setup, test_certificate_verify_root_not_found, teardown);
g_test_add ("/tls/certificate_verify_root_not_anchored", Test, NULL,
setup, test_certificate_verify_root_not_anchored, teardown);
- g_test_add ("/tls/certificate_verify_hostname_invalid", Test, NULL,
- setup, test_certificate_verify_hostname_invalid, teardown);
+ g_test_add ("/tls/certificate_verify_identities_invalid", Test, NULL,
+ setup, test_certificate_verify_identities_invalid, teardown);
+ g_test_add ("/tls/certificate_verify_uses_reference_identities", Test, NULL,
+ setup, test_certificate_verify_uses_reference_identities, teardown);
result = g_test_run ();
test_deinit ();
projects / empathy.git / commitdiff