[vlc-commits] test: use custom cert directory for TLS tests, add some cases
Rémi Denis-Courmont
git at videolan.org
Sun Feb 26 18:51:05 CET 2017
vlc | branch: master | Rémi Denis-Courmont <remi at remlab.net> | Sun Feb 26 19:42:16 2017 +0200| [62481d9b772eaee90830d16674b48688e3a36d98] | committer: Rémi Denis-Courmont
test: use custom cert directory for TLS tests, add some cases
This avoids the ugly hack based on dialogs and home directory.
> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=62481d9b772eaee90830d16674b48688e3a36d98
---
test/Makefile.am | 8 ++-
test/modules/misc/tls.c | 175 +++++++++++++++++++++++++-----------------------
2 files changed, 100 insertions(+), 83 deletions(-)
diff --git a/test/Makefile.am b/test/Makefile.am
index dc57591..8d4ae30 100644
--- a/test/Makefile.am
+++ b/test/Makefile.am
@@ -51,7 +51,13 @@ EXTRA_PROGRAMS = \
$(NULL)
#check_DATA = samples/test.sample samples/meta.sample
-EXTRA_DIST = samples/empty.voc samples/image.jpg samples/subitems samples/slaves $(check_SCRIPTS)
+EXTRA_DIST = \
+ samples/certs/certkey.pem \
+ samples/empty.voc \
+ samples/image.jpg \
+ samples/subitems \
+ samples/slaves \
+ $(check_SCRIPTS)
check_HEADERS = libvlc/test.h libvlc/libvlc_additions.h
diff --git a/test/modules/misc/tls.c b/test/modules/misc/tls.c
index d5efd9d..f44f26f 100644
--- a/test/modules/misc/tls.c
+++ b/test/modules/misc/tls.c
@@ -31,41 +31,14 @@
#include <sys/types.h>
#include <sys/socket.h>
#include <poll.h>
-#include <fcntl.h>
-#include <unistd.h>
#include <vlc_common.h>
#include <vlc_modules.h>
#include <vlc_tls.h>
-#include <vlc_dialog.h>
#include "../../../lib/libvlc_internal.h"
#include <vlc/vlc.h>
-static void
-dialog_display_question_cb(void *p_data, vlc_dialog_id *p_id, const char *psz_title,
- const char *psz_text, vlc_dialog_question_type i_type,
- const char *psz_cancel, const char *psz_action1,
- const char *psz_action2)
-{
- (void) psz_title;
- (void) psz_text;
- (void) i_type;
- (void) psz_cancel;
- (void) psz_action1;
- (void) psz_action2;
- int *value = p_data;
- vlc_dialog_id_post_action(p_id, *value);
-}
-
-static void dialog_cancel_cb(void *p_data, vlc_dialog_id *id)
-{
- (void)p_data;
- vlc_dialog_id_dismiss(id);
-}
-
-static libvlc_instance_t *vlc;
-static vlc_object_t *obj;
static vlc_tls_creds_t *server_creds;
static vlc_tls_creds_t *client_creds;
@@ -106,54 +79,57 @@ error:
return NULL;
}
-static int securepair(vlc_thread_t *th, vlc_tls_t **restrict client,
- const char *const *alpnv[2], char **restrict alp)
+static vlc_tls_t *securepair(vlc_thread_t *th,
+ const char *const salpnv[],
+ const char *const calpnv[],
+ char **restrict alp)
{
- vlc_tls_t *server;
+ vlc_tls_t *socks[2];
+ vlc_tls_t *server, *client;
int val;
- vlc_tls_t *insecurev[2];
- val = vlc_tls_SocketPair(PF_LOCAL, 0, insecurev);
+ val = vlc_tls_SocketPair(PF_LOCAL, 0, socks);
assert(val == 0);
- server = vlc_tls_ServerSessionCreate(server_creds, insecurev[0], alpnv[0]);
+ server = vlc_tls_ServerSessionCreate(server_creds, socks[0], salpnv);
assert(server != NULL);
val = vlc_clone(th, tls_echo, server, VLC_THREAD_PRIORITY_LOW);
assert(val == 0);
- *client = vlc_tls_ClientSessionCreate(client_creds, insecurev[1],
- "localhost", "vlc-tls-test",
- alpnv[1], alp);
- if (*client == NULL)
+ client = vlc_tls_ClientSessionCreate(client_creds, socks[1],
+ "localhost", "vlc-tls-test",
+ calpnv, alp);
+ if (client == NULL)
{
- vlc_tls_SessionDelete(insecurev[1]);
+ vlc_tls_SessionDelete(socks[1]);
vlc_join(*th, NULL);
- return -1;
+ return NULL;
}
- return 0;
+ return client;
}
-static const char certpath[] = SRCDIR"/modules/misc/certkey.pem";
+#define CERTDIR SRCDIR "/samples/certs"
+#define CERTFILE CERTDIR "/certkey.pem"
+
+static const char *const test_cert_argv[] = {
+ "--no-gnutls-system-trust", "--gnutls-dir-trust=" CERTDIR, NULL };
static const char *const alpn[] = { "foo", "bar", NULL };
+static const char *const alpn_bad[] = { "baz", NULL };
int main(void)
{
+ libvlc_instance_t *vlc;
+ vlc_object_t *obj;
+ vlc_thread_t th;
+ void *p;
+ vlc_tls_t *tls;
+ char *alp;
int val;
- int answer = 0;
- /* Create fake home for stored keys */
- char homedir[] = "/tmp/vlc-test-XXXXXX";
- if (mkdtemp(homedir) != homedir)
- {
- perror("Temporary directory");
- return 77;
- }
-
- assert(!strncmp(homedir, "/tmp/vlc-test-", 14));
- setenv("HOME", homedir, 1);
setenv("VLC_PLUGIN_PATH", "../modules", 1);
+ /*** Tests with normal certs database - server cert not acceptable. ***/
vlc = libvlc_new(0, NULL);
assert(vlc != NULL);
obj = VLC_OBJECT(vlc->p_libvlc_int);
@@ -162,41 +138,50 @@ int main(void)
assert(server_creds == NULL);
server_creds = vlc_tls_ServerCreate(obj, SRCDIR"/samples/empty.voc", NULL);
assert(server_creds == NULL);
- server_creds = vlc_tls_ServerCreate(obj, certpath, SRCDIR"/nonexistent");
+ server_creds = vlc_tls_ServerCreate(obj, CERTFILE, SRCDIR"/nonexistent");
assert(server_creds == NULL);
- server_creds = vlc_tls_ServerCreate(obj, certpath, NULL);
+ server_creds = vlc_tls_ServerCreate(obj, CERTFILE, NULL);
if (server_creds == NULL)
{
libvlc_release(vlc);
return 77;
}
+ vlc_tls_Delete(server_creds);
+ server_creds = vlc_tls_ServerCreate(obj, CERTFILE, CERTFILE);
+ assert(server_creds != NULL);
client_creds = vlc_tls_ClientCreate(obj);
assert(client_creds != NULL);
- vlc_dialog_cbs cbs = {
- .pf_display_question = dialog_display_question_cb,
- .pf_cancel = dialog_cancel_cb,
- };
- vlc_dialog_provider_set_callbacks(obj, &cbs, &answer);
+ /* Test unknown certificate */
+ tls = securepair(&th, alpn, alpn, &alp);
+ assert(tls == NULL);
+ tls = securepair(&th, alpn, alpn, NULL);
+ assert(tls == NULL);
- vlc_thread_t th;
- vlc_tls_t *tls;
- const char *const *alpnv[2] = { alpn + 1, alpn };
- char *alp;
- void *p;
+ vlc_tls_Delete(client_creds);
+ vlc_tls_Delete(server_creds);
+ libvlc_release(vlc);
- /* Test unknown certificate */
- answer = 0;
- val = securepair(&th, &tls, alpnv, &alp);
- assert(val == -1);
+ /*** Tests with test certs database - server cert accepted. ***/
+ vlc = libvlc_new(ARRAY_SIZE(test_cert_argv) - 1, test_cert_argv);
+ if (vlc == NULL)
+ {
+ libvlc_release(vlc);
+ return 77;
+ }
+ obj = VLC_OBJECT(vlc->p_libvlc_int);
- /* Accept unknown certificate */
- answer = 1;
- val = securepair(&th, &tls, alpnv, &alp);
- assert(val == 0);
+ server_creds = vlc_tls_ServerCreate(obj, CERTFILE, NULL);
+ assert(server_creds != NULL);
+ client_creds = vlc_tls_ClientCreate(obj);
+ assert(client_creds != NULL);
+
+ /* Test known certificate */
+ tls = securepair(&th, alpn, alpn, &alp);
+ assert(tls != NULL);
assert(alp != NULL);
- assert(!strcmp(alp, "bar"));
+ assert(strcmp(alp, alpn[0]) == 0);
free(alp);
/* Do some I/O */
@@ -226,9 +211,8 @@ int main(void)
vlc_tls_Close(tls);
/* Test known certificate, ignore ALPN result */
- answer = 0;
- val = securepair(&th, &tls, alpnv, NULL);
- assert(val == 0);
+ tls = securepair(&th, alpn, alpn, NULL);
+ assert(tls != NULL);
/* Do a lot of I/O, test congestion handling */
static unsigned char data[16184];
@@ -267,18 +251,45 @@ int main(void)
vlc_join(th, NULL);
/* Test known certificate, no ALPN */
- alpnv[0] = alpnv[1] = NULL;
- val = securepair(&th, &tls, alpnv, NULL);
- assert(val == 0);
+ tls = securepair(&th, alpn, NULL, &alp);
+ assert(tls != NULL);
+ assert(alp == NULL);
+ vlc_tls_Close(tls);
+ vlc_join(th, NULL);
+
+ tls = securepair(&th, NULL, alpn, NULL);
+ assert(tls != NULL);
+ assert(alp == NULL);
+ vlc_tls_Close(tls);
+ vlc_join(th, NULL);
+
+ /* Test ALPN combinations */
+ tls = securepair(&th, alpn, alpn + 1, &alp);
+ assert(tls != NULL);
+ assert(alp != NULL);
+ assert(strcmp(alp, alpn[1]) == 0);
+ free(alp);
+ vlc_tls_Close(tls);
+ vlc_join(th, NULL);
+
+ tls = securepair(&th, alpn + 1, alpn, &alp);
+ assert(tls != NULL);
+ assert(alp != NULL);
+ assert(strcmp(alp, alpn[1]) == 0);
+ free(alp);
+ vlc_tls_Close(tls);
+ vlc_join(th, NULL);
+
+ /* Test ALPN mismatch */
+ tls = securepair(&th, alpn, alpn_bad, &alp);
+ assert(tls != NULL);
+ assert(alp == NULL); /* currently, ALPN is marked optional in hello */
vlc_tls_Close(tls);
vlc_join(th, NULL);
- vlc_dialog_provider_set_callbacks(obj, NULL, NULL);
vlc_tls_Delete(client_creds);
vlc_tls_Delete(server_creds);
libvlc_release(vlc);
- if (fork() == 0)
- execlp("rm", "rm", "-rf", homedir, (char *)NULL);
return 0;
}
More information about the vlc-commits
mailing list