Skip to content

Commit 98d6624

Browse files
carlosmnEdward Thomson
carlosmn
authored and
Edward Thomson
committed
http: perform 'badssl' check also via certificate callback
Make sure that the callbacks do also get a 'valid' value of zero when the certificate we're looking at is in valid and assert that within the test.
1 parent 9a64e62 commit 98d6624

File tree

1 file changed

+29
-0
lines changed

1 file changed

+29
-0
lines changed

tests/online/badssl.c

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,37 +10,66 @@ static bool g_has_ssl = true;
1010
static bool g_has_ssl = false;
1111
#endif
1212

13+
static int cert_check_assert_invalid(git_cert *cert, int valid, const char* host, void *payload)
14+
{
15+
GIT_UNUSED(cert); GIT_UNUSED(host); GIT_UNUSED(payload);
16+
17+
cl_assert_equal_i(0, valid);
18+
19+
return GIT_ECERTIFICATE;
20+
}
21+
1322
void test_online_badssl__expired(void)
1423
{
24+
git_clone_options opts = GIT_CLONE_OPTIONS_INIT;
25+
opts.fetch_opts.callbacks.certificate_check = cert_check_assert_invalid;
26+
1527
if (!g_has_ssl)
1628
cl_skip();
1729

1830
cl_git_fail_with(GIT_ECERTIFICATE,
1931
git_clone(&g_repo, "https://expired.badssl.com/fake.git", "./fake", NULL));
32+
33+
cl_git_fail_with(GIT_ECERTIFICATE,
34+
git_clone(&g_repo, "https://expired.badssl.com/fake.git", "./fake", &opts));
2035
}
2136

2237
void test_online_badssl__wrong_host(void)
2338
{
39+
git_clone_options opts = GIT_CLONE_OPTIONS_INIT;
40+
opts.fetch_opts.callbacks.certificate_check = cert_check_assert_invalid;
41+
2442
if (!g_has_ssl)
2543
cl_skip();
2644

2745
cl_git_fail_with(GIT_ECERTIFICATE,
2846
git_clone(&g_repo, "https://wrong.host.badssl.com/fake.git", "./fake", NULL));
47+
cl_git_fail_with(GIT_ECERTIFICATE,
48+
git_clone(&g_repo, "https://wrong.host.badssl.com/fake.git", "./fake", &opts));
2949
}
3050

3151
void test_online_badssl__self_signed(void)
3252
{
53+
git_clone_options opts = GIT_CLONE_OPTIONS_INIT;
54+
opts.fetch_opts.callbacks.certificate_check = cert_check_assert_invalid;
55+
3356
if (!g_has_ssl)
3457
cl_skip();
3558

3659
cl_git_fail_with(GIT_ECERTIFICATE,
3760
git_clone(&g_repo, "https://self-signed.badssl.com/fake.git", "./fake", NULL));
61+
cl_git_fail_with(GIT_ECERTIFICATE,
62+
git_clone(&g_repo, "https://self-signed.badssl.com/fake.git", "./fake", &opts));
3863
}
3964

4065
void test_online_badssl__old_cipher(void)
4166
{
67+
git_clone_options opts = GIT_CLONE_OPTIONS_INIT;
68+
opts.fetch_opts.callbacks.certificate_check = cert_check_assert_invalid;
69+
4270
if (!g_has_ssl)
4371
cl_skip();
4472

4573
cl_git_fail(git_clone(&g_repo, "https://rc4.badssl.com/fake.git", "./fake", NULL));
74+
cl_git_fail(git_clone(&g_repo, "https://rc4.badssl.com/fake.git", "./fake", &opts));
4675
}

0 commit comments

Comments
 (0)