Skip to content

Commit f0ccf3b

Browse files
padelsbachpadelsbach
committed
Add test case for IP SAN checking
1 parent b3f08f3 commit f0ccf3b

2 files changed

Lines changed: 48 additions & 1 deletion

File tree

src/internal.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16792,7 +16792,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
1679216792
(char*)ssl->buffers.domainName.buffer,
1679316793
(ssl->buffers.domainName.buffer == NULL ? 0 :
1679416794
(word32)XSTRLEN(ssl->buffers.domainName.buffer)),
16795-
NULL, 0) != 1) {
16795+
NULL, 0, 0) != 1) {
1679616796
WOLFSSL_MSG("DomainName match failed");
1679716797
/* try to get peer key still */
1679816798
ret = DOMAIN_NAME_MISMATCH;

tests/api.c

Lines changed: 47 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15320,6 +15320,52 @@ static int test_wolfSSL_check_domain_basic(void)
1532015320
}
1532115321
#endif /* HAVE_SSL_MEMIO_TESTS_DEPENDENCIES */
1532215322

15323+
#if defined(OPENSSL_EXTRA) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \
15324+
(defined(WOLFSSL_IP_ALT_NAME) || defined(OPENSSL_ALL)) && \
15325+
!defined(OPENSSL_COMPATIBLE_DEFAULTS) && !defined(NO_SHA256)
15326+
static const char* ipaddr = NULL;
15327+
static int test_wolfSSL_check_ip_param_client_ssl(WOLFSSL* ssl)
15328+
{
15329+
EXPECT_DECLS;
15330+
X509_VERIFY_PARAM* param = NULL;
15331+
15332+
ExpectNotNull(param = SSL_get0_param(ssl));
15333+
ExpectIntEQ(X509_VERIFY_PARAM_set1_ip_asc(param, ipaddr), WOLFSSL_SUCCESS);
15334+
15335+
return EXPECT_RESULT();
15336+
}
15337+
15338+
static int test_wolfSSL_check_ip_param_basic(void)
15339+
{
15340+
EXPECT_DECLS;
15341+
test_ssl_cbf func_cb_client;
15342+
test_ssl_cbf func_cb_server;
15343+
15344+
XMEMSET(&func_cb_client, 0, sizeof(func_cb_client));
15345+
XMEMSET(&func_cb_server, 0, sizeof(func_cb_server));
15346+
15347+
func_cb_client.ssl_ready = &test_wolfSSL_check_ip_param_client_ssl;
15348+
15349+
ipaddr = "127.0.0.2";
15350+
/* Expect to fail: cert SAN IP is 127.0.0.1 */
15351+
ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client,
15352+
&func_cb_server, NULL), -1001);
15353+
15354+
ipaddr = "127.0.0.1";
15355+
/* Expect to succeed */
15356+
ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client,
15357+
&func_cb_server, NULL), TEST_SUCCESS);
15358+
15359+
return EXPECT_RESULT();
15360+
}
15361+
#else
15362+
static int test_wolfSSL_check_ip_param_basic(void)
15363+
{
15364+
EXPECT_DECLS;
15365+
return EXPECT_RESULT();
15366+
}
15367+
#endif
15368+
1532315369
static int test_wolfSSL_BUF(void)
1532415370
{
1532515371
EXPECT_DECLS;
@@ -33192,6 +33238,7 @@ TEST_CASE testCases[] = {
3319233238

3319333239
TEST_DECL(test_wolfSSL_check_domain),
3319433240
TEST_DECL(test_wolfSSL_check_domain_basic),
33241+
TEST_DECL(test_wolfSSL_check_ip_param_basic),
3319533242
TEST_DECL(test_wolfSSL_cert_cb),
3319633243
TEST_DECL(test_wolfSSL_cert_cb_dyn_ciphers),
3319733244
TEST_DECL(test_wolfSSL_ciphersuite_auth),

0 commit comments

Comments
 (0)