tests/ssl-test.c

   1 #ifdef HAVE_CONFIG_H
   2 #include "config.h"
   3 #endif
   4
   5 #include "libsoup/soup.h"
   6
   7 #include "test-utils.h"
   8
   9 static void
  10 do_properties_test_for_session (SoupSession *session, char *uri)
  11 {
  12         SoupMessage *msg;
  13         GTlsCertificate *cert;
  14         GTlsCertificateFlags flags;
  15
  16         msg = soup_message_new ("GET", uri);
  17         soup_session_send_message (session, msg);
  18         if (msg->status_code != SOUP_STATUS_OK) {
  19                 debug_printf (1, "    FAILED: %d %s\n",
  20                               msg->status_code, msg->reason_phrase);
  21                 errors++;
  22         }
  23
  24         if (soup_message_get_https_status (msg, &cert, &flags)) {
  25                 if (!G_IS_TLS_CERTIFICATE (cert)) {
  26                         debug_printf (1, "    No certificate?\n");
  27                         errors++;
  28                 }
  29                 if (flags != G_TLS_CERTIFICATE_UNKNOWN_CA) {
  30                         debug_printf (1, "    Wrong cert flags (got %x, wanted %x)\n",
  31                                       flags, G_TLS_CERTIFICATE_UNKNOWN_CA);
  32                         errors++;
  33                 }
  34         } else {
  35                 debug_printf (1, "    Response not https\n");
  36                 errors++;
  37         }
  38         if (soup_message_get_flags (msg) & SOUP_MESSAGE_CERTIFICATE_TRUSTED) {
  39                 debug_printf (1, "    CERTIFICATE_TRUSTED set?\n");
  40                 errors++;
  41         }
  42
  43         g_object_unref (msg);
  44 }
  45
  46 static void
  47 do_properties_tests (char *uri)
  48 {
  49         SoupSession *session;
  50
  51         debug_printf (1, "\nSoupMessage properties\n");
  52
  53         debug_printf (1, "  async\n");
  54         session = soup_test_session_new (SOUP_TYPE_SESSION_ASYNC, NULL);
  55         g_object_set (G_OBJECT (session),
  56                       SOUP_SESSION_SSL_CA_FILE, "/dev/null",
  57                       SOUP_SESSION_SSL_STRICT, FALSE,
  58                       NULL);
  59         do_properties_test_for_session (session, uri);
  60         soup_test_session_abort_unref (session);
  61
  62         debug_printf (1, "  sync\n");
  63         session = soup_test_session_new (SOUP_TYPE_SESSION_SYNC, NULL);
  64         g_object_set (G_OBJECT (session),
  65                       SOUP_SESSION_SSL_CA_FILE, "/dev/null",
  66                       SOUP_SESSION_SSL_STRICT, FALSE,
  67                       NULL);
  68         do_properties_test_for_session (session, uri);
  69         soup_test_session_abort_unref (session);
  70 }
  71
  72 static void
  73 do_one_strict_test (SoupSession *session, char *uri,
  74                     gboolean strict, gboolean with_ca_list,
  75                     guint expected_status)
  76 {
  77         SoupMessage *msg;
  78
  79         /* Note that soup_test_session_new() sets
  80          * SOUP_SESSION_SSL_CA_FILE by default, and turns off
  81          * SOUP_SESSION_SSL_STRICT.
  82          */
  83
  84         g_object_set (G_OBJECT (session),
  85                       SOUP_SESSION_SSL_STRICT, strict,
  86                       SOUP_SESSION_SSL_CA_FILE, with_ca_list ? SRCDIR "/test-cert.pem" : "/dev/null",
  87                       NULL);
  88         /* Close existing connections with old params */
  89         soup_session_abort (session);
  90
  91         msg = soup_message_new ("GET", uri);
  92         soup_session_send_message (session, msg);
  93         if (msg->status_code != expected_status) {
  94                 debug_printf (1, "      FAILED: %d %s (expected %d %s)\n",
  95                               msg->status_code, msg->reason_phrase,
  96                               expected_status,
  97                               soup_status_get_phrase (expected_status));
  98                 if (msg->status_code == SOUP_STATUS_SSL_FAILED) {
  99                         GTlsCertificateFlags flags = 0;
 100
 101                         soup_message_get_https_status (msg, NULL, &flags);
 102                         debug_printf (1, "              tls error flags: 0x%x\n", flags);
 103                 }
 104                 errors++;
 105         } else if (with_ca_list && SOUP_STATUS_IS_SUCCESSFUL (msg->status_code)) {
 106                 if (!(soup_message_get_flags (msg) & SOUP_MESSAGE_CERTIFICATE_TRUSTED)) {
 107                         debug_printf (1, "    CERTIFICATE_TRUSTED not set?\n");
 108                         errors++;
 109                 }
 110         } else {
 111                 if (with_ca_list && soup_message_get_flags (msg) & SOUP_MESSAGE_CERTIFICATE_TRUSTED) {
 112                         debug_printf (1, "    CERTIFICATE_TRUSTED set?\n");
 113                         errors++;
 114                 }
 115         }
 116
 117         g_object_unref (msg);
 118 }
 119
 120 static void
 121 do_strict_tests (char *uri)
 122 {
 123         SoupSession *session;
 124
 125         debug_printf (1, "strict/nonstrict\n");
 126
 127         session = soup_test_session_new (SOUP_TYPE_SESSION_ASYNC, NULL);
 128         debug_printf (1, "  async with CA list\n");
 129         do_one_strict_test (session, uri, TRUE, TRUE, SOUP_STATUS_OK);
 130         debug_printf (1, "  async without CA list\n");
 131         do_one_strict_test (session, uri, TRUE, FALSE, SOUP_STATUS_SSL_FAILED);
 132         debug_printf (1, "  async non-strict with CA list\n");
 133         do_one_strict_test (session, uri, FALSE, TRUE, SOUP_STATUS_OK);
 134         debug_printf (1, "  async non-strict without CA list\n");
 135         do_one_strict_test (session, uri, FALSE, FALSE, SOUP_STATUS_OK);
 136         soup_test_session_abort_unref (session);
 137
 138         session = soup_test_session_new (SOUP_TYPE_SESSION_SYNC, NULL);
 139         debug_printf (1, "  sync with CA list\n");
 140         do_one_strict_test (session, uri, TRUE, TRUE, SOUP_STATUS_OK);
 141         debug_printf (1, "  sync without CA list\n");
 142         do_one_strict_test (session, uri, TRUE, FALSE, SOUP_STATUS_SSL_FAILED);
 143         debug_printf (1, "  sync non-strict with CA list\n");
 144         do_one_strict_test (session, uri, FALSE, TRUE, SOUP_STATUS_OK);
 145         debug_printf (1, "  sync non-strict without CA list\n");
 146         do_one_strict_test (session, uri, FALSE, FALSE, SOUP_STATUS_OK);
 147         soup_test_session_abort_unref (session);
 148 }
 149
 150 static void
 151 server_handler (SoupServer        *server,
 152                 SoupMessage       *msg,
 153                 const char        *path,
 154                 GHashTable        *query,
 155                 SoupClientContext *client,
 156                 gpointer           user_data)
 157 {
 158         soup_message_set_status (msg, SOUP_STATUS_OK);
 159         soup_message_set_response (msg, "text/plain",
 160                                    SOUP_MEMORY_STATIC,
 161                                    "ok\r\n", 4);
 162 }
 163
 164 int
 165 main (int argc, char **argv)
 166 {
 167         SoupServer *server;
 168         char *uri;
 169
 170         test_init (argc, argv, NULL);
 171
 172         if (tls_available) {
 173                 server = soup_test_server_new_ssl (TRUE);
 174                 soup_server_add_handler (server, NULL, server_handler, NULL, NULL);
 175                 uri = g_strdup_printf ("https://127.0.0.1:%u/",
 176                                        soup_server_get_port (server));
 177
 178                 do_strict_tests (uri);
 179                 do_properties_tests (uri);
 180
 181                 g_free (uri);
 182                 soup_test_server_quit_unref (server);
 183         }
 184
 185         test_cleanup ();
 186         return errors != 0;
 187 }