2 * nghttp2 - HTTP/2 C Library
4 * Copyright (c) 2013 Tatsuhiro Tsujikawa
6 * Permission is hereby granted, free of charge, to any person obtaining
7 * a copy of this software and associated documentation files (the
8 * "Software"), to deal in the Software without restriction, including
9 * without limitation the rights to use, copy, modify, merge, publish,
10 * distribute, sublicense, and/or sell copies of the Software, and to
11 * permit persons to whom the Software is furnished to do so, subject to
12 * the following conditions:
14 * The above copyright notice and this permission notice shall be
15 * included in all copies or substantial portions of the Software.
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
18 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
19 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
20 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
21 * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
22 * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
23 * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
25 #include "shrpx_ssl_test.h"
27 #include <CUnit/CUnit.h>
29 #include "shrpx_ssl.h"
33 using namespace nghttp2;
37 void test_shrpx_ssl_create_lookup_tree(void) {
38 auto tree = make_unique<ssl::CertLookupTree>();
40 SSL_CTX_new(SSLv23_method()), SSL_CTX_new(SSLv23_method()),
41 SSL_CTX_new(SSLv23_method()), SSL_CTX_new(SSLv23_method()),
42 SSL_CTX_new(SSLv23_method()), SSL_CTX_new(SSLv23_method()),
43 SSL_CTX_new(SSLv23_method()), SSL_CTX_new(SSLv23_method()),
44 SSL_CTX_new(SSLv23_method()), SSL_CTX_new(SSLv23_method())};
46 const char *hostnames[] = {"example.com", "www.example.org",
47 "*www.example.org", "x*.host.domain",
48 "*yy.host.domain", "nghttp2.sourceforge.net",
50 "sourceforge.net", // duplicate
51 "*.foo.bar", // oo.bar is suffix of *.foo.bar
53 int num = array_size(ctxs);
54 for (int i = 0; i < num; ++i) {
55 tree->add_cert(ctxs[i], hostnames[i], strlen(hostnames[i]));
58 CU_ASSERT(ctxs[0] == tree->lookup(hostnames[0], strlen(hostnames[0])));
59 CU_ASSERT(ctxs[1] == tree->lookup(hostnames[1], strlen(hostnames[1])));
60 const char h1[] = "2www.example.org";
61 CU_ASSERT(ctxs[2] == tree->lookup(h1, strlen(h1)));
62 const char h2[] = "www2.example.org";
63 CU_ASSERT(0 == tree->lookup(h2, strlen(h2)));
64 const char h3[] = "x1.host.domain";
65 CU_ASSERT(ctxs[3] == tree->lookup(h3, strlen(h3)));
66 // Does not match *yy.host.domain, because * must match at least 1
68 const char h4[] = "yy.Host.domain";
69 CU_ASSERT(0 == tree->lookup(h4, strlen(h4)));
70 const char h5[] = "zyy.host.domain";
71 CU_ASSERT(ctxs[4] == tree->lookup(h5, strlen(h5)));
72 CU_ASSERT(0 == tree->lookup("", 0));
73 CU_ASSERT(ctxs[5] == tree->lookup(hostnames[5], strlen(hostnames[5])));
74 CU_ASSERT(ctxs[6] == tree->lookup(hostnames[6], strlen(hostnames[6])));
75 const char h6[] = "pdylay.sourceforge.net";
76 for (int i = 0; i < 7; ++i) {
77 CU_ASSERT(0 == tree->lookup(h6 + i, strlen(h6) - i));
79 const char h7[] = "x.foo.bar";
80 CU_ASSERT(ctxs[8] == tree->lookup(h7, strlen(h7)));
81 CU_ASSERT(ctxs[9] == tree->lookup(hostnames[9], strlen(hostnames[9])));
83 for (int i = 0; i < num; ++i) {
84 SSL_CTX_free(ctxs[i]);
88 SSL_CTX_new(SSLv23_method()), SSL_CTX_new(SSLv23_method()),
89 SSL_CTX_new(SSLv23_method()), SSL_CTX_new(SSLv23_method())};
90 const char *names[] = {"rab", "zab", "zzub", "ab"};
91 num = array_size(ctxs2);
93 tree = make_unique<ssl::CertLookupTree>();
94 for (int i = 0; i < num; ++i) {
95 tree->add_cert(ctxs2[i], names[i], strlen(names[i]));
97 for (int i = 0; i < num; ++i) {
98 CU_ASSERT(ctxs2[i] == tree->lookup(names[i], strlen(names[i])));
101 for (int i = 0; i < num; ++i) {
102 SSL_CTX_free(ctxs2[i]);
106 void test_shrpx_ssl_cert_lookup_tree_add_cert_from_file(void) {
108 ssl::CertLookupTree tree;
109 auto ssl_ctx = SSL_CTX_new(SSLv23_method());
110 const char certfile[] = NGHTTP2_TESTS_DIR "/testdata/cacert.pem";
111 rv = ssl::cert_lookup_tree_add_cert_from_file(&tree, ssl_ctx, certfile);
113 const char localhost[] = "localhost";
114 CU_ASSERT(ssl_ctx == tree.lookup(localhost, sizeof(localhost) - 1));
116 SSL_CTX_free(ssl_ctx);