diff options
| author | Valerii Hiora <[email protected]> | 2014-09-30 11:06:37 +0300 |
|---|---|---|
| committer | Valerii Hiora <[email protected]> | 2014-10-02 10:15:50 +0300 |
| commit | fbb359720b24266938284edcd5cec46744379f1c (patch) | |
| tree | 69648c3ed31e085403cd2a653fc869dc281eaba7 /src/ssl/tests.rs | |
| parent | Merge pull request #57 from vhbit/mut-cleanup (diff) | |
| download | rust-openssl-fbb359720b24266938284edcd5cec46744379f1c.tar.xz rust-openssl-fbb359720b24266938284edcd5cec46744379f1c.zip | |
User-provided data in verify
Diffstat (limited to 'src/ssl/tests.rs')
| -rw-r--r-- | src/ssl/tests.rs | 49 |
1 files changed, 47 insertions, 2 deletions
diff --git a/src/ssl/tests.rs b/src/ssl/tests.rs index 82effee0..9dd90ae7 100644 --- a/src/ssl/tests.rs +++ b/src/ssl/tests.rs @@ -1,10 +1,11 @@ use std::io::Writer; use std::io::net::tcp::TcpStream; +use std::num::FromStrRadix; use std::str; use crypto::hash::{SHA256}; -use ssl::{Sslv23, SslContext, SslStream, SslVerifyPeer}; -use x509::{X509Generator, X509, DigitalSignature, KeyEncipherment, ClientAuth, ServerAuth, X509StoreContext}; +use ssl::{Sslv23, SslContext, SslStream, SslVerifyPeer, SslVerifyNone}; +use x509::{X509Generator, DigitalSignature, KeyEncipherment, ClientAuth, ServerAuth, X509StoreContext}; #[test] fn test_new_ctx() { @@ -141,6 +142,50 @@ fn test_verify_trusted_get_error_err() { assert!(SslStream::new(&ctx, stream).is_err()); } +fn hash_str_to_vec(s: &str) -> Vec<u8> { + let mut res = Vec::new(); + assert!(s.len() % 2 == 0, "Hash str should have len = 2 * n"); + for i in range(0, s.len() / 2) { + let substr = s.slice(i, i + 2); + let t: Option<u8> = FromStrRadix::from_str_radix(substr, 16); + assert!(t.is_some(), "Hash str must contain only hex digits, i.e. [0-9a-f]"); + res.push(t.unwrap()); + } + + res +} + +#[test] +fn test_verify_callback_data() { + fn callback(_preverify_ok: bool, x509_ctx: &X509StoreContext, node_id: &Vec<u8>) -> bool { + let cert = x509_ctx.get_current_cert(); + match cert { + None => false, + Some(cert) => { + let fingerprint = cert.fingerprint(SHA256).unwrap(); + fingerprint.as_slice() == node_id.as_slice() + } + } + } + let stream = TcpStream::connect("127.0.0.1", 15418).unwrap(); + let mut ctx = SslContext::new(Sslv23).unwrap(); + + // Node id was generated as SHA256 hash of certificate "test/cert.pem" + // in DER format. + // Command: openssl x509 -in test/cert.pem -outform DER | openssl dgst -sha256 + // Please update if "test/cert.pem" will ever change + let node_hash_str = "6204f6617e1af7495394250655f43600cd483e2dfc2005e92d0fe439d0723c34"; + let node_id = hash_str_to_vec(node_hash_str); + ctx.set_verify_with_data(SslVerifyNone, Some(callback), node_id); + ctx.set_verify_depth(1); + + match SslStream::new(&ctx, stream) { + Ok(_) => (), + Err(err) => fail!("Expected success, got {}", err) + } +} + + #[test] fn test_write() { let stream = TcpStream::connect("127.0.0.1", 15418).unwrap(); |