From 571bb62a49e71517d028bd2a3e0fe326a5ca7413 Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Sun, 7 Dec 2014 16:56:18 +0000 Subject: Allow specific libtls hostname validation errors to propagate. Remove direct calls to printf from the tls_check_hostname() path. This allows NUL byte error messages to bubble up to the caller, to be logged in a program-appropriate way. It also removes non-portable calls to getprogname(). ok jsing@ --- regress/lib/libtls/verify/verifytest.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'regress/lib') diff --git a/regress/lib/libtls/verify/verifytest.c b/regress/lib/libtls/verify/verifytest.c index bb8b3720143..81dcb90a67d 100644 --- a/regress/lib/libtls/verify/verifytest.c +++ b/regress/lib/libtls/verify/verifytest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: verifytest.c,v 1.1 2014/11/01 11:55:27 jsing Exp $ */ +/* $OpenBSD: verifytest.c,v 1.2 2014/12/07 16:56:17 bcook Exp $ */ /* * Copyright (c) 2014 Joel Sing * @@ -20,8 +20,9 @@ #include #include +#include -extern int tls_check_hostname(X509 *cert, const char *host); +extern int tls_check_hostname(struct tls *ctx, X509 *cert, const char *host); struct verify_test { const char common_name[128]; @@ -162,6 +163,7 @@ do_verify_test(int test_no, struct verify_test *vt) GENERAL_NAME *alt_name; X509_NAME *name; X509 *cert; + struct tls *tls; /* Build certificate structure. */ if ((cert = X509_new()) == NULL) @@ -174,6 +176,8 @@ do_verify_test(int test_no, struct verify_test *vt) if (X509_set_subject_name(cert, name) == 0) errx(1, "failed to set subject name"); X509_NAME_free(name); + if ((tls = tls_client()) == NULL) + errx(1, "failed to malloc tls_client"); if (vt->alt_name_type != 0) { if ((alt_name_stack = sk_GENERAL_NAME_new_null()) == NULL) @@ -209,7 +213,7 @@ do_verify_test(int test_no, struct verify_test *vt) sk_GENERAL_NAME_pop_free(alt_name_stack, GENERAL_NAME_free); } - if (tls_check_hostname(cert, vt->hostname) != vt->want) { + if (tls_check_hostname(tls, cert, vt->hostname) != vt->want) { fprintf(stderr, "FAIL: test %i failed with common name " "'%s', alt name '%s' and hostname '%s'\n", test_no, vt->common_name, vt->alt_name, vt->hostname); -- cgit v1.2.3