Re: [PATCH 3/3] Add a test case for certificate validation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 07/21/2011 06:30 AM, Daniel P. Berrange wrote:

From: "Daniel P. Berrange"<berrange@xxxxxxxxxx>

This test case checks certification validation rules for

  - Basic constraints
  - Key purpose
  - Key usage
  - Start/expiry times

It checks initial context creation sanity checks, and live
session validation
---
  tests/.gitignore             |    1 +
We've got half our tests excluded in libvirt/.gitignore, the other half in libvirt/tests/.gitignore.
Someday I should follow through with my threat to consolidate all .gitignore into the top level file. But that's a separate patch, so don't worry about it in the context of this patch. 



+virnettlscontexttest_SOURCES = \
+	virnettlscontexttest.c testutils.h testutils.c pkix_asn1_tab.c
+virnettlscontexttest_CFLAGS = -Dabs_builddir="\"$(abs_builddir)\"" $(AM_CFLAGS)
+virnettlscontexttest_LDADD = ../src/libvirt-net-rpc.la $(LDADDS) -ltasn1
Is -tasn1 available everywhere, or do we need to make compilation of this test conditional? Also, I don't see tasn mentioned anywhere else in the current libvirt.git tree - does this require some configure.ac magic? 


+ * This file comes from gnutls, licensed under the GPLv3+


I guess that's okay, since our test is not installed.


+ */
+
+#include<config.h>
+#include<libtasn1.h>
+
+const ASN1_ARRAY_TYPE pkix_asn1_tab[] = {
+  { "PKIX1", 536875024, NULL },
+  { NULL, 1073741836, NULL },
How grungy. And no comments to tell you what it is actually testing. Oh well; it's copied from elsewhere, so hopefully gnutls knows what it is doing. 


+
+/*
+ * To avoid consuming random entroy to generate keys,


s/entroy/entropy/


+ * here's one we prepared earlier :-)


Thanks.  That would be a shame if running 'make check' ate entropy.


+
+    /*
+     * First up generate a certificate request with some basic
+     * data. This seems a little pointless. We can probably
+     * just set this all on the certifivate object directly


s/certifivate/certificate/


+    /* We'll use this for our fake client-server connection */
+    if (socketpair(AF_UNIX, SOCK_STREAM, 0, channel)<  0)
+        abort();
Won't compile on Win32, so you definitely need conditional compilation of this test. 

Overall the idea is nice.

--
Eric Blake   eblake@xxxxxxxxxx    +1-801-349-2682
Libvirt virtualization library http://libvirt.org

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]