xref: /openbsd-src/regress/lib/libssl/unit/ssl_verify_param.c (revision 90fab13908184395bb9f495c0ebcceb96ec05c2d)
1*90fab139Stb /*	$OpenBSD: ssl_verify_param.c,v 1.1 2023/05/24 08:54:59 tb Exp $ */
2*90fab139Stb 
3*90fab139Stb /*
4*90fab139Stb  * Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
5*90fab139Stb  *
6*90fab139Stb  * Permission to use, copy, modify, and distribute this software for any
7*90fab139Stb  * purpose with or without fee is hereby granted, provided that the above
8*90fab139Stb  * copyright notice and this permission notice appear in all copies.
9*90fab139Stb  *
10*90fab139Stb  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11*90fab139Stb  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12*90fab139Stb  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13*90fab139Stb  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14*90fab139Stb  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15*90fab139Stb  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16*90fab139Stb  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17*90fab139Stb  */
18*90fab139Stb 
19*90fab139Stb #include <err.h>
20*90fab139Stb #include <stdio.h>
21*90fab139Stb 
22*90fab139Stb #include <openssl/ssl.h>
23*90fab139Stb #include <openssl/x509v3.h>
24*90fab139Stb 
25*90fab139Stb unsigned int X509_VERIFY_PARAM_get_hostflags(X509_VERIFY_PARAM *param);
26*90fab139Stb 
27*90fab139Stb static int
ssl_verify_param_flags_inherited(void)28*90fab139Stb ssl_verify_param_flags_inherited(void)
29*90fab139Stb {
30*90fab139Stb 	SSL_CTX *ssl_ctx = NULL;
31*90fab139Stb 	SSL *ssl = NULL;
32*90fab139Stb 	X509_VERIFY_PARAM *param;
33*90fab139Stb 	unsigned int defaultflags = 0;
34*90fab139Stb 	unsigned int newflags = X509_CHECK_FLAG_NEVER_CHECK_SUBJECT;
35*90fab139Stb 	unsigned int flags;
36*90fab139Stb 	int failed = 1;
37*90fab139Stb 
38*90fab139Stb 	if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL)
39*90fab139Stb 		errx(1, "SSL_CTX_new");
40*90fab139Stb 
41*90fab139Stb 	if ((param = SSL_CTX_get0_param(ssl_ctx)) == NULL) {
42*90fab139Stb 		fprintf(stderr, "FAIL: no verify param on ssl_ctx\n");
43*90fab139Stb 		goto failure;
44*90fab139Stb 	}
45*90fab139Stb 
46*90fab139Stb 	if ((flags = X509_VERIFY_PARAM_get_hostflags(param)) != defaultflags) {
47*90fab139Stb 		fprintf(stderr, "FAIL: SSL_CTX default hostflags, "
48*90fab139Stb 		    "want: %x, got: %x\n", defaultflags, flags);
49*90fab139Stb 		goto failure;
50*90fab139Stb 	}
51*90fab139Stb 
52*90fab139Stb 	X509_VERIFY_PARAM_set_hostflags(param, newflags);
53*90fab139Stb 
54*90fab139Stb 	if ((flags = X509_VERIFY_PARAM_get_hostflags(param)) != newflags) {
55*90fab139Stb 		fprintf(stderr, "FAIL: SSL_CTX new hostflags, "
56*90fab139Stb 		    "want: %x, got: %x\n", newflags, flags);
57*90fab139Stb 		goto failure;
58*90fab139Stb 	}
59*90fab139Stb 
60*90fab139Stb 	if ((ssl = SSL_new(ssl_ctx)) == NULL)
61*90fab139Stb 		errx(1, "SSL_new");
62*90fab139Stb 
63*90fab139Stb 	if ((param = SSL_get0_param(ssl)) == NULL) {
64*90fab139Stb 		fprintf(stderr, "FAIL: no verify param on ssl\n");
65*90fab139Stb 		goto failure;
66*90fab139Stb 	}
67*90fab139Stb 
68*90fab139Stb 	if ((flags = X509_VERIFY_PARAM_get_hostflags(param)) != newflags) {
69*90fab139Stb 		fprintf(stderr, "FAIL: SSL inherited hostflags, "
70*90fab139Stb 		    "want: %x, got: %x\n", newflags, flags);
71*90fab139Stb 		goto failure;
72*90fab139Stb 	}
73*90fab139Stb 
74*90fab139Stb 	SSL_set_hostflags(ssl, defaultflags);
75*90fab139Stb 
76*90fab139Stb 	if ((flags = X509_VERIFY_PARAM_get_hostflags(param)) != defaultflags) {
77*90fab139Stb 		fprintf(stderr, "FAIL: SSL set hostflags, "
78*90fab139Stb 		    "want: %x, got: %x\n", defaultflags, flags);
79*90fab139Stb 		goto failure;
80*90fab139Stb 	}
81*90fab139Stb 
82*90fab139Stb 	failed = 0;
83*90fab139Stb 
84*90fab139Stb  failure:
85*90fab139Stb 	SSL_CTX_free(ssl_ctx);
86*90fab139Stb 	SSL_free(ssl);
87*90fab139Stb 
88*90fab139Stb 	return failed;
89*90fab139Stb }
90*90fab139Stb 
91*90fab139Stb int
main(void)92*90fab139Stb main(void)
93*90fab139Stb {
94*90fab139Stb 	int failed = 0;
95*90fab139Stb 
96*90fab139Stb 	failed |= ssl_verify_param_flags_inherited();
97*90fab139Stb 
98*90fab139Stb 	return failed;
99*90fab139Stb }
100