Add tests for verify callback

As we're about to change the chain construction logic, we want to make sure the callback will still be called exactly when it should, and not on the (upcoming) ignored certs in the chain.
2026-02-19 00:39:46 +00:00 · 2015-09-01 11:59:24 +02:00
parent 4f202badec
commit 560fea3767
10 changed files with 483 additions and 3 deletions
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -26,6 +26,46 @@ int verify_all( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32
    return 0;
 }

+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+typedef struct {
+    char buf[512];
+    char *p;
+} verify_print_context;
+
+void verify_print_init( verify_print_context *ctx )
+{
+    memset( ctx, 0, sizeof( verify_print_context ) );
+    ctx->p = ctx->buf;
+}
+
+int verify_print( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags )
+{
+    int ret;
+    verify_print_context *ctx = (verify_print_context *) data;
+    char *p = ctx->p;
+    size_t n = ctx->buf + sizeof( ctx->buf ) - ctx->p;
+    ((void) flags);
+
+    ret = mbedtls_snprintf( p, n, "depth %d - serial ", certificate_depth );
+    MBEDTLS_X509_SAFE_SNPRINTF;
+
+    ret = mbedtls_x509_serial_gets( p, n, &crt->serial );
+    MBEDTLS_X509_SAFE_SNPRINTF;
+
+    ret = mbedtls_snprintf( p, n, " - subject " );
+    MBEDTLS_X509_SAFE_SNPRINTF;
+
+    ret = mbedtls_x509_dn_gets( p, n, &crt->subject );
+    MBEDTLS_X509_SAFE_SNPRINTF;
+
+    ret = mbedtls_snprintf( p, n, "\n" );
+    MBEDTLS_X509_SAFE_SNPRINTF;
+
+    ctx->p = p;
+
+    return( 0 );
+}
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
 /* END_HEADER */

 /* BEGIN_DEPENDENCIES
@@ -163,6 +203,35 @@ exit:
 }
 /* END_CASE */

+/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
+void x509_verify_callback( char *crt_file, char *ca_file,
+                           int exp_ret, char *exp_vrfy_out )
+{
+    int ret;
+    mbedtls_x509_crt crt;
+    mbedtls_x509_crt ca;
+    uint32_t flags = 0;
+    verify_print_context vrfy_ctx;
+
+    mbedtls_x509_crt_init( &crt );
+    mbedtls_x509_crt_init( &ca );
+    verify_print_init( &vrfy_ctx );
+
+    TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
+    TEST_ASSERT( mbedtls_x509_crt_parse_file( &ca, ca_file ) == 0 );
+
+    ret = mbedtls_x509_crt_verify( &crt, &ca, NULL, NULL, &flags,
+                                   verify_print, &vrfy_ctx );
+
+    TEST_ASSERT( ret == exp_ret );
+    TEST_ASSERT( strcmp( vrfy_ctx.buf, exp_vrfy_out ) == 0 );
+
+exit:
+    mbedtls_x509_crt_free( &crt );
+    mbedtls_x509_crt_free( &ca );
+}
+/* END_CASE */
+
 /* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
 void mbedtls_x509_dn_gets( char *crt_file, char *entity, char *result_str )
 {