Add tests for conf_diagnostics

Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24275)
2024-12-04 15:34:41 +08:00 · 2024-05-02 15:58:11 +02:00 · 2024-05-02 15:58:11 +02:00 · 3e191f4879
commit 3e191f4879
parent 64bfdebdc0
5 changed files with 85 additions and 3 deletions
--- a/test/context_internal_test.c
+++ b/test/context_internal_test.c
@ -48,8 +48,36 @@ static int test_set0_default(void)
    return testresult;
 }

+static int test_set_get_conf_diagnostics(void)
+{
+    OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
+    int res = 0;
+
+    if (!TEST_ptr(ctx))
+        goto err;
+
+    if (!TEST_false(OSSL_LIB_CTX_get_conf_diagnostics(ctx)))
+        goto err;
+
+    OSSL_LIB_CTX_set_conf_diagnostics(ctx, 1);
+
+    if (!TEST_true(OSSL_LIB_CTX_get_conf_diagnostics(ctx)))
+        goto err;
+
+    OSSL_LIB_CTX_set_conf_diagnostics(ctx, 0);
+
+    if (!TEST_false(OSSL_LIB_CTX_get_conf_diagnostics(ctx)))
+        goto err;
+
+    res = 1;
+ err:
+    OSSL_LIB_CTX_free(ctx);
+    return res;
+}
+
 int setup_tests(void)
 {
    ADD_TEST(test_set0_default);
+    ADD_TEST(test_set_get_conf_diagnostics);
    return 1;
 }
--- a/test/recipes/90-test_sysdefault.t
+++ b/test/recipes/90-test_sysdefault.t
@ -8,7 +8,7 @@


 use OpenSSL::Test::Utils;
-use OpenSSL::Test qw/:DEFAULT srctop_file/;
+use OpenSSL::Test qw/:DEFAULT data_file/;

 my $test_name = "test_sysdefault";
 setup($test_name);
@ -16,8 +16,16 @@ setup($test_name);
 plan skip_all => "$test_name is not supported in this build"
    if disabled("tls1_2") || disabled("rsa");

-plan tests => 1;
+plan tests => 3;

-$ENV{OPENSSL_CONF} = srctop_file("test", "sysdefault.cnf");
+$ENV{OPENSSL_CONF} = data_file("sysdefault.cnf");
+
+ok(run(test(["sysdefaulttest"])), "sysdefaulttest");
+
+$ENV{OPENSSL_CONF} = data_file("sysdefault-bad.cnf");
+
+ok(!run(test(["sysdefaulttest"])), "sysdefaulttest");
+
+$ENV{OPENSSL_CONF} = data_file("sysdefault-ignore.cnf");

 ok(run(test(["sysdefaulttest"])), "sysdefaulttest");
--- a/test/recipes/90-test_sysdefault_data/sysdefault-bad.cnf
+++ b/test/recipes/90-test_sysdefault_data/sysdefault-bad.cnf
--- a/test/recipes/90-test_sysdefault_data/sysdefault-ignore.cnf
+++ b/test/recipes/90-test_sysdefault_data/sysdefault-ignore.cnf
@ -0,0 +1,23 @@
+# Configuration file to test system default SSL configuration
+
+# We ignore configuration errors with config_diagnostics unset
+# config_diagnostics = 1
+
+openssl_conf = default_conf
+
+[ default_conf ]
+
+ssl_conf = ssl_sect
+oid_section = oid_sect
+
+[oid_sect]
+new-sig-oid = 1.1.1.1.1.1.1.1.1.1.1.1.1.1
+
+[ssl_sect]
+
+system_default = ssl_default_sect
+
+[ssl_default_sect]
+SignatureAlgorithms = RSA+SHA256:nonex
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
--- a/test/recipes/90-test_sysdefault_data/sysdefault.cnf
+++ b/test/recipes/90-test_sysdefault_data/sysdefault.cnf
@ -0,0 +1,23 @@
+# Configuration file to test system default SSL configuration
+
+# Comment out the next line to ignore configuration errors
+config_diagnostics = 1
+
+openssl_conf = default_conf
+
+[ default_conf ]
+
+ssl_conf = ssl_sect
+oid_section = oid_sect
+
+[oid_sect]
+new-sig-oid = 1.1.1.1.1.1.1.1.1.1.1.1.1.1
+
+[ssl_sect]
+
+system_default = ssl_default_sect
+
+[ssl_default_sect]
+SignatureAlgorithms = RSA+SHA256:?nonex
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2