[libvirt] [PATCH 3/3] Add a test case for certificate validation
Eric Blake
eblake at redhat.com
Thu Jul 21 22:51:37 UTC 2011
On 07/21/2011 06:30 AM, Daniel P. Berrange wrote:
> From: "Daniel P. Berrange"<berrange at redhat.com>
>
> This test case checks certification validation rules for
>
> - Basic constraints
> - Key purpose
> - Key usage
> - Start/expiry times
>
> It checks initial context creation sanity checks, and live
> session validation
> ---
> tests/.gitignore | 1 +
We've got half our tests excluded in libvirt/.gitignore, the other half
in libvirt/tests/.gitignore.
Someday I should follow through with my threat to consolidate all
.gitignore into the top level file. But that's a separate patch, so
don't worry about it in the context of this patch.
>
> +virnettlscontexttest_SOURCES = \
> + virnettlscontexttest.c testutils.h testutils.c pkix_asn1_tab.c
> +virnettlscontexttest_CFLAGS = -Dabs_builddir="\"$(abs_builddir)\"" $(AM_CFLAGS)
> +virnettlscontexttest_LDADD = ../src/libvirt-net-rpc.la $(LDADDS) -ltasn1
Is -tasn1 available everywhere, or do we need to make compilation of
this test conditional? Also, I don't see tasn mentioned anywhere else
in the current libvirt.git tree - does this require some configure.ac magic?
> + * This file comes from gnutls, licensed under the GPLv3+
I guess that's okay, since our test is not installed.
> + */
> +
> +#include<config.h>
> +#include<libtasn1.h>
> +
> +const ASN1_ARRAY_TYPE pkix_asn1_tab[] = {
> + { "PKIX1", 536875024, NULL },
> + { NULL, 1073741836, NULL },
How grungy. And no comments to tell you what it is actually testing.
Oh well; it's copied from elsewhere, so hopefully gnutls knows what it
is doing.
> +
> +/*
> + * To avoid consuming random entroy to generate keys,
s/entroy/entropy/
> + * here's one we prepared earlier :-)
Thanks. That would be a shame if running 'make check' ate entropy.
> +
> + /*
> + * First up generate a certificate request with some basic
> + * data. This seems a little pointless. We can probably
> + * just set this all on the certifivate object directly
s/certifivate/certificate/
> + /* We'll use this for our fake client-server connection */
> + if (socketpair(AF_UNIX, SOCK_STREAM, 0, channel)< 0)
> + abort();
Won't compile on Win32, so you definitely need conditional compilation
of this test.
Overall the idea is nice.
--
Eric Blake eblake at redhat.com +1-801-349-2682
Libvirt virtualization library http://libvirt.org
More information about the libvir-list
mailing list