|
Packit |
ae9e2a |
#include "clar_libgit2.h"
|
|
Packit |
ae9e2a |
|
|
Packit |
ae9e2a |
#include "git2/clone.h"
|
|
Packit |
ae9e2a |
|
|
Packit |
ae9e2a |
static git_repository *g_repo;
|
|
Packit |
ae9e2a |
|
|
Packit |
ae9e2a |
#ifdef GIT_HTTPS
|
|
Packit |
ae9e2a |
static bool g_has_ssl = true;
|
|
Packit |
ae9e2a |
#else
|
|
Packit |
ae9e2a |
static bool g_has_ssl = false;
|
|
Packit |
ae9e2a |
#endif
|
|
Packit |
ae9e2a |
|
|
Packit |
ae9e2a |
static int cert_check_assert_invalid(git_cert *cert, int valid, const char* host, void *payload)
|
|
Packit |
ae9e2a |
{
|
|
Packit |
ae9e2a |
GIT_UNUSED(cert); GIT_UNUSED(host); GIT_UNUSED(payload);
|
|
Packit |
ae9e2a |
|
|
Packit |
ae9e2a |
cl_assert_equal_i(0, valid);
|
|
Packit |
ae9e2a |
|
|
Packit |
ae9e2a |
return GIT_ECERTIFICATE;
|
|
Packit |
ae9e2a |
}
|
|
Packit |
ae9e2a |
|
|
Packit |
ae9e2a |
void test_online_badssl__expired(void)
|
|
Packit |
ae9e2a |
{
|
|
Packit |
ae9e2a |
git_clone_options opts = GIT_CLONE_OPTIONS_INIT;
|
|
Packit |
ae9e2a |
opts.fetch_opts.callbacks.certificate_check = cert_check_assert_invalid;
|
|
Packit |
ae9e2a |
|
|
Packit |
ae9e2a |
if (!g_has_ssl)
|
|
Packit |
ae9e2a |
cl_skip();
|
|
Packit |
ae9e2a |
|
|
Packit |
ae9e2a |
cl_git_fail_with(GIT_ECERTIFICATE,
|
|
Packit |
ae9e2a |
git_clone(&g_repo, "https://expired.badssl.com/fake.git", "./fake", NULL));
|
|
Packit |
ae9e2a |
|
|
Packit |
ae9e2a |
cl_git_fail_with(GIT_ECERTIFICATE,
|
|
Packit |
ae9e2a |
git_clone(&g_repo, "https://expired.badssl.com/fake.git", "./fake", &opts));
|
|
Packit |
ae9e2a |
}
|
|
Packit |
ae9e2a |
|
|
Packit |
ae9e2a |
void test_online_badssl__wrong_host(void)
|
|
Packit |
ae9e2a |
{
|
|
Packit |
ae9e2a |
git_clone_options opts = GIT_CLONE_OPTIONS_INIT;
|
|
Packit |
ae9e2a |
opts.fetch_opts.callbacks.certificate_check = cert_check_assert_invalid;
|
|
Packit |
ae9e2a |
|
|
Packit |
ae9e2a |
if (!g_has_ssl)
|
|
Packit |
ae9e2a |
cl_skip();
|
|
Packit |
ae9e2a |
|
|
Packit |
ae9e2a |
cl_git_fail_with(GIT_ECERTIFICATE,
|
|
Packit |
ae9e2a |
git_clone(&g_repo, "https://wrong.host.badssl.com/fake.git", "./fake", NULL));
|
|
Packit |
ae9e2a |
cl_git_fail_with(GIT_ECERTIFICATE,
|
|
Packit |
ae9e2a |
git_clone(&g_repo, "https://wrong.host.badssl.com/fake.git", "./fake", &opts));
|
|
Packit |
ae9e2a |
}
|
|
Packit |
ae9e2a |
|
|
Packit |
ae9e2a |
void test_online_badssl__self_signed(void)
|
|
Packit |
ae9e2a |
{
|
|
Packit |
ae9e2a |
git_clone_options opts = GIT_CLONE_OPTIONS_INIT;
|
|
Packit |
ae9e2a |
opts.fetch_opts.callbacks.certificate_check = cert_check_assert_invalid;
|
|
Packit |
ae9e2a |
|
|
Packit |
ae9e2a |
if (!g_has_ssl)
|
|
Packit |
ae9e2a |
cl_skip();
|
|
Packit |
ae9e2a |
|
|
Packit |
ae9e2a |
cl_git_fail_with(GIT_ECERTIFICATE,
|
|
Packit |
ae9e2a |
git_clone(&g_repo, "https://self-signed.badssl.com/fake.git", "./fake", NULL));
|
|
Packit |
ae9e2a |
cl_git_fail_with(GIT_ECERTIFICATE,
|
|
Packit |
ae9e2a |
git_clone(&g_repo, "https://self-signed.badssl.com/fake.git", "./fake", &opts));
|
|
Packit |
ae9e2a |
}
|
|
Packit |
ae9e2a |
|
|
Packit |
ae9e2a |
void test_online_badssl__old_cipher(void)
|
|
Packit |
ae9e2a |
{
|
|
Packit |
ae9e2a |
git_clone_options opts = GIT_CLONE_OPTIONS_INIT;
|
|
Packit |
ae9e2a |
opts.fetch_opts.callbacks.certificate_check = cert_check_assert_invalid;
|
|
Packit |
ae9e2a |
|
|
Packit |
ae9e2a |
/* FIXME: we don't actually reject RC4 anywhere, figure out what to tweak */
|
|
Packit |
ae9e2a |
cl_skip();
|
|
Packit |
ae9e2a |
|
|
Packit |
ae9e2a |
if (!g_has_ssl)
|
|
Packit |
ae9e2a |
cl_skip();
|
|
Packit |
ae9e2a |
|
|
Packit |
ae9e2a |
cl_git_fail_with(GIT_ECERTIFICATE,
|
|
Packit |
ae9e2a |
git_clone(&g_repo, "https://rc4.badssl.com/fake.git", "./fake", NULL));
|
|
Packit |
ae9e2a |
cl_git_fail_with(GIT_ECERTIFICATE,
|
|
Packit |
ae9e2a |
git_clone(&g_repo, "https://rc4.badssl.com/fake.git", "./fake", &opts));
|
|
Packit |
ae9e2a |
}
|