[libvirt] [PATCH 3/3] Add a test case for certificate validation

Daniel P. Berrange berrange at redhat.com
Fri Jul 22 10:30:04 UTC 2011 

On Thu, Jul 21, 2011 at 04:51:37PM -0600, Eric Blake wrote:
> On 07/21/2011 06:30 AM, Daniel P. Berrange wrote:
> >From: "Daniel P. Berrange"<berrange at redhat.com>
> >
> >This test case checks certification validation rules for
> >
> >  - Basic constraints
> >  - Key purpose
> >  - Key usage
> >  - Start/expiry times
> >
> >It checks initial context creation sanity checks, and live
> >session validation
> >---
> >  tests/.gitignore             |    1 +
> 
> We've got half our tests excluded in libvirt/.gitignore, the other
> half in libvirt/tests/.gitignore.
> 
> Someday I should follow through with my threat to consolidate all
> .gitignore into the top level file.  But that's a separate patch, so
> don't worry about it in the context of this patch.
> 
> >
> >+virnettlscontexttest_SOURCES = \
> >+	virnettlscontexttest.c testutils.h testutils.c pkix_asn1_tab.c
> >+virnettlscontexttest_CFLAGS = -Dabs_builddir="\"$(abs_builddir)\"" $(AM_CFLAGS)
> >+virnettlscontexttest_LDADD = ../src/libvirt-net-rpc.la $(LDADDS) -ltasn1
> 
> Is -tasn1 available everywhere, or do we need to make compilation of
> this test conditional?  Also, I don't see tasn mentioned anywhere
> else in the current libvirt.git tree - does this require some
> configure.ac magic?

GNUTLS links to libtasn1, so if we have GNUTLS we can expect to
have libtasn1 too. We have a hard dep on GNUTLS, so there's no
need for a conditional for that.

> >+ */
> >+
> >+#include<config.h>
> >+#include<libtasn1.h>
> >+
> >+const ASN1_ARRAY_TYPE pkix_asn1_tab[] = {
> >+  { "PKIX1", 536875024, NULL },
> >+  { NULL, 1073741836, NULL },
> 
> How grungy.  And no comments to tell you what it is actually
> testing. Oh well; it's copied from elsewhere, so hopefully gnutls
> knows what it is doing.

This isn't actually testing stuff. This is a data structure
that defines fields/values for x509 certificates as per the
relevant RFC. If you want to generate various fields for
x509 certs, you simply need this data to be able todo so.

> >+    /* We'll use this for our fake client-server connection */
> >+    if (socketpair(AF_UNIX, SOCK_STREAM, 0, channel)<  0)
> >+        abort();
> 
> Won't compile on Win32, so you definitely need conditional
> compilation of this test.

Oh good point, should fix that.

Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

More information about the libvir-list mailing list