[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH 3/3] Add a test case for certificate validation



On 07/21/2011 06:30 AM, Daniel P. Berrange wrote:
From: "Daniel P. Berrange"<berrange redhat com>

This test case checks certification validation rules for

  - Basic constraints
  - Key purpose
  - Key usage
  - Start/expiry times

It checks initial context creation sanity checks, and live
session validation
---
  tests/.gitignore             |    1 +

We've got half our tests excluded in libvirt/.gitignore, the other half in libvirt/tests/.gitignore.

Someday I should follow through with my threat to consolidate all .gitignore into the top level file. But that's a separate patch, so don't worry about it in the context of this patch.


+virnettlscontexttest_SOURCES = \
+	virnettlscontexttest.c testutils.h testutils.c pkix_asn1_tab.c
+virnettlscontexttest_CFLAGS = -Dabs_builddir="\"$(abs_builddir)\"" $(AM_CFLAGS)
+virnettlscontexttest_LDADD = ../src/libvirt-net-rpc.la $(LDADDS) -ltasn1

Is -tasn1 available everywhere, or do we need to make compilation of this test conditional? Also, I don't see tasn mentioned anywhere else in the current libvirt.git tree - does this require some configure.ac magic?

+ * This file comes from gnutls, licensed under the GPLv3+

I guess that's okay, since our test is not installed.

+ */
+
+#include<config.h>
+#include<libtasn1.h>
+
+const ASN1_ARRAY_TYPE pkix_asn1_tab[] = {
+  { "PKIX1", 536875024, NULL },
+  { NULL, 1073741836, NULL },

How grungy. And no comments to tell you what it is actually testing. Oh well; it's copied from elsewhere, so hopefully gnutls knows what it is doing.

+
+/*
+ * To avoid consuming random entroy to generate keys,

s/entroy/entropy/

+ * here's one we prepared earlier :-)

Thanks.  That would be a shame if running 'make check' ate entropy.

+
+    /*
+     * First up generate a certificate request with some basic
+     * data. This seems a little pointless. We can probably
+     * just set this all on the certifivate object directly

s/certifivate/certificate/

+    /* We'll use this for our fake client-server connection */
+    if (socketpair(AF_UNIX, SOCK_STREAM, 0, channel)<  0)
+        abort();

Won't compile on Win32, so you definitely need conditional compilation of this test.

Overall the idea is nice.

--
Eric Blake   eblake redhat com    +1-801-349-2682
Libvirt virtualization library http://libvirt.org


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]