NuKVM/libvirt
3
0
Fork 0
mirror of https://github.com/libvirt/libvirt.git synced 2025-02-25 18:55:26 -06:00
Code Issues Packages Projects Releases Wiki Activity
236da82dae
libvirt/tests/virnettlscontexttest.c

533 lines
17 KiB
C
Raw Normal View History

Add a test case for certificate validation This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
2011-07-20 13:04:18 -05:00
/*
tests: virnettlscontexttest needs gnutls-2.6.0 virnettlscontexttest uses gnutls_x509_crt_set_subject_alt_name() and GNUTLS_FSAN_APPEND, which - according to <http://www.gnu.org/software/gnutls/manual/gnutls.html> - are only available since 2.6.0. Since libvirt still works fine with gnutls-1.0.25 from RHEL5, only enable the test when the version of GNUTLS is at least 2.6.0. Signed-off-by: Philipp Hahn <hahn@univention.de> Signed-off-by: Eric Blake <eblake@redhat.com>
2012-01-30 11:44:13 -06:00
* Copyright (C) 2011-2012 Red Hat, Inc.
Add a test case for certificate validation This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
2011-07-20 13:04:18 -05:00
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
maint: fix up copyright notice inconsistencies https://www.gnu.org/licenses/gpl-howto.html recommends that the 'If not, see <url>.' phrase be a separate sentence. * tests/securityselinuxhelper.c: Remove doubled line. * tests/securityselinuxtest.c: Likewise. * globally: s/; If/. If/
2012-09-20 17:30:55 -05:00
* License along with this library. If not, see
Desert the FSF address in copyright Per the FSF address could be changed from time to time, and GNU recommends the following now: (http://www.gnu.org/licenses/gpl-howto.html) You should have received a copy of the GNU General Public License along with Foobar. If not, see <http://www.gnu.org/licenses/>. This patch removes the explicit FSF address, and uses above instead (of course, with inserting 'Lesser' before 'General'). Except a bunch of files for security driver, all others are changed automatically, the copyright for securify files are not complete, that's why to do it manually: src/security/security_selinux.h src/security/security_driver.h src/security/security_selinux.c src/security/security_apparmor.h src/security/security_apparmor.c src/security/security_driver.c
2012-07-21 05:06:23 -05:00
* <http://www.gnu.org/licenses/>.
Add a test case for certificate validation This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
2011-07-20 13:04:18 -05:00
*
* Author: Daniel P. Berrange <berrange@redhat.com>
*/
#include <config.h>
#include <stdlib.h>
#include <fcntl.h>
#include <sys/socket.h>
#include "testutils.h"
Split TLS test into two separate tests The virnettlscontexttest.c tests both virNetTLSContext and virNetTLSSession functionality. Split into two separate tests, to make the code size more manageable Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-05 10:49:24 -05:00
#include "virnettlshelpers.h"
Rename util.{c,h} to virutil.{c,h}
2012-12-13 11:44:57 -06:00
#include "virutil.h"
Rename virterror.c virterror_internal.h to virerror.{c,h}
2012-12-13 12:21:53 -06:00
#include "virerror.h"
Rename memory.{c,h} to viralloc.{c,h}
2012-12-12 12:06:53 -06:00
#include "viralloc.h"
Rename logging.{c,h} to virlog.{c,h}
2012-12-12 11:59:27 -06:00
#include "virlog.h"
Add a test case for certificate validation This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
2011-07-20 13:04:18 -05:00
#include "virfile.h"
Rename command.{c,h} to vircommand.{c,h}
2012-12-12 10:27:01 -06:00
#include "vircommand.h"
Split src/util/network.{c,h} into 5 pieces The src/util/network.c file is a dumping ground for many different APIs. Split it up into 5 pieces, along functional lines - src/util/virnetdevbandwidth.c: virNetDevBandwidth type & helper APIs - src/util/virnetdevvportprofile.c: virNetDevVPortProfile type & helper APIs - src/util/virsocketaddr.c: virSocketAddr and APIs - src/conf/netdev_bandwidth_conf.c: XML parsing / formatting for virNetDevBandwidth - src/conf/netdev_vport_profile_conf.c: XML parsing / formatting for virNetDevVPortProfile * src/util/network.c, src/util/network.h: Split into 5 pieces * src/conf/netdev_bandwidth_conf.c, src/conf/netdev_bandwidth_conf.h, src/conf/netdev_vport_profile_conf.c, src/conf/netdev_vport_profile_conf.h, src/util/virnetdevbandwidth.c, src/util/virnetdevbandwidth.h, src/util/virnetdevvportprofile.c, src/util/virnetdevvportprofile.h, src/util/virsocketaddr.c, src/util/virsocketaddr.h: New pieces * daemon/libvirtd.h, daemon/remote.c, src/conf/domain_conf.c, src/conf/domain_conf.h, src/conf/network_conf.c, src/conf/network_conf.h, src/conf/nwfilter_conf.h, src/esx/esx_util.h, src/network/bridge_driver.c, src/qemu/qemu_conf.c, src/rpc/virnetsocket.c, src/rpc/virnetsocket.h, src/util/dnsmasq.h, src/util/interface.h, src/util/iptables.h, src/util/macvtap.c, src/util/macvtap.h, src/util/virnetdev.h, src/util/virnetdevtap.c, tools/virsh.c: Update include files
2011-11-02 10:40:08 -05:00
#include "virsocketaddr.h"
Add a test case for certificate validation This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
2011-07-20 13:04:18 -05:00
tests: virnettlscontexttest needs gnutls-2.6.0 virnettlscontexttest uses gnutls_x509_crt_set_subject_alt_name() and GNUTLS_FSAN_APPEND, which - according to <http://www.gnu.org/software/gnutls/manual/gnutls.html> - are only available since 2.6.0. Since libvirt still works fine with gnutls-1.0.25 from RHEL5, only enable the test when the version of GNUTLS is at least 2.6.0. Signed-off-by: Philipp Hahn <hahn@univention.de> Signed-off-by: Eric Blake <eblake@redhat.com>
2012-01-30 11:44:13 -06:00
#if !defined WIN32 && HAVE_LIBTASN1_H && LIBGNUTLS_VERSION_NUMBER >= 0x020600
Add a test case for certificate validation This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
2011-07-20 13:04:18 -05:00
# include "rpc/virnettlscontext.h"
# define VIR_FROM_THIS VIR_FROM_RPC
struct testTLSContextData {
bool isServer;
struct testTLSCertReq careq;
struct testTLSCertReq certreq;
bool expectFail;
};
/*
* This tests sanity checking of our own certificates
*
* This code is done when libvirtd starts up, or before
* a libvirt client connects. The test is ensuring that
* the creation of virNetTLSContextPtr fails if we
Various typos and misspellings
2012-10-11 11:31:20 -05:00
* give bogus certs, or succeeds for good certs
Add a test case for certificate validation This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
2011-07-20 13:04:18 -05:00
*/
static int testTLSContextInit(const void *opaque)
{
struct testTLSContextData *data = (struct testTLSContextData *)opaque;
virNetTLSContextPtr ctxt = NULL;
int ret = -1;
testTLSGenerateCert(&data->careq);
data->certreq.cacrt = data->careq.crt;
testTLSGenerateCert(&data->certreq);
if (data->isServer) {
ctxt = virNetTLSContextNewServer(data->careq.filename,
NULL,
data->certreq.filename,
keyfile,
NULL,
true,
true);
} else {
ctxt = virNetTLSContextNewClient(data->careq.filename,
NULL,
data->certreq.filename,
keyfile,
true,
true);
}
if (ctxt) {
if (data->expectFail) {
VIR_WARN("Expected failure %s against %s",
data->careq.filename, data->certreq.filename);
goto cleanup;
}
} else {
virErrorPtr err = virGetLastError();
if (!data->expectFail) {
VIR_WARN("Unexpected failure %s against %s",
data->careq.filename, data->certreq.filename);
goto cleanup;
}
VIR_DEBUG("Got error %s", err ? err->message : "<unknown>");
}
ret = 0;
cleanup:
Turn virNetTLSContext and virNetTLSSession into virObject instances Make virNetTLSContext and virNetTLSSession use the virObject APIs for reference counting Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-07-11 08:35:48 -05:00
virObjectUnref(ctxt);
Split TLS test into two separate tests The virnettlscontexttest.c tests both virNetTLSContext and virNetTLSSession functionality. Split into two separate tests, to make the code size more manageable Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-05 10:49:24 -05:00
testTLSDiscardCert(&data->careq);
testTLSDiscardCert(&data->certreq);
Add a test case for certificate validation This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
2011-07-20 13:04:18 -05:00
return ret;
}
static int
mymain(void)
{
int ret = 0;
Split TLS test into two separate tests The virnettlscontexttest.c tests both virNetTLSContext and virNetTLSSession functionality. Split into two separate tests, to make the code size more manageable Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-05 10:49:24 -05:00
testTLSInit();
Add a test case for certificate validation This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
2011-07-20 13:04:18 -05:00
test: fix build errors with gcc 4.7.0 and -O0 When building on Fedora 17 (which uses gcc 4.7.0) with -O0 in CFLAGS, three of the tests failed to compile. cputest.c and qemuxml2argvtest.c had non-static structs defined inside the macro that was being repeatedly invoked. Due to some so-far unidentified change in gcc, the stack space used by variables defined inside { } is not recovered/re-used when the block ends, so all these structs have become additive (this is the same problem worked around in commit cf57d345b). Fortunately, these two files could be fixed with a single line addition of "static" to the struct definition in the macro. virnettlscontexttest.c was a bit different, though. The problem structs in the do/while loop of macros had non-constant initializers, so it took a bit more work and piecemeal initialization instead of member initialization to get things to be happy. In an ideal world, none of these changes should be necessary, but not knowing how long it will be until the gcc regressions are fixed, and since the code is just as correct after this patch as before, it makes sense to fix libvirt's build for -O0 while also reporting the gcc problem.
2012-04-05 15:31:36 -05:00
# define DO_CTX_TEST(_isServer, _caReq, _certReq, _expectFail) \
Add a test case for certificate validation This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
2011-07-20 13:04:18 -05:00
do { \
test: fix build errors with gcc 4.7.0 and -O0 When building on Fedora 17 (which uses gcc 4.7.0) with -O0 in CFLAGS, three of the tests failed to compile. cputest.c and qemuxml2argvtest.c had non-static structs defined inside the macro that was being repeatedly invoked. Due to some so-far unidentified change in gcc, the stack space used by variables defined inside { } is not recovered/re-used when the block ends, so all these structs have become additive (this is the same problem worked around in commit cf57d345b). Fortunately, these two files could be fixed with a single line addition of "static" to the struct definition in the macro. virnettlscontexttest.c was a bit different, though. The problem structs in the do/while loop of macros had non-constant initializers, so it took a bit more work and piecemeal initialization instead of member initialization to get things to be happy. In an ideal world, none of these changes should be necessary, but not knowing how long it will be until the gcc regressions are fixed, and since the code is just as correct after this patch as before, it makes sense to fix libvirt's build for -O0 while also reporting the gcc problem.
2012-04-05 15:31:36 -05:00
static struct testTLSContextData data; \
data.isServer = _isServer; \
data.careq = _caReq; \
data.certreq = _certReq; \
data.expectFail = _expectFail; \
Add a test case for certificate validation This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
2011-07-20 13:04:18 -05:00
if (virtTestRun("TLS Context", 1, testTLSContextInit, &data) < 0) \
ret = -1; \
} while (0)
/* A perfect CA, perfect client & perfect server */
/* Basic:CA:critical */
tests: fix compilation failures Even though gnutls is a hard-req for libvirt, and gnutls depends on libtasn1, that does not mean that you have to have the libtasn1 development files installed. Skip the test rather than failing compilation in that case. With newer gcc, the test consumed too much stack space. Move things to static storage to fix that. * configure.ac (AC_CHECK_HEADERS): Check for libtasn1.h. (HAVE_LIBTASN1): New automake conditional. * tests/Makefile.am (virnettlsconvirnettlscontexttest_SOURCES) (virnettlscontexttest_LDADD): Allow compilation without libtasn1. * tests/virnettlscontexttest.c: Skip test if headers not present. (struct testTLSCertReq): Alter time members. (testTLSGenerateCert): Reflect the change. (mymain): Reduce stack usage.
2011-07-22 12:59:37 -05:00
static struct testTLSCertReq cacertreq = {
Add a test case for certificate validation This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
2011-07-20 13:04:18 -05:00
NULL, NULL, "cacert.pem", "UK",
"libvirt CA", NULL, NULL, NULL, NULL,
true, true, true,
true, true, GNUTLS_KEY_KEY_CERT_SIGN,
false, false, NULL, NULL,
0, 0,
};
tests: fix compilation failures Even though gnutls is a hard-req for libvirt, and gnutls depends on libtasn1, that does not mean that you have to have the libtasn1 development files installed. Skip the test rather than failing compilation in that case. With newer gcc, the test consumed too much stack space. Move things to static storage to fix that. * configure.ac (AC_CHECK_HEADERS): Check for libtasn1.h. (HAVE_LIBTASN1): New automake conditional. * tests/Makefile.am (virnettlsconvirnettlscontexttest_SOURCES) (virnettlscontexttest_LDADD): Allow compilation without libtasn1. * tests/virnettlscontexttest.c: Skip test if headers not present. (struct testTLSCertReq): Alter time members. (testTLSGenerateCert): Reflect the change. (mymain): Reduce stack usage.
2011-07-22 12:59:37 -05:00
static struct testTLSCertReq servercertreq = {
Add a test case for certificate validation This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
2011-07-20 13:04:18 -05:00
NULL, NULL, "servercert.pem", "UK",
"libvirt.org", NULL, NULL, NULL, NULL,
true, true, false,
true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT,
true, true, GNUTLS_KP_TLS_WWW_SERVER, NULL,
0, 0,
};
tests: fix compilation failures Even though gnutls is a hard-req for libvirt, and gnutls depends on libtasn1, that does not mean that you have to have the libtasn1 development files installed. Skip the test rather than failing compilation in that case. With newer gcc, the test consumed too much stack space. Move things to static storage to fix that. * configure.ac (AC_CHECK_HEADERS): Check for libtasn1.h. (HAVE_LIBTASN1): New automake conditional. * tests/Makefile.am (virnettlsconvirnettlscontexttest_SOURCES) (virnettlscontexttest_LDADD): Allow compilation without libtasn1. * tests/virnettlscontexttest.c: Skip test if headers not present. (struct testTLSCertReq): Alter time members. (testTLSGenerateCert): Reflect the change. (mymain): Reduce stack usage.
2011-07-22 12:59:37 -05:00
static struct testTLSCertReq clientcertreq = {
Add a test case for certificate validation This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
2011-07-20 13:04:18 -05:00
NULL, NULL, "clientcert.pem", "UK",
"libvirt", NULL, NULL, NULL, NULL,
true, true, false,
true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT,
true, true, GNUTLS_KP_TLS_WWW_CLIENT, NULL,
0, 0,
};
DO_CTX_TEST(true, cacertreq, servercertreq, false);
DO_CTX_TEST(false, cacertreq, clientcertreq, false);
/* Some other CAs which are good */
/* Basic:CA:critical */
tests: fix compilation failures Even though gnutls is a hard-req for libvirt, and gnutls depends on libtasn1, that does not mean that you have to have the libtasn1 development files installed. Skip the test rather than failing compilation in that case. With newer gcc, the test consumed too much stack space. Move things to static storage to fix that. * configure.ac (AC_CHECK_HEADERS): Check for libtasn1.h. (HAVE_LIBTASN1): New automake conditional. * tests/Makefile.am (virnettlsconvirnettlscontexttest_SOURCES) (virnettlscontexttest_LDADD): Allow compilation without libtasn1. * tests/virnettlscontexttest.c: Skip test if headers not present. (struct testTLSCertReq): Alter time members. (testTLSGenerateCert): Reflect the change. (mymain): Reduce stack usage.
2011-07-22 12:59:37 -05:00
static struct testTLSCertReq cacert1req = {
Add a test case for certificate validation This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
2011-07-20 13:04:18 -05:00
NULL, NULL, "cacert1.pem", "UK",
"libvirt CA 1", NULL, NULL, NULL, NULL,
true, true, true,
false, false, 0,
false, false, NULL, NULL,
0, 0,
};
/* Basic:CA:not-critical */
tests: fix compilation failures Even though gnutls is a hard-req for libvirt, and gnutls depends on libtasn1, that does not mean that you have to have the libtasn1 development files installed. Skip the test rather than failing compilation in that case. With newer gcc, the test consumed too much stack space. Move things to static storage to fix that. * configure.ac (AC_CHECK_HEADERS): Check for libtasn1.h. (HAVE_LIBTASN1): New automake conditional. * tests/Makefile.am (virnettlsconvirnettlscontexttest_SOURCES) (virnettlscontexttest_LDADD): Allow compilation without libtasn1. * tests/virnettlscontexttest.c: Skip test if headers not present. (struct testTLSCertReq): Alter time members. (testTLSGenerateCert): Reflect the change. (mymain): Reduce stack usage.
2011-07-22 12:59:37 -05:00
static struct testTLSCertReq cacert2req = {
Add a test case for certificate validation This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
2011-07-20 13:04:18 -05:00
NULL, NULL, "cacert2.pem", "UK",
"libvirt CA 2", NULL, NULL, NULL, NULL,
true, false, true,
false, false, 0,
false, false, NULL, NULL,
0, 0,
};
Split TLS test into two separate tests The virnettlscontexttest.c tests both virNetTLSContext and virNetTLSSession functionality. Split into two separate tests, to make the code size more manageable Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-05 10:49:24 -05:00
/* Key usage:cert-sign:critical */
tests: fix compilation failures Even though gnutls is a hard-req for libvirt, and gnutls depends on libtasn1, that does not mean that you have to have the libtasn1 development files installed. Skip the test rather than failing compilation in that case. With newer gcc, the test consumed too much stack space. Move things to static storage to fix that. * configure.ac (AC_CHECK_HEADERS): Check for libtasn1.h. (HAVE_LIBTASN1): New automake conditional. * tests/Makefile.am (virnettlsconvirnettlscontexttest_SOURCES) (virnettlscontexttest_LDADD): Allow compilation without libtasn1. * tests/virnettlscontexttest.c: Skip test if headers not present. (struct testTLSCertReq): Alter time members. (testTLSGenerateCert): Reflect the change. (mymain): Reduce stack usage.
2011-07-22 12:59:37 -05:00
static struct testTLSCertReq cacert3req = {
Add a test case for certificate validation This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
2011-07-20 13:04:18 -05:00
NULL, NULL, "cacert3.pem", "UK",
"libvirt CA 3", NULL, NULL, NULL, NULL,
true, true, true,
true, true, GNUTLS_KEY_KEY_CERT_SIGN,
false, false, NULL, NULL,
0, 0,
};
DO_CTX_TEST(true, cacert1req, servercertreq, false);
DO_CTX_TEST(true, cacert2req, servercertreq, false);
DO_CTX_TEST(true, cacert3req, servercertreq, false);
/* Now some bad certs */
Fix TLS tests with gnutls 3 When given a CA cert with basic constraints to set non-critical, and key usage of 'key signing', this should be rejected. Version of GNUTLS < 3 do not rejecte it though, so we never noticed the test case was broken Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-04 11:27:38 -06:00
/* Key usage:dig-sig:not-critical */
Split TLS test into two separate tests The virnettlscontexttest.c tests both virNetTLSContext and virNetTLSSession functionality. Split into two separate tests, to make the code size more manageable Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-05 10:49:24 -05:00
static struct testTLSCertReq cacert4req = {
NULL, NULL, "cacert4.pem", "UK",
"libvirt CA 4", NULL, NULL, NULL, NULL,
Fix TLS tests with gnutls 3 When given a CA cert with basic constraints to set non-critical, and key usage of 'key signing', this should be rejected. Version of GNUTLS < 3 do not rejecte it though, so we never noticed the test case was broken Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-04 11:27:38 -06:00
true, true, true,
true, false, GNUTLS_KEY_DIGITAL_SIGNATURE,
false, false, NULL, NULL,
0, 0,
};
Add a test case for certificate validation This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
2011-07-20 13:04:18 -05:00
/* no-basic */
Split TLS test into two separate tests The virnettlscontexttest.c tests both virNetTLSContext and virNetTLSSession functionality. Split into two separate tests, to make the code size more manageable Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-05 10:49:24 -05:00
static struct testTLSCertReq cacert5req = {
NULL, NULL, "cacert5.pem", "UK",
"libvirt CA 5", NULL, NULL, NULL, NULL,
Add a test case for certificate validation This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
2011-07-20 13:04:18 -05:00
false, false, false,
false, false, 0,
false, false, NULL, NULL,
0, 0,
};
/* Key usage:dig-sig:critical */
Split TLS test into two separate tests The virnettlscontexttest.c tests both virNetTLSContext and virNetTLSSession functionality. Split into two separate tests, to make the code size more manageable Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-05 10:49:24 -05:00
static struct testTLSCertReq cacert6req = {
NULL, NULL, "cacert6.pem", "UK",
"libvirt CA 6", NULL, NULL, NULL, NULL,
Add a test case for certificate validation This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
2011-07-20 13:04:18 -05:00
true, true, true,
true, true, GNUTLS_KEY_DIGITAL_SIGNATURE,
false, false, NULL, NULL,
0, 0,
};
Fix TLS tests with gnutls 3 When given a CA cert with basic constraints to set non-critical, and key usage of 'key signing', this should be rejected. Version of GNUTLS < 3 do not rejecte it though, so we never noticed the test case was broken Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-04 11:27:38 -06:00
/* Technically a CA cert with basic constraints
* key purpose == key signing + non-critical should
* be rejected. GNUTLS < 3 does not reject it and
* we don't anticipate them changing this behaviour
*/
Split TLS test into two separate tests The virnettlscontexttest.c tests both virNetTLSContext and virNetTLSSession functionality. Split into two separate tests, to make the code size more manageable Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-05 10:49:24 -05:00
DO_CTX_TEST(true, cacert4req, servercertreq, GNUTLS_VERSION_MAJOR >= 3);
DO_CTX_TEST(true, cacert5req, servercertreq, true);
Add a test case for certificate validation This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
2011-07-20 13:04:18 -05:00
DO_CTX_TEST(true, cacert6req, servercertreq, true);
/* Various good servers */
/* no usage or purpose */
tests: fix compilation failures Even though gnutls is a hard-req for libvirt, and gnutls depends on libtasn1, that does not mean that you have to have the libtasn1 development files installed. Skip the test rather than failing compilation in that case. With newer gcc, the test consumed too much stack space. Move things to static storage to fix that. * configure.ac (AC_CHECK_HEADERS): Check for libtasn1.h. (HAVE_LIBTASN1): New automake conditional. * tests/Makefile.am (virnettlsconvirnettlscontexttest_SOURCES) (virnettlscontexttest_LDADD): Allow compilation without libtasn1. * tests/virnettlscontexttest.c: Skip test if headers not present. (struct testTLSCertReq): Alter time members. (testTLSGenerateCert): Reflect the change. (mymain): Reduce stack usage.
2011-07-22 12:59:37 -05:00
static struct testTLSCertReq servercert1req = {
Add a test case for certificate validation This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
2011-07-20 13:04:18 -05:00
NULL, NULL, "servercert1.pem", "UK",
"libvirt", NULL, NULL, NULL, NULL,
true, true, false,
false, false, 0,
false, false, NULL, NULL,
0, 0,
};
/* usage:cert-sign+dig-sig+encipher:critical */
tests: fix compilation failures Even though gnutls is a hard-req for libvirt, and gnutls depends on libtasn1, that does not mean that you have to have the libtasn1 development files installed. Skip the test rather than failing compilation in that case. With newer gcc, the test consumed too much stack space. Move things to static storage to fix that. * configure.ac (AC_CHECK_HEADERS): Check for libtasn1.h. (HAVE_LIBTASN1): New automake conditional. * tests/Makefile.am (virnettlsconvirnettlscontexttest_SOURCES) (virnettlscontexttest_LDADD): Allow compilation without libtasn1. * tests/virnettlscontexttest.c: Skip test if headers not present. (struct testTLSCertReq): Alter time members. (testTLSGenerateCert): Reflect the change. (mymain): Reduce stack usage.
2011-07-22 12:59:37 -05:00
static struct testTLSCertReq servercert2req = {
Add a test case for certificate validation This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
2011-07-20 13:04:18 -05:00
NULL, NULL, "servercert2.pem", "UK",
"libvirt", NULL, NULL, NULL, NULL,
true, true, false,
true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT | GNUTLS_KEY_KEY_CERT_SIGN,
false, false, NULL, NULL,
0, 0,
};
/* usage:cert-sign:not-critical */
tests: fix compilation failures Even though gnutls is a hard-req for libvirt, and gnutls depends on libtasn1, that does not mean that you have to have the libtasn1 development files installed. Skip the test rather than failing compilation in that case. With newer gcc, the test consumed too much stack space. Move things to static storage to fix that. * configure.ac (AC_CHECK_HEADERS): Check for libtasn1.h. (HAVE_LIBTASN1): New automake conditional. * tests/Makefile.am (virnettlsconvirnettlscontexttest_SOURCES) (virnettlscontexttest_LDADD): Allow compilation without libtasn1. * tests/virnettlscontexttest.c: Skip test if headers not present. (struct testTLSCertReq): Alter time members. (testTLSGenerateCert): Reflect the change. (mymain): Reduce stack usage.
2011-07-22 12:59:37 -05:00
static struct testTLSCertReq servercert3req = {
Add a test case for certificate validation This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
2011-07-20 13:04:18 -05:00
NULL, NULL, "servercert3.pem", "UK",
"libvirt", NULL, NULL, NULL, NULL,
true, true, false,
true, false, GNUTLS_KEY_KEY_CERT_SIGN,
false, false, NULL, NULL,
0, 0,
};
/* purpose:server:critical */
tests: fix compilation failures Even though gnutls is a hard-req for libvirt, and gnutls depends on libtasn1, that does not mean that you have to have the libtasn1 development files installed. Skip the test rather than failing compilation in that case. With newer gcc, the test consumed too much stack space. Move things to static storage to fix that. * configure.ac (AC_CHECK_HEADERS): Check for libtasn1.h. (HAVE_LIBTASN1): New automake conditional. * tests/Makefile.am (virnettlsconvirnettlscontexttest_SOURCES) (virnettlscontexttest_LDADD): Allow compilation without libtasn1. * tests/virnettlscontexttest.c: Skip test if headers not present. (struct testTLSCertReq): Alter time members. (testTLSGenerateCert): Reflect the change. (mymain): Reduce stack usage.
2011-07-22 12:59:37 -05:00
static struct testTLSCertReq servercert4req = {
Add a test case for certificate validation This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
2011-07-20 13:04:18 -05:00
NULL, NULL, "servercert4.pem", "UK",
"libvirt", NULL, NULL, NULL, NULL,
true, true, false,
false, false, 0,
true, true, GNUTLS_KP_TLS_WWW_SERVER, NULL,
0, 0,
};
/* purpose:server:not-critical */
tests: fix compilation failures Even though gnutls is a hard-req for libvirt, and gnutls depends on libtasn1, that does not mean that you have to have the libtasn1 development files installed. Skip the test rather than failing compilation in that case. With newer gcc, the test consumed too much stack space. Move things to static storage to fix that. * configure.ac (AC_CHECK_HEADERS): Check for libtasn1.h. (HAVE_LIBTASN1): New automake conditional. * tests/Makefile.am (virnettlsconvirnettlscontexttest_SOURCES) (virnettlscontexttest_LDADD): Allow compilation without libtasn1. * tests/virnettlscontexttest.c: Skip test if headers not present. (struct testTLSCertReq): Alter time members. (testTLSGenerateCert): Reflect the change. (mymain): Reduce stack usage.
2011-07-22 12:59:37 -05:00
static struct testTLSCertReq servercert5req = {
Add a test case for certificate validation This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
2011-07-20 13:04:18 -05:00
NULL, NULL, "servercert5.pem", "UK",
"libvirt", NULL, NULL, NULL, NULL,
true, true, false,
false, false, 0,
true, false, GNUTLS_KP_TLS_WWW_SERVER, NULL,
0, 0,
};
/* purpose:client+server:critical */
tests: fix compilation failures Even though gnutls is a hard-req for libvirt, and gnutls depends on libtasn1, that does not mean that you have to have the libtasn1 development files installed. Skip the test rather than failing compilation in that case. With newer gcc, the test consumed too much stack space. Move things to static storage to fix that. * configure.ac (AC_CHECK_HEADERS): Check for libtasn1.h. (HAVE_LIBTASN1): New automake conditional. * tests/Makefile.am (virnettlsconvirnettlscontexttest_SOURCES) (virnettlscontexttest_LDADD): Allow compilation without libtasn1. * tests/virnettlscontexttest.c: Skip test if headers not present. (struct testTLSCertReq): Alter time members. (testTLSGenerateCert): Reflect the change. (mymain): Reduce stack usage.
2011-07-22 12:59:37 -05:00
static struct testTLSCertReq servercert6req = {
Add a test case for certificate validation This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
2011-07-20 13:04:18 -05:00
NULL, NULL, "servercert6.pem", "UK",
"libvirt", NULL, NULL, NULL, NULL,
true, true, false,
false, false, 0,
true, true, GNUTLS_KP_TLS_WWW_CLIENT, GNUTLS_KP_TLS_WWW_SERVER,
0, 0,
};
/* purpose:client+server:not-critical */
tests: fix compilation failures Even though gnutls is a hard-req for libvirt, and gnutls depends on libtasn1, that does not mean that you have to have the libtasn1 development files installed. Skip the test rather than failing compilation in that case. With newer gcc, the test consumed too much stack space. Move things to static storage to fix that. * configure.ac (AC_CHECK_HEADERS): Check for libtasn1.h. (HAVE_LIBTASN1): New automake conditional. * tests/Makefile.am (virnettlsconvirnettlscontexttest_SOURCES) (virnettlscontexttest_LDADD): Allow compilation without libtasn1. * tests/virnettlscontexttest.c: Skip test if headers not present. (struct testTLSCertReq): Alter time members. (testTLSGenerateCert): Reflect the change. (mymain): Reduce stack usage.
2011-07-22 12:59:37 -05:00
static struct testTLSCertReq servercert7req = {
Add a test case for certificate validation This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
2011-07-20 13:04:18 -05:00
NULL, NULL, "servercert7.pem", "UK",
"libvirt", NULL, NULL, NULL, NULL,
true, true, false,
false, false, 0,
true, false, GNUTLS_KP_TLS_WWW_CLIENT, GNUTLS_KP_TLS_WWW_SERVER,
0, 0,
};
DO_CTX_TEST(true, cacertreq, servercert1req, false);
DO_CTX_TEST(true, cacertreq, servercert2req, false);
DO_CTX_TEST(true, cacertreq, servercert3req, false);
DO_CTX_TEST(true, cacertreq, servercert4req, false);
DO_CTX_TEST(true, cacertreq, servercert5req, false);
DO_CTX_TEST(true, cacertreq, servercert6req, false);
DO_CTX_TEST(true, cacertreq, servercert7req, false);
/* Bad servers */
/* usage:cert-sign:critical */
tests: fix compilation failures Even though gnutls is a hard-req for libvirt, and gnutls depends on libtasn1, that does not mean that you have to have the libtasn1 development files installed. Skip the test rather than failing compilation in that case. With newer gcc, the test consumed too much stack space. Move things to static storage to fix that. * configure.ac (AC_CHECK_HEADERS): Check for libtasn1.h. (HAVE_LIBTASN1): New automake conditional. * tests/Makefile.am (virnettlsconvirnettlscontexttest_SOURCES) (virnettlscontexttest_LDADD): Allow compilation without libtasn1. * tests/virnettlscontexttest.c: Skip test if headers not present. (struct testTLSCertReq): Alter time members. (testTLSGenerateCert): Reflect the change. (mymain): Reduce stack usage.
2011-07-22 12:59:37 -05:00
static struct testTLSCertReq servercert8req = {
Add a test case for certificate validation This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
2011-07-20 13:04:18 -05:00
NULL, NULL, "servercert8.pem", "UK",
"libvirt", NULL, NULL, NULL, NULL,
true, true, false,
true, true, GNUTLS_KEY_KEY_CERT_SIGN,
false, false, NULL, NULL,
0, 0,
};
/* purpose:client:critical */
tests: fix compilation failures Even though gnutls is a hard-req for libvirt, and gnutls depends on libtasn1, that does not mean that you have to have the libtasn1 development files installed. Skip the test rather than failing compilation in that case. With newer gcc, the test consumed too much stack space. Move things to static storage to fix that. * configure.ac (AC_CHECK_HEADERS): Check for libtasn1.h. (HAVE_LIBTASN1): New automake conditional. * tests/Makefile.am (virnettlsconvirnettlscontexttest_SOURCES) (virnettlscontexttest_LDADD): Allow compilation without libtasn1. * tests/virnettlscontexttest.c: Skip test if headers not present. (struct testTLSCertReq): Alter time members. (testTLSGenerateCert): Reflect the change. (mymain): Reduce stack usage.
2011-07-22 12:59:37 -05:00
static struct testTLSCertReq servercert9req = {
Add a test case for certificate validation This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
2011-07-20 13:04:18 -05:00
NULL, NULL, "servercert9.pem", "UK",
"libvirt", NULL, NULL, NULL, NULL,
true, true, false,
false, false, 0,
true, true, GNUTLS_KP_TLS_WWW_CLIENT, NULL,
0, 0,
};
/* usage: none:critical */
tests: fix compilation failures Even though gnutls is a hard-req for libvirt, and gnutls depends on libtasn1, that does not mean that you have to have the libtasn1 development files installed. Skip the test rather than failing compilation in that case. With newer gcc, the test consumed too much stack space. Move things to static storage to fix that. * configure.ac (AC_CHECK_HEADERS): Check for libtasn1.h. (HAVE_LIBTASN1): New automake conditional. * tests/Makefile.am (virnettlsconvirnettlscontexttest_SOURCES) (virnettlscontexttest_LDADD): Allow compilation without libtasn1. * tests/virnettlscontexttest.c: Skip test if headers not present. (struct testTLSCertReq): Alter time members. (testTLSGenerateCert): Reflect the change. (mymain): Reduce stack usage.
2011-07-22 12:59:37 -05:00
static struct testTLSCertReq servercert10req = {
Add a test case for certificate validation This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
2011-07-20 13:04:18 -05:00
NULL, NULL, "servercert10.pem", "UK",
"libvirt", NULL, NULL, NULL, NULL,
true, true, false,
true, true, 0,
false, false, NULL, NULL,
0, 0,
};
DO_CTX_TEST(true, cacertreq, servercert8req, true);
DO_CTX_TEST(true, cacertreq, servercert9req, true);
DO_CTX_TEST(true, cacertreq, servercert10req, true);
/* Various good clients */
/* no usage or purpose */
tests: fix compilation failures Even though gnutls is a hard-req for libvirt, and gnutls depends on libtasn1, that does not mean that you have to have the libtasn1 development files installed. Skip the test rather than failing compilation in that case. With newer gcc, the test consumed too much stack space. Move things to static storage to fix that. * configure.ac (AC_CHECK_HEADERS): Check for libtasn1.h. (HAVE_LIBTASN1): New automake conditional. * tests/Makefile.am (virnettlsconvirnettlscontexttest_SOURCES) (virnettlscontexttest_LDADD): Allow compilation without libtasn1. * tests/virnettlscontexttest.c: Skip test if headers not present. (struct testTLSCertReq): Alter time members. (testTLSGenerateCert): Reflect the change. (mymain): Reduce stack usage.
2011-07-22 12:59:37 -05:00
static struct testTLSCertReq clientcert1req = {
Add a test case for certificate validation This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
2011-07-20 13:04:18 -05:00
NULL, NULL, "clientcert1.pem", "UK",
"libvirt", NULL, NULL, NULL, NULL,
true, true, false,
false, false, 0,
false, false, NULL, NULL,
0, 0,
};
/* usage:cert-sign+dig-sig+encipher:critical */
tests: fix compilation failures Even though gnutls is a hard-req for libvirt, and gnutls depends on libtasn1, that does not mean that you have to have the libtasn1 development files installed. Skip the test rather than failing compilation in that case. With newer gcc, the test consumed too much stack space. Move things to static storage to fix that. * configure.ac (AC_CHECK_HEADERS): Check for libtasn1.h. (HAVE_LIBTASN1): New automake conditional. * tests/Makefile.am (virnettlsconvirnettlscontexttest_SOURCES) (virnettlscontexttest_LDADD): Allow compilation without libtasn1. * tests/virnettlscontexttest.c: Skip test if headers not present. (struct testTLSCertReq): Alter time members. (testTLSGenerateCert): Reflect the change. (mymain): Reduce stack usage.
2011-07-22 12:59:37 -05:00
static struct testTLSCertReq clientcert2req = {
Add a test case for certificate validation This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
2011-07-20 13:04:18 -05:00
NULL, NULL, "clientcert2.pem", "UK",
"libvirt", NULL, NULL, NULL, NULL,
true, true, false,
true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT | GNUTLS_KEY_KEY_CERT_SIGN,
false, false, NULL, NULL,
0, 0,
};
/* usage:cert-sign:not-critical */
tests: fix compilation failures Even though gnutls is a hard-req for libvirt, and gnutls depends on libtasn1, that does not mean that you have to have the libtasn1 development files installed. Skip the test rather than failing compilation in that case. With newer gcc, the test consumed too much stack space. Move things to static storage to fix that. * configure.ac (AC_CHECK_HEADERS): Check for libtasn1.h. (HAVE_LIBTASN1): New automake conditional. * tests/Makefile.am (virnettlsconvirnettlscontexttest_SOURCES) (virnettlscontexttest_LDADD): Allow compilation without libtasn1. * tests/virnettlscontexttest.c: Skip test if headers not present. (struct testTLSCertReq): Alter time members. (testTLSGenerateCert): Reflect the change. (mymain): Reduce stack usage.
2011-07-22 12:59:37 -05:00
static struct testTLSCertReq clientcert3req = {
Add a test case for certificate validation This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
2011-07-20 13:04:18 -05:00
NULL, NULL, "clientcert3.pem", "UK",
"libvirt", NULL, NULL, NULL, NULL,
true, true, false,
true, false, GNUTLS_KEY_KEY_CERT_SIGN,
false, false, NULL, NULL,
0, 0,
};
/* purpose:client:critical */
tests: fix compilation failures Even though gnutls is a hard-req for libvirt, and gnutls depends on libtasn1, that does not mean that you have to have the libtasn1 development files installed. Skip the test rather than failing compilation in that case. With newer gcc, the test consumed too much stack space. Move things to static storage to fix that. * configure.ac (AC_CHECK_HEADERS): Check for libtasn1.h. (HAVE_LIBTASN1): New automake conditional. * tests/Makefile.am (virnettlsconvirnettlscontexttest_SOURCES) (virnettlscontexttest_LDADD): Allow compilation without libtasn1. * tests/virnettlscontexttest.c: Skip test if headers not present. (struct testTLSCertReq): Alter time members. (testTLSGenerateCert): Reflect the change. (mymain): Reduce stack usage.
2011-07-22 12:59:37 -05:00
static struct testTLSCertReq clientcert4req = {
Add a test case for certificate validation This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
2011-07-20 13:04:18 -05:00
NULL, NULL, "clientcert4.pem", "UK",
"libvirt", NULL, NULL, NULL, NULL,
true, true, false,
false, false, 0,
true, true, GNUTLS_KP_TLS_WWW_CLIENT, NULL,
0, 0,
};
/* purpose:client:not-critical */
tests: fix compilation failures Even though gnutls is a hard-req for libvirt, and gnutls depends on libtasn1, that does not mean that you have to have the libtasn1 development files installed. Skip the test rather than failing compilation in that case. With newer gcc, the test consumed too much stack space. Move things to static storage to fix that. * configure.ac (AC_CHECK_HEADERS): Check for libtasn1.h. (HAVE_LIBTASN1): New automake conditional. * tests/Makefile.am (virnettlsconvirnettlscontexttest_SOURCES) (virnettlscontexttest_LDADD): Allow compilation without libtasn1. * tests/virnettlscontexttest.c: Skip test if headers not present. (struct testTLSCertReq): Alter time members. (testTLSGenerateCert): Reflect the change. (mymain): Reduce stack usage.
2011-07-22 12:59:37 -05:00
static struct testTLSCertReq clientcert5req = {
Add a test case for certificate validation This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
2011-07-20 13:04:18 -05:00
NULL, NULL, "clientcert5.pem", "UK",
"libvirt", NULL, NULL, NULL, NULL,
true, true, false,
false, false, 0,
true, false, GNUTLS_KP_TLS_WWW_CLIENT, NULL,
0, 0,
};
/* purpose:client+client:critical */
tests: fix compilation failures Even though gnutls is a hard-req for libvirt, and gnutls depends on libtasn1, that does not mean that you have to have the libtasn1 development files installed. Skip the test rather than failing compilation in that case. With newer gcc, the test consumed too much stack space. Move things to static storage to fix that. * configure.ac (AC_CHECK_HEADERS): Check for libtasn1.h. (HAVE_LIBTASN1): New automake conditional. * tests/Makefile.am (virnettlsconvirnettlscontexttest_SOURCES) (virnettlscontexttest_LDADD): Allow compilation without libtasn1. * tests/virnettlscontexttest.c: Skip test if headers not present. (struct testTLSCertReq): Alter time members. (testTLSGenerateCert): Reflect the change. (mymain): Reduce stack usage.
2011-07-22 12:59:37 -05:00
static struct testTLSCertReq clientcert6req = {
Add a test case for certificate validation This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
2011-07-20 13:04:18 -05:00
NULL, NULL, "clientcert6.pem", "UK",
"libvirt", NULL, NULL, NULL, NULL,
true, true, false,
false, false, 0,
true, true, GNUTLS_KP_TLS_WWW_CLIENT, GNUTLS_KP_TLS_WWW_SERVER,
0, 0,
};
/* purpose:client+client:not-critical */
tests: fix compilation failures Even though gnutls is a hard-req for libvirt, and gnutls depends on libtasn1, that does not mean that you have to have the libtasn1 development files installed. Skip the test rather than failing compilation in that case. With newer gcc, the test consumed too much stack space. Move things to static storage to fix that. * configure.ac (AC_CHECK_HEADERS): Check for libtasn1.h. (HAVE_LIBTASN1): New automake conditional. * tests/Makefile.am (virnettlsconvirnettlscontexttest_SOURCES) (virnettlscontexttest_LDADD): Allow compilation without libtasn1. * tests/virnettlscontexttest.c: Skip test if headers not present. (struct testTLSCertReq): Alter time members. (testTLSGenerateCert): Reflect the change. (mymain): Reduce stack usage.
2011-07-22 12:59:37 -05:00
static struct testTLSCertReq clientcert7req = {
Add a test case for certificate validation This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
2011-07-20 13:04:18 -05:00
NULL, NULL, "clientcert7.pem", "UK",
"libvirt", NULL, NULL, NULL, NULL,
true, true, false,
false, false, 0,
true, false, GNUTLS_KP_TLS_WWW_CLIENT, GNUTLS_KP_TLS_WWW_SERVER,
0, 0,
};
DO_CTX_TEST(false, cacertreq, clientcert1req, false);
DO_CTX_TEST(false, cacertreq, clientcert2req, false);
DO_CTX_TEST(false, cacertreq, clientcert3req, false);
DO_CTX_TEST(false, cacertreq, clientcert4req, false);
DO_CTX_TEST(false, cacertreq, clientcert5req, false);
DO_CTX_TEST(false, cacertreq, clientcert6req, false);
DO_CTX_TEST(false, cacertreq, clientcert7req, false);
/* Bad clients */
/* usage:cert-sign:critical */
tests: fix compilation failures Even though gnutls is a hard-req for libvirt, and gnutls depends on libtasn1, that does not mean that you have to have the libtasn1 development files installed. Skip the test rather than failing compilation in that case. With newer gcc, the test consumed too much stack space. Move things to static storage to fix that. * configure.ac (AC_CHECK_HEADERS): Check for libtasn1.h. (HAVE_LIBTASN1): New automake conditional. * tests/Makefile.am (virnettlsconvirnettlscontexttest_SOURCES) (virnettlscontexttest_LDADD): Allow compilation without libtasn1. * tests/virnettlscontexttest.c: Skip test if headers not present. (struct testTLSCertReq): Alter time members. (testTLSGenerateCert): Reflect the change. (mymain): Reduce stack usage.
2011-07-22 12:59:37 -05:00
static struct testTLSCertReq clientcert8req = {
Add a test case for certificate validation This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
2011-07-20 13:04:18 -05:00
NULL, NULL, "clientcert8.pem", "UK",
"libvirt", NULL, NULL, NULL, NULL,
true, true, false,
true, true, GNUTLS_KEY_KEY_CERT_SIGN,
false, false, NULL, NULL,
0, 0,
};
/* purpose:client:critical */
tests: fix compilation failures Even though gnutls is a hard-req for libvirt, and gnutls depends on libtasn1, that does not mean that you have to have the libtasn1 development files installed. Skip the test rather than failing compilation in that case. With newer gcc, the test consumed too much stack space. Move things to static storage to fix that. * configure.ac (AC_CHECK_HEADERS): Check for libtasn1.h. (HAVE_LIBTASN1): New automake conditional. * tests/Makefile.am (virnettlsconvirnettlscontexttest_SOURCES) (virnettlscontexttest_LDADD): Allow compilation without libtasn1. * tests/virnettlscontexttest.c: Skip test if headers not present. (struct testTLSCertReq): Alter time members. (testTLSGenerateCert): Reflect the change. (mymain): Reduce stack usage.
2011-07-22 12:59:37 -05:00
static struct testTLSCertReq clientcert9req = {
Add a test case for certificate validation This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
2011-07-20 13:04:18 -05:00
NULL, NULL, "clientcert9.pem", "UK",
"libvirt", NULL, NULL, NULL, NULL,
true, true, false,
false, false, 0,
true, true, GNUTLS_KP_TLS_WWW_SERVER, NULL,
0, 0,
};
/* usage: none:critical */
tests: fix compilation failures Even though gnutls is a hard-req for libvirt, and gnutls depends on libtasn1, that does not mean that you have to have the libtasn1 development files installed. Skip the test rather than failing compilation in that case. With newer gcc, the test consumed too much stack space. Move things to static storage to fix that. * configure.ac (AC_CHECK_HEADERS): Check for libtasn1.h. (HAVE_LIBTASN1): New automake conditional. * tests/Makefile.am (virnettlsconvirnettlscontexttest_SOURCES) (virnettlscontexttest_LDADD): Allow compilation without libtasn1. * tests/virnettlscontexttest.c: Skip test if headers not present. (struct testTLSCertReq): Alter time members. (testTLSGenerateCert): Reflect the change. (mymain): Reduce stack usage.
2011-07-22 12:59:37 -05:00
static struct testTLSCertReq clientcert10req = {
Add a test case for certificate validation This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
2011-07-20 13:04:18 -05:00
NULL, NULL, "clientcert10.pem", "UK",
"libvirt", NULL, NULL, NULL, NULL,
true, true, false,
true, true, 0,
false, false, NULL, NULL,
0, 0,
};
DO_CTX_TEST(false, cacertreq, clientcert8req, true);
DO_CTX_TEST(false, cacertreq, clientcert9req, true);
DO_CTX_TEST(false, cacertreq, clientcert10req, true);
/* Expired stuff */
tests: fix compilation failures Even though gnutls is a hard-req for libvirt, and gnutls depends on libtasn1, that does not mean that you have to have the libtasn1 development files installed. Skip the test rather than failing compilation in that case. With newer gcc, the test consumed too much stack space. Move things to static storage to fix that. * configure.ac (AC_CHECK_HEADERS): Check for libtasn1.h. (HAVE_LIBTASN1): New automake conditional. * tests/Makefile.am (virnettlsconvirnettlscontexttest_SOURCES) (virnettlscontexttest_LDADD): Allow compilation without libtasn1. * tests/virnettlscontexttest.c: Skip test if headers not present. (struct testTLSCertReq): Alter time members. (testTLSGenerateCert): Reflect the change. (mymain): Reduce stack usage.
2011-07-22 12:59:37 -05:00
static struct testTLSCertReq cacertexpreq = {
Add a test case for certificate validation This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
2011-07-20 13:04:18 -05:00
NULL, NULL, "cacert.pem", "UK",
"libvirt", NULL, NULL, NULL, NULL,
true, true, true,
true, true, GNUTLS_KEY_KEY_CERT_SIGN,
false, false, NULL, NULL,
Fix TLS context tests with expired certs commit 5283ea9b1d8a4b0f2fd6796bf60615aca7b6c3e6 changed the semantics of the 'expire_offset' field in the test case struct so that instead of being an absolute timestamp, it was a delta relative to the current time. This broke the test cases which were testing expiry of certificates, by putting the expiry time into the future, instead of in the past. Fix this by changing the expiry values to be negative, so that the delta goes into the past again. * virnettlscontexttest.c: Fix expiry tests
2011-07-25 10:18:56 -05:00
0, -1,
Add a test case for certificate validation This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
2011-07-20 13:04:18 -05:00
};
tests: fix compilation failures Even though gnutls is a hard-req for libvirt, and gnutls depends on libtasn1, that does not mean that you have to have the libtasn1 development files installed. Skip the test rather than failing compilation in that case. With newer gcc, the test consumed too much stack space. Move things to static storage to fix that. * configure.ac (AC_CHECK_HEADERS): Check for libtasn1.h. (HAVE_LIBTASN1): New automake conditional. * tests/Makefile.am (virnettlsconvirnettlscontexttest_SOURCES) (virnettlscontexttest_LDADD): Allow compilation without libtasn1. * tests/virnettlscontexttest.c: Skip test if headers not present. (struct testTLSCertReq): Alter time members. (testTLSGenerateCert): Reflect the change. (mymain): Reduce stack usage.
2011-07-22 12:59:37 -05:00
static struct testTLSCertReq servercertexpreq = {
Add a test case for certificate validation This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
2011-07-20 13:04:18 -05:00
NULL, NULL, "servercert.pem", "UK",
"libvirt", NULL, NULL, NULL, NULL,
true, true, false,
true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT,
true, true, GNUTLS_KP_TLS_WWW_SERVER, NULL,
Fix TLS context tests with expired certs commit 5283ea9b1d8a4b0f2fd6796bf60615aca7b6c3e6 changed the semantics of the 'expire_offset' field in the test case struct so that instead of being an absolute timestamp, it was a delta relative to the current time. This broke the test cases which were testing expiry of certificates, by putting the expiry time into the future, instead of in the past. Fix this by changing the expiry values to be negative, so that the delta goes into the past again. * virnettlscontexttest.c: Fix expiry tests
2011-07-25 10:18:56 -05:00
0, -1,
Add a test case for certificate validation This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
2011-07-20 13:04:18 -05:00
};
tests: fix compilation failures Even though gnutls is a hard-req for libvirt, and gnutls depends on libtasn1, that does not mean that you have to have the libtasn1 development files installed. Skip the test rather than failing compilation in that case. With newer gcc, the test consumed too much stack space. Move things to static storage to fix that. * configure.ac (AC_CHECK_HEADERS): Check for libtasn1.h. (HAVE_LIBTASN1): New automake conditional. * tests/Makefile.am (virnettlsconvirnettlscontexttest_SOURCES) (virnettlscontexttest_LDADD): Allow compilation without libtasn1. * tests/virnettlscontexttest.c: Skip test if headers not present. (struct testTLSCertReq): Alter time members. (testTLSGenerateCert): Reflect the change. (mymain): Reduce stack usage.
2011-07-22 12:59:37 -05:00
static struct testTLSCertReq clientcertexpreq = {
Add a test case for certificate validation This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
2011-07-20 13:04:18 -05:00
NULL, NULL, "clientcert.pem", "UK",
"libvirt", NULL, NULL, NULL, NULL,
true, true, false,
true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT,
true, true, GNUTLS_KP_TLS_WWW_CLIENT, NULL,
Fix TLS context tests with expired certs commit 5283ea9b1d8a4b0f2fd6796bf60615aca7b6c3e6 changed the semantics of the 'expire_offset' field in the test case struct so that instead of being an absolute timestamp, it was a delta relative to the current time. This broke the test cases which were testing expiry of certificates, by putting the expiry time into the future, instead of in the past. Fix this by changing the expiry values to be negative, so that the delta goes into the past again. * virnettlscontexttest.c: Fix expiry tests
2011-07-25 10:18:56 -05:00
0, -1,
Add a test case for certificate validation This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
2011-07-20 13:04:18 -05:00
};
DO_CTX_TEST(true, cacertexpreq, servercertreq, true);
DO_CTX_TEST(true, cacertreq, servercertexpreq, true);
DO_CTX_TEST(false, cacertreq, clientcertexpreq, true);
/* Not activated stuff */
tests: fix compilation failures Even though gnutls is a hard-req for libvirt, and gnutls depends on libtasn1, that does not mean that you have to have the libtasn1 development files installed. Skip the test rather than failing compilation in that case. With newer gcc, the test consumed too much stack space. Move things to static storage to fix that. * configure.ac (AC_CHECK_HEADERS): Check for libtasn1.h. (HAVE_LIBTASN1): New automake conditional. * tests/Makefile.am (virnettlsconvirnettlscontexttest_SOURCES) (virnettlscontexttest_LDADD): Allow compilation without libtasn1. * tests/virnettlscontexttest.c: Skip test if headers not present. (struct testTLSCertReq): Alter time members. (testTLSGenerateCert): Reflect the change. (mymain): Reduce stack usage.
2011-07-22 12:59:37 -05:00
static struct testTLSCertReq cacertnewreq = {
Add a test case for certificate validation This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
2011-07-20 13:04:18 -05:00
NULL, NULL, "cacert.pem", "UK",
"libvirt", NULL, NULL, NULL, NULL,
true, true, true,
true, true, GNUTLS_KEY_KEY_CERT_SIGN,
false, false, NULL, NULL,
tests: fix compilation failures Even though gnutls is a hard-req for libvirt, and gnutls depends on libtasn1, that does not mean that you have to have the libtasn1 development files installed. Skip the test rather than failing compilation in that case. With newer gcc, the test consumed too much stack space. Move things to static storage to fix that. * configure.ac (AC_CHECK_HEADERS): Check for libtasn1.h. (HAVE_LIBTASN1): New automake conditional. * tests/Makefile.am (virnettlsconvirnettlscontexttest_SOURCES) (virnettlscontexttest_LDADD): Allow compilation without libtasn1. * tests/virnettlscontexttest.c: Skip test if headers not present. (struct testTLSCertReq): Alter time members. (testTLSGenerateCert): Reflect the change. (mymain): Reduce stack usage.
2011-07-22 12:59:37 -05:00
1, 2,
Add a test case for certificate validation This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
2011-07-20 13:04:18 -05:00
};
tests: fix compilation failures Even though gnutls is a hard-req for libvirt, and gnutls depends on libtasn1, that does not mean that you have to have the libtasn1 development files installed. Skip the test rather than failing compilation in that case. With newer gcc, the test consumed too much stack space. Move things to static storage to fix that. * configure.ac (AC_CHECK_HEADERS): Check for libtasn1.h. (HAVE_LIBTASN1): New automake conditional. * tests/Makefile.am (virnettlsconvirnettlscontexttest_SOURCES) (virnettlscontexttest_LDADD): Allow compilation without libtasn1. * tests/virnettlscontexttest.c: Skip test if headers not present. (struct testTLSCertReq): Alter time members. (testTLSGenerateCert): Reflect the change. (mymain): Reduce stack usage.
2011-07-22 12:59:37 -05:00
static struct testTLSCertReq servercertnewreq = {
Add a test case for certificate validation This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
2011-07-20 13:04:18 -05:00
NULL, NULL, "servercert.pem", "UK",
"libvirt", NULL, NULL, NULL, NULL,
true, true, false,
true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT,
true, true, GNUTLS_KP_TLS_WWW_SERVER, NULL,
tests: fix compilation failures Even though gnutls is a hard-req for libvirt, and gnutls depends on libtasn1, that does not mean that you have to have the libtasn1 development files installed. Skip the test rather than failing compilation in that case. With newer gcc, the test consumed too much stack space. Move things to static storage to fix that. * configure.ac (AC_CHECK_HEADERS): Check for libtasn1.h. (HAVE_LIBTASN1): New automake conditional. * tests/Makefile.am (virnettlsconvirnettlscontexttest_SOURCES) (virnettlscontexttest_LDADD): Allow compilation without libtasn1. * tests/virnettlscontexttest.c: Skip test if headers not present. (struct testTLSCertReq): Alter time members. (testTLSGenerateCert): Reflect the change. (mymain): Reduce stack usage.
2011-07-22 12:59:37 -05:00
1, 2,
Add a test case for certificate validation This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
2011-07-20 13:04:18 -05:00
};
tests: fix compilation failures Even though gnutls is a hard-req for libvirt, and gnutls depends on libtasn1, that does not mean that you have to have the libtasn1 development files installed. Skip the test rather than failing compilation in that case. With newer gcc, the test consumed too much stack space. Move things to static storage to fix that. * configure.ac (AC_CHECK_HEADERS): Check for libtasn1.h. (HAVE_LIBTASN1): New automake conditional. * tests/Makefile.am (virnettlsconvirnettlscontexttest_SOURCES) (virnettlscontexttest_LDADD): Allow compilation without libtasn1. * tests/virnettlscontexttest.c: Skip test if headers not present. (struct testTLSCertReq): Alter time members. (testTLSGenerateCert): Reflect the change. (mymain): Reduce stack usage.
2011-07-22 12:59:37 -05:00
static struct testTLSCertReq clientcertnewreq = {
Add a test case for certificate validation This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
2011-07-20 13:04:18 -05:00
NULL, NULL, "clientcert.pem", "UK",
"libvirt", NULL, NULL, NULL, NULL,
true, true, false,
true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT,
true, true, GNUTLS_KP_TLS_WWW_CLIENT, NULL,
tests: fix compilation failures Even though gnutls is a hard-req for libvirt, and gnutls depends on libtasn1, that does not mean that you have to have the libtasn1 development files installed. Skip the test rather than failing compilation in that case. With newer gcc, the test consumed too much stack space. Move things to static storage to fix that. * configure.ac (AC_CHECK_HEADERS): Check for libtasn1.h. (HAVE_LIBTASN1): New automake conditional. * tests/Makefile.am (virnettlsconvirnettlscontexttest_SOURCES) (virnettlscontexttest_LDADD): Allow compilation without libtasn1. * tests/virnettlscontexttest.c: Skip test if headers not present. (struct testTLSCertReq): Alter time members. (testTLSGenerateCert): Reflect the change. (mymain): Reduce stack usage.
2011-07-22 12:59:37 -05:00
1, 2,
Add a test case for certificate validation This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
2011-07-20 13:04:18 -05:00
};
DO_CTX_TEST(true, cacertnewreq, servercertreq, true);
DO_CTX_TEST(true, cacertreq, servercertnewreq, true);
DO_CTX_TEST(false, cacertreq, clientcertnewreq, true);
Split TLS test into two separate tests The virnettlscontexttest.c tests both virNetTLSContext and virNetTLSSession functionality. Split into two separate tests, to make the code size more manageable Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-05 10:49:24 -05:00
testTLSCleanup();
Add a test case for certificate validation This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
2011-07-20 13:04:18 -05:00
Cleanup for a return statement in source files Return statements with parameter enclosed in parentheses were modified and parentheses were removed. The whole change was scripted, here is how: List of files was obtained using this command: git grep -l -e '\<return\s*([^()]*\(([^()]*)[^()]*\)*)\s*;' | \ grep -e '\.[ch]$' -e '\.py$' Found files were modified with this command: sed -i -e \ 's_^\(.*\<return\)\s*(\(\([^()]*([^()]*)[^()]*\)*\))\s*\(;.*$\)_\1 \2\4_' \ -e 's_^\(.*\<return\)\s*(\([^()]*\))\s*\(;.*$\)_\1 \2\3_' Then checked for nonsense. The whole command looks like this: git grep -l -e '\<return\s*([^()]*\(([^()]*)[^()]*\)*)\s*;' | \ grep -e '\.[ch]$' -e '\.py$' | xargs sed -i -e \ 's_^\(.*\<return\)\s*(\(\([^()]*([^()]*)[^()]*\)*\))\s*\(;.*$\)_\1 \2\4_' \ -e 's_^\(.*\<return\)\s*(\([^()]*\))\s*\(;.*$\)_\1 \2\3_'
2012-03-22 06:33:35 -05:00
return ret==0 ? EXIT_SUCCESS : EXIT_FAILURE;
Add a test case for certificate validation This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
2011-07-20 13:04:18 -05:00
}
tests: fix compilation failures Even though gnutls is a hard-req for libvirt, and gnutls depends on libtasn1, that does not mean that you have to have the libtasn1 development files installed. Skip the test rather than failing compilation in that case. With newer gcc, the test consumed too much stack space. Move things to static storage to fix that. * configure.ac (AC_CHECK_HEADERS): Check for libtasn1.h. (HAVE_LIBTASN1): New automake conditional. * tests/Makefile.am (virnettlsconvirnettlscontexttest_SOURCES) (virnettlscontexttest_LDADD): Allow compilation without libtasn1. * tests/virnettlscontexttest.c: Skip test if headers not present. (struct testTLSCertReq): Alter time members. (testTLSGenerateCert): Reflect the change. (mymain): Reduce stack usage.
2011-07-22 12:59:37 -05:00
VIRT_TEST_MAIN(mymain)
Add a test case for certificate validation This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
2011-07-20 13:04:18 -05:00
#else
tests: Unify style of test skipping code Prefer 'return EXIT_AM_SKIP' over 'exit(EXIT_AM_SKIP)'. Prefer 'int main(void)' over 'int main(int argc, char **argv)'. Fix mymain signature in commandtest and nodeinfotest.
2011-07-28 10:48:12 -05:00
tests: fix compilation failures Even though gnutls is a hard-req for libvirt, and gnutls depends on libtasn1, that does not mean that you have to have the libtasn1 development files installed. Skip the test rather than failing compilation in that case. With newer gcc, the test consumed too much stack space. Move things to static storage to fix that. * configure.ac (AC_CHECK_HEADERS): Check for libtasn1.h. (HAVE_LIBTASN1): New automake conditional. * tests/Makefile.am (virnettlsconvirnettlscontexttest_SOURCES) (virnettlscontexttest_LDADD): Allow compilation without libtasn1. * tests/virnettlscontexttest.c: Skip test if headers not present. (struct testTLSCertReq): Alter time members. (testTLSGenerateCert): Reflect the change. (mymain): Reduce stack usage.
2011-07-22 12:59:37 -05:00
int
tests: Unify style of test skipping code Prefer 'return EXIT_AM_SKIP' over 'exit(EXIT_AM_SKIP)'. Prefer 'int main(void)' over 'int main(int argc, char **argv)'. Fix mymain signature in commandtest and nodeinfotest.
2011-07-28 10:48:12 -05:00
main(void)
Add a test case for certificate validation This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
2011-07-20 13:04:18 -05:00
{
tests: Unify style of test skipping code Prefer 'return EXIT_AM_SKIP' over 'exit(EXIT_AM_SKIP)'. Prefer 'int main(void)' over 'int main(int argc, char **argv)'. Fix mymain signature in commandtest and nodeinfotest.
2011-07-28 10:48:12 -05:00
return EXIT_AM_SKIP;
Add a test case for certificate validation This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
2011-07-20 13:04:18 -05:00
}
tests: Unify style of test skipping code Prefer 'return EXIT_AM_SKIP' over 'exit(EXIT_AM_SKIP)'. Prefer 'int main(void)' over 'int main(int argc, char **argv)'. Fix mymain signature in commandtest and nodeinfotest.
2011-07-28 10:48:12 -05:00
Add a test case for certificate validation This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
2011-07-20 13:04:18 -05:00
#endif
Reference in New Issue Copy Permalink