Fix style issues and a typo

This commit is contained in:
Janos Follath 2019-04-05 14:52:17 +01:00
parent 9822c0d2f1
commit d7ecbd6914
4 changed files with 25 additions and 25 deletions

View file

@ -2124,7 +2124,7 @@ void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config *conf,
* *
* \warning In multi-threaded environments, the callback \p f_ca_cb * \warning In multi-threaded environments, the callback \p f_ca_cb
* must be thread-safe, and it is the user's responsibility * must be thread-safe, and it is the user's responsibility
* to guaranteee this (for example through a mutex * to guarantee this (for example through a mutex
* contained in the callback context pointed to by \p p_ca_cb). * contained in the callback context pointed to by \p p_ca_cb).
*/ */
void mbedtls_ssl_conf_ca_cb( mbedtls_ssl_config *conf, void mbedtls_ssl_conf_ca_cb( mbedtls_ssl_config *conf,

View file

@ -457,7 +457,7 @@ static void my_debug( void *ctx, int level,
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
int ca_callback( void *data, mbedtls_x509_crt const *child, int ca_callback( void *data, mbedtls_x509_crt const *child,
mbedtls_x509_crt **candidates) mbedtls_x509_crt **candidates )
{ {
int ret = 0; int ret = 0;
mbedtls_x509_crt *ca = (mbedtls_x509_crt *) data; mbedtls_x509_crt *ca = (mbedtls_x509_crt *) data;

View file

@ -946,7 +946,7 @@ run_test "CA callback on client" \
"$P_SRV debug_level=3" \ "$P_SRV debug_level=3" \
"$P_CLI ca_callback=1 debug_level=3 " \ "$P_CLI ca_callback=1 debug_level=3 " \
0 \ 0 \
-c "use CA callback for X.509 CRT verification"\ -c "use CA callback for X.509 CRT verification" \
-S "error" \ -S "error" \
-C "error" -C "error"
@ -959,7 +959,7 @@ run_test "CA callback on server" \
"$P_CLI ca_callback=1 debug_level=3 crt_file=data_files/server5.crt \ "$P_CLI ca_callback=1 debug_level=3 crt_file=data_files/server5.crt \
key_file=data_files/server5.key" \ key_file=data_files/server5.key" \
0 \ 0 \
-c "use CA callback for X.509 CRT verification"\ -c "use CA callback for X.509 CRT verification" \
-s "Verifying peer X.509 certificate... ok" \ -s "Verifying peer X.509 certificate... ok" \
-S "error" \ -S "error" \
-C "error" -C "error"
@ -2987,7 +2987,7 @@ run_test "Authentication, CA callback: server badcert, client required" \
key_file=data_files/server5.key" \ key_file=data_files/server5.key" \
"$P_CLI ca_callback=1 debug_level=3 auth_mode=required" \ "$P_CLI ca_callback=1 debug_level=3 auth_mode=required" \
1 \ 1 \
-c "use CA callback for X.509 CRT verification"\ -c "use CA callback for X.509 CRT verification" \
-c "x509_verify_cert() returned" \ -c "x509_verify_cert() returned" \
-c "! The certificate is not correctly signed by the trusted CA" \ -c "! The certificate is not correctly signed by the trusted CA" \
-c "! mbedtls_ssl_handshake returned" \ -c "! mbedtls_ssl_handshake returned" \
@ -2999,7 +2999,7 @@ run_test "Authentication, CA callback: server badcert, client optional" \
key_file=data_files/server5.key" \ key_file=data_files/server5.key" \
"$P_CLI ca_callback=1 debug_level=3 auth_mode=optional" \ "$P_CLI ca_callback=1 debug_level=3 auth_mode=optional" \
0 \ 0 \
-c "use CA callback for X.509 CRT verification"\ -c "use CA callback for X.509 CRT verification" \
-c "x509_verify_cert() returned" \ -c "x509_verify_cert() returned" \
-c "! The certificate is not correctly signed by the trusted CA" \ -c "! The certificate is not correctly signed by the trusted CA" \
-C "! mbedtls_ssl_handshake returned" \ -C "! mbedtls_ssl_handshake returned" \
@ -3019,9 +3019,9 @@ run_test "Authentication, CA callback: server ECDH p256v1, client required, p
crt_file=data_files/server5.ku-ka.crt" \ crt_file=data_files/server5.ku-ka.crt" \
"$P_CLI ca_callback=1 debug_level=3 auth_mode=required curves=secp521r1" \ "$P_CLI ca_callback=1 debug_level=3 auth_mode=required curves=secp521r1" \
1 \ 1 \
-c "use CA callback for X.509 CRT verification"\ -c "use CA callback for X.509 CRT verification" \
-c "bad certificate (EC key curve)"\ -c "bad certificate (EC key curve)" \
-c "! Certificate verification flags"\ -c "! Certificate verification flags" \
-C "bad server certificate (ECDH curve)" # Expect failure at earlier verification stage -C "bad server certificate (ECDH curve)" # Expect failure at earlier verification stage
requires_config_enabled MBEDTLS_ECP_C requires_config_enabled MBEDTLS_ECP_C
@ -3031,7 +3031,7 @@ run_test "Authentication, CA callback: server ECDH p256v1, client optional, p
crt_file=data_files/server5.ku-ka.crt" \ crt_file=data_files/server5.ku-ka.crt" \
"$P_CLI ca_callback=1 debug_level=3 auth_mode=optional curves=secp521r1" \ "$P_CLI ca_callback=1 debug_level=3 auth_mode=optional curves=secp521r1" \
1 \ 1 \
-c "use CA callback for X.509 CRT verification"\ -c "use CA callback for X.509 CRT verification" \
-c "bad certificate (EC key curve)"\ -c "bad certificate (EC key curve)"\
-c "! Certificate verification flags"\ -c "! Certificate verification flags"\
-c "bad server certificate (ECDH curve)" # Expect failure only at ECDH params check -c "bad server certificate (ECDH curve)" # Expect failure only at ECDH params check
@ -3043,7 +3043,7 @@ run_test "Authentication, CA callback: client SHA256, server required" \
key_file=data_files/server6.key \ key_file=data_files/server6.key \
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \ force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \
0 \ 0 \
-s "use CA callback for X.509 CRT verification"\ -s "use CA callback for X.509 CRT verification" \
-c "Supported Signature Algorithm found: 4," \ -c "Supported Signature Algorithm found: 4," \
-c "Supported Signature Algorithm found: 5," -c "Supported Signature Algorithm found: 5,"
@ -3054,7 +3054,7 @@ run_test "Authentication, CA callback: client SHA384, server required" \
key_file=data_files/server6.key \ key_file=data_files/server6.key \
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \ force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \
0 \ 0 \
-s "use CA callback for X.509 CRT verification"\ -s "use CA callback for X.509 CRT verification" \
-c "Supported Signature Algorithm found: 4," \ -c "Supported Signature Algorithm found: 4," \
-c "Supported Signature Algorithm found: 5," -c "Supported Signature Algorithm found: 5,"
@ -3064,7 +3064,7 @@ run_test "Authentication, CA callback: client badcert, server required" \
"$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \ "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
key_file=data_files/server5.key" \ key_file=data_files/server5.key" \
1 \ 1 \
-s "use CA callback for X.509 CRT verification"\ -s "use CA callback for X.509 CRT verification" \
-S "skip write certificate request" \ -S "skip write certificate request" \
-C "skip parse certificate request" \ -C "skip parse certificate request" \
-c "got a certificate request" \ -c "got a certificate request" \
@ -3087,7 +3087,7 @@ run_test "Authentication, CA callback: client cert not trusted, server requir
"$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \ "$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \
key_file=data_files/server5.key" \ key_file=data_files/server5.key" \
1 \ 1 \
-s "use CA callback for X.509 CRT verification"\ -s "use CA callback for X.509 CRT verification" \
-S "skip write certificate request" \ -S "skip write certificate request" \
-C "skip parse certificate request" \ -C "skip parse certificate request" \
-c "got a certificate request" \ -c "got a certificate request" \
@ -3106,7 +3106,7 @@ run_test "Authentication, CA callback: client badcert, server optional" \
"$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \ "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
key_file=data_files/server5.key" \ key_file=data_files/server5.key" \
0 \ 0 \
-s "use CA callback for X.509 CRT verification"\ -s "use CA callback for X.509 CRT verification" \
-S "skip write certificate request" \ -S "skip write certificate request" \
-C "skip parse certificate request" \ -C "skip parse certificate request" \
-c "got a certificate request" \ -c "got a certificate request" \
@ -3126,7 +3126,7 @@ run_test "Authentication, CA callback: server max_int chain, client default"
key_file=data_files/dir-maxpath/09.key" \ key_file=data_files/dir-maxpath/09.key" \
"$P_CLI ca_callback=1 debug_level=3 server_name=CA09 ca_file=data_files/dir-maxpath/00.crt" \ "$P_CLI ca_callback=1 debug_level=3 server_name=CA09 ca_file=data_files/dir-maxpath/00.crt" \
0 \ 0 \
-c "use CA callback for X.509 CRT verification"\ -c "use CA callback for X.509 CRT verification" \
-C "X509 - A fatal error occurred" -C "X509 - A fatal error occurred"
requires_full_size_output_buffer requires_full_size_output_buffer
@ -3136,7 +3136,7 @@ run_test "Authentication, CA callback: server max_int+1 chain, client default
key_file=data_files/dir-maxpath/10.key" \ key_file=data_files/dir-maxpath/10.key" \
"$P_CLI debug_level=3 ca_callback=1 server_name=CA10 ca_file=data_files/dir-maxpath/00.crt" \ "$P_CLI debug_level=3 ca_callback=1 server_name=CA10 ca_file=data_files/dir-maxpath/00.crt" \
1 \ 1 \
-c "use CA callback for X.509 CRT verification"\ -c "use CA callback for X.509 CRT verification" \
-c "X509 - A fatal error occurred" -c "X509 - A fatal error occurred"
requires_full_size_output_buffer requires_full_size_output_buffer
@ -3147,7 +3147,7 @@ run_test "Authentication, CA callback: server max_int+1 chain, client optiona
"$P_CLI ca_callback=1 server_name=CA10 ca_file=data_files/dir-maxpath/00.crt \ "$P_CLI ca_callback=1 server_name=CA10 ca_file=data_files/dir-maxpath/00.crt \
debug_level=3 auth_mode=optional" \ debug_level=3 auth_mode=optional" \
1 \ 1 \
-c "use CA callback for X.509 CRT verification"\ -c "use CA callback for X.509 CRT verification" \
-c "X509 - A fatal error occurred" -c "X509 - A fatal error occurred"
requires_full_size_output_buffer requires_full_size_output_buffer
@ -3157,7 +3157,7 @@ run_test "Authentication, CA callback: client max_int+1 chain, server optiona
"$P_CLI crt_file=data_files/dir-maxpath/c10.pem \ "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
key_file=data_files/dir-maxpath/10.key" \ key_file=data_files/dir-maxpath/10.key" \
1 \ 1 \
-s "use CA callback for X.509 CRT verification"\ -s "use CA callback for X.509 CRT verification" \
-s "X509 - A fatal error occurred" -s "X509 - A fatal error occurred"
requires_full_size_output_buffer requires_full_size_output_buffer
@ -3167,7 +3167,7 @@ run_test "Authentication, CA callback: client max_int+1 chain, server require
"$P_CLI crt_file=data_files/dir-maxpath/c10.pem \ "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
key_file=data_files/dir-maxpath/10.key" \ key_file=data_files/dir-maxpath/10.key" \
1 \ 1 \
-s "use CA callback for X.509 CRT verification"\ -s "use CA callback for X.509 CRT verification" \
-s "X509 - A fatal error occurred" -s "X509 - A fatal error occurred"
requires_full_size_output_buffer requires_full_size_output_buffer
@ -3177,7 +3177,7 @@ run_test "Authentication, CA callback: client max_int chain, server required"
"$P_CLI crt_file=data_files/dir-maxpath/c09.pem \ "$P_CLI crt_file=data_files/dir-maxpath/c09.pem \
key_file=data_files/dir-maxpath/09.key" \ key_file=data_files/dir-maxpath/09.key" \
0 \ 0 \
-s "use CA callback for X.509 CRT verification"\ -s "use CA callback for X.509 CRT verification" \
-S "X509 - A fatal error occurred" -S "X509 - A fatal error occurred"
# Tests for certificate selection based on SHA verson # Tests for certificate selection based on SHA verson

View file

@ -69,7 +69,7 @@ int verify_all( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32
} }
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
int ca_callback_fail( void *data, mbedtls_x509_crt const *child, mbedtls_x509_crt **candidates) int ca_callback_fail( void *data, mbedtls_x509_crt const *child, mbedtls_x509_crt **candidates )
{ {
((void) data); ((void) data);
((void) child); ((void) child);
@ -79,7 +79,7 @@ int ca_callback_fail( void *data, mbedtls_x509_crt const *child, mbedtls_x509_cr
} }
int ca_callback( void *data, mbedtls_x509_crt const *child, int ca_callback( void *data, mbedtls_x509_crt const *child,
mbedtls_x509_crt **candidates) mbedtls_x509_crt **candidates )
{ {
int ret = 0; int ret = 0;
mbedtls_x509_crt *ca = (mbedtls_x509_crt *) data; mbedtls_x509_crt *ca = (mbedtls_x509_crt *) data;
@ -478,8 +478,8 @@ void x509_verify_ca_cb_failure( char *crt_file, char *ca_file, char *name,
name = NULL; name = NULL;
ret = mbedtls_x509_crt_verify_with_ca_cb( &crt, ca_callback_fail, &ca, ret = mbedtls_x509_crt_verify_with_ca_cb( &crt, ca_callback_fail, &ca,
&compat_profile, name, &flags, &compat_profile, name, &flags,
NULL, NULL ); NULL, NULL );
TEST_ASSERT( ret == exp_ret ); TEST_ASSERT( ret == exp_ret );
exit: exit: