Test token with EC Cert without public key

Signed-off-by: Simo Sorce <[email protected]>

tests/meson.build

@@ -104,6 +104,7 @@ test_programs = {
   'tsession': ['tsession.c'],
   'tgenkey': ['tgenkey.c'],
   'tlsctx': ['tlsctx.c', 'util.c'],
+  'tlssetkey': ['tlssetkey.c', 'util.c'],
   'tdigests': ['tdigests.c'],
   'treadkeys': ['treadkeys.c'],
   'tcmpkeys': ['tcmpkeys.c', 'util.c'],

tests/tlssetkey.c

@@ -0,0 +1,53 @@
+/* Copyright (C) 2024 Simo Sorce <[email protected]>
+   SPDX-License-Identifier: Apache-2.0 */
+
+#include <stdio.h>
+#include <stdbool.h>
+#include <openssl/ssl.h>
+#include <openssl/evp.h>
+#include <openssl/rsa.h>
+#include <openssl/core_names.h>
+#include "util.h"
+
+int main(int argc, char *argv[])
+{
+    EVP_PKEY *pkey = NULL;
+    X509 *cert = NULL;
+    SSL_CTX *ctx;
+    int ret = 0;
+
+    if (argc != 3) {
+        fprintf(stderr, "Usage: tlssetkey [certuri] [pkeyuri]\n");
+        exit(EXIT_FAILURE);
+    }
+    cert = load_cert(argv[1]);
+    pkey = load_key(argv[2]);
+
+    ctx = SSL_CTX_new(TLS_client_method());
+    if (!ctx) {
+        fprintf(stderr, "Failed to create SSL Context\n");
+        ossl_err_print();
+        exit(EXIT_FAILURE);
+    }
+
+    ret = SSL_CTX_use_certificate(ctx, cert);
+    if (ret != 1) {
+        fprintf(stderr, "Failed to set Certificate");
+        ossl_err_print();
+        exit(EXIT_FAILURE);
+    }
+
+    ret = SSL_CTX_use_PrivateKey(ctx, pkey);
+    if (ret != 1) {
+        fprintf(stderr, "Failed to set Private Key");
+        ossl_err_print();
+        exit(EXIT_FAILURE);
+    }
+
+    fprintf(stderr, "Cert and Key successfully set on TLS Context!\n");
+
+    SSL_CTX_free(ctx);
+    EVP_PKEY_free(pkey);
+    X509_free(cert);
+    exit(EXIT_SUCCESS);
+}

tests/ttls

@@ -7,6 +7,14 @@ source "${TESTSSRCDIR}/helpers.sh"
 title PARA "Test SSL_CTX creation"
 $CHECKER "${TESTBLDDIR}/tlsctx"
 
+title PARA "Test setting cert/keys on TLS Context"
+$CHECKER "${TESTBLDDIR}/tlssetkey" "${ECCRTURI}" "${ECPRIURI}"
+
+if [ -n "$ECBASE2URI" ]; then
+    title PARA "Test setting cert/keys on TLS Context w/o pub key"
+    $CHECKER "${TESTBLDDIR}/tlssetkey" "${ECCRT2URI}" "${ECPRI2URI}"
+fi
+
 title PARA "Test an actual TLS connection"
 
 rm -f "${TMPPDIR}/s_server_output"

tests/util.c

@@ -92,3 +92,49 @@ EVP_PKEY *load_key(const char *uri)
 
     return key;
 }
+
+X509 *load_cert(const char *uri)
+{
+    OSSL_STORE_CTX *store;
+    OSSL_STORE_INFO *info;
+    X509 *cert = NULL;
+
+    if (!uri) {
+        fprintf(stderr, "Invalid NULL uri");
+        ossl_err_print();
+        exit(EXIT_FAILURE);
+    }
+
+    store = OSSL_STORE_open(uri, NULL, NULL, NULL, NULL);
+    if (store == NULL) {
+        fprintf(stderr, "Failed to open store: %s\n", uri);
+        ossl_err_print();
+        exit(EXIT_FAILURE);
+    }
+
+    for (info = OSSL_STORE_load(store); info != NULL;
+         info = OSSL_STORE_load(store)) {
+        int type = OSSL_STORE_INFO_get_type(info);
+
+        if (cert != NULL) {
+            fprintf(stderr, "Multiple certs matching URI: %s\n", uri);
+            exit(EXIT_FAILURE);
+        }
+
+        switch (type) {
+        case OSSL_STORE_INFO_CERT:
+            cert = OSSL_STORE_INFO_get1_CERT(info);
+            break;
+        }
+        OSSL_STORE_INFO_free(info);
+    }
+
+    if (cert == NULL) {
+        fprintf(stderr, "Failed to load cert from URI: %s\n", uri);
+        ossl_err_print();
+        exit(EXIT_FAILURE);
+    }
+    OSSL_STORE_close(store);
+
+    return cert;
+}

tests/util.h

@@ -3,3 +3,4 @@
 
 void ossl_err_print(void);
 EVP_PKEY *load_key(const char *uri);
+X509 *load_cert(const char *uri);