badssl.c 2.04 KB
Newer Older
1 2 3 4 5 6
#include "clar_libgit2.h"

#include "git2/clone.h"

static git_repository *g_repo;

7
#ifdef GIT_HTTPS
Leo Yang committed
8 9 10 11
static bool g_has_ssl = true;
#else
static bool g_has_ssl = false;
#endif
12

13 14 15 16 17 18 19 20 21
static int cert_check_assert_invalid(git_cert *cert, int valid, const char* host, void *payload)
{
	GIT_UNUSED(cert); GIT_UNUSED(host); GIT_UNUSED(payload);

	cl_assert_equal_i(0, valid);

	return GIT_ECERTIFICATE;
}

22 23
void test_online_badssl__expired(void)
{
24 25 26
	git_clone_options opts = GIT_CLONE_OPTIONS_INIT;
	opts.fetch_opts.callbacks.certificate_check = cert_check_assert_invalid;

Leo Yang committed
27 28 29
	if (!g_has_ssl)
		cl_skip();

30 31
	cl_git_fail_with(GIT_ECERTIFICATE,
			 git_clone(&g_repo, "https://expired.badssl.com/fake.git", "./fake", NULL));
32 33 34

	cl_git_fail_with(GIT_ECERTIFICATE,
			 git_clone(&g_repo, "https://expired.badssl.com/fake.git", "./fake", &opts));
35 36 37 38
}

void test_online_badssl__wrong_host(void)
{
39 40 41
	git_clone_options opts = GIT_CLONE_OPTIONS_INIT;
	opts.fetch_opts.callbacks.certificate_check = cert_check_assert_invalid;

Leo Yang committed
42 43 44
	if (!g_has_ssl)
		cl_skip();

45 46
	cl_git_fail_with(GIT_ECERTIFICATE,
			 git_clone(&g_repo, "https://wrong.host.badssl.com/fake.git", "./fake", NULL));
47 48
	cl_git_fail_with(GIT_ECERTIFICATE,
			 git_clone(&g_repo, "https://wrong.host.badssl.com/fake.git", "./fake", &opts));
49 50 51 52
}

void test_online_badssl__self_signed(void)
{
53 54 55
	git_clone_options opts = GIT_CLONE_OPTIONS_INIT;
	opts.fetch_opts.callbacks.certificate_check = cert_check_assert_invalid;

Leo Yang committed
56 57 58
	if (!g_has_ssl)
		cl_skip();

59 60
	cl_git_fail_with(GIT_ECERTIFICATE,
			 git_clone(&g_repo, "https://self-signed.badssl.com/fake.git", "./fake", NULL));
61 62
	cl_git_fail_with(GIT_ECERTIFICATE,
			 git_clone(&g_repo, "https://self-signed.badssl.com/fake.git", "./fake", &opts));
63
}
64 65 66

void test_online_badssl__old_cipher(void)
{
67 68 69
	git_clone_options opts = GIT_CLONE_OPTIONS_INIT;
	opts.fetch_opts.callbacks.certificate_check = cert_check_assert_invalid;

70 71 72
	if (!g_has_ssl)
		cl_skip();

73 74
	cl_git_fail(git_clone(&g_repo, "https://rc4.badssl.com/fake.git", "./fake", NULL));
	cl_git_fail(git_clone(&g_repo, "https://rc4.badssl.com/fake.git", "./fake", &opts));
75
}