File: badssl-com.lisp

package info (click to toggle)
acl2 8.6%2Bdfsg-2
  • links: PTS
  • area: main
  • in suites: trixie
  • size: 1,111,420 kB
  • sloc: lisp: 17,818,294; java: 125,359; python: 28,122; javascript: 23,458; cpp: 18,851; ansic: 11,569; perl: 7,678; xml: 5,591; sh: 3,976; makefile: 3,833; ruby: 2,633; yacc: 1,126; ml: 763; awk: 295; csh: 233; lex: 197; php: 178; tcl: 49; asm: 23; haskell: 17
file content (71 lines) | stat: -rw-r--r-- 2,528 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
 
;;;; -*- Mode: LISP; Syntax: COMMON-LISP; indent-tabs-mode: nil; coding: utf-8; show-trailing-whitespace: t -*-
;;;
;;; Copyright (C) contributors as per cl+ssl git history
;;;
;;; See LICENSE for details.

(in-package :cl+ssl.test)

(def-suite :cl+ssl.badssl-com :in :cl+ssl
  :description "Tests using badssl.com")

(in-suite :cl+ssl.badssl-com)


(defun test-connect (host &key (verify :required))
  (let ((sock (usocket:socket-connect host 443
                                      :element-type '(unsigned-byte 8))))
    (unwind-protect
         (cl+ssl:make-ssl-client-stream (usocket:socket-stream sock)
                                        :hostname host
                                        :verify verify)
      (usocket:socket-close sock))))

(defmacro modal-test (name &body body)
  "Defines two tests, with equal body, but first executed using file descriptor BIO,
and the other executed with Lisp BIO."
  `(progn
     (test ,(read-from-string (format nil "~A.file-descriptor-bio" name))
       (let ((cl+ssl::*default-unwrap-stream-p* t))
         ,@body))
     (test ,(read-from-string (format nil "~A.lisp-bio" name))
       (let ((cl+ssl::*default-unwrap-stream-p* nil))
         ,@body))))

(modal-test wrong.host
  (signals error
    (test-connect "wrong.host.badssl.com"))
  (signals error
    (test-connect "wrong.host.badssl.com" :verify :optional))
  (finishes
    (test-connect "wrong.host.badssl.com" :verify nil)))

(modal-test expired
  (signals error
    (test-connect "expired.badssl.com"))
  (signals error
    (test-connect "expired.badssl.com" :verify :optional))
  (finishes
    (test-connect "expired.badssl.com" :verify nil)))

(modal-test self-signed
  (signals error
    (test-connect "self-signed.badssl.com")))

(modal-test untrusted-root
  (signals error
    (test-connect "untrusted-root.badssl.com")))

(modal-test verify-error-details
  ;; When SSL_Connect fails due to certificatie
  ;; verification enabled by the SSL_VERIFY_PEER,
  ;; the error condition should include the
  ;; return value of SSL_get_verify_result.
  (let* ((ctx (cl+ssl:make-context :verify-callback nil
                                   :verify-mode cl+ssl::+ssl-verify-peer+))
         (condition (handler-case
                        (cl+ssl:with-global-context (ctx :auto-free-p t)
                          (test-connect "expired.badssl.com" :verify nil))
                      (cl+ssl::ssl-error-ssl (c) c))))
    (is (search "SSL_get_verify_result:"
                (format nil "~A" condition)))))