tests/online/badssl.c

   1 #include "clar_libgit2.h"
   2
   3 #include "git2/clone.h"
   4
   5 static git_repository *g_repo;
   6
   7 #ifdef GIT_HTTPS
   8 static bool g_has_ssl = true;
   9 #else
  10 static bool g_has_ssl = false;
  11 #endif
  12
  13 static int cert_check_assert_invalid(git_cert *cert, int valid, const char* host, void *payload)
  14 {
  15         GIT_UNUSED(cert); GIT_UNUSED(host); GIT_UNUSED(payload);
  16
  17         cl_assert_equal_i(0, valid);
  18
  19         return GIT_ECERTIFICATE;
  20 }
  21
  22 void test_online_badssl__expired(void)
  23 {
  24         git_clone_options opts = GIT_CLONE_OPTIONS_INIT;
  25         opts.fetch_opts.callbacks.certificate_check = cert_check_assert_invalid;
  26
  27         if (!g_has_ssl)
  28                 cl_skip();
  29
  30         cl_git_fail_with(GIT_ECERTIFICATE,
  31                          git_clone(&g_repo, "https://expired.badssl.com/fake.git", "./fake", NULL));
  32
  33         cl_git_fail_with(GIT_ECERTIFICATE,
  34                          git_clone(&g_repo, "https://expired.badssl.com/fake.git", "./fake", &opts));
  35 }
  36
  37 void test_online_badssl__wrong_host(void)
  38 {
  39         git_clone_options opts = GIT_CLONE_OPTIONS_INIT;
  40         opts.fetch_opts.callbacks.certificate_check = cert_check_assert_invalid;
  41
  42         if (!g_has_ssl)
  43                 cl_skip();
  44
  45         cl_git_fail_with(GIT_ECERTIFICATE,
  46                          git_clone(&g_repo, "https://wrong.host.badssl.com/fake.git", "./fake", NULL));
  47         cl_git_fail_with(GIT_ECERTIFICATE,
  48                          git_clone(&g_repo, "https://wrong.host.badssl.com/fake.git", "./fake", &opts));
  49 }
  50
  51 void test_online_badssl__self_signed(void)
  52 {
  53         git_clone_options opts = GIT_CLONE_OPTIONS_INIT;
  54         opts.fetch_opts.callbacks.certificate_check = cert_check_assert_invalid;
  55
  56         if (!g_has_ssl)
  57                 cl_skip();
  58
  59         cl_git_fail_with(GIT_ECERTIFICATE,
  60                          git_clone(&g_repo, "https://self-signed.badssl.com/fake.git", "./fake", NULL));
  61         cl_git_fail_with(GIT_ECERTIFICATE,
  62                          git_clone(&g_repo, "https://self-signed.badssl.com/fake.git", "./fake", &opts));
  63 }
  64
  65 void test_online_badssl__old_cipher(void)
  66 {
  67         git_clone_options opts = GIT_CLONE_OPTIONS_INIT;
  68         opts.fetch_opts.callbacks.certificate_check = cert_check_assert_invalid;
  69
  70         if (!g_has_ssl)
  71                 cl_skip();
  72
  73         cl_git_fail(git_clone(&g_repo, "https://rc4.badssl.com/fake.git", "./fake", NULL));
  74         cl_git_fail(git_clone(&g_repo, "https://rc4.badssl.com/fake.git", "./fake", &opts));
  75 }