[glib-networking/wip/verification] Tighten up handling of server errors

From: Michael Catanzaro <mcatanzaro src gnome org>
To: commits-list gnome org
Cc:
Subject: [glib-networking/wip/verification] Tighten up handling of server errors
Date: Fri, 27 Jul 2018 01:00:40 +0000 (UTC)
commit 738d9c1e4b578b5e80206fbf5fe48df88dd16c24
Author: Michael Catanzaro <mcatanzaro igalia com>
Date:   Thu Jul 26 19:59:50 2018 -0500

    Tighten up handling of server errors

 tls/tests/connection.c | 43 +++++++++++++++++++++++++++++++++----------
 1 file changed, 33 insertions(+), 10 deletions(-)
---
diff --git a/tls/tests/connection.c b/tls/tests/connection.c
index c0016aa..b37f6c1 100644
--- a/tls/tests/connection.c
+++ b/tls/tests/connection.c
@@ -73,7 +73,7 @@ typedef struct {
   gboolean rehandshake;
   GTlsCertificateFlags accept_flags;
   GError *read_error;
-  gboolean expect_server_error;
+  GError *expected_server_error;
   GError *server_error;
   gboolean server_should_close;
   gboolean server_running;
@@ -152,6 +152,7 @@ teardown_connection (TestConnection *test, gconstpointer data)
   g_main_loop_unref (test->loop);
   g_clear_error (&test->read_error);
   g_clear_error (&test->server_error);
+  g_clear_error (&test->expected_server_error);
 }
 
 static void
@@ -218,13 +219,19 @@ on_server_close_finish (GObject        *object,
                         gpointer        user_data)
 {
   TestConnection *test = user_data;
+  GError *expected_error = test->expected_server_error;
   GError *error = NULL;
 
+g_info("%s: server_error=%p", __FUNCTION__, test->server_error);
+
   g_io_stream_close_finish (G_IO_STREAM (object), res, &error);
-  if (test->expect_server_error)
-    g_assert_nonnull (error);
+  g_assert_no_error (error);
+
+  if (expected_error)
+    g_assert_error (test->server_error, expected_error->domain, expected_error->code);
   else
-    g_assert_no_error (error);
+    g_assert_no_error (test->server_error);
+
   test->server_running = FALSE;
 }
 
@@ -244,6 +251,7 @@ on_output_write_finish (GObject        *object,
 
   g_assert_no_error (test->server_error);
   g_output_stream_write_finish (G_OUTPUT_STREAM (object), res, &test->server_error);
+g_info("%s: server_error=%p", __FUNCTION__, test->server_error);
 
   if (!test->server_error && test->rehandshake)
     {
@@ -894,13 +902,13 @@ test_invalid_chain_with_alternative_ca_cert (TestConnection *test,
   g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
                                                 G_TLS_CERTIFICATE_VALIDATE_ALL & ~G_TLS_CERTIFICATE_EXPIRED);
 
+  /* FIXME: This is not the best error to use when the client rejects the certificate. */
+  g_set_error_literal (&test->expected_server_error, G_TLS_ERROR, G_TLS_ERROR_NOT_TLS, "");
+
   read_test_data_async (test);
   g_main_loop_run (test->loop);
 
   g_assert_error (test->read_error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
-// FIXME: What the server seems is kinda random, like https://gitlab.gnome.org/GNOME/glib-networking/issues/4
-// Randomly the server sees a handshake failure... it should be consistent.
-//  g_assert_no_error (test->server_error);
 }
 
 static void
@@ -1035,6 +1043,8 @@ test_client_auth_failure (TestConnection *test,
   g_signal_connect (test->client_connection, "notify::accepted-cas",
                     G_CALLBACK (on_notify_accepted_cas), &accepted_changed);
 
+  g_set_error_literal (&test->expected_server_error, G_TLS_ERROR, G_TLS_ERROR_CERTIFICATE_REQUIRED, "");
+
   read_test_data_async (test);
   g_main_loop_run (test->loop);
 
@@ -1047,6 +1057,7 @@ test_client_auth_failure (TestConnection *test,
   g_object_unref (test->database);
   g_clear_error (&test->read_error);
   g_clear_error (&test->server_error);
+  g_clear_error (&test->expected_server_error);
 
   /* Now start a new connection to the same server with a valid client cert;
    * this should succeed, and not use the cached failed session from above */
@@ -1098,7 +1109,6 @@ test_client_auth_fail_missing_client_private_key (TestConnection *test,
   GError *error = NULL;
 
   g_test_bug ("793712");
-
   test->database = g_tls_file_database_new (tls_test_file_path ("ca-roots.pem"), &error);
   g_assert_no_error (error);
   g_assert_nonnull (test->database);
@@ -1123,6 +1133,9 @@ test_client_auth_fail_missing_client_private_key (TestConnection *test,
   g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
                                                 G_TLS_CERTIFICATE_VALIDATE_ALL);
 
+  /* FIXME: This is not the best error to use when the client rejects the certificate. */
+  g_set_error_literal (&test->expected_server_error, G_TLS_ERROR, G_TLS_ERROR_NOT_TLS, "");
+
   read_test_data_async (test);
   g_main_loop_run (test->loop);
 
@@ -1210,6 +1223,9 @@ test_client_auth_request_fail (TestConnection *test,
   g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
                                                 G_TLS_CERTIFICATE_VALIDATE_ALL);
 
+  /* FIXME: This is not the best error to use when the client rejects the certificate. */
+  g_set_error_literal (&test->expected_server_error, G_TLS_ERROR, G_TLS_ERROR_CERTIFICATE_REQUIRED, "");
+
   read_test_data_async (test);
   g_main_loop_run (test->loop);
 
@@ -1282,6 +1298,9 @@ test_failed_connection (TestConnection *test,
   g_assert_no_error (error);
   g_object_unref (connection);
 
+  /* FIXME: This is not the best error to use when the client rejects the certificate. */
+  g_set_error_literal (&test->expected_server_error, G_TLS_ERROR, G_TLS_ERROR_NOT_TLS, "");
+
   g_tls_connection_handshake_async (G_TLS_CONNECTION (test->client_connection),
                                     G_PRIORITY_DEFAULT, NULL,
                                     handshake_failed_cb, test);
@@ -1294,7 +1313,6 @@ test_failed_connection (TestConnection *test,
   g_main_loop_run (test->loop);
 
   g_assert_error (test->read_error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
-  g_assert_no_error (test->server_error);
 }
 
 static void
@@ -1377,6 +1395,9 @@ test_connection_socket_client_failed (TestConnection *test,
   g_socket_client_set_tls (client, TRUE);
   /* this time we don't adjust the validation flags */
 
+  /* FIXME: This is not the best error to use when the client rejects the certificate. */
+  g_set_error_literal (&test->expected_server_error, G_TLS_ERROR, G_TLS_ERROR_NOT_TLS, "");
+
   g_socket_client_connect_async (client, G_SOCKET_CONNECTABLE (test->address),
                                  NULL, socket_client_failed, test);
   g_main_loop_run (test->loop);
@@ -1926,6 +1947,9 @@ test_garbage_database (TestConnection *test,
   g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
                                                 G_TLS_CERTIFICATE_VALIDATE_ALL);
 
+  /* FIXME: This is not the best error to use when the client rejects the certificate. */
+  g_set_error_literal (&test->expected_server_error, G_TLS_ERROR, G_TLS_ERROR_NOT_TLS, "");
+
   read_test_data_async (test);
   g_main_loop_run (test->loop);
 
@@ -1933,7 +1957,6 @@ test_garbage_database (TestConnection *test,
    * no valid certificates.
    */
   g_assert_error (test->read_error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
-  g_assert_no_error (test->server_error);
 }
 
 static void
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]