Add serverhash test tool

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
sailfishos-mirror · Sep 12, 2016 · 455a999 · 455a999
1 parent 4deb4f7
commit 455a999
Show file tree

Hide file tree

Showing 2 changed files with 69 additions and 3 deletions.
diff --git a/tests/Makefile.am b/tests/Makefile.am
@@ -69,10 +69,11 @@ TESTS_ENVIRONMENT = srcdir="$(srcdir)" \
 	pkcs11_tokens="$(PKCS11_TOKENS)"
 
 
-noinst_PROGRAMS = lzstest seqtest
+C_TESTS = lzstest seqtest
+
 
 if CHECK_DTLS
-noinst_PROGRAMS += bad_dtls_test
+C_TESTS += bad_dtls_test
 bad_dtls_test_SOURCES = bad_dtls_test.c
 bad_dtls_test_CFLAGS = $(OPENSSL_CFLAGS)
 bad_dtls_test_LDADD = $(OPENSSL_LIBS)
@@ -82,8 +83,12 @@ XFAIL_TESTS = bad_dtls_test
 endif
 endif
 
-TESTS = $(dist_check_SCRIPTS) $(noinst_PROGRAMS)
+TESTS = $(dist_check_SCRIPTS) $(C_TESTS)
+
+noinst_PROGRAMS = $(C_TESTS) serverhash
 
+serverhash_SOURCES = serverhash.c
+serverhash_LDADD = ../libopenconnect.la
 
 # Nothing actually *depends* on the cert files; they are created manually
 # and considered part of the sources, committed to the git tree. But for

diff --git a/tests/serverhash.c b/tests/serverhash.c
@@ -0,0 +1,61 @@
+/*
+ * OpenConnect (SSL + DTLS) VPN client
+ *
+ * Copyright © 2008-2016 Intel Corporation.
+ *
+ * Author: David Woodhouse <dwmw2@infradead.org>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * version 2.1, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdarg.h>
+
+#include "../openconnect.h"
+
+static void progress(void *privdata, int level, const char *fmt, ...)
+{
+	va_list args;
+
+	if (level > PRG_ERR)
+		return;
+
+	va_start(args, fmt);
+	vfprintf(stderr, fmt, args);
+	va_end(args);
+}
+
+static int validate_peer_cert(void *_vpninfo, const char *reason)
+{
+	printf("%s\n", openconnect_get_peer_cert_hash(_vpninfo));
+	exit(0);
+}
+
+/* We do this in a separate test tool because we *really* don't want
+ * people scripting it to recover the --no-cert-check functionality.
+ * Validate your server certs properly, people! */
+int main(int argc, char **argv)
+{
+	struct openconnect_info *vpninfo;
+
+	if (argc != 2) {
+		fprintf(stderr, "usage: serverhash <server>");
+		exit(1);
+	}
+	vpninfo = openconnect_vpninfo_new(NULL, validate_peer_cert, NULL, NULL, progress, NULL);
+	if (openconnect_parse_url(vpninfo, argv[1])) {
+		fprintf(stderr, "Failed to parse URL\n");
+		exit(1);
+	}
+	openconnect_set_system_trust(vpninfo, 0);
+	openconnect_obtain_cookie(vpninfo);
+	return -1;
+}