3 #include <telepathy-glib/telepathy-glib.h>
4 #include <telepathy-glib/telepathy-glib-dbus.h>
6 #include "empathy-tls-verifier.h"
7 #include "mock-pkcs11.h"
8 #include "test-helper.h"
10 #define MOCK_TLS_CERTIFICATE_PATH "/mock/certificate"
13 GType
mock_tls_certificate_get_type (void);
15 #define MOCK_TLS_CERTIFICATE(obj) \
16 (G_TYPE_CHECK_INSTANCE_CAST((obj), mock_tls_certificate_get_type (), \
19 typedef struct _MockTLSCertificate
{
22 GPtrArray
*rejections
;
27 typedef struct _MockTLSCertificateClass
{
29 TpDBusPropertiesMixinClass dbus_props_class
;
30 } MockTLSCertificateClass
;
36 PROP_CERTIFICATE_TYPE
,
37 PROP_CERTIFICATE_CHAIN_DATA
40 static void mock_tls_certificate_iface_init (gpointer
, gpointer
);
42 G_DEFINE_TYPE_WITH_CODE(MockTLSCertificate
, mock_tls_certificate
, G_TYPE_OBJECT
,
43 G_IMPLEMENT_INTERFACE (TP_TYPE_SVC_AUTHENTICATION_TLS_CERTIFICATE
,
44 mock_tls_certificate_iface_init
)
45 G_IMPLEMENT_INTERFACE (TP_TYPE_SVC_DBUS_PROPERTIES
,
46 tp_dbus_properties_mixin_iface_init
)
50 mock_tls_certificate_init (MockTLSCertificate
*self
)
52 self
->state
= TP_TLS_CERTIFICATE_STATE_PENDING
;
53 self
->cert_type
= g_strdup ("x509");
54 self
->cert_data
= g_ptr_array_new_with_free_func ((GDestroyNotify
)
56 self
->rejections
= g_ptr_array_new ();
60 mock_tls_certificate_get_property (GObject
*object
,
65 MockTLSCertificate
*self
= MOCK_TLS_CERTIFICATE (object
);
70 g_value_set_uint (value
, self
->state
);
73 g_value_set_boxed (value
, self
->rejections
);
75 case PROP_CERTIFICATE_TYPE
:
76 g_value_set_string (value
, self
->cert_type
);
78 case PROP_CERTIFICATE_CHAIN_DATA
:
79 g_value_set_boxed (value
, self
->cert_data
);
82 G_OBJECT_WARN_INVALID_PROPERTY_ID (object
, property_id
, pspec
);
88 mock_tls_certificate_finalize (GObject
*object
)
90 MockTLSCertificate
*self
= MOCK_TLS_CERTIFICATE (object
);
92 tp_clear_boxed (TP_ARRAY_TYPE_TLS_CERTIFICATE_REJECTION_LIST
,
94 g_free (self
->cert_type
);
95 self
->cert_type
= NULL
;
96 g_ptr_array_unref (self
->cert_data
);
97 self
->cert_data
= NULL
;
99 G_OBJECT_CLASS (mock_tls_certificate_parent_class
)->finalize (object
);
103 mock_tls_certificate_class_init (MockTLSCertificateClass
*klass
)
105 GObjectClass
*oclass
= G_OBJECT_CLASS (klass
);
108 static TpDBusPropertiesMixinPropImpl object_props
[] = {
109 { "State", "state", NULL
},
110 { "Rejections", "rejections", NULL
},
111 { "CertificateType", "certificate-type", NULL
},
112 { "CertificateChainData", "certificate-chain-data", NULL
},
116 static TpDBusPropertiesMixinIfaceImpl prop_interfaces
[] = {
117 { TP_IFACE_AUTHENTICATION_TLS_CERTIFICATE
,
118 tp_dbus_properties_mixin_getter_gobject_properties
,
125 oclass
->get_property
= mock_tls_certificate_get_property
;
126 oclass
->finalize
= mock_tls_certificate_finalize
;
128 pspec
= g_param_spec_uint ("state",
129 "State of this certificate",
130 "The state of this TLS certificate.",
131 0, TP_NUM_TLS_CERTIFICATE_STATES
- 1,
132 TP_TLS_CERTIFICATE_STATE_PENDING
,
133 G_PARAM_READABLE
| G_PARAM_STATIC_STRINGS
);
134 g_object_class_install_property (oclass
, PROP_STATE
, pspec
);
136 pspec
= g_param_spec_boxed ("rejections",
137 "The reject reasons",
138 "The reasons why this TLS certificate has been rejected",
139 TP_ARRAY_TYPE_TLS_CERTIFICATE_REJECTION_LIST
,
140 G_PARAM_READABLE
| G_PARAM_STATIC_STRINGS
);
141 g_object_class_install_property (oclass
, PROP_REJECTIONS
, pspec
);
143 pspec
= g_param_spec_string ("certificate-type",
144 "The certificate type",
145 "The type of this certificate.",
147 G_PARAM_READABLE
| G_PARAM_STATIC_STRINGS
);
148 g_object_class_install_property (oclass
, PROP_CERTIFICATE_TYPE
, pspec
);
150 pspec
= g_param_spec_boxed ("certificate-chain-data",
151 "The certificate chain data",
152 "The raw PEM-encoded trust chain of this certificate.",
153 TP_ARRAY_TYPE_UCHAR_ARRAY_LIST
,
154 G_PARAM_READABLE
| G_PARAM_STATIC_STRINGS
);
155 g_object_class_install_property (oclass
, PROP_CERTIFICATE_CHAIN_DATA
, pspec
);
157 klass
->dbus_props_class
.interfaces
= prop_interfaces
;
158 tp_dbus_properties_mixin_class_init (oclass
,
159 G_STRUCT_OFFSET (MockTLSCertificateClass
, dbus_props_class
));
163 mock_tls_certificate_accept (TpSvcAuthenticationTLSCertificate
*base
,
164 DBusGMethodInvocation
*context
)
166 MockTLSCertificate
*self
= MOCK_TLS_CERTIFICATE (base
);
167 self
->state
= TP_TLS_CERTIFICATE_STATE_ACCEPTED
;
168 tp_svc_authentication_tls_certificate_emit_accepted (self
);
169 tp_svc_authentication_tls_certificate_return_from_accept (context
);
173 mock_tls_certificate_reject (TpSvcAuthenticationTLSCertificate
*base
,
174 const GPtrArray
*in_Rejections
,
175 DBusGMethodInvocation
*context
)
177 MockTLSCertificate
*self
= MOCK_TLS_CERTIFICATE (base
);
178 self
->state
= TP_TLS_CERTIFICATE_STATE_REJECTED
;
179 tp_svc_authentication_tls_certificate_emit_rejected (self
, in_Rejections
);
180 tp_svc_authentication_tls_certificate_return_from_reject (context
);
184 mock_tls_certificate_iface_init (gpointer g_iface
,
187 TpSvcAuthenticationTLSCertificateClass
*klass
=
188 (TpSvcAuthenticationTLSCertificateClass
*) g_iface
;
190 tp_svc_authentication_tls_certificate_implement_accept (klass
,
191 mock_tls_certificate_accept
);
192 tp_svc_authentication_tls_certificate_implement_reject (klass
,
193 mock_tls_certificate_reject
);
198 mock_tls_certificate_assert_rejected (MockTLSCertificate
*self
,
199 TpTLSCertificateRejectReason reason
)
201 GValueArray
*rejection
;
202 TpTLSCertificateRejectReason rejection_reason
;
203 gchar
*rejection_error
;
204 GHashTable
*rejection_details
;
207 g_assert (self
->state
== TP_TLS_CERTIFICATE_STATE_REJECTED
);
208 g_assert (self
->rejections
);
209 g_assert (self
->rejections
->len
> 0);
211 for (i
= 0; i
< self
->rejections
->len
; ++i
)
213 rejection
= g_ptr_array_index (self
->rejections
, i
);
214 tp_value_array_unpack (rejection
, 3,
215 G_TYPE_UINT
, &rejection_reason
,
216 G_TYPE_STRING
, &rejection_error
,
217 TP_HASH_TYPE_STRING_VARIANT_MAP
, &rejection_details
,
219 g_free (rejection_error
);
220 g_hash_table_unref (rejection_details
);
222 if (rejection_reason
== reason
)
226 g_assert ("Certificate was not rejected for right reason" && 0);
230 static MockTLSCertificate
*
231 mock_tls_certificate_new_and_register (TpDBusDaemon
*dbus
,
235 MockTLSCertificate
*cert
;
236 GError
*error
= NULL
;
237 gchar
*filename
, *contents
;
242 cert
= g_object_new (mock_tls_certificate_get_type (), NULL
);
245 while (path
!= NULL
) {
246 filename
= g_build_filename (g_getenv ("EMPATHY_SRCDIR"),
247 "tests", "certificates", path
, NULL
);
248 g_file_get_contents (filename
, &contents
, &length
, &error
);
249 g_assert_no_error (error
);
251 der
= g_array_sized_new (TRUE
, TRUE
, sizeof (guchar
), length
);
252 g_array_append_vals (der
, contents
, length
);
253 g_ptr_array_add (cert
->cert_data
, der
);
258 path
= va_arg (va
, gchar
*);
262 tp_dbus_daemon_register_object (dbus
, MOCK_TLS_CERTIFICATE_PATH
, cert
);
266 /* ----------------------------------------------------------------------------
272 GTlsDatabase
*database
;
274 const gchar
*dbus_name
;
275 MockTLSCertificate
*mock
;
276 TpTLSCertificate
*cert
;
277 GAsyncResult
*result
;
281 setup (Test
*test
, gconstpointer data
)
283 GError
*error
= NULL
;
285 const gchar
*trust_uris
[2] = { MOCK_SLOT_ONE_URI
, NULL
};
288 test
->loop
= g_main_loop_new (NULL
, FALSE
);
290 path
= g_build_filename (g_getenv ("EMPATHY_SRCDIR"),
293 "certificate-authority.pem",
295 test
->database
= g_tls_file_database_new (path
, &error
);
296 g_assert_no_error (error
);
298 test
->dbus
= tp_dbus_daemon_dup (&error
);
299 g_assert_no_error (error
);
301 test
->dbus_name
= tp_dbus_daemon_get_unique_name (test
->dbus
);
306 /* Add our mock module as the only PKCS#11 module */
307 module
= gck_module_new (&mock_default_functions
);
308 mock_C_Initialize (NULL
);
310 gcr_pkcs11_set_modules (NULL
);
311 gcr_pkcs11_add_module (module
);
312 gcr_pkcs11_set_trust_lookup_uris (trust_uris
);
318 teardown (Test
*test
, gconstpointer data
)
320 mock_C_Finalize (NULL
);
322 test
->dbus_name
= NULL
;
326 tp_dbus_daemon_unregister_object (test
->dbus
, test
->mock
);
327 g_object_unref (test
->mock
);
332 g_object_unref (test
->result
);
336 g_object_unref (test
->cert
);
339 g_clear_object (&test
->database
);
341 g_main_loop_unref (test
->loop
);
344 g_object_unref (test
->dbus
);
349 add_certificate_to_mock (Test
*test
,
350 const gchar
*certificate
,
353 GError
*error
= NULL
;
354 GcrCertificate
*cert
;
359 path
= g_build_filename (g_getenv ("EMPATHY_SRCDIR"),
360 "tests", "certificates", certificate
, NULL
);
362 g_file_get_contents (path
, &contents
, &length
, &error
);
363 g_assert_no_error (error
);
365 cert
= gcr_simple_certificate_new ((const guchar
*)contents
, length
);
366 mock_module_add_certificate (cert
);
367 mock_module_add_assertion (cert
,
368 peer
? CKT_X_PINNED_CERTIFICATE
: CKT_X_ANCHORED_CERTIFICATE
,
369 GCR_PURPOSE_SERVER_AUTH
, peer
);
370 g_object_unref (cert
);
377 fetch_callback_result (GObject
*object
,
381 Test
*test
= user_data
;
382 g_assert (!test
->result
);
383 test
->result
= g_object_ref (res
);
384 g_main_loop_quit (test
->loop
);
388 ensure_certificate_proxy (Test
*test
)
390 GError
*error
= NULL
;
391 GQuark features
[] = { TP_TLS_CERTIFICATE_FEATURE_CORE
, 0 };
396 /* Create and prepare a certificate */
397 /* We don't use tp_tls_certificate_new() as we don't pass a parent */
398 test
->cert
= g_object_new (TP_TYPE_TLS_CERTIFICATE
,
399 "dbus-daemon", test
->dbus
,
400 "bus-name", test
->dbus_name
,
401 "object-path", MOCK_TLS_CERTIFICATE_PATH
,
404 tp_proxy_prepare_async (test
->cert
, features
, fetch_callback_result
, test
);
405 g_main_loop_run (test
->loop
);
406 tp_proxy_prepare_finish (test
->cert
, test
->result
, &error
);
407 g_assert_no_error (error
);
409 /* Clear for any future async stuff */
410 g_object_unref (test
->result
);
414 /* A simple test to make sure the test infrastructure is working */
416 test_certificate_mock_basics (Test
*test
,
417 gconstpointer data G_GNUC_UNUSED
)
419 GError
*error
= NULL
;
421 test
->mock
= mock_tls_certificate_new_and_register (test
->dbus
,
422 "server-cert.cer", NULL
);
424 ensure_certificate_proxy (test
);
426 tp_tls_certificate_accept_async (test
->cert
, fetch_callback_result
, test
);
427 g_main_loop_run (test
->loop
);
428 tp_tls_certificate_accept_finish (test
->cert
, test
->result
, &error
);
429 g_assert_no_error (error
);
431 g_assert (test
->mock
->state
== TP_TLS_CERTIFICATE_STATE_ACCEPTED
);
437 test_certificate_verify_success_with_pkcs11_lookup (Test
*test
,
438 gconstpointer data G_GNUC_UNUSED
)
440 TpTLSCertificateRejectReason reason
= 0;
441 GError
*error
= NULL
;
442 EmpathyTLSVerifier
*verifier
;
443 const gchar
*reference_identities
[] = {
444 "test-server.empathy.gnome.org",
449 * In this test the mock TLS connection only has one certificate
450 * not a full certificat echain. The root anchor certificate is
451 * retrieved from PKCS#11 storage.
454 test
->mock
= mock_tls_certificate_new_and_register (test
->dbus
,
455 "server-cert.cer", NULL
);
457 /* We add the collabora directory with the collabora root */
458 add_certificate_to_mock (test
, "certificate-authority.cer", NULL
);
460 ensure_certificate_proxy (test
);
462 verifier
= empathy_tls_verifier_new (test
->cert
, "test-server.empathy.gnome.org",
463 reference_identities
);
464 empathy_tls_verifier_verify_async (verifier
, fetch_callback_result
, test
);
465 g_main_loop_run (test
->loop
);
467 empathy_tls_verifier_verify_finish (verifier
, test
->result
, &reason
,
469 g_assert_no_error (error
);
471 /* Yay the verification was a success! */
473 g_clear_error (&error
);
474 g_object_unref (verifier
);
480 test_certificate_verify_success_with_full_chain (Test
*test
,
481 gconstpointer data G_GNUC_UNUSED
)
483 TpTLSCertificateRejectReason reason
= 0;
484 GError
*error
= NULL
;
485 EmpathyTLSVerifier
*verifier
;
486 const gchar
*reference_identities
[] = {
487 "test-server.empathy.gnome.org",
492 * In this test the mock TLS connection has a full certificate
493 * chain. We look for an anchor certificate in the chain.
496 test
->mock
= mock_tls_certificate_new_and_register (test
->dbus
,
497 "server-cert.cer", "certificate-authority.cer", NULL
);
499 /* We add the collabora directory with the collabora root */
500 add_certificate_to_mock (test
, "certificate-authority.cer", NULL
);
502 ensure_certificate_proxy (test
);
504 verifier
= empathy_tls_verifier_new (test
->cert
, "test-server.empathy.gnome.org",
505 reference_identities
);
506 empathy_tls_verifier_set_database (verifier
, test
->database
);
507 empathy_tls_verifier_verify_async (verifier
, fetch_callback_result
, test
);
508 g_main_loop_run (test
->loop
);
509 empathy_tls_verifier_verify_finish (verifier
, test
->result
, &reason
,
511 g_assert_no_error (error
);
513 /* Yay the verification was a success! */
515 g_clear_error (&error
);
516 g_object_unref (verifier
);
520 test_certificate_verify_root_not_found (Test
*test
,
521 gconstpointer data G_GNUC_UNUSED
)
523 TpTLSCertificateRejectReason reason
= 0;
524 GError
*error
= NULL
;
525 EmpathyTLSVerifier
*verifier
;
526 const gchar
*reference_identities
[] = {
527 "test-server.empathy.gnome.org",
531 test
->mock
= mock_tls_certificate_new_and_register (test
->dbus
,
532 "server-cert.cer", NULL
);
534 /* Note that we're not adding any place to find root certs */
536 ensure_certificate_proxy (test
);
538 verifier
= empathy_tls_verifier_new (test
->cert
, "test-server.empathy.gnome.org",
539 reference_identities
);
540 empathy_tls_verifier_verify_async (verifier
, fetch_callback_result
, test
);
541 g_main_loop_run (test
->loop
);
543 empathy_tls_verifier_verify_finish (verifier
, test
->result
, &reason
,
546 /* And it should say we're untrusted */
547 g_assert_error (error
, G_IO_ERROR
,
548 TP_TLS_CERTIFICATE_REJECT_REASON_UNTRUSTED
);
550 g_clear_error (&error
);
551 g_object_unref (verifier
);
555 test_certificate_verify_root_not_anchored (Test
*test
,
556 gconstpointer data G_GNUC_UNUSED
)
558 TpTLSCertificateRejectReason reason
= 0;
559 GError
*error
= NULL
;
560 EmpathyTLSVerifier
*verifier
;
561 const gchar
*reference_identities
[] = {
562 "test-server.empathy.gnome.org",
566 test
->mock
= mock_tls_certificate_new_and_register (test
->dbus
,
567 "server-cert.cer", "certificate-authority.cer", NULL
);
569 /* Note that we're not adding any place to find root certs */
571 ensure_certificate_proxy (test
);
573 verifier
= empathy_tls_verifier_new (test
->cert
, "test-server.empathy.gnome.org",
574 reference_identities
);
575 empathy_tls_verifier_verify_async (verifier
, fetch_callback_result
, test
);
576 g_main_loop_run (test
->loop
);
578 empathy_tls_verifier_verify_finish (verifier
, test
->result
, &reason
,
581 /* And it should say we're untrusted */
582 g_assert_error (error
, G_IO_ERROR
,
583 TP_TLS_CERTIFICATE_REJECT_REASON_UNTRUSTED
);
585 g_clear_error (&error
);
586 g_object_unref (verifier
);
590 test_certificate_verify_identities_invalid (Test
*test
,
591 gconstpointer data G_GNUC_UNUSED
)
593 TpTLSCertificateRejectReason reason
= 0;
594 GError
*error
= NULL
;
595 EmpathyTLSVerifier
*verifier
;
596 const gchar
*reference_identities
[] = {
601 test
->mock
= mock_tls_certificate_new_and_register (test
->dbus
,
602 "server-cert.cer", "certificate-authority.cer", NULL
);
604 /* We add the collabora directory with the collabora root */
605 add_certificate_to_mock (test
, "certificate-authority.cer", NULL
);
607 ensure_certificate_proxy (test
);
609 verifier
= empathy_tls_verifier_new (test
->cert
, "invalid.host.name",
610 reference_identities
);
611 empathy_tls_verifier_set_database (verifier
, test
->database
);
612 empathy_tls_verifier_verify_async (verifier
, fetch_callback_result
, test
);
613 g_main_loop_run (test
->loop
);
615 empathy_tls_verifier_verify_finish (verifier
, test
->result
, &reason
,
618 /* And it should say we're self-signed (oddly enough) */
619 g_assert_error (error
, G_IO_ERROR
,
620 TP_TLS_CERTIFICATE_REJECT_REASON_HOSTNAME_MISMATCH
);
622 g_clear_error (&error
);
623 g_object_unref (verifier
);
627 test_certificate_verify_uses_reference_identities (Test
*test
,
628 gconstpointer data G_GNUC_UNUSED
)
630 TpTLSCertificateRejectReason reason
= 0;
631 GError
*error
= NULL
;
632 EmpathyTLSVerifier
*verifier
;
633 const gchar
*reference_identities
[] = {
638 test
->mock
= mock_tls_certificate_new_and_register (test
->dbus
,
639 "server-cert.cer", "certificate-authority.cer", NULL
);
641 /* We add the collabora directory with the collabora root */
642 add_certificate_to_mock (test
, "certificate-authority.cer", NULL
);
644 ensure_certificate_proxy (test
);
646 /* Should be using the reference_identities and not host name for checks */
647 verifier
= empathy_tls_verifier_new (test
->cert
, "test-server.empathy.gnome.org",
648 reference_identities
);
649 empathy_tls_verifier_set_database (verifier
, test
->database
);
650 empathy_tls_verifier_verify_async (verifier
, fetch_callback_result
, test
);
651 g_main_loop_run (test
->loop
);
653 empathy_tls_verifier_verify_finish (verifier
, test
->result
, &reason
,
656 /* And it should say we're self-signed (oddly enough) */
657 g_assert_error (error
, G_IO_ERROR
,
658 TP_TLS_CERTIFICATE_REJECT_REASON_HOSTNAME_MISMATCH
);
660 g_clear_error (&error
);
661 g_object_unref (verifier
);
665 test_certificate_verify_success_with_pinned (Test
*test
,
666 gconstpointer data G_GNUC_UNUSED
)
668 TpTLSCertificateRejectReason reason
= 0;
669 GError
*error
= NULL
;
670 EmpathyTLSVerifier
*verifier
;
671 const gchar
*reference_identities
[] = {
672 "test-server.empathy.gnome.org",
677 * In this test the mock TLS connection has a certificate that has
678 * been pinned for the test-server.empathy.gnome.org peer.
681 test
->mock
= mock_tls_certificate_new_and_register (test
->dbus
,
682 "server-cert.cer", NULL
);
684 /* We add the collabora directory with the collabora root */
685 add_certificate_to_mock (test
, "server-cert.cer", "test-server.empathy.gnome.org");
687 ensure_certificate_proxy (test
);
689 verifier
= empathy_tls_verifier_new (test
->cert
, "test-server.empathy.gnome.org",
690 reference_identities
);
691 empathy_tls_verifier_verify_async (verifier
, fetch_callback_result
, test
);
692 g_main_loop_run (test
->loop
);
693 empathy_tls_verifier_verify_finish (verifier
, test
->result
, &reason
,
695 g_assert_no_error (error
);
697 /* Yay the verification was a success! */
699 g_clear_error (&error
);
700 g_object_unref (verifier
);
704 test_certificate_verify_pinned_wrong_host (Test
*test
,
705 gconstpointer data G_GNUC_UNUSED
)
707 TpTLSCertificateRejectReason reason
= 0;
708 GError
*error
= NULL
;
709 EmpathyTLSVerifier
*verifier
;
710 const gchar
*reference_identities
[] = {
711 "test-server.empathy.gnome.org",
715 test
->mock
= mock_tls_certificate_new_and_register (test
->dbus
,
716 "server-cert.cer", NULL
);
718 /* We add the collabora directory with the collabora root */
719 add_certificate_to_mock (test
, "server-cert.cer", "test-server.empathy.gnome.org");
721 ensure_certificate_proxy (test
);
723 verifier
= empathy_tls_verifier_new (test
->cert
, "another.gnome.org",
724 reference_identities
);
725 empathy_tls_verifier_verify_async (verifier
, fetch_callback_result
, test
);
726 g_main_loop_run (test
->loop
);
728 empathy_tls_verifier_verify_finish (verifier
, test
->result
, &reason
,
731 /* And it should say we're untrusted */
732 g_assert_error (error
, G_IO_ERROR
,
733 TP_TLS_CERTIFICATE_REJECT_REASON_UNTRUSTED
);
735 g_clear_error (&error
);
736 g_object_unref (verifier
);
745 test_init (argc
, argv
);
747 g_test_add ("/tls/certificate_basics", Test
, NULL
,
748 setup
, test_certificate_mock_basics
, teardown
);
750 g_test_add ("/tls/certificate_verify_success_with_pkcs11_lookup", Test
, NULL
,
751 setup
, test_certificate_verify_success_with_pkcs11_lookup
, teardown
);
753 g_test_add ("/tls/certificate_verify_success_with_full_chain", Test
, NULL
,
754 setup
, test_certificate_verify_success_with_full_chain
, teardown
);
755 g_test_add ("/tls/certificate_verify_root_not_found", Test
, NULL
,
756 setup
, test_certificate_verify_root_not_found
, teardown
);
757 g_test_add ("/tls/certificate_verify_root_not_anchored", Test
, NULL
,
758 setup
, test_certificate_verify_root_not_anchored
, teardown
);
759 g_test_add ("/tls/certificate_verify_identities_invalid", Test
, NULL
,
760 setup
, test_certificate_verify_identities_invalid
, teardown
);
761 g_test_add ("/tls/certificate_verify_uses_reference_identities", Test
, NULL
,
762 setup
, test_certificate_verify_uses_reference_identities
, teardown
);
763 g_test_add ("/tls/certificate_verify_success_with_pinned", Test
, NULL
,
764 setup
, test_certificate_verify_success_with_pinned
, teardown
);
765 g_test_add ("/tls/certificate_verify_pinned_wrong_host", Test
, NULL
,
766 setup
, test_certificate_verify_pinned_wrong_host
, teardown
);
768 result
= g_test_run ();