From patchwork Tue Mar 31 17:33:57 2026
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Gert Doering <gert@greenie.muc.de>
X-Patchwork-Id: 4862
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Received: by 2002:a05:7000:6c4a:b0:83c:d90d:321 with SMTP id c10csp2313153may;
        Tue, 31 Mar 2026 10:34:22 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCW09BAg3rv1vm4xDr0WaeXboBABlC+5HwaKIw+C8vgSXOpm6ZORv1FAKRMeUwbRIYIdWBofNfnniw4=@openvpn.net
X-Received: by 2002:a05:6870:210b:b0:41c:3893:735a with SMTP id
 586e51a60fabf-422cff996e7mr350995fac.46.1774978461769;
        Tue, 31 Mar 2026 10:34:21 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1774978461; cv=none;
        d=google.com; s=arc-20240605;
        b=k3+9bQYeAm2S95ufeabojgkD406I/R/oAU9gnOxqP9tfNjKvO3jvsGqIBJKQKfujp2
         YYFd1ScCDFghhBvaOgXEdPj8EbV6Be6b+ksp1b/En3HviI++W4Q2LXNERPrA2KlYfFMS
         dIxTCN5Wf9x4vzwmC+iV5x21YxKrysZzOtYHtRX3rBnxq6cUoIonxZcXbTrt5nhKThh6
         fYUvsZ5dWxZsFkMxt9rdEyo8WNA3jaS6rHHjlhoKDAGbkiW9hZXM7QctwTK5ZrdV3KCw
         QaV30hSv2JV7rI/Blmxu+FBCsHNtWxFuEpTgVd/ey0A72cfvFRiwFZFIGt2J/chdIDXT
         T33w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
        h=errors-to:content-transfer-encoding:list-subscribe:list-help
         :list-post:list-archive:list-unsubscribe:list-id:precedence:subject
         :mime-version:references:in-reply-to:message-id:date:to:from
         :dkim-signature:dkim-signature:dkim-signature;
        bh=SmDFQG+VsGY+QDlPcO/sq5e+kkBUMr7uWgADrdMQq5I=;
        fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=;
        b=COfPJmGqDTAg4ZzvVpofZVhTUJlCcW+5bkHiL8QFa1o50wAMdJJ4zazVaWf2tE2wWo
         Z4oSMUKcldVergm3meNFMJiyfcQT/30sn7Zs95/rPLhfO+IvAegYYVxNtTH/ksF7XzaG
         2UO/wR2OgDBkQ0v13AmzfJJMc57ichHNNiMoVWu2nthfjSzfa5Fpf8n4ZmVk+vlVo2LN
         1KS0kI3wHvrmtUDUf9sZItGnnCr8ziPnH/MunatTsQpY22oUnCfFmNg28E+rJTlUuLbU
         lrwBqlPgiX/QpNci+xd09firX6bl+dbJbA0LtbgvWnUDuCu2BD/suqTEqW8DtXNsq+km
         MhAw==;
        dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@lists.sourceforge.net header.s=beta
 header.b=gWL2bVex;
       dkim=neutral (body hash did not verify) header.i=@sourceforge.net
 header.s=x header.b=fVlugXw0;
       dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
 header.b=TAPsAeMD;
       spf=pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de
Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7])
        by mx.google.com with ESMTPS id
 586e51a60fabf-41d04e86275si9677692fac.339.2026.03.31.10.34.21
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Tue, 31 Mar 2026 10:34:21 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) client-ip=216.105.38.7;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@lists.sourceforge.net header.s=beta
 header.b=gWL2bVex;
       dkim=neutral (body hash did not verify) header.i=@sourceforge.net
 header.s=x header.b=fVlugXw0;
       dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
 header.b=TAPsAeMD;
       spf=pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:
	List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:
	Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender:
	Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From:
	Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner;
	bh=SmDFQG+VsGY+QDlPcO/sq5e+kkBUMr7uWgADrdMQq5I=; b=gWL2bVexbstAJbPCbNNAL6BSEc
	Br+RpXUnXAgD1GlwJ//nM18yqbwXW6wcApkEE+Cdauxdxunp0goVm9Ch8EjyUiUxmAKEzrJ88+zod
	wPNxSjwAYPngY0ryS1OIVOp1uAmY3v2UFwFrFSFEdUHPPSObGCa/AcX8omH40XHEvdB0=;
Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com)
	by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1w7cyo-00024A-Ab;
	Tue, 31 Mar 2026 17:34:19 +0000
Received: from [172.30.29.66] (helo=mx.sourceforge.net)
 by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95)
 (envelope-from <gert@blue4.greenie.muc.de>) id 1w7cym-00023q-Dn
 for openvpn-devel@lists.sourceforge.net;
 Tue, 31 Mar 2026 17:34:17 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References:
 In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:
 Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
 Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=D06Acu+fL3Un5qK1Eh7HK7GKaPxYlumksIl6DEf3SeM=; b=fVlugXw0rmBOQjez+OsxkWda44
 lTAlkzlbCg1y8g4yR7LUvkjC6IivpY1Xf0a7aOu1pe1kCM8XTxyF7cJhtsF/fHhIoQC6DjPpw90v2
 7GH+TG+4E8xBB4b0hxp5I7eA+lAsxE0fqo6BuTijbwz+SzIsN7goOTnAtfY/QLPkGQ2U=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID:
 Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=D06Acu+fL3Un5qK1Eh7HK7GKaPxYlumksIl6DEf3SeM=; b=TAPsAeMDRsT66VVa4D/aOB8o7/
 w7eusLE/AFcm13A5b6mJU+EcDdlBbYsyjYHFmhx0/GUjT1kfkfdLx0FfBpw4NRK9Mw2Rg+Rs0phvp
 luUXR7Qw3SSE0NV3jG9kauxPiIaPjAfIndpPN7Aso4Q6rZEYKSQKpP9Ru1xsMynwovOs=;
Received: from [193.149.48.129] (helo=blue.greenie.muc.de)
 by sfi-mx-2.v28.lw.sourceforge.com with esmtps
 (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95)
 id 1w7cym-0005fe-0n for openvpn-devel@lists.sourceforge.net;
 Tue, 31 Mar 2026 17:34:17 +0000
Received: from blue.greenie.muc.de (localhost [127.0.0.1])
 by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 62VHY4Q4003107
 for <openvpn-devel@lists.sourceforge.net>; Tue, 31 Mar 2026 19:34:04 +0200
Received: (from gert@localhost)
 by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 62VHY4xt003106
 for openvpn-devel@lists.sourceforge.net; Tue, 31 Mar 2026 19:34:04 +0200
From: Gert Doering <gert@greenie.muc.de>
To: openvpn-devel@lists.sourceforge.net
Date: Tue, 31 Mar 2026 19:33:57 +0200
Message-ID: <20260331173403.3082-1-gert@greenie.muc.de>
X-Mailer: git-send-email 2.52.0
In-Reply-To: 
 <gerrit.1774974242000.Iacbd8195cdedc7226bddc686ca8dccf9f25f8842@gerrit.openvpn.net>
References: 
 <gerrit.1774974242000.Iacbd8195cdedc7226bddc686ca8dccf9f25f8842@gerrit.openvpn.net>
MIME-Version: 1.0
X-Spam-Score: 1.3 (+)
X-Spam-Report: Spam detection software,
 running on the system "sfi-spamd-1.hosts.colo.sdot.me",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview: From: Arne Schwabe <arne@rfc2549.org> These unit tests will
 ensure that refactoring of these methods does not change the output.
 Change-Id:
 Iacbd8195cdedc7226bddc686ca8dccf9f25f8842 Signed-off-by: Arne Schwabe
 <arne@rfc2549.org>
 Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1598 ---
 Content analysis details:   (1.3 points, 5.0 required)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
X-Headers-End: 1w7cym-0005fe-0n
Subject: [Openvpn-devel] [PATCH v2] Add unit test for printing various
 details of certificates
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox
X-GMAIL-THRID: =?utf-8?q?1861199815512070146?=
X-GMAIL-MSGID: =?utf-8?q?1861199815512070146?=

From: Arne Schwabe <arne@rfc2549.org>

These unit tests will ensure that refactoring of these methods does not
change the output.

Change-Id: Iacbd8195cdedc7226bddc686ca8dccf9f25f8842
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1598
---

This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.

Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1598
This mail reflects revision 2 of this Change.

Acked-by according to Gerrit (reflected above):

diff --git a/tests/unit_tests/openvpn/test_ssl.c b/tests/unit_tests/openvpn/test_ssl.c
index 2b73ee7..0e9cecf 100644
--- a/tests/unit_tests/openvpn/test_ssl.c
+++ b/tests/unit_tests/openvpn/test_ssl.c
@@ -46,7 +46,9 @@
 #include "test_common.h"
 #include "ssl.h"
 #include "buffer.h"
+#include "cert_data.h"
 #include "packet_id.h"
+#include "ssl_verify.h"
 
 /* Mock function to be allowed to include win32.c which is required for
  * getting the temp directory */
@@ -750,6 +752,83 @@
     test_data_channel_known_vectors_run(false);
 }
 
+#if defined(ENABLE_CRYPTO_MBEDTLS)
+static openvpn_x509_cert_t *
+get_certificate(const char *cert_str)
+{
+    mbedtls_x509_crt *cert;
+    ALLOC_OBJ_CLEAR(cert, mbedtls_x509_crt);
+    int ret = mbedtls_x509_crt_parse(cert, (const unsigned char *)cert_str,
+                                     strlen(cert_str) + 1);
+
+    assert_int_equal(ret, 0);
+    return cert;
+}
+
+static void
+free_certificate(openvpn_x509_cert_t *cert)
+{
+    mbedtls_x509_crt_free(cert);
+    free(cert);
+}
+#else
+static openvpn_x509_cert_t *
+get_certificate(const char *cert_str)
+{
+    BIO *in = BIO_new_mem_buf((char *)cert1, -1);
+    assert_non_null(in);
+    X509 *cert = PEM_read_bio_X509(in, NULL, NULL, NULL);
+    assert_non_null(cert);
+    BIO_free(in);
+    return cert;
+}
+
+static void
+free_certificate(openvpn_x509_cert_t *cert)
+{
+    X509_free(cert);
+}
+#endif
+
+void
+crypto_test_print_cert_details(void **state)
+{
+    openvpn_x509_cert_t *cert = get_certificate(cert1);
+    struct gc_arena gc = gc_new();
+
+    const char *fp = backend_x509_get_serial_hex(cert, &gc);
+
+    /* we messed this up between TLS libraries. But let's at least notice in
+     * the future ...*/
+#if defined(ENABLE_CRYPTO_MBEDTLS)
+    assert_string_equal(fp, "82:6B:DD:CC:BD:E5:5E:B7:08:F1:2D:68:00:3C:24:DE");
+#else
+    assert_string_equal(fp, "82:6b:dd:cc:bd:e5:5e:b7:08:f1:2d:68:00:3c:24:de");
+#endif
+
+    const char *sn = backend_x509_get_serial(cert, &gc);
+    assert_string_equal(sn, "173359713849739808110610111821055272158");
+
+    char username[TLS_USERNAME_LEN + 1] = { 0 }; /* null-terminated */
+
+    int ret = backend_x509_get_username(username, sizeof(username), "CN",
+                                        cert);
+
+    assert_string_equal(username, "ovpn-test-ec1");
+    assert_int_equal(ret, SUCCESS);
+
+#ifndef ENABLE_CRYPTO_MBEDTLS
+    /* mbed TLS does not implement this */
+    ret = backend_x509_get_username(username, sizeof(username), "serialNumber",
+                                    cert);
+    assert_int_equal(ret, SUCCESS);
+    assert_string_equal(username, "0x826BDDCCBDE55EB708F12D68003C24DE");
+#endif
+
+    gc_free(&gc);
+    free_certificate(cert);
+}
+
 
 int
 main(void)
@@ -773,7 +852,9 @@
         cmocka_unit_test(test_data_channel_roundtrip_aes_256_cbc),
         cmocka_unit_test(test_data_channel_roundtrip_bf_cbc),
         cmocka_unit_test(test_data_channel_known_vectors_epoch),
-        cmocka_unit_test(test_data_channel_known_vectors_shortpktid)
+        cmocka_unit_test(test_data_channel_known_vectors_shortpktid),
+        cmocka_unit_test(crypto_test_print_cert_details)
+
     };
 
 #if defined(ENABLE_CRYPTO_OPENSSL)