tests: Coverage for certificate files config and options

Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Sahana Prasad <sahana@redhat.com>
2026-02-04 12:20:42 +09:00 · 2023-09-29 11:12:08 +02:00
parent aae1bc1058
commit 14c7b6a3fb
2 changed files with 37 additions and 4 deletions
--- a/tests/unittests/torture_config.c
+++ b/tests/unittests/torture_config.c
@@ -184,7 +184,9 @@ extern LIBSSH_THREAD int ssh_log_level;
 /* Multiple IdentityFile settings all are applied */
 #define LIBSSH_TESTCONFIG_STRING13 \
   "IdentityFile id_rsa_one\n" \
-   "IdentityFile id_ecdsa_two\n"
+   "CertificateFile id_rsa_one-cert.pub\n" \
+   "IdentityFile id_ecdsa_two\n" \
+   "CertificateFile id_ecdsa_two-cert.pub\n" \

 /* +,-,^ features for all supported list */
 /* kex won't work in fips */
@@ -1913,10 +1915,10 @@ static void torture_config_parser_get_cmd(void **state)
    } else if (pid == 0) {
        ssh_execute_command(tok, fileno(outfile), fileno(outfile));
        /* Does not return */
-    } else {        
-        /* parent 
+    } else {
+        /* parent
         * wait child process */
-        wait(NULL); 
+        wait(NULL);
        infile = fopen("output.log", "r");
        assert_non_null(infile);
        p = fgets(buffer, sizeof(buffer), infile);
@@ -2198,6 +2200,7 @@ static void torture_config_match_pattern(void **state)
 static void torture_config_identity(void **state)
 {
    const char *id = NULL;
+    const char *cert = NULL;
    struct ssh_iterator *it = NULL;
    ssh_session session = *state;

@@ -2214,6 +2217,20 @@ static void torture_config_identity(void **state)
    assert_non_null(it);
    id = it->data;
    assert_string_equal(id, "id_rsa_one");
+
+    /* The certs are first added to this temporary list before expanding */
+    it = ssh_list_get_iterator(session->opts.certificate_non_exp);
+    assert_non_null(it);
+    cert = it->data;
+    /* The certs are coming as listed in the configuration file */
+    assert_string_equal(cert, "id_rsa_one-cert.pub");
+
+    it = it->next;
+    assert_non_null(it);
+    cert = it->data;
+    assert_string_equal(cert, "id_ecdsa_two-cert.pub");
+    /* and that is all */
+    assert_null(it->next);
 }

 /* Make absolute path for config include
--- a/tests/unittests/torture_options.c
+++ b/tests/unittests/torture_options.c
@@ -900,6 +900,9 @@ static void torture_options_copy(void **state)
    config = fopen("test_config", "w");
    assert_non_null(config);
    fputs("IdentityFile ~/.ssh/id_ecdsa\n"
+          "IdentityFile ~/.ssh/my_rsa\n"
+          "CertificateFile ~/.ssh/my_rsa-cert.pub\n"
+          "CertificateFile ~/.ssh/id_ecdsa-cert.pub\n"
          "User tester\n"
          "Hostname example.com\n"
          "BindAddress 127.0.0.2\n"
@@ -947,6 +950,19 @@ static void torture_options_copy(void **state)
    assert_null(it);
    assert_null(it2);

+    /* Check the certificates match */
+    it = ssh_list_get_iterator(session->opts.certificate_non_exp);
+    assert_non_null(it);
+    it2 = ssh_list_get_iterator(new->opts.certificate_non_exp);
+    assert_non_null(it2);
+    while (it != NULL && it2 != NULL) {
+        assert_string_equal(it->data, it2->data);
+        it = it->next;
+        it2 = it2->next;
+    }
+    assert_null(it);
+    assert_null(it2);
+
    assert_string_equal(session->opts.username, new->opts.username);
    assert_string_equal(session->opts.host, new->opts.host);
    assert_string_equal(session->opts.bindaddr, new->opts.bindaddr);