test/call: add account certificate selection test (baresip#3095)

test/call.c

@@ -3385,7 +3385,7 @@ int test_call_sni(void)
 	ASSERT_EQ(1, fix.b.n_incoming);
 	ASSERT_EQ(1, fix.b.n_established);
 	ASSERT_EQ(1, fix.b.n_closed);
-	ASSERT_EQ(0, fix.a.close_scode);
+	ASSERT_EQ(0, fix.b.close_scode);
 
 	ASSERT_EQ(0, fix.c.n_incoming);
 	ASSERT_EQ(0, fix.c.n_established);
@@ -3402,4 +3402,130 @@ int test_call_sni(void)
 
 	return err;
 }
+
+
+int test_call_cert_select(void)
+{
+	int err = 0;
+	struct fixture fix, *f = &fix;
+	char auri_tls[256], buri_tls[256];
+	const char *dp = test_datapath();
+	char s[256];
+
+	/* Set valid global certificate. */
+	re_snprintf(conf_config()->sip.cert, sizeof(conf_config()->sip.cert),
+		    "%s/sni/server-interm.pem", dp);
+	conf_config()->sip.verify_server = false;
+	conf_config()->sip.verify_client = true;
+
+	TEST_ERR(err);
+
+	fixture_init(f);
+
+	mem_deref(f->a.ua);
+	mem_deref(f->b.ua);
+
+	f->behaviour = BEHAVIOUR_ANSWER;
+
+	re_snprintf(s, sizeof(s), "A <sip:[email protected];transport=tls>"
+		    ";regint=0;cert=%s/sni/client-interm.pem", dp);
+	err = ua_alloc(&f->a.ua, s);
+	TEST_ERR(err);
+
+	re_snprintf(s, sizeof(s), "B <sip:[email protected];transport=tls>"
+		    ";regint=0;cert=%s/sni/other-cert.pem", dp);
+	err = ua_alloc(&f->b.ua, s);
+	TEST_ERR(err);
+
+	re_snprintf(auri_tls, sizeof(auri_tls), "sip:[email protected]:%u",
+		    sa_port(&f->laddr_tls));
+	re_snprintf(buri_tls, sizeof(buri_tls), "sip:[email protected]:%u",
+		    sa_port(&f->laddr_tls));
+
+	/* 1st test. No CA set. Call from A to B. TLS handshake must fail. */
+	f->b.n_closed = 1;
+
+	err = ua_connect(f->a.ua, 0, NULL, buri_tls, VIDMODE_OFF);
+	TEST_ERR(err);
+
+	err = re_main_timeout(5000);
+	TEST_ERR(err);
+	TEST_ERR(fix.err);
+
+	ASSERT_EQ(0, fix.a.n_incoming);
+	ASSERT_EQ(0, fix.a.n_established);
+	ASSERT_EQ(1, fix.a.n_closed);
+	ASSERT_EQ(0, fix.a.close_scode);
+
+	ASSERT_EQ(0, fix.b.n_incoming);
+	ASSERT_EQ(0, fix.b.n_established);
+	ASSERT_EQ(1, fix.b.n_closed);
+	ASSERT_EQ(0, fix.a.close_scode);
+
+	ASSERT_EQ(0, fix.c.n_incoming);
+	ASSERT_EQ(0, fix.c.n_established);
+	ASSERT_EQ(0, fix.c.n_closed);
+	ASSERT_EQ(0, fix.c.close_scode);
+
+	/* 2nd test. CA set. Call from B to A. TLS handshake must fail because
+	 * B has invalid cert set. */
+	re_snprintf(s, sizeof(s), "%s/sni/root-ca.pem", dp);
+	err = tls_add_cafile_path(uag_tls(), s, NULL);
+	TEST_ERR(err);
+
+	err = ua_connect(f->b.ua, 0, NULL, auri_tls, VIDMODE_OFF);
+	TEST_ERR(err);
+
+	err = re_main_timeout(5000);
+	TEST_ERR(err);
+	TEST_ERR(fix.err);
+
+	ASSERT_EQ(0, fix.a.n_incoming);
+	ASSERT_EQ(0, fix.a.n_established);
+	ASSERT_EQ(1, fix.a.n_closed);
+	ASSERT_EQ(0, fix.a.close_scode);
+
+	ASSERT_EQ(0, fix.b.n_incoming);
+	ASSERT_EQ(0, fix.b.n_established);
+	ASSERT_EQ(2, fix.b.n_closed);
+	ASSERT_EQ(0, fix.a.close_scode);
+
+	ASSERT_EQ(0, fix.c.n_incoming);
+	ASSERT_EQ(0, fix.c.n_established);
+	ASSERT_EQ(0, fix.c.n_closed);
+	ASSERT_EQ(0, fix.c.close_scode);
+
+	/* 3rd test. CA set. Call from A to B. TLS handshake must succeed. */
+	f->estab_action = ACTION_HANGUP_A;
+
+	err = ua_connect(f->a.ua, 0, NULL, buri_tls, VIDMODE_OFF);
+	TEST_ERR(err);
+
+	err = re_main_timeout(5000);
+	TEST_ERR(err);
+	TEST_ERR(fix.err);
+
+	ASSERT_EQ(0, fix.a.n_incoming);
+	ASSERT_EQ(1, fix.a.n_established);
+	ASSERT_EQ(2, fix.a.n_closed);
+	ASSERT_EQ(0, fix.a.close_scode);
+
+	ASSERT_EQ(1, fix.b.n_incoming);
+	ASSERT_EQ(1, fix.b.n_established);
+	ASSERT_EQ(2, fix.b.n_closed);
+	ASSERT_EQ(0, fix.a.close_scode);
+
+	ASSERT_EQ(0, fix.c.n_incoming);
+	ASSERT_EQ(0, fix.c.n_established);
+	ASSERT_EQ(0, fix.c.n_closed);
+	ASSERT_EQ(0, fix.c.close_scode);
+
+out:
+	if (err)
+		failure_debug(f, false);
+
+	fixture_close(f);
+
+	return err;
+}
 #endif

test/main.c

@@ -55,6 +55,7 @@ static const struct test tests[] = {
 	TEST(test_call_srtp_tx_rekey),
 #ifdef USE_TLS
 	TEST(test_call_sni),
+	TEST(test_call_cert_select),
 #endif
 	TEST(test_cmd),
 	TEST(test_cmd_long),

test/test.h

@@ -229,6 +229,7 @@ int test_call_hold_resume(void);
 int test_call_srtp_tx_rekey(void);
 #ifdef USE_TLS
 int test_call_sni(void);
+int test_call_cert_select(void);
 #endif
 int test_cmd(void);
 int test_cmd_long(void);