Add tests for conf_diagnostics

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24275)

5 files changed, 85 insertions, 3 deletions

diff --git a/test/context_internal_test.c b/test/context_internal_test.c
index 8fea53f..c829d81 100644
--- a/test/context_internal_test.c
+++ b/test/context_internal_test.c
@@ -48,8 +48,36 @@ static int test_set0_default(void)
     return testresult;
 }
 
+static int test_set_get_conf_diagnostics(void)
+{
+    OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
+    int res = 0;
+
+    if (!TEST_ptr(ctx))
+        goto err;
+
+    if (!TEST_false(OSSL_LIB_CTX_get_conf_diagnostics(ctx)))
+        goto err;
+
+    OSSL_LIB_CTX_set_conf_diagnostics(ctx, 1);
+
+    if (!TEST_true(OSSL_LIB_CTX_get_conf_diagnostics(ctx)))
+        goto err;
+
+    OSSL_LIB_CTX_set_conf_diagnostics(ctx, 0);
+
+    if (!TEST_false(OSSL_LIB_CTX_get_conf_diagnostics(ctx)))
+        goto err;
+
+    res = 1;
+ err:
+    OSSL_LIB_CTX_free(ctx);
+    return res;
+}
+
 int setup_tests(void)
 {
     ADD_TEST(test_set0_default);
+    ADD_TEST(test_set_get_conf_diagnostics);
     return 1;
 }
diff --git a/test/recipes/90-test_sysdefault.t b/test/recipes/90-test_sysdefault.t
index 308a592..6984bc1 100644
--- a/test/recipes/90-test_sysdefault.t
+++ b/test/recipes/90-test_sysdefault.t
@@ -8,7 +8,7 @@
 
 
 use OpenSSL::Test::Utils;
-use OpenSSL::Test qw/:DEFAULT srctop_file/;
+use OpenSSL::Test qw/:DEFAULT data_file/;
 
 my $test_name = "test_sysdefault";
 setup($test_name);
@@ -16,8 +16,16 @@ setup($test_name);
 plan skip_all => "$test_name is not supported in this build"
     if disabled("tls1_2") || disabled("rsa");
 
-plan tests => 1;
+plan tests => 3;
 
-$ENV{OPENSSL_CONF} = srctop_file("test", "sysdefault.cnf");
+$ENV{OPENSSL_CONF} = data_file("sysdefault.cnf");
+
+ok(run(test(["sysdefaulttest"])), "sysdefaulttest");
+
+$ENV{OPENSSL_CONF} = data_file("sysdefault-bad.cnf");
+
+ok(!run(test(["sysdefaulttest"])), "sysdefaulttest");
+
+$ENV{OPENSSL_CONF} = data_file("sysdefault-ignore.cnf");
 
 ok(run(test(["sysdefaulttest"])), "sysdefaulttest");
diff --git a/test/sysdefault.cnf b/test/recipes/90-test_sysdefault_data/sysdefault-bad.cnf
index 1c89150..1c89150 100644
--- a/test/sysdefault.cnf
+++ b/test/recipes/90-test_sysdefault_data/sysdefault-bad.cnf
diff --git a/test/recipes/90-test_sysdefault_data/sysdefault-ignore.cnf b/test/recipes/90-test_sysdefault_data/sysdefault-ignore.cnf
new file mode 100644
index 0000000..2b04caf
--- /dev/null
+++ b/test/recipes/90-test_sysdefault_data/sysdefault-ignore.cnf
@@ -0,0 +1,23 @@
+# Configuration file to test system default SSL configuration
+
+# We ignore configuration errors with config_diagnostics unset
+# config_diagnostics = 1
+
+openssl_conf = default_conf
+
+[ default_conf ]
+
+ssl_conf = ssl_sect
+oid_section = oid_sect
+
+[oid_sect]
+new-sig-oid = 1.1.1.1.1.1.1.1.1.1.1.1.1.1
+
+[ssl_sect]
+
+system_default = ssl_default_sect
+
+[ssl_default_sect]
+SignatureAlgorithms = RSA+SHA256:nonex
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
diff --git a/test/recipes/90-test_sysdefault_data/sysdefault.cnf b/test/recipes/90-test_sysdefault_data/sysdefault.cnf
new file mode 100644
index 0000000..f2cfa10
--- /dev/null
+++ b/test/recipes/90-test_sysdefault_data/sysdefault.cnf
@@ -0,0 +1,23 @@
+# Configuration file to test system default SSL configuration
+
+# Comment out the next line to ignore configuration errors
+config_diagnostics = 1
+
+openssl_conf = default_conf
+
+[ default_conf ]
+
+ssl_conf = ssl_sect
+oid_section = oid_sect
+
+[oid_sect]
+new-sig-oid = 1.1.1.1.1.1.1.1.1.1.1.1.1.1
+
+[ssl_sect]
+
+system_default = ssl_default_sect
+
+[ssl_default_sect]
+SignatureAlgorithms = RSA+SHA256:?nonex
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2