1 // Copyright 2021 gRPC authors.
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14
15 #include <stdbool.h>
16 #include <stdio.h>
17 #include <string.h>
18
19 #include <memory>
20 #include <utility>
21
22 #include <gmock/gmock.h>
23 #include <gtest/gtest.h>
24
25 #include "absl/status/statusor.h"
26 #include "absl/strings/str_cat.h"
27 #include "absl/strings/string_view.h"
28
29 #include <grpc/grpc.h>
30 #include <grpc/support/alloc.h>
31 #include <grpc/support/log.h>
32 #include <grpc/support/string_util.h>
33
34 #include "src/core/lib/gprpp/crash.h"
35 #include "src/core/lib/security/security_connector/security_connector.h"
36 #include "src/core/tsi/ssl_transport_security.h"
37 #include "src/core/tsi/transport_security.h"
38 #include "src/core/tsi/transport_security_interface.h"
39 #include "test/core/tsi/transport_security_test_lib.h"
40 #include "test/core/util/test_config.h"
41 #include "test/core/util/tls_utils.h"
42
43 extern "C" {
44 #include <openssl/crypto.h>
45 #include <openssl/pem.h>
46 }
47
48 namespace {
49
50 const char* kSslTsiTestCrlSupportedCredentialsDir =
51 "test/core/tsi/test_creds/crl_data/";
52 const char* kSslTsiTestCrlSupportedCrlDir =
53 "test/core/tsi/test_creds/crl_data/crls/";
54 const char* kSslTsiTestCrlSupportedCrlDirMissingIntermediate =
55 "test/core/tsi/test_creds/crl_data/crls_missing_intermediate/";
56 const char* kSslTsiTestCrlSupportedCrlDirMissingRoot =
57 "test/core/tsi/test_creds/crl_data/crls_missing_root/";
58 const char* kSslTsiTestFaultyCrlsDir = "bad_path/";
59 const char* kRevokedKeyPath = "test/core/tsi/test_creds/crl_data/revoked.key";
60 const char* kRevokedCertPath = "test/core/tsi/test_creds/crl_data/revoked.pem";
61 const char* kValidKeyPath = "test/core/tsi/test_creds/crl_data/valid.key";
62 const char* kValidCertPath = "test/core/tsi/test_creds/crl_data/valid.pem";
63
64 const char* kRevokedIntermediateKeyPath =
65 "test/core/tsi/test_creds/crl_data/leaf_signed_by_intermediate.key";
66 const char* kRevokedIntermediateCertPath =
67 "test/core/tsi/test_creds/crl_data/leaf_and_intermediate_chain.pem";
68 const char* kRootCrlPath = "test/core/tsi/test_creds/crl_data/crls/current.crl";
69 const char* kIntermediateCrlPath =
70 "test/core/tsi/test_creds/crl_data/crls/intermediate.crl";
71 const char* kModifiedSignaturePath =
72 "test/core/tsi/test_creds/crl_data/bad_crls/invalid_signature.crl";
73 const char* kModifiedContentPath =
74 "test/core/tsi/test_creds/crl_data/bad_crls/invalid_content.crl";
75 const char* kEvilCrlPath =
76 "test/core/tsi/test_creds/crl_data/bad_crls/evil.crl";
77
78 class CrlSslTransportSecurityTest
79 : public testing::TestWithParam<tsi_tls_version> {
80 protected:
81 // A tsi_test_fixture implementation.
82 class SslTsiTestFixture {
83 public:
SslTsiTestFixture(absl::string_view server_key_path,absl::string_view server_cert_path,absl::string_view client_key_path,absl::string_view client_cert_path,const char * crl_directory,std::shared_ptr<grpc_core::experimental::CrlProvider> crl_provider,bool expect_server_success,bool expect_client_success_1_2,bool expect_client_success_1_3)84 SslTsiTestFixture(
85 absl::string_view server_key_path, absl::string_view server_cert_path,
86 absl::string_view client_key_path, absl::string_view client_cert_path,
87 const char* crl_directory,
88 std::shared_ptr<grpc_core::experimental::CrlProvider> crl_provider,
89 bool expect_server_success, bool expect_client_success_1_2,
90 bool expect_client_success_1_3) {
91 tsi_test_fixture_init(&base_);
92 base_.test_unused_bytes = true;
93 base_.vtable = &kVtable;
94 server_key_ = grpc_core::testing::GetFileContents(server_key_path.data());
95 server_cert_ =
96 grpc_core::testing::GetFileContents(server_cert_path.data());
97 client_key_ = grpc_core::testing::GetFileContents(client_key_path.data());
98 client_cert_ =
99 grpc_core::testing::GetFileContents(client_cert_path.data());
100 root_cert_ = grpc_core::testing::GetFileContents(
101 absl::StrCat(kSslTsiTestCrlSupportedCredentialsDir, "ca.pem").data());
102 root_store_ = tsi_ssl_root_certs_store_create(root_cert_.c_str());
103 crl_directory_ = crl_directory;
104 crl_provider_ = std::move(crl_provider);
105 expect_server_success_ = expect_server_success;
106 expect_client_success_1_2_ = expect_client_success_1_2;
107 expect_client_success_1_3_ = expect_client_success_1_3;
108
109 server_pem_key_cert_pairs_ = static_cast<tsi_ssl_pem_key_cert_pair*>(
110 gpr_malloc(sizeof(tsi_ssl_pem_key_cert_pair)));
111 server_pem_key_cert_pairs_[0].private_key = server_key_.c_str();
112 server_pem_key_cert_pairs_[0].cert_chain = server_cert_.c_str();
113 client_pem_key_cert_pairs_ = static_cast<tsi_ssl_pem_key_cert_pair*>(
114 gpr_malloc(sizeof(tsi_ssl_pem_key_cert_pair)));
115 client_pem_key_cert_pairs_[0].private_key = client_key_.c_str();
116 client_pem_key_cert_pairs_[0].cert_chain = client_cert_.c_str();
117 GPR_ASSERT(root_store_ != nullptr);
118 }
119
Run()120 void Run() {
121 tsi_test_do_handshake(&base_);
122 tsi_test_fixture_destroy(&base_);
123 }
124
~SslTsiTestFixture()125 ~SslTsiTestFixture() {
126 gpr_free(server_pem_key_cert_pairs_);
127 gpr_free(client_pem_key_cert_pairs_);
128
129 tsi_ssl_root_certs_store_destroy(root_store_);
130 tsi_ssl_server_handshaker_factory_unref(server_handshaker_factory_);
131 tsi_ssl_client_handshaker_factory_unref(client_handshaker_factory_);
132 }
133
134 private:
SetupHandshakers(tsi_test_fixture * fixture)135 static void SetupHandshakers(tsi_test_fixture* fixture) {
136 GPR_ASSERT(fixture != nullptr);
137 auto* self = reinterpret_cast<SslTsiTestFixture*>(fixture);
138 self->SetupHandshakers();
139 }
140
SetupHandshakers()141 void SetupHandshakers() {
142 // Create client handshaker factory.
143 tsi_ssl_client_handshaker_options client_options;
144 client_options.pem_root_certs = root_cert_.c_str();
145 client_options.pem_key_cert_pair = client_pem_key_cert_pairs_;
146 client_options.crl_directory = crl_directory_;
147 client_options.crl_provider = crl_provider_;
148 client_options.root_store = root_store_;
149 client_options.min_tls_version = GetParam();
150 client_options.max_tls_version = GetParam();
151 EXPECT_EQ(tsi_create_ssl_client_handshaker_factory_with_options(
152 &client_options, &client_handshaker_factory_),
153 TSI_OK);
154 // Create server handshaker factory.
155 tsi_ssl_server_handshaker_options server_options;
156 server_options.pem_key_cert_pairs = server_pem_key_cert_pairs_;
157 server_options.num_key_cert_pairs = 1;
158 server_options.pem_client_root_certs = root_cert_.c_str();
159 server_options.crl_directory = crl_directory_;
160 server_options.crl_provider = crl_provider_;
161 server_options.client_certificate_request =
162 TSI_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY;
163 server_options.session_ticket_key = nullptr;
164 server_options.session_ticket_key_size = 0;
165 server_options.min_tls_version = GetParam();
166 server_options.max_tls_version = GetParam();
167 EXPECT_EQ(tsi_create_ssl_server_handshaker_factory_with_options(
168 &server_options, &server_handshaker_factory_),
169 TSI_OK);
170 // Create server and client handshakers.
171 EXPECT_EQ(tsi_ssl_client_handshaker_factory_create_handshaker(
172 client_handshaker_factory_, nullptr, 0, 0,
173 &base_.client_handshaker),
174 TSI_OK);
175 EXPECT_EQ(tsi_ssl_server_handshaker_factory_create_handshaker(
176 server_handshaker_factory_, 0, 0, &base_.server_handshaker),
177 TSI_OK);
178 }
179
CheckHandshakerPeers(tsi_test_fixture * fixture)180 static void CheckHandshakerPeers(tsi_test_fixture* fixture) {
181 GPR_ASSERT(fixture != nullptr);
182 auto* self = reinterpret_cast<SslTsiTestFixture*>(fixture);
183 self->CheckHandshakerPeers();
184 }
185
CheckHandshakerPeers()186 void CheckHandshakerPeers() {
187 // In TLS 1.3, the client-side handshake succeeds even if the client
188 // sends a revoked certificate. In such a case, the server would fail
189 // the TLS handshake and send an alert to the client as the first
190 // application data message. In TLS 1.2, the client-side handshake will
191 // fail if the client sends a revoked certificate.
192 //
193 // For OpenSSL versions < 1.1, TLS 1.3 is not supported, so the
194 // client-side handshake should succeed precisely when the server-side
195 // handshake succeeds.
196 //
197 // For the intermediate cases, we have a CA -> Intermediate CA -> Leaf
198 // Cert chain in which the Intermediate CA cert is revoked by the CA. We
199 // test 3 cases. Note: A CRL not existing should not make the handshake
200 // fail
201 // 1. CRL Directory with CA's CRL and Intermediate CA's CRL -> Handshake
202 // fails due to revoked cert
203 // 2. CRL Directory with CA's CRL but missing Intermediate CA's CRL ->
204 // Handshake fails due to revoked cert
205 // 3. CRL Directory without CA's CRL with but Intermediate CA's CRL ->
206 // Handshake succeeds because the CRL that revokes the cert is not
207 // present.
208 bool expect_server_success = expect_server_success_;
209 bool expect_client_success = false;
210 #if OPENSSL_VERSION_NUMBER >= 0x10100000
211 expect_client_success = GetParam() == tsi_tls_version::TSI_TLS1_2
212 ? expect_client_success_1_2_
213 : expect_client_success_1_3_;
214 #else
215 // If using OpenSSL version < 1.1, the CRL revocation won't
216 // be enabled anyways, so we always expect the connection to
217 // be successful.
218 expect_server_success = true;
219 expect_client_success = expect_server_success;
220 #endif
221 tsi_peer peer;
222 if (expect_client_success) {
223 EXPECT_EQ(
224 tsi_handshaker_result_extract_peer(base_.client_result, &peer),
225 TSI_OK);
226 tsi_peer_destruct(&peer);
227 } else {
228 EXPECT_EQ(base_.client_result, nullptr);
229 }
230 if (expect_server_success) {
231 EXPECT_EQ(
232 tsi_handshaker_result_extract_peer(base_.server_result, &peer),
233 TSI_OK);
234 tsi_peer_destruct(&peer);
235 } else {
236 EXPECT_EQ(base_.server_result, nullptr);
237 }
238 }
239
Destruct(tsi_test_fixture * fixture)240 static void Destruct(tsi_test_fixture* fixture) {
241 auto* self = reinterpret_cast<SslTsiTestFixture*>(fixture);
242 delete self;
243 }
244
245 static struct tsi_test_fixture_vtable kVtable;
246
247 tsi_test_fixture base_;
248 std::string root_cert_;
249 tsi_ssl_root_certs_store* root_store_;
250 tsi_ssl_server_handshaker_factory* server_handshaker_factory_;
251 tsi_ssl_client_handshaker_factory* client_handshaker_factory_;
252
253 std::string server_key_;
254 std::string server_cert_;
255 std::string client_key_;
256 std::string client_cert_;
257 const char* crl_directory_;
258 bool expect_server_success_;
259 bool expect_client_success_1_2_;
260 bool expect_client_success_1_3_;
261 tsi_ssl_pem_key_cert_pair* client_pem_key_cert_pairs_;
262 tsi_ssl_pem_key_cert_pair* server_pem_key_cert_pairs_;
263 std::shared_ptr<grpc_core::experimental::CrlProvider> crl_provider_;
264 };
265 };
266
267 struct tsi_test_fixture_vtable
268 CrlSslTransportSecurityTest::SslTsiTestFixture::kVtable = {
269 &CrlSslTransportSecurityTest::SslTsiTestFixture::SetupHandshakers,
270 &CrlSslTransportSecurityTest::SslTsiTestFixture::CheckHandshakerPeers,
271 &CrlSslTransportSecurityTest::SslTsiTestFixture::Destruct};
272
TEST_P(CrlSslTransportSecurityTest,RevokedServerCert)273 TEST_P(CrlSslTransportSecurityTest, RevokedServerCert) {
274 auto* fixture = new SslTsiTestFixture(
275 kRevokedKeyPath, kRevokedCertPath, kValidKeyPath, kValidCertPath,
276 kSslTsiTestCrlSupportedCrlDir, nullptr, false, false, false);
277 fixture->Run();
278 }
279
TEST_P(CrlSslTransportSecurityTest,RevokedClientCert)280 TEST_P(CrlSslTransportSecurityTest, RevokedClientCert) {
281 auto* fixture = new SslTsiTestFixture(
282 kValidKeyPath, kValidCertPath, kRevokedKeyPath, kRevokedCertPath,
283 kSslTsiTestCrlSupportedCrlDir, nullptr, false, false, true);
284 fixture->Run();
285 }
286
TEST_P(CrlSslTransportSecurityTest,ValidCerts)287 TEST_P(CrlSslTransportSecurityTest, ValidCerts) {
288 auto* fixture = new SslTsiTestFixture(
289 kValidKeyPath, kValidCertPath, kValidKeyPath, kValidCertPath,
290 kSslTsiTestCrlSupportedCrlDir, nullptr, true, true, true);
291 fixture->Run();
292 }
293
TEST_P(CrlSslTransportSecurityTest,UseFaultyCrlDirectory)294 TEST_P(CrlSslTransportSecurityTest, UseFaultyCrlDirectory) {
295 auto* fixture = new SslTsiTestFixture(
296 kRevokedKeyPath, kRevokedCertPath, kValidKeyPath, kValidCertPath,
297 kSslTsiTestFaultyCrlsDir, nullptr, true, true, true);
298 fixture->Run();
299 }
300
TEST_P(CrlSslTransportSecurityTest,UseRevokedIntermediateValidCrl)301 TEST_P(CrlSslTransportSecurityTest, UseRevokedIntermediateValidCrl) {
302 auto* fixture = new SslTsiTestFixture(
303 kRevokedIntermediateKeyPath, kRevokedIntermediateCertPath, kValidKeyPath,
304 kValidCertPath, kSslTsiTestCrlSupportedCrlDir, nullptr, false, false,
305 false);
306 fixture->Run();
307 }
308
TEST_P(CrlSslTransportSecurityTest,UseRevokedIntermediateWithMissingIntermediateCrl)309 TEST_P(CrlSslTransportSecurityTest,
310 UseRevokedIntermediateWithMissingIntermediateCrl) {
311 auto* fixture = new SslTsiTestFixture(
312 kRevokedIntermediateKeyPath, kRevokedIntermediateCertPath, kValidKeyPath,
313 kValidCertPath, kSslTsiTestCrlSupportedCrlDirMissingIntermediate, nullptr,
314 false, false, false);
315 fixture->Run();
316 }
317
TEST_P(CrlSslTransportSecurityTest,UseRevokedIntermediateWithMissingRootCrl)318 TEST_P(CrlSslTransportSecurityTest, UseRevokedIntermediateWithMissingRootCrl) {
319 auto* fixture = new SslTsiTestFixture(
320 kRevokedIntermediateKeyPath, kRevokedIntermediateCertPath, kValidKeyPath,
321 kValidCertPath, kSslTsiTestCrlSupportedCrlDirMissingRoot, nullptr, true,
322 true, true);
323 fixture->Run();
324 }
325
TEST_P(CrlSslTransportSecurityTest,CrlProviderValidCerts)326 TEST_P(CrlSslTransportSecurityTest, CrlProviderValidCerts) {
327 std::string root_crl = grpc_core::testing::GetFileContents(kRootCrlPath);
328 std::string intermediate_crl =
329 grpc_core::testing::GetFileContents(kIntermediateCrlPath);
330
331 absl::StatusOr<std::shared_ptr<grpc_core::experimental::CrlProvider>>
332 provider = grpc_core::experimental::CreateStaticCrlProvider(
333 {root_crl, intermediate_crl});
334 ASSERT_TRUE(provider.ok());
335
336 auto* fixture = new SslTsiTestFixture(kValidKeyPath, kValidCertPath,
337 kValidKeyPath, kValidCertPath, nullptr,
338 *provider, true, true, true);
339 fixture->Run();
340 }
341
TEST_P(CrlSslTransportSecurityTest,CrlProviderRevokedServer)342 TEST_P(CrlSslTransportSecurityTest, CrlProviderRevokedServer) {
343 std::string root_crl = grpc_core::testing::GetFileContents(kRootCrlPath);
344 std::string intermediate_crl =
345 grpc_core::testing::GetFileContents(kIntermediateCrlPath);
346
347 absl::StatusOr<std::shared_ptr<grpc_core::experimental::CrlProvider>>
348 provider = grpc_core::experimental::CreateStaticCrlProvider(
349 {root_crl, intermediate_crl});
350 ASSERT_TRUE(provider.ok());
351
352 auto* fixture = new SslTsiTestFixture(kRevokedKeyPath, kRevokedCertPath,
353 kValidKeyPath, kValidCertPath, nullptr,
354 *provider, false, false, false);
355 fixture->Run();
356 }
357
TEST_P(CrlSslTransportSecurityTest,CrlProviderRevokedClient)358 TEST_P(CrlSslTransportSecurityTest, CrlProviderRevokedClient) {
359 std::string root_crl = grpc_core::testing::GetFileContents(kRootCrlPath);
360 std::string intermediate_crl =
361 grpc_core::testing::GetFileContents(kIntermediateCrlPath);
362
363 absl::StatusOr<std::shared_ptr<grpc_core::experimental::CrlProvider>>
364 provider = grpc_core::experimental::CreateStaticCrlProvider(
365 {root_crl, intermediate_crl});
366 ASSERT_TRUE(provider.ok());
367
368 auto* fixture = new SslTsiTestFixture(kValidKeyPath, kValidCertPath,
369 kRevokedKeyPath, kRevokedCertPath,
370 nullptr, *provider, false, false, true);
371 fixture->Run();
372 }
373
TEST_P(CrlSslTransportSecurityTest,CrlProviderRevokedIntermediateValidCrl)374 TEST_P(CrlSslTransportSecurityTest, CrlProviderRevokedIntermediateValidCrl) {
375 std::string root_crl = grpc_core::testing::GetFileContents(kRootCrlPath);
376 std::string intermediate_crl =
377 grpc_core::testing::GetFileContents(kIntermediateCrlPath);
378
379 absl::StatusOr<std::shared_ptr<grpc_core::experimental::CrlProvider>>
380 provider = grpc_core::experimental::CreateStaticCrlProvider(
381 {root_crl, intermediate_crl});
382 ASSERT_TRUE(provider.ok());
383
384 auto* fixture = new SslTsiTestFixture(
385 kRevokedIntermediateKeyPath, kRevokedIntermediateCertPath, kValidKeyPath,
386 kValidCertPath, nullptr, *provider, false, false, false);
387 fixture->Run();
388 }
389
TEST_P(CrlSslTransportSecurityTest,CrlProviderRevokedIntermediateMissingIntermediateCrl)390 TEST_P(CrlSslTransportSecurityTest,
391 CrlProviderRevokedIntermediateMissingIntermediateCrl) {
392 std::string root_crl = grpc_core::testing::GetFileContents(kRootCrlPath);
393
394 absl::StatusOr<std::shared_ptr<grpc_core::experimental::CrlProvider>>
395 provider = grpc_core::experimental::CreateStaticCrlProvider({root_crl});
396 ASSERT_TRUE(provider.ok());
397
398 auto* fixture = new SslTsiTestFixture(
399 kRevokedIntermediateKeyPath, kRevokedIntermediateCertPath, kValidKeyPath,
400 kValidCertPath, nullptr, *provider, false, false, false);
401 fixture->Run();
402 }
403
TEST_P(CrlSslTransportSecurityTest,CrlProviderRevokedIntermediateMissingRootCrl)404 TEST_P(CrlSslTransportSecurityTest,
405 CrlProviderRevokedIntermediateMissingRootCrl) {
406 std::string intermediate_crl =
407 grpc_core::testing::GetFileContents(kIntermediateCrlPath);
408
409 absl::StatusOr<std::shared_ptr<grpc_core::experimental::CrlProvider>>
410 provider =
411 grpc_core::experimental::CreateStaticCrlProvider({intermediate_crl});
412 ASSERT_TRUE(provider.ok());
413
414 auto* fixture = new SslTsiTestFixture(
415 kRevokedIntermediateKeyPath, kRevokedIntermediateCertPath, kValidKeyPath,
416 kValidCertPath, nullptr, *provider, true, true, true);
417 fixture->Run();
418 }
419
TestNameSuffix(const::testing::TestParamInfo<tsi_tls_version> & version)420 std::string TestNameSuffix(
421 const ::testing::TestParamInfo<tsi_tls_version>& version) {
422 if (version.param == tsi_tls_version::TSI_TLS1_2) return "TLS_1_2";
423 GPR_ASSERT(version.param == tsi_tls_version::TSI_TLS1_3);
424 return "TLS_1_3";
425 }
426
TEST_P(CrlSslTransportSecurityTest,CrlProviderModifiedContentCrl)427 TEST_P(CrlSslTransportSecurityTest, CrlProviderModifiedContentCrl) {
428 std::string root_crl =
429 grpc_core::testing::GetFileContents(kModifiedContentPath);
430 std::string intermediate_crl =
431 grpc_core::testing::GetFileContents(kIntermediateCrlPath);
432
433 absl::StatusOr<std::shared_ptr<grpc_core::experimental::CrlProvider>>
434 provider = grpc_core::experimental::CreateStaticCrlProvider(
435 {root_crl, intermediate_crl});
436 ASSERT_NE(provider.status(), absl::OkStatus()) << provider.status();
437 }
438
TEST_P(CrlSslTransportSecurityTest,CrlProviderModifiedSignatureCrl)439 TEST_P(CrlSslTransportSecurityTest, CrlProviderModifiedSignatureCrl) {
440 std::string root_crl =
441 grpc_core::testing::GetFileContents(kModifiedSignaturePath);
442 std::string intermediate_crl =
443 grpc_core::testing::GetFileContents(kIntermediateCrlPath);
444
445 absl::StatusOr<std::shared_ptr<grpc_core::experimental::CrlProvider>>
446 provider = grpc_core::experimental::CreateStaticCrlProvider(
447 {root_crl, intermediate_crl});
448 ASSERT_TRUE(provider.ok()) << provider.status();
449
450 auto* fixture = new SslTsiTestFixture(kValidKeyPath, kValidCertPath,
451 kValidKeyPath, kValidCertPath, nullptr,
452 *provider, false, false, false);
453 fixture->Run();
454 }
455
TEST_P(CrlSslTransportSecurityTest,CrlFromBadCa)456 TEST_P(CrlSslTransportSecurityTest, CrlFromBadCa) {
457 std::string root_crl = grpc_core::testing::GetFileContents(kEvilCrlPath);
458 std::string intermediate_crl =
459 grpc_core::testing::GetFileContents(kIntermediateCrlPath);
460
461 absl::StatusOr<std::shared_ptr<grpc_core::experimental::CrlProvider>>
462 provider = grpc_core::experimental::CreateStaticCrlProvider(
463 {root_crl, intermediate_crl});
464 ASSERT_TRUE(provider.ok()) << provider.status();
465
466 auto* fixture = new SslTsiTestFixture(kValidKeyPath, kValidCertPath,
467 kValidKeyPath, kValidCertPath, nullptr,
468 *provider, false, false, false);
469 fixture->Run();
470 }
471
472 // TODO(gtcooke94) Add nullptr issuer test cases - this is not simple to test
473 // the way the code is currently designed - we plan to refactor ways the OpenSSL
474 // callback functions are written to have more easily testable chunks in
475 // ssl_transport_security_utils and will add nullptr issuer tests at that time.
476
477 INSTANTIATE_TEST_SUITE_P(TLSVersionsTest, CrlSslTransportSecurityTest,
478 testing::Values(tsi_tls_version::TSI_TLS1_2,
479 tsi_tls_version::TSI_TLS1_3),
480 &TestNameSuffix);
481
482 } // namespace
483
main(int argc,char ** argv)484 int main(int argc, char** argv) {
485 grpc::testing::TestEnvironment env(&argc, argv);
486 ::testing::InitGoogleTest(&argc, argv);
487 return RUN_ALL_TESTS();
488 }
489