3 #include <gnutls/gnutls.h>
4 #include <telepathy-glib/telepathy-glib.h>
5 #include <telepathy-glib/telepathy-glib-dbus.h>
7 #include "empathy-tls-verifier.h"
8 #include "mock-pkcs11.h"
9 #include "test-helper.h"
11 #define MOCK_TLS_CERTIFICATE_PATH "/mock/certificate"
14 GType
mock_tls_certificate_get_type (void);
16 #define MOCK_TLS_CERTIFICATE(obj) \
17 (G_TYPE_CHECK_INSTANCE_CAST((obj), mock_tls_certificate_get_type (), \
20 typedef struct _MockTLSCertificate
{
23 GPtrArray
*rejections
;
28 typedef struct _MockTLSCertificateClass
{
30 TpDBusPropertiesMixinClass dbus_props_class
;
31 } MockTLSCertificateClass
;
37 PROP_CERTIFICATE_TYPE
,
38 PROP_CERTIFICATE_CHAIN_DATA
41 static void mock_tls_certificate_iface_init (gpointer
, gpointer
);
43 G_DEFINE_TYPE_WITH_CODE(MockTLSCertificate
, mock_tls_certificate
, G_TYPE_OBJECT
,
44 G_IMPLEMENT_INTERFACE (TP_TYPE_SVC_AUTHENTICATION_TLS_CERTIFICATE
,
45 mock_tls_certificate_iface_init
)
46 G_IMPLEMENT_INTERFACE (TP_TYPE_SVC_DBUS_PROPERTIES
,
47 tp_dbus_properties_mixin_iface_init
)
51 mock_tls_certificate_init (MockTLSCertificate
*self
)
53 self
->state
= TP_TLS_CERTIFICATE_STATE_PENDING
;
54 self
->cert_type
= g_strdup ("x509");
55 self
->cert_data
= g_ptr_array_new_with_free_func((GDestroyNotify
) g_array_unref
);
56 self
->rejections
= g_ptr_array_new ();
60 mock_tls_certificate_get_property (GObject
*object
,
65 MockTLSCertificate
*self
= MOCK_TLS_CERTIFICATE (object
);
70 g_value_set_uint (value
, self
->state
);
73 g_value_set_boxed (value
, self
->rejections
);
75 case PROP_CERTIFICATE_TYPE
:
76 g_value_set_string (value
, self
->cert_type
);
78 case PROP_CERTIFICATE_CHAIN_DATA
:
79 g_value_set_boxed (value
, self
->cert_data
);
82 G_OBJECT_WARN_INVALID_PROPERTY_ID (object
, property_id
, pspec
);
88 mock_tls_certificate_finalize (GObject
*object
)
90 MockTLSCertificate
*self
= MOCK_TLS_CERTIFICATE (object
);
92 tp_clear_boxed (TP_ARRAY_TYPE_TLS_CERTIFICATE_REJECTION_LIST
,
94 g_free (self
->cert_type
);
95 self
->cert_type
= NULL
;
96 g_ptr_array_unref (self
->cert_data
);
97 self
->cert_data
= NULL
;
99 G_OBJECT_CLASS (mock_tls_certificate_parent_class
)->finalize (object
);
103 mock_tls_certificate_class_init (MockTLSCertificateClass
*klass
)
105 GObjectClass
*oclass
= G_OBJECT_CLASS (klass
);
108 static TpDBusPropertiesMixinPropImpl object_props
[] = {
109 { "State", "state", NULL
},
110 { "Rejections", "rejections", NULL
},
111 { "CertificateType", "certificate-type", NULL
},
112 { "CertificateChainData", "certificate-chain-data", NULL
},
116 static TpDBusPropertiesMixinIfaceImpl prop_interfaces
[] = {
117 { TP_IFACE_AUTHENTICATION_TLS_CERTIFICATE
,
118 tp_dbus_properties_mixin_getter_gobject_properties
,
125 oclass
->get_property
= mock_tls_certificate_get_property
;
126 oclass
->finalize
= mock_tls_certificate_finalize
;
128 pspec
= g_param_spec_uint ("state",
129 "State of this certificate",
130 "The state of this TLS certificate.",
131 0, TP_NUM_TLS_CERTIFICATE_STATES
- 1,
132 TP_TLS_CERTIFICATE_STATE_PENDING
,
133 G_PARAM_READABLE
| G_PARAM_STATIC_STRINGS
);
134 g_object_class_install_property (oclass
, PROP_STATE
, pspec
);
136 pspec
= g_param_spec_boxed ("rejections",
137 "The reject reasons",
138 "The reasons why this TLS certificate has been rejected",
139 TP_ARRAY_TYPE_TLS_CERTIFICATE_REJECTION_LIST
,
140 G_PARAM_READABLE
| G_PARAM_STATIC_STRINGS
);
141 g_object_class_install_property (oclass
, PROP_REJECTIONS
, pspec
);
143 pspec
= g_param_spec_string ("certificate-type",
144 "The certificate type",
145 "The type of this certificate.",
147 G_PARAM_READABLE
| G_PARAM_STATIC_STRINGS
);
148 g_object_class_install_property (oclass
, PROP_CERTIFICATE_TYPE
, pspec
);
150 pspec
= g_param_spec_boxed ("certificate-chain-data",
151 "The certificate chain data",
152 "The raw PEM-encoded trust chain of this certificate.",
153 TP_ARRAY_TYPE_UCHAR_ARRAY_LIST
,
154 G_PARAM_READABLE
| G_PARAM_STATIC_STRINGS
);
155 g_object_class_install_property (oclass
, PROP_CERTIFICATE_CHAIN_DATA
, pspec
);
157 klass
->dbus_props_class
.interfaces
= prop_interfaces
;
158 tp_dbus_properties_mixin_class_init (oclass
,
159 G_STRUCT_OFFSET (MockTLSCertificateClass
, dbus_props_class
));
163 mock_tls_certificate_accept (TpSvcAuthenticationTLSCertificate
*base
,
164 DBusGMethodInvocation
*context
)
166 MockTLSCertificate
*self
= MOCK_TLS_CERTIFICATE (base
);
167 self
->state
= TP_TLS_CERTIFICATE_STATE_ACCEPTED
;
168 tp_svc_authentication_tls_certificate_emit_accepted (self
);
169 tp_svc_authentication_tls_certificate_return_from_accept (context
);
173 mock_tls_certificate_reject (TpSvcAuthenticationTLSCertificate
*base
,
174 const GPtrArray
*in_Rejections
,
175 DBusGMethodInvocation
*context
)
177 MockTLSCertificate
*self
= MOCK_TLS_CERTIFICATE (base
);
178 self
->state
= TP_TLS_CERTIFICATE_STATE_REJECTED
;
179 tp_svc_authentication_tls_certificate_emit_rejected (self
, in_Rejections
);
180 tp_svc_authentication_tls_certificate_return_from_reject (context
);
184 mock_tls_certificate_iface_init (gpointer g_iface
,
187 TpSvcAuthenticationTLSCertificateClass
*klass
=
188 (TpSvcAuthenticationTLSCertificateClass
*)g_iface
;
190 tp_svc_authentication_tls_certificate_implement_accept (klass
,
191 mock_tls_certificate_accept
);
192 tp_svc_authentication_tls_certificate_implement_reject (klass
,
193 mock_tls_certificate_reject
);
198 mock_tls_certificate_assert_rejected (MockTLSCertificate
*self
,
199 TpTLSCertificateRejectReason reason
)
201 GValueArray
*rejection
;
202 TpTLSCertificateRejectReason rejection_reason
;
203 gchar
*rejection_error
;
204 GHashTable
*rejection_details
;
207 g_assert (self
->state
== TP_TLS_CERTIFICATE_STATE_REJECTED
);
208 g_assert (self
->rejections
);
209 g_assert (self
->rejections
->len
> 0);
211 for (i
= 0; i
< self
->rejections
->len
; ++i
)
213 rejection
= g_ptr_array_index (self
->rejections
, i
);
214 tp_value_array_unpack (rejection
, 3,
215 G_TYPE_UINT
, &rejection_reason
,
216 G_TYPE_STRING
, &rejection_error
,
217 TP_HASH_TYPE_STRING_VARIANT_MAP
, &rejection_details
,
219 g_free (rejection_error
);
220 g_hash_table_unref (rejection_details
);
222 if (rejection_reason
== reason
)
226 g_assert ("Certificate was not rejected for right reason" && 0);
230 static MockTLSCertificate
*
231 mock_tls_certificate_new_and_register (TpDBusDaemon
*dbus
,
235 MockTLSCertificate
*cert
;
236 GError
*error
= NULL
;
237 gchar
*filename
, *contents
;
242 cert
= g_object_new (mock_tls_certificate_get_type (), NULL
);
245 while (path
!= NULL
) {
246 filename
= g_build_filename (g_getenv ("EMPATHY_SRCDIR"),
247 "tests", "certificates", path
, NULL
);
248 g_file_get_contents (filename
, &contents
, &length
, &error
);
249 g_assert_no_error (error
);
251 der
= g_array_sized_new (TRUE
, TRUE
, sizeof (guchar
), length
);
252 g_array_append_vals (der
, contents
, length
);
253 g_ptr_array_add (cert
->cert_data
, der
);
258 path
= va_arg (va
, gchar
*);
262 tp_dbus_daemon_register_object (dbus
, MOCK_TLS_CERTIFICATE_PATH
, cert
);
266 /* ----------------------------------------------------------------------------
273 const gchar
*dbus_name
;
274 MockTLSCertificate
*mock
;
275 TpTLSCertificate
*cert
;
276 GAsyncResult
*result
;
280 setup (Test
*test
, gconstpointer data
)
282 GError
*error
= NULL
;
284 const gchar
*trust_uris
[2] = { MOCK_SLOT_ONE_URI
, NULL
};
286 test
->loop
= g_main_loop_new (NULL
, FALSE
);
288 test
->dbus
= tp_dbus_daemon_dup (&error
);
289 g_assert_no_error (error
);
291 test
->dbus_name
= tp_dbus_daemon_get_unique_name (test
->dbus
);
296 /* Add our mock module as the only PKCS#11 module */
297 module
= gck_module_new (&mock_default_functions
);
298 mock_C_Initialize (NULL
);
300 gcr_pkcs11_set_modules (NULL
);
301 gcr_pkcs11_add_module (module
);
302 gcr_pkcs11_set_trust_lookup_uris (trust_uris
);
306 teardown (Test
*test
, gconstpointer data
)
308 mock_C_Finalize (NULL
);
310 test
->dbus_name
= NULL
;
314 tp_dbus_daemon_unregister_object (test
->dbus
, test
->mock
);
315 g_object_unref (test
->mock
);
320 g_object_unref (test
->result
);
324 g_object_unref (test
->cert
);
327 g_main_loop_unref (test
->loop
);
330 g_object_unref (test
->dbus
);
335 add_certificate_to_mock (Test
*test
,
336 const gchar
*certificate
,
339 GError
*error
= NULL
;
340 GcrCertificate
*cert
;
345 path
= g_build_filename (g_getenv ("EMPATHY_SRCDIR"),
346 "tests", "certificates", certificate
, NULL
);
348 g_file_get_contents (path
, &contents
, &length
, &error
);
349 g_assert_no_error (error
);
351 cert
= gcr_simple_certificate_new ((const guchar
*)contents
, length
);
352 mock_module_add_certificate (cert
);
353 mock_module_add_assertion (cert
,
354 peer
? CKT_X_PINNED_CERTIFICATE
: CKT_X_ANCHORED_CERTIFICATE
,
355 GCR_PURPOSE_SERVER_AUTH
, peer
);
356 g_object_unref (cert
);
363 fetch_callback_result (GObject
*object
,
367 Test
*test
= user_data
;
368 g_assert (!test
->result
);
369 test
->result
= g_object_ref (res
);
370 g_main_loop_quit (test
->loop
);
374 ensure_certificate_proxy (Test
*test
)
376 GError
*error
= NULL
;
377 GQuark features
[] = { TP_TLS_CERTIFICATE_FEATURE_CORE
, 0 };
382 /* Create and prepare a certificate */
383 /* We don't use tp_tls_certificate_new() as we don't pass a parent */
384 test
->cert
= g_object_new (TP_TYPE_TLS_CERTIFICATE
,
385 "dbus-daemon", test
->dbus
,
386 "bus-name", test
->dbus_name
,
387 "object-path", MOCK_TLS_CERTIFICATE_PATH
,
390 tp_proxy_prepare_async (test
->cert
, features
, fetch_callback_result
, test
);
391 g_main_loop_run (test
->loop
);
392 tp_proxy_prepare_finish (test
->cert
, test
->result
, &error
);
393 g_assert_no_error (error
);
395 /* Clear for any future async stuff */
396 g_object_unref (test
->result
);
400 /* A simple test to make sure the test infrastructure is working */
402 test_certificate_mock_basics (Test
*test
,
403 gconstpointer data G_GNUC_UNUSED
)
405 GError
*error
= NULL
;
407 test
->mock
= mock_tls_certificate_new_and_register (test
->dbus
,
408 "server-cert.cer", NULL
);
410 ensure_certificate_proxy (test
);
412 tp_tls_certificate_accept_async (test
->cert
, fetch_callback_result
, test
);
413 g_main_loop_run (test
->loop
);
414 tp_tls_certificate_accept_finish (test
->cert
, test
->result
, &error
);
415 g_assert_no_error (error
);
417 g_assert (test
->mock
->state
== TP_TLS_CERTIFICATE_STATE_ACCEPTED
);
421 test_certificate_verify_success_with_pkcs11_lookup (Test
*test
,
422 gconstpointer data G_GNUC_UNUSED
)
424 TpTLSCertificateRejectReason reason
= 0;
425 GError
*error
= NULL
;
426 EmpathyTLSVerifier
*verifier
;
427 const gchar
*reference_identities
[] = {
428 "test-server.empathy.gnome.org",
433 * In this test the mock TLS connection only has one certificate
434 * not a full certificat echain. The root anchor certificate is
435 * retrieved from PKCS#11 storage.
438 test
->mock
= mock_tls_certificate_new_and_register (test
->dbus
,
439 "server-cert.cer", NULL
);
441 /* We add the collabora directory with the collabora root */
442 add_certificate_to_mock (test
, "certificate-authority.cer", NULL
);
444 ensure_certificate_proxy (test
);
446 verifier
= empathy_tls_verifier_new (test
->cert
, "test-server.empathy.gnome.org",
447 reference_identities
);
448 empathy_tls_verifier_verify_async (verifier
, fetch_callback_result
, test
);
449 g_main_loop_run (test
->loop
);
451 empathy_tls_verifier_verify_finish (verifier
, test
->result
, &reason
,
453 g_assert_no_error (error
);
455 /* Yay the verification was a success! */
457 g_clear_error (&error
);
458 g_object_unref (verifier
);
462 test_certificate_verify_success_with_full_chain (Test
*test
,
463 gconstpointer data G_GNUC_UNUSED
)
465 TpTLSCertificateRejectReason reason
= 0;
466 GError
*error
= NULL
;
467 EmpathyTLSVerifier
*verifier
;
468 const gchar
*reference_identities
[] = {
469 "test-server.empathy.gnome.org",
474 * In this test the mock TLS connection has a full certificate
475 * chain. We look for an anchor certificate in the chain.
478 test
->mock
= mock_tls_certificate_new_and_register (test
->dbus
,
479 "server-cert.cer", "certificate-authority.cer", NULL
);
481 /* We add the collabora directory with the collabora root */
482 add_certificate_to_mock (test
, "certificate-authority.cer", NULL
);
484 ensure_certificate_proxy (test
);
486 verifier
= empathy_tls_verifier_new (test
->cert
, "test-server.empathy.gnome.org",
487 reference_identities
);
488 empathy_tls_verifier_verify_async (verifier
, fetch_callback_result
, test
);
489 g_main_loop_run (test
->loop
);
490 empathy_tls_verifier_verify_finish (verifier
, test
->result
, &reason
,
492 g_assert_no_error (error
);
494 /* Yay the verification was a success! */
496 g_clear_error (&error
);
497 g_object_unref (verifier
);
501 test_certificate_verify_root_not_found (Test
*test
,
502 gconstpointer data G_GNUC_UNUSED
)
504 TpTLSCertificateRejectReason reason
= 0;
505 GError
*error
= NULL
;
506 EmpathyTLSVerifier
*verifier
;
507 const gchar
*reference_identities
[] = {
508 "test-server.empathy.gnome.org",
512 test
->mock
= mock_tls_certificate_new_and_register (test
->dbus
,
513 "server-cert.cer", NULL
);
515 /* Note that we're not adding any place to find root certs */
517 ensure_certificate_proxy (test
);
519 verifier
= empathy_tls_verifier_new (test
->cert
, "test-server.empathy.gnome.org",
520 reference_identities
);
521 empathy_tls_verifier_verify_async (verifier
, fetch_callback_result
, test
);
522 g_main_loop_run (test
->loop
);
524 empathy_tls_verifier_verify_finish (verifier
, test
->result
, &reason
,
527 /* And it should say we're self-signed (oddly enough) */
528 g_assert_error (error
, G_IO_ERROR
,
529 TP_TLS_CERTIFICATE_REJECT_REASON_SELF_SIGNED
);
531 g_clear_error (&error
);
532 g_object_unref (verifier
);
536 test_certificate_verify_root_not_anchored (Test
*test
,
537 gconstpointer data G_GNUC_UNUSED
)
539 TpTLSCertificateRejectReason reason
= 0;
540 GError
*error
= NULL
;
541 EmpathyTLSVerifier
*verifier
;
542 const gchar
*reference_identities
[] = {
543 "test-server.empathy.gnome.org",
547 test
->mock
= mock_tls_certificate_new_and_register (test
->dbus
,
548 "server-cert.cer", "certificate-authority.cer", NULL
);
550 /* Note that we're not adding any place to find root certs */
552 ensure_certificate_proxy (test
);
554 verifier
= empathy_tls_verifier_new (test
->cert
, "test-server.empathy.gnome.org",
555 reference_identities
);
556 empathy_tls_verifier_verify_async (verifier
, fetch_callback_result
, test
);
557 g_main_loop_run (test
->loop
);
559 empathy_tls_verifier_verify_finish (verifier
, test
->result
, &reason
,
562 /* And it should say we're self-signed (oddly enough) */
563 g_assert_error (error
, G_IO_ERROR
,
564 TP_TLS_CERTIFICATE_REJECT_REASON_SELF_SIGNED
);
566 g_clear_error (&error
);
567 g_object_unref (verifier
);
571 test_certificate_verify_identities_invalid (Test
*test
,
572 gconstpointer data G_GNUC_UNUSED
)
574 TpTLSCertificateRejectReason reason
= 0;
575 GError
*error
= NULL
;
576 EmpathyTLSVerifier
*verifier
;
577 const gchar
*reference_identities
[] = {
582 test
->mock
= mock_tls_certificate_new_and_register (test
->dbus
,
583 "server-cert.cer", "certificate-authority.cer", NULL
);
585 /* We add the collabora directory with the collabora root */
586 add_certificate_to_mock (test
, "certificate-authority.cer", NULL
);
588 ensure_certificate_proxy (test
);
590 verifier
= empathy_tls_verifier_new (test
->cert
, "invalid.host.name",
591 reference_identities
);
592 empathy_tls_verifier_verify_async (verifier
, fetch_callback_result
, test
);
593 g_main_loop_run (test
->loop
);
595 empathy_tls_verifier_verify_finish (verifier
, test
->result
, &reason
,
598 /* And it should say we're self-signed (oddly enough) */
599 g_assert_error (error
, G_IO_ERROR
,
600 TP_TLS_CERTIFICATE_REJECT_REASON_HOSTNAME_MISMATCH
);
602 g_clear_error (&error
);
603 g_object_unref (verifier
);
607 test_certificate_verify_uses_reference_identities (Test
*test
,
608 gconstpointer data G_GNUC_UNUSED
)
610 TpTLSCertificateRejectReason reason
= 0;
611 GError
*error
= NULL
;
612 EmpathyTLSVerifier
*verifier
;
613 const gchar
*reference_identities
[] = {
618 test
->mock
= mock_tls_certificate_new_and_register (test
->dbus
,
619 "server-cert.cer", "certificate-authority.cer", NULL
);
621 /* We add the collabora directory with the collabora root */
622 add_certificate_to_mock (test
, "certificate-authority.cer", NULL
);
624 ensure_certificate_proxy (test
);
626 /* Should be using the reference_identities and not host name for checks */
627 verifier
= empathy_tls_verifier_new (test
->cert
, "test-server.empathy.gnome.org",
628 reference_identities
);
629 empathy_tls_verifier_verify_async (verifier
, fetch_callback_result
, test
);
630 g_main_loop_run (test
->loop
);
632 empathy_tls_verifier_verify_finish (verifier
, test
->result
, &reason
,
635 /* And it should say we're self-signed (oddly enough) */
636 g_assert_error (error
, G_IO_ERROR
,
637 TP_TLS_CERTIFICATE_REJECT_REASON_HOSTNAME_MISMATCH
);
639 g_clear_error (&error
);
640 g_object_unref (verifier
);
644 test_certificate_verify_success_with_pinned (Test
*test
,
645 gconstpointer data G_GNUC_UNUSED
)
647 TpTLSCertificateRejectReason reason
= 0;
648 GError
*error
= NULL
;
649 EmpathyTLSVerifier
*verifier
;
650 const gchar
*reference_identities
[] = {
651 "test-server.empathy.gnome.org",
656 * In this test the mock TLS connection has a full certificate
657 * chain. We look for an anchor certificate in the chain.
660 test
->mock
= mock_tls_certificate_new_and_register (test
->dbus
,
661 "server-cert.cer", NULL
);
663 /* We add the collabora directory with the collabora root */
664 add_certificate_to_mock (test
, "server-cert.cer", "test-server.empathy.gnome.org");
666 ensure_certificate_proxy (test
);
668 verifier
= empathy_tls_verifier_new (test
->cert
, "test-server.empathy.gnome.org",
669 reference_identities
);
670 empathy_tls_verifier_verify_async (verifier
, fetch_callback_result
, test
);
671 g_main_loop_run (test
->loop
);
672 empathy_tls_verifier_verify_finish (verifier
, test
->result
, &reason
,
674 g_assert_no_error (error
);
676 /* Yay the verification was a success! */
678 g_clear_error (&error
);
679 g_object_unref (verifier
);
683 test_certificate_verify_pinned_wrong_host (Test
*test
,
684 gconstpointer data G_GNUC_UNUSED
)
686 TpTLSCertificateRejectReason reason
= 0;
687 GError
*error
= NULL
;
688 EmpathyTLSVerifier
*verifier
;
689 const gchar
*reference_identities
[] = {
690 "test-server.empathy.gnome.org",
694 test
->mock
= mock_tls_certificate_new_and_register (test
->dbus
,
695 "server-cert.cer", NULL
);
697 /* Note that we're not adding any place to find root certs */
699 ensure_certificate_proxy (test
);
701 verifier
= empathy_tls_verifier_new (test
->cert
, "another.gnome.org",
702 reference_identities
);
703 empathy_tls_verifier_verify_async (verifier
, fetch_callback_result
, test
);
704 g_main_loop_run (test
->loop
);
706 empathy_tls_verifier_verify_finish (verifier
, test
->result
, &reason
,
709 /* And it should say we're self-signed */
710 g_assert_error (error
, G_IO_ERROR
,
711 TP_TLS_CERTIFICATE_REJECT_REASON_SELF_SIGNED
);
713 g_clear_error (&error
);
714 g_object_unref (verifier
);
723 test_init (argc
, argv
);
724 gnutls_global_init ();
726 g_test_add ("/tls/certificate_basics", Test
, NULL
,
727 setup
, test_certificate_mock_basics
, teardown
);
728 g_test_add ("/tls/certificate_verify_success_with_pkcs11_lookup", Test
, NULL
,
729 setup
, test_certificate_verify_success_with_pkcs11_lookup
, teardown
);
730 g_test_add ("/tls/certificate_verify_success_with_full_chain", Test
, NULL
,
731 setup
, test_certificate_verify_success_with_full_chain
, teardown
);
732 g_test_add ("/tls/certificate_verify_root_not_found", Test
, NULL
,
733 setup
, test_certificate_verify_root_not_found
, teardown
);
734 g_test_add ("/tls/certificate_verify_root_not_anchored", Test
, NULL
,
735 setup
, test_certificate_verify_root_not_anchored
, teardown
);
736 g_test_add ("/tls/certificate_verify_identities_invalid", Test
, NULL
,
737 setup
, test_certificate_verify_identities_invalid
, teardown
);
738 g_test_add ("/tls/certificate_verify_uses_reference_identities", Test
, NULL
,
739 setup
, test_certificate_verify_uses_reference_identities
, teardown
);
740 g_test_add ("/tls/certificate_verify_success_with_pinned", Test
, NULL
,
741 setup
, test_certificate_verify_success_with_pinned
, teardown
);
742 g_test_add ("/tls/certificate_verify_pinned_wrong_host", Test
, NULL
,
743 setup
, test_certificate_verify_pinned_wrong_host
, teardown
);
745 result
= g_test_run ();