add apple test to github actions

2025-08-01 19:54:40 +02:00 · 2025-06-24 09:42:23 -06:00
parent d3b30f8d51
commit 7c44f14e77
4 changed files with 41 additions and 9 deletions
--- a/.github/workflows/macos-ancv.yml
+++ b/.github/workflows/macos-ancv.yml
@@ -0,0 +1,27 @@
+name: MacOS apple native cert validation tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  make_check:
+    strategy:
+      fail-fast: false
+    runs-on: macos-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 5
+    steps:
+      - name: Build and configure wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          configure: CFLAGS='-DWOLFSSL_APPLE_NATIVE_CERT_VALIDATION -DWOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION -DRSA_MIN_SIZE=2048 -DNO_WOLFSSL_CIPHER_SUITE_TEST'
+
--- a/src/internal.c
+++ b/src/internal.c
@@ -42857,6 +42857,8 @@ static int DisplaySecTrustError(CFErrorRef error, SecTrustRef trust)
    return 0;
 }

+#if defined(WOLFSSL_APPLE_NATIVE_CERT_VALIDATION) && \
+    defined (WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION)
 static int MaxValidityPeriodErrorOnly(CFErrorRef error)
 {
    int multiple = 0;
@@ -42896,7 +42898,7 @@ static int MaxValidityPeriodErrorOnly(CFErrorRef error)
    }
    return multiple;
 }
-
+#endif
 /*
 * Validates a chain of certificates using the Apple system trust APIs
 *
@@ -42999,7 +43001,7 @@ static int DoAppleNativeCertValidation(WOLFSSL*                   ssl,
                           code);
            DisplaySecTrustError(error, trust);

-#if WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION
+#ifdef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION
            /* TEST ONLY CODE:
             * wolfSSL API tests use a cert with a validity period that is too
             * long for the Apple system trust APIs
--- a/src/ssl_load.c
+++ b/src/ssl_load.c
@@ -46,7 +46,7 @@
 #if defined(HAVE_SECURITY_SECTRUSTSETTINGS_H)
 #include <Security/SecTrustSettings.h>
 #endif /* HAVE_SECURITY_SECTRUSTSETTINGS_H */
-#if WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION
+#ifdef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION
 #include <CoreFoundation/CoreFoundation.h>
 #endif /* WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION */
 #endif /* __APPLE__ */
--- a/tests/api.c
+++ b/tests/api.c
@@ -48373,6 +48373,7 @@ static int test_X509_LOOKUP_add_dir(void)
                   !defined(WOLFSSL_NO_CLIENT_AUTH)) && !defined(NO_FILESYSTEM)
 #if !defined(NO_RSA) || defined(HAVE_ECC)
 /* Use the Cert Manager(CM) API to generate the error ASN_SIG_CONFIRM_E */
+#ifndef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION
 static int verify_sig_cm(const char* ca, byte* cert_buf, size_t cert_sz,
    int type)
 {
@@ -48423,10 +48424,9 @@ static int verify_sig_cm(const char* ca, byte* cert_buf, size_t cert_sz,

    return ret;
 }
-#endif
+

 #if !defined(NO_FILESYSTEM)
-#ifndef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION
 static int test_RsaSigFailure_cm(void)
 {
    EXPECT_DECLS;
@@ -48501,7 +48501,8 @@ static int test_EccSigFailure_cm(void)
 #endif /* HAVE_ECC */
    return EXPECT_RESULT();
 }
-#endif
+#endif /* !NO_FILESYSTEM */
+#endif /* !WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION*/
 #endif /* !NO_FILESYSTEM */
 #endif /* NO_CERTS */

@@ -57928,6 +57929,7 @@ static int test_wolfSSL_dtls_stateless(void)
        * HAVE_IO_TESTS_DEPENDENCIES && !SINGLE_THREADED */

 #ifdef HAVE_CERT_CHAIN_VALIDATION
+#ifndef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION
 static int load_ca_into_cm(WOLFSSL_CERT_MANAGER* cm, char* certA)
 {
    int ret;
@@ -58106,7 +58108,6 @@ static int test_chainJ(WOLFSSL_CERT_MANAGER* cm)
    return ret;
 }

-#ifndef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION
 static int test_various_pathlen_chains(void)
 {
    EXPECT_DECLS;
@@ -66927,6 +66928,7 @@ static int test_get_signature_nid(void)
    return EXPECT_RESULT();
 }

+#ifndef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION
 #if !defined(NO_CERTS) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
 static word32 test_tls_cert_store_unchanged_HashCaTable(Signer** caTable)
 {
@@ -67017,7 +67019,6 @@ static int test_tls_cert_store_unchanged_ssl_ready(WOLFSSL* ssl)
 }
 #endif

-#ifndef WOLFSSL_TEST_NATIVE_CERT_VALIDATION
 static int test_tls_cert_store_unchanged(void)
 {
    EXPECT_DECLS;
@@ -67074,7 +67075,7 @@ static int test_tls_cert_store_unchanged(void)
 #endif
    return EXPECT_RESULT();
 }
-#endif
+#endif /* !WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION */

 static int test_wolfSSL_SendUserCanceled(void)
 {
@@ -68502,7 +68503,9 @@ TEST_CASE testCases[] = {
    TEST_DECL(test_write_dup),
    TEST_DECL(test_read_write_hs),
    TEST_DECL(test_get_signature_nid),
+#ifndef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION
    TEST_DECL(test_tls_cert_store_unchanged),
+#endif
    TEST_DECL(test_wolfSSL_SendUserCanceled),
    TEST_DECL(test_wolfSSL_SSLDisableRead),
    TEST_DECL(test_wolfSSL_inject),