add apple test to github actions

rlm2002 · rlm2002 · commit 7c44f14e7751 · 2025-06-26T08:38:30.000-06:00
diff --git a/.github/workflows/macos-ancv.yml b/.github/workflows/macos-ancv.yml
@@ -0,0 +1,27 @@
+name: MacOS apple native cert validation tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  make_check:
+    strategy:
+      fail-fast: false
+    runs-on: macos-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 5
+    steps:
+      - name: Build and configure wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          configure: CFLAGS='-DWOLFSSL_APPLE_NATIVE_CERT_VALIDATION -DWOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION -DRSA_MIN_SIZE=2048 -DNO_WOLFSSL_CIPHER_SUITE_TEST'
+
diff --git a/src/internal.c b/src/internal.c
@@ -42857,6 +42857,8 @@ static int DisplaySecTrustError(CFErrorRef error, SecTrustRef trust)
     return 0;
 }
 
+#if defined(WOLFSSL_APPLE_NATIVE_CERT_VALIDATION) && \
+    defined (WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION)
 static int MaxValidityPeriodErrorOnly(CFErrorRef error)
 {
     int multiple = 0;
@@ -42896,7 +42898,7 @@ static int MaxValidityPeriodErrorOnly(CFErrorRef error)
     }
     return multiple;
 }
-
+#endif
 /*
  * Validates a chain of certificates using the Apple system trust APIs
  *
@@ -42999,7 +43001,7 @@ static int DoAppleNativeCertValidation(WOLFSSL*                   ssl,
                            code);
             DisplaySecTrustError(error, trust);
 
-#if WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION
+#ifdef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION
             /* TEST ONLY CODE:
              * wolfSSL API tests use a cert with a validity period that is too
              * long for the Apple system trust APIs
diff --git a/src/ssl_load.c b/src/ssl_load.c
@@ -46,7 +46,7 @@
 #if defined(HAVE_SECURITY_SECTRUSTSETTINGS_H)
 #include <Security/SecTrustSettings.h>
 #endif /* HAVE_SECURITY_SECTRUSTSETTINGS_H */
-#if WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION
+#ifdef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION
 #include <CoreFoundation/CoreFoundation.h>
 #endif /* WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION */
 #endif /* __APPLE__ */
diff --git a/tests/api.c b/tests/api.c
@@ -48373,6 +48373,7 @@ static int test_X509_LOOKUP_add_dir(void)
                    !defined(WOLFSSL_NO_CLIENT_AUTH)) && !defined(NO_FILESYSTEM)
 #if !defined(NO_RSA) || defined(HAVE_ECC)
 /* Use the Cert Manager(CM) API to generate the error ASN_SIG_CONFIRM_E */
+#ifndef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION
 static int verify_sig_cm(const char* ca, byte* cert_buf, size_t cert_sz,
     int type)
 {
@@ -48423,10 +48424,9 @@ static int verify_sig_cm(const char* ca, byte* cert_buf, size_t cert_sz,
 
     return ret;
 }
-#endif
+
 
 #if !defined(NO_FILESYSTEM)
-#ifndef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION
 static int test_RsaSigFailure_cm(void)
 {
     EXPECT_DECLS;
@@ -48501,7 +48501,8 @@ static int test_EccSigFailure_cm(void)
 #endif /* HAVE_ECC */
     return EXPECT_RESULT();
 }
-#endif
+#endif /* !NO_FILESYSTEM */
+#endif /* !WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION*/
 #endif /* !NO_FILESYSTEM */
 #endif /* NO_CERTS */
 
@@ -57928,6 +57929,7 @@ static int test_wolfSSL_dtls_stateless(void)
         * HAVE_IO_TESTS_DEPENDENCIES && !SINGLE_THREADED */
 
 #ifdef HAVE_CERT_CHAIN_VALIDATION
+#ifndef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION
 static int load_ca_into_cm(WOLFSSL_CERT_MANAGER* cm, char* certA)
 {
     int ret;
@@ -58106,7 +58108,6 @@ static int test_chainJ(WOLFSSL_CERT_MANAGER* cm)
     return ret;
 }
 
-#ifndef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION
 static int test_various_pathlen_chains(void)
 {
     EXPECT_DECLS;
@@ -66927,6 +66928,7 @@ static int test_get_signature_nid(void)
     return EXPECT_RESULT();
 }
 
+#ifndef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION
 #if !defined(NO_CERTS) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
 static word32 test_tls_cert_store_unchanged_HashCaTable(Signer** caTable)
 {
@@ -67017,7 +67019,6 @@ static int test_tls_cert_store_unchanged_ssl_ready(WOLFSSL* ssl)
 }
 #endif
 
-#ifndef WOLFSSL_TEST_NATIVE_CERT_VALIDATION
 static int test_tls_cert_store_unchanged(void)
 {
     EXPECT_DECLS;
@@ -67074,7 +67075,7 @@ static int test_tls_cert_store_unchanged(void)
 #endif
     return EXPECT_RESULT();
 }
-#endif
+#endif /* !WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION */
 
 static int test_wolfSSL_SendUserCanceled(void)
 {
@@ -68502,7 +68503,9 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_write_dup),
     TEST_DECL(test_read_write_hs),
     TEST_DECL(test_get_signature_nid),
+#ifndef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION
     TEST_DECL(test_tls_cert_store_unchanged),
+#endif
     TEST_DECL(test_wolfSSL_SendUserCanceled),
     TEST_DECL(test_wolfSSL_SSLDisableRead),
     TEST_DECL(test_wolfSSL_inject),

Original file line number	Diff line number	Diff line change
`@@ -42857,6 +42857,8 @@ static int DisplaySecTrustError(CFErrorRef error, SecTrustRef trust)`
`42857`	`42857`	`return 0;`
`42858`	`42858`	`}`
`42859`	`42859`
	`42860`	`+#if defined(WOLFSSL_APPLE_NATIVE_CERT_VALIDATION) && \`
	`42861`	`+ defined (WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION)`
`42860`	`42862`	`static int MaxValidityPeriodErrorOnly(CFErrorRef error)`
`42861`	`42863`	`{`
`42862`	`42864`	`int multiple = 0;`
`@@ -42896,7 +42898,7 @@ static int MaxValidityPeriodErrorOnly(CFErrorRef error)`
`42896`	`42898`	`}`
`42897`	`42899`	`return multiple;`
`42898`	`42900`	`}`
`42899`		`-`
	`42901`	`+#endif`
`42900`	`42902`	`/*`
`42901`	`42903`	`* Validates a chain of certificates using the Apple system trust APIs`
`42902`	`42904`	`*`
`@@ -42999,7 +43001,7 @@ static int DoAppleNativeCertValidation(WOLFSSL* ssl,`
`42999`	`43001`	`code);`
`43000`	`43002`	`DisplaySecTrustError(error, trust);`
`43001`	`43003`
`43002`		`-#if WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION`
	`43004`	`+#ifdef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION`
`43003`	`43005`	`/* TEST ONLY CODE:`
`43004`	`43006`	`* wolfSSL API tests use a cert with a validity period that is too`
`43005`	`43007`	`* long for the Apple system trust APIs`
Original file line number	Diff line number	Diff line change
`@@ -48373,6 +48373,7 @@ static int test_X509_LOOKUP_add_dir(void)`
`48373`	`48373`	`!defined(WOLFSSL_NO_CLIENT_AUTH)) && !defined(NO_FILESYSTEM)`
`48374`	`48374`	`#if !defined(NO_RSA) \|\| defined(HAVE_ECC)`
`48375`	`48375`	`/* Use the Cert Manager(CM) API to generate the error ASN_SIG_CONFIRM_E */`
	`48376`	`+#ifndef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION`
`48376`	`48377`	`static int verify_sig_cm(const char* ca, byte* cert_buf, size_t cert_sz,`
`48377`	`48378`	`int type)`
`48378`	`48379`	`{`
`@@ -48423,10 +48424,9 @@ static int verify_sig_cm(const char* ca, byte* cert_buf, size_t cert_sz,`
`48423`	`48424`
`48424`	`48425`	`return ret;`
`48425`	`48426`	`}`
`48426`		`-#endif`
	`48427`	`+`
`48427`	`48428`
`48428`	`48429`	`#if !defined(NO_FILESYSTEM)`
`48429`		`-#ifndef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION`
`48430`	`48430`	`static int test_RsaSigFailure_cm(void)`
`48431`	`48431`	`{`
`48432`	`48432`	`EXPECT_DECLS;`
`@@ -48501,7 +48501,8 @@ static int test_EccSigFailure_cm(void)`
`48501`	`48501`	`#endif /* HAVE_ECC */`
`48502`	`48502`	`return EXPECT_RESULT();`
`48503`	`48503`	`}`
`48504`		`-#endif`
	`48504`	`+#endif /* !NO_FILESYSTEM */`
	`48505`	`+#endif /* !WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION*/`
`48505`	`48506`	`#endif /* !NO_FILESYSTEM */`
`48506`	`48507`	`#endif /* NO_CERTS */`
`48507`	`48508`
`@@ -57928,6 +57929,7 @@ static int test_wolfSSL_dtls_stateless(void)`
`57928`	`57929`	`* HAVE_IO_TESTS_DEPENDENCIES && !SINGLE_THREADED */`
`57929`	`57930`
`57930`	`57931`	`#ifdef HAVE_CERT_CHAIN_VALIDATION`
	`57932`	`+#ifndef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION`
`57931`	`57933`	`static int load_ca_into_cm(WOLFSSL_CERT_MANAGER* cm, char* certA)`
`57932`	`57934`	`{`
`57933`	`57935`	`int ret;`
`@@ -58106,7 +58108,6 @@ static int test_chainJ(WOLFSSL_CERT_MANAGER* cm)`
`58106`	`58108`	`return ret;`
`58107`	`58109`	`}`
`58108`	`58110`
`58109`		`-#ifndef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION`
`58110`	`58111`	`static int test_various_pathlen_chains(void)`
`58111`	`58112`	`{`
`58112`	`58113`	`EXPECT_DECLS;`
`@@ -66927,6 +66928,7 @@ static int test_get_signature_nid(void)`
`66927`	`66928`	`return EXPECT_RESULT();`
`66928`	`66929`	`}`
`66929`	`66930`
	`66931`	`+#ifndef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION`
`66930`	`66932`	`#if !defined(NO_CERTS) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)`
`66931`	`66933`	`static word32 test_tls_cert_store_unchanged_HashCaTable(Signer** caTable)`
`66932`	`66934`	`{`
`@@ -67017,7 +67019,6 @@ static int test_tls_cert_store_unchanged_ssl_ready(WOLFSSL* ssl)`
`67017`	`67019`	`}`
`67018`	`67020`	`#endif`
`67019`	`67021`
`67020`		`-#ifndef WOLFSSL_TEST_NATIVE_CERT_VALIDATION`
`67021`	`67022`	`static int test_tls_cert_store_unchanged(void)`
`67022`	`67023`	`{`
`67023`	`67024`	`EXPECT_DECLS;`
`@@ -67074,7 +67075,7 @@ static int test_tls_cert_store_unchanged(void)`
`67074`	`67075`	`#endif`
`67075`	`67076`	`return EXPECT_RESULT();`
`67076`	`67077`	`}`
`67077`		`-#endif`
	`67078`	`+#endif /* !WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION */`
`67078`	`67079`
`67079`	`67080`	`static int test_wolfSSL_SendUserCanceled(void)`
`67080`	`67081`	`{`
`@@ -68502,7 +68503,9 @@ TEST_CASE testCases[] = {`
`68502`	`68503`	`TEST_DECL(test_write_dup),`
`68503`	`68504`	`TEST_DECL(test_read_write_hs),`
`68504`	`68505`	`TEST_DECL(test_get_signature_nid),`
	`68506`	`+#ifndef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION`
`68505`	`68507`	`TEST_DECL(test_tls_cert_store_unchanged),`
	`68508`	`+#endif`
`68506`	`68509`	`TEST_DECL(test_wolfSSL_SendUserCanceled),`
`68507`	`68510`	`TEST_DECL(test_wolfSSL_SSLDisableRead),`
`68508`	`68511`	`TEST_DECL(test_wolfSSL_inject),`