1 files changed, 24 insertions, 0 deletions
diff --git a/Swiften/QA/TLSTest/CertificateTest.cpp b/Swiften/QA/TLSTest/CertificateTest.cpp
index 624d953..463ef9e 100644
--- a/Swiften/QA/TLSTest/CertificateTest.cpp
+++ b/Swiften/QA/TLSTest/CertificateTest.cpp
@@ -29,18 +29,19 @@ class CertificateTest : public CppUnit::TestFixture {
         CPPUNIT_TEST(testConstructFromDER);
         CPPUNIT_TEST(testToDER);
         //CPPUNIT_TEST(testGetSubjectName);
         CPPUNIT_TEST(testGetCommonNames);
         CPPUNIT_TEST(testGetSRVNames);
         CPPUNIT_TEST(testGetDNSNames);
         CPPUNIT_TEST(testGetXMPPAddresses);
         CPPUNIT_TEST(testCreateCertificateChain);
         CPPUNIT_TEST(testCreateTlsContext);
+        CPPUNIT_TEST(testCreateTlsContextDisableSystemTAs);
         CPPUNIT_TEST_SUITE_END();
 
     public:
         void setUp() {
             pathProvider = std::make_unique<PlatformApplicationPathProvider>("FileReadBytestreamTest");
             readByteArrayFromFile(certificateData, (pathProvider->getExecutableDir() / "jabber_org.crt"));
             readByteArrayFromFile(chainData, (pathProvider->getExecutableDir() / "certificateChain.pem"));
             readByteArrayFromFile(keyData, (pathProvider->getExecutableDir() / "privateKey.pem"));
             certificateFactory = std::unique_ptr<CertificateFactory>(new CERTIFICATE_FACTORY());
@@ -124,18 +125,41 @@ class CertificateTest : public CppUnit::TestFixture {
             CPPUNIT_ASSERT(key);
 
             const TLSOptions options;
             auto context = tlsContextFactory_->createTLSContext(options, TLSContext::Mode::Server);
             CPPUNIT_ASSERT(context);
 
             context->setCertificateChain(chain);
             context->setPrivateKey(key);
         }
+
+    /**
+     * This test does not actually verify that use of system TAs has been disabled, it just provides
+     * a convenient mechanism for testing via a debugger.
+     **/
+        void testCreateTlsContextDisableSystemTAs() {
+            // Create 2-certificate chain as in previous test
+            std::vector<std::shared_ptr<Certificate>> chain = certificateFactory->createCertificateChain(chainData);
+            CPPUNIT_ASSERT_EQUAL(2,static_cast<int>(chain.size()));
+
+            // Load private key from string
+            PrivateKey::ref key = certificateFactory->createPrivateKey(Swift::createSafeByteArray(keyData));
+            CPPUNIT_ASSERT(key);
+
+            // Turn off use of system TAs
+            TLSOptions options;
+            options.ignoreSystemTrustAnchors = true;
+            auto context = tlsContextFactory_->createTLSContext(options, TLSContext::Mode::Server);
+            CPPUNIT_ASSERT(context);
+
+            context->setCertificateChain(chain);
+            context->setPrivateKey(key);
+        }
     private:
         std::unique_ptr<PlatformApplicationPathProvider> pathProvider;
         ByteArray certificateData;
         ByteArray chainData;
         ByteArray keyData;
         std::unique_ptr<CertificateFactory> certificateFactory;
         TLSContextFactory* tlsContextFactory_;
 };