1 files changed, 20 insertions, 0 deletions
diff --git a/Swiften/TLS/UnitTest/ServerIdentityVerifierTest.cpp b/Swiften/TLS/UnitTest/ServerIdentityVerifierTest.cpp
index 30fe423..7379b69 100644
--- a/Swiften/TLS/UnitTest/ServerIdentityVerifierTest.cpp
+++ b/Swiften/TLS/UnitTest/ServerIdentityVerifierTest.cpp
@@ -29,18 +29,20 @@ class ServerIdentityVerifierTest : public CppUnit::TestFixture {
         CPPUNIT_TEST(testCertificateVerifies_WithMatchingSRVNameWithoutService);
         CPPUNIT_TEST(testCertificateVerifies_WithMatchingSRVNameWithService);
         CPPUNIT_TEST(testCertificateVerifies_WithMatchingSRVNameWithServiceAndWildcard);
         CPPUNIT_TEST(testCertificateVerifies_WithMatchingSRVNameWithDifferentService);
         CPPUNIT_TEST(testCertificateVerifies_WithMatchingXmppAddr);
         CPPUNIT_TEST(testCertificateVerifies_WithMatchingXmppAddrWithWildcard);
         CPPUNIT_TEST(testCertificateVerifies_WithMatchingInternationalXmppAddr);
         CPPUNIT_TEST(testCertificateVerifies_WithMatchingCNWithoutSAN);
         CPPUNIT_TEST(testCertificateVerifies_WithMatchingCNWithSAN);
+        CPPUNIT_TEST(testCertificateVerifies_WithMatchingSRVNameWithServerExpected);
+        CPPUNIT_TEST(testCertificateVerifies_WithMatchingSRVNameWithClientUnexpected);
         CPPUNIT_TEST_SUITE_END();
 
     public:
         void setUp() {
             idnConverter = std::shared_ptr<IDNConverter>(PlatformIDNConverter::create());
         }
 
         void testCertificateVerifies_WithoutMatchingDNSName() {
             ServerIdentityVerifier testling(JID("foo@bar.com/baz"), idnConverter.get());
@@ -125,18 +127,36 @@ class ServerIdentityVerifierTest : public CppUnit::TestFixture {
 
         void testCertificateVerifies_WithMatchingSRVNameWithDifferentService() {
             ServerIdentityVerifier testling(JID("foo@bar.com/baz"), idnConverter.get());
             SimpleCertificate::ref certificate(new SimpleCertificate());
             certificate->addSRVName("_xmpp-server.bar.com");
 
             CPPUNIT_ASSERT(!testling.certificateVerifies(certificate));
         }
 
+        void testCertificateVerifies_WithMatchingSRVNameWithServerExpected() {
+            // Server-mode test which gets cert with "xmpp-server" SRV name
+            ServerIdentityVerifier testling(JID("foo@bar.com/baz"), idnConverter.get(), true);
+            SimpleCertificate::ref certificate(new SimpleCertificate());
+            certificate->addSRVName("_xmpp-server.bar.com");
+
+            CPPUNIT_ASSERT(testling.certificateVerifies(certificate));
+        }
+
+        void testCertificateVerifies_WithMatchingSRVNameWithClientUnexpected() {
+            // Server-mode test which gets cert with "xmpp-client" SRV name
+            ServerIdentityVerifier testling(JID("foo@bar.com/baz"), idnConverter.get(), true);
+            SimpleCertificate::ref certificate(new SimpleCertificate());
+            certificate->addSRVName("_xmpp-client.bar.com");
+
+            CPPUNIT_ASSERT(!testling.certificateVerifies(certificate));
+        }
+
         void testCertificateVerifies_WithMatchingXmppAddr() {
             ServerIdentityVerifier testling(JID("foo@bar.com/baz"), idnConverter.get());
             SimpleCertificate::ref certificate(new SimpleCertificate());
             certificate->addXMPPAddress("bar.com");
 
             CPPUNIT_ASSERT(testling.certificateVerifies(certificate));
         }
 
         void testCertificateVerifies_WithMatchingXmppAddrWithWildcard() {