tests: mini-x509: include the legacy verification functions into the check

1 files changed, 72 insertions, 108 deletions

diff --git a/tests/mini-x509.c b/tests/mini-x509.c
index 6ec431f25b..389860d2f4 100644
--- a/tests/mini-x509.c
+++ b/tests/mini-x509.c
@@ -31,6 +31,7 @@
 #include <gnutls/gnutls.h>
 #include "utils.h"
 #include "eagain-common.h"
+#include "cert-common.h"
 
 const char *side;
 
@@ -39,106 +40,15 @@ static void tls_log_func(int level, const char *str)
 	fprintf(stderr, "%s|<%d>| %s", side, level, str);
 }
 
-static unsigned char ca_cert_pem[] =
-"-----BEGIN CERTIFICATE-----\n"
-"MIIC4DCCAcigAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n"
-"MCIYDzIwMTQwNDA0MTk1OTA1WhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n"
-"BENBLTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD46JAPKrTsNTHl\n"
-"zD06eIYBF/8Z+TR0wukp9Cdh8Sw77dODLjy/QrVKiDgDZZdyUc8Agsdr86i95O0p\n"
-"w19Np3a0wja0VC9uwppZrpuHsrWukwxIBXoViyBc20Y6Ce8j0scCbR10SP565qXC\n"
-"i8vr86S4xmQMRZMtwohP/GWQzt45jqkHPYHjdKzwo2b2XI7joDq0dvbr3MSONkGs\n"
-"z7A/1Bl3iH5keDTWjqpJRWqXE79IhGOhELy+gG4VLJDGHWCr2mq24b9Kirp+TTxl\n"
-"lUwJRbchqUqerlFdt1NgDoGaJyd73Sh0qcZzmEiOI2hGvBtG86tdQ6veC9dl05et\n"
-"pM+6RMABAgMBAAGjQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcE\n"
-"ADAdBgNVHQ4EFgQUGD0RYr2H7kfjQUcBMxSTCDQnhu0wDQYJKoZIhvcNAQELBQAD\n"
-"ggEBALnHMubZ6WJ/XOFyDuo0imwg2onrPas3MuKT4+y0aHY943BgAOEc3jKitRjc\n"
-"qhb0IUD+NS7itRwNtCgI3v5Ym5nnQoVk+aOD/D724TjJ9XaPQJzOnuGaZX99VN2F\n"
-"sgwAtDXedlDQ+I6KLzLd6VW+UyWTG4qiRjOGDnG2kM1wAEOM27TzHV/YWleGjhtA\n"
-"bRHxkioOni5goNlTzazxF4v9VD2uinWrIFyZmF6vQuMm6rKFgq6higAU8uesFo7+\n"
-"3qpeRjNrPC4fNJUBvv+PC0WnP0PLnD/rY/ZcTYjLb/vJp1fiMJ5fU7jJklBhX2TE\n"
-"tstcP7FUV5HA/s9BxgAh0Z2wyyY=\n"
-"-----END CERTIFICATE-----\n";
-
-const gnutls_datum_t ca_cert = { ca_cert_pem,
-	sizeof(ca_cert_pem)
-};
-
-static unsigned char server_cert_pem[] =
-"-----BEGIN CERTIFICATE-----\n"
-"MIIDIzCCAgugAwIBAgIMUz8PCR2sdRK56V6OMA0GCSqGSIb3DQEBCwUAMA8xDTAL\n"
-"BgNVBAMTBENBLTEwIhgPMjAxNDA0MDQxOTU5MDVaGA85OTk5MTIzMTIzNTk1OVow\n"
-"EzERMA8GA1UEAxMIc2VydmVyLTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n"
-"AoIBAQDZ3dCzh9gOTOiOb2dtrPu91fYYgC/ey0ACYjQxaru7FZwnuXPhQK9KHsIV\n"
-"YRIyo49wjKZddkHet2sbpFAAeETZh8UUWLRb/mupyaSJMycaYCNjLZCUJTztvXxJ\n"
-"CCNfbtgvKC+Vu1mu94KBPatslgvnsamH7AiL5wmwRRqdH/Z93XaEvuRG6Zk0Sh9q\n"
-"ZMdCboGfjtmGEJ1V+z5CR+IyH4sckzd8WJW6wBSEwgliGaXnc75xKtFWBZV2njNr\n"
-"8V1TOYOdLEbiF4wduVExL5TKq2ywNkRpUfK2I1BcWS5D9Te/QT7aSdE08rL6ztmZ\n"
-"IhILSrMOfoLnJ4lzXspz3XLlEuhnAgMBAAGjdzB1MAwGA1UdEwEB/wQCMAAwFAYD\n"
-"VR0RBA0wC4IJbG9jYWxob3N0MA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFJXR\n"
-"raRS5MVhEqaRE42A3S2BIj7UMB8GA1UdIwQYMBaAFP6S7AyMRO2RfkANgo8YsCl8\n"
-"JfJkMA0GCSqGSIb3DQEBCwUAA4IBAQCQ62+skMVZYrGbpab8RI9IG6xH8kEndvFj\n"
-"J7wBBZCOlcjOj+HQ7a2buF5zGKRwAOSznKcmvZ7l5DPdsd0t5/VT9LKSbQ6+CfGr\n"
-"Xs5qPaDJnRhZkOILCvXJ9qyO+79WNMsg9pWnxkTK7aWR5OYE+1Qw1jG681HMkWTm\n"
-"nt7et9bdiNNpvA+L55569XKbdtJLs3hn5gEQFgS7EaEj59aC4vzSTFcidowCoa43\n"
-"7JmfSfC9YaAIFH2vriyU0QNf2y7cG5Hpkge+U7uMzQrsT77Q3SDB9WkyPAFNSB4Q\n"
-"B/r+OtZXOnQhLlMV7h4XGlWruFEaOBVjFHSdMGUh+DtaLvd1bVXI\n"
-"-----END CERTIFICATE-----\n"
-"-----BEGIN CERTIFICATE-----\n"
-"MIIDATCCAemgAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n"
-"MCIYDzIwMTQwNDA0MTk1OTA1WhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n"
-"BENBLTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDvhyQfsUm3T0xK\n"
-"jiBXO3H6Y27b7lmCRYZQCmXCl2sUsGDL7V9biavTt3+sorWtH542/cTGDh5n8591\n"
-"7rVxAB/VASmN55O3fjZyFGrjusjhXBla0Yxe5rZ/7/Pjrq84T7gc/IXiX9Sums/c\n"
-"o9AeoykfhsjV2ubhh4h+8uPsHDTcAFTxq3mQaoldwnW2nmjDFzaKLtQdnyFf41o6\n"
-"nsJCK/J9PtpdCID5Zb+eQfu5Yhk1iUHe8a9TOstCHtgBq61YzufDHUQk3zsT+VZM\n"
-"20lDvSBnHdWLjxoea587JbkvtH8xRR8ThwABSb98qPnhJ8+A7mpO89QO1wxZM85A\n"
-"xEweQlMHAgMBAAGjZDBiMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcE\n"
-"ADAdBgNVHQ4EFgQU/pLsDIxE7ZF+QA2CjxiwKXwl8mQwHwYDVR0jBBgwFoAUGD0R\n"
-"Yr2H7kfjQUcBMxSTCDQnhu0wDQYJKoZIhvcNAQELBQADggEBANEXLUV+Z1PGTn7M\n"
-"3rPT/m/EamcrZJ3vFWrnfN91ws5llyRUKNhx6222HECh3xRSxH9YJONsbv2zY6sd\n"
-"ztY7lvckL4xOgWAjoCVTx3hqbZjDxpLRsvraw1PlqBHlRQVWLKlEQ55+tId2zgMX\n"
-"Z+wxM7FlU/6yWVPODIxrqYQd2KqaEp4aLIklw6Hi4HD6DnQJikjsJ6Noe0qyX1Tx\n"
-"uZ8mgP/G47Fe2d2H29kJ1iJ6hp1XOqyWrVIh/jONcnTvWS8aMqS3MU0EJH2Pb1Qa\n"
-"KGIvbd/3H9LykFTP/b7Imdv2fZxXIK8jC+jbF1w6rdBCVNA0p30X/jonoC3vynEK\n"
-"5cK0cgs=\n"
-"-----END CERTIFICATE-----\n";
-
-const gnutls_datum_t server_cert = { server_cert_pem,
-	sizeof(server_cert_pem)
-};
-
-static unsigned char server_key_pem[] =
-"-----BEGIN RSA PRIVATE KEY-----\n"
-"MIIEpQIBAAKCAQEA2d3Qs4fYDkzojm9nbaz7vdX2GIAv3stAAmI0MWq7uxWcJ7lz\n"
-"4UCvSh7CFWESMqOPcIymXXZB3rdrG6RQAHhE2YfFFFi0W/5rqcmkiTMnGmAjYy2Q\n"
-"lCU87b18SQgjX27YLygvlbtZrveCgT2rbJYL57Gph+wIi+cJsEUanR/2fd12hL7k\n"
-"RumZNEofamTHQm6Bn47ZhhCdVfs+QkfiMh+LHJM3fFiVusAUhMIJYhml53O+cSrR\n"
-"VgWVdp4za/FdUzmDnSxG4heMHblRMS+UyqtssDZEaVHytiNQXFkuQ/U3v0E+2knR\n"
-"NPKy+s7ZmSISC0qzDn6C5yeJc17Kc91y5RLoZwIDAQABAoIBAQCRXAu5HPOsZufq\n"
-"0K2DYZz9BdqSckR+M8HbVUZZiksDAeIUJwoHyi6qF2eK+B86JiK4Bz+gsBw2ys3t\n"
-"vW2bQqM9N/boIl8D2fZfbCgZWkXGtUonC+mgzk+el4Rq/cEMFVqr6/YDwuKNeJpc\n"
-"PJc5dcsvpTvlcjgpj9bJAvJEz2SYiIUpvtG4WNMGGapVZZPDvWn4/isY+75T5oDf\n"
-"1X5jG0lN9uoUjcuGuThN7gxjwlRkcvEOPHjXc6rxfrWIDdiz/91V46PwpqVDpRrg\n"
-"ig6U7+ckS0Oy2v32x0DaDhwAfDJ2RNc9az6Z+11lmY3LPkjG/p8Klcmgvt4/lwkD\n"
-"OYRC5QGRAoGBAPFdud6nmVt9h1DL0o4R6snm6P3K81Ds765VWVmpzJkK3+bwe4PQ\n"
-"GQQ0I0zN4hXkDMwHETS+EVWllqkK/d4dsE3volYtyTti8zthIATlgSEJ81x/ChAQ\n"
-"vvXxgx+zPUnb1mUwy+X+6urTHe4bxN2ypg6ROIUmT+Hx1ITG40LRRiPTAoGBAOcT\n"
-"WR8DTrj42xbxAUpz9vxJ15ZMwuIpk3ShE6+CWqvaXHF22Ju4WFwRNlW2zVLH6UMt\n"
-"nNfOzyDoryoiu0+0mg0wSmgdJbtCSHoI2GeiAnjGn5i8flQlPQ8bdwwmU6g6I/EU\n"
-"QRbGK/2XLmlrGN52gVy9UX0NsAA5fEOsAJiFj1CdAoGBAN9i3nbq6O2bNVSa/8mL\n"
-"XaD1vGe/oQgh8gaIaYSpuXlfbjCAG+C4BZ81XgJkfj3CbfGbDNqimsqI0fKsAJ/F\n"
-"HHpVMgrOn3L+Np2bW5YMj0Fzwy+1SCvsQ8C+gJwjOLMV6syGp/+6udMSB55rRv3k\n"
-"rPnIf+YDumUke4tTw9wAcgkPAoGASHMkiji7QfuklbjSsslRMyDj21gN8mMevH6U\n"
-"cX7pduBsA5dDqu9NpPAwnQdHsSDE3i868d8BykuqQAfLut3hPylY6vPYlLHfj4Oe\n"
-"dj+xjrSX7YeMBE34qvfth32s1R4FjtzO25keyc/Q2XSew4FcZftlxVO5Txi3AXC4\n"
-"bxnRKXECgYEAva+og7/rK+ZjboJVNxhFrwHp9bXhz4tzrUaWNvJD2vKJ5ZcThHcX\n"
-"zCig8W7eXHLPLDhi9aWZ3kUZ1RLhrFc/6dujtVtU9z2w1tmn1I+4Zi6D6L4DzKdg\n"
-"nMRLFoXufs/qoaJTqa8sQvKa+ceJAF04+gGtw617cuaZdZ3SYRLR2dk=\n"
-"-----END RSA PRIVATE KEY-----\n";
-
-const gnutls_datum_t server_key = { server_key_pem,
-	sizeof(server_key_pem)
-};
+static time_t mytime(time_t * t)
+{
+	time_t then = 1461671166;
+
+	if (t)
+		*t = then;
+
+	return then;
+}
 
 void doit(void)
 {
@@ -159,6 +69,8 @@ void doit(void)
 	if (debug)
 		gnutls_global_set_log_level(6);
 
+	gnutls_global_set_time_function(mytime);
+
 	/* Init server */
 	gnutls_certificate_allocate_credentials(&serverx509cred);
 	gnutls_certificate_set_x509_key_mem(serverx509cred,
@@ -215,7 +127,7 @@ void doit(void)
 		}
 	}
 
-	/* check the number of certificates received */
+	/* check the number of certificates received and verify */
 	{
 		unsigned cert_list_size = 0;
 		gnutls_typed_vdata_st data[2];
@@ -231,18 +143,18 @@ void doit(void)
 
 		gnutls_certificate_get_peers(client, &cert_list_size);
 		if (cert_list_size < 2) {
-			fprintf(stderr, "received a certificate list of %d!\n", cert_list_size);
+			fail("received a certificate list of %d!\n", cert_list_size);
 			exit(1);
 		}
 
 		ret = gnutls_certificate_verify_peers(client, data, 2, &status);
 		if (ret < 0) {
-			fprintf(stderr, "could not verify certificate: %s\n", gnutls_strerror(ret));
+			fail("could not verify certificate: %s\n", gnutls_strerror(ret));
 			exit(1);
 		}
 
 		if (status == 0) {
-			fprintf(stderr, "should not have accepted!\n");
+			fail("should not have accepted!\n");
 			exit(1);
 		}
 
@@ -251,25 +163,77 @@ void doit(void)
 
 		ret = gnutls_certificate_verify_peers(client, data, 2, &status);
 		if (ret < 0) {
-			fprintf(stderr, "could not verify certificate: %s\n", gnutls_strerror(ret));
+			fail("could not verify certificate: %s\n", gnutls_strerror(ret));
+			exit(1);
+		}
+
+		if (status != 0) {
+			fail("could not verify certificate: %.4x\n", status);
+			exit(1);
+		}
+
+		/* check gnutls_certificate_verify_peers3 */
+		ret = gnutls_certificate_verify_peers3(client, "localhost1", &status);
+		if (ret < 0) {
+			fail("could not verify certificate: %s\n", gnutls_strerror(ret));
+			exit(1);
+		}
+
+		if (status == 0) {
+			fail("should not have accepted!\n");
+			exit(1);
+		}
+
+		ret = gnutls_certificate_verify_peers3(client, "localhost", &status);
+		if (ret < 0) {
+			fail("could not verify certificate: %s\n", gnutls_strerror(ret));
+			exit(1);
+		}
+
+		if (status != 0) {
+			fail("could not verify certificate: %.4x\n", status);
+			exit(1);
+		}
+
+		/* check gnutls_certificate_verify_peers2 */
+		ret = gnutls_certificate_verify_peers2(client, &status);
+		if (ret < 0) {
+			fail("could not verify certificate: %s\n", gnutls_strerror(ret));
 			exit(1);
 		}
 
 		if (status != 0) {
-			fprintf(stderr, "could not verify certificate: %.4x\n", status);
+			fail("could not verify certificate: %.4x\n", status);
 			exit(1);
 		}
 	}
 
+	{
+		/* check the expiration and activation time legacy functions */
+		time_t t;
+
+		t = gnutls_certificate_activation_time_peers(client);
+		if (t != 1396641545) {
+			fail("unexpected activation time: %lu\n", (long unsigned)t);
+		}
+
+		if (sizeof(time_t) >= 4) {
+			t = gnutls_certificate_expiration_time_peers(client);
+			if (t != (time_t)253402300799UL) {
+				fail("unexpected expiration time: %lu\n", (long unsigned)t);
+			}
+		}
+	}
+
 	ret = gnutls_session_ext_master_secret_status(client);
 	if (ret != 1) {
-		fprintf(stderr, "Extended master secret wasn't negotiated by default (client ret: %d)\n", ret);
+		fail("Extended master secret wasn't negotiated by default (client ret: %d)\n", ret);
 		exit(1);
 	}
 
 	ret = gnutls_session_ext_master_secret_status(server);
 	if (ret != 1) {
-		fprintf(stderr, "Extended master secret wasn't negotiated by default (server ret: %d)\n", ret);
+		fail("Extended master secret wasn't negotiated by default (server ret: %d)\n", ret);
 		exit(1);
 	}