Added check with the invalid crq sent by Sean Burford

4 files changed, 48 insertions, 2 deletions

diff --git a/configure.ac b/configure.ac
index 49b6b5e6c0..21202b685a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -343,6 +343,7 @@ AC_ARG_ENABLE(non-suiteb-curves,
 if [ test "$enable_non_suiteb" = "yes" ];then
   AC_DEFINE([ENABLE_NON_SUITEB_CURVES], 1, [Enable all curves])
 fi
+AM_CONDITIONAL(ENABLE_NON_SUITEB_CURVES, test "$enable_non_suiteb" = "yes")
 
 AM_CONDITIONAL(ENABLE_SELF_CHECKS, test "$enable_self_checks" = "yes")
 if [ test "$enable_self_checks" = "yes" ];then
diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am
index 0d648f36d0..c1d165065a 100644
--- a/tests/cert-tests/Makefile.am
+++ b/tests/cert-tests/Makefile.am
@@ -27,12 +27,16 @@ EXTRA_DIST = ca-no-pathlen.pem no-ca-or-pathlen.pem aki-cert.pem \
 	template-overflow.tmpl template-overflow2.pem template-overflow2.tmpl \
 	template-date.tmpl template-date.pem template-dn-err.tmpl \
 	template-nc.tmpl template-nc.pem xmpp-othername.pem \
-	suppressions.valgrind
+	suppressions.valgrind csr-invalid.der
 
-dist_check_SCRIPTS = pathlen aki template-test pem-decoding dane
+dist_check_SCRIPTS = pathlen aki template-test pem-decoding dane crq
 
 TESTS = pathlen aki pem-decoding
 
+if ENABLE_NON_SUITEB_CURVES
+TESTS += crq
+endif
+
 if !WINDOWS
 TESTS += template-test
 endif
diff --git a/tests/cert-tests/crq b/tests/cert-tests/crq
new file mode 100755
index 0000000000..6deb5a49a6
--- /dev/null
+++ b/tests/cert-tests/crq
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+# Copyright (C) 2014 Red Hat, Inc.
+#
+# Author: Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+#set -e
+
+srcdir=${srcdir:-.}
+CERTTOOL=${CERTTOOL:-../../src/certtool$EXEEXT}
+DIFF=${DIFF:-diff}
+if ! test -z "${VALGRIND}";then
+VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15"
+fi
+
+$VALGRIND $CERTTOOL --inder --crq-info --infile $srcdir/crq-invalid.der >/dev/null 2>&1
+rc=$?
+
+# We're done.
+if test "$rc" != "1"; then
+  echo "Invalid crq decoding failed"
+  exit $rc
+fi
+
+exit 0
diff --git a/tests/cert-tests/csr-invalid.der b/tests/cert-tests/csr-invalid.der
new file mode 100644
index 0000000000..fb1e744ce9
--- /dev/null
+++ b/tests/cert-tests/csr-invalid.der