diff options
| author | Martin Ukrop <mukrop@redhat.com> | 2016-06-23 12:33:15 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-08-09 10:46:20 +0200 |
| commit | 25154fcff0f8ce5c0094e365920a2d7ce3bccdc9 (patch) | |
| tree | eced0677f423917658b9398cb07a3f0a21643793 | |
| parent | 41ed04c27fe6157f15fab7904f73a950e2691000 (diff) | |
| download | gnutls-25154fcff0f8ce5c0094e365920a2d7ce3bccdc9.tar.gz | |
tests: Add corner case tests for name constraints, improve doc
- Added corner case test suite for DNS name constraints.
- Documentation update in chain tests.
Signed-off-by: Martin Ukrop <mukrop@redhat.com>
| -rw-r--r-- | tests/name-constraints.c | 19 | ||||
| -rw-r--r-- | tests/test-chains.h | 7 |
2 files changed, 25 insertions, 1 deletions
diff --git a/tests/name-constraints.c b/tests/name-constraints.c index 455acd4374..64e82ad35d 100644 --- a/tests/name-constraints.c +++ b/tests/name-constraints.c @@ -307,6 +307,25 @@ void doit(void) gnutls_x509_name_constraints_deinit(nc); gnutls_x509_crt_deinit(crt); + /* 4: corner cases */ + + /* 4a: empty excluded name (works as wildcard) */ + + ret = gnutls_x509_name_constraints_init(&nc); + check_for_error(ret); + + set_name("", &name); + ret = gnutls_x509_name_constraints_add_excluded(nc, GNUTLS_SAN_DNSNAME, &name); + check_for_error(ret); + + set_name("example.net", &name); + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_DNSNAME, &name); + check_test_result(ret, NAME_REJECTED, &name); + + gnutls_x509_name_constraints_deinit(nc); + + // Test suite end. + if (debug) success("Test success.\n"); } diff --git a/tests/test-chains.h b/tests/test-chains.h index 42f02df740..72ca19dc4b 100644 --- a/tests/test-chains.h +++ b/tests/test-chains.h @@ -412,6 +412,7 @@ static const char *nc_bad0[] = { NULL }; +/* Name constraints: Empty excluded DNSname, empty Common name */ static const char *nc_bad1[] = { /* DNSname: localhost DNSname: www.example.com @@ -436,7 +437,8 @@ static const char *nc_bad1[] = { "nci6MKXViEdeHbPLcZe9+vzSSpFh5u/l47w+2B1oz7mndFFpxkw37zDaVH5yAFxK\n" "+5VijiKxH6nmniLUX8Zsv82YBaO0liNb2fOZopxQGQ==\n" "-----END CERTIFICATE-----\n", -/* Name Constraints (critical): (empty) */ +/* Name Constraints (critical): + * Excluded DNSname: (empty) */ "-----BEGIN CERTIFICATE-----\n" "MIIDFTCCAf2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" "MCIYDzIwMTQwODI2MTEwODUyWhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n" @@ -477,6 +479,7 @@ static const char *nc_bad1[] = { NULL }; +/* Name constraints: Multiple-level constraints, intersection empty */ static const char *nc_bad2[] = { /* DNSname: www.example.com */ "-----BEGIN CERTIFICATE-----\n" @@ -585,6 +588,7 @@ static const char *nc_bad2[] = { NULL }; +/* Name constraints: DNSname in excluded range */ static const char *nc_bad3[] = { /* CN=www.example.com */ "-----BEGIN CERTIFICATE-----\n" @@ -649,6 +653,7 @@ static const char *nc_bad3[] = { NULL }; +/* Name constraints: Multiple-level constraints, different subdomains */ static const char *nc_bad4[] = { /* DNSname: sub2.example.org */ "-----BEGIN CERTIFICATE-----\n" |