diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-06-07 10:05:50 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-07-17 17:08:01 +0200 |
commit | d3b07f1a2700cc19c82dc7671cdbde112cc4b00e (patch) | |
tree | a50f3c2e1fd922eeaeaf43e7110c2e69d3e1ead3 | |
parent | 14591c7e2e5390ce3043a8d74291b7a1ddaf91e9 (diff) | |
download | gnutls-d3b07f1a2700cc19c82dc7671cdbde112cc4b00e.tar.gz |
tests: added check on Ed25519 chain verification
This chain was generated using certtool, and passed verification
with OpenSSL's implementation (commit: db0f35dda18403accabe98e7780f3dfc516f49de)
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | tests/cert-tests/Makefile.am | 2 | ||||
-rwxr-xr-x | tests/cert-tests/certtool-eddsa | 18 | ||||
-rw-r--r-- | tests/cert-tests/data/chain-eddsa.pem | 18 |
3 files changed, 35 insertions, 3 deletions
diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am index 7b630f48f5..c04b42685f 100644 --- a/tests/cert-tests/Makefile.am +++ b/tests/cert-tests/Makefile.am @@ -72,7 +72,7 @@ EXTRA_DIST = data/ca-no-pathlen.pem data/no-ca-or-pathlen.pem data/aki-cert.pem data/pkcs7.smime data/invalid-date-hour.der data/invalid-date-mins.der \ data/invalid-date-secs.der data/invalid-date-month.der data/invalid-date-day.der \ data/mem-leak.p12 data/alt-chain-new-ca.pem data/alt-chain-old-ca.pem \ - data/alt-chain.pem data/pkcs7-chain.pem data/pkcs7-chain-root.pem \ + data/alt-chain.pem data/pkcs7-chain.pem data/pkcs7-chain-root.pem data/chain-eddsa.pem \ data/pkcs7-chain-endcert-key.pem data/cert-rsa-pss.pem data/openssl-invalid-time-format.pem \ data/cert-eddsa.pem data/pubkey-eddsa.pem data/pkcs7-eddsa-sig.p7s diff --git a/tests/cert-tests/certtool-eddsa b/tests/cert-tests/certtool-eddsa index 1a9661a520..8b2714dcde 100755 --- a/tests/cert-tests/certtool-eddsa +++ b/tests/cert-tests/certtool-eddsa @@ -38,6 +38,7 @@ if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then exit 77 fi + # Test certificate in draft-ietf-curdle-pkix-04 ${VALGRIND} "${CERTTOOL}" -i --infile "${srcdir}/data/cert-eddsa.pem" --outfile "${TMPFILE}" rc=$? @@ -126,9 +127,22 @@ if test "${rc}" != "0"; then exit 1 fi - - rm -f "${TMPFILE}" rm -f "${KEYFILE}" + +. ${srcdir}/../scripts/common.sh +check_for_datefudge + +# Test certificate chain using Ed25519 +datefudge "2017-7-6" \ +${VALGRIND} "${CERTTOOL}" --verify-chain --infile ${srcdir}/data/chain-eddsa.pem +rc=$? + +if test "${rc}" != "0"; then + echo "There was an issue verifying the Ed25519 chain" + exit 1 +fi + + exit 0 diff --git a/tests/cert-tests/data/chain-eddsa.pem b/tests/cert-tests/data/chain-eddsa.pem new file mode 100644 index 0000000000..7ec3c7d511 --- /dev/null +++ b/tests/cert-tests/data/chain-eddsa.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIBVTCCAQegAwIBAgIMWTey0hmzf1cwE8cgMAUGAytlcDAPMQ0wCwYDVQQDEwRD +QS0wMCAXDTE3MDYwNzA4MDEyMloYDzk5OTkxMjMxMjM1OTU5WjATMREwDwYDVQQD +EwhzZXJ2ZXItMTAqMAUGAytlcAMhAF3ZEMxi347Ou63o6HwHrpUhncqfgLzhINGJ +CnjZaQV0o3cwdTAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDAP +BgNVHQ8BAf8EBQMDB4AAMB0GA1UdDgQWBBR20C3eeH0drMbAVG6WD7GLs5frmTAf +BgNVHSMEGDAWgBQAUYZc7T7EeTn8/8kePVPQLtbgnjAFBgMrZXADQQBPnuU/zF0X +QKj9JXs6+L9Gftp8w6mVIaCGY889MlL0moWofP25xciTRyT+2jK7zLOO7e0JRd05 +ZkncSAOOnPwB +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBHDCBz6ADAgECAgxZN7LSFuPNiCPnfi4wBQYDK2VwMA8xDTALBgNVBAMTBENB +LTAwIBcNMTcwNjA3MDgwMTIyWhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT +BENBLTAwKjAFBgMrZXADIQBSw/TcTaKk/YxoN+9IG7qtBwppX22yPDsjfYgas1x5 +oKNDMEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwYAMB0GA1UdDgQW +BBQAUYZc7T7EeTn8/8kePVPQLtbgnjAFBgMrZXADQQDbWwqI9Tz/74Dl7FkpbH/c +JntRKnYF9KWVuFmLq+5VTmRnEUsKeS/tIZUcSB8xh3yISoMqC87KA2hRQHKmuSQJ +-----END CERTIFICATE----- |