diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-02-17 09:56:24 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-02-17 09:57:06 +0100 |
commit | 1fe366c28e1d26a10630bafe207a0cf56bb8a276 (patch) | |
tree | e9e7cd38d32df9aaedc1911db8f6bce8cb33d6db /tests/cert-tests/cert-sanity | |
parent | 9e8b241aa6578c1fc5a6a140a1cb035a61ebd2e8 (diff) | |
download | gnutls-1fe366c28e1d26a10630bafe207a0cf56bb8a276.tar.gz |
tests: enhanced test suite to include invalid V1 certs
That is, added X.509v1 certificates with attributes that shouldn't
have been presented (valid for X.509v2 only).
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'tests/cert-tests/cert-sanity')
-rwxr-xr-x | tests/cert-tests/cert-sanity | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/tests/cert-tests/cert-sanity b/tests/cert-tests/cert-sanity new file mode 100755 index 0000000000..edcefe963c --- /dev/null +++ b/tests/cert-tests/cert-sanity @@ -0,0 +1,55 @@ +#!/bin/sh + +# Copyright (C) 2017 Red Hat, Inc. +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +#set -e + +srcdir="${srcdir:-.}" +CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" +DIFF="${DIFF:-diff -b -B}" + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" +fi + +# This checks whether invalid certificates are accepted + +${VALGRIND} "${CERTTOOL}" -i --infile "${srcdir}/data/x509-v1-with-sid.pem" +rc=$? + +if test "${rc}" != 1; then + echo "X509v1 certificate with subject unique ID was accepted" + exit 1 +fi + +${VALGRIND} "${CERTTOOL}" -i --infile "${srcdir}/data/x509-v1-with-iid.pem" +rc=$? + +if test "${rc}" != 1; then + echo "X509v1 certificate with issuer unique ID was accepted" + exit 1 +fi + + + +exit 0 |