Verisign CA v1 cert has expired! Change expected results.

Also test expiration code more.

1 files changed, 7 insertions, 1 deletions

diff --git a/tests/chainverify.c b/tests/chainverify.c
index 7b0ba9f730..1595b5e84b 100644
--- a/tests/chainverify.c
+++ b/tests/chainverify.c
@@ -671,10 +671,16 @@ static struct
     0, GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID },
   { "verisign.com v1 fail", verisign_com_chain, &verisign_com_chain[3],
     0, GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID },
+  { "verisign.com v1 fail2", verisign_com_chain, &verisign_com_chain[3],
+    GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT,
+    GNUTLS_CERT_EXPIRED | GNUTLS_CERT_INVALID },
   { "verisign.com v1 ok", verisign_com_chain, &verisign_com_chain[3],
-    GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT, 0 },
+    GNUTLS_VERIFY_DISABLE_TIME_CHECKS | GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT,
+    0 },
   { "citibank.com v1 fail", citibank_com_chain, &citibank_com_chain[2],
     0, GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID },
+  { "expired self signed", pem_self_cert, &pem_self_cert[0],
+    0, GNUTLS_CERT_EXPIRED | GNUTLS_CERT_INVALID },
   { "self signed", pem_self_cert, &pem_self_cert[0],
     GNUTLS_VERIFY_DISABLE_TIME_CHECKS, 0 },
   { "ca=false", thea_chain, &thea_chain[1],