summaryrefslogtreecommitdiff
path: root/tests/chainverify.c
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@redhat.com>2014-04-03 17:38:24 +0200
committerNikos Mavrogiannopoulos <nmav@redhat.com>2014-04-03 17:38:29 +0200
commited096d0b6968858213e93286cecf88ae7bb705af (patch)
treedd3134def19a026ca01297174318404e4c7a10db /tests/chainverify.c
parent72a7b8e63f76c7f2faf482bdbf4e740b82a1fae9 (diff)
downloadgnutls-ed096d0b6968858213e93286cecf88ae7bb705af.tar.gz
the chainverify test ensures that there is no diverge between different verification functions.
Diffstat (limited to 'tests/chainverify.c')
-rw-r--r--tests/chainverify.c36
1 files changed, 35 insertions, 1 deletions
diff --git a/tests/chainverify.c b/tests/chainverify.c
index 963c8ddc6b..c95ae4323f 100644
--- a/tests/chainverify.c
+++ b/tests/chainverify.c
@@ -1308,7 +1308,8 @@ void doit(void)
gnutls_global_set_log_level(4711);
for (i = 0; chains[i].chain; i++) {
- unsigned int verify_status;
+ gnutls_x509_trust_list_t tl;
+ unsigned int verify_status, verify_status1;
gnutls_x509_crt_t certs[4];
gnutls_x509_crt_t ca;
gnutls_datum_t tmp;
@@ -1428,6 +1429,39 @@ void doit(void)
exit(1);
} else if (debug)
printf("done\n");
+
+ gnutls_x509_trust_list_init(&tl, 0);
+
+ ret =
+ gnutls_x509_trust_list_add_cas(tl, &ca, 1, 0);
+ if (ret != 1) {
+ fail("gnutls_x509_trust_list_add_trust_mem\n");
+ exit(1);
+ }
+
+ /* make sure that the two functions don't diverge */
+ ret = gnutls_x509_trust_list_verify_crt(tl, certs, j, chains[i].verify_flags,
+ &verify_status1, NULL);
+ if (ret < 0) {
+ fprintf(stderr,
+ "gnutls_x509_crt_list_verify[%d,%d]: %s\n",
+ (int) i, (int) j, gnutls_strerror(ret));
+ exit(1);
+ }
+
+ if (verify_status != verify_status1) {
+ gnutls_datum_t out1, out2;
+ gnutls_certificate_verification_status_print
+ (verify_status, GNUTLS_CRT_X509, &out1, 0);
+ gnutls_certificate_verification_status_print(verify_status1,
+ GNUTLS_CRT_X509,
+ &out2,
+ 0);
+ fail("chain[%s]:\nverify_status: %d: %s\ntrust list vstatus: %d: %s\n", chains[i].name, verify_status, out1.data, verify_status1, out2.data);
+ gnutls_free(out1.data);
+ gnutls_free(out2.data);
+ }
+
if (debug)
printf("\tCleanup...");