diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-04-03 17:38:24 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-04-03 17:38:29 +0200 |
commit | ed096d0b6968858213e93286cecf88ae7bb705af (patch) | |
tree | dd3134def19a026ca01297174318404e4c7a10db /tests/chainverify.c | |
parent | 72a7b8e63f76c7f2faf482bdbf4e740b82a1fae9 (diff) | |
download | gnutls-ed096d0b6968858213e93286cecf88ae7bb705af.tar.gz |
the chainverify test ensures that there is no diverge between different verification functions.
Diffstat (limited to 'tests/chainverify.c')
-rw-r--r-- | tests/chainverify.c | 36 |
1 files changed, 35 insertions, 1 deletions
diff --git a/tests/chainverify.c b/tests/chainverify.c index 963c8ddc6b..c95ae4323f 100644 --- a/tests/chainverify.c +++ b/tests/chainverify.c @@ -1308,7 +1308,8 @@ void doit(void) gnutls_global_set_log_level(4711); for (i = 0; chains[i].chain; i++) { - unsigned int verify_status; + gnutls_x509_trust_list_t tl; + unsigned int verify_status, verify_status1; gnutls_x509_crt_t certs[4]; gnutls_x509_crt_t ca; gnutls_datum_t tmp; @@ -1428,6 +1429,39 @@ void doit(void) exit(1); } else if (debug) printf("done\n"); + + gnutls_x509_trust_list_init(&tl, 0); + + ret = + gnutls_x509_trust_list_add_cas(tl, &ca, 1, 0); + if (ret != 1) { + fail("gnutls_x509_trust_list_add_trust_mem\n"); + exit(1); + } + + /* make sure that the two functions don't diverge */ + ret = gnutls_x509_trust_list_verify_crt(tl, certs, j, chains[i].verify_flags, + &verify_status1, NULL); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_crt_list_verify[%d,%d]: %s\n", + (int) i, (int) j, gnutls_strerror(ret)); + exit(1); + } + + if (verify_status != verify_status1) { + gnutls_datum_t out1, out2; + gnutls_certificate_verification_status_print + (verify_status, GNUTLS_CRT_X509, &out1, 0); + gnutls_certificate_verification_status_print(verify_status1, + GNUTLS_CRT_X509, + &out2, + 0); + fail("chain[%s]:\nverify_status: %d: %s\ntrust list vstatus: %d: %s\n", chains[i].name, verify_status, out1.data, verify_status1, out2.data); + gnutls_free(out1.data); + gnutls_free(out2.data); + } + if (debug) printf("\tCleanup..."); |