diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-06-27 19:05:56 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-06-27 19:05:56 +0200 |
| commit | ee2457d4aedc3894c270634e043cf0e5b3f07a93 (patch) | |
| tree | 4af0fbc013ccd653007fac1d96ab1cd2a94bb9db /tests/chainverify.c | |
| parent | c077f98590689d6325916b3a6add67e8810984b3 (diff) | |
| download | gnutls-ee2457d4aedc3894c270634e043cf0e5b3f07a93.tar.gz | |
Modified the cacertrsamd5 short-cut. The test was checking whether
verification using a trusted insecurely signed self signed certificate
will fail against a chain that has this as intermediate. However this
test should have succeeded since the insecure certificate is trusted.
This isn't the purpose of this test however. It should have checked whether
using the same certificate as trusted and to be verified and the GNUTLS_VERIFY_DO_NOT_ALLOW_SAME
flag should return an error.
Diffstat (limited to 'tests/chainverify.c')
| -rw-r--r-- | tests/chainverify.c | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/tests/chainverify.c b/tests/chainverify.c index 71b4e2293e..8aa7a0fcab 100644 --- a/tests/chainverify.c +++ b/tests/chainverify.c @@ -741,7 +741,7 @@ static struct 0, GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID }, { "cacertrsamd5 ok", cacertrsamd5, &cacertrsamd5[2], GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5, 0 }, - { "cacertrsamd5 short-cut not ok", cacertrsamd5, &cacertrsamd5[1], + { "cacertrsamd5 short-cut not ok", cacertrsamd5, &cacertrsamd5[0], GNUTLS_VERIFY_DO_NOT_ALLOW_SAME, GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID }, { "cacertrsamd5 short-cut ok", cacertrsamd5, &cacertrsamd5[1], @@ -787,7 +787,7 @@ doit (void) for (j = 0; chains[i].chain[j]; j++) { - if (debug) + if (debug > 2) printf ("\tAdding certificate %d...", (int) j); ret = gnutls_x509_crt_init (&certs[j]); @@ -799,7 +799,7 @@ doit (void) tmp.size = strlen (chains[i].chain[j]); ret = gnutls_x509_crt_import (certs[j], &tmp, GNUTLS_X509_FMT_PEM); - if (debug) + if (debug > 2) printf ("done\n"); if (ret < 0) error (EXIT_FAILURE, 0, "gnutls_x509_crt_import[%d,%d]: %s", @@ -811,7 +811,7 @@ doit (void) gnutls_free (tmp.data); } - if (debug) + if (debug > 2) printf ("\tAdding CA certificate..."); ret = gnutls_x509_crt_init (&ca); @@ -827,7 +827,7 @@ doit (void) error (EXIT_FAILURE, 0, "gnutls_x509_crt_import: %s", gnutls_strerror (ret)); - if (debug) + if (debug > 2) printf ("done\n"); gnutls_x509_crt_print (ca, GNUTLS_CRT_PRINT_ONELINE, &tmp); @@ -848,7 +848,7 @@ doit (void) if (verify_status != chains[i].expected_verify_result) { - fail ("verify_status: %d expected: %d\n", + fail ("chain[%s]: verify_status: %d expected: %d\n", chains[i].name, verify_status, chains[i].expected_verify_result); if (!debug) @@ -864,7 +864,7 @@ doit (void) gnutls_x509_crt_deinit (certs[j]); if (debug) - printf ("done\n"); + printf ("done\n\n\n"); } gnutls_global_deinit (); |