diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2014-08-12 22:48:04 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2014-08-12 22:48:54 +0200 |
| commit | 88e47010cf2543996993e6cb0f56c987f7625a3a (patch) | |
| tree | 7f9a6d1e99ef39a80deab667a88eaedc961d9578 /tests/hostname-check.c | |
| parent | 9823c76aff1188c97131d1936608d15c68f4cb42 (diff) | |
| download | gnutls-88e47010cf2543996993e6cb0f56c987f7625a3a.tar.gz | |
tests: check that gnutls_x509_crt_check_hostname() will correctly use the last CN when multiple
Diffstat (limited to 'tests/hostname-check.c')
| -rw-r--r-- | tests/hostname-check.c | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/tests/hostname-check.c b/tests/hostname-check.c index 420cf3ee8b..308c544aa1 100644 --- a/tests/hostname-check.c +++ b/tests/hostname-check.c @@ -760,6 +760,31 @@ char pem_ips[] = "\n" "-----END CERTIFICATE-----\n" ""; +char multi_cns[] = "\n" + "Subject: CN=www.example.com,CN=www.example2.com,CN=www.example3.com\n" + "\n" + "-----BEGIN CERTIFICATE-----\n" + "MIIDXzCCAkegAwIBAgIMU+p6uAg2JlqRhAbAMA0GCSqGSIb3DQEBCwUAMA8xDTAL\n" + "BgNVBAMTBENBLTAwIhgPMjAxNDA4MTIyMDM2MDhaGA85OTk5MTIzMTIzNTk1OVow\n" + "UDEYMBYGA1UEAxMPd3d3LmV4YW1wbGUuY29tMRkwFwYDVQQDExB3d3cuZXhhbXBs\n" + "ZTIuY29tMRkwFwYDVQQDExB3d3cuZXhhbXBsZTMuY29tMIIBIjANBgkqhkiG9w0B\n" + "AQEFAAOCAQ8AMIIBCgKCAQEAqP5QQUqIS2lquM8hYbDHljqHBDWlGtr167DDPwix\n" + "oIlnq84Xr1zI5zpJ2t/3U5kGTbRJiVroQCh3cVhiQyGTPSJPK+CJGi3diw5Vc2rK\n" + "oAPxaFtaxvE36mLLH2SSuc49b6hhlRpXdWE0TgnsvJojL5V20/CZI23T27fl+DjT\n" + "MduU92qH8wdCgp7q3sHZvtvTZuFM+edYvKZjhUz8P7JwiamG0A2UH+NiyicdAOxc\n" + "+lfwfoyetJdTHLfwxdCXT4X91xGd9eOW9lIL5BqLuAArODTcmHDmiXpXEO/sEyHq\n" + "L96Eawjon0Gz4IRNq7/kwDjSPJOIN0GHq6DtNmXl6J0C5wIDAQABo3YwdDAMBgNV\n" + "HRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1UdDwEB/wQFAwMHoAAw\n" + "HQYDVR0OBBYEFH6NTStc4XH/M74Meat1sT2o53fUMB8GA1UdIwQYMBaAFK8aMLKE\n" + "hAwWmkzQxRkQ1/efnumUMA0GCSqGSIb3DQEBCwUAA4IBAQBdHknM+rddB0ET+UI2\n" + "Or8qSNjkqBHwsZqb4hJozXFS35a1CJPQuxPzY13eHpiIfmdWL2EpKnLOU8vtAW9e\n" + "qpozMGDyrAuZhxsXUtInbF15C+Yuw9/sqCPK44b5DCtDf6J/N8m8FvdwqO803z1D\n" + "MGcSpES5I68+N3dwSRFYNpSLA1ul5MSlnmoffml959kx9hZNcI4N/UqkO1LMCKXX\n" + "Nf8kGFyLdPjANcIwL5sqP+Dp4HP3wdf7Ny+KFCZ6zDbpa53gb3G0naMdllK8BMfI\n" + "AQ4Y07zSA4K1QMdxeqaMgPIcCDLoKiMXAXNa42+K04F6SOkTjsVx9b5m0oynLt0u\n" + "MUjE\n" + "-----END CERTIFICATE-----\n"; + void doit(void) { gnutls_x509_crt_t x509; @@ -1042,6 +1067,31 @@ void doit(void) if (!ret) fail("%d: Hostname incorrectly does not match (%d)\n", __LINE__, ret); + if (debug) + success("Testing multi-cns...\n"); + data.data = (unsigned char *) multi_cns; + data.size = strlen(multi_cns); + + ret = gnutls_x509_crt_import(x509, &data, GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("%d: gnutls_x509_crt_import: %d\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "example.com"); + if (ret) + fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "www.example.com"); + if (ret) + fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "www.example2.com"); + if (ret) + fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "www.example3.com"); + if (!ret) + fail("%d: Hostname incorrectly does not match (%d)\n", __LINE__, ret); + #ifdef ENABLE_OPENPGP if (debug) success("Testing pem11...\n"); |