diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2014-02-19 07:40:22 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2014-02-19 07:40:22 +0100 |
| commit | 881bd5065a37863c20bc1e0b55e3d37c0a8c2fc5 (patch) | |
| tree | 75746876d08ba7f576a87994bde6cd08656df850 /tests/name-constraints.c | |
| parent | 036bd765a4db40dd01cdd97140ce9b7ea55575aa (diff) | |
| download | gnutls-881bd5065a37863c20bc1e0b55e3d37c0a8c2fc5.tar.gz | |
Added more constraints tests for unsupported structures.
Diffstat (limited to 'tests/name-constraints.c')
| -rw-r--r-- | tests/name-constraints.c | 34 |
1 files changed, 25 insertions, 9 deletions
diff --git a/tests/name-constraints.c b/tests/name-constraints.c index eafb523cb1..b5b29882c6 100644 --- a/tests/name-constraints.c +++ b/tests/name-constraints.c @@ -119,7 +119,7 @@ void doit(void) i = 0; do { ret = gnutls_x509_name_constraints_get_permitted(nc, i++, &type, &name); - + if (ret >= 0 && i == 2) { if (name.size != 3 || memcmp(name.data, ".eu", 3) != 0) { fail("error reading 2nd constraint\n"); @@ -130,7 +130,7 @@ void doit(void) if (i-1 != 8) { fail("Could not read all contraints; read %d, expected %d\n", i-1, 8); } - + gnutls_x509_name_constraints_deinit(nc); gnutls_x509_crt_deinit(crt); @@ -163,6 +163,11 @@ void doit(void) if (ret < 0) fail("error in %d: %s\n", __LINE__, gnutls_strerror(ret)); + ret = gnutls_x509_name_constraints_add_excluded(nc, GNUTLS_SAN_URI, + &name3); + if (ret < 0) + fail("error in %d: %s\n", __LINE__, gnutls_strerror(ret)); + ret = gnutls_x509_crt_set_name_constraints(crt, nc, 1); if (ret < 0) fail("error in %d: %s\n", __LINE__, gnutls_strerror(ret)); @@ -172,7 +177,7 @@ void doit(void) i = 0; do { ret = gnutls_x509_name_constraints_get_permitted(nc, i++, &type, &name); - + if (ret >= 0 && i == 1) { if (name.size != name1.size || memcmp(name.data, name1.data, name1.size) != 0) { fail("%d: error reading 1st constraint\n", __LINE__); @@ -187,7 +192,7 @@ void doit(void) i = 0; do { ret = gnutls_x509_name_constraints_get_excluded(nc, i++, &type, &name); - + if (ret >= 0 && i == 1) { if (name.size != name2.size || memcmp(name.data, name2.data, name2.size) != 0) { fail("%d: error reading 1st excluded constraint\n", __LINE__); @@ -200,16 +205,27 @@ void doit(void) } } while(ret == 0); - if (i-1 != 2) { - fail("Could not read all excluded contraints; read %d, expected %d\n", i-1, 2); + if (i-1 != 3) { + fail("Could not read all excluded contraints; read %d, expected %d\n", i-1, 3); } - + /* 3: test the name constraints check function */ + + /* This name constraints structure doesn't have any excluded RFC822NAME so + * this test should succeed */ name.data = (unsigned char*)"nmav@example.com"; name.size = strlen((char*)name.data); ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_RFC822NAME, &name); + if (ret == 0) + fail("Checking e-mail should have succeeded\n"); + + /* This name constraints structure does have an excluded URI so + * this test should fail */ + name.data = (unsigned char*)"http://www.com"; + name.size = strlen((char*)name.data); + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_URI, &name); if (ret != 0) - fail("Checking e-mail should have failed\n"); + fail("Checking URI should have failed\n"); name.data = (unsigned char*)"goodexample.com"; name.size = strlen((char*)name.data); @@ -237,7 +253,7 @@ void doit(void) gnutls_x509_name_constraints_deinit(nc); gnutls_x509_crt_deinit(crt); - + gnutls_global_deinit(); if (debug) |