diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-11-02 10:38:28 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-11-02 13:00:54 +0100 |
commit | e966f37a986d51de2e7116a3a5b1086726c55529 (patch) | |
tree | 5089b2e8c48d5e2991c62b49677981e18f329762 /tests | |
parent | 115e7a0801179d5d931399448d89831d41fe8a01 (diff) | |
download | gnutls-e966f37a986d51de2e7116a3a5b1086726c55529.tar.gz |
Check the key usage bits during certificate verification.
Diffstat (limited to 'tests')
-rwxr-xr-x | tests/suite/chain | 6 | ||||
-rw-r--r-- | tests/suite/x509paths/README | 7 |
2 files changed, 6 insertions, 7 deletions
diff --git a/tests/suite/chain b/tests/suite/chain index effb686980..35bc541c93 100755 --- a/tests/suite/chain +++ b/tests/suite/chain @@ -24,7 +24,7 @@ CERTTOOL=../../../src/certtool SUCCESS=" 1 4 7 12 15 16 17 18 24 26 27 30 33 56 57 62 63 " FAILURE=" 2 3 5 6 8 9 10 11 13 14 19 20 21 22 23 25 28 29 31 32 54 55 58 59 60 61 " -KNOWN_BUGS=" 15 16 17 18 19 28 29 31 32 54 55 58 59 60 61 " +KNOWN_BUGS=" 15 16 17 18 19 31 32 54 55 58 59 60 61 " cd x509paths @@ -49,14 +49,14 @@ while test -d X509tests/test$i; do if echo "$KNOWN_BUGS" | grep " $i " > /dev/null 2>&1; then echo "Chain $i verification was skipped due to known bug." elif echo "$SUCCESS" | grep " $i " > /dev/null 2>&1; then - if grep 'Chain verification output:' out | grep -v 'Chain verification output: Verified\.$' > /dev/null 2>&1; then + if grep 'Chain verification output:' out | grep -v 'Chain verification output: Verified\.' > /dev/null 2>&1; then echo "Chain $i verification failure UNEXPECTED." RET=1 else echo "Chain $i verification success as expected." fi elif echo "$FAILURE" | grep " $i " >/dev/null 2>&1; then - if grep 'Chain verification output:' out | grep -v 'Chain verification output: Verified\.$' > /dev/null 2>&1; then + if grep 'Chain verification output:' out | grep -v 'Chain verification output: Verified\.' > /dev/null 2>&1; then echo "Chain $i verification failure as expected." else echo "Chain $i verification success UNEXPECTED. " diff --git a/tests/suite/x509paths/README b/tests/suite/x509paths/README index 46450a09b8..0d5d892b14 100644 --- a/tests/suite/x509paths/README +++ b/tests/suite/x509paths/README @@ -20,12 +20,11 @@ Chain 19: This requires advanced verification that we don't support yet. It requires to check that this path contains no revocation data. We shouldn't make these tests. -Chain 28-29: We fail to check keyCertSign (non-)critical key usage in -intermediate certificates. XXX - Chain 31-32: The CRL is issued by a issuer without CRLSign (non-)critical keyCertSign. We don't check the CRL, so this is not a real problem. This is easier to be supported now with the trust_list -that can verify CRLs on addition. +that can verify CRLs on addition. (there is an issue there since the +CRLs that are being added are typically of an intermediate CA which +is not in the trust list to verify them) Chain 54-55,58-61: We don't check path length constraints properly. XXX |