tests: verify whether the TLSFeatures extension is copied

Verify whether the TLSFeatures extension is copied from the certificate
request to the generated certificate.

3 files changed, 61 insertions, 3 deletions

diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am
index 1c54779baf..4320532e00 100644
--- a/tests/cert-tests/Makefile.am
+++ b/tests/cert-tests/Makefile.am
@@ -40,7 +40,7 @@ EXTRA_DIST = ca-no-pathlen.pem no-ca-or-pathlen.pem aki-cert.pem \
 	template-krb5name.pem template-krb5name-full.pem template-test-ecc.key \
 	template-rsa-sha3-256.pem template-rsa-sha3-512.pem template-rsa-sha3-224.pem template-rsa-sha3-384.pem \
 	name-constraints-ip2.pem chain-md5.pem gost-cert.pem template-tlsfeature.tmpl \
-	template-tlsfeature.pem template-tlsfeature.csr
+	template-tlsfeature.pem template-tlsfeature.csr template-tlsfeature-crq.tmpl
 
 dist_check_SCRIPTS = pathlen aki certtool invalid-sig email \
 	pkcs7 pkcs7-broken-sigs privkey-import name-constraints certtool-long-cn crl provable-privkey \
diff --git a/tests/cert-tests/template-tlsfeature-crq.tmpl b/tests/cert-tests/template-tlsfeature-crq.tmpl
new file mode 100644
index 0000000000..1a41d2dacf
--- /dev/null
+++ b/tests/cert-tests/template-tlsfeature-crq.tmpl
@@ -0,0 +1,23 @@
+# X.509 Certificate options
+#
+# DN options
+
+# The organization of the subject.
+organization = "Koko inc."
+
+# The organizational unit of the subject.
+unit = "sleeping dept."
+
+# The locality of the subject.
+# locality =
+
+# The state of the certificate owner.
+state = "Attiki"
+
+# The country of the subject. Two letter code.
+country = GR
+
+# The common name of the certificate owner.
+cn = "Cindy Lauper"
+
+honor_crq_extensions
diff --git a/tests/cert-tests/tlsfeature-test b/tests/cert-tests/tlsfeature-test
index c36cbef619..a6452f3c9b 100755
--- a/tests/cert-tests/tlsfeature-test
+++ b/tests/cert-tests/tlsfeature-test
@@ -139,7 +139,7 @@ grep "17" "${TMPFILE2}" >/dev/null 2>&1
 rc=$?
 
 if test "${rc}" != "0"; then
-	echo "CSR printing (1) failed"
+	echo "CSR printing (2) failed"
 	exit ${rc}
 fi
 
@@ -147,7 +147,42 @@ grep "Status Request(5)" "${TMPFILE2}" >/dev/null 2>&1
 rc=$?
 
 if test "${rc}" != "0"; then
-	echo "CSR printing (2) failed"
+	echo "CSR printing (3) failed"
+	exit ${rc}
+fi
+
+#
+# Test certificate generation after a request
+#
+datefudge -s "2007-04-22" \
+"${CERTTOOL}" --generate-certificate \
+		--load-privkey "${srcdir}/template-test.key" \
+		--load-ca-privkey "${srcdir}/template-test.key" \
+		--load-ca-certificate "${srcdir}/template-tlsfeature.pem" \
+		--template "${srcdir}/template-tlsfeature-crq.tmpl" \
+		--load-request "${TMPFILE}" >"${TMPFILE2}" 2>&1
+
+grep -A 2 "TLS Features" "${TMPFILE2}" >"${TMPFILE}" 2>/dev/null
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "Cert generation (csr) (0) failed"
+	exit ${rc}
+fi
+
+grep "17" "${TMPFILE}" >/dev/null 2>&1
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "Cert generation (csr) (1) failed"
+	exit ${rc}
+fi
+
+grep "Status Request(5)" "${TMPFILE}" >/dev/null 2>&1
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "Cert generation (csr) (2) failed"
 	exit ${rc}
 fi