summaryrefslogtreecommitdiff
path: root/tests
diff options
context:
space:
mode:
authorMartin Ukrop <mukrop@redhat.com>2016-06-23 12:33:15 +0200
committerNikos Mavrogiannopoulos <nmav@redhat.com>2016-08-09 10:46:20 +0200
commit25154fcff0f8ce5c0094e365920a2d7ce3bccdc9 (patch)
treeeced0677f423917658b9398cb07a3f0a21643793 /tests
parent41ed04c27fe6157f15fab7904f73a950e2691000 (diff)
downloadgnutls-25154fcff0f8ce5c0094e365920a2d7ce3bccdc9.tar.gz
tests: Add corner case tests for name constraints, improve doc
- Added corner case test suite for DNS name constraints. - Documentation update in chain tests. Signed-off-by: Martin Ukrop <mukrop@redhat.com>
Diffstat (limited to 'tests')
-rw-r--r--tests/name-constraints.c19
-rw-r--r--tests/test-chains.h7
2 files changed, 25 insertions, 1 deletions
diff --git a/tests/name-constraints.c b/tests/name-constraints.c
index 455acd4374..64e82ad35d 100644
--- a/tests/name-constraints.c
+++ b/tests/name-constraints.c
@@ -307,6 +307,25 @@ void doit(void)
gnutls_x509_name_constraints_deinit(nc);
gnutls_x509_crt_deinit(crt);
+ /* 4: corner cases */
+
+ /* 4a: empty excluded name (works as wildcard) */
+
+ ret = gnutls_x509_name_constraints_init(&nc);
+ check_for_error(ret);
+
+ set_name("", &name);
+ ret = gnutls_x509_name_constraints_add_excluded(nc, GNUTLS_SAN_DNSNAME, &name);
+ check_for_error(ret);
+
+ set_name("example.net", &name);
+ ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_DNSNAME, &name);
+ check_test_result(ret, NAME_REJECTED, &name);
+
+ gnutls_x509_name_constraints_deinit(nc);
+
+ // Test suite end.
+
if (debug)
success("Test success.\n");
}
diff --git a/tests/test-chains.h b/tests/test-chains.h
index 42f02df740..72ca19dc4b 100644
--- a/tests/test-chains.h
+++ b/tests/test-chains.h
@@ -412,6 +412,7 @@ static const char *nc_bad0[] = {
NULL
};
+/* Name constraints: Empty excluded DNSname, empty Common name */
static const char *nc_bad1[] = {
/* DNSname: localhost
DNSname: www.example.com
@@ -436,7 +437,8 @@ static const char *nc_bad1[] = {
"nci6MKXViEdeHbPLcZe9+vzSSpFh5u/l47w+2B1oz7mndFFpxkw37zDaVH5yAFxK\n"
"+5VijiKxH6nmniLUX8Zsv82YBaO0liNb2fOZopxQGQ==\n"
"-----END CERTIFICATE-----\n",
-/* Name Constraints (critical): (empty) */
+/* Name Constraints (critical):
+ * Excluded DNSname: (empty) */
"-----BEGIN CERTIFICATE-----\n"
"MIIDFTCCAf2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n"
"MCIYDzIwMTQwODI2MTEwODUyWhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n"
@@ -477,6 +479,7 @@ static const char *nc_bad1[] = {
NULL
};
+/* Name constraints: Multiple-level constraints, intersection empty */
static const char *nc_bad2[] = {
/* DNSname: www.example.com */
"-----BEGIN CERTIFICATE-----\n"
@@ -585,6 +588,7 @@ static const char *nc_bad2[] = {
NULL
};
+/* Name constraints: DNSname in excluded range */
static const char *nc_bad3[] = {
/* CN=www.example.com */
"-----BEGIN CERTIFICATE-----\n"
@@ -649,6 +653,7 @@ static const char *nc_bad3[] = {
NULL
};
+/* Name constraints: Multiple-level constraints, different subdomains */
static const char *nc_bad4[] = {
/* DNSname: sub2.example.org */
"-----BEGIN CERTIFICATE-----\n"