diff options
-rw-r--r-- | Makefile.am | 2 | ||||
-rw-r--r-- | configure.in | 2 | ||||
-rw-r--r-- | tests/Makefile | 415 | ||||
-rw-r--r-- | tests/Makefile.am | 3 | ||||
-rw-r--r-- | tests/Makefile.in | 415 | ||||
-rw-r--r-- | tests/ca.pem | 56 | ||||
-rw-r--r-- | tests/test1.pem | 56 | ||||
-rw-r--r-- | tests/test10.pem | 59 | ||||
-rw-r--r-- | tests/test13.pem | 126 | ||||
-rw-r--r-- | tests/test2.pem | 56 | ||||
-rw-r--r-- | tests/test23.pem | 184 | ||||
-rw-r--r-- | tests/test24.pem | 127 | ||||
-rw-r--r-- | tests/test26.pem | 196 | ||||
-rw-r--r-- | tests/test3.pem | 56 | ||||
-rw-r--r-- | tests/x509_test.c | 117 |
15 files changed, 1619 insertions, 251 deletions
diff --git a/Makefile.am b/Makefile.am index 442a8ddfab..a7c8202819 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,7 +1,7 @@ ## Process this file with automake to produce Makefile.in EXTRA_DIST = ChangeLog NEWS INSTALL README THANKS COPYING COPYING.LIB -SUBDIRS = $(LIBASN1_DIR) includes lib libextra src doc tests +SUBDIRS = $(LIBASN1_DIR) includes lib libextra src doc ChangeLog: cvs2cl --utc -U .cvsusers --fsf -t -S --prune diff --git a/configure.in b/configure.in index df16135697..67054cfbd5 100644 --- a/configure.in +++ b/configure.in @@ -393,6 +393,6 @@ AC_CONFIG_FILES([Makefile src/Makefile libextra/Makefile lib/Makefile \ lib/libgnutls-config libextra/libgnutls-extra-config \ doc/Makefile src/x509/Makefile src/srp/Makefile src/openpgp/Makefile \ doc/tex/Makefile doc/tex/cover.tex doc/scripts/Makefile \ -tests/Makefile includes/Makefile includes/gnutls/Makefile]) +includes/Makefile includes/gnutls/Makefile]) AC_OUTPUT diff --git a/tests/Makefile b/tests/Makefile new file mode 100644 index 0000000000..ebb165a798 --- /dev/null +++ b/tests/Makefile @@ -0,0 +1,415 @@ +# Makefile.in generated by automake 1.6.2 from Makefile.am. +# tests/Makefile. Generated from Makefile.in by configure. + +# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002 +# Free Software Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + + +SHELL = /bin/sh + +srcdir = . +top_srcdir = .. + +prefix = /usr/local +exec_prefix = ${prefix} + +bindir = ${exec_prefix}/bin +sbindir = ${exec_prefix}/sbin +libexecdir = ${exec_prefix}/libexec +datadir = ${prefix}/share +sysconfdir = ${prefix}/etc +sharedstatedir = ${prefix}/com +localstatedir = ${prefix}/var +libdir = ${exec_prefix}/lib +infodir = ${prefix}/info +mandir = ${prefix}/man +includedir = ${prefix}/include +oldincludedir = /usr/include +pkgdatadir = $(datadir)/gnutls +pkglibdir = $(libdir)/gnutls +pkgincludedir = $(includedir)/gnutls +top_builddir = .. + +ACLOCAL = ${SHELL} /usr/home/nmav/cvs/gnutls/missing --run aclocal-1.6 +AUTOCONF = ${SHELL} /usr/home/nmav/cvs/gnutls/missing --run autoconf +AUTOMAKE = ${SHELL} /usr/home/nmav/cvs/gnutls/missing --run automake-1.6 +AUTOHEADER = ${SHELL} /usr/home/nmav/cvs/gnutls/missing --run autoheader + +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +INSTALL = /usr/bin/install -c +INSTALL_PROGRAM = ${INSTALL} +INSTALL_DATA = ${INSTALL} -m 644 +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_SCRIPT = ${INSTALL} +INSTALL_HEADER = $(INSTALL_DATA) +transform = s,x,x, +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +host_alias = +host_triplet = i686-pc-linux-gnu + +EXEEXT = +OBJEXT = o +PATH_SEPARATOR = : +AMTAR = ${SHELL} /usr/home/nmav/cvs/gnutls/missing --run tar +AS = @AS@ +AWK = gawk +CC = colorgcc +DEPDIR = .deps +DLLTOOL = @DLLTOOL@ +ECHO = echo +FC_OK = +GNUTLS_CURRENT_INTERFACE_IMPLEMENTATION_NUMBER = 6 +GNUTLS_MAJOR_VERSION = 0 +GNUTLS_MICRO_VERSION = 6 +GNUTLS_MINOR_VERSION = 5 +GNUTLS_MOST_RECENT_INTERFACE = 5 +GNUTLS_OLDEST_INTERFACE = 5 +GNUTLS_VERSION = 0.5.6 +INSTALL_STRIP_PROGRAM = ${SHELL} $(install_sh) -c -s +LIBASN1_DIR = libtasn1 +LIBASN1_LINK = ../libtasn1/lib/libtasn1.la +LIBGCRYPT_CFLAGS = +LIBGCRYPT_CONFIG = /usr/bin/libgcrypt-config +LIBGCRYPT_LIBS = -L/usr/lib -lgcrypt +LIBGNUTLS_CFLAGS = -I${prefix}/include +LIBGNUTLS_EXTRA_CFLAGS = -I/usr/include -I${prefix}/include +LIBGNUTLS_EXTRA_LIBS = -L${exec_prefix}/lib -lgnutls-extra -lgnutls -lz -L/usr/lib -lopencdk -L/usr/lib -lgcrypt +LIBGNUTLS_LIBS = -lz -L${exec_prefix}/lib -lgnutls -ltasn1 -L/usr/lib -lgcrypt +LIBMCRYPT_CFLAGS = +LIBMCRYPT_CONFIG = +LIBMCRYPT_LIBS = +LIBOPENCDK_CFLAGS = -I/usr/include +LIBOPENCDK_CONFIG = /usr/bin/opencdk-config +LIBOPENCDK_LIBS = -lz -L/usr/lib -lopencdk -L/usr/lib -lgcrypt +LIBTOOL = $(SHELL) $(top_builddir)/libtool +LN_S = ln -s +LT_AGE = 0 +LT_CURRENT = 5 +LT_REVISION = 6 +MAINT = +OBJDUMP = @OBJDUMP@ +PACKAGE = gnutls +RANLIB = ranlib +SERV_LIBS = -lz -lgdbm +STRIP = strip +VERSION = 0.5.6 +YACC = bison -y +am__include = include +am__quote = +install_sh = /usr/home/nmav/cvs/gnutls/install-sh +EXTRA_DIST = test1.pem test2.pem test3.pem test10.pem test25.pem \ + test22.pem test23.pem test24.pem test26.pem test13.pem ca.pem + +INCLUDES = -I../lib/ -I../libtasn1/lib/ -I../includes + +noinst_PROGRAMS = x509test +x509test_SOURCES = x509_test.c +x509test_LDADD = ../lib/libgnutls.la -lgcrypt +TESTS = x509test +subdir = tests +mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +noinst_PROGRAMS = x509test$(EXEEXT) +PROGRAMS = $(noinst_PROGRAMS) + +am_x509test_OBJECTS = x509_test.$(OBJEXT) +x509test_OBJECTS = $(am_x509test_OBJECTS) +x509test_DEPENDENCIES = ../lib/libgnutls.la +x509test_LDFLAGS = + +DEFS = -DHAVE_CONFIG_H +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir) +CPPFLAGS = +LDFLAGS = +LIBS = -lz +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +DEP_FILES = ./$(DEPDIR)/x509_test.Po +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \ + $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +CFLAGS = -g -O2 -ggdb3 -Wall -Wpointer-arith -Wstrict-prototypes -pipe +DIST_SOURCES = $(x509test_SOURCES) +DIST_COMMON = Makefile.am Makefile.in +SOURCES = $(x509test_SOURCES) + +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) + cd $(top_srcdir) && \ + $(AUTOMAKE) --gnu tests/Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) + +clean-noinstPROGRAMS: + @list='$(noinst_PROGRAMS)'; for p in $$list; do \ + f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f $$p $$f"; \ + rm -f $$p $$f ; \ + done +x509test$(EXEEXT): $(x509test_OBJECTS) $(x509test_DEPENDENCIES) + @rm -f x509test$(EXEEXT) + $(LINK) $(x509test_LDFLAGS) $(x509test_OBJECTS) $(x509test_LDADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) core *.core + +distclean-compile: + -rm -f *.tab.c + +include ./$(DEPDIR)/x509_test.Po + +distclean-depend: + -rm -rf ./$(DEPDIR) + +.c.o: + source='$<' object='$@' libtool=no \ + depfile='$(DEPDIR)/$*.Po' tmpdepfile='$(DEPDIR)/$*.TPo' \ + $(CCDEPMODE) $(depcomp) \ + $(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$< + +.c.obj: + source='$<' object='$@' libtool=no \ + depfile='$(DEPDIR)/$*.Po' tmpdepfile='$(DEPDIR)/$*.TPo' \ + $(CCDEPMODE) $(depcomp) \ + $(COMPILE) -c `cygpath -w $<` + +.c.lo: + source='$<' object='$@' libtool=yes \ + depfile='$(DEPDIR)/$*.Plo' tmpdepfile='$(DEPDIR)/$*.TPlo' \ + $(CCDEPMODE) $(depcomp) \ + $(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$< +CCDEPMODE = depmode=gcc3 + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +distclean-libtool: + -rm -f libtool +uninstall-info-am: + +ETAGS = etags +ETAGSFLAGS = + +tags: TAGS + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + mkid -fID $$unique + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + tags=; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + test -z "$(ETAGS_ARGS)$$tags$$unique" \ + || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$tags $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && cd $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) $$here + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH + +check-TESTS: $(TESTS) + @failed=0; all=0; xfail=0; xpass=0; \ + srcdir=$(srcdir); export srcdir; \ + list='$(TESTS)'; \ + if test -n "$$list"; then \ + for tst in $$list; do \ + if test -f ./$$tst; then dir=./; \ + elif test -f $$tst; then dir=; \ + else dir="$(srcdir)/"; fi; \ + if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ + all=`expr $$all + 1`; \ + case " $(XFAIL_TESTS) " in \ + *" $$tst "*) \ + xpass=`expr $$xpass + 1`; \ + failed=`expr $$failed + 1`; \ + echo "XPASS: $$tst"; \ + ;; \ + *) \ + echo "PASS: $$tst"; \ + ;; \ + esac; \ + elif test $$? -ne 77; then \ + all=`expr $$all + 1`; \ + case " $(XFAIL_TESTS) " in \ + *" $$tst "*) \ + xfail=`expr $$xfail + 1`; \ + echo "XFAIL: $$tst"; \ + ;; \ + *) \ + failed=`expr $$failed + 1`; \ + echo "FAIL: $$tst"; \ + ;; \ + esac; \ + fi; \ + done; \ + if test "$$failed" -eq 0; then \ + if test "$$xfail" -eq 0; then \ + banner="All $$all tests passed"; \ + else \ + banner="All $$all tests behaved as expected ($$xfail expected failures)"; \ + fi; \ + else \ + if test "$$xpass" -eq 0; then \ + banner="$$failed of $$all tests failed"; \ + else \ + banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \ + fi; \ + fi; \ + dashes=`echo "$$banner" | sed s/./=/g`; \ + echo "$$dashes"; \ + echo "$$banner"; \ + echo "$$dashes"; \ + test "$$failed" -eq 0; \ + else :; fi +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) + +top_distdir = .. +distdir = $(top_distdir)/$(PACKAGE)-$(VERSION) + +distdir: $(DISTFILES) + @list='$(DISTFILES)'; for file in $$list; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test "$$dir" != "$$file" && test "$$dir" != "."; then \ + dir="/$$dir"; \ + $(mkinstalldirs) "$(distdir)$$dir"; \ + else \ + dir=''; \ + fi; \ + if test -d $$d/$$file; then \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + fi; \ + cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + else \ + test -f $(distdir)/$$file \ + || cp -p $$d/$$file $(distdir)/$$file \ + || exit 1; \ + fi; \ + done +check-am: all-am + $(MAKE) $(AM_MAKEFLAGS) check-TESTS +check: check-am +all-am: Makefile $(PROGRAMS) + +installdirs: + +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -rm -f Makefile $(CONFIG_CLEAN_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-noinstPROGRAMS \ + mostlyclean-am + +distclean: distclean-am + +distclean-am: clean-am distclean-compile distclean-depend \ + distclean-generic distclean-libtool distclean-tags + +dvi: dvi-am + +dvi-am: + +info: info-am + +info-am: + +install-data-am: + +install-exec-am: + +install-info: install-info-am + +install-man: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +uninstall-am: uninstall-info-am + +.PHONY: GTAGS all all-am check check-TESTS check-am clean clean-generic \ + clean-libtool clean-noinstPROGRAMS distclean distclean-compile \ + distclean-depend distclean-generic distclean-libtool \ + distclean-tags distdir dvi dvi-am info info-am install \ + install-am install-data install-data-am install-exec \ + install-exec-am install-info install-info-am install-man \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + tags uninstall uninstall-am uninstall-info-am + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/tests/Makefile.am b/tests/Makefile.am index 4b9a18c04b..1639b7d331 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -1,5 +1,6 @@ ## Process this file with automake to produce Makefile.in -EXTRA_DIST = test1.pem test2.pem test3.pem test10.pem test25.pem +EXTRA_DIST = test1.pem test2.pem test3.pem test10.pem test25.pem \ + test22.pem test23.pem test24.pem test26.pem test13.pem ca.pem INCLUDES= -I../lib/ -I../libtasn1/lib/ -I../includes noinst_PROGRAMS = x509test diff --git a/tests/Makefile.in b/tests/Makefile.in new file mode 100644 index 0000000000..4861ebb55f --- /dev/null +++ b/tests/Makefile.in @@ -0,0 +1,415 @@ +# Makefile.in generated by automake 1.6.2 from Makefile.am. +# @configure_input@ + +# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002 +# Free Software Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ +SHELL = @SHELL@ + +srcdir = @srcdir@ +top_srcdir = @top_srcdir@ +VPATH = @srcdir@ +prefix = @prefix@ +exec_prefix = @exec_prefix@ + +bindir = @bindir@ +sbindir = @sbindir@ +libexecdir = @libexecdir@ +datadir = @datadir@ +sysconfdir = @sysconfdir@ +sharedstatedir = @sharedstatedir@ +localstatedir = @localstatedir@ +libdir = @libdir@ +infodir = @infodir@ +mandir = @mandir@ +includedir = @includedir@ +oldincludedir = /usr/include +pkgdatadir = $(datadir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +top_builddir = .. + +ACLOCAL = @ACLOCAL@ +AUTOCONF = @AUTOCONF@ +AUTOMAKE = @AUTOMAKE@ +AUTOHEADER = @AUTOHEADER@ + +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +INSTALL = @INSTALL@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_DATA = @INSTALL_DATA@ +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_HEADER = $(INSTALL_DATA) +transform = @program_transform_name@ +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +host_alias = @host_alias@ +host_triplet = @host@ + +EXEEXT = @EXEEXT@ +OBJEXT = @OBJEXT@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +AMTAR = @AMTAR@ +AS = @AS@ +AWK = @AWK@ +CC = @CC@ +DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ +ECHO = @ECHO@ +FC_OK = @FC_OK@ +GNUTLS_CURRENT_INTERFACE_IMPLEMENTATION_NUMBER = @GNUTLS_CURRENT_INTERFACE_IMPLEMENTATION_NUMBER@ +GNUTLS_MAJOR_VERSION = @GNUTLS_MAJOR_VERSION@ +GNUTLS_MICRO_VERSION = @GNUTLS_MICRO_VERSION@ +GNUTLS_MINOR_VERSION = @GNUTLS_MINOR_VERSION@ +GNUTLS_MOST_RECENT_INTERFACE = @GNUTLS_MOST_RECENT_INTERFACE@ +GNUTLS_OLDEST_INTERFACE = @GNUTLS_OLDEST_INTERFACE@ +GNUTLS_VERSION = @GNUTLS_VERSION@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LIBASN1_DIR = @LIBASN1_DIR@ +LIBASN1_LINK = @LIBASN1_LINK@ +LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ +LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ +LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ +LIBGNUTLS_CFLAGS = @LIBGNUTLS_CFLAGS@ +LIBGNUTLS_EXTRA_CFLAGS = @LIBGNUTLS_EXTRA_CFLAGS@ +LIBGNUTLS_EXTRA_LIBS = @LIBGNUTLS_EXTRA_LIBS@ +LIBGNUTLS_LIBS = @LIBGNUTLS_LIBS@ +LIBMCRYPT_CFLAGS = @LIBMCRYPT_CFLAGS@ +LIBMCRYPT_CONFIG = @LIBMCRYPT_CONFIG@ +LIBMCRYPT_LIBS = @LIBMCRYPT_LIBS@ +LIBOPENCDK_CFLAGS = @LIBOPENCDK_CFLAGS@ +LIBOPENCDK_CONFIG = @LIBOPENCDK_CONFIG@ +LIBOPENCDK_LIBS = @LIBOPENCDK_LIBS@ +LIBTOOL = @LIBTOOL@ +LN_S = @LN_S@ +LT_AGE = @LT_AGE@ +LT_CURRENT = @LT_CURRENT@ +LT_REVISION = @LT_REVISION@ +MAINT = @MAINT@ +OBJDUMP = @OBJDUMP@ +PACKAGE = @PACKAGE@ +RANLIB = @RANLIB@ +SERV_LIBS = @SERV_LIBS@ +STRIP = @STRIP@ +VERSION = @VERSION@ +YACC = @YACC@ +am__include = @am__include@ +am__quote = @am__quote@ +install_sh = @install_sh@ +EXTRA_DIST = test1.pem test2.pem test3.pem test10.pem test25.pem \ + test22.pem test23.pem test24.pem test26.pem test13.pem ca.pem + +INCLUDES = -I../lib/ -I../libtasn1/lib/ -I../includes + +noinst_PROGRAMS = x509test +x509test_SOURCES = x509_test.c +x509test_LDADD = ../lib/libgnutls.la -lgcrypt +TESTS = x509test +subdir = tests +mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +noinst_PROGRAMS = x509test$(EXEEXT) +PROGRAMS = $(noinst_PROGRAMS) + +am_x509test_OBJECTS = x509_test.$(OBJEXT) +x509test_OBJECTS = $(am_x509test_OBJECTS) +x509test_DEPENDENCIES = ../lib/libgnutls.la +x509test_LDFLAGS = + +DEFS = @DEFS@ +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir) +CPPFLAGS = @CPPFLAGS@ +LDFLAGS = @LDFLAGS@ +LIBS = @LIBS@ +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +@AMDEP_TRUE@DEP_FILES = ./$(DEPDIR)/x509_test.Po +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \ + $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +CFLAGS = @CFLAGS@ +DIST_SOURCES = $(x509test_SOURCES) +DIST_COMMON = Makefile.am Makefile.in +SOURCES = $(x509test_SOURCES) + +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) + cd $(top_srcdir) && \ + $(AUTOMAKE) --gnu tests/Makefile +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) + +clean-noinstPROGRAMS: + @list='$(noinst_PROGRAMS)'; for p in $$list; do \ + f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f $$p $$f"; \ + rm -f $$p $$f ; \ + done +x509test$(EXEEXT): $(x509test_OBJECTS) $(x509test_DEPENDENCIES) + @rm -f x509test$(EXEEXT) + $(LINK) $(x509test_LDFLAGS) $(x509test_OBJECTS) $(x509test_LDADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) core *.core + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509_test.Po@am__quote@ + +distclean-depend: + -rm -rf ./$(DEPDIR) + +.c.o: +@AMDEP_TRUE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@ depfile='$(DEPDIR)/$*.Po' tmpdepfile='$(DEPDIR)/$*.TPo' @AMDEPBACKSLASH@ +@AMDEP_TRUE@ $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ + $(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$< + +.c.obj: +@AMDEP_TRUE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@ depfile='$(DEPDIR)/$*.Po' tmpdepfile='$(DEPDIR)/$*.TPo' @AMDEPBACKSLASH@ +@AMDEP_TRUE@ $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ + $(COMPILE) -c `cygpath -w $<` + +.c.lo: +@AMDEP_TRUE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@ depfile='$(DEPDIR)/$*.Plo' tmpdepfile='$(DEPDIR)/$*.TPlo' @AMDEPBACKSLASH@ +@AMDEP_TRUE@ $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ + $(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$< +CCDEPMODE = @CCDEPMODE@ + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +distclean-libtool: + -rm -f libtool +uninstall-info-am: + +ETAGS = etags +ETAGSFLAGS = + +tags: TAGS + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + mkid -fID $$unique + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + tags=; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + test -z "$(ETAGS_ARGS)$$tags$$unique" \ + || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$tags $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && cd $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) $$here + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH + +check-TESTS: $(TESTS) + @failed=0; all=0; xfail=0; xpass=0; \ + srcdir=$(srcdir); export srcdir; \ + list='$(TESTS)'; \ + if test -n "$$list"; then \ + for tst in $$list; do \ + if test -f ./$$tst; then dir=./; \ + elif test -f $$tst; then dir=; \ + else dir="$(srcdir)/"; fi; \ + if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ + all=`expr $$all + 1`; \ + case " $(XFAIL_TESTS) " in \ + *" $$tst "*) \ + xpass=`expr $$xpass + 1`; \ + failed=`expr $$failed + 1`; \ + echo "XPASS: $$tst"; \ + ;; \ + *) \ + echo "PASS: $$tst"; \ + ;; \ + esac; \ + elif test $$? -ne 77; then \ + all=`expr $$all + 1`; \ + case " $(XFAIL_TESTS) " in \ + *" $$tst "*) \ + xfail=`expr $$xfail + 1`; \ + echo "XFAIL: $$tst"; \ + ;; \ + *) \ + failed=`expr $$failed + 1`; \ + echo "FAIL: $$tst"; \ + ;; \ + esac; \ + fi; \ + done; \ + if test "$$failed" -eq 0; then \ + if test "$$xfail" -eq 0; then \ + banner="All $$all tests passed"; \ + else \ + banner="All $$all tests behaved as expected ($$xfail expected failures)"; \ + fi; \ + else \ + if test "$$xpass" -eq 0; then \ + banner="$$failed of $$all tests failed"; \ + else \ + banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \ + fi; \ + fi; \ + dashes=`echo "$$banner" | sed s/./=/g`; \ + echo "$$dashes"; \ + echo "$$banner"; \ + echo "$$dashes"; \ + test "$$failed" -eq 0; \ + else :; fi +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) + +top_distdir = .. +distdir = $(top_distdir)/$(PACKAGE)-$(VERSION) + +distdir: $(DISTFILES) + @list='$(DISTFILES)'; for file in $$list; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test "$$dir" != "$$file" && test "$$dir" != "."; then \ + dir="/$$dir"; \ + $(mkinstalldirs) "$(distdir)$$dir"; \ + else \ + dir=''; \ + fi; \ + if test -d $$d/$$file; then \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + fi; \ + cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + else \ + test -f $(distdir)/$$file \ + || cp -p $$d/$$file $(distdir)/$$file \ + || exit 1; \ + fi; \ + done +check-am: all-am + $(MAKE) $(AM_MAKEFLAGS) check-TESTS +check: check-am +all-am: Makefile $(PROGRAMS) + +installdirs: + +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -rm -f Makefile $(CONFIG_CLEAN_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-noinstPROGRAMS \ + mostlyclean-am + +distclean: distclean-am + +distclean-am: clean-am distclean-compile distclean-depend \ + distclean-generic distclean-libtool distclean-tags + +dvi: dvi-am + +dvi-am: + +info: info-am + +info-am: + +install-data-am: + +install-exec-am: + +install-info: install-info-am + +install-man: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +uninstall-am: uninstall-info-am + +.PHONY: GTAGS all all-am check check-TESTS check-am clean clean-generic \ + clean-libtool clean-noinstPROGRAMS distclean distclean-compile \ + distclean-depend distclean-generic distclean-libtool \ + distclean-tags distdir dvi dvi-am info info-am install \ + install-am install-data install-data-am install-exec \ + install-exec-am install-info install-info-am install-man \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + tags uninstall uninstall-am uninstall-info-am + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/tests/ca.pem b/tests/ca.pem new file mode 100644 index 0000000000..4b7362ab6b --- /dev/null +++ b/tests/ca.pem @@ -0,0 +1,56 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 99999 (0x1869f) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor + Validity + Not Before: Jan 1 12:01:00 1999 GMT + Not After : Jan 1 12:01:00 2048 GMT + Subject: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:d3:f3:b9:c1:33:b7:3f:a7:27:f6:41:1d:5c:9c: + 79:9d:aa:d2:95:10:b7:84:ce:da:a3:e5:58:0c:3e: + 4e:8b:56:bf:3e:aa:21:2d:50:13:fe:f3:19:2e:7a: + cb:11:cf:f3:d3:b8:5f:57:9f:9d:97:80:af:1d:95: + 57:12:df:34:d4:bd:f3:ae:4d:e7:7c:a6:20:d4:04: + 4e:da:63:61:3e:3d:2a:8d:37:cf:c5:3c:c9:f9:fa: + f0:39:48:04:78:bd:b0:dd:f5:24:46:33:a1:46:9f: + 17:9f:04:bb:cf:37:94:0c:13:43:aa:90:ac:91:78: + 1d:ba:f3:18:84:2a:82:2b:47 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + AB:9A:EB:F9:C2:E7:54:8F + X509v3 Basic Constraints: + CA:TRUE + X509v3 Authority Key Identifier: + keyid:AB:9A:EB:F9:C2:E7:54:8F + + Signature Algorithm: sha1WithRSAEncryption + 16:56:0f:61:ac:87:8b:4f:eb:64:12:1b:c3:85:59:4a:68:e1: + 3b:a5:21:c1:59:2e:91:ac:68:fe:13:ff:63:6d:ee:55:d4:a0: + 82:4c:37:bc:16:8e:a9:26:61:fe:7f:46:fa:38:1f:13:5c:8a: + 6a:b7:12:47:98:72:b9:b5:56:80:ee:78:95:18:1a:f4:63:70: + 26:39:9b:19:20:84:8d:bb:62:5f:df:2c:a1:3d:fc:1b:d0:3a: + bb:d8:cc:1b:36:12:a2:ab:ad:3e:e6:e1:52:b4:75:13:11:ec: + 27:95:a6:63:cf:d3:cc:f4:4e:d8:ba:b8:ad:ad:cc:1a:65:a7: + 5a:45 +-----BEGIN CERTIFICATE----- +MIICbDCCAdWgAwIBAgIDAYafMA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNVBAYTAlVT +MRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEQMA4GA1UE +CxMHVGVzdGluZzEVMBMGA1UEAxMMVHJ1c3QgQW5jaG9yMB4XDTk5MDEwMTEyMDEw +MFoXDTQ4MDEwMTEyMDEwMFowXjELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4g +R292ZXJubWVudDEMMAoGA1UECxMDRG9EMRAwDgYDVQQLEwdUZXN0aW5nMRUwEwYD +VQQDEwxUcnVzdCBBbmNob3IwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANPz +ucEztz+nJ/ZBHVyceZ2q0pUQt4TO2qPlWAw+TotWvz6qIS1QE/7zGS56yxHP89O4 +X1efnZeArx2VVxLfNNS9865N53ymINQETtpjYT49Ko03z8U8yfn68DlIBHi9sN31 +JEYzoUafF58Eu883lAwTQ6qQrJF4HbrzGIQqgitHAgMBAAGjODA2MBEGA1UdDgQK +BAirmuv5wudUjzAMBgNVHRMEBTADAQH/MBMGA1UdIwQMMAqACKua6/nC51SPMA0G +CSqGSIb3DQEBBQUAA4GBABZWD2Gsh4tP62QSG8OFWUpo4TulIcFZLpGsaP4T/2Nt +7lXUoIJMN7wWjqkmYf5/Rvo4HxNcimq3EkeYcrm1VoDueJUYGvRjcCY5mxkghI27 +Yl/fLKE9/BvQOrvYzBs2EqKrrT7m4VK0dRMR7CeVpmPP08z0Tti6uK2tzBplp1pF +-----END CERTIFICATE----- diff --git a/tests/test1.pem b/tests/test1.pem index 960e907af3..6b71c59225 100644 --- a/tests/test1.pem +++ b/tests/test1.pem @@ -60,59 +60,3 @@ ZbHf6qWfRfmrPrz9hDH1644NrJop2Y7MXzuTtpo1zp4NCG4+ii0CSOfvhugc8yOm q3I6olgE0V16VtC5br2892UHYZ55Q4oQ9BWouVVlOyY9rogOB160BnsqBELFhT0W f6mnbsdDG+BB5fFyeK61aYDWV84kS7cSX5w= -----END CERTIFICATE----- -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 99999 (0x1869f) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor - Validity - Not Before: Jan 1 12:01:00 1999 GMT - Not After : Jan 1 12:01:00 2048 GMT - Subject: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:d3:f3:b9:c1:33:b7:3f:a7:27:f6:41:1d:5c:9c: - 79:9d:aa:d2:95:10:b7:84:ce:da:a3:e5:58:0c:3e: - 4e:8b:56:bf:3e:aa:21:2d:50:13:fe:f3:19:2e:7a: - cb:11:cf:f3:d3:b8:5f:57:9f:9d:97:80:af:1d:95: - 57:12:df:34:d4:bd:f3:ae:4d:e7:7c:a6:20:d4:04: - 4e:da:63:61:3e:3d:2a:8d:37:cf:c5:3c:c9:f9:fa: - f0:39:48:04:78:bd:b0:dd:f5:24:46:33:a1:46:9f: - 17:9f:04:bb:cf:37:94:0c:13:43:aa:90:ac:91:78: - 1d:ba:f3:18:84:2a:82:2b:47 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Subject Key Identifier: - AB:9A:EB:F9:C2:E7:54:8F - X509v3 Basic Constraints: - CA:TRUE - X509v3 Authority Key Identifier: - keyid:AB:9A:EB:F9:C2:E7:54:8F - - Signature Algorithm: sha1WithRSAEncryption - 16:56:0f:61:ac:87:8b:4f:eb:64:12:1b:c3:85:59:4a:68:e1: - 3b:a5:21:c1:59:2e:91:ac:68:fe:13:ff:63:6d:ee:55:d4:a0: - 82:4c:37:bc:16:8e:a9:26:61:fe:7f:46:fa:38:1f:13:5c:8a: - 6a:b7:12:47:98:72:b9:b5:56:80:ee:78:95:18:1a:f4:63:70: - 26:39:9b:19:20:84:8d:bb:62:5f:df:2c:a1:3d:fc:1b:d0:3a: - bb:d8:cc:1b:36:12:a2:ab:ad:3e:e6:e1:52:b4:75:13:11:ec: - 27:95:a6:63:cf:d3:cc:f4:4e:d8:ba:b8:ad:ad:cc:1a:65:a7: - 5a:45 ------BEGIN CERTIFICATE----- -MIICbDCCAdWgAwIBAgIDAYafMA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNVBAYTAlVT -MRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEQMA4GA1UE -CxMHVGVzdGluZzEVMBMGA1UEAxMMVHJ1c3QgQW5jaG9yMB4XDTk5MDEwMTEyMDEw -MFoXDTQ4MDEwMTEyMDEwMFowXjELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4g -R292ZXJubWVudDEMMAoGA1UECxMDRG9EMRAwDgYDVQQLEwdUZXN0aW5nMRUwEwYD -VQQDEwxUcnVzdCBBbmNob3IwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANPz -ucEztz+nJ/ZBHVyceZ2q0pUQt4TO2qPlWAw+TotWvz6qIS1QE/7zGS56yxHP89O4 -X1efnZeArx2VVxLfNNS9865N53ymINQETtpjYT49Ko03z8U8yfn68DlIBHi9sN31 -JEYzoUafF58Eu883lAwTQ6qQrJF4HbrzGIQqgitHAgMBAAGjODA2MBEGA1UdDgQK -BAirmuv5wudUjzAMBgNVHRMEBTADAQH/MBMGA1UdIwQMMAqACKua6/nC51SPMA0G -CSqGSIb3DQEBBQUAA4GBABZWD2Gsh4tP62QSG8OFWUpo4TulIcFZLpGsaP4T/2Nt -7lXUoIJMN7wWjqkmYf5/Rvo4HxNcimq3EkeYcrm1VoDueJUYGvRjcCY5mxkghI27 -Yl/fLKE9/BvQOrvYzBs2EqKrrT7m4VK0dRMR7CeVpmPP08z0Tti6uK2tzBplp1pF ------END CERTIFICATE----- diff --git a/tests/test10.pem b/tests/test10.pem index 05e56eebbc..7e741003cc 100644 --- a/tests/test10.pem +++ b/tests/test10.pem @@ -1,4 +1,5 @@ -[ The end certificate is expired ] +[ The end certificate is expired. This should be validated (we don't check +expiration in the validation functions. ] Certificate: Data: @@ -122,59 +123,3 @@ AQEFBQADgYEAWwpfh9oOOvj9xHS0zcczaUIHTkpjgk09I+pERlu0Z0+rHvpZGge4 OvNDFtMc4TgthGcydbIwiKogjtGBM2/sNHIO2jcpNeOtNKLxrzD4Y0Ve164kXBu9 Mmsxx4sG7XUXZWgiOPfu/HmyPVdzbIReJdQO515SNx7JdgVyUkyhBxM= -----END CERTIFICATE----- -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 99999 (0x1869f) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor - Validity - Not Before: Jan 1 12:01:00 1999 GMT - Not After : Jan 1 12:01:00 2048 GMT - Subject: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:d3:f3:b9:c1:33:b7:3f:a7:27:f6:41:1d:5c:9c: - 79:9d:aa:d2:95:10:b7:84:ce:da:a3:e5:58:0c:3e: - 4e:8b:56:bf:3e:aa:21:2d:50:13:fe:f3:19:2e:7a: - cb:11:cf:f3:d3:b8:5f:57:9f:9d:97:80:af:1d:95: - 57:12:df:34:d4:bd:f3:ae:4d:e7:7c:a6:20:d4:04: - 4e:da:63:61:3e:3d:2a:8d:37:cf:c5:3c:c9:f9:fa: - f0:39:48:04:78:bd:b0:dd:f5:24:46:33:a1:46:9f: - 17:9f:04:bb:cf:37:94:0c:13:43:aa:90:ac:91:78: - 1d:ba:f3:18:84:2a:82:2b:47 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Subject Key Identifier: - AB:9A:EB:F9:C2:E7:54:8F - X509v3 Basic Constraints: - CA:TRUE - X509v3 Authority Key Identifier: - keyid:AB:9A:EB:F9:C2:E7:54:8F - - Signature Algorithm: sha1WithRSAEncryption - 16:56:0f:61:ac:87:8b:4f:eb:64:12:1b:c3:85:59:4a:68:e1: - 3b:a5:21:c1:59:2e:91:ac:68:fe:13:ff:63:6d:ee:55:d4:a0: - 82:4c:37:bc:16:8e:a9:26:61:fe:7f:46:fa:38:1f:13:5c:8a: - 6a:b7:12:47:98:72:b9:b5:56:80:ee:78:95:18:1a:f4:63:70: - 26:39:9b:19:20:84:8d:bb:62:5f:df:2c:a1:3d:fc:1b:d0:3a: - bb:d8:cc:1b:36:12:a2:ab:ad:3e:e6:e1:52:b4:75:13:11:ec: - 27:95:a6:63:cf:d3:cc:f4:4e:d8:ba:b8:ad:ad:cc:1a:65:a7: - 5a:45 ------BEGIN CERTIFICATE----- -MIICbDCCAdWgAwIBAgIDAYafMA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNVBAYTAlVT -MRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEQMA4GA1UE -CxMHVGVzdGluZzEVMBMGA1UEAxMMVHJ1c3QgQW5jaG9yMB4XDTk5MDEwMTEyMDEw -MFoXDTQ4MDEwMTEyMDEwMFowXjELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4g -R292ZXJubWVudDEMMAoGA1UECxMDRG9EMRAwDgYDVQQLEwdUZXN0aW5nMRUwEwYD -VQQDEwxUcnVzdCBBbmNob3IwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANPz -ucEztz+nJ/ZBHVyceZ2q0pUQt4TO2qPlWAw+TotWvz6qIS1QE/7zGS56yxHP89O4 -X1efnZeArx2VVxLfNNS9865N53ymINQETtpjYT49Ko03z8U8yfn68DlIBHi9sN31 -JEYzoUafF58Eu883lAwTQ6qQrJF4HbrzGIQqgitHAgMBAAGjODA2MBEGA1UdDgQK -BAirmuv5wudUjzAMBgNVHRMEBTADAQH/MBMGA1UdIwQMMAqACKua6/nC51SPMA0G -CSqGSIb3DQEBBQUAA4GBABZWD2Gsh4tP62QSG8OFWUpo4TulIcFZLpGsaP4T/2Nt -7lXUoIJMN7wWjqkmYf5/Rvo4HxNcimq3EkeYcrm1VoDueJUYGvRjcCY5mxkghI27 -Yl/fLKE9/BvQOrvYzBs2EqKrrT7m4VK0dRMR7CeVpmPP08z0Tti6uK2tzBplp1pF ------END CERTIFICATE----- diff --git a/tests/test13.pem b/tests/test13.pem new file mode 100644 index 0000000000..3a51af645d --- /dev/null +++ b/tests/test13.pem @@ -0,0 +1,126 @@ +[ There is no chain here. This chain is not valid. ] + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 26 (0x1a) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, O=U.S. Government, OU=Dod, OU=Testing, CN=CA1-CP.99.99 + Validity + Not Before: Jan 1 12:01:00 1998 GMT + Not After : Jan 1 12:01:00 2048 GMT + Subject: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=User1-CP.04.01 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:f8:80:64:a5:cf:8c:af:23:bd:a3:63:df:85:72: + 9f:22:8f:2b:b7:50:b4:5c:ac:04:f2:85:5b:96:35: + 05:cf:8e:32:cc:9d:da:93:e9:42:82:58:71:04:cc: + 32:89:a5:02:aa:01:bd:25:d4:24:23:0d:97:2f:c1: + c5:5b:af:9f:b9:7a:23:d7:2b:b7:1e:8f:8c:10:54: + 94:4c:dd:72:cb:1c:69:a1:1a:1e:e0:82:56:5f:8c: + b2:7a:fa:e9:c4:95:dc:6a:95:18:08:6e:8e:e9:fc: + d7:e9:72:ba:b7:13:12:88:37:7e:db:28:87:06:d0: + 9d:f0:3b:ea:a3:54:fc:dd:ff + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature, Non Repudiation, Key Encipherment + X509v3 Certificate Policies: + Policy: 2.16.840.1.101.3.1.48.1 + + X509v3 Subject Key Identifier: + 25:93:C3:6D:FD:B1:36:FF + X509v3 Authority Key Identifier: + keyid:39:9B:DF:A6:1E:14:BB:D6 + + Signature Algorithm: sha1WithRSAEncryption + 65:fe:0b:d5:10:c7:0d:7c:30:03:60:a0:70:88:4c:e0:20:1f: + 67:bd:82:47:6c:ce:6a:7d:1a:b7:7f:15:54:50:77:bb:db:ec: + e1:52:f0:15:ca:ce:40:22:23:0d:b7:4b:8a:37:34:5d:62:e2: + 99:ae:2f:08:3d:6a:ae:cb:fa:1e:4e:7e:eb:5d:77:1d:f1:4d: + 98:3f:26:a7:a5:f9:8c:0c:28:34:f6:bf:23:89:26:14:e0:3c: + 88:89:b8:4d:39:3b:33:be:6f:43:20:90:4c:f1:b4:57:36:d4: + 36:ed:ee:c1:36:d7:2a:6e:4c:13:d0:b9:30:53:1f:ef:3d:f8: + ec:23 +-----BEGIN CERTIFICATE----- +MIIChjCCAe+gAwIBAgIBGjANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJVUzEY +MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb2QxEDAOBgNVBAsT +B1Rlc3RpbmcxFTATBgNVBAMTDENBMS1DUC45OS45OTAeFw05ODAxMDExMjAxMDBa +Fw00ODAxMDExMjAxMDBaMGAxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdv +dmVybm1lbnQxDDAKBgNVBAsTA0RvRDEQMA4GA1UECxMHVGVzdGluZzEXMBUGA1UE +AxMOVXNlcjEtQ1AuMDQuMDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPiA +ZKXPjK8jvaNj34VynyKPK7dQtFysBPKFW5Y1Bc+OMsyd2pPpQoJYcQTMMomlAqoB +vSXUJCMNly/BxVuvn7l6I9crtx6PjBBUlEzdcsscaaEaHuCCVl+Msnr66cSV3GqV +GAhujun81+lyurcTEog3ftsohwbQnfA76qNU/N3/AgMBAAGjUjBQMA4GA1UdDwEB +/wQEAwIF4DAWBgNVHSAEDzANMAsGCWCGSAFlAwEwATARBgNVHQ4ECgQIJZPDbf2x +Nv8wEwYDVR0jBAwwCoAIOZvfph4Uu9YwDQYJKoZIhvcNAQEFBQADgYEAZf4L1RDH +DXwwA2CgcIhM4CAfZ72CR2zOan0at38VVFB3u9vs4VLwFcrOQCIjDbdLijc0XWLi +ma4vCD1qrsv6Hk5+6113HfFNmD8mp6X5jAwoNPa/I4kmFOA8iIm4TTk7M75vQyCQ +TPG0VzbUNu3uwTbXKm5ME9C5MFMf7z347CM= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 25 (0x19) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor + Validity + Not Before: Jan 1 12:01:00 1998 GMT + Not After : Jan 1 12:01:00 2048 GMT + Subject: C=US, O=U.S. Government, OU=Dod, OU=Testing, CN=CA1-CP.04.01 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:b9:50:9f:8a:32:3f:2d:02:6c:eb:dc:e1:98:2f: + 68:12:15:c3:53:7f:c8:a4:f9:95:71:95:a3:d5:18: + 7c:92:2a:36:10:04:01:1b:79:f8:5f:83:93:ec:d9: + a2:2e:a8:1c:18:91:bb:45:5e:e1:e2:7f:91:84:86: + 03:9b:03:82:27:0b:21:12:79:18:d8:2c:67:15:32: + ac:12:67:30:0e:14:04:74:74:fd:4b:ce:0c:d0:b3: + 76:60:1b:d2:57:e4:c3:b9:c0:46:7c:20:c9:d5:37: + 83:ad:bb:85:c8:95:64:a0:22:95:0d:4b:6b:f2:7a: + df:19:8b:bb:7d:7d:7f:89:7b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Certificate Policies: + Policy: 2.16.840.1.101.3.1.48.1 + + X509v3 Subject Key Identifier: + 39:9B:DF:A6:1E:14:BB:D6 + X509v3 Authority Key Identifier: + keyid:AB:9A:EB:F9:C2:E7:54:8F + + Signature Algorithm: sha1WithRSAEncryption + 5c:cc:ac:72:61:a9:29:22:c6:de:14:25:b4:c4:0b:7a:0c:b4: + fa:0e:70:ce:03:ab:6c:53:96:c5:99:a2:54:d4:7e:cd:2b:07: + 0c:3d:d4:00:71:f8:4b:24:e8:ce:5a:28:0b:48:c0:63:8c:80: + 85:9e:51:5f:a4:92:24:ac:7d:7c:7b:0e:64:3f:65:74:29:ac: + b7:5e:2a:2e:4d:e9:90:8f:8c:d1:08:8f:05:99:15:4f:1e:7f: + ed:d4:76:c0:69:2e:34:a4:95:58:7e:b0:a0:ea:bb:05:b1:33: + a4:ee:f1:32:5a:d4:af:ab:60:1e:de:03:73:a1:2f:b7:5a:55: + 66:5b +-----BEGIN CERTIFICATE----- +MIIClTCCAf6gAwIBAgIBGTANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJVUzEY +MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxEDAOBgNVBAsT +B1Rlc3RpbmcxFTATBgNVBAMTDFRydXN0IEFuY2hvcjAeFw05ODAxMDExMjAxMDBa +Fw00ODAxMDExMjAxMDBaMF4xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdv +dmVybm1lbnQxDDAKBgNVBAsTA0RvZDEQMA4GA1UECxMHVGVzdGluZzEVMBMGA1UE +AxMMQ0ExLUNQLjA0LjAxMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5UJ+K +Mj8tAmzr3OGYL2gSFcNTf8ik+ZVxlaPVGHySKjYQBAEbefhfg5Ps2aIuqBwYkbtF +XuHif5GEhgObA4InCyESeRjYLGcVMqwSZzAOFAR0dP1LzgzQs3ZgG9JX5MO5wEZ8 +IMnVN4Otu4XIlWSgIpUNS2vyet8Zi7t9fX+JewIDAQABo2MwYTAPBgNVHRMBAf8E +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAWBgNVHSAEDzANMAsGCWCGSAFlAwEwATAR +BgNVHQ4ECgQIOZvfph4Uu9YwEwYDVR0jBAwwCoAIq5rr+cLnVI8wDQYJKoZIhvcN +AQEFBQADgYEAXMyscmGpKSLG3hQltMQLegy0+g5wzgOrbFOWxZmiVNR+zSsHDD3U +AHH4SyTozlooC0jAY4yAhZ5RX6SSJKx9fHsOZD9ldCmst14qLk3pkI+M0QiPBZkV +Tx5/7dR2wGkuNKSVWH6woOq7BbEzpO7xMlrUr6tgHt4Dc6Evt1pVZls= +-----END CERTIFICATE----- + diff --git a/tests/test2.pem b/tests/test2.pem index af08bba7f8..f2c42fcfa3 100644 --- a/tests/test2.pem +++ b/tests/test2.pem @@ -123,59 +123,3 @@ AQEFBQADgYEA3C7Ye5/Te14LIwo/LK2fnpobbQA3dhOn5UgqZ8lKbQ/HV1D8/eU9 dK2v5gW43XvFq4whK0WKLBvBFchKtp9T1QX3CI2WCqdJRyqla6TkQsS36T17/ww2 nzy1853YhfDYNsge5XW8YZNfNjjVxcR3RnyFxPax1YIlISiGdI0dnag= -----END CERTIFICATE----- -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 99999 (0x1869f) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor - Validity - Not Before: Jan 1 12:01:00 1999 GMT - Not After : Jan 1 12:01:00 2048 GMT - Subject: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:d3:f3:b9:c1:33:b7:3f:a7:27:f6:41:1d:5c:9c: - 79:9d:aa:d2:95:10:b7:84:ce:da:a3:e5:58:0c:3e: - 4e:8b:56:bf:3e:aa:21:2d:50:13:fe:f3:19:2e:7a: - cb:11:cf:f3:d3:b8:5f:57:9f:9d:97:80:af:1d:95: - 57:12:df:34:d4:bd:f3:ae:4d:e7:7c:a6:20:d4:04: - 4e:da:63:61:3e:3d:2a:8d:37:cf:c5:3c:c9:f9:fa: - f0:39:48:04:78:bd:b0:dd:f5:24:46:33:a1:46:9f: - 17:9f:04:bb:cf:37:94:0c:13:43:aa:90:ac:91:78: - 1d:ba:f3:18:84:2a:82:2b:47 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Subject Key Identifier: - AB:9A:EB:F9:C2:E7:54:8F - X509v3 Basic Constraints: - CA:TRUE - X509v3 Authority Key Identifier: - keyid:AB:9A:EB:F9:C2:E7:54:8F - - Signature Algorithm: sha1WithRSAEncryption - 16:56:0f:61:ac:87:8b:4f:eb:64:12:1b:c3:85:59:4a:68:e1: - 3b:a5:21:c1:59:2e:91:ac:68:fe:13:ff:63:6d:ee:55:d4:a0: - 82:4c:37:bc:16:8e:a9:26:61:fe:7f:46:fa:38:1f:13:5c:8a: - 6a:b7:12:47:98:72:b9:b5:56:80:ee:78:95:18:1a:f4:63:70: - 26:39:9b:19:20:84:8d:bb:62:5f:df:2c:a1:3d:fc:1b:d0:3a: - bb:d8:cc:1b:36:12:a2:ab:ad:3e:e6:e1:52:b4:75:13:11:ec: - 27:95:a6:63:cf:d3:cc:f4:4e:d8:ba:b8:ad:ad:cc:1a:65:a7: - 5a:45 ------BEGIN CERTIFICATE----- -MIICbDCCAdWgAwIBAgIDAYafMA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNVBAYTAlVT -MRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEQMA4GA1UE -CxMHVGVzdGluZzEVMBMGA1UEAxMMVHJ1c3QgQW5jaG9yMB4XDTk5MDEwMTEyMDEw -MFoXDTQ4MDEwMTEyMDEwMFowXjELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4g -R292ZXJubWVudDEMMAoGA1UECxMDRG9EMRAwDgYDVQQLEwdUZXN0aW5nMRUwEwYD -VQQDEwxUcnVzdCBBbmNob3IwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANPz -ucEztz+nJ/ZBHVyceZ2q0pUQt4TO2qPlWAw+TotWvz6qIS1QE/7zGS56yxHP89O4 -X1efnZeArx2VVxLfNNS9865N53ymINQETtpjYT49Ko03z8U8yfn68DlIBHi9sN31 -JEYzoUafF58Eu883lAwTQ6qQrJF4HbrzGIQqgitHAgMBAAGjODA2MBEGA1UdDgQK -BAirmuv5wudUjzAMBgNVHRMEBTADAQH/MBMGA1UdIwQMMAqACKua6/nC51SPMA0G -CSqGSIb3DQEBBQUAA4GBABZWD2Gsh4tP62QSG8OFWUpo4TulIcFZLpGsaP4T/2Nt -7lXUoIJMN7wWjqkmYf5/Rvo4HxNcimq3EkeYcrm1VoDueJUYGvRjcCY5mxkghI27 -Yl/fLKE9/BvQOrvYzBs2EqKrrT7m4VK0dRMR7CeVpmPP08z0Tti6uK2tzBplp1pF ------END CERTIFICATE----- diff --git a/tests/test23.pem b/tests/test23.pem new file mode 100644 index 0000000000..12a83131b0 --- /dev/null +++ b/tests/test23.pem @@ -0,0 +1,184 @@ +[ The basicConstraints extension exists and the CA flag is false. This +should not be validated. ] + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 99999 (0x1869f) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor + Validity + Not Before: Jan 1 12:01:00 1999 GMT + Not After : Jan 1 12:01:00 2048 GMT + Subject: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:d3:f3:b9:c1:33:b7:3f:a7:27:f6:41:1d:5c:9c: + 79:9d:aa:d2:95:10:b7:84:ce:da:a3:e5:58:0c:3e: + 4e:8b:56:bf:3e:aa:21:2d:50:13:fe:f3:19:2e:7a: + cb:11:cf:f3:d3:b8:5f:57:9f:9d:97:80:af:1d:95: + 57:12:df:34:d4:bd:f3:ae:4d:e7:7c:a6:20:d4:04: + 4e:da:63:61:3e:3d:2a:8d:37:cf:c5:3c:c9:f9:fa: + f0:39:48:04:78:bd:b0:dd:f5:24:46:33:a1:46:9f: + 17:9f:04:bb:cf:37:94:0c:13:43:aa:90:ac:91:78: + 1d:ba:f3:18:84:2a:82:2b:47 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + AB:9A:EB:F9:C2:E7:54:8F + X509v3 Basic Constraints: + CA:TRUE + X509v3 Authority Key Identifier: + keyid:AB:9A:EB:F9:C2:E7:54:8F + + Signature Algorithm: sha1WithRSAEncryption + 16:56:0f:61:ac:87:8b:4f:eb:64:12:1b:c3:85:59:4a:68:e1: + 3b:a5:21:c1:59:2e:91:ac:68:fe:13:ff:63:6d:ee:55:d4:a0: + 82:4c:37:bc:16:8e:a9:26:61:fe:7f:46:fa:38:1f:13:5c:8a: + 6a:b7:12:47:98:72:b9:b5:56:80:ee:78:95:18:1a:f4:63:70: + 26:39:9b:19:20:84:8d:bb:62:5f:df:2c:a1:3d:fc:1b:d0:3a: + bb:d8:cc:1b:36:12:a2:ab:ad:3e:e6:e1:52:b4:75:13:11:ec: + 27:95:a6:63:cf:d3:cc:f4:4e:d8:ba:b8:ad:ad:cc:1a:65:a7: + 5a:45 +-----BEGIN CERTIFICATE----- +MIICbDCCAdWgAwIBAgIDAYafMA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNVBAYTAlVT +MRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEQMA4GA1UE +CxMHVGVzdGluZzEVMBMGA1UEAxMMVHJ1c3QgQW5jaG9yMB4XDTk5MDEwMTEyMDEw +MFoXDTQ4MDEwMTEyMDEwMFowXjELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4g +R292ZXJubWVudDEMMAoGA1UECxMDRG9EMRAwDgYDVQQLEwdUZXN0aW5nMRUwEwYD +VQQDEwxUcnVzdCBBbmNob3IwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANPz +ucEztz+nJ/ZBHVyceZ2q0pUQt4TO2qPlWAw+TotWvz6qIS1QE/7zGS56yxHP89O4 +X1efnZeArx2VVxLfNNS9865N53ymINQETtpjYT49Ko03z8U8yfn68DlIBHi9sN31 +JEYzoUafF58Eu883lAwTQ6qQrJF4HbrzGIQqgitHAgMBAAGjODA2MBEGA1UdDgQK +BAirmuv5wudUjzAMBgNVHRMEBTADAQH/MBMGA1UdIwQMMAqACKua6/nC51SPMA0G +CSqGSIb3DQEBBQUAA4GBABZWD2Gsh4tP62QSG8OFWUpo4TulIcFZLpGsaP4T/2Nt +7lXUoIJMN7wWjqkmYf5/Rvo4HxNcimq3EkeYcrm1VoDueJUYGvRjcCY5mxkghI27 +Yl/fLKE9/BvQOrvYzBs2EqKrrT7m4VK0dRMR7CeVpmPP08z0Tti6uK2tzBplp1pF +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 46 (0x2e) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, O=U.S. Government, OU=Dod, OU=Testing, CN=CA1-IC.02.01 + Validity + Not Before: Jan 1 12:01:00 1998 GMT + Not After : Jan 1 12:01:00 2048 GMT + Subject: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=User1-IC.02.01 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:d6:d3:55:e0:31:3a:26:c0:3b:72:86:ab:1c:58: + dd:5a:8a:5c:3a:fd:b4:a2:4d:fa:28:29:29:be:30: + 82:84:74:66:75:86:0e:eb:12:56:6e:29:be:77:99: + f6:a7:e6:8b:c0:34:b0:cd:04:f7:5f:81:da:10:30: + b1:4e:98:f5:1a:00:ee:73:ec:4e:41:58:8b:91:7e: + 84:71:88:17:8e:8e:a7:af:1b:94:6a:d9:ad:a1:9f: + f5:bb:16:5c:26:45:a0:ba:31:72:09:6d:c2:31:8f: + 42:ac:99:e6:69:e7:9b:c7:31:51:bb:5a:5a:68:28: + db:c3:0a:d7:20:47:fe:c4:b9 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature, Non Repudiation, Key Encipherment + X509v3 Certificate Policies: + Policy: 2.16.840.1.101.3.1.48.1 + + X509v3 Subject Key Identifier: + DE:09:01:36:8F:D2:21:23 + X509v3 Authority Key Identifier: + keyid:85:3F:46:8D:A6:87:8F:AF + + Signature Algorithm: sha1WithRSAEncryption + 40:69:75:ee:e4:f6:c7:16:03:92:ce:87:a2:5a:d0:22:97:ac: + 22:83:ea:12:26:7c:4e:48:b3:10:1b:8b:1b:7b:14:2a:c0:bb: + 92:51:f0:cb:68:b2:56:f0:3a:9d:15:03:c1:ff:d7:cc:32:e9: + 19:6f:c6:9f:42:93:5b:a6:58:21:7e:ac:9c:e0:b5:fb:b1:d7: + e4:e2:60:95:0c:7c:b4:3a:43:bd:c0:20:ca:87:0a:f0:fb:c2: + ac:77:ee:f6:8d:f7:27:8f:5a:49:e2:c0:56:9a:02:1f:09:de: + b5:3b:49:c5:57:d3:32:68:d8:58:a7:83:6c:71:c7:8b:c6:b6: + 61:32 +-----BEGIN CERTIFICATE----- +MIIChjCCAe+gAwIBAgIBLjANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJVUzEY +MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb2QxEDAOBgNVBAsT +B1Rlc3RpbmcxFTATBgNVBAMTDENBMS1JQy4wMi4wMTAeFw05ODAxMDExMjAxMDBa +Fw00ODAxMDExMjAxMDBaMGAxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdv +dmVybm1lbnQxDDAKBgNVBAsTA0RvRDEQMA4GA1UECxMHVGVzdGluZzEXMBUGA1UE +AxMOVXNlcjEtSUMuMDIuMDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANbT +VeAxOibAO3KGqxxY3VqKXDr9tKJN+igpKb4wgoR0ZnWGDusSVm4pvneZ9qfmi8A0 +sM0E91+B2hAwsU6Y9RoA7nPsTkFYi5F+hHGIF46Op68blGrZraGf9bsWXCZFoLox +cgltwjGPQqyZ5mnnm8cxUbtaWmgo28MK1yBH/sS5AgMBAAGjUjBQMA4GA1UdDwEB +/wQEAwIF4DAWBgNVHSAEDzANMAsGCWCGSAFlAwEwATARBgNVHQ4ECgQI3gkBNo/S +ISMwEwYDVR0jBAwwCoAIhT9GjaaHj68wDQYJKoZIhvcNAQEFBQADgYEAQGl17uT2 +xxYDks6HolrQIpesIoPqEiZ8TkizEBuLG3sUKsC7klHwy2iyVvA6nRUDwf/XzDLp +GW/Gn0KTW6ZYIX6snOC1+7HX5OJglQx8tDpDvcAgyocK8PvCrHfu9o33J49aSeLA +VpoCHwnetTtJxVfTMmjYWKeDbHHHi8a2YTI= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 45 (0x2d) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor + Validity + Not Before: Jan 1 12:01:00 1998 GMT + Not After : Jan 1 12:01:00 2048 GMT + Subject: C=US, O=U.S. Government, OU=Dod, OU=Testing, CN=CA1-IC.02.01 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:de:98:98:19:9c:ec:d7:3b:03:46:a9:10:37:5e: + af:5a:32:b0:16:41:4e:28:16:e8:52:10:bb:04:61: + f2:d9:18:ed:e7:b4:18:c9:2e:a0:a7:fa:bb:37:16: + 34:7d:37:de:1c:bb:ad:d3:76:e3:80:82:a9:57:aa: + b3:5b:bf:23:b5:f9:21:7d:9b:7e:49:5e:b7:aa:9f: + f3:92:e8:aa:ca:e9:cf:16:d8:8a:43:01:62:5c:af: + cf:67:1b:2c:82:5c:ca:09:79:a3:8e:b6:3f:26:d8: + d8:d9:6e:59:82:66:fb:40:97:95:0c:39:ec:3b:dc: + 61:3b:67:97:c4:fa:3b:40:db + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Certificate Policies: + Policy: 2.16.840.1.101.3.1.48.1 + + X509v3 Subject Key Identifier: + 85:3F:46:8D:A6:87:8F:AF + X509v3 Authority Key Identifier: + keyid:AB:9A:EB:F9:C2:E7:54:8F + + Signature Algorithm: sha1WithRSAEncryption + 5a:12:89:52:e8:cb:6a:9c:69:cf:f0:e8:0f:fc:38:f0:73:33: + 90:be:94:40:2c:50:3c:e0:23:c3:01:e2:71:7f:30:15:c2:a6: + 72:b5:8b:54:17:55:0b:7d:3e:cb:0a:f3:32:b6:96:85:aa:be: + 40:23:aa:b2:0b:71:0b:04:d9:ad:f5:31:6c:23:6a:84:a4:b4: + 95:98:a3:08:c8:0d:37:82:61:b7:e3:c0:67:6d:ad:cc:4b:30: + ee:70:b0:88:c3:36:9f:58:de:28:5f:f7:6e:da:03:11:4b:d9: + 9f:d4:ae:ce:19:08:cb:1c:bb:43:c9:76:b5:b3:4e:b0:03:6a: + a7:11 +-----BEGIN CERTIFICATE----- +MIICkjCCAfugAwIBAgIBLTANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJVUzEY +MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxEDAOBgNVBAsT +B1Rlc3RpbmcxFTATBgNVBAMTDFRydXN0IEFuY2hvcjAeFw05ODAxMDExMjAxMDBa +Fw00ODAxMDExMjAxMDBaMF4xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdv +dmVybm1lbnQxDDAKBgNVBAsTA0RvZDEQMA4GA1UECxMHVGVzdGluZzEVMBMGA1UE +AxMMQ0ExLUlDLjAyLjAxMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDemJgZ +nOzXOwNGqRA3Xq9aMrAWQU4oFuhSELsEYfLZGO3ntBjJLqCn+rs3FjR9N94cu63T +duOAgqlXqrNbvyO1+SF9m35JXreqn/OS6KrK6c8W2IpDAWJcr89nGyyCXMoJeaOO +tj8m2NjZblmCZvtAl5UMOew73GE7Z5fE+jtA2wIDAQABo2AwXjAMBgNVHRMBAf8E +AjAAMA4GA1UdDwEB/wQEAwIBBjAWBgNVHSAEDzANMAsGCWCGSAFlAwEwATARBgNV +HQ4ECgQIhT9GjaaHj68wEwYDVR0jBAwwCoAIq5rr+cLnVI8wDQYJKoZIhvcNAQEF +BQADgYEAWhKJUujLapxpz/DoD/w48HMzkL6UQCxQPOAjwwHicX8wFcKmcrWLVBdV +C30+ywrzMraWhaq+QCOqsgtxCwTZrfUxbCNqhKS0lZijCMgNN4Jht+PAZ22tzEsw +7nCwiMM2n1jeKF/3btoDEUvZn9SuzhkIyxy7Q8l2tbNOsANqpxE= +-----END CERTIFICATE----- + diff --git a/tests/test24.pem b/tests/test24.pem new file mode 100644 index 0000000000..5c76407767 --- /dev/null +++ b/tests/test24.pem @@ -0,0 +1,127 @@ +[ This chain should be validated. The basicConstraints in the intermediate +certificate is there and the CA is set to true ] + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 48 (0x30) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, O=U.S. Government, OU=Dod, OU=Testing, CN=CA1-IC.02.02 + Validity + Not Before: Jan 1 12:01:00 1998 GMT + Not After : Jan 1 12:01:00 2048 GMT + Subject: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=User1-IC.02.02 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:aa:20:a9:61:b1:f4:4a:49:ff:41:bb:39:1a:29: + c8:84:38:21:95:d8:28:a4:c4:e3:c5:aa:38:96:ee: + 9c:b0:f7:b7:11:a3:31:46:f9:5d:e7:e5:fd:0c:93: + 7d:de:89:ef:9f:1d:74:6c:cf:88:ab:35:cd:63:ba: + ae:27:df:24:b2:01:a0:e1:43:9a:df:2d:72:13:c1: + 26:e2:0c:de:02:a0:5d:e5:5c:64:cc:85:e6:67:9b: + 9b:9f:c6:65:e9:0c:3a:36:ec:f0:ff:f3:6c:b7:6b: + 96:ed:43:f4:26:56:64:c5:ce:35:88:ad:76:5b:92: + 83:69:a8:30:66:de:c1:2d:8d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature, Non Repudiation, Key Encipherment + X509v3 Certificate Policies: + Policy: 2.16.840.1.101.3.1.48.1 + + X509v3 Subject Key Identifier: + 3F:C3:7B:3A:63:46:B2:11 + X509v3 Authority Key Identifier: + keyid:2B:1E:18:6F:3B:B6:3D:A6 + + Signature Algorithm: sha1WithRSAEncryption + c2:4a:45:8f:a2:af:f8:e7:0a:ad:4b:4e:82:71:fd:41:d7:41: + d0:48:f4:a1:4e:81:e7:fe:47:86:17:f7:96:20:0f:2a:d9:65: + 0c:79:e1:52:3e:a7:a9:f8:78:00:f3:6a:fe:2a:98:14:e9:0a: + 31:14:54:66:86:a3:ea:46:a4:24:d4:8e:96:0b:d1:22:24:1f: + b8:52:20:bf:70:aa:2d:99:e1:af:ce:58:15:19:ca:82:89:6e: + 64:4d:69:ab:74:ef:ba:7a:22:2b:22:5b:0a:36:e6:c8:2a:2c: + 45:dd:f6:81:57:09:ab:4d:b8:c6:f6:36:79:50:53:97:ab:5f: + 9f:90 +-----BEGIN CERTIFICATE----- +MIIChjCCAe+gAwIBAgIBMDANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJVUzEY +MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb2QxEDAOBgNVBAsT +B1Rlc3RpbmcxFTATBgNVBAMTDENBMS1JQy4wMi4wMjAeFw05ODAxMDExMjAxMDBa +Fw00ODAxMDExMjAxMDBaMGAxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdv +dmVybm1lbnQxDDAKBgNVBAsTA0RvRDEQMA4GA1UECxMHVGVzdGluZzEXMBUGA1UE +AxMOVXNlcjEtSUMuMDIuMDIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKog +qWGx9EpJ/0G7ORopyIQ4IZXYKKTE48WqOJbunLD3txGjMUb5Xefl/QyTfd6J758d +dGzPiKs1zWO6riffJLIBoOFDmt8tchPBJuIM3gKgXeVcZMyF5mebm5/GZekMOjbs +8P/zbLdrlu1D9CZWZMXONYitdluSg2moMGbewS2NAgMBAAGjUjBQMA4GA1UdDwEB +/wQEAwIF4DAWBgNVHSAEDzANMAsGCWCGSAFlAwEwATARBgNVHQ4ECgQIP8N7OmNG +shEwEwYDVR0jBAwwCoAIKx4Ybzu2PaYwDQYJKoZIhvcNAQEFBQADgYEAwkpFj6Kv ++OcKrUtOgnH9QddB0Ej0oU6B5/5Hhhf3liAPKtllDHnhUj6nqfh4APNq/iqYFOkK +MRRUZoaj6kakJNSOlgvRIiQfuFIgv3CqLZnhr85YFRnKgoluZE1pq3TvunoiKyJb +CjbmyCosRd32gVcJq024xvY2eVBTl6tfn5A= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 47 (0x2f) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor + Validity + Not Before: Jan 1 12:01:00 1998 GMT + Not After : Jan 1 12:01:00 2048 GMT + Subject: C=US, O=U.S. Government, OU=Dod, OU=Testing, CN=CA1-IC.02.02 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:e8:78:0d:f6:04:fc:20:ab:ca:4b:26:84:7f:b5: + b3:92:8c:7b:40:cf:a7:e6:ce:fc:c9:ae:12:4c:be: + 5e:b8:71:c5:6e:23:31:b1:cc:e9:de:62:c3:bf:65: + 85:b2:dd:91:ad:94:2a:0c:64:94:67:4b:cd:ed:c3: + 48:a4:53:db:d0:53:00:70:ec:31:1c:7d:19:4b:29: + 89:18:eb:ca:e9:db:93:75:57:92:44:8e:79:47:c3: + e4:6f:b9:b7:46:92:89:d6:cd:43:49:15:b6:35:18: + 0d:b8:27:79:e8:d8:66:47:88:b3:e0:5a:61:9b:d6: + 3b:00:f0:08:37:d8:c5:2b:09 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Certificate Policies: + Policy: 2.16.840.1.101.3.1.48.1 + + X509v3 Subject Key Identifier: + 2B:1E:18:6F:3B:B6:3D:A6 + X509v3 Authority Key Identifier: + keyid:AB:9A:EB:F9:C2:E7:54:8F + + Signature Algorithm: sha1WithRSAEncryption + a2:d1:9e:34:5c:e6:92:db:dc:c6:90:91:72:9b:80:44:79:2f: + d6:55:be:2d:e8:2f:6c:30:67:48:fb:c6:9e:bd:7e:0a:7f:6b: + 65:cb:8b:ba:9b:bc:7b:1e:95:27:b2:96:b6:05:81:b7:37:4e: + 7a:57:ab:3b:ac:ad:7d:64:3a:ee:e3:69:4c:eb:9c:d1:20:dd: + 93:f7:f7:b4:26:a0:77:1e:38:2c:15:50:cb:0b:aa:fc:a8:f9: + ed:9b:8d:8e:97:b8:27:c5:0f:65:20:45:14:af:8f:de:04:d7: + dd:2f:e5:20:ab:03:8b:ac:63:46:7a:85:2d:24:18:19:7d:97: + 88:81 +-----BEGIN CERTIFICATE----- +MIIClTCCAf6gAwIBAgIBLzANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJVUzEY +MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxEDAOBgNVBAsT +B1Rlc3RpbmcxFTATBgNVBAMTDFRydXN0IEFuY2hvcjAeFw05ODAxMDExMjAxMDBa +Fw00ODAxMDExMjAxMDBaMF4xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdv +dmVybm1lbnQxDDAKBgNVBAsTA0RvZDEQMA4GA1UECxMHVGVzdGluZzEVMBMGA1UE +AxMMQ0ExLUlDLjAyLjAyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoeA32 +BPwgq8pLJoR/tbOSjHtAz6fmzvzJrhJMvl64ccVuIzGxzOneYsO/ZYWy3ZGtlCoM +ZJRnS83tw0ikU9vQUwBw7DEcfRlLKYkY68rp25N1V5JEjnlHw+RvubdGkonWzUNJ +FbY1GA24J3no2GZHiLPgWmGb1jsA8Ag32MUrCQIDAQABo2MwYTAPBgNVHRMBAf8E +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAWBgNVHSAEDzANMAsGCWCGSAFlAwEwATAR +BgNVHQ4ECgQIKx4Ybzu2PaYwEwYDVR0jBAwwCoAIq5rr+cLnVI8wDQYJKoZIhvcN +AQEFBQADgYEAotGeNFzmktvcxpCRcpuARHkv1lW+LegvbDBnSPvGnr1+Cn9rZcuL +upu8ex6VJ7KWtgWBtzdOelerO6ytfWQ67uNpTOuc0SDdk/f3tCagdx44LBVQywuq +/Kj57ZuNjpe4J8UPZSBFFK+P3gTX3S/lIKsDi6xjRnqFLSQYGX2XiIE= +-----END CERTIFICATE----- + diff --git a/tests/test26.pem b/tests/test26.pem new file mode 100644 index 0000000000..c3c9ecf77d --- /dev/null +++ b/tests/test26.pem @@ -0,0 +1,196 @@ +[ In the intermediate certificate, the basicConstraints is set - non critical - +and the CA is true. This should be validated. ] + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 52 (0x34) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, O=U.S. Government, OU=Dod, OU=Testing, CN=CA1-IC.02.04 + Validity + Not Before: Jan 1 12:01:00 1998 GMT + Not After : Jan 1 12:01:00 2048 GMT + Subject: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=User1-IC.02.04 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:c5:b8:e5:de:5d:3e:bc:d4:25:bb:91:20:37:90: + e6:02:09:45:8c:62:f3:43:f1:3e:fc:52:98:97:bc: + 49:c1:b5:03:e9:7b:e5:20:2d:80:b1:96:03:10:6a: + c4:f4:b3:2f:eb:5e:04:15:2c:9e:67:f6:5e:c7:3c: + fe:a4:07:1d:eb:fb:e2:e6:ad:d2:5c:6a:f5:8a:d9: + de:7a:4b:5b:66:0d:a3:60:9f:c4:b2:b4:33:b1:75: + fd:b8:64:1c:ad:9f:f6:db:48:bc:ea:eb:28:8e:bb: + 05:e1:23:7c:00:94:2d:d2:44:86:5e:37:d6:e5:88: + 35:65:74:a5:8f:9f:1e:af:a9 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature, Non Repudiation, Key Encipherment + X509v3 Certificate Policies: + Policy: 2.16.840.1.101.3.1.48.1 + + X509v3 Subject Key Identifier: + 23:AD:4D:9D:4B:E0:BE:36 + X509v3 Authority Key Identifier: + keyid:8C:39:BC:2B:96:1C:19:A9 + + Signature Algorithm: sha1WithRSAEncryption + 8f:08:0b:ea:a3:27:9e:a5:2f:36:ca:6c:0d:a6:29:3d:0c:d3: + 0a:a5:e4:aa:c8:59:86:cc:b9:1b:f9:cb:93:ad:b5:1f:f6:1b: + 34:69:67:67:a6:ac:1c:69:63:61:56:0c:ce:39:9c:9f:2d:7a: + cb:a9:ed:8a:ff:50:3c:1e:d8:a2:b0:31:db:b5:93:ee:94:0f: + 16:56:bd:ea:cf:a7:33:fa:df:c1:61:cf:58:8e:90:18:3b:2a: + b8:fa:e2:c0:99:bf:33:04:02:fb:5a:03:5c:41:4a:bd:d2:0b: + d2:ea:de:8d:f7:79:86:08:97:61:b4:51:c0:c2:3b:92:6f:7b: + 88:78 +-----BEGIN CERTIFICATE----- +MIIChjCCAe+gAwIBAgIBNDANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJVUzEY +MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb2QxEDAOBgNVBAsT +B1Rlc3RpbmcxFTATBgNVBAMTDENBMS1JQy4wMi4wNDAeFw05ODAxMDExMjAxMDBa +Fw00ODAxMDExMjAxMDBaMGAxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdv +dmVybm1lbnQxDDAKBgNVBAsTA0RvRDEQMA4GA1UECxMHVGVzdGluZzEXMBUGA1UE +AxMOVXNlcjEtSUMuMDIuMDQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMW4 +5d5dPrzUJbuRIDeQ5gIJRYxi80PxPvxSmJe8ScG1A+l75SAtgLGWAxBqxPSzL+te +BBUsnmf2Xsc8/qQHHev74uat0lxq9YrZ3npLW2YNo2CfxLK0M7F1/bhkHK2f9ttI +vOrrKI67BeEjfACULdJEhl431uWINWV0pY+fHq+pAgMBAAGjUjBQMA4GA1UdDwEB +/wQEAwIF4DAWBgNVHSAEDzANMAsGCWCGSAFlAwEwATARBgNVHQ4ECgQII61NnUvg +vjYwEwYDVR0jBAwwCoAIjDm8K5YcGakwDQYJKoZIhvcNAQEFBQADgYEAjwgL6qMn +nqUvNspsDaYpPQzTCqXkqshZhsy5G/nLk621H/YbNGlnZ6asHGljYVYMzjmcny16 +y6ntiv9QPB7YorAx27WT7pQPFla96s+nM/rfwWHPWI6QGDsquPriwJm/MwQC+1oD +XEFKvdIL0urejfd5hgiXYbRRwMI7km97iHg= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 51 (0x33) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor + Validity + Not Before: Jan 1 12:01:00 1998 GMT + Not After : Jan 1 12:01:00 2048 GMT + Subject: C=US, O=U.S. Government, OU=Dod, OU=Testing, CN=CA1-IC.02.04 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:df:e6:ee:68:b8:64:25:42:67:4d:7d:ce:1e:96: + 5d:d1:5c:a5:a6:b6:af:9a:af:d5:4a:32:67:b7:92: + 9f:03:71:b0:db:51:a5:70:96:f8:56:4e:43:8a:c5: + bf:48:db:4f:30:7c:61:b6:9d:08:80:ad:ec:c8:c2: + eb:65:01:27:fb:b1:6a:35:e8:43:da:a6:61:9d:08: + 5f:ab:a7:57:69:8c:03:c1:52:e7:eb:b8:4c:82:67: + c9:ee:d8:84:c3:e7:6c:2e:3d:8f:4e:01:c2:87:40: + 4d:bf:6c:1a:42:25:69:30:f7:b7:d8:5f:a4:3d:3c: + f5:b9:ba:86:d6:a1:42:6d:3b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Certificate Policies: + Policy: 2.16.840.1.101.3.1.48.1 + + X509v3 Subject Key Identifier: + 8C:39:BC:2B:96:1C:19:A9 + X509v3 Authority Key Identifier: + keyid:AB:9A:EB:F9:C2:E7:54:8F + + Signature Algorithm: sha1WithRSAEncryption + 11:02:09:79:98:ff:1c:4d:c7:be:38:c9:57:b3:dd:53:ed:99: + 7b:c3:9e:09:87:9e:58:3a:1c:c6:b0:3a:e3:bc:69:78:e9:2c: + 55:70:57:2a:6a:b6:39:53:6a:a0:59:3b:60:db:65:49:4a:a2: + 4b:64:e5:aa:31:aa:2e:d2:98:7a:d9:3b:6b:5e:ea:4b:ff:04: + 21:07:2d:f8:7e:4a:59:db:e4:2e:46:0c:91:f2:00:00:c2:6f: + 25:91:cf:1b:11:2f:8f:ea:15:3c:08:bd:14:84:d1:6c:57:4d: + f0:9b:dd:a3:d3:00:b9:4d:aa:f1:dd:b1:f0:c1:76:df:a4:66: + 11:db +-----BEGIN CERTIFICATE----- +MIICkjCCAfugAwIBAgIBMzANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJVUzEY +MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxEDAOBgNVBAsT +B1Rlc3RpbmcxFTATBgNVBAMTDFRydXN0IEFuY2hvcjAeFw05ODAxMDExMjAxMDBa +Fw00ODAxMDExMjAxMDBaMF4xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdv +dmVybm1lbnQxDDAKBgNVBAsTA0RvZDEQMA4GA1UECxMHVGVzdGluZzEVMBMGA1UE +AxMMQ0ExLUlDLjAyLjA0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDf5u5o +uGQlQmdNfc4ell3RXKWmtq+ar9VKMme3kp8DcbDbUaVwlvhWTkOKxb9I208wfGG2 +nQiArezIwutlASf7sWo16EPapmGdCF+rp1dpjAPBUufruEyCZ8nu2ITD52wuPY9O +AcKHQE2/bBpCJWkw97fYX6Q9PPW5uobWoUJtOwIDAQABo2AwXjAMBgNVHRMEBTAD +AQH/MA4GA1UdDwEB/wQEAwIBBjAWBgNVHSAEDzANMAsGCWCGSAFlAwEwATARBgNV +HQ4ECgQIjDm8K5YcGakwEwYDVR0jBAwwCoAIq5rr+cLnVI8wDQYJKoZIhvcNAQEF +BQADgYEAEQIJeZj/HE3HvjjJV7PdU+2Ze8OeCYeeWDocxrA647xpeOksVXBXKmq2 +OVNqoFk7YNtlSUqiS2TlqjGqLtKYetk7a17qS/8EIQct+H5KWdvkLkYMkfIAAMJv +JZHPGxEvj+oVPAi9FITRbFdN8Jvdo9MAuU2q8d2x8MF236RmEds= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=U.S. Government/OU=Dod/OU=Testing/CN=CA1-IC.02.04 + Last Update: Jan 1 12:01:00 1999 GMT + Next Update: Jan 1 12:01:00 2048 GMT + CRL extensions: + X509v3 CRL Number: + 1 + X509v3 Authority Key Identifier: + keyid:8C:39:BC:2B:96:1C:19:A9 + +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 57:96:d7:ed:6b:13:f2:c5:9e:03:48:90:ed:5f:fe:65:01:12: + 0f:3b:f2:1c:0e:d9:8a:3b:b4:89:1b:2f:4c:be:ea:39:51:7f: + 36:5e:6f:fb:33:43:f9:93:4f:85:d2:43:28:43:3f:43:49:44: + 68:0c:9b:7b:41:3b:dc:d3:26:33:5a:91:5f:57:5a:03:01:3e: + fa:31:ee:90:5f:53:31:e3:65:ef:9d:07:25:a4:ba:eb:b1:fa: + 8d:c8:de:46:b1:d4:24:30:f4:f8:08:2a:ad:96:39:d9:d2:fa: + 08:f3:37:57:84:12:bd:d7:dc:d7:fc:6d:2a:63:48:65:64:92: + a2:a6 +-----BEGIN X509 CRL----- +MIIBSzCBtQIBATANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJVUzEYMBYGA1UE +ChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb2QxEDAOBgNVBAsTB1Rlc3Rp +bmcxFTATBgNVBAMTDENBMS1JQy4wMi4wNBcNOTkwMTAxMTIwMTAwWhcNNDgwMTAx +MTIwMTAwWqAjMCEwCgYDVR0UBAMCAQEwEwYDVR0jBAwwCoAIjDm8K5YcGakwDQYJ +KoZIhvcNAQEFBQADgYEAV5bX7WsT8sWeA0iQ7V/+ZQESDzvyHA7Ziju0iRsvTL7q +OVF/Nl5v+zND+ZNPhdJDKEM/Q0lEaAybe0E73NMmM1qRX1daAwE++jHukF9TMeNl +750HJaS667H6jcjeRrHUJDD0+AgqrZY52dL6CPM3V4QSvdfc1/xtKmNIZWSSoqY= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=U.S. Government/OU=DoD/OU=Testing/CN=Trust Anchor + Last Update: Jan 1 12:01:00 1999 GMT + Next Update: Jan 1 12:01:00 2048 GMT + CRL extensions: + X509v3 CRL Number: + 1 + X509v3 Authority Key Identifier: + keyid:AB:9A:EB:F9:C2:E7:54:8F + +Revoked Certificates: + Serial Number: 27 + Revocation Date: Jan 1 12:00:00 1999 GMT + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 0b:b9:6a:67:07:a3:25:15:bb:42:fc:c7:d7:5f:fb:71:87:0b: + de:b6:9c:80:cc:47:dc:f4:94:fe:e7:ef:c8:b9:3b:6a:14:7e: + f9:1b:47:6a:bc:bf:59:e0:af:45:dc:b3:9c:b8:88:38:0f:19: + 06:28:2e:5a:d5:4f:aa:c3:72:b0:d9:fb:58:ba:1f:40:85:5a: + fb:f4:c3:dd:3f:a5:79:c7:b8:7b:53:70:19:0b:e3:e5:0f:9e: + db:04:6d:19:78:3e:80:2b:93:8d:32:94:15:f2:91:9d:6c:fb: + 3b:b4:72:88:92:8a:8a:6d:23:b4:01:78:46:40:a9:2d:e6:cd: + 0a:16 +-----BEGIN X509 CRL----- +MIIBbzCB2QIBATANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJVUzEYMBYGA1UE +ChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxEDAOBgNVBAsTB1Rlc3Rp +bmcxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNOTkwMTAxMTIwMTAwWhcNNDgwMTAx +MTIwMTAwWjAiMCACAScXDTk5MDEwMTEyMDAwMFowDDAKBgNVHRUEAwoBAaAjMCEw +CgYDVR0UBAMCAQEwEwYDVR0jBAwwCoAIq5rr+cLnVI8wDQYJKoZIhvcNAQEFBQAD +gYEAC7lqZwejJRW7QvzH11/7cYcL3racgMxH3PSU/ufvyLk7ahR++RtHary/WeCv +RdyznLiIOA8ZBiguWtVPqsNysNn7WLofQIVa+/TD3T+lece4e1NwGQvj5Q+e2wRt +GXg+gCuTjTKUFfKRnWz7O7RyiJKKim0jtAF4RkCpLebNChY= +-----END X509 CRL----- + diff --git a/tests/test3.pem b/tests/test3.pem index 0647a14ddf..af6dcd337a 100644 --- a/tests/test3.pem +++ b/tests/test3.pem @@ -123,59 +123,3 @@ AQEFBQADgYEAQ+iqlFvbvDejO/m+RCHh2UuUau1FuABObkPOu2Tv9yTWvTSWDRyg dOLQRiOLsjgrdXPdbDutVGjllBoTN8cdz3SWjCpampg5TBikArxmNEYMDQvL6n2l kUcetRJRgQ7TYLvFj9+SycKXfM5CUXAyCfcU/QwDghhZgc99AuDZtJc= -----END CERTIFICATE----- -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 99999 (0x1869f) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor - Validity - Not Before: Jan 1 12:01:00 1999 GMT - Not After : Jan 1 12:01:00 2048 GMT - Subject: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:d3:f3:b9:c1:33:b7:3f:a7:27:f6:41:1d:5c:9c: - 79:9d:aa:d2:95:10:b7:84:ce:da:a3:e5:58:0c:3e: - 4e:8b:56:bf:3e:aa:21:2d:50:13:fe:f3:19:2e:7a: - cb:11:cf:f3:d3:b8:5f:57:9f:9d:97:80:af:1d:95: - 57:12:df:34:d4:bd:f3:ae:4d:e7:7c:a6:20:d4:04: - 4e:da:63:61:3e:3d:2a:8d:37:cf:c5:3c:c9:f9:fa: - f0:39:48:04:78:bd:b0:dd:f5:24:46:33:a1:46:9f: - 17:9f:04:bb:cf:37:94:0c:13:43:aa:90:ac:91:78: - 1d:ba:f3:18:84:2a:82:2b:47 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Subject Key Identifier: - AB:9A:EB:F9:C2:E7:54:8F - X509v3 Basic Constraints: - CA:TRUE - X509v3 Authority Key Identifier: - keyid:AB:9A:EB:F9:C2:E7:54:8F - - Signature Algorithm: sha1WithRSAEncryption - 16:56:0f:61:ac:87:8b:4f:eb:64:12:1b:c3:85:59:4a:68:e1: - 3b:a5:21:c1:59:2e:91:ac:68:fe:13:ff:63:6d:ee:55:d4:a0: - 82:4c:37:bc:16:8e:a9:26:61:fe:7f:46:fa:38:1f:13:5c:8a: - 6a:b7:12:47:98:72:b9:b5:56:80:ee:78:95:18:1a:f4:63:70: - 26:39:9b:19:20:84:8d:bb:62:5f:df:2c:a1:3d:fc:1b:d0:3a: - bb:d8:cc:1b:36:12:a2:ab:ad:3e:e6:e1:52:b4:75:13:11:ec: - 27:95:a6:63:cf:d3:cc:f4:4e:d8:ba:b8:ad:ad:cc:1a:65:a7: - 5a:45 ------BEGIN CERTIFICATE----- -MIICbDCCAdWgAwIBAgIDAYafMA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNVBAYTAlVT -MRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEQMA4GA1UE -CxMHVGVzdGluZzEVMBMGA1UEAxMMVHJ1c3QgQW5jaG9yMB4XDTk5MDEwMTEyMDEw -MFoXDTQ4MDEwMTEyMDEwMFowXjELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4g -R292ZXJubWVudDEMMAoGA1UECxMDRG9EMRAwDgYDVQQLEwdUZXN0aW5nMRUwEwYD -VQQDEwxUcnVzdCBBbmNob3IwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANPz -ucEztz+nJ/ZBHVyceZ2q0pUQt4TO2qPlWAw+TotWvz6qIS1QE/7zGS56yxHP89O4 -X1efnZeArx2VVxLfNNS9865N53ymINQETtpjYT49Ko03z8U8yfn68DlIBHi9sN31 -JEYzoUafF58Eu883lAwTQ6qQrJF4HbrzGIQqgitHAgMBAAGjODA2MBEGA1UdDgQK -BAirmuv5wudUjzAMBgNVHRMEBTADAQH/MBMGA1UdIwQMMAqACKua6/nC51SPMA0G -CSqGSIb3DQEBBQUAA4GBABZWD2Gsh4tP62QSG8OFWUpo4TulIcFZLpGsaP4T/2Nt -7lXUoIJMN7wWjqkmYf5/Rvo4HxNcimq3EkeYcrm1VoDueJUYGvRjcCY5mxkghI27 -Yl/fLKE9/BvQOrvYzBs2EqKrrT7m4VK0dRMR7CeVpmPP08z0Tti6uK2tzBplp1pF ------END CERTIFICATE----- diff --git a/tests/x509_test.c b/tests/x509_test.c index 7a3b35ad4e..b1187221af 100644 --- a/tests/x509_test.c +++ b/tests/x509_test.c @@ -3,6 +3,9 @@ #include <gnutls_x509.h> #include <gnutls_cert.h> #include <gnutls_errors.h> +#include <x509_b64.h> +#include <x509_verify.h> +#include <gnutls_global.h> /* FIXME: This test uses gnutls internals. Rewrite it using * the exported stuff. (I leave it as an exercise to the reader :) @@ -20,14 +23,22 @@ static struct file_res test_files[] = { { "test2.pem", GNUTLS_CERT_INVALID | GNUTLS_CERT_NOT_TRUSTED }, { "test3.pem", GNUTLS_CERT_INVALID | GNUTLS_CERT_NOT_TRUSTED }, { "test10.pem", 0 }, + { "test13.pem", GNUTLS_CERT_INVALID | GNUTLS_CERT_NOT_TRUSTED }, + { "test22.pem", GNUTLS_CERT_INVALID | GNUTLS_CERT_NOT_TRUSTED }, + { "test23.pem", GNUTLS_CERT_INVALID | GNUTLS_CERT_NOT_TRUSTED }, + { "test24.pem", 0 }, { "test25.pem", GNUTLS_CERT_INVALID | GNUTLS_CERT_NOT_TRUSTED }, + { "test26.pem", 0 }, { NULL, 0 } }; -int _gnutls_verify_x509_file( char *cafile); +#define CA_FILE "ca.pem" +int _gnutls_verify_x509_file( const char* certfile, const char *cafile); -static void print_res( int x) { + +static void print_res( int x) +{ if (x&GNUTLS_CERT_INVALID) printf("- certificate is invalid\n"); else @@ -41,7 +52,8 @@ static void print_res( int x) { return; } -int main() { +int main() +{ int x; char* file; @@ -57,7 +69,7 @@ int i = 0, exp_result; file = test_files[i++].test_file; if (file==NULL) break; - x = _gnutls_verify_x509_file( file); + x = _gnutls_verify_x509_file( file, CA_FILE); if (x<0) { fprintf(stderr, "Unexpected error: %d\n", x); @@ -84,19 +96,56 @@ int i = 0, exp_result; /* Verifies a base64 encoded certificate list from memory */ -int _gnutls_verify_x509_mem( const char *ca, int ca_size) +int _gnutls_verify_x509_mem( const char* cert, int cert_size, + const char *ca, int ca_size) { int siz, siz2, i; unsigned char *b64; const char *ptr; int ret; gnutls_datum tmp; + gnutls_cert* x509_cert_list=NULL; gnutls_cert* x509_ca_list=NULL; - int x509_ncas; + int x509_ncerts, x509_ncas; + + /* Decode the CA certificate + */ + siz2 = _gnutls_fbase64_decode( NULL, ca, ca_size, &b64); + + if (siz2 < 0) { + fprintf(stderr, "Error decoding CA certificate\n"); + gnutls_assert(); + return GNUTLS_E_PARSING_ERROR; + } + + x509_ca_list = + (gnutls_cert *) gnutls_calloc( 1, sizeof(gnutls_cert)); + x509_ncas = 1; + + if (x509_ca_list == NULL) { + fprintf(stderr, "memory error\n"); + gnutls_free(b64); + return GNUTLS_E_MEMORY_ERROR; + } + + tmp.data = b64; + tmp.size = siz2; + + if ((ret = + _gnutls_x509_cert2gnutls_cert( x509_ca_list, + tmp, 0)) < 0) { + fprintf(stderr, "Error parsing the CA certificate\n"); + gnutls_assert(); + gnutls_free(b64); + return ret; + } + gnutls_free(b64); - siz = ca_size; - ptr = ca; + /* Decode the certificate chain. + */ + siz = cert_size; + ptr = cert; i = 1; @@ -110,11 +159,12 @@ int _gnutls_verify_x509_mem( const char *ca, int ca_size) return GNUTLS_E_PARSING_ERROR; } - x509_ca_list = - (gnutls_cert *) gnutls_realloc( x509_ca_list, + x509_cert_list = + (gnutls_cert *) gnutls_realloc( x509_cert_list, i * sizeof(gnutls_cert)); - if (x509_ca_list == NULL) { + if (x509_cert_list == NULL) { + fprintf(stderr, "memory error\n"); gnutls_assert(); gnutls_free(b64); return GNUTLS_E_MEMORY_ERROR; @@ -124,8 +174,9 @@ int _gnutls_verify_x509_mem( const char *ca, int ca_size) tmp.size = siz2; if ((ret = - _gnutls_x509_cert2gnutls_cert(&x509_ca_list[i - 1], - tmp, 0)) < 0) { + _gnutls_x509_cert2gnutls_cert( &x509_cert_list[i-1], + tmp, 0)) < 0) { + fprintf(stderr, "Error parsing the certificate\n"); gnutls_assert(); gnutls_free(b64); return ret; @@ -140,10 +191,15 @@ int _gnutls_verify_x509_mem( const char *ca, int ca_size) i++; } while ((ptr = strstr(ptr, PEM_CERT_SEP)) != NULL); - x509_ncas = i - 1; + x509_ncerts = i - 1; - siz = _gnutls_x509_verify_certificate( x509_ca_list, x509_ncas-1, - &x509_ca_list[x509_ncas-1], 1, NULL, 0); + siz = _gnutls_x509_verify_certificate( x509_cert_list, x509_ncerts, + x509_ca_list, 1, NULL, 0); + + _gnutls_free_cert( x509_ca_list[0]); + for (i=0;i<x509_ncerts;i++) { + _gnutls_free_cert( x509_cert_list[i]); + } return siz; } @@ -152,23 +208,38 @@ int _gnutls_verify_x509_mem( const char *ca, int ca_size) /* Reads and verifies a base64 encoded certificate file */ -int _gnutls_verify_x509_file( char *cafile) +int _gnutls_verify_x509_file( const char* certfile, const char *cafile) { - int siz; - char x[MAX_FILE_SIZE]; + int ca_size, cert_size; + char ca[MAX_FILE_SIZE]; + char cert[MAX_FILE_SIZE]; FILE *fd1; - fd1 = fopen(cafile, "rb"); + fd1 = fopen(certfile, "rb"); if (fd1 == NULL) { + fprintf(stderr, "error opening %s\n", certfile); gnutls_assert(); return GNUTLS_E_FILE_ERROR; } - siz = fread(x, 1, sizeof(x)-1, fd1); + cert_size = fread(cert, 1, sizeof(cert)-1, fd1); fclose(fd1); - x[siz] = 0; + cert[cert_size] = 0; + + + fd1 = fopen(cafile, "rb"); + if (fd1 == NULL) { + fprintf(stderr, "error opening %s\n", cafile); + gnutls_assert(); + return GNUTLS_E_FILE_ERROR; + } + + ca_size = fread(ca, 1, sizeof(ca)-1, fd1); + fclose(fd1); + + ca[ca_size] = 0; - return _gnutls_verify_x509_mem( x, siz); + return _gnutls_verify_x509_mem( cert, cert_size, ca, ca_size); } |