diff options
Diffstat (limited to 'tests/cert-tests')
-rw-r--r-- | tests/cert-tests/Makefile.am | 4 | ||||
-rw-r--r-- | tests/cert-tests/data/dup-exts.pem | 32 | ||||
-rwxr-xr-x | tests/cert-tests/x509-duplicate-ext | 46 |
3 files changed, 80 insertions, 2 deletions
diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am index 11a9c3b3dd..87d9314363 100644 --- a/tests/cert-tests/Makefile.am +++ b/tests/cert-tests/Makefile.am @@ -82,7 +82,7 @@ EXTRA_DIST = data/ca-no-pathlen.pem data/no-ca-or-pathlen.pem data/aki-cert.pem data/ca-gnutls-keyid.pem data/ca-no-keyid.pem data/ca-weird-keyid.pem \ data/key-ca-1234.p8 data/key-ca-empty.p8 data/key-ca-null.p8 \ data/openssl-key-ecc.p8 data/key-ecc.p8 data/key-ecc.pem suppressions.valgrind \ - data/encpkcs8.pem data/unencpkcs8.pem data/enc2pkcs8.pem \ + data/encpkcs8.pem data/unencpkcs8.pem data/enc2pkcs8.pem data/dup-exts.pem \ data/openssl-3des.p8 data/openssl-3des.p8.txt data/openssl-aes128.p8 \ data/openssl-aes128.p8.txt data/openssl-aes256.p8 data/openssl-aes256.p8.txt \ data/cert.dsa.1024.pem data/cert.dsa.2048.pem data/cert.dsa.3072.pem \ @@ -111,7 +111,7 @@ dist_check_SCRIPTS = pathlen aki invalid-sig email \ pkcs12 certtool-crl-decoding pkcs12-encode pkcs12-corner-cases inhibit-anypolicy \ smime cert-time alt-chain pkcs7-list-sign pkcs7-eddsa certtool-ecdsa \ key-id pkcs8 pkcs8-decode ecdsa illegal-rsa pkcs8-invalid key-invalid \ - pkcs8-eddsa certtool-subca certtool-verify-profiles + pkcs8-eddsa certtool-subca certtool-verify-profiles x509-duplicate-ext dist_check_SCRIPTS += key-id ecdsa pkcs8-invalid key-invalid pkcs8-decode pkcs8 pkcs8-eddsa \ certtool-utf8 crq diff --git a/tests/cert-tests/data/dup-exts.pem b/tests/cert-tests/data/dup-exts.pem new file mode 100644 index 0000000000..9dcf74c9bb --- /dev/null +++ b/tests/cert-tests/data/dup-exts.pem @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFiDCCA3CgAwIBAgIRAPABuQ6DmexEq0k9QQaewLcwDQYJKoZIhvcNAQELBQAw +bzELMAkGA1UEBhMCQ04xDDAKBgNVBAgMA1RKNTEMMAoGA1UECgwDVEpVMRQwEgYD +VQQLDAtiZWl5YW5neXVhbjENMAsGA1UEAwwEYjMyNjEfMB0GCSqGSIb3DQEJARYQ +bGpmcG93ZXJAMTYzLmNvbTAeFw0xOTA1MjkxMTU2NDBaFw0yOTA0MDYxMTU2NDBa +MHsxCzAJBgNVBAYTAkNOMQwwCgYDVQQIDANUSjUxCzAJBgNVBAcMAlRKMQwwCgYD +VQQKDANUSlUxFDASBgNVBAsMC2JlaXlhbmd5dWFuMQwwCgYDVQQDDANMUUwxHzAd +BgkqhkiG9w0BCQEWEGxqZnBvd2VyQDE2My5jb20wggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQDNKbU4xRcAGOyzHWgEQw0/smt+BJaLtbIvKdPKPTDzDxSl +Rud0rf1GWzG5vKhEzn3ruNwFs23JTu4OcXlkqp4sGqC5SQ06qVhe+eWhK+pjsCll +AG9ZQ40kNdsE5Bt9gbl38tdykM/a5bU4+h8S9P5XP+Vr/xGuB1aqw07NqaUsOs3+ +McH/ZFZQgSv8NDXl9eok5XEfaDZoRf29nAH/I+Ottbw37oW7omvMaC39CVKKmYMA +rdRJR/JrICsOKKnmEf6oLNErBGs3TLXo9/CiQJz/KeV9mHT/BfPumAbSlIXo6en8 +AVyA0V+N1bwUiBu58m9B+z0GlaxeQlxSvTn2wUx5AgMBAAGjggERMIIBDTAJBgNV +HRMEAjAAMB0GA1UdDgQWBBR/7mRMJ+8WoDdxiWO1eCLw0xH+0DAdBgNVHQ4EFgQU +f+5kTCfvFqA3cYljtXgi8NMR/tAwHwYDVR0jBBgwFoAU7S2I/yNy3nSqhHIFpnM6 +2/XWHHgwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF +BQcDBDAYBgNVHREEETAPgQ1oaEBiYi5hZGRyZXNzMBgGA1UdEgQRMA+CDWFiY2V3 +d3J3dC5jb20wMAYIKwYBBQUHAQEEJDAiMCAGCCsGAQUFBzAChhRodHRwOi8vbXku +Y2EvY2EuaHRtbDAMBgNVHSQEBTADgAEDMA0GCSqGSIb3DQEBCwUAA4ICAQCopPaM +SMElD42TZYn1+SnACRnH4YWH/gfG3utPeGVPkBmvV5Je7/gNMlhAQJL5YKdDYa4o +S1zjkNrRSlamH6akX4KyOm19tKRkU7dvtcTRF5CwXGcE2Yte6hc1gWeGzsx5taZL +y2yan7jhCHMqtN5R8AMTDdK4ORPu+sSrghAwkS6KSR0VlVmgbrJQ0WAxRk5bKm7v +R402pLhH2MjsJV48XqvaRTjyT96nbAZ4tdSoyJoHXRvUv9QpFtHSddlnPbEgxJWT +3OLbr+kIpWuaaZNjntLOqe9aPkLEhpw07sGLpT23dYqdehZd12O5+3olULXVBOgg +h8uF4Q9kRtJDpLCd70hUoiyovCxgPbFYUjvmtpCtmNkSCq/txWc3YqOwR+HPe83j +aAsIDnEO6cY6M3uqM1xradU5jzDeMKHJV7XDdXsq9nyQoZ8ytKlKcgM5kNoaqAkT +zeutyjGtQCkJr5V+5Te0JJinVL+xafpwP6749VRUaEWHWk2crkTKxu7/lUK6lgnS +70gLDO1QEJ/edPDC143eRP+dF/d7bN2UF1l+G0F4AcW7kB5mKgOBIWTZSnTmByz5 ++HI1touSh9dDcDDuZ7z6k2Obl0fuPY7ROLZQT3BaYGU4M2FGT4sJa6P6VtfufzEB +MHcS14u+3EvHBxhcI8N4WTrBE36FBzPk6R0g+A== +-----END CERTIFICATE----- diff --git a/tests/cert-tests/x509-duplicate-ext b/tests/cert-tests/x509-duplicate-ext new file mode 100755 index 0000000000..534a534a69 --- /dev/null +++ b/tests/cert-tests/x509-duplicate-ext @@ -0,0 +1,46 @@ +#!/bin/sh + +# Copyright (C) 2019 Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see <https://www.gnu.org/licenses/> + +srcdir="${srcdir:-.}" +CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" +OUTFILE=out.$$.tmp + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +"${CERTTOOL}" --certificate-info --infile "${srcdir}/data/dup-exts.pem" >${OUTFILE} 2>&1 +RET=$? +if test ${RET} = 0; then + echo "Successfully loaded a certificate with duplicate extensions" + cat ${OUTFILE} + exit 1 +fi + +grep "Duplicate extension in" ${OUTFILE} 2>/dev/null +if test $? != 0; then + echo "Could not find the expected error value" + cat ${OUTFILE} + exit 1 +fi + + +rm -f ${OUTFILE} + +exit 0 |