summaryrefslogtreecommitdiff
path: root/tests/chainverify.c
diff options
context:
space:
mode:
Diffstat (limited to 'tests/chainverify.c')
-rw-r--r--tests/chainverify.c15
1 files changed, 13 insertions, 2 deletions
diff --git a/tests/chainverify.c b/tests/chainverify.c
index d9d1207184..bf74ee8717 100644
--- a/tests/chainverify.c
+++ b/tests/chainverify.c
@@ -1141,8 +1141,14 @@ static struct
0,
GNUTLS_CERT_EXPIRED | GNUTLS_CERT_INVALID },
{ "verisign.com v1 ok", verisign_com_chain, &verisign_com_chain[3],
- GNUTLS_VERIFY_DISABLE_TIME_CHECKS,
+ GNUTLS_VERIFY_DISABLE_TIME_CHECKS | GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_LOW),
0 },
+ { "verisign.com v1 not ok due to profile", verisign_com_chain, &verisign_com_chain[3],
+ GNUTLS_VERIFY_DISABLE_TIME_CHECKS | GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_LEGACY),
+ GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID },
+ { "verisign.com v1 not ok due to profile", verisign_com_chain, &verisign_com_chain[3],
+ GNUTLS_VERIFY_DISABLE_TIME_CHECKS | GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_HIGH),
+ GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID },
{ "citibank.com v1 fail", citibank_com_chain, &citibank_com_chain[2],
GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT, GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID },
{ "expired self signed", pem_self_cert, &pem_self_cert[0],
@@ -1211,7 +1217,12 @@ static struct
GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID },
{ "cacertrsamd5 short-cut ok", cacertrsamd5, &cacertrsamd5[1],
0, 0 },
- { "ecc cert ok", ecc_cert, &ecc_cert[1], 0, 0 },
+ { "ecc cert ok", ecc_cert, &ecc_cert[1], GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_HIGH), 0 },
+ { "ecc cert ok", ecc_cert, &ecc_cert[1], GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_SUITEB128), 0 },
+ { "ecc cert not ok (due to profile)", ecc_cert, &ecc_cert[1], GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_ULTRA),
+ GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID },
+ { "ecc cert not ok (due to profile)", ecc_cert, &ecc_cert[1], GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_SUITEB192),
+ GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID },
{ "name constraints chain ok", nc_good, &nc_good[4], GNUTLS_VERIFY_DISABLE_TIME_CHECKS, 0 },
{ "name constraints chain bad1", nc_bad1, &nc_bad1[2], GNUTLS_VERIFY_DISABLE_TIME_CHECKS, GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE},
{ "name constraints chain bad2", nc_bad2, &nc_bad2[4], GNUTLS_VERIFY_DISABLE_TIME_CHECKS, GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE},