#!/bin/sh # Copyright (C) 2006, 2008, 2010, 2012 Free Software Foundation, Inc. # Copyright (C) 2016, Red Hat, Inc. # # Author: Simon Josefsson, Nikos Mavrogiannopoulos # # This file is part of GnuTLS. # # GnuTLS is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by the # Free Software Foundation; either version 3 of the License, or (at # your option) any later version. # # GnuTLS is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. srcdir="${srcdir:-.}" CERTTOOL="${CERTTOOL:-../src/certtool${EXEEXT}}" TMPFILE1=rsa-md5.$$.tmp TMPFILE2=rsa-md5-2.$$.tmp if ! test -x "${CERTTOOL}"; then exit 77 fi . ${srcdir}/scripts/common.sh check_for_datefudge # Disable leak detection ASAN_OPTIONS="detect_leaks=0" export ASAN_OPTIONS datefudge -s "2006-10-1" \ "${CERTTOOL}" --verify-chain --outfile "$TMPFILE1" --infile "${srcdir}/rsa-md5-collision/colliding-chain-md5-1.pem" if test $? = 0;then echo "Verification on chain1 succeeded" exit 1 fi grep 'Not verified.' $TMPFILE1| grep 'insecure algorithm' if test $? != 0;then echo "Output on chain1 doesn't match the expected" exit 1 fi datefudge -s "2006-10-1" \ "${CERTTOOL}" --verify-chain --outfile "$TMPFILE2" --infile "${srcdir}/rsa-md5-collision/colliding-chain-md5-2.pem" if test $? = 0;then echo "Verification on chain2 succeeded" exit 1 fi grep 'Not verified.' $TMPFILE2| grep 'insecure algorithm' if test $? != 0;then echo "Output on chain2 doesn't match the expected" exit 1 fi rm -f $TMPFILE1 $TMPFILE2 # We're done. exit 0