summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@gnutls.org>2002-09-05 16:05:40 +0000
committerNikos Mavrogiannopoulos <nmav@gnutls.org>2002-09-05 16:05:40 +0000
commit69bdcbc193726601b5173577683ee913d5cef83c (patch)
treed78117b740f37d2e99f84ffe9c263e699de4a07c
parenta2a9c8d2ee6f0a23e9376f08755781997a631167 (diff)
downloadgnutls-69bdcbc193726601b5173577683ee913d5cef83c.tar.gz
Added more tests for the X.509 certificate validation. These tests are now only included in the CVS not the distribution.
Diffstat
-rw-r--r--Makefile.am2
-rw-r--r--configure.in2
-rw-r--r--tests/Makefile415
-rw-r--r--tests/Makefile.am3
-rw-r--r--tests/Makefile.in415
-rw-r--r--tests/ca.pem56
-rw-r--r--tests/test1.pem56
-rw-r--r--tests/test10.pem59
-rw-r--r--tests/test13.pem126
-rw-r--r--tests/test2.pem56
-rw-r--r--tests/test23.pem184
-rw-r--r--tests/test24.pem127
-rw-r--r--tests/test26.pem196
-rw-r--r--tests/test3.pem56
-rw-r--r--tests/x509_test.c117
15 files changed, 1619 insertions, 251 deletions
diff --git a/Makefile.am b/Makefile.am
index 442a8ddfab..a7c8202819 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1,7 +1,7 @@
## Process this file with automake to produce Makefile.in
EXTRA_DIST = ChangeLog NEWS INSTALL README THANKS COPYING COPYING.LIB
-SUBDIRS = $(LIBASN1_DIR) includes lib libextra src doc tests
+SUBDIRS = $(LIBASN1_DIR) includes lib libextra src doc
ChangeLog:
cvs2cl --utc -U .cvsusers --fsf -t -S --prune
diff --git a/configure.in b/configure.in
index df16135697..67054cfbd5 100644
--- a/configure.in
+++ b/configure.in
@@ -393,6 +393,6 @@ AC_CONFIG_FILES([Makefile src/Makefile libextra/Makefile lib/Makefile \
lib/libgnutls-config libextra/libgnutls-extra-config \
doc/Makefile src/x509/Makefile src/srp/Makefile src/openpgp/Makefile \
doc/tex/Makefile doc/tex/cover.tex doc/scripts/Makefile \
-tests/Makefile includes/Makefile includes/gnutls/Makefile])
+includes/Makefile includes/gnutls/Makefile])
AC_OUTPUT
diff --git a/tests/Makefile b/tests/Makefile
new file mode 100644
index 0000000000..ebb165a798
--- /dev/null
+++ b/tests/Makefile
@@ -0,0 +1,415 @@
+# Makefile.in generated by automake 1.6.2 from Makefile.am.
+# tests/Makefile. Generated from Makefile.in by configure.
+
+# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
+# Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+
+SHELL = /bin/sh
+
+srcdir = .
+top_srcdir = ..
+
+prefix = /usr/local
+exec_prefix = ${prefix}
+
+bindir = ${exec_prefix}/bin
+sbindir = ${exec_prefix}/sbin
+libexecdir = ${exec_prefix}/libexec
+datadir = ${prefix}/share
+sysconfdir = ${prefix}/etc
+sharedstatedir = ${prefix}/com
+localstatedir = ${prefix}/var
+libdir = ${exec_prefix}/lib
+infodir = ${prefix}/info
+mandir = ${prefix}/man
+includedir = ${prefix}/include
+oldincludedir = /usr/include
+pkgdatadir = $(datadir)/gnutls
+pkglibdir = $(libdir)/gnutls
+pkgincludedir = $(includedir)/gnutls
+top_builddir = ..
+
+ACLOCAL = ${SHELL} /usr/home/nmav/cvs/gnutls/missing --run aclocal-1.6
+AUTOCONF = ${SHELL} /usr/home/nmav/cvs/gnutls/missing --run autoconf
+AUTOMAKE = ${SHELL} /usr/home/nmav/cvs/gnutls/missing --run automake-1.6
+AUTOHEADER = ${SHELL} /usr/home/nmav/cvs/gnutls/missing --run autoheader
+
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+INSTALL = /usr/bin/install -c
+INSTALL_PROGRAM = ${INSTALL}
+INSTALL_DATA = ${INSTALL} -m 644
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_SCRIPT = ${INSTALL}
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = s,x,x,
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+host_alias =
+host_triplet = i686-pc-linux-gnu
+
+EXEEXT =
+OBJEXT = o
+PATH_SEPARATOR = :
+AMTAR = ${SHELL} /usr/home/nmav/cvs/gnutls/missing --run tar
+AS = @AS@
+AWK = gawk
+CC = colorgcc
+DEPDIR = .deps
+DLLTOOL = @DLLTOOL@
+ECHO = echo
+FC_OK =
+GNUTLS_CURRENT_INTERFACE_IMPLEMENTATION_NUMBER = 6
+GNUTLS_MAJOR_VERSION = 0
+GNUTLS_MICRO_VERSION = 6
+GNUTLS_MINOR_VERSION = 5
+GNUTLS_MOST_RECENT_INTERFACE = 5
+GNUTLS_OLDEST_INTERFACE = 5
+GNUTLS_VERSION = 0.5.6
+INSTALL_STRIP_PROGRAM = ${SHELL} $(install_sh) -c -s
+LIBASN1_DIR = libtasn1
+LIBASN1_LINK = ../libtasn1/lib/libtasn1.la
+LIBGCRYPT_CFLAGS =
+LIBGCRYPT_CONFIG = /usr/bin/libgcrypt-config
+LIBGCRYPT_LIBS = -L/usr/lib -lgcrypt
+LIBGNUTLS_CFLAGS = -I${prefix}/include
+LIBGNUTLS_EXTRA_CFLAGS = -I/usr/include -I${prefix}/include
+LIBGNUTLS_EXTRA_LIBS = -L${exec_prefix}/lib -lgnutls-extra -lgnutls -lz -L/usr/lib -lopencdk -L/usr/lib -lgcrypt
+LIBGNUTLS_LIBS = -lz -L${exec_prefix}/lib -lgnutls -ltasn1 -L/usr/lib -lgcrypt
+LIBMCRYPT_CFLAGS =
+LIBMCRYPT_CONFIG =
+LIBMCRYPT_LIBS =
+LIBOPENCDK_CFLAGS = -I/usr/include
+LIBOPENCDK_CONFIG = /usr/bin/opencdk-config
+LIBOPENCDK_LIBS = -lz -L/usr/lib -lopencdk -L/usr/lib -lgcrypt
+LIBTOOL = $(SHELL) $(top_builddir)/libtool
+LN_S = ln -s
+LT_AGE = 0
+LT_CURRENT = 5
+LT_REVISION = 6
+MAINT =
+OBJDUMP = @OBJDUMP@
+PACKAGE = gnutls
+RANLIB = ranlib
+SERV_LIBS = -lz -lgdbm
+STRIP = strip
+VERSION = 0.5.6
+YACC = bison -y
+am__include = include
+am__quote =
+install_sh = /usr/home/nmav/cvs/gnutls/install-sh
+EXTRA_DIST = test1.pem test2.pem test3.pem test10.pem test25.pem \
+ test22.pem test23.pem test24.pem test26.pem test13.pem ca.pem
+
+INCLUDES = -I../lib/ -I../libtasn1/lib/ -I../includes
+
+noinst_PROGRAMS = x509test
+x509test_SOURCES = x509_test.c
+x509test_LDADD = ../lib/libgnutls.la -lgcrypt
+TESTS = x509test
+subdir = tests
+mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+noinst_PROGRAMS = x509test$(EXEEXT)
+PROGRAMS = $(noinst_PROGRAMS)
+
+am_x509test_OBJECTS = x509_test.$(OBJEXT)
+x509test_OBJECTS = $(am_x509test_OBJECTS)
+x509test_DEPENDENCIES = ../lib/libgnutls.la
+x509test_LDFLAGS =
+
+DEFS = -DHAVE_CONFIG_H
+DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)
+CPPFLAGS =
+LDFLAGS =
+LIBS = -lz
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+DEP_FILES = ./$(DEPDIR)/x509_test.Po
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
+ $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+CFLAGS = -g -O2 -ggdb3 -Wall -Wpointer-arith -Wstrict-prototypes -pipe
+DIST_SOURCES = $(x509test_SOURCES)
+DIST_COMMON = Makefile.am Makefile.in
+SOURCES = $(x509test_SOURCES)
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4)
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --gnu tests/Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
+
+clean-noinstPROGRAMS:
+ @list='$(noinst_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+x509test$(EXEEXT): $(x509test_OBJECTS) $(x509test_DEPENDENCIES)
+ @rm -f x509test$(EXEEXT)
+ $(LINK) $(x509test_LDFLAGS) $(x509test_OBJECTS) $(x509test_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT) core *.core
+
+distclean-compile:
+ -rm -f *.tab.c
+
+include ./$(DEPDIR)/x509_test.Po
+
+distclean-depend:
+ -rm -rf ./$(DEPDIR)
+
+.c.o:
+ source='$<' object='$@' libtool=no \
+ depfile='$(DEPDIR)/$*.Po' tmpdepfile='$(DEPDIR)/$*.TPo' \
+ $(CCDEPMODE) $(depcomp) \
+ $(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
+
+.c.obj:
+ source='$<' object='$@' libtool=no \
+ depfile='$(DEPDIR)/$*.Po' tmpdepfile='$(DEPDIR)/$*.TPo' \
+ $(CCDEPMODE) $(depcomp) \
+ $(COMPILE) -c `cygpath -w $<`
+
+.c.lo:
+ source='$<' object='$@' libtool=yes \
+ depfile='$(DEPDIR)/$*.Plo' tmpdepfile='$(DEPDIR)/$*.TPlo' \
+ $(CCDEPMODE) $(depcomp) \
+ $(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
+CCDEPMODE = depmode=gcc3
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+distclean-libtool:
+ -rm -f libtool
+uninstall-info-am:
+
+ETAGS = etags
+ETAGSFLAGS =
+
+tags: TAGS
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ mkid -fID $$unique
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ test -z "$(ETAGS_ARGS)$$tags$$unique" \
+ || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
+
+check-TESTS: $(TESTS)
+ @failed=0; all=0; xfail=0; xpass=0; \
+ srcdir=$(srcdir); export srcdir; \
+ list='$(TESTS)'; \
+ if test -n "$$list"; then \
+ for tst in $$list; do \
+ if test -f ./$$tst; then dir=./; \
+ elif test -f $$tst; then dir=; \
+ else dir="$(srcdir)/"; fi; \
+ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *" $$tst "*) \
+ xpass=`expr $$xpass + 1`; \
+ failed=`expr $$failed + 1`; \
+ echo "XPASS: $$tst"; \
+ ;; \
+ *) \
+ echo "PASS: $$tst"; \
+ ;; \
+ esac; \
+ elif test $$? -ne 77; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *" $$tst "*) \
+ xfail=`expr $$xfail + 1`; \
+ echo "XFAIL: $$tst"; \
+ ;; \
+ *) \
+ failed=`expr $$failed + 1`; \
+ echo "FAIL: $$tst"; \
+ ;; \
+ esac; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ if test "$$xfail" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="All $$all tests behaved as expected ($$xfail expected failures)"; \
+ fi; \
+ else \
+ if test "$$xpass" -eq 0; then \
+ banner="$$failed of $$all tests failed"; \
+ else \
+ banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \
+ fi; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0; \
+ else :; fi
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+
+top_distdir = ..
+distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
+
+distdir: $(DISTFILES)
+ @list='$(DISTFILES)'; for file in $$list; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test "$$dir" != "$$file" && test "$$dir" != "."; then \
+ dir="/$$dir"; \
+ $(mkinstalldirs) "$(distdir)$$dir"; \
+ else \
+ dir=''; \
+ fi; \
+ if test -d $$d/$$file; then \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-TESTS
+check: check-am
+all-am: Makefile $(PROGRAMS)
+
+installdirs:
+
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -rm -f Makefile $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-noinstPROGRAMS \
+ mostlyclean-am
+
+distclean: distclean-am
+
+distclean-am: clean-am distclean-compile distclean-depend \
+ distclean-generic distclean-libtool distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-exec-am:
+
+install-info: install-info-am
+
+install-man:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+uninstall-am: uninstall-info-am
+
+.PHONY: GTAGS all all-am check check-TESTS check-am clean clean-generic \
+ clean-libtool clean-noinstPROGRAMS distclean distclean-compile \
+ distclean-depend distclean-generic distclean-libtool \
+ distclean-tags distdir dvi dvi-am info info-am install \
+ install-am install-data install-data-am install-exec \
+ install-exec-am install-info install-info-am install-man \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ tags uninstall uninstall-am uninstall-info-am
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 4b9a18c04b..1639b7d331 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -1,5 +1,6 @@
## Process this file with automake to produce Makefile.in
-EXTRA_DIST = test1.pem test2.pem test3.pem test10.pem test25.pem
+EXTRA_DIST = test1.pem test2.pem test3.pem test10.pem test25.pem \
+ test22.pem test23.pem test24.pem test26.pem test13.pem ca.pem
INCLUDES= -I../lib/ -I../libtasn1/lib/ -I../includes
noinst_PROGRAMS = x509test
diff --git a/tests/Makefile.in b/tests/Makefile.in
new file mode 100644
index 0000000000..4861ebb55f
--- /dev/null
+++ b/tests/Makefile.in
@@ -0,0 +1,415 @@
+# Makefile.in generated by automake 1.6.2 from Makefile.am.
+# @configure_input@
+
+# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
+# Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+SHELL = @SHELL@
+
+srcdir = @srcdir@
+top_srcdir = @top_srcdir@
+VPATH = @srcdir@
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+
+bindir = @bindir@
+sbindir = @sbindir@
+libexecdir = @libexecdir@
+datadir = @datadir@
+sysconfdir = @sysconfdir@
+sharedstatedir = @sharedstatedir@
+localstatedir = @localstatedir@
+libdir = @libdir@
+infodir = @infodir@
+mandir = @mandir@
+includedir = @includedir@
+oldincludedir = /usr/include
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+top_builddir = ..
+
+ACLOCAL = @ACLOCAL@
+AUTOCONF = @AUTOCONF@
+AUTOMAKE = @AUTOMAKE@
+AUTOHEADER = @AUTOHEADER@
+
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+INSTALL = @INSTALL@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_DATA = @INSTALL_DATA@
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = @program_transform_name@
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+host_alias = @host_alias@
+host_triplet = @host@
+
+EXEEXT = @EXEEXT@
+OBJEXT = @OBJEXT@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+AMTAR = @AMTAR@
+AS = @AS@
+AWK = @AWK@
+CC = @CC@
+DEPDIR = @DEPDIR@
+DLLTOOL = @DLLTOOL@
+ECHO = @ECHO@
+FC_OK = @FC_OK@
+GNUTLS_CURRENT_INTERFACE_IMPLEMENTATION_NUMBER = @GNUTLS_CURRENT_INTERFACE_IMPLEMENTATION_NUMBER@
+GNUTLS_MAJOR_VERSION = @GNUTLS_MAJOR_VERSION@
+GNUTLS_MICRO_VERSION = @GNUTLS_MICRO_VERSION@
+GNUTLS_MINOR_VERSION = @GNUTLS_MINOR_VERSION@
+GNUTLS_MOST_RECENT_INTERFACE = @GNUTLS_MOST_RECENT_INTERFACE@
+GNUTLS_OLDEST_INTERFACE = @GNUTLS_OLDEST_INTERFACE@
+GNUTLS_VERSION = @GNUTLS_VERSION@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LIBASN1_DIR = @LIBASN1_DIR@
+LIBASN1_LINK = @LIBASN1_LINK@
+LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@
+LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@
+LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@
+LIBGNUTLS_CFLAGS = @LIBGNUTLS_CFLAGS@
+LIBGNUTLS_EXTRA_CFLAGS = @LIBGNUTLS_EXTRA_CFLAGS@
+LIBGNUTLS_EXTRA_LIBS = @LIBGNUTLS_EXTRA_LIBS@
+LIBGNUTLS_LIBS = @LIBGNUTLS_LIBS@
+LIBMCRYPT_CFLAGS = @LIBMCRYPT_CFLAGS@
+LIBMCRYPT_CONFIG = @LIBMCRYPT_CONFIG@
+LIBMCRYPT_LIBS = @LIBMCRYPT_LIBS@
+LIBOPENCDK_CFLAGS = @LIBOPENCDK_CFLAGS@
+LIBOPENCDK_CONFIG = @LIBOPENCDK_CONFIG@
+LIBOPENCDK_LIBS = @LIBOPENCDK_LIBS@
+LIBTOOL = @LIBTOOL@
+LN_S = @LN_S@
+LT_AGE = @LT_AGE@
+LT_CURRENT = @LT_CURRENT@
+LT_REVISION = @LT_REVISION@
+MAINT = @MAINT@
+OBJDUMP = @OBJDUMP@
+PACKAGE = @PACKAGE@
+RANLIB = @RANLIB@
+SERV_LIBS = @SERV_LIBS@
+STRIP = @STRIP@
+VERSION = @VERSION@
+YACC = @YACC@
+am__include = @am__include@
+am__quote = @am__quote@
+install_sh = @install_sh@
+EXTRA_DIST = test1.pem test2.pem test3.pem test10.pem test25.pem \
+ test22.pem test23.pem test24.pem test26.pem test13.pem ca.pem
+
+INCLUDES = -I../lib/ -I../libtasn1/lib/ -I../includes
+
+noinst_PROGRAMS = x509test
+x509test_SOURCES = x509_test.c
+x509test_LDADD = ../lib/libgnutls.la -lgcrypt
+TESTS = x509test
+subdir = tests
+mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+noinst_PROGRAMS = x509test$(EXEEXT)
+PROGRAMS = $(noinst_PROGRAMS)
+
+am_x509test_OBJECTS = x509_test.$(OBJEXT)
+x509test_OBJECTS = $(am_x509test_OBJECTS)
+x509test_DEPENDENCIES = ../lib/libgnutls.la
+x509test_LDFLAGS =
+
+DEFS = @DEFS@
+DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)
+CPPFLAGS = @CPPFLAGS@
+LDFLAGS = @LDFLAGS@
+LIBS = @LIBS@
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+@AMDEP_TRUE@DEP_FILES = ./$(DEPDIR)/x509_test.Po
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
+ $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+CFLAGS = @CFLAGS@
+DIST_SOURCES = $(x509test_SOURCES)
+DIST_COMMON = Makefile.am Makefile.in
+SOURCES = $(x509test_SOURCES)
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4)
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --gnu tests/Makefile
+Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
+
+clean-noinstPROGRAMS:
+ @list='$(noinst_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+x509test$(EXEEXT): $(x509test_OBJECTS) $(x509test_DEPENDENCIES)
+ @rm -f x509test$(EXEEXT)
+ $(LINK) $(x509test_LDFLAGS) $(x509test_OBJECTS) $(x509test_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT) core *.core
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509_test.Po@am__quote@
+
+distclean-depend:
+ -rm -rf ./$(DEPDIR)
+
+.c.o:
+@AMDEP_TRUE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@ depfile='$(DEPDIR)/$*.Po' tmpdepfile='$(DEPDIR)/$*.TPo' @AMDEPBACKSLASH@
+@AMDEP_TRUE@ $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ $(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
+
+.c.obj:
+@AMDEP_TRUE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@ depfile='$(DEPDIR)/$*.Po' tmpdepfile='$(DEPDIR)/$*.TPo' @AMDEPBACKSLASH@
+@AMDEP_TRUE@ $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ $(COMPILE) -c `cygpath -w $<`
+
+.c.lo:
+@AMDEP_TRUE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@ depfile='$(DEPDIR)/$*.Plo' tmpdepfile='$(DEPDIR)/$*.TPlo' @AMDEPBACKSLASH@
+@AMDEP_TRUE@ $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ $(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
+CCDEPMODE = @CCDEPMODE@
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+distclean-libtool:
+ -rm -f libtool
+uninstall-info-am:
+
+ETAGS = etags
+ETAGSFLAGS =
+
+tags: TAGS
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ mkid -fID $$unique
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ test -z "$(ETAGS_ARGS)$$tags$$unique" \
+ || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
+
+check-TESTS: $(TESTS)
+ @failed=0; all=0; xfail=0; xpass=0; \
+ srcdir=$(srcdir); export srcdir; \
+ list='$(TESTS)'; \
+ if test -n "$$list"; then \
+ for tst in $$list; do \
+ if test -f ./$$tst; then dir=./; \
+ elif test -f $$tst; then dir=; \
+ else dir="$(srcdir)/"; fi; \
+ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *" $$tst "*) \
+ xpass=`expr $$xpass + 1`; \
+ failed=`expr $$failed + 1`; \
+ echo "XPASS: $$tst"; \
+ ;; \
+ *) \
+ echo "PASS: $$tst"; \
+ ;; \
+ esac; \
+ elif test $$? -ne 77; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *" $$tst "*) \
+ xfail=`expr $$xfail + 1`; \
+ echo "XFAIL: $$tst"; \
+ ;; \
+ *) \
+ failed=`expr $$failed + 1`; \
+ echo "FAIL: $$tst"; \
+ ;; \
+ esac; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ if test "$$xfail" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="All $$all tests behaved as expected ($$xfail expected failures)"; \
+ fi; \
+ else \
+ if test "$$xpass" -eq 0; then \
+ banner="$$failed of $$all tests failed"; \
+ else \
+ banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \
+ fi; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0; \
+ else :; fi
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+
+top_distdir = ..
+distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
+
+distdir: $(DISTFILES)
+ @list='$(DISTFILES)'; for file in $$list; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test "$$dir" != "$$file" && test "$$dir" != "."; then \
+ dir="/$$dir"; \
+ $(mkinstalldirs) "$(distdir)$$dir"; \
+ else \
+ dir=''; \
+ fi; \
+ if test -d $$d/$$file; then \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-TESTS
+check: check-am
+all-am: Makefile $(PROGRAMS)
+
+installdirs:
+
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -rm -f Makefile $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-noinstPROGRAMS \
+ mostlyclean-am
+
+distclean: distclean-am
+
+distclean-am: clean-am distclean-compile distclean-depend \
+ distclean-generic distclean-libtool distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-exec-am:
+
+install-info: install-info-am
+
+install-man:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+uninstall-am: uninstall-info-am
+
+.PHONY: GTAGS all all-am check check-TESTS check-am clean clean-generic \
+ clean-libtool clean-noinstPROGRAMS distclean distclean-compile \
+ distclean-depend distclean-generic distclean-libtool \
+ distclean-tags distdir dvi dvi-am info info-am install \
+ install-am install-data install-data-am install-exec \
+ install-exec-am install-info install-info-am install-man \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ tags uninstall uninstall-am uninstall-info-am
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/tests/ca.pem b/tests/ca.pem
new file mode 100644
index 0000000000..4b7362ab6b
--- /dev/null
+++ b/tests/ca.pem
@@ -0,0 +1,56 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 99999 (0x1869f)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor
+ Validity
+ Not Before: Jan 1 12:01:00 1999 GMT
+ Not After : Jan 1 12:01:00 2048 GMT
+ Subject: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:d3:f3:b9:c1:33:b7:3f:a7:27:f6:41:1d:5c:9c:
+ 79:9d:aa:d2:95:10:b7:84:ce:da:a3:e5:58:0c:3e:
+ 4e:8b:56:bf:3e:aa:21:2d:50:13:fe:f3:19:2e:7a:
+ cb:11:cf:f3:d3:b8:5f:57:9f:9d:97:80:af:1d:95:
+ 57:12:df:34:d4:bd:f3:ae:4d:e7:7c:a6:20:d4:04:
+ 4e:da:63:61:3e:3d:2a:8d:37:cf:c5:3c:c9:f9:fa:
+ f0:39:48:04:78:bd:b0:dd:f5:24:46:33:a1:46:9f:
+ 17:9f:04:bb:cf:37:94:0c:13:43:aa:90:ac:91:78:
+ 1d:ba:f3:18:84:2a:82:2b:47
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ AB:9A:EB:F9:C2:E7:54:8F
+ X509v3 Basic Constraints:
+ CA:TRUE
+ X509v3 Authority Key Identifier:
+ keyid:AB:9A:EB:F9:C2:E7:54:8F
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 16:56:0f:61:ac:87:8b:4f:eb:64:12:1b:c3:85:59:4a:68:e1:
+ 3b:a5:21:c1:59:2e:91:ac:68:fe:13:ff:63:6d:ee:55:d4:a0:
+ 82:4c:37:bc:16:8e:a9:26:61:fe:7f:46:fa:38:1f:13:5c:8a:
+ 6a:b7:12:47:98:72:b9:b5:56:80:ee:78:95:18:1a:f4:63:70:
+ 26:39:9b:19:20:84:8d:bb:62:5f:df:2c:a1:3d:fc:1b:d0:3a:
+ bb:d8:cc:1b:36:12:a2:ab:ad:3e:e6:e1:52:b4:75:13:11:ec:
+ 27:95:a6:63:cf:d3:cc:f4:4e:d8:ba:b8:ad:ad:cc:1a:65:a7:
+ 5a:45
+-----BEGIN CERTIFICATE-----
+MIICbDCCAdWgAwIBAgIDAYafMA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNVBAYTAlVT
+MRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEQMA4GA1UE
+CxMHVGVzdGluZzEVMBMGA1UEAxMMVHJ1c3QgQW5jaG9yMB4XDTk5MDEwMTEyMDEw
+MFoXDTQ4MDEwMTEyMDEwMFowXjELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4g
+R292ZXJubWVudDEMMAoGA1UECxMDRG9EMRAwDgYDVQQLEwdUZXN0aW5nMRUwEwYD
+VQQDEwxUcnVzdCBBbmNob3IwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANPz
+ucEztz+nJ/ZBHVyceZ2q0pUQt4TO2qPlWAw+TotWvz6qIS1QE/7zGS56yxHP89O4
+X1efnZeArx2VVxLfNNS9865N53ymINQETtpjYT49Ko03z8U8yfn68DlIBHi9sN31
+JEYzoUafF58Eu883lAwTQ6qQrJF4HbrzGIQqgitHAgMBAAGjODA2MBEGA1UdDgQK
+BAirmuv5wudUjzAMBgNVHRMEBTADAQH/MBMGA1UdIwQMMAqACKua6/nC51SPMA0G
+CSqGSIb3DQEBBQUAA4GBABZWD2Gsh4tP62QSG8OFWUpo4TulIcFZLpGsaP4T/2Nt
+7lXUoIJMN7wWjqkmYf5/Rvo4HxNcimq3EkeYcrm1VoDueJUYGvRjcCY5mxkghI27
+Yl/fLKE9/BvQOrvYzBs2EqKrrT7m4VK0dRMR7CeVpmPP08z0Tti6uK2tzBplp1pF
+-----END CERTIFICATE-----
diff --git a/tests/test1.pem b/tests/test1.pem
index 960e907af3..6b71c59225 100644
--- a/tests/test1.pem
+++ b/tests/test1.pem
@@ -60,59 +60,3 @@ ZbHf6qWfRfmrPrz9hDH1644NrJop2Y7MXzuTtpo1zp4NCG4+ii0CSOfvhugc8yOm
q3I6olgE0V16VtC5br2892UHYZ55Q4oQ9BWouVVlOyY9rogOB160BnsqBELFhT0W
f6mnbsdDG+BB5fFyeK61aYDWV84kS7cSX5w=
-----END CERTIFICATE-----
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 99999 (0x1869f)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor
- Validity
- Not Before: Jan 1 12:01:00 1999 GMT
- Not After : Jan 1 12:01:00 2048 GMT
- Subject: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:d3:f3:b9:c1:33:b7:3f:a7:27:f6:41:1d:5c:9c:
- 79:9d:aa:d2:95:10:b7:84:ce:da:a3:e5:58:0c:3e:
- 4e:8b:56:bf:3e:aa:21:2d:50:13:fe:f3:19:2e:7a:
- cb:11:cf:f3:d3:b8:5f:57:9f:9d:97:80:af:1d:95:
- 57:12:df:34:d4:bd:f3:ae:4d:e7:7c:a6:20:d4:04:
- 4e:da:63:61:3e:3d:2a:8d:37:cf:c5:3c:c9:f9:fa:
- f0:39:48:04:78:bd:b0:dd:f5:24:46:33:a1:46:9f:
- 17:9f:04:bb:cf:37:94:0c:13:43:aa:90:ac:91:78:
- 1d:ba:f3:18:84:2a:82:2b:47
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Subject Key Identifier:
- AB:9A:EB:F9:C2:E7:54:8F
- X509v3 Basic Constraints:
- CA:TRUE
- X509v3 Authority Key Identifier:
- keyid:AB:9A:EB:F9:C2:E7:54:8F
-
- Signature Algorithm: sha1WithRSAEncryption
- 16:56:0f:61:ac:87:8b:4f:eb:64:12:1b:c3:85:59:4a:68:e1:
- 3b:a5:21:c1:59:2e:91:ac:68:fe:13:ff:63:6d:ee:55:d4:a0:
- 82:4c:37:bc:16:8e:a9:26:61:fe:7f:46:fa:38:1f:13:5c:8a:
- 6a:b7:12:47:98:72:b9:b5:56:80:ee:78:95:18:1a:f4:63:70:
- 26:39:9b:19:20:84:8d:bb:62:5f:df:2c:a1:3d:fc:1b:d0:3a:
- bb:d8:cc:1b:36:12:a2:ab:ad:3e:e6:e1:52:b4:75:13:11:ec:
- 27:95:a6:63:cf:d3:cc:f4:4e:d8:ba:b8:ad:ad:cc:1a:65:a7:
- 5a:45
------BEGIN CERTIFICATE-----
-MIICbDCCAdWgAwIBAgIDAYafMA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNVBAYTAlVT
-MRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEQMA4GA1UE
-CxMHVGVzdGluZzEVMBMGA1UEAxMMVHJ1c3QgQW5jaG9yMB4XDTk5MDEwMTEyMDEw
-MFoXDTQ4MDEwMTEyMDEwMFowXjELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4g
-R292ZXJubWVudDEMMAoGA1UECxMDRG9EMRAwDgYDVQQLEwdUZXN0aW5nMRUwEwYD
-VQQDEwxUcnVzdCBBbmNob3IwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANPz
-ucEztz+nJ/ZBHVyceZ2q0pUQt4TO2qPlWAw+TotWvz6qIS1QE/7zGS56yxHP89O4
-X1efnZeArx2VVxLfNNS9865N53ymINQETtpjYT49Ko03z8U8yfn68DlIBHi9sN31
-JEYzoUafF58Eu883lAwTQ6qQrJF4HbrzGIQqgitHAgMBAAGjODA2MBEGA1UdDgQK
-BAirmuv5wudUjzAMBgNVHRMEBTADAQH/MBMGA1UdIwQMMAqACKua6/nC51SPMA0G
-CSqGSIb3DQEBBQUAA4GBABZWD2Gsh4tP62QSG8OFWUpo4TulIcFZLpGsaP4T/2Nt
-7lXUoIJMN7wWjqkmYf5/Rvo4HxNcimq3EkeYcrm1VoDueJUYGvRjcCY5mxkghI27
-Yl/fLKE9/BvQOrvYzBs2EqKrrT7m4VK0dRMR7CeVpmPP08z0Tti6uK2tzBplp1pF
------END CERTIFICATE-----
diff --git a/tests/test10.pem b/tests/test10.pem
index 05e56eebbc..7e741003cc 100644
--- a/tests/test10.pem
+++ b/tests/test10.pem
@@ -1,4 +1,5 @@
-[ The end certificate is expired ]
+[ The end certificate is expired. This should be validated (we don't check
+expiration in the validation functions. ]
Certificate:
Data:
@@ -122,59 +123,3 @@ AQEFBQADgYEAWwpfh9oOOvj9xHS0zcczaUIHTkpjgk09I+pERlu0Z0+rHvpZGge4
OvNDFtMc4TgthGcydbIwiKogjtGBM2/sNHIO2jcpNeOtNKLxrzD4Y0Ve164kXBu9
Mmsxx4sG7XUXZWgiOPfu/HmyPVdzbIReJdQO515SNx7JdgVyUkyhBxM=
-----END CERTIFICATE-----
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 99999 (0x1869f)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor
- Validity
- Not Before: Jan 1 12:01:00 1999 GMT
- Not After : Jan 1 12:01:00 2048 GMT
- Subject: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:d3:f3:b9:c1:33:b7:3f:a7:27:f6:41:1d:5c:9c:
- 79:9d:aa:d2:95:10:b7:84:ce:da:a3:e5:58:0c:3e:
- 4e:8b:56:bf:3e:aa:21:2d:50:13:fe:f3:19:2e:7a:
- cb:11:cf:f3:d3:b8:5f:57:9f:9d:97:80:af:1d:95:
- 57:12:df:34:d4:bd:f3:ae:4d:e7:7c:a6:20:d4:04:
- 4e:da:63:61:3e:3d:2a:8d:37:cf:c5:3c:c9:f9:fa:
- f0:39:48:04:78:bd:b0:dd:f5:24:46:33:a1:46:9f:
- 17:9f:04:bb:cf:37:94:0c:13:43:aa:90:ac:91:78:
- 1d:ba:f3:18:84:2a:82:2b:47
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Subject Key Identifier:
- AB:9A:EB:F9:C2:E7:54:8F
- X509v3 Basic Constraints:
- CA:TRUE
- X509v3 Authority Key Identifier:
- keyid:AB:9A:EB:F9:C2:E7:54:8F
-
- Signature Algorithm: sha1WithRSAEncryption
- 16:56:0f:61:ac:87:8b:4f:eb:64:12:1b:c3:85:59:4a:68:e1:
- 3b:a5:21:c1:59:2e:91:ac:68:fe:13:ff:63:6d:ee:55:d4:a0:
- 82:4c:37:bc:16:8e:a9:26:61:fe:7f:46:fa:38:1f:13:5c:8a:
- 6a:b7:12:47:98:72:b9:b5:56:80:ee:78:95:18:1a:f4:63:70:
- 26:39:9b:19:20:84:8d:bb:62:5f:df:2c:a1:3d:fc:1b:d0:3a:
- bb:d8:cc:1b:36:12:a2:ab:ad:3e:e6:e1:52:b4:75:13:11:ec:
- 27:95:a6:63:cf:d3:cc:f4:4e:d8:ba:b8:ad:ad:cc:1a:65:a7:
- 5a:45
------BEGIN CERTIFICATE-----
-MIICbDCCAdWgAwIBAgIDAYafMA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNVBAYTAlVT
-MRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEQMA4GA1UE
-CxMHVGVzdGluZzEVMBMGA1UEAxMMVHJ1c3QgQW5jaG9yMB4XDTk5MDEwMTEyMDEw
-MFoXDTQ4MDEwMTEyMDEwMFowXjELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4g
-R292ZXJubWVudDEMMAoGA1UECxMDRG9EMRAwDgYDVQQLEwdUZXN0aW5nMRUwEwYD
-VQQDEwxUcnVzdCBBbmNob3IwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANPz
-ucEztz+nJ/ZBHVyceZ2q0pUQt4TO2qPlWAw+TotWvz6qIS1QE/7zGS56yxHP89O4
-X1efnZeArx2VVxLfNNS9865N53ymINQETtpjYT49Ko03z8U8yfn68DlIBHi9sN31
-JEYzoUafF58Eu883lAwTQ6qQrJF4HbrzGIQqgitHAgMBAAGjODA2MBEGA1UdDgQK
-BAirmuv5wudUjzAMBgNVHRMEBTADAQH/MBMGA1UdIwQMMAqACKua6/nC51SPMA0G
-CSqGSIb3DQEBBQUAA4GBABZWD2Gsh4tP62QSG8OFWUpo4TulIcFZLpGsaP4T/2Nt
-7lXUoIJMN7wWjqkmYf5/Rvo4HxNcimq3EkeYcrm1VoDueJUYGvRjcCY5mxkghI27
-Yl/fLKE9/BvQOrvYzBs2EqKrrT7m4VK0dRMR7CeVpmPP08z0Tti6uK2tzBplp1pF
------END CERTIFICATE-----
diff --git a/tests/test13.pem b/tests/test13.pem
new file mode 100644
index 0000000000..3a51af645d
--- /dev/null
+++ b/tests/test13.pem
@@ -0,0 +1,126 @@
+[ There is no chain here. This chain is not valid. ]
+
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 26 (0x1a)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, O=U.S. Government, OU=Dod, OU=Testing, CN=CA1-CP.99.99
+ Validity
+ Not Before: Jan 1 12:01:00 1998 GMT
+ Not After : Jan 1 12:01:00 2048 GMT
+ Subject: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=User1-CP.04.01
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:f8:80:64:a5:cf:8c:af:23:bd:a3:63:df:85:72:
+ 9f:22:8f:2b:b7:50:b4:5c:ac:04:f2:85:5b:96:35:
+ 05:cf:8e:32:cc:9d:da:93:e9:42:82:58:71:04:cc:
+ 32:89:a5:02:aa:01:bd:25:d4:24:23:0d:97:2f:c1:
+ c5:5b:af:9f:b9:7a:23:d7:2b:b7:1e:8f:8c:10:54:
+ 94:4c:dd:72:cb:1c:69:a1:1a:1e:e0:82:56:5f:8c:
+ b2:7a:fa:e9:c4:95:dc:6a:95:18:08:6e:8e:e9:fc:
+ d7:e9:72:ba:b7:13:12:88:37:7e:db:28:87:06:d0:
+ 9d:f0:3b:ea:a3:54:fc:dd:ff
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Key Usage: critical
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Certificate Policies:
+ Policy: 2.16.840.1.101.3.1.48.1
+
+ X509v3 Subject Key Identifier:
+ 25:93:C3:6D:FD:B1:36:FF
+ X509v3 Authority Key Identifier:
+ keyid:39:9B:DF:A6:1E:14:BB:D6
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 65:fe:0b:d5:10:c7:0d:7c:30:03:60:a0:70:88:4c:e0:20:1f:
+ 67:bd:82:47:6c:ce:6a:7d:1a:b7:7f:15:54:50:77:bb:db:ec:
+ e1:52:f0:15:ca:ce:40:22:23:0d:b7:4b:8a:37:34:5d:62:e2:
+ 99:ae:2f:08:3d:6a:ae:cb:fa:1e:4e:7e:eb:5d:77:1d:f1:4d:
+ 98:3f:26:a7:a5:f9:8c:0c:28:34:f6:bf:23:89:26:14:e0:3c:
+ 88:89:b8:4d:39:3b:33:be:6f:43:20:90:4c:f1:b4:57:36:d4:
+ 36:ed:ee:c1:36:d7:2a:6e:4c:13:d0:b9:30:53:1f:ef:3d:f8:
+ ec:23
+-----BEGIN CERTIFICATE-----
+MIIChjCCAe+gAwIBAgIBGjANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJVUzEY
+MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb2QxEDAOBgNVBAsT
+B1Rlc3RpbmcxFTATBgNVBAMTDENBMS1DUC45OS45OTAeFw05ODAxMDExMjAxMDBa
+Fw00ODAxMDExMjAxMDBaMGAxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdv
+dmVybm1lbnQxDDAKBgNVBAsTA0RvRDEQMA4GA1UECxMHVGVzdGluZzEXMBUGA1UE
+AxMOVXNlcjEtQ1AuMDQuMDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPiA
+ZKXPjK8jvaNj34VynyKPK7dQtFysBPKFW5Y1Bc+OMsyd2pPpQoJYcQTMMomlAqoB
+vSXUJCMNly/BxVuvn7l6I9crtx6PjBBUlEzdcsscaaEaHuCCVl+Msnr66cSV3GqV
+GAhujun81+lyurcTEog3ftsohwbQnfA76qNU/N3/AgMBAAGjUjBQMA4GA1UdDwEB
+/wQEAwIF4DAWBgNVHSAEDzANMAsGCWCGSAFlAwEwATARBgNVHQ4ECgQIJZPDbf2x
+Nv8wEwYDVR0jBAwwCoAIOZvfph4Uu9YwDQYJKoZIhvcNAQEFBQADgYEAZf4L1RDH
+DXwwA2CgcIhM4CAfZ72CR2zOan0at38VVFB3u9vs4VLwFcrOQCIjDbdLijc0XWLi
+ma4vCD1qrsv6Hk5+6113HfFNmD8mp6X5jAwoNPa/I4kmFOA8iIm4TTk7M75vQyCQ
+TPG0VzbUNu3uwTbXKm5ME9C5MFMf7z347CM=
+-----END CERTIFICATE-----
+
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 25 (0x19)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor
+ Validity
+ Not Before: Jan 1 12:01:00 1998 GMT
+ Not After : Jan 1 12:01:00 2048 GMT
+ Subject: C=US, O=U.S. Government, OU=Dod, OU=Testing, CN=CA1-CP.04.01
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:b9:50:9f:8a:32:3f:2d:02:6c:eb:dc:e1:98:2f:
+ 68:12:15:c3:53:7f:c8:a4:f9:95:71:95:a3:d5:18:
+ 7c:92:2a:36:10:04:01:1b:79:f8:5f:83:93:ec:d9:
+ a2:2e:a8:1c:18:91:bb:45:5e:e1:e2:7f:91:84:86:
+ 03:9b:03:82:27:0b:21:12:79:18:d8:2c:67:15:32:
+ ac:12:67:30:0e:14:04:74:74:fd:4b:ce:0c:d0:b3:
+ 76:60:1b:d2:57:e4:c3:b9:c0:46:7c:20:c9:d5:37:
+ 83:ad:bb:85:c8:95:64:a0:22:95:0d:4b:6b:f2:7a:
+ df:19:8b:bb:7d:7d:7f:89:7b
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ X509v3 Key Usage: critical
+ Certificate Sign, CRL Sign
+ X509v3 Certificate Policies:
+ Policy: 2.16.840.1.101.3.1.48.1
+
+ X509v3 Subject Key Identifier:
+ 39:9B:DF:A6:1E:14:BB:D6
+ X509v3 Authority Key Identifier:
+ keyid:AB:9A:EB:F9:C2:E7:54:8F
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 5c:cc:ac:72:61:a9:29:22:c6:de:14:25:b4:c4:0b:7a:0c:b4:
+ fa:0e:70:ce:03:ab:6c:53:96:c5:99:a2:54:d4:7e:cd:2b:07:
+ 0c:3d:d4:00:71:f8:4b:24:e8:ce:5a:28:0b:48:c0:63:8c:80:
+ 85:9e:51:5f:a4:92:24:ac:7d:7c:7b:0e:64:3f:65:74:29:ac:
+ b7:5e:2a:2e:4d:e9:90:8f:8c:d1:08:8f:05:99:15:4f:1e:7f:
+ ed:d4:76:c0:69:2e:34:a4:95:58:7e:b0:a0:ea:bb:05:b1:33:
+ a4:ee:f1:32:5a:d4:af:ab:60:1e:de:03:73:a1:2f:b7:5a:55:
+ 66:5b
+-----BEGIN CERTIFICATE-----
+MIIClTCCAf6gAwIBAgIBGTANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJVUzEY
+MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxEDAOBgNVBAsT
+B1Rlc3RpbmcxFTATBgNVBAMTDFRydXN0IEFuY2hvcjAeFw05ODAxMDExMjAxMDBa
+Fw00ODAxMDExMjAxMDBaMF4xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdv
+dmVybm1lbnQxDDAKBgNVBAsTA0RvZDEQMA4GA1UECxMHVGVzdGluZzEVMBMGA1UE
+AxMMQ0ExLUNQLjA0LjAxMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5UJ+K
+Mj8tAmzr3OGYL2gSFcNTf8ik+ZVxlaPVGHySKjYQBAEbefhfg5Ps2aIuqBwYkbtF
+XuHif5GEhgObA4InCyESeRjYLGcVMqwSZzAOFAR0dP1LzgzQs3ZgG9JX5MO5wEZ8
+IMnVN4Otu4XIlWSgIpUNS2vyet8Zi7t9fX+JewIDAQABo2MwYTAPBgNVHRMBAf8E
+BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAWBgNVHSAEDzANMAsGCWCGSAFlAwEwATAR
+BgNVHQ4ECgQIOZvfph4Uu9YwEwYDVR0jBAwwCoAIq5rr+cLnVI8wDQYJKoZIhvcN
+AQEFBQADgYEAXMyscmGpKSLG3hQltMQLegy0+g5wzgOrbFOWxZmiVNR+zSsHDD3U
+AHH4SyTozlooC0jAY4yAhZ5RX6SSJKx9fHsOZD9ldCmst14qLk3pkI+M0QiPBZkV
+Tx5/7dR2wGkuNKSVWH6woOq7BbEzpO7xMlrUr6tgHt4Dc6Evt1pVZls=
+-----END CERTIFICATE-----
+
diff --git a/tests/test2.pem b/tests/test2.pem
index af08bba7f8..f2c42fcfa3 100644
--- a/tests/test2.pem
+++ b/tests/test2.pem
@@ -123,59 +123,3 @@ AQEFBQADgYEA3C7Ye5/Te14LIwo/LK2fnpobbQA3dhOn5UgqZ8lKbQ/HV1D8/eU9
dK2v5gW43XvFq4whK0WKLBvBFchKtp9T1QX3CI2WCqdJRyqla6TkQsS36T17/ww2
nzy1853YhfDYNsge5XW8YZNfNjjVxcR3RnyFxPax1YIlISiGdI0dnag=
-----END CERTIFICATE-----
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 99999 (0x1869f)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor
- Validity
- Not Before: Jan 1 12:01:00 1999 GMT
- Not After : Jan 1 12:01:00 2048 GMT
- Subject: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:d3:f3:b9:c1:33:b7:3f:a7:27:f6:41:1d:5c:9c:
- 79:9d:aa:d2:95:10:b7:84:ce:da:a3:e5:58:0c:3e:
- 4e:8b:56:bf:3e:aa:21:2d:50:13:fe:f3:19:2e:7a:
- cb:11:cf:f3:d3:b8:5f:57:9f:9d:97:80:af:1d:95:
- 57:12:df:34:d4:bd:f3:ae:4d:e7:7c:a6:20:d4:04:
- 4e:da:63:61:3e:3d:2a:8d:37:cf:c5:3c:c9:f9:fa:
- f0:39:48:04:78:bd:b0:dd:f5:24:46:33:a1:46:9f:
- 17:9f:04:bb:cf:37:94:0c:13:43:aa:90:ac:91:78:
- 1d:ba:f3:18:84:2a:82:2b:47
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Subject Key Identifier:
- AB:9A:EB:F9:C2:E7:54:8F
- X509v3 Basic Constraints:
- CA:TRUE
- X509v3 Authority Key Identifier:
- keyid:AB:9A:EB:F9:C2:E7:54:8F
-
- Signature Algorithm: sha1WithRSAEncryption
- 16:56:0f:61:ac:87:8b:4f:eb:64:12:1b:c3:85:59:4a:68:e1:
- 3b:a5:21:c1:59:2e:91:ac:68:fe:13:ff:63:6d:ee:55:d4:a0:
- 82:4c:37:bc:16:8e:a9:26:61:fe:7f:46:fa:38:1f:13:5c:8a:
- 6a:b7:12:47:98:72:b9:b5:56:80:ee:78:95:18:1a:f4:63:70:
- 26:39:9b:19:20:84:8d:bb:62:5f:df:2c:a1:3d:fc:1b:d0:3a:
- bb:d8:cc:1b:36:12:a2:ab:ad:3e:e6:e1:52:b4:75:13:11:ec:
- 27:95:a6:63:cf:d3:cc:f4:4e:d8:ba:b8:ad:ad:cc:1a:65:a7:
- 5a:45
------BEGIN CERTIFICATE-----
-MIICbDCCAdWgAwIBAgIDAYafMA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNVBAYTAlVT
-MRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEQMA4GA1UE
-CxMHVGVzdGluZzEVMBMGA1UEAxMMVHJ1c3QgQW5jaG9yMB4XDTk5MDEwMTEyMDEw
-MFoXDTQ4MDEwMTEyMDEwMFowXjELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4g
-R292ZXJubWVudDEMMAoGA1UECxMDRG9EMRAwDgYDVQQLEwdUZXN0aW5nMRUwEwYD
-VQQDEwxUcnVzdCBBbmNob3IwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANPz
-ucEztz+nJ/ZBHVyceZ2q0pUQt4TO2qPlWAw+TotWvz6qIS1QE/7zGS56yxHP89O4
-X1efnZeArx2VVxLfNNS9865N53ymINQETtpjYT49Ko03z8U8yfn68DlIBHi9sN31
-JEYzoUafF58Eu883lAwTQ6qQrJF4HbrzGIQqgitHAgMBAAGjODA2MBEGA1UdDgQK
-BAirmuv5wudUjzAMBgNVHRMEBTADAQH/MBMGA1UdIwQMMAqACKua6/nC51SPMA0G
-CSqGSIb3DQEBBQUAA4GBABZWD2Gsh4tP62QSG8OFWUpo4TulIcFZLpGsaP4T/2Nt
-7lXUoIJMN7wWjqkmYf5/Rvo4HxNcimq3EkeYcrm1VoDueJUYGvRjcCY5mxkghI27
-Yl/fLKE9/BvQOrvYzBs2EqKrrT7m4VK0dRMR7CeVpmPP08z0Tti6uK2tzBplp1pF
------END CERTIFICATE-----
diff --git a/tests/test23.pem b/tests/test23.pem
new file mode 100644
index 0000000000..12a83131b0
--- /dev/null
+++ b/tests/test23.pem
@@ -0,0 +1,184 @@
+[ The basicConstraints extension exists and the CA flag is false. This
+should not be validated. ]
+
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 99999 (0x1869f)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor
+ Validity
+ Not Before: Jan 1 12:01:00 1999 GMT
+ Not After : Jan 1 12:01:00 2048 GMT
+ Subject: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:d3:f3:b9:c1:33:b7:3f:a7:27:f6:41:1d:5c:9c:
+ 79:9d:aa:d2:95:10:b7:84:ce:da:a3:e5:58:0c:3e:
+ 4e:8b:56:bf:3e:aa:21:2d:50:13:fe:f3:19:2e:7a:
+ cb:11:cf:f3:d3:b8:5f:57:9f:9d:97:80:af:1d:95:
+ 57:12:df:34:d4:bd:f3:ae:4d:e7:7c:a6:20:d4:04:
+ 4e:da:63:61:3e:3d:2a:8d:37:cf:c5:3c:c9:f9:fa:
+ f0:39:48:04:78:bd:b0:dd:f5:24:46:33:a1:46:9f:
+ 17:9f:04:bb:cf:37:94:0c:13:43:aa:90:ac:91:78:
+ 1d:ba:f3:18:84:2a:82:2b:47
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ AB:9A:EB:F9:C2:E7:54:8F
+ X509v3 Basic Constraints:
+ CA:TRUE
+ X509v3 Authority Key Identifier:
+ keyid:AB:9A:EB:F9:C2:E7:54:8F
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 16:56:0f:61:ac:87:8b:4f:eb:64:12:1b:c3:85:59:4a:68:e1:
+ 3b:a5:21:c1:59:2e:91:ac:68:fe:13:ff:63:6d:ee:55:d4:a0:
+ 82:4c:37:bc:16:8e:a9:26:61:fe:7f:46:fa:38:1f:13:5c:8a:
+ 6a:b7:12:47:98:72:b9:b5:56:80:ee:78:95:18:1a:f4:63:70:
+ 26:39:9b:19:20:84:8d:bb:62:5f:df:2c:a1:3d:fc:1b:d0:3a:
+ bb:d8:cc:1b:36:12:a2:ab:ad:3e:e6:e1:52:b4:75:13:11:ec:
+ 27:95:a6:63:cf:d3:cc:f4:4e:d8:ba:b8:ad:ad:cc:1a:65:a7:
+ 5a:45
+-----BEGIN CERTIFICATE-----
+MIICbDCCAdWgAwIBAgIDAYafMA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNVBAYTAlVT
+MRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEQMA4GA1UE
+CxMHVGVzdGluZzEVMBMGA1UEAxMMVHJ1c3QgQW5jaG9yMB4XDTk5MDEwMTEyMDEw
+MFoXDTQ4MDEwMTEyMDEwMFowXjELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4g
+R292ZXJubWVudDEMMAoGA1UECxMDRG9EMRAwDgYDVQQLEwdUZXN0aW5nMRUwEwYD
+VQQDEwxUcnVzdCBBbmNob3IwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANPz
+ucEztz+nJ/ZBHVyceZ2q0pUQt4TO2qPlWAw+TotWvz6qIS1QE/7zGS56yxHP89O4
+X1efnZeArx2VVxLfNNS9865N53ymINQETtpjYT49Ko03z8U8yfn68DlIBHi9sN31
+JEYzoUafF58Eu883lAwTQ6qQrJF4HbrzGIQqgitHAgMBAAGjODA2MBEGA1UdDgQK
+BAirmuv5wudUjzAMBgNVHRMEBTADAQH/MBMGA1UdIwQMMAqACKua6/nC51SPMA0G
+CSqGSIb3DQEBBQUAA4GBABZWD2Gsh4tP62QSG8OFWUpo4TulIcFZLpGsaP4T/2Nt
+7lXUoIJMN7wWjqkmYf5/Rvo4HxNcimq3EkeYcrm1VoDueJUYGvRjcCY5mxkghI27
+Yl/fLKE9/BvQOrvYzBs2EqKrrT7m4VK0dRMR7CeVpmPP08z0Tti6uK2tzBplp1pF
+-----END CERTIFICATE-----
+
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 46 (0x2e)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, O=U.S. Government, OU=Dod, OU=Testing, CN=CA1-IC.02.01
+ Validity
+ Not Before: Jan 1 12:01:00 1998 GMT
+ Not After : Jan 1 12:01:00 2048 GMT
+ Subject: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=User1-IC.02.01
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:d6:d3:55:e0:31:3a:26:c0:3b:72:86:ab:1c:58:
+ dd:5a:8a:5c:3a:fd:b4:a2:4d:fa:28:29:29:be:30:
+ 82:84:74:66:75:86:0e:eb:12:56:6e:29:be:77:99:
+ f6:a7:e6:8b:c0:34:b0:cd:04:f7:5f:81:da:10:30:
+ b1:4e:98:f5:1a:00:ee:73:ec:4e:41:58:8b:91:7e:
+ 84:71:88:17:8e:8e:a7:af:1b:94:6a:d9:ad:a1:9f:
+ f5:bb:16:5c:26:45:a0:ba:31:72:09:6d:c2:31:8f:
+ 42:ac:99:e6:69:e7:9b:c7:31:51:bb:5a:5a:68:28:
+ db:c3:0a:d7:20:47:fe:c4:b9
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Key Usage: critical
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Certificate Policies:
+ Policy: 2.16.840.1.101.3.1.48.1
+
+ X509v3 Subject Key Identifier:
+ DE:09:01:36:8F:D2:21:23
+ X509v3 Authority Key Identifier:
+ keyid:85:3F:46:8D:A6:87:8F:AF
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 40:69:75:ee:e4:f6:c7:16:03:92:ce:87:a2:5a:d0:22:97:ac:
+ 22:83:ea:12:26:7c:4e:48:b3:10:1b:8b:1b:7b:14:2a:c0:bb:
+ 92:51:f0:cb:68:b2:56:f0:3a:9d:15:03:c1:ff:d7:cc:32:e9:
+ 19:6f:c6:9f:42:93:5b:a6:58:21:7e:ac:9c:e0:b5:fb:b1:d7:
+ e4:e2:60:95:0c:7c:b4:3a:43:bd:c0:20:ca:87:0a:f0:fb:c2:
+ ac:77:ee:f6:8d:f7:27:8f:5a:49:e2:c0:56:9a:02:1f:09:de:
+ b5:3b:49:c5:57:d3:32:68:d8:58:a7:83:6c:71:c7:8b:c6:b6:
+ 61:32
+-----BEGIN CERTIFICATE-----
+MIIChjCCAe+gAwIBAgIBLjANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJVUzEY
+MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb2QxEDAOBgNVBAsT
+B1Rlc3RpbmcxFTATBgNVBAMTDENBMS1JQy4wMi4wMTAeFw05ODAxMDExMjAxMDBa
+Fw00ODAxMDExMjAxMDBaMGAxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdv
+dmVybm1lbnQxDDAKBgNVBAsTA0RvRDEQMA4GA1UECxMHVGVzdGluZzEXMBUGA1UE
+AxMOVXNlcjEtSUMuMDIuMDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANbT
+VeAxOibAO3KGqxxY3VqKXDr9tKJN+igpKb4wgoR0ZnWGDusSVm4pvneZ9qfmi8A0
+sM0E91+B2hAwsU6Y9RoA7nPsTkFYi5F+hHGIF46Op68blGrZraGf9bsWXCZFoLox
+cgltwjGPQqyZ5mnnm8cxUbtaWmgo28MK1yBH/sS5AgMBAAGjUjBQMA4GA1UdDwEB
+/wQEAwIF4DAWBgNVHSAEDzANMAsGCWCGSAFlAwEwATARBgNVHQ4ECgQI3gkBNo/S
+ISMwEwYDVR0jBAwwCoAIhT9GjaaHj68wDQYJKoZIhvcNAQEFBQADgYEAQGl17uT2
+xxYDks6HolrQIpesIoPqEiZ8TkizEBuLG3sUKsC7klHwy2iyVvA6nRUDwf/XzDLp
+GW/Gn0KTW6ZYIX6snOC1+7HX5OJglQx8tDpDvcAgyocK8PvCrHfu9o33J49aSeLA
+VpoCHwnetTtJxVfTMmjYWKeDbHHHi8a2YTI=
+-----END CERTIFICATE-----
+
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 45 (0x2d)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor
+ Validity
+ Not Before: Jan 1 12:01:00 1998 GMT
+ Not After : Jan 1 12:01:00 2048 GMT
+ Subject: C=US, O=U.S. Government, OU=Dod, OU=Testing, CN=CA1-IC.02.01
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:de:98:98:19:9c:ec:d7:3b:03:46:a9:10:37:5e:
+ af:5a:32:b0:16:41:4e:28:16:e8:52:10:bb:04:61:
+ f2:d9:18:ed:e7:b4:18:c9:2e:a0:a7:fa:bb:37:16:
+ 34:7d:37:de:1c:bb:ad:d3:76:e3:80:82:a9:57:aa:
+ b3:5b:bf:23:b5:f9:21:7d:9b:7e:49:5e:b7:aa:9f:
+ f3:92:e8:aa:ca:e9:cf:16:d8:8a:43:01:62:5c:af:
+ cf:67:1b:2c:82:5c:ca:09:79:a3:8e:b6:3f:26:d8:
+ d8:d9:6e:59:82:66:fb:40:97:95:0c:39:ec:3b:dc:
+ 61:3b:67:97:c4:fa:3b:40:db
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints: critical
+ CA:FALSE
+ X509v3 Key Usage: critical
+ Certificate Sign, CRL Sign
+ X509v3 Certificate Policies:
+ Policy: 2.16.840.1.101.3.1.48.1
+
+ X509v3 Subject Key Identifier:
+ 85:3F:46:8D:A6:87:8F:AF
+ X509v3 Authority Key Identifier:
+ keyid:AB:9A:EB:F9:C2:E7:54:8F
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 5a:12:89:52:e8:cb:6a:9c:69:cf:f0:e8:0f:fc:38:f0:73:33:
+ 90:be:94:40:2c:50:3c:e0:23:c3:01:e2:71:7f:30:15:c2:a6:
+ 72:b5:8b:54:17:55:0b:7d:3e:cb:0a:f3:32:b6:96:85:aa:be:
+ 40:23:aa:b2:0b:71:0b:04:d9:ad:f5:31:6c:23:6a:84:a4:b4:
+ 95:98:a3:08:c8:0d:37:82:61:b7:e3:c0:67:6d:ad:cc:4b:30:
+ ee:70:b0:88:c3:36:9f:58:de:28:5f:f7:6e:da:03:11:4b:d9:
+ 9f:d4:ae:ce:19:08:cb:1c:bb:43:c9:76:b5:b3:4e:b0:03:6a:
+ a7:11
+-----BEGIN CERTIFICATE-----
+MIICkjCCAfugAwIBAgIBLTANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJVUzEY
+MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxEDAOBgNVBAsT
+B1Rlc3RpbmcxFTATBgNVBAMTDFRydXN0IEFuY2hvcjAeFw05ODAxMDExMjAxMDBa
+Fw00ODAxMDExMjAxMDBaMF4xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdv
+dmVybm1lbnQxDDAKBgNVBAsTA0RvZDEQMA4GA1UECxMHVGVzdGluZzEVMBMGA1UE
+AxMMQ0ExLUlDLjAyLjAxMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDemJgZ
+nOzXOwNGqRA3Xq9aMrAWQU4oFuhSELsEYfLZGO3ntBjJLqCn+rs3FjR9N94cu63T
+duOAgqlXqrNbvyO1+SF9m35JXreqn/OS6KrK6c8W2IpDAWJcr89nGyyCXMoJeaOO
+tj8m2NjZblmCZvtAl5UMOew73GE7Z5fE+jtA2wIDAQABo2AwXjAMBgNVHRMBAf8E
+AjAAMA4GA1UdDwEB/wQEAwIBBjAWBgNVHSAEDzANMAsGCWCGSAFlAwEwATARBgNV
+HQ4ECgQIhT9GjaaHj68wEwYDVR0jBAwwCoAIq5rr+cLnVI8wDQYJKoZIhvcNAQEF
+BQADgYEAWhKJUujLapxpz/DoD/w48HMzkL6UQCxQPOAjwwHicX8wFcKmcrWLVBdV
+C30+ywrzMraWhaq+QCOqsgtxCwTZrfUxbCNqhKS0lZijCMgNN4Jht+PAZ22tzEsw
+7nCwiMM2n1jeKF/3btoDEUvZn9SuzhkIyxy7Q8l2tbNOsANqpxE=
+-----END CERTIFICATE-----
+
diff --git a/tests/test24.pem b/tests/test24.pem
new file mode 100644
index 0000000000..5c76407767
--- /dev/null
+++ b/tests/test24.pem
@@ -0,0 +1,127 @@
+[ This chain should be validated. The basicConstraints in the intermediate
+certificate is there and the CA is set to true ]
+
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 48 (0x30)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, O=U.S. Government, OU=Dod, OU=Testing, CN=CA1-IC.02.02
+ Validity
+ Not Before: Jan 1 12:01:00 1998 GMT
+ Not After : Jan 1 12:01:00 2048 GMT
+ Subject: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=User1-IC.02.02
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:aa:20:a9:61:b1:f4:4a:49:ff:41:bb:39:1a:29:
+ c8:84:38:21:95:d8:28:a4:c4:e3:c5:aa:38:96:ee:
+ 9c:b0:f7:b7:11:a3:31:46:f9:5d:e7:e5:fd:0c:93:
+ 7d:de:89:ef:9f:1d:74:6c:cf:88:ab:35:cd:63:ba:
+ ae:27:df:24:b2:01:a0:e1:43:9a:df:2d:72:13:c1:
+ 26:e2:0c:de:02:a0:5d:e5:5c:64:cc:85:e6:67:9b:
+ 9b:9f:c6:65:e9:0c:3a:36:ec:f0:ff:f3:6c:b7:6b:
+ 96:ed:43:f4:26:56:64:c5:ce:35:88:ad:76:5b:92:
+ 83:69:a8:30:66:de:c1:2d:8d
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Key Usage: critical
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Certificate Policies:
+ Policy: 2.16.840.1.101.3.1.48.1
+
+ X509v3 Subject Key Identifier:
+ 3F:C3:7B:3A:63:46:B2:11
+ X509v3 Authority Key Identifier:
+ keyid:2B:1E:18:6F:3B:B6:3D:A6
+
+ Signature Algorithm: sha1WithRSAEncryption
+ c2:4a:45:8f:a2:af:f8:e7:0a:ad:4b:4e:82:71:fd:41:d7:41:
+ d0:48:f4:a1:4e:81:e7:fe:47:86:17:f7:96:20:0f:2a:d9:65:
+ 0c:79:e1:52:3e:a7:a9:f8:78:00:f3:6a:fe:2a:98:14:e9:0a:
+ 31:14:54:66:86:a3:ea:46:a4:24:d4:8e:96:0b:d1:22:24:1f:
+ b8:52:20:bf:70:aa:2d:99:e1:af:ce:58:15:19:ca:82:89:6e:
+ 64:4d:69:ab:74:ef:ba:7a:22:2b:22:5b:0a:36:e6:c8:2a:2c:
+ 45:dd:f6:81:57:09:ab:4d:b8:c6:f6:36:79:50:53:97:ab:5f:
+ 9f:90
+-----BEGIN CERTIFICATE-----
+MIIChjCCAe+gAwIBAgIBMDANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJVUzEY
+MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb2QxEDAOBgNVBAsT
+B1Rlc3RpbmcxFTATBgNVBAMTDENBMS1JQy4wMi4wMjAeFw05ODAxMDExMjAxMDBa
+Fw00ODAxMDExMjAxMDBaMGAxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdv
+dmVybm1lbnQxDDAKBgNVBAsTA0RvRDEQMA4GA1UECxMHVGVzdGluZzEXMBUGA1UE
+AxMOVXNlcjEtSUMuMDIuMDIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKog
+qWGx9EpJ/0G7ORopyIQ4IZXYKKTE48WqOJbunLD3txGjMUb5Xefl/QyTfd6J758d
+dGzPiKs1zWO6riffJLIBoOFDmt8tchPBJuIM3gKgXeVcZMyF5mebm5/GZekMOjbs
+8P/zbLdrlu1D9CZWZMXONYitdluSg2moMGbewS2NAgMBAAGjUjBQMA4GA1UdDwEB
+/wQEAwIF4DAWBgNVHSAEDzANMAsGCWCGSAFlAwEwATARBgNVHQ4ECgQIP8N7OmNG
+shEwEwYDVR0jBAwwCoAIKx4Ybzu2PaYwDQYJKoZIhvcNAQEFBQADgYEAwkpFj6Kv
++OcKrUtOgnH9QddB0Ej0oU6B5/5Hhhf3liAPKtllDHnhUj6nqfh4APNq/iqYFOkK
+MRRUZoaj6kakJNSOlgvRIiQfuFIgv3CqLZnhr85YFRnKgoluZE1pq3TvunoiKyJb
+CjbmyCosRd32gVcJq024xvY2eVBTl6tfn5A=
+-----END CERTIFICATE-----
+
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 47 (0x2f)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor
+ Validity
+ Not Before: Jan 1 12:01:00 1998 GMT
+ Not After : Jan 1 12:01:00 2048 GMT
+ Subject: C=US, O=U.S. Government, OU=Dod, OU=Testing, CN=CA1-IC.02.02
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:e8:78:0d:f6:04:fc:20:ab:ca:4b:26:84:7f:b5:
+ b3:92:8c:7b:40:cf:a7:e6:ce:fc:c9:ae:12:4c:be:
+ 5e:b8:71:c5:6e:23:31:b1:cc:e9:de:62:c3:bf:65:
+ 85:b2:dd:91:ad:94:2a:0c:64:94:67:4b:cd:ed:c3:
+ 48:a4:53:db:d0:53:00:70:ec:31:1c:7d:19:4b:29:
+ 89:18:eb:ca:e9:db:93:75:57:92:44:8e:79:47:c3:
+ e4:6f:b9:b7:46:92:89:d6:cd:43:49:15:b6:35:18:
+ 0d:b8:27:79:e8:d8:66:47:88:b3:e0:5a:61:9b:d6:
+ 3b:00:f0:08:37:d8:c5:2b:09
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ X509v3 Key Usage: critical
+ Certificate Sign, CRL Sign
+ X509v3 Certificate Policies:
+ Policy: 2.16.840.1.101.3.1.48.1
+
+ X509v3 Subject Key Identifier:
+ 2B:1E:18:6F:3B:B6:3D:A6
+ X509v3 Authority Key Identifier:
+ keyid:AB:9A:EB:F9:C2:E7:54:8F
+
+ Signature Algorithm: sha1WithRSAEncryption
+ a2:d1:9e:34:5c:e6:92:db:dc:c6:90:91:72:9b:80:44:79:2f:
+ d6:55:be:2d:e8:2f:6c:30:67:48:fb:c6:9e:bd:7e:0a:7f:6b:
+ 65:cb:8b:ba:9b:bc:7b:1e:95:27:b2:96:b6:05:81:b7:37:4e:
+ 7a:57:ab:3b:ac:ad:7d:64:3a:ee:e3:69:4c:eb:9c:d1:20:dd:
+ 93:f7:f7:b4:26:a0:77:1e:38:2c:15:50:cb:0b:aa:fc:a8:f9:
+ ed:9b:8d:8e:97:b8:27:c5:0f:65:20:45:14:af:8f:de:04:d7:
+ dd:2f:e5:20:ab:03:8b:ac:63:46:7a:85:2d:24:18:19:7d:97:
+ 88:81
+-----BEGIN CERTIFICATE-----
+MIIClTCCAf6gAwIBAgIBLzANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJVUzEY
+MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxEDAOBgNVBAsT
+B1Rlc3RpbmcxFTATBgNVBAMTDFRydXN0IEFuY2hvcjAeFw05ODAxMDExMjAxMDBa
+Fw00ODAxMDExMjAxMDBaMF4xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdv
+dmVybm1lbnQxDDAKBgNVBAsTA0RvZDEQMA4GA1UECxMHVGVzdGluZzEVMBMGA1UE
+AxMMQ0ExLUlDLjAyLjAyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoeA32
+BPwgq8pLJoR/tbOSjHtAz6fmzvzJrhJMvl64ccVuIzGxzOneYsO/ZYWy3ZGtlCoM
+ZJRnS83tw0ikU9vQUwBw7DEcfRlLKYkY68rp25N1V5JEjnlHw+RvubdGkonWzUNJ
+FbY1GA24J3no2GZHiLPgWmGb1jsA8Ag32MUrCQIDAQABo2MwYTAPBgNVHRMBAf8E
+BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAWBgNVHSAEDzANMAsGCWCGSAFlAwEwATAR
+BgNVHQ4ECgQIKx4Ybzu2PaYwEwYDVR0jBAwwCoAIq5rr+cLnVI8wDQYJKoZIhvcN
+AQEFBQADgYEAotGeNFzmktvcxpCRcpuARHkv1lW+LegvbDBnSPvGnr1+Cn9rZcuL
+upu8ex6VJ7KWtgWBtzdOelerO6ytfWQ67uNpTOuc0SDdk/f3tCagdx44LBVQywuq
+/Kj57ZuNjpe4J8UPZSBFFK+P3gTX3S/lIKsDi6xjRnqFLSQYGX2XiIE=
+-----END CERTIFICATE-----
+
diff --git a/tests/test26.pem b/tests/test26.pem
new file mode 100644
index 0000000000..c3c9ecf77d
--- /dev/null
+++ b/tests/test26.pem
@@ -0,0 +1,196 @@
+[ In the intermediate certificate, the basicConstraints is set - non critical -
+and the CA is true. This should be validated. ]
+
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 52 (0x34)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, O=U.S. Government, OU=Dod, OU=Testing, CN=CA1-IC.02.04
+ Validity
+ Not Before: Jan 1 12:01:00 1998 GMT
+ Not After : Jan 1 12:01:00 2048 GMT
+ Subject: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=User1-IC.02.04
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:c5:b8:e5:de:5d:3e:bc:d4:25:bb:91:20:37:90:
+ e6:02:09:45:8c:62:f3:43:f1:3e:fc:52:98:97:bc:
+ 49:c1:b5:03:e9:7b:e5:20:2d:80:b1:96:03:10:6a:
+ c4:f4:b3:2f:eb:5e:04:15:2c:9e:67:f6:5e:c7:3c:
+ fe:a4:07:1d:eb:fb:e2:e6:ad:d2:5c:6a:f5:8a:d9:
+ de:7a:4b:5b:66:0d:a3:60:9f:c4:b2:b4:33:b1:75:
+ fd:b8:64:1c:ad:9f:f6:db:48:bc:ea:eb:28:8e:bb:
+ 05:e1:23:7c:00:94:2d:d2:44:86:5e:37:d6:e5:88:
+ 35:65:74:a5:8f:9f:1e:af:a9
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Key Usage: critical
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Certificate Policies:
+ Policy: 2.16.840.1.101.3.1.48.1
+
+ X509v3 Subject Key Identifier:
+ 23:AD:4D:9D:4B:E0:BE:36
+ X509v3 Authority Key Identifier:
+ keyid:8C:39:BC:2B:96:1C:19:A9
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 8f:08:0b:ea:a3:27:9e:a5:2f:36:ca:6c:0d:a6:29:3d:0c:d3:
+ 0a:a5:e4:aa:c8:59:86:cc:b9:1b:f9:cb:93:ad:b5:1f:f6:1b:
+ 34:69:67:67:a6:ac:1c:69:63:61:56:0c:ce:39:9c:9f:2d:7a:
+ cb:a9:ed:8a:ff:50:3c:1e:d8:a2:b0:31:db:b5:93:ee:94:0f:
+ 16:56:bd:ea:cf:a7:33:fa:df:c1:61:cf:58:8e:90:18:3b:2a:
+ b8:fa:e2:c0:99:bf:33:04:02:fb:5a:03:5c:41:4a:bd:d2:0b:
+ d2:ea:de:8d:f7:79:86:08:97:61:b4:51:c0:c2:3b:92:6f:7b:
+ 88:78
+-----BEGIN CERTIFICATE-----
+MIIChjCCAe+gAwIBAgIBNDANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJVUzEY
+MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb2QxEDAOBgNVBAsT
+B1Rlc3RpbmcxFTATBgNVBAMTDENBMS1JQy4wMi4wNDAeFw05ODAxMDExMjAxMDBa
+Fw00ODAxMDExMjAxMDBaMGAxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdv
+dmVybm1lbnQxDDAKBgNVBAsTA0RvRDEQMA4GA1UECxMHVGVzdGluZzEXMBUGA1UE
+AxMOVXNlcjEtSUMuMDIuMDQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMW4
+5d5dPrzUJbuRIDeQ5gIJRYxi80PxPvxSmJe8ScG1A+l75SAtgLGWAxBqxPSzL+te
+BBUsnmf2Xsc8/qQHHev74uat0lxq9YrZ3npLW2YNo2CfxLK0M7F1/bhkHK2f9ttI
+vOrrKI67BeEjfACULdJEhl431uWINWV0pY+fHq+pAgMBAAGjUjBQMA4GA1UdDwEB
+/wQEAwIF4DAWBgNVHSAEDzANMAsGCWCGSAFlAwEwATARBgNVHQ4ECgQII61NnUvg
+vjYwEwYDVR0jBAwwCoAIjDm8K5YcGakwDQYJKoZIhvcNAQEFBQADgYEAjwgL6qMn
+nqUvNspsDaYpPQzTCqXkqshZhsy5G/nLk621H/YbNGlnZ6asHGljYVYMzjmcny16
+y6ntiv9QPB7YorAx27WT7pQPFla96s+nM/rfwWHPWI6QGDsquPriwJm/MwQC+1oD
+XEFKvdIL0urejfd5hgiXYbRRwMI7km97iHg=
+-----END CERTIFICATE-----
+
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 51 (0x33)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor
+ Validity
+ Not Before: Jan 1 12:01:00 1998 GMT
+ Not After : Jan 1 12:01:00 2048 GMT
+ Subject: C=US, O=U.S. Government, OU=Dod, OU=Testing, CN=CA1-IC.02.04
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:df:e6:ee:68:b8:64:25:42:67:4d:7d:ce:1e:96:
+ 5d:d1:5c:a5:a6:b6:af:9a:af:d5:4a:32:67:b7:92:
+ 9f:03:71:b0:db:51:a5:70:96:f8:56:4e:43:8a:c5:
+ bf:48:db:4f:30:7c:61:b6:9d:08:80:ad:ec:c8:c2:
+ eb:65:01:27:fb:b1:6a:35:e8:43:da:a6:61:9d:08:
+ 5f:ab:a7:57:69:8c:03:c1:52:e7:eb:b8:4c:82:67:
+ c9:ee:d8:84:c3:e7:6c:2e:3d:8f:4e:01:c2:87:40:
+ 4d:bf:6c:1a:42:25:69:30:f7:b7:d8:5f:a4:3d:3c:
+ f5:b9:ba:86:d6:a1:42:6d:3b
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:TRUE
+ X509v3 Key Usage: critical
+ Certificate Sign, CRL Sign
+ X509v3 Certificate Policies:
+ Policy: 2.16.840.1.101.3.1.48.1
+
+ X509v3 Subject Key Identifier:
+ 8C:39:BC:2B:96:1C:19:A9
+ X509v3 Authority Key Identifier:
+ keyid:AB:9A:EB:F9:C2:E7:54:8F
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 11:02:09:79:98:ff:1c:4d:c7:be:38:c9:57:b3:dd:53:ed:99:
+ 7b:c3:9e:09:87:9e:58:3a:1c:c6:b0:3a:e3:bc:69:78:e9:2c:
+ 55:70:57:2a:6a:b6:39:53:6a:a0:59:3b:60:db:65:49:4a:a2:
+ 4b:64:e5:aa:31:aa:2e:d2:98:7a:d9:3b:6b:5e:ea:4b:ff:04:
+ 21:07:2d:f8:7e:4a:59:db:e4:2e:46:0c:91:f2:00:00:c2:6f:
+ 25:91:cf:1b:11:2f:8f:ea:15:3c:08:bd:14:84:d1:6c:57:4d:
+ f0:9b:dd:a3:d3:00:b9:4d:aa:f1:dd:b1:f0:c1:76:df:a4:66:
+ 11:db
+-----BEGIN CERTIFICATE-----
+MIICkjCCAfugAwIBAgIBMzANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJVUzEY
+MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxEDAOBgNVBAsT
+B1Rlc3RpbmcxFTATBgNVBAMTDFRydXN0IEFuY2hvcjAeFw05ODAxMDExMjAxMDBa
+Fw00ODAxMDExMjAxMDBaMF4xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdv
+dmVybm1lbnQxDDAKBgNVBAsTA0RvZDEQMA4GA1UECxMHVGVzdGluZzEVMBMGA1UE
+AxMMQ0ExLUlDLjAyLjA0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDf5u5o
+uGQlQmdNfc4ell3RXKWmtq+ar9VKMme3kp8DcbDbUaVwlvhWTkOKxb9I208wfGG2
+nQiArezIwutlASf7sWo16EPapmGdCF+rp1dpjAPBUufruEyCZ8nu2ITD52wuPY9O
+AcKHQE2/bBpCJWkw97fYX6Q9PPW5uobWoUJtOwIDAQABo2AwXjAMBgNVHRMEBTAD
+AQH/MA4GA1UdDwEB/wQEAwIBBjAWBgNVHSAEDzANMAsGCWCGSAFlAwEwATARBgNV
+HQ4ECgQIjDm8K5YcGakwEwYDVR0jBAwwCoAIq5rr+cLnVI8wDQYJKoZIhvcNAQEF
+BQADgYEAEQIJeZj/HE3HvjjJV7PdU+2Ze8OeCYeeWDocxrA647xpeOksVXBXKmq2
+OVNqoFk7YNtlSUqiS2TlqjGqLtKYetk7a17qS/8EIQct+H5KWdvkLkYMkfIAAMJv
+JZHPGxEvj+oVPAi9FITRbFdN8Jvdo9MAuU2q8d2x8MF236RmEds=
+-----END CERTIFICATE-----
+
+Certificate Revocation List (CRL):
+ Version 2 (0x1)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: /C=US/O=U.S. Government/OU=Dod/OU=Testing/CN=CA1-IC.02.04
+ Last Update: Jan 1 12:01:00 1999 GMT
+ Next Update: Jan 1 12:01:00 2048 GMT
+ CRL extensions:
+ X509v3 CRL Number:
+ 1
+ X509v3 Authority Key Identifier:
+ keyid:8C:39:BC:2B:96:1C:19:A9
+
+No Revoked Certificates.
+ Signature Algorithm: sha1WithRSAEncryption
+ 57:96:d7:ed:6b:13:f2:c5:9e:03:48:90:ed:5f:fe:65:01:12:
+ 0f:3b:f2:1c:0e:d9:8a:3b:b4:89:1b:2f:4c:be:ea:39:51:7f:
+ 36:5e:6f:fb:33:43:f9:93:4f:85:d2:43:28:43:3f:43:49:44:
+ 68:0c:9b:7b:41:3b:dc:d3:26:33:5a:91:5f:57:5a:03:01:3e:
+ fa:31:ee:90:5f:53:31:e3:65:ef:9d:07:25:a4:ba:eb:b1:fa:
+ 8d:c8:de:46:b1:d4:24:30:f4:f8:08:2a:ad:96:39:d9:d2:fa:
+ 08:f3:37:57:84:12:bd:d7:dc:d7:fc:6d:2a:63:48:65:64:92:
+ a2:a6
+-----BEGIN X509 CRL-----
+MIIBSzCBtQIBATANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJVUzEYMBYGA1UE
+ChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb2QxEDAOBgNVBAsTB1Rlc3Rp
+bmcxFTATBgNVBAMTDENBMS1JQy4wMi4wNBcNOTkwMTAxMTIwMTAwWhcNNDgwMTAx
+MTIwMTAwWqAjMCEwCgYDVR0UBAMCAQEwEwYDVR0jBAwwCoAIjDm8K5YcGakwDQYJ
+KoZIhvcNAQEFBQADgYEAV5bX7WsT8sWeA0iQ7V/+ZQESDzvyHA7Ziju0iRsvTL7q
+OVF/Nl5v+zND+ZNPhdJDKEM/Q0lEaAybe0E73NMmM1qRX1daAwE++jHukF9TMeNl
+750HJaS667H6jcjeRrHUJDD0+AgqrZY52dL6CPM3V4QSvdfc1/xtKmNIZWSSoqY=
+-----END X509 CRL-----
+
+Certificate Revocation List (CRL):
+ Version 2 (0x1)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: /C=US/O=U.S. Government/OU=DoD/OU=Testing/CN=Trust Anchor
+ Last Update: Jan 1 12:01:00 1999 GMT
+ Next Update: Jan 1 12:01:00 2048 GMT
+ CRL extensions:
+ X509v3 CRL Number:
+ 1
+ X509v3 Authority Key Identifier:
+ keyid:AB:9A:EB:F9:C2:E7:54:8F
+
+Revoked Certificates:
+ Serial Number: 27
+ Revocation Date: Jan 1 12:00:00 1999 GMT
+ X509v3 CRL Reason Code:
+ Key Compromise
+ Signature Algorithm: sha1WithRSAEncryption
+ 0b:b9:6a:67:07:a3:25:15:bb:42:fc:c7:d7:5f:fb:71:87:0b:
+ de:b6:9c:80:cc:47:dc:f4:94:fe:e7:ef:c8:b9:3b:6a:14:7e:
+ f9:1b:47:6a:bc:bf:59:e0:af:45:dc:b3:9c:b8:88:38:0f:19:
+ 06:28:2e:5a:d5:4f:aa:c3:72:b0:d9:fb:58:ba:1f:40:85:5a:
+ fb:f4:c3:dd:3f:a5:79:c7:b8:7b:53:70:19:0b:e3:e5:0f:9e:
+ db:04:6d:19:78:3e:80:2b:93:8d:32:94:15:f2:91:9d:6c:fb:
+ 3b:b4:72:88:92:8a:8a:6d:23:b4:01:78:46:40:a9:2d:e6:cd:
+ 0a:16
+-----BEGIN X509 CRL-----
+MIIBbzCB2QIBATANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJVUzEYMBYGA1UE
+ChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxEDAOBgNVBAsTB1Rlc3Rp
+bmcxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNOTkwMTAxMTIwMTAwWhcNNDgwMTAx
+MTIwMTAwWjAiMCACAScXDTk5MDEwMTEyMDAwMFowDDAKBgNVHRUEAwoBAaAjMCEw
+CgYDVR0UBAMCAQEwEwYDVR0jBAwwCoAIq5rr+cLnVI8wDQYJKoZIhvcNAQEFBQAD
+gYEAC7lqZwejJRW7QvzH11/7cYcL3racgMxH3PSU/ufvyLk7ahR++RtHary/WeCv
+RdyznLiIOA8ZBiguWtVPqsNysNn7WLofQIVa+/TD3T+lece4e1NwGQvj5Q+e2wRt
+GXg+gCuTjTKUFfKRnWz7O7RyiJKKim0jtAF4RkCpLebNChY=
+-----END X509 CRL-----
+
diff --git a/tests/test3.pem b/tests/test3.pem
index 0647a14ddf..af6dcd337a 100644
--- a/tests/test3.pem
+++ b/tests/test3.pem
@@ -123,59 +123,3 @@ AQEFBQADgYEAQ+iqlFvbvDejO/m+RCHh2UuUau1FuABObkPOu2Tv9yTWvTSWDRyg
dOLQRiOLsjgrdXPdbDutVGjllBoTN8cdz3SWjCpampg5TBikArxmNEYMDQvL6n2l
kUcetRJRgQ7TYLvFj9+SycKXfM5CUXAyCfcU/QwDghhZgc99AuDZtJc=
-----END CERTIFICATE-----
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 99999 (0x1869f)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor
- Validity
- Not Before: Jan 1 12:01:00 1999 GMT
- Not After : Jan 1 12:01:00 2048 GMT
- Subject: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:d3:f3:b9:c1:33:b7:3f:a7:27:f6:41:1d:5c:9c:
- 79:9d:aa:d2:95:10:b7:84:ce:da:a3:e5:58:0c:3e:
- 4e:8b:56:bf:3e:aa:21:2d:50:13:fe:f3:19:2e:7a:
- cb:11:cf:f3:d3:b8:5f:57:9f:9d:97:80:af:1d:95:
- 57:12:df:34:d4:bd:f3:ae:4d:e7:7c:a6:20:d4:04:
- 4e:da:63:61:3e:3d:2a:8d:37:cf:c5:3c:c9:f9:fa:
- f0:39:48:04:78:bd:b0:dd:f5:24:46:33:a1:46:9f:
- 17:9f:04:bb:cf:37:94:0c:13:43:aa:90:ac:91:78:
- 1d:ba:f3:18:84:2a:82:2b:47
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Subject Key Identifier:
- AB:9A:EB:F9:C2:E7:54:8F
- X509v3 Basic Constraints:
- CA:TRUE
- X509v3 Authority Key Identifier:
- keyid:AB:9A:EB:F9:C2:E7:54:8F
-
- Signature Algorithm: sha1WithRSAEncryption
- 16:56:0f:61:ac:87:8b:4f:eb:64:12:1b:c3:85:59:4a:68:e1:
- 3b:a5:21:c1:59:2e:91:ac:68:fe:13:ff:63:6d:ee:55:d4:a0:
- 82:4c:37:bc:16:8e:a9:26:61:fe:7f:46:fa:38:1f:13:5c:8a:
- 6a:b7:12:47:98:72:b9:b5:56:80:ee:78:95:18:1a:f4:63:70:
- 26:39:9b:19:20:84:8d:bb:62:5f:df:2c:a1:3d:fc:1b:d0:3a:
- bb:d8:cc:1b:36:12:a2:ab:ad:3e:e6:e1:52:b4:75:13:11:ec:
- 27:95:a6:63:cf:d3:cc:f4:4e:d8:ba:b8:ad:ad:cc:1a:65:a7:
- 5a:45
------BEGIN CERTIFICATE-----
-MIICbDCCAdWgAwIBAgIDAYafMA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNVBAYTAlVT
-MRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEQMA4GA1UE
-CxMHVGVzdGluZzEVMBMGA1UEAxMMVHJ1c3QgQW5jaG9yMB4XDTk5MDEwMTEyMDEw
-MFoXDTQ4MDEwMTEyMDEwMFowXjELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4g
-R292ZXJubWVudDEMMAoGA1UECxMDRG9EMRAwDgYDVQQLEwdUZXN0aW5nMRUwEwYD
-VQQDEwxUcnVzdCBBbmNob3IwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANPz
-ucEztz+nJ/ZBHVyceZ2q0pUQt4TO2qPlWAw+TotWvz6qIS1QE/7zGS56yxHP89O4
-X1efnZeArx2VVxLfNNS9865N53ymINQETtpjYT49Ko03z8U8yfn68DlIBHi9sN31
-JEYzoUafF58Eu883lAwTQ6qQrJF4HbrzGIQqgitHAgMBAAGjODA2MBEGA1UdDgQK
-BAirmuv5wudUjzAMBgNVHRMEBTADAQH/MBMGA1UdIwQMMAqACKua6/nC51SPMA0G
-CSqGSIb3DQEBBQUAA4GBABZWD2Gsh4tP62QSG8OFWUpo4TulIcFZLpGsaP4T/2Nt
-7lXUoIJMN7wWjqkmYf5/Rvo4HxNcimq3EkeYcrm1VoDueJUYGvRjcCY5mxkghI27
-Yl/fLKE9/BvQOrvYzBs2EqKrrT7m4VK0dRMR7CeVpmPP08z0Tti6uK2tzBplp1pF
------END CERTIFICATE-----
diff --git a/tests/x509_test.c b/tests/x509_test.c
index 7a3b35ad4e..b1187221af 100644
--- a/tests/x509_test.c
+++ b/tests/x509_test.c
@@ -3,6 +3,9 @@
#include <gnutls_x509.h>
#include <gnutls_cert.h>
#include <gnutls_errors.h>
+#include <x509_b64.h>
+#include <x509_verify.h>
+#include <gnutls_global.h>
/* FIXME: This test uses gnutls internals. Rewrite it using
* the exported stuff. (I leave it as an exercise to the reader :)
@@ -20,14 +23,22 @@ static struct file_res test_files[] = {
{ "test2.pem", GNUTLS_CERT_INVALID | GNUTLS_CERT_NOT_TRUSTED },
{ "test3.pem", GNUTLS_CERT_INVALID | GNUTLS_CERT_NOT_TRUSTED },
{ "test10.pem", 0 },
+ { "test13.pem", GNUTLS_CERT_INVALID | GNUTLS_CERT_NOT_TRUSTED },
+ { "test22.pem", GNUTLS_CERT_INVALID | GNUTLS_CERT_NOT_TRUSTED },
+ { "test23.pem", GNUTLS_CERT_INVALID | GNUTLS_CERT_NOT_TRUSTED },
+ { "test24.pem", 0 },
{ "test25.pem", GNUTLS_CERT_INVALID | GNUTLS_CERT_NOT_TRUSTED },
+ { "test26.pem", 0 },
{ NULL, 0 }
};
-int _gnutls_verify_x509_file( char *cafile);
+#define CA_FILE "ca.pem"
+int _gnutls_verify_x509_file( const char* certfile, const char *cafile);
-static void print_res( int x) {
+
+static void print_res( int x)
+{
if (x&GNUTLS_CERT_INVALID)
printf("- certificate is invalid\n");
else
@@ -41,7 +52,8 @@ static void print_res( int x) {
return;
}
-int main() {
+int main()
+{
int x;
char* file;
@@ -57,7 +69,7 @@ int i = 0, exp_result;
file = test_files[i++].test_file;
if (file==NULL) break;
- x = _gnutls_verify_x509_file( file);
+ x = _gnutls_verify_x509_file( file, CA_FILE);
if (x<0) {
fprintf(stderr, "Unexpected error: %d\n", x);
@@ -84,19 +96,56 @@ int i = 0, exp_result;
/* Verifies a base64 encoded certificate list from memory
*/
-int _gnutls_verify_x509_mem( const char *ca, int ca_size)
+int _gnutls_verify_x509_mem( const char* cert, int cert_size,
+ const char *ca, int ca_size)
{
int siz, siz2, i;
unsigned char *b64;
const char *ptr;
int ret;
gnutls_datum tmp;
+ gnutls_cert* x509_cert_list=NULL;
gnutls_cert* x509_ca_list=NULL;
- int x509_ncas;
+ int x509_ncerts, x509_ncas;
+
+ /* Decode the CA certificate
+ */
+ siz2 = _gnutls_fbase64_decode( NULL, ca, ca_size, &b64);
+
+ if (siz2 < 0) {
+ fprintf(stderr, "Error decoding CA certificate\n");
+ gnutls_assert();
+ return GNUTLS_E_PARSING_ERROR;
+ }
+
+ x509_ca_list =
+ (gnutls_cert *) gnutls_calloc( 1, sizeof(gnutls_cert));
+ x509_ncas = 1;
+
+ if (x509_ca_list == NULL) {
+ fprintf(stderr, "memory error\n");
+ gnutls_free(b64);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ tmp.data = b64;
+ tmp.size = siz2;
+
+ if ((ret =
+ _gnutls_x509_cert2gnutls_cert( x509_ca_list,
+ tmp, 0)) < 0) {
+ fprintf(stderr, "Error parsing the CA certificate\n");
+ gnutls_assert();
+ gnutls_free(b64);
+ return ret;
+ }
+ gnutls_free(b64);
- siz = ca_size;
- ptr = ca;
+ /* Decode the certificate chain.
+ */
+ siz = cert_size;
+ ptr = cert;
i = 1;
@@ -110,11 +159,12 @@ int _gnutls_verify_x509_mem( const char *ca, int ca_size)
return GNUTLS_E_PARSING_ERROR;
}
- x509_ca_list =
- (gnutls_cert *) gnutls_realloc( x509_ca_list,
+ x509_cert_list =
+ (gnutls_cert *) gnutls_realloc( x509_cert_list,
i *
sizeof(gnutls_cert));
- if (x509_ca_list == NULL) {
+ if (x509_cert_list == NULL) {
+ fprintf(stderr, "memory error\n");
gnutls_assert();
gnutls_free(b64);
return GNUTLS_E_MEMORY_ERROR;
@@ -124,8 +174,9 @@ int _gnutls_verify_x509_mem( const char *ca, int ca_size)
tmp.size = siz2;
if ((ret =
- _gnutls_x509_cert2gnutls_cert(&x509_ca_list[i - 1],
- tmp, 0)) < 0) {
+ _gnutls_x509_cert2gnutls_cert( &x509_cert_list[i-1],
+ tmp, 0)) < 0) {
+ fprintf(stderr, "Error parsing the certificate\n");
gnutls_assert();
gnutls_free(b64);
return ret;
@@ -140,10 +191,15 @@ int _gnutls_verify_x509_mem( const char *ca, int ca_size)
i++;
} while ((ptr = strstr(ptr, PEM_CERT_SEP)) != NULL);
- x509_ncas = i - 1;
+ x509_ncerts = i - 1;
- siz = _gnutls_x509_verify_certificate( x509_ca_list, x509_ncas-1,
- &x509_ca_list[x509_ncas-1], 1, NULL, 0);
+ siz = _gnutls_x509_verify_certificate( x509_cert_list, x509_ncerts,
+ x509_ca_list, 1, NULL, 0);
+
+ _gnutls_free_cert( x509_ca_list[0]);
+ for (i=0;i<x509_ncerts;i++) {
+ _gnutls_free_cert( x509_cert_list[i]);
+ }
return siz;
}
@@ -152,23 +208,38 @@ int _gnutls_verify_x509_mem( const char *ca, int ca_size)
/* Reads and verifies a base64 encoded certificate file
*/
-int _gnutls_verify_x509_file( char *cafile)
+int _gnutls_verify_x509_file( const char* certfile, const char *cafile)
{
- int siz;
- char x[MAX_FILE_SIZE];
+ int ca_size, cert_size;
+ char ca[MAX_FILE_SIZE];
+ char cert[MAX_FILE_SIZE];
FILE *fd1;
- fd1 = fopen(cafile, "rb");
+ fd1 = fopen(certfile, "rb");
if (fd1 == NULL) {
+ fprintf(stderr, "error opening %s\n", certfile);
gnutls_assert();
return GNUTLS_E_FILE_ERROR;
}
- siz = fread(x, 1, sizeof(x)-1, fd1);
+ cert_size = fread(cert, 1, sizeof(cert)-1, fd1);
fclose(fd1);
- x[siz] = 0;
+ cert[cert_size] = 0;
+
+
+ fd1 = fopen(cafile, "rb");
+ if (fd1 == NULL) {
+ fprintf(stderr, "error opening %s\n", cafile);
+ gnutls_assert();
+ return GNUTLS_E_FILE_ERROR;
+ }
+
+ ca_size = fread(ca, 1, sizeof(ca)-1, fd1);
+ fclose(fd1);
+
+ ca[ca_size] = 0;
- return _gnutls_verify_x509_mem( x, siz);
+ return _gnutls_verify_x509_mem( cert, cert_size, ca, ca_size);
}
View Lorry Controller Status