diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2015-07-01 11:08:11 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2015-07-01 11:08:11 +0200 |
commit | da58b666799aeee8246b917a03e84a15a408a6a9 (patch) | |
tree | b0b4fdc7c2f00feb0cc133a07f51e7f8b950dedc | |
parent | 40702db3621e6d07f562a79f0971e9cc27dfc022 (diff) | |
download | gnutls-da58b666799aeee8246b917a03e84a15a408a6a9.tar.gz |
tests: verify that unsupported name constraints are properly handled
-rw-r--r-- | tests/cert-tests/Makefile.am | 8 | ||||
-rwxr-xr-x | tests/cert-tests/name-constraints | 38 | ||||
-rw-r--r-- | tests/cert-tests/name-constraints-ip.pem | 53 |
3 files changed, 96 insertions, 3 deletions
diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am index 55101c5319..2dc1befbec 100644 --- a/tests/cert-tests/Makefile.am +++ b/tests/cert-tests/Makefile.am @@ -32,12 +32,14 @@ EXTRA_DIST = ca-no-pathlen.pem no-ca-or-pathlen.pem aki-cert.pem \ email-certs/chain.invalid.example.com email-certs/chain.test.example.com-2 \ single-ca.p7b single-ca.p7b.out full.p7b full.p7b.out detached.p7b \ pkcs7-detached.txt p7-combined.out template-generalized.pem \ - template-generalized.tmpl privkey1.pem privkey2.pem privkey3.pem + template-generalized.tmpl privkey1.pem privkey2.pem privkey3.pem \ + name-constraints-ip.pem dist_check_SCRIPTS = pathlen aki template-test pem-decoding dane crq certtool invalid-sig email \ - pkcs7 privkey-import + pkcs7 privkey-import name-constraints -TESTS = pathlen aki pem-decoding certtool invalid-sig email pkcs7 privkey-import +TESTS = pathlen aki pem-decoding certtool invalid-sig email pkcs7 privkey-import \ + name-constraints if ENABLE_NON_SUITEB_CURVES TESTS += crq diff --git a/tests/cert-tests/name-constraints b/tests/cert-tests/name-constraints new file mode 100755 index 0000000000..358fcf15e8 --- /dev/null +++ b/tests/cert-tests/name-constraints @@ -0,0 +1,38 @@ +#!/bin/sh + +# Copyright (C) 2015 Red Hat, Inc. +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +srcdir="${srcdir:-.}" +CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" +DIFF=$"{DIFF:-diff}" +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" +fi + +${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/name-constraints-ip.pem" +rc=$? + +if test "${rc}" != "0"; then + echo "name constraints test 1 failed" + exit 1 +fi + +exit 0 diff --git a/tests/cert-tests/name-constraints-ip.pem b/tests/cert-tests/name-constraints-ip.pem new file mode 100644 index 0000000000..0201035e6f --- /dev/null +++ b/tests/cert-tests/name-constraints-ip.pem @@ -0,0 +1,53 @@ +-----BEGIN CERTIFICATE----- +MIICxjCCAnCgAwIBAgIQOsmz/d7cf+WhNKylxDbm1zANBgkqhkiG9w0BAQUFADBj +MQswCQYDVQQGEwJVUzEVMBMGA1UECgwMRm9vIEJhciBJbmMuMRkwFwYDVQQDDBBG +b28gQmFyIFN1YiBDQSAxMSIwIAYDVQQLDBlQdWJsaWMgS2V5IEluZnJhc3RydWN0 +dXJlMB4XDTE1MDYzMDEyMzUzMVoXDTE2MDYyOTEyMzUzMVowPjELMAkGA1UEBhMC +VVMxFTATBgNVBAoMDEZvbyBCYXIgSW5jLjEYMBYGA1UEAwwPYmF6ei5mb29iYXIu +Y29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANr+wWT56hU7b5ftwyXueAA8FSEi +Fk9jkWuPciwZvpyGbJ2+TpVKrDB6ba2BKU86V1HZ/p6kuo8j0zpYKlNRZj0CAwEA +AaOCASMwggEfMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFL4ylKjM+AApHAF8Gfys +rJygnvK9MD0GCCsGAQUFBwEBBDEwLzAtBggrBgEFBQcwAoYhaHR0cDovL2NhMS5w +a2kuZm9vYmFyLmNvbS9jYTEuY3J0MB8GA1UdIwQYMBaAFPncgjKS65+7jLsJYWtU ++W7ykYN4MDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9jYTEucGtpLmZvb2Jhci5j +b20vY2ExLmNybDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwIG +CCsGAQUFBwMBMC0GA1UdEQQmMCSCEXVwZGF0ZS5mb29iYXIuY29tgg9teC5mb29i +YXIuZW1haWwwDQYJKoZIhvcNAQEFBQADQQBdSaiErl6zvgmWqjHKhHhfEkpFgkan +k5iydgbkmq0bJmjGZNuWgWeVwmj78ZUseCJ2Y99Wa6kd16tpeaxNV72I +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICPTCCAeegAwIBAgIQVoZzMQsSdNz+dz6vSFdYNTANBgkqhkiG9w0BAQUFADBi +MQswCQYDVQQGEwJVUzEVMBMGA1UECgwMRm9vIEJhciBJbmMuMRgwFgYDVQQDDA9G +b28gQmFyIFJvb3QgQ0ExIjAgBgNVBAsMGVB1YmxpYyBLZXkgSW5mcmFzdHJ1Y3R1 +cmUwHhcNMTUwNjMwMTIzMDU0WhcNMjUwNjI3MTIzMDU0WjBiMQswCQYDVQQGEwJV +UzEVMBMGA1UECgwMRm9vIEJhciBJbmMuMRgwFgYDVQQDDA9Gb28gQmFyIFJvb3Qg +Q0ExIjAgBgNVBAsMGVB1YmxpYyBLZXkgSW5mcmFzdHJ1Y3R1cmUwXDANBgkqhkiG +9w0BAQEFAANLADBIAkEAvLHbrZg3Td1Jn3OjQJrIK55w4s94oR4jsJ+J9L+axDM1 +zHe2Uz43mzkB3x3sBqtQfEcYjHIDglDoV49N4qQZ+wIDAQABo3kwdzAPBgNVHRMB +Af8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUzDdTJbyDAsAqhkaC +YKCAf305/uMwNQYDVR0eBC4wLKAqMCikJjAkMQswCQYDVQQGEwJVUzEVMBMGA1UE +CgwMRm9vIEJhciBJbmMuMA0GCSqGSIb3DQEBBQUAA0EAQhDKO09nYdp782z3M/4Q +2M4iXaLJlJ86h1kDzawl9n+y8cvrSEH4lx+5kBizXSzCorTtu53EAI/0HuJ0Q4I1 +9A== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDcTCCAxugAwIBAgIQVoZzMQsSdNz+dz6vSFdYNjANBgkqhkiG9w0BAQUFADBi +MQswCQYDVQQGEwJVUzEVMBMGA1UECgwMRm9vIEJhciBJbmMuMRgwFgYDVQQDDA9G +b28gQmFyIFJvb3QgQ0ExIjAgBgNVBAsMGVB1YmxpYyBLZXkgSW5mcmFzdHJ1Y3R1 +cmUwHhcNMTUwNjMwMTIzMTEyWhcNMjUwNjI3MTIzMTEyWjBjMQswCQYDVQQGEwJV +UzEVMBMGA1UECgwMRm9vIEJhciBJbmMuMRkwFwYDVQQDDBBGb28gQmFyIFN1YiBD +QSAxMSIwIAYDVQQLDBlQdWJsaWMgS2V5IEluZnJhc3RydWN0dXJlMFwwDQYJKoZI +hvcNAQEBBQADSwAwSAJBALrV5pk76M4Pc72m1N1xmlTXN3BD0hTV+AgO106NWx6e +t07sCG1OgJ7pfjF+/nLenOcH3rYOkPzGRAUmvPgc3ocCAwEAAaOCAaowggGmMBIG +A1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFPncgjKS65+7jLsJYWtU+W7ykYN4 +MD0GCCsGAQUFBwEBBDEwLzAtBggrBgEFBQcwAoYhaHR0cDovL3BraS5mb29iYXIu +Y29tL3Jvb3QtY2EuY3J0MB8GA1UdIwQYMBaAFMw3UyW8gwLAKoZGgmCggH99Of7j +MDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9wa2kuZm9vYmFyLmNvbS9yb290LWNh +LmNybDAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUF +BwMBMIGtBgNVHR4EgaUwgaKgSDAMggpmb29iYXIuY29tMA6CDGZvb2Jhci5lbWFp +bDAopCYwJDELMAkGA1UEBhMCVVMxFTATBgNVBAoMDEZvbyBCYXIgSW5jLqFWMBCC +Dnd3dy5mb29iYXIuY29tMBKCEHd3dy5mb29iYXIuZW1haWwwCocIAAAAAAAAAAAw +IocgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwDQYJKoZIhvcNAQEF +BQADQQABhwF9me3nTbl8WwZnTrrjv8jK6Axqow6L2c506lASXVgOvsX/rM7aA8s5 +aynkhFxFYr3O/tRqwU1M9OMUwZ1h +-----END CERTIFICATE----- |