diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-05-03 14:29:35 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-05-03 14:38:12 +0200 |
commit | 7cd24391641bc47abd8c6b53d6142b23d535b120 (patch) | |
tree | 9e2ea3730fc3972eb8311891c510b5bd755a0de3 | |
parent | 365804d56a0241260b1a12a32f7abbc32b504f30 (diff) | |
download | gnutls-7cd24391641bc47abd8c6b53d6142b23d535b120.tar.gz |
tests: mini-x509: include the legacy verification functions into the check
-rw-r--r-- | tests/mini-x509.c | 180 |
1 files changed, 72 insertions, 108 deletions
diff --git a/tests/mini-x509.c b/tests/mini-x509.c index 6ec431f25b..389860d2f4 100644 --- a/tests/mini-x509.c +++ b/tests/mini-x509.c @@ -31,6 +31,7 @@ #include <gnutls/gnutls.h> #include "utils.h" #include "eagain-common.h" +#include "cert-common.h" const char *side; @@ -39,106 +40,15 @@ static void tls_log_func(int level, const char *str) fprintf(stderr, "%s|<%d>| %s", side, level, str); } -static unsigned char ca_cert_pem[] = -"-----BEGIN CERTIFICATE-----\n" -"MIIC4DCCAcigAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" -"MCIYDzIwMTQwNDA0MTk1OTA1WhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n" -"BENBLTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD46JAPKrTsNTHl\n" -"zD06eIYBF/8Z+TR0wukp9Cdh8Sw77dODLjy/QrVKiDgDZZdyUc8Agsdr86i95O0p\n" -"w19Np3a0wja0VC9uwppZrpuHsrWukwxIBXoViyBc20Y6Ce8j0scCbR10SP565qXC\n" -"i8vr86S4xmQMRZMtwohP/GWQzt45jqkHPYHjdKzwo2b2XI7joDq0dvbr3MSONkGs\n" -"z7A/1Bl3iH5keDTWjqpJRWqXE79IhGOhELy+gG4VLJDGHWCr2mq24b9Kirp+TTxl\n" -"lUwJRbchqUqerlFdt1NgDoGaJyd73Sh0qcZzmEiOI2hGvBtG86tdQ6veC9dl05et\n" -"pM+6RMABAgMBAAGjQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcE\n" -"ADAdBgNVHQ4EFgQUGD0RYr2H7kfjQUcBMxSTCDQnhu0wDQYJKoZIhvcNAQELBQAD\n" -"ggEBALnHMubZ6WJ/XOFyDuo0imwg2onrPas3MuKT4+y0aHY943BgAOEc3jKitRjc\n" -"qhb0IUD+NS7itRwNtCgI3v5Ym5nnQoVk+aOD/D724TjJ9XaPQJzOnuGaZX99VN2F\n" -"sgwAtDXedlDQ+I6KLzLd6VW+UyWTG4qiRjOGDnG2kM1wAEOM27TzHV/YWleGjhtA\n" -"bRHxkioOni5goNlTzazxF4v9VD2uinWrIFyZmF6vQuMm6rKFgq6higAU8uesFo7+\n" -"3qpeRjNrPC4fNJUBvv+PC0WnP0PLnD/rY/ZcTYjLb/vJp1fiMJ5fU7jJklBhX2TE\n" -"tstcP7FUV5HA/s9BxgAh0Z2wyyY=\n" -"-----END CERTIFICATE-----\n"; - -const gnutls_datum_t ca_cert = { ca_cert_pem, - sizeof(ca_cert_pem) -}; - -static unsigned char server_cert_pem[] = -"-----BEGIN CERTIFICATE-----\n" -"MIIDIzCCAgugAwIBAgIMUz8PCR2sdRK56V6OMA0GCSqGSIb3DQEBCwUAMA8xDTAL\n" -"BgNVBAMTBENBLTEwIhgPMjAxNDA0MDQxOTU5MDVaGA85OTk5MTIzMTIzNTk1OVow\n" -"EzERMA8GA1UEAxMIc2VydmVyLTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n" -"AoIBAQDZ3dCzh9gOTOiOb2dtrPu91fYYgC/ey0ACYjQxaru7FZwnuXPhQK9KHsIV\n" -"YRIyo49wjKZddkHet2sbpFAAeETZh8UUWLRb/mupyaSJMycaYCNjLZCUJTztvXxJ\n" -"CCNfbtgvKC+Vu1mu94KBPatslgvnsamH7AiL5wmwRRqdH/Z93XaEvuRG6Zk0Sh9q\n" -"ZMdCboGfjtmGEJ1V+z5CR+IyH4sckzd8WJW6wBSEwgliGaXnc75xKtFWBZV2njNr\n" -"8V1TOYOdLEbiF4wduVExL5TKq2ywNkRpUfK2I1BcWS5D9Te/QT7aSdE08rL6ztmZ\n" -"IhILSrMOfoLnJ4lzXspz3XLlEuhnAgMBAAGjdzB1MAwGA1UdEwEB/wQCMAAwFAYD\n" -"VR0RBA0wC4IJbG9jYWxob3N0MA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFJXR\n" -"raRS5MVhEqaRE42A3S2BIj7UMB8GA1UdIwQYMBaAFP6S7AyMRO2RfkANgo8YsCl8\n" -"JfJkMA0GCSqGSIb3DQEBCwUAA4IBAQCQ62+skMVZYrGbpab8RI9IG6xH8kEndvFj\n" -"J7wBBZCOlcjOj+HQ7a2buF5zGKRwAOSznKcmvZ7l5DPdsd0t5/VT9LKSbQ6+CfGr\n" -"Xs5qPaDJnRhZkOILCvXJ9qyO+79WNMsg9pWnxkTK7aWR5OYE+1Qw1jG681HMkWTm\n" -"nt7et9bdiNNpvA+L55569XKbdtJLs3hn5gEQFgS7EaEj59aC4vzSTFcidowCoa43\n" -"7JmfSfC9YaAIFH2vriyU0QNf2y7cG5Hpkge+U7uMzQrsT77Q3SDB9WkyPAFNSB4Q\n" -"B/r+OtZXOnQhLlMV7h4XGlWruFEaOBVjFHSdMGUh+DtaLvd1bVXI\n" -"-----END CERTIFICATE-----\n" -"-----BEGIN CERTIFICATE-----\n" -"MIIDATCCAemgAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" -"MCIYDzIwMTQwNDA0MTk1OTA1WhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n" -"BENBLTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDvhyQfsUm3T0xK\n" -"jiBXO3H6Y27b7lmCRYZQCmXCl2sUsGDL7V9biavTt3+sorWtH542/cTGDh5n8591\n" -"7rVxAB/VASmN55O3fjZyFGrjusjhXBla0Yxe5rZ/7/Pjrq84T7gc/IXiX9Sums/c\n" -"o9AeoykfhsjV2ubhh4h+8uPsHDTcAFTxq3mQaoldwnW2nmjDFzaKLtQdnyFf41o6\n" -"nsJCK/J9PtpdCID5Zb+eQfu5Yhk1iUHe8a9TOstCHtgBq61YzufDHUQk3zsT+VZM\n" -"20lDvSBnHdWLjxoea587JbkvtH8xRR8ThwABSb98qPnhJ8+A7mpO89QO1wxZM85A\n" -"xEweQlMHAgMBAAGjZDBiMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcE\n" -"ADAdBgNVHQ4EFgQU/pLsDIxE7ZF+QA2CjxiwKXwl8mQwHwYDVR0jBBgwFoAUGD0R\n" -"Yr2H7kfjQUcBMxSTCDQnhu0wDQYJKoZIhvcNAQELBQADggEBANEXLUV+Z1PGTn7M\n" -"3rPT/m/EamcrZJ3vFWrnfN91ws5llyRUKNhx6222HECh3xRSxH9YJONsbv2zY6sd\n" -"ztY7lvckL4xOgWAjoCVTx3hqbZjDxpLRsvraw1PlqBHlRQVWLKlEQ55+tId2zgMX\n" -"Z+wxM7FlU/6yWVPODIxrqYQd2KqaEp4aLIklw6Hi4HD6DnQJikjsJ6Noe0qyX1Tx\n" -"uZ8mgP/G47Fe2d2H29kJ1iJ6hp1XOqyWrVIh/jONcnTvWS8aMqS3MU0EJH2Pb1Qa\n" -"KGIvbd/3H9LykFTP/b7Imdv2fZxXIK8jC+jbF1w6rdBCVNA0p30X/jonoC3vynEK\n" -"5cK0cgs=\n" -"-----END CERTIFICATE-----\n"; - -const gnutls_datum_t server_cert = { server_cert_pem, - sizeof(server_cert_pem) -}; - -static unsigned char server_key_pem[] = -"-----BEGIN RSA PRIVATE KEY-----\n" -"MIIEpQIBAAKCAQEA2d3Qs4fYDkzojm9nbaz7vdX2GIAv3stAAmI0MWq7uxWcJ7lz\n" -"4UCvSh7CFWESMqOPcIymXXZB3rdrG6RQAHhE2YfFFFi0W/5rqcmkiTMnGmAjYy2Q\n" -"lCU87b18SQgjX27YLygvlbtZrveCgT2rbJYL57Gph+wIi+cJsEUanR/2fd12hL7k\n" -"RumZNEofamTHQm6Bn47ZhhCdVfs+QkfiMh+LHJM3fFiVusAUhMIJYhml53O+cSrR\n" -"VgWVdp4za/FdUzmDnSxG4heMHblRMS+UyqtssDZEaVHytiNQXFkuQ/U3v0E+2knR\n" -"NPKy+s7ZmSISC0qzDn6C5yeJc17Kc91y5RLoZwIDAQABAoIBAQCRXAu5HPOsZufq\n" -"0K2DYZz9BdqSckR+M8HbVUZZiksDAeIUJwoHyi6qF2eK+B86JiK4Bz+gsBw2ys3t\n" -"vW2bQqM9N/boIl8D2fZfbCgZWkXGtUonC+mgzk+el4Rq/cEMFVqr6/YDwuKNeJpc\n" -"PJc5dcsvpTvlcjgpj9bJAvJEz2SYiIUpvtG4WNMGGapVZZPDvWn4/isY+75T5oDf\n" -"1X5jG0lN9uoUjcuGuThN7gxjwlRkcvEOPHjXc6rxfrWIDdiz/91V46PwpqVDpRrg\n" -"ig6U7+ckS0Oy2v32x0DaDhwAfDJ2RNc9az6Z+11lmY3LPkjG/p8Klcmgvt4/lwkD\n" -"OYRC5QGRAoGBAPFdud6nmVt9h1DL0o4R6snm6P3K81Ds765VWVmpzJkK3+bwe4PQ\n" -"GQQ0I0zN4hXkDMwHETS+EVWllqkK/d4dsE3volYtyTti8zthIATlgSEJ81x/ChAQ\n" -"vvXxgx+zPUnb1mUwy+X+6urTHe4bxN2ypg6ROIUmT+Hx1ITG40LRRiPTAoGBAOcT\n" -"WR8DTrj42xbxAUpz9vxJ15ZMwuIpk3ShE6+CWqvaXHF22Ju4WFwRNlW2zVLH6UMt\n" -"nNfOzyDoryoiu0+0mg0wSmgdJbtCSHoI2GeiAnjGn5i8flQlPQ8bdwwmU6g6I/EU\n" -"QRbGK/2XLmlrGN52gVy9UX0NsAA5fEOsAJiFj1CdAoGBAN9i3nbq6O2bNVSa/8mL\n" -"XaD1vGe/oQgh8gaIaYSpuXlfbjCAG+C4BZ81XgJkfj3CbfGbDNqimsqI0fKsAJ/F\n" -"HHpVMgrOn3L+Np2bW5YMj0Fzwy+1SCvsQ8C+gJwjOLMV6syGp/+6udMSB55rRv3k\n" -"rPnIf+YDumUke4tTw9wAcgkPAoGASHMkiji7QfuklbjSsslRMyDj21gN8mMevH6U\n" -"cX7pduBsA5dDqu9NpPAwnQdHsSDE3i868d8BykuqQAfLut3hPylY6vPYlLHfj4Oe\n" -"dj+xjrSX7YeMBE34qvfth32s1R4FjtzO25keyc/Q2XSew4FcZftlxVO5Txi3AXC4\n" -"bxnRKXECgYEAva+og7/rK+ZjboJVNxhFrwHp9bXhz4tzrUaWNvJD2vKJ5ZcThHcX\n" -"zCig8W7eXHLPLDhi9aWZ3kUZ1RLhrFc/6dujtVtU9z2w1tmn1I+4Zi6D6L4DzKdg\n" -"nMRLFoXufs/qoaJTqa8sQvKa+ceJAF04+gGtw617cuaZdZ3SYRLR2dk=\n" -"-----END RSA PRIVATE KEY-----\n"; - -const gnutls_datum_t server_key = { server_key_pem, - sizeof(server_key_pem) -}; +static time_t mytime(time_t * t) +{ + time_t then = 1461671166; + + if (t) + *t = then; + + return then; +} void doit(void) { @@ -159,6 +69,8 @@ void doit(void) if (debug) gnutls_global_set_log_level(6); + gnutls_global_set_time_function(mytime); + /* Init server */ gnutls_certificate_allocate_credentials(&serverx509cred); gnutls_certificate_set_x509_key_mem(serverx509cred, @@ -215,7 +127,7 @@ void doit(void) } } - /* check the number of certificates received */ + /* check the number of certificates received and verify */ { unsigned cert_list_size = 0; gnutls_typed_vdata_st data[2]; @@ -231,18 +143,18 @@ void doit(void) gnutls_certificate_get_peers(client, &cert_list_size); if (cert_list_size < 2) { - fprintf(stderr, "received a certificate list of %d!\n", cert_list_size); + fail("received a certificate list of %d!\n", cert_list_size); exit(1); } ret = gnutls_certificate_verify_peers(client, data, 2, &status); if (ret < 0) { - fprintf(stderr, "could not verify certificate: %s\n", gnutls_strerror(ret)); + fail("could not verify certificate: %s\n", gnutls_strerror(ret)); exit(1); } if (status == 0) { - fprintf(stderr, "should not have accepted!\n"); + fail("should not have accepted!\n"); exit(1); } @@ -251,25 +163,77 @@ void doit(void) ret = gnutls_certificate_verify_peers(client, data, 2, &status); if (ret < 0) { - fprintf(stderr, "could not verify certificate: %s\n", gnutls_strerror(ret)); + fail("could not verify certificate: %s\n", gnutls_strerror(ret)); + exit(1); + } + + if (status != 0) { + fail("could not verify certificate: %.4x\n", status); + exit(1); + } + + /* check gnutls_certificate_verify_peers3 */ + ret = gnutls_certificate_verify_peers3(client, "localhost1", &status); + if (ret < 0) { + fail("could not verify certificate: %s\n", gnutls_strerror(ret)); + exit(1); + } + + if (status == 0) { + fail("should not have accepted!\n"); + exit(1); + } + + ret = gnutls_certificate_verify_peers3(client, "localhost", &status); + if (ret < 0) { + fail("could not verify certificate: %s\n", gnutls_strerror(ret)); + exit(1); + } + + if (status != 0) { + fail("could not verify certificate: %.4x\n", status); + exit(1); + } + + /* check gnutls_certificate_verify_peers2 */ + ret = gnutls_certificate_verify_peers2(client, &status); + if (ret < 0) { + fail("could not verify certificate: %s\n", gnutls_strerror(ret)); exit(1); } if (status != 0) { - fprintf(stderr, "could not verify certificate: %.4x\n", status); + fail("could not verify certificate: %.4x\n", status); exit(1); } } + { + /* check the expiration and activation time legacy functions */ + time_t t; + + t = gnutls_certificate_activation_time_peers(client); + if (t != 1396641545) { + fail("unexpected activation time: %lu\n", (long unsigned)t); + } + + if (sizeof(time_t) >= 4) { + t = gnutls_certificate_expiration_time_peers(client); + if (t != (time_t)253402300799UL) { + fail("unexpected expiration time: %lu\n", (long unsigned)t); + } + } + } + ret = gnutls_session_ext_master_secret_status(client); if (ret != 1) { - fprintf(stderr, "Extended master secret wasn't negotiated by default (client ret: %d)\n", ret); + fail("Extended master secret wasn't negotiated by default (client ret: %d)\n", ret); exit(1); } ret = gnutls_session_ext_master_secret_status(server); if (ret != 1) { - fprintf(stderr, "Extended master secret wasn't negotiated by default (server ret: %d)\n", ret); + fail("Extended master secret wasn't negotiated by default (server ret: %d)\n", ret); exit(1); } |