summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@gnutls.org>2017-03-03 08:48:41 +0100
committerNikos Mavrogiannopoulos <nmav@gnutls.org>2017-03-03 08:48:59 +0100
commit671a36b76b644d000b5f8e79a1dc813a998e0747 (patch)
treeba0400acb0e0ec1ad063a529d496317294d8d601
parent776d6e5924b558de9c26ae8099bba3f738448b30 (diff)
downloadgnutls-671a36b76b644d000b5f8e79a1dc813a998e0747.tar.gz
tests: check whether a certificate with illegal version is rejected
That is, whether a certificate with version zero fails to import. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Diffstat
-rw-r--r--tests/cert-tests/Makefile.am2
-rwxr-xr-xtests/cert-tests/cert-sanity39
-rw-r--r--tests/cert-tests/data/x509-with-zero-version.pem23
3 files changed, 40 insertions, 24 deletions
diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am
index b0ea3b3fb7..4eaa0002a9 100644
--- a/tests/cert-tests/Makefile.am
+++ b/tests/cert-tests/Makefile.am
@@ -68,7 +68,7 @@ EXTRA_DIST = data/ca-no-pathlen.pem data/no-ca-or-pathlen.pem data/aki-cert.pem
data/long-dns.pem data/template-long-dns-crq.pem data/openpgp-invalid7.pub \
data/openpgp-invalid8.pub data/chain-with-critical-on-root.pem \
data/chain-with-critical-on-intermediate.pem data/chain-with-critical-on-endcert.pem \
- templates/crit-extensions.tmpl data/crit-extensions.pem
+ templates/crit-extensions.tmpl data/crit-extensions.pem data/x509-with-zero-version.pem
dist_check_SCRIPTS = pathlen aki certtool invalid-sig email \
pkcs7 pkcs7-broken-sigs privkey-import name-constraints certtool-long-cn crl provable-privkey \
diff --git a/tests/cert-tests/cert-sanity b/tests/cert-tests/cert-sanity
index 15e13a122e..4bf0a0cf85 100755
--- a/tests/cert-tests/cert-sanity
+++ b/tests/cert-tests/cert-sanity
@@ -34,28 +34,21 @@ fi
# This checks whether invalid certificates are accepted
-${VALGRIND} "${CERTTOOL}" -i --infile "${srcdir}/data/x509-v1-with-sid.pem"
-rc=$?
-
-if test "${rc}" != 1; then
- echo "X509v1 certificate with subject unique ID was accepted"
- exit 1
-fi
-
-${VALGRIND} "${CERTTOOL}" -i --infile "${srcdir}/data/x509-v1-with-iid.pem"
-rc=$?
-
-if test "${rc}" != 1; then
- echo "X509v1 certificate with issuer unique ID was accepted"
- exit 1
-fi
-
-${VALGRIND} "${CERTTOOL}" -i --infile "${srcdir}/data/x509-v3-with-fractional-time.pem"
-rc=$?
-
-if test "${rc}" != 1; then
- echo "X509v3 certificate with fractional time was accepted"
- exit 1
-fi
+# x509-v1-with-sid.pem: X509v1 certificate with subject unique ID
+# x509-v1-with-iid.pem: X509v1 certificate with issuer unique ID
+# x509-v3-with-fractional-time.pem: X509v3 certificate with fractional time
+# x509-with-zero-version.pem: X509 certificate with version being zero
+
+for file in x509-v1-with-sid.pem x509-v1-with-iid.pem x509-v3-with-fractional-time.pem \
+ x509-with-zero-version.pem; do
+
+ ${VALGRIND} "${CERTTOOL}" -i --infile "${srcdir}/data/$file"
+ rc=$?
+
+ if test "${rc}" != 1; then
+ echo "Illegal X509 certificate was accepted"
+ exit 1
+ fi
+done
exit 0
diff --git a/tests/cert-tests/data/x509-with-zero-version.pem b/tests/cert-tests/data/x509-with-zero-version.pem
new file mode 100644
index 0000000000..aeccccfa25
--- /dev/null
+++ b/tests/cert-tests/data/x509-with-zero-version.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID5zCCAs+gAwIB/wIBATANBgkqhkiG9w0BAQsFADCBmjELMAkGA1UEBhMCQ04x
+EDAOBgNVBAgMB1NoYW5ueGkxDjAMBgNVBAcMBVhpJ2FuMQ8wDQYDVQQKDAZYaWRp
+YW4xGzAZBgNVBAsMElNjaG9vbCBvZiBDb21wdXRlcjENMAsGA1UEAwwESUNUVDEs
+MCoGCSqGSIb3DQEJARYdY2hlbmNodUBzdHVtYWlsLnhpZGlhbi5lZHUuY24wIhgP
+MjAwODA4MDExMjEyMTJaGA8yMDE5MDgwMTEyMTIxMlowgYoxCzAJBgNVBAYTAkNO
+MRAwDgYDVQQIDAdTaGFubnhpMQ4wDAYDVQQHDAVYaSdhbjEPMA0GA1UECgwGWGlk
+aWFuMQswCQYDVQQLDAJDUzENMAsGA1UEAwwESUNUVDEsMCoGCSqGSIb3DQEJARYd
+Y2hlbmNodUBzdHVtYWlsLnhpZGlhbi5lZHUuY24wggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQDVmG7xPciTceZTPrlJe0792Wpqkw3NAuIGPlUq1P7Y4Xdd
+sWjKmibeNhd7u2EPEMyjge3uhvyBiwjiAWydrJhVjt9WkizDYHnOnAkhq5LXkHoY
+JyhGiyMOqkY1XbOyQtKD27vzbOeLPooVl/z6mJeNHwhGJ0eTjZC8kSuMl7Pt01wv
+IOJdIgzC7gRdkJrlwu1pVlaXqy/9TMLLHd01sGNAc6Bk0MR59naqI/CxBvfUBubO
+kk5es5+lDuRhCvjv+V6s1Jeyq9FdY/ZzW4ka+jnicOBaBGSrujc04nCeW3TuNiqc
+j+4xED86tRynGCLxqleujkD8ZsgwlOCZsKUOBIM3AgMBAAGjQjBAMB8GA1UdIwQY
+MBaAFLiJlvm8wCTgT2bfUS74cJukhnONMB0GA1UdDgQWBBRw/ZK3I2z0BHvH5vpd
+btcN2FVX6DANBgkqhkiG9w0BAQsFAAOCAQEAnVzqXDwY0xOZ2XiaEEFsMjN/10ap
+6XH81fwlcww1eIp8rUN1sYYkhGGPKl7i8UsmpBgvmvamgJLi56hdWEEEvGia3XO3
+5fF66DR4XjBRDFUnKi7R/RsRPtW6fhZvqdrlAhb3kh8SuhFHCorcuOY4ZRmqEzXU
+Nl/Ojtgai0dU9RPEu8GDgszAt2Jqhp2kc4WwTMFvkK1ARqdNdiqV4L8B4zHTO+Gv
+CMkmuZ0GfJWaHOse3L1vn/TUI1MbOzn0IgxOKMRrABGweLMXopl0GrT9mxpY+z17
+xVe7os9TYw/JTE+aoeA6c8BzSVLlsxY4d8Re+OHNouDAG5qgt2mzE3nLzg==
+-----END CERTIFICATE-----
View Lorry Controller Status