diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2017-03-03 08:48:41 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2017-03-03 08:48:59 +0100 |
commit | 671a36b76b644d000b5f8e79a1dc813a998e0747 (patch) | |
tree | ba0400acb0e0ec1ad063a529d496317294d8d601 | |
parent | 776d6e5924b558de9c26ae8099bba3f738448b30 (diff) | |
download | gnutls-671a36b76b644d000b5f8e79a1dc813a998e0747.tar.gz |
tests: check whether a certificate with illegal version is rejected
That is, whether a certificate with version zero fails to import.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
-rw-r--r-- | tests/cert-tests/Makefile.am | 2 | ||||
-rwxr-xr-x | tests/cert-tests/cert-sanity | 39 | ||||
-rw-r--r-- | tests/cert-tests/data/x509-with-zero-version.pem | 23 |
3 files changed, 40 insertions, 24 deletions
diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am index b0ea3b3fb7..4eaa0002a9 100644 --- a/tests/cert-tests/Makefile.am +++ b/tests/cert-tests/Makefile.am @@ -68,7 +68,7 @@ EXTRA_DIST = data/ca-no-pathlen.pem data/no-ca-or-pathlen.pem data/aki-cert.pem data/long-dns.pem data/template-long-dns-crq.pem data/openpgp-invalid7.pub \ data/openpgp-invalid8.pub data/chain-with-critical-on-root.pem \ data/chain-with-critical-on-intermediate.pem data/chain-with-critical-on-endcert.pem \ - templates/crit-extensions.tmpl data/crit-extensions.pem + templates/crit-extensions.tmpl data/crit-extensions.pem data/x509-with-zero-version.pem dist_check_SCRIPTS = pathlen aki certtool invalid-sig email \ pkcs7 pkcs7-broken-sigs privkey-import name-constraints certtool-long-cn crl provable-privkey \ diff --git a/tests/cert-tests/cert-sanity b/tests/cert-tests/cert-sanity index 15e13a122e..4bf0a0cf85 100755 --- a/tests/cert-tests/cert-sanity +++ b/tests/cert-tests/cert-sanity @@ -34,28 +34,21 @@ fi # This checks whether invalid certificates are accepted -${VALGRIND} "${CERTTOOL}" -i --infile "${srcdir}/data/x509-v1-with-sid.pem" -rc=$? - -if test "${rc}" != 1; then - echo "X509v1 certificate with subject unique ID was accepted" - exit 1 -fi - -${VALGRIND} "${CERTTOOL}" -i --infile "${srcdir}/data/x509-v1-with-iid.pem" -rc=$? - -if test "${rc}" != 1; then - echo "X509v1 certificate with issuer unique ID was accepted" - exit 1 -fi - -${VALGRIND} "${CERTTOOL}" -i --infile "${srcdir}/data/x509-v3-with-fractional-time.pem" -rc=$? - -if test "${rc}" != 1; then - echo "X509v3 certificate with fractional time was accepted" - exit 1 -fi +# x509-v1-with-sid.pem: X509v1 certificate with subject unique ID +# x509-v1-with-iid.pem: X509v1 certificate with issuer unique ID +# x509-v3-with-fractional-time.pem: X509v3 certificate with fractional time +# x509-with-zero-version.pem: X509 certificate with version being zero + +for file in x509-v1-with-sid.pem x509-v1-with-iid.pem x509-v3-with-fractional-time.pem \ + x509-with-zero-version.pem; do + + ${VALGRIND} "${CERTTOOL}" -i --infile "${srcdir}/data/$file" + rc=$? + + if test "${rc}" != 1; then + echo "Illegal X509 certificate was accepted" + exit 1 + fi +done exit 0 diff --git a/tests/cert-tests/data/x509-with-zero-version.pem b/tests/cert-tests/data/x509-with-zero-version.pem new file mode 100644 index 0000000000..aeccccfa25 --- /dev/null +++ b/tests/cert-tests/data/x509-with-zero-version.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID5zCCAs+gAwIB/wIBATANBgkqhkiG9w0BAQsFADCBmjELMAkGA1UEBhMCQ04x +EDAOBgNVBAgMB1NoYW5ueGkxDjAMBgNVBAcMBVhpJ2FuMQ8wDQYDVQQKDAZYaWRp +YW4xGzAZBgNVBAsMElNjaG9vbCBvZiBDb21wdXRlcjENMAsGA1UEAwwESUNUVDEs +MCoGCSqGSIb3DQEJARYdY2hlbmNodUBzdHVtYWlsLnhpZGlhbi5lZHUuY24wIhgP +MjAwODA4MDExMjEyMTJaGA8yMDE5MDgwMTEyMTIxMlowgYoxCzAJBgNVBAYTAkNO +MRAwDgYDVQQIDAdTaGFubnhpMQ4wDAYDVQQHDAVYaSdhbjEPMA0GA1UECgwGWGlk +aWFuMQswCQYDVQQLDAJDUzENMAsGA1UEAwwESUNUVDEsMCoGCSqGSIb3DQEJARYd +Y2hlbmNodUBzdHVtYWlsLnhpZGlhbi5lZHUuY24wggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQDVmG7xPciTceZTPrlJe0792Wpqkw3NAuIGPlUq1P7Y4Xdd +sWjKmibeNhd7u2EPEMyjge3uhvyBiwjiAWydrJhVjt9WkizDYHnOnAkhq5LXkHoY +JyhGiyMOqkY1XbOyQtKD27vzbOeLPooVl/z6mJeNHwhGJ0eTjZC8kSuMl7Pt01wv +IOJdIgzC7gRdkJrlwu1pVlaXqy/9TMLLHd01sGNAc6Bk0MR59naqI/CxBvfUBubO +kk5es5+lDuRhCvjv+V6s1Jeyq9FdY/ZzW4ka+jnicOBaBGSrujc04nCeW3TuNiqc +j+4xED86tRynGCLxqleujkD8ZsgwlOCZsKUOBIM3AgMBAAGjQjBAMB8GA1UdIwQY +MBaAFLiJlvm8wCTgT2bfUS74cJukhnONMB0GA1UdDgQWBBRw/ZK3I2z0BHvH5vpd +btcN2FVX6DANBgkqhkiG9w0BAQsFAAOCAQEAnVzqXDwY0xOZ2XiaEEFsMjN/10ap +6XH81fwlcww1eIp8rUN1sYYkhGGPKl7i8UsmpBgvmvamgJLi56hdWEEEvGia3XO3 +5fF66DR4XjBRDFUnKi7R/RsRPtW6fhZvqdrlAhb3kh8SuhFHCorcuOY4ZRmqEzXU +Nl/Ojtgai0dU9RPEu8GDgszAt2Jqhp2kc4WwTMFvkK1ARqdNdiqV4L8B4zHTO+Gv +CMkmuZ0GfJWaHOse3L1vn/TUI1MbOzn0IgxOKMRrABGweLMXopl0GrT9mxpY+z17 +xVe7os9TYw/JTE+aoeA6c8BzSVLlsxY4d8Re+OHNouDAG5qgt2mzE3nLzg== +-----END CERTIFICATE----- |