diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2002-06-02 20:45:21 +0000 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2002-06-02 20:45:21 +0000 |
| commit | b07df79666a5fa00c08678077d9014c377dda257 (patch) | |
| tree | bda72138da53139cbe3358eed51993c36c1f29fb | |
| parent | 86f244922624123073124ee01404849fba65323c (diff) | |
| download | gnutls-b07df79666a5fa00c08678077d9014c377dda257.tar.gz | |
added test suite
| -rw-r--r-- | tests/Makefile.am | 8 | ||||
| -rw-r--r-- | tests/test1.pem | 118 | ||||
| -rw-r--r-- | tests/test10.pem | 180 | ||||
| -rw-r--r-- | tests/test2.pem | 181 | ||||
| -rw-r--r-- | tests/test25.pem | 181 | ||||
| -rw-r--r-- | tests/test3.pem | 181 | ||||
| -rw-r--r-- | tests/x509_test.c | 168 |
7 files changed, 1017 insertions, 0 deletions
diff --git a/tests/Makefile.am b/tests/Makefile.am new file mode 100644 index 0000000000..df3a4b6838 --- /dev/null +++ b/tests/Makefile.am @@ -0,0 +1,8 @@ +## Process this file with automake to produce Makefile.in + +INCLUDES= -I../lib/ + +noinst_PROGRAMS = x509test +x509test_SOURCES = x509_test.c +x509test_LDADD = ../lib/libgnutls.la -lgcrypt +TESTS = x509test diff --git a/tests/test1.pem b/tests/test1.pem new file mode 100644 index 0000000000..960e907af3 --- /dev/null +++ b/tests/test1.pem @@ -0,0 +1,118 @@ +[ This should be successfully validated ] + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor + Validity + Not Before: Jan 1 12:01:00 1998 GMT + Not After : Jan 1 12:01:00 2048 GMT + Subject: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=User1-CP.01.01 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:c6:34:ec:6f:0c:e0:59:0e:bc:5f:ba:2e:93:bb: + 04:a7:03:b9:70:8a:b9:d7:e5:d7:e6:ca:4a:8c:23: + d8:60:b3:6b:cb:88:88:c7:d8:48:7e:64:f9:f6:1b: + e3:79:46:41:e4:61:f7:25:47:71:f3:50:94:4e:f2: + 7c:6a:37:b6:0c:46:bf:9c:96:a5:e2:af:0c:ca:8b: + f0:8c:ba:43:4a:08:8e:6a:87:f3:46:4e:cf:6d:5d: + 52:47:ab:99:c7:24:cd:31:0e:7d:ef:d1:d9:f3:69: + 24:fb:fc:33:6e:29:ab:6f:52:75:80:2a:bb:e0:a9: + 2c:31:c5:b7:0b:3d:3b:ea:b5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature, Non Repudiation, Key Encipherment + X509v3 Certificate Policies: + Policy: 2.16.840.1.101.3.1.48.1 + + X509v3 Subject Key Identifier: + AC:DB:FC:F1:BC:05:2E:D2 + X509v3 Authority Key Identifier: + keyid:AB:9A:EB:F9:C2:E7:54:8F + + Signature Algorithm: sha1WithRSAEncryption + 2b:88:4f:82:85:ad:65:b1:df:ea:a5:9f:45:f9:ab:3e:bc:fd: + 84:31:f5:eb:8e:0d:ac:9a:29:d9:8e:cc:5f:3b:93:b6:9a:35: + ce:9e:0d:08:6e:3e:8a:2d:02:48:e7:ef:86:e8:1c:f3:23:a6: + ab:72:3a:a2:58:04:d1:5d:7a:56:d0:b9:6e:bd:bc:f7:65:07: + 61:9e:79:43:8a:10:f4:15:a8:b9:55:65:3b:26:3d:ae:88:0e: + 07:5e:b4:06:7b:2a:04:42:c5:85:3d:16:7f:a9:a7:6e:c7:43: + 1b:e0:41:e5:f1:72:78:ae:b5:69:80:d6:57:ce:24:4b:b7:12: + 5f:9c +-----BEGIN CERTIFICATE----- +MIIChjCCAe+gAwIBAgIBATANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJVUzEY +MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxEDAOBgNVBAsT +B1Rlc3RpbmcxFTATBgNVBAMTDFRydXN0IEFuY2hvcjAeFw05ODAxMDExMjAxMDBa +Fw00ODAxMDExMjAxMDBaMGAxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdv +dmVybm1lbnQxDDAKBgNVBAsTA0RvRDEQMA4GA1UECxMHVGVzdGluZzEXMBUGA1UE +AxMOVXNlcjEtQ1AuMDEuMDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMY0 +7G8M4FkOvF+6LpO7BKcDuXCKudfl1+bKSowj2GCza8uIiMfYSH5k+fYb43lGQeRh +9yVHcfNQlE7yfGo3tgxGv5yWpeKvDMqL8Iy6Q0oIjmqH80ZOz21dUkermcckzTEO +fe/R2fNpJPv8M24pq29SdYAqu+CpLDHFtws9O+q1AgMBAAGjUjBQMA4GA1UdDwEB +/wQEAwIF4DAWBgNVHSAEDzANMAsGCWCGSAFlAwEwATARBgNVHQ4ECgQIrNv88bwF +LtIwEwYDVR0jBAwwCoAIq5rr+cLnVI8wDQYJKoZIhvcNAQEFBQADgYEAK4hPgoWt +ZbHf6qWfRfmrPrz9hDH1644NrJop2Y7MXzuTtpo1zp4NCG4+ii0CSOfvhugc8yOm +q3I6olgE0V16VtC5br2892UHYZ55Q4oQ9BWouVVlOyY9rogOB160BnsqBELFhT0W +f6mnbsdDG+BB5fFyeK61aYDWV84kS7cSX5w= +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 99999 (0x1869f) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor + Validity + Not Before: Jan 1 12:01:00 1999 GMT + Not After : Jan 1 12:01:00 2048 GMT + Subject: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:d3:f3:b9:c1:33:b7:3f:a7:27:f6:41:1d:5c:9c: + 79:9d:aa:d2:95:10:b7:84:ce:da:a3:e5:58:0c:3e: + 4e:8b:56:bf:3e:aa:21:2d:50:13:fe:f3:19:2e:7a: + cb:11:cf:f3:d3:b8:5f:57:9f:9d:97:80:af:1d:95: + 57:12:df:34:d4:bd:f3:ae:4d:e7:7c:a6:20:d4:04: + 4e:da:63:61:3e:3d:2a:8d:37:cf:c5:3c:c9:f9:fa: + f0:39:48:04:78:bd:b0:dd:f5:24:46:33:a1:46:9f: + 17:9f:04:bb:cf:37:94:0c:13:43:aa:90:ac:91:78: + 1d:ba:f3:18:84:2a:82:2b:47 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + AB:9A:EB:F9:C2:E7:54:8F + X509v3 Basic Constraints: + CA:TRUE + X509v3 Authority Key Identifier: + keyid:AB:9A:EB:F9:C2:E7:54:8F + + Signature Algorithm: sha1WithRSAEncryption + 16:56:0f:61:ac:87:8b:4f:eb:64:12:1b:c3:85:59:4a:68:e1: + 3b:a5:21:c1:59:2e:91:ac:68:fe:13:ff:63:6d:ee:55:d4:a0: + 82:4c:37:bc:16:8e:a9:26:61:fe:7f:46:fa:38:1f:13:5c:8a: + 6a:b7:12:47:98:72:b9:b5:56:80:ee:78:95:18:1a:f4:63:70: + 26:39:9b:19:20:84:8d:bb:62:5f:df:2c:a1:3d:fc:1b:d0:3a: + bb:d8:cc:1b:36:12:a2:ab:ad:3e:e6:e1:52:b4:75:13:11:ec: + 27:95:a6:63:cf:d3:cc:f4:4e:d8:ba:b8:ad:ad:cc:1a:65:a7: + 5a:45 +-----BEGIN CERTIFICATE----- +MIICbDCCAdWgAwIBAgIDAYafMA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNVBAYTAlVT +MRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEQMA4GA1UE +CxMHVGVzdGluZzEVMBMGA1UEAxMMVHJ1c3QgQW5jaG9yMB4XDTk5MDEwMTEyMDEw +MFoXDTQ4MDEwMTEyMDEwMFowXjELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4g +R292ZXJubWVudDEMMAoGA1UECxMDRG9EMRAwDgYDVQQLEwdUZXN0aW5nMRUwEwYD +VQQDEwxUcnVzdCBBbmNob3IwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANPz +ucEztz+nJ/ZBHVyceZ2q0pUQt4TO2qPlWAw+TotWvz6qIS1QE/7zGS56yxHP89O4 +X1efnZeArx2VVxLfNNS9865N53ymINQETtpjYT49Ko03z8U8yfn68DlIBHi9sN31 +JEYzoUafF58Eu883lAwTQ6qQrJF4HbrzGIQqgitHAgMBAAGjODA2MBEGA1UdDgQK +BAirmuv5wudUjzAMBgNVHRMEBTADAQH/MBMGA1UdIwQMMAqACKua6/nC51SPMA0G +CSqGSIb3DQEBBQUAA4GBABZWD2Gsh4tP62QSG8OFWUpo4TulIcFZLpGsaP4T/2Nt +7lXUoIJMN7wWjqkmYf5/Rvo4HxNcimq3EkeYcrm1VoDueJUYGvRjcCY5mxkghI27 +Yl/fLKE9/BvQOrvYzBs2EqKrrT7m4VK0dRMR7CeVpmPP08z0Tti6uK2tzBplp1pF +-----END CERTIFICATE----- diff --git a/tests/test10.pem b/tests/test10.pem new file mode 100644 index 0000000000..05e56eebbc --- /dev/null +++ b/tests/test10.pem @@ -0,0 +1,180 @@ +[ The end certificate is expired ] + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 20 (0x14) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, O=U.S. Government, OU=Dod, OU=Testing, CN=CA1-CP.03.02 + Validity + Not Before: Jan 1 12:01:00 1998 GMT + Not After : Jan 1 12:01:00 2000 GMT + Subject: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=User1-CP.03.02 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:c2:4c:89:6f:86:e1:b8:28:45:a6:33:d8:e5:2e: + ff:e3:d0:ff:2a:78:26:01:4e:07:75:5e:81:fe:7f: + bc:8a:c5:e2:0b:27:a1:0c:4e:08:2b:0e:e4:94:cb: + ad:b4:b9:7e:2d:c2:3a:3b:cc:e7:0f:7f:49:9a:4d: + 1e:d4:9f:c9:66:fd:69:f9:b1:e0:37:6b:4f:56:cd: + 8e:66:bb:23:a3:c2:89:dc:b1:33:35:f8:89:32:de: + 68:c4:67:a8:19:38:03:ef:f4:59:fd:be:e1:5c:c2: + aa:bf:1a:56:22:22:43:bb:b6:25:f6:62:4d:0e:1d: + 67:10:e8:51:6e:86:f2:5a:db + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature, Non Repudiation, Key Encipherment + X509v3 Certificate Policies: + Policy: 2.16.840.1.101.3.1.48.1 + + X509v3 Subject Key Identifier: + 12:39:F2:D8:6C:C5:5C:64 + X509v3 Authority Key Identifier: + keyid:F7:B9:C9:0A:AA:BA:FA:42 + + Signature Algorithm: sha1WithRSAEncryption + 27:0d:d3:dd:a2:f7:a5:86:d9:86:cc:20:b2:13:af:27:d6:35: + aa:fe:b9:47:aa:c2:95:2c:41:e6:5a:81:c3:af:90:92:2e:19: + a5:6e:7b:34:af:0b:c1:a1:92:d3:75:f3:0d:43:da:0e:2e:3f: + f5:18:46:08:7a:4f:db:87:c8:b2:44:b8:9f:88:cd:66:02:a9: + 1a:db:7a:54:45:68:ad:41:fb:70:e2:cd:0b:0d:9c:bb:03:25: + 29:b9:32:66:73:5d:c7:62:6a:4c:c3:25:1f:33:49:dd:c9:b2: + 69:7d:c5:ef:42:18:d0:e6:5b:c0:22:9d:52:8f:ee:31:50:ba: + 86:cb +-----BEGIN CERTIFICATE----- +MIIChjCCAe+gAwIBAgIBFDANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJVUzEY +MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb2QxEDAOBgNVBAsT +B1Rlc3RpbmcxFTATBgNVBAMTDENBMS1DUC4wMy4wMjAeFw05ODAxMDExMjAxMDBa +Fw0wMDAxMDExMjAxMDBaMGAxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdv +dmVybm1lbnQxDDAKBgNVBAsTA0RvRDEQMA4GA1UECxMHVGVzdGluZzEXMBUGA1UE +AxMOVXNlcjEtQ1AuMDMuMDIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMJM +iW+G4bgoRaYz2OUu/+PQ/yp4JgFOB3Vegf5/vIrF4gsnoQxOCCsO5JTLrbS5fi3C +OjvM5w9/SZpNHtSfyWb9afmx4DdrT1bNjma7I6PCidyxMzX4iTLeaMRnqBk4A+/0 +Wf2+4VzCqr8aViIiQ7u2JfZiTQ4dZxDoUW6G8lrbAgMBAAGjUjBQMA4GA1UdDwEB +/wQEAwIF4DAWBgNVHSAEDzANMAsGCWCGSAFlAwEwATARBgNVHQ4ECgQIEjny2GzF +XGQwEwYDVR0jBAwwCoAI97nJCqq6+kIwDQYJKoZIhvcNAQEFBQADgYEAJw3T3aL3 +pYbZhswgshOvJ9Y1qv65R6rClSxB5lqBw6+Qki4ZpW57NK8LwaGS03XzDUPaDi4/ +9RhGCHpP24fIskS4n4jNZgKpGtt6VEVorUH7cOLNCw2cuwMlKbkyZnNdx2JqTMMl +HzNJ3cmyaX3F70IY0OZbwCKdUo/uMVC6hss= +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 19 (0x13) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor + Validity + Not Before: Jan 1 12:01:00 1998 GMT + Not After : Jan 1 12:01:00 2048 GMT + Subject: C=US, O=U.S. Government, OU=Dod, OU=Testing, CN=CA1-CP.03.02 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:b8:01:b3:fc:80:35:14:70:86:bc:c3:8a:44:b0: + 68:1b:60:7d:ac:cf:4f:10:31:45:dd:e3:1c:31:eb: + dd:62:f5:00:9c:c9:64:a8:bd:03:b8:26:8c:de:6f: + d2:70:b7:23:76:f9:fd:d3:f8:9a:99:2f:f8:30:50: + 7b:8b:3b:62:04:5e:9c:c4:d8:2f:05:cd:08:3a:31: + af:93:89:2a:e5:bc:62:5f:79:c4:e5:4a:8a:05:98: + 4b:43:dd:78:7a:23:a3:79:3c:cd:5f:a7:2c:98:da: + c3:8e:84:04:4d:e5:2e:aa:47:d0:4e:bb:19:01:02: + aa:c0:4f:47:e0:a8:3d:93:b3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Certificate Policies: + Policy: 2.16.840.1.101.3.1.48.1 + + X509v3 Subject Key Identifier: + F7:B9:C9:0A:AA:BA:FA:42 + X509v3 Authority Key Identifier: + keyid:AB:9A:EB:F9:C2:E7:54:8F + + Signature Algorithm: sha1WithRSAEncryption + 5b:0a:5f:87:da:0e:3a:f8:fd:c4:74:b4:cd:c7:33:69:42:07: + 4e:4a:63:82:4d:3d:23:ea:44:46:5b:b4:67:4f:ab:1e:fa:59: + 1a:07:b8:3a:f3:43:16:d3:1c:e1:38:2d:84:67:32:75:b2:30: + 88:aa:20:8e:d1:81:33:6f:ec:34:72:0e:da:37:29:35:e3:ad: + 34:a2:f1:af:30:f8:63:45:5e:d7:ae:24:5c:1b:bd:32:6b:31: + c7:8b:06:ed:75:17:65:68:22:38:f7:ee:fc:79:b2:3d:57:73: + 6c:84:5e:25:d4:0e:e7:5e:52:37:1e:c9:76:05:72:52:4c:a1: + 07:13 +-----BEGIN CERTIFICATE----- +MIIClTCCAf6gAwIBAgIBEzANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJVUzEY +MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxEDAOBgNVBAsT +B1Rlc3RpbmcxFTATBgNVBAMTDFRydXN0IEFuY2hvcjAeFw05ODAxMDExMjAxMDBa +Fw00ODAxMDExMjAxMDBaMF4xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdv +dmVybm1lbnQxDDAKBgNVBAsTA0RvZDEQMA4GA1UECxMHVGVzdGluZzEVMBMGA1UE +AxMMQ0ExLUNQLjAzLjAyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4AbP8 +gDUUcIa8w4pEsGgbYH2sz08QMUXd4xwx691i9QCcyWSovQO4Jozeb9JwtyN2+f3T ++JqZL/gwUHuLO2IEXpzE2C8FzQg6Ma+TiSrlvGJfecTlSooFmEtD3Xh6I6N5PM1f +pyyY2sOOhARN5S6qR9BOuxkBAqrAT0fgqD2TswIDAQABo2MwYTAPBgNVHRMBAf8E +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAWBgNVHSAEDzANMAsGCWCGSAFlAwEwATAR +BgNVHQ4ECgQI97nJCqq6+kIwEwYDVR0jBAwwCoAIq5rr+cLnVI8wDQYJKoZIhvcN +AQEFBQADgYEAWwpfh9oOOvj9xHS0zcczaUIHTkpjgk09I+pERlu0Z0+rHvpZGge4 +OvNDFtMc4TgthGcydbIwiKogjtGBM2/sNHIO2jcpNeOtNKLxrzD4Y0Ve164kXBu9 +Mmsxx4sG7XUXZWgiOPfu/HmyPVdzbIReJdQO515SNx7JdgVyUkyhBxM= +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 99999 (0x1869f) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor + Validity + Not Before: Jan 1 12:01:00 1999 GMT + Not After : Jan 1 12:01:00 2048 GMT + Subject: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:d3:f3:b9:c1:33:b7:3f:a7:27:f6:41:1d:5c:9c: + 79:9d:aa:d2:95:10:b7:84:ce:da:a3:e5:58:0c:3e: + 4e:8b:56:bf:3e:aa:21:2d:50:13:fe:f3:19:2e:7a: + cb:11:cf:f3:d3:b8:5f:57:9f:9d:97:80:af:1d:95: + 57:12:df:34:d4:bd:f3:ae:4d:e7:7c:a6:20:d4:04: + 4e:da:63:61:3e:3d:2a:8d:37:cf:c5:3c:c9:f9:fa: + f0:39:48:04:78:bd:b0:dd:f5:24:46:33:a1:46:9f: + 17:9f:04:bb:cf:37:94:0c:13:43:aa:90:ac:91:78: + 1d:ba:f3:18:84:2a:82:2b:47 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + AB:9A:EB:F9:C2:E7:54:8F + X509v3 Basic Constraints: + CA:TRUE + X509v3 Authority Key Identifier: + keyid:AB:9A:EB:F9:C2:E7:54:8F + + Signature Algorithm: sha1WithRSAEncryption + 16:56:0f:61:ac:87:8b:4f:eb:64:12:1b:c3:85:59:4a:68:e1: + 3b:a5:21:c1:59:2e:91:ac:68:fe:13:ff:63:6d:ee:55:d4:a0: + 82:4c:37:bc:16:8e:a9:26:61:fe:7f:46:fa:38:1f:13:5c:8a: + 6a:b7:12:47:98:72:b9:b5:56:80:ee:78:95:18:1a:f4:63:70: + 26:39:9b:19:20:84:8d:bb:62:5f:df:2c:a1:3d:fc:1b:d0:3a: + bb:d8:cc:1b:36:12:a2:ab:ad:3e:e6:e1:52:b4:75:13:11:ec: + 27:95:a6:63:cf:d3:cc:f4:4e:d8:ba:b8:ad:ad:cc:1a:65:a7: + 5a:45 +-----BEGIN CERTIFICATE----- +MIICbDCCAdWgAwIBAgIDAYafMA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNVBAYTAlVT +MRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEQMA4GA1UE +CxMHVGVzdGluZzEVMBMGA1UEAxMMVHJ1c3QgQW5jaG9yMB4XDTk5MDEwMTEyMDEw +MFoXDTQ4MDEwMTEyMDEwMFowXjELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4g +R292ZXJubWVudDEMMAoGA1UECxMDRG9EMRAwDgYDVQQLEwdUZXN0aW5nMRUwEwYD +VQQDEwxUcnVzdCBBbmNob3IwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANPz +ucEztz+nJ/ZBHVyceZ2q0pUQt4TO2qPlWAw+TotWvz6qIS1QE/7zGS56yxHP89O4 +X1efnZeArx2VVxLfNNS9865N53ymINQETtpjYT49Ko03z8U8yfn68DlIBHi9sN31 +JEYzoUafF58Eu883lAwTQ6qQrJF4HbrzGIQqgitHAgMBAAGjODA2MBEGA1UdDgQK +BAirmuv5wudUjzAMBgNVHRMEBTADAQH/MBMGA1UdIwQMMAqACKua6/nC51SPMA0G +CSqGSIb3DQEBBQUAA4GBABZWD2Gsh4tP62QSG8OFWUpo4TulIcFZLpGsaP4T/2Nt +7lXUoIJMN7wWjqkmYf5/Rvo4HxNcimq3EkeYcrm1VoDueJUYGvRjcCY5mxkghI27 +Yl/fLKE9/BvQOrvYzBs2EqKrrT7m4VK0dRMR7CeVpmPP08z0Tti6uK2tzBplp1pF +-----END CERTIFICATE----- diff --git a/tests/test2.pem b/tests/test2.pem new file mode 100644 index 0000000000..af08bba7f8 --- /dev/null +++ b/tests/test2.pem @@ -0,0 +1,181 @@ +[ This should not be validated. The signature on the intermediate + certificate is invalid ] + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 3 (0x3) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, O=U.S. Government, OU=Dod, OU=Testing, CN=CA1-CP.01.02 + Validity + Not Before: Jan 1 12:01:00 1998 GMT + Not After : Jan 1 12:01:00 2048 GMT + Subject: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=User1-CP.01.02 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:bc:09:ad:94:fa:6c:95:d0:9d:9c:dc:de:ca:1c: + 67:f9:8d:b0:46:a0:e0:14:dd:ca:6f:7d:64:23:f6: + dc:f1:ac:4c:27:d5:db:3e:fe:a7:80:de:84:81:6b: + 9f:f3:7f:6b:57:75:9e:fc:aa:46:aa:50:18:f5:3c: + ea:d9:75:09:68:05:b5:74:be:cc:27:2d:0d:1e:f5: + 3f:be:9b:8d:de:b2:79:fe:6f:c7:17:4e:fd:20:48: + 44:77:d0:4e:33:3c:17:70:53:2e:4a:c2:f8:f5:65: + e7:06:da:2d:c1:17:44:e4:57:ac:5b:c1:be:c8:f4: + a2:ac:19:e0:2f:19:39:b8:7f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature, Non Repudiation, Key Encipherment + X509v3 Certificate Policies: + Policy: 2.16.840.1.101.3.1.48.1 + + X509v3 Subject Key Identifier: + 7F:99:92:8E:E3:61:B3:F8 + X509v3 Authority Key Identifier: + keyid:E6:8E:40:9B:4F:4D:94:E6 + + Signature Algorithm: sha1WithRSAEncryption + 2b:bc:1d:33:22:e5:21:9f:d0:b2:a8:f7:fc:0d:c6:6a:dd:1d: + e4:13:91:b4:54:d9:1f:45:5d:95:55:4e:58:dd:49:09:9c:6b: + 9e:37:88:14:1f:76:34:dc:d4:44:e7:a6:c6:00:71:ce:77:ae: + 58:d4:a5:62:57:29:4e:4d:b9:a4:06:ec:e9:13:1d:6d:3f:1d: + a2:f2:90:91:09:05:d9:35:de:43:ee:2a:92:d1:5a:2d:09:ed: + 55:3f:14:b0:4c:c7:47:80:e2:c3:4f:e0:1f:cb:6c:78:6a:85: + 17:b1:72:89:6f:27:8b:ac:c8:9d:23:be:7a:66:d4:2a:28:9b: + 8f:d2 +-----BEGIN CERTIFICATE----- +MIIChjCCAe+gAwIBAgIBAzANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJVUzEY +MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb2QxEDAOBgNVBAsT +B1Rlc3RpbmcxFTATBgNVBAMTDENBMS1DUC4wMS4wMjAeFw05ODAxMDExMjAxMDBa +Fw00ODAxMDExMjAxMDBaMGAxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdv +dmVybm1lbnQxDDAKBgNVBAsTA0RvRDEQMA4GA1UECxMHVGVzdGluZzEXMBUGA1UE +AxMOVXNlcjEtQ1AuMDEuMDIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALwJ +rZT6bJXQnZzc3socZ/mNsEag4BTdym99ZCP23PGsTCfV2z7+p4DehIFrn/N/a1d1 +nvyqRqpQGPU86tl1CWgFtXS+zCctDR71P76bjd6yef5vxxdO/SBIRHfQTjM8F3BT +LkrC+PVl5wbaLcEXRORXrFvBvsj0oqwZ4C8ZObh/AgMBAAGjUjBQMA4GA1UdDwEB +/wQEAwIF4DAWBgNVHSAEDzANMAsGCWCGSAFlAwEwATARBgNVHQ4ECgQIf5mSjuNh +s/gwEwYDVR0jBAwwCoAI5o5Am09NlOYwDQYJKoZIhvcNAQEFBQADgYEAK7wdMyLl +IZ/Qsqj3/A3Gat0d5BORtFTZH0VdlVVOWN1JCZxrnjeIFB92NNzUROemxgBxzneu +WNSlYlcpTk25pAbs6RMdbT8dovKQkQkF2TXeQ+4qktFaLQntVT8UsEzHR4Diw0/g +H8tseGqFF7FyiW8ni6zInSO+embUKiibj9I= +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor + Validity + Not Before: Jan 1 12:01:00 1998 GMT + Not After : Jan 1 12:01:00 2048 GMT + Subject: C=US, O=U.S. Government, OU=Dod, OU=Testing, CN=CA1-CP.01.02 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:d6:39:9e:21:93:e2:ba:35:7f:e5:f8:e8:87:0b: + 8a:5f:28:25:85:b7:e5:cc:da:7f:d3:c7:09:2a:63: + e9:ad:8f:d0:a8:ef:ba:cf:3c:fb:55:03:b9:83:29: + 4e:0e:89:84:fb:e2:62:16:1f:9d:87:40:16:6b:f8: + f4:66:38:58:74:67:d4:b5:a1:3a:4b:6f:13:4b:08: + 37:3a:3a:64:0a:06:8e:a2:7b:14:88:b7:f8:ce:6a: + d1:45:9b:39:93:67:bf:0a:ab:db:37:9d:fa:ce:54: + 0f:37:82:09:8f:0d:33:e4:b8:6e:46:c1:cc:4f:80: + 5a:b4:bd:19:80:27:40:84:49 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Certificate Policies: + Policy: 2.16.840.1.101.3.1.48.1 + + X509v3 Subject Key Identifier: + E6:8E:40:9B:4F:4D:94:E6 + X509v3 Authority Key Identifier: + keyid:AB:9A:EB:F9:C2:E7:54:8F + + Signature Algorithm: sha1WithRSAEncryption + dc:2e:d8:7b:9f:d3:7b:5e:0b:23:0a:3f:2c:ad:9f:9e:9a:1b: + 6d:00:37:76:13:a7:e5:48:2a:67:c9:4a:6d:0f:c7:57:50:fc: + fd:e5:3d:74:ad:af:e6:05:b8:dd:7b:c5:ab:8c:21:2b:45:8a: + 2c:1b:c1:15:c8:4a:b6:9f:53:d5:05:f7:08:8d:96:0a:a7:49: + 47:2a:a5:6b:a4:e4:42:c4:b7:e9:3d:7b:ff:0c:36:9f:3c:b5: + f3:9d:d8:85:f0:d8:36:c8:1e:e5:75:bc:61:93:5f:36:38:d5: + c5:c4:77:46:7c:85:c4:f6:b1:d5:82:25:21:28:86:74:8d:1d: + 9d:a8 +-----BEGIN CERTIFICATE----- +MIIClTCCAf6gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJVUzEY +MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxEDAOBgNVBAsT +B1Rlc3RpbmcxFTATBgNVBAMTDFRydXN0IEFuY2hvcjAeFw05ODAxMDExMjAxMDBa +Fw00ODAxMDExMjAxMDBaMF4xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdv +dmVybm1lbnQxDDAKBgNVBAsTA0RvZDEQMA4GA1UECxMHVGVzdGluZzEVMBMGA1UE +AxMMQ0ExLUNQLjAxLjAyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDWOZ4h +k+K6NX/l+OiHC4pfKCWFt+XM2n/TxwkqY+mtj9Co77rPPPtVA7mDKU4OiYT74mIW +H52HQBZr+PRmOFh0Z9S1oTpLbxNLCDc6OmQKBo6iexSIt/jOatFFmzmTZ78Kq9s3 +nfrOVA83ggmPDTPkuG5GwcxPgFq0vRmAJ0CESQIDAQABo2MwYTAPBgNVHRMBAf8E +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAWBgNVHSAEDzANMAsGCWCGSAFlAwEwATAR +BgNVHQ4ECgQI5o5Am09NlOYwEwYDVR0jBAwwCoAIq5rr+cLnVI8wDQYJKoZIhvcN +AQEFBQADgYEA3C7Ye5/Te14LIwo/LK2fnpobbQA3dhOn5UgqZ8lKbQ/HV1D8/eU9 +dK2v5gW43XvFq4whK0WKLBvBFchKtp9T1QX3CI2WCqdJRyqla6TkQsS36T17/ww2 +nzy1853YhfDYNsge5XW8YZNfNjjVxcR3RnyFxPax1YIlISiGdI0dnag= +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 99999 (0x1869f) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor + Validity + Not Before: Jan 1 12:01:00 1999 GMT + Not After : Jan 1 12:01:00 2048 GMT + Subject: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:d3:f3:b9:c1:33:b7:3f:a7:27:f6:41:1d:5c:9c: + 79:9d:aa:d2:95:10:b7:84:ce:da:a3:e5:58:0c:3e: + 4e:8b:56:bf:3e:aa:21:2d:50:13:fe:f3:19:2e:7a: + cb:11:cf:f3:d3:b8:5f:57:9f:9d:97:80:af:1d:95: + 57:12:df:34:d4:bd:f3:ae:4d:e7:7c:a6:20:d4:04: + 4e:da:63:61:3e:3d:2a:8d:37:cf:c5:3c:c9:f9:fa: + f0:39:48:04:78:bd:b0:dd:f5:24:46:33:a1:46:9f: + 17:9f:04:bb:cf:37:94:0c:13:43:aa:90:ac:91:78: + 1d:ba:f3:18:84:2a:82:2b:47 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + AB:9A:EB:F9:C2:E7:54:8F + X509v3 Basic Constraints: + CA:TRUE + X509v3 Authority Key Identifier: + keyid:AB:9A:EB:F9:C2:E7:54:8F + + Signature Algorithm: sha1WithRSAEncryption + 16:56:0f:61:ac:87:8b:4f:eb:64:12:1b:c3:85:59:4a:68:e1: + 3b:a5:21:c1:59:2e:91:ac:68:fe:13:ff:63:6d:ee:55:d4:a0: + 82:4c:37:bc:16:8e:a9:26:61:fe:7f:46:fa:38:1f:13:5c:8a: + 6a:b7:12:47:98:72:b9:b5:56:80:ee:78:95:18:1a:f4:63:70: + 26:39:9b:19:20:84:8d:bb:62:5f:df:2c:a1:3d:fc:1b:d0:3a: + bb:d8:cc:1b:36:12:a2:ab:ad:3e:e6:e1:52:b4:75:13:11:ec: + 27:95:a6:63:cf:d3:cc:f4:4e:d8:ba:b8:ad:ad:cc:1a:65:a7: + 5a:45 +-----BEGIN CERTIFICATE----- +MIICbDCCAdWgAwIBAgIDAYafMA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNVBAYTAlVT +MRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEQMA4GA1UE +CxMHVGVzdGluZzEVMBMGA1UEAxMMVHJ1c3QgQW5jaG9yMB4XDTk5MDEwMTEyMDEw +MFoXDTQ4MDEwMTEyMDEwMFowXjELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4g +R292ZXJubWVudDEMMAoGA1UECxMDRG9EMRAwDgYDVQQLEwdUZXN0aW5nMRUwEwYD +VQQDEwxUcnVzdCBBbmNob3IwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANPz +ucEztz+nJ/ZBHVyceZ2q0pUQt4TO2qPlWAw+TotWvz6qIS1QE/7zGS56yxHP89O4 +X1efnZeArx2VVxLfNNS9865N53ymINQETtpjYT49Ko03z8U8yfn68DlIBHi9sN31 +JEYzoUafF58Eu883lAwTQ6qQrJF4HbrzGIQqgitHAgMBAAGjODA2MBEGA1UdDgQK +BAirmuv5wudUjzAMBgNVHRMEBTADAQH/MBMGA1UdIwQMMAqACKua6/nC51SPMA0G +CSqGSIb3DQEBBQUAA4GBABZWD2Gsh4tP62QSG8OFWUpo4TulIcFZLpGsaP4T/2Nt +7lXUoIJMN7wWjqkmYf5/Rvo4HxNcimq3EkeYcrm1VoDueJUYGvRjcCY5mxkghI27 +Yl/fLKE9/BvQOrvYzBs2EqKrrT7m4VK0dRMR7CeVpmPP08z0Tti6uK2tzBplp1pF +-----END CERTIFICATE----- diff --git a/tests/test25.pem b/tests/test25.pem new file mode 100644 index 0000000000..057cbe0b5c --- /dev/null +++ b/tests/test25.pem @@ -0,0 +1,181 @@ + [ The intermediate certificate is invalid. It has basicConstraints + and it is not a CA. ] + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 50 (0x32) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, O=U.S. Government, OU=Dod, OU=Testing, CN=CA1-IC.02.03 + Validity + Not Before: Jan 1 12:01:00 1998 GMT + Not After : Jan 1 12:01:00 2048 GMT + Subject: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=User1-IC.02.03 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:b1:9b:a3:dc:84:ba:36:7d:44:55:3e:56:6c:5b: + e7:e4:71:d5:57:48:1b:fd:c4:ff:98:57:57:fc:48: + 38:5b:b8:98:47:d8:87:6b:41:84:fd:aa:20:c1:f6: + 29:ba:d1:d6:d8:96:e6:de:03:bd:30:81:33:73:4a: + 2a:aa:7b:e7:0a:62:ba:ee:c4:de:ae:a2:9a:dd:69: + 2d:b1:96:d7:73:55:2f:ef:35:81:85:97:9c:29:f3: + 1e:9c:58:8c:c4:c8:aa:a0:a4:3c:80:1e:38:6f:92: + 04:9d:4c:80:44:5b:2f:e3:41:97:e0:0a:dd:61:b8: + 4d:e4:3c:bf:0e:eb:d8:21:ab + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature, Non Repudiation, Key Encipherment + X509v3 Certificate Policies: + Policy: 2.16.840.1.101.3.1.48.1 + + X509v3 Subject Key Identifier: + 4B:F1:DB:20:8F:A4:8B:F9 + X509v3 Authority Key Identifier: + keyid:3E:C0:60:F6:D3:00:06:10 + + Signature Algorithm: sha1WithRSAEncryption + 58:7c:b8:b0:7a:d3:92:a6:35:5e:30:c1:63:95:e9:34:4c:a1: + 3f:a8:6d:72:78:d8:0f:d6:e8:b3:8c:23:c4:f9:49:53:2c:5d: + 21:60:02:5a:b2:c3:13:e4:79:89:10:8e:62:c8:7f:9c:30:09: + 12:d0:94:71:50:12:ba:4b:cf:e9:52:c9:68:58:f2:c5:43:9a: + 0a:9e:89:09:55:7e:b7:19:3b:16:1d:12:fd:4a:f7:67:2c:ac: + 7e:9e:4b:96:53:f5:a6:53:80:dc:df:e4:d4:79:62:96:3a:74: + f9:b9:d2:88:38:40:d7:ed:e1:26:1d:20:0c:c8:d6:51:d4:6a: + f7:23 +-----BEGIN CERTIFICATE----- +MIIChjCCAe+gAwIBAgIBMjANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJVUzEY +MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb2QxEDAOBgNVBAsT +B1Rlc3RpbmcxFTATBgNVBAMTDENBMS1JQy4wMi4wMzAeFw05ODAxMDExMjAxMDBa +Fw00ODAxMDExMjAxMDBaMGAxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdv +dmVybm1lbnQxDDAKBgNVBAsTA0RvRDEQMA4GA1UECxMHVGVzdGluZzEXMBUGA1UE +AxMOVXNlcjEtSUMuMDIuMDMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALGb +o9yEujZ9RFU+Vmxb5+Rx1VdIG/3E/5hXV/xIOFu4mEfYh2tBhP2qIMH2KbrR1tiW +5t4DvTCBM3NKKqp75wpiuu7E3q6imt1pLbGW13NVL+81gYWXnCnzHpxYjMTIqqCk +PIAeOG+SBJ1MgERbL+NBl+AK3WG4TeQ8vw7r2CGrAgMBAAGjUjBQMA4GA1UdDwEB +/wQEAwIF4DAWBgNVHSAEDzANMAsGCWCGSAFlAwEwATARBgNVHQ4ECgQIS/HbII+k +i/kwEwYDVR0jBAwwCoAIPsBg9tMABhAwDQYJKoZIhvcNAQEFBQADgYEAWHy4sHrT +kqY1XjDBY5XpNEyhP6htcnjYD9bos4wjxPlJUyxdIWACWrLDE+R5iRCOYsh/nDAJ +EtCUcVASukvP6VLJaFjyxUOaCp6JCVV+txk7Fh0S/Ur3Zyysfp5LllP1plOA3N/k +1Hliljp0+bnSiDhA1+3hJh0gDMjWUdRq9yM= +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 49 (0x31) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor + Validity + Not Before: Jan 1 12:01:00 1998 GMT + Not After : Jan 1 12:01:00 2048 GMT + Subject: C=US, O=U.S. Government, OU=Dod, OU=Testing, CN=CA1-IC.02.03 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:bb:2c:5b:7e:c8:62:2d:40:5a:92:10:f8:b4:dc: + 80:88:af:9c:9d:5a:71:4f:40:76:5d:10:c3:6e:da: + d4:54:dd:78:8e:a5:f6:a6:d7:09:74:c6:00:0f:18: + 19:10:2b:be:bc:39:f8:9d:a4:ff:e2:d6:18:18:39: + 4f:e2:b0:e0:79:77:20:0b:b1:cb:c8:43:d5:c9:1b: + 53:96:41:70:41:2e:02:ae:09:b3:12:e5:fb:83:84: + 13:5a:e0:a8:85:b8:63:1b:27:7f:d4:8e:5b:91:b0: + 3f:6a:69:7c:06:51:ab:dc:e3:7e:89:c1:b4:47:bd: + 6f:05:a2:66:81:61:86:35:85 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Certificate Policies: + Policy: 2.16.840.1.101.3.1.48.1 + + X509v3 Subject Key Identifier: + 3E:C0:60:F6:D3:00:06:10 + X509v3 Authority Key Identifier: + keyid:AB:9A:EB:F9:C2:E7:54:8F + + Signature Algorithm: sha1WithRSAEncryption + 35:97:1a:c9:34:d7:f8:51:a1:b5:15:09:f9:7b:98:03:b8:d1: + d7:80:89:2f:aa:93:1c:fb:dd:48:c8:07:37:0f:66:19:72:3f: + ee:c3:b9:23:8b:f5:bd:ac:8e:08:86:10:f6:5b:81:be:b4:d8: + 94:c3:e6:b9:e8:fc:f9:b8:4c:f1:84:d8:a6:28:8e:8d:51:40: + 37:0b:d2:28:0a:c8:f5:4d:82:00:60:5c:a0:13:17:c9:dc:a4: + 92:6f:2a:63:0e:20:b5:84:13:9d:e8:8e:cf:b5:6a:23:da:65: + 2d:60:35:d7:52:11:32:06:b2:0f:70:80:b7:83:6d:a7:37:75: + 55:21 +-----BEGIN CERTIFICATE----- +MIICjzCCAfigAwIBAgIBMTANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJVUzEY +MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxEDAOBgNVBAsT +B1Rlc3RpbmcxFTATBgNVBAMTDFRydXN0IEFuY2hvcjAeFw05ODAxMDExMjAxMDBa +Fw00ODAxMDExMjAxMDBaMF4xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdv +dmVybm1lbnQxDDAKBgNVBAsTA0RvZDEQMA4GA1UECxMHVGVzdGluZzEVMBMGA1UE +AxMMQ0ExLUlDLjAyLjAzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7LFt+ +yGItQFqSEPi03ICIr5ydWnFPQHZdEMNu2tRU3XiOpfam1wl0xgAPGBkQK768Ofid +pP/i1hgYOU/isOB5dyALscvIQ9XJG1OWQXBBLgKuCbMS5fuDhBNa4KiFuGMbJ3/U +jluRsD9qaXwGUavc436JwbRHvW8FomaBYYY1hQIDAQABo10wWzAJBgNVHRMEAjAA +MA4GA1UdDwEB/wQEAwIBBjAWBgNVHSAEDzANMAsGCWCGSAFlAwEwATARBgNVHQ4E +CgQIPsBg9tMABhAwEwYDVR0jBAwwCoAIq5rr+cLnVI8wDQYJKoZIhvcNAQEFBQAD +gYEANZcayTTX+FGhtRUJ+XuYA7jR14CJL6qTHPvdSMgHNw9mGXI/7sO5I4v1vayO +CIYQ9luBvrTYlMPmuej8+bhM8YTYpiiOjVFANwvSKArI9U2CAGBcoBMXydykkm8q +Yw4gtYQTneiOz7VqI9plLWA111IRMgayD3CAt4Ntpzd1VSE= +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 99999 (0x1869f) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor + Validity + Not Before: Jan 1 12:01:00 1999 GMT + Not After : Jan 1 12:01:00 2048 GMT + Subject: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:d3:f3:b9:c1:33:b7:3f:a7:27:f6:41:1d:5c:9c: + 79:9d:aa:d2:95:10:b7:84:ce:da:a3:e5:58:0c:3e: + 4e:8b:56:bf:3e:aa:21:2d:50:13:fe:f3:19:2e:7a: + cb:11:cf:f3:d3:b8:5f:57:9f:9d:97:80:af:1d:95: + 57:12:df:34:d4:bd:f3:ae:4d:e7:7c:a6:20:d4:04: + 4e:da:63:61:3e:3d:2a:8d:37:cf:c5:3c:c9:f9:fa: + f0:39:48:04:78:bd:b0:dd:f5:24:46:33:a1:46:9f: + 17:9f:04:bb:cf:37:94:0c:13:43:aa:90:ac:91:78: + 1d:ba:f3:18:84:2a:82:2b:47 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + AB:9A:EB:F9:C2:E7:54:8F + X509v3 Basic Constraints: + CA:TRUE + X509v3 Authority Key Identifier: + keyid:AB:9A:EB:F9:C2:E7:54:8F + + Signature Algorithm: sha1WithRSAEncryption + 16:56:0f:61:ac:87:8b:4f:eb:64:12:1b:c3:85:59:4a:68:e1: + 3b:a5:21:c1:59:2e:91:ac:68:fe:13:ff:63:6d:ee:55:d4:a0: + 82:4c:37:bc:16:8e:a9:26:61:fe:7f:46:fa:38:1f:13:5c:8a: + 6a:b7:12:47:98:72:b9:b5:56:80:ee:78:95:18:1a:f4:63:70: + 26:39:9b:19:20:84:8d:bb:62:5f:df:2c:a1:3d:fc:1b:d0:3a: + bb:d8:cc:1b:36:12:a2:ab:ad:3e:e6:e1:52:b4:75:13:11:ec: + 27:95:a6:63:cf:d3:cc:f4:4e:d8:ba:b8:ad:ad:cc:1a:65:a7: + 5a:45 +-----BEGIN CERTIFICATE----- +MIICbDCCAdWgAwIBAgIDAYafMA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNVBAYTAlVT +MRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEQMA4GA1UE +CxMHVGVzdGluZzEVMBMGA1UEAxMMVHJ1c3QgQW5jaG9yMB4XDTk5MDEwMTEyMDEw +MFoXDTQ4MDEwMTEyMDEwMFowXjELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4g +R292ZXJubWVudDEMMAoGA1UECxMDRG9EMRAwDgYDVQQLEwdUZXN0aW5nMRUwEwYD +VQQDEwxUcnVzdCBBbmNob3IwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANPz +ucEztz+nJ/ZBHVyceZ2q0pUQt4TO2qPlWAw+TotWvz6qIS1QE/7zGS56yxHP89O4 +X1efnZeArx2VVxLfNNS9865N53ymINQETtpjYT49Ko03z8U8yfn68DlIBHi9sN31 +JEYzoUafF58Eu883lAwTQ6qQrJF4HbrzGIQqgitHAgMBAAGjODA2MBEGA1UdDgQK +BAirmuv5wudUjzAMBgNVHRMEBTADAQH/MBMGA1UdIwQMMAqACKua6/nC51SPMA0G +CSqGSIb3DQEBBQUAA4GBABZWD2Gsh4tP62QSG8OFWUpo4TulIcFZLpGsaP4T/2Nt +7lXUoIJMN7wWjqkmYf5/Rvo4HxNcimq3EkeYcrm1VoDueJUYGvRjcCY5mxkghI27 +Yl/fLKE9/BvQOrvYzBs2EqKrrT7m4VK0dRMR7CeVpmPP08z0Tti6uK2tzBplp1pF +-----END CERTIFICATE----- diff --git a/tests/test3.pem b/tests/test3.pem new file mode 100644 index 0000000000..0647a14ddf --- /dev/null +++ b/tests/test3.pem @@ -0,0 +1,181 @@ +[ This should not be validated. The signature on the end + certificate is invalid ] + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 5 (0x5) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, O=U.S. Government, OU=Dod, OU=Testing, CN=CA1-CP.01.03 + Validity + Not Before: Jan 1 12:01:00 1998 GMT + Not After : Jan 1 12:01:00 2048 GMT + Subject: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=User1-CP.01.03 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:d0:03:d6:f4:23:ff:fe:01:18:45:d6:d5:0e:c7: + 5f:f0:14:c8:52:45:c8:7a:18:72:f8:39:cb:8b:bf: + f1:28:fa:a2:4a:e2:5e:3d:e4:9e:70:4a:0e:22:4b: + a4:a7:dc:b0:ee:69:e4:c4:12:e5:0c:c0:73:e9:71: + 12:b5:c3:f9:db:a2:c3:c9:66:eb:58:63:d1:2b:6c: + 47:38:43:16:c6:82:d6:06:a4:8f:35:3b:d1:1d:93: + 9b:3f:dd:8d:49:ea:3b:76:9a:db:02:02:73:83:55: + 01:79:c8:30:cb:07:fd:be:97:5c:56:69:0b:4f:c2: + df:64:cf:4e:ff:5a:6b:d9:ab + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature, Non Repudiation, Key Encipherment + X509v3 Certificate Policies: + Policy: 2.16.840.1.101.3.1.48.1 + + X509v3 Subject Key Identifier: + 3F:0D:B0:96:D8:91:AB:3E + X509v3 Authority Key Identifier: + keyid:CF:4F:16:84:CA:46:D8:9B + + Signature Algorithm: sha1WithRSAEncryption + 96:7e:36:89:1d:de:1f:26:b3:17:c0:91:8d:2f:49:9d:ab:3f: + db:a3:1a:06:d8:d4:c8:3b:5c:4a:34:d5:0d:61:65:71:cc:2b: + 43:b4:e0:b7:38:e4:36:6f:5f:0a:68:12:ca:fa:f2:0e:75:18: + 18:c0:e8:12:3c:18:34:b2:20:b4:20:24:54:81:01:4e:62:6f: + 96:a8:8f:1c:7f:ad:57:9a:09:bc:86:af:f8:59:fc:a2:41:e9: + ba:e2:b8:e2:e9:83:71:d2:a2:15:69:4e:cb:1a:d2:87:1c:d5: + dc:17:b3:fd:e1:e4:95:a3:d3:c3:f5:6c:56:1c:a1:f9:4a:ee: + e7:33 +-----BEGIN CERTIFICATE----- +MIIChjCCAe+gAwIBAgIBBTANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJVUzEY +MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb2QxEDAOBgNVBAsT +B1Rlc3RpbmcxFTATBgNVBAMTDENBMS1DUC4wMS4wMzAeFw05ODAxMDExMjAxMDBa +Fw00ODAxMDExMjAxMDBaMGAxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdv +dmVybm1lbnQxDDAKBgNVBAsTA0RvRDEQMA4GA1UECxMHVGVzdGluZzEXMBUGA1UE +AxMOVXNlcjEtQ1AuMDEuMDMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANAD +1vQj//4BGEXW1Q7HX/AUyFJFyHoYcvg5y4u/8Sj6okriXj3knnBKDiJLpKfcsO5p +5MQS5QzAc+lxErXD+duiw8lm61hj0StsRzhDFsaC1gakjzU70R2Tmz/djUnqO3aa +2wICc4NVAXnIMMsH/b6XXFZpC0/C32TPTv9aa9mrAgMBAAGjUjBQMA4GA1UdDwEB +/wQEAwIF4DAWBgNVHSAEDzANMAsGCWCGSAFlAwEwATARBgNVHQ4ECgQIPw2wltiR +qz4wEwYDVR0jBAwwCoAIz08WhMpG2JswDQYJKoZIhvcNAQEFBQADgYEAln42iR3e +HyazF8CRjS9Jnas/26MaBtjUyDtcSjTVDWFlccwrQ7TgtzjkNm9fCmgSyvryDnUY +GMDoEjwYNLIgtCAkVIEBTmJvlqiPHH+tV5oJvIav+Fn8okHpuuK44umDcdKiFWlO +yxrShxzV3Bez/eHklaPTw/VsVhyh+Uru5zM= +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4 (0x4) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor + Validity + Not Before: Jan 1 12:01:00 1998 GMT + Not After : Jan 1 12:01:00 2048 GMT + Subject: C=US, O=U.S. Government, OU=Dod, OU=Testing, CN=CA1-CP.01.03 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:b8:45:9d:11:f3:6b:00:f8:17:f2:ca:71:5e:a0: + 80:c6:ed:ce:48:95:9f:07:a2:b1:2f:f8:ee:08:8f: + 73:b2:ec:54:75:30:1e:27:a3:c8:43:10:13:c1:7f: + 97:c2:ac:04:7f:f0:f5:71:09:98:d5:8f:61:ce:c2: + 74:80:a9:44:20:c6:8e:96:3d:c9:a4:69:bb:b1:d7: + 69:3c:90:ae:b2:78:aa:b7:6f:bb:b9:7c:be:ad:6f: + b7:8a:12:54:33:b3:3f:09:7b:8c:f8:ac:20:e4:23: + 5d:2f:57:e5:f4:55:9e:48:a7:f1:2c:e3:6f:1d:c3: + 62:a8:37:c7:b2:1a:6c:37:f9 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Certificate Policies: + Policy: 2.16.840.1.101.3.1.48.1 + + X509v3 Subject Key Identifier: + CF:4F:16:84:CA:46:D8:9B + X509v3 Authority Key Identifier: + keyid:AB:9A:EB:F9:C2:E7:54:8F + + Signature Algorithm: sha1WithRSAEncryption + 43:e8:aa:94:5b:db:bc:37:a3:3b:f9:be:44:21:e1:d9:4b:94: + 6a:ed:45:b8:00:4e:6e:43:ce:bb:64:ef:f7:24:d6:bd:34:96: + 0d:1c:a0:74:e2:d0:46:23:8b:b2:38:2b:75:73:dd:6c:3b:ad: + 54:68:e5:94:1a:13:37:c7:1d:cf:74:96:8c:2a:5a:9a:98:39: + 4c:18:a4:02:bc:66:34:46:0c:0d:0b:cb:ea:7d:a5:91:47:1e: + b5:12:51:81:0e:d3:60:bb:c5:8f:df:92:c9:c2:97:7c:ce:42: + 51:70:32:09:f7:14:fd:0c:03:82:18:59:81:cf:7d:02:e0:d9: + b4:97 +-----BEGIN CERTIFICATE----- +MIIClTCCAf6gAwIBAgIBBDANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJVUzEY +MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxEDAOBgNVBAsT +B1Rlc3RpbmcxFTATBgNVBAMTDFRydXN0IEFuY2hvcjAeFw05ODAxMDExMjAxMDBa +Fw00ODAxMDExMjAxMDBaMF4xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdv +dmVybm1lbnQxDDAKBgNVBAsTA0RvZDEQMA4GA1UECxMHVGVzdGluZzEVMBMGA1UE +AxMMQ0ExLUNQLjAxLjAzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4RZ0R +82sA+BfyynFeoIDG7c5IlZ8HorEv+O4Ij3Oy7FR1MB4no8hDEBPBf5fCrAR/8PVx +CZjVj2HOwnSAqUQgxo6WPcmkabux12k8kK6yeKq3b7u5fL6tb7eKElQzsz8Je4z4 +rCDkI10vV+X0VZ5Ip/Es428dw2KoN8eyGmw3+QIDAQABo2MwYTAPBgNVHRMBAf8E +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAWBgNVHSAEDzANMAsGCWCGSAFlAwEwATAR +BgNVHQ4ECgQIz08WhMpG2JswEwYDVR0jBAwwCoAIq5rr+cLnVI8wDQYJKoZIhvcN +AQEFBQADgYEAQ+iqlFvbvDejO/m+RCHh2UuUau1FuABObkPOu2Tv9yTWvTSWDRyg +dOLQRiOLsjgrdXPdbDutVGjllBoTN8cdz3SWjCpampg5TBikArxmNEYMDQvL6n2l +kUcetRJRgQ7TYLvFj9+SycKXfM5CUXAyCfcU/QwDghhZgc99AuDZtJc= +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 99999 (0x1869f) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor + Validity + Not Before: Jan 1 12:01:00 1999 GMT + Not After : Jan 1 12:01:00 2048 GMT + Subject: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:d3:f3:b9:c1:33:b7:3f:a7:27:f6:41:1d:5c:9c: + 79:9d:aa:d2:95:10:b7:84:ce:da:a3:e5:58:0c:3e: + 4e:8b:56:bf:3e:aa:21:2d:50:13:fe:f3:19:2e:7a: + cb:11:cf:f3:d3:b8:5f:57:9f:9d:97:80:af:1d:95: + 57:12:df:34:d4:bd:f3:ae:4d:e7:7c:a6:20:d4:04: + 4e:da:63:61:3e:3d:2a:8d:37:cf:c5:3c:c9:f9:fa: + f0:39:48:04:78:bd:b0:dd:f5:24:46:33:a1:46:9f: + 17:9f:04:bb:cf:37:94:0c:13:43:aa:90:ac:91:78: + 1d:ba:f3:18:84:2a:82:2b:47 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + AB:9A:EB:F9:C2:E7:54:8F + X509v3 Basic Constraints: + CA:TRUE + X509v3 Authority Key Identifier: + keyid:AB:9A:EB:F9:C2:E7:54:8F + + Signature Algorithm: sha1WithRSAEncryption + 16:56:0f:61:ac:87:8b:4f:eb:64:12:1b:c3:85:59:4a:68:e1: + 3b:a5:21:c1:59:2e:91:ac:68:fe:13:ff:63:6d:ee:55:d4:a0: + 82:4c:37:bc:16:8e:a9:26:61:fe:7f:46:fa:38:1f:13:5c:8a: + 6a:b7:12:47:98:72:b9:b5:56:80:ee:78:95:18:1a:f4:63:70: + 26:39:9b:19:20:84:8d:bb:62:5f:df:2c:a1:3d:fc:1b:d0:3a: + bb:d8:cc:1b:36:12:a2:ab:ad:3e:e6:e1:52:b4:75:13:11:ec: + 27:95:a6:63:cf:d3:cc:f4:4e:d8:ba:b8:ad:ad:cc:1a:65:a7: + 5a:45 +-----BEGIN CERTIFICATE----- +MIICbDCCAdWgAwIBAgIDAYafMA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNVBAYTAlVT +MRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEQMA4GA1UE +CxMHVGVzdGluZzEVMBMGA1UEAxMMVHJ1c3QgQW5jaG9yMB4XDTk5MDEwMTEyMDEw +MFoXDTQ4MDEwMTEyMDEwMFowXjELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4g +R292ZXJubWVudDEMMAoGA1UECxMDRG9EMRAwDgYDVQQLEwdUZXN0aW5nMRUwEwYD +VQQDEwxUcnVzdCBBbmNob3IwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANPz +ucEztz+nJ/ZBHVyceZ2q0pUQt4TO2qPlWAw+TotWvz6qIS1QE/7zGS56yxHP89O4 +X1efnZeArx2VVxLfNNS9865N53ymINQETtpjYT49Ko03z8U8yfn68DlIBHi9sN31 +JEYzoUafF58Eu883lAwTQ6qQrJF4HbrzGIQqgitHAgMBAAGjODA2MBEGA1UdDgQK +BAirmuv5wudUjzAMBgNVHRMEBTADAQH/MBMGA1UdIwQMMAqACKua6/nC51SPMA0G +CSqGSIb3DQEBBQUAA4GBABZWD2Gsh4tP62QSG8OFWUpo4TulIcFZLpGsaP4T/2Nt +7lXUoIJMN7wWjqkmYf5/Rvo4HxNcimq3EkeYcrm1VoDueJUYGvRjcCY5mxkghI27 +Yl/fLKE9/BvQOrvYzBs2EqKrrT7m4VK0dRMR7CeVpmPP08z0Tti6uK2tzBplp1pF +-----END CERTIFICATE----- diff --git a/tests/x509_test.c b/tests/x509_test.c new file mode 100644 index 0000000000..3e645bd5b2 --- /dev/null +++ b/tests/x509_test.c @@ -0,0 +1,168 @@ +#include <stdio.h> +#include <gnutls_int.h> +#include <gnutls_x509.h> +#include <gnutls_cert.h> +#include <gnutls_errors.h> + +#define MAX_FILE_SIZE 16*1024 + +struct file_res { + char* test_file; + int result; +}; + +static struct file_res test_files[] = { + { "test1.pem", 0 }, + { "test2.pem", GNUTLS_CERT_INVALID | GNUTLS_CERT_NOT_TRUSTED }, + { "test3.pem", GNUTLS_CERT_INVALID | GNUTLS_CERT_NOT_TRUSTED }, + { "test10.pem", 0 }, + { "test25.pem", GNUTLS_CERT_INVALID | GNUTLS_CERT_NOT_TRUSTED }, + { NULL, 0 } +}; + +int _gnutls_verify_x509_file( char *cafile); + + +static void print_res( int x) { + if (x&GNUTLS_CERT_INVALID) + printf("- certificate is invalid\n"); + else + printf("- certificate is valid\n"); + if (x&GNUTLS_CERT_NOT_TRUSTED) + printf("- certificate is NOT trusted\n"); + else + printf("- certificate is trusted\n"); + if (x==GNUTLS_CERT_CORRUPTED) + printf("- Found a corrupted certificate.\n"); + return; +} + +int main() { + +int x; +char* file; +int i = 0, exp_result; + + gnutls_global_init(); + + fprintf(stderr, "This program will perform some tests on X.509 certificate\n"); + fprintf(stderr, "verification functions.\n\n"); + + for (;;) { + exp_result = test_files[i].result; + file = test_files[i++].test_file; + + if (file==NULL) break; + x = _gnutls_verify_x509_file( file); + + if (x<0) { + fprintf(stderr, "Unexpected error: %d\n", x); + exit(1); + } + printf("Test %d, file %s: ", i, file); + + if ( x != exp_result) { + printf("failed."); + fprintf(stderr, "Unexpected error in verification.\n"); + fprintf(stderr, "Certificate was found to be: \n"); + print_res( x); + } + printf("ok."); + + printf("\n"); + } + + return 0; + +} + +/* Verifies a base64 encoded certificate list from memory + */ +int _gnutls_verify_x509_mem( const char *ca, int ca_size) +{ + int siz, siz2, i; + unsigned char *b64; + const char *ptr; + int ret; + gnutls_datum tmp; + gnutls_cert* x509_ca_list=NULL; + int x509_ncas; + + siz = ca_size; + + ptr = ca; + + i = 1; + + do { + siz2 = _gnutls_fbase64_decode(ptr, siz, &b64); + siz -= siz2; /* FIXME: this is not enough + */ + + if (siz2 < 0) { + gnutls_assert(); + return GNUTLS_E_PARSING_ERROR; + } + + x509_ca_list = + (gnutls_cert *) gnutls_realloc( x509_ca_list, + i * + sizeof(gnutls_cert)); + if (x509_ca_list == NULL) { + gnutls_assert(); + gnutls_free(b64); + return GNUTLS_E_MEMORY_ERROR; + } + + tmp.data = b64; + tmp.size = siz2; + + if ((ret = + _gnutls_x509_cert2gnutls_cert(&x509_ca_list[i - 1], + tmp)) < 0) { + gnutls_assert(); + gnutls_free(b64); + return ret; + } + gnutls_free(b64); + + /* now we move ptr after the pem header */ + ptr = strstr(ptr, PEM_CERT_SEP); + if (ptr!=NULL) + ptr++; + + i++; + } while ((ptr = strstr(ptr, PEM_CERT_SEP)) != NULL); + + x509_ncas = i - 1; + + siz = _gnutls_x509_verify_certificate( x509_ca_list, x509_ncas-1, + &x509_ca_list[x509_ncas-1], 1, NULL, 0); + + return siz; +} + + + +/* Reads and verifies a base64 encoded certificate file + */ +int _gnutls_verify_x509_file( char *cafile) +{ + int siz; + char x[MAX_FILE_SIZE]; + FILE *fd1; + + fd1 = fopen(cafile, "rb"); + if (fd1 == NULL) { + gnutls_assert(); + return GNUTLS_E_FILE_ERROR; + } + + siz = fread(x, 1, sizeof(x)-1, fd1); + fclose(fd1); + + x[siz] = 0; + + return _gnutls_verify_x509_mem( x, siz); +} + |