Test for pathlen bug (and general certificate parsing).

4 files changed, 192 insertions, 0 deletions

diff --git a/tests/pathlen/Makefile.am b/tests/pathlen/Makefile.am
new file mode 100644
index 0000000000..ca0af93fcf
--- /dev/null
+++ b/tests/pathlen/Makefile.am
@@ -0,0 +1,26 @@
+## Process this file with automake to produce Makefile.in
+# Copyright (C) 2007 Free Software Foundation
+#
+# Author: Simon Josefsson
+#
+# This file is part of GNUTLS.
+#
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This file is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this file; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+EXTRA_DIST = ca-no-pathlen.pem no-ca-or-pathlen.pem
+
+dist_check_SCRIPTS = pathlen
+
+TESTS = pathlen
diff --git a/tests/pathlen/ca-no-pathlen.pem b/tests/pathlen/ca-no-pathlen.pem
new file mode 100644
index 0000000000..9db5f2578a
--- /dev/null
+++ b/tests/pathlen/ca-no-pathlen.pem
@@ -0,0 +1,46 @@
+
+
+X.509 certificate info:
+
+Version: 3
+Serial Number (hex): 00
+Subject: O=GnuTLS test certificate
+Issuer: O=GnuTLS test certificate
+Signature Algorithm: RSA-SHA
+Validity:
+	Not Before: Fri Jan 26 11:00:04 2007
+	Not After: Sat Jan 27 11:00:06 2007
+Subject Public Key Info:
+	Public Key Algorithm: RSA (512 bits)
+modulus:
+	a1:63:53:6b:54:95:ac:3c:a4:4b:4b:6a:ba:c0:9c:
+	11:ad:28:dd:03:a8:c0:f4:17:bf:18:cd:9f:b3:5a:
+	d1:de:21:41:db:a3:d2:6c:f9:66:87:69:7c:50:07:
+	81:66:41:28:c9:99:e2:eb:cc:57:53:9d:0c:b1:94:
+	6f:ef:eb:17:
+public exponent:
+	01:00:01:
+
+X.509 Extensions:
+	Basic Constraints: (critical)
+		CA:TRUE
+	Subject Key ID: 
+		3F:00:01:2D:F1:30:4B:60:A3:B0:30:6C:AB:0E:93:FE:01:58:80:1B
+
+Other information:
+	MD5 Fingerprint: 5C:CE:3C:6F:6E:C6:9C:72:4F:33:15:5A:06:DE:73:22
+	SHA1 Fingerprint: F3:DD:D5:47:8B:80:B1:42:20:0B:50:C9:EB:2E:E3:70:61:B0:9E:D6
+	Public Key ID: 3F:00:01:2D:F1:30:4B:60:A3:B0:30:6C:AB:0E:93:FE:01:58:80:1B
+
+
+-----BEGIN CERTIFICATE-----
+MIIBYDCCAQygAwIBAgIBADALBgkqhkiG9w0BAQUwIjEgMB4GA1UEChMXR251VExT
+IHRlc3QgY2VydGlmaWNhdGUwHhcNMDcwMTI2MTAwMDA0WhcNMDcwMTI3MTAwMDA2
+WjAiMSAwHgYDVQQKExdHbnVUTFMgdGVzdCBjZXJ0aWZpY2F0ZTBZMAsGCSqGSIb3
+DQEBAQNKADBHAkChY1NrVJWsPKRLS2q6wJwRrSjdA6jA9Be/GM2fs1rR3iFB26PS
+bPlmh2l8UAeBZkEoyZni68xXU50MsZRv7+sXAgMBAAGjMjAwMA8GA1UdEwEB/wQF
+MAMBAf8wHQYDVR0OBBYEFD8AAS3xMEtgo7AwbKsOk/4BWIAbMAsGCSqGSIb3DQEB
+BQNBAJvBttnfLLEd3doUGZSzfBLpM6UutcCCHUV6v3O5MHSd825+TPON7Sr4PzkE
+76T94/zLuh8qHa3z+Wg59G0fahU=
+-----END CERTIFICATE-----
+
diff --git a/tests/pathlen/no-ca-or-pathlen.pem b/tests/pathlen/no-ca-or-pathlen.pem
new file mode 100644
index 0000000000..3063d656b1
--- /dev/null
+++ b/tests/pathlen/no-ca-or-pathlen.pem
@@ -0,0 +1,76 @@
+
+
+X.509 certificate info:
+
+Version: 3
+Serial Number (hex): 2E:10:37:03:DF:46:85:9D:7A:55:0D:A6:59:61:85:38
+Subject: O=VeriSign\, Inc.,OU=VeriSign Trust Network,OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98,OU=Persona Not Validated,OU=Digital ID Class 1 - Netscape,CN=Simon Josefsson,EMAIL=simon@josefsson.org
+Issuer: O=VeriSign\, Inc.,OU=VeriSign Trust Network,OU=www.verisign.com/repository/RPA Incorp. By Ref.\,LIAB.LTD(c)98,CN=VeriSign Class 1 CA Individual Subscriber-Persona Not Validated
+Signature Algorithm: RSA-MD5
+Validity:
+	Not Before: Mon Jun 26 02:00:00 2000
+	Not After: Sat Aug 26 01:59:59 2000
+Subject Public Key Info:
+	Public Key Algorithm: RSA (1024 bits)
+modulus:
+	c9:0c:ce:8a:fe:71:46:9b:ca:1d:e5:90:12:a5:11:
+	0b:c6:2d:c4:33:c6:19:e8:60:59:4e:3f:64:3d:e4:
+	f7:7b:b0:be:f9:10:07:e9:7c:a6:c6:5a:51:33:24:
+	97:7b:a3:e1:08:b4:52:b6:06:10:7d:65:df:6e:52:
+	bd:81:3f:39:ad:b3:ad:17:13:88:22:e7:43:8c:39:
+	b7:c2:c4:ba:4a:8b:54:15:49:55:a4:4d:cc:00:56:
+	7b:c8:63:4e:37:de:fb:79:0f:45:dc:e9:5c:cd:70:
+	f0:64:42:35:84:db:e6:59:a4:cb:4b:fe:0f:47:28:
+	0c:35:11:a9:40:fc:ba:a5:
+public exponent:
+	01:00:01:
+
+X.509 Extensions:
+	CRL Distribution points:
+		URI: http://crl.verisign.com/class1.crl
+	Basic Constraints:
+		CA:FALSE
+	2.5.29.32: 
+		DER Data: 303b3039060b6086480186f84501070108302a302806082b06010505070201161c68747470733a2f2f7777772e766572697369676e2e636f6d2f727061
+		ASCII: 0;09..`.H...E....0*0(..+.........https://www.verisign.com/rpa
+	2.16.840.1.113730.1.1: 
+		DER Data: 03020780
+		ASCII: ....
+	2.16.840.1.113733.1.6.3: 
+		DER Data: 167664343635326264363366323034373032393239383736336339643266323735303639633733353962656431623035396461373562633462633937303137343764613564356534313431626561646232626432653838333137616637626635643531313439393761336266343566386633656134353063
+		ASCII: .vd4652bd63f2047029298763c9d2f275069c7359bed1b059da75bc4bc9701747da5d5e4141beadb2bd2e88317af7bf5d5114997a3bf45f8f3ea450c
+
+Other information:
+	MD5 Fingerprint: 7C:0A:C1:98:03:8B:55:03:3B:4E:A8:B1:4C:CC:C5:40
+	SHA1 Fingerprint: 8F:73:5C:5D:DE:FD:72:3F:59:B6:A3:BB:2A:C0:52:24:70:C0:18:2F
+	Public Key ID: DD:1A:66:39:3A:03:31:6A:CC:51:B1:EC:A3:AA:36:8D:3B:A6:48:FE
+
+
+-----BEGIN CERTIFICATE-----
+MIIEhDCCA+2gAwIBAgIQLhA3A99GhZ16VQ2mWWGFODANBgkqhkiG9w0BAQQFADCB
+zDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRy
+dXN0IE5ldHdvcmsxRjBEBgNVBAsTPXd3dy52ZXJpc2lnbi5jb20vcmVwb3NpdG9y
+eS9SUEEgSW5jb3JwLiBCeSBSZWYuLExJQUIuTFREKGMpOTgxSDBGBgNVBAMTP1Zl
+cmlTaWduIENsYXNzIDEgQ0EgSW5kaXZpZHVhbCBTdWJzY3JpYmVyLVBlcnNvbmEg
+Tm90IFZhbGlkYXRlZDAeFw0wMDA2MjYwMDAwMDBaFw0wMDA4MjUyMzU5NTlaMIIB
+CDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRy
+dXN0IE5ldHdvcmsxRjBEBgNVBAsTPXd3dy52ZXJpc2lnbi5jb20vcmVwb3NpdG9y
+eS9SUEEgSW5jb3JwLiBieSBSZWYuLExJQUIuTFREKGMpOTgxHjAcBgNVBAsTFVBl
+cnNvbmEgTm90IFZhbGlkYXRlZDEmMCQGA1UECxMdRGlnaXRhbCBJRCBDbGFzcyAx
+IC0gTmV0c2NhcGUxGDAWBgNVBAMUD1NpbW9uIEpvc2Vmc3NvbjEiMCAGCSqGSIb3
+DQEJARYTc2ltb25Aam9zZWZzc29uLm9yZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
+gYkCgYEAyQzOiv5xRpvKHeWQEqURC8YtxDPGGehgWU4/ZD3k93uwvvkQB+l8psZa
+UTMkl3uj4Qi0UrYGEH1l325SvYE/Oa2zrRcTiCLnQ4w5t8LEukqLVBVJVaRNzABW
+e8hjTjfe+3kPRdzpXM1w8GRCNYTb5lmky0v+D0coDDURqUD8uqUCAwEAAaOCASYw
+ggEiMAkGA1UdEwQCMAAwRAYDVR0gBD0wOzA5BgtghkgBhvhFAQcBCDAqMCgGCCsG
+AQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMBEGCWCGSAGG+EIB
+AQQEAwIHgDCBhgYKYIZIAYb4RQEGAwR4FnZkNDY1MmJkNjNmMjA0NzAyOTI5ODc2
+M2M5ZDJmMjc1MDY5YzczNTliZWQxYjA1OWRhNzViYzRiYzk3MDE3NDdkYTVkNWU0
+MTQxYmVhZGIyYmQyZTg4MzE3YWY3YmY1ZDUxMTQ5OTdhM2JmNDVmOGYzZWE0NTBj
+MDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwudmVyaXNpZ24uY29tL2NsYXNz
+MS5jcmwwDQYJKoZIhvcNAQEEBQADgYEACTgvV56RpNJC2ddEwdgXFEkAaZ9r5JWT
+Nf2Wdv+Lv57dBWuCsvOvD/igL41lCCdU1I9Hecm+2fnOr38qBhcm87nmdLq5NT42
+Vl1BnM5o/NvFMUIJMjfnty6kxVHl/uVFWQxEys6tdyRStHhfzE8Vp48ggVZlCFA3
+dbyiEYJySHY=
+-----END CERTIFICATE-----
+
diff --git a/tests/pathlen/pathlen b/tests/pathlen/pathlen
new file mode 100755
index 0000000000..4eb399e765
--- /dev/null
+++ b/tests/pathlen/pathlen
@@ -0,0 +1,44 @@
+#!/bin/sh
+
+# Copyright (C) 2006, 2007 Free Software Foundation
+#
+# Author: Simon Josefsson
+#
+# This file is part of GNUTLS.
+#
+# GNUTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 2 of the License, or (at
+# your option) any later version.
+#
+# GNUTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GNUTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+set -e
+
+srcdir=${srcdir:-.}
+CERTTOOL=${CERTTOOL:-../../src/certtool}
+
+$CERTTOOL --certificate-info --infile $srcdir/ca-no-pathlen.pem \
+	  --outfile new-ca-no-pathlen.pem
+$CERTTOOL --certificate-info --infile $srcdir/no-ca-or-pathlen.pem \
+	  --outfile new-no-ca-or-pathlen.pem
+
+diff -ur $srcdir/ca-no-pathlen.pem new-ca-no-pathlen.pem
+rc1=$?
+diff -ur $srcdir/no-ca-or-pathlen.pem new-no-ca-or-pathlen.pem
+rc2=$?
+
+rm -f new-ca-no-pathlen.pem new-no-ca-or-pathlen.pem
+
+# We're done.
+if test "$rc1" != "0"; then
+  exit $rc1
+fi
+exit $rc2