summaryrefslogtreecommitdiff
path: root/tests/x509_test.c
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@gnutls.org>2002-09-05 16:05:40 +0000
committerNikos Mavrogiannopoulos <nmav@gnutls.org>2002-09-05 16:05:40 +0000
commit69bdcbc193726601b5173577683ee913d5cef83c (patch)
treed78117b740f37d2e99f84ffe9c263e699de4a07c /tests/x509_test.c
parenta2a9c8d2ee6f0a23e9376f08755781997a631167 (diff)
downloadgnutls-69bdcbc193726601b5173577683ee913d5cef83c.tar.gz
Added more tests for the X.509 certificate validation. These tests are now only included in the CVS not the distribution.
Diffstat (limited to 'tests/x509_test.c')
-rw-r--r--tests/x509_test.c117
1 files changed, 94 insertions, 23 deletions
diff --git a/tests/x509_test.c b/tests/x509_test.c
index 7a3b35ad4e..b1187221af 100644
--- a/tests/x509_test.c
+++ b/tests/x509_test.c
@@ -3,6 +3,9 @@
#include <gnutls_x509.h>
#include <gnutls_cert.h>
#include <gnutls_errors.h>
+#include <x509_b64.h>
+#include <x509_verify.h>
+#include <gnutls_global.h>
/* FIXME: This test uses gnutls internals. Rewrite it using
* the exported stuff. (I leave it as an exercise to the reader :)
@@ -20,14 +23,22 @@ static struct file_res test_files[] = {
{ "test2.pem", GNUTLS_CERT_INVALID | GNUTLS_CERT_NOT_TRUSTED },
{ "test3.pem", GNUTLS_CERT_INVALID | GNUTLS_CERT_NOT_TRUSTED },
{ "test10.pem", 0 },
+ { "test13.pem", GNUTLS_CERT_INVALID | GNUTLS_CERT_NOT_TRUSTED },
+ { "test22.pem", GNUTLS_CERT_INVALID | GNUTLS_CERT_NOT_TRUSTED },
+ { "test23.pem", GNUTLS_CERT_INVALID | GNUTLS_CERT_NOT_TRUSTED },
+ { "test24.pem", 0 },
{ "test25.pem", GNUTLS_CERT_INVALID | GNUTLS_CERT_NOT_TRUSTED },
+ { "test26.pem", 0 },
{ NULL, 0 }
};
-int _gnutls_verify_x509_file( char *cafile);
+#define CA_FILE "ca.pem"
+int _gnutls_verify_x509_file( const char* certfile, const char *cafile);
-static void print_res( int x) {
+
+static void print_res( int x)
+{
if (x&GNUTLS_CERT_INVALID)
printf("- certificate is invalid\n");
else
@@ -41,7 +52,8 @@ static void print_res( int x) {
return;
}
-int main() {
+int main()
+{
int x;
char* file;
@@ -57,7 +69,7 @@ int i = 0, exp_result;
file = test_files[i++].test_file;
if (file==NULL) break;
- x = _gnutls_verify_x509_file( file);
+ x = _gnutls_verify_x509_file( file, CA_FILE);
if (x<0) {
fprintf(stderr, "Unexpected error: %d\n", x);
@@ -84,19 +96,56 @@ int i = 0, exp_result;
/* Verifies a base64 encoded certificate list from memory
*/
-int _gnutls_verify_x509_mem( const char *ca, int ca_size)
+int _gnutls_verify_x509_mem( const char* cert, int cert_size,
+ const char *ca, int ca_size)
{
int siz, siz2, i;
unsigned char *b64;
const char *ptr;
int ret;
gnutls_datum tmp;
+ gnutls_cert* x509_cert_list=NULL;
gnutls_cert* x509_ca_list=NULL;
- int x509_ncas;
+ int x509_ncerts, x509_ncas;
+
+ /* Decode the CA certificate
+ */
+ siz2 = _gnutls_fbase64_decode( NULL, ca, ca_size, &b64);
+
+ if (siz2 < 0) {
+ fprintf(stderr, "Error decoding CA certificate\n");
+ gnutls_assert();
+ return GNUTLS_E_PARSING_ERROR;
+ }
+
+ x509_ca_list =
+ (gnutls_cert *) gnutls_calloc( 1, sizeof(gnutls_cert));
+ x509_ncas = 1;
+
+ if (x509_ca_list == NULL) {
+ fprintf(stderr, "memory error\n");
+ gnutls_free(b64);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ tmp.data = b64;
+ tmp.size = siz2;
+
+ if ((ret =
+ _gnutls_x509_cert2gnutls_cert( x509_ca_list,
+ tmp, 0)) < 0) {
+ fprintf(stderr, "Error parsing the CA certificate\n");
+ gnutls_assert();
+ gnutls_free(b64);
+ return ret;
+ }
+ gnutls_free(b64);
- siz = ca_size;
- ptr = ca;
+ /* Decode the certificate chain.
+ */
+ siz = cert_size;
+ ptr = cert;
i = 1;
@@ -110,11 +159,12 @@ int _gnutls_verify_x509_mem( const char *ca, int ca_size)
return GNUTLS_E_PARSING_ERROR;
}
- x509_ca_list =
- (gnutls_cert *) gnutls_realloc( x509_ca_list,
+ x509_cert_list =
+ (gnutls_cert *) gnutls_realloc( x509_cert_list,
i *
sizeof(gnutls_cert));
- if (x509_ca_list == NULL) {
+ if (x509_cert_list == NULL) {
+ fprintf(stderr, "memory error\n");
gnutls_assert();
gnutls_free(b64);
return GNUTLS_E_MEMORY_ERROR;
@@ -124,8 +174,9 @@ int _gnutls_verify_x509_mem( const char *ca, int ca_size)
tmp.size = siz2;
if ((ret =
- _gnutls_x509_cert2gnutls_cert(&x509_ca_list[i - 1],
- tmp, 0)) < 0) {
+ _gnutls_x509_cert2gnutls_cert( &x509_cert_list[i-1],
+ tmp, 0)) < 0) {
+ fprintf(stderr, "Error parsing the certificate\n");
gnutls_assert();
gnutls_free(b64);
return ret;
@@ -140,10 +191,15 @@ int _gnutls_verify_x509_mem( const char *ca, int ca_size)
i++;
} while ((ptr = strstr(ptr, PEM_CERT_SEP)) != NULL);
- x509_ncas = i - 1;
+ x509_ncerts = i - 1;
- siz = _gnutls_x509_verify_certificate( x509_ca_list, x509_ncas-1,
- &x509_ca_list[x509_ncas-1], 1, NULL, 0);
+ siz = _gnutls_x509_verify_certificate( x509_cert_list, x509_ncerts,
+ x509_ca_list, 1, NULL, 0);
+
+ _gnutls_free_cert( x509_ca_list[0]);
+ for (i=0;i<x509_ncerts;i++) {
+ _gnutls_free_cert( x509_cert_list[i]);
+ }
return siz;
}
@@ -152,23 +208,38 @@ int _gnutls_verify_x509_mem( const char *ca, int ca_size)
/* Reads and verifies a base64 encoded certificate file
*/
-int _gnutls_verify_x509_file( char *cafile)
+int _gnutls_verify_x509_file( const char* certfile, const char *cafile)
{
- int siz;
- char x[MAX_FILE_SIZE];
+ int ca_size, cert_size;
+ char ca[MAX_FILE_SIZE];
+ char cert[MAX_FILE_SIZE];
FILE *fd1;
- fd1 = fopen(cafile, "rb");
+ fd1 = fopen(certfile, "rb");
if (fd1 == NULL) {
+ fprintf(stderr, "error opening %s\n", certfile);
gnutls_assert();
return GNUTLS_E_FILE_ERROR;
}
- siz = fread(x, 1, sizeof(x)-1, fd1);
+ cert_size = fread(cert, 1, sizeof(cert)-1, fd1);
fclose(fd1);
- x[siz] = 0;
+ cert[cert_size] = 0;
+
+
+ fd1 = fopen(cafile, "rb");
+ if (fd1 == NULL) {
+ fprintf(stderr, "error opening %s\n", cafile);
+ gnutls_assert();
+ return GNUTLS_E_FILE_ERROR;
+ }
+
+ ca_size = fread(ca, 1, sizeof(ca)-1, fd1);
+ fclose(fd1);
+
+ ca[ca_size] = 0;
- return _gnutls_verify_x509_mem( x, siz);
+ return _gnutls_verify_x509_mem( cert, cert_size, ca, ca_size);
}