diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2015-04-28 14:26:57 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2015-12-20 19:47:14 +0200 |
commit | c9820a78a235c91bcf35adf4bc95d5e658d81bed (patch) | |
tree | 9a94ac09e82c25e49e52fe2a946e57c49e22e889 /tests | |
parent | 45926d9561b2e888c505524663b7c7ad87c263bc (diff) | |
download | gnutls-c9820a78a235c91bcf35adf4bc95d5e658d81bed.tar.gz |
Handle DNS name constraints with leading dot
Patch by Fotis Loukos.
Resolves 3
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'tests')
-rw-r--r-- | tests/name-constraints.c | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/tests/name-constraints.c b/tests/name-constraints.c index c99d3c2831..346ce76323 100644 --- a/tests/name-constraints.c +++ b/tests/name-constraints.c @@ -76,6 +76,7 @@ const gnutls_datum_t cert = { cert_pem, sizeof(cert_pem) }; const gnutls_datum_t name1 = { (void*)"com", 3 }; const gnutls_datum_t name2 = { (void*)"example.com", sizeof("example.com")-1 }; const gnutls_datum_t name3 = { (void*)"another.example.com", sizeof("another.example.com")-1 }; +const gnutls_datum_t name4 = { (void*)".gr", 3 }; const gnutls_datum_t mail1 = { (void*)"example.com", sizeof("example.com")-1 }; const gnutls_datum_t mail2 = { (void*)".example.net", sizeof(".example.net")-1 }; @@ -168,6 +169,11 @@ void doit(void) if (ret < 0) fail("error in %d: %s\n", __LINE__, gnutls_strerror(ret)); + ret = gnutls_x509_name_constraints_add_permitted(nc, GNUTLS_SAN_DNSNAME, + &name4); + if (ret < 0) + fail("error in %d: %s\n", __LINE__, gnutls_strerror(ret)); + ret = gnutls_x509_name_constraints_add_excluded(nc, GNUTLS_SAN_URI, &name3); if (ret < 0) @@ -210,8 +216,8 @@ void doit(void) } } while(ret == 0); - if (i-1 != 4) { - fail("Could not read all contraints; read %d, expected %d\n", i-1, 4); + if (i-1 != 5) { + fail("Could not read all contraints; read %d, expected %d\n", i-1, 5); } i = 0; @@ -313,6 +319,12 @@ void doit(void) if (ret != 0) fail("Checking %s should have failed\n", name.data); + name.data = (unsigned char*)"www.example.gr"; + name.size = strlen((char*)name.data); + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_DNSNAME, &name); + if (ret == 0) + fail("Checking %s should have succeeded\n", name.data); + gnutls_x509_name_constraints_deinit(nc); gnutls_x509_crt_deinit(crt); |