summaryrefslogtreecommitdiff
path: root/tests
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@gnutls.org>2012-09-16 23:02:35 +0200
committerNikos Mavrogiannopoulos <nmav@gnutls.org>2012-09-16 23:02:35 +0200
commitde90e7f1e82925e11486bf791086145ccd6801d4 (patch)
treed9454f33e3914f386a27228d2b63cfea490da53f /tests
parente7b65df28abd19bd9a2e8de11d7b1c9ead9c5fcf (diff)
downloadgnutls-de90e7f1e82925e11486bf791086145ccd6801d4.tar.gz
Added verification flags GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN, which is enabled by default for verifying TLS sessions.
Diffstat (limited to 'tests')
-rw-r--r--tests/chainverify-unsorted.c37
1 files changed, 29 insertions, 8 deletions
diff --git a/tests/chainverify-unsorted.c b/tests/chainverify-unsorted.c
index 336cef2f7a..716fbd20db 100644
--- a/tests/chainverify-unsorted.c
+++ b/tests/chainverify-unsorted.c
@@ -613,7 +613,7 @@ doit (void)
gnutls_x509_crt_t *crts;
unsigned int crts_size, i;
gnutls_x509_trust_list_t tl;
- unsigned int status;
+ unsigned int status, flags = GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN;
/* this must be called once in the program
*/
@@ -644,7 +644,7 @@ doit (void)
exit(1);
}
- ret = gnutls_x509_trust_list_verify_crt(tl, crts, crts_size, 0, &status, NULL);
+ ret = gnutls_x509_trust_list_verify_crt(tl, crts, crts_size, flags, &status, NULL);
if (ret < 0 || status != 0)
{
fail("gnutls_x509_trust_list_verify_crt - 1\n");
@@ -665,10 +665,10 @@ doit (void)
exit(1);
}
- ret = gnutls_x509_trust_list_verify_crt(tl, crts, crts_size, 0, &status, NULL);
+ ret = gnutls_x509_trust_list_verify_crt(tl, crts, crts_size, flags, &status, NULL);
if (ret < 0 || status != 0)
{
- fail("gnutls_x509_trust_list_verify_crt - 1\n");
+ fail("gnutls_x509_trust_list_verify_crt - 2\n");
exit(1);
}
@@ -686,10 +686,10 @@ doit (void)
exit(1);
}
- ret = gnutls_x509_trust_list_verify_crt(tl, crts, crts_size, 0, &status, NULL);
+ ret = gnutls_x509_trust_list_verify_crt(tl, crts, crts_size, flags, &status, NULL);
if (ret < 0 || status != 0)
{
- fail("gnutls_x509_trust_list_verify_crt - 1\n");
+ fail("gnutls_x509_trust_list_verify_crt - 3\n");
exit(1);
}
@@ -707,10 +707,31 @@ doit (void)
exit(1);
}
- ret = gnutls_x509_trust_list_verify_crt(tl, crts, crts_size, 0, &status, NULL);
+ ret = gnutls_x509_trust_list_verify_crt(tl, crts, crts_size, flags, &status, NULL);
if (ret < 0 || status != 0)
{
- fail("gnutls_x509_trust_list_verify_crt - 1\n");
+ fail("gnutls_x509_trust_list_verify_crt - 4\n");
+ exit(1);
+ }
+
+ for (i=0;i<crts_size;i++)
+ gnutls_x509_crt_deinit(crts[i]);
+ gnutls_free(crts);
+
+ /* Check if an unsorted list would fail if the unsorted flag is not given */
+ data.data = (void*) chain2;
+ data.size = sizeof(chain2);
+ ret = gnutls_x509_crt_list_import2(&crts, &crts_size, &data, GNUTLS_X509_FMT_PEM, 0);
+ if (ret < 0)
+ {
+ fail("gnutls_x509_crt_list_import2: %s\n", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ ret = gnutls_x509_trust_list_verify_crt(tl, crts, crts_size, 0, &status, NULL);
+ if (ret < 0 || status == 0)
+ {
+ fail("gnutls_x509_trust_list_verify_crt - 5\n");
exit(1);
}
View Lorry Controller Status