summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--tests/Makefile.am8
-rw-r--r--tests/test1.pem118
-rw-r--r--tests/test10.pem180
-rw-r--r--tests/test2.pem181
-rw-r--r--tests/test25.pem181
-rw-r--r--tests/test3.pem181
-rw-r--r--tests/x509_test.c168
7 files changed, 1017 insertions, 0 deletions
diff --git a/tests/Makefile.am b/tests/Makefile.am
new file mode 100644
index 0000000000..df3a4b6838
--- /dev/null
+++ b/tests/Makefile.am
@@ -0,0 +1,8 @@
+## Process this file with automake to produce Makefile.in
+
+INCLUDES= -I../lib/
+
+noinst_PROGRAMS = x509test
+x509test_SOURCES = x509_test.c
+x509test_LDADD = ../lib/libgnutls.la -lgcrypt
+TESTS = x509test
diff --git a/tests/test1.pem b/tests/test1.pem
new file mode 100644
index 0000000000..960e907af3
--- /dev/null
+++ b/tests/test1.pem
@@ -0,0 +1,118 @@
+[ This should be successfully validated ]
+
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 1 (0x1)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor
+ Validity
+ Not Before: Jan 1 12:01:00 1998 GMT
+ Not After : Jan 1 12:01:00 2048 GMT
+ Subject: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=User1-CP.01.01
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:c6:34:ec:6f:0c:e0:59:0e:bc:5f:ba:2e:93:bb:
+ 04:a7:03:b9:70:8a:b9:d7:e5:d7:e6:ca:4a:8c:23:
+ d8:60:b3:6b:cb:88:88:c7:d8:48:7e:64:f9:f6:1b:
+ e3:79:46:41:e4:61:f7:25:47:71:f3:50:94:4e:f2:
+ 7c:6a:37:b6:0c:46:bf:9c:96:a5:e2:af:0c:ca:8b:
+ f0:8c:ba:43:4a:08:8e:6a:87:f3:46:4e:cf:6d:5d:
+ 52:47:ab:99:c7:24:cd:31:0e:7d:ef:d1:d9:f3:69:
+ 24:fb:fc:33:6e:29:ab:6f:52:75:80:2a:bb:e0:a9:
+ 2c:31:c5:b7:0b:3d:3b:ea:b5
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Key Usage: critical
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Certificate Policies:
+ Policy: 2.16.840.1.101.3.1.48.1
+
+ X509v3 Subject Key Identifier:
+ AC:DB:FC:F1:BC:05:2E:D2
+ X509v3 Authority Key Identifier:
+ keyid:AB:9A:EB:F9:C2:E7:54:8F
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 2b:88:4f:82:85:ad:65:b1:df:ea:a5:9f:45:f9:ab:3e:bc:fd:
+ 84:31:f5:eb:8e:0d:ac:9a:29:d9:8e:cc:5f:3b:93:b6:9a:35:
+ ce:9e:0d:08:6e:3e:8a:2d:02:48:e7:ef:86:e8:1c:f3:23:a6:
+ ab:72:3a:a2:58:04:d1:5d:7a:56:d0:b9:6e:bd:bc:f7:65:07:
+ 61:9e:79:43:8a:10:f4:15:a8:b9:55:65:3b:26:3d:ae:88:0e:
+ 07:5e:b4:06:7b:2a:04:42:c5:85:3d:16:7f:a9:a7:6e:c7:43:
+ 1b:e0:41:e5:f1:72:78:ae:b5:69:80:d6:57:ce:24:4b:b7:12:
+ 5f:9c
+-----BEGIN CERTIFICATE-----
+MIIChjCCAe+gAwIBAgIBATANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJVUzEY
+MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxEDAOBgNVBAsT
+B1Rlc3RpbmcxFTATBgNVBAMTDFRydXN0IEFuY2hvcjAeFw05ODAxMDExMjAxMDBa
+Fw00ODAxMDExMjAxMDBaMGAxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdv
+dmVybm1lbnQxDDAKBgNVBAsTA0RvRDEQMA4GA1UECxMHVGVzdGluZzEXMBUGA1UE
+AxMOVXNlcjEtQ1AuMDEuMDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMY0
+7G8M4FkOvF+6LpO7BKcDuXCKudfl1+bKSowj2GCza8uIiMfYSH5k+fYb43lGQeRh
+9yVHcfNQlE7yfGo3tgxGv5yWpeKvDMqL8Iy6Q0oIjmqH80ZOz21dUkermcckzTEO
+fe/R2fNpJPv8M24pq29SdYAqu+CpLDHFtws9O+q1AgMBAAGjUjBQMA4GA1UdDwEB
+/wQEAwIF4DAWBgNVHSAEDzANMAsGCWCGSAFlAwEwATARBgNVHQ4ECgQIrNv88bwF
+LtIwEwYDVR0jBAwwCoAIq5rr+cLnVI8wDQYJKoZIhvcNAQEFBQADgYEAK4hPgoWt
+ZbHf6qWfRfmrPrz9hDH1644NrJop2Y7MXzuTtpo1zp4NCG4+ii0CSOfvhugc8yOm
+q3I6olgE0V16VtC5br2892UHYZ55Q4oQ9BWouVVlOyY9rogOB160BnsqBELFhT0W
+f6mnbsdDG+BB5fFyeK61aYDWV84kS7cSX5w=
+-----END CERTIFICATE-----
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 99999 (0x1869f)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor
+ Validity
+ Not Before: Jan 1 12:01:00 1999 GMT
+ Not After : Jan 1 12:01:00 2048 GMT
+ Subject: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:d3:f3:b9:c1:33:b7:3f:a7:27:f6:41:1d:5c:9c:
+ 79:9d:aa:d2:95:10:b7:84:ce:da:a3:e5:58:0c:3e:
+ 4e:8b:56:bf:3e:aa:21:2d:50:13:fe:f3:19:2e:7a:
+ cb:11:cf:f3:d3:b8:5f:57:9f:9d:97:80:af:1d:95:
+ 57:12:df:34:d4:bd:f3:ae:4d:e7:7c:a6:20:d4:04:
+ 4e:da:63:61:3e:3d:2a:8d:37:cf:c5:3c:c9:f9:fa:
+ f0:39:48:04:78:bd:b0:dd:f5:24:46:33:a1:46:9f:
+ 17:9f:04:bb:cf:37:94:0c:13:43:aa:90:ac:91:78:
+ 1d:ba:f3:18:84:2a:82:2b:47
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ AB:9A:EB:F9:C2:E7:54:8F
+ X509v3 Basic Constraints:
+ CA:TRUE
+ X509v3 Authority Key Identifier:
+ keyid:AB:9A:EB:F9:C2:E7:54:8F
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 16:56:0f:61:ac:87:8b:4f:eb:64:12:1b:c3:85:59:4a:68:e1:
+ 3b:a5:21:c1:59:2e:91:ac:68:fe:13:ff:63:6d:ee:55:d4:a0:
+ 82:4c:37:bc:16:8e:a9:26:61:fe:7f:46:fa:38:1f:13:5c:8a:
+ 6a:b7:12:47:98:72:b9:b5:56:80:ee:78:95:18:1a:f4:63:70:
+ 26:39:9b:19:20:84:8d:bb:62:5f:df:2c:a1:3d:fc:1b:d0:3a:
+ bb:d8:cc:1b:36:12:a2:ab:ad:3e:e6:e1:52:b4:75:13:11:ec:
+ 27:95:a6:63:cf:d3:cc:f4:4e:d8:ba:b8:ad:ad:cc:1a:65:a7:
+ 5a:45
+-----BEGIN CERTIFICATE-----
+MIICbDCCAdWgAwIBAgIDAYafMA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNVBAYTAlVT
+MRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEQMA4GA1UE
+CxMHVGVzdGluZzEVMBMGA1UEAxMMVHJ1c3QgQW5jaG9yMB4XDTk5MDEwMTEyMDEw
+MFoXDTQ4MDEwMTEyMDEwMFowXjELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4g
+R292ZXJubWVudDEMMAoGA1UECxMDRG9EMRAwDgYDVQQLEwdUZXN0aW5nMRUwEwYD
+VQQDEwxUcnVzdCBBbmNob3IwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANPz
+ucEztz+nJ/ZBHVyceZ2q0pUQt4TO2qPlWAw+TotWvz6qIS1QE/7zGS56yxHP89O4
+X1efnZeArx2VVxLfNNS9865N53ymINQETtpjYT49Ko03z8U8yfn68DlIBHi9sN31
+JEYzoUafF58Eu883lAwTQ6qQrJF4HbrzGIQqgitHAgMBAAGjODA2MBEGA1UdDgQK
+BAirmuv5wudUjzAMBgNVHRMEBTADAQH/MBMGA1UdIwQMMAqACKua6/nC51SPMA0G
+CSqGSIb3DQEBBQUAA4GBABZWD2Gsh4tP62QSG8OFWUpo4TulIcFZLpGsaP4T/2Nt
+7lXUoIJMN7wWjqkmYf5/Rvo4HxNcimq3EkeYcrm1VoDueJUYGvRjcCY5mxkghI27
+Yl/fLKE9/BvQOrvYzBs2EqKrrT7m4VK0dRMR7CeVpmPP08z0Tti6uK2tzBplp1pF
+-----END CERTIFICATE-----
diff --git a/tests/test10.pem b/tests/test10.pem
new file mode 100644
index 0000000000..05e56eebbc
--- /dev/null
+++ b/tests/test10.pem
@@ -0,0 +1,180 @@
+[ The end certificate is expired ]
+
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 20 (0x14)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, O=U.S. Government, OU=Dod, OU=Testing, CN=CA1-CP.03.02
+ Validity
+ Not Before: Jan 1 12:01:00 1998 GMT
+ Not After : Jan 1 12:01:00 2000 GMT
+ Subject: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=User1-CP.03.02
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:c2:4c:89:6f:86:e1:b8:28:45:a6:33:d8:e5:2e:
+ ff:e3:d0:ff:2a:78:26:01:4e:07:75:5e:81:fe:7f:
+ bc:8a:c5:e2:0b:27:a1:0c:4e:08:2b:0e:e4:94:cb:
+ ad:b4:b9:7e:2d:c2:3a:3b:cc:e7:0f:7f:49:9a:4d:
+ 1e:d4:9f:c9:66:fd:69:f9:b1:e0:37:6b:4f:56:cd:
+ 8e:66:bb:23:a3:c2:89:dc:b1:33:35:f8:89:32:de:
+ 68:c4:67:a8:19:38:03:ef:f4:59:fd:be:e1:5c:c2:
+ aa:bf:1a:56:22:22:43:bb:b6:25:f6:62:4d:0e:1d:
+ 67:10:e8:51:6e:86:f2:5a:db
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Key Usage: critical
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Certificate Policies:
+ Policy: 2.16.840.1.101.3.1.48.1
+
+ X509v3 Subject Key Identifier:
+ 12:39:F2:D8:6C:C5:5C:64
+ X509v3 Authority Key Identifier:
+ keyid:F7:B9:C9:0A:AA:BA:FA:42
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 27:0d:d3:dd:a2:f7:a5:86:d9:86:cc:20:b2:13:af:27:d6:35:
+ aa:fe:b9:47:aa:c2:95:2c:41:e6:5a:81:c3:af:90:92:2e:19:
+ a5:6e:7b:34:af:0b:c1:a1:92:d3:75:f3:0d:43:da:0e:2e:3f:
+ f5:18:46:08:7a:4f:db:87:c8:b2:44:b8:9f:88:cd:66:02:a9:
+ 1a:db:7a:54:45:68:ad:41:fb:70:e2:cd:0b:0d:9c:bb:03:25:
+ 29:b9:32:66:73:5d:c7:62:6a:4c:c3:25:1f:33:49:dd:c9:b2:
+ 69:7d:c5:ef:42:18:d0:e6:5b:c0:22:9d:52:8f:ee:31:50:ba:
+ 86:cb
+-----BEGIN CERTIFICATE-----
+MIIChjCCAe+gAwIBAgIBFDANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJVUzEY
+MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb2QxEDAOBgNVBAsT
+B1Rlc3RpbmcxFTATBgNVBAMTDENBMS1DUC4wMy4wMjAeFw05ODAxMDExMjAxMDBa
+Fw0wMDAxMDExMjAxMDBaMGAxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdv
+dmVybm1lbnQxDDAKBgNVBAsTA0RvRDEQMA4GA1UECxMHVGVzdGluZzEXMBUGA1UE
+AxMOVXNlcjEtQ1AuMDMuMDIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMJM
+iW+G4bgoRaYz2OUu/+PQ/yp4JgFOB3Vegf5/vIrF4gsnoQxOCCsO5JTLrbS5fi3C
+OjvM5w9/SZpNHtSfyWb9afmx4DdrT1bNjma7I6PCidyxMzX4iTLeaMRnqBk4A+/0
+Wf2+4VzCqr8aViIiQ7u2JfZiTQ4dZxDoUW6G8lrbAgMBAAGjUjBQMA4GA1UdDwEB
+/wQEAwIF4DAWBgNVHSAEDzANMAsGCWCGSAFlAwEwATARBgNVHQ4ECgQIEjny2GzF
+XGQwEwYDVR0jBAwwCoAI97nJCqq6+kIwDQYJKoZIhvcNAQEFBQADgYEAJw3T3aL3
+pYbZhswgshOvJ9Y1qv65R6rClSxB5lqBw6+Qki4ZpW57NK8LwaGS03XzDUPaDi4/
+9RhGCHpP24fIskS4n4jNZgKpGtt6VEVorUH7cOLNCw2cuwMlKbkyZnNdx2JqTMMl
+HzNJ3cmyaX3F70IY0OZbwCKdUo/uMVC6hss=
+-----END CERTIFICATE-----
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 19 (0x13)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor
+ Validity
+ Not Before: Jan 1 12:01:00 1998 GMT
+ Not After : Jan 1 12:01:00 2048 GMT
+ Subject: C=US, O=U.S. Government, OU=Dod, OU=Testing, CN=CA1-CP.03.02
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:b8:01:b3:fc:80:35:14:70:86:bc:c3:8a:44:b0:
+ 68:1b:60:7d:ac:cf:4f:10:31:45:dd:e3:1c:31:eb:
+ dd:62:f5:00:9c:c9:64:a8:bd:03:b8:26:8c:de:6f:
+ d2:70:b7:23:76:f9:fd:d3:f8:9a:99:2f:f8:30:50:
+ 7b:8b:3b:62:04:5e:9c:c4:d8:2f:05:cd:08:3a:31:
+ af:93:89:2a:e5:bc:62:5f:79:c4:e5:4a:8a:05:98:
+ 4b:43:dd:78:7a:23:a3:79:3c:cd:5f:a7:2c:98:da:
+ c3:8e:84:04:4d:e5:2e:aa:47:d0:4e:bb:19:01:02:
+ aa:c0:4f:47:e0:a8:3d:93:b3
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ X509v3 Key Usage: critical
+ Certificate Sign, CRL Sign
+ X509v3 Certificate Policies:
+ Policy: 2.16.840.1.101.3.1.48.1
+
+ X509v3 Subject Key Identifier:
+ F7:B9:C9:0A:AA:BA:FA:42
+ X509v3 Authority Key Identifier:
+ keyid:AB:9A:EB:F9:C2:E7:54:8F
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 5b:0a:5f:87:da:0e:3a:f8:fd:c4:74:b4:cd:c7:33:69:42:07:
+ 4e:4a:63:82:4d:3d:23:ea:44:46:5b:b4:67:4f:ab:1e:fa:59:
+ 1a:07:b8:3a:f3:43:16:d3:1c:e1:38:2d:84:67:32:75:b2:30:
+ 88:aa:20:8e:d1:81:33:6f:ec:34:72:0e:da:37:29:35:e3:ad:
+ 34:a2:f1:af:30:f8:63:45:5e:d7:ae:24:5c:1b:bd:32:6b:31:
+ c7:8b:06:ed:75:17:65:68:22:38:f7:ee:fc:79:b2:3d:57:73:
+ 6c:84:5e:25:d4:0e:e7:5e:52:37:1e:c9:76:05:72:52:4c:a1:
+ 07:13
+-----BEGIN CERTIFICATE-----
+MIIClTCCAf6gAwIBAgIBEzANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJVUzEY
+MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxEDAOBgNVBAsT
+B1Rlc3RpbmcxFTATBgNVBAMTDFRydXN0IEFuY2hvcjAeFw05ODAxMDExMjAxMDBa
+Fw00ODAxMDExMjAxMDBaMF4xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdv
+dmVybm1lbnQxDDAKBgNVBAsTA0RvZDEQMA4GA1UECxMHVGVzdGluZzEVMBMGA1UE
+AxMMQ0ExLUNQLjAzLjAyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4AbP8
+gDUUcIa8w4pEsGgbYH2sz08QMUXd4xwx691i9QCcyWSovQO4Jozeb9JwtyN2+f3T
++JqZL/gwUHuLO2IEXpzE2C8FzQg6Ma+TiSrlvGJfecTlSooFmEtD3Xh6I6N5PM1f
+pyyY2sOOhARN5S6qR9BOuxkBAqrAT0fgqD2TswIDAQABo2MwYTAPBgNVHRMBAf8E
+BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAWBgNVHSAEDzANMAsGCWCGSAFlAwEwATAR
+BgNVHQ4ECgQI97nJCqq6+kIwEwYDVR0jBAwwCoAIq5rr+cLnVI8wDQYJKoZIhvcN
+AQEFBQADgYEAWwpfh9oOOvj9xHS0zcczaUIHTkpjgk09I+pERlu0Z0+rHvpZGge4
+OvNDFtMc4TgthGcydbIwiKogjtGBM2/sNHIO2jcpNeOtNKLxrzD4Y0Ve164kXBu9
+Mmsxx4sG7XUXZWgiOPfu/HmyPVdzbIReJdQO515SNx7JdgVyUkyhBxM=
+-----END CERTIFICATE-----
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 99999 (0x1869f)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor
+ Validity
+ Not Before: Jan 1 12:01:00 1999 GMT
+ Not After : Jan 1 12:01:00 2048 GMT
+ Subject: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:d3:f3:b9:c1:33:b7:3f:a7:27:f6:41:1d:5c:9c:
+ 79:9d:aa:d2:95:10:b7:84:ce:da:a3:e5:58:0c:3e:
+ 4e:8b:56:bf:3e:aa:21:2d:50:13:fe:f3:19:2e:7a:
+ cb:11:cf:f3:d3:b8:5f:57:9f:9d:97:80:af:1d:95:
+ 57:12:df:34:d4:bd:f3:ae:4d:e7:7c:a6:20:d4:04:
+ 4e:da:63:61:3e:3d:2a:8d:37:cf:c5:3c:c9:f9:fa:
+ f0:39:48:04:78:bd:b0:dd:f5:24:46:33:a1:46:9f:
+ 17:9f:04:bb:cf:37:94:0c:13:43:aa:90:ac:91:78:
+ 1d:ba:f3:18:84:2a:82:2b:47
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ AB:9A:EB:F9:C2:E7:54:8F
+ X509v3 Basic Constraints:
+ CA:TRUE
+ X509v3 Authority Key Identifier:
+ keyid:AB:9A:EB:F9:C2:E7:54:8F
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 16:56:0f:61:ac:87:8b:4f:eb:64:12:1b:c3:85:59:4a:68:e1:
+ 3b:a5:21:c1:59:2e:91:ac:68:fe:13:ff:63:6d:ee:55:d4:a0:
+ 82:4c:37:bc:16:8e:a9:26:61:fe:7f:46:fa:38:1f:13:5c:8a:
+ 6a:b7:12:47:98:72:b9:b5:56:80:ee:78:95:18:1a:f4:63:70:
+ 26:39:9b:19:20:84:8d:bb:62:5f:df:2c:a1:3d:fc:1b:d0:3a:
+ bb:d8:cc:1b:36:12:a2:ab:ad:3e:e6:e1:52:b4:75:13:11:ec:
+ 27:95:a6:63:cf:d3:cc:f4:4e:d8:ba:b8:ad:ad:cc:1a:65:a7:
+ 5a:45
+-----BEGIN CERTIFICATE-----
+MIICbDCCAdWgAwIBAgIDAYafMA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNVBAYTAlVT
+MRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEQMA4GA1UE
+CxMHVGVzdGluZzEVMBMGA1UEAxMMVHJ1c3QgQW5jaG9yMB4XDTk5MDEwMTEyMDEw
+MFoXDTQ4MDEwMTEyMDEwMFowXjELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4g
+R292ZXJubWVudDEMMAoGA1UECxMDRG9EMRAwDgYDVQQLEwdUZXN0aW5nMRUwEwYD
+VQQDEwxUcnVzdCBBbmNob3IwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANPz
+ucEztz+nJ/ZBHVyceZ2q0pUQt4TO2qPlWAw+TotWvz6qIS1QE/7zGS56yxHP89O4
+X1efnZeArx2VVxLfNNS9865N53ymINQETtpjYT49Ko03z8U8yfn68DlIBHi9sN31
+JEYzoUafF58Eu883lAwTQ6qQrJF4HbrzGIQqgitHAgMBAAGjODA2MBEGA1UdDgQK
+BAirmuv5wudUjzAMBgNVHRMEBTADAQH/MBMGA1UdIwQMMAqACKua6/nC51SPMA0G
+CSqGSIb3DQEBBQUAA4GBABZWD2Gsh4tP62QSG8OFWUpo4TulIcFZLpGsaP4T/2Nt
+7lXUoIJMN7wWjqkmYf5/Rvo4HxNcimq3EkeYcrm1VoDueJUYGvRjcCY5mxkghI27
+Yl/fLKE9/BvQOrvYzBs2EqKrrT7m4VK0dRMR7CeVpmPP08z0Tti6uK2tzBplp1pF
+-----END CERTIFICATE-----
diff --git a/tests/test2.pem b/tests/test2.pem
new file mode 100644
index 0000000000..af08bba7f8
--- /dev/null
+++ b/tests/test2.pem
@@ -0,0 +1,181 @@
+[ This should not be validated. The signature on the intermediate
+ certificate is invalid ]
+
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 3 (0x3)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, O=U.S. Government, OU=Dod, OU=Testing, CN=CA1-CP.01.02
+ Validity
+ Not Before: Jan 1 12:01:00 1998 GMT
+ Not After : Jan 1 12:01:00 2048 GMT
+ Subject: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=User1-CP.01.02
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:bc:09:ad:94:fa:6c:95:d0:9d:9c:dc:de:ca:1c:
+ 67:f9:8d:b0:46:a0:e0:14:dd:ca:6f:7d:64:23:f6:
+ dc:f1:ac:4c:27:d5:db:3e:fe:a7:80:de:84:81:6b:
+ 9f:f3:7f:6b:57:75:9e:fc:aa:46:aa:50:18:f5:3c:
+ ea:d9:75:09:68:05:b5:74:be:cc:27:2d:0d:1e:f5:
+ 3f:be:9b:8d:de:b2:79:fe:6f:c7:17:4e:fd:20:48:
+ 44:77:d0:4e:33:3c:17:70:53:2e:4a:c2:f8:f5:65:
+ e7:06:da:2d:c1:17:44:e4:57:ac:5b:c1:be:c8:f4:
+ a2:ac:19:e0:2f:19:39:b8:7f
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Key Usage: critical
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Certificate Policies:
+ Policy: 2.16.840.1.101.3.1.48.1
+
+ X509v3 Subject Key Identifier:
+ 7F:99:92:8E:E3:61:B3:F8
+ X509v3 Authority Key Identifier:
+ keyid:E6:8E:40:9B:4F:4D:94:E6
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 2b:bc:1d:33:22:e5:21:9f:d0:b2:a8:f7:fc:0d:c6:6a:dd:1d:
+ e4:13:91:b4:54:d9:1f:45:5d:95:55:4e:58:dd:49:09:9c:6b:
+ 9e:37:88:14:1f:76:34:dc:d4:44:e7:a6:c6:00:71:ce:77:ae:
+ 58:d4:a5:62:57:29:4e:4d:b9:a4:06:ec:e9:13:1d:6d:3f:1d:
+ a2:f2:90:91:09:05:d9:35:de:43:ee:2a:92:d1:5a:2d:09:ed:
+ 55:3f:14:b0:4c:c7:47:80:e2:c3:4f:e0:1f:cb:6c:78:6a:85:
+ 17:b1:72:89:6f:27:8b:ac:c8:9d:23:be:7a:66:d4:2a:28:9b:
+ 8f:d2
+-----BEGIN CERTIFICATE-----
+MIIChjCCAe+gAwIBAgIBAzANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJVUzEY
+MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb2QxEDAOBgNVBAsT
+B1Rlc3RpbmcxFTATBgNVBAMTDENBMS1DUC4wMS4wMjAeFw05ODAxMDExMjAxMDBa
+Fw00ODAxMDExMjAxMDBaMGAxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdv
+dmVybm1lbnQxDDAKBgNVBAsTA0RvRDEQMA4GA1UECxMHVGVzdGluZzEXMBUGA1UE
+AxMOVXNlcjEtQ1AuMDEuMDIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALwJ
+rZT6bJXQnZzc3socZ/mNsEag4BTdym99ZCP23PGsTCfV2z7+p4DehIFrn/N/a1d1
+nvyqRqpQGPU86tl1CWgFtXS+zCctDR71P76bjd6yef5vxxdO/SBIRHfQTjM8F3BT
+LkrC+PVl5wbaLcEXRORXrFvBvsj0oqwZ4C8ZObh/AgMBAAGjUjBQMA4GA1UdDwEB
+/wQEAwIF4DAWBgNVHSAEDzANMAsGCWCGSAFlAwEwATARBgNVHQ4ECgQIf5mSjuNh
+s/gwEwYDVR0jBAwwCoAI5o5Am09NlOYwDQYJKoZIhvcNAQEFBQADgYEAK7wdMyLl
+IZ/Qsqj3/A3Gat0d5BORtFTZH0VdlVVOWN1JCZxrnjeIFB92NNzUROemxgBxzneu
+WNSlYlcpTk25pAbs6RMdbT8dovKQkQkF2TXeQ+4qktFaLQntVT8UsEzHR4Diw0/g
+H8tseGqFF7FyiW8ni6zInSO+embUKiibj9I=
+-----END CERTIFICATE-----
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 2 (0x2)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor
+ Validity
+ Not Before: Jan 1 12:01:00 1998 GMT
+ Not After : Jan 1 12:01:00 2048 GMT
+ Subject: C=US, O=U.S. Government, OU=Dod, OU=Testing, CN=CA1-CP.01.02
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:d6:39:9e:21:93:e2:ba:35:7f:e5:f8:e8:87:0b:
+ 8a:5f:28:25:85:b7:e5:cc:da:7f:d3:c7:09:2a:63:
+ e9:ad:8f:d0:a8:ef:ba:cf:3c:fb:55:03:b9:83:29:
+ 4e:0e:89:84:fb:e2:62:16:1f:9d:87:40:16:6b:f8:
+ f4:66:38:58:74:67:d4:b5:a1:3a:4b:6f:13:4b:08:
+ 37:3a:3a:64:0a:06:8e:a2:7b:14:88:b7:f8:ce:6a:
+ d1:45:9b:39:93:67:bf:0a:ab:db:37:9d:fa:ce:54:
+ 0f:37:82:09:8f:0d:33:e4:b8:6e:46:c1:cc:4f:80:
+ 5a:b4:bd:19:80:27:40:84:49
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ X509v3 Key Usage: critical
+ Certificate Sign, CRL Sign
+ X509v3 Certificate Policies:
+ Policy: 2.16.840.1.101.3.1.48.1
+
+ X509v3 Subject Key Identifier:
+ E6:8E:40:9B:4F:4D:94:E6
+ X509v3 Authority Key Identifier:
+ keyid:AB:9A:EB:F9:C2:E7:54:8F
+
+ Signature Algorithm: sha1WithRSAEncryption
+ dc:2e:d8:7b:9f:d3:7b:5e:0b:23:0a:3f:2c:ad:9f:9e:9a:1b:
+ 6d:00:37:76:13:a7:e5:48:2a:67:c9:4a:6d:0f:c7:57:50:fc:
+ fd:e5:3d:74:ad:af:e6:05:b8:dd:7b:c5:ab:8c:21:2b:45:8a:
+ 2c:1b:c1:15:c8:4a:b6:9f:53:d5:05:f7:08:8d:96:0a:a7:49:
+ 47:2a:a5:6b:a4:e4:42:c4:b7:e9:3d:7b:ff:0c:36:9f:3c:b5:
+ f3:9d:d8:85:f0:d8:36:c8:1e:e5:75:bc:61:93:5f:36:38:d5:
+ c5:c4:77:46:7c:85:c4:f6:b1:d5:82:25:21:28:86:74:8d:1d:
+ 9d:a8
+-----BEGIN CERTIFICATE-----
+MIIClTCCAf6gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJVUzEY
+MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxEDAOBgNVBAsT
+B1Rlc3RpbmcxFTATBgNVBAMTDFRydXN0IEFuY2hvcjAeFw05ODAxMDExMjAxMDBa
+Fw00ODAxMDExMjAxMDBaMF4xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdv
+dmVybm1lbnQxDDAKBgNVBAsTA0RvZDEQMA4GA1UECxMHVGVzdGluZzEVMBMGA1UE
+AxMMQ0ExLUNQLjAxLjAyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDWOZ4h
+k+K6NX/l+OiHC4pfKCWFt+XM2n/TxwkqY+mtj9Co77rPPPtVA7mDKU4OiYT74mIW
+H52HQBZr+PRmOFh0Z9S1oTpLbxNLCDc6OmQKBo6iexSIt/jOatFFmzmTZ78Kq9s3
+nfrOVA83ggmPDTPkuG5GwcxPgFq0vRmAJ0CESQIDAQABo2MwYTAPBgNVHRMBAf8E
+BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAWBgNVHSAEDzANMAsGCWCGSAFlAwEwATAR
+BgNVHQ4ECgQI5o5Am09NlOYwEwYDVR0jBAwwCoAIq5rr+cLnVI8wDQYJKoZIhvcN
+AQEFBQADgYEA3C7Ye5/Te14LIwo/LK2fnpobbQA3dhOn5UgqZ8lKbQ/HV1D8/eU9
+dK2v5gW43XvFq4whK0WKLBvBFchKtp9T1QX3CI2WCqdJRyqla6TkQsS36T17/ww2
+nzy1853YhfDYNsge5XW8YZNfNjjVxcR3RnyFxPax1YIlISiGdI0dnag=
+-----END CERTIFICATE-----
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 99999 (0x1869f)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor
+ Validity
+ Not Before: Jan 1 12:01:00 1999 GMT
+ Not After : Jan 1 12:01:00 2048 GMT
+ Subject: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:d3:f3:b9:c1:33:b7:3f:a7:27:f6:41:1d:5c:9c:
+ 79:9d:aa:d2:95:10:b7:84:ce:da:a3:e5:58:0c:3e:
+ 4e:8b:56:bf:3e:aa:21:2d:50:13:fe:f3:19:2e:7a:
+ cb:11:cf:f3:d3:b8:5f:57:9f:9d:97:80:af:1d:95:
+ 57:12:df:34:d4:bd:f3:ae:4d:e7:7c:a6:20:d4:04:
+ 4e:da:63:61:3e:3d:2a:8d:37:cf:c5:3c:c9:f9:fa:
+ f0:39:48:04:78:bd:b0:dd:f5:24:46:33:a1:46:9f:
+ 17:9f:04:bb:cf:37:94:0c:13:43:aa:90:ac:91:78:
+ 1d:ba:f3:18:84:2a:82:2b:47
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ AB:9A:EB:F9:C2:E7:54:8F
+ X509v3 Basic Constraints:
+ CA:TRUE
+ X509v3 Authority Key Identifier:
+ keyid:AB:9A:EB:F9:C2:E7:54:8F
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 16:56:0f:61:ac:87:8b:4f:eb:64:12:1b:c3:85:59:4a:68:e1:
+ 3b:a5:21:c1:59:2e:91:ac:68:fe:13:ff:63:6d:ee:55:d4:a0:
+ 82:4c:37:bc:16:8e:a9:26:61:fe:7f:46:fa:38:1f:13:5c:8a:
+ 6a:b7:12:47:98:72:b9:b5:56:80:ee:78:95:18:1a:f4:63:70:
+ 26:39:9b:19:20:84:8d:bb:62:5f:df:2c:a1:3d:fc:1b:d0:3a:
+ bb:d8:cc:1b:36:12:a2:ab:ad:3e:e6:e1:52:b4:75:13:11:ec:
+ 27:95:a6:63:cf:d3:cc:f4:4e:d8:ba:b8:ad:ad:cc:1a:65:a7:
+ 5a:45
+-----BEGIN CERTIFICATE-----
+MIICbDCCAdWgAwIBAgIDAYafMA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNVBAYTAlVT
+MRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEQMA4GA1UE
+CxMHVGVzdGluZzEVMBMGA1UEAxMMVHJ1c3QgQW5jaG9yMB4XDTk5MDEwMTEyMDEw
+MFoXDTQ4MDEwMTEyMDEwMFowXjELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4g
+R292ZXJubWVudDEMMAoGA1UECxMDRG9EMRAwDgYDVQQLEwdUZXN0aW5nMRUwEwYD
+VQQDEwxUcnVzdCBBbmNob3IwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANPz
+ucEztz+nJ/ZBHVyceZ2q0pUQt4TO2qPlWAw+TotWvz6qIS1QE/7zGS56yxHP89O4
+X1efnZeArx2VVxLfNNS9865N53ymINQETtpjYT49Ko03z8U8yfn68DlIBHi9sN31
+JEYzoUafF58Eu883lAwTQ6qQrJF4HbrzGIQqgitHAgMBAAGjODA2MBEGA1UdDgQK
+BAirmuv5wudUjzAMBgNVHRMEBTADAQH/MBMGA1UdIwQMMAqACKua6/nC51SPMA0G
+CSqGSIb3DQEBBQUAA4GBABZWD2Gsh4tP62QSG8OFWUpo4TulIcFZLpGsaP4T/2Nt
+7lXUoIJMN7wWjqkmYf5/Rvo4HxNcimq3EkeYcrm1VoDueJUYGvRjcCY5mxkghI27
+Yl/fLKE9/BvQOrvYzBs2EqKrrT7m4VK0dRMR7CeVpmPP08z0Tti6uK2tzBplp1pF
+-----END CERTIFICATE-----
diff --git a/tests/test25.pem b/tests/test25.pem
new file mode 100644
index 0000000000..057cbe0b5c
--- /dev/null
+++ b/tests/test25.pem
@@ -0,0 +1,181 @@
+ [ The intermediate certificate is invalid. It has basicConstraints
+ and it is not a CA. ]
+
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 50 (0x32)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, O=U.S. Government, OU=Dod, OU=Testing, CN=CA1-IC.02.03
+ Validity
+ Not Before: Jan 1 12:01:00 1998 GMT
+ Not After : Jan 1 12:01:00 2048 GMT
+ Subject: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=User1-IC.02.03
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:b1:9b:a3:dc:84:ba:36:7d:44:55:3e:56:6c:5b:
+ e7:e4:71:d5:57:48:1b:fd:c4:ff:98:57:57:fc:48:
+ 38:5b:b8:98:47:d8:87:6b:41:84:fd:aa:20:c1:f6:
+ 29:ba:d1:d6:d8:96:e6:de:03:bd:30:81:33:73:4a:
+ 2a:aa:7b:e7:0a:62:ba:ee:c4:de:ae:a2:9a:dd:69:
+ 2d:b1:96:d7:73:55:2f:ef:35:81:85:97:9c:29:f3:
+ 1e:9c:58:8c:c4:c8:aa:a0:a4:3c:80:1e:38:6f:92:
+ 04:9d:4c:80:44:5b:2f:e3:41:97:e0:0a:dd:61:b8:
+ 4d:e4:3c:bf:0e:eb:d8:21:ab
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Key Usage: critical
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Certificate Policies:
+ Policy: 2.16.840.1.101.3.1.48.1
+
+ X509v3 Subject Key Identifier:
+ 4B:F1:DB:20:8F:A4:8B:F9
+ X509v3 Authority Key Identifier:
+ keyid:3E:C0:60:F6:D3:00:06:10
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 58:7c:b8:b0:7a:d3:92:a6:35:5e:30:c1:63:95:e9:34:4c:a1:
+ 3f:a8:6d:72:78:d8:0f:d6:e8:b3:8c:23:c4:f9:49:53:2c:5d:
+ 21:60:02:5a:b2:c3:13:e4:79:89:10:8e:62:c8:7f:9c:30:09:
+ 12:d0:94:71:50:12:ba:4b:cf:e9:52:c9:68:58:f2:c5:43:9a:
+ 0a:9e:89:09:55:7e:b7:19:3b:16:1d:12:fd:4a:f7:67:2c:ac:
+ 7e:9e:4b:96:53:f5:a6:53:80:dc:df:e4:d4:79:62:96:3a:74:
+ f9:b9:d2:88:38:40:d7:ed:e1:26:1d:20:0c:c8:d6:51:d4:6a:
+ f7:23
+-----BEGIN CERTIFICATE-----
+MIIChjCCAe+gAwIBAgIBMjANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJVUzEY
+MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb2QxEDAOBgNVBAsT
+B1Rlc3RpbmcxFTATBgNVBAMTDENBMS1JQy4wMi4wMzAeFw05ODAxMDExMjAxMDBa
+Fw00ODAxMDExMjAxMDBaMGAxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdv
+dmVybm1lbnQxDDAKBgNVBAsTA0RvRDEQMA4GA1UECxMHVGVzdGluZzEXMBUGA1UE
+AxMOVXNlcjEtSUMuMDIuMDMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALGb
+o9yEujZ9RFU+Vmxb5+Rx1VdIG/3E/5hXV/xIOFu4mEfYh2tBhP2qIMH2KbrR1tiW
+5t4DvTCBM3NKKqp75wpiuu7E3q6imt1pLbGW13NVL+81gYWXnCnzHpxYjMTIqqCk
+PIAeOG+SBJ1MgERbL+NBl+AK3WG4TeQ8vw7r2CGrAgMBAAGjUjBQMA4GA1UdDwEB
+/wQEAwIF4DAWBgNVHSAEDzANMAsGCWCGSAFlAwEwATARBgNVHQ4ECgQIS/HbII+k
+i/kwEwYDVR0jBAwwCoAIPsBg9tMABhAwDQYJKoZIhvcNAQEFBQADgYEAWHy4sHrT
+kqY1XjDBY5XpNEyhP6htcnjYD9bos4wjxPlJUyxdIWACWrLDE+R5iRCOYsh/nDAJ
+EtCUcVASukvP6VLJaFjyxUOaCp6JCVV+txk7Fh0S/Ur3Zyysfp5LllP1plOA3N/k
+1Hliljp0+bnSiDhA1+3hJh0gDMjWUdRq9yM=
+-----END CERTIFICATE-----
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 49 (0x31)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor
+ Validity
+ Not Before: Jan 1 12:01:00 1998 GMT
+ Not After : Jan 1 12:01:00 2048 GMT
+ Subject: C=US, O=U.S. Government, OU=Dod, OU=Testing, CN=CA1-IC.02.03
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:bb:2c:5b:7e:c8:62:2d:40:5a:92:10:f8:b4:dc:
+ 80:88:af:9c:9d:5a:71:4f:40:76:5d:10:c3:6e:da:
+ d4:54:dd:78:8e:a5:f6:a6:d7:09:74:c6:00:0f:18:
+ 19:10:2b:be:bc:39:f8:9d:a4:ff:e2:d6:18:18:39:
+ 4f:e2:b0:e0:79:77:20:0b:b1:cb:c8:43:d5:c9:1b:
+ 53:96:41:70:41:2e:02:ae:09:b3:12:e5:fb:83:84:
+ 13:5a:e0:a8:85:b8:63:1b:27:7f:d4:8e:5b:91:b0:
+ 3f:6a:69:7c:06:51:ab:dc:e3:7e:89:c1:b4:47:bd:
+ 6f:05:a2:66:81:61:86:35:85
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Key Usage: critical
+ Certificate Sign, CRL Sign
+ X509v3 Certificate Policies:
+ Policy: 2.16.840.1.101.3.1.48.1
+
+ X509v3 Subject Key Identifier:
+ 3E:C0:60:F6:D3:00:06:10
+ X509v3 Authority Key Identifier:
+ keyid:AB:9A:EB:F9:C2:E7:54:8F
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 35:97:1a:c9:34:d7:f8:51:a1:b5:15:09:f9:7b:98:03:b8:d1:
+ d7:80:89:2f:aa:93:1c:fb:dd:48:c8:07:37:0f:66:19:72:3f:
+ ee:c3:b9:23:8b:f5:bd:ac:8e:08:86:10:f6:5b:81:be:b4:d8:
+ 94:c3:e6:b9:e8:fc:f9:b8:4c:f1:84:d8:a6:28:8e:8d:51:40:
+ 37:0b:d2:28:0a:c8:f5:4d:82:00:60:5c:a0:13:17:c9:dc:a4:
+ 92:6f:2a:63:0e:20:b5:84:13:9d:e8:8e:cf:b5:6a:23:da:65:
+ 2d:60:35:d7:52:11:32:06:b2:0f:70:80:b7:83:6d:a7:37:75:
+ 55:21
+-----BEGIN CERTIFICATE-----
+MIICjzCCAfigAwIBAgIBMTANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJVUzEY
+MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxEDAOBgNVBAsT
+B1Rlc3RpbmcxFTATBgNVBAMTDFRydXN0IEFuY2hvcjAeFw05ODAxMDExMjAxMDBa
+Fw00ODAxMDExMjAxMDBaMF4xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdv
+dmVybm1lbnQxDDAKBgNVBAsTA0RvZDEQMA4GA1UECxMHVGVzdGluZzEVMBMGA1UE
+AxMMQ0ExLUlDLjAyLjAzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7LFt+
+yGItQFqSEPi03ICIr5ydWnFPQHZdEMNu2tRU3XiOpfam1wl0xgAPGBkQK768Ofid
+pP/i1hgYOU/isOB5dyALscvIQ9XJG1OWQXBBLgKuCbMS5fuDhBNa4KiFuGMbJ3/U
+jluRsD9qaXwGUavc436JwbRHvW8FomaBYYY1hQIDAQABo10wWzAJBgNVHRMEAjAA
+MA4GA1UdDwEB/wQEAwIBBjAWBgNVHSAEDzANMAsGCWCGSAFlAwEwATARBgNVHQ4E
+CgQIPsBg9tMABhAwEwYDVR0jBAwwCoAIq5rr+cLnVI8wDQYJKoZIhvcNAQEFBQAD
+gYEANZcayTTX+FGhtRUJ+XuYA7jR14CJL6qTHPvdSMgHNw9mGXI/7sO5I4v1vayO
+CIYQ9luBvrTYlMPmuej8+bhM8YTYpiiOjVFANwvSKArI9U2CAGBcoBMXydykkm8q
+Yw4gtYQTneiOz7VqI9plLWA111IRMgayD3CAt4Ntpzd1VSE=
+-----END CERTIFICATE-----
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 99999 (0x1869f)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor
+ Validity
+ Not Before: Jan 1 12:01:00 1999 GMT
+ Not After : Jan 1 12:01:00 2048 GMT
+ Subject: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:d3:f3:b9:c1:33:b7:3f:a7:27:f6:41:1d:5c:9c:
+ 79:9d:aa:d2:95:10:b7:84:ce:da:a3:e5:58:0c:3e:
+ 4e:8b:56:bf:3e:aa:21:2d:50:13:fe:f3:19:2e:7a:
+ cb:11:cf:f3:d3:b8:5f:57:9f:9d:97:80:af:1d:95:
+ 57:12:df:34:d4:bd:f3:ae:4d:e7:7c:a6:20:d4:04:
+ 4e:da:63:61:3e:3d:2a:8d:37:cf:c5:3c:c9:f9:fa:
+ f0:39:48:04:78:bd:b0:dd:f5:24:46:33:a1:46:9f:
+ 17:9f:04:bb:cf:37:94:0c:13:43:aa:90:ac:91:78:
+ 1d:ba:f3:18:84:2a:82:2b:47
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ AB:9A:EB:F9:C2:E7:54:8F
+ X509v3 Basic Constraints:
+ CA:TRUE
+ X509v3 Authority Key Identifier:
+ keyid:AB:9A:EB:F9:C2:E7:54:8F
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 16:56:0f:61:ac:87:8b:4f:eb:64:12:1b:c3:85:59:4a:68:e1:
+ 3b:a5:21:c1:59:2e:91:ac:68:fe:13:ff:63:6d:ee:55:d4:a0:
+ 82:4c:37:bc:16:8e:a9:26:61:fe:7f:46:fa:38:1f:13:5c:8a:
+ 6a:b7:12:47:98:72:b9:b5:56:80:ee:78:95:18:1a:f4:63:70:
+ 26:39:9b:19:20:84:8d:bb:62:5f:df:2c:a1:3d:fc:1b:d0:3a:
+ bb:d8:cc:1b:36:12:a2:ab:ad:3e:e6:e1:52:b4:75:13:11:ec:
+ 27:95:a6:63:cf:d3:cc:f4:4e:d8:ba:b8:ad:ad:cc:1a:65:a7:
+ 5a:45
+-----BEGIN CERTIFICATE-----
+MIICbDCCAdWgAwIBAgIDAYafMA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNVBAYTAlVT
+MRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEQMA4GA1UE
+CxMHVGVzdGluZzEVMBMGA1UEAxMMVHJ1c3QgQW5jaG9yMB4XDTk5MDEwMTEyMDEw
+MFoXDTQ4MDEwMTEyMDEwMFowXjELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4g
+R292ZXJubWVudDEMMAoGA1UECxMDRG9EMRAwDgYDVQQLEwdUZXN0aW5nMRUwEwYD
+VQQDEwxUcnVzdCBBbmNob3IwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANPz
+ucEztz+nJ/ZBHVyceZ2q0pUQt4TO2qPlWAw+TotWvz6qIS1QE/7zGS56yxHP89O4
+X1efnZeArx2VVxLfNNS9865N53ymINQETtpjYT49Ko03z8U8yfn68DlIBHi9sN31
+JEYzoUafF58Eu883lAwTQ6qQrJF4HbrzGIQqgitHAgMBAAGjODA2MBEGA1UdDgQK
+BAirmuv5wudUjzAMBgNVHRMEBTADAQH/MBMGA1UdIwQMMAqACKua6/nC51SPMA0G
+CSqGSIb3DQEBBQUAA4GBABZWD2Gsh4tP62QSG8OFWUpo4TulIcFZLpGsaP4T/2Nt
+7lXUoIJMN7wWjqkmYf5/Rvo4HxNcimq3EkeYcrm1VoDueJUYGvRjcCY5mxkghI27
+Yl/fLKE9/BvQOrvYzBs2EqKrrT7m4VK0dRMR7CeVpmPP08z0Tti6uK2tzBplp1pF
+-----END CERTIFICATE-----
diff --git a/tests/test3.pem b/tests/test3.pem
new file mode 100644
index 0000000000..0647a14ddf
--- /dev/null
+++ b/tests/test3.pem
@@ -0,0 +1,181 @@
+[ This should not be validated. The signature on the end
+ certificate is invalid ]
+
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 5 (0x5)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, O=U.S. Government, OU=Dod, OU=Testing, CN=CA1-CP.01.03
+ Validity
+ Not Before: Jan 1 12:01:00 1998 GMT
+ Not After : Jan 1 12:01:00 2048 GMT
+ Subject: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=User1-CP.01.03
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:d0:03:d6:f4:23:ff:fe:01:18:45:d6:d5:0e:c7:
+ 5f:f0:14:c8:52:45:c8:7a:18:72:f8:39:cb:8b:bf:
+ f1:28:fa:a2:4a:e2:5e:3d:e4:9e:70:4a:0e:22:4b:
+ a4:a7:dc:b0:ee:69:e4:c4:12:e5:0c:c0:73:e9:71:
+ 12:b5:c3:f9:db:a2:c3:c9:66:eb:58:63:d1:2b:6c:
+ 47:38:43:16:c6:82:d6:06:a4:8f:35:3b:d1:1d:93:
+ 9b:3f:dd:8d:49:ea:3b:76:9a:db:02:02:73:83:55:
+ 01:79:c8:30:cb:07:fd:be:97:5c:56:69:0b:4f:c2:
+ df:64:cf:4e:ff:5a:6b:d9:ab
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Key Usage: critical
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Certificate Policies:
+ Policy: 2.16.840.1.101.3.1.48.1
+
+ X509v3 Subject Key Identifier:
+ 3F:0D:B0:96:D8:91:AB:3E
+ X509v3 Authority Key Identifier:
+ keyid:CF:4F:16:84:CA:46:D8:9B
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 96:7e:36:89:1d:de:1f:26:b3:17:c0:91:8d:2f:49:9d:ab:3f:
+ db:a3:1a:06:d8:d4:c8:3b:5c:4a:34:d5:0d:61:65:71:cc:2b:
+ 43:b4:e0:b7:38:e4:36:6f:5f:0a:68:12:ca:fa:f2:0e:75:18:
+ 18:c0:e8:12:3c:18:34:b2:20:b4:20:24:54:81:01:4e:62:6f:
+ 96:a8:8f:1c:7f:ad:57:9a:09:bc:86:af:f8:59:fc:a2:41:e9:
+ ba:e2:b8:e2:e9:83:71:d2:a2:15:69:4e:cb:1a:d2:87:1c:d5:
+ dc:17:b3:fd:e1:e4:95:a3:d3:c3:f5:6c:56:1c:a1:f9:4a:ee:
+ e7:33
+-----BEGIN CERTIFICATE-----
+MIIChjCCAe+gAwIBAgIBBTANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJVUzEY
+MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb2QxEDAOBgNVBAsT
+B1Rlc3RpbmcxFTATBgNVBAMTDENBMS1DUC4wMS4wMzAeFw05ODAxMDExMjAxMDBa
+Fw00ODAxMDExMjAxMDBaMGAxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdv
+dmVybm1lbnQxDDAKBgNVBAsTA0RvRDEQMA4GA1UECxMHVGVzdGluZzEXMBUGA1UE
+AxMOVXNlcjEtQ1AuMDEuMDMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANAD
+1vQj//4BGEXW1Q7HX/AUyFJFyHoYcvg5y4u/8Sj6okriXj3knnBKDiJLpKfcsO5p
+5MQS5QzAc+lxErXD+duiw8lm61hj0StsRzhDFsaC1gakjzU70R2Tmz/djUnqO3aa
+2wICc4NVAXnIMMsH/b6XXFZpC0/C32TPTv9aa9mrAgMBAAGjUjBQMA4GA1UdDwEB
+/wQEAwIF4DAWBgNVHSAEDzANMAsGCWCGSAFlAwEwATARBgNVHQ4ECgQIPw2wltiR
+qz4wEwYDVR0jBAwwCoAIz08WhMpG2JswDQYJKoZIhvcNAQEFBQADgYEAln42iR3e
+HyazF8CRjS9Jnas/26MaBtjUyDtcSjTVDWFlccwrQ7TgtzjkNm9fCmgSyvryDnUY
+GMDoEjwYNLIgtCAkVIEBTmJvlqiPHH+tV5oJvIav+Fn8okHpuuK44umDcdKiFWlO
+yxrShxzV3Bez/eHklaPTw/VsVhyh+Uru5zM=
+-----END CERTIFICATE-----
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4 (0x4)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor
+ Validity
+ Not Before: Jan 1 12:01:00 1998 GMT
+ Not After : Jan 1 12:01:00 2048 GMT
+ Subject: C=US, O=U.S. Government, OU=Dod, OU=Testing, CN=CA1-CP.01.03
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:b8:45:9d:11:f3:6b:00:f8:17:f2:ca:71:5e:a0:
+ 80:c6:ed:ce:48:95:9f:07:a2:b1:2f:f8:ee:08:8f:
+ 73:b2:ec:54:75:30:1e:27:a3:c8:43:10:13:c1:7f:
+ 97:c2:ac:04:7f:f0:f5:71:09:98:d5:8f:61:ce:c2:
+ 74:80:a9:44:20:c6:8e:96:3d:c9:a4:69:bb:b1:d7:
+ 69:3c:90:ae:b2:78:aa:b7:6f:bb:b9:7c:be:ad:6f:
+ b7:8a:12:54:33:b3:3f:09:7b:8c:f8:ac:20:e4:23:
+ 5d:2f:57:e5:f4:55:9e:48:a7:f1:2c:e3:6f:1d:c3:
+ 62:a8:37:c7:b2:1a:6c:37:f9
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ X509v3 Key Usage: critical
+ Certificate Sign, CRL Sign
+ X509v3 Certificate Policies:
+ Policy: 2.16.840.1.101.3.1.48.1
+
+ X509v3 Subject Key Identifier:
+ CF:4F:16:84:CA:46:D8:9B
+ X509v3 Authority Key Identifier:
+ keyid:AB:9A:EB:F9:C2:E7:54:8F
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 43:e8:aa:94:5b:db:bc:37:a3:3b:f9:be:44:21:e1:d9:4b:94:
+ 6a:ed:45:b8:00:4e:6e:43:ce:bb:64:ef:f7:24:d6:bd:34:96:
+ 0d:1c:a0:74:e2:d0:46:23:8b:b2:38:2b:75:73:dd:6c:3b:ad:
+ 54:68:e5:94:1a:13:37:c7:1d:cf:74:96:8c:2a:5a:9a:98:39:
+ 4c:18:a4:02:bc:66:34:46:0c:0d:0b:cb:ea:7d:a5:91:47:1e:
+ b5:12:51:81:0e:d3:60:bb:c5:8f:df:92:c9:c2:97:7c:ce:42:
+ 51:70:32:09:f7:14:fd:0c:03:82:18:59:81:cf:7d:02:e0:d9:
+ b4:97
+-----BEGIN CERTIFICATE-----
+MIIClTCCAf6gAwIBAgIBBDANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJVUzEY
+MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxEDAOBgNVBAsT
+B1Rlc3RpbmcxFTATBgNVBAMTDFRydXN0IEFuY2hvcjAeFw05ODAxMDExMjAxMDBa
+Fw00ODAxMDExMjAxMDBaMF4xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdv
+dmVybm1lbnQxDDAKBgNVBAsTA0RvZDEQMA4GA1UECxMHVGVzdGluZzEVMBMGA1UE
+AxMMQ0ExLUNQLjAxLjAzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4RZ0R
+82sA+BfyynFeoIDG7c5IlZ8HorEv+O4Ij3Oy7FR1MB4no8hDEBPBf5fCrAR/8PVx
+CZjVj2HOwnSAqUQgxo6WPcmkabux12k8kK6yeKq3b7u5fL6tb7eKElQzsz8Je4z4
+rCDkI10vV+X0VZ5Ip/Es428dw2KoN8eyGmw3+QIDAQABo2MwYTAPBgNVHRMBAf8E
+BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAWBgNVHSAEDzANMAsGCWCGSAFlAwEwATAR
+BgNVHQ4ECgQIz08WhMpG2JswEwYDVR0jBAwwCoAIq5rr+cLnVI8wDQYJKoZIhvcN
+AQEFBQADgYEAQ+iqlFvbvDejO/m+RCHh2UuUau1FuABObkPOu2Tv9yTWvTSWDRyg
+dOLQRiOLsjgrdXPdbDutVGjllBoTN8cdz3SWjCpampg5TBikArxmNEYMDQvL6n2l
+kUcetRJRgQ7TYLvFj9+SycKXfM5CUXAyCfcU/QwDghhZgc99AuDZtJc=
+-----END CERTIFICATE-----
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 99999 (0x1869f)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor
+ Validity
+ Not Before: Jan 1 12:01:00 1999 GMT
+ Not After : Jan 1 12:01:00 2048 GMT
+ Subject: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:d3:f3:b9:c1:33:b7:3f:a7:27:f6:41:1d:5c:9c:
+ 79:9d:aa:d2:95:10:b7:84:ce:da:a3:e5:58:0c:3e:
+ 4e:8b:56:bf:3e:aa:21:2d:50:13:fe:f3:19:2e:7a:
+ cb:11:cf:f3:d3:b8:5f:57:9f:9d:97:80:af:1d:95:
+ 57:12:df:34:d4:bd:f3:ae:4d:e7:7c:a6:20:d4:04:
+ 4e:da:63:61:3e:3d:2a:8d:37:cf:c5:3c:c9:f9:fa:
+ f0:39:48:04:78:bd:b0:dd:f5:24:46:33:a1:46:9f:
+ 17:9f:04:bb:cf:37:94:0c:13:43:aa:90:ac:91:78:
+ 1d:ba:f3:18:84:2a:82:2b:47
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ AB:9A:EB:F9:C2:E7:54:8F
+ X509v3 Basic Constraints:
+ CA:TRUE
+ X509v3 Authority Key Identifier:
+ keyid:AB:9A:EB:F9:C2:E7:54:8F
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 16:56:0f:61:ac:87:8b:4f:eb:64:12:1b:c3:85:59:4a:68:e1:
+ 3b:a5:21:c1:59:2e:91:ac:68:fe:13:ff:63:6d:ee:55:d4:a0:
+ 82:4c:37:bc:16:8e:a9:26:61:fe:7f:46:fa:38:1f:13:5c:8a:
+ 6a:b7:12:47:98:72:b9:b5:56:80:ee:78:95:18:1a:f4:63:70:
+ 26:39:9b:19:20:84:8d:bb:62:5f:df:2c:a1:3d:fc:1b:d0:3a:
+ bb:d8:cc:1b:36:12:a2:ab:ad:3e:e6:e1:52:b4:75:13:11:ec:
+ 27:95:a6:63:cf:d3:cc:f4:4e:d8:ba:b8:ad:ad:cc:1a:65:a7:
+ 5a:45
+-----BEGIN CERTIFICATE-----
+MIICbDCCAdWgAwIBAgIDAYafMA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNVBAYTAlVT
+MRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEQMA4GA1UE
+CxMHVGVzdGluZzEVMBMGA1UEAxMMVHJ1c3QgQW5jaG9yMB4XDTk5MDEwMTEyMDEw
+MFoXDTQ4MDEwMTEyMDEwMFowXjELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4g
+R292ZXJubWVudDEMMAoGA1UECxMDRG9EMRAwDgYDVQQLEwdUZXN0aW5nMRUwEwYD
+VQQDEwxUcnVzdCBBbmNob3IwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANPz
+ucEztz+nJ/ZBHVyceZ2q0pUQt4TO2qPlWAw+TotWvz6qIS1QE/7zGS56yxHP89O4
+X1efnZeArx2VVxLfNNS9865N53ymINQETtpjYT49Ko03z8U8yfn68DlIBHi9sN31
+JEYzoUafF58Eu883lAwTQ6qQrJF4HbrzGIQqgitHAgMBAAGjODA2MBEGA1UdDgQK
+BAirmuv5wudUjzAMBgNVHRMEBTADAQH/MBMGA1UdIwQMMAqACKua6/nC51SPMA0G
+CSqGSIb3DQEBBQUAA4GBABZWD2Gsh4tP62QSG8OFWUpo4TulIcFZLpGsaP4T/2Nt
+7lXUoIJMN7wWjqkmYf5/Rvo4HxNcimq3EkeYcrm1VoDueJUYGvRjcCY5mxkghI27
+Yl/fLKE9/BvQOrvYzBs2EqKrrT7m4VK0dRMR7CeVpmPP08z0Tti6uK2tzBplp1pF
+-----END CERTIFICATE-----
diff --git a/tests/x509_test.c b/tests/x509_test.c
new file mode 100644
index 0000000000..3e645bd5b2
--- /dev/null
+++ b/tests/x509_test.c
@@ -0,0 +1,168 @@
+#include <stdio.h>
+#include <gnutls_int.h>
+#include <gnutls_x509.h>
+#include <gnutls_cert.h>
+#include <gnutls_errors.h>
+
+#define MAX_FILE_SIZE 16*1024
+
+struct file_res {
+ char* test_file;
+ int result;
+};
+
+static struct file_res test_files[] = {
+ { "test1.pem", 0 },
+ { "test2.pem", GNUTLS_CERT_INVALID | GNUTLS_CERT_NOT_TRUSTED },
+ { "test3.pem", GNUTLS_CERT_INVALID | GNUTLS_CERT_NOT_TRUSTED },
+ { "test10.pem", 0 },
+ { "test25.pem", GNUTLS_CERT_INVALID | GNUTLS_CERT_NOT_TRUSTED },
+ { NULL, 0 }
+};
+
+int _gnutls_verify_x509_file( char *cafile);
+
+
+static void print_res( int x) {
+ if (x&GNUTLS_CERT_INVALID)
+ printf("- certificate is invalid\n");
+ else
+ printf("- certificate is valid\n");
+ if (x&GNUTLS_CERT_NOT_TRUSTED)
+ printf("- certificate is NOT trusted\n");
+ else
+ printf("- certificate is trusted\n");
+ if (x==GNUTLS_CERT_CORRUPTED)
+ printf("- Found a corrupted certificate.\n");
+ return;
+}
+
+int main() {
+
+int x;
+char* file;
+int i = 0, exp_result;
+
+ gnutls_global_init();
+
+ fprintf(stderr, "This program will perform some tests on X.509 certificate\n");
+ fprintf(stderr, "verification functions.\n\n");
+
+ for (;;) {
+ exp_result = test_files[i].result;
+ file = test_files[i++].test_file;
+
+ if (file==NULL) break;
+ x = _gnutls_verify_x509_file( file);
+
+ if (x<0) {
+ fprintf(stderr, "Unexpected error: %d\n", x);
+ exit(1);
+ }
+ printf("Test %d, file %s: ", i, file);
+
+ if ( x != exp_result) {
+ printf("failed.");
+ fprintf(stderr, "Unexpected error in verification.\n");
+ fprintf(stderr, "Certificate was found to be: \n");
+ print_res( x);
+ }
+ printf("ok.");
+
+ printf("\n");
+ }
+
+ return 0;
+
+}
+
+/* Verifies a base64 encoded certificate list from memory
+ */
+int _gnutls_verify_x509_mem( const char *ca, int ca_size)
+{
+ int siz, siz2, i;
+ unsigned char *b64;
+ const char *ptr;
+ int ret;
+ gnutls_datum tmp;
+ gnutls_cert* x509_ca_list=NULL;
+ int x509_ncas;
+
+ siz = ca_size;
+
+ ptr = ca;
+
+ i = 1;
+
+ do {
+ siz2 = _gnutls_fbase64_decode(ptr, siz, &b64);
+ siz -= siz2; /* FIXME: this is not enough
+ */
+
+ if (siz2 < 0) {
+ gnutls_assert();
+ return GNUTLS_E_PARSING_ERROR;
+ }
+
+ x509_ca_list =
+ (gnutls_cert *) gnutls_realloc( x509_ca_list,
+ i *
+ sizeof(gnutls_cert));
+ if (x509_ca_list == NULL) {
+ gnutls_assert();
+ gnutls_free(b64);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ tmp.data = b64;
+ tmp.size = siz2;
+
+ if ((ret =
+ _gnutls_x509_cert2gnutls_cert(&x509_ca_list[i - 1],
+ tmp)) < 0) {
+ gnutls_assert();
+ gnutls_free(b64);
+ return ret;
+ }
+ gnutls_free(b64);
+
+ /* now we move ptr after the pem header */
+ ptr = strstr(ptr, PEM_CERT_SEP);
+ if (ptr!=NULL)
+ ptr++;
+
+ i++;
+ } while ((ptr = strstr(ptr, PEM_CERT_SEP)) != NULL);
+
+ x509_ncas = i - 1;
+
+ siz = _gnutls_x509_verify_certificate( x509_ca_list, x509_ncas-1,
+ &x509_ca_list[x509_ncas-1], 1, NULL, 0);
+
+ return siz;
+}
+
+
+
+/* Reads and verifies a base64 encoded certificate file
+ */
+int _gnutls_verify_x509_file( char *cafile)
+{
+ int siz;
+ char x[MAX_FILE_SIZE];
+ FILE *fd1;
+
+ fd1 = fopen(cafile, "rb");
+ if (fd1 == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_FILE_ERROR;
+ }
+
+ siz = fread(x, 1, sizeof(x)-1, fd1);
+ fclose(fd1);
+
+ x[siz] = 0;
+
+ return _gnutls_verify_x509_mem( x, siz);
+}
+