diff options
Diffstat (limited to 'tests/cert-tests')
28 files changed, 52 insertions, 45 deletions
diff --git a/tests/cert-tests/alt-chain b/tests/cert-tests/alt-chain index b715416cc0..a2261b3809 100755 --- a/tests/cert-tests/alt-chain +++ b/tests/cert-tests/alt-chain @@ -36,7 +36,7 @@ OUTFILE=out-pkcs7.$$.tmp . ${srcdir}/../scripts/common.sh -check_for_datefudge +skip_if_no_datefudge OLD_CA_FILE="${srcdir}/data/alt-chain-old-ca.pem" NEW_CA_FILE="${srcdir}/data/alt-chain-new-ca.pem" diff --git a/tests/cert-tests/cert-critical b/tests/cert-tests/cert-critical index 74f335cb87..f923b29fa4 100755 --- a/tests/cert-tests/cert-critical +++ b/tests/cert-tests/cert-critical @@ -36,7 +36,7 @@ export TZ="UTC" . ${srcdir}/../scripts/common.sh -check_for_datefudge +skip_if_no_datefudge datefudge "2017-2-28" \ ${VALGRIND} "${CERTTOOL}" --verify-chain --infile ${srcdir}/data/chain-with-critical-on-root.pem diff --git a/tests/cert-tests/cert-non-digits-time b/tests/cert-tests/cert-non-digits-time index 28880b87ac..9c25c396de 100755 --- a/tests/cert-tests/cert-non-digits-time +++ b/tests/cert-tests/cert-non-digits-time @@ -32,7 +32,7 @@ if ! test -z "${VALGRIND}"; then VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" fi -check_for_datefudge +skip_if_no_datefudge # Check whether certificates with non-digits time fields are accepted datefudge -s "2019-12-19" \ diff --git a/tests/cert-tests/certtool b/tests/cert-tests/certtool index 3494aaacbe..0fd29beea9 100755 --- a/tests/cert-tests/certtool +++ b/tests/cert-tests/certtool @@ -171,7 +171,7 @@ export TZ="UTC" . ${srcdir}/../scripts/common.sh -check_for_datefudge +skip_if_no_datefudge cat "${srcdir}/../certs/cert-ecc256.pem" "${srcdir}/../certs/ca-cert-ecc.pem"|datefudge "2012-11-22" \ ${VALGRIND} "${CERTTOOL}" --verify-chain diff --git a/tests/cert-tests/certtool-eddsa b/tests/cert-tests/certtool-eddsa index c097fbf6c6..7e07822507 100755 --- a/tests/cert-tests/certtool-eddsa +++ b/tests/cert-tests/certtool-eddsa @@ -124,7 +124,7 @@ rm -f "${TMPFILE}" "${TMPFILE2}" rm -f "${KEYFILE}" -check_for_datefudge +skip_if_no_datefudge # Test certificate chain using Ed25519 datefudge "2017-7-6" \ diff --git a/tests/cert-tests/certtool-rsa-pss b/tests/cert-tests/certtool-rsa-pss index aed79ff2e2..654bf34869 100755 --- a/tests/cert-tests/certtool-rsa-pss +++ b/tests/cert-tests/certtool-rsa-pss @@ -210,7 +210,7 @@ export TZ="UTC" . ${srcdir}/../scripts/common.sh -check_for_datefudge +skip_if_no_datefudge datefudge "2012-11-22" \ ${VALGRIND} "${CERTTOOL}" --verify --load-ca-certificate "${srcdir}/data/cert-rsa-pss.pem" --infile "${srcdir}/data/cert-rsa-pss.pem" diff --git a/tests/cert-tests/certtool-verify-profiles b/tests/cert-tests/certtool-verify-profiles index a7ebd711ea..a4d738627e 100755 --- a/tests/cert-tests/certtool-verify-profiles +++ b/tests/cert-tests/certtool-verify-profiles @@ -36,7 +36,7 @@ OUTFILE=out-pkcs7.$$.tmp . ${srcdir}/../scripts/common.sh -check_for_datefudge +skip_if_no_datefudge echo "Checking chain with insecure leaf" datefudge -s "2019-12-19" \ diff --git a/tests/cert-tests/crl b/tests/cert-tests/crl index 62b320b2bf..f4f97d757b 100755 --- a/tests/cert-tests/crl +++ b/tests/cert-tests/crl @@ -171,7 +171,7 @@ export TZ="UTC" . ${srcdir}/../scripts/common.sh -check_for_datefudge +skip_if_no_datefudge datefudge -s "2020-01-20 10:00:00" ${VALGRIND} \ "${CERTTOOL}" --generate-crl --load-ca-privkey "${srcdir}/data/template-test.key" \ diff --git a/tests/cert-tests/crq b/tests/cert-tests/crq index 89099cfc0a..1d64dee27e 100755 --- a/tests/cert-tests/crq +++ b/tests/cert-tests/crq @@ -40,7 +40,7 @@ OUTFILE2=out2.$$.tmp . ${srcdir}/../scripts/common.sh -check_for_datefudge +skip_if_no_datefudge ${VALGRIND} "${CERTTOOL}" --inder --crq-info --infile "${srcdir}/data/csr-invalid.der" >"${OUTFILE}" 2>&1 rc=$? diff --git a/tests/cert-tests/inhibit-anypolicy b/tests/cert-tests/inhibit-anypolicy index 7e82a20014..ba5e1100f6 100755 --- a/tests/cert-tests/inhibit-anypolicy +++ b/tests/cert-tests/inhibit-anypolicy @@ -36,7 +36,7 @@ SUBCAFILE=inhibit-subca.$$.tmp . ${srcdir}/../scripts/common.sh -check_for_datefudge +skip_if_no_datefudge datefudge -s "2017-04-22" \ "${CERTTOOL}" --generate-self-signed \ diff --git a/tests/cert-tests/invalid-sig b/tests/cert-tests/invalid-sig index bcebf995cb..58134a4d09 100755 --- a/tests/cert-tests/invalid-sig +++ b/tests/cert-tests/invalid-sig @@ -33,14 +33,16 @@ if ! test -x "${CERTTOOL}"; then exit 77 fi +. ${srcdir}/../scripts/common.sh + #check whether a different PKCS #1 signature than the advertized in certificate is tolerated ${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/data/invalid-sig.pem" rc=$? # We're done. -if test "${rc}" = "0"; then +if test $rc = 0; then echo "Verification of invalid signature (1) failed" - exit ${rc} + exit 1 fi #check whether a different tbsCertificate than the outer signature algorithm is tolerated @@ -48,9 +50,9 @@ ${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/data/invalid-sig2.pem" rc=$? # We're done. -if test "${rc}" = "0"; then +if test $rc = 0; then echo "Verification of invalid signature (2) failed" - exit ${rc} + exit 1 fi #check whether a different tbsCertificate than the outer signature algorithm is tolerated @@ -58,9 +60,9 @@ ${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/data/invalid-sig3.pem" rc=$? # We're done. -if test "${rc}" = "0"; then +if test $rc = 0; then echo "Verification of invalid signature (3) failed" - exit ${rc} + exit 1 fi #check whether different parameters in tbsCertificate than the outer signature is tolerated @@ -68,9 +70,9 @@ ${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/data/invalid-sig4.pem" rc=$? # We're done. -if test "${rc}" = "0"; then +if test $rc = 0; then echo "Verification of invalid signature (4) failed" - exit ${rc} + exit 1 fi #check whether different RSA-PSS parameters in tbsCertificate than the outer signature is tolerated @@ -78,19 +80,24 @@ ${VALGRIND} "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/invalid-sig5.p rc=$? # We're done. -if test "${rc}" = "0"; then +if test $rc = 0; then echo "Verification of invalid signature (5) failed" - exit ${rc} + exit 1 fi -#this was causing a double free; verify that we receive the expected error code -${VALGRIND} "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/cve-2019-3829.pem" -rc=$? - -# We're done. -if test "${rc}" != "1"; then - echo "Verification of invalid signature (6) failed" - exit ${rc} +if check_for_datefudge; then + #this was causing a double free; verify that we receive the expected error code + datefudge -s 2020-01-01 \ + ${VALGRIND} "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/cve-2019-3829.pem" + rc=$? + + # We're done. + if test $rc != 1; then + echo "Verification of invalid signature (6) failed" + exit 1 + fi +else + echo "Verification of invalid signature (6) skipped" fi exit 0 diff --git a/tests/cert-tests/krb5-test b/tests/cert-tests/krb5-test index 3eca7d7e31..a6e092cc90 100755 --- a/tests/cert-tests/krb5-test +++ b/tests/cert-tests/krb5-test @@ -34,7 +34,7 @@ export TZ="UTC" . ${srcdir}/../scripts/common.sh -check_for_datefudge +skip_if_no_datefudge if ! test -z "${VALGRIND}"; then ORIG_VALGRIND=${VALGRIND} diff --git a/tests/cert-tests/md5-test b/tests/cert-tests/md5-test index a9635cc1d8..15d6280b1c 100755 --- a/tests/cert-tests/md5-test +++ b/tests/cert-tests/md5-test @@ -34,7 +34,7 @@ export TZ="UTC" . ${srcdir}/../scripts/common.sh -check_for_datefudge +skip_if_no_datefudge # Test MD5 signatures diff --git a/tests/cert-tests/name-constraints b/tests/cert-tests/name-constraints index f23462117e..3b2370d49a 100755 --- a/tests/cert-tests/name-constraints +++ b/tests/cert-tests/name-constraints @@ -36,7 +36,7 @@ TMPFILE=constraints.$$.pem.tmp . ${srcdir}/../scripts/common.sh -check_for_datefudge +skip_if_no_datefudge datefudge -s "2016-04-22" \ ${VALGRIND} "${CERTTOOL}" --verify-allow-broken -e --infile "${srcdir}/data/name-constraints-ip.pem" diff --git a/tests/cert-tests/othername-test b/tests/cert-tests/othername-test index 38032fee1c..00f93b22dd 100755 --- a/tests/cert-tests/othername-test +++ b/tests/cert-tests/othername-test @@ -33,7 +33,7 @@ export TZ="UTC" . ${srcdir}/../scripts/common.sh -check_for_datefudge +skip_if_no_datefudge # Note that in rare cases this test may fail because the # time set using datefudge could have changed since the generation diff --git a/tests/cert-tests/pkcs1-pad b/tests/cert-tests/pkcs1-pad index 33663a6a0b..c75ab9e09d 100755 --- a/tests/cert-tests/pkcs1-pad +++ b/tests/cert-tests/pkcs1-pad @@ -34,7 +34,7 @@ export TZ="UTC" . ${srcdir}/../scripts/common.sh -check_for_datefudge +skip_if_no_datefudge TMPFILE1=pkcs1-pad.$$.tmp TMPFILE2=pkcs1-pad-2.$$.tmp diff --git a/tests/cert-tests/pkcs7 b/tests/cert-tests/pkcs7 index 35d438107e..23db9e017e 100755 --- a/tests/cert-tests/pkcs7 +++ b/tests/cert-tests/pkcs7 @@ -38,7 +38,7 @@ TMPFILE=tmp-pkcs7.$$.tmp . ${srcdir}/../scripts/common.sh -check_for_datefudge +skip_if_no_datefudge if test "${ENABLE_GOST}" = "1" && test "${GNUTLS_FORCE_FIPS_MODE}" != "1" then diff --git a/tests/cert-tests/pkcs7-cat b/tests/cert-tests/pkcs7-cat index 0f5b82df12..6543397431 100755 --- a/tests/cert-tests/pkcs7-cat +++ b/tests/cert-tests/pkcs7-cat @@ -36,7 +36,7 @@ OUTFILE=out-pkcs7.$$.tmp . ${srcdir}/../scripts/common.sh -check_for_datefudge +skip_if_no_datefudge datefudge -s "2016-10-1" \ ${VALGRIND} "${CERTTOOL}" --verify-allow-broken --p7-verify --inder --infile "${srcdir}/data/pkcs7-cat.p7" --load-ca-certificate "${srcdir}/data/pkcs7-cat-ca.pem" rc=$? diff --git a/tests/cert-tests/pkcs7-constraints b/tests/cert-tests/pkcs7-constraints index 8e5b5345d1..6964d26f09 100755 --- a/tests/cert-tests/pkcs7-constraints +++ b/tests/cert-tests/pkcs7-constraints @@ -36,7 +36,7 @@ OUTFILE=out-pkcs7.$$.tmp . ${srcdir}/../scripts/common.sh -check_for_datefudge +skip_if_no_datefudge FILE="signing" diff --git a/tests/cert-tests/pkcs7-constraints2 b/tests/cert-tests/pkcs7-constraints2 index 389071e27b..7d1816a33a 100755 --- a/tests/cert-tests/pkcs7-constraints2 +++ b/tests/cert-tests/pkcs7-constraints2 @@ -36,7 +36,7 @@ OUTFILE=out-pkcs7.$$.tmp . ${srcdir}/../scripts/common.sh -check_for_datefudge +skip_if_no_datefudge FILE="signing" diff --git a/tests/cert-tests/pkcs7-eddsa b/tests/cert-tests/pkcs7-eddsa index 1fd767bd73..6f235c512b 100755 --- a/tests/cert-tests/pkcs7-eddsa +++ b/tests/cert-tests/pkcs7-eddsa @@ -36,7 +36,7 @@ OUTFILE2=out2-pkcs7.$$.tmp . ${srcdir}/../scripts/common.sh -check_for_datefudge +skip_if_no_datefudge KEY="${srcdir}/../certs/ed25519.pem" CERT="${srcdir}/../certs/cert-ed25519.pem" diff --git a/tests/cert-tests/pkcs7-list-sign b/tests/cert-tests/pkcs7-list-sign index 1c4e930e5b..5ca04d8005 100755 --- a/tests/cert-tests/pkcs7-list-sign +++ b/tests/cert-tests/pkcs7-list-sign @@ -37,7 +37,7 @@ OUTFILE2=out2-pkcs7.$$.tmp . ${srcdir}/../scripts/common.sh -check_for_datefudge +skip_if_no_datefudge # Test signing FILE="signing-with-cert-list" ${VALGRIND} "${CERTTOOL}" --p7-sign --load-certificate "${srcdir}/data/pkcs7-chain.pem" --load-privkey "${srcdir}/data/pkcs7-chain-endcert-key.pem" --infile "${srcdir}/data/pkcs7-detached.txt" >"${OUTFILE}" diff --git a/tests/cert-tests/rsa-pss-pad b/tests/cert-tests/rsa-pss-pad index d9a05e4e0f..2c87c750fc 100755 --- a/tests/cert-tests/rsa-pss-pad +++ b/tests/cert-tests/rsa-pss-pad @@ -33,7 +33,7 @@ export TZ="UTC" . ${srcdir}/../scripts/common.sh -check_for_datefudge +skip_if_no_datefudge # Note that in rare cases this test may fail because the # time set using datefudge could have changed since the generation diff --git a/tests/cert-tests/sha3-test b/tests/cert-tests/sha3-test index dc3cf8f6ba..a4300672c3 100755 --- a/tests/cert-tests/sha3-test +++ b/tests/cert-tests/sha3-test @@ -33,7 +33,7 @@ export TZ="UTC" . ${srcdir}/../scripts/common.sh -check_for_datefudge +skip_if_no_datefudge # Note that in rare cases this test may fail because the # time set using datefudge could have changed since the generation diff --git a/tests/cert-tests/smime b/tests/cert-tests/smime index dd5514f687..f5e68401cf 100755 --- a/tests/cert-tests/smime +++ b/tests/cert-tests/smime @@ -36,7 +36,7 @@ OUTFILE=out-pkcs7.$$.tmp . ${srcdir}/../scripts/common.sh -check_for_datefudge +skip_if_no_datefudge # test the --smime-to-p7 functionality ${VAGRLIND} "${CERTTOOL}" --smime-to-p7 --infile "${srcdir}/data/pkcs7.smime" --outfile ${OUTFILE} diff --git a/tests/cert-tests/template-exts-test b/tests/cert-tests/template-exts-test index 32e90f91e3..276ba2f798 100755 --- a/tests/cert-tests/template-exts-test +++ b/tests/cert-tests/template-exts-test @@ -33,7 +33,7 @@ export TZ="UTC" . ${srcdir}/../scripts/common.sh -check_for_datefudge +skip_if_no_datefudge datefudge -s "2007-04-22" \ "${CERTTOOL}" --generate-self-signed \ diff --git a/tests/cert-tests/template-test b/tests/cert-tests/template-test index f7ebefb664..091021315b 100755 --- a/tests/cert-tests/template-test +++ b/tests/cert-tests/template-test @@ -34,7 +34,7 @@ TMPFILE=tmp-tt.pem.$$.tmp . ${srcdir}/../scripts/common.sh -check_for_datefudge +skip_if_no_datefudge echo "Running test for ${ac_cv_sizeof_time_t}-byte time_t" diff --git a/tests/cert-tests/tlsfeature-test b/tests/cert-tests/tlsfeature-test index aadbffc26a..fb26f6225b 100755 --- a/tests/cert-tests/tlsfeature-test +++ b/tests/cert-tests/tlsfeature-test @@ -34,7 +34,7 @@ export TZ="UTC" . ${srcdir}/../scripts/common.sh -check_for_datefudge +skip_if_no_datefudge # # Test certificate generation |