summaryrefslogtreecommitdiff
path: root/tests/chainverify.c
diff options
context:
space:
mode:
Diffstat (limited to 'tests/chainverify.c')
-rw-r--r--tests/chainverify.c12
1 files changed, 5 insertions, 7 deletions
diff --git a/tests/chainverify.c b/tests/chainverify.c
index 5aa4b88df1..2e9fd54105 100644
--- a/tests/chainverify.c
+++ b/tests/chainverify.c
@@ -687,15 +687,13 @@ static struct
{ "CVE-2008-4989", cve_2008_4989_chain, &cve_2008_4989_chain[2],
0, GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID },
{ "verisign.com v1 fail", verisign_com_chain, &verisign_com_chain[3],
- 0, GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID },
- { "verisign.com v1 fail2", verisign_com_chain, &verisign_com_chain[3],
- GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT,
+ 0,
GNUTLS_CERT_EXPIRED | GNUTLS_CERT_INVALID },
{ "verisign.com v1 ok", verisign_com_chain, &verisign_com_chain[3],
GNUTLS_VERIFY_DISABLE_TIME_CHECKS | GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT,
0 },
{ "citibank.com v1 fail", citibank_com_chain, &citibank_com_chain[2],
- 0, GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID },
+ GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT, GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID },
{ "expired self signed", pem_self_cert, &pem_self_cert[0],
0, GNUTLS_CERT_EXPIRED | GNUTLS_CERT_INVALID },
{ "self signed", pem_self_cert, &pem_self_cert[0],
@@ -706,7 +704,7 @@ static struct
{ "ca=false2", thea_chain, &thea_chain[1],
0, GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID },
{ "hbci v1 fail", hbci_chain, &hbci_chain[2],
- 0, GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID},
+ GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT, GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID},
{ "hbci v1 ok expired", hbci_chain, &hbci_chain[2],
GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT,
GNUTLS_CERT_EXPIRED | GNUTLS_CERT_INVALID },
@@ -724,7 +722,7 @@ static struct
{ "rsa-md5 ok", mayfirst_chain, &mayfirst_chain[1],
GNUTLS_VERIFY_DISABLE_TIME_CHECKS | GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5, 0 },
{ "v1ca fail", v1ca, &v1ca[2],
- 0, GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID },
+ GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT, GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID },
{ "v1ca expired", v1ca, &v1ca[2],
GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT,
GNUTLS_CERT_EXPIRED | GNUTLS_CERT_INVALID },
@@ -851,7 +849,7 @@ doit (void)
fail ("verify_status: %d expected: %d",
verify_status, chains[i].expected_verify_result);
- if (debug)
+ if (!debug)
exit (1);
}
else if (debug)
View Lorry Controller Status