From a4c8d3e5577e0d0ac67f2b7ba1550d504f47ab11 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Wed, 1 Mar 2017 11:59:50 +0100
Subject: tests: chainverify: incorporated the tests for unknown critical
 extensions

These check whether unknown critical extensions are detected during verification,
and whether the flag GNUTLS_VERIFY_IGNORE_UNKNOWN_CRIT_EXTENSIONS, is honored
during verification.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
---
 tests/test-chains.h | 235 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 235 insertions(+)

diff --git a/tests/test-chains.h b/tests/test-chains.h
index 59b82d30fe..0afde54ed9 100644
--- a/tests/test-chains.h
+++ b/tests/test-chains.h
@@ -24,6 +24,235 @@
 
 #define MAX_CHAIN 10
 
+static const char *unknown_critical_extension_on_endcert[] = {
+	"-----BEGIN CERTIFICATE-----\n"
+	"MIIENDCCApygAwIBAgIMWLRKXgVfpidUGiL3MA0GCSqGSIb3DQEBCwUAMA8xDTAL\n"
+	"BgNVBAMTBENBLTEwIBcNMTcwMjI3MTU0ODQ2WhgPOTk5OTEyMzEyMzU5NTlaMBMx\n"
+	"ETAPBgNVBAMTCHNlcnZlci0yMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKC\n"
+	"AYEArLFdJ0t8aIAEwXk0+BaXSCWtCrHyotXZxxOImQk48khIB4zQZjdbsbIrE7BK\n"
+	"RW9h8WpUNUTCMRLrIiAL072YbnCyf/aHoaumOGYpHdqo+nD05RH81x67L82v8o+q\n"
+	"vw5VeWOfEU+HnAJxazXe3WqvjDvxDLxlvRG7WBECfdmdzdexot9VgLNv1hD3Cam5\n"
+	"/FBOGwKLkU+cK57BAUcgRqFLFcXZdq/6Joy99O/WVMkYXfDUExRog6EJuzLsQqLZ\n"
+	"symssmps56OdGNeSwACcRUXYQRI2Fp6kWpQ1kynroSDms4q6hz/oIre47UtmYNsu\n"
+	"LnUYLNRAbpRuCLs2uKHjXJoQHV5HCGAq9Whtk7vuNDoD28VO9T0CBn1GbXATDmro\n"
+	"UldPZSFvsW8MUFQcuRbScxrLekbR94GwD8sPdw1siDmI4M1SshS5IyXctK5rfxF3\n"
+	"9qJ8DxwWI3ZSp/N/2HbAa7KA9RsGe548cjfxMbHBv15vZbW490Jrypbl5zTzHwWB\n"
+	"W/nRAgMBAAGjgYkwgYYwDwYDzgcIAQH/BAUaqwGs/jAMBgNVHRMBAf8EAjAAMBQG\n"
+	"A1UdEQQNMAuCCWxvY2FsaG9zdDAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBTc\n"
+	"dq+IHuXY6ZiVq2QRqYMjCWC/wzAfBgNVHSMEGDAWgBT705Z3PM2jlhgsbpzfeFfd\n"
+	"uTqdMDANBgkqhkiG9w0BAQsFAAOCAYEAiPZuXN7FdUo22v1IKyNmGZ0GOzv9N43X\n"
+	"OnJkfDAbMjtO6KxCtqACSFh2cJ4NqUV+GqSo0fNgZIBvXVaL5GOGEvStTs8xw8oH\n"
+	"GIJXQcY3o+6S5/u/6OU8CYnsIqQGGjIhuUzIsrdcFrRrX4nY9v8zr1o8B7MbN0pG\n"
+	"seh8bLU5ih41OH7wjqx3/nuQLs7aui5sRiS+Ug7lF8N9VeOlDCdCeiWo7jNSbTkV\n"
+	"Gt5lcAI6W1paOrNaqwDQ0WeNSM+QLyOXWXR9b4Ck7T4Kcx+5ZSYCKul3msyyA4rV\n"
+	"cAqvaKs/M6IqFHaQGSwgrZFIBcBrViuAWZbdlpaCUNV2bBsxf/ro4Fe5Z3hJz4/r\n"
+	"4RhJffrzMN1aaINi5rFYgMSSHGSy3O5L1yYMdOa6FiJSzYMmtJDFejNLU+e5vM8V\n"
+	"wEBzUaG8UCrOaOumcQcdb2J7sjAoQ+Ghn24/4jmW+A2mFCmAvKfBHRH89BUzEKt5\n"
+	"5IHTMGbPWEe483Nyh3Sx1pXcoQDVgD3l\n"
+	"-----END CERTIFICATE-----\n",
+	"-----BEGIN CERTIFICATE-----\n"
+	"MIID/zCCAmegAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n"
+	"MCAXDTE3MDIyNzE1NDg0NVoYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n"
+	"QS0xMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEArw8KL4omF9ALedLd\n"
+	"qAgnh+mTAQr1XlAy/1DiwA8yCFIPMucSHyMCJlvmRs/gtgemuU4Bn8NsCu9CcXUI\n"
+	"s9mMhrmE098HLn/2McNW5wGNVfK3/8+8N0cok01MuWBjCcZ70k0aYEkFVivVdo4z\n"
+	"CScmZrQYqqtmiTpsJOft+EU479mDaHK0F2caEZqWdyAmpgQ81eMtI/1kFzRbjYCE\n"
+	"Pgati1YrcbS8QLd6NRA6Lk3WxSZpIFQ5gyhvdR3z3onWZM6Mcqj47ZsVK/nvXUSM\n"
+	"2I6JACx2AfDWnbO1c2agZlxRvjlcPkrOiIg9KQs13IAAQ/VeB9KI9PrTgLwNhLtw\n"
+	"gsc8fgn/y4GL2VWolPuNVG0cIP4b4EnPH3ppRfvGe3lkm1zRUkTDht1QRgYMMel0\n"
+	"HSosbt6zXxMKRF+5tsI2ntnXz1xMVMsE8MEgK58BBOTuJevPLLTnkh9WOih6IfDN\n"
+	"t99yFt86x7KbRyddivRP60OftilhUaBcKz/vpKpE0xyB/QPDAgMBAAGjZDBiMA8G\n"
+	"A1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4EFgQU+9OWdzzN\n"
+	"o5YYLG6c33hX3bk6nTAwHwYDVR0jBBgwFoAUJolqIJH3QVRxmq4o/abMSF3P4REw\n"
+	"DQYJKoZIhvcNAQELBQADggGBADpJZ6ydM6+kUcoDGgZnycH2+73A7OuIM8nhVnMg\n"
+	"9+SsiLrjD9rL3gMhlxgvsCGG3So0AeZTJwAQWW/B0vTIoScX1LQ9YuB1vv2l8kkF\n"
+	"Sr/m9TZcP2KiLCcyzkUQ+NvssL5oVXP4/yZDfPasBR5tTLgKaHEhENKLx+1OW9/j\n"
+	"SAGtyP1vxnAd/4kPeuS+2L9ehKTQLUhztE9ezguMOEnBmOcn4QujHvOAAJVh2HgU\n"
+	"MWcIo4MFhpEYo5CobIDJ2+amRW3ywnIGOQfFQOWUfT4XlgoKvirEqWIOKiqmzEZu\n"
+	"sYKbFPhTrFwZmpEwLEw+8B3iz/hW4c7Dp1/oOdrPSr28iQYfJWMyJTm/F67/wzGZ\n"
+	"eWYs6Kxc644gtBckJLGjVPHcu4dwpWpKnzK1cwzN8GY16/m/7eA1XsFWThQOR+KH\n"
+	"tF34Cs3xbu2DBtbMecpeWAOYR1lQg4IRHrCVrB2hxve+/bXrocs7EDlw4rTfqkz6\n"
+	"WqtmyLapzQDNj/NWymF1+X4c7g==\n"
+	"-----END CERTIFICATE-----\n",
+	NULL,
+	"-----BEGIN CERTIFICATE-----\n"
+	"MIID3jCCAkagAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n"
+	"MCAXDTE3MDIyNzE1NDg0NVoYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n"
+	"QS0wMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA2Y2wvebbAVPqOsDr\n"
+	"1D5yGc7B/TlTvuzwAX6RrR6zwuwr3NkeP172A/S1JMqZgl/MnV+PLaCGQxKgMg3V\n"
+	"7pIe9qenytKs6QqGTWt3z3C1HerGT9LQ052JclCStmC1jPMwOUXFiUNunvpMPMMB\n"
+	"97KegAnoYhViQ/IS0iDmHbdEWaFRFcvqVXyaxZP9eW3bkEZ+0pF2yaYZE2NqwEgi\n"
+	"aSWpG6VStRC86GJCTswnpIEaS3gTGZzqmAw7eHEqz0lhZB6o//Pyl2TvUexwu52X\n"
+	"McxWflgCTdbZmjnuyA5LZp8GnsQ3TbOzkP6J+BeZDPjSKvNtgZEz7Bt+NXQGxm4k\n"
+	"9/5813WkA29QEyVHZOQUvxTCyr3B3lgxxvZzXQYcmqpWdDZyZr2jxJaizp5BVKRc\n"
+	"OxhExiEhOUnwwwwNMj0Wyxz894QFrRqy947+lMWrH/snQ/owZX2IZ918Bm23IpJl\n"
+	"bUb5Dnyfr3PIa3XfAkJWRCM5xqKb+xOZJaR+1lEbYYqOuQDDAgMBAAGjQzBBMA8G\n"
+	"A1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcGADAdBgNVHQ4EFgQUJolqIJH3\n"
+	"QVRxmq4o/abMSF3P4REwDQYJKoZIhvcNAQELBQADggGBAKnD4dpow4u9YpnVZ4tL\n"
+	"cOrkB/TuSIGbuTG1K3CWvjDNoPwe0AXvhexorVuYMWVtTGz1EY4ugopP7qvMf4Yp\n"
+	"lcZNamtTDi4Y6zTrcKHe6ckedETi5TD6d7pNIe5wgn2p8hptfcyPwlpPjx01XqFm\n"
+	"Zg7OcoBwhe6UYsM6C0UpUQTqv80aOhAzB5zHHUAoIVSGQBGgTip5QxTq6cE4OX1I\n"
+	"eobqAjL/J+1Wnc5tN6ctDaO0HbXxTnPt3FkJlkFmnx46o5n6R3KmyfWs7QSks0PN\n"
+	"/V3hQ4uV0PagQ+z76As4AsNHNGIKCiZevqOUWoU46PlFOR3W65i6dw2iRLW/qmCQ\n"
+	"Mn8OIzqvcPOwYS4a9vDAX5TR23gPkUixlPnxo5sTPgpTT3PRhJekIoCgL3ncBs8I\n"
+	"p4/TbPht4m0L2eCodGkCm1QCbvbhE1JA8ZpSjxjICODHEeD5w0RXT0FWprCMvrO3\n"
+	"uExu6AxfNhtLsV8E/HXAGTguetUysJgqqXdCUDXTQbrIHw==\n"
+	"-----END CERTIFICATE-----"
+};
+
+static const char *unknown_critical_extension_on_intermediate[] = {
+	"-----BEGIN CERTIFICATE-----\n"
+	"MIIEITCCAomgAwIBAgIMWLRKghUUPjZQy+hWMA0GCSqGSIb3DQEBCwUAMA8xDTAL\n"
+	"BgNVBAMTBENBLTEwIBcNMTcwMjI3MTU0OTIyWhgPOTk5OTEyMzEyMzU5NTlaMBMx\n"
+	"ETAPBgNVBAMTCHNlcnZlci0yMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKC\n"
+	"AYEA2WRm/jJ2Ul4TynGmCamCsUv2qLvQmFknfg5HEjPGpx/sKnzkkavke3IdltLS\n"
+	"/UZVw1ZwoMKBh/5C4tG1Y7mKHdmHmuISyfzB/vHBNx212UZJpOiwuHHhV94Nmdbd\n"
+	"X5sD6aFluJOWRAL8PB2vPJF8q+X1PNDxilDEevar/ULNR4+rHMlqRUtbnpqHXVmd\n"
+	"eYgUAYRmJatzyqhlGJ3mFZPiOwCxvR4b1RKzFx5zgz1vy+B+0a+h+wRgDZ3iCwMO\n"
+	"mtAgYQ7z/jBNzdbkVZVMhCQm8UF4Pt2ITtLSfuZ0lDzntfC504TQABaFooAorBMF\n"
+	"y4+OpIyrAXGAVct90Rtkq2F0sVfGtz81xMUw8iVteURalUM/XH4Owz71BJcOKIDO\n"
+	"PbWyGTMXzWcdCgEhL3P4QG0HMjyhjyv+BAND7Q0e2KGjfnGmO2tRuR6h6nBUkjiZ\n"
+	"UicMEAyCxJAuMMBItJTIoXeNFsttlYIuAMHFV6A8ekjWhhZsg7LhlLH+k5/uz3rB\n"
+	"UPGXAgMBAAGjdzB1MAwGA1UdEwEB/wQCMAAwFAYDVR0RBA0wC4IJbG9jYWxob3N0\n"
+	"MA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFMBahZT/Z4RDB4CkB5lAxAGSCUcd\n"
+	"MB8GA1UdIwQYMBaAFAMeecLjN1JGgju+TsSezQDYARdtMA0GCSqGSIb3DQEBCwUA\n"
+	"A4IBgQBV35WByM7cfucUIIaYgAE7RWI1mVz9QGacEzMX0jtJB3pI78KQ+4i4XRHM\n"
+	"DqES71RbHUTsrIUUEMvzVcpGSak0cvx+9QC6wkNn8w/SDqkJnF4/72MRGXigHGcI\n"
+	"L9/dSj0yKUHMzjo621cVlG8AgmCG8MYInTXY5pvqQ59mvD1A0HLUfJmwoCwcLpx0\n"
+	"JIM7/f9CfK2kHVBIvdhV7cHr+pDPHZ5wjVIqF2WE9TnC05caxm/yR5aauGptM8YN\n"
+	"nfoOnsqFGK5nmD94tAPzCbPjQQqyRQQALm9/oJPMG0blJPkch/hsJixujM1hcENX\n"
+	"ylV5Odw2LYGy2qFi1Ku85F/cJFvsF6b215ziQKlXBdwEa9Nno0jjxa+g8zFktUa1\n"
+	"6Y/W06RqQKKVdn6bfhYmOi5PL+faiA9yrGnBy3i/32Glxs19sSUODa9babAFKTlM\n"
+	"099jOSh6YDQWOa/z/eQ8ueaL7nfwe9cWBOsjwUUO0BJwx3uNQ70ijf3FBbLe1PKz\n"
+	"yQNcZEI=\n"
+	"-----END CERTIFICATE-----\n",
+	"-----BEGIN CERTIFICATE-----\n"
+	"MIIEEDCCAnigAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n"
+	"MCAXDTE3MDIyNzE1NDkyMloYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n"
+	"QS0xMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA4osbQlC5tHJGl+kD\n"
+	"Of7n3E3DfyF1g1XK7XyYpbjmguAVuxz9K2qVMVYc+GUWUN7CQeCONFBV7+49pDFm\n"
+	"47jw26fQ/x6tj9Omq0pHqTSEmNpsZTh622PqHulThK1R7R1p2T9vnfXUd/AnqWYa\n"
+	"ECBp6BSW6WKScL36rqVcKc8I62s4z330rrIEOksWFVSOo52FwSaM2lEH2nj9MGPv\n"
+	"P387c+J5fG22g6Ho6k/A9YJZgs6bjq+XXgqBAVxYjY++YgjTwmcFq9tMQqmxEOCL\n"
+	"jF0yGCUnV+oz1J5+WTfhkm+yyq9hDOaf6GoCYVMiIpcpnTtZegMTL06Bd4nawODT\n"
+	"QCuzg2FOmHzSP6XehGPtHzRTsKDJNjl6Q9xTnoUPOcoECYI1xMHy4lbKH236BY4G\n"
+	"wjyFpfiplr8p4ZOdlgat/+d/eR0gxJ+A6ZbdUsrjNrMo3Jec9y8ZHKR5OLsQxe4+\n"
+	"UIYlA8iGce0BVGjLlXyE9jE1i8ku0s8QQo523GB8Va8ljSQJAgMBAAGjdTBzMA8G\n"
+	"A84HCAEB/wQFGqsBrP4wDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQA\n"
+	"MB0GA1UdDgQWBBQDHnnC4zdSRoI7vk7Ens0A2AEXbTAfBgNVHSMEGDAWgBQghKJA\n"
+	"xiymxB9WDU44awpl6BIZ8TANBgkqhkiG9w0BAQsFAAOCAYEABOkLX1UW8oDD7TnZ\n"
+	"9jtpkkW6CrSBI5aIVcKLNVMrXUGiZ9s0rONFXHLEugIgkjP++zUBnflc4KpwlNnK\n"
+	"NXp0KtCDhQkIXCWn7RYZ633v0XOrop5VuYV+qtpd2oNDsbCIrkph3llnPjRbhIC9\n"
+	"FdkPW5ZvfnJuW5WOwVBZKe192XJXBHQNPLuA6GbE1ouyaHKrs71W0UAi3ij//tAk\n"
+	"okwYcK6Y7fIuVZqsSCK9U1/p40zdLwdoeJz1/3U2lTuZwDlh3f12DTFGBaDYamS8\n"
+	"4utiRfZPQ0U9t8J8HDj9o+ShX0VMXw116zwiJqw+B86hslT0jAocrJtfGyANsP7h\n"
+	"p1OtDVfgisJVK4JaPUoVsIkl8+TBV3sy3jFdc1jpqRg7127Z3Q8nHSHX1mHdI/Ra\n"
+	"M3DUhUuTJpk7/vQgfQ+NsfwdvNHWyb4+zhqJyUuEQS0yQ7SfGznzHQhPYks1RmP3\n"
+	"afa4/D152QSDszhHvTrXyPiFVRuAGk9lh0h8nw1mwygoL1OI\n"
+	"-----END CERTIFICATE-----\n",
+	NULL,
+	"-----BEGIN CERTIFICATE-----\n"
+	"MIID3jCCAkagAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n"
+	"MCAXDTE3MDIyNzE1NDkyMloYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n"
+	"QS0wMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA8QUnCRcC8HlaTt+z\n"
+	"+ui60g8eRO/NqaJFZ4Q/GL65v8dZKRqH10aWZavLXhryCGr2tH2GX0by7pkZqpoD\n"
+	"FEuARVoiNuXOVntn+HPlsiRyPCpgisN8tS3cCugvzNrVOlPlfvihX9M3oAYFImc7\n"
+	"Lpk2K+FW4s8ThJr7YOSg1BmuQiY9vyZ3fgaOBMmMqOke8MEkXc0xoZ4M14ZgbcXA\n"
+	"FpnPHLQK8HZHq4K1NVzF23gKhtB8lrQBf5O8tpqzIFjyiCYiGLhZi9v3Rv4bMBUS\n"
+	"1bje2PiZ7QIuA5KzTEG45NDiCv6gl1u+uIuWc2VJpRDyMECgKOwhmQs+lnqt3wdq\n"
+	"wgtVABAakxPjBRoXv27wNo5nhuQruuESiWQHbly33mMnT9MFkEoeRxJWJpCrgzOY\n"
+	"wtT2eXJPzd61HQmr99JygQR/roB4B0AAHOUxeSgsjrH8ptzQSeE7Uk2HSyz8YG3a\n"
+	"NfBvYMCCXZLW422ZG4G1wEjan9to+pDj/a4O51ClCT5B7of7AgMBAAGjQzBBMA8G\n"
+	"A1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcGADAdBgNVHQ4EFgQUIISiQMYs\n"
+	"psQfVg1OOGsKZegSGfEwDQYJKoZIhvcNAQELBQADggGBAEO9TkE/bgMkFm37usHr\n"
+	"d03a67vZahubHweidEDsZwWf9h8PiaAIUth3r0TLR5HFGj5zh73hOWCggMmxJv+V\n"
+	"8UL1oq2jYAXeDkA7MbjADIP3Yl9C1fS+Bq2Dgqht3pGWq5Uej0wClu75bHEKLZWl\n"
+	"miKvuFscponO9L68ARPBsZ2woQ9F0+2buV7PizylIZv8BnYAxoHAEHcq2RIqj06L\n"
+	"si/plPx6UzbfWrfW6H9OqjB5TDJ8hSwLEzUg+RFYH34RZ1D2Thl8GKB62lIpmP9K\n"
+	"7f2wSE9X6gWivyObhmQyAHiL9rQPQsXrpp7paqeknxEtPITxugOunYLPfuqddkso\n"
+	"33BGnJ6qVjJ6sTBziQmPcwNInm2/91Iw0BSZP0/mCBot+9rSHD38i/sdHbJWh9WT\n"
+	"mOVu3yT5v+39mC8Yd0ykgpO1/47jdPr5FyVz7yAfwb3/MHgjx20UQV0fn2R37LAk\n"
+	"AsKMxlHYGz6LYjxK06ZOT3GbBny23aGoooAPqBZenFWXgA==\n"
+	"-----END CERTIFICATE-----\n"
+};
+
+static const char *unknown_critical_extension_on_root[] = {
+	"-----BEGIN CERTIFICATE-----\n"
+	"MIIEITCCAomgAwIBAgIMWLRKjwNqHC0gaxzuMA0GCSqGSIb3DQEBCwUAMA8xDTAL\n"
+	"BgNVBAMTBENBLTEwIBcNMTcwMjI3MTU0OTM1WhgPOTk5OTEyMzEyMzU5NTlaMBMx\n"
+	"ETAPBgNVBAMTCHNlcnZlci0yMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKC\n"
+	"AYEAqaopWnZqPqFMWM4p62PIxlBCidmiUgefxCphPqq3HX0C5IaHB+xC1a/p51h2\n"
+	"C6hTzChKpVWCJ2obxt4/EqgJRVA5ujYA5F7Cw65oy3GecHgMzprFiTksRIA/n5SM\n"
+	"whYQBFy939T2UDCyK5bfQGzDTDXoy4ZKoano5cmD8uuVODLlyyj2cv/XYsDGwAZb\n"
+	"h4+UGJzld1YYzrKaKb/9kCczsDLR51F40ZbLtWtQ9dvKXcIfhKEaFuWI8MjmJYzJ\n"
+	"WyKhMVEA3Eat+GnrKTWka5nFPqFha3XbVGb1ASJjdjvUFl6v8RlJ+wqsIni1WaIp\n"
+	"TZY6BCQmEc83PtvahjImoquFt4cHofrbQPK4A1Kaiw5SJMWJvmaZpiAlDnb8Wl88\n"
+	"TZBtkg1s/XVdD5GbY7r5FZRh52/9e4L43ZThZAGW91EYoNrVr9713OBfwiDpyGRw\n"
+	"bba5jmHtpzKU4xYANizc1A+ioaCnMbJM8iq68EUkcP0F/enH+TMRxQRMUQEKd4gx\n"
+	"mYUHAgMBAAGjdzB1MAwGA1UdEwEB/wQCMAAwFAYDVR0RBA0wC4IJbG9jYWxob3N0\n"
+	"MA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFAxBxXFjDnXrtfECorTP1cf/us6s\n"
+	"MB8GA1UdIwQYMBaAFGGzwr5dJM/noimXvK/tlXJzNCQZMA0GCSqGSIb3DQEBCwUA\n"
+	"A4IBgQCIij2aGijFZxVV2kdzSbEWWVV9hAFHF0azEHTQwmSQ0nO/zVWJV7pTjMMi\n"
+	"qC2zAyfR/zc8BtxGBF1bh4U3Ke5Jy9cr8CYuS2/mvMERopwiQkUtVTABpvKebGqE\n"
+	"fkbbDs2Qu87u0RxPVUZqyiPNDtVq6+MM70/QP4FRM5uwOp3nSMDiaajlX8jfnZe4\n"
+	"A1Wa8yduEygiEAbiu0xn2rwjbfW8430Ep4e0lEIBZfWarL61vQaBBv4UmOcIWfaF\n"
+	"CVOhJGwuf7DYThUrkcs2mLO84ip7O5HLBpvrqDaymHEZAnidrfoayyRjJaQLvg7y\n"
+	"4s65ivmTyRpQnXLw/tAbWE6lwN1xKp3Z5ahcCN9wwMmv0kcSDi33rwAJl4l6h/Le\n"
+	"K5c/qyrGxnQ4AL2s98WUL7NaZyv9kuFsQ90ECjVfwhfUEmFqnWPPusKo+LvK4Un5\n"
+	"6+uniip3wX/8GCDV+cLQywuDIdo755ZKMaf3UjSfsknWJmpJYl5u0K18uLAzIod0\n"
+	"PVow3ek=\n"
+	"-----END CERTIFICATE-----\n",
+	"-----BEGIN CERTIFICATE-----\n"
+	"MIID/zCCAmegAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n"
+	"MCAXDTE3MDIyNzE1NDkzNFoYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n"
+	"QS0xMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAxIF0pvly30S//JQK\n"
+	"HGVka0CNqz2KC9oDoy90YBpIxlwdO2qiQyBlEytGXU4omVFGZZdpAwQ0XaMaEVDK\n"
+	"pmdhYPJAcdCPUVkae/qPNS3FWEdSnFlu2qWhiFLgGOUNYn05zA68otm5ahFeD8oB\n"
+	"lVv8I/NEU7rQmEHZy4Bg2xTSl/hVVgqbzPtLdAiOzAutWWiQwq4zoVYJVCu6Ut8P\n"
+	"hzpSYKAO8W81/tAiyfcZeoARA/QF8NGcSuWBto1hCb43GkZGFp5cKxSJklX06D8g\n"
+	"HkUFWkIavOaetywFv1dnUnVKJ2QEyh+40iwnnw2+HpBO3eVo/qArayBWNb/baNm/\n"
+	"kYZyIqzFZs2Mf38Uu4MGIJMB9RkcMUuw3o3u1HNMeFIqPeTpvQ8r888uxQTgZcfw\n"
+	"l1tGijdnNBNzdvIMTTAOZyLpdDxx/WoGA8lz1Ks3auZ+d0dzO/2q2b0fiYBAY58h\n"
+	"Ou1uRjmFX4YpVGcC9+2zmJGGMlkEu/iiJT8dmZc5ydPujY9BAgMBAAGjZDBiMA8G\n"
+	"A1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4EFgQUYbPCvl0k\n"
+	"z+eiKZe8r+2VcnM0JBkwHwYDVR0jBBgwFoAUjdMy0N5jaoCQ6Ucqd269BlwiH/Mw\n"
+	"DQYJKoZIhvcNAQELBQADggGBABUXMEKzD93AwIJZ0R2n2gJzlc7lnKF8BP70ZP5h\n"
+	"JTYz+tHymc+Nw6eW7yQ5o9tnJue3Z+ueOzN/+UP7dWH7NRnaJ/BOJuKXcwGrH6tD\n"
+	"prP2+HR2tPIuEGmOoe9bnFAiX7evTC3wt+AeIGgYSZgPwR7gF69Pudk8ISrMg0oh\n"
+	"Q4pM9YUj5cIWiBBD20vQj6wJCvzi5tyJjEhjT6fJVlcKFZBveOG5RaPB91GiuJ6s\n"
+	"JW6z1Q2cCMtvsRZnj7jFDH/m4ZlmK/h9oD1HxCP1rcEmHykOh4RnyyrlT+Vuzw+u\n"
+	"jtNaz0Fr9y20a39ENrmMI719/vuZxx2eExko/ta0EbirJw2u+Ygjdn6c6Bc+BR/C\n"
+	"IisDCHVO1U+nk8zLo0Rd1JInJH+3jYzn9OAClqBoKxp4bSIo5z419t2jZTAWUNcQ\n"
+	"Rj+7s8XN/z7pfNfecZJ/n9KTfqbowqfZaMR/UdmVQZTmN3Xk9CnQsGpotbNDqQfH\n"
+	"jz5Y36//zejV2aJeOMWZeAw/QA==\n"
+	"-----END CERTIFICATE-----\n",
+	NULL,
+	"-----BEGIN CERTIFICATE-----\n"
+	"MIID7zCCAlegAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n"
+	"MCAXDTE3MDIyNzE1NDkzNFoYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n"
+	"QS0wMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEArr1s4R3Fq1St6vdT\n"
+	"ZLTWWZ40bG72Ue/Z94c+m0dujKk+SnXEOe8sEzZLzizaoBiA8IDc1sFpLHDruWsD\n"
+	"jLACBOPDahfIGIfeJ1R8L23HEgbg7RXdJ8Bx1YsfaASr8L7AihDBM6BTPfGipf6u\n"
+	"Ul2oI0vyo8WxW+0BdJ/qTMJwT/vFqn1XBisuvwa23SVAe0UU66kYXmSxUDZv3YWv\n"
+	"P3vqVBGdbussChIYn5xyfCaaLgC3VQNkhmswSfyFQBJ7VO/nHI1a35E705WSKGys\n"
+	"IZdg3mA08jLOReCsgAO4vnhubA3jk9/LFFIbJulNQ0j3jcqOyfCtsXEmvgbq2b6D\n"
+	"ksBg/x1riV/FAW/nRwW/vqaKDtDTx6XcjFnMjfvBzkON8F+M76qTl4lVbv9fUgEE\n"
+	"hBppfHlvu3sQ7ysVYgTDdCM0neTZ0Gm7dOd/9qnrA7ZzQBLRBQD7+en23jyuX/PT\n"
+	"TEL2pO3kGo9H9zgTC8TcGyNxhJ9APIu531xkHJyse5IkORYJAgMBAAGjVDBSMA8G\n"
+	"A84HCAEB/wQFGqsBrP4wDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwYA\n"
+	"MB0GA1UdDgQWBBSN0zLQ3mNqgJDpRyp3br0GXCIf8zANBgkqhkiG9w0BAQsFAAOC\n"
+	"AYEAjPW9Y5HZpXnSpjKPryxWNtQSZVRh1b/dGgKOOqjvlXajU/FbMjXTnpm3wdSO\n"
+	"PCXGyUkBonuoWlbxcRLsShH8O8LUH50drYnTYiNYqYq3e23u2LrQHbB1YlQnRvdR\n"
+	"JP2AOl/d8mP9c3GBhu0dxzTiH5zyiCMxOWChdPbpKCTNGD2aZIUoXsUwLv2ICsue\n"
+	"qQIr4f+pBztpNAJdwfMFtqdB1Aeg0UW3+aCjD4XEjISYd9VfXnPg0OaBqddy/MA3\n"
+	"Itef4+O7XNQi7w6FWmuZWdEJC2juygybA0jv6fvFKV5HUxxsdMaUwy/Ibt/MOhUd\n"
+	"e4857GRICFKq8Q8FUbDiuw868aTkKSVqXoZFoTLQsXn53GbSGvNqwpqQXK9JMPCn\n"
+	"c6XIbeF9zgGWbswgdNhs3u8J9tkIxd03cIqaCjzmsl9TByjg5hGEw4+hXbt9PDFa\n"
+	"M5avPfGI7g0CdoSKSzAishaYtBn+HCRHyZTpxATrv7/fo0fTSs32EIHmro0Xk5b9\n"
+	"qFGX\n"
+	"-----END CERTIFICATE-----\n"
+};
+
 /* the key purpose in the intermediate certificate is not the expected one */
 static const char *kp_fail1[] = {
     "-----BEGIN CERTIFICATE-----\n"
@@ -2811,6 +3040,12 @@ static struct
   { "tls features - intermediate has unrelated vals", tls_feat_inter_unrelated_fail, &tls_feat_inter_unrelated_fail[3], 0, GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE|GNUTLS_CERT_INVALID, 0, 1466612070},
   { "tls features - end is superset", tls_feat_superset, &tls_feat_superset[3], 0, 0, 0, 1466612070},
   { "tls features - ok", tls_feat_ok, &tls_feat_ok[3], 0, 0, 0, 1466612070},
+  { "unknown crit extension on root - fail", unknown_critical_extension_on_root, &unknown_critical_extension_on_root[3], 0, GNUTLS_CERT_INVALID | GNUTLS_CERT_UNKNOWN_CRIT_EXTENSIONS, GNUTLS_KP_TLS_WWW_SERVER, 1488365541},
+  { "unknown crit extension on root - success", unknown_critical_extension_on_root, &unknown_critical_extension_on_root[3], GNUTLS_VERIFY_IGNORE_UNKNOWN_CRIT_EXTENSIONS, 0, GNUTLS_KP_TLS_WWW_SERVER, 1488365541},
+  { "unknown crit extension on intermediate - fail", unknown_critical_extension_on_intermediate, &unknown_critical_extension_on_intermediate[3], 0, GNUTLS_CERT_INVALID | GNUTLS_CERT_UNKNOWN_CRIT_EXTENSIONS, GNUTLS_KP_TLS_WWW_SERVER, 1488365541},
+  { "unknown crit extension on intermediate - success", unknown_critical_extension_on_intermediate, &unknown_critical_extension_on_intermediate[3], GNUTLS_VERIFY_IGNORE_UNKNOWN_CRIT_EXTENSIONS, 0, GNUTLS_KP_TLS_WWW_SERVER, 1488365541},
+  { "unknown crit extension on endcert - fail", unknown_critical_extension_on_endcert, &unknown_critical_extension_on_endcert[3], 0, GNUTLS_CERT_INVALID | GNUTLS_CERT_UNKNOWN_CRIT_EXTENSIONS, GNUTLS_KP_TLS_WWW_SERVER, 1488365541},
+  { "unknown crit extension on endcert - success", unknown_critical_extension_on_endcert, &unknown_critical_extension_on_endcert[3], GNUTLS_VERIFY_IGNORE_UNKNOWN_CRIT_EXTENSIONS, 0, GNUTLS_KP_TLS_WWW_SERVER, 1488365541},
   { NULL, NULL, NULL, 0, 0}
 };
 /* *INDENT-ON* */
-- 
cgit v1.2.1