summaryrefslogtreecommitdiff
path: root/subversion/tests/libsvn_subr/x509-test.c
diff options
context:
space:
mode:
Diffstat (limited to 'subversion/tests/libsvn_subr/x509-test.c')
-rw-r--r--subversion/tests/libsvn_subr/x509-test.c848
1 files changed, 848 insertions, 0 deletions
diff --git a/subversion/tests/libsvn_subr/x509-test.c b/subversion/tests/libsvn_subr/x509-test.c
new file mode 100644
index 0000000..a3806b8
--- /dev/null
+++ b/subversion/tests/libsvn_subr/x509-test.c
@@ -0,0 +1,848 @@
+/*
+ * x509-test.c -- test the x509 parser functions
+ *
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ */
+
+#include <string.h>
+#include "svn_x509.h"
+#include "svn_base64.h"
+#include "svn_time.h"
+#include "svn_pools.h"
+#include "svn_string.h"
+
+#include "../svn_test.h"
+
+struct x509_test {
+ const char *base64_cert; /* Base64 encoded DER X.509 cert */
+ const char *subject; /* Subject Distinguished Name */
+ const char *subject_oids; /* Space separated list of oids in Subject */
+ const char *issuer; /* Issuer Distinguished Name */
+ const char *issuer_oids; /* Space separated list of oids in Issuer */
+
+ /* These timesamps are in the format that svn_time_to_cstring() produces.
+ * This is not the same string as the parser returns since it returns
+ * the ressult of svn_time_to_human_cstring(), which is in the local
+ * timezone. So we can't store exactly what the parser will output. */
+ const char *valid_from;
+ const char *valid_to;
+ const char *hostnames;
+ const char *sha1_digest;
+};
+
+static struct x509_test cert_tests[] = {
+ /* contains extensions and uses a sha256 algorithm */
+ { "MIIEtzCCA5+gAwIBAgIQWGBOrapkezd+BWVsAtmtmTANBgkqhkiG9w0BAQsFADA8"
+ "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMVGhhd3RlLCBJbmMuMRYwFAYDVQQDEw1U"
+ "aGF3dGUgU1NMIENBMB4XDTE0MDQxMTAwMDAwMFoXDTE2MDQwNzIzNTk1OVowgYsx"
+ "CzAJBgNVBAYTAlVTMREwDwYDVQQIEwhNYXJ5bGFuZDEUMBIGA1UEBxQLRm9yZXN0"
+ "IEhpbGwxIzAhBgNVBAoUGkFwYWNoZSBTb2Z0d2FyZSBGb3VuZGF0aW9uMRcwFQYD"
+ "VQQLFA5JbmZyYXN0cnVjdHVyZTEVMBMGA1UEAxQMKi5hcGFjaGUub3JnMIIBIjAN"
+ "BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+Tq4mH+stRoxe4xth8tUCgLt+P4L"
+ "D/JWZz4a2IecaaAk57vIlTxEyP16fUShUfxVJnD0KV11zv2qaEUXNaA6hKd4H/oB"
+ "u2OyGev+quRM+aFCjWqASkXt7fLGsIkHAwP3XwBVBpARbcXJeCjCBxqaYrQqS8LT"
+ "wfPUD9eYncGlQ+ixb3Bosy7TmkWKeLsRdS90cAO/rdgQ8OI7kLT/1tr5GpF9RmXo"
+ "RnVqMP+U0zGd/BNNSneg7emb7TxLzxeMKZ7QbF4MZi8RRN11spvx8/f92CiYrGGu"
+ "y67VdOGPaomYc+VZ2syLwduHGK40ADrEK3+MQpsRFB0dM08j9bhpr5A44wIDAQAB"
+ "o4IBYzCCAV8wFwYDVR0RBBAwDoIMKi5hcGFjaGUub3JnMAkGA1UdEwQCMAAwQgYD"
+ "VR0gBDswOTA3BgpghkgBhvhFAQc2MCkwJwYIKwYBBQUHAgEWG2h0dHBzOi8vd3d3"
+ "LnRoYXd0ZS5jb20vY3BzLzAOBgNVHQ8BAf8EBAMCBaAwHwYDVR0jBBgwFoAUp6KD"
+ "uzRFQD381TBPErk+oQGf9tswOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL3N2ci1v"
+ "di1jcmwudGhhd3RlLmNvbS9UaGF3dGVPVi5jcmwwHQYDVR0lBBYwFAYIKwYBBQUH"
+ "AwEGCCsGAQUFBwMCMGkGCCsGAQUFBwEBBF0wWzAiBggrBgEFBQcwAYYWaHR0cDov"
+ "L29jc3AudGhhd3RlLmNvbTA1BggrBgEFBQcwAoYpaHR0cDovL3N2ci1vdi1haWEu"
+ "dGhhd3RlLmNvbS9UaGF3dGVPVi5jZXIwDQYJKoZIhvcNAQELBQADggEBAF52BLvl"
+ "x5or9/aO7+cPhxuPxwiNRgbvHdCakD7n8vzjNyct9fKp6/XxB6GQiTZ0nZPJOyIu"
+ "Pi1QDLKOXvaPeLKDBilL/+mrn/ev3s/aRQSrUsieKDoQnqtmlxEHc/T3+Ni/RZob"
+ "PD4GzPuNKpK3BIc0fk/95T8R1DjBSQ5/clvkzOKtcl3VffAwnHiE9TZx9js7kZwO"
+ "b9nOKX8DFao3EpQcS7qn63Ibzbq5A6ry8ZNRQSIJK/xlCAWoyUd1uxnqGFnus8wb"
+ "9RVZJQe8YvyytBjgbE3QjnfPOxoEJA3twupnPmH+OCTM6V3TZqpRZj/sZ5rtIQ++"
+ "hI5FdJWUWVSgnSw=",
+ "C=US, ST=Maryland, L=Forest Hill, O=Apache Software Foundation, "
+ "OU=Infrastructure, CN=*.apache.org",
+ "2.5.4.6 2.5.4.8 2.5.4.7 2.5.4.10 2.5.4.11 2.5.4.3",
+ "C=US, O=Thawte, Inc., CN=Thawte SSL CA",
+ "2.5.4.6 2.5.4.10 2.5.4.3",
+ "2014-04-11T00:00:00.000000Z",
+ "2016-04-07T23:59:59.000000Z",
+ "*.apache.org",
+ "151d8ad1e1bac21466bc2836ba80b5fcf872f37c" },
+ /* the expiration is after 2049 so the expiration is in the
+ * generalized format, while the start date is still in the UTC
+ * format. Note this is actually a CA cert but that really doesn't
+ * matter here. */
+ { "MIIDtzCCAp+gAwIBAgIJAJKX85dqh3RvMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV"
+ "BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX"
+ "aWRnaXRzIFB0eSBMdGQwIBcNMTQwNjI3MTczMTUxWhgPMjExNDA2MDMxNzMxNTFa"
+ "MEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJ"
+ "bnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw"
+ "ggEKAoIBAQDaa4gwNBB6vgWrlOIEMdzvD06zmmiocEt6UnTHtmAcfrBuDnKrBwEh"
+ "f5JxneL16XIuKwK6n/4omBtem/PPjjpOLM9PMQuoO0cpQ0UGFnfpmko6PSQoqRHl"
+ "qTbDGv4usn7qdZV+FKz/B9CMonRSzWHMz5YPmqfob6BqaaJY/qJEzHJA24bm4jPH"
+ "IsaVCInEGpqAUpejwBzNujfbLibBNrVX7K846zk+tnsNR90kP5h3IRP3SdWVywKC"
+ "AMN2izzhmaDhuPzaTBobovr+ySJShmX6gdB5PpWkm6rcBl6RJ+tM0ZBSJjQvkYp4"
+ "seV+rcXFgpJP/aQL3vhDON32tjWh3A2JAgMBAAGjgacwgaQwHQYDVR0OBBYEFF+N"
+ "7TyDI8THpAbx1pfzFFtl5z4iMHUGA1UdIwRuMGyAFF+N7TyDI8THpAbx1pfzFFtl"
+ "5z4ioUmkRzBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8G"
+ "A1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkggkAkpfzl2qHdG8wDAYDVR0T"
+ "BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAo4t9fYe2I+XIQn8i/KI9UFEE9fue"
+ "w6rQMnf9yyd8nwL+IcV84hvyNrq0+7SptUBMq3rsEf5UIBIBI4Oa614mJ/Kt976O"
+ "S7Sa1IPH7j+zb/jqH/xGskEVi25dZz7psFCmi7Hm9dnVz9YKa2yLW6R2KZcTVxCx"
+ "SSdDRlD7SonsYeq2fGrAo7Y9xfZsiJ2ZbJ18kHs2coMWuhgSrN9jrML6mb5B+k22"
+ "/rgsCJgFsBDPBYR3ju0Ahqg7v6kwg9O2PJzyb4ljsw8oI0sCwHTZW5I5FMq2D9g6"
+ "hj80N2fhS9QWoLyeKoMTNB2Do6VaNrLrCJiscZWrsnM1f+XBqV8hMuHX8A==",
+ "C=AU, ST=Some-State, O=Internet Widgits Pty Ltd",
+ "2.5.4.6 2.5.4.8 2.5.4.10",
+ "C=AU, ST=Some-State, O=Internet Widgits Pty Ltd",
+ "2.5.4.6 2.5.4.8 2.5.4.10",
+ "2014-06-27T17:31:51.000000Z",
+ "2114-06-03T17:31:51.000000Z",
+ NULL,
+ "db3a959e145acc2741f9eeecbeabce53cc5b7362" },
+ /* The subject (except for country code) is UTF-8 encoded.
+ * created with openssl using utf8-yes and string_mask=utf8only */
+ { "MIIDrTCCApWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJBVTET"
+ "MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ"
+ "dHkgTHRkMB4XDTE0MDcwMjE4MzYxMFoXDTE1MDcwMjE4MzYxMFowcjELMAkGA1UE"
+ "BhMCR1IxFTATBgNVBAgMDM6Rz4TPhM65zrrOrjETMBEGA1UEBwwKzpHOuM6uzr3O"
+ "sTEdMBsGA1UECgwUz4DOsc+BzqzOtM61zrnOs868zrExGDAWBgNVBAMMD3d3dy5l"
+ "eGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMVPuQPz"
+ "INjsiXl+GeiXMzXV1Bfm8vzbQnMLAFY/ZKKK4gpy58xcNrmur//Fd38naTM/DetO"
+ "PEoDa+vQ48CnUWCDT3CKUA3BnrjtR3/EITC7XRcfk5lyk0IZr9RZB1WedQxK1n5E"
+ "Ecz8EBrm9+1442Nmg/y1F8d/2F2CjKB+PgfOP1WWaIQcsjLsftXec+kGjc34kwbS"
+ "9D9H+bRrPVcOzBZOqC+K0K7MMOxKA5mMi4b/Nlep76gTaUyonclRIADanAyaK5WG"
+ "0IkEI/nxufaP3AcPksCbroWLTkPKIe97Yj6mnzNhK9TA9w5RgdBrjNyfrwUaYiYR"
+ "FxVJN0VrHWSsRnECAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYd"
+ "T3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFNOobRTPfoWP"
+ "EGgXVkHfwrqz7PVzMB8GA1UdIwQYMBaAFIV8JZkZ88X7MTQSsJ6/qF3KboHKMA0G"
+ "CSqGSIb3DQEBBQUAA4IBAQAam6vJUv6kcWWrEAfdnwwRmmJ4X1Jey3Sp48G35MOE"
+ "KkHtwqbtL+QU1VA2X98bEYobqZinM3e3zrlbpgbe1xoJ00MnT9CgQObXr+cum/Ql"
+ "PwWXB5fK3BrNwqRMRGc9w27FevyFeybdKhc47jEKMOANrB/aziNHaq9gBtU/HZdy"
+ "rm9TEaOHMy6vNrdpOZKpwXPxYqsQxMLpen9D64t/3P6hsV5FMQTaxSFhszidG44t"
+ "xaU4O0BOq4x//THCWguMxzO5RxW/V8wI/rkpvhAH1wljHTusnsAZea4PpstZ7+W7"
+ "43GME1DwjYdUK9HhqRNrDkiJLox4Tmegw9A7m4XLt4zu",
+ "C=GR, ST=\xce\x91\xcf\x84\xcf\x84\xce\xb9\xce\xba\xce\xae, "
+ "L=\xce\x91\xce\xb8\xce\xae\xce\xbd\xce\xb1, "
+ "O=\xcf\x80\xce\xb1\xcf\x81\xce\xac\xce\xb4\xce\xb5\xce\xb9\xce\xb3"
+ "\xce\xbc\xce\xb1, CN=www.example.com",
+ "2.5.4.6 2.5.4.8 2.5.4.7 2.5.4.10 2.5.4.3",
+ "C=AU, ST=Some-State, O=Internet Widgits Pty Ltd",
+ "2.5.4.6 2.5.4.8 2.5.4.10",
+ "2014-07-02T18:36:10.000000Z",
+ "2015-07-02T18:36:10.000000Z",
+ "www.example.com",
+ "b3b9789d8a53868f418619565f6b56af0033bdd3" },
+ /* The issuer and subject (except for the country code) is
+ * UnversalString encoded. Created with a hacked version of openssl
+ * using utf8=yes and string_mask=MASK:256. In order for that to
+ * output UniversalString encoded data you need to change the
+ * DIRSTRING_TYPE in crypto/asn1/asn1.h to be defined as
+ * B_ASN1_DIRECTORYSTRING so that UnviersalString is available to be
+ * used in the DirectoryStrings. OpenSSL by default avoids
+ * this type (for the reasonable reason that it's wasteful and
+ * UTF-8 can encoded everything it can in the most efficient way).
+ * OU uses the mathematical monospace digits 0-9 to test characters
+ * outside of the range of the Basic Multilingual Plane */
+ { "MIIEnzCCA4egAwIBAgIBATANBgkqhkiG9w0BAQUFADCBqzELMAkGA1UEBhMCQVUx"
+ "MTAvBgNVBAgcKAAAAFMAAABvAAAAbQAAAGUAAAAtAAAAUwAAAHQAAABhAAAAdAAA"
+ "AGUxaTBnBgNVBAocYAAAAEkAAABuAAAAdAAAAGUAAAByAAAAbgAAAGUAAAB0AAAA"
+ "IAAAAFcAAABpAAAAZAAAAGcAAABpAAAAdAAAAHMAAAAgAAAAUAAAAHQAAAB5AAAA"
+ "IAAAAEwAAAB0AAAAZDAeFw0xNDA3MjIyMjM3MzBaFw0xNTA3MjIyMjM3MzBaMIH8"
+ "MQswCQYDVQQGEwJHUjEhMB8GA1UECBwYAAADkQAAA8QAAAPEAAADuQAAA7oAAAOu"
+ "MR0wGwYDVQQHHBQAAAORAAADuAAAA64AAAO9AAADsTExMC8GA1UEChwoAAADwAAA"
+ "A7EAAAPBAAADrAAAA7QAAAO1AAADuQAAA7MAAAO8AAADsTExMC8GA1UECxwoAAHX"
+ "9gAB1/cAAdf4AAHX+QAB1/oAAdf7AAHX/AAB1/0AAdf+AAHX/zFFMEMGA1UEAxw8"
+ "AAAAdwAAAHcAAAB3AAAALgAAAGUAAAB4AAAAYQAAAG0AAABwAAAAbAAAAGUAAAAu"
+ "AAAAYwAAAG8AAABtMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuYUb"
+ "aNt22rsR5Qc/2zsenSvrlbvv1CwwRPNxcWTKdLl4lJEUy5YCnQXIq3qTi+eAFetQ"
+ "MwUOZem6kgNdwmGvCz3lrLwOobd1D5mG9agzKLVUVj72csbNNFzHr8z/7oaHvYYs"
+ "eYxW3oRm6vDYtHw5spXrxTzRIAnG6foxXFYAtDDHQpdjsofxqXO67aUmmGvE5ffX"
+ "gD3dvTvjejzcjjVsLQP/HG4MQOqeIyvyyHg1E3dyOrG+3qR6RN1ZveROdvU38Udm"
+ "s0KSGVX2lDLsUTQSKg5L8CLWDHqgGQWjLZQRgRiKZId/f9ubaJdLN6KfAQ3UvYAP"
+ "bKL5/k2GpsPDE21X0QIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQf"
+ "Fh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUccHhM6C7"
+ "nGMpclkG7YLIRuFueYQwHwYDVR0jBBgwFoAUz0X1b2Ok9MVVzxqxX6MgtTwSKmYw"
+ "DQYJKoZIhvcNAQEFBQADggEBAEpqEa08JkPG+XBlLemnoJsnoaRuQnLZvSCoAwIt"
+ "fugTE8686EigTZyYVFQ+GaI+EqVeiMjpAEhS3IMbhx5VIr61S3Nta2BG9OPjr4Xf"
+ "01oUeh4egL93CpIGNwu6M1SrQv2UVAKTwahxNmNuvx6Ojx5P2tne+KJtRUiwM3dE"
+ "of78/0NJD27OwjW0ruZAifF5CAR7mhy3NOMARpE2kqZk5695OF+QCahe00Y/9ulz"
+ "sCjgjpCUYv87OTbBGC5XGRd/ZopTRqtBVxpEHX/fux5/wqxBawrCuQsVw1Kfw0Ur"
+ "30aYWLsOsRwhiQkukjQfcMra1AHLujWaAHuLIDls1ozc8xo=",
+ "C=GR, ST=\xce\x91\xcf\x84\xcf\x84\xce\xb9\xce\xba\xce\xae, "
+ "L=\xce\x91\xce\xb8\xce\xae\xce\xbd\xce\xb1, "
+ "O=\xcf\x80\xce\xb1\xcf\x81\xce\xac\xce\xb4\xce\xb5\xce\xb9\xce\xb3"
+ "\xce\xbc\xce\xb1, "
+ "OU=\xf0\x9d\x9f\xb6\xf0\x9d\x9f\xb7\xf0\x9d\x9f\xb8\xf0\x9d\x9f\xb9"
+ "\xf0\x9d\x9f\xba\xf0\x9d\x9f\xbb\xf0\x9d\x9f\xbc\xf0\x9d\x9f\xbd"
+ "\xf0\x9d\x9f\xbe\xf0\x9d\x9f\xbf, "
+ "CN=www.example.com",
+ "2.5.4.6 2.5.4.8 2.5.4.7 2.5.4.10 2.5.4.11 2.5.4.3",
+ "C=AU, ST=Some-State, O=Internet Widgits Pty Ltd",
+ "2.5.4.6 2.5.4.8 2.5.4.10",
+ "2014-07-22T22:37:30.000000Z",
+ "2015-07-22T22:37:30.000000Z",
+ "www.example.com",
+ "cfa15310189cf89f1dadc9c989db46f287fff7a7"
+ },
+ /* The issuer and subject (except for the country code) is BMPString
+ * encoded. Created with openssl using utf8-yes and string_mask=MASK:2048.
+ */
+ { "MIID3zCCAsegAwIBAgIBATANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJBVTEd"
+ "MBsGA1UECB4UAFMAbwBtAGUALQBTAHQAYQB0AGUxOTA3BgNVBAoeMABJAG4AdABl"
+ "AHIAbgBlAHQAIABXAGkAZABnAGkAdABzACAAUAB0AHkAIABMAHQAZDAeFw0xNDA3"
+ "MjIyMzAyMDlaFw0xNTA3MjIyMzAyMDlaMIGBMQswCQYDVQQGEwJHUjEVMBMGA1UE"
+ "CB4MA5EDxAPEA7kDugOuMRMwEQYDVQQHHgoDkQO4A64DvQOxMR0wGwYDVQQKHhQD"
+ "wAOxA8EDrAO0A7UDuQOzA7wDsTEnMCUGA1UEAx4eAHcAdwB3AC4AZQB4AGEAbQBw"
+ "AGwAZQAuAGMAbwBtMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqzof"
+ "mf9YANAl2I5AcUjfAAJhqc2BL6z6k0J9bWyDL7DZf6AJtD5stRjs8cgiSGfJt9Cg"
+ "YQ0Cvnwz9ztNVXLliMmiJ4V0HzG80GI6SBK0PoCVbddUV/PN7REgPNjTwMYlys5w"
+ "Yt/GR8OJJV+eb02rpAfVigDlh7CFjY/uKMs2ThPi+yQb2V6qxLk3ZKIHh5IbKQjt"
+ "zIX/W1t+hiBjojnuOmhAoEefZ583k7amR5GBZO4GS5Qfj+4kjL5xiwB3bjTC8pnV"
+ "Iv4+mN2F6xKW/9IOWZtdySDADaU2ioyuMDzzjp5N5Nt0ZGhrEG2cDC3CatZaV4U7"
+ "9yBbi6kzlo3fCbCOlQIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQf"
+ "Fh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUNvwKR1v/"
+ "R0FQU1WnzqT3brNxaQQwHwYDVR0jBBgwFoAUSM/JbJVWuYFp+awSOEXZcKn1ddQw"
+ "DQYJKoZIhvcNAQEFBQADggEBABna/SiYMBJvbnI+lj7j8ddSFihaFheqtouxOB2d"
+ "tiVz5mcc5KsAFlkrxt7YcYB7SEc+K28nqGb3bfbZ18JayRBY3JS/h4WGu4eL5XkX"
+ "rceWUy60zF7DHs6p8E8HZVF1CdCC/LXr2BAdYTc/y1f37bLKVFF4mMJMP4b8/nSL"
+ "z8+oOO9CxaEjzRoCawf2+jaajXTSTDXBgIx1t6bJMAS6S6RKPaCketyAmpsOZVBS"
+ "VtBVfVIOB2zFqs6iqkXtdiOXWlZ0DBQRX0G1VD5G80RlZXs0yEfufCwLUl/TyOhM"
+ "WisUSEOzd4RlbsBj30JQkVG9+jXb2KChPkiMpg0tFi8HU3s=",
+ "C=GR, ST=\xce\x91\xcf\x84\xcf\x84\xce\xb9\xce\xba\xce\xae, "
+ "L=\xce\x91\xce\xb8\xce\xae\xce\xbd\xce\xb1, "
+ "O=\xcf\x80\xce\xb1\xcf\x81\xce\xac\xce\xb4\xce\xb5\xce\xb9\xce\xb3"
+ "\xce\xbc\xce\xb1, CN=www.example.com",
+ "2.5.4.6 2.5.4.8 2.5.4.7 2.5.4.10 2.5.4.3",
+ "C=AU, ST=Some-State, O=Internet Widgits Pty Ltd",
+ "2.5.4.6 2.5.4.8 2.5.4.10",
+ "2014-07-22T23:02:09.000000Z",
+ "2015-07-22T23:02:09.000000Z",
+ "www.example.com",
+ "6e2cd969350979d3741b9abb66c71159a94ff971"
+ },
+ /* The issuer and subject (except for the country code) is T61String
+ * (aka TeletexString) encoded. Created with openssl using utf8=yes
+ * and string_mask=MASK:4. Note that the example chosen specifically
+ * includes the Norwegian OE (slashed O) to highlight that this is
+ * being treated as ISO-8859-1 despite what the X.509 says.
+ * See the following for the horrible details on
+ * this encoding: https://www.cs.auckland.ac.nz/~pgut001/pubs/x509guide.txt
+ */
+ { "MIIDnTCCAoWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJBVTET"
+ "MBEGA1UECBQKU29tZS1TdGF0ZTEhMB8GA1UEChQYSW50ZXJuZXQgV2lkZ2l0cyBQ"
+ "dHkgTHRkMB4XDTE0MDcyMjIzNDQxOFoXDTE1MDcyMjIzNDQxOFowYjELMAkGA1UE"
+ "BhMCTk8xGDAWBgNVBAgUD034cmUgb2cgUm9tc2RhbDEQMA4GA1UEBxQHxWxlc3Vu"
+ "ZDENMAsGA1UEChQEZPhtZTEYMBYGA1UEAxQPd3d3LmV4YW1wbGUuY29tMIIBIjAN"
+ "BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz8uD5f2KRXvB//mKOpCXM3h/MOjK"
+ "xUgC4TIHi3BmnYR0IDElMPJrC263/eU0hKycyegyMjXkwIN5eEx4/Nl///RrzJBQ"
+ "+uXKfEJ4hTJ5x1uUYxhmtq4djZFxfjFH5yobT/LRDkEw9b/+NiRb30P+WrxhrAKW"
+ "7GRsE2pIdPdbM2IB5v/wORB4TK0kLYkmeEPWNJd63SmX4BEC6dRAaMxLIXKn75r5"
+ "GhMHKbUdt2Yy+5s0JlN9hMWqhnavCmGquzl7y/1E1OOUIm0jhL0sJn6wVTc+UO+Q"
+ "7u/w0xf38J8SU7lW6zbcQyYaSIQCMikgpprUSXdQZZUZGmHS7Gis39SiLwIDAQAB"
+ "o3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRl"
+ "ZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUQa2QLy+4QUH8hKNdR2LcvDKYImcwHwYD"
+ "VR0jBBgwFoAUpX6YP04yWqNiziUM7h0KgrRHMF4wDQYJKoZIhvcNAQEFBQADggEB"
+ "AElYUTQp5MOQk+ykIV0MHTw9OsEvLc1ZDmChls5WKYAu6KWgBbcjcTlkTpDlydrO"
+ "6JFxvCCg0K13dYOI3K/O9icGRauIrxrJOTtaIMryj7F51C52TOVPzkjL05eZTh+q"
+ "MmP3KI3uYSpXI6D6RI6hOKIRnFiUOQuXW3I8Z7s03KScBc9PSsVrMBLBz/Vpklaf"
+ "Tv/3jVBVIZwCW67SnFQ+vqEzaM4Ns2TBodlVqB1w0enPpow8bNnUwElLQJx3GXnl"
+ "z0JTpA6AwIRCF8n+VJgNN218fo2t2vvDDW/cZ+XMXzGNVhAqQ1F8B36esxy3P8+o"
+ "Bcwx241dxeGSYFHerqrTJIU=",
+ "C=NO, ST=M\xc3\xb8re og Romsdal, L=\xc3\x85lesund, O=d\xc3\xb8me, "
+ "CN=www.example.com",
+ "2.5.4.6 2.5.4.8 2.5.4.7 2.5.4.10 2.5.4.3",
+ "C=AU, ST=Some-State, O=Internet Widgits Pty Ltd",
+ "2.5.4.6 2.5.4.8 2.5.4.10",
+ "2014-07-22T23:44:18.000000Z",
+ "2015-07-22T23:44:18.000000Z",
+ "www.example.com",
+ "787d1577ae77b79649d8f99cf4ed58a332dc48da"
+ },
+ /* Certificate with several Subject Alt Name dNSNames. Note that
+ * the CommonName is not duplicated in the Subject Alt Name to
+ * test that the Common Name is excluded when Subject Alt Name
+ * exists. */
+ { "MIIEMTCCAxmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJBVTET"
+ "MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ"
+ "dHkgTHRkMRwwGgYDVQQDExNJbnRlcm5ldCBXaWRnaXRzIENBMB4XDTE0MDcyNTE3"
+ "NDEwNFoXDTE1MDcyNTE3NDEwNFowdDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldh"
+ "c2hpbmd0b24xEzARBgNVBAcTCk5vcnRoIEJlbmQxITAfBgNVBAoTGEludGVybmV0"
+ "IFdpZGdpdHMgUHR5IEx0ZDEYMBYGA1UEAxMPd3d3LmV4YW1wbGUuY29tMIIBIjAN"
+ "BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxlryoK6hMhGI/UlHi7v1m+Z3tCvg"
+ "ZG1twDFNvBACpFVbJtC/v+fiy1eG7ooZ1PsdCINQ1iXLh1igevlw/4w6iTDpeSZg"
+ "OCPYqK6ejnS0bKtSB4TuP8yiQtqwaVz4yPP88lXuQJDRJzgaAR0VAhooLgEpl1z1"
+ "n9wQO15AW5swzpKcEOi4n6Zmf1t7oxOt9awAOhkL1FfFwkpbiK9yQv3TPVo+xzbx"
+ "BJxwx55RY8Dpiu0kuiTYWsd02pocb0uIqd7a5B4y05PhJseqwyX0Mw57HBBnbru1"
+ "lCetP4PkoM2gf7Uoj9e61nmM1mustKTIPvh7tZHWW3UW9JxAFG+6FkKDewIDAQAB"
+ "o4HeMIHbMAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJh"
+ "dGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBQ4A9k8VwI0wv7u5rB4+1D9cuHiqTAf"
+ "BgNVHSMEGDAWgBS6O+MdRDDrD715AXdrnuNZ7wDSyjALBgNVHQ8EBAMCBeAwUwYD"
+ "VR0RBEwwSoINKi5leGFtcGxlLmNvbYIRKi5mb28uZXhhbXBsZS5jb22CESouYmFy"
+ "LmV4YW1wbGUuY29tghN6aWctemFnLmV4YW1wbGUuY29tMA0GCSqGSIb3DQEBBQUA"
+ "A4IBAQAf4IrSOL741IUkyFQrDdof39Cp87VdNEo4Bl8fUSuCjqZONxJfiAFx7GcB"
+ "Cd7h7Toe6CYCeQLHSEXQ1S1eWYLIq0ZoP3Q/huJdoH7yskDyC5Faexph0obKM5hj"
+ "+EYGW2W/UYBzEZai+eePBovARDlupiMaTJGvtdU/AcgMhXCoGNK6egesXoiNgfFh"
+ "h+lXUNWUWm2gZlKwRJff8tkR7bIG7MGzyL6Rqav2/tQdbFVXN5AFPdYPFLf0Vo5m"
+ "eGYM87TILfSo7n7Kh0aZovwcuF/vPUWRJl3B1HaPt9k6DhcFyAji0SJyZWyM4v88"
+ "GSq5Dk8dnTdL2otToll+r4IqFLlp",
+ "C=US, ST=Washington, L=North Bend, O=Internet Widgits Pty Ltd, "
+ "CN=www.example.com",
+ "2.5.4.6 2.5.4.8 2.5.4.7 2.5.4.10 2.5.4.3",
+ "C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=Internet Widgits CA",
+ "2.5.4.6 2.5.4.8 2.5.4.10 2.5.4.3",
+ "2014-07-25T17:41:04.000000Z",
+ "2015-07-25T17:41:04.000000Z",
+ "*.example.com, *.foo.example.com, *.bar.example.com, zig-zag.example.com",
+ "9c365d27b7b6cc438576a8e465685ea7a4f61129"
+ },
+ /* This is a CA cert that has a Common Name that doesn't look like
+ * a hostname. Make sure that the hostnames field remains blank for it. */
+ { "MIIEEjCCAvqgAwIBAgIJAKJarRWbvbCjMA0GCSqGSIb3DQEBBQUAMGMxCzAJBgNV"
+ "BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX"
+ "aWRnaXRzIFB0eSBMdGQxHDAaBgNVBAMTE0ludGVybmV0IFdpZGdpdHMgQ0EwHhcN"
+ "MTQwNzI1MTc0MTAzWhcNMjQwNzIyMTc0MTAzWjBjMQswCQYDVQQGEwJBVTETMBEG"
+ "A1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkg"
+ "THRkMRwwGgYDVQQDExNJbnRlcm5ldCBXaWRnaXRzIENBMIIBIjANBgkqhkiG9w0B"
+ "AQEFAAOCAQ8AMIIBCgKCAQEAv0f0TAiE13WHaFv8j6M9uuniO40+Aj8cuhZtJ1GC"
+ "GI/mW56wq2BJrP6N4+jyxYbZ/13S3ypPu+N087Nc/4xaPtUD/eKqMlU+o8gHM/Lf"
+ "BEs2dUuBsvkNM0KoC04NPNTOYDnfHOrzx8iHhqlDedwmP8FeQn3rNS8k4qDyJpG3"
+ "Ay8ICz5mB07Cy6NISohTxMtatfW5yKmhnhiS92X42QAEgI1pGB7jJl1g3u+KY1Bf"
+ "/10kcramYSYIM1uB7XHQjZI4bhEhQwuIWePMOSCOykdmbemM3ijF9f531Olq+0Nz"
+ "t7lA1b/aW4PGGJsZ6uIIjKMaX4npP+HHUaNGVssgTnTehQIDAQABo4HIMIHFMB0G"
+ "A1UdDgQWBBS6O+MdRDDrD715AXdrnuNZ7wDSyjCBlQYDVR0jBIGNMIGKgBS6O+Md"
+ "RDDrD715AXdrnuNZ7wDSyqFnpGUwYzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNv"
+ "bWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEcMBoG"
+ "A1UEAxMTSW50ZXJuZXQgV2lkZ2l0cyBDQYIJAKJarRWbvbCjMAwGA1UdEwQFMAMB"
+ "Af8wDQYJKoZIhvcNAQEFBQADggEBAI442H8CpePFvOtdvcosu2N8juJrzACuayDI"
+ "Ze32EtHFN611azduqkWBgMJ3Fv74o0A7u5Gl8A7RZnfBTMX7cvpfHvWefau0xqgm"
+ "Mn8CcTUGel0qudCCMe+kPppmkgNaZFvawSqcAA/u2yni2yx8BakYYDZzyfmEf9dm"
+ "hZi5SmxFFba5UhNKOye0GKctT13s/7EgfFNyVhZA7hWU26Xm88QnGnN/qxJdpq+e"
+ "+Glctn9tyke4b1VZ2Yr+R4OktrId44ZQcRD44+88v5ThP8DQsvkXcjREMFAIPkvG"
+ "CEDOIem4l9KFfnsHn8/4KvoBRkmCkGaSwOwUdUG+jIjBpY/82kM=",
+ "C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=Internet Widgits CA",
+ "2.5.4.6 2.5.4.8 2.5.4.10 2.5.4.3",
+ "C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=Internet Widgits CA",
+ "2.5.4.6 2.5.4.8 2.5.4.10 2.5.4.3",
+ "2014-07-25T17:41:03.000000Z",
+ "2024-07-22T17:41:03.000000Z",
+ NULL,
+ "b9decce236aa1da07b2bf088160bffe1469b9a4a"
+ },
+ /* Cert with a IP SAN entry. Make sure we properly skip them. */
+ { "MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJBVTET"
+ "MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ"
+ "dHkgTHRkMRwwGgYDVQQDExNJbnRlcm5ldCBXaWRnaXRzIENBMB4XDTE0MDcyNTE4"
+ "NDMyOFoXDTE1MDcyNTE4NDMyOFowczELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldh"
+ "c2hpbmd0b24xEzARBgNVBAcTCk5vcnRoIEJlbmQxITAfBgNVBAoTGEludGVybmV0"
+ "IFdpZGdpdHMgUHR5IEx0ZDEXMBUGA1UEAxMOaXAuZXhhbXBsZS5jb20wggEiMA0G"
+ "CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXKkSxg89tu5/n+lIC8ajj1T9vsO5B"
+ "nRH5Sne7UPc6pGMTNFi1MOVjdDWkmuCUzoI+HKLDc69/4V5RU12N1QNgsgcOzCSo"
+ "qgxa+dQk2s1shz1zhyaHkpdeMZU3/p9D4v+nRGAdYifwl/VOTwjWWucNzHDBwvb6"
+ "+Wm4pXE94Y5p8fY/lZi7VgtxdoPdSHGkIAps8psZGPjqKpLEjnLMp1n0v9cZhBF6"
+ "OoMUZpQuwcjT8vMQppgIWhZFLiH2jn7FTYWZyB0Dh9nMd097NQA87VtVfNc+g0oY"
+ "qLe3YldJgvVfyeSLhnyv68fBfGcTj310pNrGeE/m4tyxupiUT8BitfxPAgMBAAGj"
+ "geQwgeEwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0"
+ "ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFI09JZlhKV44Z+I5d58V/ZDqQ7yZMB8G"
+ "A1UdIwQYMBaAFDjQVnIU9pQI1nM8jjmxYiicMTdGMAsGA1UdDwQEAwIF4DBZBgNV"
+ "HREEUjBQgg0qLmV4YW1wbGUuY29tghEqLmZvby5leGFtcGxlLmNvbYcEfwAAAYIR"
+ "Ki5iYXIuZXhhbXBsZS5jb22CE3ppZy16YWcuZXhhbXBsZS5jb20wDQYJKoZIhvcN"
+ "AQEFBQADggEBAEK+XIGwavf+5Ht44ifHrGog0CDr4ESg7wFjzk+BJwYDtIPp9b8A"
+ "EG8qbfmOS+2trG3zc74baf2rmrfn0YGZ/GV826NMTaf7YU1/tJQTo+RX9g3aHg6f"
+ "pUBfIyAV8ELq84sgwd1PIgleVgIiDrz+a0UZ05Z5S+GbR2pwNH6+fO0O5E9clt2a"
+ "Cute1UMBqAMGKiFaP8HD6SUFTdTKZNxHtQzYmmuvoC1nzVatMFdkTuQgSQ/uNlzg"
+ "+yUFoufMZhs3gPx9PfXGOQ7f3nKE+WCK4KNGv+OILYsk4zUjMznfAwBRs9PyITN2"
+ "BKe64WsF6ZxTq3zLVGy5I8LpbtlvSmAaBp4=",
+ "C=US, ST=Washington, L=North Bend, O=Internet Widgits Pty Ltd, "
+ "CN=ip.example.com",
+ "2.5.4.6 2.5.4.8 2.5.4.7 2.5.4.10 2.5.4.3",
+ "C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=Internet Widgits CA",
+ "2.5.4.6 2.5.4.8 2.5.4.10 2.5.4.3",
+ "2014-07-25T18:43:28.000000Z",
+ "2015-07-25T18:43:28.000000Z",
+ "*.example.com, *.foo.example.com, *.bar.example.com, zig-zag.example.com",
+ "3525fb617c232fdc738d736c1cbd5d97b19b51e4"
+ },
+ /* Cert with the signature algorithm OID set to sha1WithRSA instead of
+ * sha1WithRSAEncryption. Both have the same meaning but the sha1WithRSA
+ * doesn't seem to be used anymore and is shorter */
+ { "MIIDgDCCAmygAwIBAgIBATAJBgUrDgMCHQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYD"
+ "VQQIFApTb21lLVN0YXRlMSEwHwYDVQQKFBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBM"
+ "dGQwHhcNMTQwODE4MDk1OTQ1WhcNMTUwODE4MDk1OTQ1WjBNMQswCQYDVQQGEwJV"
+ "SzEQMA4GA1UECBQHRW5nbGFuZDESMBAGA1UEBxQJU2hlZmZpZWxkMRgwFgYDVQQD"
+ "FA93d3cuZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB"
+ "AQCkvtieKg33RSzhn5JMDPPRlDS8Q16CN96A4lLI9YrJCy33z46PrbR2mq2hOz5l"
+ "MdgbAaRF0MUGhcKv4msJ0bsWhkybaSBAVgnoC7ObQWPNF7ppMzUjeDAlUBXNfheR"
+ "ZcgcgGWqUkoB1uUMhvmVuPrzvxn+WCwyoP6zQCviYLsR8AygGQgdhV6c9wJ/x9HS"
+ "MRUvUOeo7SCmx9GK5Hc11QV2K3rwKXABeAxXNzbyQe7hFfQYCI2SB5s3bEnhIvg7"
+ "BG0BQmoprHjXWBftc0+msKQTFw7+jZ21NsfwGoPonuVsCOJjJ51jp2oKqk3b1GGc"
+ "DEmmMQ0JtqfHO5a7JACBaHbTAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4"
+ "QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBSo"
+ "jICtcIgZL6OCCB5BJ5PGf1UIyTAfBgNVHSMEGDAWgBT5KQMLMylrXSQvhMtONHZc"
+ "22Jm9TAJBgUrDgMCHQUAA4IBAQCvCJ4i2kRzSRhnlDxd0UbQtytVIJFFJlfREPTM"
+ "j8+VqqtCVyPSX8T5NU+HCiEmhVrTlm/W0i8ygJXr8izyIMGRqbyhn2M9b8hAY6Jl"
+ "0edztu/FV/YHsJbPznWkXWpMMaXDEX4wI329f5odccIbB5VSaaoAdKZ6Ne4nf6oV"
+ "95KRFWkXoYjm24TnpALsNnK1Kjjed6h5ApB+IANOpXYFbGcsfbuKhWbFd2nd6t5U"
+ "NpUcv4H9Tgdl6KgrfsbQtAeouWCgoiNzrul8FOaQTdJLZfCsjuE+IkGpM+DX8PiF"
+ "5M41EqkSKia8sChFIln+lkRY41OWP9uQ1VXCfdRIzOnXWh9U",
+ "C=UK, ST=England, L=Sheffield, CN=www.example.com",
+ "2.5.4.6 2.5.4.8 2.5.4.7 2.5.4.3",
+ "C=AU, ST=Some-State, O=Internet Widgits Pty Ltd",
+ "2.5.4.6 2.5.4.8 2.5.4.10",
+ "2014-08-18T09:59:45.000000Z",
+ "2015-08-18T09:59:45.000000Z",
+ "www.example.com",
+ "0e0869961d508b13bb22aa8da675b2e9951c0e70"
+ },
+ /* X.509 v1 certificate, we used to crash on these prior to r1619861. */
+ { "MIIDDTCCAfUCAQEwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQVUxEzARBgNV"
+ "BAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0"
+ "ZDAeFw0xNTAxMTkyMjEyNDhaFw0xNjAxMTkyMjEyNDhaMFQxCzAJBgNVBAYTAlVT"
+ "MRMwEQYDVQQIEwpXYXNoaW5ndG9uMRMwEQYDVQQHEwpOb3J0aCBCZW5kMRswGQYD"
+ "VQQDExJ4NTA5djEuZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw"
+ "ggEKAoIBAQDniW3DmGGtA0MoYqE9H55/RmjtTJD2WVmM/STEsw+RW74UGsZ62qfi"
+ "ADedl4ukZYKlk3TwJrGEwDBKOMWHuzCYVxhclyHkHwX7QqamvZRgaOonEu82KHuE"
+ "dZo4FhOWDC9D0yS4RFbfqvSu/JG19FYsnRQn1RPFYji6jG9TRwavplVBiMhR68kc"
+ "8HTW1Wu7uJ5SV0UtTicFes8MGek3+zWceGt+Egwd2UlIYXwTPzB5m7UPuufEdvFL"
+ "ED3pusVatohFzjCbYsuJIR5ppYd49uTxPWGvRidJ2C8GbDf9PCgDduS0Gz91Txnw"
+ "h+WiVYCQ6SxAJWp/xeZWE71k88N0vJEzAgMBAAEwDQYJKoZIhvcNAQEFBQADggEB"
+ "ABoBaObsHnIrkd3RvvGb5q7fnEfiT1DXsufS3ypf4Z8IST/z+NeaUaiRN1oLcvDz"
+ "qC7ygTYZ2BZoEw3ReCGqQWT4iYET+lH8DM+U5val3gVlSWqx1jj/wiV1OAxQsakM"
+ "BnmNs/MDshiv54irvSlqnxEp2o/BU/vMrN656C5DJkZpYoMpIWxdFnd+bzNzuN1k"
+ "pJfTjzWlGckKfdblNPOfdtccTqtQ5d4mWtYNJ8DfL5rRRwCuzXvZtbVHKxqkXaXr"
+ "CYUfFUobapgPfvvMc1QcDY+2nvhC2ij+HAPIHgZPuzJsjZRC1zwg074cfgjZbgbm"
+ "R0HVF486p3vS8HFv4lndRZA=",
+ "C=US, ST=Washington, L=North Bend, CN=x509v1.example.com",
+ "2.5.4.6 2.5.4.8 2.5.4.7 2.5.4.3",
+ "C=AU, ST=Some-State, O=Internet Widgits Pty Ltd",
+ "2.5.4.6 2.5.4.8 2.5.4.10",
+ "2015-01-19T22:12:48.000000Z",
+ "2016-01-19T22:12:48.000000Z",
+ "x509v1.example.com",
+ "5730dd65a7f77fdf0dfd90e5a53119f38854af29"
+ },
+ /* X.509 v1 certificate with an X.509 v3 Subject Alternative Name
+ * extension. Although these are ill-formed per RFC 5280 s. 4.1, we
+ * suspect that they could exist in the real world. Make sure we do
+ * not error out, and that we pick up SAN (b.example.com) from the
+ * extension. */
+ { "MIIDLzCCAhcCAQ8wDQYJKoZIhvcNAQEFBQAwKzEpMCcGA1UEAwwgSW50ZXJuZXQg"
+ "V2lkZ2l0cyBJbnRlcm1lZGlhdGUgQ0EwHhcNMTUwMTI5MDAzMzU1WhcNMTYwMTI5"
+ "MDAzMzU1WjByMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjETMBEG"
+ "A1UEBwwKTm9ydGggQmVuZDEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkg"
+ "THRkMRYwFAYDVQQDDA1hLmV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC"
+ "AQ8AMIIBCgKCAQEAs0hj2xPRQZpecqk0Ih1l4juAuQZeSgv3yD/VtSq/9sTBH6iA"
+ "4XjJQcHROYxYaK0QS/qlCjpl+Q3mOaVIu+59TLy3T2YVgqMYmgB453ntuJPkdF1C"
+ "fJ2j19YAQZHHdOFaP1G+auBwjmHns3+MkG4s7EPuJP7TBCcSFlOmz5D4GUui3NVG"
+ "LBYUog1ZhF4oe/7d4jc2Cn8uypNT/Hc1ViIlCT4rFoAirv9Uob+4zjQ3Z18I1Ql1"
+ "t8oszVCj3kKDboEty2RduwPLx/2ztWYBCvFhd49JGdi/nzMi+j2d5HCI3V8W06pN"
+ "mvrVU4G0ImVRa8wpmQCSm2Tp0s42FAVHWw8yMwIDAQABoxwwGjAYBgNVHREEETAP"
+ "gg1iLmV4YW1wbGUuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQDI/n0NYakuRP/485/A"
+ "dan71qBy3sljjOreq71IfBdtq+GEjCL1B0TD0V338LXki9NicCLeD/MWfceDjV0u"
+ "AjPTxaZEn/NWqXo0mpNC535Y6G46mIHYDGC8JyvCJjaXF+GVstNt6lXzZp2Yn3Si"
+ "K57uVb+zz5zAGSO982I2HACZPnF/oAtp7bwxzwvBsLqSLw3hh0ATVPp6ktE+WMoI"
+ "X75CVcDmU0zjXqzKiFPKeTVjQG6YxgvplMaag/iNngkgEhX4PIrxdIEsHf8l9ogC"
+ "dz51MFxetsC4D2KRq8IblF9i+9r3hlv+Dbf9ovYe9Hu0usloSinImoWOw42iWWmP"
+ "vT4l",
+ "C=US, ST=Washington, L=North Bend, O=Internet Widgits Pty Ltd, "
+ "CN=a.example.com",
+ "2.5.4.6 2.5.4.8 2.5.4.7 2.5.4.10 2.5.4.3",
+ "CN=Internet Widgits Intermediate CA",
+ "2.5.4.3",
+ "2015-01-29T00:33:55.000000Z",
+ "2016-01-29T00:33:55.000000Z",
+ "b.example.com",
+ "47fa5c76fee6e21e37def6da3746bba84a5a09bf"
+ },
+ /* X.509 certificate with multiple Relative Distinguished Names
+ * Borrowed form the Chromium test suite see thier bug here
+ * https://code.google.com/p/chromium/issues/detail?id=101009
+ */
+ { "MIICsDCCAhmgAwIBAgIJAO9sL1fZ/VoPMA0GCSqGSIb3DQEBBQUAMHExbzAJBgNV"
+ "BAYTAlVTMA8GA1UECgwIQ2hyb21pdW0wFgYKCZImiZPyLGQBGRYIQ2hyb21pdW0w"
+ "GgYDVQQDDBNNdWx0aXZhbHVlIFJETiBUZXN0MB0GA1UECwwWQ2hyb21pdW0gbmV0"
+ "X3VuaXR0ZXN0czAeFw0xMTEyMDIwMzQ3MzlaFw0xMjAxMDEwMzQ3MzlaMHExbzAJ"
+ "BgNVBAYTAlVTMA8GA1UECgwIQ2hyb21pdW0wFgYKCZImiZPyLGQBGRYIQ2hyb21p"
+ "dW0wGgYDVQQDDBNNdWx0aXZhbHVlIFJETiBUZXN0MB0GA1UECwwWQ2hyb21pdW0g"
+ "bmV0X3VuaXR0ZXN0czCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnSMQ7YeC"
+ "sOuk+0n128F7TfDtG/X48sG10oTe65SC8N6LBLfo7YYiQZlWVHEzjsFpaiv0dx4k"
+ "cIFbVghXAky/r5qgM1XiAGuzzFw7R27cBTC9DPlRwHArP3CiEKO3iz8i+qu9x0il"
+ "/9N70LcSSAu/kGLxikDbHRoM9d2SKhy2LGsCAwEAAaNQME4wHQYDVR0OBBYEFI1e"
+ "cfoqc7qfjmMyHF2rh9CrR6u3MB8GA1UdIwQYMBaAFI1ecfoqc7qfjmMyHF2rh9Cr"
+ "R6u3MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAGKwN01A47nxVHOkw"
+ "wFdbT8t9FFkY3pIg5meoqO3aATNaSEzkZoUljWtWgWfzr+n4ElwZBxeYv9cPurVk"
+ "a+wXygzWzsOzCUMKBI/aS8ijRervyvh6LpGojPGn1HttnXNLmhy+BLECs7cq6f0Z"
+ "hvImrEWhD5uZGlOxaZk+bFEjQHA=",
+ "C=US, O=Chromium, 0.9.2342.19200300.100.1.25=Chromium, "
+ "CN=Multivalue RDN Test, OU=Chromium net_unittests",
+ "2.5.4.6 2.5.4.10 0.9.2342.19200300.100.1.25 2.5.4.3 2.5.4.11",
+ "C=US, O=Chromium, 0.9.2342.19200300.100.1.25=Chromium, "
+ "CN=Multivalue RDN Test, OU=Chromium net_unittests",
+ "2.5.4.6 2.5.4.10 0.9.2342.19200300.100.1.25 2.5.4.3 2.5.4.11",
+ "2011-12-02T03:47:39.000000Z",
+ "2012-01-01T03:47:39.000000Z",
+ NULL,
+ "99302ca2824f585a117bb41302a388daa0519765"
+ },
+ /* certificate with subject that includes an attribute that has an
+ * object id that has leading zeros. This isn't technically legal
+ * but a simplistic parser might parser it the same as an object
+ * id that doesn't have a leading zero. In this case the object id
+ * with a leading zero could parse to the same object id as the
+ * Common Name. Make sure we don't treat it as such. */
+ { "MIIDDjCCAfYCAQEwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQVUxEzARBgNV"
+ "BAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0"
+ "ZDAeFw0xNTAxMjcwNzQ5MDhaFw0xNjAxMjcwNzQ5MDhaMFUxCzAJBgNVBAYTAlVT"
+ "MRMwEQYDVQQIEwpXYXNoaW5ndG9uMRMwEQYDVQQHEwpOb3J0aCBCZW5kMRwwGgYE"
+ "VQSAAxMSbm90YWNuLmV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A"
+ "MIIBCgKCAQEAvXCJv0gr9d3GNYiukPrbse0FdXmuBx2mPf665WyZVHk9JiPnDcb2"
+ "ng8gHLgJe8izou6I0vN2iJgy91rUPvX9zA3qVhml+cboVY2jHCPWo/v5PQsXAgLV"
+ "5gVjp2POn3N0O1xcS1yNe249LkP0Di3kAMp5gkzdprm3fD3JDW1Q+ocQylnbjzG0"
+ "FtNQSUJLITvPXjR7ny46Fci2mv8scHOvlEXTK5/2RoBaoK2jWQimqGfFj1sr1vqZ"
+ "Wcb6NAdZso64Xg1V6CWX8zymlA7gAhTQWveq+ovUWcXpmR8aj9pYNuy0aZW3BANz"
+ "N6L0G7OZiVUvvzpfnn0V3Z/sR/iQs7q3nQIDAQABMA0GCSqGSIb3DQEBBQUAA4IB"
+ "AQACZwruCiesCRkT08AtHl0WQnQui58e9/7En+iqxNQO6+fx84SfWGcUFYZtvzdO"
+ "KkHNTs06km+471OjLSDcotRkdqO1JxQCkNxbrPat7T6FrO9n2JFivx6eijRqK/jB"
+ "cBYW92dK4BfXU4+FyeB2OIpyPjuqLU2j7S5p7qNU50i/1J7Qt669nXeaPINIfZdW"
+ "sDjjWkFR1VOgXS/zeu/GOxlQFmmcde+X/qkFI+L352VX7Ktf95j4ms4vG2yZgNfe"
+ "jbNb9a7LMcqlop/PlX5WBGv8GGKUNZO0LvukFYOULf1oL8VQsN0x/gRHGC7m9kVM"
+ "3hojWZDXAY4mYqdBCRX7/gkt",
+ "C=US, ST=Washington, L=North Bend, 2.5.4.03=notacn.example.com",
+ "2.5.4.6 2.5.4.8 2.5.4.7 2.5.4.03",
+ "C=AU, ST=Some-State, O=Internet Widgits Pty Ltd",
+ "2.5.4.6 2.5.4.8 2.5.4.10",
+ "2015-01-27T07:49:08.000000Z",
+ "2016-01-27T07:49:08.000000Z",
+ NULL,
+ "6f24b834ba00fb4ef863df63b8fbeddab25e4838"
+ },
+ /* certificate with subject that includes an attribute that has an
+ * object id that has an overflow such that it calculates to
+ * the same object id as the Common Name (2.5.4.3). OpenSSL
+ * with its bignum support shows this as 2.5.4.2361183241434822606851.
+ * It would be wrong to display this as a Common Name to the user. */
+ { "MIIDGTCCAgECAQEwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQVUxEzARBgNV"
+ "BAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0"
+ "ZDAeFw0xNTAxMjcwODMxNDNaFw0xNjAxMjcwODMxNDNaMGAxCzAJBgNVBAYTAlVT"
+ "MRMwEQYDVQQIEwpXYXNoaW5ndG9uMRMwEQYDVQQHEwpOb3J0aCBCZW5kMScwJQYN"
+ "VQSCgICAgICAgICAAxMUb3ZlcmZsb3cuZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3"
+ "DQEBAQUAA4IBDwAwggEKAoIBAQDHL1e8zSPyRND3tI42Vqca2FoCiWn881Czv2ct"
+ "tGFwyjUM8R1yHXEP+doS9KN9L29xRWZRxyCQ18S+QbjNQCh6Ay22qnkBu0uPdVB6"
+ "iIVKiW9RzU8dZSFMnveUZYLloG12kK++ooJGIstTJwkI8Naw1X1D29gZaY9oSKAc"
+ "Gs5c92po61RoetB744dUfUbAXi8eEd4ShdsdnCoswpEI4WTLdYLZ/cH/sU1a5Djm"
+ "cAfEBzZSOseEQSG7Fa/HvHyW+jDNnKG2r73M45TDcXAunSFcAYl1ioBaRwwdcTbK"
+ "SMGORThIX5UwpJDZI5sTVmTTRuCjbMxXXki/g9fTYD6mlaavAgMBAAEwDQYJKoZI"
+ "hvcNAQEFBQADggEBABvZSzFniMK4lqJcubzzk410NqZQEDBxdNZTNGrQYIDV8fDU"
+ "LLoQ2/2Y6kOQbx8r3RNcaJ6JtJeVqAq05It9oR5lMJFA2r0YMl4eB2V6o35+eaKY"
+ "FXrJzwx0rki2mX+iKsgRbJTv6mFb4I7vny404WKHNgYIfB8Z5jgbwWgrXH9M6BMb"
+ "FL9gZHMmU+6uqvCPYeIIZaAjT4J4E9322gpcumI9KGVApmbQhi5lC1hBh+eUprG7"
+ "4Brl9GeCLSTnTTf4GHIpqaUsKMtJ1sN/KJGwEB7Z4aszr80P5/sjHXOyqJ78tx46"
+ "pwH7/Fx0pM7nZjJVGvcxGBBOMeKy/o2QUVvEYPU=",
+ "C=US, ST=Washington, L=North Bend, \?\?=overflow.example.com",
+ "2.5.4.6 2.5.4.8 2.5.4.7 \?\?",
+ "C=AU, ST=Some-State, O=Internet Widgits Pty Ltd",
+ "2.5.4.6 2.5.4.8 2.5.4.10",
+ "2015-01-27T08:31:43.000000Z",
+ "2016-01-27T08:31:43.000000Z",
+ NULL,
+ "c1f063daf23e402fe58bab1a3fa2ba05c1106158"
+ },
+ /* certificate with multiple common names, make sure this behaves
+ * the same way as serf. */
+ { "MIIDJjCCAg4CAQEwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQVUxEzARBgNV"
+ "BAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0"
+ "ZDAeFw0xNTAxMjExNzUwMDZaFw0xNjAxMjExNzUwMDZaMG0xCzAJBgNVBAYTAlVT"
+ "MRMwEQYDVQQIEwpXYXNoaW5ndG9uMRMwEQYDVQQHEwpOb3J0aCBCZW5kMRkwFwYD"
+ "VQQDExBnb29kLmV4YW1wbGUuY29tMRkwFwYDVQQDExBldmlsLmV4YW1wbGUuY29t"
+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5pfrXkiiDGCWSYhMQNHJ"
+ "gNBLEBNcFzsGpW8i6rMKVephwG7p4VqIvc0pSsmpD9IYuIxxq/2E2cziaTWyqCBp"
+ "hKKipqt8eMcu6u45LduHGiCcnN7rHORbQZTdvwzTmiVN1eI1oCVejB4zgHNkHUko"
+ "DyaALCHGRz8l7Qq6hSbiOnhH1qlscIIEsgQEyDlMZpbsWVTQKPxluhtgqVEn7wPN"
+ "qScrf2evq050NuNYYFzCmuqOGKq2gKbD/BlUqCNmEM2JPg/bdcAQxFCf0HcvDiS9"
+ "e29suMKWZAzJkbzrWhlDMG1Xt5c7dd82PcGwnL//Q7muE57luCw38Gp2vQQ3/Uki"
+ "vQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQBry9wfxYia/dCSKvDXOBKUgWFQtI8j"
+ "7vYHuouTvIb5m6b62kiUdtuaVKi3jnUbHUFohOi/6o+HIwbXSgz5CbiLjgUvONBU"
+ "BLekaguIYX9tTmg+vhWchcmVMHufj6HdQkzWtyojSQD9GjHGInNDG102KlN1cdL8"
+ "jGTrru4vnef+xA24EvYPdcS2+H2yYH0THL3JPKo1GtO4NCEGWQbS6Ygwcy+BQpbU"
+ "TBIWhlbleuCalB8qhWyijcHeszT7mFR0CarEaSLeZj6FaQpZB636iHuELmxcgiFw"
+ "j3r3QZyAMEGvPPBPKYSTgmol31pX9LYvuFGA9ADQ2in/n9WdMfYzFzOn",
+ "C=US, ST=Washington, L=North Bend, "
+ "CN=good.example.com, CN=evil.example.com",
+ "2.5.4.6 2.5.4.8 2.5.4.7 2.5.4.3 2.5.4.3",
+ "C=AU, ST=Some-State, O=Internet Widgits Pty Ltd",
+ "2.5.4.6 2.5.4.8 2.5.4.10",
+ "2015-01-21T17:50:06.000000Z",
+ "2016-01-21T17:50:06.000000Z",
+ "good.example.com",
+ "9693f17e59205f41ca2e14450d151b945651b2d7"
+ },
+ { NULL }
+};
+
+static svn_error_t *
+compare_dates(const char *expected,
+ apr_time_t actual,
+ const char *type,
+ const char *subject,
+ apr_pool_t *pool)
+{
+ apr_time_t expected_tm;
+
+ if (!actual)
+ return svn_error_createf(SVN_ERR_TEST_FAILED, NULL,
+ "No %s for cert '%s'", type, subject);
+
+ SVN_ERR(svn_time_from_cstring(&expected_tm, expected, pool));
+ if (!expected_tm)
+ return svn_error_createf(SVN_ERR_TEST_FAILED, NULL,
+ "Problem converting expected %s '%s' to text "
+ "output for cert '%s'", type, expected,
+ subject);
+
+ if (expected_tm != actual)
+ return svn_error_createf(SVN_ERR_TEST_FAILED, NULL,
+ "The %s didn't match expected '%s',"
+ " got '%s' for cert '%s'",
+ type, expected,
+ svn_time_to_cstring(actual, pool),
+ subject);
+
+ return SVN_NO_ERROR;
+}
+
+static svn_error_t *
+compare_hostnames(const char *expected,
+ const apr_array_header_t *actual,
+ const char *subject,
+ apr_pool_t *pool)
+{
+
+ int i;
+ svn_stringbuf_t *buf;
+
+ if (!actual)
+ {
+ if (expected)
+ return svn_error_createf(SVN_ERR_TEST_FAILED, NULL,
+ "The hostnames didn't match expected '%s',"
+ " got NULL for cert '%s'",
+ expected, subject);
+ return SVN_NO_ERROR;
+ }
+
+ buf = svn_stringbuf_create_empty(pool);
+ for (i = 0; i < actual->nelts; ++i)
+ {
+ const char *hostname = APR_ARRAY_IDX(actual, i, const char*);
+ if (i > 0)
+ svn_stringbuf_appendbytes(buf, ", ", 2);
+ svn_stringbuf_appendbytes(buf, hostname, strlen(hostname));
+ }
+
+ if (strcmp(expected, buf->data))
+ return svn_error_createf(SVN_ERR_TEST_FAILED, NULL,
+ "The hostnames didn't match expected '%s',"
+ " got '%s' for cert '%s'",
+ expected, buf->data, subject);
+ return SVN_NO_ERROR;
+}
+
+static svn_error_t *
+compare_oids(const char *expected,
+ const apr_array_header_t *actual,
+ const char *subject,
+ apr_pool_t *pool)
+{
+ int i;
+ svn_stringbuf_t *buf;
+
+ if (!actual)
+ {
+ if (expected)
+ return svn_error_createf(SVN_ERR_TEST_FAILED, NULL,
+ "The oids didn't match expected '%s',"
+ " got NULL for cert '%s'",
+ expected, subject);
+ return SVN_NO_ERROR;
+ }
+
+ buf = svn_stringbuf_create_empty(pool);
+ for (i = 0; i < actual->nelts; ++i)
+ {
+ apr_size_t len;
+ const svn_x509_name_attr_t *attr = APR_ARRAY_IDX(actual, i, const svn_x509_name_attr_t *);
+ const void *oid = svn_x509_name_attr_get_oid(attr, &len);
+ const char *oid_string = svn_x509_oid_to_string(oid, len, pool, pool);
+ if (i > 0)
+ svn_stringbuf_appendbyte(buf, ' ');
+ if (oid_string)
+ svn_stringbuf_appendcstr(buf, oid_string);
+ else
+ svn_stringbuf_appendcstr(buf, "??");
+ }
+
+ if (strcmp(expected, buf->data))
+ return svn_error_createf(SVN_ERR_TEST_FAILED, NULL,
+ "The oids didn't match expected '%s',"
+ " got '%s' for cert '%s'",
+ expected, buf->data, subject);
+ return SVN_NO_ERROR;
+
+}
+
+
+static svn_error_t *
+compare_results(struct x509_test *xt,
+ svn_x509_certinfo_t *certinfo,
+ apr_pool_t *pool)
+{
+ const char *v;
+
+ v = svn_x509_certinfo_get_subject(certinfo, pool);
+ if (!v)
+ return svn_error_createf(SVN_ERR_TEST_FAILED, NULL,
+ "No subject for cert '%s'", xt->subject);
+ if (strcmp(v, xt->subject))
+ return svn_error_createf(SVN_ERR_TEST_FAILED, NULL,
+ "Subject didn't match for cert '%s', "
+ "expected '%s', got '%s'", xt->subject,
+ xt->subject, v);
+
+ SVN_ERR(compare_oids(xt->subject_oids, svn_x509_certinfo_get_subject_attrs(certinfo),
+ xt->subject, pool));
+
+ v = svn_x509_certinfo_get_issuer(certinfo, pool);
+ if (!v)
+ return svn_error_createf(SVN_ERR_TEST_FAILED, NULL,
+ "No issuer for cert '%s'", xt->subject);
+ if (strcmp(v, xt->issuer))
+ return svn_error_createf(SVN_ERR_TEST_FAILED, NULL,
+ "Issuer didn't match for cert '%s', "
+ "expected '%s', got '%s'", xt->subject,
+ xt->issuer, v);
+
+ SVN_ERR(compare_oids(xt->issuer_oids, svn_x509_certinfo_get_issuer_attrs(certinfo),
+ xt->subject, pool));
+
+ SVN_ERR(compare_dates(xt->valid_from,
+ svn_x509_certinfo_get_valid_from(certinfo),
+ "valid-from",
+ xt->subject,
+ pool));
+
+ SVN_ERR(compare_dates(xt->valid_to,
+ svn_x509_certinfo_get_valid_to(certinfo),
+ "valid-to",
+ xt->subject,
+ pool));
+
+ SVN_ERR(compare_hostnames(xt->hostnames,
+ svn_x509_certinfo_get_hostnames(certinfo),
+ xt->subject,
+ pool));
+
+ v = svn_checksum_to_cstring_display(
+ svn_x509_certinfo_get_digest(certinfo), pool);
+ if (!v)
+ return svn_error_createf(SVN_ERR_TEST_FAILED, NULL,
+ "No SHA1 digest for cert '%s'", xt->subject);
+ if (strcmp(v, xt->sha1_digest))
+ return svn_error_createf(SVN_ERR_TEST_FAILED, NULL,
+ "SHA1 digest didn't match for cert '%s', "
+ "expected '%s', got '%s'", xt->subject,
+ xt->sha1_digest, v);
+
+ return SVN_NO_ERROR;
+}
+
+static svn_error_t *
+test_x509_parse_cert(apr_pool_t *pool)
+{
+ struct x509_test *xt;
+ apr_pool_t *iterpool = svn_pool_create(pool);
+
+ for (xt = cert_tests; xt->base64_cert; xt++)
+ {
+ const svn_string_t *der_cert;
+ svn_x509_certinfo_t *certinfo;
+
+ svn_pool_clear(iterpool);
+
+ /* Convert header-less PEM to DER by undoing base64 encoding. */
+ der_cert = svn_base64_decode_string(svn_string_create(xt->base64_cert,
+ pool),
+ iterpool);
+
+ SVN_ERR(svn_x509_parse_cert(&certinfo, der_cert->data, der_cert->len,
+ iterpool, iterpool));
+
+ SVN_ERR(compare_results(xt, certinfo, iterpool));
+ }
+
+ return SVN_NO_ERROR;
+}
+
+#if 0
+static struct x509_test broken_cert_tests[] = {
+ { NULL }
+};
+
+static svn_error_t *
+test_x509_parse_cert_broken(apr_pool_t *pool)
+{
+ struct x509_test *xt;
+ apr_pool_t *iterpool = svn_pool_create(pool);
+
+ for (xt = broken_cert_tests; xt->base64_cert; xt++)
+ {
+ const svn_string_t *der_cert;
+ svn_x509_certinfo_t *certinfo;
+
+ svn_pool_clear(iterpool);
+
+ /* Convert header-less PEM to DER by undoing base64 encoding. */
+ der_cert = svn_base64_decode_string(svn_string_create(xt->base64_cert,
+ pool),
+ iterpool);
+
+ SVN_ERR(svn_x509_parse_cert(&certinfo, der_cert->data, der_cert->len,
+ iterpool, iterpool));
+
+ SVN_ERR(compare_results(xt, certinfo, iterpool));
+ }
+
+ return SVN_NO_ERROR;
+}
+#endif
+
+/* The test table. */
+
+static int max_threads = 1;
+
+static struct svn_test_descriptor_t test_funcs[] =
+ {
+ SVN_TEST_NULL,
+ SVN_TEST_PASS2(test_x509_parse_cert,
+ "test svn_x509_parse_cert"),
+/* SVN_TEST_XFAIL2(test_x509_parse_cert_broken,
+ "test broken certs"), */
+ SVN_TEST_NULL
+ };
+
+SVN_TEST_MAIN
View Lorry Controller Status