SwitchEmu/mbedtls
1
0
Fork 0
mirror of https://git.suyu.dev/suyu/mbedtls.git synced 2026-03-12 05:02:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add test for expired cert in longer chain

Browse Source 
That's two lines that were not covered in verify_child()
This commit is contained in:
Manuel Pégourié-Gonnard
2017-06-05 10:20:32 +02:00
parent 41859786be
commit 29d60fb85f
4 changed files with 115 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
tests/data_files/Makefile
View File

@@ -12,6 +12,7 @@
## Tools
OPENSSL ?= openssl
FAKETIME ?= faketime
## Build the generated test data. Note that since the final outputs
## are committed to the repository, this target should do nothing on a
@@ -64,6 +65,18 @@ server2-sha256.crt: server2-rsa.csr
$(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA test-ca-sha256.crt -CAkey $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 4 -days 3653 -sha256 -in server2-rsa.csr -out $@
all_final += server2-sha256.crt
test_ca_int_rsa1 = test-int-ca.crt
server7.csr: server7.key
$(OPENSSL) req -new -key server7.key -subj "/C=NL/O=PolarSSL/CN=localhost" -out $@
all_intermediate += server7.csr
server7-expired.crt: server7.csr $(test_ca_int_rsa1)
$(FAKETIME) -f -3653d $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr | cat - $(test_ca_int_rsa1) > $@
all_final += server7-expired.crt
server7-future.crt: server7.csr $(test_ca_int_rsa1)
$(FAKETIME) -f +3653d $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr | cat - $(test_ca_int_rsa1) > $@
all_final += server7-future.crt
################################################################