diff options
author | Jonathan M. Wilbur <jonathan@wilbur.space> | 2024-06-17 21:40:30 +0000 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2024-06-20 19:59:22 +0200 |
commit | a7ed61ce8b0565483e6b0e44ed9b13682305e609 (patch) | |
tree | ed0fe3b06c5533dc96e85c85b1069b5854907325 /test | |
parent | 2e9cd409c0411e890cabf3827770ac3d4a235b82 (diff) | |
download | openssl-a7ed61ce8b0565483e6b0e44ed9b13682305e609.zip openssl-a7ed61ce8b0565483e6b0e44ed9b13682305e609.tar.gz openssl-a7ed61ce8b0565483e6b0e44ed9b13682305e609.tar.bz2 |
feat: add delegatedNameConstraints and holderNameConstraints exts
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24664)
Diffstat (limited to 'test')
-rw-r--r-- | test/certs/ext-delegatedNameConstraints.pem | 12 | ||||
-rw-r--r-- | test/certs/ext-holderNameConstraints.pem | 12 | ||||
-rw-r--r-- | test/recipes/25-test_x509.t | 24 |
3 files changed, 47 insertions, 1 deletions
diff --git a/test/certs/ext-delegatedNameConstraints.pem b/test/certs/ext-delegatedNameConstraints.pem new file mode 100644 index 0000000..0646f7a --- /dev/null +++ b/test/certs/ext-delegatedNameConstraints.pem @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBsDCCAZygAwIBAgIDAQIDMAsGCSqGSIb3DQEBBTAAMCIYDzIwMjEwODMxMDI0 +MTA0WhgPMjAyMTA4MzEwMjQxMDRaMAAwggEgMAsGCSqGSIb3DQEBAQOCAQ8AMIIB +CgKCAQEAtnjLm1ts1hC4fNNt3UnQD9y73bDXgioTyWYSI3ca/KNfuTydjFTEYAmq +nuGrBOUfgbmH3PRQ0AmpqljgWTb3d3K8H4UFvDWQTPSS21IMjm8oqd19nE5GxWir +Gu0oDRzhWLHe1RZ7ZrohCPg/1Ocsy47QZuK2laFB0rEmrRWBmEYbDl3/wxf5XfqI +qpOynJB02thXrTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06 +GkwLFJHNv2tU+tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3Vus +pVz+6pU2xgl3nrAVMQHB4fReQPH0pQIDAQABozcwNTAzBgNVHSoELDAqoCgwJqQe +MBwxGjAYBgNVBAMMEVdpbGRib2FyIFNvZnR3YXJlgAEBgQEDMAsGCSqGSIb3DQEB +BQMBAA== +-----END CERTIFICATE----- diff --git a/test/certs/ext-holderNameConstraints.pem b/test/certs/ext-holderNameConstraints.pem new file mode 100644 index 0000000..002bb65 --- /dev/null +++ b/test/certs/ext-holderNameConstraints.pem @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBsDCCAZygAwIBAgIDAQIDMAsGCSqGSIb3DQEBBTAAMCIYDzIwMjEwODMxMDI0 +MTA0WhgPMjAyMTA4MzEwMjQxMDRaMAAwggEgMAsGCSqGSIb3DQEBAQOCAQ8AMIIB +CgKCAQEAtnjLm1ts1hC4fNNt3UnQD9y73bDXgioTyWYSI3ca/KNfuTydjFTEYAmq +nuGrBOUfgbmH3PRQ0AmpqljgWTb3d3K8H4UFvDWQTPSS21IMjm8oqd19nE5GxWir +Gu0oDRzhWLHe1RZ7ZrohCPg/1Ocsy47QZuK2laFB0rEmrRWBmEYbDl3/wxf5XfqI +qpOynJB02thXrTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06 +GkwLFJHNv2tU+tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3Vus +pVz+6pU2xgl3nrAVMQHB4fReQPH0pQIDAQABozcwNTAzBgNVHUUELDAqoCgwJqQe +MBwxGjAYBgNVBAMMEVdpbGRib2FyIFNvZnR3YXJlgAEBgQEDMAsGCSqGSIb3DQEB +BQMBAA== +-----END CERTIFICATE----- diff --git a/test/recipes/25-test_x509.t b/test/recipes/25-test_x509.t index 2ae13df..860a970 100644 --- a/test/recipes/25-test_x509.t +++ b/test/recipes/25-test_x509.t @@ -16,7 +16,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/; setup("test_x509"); -plan tests => 60; +plan tests => 66; # Prevent MSys2 filename munging for arguments that look like file paths but # aren't @@ -172,6 +172,28 @@ cert_contains($tgt_info_cert, "Digest Type: Public Key", 1, 'X.509 Targeting Information Object Digest Type'); +my $hnc_cert = srctop_file(@certs, "ext-holderNameConstraints.pem"); +cert_contains($hnc_cert, + "X509v3 Holder Name Constraints", + 1, 'X.509 Holder Name Constraints'); +cert_contains($hnc_cert, + "Permitted:", + 1, 'X.509 Holder Name Constraints Permitted'); +cert_contains($hnc_cert, + "DirName:CN = Wildboar", + 1, 'X.509 Holder Name Constraint'); + +my $dnc_cert = srctop_file(@certs, "ext-delegatedNameConstraints.pem"); +cert_contains($dnc_cert, + "X509v3 Delegated Name Constraints", + 1, 'X.509 Delegated Name Constraints'); +cert_contains($dnc_cert, + "Permitted:", + 1, 'X.509 Delegated Name Constraints Permitted'); +cert_contains($dnc_cert, + "DirName:CN = Wildboar", + 1, 'X.509 Delegated Name Constraint'); + sub test_errors { # actually tests diagnostics of OSSL_STORE my ($expected, $cert, @opts) = @_; my $infile = srctop_file(@certs, $cert); |