aboutsummaryrefslogtreecommitdiff
path: root/test/certs
AgeCommit message (Collapse)AuthorFilesLines
31 hourstest: authorityAttributeIdentifier X.509v3 extensionJonathan M. Wilbur1-0/+12
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25244)
2024-08-27test: issuedOnBehalfOf X.509v3 extensionJonathan M. Wilbur1-0/+11
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25241)
2024-08-26test: auditIdentity X.509v3 extension decoding and displayJonathan M. Wilbur1-0/+11
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24754)
2024-07-24test: the basicAttConstraints X.509v3 extensionJonathan M. Wilbur1-0/+11
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24847)
2024-07-04test: userNotice X.509v3 extensionJonathan M. Wilbur1-0/+13
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24761)
2024-06-26test: add tests for acceptable policies extsJonathan M. Wilbur2-0/+22
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24663)
2024-06-24Support subjectDirectoryAttributes and associatedInformation extsJonathan M. Wilbur2-0/+20
Added tests for SDA and AI extensions. Added internal function ossl_print_attribute_value() with documentation. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24669)
2024-06-21Make x509_req_test ANSI Compatibleerbsland-dev1-0/+17
Update the `x509_req_test` to ensure ANSI compatibility. The integrated certificate string was too long, so the PEM certificate has been moved to `certs/x509-req-detect-invalid-version.pem`. The test have been updated to load this certificate from the file on disk. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24677)
2024-06-21Add test for ASN1_item_verify()Tomas Mraz2-0/+25
This is a test for https://github.com/openssl/openssl/issues/24575 Original idea by Theo Buehler. Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/24576)
2024-06-20feat: add delegatedNameConstraints and holderNameConstraints extsJonathan M. Wilbur2-0/+24
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24664)
2024-06-17Add support for targetingInformation X.509v3 extensionJonathan M. Wilbur1-0/+14
Support for the targetingInformation X.509v3 extension defined in ITU-T Recommendation X.509 (2019), Section 17.1.2.2. This extension is used in attribute certificates. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22206)
2024-04-24x509_acert: Add more parsing and printing testsDamian Hobson-Garcia2-0/+63
These have been extracted from the boucycastle test code. Make sure that these certificates can be safely and correctly parsed and printed. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15857)
2024-04-24x509_acert: Add simple API testsDamian Hobson-Garcia2-0/+20
Add a some simple API tests for reading, printing, signing and verifying attribute certificates. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15857)
2023-10-02test: add verify test for EC cert signed with SHA3Mathieu Tortuyaux5-0/+46
Signed-off-by: Mathieu Tortuyaux <mathieu.tortuyaux@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22147)
2023-09-25Support all NULL-syntax X.509v3 extensionsJonathan M. Wilbur6-0/+67
Signed-off-by: Jonathan M. Wilbur <jonathan@wilbur.space> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21342)
2023-09-07Copyright year updatesMatt Caswell1-1/+1
Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes
2023-06-26Add a test for pkeyutl encrypt/decrypt using SM2Matt Caswell1-0/+4
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21272)
2023-03-28Generate some certificates with the certificatePolicies extensionMatt Caswell5-2/+72
Related-to: CVE-2023-0465 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20585)
2023-02-07Add testcase for nc_match_single type confusionTomas Mraz4-0/+79
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
2022-12-08test: add test case for deadlock reported in #19643Pauli1-0/+20
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19652)
2022-11-12Resign test/certs/rootCA.pem to expire in 100 yearsBernd Edlinger1-18/+76
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19654)
2022-11-12Update the validity period of ed25519 cerificatesBernd Edlinger2-14/+74
Note: The private key is test/certs/root-ed25519.privkey.pem Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19654)
2022-08-18X509: add tests for purpose code signing in verify applicationLutz Jaenicke8-2/+127
Correct configuration according to CA Browser forum: KU: critical,digitalSignature XKU: codeSiging Note: I did not find any other document formally defining the requirements for code signing certificates. Some combinations are explicitly forbidden, some flags can be ignored Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18567)
2022-08-16Rename the "timing" program to "timing_load_creds" and integrate it with ↵Dr. David von Oheimb2-0/+48
test/build.info Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18821)
2022-07-12test/certs/setup.sh: add missing comment on CA cert variant without basic ↵Dr. David von Oheimb1-2/+2
constraints Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18758)
2022-06-22Add test cases for verification of time stamping certificatesLutz Jaenicke10-0/+182
Test makes sure, that both time stamping certificate according to rfc3161 (no requirements for keyUsage extension) and according to CAB forum (keyUsage extension must be digitalSignature and be set critical) are accepted. Misuse cases as stated in CAB forum are rejected, only exeption is a missing "critial" flag on keyUsage. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18597)
2022-06-05Update further expiring certificates that affect testsTomas Mraz3-33/+34
Namely the smime certificates used in test_cms and the SM2 certificates will expire soon and affect tests. Fixes #15179 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18467)
2022-06-03Change the SCT issuer key to RSA 2048Bernd Edlinger4-37/+57
This avoids the need to use SECLEVEL=1 in 12-ct.cnf.in. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/18450)
2022-06-03Enable setting SSL_CERT_FLAG_TLS_STRICT with ssl configTomas Mraz3-0/+56
Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17989)
2022-06-01Update expired SCT issuer certificateTomas Mraz1-15/+15
Fixes #15179 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/18444)
2022-01-03Test that PEM_BUFSIZE is passed into pem_password_cbTomas Mraz1-0/+30
When pem_password_cb is used from SSL_CTX, its size parameter should be equal to PEM_BUFSIZE. Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/17320)
2021-12-14Add a TLS test for name constraints with an EE cert without a SANMatt Caswell1-0/+40
It is valid for name constraints to be in force but for there to be no SAN extension in a certificate. Previous versions of OpenSSL mishandled this. Test for CVE-2021-4044 Reviewed-by: Tomas Mraz <tomas@openssl.org>
2021-12-14Add a new Name Constraints test certMatt Caswell4-8/+74
Add a cert which complies with the name constraints but has no SAN extension Reviewed-by: Tomas Mraz <tomas@openssl.org>
2021-11-1125-test_req.t: Add systematic SKID+AKID tests for self-issued (incl. ↵Dr. David von Oheimb1-16/+7
self-signed) certs Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/16342)
2021-09-03Test for DANE cross cert fixViktor Dukhovni4-0/+67
Reviewed-by: Tomáš Mráz <tomas@openssl.org>
2021-07-02test_pem_reading: Test loading a key from a file with multiple PEM dataTomas Mraz1-0/+90
Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15949)
2021-06-0925-test_verify.t: Add test case: accept trusted self-signed EE cert with key ↵Dr. David von Oheimb1-0/+19
usage keyCertSign also when strict Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15656)
2021-06-09test/certs/mkcert.sh: Correct description of geneealt parametersDr. David von Oheimb1-2/+2
Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15656)
2021-06-08Fix the expected output of printing certificatesMatt Caswell2-2/+2
Now that we are using provided keys when loading a certificate the pretty printing formatting is cosmetically different. We need to adjust expected test output accordingly. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15504)
2021-06-04Test a bad SmtpUTF8Mailbox name constraintMatt Caswell3-0/+62
We add a verify test with a cert with a SAN and a bad SmtpUTF8Mailbox entry, with an intermediate certificate with email name constraints. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15611)
2021-06-02ee-self-signed.pem: Restore original version, adding -attime to 25-test_verify.tDr. David von Oheimb1-17/+16
Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15499)
2021-05-27TEST: Prefer using precomputed RSA and DH keys for more efficient testsDr. David von Oheimb1-0/+14
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13715)
2021-05-05test/certs/setup.sh: Fix two glitchesDr. David von Oheimb3-12/+12
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14413)
2021-05-05update test/certs/ee-pathlen.pem to contain SKID and AKIDDr. David von Oheimb1-9/+10
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14413)
2021-05-05test/certs/setup.sh: structural cleanupDr. David von Oheimb1-41/+32
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14413)
2021-04-08PEM_X509_INFO_read_bio_ex(): Generalize to allow parsing any type of private keyDr. David von Oheimb1-0/+30
Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14647)
2021-04-08d2i_PrivateKey{,_ex}() and PEM_X509_INFO_read_bio_ex(): Fix handling of ↵Dr. David von Oheimb1-0/+74
RSA/DSA/EC private key This is needed to correct d2i_PrivateKey() after it was changed by commit 576892d78f80cf9a. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14647)
2021-03-04test/x509: Test for issuer being overwritten when printing.Tomas Mraz3-104/+93
The regression from commit 05458fd was fixed, but there is no test for that regression. This adds it simply by having a certificate that we compare for -text output having a different subject and issuer. Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/14353)
2021-03-03Fix NULL access in ssl_build_cert_chain() when ctx is NULL.Shane Lontis1-0/+84
Fixes #14294 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14295)
2021-03-03test_ssl_new: X448, X25519, and EdDSA are supported with fipsTomas Mraz1-6/+6
Removed the related TODOs. Also adjusted the DH parameters used for the DH test to be acceptable for FIPS as that now allows only known safe prime parameters. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14367)
generated by cgit v1.1 at 2024-09-11 23:53:02 +0000