diff options
| author | Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> | 2015-11-19 10:46:07 +0100 |
|---|---|---|
| committer | Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> | 2015-11-19 12:01:11 +0100 |
| commit | c058074836c35a8f6a10533442202fcc8a32f977 (patch) | |
| tree | 44a629a20e73295b4e3fda23029aeddf513455e6 | |
| parent | 1f4e08c979bee3f7d790f23c863b547487fbd2f7 (diff) | |
| download | mbedtls-c058074836c35a8f6a10533442202fcc8a32f977.zip mbedtls-c058074836c35a8f6a10533442202fcc8a32f977.tar.gz mbedtls-c058074836c35a8f6a10533442202fcc8a32f977.tar.bz2 | |
Add test case for first intermediate max_pathlen=0
!!! This test case is currently failing !!!
(See fix in next-next commit.)
Test certificates generated with the following script:
programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert81.key
programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert82.key
programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert83.key
programs/x509/cert_write serial=81 output_file=cert81.crt is_ca=1 \
issuer_key=cert81.key issuer_name="CN=Root 8,O=mbed TLS,C=UK" \
selfsign=1
programs/x509/cert_write serial=82 output_file=cert82.crt is_ca=1 \
issuer_key=cert81.key issuer_name="CN=Root 8,O=mbed TLS,C=UK" \
subject_key=cert82.key subject_name="CN=Int 82,O=mbed TLS,C=UK" \
max_pathlen=0
programs/x509/cert_write serial=83 output_file=cert83.crt \
issuer_key=cert82.key issuer_name="CN=Int 82,O=mbed TLS,C=UK" \
subject_key=cert83.key subject_name="CN=EE 83,O=mbed TLS,C=UK"
mv cert8?.crt tests/data_files/dir4
rm cert8?.key
| -rw-r--r-- | tests/data_files/dir4/Readme | 4 | ||||
| -rw-r--r-- | tests/data_files/dir4/cert81.crt | 11 | ||||
| -rw-r--r-- | tests/data_files/dir4/cert82.crt | 11 | ||||
| -rw-r--r-- | tests/data_files/dir4/cert83.crt | 11 | ||||
| -rw-r--r-- | tests/suites/test_suite_x509parse.data | 4 |
5 files changed, 41 insertions, 0 deletions
diff --git a/tests/data_files/dir4/Readme b/tests/data_files/dir4/Readme index 5732a64..7217b75 100644 --- a/tests/data_files/dir4/Readme +++ b/tests/data_files/dir4/Readme @@ -36,3 +36,7 @@ cert61.crt (max_pathlen=1) -> cert62.crt -> cert63.crt cert71.crt (max_pathlen=1) -> cert72.crt -> cert73.crt (self signed) -> cert74.crt -> cert74.crt ``` +8. zero pathlen constraint on first intermediate CA (valid) +``` +cert81.crt -> cert82.crt (max_pathlen=0) -> cert83.crt +``` diff --git a/tests/data_files/dir4/cert81.crt b/tests/data_files/dir4/cert81.crt new file mode 100644 index 0000000..26b2bd5 --- /dev/null +++ b/tests/data_files/dir4/cert81.crt @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBpTCCAUmgAwIBAgIBUTAMBggqhkjOPQQDAgUAMDExDzANBgNVBAMTBlJvb3Qg +ODERMA8GA1UEChMIbWJlZCBUTFMxCzAJBgNVBAYTAlVLMB4XDTAxMDEwMTAwMDAw +MFoXDTMwMTIzMTIzNTk1OVowMTEPMA0GA1UEAxMGUm9vdCA4MREwDwYDVQQKEwht +YmVkIFRMUzELMAkGA1UEBhMCVUswWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAT1 +GuTQ9vgf2l3oLM25r78cvIAQqE02GzQGjp/WWw3CysEwTwNEuZGhRiD5lDmkbUGW +UNxv/7uJjy7k3K3fDNdko1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBTHFA2h +Au0tPnzeYnLcmlTQj4FAajAfBgNVHSMEGDAWgBTHFA2hAu0tPnzeYnLcmlTQj4FA +ajAMBggqhkjOPQQDAgUAA0gAMEUCIH7Z/HNb/Pwbs40iNll1a9gmgAbYOgdlVPWo +nSdcb7cZAiEAlhVb6CdBXsjOfAWWEET/QP74z608PKFccCIFPCDLkxo= +-----END CERTIFICATE----- diff --git a/tests/data_files/dir4/cert82.crt b/tests/data_files/dir4/cert82.crt new file mode 100644 index 0000000..d49ecc9 --- /dev/null +++ b/tests/data_files/dir4/cert82.crt @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBqDCCAUygAwIBAgIBUjAMBggqhkjOPQQDAgUAMDExDzANBgNVBAMTBlJvb3Qg +ODERMA8GA1UEChMIbWJlZCBUTFMxCzAJBgNVBAYTAlVLMB4XDTAxMDEwMTAwMDAw +MFoXDTMwMTIzMTIzNTk1OVowMTEPMA0GA1UEAxMGSW50IDgyMREwDwYDVQQKEwht +YmVkIFRMUzELMAkGA1UEBhMCVUswWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAS2 +giYQt4HVfQ2t8eTS0bvISwp7ol2x17umbllBxwzGDFEUQ00JL1/SStezecK0lNhE +0AvY8Ez2soQEtdSeQGkCo1MwUTAPBgNVHRMECDAGAQH/AgEAMB0GA1UdDgQWBBS3 ++nsv3nQknSg4aDjlTiRpCPo7XzAfBgNVHSMEGDAWgBTHFA2hAu0tPnzeYnLcmlTQ +j4FAajAMBggqhkjOPQQDAgUAA0gAMEUCIQDus2Lvx3yyvaViY1s334uMm6ge484X +oktMyxLVjkAMiAIgehTHiJJaT9PnlVa+hUpxsIfVAuMexrm5fw/bDF5Nxzw= +-----END CERTIFICATE----- diff --git a/tests/data_files/dir4/cert83.crt b/tests/data_files/dir4/cert83.crt new file mode 100644 index 0000000..21a748e --- /dev/null +++ b/tests/data_files/dir4/cert83.crt @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBoDCCAUWgAwIBAgIBUzAMBggqhkjOPQQDAgUAMDExDzANBgNVBAMTBkludCA4 +MjERMA8GA1UEChMIbWJlZCBUTFMxCzAJBgNVBAYTAlVLMB4XDTAxMDEwMTAwMDAw +MFoXDTMwMTIzMTIzNTk1OVowMDEOMAwGA1UEAxMFRUUgODMxETAPBgNVBAoTCG1i +ZWQgVExTMQswCQYDVQQGEwJVSzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABMSy +6X5iBYrdxxOMfdcA23pLBoJCeyEjiWfALxTm80MJGBdRNVdnT50xNU3SDDwHWPda +/EQqHq+itsqkUeyAGAyjTTBLMAkGA1UdEwQCMAAwHQYDVR0OBBYEFGsFH/KsvM4n +r+i1gI2iCVXi3KtFMB8GA1UdIwQYMBaAFLf6ey/edCSdKDhoOOVOJGkI+jtfMAwG +CCqGSM49BAMCBQADRwAwRAIgQURH8DHWFHVK38+znWc85G1P+g4ocdkA5Gt0LbOg +SJMCIBsacOLFywxZYF8atizw6zMRw+QeHR2514JIhJUck2kd +-----END CERTIFICATE----- diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index a540db2..255c4e1 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1156,6 +1156,10 @@ X509 CRT verify chain #8 (self signed maxpathlen root) depends_on:POLARSSL_SHA256_C:POLARSSL_RSA_C x509_crt_verify_chain:"data_files/dir4/cert61.crt data_files/dir4/cert63.crt data_files/dir4/cert62.crt":"data_files/dir4/cert61.crt":0 +X509 CRT verify chain #9 (self signed maxpathlen root) +depends_on:POLARSSL_SHA256_C:POLARSSL_ECDSA_C:POLARSSL_ECP_DP_SECP256R1_ENABLED +x509_crt_verify_chain:"data_files/dir4/cert83.crt data_files/dir4/cert82.crt":"data_files/dir4/cert81.crt":0 + X509 OID description #1 x509_oid_desc:"2B06010505070301":"TLS Web Server Authentication" |