Suyu/mbedtls
1
0
Fork 0
mirror of https://git.suyu.dev/suyu/mbedtls.git synced 2026-01-04 13:45:05 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add test for limit on intermediate certificates

Browse source 
Inspired by test code provided by Nicholas Wilson in PR #351.

The test will fail if someone sets MAX_INTERMEDIATE_CA to a value larger than
18 (default is 8), which is hopefully unlikely and can easily be fixed by
running long.sh again with a larger value if it ever happens.

Current behaviour is suboptimal as flags are not set, but currently the goal
is only to document/test existing behaviour.
This commit is contained in:
Manuel Pégourié-Gonnard 2017-06-05 13:49:44 +02:00
parent f2a597fa3d
commit 1beb048316
68 changed files with 3289 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

39
tests/suites/test_suite_x509parse.function
View file

@ -500,6 +500,45 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
void mbedtls_x509_crt_verify_max( char *ca_file, char *chain_dir, int nb_int,
int ret_chk, int flags_chk )
{
char file_buf[128];
int ret;
uint32_t flags;
mbedtls_x509_crt trusted, chain;
/*
* We expect chain_dir to contain certificates 00.crt, 01.crt, etc.
* with NN.crt signed by NN-1.crt
*/
mbedtls_x509_crt_init( &trusted );
mbedtls_x509_crt_init( &chain );
/* Load trusted root */
TEST_ASSERT( mbedtls_x509_crt_parse_file( &trusted, ca_file ) == 0 );
/* Load a chain with nb_int intermediates (from 01 to nb_int),
* plus one "end-entity" cert (nb_int + 1) */
ret = mbedtls_snprintf( file_buf, sizeof file_buf, "%s/c%02d.pem", chain_dir,
nb_int + 1 );
TEST_ASSERT( ret > 0 && (size_t) ret < sizeof file_buf );
TEST_ASSERT( mbedtls_x509_crt_parse_file( &chain, file_buf ) == 0 );
/* Try to verify that chain */
ret = mbedtls_x509_crt_verify( &chain, &trusted, NULL, NULL, &flags,
NULL, NULL );
TEST_ASSERT( ret == ret_chk );
TEST_ASSERT( flags == (uint32_t) flags_chk );
exit:
mbedtls_x509_crt_free( &chain );
mbedtls_x509_crt_free( &trusted );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
void mbedtls_x509_crt_verify_chain( char *chain_paths, char *trusted_ca, int flags_result )
{