Add additional X.509 verifier test cases.

The second case (14b) currently triggers a bug in the new verifier.
author: jsing <> 2026-03-31 13:39:48 +0000
committer: jsing <> 2026-03-31 13:39:48 +0000
commit: 848a8ff0f8b9bd889cd059b6040b85d5cd2cc980 (patch)
tree: 8b00a86cd36549f52a2f5df52871fcba9e2bb3a2 /src/regress/lib/libcrypto/x509
parent: e2ae938d435d7b2dd9dbd93f4ee01af27ccd864d (diff)
download: openbsd-848a8ff0f8b9bd889cd059b6040b85d5cd2cc980.tar.gz
openbsd-848a8ff0f8b9bd889cd059b6040b85d5cd2cc980.tar.bz2
openbsd-848a8ff0f8b9bd889cd059b6040b85d5cd2cc980.zip
2 files changed, 28 insertions, 2 deletions
diff --git a/src/regress/lib/libcrypto/x509/callback.c b/src/regress/lib/libcrypto/x509/callback.c
index c4d1575ae8..a3717bca24 100644
--- a/src/regress/lib/libcrypto/x509/callback.c
+++ b/src/regress/lib/libcrypto/x509/callback.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: callback.c,v 1.5 2024/08/23 12:56:26 anton Exp $ */
+/* $OpenBSD: callback.c,v 1.6 2026/03/31 13:39:48 jsing Exp $ */
 /*
 * Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2020-2021 Bob Beck <beck@openbsd.org>
@@ -340,6 +340,15 @@ struct verify_cert_test verify_cert_tests[] = {
                .want_chains = 1,
                .failing = 1,
        },
+        {
+                .id = "14a",
+                .want_chains = 1,
+        },
+        {
+                .id = "14b",
+                .want_chains = 0,
+                .failing = 1,
+        },
 };
 #define N_VERIFY_CERT_TESTS \
diff --git a/src/regress/lib/libcrypto/x509/verify.c b/src/regress/lib/libcrypto/x509/verify.c
index b4b4e06cf7..2b5298a63e 100644
--- a/src/regress/lib/libcrypto/x509/verify.c
+++ b/src/regress/lib/libcrypto/x509/verify.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: verify.c,v 1.12 2024/08/23 12:56:26 anton Exp $ */
+/* $OpenBSD: verify.c,v 1.13 2026/03/31 13:39:48 jsing Exp $ */
 /*
 * Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2020-2021 Bob Beck <beck@openbsd.org>
@@ -460,6 +460,20 @@ struct verify_cert_test verify_cert_tests[] = {
                .want_legacy_error_depth = 2,
                .failing = 1,
        },
+        {
+                .id = "14a",
+                .want_chains = 1,
+                .want_error_depth = 0,
+        },
+        {
+                .id = "14b",
+                .want_chains = 0,
+                .want_error = X509_V_ERR_CERT_CHAIN_TOO_LONG,
+                .want_error_depth = 32,
+                .want_legacy_error = 0,
+                .want_legacy_error_depth = 0,
+                .failing = 1,
+        },
 };
 #define N_VERIFY_CERT_TESTS \
@@ -557,10 +571,13 @@ main(int argc, char **argv)
        fprintf(stderr, "\n\nTesting legacy x509_vfy\n");
        failed |= verify_cert_test(argv[1], MODE_LEGACY_VFY);
        fprintf(stderr, "\n\nTesting modern x509_vfy\n");
        failed |= verify_cert_test(argv[1], MODE_MODERN_VFY);
        fprintf(stderr, "\n\nTesting modern x509_vfy by_dir\n");
        failed |= verify_cert_test(argv[1], MODE_MODERN_VFY_DIR);
        fprintf(stderr, "\n\nTesting x509_verify\n");
        failed |= verify_cert_test(argv[1], MODE_VERIFY);
author	jsing <>	2026-03-31 13:39:48 +0000
committer	jsing <>	2026-03-31 13:39:48 +0000
commit	848a8ff0f8b9bd889cd059b6040b85d5cd2cc980 (patch)
tree	8b00a86cd36549f52a2f5df52871fcba9e2bb3a2 /src/regress/lib/libcrypto/x509
parent	e2ae938d435d7b2dd9dbd93f4ee01af27ccd864d (diff)
download	openbsd-848a8ff0f8b9bd889cd059b6040b85d5cd2cc980.tar.gz openbsd-848a8ff0f8b9bd889cd059b6040b85d5cd2cc980.tar.bz2 openbsd-848a8ff0f8b9bd889cd059b6040b85d5cd2cc980.zip