5 files changed, 96 insertions, 1 deletions
diff --git a/src/regress/lib/libcrypto/certs/2c/bundle.pem b/src/regress/lib/libcrypto/certs/2c/bundle.pem
new file mode 100644
index 0000000000..f45b11274f
--- /dev/null
+++ b/src/regress/lib/libcrypto/certs/2c/bundle.pem
@@ -0,0 +1,65 @@
+subject= CN = LibreSSL Test Server 1
+issuer= CN = LibreSSL Test Intermediate CA 1
+subject= CN = LibreSSL Test Root CA 1
+issuer= CN = LibreSSL Test Root CA 1
+subject= CN = LibreSSL Test Intermediate CA 1
+issuer= CN = LibreSSL Test Root CA 1
+-----BEGIN CERTIFICATE-----
+MIIDLjCCAhagAwIBAgIJAPZu+6cw2jdwMA0GCSqGSIb3DQEBCwUAMCoxKDAmBgNV
+BAMMH0xpYnJlU1NMIFRlc3QgSW50ZXJtZWRpYXRlIENBIDEwHhcNMjEwODI3MTYx
+MDQ1WhcNMzEwODI1MTYxMDQ1WjAhMR8wHQYDVQQDDBZMaWJyZVNTTCBUZXN0IFNl
+cnZlciAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1dWqojtfaPJV
+PuOthfyXAUt/EloMyut0RiorzcCjOnyUia+/t9svAZ1ZhzUgRuaxLRK9Uil7n5Al
+Sn7DTm/KFbTDVcUYR6V9/Zf6aW0lRsNxgBEARKuvLc55CGRCxaqoZi+0J/x343lU
+SFsnbNNz8ZEe/ukpTzJHUwKf4WSTp9QxVEKhMNyYngItkf0QIiwCcDxHxGvZ5y1F
+MKznU/2AVy7niwh92RnpI2N0icOymMDq62f1QGr5IX/ODRP6PeYN8P1dfAjcaX7q
+SpxsjxNLp9pvejlqdcZccTPN7YA32zk8ithR6Q6lja1tj49MYeAGxT2ESXkVNzMU
+dBKUBrLh9QIDAQABo2AwXjAdBgNVHQ4EFgQU62sFe6VLA3HGIecPuYggaD8Exwcw
+HwYDVR0jBBgwFoAUnf73tYa3Dw0RY7l+odx7TeXtYyUwDAYDVR0TAQH/BAIwADAO
+BgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBAGGy1Q5hWYg4iqhvkTUA
+w5UC4qNUoGmGsoAoASVtOHcW9VLXfwgtQ9zPYISPuIbt6jh9QV375Zda2IqZUCQi
+nBpIUg2nWGZoNawWUUnsho9NdFGtKIj0kKuiKm3doN6Xb6pFASg1n4dxRO2dAa3d
+UyJ1TlSGAKPlMxw8WcsTrokwdj58sQQTTDxWGhI7IFV4wfA9cV45ykNI1sxzz5pl
+5zGhuB9PycoF4B7bDlhJMw31wijQ5sTT3wuAk7lgWTsISS6JtzNq/wXL/mwvaXGU
+XIXzVcEffccojngT/3MUNx9a+OeChermKVk+rptk/allf1teIuFvGCyKvZvfCSoT
+y4o=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDKjCCAhKgAwIBAgIJAJJZtdkNyWp9MA0GCSqGSIb3DQEBCwUAMCIxIDAeBgNV
+BAMMF0xpYnJlU1NMIFRlc3QgUm9vdCBDQSAxMB4XDTIxMDgyNzE2MTA0NVoXDTMx
+MDgyNTE2MTA0NVowIjEgMB4GA1UEAwwXTGlicmVTU0wgVGVzdCBSb290IENBIDEw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCSrmg0Xwwl9qZM5nnIJgG+
+HlRIOtFMh8OqZy17oHdwJbgYiQxEdU6TxpzXtt2F5zlbjF+cXCRo2361X753qlSc
+UkUUru2y82Qmibrqmw96ziifBed91d5U5OINdzCCcow4sgoXU4gDPJF0O1okvV/z
+woXgVblS5uVYSs0Lh6yE9RydV8RiPS0VRPGIyt2g+l1MJ3tyrhy/FUtUdxOXkPA+
+Hu5xI+WP/XUctD1WYBjbZFbOiXobf/HGkOwbnqijCTX0LU5g+Q6EWoyXPIYaH3us
+I1kPYJefpKJ3QpQWWXKuLFQcvMjL0IP3zN/0IFpZmnBAzAyO0xs7+tjjwJlEGAed
+AgMBAAGjYzBhMB0GA1UdDgQWBBSSJjZwiPxzph27rjn0IW2AVw4QrzAfBgNVHSME
+GDAWgBSSJjZwiPxzph27rjn0IW2AVw4QrzAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud
+DwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAesOq9J/tbU01E1kjBKkOK/nA
+GOaW5ZFtmAvod8m59TWurzoslSKbUw0pKKl1XO70xAaGot1f8PMjdRh0SkGSvkE2
+Z+r3IhKw063YWSApjcy6+Jcf/ONbFvihKsb+rgl+WFFHQzLDaPSAWYtCU2p/ap0h
+M1KPP80M2jf4zx9nhIypJ4t9cEspVbn4aVu+17a0avYNm+JtOCLeXelRdJgopbzR
+ItWgvCm7QXVYgPMEOj9OenMp9LL3BCs7xw2CnMUAI9hBRejTTGou5LSPrjvgX39w
+UhD/tIZ8/7L/z7KdDYFDfSsacwl2UX15khZ0zkAm/E0rrIiH5/yJ6S8PelszqQ==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDMjCCAhqgAwIBAgIJAPZu+6cw2jdvMA0GCSqGSIb3DQEBCwUAMCIxIDAeBgNV
+BAMMF0xpYnJlU1NMIFRlc3QgUm9vdCBDQSAxMB4XDTIxMDgyNzE2MTA0NVoXDTMx
+MDgyNTE2MTA0NVowKjEoMCYGA1UEAwwfTGlicmVTU0wgVGVzdCBJbnRlcm1lZGlh
+dGUgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL8EPpwdyr8A
+bwQ8BLnUWpj3hbZui0Ge2GYlfuE3IxoJTuup/Z5aRuZMrfa1kfh5aBYiU8Xo/Ap5
+a8+ikVEOr5693/PBQ7Mc6UkU/0eha1bRreyCfBO6VMFdGvAS1vixjkLgtlhGqpPQ
+Wod5cJolW2cPrZ9/YD0Z2WULXN0JX0speDUPde7QZbIEcwwG35BNvpUtpNpxOhXx
+naWdoweuAJj+aywsZMLmcWc5E0xnUE/gKmcQecnTjv07sJNM1/EDT51hXYkoT4mf
+IsnSTEqfCyyPvoAUamu1AddxCmSbHHSRj/xVfy0LF4uyU/gLGxltvhqgcGes6Bd6
+S2bjbJCTic8CAwEAAaNjMGEwHQYDVR0OBBYEFJ3+97WGtw8NEWO5fqHce03l7WMl
+MB8GA1UdIwQYMBaAFJImNnCI/HOmHbuuOfQhbYBXDhCvMA8GA1UdEwEB/wQFMAMB
+Af8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQAEJTY+STw65PB/
+r5nM8sDsD+1JVz/a+QIyX7ikWiNykWIY78gDtdHN4dQEAazcQv26N0y2YjQZ/UWe
+DdZ03rWhX4/lWraWrf1xLCfDtlq5OV59vuLPAaG6nkZ0cUhyUMqjbH3/0jHBaGF2
+T9eCsNI4k7wbth6WCdUqiJ7SUEpP2b/tRpwlRThoK947vuWIodqbejN/UldKnXkH
+AHuKRzJi9oa3D78JZHprOTx1MZ/8bNmuM/ksBZ2S+RKCZY2cZmm5Dn18OCaq0wf8
+CvgasC1QHSR4gdwY3a7D7wL1onYAnljgh7hOej8Dmp2EjD4kSZEu+SbLWDIZ7u14
+8n7FQbR6
+-----END CERTIFICATE-----
diff --git a/src/regress/lib/libcrypto/certs/2c/roots.pem b/src/regress/lib/libcrypto/certs/2c/roots.pem
new file mode 100644
index 0000000000..ed5b6dc9e6
--- /dev/null
+++ b/src/regress/lib/libcrypto/certs/2c/roots.pem
@@ -0,0 +1,21 @@
+subject= CN = LibreSSL Test Root CA 1
+issuer= CN = LibreSSL Test Root CA 1
+-----BEGIN CERTIFICATE-----
+MIIDKjCCAhKgAwIBAgIJAJJZtdkNyWp9MA0GCSqGSIb3DQEBCwUAMCIxIDAeBgNV
+BAMMF0xpYnJlU1NMIFRlc3QgUm9vdCBDQSAxMB4XDTIxMDgyNzE2MTA0NVoXDTMx
+MDgyNTE2MTA0NVowIjEgMB4GA1UEAwwXTGlicmVTU0wgVGVzdCBSb290IENBIDEw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCSrmg0Xwwl9qZM5nnIJgG+
+HlRIOtFMh8OqZy17oHdwJbgYiQxEdU6TxpzXtt2F5zlbjF+cXCRo2361X753qlSc
+UkUUru2y82Qmibrqmw96ziifBed91d5U5OINdzCCcow4sgoXU4gDPJF0O1okvV/z
+woXgVblS5uVYSs0Lh6yE9RydV8RiPS0VRPGIyt2g+l1MJ3tyrhy/FUtUdxOXkPA+
+Hu5xI+WP/XUctD1WYBjbZFbOiXobf/HGkOwbnqijCTX0LU5g+Q6EWoyXPIYaH3us
+I1kPYJefpKJ3QpQWWXKuLFQcvMjL0IP3zN/0IFpZmnBAzAyO0xs7+tjjwJlEGAed
+AgMBAAGjYzBhMB0GA1UdDgQWBBSSJjZwiPxzph27rjn0IW2AVw4QrzAfBgNVHSME
+GDAWgBSSJjZwiPxzph27rjn0IW2AVw4QrzAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud
+DwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAesOq9J/tbU01E1kjBKkOK/nA
+GOaW5ZFtmAvod8m59TWurzoslSKbUw0pKKl1XO70xAaGot1f8PMjdRh0SkGSvkE2
+Z+r3IhKw063YWSApjcy6+Jcf/ONbFvihKsb+rgl+WFFHQzLDaPSAWYtCU2p/ap0h
+M1KPP80M2jf4zx9nhIypJ4t9cEspVbn4aVu+17a0avYNm+JtOCLeXelRdJgopbzR
+ItWgvCm7QXVYgPMEOj9OenMp9LL3BCs7xw2CnMUAI9hBRejTTGou5LSPrjvgX39w
+UhD/tIZ8/7L/z7KdDYFDfSsacwl2UX15khZ0zkAm/E0rrIiH5/yJ6S8PelszqQ==
+-----END CERTIFICATE-----
diff --git a/src/regress/lib/libcrypto/certs/README b/src/regress/lib/libcrypto/certs/README
index 0d6fa7d48a..93165249ec 100644
--- a/src/regress/lib/libcrypto/certs/README
+++ b/src/regress/lib/libcrypto/certs/README
@@ -12,6 +12,9 @@ intermediate certificates are contained in a bundle.pem file.
 2b. Same as (2a), however the intermediate is missing which should
     prevent verification.
+ 
+ 2c. Same as (2a), however the intermediate and root are in the intermediate
+     bundle, (should verify)
 3a. A leaf certificate signed by three intermediates, the last of
     which is signed by a root certificate (should verify).
diff --git a/src/regress/lib/libcrypto/certs/make-certs.sh b/src/regress/lib/libcrypto/certs/make-certs.sh
index b34a547ba2..3854ff13e0 100644
--- a/src/regress/lib/libcrypto/certs/make-certs.sh
+++ b/src/regress/lib/libcrypto/certs/make-certs.sh
@@ -223,6 +223,8 @@ create_root_bundle "./2a/roots.pem" "ca-root"
 create_bundle "./2a/bundle.pem" "server-1" "ca-int-1"
 create_root_bundle "./2b/roots.pem" "ca-root"
 create_bundle "./2b/bundle.pem" "server-1"
+create_root_bundle "./2c/roots.pem" "ca-root"
+create_bundle "./2c/bundle.pem" "server-1" "ca-root" "ca-int-1"
 # Scenarios 3a, 3b, 3c, 3d and 3e.
 reset
diff --git a/src/regress/lib/libcrypto/x509/verify.c b/src/regress/lib/libcrypto/x509/verify.c
index 9ef68cd5ab..259854ef12 100644
--- a/src/regress/lib/libcrypto/x509/verify.c
+++ b/src/regress/lib/libcrypto/x509/verify.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: verify.c,v 1.5 2020/11/18 06:56:07 tb Exp $ */
+/* $OpenBSD: verify.c,v 1.6 2021/08/27 16:15:42 beck Exp $ */
 /*
 * Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -239,6 +239,10 @@ struct verify_cert_test verify_cert_tests[] = {
                .want_chains = 0,
        },
        {
+                .id = "2c",
+                .want_chains = 1,
+        },
+        {
                .id = "3a",
                .want_chains = 1,
        },

diff --git a/src/regress/lib/libcrypto/certs/2c/bundle.pem b/src/regress/lib/libcrypto/certs/2c/bundle.pem new file mode 100644 index 0000000000..f45b11274f --- /dev/null +++ b/src/regress/lib/libcrypto/certs/2c/bundle.pem
@@ -0,0 +1,65 @@
		1	subject= CN = LibreSSL Test Server 1
		2	issuer= CN = LibreSSL Test Intermediate CA 1
		3	subject= CN = LibreSSL Test Root CA 1
		4	issuer= CN = LibreSSL Test Root CA 1
		5	subject= CN = LibreSSL Test Intermediate CA 1
		6	issuer= CN = LibreSSL Test Root CA 1
		7	-----BEGIN CERTIFICATE-----
		8	MIIDLjCCAhagAwIBAgIJAPZu+6cw2jdwMA0GCSqGSIb3DQEBCwUAMCoxKDAmBgNV
		9	BAMMH0xpYnJlU1NMIFRlc3QgSW50ZXJtZWRpYXRlIENBIDEwHhcNMjEwODI3MTYx
		10	MDQ1WhcNMzEwODI1MTYxMDQ1WjAhMR8wHQYDVQQDDBZMaWJyZVNTTCBUZXN0IFNl
		11	cnZlciAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1dWqojtfaPJV
		12	PuOthfyXAUt/EloMyut0RiorzcCjOnyUia+/t9svAZ1ZhzUgRuaxLRK9Uil7n5Al
		13	Sn7DTm/KFbTDVcUYR6V9/Zf6aW0lRsNxgBEARKuvLc55CGRCxaqoZi+0J/x343lU
		14	SFsnbNNz8ZEe/ukpTzJHUwKf4WSTp9QxVEKhMNyYngItkf0QIiwCcDxHxGvZ5y1F
		15	MKznU/2AVy7niwh92RnpI2N0icOymMDq62f1QGr5IX/ODRP6PeYN8P1dfAjcaX7q
		16	SpxsjxNLp9pvejlqdcZccTPN7YA32zk8ithR6Q6lja1tj49MYeAGxT2ESXkVNzMU
		17	dBKUBrLh9QIDAQABo2AwXjAdBgNVHQ4EFgQU62sFe6VLA3HGIecPuYggaD8Exwcw
		18	HwYDVR0jBBgwFoAUnf73tYa3Dw0RY7l+odx7TeXtYyUwDAYDVR0TAQH/BAIwADAO
		19	BgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBAGGy1Q5hWYg4iqhvkTUA
		20	w5UC4qNUoGmGsoAoASVtOHcW9VLXfwgtQ9zPYISPuIbt6jh9QV375Zda2IqZUCQi
		21	nBpIUg2nWGZoNawWUUnsho9NdFGtKIj0kKuiKm3doN6Xb6pFASg1n4dxRO2dAa3d
		22	UyJ1TlSGAKPlMxw8WcsTrokwdj58sQQTTDxWGhI7IFV4wfA9cV45ykNI1sxzz5pl
		23	5zGhuB9PycoF4B7bDlhJMw31wijQ5sTT3wuAk7lgWTsISS6JtzNq/wXL/mwvaXGU
		24	XIXzVcEffccojngT/3MUNx9a+OeChermKVk+rptk/allf1teIuFvGCyKvZvfCSoT
		25	y4o=
		26	-----END CERTIFICATE-----
		27	-----BEGIN CERTIFICATE-----
		28	MIIDKjCCAhKgAwIBAgIJAJJZtdkNyWp9MA0GCSqGSIb3DQEBCwUAMCIxIDAeBgNV
		29	BAMMF0xpYnJlU1NMIFRlc3QgUm9vdCBDQSAxMB4XDTIxMDgyNzE2MTA0NVoXDTMx
		30	MDgyNTE2MTA0NVowIjEgMB4GA1UEAwwXTGlicmVTU0wgVGVzdCBSb290IENBIDEw
		31	ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCSrmg0Xwwl9qZM5nnIJgG+
		32	HlRIOtFMh8OqZy17oHdwJbgYiQxEdU6TxpzXtt2F5zlbjF+cXCRo2361X753qlSc
		33	UkUUru2y82Qmibrqmw96ziifBed91d5U5OINdzCCcow4sgoXU4gDPJF0O1okvV/z
		34	woXgVblS5uVYSs0Lh6yE9RydV8RiPS0VRPGIyt2g+l1MJ3tyrhy/FUtUdxOXkPA+
		35	Hu5xI+WP/XUctD1WYBjbZFbOiXobf/HGkOwbnqijCTX0LU5g+Q6EWoyXPIYaH3us
		36	I1kPYJefpKJ3QpQWWXKuLFQcvMjL0IP3zN/0IFpZmnBAzAyO0xs7+tjjwJlEGAed
		37	AgMBAAGjYzBhMB0GA1UdDgQWBBSSJjZwiPxzph27rjn0IW2AVw4QrzAfBgNVHSME
		38	GDAWgBSSJjZwiPxzph27rjn0IW2AVw4QrzAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud
		39	DwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAesOq9J/tbU01E1kjBKkOK/nA
		40	GOaW5ZFtmAvod8m59TWurzoslSKbUw0pKKl1XO70xAaGot1f8PMjdRh0SkGSvkE2
		41	Z+r3IhKw063YWSApjcy6+Jcf/ONbFvihKsb+rgl+WFFHQzLDaPSAWYtCU2p/ap0h
		42	M1KPP80M2jf4zx9nhIypJ4t9cEspVbn4aVu+17a0avYNm+JtOCLeXelRdJgopbzR
		43	ItWgvCm7QXVYgPMEOj9OenMp9LL3BCs7xw2CnMUAI9hBRejTTGou5LSPrjvgX39w
		44	UhD/tIZ8/7L/z7KdDYFDfSsacwl2UX15khZ0zkAm/E0rrIiH5/yJ6S8PelszqQ==
		45	-----END CERTIFICATE-----
		46	-----BEGIN CERTIFICATE-----
		47	MIIDMjCCAhqgAwIBAgIJAPZu+6cw2jdvMA0GCSqGSIb3DQEBCwUAMCIxIDAeBgNV
		48	BAMMF0xpYnJlU1NMIFRlc3QgUm9vdCBDQSAxMB4XDTIxMDgyNzE2MTA0NVoXDTMx
		49	MDgyNTE2MTA0NVowKjEoMCYGA1UEAwwfTGlicmVTU0wgVGVzdCBJbnRlcm1lZGlh
		50	dGUgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL8EPpwdyr8A
		51	bwQ8BLnUWpj3hbZui0Ge2GYlfuE3IxoJTuup/Z5aRuZMrfa1kfh5aBYiU8Xo/Ap5
		52	a8+ikVEOr5693/PBQ7Mc6UkU/0eha1bRreyCfBO6VMFdGvAS1vixjkLgtlhGqpPQ
		53	Wod5cJolW2cPrZ9/YD0Z2WULXN0JX0speDUPde7QZbIEcwwG35BNvpUtpNpxOhXx
		54	naWdoweuAJj+aywsZMLmcWc5E0xnUE/gKmcQecnTjv07sJNM1/EDT51hXYkoT4mf
		55	IsnSTEqfCyyPvoAUamu1AddxCmSbHHSRj/xVfy0LF4uyU/gLGxltvhqgcGes6Bd6
		56	S2bjbJCTic8CAwEAAaNjMGEwHQYDVR0OBBYEFJ3+97WGtw8NEWO5fqHce03l7WMl
		57	MB8GA1UdIwQYMBaAFJImNnCI/HOmHbuuOfQhbYBXDhCvMA8GA1UdEwEB/wQFMAMB
		58	Af8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQAEJTY+STw65PB/
		59	r5nM8sDsD+1JVz/a+QIyX7ikWiNykWIY78gDtdHN4dQEAazcQv26N0y2YjQZ/UWe
		60	DdZ03rWhX4/lWraWrf1xLCfDtlq5OV59vuLPAaG6nkZ0cUhyUMqjbH3/0jHBaGF2
		61	T9eCsNI4k7wbth6WCdUqiJ7SUEpP2b/tRpwlRThoK947vuWIodqbejN/UldKnXkH
		62	AHuKRzJi9oa3D78JZHprOTx1MZ/8bNmuM/ksBZ2S+RKCZY2cZmm5Dn18OCaq0wf8
		63	CvgasC1QHSR4gdwY3a7D7wL1onYAnljgh7hOej8Dmp2EjD4kSZEu+SbLWDIZ7u14
		64	8n7FQbR6
		65	-----END CERTIFICATE-----


diff --git a/src/regress/lib/libcrypto/certs/2c/roots.pem b/src/regress/lib/libcrypto/certs/2c/roots.pem new file mode 100644 index 0000000000..ed5b6dc9e6 --- /dev/null +++ b/src/regress/lib/libcrypto/certs/2c/roots.pem
@@ -0,0 +1,21 @@
		1	subject= CN = LibreSSL Test Root CA 1
		2	issuer= CN = LibreSSL Test Root CA 1
		3	-----BEGIN CERTIFICATE-----
		4	MIIDKjCCAhKgAwIBAgIJAJJZtdkNyWp9MA0GCSqGSIb3DQEBCwUAMCIxIDAeBgNV
		5	BAMMF0xpYnJlU1NMIFRlc3QgUm9vdCBDQSAxMB4XDTIxMDgyNzE2MTA0NVoXDTMx
		6	MDgyNTE2MTA0NVowIjEgMB4GA1UEAwwXTGlicmVTU0wgVGVzdCBSb290IENBIDEw
		7	ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCSrmg0Xwwl9qZM5nnIJgG+
		8	HlRIOtFMh8OqZy17oHdwJbgYiQxEdU6TxpzXtt2F5zlbjF+cXCRo2361X753qlSc
		9	UkUUru2y82Qmibrqmw96ziifBed91d5U5OINdzCCcow4sgoXU4gDPJF0O1okvV/z
		10	woXgVblS5uVYSs0Lh6yE9RydV8RiPS0VRPGIyt2g+l1MJ3tyrhy/FUtUdxOXkPA+
		11	Hu5xI+WP/XUctD1WYBjbZFbOiXobf/HGkOwbnqijCTX0LU5g+Q6EWoyXPIYaH3us
		12	I1kPYJefpKJ3QpQWWXKuLFQcvMjL0IP3zN/0IFpZmnBAzAyO0xs7+tjjwJlEGAed
		13	AgMBAAGjYzBhMB0GA1UdDgQWBBSSJjZwiPxzph27rjn0IW2AVw4QrzAfBgNVHSME
		14	GDAWgBSSJjZwiPxzph27rjn0IW2AVw4QrzAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud
		15	DwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAesOq9J/tbU01E1kjBKkOK/nA
		16	GOaW5ZFtmAvod8m59TWurzoslSKbUw0pKKl1XO70xAaGot1f8PMjdRh0SkGSvkE2
		17	Z+r3IhKw063YWSApjcy6+Jcf/ONbFvihKsb+rgl+WFFHQzLDaPSAWYtCU2p/ap0h
		18	M1KPP80M2jf4zx9nhIypJ4t9cEspVbn4aVu+17a0avYNm+JtOCLeXelRdJgopbzR
		19	ItWgvCm7QXVYgPMEOj9OenMp9LL3BCs7xw2CnMUAI9hBRejTTGou5LSPrjvgX39w
		20	UhD/tIZ8/7L/z7KdDYFDfSsacwl2UX15khZ0zkAm/E0rrIiH5/yJ6S8PelszqQ==
		21	-----END CERTIFICATE-----


diff --git a/src/regress/lib/libcrypto/certs/README b/src/regress/lib/libcrypto/certs/README index 0d6fa7d48a..93165249ec 100644 --- a/src/regress/lib/libcrypto/certs/README +++ b/src/regress/lib/libcrypto/certs/README
@@ -12,6 +12,9 @@ intermediate certificates are contained in a bundle.pem file.
12		12
13	2b. Same as (2a), however the intermediate is missing which should	13	2b. Same as (2a), however the intermediate is missing which should
14	prevent verification.	14	prevent verification.
		15
		16	2c. Same as (2a), however the intermediate and root are in the intermediate
		17	bundle, (should verify)
15		18
16	3a. A leaf certificate signed by three intermediates, the last of	19	3a. A leaf certificate signed by three intermediates, the last of
17	which is signed by a root certificate (should verify).	20	which is signed by a root certificate (should verify).


diff --git a/src/regress/lib/libcrypto/certs/make-certs.sh b/src/regress/lib/libcrypto/certs/make-certs.sh index b34a547ba2..3854ff13e0 100644 --- a/src/regress/lib/libcrypto/certs/make-certs.sh +++ b/src/regress/lib/libcrypto/certs/make-certs.sh
@@ -223,6 +223,8 @@ create_root_bundle "./2a/roots.pem" "ca-root"
223	create_bundle "./2a/bundle.pem" "server-1" "ca-int-1"	223	create_bundle "./2a/bundle.pem" "server-1" "ca-int-1"
224	create_root_bundle "./2b/roots.pem" "ca-root"	224	create_root_bundle "./2b/roots.pem" "ca-root"
225	create_bundle "./2b/bundle.pem" "server-1"	225	create_bundle "./2b/bundle.pem" "server-1"
		226	create_root_bundle "./2c/roots.pem" "ca-root"
		227	create_bundle "./2c/bundle.pem" "server-1" "ca-root" "ca-int-1"
226		228
227	# Scenarios 3a, 3b, 3c, 3d and 3e.	229	# Scenarios 3a, 3b, 3c, 3d and 3e.
228	reset	230	reset


diff --git a/src/regress/lib/libcrypto/x509/verify.c b/src/regress/lib/libcrypto/x509/verify.c index 9ef68cd5ab..259854ef12 100644 --- a/src/regress/lib/libcrypto/x509/verify.c +++ b/src/regress/lib/libcrypto/x509/verify.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: verify.c,v 1.5 2020/11/18 06:56:07 tb Exp $ */	1	/* $OpenBSD: verify.c,v 1.6 2021/08/27 16:15:42 beck Exp $ */
2	/*	2	/*
3	* Copyright (c) 2020 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2020 Bob Beck <beck@openbsd.org>	4	* Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -239,6 +239,10 @@ struct verify_cert_test verify_cert_tests[] = {
239	.want_chains = 0,	239	.want_chains = 0,
240	},	240	},
241	{	241	{
		242	.id = "2c",
		243	.want_chains = 1,
		244	},
		245	{
242	.id = "3a",	246	.id = "3a",
243	.want_chains = 1,	247	.want_chains = 1,
244	},	248	},