summaryrefslogtreecommitdiff
path: root/src/regress/lib/libcrypto/x509/Makefile (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Add regress coverage for X509_NAME_oneline and X509_NAME_printtb5 days1-1/+2
|
* zap a stray spacetb2024-06-161-2/+2
|
* Add regress coverage for X509V3_add1_i2d()tb2024-05-281-2/+2
|
* Sort alphabeticallytb2023-04-301-2/+2
|
* Remove unnecessary targettb2023-04-301-4/+1
|
* Hook up the the x509 policy regression tests to x509 regress.beck2023-04-281-2/+2
| | | | | | | | | These were adapted from BoringSSL's regress tests for x509 policy. They are currently marked as expected to fail as we have not enabled LIBRESSL_HAS_POLICY_DAG by default yet, and the old tree based policy code from OpenSSL is special. These tests pass when we build with LIBRESSL_HAS_POLICY_DAG.
* Rename dercache regress test to x509_asn1job2023-04-261-4/+4
| | | | Requested by jsing@
* Add regress test for invalidation of DER cache in select X509 setter functionsjob2023-04-251-2/+5
|
* Clean up the x509 regress make file a littletb2023-03-021-27/+10
|
* Start CBS-ifying the name constraints code.beck2022-11-111-1/+2
| | | | ok jsing@ tb@
* Fix the legacy verifier callback behaviour for untrusted certs.beck2022-06-281-2/+6
| | | | | | | | | | | | | | | | | | The verifier callback is used by mutt to do a form of certificate pinning where the callback gets fired and depending on a cert saved to a file will decide to accept an untrusted cert. This corrects two problems that affected this. The callback was not getting the correct depth and chain for the error where mutt would save the certificate in the first place, and then the callback was not getting fired to allow it to override the failing certificate validation. thanks to Avon Robertson <avon.r@xtra.co.nz> for the report and sthen@ for analysis. "The callback is not an API, it's a gordian knot - tb@" ok jsing@
* Move leaf certificate checks to the last thing after chain validation.beck2022-06-251-1/+6
| | | | | | | | While seemingly illogical and not what is done in Go's validator, this mimics OpenSSL's behavior so that callback overrides for the expiry of a certificate will not "sticky" override a failure to build a chain. ok jsing@
* Use consistent spacing around assignmentstb2022-06-021-4/+4
|
* Only constraints and verify need static linking in here.tb2022-06-021-3/+7
|
* link rfc3779 test to buildtb2021-12-241-2/+2
|
* Test adding extensions to certification requests.schwarze2021-11-031-2/+6
| | | | | Related to the bugfixes in x509_req.c rev. 1.25. OK tb@.
* Call the callback on success in new verifier in a compatible waybeck2021-09-031-3/+1
| | | | | | | | | | | | | when we succeed with a chain, and ensure we do not call the callback twice when the caller doesn't expect it. A refactor of the end of the legacy verify code in x509_vfy is probably overdue, but this should be done based on a piece that works. the important bit here is this allows the perl regression tests in tree to pass. Changes the previously committed regress tests to test the success case callbacks to be known to pass. ok bluhm@ tb@
* Add a regression test to verify that we call the callback in the samebeck2021-09-011-4/+15
| | | | | | | | | order on success for both the legacy and the new verifier, This avoids problems as seen in perl's regression tests for some of the crazy things net:ssleay does. This is currently marked as expected to fail, it will be expected to succeed after a forthcoming commit from me.
* Only remove the directories if there's an obj/ or obj@tb2021-08-281-2/+4
|
* Add a pass using the modern vfy with by_dir roots, code by me, script tobeck2021-08-281-1/+7
| | | | | | generate certdirs by jsing, and make chicken sacrifies by tb. ok tb@ jsing@
* Add x509_constraints.c - a new implementation of x509 name constraints, withbeck2020-09-111-5/+10
| | | | | | | regression tests. The use of the new name constraints is not yet activated in x509_vfy.c and will be activated in a follow on commit ok jsing@
* Add regress for X509_verify() using the new bundles.jsing2020-07-141-3/+6
| | | | | A number of these tests are known to fail due to bugs/incorrect verification implementation.
* When X509_ATTRIBUTE_create() receives an invalid NID (e.g., -1), returnschwarze2020-06-041-5/+8
| | | | | | | | | | | failure rather than silently constructing a broken X509_ATTRIBUTE object that might cause NULL pointer accesses later on. This matters because X509_ATTRIBUTE_create() is used by documented API functions like PKCS7_add_attribute(3) and the NID comes straight from the user. This fixes a bug found while working on documentation. OK tb@ and "thanks" bluhm@
* test X509_NAME_add_entry_by_txt(3); feedback and OK jsing@schwarze2018-04-071-0/+16
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 17:54:07 +0000