summaryrefslogtreecommitdiff
path: root/src/regress/lib/libcrypto/x509 (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Make this test compile against OpenSSL 1.1tb2020-10-021-11/+21
| | | | | | | The X509_STORE_CTX struct is opaque in OpenSSL 1.1. To avoid reaching inside it, reuse the trusted certificate store that was just assigned to it and use X509_STORE_CTX_get0_param(3) to access the verification parameters.
* move a misplaced 'goto done;' so that all invalid uris are testedtb2020-09-211-1/+1
|
* add a few short invalid URIs in test_constraints1() that cause earlytb2020-09-211-0/+4
| | | | failure of x509_constraints_uri_host() in x509_constraints_uri()
* Correct a 1 byte read overflow in x509_contraints_uri and addbeck2020-09-201-0/+4
| | | | | | | | regress to catch it in the future. found by Guido Vranken's cryptofuzzer ok tb@
* Move variable declaration to beginning of scope in order to make thistb2020-09-181-3/+4
| | | | test compile and pass on sparc64.
* make this test compile and pass on sparc64 by moving variable declarationstb2020-09-181-4/+9
| | | | to the beginning of the respective scopes (and out of for loops)
* move variable declaration up to top to make this compile and passtb2020-09-181-1/+1
| | | | on sparc64
* Use void function argument to appease gcc 4.2.1tb2020-09-181-1/+1
|
* Change the known output to be the expected output, so that webeck2020-09-141-1421/+1421
| | | | | | no longer ignore the expected failures from the legacy name constraints validation, and will have a regress failure if we regress.
* Use a fixed validation time in these tests so we neverbeck2020-09-141-2/+4
| | | | | have to re-generate these certificates and this should just keep working even if the certs get old
* Add new x509 certificate chain validator in x509_verify.cbeck2020-09-131-9/+90
| | | | | | | | | | | | | | | | | | | The new validator finds multiple validated chains to handle the modern PKI cases which may frequently have multiple paths via different intermediates to different roots. It is loosely based on golang's x509 validator This includes integration so that the new validator can be used via X509_verify_cert() as well as a new api x509_verify() which will return multiple chains (similar to go). The new validator is not enabled by default with this commit, this will be changed in a follow on commit. The new public API is not yet exposed, and will be finalized and exposed with a man page and a library minor bump later. ok tb@ inoguchi@ jsing@
* remove unused include that breaks regressbeck2020-09-121-1/+0
|
* Add x509_constraints.c - a new implementation of x509 name constraints, withbeck2020-09-112-5/+495
| | | | | | | regression tests. The use of the new name constraints is not yet activated in x509_vfy.c and will be activated in a follow on commit ok jsing@
* Fix perl bugs that had me printing the wrong cert number for errorsbeck2020-07-161-8/+9
|
* The exit code from the perl matters herebeck2020-07-151-1/+3
|
* Don't leak the X509_STOREbeck2020-07-151-1/+3
|
* Add certificate validation tests generated using the tools frombeck2020-07-1510945-0/+444760
| | | | | | | | bettertls.com, and a verification suite to try each certificate in the same manner as the web based tests do using X509_verify. This includes the list of "known" failures today in our validaion code so we can move forward without moving back.
* Add regress for X509_verify() using the new bundles.jsing2020-07-142-3/+369
| | | | | A number of these tests are known to fail due to bugs/incorrect verification implementation.
* When X509_ATTRIBUTE_create() receives an invalid NID (e.g., -1), returnschwarze2020-06-042-5/+115
| | | | | | | | | | | failure rather than silently constructing a broken X509_ATTRIBUTE object that might cause NULL pointer accesses later on. This matters because X509_ATTRIBUTE_create() is used by documented API functions like PKCS7_add_attribute(3) and the NID comes straight from the user. This fixes a bug found while working on documentation. OK tb@ and "thanks" bluhm@
* Fix a leak reported by Ben L bobsayshilol () live ! co ! uk.tb2018-11-101-1/+3
|
* test X509_NAME_add_entry_by_txt(3); feedback and OK jsing@schwarze2018-04-073-0/+78
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 17:45:38 +0000