feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

ocsp/test: better test assertions

Browse Source
This commit is contained in:
Marco Oliverio
2025-02-05 17:14:06 +00:00
parent 69116eb05d
commit 4351a5dd70
1 changed files with 120 additions and 114 deletions
Download Patch File Download Diff File Expand all files Collapse all files

222
tests/api/test_ocsp.c
View File

@@ -69,42 +69,44 @@ static int test_ocsp_response_with_cm(struct test_conf* c, int expectedRet)
EXPECT_DECLS; EXPECT_DECLS;
WOLFSSL_CERT_MANAGER* cm = NULL; WOLFSSL_CERT_MANAGER* cm = NULL;
struct ocsp_cb_ctx cb_ctx; struct ocsp_cb_ctx cb_ctx;
int ret;
cm = wolfSSL_CertManagerNew(); ExpectNotNull(cm = wolfSSL_CertManagerNew());
ExpectNotNull(cm); ExpectIntEQ(wolfSSL_CertManagerEnableOCSP(cm,
ret = wolfSSL_CertManagerEnableOCSP(cm, WOLFSSL_OCSP_URL_OVERRIDE | WOLFSSL_OCSP_NO_NONCE),
WOLFSSL_OCSP_URL_OVERRIDE | WOLFSSL_OCSP_NO_NONCE); WOLFSSL_SUCCESS);
ExpectIntEQ(ret, WOLFSSL_SUCCESS); ExpectIntEQ(wolfSSL_CertManagerSetOCSPOverrideURL(cm, "http://foo.com"),
ret = wolfSSL_CertManagerSetOCSPOverrideURL(cm, "http://foo.com"); WOLFSSL_SUCCESS);
ExpectIntEQ(ret, WOLFSSL_SUCCESS);
cb_ctx.response = (byte*)c->resp; cb_ctx.response = (byte*)c->resp;
cb_ctx.responseSz = c->respSz; cb_ctx.responseSz = c->respSz;
ret = wolfSSL_CertManagerSetOCSP_Cb(cm, ocsp_cb, NULL, (void*)&cb_ctx); ExpectIntEQ(
ExpectIntEQ(ret, WOLFSSL_SUCCESS); wolfSSL_CertManagerSetOCSP_Cb(cm, ocsp_cb, NULL, (void*)&cb_ctx),
WOLFSSL_SUCCESS);
/* add ca in cm */ /* add ca in cm */
if (c->ca0 != NULL) { if (c->ca0 != NULL) {
ret = wolfSSL_CertManagerLoadCABuffer(cm, c->ca0, c->ca0Sz, ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, c->ca0, c->ca0Sz,
WOLFSSL_FILETYPE_ASN1); WOLFSSL_FILETYPE_ASN1),
ExpectIntEQ(ret, WOLFSSL_SUCCESS); WOLFSSL_SUCCESS);
} }
if (c->ca1 != NULL) { if (c->ca1 != NULL) {
ret = wolfSSL_CertManagerLoadCABuffer(cm, c->ca1, c->ca1Sz, ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, c->ca1, c->ca1Sz,
WOLFSSL_FILETYPE_ASN1); WOLFSSL_FILETYPE_ASN1),
ExpectIntEQ(ret, WOLFSSL_SUCCESS); WOLFSSL_SUCCESS);
} }
/* check cert */ /* check cert */
ret = wolfSSL_CertManagerCheckOCSP(cm, c->targetCert, c->targetCertSz); ExpectIntEQ(
ExpectIntEQ(ret, expectedRet); wolfSSL_CertManagerCheckOCSP(cm, c->targetCert, c->targetCertSz),
expectedRet);
if (cm != NULL)
wolfSSL_CertManagerFree(cm); wolfSSL_CertManagerFree(cm);
return EXPECT_RESULT(); return EXPECT_RESULT();
} }
int test_ocsp_response_parsing(void) int test_ocsp_response_parsing(void)
{ {
struct test_conf conf;
int ret, expectedRet;
EXPECT_DECLS; EXPECT_DECLS;
struct test_conf conf;
int expectedRet;
conf.resp = (unsigned char*)resp; conf.resp = (unsigned char*)resp;
conf.respSz = sizeof(resp); conf.respSz = sizeof(resp);
conf.ca0 = root_ca_cert_pem; conf.ca0 = root_ca_cert_pem;
@@ -113,8 +115,8 @@ int test_ocsp_response_parsing(void)
conf.ca1Sz = 0; conf.ca1Sz = 0;
conf.targetCert = intermediate1_ca_cert_pem; conf.targetCert = intermediate1_ca_cert_pem;
conf.targetCertSz = sizeof(intermediate1_ca_cert_pem); conf.targetCertSz = sizeof(intermediate1_ca_cert_pem);
ret = test_ocsp_response_with_cm(&conf, WOLFSSL_SUCCESS); ExpectIntEQ(test_ocsp_response_with_cm(&conf, WOLFSSL_SUCCESS),
ExpectIntEQ(ret, TEST_SUCCESS); TEST_SUCCESS);
conf.resp = (unsigned char*)resp_multi; conf.resp = (unsigned char*)resp_multi;
conf.respSz = sizeof(resp_multi); conf.respSz = sizeof(resp_multi);
@@ -124,8 +126,8 @@ int test_ocsp_response_parsing(void)
conf.ca1Sz = 0; conf.ca1Sz = 0;
conf.targetCert = intermediate1_ca_cert_pem; conf.targetCert = intermediate1_ca_cert_pem;
conf.targetCertSz = sizeof(intermediate1_ca_cert_pem); conf.targetCertSz = sizeof(intermediate1_ca_cert_pem);
ret = test_ocsp_response_with_cm(&conf, WOLFSSL_SUCCESS); ExpectIntEQ(test_ocsp_response_with_cm(&conf, WOLFSSL_SUCCESS),
ExpectIntEQ(ret, TEST_SUCCESS); TEST_SUCCESS);
conf.resp = (unsigned char*)resp_bad_noauth; conf.resp = (unsigned char*)resp_bad_noauth;
conf.respSz = sizeof(resp_bad_noauth); conf.respSz = sizeof(resp_bad_noauth);
@@ -139,11 +141,12 @@ int test_ocsp_response_parsing(void)
#ifdef WOLFSSL_NO_OCSP_ISSUER_CHECK #ifdef WOLFSSL_NO_OCSP_ISSUER_CHECK
expectedRet = WOLFSSL_SUCCESS; expectedRet = WOLFSSL_SUCCESS;
#endif #endif
ret = test_ocsp_response_with_cm(&conf, expectedRet); ExpectIntEQ(test_ocsp_response_with_cm(&conf, expectedRet), TEST_SUCCESS);
ExpectIntEQ(ret, TEST_SUCCESS);
/* Test response with unusable internal cert but that can be verified in CM */ /* Test response with unusable internal cert but that can be verified in CM
conf.resp = (unsigned char*)resp_bad_embedded_cert; // Response with wrong internal cert */
conf.resp = (unsigned char*)
resp_bad_embedded_cert; // Response with wrong internal cert
conf.respSz = sizeof(resp_bad_embedded_cert); conf.respSz = sizeof(resp_bad_embedded_cert);
conf.ca0 = root_ca_cert_pem; // Root CA cert conf.ca0 = root_ca_cert_pem; // Root CA cert
conf.ca0Sz = sizeof(root_ca_cert_pem); conf.ca0Sz = sizeof(root_ca_cert_pem);
@@ -151,12 +154,14 @@ int test_ocsp_response_parsing(void)
conf.ca1Sz = 0; conf.ca1Sz = 0;
conf.targetCert = intermediate1_ca_cert_pem; conf.targetCert = intermediate1_ca_cert_pem;
conf.targetCertSz = sizeof(intermediate1_ca_cert_pem); conf.targetCertSz = sizeof(intermediate1_ca_cert_pem);
ExpectIntEQ(test_ocsp_response_with_cm(&conf, WOLFSSL_SUCCESS), TEST_SUCCESS); ExpectIntEQ(test_ocsp_response_with_cm(&conf, WOLFSSL_SUCCESS),
TEST_SUCCESS);
return EXPECT_SUCCESS(); return EXPECT_SUCCESS();
} }
#else /* HAVE_OCSP */ #else /* HAVE_OCSP */
int test_ocsp_response_parsing(void) { int test_ocsp_response_parsing(void)
{
return TEST_SKIPPED; return TEST_SKIPPED;
} }
#endif /* HAVE_OCSP */ #endif /* HAVE_OCSP */
@@ -167,15 +172,11 @@ static int test_ocsp_create_x509store(WOLFSSL_X509_STORE** store,
{ {
EXPECT_DECLS; EXPECT_DECLS;
WOLFSSL_X509* cert = NULL; WOLFSSL_X509* cert = NULL;
int ret;
*store = wolfSSL_X509_STORE_new(); ExpectNotNull(*store = wolfSSL_X509_STORE_new());
ExpectNotNull(*store); ExpectNotNull(cert = wolfSSL_X509_d2i(&cert, ca, caSz));
cert = wolfSSL_X509_d2i(&cert, ca, caSz); ExpectIntEQ(wolfSSL_X509_STORE_add_cert(*store, cert), WOLFSSL_SUCCESS);
ExpectNotNull(cert);
ret = wolfSSL_X509_STORE_add_cert(*store, cert);
wolfSSL_X509_free(cert); wolfSSL_X509_free(cert);
ExpectIntEQ(ret, WOLFSSL_SUCCESS);
return EXPECT_RESULT(); return EXPECT_RESULT();
} }
@@ -184,36 +185,30 @@ static int test_create_stack_of_x509(WOLF_STACK_OF(WOLFSSL_X509) * *certs,
{ {
EXPECT_DECLS; EXPECT_DECLS;
WOLFSSL_X509* cert = NULL; WOLFSSL_X509* cert = NULL;
int ret;
*certs = wolfSSL_sk_X509_new_null(); ExpectNotNull(*certs = wolfSSL_sk_X509_new_null());
ExpectNotNull(*certs); ExpectNotNull(cert = wolfSSL_X509_d2i(&cert, der, derSz));
cert = wolfSSL_X509_d2i(&cert, der, derSz); ExpectIntEQ(wolfSSL_sk_X509_push(*certs, cert), 1);
ExpectNotNull(cert);
ret = wolfSSL_sk_X509_push(*certs, cert);
ExpectIntEQ(ret, 1);
return EXPECT_RESULT(); return EXPECT_RESULT();
} }
int test_ocsp_basic_verify(void) int test_ocsp_basic_verify(void)
{ {
EXPECT_DECLS; EXPECT_DECLS;
WOLF_STACK_OF(WOLFSSL_X509) * certs; WOLF_STACK_OF(WOLFSSL_X509)* certs = NULL;
WOLFSSL_X509_STORE* store = NULL; WOLFSSL_X509_STORE* store = NULL;
const unsigned char* ptr = NULL; const unsigned char* ptr = NULL;
OcspResponse* response = NULL; OcspResponse* response = NULL;
DecodedCert cert; DecodedCert cert;
int ret;
wc_InitDecodedCert(&cert, ocsp_responder_cert_pem, wc_InitDecodedCert(&cert, ocsp_responder_cert_pem,
sizeof(ocsp_responder_cert_pem), NULL); sizeof(ocsp_responder_cert_pem), NULL);
ret = wc_ParseCert(&cert, CERT_TYPE, 0, NULL); ExpectIntEQ(wc_ParseCert(&cert, CERT_TYPE, 0, NULL), 0);
ExpectIntEQ(ret, 0);
/* just decoding */ /* just decoding */
ptr = (const unsigned char*)resp; ptr = (const unsigned char*)resp;
response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp)); ExpectNotNull(
ExpectNotNull(response); response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp)));
ExpectIntEQ(response->responseStatus, 0); ExpectIntEQ(response->responseStatus, 0);
ExpectIntEQ(response->responderIdType, OCSP_RESPONDER_ID_NAME); ExpectIntEQ(response->responderIdType, OCSP_RESPONDER_ID_NAME);
ExpectBufEQ(response->responderId.nameHash, cert.subjectHash, ExpectBufEQ(response->responderId.nameHash, cert.subjectHash,
@@ -222,8 +217,8 @@ int test_ocsp_basic_verify(void)
/* responder Id by key hash */ /* responder Id by key hash */
ptr = (const unsigned char*)resp_rid_bykey; ptr = (const unsigned char*)resp_rid_bykey;
response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp_rid_bykey)); ExpectNotNull(response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr,
ExpectNotNull(response); sizeof(resp_rid_bykey)));
ExpectIntEQ(response->responseStatus, 0); ExpectIntEQ(response->responseStatus, 0);
ExpectIntEQ(response->responderIdType, OCSP_RESPONDER_ID_KEY); ExpectIntEQ(response->responderIdType, OCSP_RESPONDER_ID_KEY);
ExpectBufEQ(response->responderId.keyHash, cert.subjectKeyHash, ExpectBufEQ(response->responderId.keyHash, cert.subjectKeyHash,
@@ -232,112 +227,122 @@ int test_ocsp_basic_verify(void)
/* decoding with no embedded certificates */ /* decoding with no embedded certificates */
ptr = (const unsigned char*)resp_nocert; ptr = (const unsigned char*)resp_nocert;
response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp_nocert)); ExpectNotNull(
ExpectNotNull(response); response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp_nocert)));
ExpectIntEQ(response->responseStatus, 0); ExpectIntEQ(response->responseStatus, 0);
wolfSSL_OCSP_RESPONSE_free(response); wolfSSL_OCSP_RESPONSE_free(response);
/* decoding an invalid response */ /* decoding an invalid response */
ptr = (const unsigned char*)resp_bad; ptr = (const unsigned char*)resp_bad;
response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp_bad)); ExpectNull(
ExpectNull(response); response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp_bad)));
ptr = (const unsigned char*)resp; ptr = (const unsigned char*)resp;
response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp)); ExpectNotNull(
ExpectNotNull(response); response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp)));
/* no verify signer certificate */ /* no verify signer certificate */
ret = wolfSSL_OCSP_basic_verify(response, NULL, NULL, OCSP_NOVERIFY); ExpectIntEQ(wolfSSL_OCSP_basic_verify(response, NULL, NULL, OCSP_NOVERIFY),
ExpectIntEQ(ret, WOLFSSL_SUCCESS); WOLFSSL_SUCCESS);
/* verify that the signature is checked */ /* verify that the signature is checked */
if (EXPECT_SUCCESS()) {
response->sig[0] ^= 0xff; response->sig[0] ^= 0xff;
ret = wolfSSL_OCSP_basic_verify(response, NULL, NULL, OCSP_NOVERIFY); }
ExpectIntEQ(ret, WOLFSSL_FAILURE); ExpectIntEQ(wolfSSL_OCSP_basic_verify(response, NULL, NULL, OCSP_NOVERIFY),
WOLFSSL_FAILURE);
wolfSSL_OCSP_RESPONSE_free(response); wolfSSL_OCSP_RESPONSE_free(response);
/* populate a store with root-ca-cert */ /* populate a store with root-ca-cert */
ret = test_ocsp_create_x509store(&store, root_ca_cert_pem, ExpectIntEQ(test_ocsp_create_x509store(&store, root_ca_cert_pem,
sizeof(root_ca_cert_pem)); sizeof(root_ca_cert_pem)),
ExpectIntEQ(ret, TEST_SUCCESS); TEST_SUCCESS);
/* populate a WOLF_STACK_OF(WOLFSSL_X509) with responder certificate */ /* populate a WOLF_STACK_OF(WOLFSSL_X509) with responder certificate */
ret = test_create_stack_of_x509(&certs, ocsp_responder_cert_pem, ExpectIntEQ(test_create_stack_of_x509(&certs, ocsp_responder_cert_pem,
sizeof(ocsp_responder_cert_pem)); sizeof(ocsp_responder_cert_pem)),
ExpectIntEQ(ret, TEST_SUCCESS); TEST_SUCCESS);
/* cert not embedded, cert in certs, validated using store */ /* cert not embedded, cert in certs, validated using store */
ptr = (const unsigned char*)resp_nocert; ptr = (const unsigned char*)resp_nocert;
response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp_nocert)); ExpectNotNull(
ExpectNotNull(response); response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp_nocert)));
ret = wolfSSL_OCSP_basic_verify(response, certs, store, 0); ExpectIntEQ(wolfSSL_OCSP_basic_verify(response, certs, store, 0),
ExpectIntEQ(ret, WOLFSSL_SUCCESS); WOLFSSL_SUCCESS);
wolfSSL_OCSP_RESPONSE_free(response); wolfSSL_OCSP_RESPONSE_free(response);
/* cert embedded, verified using store */ /* cert embedded, verified using store */
ptr = (const unsigned char*)resp; ptr = (const unsigned char*)resp;
response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp)); ExpectNotNull(
ExpectNotNull(response); response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp)));
ret = wolfSSL_OCSP_basic_verify(response, NULL, store, 0); ExpectIntEQ(wolfSSL_OCSP_basic_verify(response, NULL, store, 0),
ExpectIntEQ(ret, WOLFSSL_SUCCESS); WOLFSSL_SUCCESS);
/* make invalid signature */ /* make invalid signature */
if (EXPECT_SUCCESS()) {
response->sig[0] ^= 0xff; response->sig[0] ^= 0xff;
ret = wolfSSL_OCSP_basic_verify(response, NULL, store, 0); }
ExpectIntEQ(ret, WOLFSSL_FAILURE); ExpectIntEQ(wolfSSL_OCSP_basic_verify(response, NULL, store, 0),
WOLFSSL_FAILURE);
if (EXPECT_SUCCESS()) {
response->sig[0] ^= 0xff; response->sig[0] ^= 0xff;
}
/* cert embedded and in certs, no store needed bc OCSP_TRUSTOTHER */ /* cert embedded and in certs, no store needed bc OCSP_TRUSTOTHER */
ret = wolfSSL_OCSP_basic_verify(response, certs, NULL, OCSP_TRUSTOTHER); ExpectIntEQ(
ExpectIntEQ(ret, WOLFSSL_SUCCESS); wolfSSL_OCSP_basic_verify(response, certs, NULL, OCSP_TRUSTOTHER),
WOLFSSL_SUCCESS);
/* this should also pass */ /* this should also pass */
ret = wolfSSL_OCSP_basic_verify(response, certs, store, OCSP_NOINTERN); ExpectIntEQ(
ExpectIntEQ(ret, WOLFSSL_SUCCESS); wolfSSL_OCSP_basic_verify(response, certs, store, OCSP_NOINTERN),
WOLFSSL_SUCCESS);
/* this should not */ /* this should not */
ret = wolfSSL_OCSP_basic_verify(response, NULL, store, OCSP_NOINTERN); ExpectIntNE(wolfSSL_OCSP_basic_verify(response, NULL, store, OCSP_NOINTERN),
ExpectIntNE(ret, WOLFSSL_SUCCESS); WOLFSSL_SUCCESS);
wolfSSL_OCSP_RESPONSE_free(response); wolfSSL_OCSP_RESPONSE_free(response);
/* cert not embedded, not certs */ /* cert not embedded, not certs */
ptr = (const unsigned char*)resp_nocert; ptr = (const unsigned char*)resp_nocert;
response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp_nocert)); ExpectNotNull(
ExpectNotNull(response); response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp_nocert)));
ret = wolfSSL_OCSP_basic_verify(response, NULL, store, 0); ExpectIntNE(wolfSSL_OCSP_basic_verify(response, NULL, store, 0),
ExpectIntNE(ret, WOLFSSL_SUCCESS); WOLFSSL_SUCCESS);
wolfSSL_OCSP_RESPONSE_free(response); wolfSSL_OCSP_RESPONSE_free(response);
wolfSSL_sk_X509_pop_free(certs, wolfSSL_X509_free); wolfSSL_sk_X509_pop_free(certs, wolfSSL_X509_free);
wolfSSL_X509_STORE_free(store); wolfSSL_X509_STORE_free(store);
ret = test_ocsp_create_x509store(&store, root_ca_cert_pem, ExpectIntEQ(test_ocsp_create_x509store(&store, root_ca_cert_pem,
sizeof(root_ca_cert_pem)); sizeof(root_ca_cert_pem)),
ExpectIntEQ(ret, TEST_SUCCESS); TEST_SUCCESS);
ret = test_create_stack_of_x509(&certs, root_ca_cert_pem, ExpectIntEQ(test_create_stack_of_x509(&certs, root_ca_cert_pem,
sizeof(root_ca_cert_pem)); sizeof(root_ca_cert_pem)),
ExpectIntEQ(ret, TEST_SUCCESS); TEST_SUCCESS);
/* multiple responses in a ocsp response */ /* multiple responses in a ocsp response */
ptr = (const unsigned char*)resp_multi; ptr = (const unsigned char*)resp_multi;
response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp_multi)); ExpectNotNull(
ExpectNotNull(response); response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp_multi)));
ret = wolfSSL_OCSP_basic_verify(response, certs, store, 0); ExpectIntEQ(wolfSSL_OCSP_basic_verify(response, certs, store, 0),
ExpectIntEQ(ret, WOLFSSL_SUCCESS); WOLFSSL_SUCCESS);
wolfSSL_OCSP_RESPONSE_free(response); wolfSSL_OCSP_RESPONSE_free(response);
/* cert in certs, cert verified on store, not authorized to verify all /* cert in certs, cert verified on store, not authorized to verify all
* responses */ * responses */
ptr = (const unsigned char*)resp_bad_noauth; ptr = (const unsigned char*)resp_bad_noauth;
response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp_bad_noauth)); ExpectNotNull(response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr,
ExpectNotNull(response); sizeof(resp_bad_noauth)));
ret = wolfSSL_OCSP_basic_verify(response, certs, store, 0); ExpectIntEQ(wolfSSL_OCSP_basic_verify(response, certs, store, 0),
#ifndef WOLFSSL_NO_OCSP_ISSUER_CHECK #ifndef WOLFSSL_NO_OCSP_ISSUER_CHECK
ExpectIntEQ(ret, WOLFSSL_FAILURE); WOLFSSL_FAILURE);
#else #else
ExpectIntEQ(ret, WOLFSSL_SUCCESS); WOLFSSL_SUCCESS);
#endif #endif
/* should pass with OCSP_NOCHECKS ...*/ /* should pass with OCSP_NOCHECKS ...*/
ret = wolfSSL_OCSP_basic_verify(response, certs, store, OCSP_NOCHECKS); ExpectIntEQ(
ExpectIntEQ(ret, WOLFSSL_SUCCESS); wolfSSL_OCSP_basic_verify(response, certs, store, OCSP_NOCHECKS),
WOLFSSL_SUCCESS);
/* or with OSCP_TRUSTOTHER */ /* or with OSCP_TRUSTOTHER */
ret = wolfSSL_OCSP_basic_verify(response, certs, store, OCSP_TRUSTOTHER); ExpectIntEQ(
ExpectIntEQ(ret, WOLFSSL_SUCCESS); wolfSSL_OCSP_basic_verify(response, certs, store, OCSP_TRUSTOTHER),
WOLFSSL_SUCCESS);
wolfSSL_OCSP_RESPONSE_free(response); wolfSSL_OCSP_RESPONSE_free(response);
wc_FreeDecodedCert(&cert); wc_FreeDecodedCert(&cert);
@@ -347,7 +352,8 @@ int test_ocsp_basic_verify(void)
return EXPECT_RESULT(); return EXPECT_RESULT();
} }
#else #else
int test_ocsp_basic_verify(void) { int test_ocsp_basic_verify(void)
{
return TEST_SKIPPED; return TEST_SKIPPED;
} }
#endif /* HAVE_OCSP && (OPENSSL_ALL || OPENSSL_EXTRA) */ #endif /* HAVE_OCSP && (OPENSSL_ALL || OPENSSL_EXTRA) */