feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

add more unit test case for load_crl_file

Browse Source
This commit is contained in:
Hideki Miyazaki
2021-01-15 15:54:52 +09:00
parent 544ed32893
commit 44a20c8ce6
6 changed files with 60 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
certs/crl/crl.der Normal file
View File

Binary file not shown.

BIN
certs/crl/crl2.der Normal file
View File

Binary file not shown.

5
certs/crl/gencrls.sh
View File

@ -177,4 +177,9 @@ echo "Step 22"
openssl ca -config ./wolfssl.cnf -gencrl -crldays 1000 -out caEcc384Crl.pem -keyfile ../ca-ecc384-key.pem -cert ../ca-ecc384-cert.pem
check_result $?
# create crl and crl2 der files for unit test
echo "Step 23"
openssl crl -in crl.pem -inform PEM -out crl.der -outform DER
openssl crl -in crl2.pem -inform PEM -out crl2.der -outform DER
exit 0

4
certs/crl/include.am
View File

@ -10,7 +10,9 @@ EXTRA_DIST += \
certs/crl/crl2.pem \
certs/crl/caEccCrl.pem \
certs/crl/caEcc384Crl.pem \
certs/crl/wolfssl.cnf
certs/crl/wolfssl.cnf \
certs/crl/crl.der \
certs/crl/crl2.der
EXTRA_DIST += \
certs/crl/crl.revoked

2
src/ssl.c
View File

@ -26058,6 +26058,8 @@ WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx,
ret = wolfSSL_X509_STORE_add_crl(ctx->store, crl);
if (ret == WOLFSSL_FAILURE) {
WOLFSSL_MSG("Adding crl failed");
} else {
ret = 1;/* handled a file */
}
}
} else {

50
tests/api.c
View File

@ -38801,6 +38801,11 @@ static void test_wolfSSL_X509_load_crl_file(void)
"./certs/crl/eccSrvCRL.pem",
""
};
char der[][100] = {
"./certs/crl/crl.der",
"./certs/crl/crl2.der",
""
};
WOLFSSL_X509_STORE* store;
WOLFSSL_X509_LOOKUP* lookup;
@ -38809,12 +38814,57 @@ static void test_wolfSSL_X509_load_crl_file(void)
AssertNotNull(store = wolfSSL_X509_STORE_new());
AssertNotNull(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()));
AssertIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem",
X509_FILETYPE_PEM), 1);
AssertIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/server-revoked-cert.pem",
X509_FILETYPE_PEM), 1);
if (store) {
AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile,
WOLFSSL_FILETYPE_PEM), 1);
/* since store hasn't yet known the revoked cert*/
AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, "certs/server-revoked-cert.pem",
WOLFSSL_FILETYPE_PEM), 1);
}
for (i = 0; pem[i][0] != '\0'; i++)
{
AssertIntEQ(wolfSSL_X509_load_crl_file(lookup, pem[i], WOLFSSL_FILETYPE_PEM), 1);
}
if (store) {
/* since store knows crl list */
AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, "certs/server-revoked-cert.pem",
WOLFSSL_FILETYPE_PEM ), CRL_CERT_REVOKED);
}
/* once feeing store */
wolfSSL_X509_STORE_free(store);
store = NULL;
AssertNotNull(store = wolfSSL_X509_STORE_new());
AssertNotNull(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()));
AssertIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem",
X509_FILETYPE_PEM), 1);
AssertIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/server-revoked-cert.pem",
X509_FILETYPE_PEM), 1);
if (store) {
AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile,
WOLFSSL_FILETYPE_PEM), 1);
/* since store hasn't yet known the revoked cert*/
AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, "certs/server-revoked-cert.pem",
WOLFSSL_FILETYPE_PEM), 1);
}
for (i = 0; der[i][0] != '\0'; i++)
{
AssertIntEQ(wolfSSL_X509_load_crl_file(lookup, der[i], WOLFSSL_FILETYPE_ASN1), 1);
}
if (store) {
/* since store knows crl list */
AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, "certs/server-revoked-cert.pem",
WOLFSSL_FILETYPE_PEM ), CRL_CERT_REVOKED);
}
printf(resultFmt, passed);