add override cert date example for bad clock testing

certs/test/expired-cert.pem

@@ -0,0 +1,39 @@
+Certificate:
+    Data:
+        Version: 1 (0x0)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=US, ST=Montana, L=Bozeman, O=sawtooth, OU=consulting, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
+        Validity
+            Not Before: Jun 30 18:52:17 2010 GMT
+            Not After : Mar 26 18:52:17 2013 GMT
+        Subject: C=US, ST=Montana, L=Bozeman, O=yaSSL, OU=support, CN=www.yassl.com/emailAddress=info@yassl.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (512 bit)
+                Modulus (512 bit):
+                    00:c6:7b:c0:68:81:2f:de:82:3f:f9:ac:c3:86:4a:
+                    66:b7:ec:d4:f1:f6:64:21:ff:f5:a2:34:42:d0:38:
+                    9f:c6:dd:3b:6e:26:65:6a:54:96:dd:d2:7b:eb:36:
+                    a2:ae:7e:2a:9e:7e:56:a5:b6:87:9f:15:c7:18:66:
+                    7e:16:77:e2:a7
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: md5WithRSAEncryption
+        58:a9:98:e7:16:52:4c:40:e7:e1:47:92:19:1b:3a:8f:97:6c:
+        7b:b7:b0:cb:20:6d:ad:b5:d3:47:58:d8:e4:f2:3e:32:e9:ef:
+        87:77:e5:54:36:f4:8d:50:8d:07:b4:77:45:ea:9d:a4:33:36:
+        9b:0b:e0:74:58:11:c5:01:7b:4d
+-----BEGIN CERTIFICATE-----
+MIICFDCCAb4CAQEwDQYJKoZIhvcNAQEEBQAwgZ4xCzAJBgNVBAYTAlVTMRAwDgYD
+VQQIEwdNb250YW5hMRAwDgYDVQQHEwdCb3plbWFuMREwDwYDVQQKEwhzYXd0b290
+aDETMBEGA1UECxMKY29uc3VsdGluZzEkMCIGA1UEAxMbd3d3LnNhd3Rvb3RoLWNv
+bnN1bHRpbmcuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTAeFw0x
+MDA2MzAxODUyMTdaFw0xMzAzMjYxODUyMTdaMIGKMQswCQYDVQQGEwJVUzEQMA4G
+A1UECBMHTW9udGFuYTEQMA4GA1UEBxMHQm96ZW1hbjEOMAwGA1UEChMFeWFTU0wx
+EDAOBgNVBAsTB3N1cHBvcnQxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkq
+hkiG9w0BCQEWDmluZm9AeWFzc2wuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJB
+AMZ7wGiBL96CP/msw4ZKZrfs1PH2ZCH/9aI0QtA4n8bdO24mZWpUlt3Se+s2oq5+
+Kp5+VqW2h58VxxhmfhZ34qcCAwEAATANBgkqhkiG9w0BAQQFAANBAFipmOcWUkxA
+5+FHkhkbOo+XbHu3sMsgba2100dY2OTyPjLp74d35VQ29I1QjQe0d0XqnaQzNpsL
+4HRYEcUBe00=
+-----END CERTIFICATE-----

certs/test/expired-key.pem

@@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOwIBAAJBAMZ7wGiBL96CP/msw4ZKZrfs1PH2ZCH/9aI0QtA4n8bdO24mZWpU
+lt3Se+s2oq5+Kp5+VqW2h58VxxhmfhZ34qcCAwEAAQJBAJSbGxgjgV+rTZL2Ev58
+viN/IoB25cm/Bn4Heu7DNn2A2kpdGX2cCaf7rEQoIKCiHxvopvxOcd/7nLS/gNli
+dCECIQD/cX/9fvB1Uajw0fmvwNON9+3P9uJSqpig90zL32pwjQIhAMbqee9TBMN4
+TxXbgWqA92PrCXe8WDZ3PwoJqdR6MRUDAiEAny+TDF1z6hiWiGTCDgXDkKBlwgjf
+p5aKgR077XzwLu0CICVpWEGg1ZaF/CnaPP7w/pZ2UDOK4vRrfRnAM4bY7H5NAiBS
+1eXJ/MCZ2uPfpl7XK2BU9P69KdKUk5WHxdRchVvcDg==
+-----END RSA PRIVATE KEY-----

cyassl/test.h

@@ -9,6 +9,7 @@
 #include <ctype.h>
 #include <cyassl/ssl.h>
 #include <cyassl/ctaocrypt/types.h>
+#include <cyassl/ctaocrypt/error-crypt.h>
 
 #ifdef ATOMIC_USER
     #include <cyassl/ctaocrypt/aes.h>
@@ -894,6 +895,25 @@ static INLINE int myVerify(int preverify, CYASSL_X509_STORE_CTX* store)
 #endif /* VERIFY_CALLBACK */
 
 
+static INLINE int myDateCb(int preverify, CYASSL_X509_STORE_CTX* store)
+{
+    (void)preverify;
+    char buffer[CYASSL_MAX_ERROR_SZ];
+
+    printf("In verification callback, error = %d, %s\n", store->error,
+                                 CyaSSL_ERR_error_string(store->error, buffer));
+    printf("Subject's domain name is %s\n", store->domain);
+
+    if (store->error == ASN_BEFORE_DATE_E || store->error == ASN_AFTER_DATE_E) {
+        printf("Overriding cert date error as example for bad clock testing\n");
+        return 1;
+    }
+    printf("Cert error is not date error, not overriding\n");
+
+    return 0;
+}
+
+
 #ifdef HAVE_CRL
 
 static INLINE void CRL_CallBack(const char* url)

examples/client/client.c

@@ -128,6 +128,7 @@ static void Usage(void)
     printf("-s          Use pre Shared keys\n");
     printf("-t          Track CyaSSL memory use\n");
     printf("-d          Disable peer checks\n");
+    printf("-D          Override Date Errors example\n");
     printf("-g          Send server HTTP GET\n");
     printf("-u          Use UDP DTLS,"
            " add -v 2 for DTLSv1 (default), -v 3 for DTLSv1.2\n");
@@ -197,6 +198,7 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
     int    fewerPackets  = 0;
     int    atomicUser    = 0;
     int    pkCallbacks   = 0;
+    int    overrideDateErrors = 0;
     char*  cipherList = NULL;
     const char* verifyCert = caCert;
     const char* ourCert    = cliCert;
@@ -238,7 +240,7 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
     StackTrap();
 
     while ((ch = mygetopt(argc, argv,
-                          "?gdusmNrtfxUPh:p:v:l:A:c:k:b:zS:L:ToO:")) != -1) {
+                          "?gdDusmNrtfxUPh:p:v:l:A:c:k:b:zS:L:ToO:")) != -1) {
         switch (ch) {
             case '?' :
                 Usage();
@@ -252,6 +254,10 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
                 doPeerCheck = 0;
                 break;
 
+            case 'D' :
+                overrideDateErrors = 1;
+                break;
+
             case 'u' :
                 doDTLS  = 1;
                 break;
@@ -545,6 +551,8 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
 #if !defined(NO_CERTS)
     if (!usePsk && doPeerCheck == 0)
         CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
+    if (!usePsk && overrideDateErrors == 1)
+        CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myDateCb);
 #endif
 
 #ifdef HAVE_CAVIUM