wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 20:24:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

ocsp: add test for response with unusable internal cert

Browse Source 
- Added a new test case `resp_bad_embedded_cert` in
  `create_ocsp_test_blobs.py` to test OCSP response with an unusable
  internal cert that can be verified in Cert Manager.
- Updated `test_ocsp_response_parsing` in `ocsp.c` to include the new
  test case.
- Ensured the new test case checks for proper handling of OCSP responses
  with incorrect internal certificates.
This commit is contained in:
Marco Oliverio
2025-02-05 16:36:52 +00:00
parent 2c2eb2a285
commit 3724094ce2
2 changed files with 29 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
tests/api/create_ocsp_test_blobs.py
View File

@@ -382,6 +382,23 @@ if __name__ == '__main__':
'responder_cert': WOLFSSL_OCSP_CERT_PATH + 'root-ca-cert.pem', 'responder_cert': WOLFSSL_OCSP_CERT_PATH + 'root-ca-cert.pem',
'name': 'resp_bad_noauth' 'name': 'resp_bad_noauth'
}, },
{
'response_status': 0,
'signature_algorithm': signature_algorithm(),
'responder_by_name': True,
'responses': [
{
'issuer_cert': WOLFSSL_OCSP_CERT_PATH + 'root-ca-cert.pem',
'serial': 0x01,
'status': CERT_GOOD
},
],
# unrelated cert
'certs_path' : [WOLFSSL_OCSP_CERT_PATH + 'intermediate2-ca-cert.pem'],
'responder_cert': WOLFSSL_OCSP_CERT_PATH + 'root-ca-cert.pem',
'responder_key': WOLFSSL_OCSP_CERT_PATH + 'root-ca-key.pem',
'name': 'resp_bad_embedded_cert'
},
] ]
with open('./tests/api/ocsp_test_blobs.h', 'w') as f: with open('./tests/api/ocsp_test_blobs.h', 'w') as f:

12
tests/api/test_ocsp.c
View File

@@ -141,6 +141,18 @@ int test_ocsp_response_parsing(void)
#endif #endif
ret = test_ocsp_response_with_cm(&conf, expectedRet); ret = test_ocsp_response_with_cm(&conf, expectedRet);
ExpectIntEQ(ret, TEST_SUCCESS); ExpectIntEQ(ret, TEST_SUCCESS);
/* Test response with unusable internal cert but that can be verified in CM */
conf.resp = (unsigned char*)resp_bad_embedded_cert; // Response with wrong internal cert
conf.respSz = sizeof(resp_bad_embedded_cert);
conf.ca0 = root_ca_cert_pem; // Root CA cert
conf.ca0Sz = sizeof(root_ca_cert_pem);
conf.ca1 = NULL;
conf.ca1Sz = 0;
conf.targetCert = intermediate1_ca_cert_pem;
conf.targetCertSz = sizeof(intermediate1_ca_cert_pem);
ExpectIntEQ(test_ocsp_response_with_cm(&conf, WOLFSSL_SUCCESS), TEST_SUCCESS);
return EXPECT_SUCCESS(); return EXPECT_SUCCESS();
} }
#else /* HAVE_OCSP */ #else /* HAVE_OCSP */