From 44a20c8ce6c8bacf882ba1b74ed881d0778a2ef8 Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Fri, 15 Jan 2021 15:54:52 +0900 Subject: [PATCH] add more unit test case for load_crl_file --- certs/crl/crl.der | Bin 0 -> 520 bytes certs/crl/crl2.der | Bin 0 -> 520 bytes certs/crl/gencrls.sh | 5 +++++ certs/crl/include.am | 4 +++- src/ssl.c | 2 ++ tests/api.c | 50 +++++++++++++++++++++++++++++++++++++++++++ 6 files changed, 60 insertions(+), 1 deletion(-) create mode 100644 certs/crl/crl.der create mode 100644 certs/crl/crl2.der diff --git a/certs/crl/crl.der b/certs/crl/crl.der new file mode 100644 index 0000000000000000000000000000000000000000..f8726dd52d15659ed8bdafeff3cdd9d4b8cf05ba GIT binary patch literal 520 zcmXqLVq!69e9OehXu!+HsnzDu_MMlJk(-slpmB;Jw*e;`b0`a&FjHu-p@0D&h{M6d z?wg-il9-nW6Jh6Jcgn9y%}vZR6g1!mso~<`2u>_7$mflJj#72r)4-p($FxXTW2?#l{>eE5gFe#K?r^Q|2Z{Mh1gr zE!n$YsPDc0_SX~MPYm8#l9FQbmkb{`d0JWIukp?P8I-cH%5Oqz<5k_=pHA=gRX=q9 zMp<3G!}+fg?^iLbN*R6H^sr$(F^^6bCmJ6PY3^eWBdgO0LntQ*@h1zSY&NV1+dbWYdGfZ4c z`|<+kRY^M+l%7bl5SU@5_SszYhe3_P#_XArg2%QkH%VMD@1)h5|C8tM6!w^P>2bym z-U<0GB`Svh(`Wb!?Eb3F^+PCn{qj5B!OLA+XHGm6e0;5T&xALZzIvntR7tWjE&Q_7$mflJj#72r)4-p($FxXTW2?#l{>eE5gFe#K?r^Q|2Z{Mh1gr zE!n$YsPDc0_SX~MPYm8#l9FQbmkb{`d0JWIukp?P8I-cH%5Oqz<5k_=pHA=gRX=q9 zMp<3G!}+fg?^iLbN*R6H^sr$(F^^6bCmJ6PY3^eWBdgO0LntQ*@h1zSY&NV1+dbWYdGfZ4c z`|<+kRY^M+l%7bl5SU@5_SszYhe3_P#_XArg2%QkH%VMD@1)h5|C8tM6!w^P>2bym z-U<0GB`Svh(`Wb!?Eb3F^+PCn{qj5B!OLA+XHGm6e0;5T&xALZzIvntR7tWjE&Qstore, crl); if (ret == WOLFSSL_FAILURE) { WOLFSSL_MSG("Adding crl failed"); + } else { + ret = 1;/* handled a file */ } } } else { diff --git a/tests/api.c b/tests/api.c index f64ff3dd5..3ef4d884c 100644 --- a/tests/api.c +++ b/tests/api.c @@ -38801,6 +38801,11 @@ static void test_wolfSSL_X509_load_crl_file(void) "./certs/crl/eccSrvCRL.pem", "" }; + char der[][100] = { + "./certs/crl/crl.der", + "./certs/crl/crl2.der", + "" + }; WOLFSSL_X509_STORE* store; WOLFSSL_X509_LOOKUP* lookup; @@ -38809,12 +38814,57 @@ static void test_wolfSSL_X509_load_crl_file(void) AssertNotNull(store = wolfSSL_X509_STORE_new()); AssertNotNull(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file())); + AssertIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem", + X509_FILETYPE_PEM), 1); + AssertIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/server-revoked-cert.pem", + X509_FILETYPE_PEM), 1); + if (store) { + AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile, + WOLFSSL_FILETYPE_PEM), 1); + /* since store hasn't yet known the revoked cert*/ + AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, "certs/server-revoked-cert.pem", + WOLFSSL_FILETYPE_PEM), 1); + } + for (i = 0; pem[i][0] != '\0'; i++) { AssertIntEQ(wolfSSL_X509_load_crl_file(lookup, pem[i], WOLFSSL_FILETYPE_PEM), 1); } + if (store) { + /* since store knows crl list */ + AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, "certs/server-revoked-cert.pem", + WOLFSSL_FILETYPE_PEM ), CRL_CERT_REVOKED); + } + /* once feeing store */ wolfSSL_X509_STORE_free(store); + store = NULL; + + AssertNotNull(store = wolfSSL_X509_STORE_new()); + AssertNotNull(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file())); + + AssertIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem", + X509_FILETYPE_PEM), 1); + AssertIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/server-revoked-cert.pem", + X509_FILETYPE_PEM), 1); + if (store) { + AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile, + WOLFSSL_FILETYPE_PEM), 1); + /* since store hasn't yet known the revoked cert*/ + AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, "certs/server-revoked-cert.pem", + WOLFSSL_FILETYPE_PEM), 1); + } + + for (i = 0; der[i][0] != '\0'; i++) + { + AssertIntEQ(wolfSSL_X509_load_crl_file(lookup, der[i], WOLFSSL_FILETYPE_ASN1), 1); + } + + if (store) { + /* since store knows crl list */ + AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, "certs/server-revoked-cert.pem", + WOLFSSL_FILETYPE_PEM ), CRL_CERT_REVOKED); + } printf(resultFmt, passed);