mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-07-31 19:24:42 +02:00
Fixes for API unit test with WOLFSSL_NO_ASN_STRICT. Fix spelling error.
This commit is contained in:
David Garske
23
tests/api.c
23
tests/api.c
@@ -1727,9 +1727,13 @@ static void test_wolfSSL_CertManagerNameConstraint2(void)
|
||||
wolfSSL_X509_sign(x509, priv, EVP_sha256());
|
||||
#endif
|
||||
AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
|
||||
#ifndef WOLFSSL_NO_ASN_STRICT
|
||||
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
|
||||
WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
|
||||
|
||||
#else
|
||||
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
|
||||
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
|
||||
#endif
|
||||
|
||||
/* check that it still fails if one bad altname and one good altname is in
|
||||
* the certificate */
|
||||
@@ -1748,8 +1752,13 @@ static void test_wolfSSL_CertManagerNameConstraint2(void)
|
||||
wolfSSL_X509_sign(x509, priv, EVP_sha256());
|
||||
#endif
|
||||
AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
|
||||
#ifndef WOLFSSL_NO_ASN_STRICT
|
||||
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
|
||||
WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
|
||||
#else
|
||||
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
|
||||
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
|
||||
#endif
|
||||
|
||||
/* check it fails with switching position of bad altname */
|
||||
wolfSSL_X509_free(x509);
|
||||
@@ -1767,8 +1776,13 @@ static void test_wolfSSL_CertManagerNameConstraint2(void)
|
||||
wolfSSL_X509_sign(x509, priv, EVP_sha256());
|
||||
#endif
|
||||
AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
|
||||
#ifndef WOLFSSL_NO_ASN_STRICT
|
||||
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
|
||||
WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
|
||||
#else
|
||||
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
|
||||
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
|
||||
#endif
|
||||
wolfSSL_CertManagerFree(cm);
|
||||
|
||||
wolfSSL_X509_free(x509);
|
||||
@@ -1795,8 +1809,13 @@ static void test_wolfSSL_CertManagerNameConstraint2(void)
|
||||
wolfSSL_X509_sign(x509, priv, EVP_sha256());
|
||||
#endif
|
||||
AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
|
||||
#ifndef WOLFSSL_NO_ASN_STRICT
|
||||
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
|
||||
WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
|
||||
#else
|
||||
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
|
||||
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
|
||||
#endif
|
||||
wolfSSL_CertManagerFree(cm);
|
||||
wolfSSL_X509_free(x509);
|
||||
wolfSSL_X509_free(ca);
|
||||
@@ -8542,7 +8561,7 @@ static void test_wolfSSL_URI(void)
|
||||
wolfSSL_FreeX509(x509);
|
||||
|
||||
x509 = wolfSSL_X509_load_certificate_file(badUri, WOLFSSL_FILETYPE_PEM);
|
||||
#ifndef IGNORE_NAME_CONSTRAINTS
|
||||
#if !defined(IGNORE_NAME_CONSTRAINTS) && !defined(WOLFSSL_NO_ASN_STRICT)
|
||||
AssertNull(x509);
|
||||
#else
|
||||
AssertNotNull(x509);
|
||||
|
||||
@@ -13501,7 +13501,7 @@ static int ConfirmNameConstraints(Signer* signer, DecodedCert* cert)
|
||||
int permittedDns = 0;
|
||||
base = signer->permittedNames;
|
||||
do {
|
||||
/* Looking for perrmittedNames that are for DNS. */
|
||||
/* Looking for permittedNames that are for DNS. */
|
||||
if (base->type == ASN_DNS_TYPE) {
|
||||
permittedDns = 1;
|
||||
matchDns = MatchBaseName(ASN_DNS_TYPE,
|
||||
@@ -13509,8 +13509,7 @@ static int ConfirmNameConstraints(Signer* signer, DecodedCert* cert)
|
||||
base->name, base->nameSz);
|
||||
}
|
||||
base = base->next;
|
||||
}
|
||||
while (base != NULL && !matchDns);
|
||||
} while (base != NULL && !matchDns);
|
||||
/* If we found an DNS type permittedName then name must have had a
|
||||
* match. */
|
||||
if (permittedDns && !matchDns)
|
||||
@@ -13529,7 +13528,7 @@ static int ConfirmNameConstraints(Signer* signer, DecodedCert* cert)
|
||||
int permittedEmail = 0;
|
||||
base = signer->permittedNames;
|
||||
do {
|
||||
/* Looking for perrmittedNames that are for email. */
|
||||
/* Looking for permittedNames that are for email. */
|
||||
if (base->type == ASN_RFC822_TYPE) {
|
||||
permittedEmail = 1;
|
||||
matchEmail = MatchBaseName(ASN_DNS_TYPE,
|
||||
@@ -13537,8 +13536,7 @@ static int ConfirmNameConstraints(Signer* signer, DecodedCert* cert)
|
||||
base->name, base->nameSz);
|
||||
}
|
||||
base = base->next;
|
||||
}
|
||||
while ((base != NULL) && !matchEmail);
|
||||
} while ((base != NULL) && !matchEmail);
|
||||
/* If we found an email type permittedName then name must have had a
|
||||
* match. */
|
||||
if (permittedEmail && !matchEmail)
|
||||
@@ -13556,7 +13554,7 @@ static int ConfirmNameConstraints(Signer* signer, DecodedCert* cert)
|
||||
permittedDir = 0;
|
||||
base = signer->permittedNames;
|
||||
while (base != NULL && !matchDir) {
|
||||
/* Looking for perrmittedNames that are for directoryName. */
|
||||
/* Looking for permittedNames that are for directoryName. */
|
||||
if (base->type == ASN_DIR_TYPE) {
|
||||
permittedDir = 1;
|
||||
if (cert->subjectRawLen >= base->nameSz &&
|
||||
@@ -13586,15 +13584,14 @@ static int ConfirmNameConstraints(Signer* signer, DecodedCert* cert)
|
||||
int matchAltDir = 0;
|
||||
base = signer->permittedNames;
|
||||
do {
|
||||
/* Looking for perrmittedNames that are for directoryName. */
|
||||
/* Looking for permittedNames that are for directoryName. */
|
||||
if (base->type == ASN_DIR_TYPE) {
|
||||
if (XMEMCMP(name->name, base->name, base->nameSz) == 0) {
|
||||
matchAltDir = 1;
|
||||
}
|
||||
}
|
||||
base = base->next;
|
||||
}
|
||||
while ((base != NULL) && !matchAltDir);
|
||||
} while ((base != NULL) && !matchAltDir);
|
||||
/* If we found an dir name type permittedName then name must have
|
||||
* had a match. */
|
||||
if (permittedDir && !matchAltDir)
|
||||
|
||||
Reference in New Issue
Block a user