"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "test/recipes/25-test_verify.t" between
openssl-1.1.1f.tar.gz and openssl-1.1.1g.tar.gz

About: OpenSSL is a toolkit implementing the Transport Layer Security (TLS) protocols (including SSLv3) as well as a full-strength general purpose cryptographic library. Long Term Support (LTS) version (includes support for TLSv1.3).

25-test_verify.t  (openssl-1.1.1f):25-test_verify.t  (openssl-1.1.1g)
#! /usr/bin/env perl #! /usr/bin/env perl
# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. # Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
# #
# Licensed under the OpenSSL license (the "License"). You may not use # Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy # this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at # in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html # https://www.openssl.org/source/license.html
use strict; use strict;
use warnings; use warnings;
use File::Spec::Functions qw/canonpath/; use File::Spec::Functions qw/canonpath/;
skipping to change at line 29 skipping to change at line 29
my ($cert, $purpose, $trusted, $untrusted, @opts) = @_; my ($cert, $purpose, $trusted, $untrusted, @opts) = @_;
my @args = qw(openssl verify -auth_level 1 -purpose); my @args = qw(openssl verify -auth_level 1 -purpose);
my @path = qw(test certs); my @path = qw(test certs);
push(@args, "$purpose", @opts); push(@args, "$purpose", @opts);
for (@$trusted) { push(@args, "-trusted", srctop_file(@path, "$_.pem")) } for (@$trusted) { push(@args, "-trusted", srctop_file(@path, "$_.pem")) }
for (@$untrusted) { push(@args, "-untrusted", srctop_file(@path, "$_.pem")) } for (@$untrusted) { push(@args, "-untrusted", srctop_file(@path, "$_.pem")) }
push(@args, srctop_file(@path, "$cert.pem")); push(@args, srctop_file(@path, "$cert.pem"));
run(app([@args])); run(app([@args]));
} }
plan tests => 135; plan tests => 137;
# Canonical success # Canonical success
ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]), ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]),
"accept compat trust"); "accept compat trust");
# Root CA variants # Root CA variants
ok(!verify("ee-cert", "sslserver", [qw(root-nonca)], [qw(ca-cert)]), ok(!verify("ee-cert", "sslserver", [qw(root-nonca)], [qw(ca-cert)]),
"fail trusted non-ca root"); "fail trusted non-ca root");
ok(!verify("ee-cert", "sslserver", [qw(nroot+serverAuth)], [qw(ca-cert)]), ok(!verify("ee-cert", "sslserver", [qw(nroot+serverAuth)], [qw(ca-cert)]),
"fail server trust non-ca root"); "fail server trust non-ca root");
skipping to change at line 224 skipping to change at line 224
ok(!verify("ee-cert", "sslserver", [qw(ee-client)], [], "-partial_chain"), ok(!verify("ee-cert", "sslserver", [qw(ee-client)], [], "-partial_chain"),
"fail last-resort direct leaf non-match"); "fail last-resort direct leaf non-match");
ok(verify("ee-cert", "sslserver", [qw(ee+serverAuth)], [], "-partial_chain"), ok(verify("ee-cert", "sslserver", [qw(ee+serverAuth)], [], "-partial_chain"),
"accept direct match with server trust"); "accept direct match with server trust");
ok(!verify("ee-cert", "sslserver", [qw(ee-serverAuth)], [], "-partial_chain"), ok(!verify("ee-cert", "sslserver", [qw(ee-serverAuth)], [], "-partial_chain"),
"fail direct match with server mistrust"); "fail direct match with server mistrust");
ok(verify("ee-client", "sslclient", [qw(ee+clientAuth)], [], "-partial_chain"), ok(verify("ee-client", "sslclient", [qw(ee+clientAuth)], [], "-partial_chain"),
"accept direct match with client trust"); "accept direct match with client trust");
ok(!verify("ee-client", "sslclient", [qw(ee-clientAuth)], [], "-partial_chain"), ok(!verify("ee-client", "sslclient", [qw(ee-clientAuth)], [], "-partial_chain"),
"reject direct match with client mistrust"); "reject direct match with client mistrust");
ok(verify("ee-pathlen", "sslserver", [qw(root-cert)], [qw(ca-cert)]),
"accept non-ca with pathlen:0 by default");
ok(!verify("ee-pathlen", "sslserver", [qw(root-cert)], [qw(ca-cert)], "-x509_str
ict"),
"reject non-ca with pathlen:0 with strict flag");
# Proxy certificates # Proxy certificates
ok(!verify("pc1-cert", "sslclient", [qw(root-cert)], [qw(ee-client ca-cert)]), ok(!verify("pc1-cert", "sslclient", [qw(root-cert)], [qw(ee-client ca-cert)]),
"fail to accept proxy cert without -allow_proxy_certs"); "fail to accept proxy cert without -allow_proxy_certs");
ok(verify("pc1-cert", "sslclient", [qw(root-cert)], [qw(ee-client ca-cert)], ok(verify("pc1-cert", "sslclient", [qw(root-cert)], [qw(ee-client ca-cert)],
"-allow_proxy_certs"), "-allow_proxy_certs"),
"accept proxy cert 1"); "accept proxy cert 1");
ok(verify("pc2-cert", "sslclient", [qw(root-cert)], [qw(pc1-cert ee-client ca-ce rt)], ok(verify("pc2-cert", "sslclient", [qw(root-cert)], [qw(pc1-cert ee-client ca-ce rt)],
"-allow_proxy_certs"), "-allow_proxy_certs"),
"accept proxy cert 2"); "accept proxy cert 2");
 End of changes. 3 change blocks. 
2 lines changed or deleted 7 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)