The branch OpenSSL_1_1_0-stable has been updated via 949bd8e45eb4d2697d20c2249fa42cba545da2ac (commit) via 6c80afbd6cdb2273ea2b0ba29ce53b9ba5b04c8d (commit) from d52c9b58a6e6c6dba62221b469e1576fe26b3c20 (commit)
- Log ----------------------------------------------------------------- commit 949bd8e45eb4d2697d20c2249fa42cba545da2ac Author: Richard Levitte <levi...@openssl.org> Date: Thu Feb 16 21:07:33 2017 +0100 Add a test of the X509_STORE / X509_LOOKUP API Fortunately, "openssl verify" makes good use of that API Reviewed-by: Rich Salz <rs...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2652) (cherry picked from commit bb0f7eca75b8da1538c08c1f5be1bb7ea8f40638) commit 6c80afbd6cdb2273ea2b0ba29ce53b9ba5b04c8d Author: Richard Levitte <levi...@openssl.org> Date: Thu Feb 16 21:06:42 2017 +0100 test/README: clarify test number groups Reviewed-by: Rich Salz <rs...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2652) (cherry picked from commit 532e7b36d9622ac06a96fb3557b5bc16016e5ca8) ----------------------------------------------------------------------- Summary of changes: test/README | 20 ++++++++-------- test/recipes/60-test_x509_store.t | 48 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 59 insertions(+), 9 deletions(-) create mode 100644 test/recipes/60-test_x509_store.t diff --git a/test/README b/test/README index bca7ab8..ef39d38 100644 --- a/test/README +++ b/test/README @@ -19,15 +19,17 @@ digit number and {name} is a unique name of your choice. The number {nn} is (somewhat loosely) grouped as follows: -05 individual symmetric cipher algorithms -10 math (bignum) -15 individual asymmetric cipher algorithms -20 openssl commands (some otherwise not tested) -25 certificate forms, generation and verification -30 engine and evp -70 PACKET layer -80 "larger" protocols (CA, CMS, OCSP, SSL, TSA) -90 misc +00-04 sanity, internal and essential API tests +05-09 individual symmetric cipher algorithms +10-14 math (bignum) +15-19 individual asymmetric cipher algorithms +20-24 openssl commands (some otherwise not tested) +25-29 certificate forms, generation and verification +30-35 engine and evp +60-79 APIs + 70 PACKET layer +80-89 "larger" protocols (CA, CMS, OCSP, SSL, TSA) +90-99 misc A recipe that just runs a test executable diff --git a/test/recipes/60-test_x509_store.t b/test/recipes/60-test_x509_store.t new file mode 100644 index 0000000..b084ed9 --- /dev/null +++ b/test/recipes/60-test_x509_store.t @@ -0,0 +1,48 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use strict; +use warnings; + +use File::Copy; +use File::Spec::Functions qw/:DEFAULT canonpath/; +use OpenSSL::Test qw/:DEFAULT srctop_file/; + +setup("test_x509_store"); + +# We use 'openssl verify' for these tests, as it contains everything +# we need to conduct these tests. The tests here are a subset of the +# ones found in 25-test_verify.t + +sub verify { + my ($cert, $purpose, $trustedpath, $untrusted, @opts) = @_; + my @args = qw(openssl verify -auth_level 1 -purpose); + my @path = qw(test certs); + push(@args, "$purpose", @opts); + push(@args, "-CApath", $trustedpath); + for (@$untrusted) { push(@args, "-untrusted", srctop_file(@path, "$_.pem")) } + push(@args, srctop_file(@path, "$cert.pem")); + run(app([@args])); +} + +plan tests => 3; + +indir "60-test_x509_store" => sub { + for (("root-cert")) { + copy(srctop_file("test", "certs", "$_.pem"), curdir()); + } + ok(run(app([qw(openssl rehash), curdir()])), "Rehashing"); + + # Canonical success + ok(verify("ee-cert", "sslserver", curdir(), ["ca-cert"], "-show_chain"), + "verify ee-cert"); + + # Failure because root cert not present in CApath + ok(!verify("ca-root2", "any", curdir(), [], "-show_chain")); +}, create => 1, cleanup => 1; _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits