TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-04-28 14:27:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Improve behaviour on fatal errors

Browse Source 
If we didn't walk the whole chain, then there may be any kind of errors in the
part of the chain we didn't check, so setting all flags looks like the safe
thing to do.
This commit is contained in:
Manuel Pégourié-Gonnard
2017-07-10 11:20:08 +02:00
committed by Simon Butcher
parent 7ac50196f3
commit 8af7bfa982
4 changed files with 19 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
tests/suites/test_suite_x509parse.data
View File

@@ -1182,7 +1182,7 @@ x509_crt_verify_max:"data_files/test-ca2.crt":"data_files/dir-maxpath":POLARSSL_
X509 CRT verify long chain (max intermediate CA + 1)
depends_on:POLARSSL_SHA256_C:POLARSSL_ECDSA_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
x509_crt_verify_max:"data_files/dir-maxpath/00.crt":"data_files/dir-maxpath":POLARSSL_X509_MAX_INTERMEDIATE_CA+1:POLARSSL_ERR_X509_CERT_VERIFY_FAILED:0
x509_crt_verify_max:"data_files/dir-maxpath/00.crt":"data_files/dir-maxpath":POLARSSL_X509_MAX_INTERMEDIATE_CA+1:POLARSSL_ERR_X509_CERT_VERIFY_FAILED:-1
X509 CRT verify chain #1 (zero pathlen intermediate)
depends_on:POLARSSL_SHA256_C:POLARSSL_RSA_C

4
tests/suites/test_suite_x509parse.function
View File

@@ -497,7 +497,7 @@ void x509_crt_verify_max( char *ca_file, char *chain_dir, int nb_int,
{
char file_buf[128];
int ret;
uint32_t flags;
int flags;
x509_crt trusted, chain;
/*
@@ -522,7 +522,7 @@ void x509_crt_verify_max( char *ca_file, char *chain_dir, int nb_int,
ret = x509_crt_verify( &chain, &trusted, NULL, NULL, &flags,
NULL, NULL );
TEST_ASSERT( ret == ret_chk );
TEST_ASSERT( flags == (uint32_t) flags_chk );
TEST_ASSERT( flags == flags_chk );
exit:
x509_crt_free( &chain );