From d0fa37172955a3ebd7f3bf31efe828edc909ce77 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 6 Mar 2018 21:24:46 +0000 Subject: [PATCH] Add OCSP resp tests for producedAt nextUpdate thisUpdate Modify the existing tests for producedAt as in reality it was testing also for an invalid thisUpdate value. Also add tests for each of the components independently. That is, a different response for each case: * future producedAt * expired nextUpdate * future thisUpdate * future producedAt and thisUpdate --- tests/data_files/Makefile | 21 ++++++++++++++++-- .../ocsp-resp-expired-next-update.der | Bin 0 -> 1411 bytes ...sp-resp-future-produced-at-this-update.der | Bin 0 -> 1392 bytes .../ocsp-resp-future-produced-at.der | Bin 1392 -> 437 bytes .../ocsp-resp-future-this-update.der | Bin 0 -> 437 bytes tests/suites/test_suite_x509parse_ocsp.data | 13 +++++++++-- 6 files changed, 30 insertions(+), 4 deletions(-) create mode 100644 tests/data_files/ocsp-resp-expired-next-update.der create mode 100644 tests/data_files/ocsp-resp-future-produced-at-this-update.der create mode 100644 tests/data_files/ocsp-resp-future-this-update.der diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index c7c859fdca..52eb49ba0f 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -119,17 +119,34 @@ ocsp-resp-status-unauthorized.der: @printf "\x30\x03\x0A\x01\x06" > $@ all_final += ocsp-resp-status-unauthorized.der +# The ocsp-resp-invalid-signature.der, ocsp-resp-future-this-update.der and +# ocsp-resp-future-produced-at.der targets print the binary data corrensponding +# to a generated ocsp-resp-no-certs-in-resp.der with a manually modified byte +# in the signature bitstring, producedAt and thisUpdate respectively to cause +# failures in the signature verification and time checks +ocsp-resp-invalid-signature.der: + @printf "\x30\x82\x01\xB1\x0A\x01\x00\xA0\x82\x01\xAA\x30\x82\x01\xA6\x06\x09\x2B\x06\x01\x05\x05\x07\x30\x01\x01\x04\x82\x01\x97\x30\x82\x01\x93\x30\x7D\xA2\x16\x04\x14\xB4\x5A\xE4\xA5\xB3\xDE\xD2\x52\xF6\xB9\xD5\xA6\x95\x0F\xEB\x3E\xBC\xC7\xFD\xFF\x18\x0F\x32\x30\x31\x38\x30\x33\x30\x31\x32\x32\x30\x36\x30\x39\x5A\x30\x52\x30\x50\x30\x3B\x30\x09\x06\x05\x2B\x0E\x03\x02\x1A\x05\x00\x04\x14\x0A\x15\x68\xA6\xD1\x87\x1F\x63\xAD\x9E\xDD\xB6\xB1\xCF\x6D\x46\xF2\x02\x09\x07\x04\x14\xB4\x5A\xE4\xA5\xB3\xDE\xD2\x52\xF6\xB9\xD5\xA6\x95\x0F\xEB\x3E\xBC\xC7\xFD\xFF\x02\x02\x10\x00\x80\x00\x18\x0F\x32\x30\x31\x38\x30\x33\x30\x31\x32\x32\x30\x36\x30\x39\x5A\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x03\xB3\x6E\xB8\xFC\x74\x98\x28\x06\x1D\x4A\x25\x8F\x0E\x92\xD3\xB2\x02\xC8\xFE\x30\xD2\x59\xAA\x6C\xB0\x52\xC5\x71\x50\xC1\x37\x33\x5D\xBD\xDC\x0F\x0F\xF1\x81\x74\x8C\x7B\xA7\x4E\xFE\xC7\xB1\x70\xF2\xE8\x42\xC7\x4D\x05\x35\x66\xAC\xD3\xF8\x18\x78\x2B\x65\xB7\x46\x3F\x71\x9D\xC4\xD3\xC6\x71\xA0\x1B\x5E\xE5\x6E\x78\xAE\xB1\xA6\x5B\x02\x45\x3A\x73\x44\xAA\xCF\xA1\x60\xB7\xD0\x8C\x84\xA0\xA4\x96\x89\x96\x5F\xD8\x1D\xFA\x0E\xBD\xE5\x5F\xD6\x87\x59\x4F\x0B\xE4\x85\x0F\x3F\xDC\x47\xEA\xF0\xC2\x11\xD3\xE4\x00\x2D\x9A\x86\xCC\x47\x47\x86\xC8\xFF\x52\x7D\x0B\xB9\xC1\x74\xD2\xA6\x96\x5F\x16\x7E\x42\xFB\xF6\x8D\xA5\xD7\x6E\x3C\xC3\xD3\x0E\x11\x47\xB9\x70\x71\xB8\x49\x98\xF5\x2F\xE7\x1B\x52\x4E\xB2\x3E\xB9\x46\xAD\x89\x9E\x7C\x7F\xF7\x51\xD9\x5C\x66\x12\x45\x5A\xE9\xD7\x80\x66\xA3\x19\xAE\x3D\x7D\xF2\x01\x60\x03\x4C\x85\x60\x51\x5C\x31\x91\xA4\xAB\x95\x21\xB5\xEB\xA8\x9D\xCF\x29\xD8\x78\x43\xF7\xA5\xD9\x8B\xC0\x88\xF6\xCE\xC5\x12\xC7\x21\x51\x44\x34\x43\xD1\x1E\x2F\xCD\x88\x8D\x47\x86\xED\x7C\x71\x55\x71\x0C\x09\xBC\x47" > $@ +all_final += ocsp-resp-invalid-signature.der +ocsp-resp-future-produced-at.der: + @printf "\x30\x82\x01\xB1\x0A\x01\x00\xA0\x82\x01\xAA\x30\x82\x01\xA6\x06\x09\x2B\x06\x01\x05\x05\x07\x30\x01\x01\x04\x82\x01\x97\x30\x82\x01\x93\x30\x7D\xA2\x16\x04\x14\xB4\x5A\xE4\xA5\xB3\xDE\xD2\x52\xF6\xB9\xD5\xA6\x95\x0F\xEB\x3E\xBC\xC7\xFD\xFF\x18\x0F\x32\x30\x32\x38\x30\x33\x30\x31\x32\x32\x30\x36\x30\x39\x5A\x30\x52\x30\x50\x30\x3B\x30\x09\x06\x05\x2B\x0E\x03\x02\x1A\x05\x00\x04\x14\x0A\x15\x68\xA6\xD1\x87\x1F\x63\xAD\x9E\xDD\xB6\xB1\xCF\x6D\x46\xF2\x02\x09\x07\x04\x14\xB4\x5A\xE4\xA5\xB3\xDE\xD2\x52\xF6\xB9\xD5\xA6\x95\x0F\xEB\x3E\xBC\xC7\xFD\xFF\x02\x02\x10\x00\x80\x00\x18\x0F\x32\x30\x31\x38\x30\x33\x30\x31\x32\x32\x30\x36\x30\x39\x5A\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x03\xB3\x6E\xB8\xFC\x74\x98\x28\x06\x1D\x4A\x25\x8F\x0E\x92\xD3\xB2\x02\xC8\xFE\x30\xD2\x59\xAA\x6C\xB0\x52\xC5\x71\x50\xC1\x37\x33\x5D\xBD\xDC\x0F\x0F\xF1\x81\x74\x8C\x7B\xA7\x4E\xFE\xC7\xB1\x70\xF2\xE8\x42\xC7\x4D\x05\x35\x66\xAC\xD3\xF8\x18\x78\x2B\x65\xB7\x46\x3F\x71\x9D\xC4\xD3\xC6\x71\xA0\x1B\x5E\xE5\x6E\x78\xAE\xB1\xA6\x5B\x02\x45\x3A\x73\x44\xAA\xCF\xA1\x60\xB7\xD0\x8C\x84\xA0\xA4\x96\x89\x96\x5F\xD8\x1D\xFA\x0E\xBD\xE5\x5F\xD6\x87\x59\x4F\x0B\xE4\x85\x0F\x3F\xDC\x47\xEA\xF0\xC2\x11\xD3\xE4\x00\x2D\x9A\x86\xCC\x47\x47\x86\xC8\xFF\x52\x7D\x0B\xB9\xC1\x74\xD2\xA6\x96\x5F\x16\x7E\x42\xFB\xF6\x8D\xA5\xD7\x6E\x3C\xC3\xD3\x0E\x11\x47\xB9\x70\x71\xB8\x49\x98\xF5\x2F\xE7\x1B\x52\x4E\xB2\x3E\xB9\x46\xAD\x89\x9E\x7C\x7F\xF7\x51\xD9\x5C\x66\x12\x45\x5A\xE9\xD7\x80\x66\xA3\x19\xAE\x3D\x7D\xF2\x01\x60\x03\x4C\x85\x60\x51\x5C\x31\x91\xA4\xAB\x95\x21\xB5\xEB\xA8\x9D\xCF\x29\xD8\x78\x43\xF7\xA5\xD9\x8B\xC0\x88\xF6\xCE\xC5\x12\xC7\x21\x51\x44\x34\x43\xD1\x1E\x2F\xCD\x88\x8D\x47\x86\xED\x7C\x71\x55\x71\x0C\x09\xBC\x46" > $@ +all_final += ocsp-resp-future-produced-at.der +ocsp-resp-future-this-update.der: + @printf "\x30\x82\x01\xB1\x0A\x01\x00\xA0\x82\x01\xAA\x30\x82\x01\xA6\x06\x09\x2B\x06\x01\x05\x05\x07\x30\x01\x01\x04\x82\x01\x97\x30\x82\x01\x93\x30\x7D\xA2\x16\x04\x14\xB4\x5A\xE4\xA5\xB3\xDE\xD2\x52\xF6\xB9\xD5\xA6\x95\x0F\xEB\x3E\xBC\xC7\xFD\xFF\x18\x0F\x32\x30\x31\x38\x30\x33\x30\x31\x32\x32\x30\x36\x30\x39\x5A\x30\x52\x30\x50\x30\x3B\x30\x09\x06\x05\x2B\x0E\x03\x02\x1A\x05\x00\x04\x14\x0A\x15\x68\xA6\xD1\x87\x1F\x63\xAD\x9E\xDD\xB6\xB1\xCF\x6D\x46\xF2\x02\x09\x07\x04\x14\xB4\x5A\xE4\xA5\xB3\xDE\xD2\x52\xF6\xB9\xD5\xA6\x95\x0F\xEB\x3E\xBC\xC7\xFD\xFF\x02\x02\x10\x00\x80\x00\x18\x0F\x32\x30\x32\x38\x30\x33\x30\x31\x32\x32\x30\x36\x30\x39\x5A\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x03\xB3\x6E\xB8\xFC\x74\x98\x28\x06\x1D\x4A\x25\x8F\x0E\x92\xD3\xB2\x02\xC8\xFE\x30\xD2\x59\xAA\x6C\xB0\x52\xC5\x71\x50\xC1\x37\x33\x5D\xBD\xDC\x0F\x0F\xF1\x81\x74\x8C\x7B\xA7\x4E\xFE\xC7\xB1\x70\xF2\xE8\x42\xC7\x4D\x05\x35\x66\xAC\xD3\xF8\x18\x78\x2B\x65\xB7\x46\x3F\x71\x9D\xC4\xD3\xC6\x71\xA0\x1B\x5E\xE5\x6E\x78\xAE\xB1\xA6\x5B\x02\x45\x3A\x73\x44\xAA\xCF\xA1\x60\xB7\xD0\x8C\x84\xA0\xA4\x96\x89\x96\x5F\xD8\x1D\xFA\x0E\xBD\xE5\x5F\xD6\x87\x59\x4F\x0B\xE4\x85\x0F\x3F\xDC\x47\xEA\xF0\xC2\x11\xD3\xE4\x00\x2D\x9A\x86\xCC\x47\x47\x86\xC8\xFF\x52\x7D\x0B\xB9\xC1\x74\xD2\xA6\x96\x5F\x16\x7E\x42\xFB\xF6\x8D\xA5\xD7\x6E\x3C\xC3\xD3\x0E\x11\x47\xB9\x70\x71\xB8\x49\x98\xF5\x2F\xE7\x1B\x52\x4E\xB2\x3E\xB9\x46\xAD\x89\x9E\x7C\x7F\xF7\x51\xD9\x5C\x66\x12\x45\x5A\xE9\xD7\x80\x66\xA3\x19\xAE\x3D\x7D\xF2\x01\x60\x03\x4C\x85\x60\x51\x5C\x31\x91\xA4\xAB\x95\x21\xB5\xEB\xA8\x9D\xCF\x29\xD8\x78\x43\xF7\xA5\xD9\x8B\xC0\x88\xF6\xCE\xC5\x12\xC7\x21\x51\x44\x34\x43\xD1\x1E\x2F\xCD\x88\x8D\x47\x86\xED\x7C\x71\x55\x71\x0C\x09\xBC\x46" > $@ +all_final += ocsp-resp-future-this-update.der ocsp-req-for-server2-in-database.der: server2-in-database.crt test-ca-sha256.crt $(OPENSSL) ocsp -issuer test-ca-sha256.crt -cert server2-in-database.crt -no_nonce -reqout $@ all_intermediate += ocsp-req-future-produced-at.der -ocsp-resp-future-produced-at.der: ocsp-req-for-server2-in-database.der test-ca-index.txt test-ca-sha256.crt +ocsp-resp-future-produced-at-this-update.der: ocsp-req-for-server2-in-database.der test-ca-index.txt test-ca-sha256.crt $(FAKETIME) -f "+9y" $(OPENSSL) ocsp -rsigner test-ca-sha256.crt -index test-ca-index.txt -rkey $(test_ca_key_file_rsa) -CA test-ca-sha256.crt -noverify -reqin $< -respout $@ -all_final += ocsp-resp-future-produced-at.der +all_final += ocsp-resp-future-produced-at-this-update.der ocsp-resp-issuer-is-signer.der: ocsp-req-for-server2-in-database.der test-ca-index.txt test-ca-sha256.crt $(OPENSSL) ocsp -rsigner test-ca-sha256.crt -index test-ca-index.txt -rkey $(test_ca_key_file_rsa) -CA test-ca-sha256.crt -noverify -reqin $< -respout $@ all_final += ocsp-resp-issuer-is-signed.der ocsp-resp-no-certs-in-resp.der: ocsp-req-for-server2-in-database.der test-ca-index.txt test-ca-sha256.crt $(OPENSSL) ocsp -rsigner test-ca-sha256.crt -index test-ca-index.txt -rkey $(test_ca_key_file_rsa) -CA test-ca-sha256.crt -resp_key_id -resp_no_certs -noverify -reqin $< -respout $@ +ocsp-resp-expired-next-update.der: ocsp-req-for-server2-in-database.der test-ca-index.txt test-ca-sha256.crt + $(OPENSSL) ocsp -rsigner test-ca-sha256.crt -index test-ca-index.txt -rkey $(test_ca_key_file_rsa) -CA test-ca-sha256.crt -noverify -nmin 0 -reqin $< -respout $@ +all_final += ocsp-resp-expired-next-update.der ################################################################ #### Meta targets diff --git a/tests/data_files/ocsp-resp-expired-next-update.der b/tests/data_files/ocsp-resp-expired-next-update.der new file mode 100644 index 0000000000000000000000000000000000000000..49994af11845e7c9094484644263a520b41a6ff2 GIT binary patch literal 1411 zcmXqLVy)+5WLVI|T4B({TEfPu&Bn;e%5K2O$kN1`3KU8-XxzTg*1+13+klgeIh2J> zn90w_P|$!M#Np!M2*}S#ED8?xF_bhA2MICr2*89CLQ;!M6r3F;_>Bw*V&Y_H5!n*;Wa;L6 zmx8|Syt-^E|7*KF$N&CkViI6zV8AeQfgpyE0WTY;R+~rLcV0%IpBR{%7#SIq&mX)z zk@4cWgb%jYRi^o?SxIUKPCNf`8JB$Pb}rfP?2Q{OJ{@s6I63QoWck?}hxAXIzv&de z_(JSs@v+9aA%FkyO`U()`>KK6o{P^PTyK%EXQ+5+`?k5Lenx)k8ugitkLxNv$lEy{ zdYQWOLe%=McGvIGF7JEw0%F+G+F3+6cWk(}!FkT#5RRz)e|>L0?^v#Yj%qa!t=o8m?e3We=U4-8%*=>tGk^QA*M++w*>l6X)|!wtLfzYF(C!EjX+A zapsjbuTIxUL~u-5`eydg?)y@5Gc9Je%T*ufwY+Z;TTsD%dEU**FLo9M9zD0%AZX>M z=MDuTr(G5maUXi>@YC+;GQQ0}-*_b-*rCZ#GAG=6#Zs0Dg&+4e-?YEB^pTBL|9ka> z!^h^I-t{J-cKfpyqkaCrBh-|bqpxha`upqSX?g_*p6KoUqxbHSW9R`By;_x`%+u~0 zMI4%I)4#NRGhF?#a>=HxdO|;2#6KkEtJ?`jYz*O5oKs?t4z#{42+8#ry4X) zGLQx4NLfA>G3+_XAQ>dB%o1Y|)qpjtEwo=kSexh*%1Dz6$%kGrO2x358WRovr8M-ugR9Ddh(S?-Qtj@h;{h4stU3a!pP+njVJ zsr8Mu6!%{du6xSW0c%3<9O@U^YY@w_Z^9C-PTScVe?6X?EGj!Y#Nt%ii{Pxni_88> z>)iV^H#;*%D_$k2YX7Nl)1Pbyr59Lj^}bNFcjn3TtIaQao>nUQZSISEZDz4!Nq*}F zp-aK4!Y&v8Z?buCDcIJ2uU$3M#4lV0H5a#WZW3d+Df~3!b!r7eji#FJs=S}g-*^}9 zc-|v7XLjS0=;E2KL8>pmNzBjXbqz2Lv$m38@mt@V72Rq7W0!pLoh>>Wj{KUdq2M%K P>5zWQukYW^7 zn90w_P|$!M#Np!M2*}S#ED8?xF_bhA2MICr2*89CLQ;!M6r3F;_>ByV%ngi;%#Dl; z%nU7}41x>-46K3Xv1;=%GfA;Bu!wMpW-PndE}y)1-ra2*&*!>*V&Y_H5!n*;Wa;L6 zmx8|Syt-^E|7*KF$N&CkViI6zV8Aq!myJ`a&7E2Sva zR5i#t{>)B%>s6qqxk#SdzIBuGf2~K0IJgTvI6nCLe@om|_(Y2r#y(yD z`;6Z*y*7GsGOD3{8{=+^-Q9P#JAHiQ9`Gw7IMLQTNM&w4{hpI*{c_r zXr&fiuyIAXFzWUwq%ATgKJr<2^-qP(Q-b*8{e(7_{ zn>VrizNht@S*#j;kCwJNbA9eEpAyz^fzjNfBVk8}_|)1xlmAV=|EbW`)lKc(k;Vm0 z%>4#U%-ulTZqUS(zkr#Ek%@_s!2l_&xLFw}id+LZab81n15*PNLo-uz1H&kBUSM3C z8kj=4lo{T{sD$iTMsURPGZ-{6axsBo_`rShKjOO|Oq*-pc5j+dt;EO|Rg<6TQ8E^xi#k3_W0?SF2K#dD?xWh(mL2 z`j@tEhO0kTF4?qIPv~ch_=lu?bvxmRjUl{>vx?0Z8l2Ccbm!a4KWlF5XX6T z`pF_Sh4U3pUZ1r1g2EG z*yZB?O*RiM1>4&1wX0^D_=T&W=HfQaO=9deg`Z};POV_5(Nxo2mG`sx8}Gs$&wJ$N z%x-)VT|Cn@NcH76iTSy_t^uZD)>aZMe(RgFqC4$>?2=EuvqfjakzaE)6r83j9nx?4 K_5Ir!Lk|Fyj~*8Q literal 0 HcmV?d00001 diff --git a/tests/data_files/ocsp-resp-future-produced-at.der b/tests/data_files/ocsp-resp-future-produced-at.der index 79132914626197d7d43ebcbfe83f53a5cb512dba..d6d12168d152241b5ce19c129ab60235179a9b03 100644 GIT binary patch delta 376 zcmV-;0f+wZ3bg}FFoFTG3IPD1f&r>9f&r!m2`dHx1qBB%0RaSp0hcg>0h2I&q80=c zv|8k)v)DPc}qZzI}eewZd15AZrQCu;Rq^p%7wd<&z&neg=ctiK4*^9u4_Rhr;$01Qf WG(*uIFU^RJM~3ZuaaC~)3A{$Zm!)z5 literal 1392 zcmXqLV$I=VWLVI|nrhI*n#jhf&Bn;e%5K2O$kN0b1QhZ!Xk4<;*1+13+klgeIh2J> zn90w_P|$!M#Np!M2*}S#ED8?xF_bhA2MICr2*89CLQ;!M6r3F;_>ByV%ngi;%#Dl; z%nU7}41x>-46K3Xv1;=%GfA;Bu!wMpW-PndE}y)1-ra2*&*!>*V&Y_H5!n*;Wa;L6 zmx8|Syt-^E|7*KF$N&CkViI6zV8Aq!myJ`a&7E2Sva zR5i#t{>)B%>s6qqxk#SdzIBuGf2~K0IJgTvI6nCLe@om|_(Y2r#y(yD z`;6Z*y*7GsGOD3{8{=+^-Q9P#JAHiQ9`Gw7IMLQTNM&w4{hpI*{c_r zXr&fiuyIAXFzWUwq%ATgKJr<2^-qP(Q-b*8{e(7_{ zn>VrizNht@S*#j;kCwJNbA9eEpAyz^fzjNfBVk8}_|)1xlmAV=|EbW`)lKc(k;Vm0 z%>4#U%-ulTZqUS(zkr#Ek%@_s!2l_&xLFw}id+LZab81n15*PNLo-uz1H&kBUSM3C z8kj=4lo{T{sD$iTMsURPGZ-{6axsBo_`rShKjOO|Oq*-pc5j+dt;EO|Rg<6TQ8E^xi#k3_W0?SF2K#dD?xWh(mL2 z`j@tEhO0kTF4?qIPv~ch_=lu?bvxmRjUl{>vx?0Z8l2Ccbm!a4KWlF5XX6T z`pF_Sh4U3pUZ1r1g2EG z*yZB?O*RiM1>4&1wX0^D_=T&W=HfQaO=9deg`Z};POV_5(Nxo2mG`sx8}Gs$&wJ$N z%x-)VT|Cn@NcH76iTSy_t^uZD)>aZMe(RgFqC4$>?2=EuvqfjakzaE)6r83j9nx?4 K_5Ir!Lk|Fyj~*8Q diff --git a/tests/data_files/ocsp-resp-future-this-update.der b/tests/data_files/ocsp-resp-future-this-update.der new file mode 100644 index 0000000000000000000000000000000000000000..966ac67762228a2e581c561b0d1d8f060026cd27 GIT binary patch literal 437 zcmXqLV%*5Z$grS^ag{+6<1#i*Z8k<$R(1nMMwTYV=|G{$2DOXCSVXo&Jz2W>-ld># zJFhOA%KzGK&+)(iCHRdD3@r?d4GfKp49pBHqYQ!!0t~DTIN4aW`IwocSQ%JExI{CS zU2K<6UOVsZwvFd=-99mKvST-miAjK=fdOQu5sI0-Y@Awc9&O)w8G#OCU~Xb$WMJN$ zx8qOA3=K9}FV%j&NtZVEWB1UKB#!nsE-A1hoS9rrY^V%^4N(M+yZ#V)JPFHG2ep{HfRl4+gO z;%~_Q;@kT){#tvaKlhVXe)~J_uRa_Sy!?bgcUIdOclWjv|AT6|cOERcv}{_uSe?`F zZ@o*e=h+;-%qQr+v!HN?=ZvrV&!vO>HrefTTiZFWrv7{2&6qSH*Ql4*8`2g_uCuNE z#F)VB)0z+%V>ofi>ZyubU$2;ZUh_tU^Y^7UyAO1HJ9kv*xMHA-iStD{{j(jt?rm>t M3PTHdIQO^#0Ir6+nE(I) literal 0 HcmV?d00001 diff --git a/tests/suites/test_suite_x509parse_ocsp.data b/tests/suites/test_suite_x509parse_ocsp.data index e074fbdff2..cb5322b73f 100644 --- a/tests/suites/test_suite_x509parse_ocsp.data +++ b/tests/suites/test_suite_x509parse_ocsp.data @@ -244,8 +244,11 @@ x509_ocsp_response_verify:"data_files/ocsp-resp-status-sig-required.der":"data_f X509 OCSP Response verification (unauthorized response status) x509_ocsp_response_verify:"data_files/ocsp-resp-status-unauthorized.der":"data_files/server2.crt":"data_files/test-ca-sha256.crt":"data_files/test-ca-sha256.crt":MBEDTLS_ERR_X509_OCSP_RESPONSE_VERIFY_FAILED:MBEDTLS_X509_BADOCSP_RESPONSE_BAD_RESPONSE_STATUS -X509 OCSP Response verification (producedAt is in the future) -x509_ocsp_response_verify:"data_files/ocsp-resp-future-produced-at.der":"data_files/server2-in-database.crt":"data_files/test-ca-sha256.crt":"data_files/test-ca-sha256.crt":MBEDTLS_ERR_X509_OCSP_RESPONSE_VERIFY_FAILED:MBEDTLS_X509_BADOCSP_RESPONSE_FUTURE +X509 OCSP Response verification (future producedAt and thisUpdate) +x509_ocsp_response_verify:"data_files/ocsp-resp-future-produced-at-this-update.der":"data_files/server2-in-database.crt":"data_files/test-ca-sha256.crt":"data_files/test-ca-sha256.crt":MBEDTLS_ERR_X509_OCSP_RESPONSE_VERIFY_FAILED:MBEDTLS_X509_BADOCSP_RESPONSE_FUTURE + +X509 OCSP Response verification (future producedAt only) +x509_ocsp_response_verify:"data_files/ocsp-resp-future-produced-at.der":"data_files/server2-in-database.crt":"data_files/test-ca-sha256.crt":"data_files/test-ca-sha256.crt":MBEDTLS_ERR_X509_OCSP_RESPONSE_VERIFY_FAILED:MBEDTLS_X509_BADOCSP_RESPONSE_FUTURE | MBEDTLS_X509_BADOCSP_RESPONSE_NOT_TRUSTED X509 OCSP Response verification (response not supplied) x509_ocsp_response_verify:"":"data_files/server2-in-database.crt":"data_files/test-ca-sha256.crt":"data_files/test-ca-sha256.crt":MBEDTLS_ERR_X509_BAD_INPUT_DATA:0 @@ -267,3 +270,9 @@ x509_ocsp_response_verify:"data_files/ocsp-resp-invalid-signature.der":"data_fil X509 OCSP Response verification (no SingleResponse for certificate) x509_ocsp_response_verify:"data_files/ocsp-resp-issuer-is-signer.der":"data_files/server2.crt":"data_files/test-ca-sha256.crt":"data_files/test-ca-sha256.crt":MBEDTLS_ERR_X509_OCSP_RESPONSE_VERIFY_FAILED:MBEDTLS_X509_BADOCSP_RESPONSE_INCOMPLETE + +X509 OCSP Response verification (SingleResponse future thisUpdate) +x509_ocsp_response_verify:"data_files/ocsp-resp-future-this-update.der":"data_files/server2-in-database.crt":"data_files/test-ca-sha256.crt":"data_files/test-ca-sha256.crt":MBEDTLS_ERR_X509_OCSP_RESPONSE_VERIFY_FAILED:MBEDTLS_X509_BADOCSP_RESPONSE_FUTURE | MBEDTLS_X509_BADOCSP_RESPONSE_NOT_TRUSTED + +X509 OCSP Response verification (SingleResponse expired nextUpdate) +x509_ocsp_response_verify:"data_files/ocsp-resp-expired-next-update.der":"data_files/server2-in-database.crt":"data_files/test-ca-sha256.crt":"data_files/test-ca-sha256.crt":MBEDTLS_ERR_X509_OCSP_RESPONSE_VERIFY_FAILED:MBEDTLS_X509_BADOCSP_RESPONSE_EXPIRED