TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-04-06 20:46:32 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add OCSP resp test with unknown cert status

Browse Source
This commit is contained in:
Andres Amaya Garcia
2018-03-07 10:52:49 +00:00
parent 53a3226a2d
commit f53276a6bd
4 changed files with 11 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
tests/data_files/Makefile
View File

@@ -140,12 +140,17 @@ all_final += ocsp-resp-future-produced-at.der
ocsp-resp-future-this-update.der:
@printf "\x30\x82\x01\xB1\x0A\x01\x00\xA0\x82\x01\xAA\x30\x82\x01\xA6\x06\x09\x2B\x06\x01\x05\x05\x07\x30\x01\x01\x04\x82\x01\x97\x30\x82\x01\x93\x30\x7D\xA2\x16\x04\x14\xB4\x5A\xE4\xA5\xB3\xDE\xD2\x52\xF6\xB9\xD5\xA6\x95\x0F\xEB\x3E\xBC\xC7\xFD\xFF\x18\x0F\x32\x30\x31\x38\x30\x33\x30\x31\x32\x32\x30\x36\x30\x39\x5A\x30\x52\x30\x50\x30\x3B\x30\x09\x06\x05\x2B\x0E\x03\x02\x1A\x05\x00\x04\x14\x0A\x15\x68\xA6\xD1\x87\x1F\x63\xAD\x9E\xDD\xB6\xB1\xCF\x6D\x46\xF2\x02\x09\x07\x04\x14\xB4\x5A\xE4\xA5\xB3\xDE\xD2\x52\xF6\xB9\xD5\xA6\x95\x0F\xEB\x3E\xBC\xC7\xFD\xFF\x02\x02\x10\x00\x80\x00\x18\x0F\x32\x30\x32\x38\x30\x33\x30\x31\x32\x32\x30\x36\x30\x39\x5A\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x03\xB3\x6E\xB8\xFC\x74\x98\x28\x06\x1D\x4A\x25\x8F\x0E\x92\xD3\xB2\x02\xC8\xFE\x30\xD2\x59\xAA\x6C\xB0\x52\xC5\x71\x50\xC1\x37\x33\x5D\xBD\xDC\x0F\x0F\xF1\x81\x74\x8C\x7B\xA7\x4E\xFE\xC7\xB1\x70\xF2\xE8\x42\xC7\x4D\x05\x35\x66\xAC\xD3\xF8\x18\x78\x2B\x65\xB7\x46\x3F\x71\x9D\xC4\xD3\xC6\x71\xA0\x1B\x5E\xE5\x6E\x78\xAE\xB1\xA6\x5B\x02\x45\x3A\x73\x44\xAA\xCF\xA1\x60\xB7\xD0\x8C\x84\xA0\xA4\x96\x89\x96\x5F\xD8\x1D\xFA\x0E\xBD\xE5\x5F\xD6\x87\x59\x4F\x0B\xE4\x85\x0F\x3F\xDC\x47\xEA\xF0\xC2\x11\xD3\xE4\x00\x2D\x9A\x86\xCC\x47\x47\x86\xC8\xFF\x52\x7D\x0B\xB9\xC1\x74\xD2\xA6\x96\x5F\x16\x7E\x42\xFB\xF6\x8D\xA5\xD7\x6E\x3C\xC3\xD3\x0E\x11\x47\xB9\x70\x71\xB8\x49\x98\xF5\x2F\xE7\x1B\x52\x4E\xB2\x3E\xB9\x46\xAD\x89\x9E\x7C\x7F\xF7\x51\xD9\x5C\x66\x12\x45\x5A\xE9\xD7\x80\x66\xA3\x19\xAE\x3D\x7D\xF2\x01\x60\x03\x4C\x85\x60\x51\x5C\x31\x91\xA4\xAB\x95\x21\xB5\xEB\xA8\x9D\xCF\x29\xD8\x78\x43\xF7\xA5\xD9\x8B\xC0\x88\xF6\xCE\xC5\x12\xC7\x21\x51\x44\x34\x43\xD1\x1E\x2F\xCD\x88\x8D\x47\x86\xED\x7C\x71\x55\x71\x0C\x09\xBC\x46" > $@
all_final += ocsp-resp-future-this-update.der
ocsp-req-for-server2-in-database.der: server2-in-database.crt test-ca-sha256.crt
$(OPENSSL) ocsp -issuer test-ca-sha256.crt -cert $< -no_nonce -reqout $@
all_intermediate += ocsp-req-for-server2-in-database.der
ocsp-req-for-server2.der: server2.crt test-ca-sha256.crt
$(OPENSSL) ocsp -issuer test-ca-sha256.crt -cert $< -no_nonce -reqout $@
all_intermediate += ocsp-req-for-server2.der
ocsp-req-for-server2-in-database-revoked.der: server2-in-database-revoked.crt test-ca-sha256.crt
$(OPENSSL) ocsp -issuer test-ca-sha256.crt -cert $< -no_nonce -reqout $@
all_intermediate += ocsp-req-for-server2-in-database-revoked.der
ocsp-resp-future-produced-at-this-update.der: ocsp-req-for-server2-in-database.der test-ca-index.txt test-ca-sha256.crt
$(FAKETIME) -f "+9y" $(OPENSSL) ocsp -rsigner test-ca-sha256.crt -index test-ca-index.txt -rkey $(test_ca_key_file_rsa) -CA test-ca-sha256.crt -noverify -reqin $< -respout $@
all_final += ocsp-resp-future-produced-at-this-update.der
@@ -160,6 +165,9 @@ all_final += ocsp-resp-expired-next-update.der
ocsp-resp-revoked-cert.der: ocsp-req-for-server2-in-database-revoked.der test-ca-index.txt test-ca-sha256.crt
$(OPENSSL) ocsp -rsigner test-ca-sha256.crt -index test-ca-index.txt -rkey $(test_ca_key_file_rsa) -CA test-ca-sha256.crt -noverify -reqin $< -respout $@
all_final += ocsp-resp-revoked-cert.der
ocsp-resp-unknown-cert.der: ocsp-req-for-server2.der test-ca-index.txt test-ca-sha256.crt
$(OPENSSL) ocsp -rsigner test-ca-sha256.crt -index test-ca-index.txt -rkey $(test_ca_key_file_rsa) -CA test-ca-sha256.crt -noverify -reqin $< -respout $@
all_final += ocsp-resp-unknown-cert.der
################################################################
#### Meta targets

BIN
tests/data_files/ocsp-req-for-server2.der Normal file
View File

Binary file not shown.

BIN
tests/data_files/ocsp-resp-unknown-cert.der Normal file
View File

Binary file not shown.

3
tests/suites/test_suite_x509parse_ocsp.data
View File

@@ -279,3 +279,6 @@ x509_ocsp_response_verify:"data_files/ocsp-resp-expired-next-update.der":"data_f
X509 OCSP Response verification (SingleResponse revoked cert status)
x509_ocsp_response_verify:"data_files/ocsp-resp-revoked-cert.der":"data_files/server2-in-database-revoked.crt":"data_files/test-ca-sha256.crt":"data_files/test-ca-sha256.crt":MBEDTLS_ERR_X509_OCSP_RESPONSE_VERIFY_FAILED:MBEDTLS_X509_BADOCSP_RESPONSE_REVOKED_CERT
X509 OCSP Response verification (SingleResponse unknown cert status)
x509_ocsp_response_verify:"data_files/ocsp-resp-unknown-cert.der":"data_files/server2.crt":"data_files/test-ca-sha256.crt":"data_files/test-ca-sha256.crt":MBEDTLS_ERR_X509_OCSP_RESPONSE_VERIFY_FAILED:MBEDTLS_X509_BADOCSP_RESPONSE_UNKNOWN_CERT