Changeset 10d9053 in mod_gnutls


Ignore:
Timestamp:
Jan 8, 2017, 9:00:28 AM (11 months ago)
Author:
Thomas Klute <thomas2.klute@…>
Branches:
master, debian, upstream
Children:
0202d6b
Parents:
0a12ff8
git-author:
Thomas Klute <thomas2.klute@…> (01/08/17 08:18:56)
git-committer:
Thomas Klute <thomas2.klute@…> (01/08/17 09:00:28)
Message:

Test suite, gen_ocsp_index.c: Handle serial as fixed order byte array

The previous approach assumed that the serial fits within a long long
unsigned type, because the test suite controls the serial. However,
this breaks on big endian architectures because the order in the
certificate is fixed and returned by gnutls_x509_crt_get_serial in
that way.

The fix is to print the serial byte for byte. Additionally OpenSSL
apparently requires upper case characters in the DB hex encoded
serial, which didn't show up previously due to the small serials. Use
a larger one for the server certificate to detect similar problems in
the future.

Cat the OCSP database into the test log for easier debugging on build
systems without direct file system access (e.g. Debian buildd).

Location:
test
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • test/gen_ocsp_index.c

    r42bee37 r10d9053  
    1919 * permissions and limitations under the License.
    2020 */
     21#include <stdint.h>
    2122#include <stdio.h>
    2223#include <stdlib.h>
     
    5152     * any */
    5253    char* revocation = "";
    53     /* serial number (hex) */
    54     char serial[128];
     54    /* serial number (hex), allocated when the length is known */
     55    char* serial = NULL;
    5556    /* certificate filename, or "unknown" */
    5657    char* fname = "unknown";
     
    6465    strftime(expires, sizeof(expires), "%y%m%d%H%M%SZ", &etmp);
    6566
    66     unsigned long long sno = 0;
    67     size_t serial_size = sizeof(sno);
    68     gnutls_x509_crt_get_serial(cert, &sno, &serial_size);
    69     snprintf(serial, sizeof(serial), "%llx", sno);
     67    /* determine size of the serial number (in bytes) */
     68    size_t serial_size = 0;
     69    gnutls_x509_crt_get_serial(cert, NULL, &serial_size);
     70    /* allocate memory for serial number and its string representation */
     71    uint8_t* sno = calloc(serial_size, sizeof(uint8_t));
     72    serial = calloc(serial_size * 2 + 1, sizeof(char));
     73    /* actually get the serial */
     74    gnutls_x509_crt_get_serial(cert, sno, &serial_size);
     75    /* print serial into the buffer byte for byte */
     76    for (int i = 0; i < serial_size; i++)
     77        snprintf(serial + (2 * i), 3, "%.2X", sno[i]);
     78    /* free binary serial */
     79    free(sno);
    7080
    7181    size_t dn_size = sizeof(dn);
     
    7484    fprintf(stdout, "%s\t%s\t%s\t%s\t%s\t%s\n",
    7585            flag, expires, revocation, serial, fname, dn);
     86
     87    /* free hex serial */
     88    free(serial);
    7689
    7790cleanup:
  • test/server.template.in

    ra0161fe r10d9053  
    1 serial=2
     1serial=587198681
    22cn=__HOSTNAME__
    33tls_www_server
  • test/test-27_OCSP_server.bash

    ra784735 r10d9053  
    77# trigger OCSP server test in the runtests script
    88export CHECK_OCSP_SERVER="true"
     9echo "OCSP index for the test CA:"
     10cat authority/ocsp_index.txt
    911
    1012${srcdir}/runtests t-27
Note: See TracChangeset for help on using the changeset viewer.