Changeset c0bb823 in mod_gnutls


Ignore:
Timestamp:
Jan 30, 2016, 4:45:41 PM (3 years ago)
Author:
Thomas Klute <thomas2.klute@…>
Branches:
debian/master, debian/stretch-backports, jessie-backports, master, upstream
Children:
dc55c77
Parents:
4d2d182
Message:

Test suite: Create rogue client certificate for client auth test

Test case 18 (verification of a client certificate not issued by the
accepted CA) used the Rogue CA certificate as a client
certificate. However, recent gnutls-cli (from GnuTLS git at the time
of this commit) detects the constraint violation and rejects the
certificate, so the test fails before mod_gnutls can check the
certificate. Create a rougue client certificate with correct
constraints to make the test work as expected.

Location:
test
Files:
1 added
4 edited

Legend:

Unmodified
Added
Removed
  • test/.gitignore

    r4d2d182 rc0bb823  
    99imposter
    1010rogueca
     11rogueclient
    1112client.uid
    1213server.uid
     
    1516authority.template
    1617imposter.template
     18rogueclient.template
    1719msva.gnupghome
    1820*.log
  • test/Makefile.am

    r4d2d182 rc0bb823  
    3434# Identities in the miniature CA, server, and client environment for
    3535# the test suite
    36 identities = server authority client imposter rogueca
     36shared_identities = server authority client imposter rogueca
     37pgp_identities = $(shared_identities)
     38x509_only_identities = rogueclient
     39x509_identities = $(shared_identities) $(x509_only_identities)
     40identities = $(shared_identities) $(x509_only_identities)
    3741# Append strings after ":=" to each identity to generate a list of
    3842# necessary files
    39 pgp_tokens = $(identities:=/secring.gpg) $(identities:=/cert.pgp) \
    40         $(identities:=/secret.pgp)
    41 x509_keys = $(identities:=/secret.key)
    42 x509_certs = $(identities:=/x509.pem)
     43pgp_tokens = $(pgp_identities:=/secring.gpg) $(pgp_identities:=/cert.pgp) \
     44        $(pgp_identities:=/secret.pgp)
     45x509_keys = $(x509_identities:=/secret.key)
     46x509_certs = $(x509_identities:=/x509.pem)
    4347x509_tokens = $(x509_certs) $(x509_keys)
    4448tokens = $(x509_tokens) $(pgp_tokens)
  • test/test_ca.mk

    r4d2d182 rc0bb823  
    4848        certtool --generate-request --load-privkey $(dir $@)secret.key --template $< > $@
    4949
     50# normal case: certificates signed by test CA
    5051%/x509.pem: %.template %/cert-request authority/secret.key authority/x509.pem
    5152        certtool --generate-certificate --load-ca-certificate authority/x509.pem --load-ca-privkey authority/secret.key --load-request $(dir $@)cert-request --template $< > $@
     53
     54# error case: certificates signed by rogue CA
     55rogue%/x509.pem: rogue%.template rogue%/cert-request rogueca/x509.pem
     56        certtool --generate-certificate --load-ca-certificate rogueca/x509.pem --load-ca-privkey rogueca/secret.key --load-request $(dir $@)cert-request --template $< > $@
    5257
    5358%/softhsm.db: %/x509.pem %/secret.key
  • test/tests/18_client_verification_wrong_cert/gnutls-cli.args

    r4d2d182 rc0bb823  
    1 --x509certfile=rogueca/x509.pem
    2 --x509keyfile=rogueca/secret.key
     1--x509certfile=rogueclient/x509.pem
     2--x509keyfile=rogueclient/secret.key
    33--x509cafile=authority/x509.pem
    44--priority=NORMAL
Note: See TracChangeset for help on using the changeset viewer.