diff options
author | Matt Caswell <matt@openssl.org> | 2023-03-07 17:07:57 +0000 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2023-03-28 13:31:38 +0200 |
commit | 591feddc61f113827883ad8bae05109ee01ccd41 (patch) | |
tree | bfe1dd2dc55e0cea00e2543a2a4462b8d8dd2dec | |
parent | e4142ec43bcc08ffdb090580e24c24a7da302a32 (diff) |
Add a Certificate Policies Test
Test that a valid certificate policy is accepted and that an invalid
certificate policy is rejected. Specifically we are checking that a
leaf certificate with an invalid policy is detected.
Related-to: CVE-2023-0465
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20585)
-rw-r--r-- | test/recipes/25-test_verify.t | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t index b60ed5a77d..58f9de410f 100644 --- a/test/recipes/25-test_verify.t +++ b/test/recipes/25-test_verify.t @@ -29,7 +29,7 @@ sub verify { run(app([@args])); } -plan tests => 183; +plan tests => 185; # Canonical success ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]), @@ -558,3 +558,14 @@ SKIP: { ok(run(app([ qw(openssl verify -trusted), $rsapluscert_file, $cert_file ])), 'Mixed key + cert file test'); } + +# Certificate Policies +ok(verify("ee-cert-policies", "", ["root-cert"], ["ca-pol-cert"], + "-policy_check", "-policy", "1.3.6.1.4.1.16604.998855.1", + "-explicit_policy"), + "Certificate policy"); + +ok(!verify("ee-cert-policies-bad", "", ["root-cert"], ["ca-pol-cert"], + "-policy_check", "-policy", "1.3.6.1.4.1.16604.998855.1", + "-explicit_policy"), + "Bad certificate policy"); |