VMS adjustments:

catch up with the Unix build. A number of new tests, among others test/tocsp.com Define INTERNAL in ssl/ssl-lib.com to allow for '#include "internal/foo.h"' Reviewed-by: Andy Polyakov <appro@openssl.org>
author: Richard Levitte <levitte@openssl.org> 2015-01-29 13:13:28 +0100
committer: Richard Levitte <levitte@openssl.org> 2015-01-30 14:43:57 +0100
commit: 132536f96e1baba466baa7323c0d74bd7948dd5b (patch)
tree: ee3349959567f0d7d47718155dcf792309430e60 /test
parent: c168a027cfe1459e946dade4179938f34894fe1d (diff)
3 files changed, 281 insertions, 73 deletions
diff --git a/test/maketests.com b/test/maketests.com
index e7a686057e..5919374b62 100644
--- a/test/maketests.com
+++ b/test/maketests.com
@@ -142,47 +142,56 @@ $!
 $ TEST_FILES = "BNTEST,ECTEST,ECDSATEST,ECDHTEST,IDEATEST,"+ -
 	       "MD2TEST,MD4TEST,MD5TEST,HMACTEST,WP_TEST,"+ -
 	       "RC2TEST,RC4TEST,RC5TEST,"+ -
-	       "DESTEST,SHATEST,SHA1TEST,SHA256T,SHA512T,"+ -
+	       "DESTEST,SHA1TEST,SHA256T,SHA512T,"+ -
 	       "MDC2TEST,RMDTEST,"+ -
 	       "RANDTEST,DHTEST,ENGINETEST,"+ -
-	       "BFTEST,CASTTEST,SSLTEST,EXPTEST,DSATEST,RSA_TEST,"+ -
-	       "EVP_TEST,IGETEST,JPAKETEST,SRPTEST"
+	       "GOST2814789TEST,"+ -
+	       "BFTEST,CASTTEST,SSLTEST,"+ -
+	       "EXPTEST,DSATEST,RSA_TEST,"+ -
+	       "EVP_TEST,IGETEST,JPAKETEST,SRPTEST,"+ -
+	       "V3NAMETEST,HEARTBEAT_TEST,P5_CRPT2_TEST,"+ -
+	       "CONSTANT_TIME_TEST"
 $! Should we add MTTEST,PQ_TEST,LH_TEST,DIVTEST,TABTEST as well?
 $!
 $! Additional directory information.
-$ T_D_BNTEST     := [-.crypto.bn]
-$ T_D_ECTEST     := [-.crypto.ec]
-$ T_D_ECDSATEST  := [-.crypto.ecdsa]
-$ T_D_ECDHTEST   := [-.crypto.ecdh]
-$ T_D_IDEATEST   := [-.crypto.idea]
-$ T_D_MD2TEST    := [-.crypto.md2]
-$ T_D_MD4TEST    := [-.crypto.md4]
-$ T_D_MD5TEST    := [-.crypto.md5]
-$ T_D_HMACTEST   := [-.crypto.hmac]
-$ T_D_WP_TEST    := [-.crypto.whrlpool]
-$ T_D_RC2TEST    := [-.crypto.rc2]
-$ T_D_RC4TEST    := [-.crypto.rc4]
-$ T_D_RC5TEST    := [-.crypto.rc5]
-$ T_D_DESTEST    := [-.crypto.des]
-$ T_D_SHATEST    := [-.crypto.sha]
-$ T_D_SHA1TEST   := [-.crypto.sha]
-$ T_D_SHA256T    := [-.crypto.sha]
-$ T_D_SHA512T    := [-.crypto.sha]
-$ T_D_MDC2TEST   := [-.crypto.mdc2]
-$ T_D_RMDTEST    := [-.crypto.ripemd]
-$ T_D_RANDTEST   := [-.crypto.rand]
-$ T_D_DHTEST     := [-.crypto.dh]
-$ T_D_ENGINETEST := [-.crypto.engine]
-$ T_D_BFTEST     := [-.crypto.bf]
-$ T_D_CASTTEST   := [-.crypto.cast]
-$ T_D_SSLTEST    := [-.ssl]
-$ T_D_EXPTEST    := [-.crypto.bn]
-$ T_D_DSATEST    := [-.crypto.dsa]
-$ T_D_RSA_TEST   := [-.crypto.rsa]
-$ T_D_EVP_TEST   := [-.crypto.evp]
-$ T_D_IGETEST    := [-.test]
-$ T_D_JPAKETEST  := [-.crypto.jpake]
-$ T_D_SRPTEST    := [-.crypto.srp]
+$ T_D_BNTEST             := [-.crypto.bn]
+$ T_D_ECTEST             := [-.crypto.ec]
+$ T_D_ECDSATEST          := [-.crypto.ecdsa]
+$ T_D_ECDHTEST           := [-.crypto.ecdh]
+$ T_D_IDEATEST           := [-.crypto.idea]
+$ T_D_MD2TEST            := [-.crypto.md2]
+$ T_D_MD4TEST            := [-.crypto.md4]
+$ T_D_MD5TEST            := [-.crypto.md5]
+$ T_D_HMACTEST           := [-.crypto.hmac]
+$ T_D_WP_TEST            := [-.crypto.whrlpool]
+$ T_D_RC2TEST            := [-.crypto.rc2]
+$ T_D_RC4TEST            := [-.crypto.rc4]
+$ T_D_RC5TEST            := [-.crypto.rc5]
+$ T_D_DESTEST            := [-.crypto.des]
+$ T_D_SHATEST            := [-.crypto.sha]
+$ T_D_SHA1TEST           := [-.crypto.sha]
+$ T_D_SHA256T            := [-.crypto.sha]
+$ T_D_SHA512T            := [-.crypto.sha]
+$ T_D_MDC2TEST           := [-.crypto.mdc2]
+$ T_D_RMDTEST            := [-.crypto.ripemd]
+$ T_D_RANDTEST           := [-.crypto.rand]
+$ T_D_DHTEST             := [-.crypto.dh]
+$ T_D_ENGINETEST         := [-.crypto.engine]
+$ T_D_GOST2814789TEST    := [-.engines.ccgost]
+$ T_D_BFTEST             := [-.crypto.bf]
+$ T_D_CASTTEST           := [-.crypto.cast]
+$ T_D_SSLTEST            := [-.ssl]
+$ T_D_EXPTEST            := [-.crypto.bn]
+$ T_D_DSATEST            := [-.crypto.dsa]
+$ T_D_RSA_TEST           := [-.crypto.rsa]
+$ T_D_EVP_TEST           := [-.crypto.evp]
+$ T_D_IGETEST            := [-.test]
+$ T_D_JPAKETEST          := [-.crypto.jpake]
+$ T_D_SRPTEST            := [-.crypto.srp]
+$ T_D_V3NAMETEST         := [-.crypto.x509v3]
+$ T_D_HEARTBEAT_TEST     := [-.ssl]
+$ T_D_P5_CRPT2_TEST      := [-.crypto.evp]
+$ T_D_CONSTANT_TIME_TEST := [-.crypto]
 $!
 $ TCPIP_PROGRAMS = ",,"
 $ IF COMPILER .EQS. "VAXC" THEN -
@@ -468,7 +477,7 @@ $ CHECK_OPTIONS:
 $!
 $! Set basic C compiler /INCLUDE directories.
 $!
-$ CC_INCLUDES = "SYS$DISK:[-],SYS$DISK:[-.CRYPTO]"
+$ CC_INCLUDES = "SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[-.CRYPTO]"
 $!
 $! Check To See If P1 Is Blank.
 $!
@@ -1060,10 +1069,12 @@ $ __HERE = F$PARSE(F$PARSE("A.;",F$ENVIRONMENT("PROCEDURE"))-"A.;","[]A.;") - "A
 $ __HERE = F$EDIT(__HERE,"UPCASE")
 $ __TOP = __HERE - "TEST]"
 $ __INCLUDE = __TOP + "INCLUDE.OPENSSL]"
+$ __INTERNAL = __TOP + "CRYPTO.INCLUDE.INTERNAL]"
 $!
 $! Set up the logical name OPENSSL to point at the include directory
 $!
 $ DEFINE OPENSSL /NOLOG '__INCLUDE'
+$ DEFINE INTERNAL /NOLOG '__INTERNAL'
 $!
 $! Done
 $!
@@ -1076,6 +1087,7 @@ $!
 $ IF __SAVE_OPENSSL .EQS. ""
 $ THEN
 $   DEASSIGN OPENSSL
+$   DEASSIGN INTERNAL
 $ ELSE
 $   DEFINE /NOLOG OPENSSL '__SAVE_OPENSSL'
 $ ENDIF
diff --git a/test/tests.com b/test/tests.com
index 62be1e7a46..ba947be3e5 100644
--- a/test/tests.com
+++ b/test/tests.com
@@ -27,6 +27,7 @@ $	endif
 $!
 $	texe_dir := sys$disk:[-.'__archd'.exe.test]
 $	exe_dir := sys$disk:[-.'__archd'.exe.apps]
+$	engines_dir := sys$disk:[-.'__archd'.exe.engines]
 $
 $	set default '__here'
 $
@@ -51,47 +52,55 @@ $! if there's a difference that needs to be taken care of.
 $	    tests := -
 	test_des,test_idea,test_sha,test_md4,test_md5,test_hmac,-
 	test_md2,test_mdc2,test_wp,-
-	test_rmd,test_rc2,test_rc4,test_rc5,test_bf,test_cast,test_aes,-
+	test_rmd,test_rc2,test_rc4,test_rc5,test_bf,test_cast,-
 	test_rand,test_bn,test_ec,test_ecdsa,test_ecdh,-
 	test_enc,test_x509,test_rsa,test_crl,test_sid,-
 	test_gen,test_req,test_pkcs7,test_verify,test_dh,test_dsa,-
 	test_ss,test_ca,test_engine,test_evp,test_ssl,test_tsa,test_ige,-
-	test_jpake,test_srp,test_cms
+	test_jpake,test_srp,test_cms,test_v3name,test_ocsp,-
+	test_gost2814789,test_heartbeat,test_p5_crpt2,-
+	test_constant_time
 $	endif
 $	tests = f$edit(tests,"COLLAPSE")
 $
-$	BNTEST :=	bntest
-$	ECTEST :=	ectest
-$	ECDSATEST :=	ecdsatest
-$	ECDHTEST :=	ecdhtest
-$	EXPTEST :=	exptest
-$	IDEATEST :=	ideatest
-$	SHATEST :=	shatest
-$	SHA1TEST :=	sha1test
-$	MDC2TEST :=	mdc2test
-$	RMDTEST :=	rmdtest
-$	MD2TEST :=	md2test
-$	MD4TEST :=	md4test
-$	MD5TEST :=	md5test
-$	HMACTEST :=	hmactest
-$	WPTEST :=	wp_test
-$	RC2TEST :=	rc2test
-$	RC4TEST :=	rc4test
-$	RC5TEST :=	rc5test
-$	BFTEST :=	bftest
-$	CASTTEST :=	casttest
-$	DESTEST :=	destest
-$	RANDTEST :=	randtest
-$	DHTEST :=	dhtest
-$	DSATEST :=	dsatest
-$	METHTEST :=	methtest
-$	SSLTEST :=	ssltest
-$	RSATEST :=	rsa_test
-$	ENGINETEST :=	enginetest
-$	EVPTEST :=	evp_test
-$	IGETEST :=	igetest
-$	JPAKETEST :=	jpaketest
-$	SRPTEST :=	srptest
+$	BNTEST :=		bntest
+$	ECTEST :=		ectest
+$	ECDSATEST :=		ecdsatest
+$	ECDHTEST :=		ecdhtest
+$	EXPTEST :=		exptest
+$	IDEATEST :=		ideatest
+$	SHA1TEST :=		sha1test
+$	SHA256TEST :=		sha256t
+$	SHA512TEST :=		sha512t
+$	MDC2TEST :=		mdc2test
+$	RMDTEST :=		rmdtest
+$	MD2TEST :=		md2test
+$	MD4TEST :=		md4test
+$	MD5TEST :=		md5test
+$	HMACTEST :=		hmactest
+$	WPTEST :=		wp_test
+$	RC2TEST :=		rc2test
+$	RC4TEST :=		rc4test
+$	RC5TEST :=		rc5test
+$	BFTEST :=		bftest
+$	CASTTEST :=		casttest
+$	DESTEST :=		destest
+$	RANDTEST :=		randtest
+$	DHTEST :=		dhtest
+$	DSATEST :=		dsatest
+$	METHTEST :=		methtest
+$	SSLTEST :=		ssltest
+$	RSATEST :=		rsa_test
+$	ENGINETEST :=		enginetest
+$	GOST2814789TEST :=	gost2814789test
+$	EVPTEST :=		evp_test
+$	P5_CRPT2_TEST :=	p5_crpt2_test
+$	IGETEST :=		igetest
+$	JPAKETEST :=		jpaketest
+$	SRPTEST :=		srptest
+$	V3NAMETEST :=		v3nametest
+$	HEARTBEATTEST :=	heartbeat_test
+$	CONSTTIMETEST :=	constant_time_test
 $!
 $	tests_i = 0
 $ loop_tests:
@@ -105,6 +114,9 @@ $
 $ test_evp:
 $	mcr 'texe_dir''evptest' 'ROOT'.CRYPTO.EVP]evptests.txt
 $	return
+$ test_p5_crpt2:
+$	mcr 'texe_dir''p5_crpt2_test'
+$	return
 $ test_des:
 $	mcr 'texe_dir''destest'
 $	return
@@ -112,8 +124,9 @@ $ test_idea:
 $	mcr 'texe_dir''ideatest'
 $	return
 $ test_sha:
-$	mcr 'texe_dir''shatest'
 $	mcr 'texe_dir''sha1test'
+$	mcr 'texe_dir''sha256test'
+$	mcr 'texe_dir''sha512test'
 $	return
 $ test_mdc2:
 $	mcr 'texe_dir''mdc2test'
@@ -154,6 +167,10 @@ $	return
 $ test_rand:
 $	mcr 'texe_dir''randtest'
 $	return
+$ test_gost2814789:
+$	define/user OPENSSL_ENGINES 'engines_dir'
+$	mcr 'texe_dir''gost2814789test'
+$	return
 $ test_enc:
 $	@testenc.com 'pointer_size'
 $	return
@@ -361,7 +378,21 @@ $ test_srp:
 $	write sys$output "Test SRP"
 $	mcr 'texe_dir''srptest'
 $	return
-$
+$ test_v3name:
+$	write sys$output "Test X509v3_check_*"
+$	mcr 'texe_dir''v3nametest'
+$	return
+$ test_ocsp:
+$	write sys$output "Test OCSP"
+$	@tocsp.com
+$	return
+$ test_heartbeat:
+$	mcr 'texe_dir''heartbeattest'
+$	return
+$ test_constant_time:
+$	write sys$output "Test constant time utilites"
+$	mcr 'texe_dir''consttimetest'
+$	return
 $
 $ exit:
 $	mcr 'exe_dir'openssl version -a
diff --git a/test/tocsp.com b/test/tocsp.com
new file mode 100644
index 0000000000..97253fe464
--- /dev/null
+++ b/test/tocsp.com
@@ -0,0 +1,165 @@
+$! TOCSP.COM  --  Test ocsp
+$
+$	__arch = "VAX"
+$       if f$getsyi("cpu") .ge. 128 then -
+           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$       if __arch .eqs. "" then __arch = "UNK"
+$!
+$       if (p2 .eqs. "64") then __arch = __arch+ "_64"
+$!
+$       exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
+$
+$       cmd = "mcr ''f$parse(exe_dir+"openssl.exe")'"
+$	ocspdir = "ocsp-tests"
+$
+$!	17 December 2012 so we don't get certificate expiry errors.
+$	check_time="-attime 1355875200"
+$
+$ test_ocsp:
+$	subroutine
+$		'cmd' base64 -d -in [.'ocspdir']'p1' -out ocsp-test.test-bin
+$		'cmd' ocsp -respin ocsp-test.test-bin -partial_chain 'check_time' -
+		      "-CAfile" [.'ocspdir']'p2' -verify_other [.'ocspdir']'p2' "-CApath" NLA0:
+$		if $severity .ne. p3+1
+$		then
+$		    write sys$error "OCSP test failed!"
+$		    exit 3
+$		endif
+$	endsubroutine
+$
+$	set noon
+$
+$	write sys$output "=== VALID OCSP RESPONSES ==="
+$	write sys$output "NON-DELEGATED; Intermediate CA -> EE"
+$	call test_ocsp "ND1.ors" "ND1_Issuer_ICA.pem" 0
+$	write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
+$	call test_ocsp "ND2.ors" "ND2_Issuer_Root.pem" 0
+$	write sys$output "NON-DELEGATED; Root CA -> EE"
+$	call test_ocsp "ND3.ors" "ND3_Issuer_Root.pem" 0
+$	write sys$output "DELEGATED; Intermediate CA -> EE"
+$	call test_ocsp "D1.ors" "D1_Issuer_ICA.pem" 0
+$	write sys$output "DELEGATED; Root CA -> Intermediate CA"
+$	call test_ocsp "D2.ors" "D2_Issuer_Root.pem" 0
+$	write sys$output "DELEGATED; Root CA -> EE"
+$	call test_ocsp "D3.ors" "D3_Issuer_Root.pem" 0
+$	
+$	write sys$output "=== INVALID SIGNATURE on the OCSP RESPONSE ==="
+$	write sys$output "NON-DELEGATED; Intermediate CA -> EE"
+$	call test_ocsp "ISOP_ND1.ors" "ND1_Issuer_ICA.pem" 1
+$	write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
+$	call test_ocsp "ISOP_ND2.ors" "ND2_Issuer_Root.pem" 1
+$	write sys$output "NON-DELEGATED; Root CA -> EE"
+$	call test_ocsp "ISOP_ND3.ors" "ND3_Issuer_Root.pem" 1
+$	write sys$output "DELEGATED; Intermediate CA -> EE"
+$	call test_ocsp "ISOP_D1.ors" "D1_Issuer_ICA.pem" 1
+$	write sys$output "DELEGATED; Root CA -> Intermediate CA"
+$	call test_ocsp "ISOP_D2.ors" "D2_Issuer_Root.pem" 1
+$	write sys$output "DELEGATED; Root CA -> EE"
+$	call test_ocsp "ISOP_D3.ors" "D3_Issuer_Root.pem" 1
+$	
+$	write sys$output "=== WRONG RESPONDERID in the OCSP RESPONSE ==="
+$	write sys$output "NON-DELEGATED; Intermediate CA -> EE"
+$	call test_ocsp "WRID_ND1.ors" "ND1_Issuer_ICA.pem" 1
+$	write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
+$	call test_ocsp "WRID_ND2.ors" "ND2_Issuer_Root.pem" 1
+$	write sys$output "NON-DELEGATED; Root CA -> EE"
+$	call test_ocsp "WRID_ND3.ors" "ND3_Issuer_Root.pem" 1
+$	write sys$output "DELEGATED; Intermediate CA -> EE"
+$	call test_ocsp "WRID_D1.ors" "D1_Issuer_ICA.pem" 1
+$	write sys$output "DELEGATED; Root CA -> Intermediate CA"
+$	call test_ocsp "WRID_D2.ors" "D2_Issuer_Root.pem" 1
+$	write sys$output "DELEGATED; Root CA -> EE"
+$	call test_ocsp "WRID_D3.ors" "D3_Issuer_Root.pem" 1
+$	
+$	write sys$output "=== WRONG ISSUERNAMEHASH in the OCSP RESPONSE ==="
+$	write sys$output "NON-DELEGATED; Intermediate CA -> EE"
+$	call test_ocsp "WINH_ND1.ors" "ND1_Issuer_ICA.pem" 1
+$	write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
+$	call test_ocsp "WINH_ND2.ors" "ND2_Issuer_Root.pem" 1
+$	write sys$output "NON-DELEGATED; Root CA -> EE"
+$	call test_ocsp "WINH_ND3.ors" "ND3_Issuer_Root.pem" 1
+$	write sys$output "DELEGATED; Intermediate CA -> EE"
+$	call test_ocsp "WINH_D1.ors" "D1_Issuer_ICA.pem" 1
+$	write sys$output "DELEGATED; Root CA -> Intermediate CA"
+$	call test_ocsp "WINH_D2.ors" "D2_Issuer_Root.pem" 1
+$	write sys$output "DELEGATED; Root CA -> EE"
+$	call test_ocsp "WINH_D3.ors" "D3_Issuer_Root.pem" 1
+$	
+$	write sys$output "=== WRONG ISSUERKEYHASH in the OCSP RESPONSE ==="
+$	write sys$output "NON-DELEGATED; Intermediate CA -> EE"
+$	call test_ocsp "WIKH_ND1.ors" "ND1_Issuer_ICA.pem" 1
+$	write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
+$	call test_ocsp "WIKH_ND2.ors" "ND2_Issuer_Root.pem" 1
+$	write sys$output "NON-DELEGATED; Root CA -> EE"
+$	call test_ocsp "WIKH_ND3.ors" "ND3_Issuer_Root.pem" 1
+$	write sys$output "DELEGATED; Intermediate CA -> EE"
+$	call test_ocsp "WIKH_D1.ors" "D1_Issuer_ICA.pem" 1
+$	write sys$output "DELEGATED; Root CA -> Intermediate CA"
+$	call test_ocsp "WIKH_D2.ors" "D2_Issuer_Root.pem" 1
+$	write sys$output "DELEGATED; Root CA -> EE"
+$	call test_ocsp "WIKH_D3.ors" "D3_Issuer_Root.pem" 1
+$	
+$	write sys$output "=== WRONG KEY in the DELEGATED OCSP SIGNING CERTIFICATE ==="
+$	write sys$output "DELEGATED; Intermediate CA -> EE"
+$	call test_ocsp "WKDOSC_D1.ors" "D1_Issuer_ICA.pem" 1
+$	write sys$output "DELEGATED; Root CA -> Intermediate CA"
+$	call test_ocsp "WKDOSC_D2.ors" "D2_Issuer_Root.pem" 1
+$	write sys$output "DELEGATED; Root CA -> EE"
+$	call test_ocsp "WKDOSC_D3.ors" "D3_Issuer_Root.pem" 1
+$	
+$	write sys$output "=== INVALID SIGNATURE on the DELEGATED OCSP SIGNING CERTIFICATE ==="
+$	write sys$output "DELEGATED; Intermediate CA -> EE"
+$	call test_ocsp "ISDOSC_D1.ors" "D1_Issuer_ICA.pem" 1
+$	write sys$output "DELEGATED; Root CA -> Intermediate CA"
+$	call test_ocsp "ISDOSC_D2.ors" "D2_Issuer_Root.pem" 1
+$	write sys$output "DELEGATED; Root CA -> EE"
+$	call test_ocsp "ISDOSC_D3.ors" "D3_Issuer_Root.pem" 1
+$	
+$	write sys$output "=== WRONG SUBJECT NAME in the ISSUER CERTIFICATE ==="
+$	write sys$output "NON-DELEGATED; Intermediate CA -> EE"
+$	call test_ocsp "ND1.ors" "WSNIC_ND1_Issuer_ICA.pem" 1
+$	write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
+$	call test_ocsp "ND2.ors" "WSNIC_ND2_Issuer_Root.pem" 1
+$	write sys$output "NON-DELEGATED; Root CA -> EE"
+$	call test_ocsp "ND3.ors" "WSNIC_ND3_Issuer_Root.pem" 1
+$	write sys$output "DELEGATED; Intermediate CA -> EE"
+$	call test_ocsp "D1.ors" "WSNIC_D1_Issuer_ICA.pem" 1
+$	write sys$output "DELEGATED; Root CA -> Intermediate CA"
+$	call test_ocsp "D2.ors" "WSNIC_D2_Issuer_Root.pem" 1
+$	write sys$output "DELEGATED; Root CA -> EE"
+$	call test_ocsp "D3.ors" "WSNIC_D3_Issuer_Root.pem" 1
+$	
+$	write sys$output "=== WRONG KEY in the ISSUER CERTIFICATE ==="
+$	write sys$output "NON-DELEGATED; Intermediate CA -> EE"
+$	call test_ocsp "ND1.ors" "WKIC_ND1_Issuer_ICA.pem" 1
+$	write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
+$	call test_ocsp "ND2.ors" "WKIC_ND2_Issuer_Root.pem" 1
+$	write sys$output "NON-DELEGATED; Root CA -> EE"
+$	call test_ocsp "ND3.ors" "WKIC_ND3_Issuer_Root.pem" 1
+$	write sys$output "DELEGATED; Intermediate CA -> EE"
+$	call test_ocsp "D1.ors" "WKIC_D1_Issuer_ICA.pem" 1
+$	write sys$output "DELEGATED; Root CA -> Intermediate CA"
+$	call test_ocsp "D2.ors" "WKIC_D2_Issuer_Root.pem" 1
+$	write sys$output "DELEGATED; Root CA -> EE"
+$	call test_ocsp "D3.ors" "WKIC_D3_Issuer_Root.pem" 1
+$	
+$	write sys$output "=== INVALID SIGNATURE on the ISSUER CERTIFICATE ==="
+$!	Expect success, because we're explicitly trusting the issuer certificate.
+$	write sys$output "NON-DELEGATED; Intermediate CA -> EE"
+$	call test_ocsp "ND1.ors" "ISIC_ND1_Issuer_ICA.pem" 0
+$	write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
+$	call test_ocsp "ND2.ors" "ISIC_ND2_Issuer_Root.pem" 0
+$	write sys$output "NON-DELEGATED; Root CA -> EE"
+$	call test_ocsp "ND3.ors" "ISIC_ND3_Issuer_Root.pem" 0
+$	write sys$output "DELEGATED; Intermediate CA -> EE"
+$	call test_ocsp "D1.ors" "ISIC_D1_Issuer_ICA.pem" 0
+$	write sys$output "DELEGATED; Root CA -> Intermediate CA"
+$	call test_ocsp "D2.ors" "ISIC_D2_Issuer_Root.pem" 0
+$	write sys$output "DELEGATED; Root CA -> EE"
+$	call test_ocsp "D3.ors" "ISIC_D3_Issuer_Root.pem" 0
+$	
+$	write sys$output "ALL OCSP TESTS SUCCESSFUL"
+$
+$	set on
+$	
+$	exit
author	Richard Levitte <levitte@openssl.org>	2015-01-29 13:13:28 +0100
committer	Richard Levitte <levitte@openssl.org>	2015-01-30 14:43:57 +0100
commit	132536f96e1baba466baa7323c0d74bd7948dd5b (patch)
tree	ee3349959567f0d7d47718155dcf792309430e60 /test
parent	c168a027cfe1459e946dade4179938f34894fe1d (diff)