diff options
| author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2021-06-08 11:54:20 +0200 |
|---|---|---|
| committer | Dr. David von Oheimb <dev@ddvo.net> | 2021-06-09 16:06:10 +0200 |
| commit | 320fc032b98cc452c5dc96600b16da40b155123b (patch) | |
| tree | 84ed927fc558380fa2b70873a1e33fb875698ece /test | |
| parent | 80070e478a780c0b28ffad6fae6828ef060ebe1d (diff) | |
25-test_verify.t: Add test case: accept trusted self-signed EE cert with key usage keyCertSign also when strict
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15656)
Diffstat (limited to 'test')
| -rw-r--r-- | test/certs/ee-ss-with-keyCertSign.pem | 19 | ||||
| -rw-r--r-- | test/recipes/25-test_verify.t | 4 |
2 files changed, 22 insertions, 1 deletions
diff --git a/test/certs/ee-ss-with-keyCertSign.pem b/test/certs/ee-ss-with-keyCertSign.pem new file mode 100644 index 0000000000..a2f3bbe3b6 --- /dev/null +++ b/test/certs/ee-ss-with-keyCertSign.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDEzCCAfugAwIBAgIBATANBgkqhkiG9w0BAQsFADAeMRwwGgYDVQQDDBNFRSB3 +aXRoIGtleUNlcnRTaWduMCAXDTIxMDYwODA5MzYyMFoYDzIxMjEwNjA5MDkzNjIw +WjAeMRwwGgYDVQQDDBNFRSB3aXRoIGtleUNlcnRTaWduMIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEAqP+JWGGFrt7bLA/Vc/vit6gbenVgK9R9PHN2ta7e +ky9/JJBtyRz0ijjNn6KAFlbLtCy7k+UXH/8NxkP+MTT4KNh16aO7iILvo3LiU2IF +RU3gMZfvqp0Q0lgNngaeMrsbCFZdZQ8/Zo7CNqAR/8BZNf1JHN0cQjMGeK4EOCPl +53Vn05StWqlAH6xZEPUMwWStSsTGNVOzlmqCGxWL0Zmr5J5vlKrSluVX+4yRZIo8 +JBbG0hm+gmATO2Kw7T4ds8r5a98xuXqeS0dopynHP0riIie075Bj1+/Qckk+W625 +G9Qrb4Zo3dVzErhDydxBD6KjRk+LZ4iED2H+eTQfSokftwIDAQABo1owWDAJBgNV +HRMEAjAAMAsGA1UdDwQEAwIChDAdBgNVHQ4EFgQU55viKq2KbDrLdlHljgeYIpfh +c6IwHwYDVR0jBBgwFoAU55viKq2KbDrLdlHljgeYIpfhc6IwDQYJKoZIhvcNAQEL +BQADggEBAJGmRJpl4aa34SRZPb02TMTYCU/ieL6wqNJ2qXHinJQtHRuvEIVVaW4c +k3u/hNftu0ZtI2Y/dxQ2tybA4qP1ICkGU6VWAMJLSH83Fvz+6WsQB69zWNAwvVtz +8BVggIEv13RdZbpn10h3lNeLejBGAzYbwLMWpsjYHSNsYC5aqpg+y7mgPyuRDjRR +N26FdQjJEe9Px92h32dK6xxTS2LCiqHlimQCq+gRP/97rZLXNoyHLC6cfGCJpsEV +fFAH44emO2ouODBrQqZRvn+SV7ubWTTeJwY/aK+Wdvu/w3mEwNNDCDqCfE6c6p9h +zAk0no0/4w1o15ua7N+j/9q4iGJxx3k= +-----END CERTIFICATE----- diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t index d42e685259..269b2ba4aa 100644 --- a/test/recipes/25-test_verify.t +++ b/test/recipes/25-test_verify.t @@ -28,7 +28,7 @@ sub verify { run(app([@args])); } -plan tests => 156; +plan tests => 157; # Canonical success ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]), @@ -412,6 +412,8 @@ ok(verify("root-cert-rsa2", "", ["root-cert-rsa2"], [], "-check_ss_sig"), ok(verify("ee-self-signed", "", ["ee-self-signed"], [], "-attime", "1593565200"), "accept trusted self-signed EE cert excluding key usage keyCertSign"); +ok(verify("ee-ss-with-keyCertSign", "", ["ee-ss-with-keyCertSign"], []), + "accept trusted self-signed EE cert with key usage keyCertSign also when strict"); SKIP: { skip "Ed25519 is not supported by this OpenSSL build", 6 |