diff options
Diffstat (limited to 'test')
| -rw-r--r-- | test/verify_extra_test.c | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/test/verify_extra_test.c b/test/verify_extra_test.c index 010403e74a..b9959e0c66 100644 --- a/test/verify_extra_test.c +++ b/test/verify_extra_test.c @@ -140,10 +140,22 @@ static int test_alt_chains_cert_forgery(void) i = X509_verify_cert(sctx); - if (i == 0 && X509_STORE_CTX_get_error(sctx) == X509_V_ERR_INVALID_CA) { + if (i != 0 || X509_STORE_CTX_get_error(sctx) != X509_V_ERR_INVALID_CA) + goto err; + + /* repeat with X509_V_FLAG_X509_STRICT */ + X509_STORE_CTX_cleanup(sctx); + X509_STORE_set_flags(store, X509_V_FLAG_X509_STRICT); + + if (!X509_STORE_CTX_init(sctx, store, x, untrusted)) + goto err; + + i = X509_verify_cert(sctx); + + if (i == 0 && X509_STORE_CTX_get_error(sctx) == X509_V_ERR_INVALID_CA) /* This is the result we were expecting: Test passed */ ret = 1; - } + err: X509_STORE_CTX_free(sctx); X509_free(x); |