summaryrefslogtreecommitdiffstats
path: root/test
diff options
context:
space:
mode:
Diffstat (limited to 'test')
-rw-r--r--test/invalid-x509.cnf6
-rw-r--r--test/recipes/25-test_x509.t10
2 files changed, 15 insertions, 1 deletions
diff --git a/test/invalid-x509.cnf b/test/invalid-x509.cnf
new file mode 100644
index 0000000000..f982edb979
--- /dev/null
+++ b/test/invalid-x509.cnf
@@ -0,0 +1,6 @@
+[ext]
+issuerSignTool = signTool
+sbgp-autonomousSysNum = AS
+issuingDistributionPoint = fullname
+sbgp-ipAddrBlock = IPv4-SAFI
+
diff --git a/test/recipes/25-test_x509.t b/test/recipes/25-test_x509.t
index 9bf011c188..9b11169a98 100644
--- a/test/recipes/25-test_x509.t
+++ b/test/recipes/25-test_x509.t
@@ -16,7 +16,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/;
setup("test_x509");
-plan tests => 43;
+plan tests => 44;
# Prevent MSys2 filename munging for arguments that look like file paths but
# aren't
@@ -217,6 +217,14 @@ ok(run(app(["openssl", "x509", "-in", $a_cert, "-CA", $ca_cert,
# verify issuer is CA
ok (get_issuer($a2_cert) =~ /CN=ca.example.com/);
+my $in_csr = srctop_file('test', 'certs', 'x509-check.csr');
+my $in_key = srctop_file('test', 'certs', 'x509-check-key.pem');
+my $invextfile = srctop_file('test', 'invalid-x509.cnf');
+# Test that invalid extensions settings fail
+ok(!run(app(["openssl", "x509", "-req", "-in", $in_csr, "-signkey", $in_key,
+ "-out", "/dev/null", "-days", "3650" , "-extensions", "ext",
+ "-extfile", $invextfile])));
+
# Tests for issue #16080 (fixed in 1.1.1o)
my $b_key = "b-key.pem";
my $b_csr = "b-cert.csr";
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-02 22:43:19 +0000