mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-24 22:11:11 +00:00
Merge branch 'sha1-2.1' into mbedtls-2.1
* sha1-2.1: Cleaned up negative test predicate for test case all.sh: test with SHA-1 enabled SHA-1 deprecation: allow it in key exchange Allow SHA-1 in server tests, when the signature_algorithm extension is not used Document test data makefile X.509 tests: obey compile-time SHA-1 support option Allow SHA-1 in test scripts Test that SHA-1 defaults off Allow SHA-1 in SSL renegotiation tests Test that X.509 verification rejects SHA-256 by default Allow SHA-1 in X.509 and TLS tests X.509 self-tests: replaced SHA-1 certificates by SHA-256 Added SHA256 test certificates Remove SHA-1 in TLS by default
This commit is contained in:
commit
aa859505d2
|
@ -11,6 +11,9 @@ Security
|
||||||
* Wipe stack buffers in RSA private key operations
|
* Wipe stack buffers in RSA private key operations
|
||||||
(rsa_rsaes_pkcs1_v15_decrypt(), rsa_rsaes_oaep_decrypt).
|
(rsa_rsaes_pkcs1_v15_decrypt(), rsa_rsaes_oaep_decrypt).
|
||||||
Found by Laurent Simon.
|
Found by Laurent Simon.
|
||||||
|
* Removed SHA-1 and RIPEMD-160 from the default hash algorithms for
|
||||||
|
certificate verification. SHA-1 can be turned back on with a compile-time
|
||||||
|
option if needed.
|
||||||
|
|
||||||
Bugfix
|
Bugfix
|
||||||
* Remove macros from compat-1.3.h that correspond to deleted items from most
|
* Remove macros from compat-1.3.h that correspond to deleted items from most
|
||||||
|
|
|
@ -2065,7 +2065,8 @@
|
||||||
* library/ssl_tls.c
|
* library/ssl_tls.c
|
||||||
* library/x509write_crt.c
|
* library/x509write_crt.c
|
||||||
*
|
*
|
||||||
* This module is required for SSL/TLS and SHA1-signed certificates.
|
* This module is required for SSL/TLS up to version 1.1, for TLS 1.2
|
||||||
|
* depending on the handshake parameters, and for SHA1-signed certificates.
|
||||||
*/
|
*/
|
||||||
#define MBEDTLS_SHA1_C
|
#define MBEDTLS_SHA1_C
|
||||||
|
|
||||||
|
@ -2426,6 +2427,26 @@
|
||||||
/* X509 options */
|
/* X509 options */
|
||||||
//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */
|
//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Allow SHA-1 in the default TLS configuration for certificate signing.
|
||||||
|
* Without this build-time option, SHA-1 support must be activated explicitly
|
||||||
|
* through mbedtls_ssl_conf_cert_profile. Turning on this option is not
|
||||||
|
* recommended because of it is possible to generte SHA-1 collisions, however
|
||||||
|
* this may be safe for legacy infrastructure where additional controls apply.
|
||||||
|
*/
|
||||||
|
// #define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Allow SHA-1 in the default TLS configuration for TLS 1.2 handshake
|
||||||
|
* signature and ciphersuite selection. Without this build-time option, SHA-1
|
||||||
|
* support must be activated explicitly through mbedtls_ssl_conf_sig_hashes.
|
||||||
|
* The use of SHA-1 in TLS <= 1.1 and in HMAC-SHA-1 is always allowed by
|
||||||
|
* default. At the time of writing, there is no practical attack on the use
|
||||||
|
* of SHA-1 in handshake signatures, hence this option is turned on by default
|
||||||
|
* for compatibility with existing peers.
|
||||||
|
*/
|
||||||
|
#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE
|
||||||
|
|
||||||
/* \} name SECTION: Module configuration options */
|
/* \} name SECTION: Module configuration options */
|
||||||
|
|
||||||
#if defined(TARGET_LIKE_MBED)
|
#if defined(TARGET_LIKE_MBED)
|
||||||
|
|
121
library/certs.c
121
library/certs.c
|
@ -47,6 +47,7 @@
|
||||||
"uCjn8pwUOkABXK8Mss90fzCfCEOtIA==\r\n" \
|
"uCjn8pwUOkABXK8Mss90fzCfCEOtIA==\r\n" \
|
||||||
"-----END CERTIFICATE-----\r\n"
|
"-----END CERTIFICATE-----\r\n"
|
||||||
const char mbedtls_test_ca_crt_ec[] = TEST_CA_CRT_EC;
|
const char mbedtls_test_ca_crt_ec[] = TEST_CA_CRT_EC;
|
||||||
|
const size_t mbedtls_test_ca_crt_ec_len = sizeof( mbedtls_test_ca_crt_ec );
|
||||||
|
|
||||||
const char mbedtls_test_ca_key_ec[] =
|
const char mbedtls_test_ca_key_ec[] =
|
||||||
"-----BEGIN EC PRIVATE KEY-----\r\n"
|
"-----BEGIN EC PRIVATE KEY-----\r\n"
|
||||||
|
@ -58,8 +59,10 @@ const char mbedtls_test_ca_key_ec[] =
|
||||||
"UsuWTITwJImcnlAs1gaRZ3sAWm7cOUidL0fo2G0fYUFNcYoCSLffCFTEHBuPnagb\r\n"
|
"UsuWTITwJImcnlAs1gaRZ3sAWm7cOUidL0fo2G0fYUFNcYoCSLffCFTEHBuPnagb\r\n"
|
||||||
"a77x/sY1Bvii8S9/XhDTb6pTMx06wzrm\r\n"
|
"a77x/sY1Bvii8S9/XhDTb6pTMx06wzrm\r\n"
|
||||||
"-----END EC PRIVATE KEY-----\r\n";
|
"-----END EC PRIVATE KEY-----\r\n";
|
||||||
|
const size_t mbedtls_test_ca_key_ec_len = sizeof( mbedtls_test_ca_key_ec );
|
||||||
|
|
||||||
const char mbedtls_test_ca_pwd_ec[] = "PolarSSLTest";
|
const char mbedtls_test_ca_pwd_ec[] = "PolarSSLTest";
|
||||||
|
const size_t mbedtls_test_ca_pwd_ec_len = sizeof( mbedtls_test_ca_pwd_ec ) - 1;
|
||||||
|
|
||||||
const char mbedtls_test_srv_crt_ec[] =
|
const char mbedtls_test_srv_crt_ec[] =
|
||||||
"-----BEGIN CERTIFICATE-----\r\n"
|
"-----BEGIN CERTIFICATE-----\r\n"
|
||||||
|
@ -76,6 +79,7 @@ const char mbedtls_test_srv_crt_ec[] =
|
||||||
"C12r0Lz3ri/moSEpNZWqPjkCMCE2f53GXcYLqyfyJR078c/xNSUU5+Xxl7VZ414V\r\n"
|
"C12r0Lz3ri/moSEpNZWqPjkCMCE2f53GXcYLqyfyJR078c/xNSUU5+Xxl7VZ414V\r\n"
|
||||||
"fGa5kHvHARBPc8YAIVIqDvHH1Q==\r\n"
|
"fGa5kHvHARBPc8YAIVIqDvHH1Q==\r\n"
|
||||||
"-----END CERTIFICATE-----\r\n";
|
"-----END CERTIFICATE-----\r\n";
|
||||||
|
const size_t mbedtls_test_srv_crt_ec_len = sizeof( mbedtls_test_srv_crt_ec );
|
||||||
|
|
||||||
const char mbedtls_test_srv_key_ec[] =
|
const char mbedtls_test_srv_key_ec[] =
|
||||||
"-----BEGIN EC PRIVATE KEY-----\r\n"
|
"-----BEGIN EC PRIVATE KEY-----\r\n"
|
||||||
|
@ -83,6 +87,7 @@ const char mbedtls_test_srv_key_ec[] =
|
||||||
"AwEHoUQDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDYIxH/\r\n"
|
"AwEHoUQDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDYIxH/\r\n"
|
||||||
"6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/w==\r\n"
|
"6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/w==\r\n"
|
||||||
"-----END EC PRIVATE KEY-----\r\n";
|
"-----END EC PRIVATE KEY-----\r\n";
|
||||||
|
const size_t mbedtls_test_srv_key_ec_len = sizeof( mbedtls_test_srv_key_ec );
|
||||||
|
|
||||||
const char mbedtls_test_cli_crt_ec[] =
|
const char mbedtls_test_cli_crt_ec[] =
|
||||||
"-----BEGIN CERTIFICATE-----\r\n"
|
"-----BEGIN CERTIFICATE-----\r\n"
|
||||||
|
@ -99,6 +104,7 @@ const char mbedtls_test_cli_crt_ec[] =
|
||||||
"lgOsjnhw3fIOoLIWy2WOGsk/LGF++DzvrRzuNiACMQCd8iem1XS4JK7haj8xocpU\r\n"
|
"lgOsjnhw3fIOoLIWy2WOGsk/LGF++DzvrRzuNiACMQCd8iem1XS4JK7haj8xocpU\r\n"
|
||||||
"LwjQje5PDGHfd3h9tP38Qknu5bJqws0md2KOKHyeV0U=\r\n"
|
"LwjQje5PDGHfd3h9tP38Qknu5bJqws0md2KOKHyeV0U=\r\n"
|
||||||
"-----END CERTIFICATE-----\r\n";
|
"-----END CERTIFICATE-----\r\n";
|
||||||
|
const size_t mbedtls_test_cli_crt_ec_len = sizeof( mbedtls_test_cli_crt_ec );
|
||||||
|
|
||||||
const char mbedtls_test_cli_key_ec[] =
|
const char mbedtls_test_cli_key_ec[] =
|
||||||
"-----BEGIN EC PRIVATE KEY-----\r\n"
|
"-----BEGIN EC PRIVATE KEY-----\r\n"
|
||||||
|
@ -106,20 +112,12 @@ const char mbedtls_test_cli_key_ec[] =
|
||||||
"AwEHoUQDQgAEV+WusXPf06y7k7iB/xKu7uZTrM5VU/Y0Dswu42MlC9+Y4vNcYDaW\r\n"
|
"AwEHoUQDQgAEV+WusXPf06y7k7iB/xKu7uZTrM5VU/Y0Dswu42MlC9+Y4vNcYDaW\r\n"
|
||||||
"wNUYFHDlf5/VS0UY5bBs1Vz4lo+HcKPkxw==\r\n"
|
"wNUYFHDlf5/VS0UY5bBs1Vz4lo+HcKPkxw==\r\n"
|
||||||
"-----END EC PRIVATE KEY-----\r\n";
|
"-----END EC PRIVATE KEY-----\r\n";
|
||||||
|
|
||||||
const size_t mbedtls_test_ca_crt_ec_len = sizeof( mbedtls_test_ca_crt_ec );
|
|
||||||
const size_t mbedtls_test_ca_key_ec_len = sizeof( mbedtls_test_ca_key_ec );
|
|
||||||
const size_t mbedtls_test_ca_pwd_ec_len = sizeof( mbedtls_test_ca_pwd_ec ) - 1;
|
|
||||||
const size_t mbedtls_test_srv_crt_ec_len = sizeof( mbedtls_test_srv_crt_ec );
|
|
||||||
const size_t mbedtls_test_srv_key_ec_len = sizeof( mbedtls_test_srv_key_ec );
|
|
||||||
const size_t mbedtls_test_cli_crt_ec_len = sizeof( mbedtls_test_cli_crt_ec );
|
|
||||||
const size_t mbedtls_test_cli_key_ec_len = sizeof( mbedtls_test_cli_key_ec );
|
const size_t mbedtls_test_cli_key_ec_len = sizeof( mbedtls_test_cli_key_ec );
|
||||||
#else
|
|
||||||
#define TEST_CA_CRT_EC
|
|
||||||
#endif /* MBEDTLS_ECDSA_C */
|
#endif /* MBEDTLS_ECDSA_C */
|
||||||
|
|
||||||
#if defined(MBEDTLS_RSA_C)
|
#if defined(MBEDTLS_RSA_C)
|
||||||
#define TEST_CA_CRT_RSA \
|
#if defined(MBEDTLS_SHA1_C)
|
||||||
|
#define TEST_CA_CRT_RSA_SHA1 \
|
||||||
"-----BEGIN CERTIFICATE-----\r\n" \
|
"-----BEGIN CERTIFICATE-----\r\n" \
|
||||||
"MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" \
|
"MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" \
|
||||||
"MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \
|
"MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \
|
||||||
|
@ -141,7 +139,34 @@ const size_t mbedtls_test_cli_key_ec_len = sizeof( mbedtls_test_cli_key_ec );
|
||||||
"m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ\r\n" \
|
"m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ\r\n" \
|
||||||
"7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA==\r\n" \
|
"7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA==\r\n" \
|
||||||
"-----END CERTIFICATE-----\r\n"
|
"-----END CERTIFICATE-----\r\n"
|
||||||
const char mbedtls_test_ca_crt_rsa[] = TEST_CA_CRT_RSA;
|
static const char mbedtls_test_ca_crt_rsa_sha1[] = TEST_CA_CRT_RSA_SHA1;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SHA256_C)
|
||||||
|
#define TEST_CA_CRT_RSA_SHA256 \
|
||||||
|
"-----BEGIN CERTIFICATE-----\r\n" \
|
||||||
|
"MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n" \
|
||||||
|
"MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \
|
||||||
|
"MTcwNTA0MTY1NzAxWhcNMjcwNTA1MTY1NzAxWjA7MQswCQYDVQQGEwJOTDERMA8G\r\n" \
|
||||||
|
"A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G\r\n" \
|
||||||
|
"CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx\r\n" \
|
||||||
|
"mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny\r\n" \
|
||||||
|
"50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n\r\n" \
|
||||||
|
"YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL\r\n" \
|
||||||
|
"R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu\r\n" \
|
||||||
|
"KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj\r\n" \
|
||||||
|
"gZUwgZIwHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/MGMGA1UdIwRcMFqA\r\n" \
|
||||||
|
"FLRa5KWz3tJS9rnVppUP6z68x/3/oT+kPTA7MQswCQYDVQQGEwJOTDERMA8GA1UE\r\n" \
|
||||||
|
"CgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0GCAQAwDAYDVR0T\r\n" \
|
||||||
|
"BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAHK/HHrTZMnnVMpde1io+voAtql7j\r\n" \
|
||||||
|
"4sRhLrjD7o3THtwRbDa2diCvpq0Sq23Ng2LMYoXsOxoL/RQK3iN7UKxV3MKPEr0w\r\n" \
|
||||||
|
"XQS+kKQqiT2bsfrjnWMVHZtUOMpm6FNqcdGm/Rss3vKda2lcKl8kUnq/ylc1+QbB\r\n" \
|
||||||
|
"G6A6tUvQcr2ZyWfVg+mM5XkhTrOOXus2OLikb4WwEtJTJRNE0f+yPODSUz0/vT57\r\n" \
|
||||||
|
"ApH0CnB80bYJshYHPHHymOtleAB8KSYtqm75g/YNobjnjB6cm4HkW3OZRVIl6fYY\r\n" \
|
||||||
|
"n20NRVA1Vjs6GAROr4NqW4k/+LofY9y0LLDE+p0oIEKXIsIvhPr39swxSA==\r\n" \
|
||||||
|
"-----END CERTIFICATE-----\r\n"
|
||||||
|
static const char mbedtls_test_ca_crt_rsa_sha256[] = TEST_CA_CRT_RSA_SHA256;
|
||||||
|
#endif
|
||||||
|
|
||||||
const char mbedtls_test_ca_key_rsa[] =
|
const char mbedtls_test_ca_key_rsa[] =
|
||||||
"-----BEGIN RSA PRIVATE KEY-----\r\n"
|
"-----BEGIN RSA PRIVATE KEY-----\r\n"
|
||||||
|
@ -174,8 +199,10 @@ const char mbedtls_test_ca_key_rsa[] =
|
||||||
"wN48lslbHnqqagr6Xm1nNOSVl8C/6kbJEsMpLhAezfRtGwvOucoaE+WbeUNolGde\r\n"
|
"wN48lslbHnqqagr6Xm1nNOSVl8C/6kbJEsMpLhAezfRtGwvOucoaE+WbeUNolGde\r\n"
|
||||||
"P/eQiddSf0brnpiLJRh7qZrl9XuqYdpUqnoEdMAfotDOID8OtV7gt8a48ad8VPW2\r\n"
|
"P/eQiddSf0brnpiLJRh7qZrl9XuqYdpUqnoEdMAfotDOID8OtV7gt8a48ad8VPW2\r\n"
|
||||||
"-----END RSA PRIVATE KEY-----\r\n";
|
"-----END RSA PRIVATE KEY-----\r\n";
|
||||||
|
const size_t mbedtls_test_ca_key_rsa_len = sizeof( mbedtls_test_ca_key_rsa );
|
||||||
|
|
||||||
const char mbedtls_test_ca_pwd_rsa[] = "PolarSSLTest";
|
const char mbedtls_test_ca_pwd_rsa[] = "PolarSSLTest";
|
||||||
|
const size_t mbedtls_test_ca_pwd_rsa_len = sizeof( mbedtls_test_ca_pwd_rsa ) - 1;
|
||||||
|
|
||||||
const char mbedtls_test_srv_crt_rsa[] =
|
const char mbedtls_test_srv_crt_rsa[] =
|
||||||
"-----BEGIN CERTIFICATE-----\r\n"
|
"-----BEGIN CERTIFICATE-----\r\n"
|
||||||
|
@ -198,6 +225,7 @@ const char mbedtls_test_srv_crt_rsa[] =
|
||||||
"RRQfaD8neM9c1S/iJ/amTVqJxA1KOdOS5780WhPfSArA+g4qAmSjelc3p4wWpha8\r\n"
|
"RRQfaD8neM9c1S/iJ/amTVqJxA1KOdOS5780WhPfSArA+g4qAmSjelc3p4wWpha8\r\n"
|
||||||
"zhuYwjVuX6JHG0c=\r\n"
|
"zhuYwjVuX6JHG0c=\r\n"
|
||||||
"-----END CERTIFICATE-----\r\n";
|
"-----END CERTIFICATE-----\r\n";
|
||||||
|
const size_t mbedtls_test_srv_crt_rsa_len = sizeof( mbedtls_test_srv_crt_rsa );
|
||||||
|
|
||||||
const char mbedtls_test_srv_key_rsa[] =
|
const char mbedtls_test_srv_key_rsa[] =
|
||||||
"-----BEGIN RSA PRIVATE KEY-----\r\n"
|
"-----BEGIN RSA PRIVATE KEY-----\r\n"
|
||||||
|
@ -227,27 +255,29 @@ const char mbedtls_test_srv_key_rsa[] =
|
||||||
"4AgahOxIxXx2gxJnq3yfkJfIjwf0s2DyP0kY2y6Ua1OeomPeY9mrIS4tCuDQ6LrE\r\n"
|
"4AgahOxIxXx2gxJnq3yfkJfIjwf0s2DyP0kY2y6Ua1OeomPeY9mrIS4tCuDQ6LrE\r\n"
|
||||||
"TB6l9VGoxJL4fyHnZb8L5gGvnB1bbD8cL6YPaDiOhcRseC9vBiEuVg==\r\n"
|
"TB6l9VGoxJL4fyHnZb8L5gGvnB1bbD8cL6YPaDiOhcRseC9vBiEuVg==\r\n"
|
||||||
"-----END RSA PRIVATE KEY-----\r\n";
|
"-----END RSA PRIVATE KEY-----\r\n";
|
||||||
|
const size_t mbedtls_test_srv_key_rsa_len = sizeof( mbedtls_test_srv_key_rsa );
|
||||||
|
|
||||||
const char mbedtls_test_cli_crt_rsa[] =
|
static const char mbedtls_test_cli_crt_rsa_sha256[] =
|
||||||
"-----BEGIN CERTIFICATE-----\r\n"
|
"-----BEGIN CERTIFICATE-----\r\n"
|
||||||
"MIIDPzCCAiegAwIBAgIBBDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n"
|
"MIIDhTCCAm2gAwIBAgIBBDANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n"
|
||||||
"MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n"
|
"MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n"
|
||||||
"MTEwMjEyMTQ0NDA3WhcNMjEwMjEyMTQ0NDA3WjA8MQswCQYDVQQGEwJOTDERMA8G\r\n"
|
"MTcwNTA1MTMwNzU5WhcNMjcwNTA2MTMwNzU5WjA8MQswCQYDVQQGEwJOTDERMA8G\r\n"
|
||||||
"A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIENsaWVudCAyMIIBIjAN\r\n"
|
"A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIENsaWVudCAyMIIBIjAN\r\n"
|
||||||
"BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6f\r\n"
|
"BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6f\r\n"
|
||||||
"M60Nj4o8VmXl3ETZzGaFB9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu\r\n"
|
"M60Nj4o8VmXl3ETZzGaFB9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu\r\n"
|
||||||
"1C93KYRhTYJQj6eVSHD1bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEw\r\n"
|
"1C93KYRhTYJQj6eVSHD1bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEw\r\n"
|
||||||
"MjDV0/YI0FZPRo7yX/k9Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v\r\n"
|
"MjDV0/YI0FZPRo7yX/k9Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v\r\n"
|
||||||
"4Jv4EFbMs44TFeY0BGbH7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx/\r\n"
|
"4Jv4EFbMs44TFeY0BGbH7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx/\r\n"
|
||||||
"/DZrtenNLQNiTrM9AM+vdqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQAB\r\n"
|
"/DZrtenNLQNiTrM9AM+vdqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQAB\r\n"
|
||||||
"o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBRxoQBzckAvVHZeM/xSj7zx3WtGITAf\r\n"
|
"o4GSMIGPMB0GA1UdDgQWBBRxoQBzckAvVHZeM/xSj7zx3WtGITBjBgNVHSMEXDBa\r\n"
|
||||||
"BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQUFAAOC\r\n"
|
"gBS0WuSls97SUva51aaVD+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNV\r\n"
|
||||||
"AQEAAn86isAM8X+mVwJqeItt6E9slhEQbAofyk+diH1Lh8Y9iLlWQSKbw/UXYjx5\r\n"
|
"BAoMCFBvbGFyU1NMMRkwFwYDVQQDDBBQb2xhclNTTCBUZXN0IENBggEAMAkGA1Ud\r\n"
|
||||||
"LLPZcniovxIcARC/BjyZR9g3UwTHNGNm+rwrqa15viuNOFBchykX/Orsk02EH7NR\r\n"
|
"EwQCMAAwDQYJKoZIhvcNAQELBQADggEBAC7yO786NvcHpK8UovKIG9cB32oSQQom\r\n"
|
||||||
"Alw5WLPorYjED6cdVQgBl9ot93HdJogRiXCxErM7NC8/eP511mjq+uLDjLKH8ZPQ\r\n"
|
"LoR0eHDRzdqEkoq7yGZufHFiRAAzbMqJfogRtxlrWAeB4y/jGaMBV25IbFOIcH2W\r\n"
|
||||||
"8I4ekHJnroLsDkIwXKGIsvIBHQy2ac/NwHLCQOK6mfum1pRx52V4Utu5dLLjD5bM\r\n"
|
"iCEaMMbG+VQLKNvuC63kmw/Zewc9ThM6Pa1Hcy0axT0faf1B/U01j0FIcw/6mTfK\r\n"
|
||||||
"xOBC7KU4xZKuMXXZM6/93Yb51K/J4ahf1TxJlTWXtnzDr9saEYdNy2SKY/6ZiDNH\r\n"
|
"D8w48OIwc1yr0JtutCVjig5DC0yznGMt32RyseOLcUe+lfq005v2PAiCozr5X8rE\r\n"
|
||||||
"D+stpAKiQLAWaAusIWKYEyw9MQ==\r\n"
|
"ofGZpiM2NqRPePgYy+Vc75Zk28xkRQq1ncprgQb3S4vTsZdScpM9hLf+eMlrgqlj\r\n"
|
||||||
|
"c5PLSkXBeLE5+fedkyfTaLxxQlgCpuoOhKBm04/R1pWNzUHyqagjO9Q=\r\n"
|
||||||
"-----END CERTIFICATE-----\r\n";
|
"-----END CERTIFICATE-----\r\n";
|
||||||
|
|
||||||
const char mbedtls_test_cli_key_rsa[] =
|
const char mbedtls_test_cli_key_rsa[] =
|
||||||
|
@ -278,28 +308,32 @@ const char mbedtls_test_cli_key_rsa[] =
|
||||||
"bHFVW2r0dBTqegP2/KTOxKzaHfC1qf0RGDsUoJCNJrd1cwoCLG8P2EF4w3OBrKqv\r\n"
|
"bHFVW2r0dBTqegP2/KTOxKzaHfC1qf0RGDsUoJCNJrd1cwoCLG8P2EF4w3OBrKqv\r\n"
|
||||||
"8u4ytY0F+Vlanj5lm3TaoHSVF1+NWPyOTiwevIECGKwSxvlki4fDAA==\r\n"
|
"8u4ytY0F+Vlanj5lm3TaoHSVF1+NWPyOTiwevIECGKwSxvlki4fDAA==\r\n"
|
||||||
"-----END RSA PRIVATE KEY-----\r\n";
|
"-----END RSA PRIVATE KEY-----\r\n";
|
||||||
|
|
||||||
const size_t mbedtls_test_ca_crt_rsa_len = sizeof( mbedtls_test_ca_crt_rsa );
|
|
||||||
const size_t mbedtls_test_ca_key_rsa_len = sizeof( mbedtls_test_ca_key_rsa );
|
|
||||||
const size_t mbedtls_test_ca_pwd_rsa_len = sizeof( mbedtls_test_ca_pwd_rsa ) - 1;
|
|
||||||
const size_t mbedtls_test_srv_crt_rsa_len = sizeof( mbedtls_test_srv_crt_rsa );
|
|
||||||
const size_t mbedtls_test_srv_key_rsa_len = sizeof( mbedtls_test_srv_key_rsa );
|
|
||||||
const size_t mbedtls_test_cli_crt_rsa_len = sizeof( mbedtls_test_cli_crt_rsa );
|
|
||||||
const size_t mbedtls_test_cli_key_rsa_len = sizeof( mbedtls_test_cli_key_rsa );
|
const size_t mbedtls_test_cli_key_rsa_len = sizeof( mbedtls_test_cli_key_rsa );
|
||||||
#else
|
|
||||||
#define TEST_CA_CRT_RSA
|
|
||||||
#endif /* MBEDTLS_RSA_C */
|
#endif /* MBEDTLS_RSA_C */
|
||||||
|
|
||||||
#if defined(MBEDTLS_PEM_PARSE_C)
|
#if defined(MBEDTLS_PEM_PARSE_C)
|
||||||
/* Concatenation of all available CA certificates */
|
/* Concatenation of all available CA certificates */
|
||||||
const char mbedtls_test_cas_pem[] = TEST_CA_CRT_RSA TEST_CA_CRT_EC;
|
const char mbedtls_test_cas_pem[] =
|
||||||
|
#ifdef TEST_CA_CRT_RSA_SHA1
|
||||||
|
TEST_CA_CRT_RSA_SHA1
|
||||||
|
#endif
|
||||||
|
#ifdef TEST_CA_CRT_RSA_SHA256
|
||||||
|
TEST_CA_CRT_RSA_SHA256
|
||||||
|
#endif
|
||||||
|
#ifdef TEST_CA_CRT_EC
|
||||||
|
TEST_CA_CRT_EC
|
||||||
|
#endif
|
||||||
|
"";
|
||||||
const size_t mbedtls_test_cas_pem_len = sizeof( mbedtls_test_cas_pem );
|
const size_t mbedtls_test_cas_pem_len = sizeof( mbedtls_test_cas_pem );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* List of all available CA certificates */
|
/* List of all available CA certificates */
|
||||||
const char * mbedtls_test_cas[] = {
|
const char * mbedtls_test_cas[] = {
|
||||||
#if defined(MBEDTLS_RSA_C)
|
#if defined(TEST_CA_CRT_RSA_SHA1)
|
||||||
mbedtls_test_ca_crt_rsa,
|
mbedtls_test_ca_crt_rsa_sha1,
|
||||||
|
#endif
|
||||||
|
#if defined(TEST_CA_CRT_RSA_SHA256)
|
||||||
|
mbedtls_test_ca_crt_rsa_sha256,
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_ECDSA_C)
|
#if defined(MBEDTLS_ECDSA_C)
|
||||||
mbedtls_test_ca_crt_ec,
|
mbedtls_test_ca_crt_ec,
|
||||||
|
@ -307,8 +341,11 @@ const char * mbedtls_test_cas[] = {
|
||||||
NULL
|
NULL
|
||||||
};
|
};
|
||||||
const size_t mbedtls_test_cas_len[] = {
|
const size_t mbedtls_test_cas_len[] = {
|
||||||
#if defined(MBEDTLS_RSA_C)
|
#if defined(TEST_CA_CRT_RSA_SHA1)
|
||||||
sizeof( mbedtls_test_ca_crt_rsa ),
|
sizeof( mbedtls_test_ca_crt_rsa_sha1 ),
|
||||||
|
#endif
|
||||||
|
#if defined(TEST_CA_CRT_RSA_SHA256)
|
||||||
|
sizeof( mbedtls_test_ca_crt_rsa_sha256 ),
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_ECDSA_C)
|
#if defined(MBEDTLS_ECDSA_C)
|
||||||
sizeof( mbedtls_test_ca_crt_ec ),
|
sizeof( mbedtls_test_ca_crt_ec ),
|
||||||
|
@ -317,19 +354,19 @@ const size_t mbedtls_test_cas_len[] = {
|
||||||
};
|
};
|
||||||
|
|
||||||
#if defined(MBEDTLS_RSA_C)
|
#if defined(MBEDTLS_RSA_C)
|
||||||
const char *mbedtls_test_ca_crt = mbedtls_test_ca_crt_rsa;
|
const char *mbedtls_test_ca_crt = mbedtls_test_ca_crt_rsa_sha256;
|
||||||
const char *mbedtls_test_ca_key = mbedtls_test_ca_key_rsa;
|
const char *mbedtls_test_ca_key = mbedtls_test_ca_key_rsa;
|
||||||
const char *mbedtls_test_ca_pwd = mbedtls_test_ca_pwd_rsa;
|
const char *mbedtls_test_ca_pwd = mbedtls_test_ca_pwd_rsa;
|
||||||
const char *mbedtls_test_srv_crt = mbedtls_test_srv_crt_rsa;
|
const char *mbedtls_test_srv_crt = mbedtls_test_srv_crt_rsa;
|
||||||
const char *mbedtls_test_srv_key = mbedtls_test_srv_key_rsa;
|
const char *mbedtls_test_srv_key = mbedtls_test_srv_key_rsa;
|
||||||
const char *mbedtls_test_cli_crt = mbedtls_test_cli_crt_rsa;
|
const char *mbedtls_test_cli_crt = mbedtls_test_cli_crt_rsa_sha256;
|
||||||
const char *mbedtls_test_cli_key = mbedtls_test_cli_key_rsa;
|
const char *mbedtls_test_cli_key = mbedtls_test_cli_key_rsa;
|
||||||
const size_t mbedtls_test_ca_crt_len = sizeof( mbedtls_test_ca_crt_rsa );
|
const size_t mbedtls_test_ca_crt_len = sizeof( mbedtls_test_ca_crt_rsa_sha256 );
|
||||||
const size_t mbedtls_test_ca_key_len = sizeof( mbedtls_test_ca_key_rsa );
|
const size_t mbedtls_test_ca_key_len = sizeof( mbedtls_test_ca_key_rsa );
|
||||||
const size_t mbedtls_test_ca_pwd_len = sizeof( mbedtls_test_ca_pwd_rsa ) - 1;
|
const size_t mbedtls_test_ca_pwd_len = sizeof( mbedtls_test_ca_pwd_rsa ) - 1;
|
||||||
const size_t mbedtls_test_srv_crt_len = sizeof( mbedtls_test_srv_crt_rsa );
|
const size_t mbedtls_test_srv_crt_len = sizeof( mbedtls_test_srv_crt_rsa );
|
||||||
const size_t mbedtls_test_srv_key_len = sizeof( mbedtls_test_srv_key_rsa );
|
const size_t mbedtls_test_srv_key_len = sizeof( mbedtls_test_srv_key_rsa );
|
||||||
const size_t mbedtls_test_cli_crt_len = sizeof( mbedtls_test_cli_crt_rsa );
|
const size_t mbedtls_test_cli_crt_len = sizeof( mbedtls_test_cli_crt_rsa_sha256 );
|
||||||
const size_t mbedtls_test_cli_key_len = sizeof( mbedtls_test_cli_key_rsa );
|
const size_t mbedtls_test_cli_key_len = sizeof( mbedtls_test_cli_key_rsa );
|
||||||
#else /* ! MBEDTLS_RSA_C, so MBEDTLS_ECDSA_C */
|
#else /* ! MBEDTLS_RSA_C, so MBEDTLS_ECDSA_C */
|
||||||
const char *mbedtls_test_ca_crt = mbedtls_test_ca_crt_ec;
|
const char *mbedtls_test_ca_crt = mbedtls_test_ca_crt_ec;
|
||||||
|
|
|
@ -1985,8 +1985,8 @@ static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl,
|
||||||
*/
|
*/
|
||||||
if( mbedtls_ssl_check_sig_hash( ssl, *md_alg ) != 0 )
|
if( mbedtls_ssl_check_sig_hash( ssl, *md_alg ) != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "server used HashAlgorithm "
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "server used HashAlgorithm %d that was not offered",
|
||||||
"that was not offered" ) );
|
*(p)[0] ) );
|
||||||
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
|
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -7043,7 +7043,7 @@ static int ssl_preset_default_hashes[] = {
|
||||||
MBEDTLS_MD_SHA256,
|
MBEDTLS_MD_SHA256,
|
||||||
MBEDTLS_MD_SHA224,
|
MBEDTLS_MD_SHA224,
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_SHA1_C)
|
#if defined(MBEDTLS_SHA1_C) && defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE)
|
||||||
MBEDTLS_MD_SHA1,
|
MBEDTLS_MD_SHA1,
|
||||||
#endif
|
#endif
|
||||||
MBEDTLS_MD_NONE
|
MBEDTLS_MD_NONE
|
||||||
|
|
|
@ -1030,7 +1030,7 @@ int mbedtls_x509_time_is_future( const mbedtls_x509_time *from )
|
||||||
*/
|
*/
|
||||||
int mbedtls_x509_self_test( int verbose )
|
int mbedtls_x509_self_test( int verbose )
|
||||||
{
|
{
|
||||||
#if defined(MBEDTLS_CERTS_C) && defined(MBEDTLS_SHA1_C)
|
#if defined(MBEDTLS_CERTS_C) && defined(MBEDTLS_SHA256_C)
|
||||||
int ret;
|
int ret;
|
||||||
uint32_t flags;
|
uint32_t flags;
|
||||||
mbedtls_x509_crt cacert;
|
mbedtls_x509_crt cacert;
|
||||||
|
|
|
@ -85,9 +85,11 @@ static void mbedtls_zeroize( void *v, size_t n ) {
|
||||||
*/
|
*/
|
||||||
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default =
|
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default =
|
||||||
{
|
{
|
||||||
/* Hashes from SHA-1 and above */
|
#if defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES)
|
||||||
|
/* Allow SHA-1 (weak, but still safe in controlled environments) */
|
||||||
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 ) |
|
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 ) |
|
||||||
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_RIPEMD160 ) |
|
#endif
|
||||||
|
/* Only SHA-2 hashes */
|
||||||
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 ) |
|
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 ) |
|
||||||
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
|
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
|
||||||
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) |
|
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) |
|
||||||
|
|
|
@ -83,6 +83,7 @@ int main( void )
|
||||||
#define DFL_MIN_VERSION -1
|
#define DFL_MIN_VERSION -1
|
||||||
#define DFL_MAX_VERSION -1
|
#define DFL_MAX_VERSION -1
|
||||||
#define DFL_ARC4 -1
|
#define DFL_ARC4 -1
|
||||||
|
#define DFL_SHA1 -1
|
||||||
#define DFL_AUTH_MODE -1
|
#define DFL_AUTH_MODE -1
|
||||||
#define DFL_MFL_CODE MBEDTLS_SSL_MAX_FRAG_LEN_NONE
|
#define DFL_MFL_CODE MBEDTLS_SSL_MAX_FRAG_LEN_NONE
|
||||||
#define DFL_TRUNC_HMAC -1
|
#define DFL_TRUNC_HMAC -1
|
||||||
|
@ -251,6 +252,7 @@ int main( void )
|
||||||
USAGE_DHMLEN \
|
USAGE_DHMLEN \
|
||||||
"\n" \
|
"\n" \
|
||||||
" arc4=%%d default: (library default: 0)\n" \
|
" arc4=%%d default: (library default: 0)\n" \
|
||||||
|
" allow_sha1=%%d default: 0\n" \
|
||||||
" min_version=%%s default: (library default: tls1)\n" \
|
" min_version=%%s default: (library default: tls1)\n" \
|
||||||
" max_version=%%s default: (library default: tls1_2)\n" \
|
" max_version=%%s default: (library default: tls1_2)\n" \
|
||||||
" force_version=%%s default: \"\" (none)\n" \
|
" force_version=%%s default: \"\" (none)\n" \
|
||||||
|
@ -288,6 +290,7 @@ struct options
|
||||||
int min_version; /* minimum protocol version accepted */
|
int min_version; /* minimum protocol version accepted */
|
||||||
int max_version; /* maximum protocol version accepted */
|
int max_version; /* maximum protocol version accepted */
|
||||||
int arc4; /* flag for arc4 suites support */
|
int arc4; /* flag for arc4 suites support */
|
||||||
|
int allow_sha1; /* flag for SHA-1 support */
|
||||||
int auth_mode; /* verify mode for connection */
|
int auth_mode; /* verify mode for connection */
|
||||||
unsigned char mfl_code; /* code for maximum fragment length */
|
unsigned char mfl_code; /* code for maximum fragment length */
|
||||||
int trunc_hmac; /* negotiate truncated hmac or not */
|
int trunc_hmac; /* negotiate truncated hmac or not */
|
||||||
|
@ -382,6 +385,22 @@ static int my_verify( void *data, mbedtls_x509_crt *crt, int depth, uint32_t *fl
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int ssl_sig_hashes_for_test[] = {
|
||||||
|
#if defined(MBEDTLS_SHA512_C)
|
||||||
|
MBEDTLS_MD_SHA512,
|
||||||
|
MBEDTLS_MD_SHA384,
|
||||||
|
#endif
|
||||||
|
#if defined(MBEDTLS_SHA256_C)
|
||||||
|
MBEDTLS_MD_SHA256,
|
||||||
|
MBEDTLS_MD_SHA224,
|
||||||
|
#endif
|
||||||
|
#if defined(MBEDTLS_SHA1_C)
|
||||||
|
/* Allow SHA-1 as we use it extensively in tests. */
|
||||||
|
MBEDTLS_MD_SHA1,
|
||||||
|
#endif
|
||||||
|
MBEDTLS_MD_NONE
|
||||||
|
};
|
||||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||||
|
|
||||||
int main( int argc, char *argv[] )
|
int main( int argc, char *argv[] )
|
||||||
|
@ -398,6 +417,9 @@ int main( int argc, char *argv[] )
|
||||||
#endif
|
#endif
|
||||||
const char *pers = "ssl_client2";
|
const char *pers = "ssl_client2";
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||||
|
mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
|
||||||
|
#endif
|
||||||
mbedtls_entropy_context entropy;
|
mbedtls_entropy_context entropy;
|
||||||
mbedtls_ctr_drbg_context ctr_drbg;
|
mbedtls_ctr_drbg_context ctr_drbg;
|
||||||
mbedtls_ssl_context ssl;
|
mbedtls_ssl_context ssl;
|
||||||
|
@ -477,6 +499,7 @@ int main( int argc, char *argv[] )
|
||||||
opt.min_version = DFL_MIN_VERSION;
|
opt.min_version = DFL_MIN_VERSION;
|
||||||
opt.max_version = DFL_MAX_VERSION;
|
opt.max_version = DFL_MAX_VERSION;
|
||||||
opt.arc4 = DFL_ARC4;
|
opt.arc4 = DFL_ARC4;
|
||||||
|
opt.allow_sha1 = DFL_SHA1;
|
||||||
opt.auth_mode = DFL_AUTH_MODE;
|
opt.auth_mode = DFL_AUTH_MODE;
|
||||||
opt.mfl_code = DFL_MFL_CODE;
|
opt.mfl_code = DFL_MFL_CODE;
|
||||||
opt.trunc_hmac = DFL_TRUNC_HMAC;
|
opt.trunc_hmac = DFL_TRUNC_HMAC;
|
||||||
|
@ -689,6 +712,15 @@ int main( int argc, char *argv[] )
|
||||||
default: goto usage;
|
default: goto usage;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
else if( strcmp( p, "allow_sha1" ) == 0 )
|
||||||
|
{
|
||||||
|
switch( atoi( q ) )
|
||||||
|
{
|
||||||
|
case 0: opt.allow_sha1 = 0; break;
|
||||||
|
case 1: opt.allow_sha1 = 1; break;
|
||||||
|
default: goto usage;
|
||||||
|
}
|
||||||
|
}
|
||||||
else if( strcmp( p, "force_version" ) == 0 )
|
else if( strcmp( p, "force_version" ) == 0 )
|
||||||
{
|
{
|
||||||
if( strcmp( q, "ssl3" ) == 0 )
|
if( strcmp( q, "ssl3" ) == 0 )
|
||||||
|
@ -1073,9 +1105,18 @@ int main( int argc, char *argv[] )
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||||
|
/* The default algorithms profile disables SHA-1, but our tests still
|
||||||
|
rely on it heavily. */
|
||||||
|
if( opt.allow_sha1 > 0 )
|
||||||
|
{
|
||||||
|
crt_profile_for_test.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 );
|
||||||
|
mbedtls_ssl_conf_cert_profile( &conf, &crt_profile_for_test );
|
||||||
|
mbedtls_ssl_conf_sig_hashes( &conf, ssl_sig_hashes_for_test );
|
||||||
|
}
|
||||||
|
|
||||||
if( opt.debug_level > 0 )
|
if( opt.debug_level > 0 )
|
||||||
mbedtls_ssl_conf_verify( &conf, my_verify, NULL );
|
mbedtls_ssl_conf_verify( &conf, my_verify, NULL );
|
||||||
#endif
|
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||||
|
|
||||||
if( opt.auth_mode != DFL_AUTH_MODE )
|
if( opt.auth_mode != DFL_AUTH_MODE )
|
||||||
mbedtls_ssl_conf_authmode( &conf, opt.auth_mode );
|
mbedtls_ssl_conf_authmode( &conf, opt.auth_mode );
|
||||||
|
|
|
@ -119,6 +119,7 @@ int main( void )
|
||||||
#define DFL_MIN_VERSION -1
|
#define DFL_MIN_VERSION -1
|
||||||
#define DFL_MAX_VERSION -1
|
#define DFL_MAX_VERSION -1
|
||||||
#define DFL_ARC4 -1
|
#define DFL_ARC4 -1
|
||||||
|
#define DFL_SHA1 -1
|
||||||
#define DFL_AUTH_MODE -1
|
#define DFL_AUTH_MODE -1
|
||||||
#define DFL_MFL_CODE MBEDTLS_SSL_MAX_FRAG_LEN_NONE
|
#define DFL_MFL_CODE MBEDTLS_SSL_MAX_FRAG_LEN_NONE
|
||||||
#define DFL_TRUNC_HMAC -1
|
#define DFL_TRUNC_HMAC -1
|
||||||
|
@ -333,6 +334,7 @@ int main( void )
|
||||||
USAGE_ETM \
|
USAGE_ETM \
|
||||||
"\n" \
|
"\n" \
|
||||||
" arc4=%%d default: (library default: 0)\n" \
|
" arc4=%%d default: (library default: 0)\n" \
|
||||||
|
" allow_sha1=%%d default: 0\n" \
|
||||||
" min_version=%%s default: (library default: tls1)\n" \
|
" min_version=%%s default: (library default: tls1)\n" \
|
||||||
" max_version=%%s default: (library default: tls1_2)\n" \
|
" max_version=%%s default: (library default: tls1_2)\n" \
|
||||||
" force_version=%%s default: \"\" (none)\n" \
|
" force_version=%%s default: \"\" (none)\n" \
|
||||||
|
@ -387,6 +389,7 @@ struct options
|
||||||
int min_version; /* minimum protocol version accepted */
|
int min_version; /* minimum protocol version accepted */
|
||||||
int max_version; /* maximum protocol version accepted */
|
int max_version; /* maximum protocol version accepted */
|
||||||
int arc4; /* flag for arc4 suites support */
|
int arc4; /* flag for arc4 suites support */
|
||||||
|
int allow_sha1; /* flag for SHA-1 support */
|
||||||
int auth_mode; /* verify mode for connection */
|
int auth_mode; /* verify mode for connection */
|
||||||
unsigned char mfl_code; /* code for maximum fragment length */
|
unsigned char mfl_code; /* code for maximum fragment length */
|
||||||
int trunc_hmac; /* accept truncated hmac? */
|
int trunc_hmac; /* accept truncated hmac? */
|
||||||
|
@ -782,6 +785,24 @@ void term_handler( int sig )
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||||
|
static int ssl_sig_hashes_for_test[] = {
|
||||||
|
#if defined(MBEDTLS_SHA512_C)
|
||||||
|
MBEDTLS_MD_SHA512,
|
||||||
|
MBEDTLS_MD_SHA384,
|
||||||
|
#endif
|
||||||
|
#if defined(MBEDTLS_SHA256_C)
|
||||||
|
MBEDTLS_MD_SHA256,
|
||||||
|
MBEDTLS_MD_SHA224,
|
||||||
|
#endif
|
||||||
|
#if defined(MBEDTLS_SHA1_C)
|
||||||
|
/* Allow SHA-1 as we use it extensively in tests. */
|
||||||
|
MBEDTLS_MD_SHA1,
|
||||||
|
#endif
|
||||||
|
MBEDTLS_MD_NONE
|
||||||
|
};
|
||||||
|
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||||
|
|
||||||
int main( int argc, char *argv[] )
|
int main( int argc, char *argv[] )
|
||||||
{
|
{
|
||||||
int ret = 0, len, written, frags, exchanges_left;
|
int ret = 0, len, written, frags, exchanges_left;
|
||||||
|
@ -799,6 +820,9 @@ int main( int argc, char *argv[] )
|
||||||
mbedtls_ssl_cookie_ctx cookie_ctx;
|
mbedtls_ssl_cookie_ctx cookie_ctx;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||||
|
mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
|
||||||
|
#endif
|
||||||
mbedtls_entropy_context entropy;
|
mbedtls_entropy_context entropy;
|
||||||
mbedtls_ctr_drbg_context ctr_drbg;
|
mbedtls_ctr_drbg_context ctr_drbg;
|
||||||
mbedtls_ssl_context ssl;
|
mbedtls_ssl_context ssl;
|
||||||
|
@ -929,6 +953,7 @@ int main( int argc, char *argv[] )
|
||||||
opt.min_version = DFL_MIN_VERSION;
|
opt.min_version = DFL_MIN_VERSION;
|
||||||
opt.max_version = DFL_MAX_VERSION;
|
opt.max_version = DFL_MAX_VERSION;
|
||||||
opt.arc4 = DFL_ARC4;
|
opt.arc4 = DFL_ARC4;
|
||||||
|
opt.allow_sha1 = DFL_SHA1;
|
||||||
opt.auth_mode = DFL_AUTH_MODE;
|
opt.auth_mode = DFL_AUTH_MODE;
|
||||||
opt.mfl_code = DFL_MFL_CODE;
|
opt.mfl_code = DFL_MFL_CODE;
|
||||||
opt.trunc_hmac = DFL_TRUNC_HMAC;
|
opt.trunc_hmac = DFL_TRUNC_HMAC;
|
||||||
|
@ -1097,6 +1122,15 @@ int main( int argc, char *argv[] )
|
||||||
default: goto usage;
|
default: goto usage;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
else if( strcmp( p, "allow_sha1" ) == 0 )
|
||||||
|
{
|
||||||
|
switch( atoi( q ) )
|
||||||
|
{
|
||||||
|
case 0: opt.allow_sha1 = 0; break;
|
||||||
|
case 1: opt.allow_sha1 = 1; break;
|
||||||
|
default: goto usage;
|
||||||
|
}
|
||||||
|
}
|
||||||
else if( strcmp( p, "force_version" ) == 0 )
|
else if( strcmp( p, "force_version" ) == 0 )
|
||||||
{
|
{
|
||||||
if( strcmp( q, "ssl3" ) == 0 )
|
if( strcmp( q, "ssl3" ) == 0 )
|
||||||
|
@ -1615,6 +1649,18 @@ int main( int argc, char *argv[] )
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||||
|
/* The default algorithms profile disables SHA-1, but our tests still
|
||||||
|
rely on it heavily. Hence we allow it here. A real-world server
|
||||||
|
should use the default profile unless there is a good reason not to. */
|
||||||
|
if( opt.allow_sha1 > 0 )
|
||||||
|
{
|
||||||
|
crt_profile_for_test.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 );
|
||||||
|
mbedtls_ssl_conf_cert_profile( &conf, &crt_profile_for_test );
|
||||||
|
mbedtls_ssl_conf_sig_hashes( &conf, ssl_sig_hashes_for_test );
|
||||||
|
}
|
||||||
|
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||||
|
|
||||||
if( opt.auth_mode != DFL_AUTH_MODE )
|
if( opt.auth_mode != DFL_AUTH_MODE )
|
||||||
mbedtls_ssl_conf_authmode( &conf, opt.auth_mode );
|
mbedtls_ssl_conf_authmode( &conf, opt.auth_mode );
|
||||||
|
|
||||||
|
|
|
@ -815,6 +815,11 @@ setup_arguments()
|
||||||
else
|
else
|
||||||
P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=none key_file=none"
|
P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=none key_file=none"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Allow SHA-1. It's disabled by default for security reasons but
|
||||||
|
# our tests still use certificates signed with it.
|
||||||
|
M_SERVER_ARGS="$M_SERVER_ARGS allow_sha1=1"
|
||||||
|
M_CLIENT_ARGS="$M_CLIENT_ARGS allow_sha1=1"
|
||||||
;;
|
;;
|
||||||
|
|
||||||
"PSK")
|
"PSK")
|
||||||
|
@ -827,6 +832,11 @@ setup_arguments()
|
||||||
P_CLIENT_ARGS="$P_CLIENT_ARGS psk=6162636465666768696a6b6c6d6e6f70 crt_file=none key_file=none"
|
P_CLIENT_ARGS="$P_CLIENT_ARGS psk=6162636465666768696a6b6c6d6e6f70 crt_file=none key_file=none"
|
||||||
O_CLIENT_ARGS="$O_CLIENT_ARGS -psk 6162636465666768696a6b6c6d6e6f70"
|
O_CLIENT_ARGS="$O_CLIENT_ARGS -psk 6162636465666768696a6b6c6d6e6f70"
|
||||||
G_CLIENT_ARGS="$G_CLIENT_ARGS --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70"
|
G_CLIENT_ARGS="$G_CLIENT_ARGS --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70"
|
||||||
|
|
||||||
|
# Allow SHA-1. It's disabled by default for security reasons but
|
||||||
|
# our tests still use certificates signed with it.
|
||||||
|
M_SERVER_ARGS="$M_SERVER_ARGS allow_sha1=1"
|
||||||
|
M_CLIENT_ARGS="$M_CLIENT_ARGS allow_sha1=1"
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
}
|
}
|
||||||
|
|
3
tests/data_files/.gitignore
vendored
Normal file
3
tests/data_files/.gitignore
vendored
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
cli-rsa.csr
|
||||||
|
server2-rsa.csr
|
||||||
|
test-ca.csr
|
94
tests/data_files/Makefile
Normal file
94
tests/data_files/Makefile
Normal file
|
@ -0,0 +1,94 @@
|
||||||
|
## This file contains a record of how some of the test data was
|
||||||
|
## generated. The final build products are committed to the repository
|
||||||
|
## as well to make sure that the test data is identical. You do not
|
||||||
|
## need to use this makefile unless you're extending mbed TLS's tests.
|
||||||
|
|
||||||
|
## Many data files were generated prior to the existence of this
|
||||||
|
## makefile, so the method of their generation was not recorded.
|
||||||
|
|
||||||
|
## Note that in addition to depending on the version of the data
|
||||||
|
## generation tool, many of the build outputs are randomized, so
|
||||||
|
## running this makefile twice would not produce the same results.
|
||||||
|
|
||||||
|
## Tools
|
||||||
|
OPENSSL ?= openssl
|
||||||
|
|
||||||
|
## Build the generated test data. Note that since the final outputs
|
||||||
|
## are committed to the repository, this target should do nothing on a
|
||||||
|
## fresh checkout. Furthermore, since the generation is randomized,
|
||||||
|
## re-running the same targets may result in differing files. The goal
|
||||||
|
## of this makefile is primarily to serve as a record of how the
|
||||||
|
## targets were generated in the first place.
|
||||||
|
default: all_final
|
||||||
|
|
||||||
|
all_intermediate := # temporary files
|
||||||
|
all_final := # files used by tests
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
################################################################
|
||||||
|
#### Generate certificates from existing keys
|
||||||
|
################################################################
|
||||||
|
|
||||||
|
test_ca_key_file_rsa = test-ca.key
|
||||||
|
test_ca_pwd_rsa = PolarSSLTest
|
||||||
|
test_ca_config_file = test-ca.opensslconf
|
||||||
|
|
||||||
|
test-ca.csr: $(test_ca_key_file_rsa) $(test_ca_config_file)
|
||||||
|
$(OPENSSL) req -new -config $(test_ca_config_file) -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@
|
||||||
|
all_intermediate += test-ca.csr
|
||||||
|
test-ca-sha1.crt: $(test_ca_key_file_rsa) $(test_ca_config_file) test-ca.csr
|
||||||
|
$(OPENSSL) req -x509 -config $(test_ca_config_file) -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha1 -in test-ca.csr -out $@
|
||||||
|
all_final += test-ca-sha1.crt
|
||||||
|
test-ca-sha256.crt: $(test_ca_key_file_rsa) $(test_ca_config_file) test-ca.csr
|
||||||
|
$(OPENSSL) req -x509 -config $(test_ca_config_file) -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.csr -out $@
|
||||||
|
all_final += test-ca-sha256.crt
|
||||||
|
|
||||||
|
cli_crt_key_file_rsa = cli-rsa.key
|
||||||
|
cli_crt_extensions_file = cli.opensslconf
|
||||||
|
|
||||||
|
cli-rsa.csr: $(cli_crt_key_file_rsa)
|
||||||
|
$(OPENSSL) req -new -key $(cli_crt_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -subj "/C=NL/O=PolarSSL/CN=PolarSSL Client 2" -out $@
|
||||||
|
all_intermediate += cli-rsa.csr
|
||||||
|
cli-rsa-sha1.crt: $(cli_crt_key_file_rsa) test-ca-sha1.crt cli-rsa.csr
|
||||||
|
$(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA test-ca-sha1.crt -CAkey $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 4 -days 3653 -sha1 -in cli-rsa.csr -out $@
|
||||||
|
all_final += cli-rsa-sha1.crt
|
||||||
|
cli-rsa-sha256.crt: $(cli_crt_key_file_rsa) test-ca-sha256.crt cli-rsa.csr
|
||||||
|
$(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA test-ca-sha256.crt -CAkey $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 4 -days 3653 -sha256 -in cli-rsa.csr -out $@
|
||||||
|
all_final += cli-rsa-sha256.crt
|
||||||
|
|
||||||
|
server2-rsa.csr: server2.key
|
||||||
|
$(OPENSSL) req -new -key server2.key -passin "pass:$(test_ca_pwd_rsa)" -subj "/C=NL/O=PolarSSL/CN=localhost" -out $@
|
||||||
|
all_intermediate += server2-rsa.csr
|
||||||
|
server2-sha256.crt: server2-rsa.csr
|
||||||
|
$(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA test-ca-sha256.crt -CAkey $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 4 -days 3653 -sha256 -in server2-rsa.csr -out $@
|
||||||
|
all_final += server2-sha256.crt
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
################################################################
|
||||||
|
#### Meta targets
|
||||||
|
################################################################
|
||||||
|
|
||||||
|
all_final: $(all_final)
|
||||||
|
all: $(all_intermediate) $(all_final)
|
||||||
|
|
||||||
|
.PHONY: default all_final all
|
||||||
|
|
||||||
|
# These files should not be committed to the repository.
|
||||||
|
list_intermediate:
|
||||||
|
@printf '%s\n' $(all_intermediate) | sort
|
||||||
|
# These files should be committed to the repository so that the test data is
|
||||||
|
# available upon checkout without running a randomized process depending on
|
||||||
|
# third-party tools.
|
||||||
|
list_final:
|
||||||
|
@printf '%s\n' $(all_final) | sort
|
||||||
|
.PHONY: list_intermediate list_final
|
||||||
|
|
||||||
|
## Remove intermediate files
|
||||||
|
clean:
|
||||||
|
rm -f $(all_intermediate)
|
||||||
|
## Remove all build products, even the ones that are committed
|
||||||
|
neat: clean
|
||||||
|
rm -f $(all_final)
|
||||||
|
.PHONY: clean neat
|
|
@ -6,6 +6,8 @@ Certification authorities
|
||||||
There are two main CAs for use as trusted roots:
|
There are two main CAs for use as trusted roots:
|
||||||
- test-ca.crt aka "C=NL, O=PolarSSL, CN=PolarSSL Test CA"
|
- test-ca.crt aka "C=NL, O=PolarSSL, CN=PolarSSL Test CA"
|
||||||
uses a RSA-2048 key
|
uses a RSA-2048 key
|
||||||
|
test-ca-sha1.crt and test-ca-sha256.crt use the same key, signed with
|
||||||
|
different hashes.
|
||||||
- test-ca2*.crt aka "C=NL, O=PolarSSL, CN=Polarssl Test EC CA"
|
- test-ca2*.crt aka "C=NL, O=PolarSSL, CN=Polarssl Test EC CA"
|
||||||
uses an EC key with NIST P-384 (aka secp384r1)
|
uses an EC key with NIST P-384 (aka secp384r1)
|
||||||
variants used to test the keyUsage extension
|
variants used to test the keyUsage extension
|
||||||
|
@ -53,6 +55,8 @@ List of certificates:
|
||||||
- cert_md*.crt, cert_sha*.crt: 1 R: signature hash
|
- cert_md*.crt, cert_sha*.crt: 1 R: signature hash
|
||||||
- cert_v1_with_ext.crt: 1 R: v1 with extensions (illegal)
|
- cert_v1_with_ext.crt: 1 R: v1 with extensions (illegal)
|
||||||
- cli2.crt: 2 E: basic
|
- cli2.crt: 2 E: basic
|
||||||
|
- cli-rsa.key, cli-rsa-*.crt: RSA key used for test clients, signed by
|
||||||
|
the RSA test CA.
|
||||||
- enco-cert-utf8str.pem: see enco-ca-prstr.pem above
|
- enco-cert-utf8str.pem: see enco-ca-prstr.pem above
|
||||||
- server1*.crt: 1* R C* P1*: misc *(server1-v1 see test-ca-v1.crt above)
|
- server1*.crt: 1* R C* P1*: misc *(server1-v1 see test-ca-v1.crt above)
|
||||||
*CRL for: .cert_type.crt, .crt, .key_usage.crt, .v1.crt
|
*CRL for: .cert_type.crt, .crt, .key_usage.crt, .v1.crt
|
||||||
|
@ -91,3 +95,13 @@ Signing CA in parentheses (same meaning as certificates).
|
||||||
|
|
||||||
Note: crl_future would revoke server9 and cert_sha384.crt if signed by CA 1
|
Note: crl_future would revoke server9 and cert_sha384.crt if signed by CA 1
|
||||||
crl-rsa-pss* would revoke server6.crt if signed by CA 2
|
crl-rsa-pss* would revoke server6.crt if signed by CA 2
|
||||||
|
|
||||||
|
Generation
|
||||||
|
----------
|
||||||
|
|
||||||
|
Newer test files have been generated through commands in the Makefile. The
|
||||||
|
resulting files are committed to the repository so that the tests can
|
||||||
|
run without having to re-do the generation and so that the output is the
|
||||||
|
same for everyone (the generation process is randomized).
|
||||||
|
|
||||||
|
The origin of older certificates has not been recorded.
|
||||||
|
|
21
tests/data_files/cli-rsa-sha1.crt
Normal file
21
tests/data_files/cli-rsa-sha1.crt
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDhTCCAm2gAwIBAgIBBDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
|
||||||
|
MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
|
||||||
|
MTcwNTA1MTMwNzEwWhcNMjcwNTA2MTMwNzEwWjA8MQswCQYDVQQGEwJOTDERMA8G
|
||||||
|
A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIENsaWVudCAyMIIBIjAN
|
||||||
|
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6f
|
||||||
|
M60Nj4o8VmXl3ETZzGaFB9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu
|
||||||
|
1C93KYRhTYJQj6eVSHD1bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEw
|
||||||
|
MjDV0/YI0FZPRo7yX/k9Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v
|
||||||
|
4Jv4EFbMs44TFeY0BGbH7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx/
|
||||||
|
/DZrtenNLQNiTrM9AM+vdqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQAB
|
||||||
|
o4GSMIGPMB0GA1UdDgQWBBRxoQBzckAvVHZeM/xSj7zx3WtGITBjBgNVHSMEXDBa
|
||||||
|
gBS0WuSls97SUva51aaVD+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNV
|
||||||
|
BAoMCFBvbGFyU1NMMRkwFwYDVQQDDBBQb2xhclNTTCBUZXN0IENBggEAMAkGA1Ud
|
||||||
|
EwQCMAAwDQYJKoZIhvcNAQEFBQADggEBAE/yq2fOqjI0jm52TwdVsTUvZ+B2s16u
|
||||||
|
C4Qj/c89iZ7VfplpOAEV9+G6gHm/gf2O7Jgj0yXfFugQ2d+lR70cH64JFn9N1Rg9
|
||||||
|
gCo5EDBLourI8R0Kkg9zdlShBv7giwqg667Qjsu+oEWVerICOqNQGolotYSZvmtJ
|
||||||
|
7RiD8I4MXB4Qt0sSjxE897pvc4ODem10zXzvedv/q11q1mUn2L1fFc1dGIguk1fn
|
||||||
|
I/XP87FCapRobUTYrF6IvdqFaUMQ7lF3GiUIvjDPb4Wt1CyHhi/tu/SfV3fmX3rs
|
||||||
|
19UeGnvC7AdQ+OwLt3nEIlSpqVKPXHKfRKZg1WzZNgCQtNB1SrZAzFc=
|
||||||
|
-----END CERTIFICATE-----
|
21
tests/data_files/cli-rsa-sha256.crt
Normal file
21
tests/data_files/cli-rsa-sha256.crt
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDhTCCAm2gAwIBAgIBBDANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
|
||||||
|
MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
|
||||||
|
MTcwNTA1MTMwNzU5WhcNMjcwNTA2MTMwNzU5WjA8MQswCQYDVQQGEwJOTDERMA8G
|
||||||
|
A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIENsaWVudCAyMIIBIjAN
|
||||||
|
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6f
|
||||||
|
M60Nj4o8VmXl3ETZzGaFB9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu
|
||||||
|
1C93KYRhTYJQj6eVSHD1bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEw
|
||||||
|
MjDV0/YI0FZPRo7yX/k9Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v
|
||||||
|
4Jv4EFbMs44TFeY0BGbH7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx/
|
||||||
|
/DZrtenNLQNiTrM9AM+vdqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQAB
|
||||||
|
o4GSMIGPMB0GA1UdDgQWBBRxoQBzckAvVHZeM/xSj7zx3WtGITBjBgNVHSMEXDBa
|
||||||
|
gBS0WuSls97SUva51aaVD+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNV
|
||||||
|
BAoMCFBvbGFyU1NMMRkwFwYDVQQDDBBQb2xhclNTTCBUZXN0IENBggEAMAkGA1Ud
|
||||||
|
EwQCMAAwDQYJKoZIhvcNAQELBQADggEBAC7yO786NvcHpK8UovKIG9cB32oSQQom
|
||||||
|
LoR0eHDRzdqEkoq7yGZufHFiRAAzbMqJfogRtxlrWAeB4y/jGaMBV25IbFOIcH2W
|
||||||
|
iCEaMMbG+VQLKNvuC63kmw/Zewc9ThM6Pa1Hcy0axT0faf1B/U01j0FIcw/6mTfK
|
||||||
|
D8w48OIwc1yr0JtutCVjig5DC0yznGMt32RyseOLcUe+lfq005v2PAiCozr5X8rE
|
||||||
|
ofGZpiM2NqRPePgYy+Vc75Zk28xkRQq1ncprgQb3S4vTsZdScpM9hLf+eMlrgqlj
|
||||||
|
c5PLSkXBeLE5+fedkyfTaLxxQlgCpuoOhKBm04/R1pWNzUHyqagjO9Q=
|
||||||
|
-----END CERTIFICATE-----
|
27
tests/data_files/cli-rsa.key
Normal file
27
tests/data_files/cli-rsa.key
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
-----BEGIN RSA PRIVATE KEY-----
|
||||||
|
MIIEpAIBAAKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6fM60Nj4o8VmXl3ETZzGaF
|
||||||
|
B9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu1C93KYRhTYJQj6eVSHD1
|
||||||
|
bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEwMjDV0/YI0FZPRo7yX/k9
|
||||||
|
Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v4Jv4EFbMs44TFeY0BGbH
|
||||||
|
7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx//DZrtenNLQNiTrM9AM+v
|
||||||
|
dqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQABAoIBAGdNtfYDiap6bzst
|
||||||
|
yhCiI8m9TtrhZw4MisaEaN/ll3XSjaOG2dvV6xMZCMV+5TeXDHOAZnY18Yi18vzz
|
||||||
|
4Ut2TnNFzizCECYNaA2fST3WgInnxUkV3YXAyP6CNxJaCmv2aA0yFr2kFVSeaKGt
|
||||||
|
ymvljNp2NVkvm7Th8fBQBO7I7AXhz43k0mR7XmPgewe8ApZOG3hstkOaMvbWAvWA
|
||||||
|
zCZupdDjZYjOJqlA4eEA4H8/w7F83r5CugeBE8LgEREjLPiyejrU5H1fubEY+h0d
|
||||||
|
l5HZBJ68ybTXfQ5U9o/QKA3dd0toBEhhdRUDGzWtjvwkEQfqF1reGWj/tod/gCpf
|
||||||
|
DFi6X0ECgYEA4wOv/pjSC3ty6TuOvKX2rOUiBrLXXv2JSxZnMoMiWI5ipLQt+RYT
|
||||||
|
VPafL/m7Dn6MbwjayOkcZhBwk5CNz5A6Q4lJ64Mq/lqHznRCQQ2Mc1G8eyDF/fYL
|
||||||
|
Ze2pLvwP9VD5jTc2miDfw+MnvJhywRRLcemDFP8k4hQVtm8PMp3ZmNECgYEA4gz7
|
||||||
|
wzObR4gn8ibe617uQPZjWzUj9dUHYd+in1gwBCIrtNnaRn9I9U/Q6tegRYpii4ys
|
||||||
|
c176NmU+umy6XmuSKV5qD9bSpZWG2nLFnslrN15Lm3fhZxoeMNhBaEDTnLT26yoi
|
||||||
|
33gp0mSSWy94ZEqipms+ULF6sY1ZtFW6tpGFoy8CgYAQHhnnvJflIs2ky4q10B60
|
||||||
|
ZcxFp3rtDpkp0JxhFLhiizFrujMtZSjYNm5U7KkgPVHhLELEUvCmOnKTt4ap/vZ0
|
||||||
|
BxJNe1GZH3pW6SAvGDQpl9sG7uu/vTFP+lCxukmzxB0DrrDcvorEkKMom7ZCCRvW
|
||||||
|
KZsZ6YeH2Z81BauRj218kQKBgQCUV/DgKP2985xDTT79N08jUo3hTP5MVYCCuj/+
|
||||||
|
UeEw1TvZcx3LJby7P6Xad6a1/BqveaGyFKIfEFIaBUBItk801sDDpDaYc4gL00Xc
|
||||||
|
7lFuBHOZkxJYlss5QrGpuOEl9ZwUt5IrFLBdYaKqNHzNVC1pCPfb/JyH6Dr2HUxq
|
||||||
|
gxUwAQKBgQCcU6G2L8AG9d9c0UpOyL1tMvFe5Ttw0KjlQVdsh1MP6yigYo9DYuwu
|
||||||
|
bHFVW2r0dBTqegP2/KTOxKzaHfC1qf0RGDsUoJCNJrd1cwoCLG8P2EF4w3OBrKqv
|
||||||
|
8u4ytY0F+Vlanj5lm3TaoHSVF1+NWPyOTiwevIECGKwSxvlki4fDAA==
|
||||||
|
-----END RSA PRIVATE KEY-----
|
4
tests/data_files/cli.opensslconf
Normal file
4
tests/data_files/cli.opensslconf
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
[cli-rsa]
|
||||||
|
subjectKeyIdentifier=hash
|
||||||
|
authorityKeyIdentifier=keyid:always,issuer:always
|
||||||
|
basicConstraints = CA:false
|
34
tests/data_files/print_c.pl
Executable file
34
tests/data_files/print_c.pl
Executable file
|
@ -0,0 +1,34 @@
|
||||||
|
#!/usr/bin/env perl
|
||||||
|
use strict;
|
||||||
|
use warnings;
|
||||||
|
|
||||||
|
if (!@ARGV || $ARGV[0] == '--help') {
|
||||||
|
print <<EOF;
|
||||||
|
Usage: $0 mbedtls_test_foo <file.pem
|
||||||
|
$0 TEST_FOO mbedtls_test_foo <file.pem
|
||||||
|
Print out a PEM file as C code defining a string constant.
|
||||||
|
|
||||||
|
Used to include some of the test data in /library/certs.c for
|
||||||
|
self-tests and sample programs.
|
||||||
|
EOF
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
my $pp_name = @ARGV > 1 ? shift @ARGV : undef;
|
||||||
|
my $name = shift @ARGV;
|
||||||
|
|
||||||
|
my @lines = map {chomp; s/([\\"])/\\$1/g; "\"$_\\r\\n\""} <STDIN>;
|
||||||
|
|
||||||
|
if (defined $pp_name) {
|
||||||
|
foreach ("#define $pp_name", @lines[0..@lines-2]) {
|
||||||
|
printf "%-72s\\\n", $_;
|
||||||
|
}
|
||||||
|
print "$lines[@lines-1]\n";
|
||||||
|
print "const char $name\[\] = $pp_name;\n";
|
||||||
|
} else {
|
||||||
|
print "const char $name\[\] =";
|
||||||
|
foreach (@lines) {
|
||||||
|
print "\n$_";
|
||||||
|
}
|
||||||
|
print ";\n";
|
||||||
|
}
|
21
tests/data_files/server2-sha256.crt
Normal file
21
tests/data_files/server2-sha256.crt
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDfTCCAmWgAwIBAgIBBDANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
|
||||||
|
MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
|
||||||
|
MTcwNTA5MTM1MTA1WhcNMjcwNTEwMTM1MTA1WjA0MQswCQYDVQQGEwJOTDERMA8G
|
||||||
|
A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN
|
||||||
|
AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN
|
||||||
|
owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz
|
||||||
|
NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM
|
||||||
|
tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P
|
||||||
|
hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya
|
||||||
|
HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaOBkjCBjzAd
|
||||||
|
BgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwYwYDVR0jBFwwWoAUtFrkpbPe
|
||||||
|
0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xh
|
||||||
|
clNTTDEZMBcGA1UEAwwQUG9sYXJTU0wgVGVzdCBDQYIBADAJBgNVHRMEAjAAMA0G
|
||||||
|
CSqGSIb3DQEBCwUAA4IBAQAQf85QSjAeP+l6hirPorUL+k/3BznAh/6RXdveBO3K
|
||||||
|
uwtqK5qI59+3N+ZLXP7fr2Z5eO8qpchRgNNwT0LKglAEXGWn30PYI1GKSiqAaK0X
|
||||||
|
CUNIrxV3qKqOLbtqP1dMdiwsmiHYrN8E9UdysObedE2yDNLpTMHPJBZ+k6FowTyZ
|
||||||
|
IpUuabkxMBFxmLv+nOBDOiaCzintEcdJdY4F6p5j8jwMvVNVAXNfxAEwa0MoVRTt
|
||||||
|
/GORvq4ZEfsatVA+HRi602m+dZETTWKSODrj8AuQcG8/i1AOhk3C1WNOFKj/ZSfB
|
||||||
|
2P6EQmhLeRp4bO+3rG73T3R2yn0PZYQ7ZrjFPPKqgu+n
|
||||||
|
-----END CERTIFICATE-----
|
21
tests/data_files/test-ca-sha1.crt
Normal file
21
tests/data_files/test-ca-sha1.crt
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
|
||||||
|
MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
|
||||||
|
MTcwNTA0MTY1NzAxWhcNMjcwNTA1MTY1NzAxWjA7MQswCQYDVQQGEwJOTDERMA8G
|
||||||
|
A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
|
||||||
|
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx
|
||||||
|
mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny
|
||||||
|
50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n
|
||||||
|
YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL
|
||||||
|
R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu
|
||||||
|
KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj
|
||||||
|
gZUwgZIwHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/MGMGA1UdIwRcMFqA
|
||||||
|
FLRa5KWz3tJS9rnVppUP6z68x/3/oT+kPTA7MQswCQYDVQQGEwJOTDERMA8GA1UE
|
||||||
|
CgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0GCAQAwDAYDVR0T
|
||||||
|
BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAfDd5khSv/+K3De9qmH/ID3CVapGS
|
||||||
|
EN5MlXS5vvGCjZSA41MuXkUl11akKHXQ9aLlp85OZUdGbfQ5wwCoj/MymbT4fES2
|
||||||
|
1dI8O1oI3PZI/0dqEvQETlIwSoZV2c/oaPRfh2E99v2+8FNIaZOfV2MX1n9+6AdO
|
||||||
|
W2nlK2oklozXSYg6KWtISr8N8Ofew2LQ9+riFlrrdaxsr8CoJqPqMDTq7FUmkDmO
|
||||||
|
oHize/h9bFksIunKoVQHa8P4w/W9bnR69nziyhZotbwOOkAWVnIyEM9QnaKWXeIy
|
||||||
|
rP6ewcTQjNYkguHJ8RY9rW+5bdaSY4EljSqZ3P3F+zo8P6sVi3qSlai5lQ==
|
||||||
|
-----END CERTIFICATE-----
|
21
tests/data_files/test-ca-sha256.crt
Normal file
21
tests/data_files/test-ca-sha256.crt
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
|
||||||
|
MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
|
||||||
|
MTcwNTA0MTY1NzAxWhcNMjcwNTA1MTY1NzAxWjA7MQswCQYDVQQGEwJOTDERMA8G
|
||||||
|
A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
|
||||||
|
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx
|
||||||
|
mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny
|
||||||
|
50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n
|
||||||
|
YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL
|
||||||
|
R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu
|
||||||
|
KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj
|
||||||
|
gZUwgZIwHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/MGMGA1UdIwRcMFqA
|
||||||
|
FLRa5KWz3tJS9rnVppUP6z68x/3/oT+kPTA7MQswCQYDVQQGEwJOTDERMA8GA1UE
|
||||||
|
CgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0GCAQAwDAYDVR0T
|
||||||
|
BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAHK/HHrTZMnnVMpde1io+voAtql7j
|
||||||
|
4sRhLrjD7o3THtwRbDa2diCvpq0Sq23Ng2LMYoXsOxoL/RQK3iN7UKxV3MKPEr0w
|
||||||
|
XQS+kKQqiT2bsfrjnWMVHZtUOMpm6FNqcdGm/Rss3vKda2lcKl8kUnq/ylc1+QbB
|
||||||
|
G6A6tUvQcr2ZyWfVg+mM5XkhTrOOXus2OLikb4WwEtJTJRNE0f+yPODSUz0/vT57
|
||||||
|
ApH0CnB80bYJshYHPHHymOtleAB8KSYtqm75g/YNobjnjB6cm4HkW3OZRVIl6fYY
|
||||||
|
n20NRVA1Vjs6GAROr4NqW4k/+LofY9y0LLDE+p0oIEKXIsIvhPr39swxSA==
|
||||||
|
-----END CERTIFICATE-----
|
13
tests/data_files/test-ca.opensslconf
Normal file
13
tests/data_files/test-ca.opensslconf
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
[req]
|
||||||
|
x509_extensions = v3_ca
|
||||||
|
distinguished_name = req_dn
|
||||||
|
|
||||||
|
[req_dn]
|
||||||
|
countryName = NL
|
||||||
|
organizationalUnitName = PolarSSL
|
||||||
|
commonName = PolarSSL Test CA
|
||||||
|
|
||||||
|
[v3_ca]
|
||||||
|
subjectKeyIdentifier=hash
|
||||||
|
authorityKeyIdentifier=keyid:always,issuer:always
|
||||||
|
basicConstraints = CA:true
|
|
@ -403,6 +403,15 @@ scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h
|
||||||
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit
|
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit
|
||||||
CC=armcc AR=armar WARNING_CFLAGS= make lib
|
CC=armcc AR=armar WARNING_CFLAGS= make lib
|
||||||
|
|
||||||
|
msg "build: allow SHA1 in certificates by default"
|
||||||
|
cleanup
|
||||||
|
cp "$CONFIG_H" "$CONFIG_BAK"
|
||||||
|
scripts/config.pl set MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
|
||||||
|
CFLAGS='-Werror -Wall -Wextra' make
|
||||||
|
msg "test: allow SHA1 in certificates by default"
|
||||||
|
make test
|
||||||
|
tests/ssl-opt.sh -f SHA-1
|
||||||
|
|
||||||
if which i686-w64-mingw32-gcc >/dev/null; then
|
if which i686-w64-mingw32-gcc >/dev/null; then
|
||||||
msg "build: cross-mingw64, make" # ~ 30s
|
msg "build: cross-mingw64, make" # ~ 30s
|
||||||
cleanup
|
cleanup
|
||||||
|
|
|
@ -561,6 +561,10 @@ O_CLI="$O_CLI -connect localhost:+SRV_PORT"
|
||||||
G_SRV="$G_SRV -p $SRV_PORT"
|
G_SRV="$G_SRV -p $SRV_PORT"
|
||||||
G_CLI="$G_CLI -p +SRV_PORT localhost"
|
G_CLI="$G_CLI -p +SRV_PORT localhost"
|
||||||
|
|
||||||
|
# Allow SHA-1, because many of our test certificates use it
|
||||||
|
P_SRV="$P_SRV allow_sha1=1"
|
||||||
|
P_CLI="$P_CLI allow_sha1=1"
|
||||||
|
|
||||||
# Also pick a unique name for intermediate files
|
# Also pick a unique name for intermediate files
|
||||||
SRV_OUT="srv_out.$$"
|
SRV_OUT="srv_out.$$"
|
||||||
CLI_OUT="cli_out.$$"
|
CLI_OUT="cli_out.$$"
|
||||||
|
@ -632,6 +636,40 @@ run_test "RC4: both enabled" \
|
||||||
-S "SSL - None of the common ciphersuites is usable" \
|
-S "SSL - None of the common ciphersuites is usable" \
|
||||||
-S "SSL - The server has no ciphersuites in common"
|
-S "SSL - The server has no ciphersuites in common"
|
||||||
|
|
||||||
|
# Tests for SHA-1 support
|
||||||
|
|
||||||
|
run_test "SHA-1 forbidden by default in server certificate" \
|
||||||
|
"$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \
|
||||||
|
"$P_CLI debug_level=2 allow_sha1=0" \
|
||||||
|
1 \
|
||||||
|
-c "The certificate is signed with an unacceptable hash"
|
||||||
|
|
||||||
|
run_test "SHA-1 explicitly allowed in server certificate" \
|
||||||
|
"$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \
|
||||||
|
"$P_CLI allow_sha1=1" \
|
||||||
|
0
|
||||||
|
|
||||||
|
run_test "SHA-256 allowed by default in server certificate" \
|
||||||
|
"$P_SRV key_file=data_files/server2.key crt_file=data_files/server2-sha256.crt" \
|
||||||
|
"$P_CLI allow_sha1=0" \
|
||||||
|
0
|
||||||
|
|
||||||
|
run_test "SHA-1 forbidden by default in client certificate" \
|
||||||
|
"$P_SRV auth_mode=required allow_sha1=0" \
|
||||||
|
"$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \
|
||||||
|
1 \
|
||||||
|
-s "The certificate is signed with an unacceptable hash"
|
||||||
|
|
||||||
|
run_test "SHA-1 explicitly allowed in client certificate" \
|
||||||
|
"$P_SRV auth_mode=required allow_sha1=1" \
|
||||||
|
"$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \
|
||||||
|
0
|
||||||
|
|
||||||
|
run_test "SHA-256 allowed by default in client certificate" \
|
||||||
|
"$P_SRV auth_mode=required allow_sha1=0" \
|
||||||
|
"$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha256.crt" \
|
||||||
|
0
|
||||||
|
|
||||||
# Tests for Truncated HMAC extension
|
# Tests for Truncated HMAC extension
|
||||||
|
|
||||||
run_test "Truncated HMAC: client default, server default" \
|
run_test "Truncated HMAC: client default, server default" \
|
||||||
|
@ -2646,12 +2684,19 @@ run_test "Per-version suites: TLS 1.2" \
|
||||||
# Test for ClientHello without extensions
|
# Test for ClientHello without extensions
|
||||||
|
|
||||||
requires_gnutls
|
requires_gnutls
|
||||||
run_test "ClientHello without extensions" \
|
run_test "ClientHello without extensions, SHA-1 allowed" \
|
||||||
"$P_SRV debug_level=3" \
|
"$P_SRV debug_level=3" \
|
||||||
"$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION" \
|
"$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION" \
|
||||||
0 \
|
0 \
|
||||||
-s "dumping 'client hello extensions' (0 bytes)"
|
-s "dumping 'client hello extensions' (0 bytes)"
|
||||||
|
|
||||||
|
requires_gnutls
|
||||||
|
run_test "ClientHello without extensions, SHA-1 forbidden in certificates on server" \
|
||||||
|
"$P_SRV debug_level=3 key_file=data_files/server2.key crt_file=data_files/server2.crt allow_sha1=0" \
|
||||||
|
"$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION" \
|
||||||
|
0 \
|
||||||
|
-s "dumping 'client hello extensions' (0 bytes)"
|
||||||
|
|
||||||
# Tests for mbedtls_ssl_get_bytes_avail()
|
# Tests for mbedtls_ssl_get_bytes_avail()
|
||||||
|
|
||||||
run_test "mbedtls_ssl_get_bytes_avail: no extra data" \
|
run_test "mbedtls_ssl_get_bytes_avail: no extra data" \
|
||||||
|
|
|
@ -357,375 +357,383 @@ mbedtls_x509_time_is_future:"data_files/test-ca2.crt":"valid_to":1
|
||||||
|
|
||||||
X509 Certificate verification #1 (Revoked Cert, Expired CRL, no CN)
|
X509 Certificate verification #1 (Revoked Cert, Expired CRL, no CN)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||||
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_EXPIRED:"NULL"
|
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_EXPIRED:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #1a (Revoked Cert, Future CRL, no CN)
|
X509 Certificate verification #1a (Revoked Cert, Future CRL, no CN)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
|
||||||
x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE:"NULL"
|
x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #2 (Revoked Cert, Expired CRL)
|
X509 Certificate verification #2 (Revoked Cert, Expired CRL)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||||
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"PolarSSL Server 1":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_EXPIRED:"NULL"
|
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"PolarSSL Server 1":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_EXPIRED:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #2a (Revoked Cert, Future CRL)
|
X509 Certificate verification #2a (Revoked Cert, Future CRL)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
|
||||||
x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"localhost":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE:"NULL"
|
x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"localhost":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #3 (Revoked Cert, Future CRL, CN Mismatch)
|
X509 Certificate verification #3 (Revoked Cert, Future CRL, CN Mismatch)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||||
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"PolarSSL Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_EXPIRED | MBEDTLS_X509_BADCERT_CN_MISMATCH:"NULL"
|
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"PolarSSL Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_EXPIRED | MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #3a (Revoked Cert, Expired CRL, CN Mismatch)
|
X509 Certificate verification #3a (Revoked Cert, Expired CRL, CN Mismatch)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
|
||||||
x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE | MBEDTLS_X509_BADCERT_CN_MISMATCH:"NULL"
|
x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE | MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #4 (Valid Cert, Expired CRL)
|
X509 Certificate verification #4 (Valid Cert, Expired CRL)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||||
x509_verify:"data_files/server2.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_EXPIRED:"NULL"
|
x509_verify:"data_files/server2.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_EXPIRED:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #4a (Revoked Cert, Future CRL)
|
X509 Certificate verification #4a (Revoked Cert, Future CRL)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
|
||||||
x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_FUTURE:"NULL"
|
x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #5 (Revoked Cert)
|
X509 Certificate verification #5 (Revoked Cert)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||||
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"NULL"
|
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #6 (Revoked Cert)
|
X509 Certificate verification #6 (Revoked Cert)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||||
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"PolarSSL Server 1":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"NULL"
|
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"PolarSSL Server 1":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #7 (Revoked Cert, CN Mismatch)
|
X509 Certificate verification #7 (Revoked Cert, CN Mismatch)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||||
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"PolarSSL Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCERT_CN_MISMATCH:"NULL"
|
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"PolarSSL Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #8 (Valid Cert)
|
X509 Certificate verification #8 (Valid Cert)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
|
||||||
x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"NULL"
|
x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #8a (Expired Cert)
|
X509 Certificate verification #8a (Expired Cert)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
|
||||||
x509_verify:"data_files/server5-expired.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"NULL"
|
x509_verify:"data_files/server5-expired.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #8b (Future Cert)
|
X509 Certificate verification #8b (Future Cert)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
|
||||||
x509_verify:"data_files/server5-future.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_FUTURE:"NULL"
|
x509_verify:"data_files/server5-future.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_FUTURE:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #9 (Not trusted Cert)
|
X509 Certificate verification #9 (Not trusted Cert)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||||
x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"NULL"
|
x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #10 (Not trusted Cert, Expired CRL)
|
X509 Certificate verification #10 (Not trusted Cert, Expired CRL)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
|
||||||
x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl_expired.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"NULL"
|
x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl_expired.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #12 (Valid Cert MD4 Digest)
|
X509 Certificate verification #12 (Valid Cert MD4 Digest)
|
||||||
depends_on:MBEDTLS_MD4_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
depends_on:MBEDTLS_MD4_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||||
x509_verify:"data_files/cert_md4.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD:"NULL"
|
x509_verify:"data_files/cert_md4.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #13 (Valid Cert MD5 Digest)
|
X509 Certificate verification #13 (Valid Cert MD5 Digest)
|
||||||
depends_on:MBEDTLS_MD5_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
depends_on:MBEDTLS_MD5_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||||
x509_verify:"data_files/cert_md5.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD:"NULL"
|
x509_verify:"data_files/cert_md5.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #14 (Valid Cert SHA1 Digest)
|
X509 Certificate verification #14 (Valid Cert SHA1 Digest explicitly allowed in profile)
|
||||||
depends_on:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
depends_on:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||||
x509_verify:"data_files/cert_sha1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"NULL"
|
x509_verify:"data_files/cert_sha1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
|
||||||
|
|
||||||
|
X509 Certificate verification #14 (Valid Cert SHA1 Digest allowed in compile-time default profile)
|
||||||
|
depends_on:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
|
||||||
|
x509_verify:"data_files/cert_sha1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"default":"NULL"
|
||||||
|
|
||||||
|
X509 Certificate verification #14 (Valid Cert SHA1 Digest forbidden in default profile)
|
||||||
|
depends_on:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:!MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
|
||||||
|
x509_verify:"data_files/cert_sha1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_BAD_MD | MBEDTLS_X509_BADCERT_BAD_MD:"default":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #15 (Valid Cert SHA224 Digest)
|
X509 Certificate verification #15 (Valid Cert SHA224 Digest)
|
||||||
depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||||
x509_verify:"data_files/cert_sha224.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"NULL"
|
x509_verify:"data_files/cert_sha224.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #16 (Valid Cert SHA256 Digest)
|
X509 Certificate verification #16 (Valid Cert SHA256 Digest)
|
||||||
depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||||
x509_verify:"data_files/cert_sha256.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"NULL"
|
x509_verify:"data_files/cert_sha256.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #17 (Valid Cert SHA384 Digest)
|
X509 Certificate verification #17 (Valid Cert SHA384 Digest)
|
||||||
depends_on:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
depends_on:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||||
x509_verify:"data_files/cert_sha384.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"NULL"
|
x509_verify:"data_files/cert_sha384.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #18 (Valid Cert SHA512 Digest)
|
X509 Certificate verification #18 (Valid Cert SHA512 Digest)
|
||||||
depends_on:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
depends_on:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||||
x509_verify:"data_files/cert_sha512.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"NULL"
|
x509_verify:"data_files/cert_sha512.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #19 (Valid Cert, denying callback)
|
X509 Certificate verification #19 (Valid Cert, denying callback)
|
||||||
depends_on:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
depends_on:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||||
x509_verify:"data_files/cert_sha512.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_OTHER:"verify_none"
|
x509_verify:"data_files/cert_sha512.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_OTHER:"compat":"verify_none"
|
||||||
|
|
||||||
X509 Certificate verification #19 (Not trusted Cert, allowing callback)
|
X509 Certificate verification #19 (Not trusted Cert, allowing callback)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
|
||||||
x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl_expired.pem":"NULL":0:0:"verify_all"
|
x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl_expired.pem":"NULL":0:0:"compat":"verify_all"
|
||||||
|
|
||||||
X509 Certificate verification #21 (domain matching wildcard certificate, case insensitive)
|
X509 Certificate verification #21 (domain matching wildcard certificate, case insensitive)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||||
x509_verify:"data_files/cert_example_wildcard.crt":"data_files/test-ca.crt":"data_files/crl.pem":"mail.ExAmPlE.com":0:0:"NULL"
|
x509_verify:"data_files/cert_example_wildcard.crt":"data_files/test-ca.crt":"data_files/crl.pem":"mail.ExAmPlE.com":0:0:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #22 (domain not matching wildcard certificate)
|
X509 Certificate verification #22 (domain not matching wildcard certificate)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||||
x509_verify:"data_files/cert_example_wildcard.crt":"data_files/test-ca.crt":"data_files/crl.pem":"mail.example.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"NULL"
|
x509_verify:"data_files/cert_example_wildcard.crt":"data_files/test-ca.crt":"data_files/crl.pem":"mail.example.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #23 (domain not matching wildcard certificate)
|
X509 Certificate verification #23 (domain not matching wildcard certificate)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||||
x509_verify:"data_files/cert_example_wildcard.crt":"data_files/test-ca.crt":"data_files/crl.pem":"example.com":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"NULL"
|
x509_verify:"data_files/cert_example_wildcard.crt":"data_files/test-ca.crt":"data_files/crl.pem":"example.com":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #24 (domain matching CN of multi certificate)
|
X509 Certificate verification #24 (domain matching CN of multi certificate)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||||
x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"www.example.com":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"NULL"
|
x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"www.example.com":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #25 (domain matching multi certificate)
|
X509 Certificate verification #25 (domain matching multi certificate)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||||
x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"example.net":0:0:"NULL"
|
x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"example.net":0:0:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #26 (domain not matching multi certificate)
|
X509 Certificate verification #26 (domain not matching multi certificate)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||||
x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"www.example.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"NULL"
|
x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"www.example.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #27 (domain not matching multi certificate)
|
X509 Certificate verification #27 (domain not matching multi certificate)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||||
x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"xample.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"NULL"
|
x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"xample.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #27 (domain not matching multi certificate)
|
X509 Certificate verification #27 (domain not matching multi certificate)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||||
x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"bexample.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"NULL"
|
x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"bexample.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #28 (domain not matching wildcard in multi certificate)
|
X509 Certificate verification #28 (domain not matching wildcard in multi certificate)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||||
x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"example.org":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"NULL"
|
x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"example.org":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #29 (domain matching wildcard in multi certificate)
|
X509 Certificate verification #29 (domain matching wildcard in multi certificate)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||||
x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"mail.example.org":0:0:"NULL"
|
x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"mail.example.org":0:0:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #30 (domain matching multi certificate without CN)
|
X509 Certificate verification #30 (domain matching multi certificate without CN)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||||
x509_verify:"data_files/cert_example_multi_nocn.crt":"data_files/test-ca.crt":"data_files/crl.pem":"www.shotokan-braunschweig.de":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"NULL"
|
x509_verify:"data_files/cert_example_multi_nocn.crt":"data_files/test-ca.crt":"data_files/crl.pem":"www.shotokan-braunschweig.de":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #31 (domain not matching multi certificate without CN)
|
X509 Certificate verification #31 (domain not matching multi certificate without CN)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||||
x509_verify:"data_files/cert_example_multi_nocn.crt":"data_files/test-ca.crt":"data_files/crl.pem":"www.example.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH + MBEDTLS_X509_BADCERT_NOT_TRUSTED:"NULL"
|
x509_verify:"data_files/cert_example_multi_nocn.crt":"data_files/test-ca.crt":"data_files/crl.pem":"www.example.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH + MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #32 (Valid, EC cert, RSA CA)
|
X509 Certificate verification #32 (Valid, EC cert, RSA CA)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
|
||||||
x509_verify:"data_files/server3.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"NULL"
|
x509_verify:"data_files/server3.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #33 (Valid, RSA cert, EC CA)
|
X509 Certificate verification #33 (Valid, RSA cert, EC CA)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||||
x509_verify:"data_files/server4.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"NULL"
|
x509_verify:"data_files/server4.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #34 (Valid, EC cert, EC CA)
|
X509 Certificate verification #34 (Valid, EC cert, EC CA)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||||
x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"NULL"
|
x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #35 (Revoked, EC CA)
|
X509 Certificate verification #35 (Revoked, EC CA)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||||
x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"NULL"
|
x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #36 (Valid, EC CA, SHA1 Digest)
|
X509 Certificate verification #36 (Valid, EC CA, SHA1 Digest)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
|
||||||
x509_verify:"data_files/server5-sha1.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"NULL"
|
x509_verify:"data_files/server5-sha1.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #37 (Valid, EC CA, SHA224 Digest)
|
X509 Certificate verification #37 (Valid, EC CA, SHA224 Digest)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||||
x509_verify:"data_files/server5-sha224.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"NULL"
|
x509_verify:"data_files/server5-sha224.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #38 (Valid, EC CA, SHA384 Digest)
|
X509 Certificate verification #38 (Valid, EC CA, SHA384 Digest)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_SHA512_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_SHA512_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||||
x509_verify:"data_files/server5-sha384.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"NULL"
|
x509_verify:"data_files/server5-sha384.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #39 (Valid, EC CA, SHA512 Digest)
|
X509 Certificate verification #39 (Valid, EC CA, SHA512 Digest)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_SHA512_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_SHA512_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||||
x509_verify:"data_files/server5-sha512.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"NULL"
|
x509_verify:"data_files/server5-sha512.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #40 (Valid, depth 0, RSA, CA)
|
X509 Certificate verification #40 (Valid, depth 0, RSA, CA)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
|
||||||
x509_verify:"data_files/test-ca.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"NULL"
|
x509_verify:"data_files/test-ca.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #41 (Valid, depth 0, EC, CA)
|
X509 Certificate verification #41 (Valid, depth 0, EC, CA)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
|
||||||
x509_verify:"data_files/test-ca2.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"NULL"
|
x509_verify:"data_files/test-ca2.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #42 (Depth 0, not CA, RSA)
|
X509 Certificate verification #42 (Depth 0, not CA, RSA)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
|
||||||
x509_verify:"data_files/server2.crt":"data_files/server2.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"NULL"
|
x509_verify:"data_files/server2.crt":"data_files/server2.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #43 (Depth 0, not CA, EC)
|
X509 Certificate verification #43 (Depth 0, not CA, EC)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
|
||||||
x509_verify:"data_files/server5.crt":"data_files/server5.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"NULL"
|
x509_verify:"data_files/server5.crt":"data_files/server5.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #44 (Corrupted signature, EC)
|
X509 Certificate verification #44 (Corrupted signature, EC)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
|
||||||
x509_verify:"data_files/server5-badsign.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"NULL"
|
x509_verify:"data_files/server5-badsign.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #45 (Corrupted signature, RSA)
|
X509 Certificate verification #45 (Corrupted signature, RSA)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
|
||||||
x509_verify:"data_files/server2-badsign.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"NULL"
|
x509_verify:"data_files/server2-badsign.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #46 (Valid, depth 2, EC-RSA-EC)
|
X509 Certificate verification #46 (Valid, depth 2, EC-RSA-EC)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
|
||||||
x509_verify:"data_files/server7_int-ca.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"NULL"
|
x509_verify:"data_files/server7_int-ca.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #47 (Untrusted, depth 2, EC-RSA-EC)
|
X509 Certificate verification #47 (Untrusted, depth 2, EC-RSA-EC)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PKCS1_V15
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
|
||||||
x509_verify:"data_files/server7_int-ca.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"NULL"
|
x509_verify:"data_files/server7_int-ca.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #48 (Missing intermediate CA, EC-RSA-EC)
|
X509 Certificate verification #48 (Missing intermediate CA, EC-RSA-EC)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PKCS1_V15
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
|
||||||
x509_verify:"data_files/server7.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"NULL"
|
x509_verify:"data_files/server7.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #49 (Valid, depth 2, RSA-EC-RSA)
|
X509 Certificate verification #49 (Valid, depth 2, RSA-EC-RSA)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
|
||||||
x509_verify:"data_files/server8_int-ca2.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"NULL"
|
x509_verify:"data_files/server8_int-ca2.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #50 (Valid, multiple CAs)
|
X509 Certificate verification #50 (Valid, multiple CAs)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
|
||||||
x509_verify:"data_files/server2.crt":"data_files/test-ca_cat12.crt":"data_files/crl.pem":"NULL":0:0:"NULL"
|
x509_verify:"data_files/server2.crt":"data_files/test-ca_cat12.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #51 (Valid, multiple CAs, reverse order)
|
X509 Certificate verification #51 (Valid, multiple CAs, reverse order)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
|
||||||
x509_verify:"data_files/server2.crt":"data_files/test-ca_cat21.crt":"data_files/crl.pem":"NULL":0:0:"NULL"
|
x509_verify:"data_files/server2.crt":"data_files/test-ca_cat21.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #52 (CA keyUsage valid)
|
X509 Certificate verification #52 (CA keyUsage valid)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||||
x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crt_crl.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"NULL"
|
x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crt_crl.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #53 (CA keyUsage missing cRLSign)
|
X509 Certificate verification #53 (CA keyUsage missing cRLSign)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_X509_CHECK_KEY_USAGE:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_X509_CHECK_KEY_USAGE:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||||
x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crt.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_NOT_TRUSTED:"NULL"
|
x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crt.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_NOT_TRUSTED:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #54 (CA keyUsage missing cRLSign, no CRL)
|
X509 Certificate verification #54 (CA keyUsage missing cRLSign, no CRL)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
|
||||||
x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crt.crt":"data_files/crl.pem":"NULL":0:0:"NULL"
|
x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crt.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #55 (CA keyUsage missing keyCertSign)
|
X509 Certificate verification #55 (CA keyUsage missing keyCertSign)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_X509_CHECK_KEY_USAGE:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_X509_CHECK_KEY_USAGE:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||||
x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crl.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"NULL"
|
x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crl.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #56 (CA keyUsage plain wrong)
|
X509 Certificate verification #56 (CA keyUsage plain wrong)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_X509_CHECK_KEY_USAGE:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_X509_CHECK_KEY_USAGE:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||||
x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-ds.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"NULL"
|
x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-ds.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #57 (Valid, RSASSA-PSS, SHA-1)
|
X509 Certificate verification #57 (Valid, RSASSA-PSS, SHA-1)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C
|
||||||
x509_verify:"data_files/server9.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"NULL"
|
x509_verify:"data_files/server9.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #58 (Valid, RSASSA-PSS, SHA-224)
|
X509 Certificate verification #58 (Valid, RSASSA-PSS, SHA-224)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
|
||||||
x509_verify:"data_files/server9-sha224.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha224.pem":"NULL":0:0:"NULL"
|
x509_verify:"data_files/server9-sha224.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha224.pem":"NULL":0:0:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #59 (Valid, RSASSA-PSS, SHA-256)
|
X509 Certificate verification #59 (Valid, RSASSA-PSS, SHA-256)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
|
||||||
x509_verify:"data_files/server9-sha256.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha256.pem":"NULL":0:0:"NULL"
|
x509_verify:"data_files/server9-sha256.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha256.pem":"NULL":0:0:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #60 (Valid, RSASSA-PSS, SHA-384)
|
X509 Certificate verification #60 (Valid, RSASSA-PSS, SHA-384)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C:MBEDTLS_SHA1_C
|
||||||
x509_verify:"data_files/server9-sha384.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha384.pem":"NULL":0:0:"NULL"
|
x509_verify:"data_files/server9-sha384.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha384.pem":"NULL":0:0:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #61 (Valid, RSASSA-PSS, SHA-512)
|
X509 Certificate verification #61 (Valid, RSASSA-PSS, SHA-512)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C:MBEDTLS_SHA1_C
|
||||||
x509_verify:"data_files/server9-sha512.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha512.pem":"NULL":0:0:"NULL"
|
x509_verify:"data_files/server9-sha512.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha512.pem":"NULL":0:0:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #62 (Revoked, RSASSA-PSS, SHA-1)
|
X509 Certificate verification #62 (Revoked, RSASSA-PSS, SHA-1)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C
|
||||||
x509_verify:"data_files/server9.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"NULL"
|
x509_verify:"data_files/server9.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #63 (Revoked, RSASSA-PSS, SHA-1, CRL badsign)
|
X509 Certificate verification #63 (Revoked, RSASSA-PSS, SHA-1, CRL badsign)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C
|
||||||
x509_verify:"data_files/server9.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha1-badsign.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_NOT_TRUSTED:"NULL"
|
x509_verify:"data_files/server9.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha1-badsign.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_NOT_TRUSTED:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #64 (Valid, RSASSA-PSS, SHA-1, not top)
|
X509 Certificate verification #64 (Valid, RSASSA-PSS, SHA-1, not top)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C
|
||||||
x509_verify:"data_files/server9-with-ca.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"NULL"
|
x509_verify:"data_files/server9-with-ca.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #65 (RSASSA-PSS, SHA1, bad cert signature)
|
X509 Certificate verification #65 (RSASSA-PSS, SHA1, bad cert signature)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C
|
||||||
x509_verify:"data_files/server9-badsign.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"NULL"
|
x509_verify:"data_files/server9-badsign.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #66 (RSASSA-PSS, SHA1, no RSA CA)
|
X509 Certificate verification #66 (RSASSA-PSS, SHA1, no RSA CA)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
|
||||||
x509_verify:"data_files/server9.crt":"data_files/test-ca2.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"NULL"
|
x509_verify:"data_files/server9.crt":"data_files/test-ca2.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #67 (Valid, RSASSA-PSS, all defaults)
|
X509 Certificate verification #67 (Valid, RSASSA-PSS, all defaults)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C
|
||||||
x509_verify:"data_files/server9-defaults.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha1.pem":"NULL":0:0:"NULL"
|
x509_verify:"data_files/server9-defaults.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha1.pem":"NULL":0:0:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #68 (RSASSA-PSS, wrong salt_len)
|
X509 Certificate verification #68 (RSASSA-PSS, wrong salt_len)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
|
||||||
x509_verify:"data_files/server9-bad-saltlen.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"NULL"
|
x509_verify:"data_files/server9-bad-saltlen.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #69 (RSASSA-PSS, wrong mgf_hash)
|
X509 Certificate verification #69 (RSASSA-PSS, wrong mgf_hash)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
|
||||||
x509_verify:"data_files/server9-bad-mgfhash.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"NULL"
|
x509_verify:"data_files/server9-bad-mgfhash.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #70 (v1 trusted CA)
|
X509 Certificate verification #70 (v1 trusted CA)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
|
||||||
x509_verify:"data_files/server1-v1.crt":"data_files/test-ca-v1.crt":"data_files/crl.pem":"NULL":0:0:"NULL"
|
x509_verify:"data_files/server1-v1.crt":"data_files/test-ca-v1.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #71 (v1 trusted CA, other)
|
X509 Certificate verification #71 (v1 trusted CA, other)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
|
||||||
x509_verify:"data_files/server2-v1.crt":"data_files/server1-v1.crt":"data_files/crl.pem":"NULL":0:0:"NULL"
|
x509_verify:"data_files/server2-v1.crt":"data_files/server1-v1.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #72 (v1 chain)
|
X509 Certificate verification #72 (v1 chain)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
|
||||||
x509_verify:"data_files/server2-v1-chain.crt":"data_files/test-ca-v1.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"NULL"
|
x509_verify:"data_files/server2-v1-chain.crt":"data_files/test-ca-v1.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #73 (selfsigned trusted without CA bit)
|
X509 Certificate verification #73 (selfsigned trusted without CA bit)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
|
||||||
x509_verify:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":"data_files/crl.pem":"NULL":0:0:"NULL"
|
x509_verify:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #74 (signed by selfsigned trusted without CA bit)
|
X509 Certificate verification #74 (signed by selfsigned trusted without CA bit)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
|
||||||
x509_verify:"data_files/server6-ss-child.crt":"data_files/server5-selfsigned.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"NULL"
|
x509_verify:"data_files/server6-ss-child.crt":"data_files/server5-selfsigned.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #75 (encoding mismatch)
|
X509 Certificate verification #75 (encoding mismatch)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C
|
||||||
x509_verify:"data_files/enco-cert-utf8str.pem":"data_files/enco-ca-prstr.pem":"data_files/crl.pem":"NULL":0:0:"NULL"
|
x509_verify:"data_files/enco-cert-utf8str.pem":"data_files/enco-ca-prstr.pem":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #76 (multiple CRLs, not revoked)
|
X509 Certificate verification #76 (multiple CRLs, not revoked)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
|
||||||
x509_verify:"data_files/server5.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ec-rsa.pem":"NULL":0:0:"NULL"
|
x509_verify:"data_files/server5.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ec-rsa.pem":"NULL":0:0:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #77 (multiple CRLs, revoked)
|
X509 Certificate verification #77 (multiple CRLs, revoked)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
|
||||||
x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ec-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"NULL"
|
x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ec-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #78 (multiple CRLs, revoked by second)
|
X509 Certificate verification #78 (multiple CRLs, revoked by second)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
|
||||||
x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_rsa-ec.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"NULL"
|
x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_rsa-ec.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #79 (multiple CRLs, revoked by future)
|
X509 Certificate verification #79 (multiple CRLs, revoked by future)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
|
||||||
x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ecfut-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED|MBEDTLS_X509_BADCRL_FUTURE:"NULL"
|
x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ecfut-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED|MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #80 (multiple CRLs, first future, revoked by second)
|
X509 Certificate verification #80 (multiple CRLs, first future, revoked by second)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
|
||||||
x509_verify:"data_files/server1.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ecfut-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"NULL"
|
x509_verify:"data_files/server1.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ecfut-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #81 (multiple CRLs, none relevant)
|
X509 Certificate verification #81 (multiple CRLs, none relevant)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
|
||||||
x509_verify:"data_files/enco-cert-utf8str.pem":"data_files/enco-ca-prstr.pem":"data_files/crl_cat_rsa-ec.pem":"NULL":0:0:"NULL"
|
x509_verify:"data_files/enco-cert-utf8str.pem":"data_files/enco-ca-prstr.pem":"data_files/crl_cat_rsa-ec.pem":"NULL":0:0:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #82 (Not yet valid CA and valid CA)
|
X509 Certificate verification #82 (Not yet valid CA and valid CA)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
|
||||||
x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-future-present.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"NULL"
|
x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-future-present.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #83 (valid CA and Not yet valid CA)
|
X509 Certificate verification #83 (valid CA and Not yet valid CA)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
|
||||||
x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-present-future.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"NULL"
|
x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-present-future.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #84 (valid CA and Not yet valid CA)
|
X509 Certificate verification #84 (valid CA and Not yet valid CA)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
|
||||||
x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-present-past.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"NULL"
|
x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-present-past.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #85 (Not yet valid CA and valid CA)
|
X509 Certificate verification #85 (Not yet valid CA and valid CA)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
|
||||||
x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-past-present.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"NULL"
|
x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-past-present.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #86 (Not yet valid CA and invalid CA)
|
X509 Certificate verification #86 (Not yet valid CA and invalid CA)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
|
||||||
x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-future-invalid.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_FUTURE:"NULL"
|
x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-future-invalid.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_FUTURE:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification #87 (Expired CA and invalid CA)
|
X509 Certificate verification #87 (Expired CA and invalid CA)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
|
||||||
x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-past-invalid.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"NULL"
|
x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-past-invalid.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"compat":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification callback: trusted EE cert
|
X509 Certificate verification callback: trusted EE cert
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||||
|
|
|
@ -7,6 +7,8 @@
|
||||||
#include "mbedtls/oid.h"
|
#include "mbedtls/oid.h"
|
||||||
#include "mbedtls/base64.h"
|
#include "mbedtls/base64.h"
|
||||||
|
|
||||||
|
/* Profile for backward compatibility. Allows SHA-1, unlike the default
|
||||||
|
profile. */
|
||||||
const mbedtls_x509_crt_profile compat_profile =
|
const mbedtls_x509_crt_profile compat_profile =
|
||||||
{
|
{
|
||||||
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 ) |
|
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 ) |
|
||||||
|
@ -221,6 +223,7 @@ void x509_verify_info( int flags, char *prefix, char *result_str )
|
||||||
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C */
|
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C */
|
||||||
void x509_verify( char *crt_file, char *ca_file, char *crl_file,
|
void x509_verify( char *crt_file, char *ca_file, char *crl_file,
|
||||||
char *cn_name_str, int result, int flags_result,
|
char *cn_name_str, int result, int flags_result,
|
||||||
|
char *profile_str,
|
||||||
char *verify_callback )
|
char *verify_callback )
|
||||||
{
|
{
|
||||||
mbedtls_x509_crt crt;
|
mbedtls_x509_crt crt;
|
||||||
|
@ -230,6 +233,7 @@ void x509_verify( char *crt_file, char *ca_file, char *crl_file,
|
||||||
int res;
|
int res;
|
||||||
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *) = NULL;
|
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *) = NULL;
|
||||||
char * cn_name = NULL;
|
char * cn_name = NULL;
|
||||||
|
const mbedtls_x509_crt_profile *profile;
|
||||||
|
|
||||||
mbedtls_x509_crt_init( &crt );
|
mbedtls_x509_crt_init( &crt );
|
||||||
mbedtls_x509_crt_init( &ca );
|
mbedtls_x509_crt_init( &ca );
|
||||||
|
@ -238,6 +242,13 @@ void x509_verify( char *crt_file, char *ca_file, char *crl_file,
|
||||||
if( strcmp( cn_name_str, "NULL" ) != 0 )
|
if( strcmp( cn_name_str, "NULL" ) != 0 )
|
||||||
cn_name = cn_name_str;
|
cn_name = cn_name_str;
|
||||||
|
|
||||||
|
if( strcmp( profile_str, "default" ) == 0 )
|
||||||
|
profile = &mbedtls_x509_crt_profile_default;
|
||||||
|
else if( strcmp( profile_str, "compat" ) == 0 )
|
||||||
|
profile = &compat_profile;
|
||||||
|
else
|
||||||
|
TEST_ASSERT( "Unknown algorithm profile" == 0 );
|
||||||
|
|
||||||
if( strcmp( verify_callback, "NULL" ) == 0 )
|
if( strcmp( verify_callback, "NULL" ) == 0 )
|
||||||
f_vrfy = NULL;
|
f_vrfy = NULL;
|
||||||
else if( strcmp( verify_callback, "verify_none" ) == 0 )
|
else if( strcmp( verify_callback, "verify_none" ) == 0 )
|
||||||
|
@ -251,7 +262,7 @@ void x509_verify( char *crt_file, char *ca_file, char *crl_file,
|
||||||
TEST_ASSERT( mbedtls_x509_crt_parse_file( &ca, ca_file ) == 0 );
|
TEST_ASSERT( mbedtls_x509_crt_parse_file( &ca, ca_file ) == 0 );
|
||||||
TEST_ASSERT( mbedtls_x509_crl_parse_file( &crl, crl_file ) == 0 );
|
TEST_ASSERT( mbedtls_x509_crl_parse_file( &crl, crl_file ) == 0 );
|
||||||
|
|
||||||
res = mbedtls_x509_crt_verify_with_profile( &crt, &ca, &crl, &compat_profile, cn_name, &flags, f_vrfy, NULL );
|
res = mbedtls_x509_crt_verify_with_profile( &crt, &ca, &crl, profile, cn_name, &flags, f_vrfy, NULL );
|
||||||
|
|
||||||
TEST_ASSERT( res == ( result ) );
|
TEST_ASSERT( res == ( result ) );
|
||||||
TEST_ASSERT( flags == (uint32_t)( flags_result ) );
|
TEST_ASSERT( flags == (uint32_t)( flags_result ) );
|
||||||
|
@ -280,8 +291,10 @@ void x509_verify_callback( char *crt_file, char *ca_file,
|
||||||
TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
|
TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
|
||||||
TEST_ASSERT( mbedtls_x509_crt_parse_file( &ca, ca_file ) == 0 );
|
TEST_ASSERT( mbedtls_x509_crt_parse_file( &ca, ca_file ) == 0 );
|
||||||
|
|
||||||
ret = mbedtls_x509_crt_verify( &crt, &ca, NULL, NULL, &flags,
|
ret = mbedtls_x509_crt_verify_with_profile( &crt, &ca, NULL,
|
||||||
verify_print, &vrfy_ctx );
|
&compat_profile,
|
||||||
|
NULL, &flags,
|
||||||
|
verify_print, &vrfy_ctx );
|
||||||
|
|
||||||
TEST_ASSERT( ret == exp_ret );
|
TEST_ASSERT( ret == exp_ret );
|
||||||
TEST_ASSERT( strcmp( vrfy_ctx.buf, exp_vrfy_out ) == 0 );
|
TEST_ASSERT( strcmp( vrfy_ctx.buf, exp_vrfy_out ) == 0 );
|
||||||
|
|
Loading…
Reference in a new issue