commit 3d98a7eee33bacd04ec17d149553ab727cb47ad1
author Janos Follath <janos.follath@gmail.com> Sun Oct 11 16:17:27 2015 +0200
committer Manuel Pégourié-Gonnard <mpg2@elzevir.fr> Wed Oct 28 18:20:43 2015 +0100
tree abad95a6ab6ab0da2fb394338217687e69539fd3
parent 189c743d3eff430112cdc3cee1dfd18b74752b6f

Additional corner cases for testing pathlen constrains. Just in case.

backport of ef4f258

tests/suites/test_suite_x509parse.data

diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index 3f8ac27..e152fc2 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -1124,10 +1124,38 @@
 depends_on:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_SHA256_C:POLARSSL_ECDSA_C:POLARSSL_ECP_DP_SECP384R1_ENABLED
 x509_crt_parse_path:"data_files/dir3":1:2
 
-X509 CRT verify path (4 certs)
+X509 CRT verify chain #1 (zero pathlen intermediate)
 depends_on:POLARSSL_SHA256_C:POLARSSL_RSA_C
 x509_crt_verify_chain:"data_files/dir4/cert14.crt data_files/dir4/cert13.crt data_files/dir4/cert12.crt":"data_files/dir4/cert11.crt":8
 
+X509 CRT verify chain #2 (zero pathlen root)
+depends_on:POLARSSL_SHA256_C:POLARSSL_RSA_C
+x509_crt_verify_chain:"data_files/dir4/cert23.crt data_files/dir4/cert22.crt":"data_files/dir4/cert21.crt":8
+
+X509 CRT verify chain #3 (nonzero pathlen root)
+depends_on:POLARSSL_SHA256_C:POLARSSL_RSA_C
+x509_crt_verify_chain:"data_files/dir4/cert34.crt data_files/dir4/cert33.crt data_files/dir4/cert32.crt":"data_files/dir4/cert31.crt":8
+
+X509 CRT verify chain #4 (nonzero pathlen intermediate)
+depends_on:POLARSSL_SHA256_C:POLARSSL_RSA_C
+x509_crt_verify_chain:"data_files/dir4/cert45.crt data_files/dir4/cert44.crt data_files/dir4/cert43.crt data_files/dir4/cert42.crt":"data_files/dir4/cert41.crt":8
+
+X509 CRT verify chain #5 (nonzero maxpathlen intermediate)
+depends_on:POLARSSL_SHA256_C:POLARSSL_RSA_C
+x509_crt_verify_chain:"data_files/dir4/cert54.crt data_files/dir4/cert53.crt data_files/dir4/cert52.crt":"data_files/dir4/cert51.crt":0
+
+X509 CRT verify chain #6 (nonzero maxpathlen root)
+depends_on:POLARSSL_SHA256_C:POLARSSL_RSA_C
+x509_crt_verify_chain:"data_files/dir4/cert63.crt data_files/dir4/cert62.crt":"data_files/dir4/cert61.crt":0
+
+X509 CRT verify chain #7 (maxpathlen root, self signed in path)
+depends_on:POLARSSL_SHA256_C:POLARSSL_RSA_C
+x509_crt_verify_chain:"data_files/dir4/cert74.crt data_files/dir4/cert73.crt data_files/dir4/cert72.crt":"data_files/dir4/cert71.crt":0
+
+X509 CRT verify chain #8 (self signed maxpathlen root)
+depends_on:POLARSSL_SHA256_C:POLARSSL_RSA_C
+x509_crt_verify_chain:"data_files/dir4/cert61.crt data_files/dir4/cert63.crt data_files/dir4/cert62.crt":"data_files/dir4/cert61.crt":0
+
 X509 OID description #1
 x509_oid_desc:"2B06010505070301":"TLS Web Server Authentication"
 

tests/suites/test_suite_x509parse.function

diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index 5d82f44..e19294a 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -445,13 +445,15 @@
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:POLARSSL_FS_IO:POLARSSL_X509_CRT_PARSE_C */
-void x509_crt_verify_chain(  char *chain_paths, char *trusted_ca, int ret )
+void x509_crt_verify_chain(  char *chain_paths, char *trusted_ca, int flags_result )
 {
     char* act;
     int flags;
-    int res;
+    int result, res;
     x509_crt trusted, chain;
 
+    result = flags_result ? POLARSSL_ERR_X509_CERT_VERIFY_FAILED : 0;
+
     x509_crt_init( &chain );
     x509_crt_init( &trusted );
 
@@ -461,7 +463,8 @@
 
     res = x509_crt_verify( &chain, &trusted, NULL, NULL, &flags, NULL, NULL );
 
-    TEST_ASSERT( ret == res );
+    TEST_ASSERT( res == result );
+    TEST_ASSERT( flags == flags_result );
 
 exit:
     x509_crt_free( &trusted );