Additional corner cases for testing pathlen constrains
backport of 3d98a7e
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index 5bcbaad..1bd3ef7 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -358,10 +358,38 @@
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO
x509_verify:"data_files/cert_example_multi_nocn.crt":"data_files/test-ca.crt":"data_files/crl.pem":"www.example.net":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_CN_MISMATCH + BADCERT_NOT_TRUSTED:NULL
-X509 CRT verify path (4 certs)
++X509 CRT verify chain #1 (zero pathlen intermediate)
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA2_C
x509_crt_verify_chain:"data_files/dir4/cert14.crt data_files/dir4/cert13.crt data_files/dir4/cert12.crt":"data_files/dir4/cert11.crt":8
+X509 CRT verify chain #2 (zero pathlen root)
+depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA2_C
+x509_crt_verify_chain:"data_files/dir4/cert23.crt data_files/dir4/cert22.crt":"data_files/dir4/cert21.crt":8
+
+X509 CRT verify chain #3 (nonzero pathlen root)
+depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA2_C
+x509_crt_verify_chain:"data_files/dir4/cert34.crt data_files/dir4/cert33.crt data_files/dir4/cert32.crt":"data_files/dir4/cert31.crt":8
+
+X509 CRT verify chain #4 (nonzero pathlen intermediate)
+depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA2_C
+x509_crt_verify_chain:"data_files/dir4/cert45.crt data_files/dir4/cert44.crt data_files/dir4/cert43.crt data_files/dir4/cert42.crt":"data_files/dir4/cert41.crt":8
+
+X509 CRT verify chain #5 (nonzero maxpathlen intermediate)
+depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA2_C
+x509_crt_verify_chain:"data_files/dir4/cert54.crt data_files/dir4/cert53.crt data_files/dir4/cert52.crt":"data_files/dir4/cert51.crt":0
+
+X509 CRT verify chain #6 (nonzero maxpathlen root)
+depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA2_C
+x509_crt_verify_chain:"data_files/dir4/cert63.crt data_files/dir4/cert62.crt":"data_files/dir4/cert61.crt":0
+
+X509 CRT verify chain #7 (maxpathlen root, self signed in path)
+depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA2_C
+x509_crt_verify_chain:"data_files/dir4/cert74.crt data_files/dir4/cert73.crt data_files/dir4/cert72.crt":"data_files/dir4/cert71.crt":0
+
+X509 CRT verify chain #8 (self signed maxpathlen root)
+depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA2_C
+x509_crt_verify_chain:"data_files/dir4/cert61.crt data_files/dir4/cert63.crt data_files/dir4/cert62.crt":"data_files/dir4/cert61.crt":0
+
X509 Parse Selftest
depends_on:POLARSSL_MD5_C:POLARSSL_PEM_C:POLARSSL_SELF_TEST
x509_selftest:
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index 0acedfd..8f22312 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -275,11 +275,11 @@
END_CASE
BEGIN_CASE
-x509_crt_verify_chain:chain_paths_str:trusted_ca:ret
+x509_crt_verify_chain:chain_paths_str:trusted_ca:flags_result
{
char *act;
int flags;
- int res;
+ int result, res;
x509_cert trusted, chain;
char *chain_paths;
@@ -297,7 +297,10 @@
x509_free( &trusted );
x509_free( &chain );
- TEST_ASSERT( ( {ret} ) == res );
+ result = ( {flags_result} ) ? POLARSSL_ERR_X509_CERT_VERIFY_FAILED : 0;
+
+ TEST_ASSERT( res == result );
+ TEST_ASSERT( flags == ( {flags_result} ) );
}
END_CASE