Improve behaviour on fatal errors
If we didn't walk the whole chain, then there may be any kind of errors in the
part of the chain we didn't check, so setting all flags looks like the safe
thing to do.
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index a1a861e..f68e966 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -1182,7 +1182,7 @@
X509 CRT verify long chain (max intermediate CA + 1)
depends_on:POLARSSL_SHA256_C:POLARSSL_ECDSA_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
-x509_crt_verify_max:"data_files/dir-maxpath/00.crt":"data_files/dir-maxpath":POLARSSL_X509_MAX_INTERMEDIATE_CA+1:POLARSSL_ERR_X509_CERT_VERIFY_FAILED:0
+x509_crt_verify_max:"data_files/dir-maxpath/00.crt":"data_files/dir-maxpath":POLARSSL_X509_MAX_INTERMEDIATE_CA+1:POLARSSL_ERR_X509_CERT_VERIFY_FAILED:-1
X509 CRT verify chain #1 (zero pathlen intermediate)
depends_on:POLARSSL_SHA256_C:POLARSSL_RSA_C
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index b84cf64..82e4596 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -497,7 +497,7 @@
{
char file_buf[128];
int ret;
- uint32_t flags;
+ int flags;
x509_crt trusted, chain;
/*
@@ -522,7 +522,7 @@
ret = x509_crt_verify( &chain, &trusted, NULL, NULL, &flags,
NULL, NULL );
TEST_ASSERT( ret == ret_chk );
- TEST_ASSERT( flags == (uint32_t) flags_chk );
+ TEST_ASSERT( flags == flags_chk );
exit:
x509_crt_free( &chain );