zzy/openssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add a Certificate Policies Test

Browse Source 
Test that a valid certificate policy is accepted and that an invalid
certificate policy is rejected. Specifically we are checking that a
leaf certificate with an invalid policy is detected.

Related-to: CVE-2023-0465

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20585)
This commit is contained in:
Matt Caswell 2023-03-07 17:07:57 +00:00 committed by Tomas Mraz
parent e4142ec43b
commit 591feddc61
1 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
test/recipes/25-test_verify.t
View File

@ -29,7 +29,7 @@ sub verify {
run(app([@args]));
}
plan tests => 183;
plan tests => 185;
# Canonical success
ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]),
@ -558,3 +558,14 @@ SKIP: {
ok(run(app([ qw(openssl verify -trusted), $rsapluscert_file, $cert_file ])),
'Mixed key + cert file test');
}
# Certificate Policies
ok(verify("ee-cert-policies", "", ["root-cert"], ["ca-pol-cert"],
"-policy_check", "-policy", "1.3.6.1.4.1.16604.998855.1",
"-explicit_policy"),
"Certificate policy");
ok(!verify("ee-cert-policies-bad", "", ["root-cert"], ["ca-pol-cert"],
"-policy_check", "-policy", "1.3.6.1.4.1.16604.998855.1",
"-explicit_policy"),
"Bad certificate policy");