[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Richard Levitte levitte at openssl.org
Fri Feb 17 07:55:16 UTC 2017


The branch OpenSSL_1_1_0-stable has been updated
       via  949bd8e45eb4d2697d20c2249fa42cba545da2ac (commit)
       via  6c80afbd6cdb2273ea2b0ba29ce53b9ba5b04c8d (commit)
      from  d52c9b58a6e6c6dba62221b469e1576fe26b3c20 (commit)


- Log -----------------------------------------------------------------
commit 949bd8e45eb4d2697d20c2249fa42cba545da2ac
Author: Richard Levitte <levitte at openssl.org>
Date:   Thu Feb 16 21:07:33 2017 +0100

    Add a test of the X509_STORE / X509_LOOKUP API
    
    Fortunately, "openssl verify" makes good use of that API
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/2652)
    (cherry picked from commit bb0f7eca75b8da1538c08c1f5be1bb7ea8f40638)

commit 6c80afbd6cdb2273ea2b0ba29ce53b9ba5b04c8d
Author: Richard Levitte <levitte at openssl.org>
Date:   Thu Feb 16 21:06:42 2017 +0100

    test/README: clarify test number groups
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/2652)
    (cherry picked from commit 532e7b36d9622ac06a96fb3557b5bc16016e5ca8)

-----------------------------------------------------------------------

Summary of changes:
 test/README                       | 20 ++++++++--------
 test/recipes/60-test_x509_store.t | 48 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 59 insertions(+), 9 deletions(-)
 create mode 100644 test/recipes/60-test_x509_store.t

diff --git a/test/README b/test/README
index bca7ab8..ef39d38 100644
--- a/test/README
+++ b/test/README
@@ -19,15 +19,17 @@ digit number and {name} is a unique name of your choice.
 
 The number {nn} is (somewhat loosely) grouped as follows:
 
-05  individual symmetric cipher algorithms
-10  math (bignum)
-15  individual asymmetric cipher algorithms
-20  openssl commands (some otherwise not tested)
-25  certificate forms, generation and verification
-30  engine and evp
-70  PACKET layer
-80  "larger" protocols (CA, CMS, OCSP, SSL, TSA)
-90  misc
+00-04  sanity, internal and essential API tests
+05-09  individual symmetric cipher algorithms
+10-14  math (bignum)
+15-19  individual asymmetric cipher algorithms
+20-24  openssl commands (some otherwise not tested)
+25-29  certificate forms, generation and verification
+30-35  engine and evp
+60-79  APIs
+   70  PACKET layer
+80-89  "larger" protocols (CA, CMS, OCSP, SSL, TSA)
+90-99  misc
 
 
 A recipe that just runs a test executable
diff --git a/test/recipes/60-test_x509_store.t b/test/recipes/60-test_x509_store.t
new file mode 100644
index 0000000..b084ed9
--- /dev/null
+++ b/test/recipes/60-test_x509_store.t
@@ -0,0 +1,48 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use strict;
+use warnings;
+
+use File::Copy;
+use File::Spec::Functions qw/:DEFAULT canonpath/;
+use OpenSSL::Test qw/:DEFAULT srctop_file/;
+
+setup("test_x509_store");
+
+# We use 'openssl verify' for these tests, as it contains everything
+# we need to conduct these tests.  The tests here are a subset of the
+# ones found in 25-test_verify.t
+
+sub verify {
+    my ($cert, $purpose, $trustedpath, $untrusted, @opts) = @_;
+    my @args = qw(openssl verify -auth_level 1 -purpose);
+    my @path = qw(test certs);
+    push(@args, "$purpose", @opts);
+    push(@args, "-CApath", $trustedpath);
+    for (@$untrusted) { push(@args, "-untrusted", srctop_file(@path, "$_.pem")) }
+    push(@args, srctop_file(@path, "$cert.pem"));
+    run(app([@args]));
+}
+
+plan tests => 3;
+
+indir "60-test_x509_store" => sub {
+    for (("root-cert")) {
+        copy(srctop_file("test", "certs", "$_.pem"), curdir());
+    }
+    ok(run(app([qw(openssl rehash), curdir()])), "Rehashing");
+
+    # Canonical success
+    ok(verify("ee-cert", "sslserver", curdir(), ["ca-cert"], "-show_chain"),
+       "verify ee-cert");
+
+    # Failure because root cert not present in CApath
+    ok(!verify("ca-root2", "any", curdir(), [], "-show_chain"));
+}, create => 1, cleanup => 1;


More information about the openssl-commits mailing list