[openssl-dev] make TESTS="test_ocsp" test

CHOW Anthony anthony.chow at al-enterprise.com
Thu Apr 14 05:37:00 UTC 2016 

Oh thanks. This is a negative test.  I will move on.

Is there a good way to test the openssl library and not just the command line?

Anthony.

-----Original Message-----
From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf Of Richard Levitte
Sent: Wednesday, April 13, 2016 10:33 PM
To: openssl-dev at openssl.org
Subject: Re: [openssl-dev] make TESTS="test_ocsp" test

In message <HE1PR08MB0427B6808F52900CD7A6138CD6970 at HE1PR08MB0427.eurprd08.prod.outlook.com> on Thu, 14 Apr 2016 04:55:02 +0000, CHOW Anthony <anthony.chow at al-enterprise.com> said:

anthony.chow> Can this test be tested standalone? I must have missed something:
anthony.chow>
anthony.chow> === INVALID SIGNATURE on the OCSP RESPONSE === anthony.chow> NON-DELEGATED; Intermediate CA -> EE anthony.chow> Response Verify Failure anthony.chow> 47813825843168:error:0407006A:rsa anthony.chow> routines:RSA_padding_check_PKCS1_type_1:block type is not anthony.chow> 01:rsa_pk1.c:103:
anthony.chow> 47813825843168:error:04067072:rsa anthony.chow> routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay.c:705:
anthony.chow> 47813825843168:error:0D0C5006:asn1 encoding anthony.chow> routines:ASN1_item_verify:EVP lib:a_verify.c:218:
anthony.chow> 47813825843168:error:27069075:OCSP
anthony.chow> routines:OCSP_basic_verify:signature failure:ocsp_vfy.c:105:
anthony.chow> NON-DELEGATED; Root CA -> Intermediate CA anthony.chow> Response Verify Failure anthony.chow> 47579061129184:error:0407006A:rsa anthony.chow> routines:RSA_padding_check_PKCS1_type_1:block type is not anthony.chow> 01:rsa_pk1.c:103:
anthony.chow> 47579061129184:error:04067072:rsa anthony.chow> routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay.c:705:
anthony.chow> 47579061129184:error:0D0C5006:asn1 encoding anthony.chow> routines:ASN1_item_verify:EVP lib:a_verify.c:218:
anthony.chow> 47579061129184:error:27069075:OCSP
anthony.chow> routines:OCSP_basic_verify:signature failure:ocsp_vfy.c:105:
anthony.chow> NON-DELEGATED; Root CA -> EE anthony.chow> anthony.chow> Any pointer on what I can do?

This is a part of the OCSP test suite, and sorry, there currently is no way to pick and choose between the different tests of the suite (I wouldn't expect that to change in the future).

As to that particular set of tests, it checks that diverse responses with invalid signature does lead to an error report, so that output looks quite correct (unless I'm missing something)

Cheers,
Richard

-- 
Richard Levitte         levitte at openssl.org
OpenSSL Project         http://www.openssl.org/~levitte/
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

More information about the openssl-dev mailing list