diff options
author | Richard Levitte <levitte@openssl.org> | 2005-01-17 17:06:58 +0000 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2005-01-17 17:06:58 +0000 |
commit | a7201e9a1bf1282d8a7edcdfc588a62c1217c575 (patch) | |
tree | 9ec5d102f77d5b49b02fbd09c99d3c831d2afba6 /test | |
parent | fcd5cca418c1efcd420cfbdcd56182e0524698c1 (diff) | |
download | openssl-a7201e9a1bf1282d8a7edcdfc588a62c1217c575.tar.gz |
Changes concering RFC 3820 (proxy certificates) integration:
- Enforce that there should be no policy settings when the language
is one of id-ppl-independent or id-ppl-inheritAll.
- Add functionality to ssltest.c so that it can process proxy rights
and check that they are set correctly. Rights consist of ASCII
letters, and the condition is a boolean expression that includes
letters, parenthesis, &, | and ^.
- Change the proxy certificate configurations so they get proxy
rights that are understood by ssltest.c.
- Add a script that tests proxy certificates with SSL operations.
Other changes:
- Change the copyright end year in mkerr.pl.
- make update.
Diffstat (limited to 'test')
-rw-r--r-- | test/Makefile.ssl | 39 | ||||
-rw-r--r-- | test/P1ss.cnf | 2 | ||||
-rw-r--r-- | test/P2ss.cnf | 2 | ||||
-rw-r--r-- | test/testsslproxy | 10 |
4 files changed, 32 insertions, 21 deletions
diff --git a/test/Makefile.ssl b/test/Makefile.ssl index b49dec0b3e..8302f43b06 100644 --- a/test/Makefile.ssl +++ b/test/Makefile.ssl @@ -289,8 +289,8 @@ test_ssl: keyU.ss certU.ss certCA.ss certP1.ss keyP1.ss certP2.ss keyP2.ss \ intP1.ss intP2.ss @echo "test SSL protocol" @$(SET_SO_PATHS); sh ./testssl keyU.ss certU.ss certCA.ss - @$(SET_SO_PATHS); sh ./testssl keyP1.ss certP1.ss intP1.ss - @$(SET_SO_PATHS); sh ./testssl keyP2.ss certP2.ss intP2.ss + @$(SET_SO_PATHS); sh ./testsslproxy keyP1.ss certP1.ss intP1.ss + @$(SET_SO_PATHS); sh ./testsslproxy keyP2.ss certP2.ss intP2.ss test_ca: @$(SET_SO_PATHS); if ../apps/openssl no-rsa; then \ @@ -1039,20 +1039,21 @@ shatest.o: ../include/openssl/safestack.h ../include/openssl/sha.h shatest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h shatest.c ssltest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssltest.o: ../include/openssl/bn.h ../include/openssl/buffer.h -ssltest.o: ../include/openssl/comp.h ../include/openssl/crypto.h -ssltest.o: ../include/openssl/dh.h ../include/openssl/dsa.h -ssltest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h -ssltest.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h -ssltest.o: ../include/openssl/engine.h ../include/openssl/err.h -ssltest.o: ../include/openssl/evp.h ../include/openssl/kssl.h -ssltest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -ssltest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -ssltest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -ssltest.o: ../include/openssl/pem.h ../include/openssl/pem2.h -ssltest.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -ssltest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -ssltest.o: ../include/openssl/sha.h ../include/openssl/ssl.h -ssltest.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ssltest.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ssltest.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ssltest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssltest.c +ssltest.o: ../include/openssl/comp.h ../include/openssl/conf.h +ssltest.o: ../include/openssl/crypto.h ../include/openssl/dh.h +ssltest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +ssltest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +ssltest.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +ssltest.o: ../include/openssl/err.h ../include/openssl/evp.h +ssltest.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +ssltest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ssltest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ssltest.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +ssltest.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +ssltest.o: ../include/openssl/rand.h ../include/openssl/rsa.h +ssltest.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ssltest.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +ssltest.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +ssltest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ssltest.o: ../include/openssl/tls1.h ../include/openssl/x509.h +ssltest.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h ssltest.c diff --git a/test/P1ss.cnf b/test/P1ss.cnf index 864e4d2ad6..876a0d35f8 100644 --- a/test/P1ss.cnf +++ b/test/P1ss.cnf @@ -34,4 +34,4 @@ organizationName_value = Dodgy Brothers basicConstraints=CA:FALSE subjectKeyIdentifier=hash authorityKeyIdentifier=keyid,issuer:always -proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:1,policy:text:foo +proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:1,policy:text:AB diff --git a/test/P2ss.cnf b/test/P2ss.cnf index 04a76cd34b..373a87e7c2 100644 --- a/test/P2ss.cnf +++ b/test/P2ss.cnf @@ -42,4 +42,4 @@ proxyCertInfo=critical,@proxy_ext [ proxy_ext ] language=id-ppl-anyLanguage pathlen=0 -policy=text:bar +policy=text:BC diff --git a/test/testsslproxy b/test/testsslproxy new file mode 100644 index 0000000000..40469f591e --- /dev/null +++ b/test/testsslproxy @@ -0,0 +1,10 @@ +#! /bin/sh + +echo 'Testing a lot of proxy conditions.' +echo 'Some of them may turn out being invalid, which is fine.' +for auth in A B C BC; do + for cond in A B C 'A|B&!C'; do + sh ./testssl $1 $2 $3 "-proxy_auth $auth -proxy_cond $cond" + if [ $? == 3 ]; then exit 1; fi + done +done |