Add test cases for the non CA certificate with pathlen:0

[thirdparty/openssl.git] / test / recipes / 80-test_ca.t

diff --git a/test/recipes/80-test_ca.t b/test/recipes/80-test_ca.t
index 4766b8280d536aecf302a8f44da463a3f1350759..5b4f59b69bab2bcc1842b1427b29d695839af8ba 100644 (file)
--- a/test/recipes/80-test_ca.t
+++ b/test/recipes/80-test_ca.t
@@ -1,7 +1,7 @@
 #! /usr/bin/env perl
 # Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
 #
-# Licensed under the OpenSSL license (the "License").  You may not use
+# Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
 # in the file LICENSE in the source distribution or at
 # https://www.openssl.org/source/license.html
@@ -13,6 +13,7 @@ use warnings;
 use POSIX;
 use File::Path 2.00 qw/rmtree/;
 use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file/;
+use OpenSSL::Test::Utils;
 
 setup("test_ca");
 
@@ -22,35 +23,50 @@ my $std_openssl_cnf =
 
 rmtree("demoCA", { safe => 0 });
 
-plan tests => 5;
+plan tests => 6;
  SKIP: {
      $ENV{OPENSSL_CONFIG} = '-config "'.srctop_file("test", "CAss.cnf").'"';
-     skip "failed creating CA structure", 3
+     skip "failed creating CA structure", 4
         if !ok(run(perlapp(["CA.pl","-newca"], stdin => undef)),
                'creating CA structure');
 
      $ENV{OPENSSL_CONFIG} = '-config "'.srctop_file("test", "Uss.cnf").'"';
-     skip "failed creating new certificate request", 2
+     skip "failed creating new certificate request", 3
         if !ok(run(perlapp(["CA.pl","-newreq"])),
                'creating certificate request');
 
-     $ENV{OPENSSL_CONFIG} = '-config "'.$std_openssl_cnf.'"';
-     skip "failed to sign certificate request", 1
+     $ENV{OPENSSL_CONFIG} = '-rand_serial -config "'.$std_openssl_cnf.'"';
+     skip "failed to sign certificate request", 2
         if !is(yes(cmdstr(perlapp(["CA.pl", "-sign"]))), 0,
                'signing certificate request');
 
      ok(run(perlapp(["CA.pl", "-verify", "newcert.pem"])),
         'verifying new certificate');
 
-     $ENV{OPENSSL_CONFIG} = "-config ".srctop_file("test", "Uss.cnf");
-     ok(run(perlapp(["CA.pl", "-newprecert"], stderr => undef)),
+     skip "CT not configured, can't use -precert", 1
+         if disabled("ct");
+
+     $ENV{OPENSSL_CONFIG} = '-config "'.srctop_file("test", "Uss.cnf").'"';
+     ok(run(perlapp(["CA.pl", "-precert"], stderr => undef)),
         'creating new pre-certificate');
 }
 
-
-rmtree("demoCA", { safe => 0 });
-unlink "newcert.pem", "newreq.pem", "newkey.pem";
-
+SKIP: {
+    skip "SM2 is not supported by this OpenSSL build", 1
+             if disabled("sm2");
+
+    is(yes(cmdstr(app(["openssl", "ca", "-config",
+                       srctop_file("test", "CAss.cnf"),
+                       "-in", srctop_file("test", "certs", "sm2-csr.pem"),
+                       "-out", "sm2-test.crt",
+                       "-sigopt", "distid:1234567812345678",
+                       "-vfyopt", "distid:1234567812345678",
+                       "-md", "sm3",
+                       "-cert", srctop_file("test", "certs", "sm2-root.crt"),
+                       "-keyfile", srctop_file("test", "certs", "sm2-root.key")]))),
+       0,
+       "Signing SM2 certificate request");
+}
 
 sub yes {
     my $cntr = 10;