X-Git-Url: http://git.ipfire.org/?p=thirdparty%2Fopenssl.git;a=blobdiff_plain;f=test%2Frecipes%2F25-test_verify.t;fp=test%2Frecipes%2F25-test_verify.t;h=3df2b5c37050ba723b6eadbbebd454dcc6695d50;hp=c0de243708d12dfb1e2c0d3024f50bdc4399e04b;hb=3cb55fe47c3398b81956e4fe20c4004524d47519;hpb=fa86e2ee3533bb7fa9f3c62c38920cf960e9fec0

diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t
index c0de243708..3df2b5c370 100644
--- a/test/recipes/25-test_verify.t
+++ b/test/recipes/25-test_verify.t
@@ -27,7 +27,7 @@ sub verify {
     run(app([@args]));
 }
 
-plan tests => 137;
+plan tests => 139;
 
 # Canonical success
 ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]),
@@ -222,6 +222,10 @@ ok(verify("ee-client", "sslclient", [qw(ee+clientAuth)], [], "-partial_chain"),
    "accept direct match with client trust");
 ok(!verify("ee-client", "sslclient", [qw(ee-clientAuth)], [], "-partial_chain"),
    "reject direct match with client mistrust");
+ok(verify("ee-pathlen", "sslserver", [qw(root-cert)], [qw(ca-cert)]),
+   "accept non-ca with pathlen:0 by default");
+ok(!verify("ee-pathlen", "sslserver", [qw(root-cert)], [qw(ca-cert)], "-x509_strict"),
+   "reject non-ca with pathlen:0 with strict flag");
 
 # Proxy certificates
 ok(!verify("pc1-cert", "sslclient", [qw(root-cert)], [qw(ee-client ca-cert)]),