]> git.ipfire.org Git - thirdparty/strongswan.git/commit
libtls: Replace expired certificates for unit tests
authorTobias Brunner <tobias@strongswan.org>
Fri, 24 Mar 2017 09:18:32 +0000 (10:18 +0100)
committerTobias Brunner <tobias@strongswan.org>
Fri, 24 Mar 2017 09:46:14 +0000 (10:46 +0100)
commit67849f49726548275b07f940900df48cece69406
tree9e0f77bb209778076116d1bcc281031487dbe5b2
parent3207193cbf67a262978bb077aab30c35f4a65cfb
libtls: Replace expired certificates for unit tests

Only the tests with client authentication failed, the client accepted
the trusted self-signed certificate even when it was expired.  On the
server the lookup (based on the pre-configured SAN) first found the ECDSA
cert, which it dismissed for the RSA authentication the client used, and
since only the first "pretrusted" cert is considered the following RSA
cert was verified more thoroughly.
The lookup on the client always uses the full DN of the server certificate
not the pre-configured identity so it found the correct certificate on
the first try.
src/libtls/tests/suites/test_socket.c