From: Jonathan M. Wilbur <jonathan@wilbur.space>
Date: Tue, 20 Aug 2024 23:27:43 +0000 (+0000)
Subject: test: issuedOnBehalfOf X.509v3 extension
X-Git-Tag: openssl-3.4.0-alpha1~40
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0acb32052adac4730c16bb402f799bc8527bea00;p=thirdparty%2Fopenssl.git

test: issuedOnBehalfOf X.509v3 extension

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25241)
---

diff --git a/test/certs/ext-issuedOnBehalfOf.pem b/test/certs/ext-issuedOnBehalfOf.pem
new file mode 100644
index 00000000000..e97ce40cd7a
--- /dev/null
+++ b/test/certs/ext-issuedOnBehalfOf.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBpDCCAZCgAwIBAgIDAQIDMAsGCSqGSIb3DQEBBTAAMCIYDzIwMjEwODMxMDIy
+OTM2WhgPMjAyMTA4MzEwMjI5MzZaMAAwggEgMAsGCSqGSIb3DQEBAQOCAQ8AMIIB
+CgKCAQEAtnjLm1ts1hC4fNNt3UnQD9y73bDXgioTyWYSI3ca/KNfuTydjFTEYAmq
+nuGrBOUfgbmH3PRQ0AmpqljgWTb3d3K8H4UFvDWQTPSS21IMjm8oqd19nE5GxWir
+Gu0oDRzhWLHe1RZ7ZrohCPg/1Ocsy47QZuK2laFB0rEmrRWBmEYbDl3/wxf5XfqI
+qpOynJB02thXrTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06
+GkwLFJHNv2tU+tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3Vus
+pVz+6pU2xgl3nrAVMQHB4fReQPH0pQIDAQABoyswKTAnBgNVHUAEIKQeMBwxGjAY
+BgNVBAMMEVdpbGRib2FyIFNvZnR3YXJlMAsGCSqGSIb3DQEBBQMBAA==
+-----END CERTIFICATE-----
diff --git a/test/recipes/25-test_x509.t b/test/recipes/25-test_x509.t
index e3873ebc851..5f68d159436 100644
--- a/test/recipes/25-test_x509.t
+++ b/test/recipes/25-test_x509.t
@@ -16,7 +16,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/;
 
 setup("test_x509");
 
-plan tests => 96;
+plan tests => 97;
 
 # Prevent MSys2 filename munging for arguments that look like file paths but
 # aren't
@@ -299,6 +299,11 @@ cert_contains($audit_id_cert,
               "09:08:07",
               1, 'X509v3 Audit Identity');
 
+my $iobo_cert = srctop_file(@certs, "ext-issuedOnBehalfOf.pem");
+cert_contains($iobo_cert,
+              "DirName:CN = Wildboar",
+              1, 'X.509 Issued On Behalf Of');
+
 sub test_errors { # actually tests diagnostics of OSSL_STORE
     my ($expected, $cert, @opts) = @_;
     my $infile = srctop_file(@certs, $cert);