Add a test for a bogus SMTPUTF8 name constraint in a cert.

author Bob Beck <beck@openssl.org>

Thu, 26 Mar 2026 20:07:06 +0000 (14:07 -0600)

committer Neil Horman <nhorman@openssl.org>

Thu, 7 May 2026 16:09:34 +0000 (12:09 -0400)
author Bob Beck <beck@openssl.org>
Thu, 26 Mar 2026 20:07:06 +0000 (14:07 -0600)
committer Neil Horman <nhorman@openssl.org>
Thu, 7 May 2026 16:09:34 +0000 (12:09 -0400)
diff --git a/test/certs/bad-cert-smtputf8-name-constraints.pem b/test/certs/bad-cert-smtputf8-name-constraints.pem

new file mode 100644 (file)

index 0000000..7eb48f1
--- /dev/null
+++ b/test/certs/bad-cert-smtputf8-name-constraints.pem
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIETjCCAzagAwIBAgIUAfHYT2xCH+Q2ONGkBpeu1yo4uYAwDQYJKoZIhvcNAQEL
+BQAwfzELMAkGA1UEBhMCQ0ExCzAJBgNVBAgMAkFCMSMwIQYDVQQKDBpIb25lc3Qg
+Qm9icyBUcnVzdCBTZXJ2aWNlczE+MDwGA1UEAww1Qm9ndXMgQ0EgY2VydCB3aXRo
+IEludmFsaWQgU01UUFV0ZjggTmFtZSBDb25zdHJhaW50cy4wIBcNMjYwMzI2MTk0
+MzEwWhgPMjA1MzA4MTAxOTQzMTBaMH8xCzAJBgNVBAYTAkNBMQswCQYDVQQIDAJB
+QjEjMCEGA1UECgwaSG9uZXN0IEJvYnMgVHJ1c3QgU2VydmljZXMxPjA8BgNVBAMM
+NUJvZ3VzIENBIGNlcnQgd2l0aCBJbnZhbGlkIFNNVFBVdGY4IE5hbWUgQ29uc3Ry
+YWludHMuMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7Gfh95qTUIgQ
+8bTQJ9XIw4ZKYawQSL3eydsdZwIoqLPub323BlgExxDW/rkHOiYA+btBnBdKWPMc
+WXYcjMMVnHD4/bAwglgtEPSIlPH0GQWITdr9ISZt5BPISt21xzzVxEYwSAnQfIOG
+q3wXv2XO3C4lTnz4YRsRhh7Nbg1n6eLSEldi7EEtIx0cUv7RqiPkRhitpAdlhcN4
+hS2WGDtjmuMXOLLkt5kfme2il3i/f/OvOYHcGev8VEbe9ucAse70RjNtsrIGtHRa
+U5JNILo3GVRi5tIp56zdnnzW+HMdAyHNeB1KPEdMC7YP1FQEz2u58la6dhT2LPJj
+j3y8h1im2QIDAQABo4G/MIG8MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/
+BAQDAgGGMB0GA1UdDgQWBBQBGPQWxNM5dhZBl0LVtI8EFHlDvjAfBgNVHSMEGDAW
+gBQBGPQWxNM5dhZBl0LVtI8EFHlDvjBWBgNVHR4BAf8ETDBKoCMwIaAfBggrBgEF
+BQcICaATDBFiZWNrQGxpYnJlc3NsLm9yZ6EjMCGgHwYIKwYBBQUHCAmgEwwRYmVj
+a0BsaWJyZXNzbC5vcmcwDQYJKoZIhvcNAQELBQADggEBAMCHstK2G8xzoG2EscY+
+BQVJ3nOuk33/Q7s9sdXFEyrN0F9a1pWE/pKdqplgZTN6buGXym+iSV4mA3+9/Aty
+BFa3vZoOnN3Td9gWDpIqyUtgEtjrGpAmPLvymalVlHBDsm67rMO+b3hXz9ioGNWT
+ii5JFtcqltTasz7ePXYJxQjBByMOVd/tvb6Nn2QIvr841zOjhC9Bp0OZsWs6qAbw
+Dg/yHnrSZOvPV8c+qKco7zqlGpTZtnTU05dIztoQU6RcBjV9nAUQy6LZp3XtF4/h
+MIMydgmxi52aUY5NFccfBoZdM4m7caEvwACBhpTNtBrdr16L+0SIPHjr4Vat9ruJ
+/8A=
+-----END CERTIFICATE-----
diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t

index 51d3f8ffc6002acc6e875b6f125e88775fb57f4a..30a637a3e9bbae52891bb3ef8cb4578cfb7e6060 100644 (file)
--- a/test/recipes/25-test_verify.t
+++ b/test/recipes/25-test_verify.t
@@ -30,7 +30,7 @@ sub verify {
      run(app([@args]));
  }
  
-plan tests => 216;
+plan tests => 217;
  
  # Canonical success
  ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]),
@@ -473,6 +473,10 @@ ok(!verify("bad-othername-cert", "", ["root-cert"], ["nccaothername-cert"], ),
  ok(verify("nc-uri-cert", "", ["root-cert"], ["ncca4-cert"], ),
     "Name constraints URI with userinfo");
  
+ok(!verify("bad-cert-smtputf8-name-constraints", "root-cert", ["bad-cert-smtputf8-name-constraints"], [],
+         "-partial_chain", "-attime", "1623060000"),
+   "Name constraints bad othername name constraint");
+
  #Check that we get the expected failure return code
  with({ exit_checker => sub { return shift == 2; } },
       sub {
author	Bob Beck <beck@openssl.org>
	Thu, 26 Mar 2026 20:07:06 +0000 (14:07 -0600)
committer	Neil Horman <nhorman@openssl.org>
	Thu, 7 May 2026 16:09:34 +0000 (12:09 -0400)
test/certs/bad-cert-smtputf8-name-constraints.pem	[new file with mode: 0644]	patch \| blob
test/recipes/25-test_verify.t		patch \| blob \| blame \| history