test: add tests for acceptable policies exts

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24663)

diff --git a/test/certs/ext-acceptableCertPolicies.pem b/test/certs/ext-acceptableCertPolicies.pem
new file mode 100644 (file)
index 0000000..2930235
--- /dev/null
+++ b/test/certs/ext-acceptableCertPolicies.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBkDCCAXygAwIBAgIDAQIDMAsGCSqGSIb3DQEBBTAAMCIYDzIwMjEwODMxMDIy
+MDM4WhgPMjAyMTA4MzEwMjIwMzhaMAAwggEgMAsGCSqGSIb3DQEBAQOCAQ8AMIIB
+CgKCAQEAtnjLm1ts1hC4fNNt3UnQD9y73bDXgioTyWYSI3ca/KNfuTydjFTEYAmq
+nuGrBOUfgbmH3PRQ0AmpqljgWTb3d3K8H4UFvDWQTPSS21IMjm8oqd19nE5GxWir
+Gu0oDRzhWLHe1RZ7ZrohCPg/1Ocsy47QZuK2laFB0rEmrRWBmEYbDl3/wxf5XfqI
+qpOynJB02thXrTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06
+GkwLFJHNv2tU+tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3Vus
+pVz+6pU2xgl3nrAVMQHB4fReQPH0pQIDAQABoxcwFTATBgNVHTQEDDAKBgNVBAsG
+A1UEDTALBgkqhkiG9w0BAQUDAQA=
+-----END CERTIFICATE-----

diff --git a/test/certs/ext-acceptablePrivilegePolicies.pem b/test/certs/ext-acceptablePrivilegePolicies.pem
new file mode 100644 (file)
index 0000000..804086d
--- /dev/null
+++ b/test/certs/ext-acceptablePrivilegePolicies.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBkDCCAXygAwIBAgIDAQIDMAsGCSqGSIb3DQEBBTAAMCIYDzIwMjEwODMwMTI1
+NjEyWhgPMjAyMTA4MzAxMjU2MTJaMAAwggEgMAsGCSqGSIb3DQEBAQOCAQ8AMIIB
+CgKCAQEAtnjLm1ts1hC4fNNt3UnQD9y73bDXgioTyWYSI3ca/KNfuTydjFTEYAmq
+nuGrBOUfgbmH3PRQ0AmpqljgWTb3d3K8H4UFvDWQTPSS21IMjm8oqd19nE5GxWir
+Gu0oDRzhWLHe1RZ7ZrohCPg/1Ocsy47QZuK2laFB0rEmrRWBmEYbDl3/wxf5XfqI
+qpOynJB02thXrTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06
+GkwLFJHNv2tU+tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3Vus
+pVz+6pU2xgl3nrAVMQHB4fReQPH0pQIDAQABoxcwFTATBgNVHTkEDDAKBgNVBAMG
+A1UECjALBgkqhkiG9w0BAQUDAQA=
+-----END CERTIFICATE-----

diff --git a/test/recipes/25-test_x509.t b/test/recipes/25-test_x509.t
index 579f90278d160975198d9698cafd4d68f834a03d..22379ec5f9fd391d3503cc2af356f7d8e939ab6b 100644 (file)
--- a/test/recipes/25-test_x509.t
+++ b/test/recipes/25-test_x509.t
@@ -16,7 +16,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/;
 
 setup("test_x509");
 
-plan tests => 82;
+plan tests => 88;
 
 # Prevent MSys2 filename munging for arguments that look like file paths but
 # aren't
@@ -245,6 +245,30 @@ cert_contains($ass_info_cert,
               "localityName",
               1, 'X509v3 Associated Information');
 
+my $acc_cert_pol = srctop_file(@certs, "ext-acceptableCertPolicies.pem");
+cert_contains($acc_cert_pol,
+              "X509v3 Acceptable Certification Policies",
+              1, 'X509v3 Acceptable Certification Policies');
+# Yes, I know these OIDs make no sense in a policies extension. It's just a test.
+cert_contains($acc_cert_pol,
+              "organizationalUnitName",
+              1, 'X509v3 Acceptable Certification Policies');
+cert_contains($acc_cert_pol,
+              "description",
+              1, 'X509v3 Acceptable Certification Policies');
+
+my $acc_priv_pol = srctop_file(@certs, "ext-acceptablePrivilegePolicies.pem");
+cert_contains($acc_priv_pol,
+              "X509v3 Acceptable Privilege Policies",
+              1, 'X509v3 Acceptable Privilege Policies');
+# Yes, I know these OIDs make no sense in a policies extension. It's just a test.
+cert_contains($acc_priv_pol,
+              "commonName",
+              1, 'X509v3 Acceptable Certification Policies');
+cert_contains($acc_priv_pol,
+              "organizationName",
+              1, 'X509v3 Acceptable Certification Policies');
+
 sub test_errors { # actually tests diagnostics of OSSL_STORE
     my ($expected, $cert, @opts) = @_;
     my $infile = srctop_file(@certs, $cert);