* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
- * You should have received a copy of the GNU General Public License
- * along with GnuTLS; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
*/
#ifdef HAVE_CONFIG_H
#include "utils.h"
#include "cert-common.h"
+static time_t then = 1207000800;
+
static time_t mytime(time_t * t)
{
- time_t then = 1207000800;
-
if (t)
*t = then;
static unsigned char saved_crl_pem[] =
"-----BEGIN X509 CRL-----\n"
- "MIICXzCByAIBADANBgkqhkiG9w0BAQUFADAPMQ0wCwYDVQQDEwRDQS0zFw0wODAz\n"
- "MzEyMjAwMDBaFw0wODAzMzEyMjAxMDBaMFQwFAIDAQIDFw0wODAzMzEyMjAwMDBa\n"
+ "MIICXzCByAIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0zFw0wODAz\n"
+ "MzEyMjAwMDBaFw0wODAzMzEyMjAyMDBaMFQwFAIDAQIDFw0wODAzMzEyMjAwMDBa\n"
"MB0CDFejHTI2Wi75obBaUhcNMDgwMzMxMjIwMDAwWjAdAgxXox0yNbNP0Ln15zwX\n"
"DTA4MDMzMTIyMDAwMFqgLzAtMB8GA1UdIwQYMBaAFPmohhljtqQUE2B2DwGaNTbv\n"
- "8bSvMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4IBgQAcVsFF0HzAjAtD4Kwh\n"
- "pJwVl6BEC4lybSIVB0+ls/b23cEOfU1wE8Ls+26EjUHLOTCdQgKMFgbEuhAgUOb6\n"
- "kuatoWmi3R/42FJDvQxc+aYcEOX5ttbbB4KuS77zQ54Nv9RGyKcXqTDmax2MgqKg\n"
- "moIbYhemiUl4zCshPZvv0NsHFiDtToSIHZIbIy3u63/Mb/tXCm2Eyrl8za8ELGaJ\n"
- "5zjibO2wNRIwd7QbJJRkc6TrphfWxeU6tZi3rwOLoqf8x4EBWOcKXyUvIb+OxNVH\n"
- "aMXFxVCTmDAqxe9HrEzZsQIGS7CDlWCghIUW8AQkPJ/IL4kUvZhmRxyqI8DF4mLI\n"
- "XqCDF55CaQ5e2uMc3f5rvNTP1g1S7E/iZRTaATVhB6krha6X3MqEQ+VJnMklJPiI\n"
- "aZY5JS5apO9ewXykxuK0/A3BeHSdK4fj3Q1mt1NzX4G9cU2T3VdPRbAgchoU2YV3\n"
- "pBeFxTaJMEN+ajgixeXC69iE7aNBOFBLC38uPmMOpZ450q8=\n"
+ "8bSvMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBgQAFpyifa5AJclRpJfjh\n"
+ "QOcSoiCJz5QsrGaK5I/UYHcY958hhFjnE2c9g3wYEEt13M2gkgOTXapImPbLXHv+\n"
+ "cHWGoTqX6+crs7xcC6mFc6JfY7q9O2eP1x386dzCxhsXMti5ml0iOeBpNrMO46Pr\n"
+ "PuvNaY7OE1UgN0Ha3YjmhP8HtWJSQCMmqIo6vP1/HBSzaXP/cjS7f0WBZemj0eE7\n"
+ "wwA1GUoUx9wHipvNkCSKy/eQz4fpOJExrvHeb1/N3po9hfZaZJAqR+rsC0j9J+wd\n"
+ "ZGAdVFKCJUZs0IgsWQqagg0tXGJ8ejdt4yE8zvhhcpf4pcGoYUqtoUPT+Fjnsw7C\n"
+ "P1GCVZQ2ciGxixljTJFdifhqPshgC1Ytd75MkDYH2RRir/JwypQK9CcqIAOjBzTl\n"
+ "uk4SkKL2xAIduw6Dz5kAC7G2EM94uODoI/RO5b6eN6Kb/592JrKAfB96jh2wwqW+\n"
+ "swaA4JPFqNQaiMWW1IXM3VJwXBt8DRSRo46JV5OktvvFRwI=\n"
"-----END X509 CRL-----\n";
static unsigned char saved_min_crl_pem[] =
"-----BEGIN X509 CRL-----\n"
- "MIICUDCBuQIBADANBgkqhkiG9w0BAQUFADAPMQ0wCwYDVQQDEwRDQS0zFw0wODAz\n"
- "MzEyMjAwMDBaMFQwFAIDAQIDFw0wODAzMzEyMjAwMDBaMB0CDFejHTI2Wi75obBa\n"
- "UhcNMDgwMzMxMjIwMDAwWjAdAgxXox0yNbNP0Ln15zwXDTA4MDMzMTIyMDAwMFqg\n"
+ "MIICUDCBuQIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0zFw0wODAz\n"
+ "MzEyMjAwMTBaMFQwFAIDAQIDFw0wODAzMzEyMjAwMTBaMB0CDFejHTI2Wi75obBa\n"
+ "UhcNMDgwMzMxMjIwMDEwWjAdAgxXox0yNbNP0Ln15zwXDTA4MDMzMTIyMDAxMFqg\n"
"LzAtMB8GA1UdIwQYMBaAFPmohhljtqQUE2B2DwGaNTbv8bSvMAoGA1UdFAQDAgEB\n"
- "MA0GCSqGSIb3DQEBBQUAA4IBgQBwTFMCc5/y/rrVvv/rGD5BYF1rCk+Daln/aQvV\n"
- "UgFwbaYsnSUoHdivEF6rrtSJGdZj5JWk7Y4oICL6NLeiLiM+AeBuaGbB9EjIQH8d\n"
- "d4/QSR4VV/900xcWbSatycXq4k2nxnrFcC2TMD6ee0nQjs1YQcgBK5tEQBvtKa+w\n"
- "qemp7/WPuY1YcDTIJ1myjyM0yJpBope/9uYWxcYgHCwK+o1QqpDlnq21539QtdbC\n"
- "9isLxAohnvwmKJkRoYVUhi5jRjd4Yy/fiSAcQx+Gs+0kjRXqitAgofPUAyibMLZX\n"
- "EvTZvGDCBF8OqlF6WdBLgcYDVzX7GnYEYFSccQtPYdanilf9IGO0ToF0MfPliawb\n"
- "J/27rdbCDQXh3exSq4vGgdulmt+tmYsFwlivwvuCG/eV8KOLWv7q36jx4PzLJyiE\n"
- "JJimFkzuwEEaFSmIM9UDEKfmDC10jVQ4c7Y7CPI5rLnPDtEOTNWsjlw/rC2/XLem\n"
- "YdLVIwU0h1VJPvZsmbhU2baAhsM=\n"
+ "MA0GCSqGSIb3DQEBCwUAA4IBgQB/Y7MxKf7HpYBoi7N5lNCe7nSd0epQiNPOford\n"
+ "hGb1ZirZk9m67zg146Cwc0W4ipPzW/OjwgUoVQTm21I7oZj/GPItAABlILd6eRQe\n"
+ "jYJap0fxiXV7aMRfu2o3qCRGAITQf306H5zJmpdeNxbxzlr3t6IAHBDbLI1WYXiC\n"
+ "pTHo3wlpwFJEPw5NQ0j6rCAzSH81FHTrEiIOar17uRqeMjbGN6Eo4zjezEx2+ewg\n"
+ "unsdzx4OWx3KgzsQnyV9EoU6l9jREe519mICx7La6DZkhO4dSPJv6R5jEFitWDNB\n"
+ "lxZMA5ePrYXuE/3b+Li89R53O+xZxShLQYwBRSHDue44xUv6hh6YNIKDgt4ycIs8\n"
+ "9JAWsOYJDYUEbAUo+S4sWCU6LzloEvmg7EdJtvJWsScUKK4qbwkDfkBTKjbeBdFj\n"
+ "w6naZIjzbjMPEe8/T+hmu/txFj3fGj/GzOM1GaJNZ4vMWA4Y6LhB+H1Zf3xK+hV0\n"
+ "sc0eYw7RpIzEyc9PPz/uM+XabsI=\n"
"-----END X509 CRL-----\n";
-const gnutls_datum_t saved_crl = { saved_crl_pem, sizeof(saved_crl_pem)-1 };
-const gnutls_datum_t saved_min_crl = { saved_min_crl_pem, sizeof(saved_min_crl_pem)-1 };
+const gnutls_datum_t saved_crl = { saved_crl_pem, sizeof(saved_crl_pem) - 1 };
+const gnutls_datum_t saved_min_crl =
+ { saved_min_crl_pem, sizeof(saved_min_crl_pem) - 1 };
-static void append_crt(gnutls_x509_crl_t crl, const gnutls_datum_t *pem)
+static void append_crt(gnutls_x509_crl_t crl, const gnutls_datum_t * pem)
{
gnutls_x509_crt_t crt;
int ret;
- assert(gnutls_x509_crt_init(&crt)>=0);
- assert(gnutls_x509_crt_import(crt, pem, GNUTLS_X509_FMT_PEM)>=0);
+ assert(gnutls_x509_crt_init(&crt) >= 0);
+ assert(gnutls_x509_crt_import(crt, pem, GNUTLS_X509_FMT_PEM) >= 0);
ret = gnutls_x509_crl_set_crt(crl, crt, mytime(0));
if (ret != 0)
fail("gnutls_x509_crl_set_crt: %s\n", gnutls_strerror(ret));
gnutls_x509_crt_deinit(crt);
}
-static void append_aki(gnutls_x509_crl_t crl, const gnutls_datum_t *pem)
+static void append_aki(gnutls_x509_crl_t crl, const gnutls_datum_t * pem)
{
gnutls_x509_crt_t crt;
int ret;
unsigned char aki[128];
size_t aki_size;
- assert(gnutls_x509_crt_init(&crt)>=0);
- assert(gnutls_x509_crt_import(crt, pem, GNUTLS_X509_FMT_PEM)>=0);
+ assert(gnutls_x509_crt_init(&crt) >= 0);
+ assert(gnutls_x509_crt_import(crt, pem, GNUTLS_X509_FMT_PEM) >= 0);
aki_size = sizeof(aki);
- assert(gnutls_x509_crt_get_subject_key_id(crt, aki, &aki_size, NULL) >= 0);
+ assert(gnutls_x509_crt_get_subject_key_id(crt, aki, &aki_size, NULL) >=
+ 0);
ret = gnutls_x509_crl_set_authority_key_id(crl, aki, aki_size);
if (ret != 0)
- fail("gnutls_x509_crl_set_authority_key_id: %s\n", gnutls_strerror(ret));
+ fail("gnutls_x509_crl_set_authority_key_id: %s\n",
+ gnutls_strerror(ret));
gnutls_x509_crt_deinit(crt);
}
-static void sign_crl(gnutls_x509_crl_t crl, const gnutls_datum_t *cert, const gnutls_datum_t *key)
+static void verify_crl(gnutls_x509_crl_t _crl, gnutls_x509_crt_t crt)
+{
+ int ret;
+ gnutls_x509_crl_t crl;
+ unsigned status;
+ gnutls_datum_t out;
+
+ assert(gnutls_x509_crl_export2(_crl, GNUTLS_X509_FMT_DER, &out) >= 0);
+
+ assert(gnutls_x509_crl_init(&crl) >= 0);
+ assert(gnutls_x509_crl_import(crl, &out, GNUTLS_X509_FMT_DER) >= 0);
+
+ gnutls_free(out.data);
+
+ ret = gnutls_x509_crl_verify(crl, &crt, 1, 0, &status);
+ if (ret < 0)
+ fail("gnutls_x509_crl_verify: %s\n", gnutls_strerror(ret));
+
+ if (status != 0)
+ fail("gnutls_x509_crl_verify status: %x\n", status);
+ gnutls_x509_crl_deinit(crl);
+}
+
+static void sign_crl(gnutls_x509_crl_t crl, const gnutls_datum_t * cert,
+ const gnutls_datum_t * key)
{
gnutls_x509_crt_t crt;
gnutls_x509_privkey_t pkey;
int ret;
- assert(gnutls_x509_crt_init(&crt)>=0);
- assert(gnutls_x509_privkey_init(&pkey)>=0);
+ assert(gnutls_x509_crt_init(&crt) >= 0);
+ assert(gnutls_x509_privkey_init(&pkey) >= 0);
- assert(gnutls_x509_crt_import(crt, cert, GNUTLS_X509_FMT_PEM)>=0);
- assert(gnutls_x509_privkey_import(pkey, key, GNUTLS_X509_FMT_PEM)>=0);
+ assert(gnutls_x509_crt_import(crt, cert, GNUTLS_X509_FMT_PEM) >= 0);
+ assert(gnutls_x509_privkey_import(pkey, key, GNUTLS_X509_FMT_PEM) >= 0);
ret = gnutls_x509_crl_sign(crl, crt, pkey);
if (ret != 0)
fail("gnutls_x509_crl_sign: %s\n", gnutls_strerror(ret));
+ then+=10;
+
+ verify_crl(crl, crt);
+
gnutls_x509_crt_deinit(crt);
gnutls_x509_privkey_deinit(pkey);
}
gnutls_x509_crl_t crl;
int ret;
+ success("Generating CRL (%d)\n", skip_optional);
+
ret = gnutls_x509_crl_init(&crl);
if (ret != 0)
fail("gnutls_x509_crl_init\n");
fail("gnutls_x509_crl_set_this_update\n");
if (!skip_optional) {
- ret = gnutls_x509_crl_set_next_update(crl, mytime(0)+60);
+ ret = gnutls_x509_crl_set_next_update(crl, mytime(0) + 120);
if (ret != 0)
fail("gnutls_x509_crl_set_next_update\n");
}
fprintf(stdout, "%s", out.data);
assert(out.size == saved_crl.size);
- assert(memcmp(out.data, saved_crl.data, out.size)==0);
+ assert(memcmp(out.data, saved_crl.data, out.size) == 0);
gnutls_free(out.data);
gnutls_x509_crl_deinit(crl);
fprintf(stdout, "%s", out.data);
assert(out.size == saved_min_crl.size);
- assert(memcmp(out.data, saved_min_crl.data, out.size)==0);
+ assert(memcmp(out.data, saved_min_crl.data, out.size) == 0);
gnutls_free(out.data);
gnutls_x509_crl_deinit(crl);
+
}
projects / thirdparty / gnutls.git / commitdiff
