]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
Verisign CA v1 cert has expired! Change expected results.
authorSimon Josefsson <simon@josefsson.org>
Sun, 10 May 2009 09:07:17 +0000 (11:07 +0200)
committerSimon Josefsson <simon@josefsson.org>
Sun, 10 May 2009 09:07:17 +0000 (11:07 +0200)
Also test expiration code more.

tests/chainverify.c

index 7b0ba9f7309ea80e1a5c07322d1c4cd4fe6b3662..1595b5e84b18c6106ed9d1b99f314069c487f3c1 100644 (file)
@@ -671,10 +671,16 @@ static struct
     0, GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID },
   { "verisign.com v1 fail", verisign_com_chain, &verisign_com_chain[3],
     0, GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID },
+  { "verisign.com v1 fail2", verisign_com_chain, &verisign_com_chain[3],
+    GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT,
+    GNUTLS_CERT_EXPIRED | GNUTLS_CERT_INVALID },
   { "verisign.com v1 ok", verisign_com_chain, &verisign_com_chain[3],
-    GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT, 0 },
+    GNUTLS_VERIFY_DISABLE_TIME_CHECKS | GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT,
+    0 },
   { "citibank.com v1 fail", citibank_com_chain, &citibank_com_chain[2],
     0, GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID },
+  { "expired self signed", pem_self_cert, &pem_self_cert[0],
+    0, GNUTLS_CERT_EXPIRED | GNUTLS_CERT_INVALID },
   { "self signed", pem_self_cert, &pem_self_cert[0],
     GNUTLS_VERIFY_DISABLE_TIME_CHECKS, 0 },
   { "ca=false", thea_chain, &thea_chain[1],