]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
Add a test for PKCS11 CA iteration
authorArmin Burgmeier <armin@arbur.net>
Mon, 6 Oct 2014 21:28:46 +0000 (17:28 -0400)
committerNikos Mavrogiannopoulos <nmav@redhat.com>
Tue, 7 Oct 2014 13:18:33 +0000 (15:18 +0200)
Signed-off-by: Armin Burgmeier <armin@arbur.net>
tests/suite/pkcs11-chainverify.c

index b88df08a9b537b2f034b341b1868114978792ffc..50c7de6cfe3b80095087ee587e5cc6c0e315b1f2 100644 (file)
@@ -143,6 +143,11 @@ void doit(void)
                gnutls_datum_t tmp;
                size_t j;
 
+               gnutls_x509_trust_list_iter_t get_ca_iter;
+               gnutls_datum_t get_ca_datum_test;
+               gnutls_datum_t get_ca_datum;
+               gnutls_x509_crt_t get_ca_crt;
+
                if (debug)
                        printf("Chain '%s' (%d)...\n", chains[i].name,
                               (int) i);
@@ -248,6 +253,32 @@ void doit(void)
                        exit(1);
                }
 
+               /* test trust list iteration */
+               get_ca_iter = NULL;
+               while (gnutls_x509_trust_list_iter_get_ca(tl, &get_ca_iter, &get_ca_crt) == 0) {
+                       ret = gnutls_x509_crt_export2(get_ca_crt, GNUTLS_X509_FMT_PEM, &get_ca_datum_test);
+                       if (ret < 0) {
+                               fail("gnutls_x509_crt_export2: %s\n", gnutls_strerror(ret));
+                               exit(1);
+                       }
+
+                       ret = gnutls_x509_crt_export2(ca, GNUTLS_X509_FMT_PEM, &get_ca_datum);
+                       if (ret < 0) {
+                               fail("gnutls_x509_crt_export2: %s\n", gnutls_strerror(ret));
+                               exit(1);
+                       }
+
+                       if (get_ca_datum_test.size != get_ca_datum.size ||
+                           memcmp(get_ca_datum_test.data, get_ca_datum.data, get_ca_datum.size) != 0) {
+                               fail("gnutls_x509_trist_list_iter_get_ca: Unexpected certificate (%u != %u):\n\n%s\n\nvs.\n\n%s", get_ca_datum.size, get_ca_datum_test.size, get_ca_datum.data, get_ca_datum_test.data);
+                               exit(1);
+                       }
+
+                       gnutls_free(get_ca_datum.data);
+                       gnutls_free(get_ca_datum_test.data);
+                       gnutls_x509_crt_deinit(get_ca_crt);
+               }
+
                vdata[0].type = GNUTLS_DT_KEY_PURPOSE_OID;
                vdata[0].data = (void *)chains[i].purpose;