From: Nikos Mavrogiannopoulos Date: Tue, 26 Aug 2014 12:14:50 +0000 (+0200) Subject: Revert "tests: Added a nameconstraints test based on the CN bypass" The bypass check... X-Git-Tag: gnutls_3_4_0~1027 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6dd8ce3d04717d8ed5e4fc4b2c8a0587ec9fd69f;p=thirdparty%2Fgnutls.git Revert "tests: Added a nameconstraints test based on the CN bypass" The bypass check was included in chainverify. This reverts commit c9417bcc0614aaa2668486d294f5759b4082a23a. --- diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am index 8ab1ae2c99..0d648f36d0 100644 --- a/tests/cert-tests/Makefile.am +++ b/tests/cert-tests/Makefile.am @@ -27,12 +27,11 @@ EXTRA_DIST = ca-no-pathlen.pem no-ca-or-pathlen.pem aki-cert.pem \ template-overflow.tmpl template-overflow2.pem template-overflow2.tmpl \ template-date.tmpl template-date.pem template-dn-err.tmpl \ template-nc.tmpl template-nc.pem xmpp-othername.pem \ - name-constraints-err.pem name-constraints-err.pem.out \ suppressions.valgrind -dist_check_SCRIPTS = pathlen aki template-test pem-decoding dane verify-test +dist_check_SCRIPTS = pathlen aki template-test pem-decoding dane -TESTS = pathlen aki pem-decoding verify-test +TESTS = pathlen aki pem-decoding if !WINDOWS TESTS += template-test diff --git a/tests/cert-tests/name-constraints-err.pem b/tests/cert-tests/name-constraints-err.pem deleted file mode 100644 index b0b2b0ba6f..0000000000 --- a/tests/cert-tests/name-constraints-err.pem +++ /dev/null @@ -1,76 +0,0 @@ -CN=bypass.jdenker.com - ------BEGIN CERTIFICATE----- -MIIFLDCCAxSgAwIBAgICA/AwDQYJKoZIhvcNAQELBQAwaTERMA8GA1UEChMIYXY4 -bi5jb20xEDAOBgNVBAsTB1Jvb3QgQ0ExGTAXBgNVBAMTEGF2OG4uY29tIFJvb3Qg -Q0ExCzAJBgNVBAYTAlVTMRowGAYJKoZIhvcNAQkBFgtjYUBhdjhuLmNvbTAeFw0x -NDA4MjIwMjE0MDBaFw0xNzAyMjAwMjE0MDBaMCoxCzAJBgNVBAYTAlVTMRswGQYD -VQQDExJieXBhc3MuamRlbmtlci5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw -ggIKAoICAQC6iuogfIsFkhevMqnrDHrviylkDbvYCWMMNPKpSaQS9/bk2wMF4XVD -DOINO4nv8Ah3iDpK2QfhemtDtXJs9vs2QfBkPZ770eGo3qzswhd37NwlrRKyDSve -HVFRes+0nUxX904yemhDRB2gEpIbm6VpnwFL5c9LM0ARtDcx0gW9Vt6z9BnY+fU6 -2GOWJybPF5E8OTkUpNq3Hj62q6XFi+E4H0eB0ygsnZ0h/x9zzmxb7mzU/4cpsFkc -b/lwdb01slbfpfvCg9GHCt+IxOfLXn8v7njRNdxCsckyHFQ9v9SuwmIfLcMS5gj4 -35b2pnb8tT/6e43oR88iDcyDkUGKI5OmpKo/sfcUW4gwhH+lnDwQyBKK7iHE4oyk -VDdCgCB4QP8/63JwkBMJcA4h6DhzLYUKJ223DbtXXxJxdSCbx3wxZurn4EVHNBfs -oOWGS4jtYTbBx+F0u5CJoFrt9VjUVIOxQDfc1kNnKHS8fitE2c6aw7jg0Tws+XF4 -Jf+bqQVoZzg3WQ+j86aVvICxYgUtKmcrjv5ev41kNP1grCfGtxCTb+RLcA/3toel -ydPG0EkmpfY19y4RcLdXLj+V/Pj0sqR6BG4H+9X5UR7zjsu8SAvLaqCWFrmQlStv -glp7qas4TRgs4GrKHAxOHi2e7nAJ3G4Hp3Gj8pAjCSVfgfIwfKtGzwIDAQABox0w -GzAMBgNVHRMBAf8EAjAAMAsGA1UdDwQEAwIF4DANBgkqhkiG9w0BAQsFAAOCAgEA -pGtmsaLTbgnEOMbZab9eBabHWy/PNEZgBP3sVCZMsv+pa7S4XqHHxrtPud44Vjfr -/qnNODRhvNAq0lWkeNHSwXSgIfEn+NIyILYDoJ4G/MmPeywEW/7LdS4LPKqeCmKg -aHZvWaeAFI1U+4OCz0CQEA0Esrt+kneVQDdNmv08CzuSuOH4FdzFJXzNGeY3GVlf -dW1RaMaKVE9zXX/hq0lxbMHLGJLpHpUVHV2/xS4U4XgF9g+u9fzTQ8uLLcodpVcL -zyOuHHQo21Y2CerVqI/VZGUbsLm91Bkj6+lnO6vTh7eRiWiFKZX0kk48k2YLVDXD -O7+22niKIS0+g4EfzGBgsgDNHL4DYXADG8FXzLmPeXmlYLaur1+XnXSzhsPbeuT3 -Om+s2/jctcXH55JTeXEpNtQyNSJjyV6AJMMqVCntVP8YMWFNX7H5xzudMuRGhNql -07W+2nWfA/HwHsP1MsbcDoid5hCoO0kb+gsJFcZwYaSgIUDuAD/Izh+ZhZGEsrQ5 -6mn1TPo3Gi8qmNqrdmOuJ1OleYymz6HFTpHsNnVytU8mKgeeRtngXFGoJkrdLhem -RW5O63kk82VztUW7RReiRlP6Op7s0iPoRPV7iFEnrxBDKx3VNoyL0Rw/I8swYRVV -hnYJATVK5K4Vv1OoPjYdwm82AApZRyQyqHPVFq4+x3E= ------END CERTIFICATE----- - -Name Constraints (critical): - Permitted: - DNSname: av8n.com - DNSname: av8n.net - DNSname: av8n.org - DNSname: .av8n.com - DNSname: .av8n.net - DNSname: .av8n.org - ------BEGIN CERTIFICATE----- -MIIF0DCCA7igAwIBAgIJALpzhwhawqDEMA0GCSqGSIb3DQEBCwUAMGkxETAPBgNV -BAoTCGF2OG4uY29tMRAwDgYDVQQLEwdSb290IENBMRkwFwYDVQQDExBhdjhuLmNv -bSBSb290IENBMQswCQYDVQQGEwJVUzEaMBgGCSqGSIb3DQEJARYLY2FAYXY4bi5j -b20wHhcNMTQwODIxMTUxNjUwWhcNMjUwMjE5MTUxNjUwWjBpMREwDwYDVQQKEwhh -djhuLmNvbTEQMA4GA1UECxMHUm9vdCBDQTEZMBcGA1UEAxMQYXY4bi5jb20gUm9v -dCBDQTELMAkGA1UEBhMCVVMxGjAYBgkqhkiG9w0BCQEWC2NhQGF2OG4uY29tMIIC -IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwVXssK0FCGf4pQcG0AwxESFz -Lz+xvf4nCnbP/V6clLZxNnZN0wwK5bgbWTW9t8t/M6k0T94Ar8IOWQ5mdGUnIFDw -ri0oNxXlK2NDk3jqB3jH+9XElPvSwMmGhD2rB0wgzPgF9ow7SorJ93XuOj7HXk1s -N5ONQu2ddMvuiUnVf2xsvlrAcRg+OeDEhrjUf/S2OG+6UyklrTKHgDST1RjmhYQ7 -SDL3rg/YfInJhLMBVZdurEn5kmUXNW2Gt3GxOFaVClIyRnV2m9HTbUM0JfyVEaDL -CjLiqe5i+RqAuAkR6LklSIMUEdokhLWAjcAoiQBabjzieJMOtJUt5VHlUloCwIGp -AqC2/X5lV4GW0umu3ZjmliEToXLaPEQrgzW+l0EWtQVH/XvdnzawROCWcT8YlfmA -HH2BS+5aSuRf5dMKjuDhSDGlcg6R/qryPuZYStmC8Q3jmNh8wl1EgzZ4m7cABklz -+YHs+5uEB1y6PkTOm9FJob7m5exuffd6n/HFC9BIxP5r0Aj1s0+OMzhEFhY4fGru -NUWrN4B/rFMIIdxwEZ37M7KNw3yfDjlrfjNiZIZ1snd0rj4u1ipJxSjl4vgqdABl -PQqbyRFbhdClveRgRCphTgApc3DUSHO7/d+XYJI2kbsxlAqe64qTA8l3af2fFh6B -Hkcg0UlyH9PejebqBdkCAwEAAaN7MHkwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8E -BAMCAQYwWQYDVR0eAQH/BE8wTaBLMAqCCGF2OG4uY29tMAqCCGF2OG4ubmV0MAqC -CGF2OG4ub3JnMAuCCS5hdjhuLmNvbTALggkuYXY4bi5uZXQwC4IJLmF2OG4ub3Jn -MA0GCSqGSIb3DQEBCwUAA4ICAQC9R69nkHFPjY/KBMTzBvogk13x6Va48v+tNu42 -mOEj6dKtxMaM+7SWo8NhUUNtZU0CiDuJHfOjx/q7nJUt68x2bwNjGT+AJAJr7R5h -1XHmM/zxPY0fi0gdpRlOEeFUWbLBp0Oc2f8ZYzFhXuzM59F17UauSRc3c/OhVpTA -5F3nnndKUE9WHcl7HY53mT9smdvVFl3jWm0fQxei5paQmK01m1SJlzIbskUHmJgD -3IYgsaStcMqVL8EJLGSwrSl+UJOUMrXquOg6HAQOkbbSITmITnCmjEFA1Xtga1v+ -wuQCEW/j8e56X2wUsDAbkautqt3+tbqLN8qeHsL99Azz3w6vliEBJugrltXK4Rxh -O7Ixr6XcL4RQgMyB8q8Rpdgd+eNIBxhxl8y4Wbevp1hYXsbnzdaXbAWZy9dsBc+d -gLUjUwdjEc4kO9f9pfSsEpbSn0DZnhDeZFA+OlB9rOiNjbdA0qmfzAvhSyV+8/2Y -eJULVhZb2I+r0fzYFS/rQpayYZwjKv9vgEx/4jJzAkJ05M8gTKdizwdgZ4YBNtfj -pz91mI1wV2rB7pLPD3ttL4NyJn+zKpbG7WWYdYusErKWoehXescvBJSOtg48kzrr -02stMzuAfulv4XJezw9mx8rR2XD6AHEkG6/nZljVYYyS7V/JNLd22vbUh3TkUlml -Frru0g== ------END CERTIFICATE----- diff --git a/tests/cert-tests/name-constraints-err.pem.out b/tests/cert-tests/name-constraints-err.pem.out deleted file mode 100644 index 009fae3adf..0000000000 --- a/tests/cert-tests/name-constraints-err.pem.out +++ /dev/null @@ -1,9 +0,0 @@ -Loaded 2 certificates, 1 CAs and 0 CRLs - - Subject: C=US,CN=bypass.jdenker.com - Issuer: O=av8n.com,OU=Root CA,CN=av8n.com Root CA,C=US,EMAIL=ca@av8n.com - Checked against: O=av8n.com,OU=Root CA,CN=av8n.com Root CA,C=US,EMAIL=ca@av8n.com - Output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. - -Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. - diff --git a/tests/cert-tests/verify-test b/tests/cert-tests/verify-test deleted file mode 100755 index e71732374b..0000000000 --- a/tests/cert-tests/verify-test +++ /dev/null @@ -1,64 +0,0 @@ -#!/bin/sh - -# Copyright (C) 2004-2012 Free Software Foundation, Inc. -# -# Author: Simon Josefsson -# -# This file is part of GnuTLS. -# -# GnuTLS is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 3 of the License, or (at -# your option) any later version. -# -# GnuTLS is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with GnuTLS; if not, write to the Free Software Foundation, -# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - -srcdir=${srcdir:-.} -CERTTOOL=${CERTTOOL:-../../src/certtool$EXEEXT} -DIFF=${DIFF:-diff} -if ! test -z "${VALGRIND}";then -VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" -fi - -# Check for datefudge -TSTAMP=`datefudge "2006-09-23" date -u +%s || true` -if test "$TSTAMP" != "1158962400"; then - echo "You need datefudge to run this test" - exit 77 -fi - -FILES="name-constraints-err.pem" -ERR="1" - -set -- $ERR - -for i in $FILES; do -datefudge "2014-08-22" \ - $CERTTOOL -e --infile $i > out 2>&1 - rc=$? - if test $rc != $1; then - echo "Error in verification of $i." - cat out - exit 1 - fi - - $DIFF $srcdir/$i.out out >/dev/null 2>&1 - rc=$? - if test $rc != 0; then - echo "Error in verification of $i." - $DIFF $srcdir/$i.out out - exit 1 - fi - - shift -done -rm -f out - -exit 0