. "${srcdir}/../scripts/common.sh"
+: ${ac_cv_sizeof_time_t=8}
+if test "${ac_cv_sizeof_time_t}" -ge 8; then
+ ATTIME_VALID="2038-10-12" # almost the pregenerated cert expiration
+else
+ ATTIME_VALID="2030-12-17" # end of epoch − 2590 days of validity
+fi
+
# Test certificate in draft-ietf-curdle-pkix-04
${VALGRIND} "${CERTTOOL}" -i --infile "${srcdir}/data/cert-eddsa.pem" --outfile "${TMPFILE}"
# Create an EdDSA certificate from an EdDSA private key
-${VALGRIND} "${CERTTOOL}" --generate-self-signed \
+${VALGRIND} "${CERTTOOL}" --attime "${ATTIME_VALID}" --generate-self-signed \
--pkcs8 --load-privkey "$KEYFILE" --password '' \
--template "${srcdir}/templates/template-test.tmpl" \
--outfile "${TMPFILE}"
exit 1
fi
-${VALGRIND} "${CERTTOOL}" --verify --load-ca-certificate "${TMPFILE}" --infile "${TMPFILE}"
+${VALGRIND} "${CERTTOOL}" --attime "${ATTIME_VALID}" --verify --load-ca-certificate "${TMPFILE}" --infile "${TMPFILE}"
if test $? != 0; then
echo "There was an issue verifying the generated certificate (1)"
exit 1
fi
# Create an EdDSA certificate from an RSA key
-${VALGRIND} "${CERTTOOL}" --generate-certificate --key-type eddsa \
+${VALGRIND} "${CERTTOOL}" --attime "${ATTIME_VALID}" --generate-certificate --key-type eddsa \
--load-privkey ${KEYFILE} \
--load-ca-privkey "${srcdir}/../../doc/credentials/x509/ca-key.pem" \
--load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" \
exit 1
fi
-${VALGRIND} "${CERTTOOL}" --verify --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${TMPFILE}"
+${VALGRIND} "${CERTTOOL}" --attime "${ATTIME_VALID}" --verify --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${TMPFILE}"
if test $? != 0; then
echo "There was an issue verifying the generated certificate (2)"
exit 1
OUTFILE=out-pkcs7.$$.tmp
OUTFILE2=out2-pkcs7.$$.tmp
+: ${ac_cv_sizeof_time_t=8}
+if test "${ac_cv_sizeof_time_t}" -ge 8; then
+ ATTIME_VALID="2038-10-12" # almost the pregenerated cert expiration
+else
+ ATTIME_VALID="2037-12-31" # before 2038
+fi
+
# Test signing with MD5
FILE="signing"
${VALGRIND} "${CERTTOOL}" --p7-sign --hash md5 --load-privkey "${srcdir}/../../doc/credentials/x509/key-rsa.pem" --load-certificate "${srcdir}/../../doc/credentials/x509/cert-rsa.pem" --infile "${srcdir}/data/pkcs7-detached.txt" >"${OUTFILE}"
fi
FILE="signing-verify"
-${VALGRIND} "${CERTTOOL}" --p7-verify --load-certificate "${srcdir}/../../doc/credentials/x509/cert-rsa.pem" <"${OUTFILE}"
+${VALGRIND} "${CERTTOOL}" --attime "${ATTIME_VALID}" --p7-verify --load-certificate "${srcdir}/../../doc/credentials/x509/cert-rsa.pem" <"${OUTFILE}"
rc=$?
if test "${rc}" != "1"; then
fi
FILE="signing-verify"
-${VALGRIND} "${CERTTOOL}" --p7-verify --verify-allow-broken --load-certificate "${srcdir}/../../doc/credentials/x509/cert-rsa.pem" <"${OUTFILE}"
+${VALGRIND} "${CERTTOOL}" --attime "${ATTIME_VALID}" --p7-verify --verify-allow-broken --load-certificate "${srcdir}/../../doc/credentials/x509/cert-rsa.pem" <"${OUTFILE}"
rc=$?
if test "${rc}" != "0"; then
. ${srcdir}/../scripts/common.sh
+: ${ac_cv_sizeof_time_t=8}
+if test "${ac_cv_sizeof_time_t}" -ge 8; then
+ ATTIME_VALID="2038-10-12" # almost the pregenerated cert expiration
+else
+ ATTIME_VALID="2037-12-31" # before 2038
+fi
if test "${ENABLE_GOST}" = "1" && test "${GNUTLS_FORCE_FIPS_MODE}" != "1"
then
fi
# check validation with date after intermediate cert issuance
-${VALGRIND} "${CERTTOOL}" --attime "2038-10-13" --inder --p7-verify --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${srcdir}/data/${FILE}" >"${OUTFILE}"
-rc=$?
+if test "${ac_cv_sizeof_time_t}" -ge 8; then
+ ${VALGRIND} "${CERTTOOL}" --attime "2038-10-13" --inder --p7-verify --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${srcdir}/data/${FILE}" >"${OUTFILE}"
+ rc=$?
-if test "${rc}" = "0"; then
- echo "${FILE}: PKCS7 verification succeeded with invalid date (3)"
- exit 1
-fi
+ if test "${rc}" = "0"; then
+ echo "${FILE}: PKCS7 verification succeeded with invalid date (3)"
+ exit 1
+ fi
+fi # cannot test that with 32-bit time_t
-${VALGRIND} "${CERTTOOL}" --inder --p7-verify --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${srcdir}/data/${FILE}" >"${OUTFILE}"
+${VALGRIND} "${CERTTOOL}" --attime "${ATTIME_VALID}" --inder --p7-verify --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${srcdir}/data/${FILE}" >"${OUTFILE}"
rc=$?
if test "${rc}" != "0"; then
#check key purpose verification
for FILE in full.p7b; do
-${VALGRIND} "${CERTTOOL}" --verify-purpose=1.3.6.1.5.5.7.3.1 --inder --p7-verify --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${srcdir}/data/${FILE}" >"${OUTFILE}"
+${VALGRIND} "${CERTTOOL}" --attime "${ATTIME_VALID}" --verify-purpose=1.3.6.1.5.5.7.3.1 --inder --p7-verify --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${srcdir}/data/${FILE}" >"${OUTFILE}"
rc=$?
if test "${rc}" != "0"; then
exit 2
fi
-${VALGRIND} "${CERTTOOL}" --inder --p7-verify --load-data "${srcdir}/data/pkcs7-detached.txt" --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${srcdir}/data/${FILE}"
+${VALGRIND} "${CERTTOOL}" --attime "${ATTIME_VALID}" --inder --p7-verify --load-data "${srcdir}/data/pkcs7-detached.txt" --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${srcdir}/data/${FILE}"
rc=$?
if test "${rc}" != "0"; then
- echo "${FILE}: PKCS7 verification failed"
+ echo "${FILE}: PKCS7 verification failed with detached data"
exit ${rc}
fi
fi
FILE="signing-verify"
-${VALGRIND} "${CERTTOOL}" --p7-verify --load-certificate "${srcdir}/../../doc/credentials/x509/cert-rsa.pem" <"${OUTFILE}"
+${VALGRIND} "${CERTTOOL}" --attime "${ATTIME_VALID}" --p7-verify --load-certificate "${srcdir}/../../doc/credentials/x509/cert-rsa.pem" <"${OUTFILE}"
rc=$?
if test "${rc}" != "0"; then
#check extraction of embedded data in signature
FILE="signing-verify-data"
-${VALGRIND} "${CERTTOOL}" --p7-verify --p7-show-data --load-certificate "${srcdir}/../../doc/credentials/x509/cert-rsa.pem" --outfile "${OUTFILE2}" <"${OUTFILE}"
+${VALGRIND} "${CERTTOOL}" --attime "${ATTIME_VALID}" --p7-verify --p7-show-data --load-certificate "${srcdir}/../../doc/credentials/x509/cert-rsa.pem" --outfile "${OUTFILE2}" <"${OUTFILE}"
rc=$?
if test "${rc}" != "0"; then
fi
FILE="signing-detached-verify"
-${VALGRIND} "${CERTTOOL}" --p7-verify --load-certificate "${srcdir}/../../doc/credentials/x509/cert-rsa.pem" --load-data "${srcdir}/data/pkcs7-detached.txt" <"${OUTFILE}"
+${VALGRIND} "${CERTTOOL}" --attime "${ATTIME_VALID}" --p7-verify --load-certificate "${srcdir}/../../doc/credentials/x509/cert-rsa.pem" --load-data "${srcdir}/data/pkcs7-detached.txt" <"${OUTFILE}"
rc=$?
if test "${rc}" != "0"; then
fi
FILE="signing-time-verify"
-${VALGRIND} "${CERTTOOL}" --p7-verify --load-certificate "${srcdir}/../../doc/credentials/x509/cert-rsa.pem" --load-data "${srcdir}/data/pkcs7-detached.txt" <"${OUTFILE}"
+${VALGRIND} "${CERTTOOL}" --attime "${ATTIME_VALID}" --p7-verify --load-certificate "${srcdir}/../../doc/credentials/x509/cert-rsa.pem" --load-data "${srcdir}/data/pkcs7-detached.txt" <"${OUTFILE}"
rc=$?
if test "${rc}" != "0"; then
# Test BER encoding, see RFC 4134 Section 4.5
# SHA1 signature, so --verify-allow-broken
FILE="rfc4134-4.5"
-${VALGRIND} "${CERTTOOL}" --p7-verify --verify-allow-broken --load-ca-certificate "${srcdir}/data/rfc4134-ca-rsa.pem" --infile "${srcdir}/data/rfc4134-4.5.p7b" --inder
+${VALGRIND} "${CERTTOOL}" --attime "${ATTIME_VALID}" --p7-verify --verify-allow-broken --load-ca-certificate "${srcdir}/data/rfc4134-ca-rsa.pem" --infile "${srcdir}/data/rfc4134-4.5.p7b" --inder
rc=$?
if test "${rc}" != "0"; then
projects / thirdparty / gnutls.git / commitdiff
