tests/name-constraints: add case-sensitivity check

author Alexander Sosedkin <asosedkin@redhat.com>

Mon, 16 Mar 2026 14:48:57 +0000 (15:48 +0100)

committer Alexander Sosedkin <asosedkin@redhat.com>

Wed, 29 Apr 2026 13:35:03 +0000 (15:35 +0200)
author Alexander Sosedkin <asosedkin@redhat.com>
Mon, 16 Mar 2026 14:48:57 +0000 (15:48 +0100)
committer Alexander Sosedkin <asosedkin@redhat.com>
Wed, 29 Apr 2026 13:35:03 +0000 (15:35 +0200)
diff --git a/tests/name-constraints.c b/tests/name-constraints.c

index 71216b700d3cc82bcfa76407b139b0aad24d6551..e85c03aaeba5851640ce332a263708c63022af15 100644 (file)
--- a/tests/name-constraints.c
+++ b/tests/name-constraints.c
@@ -366,6 +366,58 @@ void doit(void)
  
         gnutls_x509_name_constraints_deinit(nc);
  
+       /* 4b: case insensitivity */
+
+       ret = gnutls_x509_name_constraints_init(&nc);
+       check_for_error(ret);
+
+       set_name("example.net", &name);
+       ret = gnutls_x509_name_constraints_add_excluded(nc, GNUTLS_SAN_DNSNAME,
+                                                       &name);
+       check_for_error(ret);
+       set_name("email@example.net", &name);
+       ret = gnutls_x509_name_constraints_add_excluded(
+               nc, GNUTLS_SAN_RFC822NAME, &name);
+       check_for_error(ret);
+
+       set_name("example.org", &name); /* unrelated: accepted */
+       ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_DNSNAME, &name);
+       check_test_result(ret, NAME_ACCEPTED, &name);
+
+       set_name("example.net", &name); /* exact match: rejected */
+       ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_DNSNAME, &name);
+       check_test_result(ret, NAME_REJECTED, &name);
+
+       set_name("eXample.net", &name); /* case *insensitive*: rejected */
+       ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_DNSNAME, &name);
+       check_test_result(ret, NAME_REJECTED, &name);
+
+       set_name("mail@example.net", &name); /* unrelated: accepted */
+       ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_RFC822NAME,
+                                                &name);
+       check_test_result(ret, NAME_ACCEPTED, &name);
+
+       set_name("email@example.net", &name); /* exact match: rejected */
+       ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_RFC822NAME,
+                                                &name);
+       check_test_result(ret, NAME_REJECTED, &name);
+
+       set_name("eMail@example.net", &name); /* case *sensitive*: accepted */
+       ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_RFC822NAME,
+                                                &name);
+       check_test_result(ret, NAME_ACCEPTED, &name);
+
+       set_name("email@EXAMPLE.NET", &name); /* case *insensitive*: rejected */
+       ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_RFC822NAME,
+                                                &name);
+       check_test_result(ret, NAME_REJECTED, &name);
+
+       set_name("www.ExAmPlE.NeT", &name); /* case *insensitive*: inexact */
+       ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_DNSNAME, &name);
+       check_test_result(ret, NAME_REJECTED, &name);
+
+       gnutls_x509_name_constraints_deinit(nc);
+
         // Test suite end.
  
         if (debug)
author	Alexander Sosedkin <asosedkin@redhat.com>
	Mon, 16 Mar 2026 14:48:57 +0000 (15:48 +0100)
committer	Alexander Sosedkin <asosedkin@redhat.com>
	Wed, 29 Apr 2026 13:35:03 +0000 (15:35 +0200)