SERVER_PID="${!}"
wait_server "${SERVER_PID}"
-datefudge -s "${TESTDATE}" \
+gnutls_timewrapper_standalone static "${TESTDATE}" \
"${CLI}" --x509certfile ${CLIENT_CERT_FILE} \
--x509keyfile ${CLIENT_KEY_FILE} --x509cafile=${CA_FILE} \
--port="${PORT}" localhost </dev/null
NEW_CA_FILE="${srcdir}/data/alt-chain-new-ca.pem"
echo ""
-datefudge -s "2017-05-10 00:00:00" \
+gnutls_timewrapper_standalone static "2017-05-10 00:00:00" \
${VALGRIND} "${CERTTOOL}" --load-ca-certificate ${OLD_CA_FILE} --verify-hostname www.google.com --verify --infile "${srcdir}/data/alt-chain.pem" >${OUTFILE}
rc=$?
fi
echo ""
-datefudge -s "2017-05-10 00:00:00" \
+gnutls_timewrapper_standalone static "2017-05-10 00:00:00" \
${VALGRIND} "${CERTTOOL}" --load-ca-certificate ${NEW_CA_FILE} --verify-hostname www.google.com --verify --infile "${srcdir}/data/alt-chain.pem" >${OUTFILE}
rc=$?
skip_if_no_datefudge
# Check whether certificates with non-digits time fields are accepted
-datefudge -s "2019-12-19 00:00:00" \
+gnutls_timewrapper_standalone static "2019-12-19 00:00:00" \
${VALGRIND}"${CERTTOOL}" --verify --load-ca-certificate "${srcdir}/data/cert-with-non-digits-time-ca.pem" --infile "${srcdir}/data/cert-with-non-digits-time.pem"
rc=$?
skip_if_no_datefudge
echo "Checking chain with insecure leaf"
-datefudge -s "2019-12-19 00:00:00" \
+gnutls_timewrapper_standalone static "2019-12-19 00:00:00" \
${VALGRIND} "${CERTTOOL}" --verify-chain --verify-profile=medium --infile "${srcdir}/data/chain-512-leaf.pem" >${OUTFILE}
rc=$?
fi
echo "Checking chain with insecure subca"
-datefudge -s "2019-12-19 00:00:00" \
+gnutls_timewrapper_standalone static "2019-12-19 00:00:00" \
${VALGRIND} "${CERTTOOL}" --verify-chain --verify-profile=medium --infile "${srcdir}/data/chain-512-subca.pem" >${OUTFILE}
rc=$?
echo "Checking chain with insecure ca"
-datefudge -s "2019-12-19 00:00:00" \
+gnutls_timewrapper_standalone static "2019-12-19 00:00:00" \
${VALGRIND} "${CERTTOOL}" --verify-chain --verify-profile=medium --infile "${srcdir}/data/chain-512-ca.pem" >${OUTFILE}
rc=$?
skip_if_no_datefudge
-datefudge -s "2020-01-20 10:00:00" ${VALGRIND} \
+gnutls_timewrapper_standalone static "2020-01-20 10:00:00" ${VALGRIND} \
"${CERTTOOL}" --generate-crl --load-ca-privkey "${srcdir}/data/template-test.key" \
--load-ca-certificate "${srcdir}/data/template-test.pem" \
--load-certificate "${srcdir}/data/ca-certs.pem" --template \
if test "${ac_cv_sizeof_time_t}" = 8;then
# we should test that on systems which have 64-bit time_t
- datefudge -s "2138-01-20 10:00:00" ${VALGRIND} \
+ gnutls_timewrapper_standalone static "2138-01-20 10:00:00" ${VALGRIND} \
"${CERTTOOL}" --generate-crl --load-ca-privkey "${srcdir}/data/template-test.key" \
--load-ca-certificate "${srcdir}/data/template-test.pem" \
--load-certificate "${srcdir}/data/ca-certs.pem" --template \
rm -f "${OUTFILE}"
# check whether the honor_crq_extension option works
-datefudge -s "2007-04-22 00:00:00" \
+gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \
"${CERTTOOL}" --generate-request \
--load-privkey "${srcdir}/data/template-test.key" \
--template "${srcdir}/templates/template-tlsfeature.tmpl" \
exit 1
fi
-datefudge -s "2007-04-22 00:00:00" \
+gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \
"${CERTTOOL}" --generate-certificate \
--load-ca-privkey "${srcdir}/data/template-test.key" \
--load-ca-certificate "${srcdir}/data/template-tlsfeature.pem" \
N
__EOF__
+gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \
setsid \
-datefudge -s "2007-04-22 00:00:00" \
"${CERTTOOL}" -q \
--load-privkey "${srcdir}/data/template-test.key" \
--outfile "${OUTFILE}" <$TMPFILE 2>/dev/null
fi
# check whether the generation with extension works
-datefudge -s "2007-04-22 00:00:00" \
+gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \
"${CERTTOOL}" --generate-request \
--load-privkey "${srcdir}/data/template-test.key" \
--template "${srcdir}/templates/arb-extensions.tmpl" \
fi
# Generate certificate from CRQ with no explicit extensions
-datefudge -s "2007-04-22 00:00:00" \
+gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \
"${CERTTOOL}" --generate-certificate \
--load-ca-privkey "${srcdir}/../../doc/credentials/x509/ca-key.pem" \
--load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" \
fi
# Generate certificate from CRQ with CRQ extensions
-datefudge -s "2007-04-22 00:00:00" \
+gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \
"${CERTTOOL}" --generate-certificate \
--load-ca-privkey "${srcdir}/../../doc/credentials/x509/ca-key.pem" \
--load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" \
fi
# Generate certificate from CRQ with explicit extensions
-datefudge -s "2007-04-22 00:00:00" \
+gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \
"${CERTTOOL}" --generate-certificate \
--load-ca-privkey "${srcdir}/../../doc/credentials/x509/ca-key.pem" \
--load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" \
skip_if_no_datefudge
-datefudge -s "2017-04-22 00:00:00" \
+gnutls_timewrapper_standalone static "2017-04-22 00:00:00" \
"${CERTTOOL}" --generate-self-signed \
--load-privkey "${srcdir}/data/key-ca.pem" \
--template "${srcdir}/templates/inhibit-anypolicy.tmpl" \
echo ca > $TEMPLFILE
echo "cn = sub-CA" >> $TEMPLFILE
-datefudge -s "2017-04-23 00:00:00" \
+gnutls_timewrapper_standalone static "2017-04-23 00:00:00" \
"${CERTTOOL}" -d 2 --generate-certificate --template $TEMPLFILE \
--load-ca-privkey "${srcdir}/data/key-ca.pem" \
--load-ca-certificate $CAFILE \
cat $SUBCAFILE $CAFILE > ${TMPFILE}
# we do not support the inhibit any policy extension for verification
-datefudge -s "2017-04-25 00:00:00" "${CERTTOOL}" --verify-chain --infile ${TMPFILE}
+gnutls_timewrapper_standalone static "2017-04-25 00:00:00" "${CERTTOOL}" --verify-chain --infile ${TMPFILE}
rc=$?
if test "$rc" != "0"; then
echo "Verification failed unexpectedly ($rc)"
exit 1
fi
-if check_for_datefudge; then
- #this was causing a double free; verify that we receive the expected error code
- datefudge -s "2020-01-01 00:00:00" \
- ${VALGRIND} "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/cve-2019-3829.pem"
- rc=$?
-
- # We're done.
- if test $rc != 1; then
- echo "Verification of invalid signature (6) failed"
- exit 1
- fi
-else
- echo "Verification of invalid signature (6) skipped"
+skip_if_no_datefudge
+#this was causing a double free; verify that we receive the expected error code
+gnutls_timewrapper_standalone static "2020-01-01 00:00:00" \
+${VALGRIND} "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/cve-2019-3829.pem"
+rc=$?
+
+# We're done.
+if test $rc != 1; then
+ echo "Verification of invalid signature (6) failed"
+ exit 1
fi
exit 0
# time set using datefudge could have changed since the generation
# (if example the system was busy)
-datefudge -s "2007-04-22 00:00:00" \
+gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \
"${CERTTOOL}" --generate-self-signed \
--load-privkey "${srcdir}/data/template-test.key" \
--template "${srcdir}/templates/template-krb5name.tmpl" \
cp "${srcdir}/templates/template-krb5name.tmpl" ${TMPLFILE}
echo "krb5_principal = 'xxxxxxxxxxxxxx'" >>${TMPLFILE}
-datefudge -s "2007-04-22 00:00:00" \
+gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \
${VALGRIND} "${CERTTOOL}" --generate-self-signed \
--load-privkey "${srcdir}/data/template-test.key" \
--template ${TMPLFILE} \
cp "${srcdir}/templates/template-krb5name.tmpl" ${TMPLFILE}
echo "krb5_principal = 'comp1/comp2/comp3/comp4/comp5/comp6/comp7/comp8/comp9/comp10@REALM.COM'" >>${TMPLFILE}
-datefudge -s "2007-04-22 00:00:00" \
+gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \
${VALGRIND} "${CERTTOOL}" --generate-self-signed \
--load-privkey "${srcdir}/data/template-test.key" \
--template ${TMPLFILE} \
# Test MD5 signatures
-datefudge -s "2016-04-15 00:00:00" \
+gnutls_timewrapper_standalone static "2016-04-15 00:00:00" \
"${CERTTOOL}" --verify-chain --infile "${srcdir}/data/chain-md5.pem" >/dev/null 2>&1
rc=$?
if test "${rc}" != "1"; then
exit ${rc}
fi
-datefudge -s "2016-04-15 00:00:00" \
+gnutls_timewrapper_standalone static "2016-04-15 00:00:00" \
"${CERTTOOL}" --verify-allow-broken --verify-chain --infile "${srcdir}/data/chain-md5.pem" >/dev/null 2>&1
rc=$?
if test "${rc}" != "0"; then
skip_if_no_datefudge
-datefudge -s "2016-04-22 00:00:00" \
+gnutls_timewrapper_standalone static "2016-04-22 00:00:00" \
${VALGRIND} "${CERTTOOL}" --verify-allow-broken -e --infile "${srcdir}/data/name-constraints-ip.pem"
rc=$?
# time set using datefudge could have changed since the generation
# (if example the system was busy)
-datefudge -s "2007-04-22 00:00:00" \
+gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \
"${CERTTOOL}" --generate-self-signed \
--load-privkey "${srcdir}/data/template-test.key" \
--template "${srcdir}/templates/template-othername.tmpl" \
exit ${rc}
fi
-datefudge -s "2007-04-22 00:00:00" \
+gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \
"${CERTTOOL}" --generate-self-signed \
--load-privkey "${srcdir}/data/template-test.key" \
--template "${srcdir}/templates/template-othername-xmpp.tmpl" \
. ${srcdir}/../scripts/common.sh
skip_if_no_datefudge
-datefudge -s "2016-10-01 00:00:00" \
+gnutls_timewrapper_standalone static "2016-10-01 00:00:00" \
${VALGRIND} "${CERTTOOL}" --verify-allow-broken --p7-verify --inder --infile "${srcdir}/data/pkcs7-cat.p7" --load-ca-certificate "${srcdir}/data/pkcs7-cat-ca.pem"
rc=$?
FILE="signing-verify-no-purpose"
echo ""
echo "test: $FILE"
-datefudge -s "2015-01-10 00:00:00" \
+gnutls_timewrapper_standalone static "2015-01-10 00:00:00" \
${VALGRIND} "${CERTTOOL}" --p7-verify --load-ca-certificate "${srcdir}/data/code-signing-ca.pem" <"${OUTFILE}"
rc=$?
FILE="signing-verify-valid-purpose"
echo ""
echo "test: $FILE"
-datefudge -s "2015-01-10 00:00:00" \
+gnutls_timewrapper_standalone static "2015-01-10 00:00:00" \
${VALGRIND} "${CERTTOOL}" --verify-purpose 1.3.6.1.5.5.7.3.3 --p7-verify --load-ca-certificate "${srcdir}/data/code-signing-ca.pem" <"${OUTFILE}"
rc=$?
FILE="signing-verify-invalid-purpose"
echo ""
echo "test: $FILE"
-datefudge -s "2015-01-10 00:00:00" \
+gnutls_timewrapper_standalone static "2015-01-10 00:00:00" \
${VALGRIND} "${CERTTOOL}" --verify-purpose 1.3.6.1.5.5.7.3.1 --p7-verify --load-ca-certificate "${srcdir}/data/code-signing-ca.pem" <"${OUTFILE}"
rc=$?
FILE="signing-verify-invalid-date-1"
echo ""
echo "test: $FILE"
-datefudge -s "2011-01-10 00:00:00" \
+gnutls_timewrapper_standalone static "2011-01-10 00:00:00" \
${VALGRIND} "${CERTTOOL}" --verify-purpose 1.3.6.1.5.5.7.3.3 --p7-verify --load-ca-certificate "${srcdir}/data/code-signing-ca.pem" <"${OUTFILE}"
rc=$?
FILE="signing-verify-invalid-date-2"
echo ""
echo "test: $FILE"
-datefudge -s "2018-01-10 00:00:00" \
+gnutls_timewrapper_standalone static "2018-01-10 00:00:00" \
${VALGRIND} "${CERTTOOL}" --verify-purpose 1.3.6.1.5.5.7.3.3 --p7-verify --load-ca-certificate "${srcdir}/data/code-signing-ca.pem" <"${OUTFILE}"
rc=$?
FILE="signing-verify-no-purpose"
echo ""
echo "test: $FILE"
-datefudge -s "2015-01-10 00:00:00" \
+gnutls_timewrapper_standalone static "2015-01-10 00:00:00" \
${VALGRIND} "${CERTTOOL}" --p7-verify --load-certificate "${srcdir}/data/code-signing-cert.pem" <"${OUTFILE}"
rc=$?
FILE="signing-verify-valid-purpose"
echo ""
echo "test: $FILE"
-datefudge -s "2015-01-10 00:00:00" \
+gnutls_timewrapper_standalone static "2015-01-10 00:00:00" \
${VALGRIND} "${CERTTOOL}" --verify-purpose 1.3.6.1.5.5.7.3.3 --p7-verify --load-certificate "${srcdir}/data/code-signing-cert.pem" <"${OUTFILE}"
rc=$?
FILE="signing-verify-invalid-purpose"
echo ""
echo "test: $FILE"
-datefudge -s "2015-01-10 00:00:00" \
+gnutls_timewrapper_standalone static "2015-01-10 00:00:00" \
${VALGRIND} "${CERTTOOL}" --verify-purpose 1.3.6.1.5.5.7.3.1 --p7-verify --load-certificate "${srcdir}/data/code-signing-cert.pem" <"${OUTFILE}"
rc=$?
FILE="signing-verify-invalid-date-1"
echo ""
echo "test: $FILE"
-datefudge -s "2011-01-10 00:00:00" \
+gnutls_timewrapper_standalone static "2011-01-10 00:00:00" \
${VALGRIND} "${CERTTOOL}" --verify-purpose 1.3.6.1.5.5.7.3.3 --p7-verify --load-certificate "${srcdir}/data/code-signing-cert.pem" <"${OUTFILE}"
rc=$?
FILE="signing-verify-invalid-date-2"
echo ""
echo "test: $FILE"
-datefudge -s "2018-01-10 00:00:00" \
+gnutls_timewrapper_standalone static "2018-01-10 00:00:00" \
${VALGRIND} "${CERTTOOL}" --verify-purpose 1.3.6.1.5.5.7.3.3 --p7-verify --load-certificate "${srcdir}/data/code-signing-cert.pem" <"${OUTFILE}"
rc=$?
for FILE in full.p7b openssl.p7b openssl-keyid.p7b; do
# check validation with date prior to CA issuance
-datefudge -s "2011-01-10 00:00:00" \
+gnutls_timewrapper_standalone static "2011-01-10 00:00:00" \
${VALGRIND} "${CERTTOOL}" --inder --p7-verify --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${srcdir}/data/${FILE}" >"${OUTFILE}"
rc=$?
fi
# check validation with date prior to intermediate cert issuance
-env TZ=UTC datefudge -s "2011-05-28 08:38:00" \
+env TZ=UTC gnutls_timewrapper_standalone static "2011-05-28 08:38:00" \
${VALGRIND} "${CERTTOOL}" --inder --p7-verify --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${srcdir}/data/${FILE}" >"${OUTFILE}"
rc=$?
fi
# check validation with date after intermediate cert issuance
-datefudge -s "2038-10-13 00:00:00" \
+gnutls_timewrapper_standalone static "2038-10-13 00:00:00" \
${VALGRIND} "${CERTTOOL}" --inder --p7-verify --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${srcdir}/data/${FILE}" >"${OUTFILE}"
rc=$?
# Test PSS signatures on certificate
for i in sha256 sha384 sha512;do
-datefudge -s "2007-04-22 00:00:00" \
+gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \
"${CERTTOOL}" --generate-self-signed --key-type rsa-pss \
--load-privkey "${srcdir}/data/privkey1.pem" \
--template "${srcdir}/templates/template-test.tmpl" \
exit ${rc}
fi
-datefudge -s "2007-04-25 00:00:00" \
+gnutls_timewrapper_standalone static "2007-04-25 00:00:00" \
"${CERTTOOL}" --load-ca-certificate "${TMPFILE}" --verify --infile "${TMPFILE}" >/dev/null 2>&1
rc=$?
if test "${rc}" != "0"; then
# Test SHA3 signatures
for i in sha3-224 sha3-256 sha3-384 sha3-512;do
-datefudge -s "2007-04-22 00:00:00" \
+gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \
"${CERTTOOL}" --generate-self-signed \
--load-privkey "${srcdir}/data/template-test.key" \
--template "${srcdir}/templates/template-test.tmpl" \
exit ${rc}
fi
-datefudge -s "2007-04-25 00:00:00" \
+gnutls_timewrapper_standalone static "2007-04-25 00:00:00" \
"${CERTTOOL}" --load-ca-certificate "${TMPFILE}" --verify --infile "${TMPFILE}" >/dev/null 2>&1
rc=$?
if test "${rc}" != "0"; then
# Test SHA3 signatures with ECDSA
for i in sha3-224 sha3-256 sha3-384 sha3-512;do
-datefudge -s "2007-04-22 00:00:00" \
+gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \
"${CERTTOOL}" --generate-self-signed \
--load-privkey "${srcdir}/data/template-test-ecc.key" \
--template "${srcdir}/templates/template-test.tmpl" \
exit ${rc}
fi
-datefudge -s "2007-04-25 00:00:00" \
+gnutls_timewrapper_standalone static "2007-04-25 00:00:00" \
"${CERTTOOL}" --load-ca-certificate "${TMPFILE}" --verify --infile "${TMPFILE}" >/dev/null 2>&1
rc=$?
if test "${rc}" != "0"; then
fi
-datefudge -s "2017-04-06 00:00:00" \
+gnutls_timewrapper_standalone static "2017-04-06 00:00:00" \
${VALGRIND} "${CERTTOOL}" --p7-verify --load-certificate "${srcdir}/../../doc/credentials/x509/cert-rsa.pem" <"${OUTFILE}"
rc=$?
skip_if_no_datefudge
-datefudge -s "2007-04-22 00:00:00" \
+gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \
"${CERTTOOL}" --generate-self-signed \
--load-privkey "${srcdir}/data/template-test.key" \
--template "${srcdir}/templates/arb-extensions.tmpl" \
rm -f "$OUTFILE"
# Test adding critical extensions only
-datefudge -s "2007-04-22 00:00:00" \
+gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \
"${CERTTOOL}" --generate-self-signed \
--load-privkey "${srcdir}/data/template-test.key" \
--template "${srcdir}/templates/crit-extensions.tmpl" \
rm -f "$OUTFILE"
-datefudge -s "2007-04-22 00:00:00" \
+gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \
"${CERTTOOL}" --generate-request \
--load-privkey "${srcdir}/data/template-test.key" \
--template "${srcdir}/templates/arb-extensions.tmpl" \
skip_if_no_datefudge
-datefudge -s "2007-04-22 00:00:00" \
+gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \
"${CERTTOOL}" --generate-self-signed \
--load-privkey "${srcdir}/data/template-test.key" \
--template "${srcdir}/templates/simple-policy.tmpl" \
# time set using datefudge could have changed since the generation
# (if example the system was busy)
-datefudge -s "2007-04-22 00:00:00" \
+gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \
"${CERTTOOL}" --generate-self-signed \
--load-privkey "${srcdir}/data/template-test.key" \
--template "${srcdir}/templates/template-test.tmpl" \
rm -f ${TMPFILE}
-datefudge -s "2007-04-22 00:00:00" \
+gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \
"${CERTTOOL}" --generate-self-signed \
--load-privkey "${srcdir}/data/template-test.key" \
--template "${srcdir}/templates/template-utf8.tmpl" \
rm -f ${TMPFILE}
-datefudge -s "2007-04-22 00:00:00" \
+gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \
"${CERTTOOL}" --generate-self-signed \
--load-privkey "${srcdir}/data/template-test.key" \
--template "${srcdir}/templates/template-dn.tmpl" \
echo "Running test for certificate generation with --generate-self-signed"
-datefudge -s "2007-04-22 00:00:00" \
+gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \
"${CERTTOOL}" --generate-certificate \
--load-privkey "${srcdir}/data/template-test.key" \
--load-ca-privkey "${srcdir}/../../doc/credentials/x509/ca-key.pem" \
rm -f ${TMPFILE}
-datefudge -s "2007-04-22 00:00:00" \
+gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \
"${CERTTOOL}" --generate-self-signed \
--load-privkey "${srcdir}/data/template-test.key" \
--template "${srcdir}/templates/template-dn-err.tmpl" \
rm -f ${TMPFILE}
-datefudge -s "2007-04-22 00:00:00" \
+gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \
"${CERTTOOL}" --generate-self-signed \
--load-privkey "${srcdir}/data/template-test.key" \
--template "${srcdir}/templates/template-overflow.tmpl" \
# The following test works in 64-bit systems
-datefudge -s "2007-04-22 00:00:00" \
+gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \
"${CERTTOOL}" --generate-self-signed \
--load-privkey "${srcdir}/data/template-test.key" \
--template "${srcdir}/templates/template-overflow2.tmpl" \
fi
rm -f ${TMPFILE}
-datefudge -s "2007-04-22 00:00:00" \
+gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \
"${CERTTOOL}" --generate-self-signed \
--load-privkey "${srcdir}/data/template-test.key" \
--template "${srcdir}/templates/template-date.tmpl" \
rm -f ${TMPFILE}
-datefudge -s "2007-04-22 00:00:00" \
+gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \
"${CERTTOOL}" --generate-self-signed \
--load-privkey "${srcdir}/data/template-test.key" \
--template "${srcdir}/templates/template-dates-after2038.tmpl" \
# Test name constraints generation
-datefudge -s "2007-04-22 00:00:00" \
+gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \
"${CERTTOOL}" --generate-self-signed \
--load-privkey "${srcdir}/data/template-test.key" \
--template "${srcdir}/templates/template-nc.tmpl" \
# Test the GeneralizedTime support
if test "${ac_cv_sizeof_time_t}" = 8;then
# we should test that on systems which have 64-bit time_t.
- datefudge -s "2051-04-22 00:00:00" \
+ gnutls_timewrapper_standalone static "2051-04-22 00:00:00" \
"${CERTTOOL}" --generate-self-signed \
--load-privkey "${srcdir}/data/template-test.key" \
--template "${srcdir}/templates/template-generalized.tmpl" \
# Test unique ID field generation
-datefudge -s "2007-04-22 00:00:00" \
+gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \
"${CERTTOOL}" --generate-self-signed \
--load-privkey "${srcdir}/data/template-test.key" \
--template "${srcdir}/templates/template-unique.tmpl" \
# Test generation with very long dns names
-datefudge -s "2007-04-22 00:00:00" \
+gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \
"${CERTTOOL}" --generate-self-signed \
--load-privkey "${srcdir}/data/template-test.key" \
--template "${srcdir}/templates/template-long-dns.tmpl" \
# Test generation with larger serial number
-datefudge -s "2007-04-22 00:00:00" \
+gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \
"${CERTTOOL}" --generate-self-signed \
--load-privkey "${srcdir}/data/template-test.key" \
--template "${srcdir}/templates/template-long-serial.tmpl" \
#
# Test certificate generation
#
-datefudge -s "2007-04-22 00:00:00" \
+gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \
"${CERTTOOL}" --generate-self-signed \
--load-privkey "${srcdir}/data/template-test.key" \
--template "${srcdir}/templates/template-tlsfeature.tmpl" \
# Test certificate request generation
#
-datefudge -s "2007-04-22 00:00:00" \
+gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \
"${CERTTOOL}" --generate-request \
--load-privkey "${srcdir}/data/template-test.key" \
--template "${srcdir}/templates/template-tlsfeature.tmpl" \
#
# Test certificate generation after a request
#
-datefudge -s "2007-04-22 00:00:00" \
+gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \
"${CERTTOOL}" --generate-certificate \
--load-privkey "${srcdir}/data/template-test.key" \
--load-ca-privkey "${srcdir}/data/template-test.key" \
file=$2
echo -n "* Verifying a certificate... "
- datefudge -s "2015-10-10 00:00:00" \
+ gnutls_timewrapper_standalone static "2015-10-10 00:00:00" \
$CERTTOOL ${ADDITIONAL_PARAM} --verify --load-ca-certificate "$url" --infile "$file" >>"${TMPFILE}" 2>&1
if test $? = 0; then
echo ok
skip_if_no_datefudge
-datefudge -s "2017-06-19 00:00:00" \
+gnutls_timewrapper_standalone static "2017-06-19 00:00:00" \
"${OCSPTOOL}" -e --load-chain "${srcdir}/ocsp-tests/certs/chain-amazon.com.pem" --infile "${srcdir}/ocsp-tests/certs/ocsp-amazon.com.der" --verify-allow-broken
rc=$?
exit ${rc}
fi
-datefudge -s "2017-06-19 00:00:00" \
+gnutls_timewrapper_standalone static "2017-06-19 00:00:00" \
"${OCSPTOOL}" -e --load-chain "${srcdir}/ocsp-tests/certs/chain-amazon.com-unsorted.pem" --infile "${srcdir}/ocsp-tests/certs/ocsp-amazon.com.der" --verify-allow-broken
rc=$?
fi
# verify an OCSP response using ECDSA
-datefudge -s "2017-06-29 00:00:00" \
+gnutls_timewrapper_standalone static "2017-06-29 00:00:00" \
"${OCSPTOOL}" -d 6 -e --load-chain "${srcdir}/ocsp-tests/certs/chain-akamai.com.pem" --infile "${srcdir}/ocsp-tests/certs/ocsp-akamai.com.der"
rc=$?
echo "ocsp_uri=http://localhost:${OCSP_PORT}/ocsp/" >>"$TEMPLATE_FILE"
# Generate certificates with the random port
-datefudge -s "${CERTDATE}" ${CERTTOOL} \
+gnutls_timewrapper_standalone static "${CERTDATE}" ${CERTTOOL} \
--generate-certificate --load-ca-privkey "${srcdir}/ocsp-tests/certs/ca.key" \
--load-ca-certificate "${srcdir}/ocsp-tests/certs/ca.pem" \
--load-privkey "${srcdir}/ocsp-tests/certs/server_good.key" \
# Generate certificates with the random port (with mandatory stapling extension)
echo "tls_feature = 5" >>"$TEMPLATE_FILE"
-datefudge -s "${CERTDATE}" ${CERTTOOL} \
+gnutls_timewrapper_standalone static "${CERTDATE}" ${CERTTOOL} \
--generate-certificate --load-ca-privkey "${srcdir}/ocsp-tests/certs/ca.key" \
--load-ca-certificate "${srcdir}/ocsp-tests/certs/ca.pem" \
--load-privkey "${srcdir}/ocsp-tests/certs/server_good.key" \
wait_for_port "${TLS_SERVER_PORT}"
echo "test 123456" | \
- datefudge -s "${TESTDATE}" \
+ gnutls_timewrapper_standalone static "${TESTDATE}" \
"${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \
--port="${TLS_SERVER_PORT}" localhost
rc=$?
wait_for_port "${TLS_SERVER_PORT}"
echo "test 123456" | \
- datefudge -s "${TESTDATE}" \
+ gnutls_timewrapper_standalone static "${TESTDATE}" \
"${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \
--port="${TLS_SERVER_PORT}" localhost
rc=$?
wait_for_port "${TLS_SERVER_PORT}"
echo "test 123456" | \
- datefudge -s "${TESTDATE}" \
+ gnutls_timewrapper_standalone static "${TESTDATE}" \
"${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \
--port="${TLS_SERVER_PORT}" localhost
rc=$?
wait_for_port "${TLS_SERVER_PORT}"
echo "test 123456" | \
- datefudge -s "${TESTDATE}" \
+ gnutls_timewrapper_standalone static "${TESTDATE}" \
"${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \
--port="${TLS_SERVER_PORT}" localhost
rc=$?
# Generate an OCSP response which expires in 2 days and use it after
# a month. gnutls server doesn't send such a staple to clients.
${VALGRIND} ${OCSPTOOL} --generate-request --load-issuer "${srcdir}/ocsp-tests/certs/ocsp-server.pem" --load-cert "${SERVER_CERT_FILE}" --outfile "${OCSP_REQ_FILE}"
-datefudge -s "${EXP_OCSP_DATE}" \
+gnutls_timewrapper_standalone static "${EXP_OCSP_DATE}" \
${OPENSSL} ocsp -index "${INDEXFILE}" -rsigner "${srcdir}/ocsp-tests/certs/ocsp-server.pem" -rkey "${srcdir}/ocsp-tests/certs/ocsp-server.key" -CA "${srcdir}/ocsp-tests/certs/ca.pem" -reqin "${OCSP_REQ_FILE}" -respout "${OCSP_RESPONSE_FILE}" -ndays 2
eval "${GETPORT}"
wait_for_port "${TLS_SERVER_PORT}"
echo "test 123456" | \
- datefudge -s "${TESTDATE}" \
+ gnutls_timewrapper_standalone static "${TESTDATE}" \
"${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \
--port="${TLS_SERVER_PORT}" localhost
rc=$?
rm -f "${OCSP_RESPONSE_FILE}"
${VALGRIND} ${OCSPTOOL} --generate-request --load-issuer "${srcdir}/ocsp-tests/certs/ocsp-server.pem" --load-cert "${SERVER_CERT_FILE}" --outfile "${OCSP_REQ_FILE}"
-datefudge -s "${EXP_OCSP_DATE}" \
+gnutls_timewrapper_standalone static "${EXP_OCSP_DATE}" \
${OPENSSL} ocsp -index ${INDEXFILE} -rsigner "${srcdir}/ocsp-tests/certs/ocsp-server.pem" -rkey "${srcdir}/ocsp-tests/certs/ocsp-server.key" -CA "${srcdir}/ocsp-tests/certs/ca.pem" -reqin "${OCSP_REQ_FILE}" -respout "${OCSP_RESPONSE_FILE}"
eval "${GETPORT}"
wait_for_port "${TLS_SERVER_PORT}"
echo "test 123456" | \
- datefudge -s "${TESTDATE}" \
+ gnutls_timewrapper_standalone static "${TESTDATE}" \
"${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \
--port="${TLS_SERVER_PORT}" localhost
rc=$?
wait_for_port "${TLS_SERVER_PORT}"
echo "test 123456" | \
- datefudge -s "${TESTDATE}" \
+ gnutls_timewrapper_standalone static "${TESTDATE}" \
"${CLI}" --priority "NORMAL:%NO_EXTENSIONS" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \
--port="${TLS_SERVER_PORT}" localhost
rc=$?
wait_for_port "${TLS_SERVER_PORT}"
echo "test 123456" | \
- datefudge -s "${TESTDATE}" \
+ gnutls_timewrapper_standalone static "${TESTDATE}" \
"${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \
--port="${TLS_SERVER_PORT}" localhost
rc=$?
wait_for_port "${TLS_SERVER_PORT}"
echo "test 123456" | \
- datefudge -s "${TESTDATE}" \
+ gnutls_timewrapper_standalone static "${TESTDATE}" \
"${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \
--port="${TLS_SERVER_PORT}" localhost
rc=$?
verify_response ()
{
echo "verifying ${sample_dir}/${1} using ${trusted}"
- datefudge --static "${date}" \
+ gnutls_timewrapper_standalone static "${date}" \
"${OCSPTOOL}" --infile="${sample_dir}/${1}" \
--verify-response --load-trust="${trusted}"
return $?
# time set using datefudge could have changed since the generation
# (if example the system was busy)
-datefudge -s "2016-04-22 00:00:00" \
+gnutls_timewrapper_standalone static "2016-04-22 00:00:00" \
"${OCSPTOOL}" -e --load-signer "${srcdir}/ocsp-tests/certs/ca.pem" --infile "${srcdir}/ocsp-tests/response1.der"
rc=$?
exit ${rc}
fi
-datefudge -s "2016-04-22 00:00:00" \
+gnutls_timewrapper_standalone static "2016-04-22 00:00:00" \
"${OCSPTOOL}" -e --load-signer "${srcdir}/ocsp-tests/certs/ocsp-server.pem" --infile "${srcdir}/ocsp-tests/response2.der"
rc=$?
exit ${rc}
fi
-datefudge -s "2016-04-22 00:00:00" \
+gnutls_timewrapper_standalone static "2016-04-22 00:00:00" \
"${OCSPTOOL}" -e --load-signer "${srcdir}/ocsp-tests/certs/ca.pem" --infile "${srcdir}/ocsp-tests/response2.der" -d 4
rc=$?
echo "ocsp_uri=http://localhost:${OCSP_PORT}/ocsp/" >>"$TEMPLATE_FILE"
# Generate certificates with the random port
-datefudge -s "${CERTDATE}" ${CERTTOOL} \
+gnutls_timewrapper_standalone static "${CERTDATE}" ${CERTTOOL} \
--generate-certificate --load-ca-privkey "${srcdir}/ocsp-tests/certs/ca.key" \
--load-ca-certificate "${srcdir}/ocsp-tests/certs/ca.pem" \
--load-privkey "${srcdir}/ocsp-tests/certs/server_good.key" \
wait_for_port "${TLS_SERVER_PORT}"
echo "test 123456" | \
- datefudge -s "${TESTDATE}" \
+ gnutls_timewrapper_standalone static "${TESTDATE}" \
"${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \
--port="${TLS_SERVER_PORT}" localhost
rc=$?
echo "ocsp_uri=http://localhost:${OCSP_PORT}/ocsp/" >>"$TEMPLATE_FILE"
# Generate certificates with the random port
-datefudge -s "${CERTDATE}" ${CERTTOOL} \
+gnutls_timewrapper_standalone static "${CERTDATE}" ${CERTTOOL} \
--generate-certificate --load-ca-privkey "${srcdir}/ocsp-tests/certs/ca.key" \
--load-ca-certificate "${srcdir}/ocsp-tests/certs/ca.pem" \
--load-privkey "${srcdir}/ocsp-tests/certs/server_bad.key" \
wait_for_port "${TLS_SERVER_PORT}"
echo "test 123456" | \
- datefudge -s "${TESTDATE}" \
+ gnutls_timewrapper_standalone static "${TESTDATE}" \
"${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \
--port="${TLS_SERVER_PORT}" localhost
rc=$?
skip_if_no_datefudge
#try verification
-datefudge -s "2010-10-10 00:00:00" \
+gnutls_timewrapper_standalone static "2010-10-10 00:00:00" \
${VALGRIND} "${CERTTOOL}" --verify-allow-broken --inder --p7-verify --infile "${srcdir}/data/test1.cat" --load-certificate "${srcdir}/data/pkcs7-cat-ca.pem"
rc=$?
exit 1
fi
-datefudge -s "2016-10-10 00:00:00" \
+gnutls_timewrapper_standalone static "2016-10-10 00:00:00" \
${VALGRIND} "${CERTTOOL}" --verify-allow-broken --inder --p7-verify --infile "${srcdir}/data/test1.cat" --load-certificate "${srcdir}/data/pkcs7-cat-ca.pem"
rc=$?
ASAN_OPTIONS="detect_leaks=0"
export ASAN_OPTIONS
-datefudge -s "2006-10-01 00:00:00" \
+gnutls_timewrapper_standalone static "2006-10-01 00:00:00" \
"${CERTTOOL}" --verify-chain --outfile "$TMPFILE1" --infile "${srcdir}/rsa-md5-collision/colliding-chain-md5-1.pem"
if test $? = 0;then
echo "Verification on chain1 succeeded"
fi
-datefudge -s "2006-10-01 00:00:00" \
+gnutls_timewrapper_standalone static "2006-10-01 00:00:00" \
"${CERTTOOL}" --verify-chain --outfile "$TMPFILE2" --infile "${srcdir}/rsa-md5-collision/colliding-chain-md5-2.pem"
if test $? = 0;then
echo "Verification on chain2 succeeded"
pubkey="$5"
echo -n "* Generating client certificate... "
- datefudge -s "$TESTDATE" \
+ gnutls_timewrapper_standalone static "$TESTDATE" \
"${CERTTOOL}" ${CERTTOOL_PARAM} ${ADDITIONAL_PARAM} --generate-certificate --load-ca-privkey "${cakey}" --load-ca-certificate "${cacert}" \
--template ${srcdir}/testpkcs11-certs/client-tmpl --load-privkey "${token};object=gnutls-client;object-type=private" \
--load-pubkey "$pubkey" --outfile tmp-client.crt >>"${LOGFILE}" 2>&1
echo -n "* Using PKCS #11 with gnutls-cli (${txt})... "
# start server
eval "${GETPORT}"
- launch_bare_server datefudge -s "$TESTDATE" \
+ launch_bare_server gnutls_timewrapper_standalone static "$TESTDATE" \
$VALGRIND $SERV $DEBUG -p "$PORT" \
${ADDITIONAL_PARAM} --debug 10 --echo --priority NORMAL --x509certfile="${certfile}" \
--x509keyfile="$keyfile" --x509cafile="${cafile}" \
wait_server ${PID}
# connect to server using SC
- datefudge -s "$TESTDATE" \
+ gnutls_timewrapper_standalone static "$TESTDATE" \
${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509cafile="${cafile}" </dev/null >>"${LOGFILE}" 2>&1 && \
fail ${PID} "Connection should have failed!"
- datefudge -s "$TESTDATE" \
+ gnutls_timewrapper_standalone static "$TESTDATE" \
${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509certfile="${certfile}" \
--x509keyfile="$keyfile" --x509cafile="${cafile}" </dev/null >>"${LOGFILE}" 2>&1 || \
fail ${PID} "Connection (with files) should have succeeded!"
- datefudge -s "$TESTDATE" \
+ gnutls_timewrapper_standalone static "$TESTDATE" \
${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509certfile="${token};object=gnutls-client;object-type=cert" \
--x509keyfile="${token};object=gnutls-client;object-type=private" \
--x509cafile="${cafile}" </dev/null >>"${LOGFILE}" 2>&1 || \
projects / thirdparty / gnutls.git / commitdiff
