tests/cert-test/invalid-sig: use datefudge to test expired certs

Suggested by Andreas Metzler in:
https://gitlab.com/gnutls/gnutls/-/issues/1021

Signed-off-by: Daiki Ueno <ueno@gnu.org>

diff --git a/tests/cert-tests/invalid-sig b/tests/cert-tests/invalid-sig
index bcebf995cb668c51a5035351ad90723b3bbf055f..58134a4d090a06499e9e601240d87fa445918eaa 100755 (executable)
--- a/tests/cert-tests/invalid-sig
+++ b/tests/cert-tests/invalid-sig
@@ -33,14 +33,16 @@ if ! test -x "${CERTTOOL}"; then
        exit 77
 fi
 
+. ${srcdir}/../scripts/common.sh
+
 #check whether a different PKCS #1 signature than the advertized in certificate is tolerated
 ${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/data/invalid-sig.pem"
 rc=$?
 
 # We're done.
-if test "${rc}" = "0"; then
+if test $rc = 0; then
        echo "Verification of invalid signature (1) failed"
-       exit ${rc}
+       exit 1
 fi
 
 #check whether a different tbsCertificate than the outer signature algorithm is tolerated
@@ -48,9 +50,9 @@ ${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/data/invalid-sig2.pem"
 rc=$?
 
 # We're done.
-if test "${rc}" = "0"; then
+if test $rc = 0; then
        echo "Verification of invalid signature (2) failed"
-       exit ${rc}
+       exit 1
 fi
 
 #check whether a different tbsCertificate than the outer signature algorithm is tolerated
@@ -58,9 +60,9 @@ ${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/data/invalid-sig3.pem"
 rc=$?
 
 # We're done.
-if test "${rc}" = "0"; then
+if test $rc = 0; then
        echo "Verification of invalid signature (3) failed"
-       exit ${rc}
+       exit 1
 fi
 
 #check whether different parameters in tbsCertificate than the outer signature is tolerated
@@ -68,9 +70,9 @@ ${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/data/invalid-sig4.pem"
 rc=$?
 
 # We're done.
-if test "${rc}" = "0"; then
+if test $rc = 0; then
        echo "Verification of invalid signature (4) failed"
-       exit ${rc}
+       exit 1
 fi
 
 #check whether different RSA-PSS parameters in tbsCertificate than the outer signature is tolerated
@@ -78,19 +80,24 @@ ${VALGRIND} "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/invalid-sig5.p
 rc=$?
 
 # We're done.
-if test "${rc}" = "0"; then
+if test $rc = 0; then
        echo "Verification of invalid signature (5) failed"
-       exit ${rc}
+       exit 1
 fi
 
-#this was causing a double free; verify that we receive the expected error code
-${VALGRIND} "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/cve-2019-3829.pem"
-rc=$?
-
-# We're done.
-if test "${rc}" != "1"; then
-       echo "Verification of invalid signature (6) failed"
-       exit ${rc}
+if check_for_datefudge; then
+       #this was causing a double free; verify that we receive the expected error code
+       datefudge -s 2020-01-01 \
+       ${VALGRIND} "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/cve-2019-3829.pem"
+       rc=$?
+
+       # We're done.
+       if test $rc != 1; then
+               echo "Verification of invalid signature (6) failed"
+               exit 1
+       fi
+else
+       echo "Verification of invalid signature (6) skipped"
 fi
 
 exit 0