tests: verify whether the TLSFeatures extension is copied

Verify whether the TLSFeatures extension is copied from the certificate
request to the generated certificate.

diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am
index 1c54779baf48f6b27e9668cc6866e1b9c000bd64..4320532e005b1477cf206feaf5f646de50239c3d 100644 (file)
--- a/tests/cert-tests/Makefile.am
+++ b/tests/cert-tests/Makefile.am
@@ -40,7 +40,7 @@ EXTRA_DIST = ca-no-pathlen.pem no-ca-or-pathlen.pem aki-cert.pem \
        template-krb5name.pem template-krb5name-full.pem template-test-ecc.key \
        template-rsa-sha3-256.pem template-rsa-sha3-512.pem template-rsa-sha3-224.pem template-rsa-sha3-384.pem \
        name-constraints-ip2.pem chain-md5.pem gost-cert.pem template-tlsfeature.tmpl \
-       template-tlsfeature.pem template-tlsfeature.csr
+       template-tlsfeature.pem template-tlsfeature.csr template-tlsfeature-crq.tmpl
 
 dist_check_SCRIPTS = pathlen aki certtool invalid-sig email \
        pkcs7 pkcs7-broken-sigs privkey-import name-constraints certtool-long-cn crl provable-privkey \

diff --git a/tests/cert-tests/template-tlsfeature-crq.tmpl b/tests/cert-tests/template-tlsfeature-crq.tmpl
new file mode 100644 (file)
index 0000000..1a41d2d
--- /dev/null
+++ b/tests/cert-tests/template-tlsfeature-crq.tmpl
@@ -0,0 +1,23 @@
+# X.509 Certificate options
+#
+# DN options
+
+# The organization of the subject.
+organization = "Koko inc."
+
+# The organizational unit of the subject.
+unit = "sleeping dept."
+
+# The locality of the subject.
+# locality =
+
+# The state of the certificate owner.
+state = "Attiki"
+
+# The country of the subject. Two letter code.
+country = GR
+
+# The common name of the certificate owner.
+cn = "Cindy Lauper"
+
+honor_crq_extensions

diff --git a/tests/cert-tests/tlsfeature-test b/tests/cert-tests/tlsfeature-test
index c36cbef619bd6e5c5b0b364010d22e0aac21f163..a6452f3c9bc3fd86a3955e7441263d33c73a05a4 100755 (executable)
--- a/tests/cert-tests/tlsfeature-test
+++ b/tests/cert-tests/tlsfeature-test
@@ -139,7 +139,7 @@ grep "17" "${TMPFILE2}" >/dev/null 2>&1
 rc=$?
 
 if test "${rc}" != "0"; then
-       echo "CSR printing (1) failed"
+       echo "CSR printing (2) failed"
        exit ${rc}
 fi
 
@@ -147,7 +147,42 @@ grep "Status Request(5)" "${TMPFILE2}" >/dev/null 2>&1
 rc=$?
 
 if test "${rc}" != "0"; then
-       echo "CSR printing (2) failed"
+       echo "CSR printing (3) failed"
+       exit ${rc}
+fi
+
+#
+# Test certificate generation after a request
+#
+datefudge -s "2007-04-22" \
+"${CERTTOOL}" --generate-certificate \
+               --load-privkey "${srcdir}/template-test.key" \
+               --load-ca-privkey "${srcdir}/template-test.key" \
+               --load-ca-certificate "${srcdir}/template-tlsfeature.pem" \
+               --template "${srcdir}/template-tlsfeature-crq.tmpl" \
+               --load-request "${TMPFILE}" >"${TMPFILE2}" 2>&1
+
+grep -A 2 "TLS Features" "${TMPFILE2}" >"${TMPFILE}" 2>/dev/null
+rc=$?
+
+if test "${rc}" != "0"; then
+       echo "Cert generation (csr) (0) failed"
+       exit ${rc}
+fi
+
+grep "17" "${TMPFILE}" >/dev/null 2>&1
+rc=$?
+
+if test "${rc}" != "0"; then
+       echo "Cert generation (csr) (1) failed"
+       exit ${rc}
+fi
+
+grep "Status Request(5)" "${TMPFILE}" >/dev/null 2>&1
+rc=$?
+
+if test "${rc}" != "0"; then
+       echo "Cert generation (csr) (2) failed"
        exit ${rc}
 fi