mirror of https://github.com/wolfSSL/wolfssl.git
Add link of newly created x509 store's certificate manager to self by default
parent
922771bf05
commit
3bc3ec25b8
|
@ -0,0 +1,41 @@
|
|||
Certificate Revocation List (CRL):
|
||||
Version 2 (0x1)
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
|
||||
Last Update: Feb 15 12:50:27 2022 GMT
|
||||
Next Update: Nov 11 12:50:27 2024 GMT
|
||||
CRL extensions:
|
||||
X509v3 CRL Number:
|
||||
2
|
||||
Revoked Certificates:
|
||||
Serial Number: 02
|
||||
Revocation Date: Feb 15 12:50:27 2022 GMT
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
43:e6:3b:30:0e:32:53:32:a4:08:3c:e5:d5:2e:f1:ce:e9:95:
|
||||
ff:ba:d6:fe:2e:59:80:f8:0a:2f:cf:1e:e0:37:fe:ca:cc:33:
|
||||
66:8b:ed:65:50:7d:44:92:d3:5c:52:9a:95:a5:9d:a5:4e:77:
|
||||
8b:b4:7f:59:c8:7a:e0:eb:34:32:ae:a1:03:99:d2:3c:c0:f4:
|
||||
7e:1c:87:4c:6c:5a:ba:0a:95:e8:a1:44:01:7b:8f:3e:a4:e3:
|
||||
e8:1e:07:19:f0:09:7a:85:8f:f3:82:62:f8:1e:08:51:a3:60:
|
||||
30:5b:06:c8:a2:b3:ff:aa:28:66:ad:fe:4b:81:49:30:ef:5f:
|
||||
5d:ac:d9:ad:17:9f:2a:b6:22:d6:35:cc:9f:d9:11:26:dd:7a:
|
||||
06:35:d0:d5:c7:41:6c:52:97:8c:aa:82:5a:e5:a8:58:d4:b7:
|
||||
2b:31:84:34:15:bd:08:e4:9e:71:9e:c5:40:f8:02:a3:a0:1e:
|
||||
4f:98:72:2b:eb:9e:8a:4e:01:83:88:e5:cb:6e:3b:52:e3:a9:
|
||||
34:a1:7c:e4:79:2c:d1:e0:0b:74:22:ba:6d:cb:c3:a1:56:f9:
|
||||
c9:f4:20:bf:00:49:df:6b:59:49:18:c7:75:27:8e:a1:5a:a6:
|
||||
ff:f2:be:34:4a:c9:6d:6e:24:a3:1f:15:7e:34:90:b6:81:bf:
|
||||
15:80:c3:ac
|
||||
-----BEGIN X509 CRL-----
|
||||
MIICBDCB7QIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV
|
||||
BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3Ro
|
||||
MRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
|
||||
HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTIyMDIxNTEyNTAyN1oX
|
||||
DTI0MTExMTEyNTAyN1owFDASAgECFw0yMjAyMTUxMjUwMjdaoA4wDDAKBgNVHRQE
|
||||
AwIBAjANBgkqhkiG9w0BAQsFAAOCAQEAQ+Y7MA4yUzKkCDzl1S7xzumV/7rW/i5Z
|
||||
gPgKL88e4Df+yswzZovtZVB9RJLTXFKalaWdpU53i7R/Wch64Os0Mq6hA5nSPMD0
|
||||
fhyHTGxaugqV6KFEAXuPPqTj6B4HGfAJeoWP84Ji+B4IUaNgMFsGyKKz/6ooZq3+
|
||||
S4FJMO9fXazZrRefKrYi1jXMn9kRJt16BjXQ1cdBbFKXjKqCWuWoWNS3KzGENBW9
|
||||
COSecZ7FQPgCo6AeT5hyK+ueik4Bg4jly247UuOpNKF85Hks0eALdCK6bcvDoVb5
|
||||
yfQgvwBJ32tZSRjHdSeOoVqm//K+NErJbW4kox8VfjSQtoG/FYDDrA==
|
||||
-----END X509 CRL-----
|
|
@ -3,6 +3,7 @@
|
|||
#
|
||||
|
||||
EXTRA_DIST += \
|
||||
certs/crl/0fdb2da4.r0 \
|
||||
certs/crl/crl.pem \
|
||||
certs/crl/cliCrl.pem \
|
||||
certs/crl/eccSrvCRL.pem \
|
||||
|
|
|
@ -736,6 +736,10 @@ WOLFSSL_X509_STORE* wolfSSL_X509_STORE_new(void)
|
|||
#endif
|
||||
|
||||
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
|
||||
|
||||
/* Link store's new Certificate Manager to self by default */
|
||||
store->cm->x509_store_p = store;
|
||||
|
||||
if ((store->param = (WOLFSSL_X509_VERIFY_PARAM*)XMALLOC(
|
||||
sizeof(WOLFSSL_X509_VERIFY_PARAM),
|
||||
NULL, DYNAMIC_TYPE_OPENSSL)) == NULL) {
|
||||
|
|
76
tests/api.c
76
tests/api.c
|
@ -437,7 +437,6 @@ static int testDevId = WOLFSSL_CAAM_DEVID;
|
|||
static int testDevId = INVALID_DEVID;
|
||||
#endif
|
||||
|
||||
|
||||
/*----------------------------------------------------------------------------*
|
||||
| Setup
|
||||
*----------------------------------------------------------------------------*/
|
||||
|
@ -50593,6 +50592,77 @@ static int test_wolfSSL_SMIME_write_PKCS7(void)
|
|||
#endif /* HAVE_SMIME */
|
||||
#endif /* !NO_BIO */
|
||||
|
||||
/* Test of X509 store use outside of SSL context w/ CRL lookup (ALWAYS
|
||||
returns 0) */
|
||||
static int test_X509_STORE_No_SSL_CTX(void)
|
||||
{
|
||||
#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && \
|
||||
!defined(NO_WOLFSSL_DIR) && defined(HAVE_CRL) && \
|
||||
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
|
||||
(defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL))
|
||||
|
||||
X509_STORE *store;
|
||||
X509_STORE_CTX *storeCtx;
|
||||
X509_CRL *crl;
|
||||
X509 *ca, *cert;
|
||||
const char cliCrlPem[] = "./certs/crl/cliCrl.pem";
|
||||
const char srvCert[] = "./certs/server-cert.pem";
|
||||
const char caCert[] = "./certs/ca-cert.pem";
|
||||
const char caDir[] = "./certs/crl";
|
||||
XFILE fp;
|
||||
X509_LOOKUP *lookup;
|
||||
|
||||
printf(testingFmt, "test_X509_STORE_No_SSL_CTX");
|
||||
|
||||
AssertNotNull(store = (X509_STORE *)X509_STORE_new());
|
||||
|
||||
/* Set up store with CA */
|
||||
AssertNotNull((ca = wolfSSL_X509_load_certificate_file(caCert,
|
||||
SSL_FILETYPE_PEM)));
|
||||
AssertIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS);
|
||||
|
||||
/* Add CRL lookup directory to store
|
||||
NOTE: test uses ./certs/crl/0fdb2da4.r0, which is a copy of crl.pem */
|
||||
AssertNotNull((lookup = X509_STORE_add_lookup(store,
|
||||
X509_LOOKUP_hash_dir())));
|
||||
AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, caDir,
|
||||
X509_FILETYPE_PEM, NULL), SSL_SUCCESS);
|
||||
|
||||
AssertIntEQ(X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK),
|
||||
SSL_SUCCESS);
|
||||
|
||||
/* Add CRL to store NOT containing the verified certificate, which
|
||||
forces use of the CRL lookup directory */
|
||||
fp = XFOPEN(cliCrlPem, "rb");
|
||||
AssertTrue((fp != XBADFILE));
|
||||
AssertNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL,
|
||||
NULL, NULL));
|
||||
XFCLOSE(fp);
|
||||
AssertIntEQ(X509_STORE_add_crl(store, crl), SSL_SUCCESS);
|
||||
|
||||
/* Create verification context outside of an SSL session */
|
||||
AssertNotNull((storeCtx = X509_STORE_CTX_new()));
|
||||
AssertNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert,
|
||||
SSL_FILETYPE_PEM)));
|
||||
AssertIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS);
|
||||
|
||||
/* Perform verification, which should NOT indicate CRL missing due to the
|
||||
store CM's X509 store pointer being NULL */
|
||||
AssertIntNE(X509_verify_cert(storeCtx), CRL_MISSING);
|
||||
|
||||
X509_CRL_free(crl);
|
||||
X509_STORE_free(store);
|
||||
X509_STORE_CTX_free(storeCtx);
|
||||
X509_free(cert);
|
||||
X509_free(ca);
|
||||
|
||||
printf(resultFmt, passed);
|
||||
|
||||
#endif
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*----------------------------------------------------------------------------*
|
||||
| Certificate Failure Checks
|
||||
*----------------------------------------------------------------------------*/
|
||||
|
@ -56560,7 +56630,6 @@ static int test_stubs_are_stubs(void)
|
|||
return 0;
|
||||
}
|
||||
|
||||
|
||||
static int test_CONF_modules_xxx(void)
|
||||
{
|
||||
#if defined(OPENSSL_EXTRA)
|
||||
|
@ -60730,6 +60799,9 @@ TEST_CASE testCases[] = {
|
|||
#endif /* HAVE_SMIME */
|
||||
#endif /* !NO_BIO */
|
||||
|
||||
/* OpenSSL compatibility outside SSL context w/ CRL lookup directory */
|
||||
TEST_DECL(test_X509_STORE_No_SSL_CTX),
|
||||
|
||||
/* wolfCrypt ASN tests */
|
||||
TEST_DECL(test_wc_CreateEncryptedPKCS8Key),
|
||||
TEST_DECL(test_wc_GetPkcs8TraditionalOffset),
|
||||
|
|
Loading…
Reference in New Issue