diff options
author | Matt Caswell <matt@openssl.org> | 2023-03-07 17:07:57 +0000 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2023-03-28 14:09:38 +0200 |
commit | 23a4cbeb3ad80da3830f760f624599f24236bc38 (patch) | |
tree | f8dd5da616ad7903e7c0ce0fbd247d4b5de2713c | |
parent | b013765abfa80036dc779dd0e50602c57bb3bf95 (diff) | |
download | openssl-23a4cbeb3ad80da3830f760f624599f24236bc38.tar.gz |
Add a Certificate Policies Test
Test that a valid certificate policy is accepted and that an invalid
certificate policy is rejected. Specifically we are checking that a
leaf certificate with an invalid policy is detected.
Related-to: CVE-2023-0465
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20588)
-rw-r--r-- | test/recipes/25-test_verify.t | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t index ffa48ed20b..e7e352df0b 100644 --- a/test/recipes/25-test_verify.t +++ b/test/recipes/25-test_verify.t @@ -27,7 +27,7 @@ sub verify { run(app([@args])); } -plan tests => 146; +plan tests => 148; # Canonical success ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]), @@ -409,3 +409,14 @@ SKIP: { "ED25519 signature"); } + +# Certificate Policies +ok(verify("ee-cert-policies", "sslserver", ["root-cert"], ["ca-pol-cert"], + "-policy_check", "-policy", "1.3.6.1.4.1.16604.998855.1", + "-explicit_policy"), + "Certificate policy"); + +ok(!verify("ee-cert-policies-bad", "sslserver", ["root-cert"], ["ca-pol-cert"], + "-policy_check", "-policy", "1.3.6.1.4.1.16604.998855.1", + "-explicit_policy"), + "Bad certificate policy"); |