blob: b7433e893972f54a29bdb5a9f514e4eb38baaeb5 (
plain) (
tree)
|
|
#!/usr/bin/env lua
local regress = require "regress"
if (regress.openssl.OPENSSL_VERSION_NUMBER and regress.openssl.OPENSSL_VERSION_NUMBER < 0x10002000)
or (regress.openssl.LIBRESSL_VERSION_NUMBER and regress.openssl.LIBRESSL_VERSION_NUMBER < 0x20705000)
then
-- skipping test due to different behaviour in earlier OpenSSL versions
return
end
local params = regress.verify_param.new()
params:setDepth(0)
local ca_key, ca_crt = regress.genkey()
do -- should fail as no trust anchor
regress.check(not ca_crt:verify({params=params, chain=nil, store=nil}))
end
local store = regress.store.new()
store:add(ca_crt)
do -- should succeed as cert is in the store
regress.check(ca_crt:verify({params=params, chain=nil, store=store}))
end
local intermediate_key, intermediate_crt = regress.genkey(nil, ca_key, ca_crt)
do -- should succeed as ca cert is in the store
regress.check(intermediate_crt:verify({params=params, chain=nil, store=store}))
end
local _, crt = regress.genkey(nil, intermediate_key, intermediate_crt)
do -- should fail as intermediate cert is missing
regress.check(not crt:verify({params=params, chain=nil, store=store}))
end
local chain = regress.chain.new()
chain:add(intermediate_crt)
do -- should fail as max depth is too low
regress.check(not crt:verify({params=params, chain=chain, store=store}))
end
params:setDepth(1)
do -- should succeed
regress.check(crt:verify({params=params, chain=chain, store=store}))
end
regress.say "OK"
|
