aboutsummaryrefslogtreecommitdiffstats
path: root/regress
diff options
context:
space:
mode:
authorLibravatarLibravatar daurnimator <quae@daurnimator.com> 2019-06-07 18:09:54 +1000
committerLibravatarLibravatar daurnimator <quae@daurnimator.com> 2019-06-11 15:39:06 +1000
commit6869810b4ec0c7241404ab5f7bb080417871d16e (patch)
tree0d220ea833d4dd4a7c4c1de8290dce41503cd2ac /regress
parentfeb050aeec4301f6febd576bf8321bd81eaf5e42 (diff)
downloadluaossl-6869810b4ec0c7241404ab5f7bb080417871d16e.tar.gz
luaossl-6869810b4ec0c7241404ab5f7bb080417871d16e.tar.bz2
luaossl-6869810b4ec0c7241404ab5f7bb080417871d16e.zip
src/openssl.c: Add cert:verify() to verify a certificate without a store
Diffstat (limited to 'regress')
-rwxr-xr-xregress/167-verify-cert.lua47
-rw-r--r--regress/regress.lua2
2 files changed, 49 insertions, 0 deletions
diff --git a/regress/167-verify-cert.lua b/regress/167-verify-cert.lua
new file mode 100755
index 0000000..b7433e8
--- /dev/null
+++ b/regress/167-verify-cert.lua
@@ -0,0 +1,47 @@
+#!/usr/bin/env lua
+
+local regress = require "regress"
+
+if (regress.openssl.OPENSSL_VERSION_NUMBER and regress.openssl.OPENSSL_VERSION_NUMBER < 0x10002000)
+ or (regress.openssl.LIBRESSL_VERSION_NUMBER and regress.openssl.LIBRESSL_VERSION_NUMBER < 0x20705000)
+then
+ -- skipping test due to different behaviour in earlier OpenSSL versions
+ return
+end
+
+local params = regress.verify_param.new()
+params:setDepth(0)
+
+local ca_key, ca_crt = regress.genkey()
+do -- should fail as no trust anchor
+ regress.check(not ca_crt:verify({params=params, chain=nil, store=nil}))
+end
+
+local store = regress.store.new()
+store:add(ca_crt)
+do -- should succeed as cert is in the store
+ regress.check(ca_crt:verify({params=params, chain=nil, store=store}))
+end
+
+local intermediate_key, intermediate_crt = regress.genkey(nil, ca_key, ca_crt)
+do -- should succeed as ca cert is in the store
+ regress.check(intermediate_crt:verify({params=params, chain=nil, store=store}))
+end
+
+local _, crt = regress.genkey(nil, intermediate_key, intermediate_crt)
+do -- should fail as intermediate cert is missing
+ regress.check(not crt:verify({params=params, chain=nil, store=store}))
+end
+
+local chain = regress.chain.new()
+chain:add(intermediate_crt)
+do -- should fail as max depth is too low
+ regress.check(not crt:verify({params=params, chain=chain, store=store}))
+end
+
+params:setDepth(1)
+do -- should succeed
+ regress.check(crt:verify({params=params, chain=chain, store=store}))
+end
+
+regress.say "OK"
diff --git a/regress/regress.lua b/regress/regress.lua
index 19ee065..5cdd22d 100644
--- a/regress/regress.lua
+++ b/regress/regress.lua
@@ -8,7 +8,9 @@ local regress = {
x509 = require"openssl.x509",
name = require"openssl.x509.name",
altname = require"openssl.x509.altname",
+ chain = require"openssl.x509.chain",
store = require"openssl.x509.store",
+ verify_param = require"openssl.x509.verify_param",
pack = table.pack or function (...)
local t = { ... }
t.n = select("#", ...)