1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
#!/usr/bin/env lua
local regress = require "regress"
if (regress.openssl.OPENSSL_VERSION_NUMBER and regress.openssl.OPENSSL_VERSION_NUMBER < 0x10002000)
or (regress.openssl.LIBRESSL_VERSION_NUMBER and regress.openssl.LIBRESSL_VERSION_NUMBER < 0x20705000)
then
-- skipping test due to different behaviour in earlier OpenSSL versions
return
end
local params = regress.verify_param.new()
params:setDepth(0)
local ca_key, ca_crt = regress.genkey()
do -- should fail as no trust anchor
regress.check(not ca_crt:verify({params=params, chain=nil, store=nil}))
end
local store = regress.store.new()
store:add(ca_crt)
do -- should succeed as cert is in the store
regress.check(ca_crt:verify({params=params, chain=nil, store=store}))
end
local intermediate_key, intermediate_crt = regress.genkey(nil, ca_key, ca_crt)
do -- should succeed as ca cert is in the store
regress.check(intermediate_crt:verify({params=params, chain=nil, store=store}))
end
local _, crt = regress.genkey(nil, intermediate_key, intermediate_crt)
do -- should fail as intermediate cert is missing
regress.check(not crt:verify({params=params, chain=nil, store=store}))
end
local chain = regress.chain.new()
chain:add(intermediate_crt)
do -- should fail as max depth is too low
regress.check(not crt:verify({params=params, chain=chain, store=store}))
end
params:setDepth(1)
do -- should succeed
regress.check(crt:verify({params=params, chain=chain, store=store}))
end
regress.say "OK"
|