return (x->ex_flags & EXFLAG_INVALID) == 0;
}
+ ERR_set_mark();
+
/* Cache the SHA1 digest of the cert */
if (!X509_digest(x, EVP_sha1(), x->sha1_hash, NULL))
x->ex_flags |= EXFLAG_NO_FINGERPRINT;
- ERR_set_mark();
-
/* V1 should mean no extensions ... */
if (X509_get_version(x) == X509_VERSION_1)
x->ex_flags |= EXFLAG_V1;
res = setup_crldp(x);
if (res == 0)
x->ex_flags |= EXFLAG_INVALID;
- else if (res < 0)
- goto err;
#ifndef OPENSSL_NO_RFC3779
x->rfc3779_addr = X509_get_ext_d2i(x, NID_sbgp_ipAddrBlock, &i, NULL);
*/
#endif
ERR_pop_to_mark();
- if ((x->ex_flags & (EXFLAG_INVALID | EXFLAG_NO_FINGERPRINT)) == 0) {
+
+ if ((x->ex_flags & EXFLAG_INVALID) == 0) {
CRYPTO_THREAD_unlock(x->lock);
return 1;
}
- if ((x->ex_flags & EXFLAG_INVALID) != 0)
- ERR_raise(ERR_LIB_X509, X509V3_R_INVALID_CERTIFICATE);
- /* If computing sha1_hash failed the error queue already reflects this. */
-
- err:
- x->ex_flags |= EXFLAG_SET; /* indicate that cert has been processed */
CRYPTO_THREAD_unlock(x->lock);
+ ERR_raise(ERR_LIB_X509, X509V3_R_INVALID_CERTIFICATE);
return 0;
}
#include <openssl/x509_vfy.h>
-static X509 *test_cert;
-
-/* Avoid using X509_new() via the generic macros below. */
-#define X509_new() X509_dup(test_cert)
-
typedef struct test_fixture {
const char *test_case_name;
OSSL_CMP_CTX *ctx;
static STACK_OF(X509) *sk_X509_new_1(void)
{
STACK_OF(X509) *sk = sk_X509_new_null();
- X509 *x = X509_dup(test_cert);
+ X509 *x = X509_new();
if (x == NULL || !sk_X509_push(sk, x)) {
sk_X509_free(sk);
OSSL_CMP_CTX *ctx = fixture->ctx;
ASN1_OCTET_STRING *bytes = NULL;
STACK_OF(X509) *certs = NULL;
+ X509 *cert = X509_new();
int res = 0;
/* set non-default values in all relevant fields */
ctx->status = 1;
ctx->failInfoCode = 1;
if (!ossl_cmp_ctx_set0_statusString(ctx, sk_ASN1_UTF8STRING_new_null())
- || !ossl_cmp_ctx_set0_newCert(ctx, X509_dup(test_cert))
+ || !ossl_cmp_ctx_set0_newCert(ctx, X509_new())
|| !TEST_ptr(certs = sk_X509_new_1())
|| !ossl_cmp_ctx_set1_newChain(ctx, certs)
|| !ossl_cmp_ctx_set1_caPubs(ctx, certs)
|| !ossl_cmp_ctx_set1_extraCertsIn(ctx, certs)
- || !ossl_cmp_ctx_set1_validatedSrvCert(ctx, test_cert)
+ || !ossl_cmp_ctx_set1_validatedSrvCert(ctx, cert)
|| !TEST_ptr(bytes = ASN1_OCTET_STRING_new())
|| !OSSL_CMP_CTX_set1_transactionID(ctx, bytes)
|| !OSSL_CMP_CTX_set1_senderNonce(ctx, bytes)
res = 1;
err:
+ X509_free(cert);
sk_X509_pop_X509_free(certs);
ASN1_OCTET_STRING_free(bytes);
return res;
} \
\
if (!(*push_fn)(ctx, val2)) { \
- TEST_error("pushting second value failed"); \
+ TEST_error("pushing second value failed"); \
res = 0; \
} \
if (PUSHN == 0) \
int setup_tests(void)
{
- char *cert_file;
-
if (!test_skip_common_options()) {
TEST_error("Error parsing test options\n");
return 0;
}
- if (!TEST_ptr(cert_file = test_get_argument(0))
- || !TEST_ptr(test_cert = load_cert_pem(cert_file, NULL)))
- return 0;
-
/* OSSL_CMP_CTX_new() is tested by set_up() */
/* OSSL_CMP_CTX_free() is tested by tear_down() */
ADD_TEST(test_CTX_reinit);