projects / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4acd484)
Add four more verify test cases on the self-signed Ed25519 and self-issed X25519...
authorDr. David von Oheimb <David.von.Oheimb@siemens.com>
Mon, 23 Dec 2019 19:23:24 +0000 (20:23 +0100)
committerDr. David von Oheimb <David.von.Oheimb@siemens.com>
Wed, 1 Jul 2020 09:14:54 +0000 (11:14 +0200)
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10587)

test/recipes/25-test_verify.t patch | blob | history

diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t
index 39b95e1ca4a7b710d92eb18d62dae30eed44bc2b..2997503355b12239808a6d4a0fc904b235482630 100644 (file)
--- a/test/recipes/25-test_verify.t
+++ b/test/recipes/25-test_verify.t
@@ -27,7 +27,7 @@ sub verify {
     run(app([@args]));
 }
 
     run(app([@args]));
 }
 
-plan tests => 139;
+plan tests => 143;
 
 # Canonical success
 ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]),
 
 # Canonical success
 ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]),
@@ -369,13 +369,25 @@ ok(verify("root-cert-rsa2", "sslserver", ["root-cert-rsa2"], [], "-check_ss_sig"
     "Public Key Algorithm rsa instead of rsaEncryption");
 
 SKIP: {
     "Public Key Algorithm rsa instead of rsaEncryption");
 
 SKIP: {
-    skip "Ed25519 is not supported by this OpenSSL build", 1
+    skip "Ed25519 is not supported by this OpenSSL build", 5
              if disabled("ec");
 
     # ED25519 certificate from draft-ietf-curdle-pkix-04
     ok(verify("ee-ed25519", "sslserver", ["root-ed25519"], []),
        "accept X25519 EE cert issued by trusted Ed25519 self-signed CA cert");
 
              if disabled("ec");
 
     # ED25519 certificate from draft-ietf-curdle-pkix-04
     ok(verify("ee-ed25519", "sslserver", ["root-ed25519"], []),
        "accept X25519 EE cert issued by trusted Ed25519 self-signed CA cert");
 
+    ok(!verify("root-ed25519", "sslserver", ["ee-ed25519"], []),
+       "fail Ed25519 CA and EE certs swapped");
+
+    ok(verify("root-ed25519", "sslserver", ["root-ed25519"], []),
+       "accept trusted Ed25519 self-signed CA cert");
+
+    ok(!verify("ee-ed25519", "sslserver", ["ee-ed25519"], []),
+       "fail trusted Ed25519-signed self-issued X25519 cert");
+
+    ok(verify("ee-ed25519", "sslserver", ["ee-ed25519"], [], "-partial_chain"),
+       "accept last-resort direct leaf match Ed25519-signed self-issued cert");
+
 }
 
 SKIP: {
 }
 
 SKIP: {
Unnamed repository; edit this file 'description' to name the repository.