catch up with the Unix build.
A number of new tests, among others test/tocsp.com
Define INTERNAL in ssl/ssl-lib.com to allow for '#include "internal/foo.h"'
Reviewed-by: Andy Polyakov <appro@openssl.org>
$!
$ ENGINES = "," + P6
$ IF ENGINES .EQS. "," THEN -
- ENGINES = ",4758cca,aep,atalla,cswift,chil,nuron,sureware,ubsec,padlock,"
+ ENGINES = ",4758cca,padlock,capi,"
$!
$! GOST requires a 64-bit integer type, unavailable on VAX.
$!
$ IF (ARCH .NES. "VAX") THEN -
- ENGINES = ENGINES+ ",ccgost"
+ ENGINES = ENGINES+ ",gost"
$!
$! Check options.
$!
$ TV_OBJ = ",''TV_OBJ_NAME'"
$ ENDIF
$ ENGINE_4758CCA = "e_4758cca"
-$ ENGINE_aep = "e_aep"
-$ ENGINE_atalla = "e_atalla"
-$ ENGINE_cswift = "e_cswift"
-$ ENGINE_chil = "e_chil"
-$ ENGINE_nuron = "e_nuron"
-$ ENGINE_sureware = "e_sureware"
-$ ENGINE_ubsec = "e_ubsec"
$ ENGINE_padlock = "e_padlock"
-$
-$ ENGINE_ccgost_SUBDIR = "ccgost"
-$ ENGINE_ccgost = "e_gost_err,gost2001_keyx,gost2001,gost89,gost94_keyx,"+ -
- "gost_ameth,gost_asn1,gost_crypt,gost_ctl,gost_eng,"+ -
- "gosthash,gost_keywrap,gost_md,gost_params,gost_pmeth,"+ -
- "gost_sign"
+$ ENGINE_capi = "e_capi"
+$
+$ ENGINE_gost_SUBDIR = "ccgost"
+$ ENGINE_gost = "e_gost_err,gost2001_keyx,gost2001,gost89,gost94_keyx,"+ -
+ "gost_ameth,gost_asn1,gost_crypt,gost_ctl,gost_eng,"+ -
+ "gosthash,gost_keywrap,gost_md,gost_params,gost_pmeth,"+ -
+ "gost_sign"
$!
$! Define which programs need to be linked with a TCP/IP library
$!
$!
$! Define The Different SSL "library" Files.
$!
-$ LIB_SSL = "s2_meth,s2_srvr,s2_clnt,s2_lib,s2_enc,s2_pkt,"+ -
- "s3_meth,s3_srvr,s3_clnt,s3_lib,s3_enc,s3_pkt,s3_both,"+ -
- "s23_meth,s23_srvr,s23_clnt,s23_lib,s23_pkt,"+ -
- "t1_meth,t1_srvr,t1_clnt,t1_lib,t1_enc,"+ -
- "d1_meth,d1_srvr,d1_clnt,d1_lib,d1_pkt,"+ -
- "d1_both,d1_enc,d1_srtp,"+ -
+$ LIB_SSL = "s3_meth, s3_srvr, s3_clnt, s3_lib, s3_enc,s3_pkt,s3_both,s3_cbc,"+ -
+ "s23_meth,s23_srvr,s23_clnt,s23_lib, s23_pkt,"+ -
+ "t1_meth, t1_srvr, t1_clnt, t1_lib, t1_enc, t1_ext,"+ -
+ "d1_meth, d1_srvr, d1_clnt, d1_lib, d1_pkt,"+ -
+ "d1_both,d1_srtp,"+ -
"ssl_lib,ssl_err2,ssl_cert,ssl_sess,"+ -
"ssl_ciph,ssl_stat,ssl_rsa,"+ -
- "ssl_asn1,ssl_txt,ssl_algs,"+ -
- "bio_ssl,ssl_err,kssl,t1_reneg,tls_srp,t1_trce"
+ "ssl_asn1,ssl_txt,ssl_algs,ssl_conf,"+ -
+ "bio_ssl,ssl_err,kssl,t1_reneg,tls_srp,t1_trce,ssl_utst"
$!
$ COMPILEWITH_CC5 = ""
$!
$!
$! O.K, Extract The File Name From The File List.
$!
-$ FILE_NAME = F$ELEMENT(FILE_COUNTER,",",LIB_SSL)
+$ FILE_NAME = F$EDIT(F$ELEMENT(FILE_COUNTER,",",LIB_SSL),"TRIM")
$!
$! Check To See If We Are At The End Of The File List.
$!
$ TEST_FILES = "BNTEST,ECTEST,ECDSATEST,ECDHTEST,IDEATEST,"+ -
"MD2TEST,MD4TEST,MD5TEST,HMACTEST,WP_TEST,"+ -
"RC2TEST,RC4TEST,RC5TEST,"+ -
- "DESTEST,SHATEST,SHA1TEST,SHA256T,SHA512T,"+ -
+ "DESTEST,SHA1TEST,SHA256T,SHA512T,"+ -
"MDC2TEST,RMDTEST,"+ -
"RANDTEST,DHTEST,ENGINETEST,"+ -
- "BFTEST,CASTTEST,SSLTEST,EXPTEST,DSATEST,RSA_TEST,"+ -
- "EVP_TEST,IGETEST,JPAKETEST,SRPTEST"
+ "GOST2814789TEST,"+ -
+ "BFTEST,CASTTEST,SSLTEST,"+ -
+ "EXPTEST,DSATEST,RSA_TEST,"+ -
+ "EVP_TEST,IGETEST,JPAKETEST,SRPTEST,"+ -
+ "V3NAMETEST,HEARTBEAT_TEST,P5_CRPT2_TEST,"+ -
+ "CONSTANT_TIME_TEST"
$! Should we add MTTEST,PQ_TEST,LH_TEST,DIVTEST,TABTEST as well?
$!
$! Additional directory information.
-$ T_D_BNTEST := [-.crypto.bn]
-$ T_D_ECTEST := [-.crypto.ec]
-$ T_D_ECDSATEST := [-.crypto.ecdsa]
-$ T_D_ECDHTEST := [-.crypto.ecdh]
-$ T_D_IDEATEST := [-.crypto.idea]
-$ T_D_MD2TEST := [-.crypto.md2]
-$ T_D_MD4TEST := [-.crypto.md4]
-$ T_D_MD5TEST := [-.crypto.md5]
-$ T_D_HMACTEST := [-.crypto.hmac]
-$ T_D_WP_TEST := [-.crypto.whrlpool]
-$ T_D_RC2TEST := [-.crypto.rc2]
-$ T_D_RC4TEST := [-.crypto.rc4]
-$ T_D_RC5TEST := [-.crypto.rc5]
-$ T_D_DESTEST := [-.crypto.des]
-$ T_D_SHATEST := [-.crypto.sha]
-$ T_D_SHA1TEST := [-.crypto.sha]
-$ T_D_SHA256T := [-.crypto.sha]
-$ T_D_SHA512T := [-.crypto.sha]
-$ T_D_MDC2TEST := [-.crypto.mdc2]
-$ T_D_RMDTEST := [-.crypto.ripemd]
-$ T_D_RANDTEST := [-.crypto.rand]
-$ T_D_DHTEST := [-.crypto.dh]
-$ T_D_ENGINETEST := [-.crypto.engine]
-$ T_D_BFTEST := [-.crypto.bf]
-$ T_D_CASTTEST := [-.crypto.cast]
-$ T_D_SSLTEST := [-.ssl]
-$ T_D_EXPTEST := [-.crypto.bn]
-$ T_D_DSATEST := [-.crypto.dsa]
-$ T_D_RSA_TEST := [-.crypto.rsa]
-$ T_D_EVP_TEST := [-.crypto.evp]
-$ T_D_IGETEST := [-.test]
-$ T_D_JPAKETEST := [-.crypto.jpake]
-$ T_D_SRPTEST := [-.crypto.srp]
+$ T_D_BNTEST := [-.crypto.bn]
+$ T_D_ECTEST := [-.crypto.ec]
+$ T_D_ECDSATEST := [-.crypto.ecdsa]
+$ T_D_ECDHTEST := [-.crypto.ecdh]
+$ T_D_IDEATEST := [-.crypto.idea]
+$ T_D_MD2TEST := [-.crypto.md2]
+$ T_D_MD4TEST := [-.crypto.md4]
+$ T_D_MD5TEST := [-.crypto.md5]
+$ T_D_HMACTEST := [-.crypto.hmac]
+$ T_D_WP_TEST := [-.crypto.whrlpool]
+$ T_D_RC2TEST := [-.crypto.rc2]
+$ T_D_RC4TEST := [-.crypto.rc4]
+$ T_D_RC5TEST := [-.crypto.rc5]
+$ T_D_DESTEST := [-.crypto.des]
+$ T_D_SHATEST := [-.crypto.sha]
+$ T_D_SHA1TEST := [-.crypto.sha]
+$ T_D_SHA256T := [-.crypto.sha]
+$ T_D_SHA512T := [-.crypto.sha]
+$ T_D_MDC2TEST := [-.crypto.mdc2]
+$ T_D_RMDTEST := [-.crypto.ripemd]
+$ T_D_RANDTEST := [-.crypto.rand]
+$ T_D_DHTEST := [-.crypto.dh]
+$ T_D_ENGINETEST := [-.crypto.engine]
+$ T_D_GOST2814789TEST := [-.engines.ccgost]
+$ T_D_BFTEST := [-.crypto.bf]
+$ T_D_CASTTEST := [-.crypto.cast]
+$ T_D_SSLTEST := [-.ssl]
+$ T_D_EXPTEST := [-.crypto.bn]
+$ T_D_DSATEST := [-.crypto.dsa]
+$ T_D_RSA_TEST := [-.crypto.rsa]
+$ T_D_EVP_TEST := [-.crypto.evp]
+$ T_D_IGETEST := [-.test]
+$ T_D_JPAKETEST := [-.crypto.jpake]
+$ T_D_SRPTEST := [-.crypto.srp]
+$ T_D_V3NAMETEST := [-.crypto.x509v3]
+$ T_D_HEARTBEAT_TEST := [-.ssl]
+$ T_D_P5_CRPT2_TEST := [-.crypto.evp]
+$ T_D_CONSTANT_TIME_TEST := [-.crypto]
$!
$ TCPIP_PROGRAMS = ",,"
$ IF COMPILER .EQS. "VAXC" THEN -
$!
$! Set basic C compiler /INCLUDE directories.
$!
-$ CC_INCLUDES = "SYS$DISK:[-],SYS$DISK:[-.CRYPTO]"
+$ CC_INCLUDES = "SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[-.CRYPTO]"
$!
$! Check To See If P1 Is Blank.
$!
$ __HERE = F$EDIT(__HERE,"UPCASE")
$ __TOP = __HERE - "TEST]"
$ __INCLUDE = __TOP + "INCLUDE.OPENSSL]"
+$ __INTERNAL = __TOP + "CRYPTO.INCLUDE.INTERNAL]"
$!
$! Set up the logical name OPENSSL to point at the include directory
$!
$ DEFINE OPENSSL /NOLOG '__INCLUDE'
+$ DEFINE INTERNAL /NOLOG '__INTERNAL'
$!
$! Done
$!
$ IF __SAVE_OPENSSL .EQS. ""
$ THEN
$ DEASSIGN OPENSSL
+$ DEASSIGN INTERNAL
$ ELSE
$ DEFINE /NOLOG OPENSSL '__SAVE_OPENSSL'
$ ENDIF
$!
$ texe_dir := sys$disk:[-.'__archd'.exe.test]
$ exe_dir := sys$disk:[-.'__archd'.exe.apps]
+$ engines_dir := sys$disk:[-.'__archd'.exe.engines]
$
$ set default '__here'
$
$ tests := -
test_des,test_idea,test_sha,test_md4,test_md5,test_hmac,-
test_md2,test_mdc2,test_wp,-
- test_rmd,test_rc2,test_rc4,test_rc5,test_bf,test_cast,test_aes,-
+ test_rmd,test_rc2,test_rc4,test_rc5,test_bf,test_cast,-
test_rand,test_bn,test_ec,test_ecdsa,test_ecdh,-
test_enc,test_x509,test_rsa,test_crl,test_sid,-
test_gen,test_req,test_pkcs7,test_verify,test_dh,test_dsa,-
test_ss,test_ca,test_engine,test_evp,test_ssl,test_tsa,test_ige,-
- test_jpake,test_srp,test_cms
+ test_jpake,test_srp,test_cms,test_v3name,test_ocsp,-
+ test_gost2814789,test_heartbeat,test_p5_crpt2,-
+ test_constant_time
$ endif
$ tests = f$edit(tests,"COLLAPSE")
$
-$ BNTEST := bntest
-$ ECTEST := ectest
-$ ECDSATEST := ecdsatest
-$ ECDHTEST := ecdhtest
-$ EXPTEST := exptest
-$ IDEATEST := ideatest
-$ SHATEST := shatest
-$ SHA1TEST := sha1test
-$ MDC2TEST := mdc2test
-$ RMDTEST := rmdtest
-$ MD2TEST := md2test
-$ MD4TEST := md4test
-$ MD5TEST := md5test
-$ HMACTEST := hmactest
-$ WPTEST := wp_test
-$ RC2TEST := rc2test
-$ RC4TEST := rc4test
-$ RC5TEST := rc5test
-$ BFTEST := bftest
-$ CASTTEST := casttest
-$ DESTEST := destest
-$ RANDTEST := randtest
-$ DHTEST := dhtest
-$ DSATEST := dsatest
-$ METHTEST := methtest
-$ SSLTEST := ssltest
-$ RSATEST := rsa_test
-$ ENGINETEST := enginetest
-$ EVPTEST := evp_test
-$ IGETEST := igetest
-$ JPAKETEST := jpaketest
-$ SRPTEST := srptest
+$ BNTEST := bntest
+$ ECTEST := ectest
+$ ECDSATEST := ecdsatest
+$ ECDHTEST := ecdhtest
+$ EXPTEST := exptest
+$ IDEATEST := ideatest
+$ SHA1TEST := sha1test
+$ SHA256TEST := sha256t
+$ SHA512TEST := sha512t
+$ MDC2TEST := mdc2test
+$ RMDTEST := rmdtest
+$ MD2TEST := md2test
+$ MD4TEST := md4test
+$ MD5TEST := md5test
+$ HMACTEST := hmactest
+$ WPTEST := wp_test
+$ RC2TEST := rc2test
+$ RC4TEST := rc4test
+$ RC5TEST := rc5test
+$ BFTEST := bftest
+$ CASTTEST := casttest
+$ DESTEST := destest
+$ RANDTEST := randtest
+$ DHTEST := dhtest
+$ DSATEST := dsatest
+$ METHTEST := methtest
+$ SSLTEST := ssltest
+$ RSATEST := rsa_test
+$ ENGINETEST := enginetest
+$ GOST2814789TEST := gost2814789test
+$ EVPTEST := evp_test
+$ P5_CRPT2_TEST := p5_crpt2_test
+$ IGETEST := igetest
+$ JPAKETEST := jpaketest
+$ SRPTEST := srptest
+$ V3NAMETEST := v3nametest
+$ HEARTBEATTEST := heartbeat_test
+$ CONSTTIMETEST := constant_time_test
$!
$ tests_i = 0
$ loop_tests:
$ test_evp:
$ mcr 'texe_dir''evptest' 'ROOT'.CRYPTO.EVP]evptests.txt
$ return
+$ test_p5_crpt2:
+$ mcr 'texe_dir''p5_crpt2_test'
+$ return
$ test_des:
$ mcr 'texe_dir''destest'
$ return
$ mcr 'texe_dir''ideatest'
$ return
$ test_sha:
-$ mcr 'texe_dir''shatest'
$ mcr 'texe_dir''sha1test'
+$ mcr 'texe_dir''sha256test'
+$ mcr 'texe_dir''sha512test'
$ return
$ test_mdc2:
$ mcr 'texe_dir''mdc2test'
$ test_rand:
$ mcr 'texe_dir''randtest'
$ return
+$ test_gost2814789:
+$ define/user OPENSSL_ENGINES 'engines_dir'
+$ mcr 'texe_dir''gost2814789test'
+$ return
$ test_enc:
$ @testenc.com 'pointer_size'
$ return
$ write sys$output "Test SRP"
$ mcr 'texe_dir''srptest'
$ return
-$
+$ test_v3name:
+$ write sys$output "Test X509v3_check_*"
+$ mcr 'texe_dir''v3nametest'
+$ return
+$ test_ocsp:
+$ write sys$output "Test OCSP"
+$ @tocsp.com
+$ return
+$ test_heartbeat:
+$ mcr 'texe_dir''heartbeattest'
+$ return
+$ test_constant_time:
+$ write sys$output "Test constant time utilites"
+$ mcr 'texe_dir''consttimetest'
+$ return
$
$ exit:
$ mcr 'exe_dir'openssl version -a
--- /dev/null
+$! TOCSP.COM -- Test ocsp
+$
+$ __arch = "VAX"
+$ if f$getsyi("cpu") .ge. 128 then -
+ __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$ if __arch .eqs. "" then __arch = "UNK"
+$!
+$ if (p2 .eqs. "64") then __arch = __arch+ "_64"
+$!
+$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
+$
+$ cmd = "mcr ''f$parse(exe_dir+"openssl.exe")'"
+$ ocspdir = "ocsp-tests"
+$
+$! 17 December 2012 so we don't get certificate expiry errors.
+$ check_time="-attime 1355875200"
+$
+$ test_ocsp:
+$ subroutine
+$ 'cmd' base64 -d -in [.'ocspdir']'p1' -out ocsp-test.test-bin
+$ 'cmd' ocsp -respin ocsp-test.test-bin -partial_chain 'check_time' -
+ "-CAfile" [.'ocspdir']'p2' -verify_other [.'ocspdir']'p2' "-CApath" NLA0:
+$ if $severity .ne. p3+1
+$ then
+$ write sys$error "OCSP test failed!"
+$ exit 3
+$ endif
+$ endsubroutine
+$
+$ set noon
+$
+$ write sys$output "=== VALID OCSP RESPONSES ==="
+$ write sys$output "NON-DELEGATED; Intermediate CA -> EE"
+$ call test_ocsp "ND1.ors" "ND1_Issuer_ICA.pem" 0
+$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
+$ call test_ocsp "ND2.ors" "ND2_Issuer_Root.pem" 0
+$ write sys$output "NON-DELEGATED; Root CA -> EE"
+$ call test_ocsp "ND3.ors" "ND3_Issuer_Root.pem" 0
+$ write sys$output "DELEGATED; Intermediate CA -> EE"
+$ call test_ocsp "D1.ors" "D1_Issuer_ICA.pem" 0
+$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
+$ call test_ocsp "D2.ors" "D2_Issuer_Root.pem" 0
+$ write sys$output "DELEGATED; Root CA -> EE"
+$ call test_ocsp "D3.ors" "D3_Issuer_Root.pem" 0
+$
+$ write sys$output "=== INVALID SIGNATURE on the OCSP RESPONSE ==="
+$ write sys$output "NON-DELEGATED; Intermediate CA -> EE"
+$ call test_ocsp "ISOP_ND1.ors" "ND1_Issuer_ICA.pem" 1
+$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
+$ call test_ocsp "ISOP_ND2.ors" "ND2_Issuer_Root.pem" 1
+$ write sys$output "NON-DELEGATED; Root CA -> EE"
+$ call test_ocsp "ISOP_ND3.ors" "ND3_Issuer_Root.pem" 1
+$ write sys$output "DELEGATED; Intermediate CA -> EE"
+$ call test_ocsp "ISOP_D1.ors" "D1_Issuer_ICA.pem" 1
+$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
+$ call test_ocsp "ISOP_D2.ors" "D2_Issuer_Root.pem" 1
+$ write sys$output "DELEGATED; Root CA -> EE"
+$ call test_ocsp "ISOP_D3.ors" "D3_Issuer_Root.pem" 1
+$
+$ write sys$output "=== WRONG RESPONDERID in the OCSP RESPONSE ==="
+$ write sys$output "NON-DELEGATED; Intermediate CA -> EE"
+$ call test_ocsp "WRID_ND1.ors" "ND1_Issuer_ICA.pem" 1
+$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
+$ call test_ocsp "WRID_ND2.ors" "ND2_Issuer_Root.pem" 1
+$ write sys$output "NON-DELEGATED; Root CA -> EE"
+$ call test_ocsp "WRID_ND3.ors" "ND3_Issuer_Root.pem" 1
+$ write sys$output "DELEGATED; Intermediate CA -> EE"
+$ call test_ocsp "WRID_D1.ors" "D1_Issuer_ICA.pem" 1
+$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
+$ call test_ocsp "WRID_D2.ors" "D2_Issuer_Root.pem" 1
+$ write sys$output "DELEGATED; Root CA -> EE"
+$ call test_ocsp "WRID_D3.ors" "D3_Issuer_Root.pem" 1
+$
+$ write sys$output "=== WRONG ISSUERNAMEHASH in the OCSP RESPONSE ==="
+$ write sys$output "NON-DELEGATED; Intermediate CA -> EE"
+$ call test_ocsp "WINH_ND1.ors" "ND1_Issuer_ICA.pem" 1
+$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
+$ call test_ocsp "WINH_ND2.ors" "ND2_Issuer_Root.pem" 1
+$ write sys$output "NON-DELEGATED; Root CA -> EE"
+$ call test_ocsp "WINH_ND3.ors" "ND3_Issuer_Root.pem" 1
+$ write sys$output "DELEGATED; Intermediate CA -> EE"
+$ call test_ocsp "WINH_D1.ors" "D1_Issuer_ICA.pem" 1
+$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
+$ call test_ocsp "WINH_D2.ors" "D2_Issuer_Root.pem" 1
+$ write sys$output "DELEGATED; Root CA -> EE"
+$ call test_ocsp "WINH_D3.ors" "D3_Issuer_Root.pem" 1
+$
+$ write sys$output "=== WRONG ISSUERKEYHASH in the OCSP RESPONSE ==="
+$ write sys$output "NON-DELEGATED; Intermediate CA -> EE"
+$ call test_ocsp "WIKH_ND1.ors" "ND1_Issuer_ICA.pem" 1
+$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
+$ call test_ocsp "WIKH_ND2.ors" "ND2_Issuer_Root.pem" 1
+$ write sys$output "NON-DELEGATED; Root CA -> EE"
+$ call test_ocsp "WIKH_ND3.ors" "ND3_Issuer_Root.pem" 1
+$ write sys$output "DELEGATED; Intermediate CA -> EE"
+$ call test_ocsp "WIKH_D1.ors" "D1_Issuer_ICA.pem" 1
+$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
+$ call test_ocsp "WIKH_D2.ors" "D2_Issuer_Root.pem" 1
+$ write sys$output "DELEGATED; Root CA -> EE"
+$ call test_ocsp "WIKH_D3.ors" "D3_Issuer_Root.pem" 1
+$
+$ write sys$output "=== WRONG KEY in the DELEGATED OCSP SIGNING CERTIFICATE ==="
+$ write sys$output "DELEGATED; Intermediate CA -> EE"
+$ call test_ocsp "WKDOSC_D1.ors" "D1_Issuer_ICA.pem" 1
+$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
+$ call test_ocsp "WKDOSC_D2.ors" "D2_Issuer_Root.pem" 1
+$ write sys$output "DELEGATED; Root CA -> EE"
+$ call test_ocsp "WKDOSC_D3.ors" "D3_Issuer_Root.pem" 1
+$
+$ write sys$output "=== INVALID SIGNATURE on the DELEGATED OCSP SIGNING CERTIFICATE ==="
+$ write sys$output "DELEGATED; Intermediate CA -> EE"
+$ call test_ocsp "ISDOSC_D1.ors" "D1_Issuer_ICA.pem" 1
+$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
+$ call test_ocsp "ISDOSC_D2.ors" "D2_Issuer_Root.pem" 1
+$ write sys$output "DELEGATED; Root CA -> EE"
+$ call test_ocsp "ISDOSC_D3.ors" "D3_Issuer_Root.pem" 1
+$
+$ write sys$output "=== WRONG SUBJECT NAME in the ISSUER CERTIFICATE ==="
+$ write sys$output "NON-DELEGATED; Intermediate CA -> EE"
+$ call test_ocsp "ND1.ors" "WSNIC_ND1_Issuer_ICA.pem" 1
+$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
+$ call test_ocsp "ND2.ors" "WSNIC_ND2_Issuer_Root.pem" 1
+$ write sys$output "NON-DELEGATED; Root CA -> EE"
+$ call test_ocsp "ND3.ors" "WSNIC_ND3_Issuer_Root.pem" 1
+$ write sys$output "DELEGATED; Intermediate CA -> EE"
+$ call test_ocsp "D1.ors" "WSNIC_D1_Issuer_ICA.pem" 1
+$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
+$ call test_ocsp "D2.ors" "WSNIC_D2_Issuer_Root.pem" 1
+$ write sys$output "DELEGATED; Root CA -> EE"
+$ call test_ocsp "D3.ors" "WSNIC_D3_Issuer_Root.pem" 1
+$
+$ write sys$output "=== WRONG KEY in the ISSUER CERTIFICATE ==="
+$ write sys$output "NON-DELEGATED; Intermediate CA -> EE"
+$ call test_ocsp "ND1.ors" "WKIC_ND1_Issuer_ICA.pem" 1
+$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
+$ call test_ocsp "ND2.ors" "WKIC_ND2_Issuer_Root.pem" 1
+$ write sys$output "NON-DELEGATED; Root CA -> EE"
+$ call test_ocsp "ND3.ors" "WKIC_ND3_Issuer_Root.pem" 1
+$ write sys$output "DELEGATED; Intermediate CA -> EE"
+$ call test_ocsp "D1.ors" "WKIC_D1_Issuer_ICA.pem" 1
+$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
+$ call test_ocsp "D2.ors" "WKIC_D2_Issuer_Root.pem" 1
+$ write sys$output "DELEGATED; Root CA -> EE"
+$ call test_ocsp "D3.ors" "WKIC_D3_Issuer_Root.pem" 1
+$
+$ write sys$output "=== INVALID SIGNATURE on the ISSUER CERTIFICATE ==="
+$! Expect success, because we're explicitly trusting the issuer certificate.
+$ write sys$output "NON-DELEGATED; Intermediate CA -> EE"
+$ call test_ocsp "ND1.ors" "ISIC_ND1_Issuer_ICA.pem" 0
+$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
+$ call test_ocsp "ND2.ors" "ISIC_ND2_Issuer_Root.pem" 0
+$ write sys$output "NON-DELEGATED; Root CA -> EE"
+$ call test_ocsp "ND3.ors" "ISIC_ND3_Issuer_Root.pem" 0
+$ write sys$output "DELEGATED; Intermediate CA -> EE"
+$ call test_ocsp "D1.ors" "ISIC_D1_Issuer_ICA.pem" 0
+$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
+$ call test_ocsp "D2.ors" "ISIC_D2_Issuer_Root.pem" 0
+$ write sys$output "DELEGATED; Root CA -> EE"
+$ call test_ocsp "D3.ors" "ISIC_D3_Issuer_Root.pem" 0
+$
+$ write sys$output "ALL OCSP TESTS SUCCESSFUL"
+$
+$ set on
+$
+$ exit
projects / openssl.git / commitdiff