Add -show_chain option to print out verified chain.

[openssl.git] / crypto / x509v3 / v3nametest.c

diff --git a/crypto/x509v3/v3nametest.c b/crypto/x509v3/v3nametest.c
index 5bf1201c6eb03c4bc17c8aa626e9ed6452376af2..77d86795c11e18e94441423bdff779fb698a278c 100644 (file)
--- a/crypto/x509v3/v3nametest.c
+++ b/crypto/x509v3/v3nametest.c
@@ -1,5 +1,6 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
+#include "../e_os.h"
 #include <string.h>
 
 static const char *const names[] =
@@ -24,6 +25,7 @@ static const char *const exceptions[] =
        "set CN: host: [*.example.com] matches [a.example.com]",
        "set CN: host: [*.example.com] matches [b.example.com]",
        "set CN: host: [*.example.com] matches [www.example.com]",
+       "set CN: host: [*.example.com] matches [xn--rger-koa.example.com]",
        "set CN: host: [test.*.example.com] does not match [test.*.example.com]",
        "set CN: host: [test.*.example.com] matches [test.www.example.com]",
        "set CN: host: [*.www.example.com] does not match [*.www.example.com]",
@@ -36,6 +38,7 @@ static const char *const exceptions[] =
        "set dnsName: host: [*.example.com] does not match [*.example.com]",
        "set dnsName: host: [*.example.com] matches [a.example.com]",
        "set dnsName: host: [*.example.com] matches [b.example.com]",
+       "set dnsName: host: [*.example.com] matches [xn--rger-koa.example.com]",
        "set dnsName: host: [*.www.example.com] matches [test.www.example.com]",
        "set dnsName: host: [*.www.example.com] does not match [*.www.example.com]",
        "set dnsName: host: [test.*.example.com] matches [test.www.example.com]",
@@ -249,7 +252,7 @@ static void check_message(const struct set_name_fn *fn, const char *op,
        char msg[1024];
        if (match < 0)
                return;
-       snprintf(msg, sizeof(msg), "%s: %s: [%s] %s [%s]",
+       BIO_snprintf(msg, sizeof(msg), "%s: %s: [%s] %s [%s]",
                 fn->name, op, nameincert,
                 match ? "matches" : "does not match", name);
        if (is_exception(msg))
@@ -273,28 +276,38 @@ static void run_cert(X509 *crt, const char *nameincert,
                ret = X509_check_host(crt, (const unsigned char *)name,
                                      namelen, 0);
                match = -1;
-               if (fn->host)
+               if (ret < 0)
                        {
-                       if (ret && !samename)
+                       fprintf(stderr, "internal error in X509_check_host");
+                       ++errors;
+                       }
+               else if (fn->host)
+                       {
+                       if (ret == 1 && !samename)
                                match = 1;
-                       if (!ret && samename)
+                       if (ret == 0 && samename)
                                match = 0;
                        }
-               else if (ret)
+               else if (ret == 1)
                        match = 1;
                check_message(fn, "host", nameincert, match, *pname);
 
                ret = X509_check_host(crt, (const unsigned char *)name,
                                      namelen, X509_CHECK_FLAG_NO_WILDCARDS);
                match = -1;
-               if (fn->host)
+               if (ret < 0)
                        {
-                       if (ret && !samename)
+                       fprintf(stderr, "internal error in X509_check_host");
+                       ++errors;
+                       }
+               else if (fn->host)
+                       {
+                       if (ret == 1 && !samename)
                                match = 1;
-                       if (!ret && samename)
+                       if (ret == 0 && samename)
                                match = 0;
                        }
-               else if (ret)
+               else if (ret == 1)
                        match = 1;
                check_message(fn, "host-no-wildcards",
                              nameincert, match, *pname);