Fix issue 1418 by moving check of KU_KEY_CERT_SIGN and weakening check_issued()

[openssl.git] / test / recipes / 25-test_verify.t

diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t
index 2997503355b12239808a6d4a0fc904b235482630..42d44dcdcec8f0264d12dfc08749a32cfdeeed03 100644 (file)
--- a/test/recipes/25-test_verify.t
+++ b/test/recipes/25-test_verify.t
@@ -27,7 +27,7 @@ sub verify {
     run(app([@args]));
 }
 
-plan tests => 143;
+plan tests => 144;
 
 # Canonical success
 ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]),
@@ -368,6 +368,9 @@ ok(verify("some-names2", "sslserver", ["many-constraints"], ["many-constraints"]
 ok(verify("root-cert-rsa2", "sslserver", ["root-cert-rsa2"], [], "-check_ss_sig"),
     "Public Key Algorithm rsa instead of rsaEncryption");
 
+    ok(verify("ee-self-signed", "sslserver", ["ee-self-signed"], []),
+       "accept trusted self-signed EE cert excluding key usage keyCertSign");
+
 SKIP: {
     skip "Ed25519 is not supported by this OpenSSL build", 5
              if disabled("ec");