pike.git / lib / modules / Standards.pmod / testsuite.in

version» Context lines:

pike.git/lib/modules/Standards.pmod/testsuite.in:345:   test_any([[    Crypto.RSA root_rsa = Crypto.RSA();    root_rsa->generate_key(512);    string root = Standards.X509.make_root_certificate(root_rsa, 3600, ([ "commonName":"*" ]));    object rtbs = Standards.X509.decode_certificate(root);       Crypto.RSA cert_rsa = Crypto.RSA();    cert_rsa->generate_key(512);    string c = Standards.X509.make_site_certificate(rtbs, root_rsa, cert_rsa, 3600, ([ "commonName":"*" ]));    -  mapping m = Standards.X509.verify_certificate_chain( ({ c }), ([ rtbs->subject->get_der() : rtbs->public_key ]), 1); -  return m->verified; +  mapping auths = ([ rtbs->subject->get_der() : rtbs->public_key ]); +  +  mapping m = Standards.X509.verify_certificate_chain( ({ c }), auths, 1); +  if(!m->verified || m->error_code) return m; +  +  c = Standards.X509.make_selfsigned_certificate(cert_rsa, 3600, ([ "commonName":"*" ])); +  m = Standards.X509.verify_certificate_chain( ({ c }), auths, 1); +  if(m->verified || m->error_code!=Standards.X509.CERT_BAD_SIGNATURE) return m; +  +  c = Standards.X509.make_site_certificate(rtbs, root_rsa, cert_rsa, -3600, ([ "commonName":"*" ])); +  m = Standards.X509.verify_certificate_chain( ({ c }), auths, 1); +  if(!m->verified || m->error_code!=Standards.X509.CERT_TOO_OLD) return m; +  +  return 1;   ]], 1)    -  + test_true(mappingp(Standards.X509.load_authorities())) +    define(test_cert, ([[    test_true(Standards.X509.verify_certificate(Standards.PEM.Messages(#"$1")->parts->CERTIFICATE->body, ([])))   ]]))      dnl openssl req -x509 -nodes -days 365 -subj "/CN=PikeCert" -md5 -newkey rsa:2048 -out certfile.cer   test_cert(-----BEGIN CERTIFICATE-----   MIIC+TCCAeGgAwIBAgIJAK9S+nXAkU+DMA0GCSqGSIb3DQEBBAUAMBMxETAPBgNV   BAMMCFBpa2VDZXJ0MB4XDTEzMTEyMTIxMjM1MFoXDTE0MTEyMTIxMjM1MFowEzER   MA8GA1UEAwwIUGlrZUNlcnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB   AQDacxSu60OEhmtfBd+p9oaQ+4w13Cwp70dwRrjPb/y33sFWKN3YZ+rq/8aNXPUO