50 lines
1.6 KiB
Diff
50 lines
1.6 KiB
Diff
From 23a4cbeb3ad80da3830f760f624599f24236bc38 Mon Sep 17 00:00:00 2001
|
|
From: Matt Caswell <matt@openssl.org>
|
|
Date: Tue, 7 Mar 2023 17:07:57 +0000
|
|
Subject: [PATCH] Add a Certificate Policies Test
|
|
|
|
Test that a valid certificate policy is accepted and that an invalid
|
|
certificate policy is rejected. Specifically we are checking that a
|
|
leaf certificate with an invalid policy is detected.
|
|
|
|
Related-to: CVE-2023-0465
|
|
|
|
Reviewed-by: Hugo Landau <hlandau@openssl.org>
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
|
(Merged from https://github.com/openssl/openssl/pull/20588)
|
|
---
|
|
test/recipes/25-test_verify.t | 13 ++++++++++++-
|
|
1 file changed, 12 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t
|
|
index d254bd8..a8043de 100644
|
|
--- a/test/recipes/25-test_verify.t
|
|
+++ b/test/recipes/25-test_verify.t
|
|
@@ -27,7 +27,7 @@ sub verify {
|
|
run(app([@args]));
|
|
}
|
|
|
|
-plan tests => 148;
|
|
+plan tests => 150;
|
|
|
|
# Canonical success
|
|
ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]),
|
|
@@ -421,3 +421,14 @@ SKIP: {
|
|
"31323334353637383132333435363738"),
|
|
"SM2 hex ID test");
|
|
}
|
|
+
|
|
+# Certificate Policies
|
|
+ok(verify("ee-cert-policies", "sslserver", ["root-cert"], ["ca-pol-cert"],
|
|
+ "-policy_check", "-policy", "1.3.6.1.4.1.16604.998855.1",
|
|
+ "-explicit_policy"),
|
|
+ "Certificate policy");
|
|
+
|
|
+ok(!verify("ee-cert-policies-bad", "sslserver", ["root-cert"], ["ca-pol-cert"],
|
|
+ "-policy_check", "-policy", "1.3.6.1.4.1.16604.998855.1",
|
|
+ "-explicit_policy"),
|
|
+ "Bad certificate policy");
|
|
--
|
|
2.36.1
|
|
|