25-test_eai_data.t@ 105945

Last change on this file since 105945 was 105945, checked in by vboxsync, 6 months ago
openssl-3.1.7: Applied and adjusted our OpenSSL changes to 3.1.7. bugref:10757
File size: 4.2 KB

Line
1	#! /usr/bin/env perl
2	# Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
3	#
4	# Licensed under the Apache License 2.0 (the "License"). You may not use
5	# this file except in compliance with the License. You can obtain a copy
6	# in the file LICENSE in the source distribution or at
7	# https://www.openssl.org/source/license.html
8
9
10	use strict;
11	use warnings;
12
13	use File::Spec;
14	use OpenSSL::Test::Utils;
15	use OpenSSL::Test qw/:DEFAULT srctop_file with/;
16
17	setup("test_eai_data");
18
19	#./util/wrap.pl apps/openssl verify -nameopt utf8 -no_check_time -CAfile test/recipes/25-test_eai_data/ascii_chain.pem test/recipes/25-test_eai_data/ascii_leaf.pem
20	#./util/wrap.pl apps/openssl verify -nameopt utf8 -no_check_time -CAfile test/recipes/25-test_eai_data/utf8_chain.pem test/recipes/25-test_eai_data/utf8_leaf.pem
21	#./util/wrap.pl apps/openssl verify -nameopt utf8 -no_check_time -CAfile test/recipes/25-test_eai_data/utf8_chain.pem test/recipes/25-test_eai_data/ascii_leaf.pem
22	#./util/wrap.pl apps/openssl verify -nameopt utf8 -no_check_time -CAfile test/recipes/25-test_eai_data/ascii_chain.pem test/recipes/25-test_eai_data/utf8_leaf.pem
23
24	plan tests => 16;
25
26	require_ok(srctop_file('test','recipes','tconversion.pl'));
27	my $folder = "test/recipes/25-test_eai_data";
28
29	my $ascii_pem = srctop_file($folder, "ascii_leaf.pem");
30	my $utf8_pem = srctop_file($folder, "utf8_leaf.pem");
31	my $kdc_pem = srctop_file($folder, "kdc-cert.pem");
32
33	my $ascii_chain_pem = srctop_file($folder, "ascii_chain.pem");
34	my $utf8_chain_pem = srctop_file($folder, "utf8_chain.pem");
35	my $kdc_chain_pem = srctop_file($folder, "kdc-root-cert.pem");
36
37	my $out;
38	my $outcnt = 0;
39	sub outname {
40	$outcnt++;
41	return "sanout-$outcnt.tmp";
42	}
43
44	$out = outname();
45	ok(run(app(["openssl", "x509", "-ext", "subjectAltName", "-in", $ascii_pem, "-noout", "-out", $out])));
46	is(cmp_text($out, srctop_file($folder, "san.ascii")), 0, 'Comparing othername for ASCII domain');
47
48	$out = outname();
49	ok(run(app(["openssl", "x509", "-ext", "subjectAltName", "-in", $utf8_pem, "-noout", "-out", $out])));
50	is(cmp_text($out, srctop_file($folder, "san.utf8")), 0, 'Comparing othername for IDN domain');
51
52	SKIP: {
53	skip "Unicode tests disabled on MingW", 2 if $^O =~ /^msys$/;
54
55	ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-verify_email", "学生\@elementary.school.example.com", "-CAfile", $ascii_chain_pem, $ascii_pem])));
56	ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-verify_email", "医生\@大学.example.com", "-CAfile", $utf8_chain_pem, $utf8_pem])));
57	}
58
59	ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $ascii_chain_pem, $ascii_pem])));
60	ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $utf8_chain_pem, $utf8_pem])));
61	ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $kdc_chain_pem, $kdc_pem])));
62
63	ok(!run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $ascii_chain_pem, $utf8_pem])));
64	ok(!run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $utf8_chain_pem, $ascii_pem])));
65
66	# Check an otherName does not get misparsed as an DNS name, (should trigger ASAN errors if violated).
67	ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-verify_hostname", 'mx1.example.com', "-CAfile", $kdc_chain_pem, $kdc_pem])));
68	# Check an otherName does not get misparsed as an email address, (should trigger ASAN errors if violated).
69	ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-verify_email", '[email protected]', "-CAfile", $kdc_chain_pem, $kdc_pem])));
70	# We expect SmtpUTF8Mailbox to be a UTF8 String, not an IA5String.
71	ok(!run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-verify_email", '[email protected]', "-CAfile", $kdc_chain_pem, $kdc_pem])));
72
73	#Check that we get the expected failure return code
74	with({ exit_checker => sub { return shift == 2; } },
75	sub {
76	ok(run(app(["openssl", "verify", "-CAfile",
77	srctop_file("test", "certs", "bad-othername-namec.pem"),
78	"-partial_chain", "-no_check_time", "-verify_email",
79	'[email protected]',
80	srctop_file("test", "certs", "bad-othername-namec.pem")])));
81	});
82

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/src/libs/openssl-3.1.7/test/recipes/25-test_eai_data.t@ 105945

Download in other formats: