summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBen Laurie <ben@openssl.org>2012-12-10 17:52:17 +0100
committerBen Laurie <ben@openssl.org>2012-12-10 17:52:17 +0100
commitec40e5ff4233bc1d931f13103591d44b420de2d9 (patch)
treeb241d064e92dbe141735b28850edd6b6d85ee67d
parentrevert SUITEB128ONLY patch, anything wanting to use P-384 can use SUITEB128 i... (diff)
downloadopenssl-ec40e5ff4233bc1d931f13103591d44b420de2d9.tar.xz
openssl-ec40e5ff4233bc1d931f13103591d44b420de2d9.zip
Tabification. Remove accidental duplication.
-rw-r--r--crypto/ocsp/ocsp_vfy.c6
-rw-r--r--test/tocsp197
2 files changed, 3 insertions, 200 deletions
diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c
index 7ce7393ac8..214b4020fe 100644
--- a/crypto/ocsp/ocsp_vfy.c
+++ b/crypto/ocsp/ocsp_vfy.c
@@ -173,14 +173,14 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
ret = X509_verify_cert(&ctx);
chain = tmpchain = X509_STORE_CTX_get1_chain(&ctx);
X509_STORE_CTX_cleanup(&ctx);
- if (ret <= 0)
+ if (ret <= 0)
{
i = X509_STORE_CTX_get_error(&ctx);
OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,OCSP_R_CERTIFICATE_VERIFY_ERROR);
ERR_add_error_data(2, "Verify error:",
X509_verify_cert_error_string(i));
- goto end;
- }
+ goto end;
+ }
verified_chain:
if(flags & OCSP_NOCHECKS)
diff --git a/test/tocsp b/test/tocsp
index eabaf8765c..5d6c24abfd 100644
--- a/test/tocsp
+++ b/test/tocsp
@@ -195,200 +195,3 @@ if [ $? != 0 ]; then exit 1; fi
/bin/rm $ocspdir/*.ors.der
echo "ALL OCSP TESTS SUCCESSFUL"
exit 0
-#!/bin/sh
-
-cmd='../util/shlib_wrap.sh ../apps/openssl'
-ocspdir="ocsp-tests"
-stdparams="-trust_other -CApath /dev/null"
-
-for resp in `ls -1 $ocspdir/*.ors`
-do
- $cmd base64 -d -in $resp -out $resp.der
-done
-
-echo "=== VALID OCSP RESPONSES ==="
-echo "NON-DELEGATED; Intermediate CA -> EE"
-$cmd ocsp -respin $ocspdir/ND1.ors.der -verify_other $ocspdir/ND1_Issuer_ICA.pem $stdparams
-if [ $? != 0 ]; then exit 1; fi
-echo "NON-DELEGATED; Root CA -> Intermediate CA"
-$cmd ocsp -respin $ocspdir/ND2.ors.der -verify_other $ocspdir/ND2_Issuer_Root.pem $stdparams
-if [ $? != 0 ]; then exit 1; fi
-echo "NON-DELEGATED; Root CA -> EE"
-$cmd ocsp -respin $ocspdir/ND3.ors.der -verify_other $ocspdir/ND3_Issuer_Root.pem $stdparams
-if [ $? != 0 ]; then exit 1; fi
-echo "DELEGATED; Intermediate CA -> EE"
-$cmd ocsp -respin $ocspdir/D1.ors.der -verify_other $ocspdir/D1_Issuer_ICA.pem $stdparams
-if [ $? != 0 ]; then exit 1; fi
-echo "DELEGATED; Root CA -> Intermediate CA"
-$cmd ocsp -respin $ocspdir/D2.ors.der -verify_other $ocspdir/D2_Issuer_Root.pem $stdparams
-if [ $? != 0 ]; then exit 1; fi
-echo "DELEGATED; Root CA -> EE"
-$cmd ocsp -respin $ocspdir/D3.ors.der -verify_other $ocspdir/D3_Issuer_Root.pem $stdparams
-if [ $? != 0 ]; then exit 1; fi
-
-echo "=== INVALID SIGNATURE on the OCSP RESPONSE ==="
-echo "NON-DELEGATED; Intermediate CA -> EE"
-$cmd ocsp -respin $ocspdir/ISOP_ND1.ors.der -verify_other $ocspdir/ND1_Issuer_ICA.pem $stdparams
-if [ $? = 0 ]; then exit 1; fi
-echo "NON-DELEGATED; Root CA -> Intermediate CA"
-$cmd ocsp -respin $ocspdir/ISOP_ND2.ors.der -verify_other $ocspdir/ND2_Issuer_Root.pem $stdparams
-if [ $? = 0 ]; then exit 1; fi
-echo "NON-DELEGATED; Root CA -> EE"
-$cmd ocsp -respin $ocspdir/ISOP_ND3.ors.der -verify_other $ocspdir/ND3_Issuer_Root.pem $stdparams
-if [ $? = 0 ]; then exit 1; fi
-echo "DELEGATED; Intermediate CA -> EE"
-$cmd ocsp -respin $ocspdir/ISOP_D1.ors.der -verify_other $ocspdir/D1_Issuer_ICA.pem $stdparams
-if [ $? = 0 ]; then exit 1; fi
-echo "DELEGATED; Root CA -> Intermediate CA"
-$cmd ocsp -respin $ocspdir/ISOP_D2.ors.der -verify_other $ocspdir/D2_Issuer_Root.pem $stdparams
-if [ $? = 0 ]; then exit 1; fi
-echo "DELEGATED; Root CA -> EE"
-$cmd ocsp -respin $ocspdir/ISOP_D3.ors.der -verify_other $ocspdir/D3_Issuer_Root.pem $stdparams
-if [ $? = 0 ]; then exit 1; fi
-
-echo "=== WRONG RESPONDERID in the OCSP RESPONSE ==="
-echo "NON-DELEGATED; Intermediate CA -> EE"
-$cmd ocsp -respin $ocspdir/WRID_ND1.ors.der -verify_other $ocspdir/ND1_Issuer_ICA.pem $stdparams
-if [ $? = 0 ]; then exit 1; fi
-echo "NON-DELEGATED; Root CA -> Intermediate CA"
-$cmd ocsp -respin $ocspdir/WRID_ND2.ors.der -verify_other $ocspdir/ND2_Issuer_Root.pem $stdparams
-if [ $? = 0 ]; then exit 1; fi
-echo "NON-DELEGATED; Root CA -> EE"
-$cmd ocsp -respin $ocspdir/WRID_ND3.ors.der -verify_other $ocspdir/ND3_Issuer_Root.pem $stdparams
-if [ $? = 0 ]; then exit 1; fi
-echo "DELEGATED; Intermediate CA -> EE"
-$cmd ocsp -respin $ocspdir/WRID_D1.ors.der -verify_other $ocspdir/D1_Issuer_ICA.pem $stdparams
-if [ $? = 0 ]; then exit 1; fi
-echo "DELEGATED; Root CA -> Intermediate CA"
-$cmd ocsp -respin $ocspdir/WRID_D2.ors.der -verify_other $ocspdir/D2_Issuer_Root.pem $stdparams
-if [ $? = 0 ]; then exit 1; fi
-echo "DELEGATED; Root CA -> EE"
-$cmd ocsp -respin $ocspdir/WRID_D3.ors.der -verify_other $ocspdir/D3_Issuer_Root.pem $stdparams
-if [ $? = 0 ]; then exit 1; fi
-
-echo "=== WRONG ISSUERNAMEHASH in the OCSP RESPONSE ==="
-echo "NON-DELEGATED; Intermediate CA -> EE"
-$cmd ocsp -respin $ocspdir/WINH_ND1.ors.der -verify_other $ocspdir/ND1_Issuer_ICA.pem $stdparams
-if [ $? = 0 ]; then exit 1; fi
-echo "NON-DELEGATED; Root CA -> Intermediate CA"
-$cmd ocsp -respin $ocspdir/WINH_ND2.ors.der -verify_other $ocspdir/ND2_Issuer_Root.pem $stdparams
-if [ $? = 0 ]; then exit 1; fi
-echo "NON-DELEGATED; Root CA -> EE"
-$cmd ocsp -respin $ocspdir/WINH_ND3.ors.der -verify_other $ocspdir/ND3_Issuer_Root.pem $stdparams
-if [ $? = 0 ]; then exit 1; fi
-echo "DELEGATED; Intermediate CA -> EE"
-$cmd ocsp -respin $ocspdir/WINH_D1.ors.der -verify_other $ocspdir/D1_Issuer_ICA.pem $stdparams
-if [ $? = 0 ]; then exit 1; fi
-echo "DELEGATED; Root CA -> Intermediate CA"
-$cmd ocsp -respin $ocspdir/WINH_D2.ors.der -verify_other $ocspdir/D2_Issuer_Root.pem $stdparams
-if [ $? = 0 ]; then exit 1; fi
-echo "DELEGATED; Root CA -> EE"
-$cmd ocsp -respin $ocspdir/WINH_D3.ors.der -verify_other $ocspdir/D3_Issuer_Root.pem $stdparams
-if [ $? = 0 ]; then exit 1; fi
-
-echo "=== WRONG ISSUERKEYHASH in the OCSP RESPONSE ==="
-echo "NON-DELEGATED; Intermediate CA -> EE"
-$cmd ocsp -respin $ocspdir/WIKH_ND1.ors.der -verify_other $ocspdir/ND1_Issuer_ICA.pem $stdparams
-if [ $? = 0 ]; then exit 1; fi
-echo "NON-DELEGATED; Root CA -> Intermediate CA"
-$cmd ocsp -respin $ocspdir/WIKH_ND2.ors.der -verify_other $ocspdir/ND2_Issuer_Root.pem $stdparams
-if [ $? = 0 ]; then exit 1; fi
-echo "NON-DELEGATED; Root CA -> EE"
-$cmd ocsp -respin $ocspdir/WIKH_ND3.ors.der -verify_other $ocspdir/ND3_Issuer_Root.pem $stdparams
-if [ $? = 0 ]; then exit 1; fi
-echo "DELEGATED; Intermediate CA -> EE"
-$cmd ocsp -respin $ocspdir/WIKH_D1.ors.der -verify_other $ocspdir/D1_Issuer_ICA.pem $stdparams
-if [ $? = 0 ]; then exit 1; fi
-echo "DELEGATED; Root CA -> Intermediate CA"
-$cmd ocsp -respin $ocspdir/WIKH_D2.ors.der -verify_other $ocspdir/D2_Issuer_Root.pem $stdparams
-if [ $? = 0 ]; then exit 1; fi
-echo "DELEGATED; Root CA -> EE"
-$cmd ocsp -respin $ocspdir/WIKH_D3.ors.der -verify_other $ocspdir/D3_Issuer_Root.pem $stdparams
-if [ $? = 0 ]; then exit 1; fi
-
-echo "=== WRONG KEY in the DELEGATED OCSP SIGNING CERTIFICATE ==="
-echo "DELEGATED; Intermediate CA -> EE"
-$cmd ocsp -respin $ocspdir/WKDOSC_D1.ors.der -verify_other $ocspdir/D1_Issuer_ICA.pem $std_params
-if [ $? = 0 ]; then exit 1; fi
-echo "DELEGATED; Root CA -> Intermediate CA"
-$cmd ocsp -respin $ocspdir/WKDOSC_D2.ors.der -verify_other $ocspdir/D2_Issuer_Root.pem $std_params
-if [ $? = 0 ]; then exit 1; fi
-echo "DELEGATED; Root CA -> EE"
-$cmd ocsp -respin $ocspdir/WKDOSC_D3.ors.der -verify_other $ocspdir/D3_Issuer_Root.pem $std_params
-if [ $? = 0 ]; then exit 1; fi
-
-echo "=== INVALID SIGNATURE on the DELEGATED OCSP SIGNING CERTIFICATE ==="
-echo "DELEGATED; Intermediate CA -> EE"
-$cmd ocsp -respin $ocspdir/ISDOSC_D1.ors.der -verify_other $ocspdir/D1_Issuer_ICA.pem $stdparams
-if [ $? = 0 ]; then exit 1; fi
-echo "DELEGATED; Root CA -> Intermediate CA"
-$cmd ocsp -respin $ocspdir/ISDOSC_D2.ors.der -verify_other $ocspdir/D2_Issuer_Root.pem $stdparams
-if [ $? = 0 ]; then exit 1; fi
-echo "DELEGATED; Root CA -> EE"
-$cmd ocsp -respin $ocspdir/ISDOSC_D3.ors.der -verify_other $ocspdir/D3_Issuer_Root.pem $stdparams
-if [ $? = 0 ]; then exit 1; fi
-
-echo "=== WRONG SUBJECT NAME in the ISSUER CERTIFICATE ==="
-echo "NON-DELEGATED; Intermediate CA -> EE"
-$cmd ocsp -respin $ocspdir/ND1.ors.der -verify_other $ocspdir/WSNIC_ND1_Issuer_ICA.pem $stdparams
-if [ $? = 0 ]; then exit 1; fi
-echo "NON-DELEGATED; Root CA -> Intermediate CA"
-$cmd ocsp -respin $ocspdir/ND2.ors.der -verify_other $ocspdir/WSNIC_ND2_Issuer_Root.pem $stdparams
-if [ $? = 0 ]; then exit 1; fi
-echo "NON-DELEGATED; Root CA -> EE"
-$cmd ocsp -respin $ocspdir/ND3.ors.der -verify_other $ocspdir/WSNIC_ND3_Issuer_Root.pem $stdparams
-if [ $? = 0 ]; then exit 1; fi
-echo "DELEGATED; Intermediate CA -> EE"
-$cmd ocsp -respin $ocspdir/D1.ors.der -verify_other $ocspdir/WSNIC_D1_Issuer_ICA.pem $stdparams
-if [ $? = 0 ]; then exit 1; fi
-echo "DELEGATED; Root CA -> Intermediate CA"
-$cmd ocsp -respin $ocspdir/D2.ors.der -verify_other $ocspdir/WSNIC_D2_Issuer_Root.pem $stdparams
-if [ $? = 0 ]; then exit 1; fi
-echo "DELEGATED; Root CA -> EE"
-$cmd ocsp -respin $ocspdir/D3.ors.der -verify_other $ocspdir/WSNIC_D3_Issuer_Root.pem $stdparams
-if [ $? = 0 ]; then exit 1; fi
-
-echo "=== WRONG KEY in the ISSUER CERTIFICATE ==="
-echo "NON-DELEGATED; Intermediate CA -> EE"
-$cmd ocsp -respin $ocspdir/ND1.ors.der -verify_other $ocspdir/WKIC_ND1_Issuer_ICA.pem $stdparams
-if [ $? = 0 ]; then exit 1; fi
-echo "NON-DELEGATED; Root CA -> Intermediate CA"
-$cmd ocsp -respin $ocspdir/ND2.ors.der -verify_other $ocspdir/WKIC_ND2_Issuer_Root.pem $stdparams
-if [ $? = 0 ]; then exit 1; fi
-echo "NON-DELEGATED; Root CA -> EE"
-$cmd ocsp -respin $ocspdir/ND3.ors.der -verify_other $ocspdir/WKIC_ND3_Issuer_Root.pem $stdparams
-if [ $? = 0 ]; then exit 1; fi
-echo "DELEGATED; Intermediate CA -> EE"
-$cmd ocsp -respin $ocspdir/D1.ors.der -verify_other $ocspdir/WKIC_D1_Issuer_ICA.pem $stdparams
-if [ $? = 0 ]; then exit 1; fi
-echo "DELEGATED; Root CA -> Intermediate CA"
-$cmd ocsp -respin $ocspdir/D2.ors.der -verify_other $ocspdir/WKIC_D2_Issuer_Root.pem $stdparams
-if [ $? = 0 ]; then exit 1; fi
-echo "DELEGATED; Root CA -> EE"
-$cmd ocsp -respin $ocspdir/D3.ors.der -verify_other $ocspdir/WKIC_D3_Issuer_Root.pem $stdparams
-if [ $? = 0 ]; then exit 1; fi
-
-echo "=== INVALID SIGNATURE on the ISSUER CERTIFICATE ==="
-# Expect success, because we're explicitly trusting the issuer certificate.
-echo "NON-DELEGATED; Intermediate CA -> EE"
-$cmd ocsp -respin $ocspdir/ND1.ors.der -verify_other $ocspdir/ISIC_ND1_Issuer_ICA.pem $stdparams
-if [ $? != 0 ]; then exit 1; fi
-echo "NON-DELEGATED; Root CA -> Intermediate CA"
-$cmd ocsp -respin $ocspdir/ND2.ors.der -verify_other $ocspdir/ISIC_ND2_Issuer_Root.pem $stdparams
-if [ $? != 0 ]; then exit 1; fi
-echo "NON-DELEGATED; Root CA -> EE"
-$cmd ocsp -respin $ocspdir/ND3.ors.der -verify_other $ocspdir/ISIC_ND3_Issuer_Root.pem $stdparams
-if [ $? != 0 ]; then exit 1; fi
-echo "DELEGATED; Intermediate CA -> EE"
-$cmd ocsp -respin $ocspdir/D1.ors.der -verify_other $ocspdir/ISIC_D1_Issuer_ICA.pem $stdparams
-if [ $? != 0 ]; then exit 1; fi
-echo "DELEGATED; Root CA -> Intermediate CA"
-$cmd ocsp -respin $ocspdir/D2.ors.der -verify_other $ocspdir/ISIC_D2_Issuer_Root.pem $stdparams
-if [ $? != 0 ]; then exit 1; fi
-echo "DELEGATED; Root CA -> EE"
-$cmd ocsp -respin $ocspdir/D3.ors.der -verify_other $ocspdir/ISIC_D3_Issuer_Root.pem $stdparams
-if [ $? != 0 ]; then exit 1; fi
-
-/bin/rm $ocspdir/*.ors.der
-echo "ALL OCSP TESTS SUCCESSFUL"
-exit 0