diff options
author | Ben Laurie <ben@openssl.org> | 2012-12-10 17:52:17 +0100 |
---|---|---|
committer | Ben Laurie <ben@openssl.org> | 2012-12-10 17:52:17 +0100 |
commit | ec40e5ff4233bc1d931f13103591d44b420de2d9 (patch) | |
tree | b241d064e92dbe141735b28850edd6b6d85ee67d | |
parent | revert SUITEB128ONLY patch, anything wanting to use P-384 can use SUITEB128 i... (diff) | |
download | openssl-ec40e5ff4233bc1d931f13103591d44b420de2d9.tar.xz openssl-ec40e5ff4233bc1d931f13103591d44b420de2d9.zip |
Tabification. Remove accidental duplication.
-rw-r--r-- | crypto/ocsp/ocsp_vfy.c | 6 | ||||
-rw-r--r-- | test/tocsp | 197 |
2 files changed, 3 insertions, 200 deletions
diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c index 7ce7393ac8..214b4020fe 100644 --- a/crypto/ocsp/ocsp_vfy.c +++ b/crypto/ocsp/ocsp_vfy.c @@ -173,14 +173,14 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, ret = X509_verify_cert(&ctx); chain = tmpchain = X509_STORE_CTX_get1_chain(&ctx); X509_STORE_CTX_cleanup(&ctx); - if (ret <= 0) + if (ret <= 0) { i = X509_STORE_CTX_get_error(&ctx); OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,OCSP_R_CERTIFICATE_VERIFY_ERROR); ERR_add_error_data(2, "Verify error:", X509_verify_cert_error_string(i)); - goto end; - } + goto end; + } verified_chain: if(flags & OCSP_NOCHECKS) diff --git a/test/tocsp b/test/tocsp index eabaf8765c..5d6c24abfd 100644 --- a/test/tocsp +++ b/test/tocsp @@ -195,200 +195,3 @@ if [ $? != 0 ]; then exit 1; fi /bin/rm $ocspdir/*.ors.der echo "ALL OCSP TESTS SUCCESSFUL" exit 0 -#!/bin/sh - -cmd='../util/shlib_wrap.sh ../apps/openssl' -ocspdir="ocsp-tests" -stdparams="-trust_other -CApath /dev/null" - -for resp in `ls -1 $ocspdir/*.ors` -do - $cmd base64 -d -in $resp -out $resp.der -done - -echo "=== VALID OCSP RESPONSES ===" -echo "NON-DELEGATED; Intermediate CA -> EE" -$cmd ocsp -respin $ocspdir/ND1.ors.der -verify_other $ocspdir/ND1_Issuer_ICA.pem $stdparams -if [ $? != 0 ]; then exit 1; fi -echo "NON-DELEGATED; Root CA -> Intermediate CA" -$cmd ocsp -respin $ocspdir/ND2.ors.der -verify_other $ocspdir/ND2_Issuer_Root.pem $stdparams -if [ $? != 0 ]; then exit 1; fi -echo "NON-DELEGATED; Root CA -> EE" -$cmd ocsp -respin $ocspdir/ND3.ors.der -verify_other $ocspdir/ND3_Issuer_Root.pem $stdparams -if [ $? != 0 ]; then exit 1; fi -echo "DELEGATED; Intermediate CA -> EE" -$cmd ocsp -respin $ocspdir/D1.ors.der -verify_other $ocspdir/D1_Issuer_ICA.pem $stdparams -if [ $? != 0 ]; then exit 1; fi -echo "DELEGATED; Root CA -> Intermediate CA" -$cmd ocsp -respin $ocspdir/D2.ors.der -verify_other $ocspdir/D2_Issuer_Root.pem $stdparams -if [ $? != 0 ]; then exit 1; fi -echo "DELEGATED; Root CA -> EE" -$cmd ocsp -respin $ocspdir/D3.ors.der -verify_other $ocspdir/D3_Issuer_Root.pem $stdparams -if [ $? != 0 ]; then exit 1; fi - -echo "=== INVALID SIGNATURE on the OCSP RESPONSE ===" -echo "NON-DELEGATED; Intermediate CA -> EE" -$cmd ocsp -respin $ocspdir/ISOP_ND1.ors.der -verify_other $ocspdir/ND1_Issuer_ICA.pem $stdparams -if [ $? = 0 ]; then exit 1; fi -echo "NON-DELEGATED; Root CA -> Intermediate CA" -$cmd ocsp -respin $ocspdir/ISOP_ND2.ors.der -verify_other $ocspdir/ND2_Issuer_Root.pem $stdparams -if [ $? = 0 ]; then exit 1; fi -echo "NON-DELEGATED; Root CA -> EE" -$cmd ocsp -respin $ocspdir/ISOP_ND3.ors.der -verify_other $ocspdir/ND3_Issuer_Root.pem $stdparams -if [ $? = 0 ]; then exit 1; fi -echo "DELEGATED; Intermediate CA -> EE" -$cmd ocsp -respin $ocspdir/ISOP_D1.ors.der -verify_other $ocspdir/D1_Issuer_ICA.pem $stdparams -if [ $? = 0 ]; then exit 1; fi -echo "DELEGATED; Root CA -> Intermediate CA" -$cmd ocsp -respin $ocspdir/ISOP_D2.ors.der -verify_other $ocspdir/D2_Issuer_Root.pem $stdparams -if [ $? = 0 ]; then exit 1; fi -echo "DELEGATED; Root CA -> EE" -$cmd ocsp -respin $ocspdir/ISOP_D3.ors.der -verify_other $ocspdir/D3_Issuer_Root.pem $stdparams -if [ $? = 0 ]; then exit 1; fi - -echo "=== WRONG RESPONDERID in the OCSP RESPONSE ===" -echo "NON-DELEGATED; Intermediate CA -> EE" -$cmd ocsp -respin $ocspdir/WRID_ND1.ors.der -verify_other $ocspdir/ND1_Issuer_ICA.pem $stdparams -if [ $? = 0 ]; then exit 1; fi -echo "NON-DELEGATED; Root CA -> Intermediate CA" -$cmd ocsp -respin $ocspdir/WRID_ND2.ors.der -verify_other $ocspdir/ND2_Issuer_Root.pem $stdparams -if [ $? = 0 ]; then exit 1; fi -echo "NON-DELEGATED; Root CA -> EE" -$cmd ocsp -respin $ocspdir/WRID_ND3.ors.der -verify_other $ocspdir/ND3_Issuer_Root.pem $stdparams -if [ $? = 0 ]; then exit 1; fi -echo "DELEGATED; Intermediate CA -> EE" -$cmd ocsp -respin $ocspdir/WRID_D1.ors.der -verify_other $ocspdir/D1_Issuer_ICA.pem $stdparams -if [ $? = 0 ]; then exit 1; fi -echo "DELEGATED; Root CA -> Intermediate CA" -$cmd ocsp -respin $ocspdir/WRID_D2.ors.der -verify_other $ocspdir/D2_Issuer_Root.pem $stdparams -if [ $? = 0 ]; then exit 1; fi -echo "DELEGATED; Root CA -> EE" -$cmd ocsp -respin $ocspdir/WRID_D3.ors.der -verify_other $ocspdir/D3_Issuer_Root.pem $stdparams -if [ $? = 0 ]; then exit 1; fi - -echo "=== WRONG ISSUERNAMEHASH in the OCSP RESPONSE ===" -echo "NON-DELEGATED; Intermediate CA -> EE" -$cmd ocsp -respin $ocspdir/WINH_ND1.ors.der -verify_other $ocspdir/ND1_Issuer_ICA.pem $stdparams -if [ $? = 0 ]; then exit 1; fi -echo "NON-DELEGATED; Root CA -> Intermediate CA" -$cmd ocsp -respin $ocspdir/WINH_ND2.ors.der -verify_other $ocspdir/ND2_Issuer_Root.pem $stdparams -if [ $? = 0 ]; then exit 1; fi -echo "NON-DELEGATED; Root CA -> EE" -$cmd ocsp -respin $ocspdir/WINH_ND3.ors.der -verify_other $ocspdir/ND3_Issuer_Root.pem $stdparams -if [ $? = 0 ]; then exit 1; fi -echo "DELEGATED; Intermediate CA -> EE" -$cmd ocsp -respin $ocspdir/WINH_D1.ors.der -verify_other $ocspdir/D1_Issuer_ICA.pem $stdparams -if [ $? = 0 ]; then exit 1; fi -echo "DELEGATED; Root CA -> Intermediate CA" -$cmd ocsp -respin $ocspdir/WINH_D2.ors.der -verify_other $ocspdir/D2_Issuer_Root.pem $stdparams -if [ $? = 0 ]; then exit 1; fi -echo "DELEGATED; Root CA -> EE" -$cmd ocsp -respin $ocspdir/WINH_D3.ors.der -verify_other $ocspdir/D3_Issuer_Root.pem $stdparams -if [ $? = 0 ]; then exit 1; fi - -echo "=== WRONG ISSUERKEYHASH in the OCSP RESPONSE ===" -echo "NON-DELEGATED; Intermediate CA -> EE" -$cmd ocsp -respin $ocspdir/WIKH_ND1.ors.der -verify_other $ocspdir/ND1_Issuer_ICA.pem $stdparams -if [ $? = 0 ]; then exit 1; fi -echo "NON-DELEGATED; Root CA -> Intermediate CA" -$cmd ocsp -respin $ocspdir/WIKH_ND2.ors.der -verify_other $ocspdir/ND2_Issuer_Root.pem $stdparams -if [ $? = 0 ]; then exit 1; fi -echo "NON-DELEGATED; Root CA -> EE" -$cmd ocsp -respin $ocspdir/WIKH_ND3.ors.der -verify_other $ocspdir/ND3_Issuer_Root.pem $stdparams -if [ $? = 0 ]; then exit 1; fi -echo "DELEGATED; Intermediate CA -> EE" -$cmd ocsp -respin $ocspdir/WIKH_D1.ors.der -verify_other $ocspdir/D1_Issuer_ICA.pem $stdparams -if [ $? = 0 ]; then exit 1; fi -echo "DELEGATED; Root CA -> Intermediate CA" -$cmd ocsp -respin $ocspdir/WIKH_D2.ors.der -verify_other $ocspdir/D2_Issuer_Root.pem $stdparams -if [ $? = 0 ]; then exit 1; fi -echo "DELEGATED; Root CA -> EE" -$cmd ocsp -respin $ocspdir/WIKH_D3.ors.der -verify_other $ocspdir/D3_Issuer_Root.pem $stdparams -if [ $? = 0 ]; then exit 1; fi - -echo "=== WRONG KEY in the DELEGATED OCSP SIGNING CERTIFICATE ===" -echo "DELEGATED; Intermediate CA -> EE" -$cmd ocsp -respin $ocspdir/WKDOSC_D1.ors.der -verify_other $ocspdir/D1_Issuer_ICA.pem $std_params -if [ $? = 0 ]; then exit 1; fi -echo "DELEGATED; Root CA -> Intermediate CA" -$cmd ocsp -respin $ocspdir/WKDOSC_D2.ors.der -verify_other $ocspdir/D2_Issuer_Root.pem $std_params -if [ $? = 0 ]; then exit 1; fi -echo "DELEGATED; Root CA -> EE" -$cmd ocsp -respin $ocspdir/WKDOSC_D3.ors.der -verify_other $ocspdir/D3_Issuer_Root.pem $std_params -if [ $? = 0 ]; then exit 1; fi - -echo "=== INVALID SIGNATURE on the DELEGATED OCSP SIGNING CERTIFICATE ===" -echo "DELEGATED; Intermediate CA -> EE" -$cmd ocsp -respin $ocspdir/ISDOSC_D1.ors.der -verify_other $ocspdir/D1_Issuer_ICA.pem $stdparams -if [ $? = 0 ]; then exit 1; fi -echo "DELEGATED; Root CA -> Intermediate CA" -$cmd ocsp -respin $ocspdir/ISDOSC_D2.ors.der -verify_other $ocspdir/D2_Issuer_Root.pem $stdparams -if [ $? = 0 ]; then exit 1; fi -echo "DELEGATED; Root CA -> EE" -$cmd ocsp -respin $ocspdir/ISDOSC_D3.ors.der -verify_other $ocspdir/D3_Issuer_Root.pem $stdparams -if [ $? = 0 ]; then exit 1; fi - -echo "=== WRONG SUBJECT NAME in the ISSUER CERTIFICATE ===" -echo "NON-DELEGATED; Intermediate CA -> EE" -$cmd ocsp -respin $ocspdir/ND1.ors.der -verify_other $ocspdir/WSNIC_ND1_Issuer_ICA.pem $stdparams -if [ $? = 0 ]; then exit 1; fi -echo "NON-DELEGATED; Root CA -> Intermediate CA" -$cmd ocsp -respin $ocspdir/ND2.ors.der -verify_other $ocspdir/WSNIC_ND2_Issuer_Root.pem $stdparams -if [ $? = 0 ]; then exit 1; fi -echo "NON-DELEGATED; Root CA -> EE" -$cmd ocsp -respin $ocspdir/ND3.ors.der -verify_other $ocspdir/WSNIC_ND3_Issuer_Root.pem $stdparams -if [ $? = 0 ]; then exit 1; fi -echo "DELEGATED; Intermediate CA -> EE" -$cmd ocsp -respin $ocspdir/D1.ors.der -verify_other $ocspdir/WSNIC_D1_Issuer_ICA.pem $stdparams -if [ $? = 0 ]; then exit 1; fi -echo "DELEGATED; Root CA -> Intermediate CA" -$cmd ocsp -respin $ocspdir/D2.ors.der -verify_other $ocspdir/WSNIC_D2_Issuer_Root.pem $stdparams -if [ $? = 0 ]; then exit 1; fi -echo "DELEGATED; Root CA -> EE" -$cmd ocsp -respin $ocspdir/D3.ors.der -verify_other $ocspdir/WSNIC_D3_Issuer_Root.pem $stdparams -if [ $? = 0 ]; then exit 1; fi - -echo "=== WRONG KEY in the ISSUER CERTIFICATE ===" -echo "NON-DELEGATED; Intermediate CA -> EE" -$cmd ocsp -respin $ocspdir/ND1.ors.der -verify_other $ocspdir/WKIC_ND1_Issuer_ICA.pem $stdparams -if [ $? = 0 ]; then exit 1; fi -echo "NON-DELEGATED; Root CA -> Intermediate CA" -$cmd ocsp -respin $ocspdir/ND2.ors.der -verify_other $ocspdir/WKIC_ND2_Issuer_Root.pem $stdparams -if [ $? = 0 ]; then exit 1; fi -echo "NON-DELEGATED; Root CA -> EE" -$cmd ocsp -respin $ocspdir/ND3.ors.der -verify_other $ocspdir/WKIC_ND3_Issuer_Root.pem $stdparams -if [ $? = 0 ]; then exit 1; fi -echo "DELEGATED; Intermediate CA -> EE" -$cmd ocsp -respin $ocspdir/D1.ors.der -verify_other $ocspdir/WKIC_D1_Issuer_ICA.pem $stdparams -if [ $? = 0 ]; then exit 1; fi -echo "DELEGATED; Root CA -> Intermediate CA" -$cmd ocsp -respin $ocspdir/D2.ors.der -verify_other $ocspdir/WKIC_D2_Issuer_Root.pem $stdparams -if [ $? = 0 ]; then exit 1; fi -echo "DELEGATED; Root CA -> EE" -$cmd ocsp -respin $ocspdir/D3.ors.der -verify_other $ocspdir/WKIC_D3_Issuer_Root.pem $stdparams -if [ $? = 0 ]; then exit 1; fi - -echo "=== INVALID SIGNATURE on the ISSUER CERTIFICATE ===" -# Expect success, because we're explicitly trusting the issuer certificate. -echo "NON-DELEGATED; Intermediate CA -> EE" -$cmd ocsp -respin $ocspdir/ND1.ors.der -verify_other $ocspdir/ISIC_ND1_Issuer_ICA.pem $stdparams -if [ $? != 0 ]; then exit 1; fi -echo "NON-DELEGATED; Root CA -> Intermediate CA" -$cmd ocsp -respin $ocspdir/ND2.ors.der -verify_other $ocspdir/ISIC_ND2_Issuer_Root.pem $stdparams -if [ $? != 0 ]; then exit 1; fi -echo "NON-DELEGATED; Root CA -> EE" -$cmd ocsp -respin $ocspdir/ND3.ors.der -verify_other $ocspdir/ISIC_ND3_Issuer_Root.pem $stdparams -if [ $? != 0 ]; then exit 1; fi -echo "DELEGATED; Intermediate CA -> EE" -$cmd ocsp -respin $ocspdir/D1.ors.der -verify_other $ocspdir/ISIC_D1_Issuer_ICA.pem $stdparams -if [ $? != 0 ]; then exit 1; fi -echo "DELEGATED; Root CA -> Intermediate CA" -$cmd ocsp -respin $ocspdir/D2.ors.der -verify_other $ocspdir/ISIC_D2_Issuer_Root.pem $stdparams -if [ $? != 0 ]; then exit 1; fi -echo "DELEGATED; Root CA -> EE" -$cmd ocsp -respin $ocspdir/D3.ors.der -verify_other $ocspdir/ISIC_D3_Issuer_Root.pem $stdparams -if [ $? != 0 ]; then exit 1; fi - -/bin/rm $ocspdir/*.ors.der -echo "ALL OCSP TESTS SUCCESSFUL" -exit 0 |