[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, ocsp, updated. gnutls_3_0_9-42-g71c1a51
|
From: |
Simon Josefsson |
|
Subject: |
[SCM] GNU gnutls branch, ocsp, updated. gnutls_3_0_9-42-g71c1a51 |
|
Date: |
Tue, 27 Dec 2011 14:12:19 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=71c1a51e5375a4dbe1fb693026fd4157700f877f
The branch, ocsp has been updated
via 71c1a51e5375a4dbe1fb693026fd4157700f877f (commit)
via f5308626eae2c9910135a291abf513df78ad5246 (commit)
via 583991560bd465286cf22f508f5626fd46dedeb3 (commit)
from ca5bd60927902794b80924cdec5fe1c5fbacd906 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 71c1a51e5375a4dbe1fb693026fd4157700f877f
Author: Simon Josefsson <address@hidden>
Date: Tue Dec 27 15:11:50 2011 +0100
Typo fixes.
commit f5308626eae2c9910135a291abf513df78ad5246
Author: Simon Josefsson <address@hidden>
Date: Thu Dec 22 11:20:11 2011 +0100
Some OCSP API robustness checks.
commit 583991560bd465286cf22f508f5626fd46dedeb3
Author: Simon Josefsson <address@hidden>
Date: Thu Dec 22 10:37:14 2011 +0100
Make it build.
-----------------------------------------------------------------------
Summary of changes:
doc/cha-cert-auth2.texi | 29 ++--
lib/x509/ocsp.c | 45 +++++-
tests/ocsp.c | 413 +++++++++++++++++++++++++++++++++++++++++++++--
3 files changed, 458 insertions(+), 29 deletions(-)
diff --git a/doc/cha-cert-auth2.texi b/doc/cha-cert-auth2.texi
index 00ce6c1..12e25f6 100644
--- a/doc/cha-cert-auth2.texi
+++ b/doc/cha-cert-auth2.texi
@@ -121,24 +121,24 @@ CRL number extension and the authority key identifier.
Certificates may be revoked before their expiration time has been
reached. There are several reasons for revoking certificates, but a
-typical example is if the private key associated with a certificate
-has been compromised. Traditionally Certificate Revocation Lists
-(CRLs) has been used by application to implement revocation checking,
-however several disadvantages with CRLs have been identified, see for
-example @xcite{RIVESTCRL}.
+typical situation is when the private key associated with a
+certificate has been compromised. Traditionally, Certificate
+Revocation Lists (CRLs) have been used by application to implement
+revocation checking, however several disadvantages with CRLs have been
+identified, see for example @xcite{RIVESTCRL}.
-The Online Certificate Status Protocol (@acronym{OCSP}) is widely
+The Online Certificate Status Protocol (@acronym{OCSP}) is a widely
implemented protocol to perform certificate (revocation) status
checking. @xcite{RFC2560}. An application that wish to verify the
-identity of a peer will check the certificate against a set of trusted
-certificates and then also check whether the certificate is listed in
-a CRL and/or perform an OCSP check of the certificate.
+identity of a peer will verify the certificate against a set of
+trusted certificates and then check whether the certificate is listed
+in a CRL and/or perform an OCSP check for the certificate.
Before performing the OCSP query, the application will need to figure
-out the address of the OCSP server. The OCSP server information can
-be provided by the user in manual configuration. It may also be
-provided in the certificate that is being checked. There is an
-extension field called the Authority Information Access (AIA) which
+out the address of the OCSP server. The OCSP server address can be
+provided by the local user in manual configuration. The address can
+also be provided in the certificate that is being checked. There is
+an extension field called the Authority Information Access (AIA) which
has an access method called @code{id-ad-ocsp} that holds the location
of the OCSP responder. There is a function for extracting this
information from a certificate.
@@ -154,7 +154,8 @@ OCSP responder, which needs to be done by the application
(GnuTLS does
not send and receive OCSP packets). Normally an OCSP response is
received that the application will need to import into an OCSP
response object. The digital signature in the OCSP response needs to
-be verified before the information in the response can be trusted.
+be verified against a set of trust anchors before the information in
+the response can be trusted.
The ASN.1 structure of OCSP requests are briefly as follows. It is
useful to review the structures to get an understanding of which
diff --git a/lib/x509/ocsp.c b/lib/x509/ocsp.c
index bba9135..9fdbcff 100644
--- a/lib/x509/ocsp.c
+++ b/lib/x509/ocsp.c
@@ -184,7 +184,7 @@ gnutls_ocsp_req_import (gnutls_ocsp_req_t req,
{
int ret = 0;
- if (req == NULL)
+ if (req == NULL || data == NULL)
{
gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
@@ -234,7 +234,7 @@ gnutls_ocsp_resp_import (gnutls_ocsp_resp_t resp,
{
int ret = 0;
- if (resp == NULL)
+ if (resp == NULL || data == NULL)
{
gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
@@ -473,6 +473,12 @@ gnutls_ocsp_req_get_cert_id (gnutls_ocsp_req_t req,
char name[ASN1_MAX_NAME_SIZE];
int ret;
+ if (req == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
snprintf (name, sizeof (name),
"tbsRequest.requestList.?%u.reqCert.hashAlgorithm.algorithm",
indx + 1);
@@ -577,6 +583,13 @@ gnutls_ocsp_req_add_cert_id (gnutls_ocsp_req_t req,
int result;
const char *oid;
+ if (req == NULL || issuer_name_hash == NULL
+ || issuer_key_hash == NULL || serial_number == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
oid = _gnutls_x509_digest_to_oid (digest);
if (oid == NULL)
{
@@ -853,6 +866,12 @@ gnutls_ocsp_req_set_extension (gnutls_ocsp_req_t req,
unsigned int critical,
const gnutls_datum_t *data)
{
+ if (req == NULL || oid == NULL || data == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
return set_extension (req->req, "tbsRequest.requestExtensions", oid,
data, critical);
}
@@ -860,7 +879,7 @@ gnutls_ocsp_req_set_extension (gnutls_ocsp_req_t req,
/**
* gnutls_ocsp_req_get_nonce:
* @req: should contain a #gnutls_ocsp_req_t structure
- * @critical: whether nonce extension is marked critical
+ * @critical: whether nonce extension is marked critical, or NULL
* @nonce: will hold newly allocated buffer with nonce data
*
* This function will return the OCSP request nonce extension data.
@@ -880,6 +899,12 @@ gnutls_ocsp_req_get_nonce (gnutls_ocsp_req_t req,
size_t l = 0;
gnutls_datum_t tmp;
+ if (req == NULL || nonce == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
ret = get_extension (req->req, "tbsRequest.requestExtensions",
GNUTLS_OCSP_NONCE, 0,
&tmp, critical);
@@ -939,6 +964,12 @@ gnutls_ocsp_req_set_nonce (gnutls_ocsp_req_t req,
unsigned char temp[SIZEOF_UNSIGNED_LONG_INT + 1];
int len;
+ if (req == NULL || nonce == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
asn1_length_der (nonce->size, temp, &len);
dernonce.size = 1 + len + nonce->size;
@@ -982,6 +1013,12 @@ gnutls_ocsp_req_randomize_nonce (gnutls_ocsp_req_t req)
char rndbuf[23];
gnutls_datum_t nonce = { rndbuf, sizeof (rndbuf) };
+ if (req == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
ret = gnutls_rnd (GNUTLS_RND_NONCE, rndbuf, sizeof (rndbuf));
if (ret != GNUTLS_E_SUCCESS)
{
@@ -1161,7 +1198,7 @@ gnutls_ocsp_resp_get_responder (gnutls_ocsp_resp_t resp,
int ret;
size_t l = 0;
- if (resp == NULL)
+ if (resp == NULL || dn == NULL)
{
gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
diff --git a/tests/ocsp.c b/tests/ocsp.c
index 2492eba..9ac9f0c 100644
--- a/tests/ocsp.c
+++ b/tests/ocsp.c
@@ -127,6 +127,384 @@ static unsigned char subject_pem[] =
"-----END CERTIFICATE-----\n";
const gnutls_datum_t subject_data = { subject_pem, sizeof (subject_pem) };
+static void
+ocsp_invalid_calls (void)
+{
+ gnutls_ocsp_req_t req;
+ gnutls_ocsp_resp_t resp;
+ gnutls_datum_t dat;
+ char c = 42;
+ void *p = &c;
+ int rc;
+
+ rc = gnutls_ocsp_req_init (&req);
+ if (rc != GNUTLS_E_SUCCESS)
+ {
+ fail ("gnutls_ocsp_req_init alloc\n");
+ exit (1);
+ }
+ rc = gnutls_ocsp_resp_init (&resp);
+ if (rc != GNUTLS_E_SUCCESS)
+ {
+ fail ("gnutls_ocsp_resp_init alloc\n");
+ exit (1);
+ }
+
+ gnutls_ocsp_req_deinit (NULL);
+ gnutls_ocsp_resp_deinit (NULL);
+
+ rc = gnutls_ocsp_req_import (NULL, NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST)
+ {
+ fail ("gnutls_ocsp_req_import NULL\n");
+ exit (1);
+ }
+
+ rc = gnutls_ocsp_req_import (NULL, p);
+ if (rc != GNUTLS_E_INVALID_REQUEST)
+ {
+ fail ("gnutls_ocsp_req_import NULL\n");
+ exit (1);
+ }
+
+ rc = gnutls_ocsp_req_import (req, NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST)
+ {
+ fail ("gnutls_ocsp_req_import NULL\n");
+ exit (1);
+ }
+
+ rc = gnutls_ocsp_resp_import (NULL, NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST)
+ {
+ fail ("gnutls_ocsp_resp_import NULL\n");
+ exit (1);
+ }
+
+ rc = gnutls_ocsp_resp_import (NULL, p);
+ if (rc != GNUTLS_E_INVALID_REQUEST)
+ {
+ fail ("gnutls_ocsp_resp_import NULL\n");
+ exit (1);
+ }
+
+ rc = gnutls_ocsp_resp_import (resp, NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST)
+ {
+ fail ("gnutls_ocsp_resp_import NULL\n");
+ exit (1);
+ }
+
+ rc = gnutls_ocsp_req_export (NULL, NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST)
+ {
+ fail ("gnutls_ocsp_req_export NULL\n");
+ exit (1);
+ }
+
+ rc = gnutls_ocsp_req_export (NULL, p);
+ if (rc != GNUTLS_E_INVALID_REQUEST)
+ {
+ fail ("gnutls_ocsp_req_export NULL\n");
+ exit (1);
+ }
+
+ rc = gnutls_ocsp_req_export (req, NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST)
+ {
+ fail ("gnutls_ocsp_req_export NULL\n");
+ exit (1);
+ }
+
+ rc = gnutls_ocsp_resp_export (NULL, NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST)
+ {
+ fail ("gnutls_ocsp_resp_export NULL\n");
+ exit (1);
+ }
+
+ rc = gnutls_ocsp_resp_export (NULL, p);
+ if (rc != GNUTLS_E_INVALID_REQUEST)
+ {
+ fail ("gnutls_ocsp_resp_export NULL\n");
+ exit (1);
+ }
+
+ rc = gnutls_ocsp_resp_export (resp, NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST)
+ {
+ fail ("gnutls_ocsp_resp_export NULL\n");
+ exit (1);
+ }
+
+ rc = gnutls_ocsp_req_get_version (NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST)
+ {
+ fail ("gnutls_ocsp_req_get_version NULL\n");
+ exit (1);
+ }
+
+ rc = gnutls_ocsp_req_get_cert_id (NULL, 0, NULL, NULL, NULL, NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST)
+ {
+ fail ("gnutls_ocsp_req_get_cert_id NULL\n");
+ exit (1);
+ }
+
+ rc = gnutls_ocsp_req_get_cert_id (req, 0, NULL, NULL, NULL, NULL);
+ if (rc != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ {
+ fail ("gnutls_ocsp_req_get_cert_id empty\n");
+ exit (1);
+ }
+
+ rc = gnutls_ocsp_req_add_cert_id (NULL, 0, NULL, NULL, NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST)
+ {
+ fail ("gnutls_ocsp_req_add_cert_id NULL\n");
+ exit (1);
+ }
+
+ rc = gnutls_ocsp_req_add_cert_id (req, 0, NULL, NULL, NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST)
+ {
+ fail ("gnutls_ocsp_req_add_cert_id NULL\n");
+ exit (1);
+ }
+
+ rc = gnutls_ocsp_req_add_cert_id (req, GNUTLS_DIG_SHA1, NULL, NULL, NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST)
+ {
+ fail ("gnutls_ocsp_req_add_cert_id NULL\n");
+ exit (1);
+ }
+
+ rc = gnutls_ocsp_req_add_cert_id (req, GNUTLS_DIG_SHA1, p, NULL, NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST)
+ {
+ fail ("gnutls_ocsp_req_add_cert_id NULL\n");
+ exit (1);
+ }
+
+ rc = gnutls_ocsp_req_add_cert_id (req, GNUTLS_DIG_SHA1, NULL, p, NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST)
+ {
+ fail ("gnutls_ocsp_req_add_cert_id NULL\n");
+ exit (1);
+ }
+
+ rc = gnutls_ocsp_req_add_cert_id (req, GNUTLS_DIG_SHA1, NULL, NULL, p);
+ if (rc != GNUTLS_E_INVALID_REQUEST)
+ {
+ fail ("gnutls_ocsp_req_add_cert_id NULL\n");
+ exit (1);
+ }
+
+ rc = gnutls_ocsp_req_add_cert_id (req, GNUTLS_DIG_SHA1, p, p, NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST)
+ {
+ fail ("gnutls_ocsp_req_add_cert_id NULL\n");
+ exit (1);
+ }
+
+ rc = gnutls_ocsp_req_add_cert_id (req, GNUTLS_DIG_SHA1, p, NULL, p);
+ if (rc != GNUTLS_E_INVALID_REQUEST)
+ {
+ fail ("gnutls_ocsp_req_add_cert_id NULL\n");
+ exit (1);
+ }
+
+ rc = gnutls_ocsp_req_add_cert_id (req, GNUTLS_DIG_SHA1, NULL, p, p);
+ if (rc != GNUTLS_E_INVALID_REQUEST)
+ {
+ fail ("gnutls_ocsp_req_add_cert_id NULL\n");
+ exit (1);
+ }
+
+ rc = gnutls_ocsp_req_add_cert (NULL, 0, NULL, NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST)
+ {
+ fail ("gnutls_ocsp_req_add_cert_id NULL\n");
+ exit (1);
+ }
+
+ rc = gnutls_ocsp_req_add_cert (req, 0, NULL, NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST)
+ {
+ fail ("gnutls_ocsp_req_add_cert_id NULL\n");
+ exit (1);
+ }
+
+
+ rc = gnutls_ocsp_req_add_cert (req, 0, p, NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST)
+ {
+ fail ("gnutls_ocsp_req_add_cert_id NULL\n");
+ exit (1);
+ }
+
+ rc = gnutls_ocsp_req_add_cert (req, 0, NULL, p);
+ if (rc != GNUTLS_E_INVALID_REQUEST)
+ {
+ fail ("gnutls_ocsp_req_add_cert_id NULL\n");
+ exit (1);
+ }
+
+ rc = gnutls_ocsp_req_get_extension (NULL, 0, NULL, NULL, NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST)
+ {
+ fail ("gnutls_ocsp_req_get_extension NULL\n");
+ exit (1);
+ }
+
+ rc = gnutls_ocsp_req_get_extension (req, 0, NULL, NULL, NULL);
+ if (rc != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ {
+ fail ("gnutls_ocsp_req_get_extension NULL\n");
+ exit (1);
+ }
+
+ rc = gnutls_ocsp_req_get_extension (req, 0, p, p, p);
+ if (rc != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ {
+ fail ("gnutls_ocsp_req_get_extension NULL\n");
+ exit (1);
+ }
+
+ rc = gnutls_ocsp_req_set_extension (NULL, NULL, 0, NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST)
+ {
+ fail ("gnutls_ocsp_req_set_extension NULL\n");
+ exit (1);
+ }
+
+ rc = gnutls_ocsp_req_set_extension (req, NULL, 0, NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST)
+ {
+ fail ("gnutls_ocsp_req_set_extension NULL\n");
+ exit (1);
+ }
+
+ rc = gnutls_ocsp_req_set_extension (req, p, 0, NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST)
+ {
+ fail ("gnutls_ocsp_req_set_extension NULL\n");
+ exit (1);
+ }
+
+ rc = gnutls_ocsp_req_set_extension (req, NULL, 0, p);
+ if (rc != GNUTLS_E_INVALID_REQUEST)
+ {
+ fail ("gnutls_ocsp_req_set_extension NULL\n");
+ exit (1);
+ }
+
+ rc = gnutls_ocsp_req_get_nonce (NULL, NULL, NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST)
+ {
+ fail ("gnutls_ocsp_req_get_nonce NULL\n");
+ exit (1);
+ }
+
+ rc = gnutls_ocsp_req_get_nonce (NULL, NULL, p);
+ if (rc != GNUTLS_E_INVALID_REQUEST)
+ {
+ fail ("gnutls_ocsp_req_get_nonce NULL\n");
+ exit (1);
+ }
+
+ rc = gnutls_ocsp_req_set_nonce (NULL, 0, NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST)
+ {
+ fail ("gnutls_ocsp_req_set_nonce NULL\n");
+ exit (1);
+ }
+
+ rc = gnutls_ocsp_req_set_nonce (req, 0, NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST)
+ {
+ fail ("gnutls_ocsp_req_set_nonce NULL\n");
+ exit (1);
+ }
+
+ rc = gnutls_ocsp_req_randomize_nonce (NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST)
+ {
+ fail ("gnutls_ocsp_req_randomize_nonce NULL\n");
+ exit (1);
+ }
+
+ rc = gnutls_ocsp_resp_get_status (NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST)
+ {
+ fail ("gnutls_ocsp_resp_get_status NULL\n");
+ exit (1);
+ }
+
+ rc = gnutls_ocsp_resp_get_status (resp);
+ if (rc != GNUTLS_E_ASN1_VALUE_NOT_FOUND)
+ {
+ fail ("gnutls_ocsp_resp_get_status %d\n", rc);
+ exit (1);
+ }
+
+ rc = gnutls_ocsp_resp_get_response (NULL, NULL, NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST)
+ {
+ fail ("gnutls_ocsp_resp_get_response NULL\n");
+ exit (1);
+ }
+
+ rc = gnutls_ocsp_resp_get_response (NULL, p, p);
+ if (rc != GNUTLS_E_INVALID_REQUEST)
+ {
+ fail ("gnutls_ocsp_resp_get_response NULL\n");
+ exit (1);
+ }
+
+ rc = gnutls_ocsp_resp_get_response (resp, NULL, NULL);
+ if (rc != GNUTLS_E_SUCCESS)
+ {
+ fail ("gnutls_ocsp_resp_get_response %d\n", rc);
+ exit (1);
+ }
+
+ rc = gnutls_ocsp_resp_get_version (NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST)
+ {
+ fail ("gnutls_ocsp_resp_get_version NULL\n");
+ exit (1);
+ }
+
+ rc = gnutls_ocsp_resp_get_version (resp);
+ if (rc != 1)
+ {
+ fail ("gnutls_ocsp_resp_get_version ret %d\n", rc);
+ exit (1);
+ }
+
+ rc = gnutls_ocsp_resp_get_responder (NULL, NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST)
+ {
+ fail ("gnutls_ocsp_resp_get_responder NULL\n");
+ exit (1);
+ }
+
+ rc = gnutls_ocsp_resp_get_responder (resp, NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST)
+ {
+ fail ("gnutls_ocsp_resp_get_responder 2nd %d\n", rc);
+ exit (1);
+ }
+
+ rc = gnutls_ocsp_resp_get_responder (resp, &dat);
+ if (rc != GNUTLS_E_SUCCESS || dat.size != 0)
+ {
+ fail ("gnutls_ocsp_resp_get_responder %d\n", rc);
+ exit (1);
+ }
+}
+
/* import a request, query some fields and print and export it */
static void
req_parse (void)
@@ -201,9 +579,12 @@ req_parse (void)
exit (1);
}
- if (d.size != strlen (REQ1INFO) ||
+ if (strlen (REQ1INFO) != d.size - 1 ||
memcmp (REQ1INFO, d.data, strlen (REQ1INFO)) != 0)
{
+ printf ("expected (len %ld):\n%s\ngot (len %d):\n%.*s\n",
+ strlen (REQ1INFO), REQ1INFO, (int) d.size - 1,
+ (int) d.size, d.data);
fail ("ocsp request print failed\n");
exit (1);
}
@@ -351,10 +732,10 @@ req_parse (void)
gnutls_ocsp_req_deinit (req);
}
-/* check that creating a request (using low-level add_certid) ends up
+/* check that creating a request (using low-level add_cert_id) ends up
with same DER as above. */
static void
-req_addcertid (void)
+req_addcert_id (void)
{
gnutls_ocsp_req_t req;
int ret;
@@ -384,7 +765,7 @@ req_addcertid (void)
}
}
- /* add certid */
+ /* add cert_id */
{
gnutls_datum_t issuer_name_hash =
{ (unsigned char*) REQ1INH, sizeof (REQ1INH) - 1 };
@@ -393,13 +774,13 @@ req_addcertid (void)
gnutls_datum_t serial_number =
{ (unsigned char*) REQ1SN, sizeof (REQ1SN) - 1 };
- ret = gnutls_ocsp_req_add_certid (req, GNUTLS_DIG_SHA1,
+ ret = gnutls_ocsp_req_add_cert_id (req, GNUTLS_DIG_SHA1,
&issuer_name_hash,
&issuer_key_hash,
&serial_number);
if (ret != 0)
{
- fail ("gnutls_ocsp_add_certid %d\n", ret);
+ fail ("gnutls_ocsp_add_cert_id %d\n", ret);
exit (1);
}
}
@@ -413,9 +794,12 @@ req_addcertid (void)
exit (1);
}
- if (d.size != strlen (REQ1INFO) ||
+ if (strlen (REQ1INFO) != d.size - 1 ||
memcmp (REQ1INFO, d.data, strlen (REQ1INFO)) != 0)
{
+ printf ("expected (len %ld):\n%s\ngot (len %d):\n%.*s\n",
+ strlen (REQ1INFO), REQ1INFO, (int) d.size - 1,
+ (int) d.size, d.data);
fail ("ocsp request print failed\n");
exit (1);
}
@@ -477,7 +861,7 @@ req_addcert (void)
}
}
- /* add certid */
+ /* add cert_id */
{
gnutls_x509_crt_t issuer = NULL, subject = NULL;
@@ -530,9 +914,12 @@ req_addcert (void)
exit (1);
}
- if (d.size != strlen (REQ1INFO) ||
+ if (strlen (REQ1INFO) != d.size - 1 ||
memcmp (REQ1INFO, d.data, strlen (REQ1INFO)) != 0)
{
+ printf ("expected (len %ld):\n%s\ngot (len %d):\n%.*s\n",
+ strlen (REQ1INFO), REQ1INFO, (int) d.size - 1,
+ (int) d.size, d.data);
fail ("ocsp request print failed\n");
exit (1);
}
@@ -595,9 +982,12 @@ resp_import (void)
exit (1);
}
- if (d.size != strlen (RESP1INFO) ||
+ if (strlen (RESP1INFO) != d.size - 1 ||
memcmp (RESP1INFO, d.data, strlen (RESP1INFO)) != 0)
{
+ printf ("expected (len %ld):\n%s\ngot (len %d):\n%.*s\n",
+ strlen (REQ1INFO), REQ1INFO, (int) d.size - 1,
+ (int) d.size, d.data);
fail ("ocsp response print failed\n");
exit (1);
}
@@ -638,9 +1028,10 @@ doit (void)
exit (1);
}
+ ocsp_invalid_calls ();
req_parse ();
resp_import ();
- req_addcertid ();
+ req_addcert_id ();
req_addcert ();
/* we're done */
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, ocsp, updated. gnutls_3_0_9-42-g71c1a51,
Simon Josefsson <=