diff options
author | Jack Lloyd <[email protected]> | 2016-11-25 15:33:47 -0500 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2016-11-25 15:33:47 -0500 |
commit | 6dad788017c9e88700c510e0632570823684dd32 (patch) | |
tree | 45adb0031acc603616c99862d3e51fde29ece5c7 | |
parent | c5bd65b848c11a33da47776da16374b25e585466 (diff) |
Fix TLS tests wrt validation changes
Create empty CRLs so that revocation information is available.
-rw-r--r-- | src/lib/x509/x509path.cpp | 4 | ||||
-rw-r--r-- | src/tests/unit_tls.cpp | 37 |
2 files changed, 27 insertions, 14 deletions
diff --git a/src/lib/x509/x509path.cpp b/src/lib/x509/x509path.cpp index 8a34ee4db..beda83eed 100644 --- a/src/lib/x509/x509path.cpp +++ b/src/lib/x509/x509path.cpp @@ -227,10 +227,10 @@ PKIX::check_crl(const std::vector<std::shared_ptr<const X509_Certificate>>& cert for(size_t i = 0; i != cert_path.size(); ++i) { - BOTAN_ASSERT(cert_path[i] != nullptr, "Not null"); + BOTAN_ASSERT_NONNULL(cert_path[i]); for(size_t c = 0; c != certstores.size(); ++c) { - crls[i] = certstores[c]->find_crl_for(*cert_path.at(i)); + crls[i] = certstores[c]->find_crl_for(*cert_path[i]); if(crls[i]) break; } diff --git a/src/tests/unit_tls.cpp b/src/tests/unit_tls.cpp index df58f7311..26bb65c80 100644 --- a/src/tests/unit_tls.cpp +++ b/src/tests/unit_tls.cpp @@ -39,21 +39,25 @@ class Credentials_Manager_Test : public Botan::Credentials_Manager { public: Credentials_Manager_Test(const Botan::X509_Certificate& rsa_cert, + Botan::Private_Key* rsa_key, const Botan::X509_Certificate& rsa_ca, + const Botan::X509_CRL& rsa_crl, const Botan::X509_Certificate& ecdsa_cert, + Botan::Private_Key* ecdsa_key, const Botan::X509_Certificate& ecdsa_ca, - Botan::Private_Key* rsa_key, - Botan::Private_Key* ecdsa_key) : + const Botan::X509_CRL& ecdsa_crl) : m_rsa_cert(rsa_cert), m_rsa_ca(rsa_ca), + m_rsa_key(rsa_key), m_ecdsa_cert(ecdsa_cert), m_ecdsa_ca(ecdsa_ca), - m_rsa_key(rsa_key), m_ecdsa_key(ecdsa_key) { std::unique_ptr<Botan::Certificate_Store_In_Memory> store(new Botan::Certificate_Store_In_Memory); store->add_certificate(m_rsa_ca); store->add_certificate(m_ecdsa_ca); + store->add_crl(ecdsa_crl); + store->add_crl(rsa_crl); m_stores.push_back(std::move(store)); m_provides_client_certs = false; } @@ -125,8 +129,11 @@ class Credentials_Manager_Test : public Botan::Credentials_Manager } public: - Botan::X509_Certificate m_rsa_cert, m_rsa_ca, m_ecdsa_cert, m_ecdsa_ca; - std::unique_ptr<Botan::Private_Key> m_rsa_key, m_ecdsa_key; + Botan::X509_Certificate m_rsa_cert, m_rsa_ca; + std::unique_ptr<Botan::Private_Key> m_rsa_key; + + Botan::X509_Certificate m_ecdsa_cert, m_ecdsa_ca; + std::unique_ptr<Botan::Private_Key> m_ecdsa_key; std::vector<std::unique_ptr<Botan::Certificate_Store>> m_stores; bool m_provides_client_certs; }; @@ -144,13 +151,15 @@ create_creds(Botan::RandomNumberGenerator& rng, std::unique_ptr<Botan::Private_Key> ecdsa_ca_key(new Botan::ECDSA_PrivateKey(rng, ecdsa_params)); std::unique_ptr<Botan::Private_Key> ecdsa_srv_key(new Botan::ECDSA_PrivateKey(rng, ecdsa_params)); - Botan::X509_Cert_Options ca_opts("Test CA/VT"); - ca_opts.CA_key(1); + Botan::X509_Cert_Options rsa_ca_opts("RSA Test CA/VT"); + Botan::X509_Cert_Options ecdsa_ca_opts("ECDSA Test CA/VT"); + rsa_ca_opts.CA_key(1); + ecdsa_ca_opts.CA_key(1); const Botan::X509_Certificate rsa_ca_cert = - Botan::X509::create_self_signed_cert(ca_opts, *rsa_ca_key, "SHA-256", rng); + Botan::X509::create_self_signed_cert(rsa_ca_opts, *rsa_ca_key, "SHA-256", rng); const Botan::X509_Certificate ecdsa_ca_cert = - Botan::X509::create_self_signed_cert(ca_opts, *ecdsa_ca_key, "SHA-256", rng); + Botan::X509::create_self_signed_cert(ecdsa_ca_opts, *ecdsa_ca_key, "SHA-256", rng); const Botan::X509_Cert_Options server_opts("server.example.com"); @@ -173,10 +182,12 @@ create_creds(Botan::RandomNumberGenerator& rng, const Botan::X509_Certificate ecdsa_srv_cert = ecdsa_ca.sign_request(ecdsa_req, rng, start_time, end_time); + Botan::X509_CRL rsa_crl = rsa_ca.new_crl(rng); + Botan::X509_CRL ecdsa_crl = ecdsa_ca.new_crl(rng); + Credentials_Manager_Test* cmt = new Credentials_Manager_Test( - rsa_srv_cert, rsa_ca_cert, - ecdsa_srv_cert, ecdsa_ca_cert, - rsa_srv_key.release(), ecdsa_srv_key.release()); + rsa_srv_cert, rsa_srv_key.release(), rsa_ca_cert, rsa_crl, + ecdsa_srv_cert, ecdsa_srv_key.release(), ecdsa_ca_cert, ecdsa_crl); cmt->m_provides_client_certs = with_client_certs; return cmt; @@ -828,6 +839,8 @@ class Test_Policy : public Botan::TLS::Text_Policy size_t dtls_maximum_timeout() const override { return 8; } size_t minimum_rsa_bits() const override { return 1024; } + + size_t minimum_signature_strength() const override { return 80; } }; |