aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2016-11-25 15:33:47 -0500
committerJack Lloyd <[email protected]>2016-11-25 15:33:47 -0500
commit6dad788017c9e88700c510e0632570823684dd32 (patch)
tree45adb0031acc603616c99862d3e51fde29ece5c7
parentc5bd65b848c11a33da47776da16374b25e585466 (diff)
Fix TLS tests wrt validation changes
Create empty CRLs so that revocation information is available.
-rw-r--r--src/lib/x509/x509path.cpp4
-rw-r--r--src/tests/unit_tls.cpp37
2 files changed, 27 insertions, 14 deletions
diff --git a/src/lib/x509/x509path.cpp b/src/lib/x509/x509path.cpp
index 8a34ee4db..beda83eed 100644
--- a/src/lib/x509/x509path.cpp
+++ b/src/lib/x509/x509path.cpp
@@ -227,10 +227,10 @@ PKIX::check_crl(const std::vector<std::shared_ptr<const X509_Certificate>>& cert
for(size_t i = 0; i != cert_path.size(); ++i)
{
- BOTAN_ASSERT(cert_path[i] != nullptr, "Not null");
+ BOTAN_ASSERT_NONNULL(cert_path[i]);
for(size_t c = 0; c != certstores.size(); ++c)
{
- crls[i] = certstores[c]->find_crl_for(*cert_path.at(i));
+ crls[i] = certstores[c]->find_crl_for(*cert_path[i]);
if(crls[i])
break;
}
diff --git a/src/tests/unit_tls.cpp b/src/tests/unit_tls.cpp
index df58f7311..26bb65c80 100644
--- a/src/tests/unit_tls.cpp
+++ b/src/tests/unit_tls.cpp
@@ -39,21 +39,25 @@ class Credentials_Manager_Test : public Botan::Credentials_Manager
{
public:
Credentials_Manager_Test(const Botan::X509_Certificate& rsa_cert,
+ Botan::Private_Key* rsa_key,
const Botan::X509_Certificate& rsa_ca,
+ const Botan::X509_CRL& rsa_crl,
const Botan::X509_Certificate& ecdsa_cert,
+ Botan::Private_Key* ecdsa_key,
const Botan::X509_Certificate& ecdsa_ca,
- Botan::Private_Key* rsa_key,
- Botan::Private_Key* ecdsa_key) :
+ const Botan::X509_CRL& ecdsa_crl) :
m_rsa_cert(rsa_cert),
m_rsa_ca(rsa_ca),
+ m_rsa_key(rsa_key),
m_ecdsa_cert(ecdsa_cert),
m_ecdsa_ca(ecdsa_ca),
- m_rsa_key(rsa_key),
m_ecdsa_key(ecdsa_key)
{
std::unique_ptr<Botan::Certificate_Store_In_Memory> store(new Botan::Certificate_Store_In_Memory);
store->add_certificate(m_rsa_ca);
store->add_certificate(m_ecdsa_ca);
+ store->add_crl(ecdsa_crl);
+ store->add_crl(rsa_crl);
m_stores.push_back(std::move(store));
m_provides_client_certs = false;
}
@@ -125,8 +129,11 @@ class Credentials_Manager_Test : public Botan::Credentials_Manager
}
public:
- Botan::X509_Certificate m_rsa_cert, m_rsa_ca, m_ecdsa_cert, m_ecdsa_ca;
- std::unique_ptr<Botan::Private_Key> m_rsa_key, m_ecdsa_key;
+ Botan::X509_Certificate m_rsa_cert, m_rsa_ca;
+ std::unique_ptr<Botan::Private_Key> m_rsa_key;
+
+ Botan::X509_Certificate m_ecdsa_cert, m_ecdsa_ca;
+ std::unique_ptr<Botan::Private_Key> m_ecdsa_key;
std::vector<std::unique_ptr<Botan::Certificate_Store>> m_stores;
bool m_provides_client_certs;
};
@@ -144,13 +151,15 @@ create_creds(Botan::RandomNumberGenerator& rng,
std::unique_ptr<Botan::Private_Key> ecdsa_ca_key(new Botan::ECDSA_PrivateKey(rng, ecdsa_params));
std::unique_ptr<Botan::Private_Key> ecdsa_srv_key(new Botan::ECDSA_PrivateKey(rng, ecdsa_params));
- Botan::X509_Cert_Options ca_opts("Test CA/VT");
- ca_opts.CA_key(1);
+ Botan::X509_Cert_Options rsa_ca_opts("RSA Test CA/VT");
+ Botan::X509_Cert_Options ecdsa_ca_opts("ECDSA Test CA/VT");
+ rsa_ca_opts.CA_key(1);
+ ecdsa_ca_opts.CA_key(1);
const Botan::X509_Certificate rsa_ca_cert =
- Botan::X509::create_self_signed_cert(ca_opts, *rsa_ca_key, "SHA-256", rng);
+ Botan::X509::create_self_signed_cert(rsa_ca_opts, *rsa_ca_key, "SHA-256", rng);
const Botan::X509_Certificate ecdsa_ca_cert =
- Botan::X509::create_self_signed_cert(ca_opts, *ecdsa_ca_key, "SHA-256", rng);
+ Botan::X509::create_self_signed_cert(ecdsa_ca_opts, *ecdsa_ca_key, "SHA-256", rng);
const Botan::X509_Cert_Options server_opts("server.example.com");
@@ -173,10 +182,12 @@ create_creds(Botan::RandomNumberGenerator& rng,
const Botan::X509_Certificate ecdsa_srv_cert =
ecdsa_ca.sign_request(ecdsa_req, rng, start_time, end_time);
+ Botan::X509_CRL rsa_crl = rsa_ca.new_crl(rng);
+ Botan::X509_CRL ecdsa_crl = ecdsa_ca.new_crl(rng);
+
Credentials_Manager_Test* cmt = new Credentials_Manager_Test(
- rsa_srv_cert, rsa_ca_cert,
- ecdsa_srv_cert, ecdsa_ca_cert,
- rsa_srv_key.release(), ecdsa_srv_key.release());
+ rsa_srv_cert, rsa_srv_key.release(), rsa_ca_cert, rsa_crl,
+ ecdsa_srv_cert, ecdsa_srv_key.release(), ecdsa_ca_cert, ecdsa_crl);
cmt->m_provides_client_certs = with_client_certs;
return cmt;
@@ -828,6 +839,8 @@ class Test_Policy : public Botan::TLS::Text_Policy
size_t dtls_maximum_timeout() const override { return 8; }
size_t minimum_rsa_bits() const override { return 1024; }
+
+ size_t minimum_signature_strength() const override { return 80; }
};