aboutsummaryrefslogtreecommitdiffstats
path: root/src/tests
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2016-12-27 16:40:02 -0500
committerJack Lloyd <[email protected]>2016-12-27 16:40:02 -0500
commit0e3d9acafc4cc06f6ab8d62b2510a57e8df852d6 (patch)
tree2e2a60551d27f19b352a590330644944b44f7a17 /src/tests
parent0f0b147f57fda3459143e71b4c1ff4444d27fdd3 (diff)
Increase Path_Validation_Restrictions default min strength to 110
Effectively disables 1024 bit RSA as well as SHA-1. Edit the tests where required to enable it again.
Diffstat (limited to 'src/tests')
-rw-r--r--src/tests/test_name_constraint.cpp4
-rw-r--r--src/tests/test_x509_path.cpp8
-rw-r--r--src/tests/unit_x509.cpp4
3 files changed, 9 insertions, 7 deletions
diff --git a/src/tests/test_name_constraint.cpp b/src/tests/test_name_constraint.cpp
index 01bdfc3ef..95cb9f229 100644
--- a/src/tests/test_name_constraint.cpp
+++ b/src/tests/test_name_constraint.cpp
@@ -63,7 +63,7 @@ class Name_Constraint_Tests : public Test
"Certificate does not pass name constraint"),
};
std::vector<Test::Result> results;
- const Botan::Path_Validation_Restrictions default_restrictions;
+ const Botan::Path_Validation_Restrictions restrictions(false, 80);
for(const auto& t: test_cases)
{
@@ -74,7 +74,7 @@ class Name_Constraint_Tests : public Test
trusted.add_certificate(root);
Botan::Path_Validation_Result path_result = Botan::x509_path_validate(
- sub, default_restrictions, trusted, std::get<2>(t), Botan::Usage_Type::TLS_SERVER_AUTH);
+ sub, restrictions, trusted, std::get<2>(t), Botan::Usage_Type::TLS_SERVER_AUTH);
if(path_result.successful_validation() && path_result.trust_root() != root)
path_result = Botan::Path_Validation_Result(Botan::Certificate_Status_Code::CANNOT_ESTABLISH_TRUST);
diff --git a/src/tests/test_x509_path.cpp b/src/tests/test_x509_path.cpp
index e897d3e01..ff402bfa4 100644
--- a/src/tests/test_x509_path.cpp
+++ b/src/tests/test_x509_path.cpp
@@ -65,7 +65,8 @@ class X509test_Path_Validation_Tests : public Test
std::map<std::string, std::string> expected =
read_results(Test::data_file("x509test/expected.txt"));
- const Botan::Path_Validation_Restrictions default_restrictions;
+ // Current tests use SHA-1
+ const Botan::Path_Validation_Restrictions restrictions(false, 80);
Botan::X509_Certificate root(Test::data_file("x509test/root.pem"));
Botan::Certificate_Store_In_Memory trusted;
@@ -87,7 +88,7 @@ class X509test_Path_Validation_Tests : public Test
throw Test_Error("Failed to read certs from " + filename);
Botan::Path_Validation_Result path_result = Botan::x509_path_validate(
- certs, default_restrictions, trusted,
+ certs, restrictions, trusted,
"www.tls.test", Botan::Usage_Type::TLS_SERVER_AUTH,
validation_time);
@@ -205,7 +206,8 @@ std::vector<Test::Result> NIST_Path_Validation_Tests::run()
Botan::X509_Certificate end_user(test_dir + "/end.crt");
- Botan::Path_Validation_Restrictions restrictions(true);
+ // 1024 bit root cert
+ Botan::Path_Validation_Restrictions restrictions(true, 80);
Botan::Path_Validation_Result validation_result =
Botan::x509_path_validate(end_user,
diff --git a/src/tests/unit_x509.cpp b/src/tests/unit_x509.cpp
index 26ccfedc0..28cd46db7 100644
--- a/src/tests/unit_x509.cpp
+++ b/src/tests/unit_x509.cpp
@@ -359,7 +359,7 @@ Test::Result test_x509_cert(const std::string& sig_algo, const std::string& hash
Botan::X509_CRL crl1 = ca.new_crl(Test::rng());
/* Verify the certs */
- Botan::Path_Validation_Restrictions restrictions(false);
+ Botan::Path_Validation_Restrictions restrictions(false, 80);
Botan::Certificate_Store_In_Memory store;
// First try with an empty store
@@ -558,7 +558,7 @@ Test::Result test_self_issued(const std::string& sig_algo, const std::string& ha
// check that this chain can can be verified successfully
Botan::Certificate_Store_In_Memory trusted(ca.ca_certificate());
- Botan::Path_Validation_Restrictions restrictions;
+ Botan::Path_Validation_Restrictions restrictions(false, 80);
Botan::Path_Validation_Result validation_result =
Botan::x509_path_validate(self_issued_cert,