aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/lib/x509/cert_status.cpp10
-rw-r--r--src/tests/unit_x509.cpp64
2 files changed, 69 insertions, 5 deletions
diff --git a/src/lib/x509/cert_status.cpp b/src/lib/x509/cert_status.cpp
index e08e8efcc..76a102aef 100644
--- a/src/lib/x509/cert_status.cpp
+++ b/src/lib/x509/cert_status.cpp
@@ -27,7 +27,7 @@ const char* to_string(Certificate_Status_Code code)
case Certificate_Status_Code::SIGNATURE_METHOD_TOO_WEAK:
return "Signature method too weak";
case Certificate_Status_Code::UNTRUSTED_HASH:
- return "Untrusted hash";
+ return "Hash function used is considered too weak for security";
case Certificate_Status_Code::CERT_NOT_YET_VALID:
return "Certificate is not yet valid";
@@ -36,9 +36,9 @@ const char* to_string(Certificate_Status_Code code)
case Certificate_Status_Code::OCSP_NOT_YET_VALID:
return "OCSP is not yet valid";
case Certificate_Status_Code::OCSP_HAS_EXPIRED:
- return "OCSP has expired";
+ return "OCSP response has expired";
case Certificate_Status_Code::CRL_NOT_YET_VALID:
- return "CRL is not yet valid";
+ return "CRL response is not yet valid";
case Certificate_Status_Code::CRL_HAS_EXPIRED:
return "CRL has expired";
@@ -54,9 +54,9 @@ const char* to_string(Certificate_Status_Code code)
return "Certificate issuer does not match subject of issuing cert";
case Certificate_Status_Code::POLICY_ERROR:
- return "Policy error";
+ return "Certificate policy error";
case Certificate_Status_Code::INVALID_USAGE:
- return "Invalid usage";
+ return "Certificate does not allow the requested usage";
case Certificate_Status_Code::CERT_CHAIN_TOO_LONG:
return "Certificate chain too long";
case Certificate_Status_Code::CA_CERT_NOT_FOR_CERT_ISSUER:
diff --git a/src/tests/unit_x509.cpp b/src/tests/unit_x509.cpp
index ae860067c..7a22033a8 100644
--- a/src/tests/unit_x509.cpp
+++ b/src/tests/unit_x509.cpp
@@ -98,6 +98,69 @@ std::unique_ptr<Botan::Private_Key> make_a_private_key(const std::string& algo)
}
+Test::Result test_cert_status_strings()
+ {
+ Test::Result result("Certificate_Status_Code to_string");
+
+ std::set<std::string> seen;
+
+ result.test_eq("Same string",
+ Botan::to_string(Botan::Certificate_Status_Code::OK),
+ Botan::to_string(Botan::Certificate_Status_Code::VERIFIED));
+
+ const std::vector<Botan::Certificate_Status_Code> codes = {
+ Botan::Certificate_Status_Code::OCSP_RESPONSE_GOOD,
+ Botan::Certificate_Status_Code::OCSP_SIGNATURE_OK,
+ Botan::Certificate_Status_Code::VALID_CRL_CHECKED,
+ Botan::Certificate_Status_Code::OCSP_NO_HTTP,
+
+ Botan::Certificate_Status_Code::SIGNATURE_METHOD_TOO_WEAK,
+ Botan::Certificate_Status_Code::UNTRUSTED_HASH,
+ Botan::Certificate_Status_Code::NO_REVOCATION_DATA,
+ Botan::Certificate_Status_Code::CERT_NOT_YET_VALID,
+ Botan::Certificate_Status_Code::CERT_HAS_EXPIRED,
+ Botan::Certificate_Status_Code::OCSP_NOT_YET_VALID,
+ Botan::Certificate_Status_Code::OCSP_HAS_EXPIRED,
+ Botan::Certificate_Status_Code::CRL_NOT_YET_VALID,
+ Botan::Certificate_Status_Code::CRL_HAS_EXPIRED,
+ Botan::Certificate_Status_Code::CERT_ISSUER_NOT_FOUND,
+ Botan::Certificate_Status_Code::CANNOT_ESTABLISH_TRUST,
+ Botan::Certificate_Status_Code::CERT_CHAIN_LOOP,
+ Botan::Certificate_Status_Code::CHAIN_LACKS_TRUST_ROOT,
+ Botan::Certificate_Status_Code::CHAIN_NAME_MISMATCH,
+ Botan::Certificate_Status_Code::POLICY_ERROR,
+ Botan::Certificate_Status_Code::INVALID_USAGE,
+ Botan::Certificate_Status_Code::CERT_CHAIN_TOO_LONG,
+ Botan::Certificate_Status_Code::CA_CERT_NOT_FOR_CERT_ISSUER,
+ Botan::Certificate_Status_Code::NAME_CONSTRAINT_ERROR,
+ Botan::Certificate_Status_Code::CA_CERT_NOT_FOR_CRL_ISSUER,
+ Botan::Certificate_Status_Code::OCSP_CERT_NOT_LISTED,
+ Botan::Certificate_Status_Code::OCSP_BAD_STATUS,
+ Botan::Certificate_Status_Code::CERT_NAME_NOMATCH,
+ Botan::Certificate_Status_Code::UNKNOWN_CRITICAL_EXTENSION,
+ Botan::Certificate_Status_Code::OCSP_SIGNATURE_ERROR,
+ Botan::Certificate_Status_Code::OCSP_ISSUER_NOT_FOUND,
+ Botan::Certificate_Status_Code::OCSP_RESPONSE_MISSING_KEYUSAGE,
+ Botan::Certificate_Status_Code::OCSP_RESPONSE_INVALID,
+ Botan::Certificate_Status_Code::CERT_IS_REVOKED,
+ Botan::Certificate_Status_Code::CRL_BAD_SIGNATURE,
+ Botan::Certificate_Status_Code::SIGNATURE_ERROR,
+ Botan::Certificate_Status_Code::CERT_PUBKEY_INVALID,
+ };
+
+ for(auto code : codes)
+ {
+ std::string s = Botan::to_string(code);
+ result.confirm("String is long enough to be informative", s.size() > 12);
+ result.test_eq("No duplicates", seen.count(s), 0);
+ seen.insert(s);
+ }
+
+ return result;
+
+ }
+
+
Test::Result test_x509_dates()
{
Test::Result result("X509_Time");
@@ -702,6 +765,7 @@ class X509_Cert_Unit_Tests : public Test
results.push_back(valid_constraints_result);
results.push_back(test_x509_dates());
+ results.push_back(test_cert_status_strings());
return results;
}