aboutsummaryrefslogtreecommitdiffstats
path: root/src/tests/test_x509_path.cpp
Commit message (Collapse)AuthorAgeFilesLines
* fix pathLenConstraint validationDaniel Neus2017-05-191-0/+78
| | | | | | | | | | | Fixes GH #991 The problem with the current implementation of the chain validation code is that is runs from the end certificate to the trust cert. @securitykernel and me tried to fix the pathLenConstraint validation within this reverse loop but we were not sure if we missed some edge cases. So we felt safer to use the algorithm listed in RFC 5280 which executes from the top to the bottom. It's probably best to rewrite the code to use the whole algorithm from RFC 5280, i.e. validating the chain from the trust to the end cert. Additionally, we wrote some tests including the one that raised this issue initially.
* Reformat code with astyle + fix code styleTomasz Frydrych2017-05-011-11/+24
|
* Increase Path_Validation_Restrictions default min strength to 110Jack Lloyd2016-12-271-3/+5
| | | | | Effectively disables 1024 bit RSA as well as SHA-1. Edit the tests where required to enable it again.
* Add test option --run-long-testsJack Lloyd2016-12-241-0/+4
| | | | | | Previously longer tests were hidden behind higher 'soak levels' but these arbitrary cutoffs are confusing compared to a simple short tests/long tests split.
* Remove duplicate test dataJack Lloyd2016-12-191-0/+6
| | | | | | All 76 of the NIST certificate tests use the same root certificate and that issuer has an identical CRL for each test. So, just have the one copy.
* Add useful debugging output to path validation testJack Lloyd2016-11-231-1/+1
|
* Allow setting the validation time during PKIX path validationJack Lloyd2016-10-211-1/+5
| | | | | | | Previously validation asked the system clock which is not always the correct thing (for example when using Roughtime protocol). Had been on the todo list forever, forced into it by some of the test certs expiring today.
* Add IncludeOS target. Make filesystem support optional.Jack Lloyd2016-10-101-1/+1
|
* V816 It is more efficient to catch exception by reference rather than by ↵Daniel Neus2016-02-081-1/+1
| | | | value. asn1_time.cpp 159
* Remove debug printfJack Lloyd2015-12-311-1/+0
|
* Update NIST X509 tests to handle --data-dir and read expected results from a ↵Jack Lloyd2015-12-231-223/+72
| | | | file
* Use --data-dir in test X509test_PathSimon Warta2015-12-221-6/+5
| | | | This allows me to build and run tests out-of-tree :)
* Reroot the exception hierarchy into a toplevel Exception classJack Lloyd2015-12-111-3/+3
| | | | | | | | As the alternatives are unfortunate for applications trying to catch all library errors, and it seems deriving from std::runtime_error causes problems with MSVC DLLs (GH #340) Effectively reverts 2837e915d82e43
* Update and consolidate the test framework.Jack Lloyd2015-11-111-0/+371
The tests previously had used 4 to 6 different schemes internally (the vec file reader framework, Catch, the old InSiTo Boost.Test tests, the PK/BigInt tests which escaped the rewrite in 1.11.7, plus a number of one-offs). Converge on a design that works everywhere, and update all the things. Fix also a few bugs found by the test changes: SHA-512-256 name incorrect, OpenSSL RC4 name incorrect, signature of FFI function botan_pubkey_destroy was wrong.
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-29 19:48:02 +0000