aboutsummaryrefslogtreecommitdiffstats
path: root/src/tests/unit_x509.cpp
Commit message (Collapse)AuthorAgeFilesLines
* Add a test for trusted_hashes on path validation resultJack Lloyd2017-01-221-0/+9
|
* Use Botan::X509_CA constructor that takes rng in testsSimon Warta2017-01-031-1/+1
| | | | because there there is no system_rng on ios
* Increase Path_Validation_Restrictions default min strength to 110Jack Lloyd2016-12-271-2/+2
| | | | | Effectively disables 1024 bit RSA as well as SHA-1. Edit the tests where required to enable it again.
* Convert to using standard uintN_t integer typesJack Lloyd2016-12-181-2/+2
| | | | | | Renames a couple of functions for somewhat better name consistency, eg make_u32bit becomes make_uint32. The old typedefs remain for now since probably lots of application code uses them.
* Rename some methods, add more tests and docsRené Korthaus2016-12-041-20/+30
|
* Allow custom extensions in X509_Cert_OptionsRené Korthaus2016-12-021-0/+123
| | | | | Allow custom extensions in CA-signed cert requests Add templated getter for extensions
* Add a test for to_string(Certificate_Status_Code)Jack Lloyd2016-11-251-0/+64
|
* Add key_constraints_to_string, GOST-34.10 cert handlingJack Lloyd2016-11-181-69/+58
| | | | Add some try/catch blocks to the X.509 tests, and use create_private_key API
* Reunify registered test names [ci skip]René Korthaus2016-10-231-1/+1
|
* Make pk_ops.h internalJack Lloyd2016-10-081-1/+1
| | | | Some fixes for missing system_rng in ECIES and tests.
* Remove Algo_Registry usage from public key code.Jack Lloyd2016-10-071-2/+2
| | | | | | | | Instead the key types exposes operations like `create_encryption_op` which will return the relevant operation if the algorithm supports it. Changes pubkey.h interface, now RNG is passed at init time. Blinder previous created its own RNG, now it takes it from app.
* Fix validation of self-issued certificates in chainsRené Korthaus2016-09-231-0/+63
| | | | | | | | | | | | | | | | | | Self-issued certificates are certificates where subject_dn == issuer_dn, but the signature is from a different key (ca key). Chains with such a certificate could not be verified, because self-issued certificates (1) would be taken for a self-signed certificate and (2) find_issuing_cert() would find the same self-issued certificate that we want to verify, generating a signature error during signature verification. To fix, we now first identify a certificate as self-signed only if subject_dn == issuer_dn AND if we can verify the cert signature with it's own key. Verification will bring some extra costs, but we only do it once, in X509_Certificate's constructor. Second, we make sure find_issuing_cert() does not return the very same certificate we want to verify. This should be no problem, since path validation currently does not seem to support validating a self-signed certificate.
* Call base class assignment operator in X509_CertificateRené Korthaus2016-09-041-2/+2
|
* Rename find_constraints() and let it throw instead of returning a combinationRené Korthaus2016-08-191-1/+159
|
* Fix leading zero bytes in DSA, ECDSA, ECGDSA and ECKCDSA signaturesRené Korthaus2016-08-171-7/+4
|
* Fix allowed_usage() and add tests for key usageRené Korthaus2016-08-171-126/+220
|
* Fix GH #425 and run x509 tests with different signature algorithmsRené Korthaus2016-08-171-25/+110
|
* Removes randomization from choice of keys in X509 test.Jack Lloyd2016-02-091-17/+15
| | | | | | | Would be better to iterate over all of the key types for this type of coverage. Avoids Coverity dead code warning on the error-case throw.
* Reroot the exception hierarchy into a toplevel Exception classJack Lloyd2015-12-111-1/+1
| | | | | | | | As the alternatives are unfortunate for applications trying to catch all library errors, and it seems deriving from std::runtime_error causes problems with MSVC DLLs (GH #340) Effectively reverts 2837e915d82e43
* Update and consolidate the test framework.Jack Lloyd2015-11-111-128/+205
| | | | | | | | | | | The tests previously had used 4 to 6 different schemes internally (the vec file reader framework, Catch, the old InSiTo Boost.Test tests, the PK/BigInt tests which escaped the rewrite in 1.11.7, plus a number of one-offs). Converge on a design that works everywhere, and update all the things. Fix also a few bugs found by the test changes: SHA-512-256 name incorrect, OpenSSL RC4 name incorrect, signature of FFI function botan_pubkey_destroy was wrong.
* Build fixJack Lloyd2015-10-141-1/+2
|
* Move DataSource to utils and rewrite PEM encoding to avoid filtersJack Lloyd2015-10-141-17/+6
| | | | | Removes filters as as an internal dependency pretty much entirely (outside of some dusty corners in misc).
* Remove unused pkcs8 includesSimon Warta2015-08-031-1/+2
| | | | Only botan-cli, botan-tests and the FFI module depend on PKCS8
* Fix time range issue for 32 bit platformsSimon Warta2015-07-161-2/+2
|
* Construct X509_Time from date integers in test x509Simon Warta2015-07-151-6/+12
|
* Make Botan compile when only some modules are enabledSimon Warta2015-07-031-14/+15
| | | | Fixes #146.
* Replace \n by std::endl in tests to ensure proper flushingSimon Warta2015-06-191-1/+1
| | | | | | | - Remove additional newlines in CHECK_MESSAGE call - Remove redundant output of algo in aead_test() Closes #115
* Ensure all files have copyright and license info.lloyd2015-01-101-1/+1
| | | | | Update license header line to specify the terms and refer to the file, neither of which it included before.
* All tests now share an RNG. Uses system RNG if availablelloyd2014-12-281-2/+2
|
* Provide a test reportlloyd2014-12-271-0/+2
|
* Better TLS checkslloyd2014-04-101-1/+1
|
* Fix minimized builds. Patch by Markus Wanner sent to botan-devellloyd2014-02-081-1/+1
|
* Rename test sourceslloyd2014-01-071-0/+255