diff --git a/tests/data_files/dir4/Readme b/tests/data_files/dir4/Readme index 7217b75eb..3f1f610b9 100644 --- a/tests/data_files/dir4/Readme +++ b/tests/data_files/dir4/Readme @@ -40,3 +40,8 @@ cert71.crt (max_pathlen=1) -> cert72.crt -> cert73.crt (self signed) -> cert74.c ``` cert81.crt -> cert82.crt (max_pathlen=0) -> cert83.crt ``` + +9. zero pathlen constraint on trusted root (valid) +``` +cert91.crt (max_pathlen=0) -> cert92.crt +``` diff --git a/tests/data_files/dir4/cert91.crt b/tests/data_files/dir4/cert91.crt new file mode 100644 index 000000000..6d4605a7c --- /dev/null +++ b/tests/data_files/dir4/cert91.crt @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBqTCCAUygAwIBAgIBWzAMBggqhkjOPQQDAgUAMDExDzANBgNVBAMTBlJvb3Qg +OTERMA8GA1UEChMIbWJlZCBUTFMxCzAJBgNVBAYTAlVLMB4XDTAxMDEwMTAwMDAw +MFoXDTMwMTIzMTIzNTk1OVowMTEPMA0GA1UEAxMGUm9vdCA5MREwDwYDVQQKEwht +YmVkIFRMUzELMAkGA1UEBhMCVUswWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATh +D2SmdS6D7cYi2vGMyuCdol/OOUN2di2pS2wfSI/MsY/Z4O9iNHqbXQP6l+hcT5ap +daycs7r6ZPNqmWM7b16go1MwUTAPBgNVHRMECDAGAQH/AgEAMB0GA1UdDgQWBBRb +zVrcAxddj0i0DEqvTGT8F37bizAfBgNVHSMEGDAWgBRbzVrcAxddj0i0DEqvTGT8 +F37bizAMBggqhkjOPQQDAgUAA0kAMEYCIQDbrSV4ndH0vAR3HqJfBn8NT8zdvMjB +qSJes6Qwa42b2wIhAKyoH0H+b1Svw8pMkvUYF4ElH5Cnn7gxb7Wl3arc0+hQ +-----END CERTIFICATE----- diff --git a/tests/data_files/dir4/cert92.crt b/tests/data_files/dir4/cert92.crt new file mode 100644 index 000000000..49b53a5bc --- /dev/null +++ b/tests/data_files/dir4/cert92.crt @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBoTCCAUWgAwIBAgIBXDAMBggqhkjOPQQDAgUAMDExDzANBgNVBAMTBlJvb3Qg +OTERMA8GA1UEChMIbWJlZCBUTFMxCzAJBgNVBAYTAlVLMB4XDTAxMDEwMTAwMDAw +MFoXDTMwMTIzMTIzNTk1OVowMDEOMAwGA1UEAxMFRUUgOTIxETAPBgNVBAoTCG1i +ZWQgVExTMQswCQYDVQQGEwJVSzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABC9E +tK1pE8Ei8vgScunyjx50C+qDsQS8D2RhGHC4VkE2yyiFxJA/ynhoeXTKZsHuEWI9 +CfOSvk0RrTWf9nr0pTGjTTBLMAkGA1UdEwQCMAAwHQYDVR0OBBYEFLqsN52tAf1k +XlzxQmdD5qG6Sy6PMB8GA1UdIwQYMBaAFFvNWtwDF12PSLQMSq9MZPwXftuLMAwG +CCqGSM49BAMCBQADSAAwRQIgXlfKqhkhXgK112Eycl+Z5NHM+6aqXE7i9j7IyGfk +ikICIQDBYNGbpSx82XG+IS/h4AWNTa4Hs6rmWvQDWJum7NrzMQ== +-----END CERTIFICATE----- diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 255c4e19d..cdfc9bae9 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1156,10 +1156,14 @@ X509 CRT verify chain #8 (self signed maxpathlen root) depends_on:POLARSSL_SHA256_C:POLARSSL_RSA_C x509_crt_verify_chain:"data_files/dir4/cert61.crt data_files/dir4/cert63.crt data_files/dir4/cert62.crt":"data_files/dir4/cert61.crt":0 -X509 CRT verify chain #9 (self signed maxpathlen root) +X509 CRT verify chain #9 (zero pathlen first intermediate, valid) depends_on:POLARSSL_SHA256_C:POLARSSL_ECDSA_C:POLARSSL_ECP_DP_SECP256R1_ENABLED x509_crt_verify_chain:"data_files/dir4/cert83.crt data_files/dir4/cert82.crt":"data_files/dir4/cert81.crt":0 +X509 CRT verify chain #10 (zero pathlen root, valid) +depends_on:POLARSSL_SHA256_C:POLARSSL_ECDSA_C:POLARSSL_ECP_DP_SECP256R1_ENABLED +x509_crt_verify_chain:"data_files/dir4/cert92.crt":"data_files/dir4/cert91.crt":0 + X509 OID description #1 x509_oid_desc:"2B06010505070301":"TLS Web Server Authentication"