mbedtls/tests
Manuel Pégourié-Gonnard 179c227203 Fix CA encoding issue with gnutls-cli
In the 2.7 branch, test-ca.crt has all the components of its Subject name
encoded as PrintableString, because it's generated with our cert_write
program, and our code writes all components that way until Mbed TLS 2.14.

But the default RSA SHA-256 certificate, server2-sha256.crt, has the O and CN
components of its Issuer name encoded as UTF8String, because it was generated
with OpenSSL and that's what OpenSSL does, regardless of how those components
were encoded in the CA's Subject name.

This triggers some overly strict behaviour in some libraries, most notably NSS
and GnuTLS (of interest to us in ssl-opt.sh) which won't recognize the trusted
root as a possible parent for the presented certificate, see for example:
https://github.com/ARMmbed/mbedtls/issues/1033

Fortunately, we have at our disposal a version of test-ca.crt with encodings
matching the ones in server2-sha256.crt, in the file test-ca_utf8.crt. So
let's append that to gnutls-cli's list of trusted roots, so that it recognizes
certs signed by this CA but with the O and CN components as UTF8String.

Note: Since https://github.com/ARMmbed/mbedtls/pull/1641 was merged (in Mbed
TLS 2.14), we changed how we encode those components, so in the 2.16 branch,
cert_write generates test-ca.crt with encodings that matches the ones used by
openssl when generating server2-sha256.crt, so the issue of gnutls-cli
rejecting server2-sha256.crt is specific to the 2.7 branch.
2020-02-03 15:55:43 +01:00
..
.jenkins Add Jenkinsfile for PR job 2018-10-19 15:25:57 +01:00
configs Add a test component with malloc(0) returning NULL 2019-09-30 14:01:37 +02:00
data_files Fix CA encoding issue with gnutls-cli 2020-02-03 15:55:43 +01:00
git-scripts Add doxygen.sh script to git hooks 2018-10-29 10:45:00 +02:00
scripts Merge pull request #2900 from gilles-peskine-arm/asan-test-fail-2.7 2019-10-22 16:30:37 +01:00
suites Merge pull request #3002 from gilles-peskine-arm/coverity-20200115-2.7 into mbedtls-2.7 2020-01-29 14:53:48 +00:00
.gitignore
CMakeLists.txt Add a facility to skip running some test suites 2018-12-14 18:50:34 +01:00
compat.sh Exclude DTLS 1.2 only with older OpenSSL 2019-08-13 11:44:30 +02:00
Descriptions.txt
Makefile Merge remote-tracking branch 'origin/pr/2320' into mbedtls-2.7 2019-06-21 15:55:21 +01:00
ssl-opt.sh Fix CA encoding issue with gnutls-cli 2020-02-03 15:55:43 +01:00