From f1aac5c488748e124cb3eeb079cf7d7b6f1373e4 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Fri, 9 May 2014 22:49:49 +0300 Subject: [PATCH] tests: Add 4.16.1 and 4.16.2 from NIST PKITS This adds two more X.509 path validation test cases. Signed-off-by: Jouni Malinen --- tests/test_x509v3_nist2.sh | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/tests/test_x509v3_nist2.sh b/tests/test_x509v3_nist2.sh index 572bd9d72..ec34a8b37 100755 --- a/tests/test_x509v3_nist2.sh +++ b/tests/test_x509v3_nist2.sh @@ -56,8 +56,17 @@ function run_test OK=0 fi else - echo "$NUM failed - expected validation failure; other type of error detected" - OK=0 + if [ $RES -eq -1 ]; then + if grep -q "Failed to parse X.509 certificate" $TMPOUT.$NUM; then + OK=1 + else + echo "$NUM failed - expected parsing failure; other type of error detected" + OK=0 + fi + else + echo "$NUM failed - expected validation failure; other type of error detected" + OK=0 + fi fi fi fi @@ -153,6 +162,9 @@ run_test 4.8.18 0 UserNoticeQualifierTest18EE.crt PoliciesP12CACert.crt run_test 4.8.19 0 UserNoticeQualifierTest19EE.crt TrustAnchorRootCertificate.crt run_test 4.8.20 0 CPSPointerQualifierTest20EE.crt GoodCACert.crt +run_test 4.16.1 0 ValidUnknownNotCriticalCertificateExtensionTest1EE.crt +run_test 4.16.2 -1 InvalidUnknownCriticalCertificateExtensionTest2EE.crt + if false; then # DSA tests run_test 4.1.4 0 ValidDSASignaturesTest4EE.crt DSACACert.crt