File: 167-verify-cert.lua

package info (click to toggle)
lua-luaossl 20220711-1
  • links: PTS, VCS
  • area: main
  • in suites: bookworm
  • size: 1,364 kB
  • sloc: ansic: 12,795; sh: 1,070; makefile: 19
file content (47 lines) | stat: -rwxr-xr-x 1,465 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
 
#!/usr/bin/env lua

local regress = require "regress"

if (regress.openssl.OPENSSL_VERSION_NUMBER and regress.openssl.OPENSSL_VERSION_NUMBER < 0x10002000)
	or (regress.openssl.LIBRESSL_VERSION_NUMBER and regress.openssl.LIBRESSL_VERSION_NUMBER < 0x20705000)
then
	-- skipping test due to different behaviour in earlier OpenSSL versions
	return
end

local params = regress.verify_param.new()
params:setDepth(0)

local ca_key, ca_crt = regress.genkey()
do -- should fail as no trust anchor
	regress.check(not ca_crt:verify({params=params, chain=nil, store=nil}))
end

local store = regress.store.new()
store:add(ca_crt)
do -- should succeed as cert is in the store
	regress.check(ca_crt:verify({params=params, chain=nil, store=store}))
end

local intermediate_key, intermediate_crt = regress.genkey(nil, ca_key, ca_crt)
do -- should succeed as ca cert is in the store
	regress.check(intermediate_crt:verify({params=params, chain=nil, store=store}))
end

local _, crt = regress.genkey(nil, intermediate_key, intermediate_crt)
do -- should fail as intermediate cert is missing
	regress.check(not crt:verify({params=params, chain=nil, store=store}))
end

local chain = regress.chain.new()
chain:add(intermediate_crt)
do -- should fail as max depth is too low
	regress.check(not crt:verify({params=params, chain=chain, store=store}))
end

params:setDepth(1)
do -- should succeed
	regress.check(crt:verify({params=params, chain=chain, store=store}))
end

regress.say "OK"