projects / gnutls:gnutls.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
tests: added check for invalid X.509 certificate
[gnutls:gnutls.git] / tests / x509cert-invalid.c
1 /*
2  * Copyright (C) 2015 Nikos Mavrogiannopoulos
3  *
4  * Author: Nikos Mavrogiannopoulos
5  *
6  * This file is part of GnuTLS.
7  *
8  * GnuTLS is free software; you can redistribute it and/or modify it
9  * under the terms of the GNU General Public License as published by
10  * the Free Software Foundation; either version 3 of the License, or
11  * (at your option) any later version.
12  *
13  * GnuTLS is distributed in the hope that it will be useful, but
14  * WITHOUT ANY WARRANTY; without even the implied warranty of
15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
16  * General Public License for more details.
17  *
18  * You should have received a copy of the GNU General Public License
19  * along with GnuTLS; if not, write to the Free Software Foundation,
20  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
21  */
22
23 #ifdef HAVE_CONFIG_H
24 #include <config.h>
25 #endif
26
27 #include <stdio.h>
28 #include <stdlib.h>
29 #include <string.h>
30 #include <sys/types.h>
31 #include <unistd.h>
32 #include <gnutls/gnutls.h>
33 #include <gnutls/x509.h>
34
35 #include "utils.h"
36
37 /* gnutls_trust_list_*().
38  */
39
40 static void tls_log_func(int level, const char *str)
41 {
42         fprintf(stderr, "<%d>| %s", level, str);
43 }
44
45 /* this has a different signature algorithm in tbsCertificate and signatureAlgorithm.
46  * the algorithm in signatureAlgorithm is wrong */
47 static unsigned char inconsistent_pem[] =
48     "-----BEGIN CERTIFICATE-----\n"
49     "MIICwzCCAXugAwIBAgIIVOei+gI+zMYwDQYJKoZIhvcNAQELBQAwGTEXMBUGA1UE\n"
50     "AxMOR251VExTIFRlc3QgQ0EwIhgPMjAxNTAyMjAyMTExMjJaGA85OTk5MTIzMTIz\n"
51     "NTk1OVowFzEVMBMGA1UEAxMMV3Jvbmcgc2lnYWxnMIGfMA0GCSqGSIb3DQEBAQUA\n"
52     "A4GNADCBiQKBgQDKivjLpeml2GINsAimC6xwTxj44mLcxS+u69yFXFg2Z/AepUU+\n"
53     "IvfqVOeRVgg1WHrh+DZLuoC6kwn7a2afUTzytrITKni+J14ENa/ZcF2MrhSM8WZ1\n"
54     "NWrmvUltjkbJQIwyVPuIweRH1ECqSFxVqBT8RwYZ27FzTL8WF1JnlSlKuQIDAQAB\n"
55     "o2EwXzAMBgNVHRMBAf8EAjAAMA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFK9V\n"
56     "bbSoqbHWgZwkzN57nbmAyyTwMB8GA1UdIwQYMBaAFE1Wt2oAWPFnkvSmdVUbjlMB\n"
57     "A+/PMA0GCSqGSIb3DQEBBAUAA4IBMQCT2A88WEahnJgfXTjLbThqc/ICOg4dnk61\n"
58     "zhaTkgK3is7T8gQrTqEbaVF4qu5gOLN6Z+xluii+ApZKKpKSyYLXS6MS3nJ6xGTi\n"
59     "SOqixmPv7qfQnkUvUTagZymnWQ3GxRxjAv65YpmGyti+/TdkYWDQ9R/D/sWPJO8o\n"
60     "YrFNw1ZXAaNMg4EhhGZ4likMlww+e5NPfJsJ32AovveTFKqSrvabb4UtrUJTwsC4\n"
61     "Bd018g2MEhTkxeTQTqzIL98CoSBJjbbZD/YW13J/3xU590QpHTgni5hAni27IFLr\n"
62     "1V+UJAglBs8qYiUzv/GjwbRt8TDzYVjvc+5MvPaGpoTcmdQyi9/L+3s8J6dX3i93\n"
63     "TneIXeExwjTmXKL7NG+KQz9/F4FJChRXR6X1zsSB45DzoCoGMmzD\n"
64     "-----END CERTIFICATE-----\n";
65
66 /* this has a different signature algorithm in tbsCertificate and signatureAlgorithm.
67  * the algorithm in tbsCertificate is wrong */
68 static unsigned char inconsistent2_pem[] =
69     "-----BEGIN CERTIFICATE-----\n"
70     "MIIC1DCCAYygAwIBAgIIVOem0AaBE/EwDQYJKoZIhvcNAQEEBQAwGTEXMBUGA1UE\n"
71     "AxMOR251VExTIFRlc3QgQ0EwIhgPMjAxNTAyMjAyMTI3NDRaGA85OTk5MTIzMTIz\n"
72     "NTk1OVowKDEmMCQGA1UEAxMdSW52YWxpZCB0YnNDZXJ0aWZpY2F0ZSBzaWdhbGcw\n"
73     "gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMqK+Mul6aXYYg2wCKYLrHBPGPji\n"
74     "YtzFL67r3IVcWDZn8B6lRT4i9+pU55FWCDVYeuH4Nku6gLqTCftrZp9RPPK2shMq\n"
75     "eL4nXgQ1r9lwXYyuFIzxZnU1aua9SW2ORslAjDJU+4jB5EfUQKpIXFWoFPxHBhnb\n"
76     "sXNMvxYXUmeVKUq5AgMBAAGjYTBfMAwGA1UdEwEB/wQCMAAwDwYDVR0PAQH/BAUD\n"
77     "AwegADAdBgNVHQ4EFgQUr1VttKipsdaBnCTM3nuduYDLJPAwHwYDVR0jBBgwFoAU\n"
78     "TVa3agBY8WeS9KZ1VRuOUwED788wDQYJKoZIhvcNAQELBQADggExAEsjzyOB8ntk\n"
79     "1BW4UhHdDSOZNrR4Ep0y2B3tjoOlXmcQD50WQb7NF/vYGeZN/y+WHEF9OAnneEIi\n"
80     "5wRHLnm1jP/bXd5Po3EsaTLmpE7rW99DYlHaNRcF5z+a+qTdj7mRsnUtv6o2ItNT\n"
81     "m81yQr0Lw0D31agU9IAzeXZy+Dm6dQnO1GAaHlOJQR1PZIOzOtYxqodla0qxuvga\n"
82     "nL+quIR29t8nb7j+n8l1+2WxCUoxEO0wv37t3MQxjXUxzGfo5NDcXqH1364UBzdM\n"
83     "rOBPX50B4LUyV5gNdWMIGVSMX3fTE+j3b+60w6NALXDzGoSGLQH48hpi/Mxzqctt\n"
84     "gl58/RqS+nTNQ7c6QMhTj+dgaCE/DUGJJf0354dYp7p43nabr+ZtaMPUaGUQ/1UC\n"
85     "C5/QFweC23w=\n"
86     "-----END CERTIFICATE-----\n";
87
88 const gnutls_datum_t inconsistent = { inconsistent_pem, sizeof(inconsistent_pem)-1 };
89 const gnutls_datum_t inconsistent2 = { inconsistent2_pem, sizeof(inconsistent2_pem)-1 };
90
91 static time_t mytime(time_t * t)
92 {
93         time_t then = 1424466893;
94
95         if (t)
96                 *t = then;
97
98         return then;
99 }
100
101 void doit(void)
102 {
103         int ret;
104         gnutls_x509_crt_t crt;
105
106         /* this must be called once in the program
107          */
108         global_init();
109
110         gnutls_global_set_time_function(mytime);
111         gnutls_global_set_log_function(tls_log_func);
112         if (debug)
113                 gnutls_global_set_log_level(6);
114
115         gnutls_x509_crt_init(&crt);
116
117         ret =
118             gnutls_x509_crt_import(crt, &inconsistent, GNUTLS_X509_FMT_PEM);
119         if (ret >= 0)
120                 fail("1: gnutls_x509_crt_import");
121
122         gnutls_x509_crt_deinit(crt);
123
124         gnutls_x509_crt_init(&crt);
125
126         ret =
127             gnutls_x509_crt_import(crt, &inconsistent2, GNUTLS_X509_FMT_PEM);
128         if (ret >= 0)
129                 fail("2: gnutls_x509_crt_import");
130
131         gnutls_x509_crt_deinit(crt);
132
133         gnutls_global_deinit();
134
135         if (debug)
136                 success("success");
137 }
Unnamed repository; edit this file to name it for gitweb.