Added test case for pathlen constrains in intermediate certificates
backport of 822b2c3
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index 3e7ea37..3f8ac27 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -1124,6 +1124,10 @@
depends_on:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_SHA256_C:POLARSSL_ECDSA_C:POLARSSL_ECP_DP_SECP384R1_ENABLED
x509_crt_parse_path:"data_files/dir3":1:2
+X509 CRT verify path (4 certs)
+depends_on:POLARSSL_SHA256_C:POLARSSL_RSA_C
+x509_crt_verify_chain:"data_files/dir4/cert14.crt data_files/dir4/cert13.crt data_files/dir4/cert12.crt":"data_files/dir4/cert11.crt":8
+
X509 OID description #1
x509_oid_desc:"2B06010505070301":"TLS Web Server Authentication"
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index adaff51..5d82f44 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -444,6 +444,31 @@
}
/* END_CASE */
+/* BEGIN_CASE depends_on:POLARSSL_FS_IO:POLARSSL_X509_CRT_PARSE_C */
+void x509_crt_verify_chain( char *chain_paths, char *trusted_ca, int ret )
+{
+ char* act;
+ int flags;
+ int res;
+ x509_crt trusted, chain;
+
+ x509_crt_init( &chain );
+ x509_crt_init( &trusted );
+
+ while( ( act = strsep( &chain_paths, " " ) ) != NULL )
+ TEST_ASSERT( x509_crt_parse_file( &chain, act ) == 0 );
+ TEST_ASSERT( x509_crt_parse_file( &trusted, trusted_ca ) == 0 );
+
+ res = x509_crt_verify( &chain, &trusted, NULL, NULL, &flags, NULL, NULL );
+
+ TEST_ASSERT( ret == res );
+
+exit:
+ x509_crt_free( &trusted );
+ x509_crt_free( &chain );
+}
+/* END_CASE */
+
/* BEGIN_CASE depends_on:POLARSSL_X509_USE_C */
void x509_oid_desc( char *oid_str, char *ref_desc )
{