Additional corner cases for testing pathlen constrains. Just in case.
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index 5a69ecd..bfd084c 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -1128,10 +1128,38 @@
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
mbedtls_x509_crt_parse_path:"data_files/dir3":1:2
-X509 CRT verify path (4 certs)
+X509 CRT verify chain #1 (zero pathlen intermediate)
depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
mbedtls_x509_crt_verify_chain:"data_files/dir4/cert14.crt data_files/dir4/cert13.crt data_files/dir4/cert12.crt":"data_files/dir4/cert11.crt":8
+X509 CRT verify chain #2 (zero pathlen root)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
+mbedtls_x509_crt_verify_chain:"data_files/dir4/cert23.crt data_files/dir4/cert22.crt":"data_files/dir4/cert21.crt":8
+
+X509 CRT verify chain #3 (nonzero pathlen root)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
+mbedtls_x509_crt_verify_chain:"data_files/dir4/cert34.crt data_files/dir4/cert33.crt data_files/dir4/cert32.crt":"data_files/dir4/cert31.crt":8
+
+X509 CRT verify chain #4 (nonzero pathlen intermediate)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
+mbedtls_x509_crt_verify_chain:"data_files/dir4/cert45.crt data_files/dir4/cert44.crt data_files/dir4/cert43.crt data_files/dir4/cert42.crt":"data_files/dir4/cert41.crt":8
+
+X509 CRT verify chain #5 (nonzero maxpathlen intermediate)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
+mbedtls_x509_crt_verify_chain:"data_files/dir4/cert54.crt data_files/dir4/cert53.crt data_files/dir4/cert52.crt":"data_files/dir4/cert51.crt":0
+
+X509 CRT verify chain #6 (nonzero maxpathlen root)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
+mbedtls_x509_crt_verify_chain:"data_files/dir4/cert63.crt data_files/dir4/cert62.crt":"data_files/dir4/cert61.crt":0
+
+X509 CRT verify chain #7 (maxpathlen root, self signed in path)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
+mbedtls_x509_crt_verify_chain:"data_files/dir4/cert74.crt data_files/dir4/cert73.crt data_files/dir4/cert72.crt":"data_files/dir4/cert71.crt":0
+
+X509 CRT verify chain #8 (self signed maxpathlen root)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
+mbedtls_x509_crt_verify_chain:"data_files/dir4/cert61.crt data_files/dir4/cert63.crt data_files/dir4/cert62.crt":"data_files/dir4/cert61.crt":0
+
X509 OID description #1
x509_oid_desc:"2B06010505070301":"TLS Web Server Authentication"
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index f0da0b3..49285f5 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -445,13 +445,15 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
-void mbedtls_x509_crt_verify_chain( char *chain_paths, char *trusted_ca, int ret )
+void mbedtls_x509_crt_verify_chain( char *chain_paths, char *trusted_ca, int flags_result )
{
char* act;
uint32_t flags;
- int res;
+ int result, res;
mbedtls_x509_crt trusted, chain;
+ result= flags_result?MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:0;
+
mbedtls_x509_crt_init( &chain );
mbedtls_x509_crt_init( &trusted );
@@ -460,8 +462,9 @@
TEST_ASSERT( mbedtls_x509_crt_parse_file( &trusted, trusted_ca ) == 0 );
res = mbedtls_x509_crt_verify( &chain, &trusted, NULL, NULL, &flags, NULL, NULL );
-
- TEST_ASSERT( ret == res );
+
+ TEST_ASSERT( res == ( result ) );
+ TEST_ASSERT( flags == (uint32_t)( flags_result ) );
exit:
mbedtls_x509_crt_free( &trusted );