- Changed certificate verify behaviour to comply with RFC 6125 section 6.3 to not match CN if subjectAltName extension is present.

commit: 4d2c1243b12699b8e0a4901c976274155dcd71a9 [log] [tgz]
author: Paul Bakker <p.j.bakker@polarssl.org> Thu May 10 14:12:46 2012 +0000
committer: Paul Bakker <p.j.bakker@polarssl.org> Thu May 10 14:12:46 2012 +0000
tree: 88ed0d5fd79c30fb6079c06d426a20fa40e997ad
parent: d14cd35ececf3c783f30b242a080de479d36f61c [diff] [blame]
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index a161afc..a15e50c 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data

@@ -246,9 +246,9 @@
 depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO
 x509_verify:"data_files/cert_example_wildcard.crt":"data_files/test-ca.crt":"data_files/crl.pem":"example.com":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_CN_MISMATCH:NULL
 
-X509 Certificate verification #24 (domain matching multi certificate)
+X509 Certificate verification #24 (domain matching CN of multi certificate)
 depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO
-x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"www.example.com":0:0:NULL
+x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"www.example.com":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_CN_MISMATCH:NULL
 
 X509 Certificate verification #25 (domain matching multi certificate)
 depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO
commit	4d2c1243b12699b8e0a4901c976274155dcd71a9	[log] [tgz]
author	Paul Bakker <p.j.bakker@polarssl.org>	Thu May 10 14:12:46 2012 +0000
committer	Paul Bakker <p.j.bakker@polarssl.org>	Thu May 10 14:12:46 2012 +0000
tree	88ed0d5fd79c30fb6079c06d426a20fa40e997ad
parent	d14cd35ececf3c783f30b242a080de479d36f61c [diff] [blame]