Fix for load location test to handle multiple failure codes (failure may return ProcessFile error code or WOLFSSL_FAILURE). Moved expired certs and setup load location test for expired certs.

certs/test/gen-testcerts.sh

@@ -164,5 +164,5 @@ generate_test_cert server-garbage localhost garbage
 
 
 # Generate Expired Certificates
-generate_expired_certs expired-ca ../ca-key.pem 1
-generate_expired_certs expired-cert ../server-key.pem
+generate_expired_certs expired/expired-ca ../ca-key.pem 1
+generate_expired_certs expired/expired-cert ../server-key.pem

certs/test/include.am

@@ -53,8 +53,10 @@ EXTRA_DIST += \
          certs/test/dh1024.pem \
          certs/test/dh512.der \
          certs/test/dh512.pem \
-         certs/test/digsigku.pem \
-         certs/test/expired-ca.pem \
-         certs/test/expired-ca.der \
-         certs/test/expired-cert.pem \
-         certs/test/expired-cert.der
+         certs/test/digsigku.pem
+
+EXTRA_DIST += \
+         certs/test/expired/expired-ca.pem \
+         certs/test/expired/expired-ca.der \
+         certs/test/expired/expired-cert.pem \
+         certs/test/expired/expired-cert.der

tests/api.c

@@ -700,6 +700,7 @@ static void test_wolfSSL_CTX_load_verify_locations(void)
 #if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS)
     const char* load_certs_path = "./certs/external";
     const char* load_no_certs_path = "./examples";
+    const char* load_expired_path = "./certs/test/expired";
 #endif
 
     AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
@@ -757,8 +758,9 @@ static void test_wolfSSL_CTX_load_verify_locations(void)
 #if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS)
     /* Test loading CA certificates using a path */
     #ifdef NO_RSA
-    AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path,
-        WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), ASN_UNKNOWN_OID_E);
+    /* failure here okay since certs in external directory are RSA */
+    AssertIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path,
+        WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), WOLFSSL_SUCCESS);
     #else
     AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path,
         WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), WOLFSSL_SUCCESS);
@@ -770,11 +772,13 @@ static void test_wolfSSL_CTX_load_verify_locations(void)
 
     /* Test loading expired CA certificates */
     #ifdef NO_RSA
-    AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path,
-        WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY | WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), ASN_UNKNOWN_OID_E);
+    AssertIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_expired_path,
+        WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY | WOLFSSL_LOAD_FLAG_PEM_CA_ONLY),
+        WOLFSSL_SUCCESS);
     #else
-    AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path,
-        WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY | WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), WOLFSSL_SUCCESS);
+    AssertIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_expired_path,
+        WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY | WOLFSSL_LOAD_FLAG_PEM_CA_ONLY),
+        WOLFSSL_SUCCESS);
     #endif
 
     /* Test loading CA certificates and ignoring all errors */
@@ -854,7 +858,7 @@ static int test_wolfSSL_CertManagerLoadCABuffer(void)
 
 #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
     const char* ca_cert = "./certs/ca-cert.pem";
-    const char* ca_expired_cert = "./certs/test/expired-ca.pem";
+    const char* ca_expired_cert = "./certs/test/expired/expired-ca.pem";
 
     ret = test_cm_load_ca_file(ca_cert);
     #ifdef NO_RSA