diff --git a/certs/test/expired-ca.der b/certs/test/expired/expired-ca.der similarity index 100% rename from certs/test/expired-ca.der rename to certs/test/expired/expired-ca.der diff --git a/certs/test/expired-ca.pem b/certs/test/expired/expired-ca.pem similarity index 100% rename from certs/test/expired-ca.pem rename to certs/test/expired/expired-ca.pem diff --git a/certs/test/expired-cert.der b/certs/test/expired/expired-cert.der similarity index 100% rename from certs/test/expired-cert.der rename to certs/test/expired/expired-cert.der diff --git a/certs/test/expired-cert.pem b/certs/test/expired/expired-cert.pem similarity index 100% rename from certs/test/expired-cert.pem rename to certs/test/expired/expired-cert.pem diff --git a/certs/test/gen-testcerts.sh b/certs/test/gen-testcerts.sh index 3ee661c99..24398700a 100755 --- a/certs/test/gen-testcerts.sh +++ b/certs/test/gen-testcerts.sh @@ -164,5 +164,5 @@ generate_test_cert server-garbage localhost garbage # Generate Expired Certificates -generate_expired_certs expired-ca ../ca-key.pem 1 -generate_expired_certs expired-cert ../server-key.pem +generate_expired_certs expired/expired-ca ../ca-key.pem 1 +generate_expired_certs expired/expired-cert ../server-key.pem diff --git a/certs/test/include.am b/certs/test/include.am index 6a923319d..52fcba6bc 100644 --- a/certs/test/include.am +++ b/certs/test/include.am @@ -53,8 +53,10 @@ EXTRA_DIST += \ certs/test/dh1024.pem \ certs/test/dh512.der \ certs/test/dh512.pem \ - certs/test/digsigku.pem \ - certs/test/expired-ca.pem \ - certs/test/expired-ca.der \ - certs/test/expired-cert.pem \ - certs/test/expired-cert.der + certs/test/digsigku.pem + +EXTRA_DIST += \ + certs/test/expired/expired-ca.pem \ + certs/test/expired/expired-ca.der \ + certs/test/expired/expired-cert.pem \ + certs/test/expired/expired-cert.der diff --git a/tests/api.c b/tests/api.c index ec2fb3ebd..2e99fc1f5 100644 --- a/tests/api.c +++ b/tests/api.c @@ -700,6 +700,7 @@ static void test_wolfSSL_CTX_load_verify_locations(void) #if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS) const char* load_certs_path = "./certs/external"; const char* load_no_certs_path = "./examples"; + const char* load_expired_path = "./certs/test/expired"; #endif AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); @@ -757,8 +758,9 @@ static void test_wolfSSL_CTX_load_verify_locations(void) #if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS) /* Test loading CA certificates using a path */ #ifdef NO_RSA - AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path, - WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), ASN_UNKNOWN_OID_E); + /* failure here okay since certs in external directory are RSA */ + AssertIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path, + WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), WOLFSSL_SUCCESS); #else AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path, WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), WOLFSSL_SUCCESS); @@ -770,11 +772,13 @@ static void test_wolfSSL_CTX_load_verify_locations(void) /* Test loading expired CA certificates */ #ifdef NO_RSA - AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path, - WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY | WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), ASN_UNKNOWN_OID_E); + AssertIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_expired_path, + WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY | WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), + WOLFSSL_SUCCESS); #else - AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path, - WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY | WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), WOLFSSL_SUCCESS); + AssertIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_expired_path, + WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY | WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), + WOLFSSL_SUCCESS); #endif /* Test loading CA certificates and ignoring all errors */ @@ -854,7 +858,7 @@ static int test_wolfSSL_CertManagerLoadCABuffer(void) #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) const char* ca_cert = "./certs/ca-cert.pem"; - const char* ca_expired_cert = "./certs/test/expired-ca.pem"; + const char* ca_expired_cert = "./certs/test/expired/expired-ca.pem"; ret = test_cm_load_ca_file(ca_cert); #ifdef NO_RSA