From 63a0e872c534c6c38b541ab606e270d1dcbff0bc Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Mon, 14 May 2018 14:27:02 -0600 Subject: [PATCH] add test for fail case when parsing relative URI path --- certs/client-relative-uri.pem | 90 +++++++++++++++++++++++++++++++++++ certs/renewcerts.sh | 18 ++++++- certs/renewcerts/wolfssl.cnf | 7 +++ tests/api.c | 4 ++ 4 files changed, 118 insertions(+), 1 deletion(-) create mode 100644 certs/client-relative-uri.pem diff --git a/certs/client-relative-uri.pem b/certs/client-relative-uri.pem new file mode 100644 index 000000000..f4e0f5ca0 --- /dev/null +++ b/certs/client-relative-uri.pem @@ -0,0 +1,90 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 9930516258332383263 (0x89d047ec3e24981f) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL_2048, OU=RELATIVE_URI, CN=www.wolfssl.com/emailAddress=info@wolfssl.com + Validity + Not Before: May 14 20:24:06 2018 GMT + Not After : Feb 7 20:24:06 2021 GMT + Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_2048, OU=RELATIVE_URI, CN=www.wolfssl.com/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c3:03:d1:2b:fe:39:a4:32:45:3b:53:c8:84:2b: + 2a:7c:74:9a:bd:aa:2a:52:07:47:d6:a6:36:b2:07: + 32:8e:d0:ba:69:7b:c6:c3:44:9e:d4:81:48:fd:2d: + 68:a2:8b:67:bb:a1:75:c8:36:2c:4a:d2:1b:f7:8b: + ba:cf:0d:f9:ef:ec:f1:81:1e:7b:9b:03:47:9a:bf: + 65:cc:7f:65:24:69:a6:e8:14:89:5b:e4:34:f7:c5: + b0:14:93:f5:67:7b:3a:7a:78:e1:01:56:56:91:a6: + 13:42:8d:d2:3c:40:9c:4c:ef:d1:86:df:37:51:1b: + 0c:a1:3b:f5:f1:a3:4a:35:e4:e1:ce:96:df:1b:7e: + bf:4e:97:d0:10:e8:a8:08:30:81:af:20:0b:43:14: + c5:74:67:b4:32:82:6f:8d:86:c2:88:40:99:36:83: + ba:1e:40:72:22:17:d7:52:65:24:73:b0:ce:ef:19: + cd:ae:ff:78:6c:7b:c0:12:03:d4:4e:72:0d:50:6d: + 3b:a3:3b:a3:99:5e:9d:c8:d9:0c:85:b3:d9:8a:d9: + 54:26:db:6d:fa:ac:bb:ff:25:4c:c4:d1:79:f4:71: + d3:86:40:18:13:b0:63:b5:72:4e:30:c4:97:84:86: + 2d:56:2f:d7:15:f7:7f:c0:ae:f5:fc:5b:e5:fb:a1: + ba:d3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0 + X509v3 Authority Key Identifier: + keyid:33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0 + DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=RELATIVE_URI/CN=www.wolfssl.com/emailAddress=info@wolfssl.com + serial:89:D0:47:EC:3E:24:98:1F + + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Alternative Name: + URI:../relative/page.html + Signature Algorithm: sha256WithRSAEncryption + 29:cb:c0:50:61:da:51:c5:da:50:15:b7:bd:c3:f4:9b:c5:b8: + 2a:9b:6c:c7:91:7a:26:e3:eb:48:d2:40:fa:e3:ab:f9:b7:e2: + 4a:37:9b:b6:03:ad:9c:f4:f2:5d:12:eb:5c:c6:97:c4:3a:18: + 99:70:47:49:93:f3:a5:32:ab:aa:22:71:6f:5c:36:1c:42:2f: + d4:19:da:64:73:84:d3:1e:a8:5f:af:8a:58:e7:64:18:38:79: + 69:f2:08:d4:f2:be:b0:9c:18:d8:f1:a5:eb:b6:9c:67:21:0f: + ba:bf:95:68:e9:d2:23:56:84:cf:87:7c:a4:2a:3a:0d:c1:72: + 3a:43:da:53:bb:6c:f0:b5:f1:03:3c:ff:b6:0a:1f:54:c5:1b: + d5:40:80:24:74:e2:f6:4c:41:88:f1:df:a3:36:64:78:e9:c2: + 0e:c3:0f:f3:5f:19:e6:44:85:79:e1:6a:ee:78:39:9b:58:e3: + c4:39:27:d7:05:1a:b9:7c:21:75:61:7a:71:53:fd:fc:7f:57: + ef:3a:19:be:69:c6:cb:73:49:bd:72:7d:2b:eb:68:52:8e:0f: + d7:47:d3:90:86:5a:14:03:0d:dc:6b:07:10:57:2b:e0:b6:d2: + a0:49:2d:63:88:d0:17:b3:b2:50:c4:60:15:1e:b6:ce:13:14: + 0d:ec:45:eb +-----BEGIN CERTIFICATE----- +MIIE3TCCA8WgAwIBAgIJAInQR+w+JJgfMA0GCSqGSIb3DQEBCwUAMIGaMQswCQYD +VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEVMBMG +A1UECgwMd29sZlNTTF8yMDQ4MRUwEwYDVQQLDAxSRUxBVElWRV9VUkkxGDAWBgNV +BAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3Ns +LmNvbTAeFw0xODA1MTQyMDI0MDZaFw0yMTAyMDcyMDI0MDZaMIGaMQswCQYDVQQG +EwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEVMBMGA1UE +CgwMd29sZlNTTF8yMDQ4MRUwEwYDVQQLDAxSRUxBVElWRV9VUkkxGDAWBgNVBAMM +D3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv +bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMMD0Sv+OaQyRTtTyIQr +Knx0mr2qKlIHR9amNrIHMo7Quml7xsNEntSBSP0taKKLZ7uhdcg2LErSG/eLus8N ++e/s8YEee5sDR5q/Zcx/ZSRppugUiVvkNPfFsBST9Wd7Onp44QFWVpGmE0KN0jxA +nEzv0YbfN1EbDKE79fGjSjXk4c6W3xt+v06X0BDoqAgwga8gC0MUxXRntDKCb42G +wohAmTaDuh5AciIX11JlJHOwzu8Zza7/eGx7wBID1E5yDVBtO6M7o5lencjZDIWz +2YrZVCbbbfqsu/8lTMTRefRx04ZAGBOwY7VyTjDEl4SGLVYv1xX3f8Cu9fxb5fuh +utMCAwEAAaOCASIwggEeMB0GA1UdDgQWBBQz2EVm12iHGH5UDXAnkccm14VlwDCB +zwYDVR0jBIHHMIHEgBQz2EVm12iHGH5UDXAnkccm14VlwKGBoKSBnTCBmjELMAkG +A1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTAT +BgNVBAoMDHdvbGZTU0xfMjA0ODEVMBMGA1UECwwMUkVMQVRJVkVfVVJJMRgwFgYD +VQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz +bC5jb22CCQCJ0EfsPiSYHzAJBgNVHRMEAjAAMCAGA1UdEQQZMBeGFS4uL3JlbGF0 +aXZlL3BhZ2UuaHRtbDANBgkqhkiG9w0BAQsFAAOCAQEAKcvAUGHaUcXaUBW3vcP0 +m8W4Kptsx5F6JuPrSNJA+uOr+bfiSjebtgOtnPTyXRLrXMaXxDoYmXBHSZPzpTKr +qiJxb1w2HEIv1BnaZHOE0x6oX6+KWOdkGDh5afII1PK+sJwY2PGl67acZyEPur+V +aOnSI1aEz4d8pCo6DcFyOkPaU7ts8LXxAzz/tgofVMUb1UCAJHTi9kxBiPHfozZk +eOnCDsMP818Z5kSFeeFq7ng5m1jjxDkn1wUauXwhdWF6cVP9/H9X7zoZvmnGy3NJ +vXJ9K+toUo4P10fTkIZaFAMN3GsHEFcr4LbSoEktY4jQF7OyUMRgFR62zhMUDexF +6w== +-----END CERTIFICATE----- diff --git a/certs/renewcerts.sh b/certs/renewcerts.sh index f42b004ce..693abb9c6 100755 --- a/certs/renewcerts.sh +++ b/certs/renewcerts.sh @@ -22,7 +22,8 @@ # client-ca.pem # test/digsigku.pem # ecc-privOnlyCert.pem -# uri-cert.pem +# client-uri-cert.pem +# client-relative-uri.pem # updates the following crls: # crl/cliCrl.pem # crl/crl.pem @@ -61,6 +62,21 @@ function run_renewcerts(){ openssl x509 -in client-uri-cert.pem -text > tmp.pem mv tmp.pem client-uri-cert.pem + ############################################################ + #### update the self-signed (2048-bit) client-relative-uri.pem + ############################################################ + echo "Updating 2048-bit client-relative-uri.pem" + echo "" + #pipe the following arguments to openssl req... + echo -e "US\nMontana\nBozeman\nwolfSSL_2048\nRELATIVE_URI\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key client-key.pem -nodes -out client-cert.csr + + + openssl x509 -req -in client-cert.csr -days 1000 -extfile wolfssl.cnf -extensions relative_uri -signkey client-key.pem -out client-relative-uri.pem + rm client-cert.csr + + openssl x509 -in client-relative-uri.pem -text > tmp.pem + mv tmp.pem client-relative-uri.pem + ############################################################ #### update the self-signed (2048-bit) client-cert.pem ##### ############################################################ diff --git a/certs/renewcerts/wolfssl.cnf b/certs/renewcerts/wolfssl.cnf index 91c0312b9..421194bc2 100644 --- a/certs/renewcerts/wolfssl.cnf +++ b/certs/renewcerts/wolfssl.cnf @@ -227,6 +227,13 @@ authorityKeyIdentifier=keyid:always,issuer:always basicConstraints=CA:false subjectAltName=URI:https://www.wolfssl.com +# test parsing relative URI +[ relative_uri ] +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer:always +basicConstraints=CA:false +subjectAltName=URI:../relative/page.html + #tsa default [ tsa ] default_tsa = tsa_config1 diff --git a/tests/api.c b/tests/api.c index e2ebaaea1..4a470efde 100644 --- a/tests/api.c +++ b/tests/api.c @@ -2964,6 +2964,7 @@ static void test_wolfSSL_URI(void) defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) WOLFSSL_X509* x509; const char uri[] = "./certs/client-uri-cert.pem"; + const char badUri[] = "./certs/client-relative-uri.pem"; printf(testingFmt, "wolfSSL URI parse"); @@ -2972,6 +2973,9 @@ static void test_wolfSSL_URI(void) wolfSSL_FreeX509(x509); + x509 = wolfSSL_X509_load_certificate_file(badUri, WOLFSSL_FILETYPE_PEM); + AssertNull(x509); + printf(resultFmt, passed); #endif }