add override cert date example for bad clock testing
This commit is contained in:
parent
4aac37bff9
commit
be402277e0
39
certs/test/expired-cert.pem
Normal file
39
certs/test/expired-cert.pem
Normal file
@ -0,0 +1,39 @@
|
||||
Certificate:
|
||||
Data:
|
||||
Version: 1 (0x0)
|
||||
Serial Number: 1 (0x1)
|
||||
Signature Algorithm: md5WithRSAEncryption
|
||||
Issuer: C=US, ST=Montana, L=Bozeman, O=sawtooth, OU=consulting, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
|
||||
Validity
|
||||
Not Before: Jun 30 18:52:17 2010 GMT
|
||||
Not After : Mar 26 18:52:17 2013 GMT
|
||||
Subject: C=US, ST=Montana, L=Bozeman, O=yaSSL, OU=support, CN=www.yassl.com/emailAddress=info@yassl.com
|
||||
Subject Public Key Info:
|
||||
Public Key Algorithm: rsaEncryption
|
||||
RSA Public Key: (512 bit)
|
||||
Modulus (512 bit):
|
||||
00:c6:7b:c0:68:81:2f:de:82:3f:f9:ac:c3:86:4a:
|
||||
66:b7:ec:d4:f1:f6:64:21:ff:f5:a2:34:42:d0:38:
|
||||
9f:c6:dd:3b:6e:26:65:6a:54:96:dd:d2:7b:eb:36:
|
||||
a2:ae:7e:2a:9e:7e:56:a5:b6:87:9f:15:c7:18:66:
|
||||
7e:16:77:e2:a7
|
||||
Exponent: 65537 (0x10001)
|
||||
Signature Algorithm: md5WithRSAEncryption
|
||||
58:a9:98:e7:16:52:4c:40:e7:e1:47:92:19:1b:3a:8f:97:6c:
|
||||
7b:b7:b0:cb:20:6d:ad:b5:d3:47:58:d8:e4:f2:3e:32:e9:ef:
|
||||
87:77:e5:54:36:f4:8d:50:8d:07:b4:77:45:ea:9d:a4:33:36:
|
||||
9b:0b:e0:74:58:11:c5:01:7b:4d
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIICFDCCAb4CAQEwDQYJKoZIhvcNAQEEBQAwgZ4xCzAJBgNVBAYTAlVTMRAwDgYD
|
||||
VQQIEwdNb250YW5hMRAwDgYDVQQHEwdCb3plbWFuMREwDwYDVQQKEwhzYXd0b290
|
||||
aDETMBEGA1UECxMKY29uc3VsdGluZzEkMCIGA1UEAxMbd3d3LnNhd3Rvb3RoLWNv
|
||||
bnN1bHRpbmcuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTAeFw0x
|
||||
MDA2MzAxODUyMTdaFw0xMzAzMjYxODUyMTdaMIGKMQswCQYDVQQGEwJVUzEQMA4G
|
||||
A1UECBMHTW9udGFuYTEQMA4GA1UEBxMHQm96ZW1hbjEOMAwGA1UEChMFeWFTU0wx
|
||||
EDAOBgNVBAsTB3N1cHBvcnQxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkq
|
||||
hkiG9w0BCQEWDmluZm9AeWFzc2wuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJB
|
||||
AMZ7wGiBL96CP/msw4ZKZrfs1PH2ZCH/9aI0QtA4n8bdO24mZWpUlt3Se+s2oq5+
|
||||
Kp5+VqW2h58VxxhmfhZ34qcCAwEAATANBgkqhkiG9w0BAQQFAANBAFipmOcWUkxA
|
||||
5+FHkhkbOo+XbHu3sMsgba2100dY2OTyPjLp74d35VQ29I1QjQe0d0XqnaQzNpsL
|
||||
4HRYEcUBe00=
|
||||
-----END CERTIFICATE-----
|
9
certs/test/expired-key.pem
Normal file
9
certs/test/expired-key.pem
Normal file
@ -0,0 +1,9 @@
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIBOwIBAAJBAMZ7wGiBL96CP/msw4ZKZrfs1PH2ZCH/9aI0QtA4n8bdO24mZWpU
|
||||
lt3Se+s2oq5+Kp5+VqW2h58VxxhmfhZ34qcCAwEAAQJBAJSbGxgjgV+rTZL2Ev58
|
||||
viN/IoB25cm/Bn4Heu7DNn2A2kpdGX2cCaf7rEQoIKCiHxvopvxOcd/7nLS/gNli
|
||||
dCECIQD/cX/9fvB1Uajw0fmvwNON9+3P9uJSqpig90zL32pwjQIhAMbqee9TBMN4
|
||||
TxXbgWqA92PrCXe8WDZ3PwoJqdR6MRUDAiEAny+TDF1z6hiWiGTCDgXDkKBlwgjf
|
||||
p5aKgR077XzwLu0CICVpWEGg1ZaF/CnaPP7w/pZ2UDOK4vRrfRnAM4bY7H5NAiBS
|
||||
1eXJ/MCZ2uPfpl7XK2BU9P69KdKUk5WHxdRchVvcDg==
|
||||
-----END RSA PRIVATE KEY-----
|
@ -9,6 +9,7 @@
|
||||
#include <ctype.h>
|
||||
#include <cyassl/ssl.h>
|
||||
#include <cyassl/ctaocrypt/types.h>
|
||||
#include <cyassl/ctaocrypt/error-crypt.h>
|
||||
|
||||
#ifdef ATOMIC_USER
|
||||
#include <cyassl/ctaocrypt/aes.h>
|
||||
@ -894,6 +895,25 @@ static INLINE int myVerify(int preverify, CYASSL_X509_STORE_CTX* store)
|
||||
#endif /* VERIFY_CALLBACK */
|
||||
|
||||
|
||||
static INLINE int myDateCb(int preverify, CYASSL_X509_STORE_CTX* store)
|
||||
{
|
||||
(void)preverify;
|
||||
char buffer[CYASSL_MAX_ERROR_SZ];
|
||||
|
||||
printf("In verification callback, error = %d, %s\n", store->error,
|
||||
CyaSSL_ERR_error_string(store->error, buffer));
|
||||
printf("Subject's domain name is %s\n", store->domain);
|
||||
|
||||
if (store->error == ASN_BEFORE_DATE_E || store->error == ASN_AFTER_DATE_E) {
|
||||
printf("Overriding cert date error as example for bad clock testing\n");
|
||||
return 1;
|
||||
}
|
||||
printf("Cert error is not date error, not overriding\n");
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
#ifdef HAVE_CRL
|
||||
|
||||
static INLINE void CRL_CallBack(const char* url)
|
||||
|
@ -128,6 +128,7 @@ static void Usage(void)
|
||||
printf("-s Use pre Shared keys\n");
|
||||
printf("-t Track CyaSSL memory use\n");
|
||||
printf("-d Disable peer checks\n");
|
||||
printf("-D Override Date Errors example\n");
|
||||
printf("-g Send server HTTP GET\n");
|
||||
printf("-u Use UDP DTLS,"
|
||||
" add -v 2 for DTLSv1 (default), -v 3 for DTLSv1.2\n");
|
||||
@ -197,6 +198,7 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
|
||||
int fewerPackets = 0;
|
||||
int atomicUser = 0;
|
||||
int pkCallbacks = 0;
|
||||
int overrideDateErrors = 0;
|
||||
char* cipherList = NULL;
|
||||
const char* verifyCert = caCert;
|
||||
const char* ourCert = cliCert;
|
||||
@ -238,7 +240,7 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
|
||||
StackTrap();
|
||||
|
||||
while ((ch = mygetopt(argc, argv,
|
||||
"?gdusmNrtfxUPh:p:v:l:A:c:k:b:zS:L:ToO:")) != -1) {
|
||||
"?gdDusmNrtfxUPh:p:v:l:A:c:k:b:zS:L:ToO:")) != -1) {
|
||||
switch (ch) {
|
||||
case '?' :
|
||||
Usage();
|
||||
@ -252,6 +254,10 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
|
||||
doPeerCheck = 0;
|
||||
break;
|
||||
|
||||
case 'D' :
|
||||
overrideDateErrors = 1;
|
||||
break;
|
||||
|
||||
case 'u' :
|
||||
doDTLS = 1;
|
||||
break;
|
||||
@ -545,6 +551,8 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
|
||||
#if !defined(NO_CERTS)
|
||||
if (!usePsk && doPeerCheck == 0)
|
||||
CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
|
||||
if (!usePsk && overrideDateErrors == 1)
|
||||
CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myDateCb);
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
|
Loading…
Reference in New Issue
Block a user