1#! /usr/bin/env perl 2# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. 3# 4# Licensed under the Apache License 2.0 (the "License"). You may not use 5# this file except in compliance with the License. You can obtain a copy 6# in the file LICENSE in the source distribution or at 7# https://www.openssl.org/source/license.html 8 9 10use strict; 11use warnings; 12 13use File::Copy; 14use File::Spec::Functions qw/:DEFAULT canonpath/; 15use OpenSSL::Test qw/:DEFAULT srctop_file/; 16 17setup("test_x509_store"); 18 19#If "openssl rehash -help" fails it's most likely because we're on a platform 20#that doesn't support the rehash command (e.g. Windows) 21plan skip_all => "test_rehash is not available on this platform" 22 unless run(app(["openssl", "rehash", "-help"])); 23 24# We use 'openssl verify' for these tests, as it contains everything 25# we need to conduct these tests. The tests here are a subset of the 26# ones found in 25-test_verify.t 27 28sub verify { 29 my ($cert, $purpose, $trustedpath, $untrusted, @opts) = @_; 30 my @args = qw(openssl verify -auth_level 1 -purpose); 31 my @path = qw(test certs); 32 push(@args, "$purpose", @opts); 33 push(@args, "-CApath", $trustedpath); 34 for (@$untrusted) { push(@args, "-untrusted", srctop_file(@path, "$_.pem")) } 35 push(@args, srctop_file(@path, "$cert.pem")); 36 run(app([@args])); 37} 38 39plan tests => 3; 40 41indir "60-test_x509_store" => sub { 42 for (("root-cert")) { 43 copy(srctop_file("test", "certs", "$_.pem"), curdir()); 44 } 45 ok(run(app([qw(openssl rehash), curdir()])), "Rehashing"); 46 47 # Canonical success 48 ok(verify("ee-cert", "sslserver", curdir(), ["ca-cert"], "-show_chain"), 49 "verify ee-cert"); 50 51 # Failure because root cert not present in CApath 52 ok(!verify("ca-root2", "any", curdir(), [], "-show_chain")); 53}, create => 1, cleanup => 1; 54