xref: /freebsd/crypto/openssl/test/recipes/60-test_x509_store.t (revision 7fdf597e96a02165cfe22ff357b857d5fa15ed8a)
1#! /usr/bin/env perl
2# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
3#
4# Licensed under the Apache License 2.0 (the "License").  You may not use
5# this file except in compliance with the License.  You can obtain a copy
6# in the file LICENSE in the source distribution or at
7# https://www.openssl.org/source/license.html
8
9
10use strict;
11use warnings;
12
13use File::Copy;
14use File::Spec::Functions qw/:DEFAULT canonpath/;
15use OpenSSL::Test qw/:DEFAULT srctop_file/;
16
17setup("test_x509_store");
18
19#If "openssl rehash -help" fails it's most likely because we're on a platform
20#that doesn't support the rehash command (e.g. Windows)
21plan skip_all => "test_rehash is not available on this platform"
22    unless run(app(["openssl", "rehash", "-help"]));
23
24# We use 'openssl verify' for these tests, as it contains everything
25# we need to conduct these tests.  The tests here are a subset of the
26# ones found in 25-test_verify.t
27
28sub verify {
29    my ($cert, $purpose, $trustedpath, $untrusted, @opts) = @_;
30    my @args = qw(openssl verify -auth_level 1 -purpose);
31    my @path = qw(test certs);
32    push(@args, "$purpose", @opts);
33    push(@args, "-CApath", $trustedpath);
34    for (@$untrusted) { push(@args, "-untrusted", srctop_file(@path, "$_.pem")) }
35    push(@args, srctop_file(@path, "$cert.pem"));
36    run(app([@args]));
37}
38
39plan tests => 3;
40
41indir "60-test_x509_store" => sub {
42    for (("root-cert")) {
43        copy(srctop_file("test", "certs", "$_.pem"), curdir());
44    }
45    ok(run(app([qw(openssl rehash), curdir()])), "Rehashing");
46
47    # Canonical success
48    ok(verify("ee-cert", "sslserver", curdir(), ["ca-cert"], "-show_chain"),
49       "verify ee-cert");
50
51    # Failure because root cert not present in CApath
52    ok(!verify("ca-root2", "any", curdir(), [], "-show_chain"));
53}, create => 1, cleanup => 1;
54