mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
* import.c (check_and_store): Do a full validation if
--with-validation is set. * certchain.c (gpgsm_basic_cert_check): Print more detailed error messages. * certcheck.c (do_encode_md): Partly support DSA. Add new arg PKALGO. Changed all callers to pass it. (pk_algo_from_sexp): New. tests/pkits: New directory
This commit is contained in:
parent
f5799d0170
commit
066352a6a5
@ -1,3 +1,8 @@
|
||||
2004-08-16 Werner Koch <wk@g10code.de>
|
||||
|
||||
* configure.ac: Build Makefile for tests/pkits. New option
|
||||
--with-pkits-tests.
|
||||
|
||||
2004-08-05 Werner Koch <wk@g10code.de>
|
||||
|
||||
* configure.ac: Changed tests for libusb to also suuport the
|
||||
|
3
NEWS
3
NEWS
@ -1,6 +1,9 @@
|
||||
Noteworthy changes in version 1.9.11
|
||||
-------------------------------------------------
|
||||
|
||||
* When using --import along with --with-validation, the imported
|
||||
certificates are validated and only imported if they are fully
|
||||
valid.
|
||||
|
||||
Noteworthy changes in version 1.9.10 (2004-07-22)
|
||||
-------------------------------------------------
|
||||
|
7
TODO
7
TODO
@ -35,6 +35,8 @@ might want to have an agent context for each service request
|
||||
while gpg-protect-tool wants to pop up the pinentry. Solution is
|
||||
to release the connection. This is not trivial, thus we are going
|
||||
to do that while changing gpgsm to allow concurrent operations.
|
||||
** support the anyPolicy semantic
|
||||
** Check that we are really following the verification procedures in rfc3280.
|
||||
|
||||
* sm/keydb.c
|
||||
** Check file permissions
|
||||
@ -44,14 +46,15 @@ might want to have an agent context for each service request
|
||||
|
||||
* agent/gpg-agent.c
|
||||
** A SIGHUP should also restart the scdaemon
|
||||
But do this only after all connections terminated.
|
||||
As of now we only send a RESET.
|
||||
But do this only after all connections terminated. As of now we
|
||||
only send a RESET.
|
||||
|
||||
* agent/command.c
|
||||
** Make sure that secure memory is used where appropriate
|
||||
|
||||
* agent/pkdecrypt.c, agent/pksign.c
|
||||
** Don't use stdio to return results.
|
||||
** Support DSA
|
||||
|
||||
* agent/divert-scd.c
|
||||
Remove the agent_reset_scd kludge.
|
||||
|
21
configure.ac
21
configure.ac
@ -940,6 +940,14 @@ else
|
||||
fi
|
||||
AC_SUBST(ZLIBS)
|
||||
|
||||
|
||||
# See wether we want to run the long test suite.
|
||||
AC_ARG_WITH(pkits-tests,
|
||||
AC_HELP_STRING([--with-pkits-tests],[run the PKITS based tests]),
|
||||
[run_pkits_tests=$withval], [run_pkits_tests=no])
|
||||
AM_CONDITIONAL(RUN_PKITS_TESTS, test "$run_pkits_tests" = "yes")
|
||||
|
||||
|
||||
# Allow users to append something to the version string without
|
||||
# flagging it as development version. The user version parts is
|
||||
# considered everything after a dash.
|
||||
@ -1121,6 +1129,7 @@ scd/Makefile
|
||||
tools/Makefile
|
||||
doc/Makefile
|
||||
tests/Makefile
|
||||
tests/pkits/Makefile
|
||||
])
|
||||
AC_OUTPUT
|
||||
|
||||
@ -1137,10 +1146,12 @@ echo "
|
||||
Agent: $build_agent $build_agent_threaded
|
||||
Smartcard: $build_scdaemon $build_scdaemon_extra
|
||||
|
||||
Protect tool: $show_gnupg_protect_tool_pgm
|
||||
Default agent: $show_gnupg_agent_pgm
|
||||
Default pinentry: $show_gnupg_pinentry_pgm
|
||||
Default scdaemon: $show_gnupg_scdaemon_pgm
|
||||
Default dirmngr: $show_gnupg_dirmngr_pgm
|
||||
Protect tool: $show_gnupg_protect_tool_pgm
|
||||
Default agent: $show_gnupg_agent_pgm
|
||||
Default pinentry: $show_gnupg_pinentry_pgm
|
||||
Default scdaemon: $show_gnupg_scdaemon_pgm
|
||||
Default dirmngr: $show_gnupg_dirmngr_pgm
|
||||
|
||||
PKITS based tests: $run_pkits_tests
|
||||
"
|
||||
|
||||
|
@ -360,6 +360,12 @@ When doing a key listing, do a full validation check for each key and
|
||||
print the result. This is usually a slow operation because it
|
||||
requires a CRL lookup and other operations.
|
||||
|
||||
When used along with --import, a validation of the certificate to
|
||||
import is done and only imported if it succeeds the test. Note that
|
||||
this does not affect an already available cwertificate in the DB.
|
||||
This option is therefore useful to simply verify a certificate.
|
||||
|
||||
|
||||
@item --with-md5-fingerprint
|
||||
For standard key listings, also print the MD5 fingerprint of the
|
||||
certificate.
|
||||
@ -470,6 +476,12 @@ This is actually not a debugging option but only useful as such. It
|
||||
lets gpgsm ignore all notAfter dates, this is used by the regresssion
|
||||
tests.
|
||||
|
||||
@item --fixed-passphrase @var{string}
|
||||
@opindex fixed-passphrase
|
||||
Supply the passphrase @var{string} to the gpg-protect-tool. This
|
||||
option is only useful for the regression tests included with this
|
||||
package and may be revised or removed at any time without notice.
|
||||
|
||||
@end table
|
||||
|
||||
All the long options may also be given in the configuration file after
|
||||
|
56
po/de.po
56
po/de.po
@ -10,7 +10,7 @@ msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: gnupg2 1.9.10\n"
|
||||
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
|
||||
"POT-Creation-Date: 2004-07-22 09:54+0200\n"
|
||||
"POT-Creation-Date: 2004-08-05 11:31+0200\n"
|
||||
"PO-Revision-Date: 2004-07-22 10:05+0200\n"
|
||||
"Last-Translator: Werner Koch <wk@gnupg.org>\n"
|
||||
"Language-Team: de\n"
|
||||
@ -18,7 +18,7 @@ msgstr ""
|
||||
"Content-Type: text/plain; charset=iso-8859-1\n"
|
||||
"Content-Transfer-Encoding: 8bit\n"
|
||||
|
||||
#: agent/gpg-agent.c:96 agent/protect-tool.c:94 scd/scdaemon.c:92
|
||||
#: agent/gpg-agent.c:96 agent/protect-tool.c:94 scd/scdaemon.c:93
|
||||
msgid ""
|
||||
"@Options:\n"
|
||||
" "
|
||||
@ -26,28 +26,28 @@ msgstr ""
|
||||
"@Optionen:\n"
|
||||
" "
|
||||
|
||||
#: agent/gpg-agent.c:98 scd/scdaemon.c:94
|
||||
#: agent/gpg-agent.c:98 scd/scdaemon.c:95
|
||||
msgid "run in server mode (foreground)"
|
||||
msgstr "Im Server Modus ausführen"
|
||||
|
||||
#: agent/gpg-agent.c:99 scd/scdaemon.c:95
|
||||
#: agent/gpg-agent.c:99 scd/scdaemon.c:96
|
||||
msgid "run in daemon mode (background)"
|
||||
msgstr "Im Daemon Modus ausführen"
|
||||
|
||||
#: agent/gpg-agent.c:100 kbx/kbxutil.c:75 scd/scdaemon.c:96 sm/gpgsm.c:313
|
||||
#: agent/gpg-agent.c:100 kbx/kbxutil.c:75 scd/scdaemon.c:97 sm/gpgsm.c:313
|
||||
#: tools/gpgconf.c:62
|
||||
msgid "verbose"
|
||||
msgstr "ausführlich"
|
||||
|
||||
#: agent/gpg-agent.c:101 kbx/kbxutil.c:76 scd/scdaemon.c:97 sm/gpgsm.c:314
|
||||
#: agent/gpg-agent.c:101 kbx/kbxutil.c:76 scd/scdaemon.c:98 sm/gpgsm.c:314
|
||||
msgid "be somewhat more quiet"
|
||||
msgstr "etwas weniger Aussageb erzeugen"
|
||||
|
||||
#: agent/gpg-agent.c:102 scd/scdaemon.c:98
|
||||
#: agent/gpg-agent.c:102 scd/scdaemon.c:99
|
||||
msgid "sh-style command output"
|
||||
msgstr "Ausgabe für /bin/sh"
|
||||
|
||||
#: agent/gpg-agent.c:103 scd/scdaemon.c:99
|
||||
#: agent/gpg-agent.c:103 scd/scdaemon.c:100
|
||||
msgid "csh-style command output"
|
||||
msgstr "Ausgabe für /bin/csh"
|
||||
|
||||
@ -55,7 +55,7 @@ msgstr "Ausgabe f
|
||||
msgid "|FILE|read options from FILE"
|
||||
msgstr "|DATEI|Konfigurationsoptionen aus DATEI lesen"
|
||||
|
||||
#: agent/gpg-agent.c:109 scd/scdaemon.c:106
|
||||
#: agent/gpg-agent.c:109 scd/scdaemon.c:107
|
||||
msgid "do not detach from the console"
|
||||
msgstr "Im Vordergrund laufen lassen"
|
||||
|
||||
@ -63,7 +63,7 @@ msgstr "Im Vordergrund laufen lassen"
|
||||
msgid "do not grab keyboard and mouse"
|
||||
msgstr "Tastatur und Maus nicht \"grabben\""
|
||||
|
||||
#: agent/gpg-agent.c:111 scd/scdaemon.c:107 sm/gpgsm.c:316
|
||||
#: agent/gpg-agent.c:111 scd/scdaemon.c:108 sm/gpgsm.c:316
|
||||
msgid "use a log file for the server"
|
||||
msgstr "Logausgaben in eine Datei umlenken"
|
||||
|
||||
@ -99,12 +99,12 @@ msgstr "benutze PINs im Cache nicht bem Signieren"
|
||||
msgid "allow clients to mark keys as \"trusted\""
|
||||
msgstr "erlaube Aufrufern Schlüssel als \"vertrauenswürdig\" zu markieren"
|
||||
|
||||
#: agent/gpg-agent.c:191 agent/protect-tool.c:127 scd/scdaemon.c:165
|
||||
#: agent/gpg-agent.c:191 agent/protect-tool.c:127 scd/scdaemon.c:168
|
||||
#: sm/gpgsm.c:481 tools/gpgconf.c:85
|
||||
msgid "Please report bugs to <"
|
||||
msgstr "Fehlerberichte bitte an <"
|
||||
|
||||
#: agent/gpg-agent.c:191 agent/protect-tool.c:127 scd/scdaemon.c:165
|
||||
#: agent/gpg-agent.c:191 agent/protect-tool.c:127 scd/scdaemon.c:168
|
||||
#: sm/gpgsm.c:481 tools/gpgconf.c:85
|
||||
msgid ">.\n"
|
||||
msgstr ">.\n"
|
||||
@ -121,35 +121,35 @@ msgstr ""
|
||||
"Syntax: gpg-agent [Optionen] [Kommando [Argumente]]\n"
|
||||
"Verwaltung von geheimen Schlüssel für GnuPG\n"
|
||||
|
||||
#: agent/gpg-agent.c:267 scd/scdaemon.c:239 sm/gpgsm.c:604
|
||||
#: agent/gpg-agent.c:267 scd/scdaemon.c:242 sm/gpgsm.c:604
|
||||
#, c-format
|
||||
msgid "invalid debug-level `%s' given\n"
|
||||
msgstr "ungültige Debugebene `%s' angegeben\n"
|
||||
|
||||
#: agent/gpg-agent.c:439 agent/protect-tool.c:1040 kbx/kbxutil.c:232
|
||||
#: scd/scdaemon.c:352 sm/gpgsm.c:726
|
||||
#: scd/scdaemon.c:357 sm/gpgsm.c:726
|
||||
#, c-format
|
||||
msgid "libgcrypt is too old (need %s, have %s)\n"
|
||||
msgstr ""
|
||||
"Die Bibliothek \"libgcrypt\" is zu alt (benötigt wird %s, vorhanden ist %s)\n"
|
||||
|
||||
#: agent/gpg-agent.c:512 scd/scdaemon.c:432 sm/gpgsm.c:824
|
||||
#: agent/gpg-agent.c:512 scd/scdaemon.c:437 sm/gpgsm.c:824
|
||||
#, c-format
|
||||
msgid "NOTE: no default option file `%s'\n"
|
||||
msgstr "Notiz: Voreingestellte Konfigurationsdatei `%s' fehlt\n"
|
||||
|
||||
#: agent/gpg-agent.c:517 agent/gpg-agent.c:983 scd/scdaemon.c:437
|
||||
#: agent/gpg-agent.c:517 agent/gpg-agent.c:983 scd/scdaemon.c:442
|
||||
#: sm/gpgsm.c:828
|
||||
#, c-format
|
||||
msgid "option file `%s': %s\n"
|
||||
msgstr "Konfigurationsdatei `%s': %s\n"
|
||||
|
||||
#: agent/gpg-agent.c:525 scd/scdaemon.c:445 sm/gpgsm.c:835
|
||||
#: agent/gpg-agent.c:525 scd/scdaemon.c:450 sm/gpgsm.c:835
|
||||
#, c-format
|
||||
msgid "reading options from `%s'\n"
|
||||
msgstr "Optionen werden aus `%s' gelesen\n"
|
||||
|
||||
#: agent/gpg-agent.c:668 scd/scdaemon.c:619
|
||||
#: agent/gpg-agent.c:668 scd/scdaemon.c:630
|
||||
msgid "please use the option `--daemon' to run the program in the background\n"
|
||||
msgstr ""
|
||||
"Bitte die Option `--daemon' nutzen um das Programm im Hintergund "
|
||||
@ -362,43 +362,43 @@ msgstr ""
|
||||
"Syntax: kbxutil [Optionen] [Dateien]\n"
|
||||
"Anlistem exportieren und Importieren von KeyBox Dateien\n"
|
||||
|
||||
#: scd/scdaemon.c:100 sm/gpgsm.c:333
|
||||
#: scd/scdaemon.c:101 sm/gpgsm.c:333
|
||||
msgid "read options from file"
|
||||
msgstr "Konfigurationsoptionen aus Datei lesen"
|
||||
|
||||
#: scd/scdaemon.c:105
|
||||
#: scd/scdaemon.c:106
|
||||
msgid "|N|set OpenSC debug level to N"
|
||||
msgstr "|N|Den OpenSC Debugstufe auf N setzen"
|
||||
|
||||
#: scd/scdaemon.c:108
|
||||
#: scd/scdaemon.c:109
|
||||
msgid "|N|connect to reader at port N"
|
||||
msgstr "|N|Verbinde mit dem Leser auf Port N"
|
||||
|
||||
#: scd/scdaemon.c:109
|
||||
#: scd/scdaemon.c:110
|
||||
msgid "|NAME|use NAME as ct-API driver"
|
||||
msgstr "|NAME|Benutze NAME als CT-API Treiber"
|
||||
|
||||
#: scd/scdaemon.c:110
|
||||
#: scd/scdaemon.c:111
|
||||
msgid "|NAME|use NAME as PC/SC driver"
|
||||
msgstr "|NAME|Benutze NAME als PC/SC Treiber"
|
||||
|
||||
#: scd/scdaemon.c:113
|
||||
#: scd/scdaemon.c:114
|
||||
msgid "do not use the internal CCID driver"
|
||||
msgstr "Den internen CCID Treiber nicht benutzen"
|
||||
|
||||
#: scd/scdaemon.c:120
|
||||
#: scd/scdaemon.c:121
|
||||
msgid "do not use the OpenSC layer"
|
||||
msgstr "Den OpenSC basierten Kartenzugriff nicht nutzen"
|
||||
|
||||
#: scd/scdaemon.c:125
|
||||
#: scd/scdaemon.c:126
|
||||
msgid "allow the use of admin card commands"
|
||||
msgstr "Erlaube die Benuztung von \"Admin\" Kommandos"
|
||||
|
||||
#: scd/scdaemon.c:168
|
||||
#: scd/scdaemon.c:171
|
||||
msgid "Usage: scdaemon [options] (-h for help)"
|
||||
msgstr "Gebrauch: scdaemon [Optionen] (-h für Hilfe)"
|
||||
|
||||
#: scd/scdaemon.c:170
|
||||
#: scd/scdaemon.c:173
|
||||
msgid ""
|
||||
"Syntax: scdaemon [options] [command [args]]\n"
|
||||
"Smartcard daemon for GnuPG\n"
|
||||
|
@ -76,7 +76,7 @@ static ARGPARSE_OPTS opts[] = {
|
||||
{ oQuiet, "quiet", 0, "quiet" },
|
||||
{ oVerbose, "verbose", 0, "verbose" },
|
||||
{ oReaderPort, "reader-port", 2, "|N|connect to reader at port N"},
|
||||
{ octapiDriver, "ctapi-driver", 2, "NAME|use NAME as ctAPI driver"},
|
||||
{ octapiDriver, "ctapi-driver", 2, "|NAME|use NAME as ctAPI driver"},
|
||||
{ oDisableCCID, "disable-ccid", 0,
|
||||
#ifdef HAVE_LIBUSB
|
||||
"do not use the internal CCID driver"
|
||||
|
15
sm/ChangeLog
15
sm/ChangeLog
@ -1,5 +1,20 @@
|
||||
2004-08-17 Werner Koch <wk@g10code.de>
|
||||
|
||||
* import.c (check_and_store): Do a full validation if
|
||||
--with-validation is set.
|
||||
|
||||
* certchain.c (gpgsm_basic_cert_check): Print more detailed error
|
||||
messages.
|
||||
|
||||
* certcheck.c (do_encode_md): Partly support DSA. Add new arg
|
||||
PKALGO. Changed all callers to pass it.
|
||||
(pk_algo_from_sexp): New.
|
||||
|
||||
2004-08-16 Werner Koch <wk@g10code.de>
|
||||
|
||||
* gpgsm.c: New option --fixed-passphrase.
|
||||
* import.c (popen_protect_tool): Pass it to the protect-tool.
|
||||
|
||||
* server.c (cmd_encrypt): Use DEFAULT_RECPLIST and not recplist
|
||||
for encrypt-to keys.
|
||||
|
||||
|
@ -39,9 +39,9 @@
|
||||
#include "i18n.h"
|
||||
|
||||
|
||||
/* If LISTMODE is true, print FORMAT in liting mode to FP. If
|
||||
/* If LISTMODE is true, print FORMAT using LISTMODE to FP. If
|
||||
LISTMODE is false, use the string to print an log_info or, if
|
||||
IS_ERROR is true, an log_error. */
|
||||
IS_ERROR is true, and log_error. */
|
||||
static void
|
||||
do_list (int is_error, int listmode, FILE *fp, const char *format, ...)
|
||||
{
|
||||
@ -925,9 +925,11 @@ gpgsm_basic_cert_check (ksba_cert_t cert)
|
||||
|
||||
if (subject && !strcmp (issuer, subject))
|
||||
{
|
||||
if (gpgsm_check_cert_sig (cert, cert) )
|
||||
rc = gpgsm_check_cert_sig (cert, cert);
|
||||
if (rc)
|
||||
{
|
||||
log_error ("selfsigned certificate has a BAD signature\n");
|
||||
log_error ("selfsigned certificate has a BAD signature: %s\n",
|
||||
gpg_strerror (rc));
|
||||
rc = gpg_error (GPG_ERR_BAD_CERT);
|
||||
goto leave;
|
||||
}
|
||||
@ -960,9 +962,11 @@ gpgsm_basic_cert_check (ksba_cert_t cert)
|
||||
goto leave;
|
||||
}
|
||||
|
||||
if (gpgsm_check_cert_sig (issuer_cert, cert) )
|
||||
rc = gpgsm_check_cert_sig (issuer_cert, cert);
|
||||
if (rc)
|
||||
{
|
||||
log_error ("certificate has a BAD signature\n");
|
||||
log_error ("certificate has a BAD signature: %s\n",
|
||||
gpg_strerror (rc));
|
||||
rc = gpg_error (GPG_ERR_BAD_CERT);
|
||||
goto leave;
|
||||
}
|
||||
|
136
sm/certcheck.c
136
sm/certcheck.c
@ -1,5 +1,5 @@
|
||||
/* certcheck.c - check one certificate
|
||||
* Copyright (C) 2001, 2003 Free Software Foundation, Inc.
|
||||
* Copyright (C) 2001, 2003, 2004 Free Software Foundation, Inc.
|
||||
*
|
||||
* This file is part of GnuPG.
|
||||
*
|
||||
@ -36,51 +36,71 @@
|
||||
|
||||
|
||||
static int
|
||||
do_encode_md (gcry_md_hd_t md, int algo, unsigned int nbits,
|
||||
do_encode_md (gcry_md_hd_t md, int algo, int pkalgo, unsigned int nbits,
|
||||
gcry_mpi_t *r_val)
|
||||
{
|
||||
int nframe = (nbits+7) / 8;
|
||||
byte *frame;
|
||||
int i, n;
|
||||
byte asn[100];
|
||||
size_t asnlen;
|
||||
size_t len;
|
||||
int n, nframe;
|
||||
unsigned char *frame;
|
||||
|
||||
asnlen = DIM(asn);
|
||||
if (gcry_md_algo_info (algo, GCRYCTL_GET_ASNOID, asn, &asnlen))
|
||||
if (pkalgo == GCRY_PK_DSA)
|
||||
{
|
||||
log_error ("no object identifier for algo %d\n", algo);
|
||||
return gpg_error (GPG_ERR_INTERNAL);
|
||||
nframe = gcry_md_get_algo_dlen (algo);
|
||||
if (nframe != 20)
|
||||
{
|
||||
log_error (_("DSA requires the use of a 160 bit hash algorithm\n"));
|
||||
return gpg_error (GPG_ERR_INTERNAL);
|
||||
}
|
||||
frame = xtrymalloc (nframe);
|
||||
if (!frame)
|
||||
return OUT_OF_CORE (errno);
|
||||
memcpy (frame, gcry_md_read (md, algo), nframe);
|
||||
n = nframe;
|
||||
}
|
||||
|
||||
len = gcry_md_get_algo_dlen (algo);
|
||||
|
||||
if ( len + asnlen + 4 > nframe )
|
||||
else
|
||||
{
|
||||
log_error ("can't encode a %d bit MD into a %d bits frame\n",
|
||||
(int)(len*8), (int)nbits);
|
||||
return gpg_error (GPG_ERR_INTERNAL);
|
||||
}
|
||||
int i;
|
||||
unsigned char asn[100];
|
||||
size_t asnlen;
|
||||
size_t len;
|
||||
|
||||
/* We encode the MD in this way:
|
||||
*
|
||||
* 0 A PAD(n bytes) 0 ASN(asnlen bytes) MD(len bytes)
|
||||
*
|
||||
* PAD consists of FF bytes.
|
||||
*/
|
||||
frame = xtrymalloc (nframe);
|
||||
if (!frame)
|
||||
return OUT_OF_CORE (errno);
|
||||
n = 0;
|
||||
frame[n++] = 0;
|
||||
frame[n++] = 1; /* block type */
|
||||
i = nframe - len - asnlen -3 ;
|
||||
assert ( i > 1 );
|
||||
memset ( frame+n, 0xff, i ); n += i;
|
||||
frame[n++] = 0;
|
||||
memcpy ( frame+n, asn, asnlen ); n += asnlen;
|
||||
memcpy ( frame+n, gcry_md_read(md, algo), len ); n += len;
|
||||
assert ( n == nframe );
|
||||
nframe = (nbits+7) / 8;
|
||||
|
||||
asnlen = DIM(asn);
|
||||
if (gcry_md_algo_info (algo, GCRYCTL_GET_ASNOID, asn, &asnlen))
|
||||
{
|
||||
log_error ("no object identifier for algo %d\n", algo);
|
||||
return gpg_error (GPG_ERR_INTERNAL);
|
||||
}
|
||||
|
||||
len = gcry_md_get_algo_dlen (algo);
|
||||
|
||||
if ( len + asnlen + 4 > nframe )
|
||||
{
|
||||
log_error ("can't encode a %d bit MD into a %d bits frame\n",
|
||||
(int)(len*8), (int)nbits);
|
||||
return gpg_error (GPG_ERR_INTERNAL);
|
||||
}
|
||||
|
||||
/* We encode the MD in this way:
|
||||
*
|
||||
* 0 A PAD(n bytes) 0 ASN(asnlen bytes) MD(len bytes)
|
||||
*
|
||||
* PAD consists of FF bytes.
|
||||
*/
|
||||
frame = xtrymalloc (nframe);
|
||||
if (!frame)
|
||||
return OUT_OF_CORE (errno);
|
||||
n = 0;
|
||||
frame[n++] = 0;
|
||||
frame[n++] = 1; /* block type */
|
||||
i = nframe - len - asnlen -3 ;
|
||||
assert ( i > 1 );
|
||||
memset ( frame+n, 0xff, i ); n += i;
|
||||
frame[n++] = 0;
|
||||
memcpy ( frame+n, asn, asnlen ); n += asnlen;
|
||||
memcpy ( frame+n, gcry_md_read(md, algo), len ); n += len;
|
||||
assert ( n == nframe );
|
||||
}
|
||||
if (DBG_X509)
|
||||
{
|
||||
int j;
|
||||
@ -95,6 +115,38 @@ do_encode_md (gcry_md_hd_t md, int algo, unsigned int nbits,
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Return the public key algorithm id from the S-expression PKEY.
|
||||
FIXME: libgcrypt should provide such a function. Note that this
|
||||
implementation uses the names as used by libksba. */
|
||||
static int
|
||||
pk_algo_from_sexp (gcry_sexp_t pkey)
|
||||
{
|
||||
gcry_sexp_t l1, l2;
|
||||
const char *name;
|
||||
size_t n;
|
||||
int algo;
|
||||
|
||||
l1 = gcry_sexp_find_token (pkey, "public-key", 0);
|
||||
if (!l1)
|
||||
return 0; /* Not found. */
|
||||
l2 = gcry_sexp_cadr (l1);
|
||||
gcry_sexp_release (l1);
|
||||
|
||||
name = gcry_sexp_nth_data (l2, 0, &n);
|
||||
if (!name)
|
||||
algo = 0; /* Not found. */
|
||||
else if (n==3 && !memcmp (name, "rsa", 3))
|
||||
algo = GCRY_PK_RSA;
|
||||
else if (n==3 && !memcmp (name, "dsa", 3))
|
||||
algo = GCRY_PK_DSA;
|
||||
else if (n==13 && !memcmp (name, "ambiguous-rsa", 13))
|
||||
algo = GCRY_PK_RSA;
|
||||
else
|
||||
algo = 0;
|
||||
gcry_sexp_release (l2);
|
||||
return algo;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
Check the signature on CERT using the ISSUER-CERT. This function
|
||||
@ -182,7 +234,8 @@ gpgsm_check_cert_sig (ksba_cert_t issuer_cert, ksba_cert_t cert)
|
||||
return rc;
|
||||
}
|
||||
|
||||
rc = do_encode_md (md, algo, gcry_pk_get_nbits (s_pkey), &frame);
|
||||
rc = do_encode_md (md, algo, pk_algo_from_sexp (s_pkey),
|
||||
gcry_pk_get_nbits (s_pkey), &frame);
|
||||
if (rc)
|
||||
{
|
||||
gcry_md_close (md);
|
||||
@ -254,7 +307,8 @@ gpgsm_check_cms_signature (ksba_cert_t cert, ksba_const_sexp_t sigval,
|
||||
}
|
||||
|
||||
|
||||
rc = do_encode_md (md, algo, gcry_pk_get_nbits (s_pkey), &frame);
|
||||
rc = do_encode_md (md, algo, pk_algo_from_sexp (s_pkey),
|
||||
gcry_pk_get_nbits (s_pkey), &frame);
|
||||
if (rc)
|
||||
{
|
||||
gcry_sexp_release (s_sig);
|
||||
|
@ -95,6 +95,7 @@ enum cmd_and_opt_values {
|
||||
oDebugAllowCoreDump,
|
||||
oDebugNoChainValidation,
|
||||
oDebugIgnoreExpiration,
|
||||
oFixedPassphrase,
|
||||
oLogFile,
|
||||
|
||||
oEnableSpecialFilenames,
|
||||
@ -340,6 +341,7 @@ static ARGPARSE_OPTS opts[] = {
|
||||
{ oDebugAllowCoreDump, "debug-allow-core-dump", 0, "@" },
|
||||
{ oDebugNoChainValidation, "debug-no-chain-validation", 0, "@"},
|
||||
{ oDebugIgnoreExpiration, "debug-ignore-expiration", 0, "@"},
|
||||
{ oFixedPassphrase, "fixed-passphrase", 2, "@"},
|
||||
{ oStatusFD, "status-fd" ,1, N_("|FD|write status info to this FD") },
|
||||
{ aDummy, "no-comment", 0, "@"},
|
||||
{ aDummy, "completes-needed", 1, "@"},
|
||||
@ -706,6 +708,7 @@ main ( int argc, char **argv)
|
||||
CERTLIST signerlist = NULL;
|
||||
int do_not_setup_keys = 0;
|
||||
|
||||
|
||||
/* trap_unaligned ();*/
|
||||
set_strusage (my_strusage);
|
||||
gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
|
||||
@ -802,10 +805,10 @@ main ( int argc, char **argv)
|
||||
ctrl.status_fd = -1; /* not status output */
|
||||
ctrl.autodetect_encoding = 1;
|
||||
|
||||
/* set the default option file */
|
||||
/* Set the default option file */
|
||||
if (default_config )
|
||||
configname = make_filename (opt.homedir, "gpgsm.conf", NULL);
|
||||
/* cet the default policy file */
|
||||
/* Set the default policy file */
|
||||
opt.policy_file = make_filename (opt.homedir, "policies.txt", NULL);
|
||||
|
||||
argc = orig_argc;
|
||||
@ -1019,6 +1022,7 @@ main ( int argc, char **argv)
|
||||
break;
|
||||
case oDebugNoChainValidation: opt.no_chain_validation = 1; break;
|
||||
case oDebugIgnoreExpiration: opt.ignore_expiration = 1; break;
|
||||
case oFixedPassphrase: opt.fixed_passphrase = pargs.r.ret_str; break;
|
||||
|
||||
case oStatusFD: ctrl.status_fd = pargs.r.ret_int; break;
|
||||
case oLoggerFD: log_set_fd (pargs.r.ret_int ); break;
|
||||
|
@ -100,6 +100,7 @@ struct {
|
||||
int no_policy_check; /* ignore certificate policies */
|
||||
int no_chain_validation; /* Bypass all cert chain validity tests */
|
||||
int ignore_expiration; /* Ignore the notAfter validity checks. */
|
||||
char *fixed_passphrase; /* Passphrase used by regression tests. */
|
||||
|
||||
int auto_issuer_key_retrieve; /* try to retrieve a missing issuer key. */
|
||||
} opt;
|
||||
|
39
sm/import.c
39
sm/import.c
@ -172,13 +172,19 @@ check_and_store (CTRL ctrl, struct stats_s *stats, ksba_cert_t cert, int depth)
|
||||
|
||||
/* Some basic checks, but don't care about missing certificates;
|
||||
this is so that we are able to import entire certificate chains
|
||||
w/o requirening a special order (i.e. root-CA first). This used
|
||||
w/o requiring a special order (i.e. root-CA first). This used
|
||||
to be different but because gpgsm_verify even imports
|
||||
certificates without any checks, it doesn't matter much and the
|
||||
code gets much cleaner. A housekeeping function to remove
|
||||
certificates w/o an anchor would be nice, though. */
|
||||
certificates w/o an anchor would be nice, though.
|
||||
|
||||
Optionally we do a full validation in addition to the basic test.
|
||||
*/
|
||||
rc = gpgsm_basic_cert_check (cert);
|
||||
if (!rc || gpg_err_code (rc) == GPG_ERR_MISSING_CERT)
|
||||
if (!rc && ctrl->with_validation)
|
||||
rc = gpgsm_validate_chain (ctrl, cert, NULL, 0, NULL, 0);
|
||||
if (!rc || (!ctrl->with-validation
|
||||
&& gpg_err_code (rc) == GPG_ERR_MISSING_CERT) )
|
||||
{
|
||||
int existed;
|
||||
|
||||
@ -527,14 +533,25 @@ popen_protect_tool (const char *pgmname,
|
||||
|
||||
setup_pinentry_env ();
|
||||
|
||||
execlp (pgmname, arg0,
|
||||
"--homedir", opt.homedir,
|
||||
"--p12-import",
|
||||
"--store",
|
||||
"--no-fail-on-exist",
|
||||
"--enable-status-msg",
|
||||
"--",
|
||||
NULL);
|
||||
if (opt.fixed_passphrase)
|
||||
execlp (pgmname, arg0,
|
||||
"--homedir", opt.homedir,
|
||||
"--p12-import",
|
||||
"--store",
|
||||
"--no-fail-on-exist",
|
||||
"--enable-status-msg",
|
||||
"--passphrase", opt.fixed_passphrase,
|
||||
"--",
|
||||
NULL);
|
||||
else
|
||||
execlp (pgmname, arg0,
|
||||
"--homedir", opt.homedir,
|
||||
"--p12-import",
|
||||
"--store",
|
||||
"--no-fail-on-exist",
|
||||
"--enable-status-msg",
|
||||
"--",
|
||||
NULL);
|
||||
/* No way to print anything, as we have closed all streams. */
|
||||
_exit (31);
|
||||
}
|
||||
|
@ -1,3 +1,7 @@
|
||||
2004-08-16 Werner Koch <wk@g10code.de>
|
||||
|
||||
* Makefile.am: Descend into the new pkits directory
|
||||
|
||||
2004-02-20 Werner Koch <wk@gnupg.org>
|
||||
|
||||
* Makefile.am: Reset GPG_AGENT_INFO here
|
||||
|
18
tests/pkits/ChangeLog
Normal file
18
tests/pkits/ChangeLog
Normal file
@ -0,0 +1,18 @@
|
||||
2004-08-16 Werner Koch <wk@g10code.de>
|
||||
|
||||
Started implementing PKITS based tests.
|
||||
|
||||
|
||||
Copyright 2004 Free Software Foundation, Inc.
|
||||
|
||||
This file is free software; as a special exception the author gives
|
||||
unlimited permission to copy and/or distribute it, with or without
|
||||
modifications, as long as this notice is preserved.
|
||||
|
||||
This file is distributed in the hope that it will be useful, but
|
||||
WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
|
||||
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
||||
|
||||
|
||||
|
||||
|
69
tests/pkits/Makefile.am
Normal file
69
tests/pkits/Makefile.am
Normal file
@ -0,0 +1,69 @@
|
||||
# Makefile.am - tests using NIST's PKITS
|
||||
# Copyright (C) 2004 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is part of GnuPG.
|
||||
#
|
||||
# GnuPG is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# GnuPG is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
|
||||
|
||||
## Process this file with automake to produce Makefile.in
|
||||
|
||||
GPGSM = ../../sm/gpgsm
|
||||
|
||||
TESTS_ENVIRONMENT = GNUPGHOME=`pwd` GPG_AGENT_INFO= LC_ALL=C GPGSM=$(GPGSM) \
|
||||
LD_LIBRARY_PATH=$$(seen=0; \
|
||||
for i in $(LDFLAGS) $(LIBGCRYPT_LIBS) $(PTH_LIBS); \
|
||||
do \
|
||||
if echo "$$i" | egrep '^-L' >/dev/null 2>&1; \
|
||||
then \
|
||||
if test $$seen = 0; \
|
||||
then \
|
||||
seen=1; \
|
||||
else \
|
||||
printf ":"; \
|
||||
fi; \
|
||||
printf "%s" "$${i}" | sed 's/^-L//'; \
|
||||
fi; \
|
||||
done; \
|
||||
if test $$seen != 0 \
|
||||
&& test x$${LD_LIBRARY_PATH} != x; \
|
||||
then \
|
||||
printf ":"; \
|
||||
fi; \
|
||||
printf "%s" "$${LD_LIBRARY_PATH}") $(srcdir)/runtest
|
||||
|
||||
|
||||
|
||||
testscripts = import-all-certs validate-all-certs
|
||||
|
||||
|
||||
|
||||
EXTRA_DIST = PKITS_data.tar.bz2 inittests runtest $(testscripts)
|
||||
import-all-certs.data
|
||||
|
||||
TESTS = $(testscripts)
|
||||
|
||||
CLEANFILES = inittests.stamp x y y z out err *.lock .\#lk* *.log
|
||||
|
||||
DISTCLEANFILES = pubring.kbx~ random_seed
|
||||
|
||||
all-local: inittests.stamp
|
||||
|
||||
clean-local:
|
||||
srcdir=$(srcdir) $(TESTS_ENVIRONMENT) $(srcdir)/inittests --clean
|
||||
|
||||
inittests.stamp: inittests
|
||||
srcdir=$(srcdir) $(TESTS_ENVIRONMENT) $(srcdir)/inittests
|
||||
echo timestamp >./inittests.stamp
|
||||
|
BIN
tests/pkits/PKITS_data.tar.bz2
Normal file
BIN
tests/pkits/PKITS_data.tar.bz2
Normal file
Binary file not shown.
9
tests/pkits/README
Normal file
9
tests/pkits/README
Normal file
@ -0,0 +1,9 @@
|
||||
tests/pkits/README
|
||||
|
||||
These are tests based on NIST's Public Key Interoperability Test Suite
|
||||
(PKITS) as downloaded on 2004-08-16 from
|
||||
http://csrc.nist.gov/pki/testing/x509paths.html .
|
||||
|
||||
README - this file.
|
||||
PKITS_data.tar.bz2 - the orginal ZIP file, repackaged as a tarball.
|
||||
Makefile.am - Part of our build system.
|
135
tests/pkits/common.sh
Normal file
135
tests/pkits/common.sh
Normal file
@ -0,0 +1,135 @@
|
||||
#!/bin/sh
|
||||
# common.sh - common defs for all tests -*- sh -*-
|
||||
# Copyright (C) 2004 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is part of GnuPG.
|
||||
#
|
||||
# GnuPG is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# GnuPG is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
|
||||
|
||||
# reset some environment variables because we do not want to test locals
|
||||
export LANG=C
|
||||
export LANGUAGE=C
|
||||
export LC_ALL=C
|
||||
|
||||
|
||||
[ "$VERBOSE" = yes ] && set -x
|
||||
[ -z "$srcdir" ] && srcdir="."
|
||||
[ -z "$top_srcdir" ] && top_srcdir=".."
|
||||
[ -z "$GPGSM" ] && GPGSM="../../sm/gpgsm"
|
||||
|
||||
|
||||
if [ "$GNUPGHOME" != "`pwd`" ]; then
|
||||
echo "inittests: please set GNUPGHOME to the tests/pkits directory" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ -n "$GPG_AGENT_INFO" ]; then
|
||||
echo "inittests: please unset GPG_AGENT_INFO" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
||||
|
||||
#--------------------------------
|
||||
#------ utility functions -------
|
||||
#--------------------------------
|
||||
|
||||
echo_n_init=no
|
||||
echo_n () {
|
||||
if test "$echo_n_init" = "no"; then
|
||||
if (echo "testing\c"; echo 1,2,3) | grep c >/dev/null; then
|
||||
if (echo -n testing; echo 1,2,3) | sed s/-n/xn/ | grep xn >/dev/null; then
|
||||
echo_n_n=
|
||||
echo_n_c='
|
||||
'
|
||||
else
|
||||
echo_n_n='-n'
|
||||
echo_n_c=
|
||||
fi
|
||||
else
|
||||
echo_n_n=
|
||||
echo_n_c='\c'
|
||||
fi
|
||||
echo_n_init=yes
|
||||
fi
|
||||
echo $echo_n_n "${1}$echo_n_c"
|
||||
}
|
||||
|
||||
fatal () {
|
||||
echo "$pgmname: fatal:" $* >&2
|
||||
exit 1;
|
||||
}
|
||||
|
||||
error () {
|
||||
echo "$pgmname:" $* >&2
|
||||
exit 1
|
||||
}
|
||||
|
||||
info () {
|
||||
echo "$pgmname:" $* >&2
|
||||
}
|
||||
|
||||
info_n () {
|
||||
$echo_n "$pgmname:" $* >&2
|
||||
}
|
||||
|
||||
pass () {
|
||||
echo "PASS: " $* >&2
|
||||
pass_count=`expr ${pass_count} + 1`
|
||||
}
|
||||
|
||||
fail () {
|
||||
echo "FAIL: " $* >&2
|
||||
fail_count=`expr ${fail_count} + 1`
|
||||
}
|
||||
|
||||
unresolved () {
|
||||
echo "UNRESOLVED: " $* >&2
|
||||
unresolved_count=`expr ${unresolved_count} + 1`
|
||||
}
|
||||
|
||||
unsupported () {
|
||||
echo "UNSUPPORTED: " $* >&2
|
||||
unsupported_count=`expr ${unsupported_count} + 1`
|
||||
}
|
||||
|
||||
|
||||
final_result () {
|
||||
[ $pass_count = 0 ] || info "$pass_count tests passed"
|
||||
[ $fail_count = 0 ] || info "$fail_count tests failed"
|
||||
[ $unresolved_count = 0 ] || info "$unresolved_count tests unresolved"
|
||||
[ $unsupported_count = 0 ] || info "$unsupported_count tests unsupported"
|
||||
if [ $fail_count = 0 ]; then
|
||||
info "all tests passed"
|
||||
else
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
set -e
|
||||
|
||||
pgmname=`basename $0`
|
||||
|
||||
pass_count=0
|
||||
fail_count=0
|
||||
unresolved_count=0
|
||||
unsupported_count=0
|
||||
|
||||
|
||||
#trap cleanup SIGHUP SIGINT SIGQUIT
|
||||
exec 2> ${pgmname}.log
|
||||
|
||||
:
|
||||
# end
|
53
tests/pkits/import-all-certs
Executable file
53
tests/pkits/import-all-certs
Executable file
@ -0,0 +1,53 @@
|
||||
#!/bin/sh
|
||||
# Copyright (C) 2004 Free Software Foundation, Inc. -*- sh -*-
|
||||
#
|
||||
# This file is part of GnuPG.
|
||||
#
|
||||
# GnuPG is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# GnuPG is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
|
||||
|
||||
. ${srcdir:-.}/common.sh || exit 2
|
||||
|
||||
while read flag dummy name; do
|
||||
case $flag in \#*) continue;; esac
|
||||
[ -z "$flag" ] && continue;
|
||||
|
||||
if ${GPGSM} -q --import certs/$name ; then
|
||||
if [ "$flag" = 'p' ]; then
|
||||
pass "importing certificate \`$name' succeeded"
|
||||
elif [ "$flag" = 'f' ]; then
|
||||
fail "importing certificate \`$name' succeeded"
|
||||
elif [ "$flag" = '?' ]; then
|
||||
unresolved "importing certificate \`$name' succeeded"
|
||||
elif [ "$flag" = 'u' ]; then
|
||||
unsupported "importing certificate \`$name' succeeded"
|
||||
else
|
||||
info "importing certificate \`$name' succeeded - (flag=$flag)"
|
||||
fi
|
||||
else
|
||||
if [ "$flag" = 'p' ]; then
|
||||
fail "importing certificate \`$name' failed"
|
||||
elif [ "$flag" = 'f' ]; then
|
||||
pass "importing certificate \`$name' failed"
|
||||
elif [ "$flag" = '?' ]; then
|
||||
unresolved "importing certificate \`$name' failed"
|
||||
elif [ "$flag" = 'u' ]; then
|
||||
unsupported "importing certificate \`$name' failed"
|
||||
else
|
||||
info "importing certificate \`$name' failed - (flag=$flag)"
|
||||
fi
|
||||
fi
|
||||
done < $srcdir/import-all-certs.data
|
||||
|
||||
final_result
|
490
tests/pkits/import-all-certs.data
Normal file
490
tests/pkits/import-all-certs.data
Normal file
@ -0,0 +1,490 @@
|
||||
# The first column is for the basic import test, the second for a
|
||||
# validation test.
|
||||
|
||||
# Make sure that the root certificate is imported first
|
||||
p p TrustAnchorRootCertificate.crt
|
||||
|
||||
p p AllCertificatesNoPoliciesTest2EE.crt
|
||||
p p AllCertificatesSamePoliciesTest10EE.crt
|
||||
p p AllCertificatesSamePoliciesTest13EE.crt
|
||||
p p AllCertificatesanyPolicyTest11EE.crt
|
||||
p p AnyPolicyTest14EE.crt
|
||||
p p BadCRLIssuerNameCACert.crt
|
||||
p p BadCRLSignatureCACert.crt
|
||||
f f BadSignedCACert.crt
|
||||
p f BadnotAfterDateCACert.crt
|
||||
|
||||
# UTC: "470101120100Z" i.e. not before 2047-01-01
|
||||
p f BadnotBeforeDateCACert.crt
|
||||
|
||||
p p BasicSelfIssuedCRLSigningKeyCACert.crt
|
||||
|
||||
# For yet unknown reasons gpgsm claims a bad signature.
|
||||
? ? BasicSelfIssuedCRLSigningKeyCRLCert.crt
|
||||
|
||||
p p BasicSelfIssuedNewKeyCACert.crt
|
||||
|
||||
# For yet unknown reasons gpgsm claims a bad signature.
|
||||
? ? BasicSelfIssuedNewKeyOldWithNewCACert.crt
|
||||
|
||||
p p BasicSelfIssuedOldKeyCACert.crt
|
||||
|
||||
# For yet unknown reasons gpgsm claims a bad signature.
|
||||
? ? BasicSelfIssuedOldKeyNewWithOldCACert.crt
|
||||
|
||||
p p CPSPointerQualifierTest20EE.crt
|
||||
|
||||
u u DSACACert.crt
|
||||
u u DSAParametersInheritedCACert.crt
|
||||
|
||||
p p DifferentPoliciesTest12EE.crt
|
||||
p p DifferentPoliciesTest3EE.crt
|
||||
p p DifferentPoliciesTest4EE.crt
|
||||
p p DifferentPoliciesTest5EE.crt
|
||||
p p DifferentPoliciesTest7EE.crt
|
||||
p p DifferentPoliciesTest8EE.crt
|
||||
p p DifferentPoliciesTest9EE.crt
|
||||
p p GeneralizedTimeCRLnextUpdateCACert.crt
|
||||
p p GoodCACert.crt
|
||||
p p GoodsubCACert.crt
|
||||
|
||||
# gpgsm: critical certificate extension 2.5.29.33 (policyMappings)
|
||||
# is not supported
|
||||
p u GoodsubCAPanyPolicyMapping1to2CACert.crt
|
||||
|
||||
# fixme: gpgme does not fail for it.
|
||||
p f InvalidBadCRLIssuerNameTest5EE.crt
|
||||
|
||||
p f InvalidBadCRLSignatureTest4EE.crt
|
||||
p f InvalidBasicSelfIssuedCRLSigningKeyTest7EE.crt
|
||||
|
||||
f f InvalidBasicSelfIssuedCRLSigningKeyTest8EE.crt
|
||||
|
||||
p f InvalidBasicSelfIssuedNewWithOldTest5EE.crt
|
||||
|
||||
f f InvalidBasicSelfIssuedOldWithNewTest2EE.crt
|
||||
|
||||
p f InvalidCASignatureTest2EE.crt
|
||||
|
||||
p f InvalidCAnotAfterDateTest5EE.crt
|
||||
p f InvalidCAnotBeforeDateTest1EE.crt
|
||||
p f InvalidDNSnameConstraintsTest31EE.crt
|
||||
p f InvalidDNSnameConstraintsTest33EE.crt
|
||||
p f InvalidDNSnameConstraintsTest38EE.crt
|
||||
p f InvalidDNandRFC822nameConstraintsTest28EE.crt
|
||||
p f InvalidDNandRFC822nameConstraintsTest29EE.crt
|
||||
p f InvalidDNnameConstraintsTest10EE.crt
|
||||
p f InvalidDNnameConstraintsTest12EE.crt
|
||||
p f InvalidDNnameConstraintsTest13EE.crt
|
||||
p f InvalidDNnameConstraintsTest15EE.crt
|
||||
p f InvalidDNnameConstraintsTest16EE.crt
|
||||
p f InvalidDNnameConstraintsTest17EE.crt
|
||||
|
||||
f f InvalidDNnameConstraintsTest20EE.crt
|
||||
|
||||
p f InvalidDNnameConstraintsTest2EE.crt
|
||||
p f InvalidDNnameConstraintsTest3EE.crt
|
||||
p f InvalidDNnameConstraintsTest7EE.crt
|
||||
p f InvalidDNnameConstraintsTest8EE.crt
|
||||
p f InvalidDNnameConstraintsTest9EE.crt
|
||||
|
||||
u u InvalidDSASignatureTest6EE.crt
|
||||
|
||||
f f InvalidEESignatureTest3EE.crt
|
||||
|
||||
p f InvalidEEnotAfterDateTest6EE.crt
|
||||
p f InvalidEEnotBeforeDateTest2EE.crt
|
||||
p f InvalidIDPwithindirectCRLTest23EE.crt
|
||||
p f InvalidIDPwithindirectCRLTest26EE.crt
|
||||
p f InvalidLongSerialNumberTest18EE.crt
|
||||
p f InvalidMappingFromanyPolicyTest7EE.crt
|
||||
p f InvalidMappingToanyPolicyTest8EE.crt
|
||||
p f InvalidMissingCRLTest1EE.crt
|
||||
p f InvalidMissingbasicConstraintsTest1EE.crt
|
||||
p f InvalidNameChainingOrderTest2EE.crt
|
||||
p f InvalidNameChainingTest1EE.crt
|
||||
p f InvalidNegativeSerialNumberTest15EE.crt
|
||||
p f InvalidOldCRLnextUpdateTest11EE.crt
|
||||
p f InvalidPolicyMappingTest10EE.crt
|
||||
p f InvalidPolicyMappingTest2EE.crt
|
||||
p f InvalidPolicyMappingTest4EE.crt
|
||||
p f InvalidRFC822nameConstraintsTest22EE.crt
|
||||
p f InvalidRFC822nameConstraintsTest24EE.crt
|
||||
p f InvalidRFC822nameConstraintsTest26EE.crt
|
||||
p f InvalidRevokedCATest2EE.crt
|
||||
p f InvalidRevokedEETest3EE.crt
|
||||
|
||||
f f InvalidSelfIssuedinhibitAnyPolicyTest10EE.crt
|
||||
|
||||
p f InvalidSelfIssuedinhibitAnyPolicyTest8EE.crt
|
||||
p f InvalidSelfIssuedinhibitPolicyMappingTest10EE.crt
|
||||
p f InvalidSelfIssuedinhibitPolicyMappingTest11EE.crt
|
||||
p f InvalidSelfIssuedinhibitPolicyMappingTest8EE.crt
|
||||
p f InvalidSelfIssuedinhibitPolicyMappingTest9EE.crt
|
||||
p f InvalidSelfIssuedpathLenConstraintTest16EE.crt
|
||||
p f InvalidSelfIssuedrequireExplicitPolicyTest7EE.crt
|
||||
p f InvalidSelfIssuedrequireExplicitPolicyTest8EE.crt
|
||||
|
||||
f f InvalidSeparateCertificateandCRLKeysTest20EE.crt
|
||||
f f InvalidSeparateCertificateandCRLKeysTest21EE.crt
|
||||
|
||||
p f InvalidURInameConstraintsTest35EE.crt
|
||||
p f InvalidURInameConstraintsTest37EE.crt
|
||||
p f InvalidUnknownCRLEntryExtensionTest8EE.crt
|
||||
p f InvalidUnknownCRLExtensionTest10EE.crt
|
||||
p f InvalidUnknownCRLExtensionTest9EE.crt
|
||||
p f InvalidUnknownCriticalCertificateExtensionTest2EE.crt
|
||||
p f InvalidWrongCRLTest6EE.crt
|
||||
p f InvalidcAFalseTest2EE.crt
|
||||
p f InvalidcAFalseTest3EE.crt
|
||||
p f InvalidcRLIssuerTest27EE.crt
|
||||
p f InvalidcRLIssuerTest31EE.crt
|
||||
p f InvalidcRLIssuerTest32EE.crt
|
||||
p f InvalidcRLIssuerTest34EE.crt
|
||||
p f InvalidcRLIssuerTest35EE.crt
|
||||
p f InvaliddeltaCRLIndicatorNoBaseTest1EE.crt
|
||||
p f InvaliddeltaCRLTest10EE.crt
|
||||
p f InvaliddeltaCRLTest3EE.crt
|
||||
p f InvaliddeltaCRLTest4EE.crt
|
||||
p f InvaliddeltaCRLTest6EE.crt
|
||||
p f InvaliddeltaCRLTest9EE.crt
|
||||
p f InvaliddistributionPointTest2EE.crt
|
||||
p f InvaliddistributionPointTest3EE.crt
|
||||
p f InvaliddistributionPointTest6EE.crt
|
||||
p f InvaliddistributionPointTest8EE.crt
|
||||
p f InvaliddistributionPointTest9EE.crt
|
||||
p f InvalidinhibitAnyPolicyTest1EE.crt
|
||||
p f InvalidinhibitAnyPolicyTest4EE.crt
|
||||
p f InvalidinhibitAnyPolicyTest5EE.crt
|
||||
p f InvalidinhibitAnyPolicyTest6EE.crt
|
||||
p f InvalidinhibitPolicyMappingTest1EE.crt
|
||||
p f InvalidinhibitPolicyMappingTest3EE.crt
|
||||
p f InvalidinhibitPolicyMappingTest5EE.crt
|
||||
p f InvalidinhibitPolicyMappingTest6EE.crt
|
||||
p f InvalidkeyUsageCriticalcRLSignFalseTest4EE.crt
|
||||
p f InvalidkeyUsageCriticalkeyCertSignFalseTest1EE.crt
|
||||
p f InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.crt
|
||||
p f InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE.crt
|
||||
p f InvalidonlyContainsAttributeCertsTest14EE.crt
|
||||
p f InvalidonlyContainsCACertsTest12EE.crt
|
||||
p f InvalidonlyContainsUserCertsTest11EE.crt
|
||||
p f InvalidonlySomeReasonsTest15EE.crt
|
||||
p f InvalidonlySomeReasonsTest16EE.crt
|
||||
p f InvalidonlySomeReasonsTest17EE.crt
|
||||
p f InvalidonlySomeReasonsTest20EE.crt
|
||||
p f InvalidonlySomeReasonsTest21EE.crt
|
||||
p f InvalidpathLenConstraintTest10EE.crt
|
||||
p f InvalidpathLenConstraintTest11EE.crt
|
||||
p f InvalidpathLenConstraintTest12EE.crt
|
||||
p f InvalidpathLenConstraintTest5EE.crt
|
||||
p f InvalidpathLenConstraintTest6EE.crt
|
||||
p f InvalidpathLenConstraintTest9EE.crt
|
||||
p f Invalidpre2000CRLnextUpdateTest12EE.crt
|
||||
p f Invalidpre2000UTCEEnotAfterDateTest7EE.crt
|
||||
p f InvalidrequireExplicitPolicyTest3EE.crt
|
||||
p f InvalidrequireExplicitPolicyTest5EE.crt
|
||||
p p LongSerialNumberCACert.crt
|
||||
p p Mapping1to2CACert.crt
|
||||
p p MappingFromanyPolicyCACert.crt
|
||||
p p MappingToanyPolicyCACert.crt
|
||||
p p MissingbasicConstraintsCACert.crt
|
||||
p p NameOrderingCACert.crt
|
||||
p p NegativeSerialNumberCACert.crt
|
||||
p p NoCRLCACert.crt
|
||||
p p NoPoliciesCACert.crt
|
||||
p p NoissuingDistributionPointCACert.crt
|
||||
p p OldCRLnextUpdateCACert.crt
|
||||
p p OverlappingPoliciesTest6EE.crt
|
||||
p p P12Mapping1to3CACert.crt
|
||||
p p P12Mapping1to3subCACert.crt
|
||||
p p P12Mapping1to3subsubCACert.crt
|
||||
p p P1Mapping1to234CACert.crt
|
||||
p p P1Mapping1to234subCACert.crt
|
||||
p p P1anyPolicyMapping1to2CACert.crt
|
||||
p p PanyPolicyMapping1to2CACert.crt
|
||||
p p PoliciesP1234CACert.crt
|
||||
p p PoliciesP1234subCAP123Cert.crt
|
||||
p p PoliciesP1234subsubCAP123P12Cert.crt
|
||||
p p PoliciesP123CACert.crt
|
||||
p p PoliciesP123subCAP12Cert.crt
|
||||
p p PoliciesP123subsubCAP12P1Cert.crt
|
||||
p p PoliciesP123subsubCAP12P2Cert.crt
|
||||
p p PoliciesP123subsubsubCAP12P2P1Cert.crt
|
||||
p p PoliciesP12CACert.crt
|
||||
p p PoliciesP12subCAP1Cert.crt
|
||||
p p PoliciesP12subsubCAP1P2Cert.crt
|
||||
p p PoliciesP2subCA2Cert.crt
|
||||
p p PoliciesP2subCACert.crt
|
||||
p p PoliciesP3CACert.crt
|
||||
p p RFC3280MandatoryAttributeTypesCACert.crt
|
||||
p p RFC3280OptionalAttributeTypesCACert.crt
|
||||
p p RevokedsubCACert.crt
|
||||
p p RolloverfromPrintableStringtoUTF8StringCACert.crt
|
||||
p p SeparateCertificateandCRLKeysCA2CRLSigningCert.crt
|
||||
p p SeparateCertificateandCRLKeysCA2CertificateSigningCACert.crt
|
||||
p p SeparateCertificateandCRLKeysCRLSigningCert.crt
|
||||
p p SeparateCertificateandCRLKeysCertificateSigningCACert.crt
|
||||
p p TwoCRLsCACert.crt
|
||||
p p UIDCACert.crt
|
||||
p p UTF8StringCaseInsensitiveMatchCACert.crt
|
||||
p p UTF8StringEncodedNamesCACert.crt
|
||||
p p UnknownCRLEntryExtensionCACert.crt
|
||||
p p UnknownCRLExtensionCACert.crt
|
||||
p p UserNoticeQualifierTest15EE.crt
|
||||
p p UserNoticeQualifierTest16EE.crt
|
||||
p p UserNoticeQualifierTest17EE.crt
|
||||
p p UserNoticeQualifierTest18EE.crt
|
||||
p p UserNoticeQualifierTest19EE.crt
|
||||
p p ValidBasicSelfIssuedCRLSigningKeyTest6EE.crt
|
||||
|
||||
# For yet unknown reasons gpgsm claims a bad signature.
|
||||
? ? ValidBasicSelfIssuedNewWithOldTest3EE.crt
|
||||
|
||||
p p ValidBasicSelfIssuedNewWithOldTest4EE.crt
|
||||
|
||||
# For yet unknown reasons gpgsm claims a bad signature.
|
||||
? ? ValidBasicSelfIssuedOldWithNewTest1EE.crt
|
||||
|
||||
p p ValidCertificatePathTest1EE.crt
|
||||
p p ValidDNSnameConstraintsTest30EE.crt
|
||||
p p ValidDNSnameConstraintsTest32EE.crt
|
||||
p p ValidDNandRFC822nameConstraintsTest27EE.crt
|
||||
p p ValidDNnameConstraintsTest11EE.crt
|
||||
|
||||
# This certificate has an empty subject sequence. Our parser does not
|
||||
# support this yet and it is unlikely that gpgsm will be able to cope
|
||||
# with it at all.
|
||||
u u ValidDNnameConstraintsTest14EE.crt
|
||||
|
||||
p p ValidDNnameConstraintsTest18EE.crt
|
||||
|
||||
# For yet unknown reasons gpgsm claims a bad signature.
|
||||
? ? ValidDNnameConstraintsTest19EE.crt
|
||||
|
||||
p p ValidDNnameConstraintsTest1EE.crt
|
||||
p p ValidDNnameConstraintsTest4EE.crt
|
||||
p p ValidDNnameConstraintsTest5EE.crt
|
||||
p p ValidDNnameConstraintsTest6EE.crt
|
||||
|
||||
u p ValidDSAParameterInheritanceTest5EE.crt
|
||||
u p ValidDSASignaturesTest4EE.crt
|
||||
|
||||
p p ValidGeneralizedTimeCRLnextUpdateTest13EE.crt
|
||||
p p ValidGeneralizedTimenotAfterDateTest8EE.crt
|
||||
p p ValidGeneralizedTimenotBeforeDateTest4EE.crt
|
||||
p p ValidIDPwithindirectCRLTest22EE.crt
|
||||
p p ValidIDPwithindirectCRLTest24EE.crt
|
||||
p p ValidIDPwithindirectCRLTest25EE.crt
|
||||
p p ValidLongSerialNumberTest16EE.crt
|
||||
p p ValidLongSerialNumberTest17EE.crt
|
||||
p p ValidNameChainingCapitalizationTest5EE.crt
|
||||
p p ValidNameChainingWhitespaceTest3EE.crt
|
||||
p p ValidNameChainingWhitespaceTest4EE.crt
|
||||
p p ValidNameUIDsTest6EE.crt
|
||||
p p ValidNegativeSerialNumberTest14EE.crt
|
||||
p p ValidNoissuingDistributionPointTest10EE.crt
|
||||
p p ValidPolicyMappingTest11EE.crt
|
||||
p p ValidPolicyMappingTest12EE.crt
|
||||
p p ValidPolicyMappingTest13EE.crt
|
||||
p p ValidPolicyMappingTest14EE.crt
|
||||
p p ValidPolicyMappingTest1EE.crt
|
||||
p p ValidPolicyMappingTest3EE.crt
|
||||
p p ValidPolicyMappingTest5EE.crt
|
||||
p p ValidPolicyMappingTest6EE.crt
|
||||
p p ValidPolicyMappingTest9EE.crt
|
||||
p p ValidRFC3280MandatoryAttributeTypesTest7EE.crt
|
||||
p p ValidRFC3280OptionalAttributeTypesTest8EE.crt
|
||||
p p ValidRFC822nameConstraintsTest21EE.crt
|
||||
p p ValidRFC822nameConstraintsTest23EE.crt
|
||||
p p ValidRFC822nameConstraintsTest25EE.crt
|
||||
p p ValidRolloverfromPrintableStringtoUTF8StringTest10EE.crt
|
||||
p p ValidSelfIssuedinhibitAnyPolicyTest7EE.crt
|
||||
p p ValidSelfIssuedinhibitAnyPolicyTest9EE.crt
|
||||
p p ValidSelfIssuedinhibitPolicyMappingTest7EE.crt
|
||||
|
||||
# For yet unknown reasons gpgsm claims a bad signature.
|
||||
? ? ValidSelfIssuedpathLenConstraintTest15EE.crt
|
||||
|
||||
p p ValidSelfIssuedpathLenConstraintTest17EE.crt
|
||||
|
||||
# For yet unknown reasons gpgsm claims a bad signature.
|
||||
? ? ValidSelfIssuedrequireExplicitPolicyTest6EE.crt
|
||||
|
||||
# For yet unknown reasons gpgsm claims a bad signature.
|
||||
? ? ValidSeparateCertificateandCRLKeysTest19EE.crt
|
||||
|
||||
p p ValidTwoCRLsTest7EE.crt
|
||||
p p ValidURInameConstraintsTest34EE.crt
|
||||
p p ValidURInameConstraintsTest36EE.crt
|
||||
p p ValidUTF8StringCaseInsensitiveMatchTest11EE.crt
|
||||
p p ValidUTF8StringEncodedNamesTest9EE.crt
|
||||
p p ValidUnknownNotCriticalCertificateExtensionTest1EE.crt
|
||||
p p ValidbasicConstraintsNotCriticalTest4EE.crt
|
||||
p p ValidcRLIssuerTest28EE.crt
|
||||
p p ValidcRLIssuerTest29EE.crt
|
||||
p p ValidcRLIssuerTest30EE.crt
|
||||
p p ValidcRLIssuerTest33EE.crt
|
||||
p p ValiddeltaCRLTest2EE.crt
|
||||
p p ValiddeltaCRLTest5EE.crt
|
||||
p p ValiddeltaCRLTest7EE.crt
|
||||
p p ValiddeltaCRLTest8EE.crt
|
||||
p p ValiddistributionPointTest1EE.crt
|
||||
p p ValiddistributionPointTest4EE.crt
|
||||
p p ValiddistributionPointTest5EE.crt
|
||||
p p ValiddistributionPointTest7EE.crt
|
||||
p p ValidinhibitAnyPolicyTest2EE.crt
|
||||
p p ValidinhibitPolicyMappingTest2EE.crt
|
||||
p p ValidinhibitPolicyMappingTest4EE.crt
|
||||
p p ValidkeyUsageNotCriticalTest3EE.crt
|
||||
p p ValidonlyContainsCACertsTest13EE.crt
|
||||
p p ValidonlySomeReasonsTest18EE.crt
|
||||
p p ValidonlySomeReasonsTest19EE.crt
|
||||
p p ValidpathLenConstraintTest13EE.crt
|
||||
p p ValidpathLenConstraintTest14EE.crt
|
||||
p p ValidpathLenConstraintTest7EE.crt
|
||||
p p ValidpathLenConstraintTest8EE.crt
|
||||
p p Validpre2000UTCnotBeforeDateTest3EE.crt
|
||||
p p ValidrequireExplicitPolicyTest1EE.crt
|
||||
p p ValidrequireExplicitPolicyTest2EE.crt
|
||||
p p ValidrequireExplicitPolicyTest4EE.crt
|
||||
p p WrongCRLCACert.crt
|
||||
p p anyPolicyCACert.crt
|
||||
p p basicConstraintsCriticalcAFalseCACert.crt
|
||||
p p basicConstraintsNotCriticalCACert.crt
|
||||
p p basicConstraintsNotCriticalcAFalseCACert.crt
|
||||
p p deltaCRLCA1Cert.crt
|
||||
p p deltaCRLCA2Cert.crt
|
||||
p p deltaCRLCA3Cert.crt
|
||||
p p deltaCRLIndicatorNoBaseCACert.crt
|
||||
p p distributionPoint1CACert.crt
|
||||
p p distributionPoint2CACert.crt
|
||||
p p indirectCRLCA1Cert.crt
|
||||
p p indirectCRLCA2Cert.crt
|
||||
p p indirectCRLCA3Cert.crt
|
||||
p p indirectCRLCA3cRLIssuerCert.crt
|
||||
p p indirectCRLCA4Cert.crt
|
||||
p p indirectCRLCA4cRLIssuerCert.crt
|
||||
p p indirectCRLCA5Cert.crt
|
||||
p p indirectCRLCA6Cert.crt
|
||||
p p inhibitAnyPolicy0CACert.crt
|
||||
p p inhibitAnyPolicy1CACert.crt
|
||||
|
||||
# For yet unknown reasons gpgsm claims a bad signature.
|
||||
? ? inhibitAnyPolicy1SelfIssuedCACert.crt
|
||||
? ? inhibitAnyPolicy1SelfIssuedsubCA2Cert.crt
|
||||
|
||||
p p inhibitAnyPolicy1subCA1Cert.crt
|
||||
|
||||
# For yet unknown reasons gpgsm claims a bad signature.
|
||||
? ? inhibitAnyPolicy1subCA2Cert.crt
|
||||
|
||||
p p inhibitAnyPolicy1subCAIAP5Cert.crt
|
||||
p p inhibitAnyPolicy1subsubCA2Cert.crt
|
||||
p p inhibitAnyPolicy5CACert.crt
|
||||
p p inhibitAnyPolicy5subCACert.crt
|
||||
p p inhibitAnyPolicy5subsubCACert.crt
|
||||
p p inhibitAnyPolicyTest3EE.crt
|
||||
p p inhibitPolicyMapping0CACert.crt
|
||||
p p inhibitPolicyMapping0subCACert.crt
|
||||
p p inhibitPolicyMapping1P12CACert.crt
|
||||
p p inhibitPolicyMapping1P12subCACert.crt
|
||||
p p inhibitPolicyMapping1P12subCAIPM5Cert.crt
|
||||
p p inhibitPolicyMapping1P12subsubCACert.crt
|
||||
p p inhibitPolicyMapping1P12subsubCAIPM5Cert.crt
|
||||
p p inhibitPolicyMapping1P1CACert.crt
|
||||
|
||||
# For yet unknown reasons gpgsm claims a bad signature.
|
||||
? ? inhibitPolicyMapping1P1SelfIssuedCACert.crt
|
||||
? ? inhibitPolicyMapping1P1SelfIssuedsubCACert.crt
|
||||
? ? inhibitPolicyMapping1P1subCACert.crt
|
||||
|
||||
p p inhibitPolicyMapping1P1subsubCACert.crt
|
||||
p p inhibitPolicyMapping5CACert.crt
|
||||
p p inhibitPolicyMapping5subCACert.crt
|
||||
p p inhibitPolicyMapping5subsubCACert.crt
|
||||
p p inhibitPolicyMapping5subsubsubCACert.crt
|
||||
p p keyUsageCriticalcRLSignFalseCACert.crt
|
||||
p p keyUsageCriticalkeyCertSignFalseCACert.crt
|
||||
p p keyUsageNotCriticalCACert.crt
|
||||
p p keyUsageNotCriticalcRLSignFalseCACert.crt
|
||||
p p keyUsageNotCriticalkeyCertSignFalseCACert.crt
|
||||
p p nameConstraintsDN1CACert.crt
|
||||
|
||||
# For yet unknown reasons gpgsm claims a bad signature.
|
||||
? ? nameConstraintsDN1SelfIssuedCACert.crt
|
||||
|
||||
p p nameConstraintsDN1subCA1Cert.crt
|
||||
p p nameConstraintsDN1subCA2Cert.crt
|
||||
p p nameConstraintsDN1subCA3Cert.crt
|
||||
p p nameConstraintsDN2CACert.crt
|
||||
p p nameConstraintsDN3CACert.crt
|
||||
p p nameConstraintsDN3subCA1Cert.crt
|
||||
p p nameConstraintsDN3subCA2Cert.crt
|
||||
p p nameConstraintsDN4CACert.crt
|
||||
p p nameConstraintsDN5CACert.crt
|
||||
p p nameConstraintsDNS1CACert.crt
|
||||
p p nameConstraintsDNS2CACert.crt
|
||||
p p nameConstraintsRFC822CA1Cert.crt
|
||||
p p nameConstraintsRFC822CA2Cert.crt
|
||||
p p nameConstraintsRFC822CA3Cert.crt
|
||||
p p nameConstraintsURI1CACert.crt
|
||||
p p nameConstraintsURI2CACert.crt
|
||||
p p onlyContainsAttributeCertsCACert.crt
|
||||
p p onlyContainsCACertsCACert.crt
|
||||
p p onlyContainsUserCertsCACert.crt
|
||||
p p onlySomeReasonsCA1Cert.crt
|
||||
p p onlySomeReasonsCA2Cert.crt
|
||||
p p onlySomeReasonsCA3Cert.crt
|
||||
p p onlySomeReasonsCA4Cert.crt
|
||||
p p pathLenConstraint0CACert.crt
|
||||
|
||||
# For yet unknown reasons gpgsm claims a bad signature.
|
||||
? ? pathLenConstraint0SelfIssuedCACert.crt
|
||||
? ? pathLenConstraint0subCA2Cert.crt
|
||||
|
||||
p p pathLenConstraint0subCACert.crt
|
||||
p p pathLenConstraint1CACert.crt
|
||||
|
||||
# For yet unknown reasons gpgsm claims a bad signature.
|
||||
? ? pathLenConstraint1SelfIssuedCACert.crt
|
||||
? ? pathLenConstraint1SelfIssuedsubCACert.crt
|
||||
? ? pathLenConstraint1subCACert.crt
|
||||
|
||||
p p pathLenConstraint6CACert.crt
|
||||
p p pathLenConstraint6subCA0Cert.crt
|
||||
p p pathLenConstraint6subCA1Cert.crt
|
||||
p p pathLenConstraint6subCA4Cert.crt
|
||||
p p pathLenConstraint6subsubCA00Cert.crt
|
||||
p p pathLenConstraint6subsubCA11Cert.crt
|
||||
p p pathLenConstraint6subsubCA41Cert.crt
|
||||
p p pathLenConstraint6subsubsubCA11XCert.crt
|
||||
p p pathLenConstraint6subsubsubCA41XCert.crt
|
||||
p p pre2000CRLnextUpdateCACert.crt
|
||||
p p requireExplicitPolicy0CACert.crt
|
||||
p p requireExplicitPolicy0subCACert.crt
|
||||
p p requireExplicitPolicy0subsubCACert.crt
|
||||
p p requireExplicitPolicy0subsubsubCACert.crt
|
||||
p p requireExplicitPolicy10CACert.crt
|
||||
p p requireExplicitPolicy10subCACert.crt
|
||||
p p requireExplicitPolicy10subsubCACert.crt
|
||||
p p requireExplicitPolicy10subsubsubCACert.crt
|
||||
p p requireExplicitPolicy2CACert.crt
|
||||
|
||||
# For yet unknown reasons gpgsm claims a bad signature.
|
||||
? ? requireExplicitPolicy2SelfIssuedCACert.crt
|
||||
? ? requireExplicitPolicy2SelfIssuedsubCACert.crt
|
||||
? ? requireExplicitPolicy2subCACert.crt
|
||||
|
||||
p p requireExplicitPolicy4CACert.crt
|
||||
p p requireExplicitPolicy4subCACert.crt
|
||||
p p requireExplicitPolicy4subsubCACert.crt
|
||||
p p requireExplicitPolicy4subsubsubCACert.crt
|
||||
p p requireExplicitPolicy5CACert.crt
|
||||
p p requireExplicitPolicy5subCACert.crt
|
||||
p p requireExplicitPolicy5subsubCACert.crt
|
||||
p p requireExplicitPolicy5subsubsubCACert.crt
|
||||
p p requireExplicitPolicy7CACert.crt
|
||||
p p requireExplicitPolicy7subCARE2Cert.crt
|
||||
p p requireExplicitPolicy7subsubCARE2RE4Cert.crt
|
||||
p p requireExplicitPolicy7subsubsubCARE2RE4Cert.crt
|
||||
|
94
tests/pkits/inittests
Executable file
94
tests/pkits/inittests
Executable file
@ -0,0 +1,94 @@
|
||||
#!/bin/sh
|
||||
# Copyright (C) 2004 Free Software Foundation, Inc. -*- sh -*-
|
||||
#
|
||||
# This file is free software; as a special exception the author gives
|
||||
# unlimited permission to copy and/or distribute it, with or without
|
||||
# modifications, as long as this notice is preserved.
|
||||
#
|
||||
# This file is distributed in the hope that it will be useful, but
|
||||
# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
|
||||
# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
||||
|
||||
set -e
|
||||
|
||||
|
||||
clean_files='
|
||||
ReadMe.txt pkits.ldif
|
||||
gpgsm.conf gpg-agent.conf trustlist.txt policies.txt pubring.kbx
|
||||
msg msg.sig msg.unsig
|
||||
'
|
||||
|
||||
[ -z "$srcdir" ] && srcdir=.
|
||||
[ -z "$GPGSM" ] && GPGSM=../../sm/gpgsm
|
||||
|
||||
if [ -f $srcdir/README ] \
|
||||
&& grep tests/pkits/README README >/dev/null 2>&1; then
|
||||
:
|
||||
else
|
||||
# During make distclean the Makefile has already been removed,
|
||||
# so we need this extra test.
|
||||
if ! grep gnupg-test-pkits-directory testdir.stamp >/dev/null 2>&1; then
|
||||
echo "inittests: please cd to the tests/pkits directory first" >&2
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ "$1" = "--clean" ]; then
|
||||
if [ -d private-keys-v1.d ]; then
|
||||
rm private-keys-v1.d/* 2>/dev/null || true
|
||||
rmdir private-keys-v1.d
|
||||
fi
|
||||
rm ${clean_files} testdir.stamp 2>/dev/null || true
|
||||
for i in certs certpairs crls pkcs12 smime; do
|
||||
if [ -d $i ]; then
|
||||
rm $i/* 2>/dev/null || true
|
||||
rmdir $i
|
||||
fi
|
||||
done
|
||||
exit 0
|
||||
fi
|
||||
|
||||
if [ "$GNUPGHOME" != "`pwd`" ]; then
|
||||
echo "inittests: please set GNUPGHOME to the tests/pkits directory" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ -n "$GPG_AGENT_INFO" ]; then
|
||||
echo "inittests: please unset GPG_AGENT_INFO" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if ! bunzip2 -c PKITS_data.tar.bz2 | tar xf - ; then
|
||||
echo "inittests: failed to untar the test data" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
||||
# A stamp file used with --clean
|
||||
echo gnupg-test-pkits-directory > testdir.stamp
|
||||
|
||||
|
||||
# Create the configuration scripts
|
||||
cat > gpgsm.conf <<EOF
|
||||
no-secmem-warning
|
||||
no-greeting
|
||||
batch
|
||||
disable-crl-checks
|
||||
agent-program ../../agent/gpg-agent
|
||||
EOF
|
||||
|
||||
# Fixme: we need to write a dummy pinentry program
|
||||
cat > gpg-agent.conf <<EOF
|
||||
no-grab
|
||||
EOF
|
||||
|
||||
# Mark the root CA trusted
|
||||
cat > trustlist.txt <<EOF
|
||||
# /CN=Trust Anchor/O=Test Certificates/C=US
|
||||
66:8A:47:56:A2:DC:88:FF:DA:B8:95:E1:3C:63:37:55:5F:0A:F7:BF S
|
||||
EOF
|
||||
|
||||
# Define the standard policies as NIST test-policy-1
|
||||
#cat >policies.txt <<EOF
|
||||
#2.16.840.1.101.3.2.1.48.1
|
||||
#EOF
|
4
tests/pkits/runtest
Executable file
4
tests/pkits/runtest
Executable file
@ -0,0 +1,4 @@
|
||||
#!/bin/sh
|
||||
[ -x "$1" ] && exec $1 $2
|
||||
exec sh $1 $2
|
||||
|
55
tests/pkits/validate-all-certs
Executable file
55
tests/pkits/validate-all-certs
Executable file
@ -0,0 +1,55 @@
|
||||
#!/bin/sh
|
||||
# validate-all-certs -*- sh -*-
|
||||
# Copyright (C) 2004 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is part of GnuPG.
|
||||
#
|
||||
# GnuPG is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# GnuPG is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
|
||||
|
||||
. ${srcdir:-.}/common.sh || exit 2
|
||||
|
||||
while read dummy flag name; do
|
||||
case $dummy in \#*) continue;; esac
|
||||
[ -z "$dummy" ] && continue;
|
||||
|
||||
if ${GPGSM} -q --import --with-validation --disable-crl-checks \
|
||||
certs/$name ; then
|
||||
if [ "$flag" = 'p' ]; then
|
||||
pass "validating certificate \`$name' succeeded"
|
||||
elif [ "$flag" = 'f' ]; then
|
||||
fail "validating certificate \`$name' succeeded"
|
||||
elif [ "$flag" = '?' ]; then
|
||||
unresolved "validating certificate \`$name' succeeded"
|
||||
elif [ "$flag" = 'u' ]; then
|
||||
unsupported "validating certificate \`$name' succeeded"
|
||||
else
|
||||
info "validating certificate \`$name' succeeded - (flag=$flag)"
|
||||
fi
|
||||
else
|
||||
if [ "$flag" = 'p' ]; then
|
||||
fail "validating certificate \`$name' failed"
|
||||
elif [ "$flag" = 'f' ]; then
|
||||
pass "validating certificate \`$name' failed"
|
||||
elif [ "$flag" = '?' ]; then
|
||||
unresolved "validating certificate \`$name' failed"
|
||||
elif [ "$flag" = 'u' ]; then
|
||||
unsupported "validating certificate \`$name' failed"
|
||||
else
|
||||
info "validating certificate \`$name' failed - (flag=$flag)"
|
||||
fi
|
||||
fi
|
||||
done < $srcdir/import-all-certs.data
|
||||
|
||||
final_result
|
Loading…
x
Reference in New Issue
Block a user