|
Packit |
aea12f |
#!/bin/sh
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
# Copyright (C) 2006, 2008, 2010, 2012 Free Software Foundation, Inc.
|
|
Packit |
aea12f |
# Copyright (C) 2016, Red Hat, Inc.
|
|
Packit |
aea12f |
#
|
|
Packit |
aea12f |
# Author: Simon Josefsson, Nikos Mavrogiannopoulos
|
|
Packit |
aea12f |
#
|
|
Packit |
aea12f |
# This file is part of GnuTLS.
|
|
Packit |
aea12f |
#
|
|
Packit |
aea12f |
# GnuTLS is free software; you can redistribute it and/or modify it
|
|
Packit |
aea12f |
# under the terms of the GNU General Public License as published by the
|
|
Packit |
aea12f |
# Free Software Foundation; either version 3 of the License, or (at
|
|
Packit |
aea12f |
# your option) any later version.
|
|
Packit |
aea12f |
#
|
|
Packit |
aea12f |
# GnuTLS is distributed in the hope that it will be useful, but
|
|
Packit |
aea12f |
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit |
aea12f |
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit |
aea12f |
# General Public License for more details.
|
|
Packit |
aea12f |
#
|
|
Packit |
aea12f |
# You should have received a copy of the GNU General Public License
|
|
Packit |
aea12f |
# along with GnuTLS; if not, write to the Free Software Foundation,
|
|
Packit |
aea12f |
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
srcdir="${srcdir:-.}"
|
|
Packit |
aea12f |
CERTTOOL="${CERTTOOL:-../src/certtool${EXEEXT}}"
|
|
Packit |
aea12f |
TMPFILE1=rsa-md5.$$.tmp
|
|
Packit |
aea12f |
TMPFILE2=rsa-md5-2.$$.tmp
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if ! test -x "${CERTTOOL}"; then
|
|
Packit |
aea12f |
exit 77
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
. ${srcdir}/scripts/common.sh
|
|
Packit |
aea12f |
check_for_datefudge
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
# Disable leak detection
|
|
Packit |
aea12f |
ASAN_OPTIONS="detect_leaks=0"
|
|
Packit |
aea12f |
export ASAN_OPTIONS
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
datefudge -s "2006-10-1" \
|
|
Packit |
aea12f |
"${CERTTOOL}" --verify-chain --outfile "$TMPFILE1" --infile "${srcdir}/rsa-md5-collision/colliding-chain-md5-1.pem"
|
|
Packit |
aea12f |
if test $? = 0;then
|
|
Packit |
aea12f |
echo "Verification on chain1 succeeded"
|
|
Packit |
aea12f |
exit 1
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
grep 'Not verified.' $TMPFILE1| grep 'insecure algorithm'
|
|
Packit |
aea12f |
if test $? != 0;then
|
|
Packit |
aea12f |
echo "Output on chain1 doesn't match the expected"
|
|
Packit |
aea12f |
exit 1
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
datefudge -s "2006-10-1" \
|
|
Packit |
aea12f |
"${CERTTOOL}" --verify-chain --outfile "$TMPFILE2" --infile "${srcdir}/rsa-md5-collision/colliding-chain-md5-2.pem"
|
|
Packit |
aea12f |
if test $? = 0;then
|
|
Packit |
aea12f |
echo "Verification on chain2 succeeded"
|
|
Packit |
aea12f |
exit 1
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
grep 'Not verified.' $TMPFILE2| grep 'insecure algorithm'
|
|
Packit |
aea12f |
if test $? != 0;then
|
|
Packit |
aea12f |
echo "Output on chain2 doesn't match the expected"
|
|
Packit |
aea12f |
exit 1
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
rm -f $TMPFILE1 $TMPFILE2
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
# We're done.
|
|
Packit |
aea12f |
exit 0
|