|
Packit |
549fdc |
/*
|
|
Packit |
549fdc |
* Copyright (C) 2008-2012 Free Software Foundation, Inc.
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
* Author: Simon Josefsson
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
* This file is part of GnuTLS.
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
* GnuTLS is free software; you can redistribute it and/or modify it
|
|
Packit |
549fdc |
* under the terms of the GNU General Public License as published by
|
|
Packit |
549fdc |
* the Free Software Foundation; either version 3 of the License, or
|
|
Packit |
549fdc |
* (at your option) any later version.
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
* GnuTLS is distributed in the hope that it will be useful, but
|
|
Packit |
549fdc |
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit |
549fdc |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit |
549fdc |
* General Public License for more details.
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
* You should have received a copy of the GNU General Public License
|
|
Packit |
549fdc |
* along with GnuTLS; if not, write to the Free Software Foundation,
|
|
Packit |
549fdc |
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#ifdef HAVE_CONFIG_H
|
|
Packit |
549fdc |
#include <config.h>
|
|
Packit |
549fdc |
#endif
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#include <stdio.h>
|
|
Packit |
549fdc |
#include <stdlib.h>
|
|
Packit |
549fdc |
#include <string.h>
|
|
Packit |
549fdc |
#include <utils.h>
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#include <gnutls/gnutls.h>
|
|
Packit |
549fdc |
#include <gnutls/x509.h>
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* Don't add more chains to this file, this is for cve-2008-4989
|
|
Packit |
549fdc |
related chains only. See chainverify.c instead for a generic chain
|
|
Packit |
549fdc |
verification tester. */
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
static const char *pem_certs[] = {
|
|
Packit |
549fdc |
"-----BEGIN CERTIFICATE-----\n"
|
|
Packit |
549fdc |
"MIIB6zCCAVQCCQCgwnB/k0WZrDANBgkqhkiG9w0BAQUFADA9MQswCQYDVQQGEwJE\n"
|
|
Packit |
549fdc |
"RTEXMBUGA1UEChMOR05VIFRMUyBBdHRhY2sxFTATBgNVBAMTDGludGVybWVkaWF0\n"
|
|
Packit |
549fdc |
"ZTAeFw0wODExMDMxMjA1MDRaFw0wODEyMDMxMjA1MDRaMDcxCzAJBgNVBAYTAkRF\n"
|
|
Packit |
549fdc |
"MRcwFQYDVQQKEw5HTlUgVExTIEF0dGFjazEPMA0GA1UEAxMGc2VydmVyMIGfMA0G\n"
|
|
Packit |
549fdc |
"CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKdL9g5ErMLOLRCjiomZlNLhy0moWGaKIW\n"
|
|
Packit |
549fdc |
"aX6vyUIfh8d6FcArHoKoqhmX7ckvod50sOYPojQesDpl7gVaQNA6Ntr1VCcuNPef\n"
|
|
Packit |
549fdc |
"UKWtEwL0Qu9JbPnUoIYd7mAaqVQgFp6W6yzV/dp63LH4XSdzBMhpZ/EU6vZoE8Sv\n"
|
|
Packit |
549fdc |
"VLdqj5r6jwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAH4QRR7sZEbjW00tXYk/3O/Z\n"
|
|
Packit |
549fdc |
"96AxJNg0F78W5B68gaJrLJ7DTE2RTglscuEq1+2Jyb4AIziwXpYqxgwcP91QpH97\n"
|
|
Packit |
549fdc |
"XfwdXIcyjYvVLHiKmkQj2zJTY7MeyiEQQ2it8VstZG2fYmi2EiMZIEnyJ2JJ7bA7\n"
|
|
Packit |
549fdc |
"bF7pG7Cg3oEHUM0H5KUU\n" "-----END CERTIFICATE-----\n",
|
|
Packit |
549fdc |
"-----BEGIN CERTIFICATE-----\n"
|
|
Packit |
549fdc |
"MIICADCCAWmgAwIBAgIJAIZ4nkHQAqTFMA0GCSqGSIb3DQEBBQUAMDUxCzAJBgNV\n"
|
|
Packit |
549fdc |
"BAYTAkRFMRcwFQYDVQQKEw5HTlUgVExTIEF0dGFjazENMAsGA1UEAxMEcm9vdDAe\n"
|
|
Packit |
549fdc |
"Fw0wODExMDMxMjA0NDVaFw0wODEyMDMxMjA0NDVaMD0xCzAJBgNVBAYTAkRFMRcw\n"
|
|
Packit |
549fdc |
"FQYDVQQKEw5HTlUgVExTIEF0dGFjazEVMBMGA1UEAxMMaW50ZXJtZWRpYXRlMIGf\n"
|
|
Packit |
549fdc |
"MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDvBpW8sAhIuUmNvcBE6wv/q7MtM1Z9\n"
|
|
Packit |
549fdc |
"2I1SDL8eJ8I2nPg6BlCX+OIqNruynj8J7uPEQ04ZLwLxNXoyZa8057YFyrKLOvoj\n"
|
|
Packit |
549fdc |
"5IfBtidsLWYv6PO3qqHJXVvwGdS7PKMuUlsjucCRyXVgQ07ODF7piqoVFi9KD99w\n"
|
|
Packit |
549fdc |
"AU5+9plGrZNP/wIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUA\n"
|
|
Packit |
549fdc |
"A4GBAGPg+M+8MsB6zHN2o+jAtyqovrTTwmzVWEgfEH/aHC9+imGZRQ5lFNc2vdny\n"
|
|
Packit |
549fdc |
"AgaJ9/izO5S6Ibb5zUowN2WhoUJOVipuQa2m9AviOgheoU7tmANC9ylm/pRkKy/0\n"
|
|
Packit |
549fdc |
"n5UVzlKxDhRp/xBb7MWOw3KEQjiAf2Z3wCLcCPUqcJUdJC4v\n"
|
|
Packit |
549fdc |
"-----END CERTIFICATE-----\n",
|
|
Packit |
549fdc |
"-----BEGIN CERTIFICATE-----\n"
|
|
Packit |
549fdc |
"MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUF\n"
|
|
Packit |
549fdc |
"ADCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYG\n"
|
|
Packit |
549fdc |
"A1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UE\n"
|
|
Packit |
549fdc |
"CxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl\n"
|
|
Packit |
549fdc |
"IG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMDYx\n"
|
|
Packit |
549fdc |
"MTE3MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCBqTELMAkGA1UEBhMCVVMxFTAT\n"
|
|
Packit |
549fdc |
"BgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBT\n"
|
|
Packit |
549fdc |
"ZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJ\n"
|
|
Packit |
549fdc |
"bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNVBAMTFnRoYXd0\n"
|
|
Packit |
549fdc |
"ZSBQcmltYXJ5IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n"
|
|
Packit |
549fdc |
"AoIBAQCsoPD7gFnUnMekz52hWXMJEEUMDSxuaPFsW0hoSVk3/AszGcJ3f8wQ\n"
|
|
Packit |
549fdc |
"LZU0HObrTQmnHNK4yZc2AreJ1CRfBsDMRJSUjQJib+ta3RGNKJpchJAQeg29\n"
|
|
Packit |
549fdc |
"dGYvajig4tVUROsdB58Hum/u6f1OCyn1PoSgAfGcq/gcfomk6KHYcWUNo1F7\n"
|
|
Packit |
549fdc |
"7rzSImANuVud37r8UVsLr5iy6S7pBOhih94ryNdOwUxkHt3Ph1i6Sk/KaAcd\n"
|
|
Packit |
549fdc |
"HJ1KxtUvkcx8cXIcxcBn6zL9yZJclNqFwJu/U30rCfSMnZEfl2pSy94JNqR3\n"
|
|
Packit |
549fdc |
"2HuHUETVPm4pafs5SSYeCaWAe0At6+gnhcn+Yf1+5nyXHdWdAgMBAAGjQjBA\n"
|
|
Packit |
549fdc |
"MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBR7\n"
|
|
Packit |
549fdc |
"W0XPr87Lev0xkhpqtvNG61dIUDANBgkqhkiG9w0BAQUFAAOCAQEAeRHAS7OR\n"
|
|
Packit |
549fdc |
"tvzw6WfUDW5FvlXok9LOAz/t2iWwHVfLHjp2oEzsUHboZHIMpKnxuIvW1oeE\n"
|
|
Packit |
549fdc |
"uzLlQRHAd9mzYJ3rG9XRbkREqaYB7FViHXe4XI5ISXycO1cRrK1zN44veFyQ\n"
|
|
Packit |
549fdc |
"aEfZYGDm/Ac9IiAXxPcW6cTYcvnIc3zfFi8VqT79aie2oetaupgf1eNNZAqd\n"
|
|
Packit |
549fdc |
"E8hhuvU5HIe6uL17In/2/qxAeeWsEG89jxt5dovEN7MhGITlNgDrYyCZuen+\n"
|
|
Packit |
549fdc |
"MwS7QcjBAvlEYyCegc5C09Y/LHbTY5xZ3Y+m4Q6gLkH3LpVHz7z9M/P2C2F+\n"
|
|
Packit |
549fdc |
"fpErgUfCJzDupxBdN49cOSvkBPB7jVaMaA==\n"
|
|
Packit |
549fdc |
"-----END CERTIFICATE-----\n"
|
|
Packit |
549fdc |
};
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
static const char *pem_ca = {
|
|
Packit |
549fdc |
"-----BEGIN CERTIFICATE-----\n"
|
|
Packit |
549fdc |
"MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUF\n"
|
|
Packit |
549fdc |
"ADCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYG\n"
|
|
Packit |
549fdc |
"A1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UE\n"
|
|
Packit |
549fdc |
"CxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl\n"
|
|
Packit |
549fdc |
"IG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMDYx\n"
|
|
Packit |
549fdc |
"MTE3MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCBqTELMAkGA1UEBhMCVVMxFTAT\n"
|
|
Packit |
549fdc |
"BgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBT\n"
|
|
Packit |
549fdc |
"ZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJ\n"
|
|
Packit |
549fdc |
"bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNVBAMTFnRoYXd0\n"
|
|
Packit |
549fdc |
"ZSBQcmltYXJ5IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n"
|
|
Packit |
549fdc |
"AoIBAQCsoPD7gFnUnMekz52hWXMJEEUMDSxuaPFsW0hoSVk3/AszGcJ3f8wQ\n"
|
|
Packit |
549fdc |
"LZU0HObrTQmnHNK4yZc2AreJ1CRfBsDMRJSUjQJib+ta3RGNKJpchJAQeg29\n"
|
|
Packit |
549fdc |
"dGYvajig4tVUROsdB58Hum/u6f1OCyn1PoSgAfGcq/gcfomk6KHYcWUNo1F7\n"
|
|
Packit |
549fdc |
"7rzSImANuVud37r8UVsLr5iy6S7pBOhih94ryNdOwUxkHt3Ph1i6Sk/KaAcd\n"
|
|
Packit |
549fdc |
"HJ1KxtUvkcx8cXIcxcBn6zL9yZJclNqFwJu/U30rCfSMnZEfl2pSy94JNqR3\n"
|
|
Packit |
549fdc |
"2HuHUETVPm4pafs5SSYeCaWAe0At6+gnhcn+Yf1+5nyXHdWdAgMBAAGjQjBA\n"
|
|
Packit |
549fdc |
"MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBR7\n"
|
|
Packit |
549fdc |
"W0XPr87Lev0xkhpqtvNG61dIUDANBgkqhkiG9w0BAQUFAAOCAQEAeRHAS7OR\n"
|
|
Packit |
549fdc |
"tvzw6WfUDW5FvlXok9LOAz/t2iWwHVfLHjp2oEzsUHboZHIMpKnxuIvW1oeE\n"
|
|
Packit |
549fdc |
"uzLlQRHAd9mzYJ3rG9XRbkREqaYB7FViHXe4XI5ISXycO1cRrK1zN44veFyQ\n"
|
|
Packit |
549fdc |
"aEfZYGDm/Ac9IiAXxPcW6cTYcvnIc3zfFi8VqT79aie2oetaupgf1eNNZAqd\n"
|
|
Packit |
549fdc |
"E8hhuvU5HIe6uL17In/2/qxAeeWsEG89jxt5dovEN7MhGITlNgDrYyCZuen+\n"
|
|
Packit |
549fdc |
"MwS7QcjBAvlEYyCegc5C09Y/LHbTY5xZ3Y+m4Q6gLkH3LpVHz7z9M/P2C2F+\n"
|
|
Packit |
549fdc |
"fpErgUfCJzDupxBdN49cOSvkBPB7jVaMaA==\n"
|
|
Packit |
549fdc |
"-----END CERTIFICATE-----\n"
|
|
Packit |
549fdc |
};
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#define CHAIN_LENGTH (sizeof (pem_certs) / sizeof (pem_certs[0]))
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
static const char *pem_self_cert = {
|
|
Packit |
549fdc |
"-----BEGIN CERTIFICATE-----\n"
|
|
Packit |
549fdc |
"MIIDgjCCAmygAwIBAgIBADALBgkqhkiG9w0BAQUwSzELMAkGA1UEBhMCQlIxFDAS\n"
|
|
Packit |
549fdc |
"BgNVBAoTC01pbmFzIExpdnJlMSYwJAYDVQQDEx1UaGFkZXUgTGltYSBkZSBTb3V6\n"
|
|
Packit |
549fdc |
"YSBDYXNjYXJkbzAeFw0wODA1MzAxOTUzNDNaFw0wODExMjYxOTUzNDNaMEsxCzAJ\n"
|
|
Packit |
549fdc |
"BgNVBAYTAkJSMRQwEgYDVQQKEwtNaW5hcyBMaXZyZTEmMCQGA1UEAxMdVGhhZGV1\n"
|
|
Packit |
549fdc |
"IExpbWEgZGUgU291emEgQ2FzY2FyZG8wggEfMAsGCSqGSIb3DQEBAQOCAQ4AMIIB\n"
|
|
Packit |
549fdc |
"CQKCAQC4D934O6wrXJbMyu1w8gu6nN0aNUDGqrX9UgaB/4xVuYhPlhjH0z9Dqic9\n"
|
|
Packit |
549fdc |
"0pEZmyNCjQmzDSg/hnlY3fBG0i9Iel2oYn1UB4SdcJ2qGkLS87y2ZbMTS1oyMR7/\n"
|
|
Packit |
549fdc |
"y9l3WGEWqwgjIvOjGstcZo0rCIF8Qr21QGX22KWg2HXlMaZyA9bGtJ+L+x6f2hoo\n"
|
|
Packit |
549fdc |
"yIPCA30VMvIgHjOSPQJF3iJFE4Uxq1PQ65W91NyI6/bRKFOmFdCUJW8tqqvntYP8\n"
|
|
Packit |
549fdc |
"hEE08wGlKimFNv7CqZuRI8QuOnhZ7pBXkyvQpW8yHrORlOHxSjkNQKjddt92TCJb\n"
|
|
Packit |
549fdc |
"1q6eKv2CtCuDLgCuIy0Onr4U9n+hAgMBAAGjeDB2MA8GA1UdEwEB/wQFMAMBAf8w\n"
|
|
Packit |
549fdc |
"HgYDVR0RBBcwFYITbWFpbC5taW5hc2xpdnJlLm9yZzATBgNVHSUEDDAKBggrBgEF\n"
|
|
Packit |
549fdc |
"BQcDATAPBgNVHQ8BAf8EBQMDB6QAMB0GA1UdDgQWBBQ/5v42y0jBHUKEfqpPmr5a\n"
|
|
Packit |
549fdc |
"WsjCGjALBgkqhkiG9w0BAQUDggEBAC/WfO2yK3vM9bG0qFEj8sd0cWiapMhf5PtH\n"
|
|
Packit |
549fdc |
"jigcPb/OKqSFQVXpAdNiUclPRP79Ih3CuWiXfZ/CW0+k2Z8tyy6AnEQItWvoVh/b\n"
|
|
Packit |
549fdc |
"8lS7Ph/f9JUYHp2DtgsQWcNQbrUZOPFBu8J4MD6cDWG5Uxwl3YASg30ZdmMDNT8B\n"
|
|
Packit |
549fdc |
"HshYz0HUOAhYwVSI3J/f7LFhD5OpjSroHgE7wA9UJrerAp9f7e3e9D7kNQ8DlvLP\n"
|
|
Packit |
549fdc |
"kz6Jh+5M/xD3JO1yl+evaCp3LA+z4M2xiNvtzkAEgj3t6RaJ81Sh5XGiooDYZ14R\n"
|
|
Packit |
549fdc |
"DgEBYLTUfBYBPzoaahPEdG/f0kUjUBJ34fkBUSjJKURPTHJfDfA=\n"
|
|
Packit |
549fdc |
"-----END CERTIFICATE-----\n"
|
|
Packit |
549fdc |
};
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
int main(int argc, char *argv[])
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
int ret;
|
|
Packit |
549fdc |
gnutls_x509_crt_t certs[3];
|
|
Packit |
549fdc |
gnutls_x509_crt_t ca;
|
|
Packit |
549fdc |
gnutls_x509_crt_t self_cert;
|
|
Packit |
549fdc |
gnutls_datum_t tmp;
|
|
Packit |
549fdc |
size_t i;
|
|
Packit |
549fdc |
unsigned int verify_status;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = global_init();
|
|
Packit |
549fdc |
if (ret != 0) {
|
|
Packit |
549fdc |
printf("%d: %s\n", ret, gnutls_strerror(ret));
|
|
Packit |
549fdc |
return EXIT_FAILURE;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
for (i = 0; i < CHAIN_LENGTH; i++) {
|
|
Packit |
549fdc |
ret = gnutls_x509_crt_init(&certs[i]);
|
|
Packit |
549fdc |
if (ret < 0) {
|
|
Packit |
549fdc |
fprintf(stderr, "gnutls_x509_crt_init[%d]: %s",
|
|
Packit |
549fdc |
(int) i, gnutls_strerror(ret));
|
|
Packit |
549fdc |
exit(1);
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
tmp.data = (unsigned char *) pem_certs[i];
|
|
Packit |
549fdc |
tmp.size = strlen(pem_certs[i]);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret =
|
|
Packit |
549fdc |
gnutls_x509_crt_import(certs[i], &tmp,
|
|
Packit |
549fdc |
GNUTLS_X509_FMT_PEM);
|
|
Packit |
549fdc |
if (ret < 0) {
|
|
Packit |
549fdc |
fprintf(stderr, "gnutls_x509_crt_import[%d]: %s",
|
|
Packit |
549fdc |
(int) i, gnutls_strerror(ret));
|
|
Packit |
549fdc |
exit(1);
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = gnutls_x509_crt_init(&ca);
|
|
Packit |
549fdc |
if (ret < 0) {
|
|
Packit |
549fdc |
fprintf(stderr, "gnutls_x509_crt_init: %s",
|
|
Packit |
549fdc |
gnutls_strerror(ret));
|
|
Packit |
549fdc |
exit(1);
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
tmp.data = (unsigned char *) pem_ca;
|
|
Packit |
549fdc |
tmp.size = strlen(pem_ca);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = gnutls_x509_crt_import(ca, &tmp, GNUTLS_X509_FMT_PEM);
|
|
Packit |
549fdc |
if (ret < 0) {
|
|
Packit |
549fdc |
fprintf(stderr, "gnutls_x509_crt_import: %s",
|
|
Packit |
549fdc |
gnutls_strerror(ret));
|
|
Packit |
549fdc |
exit(1);
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = gnutls_x509_crt_list_verify(certs, CHAIN_LENGTH,
|
|
Packit |
549fdc |
&ca, 1,
|
|
Packit |
549fdc |
NULL, 0,
|
|
Packit |
549fdc |
GNUTLS_VERIFY_DISABLE_TIME_CHECKS|GNUTLS_VERIFY_ALLOW_BROKEN,
|
|
Packit |
549fdc |
&verify_status);
|
|
Packit |
549fdc |
if (ret < 0) {
|
|
Packit |
549fdc |
fprintf(stderr, "gnutls_x509_crt_list_verify[%d]: %s",
|
|
Packit |
549fdc |
(int) i, gnutls_strerror(ret));
|
|
Packit |
549fdc |
exit(1);
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
if (verify_status !=
|
|
Packit |
549fdc |
(GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID)) {
|
|
Packit |
549fdc |
fprintf(stderr, "verify_status: %d", verify_status);
|
|
Packit |
549fdc |
exit(1);
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
gnutls_x509_crt_deinit(ca);
|
|
Packit |
549fdc |
for (i = 0; i < CHAIN_LENGTH; i++)
|
|
Packit |
549fdc |
gnutls_x509_crt_deinit(certs[i]);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* Also test chain length of 1, since the initial patch to solve the
|
|
Packit |
549fdc |
problem caused a crash in this situation. */
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = gnutls_x509_crt_init(&self_cert);
|
|
Packit |
549fdc |
if (ret < 0) {
|
|
Packit |
549fdc |
fprintf(stderr, "gnutls_x509_crt_init: %s",
|
|
Packit |
549fdc |
gnutls_strerror(ret));
|
|
Packit |
549fdc |
exit(1);
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
tmp.data = (unsigned char *) pem_self_cert;
|
|
Packit |
549fdc |
tmp.size = strlen(pem_self_cert);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = gnutls_x509_crt_import(self_cert, &tmp, GNUTLS_X509_FMT_PEM);
|
|
Packit |
549fdc |
if (ret < 0) {
|
|
Packit |
549fdc |
fprintf(stderr, "gnutls_x509_crt_import: %s",
|
|
Packit |
549fdc |
gnutls_strerror(ret));
|
|
Packit |
549fdc |
exit(1);
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
ret = gnutls_x509_crt_list_verify(&self_cert, 1,
|
|
Packit |
549fdc |
&self_cert, 1,
|
|
Packit |
549fdc |
NULL, 0,
|
|
Packit |
549fdc |
GNUTLS_VERIFY_DISABLE_TIME_CHECKS,
|
|
Packit |
549fdc |
&verify_status);
|
|
Packit |
549fdc |
if (ret < 0) {
|
|
Packit |
549fdc |
fprintf(stderr, "gnutls_x509_crt_list_verify[%d]: %s",
|
|
Packit |
549fdc |
(int) i, gnutls_strerror(ret));
|
|
Packit |
549fdc |
exit(1);
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
if (verify_status != 0) {
|
|
Packit |
549fdc |
fprintf(stderr, "verify_status: %d", verify_status);
|
|
Packit |
549fdc |
exit(1);
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
gnutls_x509_crt_deinit(self_cert);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
gnutls_global_deinit();
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
return 0;
|
|
Packit |
549fdc |
}
|