Changes concering RFC 3820 (proxy certificates) integration:
- Enforce that there should be no policy settings when the language is one of id-ppl-independent or id-ppl-inheritAll. - Add functionality to ssltest.c so that it can process proxy rights and check that they are set correctly. Rights consist of ASCII letters, and the condition is a boolean expression that includes letters, parenthesis, &, | and ^. - Change the proxy certificate configurations so they get proxy rights that are understood by ssltest.c. - Add a script that tests proxy certificates with SSL operations. Other changes: - Change the copyright end year in mkerr.pl. - make update.
This commit is contained in:
Richard Levitte
@@ -289,8 +289,8 @@ test_ssl: keyU.ss certU.ss certCA.ss certP1.ss keyP1.ss certP2.ss keyP2.ss \
|
||||
intP1.ss intP2.ss
|
||||
@echo "test SSL protocol"
|
||||
@$(SET_SO_PATHS); sh ./testssl keyU.ss certU.ss certCA.ss
|
||||
@$(SET_SO_PATHS); sh ./testssl keyP1.ss certP1.ss intP1.ss
|
||||
@$(SET_SO_PATHS); sh ./testssl keyP2.ss certP2.ss intP2.ss
|
||||
@$(SET_SO_PATHS); sh ./testsslproxy keyP1.ss certP1.ss intP1.ss
|
||||
@$(SET_SO_PATHS); sh ./testsslproxy keyP2.ss certP2.ss intP2.ss
|
||||
|
||||
test_ca:
|
||||
@$(SET_SO_PATHS); if ../apps/openssl no-rsa; then \
|
||||
@@ -1039,20 +1039,21 @@ shatest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
|
||||
shatest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h shatest.c
|
||||
ssltest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
|
||||
ssltest.o: ../include/openssl/bn.h ../include/openssl/buffer.h
|
||||
ssltest.o: ../include/openssl/comp.h ../include/openssl/crypto.h
|
||||
ssltest.o: ../include/openssl/dh.h ../include/openssl/dsa.h
|
||||
ssltest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
|
||||
ssltest.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
|
||||
ssltest.o: ../include/openssl/engine.h ../include/openssl/err.h
|
||||
ssltest.o: ../include/openssl/evp.h ../include/openssl/kssl.h
|
||||
ssltest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
|
||||
ssltest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
|
||||
ssltest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
|
||||
ssltest.o: ../include/openssl/pem.h ../include/openssl/pem2.h
|
||||
ssltest.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
|
||||
ssltest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
|
||||
ssltest.o: ../include/openssl/sha.h ../include/openssl/ssl.h
|
||||
ssltest.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
|
||||
ssltest.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
|
||||
ssltest.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
|
||||
ssltest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssltest.c
|
||||
ssltest.o: ../include/openssl/comp.h ../include/openssl/conf.h
|
||||
ssltest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
|
||||
ssltest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
|
||||
ssltest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
|
||||
ssltest.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
|
||||
ssltest.o: ../include/openssl/err.h ../include/openssl/evp.h
|
||||
ssltest.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
|
||||
ssltest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
|
||||
ssltest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
|
||||
ssltest.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
|
||||
ssltest.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
|
||||
ssltest.o: ../include/openssl/rand.h ../include/openssl/rsa.h
|
||||
ssltest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
|
||||
ssltest.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
|
||||
ssltest.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
|
||||
ssltest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
|
||||
ssltest.o: ../include/openssl/tls1.h ../include/openssl/x509.h
|
||||
ssltest.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h ssltest.c
|
||||
|
||||
@@ -34,4 +34,4 @@ organizationName_value = Dodgy Brothers
|
||||
basicConstraints=CA:FALSE
|
||||
subjectKeyIdentifier=hash
|
||||
authorityKeyIdentifier=keyid,issuer:always
|
||||
proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:1,policy:text:foo
|
||||
proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:1,policy:text:AB
|
||||
|
||||
@@ -42,4 +42,4 @@ proxyCertInfo=critical,@proxy_ext
|
||||
[ proxy_ext ]
|
||||
language=id-ppl-anyLanguage
|
||||
pathlen=0
|
||||
policy=text:bar
|
||||
policy=text:BC
|
||||
|
||||
10
test/testsslproxy
Normal file
10
test/testsslproxy
Normal file
@@ -0,0 +1,10 @@
|
||||
#! /bin/sh
|
||||
|
||||
echo 'Testing a lot of proxy conditions.'
|
||||
echo 'Some of them may turn out being invalid, which is fine.'
|
||||
for auth in A B C BC; do
|
||||
for cond in A B C 'A|B&!C'; do
|
||||
sh ./testssl $1 $2 $3 "-proxy_auth $auth -proxy_cond $cond"
|
||||
if [ $? == 3 ]; then exit 1; fi
|
||||
done
|
||||
done
|
||||
Reference in New Issue
Block a user