Add tests for writting SAN to CSR
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
This commit is contained in:
parent
18904acc93
commit
8e83d3aaa9
3 changed files with 34 additions and 10 deletions
|
@ -1003,7 +1003,7 @@ all_final += server1.req.sha256
|
|||
|
||||
server1.req.sha256.ext: server1.key
|
||||
# Generating this with OpenSSL as a comparison point to test we're getting the same result
|
||||
openssl req -new -out $@ -key $< -subj '/C=NL/O=PolarSSL/CN=PolarSSL Server 1' -sha256 -addext "extendedKeyUsage=serverAuth"
|
||||
openssl req -new -out $@ -key $< -subj '/C=NL/O=PolarSSL/CN=PolarSSL Server 1' -sha256 -addext "extendedKeyUsage=serverAuth" -addext "subjectAltName=URI:http://pki.example.com/,IP:127.1.1.0,DNS:example.com"
|
||||
all_final += server1.req.sha256.ext
|
||||
|
||||
server1.req.sha384: server1.key
|
||||
|
|
|
@ -1,17 +1,18 @@
|
|||
-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIICpzCCAY8CAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow
|
||||
MIIC3jCCAcYCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow
|
||||
GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
|
||||
ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ
|
||||
ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ
|
||||
HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF
|
||||
W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs
|
||||
FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/
|
||||
DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAmMCQGCSqGSIb3DQEJDjEX
|
||||
MBUwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAHi0yEGu
|
||||
Fh5tuLiLuT95UrRnly55+lTY9xchFiKtlcoEdSheybYxqk3JHuSSqojOFKZBlRdk
|
||||
oG6Azg56/aMHPWyvtCMSRQX4b+FgjeQsm9IfhYNMquQOxyPxm62vjuU3MfZIofXH
|
||||
hKdI6Ci2CDF4Fyvw50KBWniV38eE9+kjsvDLdXD3ESZJGhjjuFl8ReUiA2wdBTcP
|
||||
XEZaXUIc6B4tUnlPeqn/2zp4GBqqWzNZx6TXBpApASGG3BEJnM52FVPC7E9p+8YZ
|
||||
qIGuiF5Cz/rYZkpwffBWIfS2zZakHLm5TB8FgZkWlyReJU9Ihk2Tl/sZ1kllFdYa
|
||||
xLPnLCL82KFL1Co=
|
||||
DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaBdMFsGCSqGSIb3DQEJDjFO
|
||||
MEwwEwYDVR0lBAwwCgYIKwYBBQUHAwEwNQYDVR0RBC4wLIYXaHR0cDovL3BraS5l
|
||||
eGFtcGxlLmNvbS+HBH8BAQCCC2V4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4IB
|
||||
AQCGmTIXEUvTqwChkzRtxPIQDDchrMnCXgUrTSxre5nvUOpjVlcIIPGWAwxRovfe
|
||||
pW6OaGZ/3xD0dRAcOW08sTD6GRUazFrubPA1eZiNC7vYdWV59qm84N5yRR/s8Hm+
|
||||
okwI47m7W9C0pfaNXchgFUQBn16TrZxPXklbCpBJ/TFV+1ODY0sJPHYiCFpYI+Jz
|
||||
YuJmadP2BHucl8wv2RyVHywOmV1sDc74i9igVrBCAh8wu+kqImMtrnkGZDxrnj/L
|
||||
5P1eDfdqG2cN+s40RnMQMosh3UfqpNV/bTgAqBPP2uluT9L1KpWcjZeuvisOgVTq
|
||||
XwFI5s34fen2DUVw6MWNfbDK
|
||||
-----END CERTIFICATE REQUEST-----
|
||||
|
|
|
@ -152,6 +152,27 @@ void x509_csr_check(char *key_file, char *cert_req_check_file, int md_type,
|
|||
int der_len = -1;
|
||||
const char *subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1";
|
||||
mbedtls_test_rnd_pseudo_info rnd_info;
|
||||
mbedtls_x509_san_list san_ip;
|
||||
mbedtls_x509_san_list san_dns;
|
||||
mbedtls_x509_san_list san_uri;
|
||||
mbedtls_x509_san_list *san_list = NULL;
|
||||
const char san_ip_name[] = { 0x7f, 0x01, 0x01, 0x00 }; // 127.1.1.0
|
||||
const char *san_dns_name = "example.com";
|
||||
const char *san_uri_name = "http://pki.example.com/";
|
||||
|
||||
san_uri.node.type = MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER;
|
||||
san_uri.node.name = (char *) san_uri_name;
|
||||
san_uri.node.len = strlen(san_uri_name);
|
||||
san_uri.next = NULL;
|
||||
san_ip.node.type = MBEDTLS_X509_SAN_IP_ADDRESS;
|
||||
san_ip.node.name = (char *) san_ip_name;
|
||||
san_ip.node.len = sizeof(san_ip_name);
|
||||
san_ip.next = &san_uri;
|
||||
san_dns.node.type = MBEDTLS_X509_SAN_DNS_NAME;
|
||||
san_dns.node.name = (char *) san_dns_name;
|
||||
san_dns.node.len = strlen(san_dns_name);
|
||||
san_dns.next = &san_ip;
|
||||
san_list = &san_dns;
|
||||
|
||||
memset(&rnd_info, 0x2a, sizeof(mbedtls_test_rnd_pseudo_info));
|
||||
|
||||
|
@ -175,6 +196,8 @@ void x509_csr_check(char *key_file, char *cert_req_check_file, int md_type,
|
|||
if (set_extension != 0) {
|
||||
TEST_ASSERT(csr_set_extended_key_usage(&req, MBEDTLS_OID_SERVER_AUTH,
|
||||
MBEDTLS_OID_SIZE(MBEDTLS_OID_SERVER_AUTH)) == 0);
|
||||
|
||||
TEST_ASSERT(mbedtls_x509write_csr_set_subject_alternative_name(&req, san_list) == 0);
|
||||
}
|
||||
|
||||
ret = mbedtls_x509write_csr_pem(&req, buf, sizeof(buf),
|
||||
|
|
Loading…
Reference in a new issue