Merge pull request #861 from bkchr/verify_certificate

Implements `X509_verify_cert`
author: Steven Fackler <[email protected]> 2018-03-11 13:37:21 -0700
committer: GitHub <[email protected]> 2018-03-11 13:37:21 -0700
commit: 00359a1a55898629eb4b068ae68e9bc4e38740f9 (patch)
tree: 2dea94c87e87dfd062debcb0fcc777319d6b87c9 /openssl/src/x509/tests.rs
parent: Merge pull request #870 from sfackler/tweaks (diff)
parent: Changes `init` to take a closure which is called with the initialized context (diff)
download: rust-openssl-00359a1a55898629eb4b068ae68e9bc4e38740f9.tar.xz
rust-openssl-00359a1a55898629eb4b068ae68e9bc4e38740f9.zip
1 files changed, 35 insertions, 1 deletions
diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs
index 6f6b430a..e3c726ae 100644
--- a/openssl/src/x509/tests.rs
+++ b/openssl/src/x509/tests.rs
@@ -7,9 +7,10 @@ use nid::Nid;
 use pkey::{PKey, Private};
 use rsa::Rsa;
 use stack::Stack;
-use x509::{X509, X509Name, X509Req, X509VerifyResult};
+use x509::{X509, X509Name, X509Req, X509VerifyResult, X509StoreContext};
 use x509::extension::{AuthorityKeyIdentifier, BasicConstraints, ExtendedKeyUsage, KeyUsage,
                       SubjectAlternativeName, SubjectKeyIdentifier};
+use x509::store::X509StoreBuilder;
 
 fn pkey() -> PKey<Private> {
     let rsa = Rsa::generate(2048).unwrap();
@@ -291,3 +292,36 @@ fn clone_x509() {
     let cert = X509::from_pem(cert).unwrap();
     cert.clone();
 }
+
+#[test]
+fn test_verify_cert() {
+    let cert = include_bytes!("../../test/cert.pem");
+    let cert = X509::from_pem(cert).unwrap();
+    let ca = include_bytes!("../../test/root-ca.pem");
+    let ca = X509::from_pem(ca).unwrap();
+    let chain = Stack::new().unwrap();
+
+    let mut store_bldr = X509StoreBuilder::new().unwrap();
+    store_bldr.add_cert(ca).unwrap();
+    let store = store_bldr.build();
+
+    let mut context = X509StoreContext::new().unwrap();
+    assert!(context.init(&store, &cert, &chain, |c| c.verify_cert()).is_ok());
+    assert!(context.init(&store, &cert, &chain, |c| c.verify_cert()).is_ok());
+}
+
+#[test]
+fn test_verify_fails() {
+    let cert = include_bytes!("../../test/cert.pem");
+    let cert = X509::from_pem(cert).unwrap();
+    let ca = include_bytes!("../../test/alt_name_cert.pem");
+    let ca = X509::from_pem(ca).unwrap();
+    let chain = Stack::new().unwrap();
+
+    let mut store_bldr = X509StoreBuilder::new().unwrap();
+    store_bldr.add_cert(ca).unwrap();
+    let store = store_bldr.build();
+
+    let mut context = X509StoreContext::new().unwrap();
+    assert!(context.init(&store, &cert, &chain, |c| c.verify_cert()).is_err());
+}
author	Steven Fackler <[email protected]>	2018-03-11 13:37:21 -0700
committer	GitHub <[email protected]>	2018-03-11 13:37:21 -0700
commit	00359a1a55898629eb4b068ae68e9bc4e38740f9 (patch)
tree	2dea94c87e87dfd062debcb0fcc777319d6b87c9 /openssl/src/x509/tests.rs
parent	Merge pull request #870 from sfackler/tweaks (diff)
parent	Changes `init` to take a closure which is called with the initialized context (diff)
download	rust-openssl-00359a1a55898629eb4b068ae68e9bc4e38740f9.tar.xz rust-openssl-00359a1a55898629eb4b068ae68e9bc4e38740f9.zip