aboutsummaryrefslogtreecommitdiff
path: root/test/recipes
diff options
context:
space:
mode:
Diffstat (limited to 'test/recipes')
-rw-r--r--test/recipes/10-test_bn_data/bnmod.txt10
-rw-r--r--test/recipes/25-test_verify.t16
-rw-r--r--test/recipes/25-test_x509.t10
-rw-r--r--test/recipes/61-test_bio_readbuffer.t8
-rw-r--r--test/recipes/80-test_cmp_http_data/test_commands.csv3
-rw-r--r--test/recipes/80-test_cms.t47
-rw-r--r--test/recipes/80-test_cms_data/dh-cert.pem31
-rw-r--r--test/recipes/80-test_cms_data/dh-key.pem15
-rw-r--r--test/recipes/80-test_cms_data/dh-malformed.derbin0 -> 558 bytes
-rw-r--r--test/recipes/80-test_cms_data/ecdh-cert.pem10
-rw-r--r--test/recipes/80-test_cms_data/ecdh-key.pem5
-rw-r--r--test/recipes/80-test_cms_data/ecdh-malformed.derbin0 -> 275 bytes
-rw-r--r--test/recipes/80-test_cms_data/rsa-malformed.derbin0 -> 526 bytes
-rw-r--r--test/recipes/80-test_ocsp.t16
14 files changed, 158 insertions, 13 deletions
diff --git a/test/recipes/10-test_bn_data/bnmod.txt b/test/recipes/10-test_bn_data/bnmod.txt
index 85a17e0a05dc..a0a30df45e74 100644
--- a/test/recipes/10-test_bn_data/bnmod.txt
+++ b/test/recipes/10-test_bn_data/bnmod.txt
@@ -1,4 +1,4 @@
-# Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -2010,6 +2010,14 @@ A = ca6c51ba2f410d09bf71d60fe
B = 8bdfa8fe5ef3b2ad02bc63c4d
M = 84daecf412b8c50ad6dfdb546c3eb783dcc6f32003eda914bb
+# These test vectors satisfy A ^ 2 = ModSqr (mod M) and 0 <= ModSqr < M.
+
+Title = ModSqr tests
+
+# Regression test for https://github.com/openssl/openssl/issues/15587
+ModSqr = 166794ed50cb31b6e6a319f7474416c266d5c3f3115ea2a7ed9638367d1f955f66a7179ee3ce5ee5e04e63c46781f1192beac3abb26ff238f5ed2f5505ae06003ff
+A = 1407833bd4c893195cc32f56a507f15140be687a1994febe0bdbe793125f010a3c1c814737b10ab690498b7990ce4e625ad2f32cbf42626cb9649da38a5c9c76a99
+M = 1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
# These test vectors satisfy A ^ E = ModExp (mod M) and 0 <= ModExp < M.
diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t
index 673c3d5f1772..ab8cdff23a21 100644
--- a/test/recipes/25-test_verify.t
+++ b/test/recipes/25-test_verify.t
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
-# Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2026 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -30,7 +30,7 @@ sub verify {
run(app([@args]));
}
-plan tests => 203;
+plan tests => 204;
# Canonical success
ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]),
@@ -594,6 +594,18 @@ ok(!verify("ee-cert-policies-bad", "", ["root-cert"], ["ca-pol-cert"],
"-explicit_policy"),
"Bad certificate policy");
+# CVE-2026-28388
+my $cve_28388_stderr = "cve-2026-28388.err";
+run(app(["openssl", "verify",
+ "-attime", "1739527200",
+ "-CAfile", srctop_file(@certspath, "cve-2026-28388-ca.pem"),
+ "-crl_check", "-use_deltas",
+ "-CRLfile", srctop_file(@certspath, "cve-2026-28388-crls.pem"),
+ srctop_file(@certspath, "cve-2026-28388-leaf.pem")],
+ stderr => $cve_28388_stderr));
+ok(grep(/CRL is not yet valid/, do { open my $fh, '<', $cve_28388_stderr; <$fh> }),
+ "CVE-2026-28388");
+
# CAstore option
my $rootcertname = "root-cert";
my $rootcert = srctop_file(@certspath, "${rootcertname}.pem");
diff --git a/test/recipes/25-test_x509.t b/test/recipes/25-test_x509.t
index dfa0a428f5f0..e4e373fd5d0e 100644
--- a/test/recipes/25-test_x509.t
+++ b/test/recipes/25-test_x509.t
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
-# Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2026 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -16,7 +16,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/;
setup("test_x509");
-plan tests => 138;
+plan tests => 139;
# Prevent MSys2 filename munging for arguments that look like file paths but
# aren't
@@ -413,6 +413,12 @@ cert_contains($time_spec_per_cert,
"Years: 2023, 2024",
1, 'X.509 Time Specification (Periodic)');
+my $time_spec_per_no_second_cert =
+ srctop_file(@certs, "ext-timeSpecification-periodic-no-second.pem");
+cert_contains($time_spec_per_no_second_cert,
+ "05:43:00 - 12:34:56",
+ 1, 'X.509 Time Specification (Periodic, no second)');
+
my $attr_map_cert = srctop_file(@certs, "ext-attributeMappings.pem");
cert_contains($attr_map_cert,
"commonName == localityName",
diff --git a/test/recipes/61-test_bio_readbuffer.t b/test/recipes/61-test_bio_readbuffer.t
index e10ab746ae38..cd3db6a6ec54 100644
--- a/test/recipes/61-test_bio_readbuffer.t
+++ b/test/recipes/61-test_bio_readbuffer.t
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
-# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2021-2026 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -16,7 +16,7 @@ setup('test_bio_readbuffer');
my $pemfile = srctop_file("test", "certs", "leaf.pem");
my $derfile = 'readbuffer_leaf.der';
-plan tests => 3;
+plan tests => 4;
ok(run(app([ 'openssl', 'x509', '-inform', 'PEM', '-in', $pemfile,
'-outform', 'DER', '-out', $derfile])),
@@ -27,3 +27,7 @@ ok(run(test(["bio_readbuffer_test", $derfile])),
ok(run(test(["bio_readbuffer_test", $pemfile])),
"Running bio_readbuffer_test $pemfile");
+
+ok(run(app([ 'openssl', 'x509', '-inform', 'DER', '-outform', 'PEM',
+ '-noout' ], stdin => $derfile)),
+ "Test stdin read buffer in openssl app");
diff --git a/test/recipes/80-test_cmp_http_data/test_commands.csv b/test/recipes/80-test_cmp_http_data/test_commands.csv
index c6c54239b1d7..9e77baa4b127 100644
--- a/test/recipes/80-test_cmp_http_data/test_commands.csv
+++ b/test/recipes/80-test_cmp_http_data/test_commands.csv
@@ -147,6 +147,7 @@ expected,description, -section,val, -cmd,val,val2, -cacertsout,val,val2, -infoty
0,using popo 1 with -centralkeygen, -section,, -cmd,cr,, -centralkeygen, -popo,1, -newkeyout,_RESULT_DIR/newkeyout.pem
1, using popo -1 redundantly with -centralkeygen, -section,, -cmd,cr,, -centralkeygen, -popo,-1, -newkeyout,_RESULT_DIR/newkeyout2.pem
1, using popo -1 alternatively to -centralkeygen, -section,, -cmd,cr,, -popo,-1, -newkeyout,_RESULT_DIR/newkeyout3.pem, -newkeypass,pass:12345, -certout,_RESULT_DIR/test.cert3.pem
-1, using centrally generated key (and cert) , -section,, -cmd,cr,,-cert,_RESULT_DIR/test.cert3.pem, -key,_RESULT_DIR/newkeyout3.pem, -keypass,pass:12345
+1, using centrally generated key (and cert) with existing chain, -section,, -cmd,cr,,-cert,_RESULT_DIR/test.cert3.pem, -key,_RESULT_DIR/newkeyout3.pem, -keypass,pass:12345, -extracerts, issuing.crt
+1, using centrally generated key (and cert) without giving chain (requires sender cert caching), -section,, -cmd,cr,,-cert,_RESULT_DIR/test.cert3.pem, -key,_RESULT_DIR/newkeyout3.pem, -keypass,pass:12345, -extracerts, ""
0, using centrally generated key with wrong password, -section,, -cmd,cr,,-cert,_RESULT_DIR/test.cert3.pem, -key,_RESULT_DIR/newkeyout3.pem, -keypass,pass:wrong
0, using popo -1 (instead of -centralkeygen) without -newkeyout, -section,, -cmd,cr,, -popo,-1,,BLANK,,BLANK,,BLANK,,BLANK
diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
index 279a498475c8..d3adf2d1af77 100644
--- a/test/recipes/80-test_cms.t
+++ b/test/recipes/80-test_cms.t
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
-# Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2026 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -53,7 +53,7 @@ my ($no_des, $no_dh, $no_dsa, $no_ec, $no_ec2m, $no_rc2, $no_zlib)
$no_rc2 = 1 if disabled("legacy");
-plan tests => 31;
+plan tests => 34;
ok(run(test(["pkcs7_test"])), "test pkcs7");
@@ -1360,6 +1360,49 @@ with({ exit_checker => sub { return shift == 3; } },
"Check for failure when cipher does not have an assigned OID (issue#22225)");
});
+# Test cases for CVE-2026-28389
+my $smcont_malformed = srctop_file("test", "recipes", "80-test_cms_data", "dh-malformed.der");
+my $smdhcert = srctop_file("test", "recipes", "80-test_cms_data", "dh-cert.pem");
+my $smdhkey = srctop_file("test", "recipes", "80-test_cms_data", "dh-key.pem");
+
+with({ exit_checker => sub { return shift == 4; } },
+ sub {
+ SKIP: {
+ skip "DH is not supported in this build", 1 if $no_dh;
+
+ ok(run(app(["openssl", "cms", @prov, "-decrypt", "-in", $smcont_malformed,
+ "-inform", "DER", "-recip", $smdhcert, "-inkey", $smdhkey])),
+ "Must not crash on malformed cms inputs with dh key");
+ }
+ });
+
+$smcont_malformed = srctop_file("test", "recipes", "80-test_cms_data", "ecdh-malformed.der");
+my $smecdhcert = srctop_file("test", "recipes", "80-test_cms_data", "ecdh-cert.pem");
+my $smecdhkey = srctop_file("test", "recipes", "80-test_cms_data", "ecdh-key.pem");
+
+with({ exit_checker => sub { return shift == 4; } },
+ sub {
+ SKIP: {
+ skip "EC is not supported in this build", 1 if $no_ec;
+
+ ok(run(app(["openssl", "cms", @prov, "-decrypt", "-in", $smcont_malformed,
+ "-inform", "DER", "-recip", $smecdhcert, "-inkey", $smecdhkey])),
+ "Must not crash on malformed cms inputs with ecdh key");
+ }
+ });
+
+$smcont_malformed = srctop_file("test", "recipes", "80-test_cms_data", "rsa-malformed.der");
+my $smrsacert = catfile($smdir, "smrsa3.pem");
+my $smrsakey = catfile($smdir, "smrsa3-key.pem");
+
+# Test case for CVE-2026-28390
+with({ exit_checker => sub { my $ret = shift; return $ret == 4 || $ret == 0; } },
+ sub {
+ ok(run(app(["openssl", "cms", @prov, "-decrypt", "-in", $smcont_malformed, "-inform",
+ "DER", "-recip", $smrsacert, "-inkey", $smrsakey, "-out", "{output}.cms"])),
+ "Must not crash on malformed cms inputs with RSA key");
+ });
+
# Test encrypt to three recipients, and decrypt using key-only;
# i.e. do not follow the recommended practice of providing the
# recipient cert in the decrypt op.
diff --git a/test/recipes/80-test_cms_data/dh-cert.pem b/test/recipes/80-test_cms_data/dh-cert.pem
new file mode 100644
index 000000000000..f5fb90b9009b
--- /dev/null
+++ b/test/recipes/80-test_cms_data/dh-cert.pem
@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFSjCCBDKgAwIBAgIUAV5WB+HkJTxtCmGX88OYfIRfEu8wDQYJKoZIhvcNAQEL
+BQAwVjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
+GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UEAwwGcm9vdENBMB4XDTI2
+MDMzMTA4NDUwOVoXDTI2MDQwMTA4NDUwOVowDjEMMAoGA1UEAwwDcG9jMIIDJzCC
+AhkGByqGSM4+AgEwggIMAoIBAQD//////////634VFiiu0qar9xWICc9PPHYucWD
+zi02lanhNkEUZDP7zJOdziSbPvl9L+NjYwx12PaBsgKuxGF6098e1dX9ZWEkM/Uf
+XwZu0IVjZVU97RrztVcTXn9XyTWYTwxw4OaLd+Kmidrz7+hyHfFYoTat5zUwrMpP
+SDp5erwKsYKzJPth0QipS7LI4/u5atq3YNf0aB1PQqPeOU30rlbt52NyuxkLB6fI
+7gptcJ4C/OHN9+LswDQEzSg0L2GRcv6c6YWD/45PEjLu8oGDw/47G0xvrXM7tfy8
+LsIgBcWO8YN9FoOyxvNKJsGy7/qIa0I4YShcl///////////AgECAoIBAH//////
+////1vwqLFFdpU1X7isQE56eeOxc4sHnFptK1PCbIIoyGf3mSc7nEk2ffL6X8bGx
+hjrse0DZAVdiML1p749q6v6ysJIZ+o+vgzdoQrGyqp72jXnaq4mvP6vkmswnhjhw
+c0W78VNE7Xn39DkO+KxQm1bzmphWZSekHTy9XgVYwVmSfbDohFSl2WRx/dy1bVuw
+a/o0DqehUe8cpvpXK3bzsbldjIWD0+R3BTa4TwF+cOb78XZgGgJmlBoXsMi5f050
+wsH/xyeJGXd5QMHh/x2NpjfWuZ3a/l4XYRAC4sd4wb6LQdljeaUTYNl3/UQ1oRww
+lC5L//////////8DggEGAAKCAQEA8IGxSTAsrdMqlK3rFejocWZ0fmXhLzlhnARX
+l3RL+jHyiFoCyCPRLmGBMaL9HqfcVp7E98IvFBxEjtDVc2tcbUJrbv922QaNYqQl
+IwuUhdBHDpg0aSbDTV0Vvbny0hDuD7T7VTUO5D7XJammA2hlbpcfO8xuWFmRjdBJ
+ctA+MaUbWL21ZzsF8A5rz58mVRHchrAez5ksNb8xaLd0lZqtbiBDntA52XnSp1bO
+M2CPlKcb4qMMxVop2DGakChcxu7BUzob22HpRQl+k5K4Tq+kkToHKMR6obpl9Leu
+lzJdR8cH9WqF6TE2YFYkpvzE7V7/Rp4uC6UqOGr62oS4thwLtqNTMFEwHwYDVR0j
+BBgwFoAUhVaJNeKfABrhhgMLS692Emszbf0wDwYDVR0TAQH/BAUwAwEB/zAdBgNV
+HQ4EFgQUIpXhOwY+ufefb4dBhx3niO/ntO0wDQYJKoZIhvcNAQELBQADggEBABWo
+cJfSVwpnYmDHi9U0r0yickvRyFLiOK1vruoKfbkxfYk9J9OwLr4n4S5P5bGXXOSW
+AAVXnvYKs6Xn07sg+1X1Sti/1wd/OLOvjaz1ebRqP5MiZRbKIlRHkv2maJEmcdyp
+JGR4gHGnu/0I5Zp4DOi+xv1R3vGIkkcl/WIncrJflMJcCRMM4YdMV838kFU2esGm
+eB8pTv7acyYsGeSTIk+AYEtS84w3ZQ2sOuGAep0hp9saV/LKiRzNUG0yX2LWP8EO
+VMqGSXJqg1TYgAa7lcidtXfQgm+xdTeZzJRbl8Ti3d5YbgXW2vt4vhwkXtPGy5Y3
+NGpnrpeWX4rk4kQmx/I=
+-----END CERTIFICATE-----
diff --git a/test/recipes/80-test_cms_data/dh-key.pem b/test/recipes/80-test_cms_data/dh-key.pem
new file mode 100644
index 000000000000..16010785214e
--- /dev/null
+++ b/test/recipes/80-test_cms_data/dh-key.pem
@@ -0,0 +1,15 @@
+-----BEGIN PRIVATE KEY-----
+MIICQAIBADCCAhkGByqGSM4+AgEwggIMAoIBAQD//////////634VFiiu0qar9xW
+ICc9PPHYucWDzi02lanhNkEUZDP7zJOdziSbPvl9L+NjYwx12PaBsgKuxGF6098e
+1dX9ZWEkM/UfXwZu0IVjZVU97RrztVcTXn9XyTWYTwxw4OaLd+Kmidrz7+hyHfFY
+oTat5zUwrMpPSDp5erwKsYKzJPth0QipS7LI4/u5atq3YNf0aB1PQqPeOU30rlbt
+52NyuxkLB6fI7gptcJ4C/OHN9+LswDQEzSg0L2GRcv6c6YWD/45PEjLu8oGDw/47
+G0xvrXM7tfy8LsIgBcWO8YN9FoOyxvNKJsGy7/qIa0I4YShcl///////////AgEC
+AoIBAH//////////1vwqLFFdpU1X7isQE56eeOxc4sHnFptK1PCbIIoyGf3mSc7n
+Ek2ffL6X8bGxhjrse0DZAVdiML1p749q6v6ysJIZ+o+vgzdoQrGyqp72jXnaq4mv
+P6vkmswnhjhwc0W78VNE7Xn39DkO+KxQm1bzmphWZSekHTy9XgVYwVmSfbDohFSl
+2WRx/dy1bVuwa/o0DqehUe8cpvpXK3bzsbldjIWD0+R3BTa4TwF+cOb78XZgGgJm
+lBoXsMi5f050wsH/xyeJGXd5QMHh/x2NpjfWuZ3a/l4XYRAC4sd4wb6LQdljeaUT
+YNl3/UQ1oRwwlC5L//////////8EHgIcJmHQRSrQ2wQnNyMZhx9Xdkf8hro/xi1r
+xDHoWg==
+-----END PRIVATE KEY-----
diff --git a/test/recipes/80-test_cms_data/dh-malformed.der b/test/recipes/80-test_cms_data/dh-malformed.der
new file mode 100644
index 000000000000..20a5ed84bde9
--- /dev/null
+++ b/test/recipes/80-test_cms_data/dh-malformed.der
Binary files differ
diff --git a/test/recipes/80-test_cms_data/ecdh-cert.pem b/test/recipes/80-test_cms_data/ecdh-cert.pem
new file mode 100644
index 000000000000..3a0ab6624ca2
--- /dev/null
+++ b/test/recipes/80-test_cms_data/ecdh-cert.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBcTCCARegAwIBAgIUFyBfipahA11TzFxBhYY2WfTejGswCgYIKoZIzj0EAwIw
+DjEMMAoGA1UEAwwDcG9jMB4XDTI2MDMzMTA3MzQyOVoXDTI2MDQwMTA3MzQyOVow
+DjEMMAoGA1UEAwwDcG9jMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE6iA2FR7s
+OgRtpf8cRXDSLSSB5nSzQt2/hzueZTiQXUT1Knto2U5zRqUoioZ/FKsazdhQVQQC
+EN0/WYGND+XwmaNTMFEwHwYDVR0jBBgwFoAU+AH0MqgJJ4WYRK+BmEDebmjREYcw
+DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU+AH0MqgJJ4WYRK+BmEDebmjREYcw
+CgYIKoZIzj0EAwIDSAAwRQIhAPTS8MWoylN+jfLgRfr75WkJqNFlsrfxCDvMtWV+
+NT2yAiBaY72EVG36EP2gGFEhkBaXb0vLx0r7umDgejEwBWQ9mQ==
+-----END CERTIFICATE-----
diff --git a/test/recipes/80-test_cms_data/ecdh-key.pem b/test/recipes/80-test_cms_data/ecdh-key.pem
new file mode 100644
index 000000000000..ef9488b3c516
--- /dev/null
+++ b/test/recipes/80-test_cms_data/ecdh-key.pem
@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgeDjy2W+FHVPt1Kg1
+unwzzD9yBC+NtbH/UaZ9PY4wZP6hRANCAATqIDYVHuw6BG2l/xxFcNItJIHmdLNC
+3b+HO55lOJBdRPUqe2jZTnNGpSiKhn8UqxrN2FBVBAIQ3T9ZgY0P5fCZ
+-----END PRIVATE KEY-----
diff --git a/test/recipes/80-test_cms_data/ecdh-malformed.der b/test/recipes/80-test_cms_data/ecdh-malformed.der
new file mode 100644
index 000000000000..14ddc1dea290
--- /dev/null
+++ b/test/recipes/80-test_cms_data/ecdh-malformed.der
Binary files differ
diff --git a/test/recipes/80-test_cms_data/rsa-malformed.der b/test/recipes/80-test_cms_data/rsa-malformed.der
new file mode 100644
index 000000000000..4182a465ce79
--- /dev/null
+++ b/test/recipes/80-test_cms_data/rsa-malformed.der
Binary files differ
diff --git a/test/recipes/80-test_ocsp.t b/test/recipes/80-test_ocsp.t
index 0539c79d5613..dfba630de42f 100644
--- a/test/recipes/80-test_ocsp.t
+++ b/test/recipes/80-test_ocsp.t
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
-# Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2026 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -37,22 +37,24 @@ sub test_ocsp {
}
my $expected_exit = shift;
my $nochecks = shift;
+ my $opt_untrusted = shift // "-verify_other";
my $outputfile = basename($inputfile, '.ors') . '.dat';
run(app(["openssl", "base64", "-d",
"-in", catfile($ocspdir,$inputfile),
"-out", $outputfile]));
+ my @certopt = ($opt_untrusted, catfile($ocspdir, $untrusted));
with({ exit_checker => sub { return shift == $expected_exit; } },
sub { ok(run(app(["openssl", "ocsp", "-respin", $outputfile,
"-partial_chain", @check_time,
"-CAfile", catfile($ocspdir, $CAfile),
- "-verify_other", catfile($ocspdir, $untrusted),
+ @certopt,
"-no-CApath", "-no-CAstore",
$nochecks ? "-no_cert_checks" : ()])),
$title); });
}
-plan tests => 12;
+plan tests => 13;
subtest "=== VALID OCSP RESPONSES ===" => sub {
plan tests => 7;
@@ -230,6 +232,14 @@ subtest "=== OCSP API TESTS===" => sub {
"running ocspapitest");
};
+subtest "=== UNTRUSTED ISSUER HINTS ===" => sub {
+ plan tests => 1;
+
+ test_ocsp("NON-DELEGATED; invalid issuer via -issuer",
+ "ND1.ors", "ND1_Cross_Root.pem",
+ "ISIC_ND1_Issuer_ICA.pem", 1, 0, "-issuer");
+};
+
subtest "=== OCSP handling of identical input and output files ===" => sub {
plan tests => 5;
generated by cgit v1.3 (git 2.53.0) at 2026-05-30 17:07:22 +0000