diff options
Diffstat (limited to 'tools/tests')
| -rw-r--r-- | tools/tests/Makefile.am | 15 | ||||
| -rw-r--r-- | tools/tests/test-extract.c | 301 | ||||
| -rw-r--r-- | tools/tests/test-x509.c | 276 | ||||
| -rw-r--r-- | tools/tests/test.h | 33 |
4 files changed, 625 insertions, 0 deletions
diff --git a/tools/tests/Makefile.am b/tools/tests/Makefile.am index e4dd7ff..6996675 100644 --- a/tools/tests/Makefile.am +++ b/tools/tests/Makefile.am @@ -21,6 +21,7 @@ INCLUDES = \ LDADD = \ $(top_builddir)/p11-kit/libp11-kit.la \ $(top_builddir)/common/libp11-data.la \ + $(top_builddir)/common/libp11-mock.la \ $(top_builddir)/common/libp11-library.la \ $(top_builddir)/common/libp11-compat.la \ $(builddir)/libtestcommon.la \ @@ -37,6 +38,8 @@ libtestcommon_la_SOURCES = \ CHECK_PROGS = \ test-save \ + test-extract \ + test-x509 \ $(NULL) noinst_PROGRAMS = \ @@ -49,4 +52,16 @@ test_save_SOURCES = \ $(TOOLS)/save.c \ $(NULL) +test_extract_SOURCES = \ + test-extract.c \ + $(TOOLS)/extract-info.c \ + $(NULL) + +test_x509_SOURCES = \ + test-x509.c \ + $(TOOLS)/extract-info.c \ + $(TOOLS)/extract-x509.c \ + $(TOOLS)/save.c \ + $(NULL) + endif # WITH_ASN1 diff --git a/tools/tests/test-extract.c b/tools/tests/test-extract.c new file mode 100644 index 0000000..55a3524 --- /dev/null +++ b/tools/tests/test-extract.c @@ -0,0 +1,301 @@ +/* + * Copyright (c) 2011, Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter <stefw@collabora.co.uk> + */ + +#include "config.h" +#include "CuTest.h" + +#include "attrs.h" +#include "compat.h" +#include "debug.h" +#include "dict.h" +#include "extract.h" +#include "library.h" +#include "mock.h" +#include "pkcs11.h" +#include "pkcs11x.h" +#include "oid.h" +#include "test.h" + +#include <stdlib.h> +#include <string.h> + +static void +test_file_name_for_label (CuTest *tc) +{ + CK_ATTRIBUTE label = { CKA_LABEL, "The Label!", 10 }; + p11_extract_info ex; + char *name; + + p11_extract_info_init (&ex); + + ex.attrs = p11_attrs_build (NULL, &label, NULL); + + name = p11_extract_info_filename (&ex); + CuAssertStrEquals (tc, "The_Label_", name); + free (name); + + p11_extract_info_cleanup (&ex); +} + +static void +test_file_name_for_class (CuTest *tc) +{ + p11_extract_info ex; + char *name; + + p11_extract_info_init (&ex); + + ex.klass = CKO_CERTIFICATE; + + name = p11_extract_info_filename (&ex); + CuAssertStrEquals (tc, "certificate", name); + free (name); + + ex.klass = CKO_DATA; + + name = p11_extract_info_filename (&ex); + CuAssertStrEquals (tc, "unknown", name); + free (name); + + p11_extract_info_cleanup (&ex); +} + +struct { + CK_FUNCTION_LIST module; + P11KitIter *iter; + p11_extract_info ex; +} test; + +static void +setup (CuTest *tc) +{ + CK_RV rv; + + memcpy (&test.module, &mock_module, sizeof (CK_FUNCTION_LIST)); + + rv = p11_kit_initialize_module (&test.module); + CuAssertIntEquals (tc, CKR_OK, rv); + + test.iter = p11_kit_iter_new (NULL); + + p11_extract_info_init (&test.ex); +} + +static void +teardown (CuTest *tc) +{ + CK_RV rv; + + p11_extract_info_cleanup (&test.ex); + + p11_kit_iter_free (test.iter); + + rv = p11_kit_finalize_module (&test.module); + CuAssertIntEquals (tc, CKR_OK, rv); +} + +static CK_OBJECT_CLASS certificate_class = CKO_CERTIFICATE; +static CK_OBJECT_CLASS extension_class = CKO_X_CERTIFICATE_EXTENSION; +static CK_CERTIFICATE_TYPE x509_type = CKC_X_509; + +static CK_ATTRIBUTE cacert3_authority_attrs[] = { + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, + { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) }, + { CKA_LABEL, "Cacert3 Here", 11 }, + { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, + { CKA_ID, "ID1", 3 }, + { CKA_INVALID }, +}; + +static CK_ATTRIBUTE certificate_filter[] = { + { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, + { CKA_INVALID }, +}; + +static CK_ATTRIBUTE extension_eku_server_client[] = { + { CKA_CLASS, &extension_class, sizeof (extension_class) }, + { CKA_ID, "ID1", 3 }, + { CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) }, + { CKA_VALUE, (void *)test_eku_server_and_client, sizeof (test_eku_server_and_client) }, + { CKA_INVALID }, +}; + +static CK_ATTRIBUTE extension_eku_invalid[] = { + { CKA_CLASS, &extension_class, sizeof (extension_class) }, + { CKA_ID, "ID1", 3 }, + { CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) }, + { CKA_VALUE, "invalid", 7 }, + { CKA_INVALID }, +}; + +static void +test_info_simple_certificate (CuTest *tc) +{ + CK_ATTRIBUTE *value; + CK_RV rv; + + setup (tc); + + CuAssertPtrNotNull (tc, test.ex.asn1_defs); + + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); + mock_module_add_object (MOCK_SLOT_ONE_ID, extension_eku_server_client); + + p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL); + p11_kit_iter_add_filter (test.iter, certificate_filter, 1); + p11_kit_iter_begin_with (test.iter, &test.module, 0, 0); + + rv = p11_kit_iter_next (test.iter); + CuAssertIntEquals (tc, CKR_OK, rv); + + CuAssertIntEquals (tc, CKO_CERTIFICATE, test.ex.klass); + CuAssertPtrNotNull (tc, test.ex.attrs); + value = p11_attrs_find_valid (test.ex.attrs, CKA_VALUE); + CuAssertPtrNotNull (tc, value); + CuAssertTrue (tc, memcmp (value->pValue, test_cacert3_ca_der, value->ulValueLen) == 0); + CuAssertPtrNotNull (tc, test.ex.cert_der); + CuAssertTrue (tc, memcmp (test.ex.cert_der, test_cacert3_ca_der, test.ex.cert_len) == 0); + CuAssertPtrNotNull (tc, test.ex.cert_asn); + + rv = p11_kit_iter_next (test.iter); + CuAssertIntEquals (tc, CKR_CANCEL, rv); + + teardown (tc); +} + +static void +test_info_limit_purposes (CuTest *tc) +{ + CK_RV rv; + + setup (tc); + + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); + mock_module_add_object (MOCK_SLOT_ONE_ID, extension_eku_server_client); + + /* This should not match the above, with the stapled certificat ext */ + CuAssertPtrEquals (tc, NULL, test.ex.limit_to_purposes); + p11_extract_info_limit_purpose (&test.ex, "1.1.1"); + CuAssertPtrNotNull (tc, test.ex.limit_to_purposes); + + p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL); + p11_kit_iter_add_filter (test.iter, certificate_filter, 1); + p11_kit_iter_begin_with (test.iter, &test.module, 0, 0); + + rv = p11_kit_iter_next (test.iter); + CuAssertIntEquals (tc, CKR_CANCEL, rv); + + teardown (tc); +} + +static void +test_info_invalid_purposes (CuTest *tc) +{ + CK_RV rv; + + setup (tc); + + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); + mock_module_add_object (MOCK_SLOT_ONE_ID, extension_eku_invalid); + + p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL); + p11_kit_iter_add_filter (test.iter, certificate_filter, 1); + p11_kit_iter_begin_with (test.iter, &test.module, 0, 0); + + p11_kit_be_quiet (); + + /* No results due to invalid purpose on certificate */ + rv = p11_kit_iter_next (test.iter); + CuAssertIntEquals (tc, CKR_CANCEL, rv); + + p11_kit_be_loud (); + + teardown (tc); +} + +static void +test_info_skip_non_certificate (CuTest *tc) +{ + CK_RV rv; + + setup (tc); + + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); + + p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL); + p11_kit_iter_begin_with (test.iter, &test.module, 0, 0); + + p11_message_quiet (); + + rv = p11_kit_iter_next (test.iter); + CuAssertIntEquals (tc, CKR_OK, rv); + + CuAssertIntEquals (tc, CKO_CERTIFICATE, test.ex.klass); + + rv = p11_kit_iter_next (test.iter); + CuAssertIntEquals (tc, CKR_CANCEL, rv); + + p11_message_loud (); + + teardown (tc); +} + +int +main (void) +{ + CuString *output = CuStringNew (); + CuSuite* suite = CuSuiteNew (); + int ret; + + putenv ("P11_KIT_STRICT=1"); + p11_debug_init (); + + SUITE_ADD_TEST (suite, test_file_name_for_label); + SUITE_ADD_TEST (suite, test_file_name_for_class); + SUITE_ADD_TEST (suite, test_info_simple_certificate); + SUITE_ADD_TEST (suite, test_info_limit_purposes); + SUITE_ADD_TEST (suite, test_info_invalid_purposes); + SUITE_ADD_TEST (suite, test_info_skip_non_certificate); + + CuSuiteRun (suite); + CuSuiteSummary (suite, output); + CuSuiteDetails (suite, output); + printf ("%s\n", output->buffer); + ret = suite->failCount; + CuSuiteDelete (suite); + CuStringDelete (output); + + return ret; +} diff --git a/tools/tests/test-x509.c b/tools/tests/test-x509.c new file mode 100644 index 0000000..0367cbd --- /dev/null +++ b/tools/tests/test-x509.c @@ -0,0 +1,276 @@ +/* + * Copyright (c) 2011, Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter <stefw@collabora.co.uk> + */ + +#include "config.h" +#include "CuTest.h" + +#include "attrs.h" +#include "compat.h" +#include "debug.h" +#include "dict.h" +#include "extract.h" +#include "library.h" +#include "mock.h" +#include "pkcs11.h" +#include "pkcs11x.h" +#include "oid.h" +#include "test.h" + +#include <assert.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> + +struct { + CK_FUNCTION_LIST module; + P11KitIter *iter; + p11_extract_info ex; + char *directory; +} test; + +static void +setup (CuTest *tc) +{ + CK_RV rv; + + memcpy (&test.module, &mock_module, sizeof (CK_FUNCTION_LIST)); + rv = p11_kit_initialize_module (&test.module); + CuAssertIntEquals (tc, CKR_OK, rv); + + mock_module_reset_objects (MOCK_SLOT_ONE_ID); + + test.iter = p11_kit_iter_new (NULL); + + p11_extract_info_init (&test.ex); + + test.directory = strdup ("/tmp/test-extract.XXXXXX"); + if (!mkdtemp (test.directory)) + CuFail (tc, "mkdtemp() failed"); +} + +static void +teardown (CuTest *tc) +{ + CK_RV rv; + + if (rmdir (test.directory) < 0) + CuFail (tc, "rmdir() failed"); + free (test.directory); + + p11_extract_info_cleanup (&test.ex); + p11_kit_iter_free (test.iter); + + rv = p11_kit_finalize_module (&test.module); + CuAssertIntEquals (tc, CKR_OK, rv); +} + +static CK_OBJECT_CLASS certificate_class = CKO_CERTIFICATE; +static CK_CERTIFICATE_TYPE x509_type = CKC_X_509; + +static CK_ATTRIBUTE cacert3_authority_attrs[] = { + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, + { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) }, + { CKA_LABEL, "Cacert3 Here", 12 }, + { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, + { CKA_ID, "ID1", 3 }, + { CKA_INVALID }, +}; + +static CK_ATTRIBUTE certificate_filter[] = { + { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, + { CKA_INVALID }, +}; + +static void +test_file (CuTest *tc) +{ + bool ret; + + setup (tc); + + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); + + p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL); + p11_kit_iter_add_filter (test.iter, certificate_filter, 1); + p11_kit_iter_begin_with (test.iter, &test.module, 0, 0); + + if (asprintf (&test.ex.destination, "%s/%s", test.directory, "extract.cer") < 0) + assert_not_reached (); + + ret = p11_extract_x509_file (test.iter, &test.ex); + CuAssertIntEquals (tc, true, ret); + + test_check_file (tc, test.directory, "extract.cer", SRCDIR "/files/cacert3.der"); + + teardown (tc); +} + +static void +test_file_multiple (CuTest *tc) +{ + bool ret; + + setup (tc); + + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); + + p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL); + p11_kit_iter_add_filter (test.iter, certificate_filter, 1); + p11_kit_iter_begin_with (test.iter, &test.module, 0, 0); + + if (asprintf (&test.ex.destination, "%s/%s", test.directory, "extract.cer") < 0) + assert_not_reached (); + + p11_message_quiet (); + + ret = p11_extract_x509_file (test.iter, &test.ex); + CuAssertIntEquals (tc, true, ret); + + CuAssertTrue (tc, strstr (p11_message_last (), "multiple certificates") != NULL); + + p11_message_loud (); + + test_check_file (tc, test.directory, "extract.cer", SRCDIR "/files/cacert3.der"); + + teardown (tc); +} + +static void +test_file_without (CuTest *tc) +{ + bool ret; + + setup (tc); + + p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL); + p11_kit_iter_add_filter (test.iter, certificate_filter, 1); + p11_kit_iter_begin_with (test.iter, &test.module, 0, 0); + + if (asprintf (&test.ex.destination, "%s/%s", test.directory, "extract.cer") < 0) + assert_not_reached (); + + p11_message_quiet (); + + ret = p11_extract_x509_file (test.iter, &test.ex); + CuAssertIntEquals (tc, false, ret); + + CuAssertTrue (tc, strstr (p11_message_last (), "no certificate") != NULL); + + p11_message_loud (); + + teardown (tc); +} + +static void +test_directory (CuTest *tc) +{ + bool ret; + + setup (tc); + + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); + + p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL); + p11_kit_iter_add_filter (test.iter, certificate_filter, 1); + p11_kit_iter_begin_with (test.iter, &test.module, 0, 0); + + /* Yes, this is a race, and why you shouldn't build software as root */ + if (rmdir (test.directory) < 0) + assert_not_reached (); + test.ex.destination = test.directory; + + ret = p11_extract_x509_directory (test.iter, &test.ex); + CuAssertIntEquals (tc, true, ret); + + test_check_directory (tc, test.directory, ("Cacert3_Here.cer", "Cacert3_Here.1.cer", NULL)); + test_check_file (tc, test.directory, "Cacert3_Here.cer", SRCDIR "/files/cacert3.der"); + test_check_file (tc, test.directory, "Cacert3_Here.1.cer", SRCDIR "/files/cacert3.der"); + + teardown (tc); +} + +static void +test_directory_empty (CuTest *tc) +{ + bool ret; + + setup (tc); + + p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL); + p11_kit_iter_add_filter (test.iter, certificate_filter, 1); + p11_kit_iter_begin_with (test.iter, &test.module, 0, 0); + + /* Yes, this is a race, and why you shouldn't build software as root */ + if (rmdir (test.directory) < 0) + assert_not_reached (); + test.ex.destination = test.directory; + + ret = p11_extract_x509_directory (test.iter, &test.ex); + CuAssertIntEquals (tc, true, ret); + + test_check_directory (tc, test.directory, (NULL, NULL)); + + teardown (tc); +} + +int +main (void) +{ + CuString *output = CuStringNew (); + CuSuite* suite = CuSuiteNew (); + int ret; + + putenv ("P11_KIT_STRICT=1"); + p11_debug_init (); + + SUITE_ADD_TEST (suite, test_file); + SUITE_ADD_TEST (suite, test_file_multiple); + SUITE_ADD_TEST (suite, test_file_without); + SUITE_ADD_TEST (suite, test_directory); + SUITE_ADD_TEST (suite, test_directory_empty); + + CuSuiteRun (suite); + CuSuiteSummary (suite, output); + CuSuiteDetails (suite, output); + printf ("%s\n", output->buffer); + ret = suite->failCount; + CuSuiteDelete (suite); + CuStringDelete (output); + + return ret; +} diff --git a/tools/tests/test.h b/tools/tests/test.h index c3e0d08..2cc7c31 100644 --- a/tools/tests/test.h +++ b/tools/tests/test.h @@ -164,6 +164,39 @@ static const unsigned char test_cacert3_ca_der[] = { 0xe0, 0x61, 0x92, 0xb7, 0xf3, 0x37, 0x98, 0xc4, 0xbe, 0x96, 0xa3, 0xb7, 0x8a, }; +static const char test_cacert3_ca_subject[] = { + 0x30, 0x54, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0b, 0x43, 0x41, 0x63, + 0x65, 0x72, 0x74, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, + 0x0b, 0x13, 0x15, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, + 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, + 0x03, 0x13, 0x13, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x20, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x20, + 0x33, 0x20, 0x52, 0x6f, 0x6f, 0x74, +}; + +static const char test_cacert3_ca_issuer[] = { + 0x30, 0x79, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x07, 0x52, 0x6f, 0x6f, + 0x74, 0x20, 0x43, 0x41, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, 0x68, + 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, + 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, 0x43, + 0x41, 0x20, 0x43, 0x65, 0x72, 0x74, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x20, 0x41, + 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x12, 0x73, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, + 0x40, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, +}; + +static const char test_cacert3_ca_serial[] = { + 0x02, 0x01, 0x00, +}; + +static const char test_eku_server_and_client[] = { + 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, + 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, +}; + +static const char test_eku_none[] = { + 0x30, 0x00, +}; + void test_check_file_msg (CuTest *tc, const char *file, int line, |