projects / platform / upstream / gnutls.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge branch 'upstream' into tizen
[platform/upstream/gnutls.git] / tests / crlverify.c
1 /*
2  * Copyright (C) 2008-2014 Free Software Foundation, Inc.
3  *
4  * Author: Simon Josefsson, Nikos Mavrogiannopoulos
5  *
6  * This file is part of GnuTLS.
7  *
8  * GnuTLS is free software; you can redistribute it and/or modify it
9  * under the terms of the GNU General Public License as published by
10  * the Free Software Foundation; either version 3 of the License, or
11  * (at your option) any later version.
12  *
13  * GnuTLS is distributed in the hope that it will be useful, but
14  * WITHOUT ANY WARRANTY; without even the implied warranty of
15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
16  * General Public License for more details.
17  *
18  * You should have received a copy of the GNU General Public License
19  * along with GnuTLS; if not, write to the Free Software Foundation,
20  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
21  */
22
23 #ifdef HAVE_CONFIG_H
24 #include <config.h>
25 #endif
26
27 #include <stdio.h>
28 #include <stdlib.h>
29 #include <string.h>
30
31 #include <gnutls/gnutls.h>
32 #include <gnutls/x509.h>
33
34 #include "utils.h"
35
36 static const char *simple1[] = {
37 /* CRL */
38 "-----BEGIN X509 CRL-----\n"
39 "MIIBmjCBgwIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0wGA8yMDE0\n"
40 "MDkxMzA5MDUyM1oYDzIwMTUwOTEzMDkwNTIzWjAAoDowODAfBgNVHSMEGDAWgBTx\n"
41 "Fcb1FYLbhH9yuqg4wlVJUZnYKTAVBgNVHRQEDgIMVBQI0zeJoFHkLaWNMA0GCSqG\n"
42 "SIb3DQEBCwUAA4IBAQB6SGYePy1MBmtELyWdnlJHlQ4bBgb4vjuLDSfH0X6b4dAS\n"
43 "MEZws8iA5SaJFIioIP41s3lfQ1Am7GjSoNccHdrLmEcUSTQLwLYaDL8SgxekP5Au\n"
44 "w8HTu1cz/mnjBBDURq1RvyGNFm6MXf1Rg/bHSea/EpDkn8KY152BT1/46iQ+Uho6\n"
45 "hz6UUWsTB4Lj25X8F2hlKwQcb3E63Or2XEPBw4rhaCDFAtSZeBaGUUSJ8CLUKXZf\n"
46 "5b45MjiZ/osgd81tfn3wdQVjDnaQwNtjeRbK+qU0Z4pIKBvHzRS/fZKwTnrK1DLI\n"
47 "yY/nqBJT/+Q5zdUx5FXp0bwyZuarJ1GHqcES3Rz1\n"
48 "-----END X509 CRL-----\n",
49 /* CA - cert_signing_key only */
50 "-----BEGIN CERTIFICATE-----\n"
51 "MIIC4DCCAcigAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n"
52 "MCIYDzIwMTQwOTEzMDkwNTIzWhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n"
53 "BENBLTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCybbzvQTOmfwlA\n"
54 "+q8F/4ms42nhl5lo1lK6JCvE7jZdhqZNXE8e1eNACrU6rCxRQynDhOyAOCLQAAul\n"
55 "ivNMCW+SFN0IkSYXSRM8aWIDOZT8FyWB3yJSyvi3+SMgm7OYHFW8htH8qaIv0xJf\n"
56 "1h/ADBE62j9uaQIg7qSn6pVHMDHaITAbPg3y6II1iP3W28Vj/rtvK9yoZu4AThSD\n"
57 "Vdjl8WT4b4VOBbmioSNCDjx2C73+HLM2eUsdumCVcjWD9gkvCKkqTbOVplGRvCzO\n"
58 "sKNVGJamH9eGOjF2Az9XuYR+m7jWdIyTitLtbliyFiWwFguQ7BAPVnUS3TSKoLKL\n"
59 "X9WRGDIVAgMBAAGjQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcG\n"
60 "ADAdBgNVHQ4EFgQU8RXG9RWC24R/crqoOMJVSVGZ2CkwDQYJKoZIhvcNAQELBQAD\n"
61 "ggEBAASDvSD6Gt9E/IANgJ2lq7cvqKHhK/S0crpBHmzouLU1YANAbva8vZ2iVsgP\n"
62 "ojj5+QKosXgZM67g1u4Vr/Kt7APwYDVV9NlfE7BLSaksaQbh6J464rJ8pXONW6xP\n"
63 "z6tl/Pm1RqXuxzgnUv700OFuxBnnbglz9aQk5eS7kag8bfUx8MfN5gbW34nB79fn\n"
64 "5943Z8DmcDfUQZRY66v4S/NAYs7s96ABMB18u9Ct6KqGP/LKfDt2bgeTE/1b68T+\n"
65 "xmYF8N+JsJ3qP4lqBHgHLUL945nEoG8yDPIiZw3pmw1SyS0ktoVASynAh3W5j//r\n"
66 "d9Uk2Ojqo2tp/lJ0LCuQ3nWeM2Y=\n"
67 "-----END CERTIFICATE-----\n"
68 };
69
70 static const char *simple1_broken[] = {
71 /* CRL with some bits flipped */
72 "-----BEGIN X509 CRL-----\n"
73 "MIIBmjCBgwIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0wGA8yMDE0\n"
74 "MDkxMzA5MDUyM1oYDzIwMTUwOTEzMDkwNTIzWjAAoDowODAfBgNVHSMEGDAWgBTx\n"
75 "Fcb1FYLbhH9yuqg4wlVJUZnYKTAVBgNVHRQEDgIMVBQI0zeJoFHkLaWNMA0GCSqG\n"
76 "SIb3DQEBCwUAA4IBAQB6SGYePy1MBmtELyWdnlJHlQ4bBgb4vjuLDSfH0X6b4dAS\n"
77 "MEZws8iA5SaJFIioIP41s3lfQ1Am7GjSoNccHdrLmEcUSTQLwLYaDL8SgxekP5Au\n"
78 "w8HTu1cz/mnjBBDURq1RvyGNFm6MXf1Rg/bHSea/EpDkn8KY152BT1/46iQ+Uho6\n"
79 "hz6UUWsTB4Lj25X8F3hlKwQcb3E63Or2XEPBw4rhaCDFAtSZeBaGUUSJ8CLUKXZf\n"
80 "5b45MjiZ/osgd81tfn3wdQVjDnaQwNtjeRbK+qU0Z4pIKBvHzRS/fZKwTnrK1DLI\n"
81 "yY/nqBJT/+Q5zdUx5FXp0bwyZuarJ1GHqcES3Rz1\n"
82 "-----END X509 CRL-----\n",
83 /* CA - cert_signing_key only */
84 "-----BEGIN CERTIFICATE-----\n"
85 "MIIC4DCCAcigAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n"
86 "MCIYDzIwMTQwOTEzMDkwNTIzWhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n"
87 "BENBLTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCybbzvQTOmfwlA\n"
88 "+q8F/4ms42nhl5lo1lK6JCvE7jZdhqZNXE8e1eNACrU6rCxRQynDhOyAOCLQAAul\n"
89 "ivNMCW+SFN0IkSYXSRM8aWIDOZT8FyWB3yJSyvi3+SMgm7OYHFW8htH8qaIv0xJf\n"
90 "1h/ADBE62j9uaQIg7qSn6pVHMDHaITAbPg3y6II1iP3W28Vj/rtvK9yoZu4AThSD\n"
91 "Vdjl8WT4b4VOBbmioSNCDjx2C73+HLM2eUsdumCVcjWD9gkvCKkqTbOVplGRvCzO\n"
92 "sKNVGJamH9eGOjF2Az9XuYR+m7jWdIyTitLtbliyFiWwFguQ7BAPVnUS3TSKoLKL\n"
93 "X9WRGDIVAgMBAAGjQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcG\n"
94 "ADAdBgNVHQ4EFgQU8RXG9RWC24R/crqoOMJVSVGZ2CkwDQYJKoZIhvcNAQELBQAD\n"
95 "ggEBAASDvSD6Gt9E/IANgJ2lq7cvqKHhK/S0crpBHmzouLU1YANAbva8vZ2iVsgP\n"
96 "ojj5+QKosXgZM67g1u4Vr/Kt7APwYDVV9NlfE7BLSaksaQbh6J464rJ8pXONW6xP\n"
97 "z6tl/Pm1RqXuxzgnUv700OFuxBnnbglz9aQk5eS7kag8bfUx8MfN5gbW34nB79fn\n"
98 "5943Z8DmcDfUQZRY66v4S/NAYs7s96ABMB18u9Ct6KqGP/LKfDt2bgeTE/1b68T+\n"
99 "xmYF8N+JsJ3qP4lqBHgHLUL945nEoG8yDPIiZw3pmw1SyS0ktoVASynAh3W5j//r\n"
100 "d9Uk2Ojqo2tp/lJ0LCuQ3nWeM2Y=\n"
101 "-----END CERTIFICATE-----\n"
102 };
103
104 static const char *simple1_constraints[] = {
105 /* CRL */
106 "-----BEGIN X509 CRL-----\n"
107 "MIIBmjCBgwIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0wGA8yMDE0\n"
108 "MDkxMzA4NTkxNloYDzIwMTUwOTEzMDg1OTE2WjAAoDowODAfBgNVHSMEGDAWgBTn\n"
109 "sISO6h9leKTKtOh/HG0jV03AMzAVBgNVHRQEDgIMVBQHZC2mj6EAgMPSMA0GCSqG\n"
110 "SIb3DQEBCwUAA4IBAQBHUgtxpOn8EHwlajVYoOh6DFCwIoxBIeUA4518W1cHoV7J\n"
111 "KMif6lmJRodrcbienDX781QcOaQcNnuu/oBEcoBdbZa0VICzXekIteSwEgGsbRve\n"
112 "QQFPnZn83I4btse1ly5fdxMsliSM+qRwIyNR18VHXZz9GWYrr4tYWnI2b9XrDnaC\n"
113 "1b3Ywt7I9pNi0/O0C0rE/37/VvPx6HghnC+un7LtT0Y0n+FQP7dhlMvzHaR8wVxs\n"
114 "WAzaNvSiJ1rVPzL21iCmQJsRQeDTSJBlzm0lWiU8Nys3ugM2KlERezfp8DkFGA3y\n"
115 "9Yzpq6gAi39ZK+LjopgGDkrQjxzBIaoe2bcDqB7X\n"
116 "-----END X509 CRL-----\n",
117 /* CA - cert_signing_key only */
118 "-----BEGIN CERTIFICATE-----\n"
119 "MIIC4DCCAcigAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n"
120 "MCIYDzIwMTQwOTEzMDg1OTE2WhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n"
121 "BENBLTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7AVMcGmvenCAt\n"
122 "14Yi2zi6In2vjNakbzDfUa5xaG8oD73h4P8zP2TQqDmUBAAi5EdXoF5/crpgnGY3\n"
123 "oyUEFYnT7GTI/FO+RxZz9jCLvY3hpeuJcofsFny8n0ARL9WiFKuAEvrZkg+6V3Fh\n"
124 "TC9bCOFsGVTaLiUoi/nkD9IUgCkybFTqZM+8tLT4/gCMFNs9e0ANa5F+wtvS0bjy\n"
125 "LLozq6+XpzEXlL3UNKJq9cf02zHjb9ftlMDykRRkGPzppBSfOCJAMOX/BBNpWznJ\n"
126 "I1bg0m/6X3+SDO3j0PKLVc7BWWTnXXHb4rznwcRZm8zJiKKFE0GDOijzpT6Dl/gX\n"
127 "JI0lroeJAgMBAAGjQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcE\n"
128 "ADAdBgNVHQ4EFgQU57CEjuofZXikyrTofxxtI1dNwDMwDQYJKoZIhvcNAQELBQAD\n"
129 "ggEBALPFKXFauyO0R7Y+zhpiqYe1ms4qU9aprr/x4GMG4ByZ0i0FK8Kh+L5BsNQA\n"
130 "FsEMeEEmKTHKzkMHfvTJ6y/K6P9rTVY7W2MqlX8IXM02L3fg0zn7Xd9CtCG1nnzh\n"
131 "fQMf/K/9Xqiotjlrgo8noEZksGPIvDPXXY98dd0clGnBvw2HwiG4h+csr4i9y7CH\n"
132 "tpnTRJnfzdqDYIh8vnM0tIJbXbe5DBLHnmnx15FQB1apFNa87gdBHAnkHCXrV1vC\n"
133 "oZXEeUL/zW2ax+ALOglM82dwex2qV9jgcsWfq1Y2JBlVT1QPpbAooCnjvBhmPCjX\n"
134 "qYkVfApeRr4QAwwkLnyfSKNLHco=\n"
135 "-----END CERTIFICATE-----\n"
136 };
137
138 static const char *simple1_fail[] = {
139 /* CRL */
140 "-----BEGIN X509 CRL-----\n"
141 "MIIBmjCBgwIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0wGA8yMDE0\n"
142 "MDkxMzA4NTkxNloYDzIwMTUwOTEzMDg1OTE2WjAAoDowODAfBgNVHSMEGDAWgBTn\n"
143 "sISO6h9leKTKtOh/HG0jV03AMzAVBgNVHRQEDgIMVBQHZC2mj6EAgMPSMA0GCSqG\n"
144 "SIb3DQEBCwUAA4IBAQBHUgtxpOn8EHwlajVYoOh6DFCwIoxBIeUA4518W1cHoV7J\n"
145 "KMif6lmJRodrcbienDX781QcOaQcNnuu/oBEcoBdbZa0VICzXekIteSwEgGsbRve\n"
146 "QQFPnZn83I4btse1ly5fdxMsliSM+qRwIyNR18VHXZz9GWYrr4tYWnI2b9XrDnaC\n"
147 "1b3Ywt7I9pNi0/O0C0rE/37/VvPx6HghnC+un7LtT0Y0n+FQP7dhlMvzHaR8wVxs\n"
148 "WAzaNvSiJ1rVPzL21iCmQJsRQeDTSJBlzm0lWiU8Nys3ugM2KlERezfp8DkFGA3y\n"
149 "9Yzpq6gAi39ZK+LjopgGDkrQjxzBIaoe2bcDqB7X\n"
150 "-----END X509 CRL-----\n",
151 /* CA (unrelated to CRL) */
152 "-----BEGIN CERTIFICATE-----\n"
153 "MIIDFTCCAf2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n"
154 "MCIYDzIwMTQwODI2MTEwODUyWhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n"
155 "BENBLTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+iPUnEs+qmj2U\n"
156 "Rz8plNAE/CpeUxUfNNVonluu4DzulsxAJMN78g+Oqx+ggdkECZxHLISkzErMgiuv\n"
157 "bG+nr9yxjyHH2YoOAgzgknar5JkOBkKp1bIvyA950ZSygMFEHX1qoaM+F/1/DKjG\n"
158 "NmMCNUpR0c4m+K22s72LnrpMLMmCZU0fnqngb1+F+iZE6emhcX5Z5D0QTJTAeiYK\n"
159 "ArnO0rpVEvU0o3nwe3dDrT0YyoCYrzCsCOKUa2wFtkOzLZKJbMBRMflL+fBmtj/Q\n"
160 "7xUe7ox62ZEqSD7W+Po48/mIuSOhx7u+yToBZ60wKGz9OkQ/JwykkK5ZgI+nPWGT\n"
161 "1au1K4V7AgMBAAGjeDB2MA8GA1UdEwEB/wQFMAMBAf8wEgYDVR0eAQH/BAgwBqEE\n"
162 "MAKCADAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBSgAJcc9Q5KDpAhkrMORPJS\n"
163 "boq3vzAfBgNVHSMEGDAWgBQ/lKQpHoyEFz7J+Wn6eT5qxgYQpjANBgkqhkiG9w0B\n"
164 "AQsFAAOCAQEAoMeZ0cnHes8bWRHLvrGc6wpwVnxYx2CBF9Xd3k4YMNunwBF9oM+T\n"
165 "ZYSMo4k7C1XZ154avBIyiCne3eU7/oHG1nkqY9ndN5LMyL8KFOniETBY3BdKtlGA\n"
166 "N+pDiQsrWG6mtqQ+kHFJICnGEDDByGB2eH+oAS+8gNtSfamLuTWYMI6ANjA9OWan\n"
167 "rkIA7ta97UiH2flvKRctqvZ0n6Vp3n3aUc53FkAbTnxOCBNCBx/veCgD/r74WbcY\n"
168 "jiwh2RE//3D3Oo7zhUlwQEWQSa/7poG5e6bl7oj4JYjpwSmESCYokT83Iqeb9lwO\n"
169 "D+dr9zs1tCudW9xz3sUg6IBXhZ4UvegTNg==\n"
170 "-----END CERTIFICATE-----\n"
171 };
172
173 static struct
174 {
175   const char *name;
176   const char **crl;
177   const char **ca;
178   unsigned int verify_flags;
179   unsigned int expected_verify_result;
180 } crl_list[] =
181 {
182   { "simple-success", &simple1[0], &simple1[1],
183     0, 0 },
184   { "simple-constraints", &simple1_constraints[0], &simple1_constraints[1],
185     0, GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE|GNUTLS_CERT_INVALID },
186   { "simple-broken", &simple1_broken[0], &simple1_broken[1],
187     0, GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNATURE_FAILURE },
188   { "simple-fail", &simple1_fail[0], &simple1_fail[1],
189     0, GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNER_NOT_FOUND},
190   { NULL, NULL, NULL, 0, 0}
191 };
192
193 /* GnuTLS internally calls time() to find out the current time when
194    verifying certificates.  To avoid a time bomb, we hard code the
195    current time.  This should work fine on systems where the library
196    call to time is resolved at run-time.  */
197 static time_t mytime(time_t * t)
198 {
199         time_t then = 1410599367;
200
201         if (t)
202                 *t = then;
203
204         return then;
205 }
206
207 static void tls_log_func(int level, const char *str)
208 {
209         fprintf(stderr, "|<%d>| %s", level, str);
210 }
211
212 void doit(void)
213 {
214         int exit_val = 0;
215         size_t i;
216         int ret;
217         gnutls_x509_trust_list_t tl;
218         unsigned int verify_status;
219         gnutls_x509_crl_t crl;
220         gnutls_x509_crt_t ca;
221         gnutls_datum_t tmp;
222
223         /* The overloading of time() seems to work in linux (ELF?)
224          * systems only. Disable it on windows.
225          */
226 #ifdef _WIN32
227         exit(77);
228 #endif
229
230         ret = global_init();
231         if (ret != 0) {
232                 fail("%d: %s\n", ret, gnutls_strerror(ret));
233                 exit(1);
234         }
235
236         gnutls_global_set_time_function(mytime);
237         gnutls_global_set_log_function(tls_log_func);
238         if (debug)
239                 gnutls_global_set_log_level(4711);
240
241         for (i = 0; crl_list[i].name; i++) {
242
243                 if (debug)
244                         printf("Chain '%s' (%d)...\n", crl_list[i].name,
245                                (int) i);
246
247                 if (debug > 2)
248                         printf("\tAdding CRL...");
249
250                 ret = gnutls_x509_crl_init(&crl);
251                 if (ret < 0) {
252                         fprintf(stderr,
253                                 "gnutls_x509_crl_init[%d]: %s\n",
254                                 (int) i,
255                                 gnutls_strerror(ret));
256                         exit(1);
257                 }
258
259                 tmp.data = (unsigned char *) *crl_list[i].crl;
260                 tmp.size = strlen(*crl_list[i].crl);
261
262                 ret =
263                     gnutls_x509_crl_import(crl, &tmp,
264                                            GNUTLS_X509_FMT_PEM);
265                 if (debug > 2)
266                 printf("done\n");
267                 if (ret < 0) {
268                         fprintf(stderr,
269                                 "gnutls_x509_crl_import[%s]: %s\n",
270                                 crl_list[i].name,
271                                 gnutls_strerror(ret));
272                         exit(1);
273                 }
274
275                 gnutls_x509_crl_print(crl,
276                                       GNUTLS_CRT_PRINT_ONELINE,
277                                       &tmp);
278                 if (debug)
279                         printf("\tCRL: %.*s\n", 
280                                tmp.size, tmp.data);
281                 gnutls_free(tmp.data);
282
283                 if (debug > 2)
284                         printf("\tAdding CA certificate...");
285
286                 ret = gnutls_x509_crt_init(&ca);
287                 if (ret < 0) {
288                         fprintf(stderr, "gnutls_x509_crt_init: %s\n",
289                                 gnutls_strerror(ret));
290                         exit(1);
291                 }
292
293                 tmp.data = (unsigned char *) *crl_list[i].ca;
294                 tmp.size = strlen(*crl_list[i].ca);
295
296                 ret =
297                     gnutls_x509_crt_import(ca, &tmp, GNUTLS_X509_FMT_PEM);
298                 if (ret < 0) {
299                         fprintf(stderr, "gnutls_x509_crt_import: %s\n",
300                                 gnutls_strerror(ret));
301                         exit(1);
302                 }
303
304                 if (debug > 2)
305                         printf("done\n");
306
307                 gnutls_x509_crt_print(ca, GNUTLS_CRT_PRINT_ONELINE, &tmp);
308                 if (debug)
309                         printf("\tCA Certificate: %.*s\n", tmp.size,
310                                tmp.data);
311                 gnutls_free(tmp.data);
312
313                 if (debug)
314                         printf("\tVerifying...");
315
316                 ret = gnutls_x509_crl_verify(crl, &ca, 1, crl_list[i].verify_flags,
317                                                   &verify_status);
318                 if (ret < 0) {
319                         fprintf(stderr,
320                                 "gnutls_x509_crt_list_verify[%d]: %s\n",
321                                 (int) i, gnutls_strerror(ret));
322                         exit(1);
323                 }
324
325                 if (verify_status != crl_list[i].expected_verify_result) {
326                         gnutls_datum_t out1, out2;
327                         gnutls_certificate_verification_status_print
328                             (verify_status, GNUTLS_CRT_X509, &out1, 0);
329                         gnutls_certificate_verification_status_print(crl_list
330                                                                      [i].
331                                                                      expected_verify_result,
332                                                                      GNUTLS_CRT_X509,
333                                                                      &out2,
334                                                                      0);
335                         fail("chain[%s]:\nverify_status: %d: %s\nexpected: %d: %s\n", crl_list[i].name, verify_status, out1.data, crl_list[i].expected_verify_result, out2.data);
336                         gnutls_free(out1.data);
337                         gnutls_free(out2.data);
338
339                         if (!debug)
340                                 exit(1);
341                 } else if (debug)
342                         printf("done\n");
343
344                 gnutls_x509_trust_list_init(&tl, 0);
345
346                 ret =
347                     gnutls_x509_trust_list_add_cas(tl, &ca, 1, 0);
348                 if (ret != 1) {
349                         fail("gnutls_x509_trust_list_add_trust_mem\n");
350                         exit(1);
351                 }
352
353                 /* make sure that the two functions don't diverge */
354                 ret = gnutls_x509_trust_list_add_crls(tl, &crl, 1, GNUTLS_TL_VERIFY_CRL, crl_list[i].verify_flags);
355                 if (crl_list[i].expected_verify_result == 0 && ret < 0) {
356                         fprintf(stderr,
357                                 "gnutls_x509_trust_list_add_crls[%d]: %s\n",
358                                 (int) i, gnutls_strerror(ret));
359                         exit(1);
360                 }
361                 if (crl_list[i].expected_verify_result != 0 && ret > 0) {
362                         fprintf(stderr,
363                                 "gnutls_x509_trust_list_add_crls[%d]: succeeded when it shouldn't\n",
364                                 (int) i);
365                         exit(1);
366                 }
367
368                 if (debug)
369                         printf("\tCleanup...");
370
371                 gnutls_x509_trust_list_deinit(tl, 0);
372                 gnutls_x509_crt_deinit(ca);
373                 gnutls_x509_crl_deinit(crl);
374
375                 if (debug)
376                         printf("done\n\n\n");
377         }
378
379         gnutls_global_deinit();
380
381         if (debug)
382                 printf("Exit status...%d\n", exit_val);
383
384         exit(exit_val);
385 }
Domain: Security / Utilities;