projects / platform / upstream / gnutls.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge branch 'upstream' into tizen
[platform/upstream/gnutls.git] / tests / hostname-check.c
1 /*
2  * Copyright (C) 2007-2012 Free Software Foundation, Inc.
3  *
4  * Author: Simon Josefsson
5  *
6  * This file is part of GnuTLS.
7  *
8  * GnuTLS is free software; you can redistribute it and/or modify it
9  * under the terms of the GNU General Public License as published by
10  * the Free Software Foundation; either version 3 of the License, or
11  * (at your option) any later version.
12  *
13  * GnuTLS is distributed in the hope that it will be useful, but
14  * WITHOUT ANY WARRANTY; without even the implied warranty of
15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
16  * General Public License for more details.
17  *
18  * You should have received a copy of the GNU General Public License
19  * along with GnuTLS; if not, write to the Free Software Foundation,
20  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
21  */
22
23 #ifdef HAVE_CONFIG_H
24 #include <config.h>
25 #endif
26
27 #include <string.h>
28 #include <gnutls/gnutls.h>
29 #include <gnutls/x509.h>
30 #ifdef ENABLE_OPENPGP
31 #include <gnutls/openpgp.h>
32 #endif
33
34 #include "utils.h"
35
36 /*
37   A self-test of the RFC 2818 hostname matching algorithm.  Used to
38   detect regressions of the bug reported in:
39   http://lists.gnupg.org/pipermail/gnutls-dev/2007-February/001385.html
40 */
41
42 /* CN="*.com"
43  * dns_name = *.org
44  * dns_name = .example.net
45  * dns_name = .example.edu.gr
46 */
47 char wildcards[] = "-----BEGIN CERTIFICATE-----"
48 "MIICwDCCAimgAwIBAgICPd8wDQYJKoZIhvcNAQELBQAwVTEOMAwGA1UEAwwFKi5j"
49 "b20xETAPBgNVBAsTCENBIGRlcHQuMRIwEAYDVQQKEwlLb2tvIGluYy4xDzANBgNV"
50 "BAgTBkF0dGlraTELMAkGA1UEBhMCR1IwIhgPMjAxNDAzMTkxMzI4MDhaGA85OTk5"
51 "MTIzMTIzNTk1OVowVTEOMAwGA1UEAwwFKi5jb20xETAPBgNVBAsTCENBIGRlcHQu"
52 "MRIwEAYDVQQKEwlLb2tvIGluYy4xDzANBgNVBAgTBkF0dGlraTELMAkGA1UEBhMC"
53 "R1IwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKXGznVDhL9kngInE/EDWfd5"
54 "LZLtfC9QpAPxLXm5hosFfjq7RKqvhM8TmB4cSjj3My16n3LUa20msDE3cBD7QunY"
55 "nRhlfhlJ/AWWBGiDHneGv+315RI7E/4zGJwaeh1pr0cCYHofuejP28g0MFGWPYyW"
56 "XAC8Yd4ID7E2IX+pAOMFAgMBAAGjgZowgZcwDAYDVR0TAQH/BAIwADBCBgNVHREE"
57 "OzA5gg93d3cuZXhhbXBsZS5jb22CBSoub3Jngg0qLmV4YW1wbGUubmV0ghAqLmV4"
58 "YW1wbGUuZWR1LmdyMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1UdDwEB/wQFAwMH"
59 "oAAwHQYDVR0OBBYEFF1ArfDOlECVi36ZlB2SVCLKcjZfMA0GCSqGSIb3DQEBCwUA"
60 "A4GBAGcDnJIJFqjaDMk806xkfz7/FtbHYkj18ma3l7wgp27jeO/QDYunns5pqbqV"
61 "sxaKuPKLdWQdfIG7l4+TUnm/Hue6h2PFgbAyZtZbHlAtpEmLoSCmYlFqbRNqux0z"
62 "F5H1ocGzmbu1WQYXMlY1FYBvRDrAk7Wxt09WLdajH00S/fPT"
63 "-----END CERTIFICATE-----";
64
65 /* Certificate with no SAN nor CN. */
66 char pem1[] =
67     "X.509 Certificate Information:\n"
68     "        Version: 3\n"
69     "        Serial Number (hex): 00\n"
70     "        Issuer: O=GnuTLS hostname check test CA\n"
71     "        Validity:\n"
72     "                Not Before: Fri Feb 16 12:59:09 UTC 2007\n"
73     "                Not After: Fri Mar 30 12:59:13 UTC 2007\n"
74     "        Subject: O=GnuTLS hostname check test CA\n"
75     "        Subject Public Key Algorithm: RSA\n"
76     "                Modulus (bits 1024):\n"
77     "                        be:ec:98:7a:1d:6f:7e:6b:25:9e:e8:20:78:42:a0:64\n"
78     "                        05:66:43:99:6d:49:d5:18:ec:7d:b9:58:64:b2:80:a3\n"
79     "                        14:61:9d:0a:4f:be:2f:f0:2e:fc:d2:ab:5c:36:df:53\n"
80     "                        ec:43:c7:fc:de:91:bc:1e:01:a6:b7:6c:b2:07:10:2e\n"
81     "                        cb:61:47:75:ca:03:ce:23:6e:38:f1:34:27:1a:1a:cd\n"
82     "                        f7:96:f3:b3:f0:0d:67:7f:ca:77:84:3f:9c:29:f4:62\n"
83     "                        91:f6:12:5b:62:5a:cc:ba:ed:08:2e:32:44:26:ac:fd\n"
84     "                        23:ce:53:1b:bb:f2:87:fe:dc:78:93:7c:59:bf:a1:75\n"
85     "                Exponent:\n"
86     "                        01:00:01\n"
87     "        Extensions:\n"
88     "                Basic Constraints (critical):\n"
89     "                        Certificate Authority (CA): TRUE\n"
90     "                Subject Key Identifier (not critical):\n"
91     "                        e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
92     "        Signature Algorithm: RSA-SHA\n"
93     "        Signature:\n"
94     "                7b:e8:11:6c:15:3f:f9:01:a0:f1:28:0c:62:50:58:f8\n"
95     "                92:44:fb:bf:ab:20:8a:3b:81:ca:e5:68:60:71:df:2b\n"
96     "                e8:50:58:82:32:ef:fb:6e:4a:72:2c:c9:37:4f:88:1d\n"
97     "                d7:1b:68:5b:db:83:1b:1a:f3:b4:8e:e0:88:03:e2:43\n"
98     "                91:be:d8:b1:ca:f2:62:ec:a1:fd:1a:c8:41:8c:fe:53\n"
99     "                1b:be:03:c9:a1:3d:f4:ae:57:fc:44:a6:34:bb:2c:2e\n"
100     "                a7:56:14:1f:89:e9:3a:ec:1f:a3:da:d7:a1:94:3b:72\n"
101     "                1d:12:71:b9:65:a1:85:a2:4c:3a:d1:2c:e9:e9:ea:1c\n"
102     "Other Information:\n"
103     "        MD5 fingerprint:\n"
104     "                fd845ded8c28ba5e78d6c1844ceafd24\n"
105     "        SHA-1 fingerprint:\n"
106     "                0bae431dda3cae76012b82276e4cd92ad7961798\n"
107     "        Public Key ID:\n"
108     "                e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
109     "\n"
110     "-----BEGIN CERTIFICATE-----\n"
111     "MIIB8TCCAVygAwIBAgIBADALBgkqhkiG9w0BAQUwKDEmMCQGA1UEChMdR251VExT\n"
112     "IGhvc3RuYW1lIGNoZWNrIHRlc3QgQ0EwHhcNMDcwMjE2MTI1OTA5WhcNMDcwMzMw\n"
113     "MTI1OTEzWjAoMSYwJAYDVQQKEx1HbnVUTFMgaG9zdG5hbWUgY2hlY2sgdGVzdCBD\n"
114     "QTCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGAvuyYeh1vfmslnuggeEKgZAVmQ5lt\n"
115     "SdUY7H25WGSygKMUYZ0KT74v8C780qtcNt9T7EPH/N6RvB4BprdssgcQLsthR3XK\n"
116     "A84jbjjxNCcaGs33lvOz8A1nf8p3hD+cKfRikfYSW2JazLrtCC4yRCas/SPOUxu7\n"
117     "8of+3HiTfFm/oXUCAwEAAaMyMDAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU\n"
118     "6Twc+62SbuYGpFYsouHAUyfI8pUwCwYJKoZIhvcNAQEFA4GBAHvoEWwVP/kBoPEo\n"
119     "DGJQWPiSRPu/qyCKO4HK5Whgcd8r6FBYgjLv+25KcizJN0+IHdcbaFvbgxsa87SO\n"
120     "4IgD4kORvtixyvJi7KH9GshBjP5TG74DyaE99K5X/ESmNLssLqdWFB+J6TrsH6Pa\n"
121     "16GUO3IdEnG5ZaGFokw60Szp6eoc\n" "-----END CERTIFICATE-----\n";
122
123 /* Certificate with CN but no SAN. */
124 char pem2[] =
125     "X.509 Certificate Information:\n"
126     "        Version: 3\n"
127     "        Serial Number (hex): 00\n"
128     "        Issuer: CN=www.example.org\n"
129     "        Validity:\n"
130     "                Not Before: Fri Feb 16 13:30:30 UTC 2007\n"
131     "                Not After: Fri Mar 30 13:30:32 UTC 2007\n"
132     "        Subject: CN=www.example.org\n"
133     "        Subject Public Key Algorithm: RSA\n"
134     "                Modulus (bits 1024):\n"
135     "                        be:ec:98:7a:1d:6f:7e:6b:25:9e:e8:20:78:42:a0:64\n"
136     "                        05:66:43:99:6d:49:d5:18:ec:7d:b9:58:64:b2:80:a3\n"
137     "                        14:61:9d:0a:4f:be:2f:f0:2e:fc:d2:ab:5c:36:df:53\n"
138     "                        ec:43:c7:fc:de:91:bc:1e:01:a6:b7:6c:b2:07:10:2e\n"
139     "                        cb:61:47:75:ca:03:ce:23:6e:38:f1:34:27:1a:1a:cd\n"
140     "                        f7:96:f3:b3:f0:0d:67:7f:ca:77:84:3f:9c:29:f4:62\n"
141     "                        91:f6:12:5b:62:5a:cc:ba:ed:08:2e:32:44:26:ac:fd\n"
142     "                        23:ce:53:1b:bb:f2:87:fe:dc:78:93:7c:59:bf:a1:75\n"
143     "                Exponent:\n"
144     "                        01:00:01\n"
145     "        Extensions:\n"
146     "                Basic Constraints (critical):\n"
147     "                        Certificate Authority (CA): TRUE\n"
148     "                Subject Key Identifier (not critical):\n"
149     "                        e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
150     "        Signature Algorithm: RSA-SHA\n"
151     "        Signature:\n"
152     "                b0:4e:ac:fb:89:12:36:27:f3:72:b8:1a:57:dc:bf:f3\n"
153     "                a9:27:de:15:75:94:4f:65:cc:3a:59:12:4b:91:0e:28\n"
154     "                b9:8d:d3:6e:ac:5d:a8:3e:b9:35:81:0c:8f:c7:95:72\n"
155     "                d9:51:61:06:00:c6:aa:68:54:c8:52:3f:b6:1f:21:92\n"
156     "                c8:fd:15:50:15:ac:d4:18:29:a1:ff:c9:25:5a:ce:5e\n"
157     "                11:7f:82:b2:94:8c:44:3c:3f:de:d7:3b:ff:1c:da:9c\n"
158     "                81:fa:63:e1:a7:67:ee:aa:fa:d0:c9:2f:66:1b:5e:af\n"
159     "                46:8c:f9:53:55:e7:80:7e:74:95:98:d4:2d:5f:94:ab\n"
160     "Other Information:\n"
161     "        MD5 fingerprint:\n"
162     "                30cda7de4f0360892547974f45111ac1\n"
163     "        SHA-1 fingerprint:\n"
164     "                39e3f8fec6a8d842390b6536998a957c1a6b7322\n"
165     "        Public Key ID:\n"
166     "                e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
167     "\n"
168     "-----BEGIN CERTIFICATE-----\n"
169     "MIIB1TCCAUCgAwIBAgIBADALBgkqhkiG9w0BAQUwGjEYMBYGA1UEAxMPd3d3LmV4\n"
170     "YW1wbGUub3JnMB4XDTA3MDIxNjEzMzAzMFoXDTA3MDMzMDEzMzAzMlowGjEYMBYG\n"
171     "A1UEAxMPd3d3LmV4YW1wbGUub3JnMIGcMAsGCSqGSIb3DQEBAQOBjAAwgYgCgYC+\n"
172     "7Jh6HW9+ayWe6CB4QqBkBWZDmW1J1RjsfblYZLKAoxRhnQpPvi/wLvzSq1w231Ps\n"
173     "Q8f83pG8HgGmt2yyBxAuy2FHdcoDziNuOPE0JxoazfeW87PwDWd/yneEP5wp9GKR\n"
174     "9hJbYlrMuu0ILjJEJqz9I85TG7vyh/7ceJN8Wb+hdQIDAQABozIwMDAPBgNVHRMB\n"
175     "Af8EBTADAQH/MB0GA1UdDgQWBBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG\n"
176     "9w0BAQUDgYEAsE6s+4kSNifzcrgaV9y/86kn3hV1lE9lzDpZEkuRDii5jdNurF2o\n"
177     "Prk1gQyPx5Vy2VFhBgDGqmhUyFI/th8hksj9FVAVrNQYKaH/ySVazl4Rf4KylIxE\n"
178     "PD/e1zv/HNqcgfpj4adn7qr60MkvZhter0aM+VNV54B+dJWY1C1flKs=\n"
179     "-----END CERTIFICATE-----\n";
180
181 /* Certificate with SAN but no CN. */
182 char pem3[] =
183     "X.509 Certificate Information:"
184     "        Version: 3\n"
185     "        Serial Number (hex): 00\n"
186     "        Issuer: O=GnuTLS hostname check test CA\n"
187     "        Validity:\n"
188     "                Not Before: Fri Feb 16 13:36:27 UTC 2007\n"
189     "                Not After: Fri Mar 30 13:36:29 UTC 2007\n"
190     "        Subject: O=GnuTLS hostname check test CA\n"
191     "        Subject Public Key Algorithm: RSA\n"
192     "                Modulus (bits 1024):\n"
193     "                        be:ec:98:7a:1d:6f:7e:6b:25:9e:e8:20:78:42:a0:64\n"
194     "                        05:66:43:99:6d:49:d5:18:ec:7d:b9:58:64:b2:80:a3\n"
195     "                        14:61:9d:0a:4f:be:2f:f0:2e:fc:d2:ab:5c:36:df:53\n"
196     "                        ec:43:c7:fc:de:91:bc:1e:01:a6:b7:6c:b2:07:10:2e\n"
197     "                        cb:61:47:75:ca:03:ce:23:6e:38:f1:34:27:1a:1a:cd\n"
198     "                        f7:96:f3:b3:f0:0d:67:7f:ca:77:84:3f:9c:29:f4:62\n"
199     "                        91:f6:12:5b:62:5a:cc:ba:ed:08:2e:32:44:26:ac:fd\n"
200     "                        23:ce:53:1b:bb:f2:87:fe:dc:78:93:7c:59:bf:a1:75\n"
201     "                Exponent:\n"
202     "                        01:00:01\n"
203     "        Extensions:\n"
204     "                Basic Constraints (critical):\n"
205     "                        Certificate Authority (CA): TRUE\n"
206     "                Subject Alternative Name (not critical):\n"
207     "                        DNSname: www.example.org\n"
208     "                Key Purpose (not critical):\n"
209     "                        TLS WWW Server.\n"
210     "                Subject Key Identifier (not critical):\n"
211     "                        e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
212     "        Signature Algorithm: RSA-SHA\n"
213     "        Signature:\n"
214     "                a1:30:bc:01:b3:0f:98:7f:8e:76:7d:23:87:34:15:7f\n"
215     "                a6:ae:a1:fb:87:75:e3:e8:1a:e5:5e:03:5d:bf:44:75\n"
216     "                46:4f:d2:a1:28:50:84:49:6d:3b:e0:bc:4e:de:79:85\n"
217     "                fa:e1:07:b7:6e:0c:14:04:4a:82:b9:f3:22:6a:bc:99\n"
218     "                14:20:3b:49:1f:e4:97:d9:ea:eb:73:9a:83:a6:cc:b8\n"
219     "                55:fb:52:8e:5f:86:7c:9d:fa:af:03:76:ae:97:e0:64\n"
220     "                50:59:73:22:99:55:cf:da:59:31:0a:e8:6d:a0:53:bc\n"
221     "                39:63:2e:ac:92:4a:e9:8b:1e:d0:03:df:33:bb:4e:88\n"
222     "Other Information:\n"
223     "        MD5 fingerprint:\n"
224     "                df3f57d00c8149bd826b177d6ea4f369\n"
225     "        SHA-1 fingerprint:\n"
226     "                e95e56e2acac305f72ea6f698c11624663a595bd\n"
227     "        Public Key ID:\n"
228     "                e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
229     "\n"
230     "-----BEGIN CERTIFICATE-----\n"
231     "MIICIjCCAY2gAwIBAgIBADALBgkqhkiG9w0BAQUwKDEmMCQGA1UEChMdR251VExT\n"
232     "IGhvc3RuYW1lIGNoZWNrIHRlc3QgQ0EwHhcNMDcwMjE2MTMzNjI3WhcNMDcwMzMw\n"
233     "MTMzNjI5WjAoMSYwJAYDVQQKEx1HbnVUTFMgaG9zdG5hbWUgY2hlY2sgdGVzdCBD\n"
234     "QTCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGAvuyYeh1vfmslnuggeEKgZAVmQ5lt\n"
235     "SdUY7H25WGSygKMUYZ0KT74v8C780qtcNt9T7EPH/N6RvB4BprdssgcQLsthR3XK\n"
236     "A84jbjjxNCcaGs33lvOz8A1nf8p3hD+cKfRikfYSW2JazLrtCC4yRCas/SPOUxu7\n"
237     "8of+3HiTfFm/oXUCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAaBgNVHREEEzAR\n"
238     "gg93d3cuZXhhbXBsZS5vcmcwEwYDVR0lBAwwCgYIKwYBBQUHAwEwHQYDVR0OBBYE\n"
239     "FOk8HPutkm7mBqRWLKLhwFMnyPKVMAsGCSqGSIb3DQEBBQOBgQChMLwBsw+Yf452\n"
240     "fSOHNBV/pq6h+4d14+ga5V4DXb9EdUZP0qEoUIRJbTvgvE7eeYX64Qe3bgwUBEqC\n"
241     "ufMiaryZFCA7SR/kl9nq63Oag6bMuFX7Uo5fhnyd+q8Ddq6X4GRQWXMimVXP2lkx\n"
242     "CuhtoFO8OWMurJJK6Yse0APfM7tOiA==\n" "-----END CERTIFICATE-----\n";
243
244 /* Certificate with wildcard SAN but no CN. */
245 char pem4[] =
246     "X.509 Certificate Information:\n"
247     "        Version: 3\n"
248     "        Serial Number (hex): 00\n"
249     "        Issuer:\n"
250     "        Validity:\n"
251     "                Not Before: Fri Feb 16 13:40:10 UTC 2007\n"
252     "                Not After: Fri Mar 30 13:40:12 UTC 2007\n"
253     "        Subject:\n"
254     "        Subject Public Key Algorithm: RSA\n"
255     "                Modulus (bits 1024):\n"
256     "                        be:ec:98:7a:1d:6f:7e:6b:25:9e:e8:20:78:42:a0:64\n"
257     "                        05:66:43:99:6d:49:d5:18:ec:7d:b9:58:64:b2:80:a3\n"
258     "                        14:61:9d:0a:4f:be:2f:f0:2e:fc:d2:ab:5c:36:df:53\n"
259     "                        ec:43:c7:fc:de:91:bc:1e:01:a6:b7:6c:b2:07:10:2e\n"
260     "                        cb:61:47:75:ca:03:ce:23:6e:38:f1:34:27:1a:1a:cd\n"
261     "                        f7:96:f3:b3:f0:0d:67:7f:ca:77:84:3f:9c:29:f4:62\n"
262     "                        91:f6:12:5b:62:5a:cc:ba:ed:08:2e:32:44:26:ac:fd\n"
263     "                        23:ce:53:1b:bb:f2:87:fe:dc:78:93:7c:59:bf:a1:75\n"
264     "                Exponent:\n"
265     "                        01:00:01\n"
266     "        Extensions:\n"
267     "                Basic Constraints (critical):\n"
268     "                        Certificate Authority (CA): TRUE\n"
269     "                Subject Alternative Name (not critical):\n"
270     "                        DNSname: *.example.org\n"
271     "                Key Purpose (not critical):\n"
272     "                        TLS WWW Server.\n"
273     "                Subject Key Identifier (not critical):\n"
274     "                        e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
275     "        Signature Algorithm: RSA-SHA\n"
276     "        Signature:\n"
277     "                b1:62:e5:e3:0b:a5:99:58:b0:1c:5c:f5:d1:3f:7c:bb\n"
278     "                67:e1:43:c5:d7:a2:5c:db:f2:5a:f3:03:fc:76:e4:4d\n"
279     "                c1:a0:89:36:24:82:a4:a1:ad:f5:83:e3:96:75:f4:c4\n"
280     "                f3:eb:ff:3a:9b:da:d2:2c:58:d4:10:37:50:33:d1:39\n"
281     "                53:71:9e:48:2d:b2:5b:27:ce:1e:d9:d5:36:59:ac:17\n"
282     "                3a:83:cc:59:6b:8f:6a:24:b8:9f:f0:e6:14:03:23:5a\n"
283     "                87:e7:33:10:32:11:58:a2:bb:f1:e5:5a:88:87:bb:80\n"
284     "                1b:b6:bb:12:18:cb:15:d5:3a:fc:99:e4:42:5a:ba:45\n"
285     "Other Information:\n"
286     "        MD5 fingerprint:\n"
287     "                a411da7b0fa064d214116d5f94e06c24\n"
288     "        SHA-1 fingerprint:\n"
289     "                3596e796c73ed096d762ab3d440a9ab55a386b3b\n"
290     "        Public Key ID:\n"
291     "                e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
292     "\n"
293     "-----BEGIN CERTIFICATE-----\n"
294     "MIIB0DCCATugAwIBAgIBADALBgkqhkiG9w0BAQUwADAeFw0wNzAyMTYxMzQwMTBa\n"
295     "Fw0wNzAzMzAxMzQwMTJaMAAwgZwwCwYJKoZIhvcNAQEBA4GMADCBiAKBgL7smHod\n"
296     "b35rJZ7oIHhCoGQFZkOZbUnVGOx9uVhksoCjFGGdCk++L/Au/NKrXDbfU+xDx/ze\n"
297     "kbweAaa3bLIHEC7LYUd1ygPOI2448TQnGhrN95bzs/ANZ3/Kd4Q/nCn0YpH2Elti\n"
298     "Wsy67QguMkQmrP0jzlMbu/KH/tx4k3xZv6F1AgMBAAGjYTBfMA8GA1UdEwEB/wQF\n"
299     "MAMBAf8wGAYDVR0RBBEwD4INKi5leGFtcGxlLm9yZzATBgNVHSUEDDAKBggrBgEF\n"
300     "BQcDATAdBgNVHQ4EFgQU6Twc+62SbuYGpFYsouHAUyfI8pUwCwYJKoZIhvcNAQEF\n"
301     "A4GBALFi5eMLpZlYsBxc9dE/fLtn4UPF16Jc2/Ja8wP8duRNwaCJNiSCpKGt9YPj\n"
302     "lnX0xPPr/zqb2tIsWNQQN1Az0TlTcZ5ILbJbJ84e2dU2WawXOoPMWWuPaiS4n/Dm\n"
303     "FAMjWofnMxAyEViiu/HlWoiHu4AbtrsSGMsV1Tr8meRCWrpF\n"
304     "-----END CERTIFICATE-----\n";
305
306 #ifdef SUPPORT_COMPLEX_WILDCARDS
307 /* Certificate with multiple wildcards SAN but no CN. */
308 char pem6[] =
309     "X.509 Certificate Information:\n"
310     "        Version: 3\n"
311     "        Serial Number (hex): 00\n"
312     "        Validity:\n"
313     "                Not Before: Sat May  3 11:00:51 UTC 2008\n"
314     "                Not After: Sat May 17 11:00:54 UTC 2008\n"
315     "        Subject: O=GnuTLS hostname check test CA\n"
316     "        Subject Public Key Algorithm: RSA\n"
317     "                Modulus (bits 1024):\n"
318     "                        d2:05:c1:65:cb:bd:1e:2e:eb:7b:87:07:94:4c:93:33\n"
319     "                        f3:81:83:7d:32:1b:71:4e:4e:7f:c7:bc:bf:4b:2f:f2\n"
320     "                        49:b5:cf:bf:c0:b8:e8:29:cc:f3:61:bd:2e:1d:e4:e8\n"
321     "                        19:dd:c5:bd:2e:f0:35:b1:fd:30:d7:f5:a8:7c:83:9a\n"
322     "                        13:9e:bf:25:ed:08:a6:05:9e:7b:4e:23:59:c3:0e:5a\n"
323     "                        f3:bf:54:c7:dc:d4:13:57:a1:0f:a2:9e:c8:ab:75:66\n"
324     "                        de:07:84:8d:68:ad:71:04:e0:9c:bd:cb:f6:08:7a:97\n"
325     "                        42:f8:10:94:29:01:4a:7e:61:d7:04:21:05:4c:f1:07\n"
326     "                Exponent:\n"
327     "                        01:00:01\n"
328     "        Extensions:\n"
329     "                Basic Constraints (critical):\n"
330     "                        Certificate Authority (CA): TRUE\n"
331     "                Subject Alternative Name (not critical):\n"
332     "                        DNSname: *.*.example.org\n"
333     "                Key Purpose (not critical):\n"
334     "                        TLS WWW Server.\n"
335     "                Subject Key Identifier (not critical):\n"
336     "                        5493e6599b283b4529378818aef9a4abbf4d9918\n"
337     "Other Information:\n"
338     "        Public Key ID:\n"
339     "                5493e6599b283b4529378818aef9a4abbf4d9918\n"
340     "\n"
341     "-----BEGIN CERTIFICATE-----\n"
342     "MIICIjCCAY2gAwIBAgIBADALBgkqhkiG9w0BAQUwKDEmMCQGA1UEChMdR251VExT\n"
343     "IGhvc3RuYW1lIGNoZWNrIHRlc3QgQ0EwHhcNMDgwNTAzMTEwMDUxWhcNMDgwNTE3\n"
344     "MTEwMDU0WjAoMSYwJAYDVQQKEx1HbnVUTFMgaG9zdG5hbWUgY2hlY2sgdGVzdCBD\n"
345     "QTCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA0gXBZcu9Hi7re4cHlEyTM/OBg30y\n"
346     "G3FOTn/HvL9LL/JJtc+/wLjoKczzYb0uHeToGd3FvS7wNbH9MNf1qHyDmhOevyXt\n"
347     "CKYFnntOI1nDDlrzv1TH3NQTV6EPop7Iq3Vm3geEjWitcQTgnL3L9gh6l0L4EJQp\n"
348     "AUp+YdcEIQVM8QcCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAaBgNVHREEEzAR\n"
349     "gg8qLiouZXhhbXBsZS5vcmcwEwYDVR0lBAwwCgYIKwYBBQUHAwEwHQYDVR0OBBYE\n"
350     "FFST5lmbKDtFKTeIGK75pKu/TZkYMAsGCSqGSIb3DQEBBQOBgQAQ9PStleVvfmlK\n"
351     "wRs8RE/oOO+ouC3qLdnumNEITMRFh8Q12/X4yMLD3CH0aQ/hvHcP26PxAWzpNutk\n"
352     "swNx7AzsCu6pN1t1aI3jLgo8e4/zZi57e8QcRuXZPDJxtJxVhJZX/C4pSz802WhS\n"
353     "64NgtpHEMu9JUHFhtRwPcvVGYqPUUA==\n" "-----END CERTIFICATE-----\n";
354
355 /* Certificate with prefixed and suffixed wildcard SAN but no CN. */
356 char pem7[] =
357     "X.509 Certificate Information:\n"
358     "        Version: 3\n"
359     "        Serial Number (hex): 00\n"
360     "        Validity:\n"
361     "                Not Before: Sat May  3 11:02:43 UTC 2008\n"
362     "                Not After: Sat May 17 11:02:45 UTC 2008\n"
363     "        Subject: O=GnuTLS hostname check test CA\n"
364     "        Subject Public Key Algorithm: RSA\n"
365     "                Modulus (bits 1024):\n"
366     "                        d2:05:c1:65:cb:bd:1e:2e:eb:7b:87:07:94:4c:93:33\n"
367     "                        f3:81:83:7d:32:1b:71:4e:4e:7f:c7:bc:bf:4b:2f:f2\n"
368     "                        49:b5:cf:bf:c0:b8:e8:29:cc:f3:61:bd:2e:1d:e4:e8\n"
369     "                        19:dd:c5:bd:2e:f0:35:b1:fd:30:d7:f5:a8:7c:83:9a\n"
370     "                        13:9e:bf:25:ed:08:a6:05:9e:7b:4e:23:59:c3:0e:5a\n"
371     "                        f3:bf:54:c7:dc:d4:13:57:a1:0f:a2:9e:c8:ab:75:66\n"
372     "                        de:07:84:8d:68:ad:71:04:e0:9c:bd:cb:f6:08:7a:97\n"
373     "                        42:f8:10:94:29:01:4a:7e:61:d7:04:21:05:4c:f1:07\n"
374     "                Exponent:\n"
375     "                        01:00:01\n"
376     "        Extensions:\n"
377     "                Basic Constraints (critical):\n"
378     "                        Certificate Authority (CA): TRUE\n"
379     "                Subject Alternative Name (not critical):\n"
380     "                        DNSname: foo*bar.example.org\n"
381     "                Key Purpose (not critical):\n"
382     "                        TLS WWW Server.\n"
383     "                Subject Key Identifier (not critical):\n"
384     "                        5493e6599b283b4529378818aef9a4abbf4d9918\n"
385     "Other Information:\n"
386     "        Public Key ID:\n"
387     "                5493e6599b283b4529378818aef9a4abbf4d9918\n"
388     "\n"
389     "-----BEGIN CERTIFICATE-----\n"
390     "MIICJjCCAZGgAwIBAgIBADALBgkqhkiG9w0BAQUwKDEmMCQGA1UEChMdR251VExT\n"
391     "IGhvc3RuYW1lIGNoZWNrIHRlc3QgQ0EwHhcNMDgwNTAzMTEwMjQzWhcNMDgwNTE3\n"
392     "MTEwMjQ1WjAoMSYwJAYDVQQKEx1HbnVUTFMgaG9zdG5hbWUgY2hlY2sgdGVzdCBD\n"
393     "QTCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA0gXBZcu9Hi7re4cHlEyTM/OBg30y\n"
394     "G3FOTn/HvL9LL/JJtc+/wLjoKczzYb0uHeToGd3FvS7wNbH9MNf1qHyDmhOevyXt\n"
395     "CKYFnntOI1nDDlrzv1TH3NQTV6EPop7Iq3Vm3geEjWitcQTgnL3L9gh6l0L4EJQp\n"
396     "AUp+YdcEIQVM8QcCAwEAAaNnMGUwDwYDVR0TAQH/BAUwAwEB/zAeBgNVHREEFzAV\n"
397     "ghNmb28qYmFyLmV4YW1wbGUub3JnMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1Ud\n"
398     "DgQWBBRUk+ZZmyg7RSk3iBiu+aSrv02ZGDALBgkqhkiG9w0BAQUDgYEAPPNe38jc\n"
399     "8NsZQVKKLYc1Y4y8LRPhvnxkSnlcGa1RzYZY1s12BZ6OVIfyxD1Z9BcNdqRSq7bQ\n"
400     "kEicsGp5ugGQTNq6aSlzYOUD9/fUP3jDsH7HVb36aCF3waGCQWj+pLqK0LYcW2p/\n"
401     "xnr5+z4YevFBhn7l/fMhg8TzKejxYm7TECg=\n" "-----END CERTIFICATE-----\n";
402 #endif
403
404 /* Certificate with ending wildcard SAN but no CN. */
405 char pem8[] =
406     "X.509 Certificate Information:\n"
407     "        Version: 3\n"
408     "        Serial Number (hex): 00\n"
409     "        Validity:\n"
410     "                Not Before: Sat May  3 11:24:38 UTC 2008\n"
411     "                Not After: Sat May 17 11:24:40 UTC 2008\n"
412     "        Subject: O=GnuTLS hostname check test CA\n"
413     "        Subject Public Key Algorithm: RSA\n"
414     "                Modulus (bits 1024):\n"
415     "                        d2:05:c1:65:cb:bd:1e:2e:eb:7b:87:07:94:4c:93:33\n"
416     "                        f3:81:83:7d:32:1b:71:4e:4e:7f:c7:bc:bf:4b:2f:f2\n"
417     "                        49:b5:cf:bf:c0:b8:e8:29:cc:f3:61:bd:2e:1d:e4:e8\n"
418     "                        19:dd:c5:bd:2e:f0:35:b1:fd:30:d7:f5:a8:7c:83:9a\n"
419     "                        13:9e:bf:25:ed:08:a6:05:9e:7b:4e:23:59:c3:0e:5a\n"
420     "                        f3:bf:54:c7:dc:d4:13:57:a1:0f:a2:9e:c8:ab:75:66\n"
421     "                        de:07:84:8d:68:ad:71:04:e0:9c:bd:cb:f6:08:7a:97\n"
422     "                        42:f8:10:94:29:01:4a:7e:61:d7:04:21:05:4c:f1:07\n"
423     "                Exponent:\n"
424     "                        01:00:01\n"
425     "        Extensions:\n"
426     "                Basic Constraints (critical):\n"
427     "                        Certificate Authority (CA): TRUE\n"
428     "                Subject Alternative Name (not critical):\n"
429     "                        DNSname: www.example.*\n"
430     "                Key Purpose (not critical):\n"
431     "                        TLS WWW Server.\n"
432     "                Subject Key Identifier (not critical):\n"
433     "                        5493e6599b283b4529378818aef9a4abbf4d9918\n"
434     "Other Information:\n"
435     "        Public Key ID:\n"
436     "                5493e6599b283b4529378818aef9a4abbf4d9918\n"
437     "\n"
438     "-----BEGIN CERTIFICATE-----\n"
439     "MIICIDCCAYugAwIBAgIBADALBgkqhkiG9w0BAQUwKDEmMCQGA1UEChMdR251VExT\n"
440     "IGhvc3RuYW1lIGNoZWNrIHRlc3QgQ0EwHhcNMDgwNTAzMTEyNDM4WhcNMDgwNTE3\n"
441     "MTEyNDQwWjAoMSYwJAYDVQQKEx1HbnVUTFMgaG9zdG5hbWUgY2hlY2sgdGVzdCBD\n"
442     "QTCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA0gXBZcu9Hi7re4cHlEyTM/OBg30y\n"
443     "G3FOTn/HvL9LL/JJtc+/wLjoKczzYb0uHeToGd3FvS7wNbH9MNf1qHyDmhOevyXt\n"
444     "CKYFnntOI1nDDlrzv1TH3NQTV6EPop7Iq3Vm3geEjWitcQTgnL3L9gh6l0L4EJQp\n"
445     "AUp+YdcEIQVM8QcCAwEAAaNhMF8wDwYDVR0TAQH/BAUwAwEB/zAYBgNVHREEETAP\n"
446     "gg13d3cuZXhhbXBsZS4qMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQWBBRU\n"
447     "k+ZZmyg7RSk3iBiu+aSrv02ZGDALBgkqhkiG9w0BAQUDgYEAZ7gLXtXwFW61dSAM\n"
448     "0Qt6IN68WBH7LCzetSF8ofG1WVUImCUU3pqXhXYtPGTrswOh2AavWTRbzVTtrFvf\n"
449     "WJg09Z7H6I70RPvAYGsK9t9qJ/4TPoYTGYQgsTbVpkv13O54O6jzemd8Zws/xMH5\n"
450     "7/q6C7P5OUmGOtfVe7UVDY0taQM=\n" "-----END CERTIFICATE-----\n";
451
452 /* Certificate with SAN and CN but for different names. */
453 char pem9[] =
454     "X.509 Certificate Information:\n"
455     "   Version: 3\n"
456     "   Serial Number (hex): 4a827d5c\n"
457     "   Issuer: O=GnuTLS hostname check test CA,CN=foo.example.org\n"
458     "   Validity:\n"
459     "           Not Before: Wed Aug 12 08:29:17 UTC 2009\n"
460     "           Not After: Thu Aug 13 08:29:23 UTC 2009\n"
461     "   Subject: O=GnuTLS hostname check test CA,CN=foo.example.org\n"
462     "   Subject Public Key Algorithm: RSA\n"
463     "           Modulus (bits 1024):\n"
464     "                   bb:66:43:f5:f2:c5:d7:b6:8c:cc:c5:df:f5:88:3b:b1\n"
465     "                   c9:4b:6a:0e:a1:ad:20:50:40:08:80:a1:4f:5c:a3:d0\n"
466     "                   f8:6c:cf:e6:3c:f7:ec:04:76:13:17:8b:64:89:22:5b\n"
467     "                   c0:dd:53:7c:3b:ed:7c:04:bb:80:b9:28:be:8e:9b:c6\n"
468     "                   8e:a0:a5:12:cb:f5:57:1e:a2:e7:bb:b7:33:49:9f:e3\n"
469     "                   bb:4a:ae:6a:4d:68:ff:c9:11:e2:32:8d:ce:3d:80:0b\n"
470     "                   8d:75:ef:d8:00:81:8f:28:04:03:a0:22:8d:61:04:07\n"
471     "                   fa:b6:37:7d:21:07:49:d2:09:61:69:98:90:a3:58:a9\n"
472     "           Exponent (bits 24):\n"
473     "                   01:00:01\n"
474     "   Extensions:\n"
475     "           Basic Constraints (critical):\n"
476     "                   Certificate Authority (CA): TRUE\n"
477     "           Subject Alternative Name (not critical):\n"
478     "                   DNSname: bar.example.org\n"
479     "           Key Purpose (not critical):\n"
480     "                   TLS WWW Server.\n"
481     "           Subject Key Identifier (not critical):\n"
482     "                   4cb90a9bfa1d34e37edecbd20715fea1dacb6891\n"
483     "   Signature Algorithm: RSA-SHA\n"
484     "   Signature:\n"
485     "           a2:1f:d2:90:5f:c9:1c:6f:92:1d:c5:0b:ac:b0:17:23\n"
486     "           c5:67:46:94:6f:0f:62:7d:66:4c:28:ff:b7:10:73:60\n"
487     "           ae:0e:a2:47:82:83:bb:89:0d:f1:16:5e:f9:5b:35:4b\n"
488     "           ce:ee:5e:d0:ad:b5:8b:cc:37:b3:ac:4d:1b:58:c2:4f\n"
489     "           1c:7f:c6:ac:3d:25:18:67:37:f0:27:11:9b:2c:20:b6\n"
490     "           78:24:21:a6:77:44:e7:1a:e5:f6:bf:45:84:32:81:67\n"
491     "           af:8d:96:26:f7:39:31:6b:63:c5:15:9d:e0:a0:9a:1e\n"
492     "           96:12:cb:ad:85:cb:a7:d4:86:ac:d8:f5:e9:a4:2b:20\n"
493     "Other Information:\n"
494     "   MD5 fingerprint:\n"
495     "           f27b18092c7497f206e70f504eee0f8e\n"
496     "   SHA-1 fingerprint:\n"
497     "           bebdac9d0dd54e8f044642e0f065fae5d75ca6e5\n"
498     "   Public Key ID:\n"
499     "           4cb90a9bfa1d34e37edecbd20715fea1dacb6891\n"
500     "\n"
501     "-----BEGIN CERTIFICATE-----\n"
502     "MIICWTCCAcSgAwIBAgIESoJ9XDALBgkqhkiG9w0BAQUwQjEmMCQGA1UEChMdR251\n"
503     "VExTIGhvc3RuYW1lIGNoZWNrIHRlc3QgQ0ExGDAWBgNVBAMTD2Zvby5leGFtcGxl\n"
504     "Lm9yZzAeFw0wOTA4MTIwODI5MTdaFw0wOTA4MTMwODI5MjNaMEIxJjAkBgNVBAoT\n"
505     "HUdudVRMUyBob3N0bmFtZSBjaGVjayB0ZXN0IENBMRgwFgYDVQQDEw9mb28uZXhh\n"
506     "bXBsZS5vcmcwgZwwCwYJKoZIhvcNAQEBA4GMADCBiAKBgLtmQ/Xyxde2jMzF3/WI\n"
507     "O7HJS2oOoa0gUEAIgKFPXKPQ+GzP5jz37AR2ExeLZIkiW8DdU3w77XwEu4C5KL6O\n"
508     "m8aOoKUSy/VXHqLnu7czSZ/ju0quak1o/8kR4jKNzj2AC41179gAgY8oBAOgIo1h\n"
509     "BAf6tjd9IQdJ0glhaZiQo1ipAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wGgYD\n"
510     "VR0RBBMwEYIPYmFyLmV4YW1wbGUub3JnMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0G\n"
511     "A1UdDgQWBBRMuQqb+h00437ey9IHFf6h2stokTALBgkqhkiG9w0BAQUDgYEAoh/S\n"
512     "kF/JHG+SHcULrLAXI8VnRpRvD2J9Zkwo/7cQc2CuDqJHgoO7iQ3xFl75WzVLzu5e\n"
513     "0K21i8w3s6xNG1jCTxx/xqw9JRhnN/AnEZssILZ4JCGmd0TnGuX2v0WEMoFnr42W\n"
514     "Jvc5MWtjxRWd4KCaHpYSy62Fy6fUhqzY9emkKyA=\n"
515     "-----END CERTIFICATE-----\n";
516
517 /* Certificate with SAN and CN that match iff you truncate the SAN to
518    the embedded NUL.
519    See <http://thread.gmane.org/gmane.network.gnutls.general/1735>. */
520 char pem10[] =
521     "X.509 Certificate Information:\n"
522     "   Version: 3\n"
523     "   Serial Number (hex): 0b5d0a870d09\n"
524     "   Issuer: C=NN,O=Edel Curl Arctic Illudium Research Cloud,CN=Nothern Nowhere Trust Anchor\n"
525     "   Validity:\n"
526     "           Not Before: Tue Aug 04 22:07:33 UTC 2009\n"
527     "           Not After: Sat Oct 21 22:07:33 UTC 2017\n"
528     "   Subject: C=NN,O=Edel Curl Arctic Illudium Research Cloud,CN=localhost\n"
529     "   Subject Public Key Algorithm: RSA\n"
530     "           Modulus (bits 1024):\n"
531     "                   be:67:3b:b4:ea:c0:85:b4:c3:56:c1:a4:96:23:36:f5\n"
532     "                   c6:77:aa:ad:e5:c1:dd:ce:c1:9a:97:07:dd:16:90:eb\n"
533     "                   f0:38:b5:95:6b:a6:0f:b9:73:4e:7d:82:57:ab:5f:b5\n"
534     "                   ba:5c:a0:48:8c:82:77:fd:67:d8:53:44:61:86:a5:06\n"
535     "                   19:bf:73:51:68:2e:1a:0a:c5:05:39:ca:3d:ca:83:ed\n"
536     "                   07:fe:ae:b7:73:1d:60:dd:ab:9e:0e:7e:02:f3:68:42\n"
537     "                   93:27:c8:5f:c5:fa:cb:a9:84:06:2f:f3:66:bd:de:7d\n"
538     "                   29:82:57:47:e4:a9:df:bf:8b:bc:c0:46:33:5a:7b:87\n"
539     "           Exponent (bits 24):\n"
540     "                   01:00:01\n"
541     "   Extensions:\n"
542     "           Subject Alternative Name (not critical):\n"
543     "warning: SAN contains an embedded NUL, replacing with '!'\n"
544     "                   DNSname: localhost!h\n"
545     "           Key Usage (not critical):\n"
546     "                   Key encipherment.\n"
547     "           Key Purpose (not critical):\n"
548     "                   TLS WWW Server.\n"
549     "           Subject Key Identifier (not critical):\n"
550     "                   0c37a3db0f73b3388a69d36eb3a7d6d8774eda67\n"
551     "           Authority Key Identifier (not critical):\n"
552     "                   126b24d24a68b7a1b01ccdbfd64ccc405b7fe040\n"
553     "           Basic Constraints (critical):\n"
554     "                   Certificate Authority (CA): FALSE\n"
555     "   Signature Algorithm: RSA-SHA\n"
556     "   Signature:\n"
557     "           88:a0:17:77:77:bf:c1:8a:18:4e:a3:94:6e:45:18:31\n"
558     "           fa:2f:7b:1f:ee:95:20:d1:cd:40:df:ee:f0:45:2e:e9\n"
559     "           e6:cf:c8:77:bd:85:16:d7:9f:18:52:78:3f:ea:9c:86\n"
560     "           62:6e:db:90:b0:cd:f1:c1:6f:2d:87:4a:a0:be:b3:dc\n"
561     "           6d:e4:6b:d1:da:b9:10:25:7e:35:1f:1b:aa:a7:09:2f\n"
562     "           84:77:27:b0:48:a8:6d:54:57:38:35:22:34:03:0f:d4\n"
563     "           5d:ab:1c:72:15:b1:d9:89:56:10:12:fb:7d:0d:18:12\n"
564     "           a9:0a:38:dc:93:cf:69:ff:75:86:9e:e3:6b:eb:92:6c\n"
565     "           55:16:d5:65:8b:d7:9c:5e:4b:82:c8:92:6c:8b:e6:18\n"
566     "           a2:f8:8c:65:aa:b6:eb:23:ed:cb:99:db:fc:8b:8e:1d\n"
567     "           7a:39:c9:f5:7b:7f:58:7b:ed:01:6c:3c:40:ec:e3:a9\n"
568     "           5f:c4:3d:cb:81:17:03:6d:2d:d7:bd:00:5f:c4:79:f2\n"
569     "           fb:ab:c6:0e:a2:01:8b:a1:42:73:de:96:29:3e:bf:d7\n"
570     "           d9:51:a7:d4:98:07:7f:f0:f4:cd:00:a1:e1:ac:6c:05\n"
571     "           ac:ab:93:1b:b0:5c:2c:13:ad:ff:27:dc:80:99:34:66\n"
572     "           bd:e3:31:54:d5:b6:3f:ce:d4:08:a3:52:28:61:5e:bd\n"
573     "Other Information:\n"
574     "   MD5 fingerprint:\n"
575     "           0b4d6d944200cdd1639008b24dc0fe0a\n"
576     "   SHA-1 fingerprint:\n"
577     "           ce85660f5451b0cc12f525577f0eb9411a20c76b\n"
578     "   Public Key ID:\n"
579     "           a1d18c15e65c7c4935512eeea7ca5d3e6baad4e1\n"
580     "\n"
581     "-----BEGIN CERTIFICATE-----\n"
582     "MIIDQzCCAiugAwIBAgIGC10Khw0JMA0GCSqGSIb3DQEBBQUAMGcxCzAJBgNVBAYT\n"
583     "Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo\n"
584     "IENsb3VkMSUwIwYDVQQDDBxOb3RoZXJuIE5vd2hlcmUgVHJ1c3QgQW5jaG9yMB4X\n"
585     "DTA5MDgwNDIyMDczM1oXDTE3MTAyMTIyMDczM1owVDELMAkGA1UEBhMCTk4xMTAv\n"
586     "BgNVBAoMKEVkZWwgQ3VybCBBcmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQx\n"
587     "EjAQBgNVBAMMCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA\n"
588     "vmc7tOrAhbTDVsGkliM29cZ3qq3lwd3OwZqXB90WkOvwOLWVa6YPuXNOfYJXq1+1\n"
589     "ulygSIyCd/1n2FNEYYalBhm/c1FoLhoKxQU5yj3Kg+0H/q63cx1g3aueDn4C82hC\n"
590     "kyfIX8X6y6mEBi/zZr3efSmCV0fkqd+/i7zARjNae4cCAwEAAaOBizCBiDAWBgNV\n"
591     "HREEDzANggtsb2NhbGhvc3QAaDALBgNVHQ8EBAMCBSAwEwYDVR0lBAwwCgYIKwYB\n"
592     "BQUHAwEwHQYDVR0OBBYEFAw3o9sPc7M4imnTbrOn1th3TtpnMB8GA1UdIwQYMBaA\n"
593     "FBJrJNJKaLehsBzNv9ZMzEBbf+BAMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEF\n"
594     "BQADggEBAIigF3d3v8GKGE6jlG5FGDH6L3sf7pUg0c1A3+7wRS7p5s/Id72FFtef\n"
595     "GFJ4P+qchmJu25CwzfHBby2HSqC+s9xt5GvR2rkQJX41HxuqpwkvhHcnsEiobVRX\n"
596     "ODUiNAMP1F2rHHIVsdmJVhAS+30NGBKpCjjck89p/3WGnuNr65JsVRbVZYvXnF5L\n"
597     "gsiSbIvmGKL4jGWqtusj7cuZ2/yLjh16Ocn1e39Ye+0BbDxA7OOpX8Q9y4EXA20t\n"
598     "170AX8R58vurxg6iAYuhQnPelik+v9fZUafUmAd/8PTNAKHhrGwFrKuTG7BcLBOt\n"
599     "/yfcgJk0Zr3jMVTVtj/O1AijUihhXr0=\n" "-----END CERTIFICATE-----\n";
600
601 char pem_too_many[] = "\n"
602     "      Subject: C=BE,CN=******************.gnutls.org\n"
603     "\n"
604     "-----BEGIN CERTIFICATE-----\n"
605     "MIIDljCCAk6gAwIBAgIETcMNdjANBgkqhkiG9w0BAQsFADA6MQswCQYDVQQGEwJC\n"
606     "RTErMCkGA1UEAxMiKioqKioqKioqKioqKioqKioqKioqKiouZ251dGxzLm9yZzAe\n"
607     "Fw0xMTA1MDUyMDQ5NTlaFw02NDAxMTUyMDUwMDJaMDoxCzAJBgNVBAYTAkJFMSsw\n"
608     "KQYDVQQDEyIqKioqKioqKioqKioqKioqKioqKioqKi5nbnV0bHMub3JnMIIBUjAN\n"
609     "BgkqhkiG9w0BAQEFAAOCAT8AMIIBOgKCATEA3c+X0qUdld2GGNjEua2mDLSdttz6\n"
610     "3CHhOmI0B+gzsuiX7ixB0hLxX+3kdv9lJh4Mx0EVaV8N+a2JFI3q1xZSmkfBuwAC\n"
611     "5IhFc3ikrts4w8YH0mQOh+10jGvEwAJQfE6m0Vjp5RMJqdta6usPBoBcCe+UyOn7\n"
612     "Ny514ayTrZs3E0tmOnYz2MTXTPthyJIhB/zfqYhU5KOpR9JsuOM5iRGIOC2i3D5e\n"
613     "SqmkjtUfstDdQTzaEGieRxtlAqLFKHMCgwMJ/fUpfpfcKk5LqnlGRnCGG5u49oq+\n"
614     "KYd9X9qll2vvyEMJQ+IfihZ+HVBd9doC7vLDKkjmazDqAtfvrIsMuMGF2L98hage\n"
615     "g75cJi55e0f1Sj9mYpL9QSC2LADwUsomBi18z3pQfQ/L3ZcgyG/k4FD04wIDAQAB\n"
616     "o0QwQjAMBgNVHRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQW\n"
617     "BBSSU9ZxufhoqrNT9o31OUVmnKflMTANBgkqhkiG9w0BAQsFAAOCATEAUMK435LP\n"
618     "0XpmpWLBBuC6VLLIsAGmXRv7odw8sG9fOctalsbK3zd9pDOaoFI/128GOmlTp1aC\n"
619     "n4a/pZ9G5wTKRvdxVqecdYkozDtAS35uwCSQPU/P12Oug6kA4NNJDxF3FGm5eov6\n"
620     "SnZDL0Qlhat9y0yOakaOkVNwESAwgUEYClZeR45htvH5oP48XEgwqHQ9jPS2MXAe\n"
621     "QLBjqqeYzIvWqwT4z14tIkN0VWWqqVo/dzV+lfNwQy0UL8iWVYnks8wKs2SBkVHx\n"
622     "41wBR3uCgCDwlYGDLIG1cm0n7mXrnE7KNcrwQKXL8WGNRAVvx5MVO1vDoWPyQ1Y4\n"
623     "sDdnQiVER9ee/KxO6IgCTGh+nCBTSSYgLX2E/m789quPvzyi9Hf/go28he6E3dSK\n"
624     "q7/LRSxaZenB/Q==\n" "-----END CERTIFICATE-----\n";
625
626 #ifdef ENABLE_OPENPGP
627 /* Check basic OpenPGP comparison too.
628    <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3812>. */
629 char pem11[] =
630     "-----BEGIN PGP PUBLIC KEY BLOCK-----\n"
631     "Version: GnuPG v1.4.6 (GNU/Linux)\n"
632     "\n"
633     "mQGiBEXInlgRBAD0teb6ohIlchkHcFlmmvtVW1KXexlDfXExf8T+fOz5z354GPOX\n"
634     "sDq98ztCEE3hnPEOFj4NT0X3nEtrvLkhmZqrDHSbuJACB4qxeHwEbGFx7OIDW8+u\n"
635     "4sKxpaza1GVf1NQ7VIaQiXaGHy8Esn9SW7oNhK6z5l4TIRlm3OBt3cxU3wCgjnnO\n"
636     "jpGJeeo0OnZzSH+xsNLJQEcEAOmUc+7N9OhpT/gqddIgzYRr/FD0Ad6HBfABol6Q\n"
637     "wWCapzIxggnZJ9i+lHujpcA8idtrBU/DGhkGtW95QaHwQ8d5SvetM7Wc/xoHEP3o\n"
638     "HGvSGoXtfqlofastcC7eso39EBD10cpIB+gUmhe1MpaXm7A6m+KJO+2CkqE1vMkc\n"
639     "tmKHBACzDRrWgkV+AtGWKl3ge9RkYHKxAPc0FBrpzDrvmvvNMaIme2u/+WP/xa4T\n"
640     "nTjgys+pfeplHVfCO/n6nKWrVepMPE0+ZeNWzY6CsfhL7VjSN99vm7qzNHswBiJS\n"
641     "gCSwJXRmQcJcS9hxqLciUyVEB32zPqX24QHnsyPYaSCzEBgOnLQPdGVzdC5nbnV0\n"
642     "bHMub3JniF8EExECACAFAkXInlgCGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAK\n"
643     "CRCuX60+XR0U2FcfAJ9eZDmhk5a9k4K/zu+a5xFwb9SWsgCXTkDnOIQmueZPHg5U\n"
644     "VgKnazckK7kCDQRFyJ51EAgAozi9Vk9R5I2AtRcqV4jLfpzh3eiBYSUt4U3ZLxff\n"
645     "LAyvGMUXA7OATGGhuKphNQLux17AGpRN4nugnIWMLE9akyrxXqg/165UFKbwwVsl\n"
646     "po7KzPvEXHmOYDgVEqS0sZNWmkJeMPdCVsD2wifPkocufUu2Ux8CmrvT1nEgoiVu\n"
647     "kUjplJOralQBdsPkIEk8LMVtF3IW2aHCEET0yrJ2Y2q0i/u1K4bxSUi5ESrN0UNa\n"
648     "WT7wtCegdwWlObwJEgwcu/8YtjMnfBI855gXVdJiRLdOJvkU+65I/jnPQG5QEIQM\n"
649     "weLty/+GHkXVN2xw5OGUIryIPUHi8+EDGOGqoxqNUMTzvwADBQf/bTPc0z3oHp+X\n"
650     "hsj3JP/AMCSQV87peKqFYEnRIubsN4Y4tTwVjEkRA3s5u+qTNvdypE1tvAEmdspa\n"
651     "CL/EKfMCEltcW3WUwqUIULQ2Z0t9tBuVfMEH1Z1jjb68IOVwTJYz+iBtmbq5Wxoq\n"
652     "lc5woOCDVL9qaKR6hOuAukTl6L3wQL+5zGBE4k5UfLf8UVJEa4ZTqsoMi3iyQAFO\n"
653     "/h7WzqUATH3aQSz9tpilJ760wadDhc+Sdt2a0W6cC+SBmJaU/ym9seTd26nyWHG+\n"
654     "03G+ynCHf5pBAXHhfCNhA0lMv5h3eJECNElcCh0sYGmo19jOzbnlRSGKRqrflOtO\n"
655     "YwhQXK9y/ohJBBgRAgAJBQJFyJ51AhsMAAoJEK5frT5dHRTYDDgAn2bLaS5n3Xy8\n"
656     "Z/V2Me1st/9pqPfZAJ4+9YBnyjCq/0vosIoZabi+s92m7g==\n"
657     "=NkXV\n" "-----END PGP PUBLIC KEY BLOCK-----\n";
658 #endif
659
660 char pem_ips[] = "\n"
661         "X.509 Certificate Information:\n"
662         "       Version: 3\n"
663         "       Serial Number (hex): 00\n"
664         "       Issuer: CN=server-0\n"
665         "       Validity:\n"
666         "               Not Before: Fri Jun 27 09:14:36 UTC 2014\n"
667         "               Not After: Fri Dec 31 23:59:59 UTC 9999\n"
668         "       Subject: CN=server-0\n"
669         "       Subject Public Key Algorithm: RSA\n"
670         "       Algorithm Security Level: Medium (2048 bits)\n"
671         "               Modulus (bits 2048):\n"
672         "                       00:c1:56:12:f6:c3:c7:e3:4c:7e:ff:04:4e:88:1d:67\n"
673         "                       a7:f3:4d:64:cc:12:a7:ff:50:aa:5c:31:b9:3c:d1:d1\n"
674         "                       ba:78:2c:7d:dd:54:4a:cd:5a:f2:38:8b:b2:c5:26:7e\n"
675         "                       25:05:36:b6:92:e6:1d:c3:00:39:a0:c5:1c:b5:63:3d\n"
676         "                       00:e9:b4:b5:75:a7:14:b1:ff:a0:03:9d:ba:77:da:e5\n"
677         "                       de:21:fb:56:da:06:9d:84:57:53:3d:08:45:45:20:fd\n"
678         "                       e7:60:65:2e:55:60:db:d3:91:da:64:ff:c4:42:42:54\n"
679         "                       77:cb:47:54:68:1e:b4:62:ad:8a:3c:0a:28:89:cb:d3\n"
680         "                       81:d3:15:9a:1d:67:90:51:83:90:6d:fb:a1:0e:54:6b\n"
681         "                       29:d7:ef:79:19:14:f6:0d:82:73:8f:79:58:0e:af:0e\n"
682         "                       cc:bd:17:ab:b5:a2:1f:76:a1:9f:4b:7b:e8:f9:7b:28\n"
683         "                       56:cc:f1:5b:0e:93:c9:e5:44:2f:2d:0a:22:7d:0b:2b\n"
684         "                       30:84:c3:1e:d6:4d:63:5b:41:51:83:d4:b5:09:f4:cc\n"
685         "                       ab:ad:51:1b:8e:a1:f6:b1:27:5b:43:3c:bc:ae:10:93\n"
686         "                       d4:ce:3b:10:ca:3f:22:dd:9e:a8:3f:4a:a6:a8:cd:8f\n"
687         "                       d0:6a:e0:40:26:28:0f:af:0e:13:e1:ac:b9:ac:41:cc\n"
688         "                       5d\n"
689         "               Exponent (bits 24):\n"
690         "                       01:00:01\n"
691         "       Extensions:\n"
692         "               Basic Constraints (critical):\n"
693         "                       Certificate Authority (CA): TRUE\n"
694         "               Subject Alternative Name (not critical):\n"
695         "                       IPAddress: 127.0.0.1\n"
696         "                       IPAddress: 192.168.5.1\n"
697         "                       IPAddress: 10.100.2.5\n"
698         "                       IPAddress: 0:0:0:0:0:0:0:1\n"
699         "                       IPAddress: fe80:0:0:0:3e97:eff:fe18:359a\n"
700         "               Key Usage (critical):\n"
701         "                       Certificate signing.\n"
702         "               Subject Key Identifier (not critical):\n"
703         "                       bd3d0b6cab6b33d8a8e1ed15b7ab17587cc2a09f\n"
704         "       Signature Algorithm: RSA-SHA256\n"
705         "       Signature:\n"
706         "               02:22:52:4b:69:e5:4f:f8:17:0a:46:34:d1:ec:6b:f5\n"
707         "               ae:5b:fc:e2:00:ca:1f:f0:1d:74:91:9c:85:0a:a7:06\n"
708         "               3d:fa:93:0d:35:85:ea:3e:01:9f:9e:bc:52:72:95:b2\n"
709         "               8a:3a:78:6e:d2:5d:4d:60:88:2b:be:6f:68:75:c7:19\n"
710         "               ac:c9:ea:ab:74:f6:62:4d:30:1e:87:e4:70:1e:96:f4\n"
711         "               0b:48:ef:c9:28:14:6f:fa:c1:7b:d3:ef:b3:d8:52:90\n"
712         "               5d:20:d0:aa:8b:10:ab:74:86:46:be:cb:6c:93:54:60\n"
713         "               bc:6e:d6:4d:b2:1e:25:65:38:52:5b:6c:b4:57:8f:0f\n"
714         "               26:4f:36:ea:42:eb:71:68:93:f3:a9:7a:66:5c:b6:07\n"
715         "               7d:15:b5:f4:b8:5c:7c:e0:cd:d0:fa:5b:2a:6b:fd:4c\n"
716         "               71:12:45:d0:37:9e:cf:90:59:6e:fd:ba:3a:8b:ca:37\n"
717         "               01:cc:6f:e0:32:c7:9e:a4:ea:61:2c:e5:ad:66:73:80\n"
718         "               5c:5e:0c:44:ec:c2:74:b8:fe:6e:66:af:76:cc:30:10\n"
719         "               1f:3a:ac:34:36:e6:5b:72:f3:ee:5a:68:c3:43:37:56\n"
720         "               c3:08:02:3c:96:1c:27:18:d0:38:fa:d7:51:4e:82:7d\n"
721         "               fc:81:a2:23:c5:05:80:0e:b4:ba:d3:19:39:74:9c:74\n"
722         "Other Information:\n"
723         "       SHA1 fingerprint:\n"
724         "               43536dd4198f6064c117c3825020b14c108f9a34\n"
725         "       SHA256 fingerprint:\n"
726         "               5ab6626aa069da15650edcfff7305767ff5b8d338289f851a624ea89b50ff06a\n"
727         "       Public Key ID:\n"
728         "               bd3d0b6cab6b33d8a8e1ed15b7ab17587cc2a09f\n"
729         "       Public key's random art:\n"
730         "               +--[ RSA 2048]----+\n"
731         "               |                 |\n"
732         "               |        .        |\n"
733         "               |       . +       |\n"
734         "               |      .  .= .    |\n"
735         "               |       .S+oo     |\n"
736         "               |        E+.+     |\n"
737         "               |    .  +. *.o    |\n"
738         "               |   . oo.=..+ o   |\n"
739         "               |    ooo.+Bo .    |\n"
740         "               +-----------------+\n"
741         "\n"
742         "-----BEGIN CERTIFICATE-----\n"
743         "MIIDKzCCAhOgAwIBAgIBADANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDEwhzZXJ2\n"
744         "ZXItMDAiGA8yMDE0MDYyNzA5MTQzNloYDzk5OTkxMjMxMjM1OTU5WjATMREwDwYD\n"
745         "VQQDEwhzZXJ2ZXItMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFW\n"
746         "EvbDx+NMfv8ETogdZ6fzTWTMEqf/UKpcMbk80dG6eCx93VRKzVryOIuyxSZ+JQU2\n"
747         "tpLmHcMAOaDFHLVjPQDptLV1pxSx/6ADnbp32uXeIftW2gadhFdTPQhFRSD952Bl\n"
748         "LlVg29OR2mT/xEJCVHfLR1RoHrRirYo8CiiJy9OB0xWaHWeQUYOQbfuhDlRrKdfv\n"
749         "eRkU9g2Cc495WA6vDsy9F6u1oh92oZ9Le+j5eyhWzPFbDpPJ5UQvLQoifQsrMITD\n"
750         "HtZNY1tBUYPUtQn0zKutURuOofaxJ1tDPLyuEJPUzjsQyj8i3Z6oP0qmqM2P0Grg\n"
751         "QCYoD68OE+GsuaxBzF0CAwEAAaOBhTCBgjAPBgNVHRMBAf8EBTADAQH/MD8GA1Ud\n"
752         "EQQ4MDaHBH8AAAGHBMCoBQGHBApkAgWHEAAAAAAAAAAAAAAAAAAAAAGHEP6AAAAA\n"
753         "AAAAPpcO//4YNZowDwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4EFgQUvT0LbKtrM9io\n"
754         "4e0Vt6sXWHzCoJ8wDQYJKoZIhvcNAQELBQADggEBAAIiUktp5U/4FwpGNNHsa/Wu\n"
755         "W/ziAMof8B10kZyFCqcGPfqTDTWF6j4Bn568UnKVsoo6eG7SXU1giCu+b2h1xxms\n"
756         "yeqrdPZiTTAeh+RwHpb0C0jvySgUb/rBe9Pvs9hSkF0g0KqLEKt0hka+y2yTVGC8\n"
757         "btZNsh4lZThSW2y0V48PJk826kLrcWiT86l6Zly2B30VtfS4XHzgzdD6Wypr/Uxx\n"
758         "EkXQN57PkFlu/bo6i8o3Acxv4DLHnqTqYSzlrWZzgFxeDETswnS4/m5mr3bMMBAf\n"
759         "Oqw0NuZbcvPuWmjDQzdWwwgCPJYcJxjQOPrXUU6CffyBoiPFBYAOtLrTGTl0nHQ=\n"
760         "-----END CERTIFICATE-----\n"
761         "";
762
763 char multi_cns[] = "\n"
764         "Subject: CN=www.example.com,CN=www.example2.com,CN=www.example3.com\n"
765         "\n"
766         "-----BEGIN CERTIFICATE-----\n"
767         "MIIDXzCCAkegAwIBAgIMU+p6uAg2JlqRhAbAMA0GCSqGSIb3DQEBCwUAMA8xDTAL\n"
768         "BgNVBAMTBENBLTAwIhgPMjAxNDA4MTIyMDM2MDhaGA85OTk5MTIzMTIzNTk1OVow\n"
769         "UDEYMBYGA1UEAxMPd3d3LmV4YW1wbGUuY29tMRkwFwYDVQQDExB3d3cuZXhhbXBs\n"
770         "ZTIuY29tMRkwFwYDVQQDExB3d3cuZXhhbXBsZTMuY29tMIIBIjANBgkqhkiG9w0B\n"
771         "AQEFAAOCAQ8AMIIBCgKCAQEAqP5QQUqIS2lquM8hYbDHljqHBDWlGtr167DDPwix\n"
772         "oIlnq84Xr1zI5zpJ2t/3U5kGTbRJiVroQCh3cVhiQyGTPSJPK+CJGi3diw5Vc2rK\n"
773         "oAPxaFtaxvE36mLLH2SSuc49b6hhlRpXdWE0TgnsvJojL5V20/CZI23T27fl+DjT\n"
774         "MduU92qH8wdCgp7q3sHZvtvTZuFM+edYvKZjhUz8P7JwiamG0A2UH+NiyicdAOxc\n"
775         "+lfwfoyetJdTHLfwxdCXT4X91xGd9eOW9lIL5BqLuAArODTcmHDmiXpXEO/sEyHq\n"
776         "L96Eawjon0Gz4IRNq7/kwDjSPJOIN0GHq6DtNmXl6J0C5wIDAQABo3YwdDAMBgNV\n"
777         "HRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1UdDwEB/wQFAwMHoAAw\n"
778         "HQYDVR0OBBYEFH6NTStc4XH/M74Meat1sT2o53fUMB8GA1UdIwQYMBaAFK8aMLKE\n"
779         "hAwWmkzQxRkQ1/efnumUMA0GCSqGSIb3DQEBCwUAA4IBAQBdHknM+rddB0ET+UI2\n"
780         "Or8qSNjkqBHwsZqb4hJozXFS35a1CJPQuxPzY13eHpiIfmdWL2EpKnLOU8vtAW9e\n"
781         "qpozMGDyrAuZhxsXUtInbF15C+Yuw9/sqCPK44b5DCtDf6J/N8m8FvdwqO803z1D\n"
782         "MGcSpES5I68+N3dwSRFYNpSLA1ul5MSlnmoffml959kx9hZNcI4N/UqkO1LMCKXX\n"
783         "Nf8kGFyLdPjANcIwL5sqP+Dp4HP3wdf7Ny+KFCZ6zDbpa53gb3G0naMdllK8BMfI\n"
784         "AQ4Y07zSA4K1QMdxeqaMgPIcCDLoKiMXAXNa42+K04F6SOkTjsVx9b5m0oynLt0u\n"
785         "MUjE\n"
786         "-----END CERTIFICATE-----\n";
787
788 void doit(void)
789 {
790         gnutls_x509_crt_t x509;
791 #ifdef ENABLE_OPENPGP
792         gnutls_openpgp_crt_t pgp;
793 #endif
794         gnutls_datum_t data;
795         int ret;
796
797         ret = global_init();
798         if (ret < 0)
799                 fail("global_init: %d\n", ret);
800
801         ret = gnutls_x509_crt_init(&x509);
802         if (ret < 0)
803                 fail("gnutls_x509_crt_init: %d\n", ret);
804
805 #ifdef ENABLE_OPENPGP
806         ret = gnutls_openpgp_crt_init(&pgp);
807         if (ret < 0)
808                 fail("gnutls_openpgp_crt_init: %d\n", ret);
809 #endif
810         if (debug)
811                 success("Testing wildcards...\n");
812         data.data = (unsigned char *) wildcards;
813         data.size = strlen(wildcards);
814
815         ret = gnutls_x509_crt_import(x509, &data, GNUTLS_X509_FMT_PEM);
816         if (ret < 0)
817                 fail("%d: gnutls_x509_crt_import: %d\n", __LINE__, ret);
818
819         ret = gnutls_x509_crt_check_hostname(x509, "example.com");
820         if (ret)
821                 fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret);
822
823         ret = gnutls_x509_crt_check_hostname(x509, "example.org");
824         if (ret)
825                 fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret);
826
827         ret = gnutls_x509_crt_check_hostname(x509, "www.example.net");
828         if (ret==0)
829                 fail("%d: Hostname incorrectly does not match (%d)\n", __LINE__, ret);
830
831         if (debug)
832                 success("Testing pem1...\n");
833         data.data = (unsigned char *) pem1;
834         data.size = strlen(pem1);
835
836         ret = gnutls_x509_crt_import(x509, &data, GNUTLS_X509_FMT_PEM);
837         if (ret < 0)
838                 fail("%d: gnutls_x509_crt_import: %d\n", __LINE__, ret);
839
840         ret = gnutls_x509_crt_check_hostname(x509, "foo");
841         if (ret)
842                 fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret);
843
844         if (debug)
845                 success("Testing pem2...\n");
846         data.data = (unsigned char *) pem2;
847         data.size = strlen(pem2);
848
849         ret = gnutls_x509_crt_import(x509, &data, GNUTLS_X509_FMT_PEM);
850         if (ret < 0)
851                 fail("%d: gnutls_x509_crt_import: %d\n", __LINE__, ret);
852
853         ret = gnutls_x509_crt_check_hostname(x509, "foo");
854         if (ret)
855                 fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret);
856
857         ret = gnutls_x509_crt_check_hostname(x509, "www.example.org");
858         if (!ret)
859                 fail("%d: Hostname incorrectly does not match (%d)\n", __LINE__, ret);
860
861         ret = gnutls_x509_crt_check_hostname(x509, "*.example.org");
862         if (ret)
863                 fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret);
864
865         if (debug)
866                 success("Testing pem3...\n");
867         data.data = (unsigned char *) pem3;
868         data.size = strlen(pem3);
869
870         ret = gnutls_x509_crt_import(x509, &data, GNUTLS_X509_FMT_PEM);
871         if (ret < 0)
872                 fail("%d: gnutls_x509_crt_import: %d\n", __LINE__, ret);
873
874         ret = gnutls_x509_crt_check_hostname(x509, "foo");
875         if (ret)
876                 fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret);
877
878         ret = gnutls_x509_crt_check_hostname(x509, "www.example.org");
879         if (!ret)
880                 fail("%d: Hostname incorrectly does not match (%d)\n", __LINE__, ret);
881
882         ret = gnutls_x509_crt_check_hostname(x509, "*.example.org");
883         if (ret)
884                 fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret);
885
886         if (debug)
887                 success("Testing pem4...\n");
888         data.data = (unsigned char *) pem4;
889         data.size = strlen(pem4);
890
891         ret = gnutls_x509_crt_import(x509, &data, GNUTLS_X509_FMT_PEM);
892         if (ret < 0)
893                 fail("%d: gnutls_x509_crt_import: %d\n", __LINE__, ret);
894
895         ret = gnutls_x509_crt_check_hostname(x509, "foo");
896         if (ret)
897                 fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret);
898
899         ret = gnutls_x509_crt_check_hostname(x509, "www.example.org");
900         if (!ret)
901                 fail("%d: Hostname incorrectly does not match (%d)\n", __LINE__, ret);
902
903         ret = gnutls_x509_crt_check_hostname2(x509, "www.example.org", GNUTLS_VERIFY_DO_NOT_ALLOW_WILDCARDS);
904         if (ret)
905                 fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret);
906
907         ret = gnutls_x509_crt_check_hostname(x509, "foo.example.org");
908         if (!ret)
909                 fail("%d: Hostname incorrectly does not match (%d)\n", __LINE__, ret);
910
911         ret = gnutls_x509_crt_check_hostname(x509, "foo.example.com");
912         if (ret)
913                 fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret);
914
915 #ifdef SUPPORT_COMPLEX_WILDCARDS
916         if (debug)
917                 success("Testing pem6...\n");
918         data.data = (unsigned char *) pem6;
919         data.size = strlen(pem6);
920
921         ret = gnutls_x509_crt_import(x509, &data, GNUTLS_X509_FMT_PEM);
922         if (ret < 0)
923                 fail("%d: gnutls_x509_crt_import: %d\n", __LINE__, ret);
924
925         ret = gnutls_x509_crt_check_hostname(x509, "foo.example.org");
926         if (ret)
927                 fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret);
928
929         ret = gnutls_x509_crt_check_hostname(x509, "bar.foo.example.org");
930         if (!ret)
931                 fail("%d: Hostname incorrectly does not match (%d)\n", __LINE__, ret);
932
933         if (debug)
934                 success("Testing pem7...\n");
935         data.data = (unsigned char *) pem7;
936         data.size = strlen(pem7);
937
938         ret = gnutls_x509_crt_import(x509, &data, GNUTLS_X509_FMT_PEM);
939         if (ret < 0)
940                 fail("%d: gnutls_x509_crt_import: %d\n", __LINE__, ret);
941
942         ret = gnutls_x509_crt_check_hostname(x509, "foo.bar.example.org");
943         if (ret)
944                 fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret);
945
946         ret =
947             gnutls_x509_crt_check_hostname(x509, "foobar.bar.example.org");
948         if (ret)
949                 fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret);
950
951         ret = gnutls_x509_crt_check_hostname(x509, "foobar.example.org");
952         if (!ret)
953                 fail("%d: Hostname incorrectly does not match (%d)\n", __LINE__, ret);
954
955         ret =
956             gnutls_x509_crt_check_hostname(x509, "foobazbar.example.org");
957         if (!ret)
958                 fail("%d: Hostname incorrectly does not match (%d)\n", __LINE__, ret);
959 #endif
960
961         if (debug)
962                 success("Testing pem8...\n");
963         data.data = (unsigned char *) pem8;
964         data.size = strlen(pem8);
965
966         ret = gnutls_x509_crt_import(x509, &data, GNUTLS_X509_FMT_PEM);
967         if (ret < 0)
968                 fail("%d: gnutls_x509_crt_import: %d\n", __LINE__, ret);
969
970         /* this was passing in old gnutls versions, but that was not a
971          * good idea. See http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7380
972          * for a discussion. */
973         ret = gnutls_x509_crt_check_hostname(x509, "www.example.org");
974         if (ret)
975                 fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret);
976
977         ret = gnutls_x509_crt_check_hostname(x509, "www.example.");
978         if (ret)
979                 fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret);
980
981         /* this was passing in old gnutls versions, but that was not a
982          * good idea. See http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7380
983          * for a discussion. */
984         ret = gnutls_x509_crt_check_hostname(x509, "www.example.com");
985         if (ret)
986                 fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret);
987
988         ret = gnutls_x509_crt_check_hostname(x509, "www.example.foo.com");
989         if (ret)
990                 fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret);
991
992         if (debug)
993                 success("Testing pem9...\n");
994         data.data = (unsigned char *) pem9;
995         data.size = strlen(pem9);
996
997         ret = gnutls_x509_crt_import(x509, &data, GNUTLS_X509_FMT_PEM);
998         if (ret < 0)
999                 fail("%d: gnutls_x509_crt_import: %d\n", __LINE__, ret);
1000
1001         ret = gnutls_x509_crt_check_hostname(x509, "foo.example.org");
1002         if (ret)
1003                 fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret);
1004
1005         ret = gnutls_x509_crt_check_hostname(x509, "bar.example.org");
1006         if (!ret)
1007                 fail("%d: Hostname incorrectly does not match (%d)\n", __LINE__, ret);
1008
1009         if (debug)
1010                 success("Testing pem10...\n");
1011         data.data = (unsigned char *) pem10;
1012         data.size = strlen(pem10);
1013
1014         ret = gnutls_x509_crt_import(x509, &data, GNUTLS_X509_FMT_PEM);
1015         if (ret < 0)
1016                 fail("%d: gnutls_x509_crt_import: %d\n", __LINE__, ret);
1017
1018         ret = gnutls_x509_crt_check_hostname(x509, "localhost");
1019         if (ret)
1020                 fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret);
1021
1022         if (debug)
1023                 success("Testing pem_too_many...\n");
1024         data.data = (unsigned char *) pem_too_many;
1025         data.size = strlen(pem_too_many);
1026
1027         ret = gnutls_x509_crt_import(x509, &data, GNUTLS_X509_FMT_PEM);
1028         if (ret < 0)
1029                 fail("%d: gnutls_x509_crt_import: %d\n", __LINE__, ret);
1030
1031         ret =
1032             gnutls_x509_crt_check_hostname(x509,
1033                                            "localhost.gnutls.gnutls.org");
1034         if (ret)
1035                 fail("%d: Hostname verification should have failed (too many wildcards)\n", __LINE__);
1036
1037         if (debug)
1038                 success("Testing pem-ips...\n");
1039         data.data = (unsigned char *) pem_ips;
1040         data.size = strlen(pem_ips);
1041
1042         ret = gnutls_x509_crt_import(x509, &data, GNUTLS_X509_FMT_PEM);
1043         if (ret < 0)
1044                 fail("%d: gnutls_x509_crt_import: %d\n", __LINE__, ret);
1045
1046         ret = gnutls_x509_crt_check_hostname(x509, "127.0.0.2");
1047         if (ret)
1048                 fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret);
1049
1050         ret = gnutls_x509_crt_check_hostname(x509, "example.com");
1051         if (ret)
1052                 fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret);
1053
1054         ret = gnutls_x509_crt_check_hostname(x509, "127.0.0.1");
1055         if (!ret)
1056                 fail("%d: Hostname incorrectly does not match (%d)\n", __LINE__, ret);
1057
1058         ret = gnutls_x509_crt_check_hostname(x509, "192.168.5.1");
1059         if (!ret)
1060                 fail("%d: Hostname incorrectly does not match (%d)\n", __LINE__, ret);
1061
1062         ret = gnutls_x509_crt_check_hostname(x509, "::1");
1063         if (!ret)
1064                 fail("%d: Hostname incorrectly does not match (%d)\n", __LINE__, ret);
1065
1066         ret = gnutls_x509_crt_check_hostname(x509, "fe80::3e97:eff:fe18:359a");
1067         if (!ret)
1068                 fail("%d: Hostname incorrectly does not match (%d)\n", __LINE__, ret);
1069
1070         if (debug)
1071                 success("Testing multi-cns...\n");
1072         data.data = (unsigned char *) multi_cns;
1073         data.size = strlen(multi_cns);
1074
1075         ret = gnutls_x509_crt_import(x509, &data, GNUTLS_X509_FMT_PEM);
1076         if (ret < 0)
1077                 fail("%d: gnutls_x509_crt_import: %d\n", __LINE__, ret);
1078
1079         ret = gnutls_x509_crt_check_hostname(x509, "example.com");
1080         if (ret)
1081                 fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret);
1082
1083         ret = gnutls_x509_crt_check_hostname(x509, "www.example.com");
1084         if (ret)
1085                 fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret);
1086
1087         ret = gnutls_x509_crt_check_hostname(x509, "www.example2.com");
1088         if (ret)
1089                 fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret);
1090
1091         ret = gnutls_x509_crt_check_hostname(x509, "www.example3.com");
1092         if (ret)
1093                 fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret);
1094
1095 #ifdef ENABLE_OPENPGP
1096         if (debug)
1097                 success("Testing pem11...\n");
1098         data.data = (unsigned char *) pem11;
1099         data.size = strlen(pem11);
1100
1101         ret =
1102             gnutls_openpgp_crt_import(pgp, &data,
1103                                       GNUTLS_OPENPGP_FMT_BASE64);
1104         if (ret < 0)
1105                 fail("%d: gnutls_openpgp_crt_import: %d\n", __LINE__, ret);
1106
1107         ret = gnutls_openpgp_crt_check_hostname(pgp, "test.gnutls.org");
1108         if (!ret)
1109                 fail("%d: Hostname incorrectly does not match (%d)\n", __LINE__, ret);
1110
1111         gnutls_openpgp_crt_deinit(pgp);
1112 #endif
1113         gnutls_x509_crt_deinit(x509);
1114
1115         gnutls_global_deinit();
1116 }
Domain: Security / Utilities;