2 * Copyright (C) 2014 Red Hat
4 * Author: Nikos Mavrogiannopoulos
6 * This file is part of GnuTLS.
8 * GnuTLS is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
13 * GnuTLS is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with GnuTLS; if not, write to the Free Software Foundation,
20 * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
30 #include <gnutls/gnutls.h>
31 #include <gnutls/dane.h>
37 struct data_entry_st {
39 char *const queries[MAX_QUERIES];
40 int q_size[MAX_QUERIES];
47 unsigned expected_status; /* if cert is non-null */
48 int expected_verify_ret; /* if cert is non-null */
51 const struct data_entry_st data_entries[] = {
53 .name = "Entry parsing",
56 "\x00\x00\x01\x19\x40\x0b\xe5\xb7\xa3\x1f\xb7\x33\x91\x77\x00\x78\x9d\x2f\x0a\x24\x71\xc0\xc9\xd5\x06\xc0\xe5\x04\xc0\x6c\x16\xd7\xcb\x17\xc0",
58 "\x03\x00\x01\x03\x32\xaa\x2d\x58\xb3\xe0\x54\x4b\x65\x65\x64\x38\x93\x70\x68\xba\x44\xce\x2f\x14\x46\x9c\x4f\x50\xc9\xcc\x69\x33\xc8\x08\xd3",
60 "\x03\x01\x01\x46\x25\x73\x19\x5c\x86\xe8\x61\xab\xab\x8e\xcc\xfb\xc7\xf0\x48\x69\x58\xef\xdf\xf9\x44\x9a\xc1\x07\x29\xb3\xa0\xf9\x06\xf3\x88",
72 { /* as the previous but with first byte invalid */
73 .name = "Cert verification (single entry)",
76 "\x03\x01\x01\x54\x4f\x28\x4d\x66\xaf\x2d\xe0\x8c\x17\xe7\x48\x6a\xed\xfa\x2e\x00\xaa\x1a\xc6\xbb\xf3\xaf\x5c\xa6\x2b\x55\xab\x7a\xc2\x69\xbe",
87 .expected_verify_ret = 0,
89 .cert = "-----BEGIN CERTIFICATE-----\n"
90 "MIIE+DCCA+CgAwIBAgISESHVV5p9ybDcuT+A7ITU5IQYMA0GCSqGSIb3DQEBCwUA\n"
91 "MGAxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYD\n"
92 "VQQDEy1HbG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g\n"
93 "RzIwHhcNMTUxMDIxMDkxOTAwWhcNMTYxMjE4MTY1NDU2WjA8MSEwHwYDVQQLExhE\n"
94 "b21haW4gQ29udHJvbCBWYWxpZGF0ZWQxFzAVBgNVBAMMDioubmxuZXRsYWJzLm5s\n"
95 "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzHpmwd7SC6vLKde0IcYD\n"
96 "rrVcSSZFNrmP6Wtw5rR7KTBGfj70lCzo1Tu4KzOeFL23cB/Y8kWPojw73eYM+lnr\n"
97 "woZmdG28q+nYeZYRNjFpeLmwK87bpWxw760FrdQSdPrgM9uZS02AWD8PWIWZQ+0X\n"
98 "5XbkgSSjgSRAeT6Ki+8r9TcA+rgUv208kHVgFrBqeNQ//oRojN/7tBbbXrVTy37W\n"
99 "yWLCijExfBzQSsamZqskwhmzYyCJOXCqHUGh/Nyt9WvcX4YE7ogba33M7EQX2C37\n"
100 "ZH+XcmHGdhhLahuMoAm39mchN8TwY7R6DtmvM/WhDdc4dkEWjvrUnGYQhajsKVIZ\n"
101 "oQIDAQABo4IBzjCCAcowDgYDVR0PAQH/BAQDAgWgMEkGA1UdIARCMEAwPgYGZ4EM\n"
102 "AQIBMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3Jl\n"
103 "cG9zaXRvcnkvMCcGA1UdEQQgMB6CDioubmxuZXRsYWJzLm5sggxubG5ldGxhYnMu\n"
104 "bmwwCQYDVR0TBAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwQwYD\n"
105 "VR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc2Rv\n"
106 "bWFpbnZhbHNoYTJnMi5jcmwwgZQGCCsGAQUFBwEBBIGHMIGEMEcGCCsGAQUFBzAC\n"
107 "hjtodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc2RvbWFpbnZh\n"
108 "bHNoYTJnMnIxLmNydDA5BggrBgEFBQcwAYYtaHR0cDovL29jc3AyLmdsb2JhbHNp\n"
109 "Z24uY29tL2dzZG9tYWludmFsc2hhMmcyMB0GA1UdDgQWBBR8k4wtqr2L7in153sI\n"
110 "aE9Eo+ZB5zAfBgNVHSMEGDAWgBTqTnzUgC3lFYGGJoyCbcCYpM+XDzANBgkqhkiG\n"
111 "9w0BAQsFAAOCAQEAHgjG+iHJ8INGp/J0VskjmMItSdcTJhsQbAf1Pz1eu87cXhFa\n"
112 "Vro1xRN9KcsKhnd6TbflDpZkM0g9kX1nGZUWLxMmDbx6N/Y+0X9XHBkgTcVgo1gn\n"
113 "DkzBfMq/Qmy6Szl+RqNinvM2VjkjreWP2AFmIvbZxjMQDAtSs+5l1Qd+xR3Qxrim\n"
114 "5XFIaS7lR8ediLKO0trf7TcbXYZ72u3pxVxm7y2Vzi4mC+lcEcc6409b1yeSRbx/\n"
115 "9N6pYa8Uk3ZaeR6hZHx/g448vVwAqmKrsyJZOayDwHxrFeFWPfJSrFlT8kLmkr5A\n"
116 "VKOWjR5fslCGWqONiFHhyujZocIw03v5+kD9lw==\n"
117 "-----END CERTIFICATE-----\n"
120 .name = "Cert verification (multi entries)",
123 "\x00\x00\x01\x19\x40\x0b\xe5\xb7\xa3\x1f\xb7\x33\x91\x77\x00\x78\x9d\x2f\x0a\x24\x71\xc0\xc9\xd5\x06\xc0\xe5\x04\xc0\x6c\x16\xd7\xcb\x17\xc0",
125 "\x03\x01\x01\x54\x4f\x28\x4d\x66\xaf\x2d\xe0\x8c\x17\xe7\x48\x6a\xed\xfa\x2e\x00\xaa\x1a\xc6\xbb\xf3\xaf\x5c\xa6\x2b\x55\xab\x7a\xc2\x69\xbe",
127 "\x03\x00\x01\x03\x32\xaa\x2d\x58\xb3\xe0\x54\x4b\x65\x65\x64\x38\x93\x70\x68\xba\x44\xce\x2f\x14\x46\x9c\x4f\x50\xc9\xcc\x69\x33\xc8\x08\xd3",
138 .expected_verify_ret = 0,
139 .expected_status = 0,
140 .cert = "-----BEGIN CERTIFICATE-----\n"
141 "MIIE+DCCA+CgAwIBAgISESHVV5p9ybDcuT+A7ITU5IQYMA0GCSqGSIb3DQEBCwUA\n"
142 "MGAxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYD\n"
143 "VQQDEy1HbG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g\n"
144 "RzIwHhcNMTUxMDIxMDkxOTAwWhcNMTYxMjE4MTY1NDU2WjA8MSEwHwYDVQQLExhE\n"
145 "b21haW4gQ29udHJvbCBWYWxpZGF0ZWQxFzAVBgNVBAMMDioubmxuZXRsYWJzLm5s\n"
146 "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzHpmwd7SC6vLKde0IcYD\n"
147 "rrVcSSZFNrmP6Wtw5rR7KTBGfj70lCzo1Tu4KzOeFL23cB/Y8kWPojw73eYM+lnr\n"
148 "woZmdG28q+nYeZYRNjFpeLmwK87bpWxw760FrdQSdPrgM9uZS02AWD8PWIWZQ+0X\n"
149 "5XbkgSSjgSRAeT6Ki+8r9TcA+rgUv208kHVgFrBqeNQ//oRojN/7tBbbXrVTy37W\n"
150 "yWLCijExfBzQSsamZqskwhmzYyCJOXCqHUGh/Nyt9WvcX4YE7ogba33M7EQX2C37\n"
151 "ZH+XcmHGdhhLahuMoAm39mchN8TwY7R6DtmvM/WhDdc4dkEWjvrUnGYQhajsKVIZ\n"
152 "oQIDAQABo4IBzjCCAcowDgYDVR0PAQH/BAQDAgWgMEkGA1UdIARCMEAwPgYGZ4EM\n"
153 "AQIBMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3Jl\n"
154 "cG9zaXRvcnkvMCcGA1UdEQQgMB6CDioubmxuZXRsYWJzLm5sggxubG5ldGxhYnMu\n"
155 "bmwwCQYDVR0TBAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwQwYD\n"
156 "VR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc2Rv\n"
157 "bWFpbnZhbHNoYTJnMi5jcmwwgZQGCCsGAQUFBwEBBIGHMIGEMEcGCCsGAQUFBzAC\n"
158 "hjtodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc2RvbWFpbnZh\n"
159 "bHNoYTJnMnIxLmNydDA5BggrBgEFBQcwAYYtaHR0cDovL29jc3AyLmdsb2JhbHNp\n"
160 "Z24uY29tL2dzZG9tYWludmFsc2hhMmcyMB0GA1UdDgQWBBR8k4wtqr2L7in153sI\n"
161 "aE9Eo+ZB5zAfBgNVHSMEGDAWgBTqTnzUgC3lFYGGJoyCbcCYpM+XDzANBgkqhkiG\n"
162 "9w0BAQsFAAOCAQEAHgjG+iHJ8INGp/J0VskjmMItSdcTJhsQbAf1Pz1eu87cXhFa\n"
163 "Vro1xRN9KcsKhnd6TbflDpZkM0g9kX1nGZUWLxMmDbx6N/Y+0X9XHBkgTcVgo1gn\n"
164 "DkzBfMq/Qmy6Szl+RqNinvM2VjkjreWP2AFmIvbZxjMQDAtSs+5l1Qd+xR3Qxrim\n"
165 "5XFIaS7lR8ediLKO0trf7TcbXYZ72u3pxVxm7y2Vzi4mC+lcEcc6409b1yeSRbx/\n"
166 "9N6pYa8Uk3ZaeR6hZHx/g448vVwAqmKrsyJZOayDwHxrFeFWPfJSrFlT8kLmkr5A\n"
167 "VKOWjR5fslCGWqONiFHhyujZocIw03v5+kD9lw==\n"
168 "-----END CERTIFICATE-----\n"
171 .name = "Cert verification (invalid hash)",
174 "\x03\x01\x01\x54\x4f\x28\x4d\x66\xaf\x2d\xe0\x8c\x17\xe7\x49\x6a\xed\xfa\x2e\x00\xaa\x1a\xc6\xbb\xf3\xaf\x5c\xa6\x2b\x55\xab\x7a\xc2\x69\xbe",
183 .expected_verify_ret = 0,
184 .expected_status = DANE_VERIFY_CERT_DIFFERS,
185 .cert = "-----BEGIN CERTIFICATE-----\n"
186 "MIIE+DCCA+CgAwIBAgISESHVV5p9ybDcuT+A7ITU5IQYMA0GCSqGSIb3DQEBCwUA\n"
187 "MGAxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYD\n"
188 "VQQDEy1HbG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g\n"
189 "RzIwHhcNMTUxMDIxMDkxOTAwWhcNMTYxMjE4MTY1NDU2WjA8MSEwHwYDVQQLExhE\n"
190 "b21haW4gQ29udHJvbCBWYWxpZGF0ZWQxFzAVBgNVBAMMDioubmxuZXRsYWJzLm5s\n"
191 "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzHpmwd7SC6vLKde0IcYD\n"
192 "rrVcSSZFNrmP6Wtw5rR7KTBGfj70lCzo1Tu4KzOeFL23cB/Y8kWPojw73eYM+lnr\n"
193 "woZmdG28q+nYeZYRNjFpeLmwK87bpWxw760FrdQSdPrgM9uZS02AWD8PWIWZQ+0X\n"
194 "5XbkgSSjgSRAeT6Ki+8r9TcA+rgUv208kHVgFrBqeNQ//oRojN/7tBbbXrVTy37W\n"
195 "yWLCijExfBzQSsamZqskwhmzYyCJOXCqHUGh/Nyt9WvcX4YE7ogba33M7EQX2C37\n"
196 "ZH+XcmHGdhhLahuMoAm39mchN8TwY7R6DtmvM/WhDdc4dkEWjvrUnGYQhajsKVIZ\n"
197 "oQIDAQABo4IBzjCCAcowDgYDVR0PAQH/BAQDAgWgMEkGA1UdIARCMEAwPgYGZ4EM\n"
198 "AQIBMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3Jl\n"
199 "cG9zaXRvcnkvMCcGA1UdEQQgMB6CDioubmxuZXRsYWJzLm5sggxubG5ldGxhYnMu\n"
200 "bmwwCQYDVR0TBAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwQwYD\n"
201 "VR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc2Rv\n"
202 "bWFpbnZhbHNoYTJnMi5jcmwwgZQGCCsGAQUFBwEBBIGHMIGEMEcGCCsGAQUFBzAC\n"
203 "hjtodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc2RvbWFpbnZh\n"
204 "bHNoYTJnMnIxLmNydDA5BggrBgEFBQcwAYYtaHR0cDovL29jc3AyLmdsb2JhbHNp\n"
205 "Z24uY29tL2dzZG9tYWludmFsc2hhMmcyMB0GA1UdDgQWBBR8k4wtqr2L7in153sI\n"
206 "aE9Eo+ZB5zAfBgNVHSMEGDAWgBTqTnzUgC3lFYGGJoyCbcCYpM+XDzANBgkqhkiG\n"
207 "9w0BAQsFAAOCAQEAHgjG+iHJ8INGp/J0VskjmMItSdcTJhsQbAf1Pz1eu87cXhFa\n"
208 "Vro1xRN9KcsKhnd6TbflDpZkM0g9kX1nGZUWLxMmDbx6N/Y+0X9XHBkgTcVgo1gn\n"
209 "DkzBfMq/Qmy6Szl+RqNinvM2VjkjreWP2AFmIvbZxjMQDAtSs+5l1Qd+xR3Qxrim\n"
210 "5XFIaS7lR8ediLKO0trf7TcbXYZ72u3pxVxm7y2Vzi4mC+lcEcc6409b1yeSRbx/\n"
211 "9N6pYa8Uk3ZaeR6hZHx/g448vVwAqmKrsyJZOayDwHxrFeFWPfJSrFlT8kLmkr5A\n"
212 "VKOWjR5fslCGWqONiFHhyujZocIw03v5+kD9lw==\n"
213 "-----END CERTIFICATE-----\n"
216 .name = "Cert verification (bogus data)",
219 "\x00\x00\x01\x19\x40\x0b\xe5\xb7\xa3\x1f\xb7\x33\x91\x77\x00\x78\x9d\x2f\x0a\x24\x71\xc0\xc9\xd5\x06\xc0\xe5\x04\xc0\x6c\x16\xd7\xcb\x17\xc0",
228 .expected_verify_ret = DANE_E_REQUESTED_DATA_NOT_AVAILABLE,
229 .expected_status = -1,
230 .cert = "-----BEGIN CERTIFICATE-----\n"
231 "MIIE+DCCA+CgAwIBAgISESHVV5p9ybDcuT+A7ITU5IQYMA0GCSqGSIb3DQEBCwUA\n"
232 "MGAxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYD\n"
233 "VQQDEy1HbG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g\n"
234 "RzIwHhcNMTUxMDIxMDkxOTAwWhcNMTYxMjE4MTY1NDU2WjA8MSEwHwYDVQQLExhE\n"
235 "b21haW4gQ29udHJvbCBWYWxpZGF0ZWQxFzAVBgNVBAMMDioubmxuZXRsYWJzLm5s\n"
236 "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzHpmwd7SC6vLKde0IcYD\n"
237 "rrVcSSZFNrmP6Wtw5rR7KTBGfj70lCzo1Tu4KzOeFL23cB/Y8kWPojw73eYM+lnr\n"
238 "woZmdG28q+nYeZYRNjFpeLmwK87bpWxw760FrdQSdPrgM9uZS02AWD8PWIWZQ+0X\n"
239 "5XbkgSSjgSRAeT6Ki+8r9TcA+rgUv208kHVgFrBqeNQ//oRojN/7tBbbXrVTy37W\n"
240 "yWLCijExfBzQSsamZqskwhmzYyCJOXCqHUGh/Nyt9WvcX4YE7ogba33M7EQX2C37\n"
241 "ZH+XcmHGdhhLahuMoAm39mchN8TwY7R6DtmvM/WhDdc4dkEWjvrUnGYQhajsKVIZ\n"
242 "oQIDAQABo4IBzjCCAcowDgYDVR0PAQH/BAQDAgWgMEkGA1UdIARCMEAwPgYGZ4EM\n"
243 "AQIBMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3Jl\n"
244 "cG9zaXRvcnkvMCcGA1UdEQQgMB6CDioubmxuZXRsYWJzLm5sggxubG5ldGxhYnMu\n"
245 "bmwwCQYDVR0TBAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwQwYD\n"
246 "VR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc2Rv\n"
247 "bWFpbnZhbHNoYTJnMi5jcmwwgZQGCCsGAQUFBwEBBIGHMIGEMEcGCCsGAQUFBzAC\n"
248 "hjtodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc2RvbWFpbnZh\n"
249 "bHNoYTJnMnIxLmNydDA5BggrBgEFBQcwAYYtaHR0cDovL29jc3AyLmdsb2JhbHNp\n"
250 "Z24uY29tL2dzZG9tYWludmFsc2hhMmcyMB0GA1UdDgQWBBR8k4wtqr2L7in153sI\n"
251 "aE9Eo+ZB5zAfBgNVHSMEGDAWgBTqTnzUgC3lFYGGJoyCbcCYpM+XDzANBgkqhkiG\n"
252 "9w0BAQsFAAOCAQEAHgjG+iHJ8INGp/J0VskjmMItSdcTJhsQbAf1Pz1eu87cXhFa\n"
253 "Vro1xRN9KcsKhnd6TbflDpZkM0g9kX1nGZUWLxMmDbx6N/Y+0X9XHBkgTcVgo1gn\n"
254 "DkzBfMq/Qmy6Szl+RqNinvM2VjkjreWP2AFmIvbZxjMQDAtSs+5l1Qd+xR3Qxrim\n"
255 "5XFIaS7lR8ediLKO0trf7TcbXYZ72u3pxVxm7y2Vzi4mC+lcEcc6409b1yeSRbx/\n"
256 "9N6pYa8Uk3ZaeR6hZHx/g448vVwAqmKrsyJZOayDwHxrFeFWPfJSrFlT8kLmkr5A\n"
257 "VKOWjR5fslCGWqONiFHhyujZocIw03v5+kD9lw==\n"
258 "-----END CERTIFICATE-----\n"
261 .name = "CA verification (valid)",
263 (char*)"\x00\x00\x01\x19\x40\x0b\xe5\xb7\xa3\x1f\xb7\x33\x91\x77\x00\x78\x9d\x2f\x0a\x24\x71\xc0\xc9\xd5\x06\xc0\xe5\x04\xc0\x6c\x16\xd7\xcb\x17\xc0",
272 .expected_verify_ret = 0,
273 .expected_status = 0,
274 .cert = "-----BEGIN CERTIFICATE-----\n"
275 "MIIGXjCCBUagAwIBAgIQBNO3A71kyzonos0JsLRHrjANBgkqhkiG9w0BAQsFADBw\n"
276 "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n"
277 "d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\n"
278 "dXJhbmNlIFNlcnZlciBDQTAeFw0xNDA0MjIwMDAwMDBaFw0xNzA0MjYxMjAwMDBa\n"
279 "MG0xCzAJBgNVBAYTAlVTMRcwFQYDVQQIEw5Ob3J0aCBDYXJvbGluYTEQMA4GA1UE\n"
280 "BxMHUmFsZWlnaDEVMBMGA1UEChMMUmVkIEhhdCBJbmMuMRwwGgYDVQQDDBMqLmZl\n"
281 "ZG9yYXByb2plY3Qub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA\n"
282 "vpd22JvToGSgnx2CBtfdoqvraQWNpQ1aXd/PSM0PVIqEjutrKJF7Xhr7DgHRLOhy\n"
283 "ko1CzfSp5n6nB7raqDq2kddWgqL3tuyb+lSwdQRGuJZsWW3CCwzR3VNRQUnPldpd\n"
284 "vqHVSkjHkIZYVcZ2FnMYWEa43ESnmgiQGBg4G+T7/9Pv+10SQ+fOE175GWZKHkJm\n"
285 "vJZAjIO2uxvJ/rCq3YQI6hdAsclIiSZ4X8UXWt0IMjp/RdCCnv+SS4XCirZ/IDqM\n"
286 "H+WdMllD0/cbgIOr4SXEuUPEJcI5NziuILe05RefFeZXoC6dxNWr8BvAjxxrZtpS\n"
287 "/7OMwE+WYkVIH8fkgCTVfsa2ZOvMM5CWzxqWKhbFsbw6EGSVIIUtI3C28i3rjLjr\n"
288 "XZ/94k3pf3i/u6DzUmlWm8psn6XZXru0+FKPTrmeDluyuxJsgzudk8mF8Cjw/Oc0\n"
289 "IHVg6Qw/Dm/OM9cAVqmb6ld3GF+QlkzTwurEGKeGj8s8Td0WoPOf6apB/PIaDIu1\n"
290 "rJphTVyGNqfKqMFFOwqH/M9CVtaEfwYqT9aB8OSE8MtFe3L1WypEq4tK8VUtoi98\n"
291 "0S9mz4fxathakM+js1eyup/uz0W4cKIFbONLgod0g1arMmSB1Ox7GD6qaUC6zKr8\n"
292 "hWcKMROSg8VFYMhqwGR2k64knXDsVH1mAOgRbJabr3ECAwEAAaOCAfUwggHxMB8G\n"
293 "A1UdIwQYMBaAFFFo/5CvAgd1PMzZZWRiohK4WXI7MB0GA1UdDgQWBBRaTFeTslW8\n"
294 "sjOiEWQkQoHtHefJIjAxBgNVHREEKjAoghMqLmZlZG9yYXByb2plY3Qub3JnghFm\n"
295 "ZWRvcmFwcm9qZWN0Lm9yZzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB\n"
296 "BQUHAwEGCCsGAQUFBwMCMHUGA1UdHwRuMGwwNKAyoDCGLmh0dHA6Ly9jcmwzLmRp\n"
297 "Z2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nMi5jcmwwNKAyoDCGLmh0dHA6Ly9j\n"
298 "cmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nMi5jcmwwQgYDVR0gBDsw\n"
299 "OTA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNl\n"
300 "cnQuY29tL0NQUzCBgwYIKwYBBQUHAQEEdzB1MCQGCCsGAQUFBzABhhhodHRwOi8v\n"
301 "b2NzcC5kaWdpY2VydC5jb20wTQYIKwYBBQUHMAKGQWh0dHA6Ly9jYWNlcnRzLmRp\n"
302 "Z2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJIaWdoQXNzdXJhbmNlU2VydmVyQ0EuY3J0\n"
303 "MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBADSBIYR5GwUfYTHlXeej\n"
304 "tgOMbGIiBD1YPBNlP7vLiGc9+Z4rUxWy/TkL7WUFJf1L88ph1CUQ8TbRjLz2RqL8\n"
305 "snkFWjMsH9ddnwTO4zkCtTjC9fu+broPkmvzmHq2hlXuiDz9G7XvjtbtPujrrKOz\n"
306 "o1pPAEl5c4B0ANaYL0OMUDhvskJguVMC5S/ZNuvNg6k3jkKZWGZPfcxgcZoPvBM8\n"
307 "oIjImGyUMpy7bqRPp4K2xoN530GjoXg8OWIvyAwA06ENLZrU1fcSJsvH2gZVzk8s\n"
308 "EvqFNFnOJN3aQ21imUjAesJ9dXSeCpscDDHqwzmRPuj2/QgtpMCmSZf34mdEzDIJ\n"
310 "-----END CERTIFICATE-----\n",
311 .ca = "-----BEGIN CERTIFICATE-----\n"
312 "MIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBs\n"
313 "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n"
314 "d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j\n"
315 "ZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDEL\n"
316 "MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3\n"
317 "LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3Vy\n"
318 "YW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2\n"
319 "4C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMIC\n"
320 "Kq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1\n"
321 "itrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn\n"
322 "4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0X\n"
323 "sh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcft\n"
324 "bZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEA\n"
325 "MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw\n"
326 "NAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy\n"
327 "dC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29t\n"
328 "L0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIG\n"
329 "BFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQ\n"
330 "UzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7D\n"
331 "aQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwd\n"
332 "aOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNH\n"
333 "E+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly\n"
334 "/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zu\n"
335 "xICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF\n"
336 "0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0Ae\n"
338 "-----END CERTIFICATE-----\n"
341 .name = "CA verification (invalid)",
343 (char*)"\x00\x00\x01\x19\x40\x0b\xe5\xb7\xa3\x1f\xb7\x33\x92\x77\x00\x78\x9d\x2f\x0a\x24\x71\xc0\xc9\xd5\x06\xc0\xe5\x04\xc0\x6c\x16\xd7\xcb\x17\xc0",
352 .expected_verify_ret = 0,
353 .expected_status = DANE_VERIFY_CA_CONSTRAINTS_VIOLATED,
354 .cert = "-----BEGIN CERTIFICATE-----\n"
355 "MIIGXjCCBUagAwIBAgIQBNO3A71kyzonos0JsLRHrjANBgkqhkiG9w0BAQsFADBw\n"
356 "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n"
357 "d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\n"
358 "dXJhbmNlIFNlcnZlciBDQTAeFw0xNDA0MjIwMDAwMDBaFw0xNzA0MjYxMjAwMDBa\n"
359 "MG0xCzAJBgNVBAYTAlVTMRcwFQYDVQQIEw5Ob3J0aCBDYXJvbGluYTEQMA4GA1UE\n"
360 "BxMHUmFsZWlnaDEVMBMGA1UEChMMUmVkIEhhdCBJbmMuMRwwGgYDVQQDDBMqLmZl\n"
361 "ZG9yYXByb2plY3Qub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA\n"
362 "vpd22JvToGSgnx2CBtfdoqvraQWNpQ1aXd/PSM0PVIqEjutrKJF7Xhr7DgHRLOhy\n"
363 "ko1CzfSp5n6nB7raqDq2kddWgqL3tuyb+lSwdQRGuJZsWW3CCwzR3VNRQUnPldpd\n"
364 "vqHVSkjHkIZYVcZ2FnMYWEa43ESnmgiQGBg4G+T7/9Pv+10SQ+fOE175GWZKHkJm\n"
365 "vJZAjIO2uxvJ/rCq3YQI6hdAsclIiSZ4X8UXWt0IMjp/RdCCnv+SS4XCirZ/IDqM\n"
366 "H+WdMllD0/cbgIOr4SXEuUPEJcI5NziuILe05RefFeZXoC6dxNWr8BvAjxxrZtpS\n"
367 "/7OMwE+WYkVIH8fkgCTVfsa2ZOvMM5CWzxqWKhbFsbw6EGSVIIUtI3C28i3rjLjr\n"
368 "XZ/94k3pf3i/u6DzUmlWm8psn6XZXru0+FKPTrmeDluyuxJsgzudk8mF8Cjw/Oc0\n"
369 "IHVg6Qw/Dm/OM9cAVqmb6ld3GF+QlkzTwurEGKeGj8s8Td0WoPOf6apB/PIaDIu1\n"
370 "rJphTVyGNqfKqMFFOwqH/M9CVtaEfwYqT9aB8OSE8MtFe3L1WypEq4tK8VUtoi98\n"
371 "0S9mz4fxathakM+js1eyup/uz0W4cKIFbONLgod0g1arMmSB1Ox7GD6qaUC6zKr8\n"
372 "hWcKMROSg8VFYMhqwGR2k64knXDsVH1mAOgRbJabr3ECAwEAAaOCAfUwggHxMB8G\n"
373 "A1UdIwQYMBaAFFFo/5CvAgd1PMzZZWRiohK4WXI7MB0GA1UdDgQWBBRaTFeTslW8\n"
374 "sjOiEWQkQoHtHefJIjAxBgNVHREEKjAoghMqLmZlZG9yYXByb2plY3Qub3JnghFm\n"
375 "ZWRvcmFwcm9qZWN0Lm9yZzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB\n"
376 "BQUHAwEGCCsGAQUFBwMCMHUGA1UdHwRuMGwwNKAyoDCGLmh0dHA6Ly9jcmwzLmRp\n"
377 "Z2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nMi5jcmwwNKAyoDCGLmh0dHA6Ly9j\n"
378 "cmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nMi5jcmwwQgYDVR0gBDsw\n"
379 "OTA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNl\n"
380 "cnQuY29tL0NQUzCBgwYIKwYBBQUHAQEEdzB1MCQGCCsGAQUFBzABhhhodHRwOi8v\n"
381 "b2NzcC5kaWdpY2VydC5jb20wTQYIKwYBBQUHMAKGQWh0dHA6Ly9jYWNlcnRzLmRp\n"
382 "Z2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJIaWdoQXNzdXJhbmNlU2VydmVyQ0EuY3J0\n"
383 "MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBADSBIYR5GwUfYTHlXeej\n"
384 "tgOMbGIiBD1YPBNlP7vLiGc9+Z4rUxWy/TkL7WUFJf1L88ph1CUQ8TbRjLz2RqL8\n"
385 "snkFWjMsH9ddnwTO4zkCtTjC9fu+broPkmvzmHq2hlXuiDz9G7XvjtbtPujrrKOz\n"
386 "o1pPAEl5c4B0ANaYL0OMUDhvskJguVMC5S/ZNuvNg6k3jkKZWGZPfcxgcZoPvBM8\n"
387 "oIjImGyUMpy7bqRPp4K2xoN530GjoXg8OWIvyAwA06ENLZrU1fcSJsvH2gZVzk8s\n"
388 "EvqFNFnOJN3aQ21imUjAesJ9dXSeCpscDDHqwzmRPuj2/QgtpMCmSZf34mdEzDIJ\n"
390 "-----END CERTIFICATE-----\n",
391 .ca = "-----BEGIN CERTIFICATE-----\n"
392 "MIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBs\n"
393 "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n"
394 "d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j\n"
395 "ZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDEL\n"
396 "MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3\n"
397 "LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3Vy\n"
398 "YW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2\n"
399 "4C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMIC\n"
400 "Kq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1\n"
401 "itrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn\n"
402 "4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0X\n"
403 "sh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcft\n"
404 "bZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEA\n"
405 "MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw\n"
406 "NAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy\n"
407 "dC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29t\n"
408 "L0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIG\n"
409 "BFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQ\n"
410 "UzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7D\n"
411 "aQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwd\n"
412 "aOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNH\n"
413 "E+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly\n"
414 "/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zu\n"
415 "xICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF\n"
416 "0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0Ae\n"
418 "-----END CERTIFICATE-----\n"
420 { /* as the previous but with first byte invalid */
421 .name = "CA verification (multiple entries)",
424 "\x00\x00\x01\x19\x40\x0b\xe5\xb7\xa3\x1f\xb7\x33\x91\x77\x00\x78\x9d\x2f\x0a\x24\x71\xc0\xc9\xd5\x06\xc0\xe5\x04\xc0\x6c\x16\xd7\xcb\x17\xc0",
426 "\x03\x01\x01\x54\x4f\x28\x4d\x66\xaf\x2d\xe0\x8c\x17\xe7\x48\x6a\xed\xfa\x2e\x00\xaa\x1a\xc6\xbb\xf3\xaf\x5c\xa6\x2b\x55\xab\x7a\xc2\x69\xbe",
428 "\x00\x00\x01\x19\x40\x0b\xe5\xb7\xa3\x1f\xb7\x33\x91\x77\x00\x78\x9d\x2f\x0a\x24\x71\xc0\xc9\xd5\x06\xc0\xe5\x04\xc0\x6c\x16\xd7\xcb\x17\xc0",
430 "\x03\x00\x01\x03\x32\xaa\x2d\x58\xb3\xe0\x54\x4b\x65\x65\x64\x38\x93\x70\x68\xba\x44\xce\x2f\x14\x46\x9c\x4f\x50\xc9\xcc\x69\x33\xc8\x08\xd3",
442 .expected_verify_ret = 0,
443 .expected_status = 0,
444 .cert = "-----BEGIN CERTIFICATE-----\n"
445 "MIIGXjCCBUagAwIBAgIQBNO3A71kyzonos0JsLRHrjANBgkqhkiG9w0BAQsFADBw\n"
446 "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n"
447 "d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\n"
448 "dXJhbmNlIFNlcnZlciBDQTAeFw0xNDA0MjIwMDAwMDBaFw0xNzA0MjYxMjAwMDBa\n"
449 "MG0xCzAJBgNVBAYTAlVTMRcwFQYDVQQIEw5Ob3J0aCBDYXJvbGluYTEQMA4GA1UE\n"
450 "BxMHUmFsZWlnaDEVMBMGA1UEChMMUmVkIEhhdCBJbmMuMRwwGgYDVQQDDBMqLmZl\n"
451 "ZG9yYXByb2plY3Qub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA\n"
452 "vpd22JvToGSgnx2CBtfdoqvraQWNpQ1aXd/PSM0PVIqEjutrKJF7Xhr7DgHRLOhy\n"
453 "ko1CzfSp5n6nB7raqDq2kddWgqL3tuyb+lSwdQRGuJZsWW3CCwzR3VNRQUnPldpd\n"
454 "vqHVSkjHkIZYVcZ2FnMYWEa43ESnmgiQGBg4G+T7/9Pv+10SQ+fOE175GWZKHkJm\n"
455 "vJZAjIO2uxvJ/rCq3YQI6hdAsclIiSZ4X8UXWt0IMjp/RdCCnv+SS4XCirZ/IDqM\n"
456 "H+WdMllD0/cbgIOr4SXEuUPEJcI5NziuILe05RefFeZXoC6dxNWr8BvAjxxrZtpS\n"
457 "/7OMwE+WYkVIH8fkgCTVfsa2ZOvMM5CWzxqWKhbFsbw6EGSVIIUtI3C28i3rjLjr\n"
458 "XZ/94k3pf3i/u6DzUmlWm8psn6XZXru0+FKPTrmeDluyuxJsgzudk8mF8Cjw/Oc0\n"
459 "IHVg6Qw/Dm/OM9cAVqmb6ld3GF+QlkzTwurEGKeGj8s8Td0WoPOf6apB/PIaDIu1\n"
460 "rJphTVyGNqfKqMFFOwqH/M9CVtaEfwYqT9aB8OSE8MtFe3L1WypEq4tK8VUtoi98\n"
461 "0S9mz4fxathakM+js1eyup/uz0W4cKIFbONLgod0g1arMmSB1Ox7GD6qaUC6zKr8\n"
462 "hWcKMROSg8VFYMhqwGR2k64knXDsVH1mAOgRbJabr3ECAwEAAaOCAfUwggHxMB8G\n"
463 "A1UdIwQYMBaAFFFo/5CvAgd1PMzZZWRiohK4WXI7MB0GA1UdDgQWBBRaTFeTslW8\n"
464 "sjOiEWQkQoHtHefJIjAxBgNVHREEKjAoghMqLmZlZG9yYXByb2plY3Qub3JnghFm\n"
465 "ZWRvcmFwcm9qZWN0Lm9yZzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB\n"
466 "BQUHAwEGCCsGAQUFBwMCMHUGA1UdHwRuMGwwNKAyoDCGLmh0dHA6Ly9jcmwzLmRp\n"
467 "Z2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nMi5jcmwwNKAyoDCGLmh0dHA6Ly9j\n"
468 "cmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nMi5jcmwwQgYDVR0gBDsw\n"
469 "OTA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNl\n"
470 "cnQuY29tL0NQUzCBgwYIKwYBBQUHAQEEdzB1MCQGCCsGAQUFBzABhhhodHRwOi8v\n"
471 "b2NzcC5kaWdpY2VydC5jb20wTQYIKwYBBQUHMAKGQWh0dHA6Ly9jYWNlcnRzLmRp\n"
472 "Z2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJIaWdoQXNzdXJhbmNlU2VydmVyQ0EuY3J0\n"
473 "MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBADSBIYR5GwUfYTHlXeej\n"
474 "tgOMbGIiBD1YPBNlP7vLiGc9+Z4rUxWy/TkL7WUFJf1L88ph1CUQ8TbRjLz2RqL8\n"
475 "snkFWjMsH9ddnwTO4zkCtTjC9fu+broPkmvzmHq2hlXuiDz9G7XvjtbtPujrrKOz\n"
476 "o1pPAEl5c4B0ANaYL0OMUDhvskJguVMC5S/ZNuvNg6k3jkKZWGZPfcxgcZoPvBM8\n"
477 "oIjImGyUMpy7bqRPp4K2xoN530GjoXg8OWIvyAwA06ENLZrU1fcSJsvH2gZVzk8s\n"
478 "EvqFNFnOJN3aQ21imUjAesJ9dXSeCpscDDHqwzmRPuj2/QgtpMCmSZf34mdEzDIJ\n"
480 "-----END CERTIFICATE-----\n",
481 .ca = "-----BEGIN CERTIFICATE-----\n"
482 "MIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBs\n"
483 "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n"
484 "d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j\n"
485 "ZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDEL\n"
486 "MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3\n"
487 "LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3Vy\n"
488 "YW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2\n"
489 "4C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMIC\n"
490 "Kq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1\n"
491 "itrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn\n"
492 "4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0X\n"
493 "sh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcft\n"
494 "bZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEA\n"
495 "MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw\n"
496 "NAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy\n"
497 "dC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29t\n"
498 "L0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIG\n"
499 "BFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQ\n"
500 "UzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7D\n"
501 "aQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwd\n"
502 "aOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNH\n"
503 "E+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly\n"
504 "/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zu\n"
505 "xICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF\n"
506 "0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0Ae\n"
508 "-----END CERTIFICATE-----\n"
512 static time_t mytime(time_t * t)
514 time_t then = 1461671166;
522 static void crt_to_der(gnutls_datum_t *chain, const char *pem, unsigned size)
525 gnutls_x509_crt_t crt;
526 gnutls_datum_t input = {(void*)pem, size};
528 gnutls_x509_crt_init(&crt);
530 ret = gnutls_x509_crt_import(crt, &input, GNUTLS_X509_FMT_PEM);
532 fail("%d: %s\n", __LINE__, gnutls_strerror(ret));
536 ret = gnutls_x509_crt_export2(crt, GNUTLS_X509_FMT_DER, chain);
538 fail("%d: %s\n", __LINE__, gnutls_strerror(ret));
542 gnutls_x509_crt_deinit(crt);
545 static void dane_raw_check(void)
550 unsigned int entries, i, j;
556 gnutls_global_set_time_function(mytime);
558 ret = dane_state_init(&s, DANE_F_IGNORE_LOCAL_RESOLVER);
560 fail("dane_state_init: %s\n", dane_strerror(ret));
563 for (j = 0; j < sizeof(data_entries) / sizeof(data_entries[0]); j++) {
565 success("running test[%d]: %s\n", j, data_entries[j].name);
568 dane_raw_tlsa(s, &r, data_entries[j].queries,
569 data_entries[j].q_size, data_entries[j].secure,
570 data_entries[j].bogus);
571 if (ret != data_entries[j].expected_ret) {
572 fail("test[%d]: %d: %s\n", j, __LINE__, dane_strerror(ret));
576 dane_query_to_raw_tlsa(r, &entries, &r_data, &r_data_len,
579 fail("test[%d]: %d: %s\n", j, __LINE__, dane_strerror(ret));
582 if (entries != data_entries[j].no_queries)
583 fail("test[%d]: %d\n", j, __LINE__);
585 if (secure != data_entries[j].secure)
586 fail("test[%d]: %d\n", j, __LINE__);
588 if (bogus != data_entries[j].bogus)
589 fail("test[%d]: %d\n", j, __LINE__);
591 for (i = 0; i < entries; i++) {
592 if (r_data_len[i] != data_entries[j].q_size[i])
593 fail("test[%d]: %d: %s\n", j, __LINE__, dane_strerror(ret));
596 (r_data[i], data_entries[j].queries[i],
598 fail("test[%d]: %d: %s\n", j, __LINE__, dane_strerror(ret));
601 if (data_entries[j].cert) { /* verify cert */
602 gnutls_datum_t chain[2];
604 unsigned chain_size = 1;
606 crt_to_der(&chain[0], data_entries[j].cert, strlen(data_entries[j].cert));
608 if (data_entries[j].ca) {
609 crt_to_der(&chain[1], data_entries[j].ca, strlen(data_entries[j].ca));
613 ret = dane_verify_crt_raw(NULL, chain, chain_size, GNUTLS_CRT_X509, r,
616 if (ret != data_entries[j].expected_verify_ret)
617 fail("test[%d]: %d: %s\n", j, __LINE__, dane_strerror(ret));
619 if (ret >= 0 && status != data_entries[j].expected_status) {
620 fail("tests[%d]: expected verif. status %x, got %x\n", j, data_entries[j].expected_status, status);
628 success("completed test[%d]: %s\n", j, data_entries[j].name);
631 gnutls_free(r_data_len);
633 dane_query_deinit(r);
635 dane_state_deinit(s);
644 fail("global_init\n");
652 gnutls_global_deinit();