2 * Copyright (C) 2011-2012 Free Software Foundation, Inc.
4 * Author: Simon Josefsson
6 * This file is part of GnuTLS.
8 * GnuTLS is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
13 * GnuTLS is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with GnuTLS; if not, write to the Free Software Foundation,
20 * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
30 #include <gnutls/gnutls.h>
31 #include <gnutls/ocsp.h>
32 #include <gnutls/x509.h>
36 /* Tests the OCSP request and response parsing in gnutls.
37 * If this test fails, you most probably need to update your
40 static time_t mytime(time_t * t)
42 time_t then = 1332548220;
52 static void tls_log_func(int level, const char *str)
54 fprintf(stderr, "|<%d>| %s", level, str);
57 #define REQ1 "\x30\x67\x30\x65\x30\x3e\x30\x3c\x30\x3a\x30\x09\x06\x05\x2b\x0e\x03\x02\x1a\x05\x00\x04\x14\x13\x9d\xa0\x9e\xf4\x32\xab\x8f\xe2\x89\x56\x67\xfa\xd0\xd4\xe3\x35\x86\x71\xb9\x04\x14\x5d\xa7\xdd\x70\x06\x51\x32\x7e\xe7\xb6\x6d\xb3\xb5\xe5\xe0\x60\xea\x2e\x4d\xef\x02\x01\x1d\xa2\x23\x30\x21\x30\x1f\x06\x09\x2b\x06\x01\x05\x05\x07\x30\x01\x02\x04\x12\x04\x10\x35\xc5\xe3\x50\xc3\xcf\x04\x33\xcc\x9e\x06\x3a\x9a\x18\x80\xcc"
59 static const gnutls_datum_t req1 =
60 { (unsigned char *) REQ1, sizeof(REQ1) - 1 };
63 "OCSP Request Information:\n" \
66 " Certificate ID:\n" \
67 " Hash Algorithm: SHA1\n" \
68 " Issuer Name Hash: 139da09ef432ab8fe2895667fad0d4e3358671b9\n" \
69 " Issuer Key Hash: 5da7dd700651327ee7b66db3b5e5e060ea2e4def\n" \
70 " Serial Number: 1d\n" \
72 " Nonce: 35c5e350c3cf0433cc9e063a9a1880cc\n"
74 #define REQ1NONCE "\x04\x10\x35\xc5\xe3\x50\xc3\xcf\x04\x33\xcc\x9e\x06\x3a\x9a\x18\x80\xcc"
76 #define REQ1INH "\x13\x9d\xa0\x9e\xf4\x32\xab\x8f\xe2\x89\x56\x67\xfa\xd0\xd4\xe3\x35\x86\x71\xb9"
77 #define REQ1IKH "\x5d\xa7\xdd\x70\x06\x51\x32\x7e\xe7\xb6\x6d\xb3\xb5\xe5\xe0\x60\xea\x2e\x4d\xef"
82 #define RESP1 "\x30\x03\x0a\x01\x01"
84 static const gnutls_datum_t resp1 =
85 { (unsigned char *) RESP1, sizeof(RESP1) - 1 };
88 "OCSP Response Information:\n" \
89 " Response Status: malformedRequest\n"
91 #define RESP2 "\x30\x82\x06\x8C\x0A\x01\x00\xA0\x82\x06\x85\x30\x82\x06\x81\x06\x09\x2B\x06\x01\x05\x05\x07\x30\x01\x01\x04\x82\x06\x72\x30\x82\x06\x6E\x30\x82\x01\x07\xA1\x69\x30\x67\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x48\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x4C\x69\x6E\x75\x78\x20\x73\x74\x72\x6F\x6E\x67\x53\x77\x61\x6E\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x4F\x43\x53\x50\x20\x53\x69\x67\x6E\x69\x6E\x67\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x31\x1C\x30\x1A\x06\x03\x55\x04\x03\x13\x13\x6F\x63\x73\x70\x2E\x73\x74\x72\x6F\x6E\x67\x73\x77\x61\x6E\x2E\x6F\x72\x67\x18\x0F\x32\x30\x31\x31\x30\x39\x32\x37\x30\x39\x35\x34\x32\x38\x5A\x30\x64\x30\x62\x30\x3A\x30\x09\x06\x05\x2B\x0E\x03\x02\x1A\x05\x00\x04\x14\x13\x9D\xA0\x9E\xF4\x32\xAB\x8F\xE2\x89\x56\x67\xFA\xD0\xD4\xE3\x35\x86\x71\xB9\x04\x14\x5D\xA7\xDD\x70\x06\x51\x32\x7E\xE7\xB6\x6D\xB3\xB5\xE5\xE0\x60\xEA\x2E\x4D\xEF\x02\x01\x1D\x80\x00\x18\x0F\x32\x30\x31\x31\x30\x39\x32\x37\x30\x39\x35\x34\x32\x38\x5A\xA0\x11\x18\x0F\x32\x30\x31\x31\x30\x39\x32\x37\x30\x39\x35\x39\x32\x38\x5A\xA1\x23\x30\x21\x30\x1F\x06\x09\x2B\x06\x01\x05\x05\x07\x30\x01\x02\x04\x12\x04\x10\x16\x89\x7D\x91\x3A\xB5\x25\xA4\x45\xFE\xC9\xFD\xC2\xE5\x08\xA4\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x4E\xAD\x6B\x2B\xF7\xF2\xBF\xA9\x23\x1E\x3A\x0B\x06\xDB\x55\x53\x2B\x64\x54\x11\x32\xBF\x60\xF7\x4F\xE0\x8E\x9B\xA0\xA2\x4C\x79\xC3\x2A\xE0\x43\xF7\x40\x1A\xDC\xB9\xB4\x25\xEF\x48\x01\x97\x8C\xF5\x1E\xDB\xD1\x30\x37\x73\x69\xD6\xA7\x7A\x2D\x8E\xDE\x5C\xAA\xEA\x39\xB9\x52\xAA\x25\x1E\x74\x7D\xF9\x78\x95\x8A\x92\x1F\x98\x21\xF4\x60\x7F\xD3\x28\xEE\x47\x9C\xBF\xE2\x5D\xF6\x3F\x68\x0A\xD6\xFF\x08\xC1\xDC\x95\x1E\x29\xD7\x3E\x85\xD5\x65\xA4\x4B\xC0\xAF\xC3\x78\xAB\x06\x98\x88\x19\x8A\x64\xA6\x83\x91\x87\x13\xDB\x17\xCC\x46\xBD\xAB\x4E\xC7\x16\xD1\xF8\x35\xFD\x27\xC8\xF6\x6B\xEB\x37\xB8\x08\x6F\xE2\x6F\xB4\x7E\xD5\x68\xDB\x7F\x5D\x5E\x36\x38\xF2\x77\x59\x13\xE7\x3E\x4D\x67\x5F\xDB\xA2\xF5\x5D\x7C\xBF\xBD\xB5\x37\x33\x51\x36\x63\xF8\x21\x1E\xFC\x73\x8F\x32\x69\xBB\x97\xA7\xBD\xF1\xB6\xE0\x40\x09\x68\xEA\xD5\x93\xB8\xBB\x39\x8D\xA8\x16\x1B\xBF\x04\x7A\xBC\x18\x43\x01\xE9\x3C\x19\x5C\x4D\x4B\x98\xD8\x23\x37\x39\xA4\xC4\xDD\xED\x9C\xEC\x37\xAB\x66\x44\x9B\xE7\x5B\x5D\x32\xA2\xDB\xA6\x0B\x3B\x8C\xE1\xF5\xDB\xCB\x7D\x58\xA0\x82\x04\x4B\x30\x82\x04\x47\x30\x82\x04\x43\x30\x82\x03\x2B\xA0\x03\x02\x01\x02\x02\x01\x1E\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x45\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x48\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x4C\x69\x6E\x75\x78\x20\x73\x74\x72\x6F\x6E\x67\x53\x77\x61\x6E\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x73\x74\x72\x6F\x6E\x67\x53\x77\x61\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x1E\x17\x0D\x30\x39\x31\x31\x32\x34\x31\x32\x35\x31\x35\x33\x5A\x17\x0D\x31\x34\x31\x31\x32\x33\x31\x32\x35\x31\x35\x33\x5A\x30\x67\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x48\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x4C\x69\x6E\x75\x78\x20\x73\x74\x72\x6F\x6E\x67\x53\x77\x61\x6E\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x4F\x43\x53\x50\x20\x53\x69\x67\x6E\x69\x6E\x67\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x31\x1C\x30\x1A\x06\x03\x55\x04\x03\x13\x13\x6F\x63\x73\x70\x2E\x73\x74\x72\x6F\x6E\x67\x73\x77\x61\x6E\x2E\x6F\x72\x67\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xBC\x05\x3E\x4B\xBE\xC6\xB1\x33\x48\x0E\xC3\xD4\x0C\xEF\x83\x0B\xBD\xBC\x57\x5F\x14\xEF\xF5\x6D\x0B\xFF\xFA\x01\x9C\xFA\x21\x6D\x5C\xAE\x79\x29\x74\xFE\xBD\xAB\x70\x87\x98\x6B\x48\x35\x79\xE3\xE0\xC1\x14\x41\x1F\x0A\xF7\xE7\xA3\xA6\xDA\x6B\xFF\xCD\x74\xE9\x95\x00\x38\xAA\xD6\x3A\x60\xC6\x64\xA1\xE6\x02\x39\x58\x4E\xFD\xF2\x78\x08\x63\xB6\xD7\x7A\x96\x79\x62\x18\x39\xEE\x27\x8D\x3B\xA2\x3D\x48\x88\xDB\x43\xD6\x6A\x77\x20\x6A\x27\x39\x50\xE0\x02\x50\x19\xF2\x7A\xCF\x78\x23\x99\x01\xD4\xE5\xB1\xD1\x31\xE6\x6B\x84\xAF\xD0\x77\x41\x46\x85\xB0\x3B\xE6\x6A\x00\x0F\x3B\x7E\x95\x7F\x59\xA8\x22\xE8\x49\x49\x05\xC8\xCB\x6C\xEE\x47\xA7\x2D\xC9\x74\x5B\xEB\x8C\xD5\x99\xC2\xE2\x70\xDB\xEA\x87\x43\x84\x0E\x4F\x83\x1C\xA6\xEB\x1F\x22\x38\x17\x69\x9B\x72\x12\x95\x48\x71\xB2\x7B\x92\x73\x52\xAB\xE3\x1A\xA5\xD3\xF4\x44\x14\xBA\xC3\x35\xDA\x91\x6C\x7D\xB4\xC2\x00\x07\xD8\x0A\x51\xF1\x0D\x4C\xD9\x7A\xD1\x99\xE6\xA8\x8D\x0A\x80\xA8\x91\xDD\x8A\xA2\x6B\xF6\xDB\xB0\x3E\xC9\x71\xA9\xE0\x39\xC3\xA3\x58\x0D\x87\xD0\xB2\xA7\x9C\xB7\x69\x02\x03\x01\x00\x01\xA3\x82\x01\x1A\x30\x82\x01\x16\x30\x09\x06\x03\x55\x1D\x13\x04\x02\x30\x00\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x03\xA8\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x34\x91\x6E\x91\x32\xBF\x35\x25\x43\xCC\x28\x74\xEF\x82\xC2\x57\x92\x79\x13\x73\x30\x6D\x06\x03\x55\x1D\x23\x04\x66\x30\x64\x80\x14\x5D\xA7\xDD\x70\x06\x51\x32\x7E\xE7\xB6\x6D\xB3\xB5\xE5\xE0\x60\xEA\x2E\x4D\xEF\xA1\x49\xA4\x47\x30\x45\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x48\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x4C\x69\x6E\x75\x78\x20\x73\x74\x72\x6F\x6E\x67\x53\x77\x61\x6E\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x73\x74\x72\x6F\x6E\x67\x53\x77\x61\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x82\x01\x00\x30\x1E\x06\x03\x55\x1D\x11\x04\x17\x30\x15\x82\x13\x6F\x63\x73\x70\x2E\x73\x74\x72\x6F\x6E\x67\x73\x77\x61\x6E\x2E\x6F\x72\x67\x30\x13\x06\x03\x55\x1D\x25\x04\x0C\x30\x0A\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x09\x30\x39\x06\x03\x55\x1D\x1F\x04\x32\x30\x30\x30\x2E\xA0\x2C\xA0\x2A\x86\x28\x68\x74\x74\x70\x3A\x2F\x2F\x63\x72\x6C\x2E\x73\x74\x72\x6F\x6E\x67\x73\x77\x61\x6E\x2E\x6F\x72\x67\x2F\x73\x74\x72\x6F\x6E\x67\x73\x77\x61\x6E\x2E\x63\x72\x6C\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x01\x01\x00\x6D\x78\xD7\x66\x90\xA6\xEB\xDD\xB5\x09\x48\xA4\xDA\x27\xFA\xAC\xB1\xBC\x8F\x8C\xBE\xCC\x8C\x09\xA2\x40\x0D\x6C\x4A\xAE\x72\x22\x1E\xC8\xAF\x6D\xF1\x12\xAF\xD7\x40\x51\x79\xD4\xDD\xB2\x0C\xDB\x97\x84\xB6\x24\xD5\xF5\xA8\xBB\xC0\x4B\xF9\x7F\x71\xF7\xB0\x65\x42\x4A\x7D\xFE\x76\x7E\x05\xD2\x46\xB8\x7D\xB3\x39\x4C\x5C\xB1\xFA\xB9\xEE\x3B\x70\x33\x39\x57\x1A\xB9\x95\x51\x33\x00\x25\x1B\x4C\xAA\xB4\xA7\x55\xAF\x63\x6D\x6F\x88\x17\x6A\x7F\xB0\x97\xDE\x49\x14\x6A\x27\x6A\xB0\x42\x80\xD6\xA6\x9B\xEF\x04\x5E\x11\x7D\xD5\x8E\x54\x20\xA2\x76\xD4\x66\x58\xAC\x9C\x12\xD3\xF5\xCA\x54\x98\xCA\x21\xEC\xC1\x55\xA1\x2F\x68\x0B\x5D\x04\x50\xD2\x5E\x70\x25\xD8\x13\xD9\x44\x51\x0E\x8A\x42\x08\x18\x84\xE6\x61\xCE\x5A\x7D\x7B\x81\x35\x90\xC3\xD4\x9D\x19\xB6\x37\xEE\x8F\x63\x5C\xDA\xD8\xF0\x64\x60\x39\xEB\x9B\x1C\x54\x66\x75\x76\xB5\x0A\x58\xB9\x3F\x91\xE1\x21\x9C\xA0\x50\x15\x97\xB6\x7E\x41\xBC\xD0\xC4\x21\x4C\xF5\xD7\xF0\x13\xF8\x77\xE9\x74\xC4\x8A\x0E\x20\x17\x32\xAE\x38\xC2\xA5\xA8\x62\x85\x17\xB1\xA2\xD3\x22\x9F\x95\xB7\xA3\x4C"
94 "OCSP Response Information:\n" \
95 " Response Status: Successful\n" \
96 " Response Type: Basic OCSP Response\n" \
98 " Responder ID: C=CH,O=Linux strongSwan,OU=OCSP Signing Authority,CN=ocsp.strongswan.org\n" \
99 " Produced At: Tue Sep 27 09:54:28 UTC 2011\n" \
101 " Certificate ID:\n" \
102 " Hash Algorithm: SHA1\n" \
103 " Issuer Name Hash: 139da09ef432ab8fe2895667fad0d4e3358671b9\n" \
104 " Issuer Key Hash: 5da7dd700651327ee7b66db3b5e5e060ea2e4def\n" \
105 " Serial Number: 1d\n" \
106 " Certificate Status: good\n" \
107 " This Update: Tue Sep 27 09:54:28 UTC 2011\n" \
108 " Next Update: Tue Sep 27 09:59:28 UTC 2011\n" \
110 " Nonce: 16897d913ab525a445fec9fdc2e508a4\n" \
111 " Signature Algorithm: RSA-SHA1\n" \
113 " 4e:ad:6b:2b:f7:f2:bf:a9:23:1e:3a:0b:06:db:55:53\n" \
114 " 2b:64:54:11:32:bf:60:f7:4f:e0:8e:9b:a0:a2:4c:79\n" \
115 " c3:2a:e0:43:f7:40:1a:dc:b9:b4:25:ef:48:01:97:8c\n" \
116 " f5:1e:db:d1:30:37:73:69:d6:a7:7a:2d:8e:de:5c:aa\n" \
117 " ea:39:b9:52:aa:25:1e:74:7d:f9:78:95:8a:92:1f:98\n" \
118 " 21:f4:60:7f:d3:28:ee:47:9c:bf:e2:5d:f6:3f:68:0a\n" \
119 " d6:ff:08:c1:dc:95:1e:29:d7:3e:85:d5:65:a4:4b:c0\n" \
120 " af:c3:78:ab:06:98:88:19:8a:64:a6:83:91:87:13:db\n" \
121 " 17:cc:46:bd:ab:4e:c7:16:d1:f8:35:fd:27:c8:f6:6b\n" \
122 " eb:37:b8:08:6f:e2:6f:b4:7e:d5:68:db:7f:5d:5e:36\n" \
123 " 38:f2:77:59:13:e7:3e:4d:67:5f:db:a2:f5:5d:7c:bf\n" \
124 " bd:b5:37:33:51:36:63:f8:21:1e:fc:73:8f:32:69:bb\n" \
125 " 97:a7:bd:f1:b6:e0:40:09:68:ea:d5:93:b8:bb:39:8d\n" \
126 " a8:16:1b:bf:04:7a:bc:18:43:01:e9:3c:19:5c:4d:4b\n" \
127 " 98:d8:23:37:39:a4:c4:dd:ed:9c:ec:37:ab:66:44:9b\n" \
128 " e7:5b:5d:32:a2:db:a6:0b:3b:8c:e1:f5:db:cb:7d:58\n"
131 static const gnutls_datum_t resp2 =
132 { (unsigned char *) RESP2, sizeof(RESP2) - 1 };
134 #define RESP3 "\x30\x82\x01\xd3\x0a\x01\x00\xa0\x82\x01\xcc\x30\x82\x01\xc8\x06\x09\x2b\x06\x01\x05\x05\x07\x30\x01\x01\x04\x82\x01\xb9\x30\x82\x01\xb5\x30\x81\x9e\xa2\x16\x04\x14\x50\xea\x73\x89\xdb\x29\xfb\x10\x8f\x9e\xe5\x01\x20\xd4\xde\x79\x99\x48\x83\xf7\x18\x0f\x32\x30\x31\x34\x30\x39\x30\x34\x30\x35\x34\x39\x30\x30\x5a\x30\x73\x30\x71\x30\x49\x30\x09\x06\x05\x2b\x0e\x03\x02\x1a\x05\x00\x04\x14\xed\x48\xad\xdd\xcb\x7b\x00\xe2\x0e\x84\x2a\xa9\xb4\x09\xf1\xac\x30\x34\xcf\x96\x04\x14\x50\xea\x73\x89\xdb\x29\xfb\x10\x8f\x9e\xe5\x01\x20\xd4\xde\x79\x99\x48\x83\xf7\x02\x10\x02\x01\x48\x91\x5d\xfd\x5e\xb6\xe0\x02\x90\xa9\x67\xb0\xe4\x64\x80\x00\x18\x0f\x32\x30\x31\x34\x30\x39\x30\x34\x30\x35\x34\x39\x30\x30\x5a\xa0\x11\x18\x0f\x32\x30\x31\x34\x30\x39\x31\x31\x30\x36\x30\x34\x30\x30\x5a\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x6e\x5e\x5e\x81\xff\x3f\x4d\xc7\x53\xc7\x1b\xf3\xd3\x1d\xdc\x9a\xc7\xce\x77\x2c\x67\x56\x13\x98\x91\x02\x01\x76\xdc\x48\xb2\x1f\x9b\x17\xea\xbf\x2c\x0a\xf5\x1d\x98\x90\x3c\x5f\x55\xc2\xff\x4b\x9a\xbc\xa6\x83\x9e\xab\x2b\xeb\x9d\x01\xea\x3b\x5f\xbe\x03\x29\x70\x63\x2a\xa4\x1d\xa8\xab\x69\xb2\x64\xba\x5d\x73\x91\x5c\x92\xf3\x69\xd4\xc9\x39\x9c\x7c\x7d\xa2\x47\x92\xc2\x56\xfe\xa1\x0d\x4a\x69\xff\xda\x48\xc5\x5e\xd8\xab\x39\x88\x6a\x06\xfa\x07\x57\xd6\x48\xb5\xce\xc9\x5f\xa5\x96\xfe\x37\x18\x5e\x7f\x35\x51\xc1\x9e\x79\x5a\x26\xba\x67\x67\x38\x2a\x80\x75\x42\x99\x68\x3e\xec\x2f\x7e\x2d\xa1\xa6\xbe\x9f\x01\x51\x22\x88\x3a\xc9\x9c\xed\x51\xef\x21\x66\x7e\xa9\xd0\x3f\x13\x9c\xbb\xd2\x94\x14\x6f\x4b\xd9\xc4\xf5\x2c\xf5\x7d\x07\x68\xf3\x51\xac\xda\xc2\x09\x66\xa9\x3d\xed\xad\x02\x4d\x9c\x11\x29\x1a\x54\xfb\x1e\x7e\x36\xf4\xbb\x0d\x08\x8c\x6a\x42\x08\x10\x29\x08\x7c\x56\x0b\x18\x47\xff\x87\x11\xfd\xb2\xfb\xc9\x22\x7f\xe3\x1f\x7b\xf9\x98\xaa\x3a\x32\xb6\x2f\x02\xba\xb6\xc1\xdc\xc3\x5d\xb5\x4b\xae\x5d\x29\x6a\x31\xde\xcd"
136 #define RESP3INFO "OCSP Response Information:\n" \
137 " Response Status: Successful\n" \
138 " Response Type: Basic OCSP Response\n" \
140 " Responder ID: \n" \
141 " Produced At: Thu Sep 04 05:49:00 UTC 2014\n" \
143 " Certificate ID:\n" \
144 " Hash Algorithm: SHA1\n" \
145 " Issuer Name Hash: ed48adddcb7b00e20e842aa9b409f1ac3034cf96\n" \
146 " Issuer Key Hash: 50ea7389db29fb108f9ee50120d4de79994883f7\n" \
147 " Serial Number: 020148915dfd5eb6e00290a967b0e464\n" \
148 " Certificate Status: good\n" \
149 " This Update: Thu Sep 04 05:49:00 UTC 2014\n" \
150 " Next Update: Thu Sep 11 06:04:00 UTC 2014\n" \
153 static const gnutls_datum_t resp3 =
154 { (unsigned char *) RESP3, sizeof(RESP3) - 1 };
156 static unsigned char issuer_pem[] =
157 "-----BEGIN CERTIFICATE-----\n"
158 "MIIDuDCCAqCgAwIBAgIBADANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ\n"
159 "MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS\n"
160 "b290IENBMB4XDTA0MDkxMDEwMDExOFoXDTE5MDkwNzEwMDExOFowRTELMAkGA1UE\n"
161 "BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9u\n"
162 "Z1N3YW4gUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL/y\n"
163 "X2LqPVZuWLPIeknK86xhz6ljd3NNhC2z+P1uoCP3sBMuZiZQEjFzhnKcbXxCeo2f\n"
164 "FnvhOOjrrisSuVkzuu82oxXD3fIkzuS7m9V4E10EZzgmKWIf+WuNRfbgAuUINmLc\n"
165 "4YGAXBQLPyzpP4Ou48hhz/YQo58Bics6PHy5v34qCVROIXDvqhj91P8g+pS+F21/\n"
166 "7P+CH2jRcVIEHZtG8M/PweTPQ95dPzpYd2Ov6SZ/U7EWmbMmT8VcUYn1aChxFmy5\n"
167 "gweVBWlkH6MP+1DeE0/tL5c87xo5KCeGK8Tdqpe7sBRC4pPEEHDQciTUvkeuJ1Pr\n"
168 "K+1LwdqRxo7HgMRiDw8CAwEAAaOBsjCBrzASBgNVHRMBAf8ECDAGAQH/AgEBMAsG\n"
169 "A1UdDwQEAwIBBjAdBgNVHQ4EFgQUXafdcAZRMn7ntm2zteXgYOouTe8wbQYDVR0j\n"
170 "BGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNIMRkw\n"
171 "FwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJv\n"
172 "b3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACOSmqEBtBLR9aV3UyCI8gmzR5in\n"
173 "Lte9aUXXS+qis6F2h2Stf4sN+Nl6Gj7REC6SpfEH4wWdwiUL5J0CJhyoOjQuDl3n\n"
174 "1Dw3dE4/zqMZdyDKEYTU75TmvusNJBdGsLkrf7EATAjoi/nrTOYPPhSUZvPp/D+Y\n"
175 "vORJ9Ej51GXlK1nwEB5iA8+tDYniNQn6BD1MEgIejzK+fbiy7braZB1kqhoEr2Si\n"
176 "7luBSnU912sw494E88a2EWbmMvg2TVHPNzCpVkpNk7kifCiwmw9VldkqYy9y/lCa\n"
177 "Epyp7lTfKw7cbD04Vk8QJW782L6Csuxkl346b17wmOqn8AZips3tFsuAY3w=\n"
178 "-----END CERTIFICATE-----\n";
179 const gnutls_datum_t issuer_data = { issuer_pem, sizeof(issuer_pem) };
181 static unsigned char subject_pem[] =
182 "-----BEGIN CERTIFICATE-----\n"
183 "MIIEIjCCAwqgAwIBAgIBHTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ\n"
184 "MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS\n"
185 "b290IENBMB4XDTA5MDgyNzEwNDQ1MVoXDTE0MDgyNjEwNDQ1MVowWjELMAkGA1UE\n"
186 "BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh\n"
187 "cmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcN\n"
188 "AQEBBQADggEPADCCAQoCggEBANBdWU+BF7x4lyo+xHnr4UAOU89yQQuT5vdPoXzx\n"
189 "6kRPsjYAuuktgXR+SaLkQHw/YRgDPSKj5nzmmlOQf/rWRr+8O2q+C92aUICmkNvZ\n"
190 "Gamo5w2WlOMZ6T5dk2Hv+QM6xT/GzWyVr1dMYu/7tywD1Bw7aW/HqkRESDu6q95V\n"
191 "Wu+Lzg6XlxCNEez0YsZrN/fC6BL2qzKAqMBbIHFW8OOnh+nEY4IF5AzkZnFrw12G\n"
192 "I72Z882pw97lyKwZhSz/GMQFBJx+rnNdw5P1IJwTlG5PUdoDCte/Mcr1iiA+zOov\n"
193 "x55x1GoGxduoXWU5egrf1MtalRf9Pc8Xr4q3WEKTAmsZrVECAwEAAaOCAQYwggEC\n"
194 "MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBQfoamI2WSMtaCiVGQ5\n"
195 "tPI9dF1ufDBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTEL\n"
196 "MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT\n"
197 "EnN0cm9uZ1N3YW4gUm9vdCBDQYIBADAfBgNVHREEGDAWgRRjYXJvbEBzdHJvbmdz\n"
198 "d2FuLm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u\n"
199 "b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQC8pqX3KrSzKeul\n"
200 "GdzydAV4hGwYB3WiB02oJ2nh5MJBu7J0Kn4IVkvLUHSSZhSRxx55tQZfdYqtXVS7\n"
201 "ZuyG+6rV7sb595SIRwfkLAdjbvv0yZIl4xx8j50K3yMR+9aXW1NSGPEkb8BjBUMr\n"
202 "F2kjGTOqomo8OIzyI369z9kJrtEhnS37nHcdpewZC1wHcWfJ6wd9wxmz2dVXmgVQ\n"
203 "L2BjXd/BcpLFaIC4h7jMXQ5FURjnU7K9xSa4T8PpR6FrQhOcIYBXAp94GiM8JqmK\n"
204 "ZBGUpeP+3cy4i3DV18Kyr64Q4XZlzhZClNE43sgMqiX88dc3znpDzT7T51j+d+9k\n"
205 "Rf5Z0GOR\n" "-----END CERTIFICATE-----\n";
206 const gnutls_datum_t subject_data = { subject_pem, sizeof(subject_pem) };
208 /* For testing verify functions. */
210 #define BLOG_RESP "\x30\x82\x06\xF8\x0A\x01\x00\xA0\x82\x06\xF1\x30\x82\x06\xED\x06\x09\x2B\x06\x01\x05\x05\x07\x30\x01\x01\x04\x82\x06\xDE\x30\x82\x06\xDA\x30\x82\x01\x25\xA1\x7E\x30\x7C\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x41\x55\x31\x0C\x30\x0A\x06\x03\x55\x04\x08\x13\x03\x4E\x53\x57\x31\x0F\x30\x0D\x06\x03\x55\x04\x07\x13\x06\x53\x79\x64\x6E\x65\x79\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x13\x0B\x43\x41\x63\x65\x72\x74\x20\x49\x6E\x63\x2E\x31\x1E\x30\x1C\x06\x03\x55\x04\x0B\x13\x15\x53\x65\x72\x76\x65\x72\x20\x41\x64\x6D\x69\x6E\x69\x73\x74\x72\x61\x74\x69\x6F\x6E\x31\x18\x30\x16\x06\x03\x55\x04\x03\x13\x0F\x6F\x63\x73\x70\x2E\x63\x61\x63\x65\x72\x74\x2E\x6F\x72\x67\x18\x0F\x32\x30\x31\x32\x30\x31\x31\x33\x30\x38\x35\x30\x34\x32\x5A\x30\x66\x30\x64\x30\x3C\x30\x09\x06\x05\x2B\x0E\x03\x02\x1A\x05\x00\x04\x14\xF2\x2A\x62\x16\x93\xA6\xDA\x5A\xD0\xB9\x8D\x3A\x13\x5E\x35\xD1\xEB\x18\x36\x61\x04\x14\x75\xA8\x71\x60\x4C\x88\x13\xF0\x78\xD9\x89\x77\xB5\x6D\xC5\x89\xDF\xBC\xB1\x7A\x02\x03\x00\xBC\xE0\x80\x00\x18\x0F\x32\x30\x31\x32\x30\x31\x31\x33\x30\x37\x32\x30\x34\x39\x5A\xA0\x11\x18\x0F\x32\x30\x31\x32\x30\x31\x31\x35\x30\x38\x35\x30\x34\x32\x5A\xA1\x2A\x30\x28\x30\x26\x06\x09\x2B\x06\x01\x05\x05\x07\x30\x01\x02\x04\x19\x04\x17\x73\x69\xD2\xC5\x6F\xC7\x7E\x2E\xB0\x2F\xCC\xC3\xE2\x80\xD6\x2A\xCE\xD3\xDE\x8F\x27\x1B\xB2\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x3E\x50\x9D\xE9\xA2\xE0\xCA\x33\x88\x9B\x28\x7E\xE7\xA4\xAF\xDA\xBB\x75\x2D\xD9\x66\xA6\xD5\xFA\x17\x56\xC0\x3B\xDD\x74\xB6\x7E\x42\x2C\x28\xD0\x73\x91\x54\x69\xFA\xCF\xD8\xC7\x74\x1C\x5D\xBC\x8E\xCD\xE3\x0E\xD5\x3F\x80\x71\x9C\x95\x53\xC4\xD1\x95\x63\x5D\x72\xCE\xCC\x77\x9D\x7C\xAD\x47\x3F\x34\xDA\x90\x80\xC5\x15\xE1\x2B\xEE\x98\x57\xA3\xA7\x9F\xA2\xC3\xF5\x5E\xF7\x13\x26\x52\xDA\x09\x38\x5B\x18\x91\x07\x38\xCF\x09\xDA\x08\xED\x80\x4F\x26\x3A\xB9\xBE\xF6\xED\x65\x3F\xB1\x3A\x6D\xA3\x87\x22\xA3\x2A\xA5\x99\xCC\x06\xF3\x5A\xD5\x34\xFB\x9E\x32\x28\xC3\x3E\xF4\xAF\x33\x02\xCF\x6A\x74\x73\x17\x24\x17\x41\x0D\x7E\x86\x79\x83\x34\xE8\x82\x0A\x0D\x21\xED\xCB\x3B\xB7\x31\x64\xC9\xB6\x1E\xC7\x0C\x75\xCE\xBA\xB7\xDC\xB2\x67\x96\x2B\xAD\xBF\x86\x22\x81\x54\x66\xBA\x68\x89\xD7\x7E\x35\x60\x93\xEC\x6B\xD8\x59\x23\xA0\xD0\x95\x55\x8F\x93\x52\x48\x4E\x48\xCB\x92\xE9\x67\x71\x60\x07\xC9\xA3\x3B\xAC\xD1\xEA\x5B\x71\xDB\xC1\x94\x79\x85\x55\x8C\x03\x61\x9E\xC7\xD6\x32\x40\xFA\xDD\xF6\xC9\xF8\xE0\xFF\x4D\xAC\x54\xED\x61\xFE\xB2\xA0\x82\x04\x99\x30\x82\x04\x95\x30\x82\x04\x91\x30\x82\x02\x79\xA0\x03\x02\x01\x02\x02\x03\x00\xDC\xA6\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x54\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x13\x0B\x43\x41\x63\x65\x72\x74\x20\x49\x6E\x63\x2E\x31\x1E\x30\x1C\x06\x03\x55\x04\x0B\x13\x15\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x43\x41\x63\x65\x72\x74\x2E\x6F\x72\x67\x31\x1C\x30\x1A\x06\x03\x55\x04\x03\x13\x13\x43\x41\x63\x65\x72\x74\x20\x43\x6C\x61\x73\x73\x20\x33\x20\x52\x6F\x6F\x74\x30\x1E\x17\x0D\x31\x31\x30\x38\x32\x33\x30\x30\x30\x38\x33\x37\x5A\x17\x0D\x31\x33\x30\x38\x32\x32\x30\x30\x30\x38\x33\x37\x5A\x30\x7C\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x41\x55\x31\x0C\x30\x0A\x06\x03\x55\x04\x08\x13\x03\x4E\x53\x57\x31\x0F\x30\x0D\x06\x03\x55\x04\x07\x13\x06\x53\x79\x64\x6E\x65\x79\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x13\x0B\x43\x41\x63\x65\x72\x74\x20\x49\x6E\x63\x2E\x31\x1E\x30\x1C\x06\x03\x55\x04\x0B\x13\x15\x53\x65\x72\x76\x65\x72\x20\x41\x64\x6D\x69\x6E\x69\x73\x74\x72\x61\x74\x69\x6F\x6E\x31\x18\x30\x16\x06\x03\x55\x04\x03\x13\x0F\x6F\x63\x73\x70\x2E\x63\x61\x63\x65\x72\x74\x2E\x6F\x72\x67\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\x9C\xC6\xD4\x6F\xE4\x23\xC7\xC3\x70\x4B\x75\x1F\xE4\xFC\xAE\xF6\x62\xC4\x60\xA1\xD6\xCF\xF9\x47\x40\x38\xD9\xAF\x06\xF5\xB3\x87\x09\xBA\x07\xC8\x7A\x3B\xE3\x3A\xE2\xC1\x6B\xDB\x0E\x9B\x7B\xB4\x98\x04\x40\x88\xC8\xE4\x20\x34\x9D\x5F\x94\xAE\x0C\xA0\x05\xA1\x74\x10\x3F\x1F\x93\x6D\xC5\xA0\xCE\x29\xB0\x2A\x03\x6E\xED\x3B\xD1\x9A\x7A\xF7\x0F\xA7\xB7\x39\xD7\xC3\xB4\xDE\x15\x67\x94\xF2\xEF\xB0\xDD\x5F\xE3\xC9\xD8\xD2\x34\x0E\x5D\x44\xDF\xBF\x99\xD8\x5E\x60\xF4\x39\x24\x8A\xFD\x5D\xC8\x46\x8D\x0A\xB1\x60\x7A\x4F\xD5\x27\x30\x60\x9E\x13\x06\xF8\x3A\xAA\xB3\xBB\x33\x34\x6F\x84\x81\x7E\x5C\xCC\x12\x89\xF2\xFE\x6E\x93\x83\xFA\x8B\xEE\xAB\x36\x4C\xB6\x40\xA9\xEE\xFB\xF8\x16\x5A\x55\xD1\x64\x0D\x49\xDA\x04\xDE\xD1\xC8\xCA\xEE\x5F\x24\xB1\x79\x78\xB3\x9A\x88\x13\xDD\x68\x51\x39\xE9\x68\x31\xAF\xD7\xF8\x4D\x35\x6D\x60\x58\x04\x42\xBB\x55\x92\x18\xF6\x98\x01\xA5\x74\x3B\xBC\x36\xDB\x20\x68\x18\xB8\x85\xD4\x8B\x6D\x30\x87\x4D\xD6\x33\x2D\x7A\x54\x36\x1D\x57\x42\x14\x5C\x7A\x62\x74\xD5\x1E\x2B\xD5\xBF\x04\xF3\xFF\xEC\x03\xC1\x02\x03\x01\x00\x01\xA3\x44\x30\x42\x30\x0C\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x02\x30\x00\x30\x27\x06\x03\x55\x1D\x25\x04\x20\x30\x1E\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x02\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x01\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x09\x30\x09\x06\x03\x55\x1D\x11\x04\x02\x30\x00\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x50\xDD\x63\xB7\x1A\x6F\x91\x4C\xE8\x7F\x82\x1A\x27\x04\x81\x05\xBB\xA6\x69\xAC\x41\x7B\x62\xFC\x4B\x08\xDC\x60\xCF\xB2\x5A\xF1\xB4\xB5\x27\x69\x6B\x12\xE4\x07\xC8\x16\xCE\x3B\x42\xCC\x02\x90\x66\x0E\x79\xB8\x6C\x4B\x90\x00\xC5\x66\x64\x92\x2B\x2B\x48\x0E\x84\xC2\x6D\xBF\xA5\xDE\x16\xE3\xBD\x19\xF5\x5C\x93\xA1\x86\x7F\xD9\x89\x78\x6A\x3F\x83\xF0\xAA\xF8\xEA\x1D\xA4\x13\xF7\x2A\x15\x4C\x51\x9C\xC4\xB0\xBE\x58\x66\xCF\x4C\x6C\x3D\x31\xE5\xF9\x54\x21\xCD\xA1\x30\x01\x6A\xB3\x1A\x48\x85\x34\x93\xB8\xF9\x15\x19\x48\x34\x8D\x73\xE7\x03\x50\xAF\xDE\x50\xC7\x62\xAF\x25\x22\x2B\xF6\xE8\x37\x2E\xE4\x71\xA9\x5C\x26\xEA\x79\xCB\x04\x29\x73\x6B\x8F\xDF\x1F\x5C\x41\x52\xC0\x36\xAA\xD7\x7D\x8E\x44\x54\x98\x06\x4C\x63\xA6\x0B\x01\x94\x5D\x0C\x5C\xD4\xCF\xCB\x0B\x7B\x2D\x56\xCC\xBF\x97\x7F\x15\x24\x1D\xBA\xEA\xB7\x97\xB0\x32\xAD\xFC\xEA\x6D\x94\x39\x7A\xE3\x25\x54\xFC\x4A\xF5\x3D\xBD\x2E\xD5\x31\x07\x49\x24\xCC\x92\x69\x0E\x79\xB9\xDF\xDB\x36\xBF\x04\x44\x15\xD0\x46\x99\x8C\xD2\x4C\x94\x38\x0E\x10\x64\x13\xAB\xD9\x1B\x54\x02\x31\x56\x20\xEE\x69\x95\xDF\x39\xBB\xE9\xA7\x6D\xC3\x23\x86\x0B\xD6\x34\x40\x37\xC3\xD4\x41\xA8\x2E\x71\x1D\x6E\x5B\xD7\xC5\x9F\x2A\xE6\x02\x80\xAE\x0A\x28\x69\x63\x4B\x89\x2E\xBD\x4F\x42\x58\xFB\x86\x9A\xA2\x18\xDC\xC6\x32\xC1\x46\xBA\x28\xD2\x8B\xCE\x56\x63\x04\x80\x51\x51\x39\x00\x3B\x00\xB9\x5F\x67\xFA\x90\x1E\xDA\x76\xB5\x31\xA5\xBD\x11\xD2\x5F\xDA\x5D\xD5\xF7\xEE\xAB\xC0\x62\x74\x60\x47\x32\x42\xFD\xB2\x2E\x04\x3A\x2E\xF2\xC8\xB3\x41\xA3\xBD\xFE\x94\x5F\xEF\x6E\xD7\x92\x7C\x1D\x04\xF0\xC6\x53\x8E\x46\xDC\x30\x3A\x35\x5F\x1A\x4B\xEA\x3B\x00\x8B\x97\xB5\xB9\xCE\x71\x6E\x5C\xD5\xA0\x0B\xB1\x33\x08\x89\x61\x23\xCF\x97\x9F\x8F\x9A\x50\xB5\xEC\xCE\x40\x8D\x82\x95\x8B\x79\x26\x66\xF3\xF4\x70\xD8\xEE\x58\xDD\x75\x29\xD5\x6A\x91\x51\x7A\x17\xBC\x4F\xD4\xA3\x45\x7B\x84\xE7\xBE\x69\x53\xC1\xE2\x5C\xC8\x45\xA0\x3A\xEC\xDF\x8A\x1E\xC1\x18\x84\x8B\x7A\x4E\x4E\x9E\x3A\x26\xFE\x5D\x22\xD4\xC5\x14\xBE\xEE\x06\xEB\x05\x4A\x66\xC9\xA4\xB3\x68\x04\xB0\x5D\x25\x54\xB3\x05\xED\x41\xF0\x65\x69\x6D\xA5\x4E\xB7\x97\xD8\xD8\xF5"
212 static const gnutls_datum_t blog_resp =
213 { (unsigned char *) BLOG_RESP, sizeof(BLOG_RESP) - 1 };
215 static unsigned char blog_cert_pem[] =
216 "-----BEGIN CERTIFICATE-----\n"
217 "MIIE8DCCAtigAwIBAgIDALzgMA0GCSqGSIb3DQEBBQUAMFQxFDASBgNVBAoTC0NB\n"
218 "Y2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5vcmcxHDAaBgNV\n"
219 "BAMTE0NBY2VydCBDbGFzcyAzIFJvb3QwHhcNMTAxMTE2MjI1MjMzWhcNMTIxMTE1\n"
220 "MjI1MjMzWjAdMRswGQYDVQQDExJibG9nLmpvc2Vmc3Nvbi5vcmcwggEiMA0GCSqG\n"
221 "SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBKA6bm/Kip0i00vU+BOmUF2MBDTwps41c\n"
222 "xKN5bDn7usWZj8loi6BHRPE2WzCVPnPRD1FJXBc4rXL8zZWrCRe1b4A+l8NjPN2o\n"
223 "uUgJvYLXYQ2hXkvxlPBQPKNOudaOAVsahpyxk6g6Z3mskOfqPhxvjutHvMC4fOsJ\n"
224 "1+FstMzvg5SpDd4uYM9m0UK8pbEUSuwW+fxyWqhciSi7kJtdrD6bwx3ub3t9GFkM\n"
225 "9uTzImIslTq19w8AHQsTICNnmNwfUGF5XMUIuxun0HlFt2KUP5G3Qg9Cd18wZFql\n"
226 "RQJvLA3nbVFtmN3M3yKXnGSsEn38ZJvC+UxFuSfYJN9UwgoG6gwhAgMBAAGjggEA\n"
227 "MIH9MAwGA1UdEwEB/wQCMAAwNAYDVR0lBC0wKwYIKwYBBQUHAwIGCCsGAQUFBwMB\n"
228 "BglghkgBhvhCBAEGCisGAQQBgjcKAwMwCwYDVR0PBAQDAgWgMDMGCCsGAQUFBwEB\n"
229 "BCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuY2FjZXJ0Lm9yZy8wdQYDVR0R\n"
230 "BG4wbIISYmxvZy5qb3NlZnNzb24ub3JnoCAGCCsGAQUFBwgFoBQMEmJsb2cuam9z\n"
231 "ZWZzc29uLm9yZ4ISYmxvZy5qb3NlZnNzb24ub3JnoCAGCCsGAQUFBwgFoBQMEmJs\n"
232 "b2cuam9zZWZzc29uLm9yZzANBgkqhkiG9w0BAQUFAAOCAgEACQX0KziT81G0XJ4C\n"
233 "SlVumGN0KcVPDjtiUYskMpUvyLF951Q4Uuih0Aa9c0LynyZq8yqr6sW5OTmnRfSU\n"
234 "DuUK5IH+IPq5PU7qteQSIy+63yjMQ+1wye1zfCWI+MyaS54AOn6uZObsr4grq41i\n"
235 "sTwnX8OF/z15dQBjDR18WoehsnbuMz3Ld7+w5UcVWRGDzTyZ7JrYisEywQ7TXcoK\n"
236 "1IlhD1TqwFucH7lIr4mPWNjL7Nw0sw11HN0Syt9H3upcq6lqyEI0ygfNZ9cdxvmX\n"
237 "WqOBxxLc6G/87G4nGW4jw3WrCX7LqSmChlR3SbEC1UhWpaQMQ+mOU5+vXon7blRV\n"
238 "zGJ/1wK8mKu3fKw9rm5TQ1xfJuRABbzsD3BrrUaHlREQQ+i6SCPVFGer6oeAaxyv\n"
239 "so0NCbmBQkcpmUUl0COIR/Lh/YT78PjIEfxaUnUlaZXvCbKPKP2cM8LY7ltEaTgJ\n"
240 "4W6sZi3QNFySzd4sz7J/YhY/jGjqku7TfpN/GOheW8AzKTBlm3WLps1YXys4TKrB\n"
241 "0RStfaPfRJI1PeSlrWl6+kQu/5O8WA8NK0JZ/0Jc4d5LNrtUXo4VU9XCthrxLkgL\n"
242 "3XWgZKFrqJd1UeJJ7OvkRYfI1c5i4oAP5ksuF0SHTpqnXE8K39kUnUx3B+ItJlZP\n"
243 "VXTFhXRc06QwYqYXuYSAmj7/GJk=\n" "-----END CERTIFICATE-----\n";
244 const gnutls_datum_t blog_cert_data = { blog_cert_pem,
245 sizeof(blog_cert_pem)
248 static unsigned char blog_issuer_pem[] =
249 "-----BEGIN CERTIFICATE-----\n"
250 "MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv\n"
251 "b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ\n"
252 "Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y\n"
253 "dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU\n"
254 "MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0\n"
255 "Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN\n"
256 "AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a\n"
257 "iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1\n"
258 "aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C\n"
259 "jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia\n"
260 "pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0\n"
261 "FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt\n"
262 "XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL\n"
263 "oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6\n"
264 "R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp\n"
265 "rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/\n"
266 "LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA\n"
267 "BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow\n"
268 "gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV\n"
269 "BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG\n"
270 "A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS\n"
271 "c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH\n"
272 "AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr\n"
273 "BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB\n"
274 "MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y\n"
275 "Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj\n"
276 "ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5\n"
277 "b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D\n"
278 "QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc\n"
279 "7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH\n"
280 "Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4\n"
281 "D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3\n"
282 "VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a\n"
283 "lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW\n"
284 "Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt\n"
285 "hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz\n"
286 "0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn\n"
287 "ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT\n"
288 "d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60\n"
289 "4GGSt/M3mMS+lqO3ig==\n" "-----END CERTIFICATE-----\n";
290 const gnutls_datum_t blog_issuer_data = { blog_issuer_pem,
291 sizeof(blog_issuer_pem)
294 static unsigned char blog_signer_pem[] =
295 "-----BEGIN CERTIFICATE-----\n"
296 "MIIEkTCCAnmgAwIBAgIDANymMA0GCSqGSIb3DQEBBQUAMFQxFDASBgNVBAoTC0NB\n"
297 "Y2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5vcmcxHDAaBgNV\n"
298 "BAMTE0NBY2VydCBDbGFzcyAzIFJvb3QwHhcNMTEwODIzMDAwODM3WhcNMTMwODIy\n"
299 "MDAwODM3WjB8MQswCQYDVQQGEwJBVTEMMAoGA1UECBMDTlNXMQ8wDQYDVQQHEwZT\n"
300 "eWRuZXkxFDASBgNVBAoTC0NBY2VydCBJbmMuMR4wHAYDVQQLExVTZXJ2ZXIgQWRt\n"
301 "aW5pc3RyYXRpb24xGDAWBgNVBAMTD29jc3AuY2FjZXJ0Lm9yZzCCASIwDQYJKoZI\n"
302 "hvcNAQEBBQADggEPADCCAQoCggEBAJzG1G/kI8fDcEt1H+T8rvZixGCh1s/5R0A4\n"
303 "2a8G9bOHCboHyHo74zriwWvbDpt7tJgEQIjI5CA0nV+UrgygBaF0ED8fk23FoM4p\n"
304 "sCoDbu070Zp69w+ntznXw7TeFWeU8u+w3V/jydjSNA5dRN+/mdheYPQ5JIr9XchG\n"
305 "jQqxYHpP1ScwYJ4TBvg6qrO7MzRvhIF+XMwSifL+bpOD+ovuqzZMtkCp7vv4FlpV\n"
306 "0WQNSdoE3tHIyu5fJLF5eLOaiBPdaFE56Wgxr9f4TTVtYFgEQrtVkhj2mAGldDu8\n"
307 "NtsgaBi4hdSLbTCHTdYzLXpUNh1XQhRcemJ01R4r1b8E8//sA8ECAwEAAaNEMEIw\n"
308 "DAYDVR0TAQH/BAIwADAnBgNVHSUEIDAeBggrBgEFBQcDAgYIKwYBBQUHAwEGCCsG\n"
309 "AQUFBwMJMAkGA1UdEQQCMAAwDQYJKoZIhvcNAQEFBQADggIBAFDdY7cab5FM6H+C\n"
310 "GicEgQW7pmmsQXti/EsI3GDPslrxtLUnaWsS5AfIFs47QswCkGYOebhsS5AAxWZk\n"
311 "kisrSA6Ewm2/pd4W470Z9VyToYZ/2Yl4aj+D8Kr46h2kE/cqFUxRnMSwvlhmz0xs\n"
312 "PTHl+VQhzaEwAWqzGkiFNJO4+RUZSDSNc+cDUK/eUMdiryUiK/boNy7kcalcJup5\n"
313 "ywQpc2uP3x9cQVLANqrXfY5EVJgGTGOmCwGUXQxc1M/LC3stVsy/l38VJB266reX\n"
314 "sDKt/OptlDl64yVU/Er1Pb0u1TEHSSTMkmkOebnf2za/BEQV0EaZjNJMlDgOEGQT\n"
315 "q9kbVAIxViDuaZXfObvpp23DI4YL1jRAN8PUQagucR1uW9fFnyrmAoCuCihpY0uJ\n"
316 "Lr1PQlj7hpqiGNzGMsFGuijSi85WYwSAUVE5ADsAuV9n+pAe2na1MaW9EdJf2l3V\n"
317 "9+6rwGJ0YEcyQv2yLgQ6LvLIs0Gjvf6UX+9u15J8HQTwxlOORtwwOjVfGkvqOwCL\n"
318 "l7W5znFuXNWgC7EzCIlhI8+Xn4+aULXszkCNgpWLeSZm8/Rw2O5Y3XUp1WqRUXoX\n"
319 "vE/Uo0V7hOe+aVPB4lzIRaA67N+KHsEYhIt6Tk6eOib+XSLUxRS+7gbrBUpmyaSz\n"
320 "aASwXSVUswXtQfBlaW2lTreX2Nj1\n" "-----END CERTIFICATE-----\n";
321 const gnutls_datum_t blog_signer_data = { blog_signer_pem,
322 sizeof(blog_signer_pem)
325 static void ocsp_invalid_calls(void)
327 gnutls_ocsp_req_t req;
328 gnutls_ocsp_resp_t resp;
334 rc = gnutls_ocsp_req_init(&req);
335 if (rc != GNUTLS_E_SUCCESS) {
336 fail("gnutls_ocsp_req_init alloc\n");
339 rc = gnutls_ocsp_resp_init(&resp);
340 if (rc != GNUTLS_E_SUCCESS) {
341 fail("gnutls_ocsp_resp_init alloc\n");
345 gnutls_ocsp_req_deinit(NULL);
346 gnutls_ocsp_resp_deinit(NULL);
348 rc = gnutls_ocsp_req_import(NULL, NULL);
349 if (rc != GNUTLS_E_INVALID_REQUEST) {
350 fail("gnutls_ocsp_req_import NULL\n");
354 rc = gnutls_ocsp_req_import(NULL, p);
355 if (rc != GNUTLS_E_INVALID_REQUEST) {
356 fail("gnutls_ocsp_req_import NULL\n");
360 rc = gnutls_ocsp_req_import(req, NULL);
361 if (rc != GNUTLS_E_INVALID_REQUEST) {
362 fail("gnutls_ocsp_req_import NULL\n");
366 rc = gnutls_ocsp_resp_import(NULL, NULL);
367 if (rc != GNUTLS_E_INVALID_REQUEST) {
368 fail("gnutls_ocsp_resp_import NULL\n");
372 rc = gnutls_ocsp_resp_import(NULL, p);
373 if (rc != GNUTLS_E_INVALID_REQUEST) {
374 fail("gnutls_ocsp_resp_import NULL\n");
378 rc = gnutls_ocsp_resp_import(resp, NULL);
379 if (rc != GNUTLS_E_INVALID_REQUEST) {
380 fail("gnutls_ocsp_resp_import NULL\n");
384 rc = gnutls_ocsp_req_export(NULL, NULL);
385 if (rc != GNUTLS_E_INVALID_REQUEST) {
386 fail("gnutls_ocsp_req_export NULL\n");
390 rc = gnutls_ocsp_req_export(NULL, p);
391 if (rc != GNUTLS_E_INVALID_REQUEST) {
392 fail("gnutls_ocsp_req_export NULL\n");
396 rc = gnutls_ocsp_req_export(req, NULL);
397 if (rc != GNUTLS_E_INVALID_REQUEST) {
398 fail("gnutls_ocsp_req_export NULL\n");
402 rc = gnutls_ocsp_resp_export(NULL, NULL);
403 if (rc != GNUTLS_E_INVALID_REQUEST) {
404 fail("gnutls_ocsp_resp_export NULL\n");
408 rc = gnutls_ocsp_resp_export(NULL, p);
409 if (rc != GNUTLS_E_INVALID_REQUEST) {
410 fail("gnutls_ocsp_resp_export NULL\n");
414 rc = gnutls_ocsp_resp_export(resp, NULL);
415 if (rc != GNUTLS_E_INVALID_REQUEST) {
416 fail("gnutls_ocsp_resp_export NULL\n");
420 rc = gnutls_ocsp_req_get_version(NULL);
421 if (rc != GNUTLS_E_INVALID_REQUEST) {
422 fail("gnutls_ocsp_req_get_version NULL\n");
426 rc = gnutls_ocsp_req_get_cert_id(NULL, 0, NULL, NULL, NULL, NULL);
427 if (rc != GNUTLS_E_INVALID_REQUEST) {
428 fail("gnutls_ocsp_req_get_cert_id NULL\n");
432 rc = gnutls_ocsp_req_get_cert_id(req, 0, NULL, NULL, NULL, NULL);
433 if (rc != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
434 fail("gnutls_ocsp_req_get_cert_id empty\n");
438 rc = gnutls_ocsp_req_add_cert_id(NULL, 0, NULL, NULL, NULL);
439 if (rc != GNUTLS_E_INVALID_REQUEST) {
440 fail("gnutls_ocsp_req_add_cert_id NULL\n");
444 rc = gnutls_ocsp_req_add_cert_id(req, 0, NULL, NULL, NULL);
445 if (rc != GNUTLS_E_INVALID_REQUEST) {
446 fail("gnutls_ocsp_req_add_cert_id NULL\n");
450 rc = gnutls_ocsp_req_add_cert_id(req, GNUTLS_DIG_SHA1, NULL, NULL,
452 if (rc != GNUTLS_E_INVALID_REQUEST) {
453 fail("gnutls_ocsp_req_add_cert_id NULL\n");
457 rc = gnutls_ocsp_req_add_cert_id(req, GNUTLS_DIG_SHA1, p, NULL,
459 if (rc != GNUTLS_E_INVALID_REQUEST) {
460 fail("gnutls_ocsp_req_add_cert_id NULL\n");
464 rc = gnutls_ocsp_req_add_cert_id(req, GNUTLS_DIG_SHA1, NULL, p,
466 if (rc != GNUTLS_E_INVALID_REQUEST) {
467 fail("gnutls_ocsp_req_add_cert_id NULL\n");
471 rc = gnutls_ocsp_req_add_cert_id(req, GNUTLS_DIG_SHA1, NULL, NULL,
473 if (rc != GNUTLS_E_INVALID_REQUEST) {
474 fail("gnutls_ocsp_req_add_cert_id NULL\n");
478 rc = gnutls_ocsp_req_add_cert_id(req, GNUTLS_DIG_SHA1, p, p, NULL);
479 if (rc != GNUTLS_E_INVALID_REQUEST) {
480 fail("gnutls_ocsp_req_add_cert_id NULL\n");
484 rc = gnutls_ocsp_req_add_cert_id(req, GNUTLS_DIG_SHA1, p, NULL, p);
485 if (rc != GNUTLS_E_INVALID_REQUEST) {
486 fail("gnutls_ocsp_req_add_cert_id NULL\n");
490 rc = gnutls_ocsp_req_add_cert_id(req, GNUTLS_DIG_SHA1, NULL, p, p);
491 if (rc != GNUTLS_E_INVALID_REQUEST) {
492 fail("gnutls_ocsp_req_add_cert_id NULL\n");
496 rc = gnutls_ocsp_req_add_cert(NULL, 0, NULL, NULL);
497 if (rc != GNUTLS_E_INVALID_REQUEST) {
498 fail("gnutls_ocsp_req_add_cert_id NULL\n");
502 rc = gnutls_ocsp_req_add_cert(req, 0, NULL, NULL);
503 if (rc != GNUTLS_E_INVALID_REQUEST) {
504 fail("gnutls_ocsp_req_add_cert_id NULL\n");
509 rc = gnutls_ocsp_req_add_cert(req, 0, p, NULL);
510 if (rc != GNUTLS_E_INVALID_REQUEST) {
511 fail("gnutls_ocsp_req_add_cert_id NULL\n");
515 rc = gnutls_ocsp_req_add_cert(req, 0, NULL, p);
516 if (rc != GNUTLS_E_INVALID_REQUEST) {
517 fail("gnutls_ocsp_req_add_cert_id NULL\n");
521 rc = gnutls_ocsp_req_get_extension(NULL, 0, NULL, NULL, NULL);
522 if (rc != GNUTLS_E_INVALID_REQUEST) {
523 fail("gnutls_ocsp_req_get_extension NULL\n");
527 rc = gnutls_ocsp_req_get_extension(req, 0, NULL, NULL, NULL);
528 if (rc != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
529 fail("gnutls_ocsp_req_get_extension NULL\n");
533 rc = gnutls_ocsp_req_get_extension(req, 0, p, p, p);
534 if (rc != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
535 fail("gnutls_ocsp_req_get_extension NULL\n");
539 rc = gnutls_ocsp_req_set_extension(NULL, NULL, 0, NULL);
540 if (rc != GNUTLS_E_INVALID_REQUEST) {
541 fail("gnutls_ocsp_req_set_extension NULL\n");
545 rc = gnutls_ocsp_req_set_extension(req, NULL, 0, NULL);
546 if (rc != GNUTLS_E_INVALID_REQUEST) {
547 fail("gnutls_ocsp_req_set_extension NULL\n");
551 rc = gnutls_ocsp_req_set_extension(req, p, 0, NULL);
552 if (rc != GNUTLS_E_INVALID_REQUEST) {
553 fail("gnutls_ocsp_req_set_extension NULL\n");
557 rc = gnutls_ocsp_req_set_extension(req, NULL, 0, p);
558 if (rc != GNUTLS_E_INVALID_REQUEST) {
559 fail("gnutls_ocsp_req_set_extension NULL\n");
563 rc = gnutls_ocsp_req_get_nonce(NULL, NULL, NULL);
564 if (rc != GNUTLS_E_INVALID_REQUEST) {
565 fail("gnutls_ocsp_req_get_nonce NULL\n");
569 rc = gnutls_ocsp_req_get_nonce(NULL, NULL, p);
570 if (rc != GNUTLS_E_INVALID_REQUEST) {
571 fail("gnutls_ocsp_req_get_nonce NULL\n");
575 rc = gnutls_ocsp_req_set_nonce(NULL, 0, NULL);
576 if (rc != GNUTLS_E_INVALID_REQUEST) {
577 fail("gnutls_ocsp_req_set_nonce NULL\n");
581 rc = gnutls_ocsp_req_set_nonce(req, 0, NULL);
582 if (rc != GNUTLS_E_INVALID_REQUEST) {
583 fail("gnutls_ocsp_req_set_nonce NULL\n");
587 rc = gnutls_ocsp_req_randomize_nonce(NULL);
588 if (rc != GNUTLS_E_INVALID_REQUEST) {
589 fail("gnutls_ocsp_req_randomize_nonce NULL\n");
593 rc = gnutls_ocsp_resp_get_status(NULL);
594 if (rc != GNUTLS_E_INVALID_REQUEST) {
595 fail("gnutls_ocsp_resp_get_status NULL\n");
599 rc = gnutls_ocsp_resp_get_status(resp);
600 if (rc != GNUTLS_E_ASN1_VALUE_NOT_FOUND) {
601 fail("gnutls_ocsp_resp_get_status %d\n", rc);
605 rc = gnutls_ocsp_resp_get_response(NULL, NULL, NULL);
606 if (rc != GNUTLS_E_INVALID_REQUEST) {
607 fail("gnutls_ocsp_resp_get_response NULL\n");
611 rc = gnutls_ocsp_resp_get_response(NULL, p, p);
612 if (rc != GNUTLS_E_INVALID_REQUEST) {
613 fail("gnutls_ocsp_resp_get_response NULL\n");
617 rc = gnutls_ocsp_resp_get_response(resp, NULL, NULL);
618 if (rc != GNUTLS_E_SUCCESS) {
619 fail("gnutls_ocsp_resp_get_response %d\n", rc);
623 rc = gnutls_ocsp_resp_get_version(NULL);
624 if (rc != GNUTLS_E_INVALID_REQUEST) {
625 fail("gnutls_ocsp_resp_get_version NULL\n");
629 rc = gnutls_ocsp_resp_get_version(resp);
631 fail("gnutls_ocsp_resp_get_version ret %d\n", rc);
635 rc = gnutls_ocsp_resp_get_responder(NULL, NULL);
636 if (rc != GNUTLS_E_INVALID_REQUEST) {
637 fail("gnutls_ocsp_resp_get_responder NULL\n");
641 rc = gnutls_ocsp_resp_get_responder(resp, NULL);
642 if (rc != GNUTLS_E_INVALID_REQUEST) {
643 fail("gnutls_ocsp_resp_get_responder 2nd %d\n", rc);
647 rc = gnutls_ocsp_resp_get_responder(resp, &dat);
648 if (rc != GNUTLS_E_SUCCESS || dat.size != 0) {
649 fail("gnutls_ocsp_resp_get_responder %d\n", rc);
653 gnutls_free(dat.data);
655 gnutls_ocsp_req_deinit(req);
656 gnutls_ocsp_resp_deinit(resp);
659 /* import a request, query some fields and print and export it */
660 static void req_parse(void)
662 gnutls_ocsp_req_t req;
668 ret = gnutls_ocsp_req_init(&req);
670 fail("gnutls_ocsp_req_init\n");
674 /* import ocsp request */
676 ret = gnutls_ocsp_req_import(req, &req1);
678 fail("gnutls_ocsp_req_import %d\n", ret);
682 /* simple version query */
684 ret = gnutls_ocsp_req_get_version(req);
686 fail("gnutls_ocsp_req_get_version %d\n", ret);
692 gnutls_datum_t expect =
693 { (unsigned char *) REQ1NONCE + 2,
694 sizeof(REQ1NONCE) - 3 };
696 unsigned int critical;
698 ret = gnutls_ocsp_req_get_nonce(req, &critical, &got);
700 fail("gnutls_ocsp_req_get_nonce %d\n", ret);
705 fail("unexpected critical %d\n", critical);
709 if (expect.size != got.size ||
710 memcmp(expect.data, got.data, got.size) != 0) {
711 fail("ocsp request nonce memcmp failed\n");
715 gnutls_free(got.data);
720 ret = gnutls_ocsp_req_print(req, GNUTLS_OCSP_PRINT_FULL, &d);
722 fail("gnutls_ocsp_req_print\n");
726 if (strlen(REQ1INFO) != d.size - 1 ||
727 memcmp(REQ1INFO, d.data, strlen(REQ1INFO)) != 0) {
728 printf("expected (len %ld):\n%s\ngot (len %d):\n%.*s\n",
729 strlen(REQ1INFO), REQ1INFO, (int) d.size - 1,
730 (int) d.size, d.data);
731 fail("ocsp request print failed\n");
737 ret = gnutls_ocsp_req_export(req, &d);
739 fail("gnutls_ocsp_req_export %d\n", ret);
743 /* compare against earlier imported bytes */
745 if (req1.size != d.size || memcmp(req1.data, d.data, d.size) != 0) {
746 fail("ocsp request export memcmp failed\n");
751 /* test setting nonce */
753 gnutls_datum_t n1 = { (unsigned char *) "foo", 3 };
754 gnutls_datum_t n2 = { (unsigned char *) "foobar", 6 };
758 ret = gnutls_ocsp_req_set_nonce(req, 0, &n1);
760 fail("gnutls_ocsp_req_set_nonce %d\n", ret);
764 ret = gnutls_ocsp_req_get_nonce(req, &critical, &got);
766 fail("gnutls_ocsp_req_get_nonce %d\n", ret);
771 fail("unexpected critical %d\n", critical);
775 if (n1.size != got.size ||
776 memcmp(n1.data, got.data, got.size) != 0) {
777 fail("ocsp request parse nonce memcmp failed\n");
781 gnutls_free(got.data);
783 /* set another time */
785 ret = gnutls_ocsp_req_set_nonce(req, 1, &n2);
787 fail("gnutls_ocsp_req_set_nonce %d\n", ret);
791 ret = gnutls_ocsp_req_get_nonce(req, &critical, &got);
793 fail("gnutls_ocsp_req_get_nonce %d\n", ret);
798 fail("unexpected critical %d\n", critical);
802 if (n2.size != got.size ||
803 memcmp(n2.data, got.data, got.size) != 0) {
804 fail("ocsp request parse2 nonce memcmp failed\n");
808 gnutls_free(got.data);
810 /* randomize nonce */
812 ret = gnutls_ocsp_req_randomize_nonce(req);
814 fail("gnutls_ocsp_req_randomize_nonce %d\n", ret);
818 ret = gnutls_ocsp_req_get_nonce(req, &critical, &n1);
820 fail("gnutls_ocsp_req_get_nonce %d\n", ret);
825 fail("unexpected random critical %d\n", critical);
829 ret = gnutls_ocsp_req_randomize_nonce(req);
831 fail("gnutls_ocsp_req_randomize_nonce %d\n", ret);
835 ret = gnutls_ocsp_req_get_nonce(req, &critical, &n2);
837 fail("gnutls_ocsp_req_get_nonce %d\n", ret);
842 fail("unexpected random critical %d\n", critical);
846 if (n2.size == got.size
847 && memcmp(n1.data, n2.data, n1.size) == 0) {
848 fail("ocsp request random nonce memcmp failed\n");
852 gnutls_free(n1.data);
853 gnutls_free(n2.data);
858 gnutls_ocsp_req_deinit(req);
861 /* check that creating a request (using low-level add_cert_id) ends up
862 with same DER as above. */
863 static void req_addcert_id(void)
865 gnutls_ocsp_req_t req;
871 ret = gnutls_ocsp_req_init(&req);
873 fail("gnutls_ocsp_req_init\n");
877 /* add ocsp request nonce */
880 gnutls_datum_t nonce =
881 { (unsigned char *) REQ1NONCE, sizeof(REQ1NONCE) - 1 };
884 gnutls_ocsp_req_set_extension(req,
885 "1.3.6.1.5.5.7.48.1.2",
888 fail("gnutls_ocsp_req_set_extension %d\n", ret);
895 gnutls_datum_t issuer_name_hash =
896 { (unsigned char *) REQ1INH, sizeof(REQ1INH) - 1 };
897 gnutls_datum_t issuer_key_hash =
898 { (unsigned char *) REQ1IKH, sizeof(REQ1IKH) - 1 };
899 gnutls_datum_t serial_number =
900 { (unsigned char *) REQ1SN, sizeof(REQ1SN) - 1 };
902 ret = gnutls_ocsp_req_add_cert_id(req, GNUTLS_DIG_SHA1,
907 fail("gnutls_ocsp_add_cert_id %d\n", ret);
914 ret = gnutls_ocsp_req_print(req, GNUTLS_OCSP_PRINT_FULL, &d);
916 fail("gnutls_ocsp_req_print\n");
920 if (strlen(REQ1INFO) != d.size - 1 ||
921 memcmp(REQ1INFO, d.data, strlen(REQ1INFO)) != 0) {
922 printf("expected (len %ld):\n%s\ngot (len %d):\n%.*s\n",
923 strlen(REQ1INFO), REQ1INFO, (int) d.size - 1,
924 (int) d.size, d.data);
925 fail("ocsp request print failed\n");
931 ret = gnutls_ocsp_req_export(req, &d);
933 fail("gnutls_ocsp_req_export %d\n", ret);
937 /* compare against earlier imported bytes */
939 if (req1.size != d.size || memcmp(req1.data, d.data, d.size) != 0) {
940 fail("ocsp request export memcmp failed\n");
947 gnutls_ocsp_req_deinit(req);
950 /* check that creating a request (using high-level add_cert) ends up
951 with same DER as above. */
952 static void req_addcert(void)
954 gnutls_ocsp_req_t req;
960 ret = gnutls_ocsp_req_init(&req);
962 fail("gnutls_ocsp_req_init\n");
966 /* add ocsp request nonce */
969 gnutls_datum_t nonce =
970 { (unsigned char *) REQ1NONCE, sizeof(REQ1NONCE) - 1 };
973 gnutls_ocsp_req_set_extension(req,
974 "1.3.6.1.5.5.7.48.1.2",
977 fail("gnutls_ocsp_req_set_extension %d\n", ret);
984 gnutls_x509_crt_t issuer = NULL, subject = NULL;
986 ret = gnutls_x509_crt_init(&issuer);
988 fail("gnutls_x509_crt_init (issuer) %d\n", ret);
992 ret = gnutls_x509_crt_init(&subject);
994 fail("gnutls_x509_crt_init (subject) %d\n", ret);
999 gnutls_x509_crt_import(issuer, &issuer_data,
1000 GNUTLS_X509_FMT_PEM);
1002 fail("gnutls_x509_crt_import (issuer) %d\n", ret);
1007 gnutls_x509_crt_import(subject, &subject_data,
1008 GNUTLS_X509_FMT_PEM);
1010 fail("gnutls_x509_crt_import (subject) %d\n", ret);
1014 ret = gnutls_ocsp_req_add_cert(req, GNUTLS_DIG_SHA1,
1017 fail("gnutls_ocsp_add_cert %d\n", ret);
1021 gnutls_x509_crt_deinit(subject);
1022 gnutls_x509_crt_deinit(issuer);
1027 ret = gnutls_ocsp_req_print(req, GNUTLS_OCSP_PRINT_FULL, &d);
1029 fail("gnutls_ocsp_req_print\n");
1033 if (strlen(REQ1INFO) != d.size - 1 ||
1034 memcmp(REQ1INFO, d.data, strlen(REQ1INFO)) != 0) {
1035 printf("expected (len %ld):\n%s\ngot (len %d):\n%.*s\n",
1036 strlen(REQ1INFO), REQ1INFO, (int) d.size - 1,
1037 (int) d.size, d.data);
1038 fail("ocsp request print failed\n");
1041 gnutls_free(d.data);
1044 ret = gnutls_ocsp_req_export(req, &d);
1046 fail("gnutls_ocsp_req_export %d\n", ret);
1050 /* compare against earlier imported bytes */
1052 if (req1.size != d.size || memcmp(req1.data, d.data, d.size) != 0) {
1053 fail("ocsp request export memcmp failed\n");
1056 gnutls_free(d.data);
1060 gnutls_ocsp_req_deinit(req);
1063 static void resp_import(void)
1065 gnutls_ocsp_resp_t resp;
1071 ret = gnutls_ocsp_resp_init(&resp);
1073 fail("gnutls_ocsp_resp_init\n");
1077 /* import ocsp response */
1079 ret = gnutls_ocsp_resp_import(resp, &resp1);
1081 fail("gnutls_ocsp_resp_import[%d]: %s\n", __LINE__, gnutls_strerror(ret));
1085 /* print response */
1087 ret = gnutls_ocsp_resp_print(resp, GNUTLS_OCSP_PRINT_FULL, &d);
1089 fail("gnutls_ocsp_resp_print\n");
1093 if (strlen(RESP1INFO) != d.size - 1 ||
1094 memcmp(RESP1INFO, d.data, strlen(RESP1INFO)) != 0) {
1095 printf("expected (len %ld):\n%s\ngot (len %d):\n%.*s\n",
1096 strlen(RESP1INFO), RESP1INFO, (int) d.size - 1,
1097 (int) d.size, d.data);
1098 fail("ocsp response print failed\n");
1101 gnutls_free(d.data);
1103 /* import ocsp response */
1105 ret = gnutls_ocsp_resp_import(resp, &resp2);
1107 fail("gnutls_ocsp_resp_import[%d]: %s\n", __LINE__, gnutls_strerror(ret));
1111 /* print response */
1113 ret = gnutls_ocsp_resp_print(resp, GNUTLS_OCSP_PRINT_FULL, &d);
1115 fail("gnutls_ocsp_resp_print\n");
1119 if (memcmp(RESP2INFO, d.data, strlen(RESP2INFO)) != 0) {
1120 printf("expected (len %ld):\n%s\ngot (len %d):\n%.*s\n",
1121 strlen(RESP2INFO), RESP2INFO, (int) d.size - 1,
1122 (int) d.size, d.data);
1123 fail("ocsp response print failed\n");
1126 gnutls_free(d.data);
1130 gnutls_ocsp_resp_deinit(resp);
1132 /* import ocsp response 3*/
1134 ret = gnutls_ocsp_resp_init(&resp);
1136 fail("gnutls_ocsp_resp_init\n");
1140 ret = gnutls_ocsp_resp_import(resp, &resp3);
1142 fail("gnutls_ocsp_resp_import[%d]: %s\n", __LINE__, gnutls_strerror(ret));
1146 /* print response */
1148 ret = gnutls_ocsp_resp_print(resp, GNUTLS_OCSP_PRINT_FULL, &d);
1150 fail("gnutls_ocsp_resp_print 3\n");
1154 if (memcmp(RESP3INFO, d.data, strlen(RESP3INFO)) != 0) {
1155 printf("expected (len %ld):\n%s\ngot (len %d):\n%.*s\n",
1156 strlen(RESP3INFO), RESP3INFO, (int) d.size - 1,
1157 (int) d.size, d.data);
1158 fail("ocsp response 3 print failed\n");
1161 gnutls_free(d.data);
1165 gnutls_ocsp_resp_deinit(resp);
1168 static void resp_verify(void)
1170 gnutls_ocsp_resp_t resp;
1172 gnutls_x509_crt_t cert = NULL, issuer = NULL, signer = NULL;
1173 gnutls_x509_trust_list_t list;
1178 ret = gnutls_ocsp_resp_init(&resp);
1180 fail("gnutls_ocsp_resp_init\n");
1184 /* import ocsp response */
1186 ret = gnutls_ocsp_resp_import(resp, &blog_resp);
1188 fail("gnutls_ocsp_resp_import %d\n", ret);
1192 ret = gnutls_x509_crt_init(&cert);
1194 fail("gnutls_x509_crt_init (cert) %d\n", ret);
1198 ret = gnutls_x509_crt_init(&issuer);
1200 fail("gnutls_x509_crt_init (issuer) %d\n", ret);
1204 ret = gnutls_x509_crt_init(&signer);
1206 fail("gnutls_x509_crt_init (signer) %d\n", ret);
1211 gnutls_x509_crt_import(cert, &blog_cert_data,
1212 GNUTLS_X509_FMT_PEM);
1214 fail("gnutls_x509_crt_import (cert) %d\n", ret);
1219 gnutls_x509_crt_import(issuer, &blog_issuer_data,
1220 GNUTLS_X509_FMT_PEM);
1222 fail("gnutls_x509_crt_import (issuer) %d\n", ret);
1227 gnutls_x509_crt_import(signer, &blog_signer_data,
1228 GNUTLS_X509_FMT_PEM);
1230 fail("gnutls_x509_crt_import (signer) %d\n", ret);
1234 /* check direct verify with signer (should succeed) */
1236 ret = gnutls_ocsp_resp_verify_direct(resp, signer, &verify, 0);
1238 fail("gnutls_ocsp_resp_verify_direct (signer) %d\n", ret);
1243 fail("gnutls_ocsp_resp_verify_direct %d\n", verify);
1247 /* check direct verify with cert (should fail) */
1249 ret = gnutls_ocsp_resp_verify_direct(resp, cert, &verify, 0);
1251 fail("gnutls_ocsp_resp_verify_direct (cert) %d\n", ret);
1255 if (verify != GNUTLS_OCSP_VERIFY_UNTRUSTED_SIGNER) {
1256 fail("gnutls_ocsp_resp_verify_direct3 %d\n", verify);
1260 /* check trust verify with issuer (should succeed) */
1262 ret = gnutls_x509_trust_list_init(&list, 0);
1264 fail("gnutls_x509_trust_list_init %d\n", ret);
1268 ret = gnutls_x509_trust_list_add_cas(list, &issuer, 1, 0);
1270 fail("gnutls_x509_trust_list_add_cas %d\n", ret);
1274 ret = gnutls_ocsp_resp_verify(resp, list, &verify, 0);
1276 fail("gnutls_ocsp_resp_verify (issuer) %d\n", ret);
1281 fail("gnutls_ocsp_resp_verify %d\n", verify);
1285 gnutls_x509_trust_list_deinit(list, 0);
1287 /* check trust verify with signer (should succeed) */
1289 ret = gnutls_x509_trust_list_init(&list, 0);
1291 fail("gnutls_x509_trust_list_init %d\n", ret);
1295 ret = gnutls_x509_trust_list_add_cas(list, &signer, 1, 0);
1297 fail("gnutls_x509_trust_list_add_cas %d\n", ret);
1301 ret = gnutls_ocsp_resp_verify(resp, list, &verify, 0);
1303 fail("gnutls_ocsp_resp_verify (issuer) %d\n", ret);
1308 fail("gnutls_ocsp_resp_verify %d\n", verify);
1312 gnutls_x509_trust_list_deinit(list, 0);
1314 /* check trust verify with cert (should fail) */
1316 ret = gnutls_x509_trust_list_init(&list, 0);
1318 fail("gnutls_x509_trust_list_init %d\n", ret);
1322 ret = gnutls_x509_trust_list_add_cas(list, &cert, 1, 0);
1324 fail("gnutls_x509_trust_list_add_cas %d\n", ret);
1328 ret = gnutls_ocsp_resp_verify(resp, list, &verify, 0);
1330 fail("gnutls_ocsp_resp_verify (issuer) %d\n", ret);
1334 if (verify != GNUTLS_OCSP_VERIFY_UNTRUSTED_SIGNER) {
1335 fail("gnutls_ocsp_resp_verify %d\n", verify);
1339 gnutls_x509_trust_list_deinit(list, 0);
1341 /* check trust verify with all certs (should succeed) */
1343 ret = gnutls_x509_trust_list_init(&list, 0);
1345 fail("gnutls_x509_trust_list_init %d\n", ret);
1349 ret = gnutls_x509_trust_list_add_cas(list, &cert, 1, 0);
1351 fail("gnutls_x509_trust_list_add_cas %d\n", ret);
1355 ret = gnutls_x509_trust_list_add_cas(list, &issuer, 1, 0);
1357 fail("gnutls_x509_trust_list_add_cas %d\n", ret);
1361 ret = gnutls_x509_trust_list_add_cas(list, &signer, 1, 0);
1363 fail("gnutls_x509_trust_list_add_cas %d\n", ret);
1367 ret = gnutls_ocsp_resp_verify(resp, list, &verify, 0);
1369 fail("gnutls_ocsp_resp_verify (issuer) %d\n", ret);
1374 fail("gnutls_ocsp_resp_verify %d\n", verify);
1378 gnutls_x509_trust_list_deinit(list, 0);
1382 gnutls_ocsp_resp_deinit(resp);
1383 gnutls_x509_crt_deinit(cert);
1384 gnutls_x509_crt_deinit(issuer);
1385 gnutls_x509_crt_deinit(signer);
1392 ret = global_init();
1394 fail("global_init\n");
1398 gnutls_global_set_time_function(mytime);
1399 gnutls_global_set_log_function(tls_log_func);
1401 gnutls_global_set_log_level(99);
1403 ocsp_invalid_calls();
1412 gnutls_global_deinit();
projects / platform / upstream / gnutls.git / blob