Home | History | Annotate | Line # | Download | only in recipes 
      1 #! /usr/bin/env perl
      2 # Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
      3 #
      4 # Licensed under the Apache License 2.0 (the "License").  You may not use
      5 # this file except in compliance with the License.  You can obtain a copy
      6 # in the file LICENSE in the source distribution or at
      7 # https://www.openssl.org/source/license.html
      8 
      9 
     10 use strict;
     11 use warnings;
     12 
     13 use File::Spec;
     14 use OpenSSL::Test::Utils;
     15 use OpenSSL::Test qw/:DEFAULT srctop_file with/;
     16 
     17 setup("test_eai_data");
     18 
     19 #./util/wrap.pl apps/openssl verify -nameopt utf8 -no_check_time -CAfile test/recipes/25-test_eai_data/ascii_chain.pem test/recipes/25-test_eai_data/ascii_leaf.pem
     20 #./util/wrap.pl apps/openssl verify -nameopt utf8 -no_check_time -CAfile test/recipes/25-test_eai_data/utf8_chain.pem test/recipes/25-test_eai_data/utf8_leaf.pem
     21 #./util/wrap.pl apps/openssl verify -nameopt utf8 -no_check_time -CAfile test/recipes/25-test_eai_data/utf8_chain.pem test/recipes/25-test_eai_data/ascii_leaf.pem
     22 #./util/wrap.pl apps/openssl verify -nameopt utf8 -no_check_time -CAfile test/recipes/25-test_eai_data/ascii_chain.pem test/recipes/25-test_eai_data/utf8_leaf.pem
     23 
     24 plan tests => 16;
     25 
     26 require_ok(srctop_file('test','recipes','tconversion.pl'));
     27 my $folder = "test/recipes/25-test_eai_data";
     28 
     29 my $ascii_pem = srctop_file($folder, "ascii_leaf.pem");
     30 my $utf8_pem  = srctop_file($folder, "utf8_leaf.pem");
     31 my $kdc_pem   = srctop_file($folder, "kdc-cert.pem");
     32 
     33 my $ascii_chain_pem = srctop_file($folder, "ascii_chain.pem");
     34 my $utf8_chain_pem  = srctop_file($folder, "utf8_chain.pem");
     35 my $kdc_chain_pem  = srctop_file($folder, "kdc-root-cert.pem");
     36 
     37 my $out;
     38 my $outcnt = 0;
     39 sub outname {
     40     $outcnt++;
     41     return "sanout-$outcnt.tmp";
     42 }
     43 
     44 $out = outname();
     45 ok(run(app(["openssl", "x509", "-ext", "subjectAltName", "-in", $ascii_pem, "-noout", "-out", $out])));
     46 is(cmp_text($out, srctop_file($folder, "san.ascii")), 0, 'Comparing othername for ASCII domain');
     47 
     48 $out = outname();
     49 ok(run(app(["openssl", "x509", "-ext", "subjectAltName", "-in", $utf8_pem, "-noout", "-out", $out])));
     50 is(cmp_text($out, srctop_file($folder, "san.utf8")), 0, 'Comparing othername for IDN domain');
     51 
     52 SKIP: {
     53     skip "Unicode tests disabled on MingW", 2 if $^O =~ /^msys$/;
     54 
     55     ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-verify_email", "\@elementary.school.example.com", "-CAfile", $ascii_chain_pem, $ascii_pem])));
     56     ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-verify_email", "\@.example.com", "-CAfile", $utf8_chain_pem, $utf8_pem])));
     57 }
     58 
     59 ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $ascii_chain_pem, $ascii_pem])));
     60 ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $utf8_chain_pem, $utf8_pem])));
     61 ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $kdc_chain_pem, $kdc_pem])));
     62 
     63 ok(!run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $ascii_chain_pem, $utf8_pem])));
     64 ok(!run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $utf8_chain_pem,  $ascii_pem])));
     65 
     66 # Check an otherName does not get misparsed as an DNS name, (should trigger ASAN errors if violated).
     67 ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-verify_hostname", 'mx1.example.com', "-CAfile", $kdc_chain_pem,  $kdc_pem])));
     68 # Check an otherName does not get misparsed as an email address, (should trigger ASAN errors if violated).
     69 ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-verify_email", 'joe (at] example.com', "-CAfile", $kdc_chain_pem,  $kdc_pem])));
     70 # We expect SmtpUTF8Mailbox to be a UTF8 String, not an IA5String.
     71 ok(!run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-verify_email", 'moe (at] example.com', "-CAfile", $kdc_chain_pem,  $kdc_pem])));
     72 
     73 #Check that we get the expected failure return code
     74 with({ exit_checker => sub { return shift == 2; } },
     75      sub {
     76         ok(run(app(["openssl", "verify", "-CAfile",
     77                     srctop_file("test", "certs", "bad-othername-namec.pem"),
     78                     "-partial_chain", "-no_check_time", "-verify_email",
     79                     'foo (at] example.com',
     80                     srctop_file("test", "certs", "bad-othername-namec.pem")])));
     81      });
     82 
     83