1 1.1 christos #! /usr/bin/env perl 2 1.1 christos # Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. 3 1.1 christos # 4 1.1 christos # Licensed under the Apache License 2.0 (the "License"). You may not use 5 1.1 christos # this file except in compliance with the License. You can obtain a copy 6 1.1 christos # in the file LICENSE in the source distribution or at 7 1.1 christos # https://www.openssl.org/source/license.html 8 1.1 christos 9 1.1 christos 10 1.1 christos use strict; 11 1.1 christos use warnings; 12 1.1 christos 13 1.1 christos use File::Spec; 14 1.1 christos use OpenSSL::Test::Utils; 15 1.1 christos use OpenSSL::Test qw/:DEFAULT srctop_file with/; 16 1.1 christos 17 1.1 christos setup("test_eai_data"); 18 1.1 christos 19 1.1 christos #./util/wrap.pl apps/openssl verify -nameopt utf8 -no_check_time -CAfile test/recipes/25-test_eai_data/ascii_chain.pem test/recipes/25-test_eai_data/ascii_leaf.pem 20 1.1 christos #./util/wrap.pl apps/openssl verify -nameopt utf8 -no_check_time -CAfile test/recipes/25-test_eai_data/utf8_chain.pem test/recipes/25-test_eai_data/utf8_leaf.pem 21 1.1 christos #./util/wrap.pl apps/openssl verify -nameopt utf8 -no_check_time -CAfile test/recipes/25-test_eai_data/utf8_chain.pem test/recipes/25-test_eai_data/ascii_leaf.pem 22 1.1 christos #./util/wrap.pl apps/openssl verify -nameopt utf8 -no_check_time -CAfile test/recipes/25-test_eai_data/ascii_chain.pem test/recipes/25-test_eai_data/utf8_leaf.pem 23 1.1 christos 24 1.1 christos plan tests => 16; 25 1.1 christos 26 1.1 christos require_ok(srctop_file('test','recipes','tconversion.pl')); 27 1.1 christos my $folder = "test/recipes/25-test_eai_data"; 28 1.1 christos 29 1.1 christos my $ascii_pem = srctop_file($folder, "ascii_leaf.pem"); 30 1.1 christos my $utf8_pem = srctop_file($folder, "utf8_leaf.pem"); 31 1.1 christos my $kdc_pem = srctop_file($folder, "kdc-cert.pem"); 32 1.1 christos 33 1.1 christos my $ascii_chain_pem = srctop_file($folder, "ascii_chain.pem"); 34 1.1 christos my $utf8_chain_pem = srctop_file($folder, "utf8_chain.pem"); 35 1.1 christos my $kdc_chain_pem = srctop_file($folder, "kdc-root-cert.pem"); 36 1.1 christos 37 1.1 christos my $out; 38 1.1 christos my $outcnt = 0; 39 1.1 christos sub outname { 40 1.1 christos $outcnt++; 41 1.1 christos return "sanout-$outcnt.tmp"; 42 1.1 christos } 43 1.1 christos 44 1.1 christos $out = outname(); 45 1.1 christos ok(run(app(["openssl", "x509", "-ext", "subjectAltName", "-in", $ascii_pem, "-noout", "-out", $out]))); 46 1.1 christos is(cmp_text($out, srctop_file($folder, "san.ascii")), 0, 'Comparing othername for ASCII domain'); 47 1.1 christos 48 1.1 christos $out = outname(); 49 1.1 christos ok(run(app(["openssl", "x509", "-ext", "subjectAltName", "-in", $utf8_pem, "-noout", "-out", $out]))); 50 1.1 christos is(cmp_text($out, srctop_file($folder, "san.utf8")), 0, 'Comparing othername for IDN domain'); 51 1.1 christos 52 1.1 christos SKIP: { 53 1.1 christos skip "Unicode tests disabled on MingW", 2 if $^O =~ /^msys$/; 54 1.1 christos 55 1.1 christos ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-verify_email", "\@elementary.school.example.com", "-CAfile", $ascii_chain_pem, $ascii_pem]))); 56 1.1 christos ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-verify_email", "\@.example.com", "-CAfile", $utf8_chain_pem, $utf8_pem]))); 57 1.1 christos } 58 1.1 christos 59 1.1 christos ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $ascii_chain_pem, $ascii_pem]))); 60 1.1 christos ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $utf8_chain_pem, $utf8_pem]))); 61 1.1 christos ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $kdc_chain_pem, $kdc_pem]))); 62 1.1 christos 63 1.1 christos ok(!run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $ascii_chain_pem, $utf8_pem]))); 64 1.1 christos ok(!run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $utf8_chain_pem, $ascii_pem]))); 65 1.1 christos 66 1.1 christos # Check an otherName does not get misparsed as an DNS name, (should trigger ASAN errors if violated). 67 1.1 christos ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-verify_hostname", 'mx1.example.com', "-CAfile", $kdc_chain_pem, $kdc_pem]))); 68 1.1 christos # Check an otherName does not get misparsed as an email address, (should trigger ASAN errors if violated). 69 1.1 christos ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-verify_email", 'joe (at] example.com', "-CAfile", $kdc_chain_pem, $kdc_pem]))); 70 1.1 christos # We expect SmtpUTF8Mailbox to be a UTF8 String, not an IA5String. 71 1.1 christos ok(!run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-verify_email", 'moe (at] example.com', "-CAfile", $kdc_chain_pem, $kdc_pem]))); 72 1.1 christos 73 1.1 christos #Check that we get the expected failure return code 74 1.1 christos with({ exit_checker => sub { return shift == 2; } }, 75 1.1 christos sub { 76 1.1 christos ok(run(app(["openssl", "verify", "-CAfile", 77 1.1 christos srctop_file("test", "certs", "bad-othername-namec.pem"), 78 1.1 christos "-partial_chain", "-no_check_time", "-verify_email", 79 1.1 christos 'foo (at] example.com', 80 1.1 christos srctop_file("test", "certs", "bad-othername-namec.pem")]))); 81 1.1 christos }); 82 1.1 christos 83
Indexes created Sat Feb 28 05:31:39 UTC 2026