diff options
| author | Ingela Anderton Andin <[email protected]> | 2016-06-14 10:47:38 +0200 |
|---|---|---|
| committer | Ingela Anderton Andin <[email protected]> | 2016-06-14 10:47:38 +0200 |
| commit | 5268c7b957c30c31e551f197463cdd55a792ea69 (patch) | |
| tree | 880afe20bbbc06587fe175a8de90a6f4483b0e79 /lib/public_key/test | |
| parent | 1418cbbb689dc2c88ecceaedb4eba33061d338e7 (diff) | |
| parent | c3e06e575b06f25601fdc60f4142a0d6b9e6eb7a (diff) | |
| download | otp-5268c7b957c30c31e551f197463cdd55a792ea69.tar.gz otp-5268c7b957c30c31e551f197463cdd55a792ea69.tar.bz2 otp-5268c7b957c30c31e551f197463cdd55a792ea69.zip | |
Merge branch 'legoscia/ssl_crl_hash_dir-bis/PR-982/OTP-13530'
* legoscia/ssl_crl_hash_dir-bis/PR-982/OTP-13530:
Skip crl_hash_dir_expired test for LibreSSL
Add ssl_crl_hash_dir module
Function for generating OpenSSL-style name hashes
Add public_key:pkix_match_dist_point
Improve formatting for crl_{check,cache} options
Add issuer arg to ssl_crl_cache_api lookup callback
Conflicts:
lib/public_key/test/public_key_SUITE.erl
Diffstat (limited to 'lib/public_key/test')
| -rw-r--r-- | lib/public_key/test/public_key_SUITE.erl | 39 |
1 files changed, 38 insertions, 1 deletions
diff --git a/lib/public_key/test/public_key_SUITE.erl b/lib/public_key/test/public_key_SUITE.erl index 71a77efa2e..2a84bb8121 100644 --- a/lib/public_key/test/public_key_SUITE.erl +++ b/lib/public_key/test/public_key_SUITE.erl @@ -44,7 +44,8 @@ all() -> encrypt_decrypt, {group, sign_verify}, pkix, pkix_countryname, pkix_emailaddress, pkix_path_validation, - pkix_iso_rsa_oid, pkix_iso_dsa_oid, pkix_crl, general_name]. + pkix_iso_rsa_oid, pkix_iso_dsa_oid, pkix_crl, general_name + short_cert_issuer_hash, short_crl_issuer_hash]. groups() -> [{pem_decode_encode, [], [dsa_pem, rsa_pem, ec_pem, encrypted_pem, @@ -817,6 +818,42 @@ general_name(Config) when is_list(Config) -> authorityCertSerialNumber = 1}). %%-------------------------------------------------------------------- +short_cert_issuer_hash() -> + [{doc, "Test OpenSSL-style hash for certificate issuer"}]. + +short_cert_issuer_hash(Config) when is_list(Config) -> + Datadir = ?config(data_dir, Config), + [{'Certificate', CertDER, _}] = + erl_make_certs:pem_to_der(filename:join(Datadir, "client_cert.pem")), + + %% This hash value was obtained by running: + %% openssl x509 -in client_cert.pem -issuer_hash -noout + CertIssuerHash = "d4c8d7e5", + + #'OTPCertificate'{tbsCertificate = #'OTPTBSCertificate'{issuer = Issuer}} = + public_key:pkix_decode_cert(CertDER, otp), + + CertIssuerHash = public_key:short_name_hash(Issuer). + +%%-------------------------------------------------------------------- +short_crl_issuer_hash() -> + [{doc, "Test OpenSSL-style hash for CRL issuer"}]. + +short_crl_issuer_hash(Config) when is_list(Config) -> + Datadir = ?config(data_dir, Config), + [{'CertificateList', CrlDER, _}] = + erl_make_certs:pem_to_der(filename:join(Datadir, "idp_crl.pem")), + + %% This hash value was obtained by running: + %% openssl crl -in idp_crl.pem -hash -noout + CrlIssuerHash = "d6134ed3", + + Issuer = public_key:pkix_crl_issuer(CrlDER), + + CrlIssuerHash = public_key:short_name_hash(Issuer). + + +%%-------------------------------------------------------------------- %% Internal functions ------------------------------------------------ %%-------------------------------------------------------------------- asn1_encode_decode({Asn1Type, Der, not_encrypted} = Entry) -> |