2 # Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
4 # Licensed under the OpenSSL license (the "License"). You may not use
5 # this file except in compliance with the License. You can obtain a copy
6 # in the file LICENSE in the source distribution or at
7 # https://www.openssl.org/source/license.html
13 use File::Spec::Functions qw/canonpath/;
14 use OpenSSL::Test qw/:DEFAULT srctop_file/;
19 my ($cert, $purpose, $trusted, $untrusted, @opts) = @_;
20 my @args = qw(openssl verify -auth_level 1 -purpose);
21 my @path = qw(test certs);
22 push(@args, "$purpose", @opts);
24 push(@args, "-trusted", srctop_file(@path, "$_.pem"))
27 push(@args, "-untrusted", srctop_file(@path, "$_.pem"))
29 push(@args, srctop_file(@path, "$cert.pem"));
36 ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]),
37 "accept compat trust");
40 ok(!verify("ee-cert", "sslserver", [qw(root-nonca)], [qw(ca-cert)]),
41 "fail trusted non-ca root");
42 ok(!verify("ee-cert", "sslserver", [qw(nroot+serverAuth)], [qw(ca-cert)]),
43 "fail server trust non-ca root");
44 ok(!verify("ee-cert", "sslserver", [qw(nroot+anyEKU)], [qw(ca-cert)]),
45 "fail wildcard trust non-ca root");
46 ok(!verify("ee-cert", "sslserver", [qw(root-cert2)], [qw(ca-cert)]),
47 "fail wrong root key");
48 ok(!verify("ee-cert", "sslserver", [qw(root-name2)], [qw(ca-cert)]),
49 "fail wrong root DN");
51 # Explicit trust/purpose combinations
53 ok(verify("ee-cert", "sslserver", [qw(sroot-cert)], [qw(ca-cert)]),
54 "accept server purpose");
55 ok(!verify("ee-cert", "sslserver", [qw(croot-cert)], [qw(ca-cert)]),
56 "fail client purpose");
57 ok(verify("ee-cert", "sslserver", [qw(root+serverAuth)], [qw(ca-cert)]),
58 "accept server trust");
59 ok(verify("ee-cert", "sslserver", [qw(sroot+serverAuth)], [qw(ca-cert)]),
60 "accept server trust with server purpose");
61 ok(verify("ee-cert", "sslserver", [qw(croot+serverAuth)], [qw(ca-cert)]),
62 "accept server trust with client purpose");
64 ok(verify("ee-cert", "sslserver", [qw(root+anyEKU)], [qw(ca-cert)]),
65 "accept wildcard trust");
66 ok(verify("ee-cert", "sslserver", [qw(sroot+anyEKU)], [qw(ca-cert)]),
67 "accept wildcard trust with server purpose");
68 ok(verify("ee-cert", "sslserver", [qw(croot+anyEKU)], [qw(ca-cert)]),
69 "accept wildcard trust with client purpose");
70 # Inapplicable mistrust
71 ok(verify("ee-cert", "sslserver", [qw(root-clientAuth)], [qw(ca-cert)]),
72 "accept client mistrust");
73 ok(verify("ee-cert", "sslserver", [qw(sroot-clientAuth)], [qw(ca-cert)]),
74 "accept client mistrust with server purpose");
75 ok(!verify("ee-cert", "sslserver", [qw(croot-clientAuth)], [qw(ca-cert)]),
76 "fail client mistrust with client purpose");
78 ok(!verify("ee-cert", "sslserver", [qw(root+clientAuth)], [qw(ca-cert)]),
80 ok(!verify("ee-cert", "sslserver", [qw(sroot+clientAuth)], [qw(ca-cert)]),
81 "fail client trust with server purpose");
82 ok(!verify("ee-cert", "sslserver", [qw(croot+clientAuth)], [qw(ca-cert)]),
83 "fail client trust with client purpose");
85 ok(!verify("ee-cert", "sslserver", [qw(root-serverAuth)], [qw(ca-cert)]),
87 ok(!verify("ee-cert", "sslserver", [qw(sroot-serverAuth)], [qw(ca-cert)]),
88 "fail server mistrust with server purpose");
89 ok(!verify("ee-cert", "sslserver", [qw(croot-serverAuth)], [qw(ca-cert)]),
90 "fail server mistrust with client purpose");
92 ok(!verify("ee-cert", "sslserver", [qw(root-anyEKU)], [qw(ca-cert)]),
93 "fail wildcard mistrust");
94 ok(!verify("ee-cert", "sslserver", [qw(sroot-anyEKU)], [qw(ca-cert)]),
95 "fail wildcard mistrust with server purpose");
96 ok(!verify("ee-cert", "sslserver", [qw(croot-anyEKU)], [qw(ca-cert)]),
97 "fail wildcard mistrust with client purpose");
99 # Check that trusted-first is on by setting up paths to different roots
100 # depending on whether the intermediate is the trusted or untrusted one.
102 ok(verify("ee-cert", "sslserver", [qw(root-serverAuth root-cert2 ca-root2)],
104 "accept trusted-first path");
105 ok(verify("ee-cert", "sslserver", [qw(root-cert root2+serverAuth ca-root2)],
107 "accept trusted-first path with server trust");
108 ok(!verify("ee-cert", "sslserver", [qw(root-cert root2-serverAuth ca-root2)],
110 "fail trusted-first path with server mistrust");
111 ok(!verify("ee-cert", "sslserver", [qw(root-cert root2+clientAuth ca-root2)],
113 "fail trusted-first path with client trust");
116 ok(!verify("ee-cert", "sslserver", [qw(root-cert)], [qw(ca-nonca)]),
117 "fail non-CA untrusted intermediate");
118 ok(!verify("ee-cert", "sslserver", [qw(root-cert)], [qw(ca-nonbc)]),
119 "fail non-CA untrusted intermediate");
120 ok(!verify("ee-cert", "sslserver", [qw(root-cert ca-nonca)], []),
121 "fail non-CA trust-store intermediate");
122 ok(!verify("ee-cert", "sslserver", [qw(root-cert ca-nonbc)], []),
123 "fail non-CA trust-store intermediate");
124 ok(!verify("ee-cert", "sslserver", [qw(root-cert nca+serverAuth)], []),
125 "fail non-CA server trust intermediate");
126 ok(!verify("ee-cert", "sslserver", [qw(root-cert nca+anyEKU)], []),
127 "fail non-CA wildcard trust intermediate");
128 ok(!verify("ee-cert", "sslserver", [qw(root-cert)], [qw(ca-cert2)]),
129 "fail wrong intermediate CA key");
130 ok(!verify("ee-cert", "sslserver", [qw(root-cert)], [qw(ca-name2)]),
131 "fail wrong intermediate CA DN");
132 ok(!verify("ee-cert", "sslserver", [qw(root-cert)], [qw(ca-root2)]),
133 "fail wrong intermediate CA issuer");
134 ok(!verify("ee-cert", "sslserver", [], [qw(ca-cert)], "-partial_chain"),
135 "fail untrusted partial chain");
136 ok(verify("ee-cert", "sslserver", [qw(ca-cert)], [], "-partial_chain"),
137 "accept trusted partial chain");
138 ok(verify("ee-cert", "sslserver", [qw(sca-cert)], [], "-partial_chain"),
139 "accept partial chain with server purpose");
140 ok(!verify("ee-cert", "sslserver", [qw(cca-cert)], [], "-partial_chain"),
141 "fail partial chain with client purpose");
142 ok(verify("ee-cert", "sslserver", [qw(ca+serverAuth)], [], "-partial_chain"),
143 "accept server trust partial chain");
144 ok(verify("ee-cert", "sslserver", [qw(cca+serverAuth)], [], "-partial_chain"),
145 "accept server trust client purpose partial chain");
146 ok(verify("ee-cert", "sslserver", [qw(ca-clientAuth)], [], "-partial_chain"),
147 "accept client mistrust partial chain");
148 ok(verify("ee-cert", "sslserver", [qw(ca+anyEKU)], [], "-partial_chain"),
149 "accept wildcard trust partial chain");
150 ok(!verify("ee-cert", "sslserver", [], [qw(ca+serverAuth)], "-partial_chain"),
151 "fail untrusted partial issuer with ignored server trust");
152 ok(!verify("ee-cert", "sslserver", [qw(ca-serverAuth)], [], "-partial_chain"),
153 "fail server mistrust partial chain");
154 ok(!verify("ee-cert", "sslserver", [qw(ca+clientAuth)], [], "-partial_chain"),
155 "fail client trust partial chain");
156 ok(!verify("ee-cert", "sslserver", [qw(ca-anyEKU)], [], "-partial_chain"),
157 "fail wildcard mistrust partial chain");
159 # We now test auxiliary trust even for intermediate trusted certs without
160 # -partial_chain. Note that "-trusted_first" is now always on and cannot
162 ok(verify("ee-cert", "sslserver", [qw(root-cert ca+serverAuth)], [qw(ca-cert)]),
163 "accept server trust");
164 ok(verify("ee-cert", "sslserver", [qw(root-cert ca+anyEKU)], [qw(ca-cert)]),
165 "accept wildcard trust");
166 ok(verify("ee-cert", "sslserver", [qw(root-cert sca-cert)], [qw(ca-cert)]),
167 "accept server purpose");
168 ok(verify("ee-cert", "sslserver", [qw(root-cert sca+serverAuth)],
170 "accept server trust and purpose");
171 ok(verify("ee-cert", "sslserver", [qw(root-cert sca+anyEKU)], [qw(ca-cert)]),
172 "accept wildcard trust and server purpose");
173 ok(verify("ee-cert", "sslserver", [qw(root-cert sca-clientAuth)],
175 "accept client mistrust and server purpose");
176 ok(verify("ee-cert", "sslserver", [qw(root-cert cca+serverAuth)],
178 "accept server trust and client purpose");
179 ok(verify("ee-cert", "sslserver", [qw(root-cert cca+anyEKU)], [qw(ca-cert)]),
180 "accept wildcard trust and client purpose");
181 ok(!verify("ee-cert", "sslserver", [qw(root-cert cca-cert)], [qw(ca-cert)]),
182 "fail client purpose");
183 ok(!verify("ee-cert", "sslserver", [qw(root-cert ca-anyEKU)], [qw(ca-cert)]),
184 "fail wildcard mistrust");
185 ok(!verify("ee-cert", "sslserver", [qw(root-cert ca-serverAuth)],
187 "fail server mistrust");
188 ok(!verify("ee-cert", "sslserver", [qw(root-cert ca+clientAuth)],
190 "fail client trust");
191 ok(!verify("ee-cert", "sslserver", [qw(root-cert sca+clientAuth)],
193 "fail client trust and server purpose");
194 ok(!verify("ee-cert", "sslserver", [qw(root-cert cca+clientAuth)],
196 "fail client trust and client purpose");
197 ok(!verify("ee-cert", "sslserver", [qw(root-cert cca-serverAuth)],
199 "fail server mistrust and client purpose");
200 ok(!verify("ee-cert", "sslserver", [qw(root-cert cca-clientAuth)],
202 "fail client mistrust and client purpose");
203 ok(!verify("ee-cert", "sslserver", [qw(root-cert sca-serverAuth)],
205 "fail server mistrust and server purpose");
206 ok(!verify("ee-cert", "sslserver", [qw(root-cert sca-anyEKU)], [qw(ca-cert)]),
207 "fail wildcard mistrust and server purpose");
208 ok(!verify("ee-cert", "sslserver", [qw(root-cert cca-anyEKU)], [qw(ca-cert)]),
209 "fail wildcard mistrust and client purpose");
212 ok(verify("ee-client", "sslclient", [qw(root-cert)], [qw(ca-cert)]),
213 "accept client chain");
214 ok(!verify("ee-client", "sslserver", [qw(root-cert)], [qw(ca-cert)]),
215 "fail server leaf purpose");
216 ok(!verify("ee-cert", "sslclient", [qw(root-cert)], [qw(ca-cert)]),
217 "fail client leaf purpose");
218 ok(!verify("ee-cert2", "sslserver", [qw(root-cert)], [qw(ca-cert)]),
219 "fail wrong intermediate CA key");
220 ok(!verify("ee-name2", "sslserver", [qw(root-cert)], [qw(ca-cert)]),
221 "fail wrong intermediate CA DN");
222 ok(!verify("ee-expired", "sslserver", [qw(root-cert)], [qw(ca-cert)]),
223 "fail expired leaf");
224 ok(verify("ee-cert", "sslserver", [qw(ee-cert)], [], "-partial_chain"),
225 "accept last-resort direct leaf match");
226 ok(verify("ee-client", "sslclient", [qw(ee-client)], [], "-partial_chain"),
227 "accept last-resort direct leaf match");
228 ok(!verify("ee-cert", "sslserver", [qw(ee-client)], [], "-partial_chain"),
229 "fail last-resort direct leaf non-match");
230 ok(verify("ee-cert", "sslserver", [qw(ee+serverAuth)], [], "-partial_chain"),
231 "accept direct match with server trust");
232 ok(!verify("ee-cert", "sslserver", [qw(ee-serverAuth)], [], "-partial_chain"),
233 "fail direct match with server mistrust");
234 ok(verify("ee-client", "sslclient", [qw(ee+clientAuth)], [], "-partial_chain"),
235 "accept direct match with client trust");
236 ok(!verify("ee-client", "sslclient", [qw(ee-clientAuth)], [], "-partial_chain"),
237 "reject direct match with client mistrust");
240 ok(!verify("pc1-cert", "sslclient", [qw(root-cert)], [qw(ee-client ca-cert)]),
241 "fail to accept proxy cert without -allow_proxy_certs");
242 ok(verify("pc1-cert", "sslclient", [qw(root-cert)], [qw(ee-client ca-cert)],
243 "-allow_proxy_certs"),
244 "accept proxy cert 1");
245 ok(verify("pc2-cert", "sslclient", [qw(root-cert)],
246 [qw(pc1-cert ee-client ca-cert)], "-allow_proxy_certs"),
247 "accept proxy cert 2");
248 ok(!verify("bad-pc3-cert", "sslclient", [qw(root-cert)],
249 [qw(pc1-cert ee-client ca-cert)], "-allow_proxy_certs"),
250 "fail proxy cert with incorrect subject");
251 ok(!verify("bad-pc4-cert", "sslclient", [qw(root-cert)],
252 [qw(pc1-cert ee-client ca-cert)], "-allow_proxy_certs"),
253 "fail proxy cert with incorrect pathlen");
254 ok(verify("pc5-cert", "sslclient", [qw(root-cert)],
255 [qw(pc1-cert ee-client ca-cert)], "-allow_proxy_certs"),
256 "accept proxy cert missing proxy policy");
257 ok(!verify("pc6-cert", "sslclient", [qw(root-cert)],
258 [qw(pc1-cert ee-client ca-cert)], "-allow_proxy_certs"),
259 "failed proxy cert where last CN was added as a multivalue RDN component");
261 # Security level tests
262 ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"],
264 "accept RSA 2048 chain at auth level 2");
265 ok(!verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"],
267 "reject RSA 2048 root at auth level 3");
268 ok(verify("ee-cert", "sslserver", ["root-cert-768"], ["ca-cert-768i"],
270 "accept RSA 768 root at auth level 0");
271 ok(!verify("ee-cert", "sslserver", ["root-cert-768"], ["ca-cert-768i"]),
272 "reject RSA 768 root at auth level 1");
273 ok(verify("ee-cert-768i", "sslserver", ["root-cert"], ["ca-cert-768"],
275 "accept RSA 768 intermediate at auth level 0");
276 ok(!verify("ee-cert-768i", "sslserver", ["root-cert"], ["ca-cert-768"]),
277 "reject RSA 768 intermediate at auth level 1");
278 ok(verify("ee-cert-768", "sslserver", ["root-cert"], ["ca-cert"],
280 "accept RSA 768 leaf at auth level 0");
281 ok(!verify("ee-cert-768", "sslserver", ["root-cert"], ["ca-cert"]),
282 "reject RSA 768 leaf at auth level 1");
284 ok(verify("ee-cert", "sslserver", ["root-cert-md5"], ["ca-cert"],
286 "accept md5 self-signed TA at auth level 2");
287 ok(verify("ee-cert", "sslserver", ["ca-cert-md5-any"], [],
289 "accept md5 intermediate TA at auth level 2");
290 ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert-md5"],
292 "accept md5 intermediate at auth level 0");
293 ok(!verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert-md5"]),
294 "reject md5 intermediate at auth level 1");
295 ok(verify("ee-cert-md5", "sslserver", ["root-cert"], ["ca-cert"],
297 "accept md5 leaf at auth level 0");
298 ok(!verify("ee-cert-md5", "sslserver", ["root-cert"], ["ca-cert"]),
299 "reject md5 leaf at auth level 1");
301 # Depth tests, note the depth limit bounds the number of CA certificates
302 # between the trust-anchor and the leaf, so, for example, with a root->ca->leaf
303 # chain, depth = 1 is sufficient, but depth == 0 is not.
305 ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"],
306 "-verify_depth", "2"),
307 "accept chain with verify_depth 2");
308 ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"],
309 "-verify_depth", "1"),
310 "accept chain with verify_depth 1");
311 ok(!verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"],
312 "-verify_depth", "0"),
313 "accept chain with verify_depth 0");
314 ok(verify("ee-cert", "sslserver", ["ca-cert-md5-any"], [],
315 "-verify_depth", "0"),
316 "accept md5 intermediate TA with verify_depth 0");
318 # Name Constraints tests.
320 ok(verify("alt1-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ),
321 "Name Constraints everything permitted");
323 ok(verify("alt2-cert", "sslserver", ["root-cert"], ["ncca2-cert"], ),
324 "Name Constraints nothing excluded");
326 ok(verify("alt3-cert", "sslserver", ["root-cert"], ["ncca1-cert", "ncca3-cert"], ),
327 "Name Constraints nested test all permitted");
329 ok(!verify("badalt1-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ),
330 "Name Constraints hostname not permitted");
332 ok(!verify("badalt2-cert", "sslserver", ["root-cert"], ["ncca2-cert"], ),
333 "Name Constraints hostname excluded");
335 ok(!verify("badalt3-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ),
336 "Name Constraints email address not permitted");
338 ok(!verify("badalt4-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ),
339 "Name Constraints subject email address not permitted");
341 ok(!verify("badalt5-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ),
342 "Name Constraints IP address not permitted");
344 ok(!verify("badalt6-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ),
345 "Name Constraints CN hostname not permitted");
347 ok(!verify("badalt7-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ),
348 "Name Constraints CN BMPSTRING hostname not permitted");
350 ok(!verify("badalt8-cert", "sslserver", ["root-cert"],
351 ["ncca1-cert", "ncca3-cert"], ),
352 "Name constaints nested DNS name not permitted 1");
354 ok(!verify("badalt9-cert", "sslserver", ["root-cert"],
355 ["ncca1-cert", "ncca3-cert"], ),
356 "Name constaints nested DNS name not permitted 2");
358 ok(!verify("badalt10-cert", "sslserver", ["root-cert"],
359 ["ncca1-cert", "ncca3-cert"], ),
360 "Name constaints nested DNS name excluded");
362 ok(!verify("many-names1", "sslserver", ["many-constraints"],
363 ["many-constraints"], ),
364 "Too many names and constraints to check (1)");
365 ok(!verify("many-names2", "sslserver", ["many-constraints"],
366 ["many-constraints"], ),
367 "Too many names and constraints to check (2)");
368 ok(!verify("many-names3", "sslserver", ["many-constraints"],
369 ["many-constraints"], ),
370 "Too many names and constraints to check (3)");
372 ok(verify("some-names1", "sslserver", ["many-constraints"],
373 ["many-constraints"], ),
374 "Not too many names and constraints to check (1)");
375 ok(verify("some-names2", "sslserver", ["many-constraints"],
376 ["many-constraints"], ),
377 "Not too many names and constraints to check (2)");
378 ok(verify("some-names2", "sslserver", ["many-constraints"],
379 ["many-constraints"], ),
380 "Not too many names and constraints to check (3)");