xref: /openssl/test/recipes/25-test_eai_data.t (revision 7ed6de99) 
1#! /usr/bin/env perl
2# Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
3#
4# Licensed under the Apache License 2.0 (the "License").  You may not use
5# this file except in compliance with the License.  You can obtain a copy
6# in the file LICENSE in the source distribution or at
7# https://www.openssl.org/source/license.html
8
9
10use strict;
11use warnings;
12
13use File::Spec;
14use OpenSSL::Test::Utils;
15use OpenSSL::Test qw/:DEFAULT srctop_file with/;
16
17setup("test_eai_data");
18
19#./util/wrap.pl apps/openssl verify -nameopt utf8 -no_check_time -CAfile test/recipes/25-test_eai_data/ascii_chain.pem test/recipes/25-test_eai_data/ascii_leaf.pem
20#./util/wrap.pl apps/openssl verify -nameopt utf8 -no_check_time -CAfile test/recipes/25-test_eai_data/utf8_chain.pem test/recipes/25-test_eai_data/utf8_leaf.pem
21#./util/wrap.pl apps/openssl verify -nameopt utf8 -no_check_time -CAfile test/recipes/25-test_eai_data/utf8_chain.pem test/recipes/25-test_eai_data/ascii_leaf.pem
22#./util/wrap.pl apps/openssl verify -nameopt utf8 -no_check_time -CAfile test/recipes/25-test_eai_data/ascii_chain.pem test/recipes/25-test_eai_data/utf8_leaf.pem
23
24plan tests => 16;
25
26require_ok(srctop_file('test','recipes','tconversion.pl'));
27my $folder = "test/recipes/25-test_eai_data";
28
29my $ascii_pem = srctop_file($folder, "ascii_leaf.pem");
30my $utf8_pem  = srctop_file($folder, "utf8_leaf.pem");
31my $kdc_pem   = srctop_file($folder, "kdc-cert.pem");
32
33my $ascii_chain_pem = srctop_file($folder, "ascii_chain.pem");
34my $utf8_chain_pem  = srctop_file($folder, "utf8_chain.pem");
35my $kdc_chain_pem  = srctop_file($folder, "kdc-root-cert.pem");
36
37my $out;
38my $outcnt = 0;
39sub outname {
40    $outcnt++;
41    return "sanout-$outcnt.tmp";
42}
43
44$out = outname();
45ok(run(app(["openssl", "x509", "-ext", "subjectAltName", "-in", $ascii_pem, "-noout", "-out", $out])));
46is(cmp_text($out, srctop_file($folder, "san.ascii")), 0, 'Comparing othername for ASCII domain');
47
48$out = outname();
49ok(run(app(["openssl", "x509", "-ext", "subjectAltName", "-in", $utf8_pem, "-noout", "-out", $out])));
50is(cmp_text($out, srctop_file($folder, "san.utf8")), 0, 'Comparing othername for IDN domain');
51
52SKIP: {
53    skip "Unicode tests disabled on MingW", 2 if $^O =~ /^msys$/;
54
55    ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-verify_email", "学生\@elementary.school.example.com", "-CAfile", $ascii_chain_pem, $ascii_pem])));
56    ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-verify_email", "医生\@大学.example.com", "-CAfile", $utf8_chain_pem, $utf8_pem])));
57}
58
59ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $ascii_chain_pem, $ascii_pem])));
60ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $utf8_chain_pem, $utf8_pem])));
61ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $kdc_chain_pem, $kdc_pem])));
62
63ok(!run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $ascii_chain_pem, $utf8_pem])));
64ok(!run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $utf8_chain_pem,  $ascii_pem])));
65
66# Check an otherName does not get misparsed as an DNS name, (should trigger ASAN errors if violated).
67ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-verify_hostname", 'mx1.example.com', "-CAfile", $kdc_chain_pem,  $kdc_pem])));
68# Check an otherName does not get misparsed as an email address, (should trigger ASAN errors if violated).
69ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-verify_email", 'joe@example.com', "-CAfile", $kdc_chain_pem,  $kdc_pem])));
70# We expect SmtpUTF8Mailbox to be a UTF8 String, not an IA5String.
71ok(!run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-verify_email", 'moe@example.com', "-CAfile", $kdc_chain_pem,  $kdc_pem])));
72
73#Check that we get the expected failure return code
74with({ exit_checker => sub { return shift == 2; } },
75     sub {
76        ok(run(app(["openssl", "verify", "-CAfile",
77                    srctop_file("test", "certs", "bad-othername-namec.pem"),
78                    "-partial_chain", "-no_check_time", "-verify_email",
79                    'foo@example.com',
80                    srctop_file("test", "certs", "bad-othername-namec.pem")])));
81     });
82
83