search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Try to handle "function declaration isn't a prototype" warnings.
[gnutls.git] / tests / hostname-check / hostname-check.c
blobfca71b1e95c16ee1ee1ceec3f0528fac239d1002
1 /*
2 * Copyright (C) 2007 Free Software Foundation
3 *
4 * Author: Simon Josefsson
5 *
6 * This file is part of GNUTLS.
7 *
8 * GNUTLS is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * GNUTLS is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with GNUTLS; if not, write to the Free Software Foundation,
20 * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
21 */
22
23 #if HAVE_CONFIG_H
24 # include <config.h>
25 #endif
26
27 #include <string.h>
28 #include <gnutls/gnutls.h>
29 #include <gnutls/x509.h>
30
31 #include "utils.h"
32
33 /* Certificate with no SAN nor CN. */
34 char pem1[] =
35 "X.509 Certificate Information:\n"
36 " Version: 3\n"
37 " Serial Number (hex): 00\n"
38 " Issuer: O=GnuTLS hostname check test CA\n"
39 " Validity:\n"
40 " Not Before: Fri Feb 16 12:59:09 UTC 2007\n"
41 " Not After: Fri Mar 30 12:59:13 UTC 2007\n"
42 " Subject: O=GnuTLS hostname check test CA\n"
43 " Subject Public Key Algorithm: RSA\n"
44 " Modulus (bits 1024):\n"
45 " be:ec:98:7a:1d:6f:7e:6b:25:9e:e8:20:78:42:a0:64\n"
46 " 05:66:43:99:6d:49:d5:18:ec:7d:b9:58:64:b2:80:a3\n"
47 " 14:61:9d:0a:4f:be:2f:f0:2e:fc:d2:ab:5c:36:df:53\n"
48 " ec:43:c7:fc:de:91:bc:1e:01:a6:b7:6c:b2:07:10:2e\n"
49 " cb:61:47:75:ca:03:ce:23:6e:38:f1:34:27:1a:1a:cd\n"
50 " f7:96:f3:b3:f0:0d:67:7f:ca:77:84:3f:9c:29:f4:62\n"
51 " 91:f6:12:5b:62:5a:cc:ba:ed:08:2e:32:44:26:ac:fd\n"
52 " 23:ce:53:1b:bb:f2:87:fe:dc:78:93:7c:59:bf:a1:75\n"
53 " Exponent:\n"
54 " 01:00:01\n"
55 " Extensions:\n"
56 " Basic Constraints (critical):\n"
57 " Certificate Authority (CA): TRUE\n"
58 " Subject Key Identifier (not critical):\n"
59 " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
60 " Signature Algorithm: RSA-SHA\n"
61 " Signature:\n"
62 " 7b:e8:11:6c:15:3f:f9:01:a0:f1:28:0c:62:50:58:f8\n"
63 " 92:44:fb:bf:ab:20:8a:3b:81:ca:e5:68:60:71:df:2b\n"
64 " e8:50:58:82:32:ef:fb:6e:4a:72:2c:c9:37:4f:88:1d\n"
65 " d7:1b:68:5b:db:83:1b:1a:f3:b4:8e:e0:88:03:e2:43\n"
66 " 91:be:d8:b1:ca:f2:62:ec:a1:fd:1a:c8:41:8c:fe:53\n"
67 " 1b:be:03:c9:a1:3d:f4:ae:57:fc:44:a6:34:bb:2c:2e\n"
68 " a7:56:14:1f:89:e9:3a:ec:1f:a3:da:d7:a1:94:3b:72\n"
69 " 1d:12:71:b9:65:a1:85:a2:4c:3a:d1:2c:e9:e9:ea:1c\n"
70 "Other Information:\n"
71 " MD5 fingerprint:\n"
72 " fd845ded8c28ba5e78d6c1844ceafd24\n"
73 " SHA-1 fingerprint:\n"
74 " 0bae431dda3cae76012b82276e4cd92ad7961798\n"
75 " Public Key Id:\n"
76 " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
77 "\n"
78 "-----BEGIN CERTIFICATE-----\n"
79 "MIIB8TCCAVygAwIBAgIBADALBgkqhkiG9w0BAQUwKDEmMCQGA1UEChMdR251VExT\n"
80 "IGhvc3RuYW1lIGNoZWNrIHRlc3QgQ0EwHhcNMDcwMjE2MTI1OTA5WhcNMDcwMzMw\n"
81 "MTI1OTEzWjAoMSYwJAYDVQQKEx1HbnVUTFMgaG9zdG5hbWUgY2hlY2sgdGVzdCBD\n"
82 "QTCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGAvuyYeh1vfmslnuggeEKgZAVmQ5lt\n"
83 "SdUY7H25WGSygKMUYZ0KT74v8C780qtcNt9T7EPH/N6RvB4BprdssgcQLsthR3XK\n"
84 "A84jbjjxNCcaGs33lvOz8A1nf8p3hD+cKfRikfYSW2JazLrtCC4yRCas/SPOUxu7\n"
85 "8of+3HiTfFm/oXUCAwEAAaMyMDAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU\n"
86 "6Twc+62SbuYGpFYsouHAUyfI8pUwCwYJKoZIhvcNAQEFA4GBAHvoEWwVP/kBoPEo\n"
87 "DGJQWPiSRPu/qyCKO4HK5Whgcd8r6FBYgjLv+25KcizJN0+IHdcbaFvbgxsa87SO\n"
88 "4IgD4kORvtixyvJi7KH9GshBjP5TG74DyaE99K5X/ESmNLssLqdWFB+J6TrsH6Pa\n"
89 "16GUO3IdEnG5ZaGFokw60Szp6eoc\n"
90 "-----END CERTIFICATE-----\n";
91
92 /* Certificate with CN but no SAN. */
93 char pem2[] =
94 "X.509 Certificate Information:\n"
95 " Version: 3\n"
96 " Serial Number (hex): 00\n"
97 " Issuer: CN=www.example.org\n"
98 " Validity:\n"
99 " Not Before: Fri Feb 16 13:30:30 UTC 2007\n"
100 " Not After: Fri Mar 30 13:30:32 UTC 2007\n"
101 " Subject: CN=www.example.org\n"
102 " Subject Public Key Algorithm: RSA\n"
103 " Modulus (bits 1024):\n"
104 " be:ec:98:7a:1d:6f:7e:6b:25:9e:e8:20:78:42:a0:64\n"
105 " 05:66:43:99:6d:49:d5:18:ec:7d:b9:58:64:b2:80:a3\n"
106 " 14:61:9d:0a:4f:be:2f:f0:2e:fc:d2:ab:5c:36:df:53\n"
107 " ec:43:c7:fc:de:91:bc:1e:01:a6:b7:6c:b2:07:10:2e\n"
108 " cb:61:47:75:ca:03:ce:23:6e:38:f1:34:27:1a:1a:cd\n"
109 " f7:96:f3:b3:f0:0d:67:7f:ca:77:84:3f:9c:29:f4:62\n"
110 " 91:f6:12:5b:62:5a:cc:ba:ed:08:2e:32:44:26:ac:fd\n"
111 " 23:ce:53:1b:bb:f2:87:fe:dc:78:93:7c:59:bf:a1:75\n"
112 " Exponent:\n"
113 " 01:00:01\n"
114 " Extensions:\n"
115 " Basic Constraints (critical):\n"
116 " Certificate Authority (CA): TRUE\n"
117 " Subject Key Identifier (not critical):\n"
118 " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
119 " Signature Algorithm: RSA-SHA\n"
120 " Signature:\n"
121 " b0:4e:ac:fb:89:12:36:27:f3:72:b8:1a:57:dc:bf:f3\n"
122 " a9:27:de:15:75:94:4f:65:cc:3a:59:12:4b:91:0e:28\n"
123 " b9:8d:d3:6e:ac:5d:a8:3e:b9:35:81:0c:8f:c7:95:72\n"
124 " d9:51:61:06:00:c6:aa:68:54:c8:52:3f:b6:1f:21:92\n"
125 " c8:fd:15:50:15:ac:d4:18:29:a1:ff:c9:25:5a:ce:5e\n"
126 " 11:7f:82:b2:94:8c:44:3c:3f:de:d7:3b:ff:1c:da:9c\n"
127 " 81:fa:63:e1:a7:67:ee:aa:fa:d0:c9:2f:66:1b:5e:af\n"
128 " 46:8c:f9:53:55:e7:80:7e:74:95:98:d4:2d:5f:94:ab\n"
129 "Other Information:\n"
130 " MD5 fingerprint:\n"
131 " 30cda7de4f0360892547974f45111ac1\n"
132 " SHA-1 fingerprint:\n"
133 " 39e3f8fec6a8d842390b6536998a957c1a6b7322\n"
134 " Public Key Id:\n"
135 " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
136 "\n"
137 "-----BEGIN CERTIFICATE-----\n"
138 "MIIB1TCCAUCgAwIBAgIBADALBgkqhkiG9w0BAQUwGjEYMBYGA1UEAxMPd3d3LmV4\n"
139 "YW1wbGUub3JnMB4XDTA3MDIxNjEzMzAzMFoXDTA3MDMzMDEzMzAzMlowGjEYMBYG\n"
140 "A1UEAxMPd3d3LmV4YW1wbGUub3JnMIGcMAsGCSqGSIb3DQEBAQOBjAAwgYgCgYC+\n"
141 "7Jh6HW9+ayWe6CB4QqBkBWZDmW1J1RjsfblYZLKAoxRhnQpPvi/wLvzSq1w231Ps\n"
142 "Q8f83pG8HgGmt2yyBxAuy2FHdcoDziNuOPE0JxoazfeW87PwDWd/yneEP5wp9GKR\n"
143 "9hJbYlrMuu0ILjJEJqz9I85TG7vyh/7ceJN8Wb+hdQIDAQABozIwMDAPBgNVHRMB\n"
144 "Af8EBTADAQH/MB0GA1UdDgQWBBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG\n"
145 "9w0BAQUDgYEAsE6s+4kSNifzcrgaV9y/86kn3hV1lE9lzDpZEkuRDii5jdNurF2o\n"
146 "Prk1gQyPx5Vy2VFhBgDGqmhUyFI/th8hksj9FVAVrNQYKaH/ySVazl4Rf4KylIxE\n"
147 "PD/e1zv/HNqcgfpj4adn7qr60MkvZhter0aM+VNV54B+dJWY1C1flKs=\n"
148 "-----END CERTIFICATE-----\n";
149
150 /* Certificate with SAN but no CN. */
151 char pem3[] =
152 "X.509 Certificate Information:"
153 " Version: 3\n"
154 " Serial Number (hex): 00\n"
155 " Issuer: O=GnuTLS hostname check test CA\n"
156 " Validity:\n"
157 " Not Before: Fri Feb 16 13:36:27 UTC 2007\n"
158 " Not After: Fri Mar 30 13:36:29 UTC 2007\n"
159 " Subject: O=GnuTLS hostname check test CA\n"
160 " Subject Public Key Algorithm: RSA\n"
161 " Modulus (bits 1024):\n"
162 " be:ec:98:7a:1d:6f:7e:6b:25:9e:e8:20:78:42:a0:64\n"
163 " 05:66:43:99:6d:49:d5:18:ec:7d:b9:58:64:b2:80:a3\n"
164 " 14:61:9d:0a:4f:be:2f:f0:2e:fc:d2:ab:5c:36:df:53\n"
165 " ec:43:c7:fc:de:91:bc:1e:01:a6:b7:6c:b2:07:10:2e\n"
166 " cb:61:47:75:ca:03:ce:23:6e:38:f1:34:27:1a:1a:cd\n"
167 " f7:96:f3:b3:f0:0d:67:7f:ca:77:84:3f:9c:29:f4:62\n"
168 " 91:f6:12:5b:62:5a:cc:ba:ed:08:2e:32:44:26:ac:fd\n"
169 " 23:ce:53:1b:bb:f2:87:fe:dc:78:93:7c:59:bf:a1:75\n"
170 " Exponent:\n"
171 " 01:00:01\n"
172 " Extensions:\n"
173 " Basic Constraints (critical):\n"
174 " Certificate Authority (CA): TRUE\n"
175 " Subject Alternative Name (not critical):\n"
176 " DNSname: www.example.org\n"
177 " Key Purpose (not critical):\n"
178 " TLS WWW Server.\n"
179 " Subject Key Identifier (not critical):\n"
180 " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
181 " Signature Algorithm: RSA-SHA\n"
182 " Signature:\n"
183 " a1:30:bc:01:b3:0f:98:7f:8e:76:7d:23:87:34:15:7f\n"
184 " a6:ae:a1:fb:87:75:e3:e8:1a:e5:5e:03:5d:bf:44:75\n"
185 " 46:4f:d2:a1:28:50:84:49:6d:3b:e0:bc:4e:de:79:85\n"
186 " fa:e1:07:b7:6e:0c:14:04:4a:82:b9:f3:22:6a:bc:99\n"
187 " 14:20:3b:49:1f:e4:97:d9:ea:eb:73:9a:83:a6:cc:b8\n"
188 " 55:fb:52:8e:5f:86:7c:9d:fa:af:03:76:ae:97:e0:64\n"
189 " 50:59:73:22:99:55:cf:da:59:31:0a:e8:6d:a0:53:bc\n"
190 " 39:63:2e:ac:92:4a:e9:8b:1e:d0:03:df:33:bb:4e:88\n"
191 "Other Information:\n"
192 " MD5 fingerprint:\n"
193 " df3f57d00c8149bd826b177d6ea4f369\n"
194 " SHA-1 fingerprint:\n"
195 " e95e56e2acac305f72ea6f698c11624663a595bd\n"
196 " Public Key Id:\n"
197 " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
198 "\n"
199 "-----BEGIN CERTIFICATE-----\n"
200 "MIICIjCCAY2gAwIBAgIBADALBgkqhkiG9w0BAQUwKDEmMCQGA1UEChMdR251VExT\n"
201 "IGhvc3RuYW1lIGNoZWNrIHRlc3QgQ0EwHhcNMDcwMjE2MTMzNjI3WhcNMDcwMzMw\n"
202 "MTMzNjI5WjAoMSYwJAYDVQQKEx1HbnVUTFMgaG9zdG5hbWUgY2hlY2sgdGVzdCBD\n"
203 "QTCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGAvuyYeh1vfmslnuggeEKgZAVmQ5lt\n"
204 "SdUY7H25WGSygKMUYZ0KT74v8C780qtcNt9T7EPH/N6RvB4BprdssgcQLsthR3XK\n"
205 "A84jbjjxNCcaGs33lvOz8A1nf8p3hD+cKfRikfYSW2JazLrtCC4yRCas/SPOUxu7\n"
206 "8of+3HiTfFm/oXUCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAaBgNVHREEEzAR\n"
207 "gg93d3cuZXhhbXBsZS5vcmcwEwYDVR0lBAwwCgYIKwYBBQUHAwEwHQYDVR0OBBYE\n"
208 "FOk8HPutkm7mBqRWLKLhwFMnyPKVMAsGCSqGSIb3DQEBBQOBgQChMLwBsw+Yf452\n"
209 "fSOHNBV/pq6h+4d14+ga5V4DXb9EdUZP0qEoUIRJbTvgvE7eeYX64Qe3bgwUBEqC\n"
210 "ufMiaryZFCA7SR/kl9nq63Oag6bMuFX7Uo5fhnyd+q8Ddq6X4GRQWXMimVXP2lkx\n"
211 "CuhtoFO8OWMurJJK6Yse0APfM7tOiA==\n"
212 "-----END CERTIFICATE-----\n";
213
214 /* Certificate with wildcard SAN but no CN. */
215 char pem4[] =
216 "X.509 Certificate Information:\n"
217 " Version: 3\n"
218 " Serial Number (hex): 00\n"
219 " Issuer:\n"
220 " Validity:\n"
221 " Not Before: Fri Feb 16 13:40:10 UTC 2007\n"
222 " Not After: Fri Mar 30 13:40:12 UTC 2007\n"
223 " Subject:\n"
224 " Subject Public Key Algorithm: RSA\n"
225 " Modulus (bits 1024):\n"
226 " be:ec:98:7a:1d:6f:7e:6b:25:9e:e8:20:78:42:a0:64\n"
227 " 05:66:43:99:6d:49:d5:18:ec:7d:b9:58:64:b2:80:a3\n"
228 " 14:61:9d:0a:4f:be:2f:f0:2e:fc:d2:ab:5c:36:df:53\n"
229 " ec:43:c7:fc:de:91:bc:1e:01:a6:b7:6c:b2:07:10:2e\n"
230 " cb:61:47:75:ca:03:ce:23:6e:38:f1:34:27:1a:1a:cd\n"
231 " f7:96:f3:b3:f0:0d:67:7f:ca:77:84:3f:9c:29:f4:62\n"
232 " 91:f6:12:5b:62:5a:cc:ba:ed:08:2e:32:44:26:ac:fd\n"
233 " 23:ce:53:1b:bb:f2:87:fe:dc:78:93:7c:59:bf:a1:75\n"
234 " Exponent:\n"
235 " 01:00:01\n"
236 " Extensions:\n"
237 " Basic Constraints (critical):\n"
238 " Certificate Authority (CA): TRUE\n"
239 " Subject Alternative Name (not critical):\n"
240 " DNSname: *.example.org\n"
241 " Key Purpose (not critical):\n"
242 " TLS WWW Server.\n"
243 " Subject Key Identifier (not critical):\n"
244 " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
245 " Signature Algorithm: RSA-SHA\n"
246 " Signature:\n"
247 " b1:62:e5:e3:0b:a5:99:58:b0:1c:5c:f5:d1:3f:7c:bb\n"
248 " 67:e1:43:c5:d7:a2:5c:db:f2:5a:f3:03:fc:76:e4:4d\n"
249 " c1:a0:89:36:24:82:a4:a1:ad:f5:83:e3:96:75:f4:c4\n"
250 " f3:eb:ff:3a:9b:da:d2:2c:58:d4:10:37:50:33:d1:39\n"
251 " 53:71:9e:48:2d:b2:5b:27:ce:1e:d9:d5:36:59:ac:17\n"
252 " 3a:83:cc:59:6b:8f:6a:24:b8:9f:f0:e6:14:03:23:5a\n"
253 " 87:e7:33:10:32:11:58:a2:bb:f1:e5:5a:88:87:bb:80\n"
254 " 1b:b6:bb:12:18:cb:15:d5:3a:fc:99:e4:42:5a:ba:45\n"
255 "Other Information:\n"
256 " MD5 fingerprint:\n"
257 " a411da7b0fa064d214116d5f94e06c24\n"
258 " SHA-1 fingerprint:\n"
259 " 3596e796c73ed096d762ab3d440a9ab55a386b3b\n"
260 " Public Key Id:\n"
261 " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
262 "\n"
263 "-----BEGIN CERTIFICATE-----\n"
264 "MIIB0DCCATugAwIBAgIBADALBgkqhkiG9w0BAQUwADAeFw0wNzAyMTYxMzQwMTBa\n"
265 "Fw0wNzAzMzAxMzQwMTJaMAAwgZwwCwYJKoZIhvcNAQEBA4GMADCBiAKBgL7smHod\n"
266 "b35rJZ7oIHhCoGQFZkOZbUnVGOx9uVhksoCjFGGdCk++L/Au/NKrXDbfU+xDx/ze\n"
267 "kbweAaa3bLIHEC7LYUd1ygPOI2448TQnGhrN95bzs/ANZ3/Kd4Q/nCn0YpH2Elti\n"
268 "Wsy67QguMkQmrP0jzlMbu/KH/tx4k3xZv6F1AgMBAAGjYTBfMA8GA1UdEwEB/wQF\n"
269 "MAMBAf8wGAYDVR0RBBEwD4INKi5leGFtcGxlLm9yZzATBgNVHSUEDDAKBggrBgEF\n"
270 "BQcDATAdBgNVHQ4EFgQU6Twc+62SbuYGpFYsouHAUyfI8pUwCwYJKoZIhvcNAQEF\n"
271 "A4GBALFi5eMLpZlYsBxc9dE/fLtn4UPF16Jc2/Ja8wP8duRNwaCJNiSCpKGt9YPj\n"
272 "lnX0xPPr/zqb2tIsWNQQN1Az0TlTcZ5ILbJbJ84e2dU2WawXOoPMWWuPaiS4n/Dm\n"
273 "FAMjWofnMxAyEViiu/HlWoiHu4AbtrsSGMsV1Tr8meRCWrpF\n"
274 "-----END CERTIFICATE-----\n";
275
276 /* Certificate with ipaddress CN but no SAN. */
277 char pem5[] =
278 "X.509 Certificate Information:"
279 " Version: 3\n"
280 " Serial Number (hex): 00\n"
281 " Issuer: CN=www.example.org\n"
282 " Validity:\n"
283 " Not Before: Fri Feb 16 13:44:29 UTC 2007\n"
284 " Not After: Fri Mar 30 13:44:30 UTC 2007\n"
285 " Subject: CN=www.example.org\n"
286 " Subject Public Key Algorithm: RSA\n"
287 " Modulus (bits 1024):\n"
288 " be:ec:98:7a:1d:6f:7e:6b:25:9e:e8:20:78:42:a0:64\n"
289 " 05:66:43:99:6d:49:d5:18:ec:7d:b9:58:64:b2:80:a3\n"
290 " 14:61:9d:0a:4f:be:2f:f0:2e:fc:d2:ab:5c:36:df:53\n"
291 " ec:43:c7:fc:de:91:bc:1e:01:a6:b7:6c:b2:07:10:2e\n"
292 " cb:61:47:75:ca:03:ce:23:6e:38:f1:34:27:1a:1a:cd\n"
293 " f7:96:f3:b3:f0:0d:67:7f:ca:77:84:3f:9c:29:f4:62\n"
294 " 91:f6:12:5b:62:5a:cc:ba:ed:08:2e:32:44:26:ac:fd\n"
295 " 23:ce:53:1b:bb:f2:87:fe:dc:78:93:7c:59:bf:a1:75\n"
296 " Exponent:\n"
297 " 01:00:01\n"
298 " Extensions:\n"
299 " Basic Constraints (critical):\n"
300 " Certificate Authority (CA): TRUE\n"
301 " Subject Alternative Name (not critical):\n"
302 " IPAddress: 1.2.3.4\n"
303 " Key Purpose (not critical):\n"
304 " TLS WWW Server.\n"
305 " Subject Key Identifier (not critical):\n"
306 " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
307 " Signature Algorithm: RSA-SHA\n"
308 " Signature:\n"
309 " 66:b1:32:9f:6e:06:d7:da:28:bf:3a:d7:56:d5:b6:fe\n"
310 " 78:40:f0:48:92:3a:19:8a:1c:37:ad:59:6f:bc:af:f2\n"
311 " f0:89:81:33:33:01:a8:e4:1a:c1:31:a7:3c:6d:4a:9f\n"
312 " a5:86:6d:22:6e:5b:8b:69:65:83:28:b5:b8:68:72:c5\n"
313 " 2b:af:99:89:dd:48:ad:fc:f6:90:55:c3:a5:41:f3:d7\n"
314 " bc:a2:57:56:25:f1:d1:12:fb:08:70:58:d5:45:57:86\n"
315 " 1b:aa:f2:d4:63:62:c6:fd:b3:04:64:60:9c:77:c3:4b\n"
316 " d1:e4:c7:77:00:17:79:d2:2b:1f:14:ad:e9:34:c8:da\n"
317 "Other Information:\n"
318 " MD5 fingerprint:\n"
319 " cdffe1ac9bf42a4f04a15298f9d18bf6\n"
320 " SHA-1 fingerprint:\n"
321 " 4fa47b29e928499142c88c598ea175b9453957f7\n"
322 " Public Key Id:\n"
323 " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
324 "\n"
325 "-----BEGIN CERTIFICATE-----\n"
326 "MIIB/jCCAWmgAwIBAgIBADALBgkqhkiG9w0BAQUwGjEYMBYGA1UEAxMPd3d3LmV4\n"
327 "YW1wbGUub3JnMB4XDTA3MDIxNjEzNDQyOVoXDTA3MDMzMDEzNDQzMFowGjEYMBYG\n"
328 "A1UEAxMPd3d3LmV4YW1wbGUub3JnMIGcMAsGCSqGSIb3DQEBAQOBjAAwgYgCgYC+\n"
329 "7Jh6HW9+ayWe6CB4QqBkBWZDmW1J1RjsfblYZLKAoxRhnQpPvi/wLvzSq1w231Ps\n"
330 "Q8f83pG8HgGmt2yyBxAuy2FHdcoDziNuOPE0JxoazfeW87PwDWd/yneEP5wp9GKR\n"
331 "9hJbYlrMuu0ILjJEJqz9I85TG7vyh/7ceJN8Wb+hdQIDAQABo1swWTAPBgNVHRMB\n"
332 "Af8EBTADAQH/MBIGA1UdEQQLMAmHBzEuMi4zLjQwEwYDVR0lBAwwCgYIKwYBBQUH\n"
333 "AwEwHQYDVR0OBBYEFOk8HPutkm7mBqRWLKLhwFMnyPKVMAsGCSqGSIb3DQEBBQOB\n"
334 "gQBmsTKfbgbX2ii/OtdW1bb+eEDwSJI6GYocN61Zb7yv8vCJgTMzAajkGsExpzxt\n"
335 "Sp+lhm0ibluLaWWDKLW4aHLFK6+Zid1Irfz2kFXDpUHz17yiV1Yl8dES+whwWNVF\n"
336 "V4YbqvLUY2LG/bMEZGCcd8NL0eTHdwAXedIrHxSt6TTI2g==\n"
337 "-----END CERTIFICATE-----\n";
338
339 void
340 doit (void)
341 {
342 gnutls_x509_crt_t cert;
343 gnutls_datum_t data;
344 int ret;
345
346 ret = gnutls_global_init ();
347 if (ret < 0)
348 fail ("gnutls_global_init: %d\n", ret);
349
350 ret = gnutls_x509_crt_init (&cert);
351 if (ret < 0)
352 fail ("gnutls_x509_crt_init: %d\n", ret);
353
354 success ("Testing pem1...\n");
355 data.data = pem1;
356 data.size = strlen (pem1);
357
358 ret = gnutls_x509_crt_import (cert, &data, GNUTLS_X509_FMT_PEM);
359 if (ret < 0)
360 fail ("gnutls_x509_crt_import: %d\n", ret);
361
362 ret = gnutls_x509_crt_check_hostname (cert, "foo");
363 if (ret)
364 fail ("Hostname incorrectly matches (%d)\n", ret);
365 else
366 success ("Hostname correctly does not match (%d)\n", ret);
367
368 success ("Testing pem2...\n");
369 data.data = pem2;
370 data.size = strlen (pem2);
371
372 ret = gnutls_x509_crt_import (cert, &data, GNUTLS_X509_FMT_PEM);
373 if (ret < 0)
374 fail ("gnutls_x509_crt_import: %d\n", ret);
375
376 ret = gnutls_x509_crt_check_hostname (cert, "foo");
377 if (ret)
378 fail ("Hostname incorrectly matches (%d)\n", ret);
379 else
380 success ("Hostname correctly does not match (%d)\n", ret);
381
382 ret = gnutls_x509_crt_check_hostname (cert, "www.example.org");
383 if (ret)
384 success ("Hostname correctly matches (%d)\n", ret);
385 else
386 fail ("Hostname incorrectly does not match (%d)\n", ret);
387
388 ret = gnutls_x509_crt_check_hostname (cert, "*.example.org");
389 if (ret)
390 fail ("Hostname incorrectly matches (%d)\n", ret);
391 else
392 success ("Hostname correctly does not match (%d)\n", ret);
393
394 success ("Testing pem3...\n");
395 data.data = pem3;
396 data.size = strlen (pem3);
397
398 ret = gnutls_x509_crt_import (cert, &data, GNUTLS_X509_FMT_PEM);
399 if (ret < 0)
400 fail ("gnutls_x509_crt_import: %d\n", ret);
401
402 ret = gnutls_x509_crt_check_hostname (cert, "foo");
403 if (ret)
404 fail ("Hostname incorrectly matches (%d)\n", ret);
405 else
406 success ("Hostname correctly does not match (%d)\n", ret);
407
408 ret = gnutls_x509_crt_check_hostname (cert, "www.example.org");
409 if (ret)
410 success ("Hostname correctly matches (%d)\n", ret);
411 else
412 fail ("Hostname incorrectly does not match (%d)\n", ret);
413
414 ret = gnutls_x509_crt_check_hostname (cert, "*.example.org");
415 if (ret)
416 fail ("Hostname incorrectly matches (%d)\n", ret);
417 else
418 success ("Hostname correctly does not match (%d)\n", ret);
419
420 success ("Testing pem4...\n");
421 data.data = pem4;
422 data.size = strlen (pem4);
423
424 ret = gnutls_x509_crt_import (cert, &data, GNUTLS_X509_FMT_PEM);
425 if (ret < 0)
426 fail ("gnutls_x509_crt_import: %d\n", ret);
427
428 ret = gnutls_x509_crt_check_hostname (cert, "foo");
429 if (ret)
430 fail ("Hostname incorrectly matches (%d)\n", ret);
431 else
432 success ("Hostname correctly does not match (%d)\n", ret);
433
434 ret = gnutls_x509_crt_check_hostname (cert, "www.example.org");
435 if (ret)
436 success ("Hostname correctly matches (%d)\n", ret);
437 else
438 fail ("Hostname incorrectly does not match (%d)\n", ret);
439
440 ret = gnutls_x509_crt_check_hostname (cert, "foo.example.org");
441 if (ret)
442 success ("Hostname correctly matches (%d)\n", ret);
443 else
444 fail ("Hostname incorrectly does not match (%d)\n", ret);
445
446 ret = gnutls_x509_crt_check_hostname (cert, "foo.example.com");
447 if (ret)
448 fail ("Hostname incorrectly matches (%d)\n", ret);
449 else
450 success ("Hostname correctly does not match (%d)\n", ret);
451
452 success ("Testing pem5...\n");
453 data.data = pem5;
454 data.size = strlen (pem5);
455
456 ret = gnutls_x509_crt_import (cert, &data, GNUTLS_X509_FMT_PEM);
457 if (ret < 0)
458 fail ("gnutls_x509_crt_import: %d\n", ret);
459
460 ret = gnutls_x509_crt_check_hostname (cert, "foo");
461 if (ret)
462 fail ("Hostname incorrectly matches (%d)\n", ret);
463 else
464 success ("Hostname correctly does not match (%d)\n", ret);
465
466 ret = gnutls_x509_crt_check_hostname (cert, "1.2.3.4");
467 if (ret)
468 success ("Hostname correctly matches (%d)\n", ret);
469 else
470 fail ("Hostname incorrectly does not match (%d)\n", ret);
471
472 ret = gnutls_x509_crt_check_hostname (cert, "www.example.org");
473 if (ret)
474 fail ("Hostname incorrectly matches (%d)\n", ret);
475 else
476 success ("Hostname correctly does not match (%d)\n", ret);
477
478 gnutls_x509_crt_deinit (cert);
479
480 gnutls_global_deinit ();
481 }
Implementation of the SSL/TLS protocol