tcl_tests: ca.try: Ignore openssl crl exit status for 'corrupted CRL' test

[openssl-gost/engine.git] / tcl_tests / ca.try

diff --git a/tcl_tests/ca.try b/tcl_tests/ca.try
index 6d76283a22888c99198f78bdecd55f2d7c20e246..7da25de2eae2691dcc10e72f944d38a65301d4d2 100644 (file)
--- a/tcl_tests/ca.try
+++ b/tcl_tests/ca.try
@@ -11,14 +11,22 @@ if {[info exists env(ALG_LIST)]} {
 } else {
        switch -exact [engine_name] {
                "ccore" {set alg_pair_list {gost2001:A {gost2001:B} gost2012_256:A {gost2012_256:C} gost2012_512:B {gost2012_256:B gost2012_512:A}}}
-               "open" {set alg_pair_list {gost2001:A {gost2001:B} gost2012_256:A {gost2012_256:C} gost2012_512:B {gost2012_256:B gost2012_512:A}}}
+               "open" {
+                       set alg_pair_list {
+                               gost2001:A {gost2001:B}
+                               gost2012_256:A {gost2012_256:B gost2012_512:B}
+                               gost2012_256:TCA {gost2012_256:A gost2012_512:A}
+                               gost2012_512:A {gost2012_256:A gost2012_256:TCA gost2012_512:A gost2012_512:C}
+                               gost2012_512:C {gost2012_256:B gost2012_256:TCB gost2012_512:B gost2012_512:C}
+                       }
+               }
        }
 }
 
 foreach {ca_alg alg_list} $alg_pair_list {
        set ca_alg_fn [string map {":" "_"} $ca_alg]
 
-test "Creating CA" { 
+test "Creating CA ($ca_alg)" {
        makeCA ${testname}CA-$ca_alg_fn $ca_alg
 } 0 1
 
@@ -29,7 +37,7 @@ foreach alg $alg_list {
        set userdir U_ca_${alg_fn}_for_${ca_alg_fn}
 
 #Depends on previous
-test "Creating user request" {
+test "Creating user request ($alg)" {
        makeUser $userdir $alg
 } 0 1
 
@@ -53,9 +61,9 @@ test -skip {![file exists $userdir/broken.pem]} "Registering broken request at c
 test  "Revoking certificate" {
        set revoking_cert $::test::ca/newcerts/[string trim [getFile $::test::ca/serial.old]].pem
        append serial_list [regsub "serial=" [openssl "x509 -in $revoking_cert -noout -serial"] "    Serial Number: "]
-       grep "Data Base" [openssl "ca -crl_reason keyCompromize -crl_compromise [clock\
-       format [clock seconds]  -format %Y%m%d%H%M%SZ] -revoke $revoking_cert -config $::test::ca/ca.conf"]
-} 0 "Data Base Updated
+       string map {"Data Base" Database Updated updated} [ grep "Data" [openssl "ca -crl_reason keyCompromize -crl_compromise [clock\
+       format [clock seconds]  -format %Y%m%d%H%M%SZ] -revoke $revoking_cert -config $::test::ca/ca.conf"] ]
+} 0 "Database updated
 "
 test -createsfiles test.crl "Generating CRL" {
        openssl "ca -gencrl -config $::test::ca/ca.conf -out test.crl"
@@ -65,10 +73,10 @@ test -createsfiles test.crl "Generating CRL" {
 
 
 test -skip {![file exists test.crl]} "Displaying CRL" {
-       grep "(Serial|Version|Signature Alg|Issuer)" [openssl "crl -text -noout -in test.crl"]
+       regsub -all " = " [grep "(Serial|Version|Signature Alg|Issuer)" [openssl "crl -text -noout -in test.crl"] ] "="
 } 0 "        Version 2 (0x1)
         Signature Algorithm: [hash_with_sign_long_name $ca_alg]
-        Issuer: C = RU, L = Moscow, CN = Test CA $ca_alg, O = Cryptocom, OU = OpenSSL CA, emailAddress = openssl@cryptocom.ru
+        Issuer: C=RU, L=Moscow, CN=Test CA $ca_alg, O=Cryptocom, OU=OpenSSL CA, emailAddress=openssl@cryptocom.ru
 $serial_list    Signature Algorithm: [hash_with_sign_long_name  $ca_alg]
 "
 
@@ -80,17 +88,12 @@ test -skip {![file exists test.crl]} "Verifying CRL OK" {
 test -skip {![file exists test.crl]} "Verifying corrupted CRL" {
        makeFile "badcrl.pem" [hackPem "\01\x1E" [getFile test.crl] "\01\0"]
        grep verify [openssl "crl -in badcrl.pem -noout -CAfile $::test::ca/cacert.pem"]
-} 0 "verify failure
-"
+} -1 "verify failure"
 
 test "Verifying CA certificate" {
-       grep "(cacert.pem|error|OK)" [openssl "verify $::test::ca/cacert.pem"]
-} 1 "error $::test::ca/cacert.pem: verification failed
-STDERR CONTENTS:
-C = RU, L = Moscow, CN = Test CA $ca_alg, O = Cryptocom, OU = OpenSSL CA, emailAddress = openssl@cryptocom.ru
-error 18 at 0 depth lookup: self signed certificate"
-
-
+       grep "(cacert.pem|error|OK)" [openssl "verify -CAfile $::test::ca/cacert.pem $::test::ca/cacert.pem"]
+} 0 "$::test::ca/cacert.pem: OK
+"
 
 test "Verifying certificate" {
        grep "cert.pem" [openssl "verify -CAfile $::test::ca/cacert.pem $userdir/cert.pem"]
@@ -110,12 +113,12 @@ test "Verifying revoked certificate" {
 test "Create a PKCS#7 structure from a certificate and CRL" {
        openssl "crl2pkcs7 -in test.crl -certfile $userdir/cert.pem -out $userdir/p7.pem"
        extract_oids $userdir/p7.pem PEM
-} 0 [mkObjList [hash_with_sign_long_name $ca_alg] [alg_long_name $alg] [pubkey_long_name $alg] [param_hash_long_name [param_hash $alg]] [hash_with_sign_long_name $ca_alg] [hash_with_sign_long_name $ca_alg] [hash_with_sign_long_name $ca_alg]]
+} 0 [mkObjList [hash_with_sign_long_name $ca_alg] [alg_long_name $alg] [pubkey_long_name $alg] [param_hash_long_name [param_hash $alg] $alg] [hash_with_sign_long_name $ca_alg] [hash_with_sign_long_name $ca_alg] [hash_with_sign_long_name $ca_alg]]
 
 test "Creates a PKCS#7 structure without CRL" {
        openssl "crl2pkcs7 -nocrl -certfile $userdir/cert.pem -certfile $::test::ca/cacert.pem -out $userdir/p7_nocrl.pem"
        extract_oids $userdir/p7_nocrl.pem PEM
-} 0 [mkObjList [hash_with_sign_long_name $ca_alg] [alg_long_name $alg] [pubkey_long_name $alg] [param_hash_long_name [param_hash $alg]]  [hash_with_sign_long_name $ca_alg] [hash_with_sign_long_name $ca_alg] [alg_long_name $ca_alg] [pubkey_long_name $ca_alg] [param_hash_long_name [param_hash $ca_alg]] [hash_with_sign_long_name $ca_alg]]
+} 0 [mkObjList [hash_with_sign_long_name $ca_alg] [alg_long_name $alg] [pubkey_long_name $alg] [param_hash_long_name [param_hash $alg] $alg]  [hash_with_sign_long_name $ca_alg] [hash_with_sign_long_name $ca_alg] [alg_long_name $ca_alg] [pubkey_long_name $ca_alg] [param_hash_long_name [param_hash $ca_alg] $ca_alg] [hash_with_sign_long_name $ca_alg]]
 
 }