philljj commented 1 week ago

Description

Fix holder entityName parsing.
Add better testing on holder fields.
Some light cleanup, more comments, and better debug logging.
Add X509_ACERT_new, wolfSSL_X509_ACERT_new_ex, and wolfSSL_X509_ACERT_sign (stub) test.

Fixes zd#18889.

Testing

Expanded test_wolfSSL_X509_ACERT_asn in tests/api.c.
Tested with https://github.com/philljj/acert-test.
Tested with reproducer in ticket.

Printing before:

$./test/test_acert -f certs/acert_ietf.pem -p
...
        Holder:
            Issuer: CN=CA
            Serial Number: 2 (0x2)
        Issuer: CN=Attribute Certificate Issuer
...

Printing after:

$./test/test_acert -f certs/acert_ietf.pem -p
...
        Holder:
            Name: CN=server.example
            Issuer: CN=CA
            Serial Number: 2 (0x2)
        Issuer: CN=Attribute Certificate Issuer
...

philljj commented 1 week ago

Retest this please.

SparkiDev commented 1 week ago

Can you please add test cases for: wolfSSL_X509_ACERT_new and wolfSSL_X509_ACERT_sign.

Thanks!

dgarske commented 1 week ago

@philljj Please resolve merge conflicts.

wolfSSL / wolfssl

acert: fix holder entityName parsing. #8166

Description

Testing