Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

limbo: add othername NC testcase #228

Merged
merged 1 commit into from
Mar 11, 2024
Merged

limbo: add othername NC testcase #228

merged 1 commit into from
Mar 11, 2024

Conversation

woodruffw
Copy link
Collaborator

Adds an OtherName NC case with a private OtherName OID, which should be blanket rejected.

Signed-off-by: William Woodruff <william@trailofbits.com>
@woodruffw woodruffw added the component:tests 🧪 Unit and integration tests label Mar 11, 2024
@woodruffw woodruffw self-assigned this Mar 11, 2024
@woodruffw woodruffw mentioned this pull request Mar 11, 2024
16 tasks
Copy link
Contributor

:shipit: No regressions found.

Copy link
Contributor

New testcases

There are new testcases in this change.

gocryptox509-go1.22.0

Testcase Expected Result Actual Result Context
rfc5280::nc::nc-forbids-othername FAILURE FAILURE

certvalidator-0.11.1

Testcase Expected Result Actual Result Context
rfc5280::nc::nc-forbids-othername FAILURE FAILURE The path could not be validated because intermediate certificate 1 contains the following unsupported critical extension: name_constraints

openssl-3.0.13

Testcase Expected Result Actual Result Context
rfc5280::nc::nc-forbids-othername FAILURE FAILURE unsupported name constraint type

openssl-3.2.1

Testcase Expected Result Actual Result Context
rfc5280::nc::nc-forbids-othername FAILURE FAILURE unsupported name constraint type

pyca-cryptography-42.0.5

Testcase Expected Result Actual Result Context
rfc5280::nc::nc-forbids-othername FAILURE SUCCESS None

rustls-webpki

Testcase Expected Result Actual Result Context
rfc5280::nc::nc-forbids-othername FAILURE FAILURE NameConstraintViolation

rust-webpki

Testcase Expected Result Actual Result Context
rfc5280::nc::nc-forbids-othername FAILURE FAILURE UnknownIssuer

openssl-3.1.5

Testcase Expected Result Actual Result Context
rfc5280::nc::nc-forbids-othername FAILURE FAILURE unsupported name constraint type

openssl-1.1

Testcase Expected Result Actual Result Context
rfc5280::nc::nc-forbids-othername FAILURE FAILURE unsupported name constraint type

@woodruffw woodruffw merged commit 1bf45ad into main Mar 11, 2024
7 checks passed
@woodruffw woodruffw deleted the ww/othername-constraint branch March 11, 2024 21:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant