OCSP in specific. Actually, I am trying to have OpenSSL to use OCSP before CRL in check_revocation(). On the web I found someone make this change but it did not get merged into OpenSSL. I want to test that part of the code change where I merged in my local Ubuntu 14.04.
Thanks so much, Anthony. -----Original Message----- From: openssl-dev [mailto:openssl-dev-boun...@openssl.org] On Behalf Of Richard Levitte Sent: Thursday, April 14, 2016 12:13 AM To: openssl-dev@openssl.org Subject: Re: [openssl-dev] make TESTS="test_ocsp" test I could argue that testing the command line *does* test the library ;-) However, there are a number of test programs in test/ that test diverse aspects of the library as well, also through the aid of test recipes. Which aspect of the library are you looking for? Cheers, Richard In message <he1pr08mb0427bbecd3407da440a3e8dfd6...@he1pr08mb0427.eurprd08.prod.outlook.com> on Thu, 14 Apr 2016 05:37:00 +0000, CHOW Anthony <anthony.c...@al-enterprise.com> said: anthony.chow> Oh thanks. This is a negative test. I will move on. anthony.chow> anthony.chow> Is there a good way to test the openssl library and not just the command line? anthony.chow> anthony.chow> Anthony. anthony.chow> anthony.chow> -----Original Message----- anthony.chow> From: openssl-dev [mailto:openssl-dev-boun...@openssl.org] On Behalf Of Richard Levitte anthony.chow> Sent: Wednesday, April 13, 2016 10:33 PM anthony.chow> To: openssl-dev@openssl.org anthony.chow> Subject: Re: [openssl-dev] make TESTS="test_ocsp" test anthony.chow> anthony.chow> In message <he1pr08mb0427b6808f52900cd7a6138cd6...@he1pr08mb0427.eurprd08.prod.outlook.com> on Thu, 14 Apr 2016 04:55:02 +0000, CHOW Anthony <anthony.c...@al-enterprise.com> said: anthony.chow> anthony.chow> anthony.chow> Can this test be tested standalone? I must have missed something: anthony.chow> anthony.chow> anthony.chow> anthony.chow> === INVALID SIGNATURE on the OCSP RESPONSE === anthony.chow> NON-DELEGATED; Intermediate CA -> EE anthony.chow> Response Verify Failure anthony.chow> 47813825843168:error:0407006A:rsa anthony.chow> routines:RSA_padding_check_PKCS1_type_1:block type is not anthony.chow> 01:rsa_pk1.c:103: anthony.chow> anthony.chow> 47813825843168:error:04067072:rsa anthony.chow> routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay.c:705: anthony.chow> anthony.chow> 47813825843168:error:0D0C5006:asn1 encoding anthony.chow> routines:ASN1_item_verify:EVP lib:a_verify.c:218: anthony.chow> anthony.chow> 47813825843168:error:27069075:OCSP anthony.chow> anthony.chow> routines:OCSP_basic_verify:signature failure:ocsp_vfy.c:105: anthony.chow> anthony.chow> NON-DELEGATED; Root CA -> Intermediate CA anthony.chow> Response Verify Failure anthony.chow> 47579061129184:error:0407006A:rsa anthony.chow> routines:RSA_padding_check_PKCS1_type_1:block type is not anthony.chow> 01:rsa_pk1.c:103: anthony.chow> anthony.chow> 47579061129184:error:04067072:rsa anthony.chow> routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay.c:705: anthony.chow> anthony.chow> 47579061129184:error:0D0C5006:asn1 encoding anthony.chow> routines:ASN1_item_verify:EVP lib:a_verify.c:218: anthony.chow> anthony.chow> 47579061129184:error:27069075:OCSP anthony.chow> anthony.chow> routines:OCSP_basic_verify:signature failure:ocsp_vfy.c:105: anthony.chow> anthony.chow> NON-DELEGATED; Root CA -> EE anthony.chow> anthony.chow> Any pointer on what I can do? anthony.chow> anthony.chow> This is a part of the OCSP test suite, and sorry, there currently is no way to pick and choose between the different tests of the suite (I wouldn't expect that to change in the future). anthony.chow> anthony.chow> As to that particular set of tests, it checks that diverse responses with invalid signature does lead to an error report, so that output looks quite correct (unless I'm missing something) anthony.chow> anthony.chow> Cheers, anthony.chow> Richard anthony.chow> anthony.chow> -- anthony.chow> Richard Levitte levi...@openssl.org anthony.chow> OpenSSL Project http://www.openssl.org/~levitte/ anthony.chow> -- anthony.chow> openssl-dev mailing list anthony.chow> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev anthony.chow> -- anthony.chow> openssl-dev mailing list anthony.chow> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev anthony.chow> -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
