Skip to content

Commit

Permalink
tcl_tests: ca.try: Ignore openssl crl exit status for 'corrupted CRL'…
Browse files Browse the repository at this point in the history
… test

Older `openssl crl` exits with 0 in regard to verify no matter actual verify
status, newer `openssl crl` could exit with 1 on verify failure. Make the test
backward-compatible, comparing only stderr output.

Fixes: #452
Signed-off-by: Vitaly Chikunov <[email protected]>
  • Loading branch information
vt-alt committed Mar 22, 2024
1 parent 27245fd commit 769e0f7
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions tcl_tests/ca.try
Original file line number Diff line number Diff line change
Expand Up @@ -88,8 +88,8 @@ test -skip {![file exists test.crl]} "Verifying CRL OK" {
test -skip {![file exists test.crl]} "Verifying corrupted CRL" {
makeFile "badcrl.pem" [hackPem "\01\x1E" [getFile test.crl] "\01\0"]
grep verify [openssl "crl -in badcrl.pem -noout -CAfile $::test::ca/cacert.pem"]
} 0 "verify failure
"
} -1 "STDERR CONTENTS:\nverify failure"


test "Verifying CA certificate" {
grep "(cacert.pem|error|OK)" [openssl "verify -CAfile $::test::ca/cacert.pem $::test::ca/cacert.pem"]
Expand Down

0 comments on commit 769e0f7

Please sign in to comment.