From ec718ccc577ce7cc344e4eca7096a3a88541c9fe Mon Sep 17 00:00:00 2001 From: Sergey Abramchuk Date: Tue, 18 Aug 2020 13:46:07 +0300 Subject: [PATCH] Revert patches --- .../ASIO/asio/include/asio/basic_socket.hpp | 7 -- .../include/asio/detail/impl/socket_ops.ipp | 17 ---- .../asio/include/asio/impl/error_code.ipp | 2 +- .../asio/ip/basic_resolver_results.hpp | 7 -- Sources/mbedTLS/include/mbedtls/bn_mul.h | 2 +- Sources/mbedTLS/include/mbedtls/oid.h | 13 +-- Sources/mbedTLS/include/mbedtls/ssl.h | 22 ----- Sources/mbedTLS/include/mbedtls/x509_crt.h | 2 - Sources/mbedTLS/library/oid.c | 81 +++---------------- Sources/mbedTLS/library/ssl_tls.c | 8 -- Sources/mbedTLS/library/x509.c | 18 +---- Sources/mbedTLS/library/x509_crt.c | 10 +-- .../mbedTLS/tests/data_files/test-ca-nc.crt | 20 ----- .../tests/suites/test_suite_x509parse.data | 6 -- .../suites/test_suite_x509parse.function | 15 ---- 15 files changed, 18 insertions(+), 212 deletions(-) delete mode 100644 Sources/mbedTLS/tests/data_files/test-ca-nc.crt diff --git a/Sources/ASIO/asio/include/asio/basic_socket.hpp b/Sources/ASIO/asio/include/asio/basic_socket.hpp index 4da85eb..42efbda 100644 --- a/Sources/ASIO/asio/include/asio/basic_socket.hpp +++ b/Sources/ASIO/asio/include/asio/basic_socket.hpp @@ -950,8 +950,6 @@ public: { const protocol_type protocol = peer_endpoint.protocol(); impl_.get_service().open(impl_.get_implementation(), protocol, open_ec); - if (!open_ec) - async_connect_post_open(protocol, open_ec); } return async_initiate( @@ -1802,11 +1800,6 @@ protected: #endif private: - // optional user code hook immediately after socket open in async_connect - virtual void async_connect_post_open(const protocol_type& protocol, asio::error_code& ec) - { - } - // Disallow copying and assignment. basic_socket(const basic_socket&) ASIO_DELETED; basic_socket& operator=(const basic_socket&) ASIO_DELETED; diff --git a/Sources/ASIO/asio/include/asio/detail/impl/socket_ops.ipp b/Sources/ASIO/asio/include/asio/detail/impl/socket_ops.ipp index b17a60e..ad203b7 100644 --- a/Sources/ASIO/asio/include/asio/detail/impl/socket_ops.ipp +++ b/Sources/ASIO/asio/include/asio/detail/impl/socket_ops.ipp @@ -3339,23 +3339,6 @@ asio::error_code getaddrinfo(const char* host, # endif #elif !defined(ASIO_HAS_GETADDRINFO) int error = getaddrinfo_emulation(host, service, &hints, result); - return ec = translate_addrinfo_error(error); -#elif defined(ASIO_HAS_GETADDRINFO) && defined(ASIO_APPLE_NAT64) - // For NAT64 compatibility, Apple recommends to set AI_DEFAULT flags - addrinfo_type new_hints = hints; - new_hints.ai_flags |= AI_DEFAULT; - int error = ::getaddrinfo(host, service, &new_hints, result); - - // iOS bug workaround: sometimes iOS getaddrinfo() returns a non-zero scope ID - // for non-link-local addresses. Workaround by forcing scope ID to 0 for - // non-link-local addresses. - if (!error && (*result)->ai_family == AF_INET6) - { - sockaddr_in6* a6 = (sockaddr_in6*)(*result)->ai_addr; - if (a6->sin6_scope_id && !(IN6_IS_ADDR_LINKLOCAL(&a6->sin6_addr) || IN6_IS_ADDR_MC_NODELOCAL(&a6->sin6_addr) || IN6_IS_ADDR_MC_LINKLOCAL(&a6->sin6_addr))) - a6->sin6_scope_id = 0; - } - return ec = translate_addrinfo_error(error); #else int error = ::getaddrinfo(host, service, &hints, result); diff --git a/Sources/ASIO/asio/include/asio/impl/error_code.ipp b/Sources/ASIO/asio/include/asio/impl/error_code.ipp index fbfce7e..0a5c443 100644 --- a/Sources/ASIO/asio/include/asio/impl/error_code.ipp +++ b/Sources/ASIO/asio/include/asio/impl/error_code.ipp @@ -80,7 +80,7 @@ public: DWORD length = ::FormatMessageA(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, 0, value, - MAKELANGID(LANG_ENGLISH, SUBLANG_ENGLISH_US), (char*)&msg, 0, 0); + MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (char*)&msg, 0, 0); detail::local_free_on_block_exit local_free_obj(msg); if (length && msg[length - 1] == '\n') msg[--length] = '\0'; diff --git a/Sources/ASIO/asio/include/asio/ip/basic_resolver_results.hpp b/Sources/ASIO/asio/include/asio/ip/basic_resolver_results.hpp index c070f7d..3b3fad4 100644 --- a/Sources/ASIO/asio/include/asio/ip/basic_resolver_results.hpp +++ b/Sources/ASIO/asio/include/asio/ip/basic_resolver_results.hpp @@ -18,7 +18,6 @@ #include "asio/detail/config.hpp" #include #include -#include #include "asio/detail/socket_ops.hpp" #include "asio/detail/socket_types.hpp" #include "asio/ip/basic_resolver_iterator.hpp" @@ -300,12 +299,6 @@ public: return !a.equal(b); } - template - void randomize(Random& r) - { - std::shuffle(this->values_->begin(), this->values_->end(), r); - } - private: typedef std::vector > values_type; }; diff --git a/Sources/mbedTLS/include/mbedtls/bn_mul.h b/Sources/mbedTLS/include/mbedtls/bn_mul.h index 396c1ac..3a254aa 100644 --- a/Sources/mbedTLS/include/mbedtls/bn_mul.h +++ b/Sources/mbedTLS/include/mbedtls/bn_mul.h @@ -62,7 +62,7 @@ * This is done as the number of registers used in the assembly code doesn't * work with the -O0 option. */ -#if defined(__i386__) && defined(__OPTIMIZE__) && (!defined(__ANDROID_API__) || defined(__clang__)) +#if defined(__i386__) && defined(__OPTIMIZE__) #define MULADDC_INIT \ asm( \ diff --git a/Sources/mbedTLS/include/mbedtls/oid.h b/Sources/mbedTLS/include/mbedtls/oid.h index b116736..408645e 100644 --- a/Sources/mbedTLS/include/mbedtls/oid.h +++ b/Sources/mbedTLS/include/mbedtls/oid.h @@ -410,7 +410,7 @@ int mbedtls_oid_get_numeric_string( char *buf, size_t size, const mbedtls_asn1_b #if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C) /** - * \brief Translate supported X.509 extension OID into local values + * \brief Translate an X.509 extension OID into local values * * \param oid OID to use * \param ext_type place to store the extension type @@ -418,17 +418,6 @@ int mbedtls_oid_get_numeric_string( char *buf, size_t size, const mbedtls_asn1_b * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ int mbedtls_oid_get_x509_ext_type( const mbedtls_asn1_buf *oid, int *ext_type ); - -/** - * \brief Translate supported and unsupported X.509 extension OID into local values - * - * \param oid OID to use - * \param ext_type place to store the extension type - * \param is_supported place to store flag if extension is supported (1 - supported, 0 otherwise) - * - * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND - */ -int mbedtls_oid_get_x509_ext_type_supported( const mbedtls_asn1_buf *oid, int *ext_type, int *is_supported ); #endif /** diff --git a/Sources/mbedTLS/include/mbedtls/ssl.h b/Sources/mbedTLS/include/mbedtls/ssl.h index 13a3871..4d92274 100644 --- a/Sources/mbedTLS/include/mbedtls/ssl.h +++ b/Sources/mbedTLS/include/mbedtls/ssl.h @@ -696,10 +696,6 @@ struct mbedtls_ssl_config retransmission timeout (ms) */ #endif - uint32_t allowed_unsupported_critical_exts; /*!< Bit flags which represent runtime-enabled - unsupported critical extensions, e.g. - MBEDTLS_X509_EXT_NAME_CONSTRAINTS */ - #if defined(MBEDTLS_SSL_RENEGOTIATION) int renego_max_records; /*!< grace period for renegotiation */ unsigned char renego_period[8]; /*!< value of the record counters @@ -2302,24 +2298,6 @@ void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf, const unsigned char period[8] ); #endif /* MBEDTLS_SSL_RENEGOTIATION */ -/** - * \brief Allows unsupported critical extensions - * - * Without compile-time flag MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION - * mbedTLS fails certificate verification if certificate contains - * unsupported critical extensions. - * - * This method allows to modify behavior in runtime by providing - * bit flags which represent unsupported extensions (for example MBEDTLS_X509_EXT_NAME_CONSTRAINTS) - * which should be allowed despite missing above mentioned compile-time flag. - * - * \param conf SSL configuration - * \param exts Bit flags which represent runtime-enabled unsupported critical extensions, - * e.g. MBEDTLS_X509_EXT_NAME_CONSTRAINTS - * - */ -void mbedtls_ssl_conf_allow_unsupported_critical_exts( mbedtls_ssl_config *conf, uint32_t exts ); - /** * \brief Return the number of data bytes available to read * diff --git a/Sources/mbedTLS/include/mbedtls/x509_crt.h b/Sources/mbedTLS/include/mbedtls/x509_crt.h index 9df19e5..e72231e 100644 --- a/Sources/mbedTLS/include/mbedtls/x509_crt.h +++ b/Sources/mbedTLS/include/mbedtls/x509_crt.h @@ -90,8 +90,6 @@ typedef struct mbedtls_x509_crt mbedtls_pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */ void *sig_opts; /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */ - uint32_t allowed_unsupported_critical_exts; /**< Optional Bit flags which represent runtime-enabled unsupported critical extensions, e.g. MBEDTLS_X509_EXT_NAME_CONSTRAINTS */ - struct mbedtls_x509_crt *next; /**< Next certificate in the CA-chain. */ } mbedtls_x509_crt; diff --git a/Sources/mbedTLS/library/oid.c b/Sources/mbedTLS/library/oid.c index a756d28..edea950 100644 --- a/Sources/mbedTLS/library/oid.c +++ b/Sources/mbedTLS/library/oid.c @@ -254,95 +254,38 @@ FN_OID_GET_ATTR1(mbedtls_oid_get_attr_short_name, oid_x520_attr_t, x520_attr, co typedef struct { mbedtls_oid_descriptor_t descriptor; int ext_type; - int is_supported; } oid_x509_ext_t; static const oid_x509_ext_t oid_x509_ext[] = { { - { ADD_LEN( MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER ), "id-ce-authorityKeyIdentifier", "Authority Key Identifier" }, - MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER, 0, + { ADD_LEN( MBEDTLS_OID_BASIC_CONSTRAINTS ), "id-ce-basicConstraints", "Basic Constraints" }, + MBEDTLS_X509_EXT_BASIC_CONSTRAINTS, }, { - { ADD_LEN( MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER ), "id-ce-subjectKeyIdentifier", "Subject Key Identifier" }, - MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER, 0, + { ADD_LEN( MBEDTLS_OID_KEY_USAGE ), "id-ce-keyUsage", "Key Usage" }, + MBEDTLS_X509_EXT_KEY_USAGE, }, { - { ADD_LEN( MBEDTLS_OID_KEY_USAGE ), "id-ce-keyUsage", "Key Usage" }, - MBEDTLS_X509_EXT_KEY_USAGE, 1, + { ADD_LEN( MBEDTLS_OID_EXTENDED_KEY_USAGE ), "id-ce-extKeyUsage", "Extended Key Usage" }, + MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE, }, { - { ADD_LEN( MBEDTLS_OID_CERTIFICATE_POLICIES ), "id-ce-certificatePolicies", "Certificate Policies" }, - MBEDTLS_X509_EXT_CERTIFICATE_POLICIES, 0, + { ADD_LEN( MBEDTLS_OID_SUBJECT_ALT_NAME ), "id-ce-subjectAltName", "Subject Alt Name" }, + MBEDTLS_X509_EXT_SUBJECT_ALT_NAME, }, { - { ADD_LEN( MBEDTLS_OID_POLICY_MAPPINGS ), "id-ce-policyMappings", "Policy Mapping" }, - MBEDTLS_X509_EXT_POLICY_MAPPINGS, 0, - }, - { - { ADD_LEN( MBEDTLS_OID_ISSUER_ALT_NAME ), "id-ce-issuerAltName", "Issuer Alt Name" }, - MBEDTLS_X509_EXT_ISSUER_ALT_NAME, 0, - }, - { - { ADD_LEN( MBEDTLS_OID_SUBJECT_DIRECTORY_ATTRS ), "id-ce-subjectDirectoryAttributes", "Subject Directory Attributes" }, - MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS, 0, - }, - { - { ADD_LEN( MBEDTLS_OID_BASIC_CONSTRAINTS ), "id-ce-basicConstraints", "Basic Constraints" }, - MBEDTLS_X509_EXT_BASIC_CONSTRAINTS, 1, - }, - { - { ADD_LEN( MBEDTLS_OID_NAME_CONSTRAINTS ), "id-ce-nameConstraints", "Name Constraints" }, - MBEDTLS_X509_EXT_NAME_CONSTRAINTS, 0, - }, - { - { ADD_LEN( MBEDTLS_OID_POLICY_CONSTRAINTS ), "id-ce-policyConstraints", "Policy Constraints" }, - MBEDTLS_X509_EXT_POLICY_CONSTRAINTS, 0, - }, - { - { ADD_LEN( MBEDTLS_OID_EXTENDED_KEY_USAGE ), "id-ce-extKeyUsage", "Extended Key Usage" }, - MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE, 1 - }, - { - { ADD_LEN( MBEDTLS_OID_CRL_DISTRIBUTION_POINTS ), "id-ce-cRLDistributionPoints", "CRL Distribution Points" }, - MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS, 0, - }, - { - { ADD_LEN( MBEDTLS_OID_INIHIBIT_ANYPOLICY ), "id-ce-inhibitAnyPolicy", "Inhibit Any Policy" }, - MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY, 0, - }, - { - { ADD_LEN( MBEDTLS_OID_FRESHEST_CRL ), "id-ce-freshestCRL", "Freshest CRL" }, - MBEDTLS_X509_EXT_FRESHEST_CRL, 0, - }, - { - { ADD_LEN( MBEDTLS_OID_SUBJECT_ALT_NAME ), "id-ce-subjectAltName", "Subject Alt Name" }, - MBEDTLS_X509_EXT_SUBJECT_ALT_NAME, 1 - }, - { - { ADD_LEN( MBEDTLS_OID_NS_CERT_TYPE ), "id-netscape-certtype", "Netscape Certificate Type" }, - MBEDTLS_X509_EXT_NS_CERT_TYPE, 1 + { ADD_LEN( MBEDTLS_OID_NS_CERT_TYPE ), "id-netscape-certtype", "Netscape Certificate Type" }, + MBEDTLS_X509_EXT_NS_CERT_TYPE, }, { { NULL, 0, NULL, NULL }, - 0, 0 + 0, }, }; FN_OID_TYPED_FROM_ASN1(oid_x509_ext_t, x509_ext, oid_x509_ext) -FN_OID_GET_ATTR2(mbedtls_oid_get_x509_ext_type_supported, oid_x509_ext_t, x509_ext, int, ext_type, int, is_supported) - -int mbedtls_oid_get_x509_ext_type( const mbedtls_asn1_buf *oid, int *ext_type ) -{ - int ret = 0; - int is_supported = 0; - - ret = mbedtls_oid_get_x509_ext_type_supported(oid, ext_type, &is_supported); - if( is_supported == 0 ) - ret = MBEDTLS_ERR_OID_NOT_FOUND; - - return( ret ); -} +FN_OID_GET_ATTR1(mbedtls_oid_get_x509_ext_type, oid_x509_ext_t, x509_ext, int, ext_type) static const mbedtls_oid_descriptor_t oid_ext_key_usage[] = { diff --git a/Sources/mbedTLS/library/ssl_tls.c b/Sources/mbedTLS/library/ssl_tls.c index 5d1d5bc..51827c3 100644 --- a/Sources/mbedTLS/library/ssl_tls.c +++ b/Sources/mbedTLS/library/ssl_tls.c @@ -4668,9 +4668,6 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) mbedtls_x509_crt_init( ssl->session_negotiate->peer_cert ); - ssl->session_negotiate->peer_cert->allowed_unsupported_critical_exts = - ssl->conf->allowed_unsupported_critical_exts; - i += 3; while( i < ssl->in_hslen ) @@ -6629,11 +6626,6 @@ void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf, } #endif /* MBEDTLS_SSL_RENEGOTIATION */ -void mbedtls_ssl_conf_allow_unsupported_critical_exts( mbedtls_ssl_config *conf, uint32_t exts ) -{ - conf->allowed_unsupported_critical_exts = exts; -} - #if defined(MBEDTLS_SSL_SESSION_TICKETS) #if defined(MBEDTLS_SSL_CLI_C) void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets ) diff --git a/Sources/mbedTLS/library/x509.c b/Sources/mbedTLS/library/x509.c index f64cff1..117c5fd 100644 --- a/Sources/mbedTLS/library/x509.c +++ b/Sources/mbedTLS/library/x509.c @@ -564,20 +564,13 @@ static int x509_parse_time( unsigned char **p, size_t len, size_t yearlen, /* * Parse seconds if present */ - if ( len >= 2 && **p >= '0' && **p <= '9' ) + if ( len >= 2 ) { CHECK( x509_parse_int( p, 2, &tm->sec ) ); len -= 2; } else - { -#if defined(MBEDTLS_RELAXED_X509_DATE) - /* if relaxed mode, allow seconds to be absent */ - tm->sec = 0; -#else return ( MBEDTLS_ERR_X509_INVALID_DATE ); -#endif - } /* * Parse trailing 'Z' if present @@ -587,15 +580,6 @@ static int x509_parse_time( unsigned char **p, size_t len, size_t yearlen, (*p)++; len--; } -#if defined(MBEDTLS_RELAXED_X509_DATE) - else if ( len == 5 && **p == '+' ) - { - int tz; /* throwaway timezone */ - (*p)++; - CHECK( x509_parse_int( p, 4, &tz ) ); - return 0; - } -#endif /* * We should have parsed all characters at this point diff --git a/Sources/mbedTLS/library/x509_crt.c b/Sources/mbedTLS/library/x509_crt.c index 130b3ad..3ad53a7 100644 --- a/Sources/mbedTLS/library/x509_crt.c +++ b/Sources/mbedTLS/library/x509_crt.c @@ -539,7 +539,6 @@ static int x509_get_crt_ext( unsigned char **p, int ret; size_t len; unsigned char *end_ext_data, *end_ext_octet; - int is_supported; if( *p == end ) return( 0 ); @@ -594,9 +593,9 @@ static int x509_get_crt_ext( unsigned char **p, /* * Detect supported extensions */ - ret = mbedtls_oid_get_x509_ext_type_supported( &extn_oid, &ext_type, &is_supported ); + ret = mbedtls_oid_get_x509_ext_type( &extn_oid, &ext_type ); - if( ( ret != 0 ) || ( is_supported == 0 ) ) + if( ret != 0 ) { /* No parser found, skip extension */ *p = end_ext_octet; @@ -604,10 +603,6 @@ static int x509_get_crt_ext( unsigned char **p, #if !defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION) if( is_critical ) { - /* Do not fail if extension is found, but unsupported and allowed in runtime */ - if( ( ret == 0 ) && ( ext_type & crt->allowed_unsupported_critical_exts ) ) - continue; - /* Data is marked as critical: fail */ return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); @@ -961,7 +956,6 @@ int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, const unsigned char *bu prev = crt; mbedtls_x509_crt_init( crt->next ); - crt->next->allowed_unsupported_critical_exts = crt->allowed_unsupported_critical_exts; crt = crt->next; } diff --git a/Sources/mbedTLS/tests/data_files/test-ca-nc.crt b/Sources/mbedTLS/tests/data_files/test-ca-nc.crt deleted file mode 100644 index 7e0c561..0000000 --- a/Sources/mbedTLS/tests/data_files/test-ca-nc.crt +++ /dev/null @@ -1,20 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDSzCCAjOgAwIBAgIJAJx/NjT4C4viMA0GCSqGSIb3DQEBCwUAMBMxETAPBgNV -BAMMCExlZXZpQ0E0MB4XDTE4MDEyNzE1MDczMloXDTI4MDEyNTE1MDczMlowEzER -MA8GA1UEAwwITGVldmlDQTQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB -AQDWN79RTlyFm5o0LVMSVjc68W0+gtl95xpaaD7IS6gDYjcbGnCwSefiq7y9rtck -OM1A5Bzhj5+iWbmZStUmeJUhSGgxP/FxuUaAV0fsBGJ5jDrzmbhzDkHsNxDMB2ks -XFyy4LfODcBs9TXxY43KUKuq/0meiT3WAaZWHMYle9vkQJM2l0RyH4IXHCHiIRwd -2wntin6T9QOFJOc2ietNb7KsXVne81wb7h9BVMsjCIAsbPpHa+PZQs1xFuxmRxCs -kpavnMy+SqevHhvqtvbHppcXYtZspTnkVoXWUdx3HHXgZMQKlAWlwyx57xpZBU2g -qksO+KCLVYOQMN9usmuMOpHHAgMBAAGjgaEwgZ4wHQYDVR0eAQH/BBMwEaAPMA2C -C2V4YW1wbGUuY29tMB0GA1UdDgQWBBR3T9IilPeRAFfLO8ocg216OBo+6DBDBgNV -HSMEPDA6gBR3T9IilPeRAFfLO8ocg216OBo+6KEXpBUwEzERMA8GA1UEAwwITGVl -dmlDQTSCCQCcfzY0+AuL4jAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkq -hkiG9w0BAQsFAAOCAQEAR086ciNM3ujSQNhhguqFHYGfDRRuAgOk4l7GXIfFa9te -B2KMLSwP367QaMwFxRrOoDvixIjzbpiiKB3cv+IXqGyfsRJw47XLwGK4FtSsXjst -m2M8W5iXBQ94XoLj9OKb4ZJWKI930S/PF7uuxICtWttYSoylfyMkiR45+1SLj2eF -X4EnXK3Q0H42v8LCDFqj9iNQ2WMLwA7kFPB+oOZxkFi2G0F3VuW+JZeBPQCpYdRO -0kQQ/gIZE6KEdscKHi9y6OfGSeRlDBMADky9NiZy7I3AcspLcmMQh/191/DnooNe -OwQ6w1HweApjB46bGyILpGUi9MZhvCnoLWg+cN3/wQ== ------END CERTIFICATE----- diff --git a/Sources/mbedTLS/tests/suites/test_suite_x509parse.data b/Sources/mbedTLS/tests/suites/test_suite_x509parse.data index 9426e7b..8bca39a 100644 --- a/Sources/mbedTLS/tests/suites/test_suite_x509parse.data +++ b/Sources/mbedTLS/tests/suites/test_suite_x509parse.data @@ -1798,12 +1798,6 @@ X509 File parse (trailing spaces, OK) depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C x509parse_crt_file:"data_files/server7_trailing_space.crt":0 -X509 File parse (unsupported critical ext Name Constraints, fail) -x509parse_crt_file:"data_files/test-ca-nc.crt":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG - -X509 File parse (allowed unsupported critical ext Name Constraints, ok) -x509parse_crt_file_allow_exts:"data_files/test-ca-nc.crt":MBEDTLS_X509_EXT_NAME_CONSTRAINTS:0 - X509 Get time (UTC no issues) depends_on:MBEDTLS_X509_USE_C x509_get_time:MBEDTLS_ASN1_UTC_TIME:"500101000000Z":0:1950:1:1:0:0:0 diff --git a/Sources/mbedTLS/tests/suites/test_suite_x509parse.function b/Sources/mbedTLS/tests/suites/test_suite_x509parse.function index c12a0e0..584ee82 100644 --- a/Sources/mbedTLS/tests/suites/test_suite_x509parse.function +++ b/Sources/mbedTLS/tests/suites/test_suite_x509parse.function @@ -448,21 +448,6 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_FS_IO */ -void x509parse_crt_file_allow_exts( char *crt_file, int exts, int result ) -{ - mbedtls_x509_crt crt; - - mbedtls_x509_crt_init( &crt ); - crt.allowed_unsupported_critical_exts = exts; - - TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == result ); - -exit: - mbedtls_x509_crt_free( &crt ); -} -/* END_CASE */ - /* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */ void x509parse_crt( char *crt_data, char *result_str, int result ) {