Backport of the following commits: b841f2c0b1e9cf24d991cc8b5d21e5a3b7c6ad80 f25e8f07428b9475fa576bf78d77fb4fa366bc70 106e7dbf39d96c46aedecf229d55a09e7593f1ec diff --git a/tests/testDSig.sh b/tests/testDSig.sh index 77372311..f2014464 100755 --- a/tests/testDSig.sh +++ b/tests/testDSig.sh @@ -805,98 +805,98 @@ execDSigTest $res_success \ "signature-rsa-detached-b64-transform" \ "base64 sha1 rsa-sha1" \ "rsa x509" \ - "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00 $url_map_rfc3161" + "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161" execDSigTest $res_success \ "phaos-xmldsig-three" \ "signature-rsa-detached" \ "sha1 rsa-sha1" \ "rsa x509" \ - "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00 $url_map_rfc3161" + "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161" execDSigTest $res_success \ "phaos-xmldsig-three" \ "signature-rsa-detached-xpath-transform" \ "xpath sha1 rsa-sha1" \ "rsa x509" \ - "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00 $url_map_rfc3161" + "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161" execDSigTest $res_success \ "phaos-xmldsig-three" \ "signature-rsa-detached-xslt-transform-retrieval-method" \ "xslt sha1 rsa-sha1" \ "rsa x509" \ - "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00 $url_map_rfc3161" + "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161" execDSigTest $res_success \ "phaos-xmldsig-three" \ "signature-rsa-detached-xslt-transform" \ "xslt sha1 rsa-sha1" \ "rsa x509" \ - "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00 $url_map_rfc3161" + "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161" execDSigTest $res_success \ "phaos-xmldsig-three" \ "signature-rsa-enveloped" \ "enveloped-signature sha1 rsa-sha1" \ "rsa x509" \ - "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00" + "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00" execDSigTest $res_success \ "phaos-xmldsig-three" \ "signature-rsa-enveloping" \ "sha1 rsa-sha1" \ "rsa x509" \ - "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00" + "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00" execDSigTest $res_success \ "phaos-xmldsig-three" \ "signature-rsa-manifest-x509-data-cert-chain" \ "sha1 rsa-sha1" \ "rsa x509" \ - "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00 $url_map_rfc3161" + "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161" execDSigTest $res_success \ "phaos-xmldsig-three" \ "signature-rsa-manifest-x509-data-cert" \ "sha1 rsa-sha1" \ "rsa x509" \ - "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00 $url_map_rfc3161" + "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161" execDSigTest $res_success \ "phaos-xmldsig-three" \ "signature-rsa-manifest-x509-data-issuer-serial" \ "sha1 rsa-sha1" \ "rsa x509" \ - "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --untrusted-$cert_format certs/rsa-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00 $url_map_rfc3161" + "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --untrusted-$cert_format certs/rsa-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161" execDSigTest $res_success \ "phaos-xmldsig-three" \ "signature-rsa-manifest-x509-data-ski" \ "sha1 rsa-sha1" \ "rsa x509" \ - "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --untrusted-$cert_format certs/rsa-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00 $url_map_rfc3161" + "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --untrusted-$cert_format certs/rsa-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161" execDSigTest $res_success \ "phaos-xmldsig-three" \ "signature-rsa-manifest-x509-data-subject-name" \ "sha1 rsa-sha1" \ "rsa x509" \ - "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --untrusted-$cert_format certs/rsa-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00 $url_map_rfc3161" + "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --untrusted-$cert_format certs/rsa-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161" execDSigTest $res_success \ "phaos-xmldsig-three" \ "signature-rsa-manifest" \ "sha1 rsa-sha1" \ "rsa x509" \ - "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00 $url_map_rfc3161" + "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161" execDSigTest $res_success \ "phaos-xmldsig-three" \ "signature-rsa-xpath-transform-enveloped" \ "enveloped-signature xpath sha1 rsa-sha1" \ "rsa x509" \ - "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00" + "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00" ########################################################################## @@ -940,7 +940,7 @@ execDSigTest $res_fail \ "merlin-xmldsig-twenty-three/signature-x509-crt-crl" \ "sha1 rsa-sha1" \ "rsa x509" \ - "--X509-skip-strict-checks --trusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/ca.$cert_format $url_map_xml_stylesheet_2018" + "--trusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/ca.$cert_format $url_map_xml_stylesheet_2018" execDSigTest $res_fail \ "" \ diff --git a/tests/testrun.sh b/tests/testrun.sh index ea65802b..fe0334c7 100755 --- a/tests/testrun.sh +++ b/tests/testrun.sh @@ -59,7 +59,7 @@ if [ "z$XMLSEC_DEFAULT_CRYPTO" != "z" ] ; then elif [ "z$crypto" != "z" ] ; then xmlsec_params="$xmlsec_params --crypto $crypto" fi -xmlsec_params="$xmlsec_params --X509-skip-strict-checks --crypto-config $crypto_config" +xmlsec_params="$xmlsec_params --crypto-config $crypto_config" # # Setup keys config @@ -308,8 +308,8 @@ execDSigTest() { # run tests if [ -n "$params1" ] ; then printf " Verify existing signature " - echo "$VALGRIND $xmlsec_app verify $xmlsec_params $params1 $full_file.xml" >> $curlogfile - $VALGRIND $xmlsec_app verify $xmlsec_params $params1 $full_file.xml >> $curlogfile 2>> $curlogfile + echo "$VALGRIND $xmlsec_app verify --X509-skip-strict-checks $xmlsec_params $params1 $full_file.xml" >> $curlogfile + $VALGRIND $xmlsec_app verify --X509-skip-strict-checks $xmlsec_params $params1 $full_file.xml >> $curlogfile 2>> $curlogfile printRes $expected_res $? if [ $? != 0 ]; then failures=`expr $failures + 1` @@ -328,8 +328,8 @@ execDSigTest() { if [ -n "$params3" -a -z "$PERF_TEST" ] ; then printf " Verify new signature " - echo "$VALGRIND $xmlsec_app verify $xmlsec_params $params3 $tmpfile" >> $curlogfile - $VALGRIND $xmlsec_app verify $xmlsec_params $params3 $tmpfile >> $curlogfile 2>> $curlogfile + echo "$VALGRIND $xmlsec_app verify --X509-skip-strict-checks $xmlsec_params $params3 $tmpfile" >> $curlogfile + $VALGRIND $xmlsec_app verify --X509-skip-strict-checks $xmlsec_params $params3 $tmpfile >> $curlogfile 2>> $curlogfile printRes $res_success $? if [ $? != 0 ]; then failures=`expr $failures + 1` @@ -406,7 +406,7 @@ execEncTest() { if [ -n "$params1" ] ; then rm -f $tmpfile printf " Decrypt existing document " - echo "$VALGRIND $xmlsec_app decrypt $xmlsec_params $params1 $full_file.xml" >> $curlogfile + echo "$VALGRIND $xmlsec_app decrypt $xmlsec_params $params1 $full_file.xml" >> $curlogfile $VALGRIND $xmlsec_app decrypt $xmlsec_params $params1 --output $tmpfile $full_file.xml >> $curlogfile 2>> $curlogfile res=$? echo "=== TEST RESULT: $res; expected: $expected_res" >> $curlogfile