void doit(void)
{
gnutls_x509_privkey_t pkey;
gnutls_x509_crt_t crt;
gnutls_x509_crt_t crt2;
const char *err = NULL;
gnutls_datum_t out;
size_t s = 0;
int ret;
ret = global_init();
if (ret < 0)
fail("global_init\n");
gnutls_global_set_time_function(mytime);
gnutls_global_set_log_function(tls_log_func);
if (debug)
gnutls_global_set_log_level(4711);
ret = gnutls_x509_crt_init(&crt);
if (ret != 0)
fail("gnutls_x509_crt_init\n");
ret = gnutls_x509_crt_init(&crt2);
if (ret != 0)
fail("gnutls_x509_crt_init\n");
ret = gnutls_x509_crt_import(crt2, &server_ecc_cert, GNUTLS_X509_FMT_PEM);
if (ret != 0)
fail("gnutls_x509_crt_import\n");
ret = gnutls_x509_privkey_init(&pkey);
if (ret != 0)
fail("gnutls_x509_privkey_init\n");
ret = gnutls_x509_privkey_import(pkey, &key_dat, GNUTLS_X509_FMT_PEM);
if (ret != 0)
fail("gnutls_x509_privkey_import\n");
/* Setup CRT */
ret = gnutls_x509_crt_set_version(crt, 3);
if (ret != 0)
fail("gnutls_x509_crt_set_version\n");
ret = gnutls_x509_crt_set_serial(crt, "\x0a\x11\x00", 3);
if (ret != 0)
fail("gnutls_x509_crt_set_serial\n");
ret = gnutls_x509_crt_set_expiration_time(crt, -1);
if (ret != 0)
fail("error\n");
ret = gnutls_x509_crt_set_activation_time(crt, mytime(0));
if (ret != 0)
fail("error\n");
ret = gnutls_x509_crt_set_key(crt, pkey);
if (ret != 0)
fail("gnutls_x509_crt_set_key\n");
ret = gnutls_x509_crt_set_basic_constraints(crt, 0, -1);
if (ret < 0) {
fail("error\n");
}
ret = gnutls_x509_crt_set_key_usage(crt, GNUTLS_KEY_DIGITAL_SIGNATURE);
if (ret != 0)
fail("gnutls_x509_crt_set_key_usage %d\n", ret);
ret = gnutls_x509_crt_set_dn(crt, "o = none to\\, mention,cn = nikos", &err);
if (ret < 0) {
fail("gnutls_x509_crt_set_dn: %s, %s\n", gnutls_strerror(ret), err);
}
ret = gnutls_x509_crt_set_subject_alt_name(crt, GNUTLS_SAN_DNSNAME,
"foo", 3, 1);
if (ret != 0)
fail("gnutls_x509_crt_set_subject_alt_name\n");
ret = gnutls_x509_crt_set_subject_alt_name(crt, GNUTLS_SAN_RFC822NAME,
"*****@*****.**", strlen("*****@*****.**"), 1);
if (ret != 0)
fail("gnutls_x509_crt_set_subject_alt_name\n");
ret = gnutls_x509_crt_set_subject_alt_name(crt, GNUTLS_SAN_RFC822NAME,
"ινβάλιντ@bar.org", strlen("ινβάλιντ@bar.org"), 1);
if (ret != GNUTLS_E_INVALID_UTF8_EMAIL)
fail("gnutls_x509_crt_set_subject_alt_name\n");
ret = gnutls_x509_crt_set_subject_alt_name(crt, GNUTLS_SAN_IPADDRESS,
"\xc1\x5c\x96\x3", 4, 1);
if (ret != 0)
fail("gnutls_x509_crt_set_subject_alt_name\n");
ret = gnutls_x509_crt_set_subject_alt_name(crt, GNUTLS_SAN_IPADDRESS,
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01", 16, 1);
if (ret != 0)
fail("gnutls_x509_crt_set_subject_alt_name\n");
ret = gnutls_x509_crt_set_subject_alt_name(crt, GNUTLS_SAN_DNSNAME,
"apa", 3, 0);
if (ret != 0)
fail("gnutls_x509_crt_set_subject_alt_name\n");
ret = gnutls_x509_crt_set_subject_alt_name(crt, GNUTLS_SAN_DNSNAME,
"απαλό.com", strlen("απαλό.com"), 1);
if (ret != 0)
fail("gnutls_x509_crt_set_subject_alt_name\n");
#ifdef HAVE_LIBIDN
ret = gnutls_x509_crt_set_subject_alt_name(crt, GNUTLS_SAN_RFC822NAME,
"test@νίκο.org", strlen("test@νίκο.org"), 1);
if (ret != 0)
fail("gnutls_x509_crt_set_subject_alt_name\n");
#endif
s = 0;
ret = gnutls_x509_crt_get_key_purpose_oid(crt, 0, NULL, &s, NULL);
if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
fail("gnutls_x509_crt_get_key_purpose_oid %d\n", ret);
s = 0;
ret =
gnutls_x509_crt_set_key_purpose_oid(crt,
GNUTLS_KP_TLS_WWW_SERVER,
0);
if (ret != 0)
fail("gnutls_x509_crt_set_key_purpose_oid %d\n", ret);
s = 0;
ret = gnutls_x509_crt_get_key_purpose_oid(crt, 0, NULL, &s, NULL);
if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
fail("gnutls_x509_crt_get_key_purpose_oid %d\n", ret);
s = 0;
ret =
gnutls_x509_crt_set_key_purpose_oid(crt,
GNUTLS_KP_TLS_WWW_CLIENT,
1);
if (ret != 0)
fail("gnutls_x509_crt_set_key_purpose_oid2 %d\n", ret);
ret = gnutls_x509_crt_set_issuer_dn(crt, "cn = my CA, o = big\\, and one", &err);
if (ret < 0) {
fail("gnutls_x509_crt_set_issuer_dn: %s, %s\n", gnutls_strerror(ret), err);
}
ret = gnutls_x509_crt_sign2(crt, crt, pkey, GNUTLS_DIG_SHA256, 0);
if (ret < 0)
fail("gnutls_x509_crt_sign2: %s\n", gnutls_strerror(ret));
ret = gnutls_x509_crt_print(crt, GNUTLS_CRT_PRINT_FULL, &out);
if (ret != 0)
fail("gnutls_x509_crt_print\n");
if (debug)
printf("crt: %.*s\n", out.size, out.data);
gnutls_free(out.data);
s = 0;
ret = gnutls_x509_crt_get_extension_info(crt, 0, NULL, &s, NULL);
if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
fail("gnutls_x509_crt_get_extension_info2: %s\n", strerror(ret));
s = 0;
ret = gnutls_x509_crt_get_extension_data(crt, 0, NULL, &s);
if (ret != 0)
fail("gnutls_x509_crt_get_extension_data: %s\n", strerror(ret));
ret = gnutls_x509_crt_get_raw_issuer_dn(crt, &out);
if (ret < 0 || out.size == 0)
fail("gnutls_x509_crt_get_raw_issuer_dn: %s\n", gnutls_strerror(ret));
if (out.size != 45 ||
memcmp(out.data, "\x30\x2b\x31\x0e\x30\x0c\x06\x03\x55\x04\x03\x13\x05\x6e\x69\x6b\x6f\x73\x31\x19\x30\x17\x06\x03\x55\x04\x0a\x13\x10\x6e\x6f\x6e\x65\x20\x74\x6f\x2c\x20\x6d\x65\x6e\x74\x69\x6f\x6e", 45) != 0) {
hexprint(out.data, out.size);
fail("issuer DN comparison failed\n");
}
gnutls_free(out.data);
ret = gnutls_x509_crt_get_raw_dn(crt, &out);
if (ret < 0 || out.size == 0)
fail("gnutls_x509_crt_get_raw_dn: %s\n", gnutls_strerror(ret));
if (out.size != 45 ||
memcmp(out.data, "\x30\x2b\x31\x0e\x30\x0c\x06\x03\x55\x04\x03\x13\x05\x6e\x69\x6b\x6f\x73\x31\x19\x30\x17\x06\x03\x55\x04\x0a\x13\x10\x6e\x6f\x6e\x65\x20\x74\x6f\x2c\x20\x6d\x65\x6e\x74\x69\x6f\x6e", 45) != 0) {
fail("DN comparison failed\n");
}
gnutls_free(out.data);
ret = gnutls_x509_crt_equals(crt, crt);
if (ret == 0) {
fail("equality test failed\n");
}
ret = gnutls_x509_crt_equals(crt, crt2);
if (ret != 0) {
fail("equality test failed\n");
}
assert(gnutls_x509_crt_export2(crt, GNUTLS_X509_FMT_PEM, &out) >= 0);
#ifdef HAVE_LIBIDN
assert(out.size == saved_crt.size);
assert(memcmp(out.data, saved_crt.data, out.size)==0);
#endif
gnutls_free(out.data);
gnutls_x509_crt_deinit(crt);
gnutls_x509_crt_deinit(crt2);
gnutls_x509_privkey_deinit(pkey);
gnutls_global_deinit();
}
/**
* gnutls_x509_crt_set_ca_status:
* @crt: a certificate of type #gnutls_x509_crt_t
* @ca: true(1) or false(0). Depending on the Certificate authority status.
*
* This function will set the basicConstraints certificate extension.
* Use gnutls_x509_crt_set_basic_constraints() if you want to control
* the pathLenConstraint field too.
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
int gnutls_x509_crt_set_ca_status(gnutls_x509_crt_t crt, unsigned int ca)
{
return gnutls_x509_crt_set_basic_constraints(crt, ca, -1);
}
/*!
Add the basic constraints extension. This allows you to specify if the
certificate being created is a CA (ie. may sign certificates), and the
maximum length of the chain that is allowed if you grant it that
permission. By default the pathLength is unlimited.
*/
bool CertificateBuilder::setBasicConstraints(bool ca, int pathLength)
{
d->errnumber = gnutls_x509_crt_set_basic_constraints (d->crt, ca, pathLength);
return GNUTLS_E_SUCCESS == d->errnumber;
}
void Plugin::_loadCertificate()
{
QFile file(this->crtFile);
gnutls_datum_t datum;
size_t size = 2048;
QByteArray data;
gnutls_privkey_t privkey;
gnutls_pubkey_t pubkey;
gnutls_pubkey_t pubkeyCrt;
int error;
QMap<char *, QByteArray> oid;
gnutls_digest_algorithm_t digest;
if (!file.open(QIODevice::ReadWrite))
throw Properties("error", "Unable to open the certificate file").add("file", this->crtFile);
ASSERT_INIT(gnutls_x509_crt_init(&this->crt), "crt");
ASSERT(gnutls_privkey_init(&privkey));
ASSERT(gnutls_privkey_import_x509(privkey, this->key, 0));
ASSERT(gnutls_pubkey_init(&pubkey));
ASSERT(gnutls_pubkey_import_privkey(pubkey, privkey, 0, 0));
// Verifies that the certificate is valid
if (file.size() > 0)
{
ASSERT(gnutls_pubkey_init(&pubkeyCrt));
data = file.readAll();
datum.size = data.size();
datum.data = (unsigned char *)data.data();
if (gnutls_x509_crt_import(this->crt, &datum, GNUTLS_X509_FMT_PEM) != GNUTLS_E_SUCCESS)
file.resize(0);
else if (gnutls_x509_crt_get_expiration_time(this->crt) < ::time(NULL) + CRT_EXPIRATION_REGEN)
file.resize(0);
else if (gnutls_pubkey_import_x509(pubkeyCrt, this->crt, 0) != GNUTLS_E_SUCCESS)
file.resize(0);
// Ensures that the public keys of the certificate and the private key match
size_t size1 = size, size2 = size;
QByteArray pub1((int)size1, 0), pub2((int)size2, 0);
if (gnutls_pubkey_export(pubkey, GNUTLS_X509_FMT_PEM, pub1.data(), &size1) != GNUTLS_E_SUCCESS
|| gnutls_pubkey_export(pubkeyCrt, GNUTLS_X509_FMT_PEM, pub2.data(), &size2) != GNUTLS_E_SUCCESS
|| size1 != size2 || pub1 != pub2)
file.resize(0);
gnutls_pubkey_deinit(pubkeyCrt);
}
// Generates a new certificate
if (file.size() == 0)
{
gnutls_x509_crt_deinit(this->crt);
this->init.removeAll("crt");
ASSERT_INIT(gnutls_x509_crt_init(&this->crt), "crt");
LOG_INFO("Generating a new certificate", "Plugin", "_generateCertificate");
oid.insert((char *)GNUTLS_OID_X520_COMMON_NAME, "LightBird");
oid.insert((char *)GNUTLS_OID_X520_ORGANIZATION_NAME, "LightBird");
QMapIterator<char *, QByteArray> it(oid);
while (it.hasNext())
ASSERT(gnutls_x509_crt_set_dn_by_oid(this->crt, it.key(), 0, it.value().data(), it.next().value().size()));
ASSERT(gnutls_x509_crt_set_pubkey(this->crt, pubkey));
data = this->_generateSerial();
ASSERT(gnutls_x509_crt_set_serial(this->crt, data.data(), data.size()));
ASSERT(gnutls_x509_crt_set_activation_time(this->crt, ::time(NULL)));
ASSERT(gnutls_x509_crt_set_expiration_time(this->crt, ::time(NULL) + CRT_EXPIRATION));
ASSERT(gnutls_x509_crt_set_basic_constraints(this->crt, 0, -1));
ASSERT(gnutls_x509_crt_set_key_purpose_oid(this->crt, GNUTLS_KP_TLS_WWW_SERVER, 0));
ASSERT(gnutls_x509_crt_set_key_usage(this->crt, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT));
data.resize((int)size);
ASSERT(gnutls_x509_crt_get_key_id(this->crt, 0, (unsigned char *)data.data(), &size));
ASSERT(gnutls_x509_crt_set_subject_key_id(this->crt, (unsigned char *)data.data(), size));
ASSERT(gnutls_x509_crt_set_version(this->crt, 3));
ASSERT(gnutls_pubkey_get_preferred_hash_algorithm(pubkey, &digest, NULL));
ASSERT(gnutls_x509_crt_privkey_sign(this->crt, this->crt, privkey, digest, 0));
size = data.size();
ASSERT(gnutls_x509_crt_export(this->crt, GNUTLS_X509_FMT_PEM, data.data(), &size));
data.resize((int)size);
file.write(data);
}
gnutls_pubkey_deinit(pubkey);
gnutls_privkey_deinit(privkey);
}
void doit(void)
{
gnutls_x509_privkey_t pkey;
gnutls_x509_crt_t crt;
gnutls_x509_crt_t crt2;
const char *err = NULL;
unsigned char buf[64];
gnutls_datum_t out;
size_t s = 0;
int ret;
ret = global_init();
if (ret < 0)
fail("global_init\n");
gnutls_global_set_time_function(mytime);
gnutls_global_set_log_function(tls_log_func);
if (debug)
gnutls_global_set_log_level(4711);
ret = gnutls_x509_crt_init(&crt);
if (ret != 0)
fail("gnutls_x509_crt_init\n");
ret = gnutls_x509_crt_init(&crt2);
if (ret != 0)
fail("gnutls_x509_crt_init\n");
ret = gnutls_x509_crt_import(crt2, &server_ecc_cert, GNUTLS_X509_FMT_PEM);
if (ret != 0)
fail("gnutls_x509_crt_import\n");
ret = gnutls_x509_privkey_init(&pkey);
if (ret != 0)
fail("gnutls_x509_privkey_init\n");
ret = gnutls_x509_privkey_import(pkey, &key_dat, GNUTLS_X509_FMT_PEM);
if (ret != 0)
fail("gnutls_x509_privkey_import\n");
/* Setup CRT */
ret = gnutls_x509_crt_set_version(crt, 3);
if (ret != 0)
fail("gnutls_x509_crt_set_version\n");
ret = gnutls_x509_crt_set_serial(crt, "\x0a\x11\x00", 3);
if (ret != 0)
fail("gnutls_x509_crt_set_serial\n");
ret = gnutls_x509_crt_set_expiration_time(crt, -1);
if (ret != 0)
fail("error\n");
ret = gnutls_x509_crt_set_activation_time(crt, mytime(0));
if (ret != 0)
fail("error\n");
ret = gnutls_x509_crt_set_key(crt, pkey);
if (ret != 0)
fail("gnutls_x509_crt_set_key\n");
ret = gnutls_x509_crt_set_basic_constraints(crt, 0, -1);
if (ret < 0) {
fail("error\n");
}
ret = gnutls_x509_crt_set_key_usage(crt, GNUTLS_KEY_DIGITAL_SIGNATURE);
if (ret != 0)
fail("gnutls_x509_crt_set_key_usage %d\n", ret);
ret = gnutls_x509_crt_set_dn(crt, "o = none to\\, mention,cn = nikos", &err);
if (ret < 0) {
fail("gnutls_x509_crt_set_dn: %s, %s\n", gnutls_strerror(ret), err);
}
ret = gnutls_x509_crt_set_subject_alt_name(crt, GNUTLS_SAN_DNSNAME,
"foo", 3, 1);
if (ret != 0)
fail("gnutls_x509_crt_set_subject_alt_name\n");
ret = gnutls_x509_crt_set_subject_alt_name(crt, GNUTLS_SAN_RFC822NAME,
"*****@*****.**", strlen("*****@*****.**"), 1);
if (ret != 0)
fail("gnutls_x509_crt_set_subject_alt_name\n");
ret = gnutls_x509_crt_set_subject_alt_name(crt, GNUTLS_SAN_RFC822NAME,
"ινβάλιντ@bar.org", strlen("ινβάλιντ@bar.org"), 1);
if (ret != GNUTLS_E_INVALID_UTF8_EMAIL)
fail("gnutls_x509_crt_set_subject_alt_name\n");
ret = gnutls_x509_crt_set_subject_alt_name(crt, GNUTLS_SAN_IPADDRESS,
"\xc1\x5c\x96\x3", 4, 1);
if (ret != 0)
fail("gnutls_x509_crt_set_subject_alt_name\n");
ret = gnutls_x509_crt_set_subject_alt_name(crt, GNUTLS_SAN_IPADDRESS,
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01", 16, 1);
if (ret != 0)
fail("gnutls_x509_crt_set_subject_alt_name\n");
ret = gnutls_x509_crt_set_subject_alt_name(crt, GNUTLS_SAN_DNSNAME,
"apa", 3, 0);
if (ret != 0)
fail("gnutls_x509_crt_set_subject_alt_name\n");
ret = gnutls_x509_crt_set_subject_alt_name(crt, GNUTLS_SAN_DNSNAME,
"απαλό.com", strlen("απαλό.com"), 1);
#if defined(HAVE_LIBIDN2) || defined(HAVE_LIBIDN)
if (ret != 0)
fail("gnutls_x509_crt_set_subject_alt_name: %s\n", gnutls_strerror(ret));
ret = gnutls_x509_crt_set_subject_alt_name(crt, GNUTLS_SAN_RFC822NAME,
"test@νίκο.org", strlen("test@νίκο.org"), 1);
if (ret != 0)
fail("gnutls_x509_crt_set_subject_alt_name\n");
#else
if (ret != GNUTLS_E_UNIMPLEMENTED_FEATURE)
fail("gnutls_x509_crt_set_subject_alt_name: %s\n", gnutls_strerror(ret));
#endif
s = 0;
ret = gnutls_x509_crt_get_key_purpose_oid(crt, 0, NULL, &s, NULL);
if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
fail("gnutls_x509_crt_get_key_purpose_oid %d\n", ret);
s = 0;
ret =
gnutls_x509_crt_set_key_purpose_oid(crt,
GNUTLS_KP_TLS_WWW_SERVER,
0);
if (ret != 0)
fail("gnutls_x509_crt_set_key_purpose_oid %d\n", ret);
s = 0;
ret = gnutls_x509_crt_get_key_purpose_oid(crt, 0, NULL, &s, NULL);
if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
fail("gnutls_x509_crt_get_key_purpose_oid %d\n", ret);
s = 0;
ret =
gnutls_x509_crt_set_key_purpose_oid(crt,
GNUTLS_KP_TLS_WWW_CLIENT,
1);
if (ret != 0)
fail("gnutls_x509_crt_set_key_purpose_oid2 %d\n", ret);
/* in the end this will be ignored as the issuer will be set
* by gnutls_x509_crt_sign2() */
ret = gnutls_x509_crt_set_issuer_dn(crt, "cn = my CA, o = big\\, and one", &err);
if (ret < 0) {
fail("gnutls_x509_crt_set_issuer_dn: %s, %s\n", gnutls_strerror(ret), err);
}
#define ISSUER_UNIQUE_ID "\x00\x01\x02\x03"
#define SUBJECT_UNIQUE_ID "\x04\x03\x02\x01"
ret = gnutls_x509_crt_set_issuer_unique_id(crt, ISSUER_UNIQUE_ID, sizeof(ISSUER_UNIQUE_ID)-1);
if (ret < 0)
fail("error: %s\n", gnutls_strerror(ret));
ret = gnutls_x509_crt_set_subject_unique_id(crt, SUBJECT_UNIQUE_ID, sizeof(SUBJECT_UNIQUE_ID)-1);
if (ret < 0)
fail("error: %s\n", gnutls_strerror(ret));
/* Sign and finalize the certificate */
ret = gnutls_x509_crt_sign2(crt, crt, pkey, GNUTLS_DIG_SHA256, 0);
if (ret < 0)
fail("gnutls_x509_crt_sign2: %s\n", gnutls_strerror(ret));
ret = gnutls_x509_crt_print(crt, GNUTLS_CRT_PRINT_FULL, &out);
if (ret != 0)
fail("gnutls_x509_crt_print\n");
if (debug)
printf("crt: %.*s\n", out.size, out.data);
gnutls_free(out.data);
/* Verify whether selected input is present */
s = 0;
ret = gnutls_x509_crt_get_extension_info(crt, 0, NULL, &s, NULL);
if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
fail("gnutls_x509_crt_get_extension_info2: %s\n", strerror(ret));
s = 0;
ret = gnutls_x509_crt_get_extension_data(crt, 0, NULL, &s);
if (ret != 0)
fail("gnutls_x509_crt_get_extension_data: %s\n", strerror(ret));
ret = gnutls_x509_crt_get_raw_issuer_dn(crt, &out);
if (ret < 0 || out.size == 0)
fail("gnutls_x509_crt_get_raw_issuer_dn: %s\n", gnutls_strerror(ret));
if (out.size != 45 ||
memcmp(out.data, "\x30\x2b\x31\x0e\x30\x0c\x06\x03\x55\x04\x03\x13\x05\x6e\x69\x6b\x6f\x73\x31\x19\x30\x17\x06\x03\x55\x04\x0a\x13\x10\x6e\x6f\x6e\x65\x20\x74\x6f\x2c\x20\x6d\x65\x6e\x74\x69\x6f\x6e", 45) != 0) {
hexprint(out.data, out.size);
fail("issuer DN comparison failed\n");
}
gnutls_free(out.data);
s = sizeof(buf);
ret = gnutls_x509_crt_get_issuer_unique_id(crt, (void*)buf, &s);
if (ret < 0)
fail("error: %s\n", gnutls_strerror(ret));
if (s != sizeof(ISSUER_UNIQUE_ID)-1 ||
memcmp(buf, ISSUER_UNIQUE_ID, s) != 0) {
fail("issuer unique id comparison failed\n");
}
s = sizeof(buf);
ret = gnutls_x509_crt_get_subject_unique_id(crt, (void*)buf, &s);
if (ret < 0)
fail("error: %s\n", gnutls_strerror(ret));
if (s != sizeof(SUBJECT_UNIQUE_ID)-1 ||
memcmp(buf, SUBJECT_UNIQUE_ID, s) != 0) {
fail("subject unique id comparison failed\n");
}
ret = gnutls_x509_crt_get_raw_dn(crt, &out);
if (ret < 0 || out.size == 0)
fail("gnutls_x509_crt_get_raw_dn: %s\n", gnutls_strerror(ret));
if (out.size != 45 ||
memcmp(out.data, "\x30\x2b\x31\x0e\x30\x0c\x06\x03\x55\x04\x03\x13\x05\x6e\x69\x6b\x6f\x73\x31\x19\x30\x17\x06\x03\x55\x04\x0a\x13\x10\x6e\x6f\x6e\x65\x20\x74\x6f\x2c\x20\x6d\x65\x6e\x74\x69\x6f\x6e", 45) != 0) {
fail("DN comparison failed\n");
}
gnutls_free(out.data);
ret = gnutls_x509_crt_equals(crt, crt);
if (ret == 0) {
fail("equality test failed\n");
}
ret = gnutls_x509_crt_equals(crt, crt2);
if (ret != 0) {
fail("equality test failed\n");
}
assert(gnutls_x509_crt_export2(crt, GNUTLS_X509_FMT_PEM, &out) >= 0);
if (debug)
fprintf(stderr, "%s\n", out.data);
#if defined(HAVE_LIBIDN2)
assert(out.size == saved_crt.size);
assert(memcmp(out.data, saved_crt.data, out.size)==0);
#endif
gnutls_free(out.data);
gnutls_x509_crt_deinit(crt);
gnutls_x509_crt_deinit(crt2);
gnutls_x509_privkey_deinit(pkey);
gnutls_global_deinit();
}
