diff options
author | Bob Beck <beck@cvs.openbsd.org> | 2023-04-28 09:02:05 +0000 |
---|---|---|
committer | Bob Beck <beck@cvs.openbsd.org> | 2023-04-28 09:02:05 +0000 |
commit | 0dd726ee3cd480b93deb9924e59eda08461918d7 (patch) | |
tree | a0500720eb22d2cabd8eb7730a229f0e5bfbb411 | |
parent | 7cfab821eb187b7b8b86332619e1d296b569f30a (diff) |
Fix copyright, convert boringssl comments to C style
-rw-r--r-- | regress/lib/libcrypto/x509/policy/policy.c | 81 |
1 files changed, 51 insertions, 30 deletions
diff --git a/regress/lib/libcrypto/x509/policy/policy.c b/regress/lib/libcrypto/x509/policy/policy.c index 5524be2b059..bffc982f8ad 100644 --- a/regress/lib/libcrypto/x509/policy/policy.c +++ b/regress/lib/libcrypto/x509/policy/policy.c @@ -1,7 +1,7 @@ -/* $OpenBSD: policy.c,v 1.7 2023/04/28 08:53:20 beck Exp $ */ +/* $OpenBSD: policy.c,v 1.8 2023/04/28 09:02:04 beck Exp $ */ /* * Copyright (c) 2020 Joel Sing <jsing@openbsd.org> - * Copyright (c) 2020-2021 Bob Beck <beck@openbsd.org> + * Copyright (c) 2020-2023 Bob Beck <beck@openbsd.org> * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -212,8 +212,13 @@ struct verify_cert_test { }; struct verify_cert_test verify_cert_tests[] = { - // Comments here are from boringssl/crypto/x509/x509_test.cc - // The chain is good for |oid1| and |oid2|, but not |oid3|. + /* + * Comments here are from boringssl/crypto/x509/x509_test.cc + * certs were generated by + * boringssl/crypto/x509/test/make_policy_certs.go + */ + + /* The chain is good for |oid1| and |oid2|, but not |oid3|. */ { .id = "nothing in 1 and 2", .root_file = CERTSDIR "/" "policy_root.pem", @@ -272,7 +277,7 @@ struct verify_cert_test verify_cert_tests[] = { .policy_oid_to_check2 = OID3, .want_chains = 1, }, - // The policy extension cannot be parsed. + /* The policy extension cannot be parsed. */ { .id = "1 in invalid intermediate poicy", .root_file = CERTSDIR "/" "policy_root.pem", @@ -323,7 +328,7 @@ struct verify_cert_test verify_cert_tests[] = { .want_legacy_error = X509_V_ERR_INVALID_POLICY_EXTENSION, .want_legacy_error_depth = 0, }, - // There is a duplicate policy in the leaf policy extension. + /* There is a duplicate policy in the leaf policy extension. */ { .id = "1 in duplicate policy extension in leaf", .root_file = CERTSDIR "/" "policy_root.pem", @@ -337,7 +342,7 @@ struct verify_cert_test verify_cert_tests[] = { .want_legacy_error = X509_V_ERR_INVALID_POLICY_EXTENSION, .want_legacy_error_depth = 0, }, - // There is a duplicate policy in the intermediate policy extension. + /* There is a duplicate policy in the intermediate policy extension. */ { .id = "1 in duplicate policy extension in intermediate", .root_file = CERTSDIR "/" "policy_root.pem", @@ -351,9 +356,11 @@ struct verify_cert_test verify_cert_tests[] = { .want_legacy_error = X509_V_ERR_INVALID_POLICY_EXTENSION, .want_legacy_error_depth = 0, }, - // Without |X509_V_FLAG_EXPLICIT_POLICY|, the policy tree is built and - // intersected with user-specified policies, but it is not required to result - // in any valid policies. + /* + * Without |X509_V_FLAG_EXPLICIT_POLICY|, the policy tree is built and + * intersected with user-specified policies, but it is not required to result + * in any valid policies. + */ { .id = "nothing with explicit_policy unset", .root_file = CERTSDIR "/" "policy_root.pem", @@ -369,7 +376,7 @@ struct verify_cert_test verify_cert_tests[] = { .policy_oid_to_check = OID3, .want_chains = 1, }, - // However, a CA with policy constraints can require an explicit policy. + /* However, a CA with policy constraints can require an explicit policy. */ { .id = "oid1 with explicit_policy unset, intermediate requiring policy", .root_file = CERTSDIR "/" "policy_root.pem", @@ -390,9 +397,11 @@ struct verify_cert_test verify_cert_tests[] = { .want_legacy_error = X509_V_ERR_NO_EXPLICIT_POLICY, .want_legacy_error_depth = 0, }, - // requireExplicitPolicy applies even if the application does not configure a - // user-initial-policy-set. If the validation results in no policies, the - // chain is invalid. + /* + * requireExplicitPolicy applies even if the application does not configure a + * user-initial-policy-set. If the validation results in no policies, the + * chain is invalid. + */ { .id = "nothing explict_policy unset, with intermediate requiring policy", .root_file = CERTSDIR "/" "policy_root.pem", @@ -404,7 +413,7 @@ struct verify_cert_test verify_cert_tests[] = { .want_legacy_error = X509_V_ERR_NO_EXPLICIT_POLICY, .want_legacy_error_depth = 0, }, - // A leaf can also set requireExplicitPolicy but should work with none + /* A leaf can also set requireExplicitPolicy but should work with none */ { .id = "nothing explicit_policy unset, with leaf requiring policy", .root_file = CERTSDIR "/" "policy_root.pem", @@ -412,7 +421,7 @@ struct verify_cert_test verify_cert_tests[] = { .leaf_file = CERTSDIR "/" "policy_leaf_require.pem", .want_chains = 1, }, - // A leaf can also set requireExplicitPolicy but should fail with policy + /* A leaf can also set requireExplicitPolicy but should fail with policy */ { .id = "oid3, explicit policy unset, with leaf requiring policy", .root_file = CERTSDIR "/" "policy_root.pem", @@ -425,8 +434,10 @@ struct verify_cert_test verify_cert_tests[] = { .want_legacy_error = X509_V_ERR_NO_EXPLICIT_POLICY, .want_legacy_error_depth = 0, }, - // requireExplicitPolicy is a count of certificates to skip. If the value is - // not zero by the end of the chain, it doesn't count. + /* + * requireExplicitPolicy is a count of certificates to skip. If the value is + * not zero by the end of the chain, it doesn't count. + */ { .id = "oid3, with intermediate requiring explicit depth 1", .root_file = CERTSDIR "/" "policy_root.pem", @@ -456,8 +467,10 @@ struct verify_cert_test verify_cert_tests[] = { .policy_oid_to_check = OID3, .want_chains = 1, }, - // If multiple certificates specify the constraint, the more constrained value - // wins. + /* + * If multiple certificates specify the constraint, the more constrained value + * wins. + */ { .id = "oid3, with leaf and intermediate requiring explicit depth 1", .root_file = CERTSDIR "/" "policy_root.pem", @@ -484,8 +497,10 @@ struct verify_cert_test verify_cert_tests[] = { .want_legacy_error = X509_V_ERR_NO_EXPLICIT_POLICY, .want_legacy_error_depth = 0, }, - // An intermediate that requires an explicit policy, but then specifies no - // policies should fail verification as a result. + /* + * An intermediate that requires an explicit policy, but then specifies no + * policies should fail verification as a result. + */ { .id = "oid1 with explicit_policy unset, intermediate requiring policy but specifying none", .root_file = CERTSDIR "/" "policy_root.pem", @@ -498,8 +513,10 @@ struct verify_cert_test verify_cert_tests[] = { .want_legacy_error = X509_V_ERR_NO_EXPLICIT_POLICY, .want_legacy_error_depth = 0, }, - // A constrained intermediate's policy extension has a duplicate policy, which - // is invalid. Historically this, and the above case, leaked memory. + /* + * A constrained intermediate's policy extension has a duplicate policy, which + * is invalid. Historically this, and the above case, leaked memory. + */ { .id = "oid1 with explicit_policy unset, intermediate requiring policy but has duplicate", .root_file = CERTSDIR "/" "policy_root.pem", @@ -512,9 +529,10 @@ struct verify_cert_test verify_cert_tests[] = { .want_legacy_error = X509_V_ERR_INVALID_POLICY_EXTENSION, .want_legacy_error_depth = 0, }, - // The leaf asserts anyPolicy, but the intermediate does not. The resulting - // valid policies are the intersection. - // (and vice versa) + /* + * The leaf asserts anyPolicy, but the intermediate does not. The resulting + * valid policies are the intersection.(and vice versa) + */ { .id = "oid1, with explicit_policy set, with leaf asserting any", .root_file = CERTSDIR "/" "policy_root.pem", @@ -533,7 +551,7 @@ struct verify_cert_test verify_cert_tests[] = { .verify_flags = X509_V_FLAG_EXPLICIT_POLICY, .want_chains = 1, }, - // Both assert anyPolicy. All policies are valid. + /* Both assert anyPolicy. All policies are valid. */ { .id = "oid1, with explicit_policy set, with leaf and intermediate asserting any", .root_file = CERTSDIR "/" "policy_root.pem", @@ -552,8 +570,11 @@ struct verify_cert_test verify_cert_tests[] = { .verify_flags = X509_V_FLAG_EXPLICIT_POLICY, .want_chains = 1, }, - // boring tests just a trust anchor but behaves differently in this corner case. - // for reasons that have nothing to do wiht policy + /* + * BoringSSL tests just a trust anchor but behaves differently in this corner case. + * than libressl for reasons that have nothing to do with policy (because parital + * chains and legacy verifier horror) + */ }; #define N_VERIFY_CERT_TESTS \ |