summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBob Beck <beck@cvs.openbsd.org>2023-04-28 09:02:05 +0000
committerBob Beck <beck@cvs.openbsd.org>2023-04-28 09:02:05 +0000
commit0dd726ee3cd480b93deb9924e59eda08461918d7 (patch)
treea0500720eb22d2cabd8eb7730a229f0e5bfbb411
parent7cfab821eb187b7b8b86332619e1d296b569f30a (diff)
Fix copyright, convert boringssl comments to C style
-rw-r--r--regress/lib/libcrypto/x509/policy/policy.c81
1 files changed, 51 insertions, 30 deletions
diff --git a/regress/lib/libcrypto/x509/policy/policy.c b/regress/lib/libcrypto/x509/policy/policy.c
index 5524be2b059..bffc982f8ad 100644
--- a/regress/lib/libcrypto/x509/policy/policy.c
+++ b/regress/lib/libcrypto/x509/policy/policy.c
@@ -1,7 +1,7 @@
-/* $OpenBSD: policy.c,v 1.7 2023/04/28 08:53:20 beck Exp $ */
+/* $OpenBSD: policy.c,v 1.8 2023/04/28 09:02:04 beck Exp $ */
/*
* Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
- * Copyright (c) 2020-2021 Bob Beck <beck@openbsd.org>
+ * Copyright (c) 2020-2023 Bob Beck <beck@openbsd.org>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -212,8 +212,13 @@ struct verify_cert_test {
};
struct verify_cert_test verify_cert_tests[] = {
- // Comments here are from boringssl/crypto/x509/x509_test.cc
- // The chain is good for |oid1| and |oid2|, but not |oid3|.
+ /*
+ * Comments here are from boringssl/crypto/x509/x509_test.cc
+ * certs were generated by
+ * boringssl/crypto/x509/test/make_policy_certs.go
+ */
+
+ /* The chain is good for |oid1| and |oid2|, but not |oid3|. */
{
.id = "nothing in 1 and 2",
.root_file = CERTSDIR "/" "policy_root.pem",
@@ -272,7 +277,7 @@ struct verify_cert_test verify_cert_tests[] = {
.policy_oid_to_check2 = OID3,
.want_chains = 1,
},
- // The policy extension cannot be parsed.
+ /* The policy extension cannot be parsed. */
{
.id = "1 in invalid intermediate poicy",
.root_file = CERTSDIR "/" "policy_root.pem",
@@ -323,7 +328,7 @@ struct verify_cert_test verify_cert_tests[] = {
.want_legacy_error = X509_V_ERR_INVALID_POLICY_EXTENSION,
.want_legacy_error_depth = 0,
},
- // There is a duplicate policy in the leaf policy extension.
+ /* There is a duplicate policy in the leaf policy extension. */
{
.id = "1 in duplicate policy extension in leaf",
.root_file = CERTSDIR "/" "policy_root.pem",
@@ -337,7 +342,7 @@ struct verify_cert_test verify_cert_tests[] = {
.want_legacy_error = X509_V_ERR_INVALID_POLICY_EXTENSION,
.want_legacy_error_depth = 0,
},
- // There is a duplicate policy in the intermediate policy extension.
+ /* There is a duplicate policy in the intermediate policy extension. */
{
.id = "1 in duplicate policy extension in intermediate",
.root_file = CERTSDIR "/" "policy_root.pem",
@@ -351,9 +356,11 @@ struct verify_cert_test verify_cert_tests[] = {
.want_legacy_error = X509_V_ERR_INVALID_POLICY_EXTENSION,
.want_legacy_error_depth = 0,
},
- // Without |X509_V_FLAG_EXPLICIT_POLICY|, the policy tree is built and
- // intersected with user-specified policies, but it is not required to result
- // in any valid policies.
+ /*
+ * Without |X509_V_FLAG_EXPLICIT_POLICY|, the policy tree is built and
+ * intersected with user-specified policies, but it is not required to result
+ * in any valid policies.
+ */
{
.id = "nothing with explicit_policy unset",
.root_file = CERTSDIR "/" "policy_root.pem",
@@ -369,7 +376,7 @@ struct verify_cert_test verify_cert_tests[] = {
.policy_oid_to_check = OID3,
.want_chains = 1,
},
- // However, a CA with policy constraints can require an explicit policy.
+ /* However, a CA with policy constraints can require an explicit policy. */
{
.id = "oid1 with explicit_policy unset, intermediate requiring policy",
.root_file = CERTSDIR "/" "policy_root.pem",
@@ -390,9 +397,11 @@ struct verify_cert_test verify_cert_tests[] = {
.want_legacy_error = X509_V_ERR_NO_EXPLICIT_POLICY,
.want_legacy_error_depth = 0,
},
- // requireExplicitPolicy applies even if the application does not configure a
- // user-initial-policy-set. If the validation results in no policies, the
- // chain is invalid.
+ /*
+ * requireExplicitPolicy applies even if the application does not configure a
+ * user-initial-policy-set. If the validation results in no policies, the
+ * chain is invalid.
+ */
{
.id = "nothing explict_policy unset, with intermediate requiring policy",
.root_file = CERTSDIR "/" "policy_root.pem",
@@ -404,7 +413,7 @@ struct verify_cert_test verify_cert_tests[] = {
.want_legacy_error = X509_V_ERR_NO_EXPLICIT_POLICY,
.want_legacy_error_depth = 0,
},
- // A leaf can also set requireExplicitPolicy but should work with none
+ /* A leaf can also set requireExplicitPolicy but should work with none */
{
.id = "nothing explicit_policy unset, with leaf requiring policy",
.root_file = CERTSDIR "/" "policy_root.pem",
@@ -412,7 +421,7 @@ struct verify_cert_test verify_cert_tests[] = {
.leaf_file = CERTSDIR "/" "policy_leaf_require.pem",
.want_chains = 1,
},
- // A leaf can also set requireExplicitPolicy but should fail with policy
+ /* A leaf can also set requireExplicitPolicy but should fail with policy */
{
.id = "oid3, explicit policy unset, with leaf requiring policy",
.root_file = CERTSDIR "/" "policy_root.pem",
@@ -425,8 +434,10 @@ struct verify_cert_test verify_cert_tests[] = {
.want_legacy_error = X509_V_ERR_NO_EXPLICIT_POLICY,
.want_legacy_error_depth = 0,
},
- // requireExplicitPolicy is a count of certificates to skip. If the value is
- // not zero by the end of the chain, it doesn't count.
+ /*
+ * requireExplicitPolicy is a count of certificates to skip. If the value is
+ * not zero by the end of the chain, it doesn't count.
+ */
{
.id = "oid3, with intermediate requiring explicit depth 1",
.root_file = CERTSDIR "/" "policy_root.pem",
@@ -456,8 +467,10 @@ struct verify_cert_test verify_cert_tests[] = {
.policy_oid_to_check = OID3,
.want_chains = 1,
},
- // If multiple certificates specify the constraint, the more constrained value
- // wins.
+ /*
+ * If multiple certificates specify the constraint, the more constrained value
+ * wins.
+ */
{
.id = "oid3, with leaf and intermediate requiring explicit depth 1",
.root_file = CERTSDIR "/" "policy_root.pem",
@@ -484,8 +497,10 @@ struct verify_cert_test verify_cert_tests[] = {
.want_legacy_error = X509_V_ERR_NO_EXPLICIT_POLICY,
.want_legacy_error_depth = 0,
},
- // An intermediate that requires an explicit policy, but then specifies no
- // policies should fail verification as a result.
+ /*
+ * An intermediate that requires an explicit policy, but then specifies no
+ * policies should fail verification as a result.
+ */
{
.id = "oid1 with explicit_policy unset, intermediate requiring policy but specifying none",
.root_file = CERTSDIR "/" "policy_root.pem",
@@ -498,8 +513,10 @@ struct verify_cert_test verify_cert_tests[] = {
.want_legacy_error = X509_V_ERR_NO_EXPLICIT_POLICY,
.want_legacy_error_depth = 0,
},
- // A constrained intermediate's policy extension has a duplicate policy, which
- // is invalid. Historically this, and the above case, leaked memory.
+ /*
+ * A constrained intermediate's policy extension has a duplicate policy, which
+ * is invalid. Historically this, and the above case, leaked memory.
+ */
{
.id = "oid1 with explicit_policy unset, intermediate requiring policy but has duplicate",
.root_file = CERTSDIR "/" "policy_root.pem",
@@ -512,9 +529,10 @@ struct verify_cert_test verify_cert_tests[] = {
.want_legacy_error = X509_V_ERR_INVALID_POLICY_EXTENSION,
.want_legacy_error_depth = 0,
},
- // The leaf asserts anyPolicy, but the intermediate does not. The resulting
- // valid policies are the intersection.
- // (and vice versa)
+ /*
+ * The leaf asserts anyPolicy, but the intermediate does not. The resulting
+ * valid policies are the intersection.(and vice versa)
+ */
{
.id = "oid1, with explicit_policy set, with leaf asserting any",
.root_file = CERTSDIR "/" "policy_root.pem",
@@ -533,7 +551,7 @@ struct verify_cert_test verify_cert_tests[] = {
.verify_flags = X509_V_FLAG_EXPLICIT_POLICY,
.want_chains = 1,
},
- // Both assert anyPolicy. All policies are valid.
+ /* Both assert anyPolicy. All policies are valid. */
{
.id = "oid1, with explicit_policy set, with leaf and intermediate asserting any",
.root_file = CERTSDIR "/" "policy_root.pem",
@@ -552,8 +570,11 @@ struct verify_cert_test verify_cert_tests[] = {
.verify_flags = X509_V_FLAG_EXPLICIT_POLICY,
.want_chains = 1,
},
- // boring tests just a trust anchor but behaves differently in this corner case.
- // for reasons that have nothing to do wiht policy
+ /*
+ * BoringSSL tests just a trust anchor but behaves differently in this corner case.
+ * than libressl for reasons that have nothing to do with policy (because parital
+ * chains and legacy verifier horror)
+ */
};
#define N_VERIFY_CERT_TESTS \