Ticket #1311: Add tests for the PKI cert validation
Closes #1311 (closed).
Some explanations on the implementation of theses tests (you can find some information in the README
files):
-
point 1. of the issue (verification of a chain):
I made some simple chains of 3 certificates and used already existing certificates.
-
point 2. of the issue (self-signed CA certificates with pathlen):
I needed to create some certificates here:
-
ca_selfsigned_pathLen0
(and its corresponding private keyca_selfsigned_pathLen0key.pem
) for the first two cases of the point. I put this certificate insamples/
and it is copied in the build folderS2OPC_Demo_PKI/
since it may be used for a successful validation case. -
ca_selfsigned_pathLen1
andca_selfsigned_missingPathLen
which are used for testing degraged cases only. I then put them intests/
and copied them in a dedicated folder in the build:check_pki_cert_validate_test_data/
. These two certificates have been made with two new keys that I deleted (the certificates are valid for 100 years).
-
-
point 3. of the issuer (CRL not renewd):
I needed to make a CRL here. I put this CRL in
tests/
(with the degraged certificates) since it also only tests a degraded case.
Edited by Nathan Lebeau