add better self-signed verify alerts

Author: JacobBarthelmeh

.gitignore

@@ -33,3 +33,5 @@ src/config.h
 src/config.h.in
 src/config.h.in~
 src/stamp-h1
+*.gcno
+*.gcda

src/sign-verify/clu_x509_verify.c

@@ -131,7 +131,7 @@ int wolfCLU_x509Verify(int argc, char** argv)
         }
     }
 
-    if (ret == WOLFCLU_SUCCESS) {
+    if (ret == WOLFCLU_SUCCESS && caCert != NULL) {
         if (wolfSSL_X509_LOOKUP_load_file(lookup, caCert, X509_FILETYPE_PEM)
                 != WOLFSSL_SUCCESS) {
             WOLFCLU_LOG(WOLFCLU_E0, "Failed to load CA file");

tests/x509/x509-verify-test.sh

@@ -5,6 +5,28 @@ if [ ! -d ./certs/ ]; then
     exit 77
 fi
 
+RESULT=`./wolfssl verify ./certs/server-cert.pem 2>&1`
+if [ $? == 0 ]; then
+    echo "Failed on test \"./wolfssl verify ./certs/server-cert.pem\""
+    exit 99
+fi
+echo "$RESULT" | grep "Err (-188) : ASN no signer error to confirm failure"
+if [ $? != 0 ]; then
+    echo "Unexpected error result on test \"./wolfssl verify ./certs/server-cert.pem\""
+    exit 99
+fi
+
+RESULT=`./wolfssl verify ./certs/ca-cert.pem 2>&1`
+if [ $? == 0 ]; then
+    echo "Failed on test \"./wolfssl verify ./certs/ca-cert.pem\""
+    exit 99
+fi
+echo "$RESULT" | grep "Err (-275) : ASN self-signed certificate error"
+if [ $? != 0 ]; then
+    echo "Unexpected error result on test \"./wolfssl verify ./certs/ca-cert.pem\""
+    exit 99
+fi
+
 RESULT=`./wolfssl verify -CAfile ./certs/ca-cert.pem ./certs/server-cert.pem`
 if [ $? != 0 ]; then
     echo "Failed on test \"./wolfssl verify -CAfile ./certs/ca-cert.pem ./certs/server-cert.pem\""