openssl/test/certs
Viktor Dukhovni d02d80b2e8 Limit scope of CN name constraints
Don't apply DNS name constraints to the subject CN when there's a
least one DNS-ID subjectAlternativeName.

Don't apply DNS name constraints to subject CN's that are sufficiently
unlike DNS names.  Checked name must have at least two labels, with
all labels non-empty, no trailing '.' and all hyphens must be
internal in each label.  In addition to the usual LDH characters,
we also allow "_", since some sites use these for hostnames despite
all the standards.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2018-05-23 11:12:13 -04:00
..
alt1-cert.pem Limit scope of CN name constraints 2018-05-23 11:12:13 -04:00
alt1-key.pem Limit scope of CN name constraints 2018-05-23 11:12:13 -04:00
alt2-cert.pem
alt2-key.pem
alt3-cert.pem
alt3-key.pem
bad-pc3-cert.pem
bad-pc3-key.pem
bad-pc4-cert.pem
bad-pc4-key.pem
bad-pc6-cert.pem
bad-pc6-key.pem
bad.key
bad.pem
badalt1-cert.pem
badalt1-key.pem
badalt2-cert.pem
badalt2-key.pem
badalt3-cert.pem
badalt3-key.pem
badalt4-cert.pem
badalt4-key.pem
badalt5-cert.pem
badalt5-key.pem
badalt6-cert.pem Limit scope of CN name constraints 2018-05-23 11:12:13 -04:00
badalt6-key.pem Limit scope of CN name constraints 2018-05-23 11:12:13 -04:00
badalt7-cert.pem Limit scope of CN name constraints 2018-05-23 11:12:13 -04:00
badalt7-key.pem Limit scope of CN name constraints 2018-05-23 11:12:13 -04:00
badalt8-cert.pem
badalt8-key.pem
badalt9-cert.pem
badalt9-key.pem
badalt10-cert.pem
badalt10-key.pem
badcn1-cert.pem Limit scope of CN name constraints 2018-05-23 11:12:13 -04:00
badcn1-key.pem Limit scope of CN name constraints 2018-05-23 11:12:13 -04:00
ca-anyEKU.pem
ca-cert2.pem
ca-cert-768.pem
ca-cert-768i.pem
ca-cert-md5-any.pem
ca-cert-md5.pem
ca-cert.pem
ca-clientAuth.pem
ca-expired.pem
ca-key2.pem
ca-key-768.pem
ca-key.pem
ca-name2.pem
ca-nonbc.pem
ca-nonca.pem
ca-root2.pem
ca-serverAuth.pem
ca+anyEKU.pem
ca+clientAuth.pem
ca+serverAuth.pem
cca-anyEKU.pem
cca-cert.pem
cca-clientAuth.pem
cca-serverAuth.pem
cca+anyEKU.pem
cca+clientAuth.pem
cca+serverAuth.pem
client-ed448-cert.pem Update tests for TLS Ed448 2018-03-05 11:39:44 +00:00
client-ed448-key.pem Update tests for TLS Ed448 2018-03-05 11:39:44 +00:00
client-ed25519-cert.pem
client-ed25519-key.pem
croot-anyEKU.pem
croot-cert.pem
croot-clientAuth.pem
croot-serverAuth.pem
croot+anyEKU.pem
croot+clientAuth.pem
croot+serverAuth.pem
cyrillic_crl.pem
cyrillic_crl.utf8 Modify expected output of a CRL to match the changed printout 2017-11-16 01:19:55 +01:00
cyrillic.msb Modify expected output of a certificate to match the changed printout 2017-11-16 01:19:31 +01:00
cyrillic.pem
cyrillic.utf8 Modify expected output of a certificate to match the changed printout 2017-11-16 01:19:31 +01:00
dhp2048.pem
ee-cert2.pem
ee-cert-768.pem
ee-cert-768i.pem
ee-cert-md5.pem
ee-cert.pem
ee-client-chain.pem
ee-client.pem
ee-clientAuth.pem
ee-ecdsa-client-chain.pem
ee-ecdsa-key.pem
ee-ed25519.pem
ee-expired.pem
ee-key-768.pem
ee-key.pem
ee-name2.pem
ee-pss-sha1-cert.pem
ee-pss-sha256-cert.pem
ee-serverAuth.pem
ee+clientAuth.pem
ee+serverAuth.pem
embeddedSCTs1_issuer.pem
embeddedSCTs1-key.pem
embeddedSCTs1.pem
embeddedSCTs1.sct
embeddedSCTs3_issuer.pem
embeddedSCTs3.pem
embeddedSCTs3.sct
goodcn1-cert.pem Limit scope of CN name constraints 2018-05-23 11:12:13 -04:00
goodcn1-key.pem Limit scope of CN name constraints 2018-05-23 11:12:13 -04:00
interCA.key
interCA.pem
leaf.key
leaf.pem
many-constraints.pem
many-names1.pem
many-names2.pem
many-names3.pem
mkcert.sh Update copyright year 2018-03-20 13:08:46 +00:00
nca+anyEKU.pem
nca+serverAuth.pem
ncca1-cert.pem
ncca1-key.pem
ncca2-cert.pem
ncca2-key.pem
ncca3-cert.pem
ncca3-key.pem
ncca-cert.pem
ncca-key.pem
nroot+anyEKU.pem
nroot+serverAuth.pem
p256-server-cert.pem
p256-server-key.pem
p384-root-key.pem
p384-root.pem
p384-server-cert.pem
p384-server-key.pem
pathlen.pem
pc1-cert.pem
pc1-key.pem
pc2-cert.pem
pc2-key.pem
pc5-cert.pem
pc5-key.pem
root2-serverAuth.pem
root2+clientAuth.pem
root2+serverAuth.pem
root-anyEKU.pem
root-cert2.pem
root-cert-768.pem
root-cert-md5.pem
root-cert.pem
root-clientAuth.pem
root-ed25519.pem
root-key2.pem
root-key-768.pem
root-key.pem
root-name2.pem
root-nonca.pem
root-noserver.pem
root-serverAuth.pem
root+anyEKU.pem
root+clientAuth.pem
root+serverAuth.pem
rootCA.key
rootCA.pem
rootcert.pem
rootkey.pem
roots.pem
sca-anyEKU.pem
sca-cert.pem
sca-clientAuth.pem
sca-serverAuth.pem
sca+anyEKU.pem
sca+clientAuth.pem
sca+serverAuth.pem
server-cecdsa-cert.pem
server-cecdsa-key.pem
server-dsa-cert.pem
server-dsa-key.pem
server-ecdsa-cert.pem
server-ecdsa-key.pem
server-ed448-cert.pem Update tests for TLS Ed448 2018-03-05 11:39:44 +00:00
server-ed448-key.pem Update tests for TLS Ed448 2018-03-05 11:39:44 +00:00
server-ed25519-cert.pem
server-ed25519-key.pem
server-pss-cert.pem
server-pss-key.pem
server-trusted.pem
servercert.pem
serverkey.pem
setup.sh Limit scope of CN name constraints 2018-05-23 11:12:13 -04:00
some-names1.pem
some-names2.pem
some-names3.pem
sroot-anyEKU.pem
sroot-cert.pem
sroot-clientAuth.pem
sroot-serverAuth.pem
sroot+anyEKU.pem
sroot+clientAuth.pem
sroot+serverAuth.pem
subinterCA-ss.pem
subinterCA.key
subinterCA.pem
untrusted.pem
wrongcert.pem
wrongkey.pem
x509-check-key.pem
x509-check.csr