mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-27 05:21:51 +08:00
Code Issues Packages Projects Releases Wiki Activity
208d721a00
openssl/test/certs
History
Rob Percival 2094ea070a Add SSL tests for certificates with embedded SCTs 
The only SSL tests prior to this tested using certificates with no
embedded Signed Certificate Timestamps (SCTs), which meant they couldn't
confirm whether Certificate Transparency checks in "strict" mode were
working.

These tests reveal a bug in the validation of SCT timestamps, which is
fixed by the next commit.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3138)
2017-04-12 19:08:57 +02:00
..
alt1-cert.pem Extend mkcert.sh to support nameConstraints generation and more complex 2016-07-11 23:30:04 +01:00
alt1-key.pem Extend mkcert.sh to support nameConstraints generation and more complex 2016-07-11 23:30:04 +01:00
alt2-cert.pem Extend mkcert.sh to support nameConstraints generation and more complex 2016-07-11 23:30:04 +01:00
alt2-key.pem Extend mkcert.sh to support nameConstraints generation and more complex 2016-07-11 23:30:04 +01:00
alt3-cert.pem Extend mkcert.sh to support nameConstraints generation and more complex 2016-07-11 23:30:04 +01:00
alt3-key.pem Extend mkcert.sh to support nameConstraints generation and more complex 2016-07-11 23:30:04 +01:00
bad-pc3-cert.pem Create some proxy certificates 2016-06-20 21:34:37 +02:00
bad-pc3-key.pem Create some proxy certificates 2016-06-20 21:34:37 +02:00
bad-pc4-cert.pem Create some proxy certificates 2016-06-20 21:34:37 +02:00
bad-pc4-key.pem Create some proxy certificates 2016-06-20 21:34:37 +02:00
bad-pc6-cert.pem Create some proxy certificates 2016-06-20 21:34:37 +02:00
bad-pc6-key.pem Create some proxy certificates 2016-06-20 21:34:37 +02:00
bad.key
bad.pem
badalt1-cert.pem Extend mkcert.sh to support nameConstraints generation and more complex 2016-07-11 23:30:04 +01:00
badalt1-key.pem Extend mkcert.sh to support nameConstraints generation and more complex 2016-07-11 23:30:04 +01:00
badalt2-cert.pem Extend mkcert.sh to support nameConstraints generation and more complex 2016-07-11 23:30:04 +01:00
badalt2-key.pem Extend mkcert.sh to support nameConstraints generation and more complex 2016-07-11 23:30:04 +01:00
badalt3-cert.pem Extend mkcert.sh to support nameConstraints generation and more complex 2016-07-11 23:30:04 +01:00
badalt3-key.pem Extend mkcert.sh to support nameConstraints generation and more complex 2016-07-11 23:30:04 +01:00
badalt4-cert.pem Extend mkcert.sh to support nameConstraints generation and more complex 2016-07-11 23:30:04 +01:00
badalt4-key.pem Extend mkcert.sh to support nameConstraints generation and more complex 2016-07-11 23:30:04 +01:00
badalt5-cert.pem Extend mkcert.sh to support nameConstraints generation and more complex 2016-07-11 23:30:04 +01:00
badalt5-key.pem Extend mkcert.sh to support nameConstraints generation and more complex 2016-07-11 23:30:04 +01:00
badalt6-cert.pem Extend mkcert.sh to support nameConstraints generation and more complex 2016-07-11 23:30:04 +01:00
badalt6-key.pem Extend mkcert.sh to support nameConstraints generation and more complex 2016-07-11 23:30:04 +01:00
badalt7-cert.pem Extend mkcert.sh to support nameConstraints generation and more complex 2016-07-11 23:30:04 +01:00
badalt7-key.pem Extend mkcert.sh to support nameConstraints generation and more complex 2016-07-11 23:30:04 +01:00
badalt8-cert.pem Extend mkcert.sh to support nameConstraints generation and more complex 2016-07-11 23:30:04 +01:00
badalt8-key.pem Extend mkcert.sh to support nameConstraints generation and more complex 2016-07-11 23:30:04 +01:00
badalt9-cert.pem Extend mkcert.sh to support nameConstraints generation and more complex 2016-07-11 23:30:04 +01:00
badalt9-key.pem Extend mkcert.sh to support nameConstraints generation and more complex 2016-07-11 23:30:04 +01:00
badalt10-cert.pem Extend mkcert.sh to support nameConstraints generation and more complex 2016-07-11 23:30:04 +01:00
badalt10-key.pem Extend mkcert.sh to support nameConstraints generation and more complex 2016-07-11 23:30:04 +01:00
ca-anyEKU.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
ca-cert2.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
ca-cert-768.pem Move peer chain security checks into x509_vfy.c 2016-04-03 11:35:35 -04:00
ca-cert-768i.pem Move peer chain security checks into x509_vfy.c 2016-04-03 11:35:35 -04:00
ca-cert-md5-any.pem Move peer chain security checks into x509_vfy.c 2016-04-03 11:35:35 -04:00
ca-cert-md5.pem Move peer chain security checks into x509_vfy.c 2016-04-03 11:35:35 -04:00
ca-cert.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
ca-clientAuth.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
ca-expired.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
ca-key2.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
ca-key-768.pem Move peer chain security checks into x509_vfy.c 2016-04-03 11:35:35 -04:00
ca-key.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
ca-name2.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
ca-nonbc.pem Require intermediate CAs to have basicConstraints CA:true. 2016-03-29 20:54:34 -04:00
ca-nonca.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
ca-root2.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
ca-serverAuth.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
ca+anyEKU.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
ca+clientAuth.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
ca+serverAuth.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
cca-anyEKU.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
cca-cert.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
cca-clientAuth.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
cca-serverAuth.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
cca+anyEKU.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
cca+clientAuth.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
cca+serverAuth.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
croot-anyEKU.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
croot-cert.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
croot-clientAuth.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
croot-serverAuth.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
croot+anyEKU.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
croot+clientAuth.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
croot+serverAuth.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
cyrillic.msb Add test for -nameout output 2017-03-14 15:18:07 -04:00
cyrillic.pem Add test for -nameout output 2017-03-14 15:18:07 -04:00
cyrillic.utf8 Add test for -nameout output 2017-03-14 15:18:07 -04:00
dhp2048.pem Add DH parameters, DSA cert and key 2017-02-17 16:33:12 +00:00
ee-cert2.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
ee-cert-768.pem Move peer chain security checks into x509_vfy.c 2016-04-03 11:35:35 -04:00
ee-cert-768i.pem Move peer chain security checks into x509_vfy.c 2016-04-03 11:35:35 -04:00
ee-cert-md5.pem Move peer chain security checks into x509_vfy.c 2016-04-03 11:35:35 -04:00
ee-cert.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
ee-client-chain.pem Update client authentication tests 2016-06-03 11:59:46 +02:00
ee-client.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
ee-clientAuth.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
ee-ecdsa-client-chain.pem Add ECDSA client certificates 2017-02-16 16:43:44 +00:00
ee-ecdsa-key.pem Add ECDSA client certificates 2017-02-16 16:43:44 +00:00
ee-expired.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
ee-key-768.pem Move peer chain security checks into x509_vfy.c 2016-04-03 11:35:35 -04:00
ee-key.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
ee-name2.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
ee-serverAuth.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
ee+clientAuth.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
ee+serverAuth.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
embeddedSCTs1_issuer.pem CT policy validation 2016-03-01 20:03:25 +00:00
embeddedSCTs1-key.pem Add SSL tests for certificates with embedded SCTs 2017-04-12 19:08:57 +02:00
embeddedSCTs1.pem Tests for parsing and printing certificates containing SCTs 2016-02-25 13:59:11 -05:00
embeddedSCTs1.sct Tests for parsing and printing certificates containing SCTs 2016-02-25 13:59:11 -05:00
embeddedSCTs3_issuer.pem CT policy validation 2016-03-01 20:03:25 +00:00
embeddedSCTs3.pem Tests for parsing and printing certificates containing SCTs 2016-02-25 13:59:11 -05:00
embeddedSCTs3.sct Tests for parsing and printing certificates containing SCTs 2016-02-25 13:59:11 -05:00
interCA.key
interCA.pem
leaf.key
leaf.pem
mkcert.sh Add DSA support to mkcert.sh 2017-02-17 16:33:12 +00:00
nca+anyEKU.pem Add tests for non-ca trusted roots and intermediates 2016-01-31 21:24:16 -05:00
nca+serverAuth.pem Add tests for non-ca trusted roots and intermediates 2016-01-31 21:24:16 -05:00
ncca1-cert.pem Extend mkcert.sh to support nameConstraints generation and more complex 2016-07-11 23:30:04 +01:00
ncca1-key.pem Extend mkcert.sh to support nameConstraints generation and more complex 2016-07-11 23:30:04 +01:00
ncca2-cert.pem Extend mkcert.sh to support nameConstraints generation and more complex 2016-07-11 23:30:04 +01:00
ncca2-key.pem Extend mkcert.sh to support nameConstraints generation and more complex 2016-07-11 23:30:04 +01:00
ncca3-cert.pem Extend mkcert.sh to support nameConstraints generation and more complex 2016-07-11 23:30:04 +01:00
ncca3-key.pem Extend mkcert.sh to support nameConstraints generation and more complex 2016-07-11 23:30:04 +01:00
ncca-cert.pem Extend mkcert.sh to support nameConstraints generation and more complex 2016-07-11 23:30:04 +01:00
ncca-key.pem Extend mkcert.sh to support nameConstraints generation and more complex 2016-07-11 23:30:04 +01:00
nroot+anyEKU.pem Add tests for non-ca trusted roots and intermediates 2016-01-31 21:24:16 -05:00
nroot+serverAuth.pem Add tests for non-ca trusted roots and intermediates 2016-01-31 21:24:16 -05:00
p256-server-cert.pem Add P-384 root and P-384, P-256 EE certificates. 2017-02-24 23:30:49 +00:00
p256-server-key.pem Add P-384 root and P-384, P-256 EE certificates. 2017-02-24 23:30:49 +00:00
p384-root-key.pem Add P-384 root and P-384, P-256 EE certificates. 2017-02-24 23:30:49 +00:00
p384-root.pem Add P-384 root and P-384, P-256 EE certificates. 2017-02-24 23:30:49 +00:00
p384-server-cert.pem Add P-384 root and P-384, P-256 EE certificates. 2017-02-24 23:30:49 +00:00
p384-server-key.pem Add P-384 root and P-384, P-256 EE certificates. 2017-02-24 23:30:49 +00:00
pathlen.pem Add some accessor API's 2016-06-08 11:37:06 -04:00
pc1-cert.pem Create some proxy certificates 2016-06-20 21:34:37 +02:00
pc1-key.pem Create some proxy certificates 2016-06-20 21:34:37 +02:00
pc2-cert.pem Create some proxy certificates 2016-06-20 21:34:37 +02:00
pc2-key.pem Create some proxy certificates 2016-06-20 21:34:37 +02:00
pc5-cert.pem Create some proxy certificates 2016-06-20 21:34:37 +02:00
pc5-key.pem Create some proxy certificates 2016-06-20 21:34:37 +02:00
root2-serverAuth.pem Check chain extensions also for trusted certificates 2016-01-31 21:23:23 -05:00
root2+clientAuth.pem Check chain extensions also for trusted certificates 2016-01-31 21:23:23 -05:00
root2+serverAuth.pem Check chain extensions also for trusted certificates 2016-01-31 21:23:23 -05:00
root-anyEKU.pem Check chain extensions also for trusted certificates 2016-01-31 21:23:23 -05:00
root-cert2.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
root-cert-768.pem Move peer chain security checks into x509_vfy.c 2016-04-03 11:35:35 -04:00
root-cert-md5.pem Move peer chain security checks into x509_vfy.c 2016-04-03 11:35:35 -04:00
root-cert.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
root-clientAuth.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
root-key2.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
root-key-768.pem Move peer chain security checks into x509_vfy.c 2016-04-03 11:35:35 -04:00
root-key.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
root-name2.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
root-nonca.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
root-noserver.pem More X509_verify_cert() tests via verify(1). 2016-01-20 19:04:11 -05:00
root-serverAuth.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
root+anyEKU.pem Check chain extensions also for trusted certificates 2016-01-31 21:23:23 -05:00
root+clientAuth.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
root+serverAuth.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
rootCA.key
rootCA.pem
rootcert.pem More X509_verify_cert() tests via verify(1). 2016-01-20 19:04:11 -05:00
rootkey.pem More X509_verify_cert() tests via verify(1). 2016-01-20 19:04:11 -05:00
roots.pem
sca-anyEKU.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
sca-cert.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
sca-clientAuth.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
sca-serverAuth.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
sca+anyEKU.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
sca+clientAuth.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
sca+serverAuth.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
server-cecdsa-cert.pem EC certificate with compression point 2017-02-24 23:52:22 +00:00
server-cecdsa-key.pem EC certificate with compression point 2017-02-24 23:52:22 +00:00
server-dsa-cert.pem Add DH parameters, DSA cert and key 2017-02-17 16:33:12 +00:00
server-dsa-key.pem Add DH parameters, DSA cert and key 2017-02-17 16:33:12 +00:00
server-ecdsa-cert.pem add ECDSA test server certificate 2017-01-15 00:23:33 +00:00
server-ecdsa-key.pem add ECDSA test server certificate 2017-01-15 00:23:33 +00:00
server-trusted.pem More X509_verify_cert() tests via verify(1). 2016-01-20 19:04:11 -05:00
servercert.pem More X509_verify_cert() tests via verify(1). 2016-01-20 19:04:11 -05:00
serverkey.pem More X509_verify_cert() tests via verify(1). 2016-01-20 19:04:11 -05:00
setup.sh Extend mkcert.sh to support nameConstraints generation and more complex 2016-07-11 23:30:04 +01:00
sroot-anyEKU.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
sroot-cert.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
sroot-clientAuth.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
sroot-serverAuth.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
sroot+anyEKU.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
sroot+clientAuth.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
sroot+serverAuth.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
subinterCA-ss.pem
subinterCA.key
subinterCA.pem
untrusted.pem
wrongcert.pem More X509_verify_cert() tests via verify(1). 2016-01-20 19:04:11 -05:00
wrongkey.pem More X509_verify_cert() tests via verify(1). 2016-01-20 19:04:11 -05:00