openssl/test/certs
Dr. David von Oheimb 0e7b1383e1 Fix issue 1418 by moving check of KU_KEY_CERT_SIGN and weakening check_issued()
Move check that cert signing is allowed from x509v3_cache_extensions() to
where it belongs: internal_verify(), generalize it for proxy cert signing.
Correct and simplify check_issued(), now checking self-issued (not: self-signed).
Add test case to 25-test_verify.t that demonstrates successful fix

Fixes #1418

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10587)
2020-07-01 11:14:54 +02:00
..
alt1-cert.pem
alt1-key.pem
alt2-cert.pem
alt2-key.pem
alt3-cert.pem
alt3-key.pem
bad-pc3-cert.pem
bad-pc3-key.pem
bad-pc4-cert.pem
bad-pc4-key.pem
bad-pc6-cert.pem
bad-pc6-key.pem
bad.key
bad.pem
badalt1-cert.pem
badalt1-key.pem
badalt2-cert.pem
badalt2-key.pem
badalt3-cert.pem
badalt3-key.pem
badalt4-cert.pem
badalt4-key.pem
badalt5-cert.pem
badalt5-key.pem
badalt6-cert.pem
badalt6-key.pem
badalt7-cert.pem
badalt7-key.pem
badalt8-cert.pem
badalt8-key.pem
badalt9-cert.pem
badalt9-key.pem
badalt10-cert.pem
badalt10-key.pem
badcn1-cert.pem
badcn1-key.pem
ca-anyEKU.pem
ca-cert2.pem
ca-cert-768.pem
ca-cert-768i.pem
ca-cert-md5-any.pem
ca-cert-md5.pem
ca-cert.pem
ca-clientAuth.pem
ca-expired.pem
ca-key2.pem
ca-key-768.pem
ca-key.pem
ca-name2.pem
ca-nonbc.pem
ca-nonca.pem
ca-root2.pem
ca-serverAuth.pem
ca+anyEKU.pem
ca+clientAuth.pem
ca+serverAuth.pem
cca-anyEKU.pem
cca-cert.pem
cca-clientAuth.pem
cca-serverAuth.pem
cca+anyEKU.pem
cca+clientAuth.pem
cca+serverAuth.pem
client-ed448-cert.pem
client-ed448-key.pem
client-ed25519-cert.pem
client-ed25519-key.pem
croot-anyEKU.pem
croot-cert.pem
croot-clientAuth.pem
croot-serverAuth.pem
croot+anyEKU.pem
croot+clientAuth.pem
croot+serverAuth.pem
ct-server-key-public.pem Create a new embeddedSCTs1 that's signed using SHA256 2020-02-05 22:04:37 +01:00
ct-server-key.pem Create a new embeddedSCTs1 that's signed using SHA256 2020-02-05 22:04:37 +01:00
cyrillic_crl.pem
cyrillic_crl.utf8
cyrillic.msb
cyrillic.pem
cyrillic.utf8
dhp2048.pem
ee-cert2.pem
ee-cert-768.pem
ee-cert-768i.pem
ee-cert-md5.pem
ee-cert.pem
ee-client-chain.pem
ee-client.pem
ee-clientAuth.pem
ee-ecdsa-client-chain.pem
ee-ecdsa-key.pem
ee-ed25519.pem
ee-expired.pem
ee-key-768.pem
ee-key.pem
ee-name2.pem
ee-pathlen.pem Add test cases for the non CA certificate with pathlen:0 2020-04-06 10:26:14 +02:00
ee-pss-sha1-cert.pem
ee-pss-sha256-cert.pem
ee-self-signed.pem Fix issue 1418 by moving check of KU_KEY_CERT_SIGN and weakening check_issued() 2020-07-01 11:14:54 +02:00
ee-serverAuth.pem
ee+clientAuth.pem
ee+serverAuth.pem
embeddedSCTs1_issuer-key.pem Create a new embeddedSCTs1 that's signed using SHA256 2020-02-05 22:04:37 +01:00
embeddedSCTs1_issuer.pem
embeddedSCTs1-key.pem Create a new embeddedSCTs1 that's signed using SHA256 2020-02-05 22:04:37 +01:00
embeddedSCTs1.pem Create a new embeddedSCTs1 that's signed using SHA256 2020-02-05 22:04:37 +01:00
embeddedSCTs1.sct Create a new embeddedSCTs1 that's signed using SHA256 2020-02-05 22:04:37 +01:00
embeddedSCTs1.tlssct Create a new embeddedSCTs1 that's signed using SHA256 2020-02-05 22:04:37 +01:00
embeddedSCTs3_issuer.pem
embeddedSCTs3.pem
embeddedSCTs3.sct Create a new embeddedSCTs1 that's signed using SHA256 2020-02-05 22:04:37 +01:00
fake-gp.pem Add support for unusal 'othername' subjectAltNames 2020-04-25 18:52:30 +03:00
goodcn1-cert.pem
goodcn1-key.pem
grfc.pem Issuer Sign Tool extention support 2020-03-25 15:33:53 +03:00
interCA.key
interCA.pem
leaf.key
leaf.pem
many-constraints.pem
many-names1.pem
many-names2.pem
many-names3.pem
mkcert.sh Update copyright year 2020-04-23 13:55:52 +01:00
nca+anyEKU.pem
nca+serverAuth.pem
ncca1-cert.pem
ncca1-key.pem
ncca2-cert.pem
ncca2-key.pem
ncca3-cert.pem
ncca3-key.pem
ncca-cert.pem
ncca-key.pem
nroot+anyEKU.pem
nroot+serverAuth.pem
p256-server-cert.pem
p256-server-key.pem
p384-root-key.pem
p384-root.pem
p384-server-cert.pem
p384-server-key.pem
pathlen.pem
pc1-cert.pem
pc1-key.pem
pc2-cert.pem
pc2-key.pem
pc5-cert.pem
pc5-key.pem
root2-serverAuth.pem
root2+clientAuth.pem
root2+serverAuth.pem
root-anyEKU.pem
root-cert2.pem
root-cert-768.pem
root-cert-md5.pem
root-cert-rsa2.pem
root-cert.pem
root-clientAuth.pem
root-ed448-cert.pem Generate new Ed488 certificates 2020-02-11 23:23:42 +01:00
root-ed448-key.pem Generate new Ed488 certificates 2020-02-11 23:23:42 +01:00
root-ed25519.pem
root-ed25519.privkey.pem
root-ed25519.pubkey.pem
root-key2.pem
root-key-768.pem
root-key.pem
root-name2.pem
root-nonca.pem
root-noserver.pem
root-serverAuth.pem
root+anyEKU.pem
root+clientAuth.pem
root+serverAuth.pem
rootCA.key
rootCA.pem
rootcert.pem
rootkey.pem
roots.pem
sca-anyEKU.pem
sca-cert.pem
sca-clientAuth.pem
sca-serverAuth.pem
sca+anyEKU.pem
sca+clientAuth.pem
sca+serverAuth.pem
server-cecdsa-cert.pem
server-cecdsa-key.pem
server-dsa-cert.pem
server-dsa-key.pem
server-ecdsa-brainpoolP256r1-cert.pem
server-ecdsa-brainpoolP256r1-key.pem
server-ecdsa-cert.pem
server-ecdsa-key.pem
server-ed448-cert.pem Generate new Ed488 certificates 2020-02-11 23:23:42 +01:00
server-ed448-key.pem
server-ed25519-cert.pem
server-ed25519-key.pem
server-pss-cert.pem
server-pss-key.pem
server-pss-restrict-cert.pem
server-pss-restrict-key.pem
server-trusted.pem
servercert.pem
serverkey.pem
setup.sh Fix issue 1418 by moving check of KU_KEY_CERT_SIGN and weakening check_issued() 2020-07-01 11:14:54 +02:00
sm2-ca-cert.pem
sm2-csr.pem
sm2-root.crt
sm2-root.key
sm2.key
sm2.pem
some-names1.pem
some-names2.pem
some-names3.pem
sroot-anyEKU.pem
sroot-cert.pem
sroot-clientAuth.pem
sroot-serverAuth.pem
sroot+anyEKU.pem
sroot+clientAuth.pem
sroot+serverAuth.pem
subinterCA-ss.pem
subinterCA.key
subinterCA.pem
untrusted.pem
wrongcert.pem
wrongkey.pem
x509-check-key.pem
x509-check.csr