mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-03-07 19:38:33 +08:00
Code Issues Packages Projects Releases Wiki Activity
9454423bf1
openssl/test/certs
History
Lutz Jaenicke 386ab7f1fe Add test cases for verification of time stamping certificates 
Test makes sure, that both time stamping certificate according to rfc3161 (no
requirements for keyUsage extension) and according to CAB forum (keyUsage
extension must be digitalSignature and be set critical) are accepted. Misuse
cases as stated in CAB forum are rejected, only exeption is a missing
"critial" flag on keyUsage.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18597)
2022-06-22 16:58:08 +10:00
..
alt1-cert.pem
alt1-key.pem
alt2-cert.pem
alt2-key.pem
alt3-cert.pem
alt3-key.pem
bad-othername-namec-inter.pem Test a bad SmtpUTF8Mailbox name constraint 2021-06-04 17:18:31 +01:00
bad-othername-namec-key.pem Test a bad SmtpUTF8Mailbox name constraint 2021-06-04 17:18:31 +01:00
bad-othername-namec.pem Test a bad SmtpUTF8Mailbox name constraint 2021-06-04 17:18:31 +01:00
bad-pc3-cert.pem
bad-pc3-key.pem
bad-pc4-cert.pem
bad-pc4-key.pem
bad-pc6-cert.pem
bad-pc6-key.pem
bad.key
bad.pem
badalt1-cert.pem
badalt1-key.pem
badalt2-cert.pem
badalt2-key.pem
badalt3-cert.pem
badalt3-key.pem
badalt4-cert.pem
badalt4-key.pem
badalt5-cert.pem
badalt5-key.pem
badalt6-cert.pem
badalt6-key.pem
badalt7-cert.pem
badalt7-key.pem
badalt8-cert.pem
badalt8-key.pem
badalt9-cert.pem
badalt9-key.pem
badalt10-cert.pem
badalt10-key.pem
badcn1-cert.pem
badcn1-key.pem
ca-anyEKU.pem
ca-cert2.pem make various test CA certs RFC 5280 compliant w.r.t. X509 extensions 2021-01-20 15:53:47 +01:00
ca-cert-768.pem make various test CA certs RFC 5280 compliant w.r.t. X509 extensions 2021-01-20 15:53:47 +01:00
ca-cert-768i.pem make various test CA certs RFC 5280 compliant w.r.t. X509 extensions 2021-01-20 15:53:47 +01:00
ca-cert-ec-explicit.pem make various test CA certs RFC 5280 compliant w.r.t. X509 extensions 2021-01-20 15:53:47 +01:00
ca-cert-ec-named.pem make various test CA certs RFC 5280 compliant w.r.t. X509 extensions 2021-01-20 15:53:47 +01:00
ca-cert-md5-any.pem make various test CA certs RFC 5280 compliant w.r.t. X509 extensions 2021-01-20 15:53:47 +01:00
ca-cert-md5.pem make various test CA certs RFC 5280 compliant w.r.t. X509 extensions 2021-01-20 15:53:47 +01:00
ca-cert.pem make various test CA certs RFC 5280 compliant w.r.t. X509 extensions 2021-01-20 15:53:47 +01:00
ca-clientAuth.pem
ca-expired.pem make various test CA certs RFC 5280 compliant w.r.t. X509 extensions 2021-01-20 15:53:47 +01:00
ca-key2.pem
ca-key-768.pem
ca-key-ec-explicit.pem Disallow certs with explicit curve in verification chain 2020-09-17 17:15:15 +02:00
ca-key-ec-named.pem Disallow certs with explicit curve in verification chain 2020-09-17 17:15:15 +02:00
ca-key.pem
ca-name2.pem make various test CA certs RFC 5280 compliant w.r.t. X509 extensions 2021-01-20 15:53:47 +01:00
ca-nonbc.pem make various test CA certs RFC 5280 compliant w.r.t. X509 extensions 2021-01-20 15:53:47 +01:00
ca-nonca.pem make various test CA certs RFC 5280 compliant w.r.t. X509 extensions 2021-01-20 15:53:47 +01:00
ca-pss-cert.pem check_sig_alg_match(): weaken sig nid comparison to allow RSA{,PSS} key verify RSA-PSS 2021-01-28 15:05:04 +01:00
ca-pss-key.pem check_sig_alg_match(): weaken sig nid comparison to allow RSA{,PSS} key verify RSA-PSS 2021-01-28 15:05:04 +01:00
ca-root2.pem make various test CA certs RFC 5280 compliant w.r.t. X509 extensions 2021-01-20 15:53:47 +01:00
ca-serverAuth.pem
ca+anyEKU.pem
ca+clientAuth.pem
ca+serverAuth.pem
cca-anyEKU.pem make various test CA certs RFC 5280 compliant w.r.t. X509 extensions 2021-01-20 15:53:47 +01:00
cca-cert.pem make various test CA certs RFC 5280 compliant w.r.t. X509 extensions 2021-01-20 15:53:47 +01:00
cca-clientAuth.pem test/certs/setup.sh: Fix two glitches 2021-05-05 09:51:39 +02:00
cca-serverAuth.pem make various test CA certs RFC 5280 compliant w.r.t. X509 extensions 2021-01-20 15:53:47 +01:00
cca+anyEKU.pem make various test CA certs RFC 5280 compliant w.r.t. X509 extensions 2021-01-20 15:53:47 +01:00
cca+clientAuth.pem make various test CA certs RFC 5280 compliant w.r.t. X509 extensions 2021-01-20 15:53:47 +01:00
cca+serverAuth.pem make various test CA certs RFC 5280 compliant w.r.t. X509 extensions 2021-01-20 15:53:47 +01:00
cert-key-cert.pem test_pem_reading: Test loading a key from a file with multiple PEM data 2021-07-02 15:33:34 +02:00
client-ed448-cert.pem
client-ed448-key.pem
client-ed25519-cert.pem
client-ed25519-key.pem
client-pss-restrict-cert.pem Enable setting SSL_CERT_FLAG_TLS_STRICT with ssl config 2022-06-03 13:22:42 +10:00
client-pss-restrict-key.pem Enable setting SSL_CERT_FLAG_TLS_STRICT with ssl config 2022-06-03 13:22:42 +10:00
croot-anyEKU.pem
croot-cert.pem make various test CA certs RFC 5280 compliant w.r.t. X509 extensions 2021-01-20 15:53:47 +01:00
croot-clientAuth.pem
croot-serverAuth.pem
croot+anyEKU.pem
croot+clientAuth.pem
croot+serverAuth.pem
cross-key.pem Test for DANE cross cert fix 2021-09-03 00:11:53 -04:00
cross-root.pem Test for DANE cross cert fix 2021-09-03 00:11:53 -04:00
ct-server-key-public.pem
ct-server-key.pem
cyrillic_crl.pem
cyrillic_crl.utf8
cyrillic.msb Fix the expected output of printing certificates 2021-06-08 18:53:28 +01:00
cyrillic.pem test/x509: Test for issuer being overwritten when printing. 2021-03-04 12:15:37 +01:00
cyrillic.utf8 Fix the expected output of printing certificates 2021-06-08 18:53:28 +01:00
dhk2048.pem TEST: Prefer using precomputed RSA and DH keys for more efficient tests 2021-05-27 11:06:01 +02:00
dhp2048.pem test_ssl_new: X448, X25519, and EdDSA are supported with fips 2021-03-03 10:00:21 +10:00
ec_privkey_with_chain.pem d2i_PrivateKey{,_ex}() and PEM_X509_INFO_read_bio_ex(): Fix handling of RSA/DSA/EC private key 2021-04-08 15:18:58 +02:00
ee-cert2.pem
ee-cert-768.pem
ee-cert-768i.pem
ee-cert-1024.pem Add some additional test certificates/keys 2020-11-18 14:14:53 +00:00
ee-cert-3072.pem Add some additional test certificates/keys 2020-11-18 14:14:53 +00:00
ee-cert-4096.pem Add some additional test certificates/keys 2020-11-18 14:14:53 +00:00
ee-cert-8192.pem Add some additional test certificates/keys 2020-11-18 14:14:53 +00:00
ee-cert-crit-unknown-ext.pem Implement treatment of id-pkix-ocsp-no-check extension for OCSP_basic_verify() 2020-09-26 14:03:44 +02:00
ee-cert-ec-explicit.pem Disallow certs with explicit curve in verification chain 2020-09-17 17:15:15 +02:00
ee-cert-ec-named-explicit.pem Disallow certs with explicit curve in verification chain 2020-09-17 17:15:15 +02:00
ee-cert-ec-named-named.pem Disallow certs with explicit curve in verification chain 2020-09-17 17:15:15 +02:00
ee-cert-md5.pem
ee-cert-noncrit-unknown-ext.pem Implement treatment of id-pkix-ocsp-no-check extension for OCSP_basic_verify() 2020-09-26 14:03:44 +02:00
ee-cert-ocsp-nocheck.pem Implement treatment of id-pkix-ocsp-no-check extension for OCSP_basic_verify() 2020-09-26 14:03:44 +02:00
ee-cert.pem
ee-client-chain.pem
ee-client.pem
ee-clientAuth.pem
ee-ecdsa-client-chain.pem
ee-ecdsa-key.pem
ee-ed25519.pem
ee-expired.pem
ee-key-768.pem
ee-key-1024.pem Add some additional test certificates/keys 2020-11-18 14:14:53 +00:00
ee-key-3072.pem Add some additional test certificates/keys 2020-11-18 14:14:53 +00:00
ee-key-4096.pem Add some additional test certificates/keys 2020-11-18 14:14:53 +00:00
ee-key-8192.pem Add some additional test certificates/keys 2020-11-18 14:14:53 +00:00
ee-key-ec-explicit.pem Disallow certs with explicit curve in verification chain 2020-09-17 17:15:15 +02:00
ee-key-ec-named-explicit.pem Disallow certs with explicit curve in verification chain 2020-09-17 17:15:15 +02:00
ee-key-ec-named-named.pem Disallow certs with explicit curve in verification chain 2020-09-17 17:15:15 +02:00
ee-key.pem
ee-name2.pem
ee-pathlen.pem update test/certs/ee-pathlen.pem to contain SKID and AKID 2021-05-05 09:51:39 +02:00
ee-pss-cert.pem check_sig_alg_match(): weaken sig nid comparison to allow RSA{,PSS} key verify RSA-PSS 2021-01-28 15:05:04 +01:00
ee-pss-sha1-cert.pem
ee-pss-sha256-cert.pem
ee-pss-wrong1.5-cert.pem check_sig_alg_match(): weaken sig nid comparison to allow RSA{,PSS} key verify RSA-PSS 2021-01-28 15:05:04 +01:00
ee-self-signed.pem ee-self-signed.pem: Restore original version, adding -attime to 25-test_verify.t 2021-06-02 14:49:13 +02:00
ee-serverAuth.pem
ee-ss-with-keyCertSign.pem 25-test_verify.t: Add test case: accept trusted self-signed EE cert with key usage keyCertSign also when strict 2021-06-09 16:06:10 +02:00
ee-timestampsign-CABforum-anyextkeyusage.pem Add test cases for verification of time stamping certificates 2022-06-22 16:58:08 +10:00
ee-timestampsign-CABforum-crlsign.pem Add test cases for verification of time stamping certificates 2022-06-22 16:58:08 +10:00
ee-timestampsign-CABforum-keycertsign.pem Add test cases for verification of time stamping certificates 2022-06-22 16:58:08 +10:00
ee-timestampsign-CABforum-noncritxku.pem Add test cases for verification of time stamping certificates 2022-06-22 16:58:08 +10:00
ee-timestampsign-CABforum-serverauth.pem Add test cases for verification of time stamping certificates 2022-06-22 16:58:08 +10:00
ee-timestampsign-CABforum.pem Add test cases for verification of time stamping certificates 2022-06-22 16:58:08 +10:00
ee-timestampsign-rfc3161-digsig.pem Add test cases for verification of time stamping certificates 2022-06-22 16:58:08 +10:00
ee-timestampsign-rfc3161-noncritxku.pem Add test cases for verification of time stamping certificates 2022-06-22 16:58:08 +10:00
ee-timestampsign-rfc3161.pem Add test cases for verification of time stamping certificates 2022-06-22 16:58:08 +10:00
ee+clientAuth.pem
ee+serverAuth.pem
embeddedSCTs1_issuer-key.pem Change the SCT issuer key to RSA 2048 2022-06-03 17:17:08 +02:00
embeddedSCTs1_issuer.pem Change the SCT issuer key to RSA 2048 2022-06-03 17:17:08 +02:00
embeddedSCTs1-key.pem
embeddedSCTs1.pem Change the SCT issuer key to RSA 2048 2022-06-03 17:17:08 +02:00
embeddedSCTs1.sct Change the SCT issuer key to RSA 2048 2022-06-03 17:17:08 +02:00
embeddedSCTs1.tlssct
embeddedSCTs3_issuer.pem
embeddedSCTs3.pem
embeddedSCTs3.sct
ext-check.csr 25-test_req.t: Add systematic SKID+AKID tests for self-issued (incl. self-signed) certs 2021-11-11 20:18:56 +01:00
fake-gp.pem Add support for unusal 'othername' subjectAltNames 2020-04-25 18:52:30 +03:00
goodcn1-cert.pem
goodcn1-key.pem
goodcn2-cert.pem Add a new Name Constraints test cert 2021-12-14 13:48:34 +00:00
goodcn2-chain.pem Add a TLS test for name constraints with an EE cert without a SAN 2021-12-14 13:48:34 +00:00
goodcn2-key.pem Add a new Name Constraints test cert 2021-12-14 13:48:34 +00:00
grfc.pem Issuer Sign Tool extention support 2020-03-25 15:33:53 +03:00
interCA.key
interCA.pem
invalid-cert.pem X509_cmp(): Fix comparison in case x509v3_cache_extensions() failed to due to invalid cert 2021-01-13 11:19:17 +01:00
key-pass-12345.pem PEM_X509_INFO_read_bio_ex(): Generalize to allow parsing any type of private key 2021-04-08 15:18:58 +02:00
leaf-chain.pem Fix NULL access in ssl_build_cert_chain() when ctx is NULL. 2021-03-03 16:16:19 +10:00
leaf-encrypted.key Test that PEM_BUFSIZE is passed into pem_password_cb 2022-01-03 10:35:36 +01:00
leaf.key
leaf.pem
many-constraints.pem
many-names1.pem
many-names2.pem
many-names3.pem
mkcert.sh Add a new Name Constraints test cert 2021-12-14 13:48:34 +00:00
nca+anyEKU.pem test/certs/setup.sh: Fix two glitches 2021-05-05 09:51:39 +02:00
nca+serverAuth.pem
ncca1-cert.pem make various test CA certs RFC 5280 compliant w.r.t. X509 extensions 2021-01-20 15:53:47 +01:00
ncca1-key.pem
ncca2-cert.pem make various test CA certs RFC 5280 compliant w.r.t. X509 extensions 2021-01-20 15:53:47 +01:00
ncca2-key.pem
ncca3-cert.pem make various test CA certs RFC 5280 compliant w.r.t. X509 extensions 2021-01-20 15:53:47 +01:00
ncca3-key.pem
ncca-cert.pem
ncca-key.pem
nroot+anyEKU.pem
nroot+serverAuth.pem
p256-server-cert.pem
p256-server-key.pem
p384-root-key.pem
p384-root.pem
p384-server-cert.pem
p384-server-key.pem
pathlen.pem
pc1-cert.pem
pc1-key.pem
pc2-cert.pem
pc2-key.pem
pc5-cert.pem
pc5-key.pem
root2-serverAuth.pem
root2+clientAuth.pem
root2+serverAuth.pem
root-anyEKU.pem
root-cert2.pem make various test CA certs RFC 5280 compliant w.r.t. X509 extensions 2021-01-20 15:53:47 +01:00
root-cert-768.pem make various test CA certs RFC 5280 compliant w.r.t. X509 extensions 2021-01-20 15:53:47 +01:00
root-cert-md5.pem make various test CA certs RFC 5280 compliant w.r.t. X509 extensions 2021-01-20 15:53:47 +01:00
root-cert-rsa2.pem
root-cert.pem make various test CA certs RFC 5280 compliant w.r.t. X509 extensions 2021-01-20 15:53:47 +01:00
root-clientAuth.pem
root-cross-cert.pem Test for DANE cross cert fix 2021-09-03 00:11:53 -04:00
root-ed448-cert.pem make various test CA certs RFC 5280 compliant w.r.t. X509 extensions 2021-01-20 15:53:47 +01:00
root-ed448-key.pem
root-ed25519.pem
root-ed25519.privkey.pem
root-ed25519.pubkey.pem
root-expired.pem make various test CA certs RFC 5280 compliant w.r.t. X509 extensions 2021-01-20 15:53:47 +01:00
root-key2.pem
root-key-768.pem
root-key.pem
root-name2.pem make various test CA certs RFC 5280 compliant w.r.t. X509 extensions 2021-01-20 15:53:47 +01:00
root-nonca.pem
root-noserver.pem
root-serverAuth.pem
root+anyEKU.pem
root+clientAuth.pem
root+serverAuth.pem
rootCA.key
rootCA.pem
rootcert.pem
rootkey.pem
roots.pem
sca-anyEKU.pem make various test CA certs RFC 5280 compliant w.r.t. X509 extensions 2021-01-20 15:53:47 +01:00
sca-cert.pem make various test CA certs RFC 5280 compliant w.r.t. X509 extensions 2021-01-20 15:53:47 +01:00
sca-clientAuth.pem make various test CA certs RFC 5280 compliant w.r.t. X509 extensions 2021-01-20 15:53:47 +01:00
sca-serverAuth.pem make various test CA certs RFC 5280 compliant w.r.t. X509 extensions 2021-01-20 15:53:47 +01:00
sca+anyEKU.pem make various test CA certs RFC 5280 compliant w.r.t. X509 extensions 2021-01-20 15:53:47 +01:00
sca+clientAuth.pem make various test CA certs RFC 5280 compliant w.r.t. X509 extensions 2021-01-20 15:53:47 +01:00
sca+serverAuth.pem make various test CA certs RFC 5280 compliant w.r.t. X509 extensions 2021-01-20 15:53:47 +01:00
server-cecdsa-cert.pem
server-cecdsa-key.pem
server-dsa-cert.pem
server-dsa-key.pem
server-dsa-pubkey.pem Prune low-level ASN.1 parse errors from error queue in der2key_decode() etc. 2020-09-30 20:49:44 +02:00
server-ecdsa-brainpoolP256r1-cert.pem
server-ecdsa-brainpoolP256r1-key.pem
server-ecdsa-cert.pem
server-ecdsa-key.pem
server-ed448-cert.pem
server-ed448-key.pem
server-ed25519-cert.pem
server-ed25519-key.pem
server-pss-cert.pem
server-pss-key.pem
server-pss-restrict-cert.pem
server-pss-restrict-key.pem
server-trusted.pem
servercert.pem
serverkey.pem
setup.sh Add test cases for verification of time stamping certificates 2022-06-22 16:58:08 +10:00
sm2-ca-cert.pem Update further expiring certificates that affect tests 2022-06-05 10:59:40 +02:00
sm2-csr.pem
sm2-root.crt Update further expiring certificates that affect tests 2022-06-05 10:59:40 +02:00
sm2-root.key
sm2.key
sm2.pem Update further expiring certificates that affect tests 2022-06-05 10:59:40 +02:00
some-names1.pem
some-names2.pem
some-names3.pem
sroot-anyEKU.pem
sroot-cert.pem make various test CA certs RFC 5280 compliant w.r.t. X509 extensions 2021-01-20 15:53:47 +01:00
sroot-clientAuth.pem
sroot-serverAuth.pem
sroot+anyEKU.pem
sroot+clientAuth.pem
sroot+serverAuth.pem
subinterCA-ss.pem
subinterCA.key
subinterCA.pem
untrusted.pem
v3-certs-RC2.p12 apps: make use of OSSL_STORE for generalized certs and CRLs loading 2020-08-20 14:55:34 +02:00
v3-certs-TDES.p12 apps: make use of OSSL_STORE for generalized certs and CRLs loading 2020-08-20 14:55:34 +02:00
wrongcert.pem
wrongkey.pem
x509-check-key.pem
x509-check.csr