zzy/openssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Support all NULL-syntax X.509v3 extensions

Browse Source 
Signed-off-by: Jonathan M. Wilbur <jonathan@wilbur.space>

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21342)
This commit is contained in:
Jonathan M. Wilbur 2023-07-01 15:56:40 +00:00 committed by Todd Short
parent 30224a2484
commit 91bc783a93
16 changed files with 425 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
crypto/x509/build.info
View File

@ -14,7 +14,8 @@ SOURCE[../../libcrypto]=\
v3_info.c v3_akeya.c v3_pmaps.c v3_pcons.c v3_ncons.c \
v3_pcia.c v3_pci.c v3_ist.c \
pcy_cache.c pcy_node.c pcy_data.c pcy_map.c pcy_tree.c pcy_lib.c \
v3_asid.c v3_addr.c v3_tlsf.c v3_admis.c
v3_asid.c v3_addr.c v3_tlsf.c v3_admis.c v3_no_rev_avail.c \
v3_soa_id.c v3_no_ass.c v3_group_ac.c v3_single_use.c v3_ind_iss.c
IF[{- !$disabled{'deprecated-3.0'} -}]
SOURCE[../../libcrypto]=x509type.c

6
crypto/x509/ext_dat.h
View File

@ -25,3 +25,9 @@ extern const X509V3_EXT_METHOD ossl_v3_tls_feature;
extern const X509V3_EXT_METHOD ossl_v3_ext_admission;
extern const X509V3_EXT_METHOD ossl_v3_utf8_list[1];
extern const X509V3_EXT_METHOD ossl_v3_issuer_sign_tool;
extern const X509V3_EXT_METHOD ossl_v3_group_ac;
extern const X509V3_EXT_METHOD ossl_v3_soa_identifier;
extern const X509V3_EXT_METHOD ossl_v3_no_assertion;
extern const X509V3_EXT_METHOD ossl_v3_no_rev_avail;
extern const X509V3_EXT_METHOD ossl_v3_single_use;
extern const X509V3_EXT_METHOD ossl_v3_indirect_issuer;

8
crypto/x509/standard_exts.h
View File

@ -53,6 +53,7 @@ static const X509V3_EXT_METHOD *standard_exts[] = {
#endif
&ossl_v3_sinfo,
&ossl_v3_policy_constraints,
&ossl_v3_no_rev_avail,
#ifndef OPENSSL_NO_OCSP
&ossl_v3_crl_hold,
#endif
@ -71,7 +72,12 @@ static const X509V3_EXT_METHOD *standard_exts[] = {
&ossl_v3_utf8_list[0],
&ossl_v3_issuer_sign_tool,
&ossl_v3_tls_feature,
&ossl_v3_ext_admission
&ossl_v3_ext_admission,
&ossl_v3_soa_identifier,
&ossl_v3_indirect_issuer,
&ossl_v3_no_assertion,
&ossl_v3_single_use,
&ossl_v3_group_ac
};
/* Number of standard extensions */

53
crypto/x509/v3_group_ac.c Normal file
View File

@ -0,0 +1,53 @@
/*
* Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
#include <openssl/x509v3.h>
#include "ext_dat.h"
static int i2r_GROUP_AC(X509V3_EXT_METHOD *method,
void *su, BIO *out,
int indent)
{
return 1;
}
static void *r2i_GROUP_AC(X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, const char *value)
{
return ASN1_NULL_new();
}
static char *i2s_GROUP_AC(const X509V3_EXT_METHOD *method, void *val)
{
return OPENSSL_strdup("NULL");
}
static void *s2i_GROUP_AC(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str)
{
return ASN1_NULL_new();
}
/*
* The groupAC X.509v3 extension is defined in ITU Recommendation X.509
* (2019), Section 17.1.2.6. See: https://www.itu.int/rec/T-REC-X.509-201910-I/en.
*/
const X509V3_EXT_METHOD ossl_v3_group_ac = {
NID_group_ac, 0, ASN1_ITEM_ref(ASN1_NULL),
0, 0, 0, 0,
(X509V3_EXT_I2S)i2s_GROUP_AC,
(X509V3_EXT_S2I)s2i_GROUP_AC,
0, 0,
(X509V3_EXT_I2R)i2r_GROUP_AC,
(X509V3_EXT_R2I)r2i_GROUP_AC,
NULL
};

53
crypto/x509/v3_ind_iss.c Normal file
View File

@ -0,0 +1,53 @@
/*
* Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
#include <openssl/x509v3.h>
#include "ext_dat.h"
static int i2r_INDIRECT_ISSUER(X509V3_EXT_METHOD *method,
void *su, BIO *out,
int indent)
{
return 1;
}
static void *r2i_INDIRECT_ISSUER(X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, const char *value)
{
return ASN1_NULL_new();
}
static char *i2s_INDIRECT_ISSUER(const X509V3_EXT_METHOD *method, void *val)
{
return OPENSSL_strdup("NULL");
}
static void *s2i_INDIRECT_ISSUER(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str)
{
return ASN1_NULL_new();
}
/*
* The indirectIssuer X.509v3 extension is defined in ITU Recommendation X.509
* (2019), Section 17.5.2.5. See: https://www.itu.int/rec/T-REC-X.509-201910-I/en.
*/
const X509V3_EXT_METHOD ossl_v3_indirect_issuer = {
NID_indirect_issuer, 0, ASN1_ITEM_ref(ASN1_NULL),
0, 0, 0, 0,
(X509V3_EXT_I2S)i2s_INDIRECT_ISSUER,
(X509V3_EXT_S2I)s2i_INDIRECT_ISSUER,
0, 0,
(X509V3_EXT_I2R)i2r_INDIRECT_ISSUER,
(X509V3_EXT_R2I)r2i_INDIRECT_ISSUER,
NULL
};

53
crypto/x509/v3_no_ass.c Normal file
View File

@ -0,0 +1,53 @@
/*
* Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
#include <openssl/x509v3.h>
#include "ext_dat.h"
static int i2r_NO_ASSERTION(X509V3_EXT_METHOD *method,
void *su, BIO *out,
int indent)
{
return 1;
}
static void *r2i_NO_ASSERTION(X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, const char *value)
{
return ASN1_NULL_new();
}
static char *i2s_NO_ASSERTION(const X509V3_EXT_METHOD *method, void *val)
{
return OPENSSL_strdup("NULL");
}
static void *s2i_NO_ASSERTION(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str)
{
return ASN1_NULL_new();
}
/*
* The noAssertion X.509v3 extension is defined in ITU Recommendation X.509
* (2019), Section 17.5.2.7. See: https://www.itu.int/rec/T-REC-X.509-201910-I/en.
*/
const X509V3_EXT_METHOD ossl_v3_no_assertion = {
NID_no_assertion, 0, ASN1_ITEM_ref(ASN1_NULL),
0, 0, 0, 0,
(X509V3_EXT_I2S)i2s_NO_ASSERTION,
(X509V3_EXT_S2I)s2i_NO_ASSERTION,
0, 0,
(X509V3_EXT_I2R)i2r_NO_ASSERTION,
(X509V3_EXT_R2I)r2i_NO_ASSERTION,
NULL
};

53
crypto/x509/v3_no_rev_avail.c Normal file
View File

@ -0,0 +1,53 @@
/*
* Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
#include <openssl/x509v3.h>
#include "ext_dat.h"
static int i2r_NO_REV_AVAIL(X509V3_EXT_METHOD *method,
void *su, BIO *out,
int indent)
{
return 1;
}
static void *r2i_NO_REV_AVAIL(X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, const char *value)
{
return ASN1_NULL_new();
}
static char *i2s_NO_REV_AVAIL(const X509V3_EXT_METHOD *method, void *val)
{
return OPENSSL_strdup("NULL");
}
static void *s2i_NO_REV_AVAIL(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str)
{
return ASN1_NULL_new();
}
/*
* The noRevAvail X.509v3 extension is defined in ITU Recommendation X.509
* (2019), Section 17.2.2.7. See: https://www.itu.int/rec/T-REC-X.509-201910-I/en.
*/
const X509V3_EXT_METHOD ossl_v3_no_rev_avail = {
NID_no_rev_avail, 0, ASN1_ITEM_ref(ASN1_NULL),
0, 0, 0, 0,
(X509V3_EXT_I2S)i2s_NO_REV_AVAIL,
(X509V3_EXT_S2I)s2i_NO_REV_AVAIL,
0, 0,
(X509V3_EXT_I2R)i2r_NO_REV_AVAIL,
(X509V3_EXT_R2I)r2i_NO_REV_AVAIL,
NULL
};

53
crypto/x509/v3_single_use.c Normal file
View File

@ -0,0 +1,53 @@
/*
* Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
#include <openssl/x509v3.h>
#include "ext_dat.h"
static int i2r_SINGLE_USE(X509V3_EXT_METHOD *method,
void *su, BIO *out,
int indent)
{
return 1;
}
static void *r2i_SINGLE_USE(X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, const char *value)
{
return ASN1_NULL_new();
}
static char *i2s_SINGLE_USE(const X509V3_EXT_METHOD *method, void *val)
{
return OPENSSL_strdup("NULL");
}
static void *s2i_SINGLE_USE(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str)
{
return ASN1_NULL_new();
}
/*
* The singleUse X.509v3 extension is defined in ITU Recommendation X.509
* (2019), Section 17.1.2.5. See: https://www.itu.int/rec/T-REC-X.509-201910-I/en.
*/
const X509V3_EXT_METHOD ossl_v3_single_use = {
NID_single_use, 0, ASN1_ITEM_ref(ASN1_NULL),
0, 0, 0, 0,
(X509V3_EXT_I2S)i2s_SINGLE_USE,
(X509V3_EXT_S2I)s2i_SINGLE_USE,
0, 0,
(X509V3_EXT_I2R)i2r_SINGLE_USE,
(X509V3_EXT_R2I)r2i_SINGLE_USE,
NULL
};

53
crypto/x509/v3_soa_id.c Normal file
View File

@ -0,0 +1,53 @@
/*
* Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
#include <openssl/x509v3.h>
#include "ext_dat.h"
static int i2r_SOA_IDENTIFIER(X509V3_EXT_METHOD *method,
void *su, BIO *out,
int indent)
{
return 1;
}
static void *r2i_SOA_IDENTIFIER(X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, const char *value)
{
return ASN1_NULL_new();
}
static char *i2s_SOA_IDENTIFIER(const X509V3_EXT_METHOD *method, void *val)
{
return OPENSSL_strdup("NULL");
}
static void *s2i_SOA_IDENTIFIER(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str)
{
return ASN1_NULL_new();
}
/*
* The sOAIdentifier X.509v3 extension is defined in ITU Recommendation X.509
* (2019), Section 17.3.2.1.1. See: https://www.itu.int/rec/T-REC-X.509-201910-I/en.
*/
const X509V3_EXT_METHOD ossl_v3_soa_identifier = {
NID_soa_identifier, 0, ASN1_ITEM_ref(ASN1_NULL),
0, 0, 0, 0,
(X509V3_EXT_I2S)i2s_SOA_IDENTIFIER,
(X509V3_EXT_S2I)s2i_SOA_IDENTIFIER,
0, 0,
(X509V3_EXT_I2R)i2r_SOA_IDENTIFIER,
(X509V3_EXT_R2I)r2i_SOA_IDENTIFIER,
NULL
};

11
test/certs/ext-groupAC.pem Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN CERTIFICATE-----
MIIBhjCCAXKgAwIBAgIDAQIDMAsGCSqGSIb3DQEBBTAAMCIYDzIwMjEwODMwMDA1
MzE3WhgPMjAyMTA4MzAwMDUzMTdaMAAwggEgMAsGCSqGSIb3DQEBAQOCAQ8AMIIB
CgKCAQEAtnjLm1ts1hC4fNNt3UnQD9y73bDXgioTyWYSI3ca/KNfuTydjFTEYAmq
nuGrBOUfgbmH3PRQ0AmpqljgWTb3d3K8H4UFvDWQTPSS21IMjm8oqd19nE5GxWir
Gu0oDRzhWLHe1RZ7ZrohCPg/1Ocsy47QZuK2laFB0rEmrRWBmEYbDl3/wxf5XfqI
qpOynJB02thXrTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06
GkwLFJHNv2tU+tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3Vus
pVz+6pU2xgl3nrAVMQHB4fReQPH0pQIDAQABow0wCzAJBgNVHUIEAgUAMAsGCSqG
SIb3DQEBBQMBAA==
-----END CERTIFICATE-----

11
test/certs/ext-indirectIssuer.pem Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN CERTIFICATE-----
MIIBhjCCAXKgAwIBAgIDAQIDMAsGCSqGSIb3DQEBBTAAMCIYDzIwMjEwODMxMDIy
NzM4WhgPMjAyMTA4MzEwMjI3MzhaMAAwggEgMAsGCSqGSIb3DQEBAQOCAQ8AMIIB
CgKCAQEAtnjLm1ts1hC4fNNt3UnQD9y73bDXgioTyWYSI3ca/KNfuTydjFTEYAmq
nuGrBOUfgbmH3PRQ0AmpqljgWTb3d3K8H4UFvDWQTPSS21IMjm8oqd19nE5GxWir
Gu0oDRzhWLHe1RZ7ZrohCPg/1Ocsy47QZuK2laFB0rEmrRWBmEYbDl3/wxf5XfqI
qpOynJB02thXrTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06
GkwLFJHNv2tU+tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3Vus
pVz+6pU2xgl3nrAVMQHB4fReQPH0pQIDAQABow0wCzAJBgNVHT0EAgUAMAsGCSqG
SIb3DQEBBQMBAA==
-----END CERTIFICATE-----

11
test/certs/ext-noAssertion.pem Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN CERTIFICATE-----
MIIBhjCCAXKgAwIBAgIDAQIDMAsGCSqGSIb3DQEBBTAAMCIYDzIwMjEwODMwMDA1
NDMyWhgPMjAyMTA4MzAwMDU0MzJaMAAwggEgMAsGCSqGSIb3DQEBAQOCAQ8AMIIB
CgKCAQEAtnjLm1ts1hC4fNNt3UnQD9y73bDXgioTyWYSI3ca/KNfuTydjFTEYAmq
nuGrBOUfgbmH3PRQ0AmpqljgWTb3d3K8H4UFvDWQTPSS21IMjm8oqd19nE5GxWir
Gu0oDRzhWLHe1RZ7ZrohCPg/1Ocsy47QZuK2laFB0rEmrRWBmEYbDl3/wxf5XfqI
qpOynJB02thXrTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06
GkwLFJHNv2tU+tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3Vus
pVz+6pU2xgl3nrAVMQHB4fReQPH0pQIDAQABow0wCzAJBgNVHT4EAgUAMAsGCSqG
SIb3DQEBBQMBAA==
-----END CERTIFICATE-----

11
test/certs/ext-noRevAvail.pem Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN CERTIFICATE-----
MIIBiTCCAXWgAwIBAgIDAQIDMAsGCSqGSIb3DQEBBTAAMCIYDzIwMjEwOTE1MDAw
OTM1WhgPMjAyMTA5MTUwMDA5MzVaMAAwggEgMAsGCSqGSIb3DQEBAQOCAQ8AMIIB
CgKCAQEAtnjLm1ts1hC4fNNt3UnQD9y73bDXgioTyWYSI3ca/KNfuTydjFTEYAmq
nuGrBOUfgbmH3PRQ0AmpqljgWTb3d3K8H4UFvDWQTPSS21IMjm8oqd19nE5GxWir
Gu0oDRzhWLHe1RZ7ZrohCPg/1Ocsy47QZuK2laFB0rEmrRWBmEYbDl3/wxf5XfqI
qpOynJB02thXrTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06
GkwLFJHNv2tU+tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3Vus
pVz+6pU2xgl3nrAVMQHB4fReQPH0pQIDAQABoxAwDjAMBgNVHTgBAf8EAgUAMAsG
CSqGSIb3DQEBBQMBAA==
-----END CERTIFICATE-----

11
test/certs/ext-sOAIdentifier.pem Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN CERTIFICATE-----
MIIBhjCCAXKgAwIBAgIDAQIDMAsGCSqGSIb3DQEBBTAAMCIYDzIwMjEwODMwMDA1
NDA4WhgPMjAyMTA4MzAwMDU0MDhaMAAwggEgMAsGCSqGSIb3DQEBAQOCAQ8AMIIB
CgKCAQEAtnjLm1ts1hC4fNNt3UnQD9y73bDXgioTyWYSI3ca/KNfuTydjFTEYAmq
nuGrBOUfgbmH3PRQ0AmpqljgWTb3d3K8H4UFvDWQTPSS21IMjm8oqd19nE5GxWir
Gu0oDRzhWLHe1RZ7ZrohCPg/1Ocsy47QZuK2laFB0rEmrRWBmEYbDl3/wxf5XfqI
qpOynJB02thXrTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06
GkwLFJHNv2tU+tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3Vus
pVz+6pU2xgl3nrAVMQHB4fReQPH0pQIDAQABow0wCzAJBgNVHTIEAgUAMAsGCSqG
SIb3DQEBBQMBAA==
-----END CERTIFICATE-----

12
test/certs/ext-singleUse.pem Normal file
View File

@ -0,0 +1,12 @@
-----BEGIN CERTIFICATE-----
MIIBrzCCAZmgAwIBAgIEDCI4TjANBgkqhkiG9w0BAQUFADARMQ8wDQYDVQQDDAZI
aSBtb20wIhgPMjAyMzA3MDExMzA4MDRaGA8yMDIzMDcwMTEzMDgwNFowETEPMA0G
A1UEAwwGSGkgbW9tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtnjL
m1ts1hC4fNNt3UnQD9y73bDXgioTyWYSI3ca/KNfuTydjFTEYAmqnuGrBOUfgbmH
3PRQ0AmpqljgWTb3d3K8H4UFvDWQTPSS21IMjm8oqd19nE5GxWirGu0oDRzhWLHe
1RZ7ZrohCPg/1Ocsy47QZuK2laFB0rEmrRWBmEYbDl3/wxf5XfqIqpOynJB02thX
rTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06GkwLFJHNv2tU
+tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3VuspVz+6pU2xgl3
nrAVMQHB4fReQPH0pQIDAQABow0wCzAJBgNVHUEEAgUAMA0GCSqGSIb3DQEBBQUA
AwEA
-----END CERTIFICATE-----

26
test/recipes/25-test_x509.t
View File

@ -16,7 +16,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/;
setup("test_x509");
plan tests => 37;
plan tests => 43;
# Prevent MSys2 filename munging for arguments that look like file paths but
# aren't
@ -110,6 +110,30 @@ cert_contains(srctop_file(@certs, "fake-gp.pem"),
"2.16.528.1.1003.1.3.5.5.2-1-0000006666-Z-12345678-01.015-12345678",
1, 'x500 -- subjectAltName');
cert_contains(srctop_file(@certs, "ext-noAssertion.pem"),
"No Assertion",
1, 'X.509 Not Assertion Extension');
cert_contains(srctop_file(@certs, "ext-groupAC.pem"),
"Group Attribute Certificate",
1, 'X.509 Group Attribute Certificate Extension');
cert_contains(srctop_file(@certs, "ext-sOAIdentifier.pem"),
"Source of Authority",
1, 'X.509 Source of Authority Extension');
cert_contains(srctop_file(@certs, "ext-noRevAvail.pem"),
"No Revocation Available",
1, 'X.509 No Revocation Available');
cert_contains(srctop_file(@certs, "ext-singleUse.pem"),
"Single Use",
1, 'X509v3 Single Use');
cert_contains(srctop_file(@certs, "ext-indirectIssuer.pem"),
"Indirect Issuer",
1, 'X.509 Indirect Issuer');
sub test_errors { # actually tests diagnostics of OSSL_STORE
my ($expected, $cert, @opts) = @_;
my $infile = srctop_file(@certs, $cert);