Lutz Jaenicke 61a9767691 X509: add tests for purpose code signing in verify application ...

Correct configuration according to CA Browser forum:
  KU: critical,digitalSignature
  XKU: codeSiging

Note: I did not find any other document formally defining the requirements
for code signing certificates.

Some combinations are explicitly forbidden, some flags can be ignored

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18567)

2022-08-18 10:24:53 +02:00

..

alt1-cert.pem

Limit scope of CN name constraints

2018-05-23 11:12:13 -04:00

alt1-key.pem

Limit scope of CN name constraints

2018-05-23 11:12:13 -04:00

alt2-cert.pem

Extend mkcert.sh to support nameConstraints generation and more complex

2016-07-11 23:30:04 +01:00

alt2-key.pem

Extend mkcert.sh to support nameConstraints generation and more complex

2016-07-11 23:30:04 +01:00

alt3-cert.pem

Extend mkcert.sh to support nameConstraints generation and more complex

2016-07-11 23:30:04 +01:00

alt3-key.pem

Extend mkcert.sh to support nameConstraints generation and more complex

2016-07-11 23:30:04 +01:00

bad-othername-namec-inter.pem

Test a bad SmtpUTF8Mailbox name constraint

2021-06-04 17:18:31 +01:00

bad-othername-namec-key.pem

Test a bad SmtpUTF8Mailbox name constraint

2021-06-04 17:18:31 +01:00

bad-othername-namec.pem

Test a bad SmtpUTF8Mailbox name constraint

2021-06-04 17:18:31 +01:00

bad-pc3-cert.pem

Create some proxy certificates

2016-06-20 21:34:37 +02:00

bad-pc3-key.pem

Create some proxy certificates

2016-06-20 21:34:37 +02:00

bad-pc4-cert.pem

Create some proxy certificates

2016-06-20 21:34:37 +02:00

bad-pc4-key.pem

Create some proxy certificates

2016-06-20 21:34:37 +02:00

bad-pc6-cert.pem

Create some proxy certificates

2016-06-20 21:34:37 +02:00

bad-pc6-key.pem

Create some proxy certificates

2016-06-20 21:34:37 +02:00

bad.key

Add test for CVE-2015-1793

2015-07-07 21:57:11 +01:00

bad.pem

Add test for CVE-2015-1793

2015-07-07 21:57:11 +01:00

badalt1-cert.pem

Extend mkcert.sh to support nameConstraints generation and more complex

2016-07-11 23:30:04 +01:00

badalt1-key.pem

Extend mkcert.sh to support nameConstraints generation and more complex

2016-07-11 23:30:04 +01:00

badalt2-cert.pem

Extend mkcert.sh to support nameConstraints generation and more complex

2016-07-11 23:30:04 +01:00

badalt2-key.pem

Extend mkcert.sh to support nameConstraints generation and more complex

2016-07-11 23:30:04 +01:00

badalt3-cert.pem

Extend mkcert.sh to support nameConstraints generation and more complex

2016-07-11 23:30:04 +01:00

badalt3-key.pem

Extend mkcert.sh to support nameConstraints generation and more complex

2016-07-11 23:30:04 +01:00

badalt4-cert.pem

Extend mkcert.sh to support nameConstraints generation and more complex

2016-07-11 23:30:04 +01:00

badalt4-key.pem

Extend mkcert.sh to support nameConstraints generation and more complex

2016-07-11 23:30:04 +01:00

badalt5-cert.pem

Extend mkcert.sh to support nameConstraints generation and more complex

2016-07-11 23:30:04 +01:00

badalt5-key.pem

Extend mkcert.sh to support nameConstraints generation and more complex

2016-07-11 23:30:04 +01:00

badalt6-cert.pem

Limit scope of CN name constraints

2018-05-23 11:12:13 -04:00

badalt6-key.pem

Limit scope of CN name constraints

2018-05-23 11:12:13 -04:00

badalt7-cert.pem

Limit scope of CN name constraints

2018-05-23 11:12:13 -04:00

badalt7-key.pem

Limit scope of CN name constraints

2018-05-23 11:12:13 -04:00

badalt8-cert.pem

Extend mkcert.sh to support nameConstraints generation and more complex

2016-07-11 23:30:04 +01:00

badalt8-key.pem

Extend mkcert.sh to support nameConstraints generation and more complex

2016-07-11 23:30:04 +01:00

badalt9-cert.pem

Extend mkcert.sh to support nameConstraints generation and more complex

2016-07-11 23:30:04 +01:00

badalt9-key.pem

Extend mkcert.sh to support nameConstraints generation and more complex

2016-07-11 23:30:04 +01:00

badalt10-cert.pem

Extend mkcert.sh to support nameConstraints generation and more complex

2016-07-11 23:30:04 +01:00

badalt10-key.pem

Extend mkcert.sh to support nameConstraints generation and more complex

2016-07-11 23:30:04 +01:00

badcn1-cert.pem

Limit scope of CN name constraints

2018-05-23 11:12:13 -04:00

badcn1-key.pem

Limit scope of CN name constraints

2018-05-23 11:12:13 -04:00

ca-anyEKU.pem

Compat self-signed trust with reject-only aux data

2016-01-31 21:24:12 -05:00

ca-cert2.pem

make various test CA certs RFC 5280 compliant w.r.t. X509 extensions

2021-01-20 15:53:47 +01:00

ca-cert-768.pem

make various test CA certs RFC 5280 compliant w.r.t. X509 extensions

2021-01-20 15:53:47 +01:00

ca-cert-768i.pem

make various test CA certs RFC 5280 compliant w.r.t. X509 extensions

2021-01-20 15:53:47 +01:00

ca-cert-ec-explicit.pem

make various test CA certs RFC 5280 compliant w.r.t. X509 extensions

2021-01-20 15:53:47 +01:00

ca-cert-ec-named.pem

make various test CA certs RFC 5280 compliant w.r.t. X509 extensions

2021-01-20 15:53:47 +01:00

ca-cert-md5-any.pem

make various test CA certs RFC 5280 compliant w.r.t. X509 extensions

2021-01-20 15:53:47 +01:00

ca-cert-md5.pem

make various test CA certs RFC 5280 compliant w.r.t. X509 extensions

2021-01-20 15:53:47 +01:00

ca-cert.pem

make various test CA certs RFC 5280 compliant w.r.t. X509 extensions

2021-01-20 15:53:47 +01:00

ca-clientAuth.pem

Compat self-signed trust with reject-only aux data

2016-01-31 21:24:12 -05:00

ca-expired.pem

make various test CA certs RFC 5280 compliant w.r.t. X509 extensions

2021-01-20 15:53:47 +01:00

ca-key2.pem

Commit pre-generated test_verify certs

2016-01-20 19:03:14 -05:00

ca-key-768.pem

Move peer chain security checks into x509_vfy.c

2016-04-03 11:35:35 -04:00

ca-key-ec-explicit.pem

Disallow certs with explicit curve in verification chain

2020-09-17 17:15:15 +02:00

ca-key-ec-named.pem

Disallow certs with explicit curve in verification chain

2020-09-17 17:15:15 +02:00

ca-key.pem

Commit pre-generated test_verify certs

2016-01-20 19:03:14 -05:00

ca-name2.pem

make various test CA certs RFC 5280 compliant w.r.t. X509 extensions

2021-01-20 15:53:47 +01:00

ca-nonbc.pem

make various test CA certs RFC 5280 compliant w.r.t. X509 extensions

2021-01-20 15:53:47 +01:00

ca-nonca.pem

make various test CA certs RFC 5280 compliant w.r.t. X509 extensions

2021-01-20 15:53:47 +01:00

ca-pss-cert.pem

check_sig_alg_match(): weaken sig nid comparison to allow RSA{,PSS} key verify RSA-PSS

2021-01-28 15:05:04 +01:00

ca-pss-key.pem

check_sig_alg_match(): weaken sig nid comparison to allow RSA{,PSS} key verify RSA-PSS

2021-01-28 15:05:04 +01:00

ca-root2.pem

make various test CA certs RFC 5280 compliant w.r.t. X509 extensions

2021-01-20 15:53:47 +01:00

ca-serverAuth.pem

Commit pre-generated test_verify certs

2016-01-20 19:03:14 -05:00

ca+anyEKU.pem

Compat self-signed trust with reject-only aux data

2016-01-31 21:24:12 -05:00

ca+clientAuth.pem

Commit pre-generated test_verify certs

2016-01-20 19:03:14 -05:00

ca+serverAuth.pem

Commit pre-generated test_verify certs

2016-01-20 19:03:14 -05:00

cca-anyEKU.pem

make various test CA certs RFC 5280 compliant w.r.t. X509 extensions

2021-01-20 15:53:47 +01:00

cca-cert.pem

make various test CA certs RFC 5280 compliant w.r.t. X509 extensions

2021-01-20 15:53:47 +01:00

cca-clientAuth.pem

test/certs/setup.sh: Fix two glitches

2021-05-05 09:51:39 +02:00

cca-serverAuth.pem

make various test CA certs RFC 5280 compliant w.r.t. X509 extensions

2021-01-20 15:53:47 +01:00

cca+anyEKU.pem

make various test CA certs RFC 5280 compliant w.r.t. X509 extensions

2021-01-20 15:53:47 +01:00

cca+clientAuth.pem

make various test CA certs RFC 5280 compliant w.r.t. X509 extensions

2021-01-20 15:53:47 +01:00

cca+serverAuth.pem

make various test CA certs RFC 5280 compliant w.r.t. X509 extensions

2021-01-20 15:53:47 +01:00

cert-key-cert.pem

test_pem_reading: Test loading a key from a file with multiple PEM data

2021-07-02 15:33:34 +02:00

client-ed448-cert.pem

Update tests for TLS Ed448

2018-03-05 11:39:44 +00:00

client-ed448-key.pem

Update tests for TLS Ed448

2018-03-05 11:39:44 +00:00

client-ed25519-cert.pem

Add Ed25519 EE certificates

2017-06-21 14:11:01 +01:00

client-ed25519-key.pem

Add Ed25519 EE certificates

2017-06-21 14:11:01 +01:00

client-pss-restrict-cert.pem

Enable setting SSL_CERT_FLAG_TLS_STRICT with ssl config

2022-06-03 13:22:42 +10:00

client-pss-restrict-key.pem

Enable setting SSL_CERT_FLAG_TLS_STRICT with ssl config

2022-06-03 13:22:42 +10:00

croot-anyEKU.pem

Compat self-signed trust with reject-only aux data

2016-01-31 21:24:12 -05:00

croot-cert.pem

make various test CA certs RFC 5280 compliant w.r.t. X509 extensions

2021-01-20 15:53:47 +01:00

croot-clientAuth.pem

Compat self-signed trust with reject-only aux data

2016-01-31 21:24:12 -05:00

croot-serverAuth.pem

Compat self-signed trust with reject-only aux data

2016-01-31 21:24:12 -05:00

croot+anyEKU.pem

Compat self-signed trust with reject-only aux data

2016-01-31 21:24:12 -05:00

croot+clientAuth.pem

Compat self-signed trust with reject-only aux data

2016-01-31 21:24:12 -05:00

croot+serverAuth.pem

Compat self-signed trust with reject-only aux data

2016-01-31 21:24:12 -05:00

cross-key.pem

Test for DANE cross cert fix

2021-09-03 00:11:53 -04:00

cross-root.pem

Test for DANE cross cert fix

2021-09-03 00:11:53 -04:00

ct-server-key-public.pem

Create a new embeddedSCTs1 that's signed using SHA256

2020-02-05 22:04:37 +01:00

ct-server-key.pem

Create a new embeddedSCTs1 that's signed using SHA256

2020-02-05 22:04:37 +01:00

cyrillic_crl.pem

Switch command-line utils to new nameopt API.

2017-04-25 12:37:17 -04:00

cyrillic_crl.utf8

add 'Signature Value:' line and correct indentation when printing X.509 signature value

2019-03-18 17:20:23 +00:00

cyrillic.msb

Fix the expected output of printing certificates

2021-06-08 18:53:28 +01:00

cyrillic.pem

test/x509: Test for issuer being overwritten when printing.

2021-03-04 12:15:37 +01:00

cyrillic.utf8

Fix the expected output of printing certificates

2021-06-08 18:53:28 +01:00

dhk2048.pem

TEST: Prefer using precomputed RSA and DH keys for more efficient tests

2021-05-27 11:06:01 +02:00

dhp2048.pem

test_ssl_new: X448, X25519, and EdDSA are supported with fips

2021-03-03 10:00:21 +10:00

ec_privkey_with_chain.pem

d2i_PrivateKey{,_ex}() and PEM_X509_INFO_read_bio_ex(): Fix handling of RSA/DSA/EC private key

2021-04-08 15:18:58 +02:00

ee-cert2.pem

Commit pre-generated test_verify certs

2016-01-20 19:03:14 -05:00

ee-cert-768.pem

Move peer chain security checks into x509_vfy.c

2016-04-03 11:35:35 -04:00

ee-cert-768i.pem

Move peer chain security checks into x509_vfy.c

2016-04-03 11:35:35 -04:00

ee-cert-1024.pem

Add some additional test certificates/keys

2020-11-18 14:14:53 +00:00

ee-cert-3072.pem

Add some additional test certificates/keys

2020-11-18 14:14:53 +00:00

ee-cert-4096.pem

Add some additional test certificates/keys

2020-11-18 14:14:53 +00:00

ee-cert-8192.pem

Add some additional test certificates/keys

2020-11-18 14:14:53 +00:00

ee-cert-crit-unknown-ext.pem

Implement treatment of id-pkix-ocsp-no-check extension for OCSP_basic_verify()

2020-09-26 14:03:44 +02:00

ee-cert-ec-explicit.pem

Disallow certs with explicit curve in verification chain

2020-09-17 17:15:15 +02:00

ee-cert-ec-named-explicit.pem

Disallow certs with explicit curve in verification chain

2020-09-17 17:15:15 +02:00

ee-cert-ec-named-named.pem

Disallow certs with explicit curve in verification chain

2020-09-17 17:15:15 +02:00

ee-cert-md5.pem

Move peer chain security checks into x509_vfy.c

2016-04-03 11:35:35 -04:00

ee-cert-noncrit-unknown-ext.pem

Implement treatment of id-pkix-ocsp-no-check extension for OCSP_basic_verify()

2020-09-26 14:03:44 +02:00

ee-cert-ocsp-nocheck.pem

Implement treatment of id-pkix-ocsp-no-check extension for OCSP_basic_verify()

2020-09-26 14:03:44 +02:00

ee-cert.pem

Commit pre-generated test_verify certs

2016-01-20 19:03:14 -05:00

ee-client-chain.pem

Update client authentication tests

2016-06-03 11:59:46 +02:00

ee-client.pem

Commit pre-generated test_verify certs

2016-01-20 19:03:14 -05:00

ee-clientAuth.pem

Commit pre-generated test_verify certs

2016-01-20 19:03:14 -05:00

ee-codesign-anyextkeyusage.pem

X509: add tests for purpose code signing in verify application

2022-08-18 10:24:53 +02:00

ee-codesign-crlsign.pem

X509: add tests for purpose code signing in verify application

2022-08-18 10:24:53 +02:00

ee-codesign-keycertsign.pem

X509: add tests for purpose code signing in verify application

2022-08-18 10:24:53 +02:00

ee-codesign-noncritical.pem

X509: add tests for purpose code signing in verify application

2022-08-18 10:24:53 +02:00

ee-codesign-serverauth.pem

X509: add tests for purpose code signing in verify application

2022-08-18 10:24:53 +02:00

ee-codesign.pem

X509: add tests for purpose code signing in verify application

2022-08-18 10:24:53 +02:00

ee-ecdsa-client-chain.pem

Add ECDSA client certificates

2017-02-16 16:43:44 +00:00

ee-ecdsa-key.pem

Add ECDSA client certificates

2017-02-16 16:43:44 +00:00

ee-ed25519.pem

Add Ed25519 verify test.

2017-05-30 20:38:20 +01:00

ee-expired.pem

Commit pre-generated test_verify certs

2016-01-20 19:03:14 -05:00

ee-key-768.pem

Move peer chain security checks into x509_vfy.c

2016-04-03 11:35:35 -04:00

ee-key-1024.pem

Add some additional test certificates/keys

2020-11-18 14:14:53 +00:00

ee-key-3072.pem

Add some additional test certificates/keys

2020-11-18 14:14:53 +00:00

ee-key-4096.pem

Add some additional test certificates/keys

2020-11-18 14:14:53 +00:00

ee-key-8192.pem

Add some additional test certificates/keys

2020-11-18 14:14:53 +00:00

ee-key-ec-explicit.pem

Disallow certs with explicit curve in verification chain

2020-09-17 17:15:15 +02:00

ee-key-ec-named-explicit.pem

Disallow certs with explicit curve in verification chain

2020-09-17 17:15:15 +02:00

ee-key-ec-named-named.pem

Disallow certs with explicit curve in verification chain

2020-09-17 17:15:15 +02:00

ee-key.pem

Commit pre-generated test_verify certs

2016-01-20 19:03:14 -05:00

ee-name2.pem

Commit pre-generated test_verify certs

2016-01-20 19:03:14 -05:00

ee-pathlen.pem

update test/certs/ee-pathlen.pem to contain SKID and AKID

2021-05-05 09:51:39 +02:00

ee-pss-cert.pem

check_sig_alg_match(): weaken sig nid comparison to allow RSA{,PSS} key verify RSA-PSS

2021-01-28 15:05:04 +01:00

ee-pss-sha1-cert.pem

Add certificates with PSS signatures

2017-04-25 22:12:34 +01:00

ee-pss-sha256-cert.pem

Add certificates with PSS signatures

2017-04-25 22:12:34 +01:00

ee-pss-wrong1.5-cert.pem

check_sig_alg_match(): weaken sig nid comparison to allow RSA{,PSS} key verify RSA-PSS

2021-01-28 15:05:04 +01:00

ee-self-signed.pem

ee-self-signed.pem: Restore original version, adding -attime to 25-test_verify.t

2021-06-02 14:49:13 +02:00

ee-serverAuth.pem

Commit pre-generated test_verify certs

2016-01-20 19:03:14 -05:00

ee-ss-with-keyCertSign.pem

25-test_verify.t: Add test case: accept trusted self-signed EE cert with key usage keyCertSign also when strict

2021-06-09 16:06:10 +02:00

ee-timestampsign-CABforum-anyextkeyusage.pem

Add test cases for verification of time stamping certificates

2022-06-22 16:58:08 +10:00

ee-timestampsign-CABforum-crlsign.pem

Add test cases for verification of time stamping certificates

2022-06-22 16:58:08 +10:00

ee-timestampsign-CABforum-keycertsign.pem

Add test cases for verification of time stamping certificates

2022-06-22 16:58:08 +10:00

ee-timestampsign-CABforum-noncritxku.pem

Add test cases for verification of time stamping certificates

2022-06-22 16:58:08 +10:00

ee-timestampsign-CABforum-serverauth.pem

Add test cases for verification of time stamping certificates

2022-06-22 16:58:08 +10:00

ee-timestampsign-CABforum.pem

Add test cases for verification of time stamping certificates

2022-06-22 16:58:08 +10:00

ee-timestampsign-rfc3161-digsig.pem

Add test cases for verification of time stamping certificates

2022-06-22 16:58:08 +10:00

ee-timestampsign-rfc3161-noncritxku.pem

Add test cases for verification of time stamping certificates

2022-06-22 16:58:08 +10:00

ee-timestampsign-rfc3161.pem

Add test cases for verification of time stamping certificates

2022-06-22 16:58:08 +10:00

ee+clientAuth.pem

Commit pre-generated test_verify certs

2016-01-20 19:03:14 -05:00

ee+serverAuth.pem

Commit pre-generated test_verify certs

2016-01-20 19:03:14 -05:00

embeddedSCTs1_issuer-key.pem

Change the SCT issuer key to RSA 2048

2022-06-03 17:17:08 +02:00

embeddedSCTs1_issuer.pem

Change the SCT issuer key to RSA 2048

2022-06-03 17:17:08 +02:00

embeddedSCTs1-key.pem

Create a new embeddedSCTs1 that's signed using SHA256

2020-02-05 22:04:37 +01:00

embeddedSCTs1.pem

Change the SCT issuer key to RSA 2048

2022-06-03 17:17:08 +02:00

embeddedSCTs1.sct

Change the SCT issuer key to RSA 2048

2022-06-03 17:17:08 +02:00

embeddedSCTs1.tlssct

Create a new embeddedSCTs1 that's signed using SHA256

2020-02-05 22:04:37 +01:00

embeddedSCTs3_issuer.pem

CT policy validation

2016-03-01 20:03:25 +00:00

embeddedSCTs3.pem

Tests for parsing and printing certificates containing SCTs

2016-02-25 13:59:11 -05:00

embeddedSCTs3.sct

Create a new embeddedSCTs1 that's signed using SHA256

2020-02-05 22:04:37 +01:00

ext-check.csr

25-test_req.t: Add systematic SKID+AKID tests for self-issued (incl. self-signed) certs

2021-11-11 20:18:56 +01:00

fake-gp.pem

Add support for unusal 'othername' subjectAltNames

2020-04-25 18:52:30 +03:00

goodcn1-cert.pem

Limit scope of CN name constraints

2018-05-23 11:12:13 -04:00

goodcn1-key.pem

Limit scope of CN name constraints

2018-05-23 11:12:13 -04:00

goodcn2-cert.pem

Add a new Name Constraints test cert

2021-12-14 13:48:34 +00:00

goodcn2-chain.pem

Add a TLS test for name constraints with an EE cert without a SAN

2021-12-14 13:48:34 +00:00

goodcn2-key.pem

Add a new Name Constraints test cert

2021-12-14 13:48:34 +00:00

grfc.pem

Issuer Sign Tool extention support

2020-03-25 15:33:53 +03:00

interCA.key

Add test for CVE-2015-1793

2015-07-07 21:57:11 +01:00

interCA.pem

Add test for CVE-2015-1793

2015-07-07 21:57:11 +01:00

invalid-cert.pem

X509_cmp(): Fix comparison in case x509v3_cache_extensions() failed to due to invalid cert

2021-01-13 11:19:17 +01:00

key-pass-12345.pem

PEM_X509_INFO_read_bio_ex(): Generalize to allow parsing any type of private key

2021-04-08 15:18:58 +02:00

leaf-chain.pem

Fix NULL access in ssl_build_cert_chain() when ctx is NULL.

2021-03-03 16:16:19 +10:00

leaf-encrypted.key

Test that PEM_BUFSIZE is passed into pem_password_cb

2022-01-03 10:35:36 +01:00

leaf.key

Add test for CVE-2015-1793

2015-07-07 21:57:11 +01:00

leaf.pem

Add test for CVE-2015-1793

2015-07-07 21:57:11 +01:00

many-constraints.pem

Guard against DoS in name constraints handling.

2017-09-22 22:00:55 +02:00

many-names1.pem

Guard against DoS in name constraints handling.

2017-09-22 22:00:55 +02:00

many-names2.pem

Guard against DoS in name constraints handling.

2017-09-22 22:00:55 +02:00

many-names3.pem

Guard against DoS in name constraints handling.

2017-09-22 22:00:55 +02:00

mkcert.sh

X509: add tests for purpose code signing in verify application

2022-08-18 10:24:53 +02:00

nca+anyEKU.pem

test/certs/setup.sh: Fix two glitches

2021-05-05 09:51:39 +02:00

nca+serverAuth.pem

Add tests for non-ca trusted roots and intermediates

2016-01-31 21:24:16 -05:00

ncca1-cert.pem

make various test CA certs RFC 5280 compliant w.r.t. X509 extensions

2021-01-20 15:53:47 +01:00

ncca1-key.pem

Extend mkcert.sh to support nameConstraints generation and more complex

2016-07-11 23:30:04 +01:00

ncca2-cert.pem

make various test CA certs RFC 5280 compliant w.r.t. X509 extensions

2021-01-20 15:53:47 +01:00

ncca2-key.pem

Extend mkcert.sh to support nameConstraints generation and more complex

2016-07-11 23:30:04 +01:00

ncca3-cert.pem

make various test CA certs RFC 5280 compliant w.r.t. X509 extensions

2021-01-20 15:53:47 +01:00

ncca3-key.pem

Extend mkcert.sh to support nameConstraints generation and more complex

2016-07-11 23:30:04 +01:00

ncca-cert.pem

Extend mkcert.sh to support nameConstraints generation and more complex

2016-07-11 23:30:04 +01:00

ncca-key.pem

Extend mkcert.sh to support nameConstraints generation and more complex

2016-07-11 23:30:04 +01:00

nroot+anyEKU.pem

Add tests for non-ca trusted roots and intermediates

2016-01-31 21:24:16 -05:00

nroot+serverAuth.pem

Add tests for non-ca trusted roots and intermediates

2016-01-31 21:24:16 -05:00

p256-server-cert.pem

Add P-384 root and P-384, P-256 EE certificates.

2017-02-24 23:30:49 +00:00

p256-server-key.pem

Add P-384 root and P-384, P-256 EE certificates.

2017-02-24 23:30:49 +00:00

p384-root-key.pem

Add P-384 root and P-384, P-256 EE certificates.

2017-02-24 23:30:49 +00:00

p384-root.pem

Add P-384 root and P-384, P-256 EE certificates.

2017-02-24 23:30:49 +00:00

p384-server-cert.pem

Add P-384 root and P-384, P-256 EE certificates.

2017-02-24 23:30:49 +00:00

p384-server-key.pem

Add P-384 root and P-384, P-256 EE certificates.

2017-02-24 23:30:49 +00:00

pathlen.pem

Add some accessor API's

2016-06-08 11:37:06 -04:00

pc1-cert.pem

Create some proxy certificates

2016-06-20 21:34:37 +02:00

pc1-key.pem

Create some proxy certificates

2016-06-20 21:34:37 +02:00

pc2-cert.pem

Create some proxy certificates

2016-06-20 21:34:37 +02:00

pc2-key.pem

Create some proxy certificates

2016-06-20 21:34:37 +02:00

pc5-cert.pem

Create some proxy certificates

2016-06-20 21:34:37 +02:00

pc5-key.pem

Create some proxy certificates

2016-06-20 21:34:37 +02:00

root2-serverAuth.pem

Check chain extensions also for trusted certificates

2016-01-31 21:23:23 -05:00

root2+clientAuth.pem

Check chain extensions also for trusted certificates

2016-01-31 21:23:23 -05:00

root2+serverAuth.pem

Check chain extensions also for trusted certificates

2016-01-31 21:23:23 -05:00

root-anyEKU.pem

Check chain extensions also for trusted certificates

2016-01-31 21:23:23 -05:00

root-cert2.pem

make various test CA certs RFC 5280 compliant w.r.t. X509 extensions

2021-01-20 15:53:47 +01:00

root-cert-768.pem

make various test CA certs RFC 5280 compliant w.r.t. X509 extensions

2021-01-20 15:53:47 +01:00

root-cert-md5.pem

make various test CA certs RFC 5280 compliant w.r.t. X509 extensions

2021-01-20 15:53:47 +01:00

root-cert-rsa2.pem

Fix cert with rsa instead of rsaEncryption as public key algorithm

2018-12-31 09:47:12 +01:00

root-cert.pem

make various test CA certs RFC 5280 compliant w.r.t. X509 extensions

2021-01-20 15:53:47 +01:00

root-clientAuth.pem

Compat self-signed trust with reject-only aux data

2016-01-31 21:24:12 -05:00

root-cross-cert.pem

Test for DANE cross cert fix

2021-09-03 00:11:53 -04:00

root-ed448-cert.pem

make various test CA certs RFC 5280 compliant w.r.t. X509 extensions

2021-01-20 15:53:47 +01:00

root-ed448-key.pem

Generate new Ed488 certificates

2020-02-11 23:23:42 +01:00

root-ed25519.pem

Add Ed25519 verify test.

2017-05-30 20:38:20 +01:00

root-ed25519.privkey.pem

Configure: make C++ build tests optional and configurable

2019-03-05 09:26:13 +01:00

root-ed25519.pubkey.pem

Configure: make C++ build tests optional and configurable

2019-03-05 09:26:13 +01:00

root-expired.pem

make various test CA certs RFC 5280 compliant w.r.t. X509 extensions

2021-01-20 15:53:47 +01:00

root-key2.pem

Commit pre-generated test_verify certs

2016-01-20 19:03:14 -05:00

root-key-768.pem

Move peer chain security checks into x509_vfy.c

2016-04-03 11:35:35 -04:00

root-key.pem

Commit pre-generated test_verify certs

2016-01-20 19:03:14 -05:00

root-name2.pem

make various test CA certs RFC 5280 compliant w.r.t. X509 extensions

2021-01-20 15:53:47 +01:00

root-nonca.pem

Commit pre-generated test_verify certs

2016-01-20 19:03:14 -05:00

root-noserver.pem

More X509_verify_cert() tests via verify(1).

2016-01-20 19:04:11 -05:00

root-serverAuth.pem

Commit pre-generated test_verify certs

2016-01-20 19:03:14 -05:00

root+anyEKU.pem

Check chain extensions also for trusted certificates

2016-01-31 21:23:23 -05:00

root+clientAuth.pem

Commit pre-generated test_verify certs

2016-01-20 19:03:14 -05:00

root+serverAuth.pem

Commit pre-generated test_verify certs

2016-01-20 19:03:14 -05:00

rootCA.key

Add test for CVE-2015-1793

2015-07-07 21:57:11 +01:00

rootCA.pem

Add test for CVE-2015-1793

2015-07-07 21:57:11 +01:00

rootcert.pem

More X509_verify_cert() tests via verify(1).

2016-01-20 19:04:11 -05:00

rootkey.pem

More X509_verify_cert() tests via verify(1).

2016-01-20 19:04:11 -05:00

roots.pem

Add test for CVE-2015-1793

2015-07-07 21:57:11 +01:00

sca-anyEKU.pem

make various test CA certs RFC 5280 compliant w.r.t. X509 extensions

2021-01-20 15:53:47 +01:00

sca-cert.pem

make various test CA certs RFC 5280 compliant w.r.t. X509 extensions

2021-01-20 15:53:47 +01:00

sca-clientAuth.pem

make various test CA certs RFC 5280 compliant w.r.t. X509 extensions

2021-01-20 15:53:47 +01:00

sca-serverAuth.pem

make various test CA certs RFC 5280 compliant w.r.t. X509 extensions

2021-01-20 15:53:47 +01:00

sca+anyEKU.pem

make various test CA certs RFC 5280 compliant w.r.t. X509 extensions

2021-01-20 15:53:47 +01:00

sca+clientAuth.pem

make various test CA certs RFC 5280 compliant w.r.t. X509 extensions

2021-01-20 15:53:47 +01:00

sca+serverAuth.pem

make various test CA certs RFC 5280 compliant w.r.t. X509 extensions

2021-01-20 15:53:47 +01:00

server-cecdsa-cert.pem

EC certificate with compression point

2017-02-24 23:52:22 +00:00

server-cecdsa-key.pem

EC certificate with compression point

2017-02-24 23:52:22 +00:00

server-dsa-cert.pem

Add DH parameters, DSA cert and key

2017-02-17 16:33:12 +00:00

server-dsa-key.pem

Add DH parameters, DSA cert and key

2017-02-17 16:33:12 +00:00

server-dsa-pubkey.pem

Prune low-level ASN.1 parse errors from error queue in der2key_decode() etc.

2020-09-30 20:49:44 +02:00

server-ecdsa-brainpoolP256r1-cert.pem

Add some test brainpool certificates

2018-11-12 11:10:21 +00:00

server-ecdsa-brainpoolP256r1-key.pem

Add some test brainpool certificates

2018-11-12 11:10:21 +00:00

server-ecdsa-cert.pem

add ECDSA test server certificate

2017-01-15 00:23:33 +00:00

server-ecdsa-key.pem

add ECDSA test server certificate

2017-01-15 00:23:33 +00:00

server-ed448-cert.pem

Generate new Ed488 certificates

2020-02-11 23:23:42 +01:00

server-ed448-key.pem

Update tests for TLS Ed448

2018-03-05 11:39:44 +00:00

server-ed25519-cert.pem

Add Ed25519 EE certificates

2017-06-21 14:11:01 +01:00

server-ed25519-key.pem

Add Ed25519 EE certificates

2017-06-21 14:11:01 +01:00

server-pss-cert.pem

Add RSA-PSS test certificates

2017-09-20 12:50:23 +01:00

server-pss-key.pem

Add RSA-PSS test certificates

2017-09-20 12:50:23 +01:00

server-pss-restrict-cert.pem

Add Restricted PSS certificate and key

2019-08-09 13:19:16 +01:00

server-pss-restrict-key.pem

Add Restricted PSS certificate and key

2019-08-09 13:19:16 +01:00

server-trusted.pem

More X509_verify_cert() tests via verify(1).

2016-01-20 19:04:11 -05:00

servercert.pem

More X509_verify_cert() tests via verify(1).

2016-01-20 19:04:11 -05:00

serverkey.pem

More X509_verify_cert() tests via verify(1).

2016-01-20 19:04:11 -05:00

setup.sh

X509: add tests for purpose code signing in verify application

2022-08-18 10:24:53 +02:00

sm2-ca-cert.pem

Update further expiring certificates that affect tests

2022-06-05 10:59:40 +02:00

sm2-csr.pem

Support SM2 certificate signing

2019-06-28 18:58:19 +08:00

sm2-root.crt

Update further expiring certificates that affect tests

2022-06-05 10:59:40 +02:00

sm2-root.key

Support SM2 certificate signing

2019-06-28 18:58:19 +08:00

sm2.key

Support raw input data in apps/pkeyutl

2019-02-27 10:05:17 +08:00

sm2.pem

Update further expiring certificates that affect tests

2022-06-05 10:59:40 +02:00

some-names1.pem

Guard against DoS in name constraints handling.

2017-09-22 22:00:55 +02:00

some-names2.pem

Guard against DoS in name constraints handling.

2017-09-22 22:00:55 +02:00

some-names3.pem

Guard against DoS in name constraints handling.

2017-09-22 22:00:55 +02:00

sroot-anyEKU.pem

Compat self-signed trust with reject-only aux data

2016-01-31 21:24:12 -05:00

sroot-cert.pem

make various test CA certs RFC 5280 compliant w.r.t. X509 extensions

2021-01-20 15:53:47 +01:00

sroot-clientAuth.pem

Compat self-signed trust with reject-only aux data

2016-01-31 21:24:12 -05:00

sroot-serverAuth.pem

Compat self-signed trust with reject-only aux data

2016-01-31 21:24:12 -05:00

sroot+anyEKU.pem

Compat self-signed trust with reject-only aux data

2016-01-31 21:24:12 -05:00

sroot+clientAuth.pem

Compat self-signed trust with reject-only aux data

2016-01-31 21:24:12 -05:00

sroot+serverAuth.pem

Compat self-signed trust with reject-only aux data

2016-01-31 21:24:12 -05:00

subinterCA-ss.pem

Add test for CVE-2015-1793

2015-07-07 21:57:11 +01:00

subinterCA.key

Add test for CVE-2015-1793

2015-07-07 21:57:11 +01:00

subinterCA.pem

Add test for CVE-2015-1793

2015-07-07 21:57:11 +01:00

timing-cert.pem

Rename the "timing" program to "timing_load_creds" and integrate it with test/build.info

2022-08-16 12:50:41 +02:00

timing-key.pem

Rename the "timing" program to "timing_load_creds" and integrate it with test/build.info

2022-08-16 12:50:41 +02:00

untrusted.pem

Add test for CVE-2015-1793

2015-07-07 21:57:11 +01:00

v3-certs-RC2.p12

apps: make use of OSSL_STORE for generalized certs and CRLs loading

2020-08-20 14:55:34 +02:00

v3-certs-TDES.p12

apps: make use of OSSL_STORE for generalized certs and CRLs loading

2020-08-20 14:55:34 +02:00

wrongcert.pem

More X509_verify_cert() tests via verify(1).

2016-01-20 19:04:11 -05:00

wrongkey.pem

More X509_verify_cert() tests via verify(1).

2016-01-20 19:04:11 -05:00

x509-check-key.pem

Add test cases for X509_check_private_key

2017-06-06 17:50:06 +01:00

x509-check.csr

Add test cases for X509_check_private_key

2017-06-06 17:50:06 +01:00