| | 1 | # test verification of the odd cert from GIP_CPS - it's an intermediate |
| | 2 | # cert in which subjectName == issuerName. This specifically verifies |
| | 3 | # Radar 3374978. |
| | 4 | # |
| | 5 | # This is suppoedly a CRL signing cert, and ideally we'd actually use |
| | 6 | # it to verify a CRL but I haven't found any CRLs associated with this |
| | 7 | # organization. FOr now we just make sure that the TPO can verify the cert |
| | 8 | # with the associated root in system anchors. |
| | 9 | # |
| | 10 | globals |
| | 11 | allowUnverified = true |
| | 12 | crlNetFetchEnable = false |
| | 13 | certNetFetchEnable = false |
| | 14 | useSystemAnchors = true |
| | 15 | end |
| | 16 | # |
| | 17 | test = test1 |
| | 18 | echo Verify the GIP-CPS CRL signing cert |
| | 19 | cert = gipCps0.cer |
| | 20 | leafCertIsCA = true |
| | 21 | verifyTime = 20061201000000 |
| | 22 | # verify leaf does NOT appear as a root (even though its subject and issuer |
| | 23 | # names are the same.... IS_IN_INPUT_CERTS only. |
| | 24 | certstatus = 0:0x04 |
| | 25 | # ensure 2 certs come back and the second one is an anchor/root |
| | 26 | # IS_IN_ANCHORS IS_ROOT |
| | 27 | certstatus = 1:0x18 |
| | 28 | end |
projects / apple / security.git / blame_incremental