SecurityTests/clxutils/certcrl/testSubjects/anchorAndDb/anchorAndDb.scr

   1 #
   2 # Verify fix for 3855635, which ensures that CSSM_CERT_STATUS_IS_IN_ANCHORS and
   3 # CSSM_CERT_STATUS_IS_IN_INPUT_CERTS are correctly generated for all combinations
   4 # of conditions they represent. Before the fix, the TP considered these to
   5 # to be mutually exclusive.
   6 #
   7 #
   8 # Assumes the presence of two certs: one for amazon.com and the root that signed it.
   9 # The former can be regenerated on expiration via sslViewer's f option. The latter
  10 # can be recreated with the certChain program. There are also two keychains in
  11 # this directory, each containing exactly one of those certs. If you recreate the certs
  12 # be sure to replace the certs in the corresponding keychain.
  13 #
  14 # Note: since the RSA MD2 root which signed the amazon.com certificate has
  15 # been removed from the System Roots keychain (<rdar://7880748>),
  16 # we are no longer checking the CSSM_CERT_STATUS_IS_IN_ANCHORS bit for that cert.
  17 #
  18 globals
  19 allowUnverified = true
  20 crlNetFetchEnable = false
  21 certNetFetchEnable = false
  22 useSystemAnchors = true
  23 end
  24
  25 # Note the amazon cert expired 11/27/2007; let's just keep using
  26 # it by specifying a verify time.
  27
  28 #test = "Baseline, implicit root, no DLDB"
  29 #cert = amazon_v3.100.cer
  30 #verifyTime = 20071120000000
  31 # CSSM_CERT_STATUS_IS_IN_INPUT_CERTS
  32 #certstatus = 0:0x4
  33 # CSSM_CERT_STATUS_IS_IN_ANCHORS | CSSM_CERT_STATUS_IS_ROOT
  34 #certstatus = 1:0x18  ### not in anchors any more, so only 1 cert in chain
  35 #end
  36
  37 #test = "Baseline, explicit root, no DLDB"
  38 #cert = amazon_v3.100.cer
  39 #cert = root_1.cer
  40 #verifyTime = 20071120000000
  41 # CSSM_CERT_STATUS_IS_IN_INPUT_CERTS
  42 #certstatus = 0:0x4
  43 # CSSM_CERT_STATUS_IS_IN_ANCHORS | CSSM_CERT_STATUS_IS_ROOT | CSSM_CERT_STATUS_IS_IN_INPUT_CERTS
  44 # certstatus = 1:0x1C  ### not in anchors any more
  45 # CSSM_CERT_STATUS_IS_ROOT | CSSM_CERT_STATUS_IS_IN_INPUT_CERTS
  46 #certstatus = 1:0x14
  47 #end
  48
  49 #test = "Leaf is in DB"
  50 #cert = amazon_v3.100.cer
  51 #certDb = dbWithLeaf.db
  52 #verifyTime = 20071120000000
  53 # CSSM_CERT_STATUS_IS_IN_INPUT_CERTS
  54 #certstatus = 0:0x4
  55 # CSSM_CERT_STATUS_IS_IN_ANCHORS | CSSM_CERT_STATUS_IS_ROOT
  56 # certstatus = 1:0x18  ### not in anchors any more, so only 1 cert in chain
  57 #end
  58
  59 #test = "Implicit root is in DB"
  60 #cert = amazon_v3.100.cer
  61 #certDb = dbWithRoot.db
  62 #verifyTime = 20071120000000
  63 # CSSM_CERT_STATUS_IS_IN_INPUT_CERTS
  64 #certstatus = 0:0x4
  65 # CSSM_CERT_STATUS_IS_IN_ANCHORS | CSSM_CERT_STATUS_IS_ROOT
  66 #certstatus = 1:0x18  ### not in anchors any more
  67 # CSSM_CERT_STATUS_IS_ROOT
  68 #certstatus = 1:0x10
  69 #end
  70
  71 #test = "Explicit root is in DB"
  72 #cert = amazon_v3.100.cer
  73 #cert = root_1.cer
  74 #certDb = dbWithRoot.db
  75 #verifyTime = 20071120000000
  76 # CSSM_CERT_STATUS_IS_IN_INPUT_CERTS
  77 #certstatus = 0:0x4
  78 # CSSM_CERT_STATUS_IS_IN_ANCHORS | CSSM_CERT_STATUS_IS_ROOT | CSSM_CERT_STATUS_IS_IN_INPUT_CERTS
  79 # certstatus = 1:0x1C  ### not in anchors any more
  80 # CSSM_CERT_STATUS_IS_ROOT | CSSM_CERT_STATUS_IS_IN_INPUT_CERTS
  81 #certstatus = 1:0x14
  82 #end
  83