]> git.saurik.com Git - apple/security.git/blob - SecurityTests/clxutils/sslScripts/sslExtendUse.scr
Security-57031.30.12.tar.gz
[apple/security.git] / SecurityTests / clxutils / sslScripts / sslExtendUse.scr
1 #
2 # certcrl script to test detection of CSSMERR_APPLETP_SSL_BAD_EXT_KEY_USE error
3 # Run from sslScripts dirtectory after running makeLocalCert.
4 #
5
6 globals
7 allowUnverified = true
8 crlNetFetchEnable = false
9 certNetFetchEnable = false
10 useSystemAnchors = false
11 end
12
13 ###################################################
14
15 test = "Server cert, evaluate as server, expect success"
16 cert = localcert.cer
17 root = localcert.cer
18 leafCertIsCA = true
19 sslClient = false
20 end
21
22 ###################################################
23
24 test = "Server cert, evaluate as client, expect failure"
25 cert = localcert.cer
26 root = localcert.cer
27 leafCertIsCA = true
28 sslClient = true
29 error = CSSMERR_TP_VERIFY_ACTION_FAILED
30 certerror = 0:CSSMERR_APPLETP_SSL_BAD_EXT_KEY_USE
31 end
32
33 ###################################################
34
35 test = "Client cert, evaluate as client, expect success"
36 cert = clientcert.cer
37 root = clientcert.cer
38 leafCertIsCA = true
39 sslClient = true
40 end
41
42 ###################################################
43
44 test = "Client cert, evaluate as server, expect failure"
45 cert = clientcert.cer
46 root = clientcert.cer
47 leafCertIsCA = true
48 sslClient = false
49 error = CSSMERR_TP_VERIFY_ACTION_FAILED
50 certerror = 0:CSSMERR_APPLETP_SSL_BAD_EXT_KEY_USE
51 end
52
53 ###################################################
54
55
56
57
58