SecurityTests/clxutils/certcrl/testSubjects/anchorAndDb/anchorAndDb.scr

   1 #
   2 # Verify fix for 3855635, which ensures that CSSM_CERT_STATUS_IS_IN_ANCHORS and
   3 # CSSM_CERT_STATUS_IS_IN_INPUT_CERTS are correctly generated for all combinations
   4 # of conditions they represent. Before the fix, the TP considered these to
   5 # to be mutually exclusive.
   6 #
   7 #
   8 # Assumes the presence of two certs: one for amazon.com and the root that signed it.
   9 # The former can be regenerated on expiration via sslViewer's f option. The latter
  10 # can be recreated with the certChain program. There are also two keychains in
  11 # this directory, each containing exactly one of those certs. If you recreate the certs
  12 # be sure to replace the certs in the corresponding keychain.
  13 #
  14 globals
  15 allowUnverified = true
  16 crlNetFetchEnable = false
  17 certNetFetchEnable = false
  18 useSystemAnchors = true
  19 end
  20
  21 # Note the amazon cert expired 11/27/2007; let's just keep using
  22 # it by specifying a verify time.
  23
  24 #test = "Baseline, implicit root, no DLDB"
  25 #cert = amazon_v3.100.cer
  26 #verifyTime = 20071120000000
  27 # CSSM_CERT_STATUS_IS_IN_INPUT_CERTS
  28 #certstatus = 0:0x4
  29 # CSSM_CERT_STATUS_IS_IN_ANCHORS | CSSM_CERT_STATUS_IS_ROOT
  30 #certstatus = 1:0x18  ### not in anchors any more, so only 1 cert in chain
  31 #end
  32
  33 #test = "Baseline, explicit root, no DLDB"
  34 #cert = amazon_v3.100.cer
  35 #cert = root_1.cer
  36 #verifyTime = 20071120000000
  37 # CSSM_CERT_STATUS_IS_IN_INPUT_CERTS
  38 #certstatus = 0:0x4
  39 # CSSM_CERT_STATUS_IS_IN_ANCHORS | CSSM_CERT_STATUS_IS_ROOT | CSSM_CERT_STATUS_IS_IN_INPUT_CERTS
  40 # certstatus = 1:0x1C  ### not in anchors any more
  41 # CSSM_CERT_STATUS_IS_ROOT | CSSM_CERT_STATUS_IS_IN_INPUT_CERTS
  42 #certstatus = 1:0x14
  43 #end
  44
  45 #test = "Leaf is in DB"
  46 #cert = amazon_v3.100.cer
  47 #certDb = dbWithLeaf.db
  48 #verifyTime = 20071120000000
  49 # CSSM_CERT_STATUS_IS_IN_INPUT_CERTS
  50 #certstatus = 0:0x4
  51 # CSSM_CERT_STATUS_IS_IN_ANCHORS | CSSM_CERT_STATUS_IS_ROOT
  52 # certstatus = 1:0x18  ### not in anchors any more, so only 1 cert in chain
  53 #end
  54
  55 #test = "Implicit root is in DB"
  56 #cert = amazon_v3.100.cer
  57 #certDb = dbWithRoot.db
  58 #verifyTime = 20071120000000
  59 # CSSM_CERT_STATUS_IS_IN_INPUT_CERTS
  60 #certstatus = 0:0x4
  61 # CSSM_CERT_STATUS_IS_IN_ANCHORS | CSSM_CERT_STATUS_IS_ROOT
  62 #certstatus = 1:0x18  ### not in anchors any more
  63 # CSSM_CERT_STATUS_IS_ROOT
  64 #certstatus = 1:0x10
  65 #end
  66
  67 #test = "Explicit root is in DB"
  68 #cert = amazon_v3.100.cer
  69 #cert = root_1.cer
  70 #certDb = dbWithRoot.db
  71 #verifyTime = 20071120000000
  72 # CSSM_CERT_STATUS_IS_IN_INPUT_CERTS
  73 #certstatus = 0:0x4
  74 # CSSM_CERT_STATUS_IS_IN_ANCHORS | CSSM_CERT_STATUS_IS_ROOT | CSSM_CERT_STATUS_IS_IN_INPUT_CERTS
  75 # certstatus = 1:0x1C  ### not in anchors any more
  76 # CSSM_CERT_STATUS_IS_ROOT | CSSM_CERT_STATUS_IS_IN_INPUT_CERTS
  77 #certstatus = 1:0x14
  78 #end
  79