]> git.saurik.com Git - apple/security.git/blob - SecurityTests/clxutils/certcrl/testSubjects/anchorAndDb/anchorAndDb.scr
Security-57031.1.35.tar.gz
[apple/security.git] / SecurityTests / clxutils / certcrl / testSubjects / anchorAndDb / anchorAndDb.scr
1 #
2 # Verify fix for 3855635, which ensures that CSSM_CERT_STATUS_IS_IN_ANCHORS and
3 # CSSM_CERT_STATUS_IS_IN_INPUT_CERTS are correctly generated for all combinations
4 # of conditions they represent. Before the fix, the TP considered these to
5 # to be mutually exclusive.
6 #
7 #
8 # Assumes the presence of two certs: one for amazon.com and the root that signed it.
9 # The former can be regenerated on expiration via sslViewer's f option. The latter
10 # can be recreated with the certChain program. There are also two keychains in
11 # this directory, each containing exactly one of those certs. If you recreate the certs
12 # be sure to replace the certs in the corresponding keychain.
13 #
14 globals
15 allowUnverified = true
16 crlNetFetchEnable = false
17 certNetFetchEnable = false
18 useSystemAnchors = true
19 end
20
21 # Note the amazon cert expired 11/27/2007; let's just keep using
22 # it by specifying a verify time.
23
24 #test = "Baseline, implicit root, no DLDB"
25 #cert = amazon_v3.100.cer
26 #verifyTime = 20071120000000
27 # CSSM_CERT_STATUS_IS_IN_INPUT_CERTS
28 #certstatus = 0:0x4
29 # CSSM_CERT_STATUS_IS_IN_ANCHORS | CSSM_CERT_STATUS_IS_ROOT
30 #certstatus = 1:0x18 ### not in anchors any more, so only 1 cert in chain
31 #end
32
33 #test = "Baseline, explicit root, no DLDB"
34 #cert = amazon_v3.100.cer
35 #cert = root_1.cer
36 #verifyTime = 20071120000000
37 # CSSM_CERT_STATUS_IS_IN_INPUT_CERTS
38 #certstatus = 0:0x4
39 # CSSM_CERT_STATUS_IS_IN_ANCHORS | CSSM_CERT_STATUS_IS_ROOT | CSSM_CERT_STATUS_IS_IN_INPUT_CERTS
40 # certstatus = 1:0x1C ### not in anchors any more
41 # CSSM_CERT_STATUS_IS_ROOT | CSSM_CERT_STATUS_IS_IN_INPUT_CERTS
42 #certstatus = 1:0x14
43 #end
44
45 #test = "Leaf is in DB"
46 #cert = amazon_v3.100.cer
47 #certDb = dbWithLeaf.db
48 #verifyTime = 20071120000000
49 # CSSM_CERT_STATUS_IS_IN_INPUT_CERTS
50 #certstatus = 0:0x4
51 # CSSM_CERT_STATUS_IS_IN_ANCHORS | CSSM_CERT_STATUS_IS_ROOT
52 # certstatus = 1:0x18 ### not in anchors any more, so only 1 cert in chain
53 #end
54
55 #test = "Implicit root is in DB"
56 #cert = amazon_v3.100.cer
57 #certDb = dbWithRoot.db
58 #verifyTime = 20071120000000
59 # CSSM_CERT_STATUS_IS_IN_INPUT_CERTS
60 #certstatus = 0:0x4
61 # CSSM_CERT_STATUS_IS_IN_ANCHORS | CSSM_CERT_STATUS_IS_ROOT
62 #certstatus = 1:0x18 ### not in anchors any more
63 # CSSM_CERT_STATUS_IS_ROOT
64 #certstatus = 1:0x10
65 #end
66
67 #test = "Explicit root is in DB"
68 #cert = amazon_v3.100.cer
69 #cert = root_1.cer
70 #certDb = dbWithRoot.db
71 #verifyTime = 20071120000000
72 # CSSM_CERT_STATUS_IS_IN_INPUT_CERTS
73 #certstatus = 0:0x4
74 # CSSM_CERT_STATUS_IS_IN_ANCHORS | CSSM_CERT_STATUS_IS_ROOT | CSSM_CERT_STATUS_IS_IN_INPUT_CERTS
75 # certstatus = 1:0x1C ### not in anchors any more
76 # CSSM_CERT_STATUS_IS_ROOT | CSSM_CERT_STATUS_IS_IN_INPUT_CERTS
77 #certstatus = 1:0x14
78 #end
79