SecurityTests/clxutils/certcrl/testSubjects/crossSigned/crossSigned.scr

   1 #
   2 # Test for cross-signed cert detect, Radar 4566041
   3 # WARNING this results in a hang when running with a Security.framework in which
   4 # 4566041 is not fixed.
   5 #
   6 globals
   7 allowUnverified = true
   8 crlNetFetchEnable = false
   9 certNetFetchEnable = false
  10 useSystemAnchors = false
  11 end
  12
  13 test = "Plain in-memory cross signed detect"
  14 cert = SOA1-SOA2.pem
  15 cert = SOA2-SOA1.pem
  16 # specify verify time so this test will always be valid
  17 verifyTime = 20060601000000
  18 leafCertIsCA = true
  19 error = CSSMERR_TP_NOT_TRUSTED
  20 # verify we got both certs - IS_IN_INPUT_CERTS
  21 certstatus = 1:0x4
  22 end
  23
  24 test = "verify with DB containing one cert"
  25 cert = SOA2-SOA1.pem
  26 certDb = crossSigned1.db
  27 # specify verify time so this test will always be valid
  28 verifyTime = 20060601000000
  29 leafCertIsCA = true
  30 error = CSSMERR_TP_NOT_TRUSTED
  31 # verify we got both certs
  32 certstatus = 1:0
  33 end
  34
  35 test = "verify with DB containing both certs"
  36 cert = SOA2-SOA1.pem
  37 certDb = crossSignedBoth.db
  38 # specify verify time so this test will always be valid
  39 verifyTime = 20060601000000
  40 leafCertIsCA = true
  41 error = CSSMERR_TP_NOT_TRUSTED
  42 # verify we got both certs
  43 certstatus = 1:0
  44 end