SecurityTests/clxutils/certcrl/testSubjects/expiredAppleCA/one.scr

   1 #
   2 # test handling of expired Apple development CA certs, Radar 3622125.
   3 #
   4
   5 globals
   6 allowUnverified = true
   7 crlNetFetchEnable = false
   8 certNetFetchEnable = false
   9 useSystemAnchors = false
  10 end
  11
  12 #
  13 # Original Dev CA expires Sep 7, 2007
  14 # New Dev CA expires Dec 31, 2008
  15 # leaf cert expires Oct 13, 2006
  16 #
  17 # After initial sanity checks, we evaluate at a time after the
  18 # original CA expired and before the new CA expires; we assume
  19 # that the leaf is expired in all cases.
  20 #
  21
  22 test = "No CA input certs, both CAs in DlDb"
  23 cert = dmitchtread.cer
  24 root = AppleDevRoot.pem
  25 certDb = appleDevCAs.keychain
  26 verifyTime = 20071201000000
  27 error = CSSMERR_TP_CERT_EXPIRED
  28 # leaf expired
  29 # IS_IN_INPUT_CERTS | EXPIRED
  30 certstatus = 0:0x05
  31 # !IS_IN_INPUT_CERTS, !EXPIRED
  32 certstatus = 1:0x0
  33 # IS_IN_ANCHORS  IS_ROOT
  34 certstatus = 2:0x18
  35 end