SecurityTests/clxutils/sslScripts/sslExtendUse.scr

   1 #
   2 # certcrl script to test detection of CSSMERR_APPLETP_SSL_BAD_EXT_KEY_USE error
   3 # Run from sslScripts dirtectory after running makeLocalCert.
   4 #
   5
   6 globals
   7 allowUnverified = true
   8 crlNetFetchEnable = false
   9 certNetFetchEnable = false
  10 useSystemAnchors = false
  11 end
  12
  13 ###################################################
  14
  15 test = "Server cert, evaluate as server, expect success"
  16 cert = localcert.cer
  17 root = localcert.cer
  18 leafCertIsCA = true
  19 sslClient = false
  20 end
  21
  22 ###################################################
  23
  24 test = "Server cert, evaluate as client, expect failure"
  25 cert = localcert.cer
  26 root = localcert.cer
  27 leafCertIsCA = true
  28 sslClient = true
  29 error = CSSMERR_TP_VERIFY_ACTION_FAILED
  30 certerror = 0:CSSMERR_APPLETP_SSL_BAD_EXT_KEY_USE
  31 end
  32
  33 ###################################################
  34
  35 test = "Client cert, evaluate as client, expect success"
  36 cert = clientcert.cer
  37 root = clientcert.cer
  38 leafCertIsCA = true
  39 sslClient = true
  40 end
  41
  42 ###################################################
  43
  44 test = "Client cert, evaluate as server, expect failure"
  45 cert = clientcert.cer
  46 root = clientcert.cer
  47 leafCertIsCA = true
  48 sslClient = false
  49 error = CSSMERR_TP_VERIFY_ACTION_FAILED
  50 certerror = 0:CSSMERR_APPLETP_SSL_BAD_EXT_KEY_USE
  51 end
  52
  53 ###################################################
  54
  55
  56
  57
  58