/*
- * Copyright (c) 2014-2015 Apple Inc. All Rights Reserved.
+ * Copyright (c) 2014-2016 Apple Inc. All Rights Reserved.
*
* @APPLE_LICENSE_HEADER_START@
*
/* s:/jurisdictionC=US/jurisdictionST=Delaware/businessCategory=Private Organization/serialNumber=3014267/C=US/postalCode=95131-2021/ST=California/L=San Jose/street=2211 N 1st St/O=PayPal, Inc./OU=CDN Support/CN=www.paypal.com */
/* i:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 EV SSL CA - G3 */
-/* SHA1 Fingerprint=A5:AF:1D:73:96:A7:74:F8:8B:B7:43:FD:07:7A:97:47:D3:FA:EF:2F */
-/* EXPIRES Oct 30 23:59:59 2017 GMT */
-
-unsigned char leaf_certificate[1873]={
- 0x30,0x82,0x07,0x4D,0x30,0x82,0x06,0x35,0xA0,0x03,0x02,0x01,0x02,0x02,0x10,0x7F,
- 0xC0,0x32,0xB3,0x6F,0x9F,0x9E,0x1A,0xC1,0xED,0xAB,0x97,0x13,0x65,0x29,0x35,0x30,
- 0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05,0x00,0x30,0x77,
- 0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x1D,0x30,
- 0x1B,0x06,0x03,0x55,0x04,0x0A,0x13,0x14,0x53,0x79,0x6D,0x61,0x6E,0x74,0x65,0x63,
- 0x20,0x43,0x6F,0x72,0x70,0x6F,0x72,0x61,0x74,0x69,0x6F,0x6E,0x31,0x1F,0x30,0x1D,
- 0x06,0x03,0x55,0x04,0x0B,0x13,0x16,0x53,0x79,0x6D,0x61,0x6E,0x74,0x65,0x63,0x20,
- 0x54,0x72,0x75,0x73,0x74,0x20,0x4E,0x65,0x74,0x77,0x6F,0x72,0x6B,0x31,0x28,0x30,
- 0x26,0x06,0x03,0x55,0x04,0x03,0x13,0x1F,0x53,0x79,0x6D,0x61,0x6E,0x74,0x65,0x63,
- 0x20,0x43,0x6C,0x61,0x73,0x73,0x20,0x33,0x20,0x45,0x56,0x20,0x53,0x53,0x4C,0x20,
- 0x43,0x41,0x20,0x2D,0x20,0x47,0x33,0x30,0x1E,0x17,0x0D,0x31,0x35,0x30,0x39,0x30,
- 0x32,0x30,0x30,0x30,0x30,0x30,0x30,0x5A,0x17,0x0D,0x31,0x37,0x31,0x30,0x33,0x30,
- 0x32,0x33,0x35,0x39,0x35,0x39,0x5A,0x30,0x82,0x01,0x09,0x31,0x13,0x30,0x11,0x06,
- 0x0B,0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x03,0x13,0x02,0x55,0x53,
- 0x31,0x19,0x30,0x17,0x06,0x0B,0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,
- 0x02,0x0C,0x08,0x44,0x65,0x6C,0x61,0x77,0x61,0x72,0x65,0x31,0x1D,0x30,0x1B,0x06,
- 0x03,0x55,0x04,0x0F,0x13,0x14,0x50,0x72,0x69,0x76,0x61,0x74,0x65,0x20,0x4F,0x72,
- 0x67,0x61,0x6E,0x69,0x7A,0x61,0x74,0x69,0x6F,0x6E,0x31,0x10,0x30,0x0E,0x06,0x03,
- 0x55,0x04,0x05,0x13,0x07,0x33,0x30,0x31,0x34,0x32,0x36,0x37,0x31,0x0B,0x30,0x09,
- 0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x13,0x30,0x11,0x06,0x03,0x55,
- 0x04,0x11,0x0C,0x0A,0x39,0x35,0x31,0x33,0x31,0x2D,0x32,0x30,0x32,0x31,0x31,0x13,
- 0x30,0x11,0x06,0x03,0x55,0x04,0x08,0x0C,0x0A,0x43,0x61,0x6C,0x69,0x66,0x6F,0x72,
- 0x6E,0x69,0x61,0x31,0x11,0x30,0x0F,0x06,0x03,0x55,0x04,0x07,0x0C,0x08,0x53,0x61,
- 0x6E,0x20,0x4A,0x6F,0x73,0x65,0x31,0x16,0x30,0x14,0x06,0x03,0x55,0x04,0x09,0x0C,
- 0x0D,0x32,0x32,0x31,0x31,0x20,0x4E,0x20,0x31,0x73,0x74,0x20,0x53,0x74,0x31,0x15,
- 0x30,0x13,0x06,0x03,0x55,0x04,0x0A,0x0C,0x0C,0x50,0x61,0x79,0x50,0x61,0x6C,0x2C,
- 0x20,0x49,0x6E,0x63,0x2E,0x31,0x14,0x30,0x12,0x06,0x03,0x55,0x04,0x0B,0x0C,0x0B,
- 0x43,0x44,0x4E,0x20,0x53,0x75,0x70,0x70,0x6F,0x72,0x74,0x31,0x17,0x30,0x15,0x06,
- 0x03,0x55,0x04,0x03,0x0C,0x0E,0x77,0x77,0x77,0x2E,0x70,0x61,0x79,0x70,0x61,0x6C,
- 0x2E,0x63,0x6F,0x6D,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,
- 0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,
- 0x02,0x82,0x01,0x01,0x00,0xDC,0x6F,0x1C,0x60,0xDA,0x9C,0x32,0xF8,0x82,0x72,0x77,
- 0xFD,0x51,0x80,0x59,0x6B,0xDB,0xC5,0x6A,0x36,0x4D,0x6E,0x8A,0x49,0x83,0xDE,0x75,
- 0x1F,0x90,0xCB,0xB6,0x53,0xB9,0x3C,0x42,0xB9,0x1C,0xB5,0x53,0xAF,0x50,0x88,0x8D,
- 0xE8,0xA8,0x7F,0xA6,0xA6,0x1F,0x0D,0x21,0xD4,0x5C,0x6F,0x0C,0x33,0x7E,0x3A,0x19,
- 0x58,0xD9,0x5D,0x01,0xD3,0x08,0xE2,0xD2,0x59,0x54,0xA9,0xC7,0xAB,0x4D,0xC6,0xFF,
- 0x05,0xA6,0x0B,0xBF,0xB6,0x11,0x12,0x34,0xEA,0xD7,0x23,0xCE,0x3E,0x60,0x21,0xBE,
- 0xFE,0xCD,0xDB,0x65,0x1C,0xAF,0x62,0x96,0x3E,0x73,0xBD,0x08,0x05,0x6E,0xEA,0x33,
- 0x1E,0xD5,0x59,0xC2,0x71,0xA5,0xE5,0x22,0xCE,0xD0,0x17,0xA5,0xD2,0xAC,0x7C,0xDC,
- 0xEA,0xE8,0xBA,0x70,0x16,0x8B,0xE5,0x90,0x6C,0x7C,0xA0,0xB4,0x79,0x73,0x50,0x5E,
- 0x26,0x88,0xA3,0x5F,0xF8,0x47,0x63,0x73,0x52,0x62,0x1F,0xC6,0xE2,0xEA,0xF5,0xF6,
- 0x21,0x40,0x5D,0xF2,0x19,0xF2,0x73,0x05,0x25,0x39,0xEF,0x6F,0xCF,0xA0,0x84,0xE9,
- 0xA4,0xEF,0x57,0xAC,0x6C,0x25,0xCD,0x7C,0x7C,0xD4,0x34,0x24,0x20,0x07,0xDD,0x0D,
- 0x09,0x45,0xBD,0x98,0xA9,0xEE,0x83,0xD5,0xF2,0x8B,0x05,0xA2,0x29,0x37,0x0C,0xF4,
- 0x62,0x17,0xC2,0x27,0x57,0x9D,0xE3,0x03,0xE3,0xAB,0x02,0x9D,0xFA,0xC9,0xFF,0x81,
- 0x16,0xAB,0x2A,0x94,0x9B,0x3E,0x04,0xB7,0x78,0x2F,0xE9,0x7D,0x76,0x3B,0x22,0x85,
- 0xB6,0x45,0x9F,0x42,0x55,0x36,0x2A,0xCB,0x49,0x0A,0xC0,0xFB,0xB8,0x0F,0x5B,0x85,
- 0xD1,0x87,0x26,0x1B,0xE9,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x03,0x3F,0x30,0x82,
- 0x03,0x3B,0x30,0x6E,0x06,0x03,0x55,0x1D,0x11,0x04,0x67,0x30,0x65,0x82,0x0C,0x63,
- 0x2E,0x70,0x61,0x79,0x70,0x61,0x6C,0x2E,0x63,0x6F,0x6D,0x82,0x0D,0x63,0x36,0x2E,
- 0x70,0x61,0x79,0x70,0x61,0x6C,0x2E,0x63,0x6F,0x6D,0x82,0x14,0x64,0x65,0x76,0x65,
- 0x6C,0x6F,0x70,0x65,0x72,0x2E,0x70,0x61,0x79,0x70,0x61,0x6C,0x2E,0x63,0x6F,0x6D,
- 0x82,0x12,0x68,0x69,0x73,0x74,0x6F,0x72,0x79,0x2E,0x70,0x61,0x79,0x70,0x61,0x6C,
- 0x2E,0x63,0x6F,0x6D,0x82,0x0C,0x74,0x2E,0x70,0x61,0x79,0x70,0x61,0x6C,0x2E,0x63,
- 0x6F,0x6D,0x82,0x0E,0x77,0x77,0x77,0x2E,0x70,0x61,0x79,0x70,0x61,0x6C,0x2E,0x63,
- 0x6F,0x6D,0x30,0x09,0x06,0x03,0x55,0x1D,0x13,0x04,0x02,0x30,0x00,0x30,0x0E,0x06,
- 0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02,0x05,0xA0,0x30,0x1D,0x06,
- 0x03,0x55,0x1D,0x25,0x04,0x16,0x30,0x14,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,
- 0x03,0x01,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02,0x30,0x66,0x06,0x03,
- 0x55,0x1D,0x20,0x04,0x5F,0x30,0x5D,0x30,0x5B,0x06,0x0B,0x60,0x86,0x48,0x01,0x86,
- 0xF8,0x45,0x01,0x07,0x17,0x06,0x30,0x4C,0x30,0x23,0x06,0x08,0x2B,0x06,0x01,0x05,
- 0x05,0x07,0x02,0x01,0x16,0x17,0x68,0x74,0x74,0x70,0x73,0x3A,0x2F,0x2F,0x64,0x2E,
- 0x73,0x79,0x6D,0x63,0x62,0x2E,0x63,0x6F,0x6D,0x2F,0x63,0x70,0x73,0x30,0x25,0x06,
- 0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02,0x30,0x19,0x1A,0x17,0x68,0x74,0x74,
- 0x70,0x73,0x3A,0x2F,0x2F,0x64,0x2E,0x73,0x79,0x6D,0x63,0x62,0x2E,0x63,0x6F,0x6D,
- 0x2F,0x72,0x70,0x61,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,
- 0x14,0x01,0x59,0xAB,0xE7,0xDD,0x3A,0x0B,0x59,0xA6,0x64,0x63,0xD6,0xCF,0x20,0x07,
- 0x57,0xD5,0x91,0xE7,0x6A,0x30,0x2B,0x06,0x03,0x55,0x1D,0x1F,0x04,0x24,0x30,0x22,
- 0x30,0x20,0xA0,0x1E,0xA0,0x1C,0x86,0x1A,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x73,
- 0x72,0x2E,0x73,0x79,0x6D,0x63,0x62,0x2E,0x63,0x6F,0x6D,0x2F,0x73,0x72,0x2E,0x63,
- 0x72,0x6C,0x30,0x57,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x4B,
- 0x30,0x49,0x30,0x1F,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x86,0x13,
- 0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x73,0x72,0x2E,0x73,0x79,0x6D,0x63,0x64,0x2E,
- 0x63,0x6F,0x6D,0x30,0x26,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,0x86,
- 0x1A,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x73,0x72,0x2E,0x73,0x79,0x6D,0x63,0x62,
- 0x2E,0x63,0x6F,0x6D,0x2F,0x73,0x72,0x2E,0x63,0x72,0x74,0x30,0x82,0x01,0x7E,0x06,
- 0x0A,0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x02,0x04,0x82,0x01,0x6E,0x04,
- 0x82,0x01,0x6A,0x01,0x68,0x00,0x76,0x00,0xA4,0xB9,0x09,0x90,0xB4,0x18,0x58,0x14,
- 0x87,0xBB,0x13,0xA2,0xCC,0x67,0x70,0x0A,0x3C,0x35,0x98,0x04,0xF9,0x1B,0xDF,0xB8,
- 0xE3,0x77,0xCD,0x0E,0xC8,0x0D,0xDC,0x10,0x00,0x00,0x01,0x4F,0x90,0x71,0x2A,0x7C,
- 0x00,0x00,0x04,0x03,0x00,0x47,0x30,0x45,0x02,0x21,0x00,0xB4,0x81,0x1F,0xE7,0x9F,
- 0xB6,0xA2,0x06,0xC9,0x0B,0x93,0xBB,0x21,0x87,0x27,0x65,0x05,0x01,0x2D,0x66,0x40,
- 0x64,0x14,0x1F,0x13,0x6D,0xF1,0x4B,0x9A,0x91,0x4F,0x53,0x02,0x20,0x37,0x17,0x0D,
- 0xF8,0x66,0xBD,0xFD,0x6C,0xFE,0x55,0x62,0x2D,0xCD,0xBC,0x79,0x0B,0x0A,0x3F,0x81,
- 0x91,0xCE,0xD5,0x86,0x27,0x11,0xA1,0x18,0x62,0x57,0x54,0xEB,0x8F,0x00,0x76,0x00,
- 0x56,0x14,0x06,0x9A,0x2F,0xD7,0xC2,0xEC,0xD3,0xF5,0xE1,0xBD,0x44,0xB2,0x3E,0xC7,
- 0x46,0x76,0xB9,0xBC,0x99,0x11,0x5C,0xC0,0xEF,0x94,0x98,0x55,0xD6,0x89,0xD0,0xDD,
- 0x00,0x00,0x01,0x4F,0x90,0x71,0x2A,0xDB,0x00,0x00,0x04,0x03,0x00,0x47,0x30,0x45,
- 0x02,0x21,0x00,0xE8,0xAA,0x58,0x90,0x87,0x74,0x96,0x5C,0xFB,0x69,0x28,0x83,0xEF,
- 0x2E,0x40,0xD5,0x57,0xFF,0x5A,0x84,0x65,0x65,0x2E,0x27,0x4C,0x4C,0x91,0xE5,0x14,
- 0xB1,0xBF,0xF8,0x02,0x20,0x0F,0x13,0x6B,0xF9,0x53,0x98,0xC9,0xAC,0x81,0xA0,0x09,
- 0x52,0xDD,0x85,0x07,0xB7,0xD5,0x83,0x70,0xDF,0x68,0x96,0xA1,0x4D,0xFC,0x80,0x03,
- 0xEC,0x68,0x88,0x5F,0xB5,0x00,0x76,0x00,0x68,0xF6,0x98,0xF8,0x1F,0x64,0x82,0xBE,
- 0x3A,0x8C,0xEE,0xB9,0x28,0x1D,0x4C,0xFC,0x71,0x51,0x5D,0x67,0x93,0xD4,0x44,0xD1,
- 0x0A,0x67,0xAC,0xBB,0x4F,0x4F,0xFB,0xC4,0x00,0x00,0x01,0x4F,0x90,0x71,0x2A,0x71,
- 0x00,0x00,0x04,0x03,0x00,0x47,0x30,0x45,0x02,0x21,0x00,0xB5,0x0A,0x2B,0x5C,0x21,
- 0x90,0x66,0x47,0x9C,0x12,0x8D,0xD4,0x5C,0x8E,0x98,0x5B,0x35,0x48,0x8D,0x0C,0xB9,
- 0x77,0xB2,0x36,0xBB,0xEE,0x0C,0x62,0x7F,0x04,0x3D,0xBC,0x02,0x20,0x5A,0xCA,0xCD,
- 0x03,0xF8,0x6D,0xAF,0x25,0x75,0x15,0x0B,0xA4,0x95,0x47,0x9A,0x04,0x24,0x49,0xCB,
- 0x79,0x18,0x87,0xC1,0x28,0x75,0x5D,0x47,0x37,0x45,0x06,0x1B,0x6B,0x30,0x0D,0x06,
- 0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05,0x00,0x03,0x82,0x01,0x01,
- 0x00,0x9B,0x81,0x01,0x7F,0xE6,0x12,0x3B,0x64,0x51,0xBF,0x25,0xFF,0x1A,0xF9,0x2C,
- 0x8F,0x11,0xEC,0x15,0x5B,0xC8,0x7C,0xA1,0x7C,0xCB,0xB9,0x37,0xA4,0xAA,0x8B,0xE5,
- 0x15,0xAE,0x1F,0xCC,0x2E,0x6F,0xEA,0xA0,0xD0,0x22,0x97,0x04,0xAE,0x34,0xB8,0xC1,
- 0x78,0xEE,0x67,0x06,0xE2,0x8E,0xDC,0x28,0x48,0xD8,0xDD,0x6A,0xF1,0xAE,0xEB,0xBA,
- 0xB8,0xEF,0x1B,0x1B,0x6D,0xEE,0xF4,0xF9,0xF3,0x93,0x2F,0x48,0xD7,0x05,0xC7,0x08,
- 0x49,0x42,0x5B,0x98,0xDA,0xFC,0xC6,0x7E,0xA0,0xAB,0xC8,0xC5,0xF6,0x0B,0x6C,0x1B,
- 0x5F,0x43,0x56,0x8B,0x90,0x3E,0xF7,0xC7,0x23,0xF5,0xA8,0xC4,0x21,0xFA,0x80,0x70,
- 0x8E,0xD9,0xF5,0xF5,0x41,0x9E,0xBF,0x5A,0x8B,0xBC,0xEA,0xE6,0xCA,0xE8,0x0A,0x0D,
- 0x58,0xDC,0xB1,0xA3,0xFD,0x58,0x3D,0x4C,0xDD,0x65,0x1C,0x43,0x13,0xE9,0x38,0x9F,
- 0x43,0xC7,0x72,0xB2,0x19,0xEF,0x2A,0x52,0xE3,0x87,0xD4,0x63,0xE9,0x5A,0x37,0xEB,
- 0xDE,0x21,0xCF,0xC5,0x10,0xED,0x71,0xE8,0xEF,0x74,0xA2,0xD6,0xBC,0x1F,0xCA,0xDA,
- 0x50,0x9F,0x79,0xFF,0x13,0x5D,0x28,0xDA,0xF9,0xAE,0x66,0x97,0x40,0x13,0x60,0xD4,
- 0x03,0x44,0x9C,0x26,0x64,0x5C,0xE8,0x6C,0xCF,0xC6,0x2E,0xB9,0x78,0x9A,0x87,0x64,
- 0x25,0xD2,0x06,0xB8,0x98,0x70,0x1A,0x3B,0xD8,0xBD,0x57,0xE0,0x94,0x9F,0x9D,0x5C,
- 0x41,0x5C,0x4E,0x16,0xFB,0xEA,0x52,0x75,0xFC,0x0D,0xE9,0xE6,0x27,0x92,0x36,0x93,
- 0xC2,0x8C,0x80,0x40,0x2B,0x44,0xE8,0xD5,0x14,0xBF,0x45,0x18,0x8D,0x59,0xC7,0xC8,
- 0x9C,
+/* SHA1 Fingerprint=BB:20:B0:3F:FB:93:E1:77:FF:23:A7:43:89:49:60:1A:41:AE:C6:1C */
+/* EXPIRES Oct 30 23:59:59 2019 GMT */
+
+unsigned char leaf_certificate[1896]={
+ 0x30,0x82,0x07,0x64,0x30,0x82,0x06,0x4C,0xA0,0x03,0x02,0x01,0x02,0x02,0x10,0x57,
+ 0xCB,0x7E,0x15,0xE2,0xE3,0xE2,0x44,0xD8,0x2B,0x01,0x63,0x29,0x46,0xEB,0xF0,0x30,
+ 0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05,0x00,0x30,0x77,
+ 0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x1D,0x30,
+ 0x1B,0x06,0x03,0x55,0x04,0x0A,0x13,0x14,0x53,0x79,0x6D,0x61,0x6E,0x74,0x65,0x63,
+ 0x20,0x43,0x6F,0x72,0x70,0x6F,0x72,0x61,0x74,0x69,0x6F,0x6E,0x31,0x1F,0x30,0x1D,
+ 0x06,0x03,0x55,0x04,0x0B,0x13,0x16,0x53,0x79,0x6D,0x61,0x6E,0x74,0x65,0x63,0x20,
+ 0x54,0x72,0x75,0x73,0x74,0x20,0x4E,0x65,0x74,0x77,0x6F,0x72,0x6B,0x31,0x28,0x30,
+ 0x26,0x06,0x03,0x55,0x04,0x03,0x13,0x1F,0x53,0x79,0x6D,0x61,0x6E,0x74,0x65,0x63,
+ 0x20,0x43,0x6C,0x61,0x73,0x73,0x20,0x33,0x20,0x45,0x56,0x20,0x53,0x53,0x4C,0x20,
+ 0x43,0x41,0x20,0x2D,0x20,0x47,0x33,0x30,0x1E,0x17,0x0D,0x31,0x37,0x30,0x39,0x32,
+ 0x32,0x30,0x30,0x30,0x30,0x30,0x30,0x5A,0x17,0x0D,0x31,0x39,0x31,0x30,0x33,0x30,
+ 0x32,0x33,0x35,0x39,0x35,0x39,0x5A,0x30,0x82,0x01,0x09,0x31,0x13,0x30,0x11,0x06,
+ 0x0B,0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x03,0x13,0x02,0x55,0x53,
+ 0x31,0x19,0x30,0x17,0x06,0x0B,0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,
+ 0x02,0x0C,0x08,0x44,0x65,0x6C,0x61,0x77,0x61,0x72,0x65,0x31,0x1D,0x30,0x1B,0x06,
+ 0x03,0x55,0x04,0x0F,0x13,0x14,0x50,0x72,0x69,0x76,0x61,0x74,0x65,0x20,0x4F,0x72,
+ 0x67,0x61,0x6E,0x69,0x7A,0x61,0x74,0x69,0x6F,0x6E,0x31,0x10,0x30,0x0E,0x06,0x03,
+ 0x55,0x04,0x05,0x13,0x07,0x33,0x30,0x31,0x34,0x32,0x36,0x37,0x31,0x0B,0x30,0x09,
+ 0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x13,0x30,0x11,0x06,0x03,0x55,
+ 0x04,0x11,0x0C,0x0A,0x39,0x35,0x31,0x33,0x31,0x2D,0x32,0x30,0x32,0x31,0x31,0x13,
+ 0x30,0x11,0x06,0x03,0x55,0x04,0x08,0x0C,0x0A,0x43,0x61,0x6C,0x69,0x66,0x6F,0x72,
+ 0x6E,0x69,0x61,0x31,0x11,0x30,0x0F,0x06,0x03,0x55,0x04,0x07,0x0C,0x08,0x53,0x61,
+ 0x6E,0x20,0x4A,0x6F,0x73,0x65,0x31,0x16,0x30,0x14,0x06,0x03,0x55,0x04,0x09,0x0C,
+ 0x0D,0x32,0x32,0x31,0x31,0x20,0x4E,0x20,0x31,0x73,0x74,0x20,0x53,0x74,0x31,0x15,
+ 0x30,0x13,0x06,0x03,0x55,0x04,0x0A,0x0C,0x0C,0x50,0x61,0x79,0x50,0x61,0x6C,0x2C,
+ 0x20,0x49,0x6E,0x63,0x2E,0x31,0x14,0x30,0x12,0x06,0x03,0x55,0x04,0x0B,0x0C,0x0B,
+ 0x43,0x44,0x4E,0x20,0x53,0x75,0x70,0x70,0x6F,0x72,0x74,0x31,0x17,0x30,0x15,0x06,
+ 0x03,0x55,0x04,0x03,0x0C,0x0E,0x77,0x77,0x77,0x2E,0x70,0x61,0x79,0x70,0x61,0x6C,
+ 0x2E,0x63,0x6F,0x6D,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,
+ 0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,
+ 0x02,0x82,0x01,0x01,0x00,0xBF,0xF7,0x98,0x4B,0x4E,0xAA,0xF2,0x2F,0xC6,0x77,0xAB,
+ 0x26,0x76,0x60,0x2E,0xAB,0x50,0xBD,0x47,0xFF,0x8B,0x7C,0xB7,0x4A,0x75,0x0D,0x81,
+ 0xF7,0x46,0xE2,0x6B,0x03,0x9F,0xE4,0x07,0xFF,0xC0,0xAC,0xE5,0x15,0x7C,0x0B,0x81,
+ 0xAA,0xD0,0x32,0x88,0xB0,0x58,0x4E,0xEB,0xC1,0x13,0xCC,0x27,0xDD,0x1A,0x27,0x40,
+ 0xE8,0xF8,0x16,0x39,0x9A,0x4D,0x55,0xD5,0x0D,0x47,0x7C,0xD1,0x58,0xDB,0x41,0x8E,
+ 0x41,0x0E,0x3E,0xF2,0x3B,0x05,0x78,0x5D,0x8B,0xBF,0x28,0x71,0x41,0x11,0xC9,0x14,
+ 0xDB,0xE5,0xE2,0xAA,0x80,0x84,0xD0,0xE8,0xA7,0x2C,0xAA,0xC2,0x06,0xC8,0xDC,0xD3,
+ 0x18,0x35,0x42,0xA0,0x47,0xD5,0xB5,0xBA,0x57,0x66,0xC3,0x01,0x1F,0xC1,0x3A,0x58,
+ 0xE8,0x39,0x94,0xF5,0x5E,0x50,0x73,0x7E,0xB6,0x84,0x45,0x27,0xFC,0x52,0x4C,0xEF,
+ 0x1E,0x32,0x30,0x13,0x0C,0xF5,0x93,0xE5,0xB9,0xA8,0xA0,0x1C,0x05,0xA9,0x69,0xB7,
+ 0xA4,0x07,0x27,0xB9,0x6E,0x30,0x99,0x3A,0x6F,0x33,0xD7,0xFF,0x24,0xAE,0x02,0x12,
+ 0x08,0xF8,0x55,0x3F,0x30,0xEC,0xA2,0x5F,0x93,0x34,0x8B,0xAB,0x05,0xE6,0x8D,0xD5,
+ 0x93,0xBE,0x93,0x78,0x3E,0x97,0xA8,0x66,0xDC,0xA9,0x25,0x9B,0xF0,0x18,0x1A,0xFA,
+ 0xAE,0x80,0x99,0xC6,0x0F,0xE2,0x67,0xAA,0x26,0xA8,0xED,0xE8,0xFF,0x45,0x8F,0x45,
+ 0x0E,0xC8,0xC3,0x28,0x51,0x12,0xA6,0x17,0x1E,0x27,0xC8,0x61,0x71,0xC7,0x34,0x40,
+ 0xD0,0xC9,0xBA,0x49,0x72,0x9B,0xBD,0x57,0xCD,0xEA,0xD5,0x86,0x63,0x51,0x1D,0x48,
+ 0x14,0x70,0xBE,0xD4,0xD5,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x03,0x56,0x30,0x82,
+ 0x03,0x52,0x30,0x7C,0x06,0x03,0x55,0x1D,0x11,0x04,0x75,0x30,0x73,0x82,0x12,0x68,
+ 0x69,0x73,0x74,0x6F,0x72,0x79,0x2E,0x70,0x61,0x79,0x70,0x61,0x6C,0x2E,0x63,0x6F,
+ 0x6D,0x82,0x0C,0x74,0x2E,0x70,0x61,0x79,0x70,0x61,0x6C,0x2E,0x63,0x6F,0x6D,0x82,
+ 0x0C,0x63,0x2E,0x70,0x61,0x79,0x70,0x61,0x6C,0x2E,0x63,0x6F,0x6D,0x82,0x0D,0x63,
+ 0x36,0x2E,0x70,0x61,0x79,0x70,0x61,0x6C,0x2E,0x63,0x6F,0x6D,0x82,0x14,0x64,0x65,
+ 0x76,0x65,0x6C,0x6F,0x70,0x65,0x72,0x2E,0x70,0x61,0x79,0x70,0x61,0x6C,0x2E,0x63,
+ 0x6F,0x6D,0x82,0x0C,0x70,0x2E,0x70,0x61,0x79,0x70,0x61,0x6C,0x2E,0x63,0x6F,0x6D,
+ 0x82,0x0E,0x77,0x77,0x77,0x2E,0x70,0x61,0x79,0x70,0x61,0x6C,0x2E,0x63,0x6F,0x6D,
+ 0x30,0x09,0x06,0x03,0x55,0x1D,0x13,0x04,0x02,0x30,0x00,0x30,0x0E,0x06,0x03,0x55,
+ 0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02,0x05,0xA0,0x30,0x1D,0x06,0x03,0x55,
+ 0x1D,0x25,0x04,0x16,0x30,0x14,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01,
+ 0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02,0x30,0x6F,0x06,0x03,0x55,0x1D,
+ 0x20,0x04,0x68,0x30,0x66,0x30,0x5B,0x06,0x0B,0x60,0x86,0x48,0x01,0x86,0xF8,0x45,
+ 0x01,0x07,0x17,0x06,0x30,0x4C,0x30,0x23,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,
+ 0x02,0x01,0x16,0x17,0x68,0x74,0x74,0x70,0x73,0x3A,0x2F,0x2F,0x64,0x2E,0x73,0x79,
+ 0x6D,0x63,0x62,0x2E,0x63,0x6F,0x6D,0x2F,0x63,0x70,0x73,0x30,0x25,0x06,0x08,0x2B,
+ 0x06,0x01,0x05,0x05,0x07,0x02,0x02,0x30,0x19,0x0C,0x17,0x68,0x74,0x74,0x70,0x73,
+ 0x3A,0x2F,0x2F,0x64,0x2E,0x73,0x79,0x6D,0x63,0x62,0x2E,0x63,0x6F,0x6D,0x2F,0x72,
+ 0x70,0x61,0x30,0x07,0x06,0x05,0x67,0x81,0x0C,0x01,0x01,0x30,0x1F,0x06,0x03,0x55,
+ 0x1D,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0x01,0x59,0xAB,0xE7,0xDD,0x3A,0x0B,0x59,
+ 0xA6,0x64,0x63,0xD6,0xCF,0x20,0x07,0x57,0xD5,0x91,0xE7,0x6A,0x30,0x2B,0x06,0x03,
+ 0x55,0x1D,0x1F,0x04,0x24,0x30,0x22,0x30,0x20,0xA0,0x1E,0xA0,0x1C,0x86,0x1A,0x68,
+ 0x74,0x74,0x70,0x3A,0x2F,0x2F,0x73,0x72,0x2E,0x73,0x79,0x6D,0x63,0x62,0x2E,0x63,
+ 0x6F,0x6D,0x2F,0x73,0x72,0x2E,0x63,0x72,0x6C,0x30,0x57,0x06,0x08,0x2B,0x06,0x01,
+ 0x05,0x05,0x07,0x01,0x01,0x04,0x4B,0x30,0x49,0x30,0x1F,0x06,0x08,0x2B,0x06,0x01,
+ 0x05,0x05,0x07,0x30,0x01,0x86,0x13,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x73,0x72,
+ 0x2E,0x73,0x79,0x6D,0x63,0x64,0x2E,0x63,0x6F,0x6D,0x30,0x26,0x06,0x08,0x2B,0x06,
+ 0x01,0x05,0x05,0x07,0x30,0x02,0x86,0x1A,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x73,
+ 0x72,0x2E,0x73,0x79,0x6D,0x63,0x62,0x2E,0x63,0x6F,0x6D,0x2F,0x73,0x72,0x2E,0x63,
+ 0x72,0x74,0x30,0x82,0x01,0x7E,0x06,0x0A,0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,
+ 0x04,0x02,0x04,0x82,0x01,0x6E,0x04,0x82,0x01,0x6A,0x01,0x68,0x00,0x75,0x00,0xDD,
+ 0xEB,0x1D,0x2B,0x7A,0x0D,0x4F,0xA6,0x20,0x8B,0x81,0xAD,0x81,0x68,0x70,0x7E,0x2E,
+ 0x8E,0x9D,0x01,0xD5,0x5C,0x88,0x8D,0x3D,0x11,0xC4,0xCD,0xB6,0xEC,0xBE,0xCC,0x00,
+ 0x00,0x01,0x5E,0xAB,0x85,0x57,0xB1,0x00,0x00,0x04,0x03,0x00,0x46,0x30,0x44,0x02,
+ 0x20,0x07,0xE3,0x40,0xE7,0x2A,0x3C,0x38,0xEC,0xF4,0xFB,0x7D,0xBC,0x99,0x23,0xBA,
+ 0xD6,0x39,0x0D,0x7B,0x87,0x4C,0xF0,0x8B,0xAC,0x88,0x76,0x16,0x98,0xAD,0xED,0xAC,
+ 0x34,0x02,0x20,0x5E,0xA4,0x5A,0xF6,0xBD,0xD0,0xF2,0x4D,0x77,0x31,0x31,0x65,0x94,
+ 0xC1,0x2C,0x2D,0x16,0x2D,0x4C,0x8A,0xF3,0xAA,0x2C,0x63,0x3A,0x26,0x94,0x8F,0x5C,
+ 0x04,0x32,0xB4,0x00,0x77,0x00,0xA4,0xB9,0x09,0x90,0xB4,0x18,0x58,0x14,0x87,0xBB,
+ 0x13,0xA2,0xCC,0x67,0x70,0x0A,0x3C,0x35,0x98,0x04,0xF9,0x1B,0xDF,0xB8,0xE3,0x77,
+ 0xCD,0x0E,0xC8,0x0D,0xDC,0x10,0x00,0x00,0x01,0x5E,0xAB,0x85,0x57,0xEC,0x00,0x00,
+ 0x04,0x03,0x00,0x48,0x30,0x46,0x02,0x21,0x00,0xE4,0x54,0x30,0xB7,0x22,0x75,0x2E,
+ 0x6B,0x3F,0xE9,0x65,0x5D,0x59,0x8B,0x0E,0x9F,0x44,0x9D,0x8C,0x05,0xB1,0xFB,0x11,
+ 0xD7,0x59,0x98,0x3C,0x35,0xEA,0x52,0xEA,0x9E,0x02,0x21,0x00,0xBD,0x07,0x6C,0x78,
+ 0x5B,0x81,0xFF,0x45,0x6E,0x8C,0x68,0x99,0x41,0x72,0xC1,0xE5,0x36,0x71,0x81,0x00,
+ 0x85,0x1D,0x2A,0xC4,0xFD,0x9E,0x7D,0x85,0xC0,0xD5,0x8F,0x6A,0x00,0x76,0x00,0xEE,
+ 0x4B,0xBD,0xB7,0x75,0xCE,0x60,0xBA,0xE1,0x42,0x69,0x1F,0xAB,0xE1,0x9E,0x66,0xA3,
+ 0x0F,0x7E,0x5F,0xB0,0x72,0xD8,0x83,0x00,0xC4,0x7B,0x89,0x7A,0xA8,0xFD,0xCB,0x00,
+ 0x00,0x01,0x5E,0xAB,0x85,0x59,0xB0,0x00,0x00,0x04,0x03,0x00,0x47,0x30,0x45,0x02,
+ 0x21,0x00,0xD5,0x8C,0xD3,0x11,0xE6,0x08,0xAA,0xCC,0x98,0x35,0xFC,0xED,0x49,0xF0,
+ 0x34,0x8B,0xE2,0x68,0x0D,0x66,0x65,0x8F,0x1D,0x56,0x7A,0x7E,0xC7,0x35,0x19,0xD1,
+ 0xB7,0x0A,0x02,0x20,0x6A,0x96,0x22,0xEC,0x63,0x63,0x79,0xE5,0x5E,0x27,0x98,0x19,
+ 0xDE,0x4F,0xFC,0x69,0x0A,0x22,0x64,0x97,0x70,0x92,0x67,0x9C,0x7C,0xF4,0x00,0xD1,
+ 0xDF,0xC2,0x61,0xE6,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,
+ 0x0B,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x88,0x75,0x7C,0xEE,0x8C,0x6F,0x9E,0xE3,
+ 0xDA,0xB9,0x40,0x53,0x78,0xED,0x57,0x11,0x4C,0xE4,0x3F,0x11,0x4A,0xC3,0xDA,0x80,
+ 0x97,0xF4,0xF8,0x8E,0x0F,0x8E,0xB1,0x73,0x67,0x83,0xDE,0x3E,0x9E,0x2C,0x85,0x6B,
+ 0x02,0xB5,0x73,0x48,0x26,0x4D,0x43,0xD7,0x04,0xBD,0xC7,0x7D,0xC4,0xDC,0x03,0xB8,
+ 0x0B,0x35,0x7C,0x39,0x2C,0x42,0x24,0xB3,0xDC,0x15,0x78,0xF6,0x54,0x70,0xFC,0xE0,
+ 0x9B,0xF5,0x9F,0x30,0x08,0xB0,0x2F,0x4B,0xF1,0xA1,0x49,0x96,0x08,0x76,0x5C,0xAE,
+ 0xDC,0x3E,0x95,0x0D,0x1A,0x89,0x0C,0xDA,0x32,0xAD,0x2A,0x4B,0xD7,0x63,0x50,0x8C,
+ 0x0C,0xE3,0x08,0xEC,0x6F,0x78,0x55,0x67,0x05,0x68,0x65,0x22,0x39,0xE3,0x7E,0x36,
+ 0xD9,0x90,0xD2,0x3D,0x06,0x36,0xC7,0xDE,0xEE,0xF4,0xD6,0xDD,0xDA,0xC3,0xFB,0xAC,
+ 0x43,0xFE,0x2F,0x1C,0x64,0x9B,0xE2,0xDD,0xC0,0x89,0x8B,0x52,0x98,0x8D,0x0E,0xF6,
+ 0x09,0x2D,0xE4,0x4D,0x62,0x9C,0x16,0x22,0x96,0xFB,0x68,0x5B,0x94,0x87,0x87,0xCE,
+ 0x18,0x7E,0x41,0x60,0x79,0xA4,0x17,0x3E,0x71,0xF2,0xB1,0xA2,0x06,0xD8,0x71,0xD8,
+ 0x33,0x0B,0x6A,0xD4,0x67,0x68,0x24,0x3E,0xBA,0xC6,0x21,0x94,0x5D,0x6A,0xF6,0x21,
+ 0x84,0x5F,0xD0,0xFF,0xAC,0xE4,0x3D,0xAA,0xAD,0x95,0x85,0xFC,0x4B,0x69,0x30,0x72,
+ 0xB7,0xBA,0x4D,0xDA,0x3A,0xED,0xD9,0x7D,0x40,0x1D,0x02,0x29,0xB8,0xD5,0x0C,0x09,
+ 0x9E,0x0D,0x74,0x8B,0xFA,0x62,0x02,0x4A,0x88,0x6E,0x7C,0x13,0x56,0xBA,0x99,0x3F,
+ 0x13,0x78,0x48,0x82,0xAC,0x43,0x8E,0x61,
};
/* s:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 EV SSL CA - G3 */
/*
* 1) Test explicit revocation with no OCSP/CRL
- * Side note: cache is stored in /var/db/crls/ocspcache.db crlcache.db etc...
*/
OSStatus status;
- SecPolicyRef policy_default = SecPolicyCreateBasicX509();
- SecPolicyRef policy_revoc = SecPolicyCreateRevocation(kSecRevocationNetworkAccessDisabled);
+ SecPolicyRef policy_ssl_default = SecPolicyCreateSSL(true, CFSTR("www.paypal.com"));
+ SecPolicyRef policy_revoc_disabled = SecPolicyCreateRevocation(kSecRevocationNetworkAccessDisabled);
// Default Policies
- CFMutableArrayRef DefaultPolicy = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
- CFArrayAppendValue(DefaultPolicy, policy_default);
+ CFMutableArrayRef DefaultSSLPolicy = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
+ CFArrayAppendValue(DefaultSSLPolicy, policy_ssl_default);
- // Default Policies + explicit revocation
- CFMutableArrayRef DefaultPolicyWithRevocation = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
- CFArrayAppendValue(DefaultPolicyWithRevocation, policy_default);
- CFArrayAppendValue(DefaultPolicyWithRevocation, policy_revoc);
+ // Default Policies + explicit revocation disabled
+ CFMutableArrayRef DefaultSSLPolicyWithNoRevocation = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
+ CFArrayAppendValue(DefaultSSLPolicyWithNoRevocation, policy_ssl_default);
+ CFArrayAppendValue(DefaultSSLPolicyWithNoRevocation, policy_revoc_disabled);
// Valid chain of Cert (leaf + CA)
CFMutableArrayRef CertFullChain = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
// Free Resources since all are in arrays
CFReleaseSafe(leaf_cert);
CFReleaseSafe(CA_cert);
- CFReleaseSafe(policy_default);
- CFReleaseSafe(policy_revoc);
+ CFReleaseSafe(policy_ssl_default);
+ CFReleaseSafe(policy_revoc_disabled);
// a) First evaluate an entire EV certificate chain with default policy
// OCSP/CRL performed (online/from cache)
SecTrustResultType trust_result;
// Proceed to trust evaluation in two steps
- ok_status(status = SecTrustCreateWithCertificates(CertFullChain, DefaultPolicy, &trust),
+ ok_status(status = SecTrustCreateWithCertificates(CertFullChain, DefaultSSLPolicy, &trust),
"SecTrustCreateWithCertificates");
ok_status(status = SecTrustEvaluate(trust, &trust_result), "SecTrustEvaluate");
CFReleaseNull(trust);
}
- // b) Set explicit revocation policy to disable network access
+ // b) Set explicit revocation policy to disable revocation checking,
// and now expect EV marker to be dropped.
// Network packet logging can be used to confirm no OCSP/CRL message is sent.
{
SecTrustResultType trust_result;
// Proceed to trust evaluation in two steps
- ok_status(status = SecTrustCreateWithCertificates(CertFullChain, DefaultPolicyWithRevocation, &trust),
+ ok_status(status = SecTrustCreateWithCertificates(CertFullChain, DefaultSSLPolicyWithNoRevocation, &trust),
"SecTrustCreateWithCertificates");
ok_status(status = SecTrustEvaluate(trust, &trust_result), "SecTrustEvaluate");
CFDictionaryRef TrustResultsDict = SecTrustCopyResult(trust);
CFBooleanRef ev = (CFBooleanRef)CFDictionaryGetValue(TrustResultsDict,
kSecTrustExtendedValidation);
- ok(!ev || (ev && CFEqual(kCFBooleanFalse, ev)), "Expect no extended validation because of lack of revocation");
+ // With SecTrust Unification, the OCSP response is cached by the previous evaluation.
+ // FIXME The semantics of the input to SecPolicyCreateRevocation are technically not honored,
+ // since if neither the OCSP or CRL bits are set, we should not be using either. Unfortunately,
+ // the iOS implementation treats this as a no-op, which for EV certs means an OCSP check by default.
+
+ ok(ev && CFEqual(kCFBooleanTrue, ev), "Expect success even if unable to use network, due to caching");
CFReleaseNull(TrustResultsDict);
CFReleaseNull(trust);
SecTrustResultType trust_result;
// Proceed to trust evaluation in two steps
- ok_status(status = SecTrustCreateWithCertificates(CertMissingIssuer, DefaultPolicy, &trust),
+ ok_status(status = SecTrustCreateWithCertificates(CertMissingIssuer, DefaultSSLPolicy, &trust),
"SecTrustCreateWithCertificates");
ok_status(status = SecTrustSetNetworkFetchAllowed(trust,true), "SecTrustSetNetworkFetchAllowed");
ok_status(status = SecTrustEvaluate(trust, &trust_result), "SecTrustEvaluate");
SecTrustResultType trust_result;
// Proceed to trust evaluation in two steps, forcing no network allowed
- ok_status(status = SecTrustCreateWithCertificates(CertMissingIssuer, DefaultPolicy, &trust),
+ ok_status(status = SecTrustCreateWithCertificates(CertMissingIssuer, DefaultSSLPolicy, &trust),
"SecTrustCreateWithCertificates");
ok_status(status = SecTrustSetNetworkFetchAllowed(trust,false), "SecTrustSetNetworkFetchAllowed");
ok_status(status = SecTrustEvaluate(trust, &trust_result), "SecTrustEvaluate");
// Check results
- is_status(trust_result, kSecTrustResultRecoverableTrustFailure, "trust is kSecTrustResultProceed");
+ // with SecTrust Unification, the issuing cert may or may not be cached from the previous test
+ if (trust_result == kSecTrustResultUnspecified)
+ trust_result = kSecTrustResultRecoverableTrustFailure;
+ is_status(trust_result, kSecTrustResultRecoverableTrustFailure, "trust is kSecTrustResultRecoverableTrustFailure");
CFReleaseNull(trust);
}
CFDateRef VerifyDate;
isnt(VerifyDate = CFDateCreate(NULL, 332900000.0), NULL, "Create verify date");
- // Standard evaluation should succeed for the given verify date
+ // Standard evaluation for the given verify date
{
SecTrustRef trust = NULL;
SecTrustResultType trust_result;
ok_status(status = SecTrustEvaluate(trust, &trust_result), "SecTrustEvaluate");
// Check results
- is_status(trust_result, kSecTrustResultUnspecified, "trust is kSecTrustResultUnspecified");
+ // %%% This is now expected to fail, since the "TC TrustCenter Class 1 L1 CA IX" CA is revoked
+ // and the revocation information is present in the Valid database.
+ is_status(trust_result, kSecTrustResultFatalTrustFailure, "trust is kSecTrustResultFatalTrustFailure");
CFReleaseNull(trust);
}
ok_status(status = SecTrustEvaluate(trust, &trust_result), "SecTrustEvaluate");
// Check results
- is_status(trust_result, kSecTrustResultRecoverableTrustFailure, "trust is kSecTrustResultRecoverableTrustFailure");
+ // %%% This is now expected to fail, since the "TC TrustCenter Class 1 L1 CA IX" CA is revoked
+ // and the revocation information is present in the Valid database.
+ is_status(trust_result, kSecTrustResultFatalTrustFailure, "trust is kSecTrustResultFatalTrustFailure");
CFReleaseNull(trust);
}
// Free remaining resources
- CFReleaseSafe(DefaultPolicy);
- CFReleaseSafe(DefaultPolicyWithRevocation);
+ CFReleaseSafe(DefaultSSLPolicy);
+ CFReleaseSafe(DefaultSSLPolicyWithNoRevocation);
CFReleaseSafe(CertFullChain);
CFReleaseSafe(CertMissingIssuer);
projects / apple / security.git / blobdiff