1# 2# Verify fix for 3855635, which ensures that CSSM_CERT_STATUS_IS_IN_ANCHORS and 3# CSSM_CERT_STATUS_IS_IN_INPUT_CERTS are correctly generated for all combinations 4# of conditions they represent. Before the fix, the TP considered these to 5# to be mutually exclusive. 6# 7# 8# Assumes the presence of two certs: one for amazon.com and the root that signed it. 9# The former can be regenerated on expiration via sslViewer's f option. The latter 10# can be recreated with the certChain program. There are also two keychains in 11# this directory, each containing exactly one of those certs. If you recreate the certs 12# be sure to replace the certs in the corresponding keychain. 13# 14globals 15allowUnverified = true 16crlNetFetchEnable = false 17certNetFetchEnable = false 18useSystemAnchors = true 19end 20 21# Note the amazon cert expired 11/27/2007; let's just keep using 22# it by specifying a verify time. 23 24#test = "Baseline, implicit root, no DLDB" 25#cert = amazon_v3.100.cer 26#verifyTime = 20071120000000 27# CSSM_CERT_STATUS_IS_IN_INPUT_CERTS 28#certstatus = 0:0x4 29# CSSM_CERT_STATUS_IS_IN_ANCHORS | CSSM_CERT_STATUS_IS_ROOT 30#certstatus = 1:0x18 ### not in anchors any more, so only 1 cert in chain 31#end 32 33#test = "Baseline, explicit root, no DLDB" 34#cert = amazon_v3.100.cer 35#cert = root_1.cer 36#verifyTime = 20071120000000 37# CSSM_CERT_STATUS_IS_IN_INPUT_CERTS 38#certstatus = 0:0x4 39# CSSM_CERT_STATUS_IS_IN_ANCHORS | CSSM_CERT_STATUS_IS_ROOT | CSSM_CERT_STATUS_IS_IN_INPUT_CERTS 40# certstatus = 1:0x1C ### not in anchors any more 41# CSSM_CERT_STATUS_IS_ROOT | CSSM_CERT_STATUS_IS_IN_INPUT_CERTS 42#certstatus = 1:0x14 43#end 44 45#test = "Leaf is in DB" 46#cert = amazon_v3.100.cer 47#certDb = dbWithLeaf.db 48#verifyTime = 20071120000000 49# CSSM_CERT_STATUS_IS_IN_INPUT_CERTS 50#certstatus = 0:0x4 51# CSSM_CERT_STATUS_IS_IN_ANCHORS | CSSM_CERT_STATUS_IS_ROOT 52# certstatus = 1:0x18 ### not in anchors any more, so only 1 cert in chain 53#end 54 55#test = "Implicit root is in DB" 56#cert = amazon_v3.100.cer 57#certDb = dbWithRoot.db 58#verifyTime = 20071120000000 59# CSSM_CERT_STATUS_IS_IN_INPUT_CERTS 60#certstatus = 0:0x4 61# CSSM_CERT_STATUS_IS_IN_ANCHORS | CSSM_CERT_STATUS_IS_ROOT 62#certstatus = 1:0x18 ### not in anchors any more 63# CSSM_CERT_STATUS_IS_ROOT 64#certstatus = 1:0x10 65#end 66 67#test = "Explicit root is in DB" 68#cert = amazon_v3.100.cer 69#cert = root_1.cer 70#certDb = dbWithRoot.db 71#verifyTime = 20071120000000 72# CSSM_CERT_STATUS_IS_IN_INPUT_CERTS 73#certstatus = 0:0x4 74# CSSM_CERT_STATUS_IS_IN_ANCHORS | CSSM_CERT_STATUS_IS_ROOT | CSSM_CERT_STATUS_IS_IN_INPUT_CERTS 75# certstatus = 1:0x1C ### not in anchors any more 76# CSSM_CERT_STATUS_IS_ROOT | CSSM_CERT_STATUS_IS_IN_INPUT_CERTS 77#certstatus = 1:0x14 78#end 79 80