• Home
  • History
  • Annotate
  • Line#
  • Navigate
  • Raw
  • Download
  • only in /macosx-10.10.1/Security-57031.1.35/SecurityTests/clxutils/certcrl/testSubjects/anchorAndDb/
1#
2# Verify fix for 3855635, which ensures that CSSM_CERT_STATUS_IS_IN_ANCHORS and
3# CSSM_CERT_STATUS_IS_IN_INPUT_CERTS are correctly generated for all combinations
4# of conditions they represent. Before the fix, the TP considered these to 
5# to be mutually exclusive.
6#
7#
8# Assumes the presence of two certs: one for amazon.com and the root that signed it.
9# The former can be regenerated on expiration via sslViewer's f option. The latter
10# can be recreated with the certChain program. There are also two keychains in
11# this directory, each containing exactly one of those certs. If you recreate the certs
12# be sure to replace the certs in the corresponding keychain.
13#
14globals
15allowUnverified = true
16crlNetFetchEnable = false
17certNetFetchEnable = false
18useSystemAnchors = true
19end
20
21# Note the amazon cert expired 11/27/2007; let's just keep using 
22# it by specifying a verify time.
23
24#test = "Baseline, implicit root, no DLDB"
25#cert = amazon_v3.100.cer
26#verifyTime = 20071120000000
27# CSSM_CERT_STATUS_IS_IN_INPUT_CERTS
28#certstatus = 0:0x4
29# CSSM_CERT_STATUS_IS_IN_ANCHORS | CSSM_CERT_STATUS_IS_ROOT
30#certstatus = 1:0x18  ### not in anchors any more, so only 1 cert in chain
31#end
32
33#test = "Baseline, explicit root, no DLDB"
34#cert = amazon_v3.100.cer
35#cert = root_1.cer
36#verifyTime = 20071120000000
37# CSSM_CERT_STATUS_IS_IN_INPUT_CERTS
38#certstatus = 0:0x4
39# CSSM_CERT_STATUS_IS_IN_ANCHORS | CSSM_CERT_STATUS_IS_ROOT | CSSM_CERT_STATUS_IS_IN_INPUT_CERTS
40# certstatus = 1:0x1C  ### not in anchors any more
41# CSSM_CERT_STATUS_IS_ROOT | CSSM_CERT_STATUS_IS_IN_INPUT_CERTS
42#certstatus = 1:0x14
43#end
44
45#test = "Leaf is in DB"
46#cert = amazon_v3.100.cer
47#certDb = dbWithLeaf.db
48#verifyTime = 20071120000000
49# CSSM_CERT_STATUS_IS_IN_INPUT_CERTS
50#certstatus = 0:0x4
51# CSSM_CERT_STATUS_IS_IN_ANCHORS | CSSM_CERT_STATUS_IS_ROOT
52# certstatus = 1:0x18  ### not in anchors any more, so only 1 cert in chain
53#end
54
55#test = "Implicit root is in DB"
56#cert = amazon_v3.100.cer
57#certDb = dbWithRoot.db
58#verifyTime = 20071120000000
59# CSSM_CERT_STATUS_IS_IN_INPUT_CERTS
60#certstatus = 0:0x4
61# CSSM_CERT_STATUS_IS_IN_ANCHORS | CSSM_CERT_STATUS_IS_ROOT
62#certstatus = 1:0x18  ### not in anchors any more
63# CSSM_CERT_STATUS_IS_ROOT
64#certstatus = 1:0x10
65#end
66
67#test = "Explicit root is in DB"
68#cert = amazon_v3.100.cer
69#cert = root_1.cer
70#certDb = dbWithRoot.db
71#verifyTime = 20071120000000
72# CSSM_CERT_STATUS_IS_IN_INPUT_CERTS
73#certstatus = 0:0x4
74# CSSM_CERT_STATUS_IS_IN_ANCHORS | CSSM_CERT_STATUS_IS_ROOT | CSSM_CERT_STATUS_IS_IN_INPUT_CERTS
75# certstatus = 1:0x1C  ### not in anchors any more
76# CSSM_CERT_STATUS_IS_ROOT | CSSM_CERT_STATUS_IS_IN_INPUT_CERTS
77#certstatus = 1:0x14
78#end
79
80