• Home
  • History
  • Annotate
  • Line#
  • Navigate
  • Raw
  • Download
  • only in /macosx-10.10.1/Security-57031.1.35/SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/
1# 
2# CRL verfication of certs obtained from SSL sites
3#
4globals
5certNetFetchEnable = false
6crlNetFetchEnable = true
7useSystemAnchors = true
8# alternate these two on successful runs, flip either one for failure
9allowUnverified = true
10requireCrlIfPresent = false
11end
12###
13### all these (until further notice) get CRLs from crl.verisign.com
14###
15echo "================================="
16test = "www.amazon.com"
17revokePolicy = crl
18cert = amazon_v3.100.cer
19cert = amazon_v3.101.cer
20sslHost = www.amazon.com
21requireCrlIfPresent = true
22end
23echo "================================="
24test = "www.cduniverse.com"
25revokePolicy = crl
26cert = cduniverse_v3.100.cer
27cert = cduniverse_v3.101.cer
28sslHost = www.cduniverse.com
29allowUnverified = false
30end
31echo "================================="
32test = "store.apple.com"
33revokePolicy = crl
34allowUnverified = false
35cert = apple_v3.100.cer
36cert = apple_v3.101.cer
37sslHost = store.apple.com
38end
39echo "================================="
40test = "www.wellsfargo.com"
41revokePolicy = crl
42allowUnverified = false
43cert = wellsfargo_v3.100.cer
44cert = wellsfargo_v3.101.cer
45sslHost = www.wellsfargo.com
46end
47
48#echo "================================="
49#
50# this server's cert has expired and they don't have a new one yet 
51#
52#test = "www.xdss.com"
53#revokePolicy = crl
54#requireOcspIfPresent = true
55#cert = xdss_v3.100.cer
56#cert = xdss_v3.101.cer
57#sslHost = www.xdss.com
58#end
59echo "================================="
60test = "www.verisign.com"
61revokePolicy = crl
62allowUnverified = false
63cert = verisign_v3.100.cer
64cert = verisign_v3.101.cer
65#
66# This one is the root, which SSL server sent us. 
67# Leave it in for variety.
68#
69cert = verisign_v3.102.cer
70sslHost = www.verisign.com
71end
72echo "================================="
73test = "accounts.key.com"
74revokePolicy = crl
75allowUnverified = false
76cert = keybank_v3.100.cer
77cert = keybank_v3.101.cer
78#
79# This one is the root, which SSL server sent us. 
80# Leave it in for variety.
81#
82cert = keybank_v3.102.cer
83sslHost = accounts.key.com
84end
85echo "================================="
86test = "secure.authorize.net"
87revokePolicy = crl
88allowUnverified = false
89cert = secauth_v3.100.cer
90cert = secauth_v3.101.cer
91sslHost = secure.authorize.net
92end
93###
94### CRLs from crl.thawte.com
95###
96###
97### CRL from http://crl.geotrust.com, issued by Equifax
98###
99echo "================================="
100test = "www.firstamlink.com"
101revokePolicy = crl
102cert = firstamlink_v3.100.cer
103sslHost = www.firstamlink.com
104requireCrlIfPresent = true
105end
106
107#
108# cert and CRL from entrust
109# temp disabled...
110#
111#echo "================================="
112#test = "accesd.desjardins.com"
113#revokePolicy = crl
114#cert = entrust_v3.100.cer
115#cert = entrust_v3.101.cer
116#sslHost = accesd.desjardins.com
117#requireCrlIfPresent = true
118#end
119#
120# Secure Server Certification Authority
121# CRL http://SVRSecure-crl.verisign.com/SVRSecure.crl
122#
123echo "================================="
124test = "www.netfile.state.co.us"
125revokePolicy = crl
126requireCrlIfPresent = true
127cert = netfile.state.co_v3.100.cer
128cert = netfile.state.co_v3.101.cer
129sslHost = www.netfile.state.co.us
130end
131