1# 2# Test for cross-signed cert detect, Radar 4566041 3# WARNING this results in a hang when running with a Security.framework in which 4# 4566041 is not fixed. 5# 6globals 7allowUnverified = true 8crlNetFetchEnable = false 9certNetFetchEnable = false 10useSystemAnchors = false 11end 12 13test = "Plain in-memory cross signed detect" 14cert = SOA1-SOA2.pem 15cert = SOA2-SOA1.pem 16# specify verify time so this test will always be valid 17verifyTime = 20060601000000 18leafCertIsCA = true 19error = CSSMERR_TP_NOT_TRUSTED 20# verify we got both certs - IS_IN_INPUT_CERTS 21certstatus = 1:0x4 22end 23 24test = "verify with DB containing one cert" 25cert = SOA2-SOA1.pem 26certDb = crossSigned1.db 27# specify verify time so this test will always be valid 28verifyTime = 20060601000000 29leafCertIsCA = true 30error = CSSMERR_TP_NOT_TRUSTED 31# verify we got both certs 32certstatus = 1:0 33end 34 35test = "verify with DB containing both certs" 36cert = SOA2-SOA1.pem 37certDb = crossSignedBoth.db 38# specify verify time so this test will always be valid 39verifyTime = 20060601000000 40leafCertIsCA = true 41error = CSSMERR_TP_NOT_TRUSTED 42# verify we got both certs 43certstatus = 1:0 44end 45