• Home
  • History
  • Annotate
  • Line#
  • Navigate
  • Raw
  • Download
  • only in /macosx-10.10.1/Security-57031.1.35/SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/
1# 
2# OCSP verfication of certs obtained from SSL sites
3#
4globals
5certNetFetchEnable = false
6useSystemAnchors = true
7# alternate these two on successful runs, flip either one for failure
8allowUnverified = true
9requireOcspIfPresent = false
10cacheDisable = false
11end
12###
13### all these (until further notice) do OCSP via ocsp.verisign.com
14###
15echo "================================="
16test = "www.amazon.com"
17revokePolicy = ocsp
18cert = amazon_v3.100.cer
19sslHost = www.amazon.com
20requireOcspIfPresent = true
21end
22echo "================================="
23test = "www.cduniverse.com"
24revokePolicy = ocsp
25cert = cduniverse_v3.000.cer
26sslHost = www.cduniverse.com
27allowUnverified = false
28end
29echo "================================="
30test = "store.apple.com, allowing unverified"
31revokePolicy = ocsp
32# leaf has ocsp accessMethod in AIA, intermediate doesn't
33allowUnverified = true
34cert = apple_v3.000.cer
35cert = apple_v3.001.cer
36sslHost = store.apple.com
37certerror = 1:APPLETP_OCSP_UNAVAILABLE
38end
39echo "================================="
40test = "store.apple.com, require OCSP if present"
41revokePolicy = ocsp
42# leaf has ocsp accessMethod in AIA, intermediate doesn't
43requireOcspIfPresent = true
44cert = apple_v3.000.cer
45cert = apple_v3.001.cer
46sslHost = store.apple.com
47certerror = 1:APPLETP_OCSP_UNAVAILABLE
48end
49echo "================================="
50test = "store.apple.com, require OCSP for all, fail"
51revokePolicy = ocsp
52# leaf has ocsp accessMethod in AIA, intermediate doesn't
53allowUnverified = false
54cert = apple_v3.000.cer
55cert = apple_v3.001.cer
56sslHost = store.apple.com
57certerror = 1:APPLETP_OCSP_UNAVAILABLE
58error = APPLETP_OCSP_UNAVAILABLE
59end
60echo "================================="
61test = "store.apple.com, require OCSP if present, disable net, fail"
62revokePolicy = ocsp
63# leaf has ocsp accessMethod in AIA, intermediate doesn't
64requireOcspIfPresent = true
65ocspNetFetchDisable = true
66cacheDisable = true
67cert = apple_v3.000.cer
68cert = apple_v3.001.cer
69sslHost = store.apple.com
70certerror = 1:APPLETP_OCSP_UNAVAILABLE
71error = APPLETP_OCSP_UNAVAILABLE
72end
73echo "================================="
74test = "www.verisign.com"
75revokePolicy = ocsp
76# leaf has ocsp accessMethod in AIA, intermediate doesn't
77allowUnverified = true
78cert = verisign_v3.100.cer
79cert = verisign_v3.101.cer
80#
81# This one is the root, which SSL server sent us. 
82# Leave it in for variety.
83#
84cert = verisign_v3.102.cer
85sslHost = www.verisign.com
86certerror = 1:APPLETP_OCSP_UNAVAILABLE
87end
88echo "================================="
89test = "accounts2.keybank.com"
90revokePolicy = ocsp
91# leaf has ocsp accessMethod in AIA, intermediate doesn't
92allowUnverified = true
93cert = keybank_v3.100.cer
94cert = keybank_v3.101.cer
95#
96# This one is the root, which SSL server sent us. 
97# Leave it in for variety.
98#
99cert = keybank_v3.102.cer
100sslHost = accounts2.keybank.com
101certerror = 1:APPLETP_OCSP_UNAVAILABLE
102end
103echo "================================="
104test = "secure.authorize.net"
105revokePolicy = ocsp
106# leaf has ocsp accessMethod in AIA, intermediate doesn't
107allowUnverified = true
108cert = secauth_v3.100.cer
109cert = secauth_v3.101.cer
110sslHost = secure.authorize.net
111certerror = 1:APPLETP_OCSP_UNAVAILABLE
112end
113###
114### OCSP via ocsp.thawte.com
115###
116echo "================================="
117test = "www.proteron.com"
118revokePolicy = ocsp
119requireOcspIfPresent = true
120cert = proteron_v3.100.cer
121sslHost = www.proteron.com
122end
123#
124# misc. others
125#
126echo "================================="
127test = "www.wellsfargo.com"
128revokePolicy = ocsp
129requireOcspIfPresent = true
130cert = wellsfargo_v3.100.cer
131cert = wellsfargo_v3.101.cer
132sslHost = www.wellsfargo.com
133end
134echo "================================="
135test = "www.certum.pl"
136revokePolicy = ocsp
137requireOcspIfPresent = true
138cert = certum_v3.100.cer
139cert = certum_v3.101.cer
140sslHost = www.certum.pl
141# this, because we don't have the root, instead of APPLETP_OCSP_BAD_RESPONSE
142# which Radar 4158052 causes
143error = TP_NOT_TRUSTED
144end
145