Lines Matching refs:cert
20 my ($cert, $purpose, $trusted, $untrusted, @opts) = @_;
26 push(@args, srctop_file(@path, "$cert.pem"));
33 ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]),
37 ok(!verify("ee-cert", "sslserver", [qw(root-nonca)], [qw(ca-cert)]),
39 ok(!verify("ee-cert", "sslserver", [qw(nroot+serverAuth)], [qw(ca-cert)]),
41 ok(!verify("ee-cert", "sslserver", [qw(nroot+anyEKU)], [qw(ca-cert)]),
43 ok(!verify("ee-cert", "sslserver", [qw(root-cert2)], [qw(ca-cert)]),
45 ok(!verify("ee-cert", "sslserver", [qw(root-name2)], [qw(ca-cert)]),
50 ok(verify("ee-cert", "sslserver", [qw(sroot-cert)], [qw(ca-cert)]),
52 ok(!verify("ee-cert", "sslserver", [qw(croot-cert)], [qw(ca-cert)]),
54 ok(verify("ee-cert", "sslserver", [qw(root+serverAuth)], [qw(ca-cert)]),
56 ok(verify("ee-cert", "sslserver", [qw(sroot+serverAuth)], [qw(ca-cert)]),
58 ok(verify("ee-cert", "sslserver", [qw(croot+serverAuth)], [qw(ca-cert)]),
61 ok(verify("ee-cert", "sslserver", [qw(root+anyEKU)], [qw(ca-cert)]),
63 ok(verify("ee-cert", "sslserver", [qw(sroot+anyEKU)], [qw(ca-cert)]),
65 ok(verify("ee-cert", "sslserver", [qw(croot+anyEKU)], [qw(ca-cert)]),
68 ok(verify("ee-cert", "sslserver", [qw(root-clientAuth)], [qw(ca-cert)]),
70 ok(verify("ee-cert", "sslserver", [qw(sroot-clientAuth)], [qw(ca-cert)]),
72 ok(!verify("ee-cert", "sslserver", [qw(croot-clientAuth)], [qw(ca-cert)]),
75 ok(!verify("ee-cert", "sslserver", [qw(root+clientAuth)], [qw(ca-cert)]),
77 ok(!verify("ee-cert", "sslserver", [qw(sroot+clientAuth)], [qw(ca-cert)]),
79 ok(!verify("ee-cert", "sslserver", [qw(croot+clientAuth)], [qw(ca-cert)]),
82 ok(!verify("ee-cert", "sslserver", [qw(root-serverAuth)], [qw(ca-cert)]),
84 ok(!verify("ee-cert", "sslserver", [qw(sroot-serverAuth)], [qw(ca-cert)]),
86 ok(!verify("ee-cert", "sslserver", [qw(croot-serverAuth)], [qw(ca-cert)]),
89 ok(!verify("ee-cert", "sslserver", [qw(root-anyEKU)], [qw(ca-cert)]),
91 ok(!verify("ee-cert", "sslserver", [qw(sroot-anyEKU)], [qw(ca-cert)]),
93 ok(!verify("ee-cert", "sslserver", [qw(croot-anyEKU)], [qw(ca-cert)]),
99 ok(verify("ee-cert", "sslserver", [qw(root-serverAuth root-cert2 ca-root2)],
100 [qw(ca-cert)]),
102 ok(verify("ee-cert", "sslserver", [qw(root-cert root2+serverAuth ca-root2)],
103 [qw(ca-cert)]),
105 ok(!verify("ee-cert", "sslserver", [qw(root-cert root2-serverAuth ca-root2)],
106 [qw(ca-cert)]),
108 ok(!verify("ee-cert", "sslserver", [qw(root-cert root2+clientAuth ca-root2)],
109 [qw(ca-cert)]),
113 ok(!verify("ee-cert", "sslserver", [qw(root-cert)], [qw(ca-nonca)]),
115 ok(!verify("ee-cert", "sslserver", [qw(root-cert)], [qw(ca-nonbc)]),
117 ok(!verify("ee-cert", "sslserver", [qw(root-cert ca-nonca)], []),
119 ok(!verify("ee-cert", "sslserver", [qw(root-cert ca-nonbc)], []),
121 ok(!verify("ee-cert", "sslserver", [qw(root-cert nca+serverAuth)], []),
123 ok(!verify("ee-cert", "sslserver", [qw(root-cert nca+anyEKU)], []),
125 ok(!verify("ee-cert", "sslserver", [qw(root-cert)], [qw(ca-cert2)]),
127 ok(!verify("ee-cert", "sslserver", [qw(root-cert)], [qw(ca-name2)]),
129 ok(!verify("ee-cert", "sslserver", [qw(root-cert)], [qw(ca-root2)]),
131 ok(!verify("ee-cert", "sslserver", [], [qw(ca-cert)], "-partial_chain"),
133 ok(verify("ee-cert", "sslserver", [qw(ca-cert)], [], "-partial_chain"),
135 ok(!verify("ee-cert", "sslserver", [qw(ca-expired)], [], "-partial_chain"),
137 ok(!verify("ee-cert", "sslserver", [qw(root-expired)], [qw(ca-cert)]),
139 ok(verify("ee-cert", "sslserver", [qw(sca-cert)], [], "-partial_chain"),
141 ok(!verify("ee-cert", "sslserver", [qw(cca-cert)], [], "-partial_chain"),
143 ok(verify("ee-cert", "sslserver", [qw(ca+serverAuth)], [], "-partial_chain"),
145 ok(verify("ee-cert", "sslserver", [qw(cca+serverAuth)], [], "-partial_chain"),
147 ok(verify("ee-cert", "sslserver", [qw(ca-clientAuth)], [], "-partial_chain"),
149 ok(verify("ee-cert", "sslserver", [qw(ca+anyEKU)], [], "-partial_chain"),
151 ok(!verify("ee-cert", "sslserver", [], [qw(ca+serverAuth)], "-partial_chain"),
153 ok(!verify("ee-cert", "sslserver", [qw(ca-serverAuth)], [], "-partial_chain"),
155 ok(!verify("ee-cert", "sslserver", [qw(ca+clientAuth)], [], "-partial_chain"),
157 ok(!verify("ee-cert", "sslserver", [qw(ca-anyEKU)], [], "-partial_chain"),
163 ok(verify("ee-cert", "sslserver", [qw(root-cert ca+serverAuth)], [qw(ca-cert)]),
165 ok(verify("ee-cert", "sslserver", [qw(root-cert ca+anyEKU)], [qw(ca-cert)]),
167 ok(verify("ee-cert", "sslserver", [qw(root-cert sca-cert)], [qw(ca-cert)]),
169 ok(verify("ee-cert", "sslserver", [qw(root-cert sca+serverAuth)], [qw(ca-cert)]),
171 ok(verify("ee-cert", "sslserver", [qw(root-cert sca+anyEKU)], [qw(ca-cert)]),
173 ok(verify("ee-cert", "sslserver", [qw(root-cert sca-clientAuth)], [qw(ca-cert)]),
175 ok(verify("ee-cert", "sslserver", [qw(root-cert cca+serverAuth)], [qw(ca-cert)]),
177 ok(verify("ee-cert", "sslserver", [qw(root-cert cca+anyEKU)], [qw(ca-cert)]),
179 ok(!verify("ee-cert", "sslserver", [qw(root-cert cca-cert)], [qw(ca-cert)]),
181 ok(!verify("ee-cert", "sslserver", [qw(root-cert ca-anyEKU)], [qw(ca-cert)]),
183 ok(!verify("ee-cert", "sslserver", [qw(root-cert ca-serverAuth)], [qw(ca-cert)]),
185 ok(!verify("ee-cert", "sslserver", [qw(root-cert ca+clientAuth)], [qw(ca-cert)]),
187 ok(!verify("ee-cert", "sslserver", [qw(root-cert sca+clientAuth)], [qw(ca-cert)]),
189 ok(!verify("ee-cert", "sslserver", [qw(root-cert cca+clientAuth)], [qw(ca-cert)]),
191 ok(!verify("ee-cert", "sslserver", [qw(root-cert cca-serverAuth)], [qw(ca-cert)]),
193 ok(!verify("ee-cert", "sslserver", [qw(root-cert cca-clientAuth)], [qw(ca-cert)]),
195 ok(!verify("ee-cert", "sslserver", [qw(root-cert sca-serverAuth)], [qw(ca-cert)]),
197 ok(!verify("ee-cert", "sslserver", [qw(root-cert sca-anyEKU)], [qw(ca-cert)]),
199 ok(!verify("ee-cert", "sslserver", [qw(root-cert cca-anyEKU)], [qw(ca-cert)]),
203 ok(verify("ee-client", "sslclient", [qw(root-cert)], [qw(ca-cert)]),
205 ok(!verify("ee-client", "sslserver", [qw(root-cert)], [qw(ca-cert)]),
207 ok(!verify("ee-cert", "sslclient", [qw(root-cert)], [qw(ca-cert)]),
209 ok(!verify("ee-cert2", "sslserver", [qw(root-cert)], [qw(ca-cert)]),
211 ok(!verify("ee-name2", "sslserver", [qw(root-cert)], [qw(ca-cert)]),
213 ok(!verify("ee-expired", "sslserver", [qw(root-cert)], [qw(ca-cert)]),
215 ok(verify("ee-cert", "sslserver", [qw(ee-cert)], [], "-partial_chain"),
219 ok(!verify("ee-cert", "sslserver", [qw(ee-client)], [], "-partial_chain"),
221 ok(verify("ee-cert", "sslserver", [qw(ee+serverAuth)], [], "-partial_chain"),
223 ok(!verify("ee-cert", "sslserver", [qw(ee-serverAuth)], [], "-partial_chain"),
229 ok(verify("ee-pathlen", "sslserver", [qw(root-cert)], [qw(ca-cert)]),
231 ok(!verify("ee-pathlen", "sslserver", [qw(root-cert)], [qw(ca-cert)], "-x509_strict"),
235 ok(!verify("pc1-cert", "sslclient", [qw(root-cert)], [qw(ee-client ca-cert)]),
236 "fail to accept proxy cert without -allow_proxy_certs");
237 ok(verify("pc1-cert", "sslclient", [qw(root-cert)], [qw(ee-client ca-cert)],
239 "accept proxy cert 1");
240 ok(verify("pc2-cert", "sslclient", [qw(root-cert)], [qw(pc1-cert ee-client ca-cert)],
242 "accept proxy cert 2");
243 ok(!verify("bad-pc3-cert", "sslclient", [qw(root-cert)], [qw(pc1-cert ee-client ca-cert)],
245 "fail proxy cert with incorrect subject");
246 ok(!verify("bad-pc4-cert", "sslclient", [qw(root-cert)], [qw(pc1-cert ee-client ca-cert)],
248 "fail proxy cert with incorrect pathlen");
249 ok(verify("pc5-cert", "sslclient", [qw(root-cert)], [qw(pc1-cert ee-client ca-cert)],
251 "accept proxy cert missing proxy policy");
252 ok(!verify("pc6-cert", "sslclient", [qw(root-cert)], [qw(pc1-cert ee-client ca-cert)],
254 "failed proxy cert where last CN was added as a multivalue RDN component");
257 ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
259 ok(!verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "3"),
261 ok(verify("ee-cert", "sslserver", ["root-cert-768"], ["ca-cert-768i"], "-auth_level", "0"),
263 ok(!verify("ee-cert", "sslserver", ["root-cert-768"], ["ca-cert-768i"]),
265 ok(verify("ee-cert-768i", "sslserver", ["root-cert"], ["ca-cert-768"], "-auth_level", "0"),
267 ok(!verify("ee-cert-768i", "sslserver", ["root-cert"], ["ca-cert-768"]),
269 ok(verify("ee-cert-768", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "0"),
271 ok(!verify("ee-cert-768", "sslserver", ["root-cert"], ["ca-cert"]),
274 ok(verify("ee-cert", "sslserver", ["root-cert-md5"], ["ca-cert"], "-auth_level", "2"),
276 ok(verify("ee-cert", "sslserver", ["ca-cert-md5-any"], [], "-auth_level", "2"),
278 ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert-md5"], "-auth_level", "0"),
280 ok(!verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert-md5"]),
282 ok(verify("ee-cert-md5", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "0"),
284 ok(!verify("ee-cert-md5", "sslserver", ["root-cert"], ["ca-cert"]),
291 ok(verify("ee-cert-ec-explicit", "sslserver", ["root-cert"],
292 ["ca-cert-ec-named"]),
294 ok(verify("ee-cert-ec-named-explicit", "sslserver", ["root-cert"],
295 ["ca-cert-ec-explicit"]),
297 ok(!verify("ee-cert-ec-explicit", "sslserver", ["root-cert"],
298 ["ca-cert-ec-named"], "-x509_strict"),
300 ok(!verify("ee-cert-ec-named-explicit", "sslserver", ["root-cert"],
301 ["ca-cert-ec-explicit"], "-x509_strict"),
303 ok(verify("ee-cert-ec-named-named", "sslserver", ["root-cert"],
304 ["ca-cert-ec-named"], "-x509_strict"),
312 ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"], "-verify_depth", "2"),
314 ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"], "-verify_depth", "1"),
316 ok(!verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"], "-verify_depth", "0"),
318 ok(verify("ee-cert", "sslserver", ["ca-cert
323 ok(verify("alt1-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ),
326 ok(verify("alt2-cert", "sslserver", ["root-cert"], ["ncca2-cert"], ),
329 ok(verify("alt3-cert", "sslserver", ["root-cert"], ["ncca1-cert", "ncca3-cert"], ),
332 ok(verify("goodcn1-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ),
335 ok(!verify("badcn1-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ),
338 ok(!verify("badalt1-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ),
341 ok(!verify("badalt2-cert", "sslserver", ["root-cert"], ["ncca2-cert"], ),
344 ok(!verify("badalt3-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ),
347 ok(!verify("badalt4-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ),
350 ok(!verify("badalt5-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ),
353 ok(!verify("badalt6-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ),
356 ok(!verify("badalt7-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ),
359 ok(!verify("badalt8-cert", "sslserver", ["root-cert"], ["ncca1-cert", "ncca3-cert"], ),
362 ok(!verify("badalt9-cert", "sslserver", ["root-cert"], ["ncca1-cert", "ncca3-cert"], ),
365 ok(!verify("badalt10-cert", "sslserver", ["root-cert"], ["ncca1-cert", "ncca3-cert"], ),
368 ok(verify("ee-pss-sha1-cert", "sslserver", ["root-cert"], ["ca-cert"], ),
371 ok(verify("ee-pss-sha256-cert", "sslserver", ["root-cert"], ["ca-cert"], ),
374 ok(!verify("ee-pss-sha1-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
377 ok(verify("ee-pss-sha256-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
380 ok(verify("ee-pss-cert", "sslserver", ["root-cert"], ["ca-pss-cert"], ),
396 ok(verify("root-cert-rsa2", "sslserver", ["root-cert-rsa2"], [], "-check_ss_sig"),
401 "accept trusted self-signed EE cert excluding key usage keyCertSign");
Indexes created Sat Feb 28 05:31:39 UTC 2026