1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
|
This directory contains tools for building certificate chains to
test verification. Each subdirectory contains a set of certificates
that test a particular scenario. The root certificate(s) are contained
in a roots.pem file, while the leaf certificate and any untrusted
intermediate certificates are contained in a bundle.pem file.
1a. A leaf certificate signed by the root certificate with no
intermediates (should verify).
2a. A leaf certificate signed by an intermediate, which is signed
by a root certificate (should verify).
2b. Same as (2a), however the intermediate is missing which should
prevent verification.
3a. A leaf certificate signed by three intermediates, the last of
which is signed by a root certificate (should verify).
3b. Same as (3a) however the first intermediate is missing which should
prevent verification.
3c. Same as (3a) however the second intermediate is missing which should
prevent verification.
3d. Same as (3a) however the third intermediate is missing which should
prevent verification.
3e. Same as (3a) however the order of the intermediates is reversed
(should verify).
4a. A leaf certificate signed by an intermediate, that is cross
signed by two root certificates (should verify with two chains).
4b. Same as (4a) but with one root missing (should verify with one chain).
4c. Same as (4b) but with the other root missing (should verify with one
chain).
4d. Same as (4a) but with one intermediate missing (should verify with one
chain).
4e. Same as (4d) but with the other intermediate missing (should verify
with one chain).
4f. Same as (4a) but with the intermediates reversed (should verify with
two chains).
4g. Same as (4b) but with the intermediates reversed (should verify with
one chain).
4h. Same as (4c) but with the intermediates reversed (should verify with
one chain).
5a. A leaf certificate signed by an intermediate, that is cross
signed by one root certificate and an intermediate, which in turn
is signed by a second root (should verify with two chains).
5b. Same as (5a) but missing the first root certificate (should verify
with one chain).
5c. Same as (5a) but missing the second root certificate (should verify
with one chain).
5d. Same as (5a) but missing the first intermediate (should verify with
one chain).
5e. Same as (5a) but missing the second intermediate (should verify
with one chain).
5f. Same as (5a) but missing the cross-signed intermediate (should verify
with one chain).
5g. Same as (5a) but order of intermediates is reversed (should verify
with two chains).
5h. Same as (5g) but missing the first root certificate (should verify
with two chains).
5i. Same as (5g) but missing the second root certificate (should verify
with two chains).
6a. A leaf certificate signed by an intermediate, that is cross
signed by an expired root certificate and an intermediate, which
in turn is signed by a second root (should verify with one chain).
6b. Same as (6a) but the order of the intermediates is reversed (should
verify with one chain).
7a. A leaf certificate signed by an intermediate, that is cross
signed by a root certificate and an intermediate, which in turn
is signed by a second root that has expired (should verify with one
chain).
7b. Same as (7a) but the order of the intermediates is reversed (should
verify with one chain).
8a. An expired leaf certificate signed by an intermediate that is then
signed by a root certificate (should fail to verify).
9a. A leaf certificate signed by an expired intermediate, which is
signed by a root certificate (should fail to verify).
10a. A leaf certificate signed by an intermediate, that is cross
signed by two root certificates, with one of the cross signings
having expired (should verify with one chain).
10b. Same as (10a) but order of intermediates is reversed (should verify
with one chain.
11a. A leaf certificate signed by an intermediate, that is cross
signed by one root certificate and an expired intermediate, which
in turn is signed by a second root (should verify with one chain).
11b. Same as (11a) but order of intermediates is reversed (should verify
with one chain.
12a. A leaf certificate signed by an intermediate, that is signed by a
root certificate and cross signed as an expired intermediate, by a
second root (should verify with one chain).
13a. A leaf certificate signed by an intermediate, that is signed by an
expired root certificate and cross signed as an intermediate, by a
second root (should verify with one chain).
|
