# # certcrl script to test detection of CSSMERR_APPLETP_SSL_BAD_EXT_KEY_USE error # Run from sslScripts dirtectory after running makeLocalCert. # globals allowUnverified = true crlNetFetchEnable = false certNetFetchEnable = false useSystemAnchors = false end ################################################### test = "Server cert, evaluate as server, expect success" cert = localcert.cer root = localcert.cer leafCertIsCA = true sslClient = false end ################################################### test = "Server cert, evaluate as client, expect failure" cert = localcert.cer root = localcert.cer leafCertIsCA = true sslClient = true error = CSSMERR_TP_VERIFY_ACTION_FAILED certerror = 0:CSSMERR_APPLETP_SSL_BAD_EXT_KEY_USE end ################################################### test = "Client cert, evaluate as client, expect success" cert = clientcert.cer root = clientcert.cer leafCertIsCA = true sslClient = true end ################################################### test = "Client cert, evaluate as server, expect failure" cert = clientcert.cer root = clientcert.cer leafCertIsCA = true sslClient = false error = CSSMERR_TP_VERIFY_ACTION_FAILED certerror = 0:CSSMERR_APPLETP_SSL_BAD_EXT_KEY_USE end ###################################################