# # Test for cross-signed cert detect, Radar 4566041 # WARNING this results in a hang when running with a Security.framework in which # 4566041 is not fixed. # globals allowUnverified = true crlNetFetchEnable = false certNetFetchEnable = false useSystemAnchors = false end test = "Plain in-memory cross signed detect" cert = SOA1-SOA2.pem cert = SOA2-SOA1.pem # specify verify time so this test will always be valid verifyTime = 20060601000000 leafCertIsCA = true error = CSSMERR_TP_NOT_TRUSTED # verify we got both certs - IS_IN_INPUT_CERTS certstatus = 1:0x4 end test = "verify with DB containing one cert" cert = SOA2-SOA1.pem certDb = crossSigned1.db # specify verify time so this test will always be valid verifyTime = 20060601000000 leafCertIsCA = true error = CSSMERR_TP_NOT_TRUSTED # verify we got both certs certstatus = 1:0 end test = "verify with DB containing both certs" cert = SOA2-SOA1.pem certDb = crossSignedBoth.db # specify verify time so this test will always be valid verifyTime = 20060601000000 leafCertIsCA = true error = CSSMERR_TP_NOT_TRUSTED # verify we got both certs certstatus = 1:0 end