# crl1.der
# Last Update: Oct 16 00:16:34 2015 GMT
# Next Update: Oct 26 00:16:34 2015 GMT
# CRL extensions:
# X509v3 Issuing Distrubution Point: critical
# Full Name:
# URI:http://host.example/crl1.der
# crl2.der
# Last Update: Oct 16 18:28:58 2015 GMT
# Next Update: Oct 26 18:28:58 2015 GMT
# CRL extensions:
# X509v3 Issuing Distrubution Point: critical
# Full Name:
# URI:http://host.example/crl1.der
# URI:http://host2.example/crl1.der
#
# crl3.der
# Last Update: Oct 16 18:44:28 2015 GMT
# Next Update: Oct 26 18:44:28 2015 GMT
# CRL extensions:
# X509v3 Issuing Distrubution Point: critical
# Full Name:
# URI:http://host.example/crl1.der
# URI:http://host2.example/crl2.crl
#
# crl4.der
# Last Update: Oct 16 18:56:17 2015 GMT
# Next Update: Oct 26 18:56:17 2015 GMT
# CRL extensions:
# X509v3 Issuing Distrubution Point: critical
# Relative Name:
# CN = testCA
#
# DEADBEF0.der
# Not Before: Jul 30 21:40:16 2015 GMT
# Not After : Jul 29 21:40:16 2016 GMT
# {no crlDistributionPoint extension}
#
# DEADBEF4.der
# Not Before: Oct 16 00:33:43 2015 GMT
# Not After : Oct 15 00:33:43 2016 GMT
# X509v3 CRL Distribution Points:
# {corrupt}
#
# DEADBEF5.der
# Not Before: Oct 16 18:27:29 2015 GMT
# Not After : Oct 15 18:27:29 2016 GMT
# X509v3 CRL Distribution Points:
# Full Name:
# URI:http://host.example/crl1.der
# Full Name:
# URI:http://host2.example/crl1.der
#
# DEADBEF6.der
# Not Before: Oct 16 18:33:51 2015 GMT
# Not After : Oct 15 18:33:51 2016 GMT
# X509v3 CRL Distribution Points:
# Full Name:
# URI:http://host.example/crl1.der
#
# DEADBEF7.der
# Not Before: Oct 16 18:41:57 2015 GMT
# Not After : Oct 15 18:41:57 2016 GMT
# X509v3 CRL Distribution Points:
# Full Name:
# URI:http://host.example/crl1.der
# URI:http://host2.example/crl1.der
globals
certNetFetchEnable = false
crlNetFetchEnable = false
useSystemAnchors = false
allowUnverified = true
end
test = "basic, no CRL"
requireCrlForAll = false
cert = DEADBEF4.der
root = cacert.der
verifyTime = 20151020125959Z
end
#
# Begin CRL testing.
#
test = "Cert: 1 cRLDistributionPoint, CRL: 1 issuingDistributionPoint, matched"
requireCrlForAll = true
revokePolicy = crl
cert = DEADBEF6.der
root = cacert.der
crl = crl1.der
verifyTime = 20151020125959Z
end
test = "Cert: no cRLDistributionPoint, CRL: 1 issuingDistributionPoint"
requireCrlForAll = true
revokePolicy = crl
cert = DEADBEF0.der
root = cacert.der
crl = crl1.der
verifyTime = 20151020125959Z
end
test = "Cert: 2 crlDistributionPoints, CRL: 1 issuingDistributionPoint, match"
requireCrlForAll = true
revokePolicy = crl
cert = DEADBEF5.der
root = cacert.der
crl = crl1.der
verifyTime = 20151020125959Z
end
test = "Cert: 2 crlDistributionPoints, CRL: 2 issuingDistributionPoint names, no match"
requireCrlForAll = true
revokePolicy = crl
cert = DEADBEF5.der
root = cacert.der
crl = crl2.der
verifyTime = 20151020125959Z
error = CSSMERR_APPLETP_CRL_NOT_FOUND
end
test = "Cert: corrupt cRLDistributionPoint, CRL: 1 issuingDistributionPoint"
requireCrlForAll = true
revokePolicy = crl
cert = DEADBEF4.der
root = cacert.der
crl = crl1.der
verifyTime = 20151020125959Z
end
test = "Cert: 1 cRLDistributionPoint, CRL: 1 issuingDistributionPoint, mismatch type"
requireCrlForAll = true
revokePolicy = crl
cert = DEADBEF6.der
root = cacert.der
crl = crl4.der
verifyTime = 20151020125959Z
end
test = "Cert: 1 cRLDistributionPoint, CRL: 2 issuingDistributionPoint names, no match"
requireCrlForAll = true
revokePolicy = crl
cert = DEADBEF6.der
root = cacert.der
crl = crl2.der
verifyTime = 20151020125959Z
error = CSSMERR_APPLETP_CRL_NOT_FOUND
end
test = "Cert: 2 cRLDistributionPoint names, CRL: 1 issuingDistributionPoint, no match"
requireCrlForAll = true
revokePolicy = crl
cert = DEADBEF7.der
root = cacert.der
crl = crl1.der
verifyTime = 20151020125959Z
error = CSSMERR_APPLETP_CRL_NOT_FOUND
end
test = "Cert: 2 cRLDistributionPoint names, CRL: 2 issuingDistributionPoint names, match"
requireCrlForAll = true
revokePolicy = crl
cert = DEADBEF7.der
root = cacert.der
crl = crl2.der
verifyTime = 20151020125959Z
end
test = "Cert: 2 cRLDistributionPoint names, CRL: 2 issuingDistributionPoint names, no match"
requireCrlForAll = true
revokePolicy = crl
cert = DEADBEF7.der
root = cacert.der
crl = crl3.der
verifyTime = 20151020125959Z
error = CSSMERR_APPLETP_CRL_NOT_FOUND
end