# # test handling of expired Apple development CA certs, Radar 3622125. # globals allowUnverified = true crlNetFetchEnable = false certNetFetchEnable = false useSystemAnchors = false end # # Original Dev CA expires Sep 7, 2007 # New Dev CA expires Dec 31, 2008 # leaf cert expires Oct 13, 2006 # # After initial sanity checks, we evaluate at a time after the # original CA expired and before the new CA expires; we assume # that the leaf is expired in all cases. # test = "No CA input certs, both CAs in DlDb" cert = dmitchtread.cer root = AppleDevRoot.pem certDb = appleDevCAs.keychain verifyTime = 20071201000000 error = CSSMERR_TP_CERT_EXPIRED # leaf expired # IS_IN_INPUT_CERTS | EXPIRED certstatus = 0:0x05 # !IS_IN_INPUT_CERTS, !EXPIRED certstatus = 1:0x0 # IS_IN_ANCHORS IS_ROOT certstatus = 2:0x18 end