# # Test for NISCC Parasitic key bearing certs. # This version should only succeed if both system-wide key size prefs are # set to > 16K (RSAMaxKeySize, RSAMaxPublicExponent in com.apple.crypto). # # The easy way to set these is via the cspxutils/keySizePref program; compile it and # run it like this as root: # # # keySizePref set keysize 20000 # keySizePref set pubexpsize 20000 # globals allowUnverified = true crlNetFetchEnable = false certNetFetchEnable = false useSystemAnchors = false end test = "locally generated 6K keys" cert = ssSubjCert.der root = ssRootCert.der verifyTime = 20060726000000 end test = "test1, uee8k" cert = uee8k.pem cert = shintca.pem root = shroot.pem verifyTime = 20060726000000 end test = "test1, uee16k.pem" cert = uee16k.pem cert = shintca.pem root = shroot.pem verifyTime = 20060726000000 end test = "test2a, huge pkint8k.pem CA" cert = eepkint1.pem cert = pkint8k.pem root = shroot.pem verifyTime = 20060726000000 end test = "test2a, bad pkint8k.pem CA, wrong root" cert = eepkint1.pem cert = pkint8k.pem root = root.pem error = CSSMERR_TP_NOT_TRUSTED verifyTime = 20060726000000 end test = "test2b, huge pkint16k.pem CA" cert = eepkint2.pem cert = pkint16k.pem root = shroot.pem verifyTime = 20060726000000 end test = "test2b, bad pkint16k.pem CA, wrong root" cert = eepkint2.pem cert = pkint16k.pem root = root.pem error = CSSMERR_TP_NOT_TRUSTED verifyTime = 20060726000000 end