wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openssl/test/certs
History
Viktor Dukhovni fbb82a60dc Move peer chain security checks into x509_vfy.c 
A new X509_VERIFY_PARAM_set_auth_level() function sets the
authentication security level.  For verification of SSL peers, this
is automatically set from the SSL security level.  Otherwise, for
now, the authentication security level remains at (effectively) 0
by default.

The new "-auth_level" verify(1) option is available in all the
command-line tools that support the standard verify(1) options.

New verify(1) tests added to check enforcement of chain signature
and public key security levels.  Also added new tests of enforcement
of the verify_depth limit.

Updated documentation.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-04-03 11:35:35 -04:00
..
bad.key Add test for CVE-2015-1793 2015-07-07 21:57:11 +01:00
bad.pem Add test for CVE-2015-1793 2015-07-07 21:57:11 +01:00
ca+anyEKU.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
ca+clientAuth.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
ca+serverAuth.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
ca-anyEKU.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
ca-cert-768.pem Move peer chain security checks into x509_vfy.c 2016-04-03 11:35:35 -04:00
ca-cert-768i.pem Move peer chain security checks into x509_vfy.c 2016-04-03 11:35:35 -04:00
ca-cert-md5-any.pem Move peer chain security checks into x509_vfy.c 2016-04-03 11:35:35 -04:00
ca-cert-md5.pem Move peer chain security checks into x509_vfy.c 2016-04-03 11:35:35 -04:00
ca-cert.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
ca-cert2.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
ca-clientAuth.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
ca-expired.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
ca-key-768.pem Move peer chain security checks into x509_vfy.c 2016-04-03 11:35:35 -04:00
ca-key.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
ca-key2.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
ca-name2.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
ca-nonbc.pem Require intermediate CAs to have basicConstraints CA:true. 2016-03-29 20:54:34 -04:00
ca-nonca.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
ca-root2.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
ca-serverAuth.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
cca+anyEKU.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
cca+clientAuth.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
cca+serverAuth.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
cca-anyEKU.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
cca-cert.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
cca-clientAuth.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
cca-serverAuth.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
croot+anyEKU.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
croot+clientAuth.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
croot+serverAuth.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
croot-anyEKU.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
croot-cert.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
croot-clientAuth.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
croot-serverAuth.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
ee+clientAuth.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
ee+serverAuth.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
ee-cert-768.pem Move peer chain security checks into x509_vfy.c 2016-04-03 11:35:35 -04:00
ee-cert-768i.pem Move peer chain security checks into x509_vfy.c 2016-04-03 11:35:35 -04:00
ee-cert-md5.pem Move peer chain security checks into x509_vfy.c 2016-04-03 11:35:35 -04:00
ee-cert.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
ee-cert2.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
ee-client.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
ee-clientAuth.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
ee-expired.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
ee-key-768.pem Move peer chain security checks into x509_vfy.c 2016-04-03 11:35:35 -04:00
ee-key.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
ee-name2.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
ee-serverAuth.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
embeddedSCTs1.pem Tests for parsing and printing certificates containing SCTs 2016-02-25 13:59:11 -05:00
embeddedSCTs1.sct Tests for parsing and printing certificates containing SCTs 2016-02-25 13:59:11 -05:00
embeddedSCTs1_issuer.pem CT policy validation 2016-03-01 20:03:25 +00:00
embeddedSCTs3.pem Tests for parsing and printing certificates containing SCTs 2016-02-25 13:59:11 -05:00
embeddedSCTs3.sct Tests for parsing and printing certificates containing SCTs 2016-02-25 13:59:11 -05:00
embeddedSCTs3_issuer.pem CT policy validation 2016-03-01 20:03:25 +00:00
interCA.key Add test for CVE-2015-1793 2015-07-07 21:57:11 +01:00
interCA.pem Add test for CVE-2015-1793 2015-07-07 21:57:11 +01:00
leaf.key Add test for CVE-2015-1793 2015-07-07 21:57:11 +01:00
leaf.pem Add test for CVE-2015-1793 2015-07-07 21:57:11 +01:00
mkcert.sh Move peer chain security checks into x509_vfy.c 2016-04-03 11:35:35 -04:00
nca+anyEKU.pem Add tests for non-ca trusted roots and intermediates 2016-01-31 21:24:16 -05:00
nca+serverAuth.pem Add tests for non-ca trusted roots and intermediates 2016-01-31 21:24:16 -05:00
nroot+anyEKU.pem Add tests for non-ca trusted roots and intermediates 2016-01-31 21:24:16 -05:00
nroot+serverAuth.pem Add tests for non-ca trusted roots and intermediates 2016-01-31 21:24:16 -05:00
root+anyEKU.pem Check chain extensions also for trusted certificates 2016-01-31 21:23:23 -05:00
root+clientAuth.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
root+serverAuth.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
root-anyEKU.pem Check chain extensions also for trusted certificates 2016-01-31 21:23:23 -05:00
root-cert-768.pem Move peer chain security checks into x509_vfy.c 2016-04-03 11:35:35 -04:00
root-cert-md5.pem Move peer chain security checks into x509_vfy.c 2016-04-03 11:35:35 -04:00
root-cert.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
root-cert2.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
root-clientAuth.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
root-key-768.pem Move peer chain security checks into x509_vfy.c 2016-04-03 11:35:35 -04:00
root-key.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
root-key2.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
root-name2.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
root-nonca.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
root-noserver.pem More X509_verify_cert() tests via verify(1). 2016-01-20 19:04:11 -05:00
root-serverAuth.pem Commit pre-generated test_verify certs 2016-01-20 19:03:14 -05:00
root2+clientAuth.pem Check chain extensions also for trusted certificates 2016-01-31 21:23:23 -05:00
root2+serverAuth.pem Check chain extensions also for trusted certificates 2016-01-31 21:23:23 -05:00
root2-serverAuth.pem Check chain extensions also for trusted certificates 2016-01-31 21:23:23 -05:00
rootCA.key Add test for CVE-2015-1793 2015-07-07 21:57:11 +01:00
rootCA.pem Add test for CVE-2015-1793 2015-07-07 21:57:11 +01:00
rootcert.pem More X509_verify_cert() tests via verify(1). 2016-01-20 19:04:11 -05:00
rootkey.pem More X509_verify_cert() tests via verify(1). 2016-01-20 19:04:11 -05:00
roots.pem Add test for CVE-2015-1793 2015-07-07 21:57:11 +01:00
sca+anyEKU.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
sca+clientAuth.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
sca+serverAuth.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
sca-anyEKU.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
sca-cert.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
sca-clientAuth.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
sca-serverAuth.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
server-trusted.pem More X509_verify_cert() tests via verify(1). 2016-01-20 19:04:11 -05:00
servercert.pem More X509_verify_cert() tests via verify(1). 2016-01-20 19:04:11 -05:00
serverkey.pem More X509_verify_cert() tests via verify(1). 2016-01-20 19:04:11 -05:00
setup.sh Move peer chain security checks into x509_vfy.c 2016-04-03 11:35:35 -04:00
sroot+anyEKU.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
sroot+clientAuth.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
sroot+serverAuth.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
sroot-anyEKU.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
sroot-cert.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
sroot-clientAuth.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
sroot-serverAuth.pem Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
subinterCA-ss.pem Add test for CVE-2015-1793 2015-07-07 21:57:11 +01:00
subinterCA.key Add test for CVE-2015-1793 2015-07-07 21:57:11 +01:00
subinterCA.pem Add test for CVE-2015-1793 2015-07-07 21:57:11 +01:00
untrusted.pem Add test for CVE-2015-1793 2015-07-07 21:57:11 +01:00
wrongcert.pem More X509_verify_cert() tests via verify(1). 2016-01-20 19:04:11 -05:00
wrongkey.pem More X509_verify_cert() tests via verify(1). 2016-01-20 19:04:11 -05:00