mbedtls

mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-10-24 15:58:20 +00:00

History

Manuel Pégourié-Gonnard 8b4331aa56 Add test case for root with max_pathlen=0 This was already working but not tested so far (Test case from previous commit still failing.) Test certificates generated with: programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert91.key programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert92.key programs/x509/cert_write serial=91 output_file=cert91.crt is_ca=1 \ issuer_key=cert91.key issuer_name="CN=Root 9,O=mbed TLS,C=UK" \ selfsign=1 max_pathlen=0 programs/x509/cert_write serial=92 output_file=cert92.crt \ issuer_key=cert91.key issuer_name="CN=Root 9,O=mbed TLS,C=UK" \ subject_key=cert92.key subject_name="CN=EE 92,O=mbed TLS,C=UK" mv cert9?.crt tests/data_files/dir4 rm cert9?.key		2015-11-19 11:10:33 +01:00
..
cert11.crt	Added test case for pathlen constrains in intermediate certificates	2015-10-11 10:39:15 +02:00
cert12.crt	Added test case for pathlen constrains in intermediate certificates	2015-10-11 10:39:15 +02:00
cert13.crt	Added test case for pathlen constrains in intermediate certificates	2015-10-11 10:39:15 +02:00
cert14.crt	Added test case for pathlen constrains in intermediate certificates	2015-10-11 10:39:15 +02:00
cert21.crt	Additional corner cases for testing pathlen constrains. Just in case.	2015-10-11 16:17:27 +02:00
cert22.crt	Additional corner cases for testing pathlen constrains. Just in case.	2015-10-11 16:17:27 +02:00
cert23.crt	Additional corner cases for testing pathlen constrains. Just in case.	2015-10-11 16:17:27 +02:00
cert31.crt	Additional corner cases for testing pathlen constrains. Just in case.	2015-10-11 16:17:27 +02:00
cert32.crt	Additional corner cases for testing pathlen constrains. Just in case.	2015-10-11 16:17:27 +02:00
cert33.crt	Additional corner cases for testing pathlen constrains. Just in case.	2015-10-11 16:17:27 +02:00
cert34.crt	Additional corner cases for testing pathlen constrains. Just in case.	2015-10-11 16:17:27 +02:00
cert41.crt	Additional corner cases for testing pathlen constrains. Just in case.	2015-10-11 16:17:27 +02:00
cert42.crt	Additional corner cases for testing pathlen constrains. Just in case.	2015-10-11 16:17:27 +02:00
cert43.crt	Additional corner cases for testing pathlen constrains. Just in case.	2015-10-11 16:17:27 +02:00
cert44.crt	Additional corner cases for testing pathlen constrains. Just in case.	2015-10-11 16:17:27 +02:00
cert45.crt	Additional corner cases for testing pathlen constrains. Just in case.	2015-10-11 16:17:27 +02:00
cert51.crt	Additional corner cases for testing pathlen constrains. Just in case.	2015-10-11 16:17:27 +02:00
cert52.crt	Additional corner cases for testing pathlen constrains. Just in case.	2015-10-11 16:17:27 +02:00
cert53.crt	Additional corner cases for testing pathlen constrains. Just in case.	2015-10-11 16:17:27 +02:00
cert54.crt	Additional corner cases for testing pathlen constrains. Just in case.	2015-10-11 16:17:27 +02:00
cert61.crt	Additional corner cases for testing pathlen constrains. Just in case.	2015-10-11 16:17:27 +02:00
cert62.crt	Additional corner cases for testing pathlen constrains. Just in case.	2015-10-11 16:17:27 +02:00
cert63.crt	Additional corner cases for testing pathlen constrains. Just in case.	2015-10-11 16:17:27 +02:00
cert71.crt	Additional corner cases for testing pathlen constrains. Just in case.	2015-10-11 16:17:27 +02:00
cert72.crt	Additional corner cases for testing pathlen constrains. Just in case.	2015-10-11 16:17:27 +02:00
cert73.crt	Additional corner cases for testing pathlen constrains. Just in case.	2015-10-11 16:17:27 +02:00
cert74.crt	Additional corner cases for testing pathlen constrains. Just in case.	2015-10-11 16:17:27 +02:00
cert81.crt	Add test case for first intermediate max_pathlen=0	2015-11-19 10:56:30 +01:00
cert82.crt	Add test case for first intermediate max_pathlen=0	2015-11-19 10:56:30 +01:00
cert83.crt	Add test case for first intermediate max_pathlen=0	2015-11-19 10:56:30 +01:00
cert91.crt	Add test case for root with max_pathlen=0	2015-11-19 11:10:33 +01:00
cert92.crt	Add test case for root with max_pathlen=0	2015-11-19 11:10:33 +01:00
Readme	Add test case for root with max_pathlen=0	2015-11-19 11:10:33 +01:00

Readme

This directory contains the certificates for the tests targeting the enforcement of the policy indicated by the *pathLenConstraint* field. All leaf elements were generated with *is_ca* unset and all roots with the *selfsign=1* option. 

1. zero pathlen constraint on an intermediate CA (invalid)
```
cert11.crt -> cert12.crt (max_pathlen=0) -> cert13.crt -> cert14.crt
```

2. zero pathlen constraint on the root CA (invalid)
```
cert21.crt (max_pathlen=0) -> cert22.crt -> cert23.crt
```

3. nonzero pathlen constraint on the root CA (invalid)
```
cert31.crt (max_pathlen=1) -> cert32.crt -> cert33.crt -> cert34.crt
```

4. nonzero pathlen constraint on an intermediate CA (invalid)
```
cert41.crt -> cert42.crt (max_pathlen=1) -> cert43.crt -> cert44.crt -> cert45.crt 
```

5. nonzero pathlen constraint on an intermediate CA with maximum number of elements in the chain (valid)
```
cert51.crt -> cert52.crt (max_pathlen=1) -> cert53.crt -> cert54.crt
```

6. nonzero pathlen constraint on the root CA with maximum number of elements in the chain (valid)
```
cert61.crt (max_pathlen=1) -> cert62.crt -> cert63.crt
```

7. pathlen constraint on the root CA with maximum number of elements and a self signed certificate in the chain (valid) 
(This situation happens for example when a root of some hierarchy gets integrated into another hierarchy. In this case the certificates issued before the integration will have an intermadiate self signed certificate in their chain)
```
cert71.crt (max_pathlen=1) -> cert72.crt -> cert73.crt (self signed) -> cert74.crt -> cert74.crt
```

8. zero pathlen constraint on first intermediate CA (valid)
```
cert81.crt -> cert82.crt (max_pathlen=0) -> cert83.crt
```

9. zero pathlen constraint on trusted root (valid)
```
cert91.crt (max_pathlen=0) -> cert92.crt
```