Chiebot-Mirror
/
boringssl
mirror of https://gitee.com/mirrors/boringssl.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity
Mirror of BoringSSL (grpc依赖) https://boringssl.googlesource.com/boringssl
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2134 Commits
59 Branches
16 Tags
480 MiB
 
 
 
 
 
 
Tag: Branch: Tree: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
boringssl/pki/testdata/verify_certificate_chain_un.../README

3.0 KiB
Raw Permalink Blame History 

This directory contains test data for verifying certificate chains.

Tests are grouped into directories that contain the keys, python to generate
chains, and test expectations. "DIR" is used as a generic placeholder below to
identify such a directory.

===============================
DIR/generate-chains.py
===============================

Python script that generates one or more ".pem" file containing a sequence of
CERTIFICATE blocks. In most cases it will generate a single chain called
"chain.pem".

===============================
DIR/keys/*.key
===============================

The keys used (as well as generated) by the .py file generate-chains.py. The
private keys shouldn't be needed to run the tests, however are useful when
re-generating the test data to have stable results (at least for signature
types which are deterministic, like RSASSA PKCS#1 which is used by most of the
certificates data).

===============================
DIR/*.pem
===============================

A sequence of CERTIFICATE blocks that was created by the generate-chains.py
script. (Although in a few cases there are manually created .pem files that
lack a generator script).

===============================
DIR/*.test
===============================

A sequence of key-value pairs that identify the inputs to certificate
verification, as well as the expected outputs. The format is essentially a
newline separated sequence of key/value pairs:

key: value\n

All keys must be specified by tests, although they can be in any order.
The possible keys are:

  "chain" - The value is a file path (relative to the test file) to a .pem
      containing the CERTIFICATE chain.

  "last_cert_trust" - The value identifies the trustedness of the last
      certificate in the chain (i.e. whether it is a trust anchor or not). This
      maps to the CertificateTrustType enum. Possible values are:
          "TRUSTED_ANCHOR"
          "TRUSTED_ANCHOR_WITH_EXPIRATION"
          "TRUSTED_ANCHOR_WITH_CONSTRAINTS"
          "UNSPECIFIED"
          "DISTRUSTED"

  "utc_time" - A string encoding for the generalized time at which verification
      should be done. Example "150302120000Z"

  "key_purpose" - The expected EKU to use when verifying. Maps to
      KeyPurpose enum. Possible values are:
      "ANY_EKU"
      "SERVER_AUTH"
      "CLIENT_AUTH"

  "errors" - This has special parsing rules: it is interpreted as the
      final key in the file. All lines after "errors:\n" are read as being the
      error string (this allows embedding newlines in it).

Additionally, it is possible to add python-style comments by starting a line
with "#".

===============================
pkits_errors/*.txt
===============================

These files contain the expected errors for PKITS tests
(third_party/nist-pkits). The file name correspond so the PKITS tests number.
They are baselined specifically for VerifyCertificateChain().

===============================
generate-all.sh
===============================

Runs all of the generate-chains.py scripts and cleans up the temp files
afterwards.