Chiebot-Mirror
/
boringssl
mirror of https://gitee.com/mirrors/boringssl.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity
Mirror of BoringSSL (grpc依赖) https://boringssl.googlesource.com/boringssl
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2134 Commits
59 Branches
16 Tags
480 MiB
 
 
 
 
 
 
Tag: Branch: Tree: 12f0f4bec2
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '12f0f4bec2'
${ noResults }
boringssl/pki/testdata/verify_certificate_chain_un...
..
basic-constraints-pathlen-0-self-issued
expired-intermediate
expired-root
expired-target
incorrect-trust-anchor
intermediate-and-target-wrong-signature
intermediate-basic-constraints-ca-false
intermediate-basic-constraints-not-critical
intermediate-eku-any-and-clientauth
intermediate-eku-clientauth
intermediate-eku-server-gated-crypto
intermediate-invalid-spki
intermediate-lacks-basic-constraints
intermediate-lacks-signing-key-usage
intermediate-signed-with-sha1
intermediate-unknown-critical-extension
intermediate-unknown-non-critical-extension
intermediate-wrong-signature-no-authority-key-identifier
issuer-and-subject-not-byte-for-byte-equal
key-rollover
many-names
non-self-signed-root
pkits_errors
policies-inhibit-anypolicy-by-root-fail
policies-inhibit-anypolicy-by-root-ok
policies-inhibit-mapping-by-root-fail
policies-inhibit-mapping-by-root-ok
policies-ok
policies-on-root-ok
policies-on-root-wrong
policies-required-by-root-fail
policies-required-by-root-ok
policy-mappings-on-root-fail
policy-mappings-on-root-ok
root-basic-constraints-ca-false
root-eku-clientauth
root-lacks-basic-constraints
root-lacks-keycertsign-key-usage
target-and-intermediate
target-eku-any
target-eku-clientauth
target-eku-many
target-eku-none
target-has-512bit-rsa-key
target-has-ca-basic-constraints
target-has-keycertsign-but-not-ca
target-has-pathlen-but-not-ca
target-msapplicationpolicies-and-eku
target-msapplicationpolicies-no-eku
target-not-end-entity
target-only
target-selfissued
target-selfsigned
target-serverauth-various-keyusages
target-signed-by-512bit-rsa
target-signed-using-ecdsa
target-signed-with-sha1
target-unknown-critical-extension
target-wrong-signature
target-wrong-signature-no-authority-key-identifier
unknown-critical-policy-qualifier
unknown-non-critical-policy-qualifier
violates-basic-constraints-pathlen-0
violates-pathlen-1-from-root
README
generate-all.sh
rebase-errors.py

README 

This directory contains test data for verifying certificate chains.

Tests are grouped into directories that contain the keys, python to generate
chains, and test expectations. "DIR" is used as a generic placeholder below to
identify such a directory.

===============================
DIR/generate-chains.py
===============================

Python script that generates one or more ".pem" file containing a sequence of
CERTIFICATE blocks. In most cases it will generate a single chain called
"chain.pem".

===============================
DIR/keys/*.key
===============================

The keys used (as well as generated) by the .py file generate-chains.py. The
private keys shouldn't be needed to run the tests, however are useful when
re-generating the test data to have stable results (at least for signature
types which are deterministic, like RSASSA PKCS#1 which is used by most of the
certificates data).

===============================
DIR/*.pem
===============================

A sequence of CERTIFICATE blocks that was created by the generate-chains.py
script. (Although in a few cases there are manually created .pem files that
lack a generator script).

===============================
DIR/*.test
===============================

A sequence of key-value pairs that identify the inputs to certificate
verification, as well as the expected outputs. The format is essentially a
newline separated sequence of key/value pairs:

key: value\n

All keys must be specified by tests, although they can be in any order.
The possible keys are:

  "chain" - The value is a file path (relative to the test file) to a .pem
      containing the CERTIFICATE chain.

  "last_cert_trust" - The value identifies the trustedness of the last
      certificate in the chain (i.e. whether it is a trust anchor or not). This
      maps to the CertificateTrustType enum. Possible values are:
          "TRUSTED_ANCHOR"
          "TRUSTED_ANCHOR_WITH_EXPIRATION"
          "TRUSTED_ANCHOR_WITH_CONSTRAINTS"
          "UNSPECIFIED"
          "DISTRUSTED"

  "utc_time" - A string encoding for the generalized time at which verification
      should be done. Example "150302120000Z"

  "key_purpose" - The expected EKU to use when verifying. Maps to
      KeyPurpose enum. Possible values are:
      "ANY_EKU"
      "SERVER_AUTH"
      "CLIENT_AUTH"

  "errors" - This has special parsing rules: it is interpreted as the
      final key in the file. All lines after "errors:\n" are read as being the
      error string (this allows embedding newlines in it).

Additionally, it is possible to add python-style comments by starting a line
with "#".

===============================
pkits_errors/*.txt
===============================

These files contain the expected errors for PKITS tests
(third_party/nist-pkits). The file name correspond so the PKITS tests number.
They are baselined specifically for VerifyCertificateChain().

===============================
generate-all.sh
===============================

Runs all of the generate-chains.py scripts and cleans up the temp files
afterwards.