xref: /openbsd-src/regress/lib/libcrypto/certs/README (revision 6f4c0c98aa6e346875622c54a6b14e72c10cad7c) 
1This directory contains tools for building certificate chains to
2test verification. Each subdirectory contains a set of certificates
3that test a particular scenario. The root certificate(s) are contained
4in a roots.pem file, while the leaf certificate and any untrusted
5intermediate certificates are contained in a bundle.pem file.
6
7 1a. A leaf certificate signed by the root certificate with no
8     intermediates (should verify).
9
10 2a. A leaf certificate signed by an intermediate, which is signed
11     by a root certificate (should verify).
12
13 2b. Same as (2a), however the intermediate is missing which should
14     prevent verification.
15
16 2c. Same as (2a), however the intermediate and root are in the intermediate
17     bundle, (should verify)
18
19 3a. A leaf certificate signed by three intermediates, the last of
20     which is signed by a root certificate (should verify).
21
22 3b. Same as (3a) however the first intermediate is missing which should
23     prevent verification.
24
25 3c. Same as (3a) however the second intermediate is missing which should
26     prevent verification.
27
28 3d. Same as (3a) however the third intermediate is missing which should
29     prevent verification.
30
31 3e. Same as (3a) however the order of the intermediates is reversed
32     (should verify).
33
34 4a. A leaf certificate signed by an intermediate, that is cross
35     signed by two root certificates (should verify with two chains).
36
37 4b. Same as (4a) but with one root missing (should verify with one chain).
38
39 4c. Same as (4b) but with the other root missing (should verify with one
40     chain).
41
42 4d. Same as (4a) but with one intermediate missing (should verify with one
43     chain).
44
45 4e. Same as (4d) but with the other intermediate missing (should verify
46     with one chain).
47
48 4f. Same as (4a) but with the intermediates reversed (should verify with
49     two chains).
50
51 4g. Same as (4b) but with the intermediates reversed (should verify with
52     one chain).
53
54 4h. Same as (4c) but with the intermediates reversed (should verify with
55     one chain).
56
57 5a. A leaf certificate signed by an intermediate, that is cross
58     signed by one root certificate and an intermediate, which in turn
59     is signed by a second root (should verify with two chains).
60
61 5b. Same as (5a) but missing the first root certificate (should verify
62     with one chain).
63
64 5c. Same as (5a) but missing the second root certificate (should verify
65     with one chain).
66
67 5d. Same as (5a) but missing the first intermediate (should verify with
68     one chain).
69
70 5e. Same as (5a) but missing the second intermediate (should verify
71     with one chain).
72
73 5f. Same as (5a) but missing the cross-signed intermediate (should verify
74     with one chain).
75
76 5g. Same as (5a) but order of intermediates is reversed (should verify
77     with two chains).
78
79 5h. Same as (5g) but missing the first root certificate (should verify
80     with two chains).
81
82 5i. Same as (5g) but missing the second root certificate (should verify
83     with two chains).
84
85 6a. A leaf certificate signed by an intermediate, that is cross
86     signed by an expired root certificate and an intermediate, which
87     in turn is signed by a second root (should verify with one chain).
88
89 6b. Same as (6a) but the order of the intermediates is reversed (should
90     verify with one chain).
91
92 7a. A leaf certificate signed by an intermediate, that is cross
93     signed by a root certificate and an intermediate, which in turn
94     is signed by a second root that has expired (should verify with one
95     chain).
96
97 7b. Same as (7a) but the order of the intermediates is reversed (should
98     verify with one chain).
99
100 8a. An expired leaf certificate signed by an intermediate that is then
101     signed by a root certificate (should fail to verify).
102
103 9a. A leaf certificate signed by an expired intermediate, which is
104     signed by a root certificate (should fail to verify).
105
10610a. A leaf certificate signed by an intermediate, that is cross
107     signed by two root certificates, with one of the cross signings
108     having expired (should verify with one chain).
109
11010b. Same as (10a) but order of intermediates is reversed (should verify
111     with one chain.
112
11311a. A leaf certificate signed by an intermediate, that is cross
114     signed by one root certificate and an expired intermediate, which
115     in turn is signed by a second root (should verify with one chain).
116
11711b. Same as (11a) but order of intermediates is reversed (should verify
118     with one chain.
119
12012a. A leaf certificate signed by an intermediate, that is signed by a
121     root certificate and cross signed as an expired intermediate, by a
122     second root (should verify with one chain).
123
12413a. A leaf certificate signed by an intermediate, that is signed by an
125     expired root certificate and cross signed as an intermediate, by a
126     second root (should verify with one chain).
127