mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
Improve certificate chain construction.
Extend PKITS framework
This commit is contained in:
Werner Koch
parent
a75c21ed8a
commit
f13c5a48fc
8
NEWS
8
NEWS
@ -4,9 +4,13 @@ Noteworthy changes in version 2.0.9 (unreleased)
|
||||
* Gpgsm always tries to locate missing certificates from a running
|
||||
Dirmngr's cache.
|
||||
|
||||
* Minor bug fixes.
|
||||
* Tweaks for Windows.
|
||||
|
||||
* Tweaks for Windows
|
||||
* Improved certificate chain construction.
|
||||
|
||||
* Extended the PKITS framework.
|
||||
|
||||
* Minor bug fixes.
|
||||
|
||||
|
||||
Noteworthy changes in version 2.0.8 (2007-12-20)
|
||||
|
||||
@ -1412,10 +1412,10 @@ tools/Makefile
|
||||
doc/Makefile
|
||||
tests/Makefile
|
||||
tests/openpgp/Makefile
|
||||
tests/pkits/Makefile
|
||||
])
|
||||
AC_OUTPUT
|
||||
|
||||
#tests/pkits/Makefile
|
||||
|
||||
|
||||
|
||||
|
||||
@ -342,6 +342,9 @@ to connect to this one. Fallback to a pipe based server if this does
|
||||
not work. Under Windows this option is ignored because the system dirmngr is
|
||||
always used.
|
||||
|
||||
@item --disable-dirmngr
|
||||
Entirely disable the use of the Dirmngr.
|
||||
|
||||
@item --no-secmem-warning
|
||||
@opindex no-secmem-warning
|
||||
Don't print a warning when the so called "secure memory" can't be used.
|
||||
@ -673,6 +676,10 @@ Supply the passphrase @var{string} to the gpg-protect-tool. This
|
||||
option is only useful for the regression tests included with this
|
||||
package and may be revised or removed at any time without notice.
|
||||
|
||||
@item --no-common-certs-import
|
||||
@opindex no-common-certs-import
|
||||
Suppress the import of common certificates on keybox creation.
|
||||
|
||||
@end table
|
||||
|
||||
All the long options may also be given in the configuration file after
|
||||
|
||||
2
po/be.po
2
po/be.po
@ -6,7 +6,7 @@ msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: gnupg 1.2.2\n"
|
||||
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
|
||||
"POT-Creation-Date: 2008-02-15 10:28+0100\n"
|
||||
"POT-Creation-Date: 2008-02-15 10:39+0100\n"
|
||||
"PO-Revision-Date: 2003-10-30 16:35+0200\n"
|
||||
"Last-Translator: Ales Nyakhaychyk <nab@mail.by>\n"
|
||||
"Language-Team: Belarusian <i18n@mova.org>\n"
|
||||
|
||||
2
po/ca.po
2
po/ca.po
@ -27,7 +27,7 @@ msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: gnupg 1.4.0\n"
|
||||
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
|
||||
"POT-Creation-Date: 2008-02-15 10:28+0100\n"
|
||||
"POT-Creation-Date: 2008-02-15 10:39+0100\n"
|
||||
"PO-Revision-Date: 2005-02-04 02:04+0100\n"
|
||||
"Last-Translator: Jordi Mallach <jordi@gnu.org>\n"
|
||||
"Language-Team: Catalan <ca@dodds.net>\n"
|
||||
|
||||
2
po/cs.po
2
po/cs.po
@ -7,7 +7,7 @@ msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: gnupg-1.3.92\n"
|
||||
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
|
||||
"POT-Creation-Date: 2008-02-15 10:28+0100\n"
|
||||
"POT-Creation-Date: 2008-02-15 10:39+0100\n"
|
||||
"PO-Revision-Date: 2004-11-26 09:12+0200\n"
|
||||
"Last-Translator: Roman Pavlik <rp@tns.cz>\n"
|
||||
"Language-Team: Czech <translations.cs@gnupg.cz>\n"
|
||||
|
||||
2
po/da.po
2
po/da.po
@ -8,7 +8,7 @@ msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: gnupg 1.0.0h\n"
|
||||
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
|
||||
"POT-Creation-Date: 2008-02-15 10:28+0100\n"
|
||||
"POT-Creation-Date: 2008-02-15 10:39+0100\n"
|
||||
"PO-Revision-Date: 2003-12-03 16:11+0100\n"
|
||||
"Last-Translator: Birger Langkjer <birger.langkjer@image.dk>\n"
|
||||
"Language-Team: Danish <dansk@klid.dk>\n"
|
||||
|
||||
2
po/de.po
2
po/de.po
@ -9,7 +9,7 @@ msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: gnupg-2.0.6\n"
|
||||
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
|
||||
"POT-Creation-Date: 2008-02-15 10:28+0100\n"
|
||||
"POT-Creation-Date: 2008-02-15 10:39+0100\n"
|
||||
"PO-Revision-Date: 2008-02-15 10:36+0100\n"
|
||||
"Last-Translator: Walter Koch <koch@u32.de>\n"
|
||||
"Language-Team: German <de@li.org>\n"
|
||||
|
||||
2
po/el.po
2
po/el.po
@ -6,7 +6,7 @@ msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: gnupg-1.1.92\n"
|
||||
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
|
||||
"POT-Creation-Date: 2008-02-15 10:28+0100\n"
|
||||
"POT-Creation-Date: 2008-02-15 10:39+0100\n"
|
||||
"PO-Revision-Date: 2003-06-27 12:00+0200\n"
|
||||
"Last-Translator: Dokianakis Theofanis <madf@hellug.gr>\n"
|
||||
"Language-Team: Greek <nls@tux.hellug.gr>\n"
|
||||
|
||||
2
po/eo.po
2
po/eo.po
@ -6,7 +6,7 @@ msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: gnupg 1.0.6d\n"
|
||||
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
|
||||
"POT-Creation-Date: 2008-02-15 10:28+0100\n"
|
||||
"POT-Creation-Date: 2008-02-15 10:39+0100\n"
|
||||
"PO-Revision-Date: 2002-04-14 14:33+0100\n"
|
||||
"Last-Translator: Edmund GRIMLEY EVANS <edmundo@rano.org>\n"
|
||||
"Language-Team: Esperanto <translation-team-eo@lists.sourceforge.net>\n"
|
||||
|
||||
2
po/es.po
2
po/es.po
@ -10,7 +10,7 @@ msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: gnupg 1.4.1\n"
|
||||
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
|
||||
"POT-Creation-Date: 2008-02-15 10:28+0100\n"
|
||||
"POT-Creation-Date: 2008-02-15 10:39+0100\n"
|
||||
"PO-Revision-Date: 2007-08-16 11:35+0200\n"
|
||||
"Last-Translator: Jaime Suárez <jsuarez@ono.com>\n"
|
||||
"Language-Team: Spanish <es@li.org>\n"
|
||||
|
||||
2
po/et.po
2
po/et.po
@ -6,7 +6,7 @@ msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: gnupg 1.2.2\n"
|
||||
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
|
||||
"POT-Creation-Date: 2008-02-15 10:28+0100\n"
|
||||
"POT-Creation-Date: 2008-02-15 10:39+0100\n"
|
||||
"PO-Revision-Date: 2004-06-17 11:04+0300\n"
|
||||
"Last-Translator: Toomas Soome <Toomas.Soome@microlink.ee>\n"
|
||||
"Language-Team: Estonian <et@li.org>\n"
|
||||
|
||||
2
po/fi.po
2
po/fi.po
@ -22,7 +22,7 @@ msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: gnupg 1.2.2\n"
|
||||
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
|
||||
"POT-Creation-Date: 2008-02-15 10:28+0100\n"
|
||||
"POT-Creation-Date: 2008-02-15 10:39+0100\n"
|
||||
"PO-Revision-Date: 2004-06-16 22:40+0300\n"
|
||||
"Last-Translator: Tommi Vainikainen <Tommi.Vainikainen@iki.fi>\n"
|
||||
"Language-Team: Finnish <translation-team-fi@lists.sourceforge.net>\n"
|
||||
|
||||
2
po/fr.po
2
po/fr.po
@ -11,7 +11,7 @@ msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: gnupg 1.4.2rc2\n"
|
||||
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
|
||||
"POT-Creation-Date: 2008-02-15 10:28+0100\n"
|
||||
"POT-Creation-Date: 2008-02-15 10:39+0100\n"
|
||||
"PO-Revision-Date: 2005-06-28 00:24+0200\n"
|
||||
"Last-Translator: Gaël Quéri <gael@lautre.net>\n"
|
||||
"Language-Team: French <traduc@traduc.org>\n"
|
||||
|
||||
2
po/gl.po
2
po/gl.po
@ -6,7 +6,7 @@ msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: gnupg 1.2.4\n"
|
||||
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
|
||||
"POT-Creation-Date: 2008-02-15 10:28+0100\n"
|
||||
"POT-Creation-Date: 2008-02-15 10:39+0100\n"
|
||||
"PO-Revision-Date: 2003-12-04 11:39+0100\n"
|
||||
"Last-Translator: Jacobo Tarrio <jtarrio@trasno.net>\n"
|
||||
"Language-Team: Galician <gpul-traduccion@ceu.fi.udc.es>\n"
|
||||
|
||||
2
po/hu.po
2
po/hu.po
@ -6,7 +6,7 @@ msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: gnupg 1.2.5\n"
|
||||
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
|
||||
"POT-Creation-Date: 2008-02-15 10:28+0100\n"
|
||||
"POT-Creation-Date: 2008-02-15 10:39+0100\n"
|
||||
"PO-Revision-Date: 2004-06-19 21:53+0200\n"
|
||||
"Last-Translator: Nagy Ferenc László <nfl@nfllab.com>\n"
|
||||
"Language-Team: Hungarian <translation-team-hu@lists.sourceforge.net>\n"
|
||||
|
||||
2
po/id.po
2
po/id.po
@ -7,7 +7,7 @@ msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: gnupg-id\n"
|
||||
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
|
||||
"POT-Creation-Date: 2008-02-15 10:28+0100\n"
|
||||
"POT-Creation-Date: 2008-02-15 10:39+0100\n"
|
||||
"PO-Revision-Date: 2004-06-17 16:32+0700\n"
|
||||
"Last-Translator: Tedi Heriyanto <tedi_h@gmx.net>\n"
|
||||
"Language-Team: Indonesian <translation-team-id@lists.sourceforge.net>\n"
|
||||
|
||||
2
po/it.po
2
po/it.po
@ -6,7 +6,7 @@ msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: gnupg 1.1.92\n"
|
||||
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
|
||||
"POT-Creation-Date: 2008-02-15 10:28+0100\n"
|
||||
"POT-Creation-Date: 2008-02-15 10:39+0100\n"
|
||||
"PO-Revision-Date: 2004-06-16 17:01+0200\n"
|
||||
"Last-Translator: Marco d'Itri <md@linux.it>\n"
|
||||
"Language-Team: Italian <tp@lists.linux.it>\n"
|
||||
|
||||
2
po/ja.po
2
po/ja.po
@ -9,7 +9,7 @@ msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: gnupg 1.3.92\n"
|
||||
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
|
||||
"POT-Creation-Date: 2008-02-15 10:28+0100\n"
|
||||
"POT-Creation-Date: 2008-02-15 10:39+0100\n"
|
||||
"PO-Revision-Date: 2004-11-23 11:14+0900\n"
|
||||
"Last-Translator: IIDA Yosiaki <iida@gnu.org>\n"
|
||||
"Language-Team: Japanese <translation-team-ja@lists.sourceforge.net>\n"
|
||||
|
||||
2
po/nb.po
2
po/nb.po
@ -10,7 +10,7 @@ msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: gnupg 1.4.3\n"
|
||||
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
|
||||
"POT-Creation-Date: 2008-02-15 10:28+0100\n"
|
||||
"POT-Creation-Date: 2008-02-15 10:39+0100\n"
|
||||
"PO-Revision-Date: 2006-06-13 20:31+0200\n"
|
||||
"Last-Translator: Trond Endrestøl <Trond.Endrestol@fagskolen.gjovik.no>\n"
|
||||
"Language-Team: Norwegian Bokmål <i18n-nb@lister.ping.uio.no>\n"
|
||||
|
||||
2
po/pl.po
2
po/pl.po
@ -9,7 +9,7 @@ msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: gnupg-2.0.7\n"
|
||||
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
|
||||
"POT-Creation-Date: 2008-02-15 10:28+0100\n"
|
||||
"POT-Creation-Date: 2008-02-15 10:39+0100\n"
|
||||
"PO-Revision-Date: 2007-11-26 19:01+0100\n"
|
||||
"Last-Translator: Jakub Bogusz <qboosh@pld-linux.org>\n"
|
||||
"Language-Team: Polish <translation-team-pl@lists.sourceforge.net>\n"
|
||||
|
||||
2
po/pt.po
2
po/pt.po
@ -9,7 +9,7 @@ msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: gnupg\n"
|
||||
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
|
||||
"POT-Creation-Date: 2008-02-15 10:28+0100\n"
|
||||
"POT-Creation-Date: 2008-02-15 10:39+0100\n"
|
||||
"PO-Revision-Date: 2002-09-13 18:26+0100\n"
|
||||
"Last-Translator: Pedro Morais <morais@kde.org>\n"
|
||||
"Language-Team: pt <morais@kde.org>\n"
|
||||
|
||||
@ -13,7 +13,7 @@ msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: gnupg 1.0\n"
|
||||
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
|
||||
"POT-Creation-Date: 2008-02-15 10:28+0100\n"
|
||||
"POT-Creation-Date: 2008-02-15 10:39+0100\n"
|
||||
"PO-Revision-Date: 2007-08-16 11:35+0200\n"
|
||||
"Last-Translator:\n"
|
||||
"Language-Team: ?\n"
|
||||
|
||||
2
po/ro.po
2
po/ro.po
@ -9,7 +9,7 @@ msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: gnupg 1.4.2rc1\n"
|
||||
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
|
||||
"POT-Creation-Date: 2008-02-15 10:28+0100\n"
|
||||
"POT-Creation-Date: 2008-02-15 10:39+0100\n"
|
||||
"PO-Revision-Date: 2005-05-31 22:00-0500\n"
|
||||
"Last-Translator: Laurentiu Buzdugan <lbuz@rolix.org>\n"
|
||||
"Language-Team: Romanian <translation-team-ro@lists.sourceforge.net>\n"
|
||||
|
||||
2
po/ru.po
2
po/ru.po
@ -8,7 +8,7 @@ msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: GnuPG 2.0.0\n"
|
||||
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
|
||||
"POT-Creation-Date: 2008-02-15 10:28+0100\n"
|
||||
"POT-Creation-Date: 2008-02-15 10:39+0100\n"
|
||||
"PO-Revision-Date: 2006-11-07 19:31+0300\n"
|
||||
"Last-Translator: Maxim Britov <maxim.britov@gmail.com>\n"
|
||||
"Language-Team: Russian <gnupg-ru@gnupg.org>\n"
|
||||
|
||||
2
po/sk.po
2
po/sk.po
@ -5,7 +5,7 @@ msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: gnupg 1.2.5\n"
|
||||
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
|
||||
"POT-Creation-Date: 2008-02-15 10:28+0100\n"
|
||||
"POT-Creation-Date: 2008-02-15 10:39+0100\n"
|
||||
"PO-Revision-Date: 2004-07-20 15:52+0200\n"
|
||||
"Last-Translator: Michal Majer <mmajer@econ.umb.sk>\n"
|
||||
"Language-Team: Slovak <sk-i18n@lists.linux.sk>\n"
|
||||
|
||||
2
po/sv.po
2
po/sv.po
@ -24,7 +24,7 @@ msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: gnupg trunk\n"
|
||||
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
|
||||
"POT-Creation-Date: 2008-02-15 10:28+0100\n"
|
||||
"POT-Creation-Date: 2008-02-15 10:39+0100\n"
|
||||
"PO-Revision-Date: 2007-11-12 16:08+0100\n"
|
||||
"Last-Translator: Daniel Nylander <po@danielnylander.se>\n"
|
||||
"Language-Team: Swedish <tp-sv@listor.tp-sv.se>\n"
|
||||
|
||||
2
po/tr.po
2
po/tr.po
@ -6,7 +6,7 @@ msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: gnupg 1.9.94\n"
|
||||
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
|
||||
"POT-Creation-Date: 2008-02-15 10:28+0100\n"
|
||||
"POT-Creation-Date: 2008-02-15 10:39+0100\n"
|
||||
"PO-Revision-Date: 2006-11-04 03:45+0200\n"
|
||||
"Last-Translator: Nilgün Belma Bugüner <nilgun@belgeler.gen.tr>\n"
|
||||
"Language-Team: Turkish <gnu-tr-u12a@lists.sourceforge.net>\n"
|
||||
|
||||
@ -7,7 +7,7 @@ msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: gnupg 1.4.4\n"
|
||||
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
|
||||
"POT-Creation-Date: 2008-02-15 10:28+0100\n"
|
||||
"POT-Creation-Date: 2008-02-15 10:39+0100\n"
|
||||
"PO-Revision-Date: 2006-07-02 10:58+0800\n"
|
||||
"Last-Translator: Meng Jie <zuxyhere@eastday.com>\n"
|
||||
"Language-Team: Chinese (simplified) <i18n-translation@lists.linux.net.cn>\n"
|
||||
|
||||
@ -9,7 +9,7 @@ msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: gnupg 2.0.8\n"
|
||||
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
|
||||
"POT-Creation-Date: 2008-02-15 10:28+0100\n"
|
||||
"POT-Creation-Date: 2008-02-15 10:39+0100\n"
|
||||
"PO-Revision-Date: 2008-01-31 23:09+0800\n"
|
||||
"Last-Translator: Jedi Lin <Jedi@Jedi.org>\n"
|
||||
"Language-Team: Chinese (traditional) <zh-l10n@linux.org.tw>\n"
|
||||
|
||||
17
sm/ChangeLog
17
sm/ChangeLog
@ -1,3 +1,20 @@
|
||||
2008-02-18 Werner Koch <wk@g10code.com>
|
||||
|
||||
* certchain.c (gpgsm_is_root_cert): Factor code out to ...
|
||||
(is_root_cert): New. Extend test for self-issued certificates
|
||||
signed by other CAs.
|
||||
(do_validate_chain, gpgsm_basic_cert_check)
|
||||
(gpgsm_walk_cert_chain): Use it here.
|
||||
|
||||
* gpgsm.c: Add option --no-common-certs-import.
|
||||
|
||||
* certchain.c (find_up_dirmngr, find_up, do_validate_chain)
|
||||
(check_cert_policy): Be more silent with --quiet.
|
||||
|
||||
* gpgsm.c: Add option --disable-dirmngr.
|
||||
* gpgsm.h (opt): Add field DISABLE_DIRMNGR.
|
||||
* call-dirmngr.c (start_dirmngr): Implement option.
|
||||
|
||||
2008-02-14 Werner Koch <wk@g10code.com>
|
||||
|
||||
* server.c (option_handler): Add option allow-pinentry-notify.
|
||||
|
||||
@ -166,6 +166,9 @@ start_dirmngr (ctrl_t ctrl)
|
||||
assuan_context_t ctx;
|
||||
int try_default = 0;
|
||||
|
||||
if (opt.disable_dirmngr)
|
||||
return gpg_error (GPG_ERR_NO_DIRMNGR);
|
||||
|
||||
if (dirmngr_ctx)
|
||||
{
|
||||
prepare_dirmngr (ctrl, dirmngr_ctx, 0);
|
||||
@ -447,7 +450,6 @@ gpgsm_dirmngr_isvalid (ctrl_t ctrl,
|
||||
struct inq_certificate_parm_s parm;
|
||||
struct isvalid_status_parm_s stparm;
|
||||
|
||||
|
||||
rc = start_dirmngr (ctrl);
|
||||
if (rc)
|
||||
return rc;
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
/* certchain.c - certificate chain validation
|
||||
* Copyright (C) 2001, 2002, 2003, 2004, 2005,
|
||||
* 2006, 2007 Free Software Foundation, Inc.
|
||||
* 2006, 2007, 2008 Free Software Foundation, Inc.
|
||||
*
|
||||
* This file is part of GnuPG.
|
||||
*
|
||||
@ -60,6 +60,8 @@ struct chain_item_s
|
||||
typedef struct chain_item_s *chain_item_t;
|
||||
|
||||
|
||||
static int is_root_cert (ksba_cert_t cert,
|
||||
const char *issuerdn, const char *subjectdn);
|
||||
static int get_regtp_ca_info (ctrl_t ctrl, ksba_cert_t cert, int *chainlen);
|
||||
|
||||
|
||||
@ -331,8 +333,9 @@ check_cert_policy (ksba_cert_t cert, int listmode, estream_t fplist)
|
||||
/* With no critical policies this is only a warning */
|
||||
if (!any_critical)
|
||||
{
|
||||
do_list (0, listmode, fplist,
|
||||
_("note: non-critical certificate policy not allowed"));
|
||||
if (!opt.quiet)
|
||||
do_list (0, listmode, fplist,
|
||||
_("note: non-critical certificate policy not allowed"));
|
||||
return 0;
|
||||
}
|
||||
do_list (1, listmode, fplist,
|
||||
@ -563,7 +566,7 @@ find_up_dirmngr (ctrl_t ctrl, KEYDB_HANDLE kh,
|
||||
|
||||
if (opt.verbose)
|
||||
log_info (_("number of matching certificates: %d\n"), count);
|
||||
if (rc)
|
||||
if (rc && !opt.quiet)
|
||||
log_info (_("dirmngr cache-only key lookup failed: %s\n"),
|
||||
gpg_strerror (rc));
|
||||
return (!rc && count)? 0 : -1;
|
||||
@ -667,7 +670,9 @@ find_up (ctrl_t ctrl, KEYDB_HANDLE kh,
|
||||
/* Print a note so that the user does not feel too helpless when
|
||||
an issuer certificate was found and gpgsm prints BAD
|
||||
signature because it is not the correct one. */
|
||||
if (rc == -1)
|
||||
if (rc == -1 && opt.quiet)
|
||||
;
|
||||
else if (rc == -1)
|
||||
{
|
||||
log_info ("%sissuer certificate ", find_next?"next ":"");
|
||||
if (keyid)
|
||||
@ -752,7 +757,7 @@ gpgsm_walk_cert_chain (ctrl_t ctrl, ksba_cert_t start, ksba_cert_t *r_next)
|
||||
goto leave;
|
||||
}
|
||||
|
||||
if (!strcmp (issuer, subject))
|
||||
if (is_root_cert (start, issuer, subject))
|
||||
{
|
||||
rc = -1; /* we are at the root */
|
||||
goto leave;
|
||||
@ -784,6 +789,75 @@ gpgsm_walk_cert_chain (ctrl_t ctrl, ksba_cert_t start, ksba_cert_t *r_next)
|
||||
}
|
||||
|
||||
|
||||
/* Helper for gpgsm_is_root_cert. This one is used if the subject and
|
||||
issuer DNs are already known. */
|
||||
static int
|
||||
is_root_cert (ksba_cert_t cert, const char *issuerdn, const char *subjectdn)
|
||||
{
|
||||
gpg_error_t err;
|
||||
int result = 0;
|
||||
ksba_sexp_t serialno;
|
||||
ksba_sexp_t ak_keyid;
|
||||
ksba_name_t ak_name;
|
||||
ksba_sexp_t ak_sn;
|
||||
const char *ak_name_str;
|
||||
ksba_sexp_t subj_keyid = NULL;
|
||||
|
||||
if (!issuerdn || !subjectdn)
|
||||
return 0; /* No. */
|
||||
|
||||
if (strcmp (issuerdn, subjectdn))
|
||||
return 0; /* No. */
|
||||
|
||||
err = ksba_cert_get_auth_key_id (cert, &ak_keyid, &ak_name, &ak_sn);
|
||||
if (err)
|
||||
{
|
||||
if (gpg_err_code (err) == GPG_ERR_NO_DATA)
|
||||
return 1; /* Yes. Without a authorityKeyIdentifier this needs
|
||||
to be the Root certifcate (our trust anchor). */
|
||||
log_error ("error getting authorityKeyIdentifier: %s\n",
|
||||
gpg_strerror (err));
|
||||
return 0; /* Well, it is broken anyway. Return No. */
|
||||
}
|
||||
|
||||
serialno = ksba_cert_get_serial (cert);
|
||||
if (!serialno)
|
||||
{
|
||||
log_error ("error getting serialno: %s\n", gpg_strerror (err));
|
||||
goto leave;
|
||||
}
|
||||
|
||||
/* Check whether the auth name's matches the issuer name+sn. If
|
||||
that is the case this is a root certificate. */
|
||||
ak_name_str = ksba_name_enum (ak_name, 0);
|
||||
if (ak_name_str
|
||||
&& !strcmp (ak_name_str, issuerdn)
|
||||
&& !cmp_simple_canon_sexp (ak_sn, serialno))
|
||||
{
|
||||
result = 1; /* Right, CERT is self-signed. */
|
||||
goto leave;
|
||||
}
|
||||
|
||||
/* Similar for the ak_keyid. */
|
||||
if (ak_keyid && !ksba_cert_get_subj_key_id (cert, NULL, &subj_keyid)
|
||||
&& !cmp_simple_canon_sexp (ak_keyid, subj_keyid))
|
||||
{
|
||||
result = 1; /* Right, CERT is self-signed. */
|
||||
goto leave;
|
||||
}
|
||||
|
||||
|
||||
leave:
|
||||
ksba_free (subj_keyid);
|
||||
ksba_free (ak_keyid);
|
||||
ksba_name_release (ak_name);
|
||||
ksba_free (ak_sn);
|
||||
ksba_free (serialno);
|
||||
return result;
|
||||
}
|
||||
|
||||
|
||||
|
||||
/* Check whether the CERT is a root certificate. Returns True if this
|
||||
is the case. */
|
||||
int
|
||||
@ -795,7 +869,7 @@ gpgsm_is_root_cert (ksba_cert_t cert)
|
||||
|
||||
issuer = ksba_cert_get_issuer (cert, 0);
|
||||
subject = ksba_cert_get_subject (cert, 0);
|
||||
yes = (issuer && subject && !strcmp (issuer, subject));
|
||||
yes = is_root_cert (cert, issuer, subject);
|
||||
xfree (issuer);
|
||||
xfree (subject);
|
||||
return yes;
|
||||
@ -1197,11 +1271,8 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
|
||||
}
|
||||
|
||||
|
||||
/* Is this a self-issued certificate (i.e. the root
|
||||
certificate)? This is actually the same test as done by
|
||||
gpgsm_is_root_cert but here we want to keep the issuer and
|
||||
subject for later use. */
|
||||
is_root = (subject && !strcmp (issuer, subject));
|
||||
/* Is this a self-issued certificate (i.e. the root certificate)? */
|
||||
is_root = is_root_cert (subject_cert, issuer, subject);
|
||||
if (is_root)
|
||||
{
|
||||
chain->is_root = 1;
|
||||
@ -1570,7 +1641,7 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
|
||||
depth++;
|
||||
} /* End chain traversal. */
|
||||
|
||||
if (!listmode)
|
||||
if (!listmode && !opt.quiet)
|
||||
{
|
||||
if (opt.no_policy_check)
|
||||
log_info ("policies not checked due to %s option\n",
|
||||
@ -1771,7 +1842,7 @@ gpgsm_basic_cert_check (ctrl_t ctrl, ksba_cert_t cert)
|
||||
goto leave;
|
||||
}
|
||||
|
||||
if (subject && !strcmp (issuer, subject))
|
||||
if (is_root_cert (cert, issuer, subject))
|
||||
{
|
||||
rc = gpgsm_check_cert_sig (cert, cert);
|
||||
if (rc)
|
||||
|
||||
15
sm/gpgsm.c
15
sm/gpgsm.c
@ -1,6 +1,6 @@
|
||||
/* gpgsm.c - GnuPG for S/MIME
|
||||
* Copyright (C) 2001, 2002, 2003, 2004, 2005,
|
||||
* 2006, 2007 Free Software Foundation, Inc.
|
||||
* 2006, 2007, 2008 Free Software Foundation, Inc.
|
||||
*
|
||||
* This file is part of GnuPG.
|
||||
*
|
||||
@ -122,6 +122,7 @@ enum cmd_and_opt_values {
|
||||
|
||||
oPreferSystemDirmngr,
|
||||
oDirmngrProgram,
|
||||
oDisableDirmngr,
|
||||
oProtectToolProgram,
|
||||
oFakedSystemTime,
|
||||
|
||||
@ -149,7 +150,6 @@ enum cmd_and_opt_values {
|
||||
oEnablePolicyChecks,
|
||||
oAutoIssuerKeyRetrieve,
|
||||
|
||||
|
||||
oTextmode,
|
||||
oFingerprint,
|
||||
oWithFingerprint,
|
||||
@ -231,6 +231,7 @@ enum cmd_and_opt_values {
|
||||
oIgnoreTimeConflict,
|
||||
oNoRandomSeedFile,
|
||||
oNoAutoKeyRetrieve,
|
||||
oNoCommonCertsImport,
|
||||
oUseAgent,
|
||||
oMergeOnly,
|
||||
oTryAllSecrets,
|
||||
@ -431,10 +432,10 @@ static ARGPARSE_OPTS opts[] = {
|
||||
{ oLCmessages, "lc-messages", 2, "@" },
|
||||
{ oXauthority, "xauthority", 2, "@" },
|
||||
{ oDirmngrProgram, "dirmngr-program", 2 , "@" },
|
||||
{ oDisableDirmngr, "disable-dirmngr", 0 , "@" },
|
||||
{ oProtectToolProgram, "protect-tool-program", 2 , "@" },
|
||||
{ oFakedSystemTime, "faked-system-time", 2, "@" }, /* (epoch time) */
|
||||
|
||||
|
||||
{ oNoBatch, "no-batch", 0, "@" },
|
||||
{ oWithColons, "with-colons", 0, "@"},
|
||||
{ oWithKeyData,"with-key-data", 0, "@"},
|
||||
@ -462,6 +463,7 @@ static ARGPARSE_OPTS opts[] = {
|
||||
{ oListOnly, "list-only", 0, "@"},
|
||||
{ oIgnoreTimeConflict, "ignore-time-conflict", 0, "@" },
|
||||
{ oNoRandomSeedFile, "no-random-seed-file", 0, "@" },
|
||||
{ oNoCommonCertsImport, "no-common-certs-import", 0, "@" },
|
||||
{0} };
|
||||
|
||||
|
||||
@ -842,6 +844,7 @@ main ( int argc, char **argv)
|
||||
int nogreeting = 0;
|
||||
int debug_wait = 0;
|
||||
int use_random_seed = 1;
|
||||
int no_common_certs_import = 0;
|
||||
int with_fpr = 0;
|
||||
char *def_digest_string = NULL;
|
||||
char *extra_digest_algo = NULL;
|
||||
@ -1215,6 +1218,7 @@ main ( int argc, char **argv)
|
||||
case oLCmessages: opt.lc_messages = xstrdup (pargs.r.ret_str); break;
|
||||
case oXauthority: opt.xauthority = xstrdup (pargs.r.ret_str); break;
|
||||
case oDirmngrProgram: opt.dirmngr_program = pargs.r.ret_str; break;
|
||||
case oDisableDirmngr: opt.disable_dirmngr = 1; break;
|
||||
case oPreferSystemDirmngr: opt.prefer_system_dirmngr = 1; break;
|
||||
case oProtectToolProgram:
|
||||
opt.protect_tool_program = pargs.r.ret_str;
|
||||
@ -1307,6 +1311,7 @@ main ( int argc, char **argv)
|
||||
|
||||
case oIgnoreTimeConflict: opt.ignore_time_conflict = 1; break;
|
||||
case oNoRandomSeedFile: use_random_seed = 0; break;
|
||||
case oNoCommonCertsImport: no_common_certs_import = 1; break;
|
||||
|
||||
case oEnableSpecialFilenames: allow_special_filenames =1; break;
|
||||
|
||||
@ -1476,7 +1481,7 @@ main ( int argc, char **argv)
|
||||
int created;
|
||||
|
||||
keydb_add_resource ("pubring.kbx", 0, 0, &created);
|
||||
if (created)
|
||||
if (created && !no_common_certs_import)
|
||||
{
|
||||
/* Import the standard certificates for a new default keybox. */
|
||||
char *filelist[2];
|
||||
@ -1593,6 +1598,8 @@ main ( int argc, char **argv)
|
||||
GC_OPT_FLAG_NONE );
|
||||
printf ("auto-issuer-key-retrieve:%lu:\n",
|
||||
GC_OPT_FLAG_NONE );
|
||||
printf ("disable-dirmngr:%lu:\n",
|
||||
GC_OPT_FLAG_NONE );
|
||||
#ifndef HAVE_W32_SYSTEM
|
||||
printf ("prefer-system-dirmngr:%lu:\n",
|
||||
GC_OPT_FLAG_NONE );
|
||||
|
||||
@ -59,6 +59,7 @@ struct
|
||||
|
||||
const char *dirmngr_program;
|
||||
int prefer_system_dirmngr; /* Prefer using a system wide drimngr. */
|
||||
int disable_dirmngr; /* Do not do any dirmngr calls. */
|
||||
const char *protect_tool_program;
|
||||
char *outfile; /* name of output file */
|
||||
|
||||
|
||||
@ -1,3 +1,32 @@
|
||||
2008-02-19 Werner Koch <wk@g10code.com>
|
||||
|
||||
* signature-verification: New.
|
||||
* validity-periods: New.
|
||||
* verifying-name-chaining: New.
|
||||
* basic-certificate-revocation: New.
|
||||
* verifying-paths-self-issued: New.
|
||||
* verifying-basic-constraints: New.
|
||||
* key-usage: New.
|
||||
* certificate-policies: New.
|
||||
* require-explicit-policy: New.
|
||||
* policy-mappings: New.
|
||||
* inhibit-policy-mapping: New.
|
||||
* inhibit-any-policy: New.
|
||||
* name-constraints: New.
|
||||
* distribution-points: New.
|
||||
* delta-crls: New.
|
||||
* private-certificate-extensions: New.
|
||||
* Makefile.am (testscripts): Add them.
|
||||
|
||||
* import-all-certs.data: Add section numbers.
|
||||
|
||||
2008-02-18 Werner Koch <wk@g10code.com>
|
||||
|
||||
* import-all-certs.data: Adjust import tests results. Almost all
|
||||
certificates should now be importable due to relaxed basic checks.
|
||||
|
||||
* inittests (clean_files): Disable all dirmngr access.
|
||||
|
||||
2006-05-02 Werner Koch <wk@g10code.com>
|
||||
|
||||
* PKITS_data.tar.bz2: Repackaged new copy becuase the old one got
|
||||
@ -7,7 +36,7 @@
|
||||
|
||||
Started implementing PKITS based tests.
|
||||
|
||||
|
||||
|
||||
Copyright 2004 Free Software Foundation, Inc.
|
||||
|
||||
This file is free software; as a special exception the author gives
|
||||
@ -17,7 +46,3 @@
|
||||
This file is distributed in the hope that it will be useful, but
|
||||
WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
|
||||
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
@ -1,11 +1,11 @@
|
||||
# Makefile.am - tests using NIST's PKITS
|
||||
# Copyright (C) 2004 Free Software Foundation, Inc.
|
||||
# Copyright (C) 2004, 2008 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is part of GnuPG.
|
||||
#
|
||||
# GnuPG is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# the Free Software Foundation; either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# GnuPG is distributed in the hope that it will be useful,
|
||||
@ -14,40 +14,33 @@
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
|
||||
# USA.
|
||||
# along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
## Process this file with automake to produce Makefile.in
|
||||
|
||||
GPGSM = ../../sm/gpgsm
|
||||
|
||||
TESTS_ENVIRONMENT = GNUPGHOME=`pwd` GPG_AGENT_INFO= LC_ALL=C GPGSM=$(GPGSM) \
|
||||
LD_LIBRARY_PATH=$$(seen=0; \
|
||||
for i in $(LDFLAGS) $(LIBGCRYPT_LIBS) $(PTH_LIBS); \
|
||||
do \
|
||||
if echo "$$i" | egrep '^-L' >/dev/null 2>&1; \
|
||||
then \
|
||||
if test $$seen = 0; \
|
||||
then \
|
||||
seen=1; \
|
||||
else \
|
||||
printf ":"; \
|
||||
fi; \
|
||||
printf "%s" "$${i}" | sed 's/^-L//'; \
|
||||
fi; \
|
||||
done; \
|
||||
if test $$seen != 0 \
|
||||
&& test x$${LD_LIBRARY_PATH} != x; \
|
||||
then \
|
||||
printf ":"; \
|
||||
fi; \
|
||||
printf "%s" "$${LD_LIBRARY_PATH}") $(srcdir)/runtest
|
||||
silent=yes
|
||||
|
||||
|
||||
|
||||
testscripts = import-all-certs validate-all-certs
|
||||
|
||||
testscripts = import-all-certs validate-all-certs \
|
||||
signature-verification \
|
||||
validity-periods \
|
||||
verifying-name-chaining \
|
||||
basic-certificate-revocation \
|
||||
verifying-paths-self-issued \
|
||||
verifying-basic-constraints \
|
||||
key-usage \
|
||||
certificate-policies \
|
||||
require-explicit-policy \
|
||||
policy-mappings \
|
||||
inhibit-policy-mapping \
|
||||
inhibit-any-policy \
|
||||
name-constraints \
|
||||
distribution-points \
|
||||
delta-crls \
|
||||
private-certificate-extensions
|
||||
|
||||
|
||||
EXTRA_DIST = PKITS_data.tar.bz2 inittests runtest $(testscripts)
|
||||
@ -68,3 +61,11 @@ inittests.stamp: inittests
|
||||
srcdir=$(srcdir) $(TESTS_ENVIRONMENT) $(srcdir)/inittests
|
||||
echo timestamp >./inittests.stamp
|
||||
|
||||
|
||||
run-all-tests:
|
||||
@set -e; \
|
||||
GNUPGHOME=`pwd`; export GNUPGHOME;\
|
||||
unset GPG_AGENT_INFO; \
|
||||
for test in $(testscripts); do \
|
||||
./$${test} && true; \
|
||||
done
|
||||
|
||||
@ -7,6 +7,31 @@ http://csrc.nist.gov/pki/testing/x509paths.html .
|
||||
README - this file.
|
||||
PKITS_data.tar.bz2 - the orginal ZIP file, repackaged as a tarball.
|
||||
Makefile.am - Part of our build system.
|
||||
import-all-certs - Run a simple import test on all certifcates
|
||||
validate-all-certs - Run an import and validate test on all certificates
|
||||
signature-verification - PKITS test 4.1
|
||||
validity-periods - PKITS test 4.2
|
||||
verifying-name-chaining - PKITS test 4.3
|
||||
basic-certificate-revocation - PKITS test 4.4
|
||||
verifying-paths-self-issued - PKITS test 4.5
|
||||
verifying-basic-constraints - PKITS test 4.6
|
||||
key-usage - PKITS test 4.7
|
||||
certificate-policies - PKITS test 4.8
|
||||
require-explicit-policy - PKITS test 4.9
|
||||
policy-mappings - PKITS test 4.10
|
||||
inhibit-policy-mapping - PKITS test 4.11
|
||||
inhibit-any-policy - PKITS test 4.12
|
||||
name-constraints - PKITS test 4.13
|
||||
distribution-points - PKITS test 4.14
|
||||
delta-crls - PKITS test 4.15
|
||||
private-certificate-extensions - PKITS test 4.16
|
||||
|
||||
|
||||
The password for the p12 files is "password".
|
||||
|
||||
You may run the tests as usual with "make check" or after a plain make
|
||||
in this directory you may run the tests individually. When run in
|
||||
this way they will print easy to parse output to stdout. To run all
|
||||
tests in this mode, use "make run-all-tests". All test scripts create
|
||||
a log file with the suffix ".log" appended to the test script's name.
|
||||
|
||||
|
||||
31
tests/pkits/basic-certificate-revocation
Normal file
31
tests/pkits/basic-certificate-revocation
Normal file
@ -0,0 +1,31 @@
|
||||
#!/bin/sh
|
||||
# basic-certificate-revocation - PKITS Test 4.4 -*- sh -*-
|
||||
# Copyright (C) 2008 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is part of GnuPG.
|
||||
#
|
||||
# GnuPG is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# GnuPG is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
. ${srcdir:-.}/common.sh || exit 2
|
||||
|
||||
section=4.4
|
||||
description="Basic Certificate Revocation"
|
||||
info "Running $description tests"
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
final_result
|
||||
31
tests/pkits/certificate-policies
Normal file
31
tests/pkits/certificate-policies
Normal file
@ -0,0 +1,31 @@
|
||||
#!/bin/sh
|
||||
# certificate-policies - PKITS Test 4.8 -*- sh -*-
|
||||
# Copyright (C) 2008 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is part of GnuPG.
|
||||
#
|
||||
# GnuPG is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# GnuPG is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
. ${srcdir:-.}/common.sh || exit 2
|
||||
|
||||
section=4.8
|
||||
description="Certificate Policies"
|
||||
info "Running $description tests"
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
final_result
|
||||
@ -1,12 +1,12 @@
|
||||
#!/bin/sh
|
||||
# common.sh - common defs for all tests -*- sh -*-
|
||||
# Copyright (C) 2004 Free Software Foundation, Inc.
|
||||
# Copyright (C) 2004, 2008 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is part of GnuPG.
|
||||
#
|
||||
# GnuPG is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# the Free Software Foundation; either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# GnuPG is distributed in the hope that it will be useful,
|
||||
@ -15,9 +15,7 @@
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
|
||||
# USA.
|
||||
# along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
# reset some environment variables because we do not want to test locals
|
||||
export LANG=C
|
||||
@ -29,7 +27,7 @@ export LC_ALL=C
|
||||
[ -z "$srcdir" ] && srcdir="."
|
||||
[ -z "$top_srcdir" ] && top_srcdir=".."
|
||||
[ -z "$GPGSM" ] && GPGSM="../../sm/gpgsm"
|
||||
|
||||
[ -z "$silent" ] && silent=no
|
||||
|
||||
if [ "$GNUPGHOME" != "`pwd`" ]; then
|
||||
echo "inittests: please set GNUPGHOME to the tests/pkits directory" >&2
|
||||
@ -42,7 +40,6 @@ if [ -n "$GPG_AGENT_INFO" ]; then
|
||||
fi
|
||||
|
||||
|
||||
|
||||
#--------------------------------
|
||||
#------ utility functions -------
|
||||
#--------------------------------
|
||||
@ -68,46 +65,92 @@ echo_n () {
|
||||
echo $echo_n_n "${1}$echo_n_c"
|
||||
}
|
||||
|
||||
setup_output () {
|
||||
if [ -z "$first_section_set" ]; then
|
||||
first_section_set=$section
|
||||
fi
|
||||
section_out="$(echo $section)"
|
||||
if [ -z "$section_out" ]; then
|
||||
section_out="-"
|
||||
fi
|
||||
}
|
||||
|
||||
fatal () {
|
||||
echo "$pgmname: fatal:" $* >&2
|
||||
if [ "$silent" != "yes" ]; then
|
||||
echo "$section_out ERROR: $* (fatal)"
|
||||
fi
|
||||
exit 1;
|
||||
}
|
||||
|
||||
error () {
|
||||
echo "$pgmname:" $* >&2
|
||||
if [ "$silent" != "yes" ]; then
|
||||
echo "$section_out ERROR: $*"
|
||||
fi
|
||||
exit 1
|
||||
}
|
||||
|
||||
info () {
|
||||
setup_output
|
||||
echo "$pgmname:" $* >&2
|
||||
if [ "$silent" != "yes" ]; then
|
||||
echo "$section_out ____ $*"
|
||||
fi
|
||||
}
|
||||
|
||||
info_n () {
|
||||
$echo_n "$pgmname:" $* >&2
|
||||
setup_output
|
||||
echo_n "$pgmname:" $* >&2
|
||||
}
|
||||
|
||||
pass () {
|
||||
setup_output
|
||||
echo "PASS: " $* >&2
|
||||
pass_count=`expr ${pass_count} + 1`
|
||||
if [ "$silent" != "yes" ]; then
|
||||
echo_n "$section_out PASS"
|
||||
[ -n "$description" ] && echo_n " ($description)"
|
||||
echo
|
||||
fi
|
||||
}
|
||||
|
||||
fail () {
|
||||
setup_output
|
||||
echo "FAIL: " $* >&2
|
||||
fail_count=`expr ${fail_count} + 1`
|
||||
if [ "$silent" != "yes" ]; then
|
||||
echo_n "$section_out FAIL"
|
||||
[ -n "$description" ] && echo_n " ($description)"
|
||||
echo
|
||||
fi
|
||||
}
|
||||
|
||||
unresolved () {
|
||||
setup_output
|
||||
echo "UNRESOLVED: " $* >&2
|
||||
unresolved_count=`expr ${unresolved_count} + 1`
|
||||
if [ "$silent" != "yes" ]; then
|
||||
echo_n "$section_out UNRESOLVED"
|
||||
[ -n "$description" ] && echo_n " ($description)"
|
||||
echo
|
||||
fi
|
||||
}
|
||||
|
||||
unsupported () {
|
||||
setup_output
|
||||
echo "UNSUPPORTED: " $* >&2
|
||||
unsupported_count=`expr ${unsupported_count} + 1`
|
||||
if [ "$silent" != "yes" ]; then
|
||||
echo_n "$section_out UNSUPPORTED"
|
||||
[ -n "$description" ] && echo_n " ($description)"
|
||||
echo
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
final_result () {
|
||||
section=$first_section_set
|
||||
[ $pass_count = 0 ] || info "$pass_count tests passed"
|
||||
[ $fail_count = 0 ] || info "$fail_count tests failed"
|
||||
[ $unresolved_count = 0 ] || info "$unresolved_count tests unresolved"
|
||||
@ -127,7 +170,10 @@ pass_count=0
|
||||
fail_count=0
|
||||
unresolved_count=0
|
||||
unsupported_count=0
|
||||
|
||||
first_section_set=""
|
||||
section_out=""
|
||||
section=""
|
||||
description=""
|
||||
|
||||
#trap cleanup SIGHUP SIGINT SIGQUIT
|
||||
exec 2> ${pgmname}.log
|
||||
|
||||
31
tests/pkits/delta-crls
Normal file
31
tests/pkits/delta-crls
Normal file
@ -0,0 +1,31 @@
|
||||
#!/bin/sh
|
||||
# delta-crls - PKITS Test 4.15 -*- sh -*-
|
||||
# Copyright (C) 2008 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is part of GnuPG.
|
||||
#
|
||||
# GnuPG is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# GnuPG is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
. ${srcdir:-.}/common.sh || exit 2
|
||||
|
||||
section=4.15
|
||||
description="Delta-CRLs"
|
||||
info "Running $description tests"
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
final_result
|
||||
31
tests/pkits/distribution-points
Normal file
31
tests/pkits/distribution-points
Normal file
@ -0,0 +1,31 @@
|
||||
#!/bin/sh
|
||||
# distribution-points - PKITS Test 4.14 -*- sh -*-
|
||||
# Copyright (C) 2008 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is part of GnuPG.
|
||||
#
|
||||
# GnuPG is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# GnuPG is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
. ${srcdir:-.}/common.sh || exit 2
|
||||
|
||||
section=4.14
|
||||
description="Distribution Points"
|
||||
info "Running $description tests"
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
final_result
|
||||
@ -1,11 +1,12 @@
|
||||
#!/bin/sh
|
||||
# Copyright (C) 2004 Free Software Foundation, Inc. -*- sh -*-
|
||||
# import-all-certs - GnuPG import test -*- sh -*-
|
||||
# Copyright (C) 2004, 2008 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is part of GnuPG.
|
||||
#
|
||||
# GnuPG is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# the Free Software Foundation; either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# GnuPG is distributed in the hope that it will be useful,
|
||||
@ -14,16 +15,19 @@
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
|
||||
# USA.
|
||||
# along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
. ${srcdir:-.}/common.sh || exit 2
|
||||
|
||||
while read flag dummy name; do
|
||||
case $flag in \#*) continue;; esac
|
||||
[ -z "$flag" ] && continue;
|
||||
section=6
|
||||
description="GnuPG Import"
|
||||
info "Running $description tests"
|
||||
|
||||
while read flag dummy section name; do
|
||||
case $flag in \#*) continue ;; esac
|
||||
[ -z "$(echo $flag)" ] && continue;
|
||||
|
||||
description="import $name"
|
||||
if ${GPGSM} -q --import certs/$name ; then
|
||||
if [ "$flag" = 'p' ]; then
|
||||
pass "importing certificate \`$name' succeeded"
|
||||
|
||||
@ -1,490 +1,471 @@
|
||||
# The first column is for the basic import test, the second for a
|
||||
# validation test.
|
||||
|
||||
# validation test, the third is the section number and th foruth the
|
||||
# filename of the certificate.
|
||||
|
||||
# Make sure that the root certificate is imported first
|
||||
p p TrustAnchorRootCertificate.crt
|
||||
|
||||
p p AllCertificatesNoPoliciesTest2EE.crt
|
||||
p p AllCertificatesSamePoliciesTest10EE.crt
|
||||
p p AllCertificatesSamePoliciesTest13EE.crt
|
||||
p p AllCertificatesanyPolicyTest11EE.crt
|
||||
p p AnyPolicyTest14EE.crt
|
||||
p p BadCRLIssuerNameCACert.crt
|
||||
p p BadCRLSignatureCACert.crt
|
||||
f f BadSignedCACert.crt
|
||||
p f BadnotAfterDateCACert.crt
|
||||
|
||||
# UTC: "470101120100Z" i.e. not before 2047-01-01
|
||||
p f BadnotBeforeDateCACert.crt
|
||||
|
||||
p p BasicSelfIssuedCRLSigningKeyCACert.crt
|
||||
|
||||
# For yet unknown reasons gpgsm claims a bad signature.
|
||||
? ? BasicSelfIssuedCRLSigningKeyCRLCert.crt
|
||||
p p 6.1.5.1 TrustAnchorRootCertificate.crt
|
||||
|
||||
p p BasicSelfIssuedNewKeyCACert.crt
|
||||
|
||||
# For yet unknown reasons gpgsm claims a bad signature.
|
||||
? ? BasicSelfIssuedNewKeyOldWithNewCACert.crt
|
||||
|
||||
p p BasicSelfIssuedOldKeyCACert.crt
|
||||
|
||||
# For yet unknown reasons gpgsm claims a bad signature.
|
||||
? ? BasicSelfIssuedOldKeyNewWithOldCACert.crt
|
||||
|
||||
p p CPSPointerQualifierTest20EE.crt
|
||||
p p 6.1.5.168 AllCertificatesNoPoliciesTest2EE.crt
|
||||
p p 6.1.5.204 AllCertificatesSamePoliciesTest10EE.crt
|
||||
p p 6.1.5.211 AllCertificatesSamePoliciesTest13EE.crt
|
||||
p p 6.1.5.207 AllCertificatesanyPolicyTest11EE.crt
|
||||
p p 6.1.5.212 AnyPolicyTest14EE.crt
|
||||
p p 6.1.5.41 BadCRLIssuerNameCACert.crt
|
||||
p p 6.1.5.38 BadCRLSignatureCACert.crt
|
||||
f f 6.1.5.6 BadSignedCACert.crt
|
||||
p f 6.1.5.16 BadnotAfterDateCACert.crt
|
||||
|
||||
u u DSACACert.crt
|
||||
u u DSAParametersInheritedCACert.crt
|
||||
# UTC: "470101120100Z" i.e. not before 2047-01-01
|
||||
p f 6.1.5.10 BadnotBeforeDateCACert.crt
|
||||
|
||||
p p 6.1.5.88 BasicSelfIssuedCRLSigningKeyCACert.crt
|
||||
p p 6.1.5.90 BasicSelfIssuedCRLSigningKeyCRLCert.crt
|
||||
|
||||
p p 6.1.5.76 BasicSelfIssuedNewKeyCACert.crt
|
||||
p p 6.1.5.78 BasicSelfIssuedNewKeyOldWithNewCACert.crt
|
||||
p p 6.1.5.81 BasicSelfIssuedOldKeyCACert.crt
|
||||
p p 6.1.5.83 BasicSelfIssuedOldKeyNewWithOldCACert.crt
|
||||
|
||||
p p 6.1.5.218 CPSPointerQualifierTest20EE.crt
|
||||
|
||||
u u 6.1.5.572 DSACACert.crt
|
||||
u u 6.1.5.575 DSAParametersInheritedCACert.crt
|
||||
|
||||
p p 6.1.5.210 DifferentPoliciesTest12EE.crt
|
||||
p p 6.1.5.171 DifferentPoliciesTest3EE.crt
|
||||
p p 6.1.5.174 DifferentPoliciesTest4EE.crt
|
||||
p p 6.1.5.177 DifferentPoliciesTest5EE.crt
|
||||
p p 6.1.5.191 DifferentPoliciesTest7EE.crt
|
||||
p p 6.1.5.198 DifferentPoliciesTest8EE.crt
|
||||
p p 6.1.5.203 DifferentPoliciesTest9EE.crt
|
||||
p p 6.1.5.64 GeneralizedTimeCRLnextUpdateCACert.crt
|
||||
p p 6.1.5.3 GoodCACert.crt
|
||||
p p 6.1.5.172 GoodsubCACert.crt
|
||||
|
||||
# gpgsm: critical certificate extension 2.5.29.33 (policyMappings)
|
||||
# is not supported
|
||||
p u 6.1.5.300 GoodsubCAPanyPolicyMapping1to2CACert.crt
|
||||
|
||||
p f 6.1.5.43 InvalidBadCRLIssuerNameTest5EE.crt
|
||||
|
||||
p f 6.1.5.40 InvalidBadCRLSignatureTest4EE.crt
|
||||
p f 6.1.5.93 InvalidBasicSelfIssuedCRLSigningKeyTest7EE.crt
|
||||
|
||||
p f 6.1.5.94 InvalidBasicSelfIssuedCRLSigningKeyTest8EE.crt
|
||||
|
||||
p f 6.1.5.87 InvalidBasicSelfIssuedNewWithOldTest5EE.crt
|
||||
|
||||
p f 6.1.5.80 InvalidBasicSelfIssuedOldWithNewTest2EE.crt
|
||||
|
||||
p f 6.1.5.8 InvalidCASignatureTest2EE.crt
|
||||
|
||||
p f 6.1.5.18 InvalidCAnotAfterDateTest5EE.crt
|
||||
p f 6.1.5.12 InvalidCAnotBeforeDateTest1EE.crt
|
||||
p f 6.1.5.439 InvalidDNSnameConstraintsTest31EE.crt
|
||||
p f 6.1.5.443 InvalidDNSnameConstraintsTest33EE.crt
|
||||
p f 6.1.5.562 InvalidDNSnameConstraintsTest38EE.crt
|
||||
p f 6.1.5.434 InvalidDNandRFC822nameConstraintsTest28EE.crt
|
||||
p f 6.1.5.435 InvalidDNandRFC822nameConstraintsTest29EE.crt
|
||||
p f 6.1.5.399 InvalidDNnameConstraintsTest10EE.crt
|
||||
p f 6.1.5.403 InvalidDNnameConstraintsTest12EE.crt
|
||||
p f 6.1.5.406 InvalidDNnameConstraintsTest13EE.crt
|
||||
p f 6.1.5.410 InvalidDNnameConstraintsTest15EE.crt
|
||||
p f 6.1.5.411 InvalidDNnameConstraintsTest16EE.crt
|
||||
p f 6.1.5.414 InvalidDNnameConstraintsTest17EE.crt
|
||||
|
||||
p f 6.1.5.418 InvalidDNnameConstraintsTest20EE.crt
|
||||
|
||||
p f 6.1.5.383 InvalidDNnameConstraintsTest2EE.crt
|
||||
p f 6.1.5.384 InvalidDNnameConstraintsTest3EE.crt
|
||||
p f 6.1.5.392 InvalidDNnameConstraintsTest7EE.crt
|
||||
p f 6.1.5.395 InvalidDNnameConstraintsTest8EE.crt
|
||||
p f 6.1.5.396 InvalidDNnameConstraintsTest9EE.crt
|
||||
|
||||
u u 6.1.5.578 InvalidDSASignatureTest6EE.crt
|
||||
|
||||
f f 6.1.5.9 InvalidEESignatureTest3EE.crt
|
||||
|
||||
p f 6.1.5.19 InvalidEEnotAfterDateTest6EE.crt
|
||||
p f 6.1.5.13 InvalidEEnotBeforeDateTest2EE.crt
|
||||
p f 6.1.5.500 InvalidIDPwithindirectCRLTest23EE.crt
|
||||
p f 6.1.5.504 InvalidIDPwithindirectCRLTest26EE.crt
|
||||
p f 6.1.5.75 InvalidLongSerialNumberTest18EE.crt
|
||||
p f 6.1.5.293 InvalidMappingFromanyPolicyTest7EE.crt
|
||||
p f 6.1.5.296 InvalidMappingToanyPolicyTest8EE.crt
|
||||
p f 6.1.5.33 InvalidMissingCRLTest1EE.crt
|
||||
p f 6.1.5.97 InvalidMissingbasicConstraintsTest1EE.crt
|
||||
p f 6.1.5.25 InvalidNameChainingOrderTest2EE.crt
|
||||
p f 6.1.5.22 InvalidNameChainingTest1EE.crt
|
||||
p f 6.1.5.70 InvalidNegativeSerialNumberTest15EE.crt
|
||||
p f 6.1.5.60 InvalidOldCRLnextUpdateTest11EE.crt
|
||||
p f 6.1.5.302 InvalidPolicyMappingTest10EE.crt
|
||||
p f 6.1.5.276 InvalidPolicyMappingTest2EE.crt
|
||||
p f 6.1.5.284 InvalidPolicyMappingTest4EE.crt
|
||||
p f 6.1.5.422 InvalidRFC822nameConstraintsTest22EE.crt
|
||||
p f 6.1.5.426 InvalidRFC822nameConstraintsTest24EE.crt
|
||||
p f 6.1.5.430 InvalidRFC822nameConstraintsTest26EE.crt
|
||||
p f 6.1.5.36 InvalidRevokedCATest2EE.crt
|
||||
p f 6.1.5.37 InvalidRevokedEETest3EE.crt
|
||||
|
||||
p f 6.1.5.379 InvalidSelfIssuedinhibitAnyPolicyTest10EE.crt
|
||||
|
||||
p f 6.1.5.376 InvalidSelfIssuedinhibitAnyPolicyTest8EE.crt
|
||||
p f 6.1.5.348 InvalidSelfIssuedinhibitPolicyMappingTest10EE.crt
|
||||
p f 6.1.5.349 InvalidSelfIssuedinhibitPolicyMappingTest11EE.crt
|
||||
p f 6.1.5.345 InvalidSelfIssuedinhibitPolicyMappingTest8EE.crt
|
||||
p f 6.1.5.346 InvalidSelfIssuedinhibitPolicyMappingTest9EE.crt
|
||||
p f 6.1.5.143 InvalidSelfIssuedpathLenConstraintTest16EE.crt
|
||||
p f 6.1.5.270 InvalidSelfIssuedrequireExplicitPolicyTest7EE.crt
|
||||
p f 6.1.5.272 InvalidSelfIssuedrequireExplicitPolicyTest8EE.crt
|
||||
|
||||
p f 6.1.5.567 InvalidSeparateCertificateandCRLKeysTest20EE.crt
|
||||
p f 6.1.5.571 InvalidSeparateCertificateandCRLKeysTest21EE.crt
|
||||
|
||||
p f 6.1.5.447 InvalidURInameConstraintsTest35EE.crt
|
||||
p f 6.1.5.451 InvalidURInameConstraintsTest37EE.crt
|
||||
p f 6.1.5.53 InvalidUnknownCRLEntryExtensionTest8EE.crt
|
||||
p f 6.1.5.57 InvalidUnknownCRLExtensionTest10EE.crt
|
||||
p f 6.1.5.56 InvalidUnknownCRLExtensionTest9EE.crt
|
||||
p f 6.1.5.546 InvalidUnknownCriticalCertificateExtensionTest2EE.crt
|
||||
p f 6.1.5.46 InvalidWrongCRLTest6EE.crt
|
||||
p f 6.1.5.100 InvalidcAFalseTest2EE.crt
|
||||
p f 6.1.5.103 InvalidcAFalseTest3EE.crt
|
||||
p f 6.1.5.505 InvalidcRLIssuerTest27EE.crt
|
||||
p f 6.1.5.519 InvalidcRLIssuerTest31EE.crt
|
||||
p f 6.1.5.520 InvalidcRLIssuerTest32EE.crt
|
||||
p f 6.1.5.522 InvalidcRLIssuerTest34EE.crt
|
||||
p f 6.1.5.523 InvalidcRLIssuerTest35EE.crt
|
||||
p f 6.1.5.526 InvaliddeltaCRLIndicatorNoBaseTest1EE.crt
|
||||
p f 6.1.5.544 InvaliddeltaCRLTest10EE.crt
|
||||
p f 6.1.5.531 InvaliddeltaCRLTest3EE.crt
|
||||
p f 6.1.5.532 InvaliddeltaCRLTest4EE.crt
|
||||
p f 6.1.5.534 InvaliddeltaCRLTest6EE.crt
|
||||
p f 6.1.5.540 InvaliddeltaCRLTest9EE.crt
|
||||
p f 6.1.5.455 InvaliddistributionPointTest2EE.crt
|
||||
p f 6.1.5.456 InvaliddistributionPointTest3EE.crt
|
||||
p f 6.1.5.461 InvaliddistributionPointTest6EE.crt
|
||||
p f 6.1.5.463 InvaliddistributionPointTest8EE.crt
|
||||
p f 6.1.5.464 InvaliddistributionPointTest9EE.crt
|
||||
p f 6.1.5.352 InvalidinhibitAnyPolicyTest1EE.crt
|
||||
p f 6.1.5.359 InvalidinhibitAnyPolicyTest4EE.crt
|
||||
p f 6.1.5.366 InvalidinhibitAnyPolicyTest5EE.crt
|
||||
p f 6.1.5.369 InvalidinhibitAnyPolicyTest6EE.crt
|
||||
p f 6.1.5.313 InvalidinhibitPolicyMappingTest1EE.crt
|
||||
p f 6.1.5.321 InvalidinhibitPolicyMappingTest3EE.crt
|
||||
p f 6.1.5.331 InvalidinhibitPolicyMappingTest5EE.crt
|
||||
p f 6.1.5.336 InvalidinhibitPolicyMappingTest6EE.crt
|
||||
p f 6.1.5.162 InvalidkeyUsageCriticalcRLSignFalseTest4EE.crt
|
||||
p f 6.1.5.153 InvalidkeyUsageCriticalkeyCertSignFalseTest1EE.crt
|
||||
p f 6.1.5.165 InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.crt
|
||||
p f 6.1.5.156 InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE.crt
|
||||
p f 6.1.5.477 InvalidonlyContainsAttributeCertsTest14EE.crt
|
||||
p f 6.1.5.473 InvalidonlyContainsCACertsTest12EE.crt
|
||||
p f 6.1.5.470 InvalidonlyContainsUserCertsTest11EE.crt
|
||||
p f 6.1.5.481 InvalidonlySomeReasonsTest15EE.crt
|
||||
p f 6.1.5.482 InvalidonlySomeReasonsTest16EE.crt
|
||||
p f 6.1.5.486 InvalidonlySomeReasonsTest17EE.crt
|
||||
p f 6.1.5.495 InvalidonlySomeReasonsTest20EE.crt
|
||||
p f 6.1.5.496 InvalidonlySomeReasonsTest21EE.crt
|
||||
p f 6.1.5.122 InvalidpathLenConstraintTest10EE.crt
|
||||
p f 6.1.5.129 InvalidpathLenConstraintTest11EE.crt
|
||||
p f 6.1.5.130 InvalidpathLenConstraintTest12EE.crt
|
||||
p f 6.1.5.111 InvalidpathLenConstraintTest5EE.crt
|
||||
p f 6.1.5.112 InvalidpathLenConstraintTest6EE.crt
|
||||
p f 6.1.5.121 InvalidpathLenConstraintTest9EE.crt
|
||||
p f 6.1.5.63 Invalidpre2000CRLnextUpdateTest12EE.crt
|
||||
p f 6.1.5.20 Invalidpre2000UTCEEnotAfterDateTest7EE.crt
|
||||
p f 6.1.5.245 InvalidrequireExplicitPolicyTest3EE.crt
|
||||
p f 6.1.5.263 InvalidrequireExplicitPolicyTest5EE.crt
|
||||
p p 6.1.5.71 LongSerialNumberCACert.crt
|
||||
p p 6.1.5.273 Mapping1to2CACert.crt
|
||||
p p 6.1.5.291 MappingFromanyPolicyCACert.crt
|
||||
p p 6.1.5.294 MappingToanyPolicyCACert.crt
|
||||
p p 6.1.5.95 MissingbasicConstraintsCACert.crt
|
||||
p p 6.1.5.23 NameOrderingCACert.crt
|
||||
p p 6.1.5.67 NegativeSerialNumberCACert.crt
|
||||
p p 6.1.5.32 NoCRLCACert.crt
|
||||
p p 6.1.5.166 NoPoliciesCACert.crt
|
||||
p p 6.1.5.465 NoissuingDistributionPointCACert.crt
|
||||
p p 6.1.5.58 OldCRLnextUpdateCACert.crt
|
||||
p p 6.1.5.184 OverlappingPoliciesTest6EE.crt
|
||||
p p 6.1.5.277 P12Mapping1to3CACert.crt
|
||||
p p 6.1.5.279 P12Mapping1to3subCACert.crt
|
||||
p p 6.1.5.281 P12Mapping1to3subsubCACert.crt
|
||||
p p 6.1.5.285 P1Mapping1to234CACert.crt
|
||||
p p 6.1.5.287 P1Mapping1to234subCACert.crt
|
||||
p p 6.1.5.305 P1anyPolicyMapping1to2CACert.crt
|
||||
p p 6.1.5.297 PanyPolicyMapping1to2CACert.crt
|
||||
p p 6.1.5.178 PoliciesP1234CACert.crt
|
||||
p p 6.1.5.180 PoliciesP1234subCAP123Cert.crt
|
||||
p p 6.1.5.182 PoliciesP1234subsubCAP123P12Cert.crt
|
||||
p p 6.1.5.185 PoliciesP123CACert.crt
|
||||
p p 6.1.5.187 PoliciesP123subCAP12Cert.crt
|
||||
p p 6.1.5.189 PoliciesP123subsubCAP12P1Cert.crt
|
||||
p p 6.1.5.199 PoliciesP123subsubCAP12P2Cert.crt
|
||||
p p 6.1.5.201 PoliciesP123subsubsubCAP12P2P1Cert.crt
|
||||
p p 6.1.5.192 PoliciesP12CACert.crt
|
||||
p p 6.1.5.194 PoliciesP12subCAP1Cert.crt
|
||||
p p 6.1.5.196 PoliciesP12subsubCAP1P2Cert.crt
|
||||
p p 6.1.5.175 PoliciesP2subCA2Cert.crt
|
||||
p p 6.1.5.169 PoliciesP2subCACert.crt
|
||||
p p 6.1.5.208 PoliciesP3CACert.crt
|
||||
p p 6.1.5.547 RFC3280MandatoryAttributeTypesCACert.crt
|
||||
p p 6.1.5.550 RFC3280OptionalAttributeTypesCACert.crt
|
||||
p p 6.1.5.34 RevokedsubCACert.crt
|
||||
p p 6.1.5.556 RolloverfromPrintableStringtoUTF8StringCACert.crt
|
||||
p p 6.1.5.569 SeparateCertificateandCRLKeysCA2CRLSigningCert.crt
|
||||
p p 6.1.5.568 SeparateCertificateandCRLKeysCA2CertificateSigningCACert.crt
|
||||
p p 6.1.5.564 SeparateCertificateandCRLKeysCRLSigningCert.crt
|
||||
p p 6.1.5.563 SeparateCertificateandCRLKeysCertificateSigningCACert.crt
|
||||
p p 6.1.5.47 TwoCRLsCACert.crt
|
||||
p p 6.1.5.29 UIDCACert.crt
|
||||
p p 6.1.5.559 UTF8StringCaseInsensitiveMatchCACert.crt
|
||||
p p 6.1.5.553 UTF8StringEncodedNamesCACert.crt
|
||||
p p 6.1.5.51 UnknownCRLEntryExtensionCACert.crt
|
||||
p p 6.1.5.54 UnknownCRLExtensionCACert.crt
|
||||
p p 6.1.5.213 UserNoticeQualifierTest15EE.crt
|
||||
p p 6.1.5.214 UserNoticeQualifierTest16EE.crt
|
||||
p p 6.1.5.215 UserNoticeQualifierTest17EE.crt
|
||||
p p 6.1.5.216 UserNoticeQualifierTest18EE.crt
|
||||
p p 6.1.5.217 UserNoticeQualifierTest19EE.crt
|
||||
p p 6.1.5.92 ValidBasicSelfIssuedCRLSigningKeyTest6EE.crt
|
||||
|
||||
p p 6.1.5.85 ValidBasicSelfIssuedNewWithOldTest3EE.crt
|
||||
p p 6.1.5.86 ValidBasicSelfIssuedNewWithOldTest4EE.crt
|
||||
p p 6.1.5.79 ValidBasicSelfIssuedOldWithNewTest1EE.crt
|
||||
|
||||
p p 6.1.5.5 ValidCertificatePathTest1EE.crt
|
||||
p p 6.1.5.438 ValidDNSnameConstraintsTest30EE.crt
|
||||
p p 6.1.5.442 ValidDNSnameConstraintsTest32EE.crt
|
||||
p p 6.1.5.433 ValidDNandRFC822nameConstraintsTest27EE.crt
|
||||
p p 6.1.5.400 ValidDNnameConstraintsTest11EE.crt
|
||||
|
||||
p p DifferentPoliciesTest12EE.crt
|
||||
p p DifferentPoliciesTest3EE.crt
|
||||
p p DifferentPoliciesTest4EE.crt
|
||||
p p DifferentPoliciesTest5EE.crt
|
||||
p p DifferentPoliciesTest7EE.crt
|
||||
p p DifferentPoliciesTest8EE.crt
|
||||
p p DifferentPoliciesTest9EE.crt
|
||||
p p GeneralizedTimeCRLnextUpdateCACert.crt
|
||||
p p GoodCACert.crt
|
||||
p p GoodsubCACert.crt
|
||||
|
||||
# gpgsm: critical certificate extension 2.5.29.33 (policyMappings)
|
||||
# is not supported
|
||||
p u GoodsubCAPanyPolicyMapping1to2CACert.crt
|
||||
|
||||
# fixme: gpgme does not fail for it.
|
||||
p f InvalidBadCRLIssuerNameTest5EE.crt
|
||||
|
||||
p f InvalidBadCRLSignatureTest4EE.crt
|
||||
p f InvalidBasicSelfIssuedCRLSigningKeyTest7EE.crt
|
||||
|
||||
f f InvalidBasicSelfIssuedCRLSigningKeyTest8EE.crt
|
||||
|
||||
p f InvalidBasicSelfIssuedNewWithOldTest5EE.crt
|
||||
|
||||
f f InvalidBasicSelfIssuedOldWithNewTest2EE.crt
|
||||
|
||||
p f InvalidCASignatureTest2EE.crt
|
||||
|
||||
p f InvalidCAnotAfterDateTest5EE.crt
|
||||
p f InvalidCAnotBeforeDateTest1EE.crt
|
||||
p f InvalidDNSnameConstraintsTest31EE.crt
|
||||
p f InvalidDNSnameConstraintsTest33EE.crt
|
||||
p f InvalidDNSnameConstraintsTest38EE.crt
|
||||
p f InvalidDNandRFC822nameConstraintsTest28EE.crt
|
||||
p f InvalidDNandRFC822nameConstraintsTest29EE.crt
|
||||
p f InvalidDNnameConstraintsTest10EE.crt
|
||||
p f InvalidDNnameConstraintsTest12EE.crt
|
||||
p f InvalidDNnameConstraintsTest13EE.crt
|
||||
p f InvalidDNnameConstraintsTest15EE.crt
|
||||
p f InvalidDNnameConstraintsTest16EE.crt
|
||||
p f InvalidDNnameConstraintsTest17EE.crt
|
||||
|
||||
f f InvalidDNnameConstraintsTest20EE.crt
|
||||
|
||||
p f InvalidDNnameConstraintsTest2EE.crt
|
||||
p f InvalidDNnameConstraintsTest3EE.crt
|
||||
p f InvalidDNnameConstraintsTest7EE.crt
|
||||
p f InvalidDNnameConstraintsTest8EE.crt
|
||||
p f InvalidDNnameConstraintsTest9EE.crt
|
||||
|
||||
u u InvalidDSASignatureTest6EE.crt
|
||||
|
||||
f f InvalidEESignatureTest3EE.crt
|
||||
|
||||
p f InvalidEEnotAfterDateTest6EE.crt
|
||||
p f InvalidEEnotBeforeDateTest2EE.crt
|
||||
p f InvalidIDPwithindirectCRLTest23EE.crt
|
||||
p f InvalidIDPwithindirectCRLTest26EE.crt
|
||||
p f InvalidLongSerialNumberTest18EE.crt
|
||||
p f InvalidMappingFromanyPolicyTest7EE.crt
|
||||
p f InvalidMappingToanyPolicyTest8EE.crt
|
||||
p f InvalidMissingCRLTest1EE.crt
|
||||
p f InvalidMissingbasicConstraintsTest1EE.crt
|
||||
p f InvalidNameChainingOrderTest2EE.crt
|
||||
p f InvalidNameChainingTest1EE.crt
|
||||
p f InvalidNegativeSerialNumberTest15EE.crt
|
||||
p f InvalidOldCRLnextUpdateTest11EE.crt
|
||||
p f InvalidPolicyMappingTest10EE.crt
|
||||
p f InvalidPolicyMappingTest2EE.crt
|
||||
p f InvalidPolicyMappingTest4EE.crt
|
||||
p f InvalidRFC822nameConstraintsTest22EE.crt
|
||||
p f InvalidRFC822nameConstraintsTest24EE.crt
|
||||
p f InvalidRFC822nameConstraintsTest26EE.crt
|
||||
p f InvalidRevokedCATest2EE.crt
|
||||
p f InvalidRevokedEETest3EE.crt
|
||||
|
||||
f f InvalidSelfIssuedinhibitAnyPolicyTest10EE.crt
|
||||
|
||||
p f InvalidSelfIssuedinhibitAnyPolicyTest8EE.crt
|
||||
p f InvalidSelfIssuedinhibitPolicyMappingTest10EE.crt
|
||||
p f InvalidSelfIssuedinhibitPolicyMappingTest11EE.crt
|
||||
p f InvalidSelfIssuedinhibitPolicyMappingTest8EE.crt
|
||||
p f InvalidSelfIssuedinhibitPolicyMappingTest9EE.crt
|
||||
p f InvalidSelfIssuedpathLenConstraintTest16EE.crt
|
||||
p f InvalidSelfIssuedrequireExplicitPolicyTest7EE.crt
|
||||
p f InvalidSelfIssuedrequireExplicitPolicyTest8EE.crt
|
||||
|
||||
f f InvalidSeparateCertificateandCRLKeysTest20EE.crt
|
||||
f f InvalidSeparateCertificateandCRLKeysTest21EE.crt
|
||||
|
||||
p f InvalidURInameConstraintsTest35EE.crt
|
||||
p f InvalidURInameConstraintsTest37EE.crt
|
||||
p f InvalidUnknownCRLEntryExtensionTest8EE.crt
|
||||
p f InvalidUnknownCRLExtensionTest10EE.crt
|
||||
p f InvalidUnknownCRLExtensionTest9EE.crt
|
||||
p f InvalidUnknownCriticalCertificateExtensionTest2EE.crt
|
||||
p f InvalidWrongCRLTest6EE.crt
|
||||
p f InvalidcAFalseTest2EE.crt
|
||||
p f InvalidcAFalseTest3EE.crt
|
||||
p f InvalidcRLIssuerTest27EE.crt
|
||||
p f InvalidcRLIssuerTest31EE.crt
|
||||
p f InvalidcRLIssuerTest32EE.crt
|
||||
p f InvalidcRLIssuerTest34EE.crt
|
||||
p f InvalidcRLIssuerTest35EE.crt
|
||||
p f InvaliddeltaCRLIndicatorNoBaseTest1EE.crt
|
||||
p f InvaliddeltaCRLTest10EE.crt
|
||||
p f InvaliddeltaCRLTest3EE.crt
|
||||
p f InvaliddeltaCRLTest4EE.crt
|
||||
p f InvaliddeltaCRLTest6EE.crt
|
||||
p f InvaliddeltaCRLTest9EE.crt
|
||||
p f InvaliddistributionPointTest2EE.crt
|
||||
p f InvaliddistributionPointTest3EE.crt
|
||||
p f InvaliddistributionPointTest6EE.crt
|
||||
p f InvaliddistributionPointTest8EE.crt
|
||||
p f InvaliddistributionPointTest9EE.crt
|
||||
p f InvalidinhibitAnyPolicyTest1EE.crt
|
||||
p f InvalidinhibitAnyPolicyTest4EE.crt
|
||||
p f InvalidinhibitAnyPolicyTest5EE.crt
|
||||
p f InvalidinhibitAnyPolicyTest6EE.crt
|
||||
p f InvalidinhibitPolicyMappingTest1EE.crt
|
||||
p f InvalidinhibitPolicyMappingTest3EE.crt
|
||||
p f InvalidinhibitPolicyMappingTest5EE.crt
|
||||
p f InvalidinhibitPolicyMappingTest6EE.crt
|
||||
p f InvalidkeyUsageCriticalcRLSignFalseTest4EE.crt
|
||||
p f InvalidkeyUsageCriticalkeyCertSignFalseTest1EE.crt
|
||||
p f InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.crt
|
||||
p f InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE.crt
|
||||
p f InvalidonlyContainsAttributeCertsTest14EE.crt
|
||||
p f InvalidonlyContainsCACertsTest12EE.crt
|
||||
p f InvalidonlyContainsUserCertsTest11EE.crt
|
||||
p f InvalidonlySomeReasonsTest15EE.crt
|
||||
p f InvalidonlySomeReasonsTest16EE.crt
|
||||
p f InvalidonlySomeReasonsTest17EE.crt
|
||||
p f InvalidonlySomeReasonsTest20EE.crt
|
||||
p f InvalidonlySomeReasonsTest21EE.crt
|
||||
p f InvalidpathLenConstraintTest10EE.crt
|
||||
p f InvalidpathLenConstraintTest11EE.crt
|
||||
p f InvalidpathLenConstraintTest12EE.crt
|
||||
p f InvalidpathLenConstraintTest5EE.crt
|
||||
p f InvalidpathLenConstraintTest6EE.crt
|
||||
p f InvalidpathLenConstraintTest9EE.crt
|
||||
p f Invalidpre2000CRLnextUpdateTest12EE.crt
|
||||
p f Invalidpre2000UTCEEnotAfterDateTest7EE.crt
|
||||
p f InvalidrequireExplicitPolicyTest3EE.crt
|
||||
p f InvalidrequireExplicitPolicyTest5EE.crt
|
||||
p p LongSerialNumberCACert.crt
|
||||
p p Mapping1to2CACert.crt
|
||||
p p MappingFromanyPolicyCACert.crt
|
||||
p p MappingToanyPolicyCACert.crt
|
||||
p p MissingbasicConstraintsCACert.crt
|
||||
p p NameOrderingCACert.crt
|
||||
p p NegativeSerialNumberCACert.crt
|
||||
p p NoCRLCACert.crt
|
||||
p p NoPoliciesCACert.crt
|
||||
p p NoissuingDistributionPointCACert.crt
|
||||
p p OldCRLnextUpdateCACert.crt
|
||||
p p OverlappingPoliciesTest6EE.crt
|
||||
p p P12Mapping1to3CACert.crt
|
||||
p p P12Mapping1to3subCACert.crt
|
||||
p p P12Mapping1to3subsubCACert.crt
|
||||
p p P1Mapping1to234CACert.crt
|
||||
p p P1Mapping1to234subCACert.crt
|
||||
p p P1anyPolicyMapping1to2CACert.crt
|
||||
p p PanyPolicyMapping1to2CACert.crt
|
||||
p p PoliciesP1234CACert.crt
|
||||
p p PoliciesP1234subCAP123Cert.crt
|
||||
p p PoliciesP1234subsubCAP123P12Cert.crt
|
||||
p p PoliciesP123CACert.crt
|
||||
p p PoliciesP123subCAP12Cert.crt
|
||||
p p PoliciesP123subsubCAP12P1Cert.crt
|
||||
p p PoliciesP123subsubCAP12P2Cert.crt
|
||||
p p PoliciesP123subsubsubCAP12P2P1Cert.crt
|
||||
p p PoliciesP12CACert.crt
|
||||
p p PoliciesP12subCAP1Cert.crt
|
||||
p p PoliciesP12subsubCAP1P2Cert.crt
|
||||
p p PoliciesP2subCA2Cert.crt
|
||||
p p PoliciesP2subCACert.crt
|
||||
p p PoliciesP3CACert.crt
|
||||
p p RFC3280MandatoryAttributeTypesCACert.crt
|
||||
p p RFC3280OptionalAttributeTypesCACert.crt
|
||||
p p RevokedsubCACert.crt
|
||||
p p RolloverfromPrintableStringtoUTF8StringCACert.crt
|
||||
p p SeparateCertificateandCRLKeysCA2CRLSigningCert.crt
|
||||
p p SeparateCertificateandCRLKeysCA2CertificateSigningCACert.crt
|
||||
p p SeparateCertificateandCRLKeysCRLSigningCert.crt
|
||||
p p SeparateCertificateandCRLKeysCertificateSigningCACert.crt
|
||||
p p TwoCRLsCACert.crt
|
||||
p p UIDCACert.crt
|
||||
p p UTF8StringCaseInsensitiveMatchCACert.crt
|
||||
p p UTF8StringEncodedNamesCACert.crt
|
||||
p p UnknownCRLEntryExtensionCACert.crt
|
||||
p p UnknownCRLExtensionCACert.crt
|
||||
p p UserNoticeQualifierTest15EE.crt
|
||||
p p UserNoticeQualifierTest16EE.crt
|
||||
p p UserNoticeQualifierTest17EE.crt
|
||||
p p UserNoticeQualifierTest18EE.crt
|
||||
p p UserNoticeQualifierTest19EE.crt
|
||||
p p ValidBasicSelfIssuedCRLSigningKeyTest6EE.crt
|
||||
|
||||
# For yet unknown reasons gpgsm claims a bad signature.
|
||||
? ? ValidBasicSelfIssuedNewWithOldTest3EE.crt
|
||||
|
||||
p p ValidBasicSelfIssuedNewWithOldTest4EE.crt
|
||||
|
||||
# For yet unknown reasons gpgsm claims a bad signature.
|
||||
? ? ValidBasicSelfIssuedOldWithNewTest1EE.crt
|
||||
|
||||
p p ValidCertificatePathTest1EE.crt
|
||||
p p ValidDNSnameConstraintsTest30EE.crt
|
||||
p p ValidDNSnameConstraintsTest32EE.crt
|
||||
p p ValidDNandRFC822nameConstraintsTest27EE.crt
|
||||
p p ValidDNnameConstraintsTest11EE.crt
|
||||
|
||||
# This certificate has an empty subject sequence. Our parser does not
|
||||
# support this yet and it is unlikely that gpgsm will be able to cope
|
||||
# with it at all.
|
||||
u u ValidDNnameConstraintsTest14EE.crt
|
||||
|
||||
p p ValidDNnameConstraintsTest18EE.crt
|
||||
|
||||
u u 6.1.5.407 ValidDNnameConstraintsTest14EE.crt
|
||||
|
||||
p p 6.1.5.415 ValidDNnameConstraintsTest18EE.crt
|
||||
p p 6.1.5.417 ValidDNnameConstraintsTest19EE.crt
|
||||
|
||||
p p 6.1.5.382 ValidDNnameConstraintsTest1EE.crt
|
||||
p p 6.1.5.385 ValidDNnameConstraintsTest4EE.crt
|
||||
p p 6.1.5.388 ValidDNnameConstraintsTest5EE.crt
|
||||
p p 6.1.5.391 ValidDNnameConstraintsTest6EE.crt
|
||||
|
||||
u p 6.1.5.577 ValidDSAParameterInheritanceTest5EE.crt
|
||||
u p 6.1.5.574 ValidDSASignaturesTest4EE.crt
|
||||
|
||||
p p 6.1.5.66 ValidGeneralizedTimeCRLnextUpdateTest13EE.crt
|
||||
p p 6.1.5.21 ValidGeneralizedTimenotAfterDateTest8EE.crt
|
||||
p p 6.1.5.15 ValidGeneralizedTimenotBeforeDateTest4EE.crt
|
||||
p p 6.1.5.499 ValidIDPwithindirectCRLTest22EE.crt
|
||||
p p 6.1.5.502 ValidIDPwithindirectCRLTest24EE.crt
|
||||
p p 6.1.5.503 ValidIDPwithindirectCRLTest25EE.crt
|
||||
p p 6.1.5.73 ValidLongSerialNumberTest16EE.crt
|
||||
p p 6.1.5.74 ValidLongSerialNumberTest17EE.crt
|
||||
p p 6.1.5.28 ValidNameChainingCapitalizationTest5EE.crt
|
||||
p p 6.1.5.26 ValidNameChainingWhitespaceTest3EE.crt
|
||||
p p 6.1.5.27 ValidNameChainingWhitespaceTest4EE.crt
|
||||
p p 6.1.5.31 ValidNameUIDsTest6EE.crt
|
||||
p p 6.1.5.69 ValidNegativeSerialNumberTest14EE.crt
|
||||
p p 6.1.5.467 ValidNoissuingDistributionPointTest10EE.crt
|
||||
p p 6.1.5.303 ValidPolicyMappingTest11EE.crt
|
||||
p p 6.1.5.304 ValidPolicyMappingTest12EE.crt
|
||||
p p 6.1.5.307 ValidPolicyMappingTest13EE.crt
|
||||
p p 6.1.5.308 ValidPolicyMappingTest14EE.crt
|
||||
p p 6.1.5.275 ValidPolicyMappingTest1EE.crt
|
||||
p p 6.1.5.283 ValidPolicyMappingTest3EE.crt
|
||||
p p 6.1.5.289 ValidPolicyMappingTest5EE.crt
|
||||
p p 6.1.5.290 ValidPolicyMappingTest6EE.crt
|
||||
p p 6.1.5.299 ValidPolicyMappingTest9EE.crt
|
||||
p p 6.1.5.549 ValidRFC3280MandatoryAttributeTypesTest7EE.crt
|
||||
p p 6.1.5.552 ValidRFC3280OptionalAttributeTypesTest8EE.crt
|
||||
p p 6.1.5.421 ValidRFC822nameConstraintsTest21EE.crt
|
||||
p p 6.1.5.425 ValidRFC822nameConstraintsTest23EE.crt
|
||||
p p 6.1.5.429 ValidRFC822nameConstraintsTest25EE.crt
|
||||
p p 6.1.5.558 ValidRolloverfromPrintableStringtoUTF8StringTest10EE.crt
|
||||
p p 6.1.5.373 ValidSelfIssuedinhibitAnyPolicyTest7EE.crt
|
||||
|
||||
p p 6.1.5.378 ValidSelfIssuedinhibitAnyPolicyTest9EE.crt
|
||||
|
||||
p p 6.1.5.342 ValidSelfIssuedinhibitPolicyMappingTest7EE.crt
|
||||
|
||||
p ? 6.1.5.140 ValidSelfIssuedpathLenConstraintTest15EE.crt
|
||||
|
||||
p p 6.1.5.150 ValidSelfIssuedpathLenConstraintTest17EE.crt
|
||||
|
||||
p ? 6.1.5.267 ValidSelfIssuedrequireExplicitPolicyTest6EE.crt
|
||||
|
||||
p ? 6.1.5.566 ValidSeparateCertificateandCRLKeysTest19EE.crt
|
||||
|
||||
p p 6.1.5.50 ValidTwoCRLsTest7EE.crt
|
||||
p p 6.1.5.446 ValidURInameConstraintsTest34EE.crt
|
||||
p p 6.1.5.450 ValidURInameConstraintsTest36EE.crt
|
||||
p p 6.1.5.561 ValidUTF8StringCaseInsensitiveMatchTest11EE.crt
|
||||
p p 6.1.5.555 ValidUTF8StringEncodedNamesTest9EE.crt
|
||||
p p 6.1.5.545 ValidUnknownNotCriticalCertificateExtensionTest1EE.crt
|
||||
p p 6.1.5.106 ValidbasicConstraintsNotCriticalTest4EE.crt
|
||||
p p 6.1.5.510 ValidcRLIssuerTest28EE.crt
|
||||
p p 6.1.5.511 ValidcRLIssuerTest29EE.crt
|
||||
p p 6.1.5.515 ValidcRLIssuerTest30EE.crt
|
||||
p p 6.1.5.521 ValidcRLIssuerTest33EE.crt
|
||||
p p 6.1.5.530 ValiddeltaCRLTest2EE.crt
|
||||
p p 6.1.5.533 ValiddeltaCRLTest5EE.crt
|
||||
p p 6.1.5.535 ValiddeltaCRLTest7EE.crt
|
||||
p p 6.1.5.539 ValiddeltaCRLTest8EE.crt
|
||||
p p 6.1.5.454 ValiddistributionPointTest1EE.crt
|
||||
p p 6.1.5.457 ValiddistributionPointTest4EE.crt
|
||||
p p 6.1.5.460 ValiddistributionPointTest5EE.crt
|
||||
p p 6.1.5.462 ValiddistributionPointTest7EE.crt
|
||||
p p 6.1.5.353 ValidinhibitAnyPolicyTest2EE.crt
|
||||
p p 6.1.5.318 ValidinhibitPolicyMappingTest2EE.crt
|
||||
p p 6.1.5.322 ValidinhibitPolicyMappingTest4EE.crt
|
||||
p p 6.1.5.159 ValidkeyUsageNotCriticalTest3EE.crt
|
||||
p p 6.1.5.474 ValidonlyContainsCACertsTest13EE.crt
|
||||
p p 6.1.5.490 ValidonlySomeReasonsTest18EE.crt
|
||||
p p 6.1.5.494 ValidonlySomeReasonsTest19EE.crt
|
||||
p p 6.1.5.137 ValidpathLenConstraintTest13EE.crt
|
||||
p p 6.1.5.138 ValidpathLenConstraintTest14EE.crt
|
||||
p p 6.1.5.113 ValidpathLenConstraintTest7EE.crt
|
||||
p p 6.1.5.114 ValidpathLenConstraintTest8EE.crt
|
||||
p p 6.1.5.14 Validpre2000UTCnotBeforeDateTest3EE.crt
|
||||
p p 6.1.5.227 ValidrequireExplicitPolicyTest1EE.crt
|
||||
p p 6.1.5.236 ValidrequireExplicitPolicyTest2EE.crt
|
||||
p p 6.1.5.254 ValidrequireExplicitPolicyTest4EE.crt
|
||||
p p 6.1.5.44 WrongCRLCACert.crt
|
||||
p p 6.1.5.205 anyPolicyCACert.crt
|
||||
p p 6.1.5.98 basicConstraintsCriticalcAFalseCACert.crt
|
||||
p p 6.1.5.104 basicConstraintsNotCriticalCACert.crt
|
||||
p p 6.1.5.101 basicConstraintsNotCriticalcAFalseCACert.crt
|
||||
p p 6.1.5.527 deltaCRLCA1Cert.crt
|
||||
p p 6.1.5.536 deltaCRLCA2Cert.crt
|
||||
p p 6.1.5.541 deltaCRLCA3Cert.crt
|
||||
p p 6.1.5.524 deltaCRLIndicatorNoBaseCACert.crt
|
||||
p p 6.1.5.452 distributionPoint1CACert.crt
|
||||
p p 6.1.5.458 distributionPoint2CACert.crt
|
||||
p p 6.1.5.497 indirectCRLCA1Cert.crt
|
||||
p p 6.1.5.501 indirectCRLCA2Cert.crt
|
||||
p p 6.1.5.506 indirectCRLCA3Cert.crt
|
||||
p p 6.1.5.508 indirectCRLCA3cRLIssuerCert.crt
|
||||
p p 6.1.5.512 indirectCRLCA4Cert.crt
|
||||
p p 6.1.5.513 indirectCRLCA4cRLIssuerCert.crt
|
||||
p p 6.1.5.516 indirectCRLCA5Cert.crt
|
||||
p p 6.1.5.518 indirectCRLCA6Cert.crt
|
||||
p p 6.1.5.350 inhibitAnyPolicy0CACert.crt
|
||||
p p 6.1.5.354 inhibitAnyPolicy1CACert.crt
|
||||
|
||||
p ? 6.1.5.370 inhibitAnyPolicy1SelfIssuedCACert.crt
|
||||
p ? 6.1.5.377 inhibitAnyPolicy1SelfIssuedsubCA2Cert.crt
|
||||
|
||||
p p 6.1.5.356 inhibitAnyPolicy1subCA1Cert.crt
|
||||
|
||||
? ? 6.1.5.371 inhibitAnyPolicy1subCA2Cert.crt
|
||||
|
||||
p p 6.1.5.367 inhibitAnyPolicy1subCAIAP5Cert.crt
|
||||
p p 6.1.5.374 inhibitAnyPolicy1subsubCA2Cert.crt
|
||||
p p 6.1.5.360 inhibitAnyPolicy5CACert.crt
|
||||
p p 6.1.5.362 inhibitAnyPolicy5subCACert.crt
|
||||
p p 6.1.5.364 inhibitAnyPolicy5subsubCACert.crt
|
||||
p p 6.1.5.358 inhibitAnyPolicyTest3EE.crt
|
||||
p p 6.1.5.309 inhibitPolicyMapping0CACert.crt
|
||||
p p 6.1.5.311 inhibitPolicyMapping0subCACert.crt
|
||||
p p 6.1.5.314 inhibitPolicyMapping1P12CACert.crt
|
||||
p p 6.1.5.316 inhibitPolicyMapping1P12subCACert.crt
|
||||
p p 6.1.5.332 inhibitPolicyMapping1P12subCAIPM5Cert.crt
|
||||
p p 6.1.5.319 inhibitPolicyMapping1P12subsubCACert.crt
|
||||
p p 6.1.5.334 inhibitPolicyMapping1P12subsubCAIPM5Cert.crt
|
||||
p p 6.1.5.337 inhibitPolicyMapping1P1CACert.crt
|
||||
|
||||
# For yet unknown reasons gpgsm claims a bad signature.
|
||||
? ? ValidDNnameConstraintsTest19EE.crt
|
||||
|
||||
p p ValidDNnameConstraintsTest1EE.crt
|
||||
p p ValidDNnameConstraintsTest4EE.crt
|
||||
p p ValidDNnameConstraintsTest5EE.crt
|
||||
p p ValidDNnameConstraintsTest6EE.crt
|
||||
|
||||
u p ValidDSAParameterInheritanceTest5EE.crt
|
||||
u p ValidDSASignaturesTest4EE.crt
|
||||
|
||||
p p ValidGeneralizedTimeCRLnextUpdateTest13EE.crt
|
||||
p p ValidGeneralizedTimenotAfterDateTest8EE.crt
|
||||
p p ValidGeneralizedTimenotBeforeDateTest4EE.crt
|
||||
p p ValidIDPwithindirectCRLTest22EE.crt
|
||||
p p ValidIDPwithindirectCRLTest24EE.crt
|
||||
p p ValidIDPwithindirectCRLTest25EE.crt
|
||||
p p ValidLongSerialNumberTest16EE.crt
|
||||
p p ValidLongSerialNumberTest17EE.crt
|
||||
p p ValidNameChainingCapitalizationTest5EE.crt
|
||||
p p ValidNameChainingWhitespaceTest3EE.crt
|
||||
p p ValidNameChainingWhitespaceTest4EE.crt
|
||||
p p ValidNameUIDsTest6EE.crt
|
||||
p p ValidNegativeSerialNumberTest14EE.crt
|
||||
p p ValidNoissuingDistributionPointTest10EE.crt
|
||||
p p ValidPolicyMappingTest11EE.crt
|
||||
p p ValidPolicyMappingTest12EE.crt
|
||||
p p ValidPolicyMappingTest13EE.crt
|
||||
p p ValidPolicyMappingTest14EE.crt
|
||||
p p ValidPolicyMappingTest1EE.crt
|
||||
p p ValidPolicyMappingTest3EE.crt
|
||||
p p ValidPolicyMappingTest5EE.crt
|
||||
p p ValidPolicyMappingTest6EE.crt
|
||||
p p ValidPolicyMappingTest9EE.crt
|
||||
p p ValidRFC3280MandatoryAttributeTypesTest7EE.crt
|
||||
p p ValidRFC3280OptionalAttributeTypesTest8EE.crt
|
||||
p p ValidRFC822nameConstraintsTest21EE.crt
|
||||
p p ValidRFC822nameConstraintsTest23EE.crt
|
||||
p p ValidRFC822nameConstraintsTest25EE.crt
|
||||
p p ValidRolloverfromPrintableStringtoUTF8StringTest10EE.crt
|
||||
p p ValidSelfIssuedinhibitAnyPolicyTest7EE.crt
|
||||
p p ValidSelfIssuedinhibitAnyPolicyTest9EE.crt
|
||||
p p ValidSelfIssuedinhibitPolicyMappingTest7EE.crt
|
||||
|
||||
? ? 6.1.5.339 inhibitPolicyMapping1P1SelfIssuedCACert.crt
|
||||
? ? 6.1.5.347 inhibitPolicyMapping1P1SelfIssuedsubCACert.crt
|
||||
? ? 6.1.5.340 inhibitPolicyMapping1P1subCACert.crt
|
||||
|
||||
p p 6.1.5.343 inhibitPolicyMapping1P1subsubCACert.crt
|
||||
p p 6.1.5.323 inhibitPolicyMapping5CACert.crt
|
||||
p p 6.1.5.325 inhibitPolicyMapping5subCACert.crt
|
||||
p p 6.1.5.327 inhibitPolicyMapping5subsubCACert.crt
|
||||
p p 6.1.5.329 inhibitPolicyMapping5subsubsubCACert.crt
|
||||
p p 6.1.5.160 keyUsageCriticalcRLSignFalseCACert.crt
|
||||
p p 6.1.5.151 keyUsageCriticalkeyCertSignFalseCACert.crt
|
||||
p p 6.1.5.157 keyUsageNotCriticalCACert.crt
|
||||
p p 6.1.5.163 keyUsageNotCriticalcRLSignFalseCACert.crt
|
||||
p p 6.1.5.154 keyUsageNotCriticalkeyCertSignFalseCACert.crt
|
||||
p p 6.1.5.380 nameConstraintsDN1CACert.crt
|
||||
|
||||
? ? 6.1.5.416 nameConstraintsDN1SelfIssuedCACert.crt
|
||||
|
||||
p p 6.1.5.401 nameConstraintsDN1subCA1Cert.crt
|
||||
p p 6.1.5.404 nameConstraintsDN1subCA2Cert.crt
|
||||
p p 6.1.5.431 nameConstraintsDN1subCA3Cert.crt
|
||||
p p 6.1.5.386 nameConstraintsDN2CACert.crt
|
||||
p p 6.1.5.389 nameConstraintsDN3CACert.crt
|
||||
p p 6.1.5.408 nameConstraintsDN3subCA1Cert.crt
|
||||
p p 6.1.5.412 nameConstraintsDN3subCA2Cert.crt
|
||||
p p 6.1.5.393 nameConstraintsDN4CACert.crt
|
||||
p p 6.1.5.397 nameConstraintsDN5CACert.crt
|
||||
p p 6.1.5.436 nameConstraintsDNS1CACert.crt
|
||||
p p 6.1.5.440 nameConstraintsDNS2CACert.crt
|
||||
p p 6.1.5.419 nameConstraintsRFC822CA1Cert.crt
|
||||
p p 6.1.5.423 nameConstraintsRFC822CA2Cert.crt
|
||||
p p 6.1.5.427 nameConstraintsRFC822CA3Cert.crt
|
||||
p p 6.1.5.444 nameConstraintsURI1CACert.crt
|
||||
p p 6.1.5.448 nameConstraintsURI2CACert.crt
|
||||
p p 6.1.5.475 onlyContainsAttributeCertsCACert.crt
|
||||
p p 6.1.5.471 onlyContainsCACertsCACert.crt
|
||||
p p 6.1.5.468 onlyContainsUserCertsCACert.crt
|
||||
p p 6.1.5.478 onlySomeReasonsCA1Cert.crt
|
||||
p p 6.1.5.483 onlySomeReasonsCA2Cert.crt
|
||||
p p 6.1.5.487 onlySomeReasonsCA3Cert.crt
|
||||
p p 6.1.5.491 onlySomeReasonsCA4Cert.crt
|
||||
p p 6.1.5.107 pathLenConstraint0CACert.crt
|
||||
|
||||
? ? 6.1.5.139 pathLenConstraint0SelfIssuedCACert.crt
|
||||
? ? 6.1.5.141 pathLenConstraint0subCA2Cert.crt
|
||||
|
||||
p p 6.1.5.109 pathLenConstraint0subCACert.crt
|
||||
p p 6.1.5.144 pathLenConstraint1CACert.crt
|
||||
|
||||
? ? 6.1.5.146 pathLenConstraint1SelfIssuedCACert.crt
|
||||
? ? 6.1.5.149 pathLenConstraint1SelfIssuedsubCACert.crt
|
||||
? ? 6.1.5.147 pathLenConstraint1subCACert.crt
|
||||
|
||||
p p 6.1.5.115 pathLenConstraint6CACert.crt
|
||||
p p 6.1.5.117 pathLenConstraint6subCA0Cert.crt
|
||||
p p 6.1.5.123 pathLenConstraint6subCA1Cert.crt
|
||||
p p 6.1.5.131 pathLenConstraint6subCA4Cert.crt
|
||||
p p 6.1.5.119 pathLenConstraint6subsubCA00Cert.crt
|
||||
p p 6.1.5.125 pathLenConstraint6subsubCA11Cert.crt
|
||||
p p 6.1.5.133 pathLenConstraint6subsubCA41Cert.crt
|
||||
p p 6.1.5.127 pathLenConstraint6subsubsubCA11XCert.crt
|
||||
p p 6.1.5.135 pathLenConstraint6subsubsubCA41XCert.crt
|
||||
p p 6.1.5.61 pre2000CRLnextUpdateCACert.crt
|
||||
p p 6.1.5.246 requireExplicitPolicy0CACert.crt
|
||||
p p 6.1.5.248 requireExplicitPolicy0subCACert.crt
|
||||
p p 6.1.5.250 requireExplicitPolicy0subsubCACert.crt
|
||||
p p 6.1.5.252 requireExplicitPolicy0subsubsubCACert.crt
|
||||
p p 6.1.5.219 requireExplicitPolicy10CACert.crt
|
||||
p p 6.1.5.221 requireExplicitPolicy10subCACert.crt
|
||||
p p 6.1.5.223 requireExplicitPolicy10subsubCACert.crt
|
||||
p p 6.1.5.225 requireExplicitPolicy10subsubsubCACert.crt
|
||||
p p 6.1.5.264 requireExplicitPolicy2CACert.crt
|
||||
|
||||
# For yet unknown reasons gpgsm claims a bad signature.
|
||||
? ? ValidSelfIssuedpathLenConstraintTest15EE.crt
|
||||
|
||||
p p ValidSelfIssuedpathLenConstraintTest17EE.crt
|
||||
|
||||
# For yet unknown reasons gpgsm claims a bad signature.
|
||||
? ? ValidSelfIssuedrequireExplicitPolicyTest6EE.crt
|
||||
|
||||
# For yet unknown reasons gpgsm claims a bad signature.
|
||||
? ? ValidSeparateCertificateandCRLKeysTest19EE.crt
|
||||
|
||||
p p ValidTwoCRLsTest7EE.crt
|
||||
p p ValidURInameConstraintsTest34EE.crt
|
||||
p p ValidURInameConstraintsTest36EE.crt
|
||||
p p ValidUTF8StringCaseInsensitiveMatchTest11EE.crt
|
||||
p p ValidUTF8StringEncodedNamesTest9EE.crt
|
||||
p p ValidUnknownNotCriticalCertificateExtensionTest1EE.crt
|
||||
p p ValidbasicConstraintsNotCriticalTest4EE.crt
|
||||
p p ValidcRLIssuerTest28EE.crt
|
||||
p p ValidcRLIssuerTest29EE.crt
|
||||
p p ValidcRLIssuerTest30EE.crt
|
||||
p p ValidcRLIssuerTest33EE.crt
|
||||
p p ValiddeltaCRLTest2EE.crt
|
||||
p p ValiddeltaCRLTest5EE.crt
|
||||
p p ValiddeltaCRLTest7EE.crt
|
||||
p p ValiddeltaCRLTest8EE.crt
|
||||
p p ValiddistributionPointTest1EE.crt
|
||||
p p ValiddistributionPointTest4EE.crt
|
||||
p p ValiddistributionPointTest5EE.crt
|
||||
p p ValiddistributionPointTest7EE.crt
|
||||
p p ValidinhibitAnyPolicyTest2EE.crt
|
||||
p p ValidinhibitPolicyMappingTest2EE.crt
|
||||
p p ValidinhibitPolicyMappingTest4EE.crt
|
||||
p p ValidkeyUsageNotCriticalTest3EE.crt
|
||||
p p ValidonlyContainsCACertsTest13EE.crt
|
||||
p p ValidonlySomeReasonsTest18EE.crt
|
||||
p p ValidonlySomeReasonsTest19EE.crt
|
||||
p p ValidpathLenConstraintTest13EE.crt
|
||||
p p ValidpathLenConstraintTest14EE.crt
|
||||
p p ValidpathLenConstraintTest7EE.crt
|
||||
p p ValidpathLenConstraintTest8EE.crt
|
||||
p p Validpre2000UTCnotBeforeDateTest3EE.crt
|
||||
p p ValidrequireExplicitPolicyTest1EE.crt
|
||||
p p ValidrequireExplicitPolicyTest2EE.crt
|
||||
p p ValidrequireExplicitPolicyTest4EE.crt
|
||||
p p WrongCRLCACert.crt
|
||||
p p anyPolicyCACert.crt
|
||||
p p basicConstraintsCriticalcAFalseCACert.crt
|
||||
p p basicConstraintsNotCriticalCACert.crt
|
||||
p p basicConstraintsNotCriticalcAFalseCACert.crt
|
||||
p p deltaCRLCA1Cert.crt
|
||||
p p deltaCRLCA2Cert.crt
|
||||
p p deltaCRLCA3Cert.crt
|
||||
p p deltaCRLIndicatorNoBaseCACert.crt
|
||||
p p distributionPoint1CACert.crt
|
||||
p p distributionPoint2CACert.crt
|
||||
p p indirectCRLCA1Cert.crt
|
||||
p p indirectCRLCA2Cert.crt
|
||||
p p indirectCRLCA3Cert.crt
|
||||
p p indirectCRLCA3cRLIssuerCert.crt
|
||||
p p indirectCRLCA4Cert.crt
|
||||
p p indirectCRLCA4cRLIssuerCert.crt
|
||||
p p indirectCRLCA5Cert.crt
|
||||
p p indirectCRLCA6Cert.crt
|
||||
p p inhibitAnyPolicy0CACert.crt
|
||||
p p inhibitAnyPolicy1CACert.crt
|
||||
|
||||
# For yet unknown reasons gpgsm claims a bad signature.
|
||||
? ? inhibitAnyPolicy1SelfIssuedCACert.crt
|
||||
? ? inhibitAnyPolicy1SelfIssuedsubCA2Cert.crt
|
||||
|
||||
p p inhibitAnyPolicy1subCA1Cert.crt
|
||||
|
||||
# For yet unknown reasons gpgsm claims a bad signature.
|
||||
? ? inhibitAnyPolicy1subCA2Cert.crt
|
||||
|
||||
p p inhibitAnyPolicy1subCAIAP5Cert.crt
|
||||
p p inhibitAnyPolicy1subsubCA2Cert.crt
|
||||
p p inhibitAnyPolicy5CACert.crt
|
||||
p p inhibitAnyPolicy5subCACert.crt
|
||||
p p inhibitAnyPolicy5subsubCACert.crt
|
||||
p p inhibitAnyPolicyTest3EE.crt
|
||||
p p inhibitPolicyMapping0CACert.crt
|
||||
p p inhibitPolicyMapping0subCACert.crt
|
||||
p p inhibitPolicyMapping1P12CACert.crt
|
||||
p p inhibitPolicyMapping1P12subCACert.crt
|
||||
p p inhibitPolicyMapping1P12subCAIPM5Cert.crt
|
||||
p p inhibitPolicyMapping1P12subsubCACert.crt
|
||||
p p inhibitPolicyMapping1P12subsubCAIPM5Cert.crt
|
||||
p p inhibitPolicyMapping1P1CACert.crt
|
||||
|
||||
# For yet unknown reasons gpgsm claims a bad signature.
|
||||
? ? inhibitPolicyMapping1P1SelfIssuedCACert.crt
|
||||
? ? inhibitPolicyMapping1P1SelfIssuedsubCACert.crt
|
||||
? ? inhibitPolicyMapping1P1subCACert.crt
|
||||
|
||||
p p inhibitPolicyMapping1P1subsubCACert.crt
|
||||
p p inhibitPolicyMapping5CACert.crt
|
||||
p p inhibitPolicyMapping5subCACert.crt
|
||||
p p inhibitPolicyMapping5subsubCACert.crt
|
||||
p p inhibitPolicyMapping5subsubsubCACert.crt
|
||||
p p keyUsageCriticalcRLSignFalseCACert.crt
|
||||
p p keyUsageCriticalkeyCertSignFalseCACert.crt
|
||||
p p keyUsageNotCriticalCACert.crt
|
||||
p p keyUsageNotCriticalcRLSignFalseCACert.crt
|
||||
p p keyUsageNotCriticalkeyCertSignFalseCACert.crt
|
||||
p p nameConstraintsDN1CACert.crt
|
||||
|
||||
# For yet unknown reasons gpgsm claims a bad signature.
|
||||
? ? nameConstraintsDN1SelfIssuedCACert.crt
|
||||
|
||||
p p nameConstraintsDN1subCA1Cert.crt
|
||||
p p nameConstraintsDN1subCA2Cert.crt
|
||||
p p nameConstraintsDN1subCA3Cert.crt
|
||||
p p nameConstraintsDN2CACert.crt
|
||||
p p nameConstraintsDN3CACert.crt
|
||||
p p nameConstraintsDN3subCA1Cert.crt
|
||||
p p nameConstraintsDN3subCA2Cert.crt
|
||||
p p nameConstraintsDN4CACert.crt
|
||||
p p nameConstraintsDN5CACert.crt
|
||||
p p nameConstraintsDNS1CACert.crt
|
||||
p p nameConstraintsDNS2CACert.crt
|
||||
p p nameConstraintsRFC822CA1Cert.crt
|
||||
p p nameConstraintsRFC822CA2Cert.crt
|
||||
p p nameConstraintsRFC822CA3Cert.crt
|
||||
p p nameConstraintsURI1CACert.crt
|
||||
p p nameConstraintsURI2CACert.crt
|
||||
p p onlyContainsAttributeCertsCACert.crt
|
||||
p p onlyContainsCACertsCACert.crt
|
||||
p p onlyContainsUserCertsCACert.crt
|
||||
p p onlySomeReasonsCA1Cert.crt
|
||||
p p onlySomeReasonsCA2Cert.crt
|
||||
p p onlySomeReasonsCA3Cert.crt
|
||||
p p onlySomeReasonsCA4Cert.crt
|
||||
p p pathLenConstraint0CACert.crt
|
||||
|
||||
# For yet unknown reasons gpgsm claims a bad signature.
|
||||
? ? pathLenConstraint0SelfIssuedCACert.crt
|
||||
? ? pathLenConstraint0subCA2Cert.crt
|
||||
|
||||
p p pathLenConstraint0subCACert.crt
|
||||
p p pathLenConstraint1CACert.crt
|
||||
|
||||
# For yet unknown reasons gpgsm claims a bad signature.
|
||||
? ? pathLenConstraint1SelfIssuedCACert.crt
|
||||
? ? pathLenConstraint1SelfIssuedsubCACert.crt
|
||||
? ? pathLenConstraint1subCACert.crt
|
||||
|
||||
p p pathLenConstraint6CACert.crt
|
||||
p p pathLenConstraint6subCA0Cert.crt
|
||||
p p pathLenConstraint6subCA1Cert.crt
|
||||
p p pathLenConstraint6subCA4Cert.crt
|
||||
p p pathLenConstraint6subsubCA00Cert.crt
|
||||
p p pathLenConstraint6subsubCA11Cert.crt
|
||||
p p pathLenConstraint6subsubCA41Cert.crt
|
||||
p p pathLenConstraint6subsubsubCA11XCert.crt
|
||||
p p pathLenConstraint6subsubsubCA41XCert.crt
|
||||
p p pre2000CRLnextUpdateCACert.crt
|
||||
p p requireExplicitPolicy0CACert.crt
|
||||
p p requireExplicitPolicy0subCACert.crt
|
||||
p p requireExplicitPolicy0subsubCACert.crt
|
||||
p p requireExplicitPolicy0subsubsubCACert.crt
|
||||
p p requireExplicitPolicy10CACert.crt
|
||||
p p requireExplicitPolicy10subCACert.crt
|
||||
p p requireExplicitPolicy10subsubCACert.crt
|
||||
p p requireExplicitPolicy10subsubsubCACert.crt
|
||||
p p requireExplicitPolicy2CACert.crt
|
||||
|
||||
# For yet unknown reasons gpgsm claims a bad signature.
|
||||
? ? requireExplicitPolicy2SelfIssuedCACert.crt
|
||||
? ? requireExplicitPolicy2SelfIssuedsubCACert.crt
|
||||
? ? requireExplicitPolicy2subCACert.crt
|
||||
|
||||
p p requireExplicitPolicy4CACert.crt
|
||||
p p requireExplicitPolicy4subCACert.crt
|
||||
p p requireExplicitPolicy4subsubCACert.crt
|
||||
p p requireExplicitPolicy4subsubsubCACert.crt
|
||||
p p requireExplicitPolicy5CACert.crt
|
||||
p p requireExplicitPolicy5subCACert.crt
|
||||
p p requireExplicitPolicy5subsubCACert.crt
|
||||
p p requireExplicitPolicy5subsubsubCACert.crt
|
||||
p p requireExplicitPolicy7CACert.crt
|
||||
p p requireExplicitPolicy7subCARE2Cert.crt
|
||||
p p requireExplicitPolicy7subsubCARE2RE4Cert.crt
|
||||
p p requireExplicitPolicy7subsubsubCARE2RE4Cert.crt
|
||||
|
||||
? ? 6.1.5.266 requireExplicitPolicy2SelfIssuedCACert.crt
|
||||
? ? 6.1.5.271 requireExplicitPolicy2SelfIssuedsubCACert.crt
|
||||
? ? 6.1.5.268 requireExplicitPolicy2subCACert.crt
|
||||
|
||||
p p 6.1.5.237 requireExplicitPolicy4CACert.crt
|
||||
p p 6.1.5.239 requireExplicitPolicy4subCACert.crt
|
||||
p p 6.1.5.241 requireExplicitPolicy4subsubCACert.crt
|
||||
p p 6.1.5.243 requireExplicitPolicy4subsubsubCACert.crt
|
||||
p p 6.1.5.228 requireExplicitPolicy5CACert.crt
|
||||
p p 6.1.5.230 requireExplicitPolicy5subCACert.crt
|
||||
p p 6.1.5.232 requireExplicitPolicy5subsubCACert.crt
|
||||
p p 6.1.5.234 requireExplicitPolicy5subsubsubCACert.crt
|
||||
p p 6.1.5.255 requireExplicitPolicy7CACert.crt
|
||||
p p 6.1.5.257 requireExplicitPolicy7subCARE2Cert.crt
|
||||
p p 6.1.5.259 requireExplicitPolicy7subsubCARE2RE4Cert.crt
|
||||
p p 6.1.5.261 requireExplicitPolicy7subsubsubCARE2RE4Cert.crt
|
||||
|
||||
|
||||
31
tests/pkits/inhibit-any-policy
Normal file
31
tests/pkits/inhibit-any-policy
Normal file
@ -0,0 +1,31 @@
|
||||
#!/bin/sh
|
||||
# inhibit-any-policy - PKITS Test 4.12 -*- sh -*-
|
||||
# Copyright (C) 2008 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is part of GnuPG.
|
||||
#
|
||||
# GnuPG is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# GnuPG is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
. ${srcdir:-.}/common.sh || exit 2
|
||||
|
||||
section=4.12
|
||||
description="Inhibit Any Policy"
|
||||
info "Running $description tests"
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
final_result
|
||||
31
tests/pkits/inhibit-policy-mapping
Normal file
31
tests/pkits/inhibit-policy-mapping
Normal file
@ -0,0 +1,31 @@
|
||||
#!/bin/sh
|
||||
# inhibit-policy-mapping - PKITS Test 4.11 -*- sh -*-
|
||||
# Copyright (C) 2008 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is part of GnuPG.
|
||||
#
|
||||
# GnuPG is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# GnuPG is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
. ${srcdir:-.}/common.sh || exit 2
|
||||
|
||||
section=4.11
|
||||
description="Inhibit Policy Mapping"
|
||||
info "Running $description tests"
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
final_result
|
||||
@ -74,7 +74,9 @@ no-secmem-warning
|
||||
no-greeting
|
||||
batch
|
||||
disable-crl-checks
|
||||
disable-dirmngr
|
||||
agent-program ../../agent/gpg-agent
|
||||
no-common-certs-import
|
||||
EOF
|
||||
|
||||
# Fixme: we need to write a dummy pinentry program
|
||||
|
||||
31
tests/pkits/key-usage
Normal file
31
tests/pkits/key-usage
Normal file
@ -0,0 +1,31 @@
|
||||
#!/bin/sh
|
||||
# key-usage - PKITS Test 4.7 -*- sh -*-
|
||||
# Copyright (C) 2008 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is part of GnuPG.
|
||||
#
|
||||
# GnuPG is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# GnuPG is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
. ${srcdir:-.}/common.sh || exit 2
|
||||
|
||||
section=4.7
|
||||
description="Key Usage"
|
||||
info "Running $description tests"
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
final_result
|
||||
31
tests/pkits/name-constraints
Normal file
31
tests/pkits/name-constraints
Normal file
@ -0,0 +1,31 @@
|
||||
#!/bin/sh
|
||||
# name-constraints - PKITS Test 4.13 -*- sh -*-
|
||||
# Copyright (C) 2008 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is part of GnuPG.
|
||||
#
|
||||
# GnuPG is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# GnuPG is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
. ${srcdir:-.}/common.sh || exit 2
|
||||
|
||||
section=4.13
|
||||
description="Name Constraints"
|
||||
info "Running $description tests"
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
final_result
|
||||
31
tests/pkits/policy-mappings
Normal file
31
tests/pkits/policy-mappings
Normal file
@ -0,0 +1,31 @@
|
||||
#!/bin/sh
|
||||
# policy-mappings - PKITS Test 4.10 -*- sh -*-
|
||||
# Copyright (C) 2008 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is part of GnuPG.
|
||||
#
|
||||
# GnuPG is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# GnuPG is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
. ${srcdir:-.}/common.sh || exit 2
|
||||
|
||||
section=4.10
|
||||
description="Policy Mappings"
|
||||
info "Running $description tests"
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
final_result
|
||||
31
tests/pkits/private-certificate-extensions
Normal file
31
tests/pkits/private-certificate-extensions
Normal file
@ -0,0 +1,31 @@
|
||||
#!/bin/sh
|
||||
# private-certificate-extensions - PKITS Test 4.16 -*- sh -*-
|
||||
# Copyright (C) 2008 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is part of GnuPG.
|
||||
#
|
||||
# GnuPG is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# GnuPG is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
. ${srcdir:-.}/common.sh || exit 2
|
||||
|
||||
section=4.16
|
||||
description="Private Certificate Extensions"
|
||||
info "Running $description tests"
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
final_result
|
||||
31
tests/pkits/require-explicit-policy
Normal file
31
tests/pkits/require-explicit-policy
Normal file
@ -0,0 +1,31 @@
|
||||
#!/bin/sh
|
||||
# require-explicit-policy - PKITS Test 4.9 -*- sh -*-
|
||||
# Copyright (C) 2008 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is part of GnuPG.
|
||||
#
|
||||
# GnuPG is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# GnuPG is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
. ${srcdir:-.}/common.sh || exit 2
|
||||
|
||||
section=4.9
|
||||
description="Require Explicit Policy"
|
||||
info "Running $description tests"
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
final_result
|
||||
31
tests/pkits/signature-verification
Normal file
31
tests/pkits/signature-verification
Normal file
@ -0,0 +1,31 @@
|
||||
#!/bin/sh
|
||||
# signature-verification - PKITS Test 4.1 -*- sh -*-
|
||||
# Copyright (C) 2008 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is part of GnuPG.
|
||||
#
|
||||
# GnuPG is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# GnuPG is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
. ${srcdir:-.}/common.sh || exit 2
|
||||
|
||||
section=4.1
|
||||
description="Signature Verification"
|
||||
info "Running $description tests"
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
final_result
|
||||
@ -1,12 +1,12 @@
|
||||
#!/bin/sh
|
||||
# validate-all-certs -*- sh -*-
|
||||
# Copyright (C) 2004 Free Software Foundation, Inc.
|
||||
# validate-all-certs - GnuPG import and validate tests -*- sh -*-
|
||||
# Copyright (C) 2004, 2008 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is part of GnuPG.
|
||||
#
|
||||
# GnuPG is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# the Free Software Foundation; either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# GnuPG is distributed in the hope that it will be useful,
|
||||
@ -15,16 +15,19 @@
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
|
||||
# USA.
|
||||
# along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
. ${srcdir:-.}/common.sh || exit 2
|
||||
|
||||
while read dummy flag name; do
|
||||
case $dummy in \#*) continue;; esac
|
||||
[ -z "$dummy" ] && continue;
|
||||
section=6
|
||||
description="GnuPG Import with Validation"
|
||||
info "Running $description tests"
|
||||
|
||||
while read dummy flag section name; do
|
||||
case $dummy in \#*) continue;; esac
|
||||
[ -z "$(echo $dummy)" ] && continue;
|
||||
|
||||
description="import and validate $name"
|
||||
if ${GPGSM} -q --import --with-validation --disable-crl-checks \
|
||||
certs/$name ; then
|
||||
if [ "$flag" = 'p' ]; then
|
||||
|
||||
31
tests/pkits/validity-periods
Normal file
31
tests/pkits/validity-periods
Normal file
@ -0,0 +1,31 @@
|
||||
#!/bin/sh
|
||||
# validity-periods - PKITS Test 4.2 -*- sh -*-
|
||||
# Copyright (C) 2008 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is part of GnuPG.
|
||||
#
|
||||
# GnuPG is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# GnuPG is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
. ${srcdir:-.}/common.sh || exit 2
|
||||
|
||||
section=4.2
|
||||
description="Validity Periods"
|
||||
info "Running $description tests"
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
final_result
|
||||
31
tests/pkits/verifying-basic-constraints
Normal file
31
tests/pkits/verifying-basic-constraints
Normal file
@ -0,0 +1,31 @@
|
||||
#!/bin/sh
|
||||
# verifying-basic-constraints - PKITS Test 4.6 -*- sh -*-
|
||||
# Copyright (C) 2008 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is part of GnuPG.
|
||||
#
|
||||
# GnuPG is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# GnuPG is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
. ${srcdir:-.}/common.sh || exit 2
|
||||
|
||||
section=4.6
|
||||
description="Verifying Basic Constraints"
|
||||
info "Running $description tests"
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
final_result
|
||||
31
tests/pkits/verifying-name-chaining
Normal file
31
tests/pkits/verifying-name-chaining
Normal file
@ -0,0 +1,31 @@
|
||||
#!/bin/sh
|
||||
# verifying-name-chaining - PKITS Test 4.3 -*- sh -*-
|
||||
# Copyright (C) 2008 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is part of GnuPG.
|
||||
#
|
||||
# GnuPG is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# GnuPG is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
. ${srcdir:-.}/common.sh || exit 2
|
||||
|
||||
section=4.3
|
||||
description="Verifying Name Chaining"
|
||||
info "Running $description tests"
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
final_result
|
||||
31
tests/pkits/verifying-paths-self-issued
Normal file
31
tests/pkits/verifying-paths-self-issued
Normal file
@ -0,0 +1,31 @@
|
||||
#!/bin/sh
|
||||
# verifying-paths-self-issued - PKITS Test 4.5 -*- sh -*-
|
||||
# Copyright (C) 2008 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is part of GnuPG.
|
||||
#
|
||||
# GnuPG is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# GnuPG is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
. ${srcdir:-.}/common.sh || exit 2
|
||||
|
||||
section=4.5
|
||||
description="Verifying Paths with Self-Issued Certificates"
|
||||
info "Running $description tests"
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
final_result
|
||||
@ -715,6 +715,9 @@ static gc_option_t gc_options_gpgsm[] =
|
||||
{ "prefer-system-dirmngr", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
|
||||
"gnupg", "use system's dirmngr if available",
|
||||
GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
|
||||
{ "disable-dirmngr", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
|
||||
"gnupg", N_("disable all access to the dirmngr"),
|
||||
GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
|
||||
{ "p12-charset", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
|
||||
"gnupg", N_("|NAME|use encoding NAME for PKCS#12 passphrases"),
|
||||
GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user