security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

Improve certificate chain construction. 

Extend PKITS framework
This commit is contained in:
Werner Koch 2008-02-19 10:33:35 +00:00
parent a75c21ed8a
commit f13c5a48fc
60 changed files with 1283 additions and 588 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
NEWS
View File

@ -4,9 +4,13 @@ Noteworthy changes in version 2.0.9 (unreleased)
* Gpgsm always tries to locate missing certificates from a running
Dirmngr's cache.
* Minor bug fixes.
* Tweaks for Windows.
* Tweaks for Windows
* Improved certificate chain construction.
* Extended the PKITS framework.
* Minor bug fixes.
Noteworthy changes in version 2.0.8 (2007-12-20)

2
configure.ac
View File

@ -1412,10 +1412,10 @@ tools/Makefile
doc/Makefile
tests/Makefile
tests/openpgp/Makefile
tests/pkits/Makefile
])
AC_OUTPUT
#tests/pkits/Makefile

7
doc/gpgsm.texi
View File

@ -342,6 +342,9 @@ to connect to this one. Fallback to a pipe based server if this does
not work. Under Windows this option is ignored because the system dirmngr is
always used.
@item --disable-dirmngr
Entirely disable the use of the Dirmngr.
@item --no-secmem-warning
@opindex no-secmem-warning
Don't print a warning when the so called "secure memory" can't be used.
@ -673,6 +676,10 @@ Supply the passphrase @var{string} to the gpg-protect-tool. This
option is only useful for the regression tests included with this
package and may be revised or removed at any time without notice.
@item --no-common-certs-import
@opindex no-common-certs-import
Suppress the import of common certificates on keybox creation.
@end table
All the long options may also be given in the configuration file after

2
po/be.po
View File

@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: gnupg 1.2.2\n"
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
"POT-Creation-Date: 2008-02-15 10:28+0100\n"
"POT-Creation-Date: 2008-02-15 10:39+0100\n"
"PO-Revision-Date: 2003-10-30 16:35+0200\n"
"Last-Translator: Ales Nyakhaychyk <nab@mail.by>\n"
"Language-Team: Belarusian <i18n@mova.org>\n"

2
po/ca.po
View File

@ -27,7 +27,7 @@ msgid ""
msgstr ""
"Project-Id-Version: gnupg 1.4.0\n"
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
"POT-Creation-Date: 2008-02-15 10:28+0100\n"
"POT-Creation-Date: 2008-02-15 10:39+0100\n"
"PO-Revision-Date: 2005-02-04 02:04+0100\n"
"Last-Translator: Jordi Mallach <jordi@gnu.org>\n"
"Language-Team: Catalan <ca@dodds.net>\n"

2
po/cs.po
View File

@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: gnupg-1.3.92\n"
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
"POT-Creation-Date: 2008-02-15 10:28+0100\n"
"POT-Creation-Date: 2008-02-15 10:39+0100\n"
"PO-Revision-Date: 2004-11-26 09:12+0200\n"
"Last-Translator: Roman Pavlik <rp@tns.cz>\n"
"Language-Team: Czech <translations.cs@gnupg.cz>\n"

2
po/da.po
View File

@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: gnupg 1.0.0h\n"
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
"POT-Creation-Date: 2008-02-15 10:28+0100\n"
"POT-Creation-Date: 2008-02-15 10:39+0100\n"
"PO-Revision-Date: 2003-12-03 16:11+0100\n"
"Last-Translator: Birger Langkjer <birger.langkjer@image.dk>\n"
"Language-Team: Danish <dansk@klid.dk>\n"

2
po/de.po
View File

@ -9,7 +9,7 @@ msgid ""
msgstr ""
"Project-Id-Version: gnupg-2.0.6\n"
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
"POT-Creation-Date: 2008-02-15 10:28+0100\n"
"POT-Creation-Date: 2008-02-15 10:39+0100\n"
"PO-Revision-Date: 2008-02-15 10:36+0100\n"
"Last-Translator: Walter Koch <koch@u32.de>\n"
"Language-Team: German <de@li.org>\n"

2
po/el.po
View File

@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: gnupg-1.1.92\n"
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
"POT-Creation-Date: 2008-02-15 10:28+0100\n"
"POT-Creation-Date: 2008-02-15 10:39+0100\n"
"PO-Revision-Date: 2003-06-27 12:00+0200\n"
"Last-Translator: Dokianakis Theofanis <madf@hellug.gr>\n"
"Language-Team: Greek <nls@tux.hellug.gr>\n"

2
po/eo.po
View File

@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: gnupg 1.0.6d\n"
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
"POT-Creation-Date: 2008-02-15 10:28+0100\n"
"POT-Creation-Date: 2008-02-15 10:39+0100\n"
"PO-Revision-Date: 2002-04-14 14:33+0100\n"
"Last-Translator: Edmund GRIMLEY EVANS <edmundo@rano.org>\n"
"Language-Team: Esperanto <translation-team-eo@lists.sourceforge.net>\n"

2
po/es.po
View File

@ -10,7 +10,7 @@ msgid ""
msgstr ""
"Project-Id-Version: gnupg 1.4.1\n"
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
"POT-Creation-Date: 2008-02-15 10:28+0100\n"
"POT-Creation-Date: 2008-02-15 10:39+0100\n"
"PO-Revision-Date: 2007-08-16 11:35+0200\n"
"Last-Translator: Jaime Suárez <jsuarez@ono.com>\n"
"Language-Team: Spanish <es@li.org>\n"

2
po/et.po
View File

@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: gnupg 1.2.2\n"
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
"POT-Creation-Date: 2008-02-15 10:28+0100\n"
"POT-Creation-Date: 2008-02-15 10:39+0100\n"
"PO-Revision-Date: 2004-06-17 11:04+0300\n"
"Last-Translator: Toomas Soome <Toomas.Soome@microlink.ee>\n"
"Language-Team: Estonian <et@li.org>\n"

2
po/fi.po
View File

@ -22,7 +22,7 @@ msgid ""
msgstr ""
"Project-Id-Version: gnupg 1.2.2\n"
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
"POT-Creation-Date: 2008-02-15 10:28+0100\n"
"POT-Creation-Date: 2008-02-15 10:39+0100\n"
"PO-Revision-Date: 2004-06-16 22:40+0300\n"
"Last-Translator: Tommi Vainikainen <Tommi.Vainikainen@iki.fi>\n"
"Language-Team: Finnish <translation-team-fi@lists.sourceforge.net>\n"

2
po/fr.po
View File

@ -11,7 +11,7 @@ msgid ""
msgstr ""
"Project-Id-Version: gnupg 1.4.2rc2\n"
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
"POT-Creation-Date: 2008-02-15 10:28+0100\n"
"POT-Creation-Date: 2008-02-15 10:39+0100\n"
"PO-Revision-Date: 2005-06-28 00:24+0200\n"
"Last-Translator: Gaël Quéri <gael@lautre.net>\n"
"Language-Team: French <traduc@traduc.org>\n"

2
po/gl.po
View File

@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: gnupg 1.2.4\n"
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
"POT-Creation-Date: 2008-02-15 10:28+0100\n"
"POT-Creation-Date: 2008-02-15 10:39+0100\n"
"PO-Revision-Date: 2003-12-04 11:39+0100\n"
"Last-Translator: Jacobo Tarrio <jtarrio@trasno.net>\n"
"Language-Team: Galician <gpul-traduccion@ceu.fi.udc.es>\n"

2
po/hu.po
View File

@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: gnupg 1.2.5\n"
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
"POT-Creation-Date: 2008-02-15 10:28+0100\n"
"POT-Creation-Date: 2008-02-15 10:39+0100\n"
"PO-Revision-Date: 2004-06-19 21:53+0200\n"
"Last-Translator: Nagy Ferenc László <nfl@nfllab.com>\n"
"Language-Team: Hungarian <translation-team-hu@lists.sourceforge.net>\n"

2
po/id.po
View File

@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: gnupg-id\n"
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
"POT-Creation-Date: 2008-02-15 10:28+0100\n"
"POT-Creation-Date: 2008-02-15 10:39+0100\n"
"PO-Revision-Date: 2004-06-17 16:32+0700\n"
"Last-Translator: Tedi Heriyanto <tedi_h@gmx.net>\n"
"Language-Team: Indonesian <translation-team-id@lists.sourceforge.net>\n"

2
po/it.po
View File

@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: gnupg 1.1.92\n"
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
"POT-Creation-Date: 2008-02-15 10:28+0100\n"
"POT-Creation-Date: 2008-02-15 10:39+0100\n"
"PO-Revision-Date: 2004-06-16 17:01+0200\n"
"Last-Translator: Marco d'Itri <md@linux.it>\n"
"Language-Team: Italian <tp@lists.linux.it>\n"

2
po/ja.po
View File

@ -9,7 +9,7 @@ msgid ""
msgstr ""
"Project-Id-Version: gnupg 1.3.92\n"
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
"POT-Creation-Date: 2008-02-15 10:28+0100\n"
"POT-Creation-Date: 2008-02-15 10:39+0100\n"
"PO-Revision-Date: 2004-11-23 11:14+0900\n"
"Last-Translator: IIDA Yosiaki <iida@gnu.org>\n"
"Language-Team: Japanese <translation-team-ja@lists.sourceforge.net>\n"

2
po/nb.po
View File

@ -10,7 +10,7 @@ msgid ""
msgstr ""
"Project-Id-Version: gnupg 1.4.3\n"
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
"POT-Creation-Date: 2008-02-15 10:28+0100\n"
"POT-Creation-Date: 2008-02-15 10:39+0100\n"
"PO-Revision-Date: 2006-06-13 20:31+0200\n"
"Last-Translator: Trond Endrestøl <Trond.Endrestol@fagskolen.gjovik.no>\n"
"Language-Team: Norwegian Bokmål <i18n-nb@lister.ping.uio.no>\n"

2
po/pl.po
View File

@ -9,7 +9,7 @@ msgid ""
msgstr ""
"Project-Id-Version: gnupg-2.0.7\n"
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
"POT-Creation-Date: 2008-02-15 10:28+0100\n"
"POT-Creation-Date: 2008-02-15 10:39+0100\n"
"PO-Revision-Date: 2007-11-26 19:01+0100\n"
"Last-Translator: Jakub Bogusz <qboosh@pld-linux.org>\n"
"Language-Team: Polish <translation-team-pl@lists.sourceforge.net>\n"

2
po/pt.po
View File

@ -9,7 +9,7 @@ msgid ""
msgstr ""
"Project-Id-Version: gnupg\n"
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
"POT-Creation-Date: 2008-02-15 10:28+0100\n"
"POT-Creation-Date: 2008-02-15 10:39+0100\n"
"PO-Revision-Date: 2002-09-13 18:26+0100\n"
"Last-Translator: Pedro Morais <morais@kde.org>\n"
"Language-Team: pt <morais@kde.org>\n"

2
po/pt_BR.po
View File

@ -13,7 +13,7 @@ msgid ""
msgstr ""
"Project-Id-Version: gnupg 1.0\n"
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
"POT-Creation-Date: 2008-02-15 10:28+0100\n"
"POT-Creation-Date: 2008-02-15 10:39+0100\n"
"PO-Revision-Date: 2007-08-16 11:35+0200\n"
"Last-Translator:\n"
"Language-Team: ?\n"

2
po/ro.po
View File

@ -9,7 +9,7 @@ msgid ""
msgstr ""
"Project-Id-Version: gnupg 1.4.2rc1\n"
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
"POT-Creation-Date: 2008-02-15 10:28+0100\n"
"POT-Creation-Date: 2008-02-15 10:39+0100\n"
"PO-Revision-Date: 2005-05-31 22:00-0500\n"
"Last-Translator: Laurentiu Buzdugan <lbuz@rolix.org>\n"
"Language-Team: Romanian <translation-team-ro@lists.sourceforge.net>\n"

2
po/ru.po
View File

@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: GnuPG 2.0.0\n"
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
"POT-Creation-Date: 2008-02-15 10:28+0100\n"
"POT-Creation-Date: 2008-02-15 10:39+0100\n"
"PO-Revision-Date: 2006-11-07 19:31+0300\n"
"Last-Translator: Maxim Britov <maxim.britov@gmail.com>\n"
"Language-Team: Russian <gnupg-ru@gnupg.org>\n"

2
po/sk.po
View File

@ -5,7 +5,7 @@ msgid ""
msgstr ""
"Project-Id-Version: gnupg 1.2.5\n"
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
"POT-Creation-Date: 2008-02-15 10:28+0100\n"
"POT-Creation-Date: 2008-02-15 10:39+0100\n"
"PO-Revision-Date: 2004-07-20 15:52+0200\n"
"Last-Translator: Michal Majer <mmajer@econ.umb.sk>\n"
"Language-Team: Slovak <sk-i18n@lists.linux.sk>\n"

2
po/sv.po
View File

@ -24,7 +24,7 @@ msgid ""
msgstr ""
"Project-Id-Version: gnupg trunk\n"
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
"POT-Creation-Date: 2008-02-15 10:28+0100\n"
"POT-Creation-Date: 2008-02-15 10:39+0100\n"
"PO-Revision-Date: 2007-11-12 16:08+0100\n"
"Last-Translator: Daniel Nylander <po@danielnylander.se>\n"
"Language-Team: Swedish <tp-sv@listor.tp-sv.se>\n"

2
po/tr.po
View File

@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: gnupg 1.9.94\n"
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
"POT-Creation-Date: 2008-02-15 10:28+0100\n"
"POT-Creation-Date: 2008-02-15 10:39+0100\n"
"PO-Revision-Date: 2006-11-04 03:45+0200\n"
"Last-Translator: Nilgün Belma Bugüner <nilgun@belgeler.gen.tr>\n"
"Language-Team: Turkish <gnu-tr-u12a@lists.sourceforge.net>\n"

2
po/zh_CN.po
View File

@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: gnupg 1.4.4\n"
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
"POT-Creation-Date: 2008-02-15 10:28+0100\n"
"POT-Creation-Date: 2008-02-15 10:39+0100\n"
"PO-Revision-Date: 2006-07-02 10:58+0800\n"
"Last-Translator: Meng Jie <zuxyhere@eastday.com>\n"
"Language-Team: Chinese (simplified) <i18n-translation@lists.linux.net.cn>\n"

2
po/zh_TW.po
View File

@ -9,7 +9,7 @@ msgid ""
msgstr ""
"Project-Id-Version: gnupg 2.0.8\n"
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
"POT-Creation-Date: 2008-02-15 10:28+0100\n"
"POT-Creation-Date: 2008-02-15 10:39+0100\n"
"PO-Revision-Date: 2008-01-31 23:09+0800\n"
"Last-Translator: Jedi Lin <Jedi@Jedi.org>\n"
"Language-Team: Chinese (traditional) <zh-l10n@linux.org.tw>\n"

17
sm/ChangeLog
View File

@ -1,3 +1,20 @@
2008-02-18 Werner Koch <wk@g10code.com>
* certchain.c (gpgsm_is_root_cert): Factor code out to ...
(is_root_cert): New. Extend test for self-issued certificates
signed by other CAs.
(do_validate_chain, gpgsm_basic_cert_check)
(gpgsm_walk_cert_chain): Use it here.
* gpgsm.c: Add option --no-common-certs-import.
* certchain.c (find_up_dirmngr, find_up, do_validate_chain)
(check_cert_policy): Be more silent with --quiet.
* gpgsm.c: Add option --disable-dirmngr.
* gpgsm.h (opt): Add field DISABLE_DIRMNGR.
* call-dirmngr.c (start_dirmngr): Implement option.
2008-02-14 Werner Koch <wk@g10code.com>
* server.c (option_handler): Add option allow-pinentry-notify.

4
sm/call-dirmngr.c
View File

@ -166,6 +166,9 @@ start_dirmngr (ctrl_t ctrl)
assuan_context_t ctx;
int try_default = 0;
if (opt.disable_dirmngr)
return gpg_error (GPG_ERR_NO_DIRMNGR);
if (dirmngr_ctx)
{
prepare_dirmngr (ctrl, dirmngr_ctx, 0);
@ -447,7 +450,6 @@ gpgsm_dirmngr_isvalid (ctrl_t ctrl,
struct inq_certificate_parm_s parm;
struct isvalid_status_parm_s stparm;
rc = start_dirmngr (ctrl);
if (rc)
return rc;

99
sm/certchain.c
View File

@ -1,6 +1,6 @@
/* certchain.c - certificate chain validation
* Copyright (C) 2001, 2002, 2003, 2004, 2005,
* 2006, 2007 Free Software Foundation, Inc.
* 2006, 2007, 2008 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -60,6 +60,8 @@ struct chain_item_s
typedef struct chain_item_s *chain_item_t;
static int is_root_cert (ksba_cert_t cert,
const char *issuerdn, const char *subjectdn);
static int get_regtp_ca_info (ctrl_t ctrl, ksba_cert_t cert, int *chainlen);
@ -331,8 +333,9 @@ check_cert_policy (ksba_cert_t cert, int listmode, estream_t fplist)
/* With no critical policies this is only a warning */
if (!any_critical)
{
do_list (0, listmode, fplist,
_("note: non-critical certificate policy not allowed"));
if (!opt.quiet)
do_list (0, listmode, fplist,
_("note: non-critical certificate policy not allowed"));
return 0;
}
do_list (1, listmode, fplist,
@ -563,7 +566,7 @@ find_up_dirmngr (ctrl_t ctrl, KEYDB_HANDLE kh,
if (opt.verbose)
log_info (_("number of matching certificates: %d\n"), count);
if (rc)
if (rc && !opt.quiet)
log_info (_("dirmngr cache-only key lookup failed: %s\n"),
gpg_strerror (rc));
return (!rc && count)? 0 : -1;
@ -667,7 +670,9 @@ find_up (ctrl_t ctrl, KEYDB_HANDLE kh,
/* Print a note so that the user does not feel too helpless when
an issuer certificate was found and gpgsm prints BAD
signature because it is not the correct one. */
if (rc == -1)
if (rc == -1 && opt.quiet)
;
else if (rc == -1)
{
log_info ("%sissuer certificate ", find_next?"next ":"");
if (keyid)
@ -752,7 +757,7 @@ gpgsm_walk_cert_chain (ctrl_t ctrl, ksba_cert_t start, ksba_cert_t *r_next)
goto leave;
}
if (!strcmp (issuer, subject))
if (is_root_cert (start, issuer, subject))
{
rc = -1; /* we are at the root */
goto leave;
@ -784,6 +789,75 @@ gpgsm_walk_cert_chain (ctrl_t ctrl, ksba_cert_t start, ksba_cert_t *r_next)
}
/* Helper for gpgsm_is_root_cert. This one is used if the subject and
issuer DNs are already known. */
static int
is_root_cert (ksba_cert_t cert, const char *issuerdn, const char *subjectdn)
{
gpg_error_t err;
int result = 0;
ksba_sexp_t serialno;
ksba_sexp_t ak_keyid;
ksba_name_t ak_name;
ksba_sexp_t ak_sn;
const char *ak_name_str;
ksba_sexp_t subj_keyid = NULL;
if (!issuerdn || !subjectdn)
return 0; /* No. */
if (strcmp (issuerdn, subjectdn))
return 0; /* No. */
err = ksba_cert_get_auth_key_id (cert, &ak_keyid, &ak_name, &ak_sn);
if (err)
{
if (gpg_err_code (err) == GPG_ERR_NO_DATA)
return 1; /* Yes. Without a authorityKeyIdentifier this needs
to be the Root certifcate (our trust anchor). */
log_error ("error getting authorityKeyIdentifier: %s\n",
gpg_strerror (err));
return 0; /* Well, it is broken anyway. Return No. */
}
serialno = ksba_cert_get_serial (cert);
if (!serialno)
{
log_error ("error getting serialno: %s\n", gpg_strerror (err));
goto leave;
}
/* Check whether the auth name's matches the issuer name+sn. If
that is the case this is a root certificate. */
ak_name_str = ksba_name_enum (ak_name, 0);
if (ak_name_str
&& !strcmp (ak_name_str, issuerdn)
&& !cmp_simple_canon_sexp (ak_sn, serialno))
{
result = 1; /* Right, CERT is self-signed. */
goto leave;
}
/* Similar for the ak_keyid. */
if (ak_keyid && !ksba_cert_get_subj_key_id (cert, NULL, &subj_keyid)
&& !cmp_simple_canon_sexp (ak_keyid, subj_keyid))
{
result = 1; /* Right, CERT is self-signed. */
goto leave;
}
leave:
ksba_free (subj_keyid);
ksba_free (ak_keyid);
ksba_name_release (ak_name);
ksba_free (ak_sn);
ksba_free (serialno);
return result;
}
/* Check whether the CERT is a root certificate. Returns True if this
is the case. */
int
@ -795,7 +869,7 @@ gpgsm_is_root_cert (ksba_cert_t cert)
issuer = ksba_cert_get_issuer (cert, 0);
subject = ksba_cert_get_subject (cert, 0);
yes = (issuer && subject && !strcmp (issuer, subject));
yes = is_root_cert (cert, issuer, subject);
xfree (issuer);
xfree (subject);
return yes;
@ -1197,11 +1271,8 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
}
/* Is this a self-issued certificate (i.e. the root
certificate)? This is actually the same test as done by
gpgsm_is_root_cert but here we want to keep the issuer and
subject for later use. */
is_root = (subject && !strcmp (issuer, subject));
/* Is this a self-issued certificate (i.e. the root certificate)? */
is_root = is_root_cert (subject_cert, issuer, subject);
if (is_root)
{
chain->is_root = 1;
@ -1570,7 +1641,7 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
depth++;
} /* End chain traversal. */
if (!listmode)
if (!listmode && !opt.quiet)
{
if (opt.no_policy_check)
log_info ("policies not checked due to %s option\n",
@ -1771,7 +1842,7 @@ gpgsm_basic_cert_check (ctrl_t ctrl, ksba_cert_t cert)
goto leave;
}
if (subject && !strcmp (issuer, subject))
if (is_root_cert (cert, issuer, subject))
{
rc = gpgsm_check_cert_sig (cert, cert);
if (rc)

15
sm/gpgsm.c
View File

@ -1,6 +1,6 @@
/* gpgsm.c - GnuPG for S/MIME
* Copyright (C) 2001, 2002, 2003, 2004, 2005,
* 2006, 2007 Free Software Foundation, Inc.
* 2006, 2007, 2008 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -122,6 +122,7 @@ enum cmd_and_opt_values {
oPreferSystemDirmngr,
oDirmngrProgram,
oDisableDirmngr,
oProtectToolProgram,
oFakedSystemTime,
@ -149,7 +150,6 @@ enum cmd_and_opt_values {
oEnablePolicyChecks,
oAutoIssuerKeyRetrieve,
oTextmode,
oFingerprint,
oWithFingerprint,
@ -231,6 +231,7 @@ enum cmd_and_opt_values {
oIgnoreTimeConflict,
oNoRandomSeedFile,
oNoAutoKeyRetrieve,
oNoCommonCertsImport,
oUseAgent,
oMergeOnly,
oTryAllSecrets,
@ -431,10 +432,10 @@ static ARGPARSE_OPTS opts[] = {
{ oLCmessages, "lc-messages", 2, "@" },
{ oXauthority, "xauthority", 2, "@" },
{ oDirmngrProgram, "dirmngr-program", 2 , "@" },
{ oDisableDirmngr, "disable-dirmngr", 0 , "@" },
{ oProtectToolProgram, "protect-tool-program", 2 , "@" },
{ oFakedSystemTime, "faked-system-time", 2, "@" }, /* (epoch time) */
{ oNoBatch, "no-batch", 0, "@" },
{ oWithColons, "with-colons", 0, "@"},
{ oWithKeyData,"with-key-data", 0, "@"},
@ -462,6 +463,7 @@ static ARGPARSE_OPTS opts[] = {
{ oListOnly, "list-only", 0, "@"},
{ oIgnoreTimeConflict, "ignore-time-conflict", 0, "@" },
{ oNoRandomSeedFile, "no-random-seed-file", 0, "@" },
{ oNoCommonCertsImport, "no-common-certs-import", 0, "@" },
{0} };
@ -842,6 +844,7 @@ main ( int argc, char **argv)
int nogreeting = 0;
int debug_wait = 0;
int use_random_seed = 1;
int no_common_certs_import = 0;
int with_fpr = 0;
char *def_digest_string = NULL;
char *extra_digest_algo = NULL;
@ -1215,6 +1218,7 @@ main ( int argc, char **argv)
case oLCmessages: opt.lc_messages = xstrdup (pargs.r.ret_str); break;
case oXauthority: opt.xauthority = xstrdup (pargs.r.ret_str); break;
case oDirmngrProgram: opt.dirmngr_program = pargs.r.ret_str; break;
case oDisableDirmngr: opt.disable_dirmngr = 1; break;
case oPreferSystemDirmngr: opt.prefer_system_dirmngr = 1; break;
case oProtectToolProgram:
opt.protect_tool_program = pargs.r.ret_str;
@ -1307,6 +1311,7 @@ main ( int argc, char **argv)
case oIgnoreTimeConflict: opt.ignore_time_conflict = 1; break;
case oNoRandomSeedFile: use_random_seed = 0; break;
case oNoCommonCertsImport: no_common_certs_import = 1; break;
case oEnableSpecialFilenames: allow_special_filenames =1; break;
@ -1476,7 +1481,7 @@ main ( int argc, char **argv)
int created;
keydb_add_resource ("pubring.kbx", 0, 0, &created);
if (created)
if (created && !no_common_certs_import)
{
/* Import the standard certificates for a new default keybox. */
char *filelist[2];
@ -1593,6 +1598,8 @@ main ( int argc, char **argv)
GC_OPT_FLAG_NONE );
printf ("auto-issuer-key-retrieve:%lu:\n",
GC_OPT_FLAG_NONE );
printf ("disable-dirmngr:%lu:\n",
GC_OPT_FLAG_NONE );
#ifndef HAVE_W32_SYSTEM
printf ("prefer-system-dirmngr:%lu:\n",
GC_OPT_FLAG_NONE );

1
sm/gpgsm.h
View File

@ -59,6 +59,7 @@ struct
const char *dirmngr_program;
int prefer_system_dirmngr; /* Prefer using a system wide drimngr. */
int disable_dirmngr; /* Do not do any dirmngr calls. */
const char *protect_tool_program;
char *outfile; /* name of output file */

35
tests/pkits/ChangeLog
View File

@ -1,3 +1,32 @@
2008-02-19 Werner Koch <wk@g10code.com>
* signature-verification: New.
* validity-periods: New.
* verifying-name-chaining: New.
* basic-certificate-revocation: New.
* verifying-paths-self-issued: New.
* verifying-basic-constraints: New.
* key-usage: New.
* certificate-policies: New.
* require-explicit-policy: New.
* policy-mappings: New.
* inhibit-policy-mapping: New.
* inhibit-any-policy: New.
* name-constraints: New.
* distribution-points: New.
* delta-crls: New.
* private-certificate-extensions: New.
* Makefile.am (testscripts): Add them.
* import-all-certs.data: Add section numbers.
2008-02-18 Werner Koch <wk@g10code.com>
* import-all-certs.data: Adjust import tests results. Almost all
certificates should now be importable due to relaxed basic checks.
* inittests (clean_files): Disable all dirmngr access.
2006-05-02 Werner Koch <wk@g10code.com>
* PKITS_data.tar.bz2: Repackaged new copy becuase the old one got
@ -7,7 +36,7 @@
Started implementing PKITS based tests.
Copyright 2004 Free Software Foundation, Inc.
This file is free software; as a special exception the author gives
@ -17,7 +46,3 @@
This file is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

57
tests/pkits/Makefile.am
View File

@ -1,11 +1,11 @@
# Makefile.am - tests using NIST's PKITS
# Copyright (C) 2004 Free Software Foundation, Inc.
# Copyright (C) 2004, 2008 Free Software Foundation, Inc.
#
# This file is part of GnuPG.
#
# GnuPG is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# GnuPG is distributed in the hope that it will be useful,
@ -14,40 +14,33 @@
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
# USA.
# along with this program; if not, see <http://www.gnu.org/licenses/>.
## Process this file with automake to produce Makefile.in
GPGSM = ../../sm/gpgsm
TESTS_ENVIRONMENT = GNUPGHOME=`pwd` GPG_AGENT_INFO= LC_ALL=C GPGSM=$(GPGSM) \
LD_LIBRARY_PATH=$$(seen=0; \
for i in $(LDFLAGS) $(LIBGCRYPT_LIBS) $(PTH_LIBS); \
do \
if echo "$$i" | egrep '^-L' >/dev/null 2>&1; \
then \
if test $$seen = 0; \
then \
seen=1; \
else \
printf ":"; \
fi; \
printf "%s" "$${i}" | sed 's/^-L//'; \
fi; \
done; \
if test $$seen != 0 \
&& test x$${LD_LIBRARY_PATH} != x; \
then \
printf ":"; \
fi; \
printf "%s" "$${LD_LIBRARY_PATH}") $(srcdir)/runtest
silent=yes
testscripts = import-all-certs validate-all-certs
testscripts = import-all-certs validate-all-certs \
signature-verification \
validity-periods \
verifying-name-chaining \
basic-certificate-revocation \
verifying-paths-self-issued \
verifying-basic-constraints \
key-usage \
certificate-policies \
require-explicit-policy \
policy-mappings \
inhibit-policy-mapping \
inhibit-any-policy \
name-constraints \
distribution-points \
delta-crls \
private-certificate-extensions
EXTRA_DIST = PKITS_data.tar.bz2 inittests runtest $(testscripts)
@ -68,3 +61,11 @@ inittests.stamp: inittests
srcdir=$(srcdir) $(TESTS_ENVIRONMENT) $(srcdir)/inittests
echo timestamp >./inittests.stamp
run-all-tests:
@set -e; \
GNUPGHOME=`pwd`; export GNUPGHOME;\
unset GPG_AGENT_INFO; \
for test in $(testscripts); do \
./$${test} && true; \
done

25
tests/pkits/README
View File

@ -7,6 +7,31 @@ http://csrc.nist.gov/pki/testing/x509paths.html .
README - this file.
PKITS_data.tar.bz2 - the orginal ZIP file, repackaged as a tarball.
Makefile.am - Part of our build system.
import-all-certs - Run a simple import test on all certifcates
validate-all-certs - Run an import and validate test on all certificates
signature-verification - PKITS test 4.1
validity-periods - PKITS test 4.2
verifying-name-chaining - PKITS test 4.3
basic-certificate-revocation - PKITS test 4.4
verifying-paths-self-issued - PKITS test 4.5
verifying-basic-constraints - PKITS test 4.6
key-usage - PKITS test 4.7
certificate-policies - PKITS test 4.8
require-explicit-policy - PKITS test 4.9
policy-mappings - PKITS test 4.10
inhibit-policy-mapping - PKITS test 4.11
inhibit-any-policy - PKITS test 4.12
name-constraints - PKITS test 4.13
distribution-points - PKITS test 4.14
delta-crls - PKITS test 4.15
private-certificate-extensions - PKITS test 4.16
The password for the p12 files is "password".
You may run the tests as usual with "make check" or after a plain make
in this directory you may run the tests individually. When run in
this way they will print easy to parse output to stdout. To run all
tests in this mode, use "make run-all-tests". All test scripts create
a log file with the suffix ".log" appended to the test script's name.

31
tests/pkits/basic-certificate-revocation Normal file
View File

@ -0,0 +1,31 @@
#!/bin/sh
# basic-certificate-revocation - PKITS Test 4.4 -*- sh -*-
# Copyright (C) 2008 Free Software Foundation, Inc.
#
# This file is part of GnuPG.
#
# GnuPG is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# GnuPG is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see <http://www.gnu.org/licenses/>.
. ${srcdir:-.}/common.sh || exit 2
section=4.4
description="Basic Certificate Revocation"
info "Running $description tests"
final_result

31
tests/pkits/certificate-policies Normal file
View File

@ -0,0 +1,31 @@
#!/bin/sh
# certificate-policies - PKITS Test 4.8 -*- sh -*-
# Copyright (C) 2008 Free Software Foundation, Inc.
#
# This file is part of GnuPG.
#
# GnuPG is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# GnuPG is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see <http://www.gnu.org/licenses/>.
. ${srcdir:-.}/common.sh || exit 2
section=4.8
description="Certificate Policies"
info "Running $description tests"
final_result

64
tests/pkits/common.sh
View File

@ -1,12 +1,12 @@
#!/bin/sh
# common.sh - common defs for all tests -*- sh -*-
# Copyright (C) 2004 Free Software Foundation, Inc.
# Copyright (C) 2004, 2008 Free Software Foundation, Inc.
#
# This file is part of GnuPG.
#
# GnuPG is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# GnuPG is distributed in the hope that it will be useful,
@ -15,9 +15,7 @@
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
# USA.
# along with this program; if not, see <http://www.gnu.org/licenses/>.
# reset some environment variables because we do not want to test locals
export LANG=C
@ -29,7 +27,7 @@ export LC_ALL=C
[ -z "$srcdir" ] && srcdir="."
[ -z "$top_srcdir" ] && top_srcdir=".."
[ -z "$GPGSM" ] && GPGSM="../../sm/gpgsm"
[ -z "$silent" ] && silent=no
if [ "$GNUPGHOME" != "`pwd`" ]; then
echo "inittests: please set GNUPGHOME to the tests/pkits directory" >&2
@ -42,7 +40,6 @@ if [ -n "$GPG_AGENT_INFO" ]; then
fi
#--------------------------------
#------ utility functions -------
#--------------------------------
@ -68,46 +65,92 @@ echo_n () {
echo $echo_n_n "${1}$echo_n_c"
}
setup_output () {
if [ -z "$first_section_set" ]; then
first_section_set=$section
fi
section_out="$(echo $section)"
if [ -z "$section_out" ]; then
section_out="-"
fi
}
fatal () {
echo "$pgmname: fatal:" $* >&2
if [ "$silent" != "yes" ]; then
echo "$section_out ERROR: $* (fatal)"
fi
exit 1;
}
error () {
echo "$pgmname:" $* >&2
if [ "$silent" != "yes" ]; then
echo "$section_out ERROR: $*"
fi
exit 1
}
info () {
setup_output
echo "$pgmname:" $* >&2
if [ "$silent" != "yes" ]; then
echo "$section_out ____ $*"
fi
}
info_n () {
$echo_n "$pgmname:" $* >&2
setup_output
echo_n "$pgmname:" $* >&2
}
pass () {
setup_output
echo "PASS: " $* >&2
pass_count=`expr ${pass_count} + 1`
if [ "$silent" != "yes" ]; then
echo_n "$section_out PASS"
[ -n "$description" ] && echo_n " ($description)"
echo
fi
}
fail () {
setup_output
echo "FAIL: " $* >&2
fail_count=`expr ${fail_count} + 1`
if [ "$silent" != "yes" ]; then
echo_n "$section_out FAIL"
[ -n "$description" ] && echo_n " ($description)"
echo
fi
}
unresolved () {
setup_output
echo "UNRESOLVED: " $* >&2
unresolved_count=`expr ${unresolved_count} + 1`
if [ "$silent" != "yes" ]; then
echo_n "$section_out UNRESOLVED"
[ -n "$description" ] && echo_n " ($description)"
echo
fi
}
unsupported () {
setup_output
echo "UNSUPPORTED: " $* >&2
unsupported_count=`expr ${unsupported_count} + 1`
if [ "$silent" != "yes" ]; then
echo_n "$section_out UNSUPPORTED"
[ -n "$description" ] && echo_n " ($description)"
echo
fi
}
final_result () {
section=$first_section_set
[ $pass_count = 0 ] || info "$pass_count tests passed"
[ $fail_count = 0 ] || info "$fail_count tests failed"
[ $unresolved_count = 0 ] || info "$unresolved_count tests unresolved"
@ -127,7 +170,10 @@ pass_count=0
fail_count=0
unresolved_count=0
unsupported_count=0
first_section_set=""
section_out=""
section=""
description=""
#trap cleanup SIGHUP SIGINT SIGQUIT
exec 2> ${pgmname}.log

31
tests/pkits/delta-crls Normal file
View File

@ -0,0 +1,31 @@
#!/bin/sh
# delta-crls - PKITS Test 4.15 -*- sh -*-
# Copyright (C) 2008 Free Software Foundation, Inc.
#
# This file is part of GnuPG.
#
# GnuPG is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# GnuPG is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see <http://www.gnu.org/licenses/>.
. ${srcdir:-.}/common.sh || exit 2
section=4.15
description="Delta-CRLs"
info "Running $description tests"
final_result

31
tests/pkits/distribution-points Normal file
View File

@ -0,0 +1,31 @@
#!/bin/sh
# distribution-points - PKITS Test 4.14 -*- sh -*-
# Copyright (C) 2008 Free Software Foundation, Inc.
#
# This file is part of GnuPG.
#
# GnuPG is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# GnuPG is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see <http://www.gnu.org/licenses/>.
. ${srcdir:-.}/common.sh || exit 2
section=4.14
description="Distribution Points"
info "Running $description tests"
final_result

20
tests/pkits/import-all-certs
View File

@ -1,11 +1,12 @@
#!/bin/sh
# Copyright (C) 2004 Free Software Foundation, Inc. -*- sh -*-
# import-all-certs - GnuPG import test -*- sh -*-
# Copyright (C) 2004, 2008 Free Software Foundation, Inc.
#
# This file is part of GnuPG.
#
# GnuPG is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# GnuPG is distributed in the hope that it will be useful,
@ -14,16 +15,19 @@
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
# USA.
# along with this program; if not, see <http://www.gnu.org/licenses/>.
. ${srcdir:-.}/common.sh || exit 2
while read flag dummy name; do
case $flag in \#*) continue;; esac
[ -z "$flag" ] && continue;
section=6
description="GnuPG Import"
info "Running $description tests"
while read flag dummy section name; do
case $flag in \#*) continue ;; esac
[ -z "$(echo $flag)" ] && continue;
description="import $name"
if ${GPGSM} -q --import certs/$name ; then
if [ "$flag" = 'p' ]; then
pass "importing certificate \`$name' succeeded"

941
tests/pkits/import-all-certs.data
View File

@ -1,490 +1,471 @@
# The first column is for the basic import test, the second for a
# validation test.
# validation test, the third is the section number and th foruth the
# filename of the certificate.
# Make sure that the root certificate is imported first
p p TrustAnchorRootCertificate.crt
p p AllCertificatesNoPoliciesTest2EE.crt
p p AllCertificatesSamePoliciesTest10EE.crt
p p AllCertificatesSamePoliciesTest13EE.crt
p p AllCertificatesanyPolicyTest11EE.crt
p p AnyPolicyTest14EE.crt
p p BadCRLIssuerNameCACert.crt
p p BadCRLSignatureCACert.crt
f f BadSignedCACert.crt
p f BadnotAfterDateCACert.crt
# UTC: "470101120100Z" i.e. not before 2047-01-01
p f BadnotBeforeDateCACert.crt
p p BasicSelfIssuedCRLSigningKeyCACert.crt
# For yet unknown reasons gpgsm claims a bad signature.
? ? BasicSelfIssuedCRLSigningKeyCRLCert.crt
p p 6.1.5.1 TrustAnchorRootCertificate.crt
p p BasicSelfIssuedNewKeyCACert.crt
# For yet unknown reasons gpgsm claims a bad signature.
? ? BasicSelfIssuedNewKeyOldWithNewCACert.crt
p p BasicSelfIssuedOldKeyCACert.crt
# For yet unknown reasons gpgsm claims a bad signature.
? ? BasicSelfIssuedOldKeyNewWithOldCACert.crt
p p CPSPointerQualifierTest20EE.crt
p p 6.1.5.168 AllCertificatesNoPoliciesTest2EE.crt
p p 6.1.5.204 AllCertificatesSamePoliciesTest10EE.crt
p p 6.1.5.211 AllCertificatesSamePoliciesTest13EE.crt
p p 6.1.5.207 AllCertificatesanyPolicyTest11EE.crt
p p 6.1.5.212 AnyPolicyTest14EE.crt
p p 6.1.5.41 BadCRLIssuerNameCACert.crt
p p 6.1.5.38 BadCRLSignatureCACert.crt
f f 6.1.5.6 BadSignedCACert.crt
p f 6.1.5.16 BadnotAfterDateCACert.crt
u u DSACACert.crt
u u DSAParametersInheritedCACert.crt
# UTC: "470101120100Z" i.e. not before 2047-01-01
p f 6.1.5.10 BadnotBeforeDateCACert.crt
p p 6.1.5.88 BasicSelfIssuedCRLSigningKeyCACert.crt
p p 6.1.5.90 BasicSelfIssuedCRLSigningKeyCRLCert.crt
p p 6.1.5.76 BasicSelfIssuedNewKeyCACert.crt
p p 6.1.5.78 BasicSelfIssuedNewKeyOldWithNewCACert.crt
p p 6.1.5.81 BasicSelfIssuedOldKeyCACert.crt
p p 6.1.5.83 BasicSelfIssuedOldKeyNewWithOldCACert.crt
p p 6.1.5.218 CPSPointerQualifierTest20EE.crt
u u 6.1.5.572 DSACACert.crt
u u 6.1.5.575 DSAParametersInheritedCACert.crt
p p 6.1.5.210 DifferentPoliciesTest12EE.crt
p p 6.1.5.171 DifferentPoliciesTest3EE.crt
p p 6.1.5.174 DifferentPoliciesTest4EE.crt
p p 6.1.5.177 DifferentPoliciesTest5EE.crt
p p 6.1.5.191 DifferentPoliciesTest7EE.crt
p p 6.1.5.198 DifferentPoliciesTest8EE.crt
p p 6.1.5.203 DifferentPoliciesTest9EE.crt
p p 6.1.5.64 GeneralizedTimeCRLnextUpdateCACert.crt
p p 6.1.5.3 GoodCACert.crt
p p 6.1.5.172 GoodsubCACert.crt
# gpgsm: critical certificate extension 2.5.29.33 (policyMappings)
# is not supported
p u 6.1.5.300 GoodsubCAPanyPolicyMapping1to2CACert.crt
p f 6.1.5.43 InvalidBadCRLIssuerNameTest5EE.crt
p f 6.1.5.40 InvalidBadCRLSignatureTest4EE.crt
p f 6.1.5.93 InvalidBasicSelfIssuedCRLSigningKeyTest7EE.crt
p f 6.1.5.94 InvalidBasicSelfIssuedCRLSigningKeyTest8EE.crt
p f 6.1.5.87 InvalidBasicSelfIssuedNewWithOldTest5EE.crt
p f 6.1.5.80 InvalidBasicSelfIssuedOldWithNewTest2EE.crt
p f 6.1.5.8 InvalidCASignatureTest2EE.crt
p f 6.1.5.18 InvalidCAnotAfterDateTest5EE.crt
p f 6.1.5.12 InvalidCAnotBeforeDateTest1EE.crt
p f 6.1.5.439 InvalidDNSnameConstraintsTest31EE.crt
p f 6.1.5.443 InvalidDNSnameConstraintsTest33EE.crt
p f 6.1.5.562 InvalidDNSnameConstraintsTest38EE.crt
p f 6.1.5.434 InvalidDNandRFC822nameConstraintsTest28EE.crt
p f 6.1.5.435 InvalidDNandRFC822nameConstraintsTest29EE.crt
p f 6.1.5.399 InvalidDNnameConstraintsTest10EE.crt
p f 6.1.5.403 InvalidDNnameConstraintsTest12EE.crt
p f 6.1.5.406 InvalidDNnameConstraintsTest13EE.crt
p f 6.1.5.410 InvalidDNnameConstraintsTest15EE.crt
p f 6.1.5.411 InvalidDNnameConstraintsTest16EE.crt
p f 6.1.5.414 InvalidDNnameConstraintsTest17EE.crt
p f 6.1.5.418 InvalidDNnameConstraintsTest20EE.crt
p f 6.1.5.383 InvalidDNnameConstraintsTest2EE.crt
p f 6.1.5.384 InvalidDNnameConstraintsTest3EE.crt
p f 6.1.5.392 InvalidDNnameConstraintsTest7EE.crt
p f 6.1.5.395 InvalidDNnameConstraintsTest8EE.crt
p f 6.1.5.396 InvalidDNnameConstraintsTest9EE.crt
u u 6.1.5.578 InvalidDSASignatureTest6EE.crt
f f 6.1.5.9 InvalidEESignatureTest3EE.crt
p f 6.1.5.19 InvalidEEnotAfterDateTest6EE.crt
p f 6.1.5.13 InvalidEEnotBeforeDateTest2EE.crt
p f 6.1.5.500 InvalidIDPwithindirectCRLTest23EE.crt
p f 6.1.5.504 InvalidIDPwithindirectCRLTest26EE.crt
p f 6.1.5.75 InvalidLongSerialNumberTest18EE.crt
p f 6.1.5.293 InvalidMappingFromanyPolicyTest7EE.crt
p f 6.1.5.296 InvalidMappingToanyPolicyTest8EE.crt
p f 6.1.5.33 InvalidMissingCRLTest1EE.crt
p f 6.1.5.97 InvalidMissingbasicConstraintsTest1EE.crt
p f 6.1.5.25 InvalidNameChainingOrderTest2EE.crt
p f 6.1.5.22 InvalidNameChainingTest1EE.crt
p f 6.1.5.70 InvalidNegativeSerialNumberTest15EE.crt
p f 6.1.5.60 InvalidOldCRLnextUpdateTest11EE.crt
p f 6.1.5.302 InvalidPolicyMappingTest10EE.crt
p f 6.1.5.276 InvalidPolicyMappingTest2EE.crt
p f 6.1.5.284 InvalidPolicyMappingTest4EE.crt
p f 6.1.5.422 InvalidRFC822nameConstraintsTest22EE.crt
p f 6.1.5.426 InvalidRFC822nameConstraintsTest24EE.crt
p f 6.1.5.430 InvalidRFC822nameConstraintsTest26EE.crt
p f 6.1.5.36 InvalidRevokedCATest2EE.crt
p f 6.1.5.37 InvalidRevokedEETest3EE.crt
p f 6.1.5.379 InvalidSelfIssuedinhibitAnyPolicyTest10EE.crt
p f 6.1.5.376 InvalidSelfIssuedinhibitAnyPolicyTest8EE.crt
p f 6.1.5.348 InvalidSelfIssuedinhibitPolicyMappingTest10EE.crt
p f 6.1.5.349 InvalidSelfIssuedinhibitPolicyMappingTest11EE.crt
p f 6.1.5.345 InvalidSelfIssuedinhibitPolicyMappingTest8EE.crt
p f 6.1.5.346 InvalidSelfIssuedinhibitPolicyMappingTest9EE.crt
p f 6.1.5.143 InvalidSelfIssuedpathLenConstraintTest16EE.crt
p f 6.1.5.270 InvalidSelfIssuedrequireExplicitPolicyTest7EE.crt
p f 6.1.5.272 InvalidSelfIssuedrequireExplicitPolicyTest8EE.crt
p f 6.1.5.567 InvalidSeparateCertificateandCRLKeysTest20EE.crt
p f 6.1.5.571 InvalidSeparateCertificateandCRLKeysTest21EE.crt
p f 6.1.5.447 InvalidURInameConstraintsTest35EE.crt
p f 6.1.5.451 InvalidURInameConstraintsTest37EE.crt
p f 6.1.5.53 InvalidUnknownCRLEntryExtensionTest8EE.crt
p f 6.1.5.57 InvalidUnknownCRLExtensionTest10EE.crt
p f 6.1.5.56 InvalidUnknownCRLExtensionTest9EE.crt
p f 6.1.5.546 InvalidUnknownCriticalCertificateExtensionTest2EE.crt
p f 6.1.5.46 InvalidWrongCRLTest6EE.crt
p f 6.1.5.100 InvalidcAFalseTest2EE.crt
p f 6.1.5.103 InvalidcAFalseTest3EE.crt
p f 6.1.5.505 InvalidcRLIssuerTest27EE.crt
p f 6.1.5.519 InvalidcRLIssuerTest31EE.crt
p f 6.1.5.520 InvalidcRLIssuerTest32EE.crt
p f 6.1.5.522 InvalidcRLIssuerTest34EE.crt
p f 6.1.5.523 InvalidcRLIssuerTest35EE.crt
p f 6.1.5.526 InvaliddeltaCRLIndicatorNoBaseTest1EE.crt
p f 6.1.5.544 InvaliddeltaCRLTest10EE.crt
p f 6.1.5.531 InvaliddeltaCRLTest3EE.crt
p f 6.1.5.532 InvaliddeltaCRLTest4EE.crt
p f 6.1.5.534 InvaliddeltaCRLTest6EE.crt
p f 6.1.5.540 InvaliddeltaCRLTest9EE.crt
p f 6.1.5.455 InvaliddistributionPointTest2EE.crt
p f 6.1.5.456 InvaliddistributionPointTest3EE.crt
p f 6.1.5.461 InvaliddistributionPointTest6EE.crt
p f 6.1.5.463 InvaliddistributionPointTest8EE.crt
p f 6.1.5.464 InvaliddistributionPointTest9EE.crt
p f 6.1.5.352 InvalidinhibitAnyPolicyTest1EE.crt
p f 6.1.5.359 InvalidinhibitAnyPolicyTest4EE.crt
p f 6.1.5.366 InvalidinhibitAnyPolicyTest5EE.crt
p f 6.1.5.369 InvalidinhibitAnyPolicyTest6EE.crt
p f 6.1.5.313 InvalidinhibitPolicyMappingTest1EE.crt
p f 6.1.5.321 InvalidinhibitPolicyMappingTest3EE.crt
p f 6.1.5.331 InvalidinhibitPolicyMappingTest5EE.crt
p f 6.1.5.336 InvalidinhibitPolicyMappingTest6EE.crt
p f 6.1.5.162 InvalidkeyUsageCriticalcRLSignFalseTest4EE.crt
p f 6.1.5.153 InvalidkeyUsageCriticalkeyCertSignFalseTest1EE.crt
p f 6.1.5.165 InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.crt
p f 6.1.5.156 InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE.crt
p f 6.1.5.477 InvalidonlyContainsAttributeCertsTest14EE.crt
p f 6.1.5.473 InvalidonlyContainsCACertsTest12EE.crt
p f 6.1.5.470 InvalidonlyContainsUserCertsTest11EE.crt
p f 6.1.5.481 InvalidonlySomeReasonsTest15EE.crt
p f 6.1.5.482 InvalidonlySomeReasonsTest16EE.crt
p f 6.1.5.486 InvalidonlySomeReasonsTest17EE.crt
p f 6.1.5.495 InvalidonlySomeReasonsTest20EE.crt
p f 6.1.5.496 InvalidonlySomeReasonsTest21EE.crt
p f 6.1.5.122 InvalidpathLenConstraintTest10EE.crt
p f 6.1.5.129 InvalidpathLenConstraintTest11EE.crt
p f 6.1.5.130 InvalidpathLenConstraintTest12EE.crt
p f 6.1.5.111 InvalidpathLenConstraintTest5EE.crt
p f 6.1.5.112 InvalidpathLenConstraintTest6EE.crt
p f 6.1.5.121 InvalidpathLenConstraintTest9EE.crt
p f 6.1.5.63 Invalidpre2000CRLnextUpdateTest12EE.crt
p f 6.1.5.20 Invalidpre2000UTCEEnotAfterDateTest7EE.crt
p f 6.1.5.245 InvalidrequireExplicitPolicyTest3EE.crt
p f 6.1.5.263 InvalidrequireExplicitPolicyTest5EE.crt
p p 6.1.5.71 LongSerialNumberCACert.crt
p p 6.1.5.273 Mapping1to2CACert.crt
p p 6.1.5.291 MappingFromanyPolicyCACert.crt
p p 6.1.5.294 MappingToanyPolicyCACert.crt
p p 6.1.5.95 MissingbasicConstraintsCACert.crt
p p 6.1.5.23 NameOrderingCACert.crt
p p 6.1.5.67 NegativeSerialNumberCACert.crt
p p 6.1.5.32 NoCRLCACert.crt
p p 6.1.5.166 NoPoliciesCACert.crt
p p 6.1.5.465 NoissuingDistributionPointCACert.crt
p p 6.1.5.58 OldCRLnextUpdateCACert.crt
p p 6.1.5.184 OverlappingPoliciesTest6EE.crt
p p 6.1.5.277 P12Mapping1to3CACert.crt
p p 6.1.5.279 P12Mapping1to3subCACert.crt
p p 6.1.5.281 P12Mapping1to3subsubCACert.crt
p p 6.1.5.285 P1Mapping1to234CACert.crt
p p 6.1.5.287 P1Mapping1to234subCACert.crt
p p 6.1.5.305 P1anyPolicyMapping1to2CACert.crt
p p 6.1.5.297 PanyPolicyMapping1to2CACert.crt
p p 6.1.5.178 PoliciesP1234CACert.crt
p p 6.1.5.180 PoliciesP1234subCAP123Cert.crt
p p 6.1.5.182 PoliciesP1234subsubCAP123P12Cert.crt
p p 6.1.5.185 PoliciesP123CACert.crt
p p 6.1.5.187 PoliciesP123subCAP12Cert.crt
p p 6.1.5.189 PoliciesP123subsubCAP12P1Cert.crt
p p 6.1.5.199 PoliciesP123subsubCAP12P2Cert.crt
p p 6.1.5.201 PoliciesP123subsubsubCAP12P2P1Cert.crt
p p 6.1.5.192 PoliciesP12CACert.crt
p p 6.1.5.194 PoliciesP12subCAP1Cert.crt
p p 6.1.5.196 PoliciesP12subsubCAP1P2Cert.crt
p p 6.1.5.175 PoliciesP2subCA2Cert.crt
p p 6.1.5.169 PoliciesP2subCACert.crt
p p 6.1.5.208 PoliciesP3CACert.crt
p p 6.1.5.547 RFC3280MandatoryAttributeTypesCACert.crt
p p 6.1.5.550 RFC3280OptionalAttributeTypesCACert.crt
p p 6.1.5.34 RevokedsubCACert.crt
p p 6.1.5.556 RolloverfromPrintableStringtoUTF8StringCACert.crt
p p 6.1.5.569 SeparateCertificateandCRLKeysCA2CRLSigningCert.crt
p p 6.1.5.568 SeparateCertificateandCRLKeysCA2CertificateSigningCACert.crt
p p 6.1.5.564 SeparateCertificateandCRLKeysCRLSigningCert.crt
p p 6.1.5.563 SeparateCertificateandCRLKeysCertificateSigningCACert.crt
p p 6.1.5.47 TwoCRLsCACert.crt
p p 6.1.5.29 UIDCACert.crt
p p 6.1.5.559 UTF8StringCaseInsensitiveMatchCACert.crt
p p 6.1.5.553 UTF8StringEncodedNamesCACert.crt
p p 6.1.5.51 UnknownCRLEntryExtensionCACert.crt
p p 6.1.5.54 UnknownCRLExtensionCACert.crt
p p 6.1.5.213 UserNoticeQualifierTest15EE.crt
p p 6.1.5.214 UserNoticeQualifierTest16EE.crt
p p 6.1.5.215 UserNoticeQualifierTest17EE.crt
p p 6.1.5.216 UserNoticeQualifierTest18EE.crt
p p 6.1.5.217 UserNoticeQualifierTest19EE.crt
p p 6.1.5.92 ValidBasicSelfIssuedCRLSigningKeyTest6EE.crt
p p 6.1.5.85 ValidBasicSelfIssuedNewWithOldTest3EE.crt
p p 6.1.5.86 ValidBasicSelfIssuedNewWithOldTest4EE.crt
p p 6.1.5.79 ValidBasicSelfIssuedOldWithNewTest1EE.crt
p p 6.1.5.5 ValidCertificatePathTest1EE.crt
p p 6.1.5.438 ValidDNSnameConstraintsTest30EE.crt
p p 6.1.5.442 ValidDNSnameConstraintsTest32EE.crt
p p 6.1.5.433 ValidDNandRFC822nameConstraintsTest27EE.crt
p p 6.1.5.400 ValidDNnameConstraintsTest11EE.crt
p p DifferentPoliciesTest12EE.crt
p p DifferentPoliciesTest3EE.crt
p p DifferentPoliciesTest4EE.crt
p p DifferentPoliciesTest5EE.crt
p p DifferentPoliciesTest7EE.crt
p p DifferentPoliciesTest8EE.crt
p p DifferentPoliciesTest9EE.crt
p p GeneralizedTimeCRLnextUpdateCACert.crt
p p GoodCACert.crt
p p GoodsubCACert.crt
# gpgsm: critical certificate extension 2.5.29.33 (policyMappings)
# is not supported
p u GoodsubCAPanyPolicyMapping1to2CACert.crt
# fixme: gpgme does not fail for it.
p f InvalidBadCRLIssuerNameTest5EE.crt
p f InvalidBadCRLSignatureTest4EE.crt
p f InvalidBasicSelfIssuedCRLSigningKeyTest7EE.crt
f f InvalidBasicSelfIssuedCRLSigningKeyTest8EE.crt
p f InvalidBasicSelfIssuedNewWithOldTest5EE.crt
f f InvalidBasicSelfIssuedOldWithNewTest2EE.crt
p f InvalidCASignatureTest2EE.crt
p f InvalidCAnotAfterDateTest5EE.crt
p f InvalidCAnotBeforeDateTest1EE.crt
p f InvalidDNSnameConstraintsTest31EE.crt
p f InvalidDNSnameConstraintsTest33EE.crt
p f InvalidDNSnameConstraintsTest38EE.crt
p f InvalidDNandRFC822nameConstraintsTest28EE.crt
p f InvalidDNandRFC822nameConstraintsTest29EE.crt
p f InvalidDNnameConstraintsTest10EE.crt
p f InvalidDNnameConstraintsTest12EE.crt
p f InvalidDNnameConstraintsTest13EE.crt
p f InvalidDNnameConstraintsTest15EE.crt
p f InvalidDNnameConstraintsTest16EE.crt
p f InvalidDNnameConstraintsTest17EE.crt
f f InvalidDNnameConstraintsTest20EE.crt
p f InvalidDNnameConstraintsTest2EE.crt
p f InvalidDNnameConstraintsTest3EE.crt
p f InvalidDNnameConstraintsTest7EE.crt
p f InvalidDNnameConstraintsTest8EE.crt
p f InvalidDNnameConstraintsTest9EE.crt
u u InvalidDSASignatureTest6EE.crt
f f InvalidEESignatureTest3EE.crt
p f InvalidEEnotAfterDateTest6EE.crt
p f InvalidEEnotBeforeDateTest2EE.crt
p f InvalidIDPwithindirectCRLTest23EE.crt
p f InvalidIDPwithindirectCRLTest26EE.crt
p f InvalidLongSerialNumberTest18EE.crt
p f InvalidMappingFromanyPolicyTest7EE.crt
p f InvalidMappingToanyPolicyTest8EE.crt
p f InvalidMissingCRLTest1EE.crt
p f InvalidMissingbasicConstraintsTest1EE.crt
p f InvalidNameChainingOrderTest2EE.crt
p f InvalidNameChainingTest1EE.crt
p f InvalidNegativeSerialNumberTest15EE.crt
p f InvalidOldCRLnextUpdateTest11EE.crt
p f InvalidPolicyMappingTest10EE.crt
p f InvalidPolicyMappingTest2EE.crt
p f InvalidPolicyMappingTest4EE.crt
p f InvalidRFC822nameConstraintsTest22EE.crt
p f InvalidRFC822nameConstraintsTest24EE.crt
p f InvalidRFC822nameConstraintsTest26EE.crt
p f InvalidRevokedCATest2EE.crt
p f InvalidRevokedEETest3EE.crt
f f InvalidSelfIssuedinhibitAnyPolicyTest10EE.crt
p f InvalidSelfIssuedinhibitAnyPolicyTest8EE.crt
p f InvalidSelfIssuedinhibitPolicyMappingTest10EE.crt
p f InvalidSelfIssuedinhibitPolicyMappingTest11EE.crt
p f InvalidSelfIssuedinhibitPolicyMappingTest8EE.crt
p f InvalidSelfIssuedinhibitPolicyMappingTest9EE.crt
p f InvalidSelfIssuedpathLenConstraintTest16EE.crt
p f InvalidSelfIssuedrequireExplicitPolicyTest7EE.crt
p f InvalidSelfIssuedrequireExplicitPolicyTest8EE.crt
f f InvalidSeparateCertificateandCRLKeysTest20EE.crt
f f InvalidSeparateCertificateandCRLKeysTest21EE.crt
p f InvalidURInameConstraintsTest35EE.crt
p f InvalidURInameConstraintsTest37EE.crt
p f InvalidUnknownCRLEntryExtensionTest8EE.crt
p f InvalidUnknownCRLExtensionTest10EE.crt
p f InvalidUnknownCRLExtensionTest9EE.crt
p f InvalidUnknownCriticalCertificateExtensionTest2EE.crt
p f InvalidWrongCRLTest6EE.crt
p f InvalidcAFalseTest2EE.crt
p f InvalidcAFalseTest3EE.crt
p f InvalidcRLIssuerTest27EE.crt
p f InvalidcRLIssuerTest31EE.crt
p f InvalidcRLIssuerTest32EE.crt
p f InvalidcRLIssuerTest34EE.crt
p f InvalidcRLIssuerTest35EE.crt
p f InvaliddeltaCRLIndicatorNoBaseTest1EE.crt
p f InvaliddeltaCRLTest10EE.crt
p f InvaliddeltaCRLTest3EE.crt
p f InvaliddeltaCRLTest4EE.crt
p f InvaliddeltaCRLTest6EE.crt
p f InvaliddeltaCRLTest9EE.crt
p f InvaliddistributionPointTest2EE.crt
p f InvaliddistributionPointTest3EE.crt
p f InvaliddistributionPointTest6EE.crt
p f InvaliddistributionPointTest8EE.crt
p f InvaliddistributionPointTest9EE.crt
p f InvalidinhibitAnyPolicyTest1EE.crt
p f InvalidinhibitAnyPolicyTest4EE.crt
p f InvalidinhibitAnyPolicyTest5EE.crt
p f InvalidinhibitAnyPolicyTest6EE.crt
p f InvalidinhibitPolicyMappingTest1EE.crt
p f InvalidinhibitPolicyMappingTest3EE.crt
p f InvalidinhibitPolicyMappingTest5EE.crt
p f InvalidinhibitPolicyMappingTest6EE.crt
p f InvalidkeyUsageCriticalcRLSignFalseTest4EE.crt
p f InvalidkeyUsageCriticalkeyCertSignFalseTest1EE.crt
p f InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.crt
p f InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE.crt
p f InvalidonlyContainsAttributeCertsTest14EE.crt
p f InvalidonlyContainsCACertsTest12EE.crt
p f InvalidonlyContainsUserCertsTest11EE.crt
p f InvalidonlySomeReasonsTest15EE.crt
p f InvalidonlySomeReasonsTest16EE.crt
p f InvalidonlySomeReasonsTest17EE.crt
p f InvalidonlySomeReasonsTest20EE.crt
p f InvalidonlySomeReasonsTest21EE.crt
p f InvalidpathLenConstraintTest10EE.crt
p f InvalidpathLenConstraintTest11EE.crt
p f InvalidpathLenConstraintTest12EE.crt
p f InvalidpathLenConstraintTest5EE.crt
p f InvalidpathLenConstraintTest6EE.crt
p f InvalidpathLenConstraintTest9EE.crt
p f Invalidpre2000CRLnextUpdateTest12EE.crt
p f Invalidpre2000UTCEEnotAfterDateTest7EE.crt
p f InvalidrequireExplicitPolicyTest3EE.crt
p f InvalidrequireExplicitPolicyTest5EE.crt
p p LongSerialNumberCACert.crt
p p Mapping1to2CACert.crt
p p MappingFromanyPolicyCACert.crt
p p MappingToanyPolicyCACert.crt
p p MissingbasicConstraintsCACert.crt
p p NameOrderingCACert.crt
p p NegativeSerialNumberCACert.crt
p p NoCRLCACert.crt
p p NoPoliciesCACert.crt
p p NoissuingDistributionPointCACert.crt
p p OldCRLnextUpdateCACert.crt
p p OverlappingPoliciesTest6EE.crt
p p P12Mapping1to3CACert.crt
p p P12Mapping1to3subCACert.crt
p p P12Mapping1to3subsubCACert.crt
p p P1Mapping1to234CACert.crt
p p P1Mapping1to234subCACert.crt
p p P1anyPolicyMapping1to2CACert.crt
p p PanyPolicyMapping1to2CACert.crt
p p PoliciesP1234CACert.crt
p p PoliciesP1234subCAP123Cert.crt
p p PoliciesP1234subsubCAP123P12Cert.crt
p p PoliciesP123CACert.crt
p p PoliciesP123subCAP12Cert.crt
p p PoliciesP123subsubCAP12P1Cert.crt
p p PoliciesP123subsubCAP12P2Cert.crt
p p PoliciesP123subsubsubCAP12P2P1Cert.crt
p p PoliciesP12CACert.crt
p p PoliciesP12subCAP1Cert.crt
p p PoliciesP12subsubCAP1P2Cert.crt
p p PoliciesP2subCA2Cert.crt
p p PoliciesP2subCACert.crt
p p PoliciesP3CACert.crt
p p RFC3280MandatoryAttributeTypesCACert.crt
p p RFC3280OptionalAttributeTypesCACert.crt
p p RevokedsubCACert.crt
p p RolloverfromPrintableStringtoUTF8StringCACert.crt
p p SeparateCertificateandCRLKeysCA2CRLSigningCert.crt
p p SeparateCertificateandCRLKeysCA2CertificateSigningCACert.crt
p p SeparateCertificateandCRLKeysCRLSigningCert.crt
p p SeparateCertificateandCRLKeysCertificateSigningCACert.crt
p p TwoCRLsCACert.crt
p p UIDCACert.crt
p p UTF8StringCaseInsensitiveMatchCACert.crt
p p UTF8StringEncodedNamesCACert.crt
p p UnknownCRLEntryExtensionCACert.crt
p p UnknownCRLExtensionCACert.crt
p p UserNoticeQualifierTest15EE.crt
p p UserNoticeQualifierTest16EE.crt
p p UserNoticeQualifierTest17EE.crt
p p UserNoticeQualifierTest18EE.crt
p p UserNoticeQualifierTest19EE.crt
p p ValidBasicSelfIssuedCRLSigningKeyTest6EE.crt
# For yet unknown reasons gpgsm claims a bad signature.
? ? ValidBasicSelfIssuedNewWithOldTest3EE.crt
p p ValidBasicSelfIssuedNewWithOldTest4EE.crt
# For yet unknown reasons gpgsm claims a bad signature.
? ? ValidBasicSelfIssuedOldWithNewTest1EE.crt
p p ValidCertificatePathTest1EE.crt
p p ValidDNSnameConstraintsTest30EE.crt
p p ValidDNSnameConstraintsTest32EE.crt
p p ValidDNandRFC822nameConstraintsTest27EE.crt
p p ValidDNnameConstraintsTest11EE.crt
# This certificate has an empty subject sequence. Our parser does not
# support this yet and it is unlikely that gpgsm will be able to cope
# with it at all.
u u ValidDNnameConstraintsTest14EE.crt
p p ValidDNnameConstraintsTest18EE.crt
u u 6.1.5.407 ValidDNnameConstraintsTest14EE.crt
p p 6.1.5.415 ValidDNnameConstraintsTest18EE.crt
p p 6.1.5.417 ValidDNnameConstraintsTest19EE.crt
p p 6.1.5.382 ValidDNnameConstraintsTest1EE.crt
p p 6.1.5.385 ValidDNnameConstraintsTest4EE.crt
p p 6.1.5.388 ValidDNnameConstraintsTest5EE.crt
p p 6.1.5.391 ValidDNnameConstraintsTest6EE.crt
u p 6.1.5.577 ValidDSAParameterInheritanceTest5EE.crt
u p 6.1.5.574 ValidDSASignaturesTest4EE.crt
p p 6.1.5.66 ValidGeneralizedTimeCRLnextUpdateTest13EE.crt
p p 6.1.5.21 ValidGeneralizedTimenotAfterDateTest8EE.crt
p p 6.1.5.15 ValidGeneralizedTimenotBeforeDateTest4EE.crt
p p 6.1.5.499 ValidIDPwithindirectCRLTest22EE.crt
p p 6.1.5.502 ValidIDPwithindirectCRLTest24EE.crt
p p 6.1.5.503 ValidIDPwithindirectCRLTest25EE.crt
p p 6.1.5.73 ValidLongSerialNumberTest16EE.crt
p p 6.1.5.74 ValidLongSerialNumberTest17EE.crt
p p 6.1.5.28 ValidNameChainingCapitalizationTest5EE.crt
p p 6.1.5.26 ValidNameChainingWhitespaceTest3EE.crt
p p 6.1.5.27 ValidNameChainingWhitespaceTest4EE.crt
p p 6.1.5.31 ValidNameUIDsTest6EE.crt
p p 6.1.5.69 ValidNegativeSerialNumberTest14EE.crt
p p 6.1.5.467 ValidNoissuingDistributionPointTest10EE.crt
p p 6.1.5.303 ValidPolicyMappingTest11EE.crt
p p 6.1.5.304 ValidPolicyMappingTest12EE.crt
p p 6.1.5.307 ValidPolicyMappingTest13EE.crt
p p 6.1.5.308 ValidPolicyMappingTest14EE.crt
p p 6.1.5.275 ValidPolicyMappingTest1EE.crt
p p 6.1.5.283 ValidPolicyMappingTest3EE.crt
p p 6.1.5.289 ValidPolicyMappingTest5EE.crt
p p 6.1.5.290 ValidPolicyMappingTest6EE.crt
p p 6.1.5.299 ValidPolicyMappingTest9EE.crt
p p 6.1.5.549 ValidRFC3280MandatoryAttributeTypesTest7EE.crt
p p 6.1.5.552 ValidRFC3280OptionalAttributeTypesTest8EE.crt
p p 6.1.5.421 ValidRFC822nameConstraintsTest21EE.crt
p p 6.1.5.425 ValidRFC822nameConstraintsTest23EE.crt
p p 6.1.5.429 ValidRFC822nameConstraintsTest25EE.crt
p p 6.1.5.558 ValidRolloverfromPrintableStringtoUTF8StringTest10EE.crt
p p 6.1.5.373 ValidSelfIssuedinhibitAnyPolicyTest7EE.crt
p p 6.1.5.378 ValidSelfIssuedinhibitAnyPolicyTest9EE.crt
p p 6.1.5.342 ValidSelfIssuedinhibitPolicyMappingTest7EE.crt
p ? 6.1.5.140 ValidSelfIssuedpathLenConstraintTest15EE.crt
p p 6.1.5.150 ValidSelfIssuedpathLenConstraintTest17EE.crt
p ? 6.1.5.267 ValidSelfIssuedrequireExplicitPolicyTest6EE.crt
p ? 6.1.5.566 ValidSeparateCertificateandCRLKeysTest19EE.crt
p p 6.1.5.50 ValidTwoCRLsTest7EE.crt
p p 6.1.5.446 ValidURInameConstraintsTest34EE.crt
p p 6.1.5.450 ValidURInameConstraintsTest36EE.crt
p p 6.1.5.561 ValidUTF8StringCaseInsensitiveMatchTest11EE.crt
p p 6.1.5.555 ValidUTF8StringEncodedNamesTest9EE.crt
p p 6.1.5.545 ValidUnknownNotCriticalCertificateExtensionTest1EE.crt
p p 6.1.5.106 ValidbasicConstraintsNotCriticalTest4EE.crt
p p 6.1.5.510 ValidcRLIssuerTest28EE.crt
p p 6.1.5.511 ValidcRLIssuerTest29EE.crt
p p 6.1.5.515 ValidcRLIssuerTest30EE.crt
p p 6.1.5.521 ValidcRLIssuerTest33EE.crt
p p 6.1.5.530 ValiddeltaCRLTest2EE.crt
p p 6.1.5.533 ValiddeltaCRLTest5EE.crt
p p 6.1.5.535 ValiddeltaCRLTest7EE.crt
p p 6.1.5.539 ValiddeltaCRLTest8EE.crt
p p 6.1.5.454 ValiddistributionPointTest1EE.crt
p p 6.1.5.457 ValiddistributionPointTest4EE.crt
p p 6.1.5.460 ValiddistributionPointTest5EE.crt
p p 6.1.5.462 ValiddistributionPointTest7EE.crt
p p 6.1.5.353 ValidinhibitAnyPolicyTest2EE.crt
p p 6.1.5.318 ValidinhibitPolicyMappingTest2EE.crt
p p 6.1.5.322 ValidinhibitPolicyMappingTest4EE.crt
p p 6.1.5.159 ValidkeyUsageNotCriticalTest3EE.crt
p p 6.1.5.474 ValidonlyContainsCACertsTest13EE.crt
p p 6.1.5.490 ValidonlySomeReasonsTest18EE.crt
p p 6.1.5.494 ValidonlySomeReasonsTest19EE.crt
p p 6.1.5.137 ValidpathLenConstraintTest13EE.crt
p p 6.1.5.138 ValidpathLenConstraintTest14EE.crt
p p 6.1.5.113 ValidpathLenConstraintTest7EE.crt
p p 6.1.5.114 ValidpathLenConstraintTest8EE.crt
p p 6.1.5.14 Validpre2000UTCnotBeforeDateTest3EE.crt
p p 6.1.5.227 ValidrequireExplicitPolicyTest1EE.crt
p p 6.1.5.236 ValidrequireExplicitPolicyTest2EE.crt
p p 6.1.5.254 ValidrequireExplicitPolicyTest4EE.crt
p p 6.1.5.44 WrongCRLCACert.crt
p p 6.1.5.205 anyPolicyCACert.crt
p p 6.1.5.98 basicConstraintsCriticalcAFalseCACert.crt
p p 6.1.5.104 basicConstraintsNotCriticalCACert.crt
p p 6.1.5.101 basicConstraintsNotCriticalcAFalseCACert.crt
p p 6.1.5.527 deltaCRLCA1Cert.crt
p p 6.1.5.536 deltaCRLCA2Cert.crt
p p 6.1.5.541 deltaCRLCA3Cert.crt
p p 6.1.5.524 deltaCRLIndicatorNoBaseCACert.crt
p p 6.1.5.452 distributionPoint1CACert.crt
p p 6.1.5.458 distributionPoint2CACert.crt
p p 6.1.5.497 indirectCRLCA1Cert.crt
p p 6.1.5.501 indirectCRLCA2Cert.crt
p p 6.1.5.506 indirectCRLCA3Cert.crt
p p 6.1.5.508 indirectCRLCA3cRLIssuerCert.crt
p p 6.1.5.512 indirectCRLCA4Cert.crt
p p 6.1.5.513 indirectCRLCA4cRLIssuerCert.crt
p p 6.1.5.516 indirectCRLCA5Cert.crt
p p 6.1.5.518 indirectCRLCA6Cert.crt
p p 6.1.5.350 inhibitAnyPolicy0CACert.crt
p p 6.1.5.354 inhibitAnyPolicy1CACert.crt
p ? 6.1.5.370 inhibitAnyPolicy1SelfIssuedCACert.crt
p ? 6.1.5.377 inhibitAnyPolicy1SelfIssuedsubCA2Cert.crt
p p 6.1.5.356 inhibitAnyPolicy1subCA1Cert.crt
? ? 6.1.5.371 inhibitAnyPolicy1subCA2Cert.crt
p p 6.1.5.367 inhibitAnyPolicy1subCAIAP5Cert.crt
p p 6.1.5.374 inhibitAnyPolicy1subsubCA2Cert.crt
p p 6.1.5.360 inhibitAnyPolicy5CACert.crt
p p 6.1.5.362 inhibitAnyPolicy5subCACert.crt
p p 6.1.5.364 inhibitAnyPolicy5subsubCACert.crt
p p 6.1.5.358 inhibitAnyPolicyTest3EE.crt
p p 6.1.5.309 inhibitPolicyMapping0CACert.crt
p p 6.1.5.311 inhibitPolicyMapping0subCACert.crt
p p 6.1.5.314 inhibitPolicyMapping1P12CACert.crt
p p 6.1.5.316 inhibitPolicyMapping1P12subCACert.crt
p p 6.1.5.332 inhibitPolicyMapping1P12subCAIPM5Cert.crt
p p 6.1.5.319 inhibitPolicyMapping1P12subsubCACert.crt
p p 6.1.5.334 inhibitPolicyMapping1P12subsubCAIPM5Cert.crt
p p 6.1.5.337 inhibitPolicyMapping1P1CACert.crt
# For yet unknown reasons gpgsm claims a bad signature.
? ? ValidDNnameConstraintsTest19EE.crt
p p ValidDNnameConstraintsTest1EE.crt
p p ValidDNnameConstraintsTest4EE.crt
p p ValidDNnameConstraintsTest5EE.crt
p p ValidDNnameConstraintsTest6EE.crt
u p ValidDSAParameterInheritanceTest5EE.crt
u p ValidDSASignaturesTest4EE.crt
p p ValidGeneralizedTimeCRLnextUpdateTest13EE.crt
p p ValidGeneralizedTimenotAfterDateTest8EE.crt
p p ValidGeneralizedTimenotBeforeDateTest4EE.crt
p p ValidIDPwithindirectCRLTest22EE.crt
p p ValidIDPwithindirectCRLTest24EE.crt
p p ValidIDPwithindirectCRLTest25EE.crt
p p ValidLongSerialNumberTest16EE.crt
p p ValidLongSerialNumberTest17EE.crt
p p ValidNameChainingCapitalizationTest5EE.crt
p p ValidNameChainingWhitespaceTest3EE.crt
p p ValidNameChainingWhitespaceTest4EE.crt
p p ValidNameUIDsTest6EE.crt
p p ValidNegativeSerialNumberTest14EE.crt
p p ValidNoissuingDistributionPointTest10EE.crt
p p ValidPolicyMappingTest11EE.crt
p p ValidPolicyMappingTest12EE.crt
p p ValidPolicyMappingTest13EE.crt
p p ValidPolicyMappingTest14EE.crt
p p ValidPolicyMappingTest1EE.crt
p p ValidPolicyMappingTest3EE.crt
p p ValidPolicyMappingTest5EE.crt
p p ValidPolicyMappingTest6EE.crt
p p ValidPolicyMappingTest9EE.crt
p p ValidRFC3280MandatoryAttributeTypesTest7EE.crt
p p ValidRFC3280OptionalAttributeTypesTest8EE.crt
p p ValidRFC822nameConstraintsTest21EE.crt
p p ValidRFC822nameConstraintsTest23EE.crt
p p ValidRFC822nameConstraintsTest25EE.crt
p p ValidRolloverfromPrintableStringtoUTF8StringTest10EE.crt
p p ValidSelfIssuedinhibitAnyPolicyTest7EE.crt
p p ValidSelfIssuedinhibitAnyPolicyTest9EE.crt
p p ValidSelfIssuedinhibitPolicyMappingTest7EE.crt
? ? 6.1.5.339 inhibitPolicyMapping1P1SelfIssuedCACert.crt
? ? 6.1.5.347 inhibitPolicyMapping1P1SelfIssuedsubCACert.crt
? ? 6.1.5.340 inhibitPolicyMapping1P1subCACert.crt
p p 6.1.5.343 inhibitPolicyMapping1P1subsubCACert.crt
p p 6.1.5.323 inhibitPolicyMapping5CACert.crt
p p 6.1.5.325 inhibitPolicyMapping5subCACert.crt
p p 6.1.5.327 inhibitPolicyMapping5subsubCACert.crt
p p 6.1.5.329 inhibitPolicyMapping5subsubsubCACert.crt
p p 6.1.5.160 keyUsageCriticalcRLSignFalseCACert.crt
p p 6.1.5.151 keyUsageCriticalkeyCertSignFalseCACert.crt
p p 6.1.5.157 keyUsageNotCriticalCACert.crt
p p 6.1.5.163 keyUsageNotCriticalcRLSignFalseCACert.crt
p p 6.1.5.154 keyUsageNotCriticalkeyCertSignFalseCACert.crt
p p 6.1.5.380 nameConstraintsDN1CACert.crt
? ? 6.1.5.416 nameConstraintsDN1SelfIssuedCACert.crt
p p 6.1.5.401 nameConstraintsDN1subCA1Cert.crt
p p 6.1.5.404 nameConstraintsDN1subCA2Cert.crt
p p 6.1.5.431 nameConstraintsDN1subCA3Cert.crt
p p 6.1.5.386 nameConstraintsDN2CACert.crt
p p 6.1.5.389 nameConstraintsDN3CACert.crt
p p 6.1.5.408 nameConstraintsDN3subCA1Cert.crt
p p 6.1.5.412 nameConstraintsDN3subCA2Cert.crt
p p 6.1.5.393 nameConstraintsDN4CACert.crt
p p 6.1.5.397 nameConstraintsDN5CACert.crt
p p 6.1.5.436 nameConstraintsDNS1CACert.crt
p p 6.1.5.440 nameConstraintsDNS2CACert.crt
p p 6.1.5.419 nameConstraintsRFC822CA1Cert.crt
p p 6.1.5.423 nameConstraintsRFC822CA2Cert.crt
p p 6.1.5.427 nameConstraintsRFC822CA3Cert.crt
p p 6.1.5.444 nameConstraintsURI1CACert.crt
p p 6.1.5.448 nameConstraintsURI2CACert.crt
p p 6.1.5.475 onlyContainsAttributeCertsCACert.crt
p p 6.1.5.471 onlyContainsCACertsCACert.crt
p p 6.1.5.468 onlyContainsUserCertsCACert.crt
p p 6.1.5.478 onlySomeReasonsCA1Cert.crt
p p 6.1.5.483 onlySomeReasonsCA2Cert.crt
p p 6.1.5.487 onlySomeReasonsCA3Cert.crt
p p 6.1.5.491 onlySomeReasonsCA4Cert.crt
p p 6.1.5.107 pathLenConstraint0CACert.crt
? ? 6.1.5.139 pathLenConstraint0SelfIssuedCACert.crt
? ? 6.1.5.141 pathLenConstraint0subCA2Cert.crt
p p 6.1.5.109 pathLenConstraint0subCACert.crt
p p 6.1.5.144 pathLenConstraint1CACert.crt
? ? 6.1.5.146 pathLenConstraint1SelfIssuedCACert.crt
? ? 6.1.5.149 pathLenConstraint1SelfIssuedsubCACert.crt
? ? 6.1.5.147 pathLenConstraint1subCACert.crt
p p 6.1.5.115 pathLenConstraint6CACert.crt
p p 6.1.5.117 pathLenConstraint6subCA0Cert.crt
p p 6.1.5.123 pathLenConstraint6subCA1Cert.crt
p p 6.1.5.131 pathLenConstraint6subCA4Cert.crt
p p 6.1.5.119 pathLenConstraint6subsubCA00Cert.crt
p p 6.1.5.125 pathLenConstraint6subsubCA11Cert.crt
p p 6.1.5.133 pathLenConstraint6subsubCA41Cert.crt
p p 6.1.5.127 pathLenConstraint6subsubsubCA11XCert.crt
p p 6.1.5.135 pathLenConstraint6subsubsubCA41XCert.crt
p p 6.1.5.61 pre2000CRLnextUpdateCACert.crt
p p 6.1.5.246 requireExplicitPolicy0CACert.crt
p p 6.1.5.248 requireExplicitPolicy0subCACert.crt
p p 6.1.5.250 requireExplicitPolicy0subsubCACert.crt
p p 6.1.5.252 requireExplicitPolicy0subsubsubCACert.crt
p p 6.1.5.219 requireExplicitPolicy10CACert.crt
p p 6.1.5.221 requireExplicitPolicy10subCACert.crt
p p 6.1.5.223 requireExplicitPolicy10subsubCACert.crt
p p 6.1.5.225 requireExplicitPolicy10subsubsubCACert.crt
p p 6.1.5.264 requireExplicitPolicy2CACert.crt
# For yet unknown reasons gpgsm claims a bad signature.
? ? ValidSelfIssuedpathLenConstraintTest15EE.crt
p p ValidSelfIssuedpathLenConstraintTest17EE.crt
# For yet unknown reasons gpgsm claims a bad signature.
? ? ValidSelfIssuedrequireExplicitPolicyTest6EE.crt
# For yet unknown reasons gpgsm claims a bad signature.
? ? ValidSeparateCertificateandCRLKeysTest19EE.crt
p p ValidTwoCRLsTest7EE.crt
p p ValidURInameConstraintsTest34EE.crt
p p ValidURInameConstraintsTest36EE.crt
p p ValidUTF8StringCaseInsensitiveMatchTest11EE.crt
p p ValidUTF8StringEncodedNamesTest9EE.crt
p p ValidUnknownNotCriticalCertificateExtensionTest1EE.crt
p p ValidbasicConstraintsNotCriticalTest4EE.crt
p p ValidcRLIssuerTest28EE.crt
p p ValidcRLIssuerTest29EE.crt
p p ValidcRLIssuerTest30EE.crt
p p ValidcRLIssuerTest33EE.crt
p p ValiddeltaCRLTest2EE.crt
p p ValiddeltaCRLTest5EE.crt
p p ValiddeltaCRLTest7EE.crt
p p ValiddeltaCRLTest8EE.crt
p p ValiddistributionPointTest1EE.crt
p p ValiddistributionPointTest4EE.crt
p p ValiddistributionPointTest5EE.crt
p p ValiddistributionPointTest7EE.crt
p p ValidinhibitAnyPolicyTest2EE.crt
p p ValidinhibitPolicyMappingTest2EE.crt
p p ValidinhibitPolicyMappingTest4EE.crt
p p ValidkeyUsageNotCriticalTest3EE.crt
p p ValidonlyContainsCACertsTest13EE.crt
p p ValidonlySomeReasonsTest18EE.crt
p p ValidonlySomeReasonsTest19EE.crt
p p ValidpathLenConstraintTest13EE.crt
p p ValidpathLenConstraintTest14EE.crt
p p ValidpathLenConstraintTest7EE.crt
p p ValidpathLenConstraintTest8EE.crt
p p Validpre2000UTCnotBeforeDateTest3EE.crt
p p ValidrequireExplicitPolicyTest1EE.crt
p p ValidrequireExplicitPolicyTest2EE.crt
p p ValidrequireExplicitPolicyTest4EE.crt
p p WrongCRLCACert.crt
p p anyPolicyCACert.crt
p p basicConstraintsCriticalcAFalseCACert.crt
p p basicConstraintsNotCriticalCACert.crt
p p basicConstraintsNotCriticalcAFalseCACert.crt
p p deltaCRLCA1Cert.crt
p p deltaCRLCA2Cert.crt
p p deltaCRLCA3Cert.crt
p p deltaCRLIndicatorNoBaseCACert.crt
p p distributionPoint1CACert.crt
p p distributionPoint2CACert.crt
p p indirectCRLCA1Cert.crt
p p indirectCRLCA2Cert.crt
p p indirectCRLCA3Cert.crt
p p indirectCRLCA3cRLIssuerCert.crt
p p indirectCRLCA4Cert.crt
p p indirectCRLCA4cRLIssuerCert.crt
p p indirectCRLCA5Cert.crt
p p indirectCRLCA6Cert.crt
p p inhibitAnyPolicy0CACert.crt
p p inhibitAnyPolicy1CACert.crt
# For yet unknown reasons gpgsm claims a bad signature.
? ? inhibitAnyPolicy1SelfIssuedCACert.crt
? ? inhibitAnyPolicy1SelfIssuedsubCA2Cert.crt
p p inhibitAnyPolicy1subCA1Cert.crt
# For yet unknown reasons gpgsm claims a bad signature.
? ? inhibitAnyPolicy1subCA2Cert.crt
p p inhibitAnyPolicy1subCAIAP5Cert.crt
p p inhibitAnyPolicy1subsubCA2Cert.crt
p p inhibitAnyPolicy5CACert.crt
p p inhibitAnyPolicy5subCACert.crt
p p inhibitAnyPolicy5subsubCACert.crt
p p inhibitAnyPolicyTest3EE.crt
p p inhibitPolicyMapping0CACert.crt
p p inhibitPolicyMapping0subCACert.crt
p p inhibitPolicyMapping1P12CACert.crt
p p inhibitPolicyMapping1P12subCACert.crt
p p inhibitPolicyMapping1P12subCAIPM5Cert.crt
p p inhibitPolicyMapping1P12subsubCACert.crt
p p inhibitPolicyMapping1P12subsubCAIPM5Cert.crt
p p inhibitPolicyMapping1P1CACert.crt
# For yet unknown reasons gpgsm claims a bad signature.
? ? inhibitPolicyMapping1P1SelfIssuedCACert.crt
? ? inhibitPolicyMapping1P1SelfIssuedsubCACert.crt
? ? inhibitPolicyMapping1P1subCACert.crt
p p inhibitPolicyMapping1P1subsubCACert.crt
p p inhibitPolicyMapping5CACert.crt
p p inhibitPolicyMapping5subCACert.crt
p p inhibitPolicyMapping5subsubCACert.crt
p p inhibitPolicyMapping5subsubsubCACert.crt
p p keyUsageCriticalcRLSignFalseCACert.crt
p p keyUsageCriticalkeyCertSignFalseCACert.crt
p p keyUsageNotCriticalCACert.crt
p p keyUsageNotCriticalcRLSignFalseCACert.crt
p p keyUsageNotCriticalkeyCertSignFalseCACert.crt
p p nameConstraintsDN1CACert.crt
# For yet unknown reasons gpgsm claims a bad signature.
? ? nameConstraintsDN1SelfIssuedCACert.crt
p p nameConstraintsDN1subCA1Cert.crt
p p nameConstraintsDN1subCA2Cert.crt
p p nameConstraintsDN1subCA3Cert.crt
p p nameConstraintsDN2CACert.crt
p p nameConstraintsDN3CACert.crt
p p nameConstraintsDN3subCA1Cert.crt
p p nameConstraintsDN3subCA2Cert.crt
p p nameConstraintsDN4CACert.crt
p p nameConstraintsDN5CACert.crt
p p nameConstraintsDNS1CACert.crt
p p nameConstraintsDNS2CACert.crt
p p nameConstraintsRFC822CA1Cert.crt
p p nameConstraintsRFC822CA2Cert.crt
p p nameConstraintsRFC822CA3Cert.crt
p p nameConstraintsURI1CACert.crt
p p nameConstraintsURI2CACert.crt
p p onlyContainsAttributeCertsCACert.crt
p p onlyContainsCACertsCACert.crt
p p onlyContainsUserCertsCACert.crt
p p onlySomeReasonsCA1Cert.crt
p p onlySomeReasonsCA2Cert.crt
p p onlySomeReasonsCA3Cert.crt
p p onlySomeReasonsCA4Cert.crt
p p pathLenConstraint0CACert.crt
# For yet unknown reasons gpgsm claims a bad signature.
? ? pathLenConstraint0SelfIssuedCACert.crt
? ? pathLenConstraint0subCA2Cert.crt
p p pathLenConstraint0subCACert.crt
p p pathLenConstraint1CACert.crt
# For yet unknown reasons gpgsm claims a bad signature.
? ? pathLenConstraint1SelfIssuedCACert.crt
? ? pathLenConstraint1SelfIssuedsubCACert.crt
? ? pathLenConstraint1subCACert.crt
p p pathLenConstraint6CACert.crt
p p pathLenConstraint6subCA0Cert.crt
p p pathLenConstraint6subCA1Cert.crt
p p pathLenConstraint6subCA4Cert.crt
p p pathLenConstraint6subsubCA00Cert.crt
p p pathLenConstraint6subsubCA11Cert.crt
p p pathLenConstraint6subsubCA41Cert.crt
p p pathLenConstraint6subsubsubCA11XCert.crt
p p pathLenConstraint6subsubsubCA41XCert.crt
p p pre2000CRLnextUpdateCACert.crt
p p requireExplicitPolicy0CACert.crt
p p requireExplicitPolicy0subCACert.crt
p p requireExplicitPolicy0subsubCACert.crt
p p requireExplicitPolicy0subsubsubCACert.crt
p p requireExplicitPolicy10CACert.crt
p p requireExplicitPolicy10subCACert.crt
p p requireExplicitPolicy10subsubCACert.crt
p p requireExplicitPolicy10subsubsubCACert.crt
p p requireExplicitPolicy2CACert.crt
# For yet unknown reasons gpgsm claims a bad signature.
? ? requireExplicitPolicy2SelfIssuedCACert.crt
? ? requireExplicitPolicy2SelfIssuedsubCACert.crt
? ? requireExplicitPolicy2subCACert.crt
p p requireExplicitPolicy4CACert.crt
p p requireExplicitPolicy4subCACert.crt
p p requireExplicitPolicy4subsubCACert.crt
p p requireExplicitPolicy4subsubsubCACert.crt
p p requireExplicitPolicy5CACert.crt
p p requireExplicitPolicy5subCACert.crt
p p requireExplicitPolicy5subsubCACert.crt
p p requireExplicitPolicy5subsubsubCACert.crt
p p requireExplicitPolicy7CACert.crt
p p requireExplicitPolicy7subCARE2Cert.crt
p p requireExplicitPolicy7subsubCARE2RE4Cert.crt
p p requireExplicitPolicy7subsubsubCARE2RE4Cert.crt
? ? 6.1.5.266 requireExplicitPolicy2SelfIssuedCACert.crt
? ? 6.1.5.271 requireExplicitPolicy2SelfIssuedsubCACert.crt
? ? 6.1.5.268 requireExplicitPolicy2subCACert.crt
p p 6.1.5.237 requireExplicitPolicy4CACert.crt
p p 6.1.5.239 requireExplicitPolicy4subCACert.crt
p p 6.1.5.241 requireExplicitPolicy4subsubCACert.crt
p p 6.1.5.243 requireExplicitPolicy4subsubsubCACert.crt
p p 6.1.5.228 requireExplicitPolicy5CACert.crt
p p 6.1.5.230 requireExplicitPolicy5subCACert.crt
p p 6.1.5.232 requireExplicitPolicy5subsubCACert.crt
p p 6.1.5.234 requireExplicitPolicy5subsubsubCACert.crt
p p 6.1.5.255 requireExplicitPolicy7CACert.crt
p p 6.1.5.257 requireExplicitPolicy7subCARE2Cert.crt
p p 6.1.5.259 requireExplicitPolicy7subsubCARE2RE4Cert.crt
p p 6.1.5.261 requireExplicitPolicy7subsubsubCARE2RE4Cert.crt

31
tests/pkits/inhibit-any-policy Normal file
View File

@ -0,0 +1,31 @@
#!/bin/sh
# inhibit-any-policy - PKITS Test 4.12 -*- sh -*-
# Copyright (C) 2008 Free Software Foundation, Inc.
#
# This file is part of GnuPG.
#
# GnuPG is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# GnuPG is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see <http://www.gnu.org/licenses/>.
. ${srcdir:-.}/common.sh || exit 2
section=4.12
description="Inhibit Any Policy"
info "Running $description tests"
final_result

31
tests/pkits/inhibit-policy-mapping Normal file
View File

@ -0,0 +1,31 @@
#!/bin/sh
# inhibit-policy-mapping - PKITS Test 4.11 -*- sh -*-
# Copyright (C) 2008 Free Software Foundation, Inc.
#
# This file is part of GnuPG.
#
# GnuPG is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# GnuPG is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see <http://www.gnu.org/licenses/>.
. ${srcdir:-.}/common.sh || exit 2
section=4.11
description="Inhibit Policy Mapping"
info "Running $description tests"
final_result

2
tests/pkits/inittests
View File

@ -74,7 +74,9 @@ no-secmem-warning
no-greeting
batch
disable-crl-checks
disable-dirmngr
agent-program ../../agent/gpg-agent
no-common-certs-import
EOF
# Fixme: we need to write a dummy pinentry program

31
tests/pkits/key-usage Normal file
View File

@ -0,0 +1,31 @@
#!/bin/sh
# key-usage - PKITS Test 4.7 -*- sh -*-
# Copyright (C) 2008 Free Software Foundation, Inc.
#
# This file is part of GnuPG.
#
# GnuPG is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# GnuPG is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see <http://www.gnu.org/licenses/>.
. ${srcdir:-.}/common.sh || exit 2
section=4.7
description="Key Usage"
info "Running $description tests"
final_result

31
tests/pkits/name-constraints Normal file
View File

@ -0,0 +1,31 @@
#!/bin/sh
# name-constraints - PKITS Test 4.13 -*- sh -*-
# Copyright (C) 2008 Free Software Foundation, Inc.
#
# This file is part of GnuPG.
#
# GnuPG is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# GnuPG is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see <http://www.gnu.org/licenses/>.
. ${srcdir:-.}/common.sh || exit 2
section=4.13
description="Name Constraints"
info "Running $description tests"
final_result

31
tests/pkits/policy-mappings Normal file
View File

@ -0,0 +1,31 @@
#!/bin/sh
# policy-mappings - PKITS Test 4.10 -*- sh -*-
# Copyright (C) 2008 Free Software Foundation, Inc.
#
# This file is part of GnuPG.
#
# GnuPG is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# GnuPG is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see <http://www.gnu.org/licenses/>.
. ${srcdir:-.}/common.sh || exit 2
section=4.10
description="Policy Mappings"
info "Running $description tests"
final_result

31
tests/pkits/private-certificate-extensions Normal file
View File

@ -0,0 +1,31 @@
#!/bin/sh
# private-certificate-extensions - PKITS Test 4.16 -*- sh -*-
# Copyright (C) 2008 Free Software Foundation, Inc.
#
# This file is part of GnuPG.
#
# GnuPG is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# GnuPG is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see <http://www.gnu.org/licenses/>.
. ${srcdir:-.}/common.sh || exit 2
section=4.16
description="Private Certificate Extensions"
info "Running $description tests"
final_result

31
tests/pkits/require-explicit-policy Normal file
View File

@ -0,0 +1,31 @@
#!/bin/sh
# require-explicit-policy - PKITS Test 4.9 -*- sh -*-
# Copyright (C) 2008 Free Software Foundation, Inc.
#
# This file is part of GnuPG.
#
# GnuPG is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# GnuPG is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see <http://www.gnu.org/licenses/>.
. ${srcdir:-.}/common.sh || exit 2
section=4.9
description="Require Explicit Policy"
info "Running $description tests"
final_result

31
tests/pkits/signature-verification Normal file
View File

@ -0,0 +1,31 @@
#!/bin/sh
# signature-verification - PKITS Test 4.1 -*- sh -*-
# Copyright (C) 2008 Free Software Foundation, Inc.
#
# This file is part of GnuPG.
#
# GnuPG is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# GnuPG is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see <http://www.gnu.org/licenses/>.
. ${srcdir:-.}/common.sh || exit 2
section=4.1
description="Signature Verification"
info "Running $description tests"
final_result

21
tests/pkits/validate-all-certs
View File

@ -1,12 +1,12 @@
#!/bin/sh
# validate-all-certs -*- sh -*-
# Copyright (C) 2004 Free Software Foundation, Inc.
# validate-all-certs - GnuPG import and validate tests -*- sh -*-
# Copyright (C) 2004, 2008 Free Software Foundation, Inc.
#
# This file is part of GnuPG.
#
# GnuPG is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# GnuPG is distributed in the hope that it will be useful,
@ -15,16 +15,19 @@
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
# USA.
# along with this program; if not, see <http://www.gnu.org/licenses/>.
. ${srcdir:-.}/common.sh || exit 2
while read dummy flag name; do
case $dummy in \#*) continue;; esac
[ -z "$dummy" ] && continue;
section=6
description="GnuPG Import with Validation"
info "Running $description tests"
while read dummy flag section name; do
case $dummy in \#*) continue;; esac
[ -z "$(echo $dummy)" ] && continue;
description="import and validate $name"
if ${GPGSM} -q --import --with-validation --disable-crl-checks \
certs/$name ; then
if [ "$flag" = 'p' ]; then

31
tests/pkits/validity-periods Normal file
View File

@ -0,0 +1,31 @@
#!/bin/sh
# validity-periods - PKITS Test 4.2 -*- sh -*-
# Copyright (C) 2008 Free Software Foundation, Inc.
#
# This file is part of GnuPG.
#
# GnuPG is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# GnuPG is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see <http://www.gnu.org/licenses/>.
. ${srcdir:-.}/common.sh || exit 2
section=4.2
description="Validity Periods"
info "Running $description tests"
final_result

31
tests/pkits/verifying-basic-constraints Normal file
View File

@ -0,0 +1,31 @@
#!/bin/sh
# verifying-basic-constraints - PKITS Test 4.6 -*- sh -*-
# Copyright (C) 2008 Free Software Foundation, Inc.
#
# This file is part of GnuPG.
#
# GnuPG is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# GnuPG is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see <http://www.gnu.org/licenses/>.
. ${srcdir:-.}/common.sh || exit 2
section=4.6
description="Verifying Basic Constraints"
info "Running $description tests"
final_result

31
tests/pkits/verifying-name-chaining Normal file
View File

@ -0,0 +1,31 @@
#!/bin/sh
# verifying-name-chaining - PKITS Test 4.3 -*- sh -*-
# Copyright (C) 2008 Free Software Foundation, Inc.
#
# This file is part of GnuPG.
#
# GnuPG is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# GnuPG is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see <http://www.gnu.org/licenses/>.
. ${srcdir:-.}/common.sh || exit 2
section=4.3
description="Verifying Name Chaining"
info "Running $description tests"
final_result

31
tests/pkits/verifying-paths-self-issued Normal file
View File

@ -0,0 +1,31 @@
#!/bin/sh
# verifying-paths-self-issued - PKITS Test 4.5 -*- sh -*-
# Copyright (C) 2008 Free Software Foundation, Inc.
#
# This file is part of GnuPG.
#
# GnuPG is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# GnuPG is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see <http://www.gnu.org/licenses/>.
. ${srcdir:-.}/common.sh || exit 2
section=4.5
description="Verifying Paths with Self-Issued Certificates"
info "Running $description tests"
final_result

3
tools/gpgconf-comp.c
View File

@ -715,6 +715,9 @@ static gc_option_t gc_options_gpgsm[] =
{ "prefer-system-dirmngr", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
"gnupg", "use system's dirmngr if available",
GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
{ "disable-dirmngr", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
"gnupg", N_("disable all access to the dirmngr"),
GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
{ "p12-charset", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
"gnupg", N_("|NAME|use encoding NAME for PKCS#12 passphrases"),
GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },