Lines Matching full:ee
35 ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]),
39 ok(!verify("ee-cert", "sslserver", [qw(root-nonca)], [qw(ca-cert)]),
41 ok(!verify("ee-cert", "sslserver", [qw(nroot+serverAuth)], [qw(ca-cert)]),
43 ok(!verify("ee-cert", "sslserver", [qw(nroot+anyEKU)], [qw(ca-cert)]),
45 ok(!verify("ee-cert", "sslserver", [qw(root-cert2)], [qw(ca-cert)]),
47 ok(!verify("ee-cert", "sslserver", [qw(root-name2)], [qw(ca-cert)]),
52 ok(verify("ee-cert-noncrit-unknown-ext", "", ["root-cert"], ["ca-cert"]),
54 ok(!verify("ee-cert-crit-unknown-ext", "", ["root-cert"], ["ca-cert"]),
56 ok(verify("ee-cert-ocsp-nocheck", "", ["root-cert"], ["ca-cert"]),
61 ok(verify("ee-cert", "sslserver", [qw(sroot-cert)], [qw(ca-cert)]),
63 ok(!verify("ee-cert", "sslserver", [qw(croot-cert)], [qw(ca-cert)]),
65 ok(verify("ee-cert", "sslserver", [qw(root+serverAuth)], [qw(ca-cert)]),
67 ok(verify("ee-cert", "sslserver", [qw(sroot+serverAuth)], [qw(ca-cert)]),
69 ok(verify("ee-cert", "sslserver", [qw(croot+serverAuth)], [qw(ca-cert)]),
72 ok(verify("ee-cert", "sslserver", [qw(root+anyEKU)], [qw(ca-cert)]),
74 ok(verify("ee-cert", "sslserver", [qw(sroot+anyEKU)], [qw(ca-cert)]),
76 ok(verify("ee-cert", "sslserver", [qw(croot+anyEKU)], [qw(ca-cert)]),
79 ok(verify("ee-cert", "sslserver", [qw(root-clientAuth)], [qw(ca-cert)]),
81 ok(verify("ee-cert", "sslserver", [qw(sroot-clientAuth)], [qw(ca-cert)]),
83 ok(!verify("ee-cert", "sslserver", [qw(croot-clientAuth)], [qw(ca-cert)]),
86 ok(!verify("ee-cert", "sslserver", [qw(root+clientAuth)], [qw(ca-cert)]),
88 ok(!verify("ee-cert", "sslserver", [qw(sroot+clientAuth)], [qw(ca-cert)]),
90 ok(!verify("ee-cert", "sslserver", [qw(croot+clientAuth)], [qw(ca-cert)]),
93 ok(!verify("ee-cert", "sslserver", [qw(root-serverAuth)], [qw(ca-cert)]),
95 ok(!verify("ee-cert", "sslserver", [qw(sroot-serverAuth)], [qw(ca-cert)]),
97 ok(!verify("ee-cert", "sslserver", [qw(croot-serverAuth)], [qw(ca-cert)]),
100 ok(!verify("ee-cert", "sslserver", [qw(root-anyEKU)], [qw(ca-cert)]),
102 ok(!verify("ee-cert", "sslserver", [qw(sroot-anyEKU)], [qw(ca-cert)]),
104 ok(!verify("ee-cert", "sslserver", [qw(croot-anyEKU)], [qw(ca-cert)]),
110 ok(verify("ee-cert", "sslserver", [qw(root-serverAuth root-cert2 ca-root2)],
113 ok(verify("ee-cert", "sslserver", [qw(root-cert root2+serverAuth ca-root2)],
116 ok(!verify("ee-cert", "sslserver", [qw(root-cert root2-serverAuth ca-root2)],
119 ok(!verify("ee-cert", "sslserver", [qw(root-cert root2+clientAuth ca-root2)],
124 ok(!verify("ee-cert", "sslserver", [qw(root-cert)], [qw(ca-nonca)]),
126 ok(!verify("ee-cert", "sslserver", [qw(root-cert)], [qw(ca-nonbc)]),
128 ok(!verify("ee-cert", "sslserver", [qw(root-cert ca-nonca)], []),
130 ok(!verify("ee-cert", "sslserver", [qw(root-cert ca-nonbc)], []),
132 ok(!verify("ee-cert", "sslserver", [qw(root-cert nca+serverAuth)], []),
134 ok(!verify("ee-cert", "sslserver", [qw(root-cert nca+anyEKU)], []),
136 ok(!verify("ee-cert", "sslserver", [qw(root-cert)], [qw(ca-cert2)]),
138 ok(!verify("ee-cert", "sslserver", [qw(root-cert)], [qw(ca-name2)]),
140 ok(!verify("ee-cert", "sslserver", [qw(root-cert)], [qw(ca-root2)]),
142 ok(!verify("ee-cert", "sslserver", [], [qw(ca-cert)], "-partial_chain"),
144 ok(verify("ee-cert", "sslserver", [qw(ca-cert)], [], "-partial_chain"),
146 ok(!verify("ee-cert", "sslserver", [qw(ca-expired)], [], "-partial_chain"),
148 ok(!verify("ee-cert", "sslserver", [qw(root-expired)], [qw(ca-cert)]),
150 ok(verify("ee-cert", "sslserver", [qw(sca-cert)], [], "-partial_chain"),
152 ok(!verify("ee-cert", "sslserver", [qw(cca-cert)], [], "-partial_chain"),
154 ok(verify("ee-cert", "sslserver", [qw(ca+serverAuth)], [], "-partial_chain"),
156 ok(verify("ee-cert", "sslserver", [qw(cca+serverAuth)], [], "-partial_chain"),
158 ok(verify("ee-cert", "sslserver", [qw(ca-clientAuth)], [], "-partial_chain"),
160 ok(verify("ee-cert", "sslserver", [qw(ca+anyEKU)], [], "-partial_chain"),
162 ok(!verify("ee-cert", "sslserver", [], [qw(ca+serverAuth)], "-partial_chain"),
164 ok(!verify("ee-cert", "sslserver", [qw(ca-serverAuth)], [], "-partial_chain"),
166 ok(!verify("ee-cert", "sslserver", [qw(ca+clientAuth)], [], "-partial_chain"),
168 ok(!verify("ee-cert", "sslserver", [qw(ca-anyEKU)], [], "-partial_chain"),
174 ok(verify("ee-cert", "sslserver", [qw(root-cert ca+serverAuth)], [qw(ca-cert)]),
176 ok(verify("ee-cert", "sslserver", [qw(root-cert ca+anyEKU)], [qw(ca-cert)]),
178 ok(verify("ee-cert", "sslserver", [qw(root-cert sca-cert)], [qw(ca-cert)]),
180 ok(verify("ee-cert", "sslserver", [qw(root-cert sca+serverAuth)], [qw(ca-cert)]),
182 ok(verify("ee-cert", "sslserver", [qw(root-cert sca+anyEKU)], [qw(ca-cert)]),
184 ok(verify("ee-cert", "sslserver", [qw(root-cert sca-clientAuth)], [qw(ca-cert)]),
186 ok(verify("ee-cert", "sslserver", [qw(root-cert cca+serverAuth)], [qw(ca-cert)]),
188 ok(verify("ee-cert", "sslserver", [qw(root-cert cca+anyEKU)], [qw(ca-cert)]),
190 ok(!verify("ee-cert", "sslserver", [qw(root-cert cca-cert)], [qw(ca-cert)]),
192 ok(!verify("ee-cert", "sslserver", [qw(root-cert ca-anyEKU)], [qw(ca-cert)]),
194 ok(!verify("ee-cert", "sslserver", [qw(root-cert ca-serverAuth)], [qw(ca-cert)]),
196 ok(!verify("ee-cert", "sslserver", [qw(root-cert ca+clientAuth)], [qw(ca-cert)]),
198 ok(!verify("ee-cert", "sslserver", [qw(root-cert sca+clientAuth)], [qw(ca-cert)]),
200 ok(!verify("ee-cert", "sslserver", [qw(root-cert cca+clientAuth)], [qw(ca-cert)]),
202 ok(!verify("ee-cert", "sslserver", [qw(root-cert cca-serverAuth)], [qw(ca-cert)]),
204 ok(!verify("ee-cert", "sslserver", [qw(root-cert cca-clientAuth)], [qw(ca-cert)]),
206 ok(!verify("ee-cert", "sslserver", [qw(root-cert sca-serverAuth)], [qw(ca-cert)]),
208 ok(!verify("ee-cert", "sslserver", [qw(root-cert sca-anyEKU)], [qw(ca-cert)]),
210 ok(!verify("ee-cert", "sslserver", [qw(root-cert cca-anyEKU)], [qw(ca-cert)]),
213 # EE variants
214 ok(verify("ee-client", "sslclient", [qw(root-cert)], [qw(ca-cert)]),
216 ok(!verify("ee-client", "sslserver", [qw(root-cert)], [qw(ca-cert)]),
218 ok(!verify("ee-cert", "sslclient", [qw(root-cert)], [qw(ca-cert)]),
220 ok(!verify("ee-cert2", "sslserver", [qw(root-cert)], [qw(ca-cert)]),
222 ok(!verify("ee-name2", "sslserver", [qw(root-cert)], [qw(ca-cert)]),
224 ok(!verify("ee-expired", "sslserver", [qw(root-cert)], [qw(ca-cert)]),
226 ok(verify("ee-cert", "sslserver", [qw(ee-cert)], [], "-partial_chain"),
228 ok(verify("ee-client", "sslclient", [qw(ee-client)], [], "-partial_chain"),
230 ok(!verify("ee-cert", "sslserver", [qw(ee-client)], [], "-partial_chain"),
232 ok(verify("ee-cert", "sslserver", [qw(ee+serverAuth)], [], "-partial_chain"),
234 ok(!verify("ee-cert", "sslserver", [qw(ee-serverAuth)], [], "-partial_chain"),
236 ok(verify("ee-client", "sslclient", [qw(ee+clientAuth)], [], "-partial_chain"),
238 ok(!verify("ee-client", "sslclient", [qw(ee-clientAuth)], [], "-partial_chain"),
240 ok(verify("ee-pathlen", "sslserver", [qw(root-cert)], [qw(ca-cert)]),
242 ok(!verify("ee-pathlen", "sslserver", [qw(root-cert)], [qw(ca-cert)], "-x509_strict"),
246 ok(!verify("pc1-cert", "sslclient", [qw(root-cert)], [qw(ee-client ca-cert)]),
248 ok(verify("pc1-cert", "sslclient", [qw(root-cert)], [qw(ee-client ca-cert)],
251 ok(verify("pc2-cert", "sslclient", [qw(root-cert)], [qw(pc1-cert ee-client ca-cert)],
254 ok(!verify("bad-pc3-cert", "sslclient", [qw(root-cert)], [qw(pc1-cert ee-client ca-cert)],
257 ok(!verify("bad-pc4-cert", "sslclient", [qw(root-cert)], [qw(pc1-cert ee-client ca-cert)],
260 ok(verify("pc5-cert", "sslclient", [qw(root-cert)], [qw(pc1-cert ee-client ca-cert)],
263 ok(!verify("pc6-cert", "sslclient", [qw(root-cert)], [qw(pc1-cert ee-client ca-cert)],
268 ok(verify("ee-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
270 ok(!verify("ee-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "3"),
272 ok(verify("ee-cert", "", ["root-cert-768"], ["ca-cert-768i"], "-auth_level", "0"),
274 ok(!verify("ee-cert", "", ["root-cert-768"], ["ca-cert-768i"]),
276 ok(verify("ee-cert-768i", "", ["root-cert"], ["ca-cert-768"], "-auth_level", "0"),
278 ok(!verify("ee-cert-768i", "", ["root-cert"], ["ca-cert-768"]),
280 ok(verify("ee-cert-768", "", ["root-cert"], ["ca-cert"], "-auth_level", "0"),
282 ok(!verify("ee-cert-768", "", ["root-cert"], ["ca-cert"]),
285 ok(verify("ee-cert", "", ["root-cert-md5"], ["ca-cert"], "-auth_level", "2"),
287 ok(verify("ee-cert", "", ["ca-cert-md5-any"], [], "-auth_level", "2"),
289 ok(verify("ee-cert", "", ["root-cert"], ["ca-cert-md5"], "-auth_level", "0"),
291 ok(!verify("ee-cert", "", ["root-cert"], ["ca-cert-md5"]),
293 ok(verify("ee-cert-md5", "", ["root-cert"], ["ca-cert"], "-auth_level", "0"),
295 ok(!verify("ee-cert-md5", "", ["root-cert"], ["ca-cert"]),
302 ok(!verify("ee-cert-ec-explicit", "", ["root-cert"],
305 ok(!verify("ee-cert-ec-named-explicit", "", ["root-cert"],
308 ok(verify("ee-cert-ec-named-named", "", ["root-cert"],
329 ok(!verify("ee-cert-ec-explicit", "", ["root-cert"],
332 ok(!verify("ee-cert-ec-named-explicit", "", ["root-cert"],
335 ok(verify("ee-cert-ec-named-named", "", ["root-cert"],
346 ok(verify("ee-cert", "", ["root-cert"], ["ca-cert"], "-verify_depth", "2"),
348 ok(verify("ee-cert", "", ["root-cert"], ["ca-cert"], "-verify_depth", "1"),
350 ok(!verify("ee-cert", "", ["root-cert"], ["ca-cert"], "-verify_depth", "0"),
352 ok(verify("ee-cert", "", ["ca-cert-md5-any"], [], "-verify_depth", "0"),
416 ok(verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "0"),
419 ok(verify("ee-pss-sha256-cert", "", ["root-cert"], ["ca-cert"], ),
422 ok(!verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "1"),
425 ok(verify("ee-pss-sha256-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
428 ok(verify("ee-pss-cert", "", ["root-cert"], ["ca-pss-cert"], ),
430 ok(!verify("ee-pss-wrong1.5-cert", "", ["root-cert"], ["ca-pss-cert"], ),
449 ok(verify("ee-self-signed", "", ["ee-self-signed"], [], "-attime", "1593565200"),
450 "accept trusted self-signed EE cert excluding key usage keyCertSign");
451 ok(verify("ee-ss-with-keyCertSign", "", ["ee-ss-with-keyCertSign"], []),
452 "accept trusted self-signed EE cert with key usage keyCertSign also when strict");
459 ok(verify("ee-ed25519", "", ["root-ed25519"], []),
460 "accept X25519 EE cert issued by trusted Ed25519 self-signed CA cert");
462 ok(!verify("ee-ed25519", "", ["root-ed25519"], [], "-x509_strict"),
463 "reject X25519 EE cert in strict mode since AKID is missing");
465 ok(!verify("root-ed25519", "", ["ee-ed25519"], []),
466 "fail Ed25519 CA and EE certs swapped");
471 ok(!verify("ee-ed25519", "", ["ee-ed25519"], []),
474 ok(verify("ee-ed25519", "", ["ee-ed25519"], [], "-partial_chain"),
521 ok(verify("ee-cert-policies", "", ["root-cert"], ["ca-pol-cert"],
526 ok(!verify("ee-cert-policies-bad", "", ["root-cert"], ["ca-pol-cert"],