xref: /freebsd/contrib/bearssl/test/x509/alltests.txt (revision f81cdf24ba5436367377f7c8e8f51f6df2a75ca7)
1; Most/all of these test chains use the same structure:
2;    root -> ica1 -> ica2 -> ee
3; "ica1" is "Intermediate CA 1"
4; "ee" is "end-entity", i.e. the client or server certificate itself
5;
6; In SSL/TLS order, the EE comes first. The root may or may not be included
7; as a self-signed certificate.
8
9[key]
10name = root-rsa2048
11type = RSA
12n = B6D934D450FDB3AF7A73F1CE38BF5D6F45E1FD4EB198C6608326D217D1C5B79AA3C1DE6339979CF05E5CC81C17B988196DF0B62E3050A1546E93C0DBCF30CB9F1E2779F1C3995235AA3DB6DFB0AD7CCB49CDC0EDE766102AE9CE281F2150FA774C2DDAEF3C58EB4EBFCEE9FB1ADAA383A3CDA3CA9380DCDAF317CC7AAB33809CB2D47F463FC53CDC6194B727296E2ABC5B0936D4C63B0DEBBECEDB1D1CBC106A7171B3F2CA289A77F28AEC42EFB14A8EE2F21A322ACDC0A6462C9AC28537917F46A19381A17466DFBAB339209193FA1DA1A885E7E4F907F610F6A82701B67F12C340C3C9E2B0AB49183A64B659B795B59636DF2269AA726A544E2729A30E9715
13e = 010001
14
15[key]
16name = root-p256
17type = EC
18curve = P-256
19q = 047174BAABB9302E81D5E557F9F320680C9CF964DBB4200D6DEA40D04A6E42FDB69A682544F6DF7BC4FCDEDD7BBBC5DB7C763F4166406EDBA787C2E5D8C5F37F8D
20
21[key]
22name = root-p384
23type = EC
24curve = P-384
25q = 040ED28B3F7F0A38A6DB72CB4DAC8198C3D595BFABEE2E4A3CC6797F1A272C57AD715F96B5FDA29C4DD87B75B1438B6A92C4FD0282A3080A857F28AB31FF8B49F805470A01EE551F7F27C914E7E780AE474558D6F5539BAE806626514FE560478B
26
27[key]
28name = root-p521
29type = EC
30curve = P-521
31q = 040168E669615D1B20F2E753D2C86312F51094D3E5C6CF49E8D73418278CD769FE40A84AD4F34865D59D94D5685B389E0CFD0450754CAE81ED1D4A91D0773F7A002ED701DEF2DBDEFC7554E74CD600693DBDE1A7E09CD9044774C744C7CE575BF8B645FF79FCCE06116F61D44FDAE62D3046F4EB41DECB8219B279A5B8CE2A47F3DF0D463B
32
33[key]
34name = root-new
35type = EC
36curve = P-256
37q = 0465D02336D3ACEB9A000B33A6EECA9745EFD72A0F7C0B138FAAA564E705A3269A479BB5A041DC1D244EA1D2BB9639C79187D3D63CEF79EDD1DC65E80027E75997
38
39[key]
40name = ica1-rsa2048
41type = RSA
42n = B3E86BAF9C1652E3810C50AB25CECC0DC7F21F7F50DF2C5C35D6622E632741A7E453A84B27FA1391A3FA094A2F3B5ECF77B38AC1CD49959C750D6474EFE4D74BB9A19B68D2307148EAF74B14DF3F47A9D8BBEC8F28CCFADFB41F947C96FC080528F9E8F42F2FEE629C8A3AE0855860B60F2D30B4C04154914C1F5FADF119F0C022A67DD83F793459427B5BB541C4647F52CF3C3722A12F7925942441C23FFAC775FB48B50D18A7F454F32E6ED84358C4AB50E805AD91B61E0175B3549CDEA09915FBACF15C974951CCEF58126F736BB33414010F5A9DFAAAD693D3E2EAC3ABBC4EEDCC51A1B8F894B6B42CA8862B1FF6514329525E1389B36A78604E4EC01BA5
43e = 010001
44
45[key]
46name = ica2-rsa2048
47type = RSA
48n = AE15F7CBEEE3961BCA63D22681B2D8163423735684FCFDB2E98E9DD0D9D0D706A191EF8D4F604E16BDE6529EE557867B7A7FFCBC34AD86EC9150ADD5C7D18D83E95ABA2FDB0DB92131FAA2FD91EC37836261809C6A82253309DF8F7893EACFDB93B0A2687CEA873E369C4B379A71E52084C3789A2BA42C7E76D561A9131272F14B411BC6A555BA9D8965C06699C0F17C9B61B24E6601B0A9C4FDC8C1D0C789BE2746DE6271BA27F52A850F436026BC2A9D07AAD608DC26D86956A1D308DED858936B0EC2AF783E2574D49F001820BFD7158DB9D13D8900A01264E186C0D580F124B2D2FB4C677CAE3DC9BF47026DE47C0D4490518CCD026237F86FB96701C695
49e = 010001
50
51[key]
52name = ee-rsa2048
53type = RSA
54n = D47A1D27BA2B3A67B2916AFBE78344CAED1C75ADDD4D8362D6AA6895B224217B15AE2A996815ED66F0B858E7D3F52EC6D92A5EE70E2EE7FC6759C0C8617D4BA46FDD9FD9C8858764C7BA1A0F29D496A8789A6B6220A932D0EEA98C286147A2502A63F621DEDAD8D5F07FC5008270E6A3BF5C89274F51927703C3B0CC2E3BEC23F22F5341AF8993FFD280B14397DED619A092127A3D6679E1C1BCE17770A28B3D4684533FE44E424137921E1FFD38B3F7EF873980D356CFF4E013DE64B072A40384C441ED6FFA3EE2CA0420D2D7DC2C822B7AE26DA11C48DBCF894F34973D28A853DAE7C1E17315A330767F8F2342143D5134D25AAD3C9BCBC8FE7F6E8E40F3BD
55e = 010001
56
57[key]
58name = ee-p256
59type = EC
60curve = P-256
61q = 045F389DA7FF4D8AAFF63439461AFC3ADFF423AAA9EAFBC508DE008EBE79A537584C6DDD01CAAB47DF89B6C7171F38FC1D2014DD45C0E08F934E380BFCE999A149
62
63[key]
64name = ee-p384
65type = EC
66curve = P-384
67q = 0415A488877F3D14830E29A1C2F2C0745CE8CF5E684304D1668972389BA615B34E9648D5A7861E49DFFFBFFFEAD7FC6AF11BC4516C3557332DD86DDFDE2A236CCEA844EBD594CCD3ED5B7AE0061BD6595737B59FE754BCDAB6FE38D34D93DBBF30
68
69[key]
70name = ee-p521
71type = EC
72curve = P-521
73q = 040060547ACA9D520FB3272833236CBF8E71AC286A3001FBB1E2C3FD8BAB0817DDE4E4FA53550F120D678F4D55AE4FF36C7C8EAE9E32A08A44FC66F45331E08946077A0139B87FE54B986012A94838C8006034941CD0512E596436D2E8E61CA93585D5C06EAD5094585B5B2A3E013803B3E6AAA1D4156EF09E8352029BB70AC6BF338F918B
74
75; Trust anchor: the root.
76[anchor]
77name = root
78DN_file = dn-root.der
79key = root-rsa2048
80type = CA
81
82; Trust anchor: root with an ECDSA key (in P-256 curve)
83[anchor]
84name = root-p256
85DN_file = dn-root.der
86key = root-p256
87type = CA
88
89; Trust anchor: root with an ECDSA key (in P-384 curve)
90[anchor]
91name = root-p384
92DN_file = dn-root.der
93key = root-p384
94type = CA
95
96; Trust anchor: root with an ECDSA key (in P-521 curve)
97[anchor]
98name = root-p521
99DN_file = dn-root.der
100key = root-p521
101type = CA
102
103; Trust anchor: another root with an ECDSA key (in P-256 curve)
104[anchor]
105name = root-new
106DN_file = dn-root-new.der
107key = root-new
108type = CA
109
110; Intermediate CA 1 as trust anchor.
111[anchor]
112name = ica1
113DN_file = dn-ica1.der
114key = ica1-rsa2048
115type = CA
116
117; Intermediate CA 2 as trust anchor.
118[anchor]
119name = ica2
120DN_file = dn-ica2.der
121key = ica2-rsa2048
122type = CA
123
124; EE certificate as trust anchor (direct trust only).
125[anchor]
126name = ee
127DN_file = dn-ee.der
128key = ee-rsa2048
129type = EE
130
131; Base valid chain.
132[chain]
133name = base
134anchors = root
135chain = ee.crt ica2.crt ica1.crt
136servername = www.example.com
137keytype = RSA
138keyusage = KEYX
139eekey = ee-rsa2048
140status = 0
141
142; Valid chain except that no trust anchor is provided; this should fail
143; with BR_ERR_X509_NOT_TRUSTED.
144[chain]
145name = noTA
146anchors =
147chain = ee.crt ica2.crt ica1.crt
148servername = www.example.com
149keytype = RSA
150keyusage = KEYX
151status = 62
152
153; Use of intermediate CA 1 as anchor (extra certificates are ignored).
154[chain]
155name = anchorICA1
156anchors = ica1
157chain = ee.crt ica2.crt junk.crt junk.crt
158servername = www.example.com
159keytype = RSA
160keyusage = KEYX
161eekey = ee-rsa2048
162status = 0
163
164; Use of intermediate CA 2 as anchor (extra certificates are ignored).
165[chain]
166name = anchorICA2
167anchors = ica2
168chain = ee.crt junk.crt junk.crt
169servername = www.example.com
170keytype = RSA
171keyusage = KEYX
172eekey = ee-rsa2048
173status = 0
174
175; Direct trust of EE.
176[chain]
177name = directTrust
178anchors = ee
179chain = ee.crt junk.crt junk.crt
180servername = www.example.com
181keytype = RSA
182keyusage = KEYX
183eekey = ee-rsa2048
184status = 0
185
186; Server name check: name does not match the SAN nor the CN.
187[chain]
188name = wrongName1
189anchors = root
190chain = ee.crt ica2.crt ica1.crt
191servername = foo.example.com
192keytype = RSA
193keyusage = KEYX
194status = 56
195
196; Server name check: name matches the CN but not the SAN, and there is
197; a SAN so the CN is ignored.
198[chain]
199name = wrongName2
200anchors = root
201chain = ee-names.crt ica2.crt ica1.crt
202servername = www.example.com
203keytype = RSA
204keyusage = KEYX
205status = 56
206
207; Server name check: name does not match CN, but matches the first SAN
208; name.
209[chain]
210name = goodName1
211anchors = root
212chain = ee-names.crt ica2.crt ica1.crt
213servername = foo.example.com
214keytype = RSA
215keyusage = KEYX
216eekey = ee-rsa2048
217status = 0
218
219; Server name check: name does not match CN, but matches the second SAN
220; name.
221[chain]
222name = goodName2
223anchors = root
224chain = ee-names.crt ica2.crt ica1.crt
225servername = barqux.example.com
226keytype = RSA
227keyusage = KEYX
228eekey = ee-rsa2048
229status = 0
230
231; Server name check: no SAN, but the CN matches the server name.
232[chain]
233name = goodName3
234anchors = root
235chain = ee-names2.crt ica2.crt ica1.crt
236servername = www.example.com
237keytype = RSA
238keyusage = KEYX
239eekey = ee-rsa2048
240status = 0
241
242; Server name check: no SAN, and the CN does not match the server name.
243[chain]
244name = wrongName3
245anchors = root
246chain = ee-names2.crt ica2.crt ica1.crt
247servername = foo.example.com
248keytype = RSA
249keyusage = KEYX
250status = 56
251
252; Server name check: no SAN, and the CN does not match the server name,
253; although its byte contents seem to match (but with BMPString encoding).
254[chain]
255name = wrongName4
256anchors = root
257chain = ee-names3.crt ica2.crt ica1.crt
258servername = www1.example.com
259keytype = RSA
260keyusage = KEYX
261status = 56
262
263; Server name check: no SAN, and the CN uses BMPString encoding, but we
264; do not actually request a server name check, so this should pass.
265[chain]
266name = ignoreName1
267anchors = root
268chain = ee-names3.crt ica2.crt ica1.crt
269keytype = RSA
270keyusage = KEYX
271eekey = ee-rsa2048
272status = 0
273
274; Wildcard processing: the name 'localhost' should not match because
275; the engine recognises the wildcard only in a '*.' starting sequence,
276; so the lone '*' in a SAN will not be accepted.
277[chain]
278name = wildcard1
279anchors = root
280chain = ee-names4.crt ica2.crt ica1.crt
281servername = localhost
282keytype = RSA
283keyusage = KEYX
284status = 56
285
286; Wildcard processing: the name 'example.com' will be matched by '*.com'.
287[chain]
288name = wildcard2
289anchors = root
290chain = ee-names4.crt ica2.crt ica1.crt
291servername = example.com
292keytype = RSA
293keyusage = KEYX
294eekey = ee-rsa2048
295status = 0
296
297; Wildcard processing: the name 'www.example.com' will be matched by
298; '*.example.com'.
299[chain]
300name = wildcard3
301anchors = root
302chain = ee-names4.crt ica2.crt ica1.crt
303servername = www.example.com
304keytype = RSA
305keyusage = KEYX
306eekey = ee-rsa2048
307status = 0
308
309; Wildcard processing: the name 'foo.foo.example.com' will not be matched by
310; 'foo.*.example.com' because we accept the wildcard only in the first name
311; component.
312[chain]
313name = wildcard4
314anchors = root
315chain = ee-names4.crt ica2.crt ica1.crt
316servername = foo.foo.example.com
317keytype = RSA
318keyusage = KEYX
319status = 56
320
321; Wildcard processing: the name 'foo.bar.example.com' will not be matched by
322; 'foo.*.example.com', but '*.bar.example.com' will fit.
323[chain]
324name = wildcard5
325anchors = root
326chain = ee-names4.crt ica2.crt ica1.crt
327servername = foo.bar.example.com
328keytype = RSA
329keyusage = KEYX
330eekey = ee-rsa2048
331status = 0
332
333; Wildcard processing: the name 'foo.bar.example.foobar' will not be matched by
334; '*.*.example.foobar' because we support only a single level of wildcard.
335[chain]
336name = wildcard6
337anchors = root
338chain = ee-names4.crt ica2.crt ica1.crt
339servername = foo.bar.example.foobar
340keytype = RSA
341keyusage = KEYX
342status = 56
343
344; Wildcard processing: the name 'foo.*.example.foobar' will be matched
345; by '*.*.example.foobar' because the '*' in the provided server name matches
346; the second '*' in '*.*.example.foobar'. This is a corner case with no
347; practical impact because expected server names are usually extracted from
348; URL and cannot have embedded '*' in them.
349[chain]
350name = wildcard7
351anchors = root
352chain = ee-names4.crt ica2.crt ica1.crt
353servername = foo.*.example.com
354keytype = RSA
355keyusage = KEYX
356eekey = ee-rsa2048
357status = 0
358
359; Hash function support: the chain uses only SHA-256.
360[chain]
361name = hashSHA256Only
362anchors = root
363chain = ee.crt ica2.crt ica1.crt
364servername = www.example.com
365keytype = RSA
366keyusage = KEYX
367hashes = sha256
368eekey = ee-rsa2048
369status = 0
370
371; Hash function support: the chain uses only SHA-256.
372[chain]
373name = hashSHA256Unsupported
374anchors = root
375chain = ee.crt ica2.crt ica1.crt
376servername = www.example.com
377keytype = RSA
378keyusage = KEYX
379hashes = md5 sha1 sha224 sha384 sha512
380status = 49
381
382; Hash function support: signature on EE uses SHA-1.
383[chain]
384name = hashSHA1
385anchors = root
386chain = ee-sha1.crt ica2.crt ica1.crt
387servername = www.example.com
388keytype = RSA
389keyusage = KEYX
390eekey = ee-rsa2048
391status = 0
392
393; Hash function support: signature on EE uses SHA-224.
394[chain]
395name = hashSHA224
396anchors = root
397chain = ee-sha224.crt ica2.crt ica1.crt
398servername = www.example.com
399keytype = RSA
400keyusage = KEYX
401eekey = ee-rsa2048
402status = 0
403
404; Hash function support: signature on EE uses SHA-384.
405[chain]
406name = hashSHA384
407anchors = root
408chain = ee-sha384.crt ica2.crt ica1.crt
409servername = www.example.com
410keytype = RSA
411keyusage = KEYX
412eekey = ee-rsa2048
413status = 0
414
415; Hash function support: signature on EE uses SHA-512.
416[chain]
417name = hashSHA512
418anchors = root
419chain = ee-sha512.crt ica2.crt ica1.crt
420servername = www.example.com
421keytype = RSA
422keyusage = KEYX
423eekey = ee-rsa2048
424status = 0
425
426; Hash function support: signature on EE uses MD5. This is rejected by
427; the engine (even though MD5 is supported as a hash function).
428[chain]
429name = hashMD5
430anchors = root
431chain = ee-md5.crt ica2.crt ica1.crt
432servername = www.example.com
433keytype = RSA
434keyusage = KEYX
435status = 49
436
437; EE certificate has trailing garbage (an extra byte), which should be
438; rejected.
439[chain]
440name = trailingGarbage
441anchors = root
442chain = ee-trailing.crt ica2.crt ica1.crt
443servername = www.example.com
444keytype = RSA
445keyusage = KEYX
446status = 40
447
448; Signature on EE certificate is incorrect (one byte modified in signature).
449[chain]
450name = badSignature1
451anchors = root
452chain = ee-badsig1.crt ica2.crt ica1.crt
453servername = www.example.com
454keytype = RSA
455keyusage = KEYX
456status = 52
457
458; Signature on EE certificate is incorrect (one byte modified in serial
459; number).
460[chain]
461name = badSignature2
462anchors = root
463chain = ee-badsig2.crt ica2.crt ica1.crt
464servername = www.example.com
465keytype = RSA
466keyusage = KEYX
467status = 52
468
469; Signature on EE certificate is incorrect but this is ignored because we
470; use a direct trust model here.
471[chain]
472name = ignoredSignature1
473anchors = ee
474chain = ee-badsig1.crt ica2.crt ica1.crt
475servername = www.example.com
476keytype = RSA
477keyusage = KEYX
478eekey = ee-rsa2048
479status = 0
480
481; Signature on EE certificate is incorrect but this is ignored because we
482; use a direct trust model here.
483[chain]
484name = ignoredSignature2
485anchors = ee
486chain = ee-badsig2.crt ica2.crt ica1.crt
487servername = www.example.com
488keytype = RSA
489keyusage = KEYX
490eekey = ee-rsa2048
491status = 0
492
493; Intermediate CA 1 has a 1016-bit RSA key, which should be rejected
494; with BR_ERR_X509_WEAK_PUBLIC_KEY.
495[chain]
496name = rsa1016
497anchors = root
498chain = ee.crt ica2-1016.crt ica1-1016.crt
499servername = www.example.com
500keytype = RSA
501keyusage = KEYX
502status = 60
503
504; Intermediate CA 1 has a 1017-bit RSA key, which should be accepted
505; (because that's 128 bytes, which is the lower limit).
506[chain]
507name = rsa1017
508anchors = root
509chain = ee.crt ica2-1017.crt ica1-1017.crt
510servername = www.example.com
511keytype = RSA
512keyusage = KEYX
513eekey = ee-rsa2048
514status = 0
515
516; Intermediate CA 1 has a 4096-bit RSA key, which should be supported.
517[chain]
518name = rsa4096
519anchors = root
520chain = ee.crt ica2-4096.crt ica1-4096.crt
521servername = www.example.com
522keytype = RSA
523keyusage = KEYX
524eekey = ee-rsa2048
525status = 0
526
527; EE is valid from 2010/02/17 11:40:35 to 2098/07/20 15:11:08. The
528; start date is in UTCTime, the end date is in GeneralizedTime.
529[chain]
530name = date1
531anchors = ica2
532chain = ee-dates.crt ica2.crt ica1.crt
533time = 2010-02-17 11:40:34Z
534servername = www.example.com
535keytype = RSA
536keyusage = KEYX
537status = 54
538
539; EE is valid from 2010/02/17 11:40:35 to 2098/07/20 15:11:08. The
540; start date is in UTCTime, the end date is in GeneralizedTime.
541[chain]
542name = date2
543anchors = ica2
544chain = ee-dates.crt ica2.crt ica1.crt
545time = 2010-02-17 11:40:36Z
546servername = www.example.com
547keytype = RSA
548keyusage = KEYX
549eekey = ee-rsa2048
550status = 0
551
552; EE is valid from 2010/02/17 11:40:35 to 2098/07/20 15:11:08. The
553; start date is in UTCTime, the end date is in GeneralizedTime.
554[chain]
555name = date3
556anchors = ica2
557chain = ee-dates.crt ica2.crt ica1.crt
558time = 2098-07-20 15:11:07Z
559servername = www.example.com
560keytype = RSA
561keyusage = KEYX
562eekey = ee-rsa2048
563status = 0
564
565; EE is valid from 2010/02/17 11:40:35 to 2098/07/20 15:11:08. The
566; start date is in UTCTime, the end date is in GeneralizedTime.
567[chain]
568name = date4
569anchors = ica2
570chain = ee-dates.crt ica2.crt ica1.crt
571time = 2098-07-20 15:11:09Z
572servername = www.example.com
573keytype = RSA
574keyusage = KEYX
575status = 54
576
577; Intermediate CA 2 certificate is not a CA.
578[chain]
579name = notCA
580anchors = root
581chain = ee-dates.crt ica2-notCA.crt ica1.crt
582servername = www.example.com
583keytype = RSA
584keyusage = KEYX
585status = 58
586
587; A chain using ECDSA with P-256.
588[chain]
589name = secp256r1
590anchors = root-p256
591chain = ee-p256.crt ica2-p256.crt ica1-p256.crt
592servername = www.example.com
593keytype = EC
594keyusage = SIGN
595eekey = ee-p256
596status = 0
597
598; A chain using ECDSA with P-384.
599[chain]
600name = secp384r1
601anchors = root-p384
602chain = ee-p384.crt ica2-p384.crt ica1-p384.crt
603servername = www.example.com
604keytype = EC
605keyusage = SIGN
606eekey = ee-p384
607status = 0
608
609; A chain using ECDSA with P-521.
610[chain]
611name = secp521r1
612anchors = root-p521
613chain = ee-p521.crt ica2-p521.crt ica1-p521.crt
614servername = www.example.com
615keytype = EC
616keyusage = SIGN
617eekey = ee-p521
618status = 0
619
620; A chain using ECDSA with P-256, signature on EE uses SHA-1.
621[chain]
622name = secp256r1-sha1
623anchors = root-p256
624chain = ee-p256-sha1.crt ica2-p256.crt ica1-p256.crt
625servername = www.example.com
626keytype = EC
627keyusage = SIGN
628eekey = ee-p256
629status = 0
630
631; A chain using ECDSA with P-256, signature on EE uses SHA-224.
632[chain]
633name = secp256r1-sha224
634anchors = root-p256
635chain = ee-p256-sha224.crt ica2-p256.crt ica1-p256.crt
636servername = www.example.com
637keytype = EC
638keyusage = SIGN
639eekey = ee-p256
640status = 0
641
642; A chain using ECDSA with P-256, signature on EE uses SHA-256.
643[chain]
644name = secp256r1-sha256
645anchors = root-p256
646chain = ee-p256-sha256.crt ica2-p256.crt ica1-p256.crt
647servername = www.example.com
648keytype = EC
649keyusage = SIGN
650eekey = ee-p256
651status = 0
652
653; A chain using ECDSA with P-256, signature on EE uses SHA-384.
654[chain]
655name = secp256r1-sha384
656anchors = root-p256
657chain = ee-p256-sha384.crt ica2-p256.crt ica1-p256.crt
658servername = www.example.com
659keytype = EC
660keyusage = SIGN
661eekey = ee-p256
662status = 0
663
664; A chain using ECDSA with P-256, signature on EE uses SHA-512.
665[chain]
666name = secp256r1-sha512
667anchors = root-p256
668chain = ee-p256-sha512.crt ica2-p256.crt ica1-p256.crt
669servername = www.example.com
670keytype = EC
671keyusage = SIGN
672eekey = ee-p256
673status = 0
674
675; EE certificate has a Certificate Policies extension, but it is not
676; critical.
677[chain]
678name = certpol-noncrit
679anchors = root-new
680chain = ee-cp1.crt
681servername = www.example.com
682keytype = RSA
683keyusage = KEYX
684eekey = ee-rsa2048
685status = 0
686
687; EE certificate has a critical Certificate Policies extension, but it
688; contains no policy qualifier.
689[chain]
690name = certpol-noqual
691anchors = root-new
692chain = ee-cp2.crt
693servername = www.example.com
694keytype = RSA
695keyusage = KEYX
696eekey = ee-rsa2048
697status = 0
698
699; EE certificate has a critical Certificate Policies extension, and it
700; contains some qualifiers, but they are all id-qt-cps.
701[chain]
702name = certpol-qualcps
703anchors = root-new
704chain = ee-cp3.crt
705servername = www.example.com
706keytype = RSA
707keyusage = KEYX
708eekey = ee-rsa2048
709status = 0
710
711; EE certificate has a critical Certificate Policies extension, and it
712; contains a qualifier distinct from id-qt-cps. This implies rejection
713; of the path.
714[chain]
715name = certpol-qualother
716anchors = root-new
717chain = ee-cp4.crt
718servername = www.example.com
719keytype = RSA
720keyusage = KEYX
721eekey = ee-rsa2048
722status = 57
723