xref: /openbsd/regress/lib/libcrypto/certs/README (revision 09467b48) 
1This directory contains tools for building certificate chains to
2test verification. Each subdirectory contains a set of certificates
3that test a particular scenario. The root certificate(s) are contained
4in a roots.pem file, while the leaf certificate and any untrusted
5intermediate certificates are contained in a bundle.pem file.
6
7 1a. A leaf certificate signed by the root certificate with no
8     intermediates (should verify).
9
10 2a. A leaf certificate signed by an intermediate, which is signed
11     by a root certificate (should verify).
12
13 2b. Same as (2a), however the intermediate is missing which should
14     prevent verification.
15
16 3a. A leaf certificate signed by three intermediates, the last of
17     which is signed by a root certificate (should verify).
18
19 3b. Same as (3a) however the first intermediate is missing which should
20     prevent verification.
21
22 3c. Same as (3a) however the second intermediate is missing which should
23     prevent verification.
24
25 3d. Same as (3a) however the third intermediate is missing which should
26     prevent verification.
27
28 3e. Same as (3a) however the order of the intermediates is reversed
29     (should verify).
30
31 4a. A leaf certificate signed by an intermediate, that is cross
32     signed by two root certificates (should verify with two chains).
33
34 4b. Same as (4a) but with one root missing (should verify with one chain).
35
36 4c. Same as (4b) but with the other root missing (should verify with one
37     chain).
38
39 4d. Same as (4a) but with one intermediate missing (should verify with one
40     chain).
41
42 4e. Same as (4d) but with the other intermediate missing (should verify
43     with one chain).
44
45 4f. Same as (4a) but with the intermediates reversed (should verify with
46     two chains).
47
48 4g. Same as (4b) but with the intermediates reversed (should verify with
49     one chain).
50
51 4h. Same as (4c) but with the intermediates reversed (should verify with
52     one chain).
53
54 5a. A leaf certificate signed by an intermediate, that is cross
55     signed by one root certificate and an intermediate, which in turn
56     is signed by a second root (should verify with two chains).
57
58 5b. Same as (5a) but missing the first root certificate (should verify
59     with one chain).
60
61 5c. Same as (5a) but missing the second root certificate (should verify
62     with one chain).
63
64 5d. Same as (5a) but missing the first intermediate (should verify with
65     one chain).
66
67 5e. Same as (5a) but missing the second intermediate (should verify
68     with one chain).
69
70 5f. Same as (5a) but missing the cross-signed intermediate (should verify
71     with one chain).
72
73 5g. Same as (5a) but order of intermediates is reversed (should verify
74     with two chains).
75
76 5h. Same as (5g) but missing the first root certificate (should verify
77     with two chains).
78
79 5i. Same as (5g) but missing the second root certificate (should verify
80     with two chains).
81
82 6a. A leaf certificate signed by an intermediate, that is cross
83     signed by an expired root certificate and an intermediate, which
84     in turn is signed by a second root (should verify with one chain).
85
86 6b. Same as (6a) but the order of the intermediates is reversed (should
87     verify with one chain).
88
89 7a. A leaf certificate signed by an intermediate, that is cross
90     signed by a root certificate and an intermediate, which in turn
91     is signed by a second root that has expired (should verify with one
92     chain).
93
94 7b. Same as (7a) but the order of the intermediates is reversed (should
95     verify with one chain).
96
97 8a. An expired leaf certificate signed by an intermediate that is then
98     signed by a root certificate (should fail to verify).
99
100 9a. A leaf certificate signed by an expired intermediate, which is
101     signed by a root certificate (should fail to verify).
102
10310a. A leaf certificate signed by an intermediate, that is cross
104     signed by two root certificates, with one of the cross signings
105     having expired (should verify with one chain).
106
10710b. Same as (10a) but order of intermediates is reversed (should verify
108     with one chain.
109
11011a. A leaf certificate signed by an intermediate, that is cross
111     signed by one root certificate and an expired intermediate, which
112     in turn is signed by a second root (should verify with one chain).
113
11411b. Same as (11a) but order of intermediates is reversed (should verify
115     with one chain.
116
11712a. A leaf certificate signed by an intermediate, that is signed by a
118     root certificate and cross signed as an expired intermediate, by a
119     second root (should verify with one chain).
120
12113a. A leaf certificate signed by an intermediate, that is signed by an
122     expired root certificate and cross signed as an intermediate, by a
123     second root (should verify with one chain).
124