diff options
Diffstat (limited to 'src')
29 files changed, 801 insertions, 0 deletions
diff --git a/src/regress/lib/libcrypto/x509/policy/Makefile b/src/regress/lib/libcrypto/x509/policy/Makefile new file mode 100644 index 0000000000..b365499412 --- /dev/null +++ b/src/regress/lib/libcrypto/x509/policy/Makefile | |||
| @@ -0,0 +1,22 @@ | |||
| 1 | # $OpenBSD: Makefile,v 1.1 2023/04/27 12:23:31 beck Exp $ | ||
| 2 | |||
| 3 | PROGS = policy | ||
| 4 | |||
| 5 | LDADD = -lcrypto | ||
| 6 | DPADD = ${LIBCRYPTO} | ||
| 7 | |||
| 8 | LDADD_policy = ${CRYPTO_INT} | ||
| 9 | |||
| 10 | WARNINGS = Yes | ||
| 11 | CFLAGS += -DLIBRESSL_INTERNAL -Wall -Werror | ||
| 12 | CFLAGS += -I${.CURDIR}/../../../../../lib/libcrypto/x509 | ||
| 13 | CFLAGS += -I${.CURDIR}/../../../../../lib/libcrypto/bytestring | ||
| 14 | CFLAGS += -DCERTSDIR=\"${.CURDIR}/../../../libcrypto/x509/policy\" | ||
| 15 | |||
| 16 | REGRESS_TARGETS = policy-test | ||
| 17 | |||
| 18 | policy-test: policy | ||
| 19 | ./policy | ||
| 20 | |||
| 21 | .include "../../Makefile.inc" | ||
| 22 | .include <bsd.regress.mk> | ||
diff --git a/src/regress/lib/libcrypto/x509/policy/policy.c b/src/regress/lib/libcrypto/x509/policy/policy.c new file mode 100644 index 0000000000..c2f96599e6 --- /dev/null +++ b/src/regress/lib/libcrypto/x509/policy/policy.c | |||
| @@ -0,0 +1,463 @@ | |||
| 1 | /* $OpenBSD: policy.c,v 1.1 2023/04/27 12:23:31 beck Exp $ */ | ||
| 2 | /* | ||
| 3 | * Copyright (c) 2020 Joel Sing <jsing@openbsd.org> | ||
| 4 | * Copyright (c) 2020-2021 Bob Beck <beck@openbsd.org> | ||
| 5 | * | ||
| 6 | * Permission to use, copy, modify, and distribute this software for any | ||
| 7 | * purpose with or without fee is hereby granted, provided that the above | ||
| 8 | * copyright notice and this permission notice appear in all copies. | ||
| 9 | * | ||
| 10 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | ||
| 11 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
| 12 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | ||
| 13 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
| 14 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | ||
| 15 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | ||
| 16 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | ||
| 17 | */ | ||
| 18 | |||
| 19 | #include <err.h> | ||
| 20 | #include <string.h> | ||
| 21 | |||
| 22 | #include <openssl/bio.h> | ||
| 23 | #include <openssl/crypto.h> | ||
| 24 | #include <openssl/err.h> | ||
| 25 | #include <openssl/pem.h> | ||
| 26 | #include <openssl/x509.h> | ||
| 27 | #include <openssl/x509v3.h> | ||
| 28 | |||
| 29 | #include "x509_verify.h" | ||
| 30 | |||
| 31 | #define MODE_MODERN_VFY 0 | ||
| 32 | #define MODE_MODERN_VFY_DIR 1 | ||
| 33 | #define MODE_LEGACY_VFY 2 | ||
| 34 | #define MODE_VERIFY 3 | ||
| 35 | |||
| 36 | static int verbose = 1; | ||
| 37 | |||
| 38 | #define OID1 "1.2.840.113554.4.1.72585.2.1" | ||
| 39 | #define OID2 "1.2.840.113554.4.1.72585.2.2" | ||
| 40 | #define OID3 "1.2.840.113554.4.1.72585.2.3" | ||
| 41 | #define OID4 "1.2.840.113554.4.1.72585.2.4" | ||
| 42 | #define OID5 "1.2.840.113554.4.1.72585.2.5" | ||
| 43 | |||
| 44 | #ifndef CERTSDIR | ||
| 45 | #define CERTSDIR "." | ||
| 46 | #endif | ||
| 47 | |||
| 48 | static int | ||
| 49 | passwd_cb(char *buf, int size, int rwflag, void *u) | ||
| 50 | { | ||
| 51 | memset(buf, 0, size); | ||
| 52 | return (0); | ||
| 53 | } | ||
| 54 | |||
| 55 | static int | ||
| 56 | certs_from_file(const char *filename, STACK_OF(X509) **certs) | ||
| 57 | { | ||
| 58 | STACK_OF(X509_INFO) *xis = NULL; | ||
| 59 | STACK_OF(X509) *xs = NULL; | ||
| 60 | BIO *bio = NULL; | ||
| 61 | X509 *x; | ||
| 62 | int i; | ||
| 63 | |||
| 64 | if (*certs == NULL) { | ||
| 65 | if ((xs = sk_X509_new_null()) == NULL) | ||
| 66 | errx(1, "failed to create X509 stack"); | ||
| 67 | } else { | ||
| 68 | xs = *certs; | ||
| 69 | } | ||
| 70 | if ((bio = BIO_new_file(filename, "r")) == NULL) { | ||
| 71 | ERR_print_errors_fp(stderr); | ||
| 72 | errx(1, "failed to create bio"); | ||
| 73 | } | ||
| 74 | if ((xis = PEM_X509_INFO_read_bio(bio, NULL, passwd_cb, NULL)) == NULL) | ||
| 75 | errx(1, "failed to read PEM"); | ||
| 76 | |||
| 77 | for (i = 0; i < sk_X509_INFO_num(xis); i++) { | ||
| 78 | if ((x = sk_X509_INFO_value(xis, i)->x509) == NULL) | ||
| 79 | continue; | ||
| 80 | if (!sk_X509_push(xs, x)) | ||
| 81 | errx(1, "failed to push X509"); | ||
| 82 | X509_up_ref(x); | ||
| 83 | } | ||
| 84 | |||
| 85 | *certs = xs; | ||
| 86 | xs = NULL; | ||
| 87 | |||
| 88 | sk_X509_INFO_pop_free(xis, X509_INFO_free); | ||
| 89 | sk_X509_pop_free(xs, X509_free); | ||
| 90 | BIO_free(bio); | ||
| 91 | |||
| 92 | return 1; | ||
| 93 | } | ||
| 94 | |||
| 95 | static int | ||
| 96 | verify_cert_cb(int ok, X509_STORE_CTX *xsc) | ||
| 97 | { | ||
| 98 | X509 *current_cert; | ||
| 99 | int verify_err; | ||
| 100 | |||
| 101 | current_cert = X509_STORE_CTX_get_current_cert(xsc); | ||
| 102 | if (current_cert != NULL) { | ||
| 103 | X509_NAME_print_ex_fp(stderr, | ||
| 104 | X509_get_subject_name(current_cert), 0, | ||
| 105 | XN_FLAG_ONELINE); | ||
| 106 | fprintf(stderr, "\n"); | ||
| 107 | } | ||
| 108 | |||
| 109 | verify_err = X509_STORE_CTX_get_error(xsc); | ||
| 110 | if (verify_err != X509_V_OK) { | ||
| 111 | fprintf(stderr, "verify error at depth %d: %s\n", | ||
| 112 | X509_STORE_CTX_get_error_depth(xsc), | ||
| 113 | X509_verify_cert_error_string(verify_err)); | ||
| 114 | } | ||
| 115 | |||
| 116 | return ok; | ||
| 117 | } | ||
| 118 | |||
| 119 | static void | ||
| 120 | verify_cert(const char *roots_file, const char *intermediate_file, | ||
| 121 | const char *leaf_file, int *chains, int *error, int *error_depth, | ||
| 122 | int mode, ASN1_OBJECT *policy_oid, ASN1_OBJECT *policy_oid2) | ||
| 123 | { | ||
| 124 | STACK_OF(X509) *roots = NULL, *bundle = NULL; | ||
| 125 | X509_STORE_CTX *xsc = NULL; | ||
| 126 | X509_STORE *store = NULL; | ||
| 127 | X509 *leaf = NULL; | ||
| 128 | int ret; | ||
| 129 | |||
| 130 | *chains = 0; | ||
| 131 | *error = 0; | ||
| 132 | *error_depth = 0; | ||
| 133 | |||
| 134 | |||
| 135 | if (!certs_from_file(roots_file, &roots)) | ||
| 136 | errx(1, "failed to load roots from '%s'", roots_file); | ||
| 137 | if (!certs_from_file(leaf_file, &bundle)) | ||
| 138 | errx(1, "failed to load leaf from '%s'", leaf_file); | ||
| 139 | if (intermediate_file != NULL && !certs_from_file(intermediate_file, | ||
| 140 | &bundle)) | ||
| 141 | errx(1, "failed to load intermediate from '%s'", | ||
| 142 | intermediate_file); | ||
| 143 | printf ("%d certs %d roots\n", sk_X509_num(bundle), sk_X509_num(roots)); | ||
| 144 | if (sk_X509_num(bundle) < 1) | ||
| 145 | errx(1, "not enough certs in bundle"); | ||
| 146 | leaf = sk_X509_shift(bundle); | ||
| 147 | |||
| 148 | if ((xsc = X509_STORE_CTX_new()) == NULL) | ||
| 149 | errx(1, "X509_STORE_CTX"); | ||
| 150 | if (!X509_STORE_CTX_init(xsc, store, leaf, bundle)) { | ||
| 151 | ERR_print_errors_fp(stderr); | ||
| 152 | errx(1, "failed to init store context"); | ||
| 153 | } | ||
| 154 | |||
| 155 | int flags = X509_V_FLAG_POLICY_CHECK; | ||
| 156 | flags |= X509_V_FLAG_EXPLICIT_POLICY; | ||
| 157 | // flags |= X509_V_FLAG_INHIBIT_MAP; | ||
| 158 | if (mode == MODE_LEGACY_VFY) | ||
| 159 | flags |= X509_V_FLAG_LEGACY_VERIFY; | ||
| 160 | X509_STORE_CTX_set_flags(xsc, flags); | ||
| 161 | |||
| 162 | if (verbose) | ||
| 163 | X509_STORE_CTX_set_verify_cb(xsc, verify_cert_cb); | ||
| 164 | X509_STORE_CTX_set0_trusted_stack(xsc, roots); | ||
| 165 | |||
| 166 | if (policy_oid != NULL) { | ||
| 167 | X509_VERIFY_PARAM * param = X509_STORE_CTX_get0_param(xsc); | ||
| 168 | ASN1_OBJECT * copy = OBJ_dup(policy_oid); | ||
| 169 | X509_VERIFY_PARAM_add0_policy(param, copy); | ||
| 170 | } | ||
| 171 | if (policy_oid2 != NULL) { | ||
| 172 | X509_VERIFY_PARAM * param = X509_STORE_CTX_get0_param(xsc); | ||
| 173 | ASN1_OBJECT * copy = OBJ_dup(policy_oid2); | ||
| 174 | X509_VERIFY_PARAM_add0_policy(param, copy); | ||
| 175 | } | ||
| 176 | |||
| 177 | ret = X509_verify_cert(xsc); | ||
| 178 | |||
| 179 | *error = X509_STORE_CTX_get_error(xsc); | ||
| 180 | *error_depth = X509_STORE_CTX_get_error_depth(xsc); | ||
| 181 | |||
| 182 | if (ret == 1) { | ||
| 183 | *chains = 1; /* XXX */ | ||
| 184 | goto done; | ||
| 185 | } | ||
| 186 | |||
| 187 | if (*error == 0) | ||
| 188 | errx(1, "Error unset on failure!\n"); | ||
| 189 | |||
| 190 | fprintf(stderr, "failed to verify at %d: %s\n", | ||
| 191 | *error_depth, X509_verify_cert_error_string(*error)); | ||
| 192 | |||
| 193 | done: | ||
| 194 | sk_X509_pop_free(roots, X509_free); | ||
| 195 | sk_X509_pop_free(bundle, X509_free); | ||
| 196 | X509_STORE_free(store); | ||
| 197 | X509_STORE_CTX_free(xsc); | ||
| 198 | X509_free(leaf); | ||
| 199 | } | ||
| 200 | |||
| 201 | static void | ||
| 202 | verify_cert_new(const char *roots_file, const char *intermediate_file, | ||
| 203 | const char*leaf_file, int *chains) | ||
| 204 | { | ||
| 205 | STACK_OF(X509) *roots = NULL, *bundle = NULL; | ||
| 206 | X509_STORE_CTX *xsc = NULL; | ||
| 207 | X509 *leaf = NULL; | ||
| 208 | struct x509_verify_ctx *ctx; | ||
| 209 | |||
| 210 | *chains = 0; | ||
| 211 | |||
| 212 | if (!certs_from_file(roots_file, &roots)) | ||
| 213 | errx(1, "failed to load roots from '%s'", roots_file); | ||
| 214 | if (!certs_from_file(leaf_file, &bundle)) | ||
| 215 | errx(1, "failed to load leaf from '%s'", leaf_file); | ||
| 216 | if (intermediate_file != NULL && !certs_from_file(intermediate_file, | ||
| 217 | &bundle)) | ||
| 218 | errx(1, "failed to load intermediate from '%s'", | ||
| 219 | intermediate_file); | ||
| 220 | if (sk_X509_num(bundle) < 1) | ||
| 221 | errx(1, "not enough certs in bundle"); | ||
| 222 | leaf = sk_X509_shift(bundle); | ||
| 223 | |||
| 224 | if ((xsc = X509_STORE_CTX_new()) == NULL) | ||
| 225 | errx(1, "X509_STORE_CTX"); | ||
| 226 | if (!X509_STORE_CTX_init(xsc, NULL, leaf, bundle)) { | ||
| 227 | ERR_print_errors_fp(stderr); | ||
| 228 | errx(1, "failed to init store context"); | ||
| 229 | } | ||
| 230 | if (verbose) | ||
| 231 | X509_STORE_CTX_set_verify_cb(xsc, verify_cert_cb); | ||
| 232 | |||
| 233 | if ((ctx = x509_verify_ctx_new(roots)) == NULL) | ||
| 234 | errx(1, "failed to create ctx"); | ||
| 235 | if (!x509_verify_ctx_set_intermediates(ctx, bundle)) | ||
| 236 | errx(1, "failed to set intermediates"); | ||
| 237 | |||
| 238 | if ((*chains = x509_verify(ctx, leaf, NULL)) == 0) { | ||
| 239 | fprintf(stderr, "failed to verify at %lu: %s\n", | ||
| 240 | x509_verify_ctx_error_depth(ctx), | ||
| 241 | x509_verify_ctx_error_string(ctx)); | ||
| 242 | } else { | ||
| 243 | int c; | ||
| 244 | |||
| 245 | for (c = 0; verbose && c < *chains; c++) { | ||
| 246 | STACK_OF(X509) *chain; | ||
| 247 | int i; | ||
| 248 | |||
| 249 | fprintf(stderr, "Chain %d\n--------\n", c); | ||
| 250 | chain = x509_verify_ctx_chain(ctx, c); | ||
| 251 | for (i = 0; i < sk_X509_num(chain); i++) { | ||
| 252 | X509 *cert = sk_X509_value(chain, i); | ||
| 253 | X509_NAME_print_ex_fp(stderr, | ||
| 254 | X509_get_subject_name(cert), 0, | ||
| 255 | XN_FLAG_ONELINE); | ||
| 256 | fprintf(stderr, "\n"); | ||
| 257 | } | ||
| 258 | } | ||
| 259 | } | ||
| 260 | sk_X509_pop_free(roots, X509_free); | ||
| 261 | sk_X509_pop_free(bundle, X509_free); | ||
| 262 | X509_free(leaf); | ||
| 263 | X509_STORE_CTX_free(xsc); | ||
| 264 | x509_verify_ctx_free(ctx); | ||
| 265 | } | ||
| 266 | |||
| 267 | struct verify_cert_test { | ||
| 268 | const char *id; | ||
| 269 | const char *root_file; | ||
| 270 | const char *intermediate_file; | ||
| 271 | const char *leaf_file; | ||
| 272 | const char *policy_oid_to_check; | ||
| 273 | const char *policy_oid_to_check2; | ||
| 274 | int want_chains; | ||
| 275 | int want_error; | ||
| 276 | int want_error_depth; | ||
| 277 | int want_legacy_error; | ||
| 278 | int want_legacy_error_depth; | ||
| 279 | int failing; | ||
| 280 | }; | ||
| 281 | |||
| 282 | struct verify_cert_test verify_cert_tests[] = { | ||
| 283 | // The chain is good for |oid1| and |oid2|, but not |oid3|. | ||
| 284 | { | ||
| 285 | .id = "nothing in 1 and 2", | ||
| 286 | .root_file = CERTSDIR "/" "policy_root.pem", | ||
| 287 | .intermediate_file = CERTSDIR "/" "policy_intermediate.pem", | ||
| 288 | .leaf_file = CERTSDIR "/" "policy_leaf.pem", | ||
| 289 | .want_chains = 1, | ||
| 290 | }, | ||
| 291 | { | ||
| 292 | .id = "1, in 1 and 2", | ||
| 293 | .root_file = CERTSDIR "/" "policy_root.pem", | ||
| 294 | .intermediate_file = CERTSDIR "/" "policy_intermediate.pem", | ||
| 295 | .leaf_file = CERTSDIR "/" "policy_leaf.pem", | ||
| 296 | .policy_oid_to_check = OID1, | ||
| 297 | .want_chains = 1, | ||
| 298 | }, | ||
| 299 | { | ||
| 300 | .id = "2, in 1 and 2", | ||
| 301 | .root_file = CERTSDIR "/" "policy_root.pem", | ||
| 302 | .intermediate_file = CERTSDIR "/" "policy_intermediate.pem", | ||
| 303 | .leaf_file = CERTSDIR "/" "policy_leaf.pem", | ||
| 304 | .policy_oid_to_check = OID2, | ||
| 305 | .want_chains = 1, | ||
| 306 | }, | ||
| 307 | { | ||
| 308 | .id = "3, in 1 and 2", | ||
| 309 | .root_file = CERTSDIR "/" "policy_root.pem", | ||
| 310 | .intermediate_file = CERTSDIR "/" "policy_intermediate.pem", | ||
| 311 | .leaf_file = CERTSDIR "/" "policy_leaf.pem", | ||
| 312 | .policy_oid_to_check = OID2, | ||
| 313 | .want_chains = 0, | ||
| 314 | }, | ||
| 315 | { | ||
| 316 | .id = "1 and 2, in 1 and 2", | ||
| 317 | .root_file = CERTSDIR "/" "policy_root.pem", | ||
| 318 | .intermediate_file = CERTSDIR "/" "policy_intermediate.pem", | ||
| 319 | .leaf_file = CERTSDIR "/" "policy_leaf.pem", | ||
| 320 | .policy_oid_to_check = OID1, | ||
| 321 | .policy_oid_to_check2 = OID2, | ||
| 322 | .want_chains = 1, | ||
| 323 | }, | ||
| 324 | { | ||
| 325 | .id = "1 and 3, in 1 and 2", | ||
| 326 | .root_file = CERTSDIR "/" "policy_root.pem", | ||
| 327 | .intermediate_file = CERTSDIR "/" "policy_intermediate.pem", | ||
| 328 | .leaf_file = CERTSDIR "/" "policy_leaf.pem", | ||
| 329 | .policy_oid_to_check = OID1, | ||
| 330 | .policy_oid_to_check2 = OID3, | ||
| 331 | .want_chains = 1, | ||
| 332 | }, | ||
| 333 | // The policy extension cannot be parsed. | ||
| 334 | { | ||
| 335 | .id = "1 in invalid intermediate poicy", | ||
| 336 | .root_file = CERTSDIR "/" "policy_root.pem", | ||
| 337 | .intermediate_file = CERTSDIR "/" "policy_intermediate_invalid.pem", | ||
| 338 | .leaf_file = CERTSDIR "/" "policy_leaf.pem", | ||
| 339 | .policy_oid_to_check = OID1, | ||
| 340 | .want_chains = 0, | ||
| 341 | }, | ||
| 342 | { | ||
| 343 | .id = "invalid intermediate", | ||
| 344 | .root_file = CERTSDIR "/" "policy_root.pem", | ||
| 345 | .intermediate_file = CERTSDIR "/" "policy_intermediate_invalid.pem", | ||
| 346 | .leaf_file = CERTSDIR "/" "policy_leaf.pem", | ||
| 347 | .want_chains = 0, | ||
| 348 | }, | ||
| 349 | { | ||
| 350 | .id = "1 in invalid policy in leaf", | ||
| 351 | .root_file = CERTSDIR "/" "policy_root.pem", | ||
| 352 | .intermediate_file = CERTSDIR "/" "policy_intermediate.pem", | ||
| 353 | .leaf_file = CERTSDIR "/" "policy_leaf_invalid.pem", | ||
| 354 | .policy_oid_to_check = OID1, | ||
| 355 | .want_chains = 0, | ||
| 356 | }, | ||
| 357 | { | ||
| 358 | .id = "invalid leaf", | ||
| 359 | .root_file = CERTSDIR "/" "policy_root.pem", | ||
| 360 | .intermediate_file = CERTSDIR "/" "policy_intermediate.pem", | ||
| 361 | .leaf_file = CERTSDIR "/" "policy_leaf_invalid.pem", | ||
| 362 | .want_chains = 0, | ||
| 363 | }, | ||
| 364 | // There is a duplicate policy in the leaf policy extension. | ||
| 365 | { | ||
| 366 | .id = "1 in duplicate policy extension in leaf", | ||
| 367 | .root_file = CERTSDIR "/" "policy_root.pem", | ||
| 368 | .intermediate_file = CERTSDIR "/" "policy_intermediate.pem", | ||
| 369 | .leaf_file = CERTSDIR "/" "policy_leaf_duplicate.pem", | ||
| 370 | .policy_oid_to_check = OID1, | ||
| 371 | .want_chains = 0, | ||
| 372 | }, | ||
| 373 | // There is a duplicate policy in the intermediate policy extension. | ||
| 374 | { | ||
| 375 | .id = "1 in duplicate policy extension in intermediate", | ||
| 376 | .root_file = CERTSDIR "/" "policy_root.pem", | ||
| 377 | .intermediate_file = CERTSDIR "/" "policy_intermediate_duplicate.pem", | ||
| 378 | .leaf_file = CERTSDIR "/" "policy_leaf.pem", | ||
| 379 | .policy_oid_to_check = OID1, | ||
| 380 | .want_chains = 0, | ||
| 381 | }, | ||
| 382 | }; | ||
| 383 | |||
| 384 | #define N_VERIFY_CERT_TESTS \ | ||
| 385 | (sizeof(verify_cert_tests) / sizeof(*verify_cert_tests)) | ||
| 386 | |||
| 387 | static int | ||
| 388 | verify_cert_test(int mode) | ||
| 389 | { | ||
| 390 | struct verify_cert_test *vct; | ||
| 391 | int chains, error, error_depth; | ||
| 392 | int failed = 0; | ||
| 393 | size_t i; | ||
| 394 | |||
| 395 | for (i = 0; i < N_VERIFY_CERT_TESTS; i++) { | ||
| 396 | vct = &verify_cert_tests[i]; | ||
| 397 | ASN1_OBJECT *policy_oid = vct->policy_oid_to_check ? | ||
| 398 | OBJ_txt2obj(vct->policy_oid_to_check, 1) : NULL; | ||
| 399 | ASN1_OBJECT *policy_oid2 = vct->policy_oid_to_check2 ? | ||
| 400 | OBJ_txt2obj(vct->policy_oid_to_check2, 1) : NULL; | ||
| 401 | |||
| 402 | error = 0; | ||
| 403 | error_depth = 0; | ||
| 404 | |||
| 405 | fprintf(stderr, "== Test %zu (%s)\n", i, vct->id); | ||
| 406 | if (mode == MODE_VERIFY) | ||
| 407 | verify_cert_new(vct->root_file, vct->intermediate_file, | ||
| 408 | vct->leaf_file, &chains); | ||
| 409 | else | ||
| 410 | verify_cert(vct->root_file, vct->intermediate_file, | ||
| 411 | vct->leaf_file, &chains, &error, &error_depth, | ||
| 412 | mode, policy_oid, policy_oid2); | ||
| 413 | |||
| 414 | if ((mode == MODE_VERIFY && chains == vct->want_chains) || | ||
| 415 | (chains == 0 && vct->want_chains == 0) || | ||
| 416 | (chains == 1 && vct->want_chains > 0)) { | ||
| 417 | fprintf(stderr, "INFO: Succeeded with %d chains%s\n", | ||
| 418 | chains, vct->failing ? " (legacy failure)" : ""); | ||
| 419 | if (mode == MODE_LEGACY_VFY && vct->failing) | ||
| 420 | failed |= 1; | ||
| 421 | } else { | ||
| 422 | fprintf(stderr, "FAIL: Failed with %d chains%s\n", | ||
| 423 | chains, vct->failing ? " (legacy failure)" : ""); | ||
| 424 | if (!vct->failing) | ||
| 425 | failed |= 1; | ||
| 426 | } | ||
| 427 | |||
| 428 | if (mode == MODE_LEGACY_VFY) { | ||
| 429 | if (error != vct->want_legacy_error) { | ||
| 430 | fprintf(stderr, "FAIL: Got legacy error %d, " | ||
| 431 | "want %d\n", error, vct->want_legacy_error); | ||
| 432 | failed |= 1; | ||
| 433 | } | ||
| 434 | if (error_depth != vct->want_legacy_error_depth) { | ||
| 435 | fprintf(stderr, "FAIL: Got legacy error depth " | ||
| 436 | "%d, want %d\n", error_depth, | ||
| 437 | vct->want_legacy_error_depth); | ||
| 438 | failed |= 1; | ||
| 439 | } | ||
| 440 | } | ||
| 441 | fprintf(stderr, "\n"); | ||
| 442 | ASN1_OBJECT_free(policy_oid); | ||
| 443 | ASN1_OBJECT_free(policy_oid2); | ||
| 444 | |||
| 445 | } | ||
| 446 | return failed; | ||
| 447 | } | ||
| 448 | |||
| 449 | int | ||
| 450 | main(int argc, char **argv) | ||
| 451 | { | ||
| 452 | int failed = 0; | ||
| 453 | |||
| 454 | fprintf(stderr, "\n\nTesting legacy x509_vfy\n"); | ||
| 455 | failed |= verify_cert_test(MODE_LEGACY_VFY); | ||
| 456 | fprintf(stderr, "\n\nTesting modern x509_vfy\n"); | ||
| 457 | failed |= verify_cert_test(MODE_MODERN_VFY); | ||
| 458 | // New does not support policy goo at the moment. | ||
| 459 | // fprintf(stderr, "\n\nTestin x509_verify\n"); | ||
| 460 | // failed |= verify_cert_test(MODE_VERIFY); | ||
| 461 | |||
| 462 | return (failed); | ||
| 463 | } | ||
diff --git a/src/regress/lib/libcrypto/x509/policy/policy_intermediate.pem b/src/regress/lib/libcrypto/x509/policy/policy_intermediate.pem new file mode 100644 index 0000000000..759deb4c43 --- /dev/null +++ b/src/regress/lib/libcrypto/x509/policy/policy_intermediate.pem | |||
| @@ -0,0 +1,11 @@ | |||
| 1 | -----BEGIN CERTIFICATE----- | ||
| 2 | MIIBqjCCAVGgAwIBAgIBAjAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg | ||
| 3 | Um9vdDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowHjEcMBoGA1UE | ||
| 4 | AxMTUG9saWN5IEludGVybWVkaWF0ZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA | ||
| 5 | BOI6fKiM3jFLkLyAn88cvlw4SwxuygRjopP3FFBKHyUQvh3VVvfqSpSCSmp50Qia | ||
| 6 | jQ6Dg7CTpVZVVH+bguT7JTCjgYUwgYIwDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQM | ||
| 7 | MAoGCCsGAQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFJDS9/4O7qhr | ||
| 8 | CIRhwsXrPVBagG2uMCsGA1UdIAQkMCIwDwYNKoZIhvcSBAGEtwkCATAPBg0qhkiG | ||
| 9 | 9xIEAYS3CQICMAoGCCqGSM49BAMCA0cAMEQCIFN2ZtknXQ9vz23qD1ecprC9iIo7 | ||
| 10 | j/SI42Ub64qZQaraAiA+CRCWJz/l+NQ1+TPWYDDWY6Wh2L9Wbddh1Nj5KJEkhQ== | ||
| 11 | -----END CERTIFICATE----- | ||
diff --git a/src/regress/lib/libcrypto/x509/policy/policy_intermediate_any.pem b/src/regress/lib/libcrypto/x509/policy/policy_intermediate_any.pem new file mode 100644 index 0000000000..0931964f52 --- /dev/null +++ b/src/regress/lib/libcrypto/x509/policy/policy_intermediate_any.pem | |||
| @@ -0,0 +1,11 @@ | |||
| 1 | -----BEGIN CERTIFICATE----- | ||
| 2 | MIIBkDCCATWgAwIBAgIBAjAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg | ||
| 3 | Um9vdDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowHjEcMBoGA1UE | ||
| 4 | AxMTUG9saWN5IEludGVybWVkaWF0ZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA | ||
| 5 | BOI6fKiM3jFLkLyAn88cvlw4SwxuygRjopP3FFBKHyUQvh3VVvfqSpSCSmp50Qia | ||
| 6 | jQ6Dg7CTpVZVVH+bguT7JTCjajBoMA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAK | ||
| 7 | BggrBgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSQ0vf+Du6oawiE | ||
| 8 | YcLF6z1QWoBtrjARBgNVHSAECjAIMAYGBFUdIAAwCgYIKoZIzj0EAwIDSQAwRgIh | ||
| 9 | AJbyXshUwjsFCiqrJkg91GzJdhZZ+3WXOekCJgi8uEESAiEAhv4sEE0wRRqgHDjl | ||
| 10 | vIt26IELfFE2Z/FBF3ihGmi6NoI= | ||
| 11 | -----END CERTIFICATE----- | ||
diff --git a/src/regress/lib/libcrypto/x509/policy/policy_intermediate_duplicate.pem b/src/regress/lib/libcrypto/x509/policy/policy_intermediate_duplicate.pem new file mode 100644 index 0000000000..0eafe8d86a --- /dev/null +++ b/src/regress/lib/libcrypto/x509/policy/policy_intermediate_duplicate.pem | |||
| @@ -0,0 +1,12 @@ | |||
| 1 | -----BEGIN CERTIFICATE----- | ||
| 2 | MIIBvDCCAWKgAwIBAgIBAjAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg | ||
| 3 | Um9vdDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowHjEcMBoGA1UE | ||
| 4 | AxMTUG9saWN5IEludGVybWVkaWF0ZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA | ||
| 5 | BOI6fKiM3jFLkLyAn88cvlw4SwxuygRjopP3FFBKHyUQvh3VVvfqSpSCSmp50Qia | ||
| 6 | jQ6Dg7CTpVZVVH+bguT7JTCjgZYwgZMwDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQM | ||
| 7 | MAoGCCsGAQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFJDS9/4O7qhr | ||
| 8 | CIRhwsXrPVBagG2uMDwGA1UdIAQ1MDMwDwYNKoZIhvcSBAGEtwkCATAPBg0qhkiG | ||
| 9 | 9xIEAYS3CQICMA8GDSqGSIb3EgQBhLcJAgIwCgYIKoZIzj0EAwIDSAAwRQIgUpG6 | ||
| 10 | FUeWrC62BtTPHiSlWBdnLWUYH0llS6uYUkpJFJECIQCWfhoZYXvHdMhgBDSI/vzY | ||
| 11 | Sw4uNdcMxrC2kP6lIioUSw== | ||
| 12 | -----END CERTIFICATE----- | ||
diff --git a/src/regress/lib/libcrypto/x509/policy/policy_intermediate_invalid.pem b/src/regress/lib/libcrypto/x509/policy/policy_intermediate_invalid.pem new file mode 100644 index 0000000000..11c95afcea --- /dev/null +++ b/src/regress/lib/libcrypto/x509/policy/policy_intermediate_invalid.pem | |||
| @@ -0,0 +1,11 @@ | |||
| 1 | -----BEGIN CERTIFICATE----- | ||
| 2 | MIIBjDCCATKgAwIBAgIBAjAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg | ||
| 3 | Um9vdDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowHjEcMBoGA1UE | ||
| 4 | AxMTUG9saWN5IEludGVybWVkaWF0ZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA | ||
| 5 | BOI6fKiM3jFLkLyAn88cvlw4SwxuygRjopP3FFBKHyUQvh3VVvfqSpSCSmp50Qia | ||
| 6 | jQ6Dg7CTpVZVVH+bguT7JTCjZzBlMA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAK | ||
| 7 | BggrBgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSQ0vf+Du6oawiE | ||
| 8 | YcLF6z1QWoBtrjAOBgNVHSAEB0lOVkFMSUQwCgYIKoZIzj0EAwIDSAAwRQIgS2uK | ||
| 9 | cYlZ1bxeqgMy3X0Sfi0arAnqpePsAqAeEf+HJHQCIQDwfCnXrWyHET9lM/gJSkfN | ||
| 10 | j/JRJvJELDrAMVewCxZWKA== | ||
| 11 | -----END CERTIFICATE----- | ||
diff --git a/src/regress/lib/libcrypto/x509/policy/policy_intermediate_mapped.pem b/src/regress/lib/libcrypto/x509/policy/policy_intermediate_mapped.pem new file mode 100644 index 0000000000..fa45e604b4 --- /dev/null +++ b/src/regress/lib/libcrypto/x509/policy/policy_intermediate_mapped.pem | |||
| @@ -0,0 +1,17 @@ | |||
| 1 | -----BEGIN CERTIFICATE----- | ||
| 2 | MIICrjCCAlSgAwIBAgIBAjAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg | ||
| 3 | Um9vdDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowHjEcMBoGA1UE | ||
| 4 | AxMTUG9saWN5IEludGVybWVkaWF0ZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA | ||
| 5 | BOI6fKiM3jFLkLyAn88cvlw4SwxuygRjopP3FFBKHyUQvh3VVvfqSpSCSmp50Qia | ||
| 6 | jQ6Dg7CTpVZVVH+bguT7JTCjggGHMIIBgzAOBgNVHQ8BAf8EBAMCAgQwEwYDVR0l | ||
| 7 | BAwwCgYIKwYBBQUHAwEwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUkNL3/g7u | ||
| 8 | qGsIhGHCxes9UFqAba4wXgYDVR0gBFcwVTAPBg0qhkiG9xIEAYS3CQIBMA8GDSqG | ||
| 9 | SIb3EgQBhLcJAgIwDwYNKoZIhvcSBAGEtwkCAzAPBg0qhkiG9xIEAYS3CQIEMA8G | ||
| 10 | DSqGSIb3EgQBhLcJAgUwgcsGA1UdIQSBwzCBwDAeBg0qhkiG9xIEAYS3CQIDBg0q | ||
| 11 | hkiG9xIEAYS3CQIBMB4GDSqGSIb3EgQBhLcJAgMGDSqGSIb3EgQBhLcJAgIwHgYN | ||
| 12 | KoZIhvcSBAGEtwkCBAYNKoZIhvcSBAGEtwkCBDAeBg0qhkiG9xIEAYS3CQIEBg0q | ||
| 13 | hkiG9xIEAYS3CQIFMB4GDSqGSIb3EgQBhLcJAgUGDSqGSIb3EgQBhLcJAgQwHgYN | ||
| 14 | KoZIhvcSBAGEtwkCBQYNKoZIhvcSBAGEtwkCBTAKBggqhkjOPQQDAgNIADBFAiAe | ||
| 15 | Ah2vJMZsW/RV35mM7b7/NjsjScjPEIxfDJu49inNXQIhANmGBqyWUogh/gXyVB0/ | ||
| 16 | IfDro27pANW3R02A+zH34q5k | ||
| 17 | -----END CERTIFICATE----- | ||
diff --git a/src/regress/lib/libcrypto/x509/policy/policy_intermediate_mapped_any.pem b/src/regress/lib/libcrypto/x509/policy/policy_intermediate_mapped_any.pem new file mode 100644 index 0000000000..ae47bf45ce --- /dev/null +++ b/src/regress/lib/libcrypto/x509/policy/policy_intermediate_mapped_any.pem | |||
| @@ -0,0 +1,15 @@ | |||
| 1 | -----BEGIN CERTIFICATE----- | ||
| 2 | MIICYjCCAgegAwIBAgIBAjAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg | ||
| 3 | Um9vdDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowHjEcMBoGA1UE | ||
| 4 | AxMTUG9saWN5IEludGVybWVkaWF0ZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA | ||
| 5 | BOI6fKiM3jFLkLyAn88cvlw4SwxuygRjopP3FFBKHyUQvh3VVvfqSpSCSmp50Qia | ||
| 6 | jQ6Dg7CTpVZVVH+bguT7JTCjggE6MIIBNjAOBgNVHQ8BAf8EBAMCAgQwEwYDVR0l | ||
| 7 | BAwwCgYIKwYBBQUHAwEwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUkNL3/g7u | ||
| 8 | qGsIhGHCxes9UFqAba4wEQYDVR0gBAowCDAGBgRVHSAAMIHLBgNVHSEEgcMwgcAw | ||
| 9 | HgYNKoZIhvcSBAGEtwkCAwYNKoZIhvcSBAGEtwkCATAeBg0qhkiG9xIEAYS3CQID | ||
| 10 | Bg0qhkiG9xIEAYS3CQICMB4GDSqGSIb3EgQBhLcJAgQGDSqGSIb3EgQBhLcJAgQw | ||
| 11 | HgYNKoZIhvcSBAGEtwkCBAYNKoZIhvcSBAGEtwkCBTAeBg0qhkiG9xIEAYS3CQIF | ||
| 12 | Bg0qhkiG9xIEAYS3CQIEMB4GDSqGSIb3EgQBhLcJAgUGDSqGSIb3EgQBhLcJAgUw | ||
| 13 | CgYIKoZIzj0EAwIDSQAwRgIhAIOx3GL5xlldQGdTLIvTTAvczm8wiYHzZDAif2yj | ||
| 14 | wAjEAiEAg4K02kTYX9x7PC/u1PYdwvo+LVbnGbO6AN6U3K2d7gs= | ||
| 15 | -----END CERTIFICATE----- | ||
diff --git a/src/regress/lib/libcrypto/x509/policy/policy_intermediate_mapped_oid3.pem b/src/regress/lib/libcrypto/x509/policy/policy_intermediate_mapped_oid3.pem new file mode 100644 index 0000000000..c04a38a48f --- /dev/null +++ b/src/regress/lib/libcrypto/x509/policy/policy_intermediate_mapped_oid3.pem | |||
| @@ -0,0 +1,15 @@ | |||
| 1 | -----BEGIN CERTIFICATE----- | ||
| 2 | MIICajCCAhCgAwIBAgIBAjAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg | ||
| 3 | Um9vdDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowHjEcMBoGA1UE | ||
| 4 | AxMTUG9saWN5IEludGVybWVkaWF0ZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA | ||
| 5 | BOI6fKiM3jFLkLyAn88cvlw4SwxuygRjopP3FFBKHyUQvh3VVvfqSpSCSmp50Qia | ||
| 6 | jQ6Dg7CTpVZVVH+bguT7JTCjggFDMIIBPzAOBgNVHQ8BAf8EBAMCAgQwEwYDVR0l | ||
| 7 | BAwwCgYIKwYBBQUHAwEwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUkNL3/g7u | ||
| 8 | qGsIhGHCxes9UFqAba4wGgYDVR0gBBMwETAPBg0qhkiG9xIEAYS3CQIDMIHLBgNV | ||
| 9 | HSEEgcMwgcAwHgYNKoZIhvcSBAGEtwkCAwYNKoZIhvcSBAGEtwkCATAeBg0qhkiG | ||
| 10 | 9xIEAYS3CQIDBg0qhkiG9xIEAYS3CQICMB4GDSqGSIb3EgQBhLcJAgQGDSqGSIb3 | ||
| 11 | EgQBhLcJAgQwHgYNKoZIhvcSBAGEtwkCBAYNKoZIhvcSBAGEtwkCBTAeBg0qhkiG | ||
| 12 | 9xIEAYS3CQIFBg0qhkiG9xIEAYS3CQIEMB4GDSqGSIb3EgQBhLcJAgUGDSqGSIb3 | ||
| 13 | EgQBhLcJAgUwCgYIKoZIzj0EAwIDSAAwRQIhAK0bRaGgd5qQlX+zTw3IUynFHxfk | ||
| 14 | zRbZagnTzjYtkNNmAiBJ2kOnvRdW930eHAwZPGpc1Hn5hMSOQdUhNZ3XZDASkQ== | ||
| 15 | -----END CERTIFICATE----- | ||
diff --git a/src/regress/lib/libcrypto/x509/policy/policy_intermediate_require.pem b/src/regress/lib/libcrypto/x509/policy/policy_intermediate_require.pem new file mode 100644 index 0000000000..5cf5d5bfe6 --- /dev/null +++ b/src/regress/lib/libcrypto/x509/policy/policy_intermediate_require.pem | |||
| @@ -0,0 +1,12 @@ | |||
| 1 | -----BEGIN CERTIFICATE----- | ||
| 2 | MIIBuDCCAV+gAwIBAgIBAjAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg | ||
| 3 | Um9vdDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowHjEcMBoGA1UE | ||
| 4 | AxMTUG9saWN5IEludGVybWVkaWF0ZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA | ||
| 5 | BOI6fKiM3jFLkLyAn88cvlw4SwxuygRjopP3FFBKHyUQvh3VVvfqSpSCSmp50Qia | ||
| 6 | jQ6Dg7CTpVZVVH+bguT7JTCjgZMwgZAwDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQM | ||
| 7 | MAoGCCsGAQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFJDS9/4O7qhr | ||
| 8 | CIRhwsXrPVBagG2uMCsGA1UdIAQkMCIwDwYNKoZIhvcSBAGEtwkCATAPBg0qhkiG | ||
| 9 | 9xIEAYS3CQICMAwGA1UdJAQFMAOAAQAwCgYIKoZIzj0EAwIDRwAwRAIgbPUZ9ezH | ||
| 10 | SgTqom7VLPOvrQQXwy3b/ijSobs7+SOouKMCIDaqcb9143BG005etqeTvlgUyOGF | ||
| 11 | GQDWhiW8bizH+KEl | ||
| 12 | -----END CERTIFICATE----- | ||
diff --git a/src/regress/lib/libcrypto/x509/policy/policy_intermediate_require1.pem b/src/regress/lib/libcrypto/x509/policy/policy_intermediate_require1.pem new file mode 100644 index 0000000000..7087404b3f --- /dev/null +++ b/src/regress/lib/libcrypto/x509/policy/policy_intermediate_require1.pem | |||
| @@ -0,0 +1,12 @@ | |||
| 1 | -----BEGIN CERTIFICATE----- | ||
| 2 | MIIBujCCAV+gAwIBAgIBAjAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg | ||
| 3 | Um9vdDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowHjEcMBoGA1UE | ||
| 4 | AxMTUG9saWN5IEludGVybWVkaWF0ZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA | ||
| 5 | BOI6fKiM3jFLkLyAn88cvlw4SwxuygRjopP3FFBKHyUQvh3VVvfqSpSCSmp50Qia | ||
| 6 | jQ6Dg7CTpVZVVH+bguT7JTCjgZMwgZAwDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQM | ||
| 7 | MAoGCCsGAQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFJDS9/4O7qhr | ||
| 8 | CIRhwsXrPVBagG2uMCsGA1UdIAQkMCIwDwYNKoZIhvcSBAGEtwkCATAPBg0qhkiG | ||
| 9 | 9xIEAYS3CQICMAwGA1UdJAQFMAOAAQEwCgYIKoZIzj0EAwIDSQAwRgIhAIAwvhHB | ||
| 10 | GQDN5YXlidd+n3OT/SqoeXfp7RiEonBnCkW4AiEA+iFc47EOBchHb+Gy0gg8F9Po | ||
| 11 | RnlpoulWDfbDwx9r4lc= | ||
| 12 | -----END CERTIFICATE----- | ||
diff --git a/src/regress/lib/libcrypto/x509/policy/policy_intermediate_require2.pem b/src/regress/lib/libcrypto/x509/policy/policy_intermediate_require2.pem new file mode 100644 index 0000000000..350f419198 --- /dev/null +++ b/src/regress/lib/libcrypto/x509/policy/policy_intermediate_require2.pem | |||
| @@ -0,0 +1,12 @@ | |||
| 1 | -----BEGIN CERTIFICATE----- | ||
| 2 | MIIBuTCCAV+gAwIBAgIBAjAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg | ||
| 3 | Um9vdDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowHjEcMBoGA1UE | ||
| 4 | AxMTUG9saWN5IEludGVybWVkaWF0ZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA | ||
| 5 | BOI6fKiM3jFLkLyAn88cvlw4SwxuygRjopP3FFBKHyUQvh3VVvfqSpSCSmp50Qia | ||
| 6 | jQ6Dg7CTpVZVVH+bguT7JTCjgZMwgZAwDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQM | ||
| 7 | MAoGCCsGAQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFJDS9/4O7qhr | ||
| 8 | CIRhwsXrPVBagG2uMCsGA1UdIAQkMCIwDwYNKoZIhvcSBAGEtwkCATAPBg0qhkiG | ||
| 9 | 9xIEAYS3CQICMAwGA1UdJAQFMAOAAQIwCgYIKoZIzj0EAwIDSAAwRQIgOpliSKKA | ||
| 10 | +wy/auQnKKl+wwtn/hGw6eZXgIOtFgDmyMYCIQC84zoJL87AE64gsrdX4XSHq6lb | ||
| 11 | WhZQp9ZnDaNu88SQLQ== | ||
| 12 | -----END CERTIFICATE----- | ||
diff --git a/src/regress/lib/libcrypto/x509/policy/policy_intermediate_require_duplicate.pem b/src/regress/lib/libcrypto/x509/policy/policy_intermediate_require_duplicate.pem new file mode 100644 index 0000000000..733087af91 --- /dev/null +++ b/src/regress/lib/libcrypto/x509/policy/policy_intermediate_require_duplicate.pem | |||
| @@ -0,0 +1,12 @@ | |||
| 1 | -----BEGIN CERTIFICATE----- | ||
| 2 | MIIByjCCAXCgAwIBAgIBAjAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg | ||
| 3 | Um9vdDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowHjEcMBoGA1UE | ||
| 4 | AxMTUG9saWN5IEludGVybWVkaWF0ZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA | ||
| 5 | BOI6fKiM3jFLkLyAn88cvlw4SwxuygRjopP3FFBKHyUQvh3VVvfqSpSCSmp50Qia | ||
| 6 | jQ6Dg7CTpVZVVH+bguT7JTCjgaQwgaEwDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQM | ||
| 7 | MAoGCCsGAQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFJDS9/4O7qhr | ||
| 8 | CIRhwsXrPVBagG2uMDwGA1UdIAQ1MDMwDwYNKoZIhvcSBAGEtwkCATAPBg0qhkiG | ||
| 9 | 9xIEAYS3CQICMA8GDSqGSIb3EgQBhLcJAgIwDAYDVR0kBAUwA4ABADAKBggqhkjO | ||
| 10 | PQQDAgNIADBFAiA2GxzMRYYo7NNq8u/ZvffXkCj/phqXQ8I64tEDd0X8pgIhAOJJ | ||
| 11 | e+dzzf4vbWfMlYkOQ4kf6ei5Zf+J2PL6VrqVrHQa | ||
| 12 | -----END CERTIFICATE----- | ||
diff --git a/src/regress/lib/libcrypto/x509/policy/policy_intermediate_require_no_policies.pem b/src/regress/lib/libcrypto/x509/policy/policy_intermediate_require_no_policies.pem new file mode 100644 index 0000000000..1e81e0c116 --- /dev/null +++ b/src/regress/lib/libcrypto/x509/policy/policy_intermediate_require_no_policies.pem | |||
| @@ -0,0 +1,11 @@ | |||
| 1 | -----BEGIN CERTIFICATE----- | ||
| 2 | MIIBizCCATCgAwIBAgIBAjAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg | ||
| 3 | Um9vdDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowHjEcMBoGA1UE | ||
| 4 | AxMTUG9saWN5IEludGVybWVkaWF0ZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA | ||
| 5 | BOI6fKiM3jFLkLyAn88cvlw4SwxuygRjopP3FFBKHyUQvh3VVvfqSpSCSmp50Qia | ||
| 6 | jQ6Dg7CTpVZVVH+bguT7JTCjZTBjMA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAK | ||
| 7 | BggrBgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSQ0vf+Du6oawiE | ||
| 8 | YcLF6z1QWoBtrjAMBgNVHSQEBTADgAEAMAoGCCqGSM49BAMCA0kAMEYCIQDJYPgf | ||
| 9 | 50fFDVho5TFeqkNVONx0ArVNgULPB27yPDHLrwIhAN+eua6oM4Q/O0jUESQ4VAKt | ||
| 10 | ts7ZCquTZbvgRgyqtjuT | ||
| 11 | -----END CERTIFICATE----- | ||
diff --git a/src/regress/lib/libcrypto/x509/policy/policy_leaf.pem b/src/regress/lib/libcrypto/x509/policy/policy_leaf.pem new file mode 100644 index 0000000000..fb70306c8a --- /dev/null +++ b/src/regress/lib/libcrypto/x509/policy/policy_leaf.pem | |||
| @@ -0,0 +1,11 @@ | |||
| 1 | -----BEGIN CERTIFICATE----- | ||
| 2 | MIIBpzCCAU2gAwIBAgIBAzAKBggqhkjOPQQDAjAeMRwwGgYDVQQDExNQb2xpY3kg | ||
| 3 | SW50ZXJtZWRpYXRlMCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAa | ||
| 4 | MRgwFgYDVQQDEw93d3cuZXhhbXBsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMB | ||
| 5 | BwNCAASRKti8VW2Rkma+Kt9jQkMNitlCs0l5w8u3SSwm7HZREvmcBCJBjVIREacR | ||
| 6 | qI0umhzR2V5NLzBBP9yPD/A+Ch5Xo34wfDAOBgNVHQ8BAf8EBAMCAgQwEwYDVR0l | ||
| 7 | BAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh | ||
| 8 | bXBsZS5jb20wKwYDVR0gBCQwIjAPBg0qhkiG9xIEAYS3CQIBMA8GDSqGSIb3EgQB | ||
| 9 | hLcJAgIwCgYIKoZIzj0EAwIDSAAwRQIgBEOriD1N3/cqoAofxEtf73M7Wi4UfjFK | ||
| 10 | jiU9nQhwnnoCIQD1v/XDp2BkWNHxNq7TaPnil3xXTvMX97yUbkUg8IRo0w== | ||
| 11 | -----END CERTIFICATE----- | ||
diff --git a/src/regress/lib/libcrypto/x509/policy/policy_leaf_any.pem b/src/regress/lib/libcrypto/x509/policy/policy_leaf_any.pem new file mode 100644 index 0000000000..d2c1b9e955 --- /dev/null +++ b/src/regress/lib/libcrypto/x509/policy/policy_leaf_any.pem | |||
| @@ -0,0 +1,11 @@ | |||
| 1 | -----BEGIN CERTIFICATE----- | ||
| 2 | MIIBjTCCATOgAwIBAgIBAzAKBggqhkjOPQQDAjAeMRwwGgYDVQQDExNQb2xpY3kg | ||
| 3 | SW50ZXJtZWRpYXRlMCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAa | ||
| 4 | MRgwFgYDVQQDEw93d3cuZXhhbXBsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMB | ||
| 5 | BwNCAASRKti8VW2Rkma+Kt9jQkMNitlCs0l5w8u3SSwm7HZREvmcBCJBjVIREacR | ||
| 6 | qI0umhzR2V5NLzBBP9yPD/A+Ch5Xo2QwYjAOBgNVHQ8BAf8EBAMCAgQwEwYDVR0l | ||
| 7 | BAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh | ||
| 8 | bXBsZS5jb20wEQYDVR0gBAowCDAGBgRVHSAAMAoGCCqGSM49BAMCA0gAMEUCIQC4 | ||
| 9 | UwAf1R4HefSzyO8lyQ3fmMjkptVEhFBee0a7N12IvwIgJMYZgQ52VTbqXyXqraJ8 | ||
| 10 | V+y+o7eHds7NewqnyuLbc78= | ||
| 11 | -----END CERTIFICATE----- | ||
diff --git a/src/regress/lib/libcrypto/x509/policy/policy_leaf_duplicate.pem b/src/regress/lib/libcrypto/x509/policy/policy_leaf_duplicate.pem new file mode 100644 index 0000000000..bdeb13cbd6 --- /dev/null +++ b/src/regress/lib/libcrypto/x509/policy/policy_leaf_duplicate.pem | |||
| @@ -0,0 +1,12 @@ | |||
| 1 | -----BEGIN CERTIFICATE----- | ||
| 2 | MIIBsTCCAVigAwIBAgIBAzAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg | ||
| 3 | Um9vdDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowGjEYMBYGA1UE | ||
| 4 | AxMPd3d3LmV4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEkSrY | ||
| 5 | vFVtkZJmvirfY0JDDYrZQrNJecPLt0ksJux2URL5nAQiQY1SERGnEaiNLpoc0dle | ||
| 6 | TS8wQT/cjw/wPgoeV6OBkDCBjTAOBgNVHQ8BAf8EBAMCAgQwEwYDVR0lBAwwCgYI | ||
| 7 | KwYBBQUHAwEwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhhbXBsZS5j | ||
| 8 | b20wPAYDVR0gBDUwMzAPBg0qhkiG9xIEAYS3CQIBMA8GDSqGSIb3EgQBhLcJAgIw | ||
| 9 | DwYNKoZIhvcSBAGEtwkCAjAKBggqhkjOPQQDAgNHADBEAiBjYDwsWcs35hU/wPqa | ||
| 10 | 5gf0QUMvV/8z5LPX14fB2y4RGQIgMw0ekrt9K5UcgkvFupV/XXIjLRFQvc8URA3C | ||
| 11 | /+w+2/4= | ||
| 12 | -----END CERTIFICATE----- | ||
diff --git a/src/regress/lib/libcrypto/x509/policy/policy_leaf_invalid.pem b/src/regress/lib/libcrypto/x509/policy/policy_leaf_invalid.pem new file mode 100644 index 0000000000..de7a5e9b20 --- /dev/null +++ b/src/regress/lib/libcrypto/x509/policy/policy_leaf_invalid.pem | |||
| @@ -0,0 +1,11 @@ | |||
| 1 | -----BEGIN CERTIFICATE----- | ||
| 2 | MIIBgjCCASigAwIBAgIBAzAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg | ||
| 3 | Um9vdDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowGjEYMBYGA1UE | ||
| 4 | AxMPd3d3LmV4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEkSrY | ||
| 5 | vFVtkZJmvirfY0JDDYrZQrNJecPLt0ksJux2URL5nAQiQY1SERGnEaiNLpoc0dle | ||
| 6 | TS8wQT/cjw/wPgoeV6NhMF8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG | ||
| 7 | AQUFBwMBMAwGA1UdEwEB/wQCMAAwGgYDVR0RBBMwEYIPd3d3LmV4YW1wbGUuY29t | ||
| 8 | MA4GA1UdIAQHSU5WQUxJRDAKBggqhkjOPQQDAgNIADBFAiAgfcDIeqmV+u5YtUe4 | ||
| 9 | aBnj13tZAJAQh6ttum1xZ+xHEgIhAJqvGX5c0/d1qYelBlm/jE3UuivijdEjVsLX | ||
| 10 | GVH+X1VA | ||
| 11 | -----END CERTIFICATE----- | ||
diff --git a/src/regress/lib/libcrypto/x509/policy/policy_leaf_none.pem b/src/regress/lib/libcrypto/x509/policy/policy_leaf_none.pem new file mode 100644 index 0000000000..13ad7cec01 --- /dev/null +++ b/src/regress/lib/libcrypto/x509/policy/policy_leaf_none.pem | |||
| @@ -0,0 +1,10 @@ | |||
| 1 | -----BEGIN CERTIFICATE----- | ||
| 2 | MIIBezCCASCgAwIBAgIBAzAKBggqhkjOPQQDAjAeMRwwGgYDVQQDExNQb2xpY3kg | ||
| 3 | SW50ZXJtZWRpYXRlMCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAa | ||
| 4 | MRgwFgYDVQQDEw93d3cuZXhhbXBsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMB | ||
| 5 | BwNCAASRKti8VW2Rkma+Kt9jQkMNitlCs0l5w8u3SSwm7HZREvmcBCJBjVIREacR | ||
| 6 | qI0umhzR2V5NLzBBP9yPD/A+Ch5Xo1EwTzAOBgNVHQ8BAf8EBAMCAgQwEwYDVR0l | ||
| 7 | BAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh | ||
| 8 | bXBsZS5jb20wCgYIKoZIzj0EAwIDSQAwRgIhAIDFeeYJ8nmYo09OnJFpNS3A6fYO | ||
| 9 | ZliHkAqOsg193DTnAiEA3OSHLCczcvRjMG+qd/FI61u2sKU1hhHh7uHtD/YO/dA= | ||
| 10 | -----END CERTIFICATE----- | ||
diff --git a/src/regress/lib/libcrypto/x509/policy/policy_leaf_oid1.pem b/src/regress/lib/libcrypto/x509/policy/policy_leaf_oid1.pem new file mode 100644 index 0000000000..94cd1a77b4 --- /dev/null +++ b/src/regress/lib/libcrypto/x509/policy/policy_leaf_oid1.pem | |||
| @@ -0,0 +1,11 @@ | |||
| 1 | -----BEGIN CERTIFICATE----- | ||
| 2 | MIIBlTCCATygAwIBAgIBAzAKBggqhkjOPQQDAjAeMRwwGgYDVQQDExNQb2xpY3kg | ||
| 3 | SW50ZXJtZWRpYXRlMCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAa | ||
| 4 | MRgwFgYDVQQDEw93d3cuZXhhbXBsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMB | ||
| 5 | BwNCAASRKti8VW2Rkma+Kt9jQkMNitlCs0l5w8u3SSwm7HZREvmcBCJBjVIREacR | ||
| 6 | qI0umhzR2V5NLzBBP9yPD/A+Ch5Xo20wazAOBgNVHQ8BAf8EBAMCAgQwEwYDVR0l | ||
| 7 | BAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh | ||
| 8 | bXBsZS5jb20wGgYDVR0gBBMwETAPBg0qhkiG9xIEAYS3CQIBMAoGCCqGSM49BAMC | ||
| 9 | A0cAMEQCIHh4Bo8l/HVJhLMWcYusPOE0arqoDrJ5E0M6nEi3nRhgAiAArK8bBohG | ||
| 10 | fZ3DmVMq/2BJtQZwRRj+50VKWuf9mBSflQ== | ||
| 11 | -----END CERTIFICATE----- | ||
diff --git a/src/regress/lib/libcrypto/x509/policy/policy_leaf_oid2.pem b/src/regress/lib/libcrypto/x509/policy/policy_leaf_oid2.pem new file mode 100644 index 0000000000..10adf86c52 --- /dev/null +++ b/src/regress/lib/libcrypto/x509/policy/policy_leaf_oid2.pem | |||
| @@ -0,0 +1,11 @@ | |||
| 1 | -----BEGIN CERTIFICATE----- | ||
| 2 | MIIBlzCCATygAwIBAgIBAzAKBggqhkjOPQQDAjAeMRwwGgYDVQQDExNQb2xpY3kg | ||
| 3 | SW50ZXJtZWRpYXRlMCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAa | ||
| 4 | MRgwFgYDVQQDEw93d3cuZXhhbXBsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMB | ||
| 5 | BwNCAASRKti8VW2Rkma+Kt9jQkMNitlCs0l5w8u3SSwm7HZREvmcBCJBjVIREacR | ||
| 6 | qI0umhzR2V5NLzBBP9yPD/A+Ch5Xo20wazAOBgNVHQ8BAf8EBAMCAgQwEwYDVR0l | ||
| 7 | BAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh | ||
| 8 | bXBsZS5jb20wGgYDVR0gBBMwETAPBg0qhkiG9xIEAYS3CQICMAoGCCqGSM49BAMC | ||
| 9 | A0kAMEYCIQDvW7rdL6MSW/0BPNET4hEeECO6LWmZZHKCHIu6o33dsAIhAPwgm6lD | ||
| 10 | KV2hMOxkE6rBDQzlCr+zAkQrxSzQZqJp5p+W | ||
| 11 | -----END CERTIFICATE----- | ||
diff --git a/src/regress/lib/libcrypto/x509/policy/policy_leaf_oid3.pem b/src/regress/lib/libcrypto/x509/policy/policy_leaf_oid3.pem new file mode 100644 index 0000000000..e5c103151b --- /dev/null +++ b/src/regress/lib/libcrypto/x509/policy/policy_leaf_oid3.pem | |||
| @@ -0,0 +1,11 @@ | |||
| 1 | -----BEGIN CERTIFICATE----- | ||
| 2 | MIIBlzCCATygAwIBAgIBAzAKBggqhkjOPQQDAjAeMRwwGgYDVQQDExNQb2xpY3kg | ||
| 3 | SW50ZXJtZWRpYXRlMCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAa | ||
| 4 | MRgwFgYDVQQDEw93d3cuZXhhbXBsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMB | ||
| 5 | BwNCAASRKti8VW2Rkma+Kt9jQkMNitlCs0l5w8u3SSwm7HZREvmcBCJBjVIREacR | ||
| 6 | qI0umhzR2V5NLzBBP9yPD/A+Ch5Xo20wazAOBgNVHQ8BAf8EBAMCAgQwEwYDVR0l | ||
| 7 | BAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh | ||
| 8 | bXBsZS5jb20wGgYDVR0gBBMwETAPBg0qhkiG9xIEAYS3CQIDMAoGCCqGSM49BAMC | ||
| 9 | A0kAMEYCIQDBPnPpRsOH20ncg8TKUdlONfbO62WafQj9SKgyi/nGBQIhAMhT8J7f | ||
| 10 | fTEou6jlAilaIQwlAgZzVKRqgghIHezFY86T | ||
| 11 | -----END CERTIFICATE----- | ||
diff --git a/src/regress/lib/libcrypto/x509/policy/policy_leaf_oid4.pem b/src/regress/lib/libcrypto/x509/policy/policy_leaf_oid4.pem new file mode 100644 index 0000000000..7dd7a547af --- /dev/null +++ b/src/regress/lib/libcrypto/x509/policy/policy_leaf_oid4.pem | |||
| @@ -0,0 +1,11 @@ | |||
| 1 | -----BEGIN CERTIFICATE----- | ||
| 2 | MIIBlzCCATygAwIBAgIBAzAKBggqhkjOPQQDAjAeMRwwGgYDVQQDExNQb2xpY3kg | ||
| 3 | SW50ZXJtZWRpYXRlMCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAa | ||
| 4 | MRgwFgYDVQQDEw93d3cuZXhhbXBsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMB | ||
| 5 | BwNCAASRKti8VW2Rkma+Kt9jQkMNitlCs0l5w8u3SSwm7HZREvmcBCJBjVIREacR | ||
| 6 | qI0umhzR2V5NLzBBP9yPD/A+Ch5Xo20wazAOBgNVHQ8BAf8EBAMCAgQwEwYDVR0l | ||
| 7 | BAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh | ||
| 8 | bXBsZS5jb20wGgYDVR0gBBMwETAPBg0qhkiG9xIEAYS3CQIEMAoGCCqGSM49BAMC | ||
| 9 | A0kAMEYCIQD2gnpCTMxUalCtEV52eXzqeJgsKMYvEpJTuU/VqH5KwQIhAPEavAkt | ||
| 10 | cSJsgMgJcJnbBzAdSrbOgHXF2etDHmFbg0hz | ||
| 11 | -----END CERTIFICATE----- | ||
diff --git a/src/regress/lib/libcrypto/x509/policy/policy_leaf_oid5.pem b/src/regress/lib/libcrypto/x509/policy/policy_leaf_oid5.pem new file mode 100644 index 0000000000..2a9aee73b5 --- /dev/null +++ b/src/regress/lib/libcrypto/x509/policy/policy_leaf_oid5.pem | |||
| @@ -0,0 +1,11 @@ | |||
| 1 | -----BEGIN CERTIFICATE----- | ||
| 2 | MIIBlzCCATygAwIBAgIBAzAKBggqhkjOPQQDAjAeMRwwGgYDVQQDExNQb2xpY3kg | ||
| 3 | SW50ZXJtZWRpYXRlMCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAa | ||
| 4 | MRgwFgYDVQQDEw93d3cuZXhhbXBsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMB | ||
| 5 | BwNCAASRKti8VW2Rkma+Kt9jQkMNitlCs0l5w8u3SSwm7HZREvmcBCJBjVIREacR | ||
| 6 | qI0umhzR2V5NLzBBP9yPD/A+Ch5Xo20wazAOBgNVHQ8BAf8EBAMCAgQwEwYDVR0l | ||
| 7 | BAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh | ||
| 8 | bXBsZS5jb20wGgYDVR0gBBMwETAPBg0qhkiG9xIEAYS3CQIFMAoGCCqGSM49BAMC | ||
| 9 | A0kAMEYCIQDDFVjhlQ1Wu0KITcRX8kELpVDeYSKSlvEbZc3rn1QjkQIhAMPthqBi | ||
| 10 | I0acz8DPQcdFmHXV0xR2xyC1yuen0gES5WLR | ||
| 11 | -----END CERTIFICATE----- | ||
diff --git a/src/regress/lib/libcrypto/x509/policy/policy_leaf_require.pem b/src/regress/lib/libcrypto/x509/policy/policy_leaf_require.pem new file mode 100644 index 0000000000..169b844419 --- /dev/null +++ b/src/regress/lib/libcrypto/x509/policy/policy_leaf_require.pem | |||
| @@ -0,0 +1,12 @@ | |||
| 1 | -----BEGIN CERTIFICATE----- | ||
| 2 | MIIBuDCCAV2gAwIBAgIBAzAKBggqhkjOPQQDAjAeMRwwGgYDVQQDExNQb2xpY3kg | ||
| 3 | SW50ZXJtZWRpYXRlMCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAa | ||
| 4 | MRgwFgYDVQQDEw93d3cuZXhhbXBsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMB | ||
| 5 | BwNCAASRKti8VW2Rkma+Kt9jQkMNitlCs0l5w8u3SSwm7HZREvmcBCJBjVIREacR | ||
| 6 | qI0umhzR2V5NLzBBP9yPD/A+Ch5Xo4GNMIGKMA4GA1UdDwEB/wQEAwICBDATBgNV | ||
| 7 | HSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMBoGA1UdEQQTMBGCD3d3dy5l | ||
| 8 | eGFtcGxlLmNvbTArBgNVHSAEJDAiMA8GDSqGSIb3EgQBhLcJAgEwDwYNKoZIhvcS | ||
| 9 | BAGEtwkCAjAMBgNVHSQEBTADgAEAMAoGCCqGSM49BAMCA0kAMEYCIQDrNQPi/mdK | ||
| 10 | l7Nd/YmMXWYTHJBWWin1zA64Ohkd7z4jGgIhAJpw/umk5MxS1MwSi+YTkkcSQKpl | ||
| 11 | YROQH6+T53DauoW6 | ||
| 12 | -----END CERTIFICATE----- | ||
diff --git a/src/regress/lib/libcrypto/x509/policy/policy_leaf_require1.pem b/src/regress/lib/libcrypto/x509/policy/policy_leaf_require1.pem new file mode 100644 index 0000000000..261ef954f1 --- /dev/null +++ b/src/regress/lib/libcrypto/x509/policy/policy_leaf_require1.pem | |||
| @@ -0,0 +1,12 @@ | |||
| 1 | -----BEGIN CERTIFICATE----- | ||
| 2 | MIIBuDCCAV2gAwIBAgIBAzAKBggqhkjOPQQDAjAeMRwwGgYDVQQDExNQb2xpY3kg | ||
| 3 | SW50ZXJtZWRpYXRlMCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAa | ||
| 4 | MRgwFgYDVQQDEw93d3cuZXhhbXBsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMB | ||
| 5 | BwNCAASRKti8VW2Rkma+Kt9jQkMNitlCs0l5w8u3SSwm7HZREvmcBCJBjVIREacR | ||
| 6 | qI0umhzR2V5NLzBBP9yPD/A+Ch5Xo4GNMIGKMA4GA1UdDwEB/wQEAwICBDATBgNV | ||
| 7 | HSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMBoGA1UdEQQTMBGCD3d3dy5l | ||
| 8 | eGFtcGxlLmNvbTArBgNVHSAEJDAiMA8GDSqGSIb3EgQBhLcJAgEwDwYNKoZIhvcS | ||
| 9 | BAGEtwkCAjAMBgNVHSQEBTADgAEBMAoGCCqGSM49BAMCA0kAMEYCIQCtXENGJrKv | ||
| 10 | IOeLHO/3Nu/SMRXc69Vb3q+4b/uHBFbuqwIhAK22Wfh/ZIHKu3FwbjL+sN0Z39pf | ||
| 11 | Dsak6fp1y4tqNuvK | ||
| 12 | -----END CERTIFICATE----- | ||
diff --git a/src/regress/lib/libcrypto/x509/policy/policy_root.pem b/src/regress/lib/libcrypto/x509/policy/policy_root.pem new file mode 100644 index 0000000000..595f8a132a --- /dev/null +++ b/src/regress/lib/libcrypto/x509/policy/policy_root.pem | |||
| @@ -0,0 +1,10 @@ | |||
| 1 | -----BEGIN CERTIFICATE----- | ||
| 2 | MIIBdTCCARqgAwIBAgIBATAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg | ||
| 3 | Um9vdDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowFjEUMBIGA1UE | ||
| 4 | AxMLUG9saWN5IFJvb3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQmdqXYl1Gv | ||
| 5 | Y7y3jcTTK6MVXIQr44TqChRYI6IeV9tIB6jIsOY+Qol1bk8x/7A5FGOnUWFVLEAP | ||
| 6 | EPSJwPndjolto1cwVTAOBgNVHQ8BAf8EBAMCAgQwEwYDVR0lBAwwCgYIKwYBBQUH | ||
| 7 | AwEwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU0GnnoB+yeN63WMthnh6Uh1HH | ||
| 8 | dRIwCgYIKoZIzj0EAwIDSQAwRgIhAKVxVAaJnmvt+q4SqegGS23QSzKPM9Yakw9e | ||
| 9 | bOUU9+52AiEAjXPRBdd90YDey4VFu4f/78yVe0cxMK30lll7lLl7TTA= | ||
| 10 | -----END CERTIFICATE----- | ||
diff --git a/src/regress/lib/libcrypto/x509/policy/policy_root2.pem b/src/regress/lib/libcrypto/x509/policy/policy_root2.pem new file mode 100644 index 0000000000..1350035fd4 --- /dev/null +++ b/src/regress/lib/libcrypto/x509/policy/policy_root2.pem | |||
| @@ -0,0 +1,10 @@ | |||
| 1 | -----BEGIN CERTIFICATE----- | ||
| 2 | MIIBeDCCAR6gAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1Qb2xpY3kg | ||
| 3 | Um9vdCAyMCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAYMRYwFAYD | ||
| 4 | VQQDEw1Qb2xpY3kgUm9vdCAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEJnal | ||
| 5 | 2JdRr2O8t43E0yujFVyEK+OE6goUWCOiHlfbSAeoyLDmPkKJdW5PMf+wORRjp1Fh | ||
| 6 | VSxADxD0icD53Y6JbaNXMFUwDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG | ||
| 7 | AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNBp56Afsnjet1jLYZ4e | ||
| 8 | lIdRx3USMAoGCCqGSM49BAMCA0gAMEUCIQDm9rw9ODVtJUPBn2lWoK8s7ElbyY4/ | ||
| 9 | Gc2thHR50UUzbgIgKRenEDhKiBR6cGC77RaIiaaafW8b7HMd7obuZdDU/58= | ||
| 10 | -----END CERTIFICATE----- | ||
diff --git a/src/regress/lib/libcrypto/x509/policy/policy_root_cross_inhibit_mapping.pem b/src/regress/lib/libcrypto/x509/policy/policy_root_cross_inhibit_mapping.pem new file mode 100644 index 0000000000..9273a53086 --- /dev/null +++ b/src/regress/lib/libcrypto/x509/policy/policy_root_cross_inhibit_mapping.pem | |||
| @@ -0,0 +1,11 @@ | |||
| 1 | -----BEGIN CERTIFICATE----- | ||
| 2 | MIIBljCCAT2gAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1Qb2xpY3kg | ||
| 3 | Um9vdCAyMCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAWMRQwEgYD | ||
| 4 | VQQDEwtQb2xpY3kgUm9vdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCZ2pdiX | ||
| 5 | Ua9jvLeNxNMroxVchCvjhOoKFFgjoh5X20gHqMiw5j5CiXVuTzH/sDkUY6dRYVUs | ||
| 6 | QA8Q9InA+d2OiW2jeDB2MA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEF | ||
| 7 | BQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTQaeegH7J43rdYy2GeHpSH | ||
| 8 | Ucd1EjARBgNVHSAECjAIMAYGBFUdIAAwDAYDVR0kBAUwA4EBADAKBggqhkjOPQQD | ||
| 9 | AgNHADBEAiBzR3JGEf9PITYuiXTx+vx9gXji5idGsVog9wRUbY98wwIgVVeYNQQb | ||
| 10 | x+RN2wYp3kmm8iswUOrqiI6J4PSzT8CYP8Q= | ||
| 11 | -----END CERTIFICATE----- | ||