--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIDHjCCAgagAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg
+Fw0yMjA2MTcxMDU4MzBaGA8yMTIyMDYxODEwNTgzMFowGTEXMBUGA1UEAwwOc2Vy
+dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY
+YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT
+5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l
+Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1
+U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5
+ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn
+iIQPYf55NB9KiR+3AgMBAAGjezB5MB0GA1UdDgQWBBTnm+IqrYpsOst2UeWOB5gi
+l+FzojAfBgNVHSMEGDAWgBS0ETPx1+Je91OeICIQT4YGvx/JXjAJBgNVHRMEAjAA
+MA4GA1UdDwEB/wQEAwIHgDAcBgNVHSUBAf8EEjAQBggrBgEFBQcDCAYEVR0lADAN
+BgkqhkiG9w0BAQsFAAOCAQEARF7Aal4usByz7BIWnjqvTNoXQBwGOZ+5nuENUbqr
+OcMrWTmA9huqOiseVG665VGE+eLvOi6wSZv+8OEWS4nxwmEFkegMDIyQufP85xN2
+XDtsZNiFk1Wwtq7B29F/kZSqL8py650CAQZhqgHCawlvAFj6Datf8OYsqRmdLvjH
+DpySBOiv06rtCHR4ThEhvou9Tln6Tb6Ap+sq3/pu4Nf4q/ureqCaSQTS+ayvMuAb
+Cg+75Xgvl6nOQSPLkI6YoeA1F0o/51elldCbtfTZM+74btrDnclT3Pyrkp+E63eS
+FcNZWN5nxYl5VZGC9DaoO3+3b6VYQoyROBS5tW0ztf5BeA==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIDGDCCAgCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg
+Fw0yMjA2MTcxMDU4MzBaGA8yMTIyMDYxODEwNTgzMFowGTEXMBUGA1UEAwwOc2Vy
+dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY
+YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT
+5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l
+Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1
+U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5
+ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn
+iIQPYf55NB9KiR+3AgMBAAGjdTBzMB0GA1UdDgQWBBTnm+IqrYpsOst2UeWOB5gi
+l+FzojAfBgNVHSMEGDAWgBS0ETPx1+Je91OeICIQT4YGvx/JXjAJBgNVHRMEAjAA
+MA4GA1UdDwEB/wQEAwIBgjAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDANBgkqhkiG
+9w0BAQsFAAOCAQEAKlm2VpIAqs6OEBh8+J8N+wGjn4lzB92H8nPr+UsxeVzbFJAY
+ESu9CJFWW9iPjzk6tCu2qwbCQd8jmMbgwHRVekafW6Cpit3qhIE+GZ5bmM7OmRnT
+ueNWtMYoh/V+rNtpZcoTvPDcxHuEmh/kKgxqTrZ/7+SlusO2ita6GfOrWgD4Xc3h
+djQ1WTSEG/G8PHSnYZ7YEvBhFHAHblaN2AgawexM/mcoWQgOEcQTouMk98zdStp2
++N+oNmRO4FbKy/vkrSQNly6P+EZKI2ZJ6f6cRB5LDdCXyPcjCC/JqL4/Ota2xnJU
+4RX9/X+Uxvvfsc/6dmqy2orJ4KxSlgaHS0Ip2A==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIDGDCCAgCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg
+Fw0yMjA2MTcxMDU4MzBaGA8yMTIyMDYxODEwNTgzMFowGTEXMBUGA1UEAwwOc2Vy
+dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY
+YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT
+5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l
+Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1
+U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5
+ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn
+iIQPYf55NB9KiR+3AgMBAAGjdTBzMB0GA1UdDgQWBBTnm+IqrYpsOst2UeWOB5gi
+l+FzojAfBgNVHSMEGDAWgBS0ETPx1+Je91OeICIQT4YGvx/JXjAJBgNVHRMEAjAA
+MA4GA1UdDwEB/wQEAwIChDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDANBgkqhkiG
+9w0BAQsFAAOCAQEAXSCrYzwK4/ZfXgURG9nxn1ZJtx/z2TdEyebe6f5YmZE14VxU
+cQbLynkydPSntmn60IQWABtueFlTpqOXEfQOxDosN8Nd3L4TkgG/a8mJbuTdfho6
+3NizJzkIxUW7nWiMjrSpkr082HPX/FCbRcg/2oSCOJb5Ap9ZvHpCKtowXGRwcAMW
+Yvw5pJDDntklTIWiKqTMo5poKRi4v8Sk/Dh7EwLi8l3e6BlHVx5aBh6l7REj0Stm
+j/0HbIBHYLK8+hR32uwA7KoZivgaXxvl0A1DsMGuLZjH+yUd2n7yibqln/Dc2NV8
+aXefMwNqGYnAufJijTmiSdR+CkMex4RYDQgdwQ==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIDFTCCAf2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg
+Fw0yMjA2MTcxMDU4MzBaGA8yMTIyMDYxODEwNTgzMFowGTEXMBUGA1UEAwwOc2Vy
+dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY
+YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT
+5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l
+Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1
+U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5
+ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn
+iIQPYf55NB9KiR+3AgMBAAGjcjBwMB0GA1UdDgQWBBTnm+IqrYpsOst2UeWOB5gi
+l+FzojAfBgNVHSMEGDAWgBS0ETPx1+Je91OeICIQT4YGvx/JXjAJBgNVHRMEAjAA
+MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCDANBgkqhkiG9w0B
+AQsFAAOCAQEAjQfg65wHwxrd5jBi/Y50BVWb3uvHM/n8y/weOoWP5YXQTUbVqbNT
+cxy2SrfDMK4wh5YErwgO9C0yHGBL7fXvnqBqSDnMM2lh9D7DnOQ4K02ZyZLjzkXH
+3oprmYKbGSAsifGPuAUhfw8bvhbH1i+gNDxK1g0TcuQhfQ//3vUwIsp5e8ADaFIg
+4qCNhvMnv/VkfEpg5hBeVOYSv2ITVhLwkvIKjxEIbfOxj2muglw3fwFhLlAUKp/t
+f4i8+OHIMVCQIPpceA/cwmh7HPpLiaQ4EJBWHynb03RwZ8RqZL2tGzg/pZQsjggj
+kiZlT3EwSpQjqgBPNLY9DPWMDBCnY+DPWw==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIDIjCCAgqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg
+Fw0yMjA2MTcxMDU4MzBaGA8yMTIyMDYxODEwNTgzMFowGTEXMBUGA1UEAwwOc2Vy
+dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY
+YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT
+5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l
+Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1
+U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5
+ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn
+iIQPYf55NB9KiR+3AgMBAAGjfzB9MB0GA1UdDgQWBBTnm+IqrYpsOst2UeWOB5gi
+l+FzojAfBgNVHSMEGDAWgBS0ETPx1+Je91OeICIQT4YGvx/JXjAJBgNVHRMEAjAA
+MA4GA1UdDwEB/wQEAwIHgDAgBgNVHSUBAf8EFjAUBggrBgEFBQcDCAYIKwYBBQUH
+AwEwDQYJKoZIhvcNAQELBQADggEBACT1ybiBVe+mNC+DSH+8ZG0Ih96OKLiyPNL4
+fA+uCzpn4Ey2cPAnPK/7w0V77dGs7Phpc0LPBj/kVfybhZvJVJDgjnXcdbK1JxUC
+zKMRMFP38cE7wyYgsAR6bZilMMsdWAvA+BERd1DoAkePEB3F0/NUj0EP6bDiWE6F
+ZtvVyqQYSpmu6VkrxR9lOhUpEzHddNTz2V7QvGcI+8zValG++IluvPHbRL/lFsvV
+QjmzuMW8d3+oVycC53bWO6Lj0yX/h6DwP8Tj50w2OgUnV+CmXaxbLNF2sMjM8Omp
+YzVRJg2Vqu02KI6QYnwvLHNR6JjGw+OJYHF1DY+GDEEN24BOK8k=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIDGDCCAgCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg
+Fw0yMjA2MTcxMDU4MzBaGA8yMTIyMDYxODEwNTgzMFowGTEXMBUGA1UEAwwOc2Vy
+dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY
+YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT
+5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l
+Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1
+U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5
+ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn
+iIQPYf55NB9KiR+3AgMBAAGjdTBzMB0GA1UdDgQWBBTnm+IqrYpsOst2UeWOB5gi
+l+FzojAfBgNVHSMEGDAWgBS0ETPx1+Je91OeICIQT4YGvx/JXjAJBgNVHRMEAjAA
+MA4GA1UdDwEB/wQEAwIHgDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDANBgkqhkiG
+9w0BAQsFAAOCAQEAkWshPdAJh5hdpXTqFx3o6UinpCxszJyupHjFzpOoW8FXafva
+AgHDjHnbnS7t/haUHb8bDh3qYUBgJM6QvJS2O6rZd1ZRV3+dFevePUcwQXu4w6Zp
+vX9GS4v/grpiqc2LKqLekuWIkyxJ0sLjDHcAPb8KTpquCWVWsX9qxPjujyxXBlTc
+s9vPQU1j6utbqWPm7LAURebJCNBxHz/IgC0gp+1ln7LP97gkGz/bDQYOLeDsNXz4
+3YpIyRoSTJTnjeotfXhYL2Sak2z0KGtZS5S2BgDv0xjYMprGbJ7JbbSty1Os0I8w
+Wfw9muf+O/IStl6or/QbWRde6sTr4En7BdObWg==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIDFTCCAf2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg
+Fw0yMjA2MTcxMDU4MzBaGA8yMTIyMDYxODEwNTgzMFowGTEXMBUGA1UEAwwOc2Vy
+dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY
+YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT
+5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l
+Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1
+U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5
+ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn
+iIQPYf55NB9KiR+3AgMBAAGjcjBwMB0GA1UdDgQWBBTnm+IqrYpsOst2UeWOB5gi
+l+FzojAfBgNVHSMEGDAWgBS0ETPx1+Je91OeICIQT4YGvx/JXjAJBgNVHRMEAjAA
+MAsGA1UdDwQEAwIHgDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDANBgkqhkiG9w0B
+AQsFAAOCAQEAUHC/kPMTXWZHVsHbIYuqitxgvfplpvTf9FEeoo7RjzY4Zb9xymOt
+EeBHfz0HMMIz6c0eV/Y0cfqEBSWf263qRTN+b1XgFaAP30JII3Okxfv7ul8kxvD2
+f22z4+h471FkeH4ZvQ6tD1mwiBcZbXm9g4fRn+WIQfhNY+JaKkespA7diG8i1hSm
+/3wc0k/U155vBAmrfIGyUFZzewkt18qnOYQVEw+TPHeV5yd6yrbUQs55CafqEwFV
+U9Fb781PIXAw2lKMnoID9/Mm9k5HlQgJ5+bYlRQQhfvfHVv/1WHDlwxE+1L9t1g3
+khZmeRPu1hDAMS5TFaO2lHTRvTTUexsICw==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIDBTCCAe2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg
+Fw0yMjA2MTcxMDU4MzBaGA8yMTIyMDYxODEwNTgzMFowGTEXMBUGA1UEAwwOc2Vy
+dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY
+YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT
+5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l
+Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1
+U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5
+ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn
+iIQPYf55NB9KiR+3AgMBAAGjYjBgMB0GA1UdDgQWBBTnm+IqrYpsOst2UeWOB5gi
+l+FzojAfBgNVHSMEGDAWgBS0ETPx1+Je91OeICIQT4YGvx/JXjAJBgNVHRMEAjAA
+MBMGA1UdJQQMMAoGCCsGAQUFBwMIMA0GCSqGSIb3DQEBCwUAA4IBAQBrivg4yDW+
+SeLTjEPEhVmSHgJ7CTnU6wJxZKXDLGhTi3dB7yrBMMy7F0Vmbz/Pg+xxZIsOeMzt
+uPi196nfbilHN+sIjn847i06KJgTuQhr13lzy3ky3UIQ5TIWWfaEkz/+mr7zcRD3
+i37GpPSTWOpbmNsZELHuowtpaHLCnaG0SGJoKLJX/DOUsRNKyAHL3eFPwF+w89dK
+7YMikdPWW39gLcjCLMtI0M179a8woW1oNHAUCsIUabiRLI8GzUumyO2hPqhTXRMq
+FKABr+H2uuRN+MPTZun9g/QLZBqY4sADDI3ko7OYWHwjYeDaqzNWs1T6R7d7+SsO
+ws2OW3INcQC8
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIDCDCCAfCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg
+Fw0yMjA2MTcxMDU4MzBaGA8yMTIyMDYxODEwNTgzMFowGTEXMBUGA1UEAwwOc2Vy
+dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY
+YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT
+5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l
+Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1
+U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5
+ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn
+iIQPYf55NB9KiR+3AgMBAAGjZTBjMB0GA1UdDgQWBBTnm+IqrYpsOst2UeWOB5gi
+l+FzojAfBgNVHSMEGDAWgBS0ETPx1+Je91OeICIQT4YGvx/JXjAJBgNVHRMEAjAA
+MBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMIMA0GCSqGSIb3DQEBCwUAA4IBAQB7UIs8
+nTM63TDe8tO+isxz5d0WWIn/DCdBPw9t2BNJ4KsgaaP6TPLeQBU4M5+fp7kNV5Re
+mphQxwl/DMTvMtbqkVVrN2HOTXYoLi/SoOck7oGU+YwOhocxAZHxvZlqrUxCVZEb
+kQOsosfFNE0PhPdF2UuHC8h/wmjEb1hgSAz2JlKzW2dATb8OOm+5iqzSQwGB0nKj
+cGTo+K0DDYGrL9iZnGpjT6S4Nhk8opfrCgJyd/E2BB050yrhU/7QUAtBpSt3rdke
+V6LiW+y6+CiH4OpEnxtuWI42Bq8KBxFgMNOhOvC2dBcmciE6oPFslOLCF17DzEPO
+9YE9aULDF/HfXbMR
+-----END CERTIFICATE-----
openssl x509 -in ee-client.pem -trustout \
-addreject clientAuth -out ee-clientAuth.pem
+# time stamping certificates
+./mkcert.sh genee -p critical,timeStamping -k critical,digitalSignature server.example ee-key ee-timestampsign-CABforum ca-key ca-cert
+./mkcert.sh genee -p timeStamping -k critical,digitalSignature server.example ee-key ee-timestampsign-CABforum-noncritxku ca-key ca-cert
+./mkcert.sh genee -p critical,timeStamping,serverAuth -k critical,digitalSignature server.example ee-key ee-timestampsign-CABforum-serverauth ca-key ca-cert
+./mkcert.sh genee -p critical,timeStamping,2.5.29.37.0 -k critical,digitalSignature server.example ee-key ee-timestampsign-CABforum-anyextkeyusage ca-key ca-cert
+./mkcert.sh genee -p critical,timeStamping -k critical,digitalSignature,cRLSign server.example ee-key ee-timestampsign-CABforum-crlsign ca-key ca-cert
+./mkcert.sh genee -p critical,timeStamping -k critical,digitalSignature,keyCertSign server.example ee-key ee-timestampsign-CABforum-keycertsign ca-key ca-cert
+./mkcert.sh genee -p critical,timeStamping server.example ee-key ee-timestampsign-rfc3161 ca-key ca-cert
+./mkcert.sh genee -p timeStamping server.example ee-key ee-timestampsign-rfc3161-noncritxku ca-key ca-cert
+./mkcert.sh genee -p critical,timeStamping -k digitalSignature server.example ee-key ee-timestampsign-rfc3161-digsig ca-key ca-cert
+
# Leaf cert security level variants
# MD5 issuer signature
OPENSSL_SIGALG=md5 \
run(app([@args]));
}
-plan tests => 160;
+plan tests => 169;
# Canonical success
ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]),
ok(!verify("ee-pathlen", "sslserver", [qw(root-cert)], [qw(ca-cert)], "-x509_strict"),
"reject non-ca with pathlen:0 with strict flag");
+# EE veaiants wrt timestamp signing
+ok(verify("ee-timestampsign-CABforum", "timestampsign", [qw(root-cert)], [qw(ca-cert)]),
+ "accept timestampsign according to CAB forum");
+ok(!verify("ee-timestampsign-CABforum-noncritxku", "timestampsign", [qw(root-cert)], [qw(ca-cert)]),
+ "fail timestampsign according to CAB forum with extendedKeyUsage not critical");
+ok(!verify("ee-timestampsign-CABforum-serverauth", "timestampsign", [qw(root-cert)], [qw(ca-cert)]),
+ "fail timestampsign according to CAB forum with serverAuth");
+ok(!verify("ee-timestampsign-CABforum-anyextkeyusage", "timestampsign", [qw(root-cert)], [qw(ca-cert)]),
+ "fail timestampsign according to CAB forum with anyExtendedKeyUsage");
+ok(!verify("ee-timestampsign-CABforum-crlsign", "timestampsign", [qw(root-cert)], [qw(ca-cert)]),
+ "fail timestampsign according to CAB forum with cRLSign");
+ok(!verify("ee-timestampsign-CABforum-keycertsign", "timestampsign", [qw(root-cert)], [qw(ca-cert)]),
+ "fail timestampsign according to CAB forum with keyCertSign");
+ok(verify("ee-timestampsign-rfc3161", "timestampsign", [qw(root-cert)], [qw(ca-cert)]),
+ "accept timestampsign according to RFC 3161");
+ok(!verify("ee-timestampsign-rfc3161-noncritxku", "timestampsign", [qw(root-cert)], [qw(ca-cert)]),
+ "fail timestampsign according to RFC 3161 with extendedKeyUsage not critical");
+ok(verify("ee-timestampsign-rfc3161-digsig", "timestampsign", [qw(root-cert)], [qw(ca-cert)]),
+ "accept timestampsign according to RFC 3161 with digitalSignature");
+
# Proxy certificates
ok(!verify("pc1-cert", "sslclient", [qw(root-cert)], [qw(ee-client ca-cert)]),
"fail to accept proxy cert without -allow_proxy_certs");
projects / thirdparty / openssl.git / commitdiff
