]> git.ipfire.org Git - thirdparty/openssl.git/commit
projects / thirdparty / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 178696d) | patch
X509: add tests for purpose code signing in verify application
authorLutz Jaenicke <ljaenicke@phoenixcontact.com>
Wed, 15 Jun 2022 15:31:19 +0000 (17:31 +0200)
committerTomas Mraz <tomas@openssl.org>
Thu, 18 Aug 2022 08:24:53 +0000 (10:24 +0200)
commit61a97676914df358dd014a9b6fe2ba01b0ebe508
tree21ef0d136c366d88d226b1505c1a244a1f2a51fctree | snapshot
parent178696d6020878361a088086243d56203e0beaa9commit | diff
X509: add tests for purpose code signing in verify application

Correct configuration according to CA Browser forum:
  KU: critical,digitalSignature
  XKU: codeSiging

Note: I did not find any other document formally defining the requirements
for code signing certificates.

Some combinations are explicitly forbidden, some flags can be ignored

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18567)
test/certs/ee-codesign-anyextkeyusage.pem [new file with mode: 0644] blob
test/certs/ee-codesign-crlsign.pem [new file with mode: 0644] blob
test/certs/ee-codesign-keycertsign.pem [new file with mode: 0644] blob
test/certs/ee-codesign-noncritical.pem [new file with mode: 0644] blob
test/certs/ee-codesign-serverauth.pem [new file with mode: 0644] blob
test/certs/ee-codesign.pem [new file with mode: 0644] blob
test/certs/mkcert.sh diff | blob | blame | history
test/certs/setup.sh diff | blob | blame | history
test/recipes/25-test_verify.t diff | blob | blame | history
Mirror of https://github.com/openssl/openssl.git