tests/data_files/test-ca.opensslconf


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125

[req]
x509_extensions = v3_ca
distinguished_name = req_dn

[req_dn]
countryName = NL
organizationalUnitName = PolarSSL
commonName = PolarSSL Test CA

[v3_ca]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = CA:true

[no_subj_auth_id]
subjectKeyIdentifier=none
authorityKeyIdentifier=none
basicConstraints = CA:true

[othername_san]
subjectAltName=otherName:1.3.6.1.5.5.7.8.4;SEQ:hw_module_name

[nonprintable_othername_san]
subjectAltName=otherName:1.3.6.1.5.5.7.8.4;SEQ:nonprintable_hw_module_name

[unsupported_othername_san]
subjectAltName=otherName:1.2.3.4;UTF8:some other identifier

[dns_alt_names]
subjectAltName=DNS:example.com, DNS:example.net, DNS:*.example.org

[rfc822name_names]
subjectAltName=email:my@other.address,email:second@other.address

[alt_names]
DNS.1=example.com
otherName.1=1.3.6.1.5.5.7.8.4;SEQ:hw_module_name
DNS.2=example.net
DNS.3=*.example.org

[multiple_san]
subjectAltName=@alt_names

[ext_multi_nocn]
basicConstraints = CA:false
keyUsage = digitalSignature, nonRepudiation, keyEncipherment
subjectAltName = DNS:www.shotokan-braunschweig.de,DNS:www.massimo-abate.eu,IP:192.168.1.1,IP:192.168.69.144

[hw_module_name]
hwtype = OID:1.3.6.1.4.1.17.3
hwserial = OCT:123456

[nonprintable_hw_module_name]
hwtype = OID:1.3.6.1.4.1.17.3
hwserial = FORMAT:HEX, OCT:3132338081008180333231

[v3_any_policy_ca]
basicConstraints = CA:true
certificatePolicies = 2.5.29.32.0

[v3_any_policy_qualifier_ca]
basicConstraints = CA:true
certificatePolicies = @policy_info

[v3_multi_policy_ca]
basicConstraints = CA:true
certificatePolicies = 1.2.3.4,2.5.29.32.0

[v3_unsupported_policy_ca]
basicConstraints = CA:true
certificatePolicies = 1.2.3.4

[policy_info]
policyIdentifier = 2.5.29.32.0
CPS.1 ="CPS uri string"

[fan_cert]
extendedKeyUsage = 1.3.6.1.4.1.45605.1

[noext_ca]
basicConstraints = CA:true

[test_ca]
database = /dev/null

[crl_ext_idp]
issuingDistributionPoint=critical, @idpdata

[crl_ext_idp_nc]
issuingDistributionPoint=@idpdata

[idpdata]
fullname=URI:http://pki.example.com/

# these IPs are the ascii values for 'abcd' and 'abcd.example.com'
[tricky_ip_san]
subjectAltName=IP:97.98.99.100,IP:6162:6364:2e65:7861:6d70:6c65:2e63:6f6d

[csr_ext_v3_keyUsage]
keyUsage = digitalSignature, keyEncipherment

[csr_ext_v3_subjectAltName]
subjectAltName=DNS:example.com, DNS:example.net, DNS:*.example.org

[csr_ext_v3_nsCertType]
nsCertType=server

[csr_ext_v3_all]
keyUsage = cRLSign
subjectAltName=otherName:1.3.6.1.5.5.7.8.4;SEQ:nonprintable_hw_module_name
nsCertType=client

[directory_name_san]
subjectAltName=dirName:dirname_sect

[two_directorynames]
subjectAltName=dirName:dirname_sect, dirName:dirname_to_malform

[dirname_sect]
C=UK
O=Mbed TLS
CN=Mbed TLS directoryName SAN

[dirname_to_malform]
O=MALFORM_ME