diff options
Diffstat (limited to 'tests/cert-tests/templates')
| -rw-r--r-- | tests/cert-tests/templates/template-date.tmpl | 97 | ||||
| -rw-r--r-- | tests/cert-tests/templates/template-dn-err.tmpl | 67 | ||||
| -rw-r--r-- | tests/cert-tests/templates/template-dn.tmpl | 67 | ||||
| -rw-r--r-- | tests/cert-tests/templates/template-generalized.tmpl | 97 | ||||
| -rw-r--r-- | tests/cert-tests/templates/template-krb5name.tmpl | 68 | ||||
| -rw-r--r-- | tests/cert-tests/templates/template-nc.tmpl | 87 | ||||
| -rw-r--r-- | tests/cert-tests/templates/template-othername-xmpp.tmpl | 70 | ||||
| -rw-r--r-- | tests/cert-tests/templates/template-othername.tmpl | 71 | ||||
| -rw-r--r-- | tests/cert-tests/templates/template-overflow.tmpl | 97 | ||||
| -rw-r--r-- | tests/cert-tests/templates/template-overflow2.tmpl | 97 | ||||
| -rw-r--r-- | tests/cert-tests/templates/template-test.tmpl | 99 | ||||
| -rw-r--r-- | tests/cert-tests/templates/template-tlsfeature-crq.tmpl | 23 | ||||
| -rw-r--r-- | tests/cert-tests/templates/template-tlsfeature.tmpl | 102 | ||||
| -rw-r--r-- | tests/cert-tests/templates/template-unique.tmpl | 70 | ||||
| -rw-r--r-- | tests/cert-tests/templates/template-utf8.tmpl | 35 |
15 files changed, 1147 insertions, 0 deletions
diff --git a/tests/cert-tests/templates/template-date.tmpl b/tests/cert-tests/templates/template-date.tmpl new file mode 100644 index 0000000000..a535d10821 --- /dev/null +++ b/tests/cert-tests/templates/template-date.tmpl @@ -0,0 +1,97 @@ +# X.509 Certificate options +# +# DN options + +# The organization of the subject. +organization = "Koko inc." + +# The organizational unit of the subject. +unit = "sleeping dept." + +# The locality of the subject. +# locality = + +# The state of the certificate owner. +state = "Attiki" + +# The country of the subject. Two letter code. +country = GR + +# The common name of the certificate owner. +cn = "Cindy Lauper" + +# A user id of the certificate owner. +uid = "clauper" + +# If the supported DN OIDs are not adequate you can set +# any OID here. +# For example set the X.520 Title and the X.520 Pseudonym +# by using OID and string pairs. +dn_oid = 2.5.4.12 Dr. +dn_oid = 2.5.4.65 jackal + +# This is deprecated and should not be used in new +# certificates. +pkcs9_email = "none@none.org" + +# The serial number of the certificate +serial = 7 + +expiration_date = 2015-05-24 14:29:12 +activation_date = 2029-01-12 11:36:11 + +# X.509 v3 extensions + +# A dnsname in case of a WWW server. +dns_name = "www.none.org" +dns_name = "www.morethanone.org" + +# An IP address in case of a server. +ip_address = "192.168.1.1" + +dns_name = "www.evenmorethanone.org" + +# An email in case of a person +email = "none@none.org" + +# An URL that has CRLs (certificate revocation lists) +# available. Needed in CA certificates. +crl_dist_points = "http://www.getcrl.crl/getcrl/" + +email = "where@none.org" + +# Whether this is a CA certificate or not +ca + +# Whether this certificate will be used for a TLS client +#tls_www_client + +# Whether this certificate will be used for a TLS server +#tls_www_server + +# Whether this certificate will be used to sign data (needed +# in TLS DHE ciphersuites). +signing_key + +# Whether this certificate will be used to encrypt data (needed +# in TLS RSA ciphersuites). Note that it is preferred to use different +# keys for encryption and signing. +#encryption_key + +# Whether this key will be used to sign other certificates. +cert_signing_key + +# Whether this key will be used to sign CRLs. +#crl_signing_key + +# Whether this key will be used to sign code. +#code_signing_key + +# Whether this key will be used to sign OCSP data. +ocsp_signing_key + +# Whether this key will be used for time stamping. +#time_stamping_key + +# Whether this key will be used for IPsec IKE operations. +#ipsec_ike_key diff --git a/tests/cert-tests/templates/template-dn-err.tmpl b/tests/cert-tests/templates/template-dn-err.tmpl new file mode 100644 index 0000000000..df864bb8de --- /dev/null +++ b/tests/cert-tests/templates/template-dn-err.tmpl @@ -0,0 +1,67 @@ +# X.509 Certificate options +# +# DN options + +dn = "acn=Nik,st=Attiki,C=GR,surNameO=Mavrogiannopoulos,2.5.4.9=Arkadias" + +# The serial number of the certificate +serial = 7 + +# In how many days, counting from today, this certificate will expire. +expiration_days = 2590 + +# X.509 v3 extensions + +# A dnsname in case of a WWW server. +dns_name = "www.none.org" +dns_name = "www.morethanone.org" + +# An IP address in case of a server. +ip_address = "192.168.1.1" + +dns_name = "www.evenmorethanone.org" + +# An email in case of a person +email = "none@none.org" + +# An URL that has CRLs (certificate revocation lists) +# available. Needed in CA certificates. +crl_dist_points = "http://www.getcrl.crl/getcrl/" + +email = "where@none.org" + +# Whether this is a CA certificate or not +ca + +# Whether this certificate will be used for a TLS client +#tls_www_client + +# Whether this certificate will be used for a TLS server +#tls_www_server + +# Whether this certificate will be used to sign data (needed +# in TLS DHE ciphersuites). +signing_key + +# Whether this certificate will be used to encrypt data (needed +# in TLS RSA ciphersuites). Note that it is preferred to use different +# keys for encryption and signing. +#encryption_key + +# Whether this key will be used to sign other certificates. +cert_signing_key + +# Whether this key will be used to sign CRLs. +#crl_signing_key + +# Whether this key will be used to sign code. +#code_signing_key + +# Whether this key will be used to sign OCSP data. +ocsp_signing_key + +# Whether this key will be used for time stamping. +#time_stamping_key + +# Whether this key will be used for IPsec IKE operations. +#ipsec_ike_key diff --git a/tests/cert-tests/templates/template-dn.tmpl b/tests/cert-tests/templates/template-dn.tmpl new file mode 100644 index 0000000000..a3172bb6b9 --- /dev/null +++ b/tests/cert-tests/templates/template-dn.tmpl @@ -0,0 +1,67 @@ +# X.509 Certificate options +# +# DN options + +dn = "cn=Nik,st=Attiki,C=GR,surName=Mavrogiannopoulos,2.5.4.9=Arkadias" + +# The serial number of the certificate +serial = 7 + +# In how many days, counting from today, this certificate will expire. +expiration_days = 2590 + +# X.509 v3 extensions + +# A dnsname in case of a WWW server. +dns_name = "www.none.org" +dns_name = "www.morethanone.org" + +# An IP address in case of a server. +ip_address = "192.168.1.1" + +dns_name = "www.evenmorethanone.org" + +# An email in case of a person +email = "none@none.org" + +# An URL that has CRLs (certificate revocation lists) +# available. Needed in CA certificates. +crl_dist_points = "http://www.getcrl.crl/getcrl/" + +email = "where@none.org" + +# Whether this is a CA certificate or not +ca + +# Whether this certificate will be used for a TLS client +#tls_www_client + +# Whether this certificate will be used for a TLS server +#tls_www_server + +# Whether this certificate will be used to sign data (needed +# in TLS DHE ciphersuites). +signing_key + +# Whether this certificate will be used to encrypt data (needed +# in TLS RSA ciphersuites). Note that it is preferred to use different +# keys for encryption and signing. +#encryption_key + +# Whether this key will be used to sign other certificates. +cert_signing_key + +# Whether this key will be used to sign CRLs. +#crl_signing_key + +# Whether this key will be used to sign code. +#code_signing_key + +# Whether this key will be used to sign OCSP data. +ocsp_signing_key + +# Whether this key will be used for time stamping. +#time_stamping_key + +# Whether this key will be used for IPsec IKE operations. +#ipsec_ike_key diff --git a/tests/cert-tests/templates/template-generalized.tmpl b/tests/cert-tests/templates/template-generalized.tmpl new file mode 100644 index 0000000000..2143c82242 --- /dev/null +++ b/tests/cert-tests/templates/template-generalized.tmpl @@ -0,0 +1,97 @@ +# X.509 Certificate options +# +# DN options + +# The organization of the subject. +organization = "Koko inc." + +# The organizational unit of the subject. +unit = "sleeping dept." + +# The locality of the subject. +# locality = + +# The state of the certificate owner. +state = "Attiki" + +# The country of the subject. Two letter code. +country = GR + +# The common name of the certificate owner. +cn = "Cindy Lauper" + +# A user id of the certificate owner. +uid = "clauper" + +# If the supported DN OIDs are not adequate you can set +# any OID here. +# For example set the X.520 Title and the X.520 Pseudonym +# by using OID and string pairs. +dn_oid = 2.5.4.12 Dr. +dn_oid = 2.5.4.65 jackal + +# This is deprecated and should not be used in new +# certificates. +pkcs9_email = "none@none.org" + +# The serial number of the certificate +serial = 7 + +expiration_date = 2055-05-24 14:29:12 +activation_date = 2051-01-12 11:36:11 + +# X.509 v3 extensions + +# A dnsname in case of a WWW server. +dns_name = "www.none.org" +dns_name = "www.morethanone.org" + +# An IP address in case of a server. +ip_address = "192.168.1.1" + +dns_name = "www.evenmorethanone.org" + +# An email in case of a person +email = "none@none.org" + +# An URL that has CRLs (certificate revocation lists) +# available. Needed in CA certificates. +crl_dist_points = "http://www.getcrl.crl/getcrl/" + +email = "where@none.org" + +# Whether this is a CA certificate or not +ca + +# Whether this certificate will be used for a TLS client +#tls_www_client + +# Whether this certificate will be used for a TLS server +#tls_www_server + +# Whether this certificate will be used to sign data (needed +# in TLS DHE ciphersuites). +signing_key + +# Whether this certificate will be used to encrypt data (needed +# in TLS RSA ciphersuites). Note that it is preferred to use different +# keys for encryption and signing. +#encryption_key + +# Whether this key will be used to sign other certificates. +cert_signing_key + +# Whether this key will be used to sign CRLs. +#crl_signing_key + +# Whether this key will be used to sign code. +#code_signing_key + +# Whether this key will be used to sign OCSP data. +ocsp_signing_key + +# Whether this key will be used for time stamping. +#time_stamping_key + +# Whether this key will be used for IPsec IKE operations. +#ipsec_ike_key diff --git a/tests/cert-tests/templates/template-krb5name.tmpl b/tests/cert-tests/templates/template-krb5name.tmpl new file mode 100644 index 0000000000..8fe1e14598 --- /dev/null +++ b/tests/cert-tests/templates/template-krb5name.tmpl @@ -0,0 +1,68 @@ +# X.509 Certificate options +# +# DN options + +dn = "cn=Nik,st=Attiki,C=GR,surName=Mavrogiannopoulos,2.5.4.9=Arkadias" + +# The serial number of the certificate +serial = 7 + +# In how many days, counting from today, this certificate will expire. +expiration_days = 2590 + +# X.509 v3 extensions + +krb5_principal = user@email.domain@KERBEROS.REALM +krb5_principal = user@REALM.COM +krb5_principal = HTTP/user@REALM.COM +krb5_principal = comp1/comp2/user@REALM.COM + +# An IP address in case of a server. +ip_address = "192.168.1.1" + +dns_name = "www.evenmorethanone.org" + +# An email in case of a person +email = "none@none.org" + +# An URL that has CRLs (certificate revocation lists) +# available. Needed in CA certificates. +crl_dist_points = "http://www.getcrl.crl/getcrl/" + +email = "where@none.org" + +# Whether this is a CA certificate or not +ca + +# Whether this certificate will be used for a TLS client +#tls_www_client + +# Whether this certificate will be used for a TLS server +#tls_www_server + +# Whether this certificate will be used to sign data (needed +# in TLS DHE ciphersuites). +signing_key + +# Whether this certificate will be used to encrypt data (needed +# in TLS RSA ciphersuites). Note that it is preferred to use different +# keys for encryption and signing. +#encryption_key + +# Whether this key will be used to sign other certificates. +cert_signing_key + +# Whether this key will be used to sign CRLs. +#crl_signing_key + +# Whether this key will be used to sign code. +#code_signing_key + +# Whether this key will be used to sign OCSP data. +ocsp_signing_key + +# Whether this key will be used for time stamping. +#time_stamping_key + +# Whether this key will be used for IPsec IKE operations. +#ipsec_ike_key diff --git a/tests/cert-tests/templates/template-nc.tmpl b/tests/cert-tests/templates/template-nc.tmpl new file mode 100644 index 0000000000..d6d624e6ac --- /dev/null +++ b/tests/cert-tests/templates/template-nc.tmpl @@ -0,0 +1,87 @@ +# X.509 Certificate options +# +# DN options + +dn = "cn=Nik,st=Attiki,C=GR,surName=Mavrogiannopoulos,2.5.4.9=Arkadias" + +# The serial number of the certificate +serial = 7 + +# In how many days, counting from today, this certificate will expire. +expiration_days = 2590 + +# X.509 v3 extensions + +# A dnsname in case of a WWW server. +dns_name = "www.none.org" +dns_name = "www.morethanone.org" + +# An IP address in case of a server. +#ip_address = "192.168.1.1" + +dns_name = "www.evenmorethanone.org" + +# An email in case of a person +email = "none@none.org" + +# An URL that has CRLs (certificate revocation lists) +# available. Needed in CA certificates. +crl_dist_points = "http://www.getcrl.crl/getcrl/" + +email = "where@none.org" + +# Whether this is a CA certificate or not +ca + +# Whether this certificate will be used for a TLS client +#tls_www_client + +# Whether this certificate will be used for a TLS server +#tls_www_server + +# Whether this certificate will be used to sign data (needed +# in TLS DHE ciphersuites). +signing_key + +# Whether this certificate will be used to encrypt data (needed +# in TLS RSA ciphersuites). Note that it is preferred to use different +# keys for encryption and signing. +#encryption_key + +nc_permit_dns = example.com +nc_exclude_dns = net +nc_exclude_dns = org + +#empty DNS means that subordinates cannot sign certs with DNS names +nc_exclude_dns = '' + +nc_permit_email = nmav@example.com +nc_exclude_email = example.net +nc_exclude_email = example.li + +nc_permit_ip = 192.168.5.0/24 +nc_permit_ip = 10.10.10.0/16 +nc_permit_ip = 172.23.122.0/23 +nc_exclude_ip = 10.10.100.0/24 +nc_exclude_ip = 10.10.101.5/24 + +nc_permit_ip = fc4c:fe8f:7ffa:18bd::/64 +nc_exclude_ip = fc4c:fe8f:7ffa:18bd:72c8:64b9::/96 + +# Whether this key will be used to sign other certificates. +cert_signing_key + +# Whether this key will be used to sign CRLs. +#crl_signing_key + +# Whether this key will be used to sign code. +#code_signing_key + +# Whether this key will be used to sign OCSP data. +ocsp_signing_key + +# Whether this key will be used for time stamping. +#time_stamping_key + +# Whether this key will be used for IPsec IKE operations. +#ipsec_ike_key diff --git a/tests/cert-tests/templates/template-othername-xmpp.tmpl b/tests/cert-tests/templates/template-othername-xmpp.tmpl new file mode 100644 index 0000000000..90c78c01c2 --- /dev/null +++ b/tests/cert-tests/templates/template-othername-xmpp.tmpl @@ -0,0 +1,70 @@ +# X.509 Certificate options +# +# DN options + +dn = "cn=Nik,st=Attiki,C=GR,surName=Mavrogiannopoulos,2.5.4.9=Arkadias" + +# The serial number of the certificate +serial = 7 + +# In how many days, counting from today, this certificate will expire. +expiration_days = 2590 + +# X.509 v3 extensions + +# A dnsname in case of a WWW server. +dns_name = "www.none.org" +dns_name = "www.morethanone.org" + +xmpp_name = juliet@im.example.com +xmpp_name = hello@hello.org + +# An IP address in case of a server. +ip_address = "192.168.1.1" + +dns_name = "www.evenmorethanone.org" + +# An email in case of a person +email = "none@none.org" + +# An URL that has CRLs (certificate revocation lists) +# available. Needed in CA certificates. +crl_dist_points = "http://www.getcrl.crl/getcrl/" + +email = "where@none.org" + +# Whether this is a CA certificate or not +ca + +# Whether this certificate will be used for a TLS client +#tls_www_client + +# Whether this certificate will be used for a TLS server +#tls_www_server + +# Whether this certificate will be used to sign data (needed +# in TLS DHE ciphersuites). +signing_key + +# Whether this certificate will be used to encrypt data (needed +# in TLS RSA ciphersuites). Note that it is preferred to use different +# keys for encryption and signing. +#encryption_key + +# Whether this key will be used to sign other certificates. +cert_signing_key + +# Whether this key will be used to sign CRLs. +#crl_signing_key + +# Whether this key will be used to sign code. +#code_signing_key + +# Whether this key will be used to sign OCSP data. +ocsp_signing_key + +# Whether this key will be used for time stamping. +#time_stamping_key + +# Whether this key will be used for IPsec IKE operations. +#ipsec_ike_key diff --git a/tests/cert-tests/templates/template-othername.tmpl b/tests/cert-tests/templates/template-othername.tmpl new file mode 100644 index 0000000000..96b9b0c2c4 --- /dev/null +++ b/tests/cert-tests/templates/template-othername.tmpl @@ -0,0 +1,71 @@ +# X.509 Certificate options +# +# DN options + +dn = "cn=Nik,st=Attiki,C=GR,surName=Mavrogiannopoulos,2.5.4.9=Arkadias" + +# The serial number of the certificate +serial = 7 + +# In how many days, counting from today, this certificate will expire. +expiration_days = 2590 + +# X.509 v3 extensions + +# A dnsname in case of a WWW server. +dns_name = "www.none.org" +dns_name = "www.morethanone.org" +other_name = "1.3.6.1.5.2.2 302ca00d1b0b56414e5245494e2e4f5247a11b3019a006020400000002a10f300d1b047269636b1b0561646d696e" +other_name_utf8 = "1.3.6.1.5.5.7.8.7 nmav@gnutls.org" +other_name_utf8 = "1.3.6.1.5.5.7.8.5 nmav@gnutls.org" +other_name_octet = "1.2.4.5.6 a test string" + +# An IP address in case of a server. +ip_address = "192.168.1.1" + +dns_name = "www.evenmorethanone.org" + +# An email in case of a person +email = "none@none.org" + +# An URL that has CRLs (certificate revocation lists) +# available. Needed in CA certificates. +crl_dist_points = "http://www.getcrl.crl/getcrl/" + +email = "where@none.org" + +# Whether this is a CA certificate or not +ca + +# Whether this certificate will be used for a TLS client +#tls_www_client + +# Whether this certificate will be used for a TLS server +#tls_www_server + +# Whether this certificate will be used to sign data (needed +# in TLS DHE ciphersuites). +signing_key + +# Whether this certificate will be used to encrypt data (needed +# in TLS RSA ciphersuites). Note that it is preferred to use different +# keys for encryption and signing. +#encryption_key + +# Whether this key will be used to sign other certificates. +cert_signing_key + +# Whether this key will be used to sign CRLs. +#crl_signing_key + +# Whether this key will be used to sign code. +#code_signing_key + +# Whether this key will be used to sign OCSP data. +ocsp_signing_key + +# Whether this key will be used for time stamping. +#time_stamping_key + +# Whether this key will be used for IPsec IKE operations. +#ipsec_ike_key diff --git a/tests/cert-tests/templates/template-overflow.tmpl b/tests/cert-tests/templates/template-overflow.tmpl new file mode 100644 index 0000000000..ec88388624 --- /dev/null +++ b/tests/cert-tests/templates/template-overflow.tmpl @@ -0,0 +1,97 @@ +# X.509 Certificate options +# +# DN options + +# The organization of the subject. +organization = "Koko inc." + +# The organizational unit of the subject. +unit = "sleeping dept." + +# The locality of the subject. +# locality = + +# The state of the certificate owner. +state = "Attiki" + +# The country of the subject. Two letter code. +country = GR + +# The common name of the certificate owner. +cn = "Cindy Lauper" + +# A user id of the certificate owner. +uid = "clauper" + +# If the supported DN OIDs are not adequate you can set +# any OID here. +# For example set the X.520 Title and the X.520 Pseudonym +# by using OID and string pairs. +dn_oid = 2.5.4.12 Dr. +dn_oid = 2.5.4.65 jackal + +# This is deprecated and should not be used in new +# certificates. +pkcs9_email = "none@none.org" + +# The serial number of the certificate +serial = 7 + +# In how many days, counting from today, this certificate will expire. +expiration_days = -1 + +# X.509 v3 extensions + +# A dnsname in case of a WWW server. +dns_name = "www.none.org" +dns_name = "www.morethanone.org" + +# An IP address in case of a server. +ip_address = "192.168.1.1" + +dns_name = "www.evenmorethanone.org" + +# An email in case of a person +email = "none@none.org" + +# An URL that has CRLs (certificate revocation lists) +# available. Needed in CA certificates. +crl_dist_points = "http://www.getcrl.crl/getcrl/" + +email = "where@none.org" + +# Whether this is a CA certificate or not +ca + +# Whether this certificate will be used for a TLS client +#tls_www_client + +# Whether this certificate will be used for a TLS server +#tls_www_server + +# Whether this certificate will be used to sign data (needed +# in TLS DHE ciphersuites). +signing_key + +# Whether this certificate will be used to encrypt data (needed +# in TLS RSA ciphersuites). Note that it is preferred to use different +# keys for encryption and signing. +#encryption_key + +# Whether this key will be used to sign other certificates. +cert_signing_key + +# Whether this key will be used to sign CRLs. +#crl_signing_key + +# Whether this key will be used to sign code. +#code_signing_key + +# Whether this key will be used to sign OCSP data. +ocsp_signing_key + +# Whether this key will be used for time stamping. +#time_stamping_key + +# Whether this key will be used for IPsec IKE operations. +#ipsec_ike_key diff --git a/tests/cert-tests/templates/template-overflow2.tmpl b/tests/cert-tests/templates/template-overflow2.tmpl new file mode 100644 index 0000000000..af245f4edc --- /dev/null +++ b/tests/cert-tests/templates/template-overflow2.tmpl @@ -0,0 +1,97 @@ +# X.509 Certificate options +# +# DN options + +# The organization of the subject. +organization = "Koko inc." + +# The organizational unit of the subject. +unit = "sleeping dept." + +# The locality of the subject. +# locality = + +# The state of the certificate owner. +state = "Attiki" + +# The country of the subject. Two letter code. +country = GR + +# The common name of the certificate owner. +cn = "Cindy Lauper" + +# A user id of the certificate owner. +uid = "clauper" + +# If the supported DN OIDs are not adequate you can set +# any OID here. +# For example set the X.520 Title and the X.520 Pseudonym +# by using OID and string pairs. +dn_oid = 2.5.4.12 Dr. +dn_oid = 2.5.4.65 jackal + +# This is deprecated and should not be used in new +# certificates. +pkcs9_email = "none@none.org" + +# The serial number of the certificate +serial = 7 + +# In how many days, counting from today, this certificate will expire. +expiration_days = 99999 + +# X.509 v3 extensions + +# A dnsname in case of a WWW server. +dns_name = "www.none.org" +dns_name = "www.morethanone.org" + +# An IP address in case of a server. +ip_address = "192.168.1.1" + +dns_name = "www.evenmorethanone.org" + +# An email in case of a person +email = "none@none.org" + +# An URL that has CRLs (certificate revocation lists) +# available. Needed in CA certificates. +crl_dist_points = "http://www.getcrl.crl/getcrl/" + +email = "where@none.org" + +# Whether this is a CA certificate or not +ca + +# Whether this certificate will be used for a TLS client +#tls_www_client + +# Whether this certificate will be used for a TLS server +#tls_www_server + +# Whether this certificate will be used to sign data (needed +# in TLS DHE ciphersuites). +signing_key + +# Whether this certificate will be used to encrypt data (needed +# in TLS RSA ciphersuites). Note that it is preferred to use different +# keys for encryption and signing. +#encryption_key + +# Whether this key will be used to sign other certificates. +cert_signing_key + +# Whether this key will be used to sign CRLs. +#crl_signing_key + +# Whether this key will be used to sign code. +#code_signing_key + +# Whether this key will be used to sign OCSP data. +ocsp_signing_key + +# Whether this key will be used for time stamping. +#time_stamping_key + +# Whether this key will be used for IPsec IKE operations. +#ipsec_ike_key diff --git a/tests/cert-tests/templates/template-test.tmpl b/tests/cert-tests/templates/template-test.tmpl new file mode 100644 index 0000000000..007adcfa53 --- /dev/null +++ b/tests/cert-tests/templates/template-test.tmpl @@ -0,0 +1,99 @@ +# X.509 Certificate options +# +# DN options + +# The organization of the subject. +organization = "Koko inc." + +# The organizational unit of the subject. +unit = "sleeping dept." + +# The locality of the subject. +# locality = + +# The state of the certificate owner. +state = "Attiki" + +# The country of the subject. Two letter code. +country = GR + +# The common name of the certificate owner. +cn = "Cindy Lauper" + +# A user id of the certificate owner. +uid = "clauper" + +# If the supported DN OIDs are not adequate you can set +# any OID here. +# For example set the X.520 Title and the X.520 Pseudonym +# by using OID and string pairs. +dn_oid = 2.5.4.12 Dr. +dn_oid = 2.5.4.65 jackal + +# This is deprecated and should not be used in new +# certificates. +pkcs9_email = "none@none.org" + +# The serial number of the certificate +serial = 7 + +# In how many days, counting from today, this certificate will expire. +expiration_days = 2590 + +# X.509 v3 extensions + +# A dnsname in case of a WWW server. +dns_name = "www.none.org" +dns_name = "www.morethanone.org" + +# An IP address in case of a server. +ip_address = "192.168.1.1" + +dns_name = "www.evenmorethanone.org" + +# An email in case of a person +email = "none@none.org" + +# An URL that has CRLs (certificate revocation lists) +# available. Needed in CA certificates. +crl_dist_points = "http://www.getcrl.crl/getcrl1/" +crl_dist_points = "http://www.getcrl.crl/getcrl2/" +crl_dist_points = "http://www.getcrl.crl/getcrl3/" + +email = "where@none.org" + +# Whether this is a CA certificate or not +ca + +# Whether this certificate will be used for a TLS client +#tls_www_client + +# Whether this certificate will be used for a TLS server +#tls_www_server + +# Whether this certificate will be used to sign data (needed +# in TLS DHE ciphersuites). +signing_key + +# Whether this certificate will be used to encrypt data (needed +# in TLS RSA ciphersuites). Note that it is preferred to use different +# keys for encryption and signing. +#encryption_key + +# Whether this key will be used to sign other certificates. +cert_signing_key + +# Whether this key will be used to sign CRLs. +#crl_signing_key + +# Whether this key will be used to sign code. +#code_signing_key + +# Whether this key will be used to sign OCSP data. +ocsp_signing_key + +# Whether this key will be used for time stamping. +#time_stamping_key + +# Whether this key will be used for IPsec IKE operations. +#ipsec_ike_key diff --git a/tests/cert-tests/templates/template-tlsfeature-crq.tmpl b/tests/cert-tests/templates/template-tlsfeature-crq.tmpl new file mode 100644 index 0000000000..1a41d2dacf --- /dev/null +++ b/tests/cert-tests/templates/template-tlsfeature-crq.tmpl @@ -0,0 +1,23 @@ +# X.509 Certificate options +# +# DN options + +# The organization of the subject. +organization = "Koko inc." + +# The organizational unit of the subject. +unit = "sleeping dept." + +# The locality of the subject. +# locality = + +# The state of the certificate owner. +state = "Attiki" + +# The country of the subject. Two letter code. +country = GR + +# The common name of the certificate owner. +cn = "Cindy Lauper" + +honor_crq_extensions diff --git a/tests/cert-tests/templates/template-tlsfeature.tmpl b/tests/cert-tests/templates/template-tlsfeature.tmpl new file mode 100644 index 0000000000..7a03b49afb --- /dev/null +++ b/tests/cert-tests/templates/template-tlsfeature.tmpl @@ -0,0 +1,102 @@ +# X.509 Certificate options +# +# DN options + +# The organization of the subject. +organization = "Koko inc." + +# The organizational unit of the subject. +unit = "sleeping dept." + +# The locality of the subject. +# locality = + +# The state of the certificate owner. +state = "Attiki" + +# The country of the subject. Two letter code. +country = GR + +# The common name of the certificate owner. +cn = "Cindy Lauper" + +# A user id of the certificate owner. +uid = "clauper" + +tls_feature = 5 +tls_feature = 17 + +# If the supported DN OIDs are not adequate you can set +# any OID here. +# For example set the X.520 Title and the X.520 Pseudonym +# by using OID and string pairs. +dn_oid = 2.5.4.12 Dr. +dn_oid = 2.5.4.65 jackal + +# This is deprecated and should not be used in new +# certificates. +pkcs9_email = "none@none.org" + +# The serial number of the certificate +serial = 7 + +# In how many days, counting from today, this certificate will expire. +expiration_days = 2590 + +# X.509 v3 extensions + +# A dnsname in case of a WWW server. +dns_name = "www.none.org" +dns_name = "www.morethanone.org" + +# An IP address in case of a server. +ip_address = "192.168.1.1" + +dns_name = "www.evenmorethanone.org" + +# An email in case of a person +email = "none@none.org" + +# An URL that has CRLs (certificate revocation lists) +# available. Needed in CA certificates. +crl_dist_points = "http://www.getcrl.crl/getcrl1/" +crl_dist_points = "http://www.getcrl.crl/getcrl2/" +crl_dist_points = "http://www.getcrl.crl/getcrl3/" + +email = "where@none.org" + +# Whether this is a CA certificate or not +ca + +# Whether this certificate will be used for a TLS client +#tls_www_client + +# Whether this certificate will be used for a TLS server +#tls_www_server + +# Whether this certificate will be used to sign data (needed +# in TLS DHE ciphersuites). +signing_key + +# Whether this certificate will be used to encrypt data (needed +# in TLS RSA ciphersuites). Note that it is preferred to use different +# keys for encryption and signing. +#encryption_key + +# Whether this key will be used to sign other certificates. +cert_signing_key + +# Whether this key will be used to sign CRLs. +#crl_signing_key + +# Whether this key will be used to sign code. +#code_signing_key + +# Whether this key will be used to sign OCSP data. +ocsp_signing_key + +# Whether this key will be used for time stamping. +#time_stamping_key + +# Whether this key will be used for IPsec IKE operations. +#ipsec_ike_key diff --git a/tests/cert-tests/templates/template-unique.tmpl b/tests/cert-tests/templates/template-unique.tmpl new file mode 100644 index 0000000000..2fc7101f0c --- /dev/null +++ b/tests/cert-tests/templates/template-unique.tmpl @@ -0,0 +1,70 @@ +# X.509 Certificate options +# +# DN options + +dn = "cn=Nik,st=Attiki,C=GR,surName=Mavrogiannopoulos,2.5.4.9=Arkadias" + +# The serial number of the certificate +serial = 7 + +# In how many days, counting from today, this certificate will expire. +expiration_days = 2590 + +# X.509 v3 extensions + +# A dnsname in case of a WWW server. +dns_name = "www.none.org" +dns_name = "www.morethanone.org" + +# An IP address in case of a server. +ip_address = "192.168.1.1" + +dns_name = "www.evenmorethanone.org" + +# An email in case of a person +email = "none@none.org" + +subject_unique_id = 0015232425 +issuer_unique_id = 11142324251224 + +# An URL that has CRLs (certificate revocation lists) +# available. Needed in CA certificates. +crl_dist_points = "http://www.getcrl.crl/getcrl/" + +email = "where@none.org" + +# Whether this is a CA certificate or not +ca + +# Whether this certificate will be used for a TLS client +#tls_www_client + +# Whether this certificate will be used for a TLS server +#tls_www_server + +# Whether this certificate will be used to sign data (needed +# in TLS DHE ciphersuites). +signing_key + +# Whether this certificate will be used to encrypt data (needed +# in TLS RSA ciphersuites). Note that it is preferred to use different +# keys for encryption and signing. +#encryption_key + +# Whether this key will be used to sign other certificates. +cert_signing_key + +# Whether this key will be used to sign CRLs. +#crl_signing_key + +# Whether this key will be used to sign code. +#code_signing_key + +# Whether this key will be used to sign OCSP data. +ocsp_signing_key + +# Whether this key will be used for time stamping. +#time_stamping_key + +# Whether this key will be used for IPsec IKE operations. +#ipsec_ike_key diff --git a/tests/cert-tests/templates/template-utf8.tmpl b/tests/cert-tests/templates/template-utf8.tmpl new file mode 100644 index 0000000000..3a37da4311 --- /dev/null +++ b/tests/cert-tests/templates/template-utf8.tmpl @@ -0,0 +1,35 @@ +# X.509 Certificate options +# +# DN options + +# The organization of the subject. +organization = "Μεγάλη εταιρία" + +# The name (Koala) +cn = "🐨" + +# The locality of the subject. +# locality = + +# The state of the certificate owner. +state = "Αττική" + +# The country of the subject. Two letter code. +country = GR + +# The serial number of the certificate +serial = 009 + +# Certificate policies +policy1 = 1.3.6.1.4.1.5484.1.10.99.1.0 +policy1_txt = "Μια πολιτική που θέλει διάβασμα" +policy1_url = http://www.example.com/a-policy-to-read + +policy2 = 1.3.6.1.4.1.5484.1.10.99.1.1 +policy2_txt = "Another policy" +policy2_url = http://www.example.com/another-policy-to-read + +policy3 = 1.3.6.1.4.1.5484.1.10.99.1.2 +policy3_txt = "More policies" +policy3_url = http://example.com/a-policy-to-read + |