| OLD | NEW |
|---|
| 1 This directory contains various certificates for use with SSL-related | 1 This directory contains various certificates for use with SSL-related |
| 2 unit tests. | 2 unit tests. |
| 3 | 3 |
| 4 ===== Real-world certificates that need manual updating | 4 ===== Real-world certificates that need manual updating |
| 5 - google.binary.p7b | 5 - google.binary.p7b |
| 6 - google.chain.pem | 6 - google.chain.pem |
| 7 - google.pem_cert.p7b | 7 - google.pem_cert.p7b |
| 8 - google.pem_pkcs7.p7b | 8 - google.pem_pkcs7.p7b |
| 9 - google.pkcs7.p7b | 9 - google.pkcs7.p7b |
| 10 - google.single.der | 10 - google.single.der |
| (...skipping 111 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 122 - quic_intermediate.crt | 122 - quic_intermediate.crt |
| 123 - quic_test_ecc.example.com.crt | 123 - quic_test_ecc.example.com.crt |
| 124 - quic_test.example.com.crt | 124 - quic_test.example.com.crt |
| 125 - quic_root.crt | 125 - quic_root.crt |
| 126 These certificates are used by the ProofVerifier's unit tests of QUIC. | 126 These certificates are used by the ProofVerifier's unit tests of QUIC. |
| 127 | 127 |
| 128 ===== From net/data/ssl/scripts/generate-test-certs.sh | 128 ===== From net/data/ssl/scripts/generate-test-certs.sh |
| 129 - expired_cert.pem | 129 - expired_cert.pem |
| 130 - ok_cert.pem | 130 - ok_cert.pem |
| 131 - root_ca_cert.pem | 131 - root_ca_cert.pem |
| 132 These certificates are the common certificates used by the Python test | 132 These certificates are the common certificates used by the Python test |
| 133 server for simulating HTTPS connections. | 133 server for simulating HTTPS connections. |
| 134 | 134 |
| 135 - name_constraint_bad.pem | 135 - name_constraint_bad.pem |
| 136 - name_constraint_good.pem | 136 - name_constraint_good.pem |
| 137 Two certificates used to test the built-in ability to restrict a root to | 137 Two certificates used to test the built-in ability to restrict a root to |
| 138 a particular namespace. | 138 a particular namespace. |
| 139 | 139 |
| 140 - sha256.pem: Used to test the handling of SHA-256 certs on Windows. | 140 - sha256.pem: Used to test the handling of SHA-256 certs on Windows. |
| 141 | 141 |
| 142 - spdy_pooling.pem : Used to test the handling of spdy IP connection pooling | 142 - spdy_pooling.pem : Used to test the handling of spdy IP connection pooling |
| 143 | 143 |
| 144 - subjectAltName_sanity_check.pem : Used to test the handling of various types | 144 - subjectAltName_sanity_check.pem : Used to test the handling of various types |
| 145 within the subjectAltName extension of a certificate. | 145 within the subjectAltName extension of a certificate. |
| 146 | 146 |
| 147 - punycodetest.pem : A test self-signed server certificate with punycode name. | 147 - punycodetest.pem : A test self-signed server certificate with punycode name. |
| 148 The common name is "xn--wgv71a119e.com" (日本語.com) | 148 The common name is "xn--wgv71a119e.com" (日本語.com) |
| 149 | 149 |
| 150 - 40_months_after_2015_04.pem |
| 151 - 61_months_after_2012_07.pem |
| 152 - 11_year_validity.pem |
| 153 Certs to test that the maximum validity durations set by the CA/Browser |
| 154 Forum Baseline Requirements are enforced. |
| 155 |
| 150 ===== From net/data/ssl/scripts/generate-weak-test-chains.sh | 156 ===== From net/data/ssl/scripts/generate-weak-test-chains.sh |
| 151 - 2048-rsa-root.pem | 157 - 2048-rsa-root.pem |
| 152 - {768-rsa,1024-rsa,2048-rsa,prime256v1-ecdsa}-intermediate.pem | 158 - {768-rsa,1024-rsa,2048-rsa,prime256v1-ecdsa}-intermediate.pem |
| 153 - {768-rsa,1024-rsa,2048-rsa,prime256v1-ecdsa}-ee-by- | 159 - {768-rsa,1024-rsa,2048-rsa,prime256v1-ecdsa}-ee-by- |
| 154 {768-rsa,1024-rsa,2048-rsa,prime256v1-ecdsa}-intermediate.pem | 160 {768-rsa,1024-rsa,2048-rsa,prime256v1-ecdsa}-intermediate.pem |
| 155 Test certificates used to ensure that weak keys are detected and rejected | 161 Test certificates used to ensure that weak keys are detected and rejected |
| 156 | 162 |
| 157 ===== From net/data/ssl/scripts/generate-cross-signed-certs.sh | 163 ===== From net/data/ssl/scripts/generate-cross-signed-certs.sh |
| 158 - cross-signed-leaf.pem | 164 - cross-signed-leaf.pem |
| 159 - cross-signed-root-md5.pem | 165 - cross-signed-root-md5.pem |
| (...skipping 85 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 245 ===== From net/data/ssl/scripts/generate-aia-certs.sh | 251 ===== From net/data/ssl/scripts/generate-aia-certs.sh |
| 246 - aia-cert.pem | 252 - aia-cert.pem |
| 247 - aia-intermediate.der | 253 - aia-intermediate.der |
| 248 - aia-root.pem | 254 - aia-root.pem |
| 249 A certificate chain which we use to ensure AIA fetching works correctly | 255 A certificate chain which we use to ensure AIA fetching works correctly |
| 250 when using NSS to verify certificates (which uses our HTTP stack). | 256 when using NSS to verify certificates (which uses our HTTP stack). |
| 251 aia-cert.pem has a caIssuers that points to "aia-test.invalid" as the URL | 257 aia-cert.pem has a caIssuers that points to "aia-test.invalid" as the URL |
| 252 containing the intermediate, which can be served via a URLRequestFilter. | 258 containing the intermediate, which can be served via a URLRequestFilter. |
| 253 aia-intermediate.der is stored in DER form for convenience, since that is | 259 aia-intermediate.der is stored in DER form for convenience, since that is |
| 254 the form expected of certificates discovered via AIA. | 260 the form expected of certificates discovered via AIA. |
| 255 | |
| 256 | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 20628006:
Reject certificates that are valid for too long. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src