Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(175)

Side by Side Diff: net/data/ssl/certificates/README

Issue 20628006: Reject certificates that are valid for too long. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Don't use arithmetic expressions in shell script. Created 6 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
1 This directory contains various certificates for use with SSL-related 1 This directory contains various certificates for use with SSL-related
2 unit tests. 2 unit tests.
3 3
4 ===== Real-world certificates that need manual updating 4 ===== Real-world certificates that need manual updating
5 - google.binary.p7b 5 - google.binary.p7b
6 - google.chain.pem 6 - google.chain.pem
7 - google.pem_cert.p7b 7 - google.pem_cert.p7b
8 - google.pem_pkcs7.p7b 8 - google.pem_pkcs7.p7b
9 - google.pkcs7.p7b 9 - google.pkcs7.p7b
10 - google.single.der 10 - google.single.der
(...skipping 111 matching lines...) Expand 10 before | Expand all | Expand 10 after
122 - quic_intermediate.crt 122 - quic_intermediate.crt
123 - quic_test_ecc.example.com.crt 123 - quic_test_ecc.example.com.crt
124 - quic_test.example.com.crt 124 - quic_test.example.com.crt
125 - quic_root.crt 125 - quic_root.crt
126 These certificates are used by the ProofVerifier's unit tests of QUIC. 126 These certificates are used by the ProofVerifier's unit tests of QUIC.
127 127
128 ===== From net/data/ssl/scripts/generate-test-certs.sh 128 ===== From net/data/ssl/scripts/generate-test-certs.sh
129 - expired_cert.pem 129 - expired_cert.pem
130 - ok_cert.pem 130 - ok_cert.pem
131 - root_ca_cert.pem 131 - root_ca_cert.pem
132 These certificates are the common certificates used by the Python test 132 These certificates are the common certificates used by the Python test
133 server for simulating HTTPS connections. 133 server for simulating HTTPS connections.
134 134
135 - name_constraint_bad.pem 135 - name_constraint_bad.pem
136 - name_constraint_good.pem 136 - name_constraint_good.pem
137 Two certificates used to test the built-in ability to restrict a root to 137 Two certificates used to test the built-in ability to restrict a root to
138 a particular namespace. 138 a particular namespace.
139 139
140 - sha256.pem: Used to test the handling of SHA-256 certs on Windows. 140 - sha256.pem: Used to test the handling of SHA-256 certs on Windows.
141 141
142 - spdy_pooling.pem : Used to test the handling of spdy IP connection pooling 142 - spdy_pooling.pem : Used to test the handling of spdy IP connection pooling
143 143
144 - subjectAltName_sanity_check.pem : Used to test the handling of various types 144 - subjectAltName_sanity_check.pem : Used to test the handling of various types
145 within the subjectAltName extension of a certificate. 145 within the subjectAltName extension of a certificate.
146 146
147 - punycodetest.pem : A test self-signed server certificate with punycode name. 147 - punycodetest.pem : A test self-signed server certificate with punycode name.
148 The common name is "xn--wgv71a119e.com" (日本語.com) 148 The common name is "xn--wgv71a119e.com" (日本語.com)
149 149
150 - 40_months_after_2015_04.pem
151 - 61_months_after_2012_07.pem
152 - 11_year_validity.pem
153 Certs to test that the maximum validity durations set by the CA/Browser
154 Forum Baseline Requirements are enforced.
155
150 ===== From net/data/ssl/scripts/generate-weak-test-chains.sh 156 ===== From net/data/ssl/scripts/generate-weak-test-chains.sh
151 - 2048-rsa-root.pem 157 - 2048-rsa-root.pem
152 - {768-rsa,1024-rsa,2048-rsa,prime256v1-ecdsa}-intermediate.pem 158 - {768-rsa,1024-rsa,2048-rsa,prime256v1-ecdsa}-intermediate.pem
153 - {768-rsa,1024-rsa,2048-rsa,prime256v1-ecdsa}-ee-by- 159 - {768-rsa,1024-rsa,2048-rsa,prime256v1-ecdsa}-ee-by-
154 {768-rsa,1024-rsa,2048-rsa,prime256v1-ecdsa}-intermediate.pem 160 {768-rsa,1024-rsa,2048-rsa,prime256v1-ecdsa}-intermediate.pem
155 Test certificates used to ensure that weak keys are detected and rejected 161 Test certificates used to ensure that weak keys are detected and rejected
156 162
157 ===== From net/data/ssl/scripts/generate-cross-signed-certs.sh 163 ===== From net/data/ssl/scripts/generate-cross-signed-certs.sh
158 - cross-signed-leaf.pem 164 - cross-signed-leaf.pem
159 - cross-signed-root-md5.pem 165 - cross-signed-root-md5.pem
(...skipping 85 matching lines...) Expand 10 before | Expand all | Expand 10 after
245 ===== From net/data/ssl/scripts/generate-aia-certs.sh 251 ===== From net/data/ssl/scripts/generate-aia-certs.sh
246 - aia-cert.pem 252 - aia-cert.pem
247 - aia-intermediate.der 253 - aia-intermediate.der
248 - aia-root.pem 254 - aia-root.pem
249 A certificate chain which we use to ensure AIA fetching works correctly 255 A certificate chain which we use to ensure AIA fetching works correctly
250 when using NSS to verify certificates (which uses our HTTP stack). 256 when using NSS to verify certificates (which uses our HTTP stack).
251 aia-cert.pem has a caIssuers that points to "aia-test.invalid" as the URL 257 aia-cert.pem has a caIssuers that points to "aia-test.invalid" as the URL
252 containing the intermediate, which can be served via a URLRequestFilter. 258 containing the intermediate, which can be served via a URLRequestFilter.
253 aia-intermediate.der is stored in DER form for convenience, since that is 259 aia-intermediate.der is stored in DER form for convenience, since that is
254 the form expected of certificates discovered via AIA. 260 the form expected of certificates discovered via AIA.
255
256
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698