OLD | NEW |
1 This directory contains various certificates for use with SSL-related | 1 This directory contains various certificates for use with SSL-related |
2 unit tests. | 2 unit tests. |
3 | 3 |
4 ===== Real-world certificates that need manual updating | 4 ===== Real-world certificates that need manual updating |
5 - google.binary.p7b | 5 - google.binary.p7b |
6 - google.chain.pem | 6 - google.chain.pem |
7 - google.pem_cert.p7b | 7 - google.pem_cert.p7b |
8 - google.pem_pkcs7.p7b | 8 - google.pem_pkcs7.p7b |
9 - google.pkcs7.p7b | 9 - google.pkcs7.p7b |
10 - google.single.der | 10 - google.single.der |
(...skipping 52 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
63 - ct-test-embedded-with-preca-chain.pem | 63 - ct-test-embedded-with-preca-chain.pem |
64 Test certificate chains for Certificate Transparency: Each of these | 64 Test certificate chains for Certificate Transparency: Each of these |
65 files contains a leaf certificate as the first certificate, which has | 65 files contains a leaf certificate as the first certificate, which has |
66 embedded SCTs, followed by the issuer certificates chain. | 66 embedded SCTs, followed by the issuer certificates chain. |
67 All files are from the src/test/testdada directory in | 67 All files are from the src/test/testdada directory in |
68 https://code.google.com/p/certificate-transparency/ | 68 https://code.google.com/p/certificate-transparency/ |
69 | 69 |
70 - comodo.chain.pem : A certificate chain for www.comodo.com which should be | 70 - comodo.chain.pem : A certificate chain for www.comodo.com which should be |
71 recognised as EV. Expires Jun 20 2015. | 71 recognised as EV. Expires Jun 20 2015. |
72 | 72 |
| 73 - twitter-chain.pem : A certificate chain for twitter.com which should be |
| 74 valid. Expires May 9 2016. |
| 75 |
73 ===== Manually generated certificates | 76 ===== Manually generated certificates |
74 - client.p12 : A PKCS #12 file containing a client certificate and a private | 77 - client.p12 : A PKCS #12 file containing a client certificate and a private |
75 key created for testing. The password is "12345". | 78 key created for testing. The password is "12345". |
76 | 79 |
77 - client-nokey.p12 : A PKCS #12 file containing a client certificate (the same | 80 - client-nokey.p12 : A PKCS #12 file containing a client certificate (the same |
78 as the one in client.p12) but no private key. The password is "12345". | 81 as the one in client.p12) but no private key. The password is "12345". |
79 | 82 |
80 - unittest.selfsigned.der : A self-signed certificate generated using private | 83 - unittest.selfsigned.der : A self-signed certificate generated using private |
81 key in unittest.key.bin. The common name is "unittest". | 84 key in unittest.key.bin. The common name is "unittest". |
82 | 85 |
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
122 - quic_intermediate.crt | 125 - quic_intermediate.crt |
123 - quic_test_ecc.example.com.crt | 126 - quic_test_ecc.example.com.crt |
124 - quic_test.example.com.crt | 127 - quic_test.example.com.crt |
125 - quic_root.crt | 128 - quic_root.crt |
126 These certificates are used by the ProofVerifier's unit tests of QUIC. | 129 These certificates are used by the ProofVerifier's unit tests of QUIC. |
127 | 130 |
128 ===== From net/data/ssl/scripts/generate-test-certs.sh | 131 ===== From net/data/ssl/scripts/generate-test-certs.sh |
129 - expired_cert.pem | 132 - expired_cert.pem |
130 - ok_cert.pem | 133 - ok_cert.pem |
131 - root_ca_cert.pem | 134 - root_ca_cert.pem |
132 These certificates are the common certificates used by the Python test | 135 These certificates are the common certificates used by the Python test |
133 server for simulating HTTPS connections. | 136 server for simulating HTTPS connections. |
134 | 137 |
135 - name_constraint_bad.pem | 138 - name_constraint_bad.pem |
136 - name_constraint_good.pem | 139 - name_constraint_good.pem |
137 Two certificates used to test the built-in ability to restrict a root to | 140 Two certificates used to test the built-in ability to restrict a root to |
138 a particular namespace. | 141 a particular namespace. |
139 | 142 |
140 - sha256.pem: Used to test the handling of SHA-256 certs on Windows. | 143 - sha256.pem: Used to test the handling of SHA-256 certs on Windows. |
141 | 144 |
142 - spdy_pooling.pem : Used to test the handling of spdy IP connection pooling | 145 - spdy_pooling.pem : Used to test the handling of spdy IP connection pooling |
143 | 146 |
144 - subjectAltName_sanity_check.pem : Used to test the handling of various types | 147 - subjectAltName_sanity_check.pem : Used to test the handling of various types |
145 within the subjectAltName extension of a certificate. | 148 within the subjectAltName extension of a certificate. |
146 | 149 |
147 - punycodetest.pem : A test self-signed server certificate with punycode name. | 150 - punycodetest.pem : A test self-signed server certificate with punycode name. |
148 The common name is "xn--wgv71a119e.com" (日本語.com) | 151 The common name is "xn--wgv71a119e.com" (日本語.com) |
149 | 152 |
| 153 - 10_year_validity.pem |
| 154 - 11_year_validity.pem |
| 155 - 39_months_after_2015_04.pem |
| 156 - 40_months_after_2015_04.pem |
| 157 - 60_months_after_2012_07.pem |
| 158 - 61_months_after_2012_07.pem |
| 159 - pre_br_validity_bad_121.pem |
| 160 - pre_br_validity_bad_2020.pem |
| 161 - pre_br_validity_ok.pem |
| 162 - start_after_expiry.pem |
| 163 Certs to test that the maximum validity durations set by the CA/Browser |
| 164 Forum Baseline Requirements are enforced. |
| 165 |
| 166 - reject_intranet_hosts.pem |
| 167 A certificate with a non-IANA delegated domain, which is rejected since a CA |
| 168 cannot validate the applicant controls that domain. |
| 169 |
150 ===== From net/data/ssl/scripts/generate-weak-test-chains.sh | 170 ===== From net/data/ssl/scripts/generate-weak-test-chains.sh |
151 - 2048-rsa-root.pem | 171 - 2048-rsa-root.pem |
152 - {768-rsa,1024-rsa,2048-rsa,prime256v1-ecdsa}-intermediate.pem | 172 - {768-rsa,1024-rsa,2048-rsa,prime256v1-ecdsa}-intermediate.pem |
153 - {768-rsa,1024-rsa,2048-rsa,prime256v1-ecdsa}-ee-by- | 173 - {768-rsa,1024-rsa,2048-rsa,prime256v1-ecdsa}-ee-by- |
154 {768-rsa,1024-rsa,2048-rsa,prime256v1-ecdsa}-intermediate.pem | 174 {768-rsa,1024-rsa,2048-rsa,prime256v1-ecdsa}-intermediate.pem |
155 Test certificates used to ensure that weak keys are detected and rejected | 175 Test certificates used to ensure that weak keys are detected and rejected |
156 | 176 |
157 ===== From net/data/ssl/scripts/generate-cross-signed-certs.sh | 177 ===== From net/data/ssl/scripts/generate-cross-signed-certs.sh |
158 - cross-signed-leaf.pem | 178 - cross-signed-leaf.pem |
159 - cross-signed-root-md5.pem | 179 - cross-signed-root-md5.pem |
(...skipping 85 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
245 ===== From net/data/ssl/scripts/generate-aia-certs.sh | 265 ===== From net/data/ssl/scripts/generate-aia-certs.sh |
246 - aia-cert.pem | 266 - aia-cert.pem |
247 - aia-intermediate.der | 267 - aia-intermediate.der |
248 - aia-root.pem | 268 - aia-root.pem |
249 A certificate chain which we use to ensure AIA fetching works correctly | 269 A certificate chain which we use to ensure AIA fetching works correctly |
250 when using NSS to verify certificates (which uses our HTTP stack). | 270 when using NSS to verify certificates (which uses our HTTP stack). |
251 aia-cert.pem has a caIssuers that points to "aia-test.invalid" as the URL | 271 aia-cert.pem has a caIssuers that points to "aia-test.invalid" as the URL |
252 containing the intermediate, which can be served via a URLRequestFilter. | 272 containing the intermediate, which can be served via a URLRequestFilter. |
253 aia-intermediate.der is stored in DER form for convenience, since that is | 273 aia-intermediate.der is stored in DER form for convenience, since that is |
254 the form expected of certificates discovered via AIA. | 274 the form expected of certificates discovered via AIA. |
255 | |
256 | |
OLD | NEW |