| OLD | NEW |
|---|
| (Empty) |
| 1 This directory contains various certificates for use with SSL-related | |
| 2 unit tests. | |
| 3 | |
| 4 ===== Real-world certificates that need manual updating | |
| 5 - google.binary.p7b | |
| 6 - google.chain.pem | |
| 7 - google.pem_cert.p7b | |
| 8 - google.pem_pkcs7.p7b | |
| 9 - google.pkcs7.p7b | |
| 10 - google.single.der | |
| 11 - google.single.pem | |
| 12 - thawte.single.pem : Certificates for testing parsing of different formats. | |
| 13 | |
| 14 - googlenew.chain.pem : The refreshed Google certificate | |
| 15 (valid until Sept 30 2013). | |
| 16 | |
| 17 - mit.davidben.der : An expired MIT client certificate. | |
| 18 | |
| 19 - foaf.me.chromium-test-cert.der : A client certificate for a FOAF.ME identity | |
| 20 created for testing. | |
| 21 | |
| 22 - www_us_army_mil_cert.der | |
| 23 - dod_ca_17_cert.der | |
| 24 - dod_root_ca_2_cert.der : | |
| 25 A certificate chain used for testing certificate imports | |
| 26 | |
| 27 - unosoft_hu_cert : Certificate used by X509CertificateTest.UnoSoftCertParsing. | |
| 28 | |
| 29 - google_diginotar.pem | |
| 30 - diginotar_public_ca_2025.pem : A certificate chain for the regression test | |
| 31 of http://crbug.com/94673 | |
| 32 | |
| 33 - salesforce_com_test.pem | |
| 34 - verisign_intermediate_ca_2011.pem | |
| 35 - verisign_intermediate_ca_2016.pem : Certificates for testing two | |
| 36 X509Certificate objects that contain the same server certificate but | |
| 37 different intermediate CA certificates. The two intermediate CA | |
| 38 certificates actually represent the same intermediate CA but have | |
| 39 different validity periods. | |
| 40 | |
| 41 - cybertrust_gte_root.pem | |
| 42 - cybertrust_baltimore_root.pem | |
| 43 - cybertrust_omniroot_chain.pem | |
| 44 - cybertrust_baltimore_cross_certified_1.pem | |
| 45 - cybertrust_baltimore_cross_certified_2.pem | |
| 46 These certificates are reflect a portion of the CyberTrust (Verizon | |
| 47 Business) CA hierarchy. _gte_root.pem is a legacy 1024-bit root that is | |
| 48 still widely supported, while _baltimore_root.pem reflects the newer | |
| 49 2048-bit root. For clients that only support the GTE root, two versions | |
| 50 of the Baltimore root were cross-signed by GTE, namely | |
| 51 _cross_certified_[1,2].pem. _omniroot_chain.pem contains a certificate | |
| 52 chain that was issued under the Baltimore root. Combined, these | |
| 53 certificates can be used to test real-world cross-signing; in practice, | |
| 54 they are used to test certain workarounds for OS X's chain building code. | |
| 55 | |
| 56 - ndn.ca.crt: "New Dream Network Certificate Authority" root certificate. | |
| 57 This is an X.509 v1 certificate that omits the version field. Used to | |
| 58 test that the certificate version gets the default value v1. | |
| 59 | |
| 60 - ct-test-embedded-cert.pem | |
| 61 - ct-test-embedded-with-intermediate-chain.pem | |
| 62 - ct-test-embedded-with-intermediate-preca-chain.pem | |
| 63 - ct-test-embedded-with-preca-chain.pem | |
| 64 Test certificate chains for Certificate Transparency: Each of these | |
| 65 files contains a leaf certificate as the first certificate, which has | |
| 66 embedded SCTs, followed by the issuer certificates chain. | |
| 67 All files are from the src/test/testdada directory in | |
| 68 https://code.google.com/p/certificate-transparency/ | |
| 69 | |
| 70 - comodo.chain.pem : A certificate chain for www.comodo.com which should be | |
| 71 recognised as EV. Expires Jun 20 2015. | |
| 72 | |
| 73 - twitter-chain.pem : A certificate chain for twitter.com which should be | |
| 74 valid. Expires May 9 2016. | |
| 75 | |
| 76 ===== Manually generated certificates | |
| 77 - client.p12 : A PKCS #12 file containing a client certificate and a private | |
| 78 key created for testing. The password is "12345". | |
| 79 | |
| 80 - client-nokey.p12 : A PKCS #12 file containing a client certificate (the same | |
| 81 as the one in client.p12) but no private key. The password is "12345". | |
| 82 | |
| 83 - unittest.selfsigned.der : A self-signed certificate generated using private | |
| 84 key in unittest.key.bin. The common name is "unittest". | |
| 85 | |
| 86 - unittest.key.bin : private key stored unencrypted. | |
| 87 | |
| 88 - unittest.originbound.der: A test origin-bound certificate for | |
| 89 https://www.google.com:443. | |
| 90 - unittest.originbound.key.der: matching PrivateKeyInfo. | |
| 91 | |
| 92 - x509_verify_results.chain.pem : A simple certificate chain used to test that | |
| 93 the correctly ordered, filtered certificate chain is returned during | |
| 94 verification, regardless of the order in which the intermediate/root CA | |
| 95 certificates are provided. | |
| 96 | |
| 97 - test_mail_google_com.pem : A certificate signed by the test CA for | |
| 98 "mail.google.com". Because it is signed by that CA instead of the true CA | |
| 99 for that host, it will fail the | |
| 100 TransportSecurityState::IsChainOfPublicKeysPermitted test. | |
| 101 | |
| 102 - multivalue_rdn.pem : A regression test for http://crbug.com/101009. A | |
| 103 certificate with all of the AttributeTypeAndValues stored within a single | |
| 104 RelativeDistinguishedName, rather than one AVA per RDN as normally seen. | |
| 105 | |
| 106 - unescaped.pem : Regression test for http://crbug.com/102839. Contains | |
| 107 characters such as '=' and '"' that would normally be escaped when | |
| 108 converting a subject/issuer name to their stringized form. | |
| 109 | |
| 110 - ocsp-test-root.pem : A root certificate for the code in | |
| 111 net/tools/testserver/minica.py | |
| 112 | |
| 113 - websocket_cacert.pem : The testing root CA for testing WebSocket client | |
| 114 certificate authentication. | |
| 115 This file is used in SSLUITest.TestWSSClientCert. | |
| 116 | |
| 117 - websocket_client_cert.p12 : A PKCS #12 file containing a client certificate | |
| 118 and a private key created for WebSocket testing. The password is "". | |
| 119 This file is used in SSLUITest.TestWSSClientCert. | |
| 120 | |
| 121 - no_subject_common_name_cert.pem: Used to test the function that generates a | |
| 122 NSS certificate nickname for a user certificate. This certificate's Subject | |
| 123 field doesn't have a common name. | |
| 124 | |
| 125 - quic_intermediate.crt | |
| 126 - quic_test_ecc.example.com.crt | |
| 127 - quic_test.example.com.crt | |
| 128 - quic_root.crt | |
| 129 These certificates are used by the ProofVerifier's unit tests of QUIC. | |
| 130 | |
| 131 ===== From net/data/ssl/scripts/generate-test-certs.sh | |
| 132 - expired_cert.pem | |
| 133 - ok_cert.pem | |
| 134 - root_ca_cert.pem | |
| 135 These certificates are the common certificates used by the Python test | |
| 136 server for simulating HTTPS connections. | |
| 137 | |
| 138 - name_constraint_bad.pem | |
| 139 - name_constraint_good.pem | |
| 140 Two certificates used to test the built-in ability to restrict a root to | |
| 141 a particular namespace. | |
| 142 | |
| 143 - sha256.pem: Used to test the handling of SHA-256 certs on Windows. | |
| 144 | |
| 145 - spdy_pooling.pem : Used to test the handling of spdy IP connection pooling | |
| 146 | |
| 147 - subjectAltName_sanity_check.pem : Used to test the handling of various types | |
| 148 within the subjectAltName extension of a certificate. | |
| 149 | |
| 150 - punycodetest.pem : A test self-signed server certificate with punycode name. | |
| 151 The common name is "xn--wgv71a119e.com" (日本語.com) | |
| 152 | |
| 153 - 10_year_validity.pem | |
| 154 - 11_year_validity.pem | |
| 155 - 39_months_after_2015_04.pem | |
| 156 - 40_months_after_2015_04.pem | |
| 157 - 60_months_after_2012_07.pem | |
| 158 - 61_months_after_2012_07.pem | |
| 159 - pre_br_validity_bad_121.pem | |
| 160 - pre_br_validity_bad_2020.pem | |
| 161 - pre_br_validity_ok.pem | |
| 162 - start_after_expiry.pem | |
| 163 Certs to test that the maximum validity durations set by the CA/Browser | |
| 164 Forum Baseline Requirements are enforced. | |
| 165 | |
| 166 - reject_intranet_hosts.pem | |
| 167 A certificate with a non-IANA delegated domain, which is rejected since a CA | |
| 168 cannot validate the applicant controls that domain. | |
| 169 | |
| 170 ===== From net/data/ssl/scripts/generate-weak-test-chains.sh | |
| 171 - 2048-rsa-root.pem | |
| 172 - {768-rsa,1024-rsa,2048-rsa,prime256v1-ecdsa}-intermediate.pem | |
| 173 - {768-rsa,1024-rsa,2048-rsa,prime256v1-ecdsa}-ee-by- | |
| 174 {768-rsa,1024-rsa,2048-rsa,prime256v1-ecdsa}-intermediate.pem | |
| 175 Test certificates used to ensure that weak keys are detected and rejected | |
| 176 | |
| 177 ===== From net/data/ssl/scripts/generate-cross-signed-certs.sh | |
| 178 - cross-signed-leaf.pem | |
| 179 - cross-signed-root-md5.pem | |
| 180 - cross-signed-root-sha1.pem | |
| 181 A certificate chain for regression testing http://crbug.com/108514 | |
| 182 | |
| 183 ===== From net/data/ssl/scripts/generate-redundant-test-chains.sh | |
| 184 - redundant-validated-chain.pem | |
| 185 - redundant-server-chain.pem | |
| 186 - redundant-validated-chain-root.pem | |
| 187 | |
| 188 Two chains, A -> B -> C -> D and A -> B -> C2 (C and C2 share the same | |
| 189 public key) to test that SSLInfo gets the reconstructed, re-ordered | |
| 190 chain instead of the chain as served. See | |
| 191 SSLClientSocketTest.VerifyReturnChainProperlyOrdered in | |
| 192 net/socket/ssl_client_socket_unittest.cc. These chains are valid until | |
| 193 26 Feb 2022 and are generated by | |
| 194 net/data/ssl/scripts/generate-redundant-test-chains.sh. | |
| 195 | |
| 196 ===== From net/data/ssl/scripts/generate-policy-certs.sh | |
| 197 - explicit-policy-chain.pem | |
| 198 A test certificate chain with requireExplicitPolicy field set on the | |
| 199 intermediate, with SkipCerts=0. This is used for regression testing | |
| 200 http://crbug.com/31497. | |
| 201 | |
| 202 ===== From net/data/ssl/scripts/generate-client-certificates.sh | |
| 203 - client_1.pem | |
| 204 - client_1.key | |
| 205 - client_1.pk8 | |
| 206 - client_1_ca.pem | |
| 207 - client_2.pem | |
| 208 - client_2.key | |
| 209 - client_2.pk8 | |
| 210 - client_2_ca.pem | |
| 211 This is a set of files used to unit test SSL client certificate | |
| 212 authentication. | |
| 213 - client_1_ca.pem and client_2_ca.pem are the certificates of | |
| 214 two distinct signing CAs. | |
| 215 - client_1.pem and client_1.key correspond to the certificate and | |
| 216 private key for a first certificate signed by client_1_ca.pem. | |
| 217 - client_2.pem and client_2.key correspond to the certificate and | |
| 218 private key for a second certificate signed by client_2_ca.pem. | |
| 219 - each .pk8 file contains the same key as the corresponding .key file | |
| 220 as PKCS#8 PrivateKeyInfo in DER encoding. | |
| 221 | |
| 222 ===== From net/data/ssl/scripts/generate-android-test-key.sh | |
| 223 - android-test-key-rsa.pem | |
| 224 - android-test-key-dsa.pem | |
| 225 - android-test-key-dsa-public.pem | |
| 226 - android-test-key-ecdsa.pem | |
| 227 - android-test-key-ecdsa-public.pem | |
| 228 This is a set of test RSA/DSA/ECDSA keys used by the Android-specific | |
| 229 unit test in net/android/keystore_unittest.c. They are used to verify | |
| 230 that the OpenSSL-specific wrapper for platform PrivateKey objects | |
| 231 works properly. See the generate-android-test-keys.sh script. | |
| 232 | |
| 233 ===== From net/data/ssl/scripts/generate-bad-eku-certs.sh | |
| 234 - eku-test-root.pem | |
| 235 - non-crit-codeSigning-chain.pem | |
| 236 - crit-codeSigning-chain.pem | |
| 237 Two code-signing certificates (eKU: codeSigning; eKU: critical, | |
| 238 codeSigning) which we use to test that clients are making sure that web | |
| 239 server certs are checked for correct eKU fields (when an eKU field is | |
| 240 present). Since codeSigning is not valid for web server auth, the checks | |
| 241 should fail. | |
| 242 | |
| 243 ===== From net/data/ssl/scripts/generate-multi-root-test-chains.sh | |
| 244 - multi-root-chain1.pem | |
| 245 - multi-root-chain2.pem | |
| 246 Two chains, A -> B -> C -> D and A -> B -> C2 -> E (C and C2 share the | |
| 247 same public key) to test that certificate validation caching does not | |
| 248 interfere with the chain_verify_callback used by CertVerifyProcChromeOS. | |
| 249 See CertVerifyProcChromeOSTest. | |
| 250 | |
| 251 ===== From net/data/ssl/scripts/generate-duplicate-cn-certs.sh | |
| 252 - duplicate_cn_1.p12 | |
| 253 - duplicate_cn_1.pem | |
| 254 - duplicate_cn_2.p12 | |
| 255 - duplicate_cn_2.pem | |
| 256 Two certificates from the same issuer that share the same common name, | |
| 257 but have distinct subject names (namely, their O fields differ). NSS | |
| 258 requires that certificates have unique nicknames if they do not share the | |
| 259 same subject, and these certificates are used to test that the nickname | |
| 260 generation algorithm generates unique nicknames. | |
| 261 The .pem versions contain just the certs, while the .p12 versions contain | |
| 262 both the cert and a private key, since there are multiple ways to import | |
| 263 certificates into NSS. | |
| 264 | |
| 265 ===== From net/data/ssl/scripts/generate-aia-certs.sh | |
| 266 - aia-cert.pem | |
| 267 - aia-intermediate.der | |
| 268 - aia-root.pem | |
| 269 A certificate chain which we use to ensure AIA fetching works correctly | |
| 270 when using NSS to verify certificates (which uses our HTTP stack). | |
| 271 aia-cert.pem has a caIssuers that points to "aia-test.invalid" as the URL | |
| 272 containing the intermediate, which can be served via a URLRequestFilter. | |
| 273 aia-intermediate.der is stored in DER form for convenience, since that is | |
| 274 the form expected of certificates discovered via AIA. | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 992733002:
Remove //net (except for Android test stuff) and sdch (Closed)
Base URL: git@github.com:domokit/mojo.git@master