Mark Radbourne
mbed TLS Build
Dependents: Encrypt_Decrypt1 mbed_blink_tls encrypt encrypt
tests/data_files/dir4/Readme@0:cdf462088d13, 2017-01-05 (annotated)
- Committer:
- markrad
- Date:
- Thu Jan 05 00:18:44 2017 +0000
- Revision:
- 0:cdf462088d13
Initial commit
Who changed what in which revision?
| User | Revision | Line number | New contents of line |
|---|---|---|---|
| markrad | 0:cdf462088d13 | 1 | This directory contains the certificates for the tests targeting the enforcement of the policy indicated by the *pathLenConstraint* field. All leaf elements were generated with *is_ca* unset and all roots with the *selfsign=1* option. |
| markrad | 0:cdf462088d13 | 2 | |
| markrad | 0:cdf462088d13 | 3 | 1. zero pathlen constraint on an intermediate CA (invalid) |
| markrad | 0:cdf462088d13 | 4 | ``` |
| markrad | 0:cdf462088d13 | 5 | cert11.crt -> cert12.crt (max_pathlen=0) -> cert13.crt -> cert14.crt |
| markrad | 0:cdf462088d13 | 6 | ``` |
| markrad | 0:cdf462088d13 | 7 | |
| markrad | 0:cdf462088d13 | 8 | 2. zero pathlen constraint on the root CA (invalid) |
| markrad | 0:cdf462088d13 | 9 | ``` |
| markrad | 0:cdf462088d13 | 10 | cert21.crt (max_pathlen=0) -> cert22.crt -> cert23.crt |
| markrad | 0:cdf462088d13 | 11 | ``` |
| markrad | 0:cdf462088d13 | 12 | |
| markrad | 0:cdf462088d13 | 13 | 3. nonzero pathlen constraint on the root CA (invalid) |
| markrad | 0:cdf462088d13 | 14 | ``` |
| markrad | 0:cdf462088d13 | 15 | cert31.crt (max_pathlen=1) -> cert32.crt -> cert33.crt -> cert34.crt |
| markrad | 0:cdf462088d13 | 16 | ``` |
| markrad | 0:cdf462088d13 | 17 | |
| markrad | 0:cdf462088d13 | 18 | 4. nonzero pathlen constraint on an intermediate CA (invalid) |
| markrad | 0:cdf462088d13 | 19 | ``` |
| markrad | 0:cdf462088d13 | 20 | cert41.crt -> cert42.crt (max_pathlen=1) -> cert43.crt -> cert44.crt -> cert45.crt |
| markrad | 0:cdf462088d13 | 21 | ``` |
| markrad | 0:cdf462088d13 | 22 | |
| markrad | 0:cdf462088d13 | 23 | 5. nonzero pathlen constraint on an intermediate CA with maximum number of elements in the chain (valid) |
| markrad | 0:cdf462088d13 | 24 | ``` |
| markrad | 0:cdf462088d13 | 25 | cert51.crt -> cert52.crt (max_pathlen=1) -> cert53.crt -> cert54.crt |
| markrad | 0:cdf462088d13 | 26 | ``` |
| markrad | 0:cdf462088d13 | 27 | |
| markrad | 0:cdf462088d13 | 28 | 6. nonzero pathlen constraint on the root CA with maximum number of elements in the chain (valid) |
| markrad | 0:cdf462088d13 | 29 | ``` |
| markrad | 0:cdf462088d13 | 30 | cert61.crt (max_pathlen=1) -> cert62.crt -> cert63.crt |
| markrad | 0:cdf462088d13 | 31 | ``` |
| markrad | 0:cdf462088d13 | 32 | |
| markrad | 0:cdf462088d13 | 33 | 7. pathlen constraint on the root CA with maximum number of elements and a self signed certificate in the chain (valid) |
| markrad | 0:cdf462088d13 | 34 | (This situation happens for example when a root of some hierarchy gets integrated into another hierarchy. In this case the certificates issued before the integration will have an intermadiate self signed certificate in their chain) |
| markrad | 0:cdf462088d13 | 35 | ``` |
| markrad | 0:cdf462088d13 | 36 | cert71.crt (max_pathlen=1) -> cert72.crt -> cert73.crt (self signed) -> cert74.crt -> cert74.crt |
| markrad | 0:cdf462088d13 | 37 | ``` |
| markrad | 0:cdf462088d13 | 38 | |
| markrad | 0:cdf462088d13 | 39 | 8. zero pathlen constraint on first intermediate CA (valid) |
| markrad | 0:cdf462088d13 | 40 | ``` |
| markrad | 0:cdf462088d13 | 41 | cert81.crt -> cert82.crt (max_pathlen=0) -> cert83.crt |
| markrad | 0:cdf462088d13 | 42 | ``` |
| markrad | 0:cdf462088d13 | 43 | |
| markrad | 0:cdf462088d13 | 44 | 9. zero pathlen constraint on trusted root (valid) |
| markrad | 0:cdf462088d13 | 45 | ``` |
| markrad | 0:cdf462088d13 | 46 | cert91.crt (max_pathlen=0) -> cert92.crt |
| markrad | 0:cdf462088d13 | 47 | ``` |