diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 19:33:14 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 19:33:14 +0000 |
| commit | 36d22d82aa202bb199967e9512281e9a53db42c9 (patch) | |
| tree | 105e8c98ddea1c1e4784a60a5a6410fa416be2de /security/nss/tests/chains/scenarios/ocspd.cfg | |
| parent | Initial commit. (diff) | |
| download | firefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.tar.xz firefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.zip | |
Adding upstream version 115.7.0esr.upstream/115.7.0esrupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'security/nss/tests/chains/scenarios/ocspd.cfg')
| -rw-r--r-- | security/nss/tests/chains/scenarios/ocspd.cfg | 172 |
1 files changed, 172 insertions, 0 deletions
diff --git a/security/nss/tests/chains/scenarios/ocspd.cfg b/security/nss/tests/chains/scenarios/ocspd.cfg new file mode 100644 index 0000000000..e48f9068ea --- /dev/null +++ b/security/nss/tests/chains/scenarios/ocspd.cfg @@ -0,0 +1,172 @@ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +scenario OCSPD + +#root CA +entity OCSPRoot + type Root + export_key + +#CA - OK +entity OCSPCA1 + type Intermediate + issuer OCSPRoot + serial 1 + ocsp online + export_key + +#CA - revoked +entity OCSPCA2 + type Intermediate + issuer OCSPRoot + serial 2 + ocsp online + export_key + +#CA - unknown status +entity OCSPCA3 + type Intermediate + issuer OCSPRoot + serial 3 + ocsp offline + export_key + +#EE - OK +entity OCSPEE11 + type EE + issuer OCSPCA1 + serial 1 + ocsp online + +#EE - revoked on OCSP +entity OCSPEE12 + type EE + issuer OCSPCA1 + serial 2 + ocsp online + +#EE - revoked on CRL +entity OCSPEE13 + type EE + issuer OCSPCA1 + serial 3 + ocsp online + +#EE - revoked on OCSP and CRL +entity OCSPEE14 + type EE + issuer OCSPCA1 + serial 4 + ocsp online + +#EE - unknown status +entity OCSPEE15 + type EE + issuer OCSPCA1 + serial 5 + ocsp offline + +#EE - valid EE, revoked CA +entity OCSPEE21 + type EE + issuer OCSPCA2 + serial 1 + ocsp online + +#EE - revoked EE, revoked CA +entity OCSPEE22 + type EE + issuer OCSPCA2 + serial 2 + ocsp online + +#EE - revoked EE, CA pointing to invalid OCSP +entity OCSPEE23 + type EE + issuer OCSPCA2 + serial 3 + ocsp offline + +#EE - valid EE, CA pointing to invalid OCSP +entity OCSPEE31 + type EE + issuer OCSPCA3 + serial 1 + ocsp online + +#EE - revoked EE, CA pointing to invalid OCSP +entity OCSPEE32 + type EE + issuer OCSPCA3 + serial 2 + ocsp online + +#EE - EE pointing to invalid OCSP, CA pointing to invalid OCSP +entity OCSPEE33 + type EE + issuer OCSPCA3 + serial 3 + ocsp offline + +crl OCSPRoot + +revoke OCSPRoot + serial 2 + +crl OCSPCA1 + +revoke OCSPCA1 + serial 2 + +revoke OCSPCA1 + serial 4 + +crl OCSPCA2 + +revoke OCSPCA2 + serial 2 + +revoke OCSPCA2 + serial 3 + +crl OCSPCA3 + +revoke OCSPCA3 + serial 2 + +revoke OCSPCA3 + serial 3 + +# Used for running a single OCSP server (httpserv) instance that can +# handle multiple CAs, e.g.: +# httpserv -p 8641 -d . -f dbpasswd \ +# -A OCSPRoot -C OCSPRoot.crl -A OCSPCA1 -C OCSPCA1.crl \ +# -A OCSPCA2 -C OCSPCA2.crl -A OCSPCA3 -C OCSPCA3.crl +db Server +import OCSPRoot::CT,C,C +import_key OCSPRoot +import_key OCSPCA1 +import_key OCSPCA2 +import_key OCSPCA3 + +# A DB containing all certs, but no keys. +# Useful for manual OCSP client testing, e.g.: +# ocspclnt -d . -S OCSPEE12OCSPCA1 -u s +db Client +import OCSPRoot::CT,C,C +import OCSPCA1OCSPRoot:: +import OCSPCA2OCSPRoot:: +import OCSPCA3OCSPRoot:: +import OCSPEE11OCSPCA1:: +import OCSPEE12OCSPCA1:: +import OCSPEE13OCSPCA1:: +import OCSPEE14OCSPCA1:: +import OCSPEE15OCSPCA1:: +import OCSPEE21OCSPCA2:: +import OCSPEE22OCSPCA2:: +import OCSPEE23OCSPCA2:: +import OCSPEE31OCSPCA3:: +import OCSPEE32OCSPCA3:: +import OCSPEE33OCSPCA3:: |