[openssl/openssl] 386ab7: Add test cases for verification of time stamping c...

pauli noreply at reply.github.openssl.org
Wed Jun 22 06:58:27 UTC 2022

  Branch: refs/heads/master
  Home:   https://github.openssl.org/openssl/openssl
  Commit: 386ab7f1fefdd77521e670d9593e9894e2774be0
  Author: Lutz Jaenicke <ljaenicke at phoenixcontact.com>
  Date:   2022-06-22 (Wed, 22 Jun 2022)

  Changed paths:
    A test/certs/ee-timestampsign-CABforum-anyextkeyusage.pem
    A test/certs/ee-timestampsign-CABforum-crlsign.pem
    A test/certs/ee-timestampsign-CABforum-keycertsign.pem
    A test/certs/ee-timestampsign-CABforum-noncritxku.pem
    A test/certs/ee-timestampsign-CABforum-serverauth.pem
    A test/certs/ee-timestampsign-CABforum.pem
    A test/certs/ee-timestampsign-rfc3161-digsig.pem
    A test/certs/ee-timestampsign-rfc3161-noncritxku.pem
    A test/certs/ee-timestampsign-rfc3161.pem
    M test/certs/setup.sh
    M test/recipes/25-test_verify.t

  Log Message:
  Add test cases for verification of time stamping certificates

Test makes sure, that both time stamping certificate according to rfc3161 (no
requirements for keyUsage extension) and according to CAB forum (keyUsage
extension must be digitalSignature and be set critical) are accepted. Misuse
cases as stated in CAB forum are rejected, only exeption is a missing
"critial" flag on keyUsage.

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18597)

More information about the openssl-commits mailing list