-
Notifications
You must be signed in to change notification settings - Fork 544
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #3938 from Rohde-Schwarz/fix/x509-nesting-rules
X509 Path Validation Flag to Ignore Root Certificate Lifetime
- Loading branch information
Showing
8 changed files
with
219 additions
and
8 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
# Test: Root Certificate Time Check | ||
RFC 5280 does not disallow CAs to sign certificates with wider validity | ||
ranges than theirs. When checking a certificate chain at a specific | ||
point in time, this can lead to situations where a CA is expired or not | ||
yet valid, but the end-entity certificate is in the validity range. | ||
|
||
Botan provides an option to decide if such cases are considered valid. | ||
|
||
## Test Certificates | ||
This test case contains two certificates: | ||
- A trusted root certificate `root.crt`. Validity range (years): 2022-2028. | ||
- An end-entity certificate `leaf.crt` chaining to `root.crt`. | ||
Validity range (years): 2020-2030. | ||
|
||
These certificates are used to test Botan's behavior for verification at | ||
specific time points. For example, verification in 2025 succeeds, | ||
verification in 2031 fails, and verification at 2029 depends on the option. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
-----BEGIN CERTIFICATE----- | ||
MIIELDCCAxagAwIBAgIRAJ9N52O3Ju8BygPBNJxwolUwCwYJKoZIhvcNAQELMIGN | ||
MScwJQYDVQQDEx5mcm9kby5yaW5nLWRlcG9zYWwtc2VydmljZS5jb20xCzAJBgNV | ||
BAYTAk1FMRAwDgYDVQQIEwdFcmlhZG9yMQ4wDAYDVQQHEwVTaGlyZTEXMBUGA1UE | ||
ChMOSG9iYml0IFNvY2lldHkxGjAYBgNVBAsTEVJpbmcgRGVwb3NhbCBVbml0MB4X | ||
DTIwMDEwMTAwMDAwMFoXDTMwMDEwMTAwMDAwMFowgY8xKTAnBgNVBAMTIHNhbXdp | ||
c2UucmluZy1kZXBvc2FsLXNlcnZpY2UuY29tMQswCQYDVQQGEwJNRTEQMA4GA1UE | ||
CBMHRXJpYWRvcjEOMAwGA1UEBxMFU2hpcmUxFzAVBgNVBAoTDkhvYmJpdCBTb2Np | ||
ZXR5MRowGAYDVQQLExFSaW5nIERlcG9zYWwgVW5pdDCCASIwDQYJKoZIhvcNAQEB | ||
BQADggEPADCCAQoCggEBAJpQbqcw4Q0xyMeI9mTjYLT0SZELXs1BTMLD6tJlFdqP | ||
x+2gmQLv5gauRWReGVWqmJ6SUUWAKnfQQe/zeMpRJgNSvk0tyVuVj8PhUpLo4xxk | ||
/wyfJSArsk1ppml8PTOgROLFS/2fmrs8Qm+0sTLgqWNNf0p7fnQTcm39AqzmFEqz | ||
Dy24rIAbEN+vCg9Rm67meYlDvtkaAyQGAIevfJJiytDMt2/jW8Vu4Rwul1fc/28e | ||
by3v8E/tr2Zk1zMTe9JqdKbegGjkNWekO5Ny3EDjBUCR+xAXZ3aiyAOWn1fEZaxK | ||
vlO44tvU+Yuu1M7K8P9Dl+bnA1CTquhCJY1Joj93FDkCAwEAAaOBhjCBgzAhBgNV | ||
HQ4EGgQYBLOa+3C4xhfo+tQ1fVJPiE0lnDIFtJ0NMCsGA1UdEQQkMCKBIHNhbXdp | ||
c2VAcmluZy1kZXBvc2FsLXNlcnZpY2UuY29tMAwGA1UdEwEB/wQCMAAwIwYDVR0j | ||
BBwwGoAYHh+1BXEVqx6agPTcDw8lW9jm65pxUmOlMAsGCSqGSIb3DQEBCwOCAQEA | ||
FnuHOYgcYI8JqnXtLP+Be1yYIU++HA4njmfB3iCcVwIRa/iRVhD7lb9L5oepeCkR | ||
Y3aG3IbI8UZhhckMf6qNeJa1bJhhVxzjUmyF6QDVLAswFex+L6UMZXOS4SmE0wxF | ||
KKTuEPuSLWtmwLtf25Skt7HS/NsJpqtBPt1VpwaGYRX8Lkj+20IeFyYykIfqHMyW | ||
DqWzjSPYFZ2B7Bi/xct5+snorGUq8BzWxVKGVQwvBvO0eU1nkGSydRhcLB0qJOoI | ||
9kgBXWp2XtX5rxoDQRUTf/rzw2xBsUQgcuE+HFYEFOfSc7d2CUNiBogm5ogYaJw0 | ||
UUTCQwN7n/uvD+E+CC5UYA== | ||
-----END CERTIFICATE----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
-----BEGIN CERTIFICATE----- | ||
MIIEPjCCAyigAwIBAgIRANrPF/sE7W2NfzY92hX5hs8wCwYJKoZIhvcNAQELMIGN | ||
MScwJQYDVQQDEx5mcm9kby5yaW5nLWRlcG9zYWwtc2VydmljZS5jb20xCzAJBgNV | ||
BAYTAk1FMRAwDgYDVQQIEwdFcmlhZG9yMQ4wDAYDVQQHEwVTaGlyZTEXMBUGA1UE | ||
ChMOSG9iYml0IFNvY2lldHkxGjAYBgNVBAsTEVJpbmcgRGVwb3NhbCBVbml0MB4X | ||
DTIyMDEwMTAwMDAwMFoXDTI4MDEwMTAwMDAwMFowgY0xJzAlBgNVBAMTHmZyb2Rv | ||
LnJpbmctZGVwb3NhbC1zZXJ2aWNlLmNvbTELMAkGA1UEBhMCTUUxEDAOBgNVBAgT | ||
B0VyaWFkb3IxDjAMBgNVBAcTBVNoaXJlMRcwFQYDVQQKEw5Ib2JiaXQgU29jaWV0 | ||
eTEaMBgGA1UECxMRUmluZyBEZXBvc2FsIFVuaXQwggEiMA0GCSqGSIb3DQEBAQUA | ||
A4IBDwAwggEKAoIBAQDF7NhPUVyVvkN1VznTd67apvqJYxhYTmtTmt53qPR9EavL | ||
7lA63eVNYH8mMr/ovvniNsrg57UGGxmtmKchsFmH6N8L26vZV9RZeu6DQR6Ae5K0 | ||
cUA7GbYFQ8d0LM2UkD57JMVtx1xK8QYInLcvRbxUWJGkhH+TgAzD7tAKzIm/Uyhv | ||
6bKJaPLt6fYKmeXw/oEFdUdqkMAbH+jbiMy4JiGvzA7t2v4i+KafwM/Vq+6GOfyN | ||
y6eMW/tnQQWNxI5GWPsw/xDiy3Z8ihuucbrvFR9e6S95s3EFW9hvNsjYl7yuJYgA | ||
nG46OUPJ1/6+yRJJ+UHu/vbUORGoKHGYFN0TYscvAgMBAAGjgZowgZcwIQYDVR0O | ||
BBoEGB4ftQVxFasemoD03A8PJVvY5uuacVJjpTAOBgNVHQ8BAf8EBAMCAQYwKQYD | ||
VR0RBCIwIIEeZnJvZG9AcmluZy1kZXBvc2FsLXNlcnZpY2UuY29tMBIGA1UdEwEB | ||
/wQIMAYBAf8CASowIwYDVR0jBBwwGoAYHh+1BXEVqx6agPTcDw8lW9jm65pxUmOl | ||
MAsGCSqGSIb3DQEBCwOCAQEAuq6wuyBJ0QMx2yCXbEIlp3HMF1/ebR8HMv1mUrow | ||
adwSrS2BLq78tGH7OVbdz6PCUWjQ/Wx9u10MBBlLr8vaaD3W8sYFCaIQItKzRsqQ | ||
M3mzRJJ5gZnaphVGkHZCviODXkqI9OVxrpAS9FILUMpa5fajmlDNkj9+I0P7823G | ||
7IkC5sbShxzha/7abm3layNXlIS3n//nEVSNtchhysO1aWzZ8nH6FdhD4rP0MQEq | ||
PTSviLVhHlbkwhlA1W5pS3Dp8tYYFKskPTTCb6alwfKC0ic8fwQHdZ5hhronb1B0 | ||
Vsv/qTDfpQpDzCzyCoeSfoxmLrKr4ISHTeEQU49pCEvU5w== | ||
-----END CERTIFICATE----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters