mbedtls/tests/data_files/test-ca.opensslconf
Pengyu Lv e025cb2096 Add rules to generate cert_example_multi_nocn.crt
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-04 17:30:21 +08:00

125 lines
2.7 KiB
Text

[req]
x509_extensions = v3_ca
distinguished_name = req_dn
[req_dn]
countryName = NL
organizationalUnitName = PolarSSL
commonName = PolarSSL Test CA
[v3_ca]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = CA:true
[no_subj_auth_id]
subjectKeyIdentifier=none
authorityKeyIdentifier=none
basicConstraints = CA:true
[othername_san]
subjectAltName=otherName:1.3.6.1.5.5.7.8.4;SEQ:hw_module_name
[nonprintable_othername_san]
subjectAltName=otherName:1.3.6.1.5.5.7.8.4;SEQ:nonprintable_hw_module_name
[unsupported_othername_san]
subjectAltName=otherName:1.2.3.4;UTF8:some other identifier
[dns_alt_names]
subjectAltName=DNS:example.com, DNS:example.net, DNS:*.example.org
[rfc822name_names]
subjectAltName=email:my@other.address,email:second@other.address
[alt_names]
DNS.1=example.com
otherName.1=1.3.6.1.5.5.7.8.4;SEQ:hw_module_name
DNS.2=example.net
DNS.3=*.example.org
[multiple_san]
subjectAltName=@alt_names
[ext_multi_nocn]
basicConstraints = CA:false
keyUsage = digitalSignature, nonRepudiation, keyEncipherment
subjectAltName = DNS:www.shotokan-braunschweig.de,DNS:www.massimo-abate.eu,IP:192.168.1.1,IP:192.168.69.144
[hw_module_name]
hwtype = OID:1.3.6.1.4.1.17.3
hwserial = OCT:123456
[nonprintable_hw_module_name]
hwtype = OID:1.3.6.1.4.1.17.3
hwserial = FORMAT:HEX, OCT:3132338081008180333231
[v3_any_policy_ca]
basicConstraints = CA:true
certificatePolicies = 2.5.29.32.0
[v3_any_policy_qualifier_ca]
basicConstraints = CA:true
certificatePolicies = @policy_info
[v3_multi_policy_ca]
basicConstraints = CA:true
certificatePolicies = 1.2.3.4,2.5.29.32.0
[v3_unsupported_policy_ca]
basicConstraints = CA:true
certificatePolicies = 1.2.3.4
[policy_info]
policyIdentifier = 2.5.29.32.0
CPS.1 ="CPS uri string"
[fan_cert]
extendedKeyUsage = 1.3.6.1.4.1.45605.1
[noext_ca]
basicConstraints = CA:true
[test_ca]
database = /dev/null
[crl_ext_idp]
issuingDistributionPoint=critical, @idpdata
[crl_ext_idp_nc]
issuingDistributionPoint=@idpdata
[idpdata]
fullname=URI:http://pki.example.com/
# these IPs are the ascii values for 'abcd' and 'abcd.example.com'
[tricky_ip_san]
subjectAltName=IP:97.98.99.100,IP:6162:6364:2e65:7861:6d70:6c65:2e63:6f6d
[csr_ext_v3_keyUsage]
keyUsage = digitalSignature, keyEncipherment
[csr_ext_v3_subjectAltName]
subjectAltName=DNS:example.com, DNS:example.net, DNS:*.example.org
[csr_ext_v3_nsCertType]
nsCertType=server
[csr_ext_v3_all]
keyUsage = cRLSign
subjectAltName=otherName:1.3.6.1.5.5.7.8.4;SEQ:nonprintable_hw_module_name
nsCertType=client
[directory_name_san]
subjectAltName=dirName:dirname_sect
[two_directorynames]
subjectAltName=dirName:dirname_sect, dirName:dirname_to_malform
[dirname_sect]
C=UK
O=Mbed TLS
CN=Mbed TLS directoryName SAN
[dirname_to_malform]
O=MALFORM_ME