mbedtls/tests/data_files/test-ca.opensslconf
Manuel Pégourié-Gonnard ecff9e9891 Add test for CA forgery attempt
As we accept EE certs that are explicitly trusted (in the list of trusted
roots) and usually look for parent by subject, and in the future we might want
to avoid checking the self-signature on trusted certs, there could a risk that we
incorrectly accept a cert that looks like a trusted root except it doesn't
have the same key. This test ensures this will never happen.
2018-03-05 13:44:22 +01:00

17 lines
300 B
Plaintext

[req]
x509_extensions = v3_ca
distinguished_name = req_dn
[req_dn]
countryName = NL
organizationalUnitName = PolarSSL
commonName = PolarSSL Test CA
[v3_ca]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = CA:true
[noext_ca]
basicConstraints = CA:true