1*6777b538SAndroid Build Coastguard WorkerThis directory contains various certificates for use with SSL-related 2*6777b538SAndroid Build Coastguard Workerunit tests. 3*6777b538SAndroid Build Coastguard Worker 4*6777b538SAndroid Build Coastguard Worker===== Real-world certificates that need manual updating 5*6777b538SAndroid Build Coastguard Worker- google.binary.p7b 6*6777b538SAndroid Build Coastguard Worker- google.chain.pem 7*6777b538SAndroid Build Coastguard Worker- google.pem_cert.p7b 8*6777b538SAndroid Build Coastguard Worker- google.pem_pkcs7.p7b 9*6777b538SAndroid Build Coastguard Worker- google.pkcs7.p7b 10*6777b538SAndroid Build Coastguard Worker- google.single.der 11*6777b538SAndroid Build Coastguard Worker- google.single.pem : Certificates for testing parsing of different formats. 12*6777b538SAndroid Build Coastguard Worker 13*6777b538SAndroid Build Coastguard Worker- mit.davidben.der : An expired MIT client certificate. 14*6777b538SAndroid Build Coastguard Worker 15*6777b538SAndroid Build Coastguard Worker- foaf.me.chromium-test-cert.der : A client certificate for a FOAF.ME identity 16*6777b538SAndroid Build Coastguard Worker created for testing. 17*6777b538SAndroid Build Coastguard Worker 18*6777b538SAndroid Build Coastguard Worker- google_diginotar.pem 19*6777b538SAndroid Build Coastguard Worker- diginotar_public_ca_2025.pem : A certificate chain for the regression test 20*6777b538SAndroid Build Coastguard Worker of http://crbug.com/94673 21*6777b538SAndroid Build Coastguard Worker 22*6777b538SAndroid Build Coastguard Worker- salesforce_com_test.pem 23*6777b538SAndroid Build Coastguard Worker- verisign_intermediate_ca_2011.pem 24*6777b538SAndroid Build Coastguard Worker- verisign_intermediate_ca_2016.pem : Certificates for testing two 25*6777b538SAndroid Build Coastguard Worker X509Certificate objects that contain the same server certificate but 26*6777b538SAndroid Build Coastguard Worker different intermediate CA certificates. The two intermediate CA 27*6777b538SAndroid Build Coastguard Worker certificates actually represent the same intermediate CA but have 28*6777b538SAndroid Build Coastguard Worker different validity periods. 29*6777b538SAndroid Build Coastguard Worker 30*6777b538SAndroid Build Coastguard Worker- ndn.ca.crt: "New Dream Network Certificate Authority" root certificate. 31*6777b538SAndroid Build Coastguard Worker This is an X.509 v1 certificate that omits the version field. Used to 32*6777b538SAndroid Build Coastguard Worker test that the certificate version gets the default value v1. 33*6777b538SAndroid Build Coastguard Worker 34*6777b538SAndroid Build Coastguard Worker- ct-test-embedded-cert.pem 35*6777b538SAndroid Build Coastguard Worker- ct-test-embedded-with-intermediate-chain.pem 36*6777b538SAndroid Build Coastguard Worker- ct-test-embedded-with-intermediate-preca-chain.pem 37*6777b538SAndroid Build Coastguard Worker- ct-test-embedded-with-preca-chain.pem 38*6777b538SAndroid Build Coastguard Worker Test certificate chains for Certificate Transparency: Each of these 39*6777b538SAndroid Build Coastguard Worker files contains a leaf certificate as the first certificate, which has 40*6777b538SAndroid Build Coastguard Worker embedded SCTs, followed by the issuer certificates chain. 41*6777b538SAndroid Build Coastguard Worker All files are from the src/test/testdada directory in 42*6777b538SAndroid Build Coastguard Worker https://code.google.com/p/certificate-transparency/ 43*6777b538SAndroid Build Coastguard Worker 44*6777b538SAndroid Build Coastguard Worker- leaf_from_known_root.pem : A certificate issued by a public trust anchor, 45*6777b538SAndroid Build Coastguard Worker used for CertVerifyProcInternalTest.TestKnownRoot. Using for other 46*6777b538SAndroid Build Coastguard Worker purposes is not recommended. This needs to be updated periodically so the 47*6777b538SAndroid Build Coastguard Worker server name the cert is valid for may change. 48*6777b538SAndroid Build Coastguard Worker 49*6777b538SAndroid Build Coastguard Worker- lets-encrypt-dst-x3-root.pem: A chain that ends in the Lets encrypt DST X3 50*6777b538SAndroid Build Coastguard Worker root (https://crt.sh/?id=8395). Has the same leaf as 51*6777b538SAndroid Build Coastguard Worker lets-encrypt-isrg-x1-root.pem. 52*6777b538SAndroid Build Coastguard Worker- lets-encrypt-isrg-x1-root.pem: A chain that ends in the Lets encrypt ISRG X1 53*6777b538SAndroid Build Coastguard Worker root (https://crt.sh/?id=9314791). Has the same leaf as 54*6777b538SAndroid Build Coastguard Worker lets-encrypt-dst-x3-root.pem. 55*6777b538SAndroid Build Coastguard Worker 56*6777b538SAndroid Build Coastguard Worker===== Manually generated certificates 57*6777b538SAndroid Build Coastguard Worker- client.p12 : A PKCS #12 file containing a client certificate and a private 58*6777b538SAndroid Build Coastguard Worker RSA key created for testing. The password is "12345". 59*6777b538SAndroid Build Coastguard Worker 60*6777b538SAndroid Build Coastguard Worker- client-nokey.p12 : A PKCS #12 file containing a client certificate (the same 61*6777b538SAndroid Build Coastguard Worker as the one in client.p12) but no private key. The password is "12345". 62*6777b538SAndroid Build Coastguard Worker 63*6777b538SAndroid Build Coastguard Worker- client-empty-password.p12 : A PKCS #12 file containing an unencrypted client 64*6777b538SAndroid Build Coastguard Worker certificate and a encrypted private key. The password is the empty string, 65*6777b538SAndroid Build Coastguard Worker encoded as two zero bytes. (PKCS#12 passwords are encoded as 66*6777b538SAndroid Build Coastguard Worker NUL-terminated UTF-16.) 67*6777b538SAndroid Build Coastguard Worker 68*6777b538SAndroid Build Coastguard Worker- client-null-password.p12 : A PKCS #12 file containing an unencrypted client 69*6777b538SAndroid Build Coastguard Worker certificate and a encrypted private key. The password is the empty string, 70*6777b538SAndroid Build Coastguard Worker encoded as the empty byte string. 71*6777b538SAndroid Build Coastguard Worker 72*6777b538SAndroid Build Coastguard Worker- client_with_ec_key.p12 : A PKCS #12 file containing a client certificate and 73*6777b538SAndroid Build Coastguard Worker a private EC key created for testing. The password is "12345". 74*6777b538SAndroid Build Coastguard Worker 75*6777b538SAndroid Build Coastguard Worker- unittest.selfsigned.der : A self-signed certificate generated using private 76*6777b538SAndroid Build Coastguard Worker key in unittest.key.bin. The common name is "unittest". 77*6777b538SAndroid Build Coastguard Worker 78*6777b538SAndroid Build Coastguard Worker- unittest.key.bin : private key stored unencrypted. 79*6777b538SAndroid Build Coastguard Worker 80*6777b538SAndroid Build Coastguard Worker- multivalue_rdn.pem : A regression test for http://crbug.com/101009. A 81*6777b538SAndroid Build Coastguard Worker certificate with all of the AttributeTypeAndValues stored within a single 82*6777b538SAndroid Build Coastguard Worker RelativeDistinguishedName, rather than one AVA per RDN as normally seen. 83*6777b538SAndroid Build Coastguard Worker 84*6777b538SAndroid Build Coastguard Worker- unescaped.pem : Regression test for http://crbug.com/102839. Contains 85*6777b538SAndroid Build Coastguard Worker characters such as '=' and '"' that would normally be escaped when 86*6777b538SAndroid Build Coastguard Worker converting a subject/issuer name to their stringized form. 87*6777b538SAndroid Build Coastguard Worker 88*6777b538SAndroid Build Coastguard Worker- websocket_cacert.pem : The testing root CA for testing WebSocket client 89*6777b538SAndroid Build Coastguard Worker certificate authentication. 90*6777b538SAndroid Build Coastguard Worker This file is used in SSLUITest.TestWSSClientCert. 91*6777b538SAndroid Build Coastguard Worker 92*6777b538SAndroid Build Coastguard Worker- websocket_client_cert.p12 : A PKCS #12 file containing a client certificate 93*6777b538SAndroid Build Coastguard Worker and a private key created for WebSocket testing. The password is "". 94*6777b538SAndroid Build Coastguard Worker This file is used in SSLUITest.TestWSSClientCert. 95*6777b538SAndroid Build Coastguard Worker 96*6777b538SAndroid Build Coastguard Worker- no_subject_common_name_cert.pem: Used to test the function that generates a 97*6777b538SAndroid Build Coastguard Worker NSS certificate nickname for a user certificate. This certificate's Subject 98*6777b538SAndroid Build Coastguard Worker field doesn't have a common name. 99*6777b538SAndroid Build Coastguard Worker 100*6777b538SAndroid Build Coastguard Worker- ct-test-embedded-with-uids.pem: A certificate with embedded SCT and 101*6777b538SAndroid Build Coastguard Worker issuer/subject unique IDs. This certificate should only be used in parsing 102*6777b538SAndroid Build Coastguard Worker tests and otherwise kept fixed. The signature, etc., are intentionally 103*6777b538SAndroid Build Coastguard Worker invalid. 104*6777b538SAndroid Build Coastguard Worker 105*6777b538SAndroid Build Coastguard Worker- name_constrained_key.pem 106*6777b538SAndroid Build Coastguard Worker The private key matching the public_key_hash of the kDomainsTest constraint 107*6777b538SAndroid Build Coastguard Worker in CertVerifyProc::HasNameConstraintsViolation. 108*6777b538SAndroid Build Coastguard Worker 109*6777b538SAndroid Build Coastguard Worker===== From net/data/ssl/scripts/generate-quic-chain.sh 110*6777b538SAndroid Build Coastguard Worker- quic-chain.pem 111*6777b538SAndroid Build Coastguard Worker- quic-leaf-cert.key 112*6777b538SAndroid Build Coastguard Worker- quic-leaf-cert.key.pkcs8.pem 113*6777b538SAndroid Build Coastguard Worker- quic-root.pem 114*6777b538SAndroid Build Coastguard Worker These certificates are used by integration tests that use QUIC. 115*6777b538SAndroid Build Coastguard Worker 116*6777b538SAndroid Build Coastguard Worker- quic-leaf-cert.key.sct 117*6777b538SAndroid Build Coastguard Worker This isn't generated and just contains a simple text file (the contents 118*6777b538SAndroid Build Coastguard Worker don't actually matter, just the presence of the file). 119*6777b538SAndroid Build Coastguard Worker 120*6777b538SAndroid Build Coastguard Worker===== From net/data/ssl/scripts/generate-test-certs.sh 121*6777b538SAndroid Build Coastguard Worker- expired_cert.pem 122*6777b538SAndroid Build Coastguard Worker- ok_cert.pem 123*6777b538SAndroid Build Coastguard Worker- root_ca_cert.pem 124*6777b538SAndroid Build Coastguard Worker These certificates are the common certificates used by the Python test 125*6777b538SAndroid Build Coastguard Worker server for simulating HTTPS connections. 126*6777b538SAndroid Build Coastguard Worker 127*6777b538SAndroid Build Coastguard Worker- intermediate_ca_cert.pem 128*6777b538SAndroid Build Coastguard Worker- ok_cert_by_intermediate.pem 129*6777b538SAndroid Build Coastguard Worker These certificates simulate a more common chain of root (root_ca_cert.pem) 130*6777b538SAndroid Build Coastguard Worker to intermediate (intermediate_ca_cert.pem) to leaf 131*6777b538SAndroid Build Coastguard Worker (ok_cert_by_intermediate.pem). 132*6777b538SAndroid Build Coastguard Worker 133*6777b538SAndroid Build Coastguard Worker- wildcard_.pem 134*6777b538SAndroid Build Coastguard Worker A certificate and private key valid for *.example.org, used in various 135*6777b538SAndroid Build Coastguard Worker net unit tests. 136*6777b538SAndroid Build Coastguard Worker 137*6777b538SAndroid Build Coastguard Worker- test_names.pem 138*6777b538SAndroid Build Coastguard Worker A certificate and private key valid for a number of test names. See 139*6777b538SAndroid Build Coastguard Worker [test_names] in ee.cnf. Other names may be added as needed. 140*6777b538SAndroid Build Coastguard Worker 141*6777b538SAndroid Build Coastguard Worker- bad_validity.pem 142*6777b538SAndroid Build Coastguard Worker A certificate and private key only valid on 0001-01-01. Windows refuses to 143*6777b538SAndroid Build Coastguard Worker parse this certificate. 144*6777b538SAndroid Build Coastguard Worker 145*6777b538SAndroid Build Coastguard Worker- spdy_pooling.pem : Used to test the handling of spdy IP connection pooling 146*6777b538SAndroid Build Coastguard Worker 147*6777b538SAndroid Build Coastguard Worker- subjectAltName_sanity_check.pem : Used to test the handling of various types 148*6777b538SAndroid Build Coastguard Worker within the subjectAltName extension of a certificate. 149*6777b538SAndroid Build Coastguard Worker 150*6777b538SAndroid Build Coastguard Worker- policies_sanity_check.pem : Used to test the parsing of various types of 151*6777b538SAndroid Build Coastguard Worker certificatePolicies extension policyQualifiers. 152*6777b538SAndroid Build Coastguard Worker 153*6777b538SAndroid Build Coastguard Worker- punycodetest.pem : A test self-signed server certificate with punycode name. 154*6777b538SAndroid Build Coastguard Worker The common name is "xn--wgv71a119e.com" (日本語.com) 155*6777b538SAndroid Build Coastguard Worker 156*6777b538SAndroid Build Coastguard Worker- sha1_2016.pem 157*6777b538SAndroid Build Coastguard Worker Used to test the handling of SHA1 certificates expiring in 2016. 158*6777b538SAndroid Build Coastguard Worker 159*6777b538SAndroid Build Coastguard Worker- 10_year_validity.pem 160*6777b538SAndroid Build Coastguard Worker- 11_year_validity.pem 161*6777b538SAndroid Build Coastguard Worker- 39_months_after_2015_04.pem 162*6777b538SAndroid Build Coastguard Worker- 40_months_after_2015_04.pem 163*6777b538SAndroid Build Coastguard Worker- 60_months_after_2012_07.pem 164*6777b538SAndroid Build Coastguard Worker- 61_months_after_2012_07.pem 165*6777b538SAndroid Build Coastguard Worker- pre_br_validity_bad_121.pem 166*6777b538SAndroid Build Coastguard Worker- pre_br_validity_bad_2020.pem 167*6777b538SAndroid Build Coastguard Worker- pre_br_validity_ok.pem 168*6777b538SAndroid Build Coastguard Worker- start_after_expiry.pem 169*6777b538SAndroid Build Coastguard Worker Certs to test that the maximum validity durations set by the CA/Browser 170*6777b538SAndroid Build Coastguard Worker Forum Baseline Requirements are enforced. 171*6777b538SAndroid Build Coastguard Worker 172*6777b538SAndroid Build Coastguard Worker- may_2018.pem 173*6777b538SAndroid Build Coastguard Worker An 825-day certificate issued on May 1, 2018, the official start of 174*6777b538SAndroid Build Coastguard Worker enforcement requiring Certificate Transparency for new certificates. This 175*6777b538SAndroid Build Coastguard Worker certificate does not have any embedded SCTs. 176*6777b538SAndroid Build Coastguard Worker 177*6777b538SAndroid Build Coastguard Worker- x509_verify_results.chain.pem : A simple certificate chain used to test that 178*6777b538SAndroid Build Coastguard Worker the correctly ordered, filtered certificate chain is returned during 179*6777b538SAndroid Build Coastguard Worker verification, regardless of the order in which the intermediate/root CA 180*6777b538SAndroid Build Coastguard Worker certificates are provided. 181*6777b538SAndroid Build Coastguard Worker 182*6777b538SAndroid Build Coastguard Worker- ev_test.pem 183*6777b538SAndroid Build Coastguard Worker- ev_test_state_only.pem 184*6777b538SAndroid Build Coastguard Worker Certificates for testing EV display (including regression test for 185*6777b538SAndroid Build Coastguard Worker https://crbug.com/1069113). 186*6777b538SAndroid Build Coastguard Worker 187*6777b538SAndroid Build Coastguard Worker===== From net/data/ssl/scripts/generate-test-keys.sh 188*6777b538SAndroid Build Coastguard Worker- rsa-{768,1024,2048}-{1..3}.key 189*6777b538SAndroid Build Coastguard Worker- ec-prime256v1-{1..3}.key 190*6777b538SAndroid Build Coastguard Worker Pre-generated keys of various types/sizes. 191*6777b538SAndroid Build Coastguard Worker Useful for tests that generate RSA certificates with CertBuilder without 192*6777b538SAndroid Build Coastguard Worker having to pay the cost of generating RSA keys at runtime. Multiple keys 193*6777b538SAndroid Build Coastguard Worker of each size are provided. (EC keys are cheap to generate at runtime, but 194*6777b538SAndroid Build Coastguard Worker having some as files simplifies test logic in cases where the test is 195*6777b538SAndroid Build Coastguard Worker reading both RSA and EC keys from files.) 196*6777b538SAndroid Build Coastguard Worker 197*6777b538SAndroid Build Coastguard Worker===== From net/data/ssl/scripts/generate-redundant-test-chains.sh 198*6777b538SAndroid Build Coastguard Worker- redundant-validated-chain.pem 199*6777b538SAndroid Build Coastguard Worker- redundant-server-chain.pem 200*6777b538SAndroid Build Coastguard Worker- redundant-validated-chain-root.pem 201*6777b538SAndroid Build Coastguard Worker 202*6777b538SAndroid Build Coastguard Worker Two chains, A -> B -> C -> D and A -> B -> C2 (C and C2 share the same 203*6777b538SAndroid Build Coastguard Worker public key) to test that SSLInfo gets the reconstructed, re-ordered 204*6777b538SAndroid Build Coastguard Worker chain instead of the chain as served. See 205*6777b538SAndroid Build Coastguard Worker SSLClientSocketTest.VerifyReturnChainProperlyOrdered in 206*6777b538SAndroid Build Coastguard Worker net/socket/ssl_client_socket_unittest.cc. These chains are valid until 207*6777b538SAndroid Build Coastguard Worker 26 Feb 2022 and are generated by 208*6777b538SAndroid Build Coastguard Worker net/data/ssl/scripts/generate-redundant-test-chains.sh. 209*6777b538SAndroid Build Coastguard Worker 210*6777b538SAndroid Build Coastguard Worker===== From net/data/ssl/scripts/generate-client-certificates.sh 211*6777b538SAndroid Build Coastguard Worker- client_1.pem 212*6777b538SAndroid Build Coastguard Worker- client_1.key 213*6777b538SAndroid Build Coastguard Worker- client_1.pk8 214*6777b538SAndroid Build Coastguard Worker- client_1_ca.pem 215*6777b538SAndroid Build Coastguard Worker- client_2.pem 216*6777b538SAndroid Build Coastguard Worker- client_2.key 217*6777b538SAndroid Build Coastguard Worker- client_2.pk8 218*6777b538SAndroid Build Coastguard Worker- client_2_ca.pem 219*6777b538SAndroid Build Coastguard Worker- client_3.pem 220*6777b538SAndroid Build Coastguard Worker- client_3.key 221*6777b538SAndroid Build Coastguard Worker- client_3.pk8 222*6777b538SAndroid Build Coastguard Worker- client_3_ca.pem 223*6777b538SAndroid Build Coastguard Worker- client_4.pem 224*6777b538SAndroid Build Coastguard Worker- client_4.key 225*6777b538SAndroid Build Coastguard Worker- client_4.pk8 226*6777b538SAndroid Build Coastguard Worker- client_4_ca.pem 227*6777b538SAndroid Build Coastguard Worker- client_5.pem 228*6777b538SAndroid Build Coastguard Worker- client_5.key 229*6777b538SAndroid Build Coastguard Worker- client_5.pk8 230*6777b538SAndroid Build Coastguard Worker- client_5_ca.pem 231*6777b538SAndroid Build Coastguard Worker- client_6.pem 232*6777b538SAndroid Build Coastguard Worker- client_6.key 233*6777b538SAndroid Build Coastguard Worker- client_6.pk8 234*6777b538SAndroid Build Coastguard Worker- client_6_ca.pem 235*6777b538SAndroid Build Coastguard Worker- client_1_u16_password.p12 236*6777b538SAndroid Build Coastguard Worker- client_root_ca.pem 237*6777b538SAndroid Build Coastguard Worker This is a set of files used to unit test SSL client certificate 238*6777b538SAndroid Build Coastguard Worker authentication. 239*6777b538SAndroid Build Coastguard Worker - client_1_ca.pem and client_2_ca.pem are the certificates of 240*6777b538SAndroid Build Coastguard Worker two distinct signing CAs. 241*6777b538SAndroid Build Coastguard Worker - client_1.pem and client_1.key correspond to the certificate and 242*6777b538SAndroid Build Coastguard Worker private key for a first certificate signed by client_1_ca.pem. 243*6777b538SAndroid Build Coastguard Worker - client_2.pem and client_2.key correspond to the certificate and 244*6777b538SAndroid Build Coastguard Worker private key for a second certificate signed by client_2_ca.pem. 245*6777b538SAndroid Build Coastguard Worker - each .pk8 file contains the same key as the corresponding .key file 246*6777b538SAndroid Build Coastguard Worker as PKCS#8 PrivateKeyInfo in DER encoding. 247*6777b538SAndroid Build Coastguard Worker - client_3.pem is nearly identical to client_2.pem, except it is used 248*6777b538SAndroid Build Coastguard Worker to test wifi EAP-TLS authentication so it uses a different set 249*6777b538SAndroid Build Coastguard Worker of X509v3 extensions. Specifically it includes two Subject 250*6777b538SAndroid Build Coastguard Worker Alternative Name fields recognized by Chrome OS. 251*6777b538SAndroid Build Coastguard Worker - client_4.pem is similar to client_2.pem but is a P-256 ECDSA key rather 252*6777b538SAndroid Build Coastguard Worker than RSA. 253*6777b538SAndroid Build Coastguard Worker - client_5.pem is similar to client_2.pem but is a P-384 ECDSA key rather 254*6777b538SAndroid Build Coastguard Worker than RSA. 255*6777b538SAndroid Build Coastguard Worker - client_6.pem is similar to client_2.pem but is a P-521 ECDSA key rather 256*6777b538SAndroid Build Coastguard Worker than RSA. 257*6777b538SAndroid Build Coastguard Worker - client_root_ca.pem is the CA certificate which signed client_*_ca.pem. 258*6777b538SAndroid Build Coastguard Worker - client_1_u16_password.p12 contains the client_1.key and client_1.pem key 259*6777b538SAndroid Build Coastguard Worker and certificate, but is encoded as a PKCS#12 file and has a password with 260*6777b538SAndroid Build Coastguard Worker UTF-16 symbols ("Hello, 世界"). 261*6777b538SAndroid Build Coastguard Worker 262*6777b538SAndroid Build Coastguard Worker===== From net/data/ssl/scripts/generate-bad-eku-certs.sh 263*6777b538SAndroid Build Coastguard Worker- eku-test-root.pem 264*6777b538SAndroid Build Coastguard Worker- non-crit-codeSigning-chain.pem 265*6777b538SAndroid Build Coastguard Worker- crit-codeSigning-chain.pem 266*6777b538SAndroid Build Coastguard Worker Two code-signing certificates (eKU: codeSigning; eKU: critical, 267*6777b538SAndroid Build Coastguard Worker codeSigning) which we use to test that clients are making sure that web 268*6777b538SAndroid Build Coastguard Worker server certs are checked for correct eKU fields (when an eKU field is 269*6777b538SAndroid Build Coastguard Worker present). Since codeSigning is not valid for web server auth, the checks 270*6777b538SAndroid Build Coastguard Worker should fail. 271*6777b538SAndroid Build Coastguard Worker 272*6777b538SAndroid Build Coastguard Worker===== From net/data/ssl/scripts/generate-multi-root-test-chains.sh 273*6777b538SAndroid Build Coastguard Worker- multi-root-chain1.pem 274*6777b538SAndroid Build Coastguard Worker- multi-root-chain2.pem 275*6777b538SAndroid Build Coastguard Worker Two chains, A -> B -> C -> D and A -> B -> C2 -> E (C and C2 share the 276*6777b538SAndroid Build Coastguard Worker same public key) to test that certificate validation caching does not 277*6777b538SAndroid Build Coastguard Worker interfere with the chain_verify_callback used by CertVerifyProcChromeOS. 278*6777b538SAndroid Build Coastguard Worker See CertVerifyProcChromeOSTest. 279*6777b538SAndroid Build Coastguard Worker 280*6777b538SAndroid Build Coastguard Worker===== From net/data/ssl/scripts/generate-multi-root-keychain.sh 281*6777b538SAndroid Build Coastguard Worker- multi-root.keychain: An OSX Keychain containing the generated 282*6777b538SAndroid Build Coastguard Worker certificates multi-root-*-by-*.pem 283*6777b538SAndroid Build Coastguard Worker 284*6777b538SAndroid Build Coastguard Worker===== From net/data/ssl/scripts/generate-duplicate-cn-certs.sh 285*6777b538SAndroid Build Coastguard Worker- duplicate_cn_1.p12 286*6777b538SAndroid Build Coastguard Worker- duplicate_cn_1.pem 287*6777b538SAndroid Build Coastguard Worker- duplicate_cn_2.p12 288*6777b538SAndroid Build Coastguard Worker- duplicate_cn_2.pem 289*6777b538SAndroid Build Coastguard Worker Two certificates from the same issuer that share the same common name, 290*6777b538SAndroid Build Coastguard Worker but have distinct subject names (namely, their O fields differ). NSS 291*6777b538SAndroid Build Coastguard Worker requires that certificates have unique nicknames if they do not share the 292*6777b538SAndroid Build Coastguard Worker same subject, and these certificates are used to test that the nickname 293*6777b538SAndroid Build Coastguard Worker generation algorithm generates unique nicknames. 294*6777b538SAndroid Build Coastguard Worker The .pem versions contain just the certs, while the .p12 versions contain 295*6777b538SAndroid Build Coastguard Worker both the cert and a private key, since there are multiple ways to import 296*6777b538SAndroid Build Coastguard Worker certificates into NSS. 297*6777b538SAndroid Build Coastguard Worker 298*6777b538SAndroid Build Coastguard Worker===== From net/data/ssl/scripts/generate-self-signed-certs.sh 299*6777b538SAndroid Build Coastguard Worker- self-signed-invalid-name.pem 300*6777b538SAndroid Build Coastguard Worker- self-signed-invalid-sig.pem 301*6777b538SAndroid Build Coastguard Worker Two "self-signed" certificates with mismatched names or an invalid 302*6777b538SAndroid Build Coastguard Worker signature, respectively. 303*6777b538SAndroid Build Coastguard Worker 304*6777b538SAndroid Build Coastguard Worker===== From net/data/ssl/scripts/generate-key-usage-certs.sh 305*6777b538SAndroid Build Coastguard Worker- key_usage_rsa_no_extension.pem 306*6777b538SAndroid Build Coastguard Worker- key_usage_rsa_keyencipherment.pem 307*6777b538SAndroid Build Coastguard Worker- key_usage_rsa_digitalsignature.pem 308*6777b538SAndroid Build Coastguard Worker- key_usage_rsa_both.pem 309*6777b538SAndroid Build Coastguard Worker Self-signed RSA certificates with various combinations of keyUsage 310*6777b538SAndroid Build Coastguard Worker flags. Their private key is key_usage_rsa.key. 311*6777b538SAndroid Build Coastguard Worker 312*6777b538SAndroid Build Coastguard Worker- key_usage_p256_no_extension.pem 313*6777b538SAndroid Build Coastguard Worker- key_usage_p256_keyagreement.pem 314*6777b538SAndroid Build Coastguard Worker- key_usage_p256_digitalsignature.pem 315*6777b538SAndroid Build Coastguard Worker- key_usage_p256_both.pem 316*6777b538SAndroid Build Coastguard Worker Self-signed P-256 certificates with various combinations of keyUsage 317*6777b538SAndroid Build Coastguard Worker flags. Their private key is key_usage_p256.key. 318*6777b538SAndroid Build Coastguard Worker 319*6777b538SAndroid Build Coastguard Worker===== From net/data/ssl/scripts/generate_2_client_certs_1_key.sh 320*6777b538SAndroid Build Coastguard Worker- 2_client_certs_1_key.p12 321*6777b538SAndroid Build Coastguard Worker Key pair and two client certificates for it in a single .p12 file. 322