Skip to content

Commit d6463ea

Browse files
BrianSiposBrianSipos
committed
Add test CA config with nameConstraints extension
1 parent fe852d3 commit d6463ea

File tree

3 files changed

+20
-0
lines changed

3 files changed

+20
-0
lines changed

data_files/Makefile

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -260,6 +260,9 @@ parse_input/test-ca-unsupported_policy.crt: $(test_ca_key_file_rsa) test-ca.req.
260260
parse_input/test-ca-unsupported_policy_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256
261261
$(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_unsupported_policy_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@
262262

263+
parse_input/test-ca-name_constraints_dns_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256
264+
$(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions name_constraints_dns_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@
265+
263266
test-ca.req_ec.sha256: $(test_ca_key_file_ec)
264267
$(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_ec) subject_name="C=NL, O=PolarSSL, CN=Polarssl Test EC CA" md=SHA256
265268
all_intermediate += test-ca.req_ec.sha256

data_files/parse_input/test-ca-name_constraints_dns_ec.crt

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
-----BEGIN CERTIFICATE-----
2+
MIICDDCCAZOgAwIBAgIBADAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
3+
A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
4+
MjUwMTEwMTY0NTMzWhcNMzUwMTExMTY0NTMzWjA+MQswCQYDVQQGEwJOTDERMA8G
5+
A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwdjAQ
6+
BgcqhkjOPQIBBgUrgQQAIgNiAATD2is0QTdYL4dW/vyJuilDS07gbsMOV1MzOVjU
7+
UrSRlTkLI99fFyRiSPwalSnOLC2HwohSgK/Waqsh3bjTHG5YuMrosmmO80GtKcO0
8+
X3WnR2/VGSlVaZpTOyC0ZhZgMx6jZTBjMAwGA1UdEwQFMAMBAf8wNAYDVR0eAQH/
9+
BCowKKAQMA6CDC5leGFtcGxlLmNvbaEUMBKCEC5iYWQuZXhhbXBsZS5jb20wHQYD
10+
VR0OBBYEFJ1tICRJAT8ry3i1Gbx+JMnb+zZ8MAoGCCqGSM49BAMCA2cAMGQCMBA4
11+
TTpDxUBuIcgYHs5orNFZitk1T14CL6XiC/JEd4MZ5bqLo6HmSB9M+Yj01D8C9QIw
12+
fYvj6Cl6W9P/sQze5V8iCqCBr6qQvnEdmeNP7DRxIfMulElBS6W4iRlu0i0nup2G
13+
-----END CERTIFICATE-----

data_files/test-ca.opensslconf

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -116,6 +116,10 @@ subjectAltName=dirName:dirname_sect
116116
[two_directorynames]
117117
subjectAltName=dirName:dirname_sect, dirName:dirname_to_malform
118118

119+
[name_constraints_dns_ca]
120+
basicConstraints = CA:true
121+
nameConstraints=critical, permitted;DNS:.example.com, excluded;DNS:.bad.example.com
122+
119123
[dirname_sect]
120124
C=UK
121125
O=Mbed TLS

0 commit comments

Comments
 (0)