c10afdb322
As we accept EE certs that are explicitly trusted (in the list of trusted roots) and usually look for parent by subject, and in the future we might want to avoid checking the self-signature on trusted certs, there could a risk that we incorrectly accept a cert that looks like a trusted root except it doesn't have the same key. This test ensures this will never happen.
17 lines
300 B
Plaintext
17 lines
300 B
Plaintext
[req]
|
|
x509_extensions = v3_ca
|
|
distinguished_name = req_dn
|
|
|
|
[req_dn]
|
|
countryName = NL
|
|
organizationalUnitName = PolarSSL
|
|
commonName = PolarSSL Test CA
|
|
|
|
[v3_ca]
|
|
subjectKeyIdentifier=hash
|
|
authorityKeyIdentifier=keyid:always,issuer:always
|
|
basicConstraints = CA:true
|
|
|
|
[noext_ca]
|
|
basicConstraints = CA:true
|