1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/tests/chains/scenarios/ocspd.cfg Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,172 @@
1.4 +# This Source Code Form is subject to the terms of the Mozilla Public
1.5 +# License, v. 2.0. If a copy of the MPL was not distributed with this
1.6 +# file, You can obtain one at http://mozilla.org/MPL/2.0/.
1.7 +
1.8 +scenario OCSPD
1.9 +
1.10 +#root CA
1.11 +entity OCSPRoot
1.12 + type Root
1.13 + export_key
1.14 +
1.15 +#CA - OK
1.16 +entity OCSPCA1
1.17 + type Intermediate
1.18 + issuer OCSPRoot
1.19 + serial 1
1.20 + ocsp online
1.21 + export_key
1.22 +
1.23 +#CA - revoked
1.24 +entity OCSPCA2
1.25 + type Intermediate
1.26 + issuer OCSPRoot
1.27 + serial 2
1.28 + ocsp online
1.29 + export_key
1.30 +
1.31 +#CA - unknown status
1.32 +entity OCSPCA3
1.33 + type Intermediate
1.34 + issuer OCSPRoot
1.35 + serial 3
1.36 + ocsp offline
1.37 + export_key
1.38 +
1.39 +#EE - OK
1.40 +entity OCSPEE11
1.41 + type EE
1.42 + issuer OCSPCA1
1.43 + serial 1
1.44 + ocsp online
1.45 +
1.46 +#EE - revoked on OCSP
1.47 +entity OCSPEE12
1.48 + type EE
1.49 + issuer OCSPCA1
1.50 + serial 2
1.51 + ocsp online
1.52 +
1.53 +#EE - revoked on CRL
1.54 +entity OCSPEE13
1.55 + type EE
1.56 + issuer OCSPCA1
1.57 + serial 3
1.58 + ocsp online
1.59 +
1.60 +#EE - revoked on OCSP and CRL
1.61 +entity OCSPEE14
1.62 + type EE
1.63 + issuer OCSPCA1
1.64 + serial 4
1.65 + ocsp online
1.66 +
1.67 +#EE - unknown status
1.68 +entity OCSPEE15
1.69 + type EE
1.70 + issuer OCSPCA1
1.71 + serial 5
1.72 + ocsp offline
1.73 +
1.74 +#EE - valid EE, revoked CA
1.75 +entity OCSPEE21
1.76 + type EE
1.77 + issuer OCSPCA2
1.78 + serial 1
1.79 + ocsp online
1.80 +
1.81 +#EE - revoked EE, revoked CA
1.82 +entity OCSPEE22
1.83 + type EE
1.84 + issuer OCSPCA2
1.85 + serial 2
1.86 + ocsp online
1.87 +
1.88 +#EE - revoked EE, CA pointing to invalid OCSP
1.89 +entity OCSPEE23
1.90 + type EE
1.91 + issuer OCSPCA2
1.92 + serial 3
1.93 + ocsp offline
1.94 +
1.95 +#EE - valid EE, CA pointing to invalid OCSP
1.96 +entity OCSPEE31
1.97 + type EE
1.98 + issuer OCSPCA3
1.99 + serial 1
1.100 + ocsp online
1.101 +
1.102 +#EE - revoked EE, CA pointing to invalid OCSP
1.103 +entity OCSPEE32
1.104 + type EE
1.105 + issuer OCSPCA3
1.106 + serial 2
1.107 + ocsp online
1.108 +
1.109 +#EE - EE pointing to invalid OCSP, CA pointing to invalid OCSP
1.110 +entity OCSPEE33
1.111 + type EE
1.112 + issuer OCSPCA3
1.113 + serial 3
1.114 + ocsp offline
1.115 +
1.116 +crl OCSPRoot
1.117 +
1.118 +revoke OCSPRoot
1.119 + serial 2
1.120 +
1.121 +crl OCSPCA1
1.122 +
1.123 +revoke OCSPCA1
1.124 + serial 2
1.125 +
1.126 +revoke OCSPCA1
1.127 + serial 4
1.128 +
1.129 +crl OCSPCA2
1.130 +
1.131 +revoke OCSPCA2
1.132 + serial 2
1.133 +
1.134 +revoke OCSPCA2
1.135 + serial 3
1.136 +
1.137 +crl OCSPCA3
1.138 +
1.139 +revoke OCSPCA3
1.140 + serial 2
1.141 +
1.142 +revoke OCSPCA3
1.143 + serial 3
1.144 +
1.145 +# Used for running a single OCSP server (httpserv) instance that can
1.146 +# handle multiple CAs, e.g.:
1.147 +# httpserv -p 8641 -d . -f dbpasswd \
1.148 +# -A OCSPRoot -C OCSPRoot.crl -A OCSPCA1 -C OCSPCA1.crl \
1.149 +# -A OCSPCA2 -C OCSPCA2.crl -A OCSPCA3 -C OCSPCA3.crl
1.150 +db Server
1.151 +import OCSPRoot::CT,C,C
1.152 +import_key OCSPRoot
1.153 +import_key OCSPCA1
1.154 +import_key OCSPCA2
1.155 +import_key OCSPCA3
1.156 +
1.157 +# A DB containing all certs, but no keys.
1.158 +# Useful for manual OCSP client testing, e.g.:
1.159 +# ocspclnt -d . -S OCSPEE12OCSPCA1 -u s
1.160 +db Client
1.161 +import OCSPRoot::CT,C,C
1.162 +import OCSPCA1OCSPRoot::
1.163 +import OCSPCA2OCSPRoot::
1.164 +import OCSPCA3OCSPRoot::
1.165 +import OCSPEE11OCSPCA1::
1.166 +import OCSPEE12OCSPCA1::
1.167 +import OCSPEE13OCSPCA1::
1.168 +import OCSPEE14OCSPCA1::
1.169 +import OCSPEE15OCSPCA1::
1.170 +import OCSPEE21OCSPCA2::
1.171 +import OCSPEE22OCSPCA2::
1.172 +import OCSPEE23OCSPCA2::
1.173 +import OCSPEE31OCSPCA3::
1.174 +import OCSPEE32OCSPCA3::
1.175 +import OCSPEE33OCSPCA3::
