tests/data_files/test-ca.opensslconf - third_party/github/ARMmbed/mbedtls - Git at Google

 [req]
 x509_extensions = v3_ca
 distinguished_name = req_dn

 [req_dn]
 countryName = NL
 organizationalUnitName = PolarSSL
 commonName = PolarSSL Test CA

 [v3_ca]
 subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid:always,issuer:always
 basicConstraints = CA:true

 [no_subj_auth_id]
 subjectKeyIdentifier=none
 authorityKeyIdentifier=none
 basicConstraints = CA:true

 [othername_san]
 subjectAltName=otherName:1.3.6.1.5.5.7.8.4;SEQ:hw_module_name

 [nonprintable_othername_san]
 subjectAltName=otherName:1.3.6.1.5.5.7.8.4;SEQ:nonprintable_hw_module_name

 [unsupported_othername_san]
 subjectAltName=otherName:1.2.3.4;UTF8:some other identifier

 [dns_alt_names]
 subjectAltName=DNS:example.com, DNS:example.net, DNS:*.example.org

 [rfc822name_names]
 subjectAltName=email:my@other.address,email:second@other.address

 [alt_names]
 DNS.1=example.com
 otherName.1=1.3.6.1.5.5.7.8.4;SEQ:hw_module_name
 DNS.2=example.net
 DNS.3=*.example.org

 [multiple_san]
 subjectAltName=@alt_names

 [ext_multi_nocn]
 basicConstraints = CA:false
 keyUsage = digitalSignature, nonRepudiation, keyEncipherment
 subjectAltName = DNS:www.shotokan-braunschweig.de,DNS:www.massimo-abate.eu,IP:192.168.1.1,IP:192.168.69.144

 [hw_module_name]
 hwtype = OID:1.3.6.1.4.1.17.3
 hwserial = OCT:123456

 [nonprintable_hw_module_name]
 hwtype = OID:1.3.6.1.4.1.17.3
 hwserial = FORMAT:HEX, OCT:3132338081008180333231

 [v3_any_policy_ca]
 basicConstraints = CA:true
 certificatePolicies = 2.5.29.32.0

 [v3_any_policy_qualifier_ca]
 basicConstraints = CA:true
 certificatePolicies = @policy_info

 [v3_multi_policy_ca]
 basicConstraints = CA:true
 certificatePolicies = 1.2.3.4,2.5.29.32.0

 [v3_unsupported_policy_ca]
 basicConstraints = CA:true
 certificatePolicies = 1.2.3.4

 [policy_info]
 policyIdentifier = 2.5.29.32.0
 CPS.1 ="CPS uri string"

 [fan_cert]
 extendedKeyUsage = 1.3.6.1.4.1.45605.1

 [noext_ca]
 basicConstraints = CA:true

 [test_ca]
 database = /dev/null

 [crl_ext_idp]
 issuingDistributionPoint=critical, @idpdata

 [crl_ext_idp_nc]
 issuingDistributionPoint=@idpdata

 [idpdata]
 fullname=URI:http://pki.example.com/

 # these IPs are the ascii values for 'abcd' and 'abcd.example.com'
 [tricky_ip_san]
 subjectAltName=IP:97.98.99.100,IP:6162:6364:2e65:7861:6d70:6c65:2e63:6f6d

 [csr_ext_v3_keyUsage]
 keyUsage = digitalSignature, keyEncipherment

 [csr_ext_v3_subjectAltName]
 subjectAltName=DNS:example.com, DNS:example.net, DNS:*.example.org

 [csr_ext_v3_nsCertType]
 nsCertType=server

 [csr_ext_v3_all]
 keyUsage = cRLSign
 subjectAltName=otherName:1.3.6.1.5.5.7.8.4;SEQ:nonprintable_hw_module_name
 nsCertType=client

 [directory_name_san]
 subjectAltName=dirName:dirname_sect

 [two_directorynames]
 subjectAltName=dirName:dirname_sect, dirName:dirname_to_malform

 [dirname_sect]
 C=UK
 O=Mbed TLS
 CN=Mbed TLS directoryName SAN

 [dirname_to_malform]
 O=MALFORM_ME
	[req]
	x509_extensions = v3_ca
	distinguished_name = req_dn

	[req_dn]
	countryName = NL
	organizationalUnitName = PolarSSL
	commonName = PolarSSL Test CA

	[v3_ca]
	subjectKeyIdentifier=hash
	authorityKeyIdentifier=keyid:always,issuer:always
	basicConstraints = CA:true

	[no_subj_auth_id]
	subjectKeyIdentifier=none
	authorityKeyIdentifier=none
	basicConstraints = CA:true

	[othername_san]
	subjectAltName=otherName:1.3.6.1.5.5.7.8.4;SEQ:hw_module_name

	[nonprintable_othername_san]
	subjectAltName=otherName:1.3.6.1.5.5.7.8.4;SEQ:nonprintable_hw_module_name

	[unsupported_othername_san]
	subjectAltName=otherName:1.2.3.4;UTF8:some other identifier

	[dns_alt_names]
	subjectAltName=DNS:example.com, DNS:example.net, DNS:*.example.org

	[rfc822name_names]
	subjectAltName=email:my@other.address,email:second@other.address

	[alt_names]
	DNS.1=example.com
	otherName.1=1.3.6.1.5.5.7.8.4;SEQ:hw_module_name
	DNS.2=example.net
	DNS.3=*.example.org

	[multiple_san]
	subjectAltName=@alt_names

	[ext_multi_nocn]
	basicConstraints = CA:false
	keyUsage = digitalSignature, nonRepudiation, keyEncipherment
	subjectAltName = DNS:www.shotokan-braunschweig.de,DNS:www.massimo-abate.eu,IP:192.168.1.1,IP:192.168.69.144

	[hw_module_name]
	hwtype = OID:1.3.6.1.4.1.17.3
	hwserial = OCT:123456

	[nonprintable_hw_module_name]
	hwtype = OID:1.3.6.1.4.1.17.3
	hwserial = FORMAT:HEX, OCT:3132338081008180333231

	[v3_any_policy_ca]
	basicConstraints = CA:true
	certificatePolicies = 2.5.29.32.0

	[v3_any_policy_qualifier_ca]
	basicConstraints = CA:true
	certificatePolicies = @policy_info

	[v3_multi_policy_ca]
	basicConstraints = CA:true
	certificatePolicies = 1.2.3.4,2.5.29.32.0

	[v3_unsupported_policy_ca]
	basicConstraints = CA:true
	certificatePolicies = 1.2.3.4

	[policy_info]
	policyIdentifier = 2.5.29.32.0
	CPS.1 ="CPS uri string"

	[fan_cert]
	extendedKeyUsage = 1.3.6.1.4.1.45605.1

	[noext_ca]
	basicConstraints = CA:true

	[test_ca]
	database = /dev/null

	[crl_ext_idp]
	issuingDistributionPoint=critical, @idpdata

	[crl_ext_idp_nc]
	issuingDistributionPoint=@idpdata

	[idpdata]
	fullname=URI:http://pki.example.com/

	# these IPs are the ascii values for 'abcd' and 'abcd.example.com'
	[tricky_ip_san]
	subjectAltName=IP:97.98.99.100,IP:6162:6364:2e65:7861:6d70:6c65:2e63:6f6d

	[csr_ext_v3_keyUsage]
	keyUsage = digitalSignature, keyEncipherment

	[csr_ext_v3_subjectAltName]
	subjectAltName=DNS:example.com, DNS:example.net, DNS:*.example.org

	[csr_ext_v3_nsCertType]
	nsCertType=server

	[csr_ext_v3_all]
	keyUsage = cRLSign
	subjectAltName=otherName:1.3.6.1.5.5.7.8.4;SEQ:nonprintable_hw_module_name
	nsCertType=client

	[directory_name_san]
	subjectAltName=dirName:dirname_sect

	[two_directorynames]
	subjectAltName=dirName:dirname_sect, dirName:dirname_to_malform

	[dirname_sect]
	C=UK
	O=Mbed TLS
	CN=Mbed TLS directoryName SAN

	[dirname_to_malform]
	O=MALFORM_ME