summaryrefslogtreecommitdiffstats
path: root/tests/auto/network/ssl/qsslcertificate/verify-certs/README
diff options
context:
space:
mode:
Diffstat (limited to 'tests/auto/network/ssl/qsslcertificate/verify-certs/README')
-rw-r--r--tests/auto/network/ssl/qsslcertificate/verify-certs/README7
1 files changed, 7 insertions, 0 deletions
diff --git a/tests/auto/network/ssl/qsslcertificate/verify-certs/README b/tests/auto/network/ssl/qsslcertificate/verify-certs/README
index 87cb293ef6..f4317331b6 100644
--- a/tests/auto/network/ssl/qsslcertificate/verify-certs/README
+++ b/tests/auto/network/ssl/qsslcertificate/verify-certs/README
@@ -1,2 +1,9 @@
openssl verify -CAfile cacert.pem -untrusted test-intermediate-ca-cert.pem test-intermediate-is-ca-cert.pem
openssl verify -CAfile cacert.pem -untrusted test-ocsp-good-cert.pem test-intermediate-not-ca-cert.pem
+
+1. cacert.pem is, obviously, a root CA certificate.
+2. test-intermediate-ca-cert.pem is a certificate, signed by the root CA, an intermediate CA.
+3. test-intermediate-is-ca-cert.pem is a certificate, signed by test-intermediate-ca-cert.pem.
+4. test-ocsp-good-cert.pem is signed by root CA, it has CA:FALSE but keyUsage allowing to sign
+ CSRs - this is how OpenSSL would report us 'invalid CA certificate' instead of 'No issuer found'.
+5. test-intermediate-not-ca-cert.pem is signed by test-ocsp-good-cert.pem.
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-26 02:48:01 +0000