From 85615c8e621aa16026faf07f01bf0ba0776c191f Mon Sep 17 00:00:00 2001
From: Linus Nordberg <linus@nordberg.se>
Date: Fri, 27 Feb 2015 01:51:12 +0100
Subject: Verify that known roots are indeed signing themselves.

This filters out certificates with signing algorithms that we can't
handle.

Also, make unit tests better.
---
 test/testdata/known_roots/GlobalSign.pem | 46 ++++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)
 create mode 100644 test/testdata/known_roots/GlobalSign.pem

(limited to 'test/testdata/known_roots/GlobalSign.pem')

diff --git a/test/testdata/known_roots/GlobalSign.pem b/test/testdata/known_roots/GlobalSign.pem
new file mode 100644
index 0000000..511423f
--- /dev/null
+++ b/test/testdata/known_roots/GlobalSign.pem
@@ -0,0 +1,46 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            2a:38:a4:1c:96:0a:04:de:42:b2:28:a5:0b:e8:34:98:02
+    Signature Algorithm: ecdsa-with-SHA256
+        Issuer: OU=GlobalSign ECC Root CA - R4, O=GlobalSign, CN=GlobalSign
+        Validity
+            Not Before: Nov 13 00:00:00 2012 GMT
+            Not After : Jan 19 03:14:07 2038 GMT
+        Subject: OU=GlobalSign ECC Root CA - R4, O=GlobalSign, CN=GlobalSign
+        Subject Public Key Info:
+            Public Key Algorithm: id-ecPublicKey
+                Public-Key: (256 bit)
+                pub: 
+                    04:b8:c6:79:d3:8f:6c:25:0e:9f:2e:39:19:1c:03:
+                    a4:ae:9a:e5:39:07:09:16:ca:63:b1:b9:86:f8:8a:
+                    57:c1:57:ce:42:fa:73:a1:f7:65:42:ff:1e:c1:00:
+                    b2:6e:73:0e:ff:c7:21:e5:18:a4:aa:d9:71:3f:a8:
+                    d4:b9:ce:8c:1d
+                ASN1 OID: prime256v1
+        X509v3 extensions:
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Subject Key Identifier: 
+                54:B0:7B:AD:45:B8:E2:40:7F:FB:0A:6E:FB:BE:33:C9:3C:A3:84:D5
+    Signature Algorithm: ecdsa-with-SHA256
+         30:45:02:21:00:dc:92:a1:a0:13:a6:cf:03:b0:e6:c4:21:97:
+         90:fa:14:57:2d:03:ec:ee:3c:d3:6e:ca:a8:6c:76:bc:a2:de:
+         bb:02:20:27:a8:85:27:35:9b:56:c6:a3:f2:47:d2:b7:6e:1b:
+         02:00:17:aa:67:a6:15:91:de:fa:94:ec:7b:0b:f8:9f:84
+-----BEGIN CERTIFICATE-----
+MIIB4TCCAYegAwIBAgIRKjikHJYKBN5CsiilC+g0mAIwCgYIKoZIzj0EAwIwUDEk
+MCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI0MRMwEQYDVQQKEwpH
+bG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoX
+DTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBD
+QSAtIFI0MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWdu
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuMZ5049sJQ6fLjkZHAOkrprlOQcJ
+FspjsbmG+IpXwVfOQvpzofdlQv8ewQCybnMO/8ch5RikqtlxP6jUuc6MHaNCMEAw
+DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFFSwe61F
+uOJAf/sKbvu+M8k8o4TVMAoGCCqGSM49BAMCA0gAMEUCIQDckqGgE6bPA7DmxCGX
+kPoUVy0D7O48027KqGx2vKLeuwIgJ6iFJzWbVsaj8kfSt24bAgAXqmemFZHe+pTs
+ewv4n4Q=
+-----END CERTIFICATE-----
-- 
cgit v1.1