summaryrefslogtreecommitdiffstats
path: root/security/nss/tests/chains/scenarios/nameconstraints.cfg
diff options
context:
space:
mode:
Diffstat (limited to 'security/nss/tests/chains/scenarios/nameconstraints.cfg')
-rw-r--r--security/nss/tests/chains/scenarios/nameconstraints.cfg9
1 files changed, 9 insertions, 0 deletions
diff --git a/security/nss/tests/chains/scenarios/nameconstraints.cfg b/security/nss/tests/chains/scenarios/nameconstraints.cfg
index 6eda441ce..4a149032b 100644
--- a/security/nss/tests/chains/scenarios/nameconstraints.cfg
+++ b/security/nss/tests/chains/scenarios/nameconstraints.cfg
@@ -10,6 +10,7 @@ import NameConstraints.ca:x:CT,C,C
# Name Constrained CA: Name constrained to permited DNSName ".example"
import NameConstraints.ncca:x:CT,C,C
import NameConstraints.dcisscopy:x:CT,C,C
+import NameConstraints.ipaca:x:CT,C,C
# Intermediate 1: Name constrained to permited DNSName ".example"
@@ -158,4 +159,12 @@ verify NameConstraints.dcissblocked:x
verify NameConstraints.dcissallowed:x
result pass
+# Subject: "O = IPA.LOCAL 201901211552, CN = OCSP Subsystem"
+#
+# This tests that a non server certificate (i.e. id-kp-serverAuth
+# not present in EKU) does *NOT* have CN treated as dnsName for
+# purposes of Name Constraints validation
+verify NameConstraints.ocsp1:x
+ usage 10
+ result pass
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-24 04:44:09 +0000