third_party/mbedtls/repo/tests/data_files/Readme-x509.txt - nest-guard/1.0/openthread - Git at Google

 This documents the X.509 CAs, certificates, and CRLS used for testing.

 Certification authorities
 -------------------------

 There are two main CAs for use as trusted roots:
 - test-ca.crt aka "C=NL, O=PolarSSL, CN=PolarSSL Test CA"
   uses a RSA-2048 key
 - test-ca2*.crt aka "C=NL, O=PolarSSL, CN=Polarssl Test EC CA"
   uses an EC key with NIST P-384 (aka secp384r1)
   variants used to test the keyUsage extension
 The files test-ca_cat12 and test-ca_cat21 contain them concatenated both ways.

 Two intermediate CAs are signed by them:
 - test-int-ca.crt "C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA"
   uses RSA-4096, signed by test-ca2
 - test-int-ca2.crt "C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA"
   uses an EC key with NIST P-256, signed by test-ca

 A third intermediate CA is signed by test-int-ca2.crt:
 - test-int-ca3.crt "C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3"

 Finally, other CAs for specific purposes:
 - enco-ca-prstr.pem: has its CN encoded as a printable string, but child cert
   enco-cert-utf8str.pem has its issuer's CN encoded as a UTF-8 string.
 - test-ca-v1.crt: v1 "CA", signs
     server1-v1.crt: v1 "intermediate CA", signs
         server2-v1*.crt: EE cert (without of with chain in same file)
 - keyUsage.decipherOnly.crt: has the decipherOnly keyUsage bit set

 End-entity certificates
 -----------------------

 Short information fields:

 - name or pattern
 - issuing CA:   1   -> test-ca.crt
                 2   -> test-ca2.crt
                 I1  -> test-int-ca.crt
                 I2  -> test-int-ca2.crt
                 I3  -> test-int-ca3.crt
                 O   -> other
 - key type: R -> RSA, E -> EC
 - C -> there is a CRL revoking this cert (see below)
 - L -> CN=localhost (useful for local test servers)
 - P1, P2 if the file includes parent (resp. parent + grandparent)
 - free-form comments

 List of certificates:

 - cert_example_multi*.crt: 1/O R: subjectAltName
 - cert_example_wildcard.crt: 1 R: wildcard in subject's CN
 - cert_md*.crt, cert_sha*.crt: 1 R: signature hash
 - cert_v1_with_ext.crt: 1 R: v1 with extensions (illegal)
 - cli2.crt: 2 E: basic
 - enco-cert-utf8str.pem: see enco-ca-prstr.pem above
 - server1*.crt: 1* R C* P1*: misc *(server1-v1 see test-ca-v1.crt above)
     *CRL for: .cert_type.crt, .crt, .key_usage.crt, .v1.crt
     P1 only for _ca.crt
 - server2-v1*.crt: O R: see test-ca-v1.crt above
 - server2*.crt: 1 R L: misc
 - server3.crt: 1 E L: EC cert signed by RSA CA
 - server4.crt: 2 R L: RSA cert signed by EC CA
 - server5*.crt: 2* E L: misc *(except server5-selfsigned)
     -sha*: hashes
     -eku*: extendeKeyUsage (cli/srv = www client/server, cs = codesign, etc)
     -ku*: keyUsage (ds = signatures, ke/ka = key exchange/agreement)
 - server6-ss-child.crt: O E: "child" of non-CA server5-selfsigned
 - server6.crt, server6.pem: 2 E L C: revoked
 - server7*.crt: I1 E L P1*: EC signed by RSA signed by EC
     *P1 except 7.crt, P2 _int-ca_ca2.crt
     *_space: with PEM error(s)
 - server8*.crt: I2 R L: RSA signed by EC signed by RSA (P1 for _int-ca2)
 - server9*.crt: 1 R C* L P1*: signed using RSASSA-PSS
     *CRL for: 9.crt, -badsign, -with-ca (P1)
 - server10*.crt: I3 E L P2/P3

 Certificate revocation lists
 ----------------------------

 Signing CA in parentheses (same meaning as certificates).

 - crl-ec-sha*.pem: (2) server6.crt
 - crl-future.pem: (2) server6.crt + unknown
 - crl-rsa-pss-*.pem: (1) server9{,badsign,with-ca}.crt + cert_sha384.crt + unknown
 - crl.pem, crl_expired.pem: (1) server1{,.cert_type,.key_usage,.v1}.crt + unknown
 - crl_md*.pem: crl_sha*.pem: (1) same as crl.pem
 - crt_cat_*.pem: (1+2) concatenations in various orders:
     ec = crl-ec-sha256.pem, ecfut = crl-future.pem
     rsa = crl.pem, rsabadpem = same with pem error, rsaexp = crl_expired.pem

 Note: crl_future would revoke server9 and cert_sha384.crt if signed by CA 1
       crl-rsa-pss* would revoke server6.crt if signed by CA 2
	This documents the X.509 CAs, certificates, and CRLS used for testing.

	Certification authorities
	-------------------------

	There are two main CAs for use as trusted roots:
	- test-ca.crt aka "C=NL, O=PolarSSL, CN=PolarSSL Test CA"
	uses a RSA-2048 key
	- test-ca2*.crt aka "C=NL, O=PolarSSL, CN=Polarssl Test EC CA"
	uses an EC key with NIST P-384 (aka secp384r1)
	variants used to test the keyUsage extension
	The files test-ca_cat12 and test-ca_cat21 contain them concatenated both ways.

	Two intermediate CAs are signed by them:
	- test-int-ca.crt "C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA"
	uses RSA-4096, signed by test-ca2
	- test-int-ca2.crt "C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA"
	uses an EC key with NIST P-256, signed by test-ca

	A third intermediate CA is signed by test-int-ca2.crt:
	- test-int-ca3.crt "C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3"

	Finally, other CAs for specific purposes:
	- enco-ca-prstr.pem: has its CN encoded as a printable string, but child cert
	enco-cert-utf8str.pem has its issuer's CN encoded as a UTF-8 string.
	- test-ca-v1.crt: v1 "CA", signs
	server1-v1.crt: v1 "intermediate CA", signs
	server2-v1*.crt: EE cert (without of with chain in same file)
	- keyUsage.decipherOnly.crt: has the decipherOnly keyUsage bit set

	End-entity certificates
	-----------------------

	Short information fields:

	- name or pattern
	- issuing CA: 1 -> test-ca.crt
	2 -> test-ca2.crt
	I1 -> test-int-ca.crt
	I2 -> test-int-ca2.crt
	I3 -> test-int-ca3.crt
	O -> other
	- key type: R -> RSA, E -> EC
	- C -> there is a CRL revoking this cert (see below)
	- L -> CN=localhost (useful for local test servers)
	- P1, P2 if the file includes parent (resp. parent + grandparent)
	- free-form comments

	List of certificates:

	- cert_example_multi*.crt: 1/O R: subjectAltName
	- cert_example_wildcard.crt: 1 R: wildcard in subject's CN
	- cert_md.crt, cert_sha.crt: 1 R: signature hash
	- cert_v1_with_ext.crt: 1 R: v1 with extensions (illegal)
	- cli2.crt: 2 E: basic
	- enco-cert-utf8str.pem: see enco-ca-prstr.pem above
	- server1.crt: 1 R C* P1: misc (server1-v1 see test-ca-v1.crt above)
	*CRL for: .cert_type.crt, .crt, .key_usage.crt, .v1.crt
	P1 only for _ca.crt
	- server2-v1*.crt: O R: see test-ca-v1.crt above
	- server2*.crt: 1 R L: misc
	- server3.crt: 1 E L: EC cert signed by RSA CA
	- server4.crt: 2 R L: RSA cert signed by EC CA
	- server5.crt: 2 E L: misc *(except server5-selfsigned)
	-sha*: hashes
	-eku*: extendeKeyUsage (cli/srv = www client/server, cs = codesign, etc)
	-ku*: keyUsage (ds = signatures, ke/ka = key exchange/agreement)
	- server6-ss-child.crt: O E: "child" of non-CA server5-selfsigned
	- server6.crt, server6.pem: 2 E L C: revoked
	- server7.crt: I1 E L P1: EC signed by RSA signed by EC
	*P1 except 7.crt, P2 _int-ca_ca2.crt
	*_space: with PEM error(s)
	- server8*.crt: I2 R L: RSA signed by EC signed by RSA (P1 for _int-ca2)
	- server9.crt: 1 R C L P1*: signed using RSASSA-PSS
	*CRL for: 9.crt, -badsign, -with-ca (P1)
	- server10*.crt: I3 E L P2/P3

	Certificate revocation lists
	----------------------------

	Signing CA in parentheses (same meaning as certificates).

	- crl-ec-sha*.pem: (2) server6.crt
	- crl-future.pem: (2) server6.crt + unknown
	- crl-rsa-pss-*.pem: (1) server9{,badsign,with-ca}.crt + cert_sha384.crt + unknown
	- crl.pem, crl_expired.pem: (1) server1{,.cert_type,.key_usage,.v1}.crt + unknown
	- crl_md.pem: crl_sha.pem: (1) same as crl.pem
	- crt_cat_*.pem: (1+2) concatenations in various orders:
	ec = crl-ec-sha256.pem, ecfut = crl-future.pem
	rsa = crl.pem, rsabadpem = same with pem error, rsaexp = crl_expired.pem

	Note: crl_future would revoke server9 and cert_sha384.crt if signed by CA 1
	crl-rsa-pss* would revoke server6.crt if signed by CA 2