u-boot/test/py/tests/test_efi_secboot/openssl.cnf
AKASHI Takahiro e1174c566a test/py: efi_secboot: add test for intermediate certificates
In this test case, an image may have a signature with additional
intermediate certificates. A chain of trust will be followed and all
the certificates in the middle of chain must be verified before loading.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-08-13 22:37:36 +02:00

48 lines
1.2 KiB
INI

[ ca ]
default_ca = CA_default
[ CA_default ]
new_certs_dir = .
database = ./index.txt
serial = ./serial
default_md = sha256
policy = policy_min
[ req ]
distinguished_name = def_distinguished_name
[def_distinguished_name]
# Extensions
# -addext " ... = ..."
#
[ v3_ca ]
# Extensions for a typical Root CA.
basicConstraints = critical,CA:TRUE
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer
[ v3_int_ca ]
# Extensions for a typical intermediate CA.
basicConstraints = critical, CA:TRUE
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer
[ usr_cert ]
# Extensions for user end certificates.
basicConstraints = CA:FALSE
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = clientAuth, emailProtection
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer
[ policy_min ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional