[Swan-commit] Changes to ref refs/heads/main

Sat, 15 Mar 2025 09:22:03 -0700 

New commits:
commit 239b9ee09154bb3e9af554bfbcf982bda67f7c3c
Merge: 5f02277d4d aa739490dc
Author: Andrew Cagney <[email protected]>
Date:   Fri Mar 7 21:36:28 2025 -0500

    testing x509: update KeyUsage testing, use NSS certs
    
    close #2077 default KU to digitalSignature, add ku-nonRepudiation, maybe 
ku-missing, ku-somethingElse
    
    Merge commit 'aa739490dc5464fd72e1639e97cefce341a049ab'

commit aa739490dc5464fd72e1639e97cefce341a049ab
Author: Andrew Cagney <[email protected]>
Date:   Fri Mar 7 15:41:03 2025 -0500

    testing x509: prune Key Usage (KU) certs from dist_certs.py

commit 9185d9f5047b9dff90cea4eefb9a6ae27958e772
Author: Andrew Cagney <[email protected]>
Date:   Fri Mar 7 15:46:32 2025 -0500

    testing: drop Key Usage (KU) tests from ikev2-x509-02-smoketest
    
    ... that relied on OpenSSL
    
    Replaced by x509-profile-01-key-usage which uses NSS certs

commit e2cb6ec86194f0c221f446a991928d88c1edc6e1
Author: Andrew Cagney <[email protected]>
Date:   Fri Mar 7 15:38:21 2025 -0500

    testing x509: add x509-profile-01-key-usage

commit a315dbf7a9044fde9df38042876c77d222006e9c
Author: Andrew Cagney <[email protected]>
Date:   Fri Mar 7 14:07:13 2025 -0500

    testing x509: use NSS to generate certs playing with Key Usage (KU)
    
    It creates the following, hopefully they are self describing:
    
      west-ku-missing
      west-ku-digitalSignature
      west-ku-nonRepudiation
      west-ku-certSigning
      west-ku-digitalSignature-certSigning
    
    Note:
    
      - west-ku-digitalSignature is redundant
    
        Since base certs should all have KeyUsage=digitalSignature it
        isn't needed.  It's included for completeness - test the case
        explicitly.
    
      - certs playing with the KeyUsage critical bit are generated
    
        When a cert contains a critical extension that NSS doesn't
        support, the cert should be rejected.
    
        Here, though, NSS supports KeyUsage so setting the bit does
        nothing.

commit 6f920146874e56e0e4657be7427d15ce982c606f
Author: Andrew Cagney <[email protected]>
Date:   Fri Mar 7 10:07:42 2025 -0500

    testing x509: add more config options to generate.sh

_______________________________________________
Swan-commit mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to