By moving the call to Load() up in SearchProvider::Start(), we are giving a chance...

[chromium-blink-merge.git] / net / data / ssl / certificates / README

This directory contains various certificates for use with SSL-related
unit tests.

- google.binary.p7b
- google.chain.pem
- google.pem_cert.p7b
- google.pem_pkcs7.p7b
- google.pkcs7.p7b
- google.single.der
- google.single.pem
- thawte.single.pem : Certificates for testing parsing of different formats.

- googlenew.chain.pem : The refreshed Google certificate
     (valid until Sept 30 2013).

- mit.davidben.der : An expired MIT client certificate.

- foaf.me.chromium-test-cert.der : A client certificate for a FOAF.ME identity
     created for testing.

- www_us_army_mil_cert.der
- dod_ca_17_cert.der
- dod_root_ca_2_cert.der : A certificate chain for regression tests of
     http://crbug.com/31497.

- expired_cert.pem : An expired certificate, used by test_server.cc.

- ok_cert.pem : A valid certificate, used by test_server.cc

- root_ca_cert.crt : The testing root CA used to sign the test_server.cc's
     certificates.

- unosoft_hu_cert : Certificate used by X509CertificateTest.UnoSoftCertParsing.

- client.p12 : A PKCS #12 file containing a client certificate and a private
     key created for testing.  The password is "12345".

- client-nokey.p12 : A PKCS #12 file containing a client certificate (the same
     as the one in client.p12) but no private key. The password is "12345".

- punycodetest.der : A test self-signed server certificate with punycode name.
     The common name is "xn--wgv71a119e.com" (日本語.com)

- unittest.selfsigned.der : A self-signed certificate generated using private
     key in unittest.key.bin. The common name is "unittest".

- unittest.key.bin : private key stored unencrypted.

- unittest.originbound.der: A test origin-bound certificate for
     https://www.google.com:443.
- unittest.originbound.key.der: matching PrivateKeyInfo.

- x509_verify_results.chain.pem : A simple certificate chain used to test that
    the correctly ordered, filtered certificate chain is returned during
    verification, regardless of the order in which the intermediate/root CA
    certificates are provided.

- google_diginotar.pem
- diginotar_public_ca_2025.pem : A certificate chain for the regression test
      of http://crbug.com/94673

- test_mail_google_com.pem : A certificate signed by the test CA for
    "mail.google.com". Because it is signed by that CA instead of the true CA
    for that host, it will fail the
    TransportSecurityState::IsChainOfPublicKeysPermitted test.

- salesforce_com_test.pem
- verisign_intermediate_ca_2011.pem
- verisign_intermediate_ca_2016.pem : Certificates for testing two
     X509Certificate objects that contain the same server certificate but
     different intermediate CA certificates.  The two intermediate CA
     certificates actually represent the same intermediate CA but have
     different validity periods.

- multivalue_rdn.pem : A regression test for http://crbug.com/101009. A
     certificate with all of the AttributeTypeAndValues stored within a single
     RelativeDistinguishedName, rather than one AVA per RDN as normally seen.

- unescaped.pem : Regression test for http://crbug.com/102839. Contains
     characters such as '=' and '"' that would normally be escaped when
     converting a subject/issuer name to their stringized form.

- 2048-rsa-root.pem
- {768-rsa,1024-rsa,2048-rsa,prime256v1-ecdsa}-intermediate.pem
- {768-rsa,1024-rsa,2048-rsa,prime256v1-ecdsa}-ee-by-
      {768-rsa,1024-rsa,2048-rsa,prime256v1-ecdsa}-intermediate.pem
     These certficates are generated by
     net/data/ssl/scripts/generate-weak-test-chains.sh and used in the
     RejectWeakKeys test in net/base/x509_certificate_unittest.cc.

- images_etrade_wallst_com.pem
- globalsign_orgv1_ca.pem
- globalsign_root_ca_md5.pem : A certificate chain for the regression test
      of http://crbug.com/108514

- redundant-validated-chain.pem
- redundant-server-chain.pem
- redundant-validated-chain-root.pem

     Two chains, A -> B -> C -> D and A -> B -> C2 (C and C2 share the same
     public key) to test that SSLInfo gets the reconstructed, re-ordered
     chain instead of the chain as served. See
     SSLClientSocketTest.VerifyReturnChainProperlyOrdered in
     net/socket/ssl_client_socket_unittest.cc. These chains are valid until
     26 Feb 2022 and are generated by
     net/data/ssl/scripts/generate-redundant-test-chains.sh.

- comodo.chain.pem : A certificate chain for www.comodo.com which should be
     recognised as EV. Expires Jun 21 2013.

- ocsp-test-root.pem : A root certificate for the code in
      net/tools/testserver/minica.py

- spdy_pooling.pem : Used to test the handling of spdy IP connection pooling
     Generated by using the command
     "openssl req -x509 -days 3650 -sha1 -extensions req_spdy_pooling \
          -config ../scripts/ee.cnf -newkey rsa:1024 -text \
          -out spdy_pooling.pem"

- subjectAltName_sanity_check.pem : Used to test the handling of various types
     within the subjectAltName extension of a certificate. Generated by using
     the command
     "openssl req -x509 -days 3650 -sha1 -extensions req_san_sanity \
          -config ../scripts/ee.cnf -newkey rsa:1024 -text \
          -out subjectAltName_sanity_check.pem"

- ndn.ca.crt: "New Dream Network Certificate Authority" root certificate.
     This is an X.509 v1 certificate that omits the version field. Used to
     test that the certificate version gets the default value v1.

- websocket_cacert.pem : The testing root CA for testing WebSocket client
     certificate authentication.
     This file is used in SSLUITest.TestWSSClientCert.

- websocket_client_cert.p12 : A PKCS #12 file containing a client certificate
     and a private key created for WebSocket testing. The password is "".
     This file is used in SSLUITest.TestWSSClientCert.