1 This directory contains pre-computed OCSP responses which are used by the input

     2 scripts for TOCSP.  Most have been hand-edited to contain particular errors, and

     3 in some cases then re-signed using the 'resign' utility.

     4 

     5 (* signifies resigning was used)

     6 

     7 The following are used in the Error.txt input script:

     8 

     9 response.000     Original response, upon which other non-trivial responses are based

    10 response.001     'malformedRequest'

    11 response.002     'internalError'

    12 response.003     'tryLater'

    13 response.004     ..invalid responseStatus

    14 response.005     'sigRequired'

    15 response.006     'unauthorised'

    16 response.007     ..invalid responseStatus

    17 response.008     ..invalid responseStatus (-ve)

    18 response.009     invalid RSA signature

    19 response.010     corrupt RSA signature data (#unused bits not 0)

    20 response.011*    invalid hashAlgorithm in CertId

    21 response.012*    corrupt issuerNameHash in CertId

    22 response.013*    corrupt issuerKeyHash in CertId

    23 response.014*    corrupt serialNumber in CertId

    24 response.015     hash algorithm specified in signature doesn't match that

    25                   used (which is specified before the signature)

    26                   - produced using a modified version of resign.exe

    27 response.016     Invalid response type (outside signed data portion)

    28 response.017*    Inserted 'version' field with value v1 (shouldn't be there since this is

    29                   the default value, and defaults are skipped in DER)

    30 response.018*    As 017, but with unrecognised version value '1'.

    31 response.019*    producedAt before thisUpdate

    32 response.020*    Added nextUpdate field - one month after thisUpdate

    33 response.021*    From 020, set producedAt > nextUpdate

    34 response.022*    From 020, set thisUpdate > nextUpdate (producedAt < nextUpdate)

    35 response.023*    From 020, set thisUpdate > nextUpdate (producedAt between the two)

    36 response.024*    From 020, set thisUpdate > nextUpdate (producedAt > thisUpdate)

    37 response.025*    Issuer name corrupted (doesn't match signing cert subject field)

    38 response.026-030 Corrupt length fields (* on 29)

    39 response.031-035 Corrupt tag fields (* on 32, 34)

    40 

    41 The following are used in XCert.txt:

    42 

    43 response.n1      Testing Nonce on, incorrect value / unexpected nonce received

    44 response.n2      Testing Nonce on, response with missing nonce

    45 

    46 The following are used in XCert-local.txt, in addition to those used in XCert.txt:

    47 

    48 XCert_00_Good_RSA_XCert.rsp

    49 XCert_01_Revoked_RSA_XCert.rsp

    50 XCert_02_Suspended_RSA_XCert.rsp

    51 XCert_03_Unknown_RSA_XCert.rsp

    52 XCert_04_Good_DSA_XCert.rsp

    53 XCert_05_Revoked_DSA_XCert.rsp

    54 XCert_06_Suspended_DSA_XCert.rsp

    55 XCert_07_Unknown_DSA_XCert.rsp

    56 XCert_08_All_RSA_XCert.rsp

    57 XCert_09_All_DSA_XCert.rsp

    58 XCert_10_Expired_Subject_and_Issuer.rsp

    59 XCert_11_Expired_Signing.rsp

    60 XCert_12_Expired_Subject.rsp

    61 XCert_13_Unspecified_Date.rsp

    62 XCert_14_Expired_subject_valid_time.rsp

    63 XCert_15_Expired_unspecified.rsp

    64 XCert_16_Expired_specified.rsp

    65 XCert_20_Nonce_Off.rsp

    66 XCert_22_BadSig_DSA_XCert.rsp