diff -r 000000000000 -r 164170e6151a pkiutilities/ocsp/test/responses/README.TXT --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/pkiutilities/ocsp/test/responses/README.TXT Tue Jan 26 15:20:08 2010 +0200 @@ -0,0 +1,66 @@ +This directory contains pre-computed OCSP responses which are used by the input +scripts for TOCSP. Most have been hand-edited to contain particular errors, and +in some cases then re-signed using the 'resign' utility. + +(* signifies resigning was used) + +The following are used in the Error.txt input script: + +response.000 Original response, upon which other non-trivial responses are based +response.001 'malformedRequest' +response.002 'internalError' +response.003 'tryLater' +response.004 ..invalid responseStatus +response.005 'sigRequired' +response.006 'unauthorised' +response.007 ..invalid responseStatus +response.008 ..invalid responseStatus (-ve) +response.009 invalid RSA signature +response.010 corrupt RSA signature data (#unused bits not 0) +response.011* invalid hashAlgorithm in CertId +response.012* corrupt issuerNameHash in CertId +response.013* corrupt issuerKeyHash in CertId +response.014* corrupt serialNumber in CertId +response.015 hash algorithm specified in signature doesn't match that + used (which is specified before the signature) + - produced using a modified version of resign.exe +response.016 Invalid response type (outside signed data portion) +response.017* Inserted 'version' field with value v1 (shouldn't be there since this is + the default value, and defaults are skipped in DER) +response.018* As 017, but with unrecognised version value '1'. +response.019* producedAt before thisUpdate +response.020* Added nextUpdate field - one month after thisUpdate +response.021* From 020, set producedAt > nextUpdate +response.022* From 020, set thisUpdate > nextUpdate (producedAt < nextUpdate) +response.023* From 020, set thisUpdate > nextUpdate (producedAt between the two) +response.024* From 020, set thisUpdate > nextUpdate (producedAt > thisUpdate) +response.025* Issuer name corrupted (doesn't match signing cert subject field) +response.026-030 Corrupt length fields (* on 29) +response.031-035 Corrupt tag fields (* on 32, 34) + +The following are used in XCert.txt: + +response.n1 Testing Nonce on, incorrect value / unexpected nonce received +response.n2 Testing Nonce on, response with missing nonce + +The following are used in XCert-local.txt, in addition to those used in XCert.txt: + +XCert_00_Good_RSA_XCert.rsp +XCert_01_Revoked_RSA_XCert.rsp +XCert_02_Suspended_RSA_XCert.rsp +XCert_03_Unknown_RSA_XCert.rsp +XCert_04_Good_DSA_XCert.rsp +XCert_05_Revoked_DSA_XCert.rsp +XCert_06_Suspended_DSA_XCert.rsp +XCert_07_Unknown_DSA_XCert.rsp +XCert_08_All_RSA_XCert.rsp +XCert_09_All_DSA_XCert.rsp +XCert_10_Expired_Subject_and_Issuer.rsp +XCert_11_Expired_Signing.rsp +XCert_12_Expired_Subject.rsp +XCert_13_Unspecified_Date.rsp +XCert_14_Expired_subject_valid_time.rsp +XCert_15_Expired_unspecified.rsp +XCert_16_Expired_specified.rsp +XCert_20_Nonce_Off.rsp +XCert_22_BadSig_DSA_XCert.rsp