Chunk 12 of CMP contribution to OpenSSL: CLI-based high-level tests
[openssl.git] / test / recipes / 81-test_cmp_cli_data / Mock / test.cnf
1 [default]
2 batch = 1 # do not use stdin
3 total_timeout = 8 # prevent, e.g., infinite polling due to error
4 trusted = trusted.crt
5 newkey = new.key
6 newkeypass =
7 cmd = ir
8 out_trusted = root.crt
9 certout = test.cert.pem
10 policies = certificatePolicies
11 #policy_oids = 1.2.3.4
12 #policy_oids_critical = 1
13 #verbosity = 7
14
15 ############################# server configurations
16
17 [Mock] # the built-in OpenSSL CMP mock server
18 no_check_time = 1
19 server_host = 127.0.0.1 # localhost
20 server_port = 1700
21 server_tls = 0
22 server_cert = server.crt
23 server = $server_host:$server_port
24 server_path = pkix/
25 path = $server_path
26 ca_dn = /O=openssl_cmp
27 recipient = $ca_dn
28 server_dn = /O=openssl_cmp
29 expect_sender = $server_dn
30 subject = "/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=leaf"
31 newkey = signer.key
32 out_trusted = signer_root.crt
33 kur_port = 1700
34 pbm_port = 1700
35 pbm_ref =
36 pbm_secret = pass:test
37 cert = signer.crt
38 key  = signer.p12
39 keypass = pass:12345
40 ignore_keyusage = 0
41 column = 0
42 sleep = 0
43
44 ############################# aspects
45
46 [connection]
47 msg_timeout = 5
48 total_timeout =
49 # reset any TLS options to default:
50 tls_used =
51 tls_cert =
52 tls_key =
53 tls_keypass =
54 tls_trusted =
55 tls_host =
56
57 [tls]
58 server =
59 tls_used =
60 tls_cert =
61 tls_key =
62 tls_keypass =
63 tls_trusted =
64 tls_host =
65
66 [credentials]
67 ref =
68 secret =
69 cert =
70 key =
71 keypass =
72 extracerts =
73 digest =
74 unprotected_requests =
75
76 [verification]
77 #expect_sender =
78 srvcert =
79 trusted =
80 untrusted =
81 #unprotected_errors =
82 extracertsout =
83
84 [commands]
85 cmd =
86 cacertsout =
87 infotype =
88 oldcert =
89 revreason =
90 geninfo =
91
92 [enrollment]
93 cmd =
94 newkey =
95 newkeypass =
96 #subject =
97 issuer =
98 days =
99 reqexts =
100 sans =
101 san_nodefault = 0
102 #popo =
103 implicit_confirm = 0
104 disable_confirm = 0
105 certout =
106 out_trusted =
107 oldcert =
108 csr =
109
110 ############################# extra cert template contents
111
112 [certificatePolicies]
113 certificatePolicies = "critical, @pkiPolicy"
114
115 [pkiPolicy]
116 policyIdentifier = 1.2.3.4
117
118 [reqexts]
119 basicConstraints = CA:FALSE
120 #basicConstraints = critical, CA:TRUE
121 keyUsage = critical, digitalSignature # keyAgreement, keyEncipherment, nonRepudiation
122 extendedKeyUsage = critical, clientAuth # serverAuth, codeSigning
123 #crlDistributionPoints = URI:http:
124 #authorityInfoAccess = URI:http:
125 subjectAltName = @alt_names
126
127 [alt_names]
128 DNS.0 = localhost
129 IP.0 = 127.0.0.1
130 IP.1 = 192.168.1.1
131 URI.0 = http://192.168.0.2
132
133 [reqexts_invalidkey]
134 subjectAltName = @alt_names_3
135
136 [alt_names_3]
137 DNS.0 = localhost
138 DNS.1 = example.com
139 DNS.2 = example2.com
140 DNS__3 = example3.com