From f5d786885721c374cc22a1f1311ca01408a496fd Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Sun, 24 Mar 2013 21:49:12 +0000
Subject: OCSP-stapling enhancement and testing.

Server:
  Honor environment variable as well as running_in_test_harness in permitting bogus staplings
  Update server tests
  Add "-ocsp" option to client-ssl.
  Server side: add verification of stapled status.
  First cut server-mode ocsp testing.
  Fix some uninitialized ocsp-related data.

Client (new):
  Verify stapling using only the chain that verified the server cert, not any acceptable chain.
  Add check for multiple responses in a stapling, which is not handled
  Refuse verification on expired and revoking staplings.
  Handle OCSP client refusal on lack of stapling from server.
  More fixing in client OCSP: use the server cert signing chain to verify the OCSP info.
  Add transport hosts_require_ocsp option.
  Log stapling responses.
  Start on tests for client-side.

Testing support:
    Add CRL generation code and documentation update
    Initial CA & certificate set for testing.

BUGFIX:
    Once a single OCSP response has been extracted the validation
    routine return code is no longer about the structure, but the actual
    returned OCSP status.
---
 test/aux-fixed/exim-ca/example.org/expired2.example.org/pwdfile | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 test/aux-fixed/exim-ca/example.org/expired2.example.org/pwdfile

(limited to 'test/aux-fixed/exim-ca/example.org/expired2.example.org/pwdfile')

diff --git a/test/aux-fixed/exim-ca/example.org/expired2.example.org/pwdfile b/test/aux-fixed/exim-ca/example.org/expired2.example.org/pwdfile
new file mode 100644
index 000000000..f3097ab13
--- /dev/null
+++ b/test/aux-fixed/exim-ca/example.org/expired2.example.org/pwdfile
@@ -0,0 +1 @@
+password
-- 
cgit v1.2.3