add test vectors for pkcs#7 verification policies #13376
Conversation
| @@ -1002,6 +1002,12 @@ Custom PKCS7 Test Vectors | |||
| * ``pkcs7/enveloped-no-content.der``- A DER encoded PKCS7 file with | |||
| enveloped data, without encrypted content, with key encrypted under the | |||
| public key of ``x509/custom/ca/rsa_ca.pem``. | |||
| * ``pkcs7/ca.pem`` - A certificate adapted for S/MIME signature & verification. | |||
There was a problem hiding this comment.
These shouldn't be named "ca" -- that'd be used for certificate authorities that are used to issue other cers, not for stand-alone certs.
There was a problem hiding this comment.
After reading https://github.com/pyca/cryptography/pull/12465/files#diff-ee3cc87634fba3d98c17ee2dbcb575f63f33603a5ab7ac9fa7bcc3b17bced6a3R154 i recon only the description is missleading: The ca.pem is used to issue certificates used during testing. Maybe the description should be replaced with A certificate adapted to sign certificates used for S/MIME signature & verification?
There was a problem hiding this comment.
Hmm, that's a bit surprising to me since it has a Subject Alt Names extension which generally implies its an end-entity certificate.
There was a problem hiding this comment.
According to the code it is only used as a CA, so maybe the SAN is there by accident? @nitneuqr can you help out?
Thanks to @briantist in #12465 I separated the vectors needed to test PKCS#7 verification. The files were created by @nitneuqr over in #12465