X509: add tests for purpose code signing in verify application

Correct configuration according to CA Browser forum:
  KU: critical,digitalSignature
  XKU: codeSiging

Note: I did not find any other document formally defining the requirements
for code signing certificates.

Some combinations are explicitly forbidden, some flags can be ignored

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18567)

1 files changed, 19 insertions, 0 deletions

diff --git a/test/certs/ee-codesign-anyextkeyusage.pem b/test/certs/ee-codesign-anyextkeyusage.pem
new file mode 100644
index 0000000000..1523f60784
--- /dev/null
+++ b/test/certs/ee-codesign-anyextkeyusage.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDGzCCAgOgAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg
+Fw0yMjA2MTUxNjM0MDNaGA8yMTIyMDYxNjE2MzQwM1owGTEXMBUGA1UEAwwOc2Vy
+dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY
+YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT
+5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l
+Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1
+U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5
+ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn
+iIQPYf55NB9KiR+3AgMBAAGjeDB2MB0GA1UdDgQWBBTnm+IqrYpsOst2UeWOB5gi
+l+FzojAfBgNVHSMEGDAWgBS0ETPx1+Je91OeICIQT4YGvx/JXjAJBgNVHRMEAjAA
+MA4GA1UdDwEB/wQEAwIHgDAZBgNVHSUEEjAQBggrBgEFBQcDAwYEVR0lADANBgkq
+hkiG9w0BAQsFAAOCAQEASlEaV64VMZE4Kj8ITpm8Xb418tbiLmuDEHZiZXOc9gRg
+YNnxpP0ammixIlvDtGM9Liahg5yTwj78Hd6ejxcSLm5sckhA+WkhosAm2aelkVEA
+kG0uqo2JOYd7RHh6rzvSCYfLX8gg9eqzq8qWw7Lbg9wyfC5V1Q+zYkuEQ4bBc5WT
+iqh1Zad4Lp9yFsMTEbo8aKL3Ayu0ehR1OrKjRrHbk9q2XafZRoa41mjNEHvQ7KkW
+PGkczOapAXRJRm7pRzI5m3lj07ITwdWiliu9Uv8KRKxkOunmSIGVBkeNMf7gGBiA
+1k4+o8wcWcQZmsP6RxEvSm6k5610oHi0z0CVgijghw==
+-----END CERTIFICATE-----