Add extra path validation tests for EKU processing

* Combines duplicate certificate chains that were named with "-ok" vs "-fail" (these predated ability to set expectations in .test files) * Adds .test files for each chain for ANY_EKU, CLIENT_AUTH and SERVER_AUTH Review-Url: https://codereview.chromium.org/2931053002 Cr-Commit-Position: refs/heads/master@{#481772}

Add extra path validation tests for EKU processing
* Combines duplicate certificate chains that were named with "-ok" vs "-fail" (these predated ability to set expectations in .test files) * Adds .test files for each chain for ANY_EKU, CLIENT_AUTH and SERVER_AUTH Review-Url: https://codereview.chromium.org/2931053002 Cr-Commit-Position: refs/heads/master@{#481772}
7333d9b7 · eroman · Commit Bot · 247215d3 · 7333d9b7 · 7333d9b7
Commit 7333d9b7 authored Jun 22, 2017 by eroman Committed by Commit Bot Jun 23, 2017
52 changed files
--- a/net/BUILD.gn
+++ b/net/BUILD.gn
@@ -3582,16 +3582,18 @@ bundle_data("net_unittests_bundle_data") {
    "data/verify_certificate_chain_unittest/intermediate-basic-constraints-ca-false/main.test",
    "data/verify_certificate_chain_unittest/intermediate-basic-constraints-not-critical/chain.pem",
    "data/verify_certificate_chain_unittest/intermediate-basic-constraints-not-critical/main.test",
+    "data/verify_certificate_chain_unittest/intermediate-eku-any-and-clientauth/any.test",
+    "data/verify_certificate_chain_unittest/intermediate-eku-any-and-clientauth/chain.pem",
+    "data/verify_certificate_chain_unittest/intermediate-eku-any-and-clientauth/clientauth.test",
+    "data/verify_certificate_chain_unittest/intermediate-eku-any-and-clientauth/serverauth.test",
+    "data/verify_certificate_chain_unittest/intermediate-eku-clientauth/any.test",
+    "data/verify_certificate_chain_unittest/intermediate-eku-clientauth/chain.pem",
+    "data/verify_certificate_chain_unittest/intermediate-eku-clientauth/clientauth.test",
+    "data/verify_certificate_chain_unittest/intermediate-eku-clientauth/serverauth.test",
    "data/verify_certificate_chain_unittest/intermediate-lacks-basic-constraints/chain.pem",
    "data/verify_certificate_chain_unittest/intermediate-lacks-basic-constraints/main.test",
    "data/verify_certificate_chain_unittest/intermediate-lacks-signing-key-usage/chain.pem",
    "data/verify_certificate_chain_unittest/intermediate-lacks-signing-key-usage/main.test",
-    "data/verify_certificate_chain_unittest/intermediate-restricts-eku-fail/chain.pem",
-    "data/verify_certificate_chain_unittest/intermediate-restricts-eku-fail/main.test",
-    "data/verify_certificate_chain_unittest/intermediate-restricts-eku-ok/chain.pem",
-    "data/verify_certificate_chain_unittest/intermediate-restricts-eku-ok/main.test",
-    "data/verify_certificate_chain_unittest/intermediate-sets-eku-any/chain.pem",
-    "data/verify_certificate_chain_unittest/intermediate-sets-eku-any/main.test",
    "data/verify_certificate_chain_unittest/intermediate-signed-with-md5/chain.pem",
    "data/verify_certificate_chain_unittest/intermediate-signed-with-md5/main.test",
    "data/verify_certificate_chain_unittest/intermediate-unknown-critical-extension/chain.pem",
@@ -3705,12 +3707,12 @@ bundle_data("net_unittests_bundle_data") {
    "data/verify_certificate_chain_unittest/pkits_errors/4.9.5.txt",
    "data/verify_certificate_chain_unittest/pkits_errors/4.9.7.txt",
    "data/verify_certificate_chain_unittest/pkits_errors/4.9.8.txt",
-    "data/verify_certificate_chain_unittest/root-bad-eku/chain.pem",
-    "data/verify_certificate_chain_unittest/root-bad-eku/main.test",
-    "data/verify_certificate_chain_unittest/root-bad-eku/ta-with-constraints.test",
    "data/verify_certificate_chain_unittest/root-basic-constraints-ca-false/chain.pem",
    "data/verify_certificate_chain_unittest/root-basic-constraints-ca-false/main.test",
    "data/verify_certificate_chain_unittest/root-basic-constraints-ca-false/ta-with-constraints.test",
+    "data/verify_certificate_chain_unittest/root-eku-clientauth/chain.pem",
+    "data/verify_certificate_chain_unittest/root-eku-clientauth/serverauth-ta-with-constraints.test",
+    "data/verify_certificate_chain_unittest/root-eku-clientauth/serverauth.test",
    "data/verify_certificate_chain_unittest/root-lacks-basic-constraints/chain.pem",
    "data/verify_certificate_chain_unittest/root-lacks-basic-constraints/main.test",
    "data/verify_certificate_chain_unittest/root-lacks-basic-constraints/ta-with-constraints.test",
@@ -3718,16 +3720,20 @@ bundle_data("net_unittests_bundle_data") {
    "data/verify_certificate_chain_unittest/target-and-intermediate/distrusted-root.test",
    "data/verify_certificate_chain_unittest/target-and-intermediate/main.test",
    "data/verify_certificate_chain_unittest/target-and-intermediate/unspecified-trust-root.test",
+    "data/verify_certificate_chain_unittest/target-eku-clientauth/any.test",
+    "data/verify_certificate_chain_unittest/target-eku-clientauth/chain.pem",
+    "data/verify_certificate_chain_unittest/target-eku-clientauth/clientauth.test",
+    "data/verify_certificate_chain_unittest/target-eku-clientauth/serverauth.test",
+    "data/verify_certificate_chain_unittest/target-eku-none/any.test",
+    "data/verify_certificate_chain_unittest/target-eku-none/chain.pem",
+    "data/verify_certificate_chain_unittest/target-eku-none/clientauth.test",
+    "data/verify_certificate_chain_unittest/target-eku-none/serverauth.test",
    "data/verify_certificate_chain_unittest/target-has-keycertsign-but-not-ca/chain.pem",
    "data/verify_certificate_chain_unittest/target-has-keycertsign-but-not-ca/main.test",
    "data/verify_certificate_chain_unittest/target-has-pathlen-but-not-ca/chain.pem",
    "data/verify_certificate_chain_unittest/target-has-pathlen-but-not-ca/main.test",
-    "data/verify_certificate_chain_unittest/target-lacks-eku/chain.pem",
-    "data/verify_certificate_chain_unittest/target-lacks-eku/main.test",
    "data/verify_certificate_chain_unittest/target-not-end-entity/chain.pem",
    "data/verify_certificate_chain_unittest/target-not-end-entity/main.test",
-    "data/verify_certificate_chain_unittest/target-restricts-eku-fail/chain.pem",
-    "data/verify_certificate_chain_unittest/target-restricts-eku-fail/main.test",
    "data/verify_certificate_chain_unittest/target-serverauth-various-keyusages/ec-decipherOnly.pem",
    "data/verify_certificate_chain_unittest/target-serverauth-various-keyusages/ec-decipherOnly.test",
    "data/verify_certificate_chain_unittest/target-serverauth-various-keyusages/ec-digitalSignature.pem",
@@ -3744,8 +3750,6 @@ bundle_data("net_unittests_bundle_data") {
    "data/verify_certificate_chain_unittest/target-serverauth-various-keyusages/rsa-keyAgreement.test",
    "data/verify_certificate_chain_unittest/target-serverauth-various-keyusages/rsa-keyEncipherment.pem",
    "data/verify_certificate_chain_unittest/target-serverauth-various-keyusages/rsa-keyEncipherment.test",
-    "data/verify_certificate_chain_unittest/target-sets-eku-any/chain.pem",
-    "data/verify_certificate_chain_unittest/target-sets-eku-any/main.test",
    "data/verify_certificate_chain_unittest/target-signed-by-512bit-rsa/chain.pem",
    "data/verify_certificate_chain_unittest/target-signed-by-512bit-rsa/main.test",
    "data/verify_certificate_chain_unittest/target-signed-using-ecdsa/chain.pem",

--- a/net/cert/internal/verify_certificate_chain_typed_unittest.h
+++ b/net/cert/internal/verify_certificate_chain_typed_unittest.h
@@ -125,14 +125,20 @@ TYPED_TEST_P(VerifyCertificateChainSingleRootTest, KeyUsage) {
 }
 TYPED_TEST_P(VerifyCertificateChainSingleRootTest, ExtendedKeyUsage) {
-  this->RunTest("target-lacks-eku/main.test");
+  this->RunTest("intermediate-eku-clientauth/any.test");
-  this->RunTest("target-restricts-eku-fail/main.test");
+  this->RunTest("intermediate-eku-clientauth/serverauth.test");
-  this->RunTest("intermediate-restricts-eku-fail/main.test");
+  this->RunTest("intermediate-eku-clientauth/clientauth.test");
-  this->RunTest("intermediate-restricts-eku-ok/main.test");
+  this->RunTest("intermediate-eku-any-and-clientauth/any.test");
-  this->RunTest("intermediate-sets-eku-any/main.test");
+  this->RunTest("intermediate-eku-any-and-clientauth/serverauth.test");
-  this->RunTest("target-sets-eku-any/main.test");
+  this->RunTest("intermediate-eku-any-and-clientauth/clientauth.test");
-  this->RunTest("root-bad-eku/main.test");
+  this->RunTest("target-eku-clientauth/any.test");
-  this->RunTest("root-bad-eku/ta-with-constraints.test");
+  this->RunTest("target-eku-clientauth/serverauth.test");
+  this->RunTest("target-eku-clientauth/clientauth.test");
+  this->RunTest("target-eku-none/any.test");
+  this->RunTest("target-eku-none/serverauth.test");
+  this->RunTest("target-eku-none/clientauth.test");
+  this->RunTest("root-eku-clientauth/serverauth.test");
+  this->RunTest("root-eku-clientauth/serverauth-ta-with-constraints.test");
 }
 TYPED_TEST_P(VerifyCertificateChainSingleRootTest,

--- a/net/data/verify_certificate_chain_unittest/target-lacks-eku/main.test
+++ b/net/data/verify_certificate_chain_unittest/target-lacks-eku/main.test
 chain: chain.pem
 last_cert_trust: TRUSTED_ANCHOR
 utc_time: 150302120000Z
-key_purpose: SERVER_AUTH
+key_purpose: ANY_EKU
 expected_errors:
--- a/net/data/verify_certificate_chain_unittest/intermediate-sets-eku-any/chain.pem
+++ b/net/data/verify_certificate_chain_unittest/intermediate-sets-eku-any/chain.pem
--- a/net/data/verify_certificate_chain_unittest/intermediate-eku-any-and-clientauth/clientauth.test
+++ b/net/data/verify_certificate_chain_unittest/intermediate-eku-any-and-clientauth/clientauth.test
+chain: chain.pem
+last_cert_trust: TRUSTED_ANCHOR
+utc_time: 150302120000Z
+key_purpose: CLIENT_AUTH
+expected_errors:
--- a/net/data/verify_certificate_chain_unittest/intermediate-sets-eku-any/generate-chains.py
+++ b/net/data/verify_certificate_chain_unittest/intermediate-sets-eku-any/generate-chains.py
--- a/net/data/verify_certificate_chain_unittest/intermediate-sets-eku-any/keys/Intermediate.key
+++ b/net/data/verify_certificate_chain_unittest/intermediate-sets-eku-any/keys/Intermediate.key
--- a/net/data/verify_certificate_chain_unittest/intermediate-sets-eku-any/keys/Root.key
+++ b/net/data/verify_certificate_chain_unittest/intermediate-sets-eku-any/keys/Root.key
--- a/net/data/verify_certificate_chain_unittest/intermediate-sets-eku-any/keys/Target.key
+++ b/net/data/verify_certificate_chain_unittest/intermediate-sets-eku-any/keys/Target.key
--- a/net/data/verify_certificate_chain_unittest/intermediate-restricts-eku-ok/main.test
+++ b/net/data/verify_certificate_chain_unittest/intermediate-restricts-eku-ok/main.test
--- a/net/data/verify_certificate_chain_unittest/intermediate-eku-clientauth/any.test
+++ b/net/data/verify_certificate_chain_unittest/intermediate-eku-clientauth/any.test
+chain: chain.pem
+last_cert_trust: TRUSTED_ANCHOR
+utc_time: 150302120000Z
+key_purpose: ANY_EKU
+expected_errors:
--- a/net/data/verify_certificate_chain_unittest/intermediate-restricts-eku-fail/chain.pem
+++ b/net/data/verify_certificate_chain_unittest/intermediate-restricts-eku-fail/chain.pem
--- a/net/data/verify_certificate_chain_unittest/intermediate-eku-clientauth/clientauth.test
+++ b/net/data/verify_certificate_chain_unittest/intermediate-eku-clientauth/clientauth.test
+chain: chain.pem
+last_cert_trust: TRUSTED_ANCHOR
+utc_time: 150302120000Z
+key_purpose: CLIENT_AUTH
+expected_errors:
--- a/net/data/verify_certificate_chain_unittest/intermediate-restricts-eku-fail/generate-chains.py
+++ b/net/data/verify_certificate_chain_unittest/intermediate-restricts-eku-fail/generate-chains.py
--- a/net/data/verify_certificate_chain_unittest/intermediate-restricts-eku-fail/keys/Intermediate.key
+++ b/net/data/verify_certificate_chain_unittest/intermediate-restricts-eku-fail/keys/Intermediate.key
--- a/net/data/verify_certificate_chain_unittest/intermediate-restricts-eku-fail/keys/Root.key
+++ b/net/data/verify_certificate_chain_unittest/intermediate-restricts-eku-fail/keys/Root.key
--- a/net/data/verify_certificate_chain_unittest/intermediate-restricts-eku-fail/keys/Target.key
+++ b/net/data/verify_certificate_chain_unittest/intermediate-restricts-eku-fail/keys/Target.key
--- a/net/data/verify_certificate_chain_unittest/intermediate-restricts-eku-fail/main.test
+++ b/net/data/verify_certificate_chain_unittest/intermediate-restricts-eku-fail/main.test
--- a/net/data/verify_certificate_chain_unittest/intermediate-restricts-eku-ok/chain.pem
+++ b/net/data/verify_certificate_chain_unittest/intermediate-restricts-eku-ok/chain.pem
--- a/net/data/verify_certificate_chain_unittest/intermediate-restricts-eku-ok/generate-chains.py
+++ b/net/data/verify_certificate_chain_unittest/intermediate-restricts-eku-ok/generate-chains.py
-#!/usr/bin/python
-# Copyright (c) 2017 The Chromium Authors. All rights reserved.
-# Use of this source code is governed by a BSD-style license that can be
-# found in the LICENSE file.
-"""Certificate chain with 1 intermediate and a trusted root. The intermediate
-restricts the EKU to serverAuth, and the target has serverAuth +
-clientAuth. Verification is expected to succeed as this is consistent with
-the requested key purpose."""
-import sys
-sys.path += ['..']
-import common
-# Self-signed root certificate (used as trust anchor).
-root = common.create_self_signed_root_certificate('Root')
-# Intermediate certificate.
-intermediate = common.create_intermediate_certificate('Intermediate', root)
-intermediate.get_extensions().set_property('extendedKeyUsage',
-                                           'serverAuth')
-# Target certificate.
-target = common.create_end_entity_certificate('Target', intermediate)
-target.get_extensions().set_property('extendedKeyUsage',
-                                     'serverAuth,clientAuth')
-chain = [target, intermediate, root]
-common.write_chain(__doc__, chain, 'chain.pem')
--- a/net/data/verify_certificate_chain_unittest/intermediate-restricts-eku-ok/keys/Intermediate.key
+++ b/net/data/verify_certificate_chain_unittest/intermediate-restricts-eku-ok/keys/Intermediate.key
-openssl genrsa 2048
-----BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAx6aYqb2OJ6vn9Z42pKT3t1kPAgpapwoE2dLfQ+QTYcdBM88b
-PuX2dDZr2yfFzwA9xt0q3Rsbyv3QS6OQkmYZNku7m9x0pvsj0o9udDUa3xN6QN+h
-EvMJonA5oOJcDraaTFP4LhL76tudam4OQSo9s9o+fpsqGirlcBsZshDREj3hnPOw
-BUB5w/tEQYABEC6Zcl/1OR5d9CwitcGb7CEpUPk2Ow6KqQvS5850FhB0Tvf1vBSu
-r3lKgvUq4irk8eEs55EE/aU4CfYhzmIuZQ0fMDwR/uV5hVEYleadFYL1ItF3tU1k
-goaEjFmQhrRkHqbMINibCblPfVdStgCfttKz7wIDAQABAoIBABTJ3AuQmUS4Oabx
-mm76XnDQ7SchPN83w9mKg4TmMr5zqO5kGkoqV8cyA3kGYypys/wI+3WaZQJ1+0Jk
-/aDA0M8+g4JvKhZZABnkpXOkM/AWbxxiLLt0YwRu+xEtgLhnexmHhMgHYgPKalGy
-s/lFFLeteeRk87VV0h4iNEK+TYbAi2MAeDhbdKkPuMNnNMbUU7QO/b3dm/0IVfqy
-yExsahEww7XJYTSVIeelz1GJklIuSrj9QcbrQILGZCC+OyhvSHF4YCbdwqOjnm26
-jn26K5MpfvQ1HCn9HZFK5LpFNnNFy4tkpRR+dzqMWorShnNe+yrFEHcOflZrA53U
-vPkyVIECgYEA/UFBg5/LN2x/JTQBQOgqf8b6uyP8ubkykD3focqvRS9pYw40bCK8
-/2XC32KUdjhphQyiz6tCsCtZH6h/Pgt/Kmgh+LZsYj85TYBqlOTn1BOsfafrNN/O
-T2zSd1+3t7tpsqApTu9kCOIbK0HmZdO3iaYOJG3KMBQANiOQCVdBfGcCgYEAydCY
-17t0K6naSicBmFB9jYAT09xIllNsGpuRbufyGQqljLO2vkNxslDWMuMrapb7zIxU
-9MSzLEXxnlCw6GAjjWx+5LDxDPYFFHqlzzX97eAMDHkJ3D1Se8o5b6U29HUNLcdn
-SvPwhiGOVf5jGpUo7+G472baNlYVAm4cv93xVzkCgYBfioLAuUPdAN1ml5vxdKSz
-18k3WHg7SJa+u9jmHKTKoPxNFkrIkMJkR2uhAnunrdiBDSdO2PkrpO7WdqaqLYQn
-52kJfyicV+WyS0PqMAEVjOaB8RtWsygN5qvvxPh2JAnYDXwH/1/pygMd6pqUx65y
-C2dCbvjb8m+x/PCV1Ykq+QKBgE2cNZsJEKTV/gd0Nq3PjmkDLxzTYurEjBczaltf
-QYAV0xJn7kf/AdNUOPt61zB3fb/s26MBnfHRuBhs6YuDpUh2x9nEnf6hAdUdUXR9
-S/jVp2yIg505y+WlIC9qNtcNyJKpU3TEmOPMNcOmP5Byejq98HPIdvRcaFn15IJ4
-pJ4pAoGAY22ERQ6O/hRwXcgHItLZmPqJz4Ryekbw49ThmPLf9xNMIXzdm2+ADtaj
-ELxcocUaRWmVNW68gsPflUCPV2Fl1xa/efxM8flKJ0rs1qRALue9x1Ufy/mVmZDy
-aoAtwUweViQtR180e1HWyAbRqWncGKrbvcFmYpcNBgUZOgxqpW8=
-----END RSA PRIVATE KEY-----
--- a/net/data/verify_certificate_chain_unittest/intermediate-restricts-eku-ok/keys/Root.key
+++ b/net/data/verify_certificate_chain_unittest/intermediate-restricts-eku-ok/keys/Root.key
-openssl genrsa 2048
-----BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAszWDdHvnxFa7M8O1GYZ5SFTgAr4QitR0nFExGnxcvccpTOdl
-LvRBfbkCEDicTdw+R7x2ULwSFsrWl+k1HIj2kopmL3+K3Y2bK1XNXNMYti8+wqFZ
-j8sYrciqo67SmJKgUETwexNzR2l98xpJNymfSkAfGygAgvidgAL95jfYqWtaO+LO
-2KBAeicwTOsKQqYavCC/Pzqwq+44e8kHwmuHVMueHGA2pdwB0UQN4v8jHUfXF4ke
-OPoJMPQZoL5gSqn4Ykq/8coBMxfwePP6GVgRy+/1IC6RgIUR7KxVUZ9kaodoDZ/X
-kwp6ihx9ZxBzkfIMgcbok1rXsWUs6VQzXjm3nQIDAQABAoIBADT3ehTxkjzbjZTt
-IRecQTh5rYPh/S2rQZP6A1NasmZ8+N37/lH0a27nQY7dzITOtbGqKCYQkCAgb3CS
-wtneOVJyiWU8gyScd+JFB9+JnOIr8JbB7aCsXGzwxE6Am0nw/GT9Gz6lLwtKSKmT
-eVROfwAJF6iFGDGdnZ96QuTKWMUpsKuh2xb/bBtW0zV0XtWsoqmhJAy5Ncfxyt0X
-34NLyyBQEq+HW6kSPVB2qMPXWBNRFVJ0QK9g5cpOXN9co5hvP30lK40XpbJWRjdU
-bKW0MhnXVDkQ143PlUZTg1yk401w6RsXRLYVHCc4x13h1yY0BxOCMFxSwq+jvKKo
-zqLt55kCgYEA5NtTB0X6q3yswttc9eIypVK2MU+BdPw6ihNwM1MXHWZ9y2LhG9vN
-Uc4F4a2PtpqrDKIMOLoUkhnxyvGo5LSg6k48C4eYJw267l83KJ7KWCthjraYkH7N
-rYWhlck4xpBkI24y8MYv/Uq31WHK73nvyvMGuobCBCmP5eMhqArpP8sCgYEAyHbC
-EkKaHz/JDq3M7rxxjRDDh+lc8z7kn7MJLih/3QsnD0l5dXKRExlrkVVWhoLcibSC
-Rg8Xg11588knJ03+zNZhpCD8qMUfXClnVeDIrCVjQtr3xSDQA1fVMyWlLu+6++7Z
-ujDFa1kt2o0RAdVNwdde75vLTJz5P6Tux8EAqTcCgYBtUj+lN854YIP+SN9tLXJX
-+tzBTWNfyKUGFCcCvWxLRQxOPZuevS6lJy80EL6X0eZnkHkaF/l/mRkhgrLVHVvI
-0Tppn4oVDb//4kftBX1PBNoDXEIgtBH4E9+ON6MBZzQOoLOAxItkCW8rZR2Vq7/a
-SKEsNPc1Gc19WTRYm220ZQKBgAjzNGr4SkVG5cUgAVxPUYqIyxIQWzQJBNAUgD5t
-VHgb/VxzXVbfDJcbtW/BraFHymzjgEV8ewJEdCNsQbFBjDS9BZL8Xgty8Zl9x71P
-0eXNrYbYm+NTObZMf5pO/fcAgQqqeVIUx1upmaB+V9oLGfOjl/t+qy76ey5aQMbu
-WQc1AoGBALTrAwE851rv1/b6+Aq/oHMGoXeGBnKUotUOpHtbU7mnKrMXghR97HFY
-QT6/xLlGDL+AoRmVbNcQ3P/9CESZI9YCrRyS7tMSpj5sM/GFYp/GlBH3mraQIAkr
-TokFfo1SFXLyPN3/WYOCO4X8z8F9EyIx/77wRl1kMjRRLiCeoF1f
-----END RSA PRIVATE KEY-----
--- a/net/data/verify_certificate_chain_unittest/intermediate-restricts-eku-ok/keys/Target.key
+++ b/net/data/verify_certificate_chain_unittest/intermediate-restricts-eku-ok/keys/Target.key
-openssl genrsa 2048
-----BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAsk1VNrndJWyj41wvlZesOt8tamMD9+myp03zfSF4r4DPNGpH
-ugUNkK1dWoadwlt/R4wKRLbe18EX5w9E6ogFcF2BlYFEJLNwOPyrUx5BdQ5yTTyJ
-Fj65v+WdXq9W71Cg4Nq9lMA5B1K0+z1qT3EOTVW7aUoxW0oWYPr9QDQwcOsS0DMK
-nSdoui+/UXxf+wT9xgglHESgqEsCfPyMq7TpjMm8qxM8HnUNCc/JVtsqElzg4Vhw
-ld+Znskhs7o8UFomopUSi5+O8XbqhZSs7xREtNlEKKPxYMB76B8Bvfd4v+/Nde7d
-Leh9Xpc8twawFmwtC/IHf9lD8HlY/lNBwon2nQIDAQABAoIBAGADir6kibSscvhs
-3ObmPQWaxp8CYNGwU9cJ//NDAfUoHOwxyxwdundNE/c6hFtz3+9MNv9XplpyjYeM
-TmUpCBzBDZXPfT1yLx1Q2oUwxrjdJan3zi5farEuWXbyXpMSTP+oauxeMpeB7xlX
-shbDX5s/bmM9Y6SwGarxnUxkji1PUsItxLGAmj5mq3TAiQijrS+INHJKU73UNMHh
-8pEE42h08lSsHAOZR+zkx/Afm4+McGagMrL1Ql0KmyeV7DfqqP0nydBFIMCe61SP
-ygH1Qbnp4kO28RGNFcDx+Yq5tboLbI1YAPt8hUS+lkbABVbj9PKGYa4sq9PeL/p3
-uTlFP7UCgYEA1cJyYvqZ9IubvdA9AgPBOLFJRrDadCBykH4mvHaCB4dgDM2PX+yV
-Rq5ToWhInx0DAhQE/VqESSQVGIFTjvbHD8BkciW9HA7z8W3GvbdUUWWn7qAuTRR6
-ONX92YYxu1tPqzCVpjfwy8RLySosg+U8EQMXsp9bAbsIsqtGkbucwjsCgYEA1Yku
-rxyigbfEFDltDdvlyAgqE1G5CfbeMYWACCS4wHvH1nz7tmsRzxcCdRBqX2H1In7k
-RB+YlhunmAxJw6R8u7tAki4FqqmVtdwTCBulX8i20C3MQXzs/gyNnW/fcdKsqha3
-RkymHgpa7IeP2uILf/gWJ1FkOV6XezlK+POIhQcCgYBZC/CkxOp/kezmDKptfWzv
-lgMFfMT0HVQ8VyEB34hZZI6hprw0ZJTm5dYW5h9ikS5gnkBZ3mw/H9Xd6HoLk0fn
-iukNGCWIW75Jc8aX35gzdFqZsIa5O2+S36opBJsRBn/Qu6OLo8Ae0n4Tpgr3QvZb
-y+MCWRoLRYPhEjKKoRIzYwKBgDvaog1Pl3WIzxtkJV9XHgd90l1r8NQMMKfs5cBi
-mq7Jg3BpxByT0oAb0QKDQW3PBWlP7Cf0O08IHWgPObXvK09r42OWJtx5gI9jSqph
-JW+90RB1ZeWNYNitKBzTOOyswt1CVMkNvxp4iJf4P6h46ARMw9jthYxXKVrO6mbx
-zHiNAoGASPhvVK+gdJsDnbM1Rx1oITr+1LnObnG3MG6h7ur5AGWXUVjlrGbsdJbo
-fSz3zNwpxC1KozF9dzker0mkoGGtQO0CaudwI3dCcY/hf6AodGyxLKZGXyPpRKWr
-uGzvZU+wVGVyCZB/ijD5HZlEXO6n3lwKucTkal1PS7aLIb0YStw=
-----END RSA PRIVATE KEY-----
--- a/net/data/verify_certificate_chain_unittest/root-bad-eku/chain.pem
+++ b/net/data/verify_certificate_chain_unittest/root-bad-eku/chain.pem
--- a/net/data/verify_certificate_chain_unittest/root-bad-eku/generate-chains.py
+++ b/net/data/verify_certificate_chain_unittest/root-bad-eku/generate-chains.py
--- a/net/data/verify_certificate_chain_unittest/root-bad-eku/keys/Intermediate.key
+++ b/net/data/verify_certificate_chain_unittest/root-bad-eku/keys/Intermediate.key
--- a/net/data/verify_certificate_chain_unittest/root-bad-eku/keys/Root.key
+++ b/net/data/verify_certificate_chain_unittest/root-bad-eku/keys/Root.key
--- a/net/data/verify_certificate_chain_unittest/root-bad-eku/keys/Target.key
+++ b/net/data/verify_certificate_chain_unittest/root-bad-eku/keys/Target.key
--- a/net/data/verify_certificate_chain_unittest/root-bad-eku/ta-with-constraints.test
+++ b/net/data/verify_certificate_chain_unittest/root-bad-eku/ta-with-constraints.test
--- a/net/data/verify_certificate_chain_unittest/intermediate-sets-eku-any/main.test
+++ b/net/data/verify_certificate_chain_unittest/intermediate-sets-eku-any/main.test
--- a/net/data/verify_certificate_chain_unittest/target-eku-clientauth/any.test
+++ b/net/data/verify_certificate_chain_unittest/target-eku-clientauth/any.test
+chain: chain.pem
+last_cert_trust: TRUSTED_ANCHOR
+utc_time: 150302120000Z
+key_purpose: ANY_EKU
+expected_errors:
--- a/net/data/verify_certificate_chain_unittest/target-sets-eku-any/chain.pem
+++ b/net/data/verify_certificate_chain_unittest/target-sets-eku-any/chain.pem
 [Created by: generate-chains.py]
 Certificate chain with 1 intermediate and a trusted root. The target
-restricts EKU to clientAuth+any and requests serverAuth during verification.
+certificate has only clientAuth EKU, so is expected to fail when verifying for
-This should succeed.
+serverAuth.
 Certificate:
    Data:
@@ -54,25 +54,25 @@ Certificate:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
-                TLS Web Client Authentication, Any Extended Key Usage
+                TLS Web Client Authentication
    Signature Algorithm: sha256WithRSAEncryption
-         e9:be:ed:82:c2:ea:51:5e:9d:c9:4f:2c:e3:ca:6e:0b:be:18:
+         e7:28:91:00:72:b6:21:2a:89:6d:a3:da:31:06:54:c4:7d:62:
-         5c:c3:1e:3f:6c:1a:de:9d:cc:8c:45:b5:87:2e:b2:38:9a:84:
+         de:f2:e7:75:76:60:69:38:c1:a3:b9:3e:24:3a:fa:61:89:40:
-         a6:e1:ef:93:ac:f1:b6:d0:ba:d6:87:59:5d:e8:a7:1b:3e:14:
+         c6:a2:3e:b3:fd:4a:d1:be:ba:d7:fd:b4:b1:e6:f1:3f:43:b1:
-         3a:9d:0b:50:c3:29:51:65:62:66:9e:a2:68:e8:be:f0:1a:e2:
+         21:cb:1d:df:72:6c:22:ec:bd:6f:b5:26:80:0e:be:d4:75:1c:
-         57:0e:dc:7e:28:94:d9:c3:a9:0e:9c:d6:b0:76:d8:ec:b9:fe:
+         23:8c:dd:23:3d:d3:22:42:11:d8:de:f1:1c:82:0c:8e:b1:9c:
-         e6:35:b5:8a:27:3f:1d:6a:4e:66:d5:ac:d8:05:b2:4d:47:16:
+         fc:e2:34:b1:a5:62:f9:5b:bb:3e:e6:38:d9:be:89:f9:fd:17:
-         ff:09:88:7e:23:70:dc:6b:b2:14:38:97:d8:4c:5d:ee:41:aa:
+         45:78:8f:39:4f:30:53:86:a3:60:ad:5a:a7:97:1e:89:df:2c:
-         ac:b3:6b:5f:d7:2f:39:93:19:5f:e6:b7:15:c9:2b:5b:2c:c0:
+         cf:9d:bf:a1:bf:91:82:0b:25:c5:c5:23:30:f7:ff:0e:98:60:
-         b6:81:84:49:0b:5f:df:e9:e1:01:4f:82:ad:35:0b:00:d3:ff:
+         4d:dd:a3:ec:5c:c3:bf:6f:29:e7:4f:11:80:94:44:68:f3:c3:
-         47:55:67:20:aa:3e:f9:b0:84:09:8d:e0:7b:16:b0:11:a5:16:
+         84:db:14:a5:0d:1e:3f:3d:b7:e4:e7:0e:af:30:f1:f0:a4:7e:
-         a7:27:81:85:ec:2d:47:73:48:e4:92:9d:b0:81:27:32:28:89:
+         cb:53:17:35:89:f0:fa:c1:d8:eb:93:11:44:18:f0:19:49:1e:
-         de:cb:c2:fb:bd:60:09:2e:9a:99:ef:9b:cb:9c:2b:fc:b5:a2:
+         fd:3e:f0:b1:4f:33:99:e5:a9:6b:60:ac:6b:1c:1d:b3:59:ad:
-         cc:01:73:bd:42:28:00:d4:d8:b2:8d:94:6b:5e:bf:1e:8e:93:
+         01:ce:3e:03:a0:b5:31:1b:6e:07:ae:7e:29:86:ea:5e:42:df:
-         13:89:65:6b:2f:af:92:37:a3:b4:98:14:f4:b1:ff:44:aa:c1:
+         ba:c2:3a:a7:3d:ab:d5:bf:da:a0:25:67:2f:01:46:a5:0d:20:
-         79:83:48:f7
+         3e:65:80:02
 -----BEGIN CERTIFICATE-----
-MIIDiTCCAnGgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl
+MIIDgzCCAmugAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl
 cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD
 VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDghNk
 DjUzDKxEvm2S9eSX2Jq9ZPG1Z2IBewyYV0pjZLCdanuEopH+cwtMgc6J+Y2NikEY
@@ -80,17 +80,17 @@ yNhkJzYy5jYmRBYTLqGtOAYLGzliapSsoFm+UstH10sACZGOFGmpYt9J2LZ5c95g
 1Lh2iaRTih1LgIgx6AVGgRt7XVLQaztTDSU8lZstmYM8A4y1c/tDbIKzSFc4PP+3
 edgTdAbQF3ipOAl2yvm3WqWKboV/JzR5gu+iAZOu+gsYR9QU/2d4K1OS9qwnQsd/
 jv0GSja5epheDZTvGvoIrY1kKMfBA3ZjuTNanxa+0+Bc6UN7m4OzkDHnWSsc0oxz
-FaI6lDUDgJf4XaMTAgMBAAGjgeUwgeIwHQYDVR0OBBYEFFoWnAaFtvR3rXJYok+h
+FaI6lDUDgJf4XaMTAgMBAAGjgd8wgdwwHQYDVR0OBBYEFFoWnAaFtvR3rXJYok+h
 /inPl4orMB8GA1UdIwQYMBaAFCS5kUE58TBe+MU7wFHMEVimE3OzMD8GCCsGAQUF
 BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk
 aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu
-dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMBkGA1UdJQQSMBAGCCsGAQUF
+dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUF
-BwMCBgRVHSUAMA0GCSqGSIb3DQEBCwUAA4IBAQDpvu2CwupRXp3JTyzjym4Lvhhc
+BwMCMA0GCSqGSIb3DQEBCwUAA4IBAQDnKJEAcrYhKolto9oxBlTEfWLe8ud1dmBp
-wx4/bBrencyMRbWHLrI4moSm4e+TrPG20LrWh1ld6KcbPhQ6nQtQwylRZWJmnqJo
+OMGjuT4kOvphiUDGoj6z/UrRvrrX/bSx5vE/Q7Ehyx3fcmwi7L1vtSaADr7UdRwj
-6L7wGuJXDtx+KJTZw6kOnNawdtjsuf7mNbWKJz8dak5m1azYBbJNRxb/CYh+I3Dc
+jN0jPdMiQhHY3vEcggyOsZz84jSxpWL5W7s+5jjZvon5/RdFeI85TzBThqNgrVqn
-a7IUOJfYTF3uQaqss2tf1y85kxlf5rcVyStbLMC2gYRJC1/f6eEBT4KtNQsA0/9H
+lx6J3yzPnb+hv5GCCyXFxSMw9/8OmGBN3aPsXMO/bynnTxGAlERo88OE2xSlDR4/
-VWcgqj75sIQJjeB7FrARpRanJ4GF7C1Hc0jkkp2wgScyKIney8L7vWAJLpqZ75vL
+Pbfk5w6vMPHwpH7LUxc1ifD6wdjrkxFEGPAZSR79PvCxTzOZ5alrYKxrHB2zWa0B
-nCv8taLMAXO9QigA1NiyjZRrXr8ejpMTiWVrL6+SN6O0mBT0sf9EqsF5g0j3
+zj4DoLUxG24Hrn4phupeQt+6wjqnPavVv9qgJWcvAUalDSA+ZYAC
 -----END CERTIFICATE-----
 Certificate:

--- a/net/data/verify_certificate_chain_unittest/target-eku-clientauth/clientauth.test
+++ b/net/data/verify_certificate_chain_unittest/target-eku-clientauth/clientauth.test
+chain: chain.pem
+last_cert_trust: TRUSTED_ANCHOR
+utc_time: 150302120000Z
+key_purpose: CLIENT_AUTH
+expected_errors:
--- a/net/data/verify_certificate_chain_unittest/target-restricts-eku-fail/generate-chains.py
+++ b/net/data/verify_certificate_chain_unittest/target-restricts-eku-fail/generate-chains.py
--- a/net/data/verify_certificate_chain_unittest/target-sets-eku-any/keys/Intermediate.key
+++ b/net/data/verify_certificate_chain_unittest/target-sets-eku-any/keys/Intermediate.key
--- a/net/data/verify_certificate_chain_unittest/target-sets-eku-any/keys/Root.key
+++ b/net/data/verify_certificate_chain_unittest/target-sets-eku-any/keys/Root.key
--- a/net/data/verify_certificate_chain_unittest/target-sets-eku-any/keys/Target.key
+++ b/net/data/verify_certificate_chain_unittest/target-sets-eku-any/keys/Target.key
--- a/net/data/verify_certificate_chain_unittest/target-restricts-eku-fail/main.test
+++ b/net/data/verify_certificate_chain_unittest/target-restricts-eku-fail/main.test
--- a/net/data/verify_certificate_chain_unittest/target-eku-none/any.test
+++ b/net/data/verify_certificate_chain_unittest/target-eku-none/any.test
+chain: chain.pem
+last_cert_trust: TRUSTED_ANCHOR
+utc_time: 150302120000Z
+key_purpose: ANY_EKU
+expected_errors:
--- a/net/data/verify_certificate_chain_unittest/target-lacks-eku/chain.pem
+++ b/net/data/verify_certificate_chain_unittest/target-lacks-eku/chain.pem
--- a/net/data/verify_certificate_chain_unittest/target-eku-none/clientauth.test
+++ b/net/data/verify_certificate_chain_unittest/target-eku-none/clientauth.test
+chain: chain.pem
+last_cert_trust: TRUSTED_ANCHOR
+utc_time: 150302120000Z
+key_purpose: CLIENT_AUTH
+expected_errors:
--- a/net/data/verify_certificate_chain_unittest/target-lacks-eku/generate-chains.py
+++ b/net/data/verify_certificate_chain_unittest/target-lacks-eku/generate-chains.py
--- a/net/data/verify_certificate_chain_unittest/target-lacks-eku/keys/Intermediate.key
+++ b/net/data/verify_certificate_chain_unittest/target-lacks-eku/keys/Intermediate.key
--- a/net/data/verify_certificate_chain_unittest/target-lacks-eku/keys/Root.key
+++ b/net/data/verify_certificate_chain_unittest/target-lacks-eku/keys/Root.key
--- a/net/data/verify_certificate_chain_unittest/target-lacks-eku/keys/Target.key
+++ b/net/data/verify_certificate_chain_unittest/target-lacks-eku/keys/Target.key
--- a/net/data/verify_certificate_chain_unittest/root-bad-eku/main.test
+++ b/net/data/verify_certificate_chain_unittest/root-bad-eku/main.test
--- a/net/data/verify_certificate_chain_unittest/target-restricts-eku-fail/chain.pem
+++ b/net/data/verify_certificate_chain_unittest/target-restricts-eku-fail/chain.pem
--- a/net/data/verify_certificate_chain_unittest/target-restricts-eku-fail/keys/Intermediate.key
+++ b/net/data/verify_certificate_chain_unittest/target-restricts-eku-fail/keys/Intermediate.key
-openssl genrsa 2048
-----BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAmotEV/vQRCTWIDiqGyDMZ0AmwZgqbpXP2yw7psnmWAYBxdct
-Og31RZJs1xZ4WzodFvc8yZsalRf3zTB1RMS9Qu2ya+abqE4uzzYuPsPAId/tsgXK
-ZVkSySo9vzrfXhf266h45oHH1l6sm+mqxa9v0gQISp6bAmhAs8qNXs9ITf1E/o0V
-Gav9+34yNMmQFbKOa0qcY2iFu5G7G8uLwW8GMmdNDfOaq2yA83nxrLtIKuLvr4o+
-hopyPt+teq2QUORlaTcmShbOthGcNknahdqvX5HWp5Q6r5Zvb04Bo1EG53qrQaMX
-Ibadpqp1/wZ7+uh3WlivHUe1yIu/wqFqTAGC1wIDAQABAoIBABsyOOO21662QMxI
-zH6bpfzhiDB3Y7g0OvDZ9uFiFFwXKoazWC0oOap1mxu6w5FiR6478gGUfvgP0LbW
-OTzR1nCJveVJHslegNRMN5UqA4yyiHTUmgp9w1WNTnJxnM9FLlnIOwZtfkpWPM/v
-LfM97VKrDP58rNCeogxBr+EoXxQCIPjYSVoq7h9yTUYrBOdXwlzXInHMROYxHvan
-aNoReK/Ise1FI6hoOPIbfrhhlzcrJgKd+Dm9tHCz9tK5S0G0NX9TM7piz8r+9hHe
-BRRyGdQoGD9VhbgLgljtDEAFwuN/4sDVic6a0FjHgdc3Ihevoucx1N8bD2MeFkIn
-mHIc1vECgYEAyI0XrbzAM/wVp4mkNtGKcPkr5HgEOCNfZacgVuPcvd4w3Zo9WYr/
-LC/SUWuk31KHphYtBMsQZgLdM0UieOGgVSPByyY41ExWPVEfaeNUFIj0WveCHwvs
-MnIzBwP0cFqBnoCM7JWyo4HCFsdDkDqmb2L+5ImZplzutlGPQheW8qkCgYEAxUXQ
-L5JG24wbWJp90zWgAiyhvfVouiDi6KwhmFIIZi2xK4HZnbidEcQRFq3NaXjVhfsI
-PGyzVa0BqqZ63afKr1i7dBlPvBZubw77t1KRTDuAxfMzOZfI0TY1vrBGkgnyrHJp
-0Cgoq42SE+iyFq8xv1zuT6Z7gZ7x6RhUclmLuX8CgYBNS6wDp0sA/jiuYOtswWg1
-UKPtI6CkrmV3PWnGc35Bo6B72JWqrFrbAfdysCVUeW+UwNlLDqTcXGA7AXte0b9E
-8Uog7TNcB6v5aAnOevKOE5bydJCvPJ4ld0RZgNm2b/ujRnKKQMwgHsPamaRds20w
-YxxQowQYTZsno9muJH9mOQKBgHIsR6Ngu5XRbvpG38/f122quymf4S7oXatgBEmO
-IMJSa5nMm1BHStC/c0x25s3GW34hndCq8NgDO1Wy6KVkuU/mwQcepyEqslughlrB
-dMp0HcFzUhBhIp7DCzQD/bQEAemAhnEs7OztEMBpCrlKSDaC6II8znpkrYnExQsx
-fEatAoGAf+IMjbvgH3wm9iff87Go7pyPxpyBFcehuG1m3pyJFoTHuhc4ccf8lECN
-dmremvpSiLzH60r4RO0dLcNLXkVQCY6tkdfX0TBDPnzCcdZ7/HwOBLlUyVBrTLsY
-KTn9QYQsh2mNK6UBMxTlH0pKUe6mbvYeCnW+tUblTqUqA90m3uY=
-----END RSA PRIVATE KEY-----
--- a/net/data/verify_certificate_chain_unittest/target-restricts-eku-fail/keys/Root.key
+++ b/net/data/verify_certificate_chain_unittest/target-restricts-eku-fail/keys/Root.key
-openssl genrsa 2048
-----BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAqYaCEYNyonpahkJYroDK3P1i8BqttB5lNBgyGxA6YWBXWkF2
-Ncg0nOes3aggYOwMu8r83rtVshBJnlDvZ9BMK2YmJaxI+oYuhjBmO4vTzQnUTBnl
-fgH5jSmzWAmkT8FvpRkN830ifHSRq7I5tGp6osuZBdny9Eo5RyVULrc+3yeOsZYE
-MMKqcEbWliNHXzRA7UIRrFGj0aDFFxkzXORTJoumIbKH40M/jloEBGJaQY2/x8Ri
-7bt6AJtg3gAqXbJArwCinShasdlaTYLpnLJtVBaVJs8uWmmGnkAg2UJuP8ehHUDA
-GeoVd5POArLLyRWKnEkrZQeXvdsADbIevbMOVQIDAQABAoIBAA0n8SQmzViqoifV
-MkiomhW4XFtB1sUprrTyQ8Ex6zXvYhgRCHl4Bg0/NX0mNQ0QhJR2VlV6uFXPScdN
-hKbL1X1wufkme6tlimrDisuIOHGrF5yoTdUPlixMViy44tWFr4JihWCmD20VJtDq
-Tewgb0/++OspVN98eyF4ViYh9nEe4m/9/IUyE7pV5OuxCLY7dzGlOCrT9dbcJl/G
-u+Q8nRkQG8HK2DzHX0ofuT/mL9q5WFEUeZMZIGuknJTrf/wElRC8LMzIFxJJKNnE
-an2jTy3Yh4mUqyWaY+CZ/RbGovLcG8NpJVWlWYPy0Frd+pz0erK/hic9nqwknAee
-mX0NwgECgYEA0obDalQMt7kXDv0Q3p/IvnMRF6GN3UfOAk+iujnsvM9lCxGLJH5O
-6KXSvON+68dD2YgddGgB8U0ztw+QllPYTrFXyfXv7hT4O+xLdrtNY8J1JVagl/Dt
-MQlgxDujrGal5JlYvhTVjFoqDeSad4t/3VBfkKZkSHIqs4xZhGCgcMECgYEAziSP
-VCPacb0LYAfpA5zhuS9fskNVgou8jTorSmCmyLDi6ktREELY9EdOog0Vxzixb1Z2
-x3wGeA0//RUzoo8boJWbR4qvuU2kQfhBmnDBtkIEOT7OaZnUcgVTcrlrIM3Nv1ux
-nAC3j2REYx2s8SLAen9xj+9FsUIPhcYr83j+7pUCgYA+c22qsA4pvgVCE/4aHEof
-fODYIruDpdZNxzPdjGtWwysVMnoVNEbSKsat88plxPGyqPcb3fKdkypBJqPchDjJ
-d0A0j/lBpgTROdJVAVD+w+OeVOlEyVqDTmXfMFXoQXb6riauFF4YyXJqNqM/zSj8
-DOicb0+WUg+qvXqck1FkwQKBgGnoMpLh0Kq6mwt9ROOMSBOiGSI2ocnuDLLp/a+6
-tDVLW2lPxJf8IAZwVB/BZTzzDYXMAD5Ao/otpIBb0ilkKKd59UruH5WuJAOYjevQ
-nlUK2aynbdinJZRm1BaO2FEEKv5zF260l5ndw5zAdEd2uTi2HRv7q+yDqgHqbE4s
-DZ15AoGAY8TfuGR8SLlA9hNaTZRPYL9BGiUQWFjI9QuinJCHifLoe9kmlE7eCSr7
-9W131MU2TjGaIHSeFnDKX1M4NqGevmaRkmYFmIMEtItm75Ts4zBSmOkBBoucFZWy
-ESWLXAIS6IVlr51EwPdLFd+RnqY2qpyEUsuYXafAseEvz3SOAWI=
-----END RSA PRIVATE KEY-----
--- a/net/data/verify_certificate_chain_unittest/target-restricts-eku-fail/keys/Target.key
+++ b/net/data/verify_certificate_chain_unittest/target-restricts-eku-fail/keys/Target.key
-openssl genrsa 2048
-----BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEA4uulEJi7acMU2dbGVxrgmp4wtdi34/1K7wgBsLiUCgrGJF4/
-UNHnIffODF+voatuNdRWz71F+241XQ80fjZhq/LdS9UjgF1Vd/z7DiyNhhPh64if
-afBFGS+Unvos4PyjI4yNz/B+ZZ8r/DQEdbhWqRk199I/K/DPGnbd2ggxm0yxgzEy
-L6scYVEludcRO/p/ixvJdlZ21Qf2lZnbPuDlWwRgk9NKC04GZkiik95+PC8GOLIY
-b7HYH6EQFgbQoWfP4n3gF8GylWw0snQz7OtxXqwlsoAfxqXqruJichgzUw5EV5Pg
-zToj8wvpmr6sDFd7UXYkJCg4jg3IhKwxSYd5DQIDAQABAoIBAQCmbI7OAkYJRjMH
-pRYoEiVCINy2sbAEfOM1NdkPg//G8anqSFkFbDyo0/aBargDyRf2ULoud7FYurZW
-fu1P15CArIkSscnsvgcODjMObSyKdhCOTtAjwTzcQOIuSmsZww/e5ZmoNMhuvXNj
-776Jm92q/Ttwevkrv9wUm7MP0kyXiSFpJvKMx33j6c1+M021bVx2TJjfKfcJ1jNI
-MF3NcMG8iL/MAwWgUFOYIMc0B6aTiNkOt3wOq+XRO/LCrnbkT5HFVGMsZU9K3860
-Z6KZeO4iMBCNlINQybXfqVgrvoA5Zqu6v+mkSWee2GcbxSNwfXyGqJg6eAHBRYrc
-RlSOqX+dAoGBAPH5EX/F3tla3c3LVqonK9Jd5jb5yhTO/1LmaPq3WX79ClEAv5FQ
-YVwWN9XQ4kG42vRUmYJNO1SQ4R8PM0MWn8owwKy+QyOhtqDXbTX9g31EwWOFZb9G
-NA/sbSNnmJZzQ5tsuplm1XuxRStDn66Z/WAxgP86UkWft53RKQIFwtlfAoGBAPAT
-MeiU1S3z8aUbbFQ5ETNHi+8xuldGyZaQZE+8CUFNEw33oT0SY+mMIFWZ9CHSpIoC
-DBkQ2YYdCy2miiEXxEGZA62vuMDV4I0K1o0D+QSRqGbYg2MnDQ3d+Ljx3e7oWe0s
-uV+UWh9oAHUl2QkfnyoTEVdeD6PqoMY/CNQbswkTAoGBAMK8RygEj7dvWIhRt/qS
-McNIjIj7+HVMrdEC28PCoUUA0jekmYeSH/ijbOYoCJ8J7TSrjSt/ilshifucGQ5J
-++kV2UpsiM35TGgfV6YW06aSGe1FI0CPeEDEboUKz5NtSiCgnX/tcavtW5RZBP7Y
-sUCkNoOxZRrhUj2xYgZdqpWTAoGAcKhxSTVefHv3L4WY5kUJX0j5z7tEOGSNgMwt
-ZoVUyoICqRFFZsVUgWoyWjkuqRiSAflH+BNCIH9MmZWHSFRA0o+dfEnzpvo2r7kg
-SXhNyOkZX3nG3iabJ6C8cP1/Kfd7C6NrMgEJ8ab6X/7sxC1EoZflEVygdklKPP2j
-hPWipGUCgYEAqyJqcOOZ9nSR9WeZNIkU8E0B/G1dFMwX37XJT/po8OZC8Yorbai5
-flpwwwkm2TCkk+ppt3uGOqvtOktDi+OxyrZHrzszkRa+uGRWfFUlyI1AePnAXE6f
-6euL6ffeV1Hy6urMWguXPB42BreM5/vkfVl+CKA9nBoRj7GHmi+Ov7I=
-----END RSA PRIVATE KEY-----
--- a/net/data/verify_certificate_chain_unittest/target-sets-eku-any/generate-chains.py
+++ b/net/data/verify_certificate_chain_unittest/target-sets-eku-any/generate-chains.py
-#!/usr/bin/python
-# Copyright (c) 2017 The Chromium Authors. All rights reserved.
-# Use of this source code is governed by a BSD-style license that can be
-# found in the LICENSE file.
-"""Certificate chain with 1 intermediate and a trusted root. The target
-restricts EKU to clientAuth+any and requests serverAuth during verification.
-This should succeed."""
-import sys
-sys.path += ['..']
-import common
-# Self-signed root certificate (used as trust anchor).
-root = common.create_self_signed_root_certificate('Root')
-# Intermediate certificate.
-intermediate = common.create_intermediate_certificate('Intermediate', root)
-# Target certificate.
-target = common.create_end_entity_certificate('Target', intermediate)
-target.get_extensions().set_property('extendedKeyUsage',
-                                     'clientAuth,anyExtendedKeyUsage')
-chain = [target, intermediate, root]
-common.write_chain(__doc__, chain, 'chain.pem')
--- a/net/data/verify_certificate_chain_unittest/target-sets-eku-any/main.test
+++ b/net/data/verify_certificate_chain_unittest/target-sets-eku-any/main.test
-chain: chain.pem
-last_cert_trust: TRUSTED_ANCHOR
-utc_time: 150302120000Z
-key_purpose: SERVER_AUTH
-expected_errors: