That is, key purpose checks and more elaborate time checks.
That is check the provided certificate for validity in time and key usage.
That is, allow setting code signing, or time stamping key purpose in certificates that are not marked as CA. The previous restriction served no purpose.
Showing with 626 additions and 87 deletions
tests/cert-tests/data/code-signing-ca.pem 0 → 100644
tests/cert-tests/data/code-signing-cert.pem 0 → 100644
tests/cert-tests/pkcs7-constraints 0 → 100755
tests/cert-tests/pkcs7-constraints2 0 → 100755