From e73fe837a8877c0197721b91e0d5ec40cb7a2cd0 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 11 Aug 2009 21:48:58 +0000 Subject: [PATCH] - Peter Sylvester made the HTTPS test server use specific certificates for each test, so that the test suite can now be used to actually test the verification of cert names etc. This made an error show up in the OpenSSL- specific code where it would attempt to match the CN field even if a subjectAltName exists that doesn't match. This is now fixed and verified in test 311. --- CHANGES | 7 ++ RELEASE-NOTES | 2 + lib/ssluse.c | 6 ++ tests/Makefile.am | 2 +- tests/certs/EdelCurlRoot-ca.cacert | 85 +++++++++++++++++ tests/certs/EdelCurlRoot-ca.crt | 85 +++++++++++++++++ tests/certs/EdelCurlRoot-ca.csr | 17 ++++ tests/certs/EdelCurlRoot-ca.der | Bin 0 -> 916 bytes tests/certs/EdelCurlRoot-ca.key | 30 ++++++ tests/certs/EdelCurlRoot-ca.prm | 18 ++++ tests/certs/Server-localhost-sv.crt | 81 ++++++++++++++++ tests/certs/Server-localhost-sv.csr | 11 +++ tests/certs/Server-localhost-sv.der | Bin 0 -> 837 bytes tests/certs/Server-localhost-sv.dhp | 0 tests/certs/Server-localhost-sv.key | 15 +++ tests/certs/Server-localhost-sv.p12 | Bin 0 -> 2958 bytes tests/certs/Server-localhost-sv.pem | 121 ++++++++++++++++++++++++ tests/certs/Server-localhost-sv.prm | 25 +++++ tests/certs/Server-localhost.nn-sv.crt | 81 ++++++++++++++++ tests/certs/Server-localhost.nn-sv.csr | 11 +++ tests/certs/Server-localhost.nn-sv.der | Bin 0 -> 843 bytes tests/certs/Server-localhost.nn-sv.dhp | 0 tests/certs/Server-localhost.nn-sv.key | 15 +++ tests/certs/Server-localhost.nn-sv.pem | 121 ++++++++++++++++++++++++ tests/certs/Server-localhost.nn-sv.prm | 25 +++++ tests/certs/Server-localhost0h-sv.crt | 81 ++++++++++++++++ tests/certs/Server-localhost0h-sv.csr | 11 +++ tests/certs/Server-localhost0h-sv.der | Bin 0 -> 839 bytes tests/certs/Server-localhost0h-sv.dhp | 0 tests/certs/Server-localhost0h-sv.key | 15 +++ tests/certs/Server-localhost0h-sv.p12 | Bin 0 -> 2970 bytes tests/certs/Server-localhost0h-sv.pem | 122 +++++++++++++++++++++++++ tests/certs/Server-localhost0h-sv.prm | 26 ++++++ tests/certs/scripts/genroot.sh | 63 +++++++++++++ tests/certs/scripts/genserv.sh | 106 +++++++++++++++++++++ tests/data/test310 | 52 +++++++++++ tests/data/test311 | 38 ++++++++ tests/data/test312 | 38 ++++++++ tests/httpsserver.pl | 23 ++++- tests/runtests.pl | 12 ++- 40 files changed, 1339 insertions(+), 6 deletions(-) create mode 100644 tests/certs/EdelCurlRoot-ca.cacert create mode 100644 tests/certs/EdelCurlRoot-ca.crt create mode 100644 tests/certs/EdelCurlRoot-ca.csr create mode 100644 tests/certs/EdelCurlRoot-ca.der create mode 100644 tests/certs/EdelCurlRoot-ca.key create mode 100644 tests/certs/EdelCurlRoot-ca.prm create mode 100644 tests/certs/Server-localhost-sv.crt create mode 100644 tests/certs/Server-localhost-sv.csr create mode 100644 tests/certs/Server-localhost-sv.der create mode 100644 tests/certs/Server-localhost-sv.dhp create mode 100644 tests/certs/Server-localhost-sv.key create mode 100644 tests/certs/Server-localhost-sv.p12 create mode 100644 tests/certs/Server-localhost-sv.pem create mode 100644 tests/certs/Server-localhost-sv.prm create mode 100644 tests/certs/Server-localhost.nn-sv.crt create mode 100644 tests/certs/Server-localhost.nn-sv.csr create mode 100644 tests/certs/Server-localhost.nn-sv.der create mode 100644 tests/certs/Server-localhost.nn-sv.dhp create mode 100644 tests/certs/Server-localhost.nn-sv.key create mode 100644 tests/certs/Server-localhost.nn-sv.pem create mode 100644 tests/certs/Server-localhost.nn-sv.prm create mode 100644 tests/certs/Server-localhost0h-sv.crt create mode 100644 tests/certs/Server-localhost0h-sv.csr create mode 100644 tests/certs/Server-localhost0h-sv.der create mode 100644 tests/certs/Server-localhost0h-sv.dhp create mode 100644 tests/certs/Server-localhost0h-sv.key create mode 100644 tests/certs/Server-localhost0h-sv.p12 create mode 100644 tests/certs/Server-localhost0h-sv.pem create mode 100644 tests/certs/Server-localhost0h-sv.prm create mode 100755 tests/certs/scripts/genroot.sh create mode 100755 tests/certs/scripts/genserv.sh create mode 100644 tests/data/test310 create mode 100644 tests/data/test311 create mode 100644 tests/data/test312 diff --git a/CHANGES b/CHANGES index 080f0dbe3..ec9096028 100644 --- a/CHANGES +++ b/CHANGES @@ -7,6 +7,13 @@ Changelog Daniel Stenberg (11 Aug 2009) +- Peter Sylvester made the HTTPS test server use specific certificates for + each test, so that the test suite can now be used to actually test the + verification of cert names etc. This made an error show up in the OpenSSL- + specific code where it would attempt to match the CN field even if a + subjectAltName exists that doesn't match. This is now fixed and verified + in test 311. + - Benbuck Nason posted the bug report #2835196 (http://curl.haxx.se/bug/view.cgi?id=2835196), fixing a few compiler warnings when mixing ints and bools. diff --git a/RELEASE-NOTES b/RELEASE-NOTES index ceb84d9c7..0ecd1fe45 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -42,6 +42,8 @@ This release includes the following bugfixes: o rand seeding on libcurl on windows built with OpenSSL was not thread-safe o fixed the zero byte inserted in cert name flaw in libcurl+OpenSSL o don't try SNI with SSLv2 or SSLv3 (OpenSSL and GnuTLS builds) + o libcurl+OpenSSL would wrongly acknowledge a cert if CN matched but + subjectAltName didn't This release includes the following known bugs: diff --git a/lib/ssluse.c b/lib/ssluse.c index 07824b411..bc1934cfc 100644 --- a/lib/ssluse.c +++ b/lib/ssluse.c @@ -1137,6 +1137,12 @@ static CURLcode verifyhost(struct connectdata *conn, if(matched) /* an alternative name matched the server hostname */ infof(data, "\t subjectAltName: %s matched\n", conn->host.dispname); + else if(altnames) { + /* an alternative name field existed, but didn't match and then + we MUST fail */ + infof(data, "\t subjectAltName does not match %s\n", conn->host.dispname); + res = CURLE_PEER_FAILED_VERIFICATION; + } else { /* we have to look to the last occurence of a commonName in the distinguished one to get the most significant one. */ diff --git a/tests/Makefile.am b/tests/Makefile.am index 96a93ea1f..32f27b520 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -27,7 +27,7 @@ PDFPAGES = testcurl.pdf runtests.pdf EXTRA_DIST = ftpserver.pl httpserver.pl httpsserver.pl runtests.pl getpart.pm \ FILEFORMAT README stunnel.pem memanalyze.pl testcurl.pl valgrind.pm ftp.pm \ sshserver.pl sshhelp.pm testcurl.1 runtests.1 $(HTMLPAGES) $(PDFPAGES) \ - CMakeLists.txt + CMakeLists.txt certs/scripts/*.sh certs/Server* certs/EdelCurlRoot* SUBDIRS = data server libtest diff --git a/tests/certs/EdelCurlRoot-ca.cacert b/tests/certs/EdelCurlRoot-ca.cacert new file mode 100644 index 000000000..c5154a4de --- /dev/null +++ b/tests/certs/EdelCurlRoot-ca.cacert @@ -0,0 +1,85 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 0b:5c:fb:79:f2:09 + Signature Algorithm: sha1WithRSAEncryption + Issuer: + countryName = NN + organizationName = Edel Curl Arctic Illudium Research Cloud + commonName = Nothern Nowhere Trust Anchor + Validity + Not Before: Aug 4 15:06:44 2009 GMT + Not After : Jan 7 15:06:44 2026 GMT + Subject: + countryName = NN + organizationName = Edel Curl Arctic Illudium Research Cloud + commonName = Nothern Nowhere Trust Anchor + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:bd:b7:e7:70:4c:17:0d:0f:e6:a4:ed:81:0b:26: + a9:d2:16:f6:2a:9c:87:6d:8e:7e:e2:71:98:89:41: + 97:d7:62:0b:c7:92:35:e5:09:0a:b4:67:06:59:c5: + 3b:2f:ae:6c:ff:68:6c:af:46:a3:1f:7e:32:5a:08: + c4:6e:65:5c:c2:9f:99:11:4e:28:dc:37:98:d0:ab: + 66:13:35:c6:bd:3c:6f:65:e2:5d:c2:59:21:80:68: + c0:85:eb:7e:a2:58:99:04:45:c3:f7:4c:39:83:fa: + 5c:6e:6a:a0:ff:45:b7:2f:7a:bb:bb:7f:3d:2b:cb: + 57:5f:09:24:c5:77:96:5d:1b:56:56:9a:48:51:0a: + f5:67:0f:67:8d:0d:82:c7:84:bf:b5:c5:f8:cd:71: + 2f:92:cb:e8:94:96:28:04:3a:c2:2c:38:e4:9e:3c: + 1b:89:9f:70:b6:02:b6:97:5e:2e:c1:5a:a7:af:86: + c2:b7:65:dc:83:8d:e7:85:72:a7:d1:f0:ba:ea:11: + dc:bd:7c:b5:68:89:82:15:2b:b5:91:f0:70:f5:fa: + e4:8c:21:fe:e7:8f:a3:16:5d:ee:a8:ff:a8:0e:22: + 1f:3e:27:25:f5:f1:a0:55:16:f7:c2:02:79:fb:c9: + ac:fd:d1:ca:6e:65:3e:97:cf:f0:df:c9:b9:c4:0a: + 87:c1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + 12:6B:24:D2:4A:68:B7:A1:B0:1C:CD:BF:D6:4C:CC:40:5B:7F:E0:40 + Signature Algorithm: sha1WithRSAEncryption + 66:1e:56:86:7d:87:99:f9:9a:d9:fb:fe:9c:bf:9e:d9:90:07: + da:9a:33:0f:72:6b:44:00:df:85:f0:ff:ed:c5:06:1c:1c:ff: + 4e:94:7d:6f:6c:7e:82:1a:82:bc:fe:ac:02:c5:1d:d0:1f:a8: + e3:2d:a2:8d:43:8e:73:8a:b0:a4:da:0b:1d:7e:1c:e9:35:93: + 29:6d:05:9f:6d:6c:0e:09:ee:9c:1a:15:fe:8a:5e:19:d8:da: + a0:6b:2a:d5:1d:fa:0c:af:63:55:41:42:ec:dd:3c:b0:6e:1f: + 66:67:c5:28:fd:23:1b:a6:42:98:49:f5:33:58:7b:5a:91:c7: + 9c:66:1f:53:cc:8b:79:11:a9:fa:a3:b8:5e:e1:d1:12:97:ec: + 5e:4d:c9:77:4c:03:0c:e8:80:33:57:da:d4:ce:af:c5:1b:f5: + 96:47:d4:68:da:83:3c:45:ee:84:b4:82:94:cd:65:2c:41:f1: + 45:3d:19:9b:da:7a:54:04:e4:39:b1:b5:2a:15:29:b8:99:6d: + 30:73:12:bc:7d:e3:79:f2:12:aa:e1:d7:d1:83:c4:bb:0c:bb: + a1:36:37:84:38:de:7c:3a:d7:c8:4f:6b:d9:cb:80:2b:29:27: + bd:c3:de:a5:2a:11:6d:b6:09:59:e6:d7:49:ae:52:89:28:3b: + af:f0:bd:86 +-----BEGIN CERTIFICATE----- +MIIDkDCCAnigAwIBAgIGC1z7efIJMA0GCSqGSIb3DQEBBQUAMGcxCzAJBgNVBAYT +Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo +IENsb3VkMSUwIwYDVQQDDBxOb3RoZXJuIE5vd2hlcmUgVHJ1c3QgQW5jaG9yMB4X +DTA5MDgwNDE1MDY0NFoXDTI2MDEwNzE1MDY0NFowZzELMAkGA1UEBhMCTk4xMTAv +BgNVBAoMKEVkZWwgQ3VybCBBcmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQx +JTAjBgNVBAMMHE5vdGhlcm4gTm93aGVyZSBUcnVzdCBBbmNob3IwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9t+dwTBcND+ak7YELJqnSFvYqnIdtjn7i +cZiJQZfXYgvHkjXlCQq0ZwZZxTsvrmz/aGyvRqMffjJaCMRuZVzCn5kRTijcN5jQ +q2YTNca9PG9l4l3CWSGAaMCF636iWJkERcP3TDmD+lxuaqD/Rbcveru7fz0ry1df +CSTFd5ZdG1ZWmkhRCvVnD2eNDYLHhL+1xfjNcS+Sy+iUligEOsIsOOSePBuJn3C2 +AraXXi7BWqevhsK3ZdyDjeeFcqfR8LrqEdy9fLVoiYIVK7WR8HD1+uSMIf7nj6MW +Xe6o/6gOIh8+JyX18aBVFvfCAnn7yaz90cpuZT6Xz/DfybnECofBAgMBAAGjQjBA +MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBQSayTS +Smi3obAczb/WTMxAW3/gQDANBgkqhkiG9w0BAQUFAAOCAQEAZh5Whn2Hmfma2fv+ +nL+e2ZAH2pozD3JrRADfhfD/7cUGHBz/TpR9b2x+ghqCvP6sAsUd0B+o4y2ijUOO +c4qwpNoLHX4c6TWTKW0Fn21sDgnunBoV/opeGdjaoGsq1R36DK9jVUFC7N08sG4f +ZmfFKP0jG6ZCmEn1M1h7WpHHnGYfU8yLeRGp+qO4XuHREpfsXk3Jd0wDDOiAM1fa +1M6vxRv1lkfUaNqDPEXuhLSClM1lLEHxRT0Zm9p6VATkObG1KhUpuJltMHMSvH3j +efISquHX0YPEuwy7oTY3hDjefDrXyE9r2cuAKyknvcPepSoRbbYJWebXSa5SiSg7 +r/C9hg== +-----END CERTIFICATE----- diff --git a/tests/certs/EdelCurlRoot-ca.crt b/tests/certs/EdelCurlRoot-ca.crt new file mode 100644 index 000000000..c5154a4de --- /dev/null +++ b/tests/certs/EdelCurlRoot-ca.crt @@ -0,0 +1,85 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 0b:5c:fb:79:f2:09 + Signature Algorithm: sha1WithRSAEncryption + Issuer: + countryName = NN + organizationName = Edel Curl Arctic Illudium Research Cloud + commonName = Nothern Nowhere Trust Anchor + Validity + Not Before: Aug 4 15:06:44 2009 GMT + Not After : Jan 7 15:06:44 2026 GMT + Subject: + countryName = NN + organizationName = Edel Curl Arctic Illudium Research Cloud + commonName = Nothern Nowhere Trust Anchor + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:bd:b7:e7:70:4c:17:0d:0f:e6:a4:ed:81:0b:26: + a9:d2:16:f6:2a:9c:87:6d:8e:7e:e2:71:98:89:41: + 97:d7:62:0b:c7:92:35:e5:09:0a:b4:67:06:59:c5: + 3b:2f:ae:6c:ff:68:6c:af:46:a3:1f:7e:32:5a:08: + c4:6e:65:5c:c2:9f:99:11:4e:28:dc:37:98:d0:ab: + 66:13:35:c6:bd:3c:6f:65:e2:5d:c2:59:21:80:68: + c0:85:eb:7e:a2:58:99:04:45:c3:f7:4c:39:83:fa: + 5c:6e:6a:a0:ff:45:b7:2f:7a:bb:bb:7f:3d:2b:cb: + 57:5f:09:24:c5:77:96:5d:1b:56:56:9a:48:51:0a: + f5:67:0f:67:8d:0d:82:c7:84:bf:b5:c5:f8:cd:71: + 2f:92:cb:e8:94:96:28:04:3a:c2:2c:38:e4:9e:3c: + 1b:89:9f:70:b6:02:b6:97:5e:2e:c1:5a:a7:af:86: + c2:b7:65:dc:83:8d:e7:85:72:a7:d1:f0:ba:ea:11: + dc:bd:7c:b5:68:89:82:15:2b:b5:91:f0:70:f5:fa: + e4:8c:21:fe:e7:8f:a3:16:5d:ee:a8:ff:a8:0e:22: + 1f:3e:27:25:f5:f1:a0:55:16:f7:c2:02:79:fb:c9: + ac:fd:d1:ca:6e:65:3e:97:cf:f0:df:c9:b9:c4:0a: + 87:c1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + 12:6B:24:D2:4A:68:B7:A1:B0:1C:CD:BF:D6:4C:CC:40:5B:7F:E0:40 + Signature Algorithm: sha1WithRSAEncryption + 66:1e:56:86:7d:87:99:f9:9a:d9:fb:fe:9c:bf:9e:d9:90:07: + da:9a:33:0f:72:6b:44:00:df:85:f0:ff:ed:c5:06:1c:1c:ff: + 4e:94:7d:6f:6c:7e:82:1a:82:bc:fe:ac:02:c5:1d:d0:1f:a8: + e3:2d:a2:8d:43:8e:73:8a:b0:a4:da:0b:1d:7e:1c:e9:35:93: + 29:6d:05:9f:6d:6c:0e:09:ee:9c:1a:15:fe:8a:5e:19:d8:da: + a0:6b:2a:d5:1d:fa:0c:af:63:55:41:42:ec:dd:3c:b0:6e:1f: + 66:67:c5:28:fd:23:1b:a6:42:98:49:f5:33:58:7b:5a:91:c7: + 9c:66:1f:53:cc:8b:79:11:a9:fa:a3:b8:5e:e1:d1:12:97:ec: + 5e:4d:c9:77:4c:03:0c:e8:80:33:57:da:d4:ce:af:c5:1b:f5: + 96:47:d4:68:da:83:3c:45:ee:84:b4:82:94:cd:65:2c:41:f1: + 45:3d:19:9b:da:7a:54:04:e4:39:b1:b5:2a:15:29:b8:99:6d: + 30:73:12:bc:7d:e3:79:f2:12:aa:e1:d7:d1:83:c4:bb:0c:bb: + a1:36:37:84:38:de:7c:3a:d7:c8:4f:6b:d9:cb:80:2b:29:27: + bd:c3:de:a5:2a:11:6d:b6:09:59:e6:d7:49:ae:52:89:28:3b: + af:f0:bd:86 +-----BEGIN CERTIFICATE----- +MIIDkDCCAnigAwIBAgIGC1z7efIJMA0GCSqGSIb3DQEBBQUAMGcxCzAJBgNVBAYT +Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo +IENsb3VkMSUwIwYDVQQDDBxOb3RoZXJuIE5vd2hlcmUgVHJ1c3QgQW5jaG9yMB4X +DTA5MDgwNDE1MDY0NFoXDTI2MDEwNzE1MDY0NFowZzELMAkGA1UEBhMCTk4xMTAv +BgNVBAoMKEVkZWwgQ3VybCBBcmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQx +JTAjBgNVBAMMHE5vdGhlcm4gTm93aGVyZSBUcnVzdCBBbmNob3IwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9t+dwTBcND+ak7YELJqnSFvYqnIdtjn7i +cZiJQZfXYgvHkjXlCQq0ZwZZxTsvrmz/aGyvRqMffjJaCMRuZVzCn5kRTijcN5jQ +q2YTNca9PG9l4l3CWSGAaMCF636iWJkERcP3TDmD+lxuaqD/Rbcveru7fz0ry1df +CSTFd5ZdG1ZWmkhRCvVnD2eNDYLHhL+1xfjNcS+Sy+iUligEOsIsOOSePBuJn3C2 +AraXXi7BWqevhsK3ZdyDjeeFcqfR8LrqEdy9fLVoiYIVK7WR8HD1+uSMIf7nj6MW +Xe6o/6gOIh8+JyX18aBVFvfCAnn7yaz90cpuZT6Xz/DfybnECofBAgMBAAGjQjBA +MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBQSayTS +Smi3obAczb/WTMxAW3/gQDANBgkqhkiG9w0BAQUFAAOCAQEAZh5Whn2Hmfma2fv+ +nL+e2ZAH2pozD3JrRADfhfD/7cUGHBz/TpR9b2x+ghqCvP6sAsUd0B+o4y2ijUOO +c4qwpNoLHX4c6TWTKW0Fn21sDgnunBoV/opeGdjaoGsq1R36DK9jVUFC7N08sG4f +ZmfFKP0jG6ZCmEn1M1h7WpHHnGYfU8yLeRGp+qO4XuHREpfsXk3Jd0wDDOiAM1fa +1M6vxRv1lkfUaNqDPEXuhLSClM1lLEHxRT0Zm9p6VATkObG1KhUpuJltMHMSvH3j +efISquHX0YPEuwy7oTY3hDjefDrXyE9r2cuAKyknvcPepSoRbbYJWebXSa5SiSg7 +r/C9hg== +-----END CERTIFICATE----- diff --git a/tests/certs/EdelCurlRoot-ca.csr b/tests/certs/EdelCurlRoot-ca.csr new file mode 100644 index 000000000..3a25911a3 --- /dev/null +++ b/tests/certs/EdelCurlRoot-ca.csr @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICrDCCAZQCAQAwZzELMAkGA1UEBhMCTk4xMTAvBgNVBAoMKEVkZWwgQ3VybCBB +cmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQxJTAjBgNVBAMMHE5vdGhlcm4g +Tm93aGVyZSBUcnVzdCBBbmNob3IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQC9t+dwTBcND+ak7YELJqnSFvYqnIdtjn7icZiJQZfXYgvHkjXlCQq0ZwZZ +xTsvrmz/aGyvRqMffjJaCMRuZVzCn5kRTijcN5jQq2YTNca9PG9l4l3CWSGAaMCF +636iWJkERcP3TDmD+lxuaqD/Rbcveru7fz0ry1dfCSTFd5ZdG1ZWmkhRCvVnD2eN +DYLHhL+1xfjNcS+Sy+iUligEOsIsOOSePBuJn3C2AraXXi7BWqevhsK3ZdyDjeeF +cqfR8LrqEdy9fLVoiYIVK7WR8HD1+uSMIf7nj6MWXe6o/6gOIh8+JyX18aBVFvfC +Ann7yaz90cpuZT6Xz/DfybnECofBAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEA +IFe5QoGVnUvCDOvZPMFmnclBgPVpTYB/twQEK3VoKnTbWj78LL6IGJLoqS7l+wnW +5PLYGjNwR7atIw1pnq6i+GglV5USXRMCNfB0NYLEZdfIUKwIQia2sidmv1gHDXbW +oCh33kwizd8K0pCivtS60p7PfrjyKuj0qcdwFLuW6sa9ks4mswsykPJFFWseln6U +YlFNOX2OWSNnoadLVgTxhIuSr7rXHVza01sNvH/tXKO0J4gfK7TctZpNsl4tnWx8 +6wjXe55aQqokjdfe92mPKClMuiXJTLPkM4tPN1Wau3qYw+BAb038z+j8FL8n7CEU +n3WlmMJ7tmkd3NShPejqZQ== +-----END CERTIFICATE REQUEST----- diff --git a/tests/certs/EdelCurlRoot-ca.der b/tests/certs/EdelCurlRoot-ca.der new file mode 100644 index 0000000000000000000000000000000000000000..5d0e2d5d8f45cfd67c791bdfae7bc15d6b11b220 GIT binary patch literal 916 zcmXqLVxC~o#8k0>nTe5!iH$qvcjYHe170>xtu~Lg@4SqRtgH+M>4w|}oNUaYENsF| zetw3A2Kpcl7mtQ(N@|XRb7@hIf@4u~NoKNwXHHION@i)ULQraPYGP4xhJtfWerbxK zs(~^{3p0<5Uw%nOYEhnoUw%1|PE`mgDlINiaLh~2$S*RG6X!LsG_Wu*F*G$WGck!0 z=QT1jFf=fSa_Q%gCPpRXKwxBLU~XdMXE11D)jU1*BM1|9LYvw+f=@}_PF?lu#|5Ec-w!cW{yw?p@5NJjsdm%Pf4F~g=Mk>*yjf$=IU%*gnkh1Gx=NEz^f1o%M$EWk9yW*`gV^RbArhzMn?T=L4;zHo!g+5Oji z&NxKZKX5<}WnfYRhB6~Vnp{|0ZTrlhvu^(WH)sF6n-kb?%`)aM%64J6-}>SI+oNnU zGXMRi)aK{ZHAyw?`L~AYsO$y#6_0fn^*Z+zcWqd5i(9r%=B4Rm&0N;`xjB5C@8(E} z{_Bd9ym4zmw$@eIUp(uRLmi#o+_l+|C!dynRO7F*^fIRzo?ne4s-q?zpOYpZe5Sin zaOJPXJK`Q*6q^1f&i7=w4>Qk;2IKHsSI(_JD*bhu`<0Aa%{H#@TDCMzIh(5E_|er? za`vsN5SAyF8@FnSYVMesYfvn-r}lB>C!tjjuU~9FvYTi3LNoIgi+eRz*H8Fo-#p!* et*O5E@V%v4g1Or`BcEOOTo=@-VZHvt-ZlVjLuf<* literal 0 HcmV?d00001 diff --git a/tests/certs/EdelCurlRoot-ca.key b/tests/certs/EdelCurlRoot-ca.key new file mode 100644 index 000000000..244aea1c6 --- /dev/null +++ b/tests/certs/EdelCurlRoot-ca.key @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIUbvkhX/UejoCAggA +MBQGCCqGSIb3DQMHBAhyTjz68mGb9gSCBMjeTO0EBH03MKmIHaDTPzJyJO4jyqQS +WJw6j+nYXHLQ3/PDh431GIQatN6Hpp14e+y/PZEl68jB8cxVCpiGO+JLT7ov4zlU +nLsCwSn7lmFeylrlZYOnP//3JVfEwcO3E22y6Ay3RKm5UYKTYoCXwkIC7xockF4+ +E3xq2bRYD4OGrb77srqU2puPie0otfm3dpkZk5FKY/9knygufqO0HoC6y1swPT0q +ykOst064UGFG36IiISVImoYeOQ2kY0fo3bBtC7QGhCiid0cOXZOUZD7I+Vz7UPJo +XUtM0s9V1uer/DrDREFrCG/GfwNDhrhqXM4AsJQwPi8FV4KK+rHOFCg0FOPAlGff +UMArHp81ZmM9T6SWmWFGdmJPNz0jp7HPmzYt3rXQc88qk0iig+A42SMqj6otMPuJ +st/0Sm+GzRHjbgV0Jh2zPpTwzznLj8NjHCtmSWijFZZbylEvr3klzLdnva5c75pw +Qhqbe3ZkNaRkJvxWlIvd8qrE4rix34M5ZN1gm4+y5kE8gYjMF8KdBwxfsSkobL48 +i2NpaROvFhewE9IaoJ8bAVJA9KpHZBftWaZFJ7S7h0Vdhw0KRVFZYQiz6xqma4Xp +yp4EopNdffuEXxQOQiAsHyhnBsPGoMTUpCQAfL1v90+SIs0FG6faClk3L6EyATXW +pLQURbocUJYr6hyxY62Y1pc3TVlspIv/kukKtwq7iuvD5mFgmGumSI/pq2jfKo02 +aFSPTNVEidFvJJVr0HVIwPVmuMRs0Lr0t8Txih4NIzTITR4tPwaIwhi0Qi3VanNG +TY9oevkclxiNbP9OQfIP6CMHNnAzLhOm+vbwlkCAqcFo0KjzGJb4NhyAxYpUZ7U3 +NGoNVQ7haF/Frz5PxAGl5l57qLI4pHsknrZsKxiTKpSy5l3melj3Zk0R2jXN9uJX +Z3FYG6R7Zbnt8gbXw1dqteLo07ObS7OwULqAJlboqporOtvWKhqPTPeNFP7HCdHJ +uFBVQJwWGD8QBcZ1k591JcFY7vPWHdQF7ku+EEs7dEeNBUS28Baw5qoiXRBWsD7B +Y3D4QaAZF64rqvtIlhDZBzmrUZ1KqJDX1B9I2pf7D6bbxL0wYiVTRQeoDV7eGZXF +0+tMbHgZ/CmAsOx0sdcR0BkigQMGh9HHtDs4gRJsf/RjzkKJQD28FfJxqvRYDYFd +8PSL7/DPipTUxvALuKWX/cRR/kVDEvt3AXJqAJsb3Xf/NloicieQ5QCy2LXwU4rQ +pBur7YFHw2VfT/HU8Jdd3yoXJPRBy9bAGFXojtBT6cuCcyBrUwrFo/nfiirK1WAd +krIL1/kUNKy34b/Yp2/BNuo+QrDP7tJNWVO7pVs1eNFs45en0GNR1tsaIxN95MwX +vw4g4vMNMkpEPdLCPkjCYuW6mqkxT7ED3LAEsOBljcjkaId4QVS2TZv9V+izeHx8 +OGYmyJB5d2N/v1gwBSq7h+xx7bG/hByJ+7hGR3J9+3HEN/TYFPqjIofA8sBZ6Emt +oICblaS4xlmWwb8iSdo38yDWVaemmuW3zpCLfCR3RFT8aV9u1eahYWuU0/kgn2QB +GvaavsdlahZl+f0uqf67TDWxTDkeQuiiRwy3UCnooxDLclq3YM9yWP4wbq9xNn4d +G+0= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/certs/EdelCurlRoot-ca.prm b/tests/certs/EdelCurlRoot-ca.prm new file mode 100644 index 000000000..4c53ef515 --- /dev/null +++ b/tests/certs/EdelCurlRoot-ca.prm @@ -0,0 +1,18 @@ +extensions = x509v3 +[ req ] +default_bits = 2048 +distinguished_name = req_DN +default_md = sha256 +string_mask = utf8only +[ req_DN ] +countryName = "Country Name" +countryName_value = NN +organizationName = "Organization Name" +organizationName_value = Edel Curl Arctic Illudium Research Cloud +commonName = "Common Name" +commonName_value = Nothern Nowhere Trust Anchor +[ x509v3 ] +basicConstraints = critical,CA:true +keyUsage = critical,keyCertSign,cRLSign +subjectKeyIdentifier = hash + diff --git a/tests/certs/Server-localhost-sv.crt b/tests/certs/Server-localhost-sv.crt new file mode 100644 index 000000000..f78e3c038 --- /dev/null +++ b/tests/certs/Server-localhost-sv.crt @@ -0,0 +1,81 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 0b:5d:0a:89:a5:41 + Signature Algorithm: sha1WithRSAEncryption + Issuer: + countryName = NN + organizationName = Edel Curl Arctic Illudium Research Cloud + commonName = Nothern Nowhere Trust Anchor + Validity + Not Before: Aug 4 22:07:52 2009 GMT + Not After : Oct 21 22:07:52 2017 GMT + Subject: + countryName = NN + organizationName = Edel Curl Arctic Illudium Research Cloud + commonName = localhost + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:d3:6f:53:ed:32:a1:69:20:22:6e:5c:69:34:3d: + 8f:14:65:61:c8:f7:99:15:ec:a9:51:43:87:7a:b0: + 4b:65:c5:c2:7c:e4:4a:f0:c7:25:42:19:ec:ec:84: + 5a:62:a0:4e:de:f9:2d:86:aa:e5:b2:b9:f7:e8:1f: + 5d:c6:8d:07:b1:83:54:92:a8:65:5d:2c:e6:3b:e0: + f3:0e:ae:b2:72:05:4c:dd:85:90:16:bc:1f:03:59: + 23:76:be:e0:38:ee:21:05:37:d0:01:31:7d:1f:3c: + f5:fd:78:56:cd:cb:86:bb:d1:e8:07:73:a6:90:f9: + 3b:7e:9d:85:bc:3c:2a:78:49 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Alternative Name: + DNS:localhost + X509v3 Key Usage: + Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication + X509v3 Subject Key Identifier: + 53:59:CB:8D:67:CD:E7:63:E2:E5:DD:F0:F8:E1:82:ED:A8:10:38:A3 + X509v3 Authority Key Identifier: + keyid:12:6B:24:D2:4A:68:B7:A1:B0:1C:CD:BF:D6:4C:CC:40:5B:7F:E0:40 + + X509v3 Basic Constraints: critical + CA:FALSE + Signature Algorithm: sha1WithRSAEncryption + 06:3f:b8:df:8e:20:9d:cd:cd:bc:a9:88:eb:2d:f8:e6:f0:15: + fa:14:9c:5f:55:bc:8f:68:40:aa:d2:51:03:ab:09:ee:ee:a6: + d7:8f:32:9a:75:0b:41:35:71:bf:d9:35:03:dd:fd:e5:7d:45: + db:e5:9a:16:14:14:c7:98:a5:c5:b9:4d:81:3a:0c:f9:e0:97: + 71:d0:f3:a0:5d:84:ba:83:a8:d8:a0:98:bf:12:48:42:f0:1b: + 8a:58:80:16:62:69:bb:96:5a:ce:ac:02:fa:cb:cd:20:30:d0: + fb:23:3a:d3:7b:75:03:c8:c1:20:9e:24:90:d2:61:00:85:63: + e2:f9:a7:52:50:e2:0d:3b:61:f9:b1:d5:5f:64:dd:cb:38:7b: + 05:8d:b7:f9:08:8e:bf:d3:02:13:e7:34:fa:3d:bb:af:d7:aa: + de:79:28:f4:ae:87:f5:49:85:42:c7:af:8b:a0:94:ed:21:de: + 36:e6:38:a3:0f:75:cf:68:10:48:1d:7d:9b:a2:88:86:bd:b5: + fe:95:4a:c8:fe:77:6b:0a:47:79:ab:d6:35:ea:53:4f:8f:3a: + ba:e1:4c:00:57:b8:99:f9:21:5d:d2:ad:d9:c7:fa:bf:71:73: + 49:5d:0b:2c:fd:02:37:94:3c:3e:d7:ef:72:c5:e3:f3:14:9f: + 58:27:2a:aa +-----BEGIN CERTIFICATE----- +MIIDQTCCAimgAwIBAgIGC10KiaVBMA0GCSqGSIb3DQEBBQUAMGcxCzAJBgNVBAYT +Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo +IENsb3VkMSUwIwYDVQQDDBxOb3RoZXJuIE5vd2hlcmUgVHJ1c3QgQW5jaG9yMB4X +DTA5MDgwNDIyMDc1MloXDTE3MTAyMTIyMDc1MlowVDELMAkGA1UEBhMCTk4xMTAv +BgNVBAoMKEVkZWwgQ3VybCBBcmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQx +EjAQBgNVBAMMCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA +029T7TKhaSAiblxpND2PFGVhyPeZFeypUUOHerBLZcXCfORK8MclQhns7IRaYqBO +3vkthqrlsrn36B9dxo0HsYNUkqhlXSzmO+DzDq6ycgVM3YWQFrwfA1kjdr7gOO4h +BTfQATF9Hzz1/XhWzcuGu9HoB3OmkPk7fp2FvDwqeEkCAwEAAaOBiTCBhjAUBgNV +HREEDTALgglsb2NhbGhvc3QwCwYDVR0PBAQDAgUgMBMGA1UdJQQMMAoGCCsGAQUF +BwMBMB0GA1UdDgQWBBRTWcuNZ83nY+Ll3fD44YLtqBA4ozAfBgNVHSMEGDAWgBQS +ayTSSmi3obAczb/WTMxAW3/gQDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBQUA +A4IBAQAGP7jfjiCdzc28qYjrLfjm8BX6FJxfVbyPaECq0lEDqwnu7qbXjzKadQtB +NXG/2TUD3f3lfUXb5ZoWFBTHmKXFuU2BOgz54Jdx0POgXYS6g6jYoJi/EkhC8BuK +WIAWYmm7llrOrAL6y80gMND7IzrTe3UDyMEgniSQ0mEAhWPi+adSUOINO2H5sdVf +ZN3LOHsFjbf5CI6/0wIT5zT6Pbuv16reeSj0rof1SYVCx6+LoJTtId425jijD3XP +aBBIHX2booiGvbX+lUrI/ndrCkd5q9Y16lNPjzq64UwAV7iZ+SFd0q3Zx/q/cXNJ +XQss/QI3lDw+1+9yxePzFJ9YJyqq +-----END CERTIFICATE----- diff --git a/tests/certs/Server-localhost-sv.csr b/tests/certs/Server-localhost-sv.csr new file mode 100644 index 000000000..4a1ccaf5a --- /dev/null +++ b/tests/certs/Server-localhost-sv.csr @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBkzCB/QIBADBUMQswCQYDVQQGEwJOTjExMC8GA1UECgwoRWRlbCBDdXJsIEFy +Y3RpYyBJbGx1ZGl1bSBSZXNlYXJjaCBDbG91ZDESMBAGA1UEAwwJbG9jYWxob3N0 +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDTb1PtMqFpICJuXGk0PY8UZWHI +95kV7KlRQ4d6sEtlxcJ85ErwxyVCGezshFpioE7e+S2GquWyuffoH13GjQexg1SS +qGVdLOY74PMOrrJyBUzdhZAWvB8DWSN2vuA47iEFN9ABMX0fPPX9eFbNy4a70egH +c6aQ+Tt+nYW8PCp4SQIDAQABoAAwDQYJKoZIhvcNAQELBQADgYEAxfegbegW/e09 +TV4TVuyt7S7wwCJFepfi7hNDoPf/CiuW3KeSySP68iD9QUNhy2wADFP6eHPaooUZ +h5PIvZ8IKpBzIbtG2mcOV4tKEBIshoBv/VFOTUqGKJf4r9dK0AjbovyPNpt9lCcO +xcnrH3WuQUVdmXVvlUXHz/mhzs2TFx4= +-----END CERTIFICATE REQUEST----- diff --git a/tests/certs/Server-localhost-sv.der b/tests/certs/Server-localhost-sv.der new file mode 100644 index 0000000000000000000000000000000000000000..aefd60284a39418cf0c05833405e239dbf75f736 GIT binary patch literal 837 zcmXqLVsJgl9{aFnUhnRl3ALo5R_V+npl*aq2Qd8Uz%d5 zYM>0#!ptM%mtT^RT9l{YmtPK~Qx!srN{dSr9P^Sh@{0`Q#CZ)Y4J-^yjEoG-O^u?& zc@51C4U7z-T!Rpb9U^2P0C5OsPJVJ?PDXxli9zFhWDhg4GB7vxG8i;=GBq|bT+R=E zYqT&^K`AdL)5Nx4BsKBG_nD$^Rt7q^S8ec4J$k6-iPwkYs!oz`-n2v|E%3YdQ@3r^ z(@i_SzmShT*2})JIb_m`)L5No)(<}Ot=m+@>T|bsg4iB;=1AqTeGe?&DYBYhU^J|i zxB2?FBJAwxw%r$Buoo|z@YA|(ZtET!tqM;jW=00a#f_Z?jco=ZK$pu3vhW&kHzB#6 z8zjol!otkNs$d`t;;6Fl7;v$1XtMz$kDZy(Ko%s($0Eie5*&HDH~sAMFo*ui^T@=AZcY52?MbP5ut3AOI{h<7jBR_yZ@Tc8Hecl2Mz{2AO*sVjQ?4f3>c7u z3Ya#Sn;01x*z9-Q?^Bq2_UxXO9j|qNJo_N}OJq)b=$`%zhgFvXnOAeZd$;U*ztOBx zZb#F?{WndS@BV#S>w5d?EHM$0<1>~X-RawC#q;yQ^ui0D7sR&gYF=?;!HoSv9!?*m zyCNFIk}`Ksi#oT4>DTGA3I-Q`D_dQzE@eJ(P+^|RgiDDGt;vsmE)NQL#A}`SbK}+c zl)I-bs#$xt|K#Y~f0;@6xydiv-RrNfx>u?3WnKGM&sL}7>$?|Bd8>HO?3u-4{?hXq z0v@upvln%=?cMrss@I8s<=I^Bm8-9rz6$p5x7zj4har5&%%6&}m)71q{%e0>v1cr| Y&R-_;DK>W3-xnQy{8?mvgu2!$087R?hyVZp literal 0 HcmV?d00001 diff --git a/tests/certs/Server-localhost-sv.dhp b/tests/certs/Server-localhost-sv.dhp new file mode 100644 index 000000000..e69de29bb diff --git a/tests/certs/Server-localhost-sv.key b/tests/certs/Server-localhost-sv.key new file mode 100644 index 000000000..832bbba5c --- /dev/null +++ b/tests/certs/Server-localhost-sv.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQDTb1PtMqFpICJuXGk0PY8UZWHI95kV7KlRQ4d6sEtlxcJ85Erw +xyVCGezshFpioE7e+S2GquWyuffoH13GjQexg1SSqGVdLOY74PMOrrJyBUzdhZAW +vB8DWSN2vuA47iEFN9ABMX0fPPX9eFbNy4a70egHc6aQ+Tt+nYW8PCp4SQIDAQAB +AoGBAMhtVySaAzJxONJfHYdc934BIPHt7BtBbbvQBOSDq+V80wGrM3MNhL8lbldC +m5+0kS+DC+oFpJqI+Xz8BtwJooilPuQO3syo5YZuFRee81M8Z5Ss78TG6FLdjt6Z +hKQHju+Ghxm08pd2cTaYGDzS3LYsvSXz4TnsdWAVATCwKTSFAkEA8HnPcZdAXiLJ +eA2cRAuyEUPjs7B6eR5dLraLrIOtcKs/xJH/W+63hhMjqe9CASuSzVJEr8QxijYN +Cdlq3V3XhwJBAOEVk48TZF+gc87sWsBIy+mn3MdovKbmnYM/rzVXYiu2mBQ+nKhp +mevRc/UJdkaW8H340wRm1qGMYPCeekRdha8CQCuHcSR3o4Amvd9MX2f10gLMDjCd +ll3MQEPPaVMN9tw5M27KmrWybWgImOEO3RzHHWirJqHGWs1Q4WVSBMUTUosCQQDf +sz/6HL3PRHqUltcC79apnEmSbgfAoMa/INYTX4uUAl9XD3tG7d0qP/rM9+By+6R8 +roWahFKgMBJQUlEWDRTFAkAiLYKd8pxw3x3kuk5ItmTiq3JNluMyIA/i3RVW1aVO +U5tX8sw6r4wVcsvXVboS/Trjeev2qkqC06ARV7vb6Wq5 +-----END RSA PRIVATE KEY----- diff --git a/tests/certs/Server-localhost-sv.p12 b/tests/certs/Server-localhost-sv.p12 new file mode 100644 index 0000000000000000000000000000000000000000..d7b8441a470198d90b5946c5b5472dd3f3deca4c GIT binary patch literal 2958 zcmY*bXE+;*8cvYJ2r5yk#<6!b)QU|MwTYmpRkKu!nng*i8Y#7@)fz=PrL^|0A_*mw z)aD$!)|J}L?YYmr_uTvA8_)ZG&-d&5p7%vynUZLLvbt5j^8MImdKW-h8oZ&Qg8S+1}; z+28i1bZlu5?(3m)C0>?h@U8Gn(6j^8BB_R9iks+jH@aOBPoh9oX53G5r*nm>`nU90 zIi9-c#OJuYm7^}m`{4CvKYJ0AYzQYTQD!m;UIn_q7tl#1#d6Mk*ziQ1f%J!Qn|uZv zg?1fdS*<3{k}dgqR@`UVe7-dfJr)w;xs%h|xxnvHW(l@&z?GN6??8{U`_Ft zyWoh6<2$MI6wrCz$qoTW$SqJ74HulOOSfTaz%g)BSF0!0%e6iNf?^RXsFI> zM5PT16f9V6#pW8JPvZJ9OR?~#tVhG_v`dF8rDtv5%1r* zT-}C5WNRqY=y0p;sBH_ou;d7gd?O&j=J27mJb7Ckt%u^qW{_nXN&i%F!iDqh*&5Q- zR()vgn(Ix1pzl!&qg<_IZ=!c2e+4Ugan-!OE4P3DVAwlN1)3>e)VUWz0eZFB>k3qa zJxTLv`0l5UL);WDwl=NwQ=7^d2i`&tem&Mdt&+aj9(11ahQu^H!01P&wvFb)@7}h# z)shEy>7xSnzvd@iM2&>D@U`VKr@yV~cCxe@cmM{|iCVm6(yDUO8TF>OgfVHc@XvGQ zW;TW3#G1H};bZP2hg~rq{d;+Nnic?d{VW>qLxhs42yz;ORjMD^}sAuRPzhmdZ=0>_8wJ{3UTR->xd0TxjGALRfLN^|L{c<%$X_dkw7y#dLa>L-qBgrrv(^h=qm z4JZ0tvFLZ9wWl)QSSUIAGD~HRr5LmOb@hZ!OEPxifOZfu;UcLl$Ly@cucw*+af(_A z8;$OfBitjiBrOun%BENEb4VBRYLB%?cTKMpO|HLsXra#&K94?>nW1}#EQunIdKRX% zip$_?TN#v$#91ngJB2f{p>^i|?ZNQEC%6M|Zp{8^yri$IZ&1~-IkUon)LNIY=0|0B z_Q}AT=1uD~n7$#qn!?JbK0)d5H z#d=J;6G{dZUKL#TjlYYmEh;z)@y5neEORjlY*TEIM)|PugW`fxjAjyW6PvFEIr|F#~S+EFm)w{jf7zB6b zMYu(7i*$km!GU#8J%3%Qfc|7AvJ)dS;;2*DddH9T9)WGQ$V&Onv9F?UU1J=PB1GOp z|Jg9nKp2)6+3qI+pe{*YjY%dhNUx*M%A?jNA?iaYn~Y!^^ZU`u`&RGlima^g#1`;{z4II_j+SMeox>m5TS{-!5GkMx#l8d-8?STvq zs3CqCv5@@CjB3eC1H(7{dxqHUF|Kzr6C=ZX=p6a->&3Y#cm>n7y7jr0-WrUc!EUSf zH{wX~oD18obYLT62#-Qe-lIXzTTNQF^?}aZ+}<-abtUBAz%NOmK^bLnnknU3ZQGL0 z+O6hw4+m)Z^sGBjr!z$ibUeVDS_MZYZ1!Re#dYp!VN^qg^Pu?B+UJ7lHbK~n{)wC`L zLA$o?DE7!;VUp3>=|ON~^B0b(X6|dT_6^_CHkIphtUk2x4i`=qgm3ie$+gq8h_xwR zGRdD>@cIlZ&uMlHR*#W1{g@gMVOqXr$b*c@l&{U}+`)NAOFqwA^%9TFzfE{8zAonf@dHj6j+aEKLOhOY`dgTmkK0u3&ax zU+rml{n}ryfDTI&J>ewyaxwdiqT4D$(;+ENr|bE3T_W8Hgre?mVb-f3_nlOe&p13H z{&*9fV$41riKcjHfZIQDC^f{pS$O(i4z#Db+7z}F;D3AjX*iOJ1q ze-6EhSq6tKHjeSlYu=ShZxXnkbU$t@g=0k?zoU9ZFi~xt#}zrVFQ`P`hr1bsfs8>@ z9S5k!MD|;&Yfqbl#wDG)PpGPpGnvO%7-Jkd1_;_LFyb_m zxj!<7VmSANJDl(dsmm%(J#lxHih6lZ*@AB>iy&|O%pFBdv>8|8UhA9L8bxi`h8V5L z4ullEKDMMMXEI|g@1`ZS^L$lP8rAR0uHJ>C1~%xOOLWROIIi>i}>0!=@hO z@nK3v`wXVTCi>kAw>i$UzE;l^h1j9%hoaMq*+rY0Gz29UJx4kiXOHT{bTX2k26?W> z0Nv@G*#ggxzA@}1 z-lQwW`P4&YDOy%s)yLJkWlX?Sru4bx8;V905NhPCeB%Ci)mqa8>P~#-eI=40z-<-U zs@#dpGD%j^PmD4jzKEc}eO>#D!h-Nu3=y){2%-O8HN$0D4mx)6tw2gnIuZW<74&eE z#jf3@Sm!F@`rkwBvVwg405rfI5C91NSH1@D1v~)U1-SgGUcb6Pz$1h#LIA-421&8d r(p&`r=-An7aMOqfs&1rKd<;@Ax1=)AG@XwALvhvM(e)1;40u2agc%wCvoIMj zAcqz(g)lcUGBU&$**}PJ*=T*}n!rD*z0&5Qzik{x!m{CcCS&}`+C(y*=_%} zri%Vx+a@D^cK;`hoDE-!d7tD(%B~18+m~_ZplJIM1&;WP$--U70zOI2ow%iN@{7aA z4u0t5f3@H<^X4Zv4ywQV={ULSo2o8*zI~Y(Q(P?N zyoTn621bTZu0aUJ4iPdCfH;IRCqFqcCnLYO#Gr9LvWFR28JHV;84MabnHn1z_N7~I zd3B(5%i*wtOQtECeLYsbYVFg5ch4Q1HJ$yg*o4;~EVfR~UdF$(*sr!Je0BWRT`>zh zdYa1rrr!v5No-rnCb_>jFhfs@>nN+`Dce)cZ`uE?+g>c2aCh}QzB;DQ8BUYcPsAVn zb$VqBoBrptz4vN0o5J0nth~R!d(QzkI`@28|sCVnCP63bODU@HTP7 zUC)qVzzq`TXJKJxVpT8@260qbcnrAMIJDV-(Z|lrXdnv``vqe|t z<-ET@rqar{uXx82-|)mVY-@;o@0``|m!u>b-n+{zUoS zR(5V(eb%RD5rmrrrMQHv^YnnZaKF;mcWug%8){u&!A>S$ac^j_}(5 c>USDunxyT0Y#4HNoBg>f9E*cA665v)0L;@iM*si- literal 0 HcmV?d00001 diff --git a/tests/certs/Server-localhost0h-sv.dhp b/tests/certs/Server-localhost0h-sv.dhp new file mode 100644 index 000000000..e69de29bb diff --git a/tests/certs/Server-localhost0h-sv.key b/tests/certs/Server-localhost0h-sv.key new file mode 100644 index 000000000..ca5cd3b39 --- /dev/null +++ b/tests/certs/Server-localhost0h-sv.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQC+Zzu06sCFtMNWwaSWIzb1xneqreXB3c7BmpcH3RaQ6/A4tZVr +pg+5c059glerX7W6XKBIjIJ3/WfYU0RhhqUGGb9zUWguGgrFBTnKPcqD7Qf+rrdz +HWDdq54OfgLzaEKTJ8hfxfrLqYQGL/Nmvd59KYJXR+Sp37+LvMBGM1p7hwIDAQAB +AoGAdpisqvrR4jZ+uaoyD0Zt9FajsQ9SHhg/sX3N9xrx9GDRpzELmhq8jqHQ0QKA +AwHBmwwY1jeXCJAxv5/V5v1MCdamVSQbjkKBmmBrE/J70sZMqxkFbu0h9Bx8p4UB +SWpKgZTF9R3ZKKZoGS6hlzvhJeAy1atApzVz9xVTSwAL/2kCQQDhPMREu8AtfxFI +5BedSk2yIyW0EcO2WW5V5+bmekBgiAFc9iB7ulCuwBK7UQDIvYLfklxWc2CzuP50 +nLo32UNVAkEA2GiFdKJuP+32FfE3jK3CL3vTgZbd0ArbhJdBidHlJYr/EU6etxAr +aYli1dP/qeiehNuhefqWHRlOUPkE6mv7awJAdpRuZB1QbONz7yMeh5Gh3AIDDI05 +s1vb6eBAQODl2axgw1dU/K63YXj/o5xexFB5gUjl0iHGLHhdhnko1NROTQJAMfQu +mjXEbU1ouLftsrOJV5ylvgwtN5DKC1k+76lb08a6Ciyzxl4dJ0dnYSSGp5nivZhV +Ner6K81jnp1c3R//8QJBAKe0fNhTAoOoE/YTeE4K4lpXvow2jMyhdBwyaZtHmcQ2 +z8UpojKrNQ87WISUDRqlIy2ze3RZCgCy0LBnxr66Whg= +-----END RSA PRIVATE KEY----- diff --git a/tests/certs/Server-localhost0h-sv.p12 b/tests/certs/Server-localhost0h-sv.p12 new file mode 100644 index 0000000000000000000000000000000000000000..82e03c785cefeead7330ada4170fcdd7e82d36b8 GIT binary patch literal 2970 zcmY*bXH*jk(oF({K%{p<4-ljo0w}$NDn;o78EqdlMYg(D^;md zp73a*R3$(l2s{ZTvihBG_wD|expVHFGrwleTqGX)5Co({;-Ri!CfQWe)I$~^Ban!P zTGHd8mw(YlNIZn?9|=svLjXuT<0%OE8~*-B0V0LK%>O^(91x6TrH7!_CWIdr$!UT> z5I_Q+aj@Q$4tID%qbY|ug-*v|rP|}%p-ZcpE|XQ|OK$U)3#9tbzUSm1lPVXbtGbE< z{(9vR{w!8;T~)h+IO|=SFX?6Q9&CM zzF$AKl0eWfe7@BJ^3b{4ujZyt)a_Aa_%^ar9NU7yx#Z3F!+X)_F`{Zkk7fplk>shI zVr;GM?=$l{+b%oI$Ucf;qgeKMVAM9#2R{Td)t9;W*X>tT<-V#P=m_L7y#k7CccXRh zmYsy8cTD(sRbm~%(d!*IbE5wfzsRkN*F__HDyr;o=4Z-Qu*~=oTyul0UgKVHSN#eeJr;anRYHb|~T2qzD1=KR>?kgcuRhO~jyrfjS7$u7;nshjp-f`3V@9 z?&)w8vxL?G%Mkmtltlowb0L*eYb%%5ECB4S!OHR*@@FdEA+e?JNStTUYM+2ggJ_Jr zU*efnW!Sq{HM$>tb5tMq|4t&ctzHhh$j;zHJGu~;$5?{hiTCMBMLwQJPNM->Od&Z; zZKLS;&W-h6CQXTi7{Qrw+4@hV2lRZVN5HIASTgUWdo@8y#W8C)Inei=Rx{BB~D_Q+J?0Nl`JaUBhAjRd(a;GP^G1la>aW3At?^T7d+#g7&H0RS!w_XbC zHrq$0vlA7gGpCqd1zA-;7Enj{W3k>-Dpx`XQ*x@)O(~Tbx6I7DPa-QJ@6(*N`SjB! zXCgYJ(4)K>Z(6*Uu!~G7pUQ`7J9&NchFGZr%xf$mO&7Sc2Ccj)C!LR6ALOg{FSwGH zquTin(l(N6GakLtlm+ovZEBjfG;e=y9eE3U6+}K<>)>synzghTZaK`l$vpF>-SMLB zjuZk6u0mLVKHEboy`DsuB%q7hk$SI`-EY}8ux>lkB&uzrJ;dT34E@Zn+gkG>5<9#L zzAS#qFm)Mi5c%QYbxrr_Ha7_=c@Howkw^i5%VZ=7`!{+c% z#Iv@v&(xCql^@#eur?Jud%W{S0jM^hhGDCS`{NMc0m>!aY{f@l0y>xzOc1-@2l3=H z&<3g*yE{6eligXdRPPCg`?ts;{1W*^NKLFK)qcjXwPy5(Oj{v$5)FDTv^u%+Ld)}UvU^`5Tz+7yJep$_#J5-wXke_ z=exc%M%8R;K16Nv^#Jatop`C_wGLZRxb)o3B)XIQhp96zA@O+}>sPbc*XeMTC-79E zM^fKH6lR%hux4{*&CD7o!#pk6Gj2=(XWEuvr>9x%dR~6b`*%eKn1}&i4MT8amGpP` z`5jH3w-%Q`$%C!qvqy=T599FEwz9j z%VC{Ge|fso(qfsfNi8D3Sz`UdO4FTC7~rlx@>Vh$;m65=K79)=ES?tL+))Sy6CMTh zbhipBd=OCIiF*0M{G`Zg%T!H=d#nAq*sc%ubpPGotCqC??ucT1%KC9aIZJaO}O zuR{D3cAM##hj+8W&SC=GV(vuU?{Nd?CM~7B&iJBV3iI`Jp&y#<^Mx}S9&-Y&H+|NZ z>HT9|wKM4a;D*^tsr$k=;8NPvB0n2v^_SYx8^EB+F=2w;?Hwbjm0Tppd@;4QPPd{w zo3MXQQ#2}iYM%#p87r~~d;EuZDa)Ie-G|Qv_XRb;6Rw-eb6#fSTEU14btBOP^}8HtthRmY|Rxee>?xJN+M{zCJe)UWbTW;b+R%Hcq*E zp3*Wj(*|tzjh5wC6$1N9P~>G;hgfr7A;X@q@@wtIIY>tlzB}ng4N|H2sl~|UZL2qp zF`g~~^#2}FNK@XdqS(nyGC+z~cj`%M z6GyCh1ST#cS6I+ntYlx(!o2z2WyMjs9=a!sD?cGL)Z^LIE8zmq>0KiFowI)$aXp24mtpenUlFn>Hot(zPkxo$hi|SOpPM`^^ttcGw{W2_6XFhQ{h27E=6e4)dhQGEg__UV z2yY{Ac7eCYVB6*?f$(&1DOYwFrYKb%k)@sEBH|*y*mcPREuUFfGb!KhUCx4LfGoIL zidBG5>1Uo_vZ-~vPcZ3CErAR-=Aio}Cn z{Es`J`|S>Px~oz{YlbF&y90VWD8UkXmb%Vyrs(C3!`!ry8(aQRPf4`zF%N&}!4{n_93gxeOjtdw2c+aHJ=wU}n6#y*($<9Sb~ za}I7RdUMpnQhvo9i>7!$vM>qcTdPo(3Vbqw=p*B_*v80{x+ zUJBSTe`75$KSbT0irq7w_A|pb@eofPMosNaDk-PUQaX@(lj3ze%EXk1?HHl!BV9-I zO|eA**WQ+p5Bboc?E^PMgnx$6n(cn(02Px7)Gn%Yq-IfF<=3$_nTf6h)EEy^ylNpH zdKH|J+tA^%l>WH%ZwYqA+DZ2~3K6Dd1FqcFq9p_~`+h8wuo23l{fIp(iz@aEcu3b7 z?yHYDR>^h*#du{Ixqi}fbs(e+vj->)-_el{L351UnnzQIzWEvnJE0YoImv%6UADkF zpSZ%r!l>;K?3XL);dasP6pgX8*{J%WIen}H zFq-gvmu!jljZtdEl+hUNkNOPAgNe{_QxMw#n_Ha8&*NE9*=qHf*a)sM)26rz|;T~3f>S73YA>V8z*n*Z7Basx@ z`QxF0Z9M2}>+`Nw6vl(!TF}@JVjQKtfFo`Te9140MEG5J%>VcPUAqIT@bkv#)LX6q zbDwBj=Rn~O>@KeCZOqaW;g`!nxWMv*q!b0_W44u6dgI`vRjk<#yx&E1JSZk;eIDFW zANKWGTnK#Mybk{qO2TvXZKj9HUKxtY1p4s?>UE$>FGMI^L&E>F)l57}y!71F?qS7p zi`D)V(bGe=!j#X>D}Y?2@;^=7O41^d09$}BAPjKp|FQxg5D*OT26+BL+^^~;ARK@M z;E+m4aU>I%L5`IUB**}u=e8B1iOxOuv;HU+GnG1Gwx@@%9ly DNd#|_ literal 0 HcmV?d00001 diff --git a/tests/certs/Server-localhost0h-sv.pem b/tests/certs/Server-localhost0h-sv.pem new file mode 100644 index 000000000..e74193ccb --- /dev/null +++ b/tests/certs/Server-localhost0h-sv.pem @@ -0,0 +1,122 @@ +extensions = x509v3 +[ x509v3 ] +#subjectAltName = DNS:localhost\0h +subjectAltName = DER:30:0d:82:0b:6c:6f:63:61:6c:68:6f:73:74:00:68 +keyUsage = keyEncipherment +extendedKeyUsage = serverAuth +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid +basicConstraints = critical,CA:false +[ req ] +default_bits = 1024 +distinguished_name = req_DN +default_md = sha256 +string_mask = utf8only +[ req_DN ] +countryName = "Country Name is Northern Nowhere" +countryName_value = NN +organizationName = "Organization Name" +organizationName_value = Edel Curl Arctic Illudium Research Cloud +commonName = "Common Name" +commonName_value = localhost + +[something] +# The key +# the certificate +# some dhparam +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQC+Zzu06sCFtMNWwaSWIzb1xneqreXB3c7BmpcH3RaQ6/A4tZVr +pg+5c059glerX7W6XKBIjIJ3/WfYU0RhhqUGGb9zUWguGgrFBTnKPcqD7Qf+rrdz +HWDdq54OfgLzaEKTJ8hfxfrLqYQGL/Nmvd59KYJXR+Sp37+LvMBGM1p7hwIDAQAB +AoGAdpisqvrR4jZ+uaoyD0Zt9FajsQ9SHhg/sX3N9xrx9GDRpzELmhq8jqHQ0QKA +AwHBmwwY1jeXCJAxv5/V5v1MCdamVSQbjkKBmmBrE/J70sZMqxkFbu0h9Bx8p4UB +SWpKgZTF9R3ZKKZoGS6hlzvhJeAy1atApzVz9xVTSwAL/2kCQQDhPMREu8AtfxFI +5BedSk2yIyW0EcO2WW5V5+bmekBgiAFc9iB7ulCuwBK7UQDIvYLfklxWc2CzuP50 +nLo32UNVAkEA2GiFdKJuP+32FfE3jK3CL3vTgZbd0ArbhJdBidHlJYr/EU6etxAr +aYli1dP/qeiehNuhefqWHRlOUPkE6mv7awJAdpRuZB1QbONz7yMeh5Gh3AIDDI05 +s1vb6eBAQODl2axgw1dU/K63YXj/o5xexFB5gUjl0iHGLHhdhnko1NROTQJAMfQu +mjXEbU1ouLftsrOJV5ylvgwtN5DKC1k+76lb08a6Ciyzxl4dJ0dnYSSGp5nivZhV +Ner6K81jnp1c3R//8QJBAKe0fNhTAoOoE/YTeE4K4lpXvow2jMyhdBwyaZtHmcQ2 +z8UpojKrNQ87WISUDRqlIy2ze3RZCgCy0LBnxr66Whg= +-----END RSA PRIVATE KEY----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 0b:5d:0a:87:0d:09 + Signature Algorithm: sha1WithRSAEncryption + Issuer: + countryName = NN + organizationName = Edel Curl Arctic Illudium Research Cloud + commonName = Nothern Nowhere Trust Anchor + Validity + Not Before: Aug 4 22:07:33 2009 GMT + Not After : Oct 21 22:07:33 2017 GMT + Subject: + countryName = NN + organizationName = Edel Curl Arctic Illudium Research Cloud + commonName = localhost + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:be:67:3b:b4:ea:c0:85:b4:c3:56:c1:a4:96:23: + 36:f5:c6:77:aa:ad:e5:c1:dd:ce:c1:9a:97:07:dd: + 16:90:eb:f0:38:b5:95:6b:a6:0f:b9:73:4e:7d:82: + 57:ab:5f:b5:ba:5c:a0:48:8c:82:77:fd:67:d8:53: + 44:61:86:a5:06:19:bf:73:51:68:2e:1a:0a:c5:05: + 39:ca:3d:ca:83:ed:07:fe:ae:b7:73:1d:60:dd:ab: + 9e:0e:7e:02:f3:68:42:93:27:c8:5f:c5:fa:cb:a9: + 84:06:2f:f3:66:bd:de:7d:29:82:57:47:e4:a9:df: + bf:8b:bc:c0:46:33:5a:7b:87 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Alternative Name: + DNS:localhost + X509v3 Key Usage: + Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication + X509v3 Subject Key Identifier: + 0C:37:A3:DB:0F:73:B3:38:8A:69:D3:6E:B3:A7:D6:D8:77:4E:DA:67 + X509v3 Authority Key Identifier: + keyid:12:6B:24:D2:4A:68:B7:A1:B0:1C:CD:BF:D6:4C:CC:40:5B:7F:E0:40 + + X509v3 Basic Constraints: critical + CA:FALSE + Signature Algorithm: sha1WithRSAEncryption + 88:a0:17:77:77:bf:c1:8a:18:4e:a3:94:6e:45:18:31:fa:2f: + 7b:1f:ee:95:20:d1:cd:40:df:ee:f0:45:2e:e9:e6:cf:c8:77: + bd:85:16:d7:9f:18:52:78:3f:ea:9c:86:62:6e:db:90:b0:cd: + f1:c1:6f:2d:87:4a:a0:be:b3:dc:6d:e4:6b:d1:da:b9:10:25: + 7e:35:1f:1b:aa:a7:09:2f:84:77:27:b0:48:a8:6d:54:57:38: + 35:22:34:03:0f:d4:5d:ab:1c:72:15:b1:d9:89:56:10:12:fb: + 7d:0d:18:12:a9:0a:38:dc:93:cf:69:ff:75:86:9e:e3:6b:eb: + 92:6c:55:16:d5:65:8b:d7:9c:5e:4b:82:c8:92:6c:8b:e6:18: + a2:f8:8c:65:aa:b6:eb:23:ed:cb:99:db:fc:8b:8e:1d:7a:39: + c9:f5:7b:7f:58:7b:ed:01:6c:3c:40:ec:e3:a9:5f:c4:3d:cb: + 81:17:03:6d:2d:d7:bd:00:5f:c4:79:f2:fb:ab:c6:0e:a2:01: + 8b:a1:42:73:de:96:29:3e:bf:d7:d9:51:a7:d4:98:07:7f:f0: + f4:cd:00:a1:e1:ac:6c:05:ac:ab:93:1b:b0:5c:2c:13:ad:ff: + 27:dc:80:99:34:66:bd:e3:31:54:d5:b6:3f:ce:d4:08:a3:52: + 28:61:5e:bd +-----BEGIN CERTIFICATE----- +MIIDQzCCAiugAwIBAgIGC10Khw0JMA0GCSqGSIb3DQEBBQUAMGcxCzAJBgNVBAYT +Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo +IENsb3VkMSUwIwYDVQQDDBxOb3RoZXJuIE5vd2hlcmUgVHJ1c3QgQW5jaG9yMB4X +DTA5MDgwNDIyMDczM1oXDTE3MTAyMTIyMDczM1owVDELMAkGA1UEBhMCTk4xMTAv +BgNVBAoMKEVkZWwgQ3VybCBBcmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQx +EjAQBgNVBAMMCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA +vmc7tOrAhbTDVsGkliM29cZ3qq3lwd3OwZqXB90WkOvwOLWVa6YPuXNOfYJXq1+1 +ulygSIyCd/1n2FNEYYalBhm/c1FoLhoKxQU5yj3Kg+0H/q63cx1g3aueDn4C82hC +kyfIX8X6y6mEBi/zZr3efSmCV0fkqd+/i7zARjNae4cCAwEAAaOBizCBiDAWBgNV +HREEDzANggtsb2NhbGhvc3QAaDALBgNVHQ8EBAMCBSAwEwYDVR0lBAwwCgYIKwYB +BQUHAwEwHQYDVR0OBBYEFAw3o9sPc7M4imnTbrOn1th3TtpnMB8GA1UdIwQYMBaA +FBJrJNJKaLehsBzNv9ZMzEBbf+BAMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEF +BQADggEBAIigF3d3v8GKGE6jlG5FGDH6L3sf7pUg0c1A3+7wRS7p5s/Id72FFtef +GFJ4P+qchmJu25CwzfHBby2HSqC+s9xt5GvR2rkQJX41HxuqpwkvhHcnsEiobVRX +ODUiNAMP1F2rHHIVsdmJVhAS+30NGBKpCjjck89p/3WGnuNr65JsVRbVZYvXnF5L +gsiSbIvmGKL4jGWqtusj7cuZ2/yLjh16Ocn1e39Ye+0BbDxA7OOpX8Q9y4EXA20t +170AX8R58vurxg6iAYuhQnPelik+v9fZUafUmAd/8PTNAKHhrGwFrKuTG7BcLBOt +/yfcgJk0Zr3jMVTVtj/O1AijUihhXr0= +-----END CERTIFICATE----- diff --git a/tests/certs/Server-localhost0h-sv.prm b/tests/certs/Server-localhost0h-sv.prm new file mode 100644 index 000000000..5e8944b31 --- /dev/null +++ b/tests/certs/Server-localhost0h-sv.prm @@ -0,0 +1,26 @@ +extensions = x509v3 +[ x509v3 ] +#subjectAltName = DNS:localhost\0h +subjectAltName = DER:30:0d:82:0b:6c:6f:63:61:6c:68:6f:73:74:00:68 +keyUsage = keyEncipherment +extendedKeyUsage = serverAuth +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid +basicConstraints = critical,CA:false +[ req ] +default_bits = 1024 +distinguished_name = req_DN +default_md = sha256 +string_mask = utf8only +[ req_DN ] +countryName = "Country Name is Northern Nowhere" +countryName_value = NN +organizationName = "Organization Name" +organizationName_value = Edel Curl Arctic Illudium Research Cloud +commonName = "Common Name" +commonName_value = localhost + +[something] +# The key +# the certificate +# some dhparam diff --git a/tests/certs/scripts/genroot.sh b/tests/certs/scripts/genroot.sh new file mode 100755 index 000000000..85425a8c5 --- /dev/null +++ b/tests/certs/scripts/genroot.sh @@ -0,0 +1,63 @@ +#!/bin/bash + +# (c) CopyRight EdelWeb for EdelKey and OpenEvidence, 2000-2004, 2009 +# Author: Peter Sylvester + +# "libre" for integration with curl + +OPENSSL=openssl +if [ -f /usr/local/ssl/bin/openssl ] ; then +OPENSSL=/usr/local/ssl/bin/openssl +fi + +USAGE="echo Usage is genroot.sh \" + +HOME=`pwd` +cd $HOME + +KEYSIZE=2048 +DURATION=6000 + +PREFIX=$1 +if [ ".$PREFIX" = . ] ; then + echo No configuration prefix + NOTOK=1 +else + if [ ! -f $PREFIX-ca.prm ] ; then + echo No configuration file $PREFIX-ca.prm + NOTOK=1 + fi +fi + +if [ ".$NOTOK" != . ] ; then + echo "Sorry, I can't do that for you." + $USAGE + exit +fi + +GETSERIAL="\$t = time ;\$d = \$t . substr(\$t+$$ ,-4,4)-1;print \$d" +SERIAL=`/usr/bin/env perl -e "$GETSERIAL"` + +echo SERIAL=$SERIAL PREFIX=$PREFIX DURATION=$DURATION KEYSIZE=$KEYSIZE + +echo "openssl req -config $PREFIX-ca.prm -newkey rsa:$KEYSIZE -keyout $PREFIX-ca.key -out $PREFIX-ca.csr" +$OPENSSL req -config $PREFIX-ca.prm -newkey rsa:$KEYSIZE -keyout $PREFIX-ca.key -out $PREFIX-ca.csr + +echo "openssl x509 -set_serial $SERIAL -extfile $PREFIX-ca.prm -days $DURATION -req -signkey $PREFIX-ca.key -in $PREFIX-ca.csr -out $PREFIX-$SERIAL.ca-cacert -sha1 " + +$OPENSSL x509 -set_serial $SERIAL -extfile $PREFIX-ca.prm -days $DURATION -req -signkey $PREFIX-ca.key -in $PREFIX-ca.csr -out $PREFIX-$SERIAL-ca.cacert -sha1 + +echo "openssl x509 -text -hash -out $PREFIX-ca.cacert -in $PREFIX-$SERIAL-ca.cacert -nameopt multiline" +$OPENSSL x509 -text -hash -out $PREFIX-ca.cacert -in $PREFIX-$SERIAL-ca.cacert -nameopt multiline + +echo "openssl x509 -in $PREFIX-ca.cacert -outform der -out $PREFIX-ca.der " +$OPENSSL x509 -in $PREFIX-ca.cacert -outform der -out $PREFIX-ca.der + +echo "openssl x509 -in $PREFIX-ca.cacert -text -out $PREFIX-ca.crt -nameopt multiline" + +$OPENSSL x509 -in $PREFIX-ca.cacert -text -out $PREFIX-ca.crt -nameopt multiline + +echo "openssl x509 -noout -text -in $PREFIX-ca.cacert -nameopt multiline" +$OPENSSL x509 -noout -text -in $PREFIX-ca.cacert -nameopt multiline + +#$OPENSSL rsa -in ../keys/$PREFIX-ca.key -text -noout -pubout diff --git a/tests/certs/scripts/genserv.sh b/tests/certs/scripts/genserv.sh new file mode 100755 index 000000000..13caf1a6a --- /dev/null +++ b/tests/certs/scripts/genserv.sh @@ -0,0 +1,106 @@ +#!/bin/bash + +# (c) CopyRight EdelWeb for EdelKey and OpenEvidence, 2000-2004, 2009 +# Author: Peter Sylvester + +# "libre" for integration with curl + +OPENSSL=openssl +if [ -f /usr/local/ssl/bin/openssl ] ; then + OPENSSL=/usr/local/ssl/bin/openssl +fi + +USAGE="echo Usage is genserv.sh " + +HOME=`pwd` +cd $HOME + +KEYSIZE=1024 +DURATION=3000 + +REQ=YES +P12=NO +DHP=NO + +PREFIX=$1 +if [ ".$PREFIX" = . ] ; then + echo No configuration prefix + NOTOK=1 +else + if [ ! -f $PREFIX-sv.prm ] ; then + echo No configuration file $PREFIX-sv.prm + NOTOK=1 + fi +fi + +CAPREFIX=$2 +if [ ".$CAPREFIX" = . ] ; then + echo No CA prefix + NOTOK=1 +else + if [ ! -f $CAPREFIX-ca.cacert ] ; then + echo No CA certficate file $PREFIX-ca.caert + NOTOK=1 + fi + if [ ! -f $CAPREFIX-ca.key ] ; then + echo No $CAPREFIX key + NOTOK=1 + fi +fi + +if [ ".$NOTOK" != . ] ; then + echo "Sorry, I can't do that for you." + $USAGE + exit +fi + +if [ ".$SERIAL" = . ] ; then + GETSERIAL="\$t = time ;\$d = \$t . substr(\$t+$$ ,-4,4)-1;print \$d" + SERIAL=`/usr/bin/env perl -e "$GETSERIAL"` +fi + +echo SERIAL=$SERIAL PREFIX=$PREFIX CAPREFIX=$CAPREFIX DURATION=$DURATION KEYSIZE=$KEYSIZE + +if [ "$DHP." = YES. ] ; then + echo "openssl dhparam -2 -out $PREFIX-sv.dhp $KEYSIZE" + $OPENSSL dhparam -2 -out $PREFIX-sv.dhp $KEYSIZE +fi + +if [ "$REQ." = YES. ] ; then + echo "openssl req -config $PREFIX-sv.prm -newkey rsa:$KEYSIZE -keyout $PREFIX-sv.key -out $PREFIX-sv.csr -passout XXX" + $OPENSSL req -config $PREFIX-sv.prm -newkey rsa:$KEYSIZE -keyout $PREFIX-sv.key -out $PREFIX-sv.csr -passout pass:secret +fi + +echo "openssl rsa -in $PREFIX-sv.key -out $PREFIX-sv.key" +$OPENSSL rsa -in $PREFIX-sv.key -out $PREFIX-sv.key -passin pass:secret +echo pseudo secrets generated +read + +echo "openssl x509 -set_serial $SERIAL -extfile $PREFIX-sv.prm -days $DURATION -CA $CAPREFIX-ca.cacert -CAkey $CAPREFIX-ca.key -in $PREFIX-sv.csr -req -out $PREFIX-sv.crt -text -nameopt multiline -sha1" + +$OPENSSL x509 -set_serial $SERIAL -extfile $PREFIX-sv.prm -days $DURATION -CA $CAPREFIX-ca.cacert -CAkey $CAPREFIX-ca.key -in $PREFIX-sv.csr -req -out $PREFIX-sv.crt -text -nameopt multiline -sha1 + +if [ "$P12." = YES. ] ; then + + echo "$OPENSSL pkcs12 -export -des3 -out $PREFIX-sv.p12 -caname $CAPREFIX -name $PREFIX -inkey $PREFIX-sv.key -in $PREFIX-sv.crt -certfile $CAPREFIX-ca.crt " + + $OPENSSL pkcs12 -export -des3 -out $PREFIX-sv.p12 -caname $CAPREFIX -name $PREFIX -inkey $PREFIX-sv.key -in $PREFIX-sv.crt -certfile $CAPREFIX-ca.crt + + read +fi + +echo "openssl x509 -noout -text -hash -in $PREFIX-sv.selfcert -nameopt multiline" +$OPENSSL x509 -noout -text -hash -in $PREFIX-sv.crt -nameopt multiline + +echo "openssl x509 -in $PREFIX-sv.crt -outform der -out $PREFIX-sv.der " +$OPENSSL x509 -in $PREFIX-sv.crt -outform der -out $PREFIX-sv.der +read + +# all together now +touch $PREFIX-sv.dhp +cat $PREFIX-sv.prm $PREFIX-sv.key $PREFIX-sv.crt $PREFIX-sv.dhp >$PREFIX-sv.pem +chmod o-r $PREFIX-sv.prm + +echo "$PREFIX-sv.pem done" + + diff --git a/tests/data/test310 b/tests/data/test310 new file mode 100644 index 000000000..005f71310 --- /dev/null +++ b/tests/data/test310 @@ -0,0 +1,52 @@ + + + +HTTPS +HTTP GET + + + +# +# Server-side + + +HTTP/1.1 200 OK +Date: Thu, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Content-Length: 7 + +MooMoo + + + +# +# Client-side + + +SSL + + +https Server-localhost-sv.pem + + +simple HTTPS GET + + +--cacert certs/EdelCurlRoot-ca.crt https://localhost:%HTTPSPORT/310 + + + +# +# Verify data after the test has been "shot" + + +^User-Agent:.* + + +GET /310 HTTP/1.1 +Host: localhost:%HTTPSPORT +Accept: */* + + + + diff --git a/tests/data/test311 b/tests/data/test311 new file mode 100644 index 000000000..cd51fff74 --- /dev/null +++ b/tests/data/test311 @@ -0,0 +1,38 @@ + + + +HTTPS +HTTP GET + + + +# +# Server-side + + + +# +# Client-side + + +SSL + + +https Server-localhost0h-sv.pem + + +HTTPS wrong subjectAltName but right CN + + +--cacert certs/EdelCurlRoot-ca.crt https://localhost:%HTTPSPORT/311 + + + +# +# Verify data after the test has been "shot" + + +51 + + + diff --git a/tests/data/test312 b/tests/data/test312 new file mode 100644 index 000000000..5adb1e352 --- /dev/null +++ b/tests/data/test312 @@ -0,0 +1,38 @@ + + + +HTTPS +HTTP GET + + + +# +# Server-side + + + +# +# Client-side + + +SSL + + +https Server-localhost.nn-sv.pem + + +HTTPS GET to localhost and null-prefixed CN cert + + +--cacert certs/EdelCurlRoot-ca.crt https://localhost:%HTTPSPORT/312 + + + +# +# Verify data after the test has been "shot" + + +51 + + + diff --git a/tests/httpsserver.pl b/tests/httpsserver.pl index fa9fde5db..e20819c69 100644 --- a/tests/httpsserver.pl +++ b/tests/httpsserver.pl @@ -28,6 +28,8 @@ my $srcdir=$path; my $proto='https'; +my $stuncert; + while(@ARGV) { if($ARGV[0] eq "-v") { $verbose=1; @@ -51,6 +53,10 @@ while(@ARGV) { $srcdir=$ARGV[1]; shift @ARGV; } + elsif($ARGV[0] eq "-c") { + $stuncert=$ARGV[1]; + shift @ARGV; + } elsif($ARGV[0] =~ /^(\d+)$/) { $port = $1; } @@ -58,7 +64,9 @@ while(@ARGV) { }; my $conffile="$path/stunnel.conf"; # stunnel configuration data -my $certfile="$srcdir/stunnel.pem"; # stunnel server certificate +my $certfile="$srcdir/" + . ($stuncert?"certs/$stuncert":"stunnel.pem"); # stunnel server certificate + my $pidfile="$path/.$proto.pid"; # stunnel process pid file # find out version info for the given stunnel binary @@ -107,6 +115,19 @@ else { if($verbose) { print uc($proto)." server: $cmd\n"; + + print " + CApath = $path + cert = $certfile + pid = $pidfile + debug = 0 + output = /dev/null + foreground = yes + + [curltest] + accept = $port + connect = $target_port + "; } my $rc = system($cmd); diff --git a/tests/runtests.pl b/tests/runtests.pl index 2b6dda8fa..be20a63ab 100755 --- a/tests/runtests.pl +++ b/tests/runtests.pl @@ -878,7 +878,7 @@ sub runhttpserver { # start the https server (or rather, tunnel) # sub runhttpsserver { - my ($verbose, $ipv6) = @_; + my ($verbose, $ipv6, $parm) = @_; my $STATUS; my $RUNNING; my $ip = $HOSTIP; @@ -906,6 +906,7 @@ sub runhttpsserver { unlink($pidfile); my $flag=$debugprotocol?"-v ":""; + $flag .= " -c $parm" if ($parm); my $cmd="$perl $srcdir/httpsserver.pl $flag -p https -s \"$stunnel\" -d $srcdir -r $HTTPPORT $HTTPSPORT"; my ($httpspid, $pid2) = startnew($cmd, $pidfile, 15, 0); @@ -2541,8 +2542,10 @@ sub startservers { my @what = @_; my ($pid, $pid2); for(@what) { - my $what = lc($_); + my (@whatlist) = split(/\s+/,$_); + my $what = lc($whatlist[0]); $what =~ s/[^a-z0-9-]//g; + if($what eq "ftp") { if(!$run{'ftp'}) { ($pid, $pid2) = runftpserver("", $verbose); @@ -2644,8 +2647,8 @@ sub startservers { printf ("* pid http => %d %d\n", $pid, $pid2) if($verbose); $run{'http'}="$pid $pid2"; } - if(!$run{'https'}) { - ($pid, $pid2) = runhttpsserver($verbose); + if(1 || !$run{'https'}) { # QD to restart always conf file may change + ($pid, $pid2) = runhttpsserver($verbose,"",$whatlist[1]); if($pid <= 0) { return "failed starting HTTPS server (stunnel)"; } @@ -2743,6 +2746,7 @@ sub serverfortest { for (@what) { my $proto = lc($_); chomp $proto; + $proto =~ s/\s.*//g; # take first word if (! grep /^$proto$/, @protocols) { if (substr($proto,0,5) ne "socks") { return "curl lacks $proto support";