diff options
author | Daniel Stenberg <daniel@haxx.se> | 2009-08-11 21:48:58 +0000 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2009-08-11 21:48:58 +0000 |
commit | e73fe837a8877c0197721b91e0d5ec40cb7a2cd0 (patch) | |
tree | 241c5ac517e86455b87876c56afafbeb26b3d1f8 | |
parent | a9caeb1064bf942a6c066a8c048f077409d1b937 (diff) |
- Peter Sylvester made the HTTPS test server use specific certificates for
each test, so that the test suite can now be used to actually test the
verification of cert names etc. This made an error show up in the OpenSSL-
specific code where it would attempt to match the CN field even if a
subjectAltName exists that doesn't match. This is now fixed and verified
in test 311.
40 files changed, 1339 insertions, 6 deletions
@@ -7,6 +7,13 @@ Changelog Daniel Stenberg (11 Aug 2009) +- Peter Sylvester made the HTTPS test server use specific certificates for + each test, so that the test suite can now be used to actually test the + verification of cert names etc. This made an error show up in the OpenSSL- + specific code where it would attempt to match the CN field even if a + subjectAltName exists that doesn't match. This is now fixed and verified + in test 311. + - Benbuck Nason posted the bug report #2835196 (http://curl.haxx.se/bug/view.cgi?id=2835196), fixing a few compiler warnings when mixing ints and bools. diff --git a/RELEASE-NOTES b/RELEASE-NOTES index ceb84d9c7..0ecd1fe45 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -42,6 +42,8 @@ This release includes the following bugfixes: o rand seeding on libcurl on windows built with OpenSSL was not thread-safe o fixed the zero byte inserted in cert name flaw in libcurl+OpenSSL o don't try SNI with SSLv2 or SSLv3 (OpenSSL and GnuTLS builds) + o libcurl+OpenSSL would wrongly acknowledge a cert if CN matched but + subjectAltName didn't This release includes the following known bugs: diff --git a/lib/ssluse.c b/lib/ssluse.c index 07824b411..bc1934cfc 100644 --- a/lib/ssluse.c +++ b/lib/ssluse.c @@ -1137,6 +1137,12 @@ static CURLcode verifyhost(struct connectdata *conn, if(matched) /* an alternative name matched the server hostname */ infof(data, "\t subjectAltName: %s matched\n", conn->host.dispname); + else if(altnames) { + /* an alternative name field existed, but didn't match and then + we MUST fail */ + infof(data, "\t subjectAltName does not match %s\n", conn->host.dispname); + res = CURLE_PEER_FAILED_VERIFICATION; + } else { /* we have to look to the last occurence of a commonName in the distinguished one to get the most significant one. */ diff --git a/tests/Makefile.am b/tests/Makefile.am index 96a93ea1f..32f27b520 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -27,7 +27,7 @@ PDFPAGES = testcurl.pdf runtests.pdf EXTRA_DIST = ftpserver.pl httpserver.pl httpsserver.pl runtests.pl getpart.pm \ FILEFORMAT README stunnel.pem memanalyze.pl testcurl.pl valgrind.pm ftp.pm \ sshserver.pl sshhelp.pm testcurl.1 runtests.1 $(HTMLPAGES) $(PDFPAGES) \ - CMakeLists.txt + CMakeLists.txt certs/scripts/*.sh certs/Server* certs/EdelCurlRoot* SUBDIRS = data server libtest diff --git a/tests/certs/EdelCurlRoot-ca.cacert b/tests/certs/EdelCurlRoot-ca.cacert new file mode 100644 index 000000000..c5154a4de --- /dev/null +++ b/tests/certs/EdelCurlRoot-ca.cacert @@ -0,0 +1,85 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 0b:5c:fb:79:f2:09 + Signature Algorithm: sha1WithRSAEncryption + Issuer: + countryName = NN + organizationName = Edel Curl Arctic Illudium Research Cloud + commonName = Nothern Nowhere Trust Anchor + Validity + Not Before: Aug 4 15:06:44 2009 GMT + Not After : Jan 7 15:06:44 2026 GMT + Subject: + countryName = NN + organizationName = Edel Curl Arctic Illudium Research Cloud + commonName = Nothern Nowhere Trust Anchor + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:bd:b7:e7:70:4c:17:0d:0f:e6:a4:ed:81:0b:26: + a9:d2:16:f6:2a:9c:87:6d:8e:7e:e2:71:98:89:41: + 97:d7:62:0b:c7:92:35:e5:09:0a:b4:67:06:59:c5: + 3b:2f:ae:6c:ff:68:6c:af:46:a3:1f:7e:32:5a:08: + c4:6e:65:5c:c2:9f:99:11:4e:28:dc:37:98:d0:ab: + 66:13:35:c6:bd:3c:6f:65:e2:5d:c2:59:21:80:68: + c0:85:eb:7e:a2:58:99:04:45:c3:f7:4c:39:83:fa: + 5c:6e:6a:a0:ff:45:b7:2f:7a:bb:bb:7f:3d:2b:cb: + 57:5f:09:24:c5:77:96:5d:1b:56:56:9a:48:51:0a: + f5:67:0f:67:8d:0d:82:c7:84:bf:b5:c5:f8:cd:71: + 2f:92:cb:e8:94:96:28:04:3a:c2:2c:38:e4:9e:3c: + 1b:89:9f:70:b6:02:b6:97:5e:2e:c1:5a:a7:af:86: + c2:b7:65:dc:83:8d:e7:85:72:a7:d1:f0:ba:ea:11: + dc:bd:7c:b5:68:89:82:15:2b:b5:91:f0:70:f5:fa: + e4:8c:21:fe:e7:8f:a3:16:5d:ee:a8:ff:a8:0e:22: + 1f:3e:27:25:f5:f1:a0:55:16:f7:c2:02:79:fb:c9: + ac:fd:d1:ca:6e:65:3e:97:cf:f0:df:c9:b9:c4:0a: + 87:c1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + 12:6B:24:D2:4A:68:B7:A1:B0:1C:CD:BF:D6:4C:CC:40:5B:7F:E0:40 + Signature Algorithm: sha1WithRSAEncryption + 66:1e:56:86:7d:87:99:f9:9a:d9:fb:fe:9c:bf:9e:d9:90:07: + da:9a:33:0f:72:6b:44:00:df:85:f0:ff:ed:c5:06:1c:1c:ff: + 4e:94:7d:6f:6c:7e:82:1a:82:bc:fe:ac:02:c5:1d:d0:1f:a8: + e3:2d:a2:8d:43:8e:73:8a:b0:a4:da:0b:1d:7e:1c:e9:35:93: + 29:6d:05:9f:6d:6c:0e:09:ee:9c:1a:15:fe:8a:5e:19:d8:da: + a0:6b:2a:d5:1d:fa:0c:af:63:55:41:42:ec:dd:3c:b0:6e:1f: + 66:67:c5:28:fd:23:1b:a6:42:98:49:f5:33:58:7b:5a:91:c7: + 9c:66:1f:53:cc:8b:79:11:a9:fa:a3:b8:5e:e1:d1:12:97:ec: + 5e:4d:c9:77:4c:03:0c:e8:80:33:57:da:d4:ce:af:c5:1b:f5: + 96:47:d4:68:da:83:3c:45:ee:84:b4:82:94:cd:65:2c:41:f1: + 45:3d:19:9b:da:7a:54:04:e4:39:b1:b5:2a:15:29:b8:99:6d: + 30:73:12:bc:7d:e3:79:f2:12:aa:e1:d7:d1:83:c4:bb:0c:bb: + a1:36:37:84:38:de:7c:3a:d7:c8:4f:6b:d9:cb:80:2b:29:27: + bd:c3:de:a5:2a:11:6d:b6:09:59:e6:d7:49:ae:52:89:28:3b: + af:f0:bd:86 +-----BEGIN CERTIFICATE----- +MIIDkDCCAnigAwIBAgIGC1z7efIJMA0GCSqGSIb3DQEBBQUAMGcxCzAJBgNVBAYT +Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo +IENsb3VkMSUwIwYDVQQDDBxOb3RoZXJuIE5vd2hlcmUgVHJ1c3QgQW5jaG9yMB4X +DTA5MDgwNDE1MDY0NFoXDTI2MDEwNzE1MDY0NFowZzELMAkGA1UEBhMCTk4xMTAv +BgNVBAoMKEVkZWwgQ3VybCBBcmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQx +JTAjBgNVBAMMHE5vdGhlcm4gTm93aGVyZSBUcnVzdCBBbmNob3IwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9t+dwTBcND+ak7YELJqnSFvYqnIdtjn7i +cZiJQZfXYgvHkjXlCQq0ZwZZxTsvrmz/aGyvRqMffjJaCMRuZVzCn5kRTijcN5jQ +q2YTNca9PG9l4l3CWSGAaMCF636iWJkERcP3TDmD+lxuaqD/Rbcveru7fz0ry1df +CSTFd5ZdG1ZWmkhRCvVnD2eNDYLHhL+1xfjNcS+Sy+iUligEOsIsOOSePBuJn3C2 +AraXXi7BWqevhsK3ZdyDjeeFcqfR8LrqEdy9fLVoiYIVK7WR8HD1+uSMIf7nj6MW +Xe6o/6gOIh8+JyX18aBVFvfCAnn7yaz90cpuZT6Xz/DfybnECofBAgMBAAGjQjBA +MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBQSayTS +Smi3obAczb/WTMxAW3/gQDANBgkqhkiG9w0BAQUFAAOCAQEAZh5Whn2Hmfma2fv+ +nL+e2ZAH2pozD3JrRADfhfD/7cUGHBz/TpR9b2x+ghqCvP6sAsUd0B+o4y2ijUOO +c4qwpNoLHX4c6TWTKW0Fn21sDgnunBoV/opeGdjaoGsq1R36DK9jVUFC7N08sG4f +ZmfFKP0jG6ZCmEn1M1h7WpHHnGYfU8yLeRGp+qO4XuHREpfsXk3Jd0wDDOiAM1fa +1M6vxRv1lkfUaNqDPEXuhLSClM1lLEHxRT0Zm9p6VATkObG1KhUpuJltMHMSvH3j +efISquHX0YPEuwy7oTY3hDjefDrXyE9r2cuAKyknvcPepSoRbbYJWebXSa5SiSg7 +r/C9hg== +-----END CERTIFICATE----- diff --git a/tests/certs/EdelCurlRoot-ca.crt b/tests/certs/EdelCurlRoot-ca.crt new file mode 100644 index 000000000..c5154a4de --- /dev/null +++ b/tests/certs/EdelCurlRoot-ca.crt @@ -0,0 +1,85 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 0b:5c:fb:79:f2:09 + Signature Algorithm: sha1WithRSAEncryption + Issuer: + countryName = NN + organizationName = Edel Curl Arctic Illudium Research Cloud + commonName = Nothern Nowhere Trust Anchor + Validity + Not Before: Aug 4 15:06:44 2009 GMT + Not After : Jan 7 15:06:44 2026 GMT + Subject: + countryName = NN + organizationName = Edel Curl Arctic Illudium Research Cloud + commonName = Nothern Nowhere Trust Anchor + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:bd:b7:e7:70:4c:17:0d:0f:e6:a4:ed:81:0b:26: + a9:d2:16:f6:2a:9c:87:6d:8e:7e:e2:71:98:89:41: + 97:d7:62:0b:c7:92:35:e5:09:0a:b4:67:06:59:c5: + 3b:2f:ae:6c:ff:68:6c:af:46:a3:1f:7e:32:5a:08: + c4:6e:65:5c:c2:9f:99:11:4e:28:dc:37:98:d0:ab: + 66:13:35:c6:bd:3c:6f:65:e2:5d:c2:59:21:80:68: + c0:85:eb:7e:a2:58:99:04:45:c3:f7:4c:39:83:fa: + 5c:6e:6a:a0:ff:45:b7:2f:7a:bb:bb:7f:3d:2b:cb: + 57:5f:09:24:c5:77:96:5d:1b:56:56:9a:48:51:0a: + f5:67:0f:67:8d:0d:82:c7:84:bf:b5:c5:f8:cd:71: + 2f:92:cb:e8:94:96:28:04:3a:c2:2c:38:e4:9e:3c: + 1b:89:9f:70:b6:02:b6:97:5e:2e:c1:5a:a7:af:86: + c2:b7:65:dc:83:8d:e7:85:72:a7:d1:f0:ba:ea:11: + dc:bd:7c:b5:68:89:82:15:2b:b5:91:f0:70:f5:fa: + e4:8c:21:fe:e7:8f:a3:16:5d:ee:a8:ff:a8:0e:22: + 1f:3e:27:25:f5:f1:a0:55:16:f7:c2:02:79:fb:c9: + ac:fd:d1:ca:6e:65:3e:97:cf:f0:df:c9:b9:c4:0a: + 87:c1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + 12:6B:24:D2:4A:68:B7:A1:B0:1C:CD:BF:D6:4C:CC:40:5B:7F:E0:40 + Signature Algorithm: sha1WithRSAEncryption + 66:1e:56:86:7d:87:99:f9:9a:d9:fb:fe:9c:bf:9e:d9:90:07: + da:9a:33:0f:72:6b:44:00:df:85:f0:ff:ed:c5:06:1c:1c:ff: + 4e:94:7d:6f:6c:7e:82:1a:82:bc:fe:ac:02:c5:1d:d0:1f:a8: + e3:2d:a2:8d:43:8e:73:8a:b0:a4:da:0b:1d:7e:1c:e9:35:93: + 29:6d:05:9f:6d:6c:0e:09:ee:9c:1a:15:fe:8a:5e:19:d8:da: + a0:6b:2a:d5:1d:fa:0c:af:63:55:41:42:ec:dd:3c:b0:6e:1f: + 66:67:c5:28:fd:23:1b:a6:42:98:49:f5:33:58:7b:5a:91:c7: + 9c:66:1f:53:cc:8b:79:11:a9:fa:a3:b8:5e:e1:d1:12:97:ec: + 5e:4d:c9:77:4c:03:0c:e8:80:33:57:da:d4:ce:af:c5:1b:f5: + 96:47:d4:68:da:83:3c:45:ee:84:b4:82:94:cd:65:2c:41:f1: + 45:3d:19:9b:da:7a:54:04:e4:39:b1:b5:2a:15:29:b8:99:6d: + 30:73:12:bc:7d:e3:79:f2:12:aa:e1:d7:d1:83:c4:bb:0c:bb: + a1:36:37:84:38:de:7c:3a:d7:c8:4f:6b:d9:cb:80:2b:29:27: + bd:c3:de:a5:2a:11:6d:b6:09:59:e6:d7:49:ae:52:89:28:3b: + af:f0:bd:86 +-----BEGIN CERTIFICATE----- +MIIDkDCCAnigAwIBAgIGC1z7efIJMA0GCSqGSIb3DQEBBQUAMGcxCzAJBgNVBAYT +Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo +IENsb3VkMSUwIwYDVQQDDBxOb3RoZXJuIE5vd2hlcmUgVHJ1c3QgQW5jaG9yMB4X +DTA5MDgwNDE1MDY0NFoXDTI2MDEwNzE1MDY0NFowZzELMAkGA1UEBhMCTk4xMTAv +BgNVBAoMKEVkZWwgQ3VybCBBcmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQx +JTAjBgNVBAMMHE5vdGhlcm4gTm93aGVyZSBUcnVzdCBBbmNob3IwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9t+dwTBcND+ak7YELJqnSFvYqnIdtjn7i +cZiJQZfXYgvHkjXlCQq0ZwZZxTsvrmz/aGyvRqMffjJaCMRuZVzCn5kRTijcN5jQ +q2YTNca9PG9l4l3CWSGAaMCF636iWJkERcP3TDmD+lxuaqD/Rbcveru7fz0ry1df +CSTFd5ZdG1ZWmkhRCvVnD2eNDYLHhL+1xfjNcS+Sy+iUligEOsIsOOSePBuJn3C2 +AraXXi7BWqevhsK3ZdyDjeeFcqfR8LrqEdy9fLVoiYIVK7WR8HD1+uSMIf7nj6MW +Xe6o/6gOIh8+JyX18aBVFvfCAnn7yaz90cpuZT6Xz/DfybnECofBAgMBAAGjQjBA +MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBQSayTS +Smi3obAczb/WTMxAW3/gQDANBgkqhkiG9w0BAQUFAAOCAQEAZh5Whn2Hmfma2fv+ +nL+e2ZAH2pozD3JrRADfhfD/7cUGHBz/TpR9b2x+ghqCvP6sAsUd0B+o4y2ijUOO +c4qwpNoLHX4c6TWTKW0Fn21sDgnunBoV/opeGdjaoGsq1R36DK9jVUFC7N08sG4f +ZmfFKP0jG6ZCmEn1M1h7WpHHnGYfU8yLeRGp+qO4XuHREpfsXk3Jd0wDDOiAM1fa +1M6vxRv1lkfUaNqDPEXuhLSClM1lLEHxRT0Zm9p6VATkObG1KhUpuJltMHMSvH3j +efISquHX0YPEuwy7oTY3hDjefDrXyE9r2cuAKyknvcPepSoRbbYJWebXSa5SiSg7 +r/C9hg== +-----END CERTIFICATE----- diff --git a/tests/certs/EdelCurlRoot-ca.csr b/tests/certs/EdelCurlRoot-ca.csr new file mode 100644 index 000000000..3a25911a3 --- /dev/null +++ b/tests/certs/EdelCurlRoot-ca.csr @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICrDCCAZQCAQAwZzELMAkGA1UEBhMCTk4xMTAvBgNVBAoMKEVkZWwgQ3VybCBB +cmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQxJTAjBgNVBAMMHE5vdGhlcm4g +Tm93aGVyZSBUcnVzdCBBbmNob3IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQC9t+dwTBcND+ak7YELJqnSFvYqnIdtjn7icZiJQZfXYgvHkjXlCQq0ZwZZ +xTsvrmz/aGyvRqMffjJaCMRuZVzCn5kRTijcN5jQq2YTNca9PG9l4l3CWSGAaMCF +636iWJkERcP3TDmD+lxuaqD/Rbcveru7fz0ry1dfCSTFd5ZdG1ZWmkhRCvVnD2eN +DYLHhL+1xfjNcS+Sy+iUligEOsIsOOSePBuJn3C2AraXXi7BWqevhsK3ZdyDjeeF +cqfR8LrqEdy9fLVoiYIVK7WR8HD1+uSMIf7nj6MWXe6o/6gOIh8+JyX18aBVFvfC +Ann7yaz90cpuZT6Xz/DfybnECofBAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEA +IFe5QoGVnUvCDOvZPMFmnclBgPVpTYB/twQEK3VoKnTbWj78LL6IGJLoqS7l+wnW +5PLYGjNwR7atIw1pnq6i+GglV5USXRMCNfB0NYLEZdfIUKwIQia2sidmv1gHDXbW +oCh33kwizd8K0pCivtS60p7PfrjyKuj0qcdwFLuW6sa9ks4mswsykPJFFWseln6U +YlFNOX2OWSNnoadLVgTxhIuSr7rXHVza01sNvH/tXKO0J4gfK7TctZpNsl4tnWx8 +6wjXe55aQqokjdfe92mPKClMuiXJTLPkM4tPN1Wau3qYw+BAb038z+j8FL8n7CEU +n3WlmMJ7tmkd3NShPejqZQ== +-----END CERTIFICATE REQUEST----- diff --git a/tests/certs/EdelCurlRoot-ca.der b/tests/certs/EdelCurlRoot-ca.der Binary files differnew file mode 100644 index 000000000..5d0e2d5d8 --- /dev/null +++ b/tests/certs/EdelCurlRoot-ca.der diff --git a/tests/certs/EdelCurlRoot-ca.key b/tests/certs/EdelCurlRoot-ca.key new file mode 100644 index 000000000..244aea1c6 --- /dev/null +++ b/tests/certs/EdelCurlRoot-ca.key @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIUbvkhX/UejoCAggA +MBQGCCqGSIb3DQMHBAhyTjz68mGb9gSCBMjeTO0EBH03MKmIHaDTPzJyJO4jyqQS +WJw6j+nYXHLQ3/PDh431GIQatN6Hpp14e+y/PZEl68jB8cxVCpiGO+JLT7ov4zlU +nLsCwSn7lmFeylrlZYOnP//3JVfEwcO3E22y6Ay3RKm5UYKTYoCXwkIC7xockF4+ +E3xq2bRYD4OGrb77srqU2puPie0otfm3dpkZk5FKY/9knygufqO0HoC6y1swPT0q +ykOst064UGFG36IiISVImoYeOQ2kY0fo3bBtC7QGhCiid0cOXZOUZD7I+Vz7UPJo +XUtM0s9V1uer/DrDREFrCG/GfwNDhrhqXM4AsJQwPi8FV4KK+rHOFCg0FOPAlGff +UMArHp81ZmM9T6SWmWFGdmJPNz0jp7HPmzYt3rXQc88qk0iig+A42SMqj6otMPuJ +st/0Sm+GzRHjbgV0Jh2zPpTwzznLj8NjHCtmSWijFZZbylEvr3klzLdnva5c75pw +Qhqbe3ZkNaRkJvxWlIvd8qrE4rix34M5ZN1gm4+y5kE8gYjMF8KdBwxfsSkobL48 +i2NpaROvFhewE9IaoJ8bAVJA9KpHZBftWaZFJ7S7h0Vdhw0KRVFZYQiz6xqma4Xp +yp4EopNdffuEXxQOQiAsHyhnBsPGoMTUpCQAfL1v90+SIs0FG6faClk3L6EyATXW +pLQURbocUJYr6hyxY62Y1pc3TVlspIv/kukKtwq7iuvD5mFgmGumSI/pq2jfKo02 +aFSPTNVEidFvJJVr0HVIwPVmuMRs0Lr0t8Txih4NIzTITR4tPwaIwhi0Qi3VanNG +TY9oevkclxiNbP9OQfIP6CMHNnAzLhOm+vbwlkCAqcFo0KjzGJb4NhyAxYpUZ7U3 +NGoNVQ7haF/Frz5PxAGl5l57qLI4pHsknrZsKxiTKpSy5l3melj3Zk0R2jXN9uJX +Z3FYG6R7Zbnt8gbXw1dqteLo07ObS7OwULqAJlboqporOtvWKhqPTPeNFP7HCdHJ +uFBVQJwWGD8QBcZ1k591JcFY7vPWHdQF7ku+EEs7dEeNBUS28Baw5qoiXRBWsD7B +Y3D4QaAZF64rqvtIlhDZBzmrUZ1KqJDX1B9I2pf7D6bbxL0wYiVTRQeoDV7eGZXF +0+tMbHgZ/CmAsOx0sdcR0BkigQMGh9HHtDs4gRJsf/RjzkKJQD28FfJxqvRYDYFd +8PSL7/DPipTUxvALuKWX/cRR/kVDEvt3AXJqAJsb3Xf/NloicieQ5QCy2LXwU4rQ +pBur7YFHw2VfT/HU8Jdd3yoXJPRBy9bAGFXojtBT6cuCcyBrUwrFo/nfiirK1WAd +krIL1/kUNKy34b/Yp2/BNuo+QrDP7tJNWVO7pVs1eNFs45en0GNR1tsaIxN95MwX +vw4g4vMNMkpEPdLCPkjCYuW6mqkxT7ED3LAEsOBljcjkaId4QVS2TZv9V+izeHx8 +OGYmyJB5d2N/v1gwBSq7h+xx7bG/hByJ+7hGR3J9+3HEN/TYFPqjIofA8sBZ6Emt +oICblaS4xlmWwb8iSdo38yDWVaemmuW3zpCLfCR3RFT8aV9u1eahYWuU0/kgn2QB +GvaavsdlahZl+f0uqf67TDWxTDkeQuiiRwy3UCnooxDLclq3YM9yWP4wbq9xNn4d +G+0= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/certs/EdelCurlRoot-ca.prm b/tests/certs/EdelCurlRoot-ca.prm new file mode 100644 index 000000000..4c53ef515 --- /dev/null +++ b/tests/certs/EdelCurlRoot-ca.prm @@ -0,0 +1,18 @@ +extensions = x509v3 +[ req ] +default_bits = 2048 +distinguished_name = req_DN +default_md = sha256 +string_mask = utf8only +[ req_DN ] +countryName = "Country Name" +countryName_value = NN +organizationName = "Organization Name" +organizationName_value = Edel Curl Arctic Illudium Research Cloud +commonName = "Common Name" +commonName_value = Nothern Nowhere Trust Anchor +[ x509v3 ] +basicConstraints = critical,CA:true +keyUsage = critical,keyCertSign,cRLSign +subjectKeyIdentifier = hash + diff --git a/tests/certs/Server-localhost-sv.crt b/tests/certs/Server-localhost-sv.crt new file mode 100644 index 000000000..f78e3c038 --- /dev/null +++ b/tests/certs/Server-localhost-sv.crt @@ -0,0 +1,81 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 0b:5d:0a:89:a5:41 + Signature Algorithm: sha1WithRSAEncryption + Issuer: + countryName = NN + organizationName = Edel Curl Arctic Illudium Research Cloud + commonName = Nothern Nowhere Trust Anchor + Validity + Not Before: Aug 4 22:07:52 2009 GMT + Not After : Oct 21 22:07:52 2017 GMT + Subject: + countryName = NN + organizationName = Edel Curl Arctic Illudium Research Cloud + commonName = localhost + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:d3:6f:53:ed:32:a1:69:20:22:6e:5c:69:34:3d: + 8f:14:65:61:c8:f7:99:15:ec:a9:51:43:87:7a:b0: + 4b:65:c5:c2:7c:e4:4a:f0:c7:25:42:19:ec:ec:84: + 5a:62:a0:4e:de:f9:2d:86:aa:e5:b2:b9:f7:e8:1f: + 5d:c6:8d:07:b1:83:54:92:a8:65:5d:2c:e6:3b:e0: + f3:0e:ae:b2:72:05:4c:dd:85:90:16:bc:1f:03:59: + 23:76:be:e0:38:ee:21:05:37:d0:01:31:7d:1f:3c: + f5:fd:78:56:cd:cb:86:bb:d1:e8:07:73:a6:90:f9: + 3b:7e:9d:85:bc:3c:2a:78:49 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Alternative Name: + DNS:localhost + X509v3 Key Usage: + Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication + X509v3 Subject Key Identifier: + 53:59:CB:8D:67:CD:E7:63:E2:E5:DD:F0:F8:E1:82:ED:A8:10:38:A3 + X509v3 Authority Key Identifier: + keyid:12:6B:24:D2:4A:68:B7:A1:B0:1C:CD:BF:D6:4C:CC:40:5B:7F:E0:40 + + X509v3 Basic Constraints: critical + CA:FALSE + Signature Algorithm: sha1WithRSAEncryption + 06:3f:b8:df:8e:20:9d:cd:cd:bc:a9:88:eb:2d:f8:e6:f0:15: + fa:14:9c:5f:55:bc:8f:68:40:aa:d2:51:03:ab:09:ee:ee:a6: + d7:8f:32:9a:75:0b:41:35:71:bf:d9:35:03:dd:fd:e5:7d:45: + db:e5:9a:16:14:14:c7:98:a5:c5:b9:4d:81:3a:0c:f9:e0:97: + 71:d0:f3:a0:5d:84:ba:83:a8:d8:a0:98:bf:12:48:42:f0:1b: + 8a:58:80:16:62:69:bb:96:5a:ce:ac:02:fa:cb:cd:20:30:d0: + fb:23:3a:d3:7b:75:03:c8:c1:20:9e:24:90:d2:61:00:85:63: + e2:f9:a7:52:50:e2:0d:3b:61:f9:b1:d5:5f:64:dd:cb:38:7b: + 05:8d:b7:f9:08:8e:bf:d3:02:13:e7:34:fa:3d:bb:af:d7:aa: + de:79:28:f4:ae:87:f5:49:85:42:c7:af:8b:a0:94:ed:21:de: + 36:e6:38:a3:0f:75:cf:68:10:48:1d:7d:9b:a2:88:86:bd:b5: + fe:95:4a:c8:fe:77:6b:0a:47:79:ab:d6:35:ea:53:4f:8f:3a: + ba:e1:4c:00:57:b8:99:f9:21:5d:d2:ad:d9:c7:fa:bf:71:73: + 49:5d:0b:2c:fd:02:37:94:3c:3e:d7:ef:72:c5:e3:f3:14:9f: + 58:27:2a:aa +-----BEGIN CERTIFICATE----- +MIIDQTCCAimgAwIBAgIGC10KiaVBMA0GCSqGSIb3DQEBBQUAMGcxCzAJBgNVBAYT +Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo +IENsb3VkMSUwIwYDVQQDDBxOb3RoZXJuIE5vd2hlcmUgVHJ1c3QgQW5jaG9yMB4X +DTA5MDgwNDIyMDc1MloXDTE3MTAyMTIyMDc1MlowVDELMAkGA1UEBhMCTk4xMTAv +BgNVBAoMKEVkZWwgQ3VybCBBcmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQx +EjAQBgNVBAMMCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA +029T7TKhaSAiblxpND2PFGVhyPeZFeypUUOHerBLZcXCfORK8MclQhns7IRaYqBO +3vkthqrlsrn36B9dxo0HsYNUkqhlXSzmO+DzDq6ycgVM3YWQFrwfA1kjdr7gOO4h +BTfQATF9Hzz1/XhWzcuGu9HoB3OmkPk7fp2FvDwqeEkCAwEAAaOBiTCBhjAUBgNV +HREEDTALgglsb2NhbGhvc3QwCwYDVR0PBAQDAgUgMBMGA1UdJQQMMAoGCCsGAQUF +BwMBMB0GA1UdDgQWBBRTWcuNZ83nY+Ll3fD44YLtqBA4ozAfBgNVHSMEGDAWgBQS +ayTSSmi3obAczb/WTMxAW3/gQDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBQUA +A4IBAQAGP7jfjiCdzc28qYjrLfjm8BX6FJxfVbyPaECq0lEDqwnu7qbXjzKadQtB +NXG/2TUD3f3lfUXb5ZoWFBTHmKXFuU2BOgz54Jdx0POgXYS6g6jYoJi/EkhC8BuK +WIAWYmm7llrOrAL6y80gMND7IzrTe3UDyMEgniSQ0mEAhWPi+adSUOINO2H5sdVf +ZN3LOHsFjbf5CI6/0wIT5zT6Pbuv16reeSj0rof1SYVCx6+LoJTtId425jijD3XP +aBBIHX2booiGvbX+lUrI/ndrCkd5q9Y16lNPjzq64UwAV7iZ+SFd0q3Zx/q/cXNJ +XQss/QI3lDw+1+9yxePzFJ9YJyqq +-----END CERTIFICATE----- diff --git a/tests/certs/Server-localhost-sv.csr b/tests/certs/Server-localhost-sv.csr new file mode 100644 index 000000000..4a1ccaf5a --- /dev/null +++ b/tests/certs/Server-localhost-sv.csr @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBkzCB/QIBADBUMQswCQYDVQQGEwJOTjExMC8GA1UECgwoRWRlbCBDdXJsIEFy +Y3RpYyBJbGx1ZGl1bSBSZXNlYXJjaCBDbG91ZDESMBAGA1UEAwwJbG9jYWxob3N0 +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDTb1PtMqFpICJuXGk0PY8UZWHI +95kV7KlRQ4d6sEtlxcJ85ErwxyVCGezshFpioE7e+S2GquWyuffoH13GjQexg1SS +qGVdLOY74PMOrrJyBUzdhZAWvB8DWSN2vuA47iEFN9ABMX0fPPX9eFbNy4a70egH +c6aQ+Tt+nYW8PCp4SQIDAQABoAAwDQYJKoZIhvcNAQELBQADgYEAxfegbegW/e09 +TV4TVuyt7S7wwCJFepfi7hNDoPf/CiuW3KeSySP68iD9QUNhy2wADFP6eHPaooUZ +h5PIvZ8IKpBzIbtG2mcOV4tKEBIshoBv/VFOTUqGKJf4r9dK0AjbovyPNpt9lCcO +xcnrH3WuQUVdmXVvlUXHz/mhzs2TFx4= +-----END CERTIFICATE REQUEST----- diff --git a/tests/certs/Server-localhost-sv.der b/tests/certs/Server-localhost-sv.der Binary files differnew file mode 100644 index 000000000..aefd60284 --- /dev/null +++ b/tests/certs/Server-localhost-sv.der diff --git a/tests/certs/Server-localhost-sv.dhp b/tests/certs/Server-localhost-sv.dhp new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/tests/certs/Server-localhost-sv.dhp diff --git a/tests/certs/Server-localhost-sv.key b/tests/certs/Server-localhost-sv.key new file mode 100644 index 000000000..832bbba5c --- /dev/null +++ b/tests/certs/Server-localhost-sv.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQDTb1PtMqFpICJuXGk0PY8UZWHI95kV7KlRQ4d6sEtlxcJ85Erw +xyVCGezshFpioE7e+S2GquWyuffoH13GjQexg1SSqGVdLOY74PMOrrJyBUzdhZAW +vB8DWSN2vuA47iEFN9ABMX0fPPX9eFbNy4a70egHc6aQ+Tt+nYW8PCp4SQIDAQAB +AoGBAMhtVySaAzJxONJfHYdc934BIPHt7BtBbbvQBOSDq+V80wGrM3MNhL8lbldC +m5+0kS+DC+oFpJqI+Xz8BtwJooilPuQO3syo5YZuFRee81M8Z5Ss78TG6FLdjt6Z +hKQHju+Ghxm08pd2cTaYGDzS3LYsvSXz4TnsdWAVATCwKTSFAkEA8HnPcZdAXiLJ +eA2cRAuyEUPjs7B6eR5dLraLrIOtcKs/xJH/W+63hhMjqe9CASuSzVJEr8QxijYN +Cdlq3V3XhwJBAOEVk48TZF+gc87sWsBIy+mn3MdovKbmnYM/rzVXYiu2mBQ+nKhp +mevRc/UJdkaW8H340wRm1qGMYPCeekRdha8CQCuHcSR3o4Amvd9MX2f10gLMDjCd +ll3MQEPPaVMN9tw5M27KmrWybWgImOEO3RzHHWirJqHGWs1Q4WVSBMUTUosCQQDf +sz/6HL3PRHqUltcC79apnEmSbgfAoMa/INYTX4uUAl9XD3tG7d0qP/rM9+By+6R8 +roWahFKgMBJQUlEWDRTFAkAiLYKd8pxw3x3kuk5ItmTiq3JNluMyIA/i3RVW1aVO +U5tX8sw6r4wVcsvXVboS/Trjeev2qkqC06ARV7vb6Wq5 +-----END RSA PRIVATE KEY----- diff --git a/tests/certs/Server-localhost-sv.p12 b/tests/certs/Server-localhost-sv.p12 Binary files differnew file mode 100644 index 000000000..d7b8441a4 --- /dev/null +++ b/tests/certs/Server-localhost-sv.p12 diff --git a/tests/certs/Server-localhost-sv.pem b/tests/certs/Server-localhost-sv.pem new file mode 100644 index 000000000..13eeb3164 --- /dev/null +++ b/tests/certs/Server-localhost-sv.pem @@ -0,0 +1,121 @@ +extensions = x509v3 +[ x509v3 ] +subjectAltName = DNS:localhost +keyUsage = keyEncipherment +extendedKeyUsage = serverAuth +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid +basicConstraints = critical,CA:false +[ req ] +default_bits = 1024 +distinguished_name = req_DN +default_md = sha256 +string_mask = utf8only +[ req_DN ] +countryName = "Country Name is Northern Nowhere" +countryName_value = NN +organizationName = "Organization Name" +organizationName_value = Edel Curl Arctic Illudium Research Cloud +commonName = "Common Name" +commonName_value = localhost + +[something] +# The key +# the certficate +# some dhparam +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQDTb1PtMqFpICJuXGk0PY8UZWHI95kV7KlRQ4d6sEtlxcJ85Erw +xyVCGezshFpioE7e+S2GquWyuffoH13GjQexg1SSqGVdLOY74PMOrrJyBUzdhZAW +vB8DWSN2vuA47iEFN9ABMX0fPPX9eFbNy4a70egHc6aQ+Tt+nYW8PCp4SQIDAQAB +AoGBAMhtVySaAzJxONJfHYdc934BIPHt7BtBbbvQBOSDq+V80wGrM3MNhL8lbldC +m5+0kS+DC+oFpJqI+Xz8BtwJooilPuQO3syo5YZuFRee81M8Z5Ss78TG6FLdjt6Z +hKQHju+Ghxm08pd2cTaYGDzS3LYsvSXz4TnsdWAVATCwKTSFAkEA8HnPcZdAXiLJ +eA2cRAuyEUPjs7B6eR5dLraLrIOtcKs/xJH/W+63hhMjqe9CASuSzVJEr8QxijYN +Cdlq3V3XhwJBAOEVk48TZF+gc87sWsBIy+mn3MdovKbmnYM/rzVXYiu2mBQ+nKhp +mevRc/UJdkaW8H340wRm1qGMYPCeekRdha8CQCuHcSR3o4Amvd9MX2f10gLMDjCd +ll3MQEPPaVMN9tw5M27KmrWybWgImOEO3RzHHWirJqHGWs1Q4WVSBMUTUosCQQDf +sz/6HL3PRHqUltcC79apnEmSbgfAoMa/INYTX4uUAl9XD3tG7d0qP/rM9+By+6R8 +roWahFKgMBJQUlEWDRTFAkAiLYKd8pxw3x3kuk5ItmTiq3JNluMyIA/i3RVW1aVO +U5tX8sw6r4wVcsvXVboS/Trjeev2qkqC06ARV7vb6Wq5 +-----END RSA PRIVATE KEY----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 0b:5d:0a:89:a5:41 + Signature Algorithm: sha1WithRSAEncryption + Issuer: + countryName = NN + organizationName = Edel Curl Arctic Illudium Research Cloud + commonName = Nothern Nowhere Trust Anchor + Validity + Not Before: Aug 4 22:07:52 2009 GMT + Not After : Oct 21 22:07:52 2017 GMT + Subject: + countryName = NN + organizationName = Edel Curl Arctic Illudium Research Cloud + commonName = localhost + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:d3:6f:53:ed:32:a1:69:20:22:6e:5c:69:34:3d: + 8f:14:65:61:c8:f7:99:15:ec:a9:51:43:87:7a:b0: + 4b:65:c5:c2:7c:e4:4a:f0:c7:25:42:19:ec:ec:84: + 5a:62:a0:4e:de:f9:2d:86:aa:e5:b2:b9:f7:e8:1f: + 5d:c6:8d:07:b1:83:54:92:a8:65:5d:2c:e6:3b:e0: + f3:0e:ae:b2:72:05:4c:dd:85:90:16:bc:1f:03:59: + 23:76:be:e0:38:ee:21:05:37:d0:01:31:7d:1f:3c: + f5:fd:78:56:cd:cb:86:bb:d1:e8:07:73:a6:90:f9: + 3b:7e:9d:85:bc:3c:2a:78:49 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Alternative Name: + DNS:localhost + X509v3 Key Usage: + Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication + X509v3 Subject Key Identifier: + 53:59:CB:8D:67:CD:E7:63:E2:E5:DD:F0:F8:E1:82:ED:A8:10:38:A3 + X509v3 Authority Key Identifier: + keyid:12:6B:24:D2:4A:68:B7:A1:B0:1C:CD:BF:D6:4C:CC:40:5B:7F:E0:40 + + X509v3 Basic Constraints: critical + CA:FALSE + Signature Algorithm: sha1WithRSAEncryption + 06:3f:b8:df:8e:20:9d:cd:cd:bc:a9:88:eb:2d:f8:e6:f0:15: + fa:14:9c:5f:55:bc:8f:68:40:aa:d2:51:03:ab:09:ee:ee:a6: + d7:8f:32:9a:75:0b:41:35:71:bf:d9:35:03:dd:fd:e5:7d:45: + db:e5:9a:16:14:14:c7:98:a5:c5:b9:4d:81:3a:0c:f9:e0:97: + 71:d0:f3:a0:5d:84:ba:83:a8:d8:a0:98:bf:12:48:42:f0:1b: + 8a:58:80:16:62:69:bb:96:5a:ce:ac:02:fa:cb:cd:20:30:d0: + fb:23:3a:d3:7b:75:03:c8:c1:20:9e:24:90:d2:61:00:85:63: + e2:f9:a7:52:50:e2:0d:3b:61:f9:b1:d5:5f:64:dd:cb:38:7b: + 05:8d:b7:f9:08:8e:bf:d3:02:13:e7:34:fa:3d:bb:af:d7:aa: + de:79:28:f4:ae:87:f5:49:85:42:c7:af:8b:a0:94:ed:21:de: + 36:e6:38:a3:0f:75:cf:68:10:48:1d:7d:9b:a2:88:86:bd:b5: + fe:95:4a:c8:fe:77:6b:0a:47:79:ab:d6:35:ea:53:4f:8f:3a: + ba:e1:4c:00:57:b8:99:f9:21:5d:d2:ad:d9:c7:fa:bf:71:73: + 49:5d:0b:2c:fd:02:37:94:3c:3e:d7:ef:72:c5:e3:f3:14:9f: + 58:27:2a:aa +-----BEGIN CERTIFICATE----- +MIIDQTCCAimgAwIBAgIGC10KiaVBMA0GCSqGSIb3DQEBBQUAMGcxCzAJBgNVBAYT +Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo +IENsb3VkMSUwIwYDVQQDDBxOb3RoZXJuIE5vd2hlcmUgVHJ1c3QgQW5jaG9yMB4X +DTA5MDgwNDIyMDc1MloXDTE3MTAyMTIyMDc1MlowVDELMAkGA1UEBhMCTk4xMTAv +BgNVBAoMKEVkZWwgQ3VybCBBcmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQx +EjAQBgNVBAMMCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA +029T7TKhaSAiblxpND2PFGVhyPeZFeypUUOHerBLZcXCfORK8MclQhns7IRaYqBO +3vkthqrlsrn36B9dxo0HsYNUkqhlXSzmO+DzDq6ycgVM3YWQFrwfA1kjdr7gOO4h +BTfQATF9Hzz1/XhWzcuGu9HoB3OmkPk7fp2FvDwqeEkCAwEAAaOBiTCBhjAUBgNV +HREEDTALgglsb2NhbGhvc3QwCwYDVR0PBAQDAgUgMBMGA1UdJQQMMAoGCCsGAQUF +BwMBMB0GA1UdDgQWBBRTWcuNZ83nY+Ll3fD44YLtqBA4ozAfBgNVHSMEGDAWgBQS +ayTSSmi3obAczb/WTMxAW3/gQDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBQUA +A4IBAQAGP7jfjiCdzc28qYjrLfjm8BX6FJxfVbyPaECq0lEDqwnu7qbXjzKadQtB +NXG/2TUD3f3lfUXb5ZoWFBTHmKXFuU2BOgz54Jdx0POgXYS6g6jYoJi/EkhC8BuK +WIAWYmm7llrOrAL6y80gMND7IzrTe3UDyMEgniSQ0mEAhWPi+adSUOINO2H5sdVf +ZN3LOHsFjbf5CI6/0wIT5zT6Pbuv16reeSj0rof1SYVCx6+LoJTtId425jijD3XP +aBBIHX2booiGvbX+lUrI/ndrCkd5q9Y16lNPjzq64UwAV7iZ+SFd0q3Zx/q/cXNJ +XQss/QI3lDw+1+9yxePzFJ9YJyqq +-----END CERTIFICATE----- diff --git a/tests/certs/Server-localhost-sv.prm b/tests/certs/Server-localhost-sv.prm new file mode 100644 index 000000000..6351025dd --- /dev/null +++ b/tests/certs/Server-localhost-sv.prm @@ -0,0 +1,25 @@ +extensions = x509v3 +[ x509v3 ] +subjectAltName = DNS:localhost +keyUsage = keyEncipherment +extendedKeyUsage = serverAuth +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid +basicConstraints = critical,CA:false +[ req ] +default_bits = 1024 +distinguished_name = req_DN +default_md = sha256 +string_mask = utf8only +[ req_DN ] +countryName = "Country Name is Northern Nowhere" +countryName_value = NN +organizationName = "Organization Name" +organizationName_value = Edel Curl Arctic Illudium Research Cloud +commonName = "Common Name" +commonName_value = localhost + +[something] +# The key +# the certficate +# some dhparam diff --git a/tests/certs/Server-localhost.nn-sv.crt b/tests/certs/Server-localhost.nn-sv.crt new file mode 100644 index 000000000..e64fddc78 --- /dev/null +++ b/tests/certs/Server-localhost.nn-sv.crt @@ -0,0 +1,81 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 0b:5d:0b:23:cb:9d + Signature Algorithm: sha1WithRSAEncryption + Issuer: + countryName = NN + organizationName = Edel Curl Arctic Illudium Research Cloud + commonName = Nothern Nowhere Trust Anchor + Validity + Not Before: Aug 4 22:24:45 2009 GMT + Not After : Oct 21 22:24:45 2017 GMT + Subject: + countryName = NN + organizationName = Edel Curl Arctic Illudium Research Cloud + commonName = localhost.nn + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:c9:dc:c2:58:a5:8b:69:e1:d0:00:c5:e9:57:b7: + 47:80:8d:4b:d5:d5:43:71:0c:cc:e4:f1:01:72:71: + 11:48:8f:f5:25:ec:33:cb:9e:f2:78:17:90:5c:f2: + af:ec:9f:34:9c:05:ba:f3:1e:01:48:f0:c7:3e:46: + 9b:93:97:a8:af:c6:71:c6:c2:06:77:1a:e1:91:a2: + da:87:0e:f4:30:4d:4f:54:39:8b:e6:2f:ec:5c:91: + 89:66:4e:00:87:57:f1:2a:57:28:84:5c:63:a5:7e: + d8:7e:ff:82:52:c9:d4:a4:8a:b2:6e:34:e7:b2:67: + 2e:5b:0e:6a:a0:58:f4:1c:0d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Alternative Name: + DNS:localhost.nn + X509v3 Key Usage: + Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication + X509v3 Subject Key Identifier: + 68:20:D3:B2:EC:E8:1A:2A:3E:28:64:28:28:8F:A0:A1:20:9E:DC:D3 + X509v3 Authority Key Identifier: + keyid:12:6B:24:D2:4A:68:B7:A1:B0:1C:CD:BF:D6:4C:CC:40:5B:7F:E0:40 + + X509v3 Basic Constraints: critical + CA:FALSE + Signature Algorithm: sha1WithRSAEncryption + 5f:72:3f:e0:5c:44:b1:3b:c2:d6:10:fe:0a:bc:82:d5:60:c5: + 71:91:ef:86:2c:b3:71:5d:93:5a:b9:cb:f6:bf:c4:24:33:cc: + d7:24:2e:08:40:b9:1a:4d:cd:7b:12:c2:1e:16:d0:10:fb:72: + 42:d4:95:21:38:31:a6:73:5c:4d:b3:db:58:0c:0e:3f:a8:f9: + c0:14:a1:a9:ee:20:7e:3f:7a:30:ab:24:0e:ca:36:19:b0:dd: + 01:ce:aa:67:69:4a:8d:e3:5d:20:34:74:d6:7f:14:06:96:58: + 5e:68:78:6e:00:02:1d:3e:56:eb:5f:2c:35:02:10:05:9d:0b: + de:66:bb:ac:26:bd:eb:aa:d1:1d:b6:fe:b5:65:15:f8:06:b6: + 1c:17:cd:bf:f2:28:6c:b0:f4:73:0d:e4:6e:59:1d:a8:54:36: + be:68:c2:c1:15:87:c4:20:08:5f:68:93:13:8a:c6:50:f2:1a: + 9d:91:b4:71:93:e8:c3:c6:c1:f0:89:0f:ea:a0:f3:03:b3:e4: + d8:c1:27:ee:f9:41:93:7a:f6:25:2d:07:6f:3f:76:16:02:71: + 61:70:de:7a:20:6f:dd:ab:35:a2:03:8a:a5:d4:dc:89:47:0f: + cc:7c:88:e1:22:ff:6a:e5:83:2e:7a:b4:75:b7:e1:d4:e5:d6: + 75:8b:bd:5c +-----BEGIN CERTIFICATE----- +MIIDRzCCAi+gAwIBAgIGC10LI8udMA0GCSqGSIb3DQEBBQUAMGcxCzAJBgNVBAYT +Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo +IENsb3VkMSUwIwYDVQQDDBxOb3RoZXJuIE5vd2hlcmUgVHJ1c3QgQW5jaG9yMB4X +DTA5MDgwNDIyMjQ0NVoXDTE3MTAyMTIyMjQ0NVowVzELMAkGA1UEBhMCTk4xMTAv +BgNVBAoMKEVkZWwgQ3VybCBBcmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQx +FTATBgNVBAMMDGxvY2FsaG9zdC5ubjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC +gYEAydzCWKWLaeHQAMXpV7dHgI1L1dVDcQzM5PEBcnERSI/1Jewzy57yeBeQXPKv +7J80nAW68x4BSPDHPkabk5eor8ZxxsIGdxrhkaLahw70ME1PVDmL5i/sXJGJZk4A +h1fxKlcohFxjpX7Yfv+CUsnUpIqybjTnsmcuWw5qoFj0HA0CAwEAAaOBjDCBiTAX +BgNVHREEEDAOggxsb2NhbGhvc3Qubm4wCwYDVR0PBAQDAgUgMBMGA1UdJQQMMAoG +CCsGAQUFBwMBMB0GA1UdDgQWBBRoINOy7OgaKj4oZCgoj6ChIJ7c0zAfBgNVHSME +GDAWgBQSayTSSmi3obAczb/WTMxAW3/gQDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3 +DQEBBQUAA4IBAQBfcj/gXESxO8LWEP4KvILVYMVxke+GLLNxXZNaucv2v8QkM8zX +JC4IQLkaTc17EsIeFtAQ+3JC1JUhODGmc1xNs9tYDA4/qPnAFKGp7iB+P3owqyQO +yjYZsN0BzqpnaUqN410gNHTWfxQGllheaHhuAAIdPlbrXyw1AhAFnQveZrusJr3r +qtEdtv61ZRX4BrYcF82/8ihssPRzDeRuWR2oVDa+aMLBFYfEIAhfaJMTisZQ8hqd +kbRxk+jDxsHwiQ/qoPMDs+TYwSfu+UGTevYlLQdvP3YWAnFhcN56IG/dqzWiA4ql +1NyJRw/MfIjhIv9q5YMuerR1t+HU5dZ1i71c +-----END CERTIFICATE----- diff --git a/tests/certs/Server-localhost.nn-sv.csr b/tests/certs/Server-localhost.nn-sv.csr new file mode 100644 index 000000000..4084d6979 --- /dev/null +++ b/tests/certs/Server-localhost.nn-sv.csr @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBlzCCAQACAQAwVzELMAkGA1UEBhMCTk4xMTAvBgNVBAoMKEVkZWwgQ3VybCBB +cmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQxFTATBgNVBAMMDGxvY2FsaG9z +dC5ubjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAydzCWKWLaeHQAMXpV7dH +gI1L1dVDcQzM5PEBcnERSI/1Jewzy57yeBeQXPKv7J80nAW68x4BSPDHPkabk5eo +r8ZxxsIGdxrhkaLahw70ME1PVDmL5i/sXJGJZk4Ah1fxKlcohFxjpX7Yfv+CUsnU +pIqybjTnsmcuWw5qoFj0HA0CAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4GBAJTKRcBm +GzP0ySB4Oi8nedAruEXou/74ihSeIaydMyMLvqiAiSRhA16CIweRhMqDKqaSHT5B +aisl0FSMKFODu6TrZQL+1DYTrXOKQ1e8JjSOCbR4c+p/QsiznfabEQNgtzsiDxTy +Tc4vgvzEKxQ1AxP7G4iW+sVLc0EaA6fA6l/L +-----END CERTIFICATE REQUEST----- diff --git a/tests/certs/Server-localhost.nn-sv.der b/tests/certs/Server-localhost.nn-sv.der Binary files differnew file mode 100644 index 000000000..cfeb41259 --- /dev/null +++ b/tests/certs/Server-localhost.nn-sv.der diff --git a/tests/certs/Server-localhost.nn-sv.dhp b/tests/certs/Server-localhost.nn-sv.dhp new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/tests/certs/Server-localhost.nn-sv.dhp diff --git a/tests/certs/Server-localhost.nn-sv.key b/tests/certs/Server-localhost.nn-sv.key new file mode 100644 index 000000000..ce0a00789 --- /dev/null +++ b/tests/certs/Server-localhost.nn-sv.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQDJ3MJYpYtp4dAAxelXt0eAjUvV1UNxDMzk8QFycRFIj/Ul7DPL +nvJ4F5Bc8q/snzScBbrzHgFI8Mc+RpuTl6ivxnHGwgZ3GuGRotqHDvQwTU9UOYvm +L+xckYlmTgCHV/EqVyiEXGOlfth+/4JSydSkirJuNOeyZy5bDmqgWPQcDQIDAQAB +AoGAFJ8Xv4SR3Gw0GpAdSVew10IX+C1EKX1cRRsVwcIpONdz/L7Hf8qqDHijx8sH +C84ryrCPK5zqFrB6OjNuW0KH+dZ5PRkr6DZwLAIgf+zjTb+qd8aDYlzsnvajTxxY +RdPbsR94Oort1Gp0BZ9SOi2mUvRZqXsCMQmFxAXQgQ3jqgUCQQDsnRfGoESAIs+3 +W4jl67nD6K+pAcleLQ+yeNYwldRnH0CRWkt9wyjQFSKufz93pD+3NVC446cPlJap +1beijhHDAkEA2mbEYRxYrQIJ1UyEb375k+hxNl6QlzTO8gUjuZBlAff/maC4FGmt +9cDfThLPan0m0T9Ucb4RZQeQe4EH0qDt7wJASWncbKZhWphydmOSMDRZaO2TQw7o +2a2Fh0xyuJRkWLKbp/2qGpUo3pcQMbANkyOFGWUTbKpFtVHXBU7oMSl/XQJANuqG +UKDPD1mm3VJrLpnv6agV54TpuIuXybVPIVbUfyU7yQZnowJbsqK3w6rpKq6jdxQE +iMExIIVBaDyumeDLUwJBAMapDN9JlFNq2AW0ifjrXJLaoR2jhF98cUFpjM/AJrAX +WIbIGxlsCe9HKtvbKFMLuaSZrU87TnR3K0w3zOSbHXk= +-----END RSA PRIVATE KEY----- diff --git a/tests/certs/Server-localhost.nn-sv.pem b/tests/certs/Server-localhost.nn-sv.pem new file mode 100644 index 000000000..f08547c0d --- /dev/null +++ b/tests/certs/Server-localhost.nn-sv.pem @@ -0,0 +1,121 @@ +extensions = x509v3 +[ x509v3 ] +subjectAltName = DNS:localhost.nn +keyUsage = keyEncipherment +extendedKeyUsage = serverAuth +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid +basicConstraints = critical,CA:false +[ req ] +default_bits = 1024 +distinguished_name = req_DN +default_md = sha256 +string_mask = utf8only +[ req_DN ] +countryName = "Country Name is Northern Nowhere" +countryName_value = NN +organizationName = "Organization Name" +organizationName_value = Edel Curl Arctic Illudium Research Cloud +commonName = "Common Name" +commonName_value = localhost.nn + +[something] +# The key +# the certficate +# some dhparam +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQDJ3MJYpYtp4dAAxelXt0eAjUvV1UNxDMzk8QFycRFIj/Ul7DPL +nvJ4F5Bc8q/snzScBbrzHgFI8Mc+RpuTl6ivxnHGwgZ3GuGRotqHDvQwTU9UOYvm +L+xckYlmTgCHV/EqVyiEXGOlfth+/4JSydSkirJuNOeyZy5bDmqgWPQcDQIDAQAB +AoGAFJ8Xv4SR3Gw0GpAdSVew10IX+C1EKX1cRRsVwcIpONdz/L7Hf8qqDHijx8sH +C84ryrCPK5zqFrB6OjNuW0KH+dZ5PRkr6DZwLAIgf+zjTb+qd8aDYlzsnvajTxxY +RdPbsR94Oort1Gp0BZ9SOi2mUvRZqXsCMQmFxAXQgQ3jqgUCQQDsnRfGoESAIs+3 +W4jl67nD6K+pAcleLQ+yeNYwldRnH0CRWkt9wyjQFSKufz93pD+3NVC446cPlJap +1beijhHDAkEA2mbEYRxYrQIJ1UyEb375k+hxNl6QlzTO8gUjuZBlAff/maC4FGmt +9cDfThLPan0m0T9Ucb4RZQeQe4EH0qDt7wJASWncbKZhWphydmOSMDRZaO2TQw7o +2a2Fh0xyuJRkWLKbp/2qGpUo3pcQMbANkyOFGWUTbKpFtVHXBU7oMSl/XQJANuqG +UKDPD1mm3VJrLpnv6agV54TpuIuXybVPIVbUfyU7yQZnowJbsqK3w6rpKq6jdxQE +iMExIIVBaDyumeDLUwJBAMapDN9JlFNq2AW0ifjrXJLaoR2jhF98cUFpjM/AJrAX +WIbIGxlsCe9HKtvbKFMLuaSZrU87TnR3K0w3zOSbHXk= +-----END RSA PRIVATE KEY----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 0b:5d:0b:23:cb:9d + Signature Algorithm: sha1WithRSAEncryption + Issuer: + countryName = NN + organizationName = Edel Curl Arctic Illudium Research Cloud + commonName = Nothern Nowhere Trust Anchor + Validity + Not Before: Aug 4 22:24:45 2009 GMT + Not After : Oct 21 22:24:45 2017 GMT + Subject: + countryName = NN + organizationName = Edel Curl Arctic Illudium Research Cloud + commonName = localhost.nn + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:c9:dc:c2:58:a5:8b:69:e1:d0:00:c5:e9:57:b7: + 47:80:8d:4b:d5:d5:43:71:0c:cc:e4:f1:01:72:71: + 11:48:8f:f5:25:ec:33:cb:9e:f2:78:17:90:5c:f2: + af:ec:9f:34:9c:05:ba:f3:1e:01:48:f0:c7:3e:46: + 9b:93:97:a8:af:c6:71:c6:c2:06:77:1a:e1:91:a2: + da:87:0e:f4:30:4d:4f:54:39:8b:e6:2f:ec:5c:91: + 89:66:4e:00:87:57:f1:2a:57:28:84:5c:63:a5:7e: + d8:7e:ff:82:52:c9:d4:a4:8a:b2:6e:34:e7:b2:67: + 2e:5b:0e:6a:a0:58:f4:1c:0d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Alternative Name: + DNS:localhost.nn + X509v3 Key Usage: + Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication + X509v3 Subject Key Identifier: + 68:20:D3:B2:EC:E8:1A:2A:3E:28:64:28:28:8F:A0:A1:20:9E:DC:D3 + X509v3 Authority Key Identifier: + keyid:12:6B:24:D2:4A:68:B7:A1:B0:1C:CD:BF:D6:4C:CC:40:5B:7F:E0:40 + + X509v3 Basic Constraints: critical + CA:FALSE + Signature Algorithm: sha1WithRSAEncryption + 5f:72:3f:e0:5c:44:b1:3b:c2:d6:10:fe:0a:bc:82:d5:60:c5: + 71:91:ef:86:2c:b3:71:5d:93:5a:b9:cb:f6:bf:c4:24:33:cc: + d7:24:2e:08:40:b9:1a:4d:cd:7b:12:c2:1e:16:d0:10:fb:72: + 42:d4:95:21:38:31:a6:73:5c:4d:b3:db:58:0c:0e:3f:a8:f9: + c0:14:a1:a9:ee:20:7e:3f:7a:30:ab:24:0e:ca:36:19:b0:dd: + 01:ce:aa:67:69:4a:8d:e3:5d:20:34:74:d6:7f:14:06:96:58: + 5e:68:78:6e:00:02:1d:3e:56:eb:5f:2c:35:02:10:05:9d:0b: + de:66:bb:ac:26:bd:eb:aa:d1:1d:b6:fe:b5:65:15:f8:06:b6: + 1c:17:cd:bf:f2:28:6c:b0:f4:73:0d:e4:6e:59:1d:a8:54:36: + be:68:c2:c1:15:87:c4:20:08:5f:68:93:13:8a:c6:50:f2:1a: + 9d:91:b4:71:93:e8:c3:c6:c1:f0:89:0f:ea:a0:f3:03:b3:e4: + d8:c1:27:ee:f9:41:93:7a:f6:25:2d:07:6f:3f:76:16:02:71: + 61:70:de:7a:20:6f:dd:ab:35:a2:03:8a:a5:d4:dc:89:47:0f: + cc:7c:88:e1:22:ff:6a:e5:83:2e:7a:b4:75:b7:e1:d4:e5:d6: + 75:8b:bd:5c +-----BEGIN CERTIFICATE----- +MIIDRzCCAi+gAwIBAgIGC10LI8udMA0GCSqGSIb3DQEBBQUAMGcxCzAJBgNVBAYT +Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo +IENsb3VkMSUwIwYDVQQDDBxOb3RoZXJuIE5vd2hlcmUgVHJ1c3QgQW5jaG9yMB4X +DTA5MDgwNDIyMjQ0NVoXDTE3MTAyMTIyMjQ0NVowVzELMAkGA1UEBhMCTk4xMTAv +BgNVBAoMKEVkZWwgQ3VybCBBcmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQx +FTATBgNVBAMMDGxvY2FsaG9zdC5ubjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC +gYEAydzCWKWLaeHQAMXpV7dHgI1L1dVDcQzM5PEBcnERSI/1Jewzy57yeBeQXPKv +7J80nAW68x4BSPDHPkabk5eor8ZxxsIGdxrhkaLahw70ME1PVDmL5i/sXJGJZk4A +h1fxKlcohFxjpX7Yfv+CUsnUpIqybjTnsmcuWw5qoFj0HA0CAwEAAaOBjDCBiTAX +BgNVHREEEDAOggxsb2NhbGhvc3Qubm4wCwYDVR0PBAQDAgUgMBMGA1UdJQQMMAoG +CCsGAQUFBwMBMB0GA1UdDgQWBBRoINOy7OgaKj4oZCgoj6ChIJ7c0zAfBgNVHSME +GDAWgBQSayTSSmi3obAczb/WTMxAW3/gQDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3 +DQEBBQUAA4IBAQBfcj/gXESxO8LWEP4KvILVYMVxke+GLLNxXZNaucv2v8QkM8zX +JC4IQLkaTc17EsIeFtAQ+3JC1JUhODGmc1xNs9tYDA4/qPnAFKGp7iB+P3owqyQO +yjYZsN0BzqpnaUqN410gNHTWfxQGllheaHhuAAIdPlbrXyw1AhAFnQveZrusJr3r +qtEdtv61ZRX4BrYcF82/8ihssPRzDeRuWR2oVDa+aMLBFYfEIAhfaJMTisZQ8hqd +kbRxk+jDxsHwiQ/qoPMDs+TYwSfu+UGTevYlLQdvP3YWAnFhcN56IG/dqzWiA4ql +1NyJRw/MfIjhIv9q5YMuerR1t+HU5dZ1i71c +-----END CERTIFICATE----- diff --git a/tests/certs/Server-localhost.nn-sv.prm b/tests/certs/Server-localhost.nn-sv.prm new file mode 100644 index 000000000..e515ea15b --- /dev/null +++ b/tests/certs/Server-localhost.nn-sv.prm @@ -0,0 +1,25 @@ +extensions = x509v3 +[ x509v3 ] +subjectAltName = DNS:localhost.nn +keyUsage = keyEncipherment +extendedKeyUsage = serverAuth +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid +basicConstraints = critical,CA:false +[ req ] +default_bits = 1024 +distinguished_name = req_DN +default_md = sha256 +string_mask = utf8only +[ req_DN ] +countryName = "Country Name is Northern Nowhere" +countryName_value = NN +organizationName = "Organization Name" +organizationName_value = Edel Curl Arctic Illudium Research Cloud +commonName = "Common Name" +commonName_value = localhost.nn + +[something] +# The key +# the certficate +# some dhparam diff --git a/tests/certs/Server-localhost0h-sv.crt b/tests/certs/Server-localhost0h-sv.crt new file mode 100644 index 000000000..20759e735 --- /dev/null +++ b/tests/certs/Server-localhost0h-sv.crt @@ -0,0 +1,81 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 0b:5d:0a:87:0d:09 + Signature Algorithm: sha1WithRSAEncryption + Issuer: + countryName = NN + organizationName = Edel Curl Arctic Illudium Research Cloud + commonName = Nothern Nowhere Trust Anchor + Validity + Not Before: Aug 4 22:07:33 2009 GMT + Not After : Oct 21 22:07:33 2017 GMT + Subject: + countryName = NN + organizationName = Edel Curl Arctic Illudium Research Cloud + commonName = localhost + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:be:67:3b:b4:ea:c0:85:b4:c3:56:c1:a4:96:23: + 36:f5:c6:77:aa:ad:e5:c1:dd:ce:c1:9a:97:07:dd: + 16:90:eb:f0:38:b5:95:6b:a6:0f:b9:73:4e:7d:82: + 57:ab:5f:b5:ba:5c:a0:48:8c:82:77:fd:67:d8:53: + 44:61:86:a5:06:19:bf:73:51:68:2e:1a:0a:c5:05: + 39:ca:3d:ca:83:ed:07:fe:ae:b7:73:1d:60:dd:ab: + 9e:0e:7e:02:f3:68:42:93:27:c8:5f:c5:fa:cb:a9: + 84:06:2f:f3:66:bd:de:7d:29:82:57:47:e4:a9:df: + bf:8b:bc:c0:46:33:5a:7b:87 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Alternative Name: + DNS:localhost + X509v3 Key Usage: + Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication + X509v3 Subject Key Identifier: + 0C:37:A3:DB:0F:73:B3:38:8A:69:D3:6E:B3:A7:D6:D8:77:4E:DA:67 + X509v3 Authority Key Identifier: + keyid:12:6B:24:D2:4A:68:B7:A1:B0:1C:CD:BF:D6:4C:CC:40:5B:7F:E0:40 + + X509v3 Basic Constraints: critical + CA:FALSE + Signature Algorithm: sha1WithRSAEncryption + 88:a0:17:77:77:bf:c1:8a:18:4e:a3:94:6e:45:18:31:fa:2f: + 7b:1f:ee:95:20:d1:cd:40:df:ee:f0:45:2e:e9:e6:cf:c8:77: + bd:85:16:d7:9f:18:52:78:3f:ea:9c:86:62:6e:db:90:b0:cd: + f1:c1:6f:2d:87:4a:a0:be:b3:dc:6d:e4:6b:d1:da:b9:10:25: + 7e:35:1f:1b:aa:a7:09:2f:84:77:27:b0:48:a8:6d:54:57:38: + 35:22:34:03:0f:d4:5d:ab:1c:72:15:b1:d9:89:56:10:12:fb: + 7d:0d:18:12:a9:0a:38:dc:93:cf:69:ff:75:86:9e:e3:6b:eb: + 92:6c:55:16:d5:65:8b:d7:9c:5e:4b:82:c8:92:6c:8b:e6:18: + a2:f8:8c:65:aa:b6:eb:23:ed:cb:99:db:fc:8b:8e:1d:7a:39: + c9:f5:7b:7f:58:7b:ed:01:6c:3c:40:ec:e3:a9:5f:c4:3d:cb: + 81:17:03:6d:2d:d7:bd:00:5f:c4:79:f2:fb:ab:c6:0e:a2:01: + 8b:a1:42:73:de:96:29:3e:bf:d7:d9:51:a7:d4:98:07:7f:f0: + f4:cd:00:a1:e1:ac:6c:05:ac:ab:93:1b:b0:5c:2c:13:ad:ff: + 27:dc:80:99:34:66:bd:e3:31:54:d5:b6:3f:ce:d4:08:a3:52: + 28:61:5e:bd +-----BEGIN CERTIFICATE----- +MIIDQzCCAiugAwIBAgIGC10Khw0JMA0GCSqGSIb3DQEBBQUAMGcxCzAJBgNVBAYT +Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo +IENsb3VkMSUwIwYDVQQDDBxOb3RoZXJuIE5vd2hlcmUgVHJ1c3QgQW5jaG9yMB4X +DTA5MDgwNDIyMDczM1oXDTE3MTAyMTIyMDczM1owVDELMAkGA1UEBhMCTk4xMTAv +BgNVBAoMKEVkZWwgQ3VybCBBcmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQx +EjAQBgNVBAMMCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA +vmc7tOrAhbTDVsGkliM29cZ3qq3lwd3OwZqXB90WkOvwOLWVa6YPuXNOfYJXq1+1 +ulygSIyCd/1n2FNEYYalBhm/c1FoLhoKxQU5yj3Kg+0H/q63cx1g3aueDn4C82hC +kyfIX8X6y6mEBi/zZr3efSmCV0fkqd+/i7zARjNae4cCAwEAAaOBizCBiDAWBgNV +HREEDzANggtsb2NhbGhvc3QAaDALBgNVHQ8EBAMCBSAwEwYDVR0lBAwwCgYIKwYB +BQUHAwEwHQYDVR0OBBYEFAw3o9sPc7M4imnTbrOn1th3TtpnMB8GA1UdIwQYMBaA +FBJrJNJKaLehsBzNv9ZMzEBbf+BAMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEF +BQADggEBAIigF3d3v8GKGE6jlG5FGDH6L3sf7pUg0c1A3+7wRS7p5s/Id72FFtef +GFJ4P+qchmJu25CwzfHBby2HSqC+s9xt5GvR2rkQJX41HxuqpwkvhHcnsEiobVRX +ODUiNAMP1F2rHHIVsdmJVhAS+30NGBKpCjjck89p/3WGnuNr65JsVRbVZYvXnF5L +gsiSbIvmGKL4jGWqtusj7cuZ2/yLjh16Ocn1e39Ye+0BbDxA7OOpX8Q9y4EXA20t +170AX8R58vurxg6iAYuhQnPelik+v9fZUafUmAd/8PTNAKHhrGwFrKuTG7BcLBOt +/yfcgJk0Zr3jMVTVtj/O1AijUihhXr0= +-----END CERTIFICATE----- diff --git a/tests/certs/Server-localhost0h-sv.csr b/tests/certs/Server-localhost0h-sv.csr new file mode 100644 index 000000000..a4fe98fa7 --- /dev/null +++ b/tests/certs/Server-localhost0h-sv.csr @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBkzCB/QIBADBUMQswCQYDVQQGEwJOTjExMC8GA1UECgwoRWRlbCBDdXJsIEFy +Y3RpYyBJbGx1ZGl1bSBSZXNlYXJjaCBDbG91ZDESMBAGA1UEAwwJbG9jYWxob3N0 +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+Zzu06sCFtMNWwaSWIzb1xneq +reXB3c7BmpcH3RaQ6/A4tZVrpg+5c059glerX7W6XKBIjIJ3/WfYU0RhhqUGGb9z +UWguGgrFBTnKPcqD7Qf+rrdzHWDdq54OfgLzaEKTJ8hfxfrLqYQGL/Nmvd59KYJX +R+Sp37+LvMBGM1p7hwIDAQABoAAwDQYJKoZIhvcNAQELBQADgYEAbQKEjIglh6El +8gIh/qRbb5Z89LWPGFRrAIItgG33WVJd61pn4YjO/ugJOtYQYHwxRxUQVjfaGb17 +fTLXzgTu5WJowa7m2DPXgPbw4okUhu5m3Zdum6j5QMu2mfAbTnuS7U4UwLR9C8mV +rKu+oBCYIgWWybVOoqssJAnjj4r/R/c= +-----END CERTIFICATE REQUEST----- diff --git a/tests/certs/Server-localhost0h-sv.der b/tests/certs/Server-localhost0h-sv.der Binary files differnew file mode 100644 index 000000000..b8e6f5955 --- /dev/null +++ b/tests/certs/Server-localhost0h-sv.der diff --git a/tests/certs/Server-localhost0h-sv.dhp b/tests/certs/Server-localhost0h-sv.dhp new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/tests/certs/Server-localhost0h-sv.dhp diff --git a/tests/certs/Server-localhost0h-sv.key b/tests/certs/Server-localhost0h-sv.key new file mode 100644 index 000000000..ca5cd3b39 --- /dev/null +++ b/tests/certs/Server-localhost0h-sv.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQC+Zzu06sCFtMNWwaSWIzb1xneqreXB3c7BmpcH3RaQ6/A4tZVr +pg+5c059glerX7W6XKBIjIJ3/WfYU0RhhqUGGb9zUWguGgrFBTnKPcqD7Qf+rrdz +HWDdq54OfgLzaEKTJ8hfxfrLqYQGL/Nmvd59KYJXR+Sp37+LvMBGM1p7hwIDAQAB +AoGAdpisqvrR4jZ+uaoyD0Zt9FajsQ9SHhg/sX3N9xrx9GDRpzELmhq8jqHQ0QKA +AwHBmwwY1jeXCJAxv5/V5v1MCdamVSQbjkKBmmBrE/J70sZMqxkFbu0h9Bx8p4UB +SWpKgZTF9R3ZKKZoGS6hlzvhJeAy1atApzVz9xVTSwAL/2kCQQDhPMREu8AtfxFI +5BedSk2yIyW0EcO2WW5V5+bmekBgiAFc9iB7ulCuwBK7UQDIvYLfklxWc2CzuP50 +nLo32UNVAkEA2GiFdKJuP+32FfE3jK3CL3vTgZbd0ArbhJdBidHlJYr/EU6etxAr +aYli1dP/qeiehNuhefqWHRlOUPkE6mv7awJAdpRuZB1QbONz7yMeh5Gh3AIDDI05 +s1vb6eBAQODl2axgw1dU/K63YXj/o5xexFB5gUjl0iHGLHhdhnko1NROTQJAMfQu +mjXEbU1ouLftsrOJV5ylvgwtN5DKC1k+76lb08a6Ciyzxl4dJ0dnYSSGp5nivZhV +Ner6K81jnp1c3R//8QJBAKe0fNhTAoOoE/YTeE4K4lpXvow2jMyhdBwyaZtHmcQ2 +z8UpojKrNQ87WISUDRqlIy2ze3RZCgCy0LBnxr66Whg= +-----END RSA PRIVATE KEY----- diff --git a/tests/certs/Server-localhost0h-sv.p12 b/tests/certs/Server-localhost0h-sv.p12 Binary files differnew file mode 100644 index 000000000..82e03c785 --- /dev/null +++ b/tests/certs/Server-localhost0h-sv.p12 diff --git a/tests/certs/Server-localhost0h-sv.pem b/tests/certs/Server-localhost0h-sv.pem new file mode 100644 index 000000000..e74193ccb --- /dev/null +++ b/tests/certs/Server-localhost0h-sv.pem @@ -0,0 +1,122 @@ +extensions = x509v3 +[ x509v3 ] +#subjectAltName = DNS:localhost\0h +subjectAltName = DER:30:0d:82:0b:6c:6f:63:61:6c:68:6f:73:74:00:68 +keyUsage = keyEncipherment +extendedKeyUsage = serverAuth +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid +basicConstraints = critical,CA:false +[ req ] +default_bits = 1024 +distinguished_name = req_DN +default_md = sha256 +string_mask = utf8only +[ req_DN ] +countryName = "Country Name is Northern Nowhere" +countryName_value = NN +organizationName = "Organization Name" +organizationName_value = Edel Curl Arctic Illudium Research Cloud +commonName = "Common Name" +commonName_value = localhost + +[something] +# The key +# the certificate +# some dhparam +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQC+Zzu06sCFtMNWwaSWIzb1xneqreXB3c7BmpcH3RaQ6/A4tZVr +pg+5c059glerX7W6XKBIjIJ3/WfYU0RhhqUGGb9zUWguGgrFBTnKPcqD7Qf+rrdz +HWDdq54OfgLzaEKTJ8hfxfrLqYQGL/Nmvd59KYJXR+Sp37+LvMBGM1p7hwIDAQAB +AoGAdpisqvrR4jZ+uaoyD0Zt9FajsQ9SHhg/sX3N9xrx9GDRpzELmhq8jqHQ0QKA +AwHBmwwY1jeXCJAxv5/V5v1MCdamVSQbjkKBmmBrE/J70sZMqxkFbu0h9Bx8p4UB +SWpKgZTF9R3ZKKZoGS6hlzvhJeAy1atApzVz9xVTSwAL/2kCQQDhPMREu8AtfxFI +5BedSk2yIyW0EcO2WW5V5+bmekBgiAFc9iB7ulCuwBK7UQDIvYLfklxWc2CzuP50 +nLo32UNVAkEA2GiFdKJuP+32FfE3jK3CL3vTgZbd0ArbhJdBidHlJYr/EU6etxAr +aYli1dP/qeiehNuhefqWHRlOUPkE6mv7awJAdpRuZB1QbONz7yMeh5Gh3AIDDI05 +s1vb6eBAQODl2axgw1dU/K63YXj/o5xexFB5gUjl0iHGLHhdhnko1NROTQJAMfQu +mjXEbU1ouLftsrOJV5ylvgwtN5DKC1k+76lb08a6Ciyzxl4dJ0dnYSSGp5nivZhV +Ner6K81jnp1c3R//8QJBAKe0fNhTAoOoE/YTeE4K4lpXvow2jMyhdBwyaZtHmcQ2 +z8UpojKrNQ87WISUDRqlIy2ze3RZCgCy0LBnxr66Whg= +-----END RSA PRIVATE KEY----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 0b:5d:0a:87:0d:09 + Signature Algorithm: sha1WithRSAEncryption + Issuer: + countryName = NN + organizationName = Edel Curl Arctic Illudium Research Cloud + commonName = Nothern Nowhere Trust Anchor + Validity + Not Before: Aug 4 22:07:33 2009 GMT + Not After : Oct 21 22:07:33 2017 GMT + Subject: + countryName = NN + organizationName = Edel Curl Arctic Illudium Research Cloud + commonName = localhost + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:be:67:3b:b4:ea:c0:85:b4:c3:56:c1:a4:96:23: + 36:f5:c6:77:aa:ad:e5:c1:dd:ce:c1:9a:97:07:dd: + 16:90:eb:f0:38:b5:95:6b:a6:0f:b9:73:4e:7d:82: + 57:ab:5f:b5:ba:5c:a0:48:8c:82:77:fd:67:d8:53: + 44:61:86:a5:06:19:bf:73:51:68:2e:1a:0a:c5:05: + 39:ca:3d:ca:83:ed:07:fe:ae:b7:73:1d:60:dd:ab: + 9e:0e:7e:02:f3:68:42:93:27:c8:5f:c5:fa:cb:a9: + 84:06:2f:f3:66:bd:de:7d:29:82:57:47:e4:a9:df: + bf:8b:bc:c0:46:33:5a:7b:87 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Alternative Name: + DNS:localhost + X509v3 Key Usage: + Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication + X509v3 Subject Key Identifier: + 0C:37:A3:DB:0F:73:B3:38:8A:69:D3:6E:B3:A7:D6:D8:77:4E:DA:67 + X509v3 Authority Key Identifier: + keyid:12:6B:24:D2:4A:68:B7:A1:B0:1C:CD:BF:D6:4C:CC:40:5B:7F:E0:40 + + X509v3 Basic Constraints: critical + CA:FALSE + Signature Algorithm: sha1WithRSAEncryption + 88:a0:17:77:77:bf:c1:8a:18:4e:a3:94:6e:45:18:31:fa:2f: + 7b:1f:ee:95:20:d1:cd:40:df:ee:f0:45:2e:e9:e6:cf:c8:77: + bd:85:16:d7:9f:18:52:78:3f:ea:9c:86:62:6e:db:90:b0:cd: + f1:c1:6f:2d:87:4a:a0:be:b3:dc:6d:e4:6b:d1:da:b9:10:25: + 7e:35:1f:1b:aa:a7:09:2f:84:77:27:b0:48:a8:6d:54:57:38: + 35:22:34:03:0f:d4:5d:ab:1c:72:15:b1:d9:89:56:10:12:fb: + 7d:0d:18:12:a9:0a:38:dc:93:cf:69:ff:75:86:9e:e3:6b:eb: + 92:6c:55:16:d5:65:8b:d7:9c:5e:4b:82:c8:92:6c:8b:e6:18: + a2:f8:8c:65:aa:b6:eb:23:ed:cb:99:db:fc:8b:8e:1d:7a:39: + c9:f5:7b:7f:58:7b:ed:01:6c:3c:40:ec:e3:a9:5f:c4:3d:cb: + 81:17:03:6d:2d:d7:bd:00:5f:c4:79:f2:fb:ab:c6:0e:a2:01: + 8b:a1:42:73:de:96:29:3e:bf:d7:d9:51:a7:d4:98:07:7f:f0: + f4:cd:00:a1:e1:ac:6c:05:ac:ab:93:1b:b0:5c:2c:13:ad:ff: + 27:dc:80:99:34:66:bd:e3:31:54:d5:b6:3f:ce:d4:08:a3:52: + 28:61:5e:bd +-----BEGIN CERTIFICATE----- +MIIDQzCCAiugAwIBAgIGC10Khw0JMA0GCSqGSIb3DQEBBQUAMGcxCzAJBgNVBAYT +Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo +IENsb3VkMSUwIwYDVQQDDBxOb3RoZXJuIE5vd2hlcmUgVHJ1c3QgQW5jaG9yMB4X +DTA5MDgwNDIyMDczM1oXDTE3MTAyMTIyMDczM1owVDELMAkGA1UEBhMCTk4xMTAv +BgNVBAoMKEVkZWwgQ3VybCBBcmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQx +EjAQBgNVBAMMCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA +vmc7tOrAhbTDVsGkliM29cZ3qq3lwd3OwZqXB90WkOvwOLWVa6YPuXNOfYJXq1+1 +ulygSIyCd/1n2FNEYYalBhm/c1FoLhoKxQU5yj3Kg+0H/q63cx1g3aueDn4C82hC +kyfIX8X6y6mEBi/zZr3efSmCV0fkqd+/i7zARjNae4cCAwEAAaOBizCBiDAWBgNV +HREEDzANggtsb2NhbGhvc3QAaDALBgNVHQ8EBAMCBSAwEwYDVR0lBAwwCgYIKwYB +BQUHAwEwHQYDVR0OBBYEFAw3o9sPc7M4imnTbrOn1th3TtpnMB8GA1UdIwQYMBaA +FBJrJNJKaLehsBzNv9ZMzEBbf+BAMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEF +BQADggEBAIigF3d3v8GKGE6jlG5FGDH6L3sf7pUg0c1A3+7wRS7p5s/Id72FFtef +GFJ4P+qchmJu25CwzfHBby2HSqC+s9xt5GvR2rkQJX41HxuqpwkvhHcnsEiobVRX +ODUiNAMP1F2rHHIVsdmJVhAS+30NGBKpCjjck89p/3WGnuNr65JsVRbVZYvXnF5L +gsiSbIvmGKL4jGWqtusj7cuZ2/yLjh16Ocn1e39Ye+0BbDxA7OOpX8Q9y4EXA20t +170AX8R58vurxg6iAYuhQnPelik+v9fZUafUmAd/8PTNAKHhrGwFrKuTG7BcLBOt +/yfcgJk0Zr3jMVTVtj/O1AijUihhXr0= +-----END CERTIFICATE----- diff --git a/tests/certs/Server-localhost0h-sv.prm b/tests/certs/Server-localhost0h-sv.prm new file mode 100644 index 000000000..5e8944b31 --- /dev/null +++ b/tests/certs/Server-localhost0h-sv.prm @@ -0,0 +1,26 @@ +extensions = x509v3 +[ x509v3 ] +#subjectAltName = DNS:localhost\0h +subjectAltName = DER:30:0d:82:0b:6c:6f:63:61:6c:68:6f:73:74:00:68 +keyUsage = keyEncipherment +extendedKeyUsage = serverAuth +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid +basicConstraints = critical,CA:false +[ req ] +default_bits = 1024 +distinguished_name = req_DN +default_md = sha256 +string_mask = utf8only +[ req_DN ] +countryName = "Country Name is Northern Nowhere" +countryName_value = NN +organizationName = "Organization Name" +organizationName_value = Edel Curl Arctic Illudium Research Cloud +commonName = "Common Name" +commonName_value = localhost + +[something] +# The key +# the certificate +# some dhparam diff --git a/tests/certs/scripts/genroot.sh b/tests/certs/scripts/genroot.sh new file mode 100755 index 000000000..85425a8c5 --- /dev/null +++ b/tests/certs/scripts/genroot.sh @@ -0,0 +1,63 @@ +#!/bin/bash + +# (c) CopyRight EdelWeb for EdelKey and OpenEvidence, 2000-2004, 2009 +# Author: Peter Sylvester + +# "libre" for integration with curl + +OPENSSL=openssl +if [ -f /usr/local/ssl/bin/openssl ] ; then +OPENSSL=/usr/local/ssl/bin/openssl +fi + +USAGE="echo Usage is genroot.sh \<name\>" + +HOME=`pwd` +cd $HOME + +KEYSIZE=2048 +DURATION=6000 + +PREFIX=$1 +if [ ".$PREFIX" = . ] ; then + echo No configuration prefix + NOTOK=1 +else + if [ ! -f $PREFIX-ca.prm ] ; then + echo No configuration file $PREFIX-ca.prm + NOTOK=1 + fi +fi + +if [ ".$NOTOK" != . ] ; then + echo "Sorry, I can't do that for you." + $USAGE + exit +fi + +GETSERIAL="\$t = time ;\$d = \$t . substr(\$t+$$ ,-4,4)-1;print \$d" +SERIAL=`/usr/bin/env perl -e "$GETSERIAL"` + +echo SERIAL=$SERIAL PREFIX=$PREFIX DURATION=$DURATION KEYSIZE=$KEYSIZE + +echo "openssl req -config $PREFIX-ca.prm -newkey rsa:$KEYSIZE -keyout $PREFIX-ca.key -out $PREFIX-ca.csr" +$OPENSSL req -config $PREFIX-ca.prm -newkey rsa:$KEYSIZE -keyout $PREFIX-ca.key -out $PREFIX-ca.csr + +echo "openssl x509 -set_serial $SERIAL -extfile $PREFIX-ca.prm -days $DURATION -req -signkey $PREFIX-ca.key -in $PREFIX-ca.csr -out $PREFIX-$SERIAL.ca-cacert -sha1 " + +$OPENSSL x509 -set_serial $SERIAL -extfile $PREFIX-ca.prm -days $DURATION -req -signkey $PREFIX-ca.key -in $PREFIX-ca.csr -out $PREFIX-$SERIAL-ca.cacert -sha1 + +echo "openssl x509 -text -hash -out $PREFIX-ca.cacert -in $PREFIX-$SERIAL-ca.cacert -nameopt multiline" +$OPENSSL x509 -text -hash -out $PREFIX-ca.cacert -in $PREFIX-$SERIAL-ca.cacert -nameopt multiline + +echo "openssl x509 -in $PREFIX-ca.cacert -outform der -out $PREFIX-ca.der " +$OPENSSL x509 -in $PREFIX-ca.cacert -outform der -out $PREFIX-ca.der + +echo "openssl x509 -in $PREFIX-ca.cacert -text -out $PREFIX-ca.crt -nameopt multiline" + +$OPENSSL x509 -in $PREFIX-ca.cacert -text -out $PREFIX-ca.crt -nameopt multiline + +echo "openssl x509 -noout -text -in $PREFIX-ca.cacert -nameopt multiline" +$OPENSSL x509 -noout -text -in $PREFIX-ca.cacert -nameopt multiline + +#$OPENSSL rsa -in ../keys/$PREFIX-ca.key -text -noout -pubout diff --git a/tests/certs/scripts/genserv.sh b/tests/certs/scripts/genserv.sh new file mode 100755 index 000000000..13caf1a6a --- /dev/null +++ b/tests/certs/scripts/genserv.sh @@ -0,0 +1,106 @@ +#!/bin/bash + +# (c) CopyRight EdelWeb for EdelKey and OpenEvidence, 2000-2004, 2009 +# Author: Peter Sylvester + +# "libre" for integration with curl + +OPENSSL=openssl +if [ -f /usr/local/ssl/bin/openssl ] ; then + OPENSSL=/usr/local/ssl/bin/openssl +fi + +USAGE="echo Usage is genserv.sh <prefix> <caprefix>" + +HOME=`pwd` +cd $HOME + +KEYSIZE=1024 +DURATION=3000 + +REQ=YES +P12=NO +DHP=NO + +PREFIX=$1 +if [ ".$PREFIX" = . ] ; then + echo No configuration prefix + NOTOK=1 +else + if [ ! -f $PREFIX-sv.prm ] ; then + echo No configuration file $PREFIX-sv.prm + NOTOK=1 + fi +fi + +CAPREFIX=$2 +if [ ".$CAPREFIX" = . ] ; then + echo No CA prefix + NOTOK=1 +else + if [ ! -f $CAPREFIX-ca.cacert ] ; then + echo No CA certficate file $PREFIX-ca.caert + NOTOK=1 + fi + if [ ! -f $CAPREFIX-ca.key ] ; then + echo No $CAPREFIX key + NOTOK=1 + fi +fi + +if [ ".$NOTOK" != . ] ; then + echo "Sorry, I can't do that for you." + $USAGE + exit +fi + +if [ ".$SERIAL" = . ] ; then + GETSERIAL="\$t = time ;\$d = \$t . substr(\$t+$$ ,-4,4)-1;print \$d" + SERIAL=`/usr/bin/env perl -e "$GETSERIAL"` +fi + +echo SERIAL=$SERIAL PREFIX=$PREFIX CAPREFIX=$CAPREFIX DURATION=$DURATION KEYSIZE=$KEYSIZE + +if [ "$DHP." = YES. ] ; then + echo "openssl dhparam -2 -out $PREFIX-sv.dhp $KEYSIZE" + $OPENSSL dhparam -2 -out $PREFIX-sv.dhp $KEYSIZE +fi + +if [ "$REQ." = YES. ] ; then + echo "openssl req -config $PREFIX-sv.prm -newkey rsa:$KEYSIZE -keyout $PREFIX-sv.key -out $PREFIX-sv.csr -passout XXX" + $OPENSSL req -config $PREFIX-sv.prm -newkey rsa:$KEYSIZE -keyout $PREFIX-sv.key -out $PREFIX-sv.csr -passout pass:secret +fi + +echo "openssl rsa -in $PREFIX-sv.key -out $PREFIX-sv.key" +$OPENSSL rsa -in $PREFIX-sv.key -out $PREFIX-sv.key -passin pass:secret +echo pseudo secrets generated +read + +echo "openssl x509 -set_serial $SERIAL -extfile $PREFIX-sv.prm -days $DURATION -CA $CAPREFIX-ca.cacert -CAkey $CAPREFIX-ca.key -in $PREFIX-sv.csr -req -out $PREFIX-sv.crt -text -nameopt multiline -sha1" + +$OPENSSL x509 -set_serial $SERIAL -extfile $PREFIX-sv.prm -days $DURATION -CA $CAPREFIX-ca.cacert -CAkey $CAPREFIX-ca.key -in $PREFIX-sv.csr -req -out $PREFIX-sv.crt -text -nameopt multiline -sha1 + +if [ "$P12." = YES. ] ; then + + echo "$OPENSSL pkcs12 -export -des3 -out $PREFIX-sv.p12 -caname $CAPREFIX -name $PREFIX -inkey $PREFIX-sv.key -in $PREFIX-sv.crt -certfile $CAPREFIX-ca.crt " + + $OPENSSL pkcs12 -export -des3 -out $PREFIX-sv.p12 -caname $CAPREFIX -name $PREFIX -inkey $PREFIX-sv.key -in $PREFIX-sv.crt -certfile $CAPREFIX-ca.crt + + read +fi + +echo "openssl x509 -noout -text -hash -in $PREFIX-sv.selfcert -nameopt multiline" +$OPENSSL x509 -noout -text -hash -in $PREFIX-sv.crt -nameopt multiline + +echo "openssl x509 -in $PREFIX-sv.crt -outform der -out $PREFIX-sv.der " +$OPENSSL x509 -in $PREFIX-sv.crt -outform der -out $PREFIX-sv.der +read + +# all together now +touch $PREFIX-sv.dhp +cat $PREFIX-sv.prm $PREFIX-sv.key $PREFIX-sv.crt $PREFIX-sv.dhp >$PREFIX-sv.pem +chmod o-r $PREFIX-sv.prm + +echo "$PREFIX-sv.pem done" + + diff --git a/tests/data/test310 b/tests/data/test310 new file mode 100644 index 000000000..005f71310 --- /dev/null +++ b/tests/data/test310 @@ -0,0 +1,52 @@ +<testcase> +<info> +<keywords> +HTTPS +HTTP GET +</keywords> +</info> + +# +# Server-side +<reply> +<data> +HTTP/1.1 200 OK +Date: Thu, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Content-Length: 7 + +MooMoo +</data> +</reply> + +# +# Client-side +<client> +<features> +SSL +</features> +<server> +https Server-localhost-sv.pem +</server> + <name> +simple HTTPS GET + </name> + <command> +--cacert certs/EdelCurlRoot-ca.crt https://localhost:%HTTPSPORT/310 +</command> +</client> + +# +# Verify data after the test has been "shot" +<verify> +<strip> +^User-Agent:.* +</strip> +<protocol> +GET /310 HTTP/1.1
+Host: localhost:%HTTPSPORT
+Accept: */*
+
+</protocol> +</verify> +</testcase> diff --git a/tests/data/test311 b/tests/data/test311 new file mode 100644 index 000000000..cd51fff74 --- /dev/null +++ b/tests/data/test311 @@ -0,0 +1,38 @@ +<testcase> +<info> +<keywords> +HTTPS +HTTP GET +</keywords> +</info> + +# +# Server-side +<reply> +</reply> + +# +# Client-side +<client> +<features> +SSL +</features> +<server> +https Server-localhost0h-sv.pem +</server> + <name> +HTTPS wrong subjectAltName but right CN + </name> + <command> +--cacert certs/EdelCurlRoot-ca.crt https://localhost:%HTTPSPORT/311 +</command> +</client> + +# +# Verify data after the test has been "shot" +<verify> +<errorcode> +51 +</errorcode> +</verify> +</testcase> diff --git a/tests/data/test312 b/tests/data/test312 new file mode 100644 index 000000000..5adb1e352 --- /dev/null +++ b/tests/data/test312 @@ -0,0 +1,38 @@ +<testcase> +<info> +<keywords> +HTTPS +HTTP GET +</keywords> +</info> + +# +# Server-side +<reply> +</reply> + +# +# Client-side +<client> +<features> +SSL +</features> +<server> +https Server-localhost.nn-sv.pem +</server> + <name> +HTTPS GET to localhost and null-prefixed CN cert + </name> + <command> +--cacert certs/EdelCurlRoot-ca.crt https://localhost:%HTTPSPORT/312 +</command> +</client> + +# +# Verify data after the test has been "shot" +<verify> +<errorcode> +51 +</errorcode> +</verify> +</testcase> diff --git a/tests/httpsserver.pl b/tests/httpsserver.pl index fa9fde5db..e20819c69 100644 --- a/tests/httpsserver.pl +++ b/tests/httpsserver.pl @@ -28,6 +28,8 @@ my $srcdir=$path; my $proto='https'; +my $stuncert; + while(@ARGV) { if($ARGV[0] eq "-v") { $verbose=1; @@ -51,6 +53,10 @@ while(@ARGV) { $srcdir=$ARGV[1]; shift @ARGV; } + elsif($ARGV[0] eq "-c") { + $stuncert=$ARGV[1]; + shift @ARGV; + } elsif($ARGV[0] =~ /^(\d+)$/) { $port = $1; } @@ -58,7 +64,9 @@ while(@ARGV) { }; my $conffile="$path/stunnel.conf"; # stunnel configuration data -my $certfile="$srcdir/stunnel.pem"; # stunnel server certificate +my $certfile="$srcdir/" + . ($stuncert?"certs/$stuncert":"stunnel.pem"); # stunnel server certificate + my $pidfile="$path/.$proto.pid"; # stunnel process pid file # find out version info for the given stunnel binary @@ -107,6 +115,19 @@ else { if($verbose) { print uc($proto)." server: $cmd\n"; + + print " + CApath = $path + cert = $certfile + pid = $pidfile + debug = 0 + output = /dev/null + foreground = yes + + [curltest] + accept = $port + connect = $target_port + "; } my $rc = system($cmd); diff --git a/tests/runtests.pl b/tests/runtests.pl index 2b6dda8fa..be20a63ab 100755 --- a/tests/runtests.pl +++ b/tests/runtests.pl @@ -878,7 +878,7 @@ sub runhttpserver { # start the https server (or rather, tunnel) # sub runhttpsserver { - my ($verbose, $ipv6) = @_; + my ($verbose, $ipv6, $parm) = @_; my $STATUS; my $RUNNING; my $ip = $HOSTIP; @@ -906,6 +906,7 @@ sub runhttpsserver { unlink($pidfile); my $flag=$debugprotocol?"-v ":""; + $flag .= " -c $parm" if ($parm); my $cmd="$perl $srcdir/httpsserver.pl $flag -p https -s \"$stunnel\" -d $srcdir -r $HTTPPORT $HTTPSPORT"; my ($httpspid, $pid2) = startnew($cmd, $pidfile, 15, 0); @@ -2541,8 +2542,10 @@ sub startservers { my @what = @_; my ($pid, $pid2); for(@what) { - my $what = lc($_); + my (@whatlist) = split(/\s+/,$_); + my $what = lc($whatlist[0]); $what =~ s/[^a-z0-9-]//g; + if($what eq "ftp") { if(!$run{'ftp'}) { ($pid, $pid2) = runftpserver("", $verbose); @@ -2644,8 +2647,8 @@ sub startservers { printf ("* pid http => %d %d\n", $pid, $pid2) if($verbose); $run{'http'}="$pid $pid2"; } - if(!$run{'https'}) { - ($pid, $pid2) = runhttpsserver($verbose); + if(1 || !$run{'https'}) { # QD to restart always conf file may change + ($pid, $pid2) = runhttpsserver($verbose,"",$whatlist[1]); if($pid <= 0) { return "failed starting HTTPS server (stunnel)"; } @@ -2743,6 +2746,7 @@ sub serverfortest { for (@what) { my $proto = lc($_); chomp $proto; + $proto =~ s/\s.*//g; # take first word if (! grep /^$proto$/, @protocols) { if (substr($proto,0,5) ne "socks") { return "curl lacks $proto support"; |