mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-29 07:54:27 +01:00
- Changed certificate verify behaviour to comply with RFC 6125 section 6.3 to not match CN if subjectAltName extension is present.
This commit is contained in:
parent
d14cd35ece
commit
4d2c1243b1
@ -24,6 +24,8 @@ Changes
|
|||||||
* Fixed const-correctness mpi_get_bit()
|
* Fixed const-correctness mpi_get_bit()
|
||||||
* Documentation for mpi_lsb() and mpi_msb()
|
* Documentation for mpi_lsb() and mpi_msb()
|
||||||
* Moved out_msg to out_hdr + 32 to support hardware acceleration
|
* Moved out_msg to out_hdr + 32 to support hardware acceleration
|
||||||
|
* Changed certificate verify behaviour to comply with RFC 6125 section 6.3
|
||||||
|
to not match CN if subjectAltName extension is present.
|
||||||
|
|
||||||
Bugfix
|
Bugfix
|
||||||
* Fixed handling error in mpi_cmp_mpi() on longer B values (found by
|
* Fixed handling error in mpi_cmp_mpi() on longer B values (found by
|
||||||
|
@ -3034,6 +3034,28 @@ int x509parse_verify( x509_cert *crt,
|
|||||||
name = &crt->subject;
|
name = &crt->subject;
|
||||||
cn_len = strlen( cn );
|
cn_len = strlen( cn );
|
||||||
|
|
||||||
|
if( crt->ext_types & EXT_SUBJECT_ALT_NAME )
|
||||||
|
{
|
||||||
|
cur = &crt->subject_alt_names;
|
||||||
|
|
||||||
|
while( cur != NULL )
|
||||||
|
{
|
||||||
|
if( memcmp( cn, cur->buf.p, cn_len ) == 0 &&
|
||||||
|
cur->buf.len == cn_len )
|
||||||
|
break;
|
||||||
|
|
||||||
|
if( memcmp( cur->buf.p, "*.", 2 ) == 0 &&
|
||||||
|
x509_wildcard_verify( cn, &cur->buf ) )
|
||||||
|
break;
|
||||||
|
|
||||||
|
cur = cur->next;
|
||||||
|
}
|
||||||
|
|
||||||
|
if( cur == NULL )
|
||||||
|
*flags |= BADCERT_CN_MISMATCH;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
while( name != NULL )
|
while( name != NULL )
|
||||||
{
|
{
|
||||||
if( memcmp( name->oid.p, OID_CN, 3 ) == 0 )
|
if( memcmp( name->oid.p, OID_CN, 3 ) == 0 )
|
||||||
@ -3051,26 +3073,6 @@ int x509parse_verify( x509_cert *crt,
|
|||||||
}
|
}
|
||||||
|
|
||||||
if( name == NULL )
|
if( name == NULL )
|
||||||
{
|
|
||||||
if( crt->ext_types & EXT_SUBJECT_ALT_NAME )
|
|
||||||
{
|
|
||||||
cur = &crt->subject_alt_names;
|
|
||||||
|
|
||||||
while( cur != NULL )
|
|
||||||
{
|
|
||||||
if( memcmp( cn, cur->buf.p, cn_len ) == 0 &&
|
|
||||||
cur->buf.len == cn_len )
|
|
||||||
break;
|
|
||||||
|
|
||||||
if( memcmp( cur->buf.p, "*.", 2 ) == 0 &&
|
|
||||||
x509_wildcard_verify( cn, &cur->buf ) )
|
|
||||||
break;
|
|
||||||
|
|
||||||
cur = cur->next;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if( cur == NULL )
|
|
||||||
*flags |= BADCERT_CN_MISMATCH;
|
*flags |= BADCERT_CN_MISMATCH;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1,12 +1,12 @@
|
|||||||
Certificate:
|
Certificate:
|
||||||
Data:
|
Data:
|
||||||
Version: 3 (0x2)
|
Version: 3 (0x2)
|
||||||
Serial Number: 16 (0x10)
|
Serial Number: 17 (0x11)
|
||||||
Signature Algorithm: sha1WithRSAEncryption
|
Signature Algorithm: sha1WithRSAEncryption
|
||||||
Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
|
Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
|
||||||
Validity
|
Validity
|
||||||
Not Before: Feb 11 17:25:55 2012 GMT
|
Not Before: May 10 13:23:41 2012 GMT
|
||||||
Not After : Feb 11 17:25:55 2022 GMT
|
Not After : May 11 13:23:41 2022 GMT
|
||||||
Subject: C=NL, O=PolarSSL, CN=www.example.com
|
Subject: C=NL, O=PolarSSL, CN=www.example.com
|
||||||
Subject Public Key Info:
|
Subject Public Key Info:
|
||||||
Public Key Algorithm: rsaEncryption
|
Public Key Algorithm: rsaEncryption
|
||||||
@ -40,27 +40,27 @@ Certificate:
|
|||||||
keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
|
keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
|
||||||
|
|
||||||
X509v3 Subject Alternative Name:
|
X509v3 Subject Alternative Name:
|
||||||
DNS:www.example.com, DNS:example.com, DNS:example.net, DNS:*.example.org
|
DNS:example.com, DNS:example.net, DNS:*.example.org
|
||||||
Signature Algorithm: sha1WithRSAEncryption
|
Signature Algorithm: sha1WithRSAEncryption
|
||||||
09:0b:61:f4:8d:b9:78:18:47:48:f0:5f:0c:d6:67:4f:66:fe:
|
4f:09:cb:7a:d5:ee:f5:ef:62:0d:dc:7b:a2:85:d6:8c:ca:95:
|
||||||
fd:51:6f:8e:9b:75:c0:1c:d1:73:dc:50:64:41:c7:99:2d:31:
|
b4:6b:da:11:5b:92:00:75:13:b9:ca:0b:ce:ea:fb:c3:1f:e2:
|
||||||
47:51:6a:3a:44:1f:69:a8:6b:e6:e0:d8:81:9f:82:b9:02:5b:
|
3f:7f:21:74:79:e2:e6:bc:da:06:e5:2f:6f:f6:55:c6:73:39:
|
||||||
80:cf:fe:aa:a6:fe:73:f4:20:66:11:3d:e9:aa:69:97:30:49:
|
cf:48:bc:0d:2f:0c:d2:7a:06:c3:4a:4c:d9:48:5d:a0:d0:73:
|
||||||
d1:7e:04:63:66:7c:51:6a:c1:1e:e8:96:9d:2a:f2:2e:97:2d:
|
89:e4:d4:85:1d:96:9a:0e:57:99:c6:6f:1d:21:27:1f:8d:05:
|
||||||
1c:66:da:bc:39:1b:19:42:a2:01:85:69:59:93:b6:bd:af:bf:
|
29:e8:40:ae:82:39:68:c3:97:07:cf:3c:93:4c:1a:df:2f:a6:
|
||||||
95:f0:40:d5:6c:b7:27:b7:99:bb:c6:ed:f5:ad:fe:81:be:4e:
|
a4:55:48:7f:7c:8c:1a:c9:22:da:24:cd:92:39:c6:8a:ec:b0:
|
||||||
9b:6e:e3:b9:10:0d:21:c9:2f:e7:fe:34:32:96:64:a2:19:23:
|
8d:f5:69:82:67:cb:04:ee:de:53:41:96:c1:27:dc:2f:fe:33:
|
||||||
89:87:c6:4a:7f:65:c7:76:21:83:8b:bb:77:a3:1e:52:0a:25:
|
fa:d3:0e:b8:d4:32:a9:84:28:53:a5:f0:d1:89:d5:a2:98:e7:
|
||||||
68:c2:2c:1f:1f:e6:cb:c1:35:a6:df:1b:05:05:77:3f:40:92:
|
16:91:bb:9c:c0:41:8e:8c:58:ac:ff:e3:dd:2e:7a:ab:b0:b9:
|
||||||
10:ac:cb:1a:c3:25:cd:21:56:7e:99:f7:a3:93:b3:18:77:69:
|
71:76:ad:0f:27:33:f7:a9:29:d3:c0:76:c0:bf:06:40:7c:0e:
|
||||||
22:e0:ee:cd:97:92:34:37:48:b3:fe:c5:6f:f8:25:29:3d:6c:
|
d5:a4:7c:8a:e2:32:6e:16:ae:da:64:1f:b0:55:7c:db:dd:f1:
|
||||||
50:73:47:8f:4d:13:55:3b:c8:69:be:5d:8f:a8:26:f6:c5:47:
|
a4:ba:44:7c:b3:99:58:d2:34:6e:00:ea:97:6c:14:3a:f2:10:
|
||||||
4d:b9:ee:95:ce:b8:29:59:e6:6a:e2:ce:9b:01:ef:0a:18:62:
|
1e:0a:a2:49:10:76:01:f4:f2:c8:18:fd:cc:63:46:12:8b:09:
|
||||||
40:46:ed:3b
|
1b:f1:94:e6
|
||||||
-----BEGIN CERTIFICATE-----
|
-----BEGIN CERTIFICATE-----
|
||||||
MIIDhDCCAmygAwIBAgIBEDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
|
MIIDcjCCAlqgAwIBAgIBETANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
|
||||||
MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
|
MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
|
||||||
MTIwMjExMTcyNTU1WhcNMjIwMjExMTcyNTU1WjA6MQswCQYDVQQGEwJOTDERMA8G
|
MTIwNTEwMTMyMzQxWhcNMjIwNTExMTMyMzQxWjA6MQswCQYDVQQGEwJOTDERMA8G
|
||||||
A1UEChMIUG9sYXJTU0wxGDAWBgNVBAMTD3d3dy5leGFtcGxlLmNvbTCCASIwDQYJ
|
A1UEChMIUG9sYXJTU0wxGDAWBgNVBAMTD3d3dy5leGFtcGxlLmNvbTCCASIwDQYJ
|
||||||
KoZIhvcNAQEBBQADggEPADCCAQoCggEBALk8SsXIo46QF6SeUqpxdSZhgOfHtW2M
|
KoZIhvcNAQEBBQADggEPADCCAQoCggEBALk8SsXIo46QF6SeUqpxdSZhgOfHtW2M
|
||||||
/6q2QSa3vhGtXHMWDGQRSAT/1uE7BduJu7OXCdUcFN1ohzmwPXHL4nbQGtgYLYAb
|
/6q2QSa3vhGtXHMWDGQRSAT/1uE7BduJu7OXCdUcFN1ohzmwPXHL4nbQGtgYLYAb
|
||||||
@ -68,13 +68,13 @@ VPblRJrxy69hLt9JDZ0Jt+2x/Tz9PPokz12/fORT5yW16kQi6SbT6iCUnuZhZ7ou
|
|||||||
B2cLAy+iCe3wM48LzhDvZ6TGCNrB7cI/10rdFT35XhyBYEY+tbM9L6beRxy8kq7r
|
B2cLAy+iCe3wM48LzhDvZ6TGCNrB7cI/10rdFT35XhyBYEY+tbM9L6beRxy8kq7r
|
||||||
3ydrFla33OzRVVelbux1JfW3e9+r0jpakZh9lxcLEwqna0qLwUcw+zr4QQTVwd+4
|
3ydrFla33OzRVVelbux1JfW3e9+r0jpakZh9lxcLEwqna0qLwUcw+zr4QQTVwd+4
|
||||||
Hb97AaVlouAeNremXMwwWvjNb83xGWIlygHjNX/6IPXc/WmyagB9F/cCAwEAAaOB
|
Hb97AaVlouAeNremXMwwWvjNb83xGWIlygHjNX/6IPXc/WmyagB9F/cCAwEAAaOB
|
||||||
kzCBkDAJBgNVHRMEAjAAMB0GA1UdDgQWBBR95Jxr5vlxfUbSEj2tax39wqp4TDAf
|
gTB/MAkGA1UdEwQCMAAwHQYDVR0OBBYEFH3knGvm+XF9RtISPa1rHf3CqnhMMB8G
|
||||||
BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zBDBgNVHREEPDA6gg93d3cu
|
A1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MDIGA1UdEQQrMCmCC2V4YW1w
|
||||||
ZXhhbXBsZS5jb22CC2V4YW1wbGUuY29tggtleGFtcGxlLm5ldIINKi5leGFtcGxl
|
bGUuY29tggtleGFtcGxlLm5ldIINKi5leGFtcGxlLm9yZzANBgkqhkiG9w0BAQUF
|
||||||
Lm9yZzANBgkqhkiG9w0BAQUFAAOCAQEACQth9I25eBhHSPBfDNZnT2b+/VFvjpt1
|
AAOCAQEATwnLetXu9e9iDdx7ooXWjMqVtGvaEVuSAHUTucoLzur7wx/iP38hdHni
|
||||||
wBzRc9xQZEHHmS0xR1FqOkQfaahr5uDYgZ+CuQJbgM/+qqb+c/QgZhE96applzBJ
|
5rzaBuUvb/ZVxnM5z0i8DS8M0noGw0pM2UhdoNBzieTUhR2Wmg5XmcZvHSEnH40F
|
||||||
0X4EY2Z8UWrBHuiWnSryLpctHGbavDkbGUKiAYVpWZO2va+/lfBA1Wy3J7eZu8bt
|
KehAroI5aMOXB888k0wa3y+mpFVIf3yMGski2iTNkjnGiuywjfVpgmfLBO7eU0GW
|
||||||
9a3+gb5Om27juRANIckv5/40MpZkohkjiYfGSn9lx3Yhg4u7d6MeUgolaMIsHx/m
|
wSfcL/4z+tMOuNQyqYQoU6Xw0YnVopjnFpG7nMBBjoxYrP/j3S56q7C5cXatDycz
|
||||||
y8E1pt8bBQV3P0CSEKzLGsMlzSFWfpn3o5OzGHdpIuDuzZeSNDdIs/7Fb/glKT1s
|
96kp08B2wL8GQHwO1aR8iuIybhau2mQfsFV8293xpLpEfLOZWNI0bgDql2wUOvIQ
|
||||||
UHNHj00TVTvIab5dj6gm9sVHTbnulc64KVnmauLOmwHvChhiQEbtOw==
|
HgqiSRB2AfTyyBj9zGNGEosJG/GU5g==
|
||||||
-----END CERTIFICATE-----
|
-----END CERTIFICATE-----
|
||||||
|
@ -63,7 +63,7 @@ openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_example_
|
|||||||
|
|
||||||
cat sslconf.txt > sslconf_use.txt;echo "CN=www.example.com" >> sslconf_use.txt
|
cat sslconf.txt > sslconf_use.txt;echo "CN=www.example.com" >> sslconf_use.txt
|
||||||
echo "[ v3_req ]" >> sslconf_use.txt
|
echo "[ v3_req ]" >> sslconf_use.txt
|
||||||
echo "subjectAltName = \"DNS:www.example.com,DNS:example.com,DNS:example.net,DNS:*.example.org\"" >> sslconf_use.txt
|
echo "subjectAltName = \"DNS:example.com,DNS:example.net,DNS:*.example.org\"" >> sslconf_use.txt
|
||||||
openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_example_multi.req -reqexts "v3_req"
|
openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_example_multi.req -reqexts "v3_req"
|
||||||
|
|
||||||
echo "Signing requests"
|
echo "Signing requests"
|
||||||
|
@ -14,3 +14,4 @@ V 220207160636Z 0D unknown /C=NL/O=PolarSSL/CN=example.com
|
|||||||
V 220207160636Z 0E unknown /C=NL/O=PolarSSL/CN=www.example.com
|
V 220207160636Z 0E unknown /C=NL/O=PolarSSL/CN=www.example.com
|
||||||
V 220207160636Z 0F unknown /C=NL/O=PolarSSL/CN=www.example.com
|
V 220207160636Z 0F unknown /C=NL/O=PolarSSL/CN=www.example.com
|
||||||
V 220211172555Z 10 unknown /C=NL/O=PolarSSL/CN=www.example.com
|
V 220211172555Z 10 unknown /C=NL/O=PolarSSL/CN=www.example.com
|
||||||
|
V 220511132341Z 11 unknown /C=NL/O=PolarSSL/CN=www.example.com
|
||||||
|
80
programs/ssl/test-ca/newcerts/11.pem
Normal file
80
programs/ssl/test-ca/newcerts/11.pem
Normal file
@ -0,0 +1,80 @@
|
|||||||
|
Certificate:
|
||||||
|
Data:
|
||||||
|
Version: 3 (0x2)
|
||||||
|
Serial Number: 17 (0x11)
|
||||||
|
Signature Algorithm: sha1WithRSAEncryption
|
||||||
|
Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
|
||||||
|
Validity
|
||||||
|
Not Before: May 10 13:23:41 2012 GMT
|
||||||
|
Not After : May 11 13:23:41 2022 GMT
|
||||||
|
Subject: C=NL, O=PolarSSL, CN=www.example.com
|
||||||
|
Subject Public Key Info:
|
||||||
|
Public Key Algorithm: rsaEncryption
|
||||||
|
Public-Key: (2048 bit)
|
||||||
|
Modulus:
|
||||||
|
00:b9:3c:4a:c5:c8:a3:8e:90:17:a4:9e:52:aa:71:
|
||||||
|
75:26:61:80:e7:c7:b5:6d:8c:ff:aa:b6:41:26:b7:
|
||||||
|
be:11:ad:5c:73:16:0c:64:11:48:04:ff:d6:e1:3b:
|
||||||
|
05:db:89:bb:b3:97:09:d5:1c:14:dd:68:87:39:b0:
|
||||||
|
3d:71:cb:e2:76:d0:1a:d8:18:2d:80:1b:54:f6:e5:
|
||||||
|
44:9a:f1:cb:af:61:2e:df:49:0d:9d:09:b7:ed:b1:
|
||||||
|
fd:3c:fd:3c:fa:24:cf:5d:bf:7c:e4:53:e7:25:b5:
|
||||||
|
ea:44:22:e9:26:d3:ea:20:94:9e:e6:61:67:ba:2e:
|
||||||
|
07:67:0b:03:2f:a2:09:ed:f0:33:8f:0b:ce:10:ef:
|
||||||
|
67:a4:c6:08:da:c1:ed:c2:3f:d7:4a:dd:15:3d:f9:
|
||||||
|
5e:1c:81:60:46:3e:b5:b3:3d:2f:a6:de:47:1c:bc:
|
||||||
|
92:ae:eb:df:27:6b:16:56:b7:dc:ec:d1:55:57:a5:
|
||||||
|
6e:ec:75:25:f5:b7:7b:df:ab:d2:3a:5a:91:98:7d:
|
||||||
|
97:17:0b:13:0a:a7:6b:4a:8b:c1:47:30:fb:3a:f8:
|
||||||
|
41:04:d5:c1:df:b8:1d:bf:7b:01:a5:65:a2:e0:1e:
|
||||||
|
36:b7:a6:5c:cc:30:5a:f8:cd:6f:cd:f1:19:62:25:
|
||||||
|
ca:01:e3:35:7f:fa:20:f5:dc:fd:69:b2:6a:00:7d:
|
||||||
|
17:f7
|
||||||
|
Exponent: 65537 (0x10001)
|
||||||
|
X509v3 extensions:
|
||||||
|
X509v3 Basic Constraints:
|
||||||
|
CA:FALSE
|
||||||
|
X509v3 Subject Key Identifier:
|
||||||
|
7D:E4:9C:6B:E6:F9:71:7D:46:D2:12:3D:AD:6B:1D:FD:C2:AA:78:4C
|
||||||
|
X509v3 Authority Key Identifier:
|
||||||
|
keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
|
||||||
|
|
||||||
|
X509v3 Subject Alternative Name:
|
||||||
|
DNS:example.com, DNS:example.net, DNS:*.example.org
|
||||||
|
Signature Algorithm: sha1WithRSAEncryption
|
||||||
|
4f:09:cb:7a:d5:ee:f5:ef:62:0d:dc:7b:a2:85:d6:8c:ca:95:
|
||||||
|
b4:6b:da:11:5b:92:00:75:13:b9:ca:0b:ce:ea:fb:c3:1f:e2:
|
||||||
|
3f:7f:21:74:79:e2:e6:bc:da:06:e5:2f:6f:f6:55:c6:73:39:
|
||||||
|
cf:48:bc:0d:2f:0c:d2:7a:06:c3:4a:4c:d9:48:5d:a0:d0:73:
|
||||||
|
89:e4:d4:85:1d:96:9a:0e:57:99:c6:6f:1d:21:27:1f:8d:05:
|
||||||
|
29:e8:40:ae:82:39:68:c3:97:07:cf:3c:93:4c:1a:df:2f:a6:
|
||||||
|
a4:55:48:7f:7c:8c:1a:c9:22:da:24:cd:92:39:c6:8a:ec:b0:
|
||||||
|
8d:f5:69:82:67:cb:04:ee:de:53:41:96:c1:27:dc:2f:fe:33:
|
||||||
|
fa:d3:0e:b8:d4:32:a9:84:28:53:a5:f0:d1:89:d5:a2:98:e7:
|
||||||
|
16:91:bb:9c:c0:41:8e:8c:58:ac:ff:e3:dd:2e:7a:ab:b0:b9:
|
||||||
|
71:76:ad:0f:27:33:f7:a9:29:d3:c0:76:c0:bf:06:40:7c:0e:
|
||||||
|
d5:a4:7c:8a:e2:32:6e:16:ae:da:64:1f:b0:55:7c:db:dd:f1:
|
||||||
|
a4:ba:44:7c:b3:99:58:d2:34:6e:00:ea:97:6c:14:3a:f2:10:
|
||||||
|
1e:0a:a2:49:10:76:01:f4:f2:c8:18:fd:cc:63:46:12:8b:09:
|
||||||
|
1b:f1:94:e6
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDcjCCAlqgAwIBAgIBETANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
|
||||||
|
MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
|
||||||
|
MTIwNTEwMTMyMzQxWhcNMjIwNTExMTMyMzQxWjA6MQswCQYDVQQGEwJOTDERMA8G
|
||||||
|
A1UEChMIUG9sYXJTU0wxGDAWBgNVBAMTD3d3dy5leGFtcGxlLmNvbTCCASIwDQYJ
|
||||||
|
KoZIhvcNAQEBBQADggEPADCCAQoCggEBALk8SsXIo46QF6SeUqpxdSZhgOfHtW2M
|
||||||
|
/6q2QSa3vhGtXHMWDGQRSAT/1uE7BduJu7OXCdUcFN1ohzmwPXHL4nbQGtgYLYAb
|
||||||
|
VPblRJrxy69hLt9JDZ0Jt+2x/Tz9PPokz12/fORT5yW16kQi6SbT6iCUnuZhZ7ou
|
||||||
|
B2cLAy+iCe3wM48LzhDvZ6TGCNrB7cI/10rdFT35XhyBYEY+tbM9L6beRxy8kq7r
|
||||||
|
3ydrFla33OzRVVelbux1JfW3e9+r0jpakZh9lxcLEwqna0qLwUcw+zr4QQTVwd+4
|
||||||
|
Hb97AaVlouAeNremXMwwWvjNb83xGWIlygHjNX/6IPXc/WmyagB9F/cCAwEAAaOB
|
||||||
|
gTB/MAkGA1UdEwQCMAAwHQYDVR0OBBYEFH3knGvm+XF9RtISPa1rHf3CqnhMMB8G
|
||||||
|
A1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MDIGA1UdEQQrMCmCC2V4YW1w
|
||||||
|
bGUuY29tggtleGFtcGxlLm5ldIINKi5leGFtcGxlLm9yZzANBgkqhkiG9w0BAQUF
|
||||||
|
AAOCAQEATwnLetXu9e9iDdx7ooXWjMqVtGvaEVuSAHUTucoLzur7wx/iP38hdHni
|
||||||
|
5rzaBuUvb/ZVxnM5z0i8DS8M0noGw0pM2UhdoNBzieTUhR2Wmg5XmcZvHSEnH40F
|
||||||
|
KehAroI5aMOXB888k0wa3y+mpFVIf3yMGski2iTNkjnGiuywjfVpgmfLBO7eU0GW
|
||||||
|
wSfcL/4z+tMOuNQyqYQoU6Xw0YnVopjnFpG7nMBBjoxYrP/j3S56q7C5cXatDycz
|
||||||
|
96kp08B2wL8GQHwO1aR8iuIybhau2mQfsFV8293xpLpEfLOZWNI0bgDql2wUOvIQ
|
||||||
|
HgqiSRB2AfTyyBj9zGNGEosJG/GU5g==
|
||||||
|
-----END CERTIFICATE-----
|
@ -1 +1 @@
|
|||||||
11
|
12
|
||||||
|
@ -1,12 +1,12 @@
|
|||||||
Certificate:
|
Certificate:
|
||||||
Data:
|
Data:
|
||||||
Version: 3 (0x2)
|
Version: 3 (0x2)
|
||||||
Serial Number: 16 (0x10)
|
Serial Number: 17 (0x11)
|
||||||
Signature Algorithm: sha1WithRSAEncryption
|
Signature Algorithm: sha1WithRSAEncryption
|
||||||
Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
|
Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
|
||||||
Validity
|
Validity
|
||||||
Not Before: Feb 11 17:25:55 2012 GMT
|
Not Before: May 10 13:23:41 2012 GMT
|
||||||
Not After : Feb 11 17:25:55 2022 GMT
|
Not After : May 11 13:23:41 2022 GMT
|
||||||
Subject: C=NL, O=PolarSSL, CN=www.example.com
|
Subject: C=NL, O=PolarSSL, CN=www.example.com
|
||||||
Subject Public Key Info:
|
Subject Public Key Info:
|
||||||
Public Key Algorithm: rsaEncryption
|
Public Key Algorithm: rsaEncryption
|
||||||
@ -40,27 +40,27 @@ Certificate:
|
|||||||
keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
|
keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
|
||||||
|
|
||||||
X509v3 Subject Alternative Name:
|
X509v3 Subject Alternative Name:
|
||||||
DNS:www.example.com, DNS:example.com, DNS:example.net, DNS:*.example.org
|
DNS:example.com, DNS:example.net, DNS:*.example.org
|
||||||
Signature Algorithm: sha1WithRSAEncryption
|
Signature Algorithm: sha1WithRSAEncryption
|
||||||
09:0b:61:f4:8d:b9:78:18:47:48:f0:5f:0c:d6:67:4f:66:fe:
|
4f:09:cb:7a:d5:ee:f5:ef:62:0d:dc:7b:a2:85:d6:8c:ca:95:
|
||||||
fd:51:6f:8e:9b:75:c0:1c:d1:73:dc:50:64:41:c7:99:2d:31:
|
b4:6b:da:11:5b:92:00:75:13:b9:ca:0b:ce:ea:fb:c3:1f:e2:
|
||||||
47:51:6a:3a:44:1f:69:a8:6b:e6:e0:d8:81:9f:82:b9:02:5b:
|
3f:7f:21:74:79:e2:e6:bc:da:06:e5:2f:6f:f6:55:c6:73:39:
|
||||||
80:cf:fe:aa:a6:fe:73:f4:20:66:11:3d:e9:aa:69:97:30:49:
|
cf:48:bc:0d:2f:0c:d2:7a:06:c3:4a:4c:d9:48:5d:a0:d0:73:
|
||||||
d1:7e:04:63:66:7c:51:6a:c1:1e:e8:96:9d:2a:f2:2e:97:2d:
|
89:e4:d4:85:1d:96:9a:0e:57:99:c6:6f:1d:21:27:1f:8d:05:
|
||||||
1c:66:da:bc:39:1b:19:42:a2:01:85:69:59:93:b6:bd:af:bf:
|
29:e8:40:ae:82:39:68:c3:97:07:cf:3c:93:4c:1a:df:2f:a6:
|
||||||
95:f0:40:d5:6c:b7:27:b7:99:bb:c6:ed:f5:ad:fe:81:be:4e:
|
a4:55:48:7f:7c:8c:1a:c9:22:da:24:cd:92:39:c6:8a:ec:b0:
|
||||||
9b:6e:e3:b9:10:0d:21:c9:2f:e7:fe:34:32:96:64:a2:19:23:
|
8d:f5:69:82:67:cb:04:ee:de:53:41:96:c1:27:dc:2f:fe:33:
|
||||||
89:87:c6:4a:7f:65:c7:76:21:83:8b:bb:77:a3:1e:52:0a:25:
|
fa:d3:0e:b8:d4:32:a9:84:28:53:a5:f0:d1:89:d5:a2:98:e7:
|
||||||
68:c2:2c:1f:1f:e6:cb:c1:35:a6:df:1b:05:05:77:3f:40:92:
|
16:91:bb:9c:c0:41:8e:8c:58:ac:ff:e3:dd:2e:7a:ab:b0:b9:
|
||||||
10:ac:cb:1a:c3:25:cd:21:56:7e:99:f7:a3:93:b3:18:77:69:
|
71:76:ad:0f:27:33:f7:a9:29:d3:c0:76:c0:bf:06:40:7c:0e:
|
||||||
22:e0:ee:cd:97:92:34:37:48:b3:fe:c5:6f:f8:25:29:3d:6c:
|
d5:a4:7c:8a:e2:32:6e:16:ae:da:64:1f:b0:55:7c:db:dd:f1:
|
||||||
50:73:47:8f:4d:13:55:3b:c8:69:be:5d:8f:a8:26:f6:c5:47:
|
a4:ba:44:7c:b3:99:58:d2:34:6e:00:ea:97:6c:14:3a:f2:10:
|
||||||
4d:b9:ee:95:ce:b8:29:59:e6:6a:e2:ce:9b:01:ef:0a:18:62:
|
1e:0a:a2:49:10:76:01:f4:f2:c8:18:fd:cc:63:46:12:8b:09:
|
||||||
40:46:ed:3b
|
1b:f1:94:e6
|
||||||
-----BEGIN CERTIFICATE-----
|
-----BEGIN CERTIFICATE-----
|
||||||
MIIDhDCCAmygAwIBAgIBEDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
|
MIIDcjCCAlqgAwIBAgIBETANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
|
||||||
MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
|
MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
|
||||||
MTIwMjExMTcyNTU1WhcNMjIwMjExMTcyNTU1WjA6MQswCQYDVQQGEwJOTDERMA8G
|
MTIwNTEwMTMyMzQxWhcNMjIwNTExMTMyMzQxWjA6MQswCQYDVQQGEwJOTDERMA8G
|
||||||
A1UEChMIUG9sYXJTU0wxGDAWBgNVBAMTD3d3dy5leGFtcGxlLmNvbTCCASIwDQYJ
|
A1UEChMIUG9sYXJTU0wxGDAWBgNVBAMTD3d3dy5leGFtcGxlLmNvbTCCASIwDQYJ
|
||||||
KoZIhvcNAQEBBQADggEPADCCAQoCggEBALk8SsXIo46QF6SeUqpxdSZhgOfHtW2M
|
KoZIhvcNAQEBBQADggEPADCCAQoCggEBALk8SsXIo46QF6SeUqpxdSZhgOfHtW2M
|
||||||
/6q2QSa3vhGtXHMWDGQRSAT/1uE7BduJu7OXCdUcFN1ohzmwPXHL4nbQGtgYLYAb
|
/6q2QSa3vhGtXHMWDGQRSAT/1uE7BduJu7OXCdUcFN1ohzmwPXHL4nbQGtgYLYAb
|
||||||
@ -68,13 +68,13 @@ VPblRJrxy69hLt9JDZ0Jt+2x/Tz9PPokz12/fORT5yW16kQi6SbT6iCUnuZhZ7ou
|
|||||||
B2cLAy+iCe3wM48LzhDvZ6TGCNrB7cI/10rdFT35XhyBYEY+tbM9L6beRxy8kq7r
|
B2cLAy+iCe3wM48LzhDvZ6TGCNrB7cI/10rdFT35XhyBYEY+tbM9L6beRxy8kq7r
|
||||||
3ydrFla33OzRVVelbux1JfW3e9+r0jpakZh9lxcLEwqna0qLwUcw+zr4QQTVwd+4
|
3ydrFla33OzRVVelbux1JfW3e9+r0jpakZh9lxcLEwqna0qLwUcw+zr4QQTVwd+4
|
||||||
Hb97AaVlouAeNremXMwwWvjNb83xGWIlygHjNX/6IPXc/WmyagB9F/cCAwEAAaOB
|
Hb97AaVlouAeNremXMwwWvjNb83xGWIlygHjNX/6IPXc/WmyagB9F/cCAwEAAaOB
|
||||||
kzCBkDAJBgNVHRMEAjAAMB0GA1UdDgQWBBR95Jxr5vlxfUbSEj2tax39wqp4TDAf
|
gTB/MAkGA1UdEwQCMAAwHQYDVR0OBBYEFH3knGvm+XF9RtISPa1rHf3CqnhMMB8G
|
||||||
BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zBDBgNVHREEPDA6gg93d3cu
|
A1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MDIGA1UdEQQrMCmCC2V4YW1w
|
||||||
ZXhhbXBsZS5jb22CC2V4YW1wbGUuY29tggtleGFtcGxlLm5ldIINKi5leGFtcGxl
|
bGUuY29tggtleGFtcGxlLm5ldIINKi5leGFtcGxlLm9yZzANBgkqhkiG9w0BAQUF
|
||||||
Lm9yZzANBgkqhkiG9w0BAQUFAAOCAQEACQth9I25eBhHSPBfDNZnT2b+/VFvjpt1
|
AAOCAQEATwnLetXu9e9iDdx7ooXWjMqVtGvaEVuSAHUTucoLzur7wx/iP38hdHni
|
||||||
wBzRc9xQZEHHmS0xR1FqOkQfaahr5uDYgZ+CuQJbgM/+qqb+c/QgZhE96applzBJ
|
5rzaBuUvb/ZVxnM5z0i8DS8M0noGw0pM2UhdoNBzieTUhR2Wmg5XmcZvHSEnH40F
|
||||||
0X4EY2Z8UWrBHuiWnSryLpctHGbavDkbGUKiAYVpWZO2va+/lfBA1Wy3J7eZu8bt
|
KehAroI5aMOXB888k0wa3y+mpFVIf3yMGski2iTNkjnGiuywjfVpgmfLBO7eU0GW
|
||||||
9a3+gb5Om27juRANIckv5/40MpZkohkjiYfGSn9lx3Yhg4u7d6MeUgolaMIsHx/m
|
wSfcL/4z+tMOuNQyqYQoU6Xw0YnVopjnFpG7nMBBjoxYrP/j3S56q7C5cXatDycz
|
||||||
y8E1pt8bBQV3P0CSEKzLGsMlzSFWfpn3o5OzGHdpIuDuzZeSNDdIs/7Fb/glKT1s
|
96kp08B2wL8GQHwO1aR8iuIybhau2mQfsFV8293xpLpEfLOZWNI0bgDql2wUOvIQ
|
||||||
UHNHj00TVTvIab5dj6gm9sVHTbnulc64KVnmauLOmwHvChhiQEbtOw==
|
HgqiSRB2AfTyyBj9zGNGEosJG/GU5g==
|
||||||
-----END CERTIFICATE-----
|
-----END CERTIFICATE-----
|
||||||
|
@ -246,9 +246,9 @@ X509 Certificate verification #23 (domain not matching wildcard certificate)
|
|||||||
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO
|
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO
|
||||||
x509_verify:"data_files/cert_example_wildcard.crt":"data_files/test-ca.crt":"data_files/crl.pem":"example.com":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_CN_MISMATCH:NULL
|
x509_verify:"data_files/cert_example_wildcard.crt":"data_files/test-ca.crt":"data_files/crl.pem":"example.com":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_CN_MISMATCH:NULL
|
||||||
|
|
||||||
X509 Certificate verification #24 (domain matching multi certificate)
|
X509 Certificate verification #24 (domain matching CN of multi certificate)
|
||||||
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO
|
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO
|
||||||
x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"www.example.com":0:0:NULL
|
x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"www.example.com":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_CN_MISMATCH:NULL
|
||||||
|
|
||||||
X509 Certificate verification #25 (domain matching multi certificate)
|
X509 Certificate verification #25 (domain matching multi certificate)
|
||||||
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO
|
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO
|
||||||
|
Loading…
Reference in New Issue
Block a user