yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-22 12:15:38 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merged support for multiple certificate/key pairs in SSL into

Browse Source 
development
This commit is contained in:
Paul Bakker 2013-09-25 18:03:58 +02:00
commit 8b817dc47e
59 changed files with 1135 additions and 622 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog
View File

@ -25,6 +25,8 @@ Features
* X509 Certificate writing with extensions (basic_constraints, * X509 Certificate writing with extensions (basic_constraints,
issuer_key_identifier, etc) issuer_key_identifier, etc)
* Optional blinding for RSA, DHM and EC * Optional blinding for RSA, DHM and EC
* Support for multiple active certificate / key pairs in SSL servers for
the same host (Not to be confused with SNI!)
Changes Changes
* Ability to enable / disable SSL v3 / TLS 1.0 / TLS 1.1 / TLS 1.2 * Ability to enable / disable SSL v3 / TLS 1.0 / TLS 1.1 / TLS 1.2

44
include/polarssl/certs.h
View File

@ -31,14 +31,44 @@
extern "C" { extern "C" {
#endif #endif
extern const char test_ca_crt[]; /* Concatenation of all available CA certificates */
extern const char test_ca_key[]; extern const char test_ca_list[];
extern const char test_ca_pwd[];
extern const char test_srv_crt[]; /*
extern const char test_srv_key[]; * Convenience for users who just want a certificate:
extern const char test_cli_crt[]; * RSA by default, or ECDSA if RSA i not available
extern const char test_cli_key[]; */
extern const char *test_ca_crt;
extern const char *test_ca_key;
extern const char *test_ca_pwd;
extern const char *test_srv_crt;
extern const char *test_srv_key;
extern const char *test_cli_crt;
extern const char *test_cli_key;
#if defined(POLARSSL_ECDSA_C)
extern const char test_ca_crt_ec[];
extern const char test_ca_key_ec[];
extern const char test_ca_pwd_ec[];
extern const char test_srv_crt_ec[];
extern const char test_srv_key_ec[];
extern const char test_cli_crt_ec[];
extern const char test_cli_key_ec[];
#endif
#if defined(POLARSSL_RSA_C)
extern const char test_ca_crt_rsa[];
extern const char test_ca_key_rsa[];
extern const char test_ca_pwd_rsa[];
extern const char test_srv_crt_rsa[];
extern const char test_srv_key_rsa[];
extern const char test_cli_crt_rsa[];
extern const char test_cli_key_rsa[];
#endif
#if defined(POLARSSL_DHM_C)
extern const char test_dhm_params[]; extern const char test_dhm_params[];
#endif
#ifdef __cplusplus #ifdef __cplusplus
} }

22
include/polarssl/config.h
View File

@ -286,7 +286,7 @@
* Enable the RSA-PSK based ciphersuite modes in SSL / TLS. * Enable the RSA-PSK based ciphersuite modes in SSL / TLS.
* (NOT YET IMPLEMENTED) * (NOT YET IMPLEMENTED)
* Requires: POLARSSL_RSA_C, POLARSSL_PKCS1_V15, * Requires: POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
* POLARSSL_X509_CRT_PARSE_C, POLARSSL_X509_CRL_PARSE_C * POLARSSL_X509_CRT_PARSE_C
* *
* This enables the following ciphersuites (if other requisites are * This enables the following ciphersuites (if other requisites are
* enabled as well): * enabled as well):
@ -307,7 +307,7 @@
* Enable the RSA-only based ciphersuite modes in SSL / TLS. * Enable the RSA-only based ciphersuite modes in SSL / TLS.
* *
* Requires: POLARSSL_RSA_C, POLARSSL_PKCS1_V15, * Requires: POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
* POLARSSL_X509_CRT_PARSE_C, POLARSSL_X509_CRL_PARSE_C * POLARSSL_X509_CRT_PARSE_C
* *
* This enables the following ciphersuites (if other requisites are * This enables the following ciphersuites (if other requisites are
* enabled as well): * enabled as well):
@ -333,7 +333,7 @@
* Enable the DHE-RSA based ciphersuite modes in SSL / TLS. * Enable the DHE-RSA based ciphersuite modes in SSL / TLS.
* *
* Requires: POLARSSL_DHM_C, POLARSSL_RSA_C, POLARSSL_PKCS1_V15, * Requires: POLARSSL_DHM_C, POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
* POLARSSL_X509_CRT_PARSE_C, POLARSSL_X509_CRL_PARSE_C * POLARSSL_X509_CRT_PARSE_C
* *
* This enables the following ciphersuites (if other requisites are * This enables the following ciphersuites (if other requisites are
* enabled as well): * enabled as well):
@ -355,7 +355,7 @@
* Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS. * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS.
* *
* Requires: POLARSSL_ECDH_C, POLARSSL_RSA_C, POLARSSL_PKCS1_V15, * Requires: POLARSSL_ECDH_C, POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
* POLARSSL_X509_CRT_PARSE_C, POLARSSL_X509_CRL_PARSE_C * POLARSSL_X509_CRT_PARSE_C
* *
* This enables the following ciphersuites (if other requisites are * This enables the following ciphersuites (if other requisites are
* enabled as well): * enabled as well):
@ -378,7 +378,6 @@
* Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS. * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS.
* *
* Requires: POLARSSL_ECDH_C, POLARSSL_ECDSA_C, POLARSSL_X509_CRT_PARSE_C, * Requires: POLARSSL_ECDH_C, POLARSSL_ECDSA_C, POLARSSL_X509_CRT_PARSE_C,
* POLARSSL_X509_CRL_PARSE_C
* *
* This enables the following ciphersuites (if other requisites are * This enables the following ciphersuites (if other requisites are
* enabled as well): * enabled as well):
@ -1683,34 +1682,31 @@
#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) && \ #if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) && \
( !defined(POLARSSL_DHM_C) || !defined(POLARSSL_RSA_C) || \ ( !defined(POLARSSL_DHM_C) || !defined(POLARSSL_RSA_C) || \
!defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_PKCS1_V15) || \ !defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_PKCS1_V15) )
!defined(POLARSSL_X509_CRL_PARSE_C) )
#error "POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED defined, but not all prerequisites" #error "POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED defined, but not all prerequisites"
#endif #endif
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \ #if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
( !defined(POLARSSL_ECDH_C) || !defined(POLARSSL_RSA_C) || \ ( !defined(POLARSSL_ECDH_C) || !defined(POLARSSL_RSA_C) || \
!defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_PKCS1_V15) || \ !defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_PKCS1_V15) )
!defined(POLARSSL_X509_CRL_PARSE_C) )
#error "POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites" #error "POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites"
#endif #endif
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \ #if defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \
( !defined(POLARSSL_ECDH_C) || !defined(POLARSSL_ECDSA_C) || \ ( !defined(POLARSSL_ECDH_C) || !defined(POLARSSL_ECDSA_C) || \
!defined(POLARSSL_X509_CRT_PARSE_C) || \ !defined(POLARSSL_X509_CRT_PARSE_C) )
!defined(POLARSSL_X509_CRL_PARSE_C) )
#error "POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites" #error "POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites"
#endif #endif
#if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED) && \ #if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED) && \
( !defined(POLARSSL_RSA_C) || !defined(POLARSSL_X509_CRT_PARSE_C) ||\ ( !defined(POLARSSL_RSA_C) || !defined(POLARSSL_X509_CRT_PARSE_C) ||\
!defined(POLARSSL_PKCS1_V15) || !defined(POLARSSL_X509_CRL_PARSE_C) ) !defined(POLARSSL_PKCS1_V15) )
#error "POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED defined, but not all prerequisites" #error "POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED defined, but not all prerequisites"
#endif #endif
#if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) && \ #if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) && \
( !defined(POLARSSL_RSA_C) || !defined(POLARSSL_X509_CRT_PARSE_C) ||\ ( !defined(POLARSSL_RSA_C) || !defined(POLARSSL_X509_CRT_PARSE_C) ||\
!defined(POLARSSL_PKCS1_V15) || !defined(POLARSSL_X509_CRL_PARSE_C) ) !defined(POLARSSL_PKCS1_V15) )
#error "POLARSSL_KEY_EXCHANGE_RSA_ENABLED defined, but not all prerequisites" #error "POLARSSL_KEY_EXCHANGE_RSA_ENABLED defined, but not all prerequisites"
#endif #endif

21
include/polarssl/ecp.h
View File

@ -63,6 +63,11 @@ typedef enum
POLARSSL_ECP_DP_SECP521R1, /*!< 521-bits NIST curve */ POLARSSL_ECP_DP_SECP521R1, /*!< 521-bits NIST curve */
} ecp_group_id; } ecp_group_id;
/**
* Number of supported curves (plus one for NONE)
*/
#define POLARSSL_ECP_DP_MAX 6
/** /**
* Curve information for use by other modules * Curve information for use by other modules
*/ */
@ -365,24 +370,22 @@ int ecp_tls_write_group( const ecp_group *grp, size_t *olen,
unsigned char *buf, size_t blen ); unsigned char *buf, size_t blen );
/** /**
* \brief Get a TLS NamedCurve value from an internal group identifier * \brief Get curve information from an internal group identifier
* *
* \param grp_id A POLARSSL_ECP_DP_XXX value * \param grp_id A POLARSSL_ECP_DP_XXX value
* *
* \return The associated TLS NamedCurve value on success, * \return The associated curve information or NULL
* 0 on failure.
*/ */
uint16_t ecp_named_curve_from_grp_id( ecp_group_id id ); const ecp_curve_info *ecp_curve_info_from_grp_id( ecp_group_id grp_id );
/** /**
* \brief Get an internal group identifier from a TLS NamedCurve value * \brief Get curve information from a TLS NamedCurve value
* *
* \param curve A value from TLS's enum NamedCurve * \param grp_id A POLARSSL_ECP_DP_XXX value
* *
* \return The associated POLARSSL_ECP_DP_XXX identifer on success, * \return The associated curve information or NULL
* POLARSSL_ECP_DP_NONE on failure.
*/ */
ecp_group_id ecp_grp_id_from_named_curve( uint16_t curve ); const ecp_curve_info *ecp_curve_info_from_tls_id( uint16_t tls_id );
/** /**
* \brief Import a point from a TLS ECPoint record * \brief Import a point from a TLS ECPoint record

82
include/polarssl/ssl.h
View File

@ -56,9 +56,6 @@
#if defined(POLARSSL_X509_CRT_PARSE_C) #if defined(POLARSSL_X509_CRT_PARSE_C)
#include "x509_crt.h" #include "x509_crt.h"
#endif
#if defined(POLARSSL_X509_CRL_PARSE_C)
#include "x509_crl.h" #include "x509_crl.h"
#endif #endif
@ -396,6 +393,9 @@ typedef struct _ssl_handshake_params ssl_handshake_params;
#if defined(POLARSSL_SSL_SESSION_TICKETS) #if defined(POLARSSL_SSL_SESSION_TICKETS)
typedef struct _ssl_ticket_keys ssl_ticket_keys; typedef struct _ssl_ticket_keys ssl_ticket_keys;
#endif #endif
#if defined(POLARSSL_X509_CRT_PARSE_C)
typedef struct _ssl_key_cert ssl_key_cert;
#endif
/* /*
* This structure is used for storing current session data. * This structure is used for storing current session data.
@ -490,7 +490,19 @@ struct _ssl_handshake_params
ecdh_context ecdh_ctx; /*!< ECDH key exchange */ ecdh_context ecdh_ctx; /*!< ECDH key exchange */
#endif #endif
#if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C) #if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C)
int ec_curve; /*!< Selected elliptic curve */ const ecp_curve_info **curves; /*!< Supported elliptic curves */
#endif
#if defined(POLARSSL_X509_CRT_PARSE_C)
/**
* Current key/cert or key/cert list.
* On client: pointer to ssl->key_cert, only the first entry used.
* On server: starts as a pointer to ssl->key_cert, then becomes
* a pointer to the chosen key from this list or the SNI list.
*/
ssl_key_cert *key_cert;
#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
ssl_key_cert *sni_key_cert; /*!< key/cert list from SNI */
#endif
#endif #endif
/* /*
@ -545,6 +557,19 @@ struct _ssl_ticket_keys
}; };
#endif /* POLARSSL_SSL_SESSION_TICKETS */ #endif /* POLARSSL_SSL_SESSION_TICKETS */
#if defined(POLARSSL_X509_CRT_PARSE_C)
/*
* List of certificate + private key pairs
*/
struct _ssl_key_cert
{
x509_crt *cert; /*!< cert */
pk_context *key; /*!< private key */
int key_own_alloc; /*!< did we allocate key? */
ssl_key_cert *next; /*!< next key/cert pair */
};
#endif /* POLARSSL_X509_CRT_PARSE_C */
struct _ssl_context struct _ssl_context
{ {
/* /*
@ -649,24 +674,18 @@ struct _ssl_context
/* /*
* PKI layer * PKI layer
*/ */
#if defined(POLARSSL_PK_C)
pk_context *pk_key; /*!< own private key */
int pk_key_own_alloc; /*!< did we allocate pk_key? */
#endif
#if defined(POLARSSL_X509_CRT_PARSE_C) #if defined(POLARSSL_X509_CRT_PARSE_C)
x509_crt *own_cert; /*!< own X.509 certificate */ ssl_key_cert *key_cert; /*!< own certificate(s)/key(s) */
x509_crt *ca_chain; /*!< own trusted CA chain */
const char *peer_cn; /*!< expected peer CN */ x509_crt *ca_chain; /*!< own trusted CA chain */
#endif /* POLARSSL_X509_CRT_PARSE_C */ x509_crl *ca_crl; /*!< trusted CA CRLs */
#if defined(POLARSSL_X509_CRL_PARSE_C) const char *peer_cn; /*!< expected peer CN */
x509_crl *ca_crl; /*!< trusted CA CRLs */ #endif /* POLARSSL_X509_CRT_PARSE_C */
#endif /* POLARSSL_X509_CRL_PARSE_C */
#if defined(POLARSSL_SSL_SESSION_TICKETS)
/* /*
* Support for generating and checking session tickets * Support for generating and checking session tickets
*/ */
#if defined(POLARSSL_SSL_SESSION_TICKETS)
ssl_ticket_keys *ticket_keys; /*!< keys for ticket encryption */ ssl_ticket_keys *ticket_keys; /*!< keys for ticket encryption */
#endif /* POLARSSL_SSL_SESSION_TICKETS */ #endif /* POLARSSL_SSL_SESSION_TICKETS */
@ -956,7 +975,6 @@ void ssl_set_ciphersuites_for_version( ssl_context *ssl,
int major, int minor ); int major, int minor );
#if defined(POLARSSL_X509_CRT_PARSE_C) #if defined(POLARSSL_X509_CRT_PARSE_C)
#if defined(POLARSSL_X509_CRL_PARSE_C)
/** /**
* \brief Set the data required to verify peer certificate * \brief Set the data required to verify peer certificate
* *
@ -967,20 +985,26 @@ void ssl_set_ciphersuites_for_version( ssl_context *ssl,
*/ */
void ssl_set_ca_chain( ssl_context *ssl, x509_crt *ca_chain, void ssl_set_ca_chain( ssl_context *ssl, x509_crt *ca_chain,
x509_crl *ca_crl, const char *peer_cn ); x509_crl *ca_crl, const char *peer_cn );
#endif /* POLARSSL_X509_CRL_PARSE_C */
/** /**
* \brief Set own certificate chain and private key * \brief Set own certificate chain and private key
* *
* Note: own_cert should contain IN order from the bottom * \note own_cert should contain in order from the bottom up your
* up your certificate chain. The top certificate (self-signed) * certificate chain. The top certificate (self-signed)
* can be omitted. * can be omitted.
* *
* \note This function may be called more than once if you want to
* support multiple certificates (eg, one using RSA and one
* using ECDSA). However, on client, currently only the first
* certificate is used (subsequent calls have no effect).
*
* \param ssl SSL context * \param ssl SSL context
* \param own_cert own public certificate chain * \param own_cert own public certificate chain
* \param pk_key own private key * \param pk_key own private key
*
* \return 0 on success or POLARSSL_ERR_SSL_MALLOC_FAILED
*/ */
void ssl_set_own_cert( ssl_context *ssl, x509_crt *own_cert, int ssl_set_own_cert( ssl_context *ssl, x509_crt *own_cert,
pk_context *pk_key ); pk_context *pk_key );
#if defined(POLARSSL_RSA_C) #if defined(POLARSSL_RSA_C)
@ -1502,6 +1526,20 @@ pk_type_t ssl_pk_alg_from_sig( unsigned char sig );
md_type_t ssl_md_alg_from_hash( unsigned char hash ); md_type_t ssl_md_alg_from_hash( unsigned char hash );
#if defined(POLARSSL_X509_CRT_PARSE_C)
static inline pk_context *ssl_own_key( ssl_context *ssl )
{
return( ssl->handshake->key_cert == NULL ? NULL
: ssl->handshake->key_cert->key );
}
static inline x509_crt *ssl_own_cert( ssl_context *ssl )
{
return( ssl->handshake->key_cert == NULL ? NULL
: ssl->handshake->key_cert->cert );
}
#endif /* POLARSSL_X509_CRT_PARSE_C */
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif

6
include/polarssl/x509_crt.h
View File

@ -31,9 +31,7 @@
#include "x509.h" #include "x509.h"
#if defined(POLARSSL_X509_CRL_PARSE_C)
#include "x509_crl.h" #include "x509_crl.h"
#endif
/** /**
* \addtogroup x509_module * \addtogroup x509_module
@ -198,7 +196,6 @@ int x509_crt_parse_path( x509_crt *chain, const char *path );
int x509_crt_info( char *buf, size_t size, const char *prefix, int x509_crt_info( char *buf, size_t size, const char *prefix,
const x509_crt *crt ); const x509_crt *crt );
#if defined(POLARSSL_X509_CRL_PARSE_C)
/** /**
* \brief Verify the certificate signature * \brief Verify the certificate signature
* *
@ -242,8 +239,9 @@ int x509_crt_verify( x509_crt *crt,
int (*f_vrfy)(void *, x509_crt *, int, int *), int (*f_vrfy)(void *, x509_crt *, int, int *),
void *p_vrfy ); void *p_vrfy );
#if defined(POLARSSL_X509_CRL_PARSE_C)
/** /**
* \brief Verify the certificate signature * \brief Verify the certificate revocation status
* *
* \param crt a certificate to be verified * \param crt a certificate to be verified
* \param crl the CRL to verify against * \param crl the CRL to verify against

199
library/certs.c
View File

@ -28,100 +28,112 @@
#if defined(POLARSSL_CERTS_C) #if defined(POLARSSL_CERTS_C)
#if defined(POLARSSL_ECDSA_C) #if defined(POLARSSL_ECDSA_C)
const char test_ca_crt[] = #define TEST_CA_CRT_EC \
"-----BEGIN CERTIFICATE-----\r\n" "-----BEGIN CERTIFICATE-----\r\n" \
"MIICEjCCAbmgAwIBAgIJAK1CeXaecvbhMAkGByqGSM49BAEwPjELMAkGA1UEBhMC\r\n" "MIICUjCCAdegAwIBAgIJAMFD4n5iQ8zoMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT\r\n" \
"TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD\r\n" "Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF\r\n" \
"IENBMB4XDTEzMDgwOTA3NDk0NloXDTIzMDgwNzA3NDk0NlowPjELMAkGA1UEBhMC\r\n" "QyBDQTAeFw0xMzA5MjQxNTQ5NDhaFw0yMzA5MjIxNTQ5NDhaMD4xCzAJBgNVBAYT\r\n" \
"TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD\r\n" "Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF\r\n" \
"IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAElrizLPspIX2+kNvC+BOpJnw1\r\n" "QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu\r\n" \
"9tnAi5nsUnt8r6N+KDybdaVUWmLIqZCrjuaGKwOdOZtl/bBp8KOpLZ4UDujV/qOB\r\n" "ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy\r\n" \
"oDCBnTAdBgNVHQ4EFgQUvEDvue6auzY54S2porosu6a9EHEwbgYDVR0jBGcwZYAU\r\n" "aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqOBoDCBnTAdBgNVHQ4EFgQUnW0g\r\n" \
"vEDvue6auzY54S2porosu6a9EHGhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQK\r\n" "JEkBPyvLeLUZvH4kydv7NnwwbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7\r\n" \
"EwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAK1CeXae\r\n" "NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE\r\n" \
"cvbhMAwGA1UdEwQFMAMBAf8wCQYHKoZIzj0EAQNIADBFAiBs5rd9NzQs/wQZVS6D\r\n" "AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w\r\n" \
"rjpOpzFteqBkqe6YgKWkG5kDVwIhAKr4Lr4v+MU1G5D5oSZXYxvUPBa4yARcD7QM\r\n" "CgYIKoZIzj0EAwIDaQAwZgIxAMO0YnNWKJUAfXgSJtJxexn4ipg+kv4znuR50v56\r\n" \
"espQnlFX\r\n" "t4d0PCu412mUC6Nnd7izvtE2MgIxAP1nnJQjZ8BWukszFQDG48wxCCyci9qpdSMv\r\n" \
"-----END CERTIFICATE-----\r\n"; "uCjn8pwUOkABXK8Mss90fzCfCEOtIA==\r\n" \
"-----END CERTIFICATE-----\r\n"
const char test_ca_crt_ec[] = TEST_CA_CRT_EC;
const char test_ca_key[] = const char test_ca_key_ec[] =
"-----BEGIN EC PRIVATE KEY-----\r\n" "-----BEGIN EC PRIVATE KEY-----\r\n"
"Proc-Type: 4,ENCRYPTED\r\n" "Proc-Type: 4,ENCRYPTED\r\n"
"DEK-Info: AES-128-CBC,2A7435F5137D68C6402DB35E5BFD277A\r\n" "DEK-Info: DES-EDE3-CBC,307EAB469933D64E\r\n"
"\r\n" "\r\n"
"Sw5YgGVvNxXMvnGKYPuUqiDfjXhK/VTQ6dE9+33jwobKJvqR4pIrelw5QbJ5MCi2\r\n" "IxbrRmKcAzctJqPdTQLA4SWyBYYGYJVkYEna+F7Pa5t5Yg/gKADrFKcm6B72e7DG\r\n"
"dRGEMi4hT+EiS1UZtagqYUQyYZegZB48eoSRySsfW3kqQ4aG99+4iDLCY+JhICs9\r\n" "ihExtZI648s0zdYw6qSJ74vrPSuWDe5qm93BqsfVH9svtCzWHW0pm1p0KTBCFfUq\r\n"
"aZdJhyUSOy2KRnFN/ZUy/Hvlsy10dw/Cp73TpJZmTz4=\r\n" "UsuWTITwJImcnlAs1gaRZ3sAWm7cOUidL0fo2G0fYUFNcYoCSLffCFTEHBuPnagb\r\n"
"a77x/sY1Bvii8S9/XhDTb6pTMx06wzrm\r\n"
"-----END EC PRIVATE KEY-----\r\n"; "-----END EC PRIVATE KEY-----\r\n";
const char test_ca_pwd[] = "PolarSSLTest"; const char test_ca_pwd_ec[] = "PolarSSLTest";
const char test_srv_crt[] = const char test_srv_crt_ec[] =
"-----BEGIN CERTIFICATE-----\r\n" "-----BEGIN CERTIFICATE-----\r\n"
"MIIB7TCCAZSgAwIBAgIBAzAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYD\r\n" "MIICHzCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G\r\n"
"VQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAeFw0x\r\n" "A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN\r\n"
"MzA4MDkwNzU3NDBaFw0yMzA4MDcwNzU3NDBaMDQxCzAJBgNVBAYTAk5MMREwDwYD\r\n" "MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n"
"VQQKEwhQb2xhclNTTDESMBAGA1UEAxMJbG9jYWxob3N0MEkwEwYHKoZIzj0CAQYI\r\n" "A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG\r\n"
"KoZIzj0DAQEDMgAEy0Lh3ZfhEwBiC8jmJfEg8NGxCDqHEtz+hPgYs37hDz9wTOoY\r\n" "CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA\r\n"
"+CJDtEUcDedgFCpqo4GdMIGaMAkGA1UdEwQCMAAwHQYDVR0OBBYEFKItALYotNzi\r\n" "2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd\r\n"
"cfBPd7LwETtkYmdBMG4GA1UdIwRnMGWAFLxA77numrs2OeEtqaK6LLumvRBxoUKk\r\n" "BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB\r\n"
"QDA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1Bv\r\n" "PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh\r\n"
"bGFyc3NsIFRlc3QgRUMgQ0GCCQCtQnl2nnL24TAJBgcqhkjOPQQBA0gAMEUCIE/J\r\n" "clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG\r\n"
"rb3TrYL+z1OsZ2rtCmji7hrPj570X4Qkm1Pb5QEvAiEAiq46sM0+1DSAU0u8FcuL\r\n" "CCqGSM49BAMCA2gAMGUCMQCaLFzXptui5WQN8LlO3ddh1hMxx6tzgLvT03MTVK2S\r\n"
"jbRvSP9W7EJjb9QR3zNYbX4=\r\n" "C12r0Lz3ri/moSEpNZWqPjkCMCE2f53GXcYLqyfyJR078c/xNSUU5+Xxl7VZ414V\r\n"
"fGa5kHvHARBPc8YAIVIqDvHH1Q==\r\n"
"-----END CERTIFICATE-----\r\n"; "-----END CERTIFICATE-----\r\n";
const char test_srv_key[] = const char test_srv_key_ec[] =
"-----BEGIN EC PRIVATE KEY-----\r\n" "-----BEGIN EC PRIVATE KEY-----\r\n"
"MF8CAQEEGO82j8OXBoUhVyauCA8XZ288l595u7BXWqAKBggqhkjOPQMBAaE0AzIA\r\n" "MHcCAQEEIPEqEyB2AnCoPL/9U/YDHvdqXYbIogTywwyp6/UfDw6noAoGCCqGSM49\r\n"
"BMtC4d2X4RMAYgvI5iXxIPDRsQg6hxLc/oT4GLN+4Q8/cEzqGPgiQ7RFHA3nYBQq\r\n" "AwEHoUQDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDYIxH/\r\n"
"ag==\r\n" "6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/w==\r\n"
"-----END EC PRIVATE KEY-----\r\n"; "-----END EC PRIVATE KEY-----\r\n";
const char test_cli_crt[] = const char test_cli_crt_ec[] =
"-----BEGIN CERTIFICATE-----\r\n" "-----BEGIN CERTIFICATE-----\r\n"
"MIIBUjCB+gIBEjAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQ\r\n" "MIICLDCCAbKgAwIBAgIBDTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G\r\n"
"b2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAeFw0xMzA4MjIx\r\n" "A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN\r\n"
"NDQyMTdaFw0yMzA4MjAxNDQyMTdaMD8xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQ\r\n" "MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjBBMQswCQYDVQQGEwJOTDERMA8G\r\n"
"b2xhclNTTDEdMBsGA1UEAxMUUG9sYXJTU0wgVGVzdCBDbGllbnQwSTATBgcqhkjO\r\n" "A1UEChMIUG9sYXJTU0wxHzAdBgNVBAMTFlBvbGFyU1NMIFRlc3QgQ2xpZW50IDIw\r\n"
"PQIBBggqhkjOPQMBAQMyAATnnXkhKuPh1tou3B+DV9lyE4IlISuYVm86E776WBm5\r\n" "WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARX5a6xc9/TrLuTuIH/Eq7u5lOszlVT\r\n"
"+hNTqK0AaV6gqEL/XdLEGVwwCQYHKoZIzj0EAQNIADBFAiEA/xaze0PZk51nJJSR\r\n" "9jQOzC7jYyUL35ji81xgNpbA1RgUcOV/n9VLRRjlsGzVXPiWj4dwo+THo4GdMIGa\r\n"
"Z5SmN9VlzqgN2aSmL4JQRPzjDr0CIFOmuwP8WRdPUJvXh7NQgvl4kW3xkcrmfd6a\r\n" "MAkGA1UdEwQCMAAwHQYDVR0OBBYEFHoAX4Zk/OBd5REQO7LmO8QmP8/iMG4GA1Ud\r\n"
"zJbBMLxH\r\n" "IwRnMGWAFJ1tICRJAT8ry3i1Gbx+JMnb+zZ8oUKkQDA+MQswCQYDVQQGEwJOTDER\r\n"
"MA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0GC\r\n"
"CQDBQ+J+YkPM6DAKBggqhkjOPQQDAgNoADBlAjBKZQ17IIOimbmoD/yN7o89u3BM\r\n"
"lgOsjnhw3fIOoLIWy2WOGsk/LGF++DzvrRzuNiACMQCd8iem1XS4JK7haj8xocpU\r\n"
"LwjQje5PDGHfd3h9tP38Qknu5bJqws0md2KOKHyeV0U=\r\n"
"-----END CERTIFICATE-----\r\n"; "-----END CERTIFICATE-----\r\n";
const char test_cli_key[] = const char test_cli_key_ec[] =
"-----BEGIN EC PRIVATE KEY-----\r\n" "-----BEGIN EC PRIVATE KEY-----\r\n"
"MF8CAQEEGCTQxP5vTfEwCWdeLdPqgGQ4AuxGG3gPA6AKBggqhkjOPQMBAaE0AzIA\r\n" "MHcCAQEEIPb3hmTxZ3/mZI3vyk7p3U3wBf+WIop6hDhkFzJhmLcqoAoGCCqGSM49\r\n"
"BOedeSEq4+HW2i7cH4NX2XITgiUhK5hWbzoTvvpYGbn6E1OorQBpXqCoQv9d0sQZ\r\n" "AwEHoUQDQgAEV+WusXPf06y7k7iB/xKu7uZTrM5VU/Y0Dswu42MlC9+Y4vNcYDaW\r\n"
"XA==\r\n" "wNUYFHDlf5/VS0UY5bBs1Vz4lo+HcKPkxw==\r\n"
"-----END EC PRIVATE KEY-----\r\n"; "-----END EC PRIVATE KEY-----\r\n";
#else
#define TEST_CA_CRT_EC
#endif /* POLARSSL_ECDSA_C */
#else /* !POLARSSL_ECDSA_C, so POLARSSL_RSA_C */ #if defined(POLARSSL_RSA_C)
const char test_ca_crt[] = #define TEST_CA_CRT_RSA \
"-----BEGIN CERTIFICATE-----\r\n" "-----BEGIN CERTIFICATE-----\r\n" \
"MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" "MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" \
"MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" "MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \
"MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G\r\n" "MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G\r\n" \
"A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G\r\n" "A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G\r\n" \
"CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx\r\n" "CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx\r\n" \
"mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny\r\n" "mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny\r\n" \
"50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n\r\n" "50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n\r\n" \
"YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL\r\n" "YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL\r\n" \
"R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu\r\n" "R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu\r\n" \
"KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj\r\n" "KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj\r\n" \
"gZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH\r\n" "gZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH\r\n" \
"/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNV\r\n" "/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNV\r\n" \
"BAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVz\r\n" "BAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVz\r\n" \
"dCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJ\r\n" "dCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJ\r\n" \
"SsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8H\r\n" "SsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8H\r\n" \
"DBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkF\r\n" "DBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkF\r\n" \
"pjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkf\r\n" "pjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkf\r\n" \
"m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ\r\n" "m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ\r\n" \
"7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA==\r\n" "7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA==\r\n" \
"-----END CERTIFICATE-----\r\n"; "-----END CERTIFICATE-----\r\n"
const char test_ca_crt_rsa[] = TEST_CA_CRT_RSA;
const char test_ca_key[] = const char test_ca_key_rsa[] =
"-----BEGIN RSA PRIVATE KEY-----\r\n" "-----BEGIN RSA PRIVATE KEY-----\r\n"
"Proc-Type: 4,ENCRYPTED\r\n" "Proc-Type: 4,ENCRYPTED\r\n"
"DEK-Info: DES-EDE3-CBC,A8A95B05D5B7206B\r\n" "DEK-Info: DES-EDE3-CBC,A8A95B05D5B7206B\r\n"
@ -153,9 +165,9 @@ const char test_ca_key[] =
"P/eQiddSf0brnpiLJRh7qZrl9XuqYdpUqnoEdMAfotDOID8OtV7gt8a48ad8VPW2\r\n" "P/eQiddSf0brnpiLJRh7qZrl9XuqYdpUqnoEdMAfotDOID8OtV7gt8a48ad8VPW2\r\n"
"-----END RSA PRIVATE KEY-----\r\n"; "-----END RSA PRIVATE KEY-----\r\n";
const char test_ca_pwd[] = "PolarSSLTest"; const char test_ca_pwd_rsa[] = "PolarSSLTest";
const char test_srv_crt[] = const char test_srv_crt_rsa[] =
"-----BEGIN CERTIFICATE-----\r\n" "-----BEGIN CERTIFICATE-----\r\n"
"MIIDPzCCAiegAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" "MIIDPzCCAiegAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n"
"MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" "MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n"
@ -177,7 +189,7 @@ const char test_srv_crt[] =
"/WzRyYRBRjAI49mzHX6raleqnw==\r\n" "/WzRyYRBRjAI49mzHX6raleqnw==\r\n"
"-----END CERTIFICATE-----\r\n"; "-----END CERTIFICATE-----\r\n";
const char test_srv_key[] = const char test_srv_key_rsa[] =
"-----BEGIN RSA PRIVATE KEY-----\r\n" "-----BEGIN RSA PRIVATE KEY-----\r\n"
"MIIEogIBAAKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/uOhFkNvuiBZS0/FDUEeW\r\n" "MIIEogIBAAKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/uOhFkNvuiBZS0/FDUEeW\r\n"
"Ellkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFDd185fAkER4KwVzlw7aPs\r\n" "Ellkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFDd185fAkER4KwVzlw7aPs\r\n"
@ -194,7 +206,7 @@ const char test_srv_key[] =
"oArQJGgkAdaq0pcTyOIjtTQVMFygdVmCEJmxh/3RutPcTeydqW9fphKDMej32J8e\r\n" "oArQJGgkAdaq0pcTyOIjtTQVMFygdVmCEJmxh/3RutPcTeydqW9fphKDMej32J8e\r\n"
"GniGmNGiclbcfNOS8E5TGp445yZb9P1+7AHng16bGg3Ykj5EA4G+HCcCgYEAyHAl\r\n" "GniGmNGiclbcfNOS8E5TGp445yZb9P1+7AHng16bGg3Ykj5EA4G+HCcCgYEAyHAl\r\n"
"//ekk8YjQElm+8izLtFkymIK0aCtEe9C/RIRhFYBeFaotC5dStNhBOncn4ovMAPD\r\n" "//ekk8YjQElm+8izLtFkymIK0aCtEe9C/RIRhFYBeFaotC5dStNhBOncn4ovMAPD\r\n"
"Lx/92YdI9op8ppln3a4B9XpW3k/SS5GrbT5cwOivBHNllZSmu/2qz5WPGcjVCOrB\r\n" "lX/92yDi9OP8PPLN3a4B9XpW3k/SS5GrbT5cwOivBHNllZSmu/2qz5WPGcjVCOrB\r\n"
"LYl3YWr2h3EGKICT03kEoTkiDBvCeOpW7cCGl2cCgYBD5whoXHz1+ptPlI4YVjZt\r\n" "LYl3YWr2h3EGKICT03kEoTkiDBvCeOpW7cCGl2cCgYBD5whoXHz1+ptPlI4YVjZt\r\n"
"Xh86aU+ajpVPiEyJ84I6xXmO4SZXv8q6LaycR0ZMbcL+zBelMb4Z2nBv7jNrtuR7\r\n" "Xh86aU+ajpVPiEyJ84I6xXmO4SZXv8q6LaycR0ZMbcL+zBelMb4Z2nBv7jNrtuR7\r\n"
"ZF28cdPv+YVr3esaybZE/73VjXup4SQPH6r3l7qKTVi+y6+FeJ4b2Xn8/MwgnT23\r\n" "ZF28cdPv+YVr3esaybZE/73VjXup4SQPH6r3l7qKTVi+y6+FeJ4b2Xn8/MwgnT23\r\n"
@ -206,7 +218,7 @@ const char test_srv_key[] =
"mKsIVRBq4IfwiwyMNG2BYZQAwbSDjjPtn/kPBduPzPj7eriByhI=\r\n" "mKsIVRBq4IfwiwyMNG2BYZQAwbSDjjPtn/kPBduPzPj7eriByhI=\r\n"
"-----END RSA PRIVATE KEY-----\r\n"; "-----END RSA PRIVATE KEY-----\r\n";
const char test_cli_crt[] = const char test_cli_crt_rsa[] =
"-----BEGIN CERTIFICATE-----\r\n" "-----BEGIN CERTIFICATE-----\r\n"
"MIIDPzCCAiegAwIBAgIBBDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" "MIIDPzCCAiegAwIBAgIBBDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n"
"MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" "MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n"
@ -228,7 +240,7 @@ const char test_cli_crt[] =
"D+stpAKiQLAWaAusIWKYEyw9MQ==\r\n" "D+stpAKiQLAWaAusIWKYEyw9MQ==\r\n"
"-----END CERTIFICATE-----\r\n"; "-----END CERTIFICATE-----\r\n";
const char test_cli_key[] = const char test_cli_key_rsa[] =
"-----BEGIN RSA PRIVATE KEY-----\r\n" "-----BEGIN RSA PRIVATE KEY-----\r\n"
"MIIEpAIBAAKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6fM60Nj4o8VmXl3ETZzGaF\r\n" "MIIEpAIBAAKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6fM60Nj4o8VmXl3ETZzGaF\r\n"
"B9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu1C93KYRhTYJQj6eVSHD1\r\n" "B9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu1C93KYRhTYJQj6eVSHD1\r\n"
@ -256,13 +268,38 @@ const char test_cli_key[] =
"bHFVW2r0dBTqegP2/KTOxKzaHfC1qf0RGDsUoJCNJrd1cwoCLG8P2EF4w3OBrKqv\r\n" "bHFVW2r0dBTqegP2/KTOxKzaHfC1qf0RGDsUoJCNJrd1cwoCLG8P2EF4w3OBrKqv\r\n"
"8u4ytY0F+Vlanj5lm3TaoHSVF1+NWPyOTiwevIECGKwSxvlki4fDAA==\r\n" "8u4ytY0F+Vlanj5lm3TaoHSVF1+NWPyOTiwevIECGKwSxvlki4fDAA==\r\n"
"-----END RSA PRIVATE KEY-----\r\n"; "-----END RSA PRIVATE KEY-----\r\n";
#endif /* !POLARSSL_ECDSA_C, so POLARSSL_RSA_C */ #else
#define TEST_CA_CRT_RSA
#endif /* POLARSSL_RSA_C */
#if defined(POLARSSL_DHM_C)
const char test_dhm_params[] = const char test_dhm_params[] =
"-----BEGIN DH PARAMETERS-----\r\n" "-----BEGIN DH PARAMETERS-----\r\n"
"MIGHAoGBAJ419DBEOgmQTzo5qXl5fQcN9TN455wkOL7052HzxxRVMyhYmwQcgJvh\r\n" "MIGHAoGBAJ419DBEOgmQTzo5qXl5fQcN9TN455wkOL7052HzxxRVMyhYmwQcgJvh\r\n"
"1sa18fyfR9OiVEMYglOpkqVoGLN7qd5aQNNi5W7/C+VBdHTBJcGZJyyP5B3qcz32\r\n" "1sa18fyfR9OiVEMYglOpkqVoGLN7qd5aQNNi5W7/C+VBdHTBJcGZJyyP5B3qcz32\r\n"
"9mLJKudlVudV0Qxk5qUJaPZ/xupz0NyoVpviuiBOI1gNi8ovSXWzAgEC\r\n" "9mLJKudlVudV0Qxk5qUJaPZ/xupz0NyoVpviuiBOI1gNi8ovSXWzAgEC\r\n"
"-----END DH PARAMETERS-----\r\n"; "-----END DH PARAMETERS-----\r\n";
#endif
/* Concatenation of all available CA certificates */
const char test_ca_list[] = TEST_CA_CRT_RSA TEST_CA_CRT_EC;
#if defined(POLARSSL_RSA_C)
const char *test_ca_crt = test_ca_crt_rsa;
const char *test_ca_key = test_ca_key_rsa;
const char *test_ca_pwd = test_ca_pwd_rsa;
const char *test_srv_crt = test_srv_crt_rsa;
const char *test_srv_key = test_srv_key_rsa;
const char *test_cli_crt = test_cli_crt_rsa;
const char *test_cli_key = test_cli_key_rsa;
#else /* ! POLARSSL_RSA_C, so POLARSSL_ECDSA_C */
const char *test_ca_crt = test_ca_crt_ec;
const char *test_ca_key = test_ca_key_ec;
const char *test_ca_pwd = test_ca_pwd_ec;
const char *test_srv_crt = test_srv_crt_ec;
const char *test_srv_key = test_srv_key_ec;
const char *test_cli_crt = test_cli_crt_ec;
const char *test_cli_key = test_cli_key_ec;
#endif
#endif /* POLARSSL_CERTS_C */ #endif /* POLARSSL_CERTS_C */

41
library/ecp.c
View File

@ -703,7 +703,8 @@ int ecp_use_known_dp( ecp_group *grp, ecp_group_id id )
*/ */
int ecp_tls_read_group( ecp_group *grp, const unsigned char **buf, size_t len ) int ecp_tls_read_group( ecp_group *grp, const unsigned char **buf, size_t len )
{ {
unsigned int named_curve; uint16_t tls_id;
const ecp_curve_info *curve_info;
/* /*
* We expect at least three bytes (see below) * We expect at least three bytes (see below)
@ -720,10 +721,14 @@ int ecp_tls_read_group( ecp_group *grp, const unsigned char **buf, size_t len )
/* /*
* Next two bytes are the namedcurve value * Next two bytes are the namedcurve value
*/ */
named_curve = *(*buf)++; tls_id = *(*buf)++;
named_curve <<= 8; tls_id <<= 8;
named_curve |= *(*buf)++; tls_id |= *(*buf)++;
return ecp_use_known_dp( grp, ecp_grp_id_from_named_curve( named_curve ) );
if( ( curve_info = ecp_curve_info_from_tls_id( tls_id ) ) == NULL )
return( POLARSSL_ERR_ECP_FEATURE_UNAVAILABLE );
return ecp_use_known_dp( grp, curve_info->grp_id );
} }
/* /*
@ -732,7 +737,10 @@ int ecp_tls_read_group( ecp_group *grp, const unsigned char **buf, size_t len )
int ecp_tls_write_group( const ecp_group *grp, size_t *olen, int ecp_tls_write_group( const ecp_group *grp, size_t *olen,
unsigned char *buf, size_t blen ) unsigned char *buf, size_t blen )
{ {
unsigned int named_curve; const ecp_curve_info *curve_info;
if( ( curve_info = ecp_curve_info_from_grp_id( grp->id ) ) == NULL )
return( POLARSSL_ERR_ECP_BAD_INPUT_DATA );
/* /*
* We are going to write 3 bytes (see below) * We are going to write 3 bytes (see below)
@ -749,17 +757,16 @@ int ecp_tls_write_group( const ecp_group *grp, size_t *olen,
/* /*
* Next two bytes are the namedcurve value * Next two bytes are the namedcurve value
*/ */
named_curve = ecp_named_curve_from_grp_id( grp->id ); buf[0] = curve_info->tls_id >> 8;
buf[0] = named_curve >> 8; buf[1] = curve_info->tls_id & 0xFF;
buf[1] = named_curve & 0xFF;
return 0; return 0;
} }
/* /*
* Get the internal identifer from the TLS name * Get the curve info from the TLS identifier
*/ */
ecp_group_id ecp_grp_id_from_named_curve( uint16_t tls_id ) const ecp_curve_info *ecp_curve_info_from_tls_id( uint16_t tls_id )
{ {
const ecp_curve_info *curve_info; const ecp_curve_info *curve_info;
@ -768,16 +775,16 @@ ecp_group_id ecp_grp_id_from_named_curve( uint16_t tls_id )
curve_info++ ) curve_info++ )
{ {
if( curve_info->tls_id == tls_id ) if( curve_info->tls_id == tls_id )
return( curve_info->grp_id ); return( curve_info );
} }
return( POLARSSL_ECP_DP_NONE ); return( NULL );
} }
/* /*
* Get the TLS name for the internal identifer * Get the curve info for the internal identifer
*/ */
uint16_t ecp_named_curve_from_grp_id( ecp_group_id grp_id ) const ecp_curve_info *ecp_curve_info_from_grp_id( ecp_group_id grp_id )
{ {
const ecp_curve_info *curve_info; const ecp_curve_info *curve_info;
@ -786,10 +793,10 @@ uint16_t ecp_named_curve_from_grp_id( ecp_group_id grp_id )
curve_info++ ) curve_info++ )
{ {
if( curve_info->grp_id == grp_id ) if( curve_info->grp_id == grp_id )
return( curve_info->tls_id ); return( curve_info );
} }
return( 0 ); return( NULL );
} }
/* /*

22
library/ssl_cli.c
View File

@ -1595,7 +1595,7 @@ static int ssl_parse_certificate_request( ssl_context *ssl )
{ {
#if defined(POLARSSL_RSA_C) #if defined(POLARSSL_RSA_C)
if( *p == SSL_CERT_TYPE_RSA_SIGN && if( *p == SSL_CERT_TYPE_RSA_SIGN &&
pk_can_do( ssl->pk_key, POLARSSL_PK_RSA ) ) pk_can_do( ssl_own_key( ssl ), POLARSSL_PK_RSA ) )
{ {
ssl->handshake->cert_type = SSL_CERT_TYPE_RSA_SIGN; ssl->handshake->cert_type = SSL_CERT_TYPE_RSA_SIGN;
break; break;
@ -1604,7 +1604,7 @@ static int ssl_parse_certificate_request( ssl_context *ssl )
#endif #endif
#if defined(POLARSSL_ECDSA_C) #if defined(POLARSSL_ECDSA_C)
if( *p == SSL_CERT_TYPE_ECDSA_SIGN && if( *p == SSL_CERT_TYPE_ECDSA_SIGN &&
pk_can_do( ssl->pk_key, POLARSSL_PK_ECDSA ) ) pk_can_do( ssl_own_key( ssl ), POLARSSL_PK_ECDSA ) )
{ {
ssl->handshake->cert_type = SSL_CERT_TYPE_ECDSA_SIGN; ssl->handshake->cert_type = SSL_CERT_TYPE_ECDSA_SIGN;
break; break;
@ -1619,14 +1619,6 @@ static int ssl_parse_certificate_request( ssl_context *ssl )
p++; p++;
} }
// TODO: shall we abort now or send an empty certificate list later?
if( ssl->handshake->cert_type == 0 )
{
SSL_DEBUG_MSG( 1, ( "no known cert_type provided" ) );
return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST );
}
#if defined(POLARSSL_SSL_PROTO_TLS1_2) #if defined(POLARSSL_SSL_PROTO_TLS1_2)
if( ssl->minor_ver == SSL_MINOR_VERSION_3 ) if( ssl->minor_ver == SSL_MINOR_VERSION_3 )
{ {
@ -2005,14 +1997,14 @@ static int ssl_write_certificate_verify( ssl_context *ssl )
return( 0 ); return( 0 );
} }
if( ssl->client_auth == 0 || ssl->own_cert == NULL ) if( ssl->client_auth == 0 || ssl_own_cert( ssl ) == NULL )
{ {
SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) ); SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) );
ssl->state++; ssl->state++;
return( 0 ); return( 0 );
} }
if( ssl->pk_key == NULL ) if( ssl_own_key( ssl ) == NULL )
{ {
SSL_DEBUG_MSG( 1, ( "got no private key" ) ); SSL_DEBUG_MSG( 1, ( "got no private key" ) );
return( POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED ); return( POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED );
@ -2045,7 +2037,7 @@ static int ssl_write_certificate_verify( ssl_context *ssl )
/* /*
* For ECDSA, default hash is SHA-1 only * For ECDSA, default hash is SHA-1 only
*/ */
if( pk_can_do( ssl->pk_key, POLARSSL_PK_ECDSA ) ) if( pk_can_do( ssl_own_key( ssl ), POLARSSL_PK_ECDSA ) )
{ {
hash_start += 16; hash_start += 16;
hashlen -= 16; hashlen -= 16;
@ -2084,7 +2076,7 @@ static int ssl_write_certificate_verify( ssl_context *ssl )
md_alg = POLARSSL_MD_SHA256; md_alg = POLARSSL_MD_SHA256;
ssl->out_msg[4] = SSL_HASH_SHA256; ssl->out_msg[4] = SSL_HASH_SHA256;
} }
ssl->out_msg[5] = ssl_sig_from_pk( ssl->pk_key ); ssl->out_msg[5] = ssl_sig_from_pk( ssl_own_key( ssl ) );
/* Info from md_alg will be used instead */ /* Info from md_alg will be used instead */
hashlen = 0; hashlen = 0;
@ -2097,7 +2089,7 @@ static int ssl_write_certificate_verify( ssl_context *ssl )
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE ); return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
} }
if( ( ret = pk_sign( ssl->pk_key, md_alg, hash_start, hashlen, if( ( ret = pk_sign( ssl_own_key( ssl ), md_alg, hash_start, hashlen,
ssl->out_msg + 6 + offset, &n, ssl->out_msg + 6 + offset, &n,
ssl->f_rng, ssl->p_rng ) ) != 0 ) ssl->f_rng, ssl->p_rng ) ) != 0 )
{ {

152
library/ssl_srv.c
View File

@ -338,6 +338,25 @@ static int ssl_parse_ticket( ssl_context *ssl,
#endif /* POLARSSL_SSL_SESSION_TICKETS */ #endif /* POLARSSL_SSL_SESSION_TICKETS */
#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION) #if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
/*
* Wrapper around f_sni, allowing use of ssl_set_own_cert() but
* making it act on ssl->hanshake->sni_key_cert instead.
*/
static int ssl_sni_wrapper( ssl_context *ssl,
const unsigned char* name, size_t len )
{
int ret;
ssl_key_cert *key_cert_ori = ssl->key_cert;
ssl->key_cert = NULL;
ret = ssl->f_sni( ssl->p_sni, ssl, name, len );
ssl->handshake->sni_key_cert = ssl->key_cert;
ssl->key_cert = key_cert_ori;
return( ret );
}
static int ssl_parse_servername_ext( ssl_context *ssl, static int ssl_parse_servername_ext( ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
size_t len ) size_t len )
@ -365,7 +384,7 @@ static int ssl_parse_servername_ext( ssl_context *ssl,
if( p[0] == TLS_EXT_SERVERNAME_HOSTNAME ) if( p[0] == TLS_EXT_SERVERNAME_HOSTNAME )
{ {
ret = ssl->f_sni( ssl->p_sni, ssl, p + 3, hostname_len ); ret = ssl_sni_wrapper( ssl, p + 3, hostname_len );
if( ret != 0 ) if( ret != 0 )
{ {
ssl_send_alert_message( ssl, SSL_ALERT_LEVEL_FATAL, ssl_send_alert_message( ssl, SSL_ALERT_LEVEL_FATAL,
@ -501,9 +520,9 @@ static int ssl_parse_supported_elliptic_curves( ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
size_t len ) size_t len )
{ {
size_t list_size; size_t list_size, our_size;
const unsigned char *p; const unsigned char *p;
ecp_group_id grp_id; const ecp_curve_info *curve_info, **curves;
list_size = ( ( buf[0] << 8 ) | ( buf[1] ) ); list_size = ( ( buf[0] << 8 ) | ( buf[1] ) );
if( list_size + 2 != len || if( list_size + 2 != len ||
@ -513,15 +532,27 @@ static int ssl_parse_supported_elliptic_curves( ssl_context *ssl,
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO ); return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
} }
p = buf + 2; /* Don't allow our peer to make use allocated too much memory,
while( list_size > 0 ) * and leave room for a final 0 */
{ our_size = list_size / 2 + 1;
grp_id = ecp_grp_id_from_named_curve( ( p[0] << 8 ) | p[1] ); if( our_size > POLARSSL_ECP_DP_MAX )
our_size = POLARSSL_ECP_DP_MAX;
if( grp_id != POLARSSL_ECP_DP_NONE ) if( ( curves = polarssl_malloc( our_size * sizeof( *curves ) ) ) == NULL )
return( POLARSSL_ERR_SSL_MALLOC_FAILED );
memset( curves, 0, our_size * sizeof( *curves ) );
ssl->handshake->curves = curves;
p = buf + 2;
while( list_size > 0 && our_size > 1 )
{
curve_info = ecp_curve_info_from_tls_id( ( p[0] << 8 ) | p[1] );
if( curve_info != NULL )
{ {
ssl->handshake->ec_curve = grp_id; *curves++ = curve_info;
return( 0 ); our_size--;
} }
list_size -= 2; list_size -= 2;
@ -875,6 +906,69 @@ have_ciphersuite_v2:
} }
#endif /* POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO */ #endif /* POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO */
#if defined(POLARSSL_X509_CRT_PARSE_C)
#if defined(POLARSSL_ECDSA_C)
static int ssl_key_matches_curves( pk_context *pk,
const ecp_curve_info **curves )
{
const ecp_curve_info **crv = curves;
ecp_group_id grp_id = pk_ec( *pk )->grp.id;
while( *crv != NULL )
{
if( (*crv)->grp_id == grp_id )
return( 1 );
crv++;
}
return( 0 );
}
#endif /* POLARSSL_ECDSA_C */
/*
* Try picking a certificate for this ciphersuite,
* return 0 on success and -1 on failure.
*/
static int ssl_pick_cert( ssl_context *ssl,
const ssl_ciphersuite_t * ciphersuite_info )
{
ssl_key_cert *cur, *list;
pk_type_t pk_alg = ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info );
#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
if( ssl->handshake->sni_key_cert != NULL )
list = ssl->handshake->sni_key_cert;
else
#endif
list = ssl->handshake->key_cert;
if( pk_alg == POLARSSL_PK_NONE )
return( 0 );
for( cur = list; cur != NULL; cur = cur->next )
{
if( ! pk_can_do( cur->key, pk_alg ) )
continue;
#if defined(POLARSSL_ECDSA_C)
if( pk_alg == POLARSSL_PK_ECDSA )
{
if( ssl_key_matches_curves( cur->key, ssl->handshake->curves ) )
break;
}
else
#endif
break;
}
if( cur == NULL )
return( -1 );
ssl->handshake->key_cert = cur;
return( 0 );
}
#endif /* POLARSSL_X509_CRT_PARSE_C */
static int ssl_parse_client_hello( ssl_context *ssl ) static int ssl_parse_client_hello( ssl_context *ssl )
{ {
int ret; int ret;
@ -888,9 +982,6 @@ static int ssl_parse_client_hello( ssl_context *ssl )
int handshake_failure = 0; int handshake_failure = 0;
const int *ciphersuites; const int *ciphersuites;
const ssl_ciphersuite_t *ciphersuite_info; const ssl_ciphersuite_t *ciphersuite_info;
#if defined(POLARSSL_PK_C)
pk_type_t pk_alg;
#endif
SSL_DEBUG_MSG( 2, ( "=> parse client hello" ) ); SSL_DEBUG_MSG( 2, ( "=> parse client hello" ) );
@ -1271,7 +1362,8 @@ static int ssl_parse_client_hello( ssl_context *ssl )
/* /*
* Search for a matching ciphersuite * Search for a matching ciphersuite
* (At the end because we need information from the EC-based extensions) * (At the end because we need information from the EC-based extensions
* and certificate from the SNI callback triggered by the SNI extension.)
*/ */
ciphersuites = ssl->ciphersuite_list[ssl->minor_ver]; ciphersuites = ssl->ciphersuite_list[ssl->minor_ver];
for( i = 0; ciphersuites[i] != 0; i++ ) for( i = 0; ciphersuites[i] != 0; i++ )
@ -1297,17 +1389,19 @@ static int ssl_parse_client_hello( ssl_context *ssl )
#if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C) #if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C)
if( ssl_ciphersuite_uses_ec( ciphersuite_info ) && if( ssl_ciphersuite_uses_ec( ciphersuite_info ) &&
ssl->handshake->ec_curve == 0 ) ssl->handshake->curves[0] == NULL )
continue; continue;
#endif #endif
/* If ciphersuite requires us to have a private key of a #if defined(POLARSSL_X509_CRT_PARSE_C)
* certain type, make sure we do */ /*
#if defined(POLARSSL_PK_C) * Final check: if ciphersuite requires us to have a
pk_alg = ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info ); * certificate/key of a particular type:
if( pk_alg != POLARSSL_PK_NONE && * - select the appropriate certificate if we have one, or
( ssl->pk_key == NULL || * - try the next ciphersuite if we don't
! pk_can_do( ssl->pk_key, pk_alg ) ) ) * This must be done last since we modify the key_cert list.
*/
if( ssl_pick_cert( ssl, ciphersuite_info ) != 0 )
continue; continue;
#endif #endif
@ -1909,7 +2003,7 @@ static int ssl_write_server_key_exchange( ssl_context *ssl )
* } ServerECDHParams; * } ServerECDHParams;
*/ */
if( ( ret = ecp_use_known_dp( &ssl->handshake->ecdh_ctx.grp, if( ( ret = ecp_use_known_dp( &ssl->handshake->ecdh_ctx.grp,
ssl->handshake->ec_curve ) ) != 0 ) ssl->handshake->curves[0]->grp_id ) ) != 0 )
{ {
SSL_DEBUG_RET( 1, "ecp_use_known_dp", ret ); SSL_DEBUG_RET( 1, "ecp_use_known_dp", ret );
return( ret ); return( ret );
@ -2065,7 +2159,7 @@ static int ssl_write_server_key_exchange( ssl_context *ssl )
/* /*
* Make the signature * Make the signature
*/ */
if( ssl->pk_key == NULL ) if( ssl_own_key( ssl ) == NULL )
{ {
SSL_DEBUG_MSG( 1, ( "got no private key" ) ); SSL_DEBUG_MSG( 1, ( "got no private key" ) );
return( POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED ); return( POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED );
@ -2075,13 +2169,13 @@ static int ssl_write_server_key_exchange( ssl_context *ssl )
if( ssl->minor_ver == SSL_MINOR_VERSION_3 ) if( ssl->minor_ver == SSL_MINOR_VERSION_3 )
{ {
*(p++) = ssl->handshake->sig_alg; *(p++) = ssl->handshake->sig_alg;
*(p++) = ssl_sig_from_pk( ssl->pk_key ); *(p++) = ssl_sig_from_pk( ssl_own_key( ssl ) );
n += 2; n += 2;
} }
#endif /* POLARSSL_SSL_PROTO_TLS1_2 */ #endif /* POLARSSL_SSL_PROTO_TLS1_2 */
if( ( ret = pk_sign( ssl->pk_key, md_alg, hash, hashlen, if( ( ret = pk_sign( ssl_own_key( ssl ), md_alg, hash, hashlen,
p + 2 , &signature_len, p + 2 , &signature_len,
ssl->f_rng, ssl->p_rng ) ) != 0 ) ssl->f_rng, ssl->p_rng ) ) != 0 )
{ {
@ -2221,7 +2315,7 @@ static int ssl_parse_encrypted_pms_secret( ssl_context *ssl )
int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE; int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
size_t i, n = 0; size_t i, n = 0;
if( ! pk_can_do( ssl->pk_key, POLARSSL_PK_RSA ) ) if( ! pk_can_do( ssl_own_key( ssl ), POLARSSL_PK_RSA ) )
{ {
SSL_DEBUG_MSG( 1, ( "got no RSA private key" ) ); SSL_DEBUG_MSG( 1, ( "got no RSA private key" ) );
return( POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED ); return( POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED );
@ -2231,7 +2325,7 @@ static int ssl_parse_encrypted_pms_secret( ssl_context *ssl )
* Decrypt the premaster using own private RSA key * Decrypt the premaster using own private RSA key
*/ */
i = 4; i = 4;
n = pk_get_len( ssl->pk_key ); n = pk_get_len( ssl_own_key( ssl ) );
ssl->handshake->pmslen = 48; ssl->handshake->pmslen = 48;
#if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) || \ #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) || \
@ -2254,7 +2348,7 @@ static int ssl_parse_encrypted_pms_secret( ssl_context *ssl )
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
} }
ret = pk_decrypt( ssl->pk_key, ret = pk_decrypt( ssl_own_key( ssl ),
ssl->in_msg + i, n, ssl->in_msg + i, n,
ssl->handshake->premaster, &ssl->handshake->pmslen, ssl->handshake->premaster, &ssl->handshake->pmslen,
sizeof(ssl->handshake->premaster), sizeof(ssl->handshake->premaster),

141
library/ssl_tls.c
View File

@ -2302,7 +2302,7 @@ int ssl_write_certificate( ssl_context *ssl )
* If using SSLv3 and got no cert, send an Alert message * If using SSLv3 and got no cert, send an Alert message
* (otherwise an empty Certificate message will be sent). * (otherwise an empty Certificate message will be sent).
*/ */
if( ssl->own_cert == NULL && if( ssl_own_cert( ssl ) == NULL &&
ssl->minor_ver == SSL_MINOR_VERSION_0 ) ssl->minor_ver == SSL_MINOR_VERSION_0 )
{ {
ssl->out_msglen = 2; ssl->out_msglen = 2;
@ -2317,14 +2317,14 @@ int ssl_write_certificate( ssl_context *ssl )
} }
else /* SSL_IS_SERVER */ else /* SSL_IS_SERVER */
{ {
if( ssl->own_cert == NULL ) if( ssl_own_cert( ssl ) == NULL )
{ {
SSL_DEBUG_MSG( 1, ( "got no certificate to send" ) ); SSL_DEBUG_MSG( 1, ( "got no certificate to send" ) );
return( POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED ); return( POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED );
} }
} }
SSL_DEBUG_CRT( 3, "own certificate", ssl->own_cert ); SSL_DEBUG_CRT( 3, "own certificate", ssl_own_cert( ssl ) );
/* /*
* 0 . 0 handshake type * 0 . 0 handshake type
@ -2336,7 +2336,7 @@ int ssl_write_certificate( ssl_context *ssl )
* n+3 . ... upper level cert, etc. * n+3 . ... upper level cert, etc.
*/ */
i = 7; i = 7;
crt = ssl->own_cert; crt = ssl_own_cert( ssl );
while( crt != NULL ) while( crt != NULL )
{ {
@ -3462,6 +3462,30 @@ void ssl_set_ciphersuites_for_version( ssl_context *ssl, const int *ciphersuites
} }
#if defined(POLARSSL_X509_CRT_PARSE_C) #if defined(POLARSSL_X509_CRT_PARSE_C)
/* Add a new (empty) key_cert entry an return a pointer to it */
static ssl_key_cert *ssl_add_key_cert( ssl_context *ssl )
{
ssl_key_cert *key_cert, *last;
if( ( key_cert = polarssl_malloc( sizeof( ssl_key_cert ) ) ) == NULL )
return( NULL );
memset( key_cert, 0, sizeof( ssl_key_cert ) );
/* Append the new key_cert to the (possibly empty) current list */
if( ssl->key_cert == NULL )
ssl->key_cert = key_cert;
else
{
last = ssl->key_cert;
while( last->next != NULL )
last = last->next;
last->next = key_cert;
}
return key_cert;
}
void ssl_set_ca_chain( ssl_context *ssl, x509_crt *ca_chain, void ssl_set_ca_chain( ssl_context *ssl, x509_crt *ca_chain,
x509_crl *ca_crl, const char *peer_cn ) x509_crl *ca_crl, const char *peer_cn )
{ {
@ -3470,11 +3494,18 @@ void ssl_set_ca_chain( ssl_context *ssl, x509_crt *ca_chain,
ssl->peer_cn = peer_cn; ssl->peer_cn = peer_cn;
} }
void ssl_set_own_cert( ssl_context *ssl, x509_crt *own_cert, int ssl_set_own_cert( ssl_context *ssl, x509_crt *own_cert,
pk_context *pk_key ) pk_context *pk_key )
{ {
ssl->own_cert = own_cert; ssl_key_cert *key_cert = ssl_add_key_cert( ssl );
ssl->pk_key = pk_key;
if( key_cert == NULL )
return( POLARSSL_ERR_SSL_MALLOC_FAILED );
key_cert->cert = own_cert;
key_cert->key = pk_key;
return( 0 );
} }
#if defined(POLARSSL_RSA_C) #if defined(POLARSSL_RSA_C)
@ -3482,23 +3513,26 @@ int ssl_set_own_cert_rsa( ssl_context *ssl, x509_crt *own_cert,
rsa_context *rsa_key ) rsa_context *rsa_key )
{ {
int ret; int ret;
ssl_key_cert *key_cert = ssl_add_key_cert( ssl );
ssl->own_cert = own_cert; if( key_cert == NULL )
if( ( ssl->pk_key = polarssl_malloc( sizeof( pk_context ) ) ) == NULL )
return( POLARSSL_ERR_SSL_MALLOC_FAILED ); return( POLARSSL_ERR_SSL_MALLOC_FAILED );
ssl->pk_key_own_alloc = 1; if( ( key_cert->key = polarssl_malloc( sizeof( pk_context ) ) ) == NULL )
return( POLARSSL_ERR_SSL_MALLOC_FAILED );
pk_init( ssl->pk_key ); pk_init( key_cert->key );
ret = pk_init_ctx( ssl->pk_key, pk_info_from_type( POLARSSL_PK_RSA ) ); ret = pk_init_ctx( key_cert->key, pk_info_from_type( POLARSSL_PK_RSA ) );
if( ret != 0 ) if( ret != 0 )
return( ret ); return( ret );
if( ( ret = rsa_copy( ssl->pk_key->pk_ctx, rsa_key ) ) != 0 ) if( ( ret = rsa_copy( key_cert->key->pk_ctx, rsa_key ) ) != 0 )
return( ret ); return( ret );
key_cert->cert = own_cert;
key_cert->key_own_alloc = 1;
return( 0 ); return( 0 );
} }
#endif /* POLARSSL_RSA_C */ #endif /* POLARSSL_RSA_C */
@ -3509,17 +3543,25 @@ int ssl_set_own_cert_alt( ssl_context *ssl, x509_crt *own_cert,
rsa_sign_func rsa_sign, rsa_sign_func rsa_sign,
rsa_key_len_func rsa_key_len ) rsa_key_len_func rsa_key_len )
{ {
ssl->own_cert = own_cert; int ret;
ssl_key_cert *key_cert = ssl_add_key_cert( ssl );
if( ( ssl->pk_key = polarssl_malloc( sizeof( pk_context ) ) ) == NULL ) if( key_cert == NULL )
return( POLARSSL_ERR_SSL_MALLOC_FAILED ); return( POLARSSL_ERR_SSL_MALLOC_FAILED );
ssl->pk_key_own_alloc = 1; if( ( key_cert->key = polarssl_malloc( sizeof( pk_context ) ) ) == NULL )
return( POLARSSL_ERR_SSL_MALLOC_FAILED );
pk_init( ssl->pk_key ); pk_init( key_cert->key );
return( pk_init_ctx_rsa_alt( ssl->pk_key, rsa_key, if( ( ret = pk_init_ctx_rsa_alt( key_cert->key, rsa_key,
rsa_decrypt, rsa_sign, rsa_key_len ) ); rsa_decrypt, rsa_sign, rsa_key_len ) ) != 0 )
return( ret );
key_cert->cert = own_cert;
key_cert->key_own_alloc = 1;
return( 0 );
} }
#endif /* POLARSSL_X509_CRT_PARSE_C */ #endif /* POLARSSL_X509_CRT_PARSE_C */
@ -3807,6 +3849,10 @@ int ssl_handshake( ssl_context *ssl )
SSL_DEBUG_MSG( 2, ( "=> handshake" ) ); SSL_DEBUG_MSG( 2, ( "=> handshake" ) );
#if defined(POLARSSL_X509_CRT_PARSE_C)
ssl->handshake->key_cert = ssl->key_cert;
#endif
while( ssl->state != SSL_HANDSHAKE_OVER ) while( ssl->state != SSL_HANDSHAKE_OVER )
{ {
ret = ssl_handshake_step( ssl ); ret = ssl_handshake_step( ssl );
@ -4081,12 +4127,36 @@ void ssl_transform_free( ssl_transform *transform )
inflateEnd( &transform->ctx_inflate ); inflateEnd( &transform->ctx_inflate );
#endif #endif
cipher_free_ctx( &transform->cipher_ctx_enc );
cipher_free_ctx( &transform->cipher_ctx_dec );
md_free_ctx( &transform->md_ctx_enc ); md_free_ctx( &transform->md_ctx_enc );
md_free_ctx( &transform->md_ctx_dec ); md_free_ctx( &transform->md_ctx_dec );
memset( transform, 0, sizeof( ssl_transform ) ); memset( transform, 0, sizeof( ssl_transform ) );
} }
#if defined(POLARSSL_X509_CRT_PARSE_C)
static void ssl_key_cert_free( ssl_key_cert *key_cert )
{
ssl_key_cert *cur = key_cert, *next;
while( cur != NULL )
{
next = cur->next;
if( cur->key_own_alloc )
{
pk_free( cur->key );
polarssl_free( cur->key );
}
polarssl_free( cur );
cur = next;
}
}
#endif /* POLARSSL_X509_CRT_PARSE_C */
void ssl_handshake_free( ssl_handshake_params *handshake ) void ssl_handshake_free( ssl_handshake_params *handshake )
{ {
#if defined(POLARSSL_DHM_C) #if defined(POLARSSL_DHM_C)
@ -4096,6 +4166,29 @@ void ssl_handshake_free( ssl_handshake_params *handshake )
ecdh_free( &handshake->ecdh_ctx ); ecdh_free( &handshake->ecdh_ctx );
#endif #endif
#if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C)
polarssl_free( handshake->curves );
#endif
#if defined(POLARSSL_X509_CRT_PARSE_C) && \
defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
/*
* Free only the linked list wrapper, not the keys themselves
* since the belong to the SNI callback
*/
if( handshake->sni_key_cert != NULL )
{
ssl_key_cert *cur = handshake->sni_key_cert, *next;
while( cur != NULL )
{
next = cur->next;
polarssl_free( cur );
cur = next;
}
}
#endif
memset( handshake, 0, sizeof( ssl_handshake_params ) ); memset( handshake, 0, sizeof( ssl_handshake_params ) );
} }
@ -4188,12 +4281,8 @@ void ssl_free( ssl_context *ssl )
} }
#endif #endif
#if defined(POLARSSL_PK_C) #if defined(POLARSSL_X509_CRT_PARSE_C)
if( ssl->pk_key_own_alloc ) ssl_key_cert_free( ssl->key_cert );
{
pk_free( ssl->pk_key );
polarssl_free( ssl->pk_key );
}
#endif #endif
#if defined(POLARSSL_SSL_HW_RECORD_ACCEL) #if defined(POLARSSL_SSL_HW_RECORD_ACCEL)

2
library/x509_crt.c
View File

@ -1391,6 +1391,8 @@ static int x509_crt_verify_top(
#if defined(POLARSSL_X509_CRL_PARSE_C) #if defined(POLARSSL_X509_CRL_PARSE_C)
/* Check trusted CA's CRL for the chain's top crt */ /* Check trusted CA's CRL for the chain's top crt */
*flags |= x509_crt_verifycrl( child, trust_ca, ca_crl ); *flags |= x509_crt_verifycrl( child, trust_ca, ca_crl );
#else
((void) ca_crl);
#endif #endif
if( x509_time_expired( &trust_ca->valid_to ) ) if( x509_time_expired( &trust_ca->valid_to ) )

4
programs/ssl/ssl_client1.c
View File

@ -109,8 +109,8 @@ int main( int argc, char *argv[] )
fflush( stdout ); fflush( stdout );
#if defined(POLARSSL_CERTS_C) #if defined(POLARSSL_CERTS_C)
ret = x509_crt_parse( &cacert, (const unsigned char *) test_ca_crt, ret = x509_crt_parse( &cacert, (const unsigned char *) test_ca_list,
strlen( test_ca_crt ) ); strlen( test_ca_list ) );
#else #else
ret = 1; ret = 1;
printf("POLARSSL_CERTS_C not defined."); printf("POLARSSL_CERTS_C not defined.");

4
programs/ssl/ssl_client2.c
View File

@ -576,8 +576,8 @@ int main( int argc, char *argv[] )
else else
#endif #endif
#if defined(POLARSSL_CERTS_C) #if defined(POLARSSL_CERTS_C)
ret = x509_crt_parse( &cacert, (const unsigned char *) test_ca_crt, ret = x509_crt_parse( &cacert, (const unsigned char *) test_ca_list,
strlen( test_ca_crt ) ); strlen( test_ca_list ) );
#else #else
{ {
ret = 1; ret = 1;

4
programs/ssl/ssl_fork_server.c
View File

@ -145,8 +145,8 @@ int main( int argc, char *argv[] )
goto exit; goto exit;
} }
ret = x509_crt_parse( &srvcert, (const unsigned char *) test_ca_crt, ret = x509_crt_parse( &srvcert, (const unsigned char *) test_ca_list,
strlen( test_ca_crt ) ); strlen( test_ca_list ) );
if( ret != 0 ) if( ret != 0 )
{ {
printf( " failed\n ! x509_crt_parse returned %d\n\n", ret ); printf( " failed\n ! x509_crt_parse returned %d\n\n", ret );

4
programs/ssl/ssl_mail_client.c
View File

@ -484,8 +484,8 @@ int main( int argc, char *argv[] )
else else
#endif #endif
#if defined(POLARSSL_CERTS_C) #if defined(POLARSSL_CERTS_C)
ret = x509_crt_parse( &cacert, (const unsigned char *) test_ca_crt, ret = x509_crt_parse( &cacert, (const unsigned char *) test_ca_list,
strlen( test_ca_crt ) ); strlen( test_ca_list ) );
#else #else
{ {
ret = 1; ret = 1;

4
programs/ssl/ssl_server.c
View File

@ -125,8 +125,8 @@ int main( int argc, char *argv[] )
goto exit; goto exit;
} }
ret = x509_crt_parse( &srvcert, (const unsigned char *) test_ca_crt, ret = x509_crt_parse( &srvcert, (const unsigned char *) test_ca_list,
strlen( test_ca_crt ) ); strlen( test_ca_list ) );
if( ret != 0 ) if( ret != 0 )
{ {
printf( " failed\n ! x509_crt_parse returned %d\n\n", ret ); printf( " failed\n ! x509_crt_parse returned %d\n\n", ret );

148
programs/ssl/ssl_server2.c
View File

@ -56,6 +56,8 @@
#define DFL_CA_PATH "" #define DFL_CA_PATH ""
#define DFL_CRT_FILE "" #define DFL_CRT_FILE ""
#define DFL_KEY_FILE "" #define DFL_KEY_FILE ""
#define DFL_CRT_FILE2 ""
#define DFL_KEY_FILE2 ""
#define DFL_PSK "" #define DFL_PSK ""
#define DFL_PSK_IDENTITY "Client_identity" #define DFL_PSK_IDENTITY "Client_identity"
#define DFL_FORCE_CIPHER 0 #define DFL_FORCE_CIPHER 0
@ -91,8 +93,10 @@ struct options
int debug_level; /* level of debugging */ int debug_level; /* level of debugging */
const char *ca_file; /* the file with the CA certificate(s) */ const char *ca_file; /* the file with the CA certificate(s) */
const char *ca_path; /* the path with the CA certificate(s) reside */ const char *ca_path; /* the path with the CA certificate(s) reside */
const char *crt_file; /* the file with the client certificate */ const char *crt_file; /* the file with the server certificate */
const char *key_file; /* the file with the client key */ const char *key_file; /* the file with the server key */
const char *crt_file2; /* the file with the 2nd server certificate */
const char *key_file2; /* the file with the 2nd server key */
const char *psk; /* the pre-shared key */ const char *psk; /* the pre-shared key */
const char *psk_identity; /* the pre-shared key identity */ const char *psk_identity; /* the pre-shared key identity */
int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */ int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */
@ -114,6 +118,7 @@ static void my_debug( void *ctx, int level, const char *str )
} }
} }
#if defined(POLARSSL_X509_CRT_PARSE_C) #if defined(POLARSSL_X509_CRT_PARSE_C)
#if defined(POLARSSL_FS_IO) #if defined(POLARSSL_FS_IO)
#define USAGE_IO \ #define USAGE_IO \
@ -122,8 +127,13 @@ static void my_debug( void *ctx, int level, const char *str )
" ca_path=%%s The path containing the top-level CA(s) you fully trust\n" \ " ca_path=%%s The path containing the top-level CA(s) you fully trust\n" \
" default: \"\" (pre-loaded) (overrides ca_file)\n" \ " default: \"\" (pre-loaded) (overrides ca_file)\n" \
" crt_file=%%s Your own cert and chain (in bottom to top order, top may be omitted)\n" \ " crt_file=%%s Your own cert and chain (in bottom to top order, top may be omitted)\n" \
" default: \"\" (pre-loaded)\n" \ " default: see note after key_file2\n" \
" key_file=%%s default: \"\" (pre-loaded)\n" " key_file=%%s default: see note after key_file2\n" \
" crt_file2=%%s Your second cert and chain (in bottom to top order, top may be omitted)\n" \
" default: see note after key_file2\n" \
" key_file2=%%s default: see note below\n" \
" note: if neither crt_file/key_file nor crt_file2/key_file2 are used,\n" \
" preloaded certificate(s) and key(s) are used if available\n"
#else #else
#define USAGE_IO \ #define USAGE_IO \
"\n" \ "\n" \
@ -212,6 +222,9 @@ int main( int argc, char *argv[] )
x509_crt cacert; x509_crt cacert;
x509_crt srvcert; x509_crt srvcert;
pk_context pkey; pk_context pkey;
x509_crt srvcert2;
pk_context pkey2;
int key_cert_init = 0, key_cert_init2 = 0;
#endif #endif
#if defined(POLARSSL_SSL_CACHE_C) #if defined(POLARSSL_SSL_CACHE_C)
ssl_cache_context cache; ssl_cache_context cache;
@ -237,6 +250,8 @@ int main( int argc, char *argv[] )
x509_crt_init( &cacert ); x509_crt_init( &cacert );
x509_crt_init( &srvcert ); x509_crt_init( &srvcert );
pk_init( &pkey ); pk_init( &pkey );
x509_crt_init( &srvcert2 );
pk_init( &pkey2 );
#endif #endif
#if defined(POLARSSL_SSL_CACHE_C) #if defined(POLARSSL_SSL_CACHE_C)
ssl_cache_init( &cache ); ssl_cache_init( &cache );
@ -270,6 +285,8 @@ int main( int argc, char *argv[] )
opt.ca_path = DFL_CA_PATH; opt.ca_path = DFL_CA_PATH;
opt.crt_file = DFL_CRT_FILE; opt.crt_file = DFL_CRT_FILE;
opt.key_file = DFL_KEY_FILE; opt.key_file = DFL_KEY_FILE;
opt.crt_file2 = DFL_CRT_FILE2;
opt.key_file2 = DFL_KEY_FILE2;
opt.psk = DFL_PSK; opt.psk = DFL_PSK;
opt.psk_identity = DFL_PSK_IDENTITY; opt.psk_identity = DFL_PSK_IDENTITY;
opt.force_ciphersuite[0]= DFL_FORCE_CIPHER; opt.force_ciphersuite[0]= DFL_FORCE_CIPHER;
@ -308,6 +325,10 @@ int main( int argc, char *argv[] )
opt.crt_file = q; opt.crt_file = q;
else if( strcmp( p, "key_file" ) == 0 ) else if( strcmp( p, "key_file" ) == 0 )
opt.key_file = q; opt.key_file = q;
else if( strcmp( p, "crt_file2" ) == 0 )
opt.crt_file2 = q;
else if( strcmp( p, "key_file2" ) == 0 )
opt.key_file2 = q;
else if( strcmp( p, "psk" ) == 0 ) else if( strcmp( p, "psk" ) == 0 )
opt.psk = q; opt.psk = q;
else if( strcmp( p, "psk_identity" ) == 0 ) else if( strcmp( p, "psk_identity" ) == 0 )
@ -528,8 +549,8 @@ int main( int argc, char *argv[] )
else else
#endif #endif
#if defined(POLARSSL_CERTS_C) #if defined(POLARSSL_CERTS_C)
ret = x509_crt_parse( &cacert, (const unsigned char *) test_ca_crt, ret = x509_crt_parse( &cacert, (const unsigned char *) test_ca_list,
strlen( test_ca_crt ) ); strlen( test_ca_list ) );
#else #else
{ {
ret = 1; ret = 1;
@ -552,42 +573,98 @@ int main( int argc, char *argv[] )
#if defined(POLARSSL_FS_IO) #if defined(POLARSSL_FS_IO)
if( strlen( opt.crt_file ) ) if( strlen( opt.crt_file ) )
ret = x509_crt_parse_file( &srvcert, opt.crt_file );
else
#endif
#if defined(POLARSSL_CERTS_C)
ret = x509_crt_parse( &srvcert, (const unsigned char *) test_srv_crt,
strlen( test_srv_crt ) );
#else
{ {
ret = 1; key_cert_init++;
printf("POLARSSL_CERTS_C not defined."); if( ( ret = x509_crt_parse_file( &srvcert, opt.crt_file ) ) != 0 )
{
printf( " failed\n ! x509_crt_parse_file returned -0x%x\n\n",
-ret );
goto exit;
}
} }
#endif if( strlen( opt.key_file ) )
if( ret != 0 )
{ {
printf( " failed\n ! x509_crt_parse returned -0x%x\n\n", -ret ); key_cert_init++;
if( ( ret = pk_parse_keyfile( &pkey, opt.key_file, "" ) ) != 0 )
{
printf( " failed\n ! pk_parse_keyfile returned -0x%x\n\n", -ret );
goto exit;
}
}
if( key_cert_init == 1 )
{
printf( " failed\n ! crt_file without key_file or vice-versa\n\n" );
goto exit; goto exit;
} }
#if defined(POLARSSL_FS_IO) if( strlen( opt.crt_file2 ) )
if( strlen( opt.key_file ) )
ret = pk_parse_keyfile( &pkey, opt.key_file, "" );
else
#endif
#if defined(POLARSSL_CERTS_C)
ret = pk_parse_key( &pkey, (const unsigned char *) test_srv_key,
strlen( test_srv_key ), NULL, 0 );
#else
{ {
ret = 1; key_cert_init2++;
printf("POLARSSL_CERTS_C not defined."); if( ( ret = x509_crt_parse_file( &srvcert2, opt.crt_file2 ) ) != 0 )
{
printf( " failed\n ! x509_crt_parse_file(2) returned -0x%x\n\n",
-ret );
goto exit;
}
}
if( strlen( opt.key_file2 ) )
{
key_cert_init2++;
if( ( ret = pk_parse_keyfile( &pkey2, opt.key_file2, "" ) ) != 0 )
{
printf( " failed\n ! pk_parse_keyfile(2) returned -0x%x\n\n",
-ret );
goto exit;
}
}
if( key_cert_init2 == 1 )
{
printf( " failed\n ! crt_file2 without key_file2 or vice-versa\n\n" );
goto exit;
} }
#endif #endif
if( ret != 0 ) if( key_cert_init == 0 && key_cert_init2 == 0 )
{ {
printf( " failed\n ! pk_parse_key returned -0x%x\n\n", -ret ); #if !defined(POLARSSL_CERTS_C)
printf( "Not certificated or key provided, and \n"
"POLARSSL_CERTS_C not defined!\n" );
goto exit; goto exit;
#else
#if defined(POLARSSL_RSA_C)
if( ( ret = x509_crt_parse( &srvcert,
(const unsigned char *) test_srv_crt_rsa,
strlen( test_srv_crt_rsa ) ) ) != 0 )
{
printf( " failed\n ! x509_crt_parse returned -0x%x\n\n", -ret );
goto exit;
}
if( ( ret = pk_parse_key( &pkey,
(const unsigned char *) test_srv_key_rsa,
strlen( test_srv_key_rsa ), NULL, 0 ) ) != 0 )
{
printf( " failed\n ! pk_parse_key returned -0x%x\n\n", -ret );
goto exit;
}
key_cert_init = 2;
#endif /* POLARSSL_RSA_C */
#if defined(POLARSSL_ECDSA_C)
if( ( ret = x509_crt_parse( &srvcert2,
(const unsigned char *) test_srv_crt_ec,
strlen( test_srv_crt_ec ) ) ) != 0 )
{
printf( " failed\n ! x509_crt_parse2 returned -0x%x\n\n", -ret );
goto exit;
}
if( ( ret = pk_parse_key( &pkey2,
(const unsigned char *) test_srv_key_ec,
strlen( test_srv_key_ec ), NULL, 0 ) ) != 0 )
{
printf( " failed\n ! pk_parse_key2 returned -0x%x\n\n", -ret );
goto exit;
}
key_cert_init2 = 2;
#endif /* POLARSSL_ECDSA_C */
#endif /* POLARSSL_CERTS_C */
} }
printf( " ok\n" ); printf( " ok\n" );
@ -646,7 +723,10 @@ int main( int argc, char *argv[] )
#if defined(POLARSSL_X509_CRT_PARSE_C) #if defined(POLARSSL_X509_CRT_PARSE_C)
ssl_set_ca_chain( &ssl, &cacert, NULL, NULL ); ssl_set_ca_chain( &ssl, &cacert, NULL, NULL );
ssl_set_own_cert( &ssl, &srvcert, &pkey ); if( key_cert_init )
ssl_set_own_cert( &ssl, &srvcert, &pkey );
if( key_cert_init2 )
ssl_set_own_cert( &ssl, &srvcert2, &pkey2 );
#endif #endif
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) #if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
@ -875,9 +955,11 @@ exit:
net_close( client_fd ); net_close( client_fd );
#if defined(POLARSSL_X509_CRT_PARSE_C) #if defined(POLARSSL_X509_CRT_PARSE_C)
x509_crt_free( &srvcert );
x509_crt_free( &cacert ); x509_crt_free( &cacert );
x509_crt_free( &srvcert );
pk_free( &pkey ); pk_free( &pkey );
x509_crt_free( &srvcert2 );
pk_free( &pkey2 );
#endif #endif
ssl_free( &ssl ); ssl_free( &ssl );

6
programs/test/ssl_cert_test.c
View File

@ -29,13 +29,14 @@
#include <stdio.h> #include <stdio.h>
#if !defined(POLARSSL_RSA_C) || !defined(POLARSSL_X509_CRT_PARSE_C) || \ #if !defined(POLARSSL_RSA_C) || !defined(POLARSSL_X509_CRT_PARSE_C) || \
!defined(POLARSSL_FS_IO) !defined(POLARSSL_FS_IO) || !defined(POLARSSL_X509_CRL_PARSE_C)
int main( int argc, char *argv[] ) int main( int argc, char *argv[] )
{ {
((void) argc); ((void) argc);
((void) argv); ((void) argv);
printf("POLARSSL_RSA_C and/or POLARSSL_X509_CRT_PARSE_C " printf("POLARSSL_RSA_C and/or POLARSSL_X509_CRT_PARSE_C "
"POLARSSL_FS_IO and/or POLARSSL_X509_CRL_PARSE_C "
"not defined.\n"); "not defined.\n");
return( 0 ); return( 0 );
} }
@ -257,4 +258,5 @@ exit:
return( ret ); return( ret );
} }
#endif /* POLARSSL_RSA_C && POLARSSL_X509_CRT_PARSE_C && POLARSSL_FS_IO */ #endif /* POLARSSL_RSA_C && POLARSSL_X509_CRT_PARSE_C && POLARSSL_FS_IO &&
POLARSSL_X509_CRL_PARSE_C */

4
programs/test/ssl_test.c
View File

@ -218,8 +218,8 @@ static int ssl_test( struct options *opt )
goto exit; goto exit;
} }
ret = x509_crt_parse( &srvcert, (const unsigned char *) test_ca_crt, ret = x509_crt_parse( &srvcert, (const unsigned char *) test_ca_list,
strlen( test_ca_crt ) ); strlen( test_ca_list ) );
if( ret != 0 ) if( ret != 0 )
{ {
printf( " ! x509_crt_parse returned %d\n\n", ret ); printf( " ! x509_crt_parse returned %d\n\n", ret );

1
scripts/data_files/config-mini-tls1_1.h
View File

@ -34,7 +34,6 @@
#define POLARSSL_SSL_CLI_C #define POLARSSL_SSL_CLI_C
#define POLARSSL_SSL_SRV_C #define POLARSSL_SSL_SRV_C
#define POLARSSL_SSL_TLS_C #define POLARSSL_SSL_TLS_C
#define POLARSSL_X509_CRL_PARSE_C
#define POLARSSL_X509_CRT_PARSE_C #define POLARSSL_X509_CRT_PARSE_C
#define POLARSSL_X509_USE_C #define POLARSSL_X509_USE_C

5
scripts/data_files/config-suite-b.h
View File

@ -34,7 +34,6 @@
#define POLARSSL_SSL_CLI_C #define POLARSSL_SSL_CLI_C
#define POLARSSL_SSL_SRV_C #define POLARSSL_SSL_SRV_C
#define POLARSSL_SSL_TLS_C #define POLARSSL_SSL_TLS_C
#define POLARSSL_X509_CRL_PARSE_C
#define POLARSSL_X509_CRT_PARSE_C #define POLARSSL_X509_CRT_PARSE_C
#define POLARSSL_X509_USE_C #define POLARSSL_X509_USE_C
@ -46,9 +45,5 @@
/* For testing with compat.sh */ /* For testing with compat.sh */
#define POLARSSL_FS_IO #define POLARSSL_FS_IO
/* Temporary for current certificates */
#define POLARSSL_ECP_DP_SECP192R1_ENABLED
#define POLARSSL_SHA1_C
/* marker for activate-config.pl /* marker for activate-config.pl
* \} name SECTION: PolarSSL modules */ * \} name SECTION: PolarSSL modules */

14
tests/data_files/cli2.crt Normal file
View File

@ -0,0 +1,14 @@
-----BEGIN CERTIFICATE-----
MIICLDCCAbKgAwIBAgIBDTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjBBMQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxHzAdBgNVBAMTFlBvbGFyU1NMIFRlc3QgQ2xpZW50IDIw
WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARX5a6xc9/TrLuTuIH/Eq7u5lOszlVT
9jQOzC7jYyUL35ji81xgNpbA1RgUcOV/n9VLRRjlsGzVXPiWj4dwo+THo4GdMIGa
MAkGA1UdEwQCMAAwHQYDVR0OBBYEFHoAX4Zk/OBd5REQO7LmO8QmP8/iMG4GA1Ud
IwRnMGWAFJ1tICRJAT8ry3i1Gbx+JMnb+zZ8oUKkQDA+MQswCQYDVQQGEwJOTDER
MA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0GC
CQDBQ+J+YkPM6DAKBggqhkjOPQQDAgNoADBlAjBKZQ17IIOimbmoD/yN7o89u3BM
lgOsjnhw3fIOoLIWy2WOGsk/LGF++DzvrRzuNiACMQCd8iem1XS4JK7haj8xocpU
LwjQje5PDGHfd3h9tP38Qknu5bJqws0md2KOKHyeV0U=
-----END CERTIFICATE-----

5
tests/data_files/cli2.key Normal file
View File

@ -0,0 +1,5 @@
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIPb3hmTxZ3/mZI3vyk7p3U3wBf+WIop6hDhkFzJhmLcqoAoGCCqGSM49
AwEHoUQDQgAEV+WusXPf06y7k7iB/xKu7uZTrM5VU/Y0Dswu42MlC9+Y4vNcYDaW
wNUYFHDlf5/VS0UY5bBs1Vz4lo+HcKPkxw==
-----END EC PRIVATE KEY-----

10
tests/data_files/crl-ec-sha1.pem Normal file
View File

@ -0,0 +1,10 @@
-----BEGIN X509 CRL-----
MIIBbzCB9gIBATAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQ
b2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQRcNMTMwOTI0MTYz
MTA4WhcNMjMwOTIyMTYzMTA4WjAUMBICAQoXDTEzMDkyNDE2MjgzOFqgcjBwMG4G
A1UdIwRnMGWAFJ1tICRJAT8ry3i1Gbx+JMnb+zZ8oUKkQDA+MQswCQYDVQQGEwJO
TDERMA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMg
Q0GCCQDBQ+J+YkPM6DAJBgcqhkjOPQQBA2kAMGYCMQDVG95rrSSl4dJgbJ5vR1GW
svEuEsAh35EhF1WrcadMuCeMQVX9cUPupFfQUpHyMfoCMQCKf0yv8pN9BAoi3FVm
56meWPhUekgLKKMAobt2oJJY6feuiFU2YFGs1aF0rV6Bj+U=
-----END X509 CRL-----

14
tests/data_files/crl-ec-sha224.pem
View File

@ -1,10 +1,10 @@
-----BEGIN X509 CRL----- -----BEGIN X509 CRL-----
MIIBUDCB9wIBATAKBggqhkjOPQQDATA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI MIIBcDCB9wIBATAKBggqhkjOPQQDATA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDgwOTA4 UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDkyNDE2
MDYzOFoXDTIzMDgwNzA4MDYzOFowFDASAgECFw0xMzA4MDkwODA0MDNaoHIwcDBu MzEwOFoXDTIzMDkyMjE2MzEwOFowFDASAgEKFw0xMzA5MjQxNjI4MzhaoHIwcDBu
BgNVHSMEZzBlgBS8QO+57pq7NjnhLamiuiy7pr0QcaFCpEAwPjELMAkGA1UEBhMC BgNVHSMEZzBlgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMC
TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD
IENBggkArUJ5dp5y9uEwCgYIKoZIzj0EAwEDSAAwRQIge0CLFC7Ba9urAcQjRg2y IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwEDaAAwZQIwbn+i0dOest0IJGzuqBLA
MlaoNZjFTLfgORXoVIr7qB0CIQD875hm+aual5qW62hMfHcb7W3BoU+vV1D42YyE V5nscZPvHjDV6lWsSwurS4LC/Uv/qWteuMCp3OqQRJHcAjEA6KA0dibovfL1WKFo
sd4POA== C8jUGxlMfHeWDRkqMfcjjgIpky7v50sKtDOfmFJn3HFUbiKp
-----END X509 CRL----- -----END X509 CRL-----

14
tests/data_files/crl-ec-sha256.pem
View File

@ -1,10 +1,10 @@
-----BEGIN X509 CRL----- -----BEGIN X509 CRL-----
MIIBTjCB9wIBATAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI MIIBcTCB9wIBATAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDgwOTA4 UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDkyNDE2
MDY0NFoXDTIzMDgwNzA4MDY0NFowFDASAgECFw0xMzA4MDkwODA0MDNaoHIwcDBu MzEwOFoXDTIzMDkyMjE2MzEwOFowFDASAgEKFw0xMzA5MjQxNjI4MzhaoHIwcDBu
BgNVHSMEZzBlgBS8QO+57pq7NjnhLamiuiy7pr0QcaFCpEAwPjELMAkGA1UEBhMC BgNVHSMEZzBlgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMC
TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD
IENBggkArUJ5dp5y9uEwCgYIKoZIzj0EAwIDRgAwQwIgZ8GDUEO/f6f6+yCdb6jj IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwIDaQAwZgIxAKuQ684s7gyhtxKJr6Ln
/Sw0bkdVRGinNKBda4J87ksCHySC8j+ijdECxWR6O6Isxl9g47WSf+0tRslvqn0k S2BQ02f1jjPHrZVdXaZvm3C5tGi2cKkoK1aMiyC3LsRCuAIxAIMhj0TmcuIZr5fX
D9k= g5RByD7zUnZBpoEAdgxFy4JPJ2IViWOPekSGh8b/JY1VNS6Zbw==
-----END X509 CRL----- -----END X509 CRL-----

14
tests/data_files/crl-ec-sha384.pem
View File

@ -1,10 +1,10 @@
-----BEGIN X509 CRL----- -----BEGIN X509 CRL-----
MIIBUDCB9wIBATAKBggqhkjOPQQDAzA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI MIIBcDCB9wIBATAKBggqhkjOPQQDAzA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDgwOTA4 UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDkyNDE2
MDY1MloXDTIzMDgwNzA4MDY1MlowFDASAgECFw0xMzA4MDkwODA0MDNaoHIwcDBu MzEwOFoXDTIzMDkyMjE2MzEwOFowFDASAgEKFw0xMzA5MjQxNjI4MzhaoHIwcDBu
BgNVHSMEZzBlgBS8QO+57pq7NjnhLamiuiy7pr0QcaFCpEAwPjELMAkGA1UEBhMC BgNVHSMEZzBlgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMC
TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD
IENBggkArUJ5dp5y9uEwCgYIKoZIzj0EAwMDSAAwRQIhAJpojagrap1H0VYcCkfs IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwMDaAAwZQIwateJaD13+Yi4HWBIlOov
JK0a304u+NLa4fkL4Qe9dXRaAiB7gx0xZL0ePad7/PiFfsJgIhMrGiRHGTXnK121 8ZDsvnfQfW/R0A1s2ZccAi+byurShuNGiSvsFSh5d/6QAjEA427F8bNk/fdj5YXu
DgSMLw== Oo1qEd7WpD2dNUb0draGSIcJGBRGzi5it14UXr9cR4S5eJ6Q
-----END X509 CRL----- -----END X509 CRL-----

14
tests/data_files/crl-ec-sha512.pem
View File

@ -1,10 +1,10 @@
-----BEGIN X509 CRL----- -----BEGIN X509 CRL-----
MIIBUDCB9wIBATAKBggqhkjOPQQDBDA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI MIIBcTCB9wIBATAKBggqhkjOPQQDBDA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDgwOTA4 UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDkyNDE2
MDcwMVoXDTIzMDgwNzA4MDcwMVowFDASAgECFw0xMzA4MDkwODA0MDNaoHIwcDBu MzEwOFoXDTIzMDkyMjE2MzEwOFowFDASAgEKFw0xMzA5MjQxNjI4MzhaoHIwcDBu
BgNVHSMEZzBlgBS8QO+57pq7NjnhLamiuiy7pr0QcaFCpEAwPjELMAkGA1UEBhMC BgNVHSMEZzBlgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMC
TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD
IENBggkArUJ5dp5y9uEwCgYIKoZIzj0EAwQDSAAwRQIgYkzK1SMOvmwq2qfkxQ/6 IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwQDaQAwZgIxAL/VFrDIYUECsS0rVpAy
nWz0QaNSVS589vInbPBrFt8CIQDQFZi4S+L7DN/WUl91o1xS6n9aTGoHOzaQS7Ym 6zt/CqeAZ1sa/l5LTaG1XW286n2Kibipr6EpkYZNYIQILgIxAI0wb3Py1DHPWpYf
fWUstQ== /BFBH7C3KYq+nWTrLeEnhrjU1LzG/CiQ8lnuskya6lw/P3lJ/A==
-----END X509 CRL----- -----END X509 CRL-----

10
tests/data_files/crl-ec.pem
View File

@ -1,10 +0,0 @@
-----BEGIN X509 CRL-----
MIIBTTCB9gIBATAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQ
b2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQRcNMTMwODA5MDgw
NjI2WhcNMjMwODA3MDgwNjI2WjAUMBICAQIXDTEzMDgwOTA4MDQwM1qgcjBwMG4G
A1UdIwRnMGWAFLxA77numrs2OeEtqaK6LLumvRBxoUKkQDA+MQswCQYDVQQGEwJO
TDERMA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMg
Q0GCCQCtQnl2nnL24TAJBgcqhkjOPQQBA0cAMEQCIDbClXv2qJc1OgDtaxLWogdO
5x51dupuJ8N+Oa2S1aPJAiBJWFhnRZRvqVRMhkJ5NQquR+crofroBOOrrdmlHvC3
+g==
-----END X509 CRL-----

29
tests/data_files/server4.crt
View File

@ -1,15 +1,18 @@
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIICRDCCAeugAwIBAgIBBDAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYD MIIC6jCCAnCgAwIBAgIBCDAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
VQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAeFw0x A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
MzA4MDkwNzU3NTdaFw0yMzA4MDcwNzU3NTdaMDQxCzAJBgNVBAYTAk5MMREwDwYD MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G
VQQKEwhQb2xhclNTTDESMBAGA1UEAxMJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEB A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN
AQUAA4GNADCBiQKBgQCrySYRCWA2hMyRyGXtO58nVCboGjDXfw+T78yfzrQUFMmG AQEBBQADggEPADCCAQoCggEBAKvXjL5VfYc7D/truqEpYcZcvlUhnuCNDJctYDJL
sMsrjnVriz8TboJla9G5l0BO/KVInrs4X5CBJkAy1TZoJy8QJoYwfDFXQ+x2hH9l vgYYj5uxDxLHBXvnEHLgO5K+lps42p+r/dd4oE64ttRoeZZUvr+7eBnW35n0EpPA
23BF0Mom1frAJl/ju9TzIhqGM2zCFcVHH1ACCxstDp9nqEWN1B0YVW02th8pHwID Ik9Gwu+vg7GfxmifgIR8hZnOQkt2OjvvpChPCxvUailtB450Izh+mEK/hYFr+7Jl
AQABo4GdMIGaMAkGA1UdEwQCMAAwHQYDVR0OBBYEFBfZRL1Q6LhG2+zv4wFMS8Yw NnxR1XQlbbyDM7Ect1HwYcuS3MBlBqq048J+0KEkQXICSjKeHFga9eDCq+Jyfqe5
taURMG4GA1UdIwRnMGWAFLxA77numrs2OeEtqaK6LLumvRBxoUKkQDA+MQswCQYD bt0K30hl1N0164B7aoh08Eomme+aSuAsz+MsJ3m7AO2DUYdrDxlrky1QrvRWWfX0
VQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRl d8djTM+uHTo1DviRM6o9+P9DfoFd53/Z0Km03sVLQWvUrhECAwEAAaOBnTCBmjAJ
c3QgRUMgQ0GCCQCtQnl2nnL24TAJBgcqhkjOPQQBA0gAMEUCICi0VueSFiU2O5MP BgNVHRMEAjAAMB0GA1UdDgQWBBTAlAm1+0L41mhqYWjFiejsRVrGeTBuBgNVHSME
LBPbu0Lsm4kCbWJA34HteefA29wWAiEAne8oWL9ILDpqhuB0wEv5PpKMuXLC2A1e ZzBlgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMCTkwxETAP
ATV35ATh3EM= BgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVDIENBggkA
wUPifmJDzOgwCgYIKoZIzj0EAwIDaAAwZQIxAPWlxnMcjBaxaVieQYSLBqzizS3/
O8Na6owRGPk0/UK+j5O9NTBHk+uXW/fQblKamQIwUQl4dl6gkRDE4rBR/yGjZZ1Z
3dEpvL2Wimt3keD7AcLpYB2FJ1mVcY1XQUeK1Vfc
-----END CERTIFICATE----- -----END CERTIFICATE-----

43
tests/data_files/server4.key
View File

@ -1,16 +1,27 @@
-----BEGIN PRIVATE KEY----- -----BEGIN RSA PRIVATE KEY-----
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAKvJJhEJYDaEzJHI MIIEpAIBAAKCAQEAq9eMvlV9hzsP+2u6oSlhxly+VSGe4I0Mly1gMku+BhiPm7EP
Ze07nydUJugaMNd/D5PvzJ/OtBQUyYawyyuOdWuLPxNugmVr0bmXQE78pUieuzhf EscFe+cQcuA7kr6Wmzjan6v913igTri21Gh5llS+v7t4GdbfmfQSk8AiT0bC76+D
kIEmQDLVNmgnLxAmhjB8MVdD7HaEf2XbcEXQyibV+sAmX+O71PMiGoYzbMIVxUcf sZ/GaJ+AhHyFmc5CS3Y6O++kKE8LG9RqKW0HjnQjOH6YQr+FgWv7smU2fFHVdCVt
UAILGy0On2eoRY3UHRhVbTa2HykfAgMBAAECgYALAPmFQdp944fPFs0gox8Qv902 vIMzsRy3UfBhy5LcwGUGqrTjwn7QoSRBcgJKMp4cWBr14MKr4nJ+p7lu3QrfSGXU
JOdYBnWS/ltXKUBzwNkf3ZdGFPwEhYjmz79ei8eFYeDmrlxQCIrpk4WIIFEgVZZA 3TXrgHtqiHTwSiaZ75pK4CzP4ywnebsA7YNRh2sPGWuTLVCu9FZZ9fR3x2NMz64d
DRFZSQDIm6i+KSKWX6dFG/ot6VBzahKX24TUNuPhTrYUb+vkqxifbN/ItXcfcG2Z OjUO+JEzqj34/0N+gV3nf9nQqbTexUtBa9SuEQIDAQABAoIBAHnxtYvgCPttG1NU
HB7AZl2RgRbeJGI/IQJBANJCx2dkCIKsrC21cAuq+fbxtSdzGho4hF1jsDHOjoCh yJTTU/I7IEozWJaLIZMqfShT/Z4/0bEvfb3ag/bAKzkKDNx+6Utvlh1XJQTCMiiL
x53BCivk1tL0kLcmLPbJnH2KvzTV4YrizAoGKFneiokCQQDRJ7pnKabHs9qhF6kl BhtHpHjc3JwdAgZ8KCMNRB2ba/2L/ouupqrm8hqOjdn2r6xM5Vi9pmegEIMWTJDM
6m9dxAoGmeZY4RwodcVOqAjHFeMI9eSNLpsxava2RJFQVagCzwuft5lvhqeaxxZ0 NSX+nC0oF1Jg69X6KViFc5DOKFMhacSEwLJkv/EqCgdWaBoqMlTtTWKdm34xSN2L
nwxnAkBFcKCCWNsmrPhAMEfM0q6zC6iUWsMoHbo5TY8HI/yUJtnSE8rULEN2cCbL P5o9kOgihTBNUUnVBUWJiT7C6bBAFwb1rECpvNOk6h+lvG+fSDZKYdwBrAsKspIy
FeSLrJHuNEBppqlSQQy50sbIx2JhAkEAug8ZZ0RKNUTtrHib5DrUrxkBwjWOEGrQ /aXZD4qaicefGblrHcZv2og/zYkFs4riWNOmglxZyrK/3rFFk0B8mBk1mWQvrK7+
3b1GtF4O0OvLd+EmW+Gl9SQuLJ56lnhcaYM91+s/91JWLv4EH+KM6QJADR52KML6 Jq/R4k0CgYEA0hO29hJjeTBDdOWgzyXr5uppmR1WU7fv/Jy8PLRMvUvmiMQqRDK3
0IvPiOv8i98U+H5GvYT7pla+F61Y2i/h7M7wpANR8hAwK9IQ2eloeGQ3Fmyedd9l zwGc6H938wdsubpdTCLPhq0rhDCTqtwIEAuFjZIYJs4yZzfy6klaD3516iIgb+W7
kHGxNTIgEkw3uQ== fe1RkYMBp9wV0x272vzP4Y5p/fzp5xhvN52OkhQsjHRHewfDaUwSFScCgYEA0Wgi
-----END PRIVATE KEY----- kGVK6OxzoMCgiWx/L+y3yrYuHdWANTIIa5RvZk4UQqEFkGYGVP1rpbB/fAa1Yqev
qXkLZqad2dhJCuBVryGt29CHsbnEQ/QuTwlGmyZj1U8NnJBgNCPTdmGTBIm/7w9S
ESZ48bUlcqzsZn1Big/A6JX1e5i9b/1jyozNVgcCgYEAnRZc49iQRZjPeGQVQZEL
u5ph6DrFyMhsTistnv77uzk8Y9y79k8unz6HhFt86GAO7zrqdPo60GxBdBGW+laa
ONVEwr4SDUJ28jQmEwdSru9TYQav1ryk3N9O9U5POKQcNcewJ2qQUAvcOi6bAVGG
KMJKT/WB8m0o3ljJyL03cFUCgYBoHFTq42Fd8oj+SCbIjCej5RXvc6nz7Tzjta9Y
BSFphLIv+ixxAThustv9MYYAXLl7hhEgueyAKaBbOVv/S09uVdlBayi7pLc+bb1E
UEFJS8nguH/08hbSdWlh9tsIK5BAQ6ayniUNTtmCbRTPU8Ds6i4ntL6qp2KvthQS
FPTVqwKBgQC8m2sJapMms0/7EeGpUwMO+WNCHeRyujnriWYL8Kms0lmAn8NrQoA5
wgbx0nZ/VrXtLPGHy915jxDXOU1Yc2gqEf5Qm/GnByUuml1mUSldiPciSJvKzMqP
LeWnb62HD60t/zwstN20Yzt6mBLocm1PPdPhPweI/EF6pSgvlw5NTw==
-----END RSA PRIVATE KEY-----

23
tests/data_files/server5-badsign.crt
View File

@ -1,13 +1,14 @@
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIB7TCCAZSgAwIBAgIBAzAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYD MIICHzCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
VQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAeFw0x A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
MzA4MDkwNzU3NDBaFw0yMzA4MDcwNzU3NDBaMDQxCzAJBgNVBAYTAk5MMREwDwYD MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G
VQQKEwhQb2xhclNTTDESMBAGA1UEAxMJbG9jYWxob3N0MEkwEwYHKoZIzj0CAQYI A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
KoZIzj0DAQEDMgAEy0Lh3ZfhEwBiC8jmJfEg8NGxCDqHEtz+hPgYs37hDz9wTOoY CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA
+CJDtEUcDedgFCpqo4GdMIGaMAkGA1UdEwQCMAAwHQYDVR0OBBYEFKItALYotNzi 2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd
cfBPd7LwETtkYmdBMG4GA1UdIwRnMGWAFLxA77numrs2OeEtqaK6LLumvRBxoUKk BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB
QDA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1Bv PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh
bGFyc3NsIFRlc3QgRUMgQ0GCCQCtQnl2nnL24TAJBgcqhkjOPQQBA0gAMEUCIE/J clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG
rb3TrYL+z1OsZ2rtCmji7hrPj570X4Qkm1Pb5QEvAiEAiq46sM0+1DSAU0u8FcuL CCqGSM49BAMCA2gAMGUCMQCaLFzXptui5WQN8LlO3ddh1hMxx6tzgLvT03MTVK2S
jbRvSP9W7EJjb9QR3zNYbf4= C12r0Lz3ri/moSEpNZWqPjkCMCE2f53GXcYLqyfyJR078c/xNSUU5+Xxl7VZ414V
fGa5kHvHARBPc8YAIVIqDvHH1A==
-----END CERTIFICATE----- -----END CERTIFICATE-----

14
tests/data_files/server5-sha1.crt Normal file
View File

@ -0,0 +1,14 @@
-----BEGIN CERTIFICATE-----
MIICHTCCAaSgAwIBAgIBEjAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYD
VQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAeFw0x
MzA5MjQxNjIxMjdaFw0yMzA5MjIxNjIxMjdaMDQxCzAJBgNVBAYTAk5MMREwDwYD
VQQKEwhQb2xhclNTTDESMBAGA1UEAxMJbG9jYWxob3N0MFkwEwYHKoZIzj0CAQYI
KoZIzj0DAQcDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDY
IxH/6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/6OBnTCBmjAJBgNVHRMEAjAAMB0G
A1UdDgQWBBRQYaWP1AfZ14IBDOVlf4xjRqcTvjBuBgNVHSMEZzBlgBSdbSAkSQE/
K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFy
U1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVDIENBggkAwUPifmJDzOgwCQYH
KoZIzj0EAQNoADBlAjEAyjvzRWtxbXvkoYTYSQY9gFBpP7/wTZ2q6FbRiAuZULFt
lc0PMPDfVZChgA6iDH+BAjBdkOb73f2pOwZpMRqrOgqSynbt2uWY87mC5lRlNEoR
WXEv1AzIeBCv+81DN1Iuu4w=
-----END CERTIFICATE-----

21
tests/data_files/server5-sha224.crt
View File

@ -1,13 +1,14 @@
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIB7jCCAZWgAwIBAgIBBjAKBggqhkjOPQQDATA+MQswCQYDVQQGEwJOTDERMA8G MIICIDCCAaWgAwIBAgIBEzAKBggqhkjOPQQDATA+MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
MTMwODA5MDgwODEyWhcNMjMwODA3MDgwODEyWjA0MQswCQYDVQQGEwJOTDERMA8G MTMwOTI0MTYyMTI3WhcNMjMwOTIyMTYyMTI3WjA0MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBJMBMGByqGSM49AgEG A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
CCqGSM49AwEBAzIABMtC4d2X4RMAYgvI5iXxIPDRsQg6hxLc/oT4GLN+4Q8/cEzq CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA
GPgiQ7RFHA3nYBQqaqOBnTCBmjAJBgNVHRMEAjAAMB0GA1UdDgQWBBSiLQC2KLTc 2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd
4nHwT3ey8BE7ZGJnQTBuBgNVHSMEZzBlgBS8QO+57pq7NjnhLamiuiy7pr0QcaFC BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB
pEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQ PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh
b2xhcnNzbCBUZXN0IEVDIENBggkArUJ5dp5y9uEwCgYIKoZIzj0EAwEDRwAwRAIg clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG
Xm1nvMzdlO+q5tGATM/IPZxuWSZQqFqwqqdlDEe2OCcCIEbPknZFIjopDpOBMSuU CCqGSM49BAMBA2kAMGYCMQCj0EyFUzDRmfokWzLVEWN0epR4/sZytfIeozp6BqWH
k+VDnNYzQajkdeM9T5XqaX6B qaTBdAR2vthIKC7dKuUkg34CMQD6YtB2O9Vso79gbzSen2qh7gK7VvGE+31EVPbR
Ce/oNG/3OfhRSdn3FOvBBg2UErM=
-----END CERTIFICATE----- -----END CERTIFICATE-----

13
tests/data_files/server5-sha256.crt
View File

@ -1,13 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIB7zCCAZWgAwIBAgIBBzAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
MTMwODA5MDgwODE3WhcNMjMwODA3MDgwODE3WjA0MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBJMBMGByqGSM49AgEG
CCqGSM49AwEBAzIABMtC4d2X4RMAYgvI5iXxIPDRsQg6hxLc/oT4GLN+4Q8/cEzq
GPgiQ7RFHA3nYBQqaqOBnTCBmjAJBgNVHRMEAjAAMB0GA1UdDgQWBBSiLQC2KLTc
4nHwT3ey8BE7ZGJnQTBuBgNVHSMEZzBlgBS8QO+57pq7NjnhLamiuiy7pr0QcaFC
pEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQ
b2xhcnNzbCBUZXN0IEVDIENBggkArUJ5dp5y9uEwCgYIKoZIzj0EAwIDSAAwRQIh
ALfqO3j3gA18v/MG+s5CJfNGBeeRIttASyiO3FOiZUfeAiBoid6STq5AvS1c9Olm
Vk7wB2zYU9v6sSoR99csMz4TTQ==
-----END CERTIFICATE-----

21
tests/data_files/server5-sha384.crt
View File

@ -1,13 +1,14 @@
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIB7zCCAZWgAwIBAgIBCDAKBggqhkjOPQQDAzA+MQswCQYDVQQGEwJOTDERMA8G MIICHzCCAaWgAwIBAgIBFDAKBggqhkjOPQQDAzA+MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
MTMwODA5MDgwODI1WhcNMjMwODA3MDgwODI1WjA0MQswCQYDVQQGEwJOTDERMA8G MTMwOTI0MTYyMTI3WhcNMjMwOTIyMTYyMTI3WjA0MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBJMBMGByqGSM49AgEG A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
CCqGSM49AwEBAzIABMtC4d2X4RMAYgvI5iXxIPDRsQg6hxLc/oT4GLN+4Q8/cEzq CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA
GPgiQ7RFHA3nYBQqaqOBnTCBmjAJBgNVHRMEAjAAMB0GA1UdDgQWBBSiLQC2KLTc 2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd
4nHwT3ey8BE7ZGJnQTBuBgNVHSMEZzBlgBS8QO+57pq7NjnhLamiuiy7pr0QcaFC BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB
pEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQ PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh
b2xhcnNzbCBUZXN0IEVDIENBggkArUJ5dp5y9uEwCgYIKoZIzj0EAwMDSAAwRQIh clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG
ANRFz89Cp8ohvDHX94h+pftXR34mhGqzzi3xidVj1Sg8AiBOv+ChIGVXGmM3RFvj CCqGSM49BAMDA2gAMGUCMQCnsd/6VB2kLIqMRsWdkJvRaQROyAg78CQExFEY3CMv
kOaH0pCTLJQEpIAj5jlaCw9tDA== 9t0kWRXPc4nCMH69RjQVvC4CMB4lk9A7hnX2zQy3bbUhOCOvXcsQdEe8AMgJBviz
5Nob2wThRqsm1wjCF60fyzXWuA==
-----END CERTIFICATE----- -----END CERTIFICATE-----

21
tests/data_files/server5-sha512.crt
View File

@ -1,13 +1,14 @@
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIB7zCCAZWgAwIBAgIBCTAKBggqhkjOPQQDBDA+MQswCQYDVQQGEwJOTDERMA8G MIICHzCCAaWgAwIBAgIBFTAKBggqhkjOPQQDBDA+MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
MTMwODA5MDgwODMyWhcNMjMwODA3MDgwODMyWjA0MQswCQYDVQQGEwJOTDERMA8G MTMwOTI0MTYyMTI3WhcNMjMwOTIyMTYyMTI3WjA0MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBJMBMGByqGSM49AgEG A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
CCqGSM49AwEBAzIABMtC4d2X4RMAYgvI5iXxIPDRsQg6hxLc/oT4GLN+4Q8/cEzq CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA
GPgiQ7RFHA3nYBQqaqOBnTCBmjAJBgNVHRMEAjAAMB0GA1UdDgQWBBSiLQC2KLTc 2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd
4nHwT3ey8BE7ZGJnQTBuBgNVHSMEZzBlgBS8QO+57pq7NjnhLamiuiy7pr0QcaFC BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB
pEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQ PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh
b2xhcnNzbCBUZXN0IEVDIENBggkArUJ5dp5y9uEwCgYIKoZIzj0EAwQDSAAwRQIh clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG
AN5rRzdwAbgA4scB15w5W9DPJ6w7Q7QiEnV7PV5IAXX4AiBAFnODGe6Lk7C5YYYU CCqGSM49BAMEA2gAMGUCMFPL2OI8arcbRlKAbRb/YfGibo4Mwts8KX3fOuRCbXEn
dANkEzunQUZNP1qh24SgeqBUNg== pDWeb82kBqfXwzPJwamFOwIxAPGzyhWrxn0qEynWV5nzFK02PYBnYFgClISyyudH
HJGHtbEVRc5JA8ALnggaLVpuvg==
-----END CERTIFICATE----- -----END CERTIFICATE-----

23
tests/data_files/server5.crt
View File

@ -1,13 +1,14 @@
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIB7TCCAZSgAwIBAgIBAzAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYD MIICHzCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
VQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAeFw0x A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
MzA4MDkwNzU3NDBaFw0yMzA4MDcwNzU3NDBaMDQxCzAJBgNVBAYTAk5MMREwDwYD MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G
VQQKEwhQb2xhclNTTDESMBAGA1UEAxMJbG9jYWxob3N0MEkwEwYHKoZIzj0CAQYI A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
KoZIzj0DAQEDMgAEy0Lh3ZfhEwBiC8jmJfEg8NGxCDqHEtz+hPgYs37hDz9wTOoY CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA
+CJDtEUcDedgFCpqo4GdMIGaMAkGA1UdEwQCMAAwHQYDVR0OBBYEFKItALYotNzi 2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd
cfBPd7LwETtkYmdBMG4GA1UdIwRnMGWAFLxA77numrs2OeEtqaK6LLumvRBxoUKk BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB
QDA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1Bv PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh
bGFyc3NsIFRlc3QgRUMgQ0GCCQCtQnl2nnL24TAJBgcqhkjOPQQBA0gAMEUCIE/J clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG
rb3TrYL+z1OsZ2rtCmji7hrPj570X4Qkm1Pb5QEvAiEAiq46sM0+1DSAU0u8FcuL CCqGSM49BAMCA2gAMGUCMQCaLFzXptui5WQN8LlO3ddh1hMxx6tzgLvT03MTVK2S
jbRvSP9W7EJjb9QR3zNYbX4= C12r0Lz3ri/moSEpNZWqPjkCMCE2f53GXcYLqyfyJR078c/xNSUU5+Xxl7VZ414V
fGa5kHvHARBPc8YAIVIqDvHH1Q==
-----END CERTIFICATE----- -----END CERTIFICATE-----

6
tests/data_files/server5.key
View File

@ -1,5 +1,5 @@
-----BEGIN EC PRIVATE KEY----- -----BEGIN EC PRIVATE KEY-----
MF8CAQEEGO82j8OXBoUhVyauCA8XZ288l595u7BXWqAKBggqhkjOPQMBAaE0AzIA MHcCAQEEIPEqEyB2AnCoPL/9U/YDHvdqXYbIogTywwyp6/UfDw6noAoGCCqGSM49
BMtC4d2X4RMAYgvI5iXxIPDRsQg6hxLc/oT4GLN+4Q8/cEzqGPgiQ7RFHA3nYBQq AwEHoUQDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDYIxH/
ag== 6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/w==
-----END EC PRIVATE KEY----- -----END EC PRIVATE KEY-----

23
tests/data_files/server6.crt
View File

@ -1,13 +1,14 @@
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIB7TCCAZSgAwIBAgIBAjAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYD MIICIDCCAaWgAwIBAgIBCjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
VQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAeFw0x A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
MzA4MDkwNzU3MjZaFw0yMzA4MDcwNzU3MjZaMDQxCzAJBgNVBAYTAk5MMREwDwYD MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G
VQQKEwhQb2xhclNTTDESMBAGA1UEAxMJbG9jYWxob3N0MEkwEwYHKoZIzj0CAQYI A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
KoZIzj0DAQEDMgAEE2sIbSZOSEinZM3q2MMOy8egM8Y9BAcsuwxO9UpS1B8nT9u1 CCqGSM49AwEHA0IABIFZMXZJJPoVraugMW4O7TMR+pElVcGwwZwDcj6Yui2kcjeJ
1bvjTh5VQAgJAU+Oo4GdMIGaMAkGA1UdEwQCMAAwHQYDVR0OBBYEFDYreWnU1s1J H0M3jR+OOtjwV+gvT8kApPfbcw+yxgSU0UA7OOOjgZ0wgZowCQYDVR0TBAIwADAd
AG49ALPOQliFaJahMG4GA1UdIwRnMGWAFLxA77numrs2OeEtqaK6LLumvRBxoUKk BgNVHQ4EFgQUfmWPPjMDFOXhvmCy4IV/jOdgK3swbgYDVR0jBGcwZYAUnW0gJEkB
QDA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1Bv PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh
bGFyc3NsIFRlc3QgRUMgQ0GCCQCtQnl2nnL24TAJBgcqhkjOPQQBA0gAMEUCICDC clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG
Qiv7ypgB4K9x6mf3UvYmdfLHzRkUHyP2FoY/GnFwAiEAr/WVRRw8tPZq3kKaMApQ CCqGSM49BAMCA2kAMGYCMQCsYTyleBFuI4nizuxo/ie5dxJnD0ynwCnRJ+84PZP4
OLFV/1jRkCd3i9vpRfdZjsI= AQA3HdUz0qNYs4CZ2am9Gz0CMQDr2TNLFA3C3S3pmgXMT0eKzR1Ca1/Nulf0llQZ
Xj09kLboxuemP40IIqhQnpYptMg=
-----END CERTIFICATE----- -----END CERTIFICATE-----

6
tests/data_files/server6.key
View File

@ -1,5 +1,5 @@
-----BEGIN EC PRIVATE KEY----- -----BEGIN EC PRIVATE KEY-----
MF8CAQEEGD5d3O02N8S/dSjU0RmPK8h2TEH64xPN6qAKBggqhkjOPQMBAaE0AzIA MHcCAQEEIEQZG5j8IkRLxa9OoZJzD3KkrXqIgi9cHZMVv2s/VcPOoAoGCCqGSM49
BBNrCG0mTkhIp2TN6tjDDsvHoDPGPQQHLLsMTvVKUtQfJ0/btdW7404eVUAICQFP AwEHoUQDQgAEgVkxdkkk+hWtq6Axbg7tMxH6kSVVwbDBnANyPpi6LaRyN4kfQzeN
jg== H4462PBX6C9PyQCk99tzD7LGBJTRQDs44w==
-----END EC PRIVATE KEY----- -----END EC PRIVATE KEY-----

29
tests/data_files/server7.crt
View File

@ -1,14 +1,23 @@
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIICMTCCAZqgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJOTDER MIIDwjCCAaqgAwIBAgIBEDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJOTDER
MA8GA1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJt MA8GA1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJt
ZWRpYXRlIENBMB4XDTEzMDgxMDA5Mzc1OVoXDTIzMDgwODA5Mzc1OVowNDELMAkG ZWRpYXRlIENBMB4XDTEzMDkyNDE2MTIyNFoXDTIzMDkyMjE2MTIyNFowNDELMAkG
A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3Qw A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3Qw
STATBgcqhkjOPQIBBggqhkjOPQMBAQMyAATLQuHdl+ETAGILyOYl8SDw0bEIOocS WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXqoZyychmoCRxzrd4Vu96m
3P6E+BizfuEPP3BM6hj4IkO0RRwN52AUKmqjgZUwgZIwCQYDVR0TBAIwADAdBgNV 47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeYBmskr22rlKjyo4GVMIGS
HQ4EFgQUoi0Atii03OJx8E93svARO2RiZ0EwZgYDVR0jBF8wXYAUSWP5COj9AlpE MAkGA1UdEwQCMAAwHQYDVR0OBBYEFNIK06V3H85VsFxGoo5zbL+hYCa7MGYGA1Ud
9UEpjc+8T9LAHryhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNT IwRfMF2AFDh32Gt3nCh3gotO2BupHveUFrcOoUKkQDA+MQswCQYDVQQGEwJOTDER
TDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIBDzANBgkqhkiG9w0BAQUF MA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0GC
AAOBgQDXdaDKbre+goT5vJ8GHr3APTsHed40sS/UvbGtjC4XsZ+liUMhAZn85nWd AQ4wDQYJKoZIhvcNAQELBQADggIBADRoQ5fHKw+vkl0D3aqLX1XrZidb+25AWbhr
95FifmASBWG7R8eyU+nOL1yDQNxIcN1nqzX+UNUnXI5P2gNLF+lllr9T9zYmFo4s FYXdaskN219PrXBL3cV8x5tK6qsPKSyyw1lue80OmhXs/w7PJkOHHUSWRnmTv7lr
Qg4vVTIZIidwJtB60ZwboTx1au0bDPGDF1oniyLPBJdwcY4jsA== 8Us3Zr/yOF/VVqzdGs7DlOTpyzEBdugI9uar/aCqHDoltN8wOduOoQB9aojYpROj
+gjlEO0mgt/87XpjYOig1o0jv44QYDQZQzpj1zeIn6WMe6xk9YDwCLMjRIpg++c7
QyxvcEJTn80wX1SaEBM2gau97G7bORLMwBVkMT4oSY+iKYgpPpawOnMJbqUP73Dm
yfJExDdrW/BbWZ/vKIcSqSZIbkHdkNjUDVHczyVwQxZxzvLFw/B1k9s7jYFsi5eK
TNAdXFa4et1H2sd+uhu24GxsjmJioDrftixcgzPVBjDCjH8QWkBEX292WJ58on0e
deWLpZUnzPdE1B4rsiPw1Vg28mGgr2O1xgBQr/fx6A+8ItNTzAXbZfEcult9ypwM
0b6YDNe5IvdKk8iwz3mof0VNy47K6xoCaE/fxxWkjoXK8x2wfswGeP2QgUzQE93b
OtjdHpsG1c7gIVFQmKATyAPUz4vqmezgNRleXU0oL0PYtoCmKQ51UjNMUfmO9xCj
VJaNa2iTQ5Dgic+CW4TYAgj5/9g9X3WfwnDNxrZ0UxxawGElczHXqbrNleTtPaKp
a8Si6UK5
-----END CERTIFICATE----- -----END CERTIFICATE-----

6
tests/data_files/server7.key
View File

@ -1,5 +1,5 @@
-----BEGIN EC PRIVATE KEY----- -----BEGIN EC PRIVATE KEY-----
MF8CAQEEGO82j8OXBoUhVyauCA8XZ288l595u7BXWqAKBggqhkjOPQMBAaE0AzIA MHcCAQEEILBDMs7bRVxVg6ovTpf2zB9m+22jY7R3LNKRvCPfa6YJoAoGCCqGSM49
BMtC4d2X4RMAYgvI5iXxIPDRsQg6hxLc/oT4GLN+4Q8/cEzqGPgiQ7RFHA3nYBQq AwEHoUQDQgAEHG336dql6qGcsnIZqAkcc63eFbvepuOzTwXobRAuOmk3l4A5wXX/
ag== vs5wAawLX1wUTUM/AESHmAZrJK9tq5So8g==
-----END EC PRIVATE KEY----- -----END EC PRIVATE KEY-----

64
tests/data_files/server7_int-ca.crt
View File

@ -1,29 +1,47 @@
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIICMTCCAZqgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJOTDER MIIDwjCCAaqgAwIBAgIBEDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJOTDER
MA8GA1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJt MA8GA1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJt
ZWRpYXRlIENBMB4XDTEzMDgxMDA5Mzc1OVoXDTIzMDgwODA5Mzc1OVowNDELMAkG ZWRpYXRlIENBMB4XDTEzMDkyNDE2MTIyNFoXDTIzMDkyMjE2MTIyNFowNDELMAkG
A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3Qw A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3Qw
STATBgcqhkjOPQIBBggqhkjOPQMBAQMyAATLQuHdl+ETAGILyOYl8SDw0bEIOocS WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXqoZyychmoCRxzrd4Vu96m
3P6E+BizfuEPP3BM6hj4IkO0RRwN52AUKmqjgZUwgZIwCQYDVR0TBAIwADAdBgNV 47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeYBmskr22rlKjyo4GVMIGS
HQ4EFgQUoi0Atii03OJx8E93svARO2RiZ0EwZgYDVR0jBF8wXYAUSWP5COj9AlpE MAkGA1UdEwQCMAAwHQYDVR0OBBYEFNIK06V3H85VsFxGoo5zbL+hYCa7MGYGA1Ud
9UEpjc+8T9LAHryhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNT IwRfMF2AFDh32Gt3nCh3gotO2BupHveUFrcOoUKkQDA+MQswCQYDVQQGEwJOTDER
TDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIBDzANBgkqhkiG9w0BAQUF MA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0GC
AAOBgQDXdaDKbre+goT5vJ8GHr3APTsHed40sS/UvbGtjC4XsZ+liUMhAZn85nWd AQ4wDQYJKoZIhvcNAQELBQADggIBADRoQ5fHKw+vkl0D3aqLX1XrZidb+25AWbhr
95FifmASBWG7R8eyU+nOL1yDQNxIcN1nqzX+UNUnXI5P2gNLF+lllr9T9zYmFo4s FYXdaskN219PrXBL3cV8x5tK6qsPKSyyw1lue80OmhXs/w7PJkOHHUSWRnmTv7lr
Qg4vVTIZIidwJtB60ZwboTx1au0bDPGDF1oniyLPBJdwcY4jsA== 8Us3Zr/yOF/VVqzdGs7DlOTpyzEBdugI9uar/aCqHDoltN8wOduOoQB9aojYpROj
+gjlEO0mgt/87XpjYOig1o0jv44QYDQZQzpj1zeIn6WMe6xk9YDwCLMjRIpg++c7
QyxvcEJTn80wX1SaEBM2gau97G7bORLMwBVkMT4oSY+iKYgpPpawOnMJbqUP73Dm
yfJExDdrW/BbWZ/vKIcSqSZIbkHdkNjUDVHczyVwQxZxzvLFw/B1k9s7jYFsi5eK
TNAdXFa4et1H2sd+uhu24GxsjmJioDrftixcgzPVBjDCjH8QWkBEX292WJ58on0e
deWLpZUnzPdE1B4rsiPw1Vg28mGgr2O1xgBQr/fx6A+8ItNTzAXbZfEcult9ypwM
0b6YDNe5IvdKk8iwz3mof0VNy47K6xoCaE/fxxWkjoXK8x2wfswGeP2QgUzQE93b
OtjdHpsG1c7gIVFQmKATyAPUz4vqmezgNRleXU0oL0PYtoCmKQ51UjNMUfmO9xCj
VJaNa2iTQ5Dgic+CW4TYAgj5/9g9X3WfwnDNxrZ0UxxawGElczHXqbrNleTtPaKp
a8Si6UK5
-----END CERTIFICATE----- -----END CERTIFICATE-----
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIICWjCCAgKgAwIBAgIBDzAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYD MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
VQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAeFw0x A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
MzA4MTAwOTA4NTFaFw0yMzA4MTAwOTA4NTFaMEgxCzAJBgNVBAYTAk5MMREwDwYD MTMwOTI0MTU1NTE0WhcNMjMwOTIyMTU1NTE0WjBIMQswCQYDVQQGEwJOTDERMA8G
VQQKEwhQb2xhclNTTDEmMCQGA1UEAxMdUG9sYXJTU0wgVGVzdCBJbnRlcm1lZGlh A1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
dGUgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN/CgAVAhMzUJ7kFpAjx YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq
7vwq2Vs4qmy6nuwOJ7UNBHXaWKSBUUP9KhExuTGMeNvYZmLiwfrd7p22Cgj1VFwp vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR
V/5FEuEk4C7pXSZxqn2bXTaD1ivOVu9I0yKmA3+95f34V72fiqQ2U/SssGhI0EX4 wfEI+b4azse460InPHv7C1TN0upXlxuj6m9B1IlP+sBaM7WBC6dVfPO+jVMIxgkF
pSMEEbX8NOR31MCFut8ACzQ1AgMBAAGjgaAwgZ0wHQYDVR0OBBYEFElj+Qjo/QJa CaBCLhhdK1Fjf8HjkT/PkctWnho8NTwivc9+nqRZjXe/eIcqm5HwjDDhu+gz+o0g
RPVBKY3PvE/SwB68MG4GA1UdIwRnMGWAFLxA77numrs2OeEtqaK6LLumvRBxoUKk Vz9MfZNi1JyCrOyNZcy+cr2QeNnNVGnFq8xTxtu6dLunhpmLFj2mm0Vjwa7Ypj5q
QDA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1Bv AjpqTMtDvqbRuToyoyzajhMNcCAf7gwzIupJJFVdjdtgYAcQwzikwF5HoITJzzJ2
bGFyc3NsIFRlc3QgRUMgQ0GCCQCtQnl2nnL24TAMBgNVHRMEBTADAQH/MAkGByqG qgxF7CmvGZNb7G99mLdLdhtclH3wAQKHYwEGJo7XKyNEuHPQgB+e0cg1SD1HqlAM
SM49BAEDRwAwRAIgfIwD+A0rcrrJWKLR1g88ImIx5765D0ZAixZy9Q1j8EgCIFPo uCfGGTWQ6me7Bjan3t0NzoTdDq6IpKTesbaY+/9e2xn8DCrhBKLXQMZFDZqUoLYA
AAs001kkpocmMwGv3Mz8bYCK+0GwSteAoWtZmTz0 kGPOEGgvlPnIIXAawouxCaNYEh5Uw871YMSPT28rLdFr49dwYOtDg9foA8hDIW2P
d6KXbrZteesvA1nYzEOs+3AjrbT79Md2W8Bz9bqBVNlNOESSqm4kiCJFmslm/6br
Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg
updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY
a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7
NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE
AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
CgYIKoZIzj0EAwIDaAAwZQIxAPyE+u+eP7gRrSFjQicmpYg8jiFUCYEowWY2zuOG
i1HXYwmpDHfasQ3rNSuf/gHvjwIwbSSjumDk+uYNci/KMELDsD0MFHxZhhBc9Hp9
Af5cNR8KhzegznL6amRObGGKmX1F
-----END CERTIFICATE----- -----END CERTIFICATE-----

27
tests/data_files/server8.crt
View File

@ -1,13 +1,18 @@
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIB4TCCAZmgAwIBAgIBAzAJBgcqhkjOPQQBMEsxCzAJBgNVBAYTAk5MMREwDwYD MIIC6zCCAnKgAwIBAgIBETAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G
VQQKEwhQb2xhclNTTDEpMCcGA1UEAxMgUG9sYXJTU0wgVGVzdCBJbnRlcm1lZGlh A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
dGUgRUMgQ0EwHhcNMTMwODEwMTA0ODQyWhcNMjMwODEwMTA0ODQyWjA0MQswCQYD YXRlIEVDIENBMB4XDTEzMDkyNDE2MTI1NloXDTIzMDkyMjE2MTI1NlowNDELMAkG
VQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBJ A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3Qw
MBMGByqGSM49AgEGCCqGSM49AwEBAzIABH0AoQyUhPABS38y67uEVs4O3RXmKKrB ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbHH8uC82/ztF1EKCiuM59
dUR7/L2QPB8EC2p5fQcsej6EFasvlTdJ/6OBlTCBkjAdBgNVHQ4EFgQU5BdrNrIG quIF4HrYRGOPtb3AsBm5N7gZSg7xXXSAZ0aHBt5bfwYDvcGNXgcV1Fv03OXPPfnB
iTrZXkO24GR9h6t93jcwYwYDVR0jBFwwWoAUsdlE7s/zeovBx8go2LphSL+Nu9mh ESyuarmKvR1nZhfqTr3bFZqCh+TweMOjhYew/Z+pmV/jM+zM6gu1YV7xSX4/oy3q
P6Q9MDsxCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQ AQzMQpp2m8TQN9OxFwFhARZZfhwXw1P90XLLTGAV2n3i6q1Q747ii9Rqd1XWcNlr
UG9sYXJTU0wgVGVzdCBDQYIBETAMBgNVHRMEBTADAQH/MAkGByqGSM49BAEDNwAw u/HuOQQ4o73i0eBma+KcR5npKOa2/C7KZ0OE6NWD1p2YawE+gdw8esr585z31igb
NAIYPH5MSjau/MPc+rjSbYt+Q9rlv4idlJ84AhhWuxV7gaFzJzCs7acgX6WbfOAB J3h8w9DVY6eBNImtJWq98urt+lf85TTGwQ9xLdIIEButREHg/nmgY5OKsV3psO5v
SAnWzz4= AgMBAAGjgZIwgY8wCQYDVR0TBAIwADAdBgNVHQ4EFgQU4j/mLfTnuKaM3G0XpxhA
J2F2Dx0wYwYDVR0jBFwwWoAUD4m9Y0Hry14XKP9oMD3BiNCcWDmhP6Q9MDsxCzAJ
BgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wg
VGVzdCBDQYIBDzAKBggqhkjOPQQDAgNnADBkAjBkP1bGlZvxnYySZjdBq4m8lkyz
2cjfqjYs8COEkRkONaVz7888HvFdGpL98uQeFvECMHCyCrHprkGzvq/L9kUnx9Bh
2IHbCzbbi9moYC1XcOxgfsEKmhtVF/uQdf8+3VtGqA==
-----END CERTIFICATE----- -----END CERTIFICATE-----

35
tests/data_files/server8.key
View File

@ -1,8 +1,27 @@
-----BEGIN EC PARAMETERS----- -----BEGIN RSA PRIVATE KEY-----
BggqhkjOPQMBAQ== MIIEowIBAAKCAQEA2xx/LgvNv87RdRCgorjOfariBeB62ERjj7W9wLAZuTe4GUoO
-----END EC PARAMETERS----- 8V10gGdGhwbeW38GA73BjV4HFdRb9Nzlzz35wREsrmq5ir0dZ2YX6k692xWagofk
-----BEGIN EC PRIVATE KEY----- 8HjDo4WHsP2fqZlf4zPszOoLtWFe8Ul+P6Mt6gEMzEKadpvE0DfTsRcBYQEWWX4c
MF8CAQEEGItTogpE7AOnjvYuTqm+9OabmsX02XKIAqAKBggqhkjOPQMBAaE0AzIA F8NT/dFyy0xgFdp94uqtUO+O4ovUandV1nDZa7vx7jkEOKO94tHgZmvinEeZ6Sjm
BH0AoQyUhPABS38y67uEVs4O3RXmKKrBdUR7/L2QPB8EC2p5fQcsej6EFasvlTdJ tvwuymdDhOjVg9admGsBPoHcPHrK+fOc99YoGyd4fMPQ1WOngTSJrSVqvfLq7fpX
/w== /OU0xsEPcS3SCBAbrURB4P55oGOTirFd6bDubwIDAQABAoIBAFvf3xQXrvY2am2D
-----END EC PRIVATE KEY----- w1d31l2rQYrlTZ1RT836js41CRQ44OD5xLpATZFpvJDxuFr1MDhxYK8+NgpZORW7
akEz432pDes0pQgftCyfCngc/E7ZCCijgsOyX5Y5b2QvdLtQrHxAUZK6sJ4lbgIO
pvlYGvB78DnV057YQfZs8j7XPqTFYVNlIx6xCFxwiMTeUGZvSrN8CpKT/5zsSE5d
xX2alaYiWl2oSOI7axrtpMEXAI0A/O/N1mI+n3cs15cfAJa/fMjEMmGz0Pqg5IlS
IwZWpr6BzbdHldO/XlVErKMo4lADUmsr2d+q3vfQmLEAyizp7OmU9vc+DXcK9jH+
aDd0gcECgYEA7SAVA/banYejN7Ovn84pJ+mguINMwPFZd9eW9op1PgRryGCpdh77
qV64YIjFhwt1JQQIf5GCPD5Um0Z8mY59a6MU+sJGGB7xwVuCuXbDAKJJF6/58f7/
MoLzsoQFy50TpA90T0WOvMWDnWSLTYjRr1fFTKNWNcvPoFOnmAydGbUCgYEA7I1X
mCFRSGiu0NdN2j7mwtTudI4m/qyYfUQxpSvvgN2DSHtG56h8Dz1w7CpNlLDHodPP
e8oiXMS/bBBNwWHu9hxhBqdmvj4C+K5Ax0EKYx7CsHWK7BJ8u8Ak8xwaufMiejt5
ioJhI4pyukBEqJbnuzmuDcuoqxPF1ZTmM/WzrhMCgYBi5V9+cMUKsFhFUf6sUqpd
iBXM/o3TZpVe4x6GIob1X5ioUJA8wH1LTULul/xx7zhjQMRemAxOHdzhictLq97p
NnH4h2/+fWFsuELUIREBQa3kYDOJV0WOBomm6WMVYaSgZwWmTidS2bmjuhxTMP3q
+FtENFcvRpqIjns2cgRPhQKBgQDcjhia5o2z9q7wV57mG3nrNL+0ewoOsHxpZ5jm
SSXBQEf038RHoIczanUMLZEyTvWDhErTP690UZmtNzJYWWiFngY1PwYD4SvCFC6f
2ZvGuVqLTr0dyUr1f3y0E4Mz12dREn0LUO8jRSYdVGjvy+v6XBhWEoqMIB54OqG8
1p0WcwKBgF4KfzBOi1DarCuxaa6huUdNc8efog5GO1lmNenKlRuPLp5wp3qvWsyH
blfbtJQNE1DhbDGwmzPCGLc3wXx0t0gCrcMkxoRATFMNOSLodG7Mbkj9AoEMx94X
XYfi5vYftbEUmZeZtHZBI3o3up/xtPcuGNlb8BSIIOaQtIYybxKa
-----END RSA PRIVATE KEY-----

60
tests/data_files/server8_int-ca2.crt
View File

@ -1,30 +1,36 @@
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIB4TCCAZmgAwIBAgIBAzAJBgcqhkjOPQQBMEsxCzAJBgNVBAYTAk5MMREwDwYD MIIC6zCCAnKgAwIBAgIBETAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G
VQQKEwhQb2xhclNTTDEpMCcGA1UEAxMgUG9sYXJTU0wgVGVzdCBJbnRlcm1lZGlh
dGUgRUMgQ0EwHhcNMTMwODEwMTA0ODQyWhcNMjMwODEwMTA0ODQyWjA0MQswCQYD
VQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBJ
MBMGByqGSM49AgEGCCqGSM49AwEBAzIABH0AoQyUhPABS38y67uEVs4O3RXmKKrB
dUR7/L2QPB8EC2p5fQcsej6EFasvlTdJ/6OBlTCBkjAdBgNVHQ4EFgQU5BdrNrIG
iTrZXkO24GR9h6t93jcwYwYDVR0jBFwwWoAUsdlE7s/zeovBx8go2LphSL+Nu9mh
P6Q9MDsxCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQ
UG9sYXJTU0wgVGVzdCBDQYIBETAMBgNVHRMEBTADAQH/MAkGByqGSM49BAEDNwAw
NAIYPH5MSjau/MPc+rjSbYt+Q9rlv4idlJ84AhhWuxV7gaFzJzCs7acgX6WbfOAB
SAnWzz4=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICvDCCAaSgAwIBAgIBETANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
MTMwODEwMTA0NzM5WhcNMjMwODEwMTA0NzM5WjBLMQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
YXRlIEVDIENBMEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEF/Nw4VH9gt/WUMJt YXRlIEVDIENBMB4XDTEzMDkyNDE2MTI1NloXDTIzMDkyMjE2MTI1NlowNDELMAkG
dKRsyselY6ngTpfw1XDtlLMT2XewBCAgIHDQoeQlVIkxsdRGo4GVMIGSMB0GA1Ud A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3Qw
DgQWBBSx2UTuz/N6i8HHyCjYumFIv4272TBjBgNVHSMEXDBagBS0WuSls97SUva5 ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbHH8uC82/ztF1EKCiuM59
1aaVD+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NM quIF4HrYRGOPtb3AsBm5N7gZSg7xXXSAZ0aHBt5bfwYDvcGNXgcV1Fv03OXPPfnB
MRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMAwGA1UdEwQFMAMBAf8wDQYJ ESyuarmKvR1nZhfqTr3bFZqCh+TweMOjhYew/Z+pmV/jM+zM6gu1YV7xSX4/oy3q
KoZIhvcNAQEFBQADggEBABKWcjM5s2rqe3Ha3MR8rj5Ki6sXnda6mDFga4sWrkzR AQzMQpp2m8TQN9OxFwFhARZZfhwXw1P90XLLTGAV2n3i6q1Q747ii9Rqd1XWcNlr
aK8FOzHNtGgZvua7mQ3slvxa1b4rdl0ZiCzs16FxeIPrdilo2EqzKKZNbTNx8hGu u/HuOQQ4o73i0eBma+KcR5npKOa2/C7KZ0OE6NWD1p2YawE+gdw8esr585z31igb
f593cXnjRijU4O4ysqNdPfrmUrJHl+gME6C5eLJsrdlhYXa8zog+eOUn/94EFq6I J3h8w9DVY6eBNImtJWq98urt+lf85TTGwQ9xLdIIEButREHg/nmgY5OKsV3psO5v
QW/7hcaAN8mr1ZPCml+dWNynkYd7TqtqIkukB6pqZU9SkSIX6iNaRZXhSjge/+iB AgMBAAGjgZIwgY8wCQYDVR0TBAIwADAdBgNVHQ4EFgQU4j/mLfTnuKaM3G0XpxhA
XkJS7NXqwQZ3ktUhHYrkqSuVkdL61hrkB20T3NaPaYGPj/PcnCfk9nOmTmWlqHhl J2F2Dx0wYwYDVR0jBFwwWoAUD4m9Y0Hry14XKP9oMD3BiNCcWDmhP6Q9MDsxCzAJ
FZM816w2/AT6G98zJgU0iAG53ANVO1k+FgbUFjrqRDQ= BgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wg
VGVzdCBDQYIBDzAKBggqhkjOPQQDAgNnADBkAjBkP1bGlZvxnYySZjdBq4m8lkyz
2cjfqjYs8COEkRkONaVz7888HvFdGpL98uQeFvECMHCyCrHprkGzvq/L9kUnx9Bh
2IHbCzbbi9moYC1XcOxgfsEKmhtVF/uQdf8+3VtGqA==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIC6TCCAdGgAwIBAgIBDzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
MTMwOTI0MTYwODQyWhcNMjMwOTIyMTYwODQyWjBLMQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
YXRlIEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8Oih3fX5SLeN1dmFncQl
WMw9+Y6sXblhlrXBxhXxjwdwpCHENn+foUVdrqYVYa7Suv3QVeO6nJ19H3QNixW8
ik1P+hxsbaq8bta78vAyHmC4EmXQLg1w7oxb9Q82qX1Yo4GVMIGSMB0GA1UdDgQW
BBQPib1jQevLXhco/2gwPcGI0JxYOTBjBgNVHSMEXDBagBS0WuSls97SUva51aaV
D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkw
FwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZI
hvcNAQELBQADggEBAAjeaTUaCBiXT1CYLVr6UFSeRNZBrDPnj6PwqUQTvgB5I5n6
yXqoE4RYDaEL0Lg24juFxI26itBuypto6vscgGq77cfrP/avSdxU+xeZ4bCWvh3M
ddj9lmko2U8I8GhBcHpSuIiTvgKDB8eKkjeq3AsLGchHDvip8pB3IhcNfL7W94Zf
7/lH9VQiE3/px7amD32cidoPvWLA9U3f1FsPmJESUz0wwNfINpDjmPr8dGbkCN+M
CFhxo6sCfK8KLYG4nYX8FwxVR86kpSrO9e84AX0YYbdzxprbc2XOaebJ8+BDmzut
ARkD7DTXrodN1wV7jQJkrUuEwPj9Rhvk+MFRkaw=
-----END CERTIFICATE----- -----END CERTIFICATE-----

25
tests/data_files/test-ca2.crt
View File

@ -1,14 +1,15 @@
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIICEjCCAbmgAwIBAgIJAK1CeXaecvbhMAkGByqGSM49BAEwPjELMAkGA1UEBhMC MIICUjCCAdegAwIBAgIJAMFD4n5iQ8zoMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT
TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
IENBMB4XDTEzMDgwOTA3NDk0NloXDTIzMDgwNzA3NDk0NlowPjELMAkGA1UEBhMC QyBDQTAeFw0xMzA5MjQxNTQ5NDhaFw0yMzA5MjIxNTQ5NDhaMD4xCzAJBgNVBAYT
TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAElrizLPspIX2+kNvC+BOpJnw1 QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu
9tnAi5nsUnt8r6N+KDybdaVUWmLIqZCrjuaGKwOdOZtl/bBp8KOpLZ4UDujV/qOB ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy
oDCBnTAdBgNVHQ4EFgQUvEDvue6auzY54S2porosu6a9EHEwbgYDVR0jBGcwZYAU aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqOBoDCBnTAdBgNVHQ4EFgQUnW0g
vEDvue6auzY54S2porosu6a9EHGhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQK JEkBPyvLeLUZvH4kydv7NnwwbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7
EwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAK1CeXae NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE
cvbhMAwGA1UdEwQFMAMBAf8wCQYHKoZIzj0EAQNIADBFAiBs5rd9NzQs/wQZVS6D AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
rjpOpzFteqBkqe6YgKWkG5kDVwIhAKr4Lr4v+MU1G5D5oSZXYxvUPBa4yARcD7QM CgYIKoZIzj0EAwIDaQAwZgIxAMO0YnNWKJUAfXgSJtJxexn4ipg+kv4znuR50v56
espQnlFX t4d0PCu412mUC6Nnd7izvtE2MgIxAP1nnJQjZ8BWukszFQDG48wxCCyci9qpdSMv
uCjn8pwUOkABXK8Mss90fzCfCEOtIA==
-----END CERTIFICATE----- -----END CERTIFICATE-----

7
tests/data_files/test-ca2.key
View File

@ -1,5 +1,6 @@
-----BEGIN EC PRIVATE KEY----- -----BEGIN EC PRIVATE KEY-----
MHcCAQEEIBgsCX6wjouYFLrghn4s8iRrt9krCKiFHZYtzY8J7+p3oAoGCCqGSM49 MIGkAgEBBDCD2RUOoHHwVxAzozi4hsGmEV1ttAPhKXZF14dvI6tEIOpke4WxdueF
AwEHoUQDQgAElrizLPspIX2+kNvC+BOpJnw19tnAi5nsUnt8r6N+KDybdaVUWmLI lap01tGkXuqgBwYFK4EEACKhZANiAATD2is0QTdYL4dW/vyJuilDS07gbsMOV1Mz
qZCrjuaGKwOdOZtl/bBp8KOpLZ4UDujV/g== OVjUUrSRlTkLI99fFyRiSPwalSnOLC2HwohSgK/Waqsh3bjTHG5YuMrosmmO80Gt
KcO0X3WnR2/VGSlVaZpTOyC0ZhZgMx4=
-----END EC PRIVATE KEY----- -----END EC PRIVATE KEY-----

25
tests/data_files/test-ca_cat12.crt
View File

@ -79,16 +79,17 @@ m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ
7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA== 7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA==
-----END CERTIFICATE----- -----END CERTIFICATE-----
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIICEjCCAbmgAwIBAgIJAK1CeXaecvbhMAkGByqGSM49BAEwPjELMAkGA1UEBhMC MIICUjCCAdegAwIBAgIJAMFD4n5iQ8zoMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT
TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
IENBMB4XDTEzMDgwOTA3NDk0NloXDTIzMDgwNzA3NDk0NlowPjELMAkGA1UEBhMC QyBDQTAeFw0xMzA5MjQxNTQ5NDhaFw0yMzA5MjIxNTQ5NDhaMD4xCzAJBgNVBAYT
TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAElrizLPspIX2+kNvC+BOpJnw1 QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu
9tnAi5nsUnt8r6N+KDybdaVUWmLIqZCrjuaGKwOdOZtl/bBp8KOpLZ4UDujV/qOB ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy
oDCBnTAdBgNVHQ4EFgQUvEDvue6auzY54S2porosu6a9EHEwbgYDVR0jBGcwZYAU aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqOBoDCBnTAdBgNVHQ4EFgQUnW0g
vEDvue6auzY54S2porosu6a9EHGhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQK JEkBPyvLeLUZvH4kydv7NnwwbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7
EwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAK1CeXae NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE
cvbhMAwGA1UdEwQFMAMBAf8wCQYHKoZIzj0EAQNIADBFAiBs5rd9NzQs/wQZVS6D AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
rjpOpzFteqBkqe6YgKWkG5kDVwIhAKr4Lr4v+MU1G5D5oSZXYxvUPBa4yARcD7QM CgYIKoZIzj0EAwIDaQAwZgIxAMO0YnNWKJUAfXgSJtJxexn4ipg+kv4znuR50v56
espQnlFX t4d0PCu412mUC6Nnd7izvtE2MgIxAP1nnJQjZ8BWukszFQDG48wxCCyci9qpdSMv
uCjn8pwUOkABXK8Mss90fzCfCEOtIA==
-----END CERTIFICATE----- -----END CERTIFICATE-----

25
tests/data_files/test-ca_cat21.crt
View File

@ -1,16 +1,17 @@
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIICEjCCAbmgAwIBAgIJAK1CeXaecvbhMAkGByqGSM49BAEwPjELMAkGA1UEBhMC MIICUjCCAdegAwIBAgIJAMFD4n5iQ8zoMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT
TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
IENBMB4XDTEzMDgwOTA3NDk0NloXDTIzMDgwNzA3NDk0NlowPjELMAkGA1UEBhMC QyBDQTAeFw0xMzA5MjQxNTQ5NDhaFw0yMzA5MjIxNTQ5NDhaMD4xCzAJBgNVBAYT
TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAElrizLPspIX2+kNvC+BOpJnw1 QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu
9tnAi5nsUnt8r6N+KDybdaVUWmLIqZCrjuaGKwOdOZtl/bBp8KOpLZ4UDujV/qOB ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy
oDCBnTAdBgNVHQ4EFgQUvEDvue6auzY54S2porosu6a9EHEwbgYDVR0jBGcwZYAU aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqOBoDCBnTAdBgNVHQ4EFgQUnW0g
vEDvue6auzY54S2porosu6a9EHGhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQK JEkBPyvLeLUZvH4kydv7NnwwbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7
EwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAK1CeXae NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE
cvbhMAwGA1UdEwQFMAMBAf8wCQYHKoZIzj0EAQNIADBFAiBs5rd9NzQs/wQZVS6D AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
rjpOpzFteqBkqe6YgKWkG5kDVwIhAKr4Lr4v+MU1G5D5oSZXYxvUPBa4yARcD7QM CgYIKoZIzj0EAwIDaQAwZgIxAMO0YnNWKJUAfXgSJtJxexn4ipg+kv4znuR50v56
espQnlFX t4d0PCu412mUC6Nnd7izvtE2MgIxAP1nnJQjZ8BWukszFQDG48wxCCyci9qpdSMv
uCjn8pwUOkABXK8Mss90fzCfCEOtIA==
-----END CERTIFICATE----- -----END CERTIFICATE-----
Certificate: Certificate:
Data: Data:

35
tests/data_files/test-int-ca.crt
View File

@ -1,15 +1,24 @@
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIICWjCCAgKgAwIBAgIBDzAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYD MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
VQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAeFw0x A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
MzA4MTAwOTA4NTFaFw0yMzA4MTAwOTA4NTFaMEgxCzAJBgNVBAYTAk5MMREwDwYD MTMwOTI0MTU1NTE0WhcNMjMwOTIyMTU1NTE0WjBIMQswCQYDVQQGEwJOTDERMA8G
VQQKEwhQb2xhclNTTDEmMCQGA1UEAxMdUG9sYXJTU0wgVGVzdCBJbnRlcm1lZGlh A1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
dGUgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN/CgAVAhMzUJ7kFpAjx YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq
7vwq2Vs4qmy6nuwOJ7UNBHXaWKSBUUP9KhExuTGMeNvYZmLiwfrd7p22Cgj1VFwp vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR
V/5FEuEk4C7pXSZxqn2bXTaD1ivOVu9I0yKmA3+95f34V72fiqQ2U/SssGhI0EX4 wfEI+b4azse460InPHv7C1TN0upXlxuj6m9B1IlP+sBaM7WBC6dVfPO+jVMIxgkF
pSMEEbX8NOR31MCFut8ACzQ1AgMBAAGjgaAwgZ0wHQYDVR0OBBYEFElj+Qjo/QJa CaBCLhhdK1Fjf8HjkT/PkctWnho8NTwivc9+nqRZjXe/eIcqm5HwjDDhu+gz+o0g
RPVBKY3PvE/SwB68MG4GA1UdIwRnMGWAFLxA77numrs2OeEtqaK6LLumvRBxoUKk Vz9MfZNi1JyCrOyNZcy+cr2QeNnNVGnFq8xTxtu6dLunhpmLFj2mm0Vjwa7Ypj5q
QDA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1Bv AjpqTMtDvqbRuToyoyzajhMNcCAf7gwzIupJJFVdjdtgYAcQwzikwF5HoITJzzJ2
bGFyc3NsIFRlc3QgRUMgQ0GCCQCtQnl2nnL24TAMBgNVHRMEBTADAQH/MAkGByqG qgxF7CmvGZNb7G99mLdLdhtclH3wAQKHYwEGJo7XKyNEuHPQgB+e0cg1SD1HqlAM
SM49BAEDRwAwRAIgfIwD+A0rcrrJWKLR1g88ImIx5765D0ZAixZy9Q1j8EgCIFPo uCfGGTWQ6me7Bjan3t0NzoTdDq6IpKTesbaY+/9e2xn8DCrhBKLXQMZFDZqUoLYA
AAs001kkpocmMwGv3Mz8bYCK+0GwSteAoWtZmTz0 kGPOEGgvlPnIIXAawouxCaNYEh5Uw871YMSPT28rLdFr49dwYOtDg9foA8hDIW2P
d6KXbrZteesvA1nYzEOs+3AjrbT79Md2W8Bz9bqBVNlNOESSqm4kiCJFmslm/6br
Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg
updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY
a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7
NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE
AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
CgYIKoZIzj0EAwIDaAAwZQIxAPyE+u+eP7gRrSFjQicmpYg8jiFUCYEowWY2zuOG
i1HXYwmpDHfasQ3rNSuf/gHvjwIwbSSjumDk+uYNci/KMELDsD0MFHxZhhBc9Hp9
Af5cNR8KhzegznL6amRObGGKmX1F
-----END CERTIFICATE----- -----END CERTIFICATE-----

67
tests/data_files/test-int-ca.key
View File

@ -1,16 +1,51 @@
-----BEGIN PRIVATE KEY----- -----BEGIN RSA PRIVATE KEY-----
MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAN/CgAVAhMzUJ7kF MIIJKQIBAAKCAgEAo1Oc8nr6fMTqvowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7Jep
pAjx7vwq2Vs4qmy6nuwOJ7UNBHXaWKSBUUP9KhExuTGMeNvYZmLiwfrd7p22Cgj1 dFjAVbBtyQRJSiY1ja0tgLQDDKZRwfEI+b4azse460InPHv7C1TN0upXlxuj6m9B
VFwpV/5FEuEk4C7pXSZxqn2bXTaD1ivOVu9I0yKmA3+95f34V72fiqQ2U/SssGhI 1IlP+sBaM7WBC6dVfPO+jVMIxgkFCaBCLhhdK1Fjf8HjkT/PkctWnho8NTwivc9+
0EX4pSMEEbX8NOR31MCFut8ACzQ1AgMBAAECgYB+yAibcTQNjoO3TN/lhZcgX/Lp nqRZjXe/eIcqm5HwjDDhu+gz+o0gVz9MfZNi1JyCrOyNZcy+cr2QeNnNVGnFq8xT
wdCmbJMRMvACoI6PbBjflLoD6NTGC0NgNLRh9FoG226HgunpiDRlYQPceDx3MP5p xtu6dLunhpmLFj2mm0Vjwa7Ypj5qAjpqTMtDvqbRuToyoyzajhMNcCAf7gwzIupJ
1bcUInatOdAMbYoYw+O+y+/w9qDQWiWOskkdaiktFlaZFC9jaI37jr5ChCsH+3v3 JFVdjdtgYAcQwzikwF5HoITJzzJ2qgxF7CmvGZNb7G99mLdLdhtclH3wAQKHYwEG
bjnX/8YWYeBZHZEowQJBAPvvhioS4b2RcrkLSUI7pJx3Dlj4m/crlK0v0un1ikNg Jo7XKyNEuHPQgB+e0cg1SD1HqlAMuCfGGTWQ6me7Bjan3t0NzoTdDq6IpKTesbaY
ahplDMZoTFhvagUGDKXE4Uqj3Iz9c4QKsZozcwBio4UCQQDjXpyXHscDqo6iXaAz +/9e2xn8DCrhBKLXQMZFDZqUoLYAkGPOEGgvlPnIIXAawouxCaNYEh5Uw871YMSP
8McsxXQs1ITs3R9F6SwPbhmF1W7WiMgR5udEHnBkagyFzl2LpwJdFUW3BFHOpPhe T28rLdFr49dwYOtDg9foA8hDIW2Pd6KXbrZteesvA1nYzEOs+3AjrbT79Md2W8Bz
63TxAkEAorlQ9PgBKoo5iV/Kz6bqac1UTQ823e0eOMZ8+nSH+4DYx3ehSr2vIifE 9bqBVNlNOESSqm4kiCJFmslm/6brNp0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TY
WL5RiPijc6xnFgHWjODDWhAFJaiQaQJBAL1weu++iPqZBLZrY6tjFdBLw/wGJapk YhMbfnfFyo4m707ebcflPbBEN2dgupdQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEA
okXRfRBuH33O0saUuH2R8WZkJijD4yMpSe+tet6rdqaCRtbxxK7xZ0ECQFxKE1Zb AQKCAgEAgyuxzuSJrA8SYLptIoP+e7YiUqCOfy1Z9q3paLeUAhRmWilrxK9KuQcb
nzECNNfhXkswM4X5ieCZAGvh8P0WvmyvPUGkgQIcsQb+exw2FCvsdetqdVHQqzNl BOhWXCDXvdMpykXIdS5WVyZYCQtuyEeK8haNIHyKII2ZSB1A/3EJckysWB93hnFZ
LKLwwuNT9u4/XCo= gFHzNALOG64+iY34a+Pukc6NmCulGBcjjAWR2KOg9vyRsiRr2m1TkZHFpW9lJMLZ
-----END PRIVATE KEY----- mdkklRDeWhkgEiPpKv6QzMFfkzL9mregE3VgEjQfeFNaZlS2HWddhB5z4i+yTfIw
F1/VXqVg2y8dcP4VrV5PET8NBGPzInkj0lk1NeveE2Cl2DlUq4BMyWvUFkQhAL8B
Zd4GzmL9nimZ6Qb8dVWYC/YTahoIL3+YUCZAGIeczAo6dryheUsj1w3pSErOIY9U
dGSyq9I9XYXqcRNeyfkoNVOZ7ugqk4DvMyv64tt+NIIy9SZGcHuWo3GL0FdKiR5c
Xbn18tD+Wwrka0O1ntvzX1qkwJcpvu5+xNVbobkM4DiluoivOq+29CGANtG2Et7S
m6KCUwSElKsvpI4dNW4nWcbdj8i8gcLiKjqRu9n2BdkvAHaMhVbl9xnp9sveGLcR
iFg6mDsCQuVEH8bGPIMIav/3VUjy1wbMAA54PsqKM0aTA+DHnleXchVAhMm9eHD8
yrV8eb8/bcCbWvhDDi80kuRIaDSsYTwMWpzjz6MU9v8OuFGZZaECggEBANL44VQ7
7tok5XeJJgnRV/PGNlHKksctPMj+ye8iSDrRvHVlHHqvZ26MZJPgXwHCO/NVIWv6
hfCYlfmP/63fZ1WJqDUDxHOgjIbPtOIKTsJi3PbbODVrsycZ3y5OjpbjXKG97cKM
6RX6zbnjtGKPfbUJx+kuAOxmkFLiLJGNlLqzaJafkgWjUAV/nT6Qm2663msfZ/Md
7uDFDNOTbPS74ki5JTjlj8xmxAPcnxjNJ2ijDQ7eiCAm6JozJYy9PYixmuScFF2x
D2N6E9/JWUcYezybUgOLzbwzvJkCRJoBXj09F8cb3m6ZQ04n2peQg/0bn6HUVovF
opZJW9uZTRmFae0CggEBAMYveBnYRXyWqENf8PZ8xlqiOvJBARaIYQOPy1t4LeOv
t4ssvkSJPEG0tP2IT6ptecNN9CVRdPJn7tsgvjgPvqgymLlaw8DheFS3EK4sFd0a
SIwrYcXY8fyAFuGbbcx2JTfmxwLGYXeWG4MDkcYctUhXiObMb0YI2eXlTu4JXqJH
q1myl7pi3gux7JcFjr0ANh9mDOYXzL52WqZObaVUUNn8p/aNWpati9Z9PL2uJNxY
myZbTqWGTpZ8XlZnZYg8bHVJGoc7/seSDEnSreGQtXl6MrnsN9bDU6UhufI0iAiH
fCeELpxjBpvZi2TzYnltX+21f3oUXurXT4eYPJm6YU0CggEBAIrJUSphtvJovU/S
uGRTBEIIzekmk0JWHxu2iU84RT30hb7QwlhvFWLjFrM1MirtBRVBlpf7Gau6JUck
lLVkNw1NXotprA3Iu0lgUIU29LLp6KS4eBSkghmh6nEDGshmT6TTVhrbKebctAOq
qRsBfFfhVFKwgckCe8Uapukls4bSyWX1GVF+KwFC/0WOScIhSno8Ed0cfu38k0CI
RnAFPYpLyhHQ6rUzkZVcyIi/RUKPqOJ0QCaukewG45ffUiCffd8QUlGETjRJtdNN
GN8tWrz3DI/qo3BAtLwPguOxLLaqfv7r9Xradi1vCF0Wo82ZI32JO1n9rMSjA7vF
8LNuUc0CggEAedBPh8Mw4qVPgyoDV93VpXu1s5VU796fkqrdmblCq4Ij1L2JrWKU
0OYboQIZxW1IvEy71fw9X4mWfMWhZZ/31jZTPQqW64UqixeCfyvFvIMdOFqp3Au+
oS6x4bXBRT0RH00P4ZrB6dkvy9Vz0ktu+aokEYhylJ94HyBU5WaI7kITBi0JqZx/
Urzn6OOXmn/4xE/becoDJMZmbXYjWs16bKIpMxgrKBY/r3SG0yeorG8h3e+dZYwp
3cFP0tf2xkgteeGXFqw/q7cPKoj+K3jgsmvzpeeVYsHoNcWHH2I+gs+T9k3+wEz1
kPGkBka6rlwV7Gv0kLrYpIv27CcciHjQuQKCAQActQM3DTC3pzEwwPeYMnSXL9/s
uDqbj3MV6H8fxPIGJWfpDst7nWXhT81uKG6fYmeg5Z6nJXfP0dUF5TpW1zk6VGwn
t/ch6U7HYpseZsywdZPVIo/upgkowXSl6mfqyxzGngXuORh4zhRpcn4GTwzHG2Te
xNqMEb/i/IWnvtfvyfhEBewJcMr9Npwrg615pCiZ8y3cjvJf/gl0cGZ5LIuWBQB5
F16JxF3mm1XCukTXZO90vg3Y1JxeB+YYyF+1aQL+DgvhGZNRrGrBT/QuXQpiMCMf
VM9oZVrI7cYVNnPBEoHVcyP21NQ5AWoFTaSpMJiHZ4FBie0BGO6IkzMcG23r
-----END RSA PRIVATE KEY-----

27
tests/data_files/test-int-ca2.crt
View File

@ -1,17 +1,18 @@
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIICvDCCAaSgAwIBAgIBETANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER MIIC6TCCAdGgAwIBAgIBDzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
MTMwODEwMTA0NzM5WhcNMjMwODEwMTA0NzM5WjBLMQswCQYDVQQGEwJOTDERMA8G MTMwOTI0MTYwODQyWhcNMjMwOTIyMTYwODQyWjBLMQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
YXRlIEVDIENBMEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEF/Nw4VH9gt/WUMJt YXRlIEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8Oih3fX5SLeN1dmFncQl
dKRsyselY6ngTpfw1XDtlLMT2XewBCAgIHDQoeQlVIkxsdRGo4GVMIGSMB0GA1Ud WMw9+Y6sXblhlrXBxhXxjwdwpCHENn+foUVdrqYVYa7Suv3QVeO6nJ19H3QNixW8
DgQWBBSx2UTuz/N6i8HHyCjYumFIv4272TBjBgNVHSMEXDBagBS0WuSls97SUva5 ik1P+hxsbaq8bta78vAyHmC4EmXQLg1w7oxb9Q82qX1Yo4GVMIGSMB0GA1UdDgQW
1aaVD+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NM BBQPib1jQevLXhco/2gwPcGI0JxYOTBjBgNVHSMEXDBagBS0WuSls97SUva51aaV
MRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMAwGA1UdEwQFMAMBAf8wDQYJ D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkw
KoZIhvcNAQEFBQADggEBABKWcjM5s2rqe3Ha3MR8rj5Ki6sXnda6mDFga4sWrkzR FwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZI
aK8FOzHNtGgZvua7mQ3slvxa1b4rdl0ZiCzs16FxeIPrdilo2EqzKKZNbTNx8hGu hvcNAQELBQADggEBAAjeaTUaCBiXT1CYLVr6UFSeRNZBrDPnj6PwqUQTvgB5I5n6
f593cXnjRijU4O4ysqNdPfrmUrJHl+gME6C5eLJsrdlhYXa8zog+eOUn/94EFq6I yXqoE4RYDaEL0Lg24juFxI26itBuypto6vscgGq77cfrP/avSdxU+xeZ4bCWvh3M
QW/7hcaAN8mr1ZPCml+dWNynkYd7TqtqIkukB6pqZU9SkSIX6iNaRZXhSjge/+iB ddj9lmko2U8I8GhBcHpSuIiTvgKDB8eKkjeq3AsLGchHDvip8pB3IhcNfL7W94Zf
XkJS7NXqwQZ3ktUhHYrkqSuVkdL61hrkB20T3NaPaYGPj/PcnCfk9nOmTmWlqHhl 7/lH9VQiE3/px7amD32cidoPvWLA9U3f1FsPmJESUz0wwNfINpDjmPr8dGbkCN+M
FZM816w2/AT6G98zJgU0iAG53ANVO1k+FgbUFjrqRDQ= CFhxo6sCfK8KLYG4nYX8FwxVR86kpSrO9e84AX0YYbdzxprbc2XOaebJ8+BDmzut
ARkD7DTXrodN1wV7jQJkrUuEwPj9Rhvk+MFRkaw=
-----END CERTIFICATE----- -----END CERTIFICATE-----

7
tests/data_files/test-int-ca2.key
View File

@ -1,5 +1,6 @@
-----BEGIN EC PRIVATE KEY----- -----BEGIN EC PRIVATE KEY-----
MF8CAQEEGFgy1xMAKfxIVYM/GIkSort30RcWwJOv3aAKBggqhkjOPQMBAaE0AzIA MIGkAgEBBDAtxOHUV4be1MdH1frBHzxITCyUSxrVjJN8QTvTVk558ka0a3zhd4Pb
BBfzcOFR/YLf1lDCbXSkbMrHpWOp4E6X8NVw7ZSzE9l3sAQgICBw0KHkJVSJMbHU ekWt7wBPXQegBwYFK4EEACKhZANiAATw6KHd9flIt43V2YWdxCVYzD35jqxduWGW
Rg== tcHGFfGPB3CkIcQ2f5+hRV2uphVhrtK6/dBV47qcnX0fdA2LFbyKTU/6HGxtqrxu
1rvy8DIeYLgSZdAuDXDujFv1DzapfVg=
-----END EC PRIVATE KEY----- -----END EC PRIVATE KEY-----

2
tests/suites/test_suite_ecp.data
View File

@ -246,6 +246,7 @@ depends_on:POLARSSL_ECP_DP_SECP521R1_ENABLED
ecp_tls_write_read_group:POLARSSL_ECP_DP_SECP521R1 ecp_tls_write_read_group:POLARSSL_ECP_DP_SECP521R1
ECP check privkey ECP check privkey
depends_on:POLARSSL_ECP_DP_SECP192R1_ENABLED
ecp_check_privkey:POLARSSL_ECP_DP_SECP192R1 ecp_check_privkey:POLARSSL_ECP_DP_SECP192R1
ECP gen keypair ECP gen keypair
@ -281,5 +282,4 @@ depends_on:POLARSSL_ECP_DP_SECP521R1_ENABLED
ecp_test_vect:POLARSSL_ECP_DP_SECP521R1:"0113F82DA825735E3D97276683B2B74277BAD27335EA71664AF2430CC4F33459B9669EE78B3FFB9B8683015D344DCBFEF6FB9AF4C6C470BE254516CD3C1A1FB47362":"01EBB34DD75721ABF8ADC9DBED17889CBB9765D90A7C60F2CEF007BB0F2B26E14881FD4442E689D61CB2DD046EE30E3FFD20F9A45BBDF6413D583A2DBF59924FD35C":"00F6B632D194C0388E22D8437E558C552AE195ADFD153F92D74908351B2F8C4EDA94EDB0916D1B53C020B5EECAED1A5FC38A233E4830587BB2EE3489B3B42A5A86A4":"00CEE3480D8645A17D249F2776D28BAE616952D1791FDB4B70F7C3378732AA1B22928448BCD1DC2496D435B01048066EBE4F72903C361B1A9DC1193DC2C9D0891B96":"010EBFAFC6E85E08D24BFFFCC1A4511DB0E634BEEB1B6DEC8C5939AE44766201AF6200430BA97C8AC6A0E9F08B33CE7E9FEEB5BA4EE5E0D81510C24295B8A08D0235":"00A4A6EC300DF9E257B0372B5E7ABFEF093436719A77887EBB0B18CF8099B9F4212B6E30A1419C18E029D36863CC9D448F4DBA4D2A0E60711BE572915FBD4FEF2695":"00CDEA89621CFA46B132F9E4CFE2261CDE2D4368EB5656634C7CC98C7A00CDE54ED1866A0DD3E6126C9D2F845DAFF82CEB1DA08F5D87521BB0EBECA77911169C20CC":"00F9A71641029B7FC1A808AD07CD4861E868614B865AFBECAB1F2BD4D8B55EBCB5E3A53143CEB2C511B1AE0AF5AC827F60F2FD872565AC5CA0A164038FE980A7E4BD" ecp_test_vect:POLARSSL_ECP_DP_SECP521R1:"0113F82DA825735E3D97276683B2B74277BAD27335EA71664AF2430CC4F33459B9669EE78B3FFB9B8683015D344DCBFEF6FB9AF4C6C470BE254516CD3C1A1FB47362":"01EBB34DD75721ABF8ADC9DBED17889CBB9765D90A7C60F2CEF007BB0F2B26E14881FD4442E689D61CB2DD046EE30E3FFD20F9A45BBDF6413D583A2DBF59924FD35C":"00F6B632D194C0388E22D8437E558C552AE195ADFD153F92D74908351B2F8C4EDA94EDB0916D1B53C020B5EECAED1A5FC38A233E4830587BB2EE3489B3B42A5A86A4":"00CEE3480D8645A17D249F2776D28BAE616952D1791FDB4B70F7C3378732AA1B22928448BCD1DC2496D435B01048066EBE4F72903C361B1A9DC1193DC2C9D0891B96":"010EBFAFC6E85E08D24BFFFCC1A4511DB0E634BEEB1B6DEC8C5939AE44766201AF6200430BA97C8AC6A0E9F08B33CE7E9FEEB5BA4EE5E0D81510C24295B8A08D0235":"00A4A6EC300DF9E257B0372B5E7ABFEF093436719A77887EBB0B18CF8099B9F4212B6E30A1419C18E029D36863CC9D448F4DBA4D2A0E60711BE572915FBD4FEF2695":"00CDEA89621CFA46B132F9E4CFE2261CDE2D4368EB5656634C7CC98C7A00CDE54ED1866A0DD3E6126C9D2F845DAFF82CEB1DA08F5D87521BB0EBECA77911169C20CC":"00F9A71641029B7FC1A808AD07CD4861E868614B865AFBECAB1F2BD4D8B55EBCB5E3A53143CEB2C511B1AE0AF5AC827F60F2FD872565AC5CA0A164038FE980A7E4BD"
ECP selftest ECP selftest
depends_on:POLARSSL_SELF_TEST
ecp_selftest: ecp_selftest:

58
tests/suites/test_suite_x509parse.data
View File

@ -44,30 +44,30 @@ x509_cert_info:"data_files/cert_sha512.crt":"cert. version \: 3\nserial number \
X509 Certificate information EC, SHA1 Digest X509 Certificate information EC, SHA1 Digest
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C
x509_cert_info:"data_files/server5.crt":"cert. version \: 3\nserial number \: 03\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-08-09 07\:57\:40\nexpires on \: 2023-08-07 07\:57\:40\nsigned using \: ECDSA with SHA1\nEC key size \: 192 bits\n" x509_cert_info:"data_files/server5-sha1.crt":"cert. version \: 3\nserial number \: 12\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\n"
X509 Certificate information EC, SHA224 Digest X509 Certificate information EC, SHA224 Digest
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C
x509_cert_info:"data_files/server5-sha224.crt":"cert. version \: 3\nserial number \: 06\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-08-09 08\:08\:12\nexpires on \: 2023-08-07 08\:08\:12\nsigned using \: ECDSA with SHA224\nEC key size \: 192 bits\n" x509_cert_info:"data_files/server5-sha224.crt":"cert. version \: 3\nserial number \: 13\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA224\nEC key size \: 256 bits\n"
X509 Certificate information EC, SHA256 Digest X509 Certificate information EC, SHA256 Digest
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C
x509_cert_info:"data_files/server5-sha256.crt":"cert. version \: 3\nserial number \: 07\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-08-09 08\:08\:17\nexpires on \: 2023-08-07 08\:08\:17\nsigned using \: ECDSA with SHA256\nEC key size \: 192 bits\n" x509_cert_info:"data_files/server5.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 15\:52\:04\nexpires on \: 2023-09-22 15\:52\:04\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\n"
X509 Certificate information EC, SHA384 Digest X509 Certificate information EC, SHA384 Digest
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C
x509_cert_info:"data_files/server5-sha384.crt":"cert. version \: 3\nserial number \: 08\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-08-09 08\:08\:25\nexpires on \: 2023-08-07 08\:08\:25\nsigned using \: ECDSA with SHA384\nEC key size \: 192 bits\n" x509_cert_info:"data_files/server5-sha384.crt":"cert. version \: 3\nserial number \: 14\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA384\nEC key size \: 256 bits\n"
X509 Certificate information EC, SHA512 Digest X509 Certificate information EC, SHA512 Digest
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C
x509_cert_info:"data_files/server5-sha512.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-08-09 08\:08\:32\nexpires on \: 2023-08-07 08\:08\:32\nsigned using \: ECDSA with SHA512\nEC key size \: 192 bits\n" x509_cert_info:"data_files/server5-sha512.crt":"cert. version \: 3\nserial number \: 15\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA512\nEC key size \: 256 bits\n"
X509 Certificate information RSA signed by EC X509 Certificate information RSA signed by EC
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C
x509_cert_info:"data_files/server4.crt":"cert. version \: 3\nserial number \: 04\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-08-09 07\:57\:57\nexpires on \: 2023-08-07 07\:57\:57\nsigned using \: ECDSA with SHA1\nRSA key size \: 1024 bits\n" x509_cert_info:"data_files/server4.crt":"cert. version \: 3\nserial number \: 08\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 15\:52\:04\nexpires on \: 2023-09-22 15\:52\:04\nsigned using \: ECDSA with SHA256\nRSA key size \: 2048 bits\n"
X509 Certificate information EC signed by RSA X509 Certificate information EC signed by RSA
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED
x509_cert_info:"data_files/server3.crt":"cert. version \: 3\nserial number \: 0D\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-08-09 09\:17\:03\nexpires on \: 2023-08-07 09\:17\:03\nsigned using \: RSA with SHA1\nEC key size \: 192 bits\n" x509_cert_info:"data_files/server3.crt":"cert. version \: 3\nserial number \: 0D\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-08-09 09\:17\:03\nexpires on \: 2023-08-07 09\:17\:03\nsigned using \: RSA with SHA1\nEC key size \: 192 bits\n"
X509 certificate v1 with extension X509 certificate v1 with extension
@ -112,23 +112,23 @@ x509_crl_info:"data_files/crl_sha512.pem":"CRL version \: 1\nissuer name \:
X509 CRL Information EC, SHA1 Digest X509 CRL Information EC, SHA1 Digest
depends_on:POLARSSL_PEM_PARSE_C depends_on:POLARSSL_PEM_PARSE_C
x509_crl_info:"data_files/crl-ec.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-08-09 08\:06\:26\nnext update \: 2023-08-07 08\:06\:26\nRevoked certificates\:\nserial number\: 02 revocation date\: 2013-08-09 08\:04\:03\nsigned using \: ECDSA with SHA1\n" x509_crl_info:"data_files/crl-ec-sha1.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA1\n"
X509 CRL Information EC, SHA224 Digest X509 CRL Information EC, SHA224 Digest
depends_on:POLARSSL_PEM_PARSE_C depends_on:POLARSSL_PEM_PARSE_C
x509_crl_info:"data_files/crl-ec-sha224.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-08-09 08\:06\:38\nnext update \: 2023-08-07 08\:06\:38\nRevoked certificates\:\nserial number\: 02 revocation date\: 2013-08-09 08\:04\:03\nsigned using \: ECDSA with SHA224\n" x509_crl_info:"data_files/crl-ec-sha224.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA224\n"
X509 CRL Information EC, SHA256 Digest X509 CRL Information EC, SHA256 Digest
depends_on:POLARSSL_PEM_PARSE_C depends_on:POLARSSL_PEM_PARSE_C
x509_crl_info:"data_files/crl-ec-sha256.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-08-09 08\:06\:44\nnext update \: 2023-08-07 08\:06\:44\nRevoked certificates\:\nserial number\: 02 revocation date\: 2013-08-09 08\:04\:03\nsigned using \: ECDSA with SHA256\n" x509_crl_info:"data_files/crl-ec-sha256.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA256\n"
X509 CRL Information EC, SHA384 Digest X509 CRL Information EC, SHA384 Digest
depends_on:POLARSSL_PEM_PARSE_C depends_on:POLARSSL_PEM_PARSE_C
x509_crl_info:"data_files/crl-ec-sha384.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-08-09 08\:06\:52\nnext update \: 2023-08-07 08\:06\:52\nRevoked certificates\:\nserial number\: 02 revocation date\: 2013-08-09 08\:04\:03\nsigned using \: ECDSA with SHA384\n" x509_crl_info:"data_files/crl-ec-sha384.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA384\n"
X509 CRL Information EC, SHA512 Digest X509 CRL Information EC, SHA512 Digest
depends_on:POLARSSL_PEM_PARSE_C depends_on:POLARSSL_PEM_PARSE_C
x509_crl_info:"data_files/crl-ec-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-08-09 08\:07\:01\nnext update \: 2023-08-07 08\:07\:01\nRevoked certificates\:\nserial number\: 02 revocation date\: 2013-08-09 08\:04\:03\nsigned using \: ECDSA with SHA512\n" x509_crl_info:"data_files/crl-ec-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA512\n"
X509 Get Distinguished Name #1 X509 Get Distinguished Name #1
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C
@ -300,31 +300,31 @@ x509_verify:"data_files/server3.crt":"data_files/test-ca.crt":"data_files/crl.pe
X509 Certificate verification #33 (Valid, RSA cert, EC CA) X509 Certificate verification #33 (Valid, RSA cert, EC CA)
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C:POLARSSL_ECP_C:POLARSSL_SHA1_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_PKCS1_V15 depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C:POLARSSL_ECP_C:POLARSSL_SHA1_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_PKCS1_V15
x509_verify:"data_files/server4.crt":"data_files/test-ca2.crt":"data_files/crl-ec.pem":"NULL":0:0:"NULL" x509_verify:"data_files/server4.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"NULL"
X509 Certificate verification #34 (Valid, EC cert, EC CA) X509 Certificate verification #34 (Valid, EC cert, EC CA)
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C:POLARSSL_SHA1_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_ECP_DP_SECP192R1_ENABLED depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C:POLARSSL_SHA1_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_ECP_DP_SECP192R1_ENABLED
x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec.pem":"NULL":0:0:"NULL" x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"NULL"
X509 Certificate verification #35 (Revoked, EC CA) X509 Certificate verification #35 (Revoked, EC CA)
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C:POLARSSL_SHA1_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_ECP_DP_SECP192R1_ENABLED depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C:POLARSSL_SHA1_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_ECP_DP_SECP192R1_ENABLED
x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-ec.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED:"NULL" x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED:"NULL"
X509 Certificate verification #36 (Valid, EC CA, SHA224 Digest) X509 Certificate verification #36 (Valid, EC CA, SHA1 Digest)
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C:POLARSSL_SHA256_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_ECP_DP_SECP192R1_ENABLED depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C:POLARSSL_SHA256_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_ECP_DP_SECP192R1_ENABLED
x509_verify:"data_files/server5-sha224.crt":"data_files/test-ca2.crt":"data_files/crl-ec.pem":"NULL":0:0:"NULL" x509_verify:"data_files/server5-sha1.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"NULL"
X509 Certificate verification #37 (Valid, EC CA, SHA256 Digest) X509 Certificate verification #37 (Valid, EC CA, SHA224 Digest)
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C:POLARSSL_SHA256_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_ECP_DP_SECP192R1_ENABLED depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C:POLARSSL_SHA256_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_ECP_DP_SECP192R1_ENABLED
x509_verify:"data_files/server5-sha256.crt":"data_files/test-ca2.crt":"data_files/crl-ec.pem":"NULL":0:0:"NULL" x509_verify:"data_files/server5-sha224.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"NULL"
X509 Certificate verification #38 (Valid, EC CA, SHA384 Digest) X509 Certificate verification #38 (Valid, EC CA, SHA384 Digest)
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C:POLARSSL_SHA512_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_ECP_DP_SECP192R1_ENABLED depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C:POLARSSL_SHA512_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_ECP_DP_SECP192R1_ENABLED
x509_verify:"data_files/server5-sha384.crt":"data_files/test-ca2.crt":"data_files/crl-ec.pem":"NULL":0:0:"NULL" x509_verify:"data_files/server5-sha384.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"NULL"
X509 Certificate verification #39 (Valid, EC CA, SHA512 Digest) X509 Certificate verification #39 (Valid, EC CA, SHA512 Digest)
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C:POLARSSL_SHA512_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_ECP_DP_SECP192R1_ENABLED depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C:POLARSSL_SHA512_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_ECP_DP_SECP192R1_ENABLED
x509_verify:"data_files/server5-sha512.crt":"data_files/test-ca2.crt":"data_files/crl-ec.pem":"NULL":0:0:"NULL" x509_verify:"data_files/server5-sha512.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"NULL"
X509 Certificate verification #40 (Valid, depth 0, RSA, CA) X509 Certificate verification #40 (Valid, depth 0, RSA, CA)
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15 depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15
@ -332,7 +332,7 @@ x509_verify:"data_files/test-ca.crt":"data_files/test-ca.crt":"data_files/crl.pe
X509 Certificate verification #41 (Valid, depth 0, EC, CA) X509 Certificate verification #41 (Valid, depth 0, EC, CA)
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C
x509_verify:"data_files/test-ca2.crt":"data_files/test-ca2.crt":"data_files/crl-ec.pem":"NULL":0:0:"NULL" x509_verify:"data_files/test-ca2.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"NULL"
X509 Certificate verification #42 (Depth 0, not CA, RSA) X509 Certificate verification #42 (Depth 0, not CA, RSA)
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15 depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15
@ -340,11 +340,11 @@ x509_verify:"data_files/server2.crt":"data_files/server2.crt":"data_files/crl.pe
X509 Certificate verification #43 (Depth 0, not CA, EC) X509 Certificate verification #43 (Depth 0, not CA, EC)
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C
x509_verify:"data_files/server5.crt":"data_files/server5.crt":"data_files/crl-ec.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:"NULL" x509_verify:"data_files/server5.crt":"data_files/server5.crt":"data_files/crl-ec-sha256.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:"NULL"
X509 Certificate verification #44 (Corrupted signature, EC) X509 Certificate verification #44 (Corrupted signature, EC)
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_ECP_DP_SECP192R1_ENABLED depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_ECP_DP_SECP192R1_ENABLED
x509_verify:"data_files/server5-badsign.crt":"data_files/test-ca2.crt":"data_files/crl-ec.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:"NULL" x509_verify:"data_files/server5-badsign.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:"NULL"
X509 Certificate verification #45 (Corrupted signature, RSA) X509 Certificate verification #45 (Corrupted signature, RSA)
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15 depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15
@ -352,19 +352,19 @@ x509_verify:"data_files/server2-badsign.crt":"data_files/test-ca.crt":"data_file
X509 Certificate verification #46 (Valid, depth 2, EC-RSA-EC) X509 Certificate verification #46 (Valid, depth 2, EC-RSA-EC)
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C:POLARSSL_RSA_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_ECP_DP_SECP192R1_ENABLED:POLARSSL_PKCS1_V15 depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C:POLARSSL_RSA_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_ECP_DP_SECP192R1_ENABLED:POLARSSL_PKCS1_V15
x509_verify:"data_files/server7_int-ca.crt":"data_files/test-ca2.crt":"data_files/crl-ec.pem":"NULL":0:0:"NULL" x509_verify:"data_files/server7_int-ca.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"NULL"
X509 Certificate verification #47 (Untrusted, depth 2, EC-RSA-EC) X509 Certificate verification #47 (Untrusted, depth 2, EC-RSA-EC)
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C:POLARSSL_RSA_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_ECP_DP_SECP192R1_ENABLED:POLARSSL_PKCS1_V15 depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C:POLARSSL_RSA_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_ECP_DP_SECP192R1_ENABLED:POLARSSL_PKCS1_V15
x509_verify:"data_files/server7_int-ca.crt":"data_files/test-ca.crt":"data_files/crl-ec.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:"NULL" x509_verify:"data_files/server7_int-ca.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:"NULL"
X509 Certificate verification #48 (Missing intermediate CA, EC-RSA-EC) X509 Certificate verification #48 (Missing intermediate CA, EC-RSA-EC)
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C:POLARSSL_RSA_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_ECP_DP_SECP192R1_ENABLED:POLARSSL_PKCS1_V15 depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C:POLARSSL_RSA_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_ECP_DP_SECP192R1_ENABLED:POLARSSL_PKCS1_V15
x509_verify:"data_files/server7.crt":"data_files/test-ca.crt":"data_files/crl-ec.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:"NULL" x509_verify:"data_files/server7.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:"NULL"
X509 Certificate verification #49 (Valid, depth 2, RSA-EC-RSA) X509 Certificate verification #49 (Valid, depth 2, RSA-EC-RSA)
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C:POLARSSL_RSA_C:POLARSSL_ECP_DP_SECP192R1_ENABLED:POLARSSL_PKCS1_V15 depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C:POLARSSL_RSA_C:POLARSSL_ECP_DP_SECP192R1_ENABLED:POLARSSL_PKCS1_V15
x509_verify:"data_files/server8_int-ca2.crt":"data_files/test-ca.crt":"data_files/crl-ec.pem":"NULL":0:0:"NULL" x509_verify:"data_files/server8_int-ca2.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"NULL"
X509 Certificate verification #50 (Valid, multiple CAs) X509 Certificate verification #50 (Valid, multiple CAs)
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C:POLARSSL_RSA_C:POLARSSL_ECP_DP_SECP192R1_ENABLED:POLARSSL_PKCS1_V15 depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C:POLARSSL_RSA_C:POLARSSL_ECP_DP_SECP192R1_ENABLED:POLARSSL_PKCS1_V15
@ -375,7 +375,7 @@ depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C:POLARSSL_RSA_C:POLARSSL_ECP_DP_
x509_verify:"data_files/server2.crt":"data_files/test-ca_cat21.crt":"data_files/crl.pem":"NULL":0:0:"NULL" x509_verify:"data_files/server2.crt":"data_files/test-ca_cat21.crt":"data_files/crl.pem":"NULL":0:0:"NULL"
X509 Parse Selftest X509 Parse Selftest
depends_on:POLARSSL_MD5_C:POLARSSL_PEM_PARSE_C:POLARSSL_SELF_TEST depends_on:POLARSSL_MD5_C:POLARSSL_PEM_PARSE_C
x509_selftest: x509_selftest:
X509 Certificate ASN1 (Incorrect first tag) X509 Certificate ASN1 (Incorrect first tag)

2
tests/suites/test_suite_x509parse.function
View File

@ -75,7 +75,7 @@ void x509_crl_info( char *crl_file, char *result_str )
} }
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE depends_on:POLARSSL_FS_IO:POLARSSL_X509_CRT_PARSE_C */ /* BEGIN_CASE depends_on:POLARSSL_FS_IO:POLARSSL_X509_CRT_PARSE_C:POLARSSL_X509_CRL_PARSE_C */
void x509_verify( char *crt_file, char *ca_file, char *crl_file, void x509_verify( char *crt_file, char *ca_file, char *crl_file,
char *cn_name_str, int result, int flags_result, char *cn_name_str, int result, int flags_result,
char *verify_callback ) char *verify_callback )