yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-22 10:55:38 +01:00
Code Issues Packages Projects Releases Wiki Activity

- Added support for wildcard certificates

Browse Source 
- Added support for multi-domain certificates through the X509 Subject Alternative Name extension
This commit is contained in:
Paul Bakker 2012-02-11 16:09:32 +00:00
parent fab5c829e7
commit a8cd239d6b
18 changed files with 1005 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ChangeLog
View File

@ -5,6 +5,9 @@ Features
* Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak
ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by
default!
* Added support for wildcard certificates
* Added support for multi-domain certificates through the X509 Subject
Alternative Name extension
= Version 1.1.1 released on 2012-01-23
Bugfix

1
include/polarssl/x509.h
View File

@ -300,6 +300,7 @@ typedef struct _x509_cert
x509_buf issuer_id; /**< Optional X.509 v2/v3 issuer unique identifier. */
x509_buf subject_id; /**< Optional X.509 v2/v3 subject unique identifier. */
x509_buf v3_ext; /**< Optional X.509 v3 extensions. Only Basic Contraints are supported at this time. */
x509_sequence subject_alt_names; /**< Optional list of Subject Alternative Names (Only dNSName supported). */
int ext_types; /**< Bit string containing detected and parsed extensions */
int ca_istrue; /**< Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. */

162
library/x509parse.c
View File

@ -784,6 +784,102 @@ static int x509_get_ext_key_usage( unsigned char **p,
return 0;
}
/*
* SubjectAltName ::= GeneralNames
*
* GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
*
* GeneralName ::= CHOICE {
* otherName [0] OtherName,
* rfc822Name [1] IA5String,
* dNSName [2] IA5String,
* x400Address [3] ORAddress,
* directoryName [4] Name,
* ediPartyName [5] EDIPartyName,
* uniformResourceIdentifier [6] IA5String,
* iPAddress [7] OCTET STRING,
* registeredID [8] OBJECT IDENTIFIER }
*
* OtherName ::= SEQUENCE {
* type-id OBJECT IDENTIFIER,
* value [0] EXPLICIT ANY DEFINED BY type-id }
*
* EDIPartyName ::= SEQUENCE {
* nameAssigner [0] DirectoryString OPTIONAL,
* partyName [1] DirectoryString }
*
* NOTE: PolarSSL only parses and uses dNSName at this point.
*/
static int x509_get_subject_alt_name( unsigned char **p,
const unsigned char *end,
x509_sequence *subject_alt_name )
{
int ret;
size_t len, tag_len;
asn1_buf *buf;
unsigned char tag;
asn1_sequence *cur = subject_alt_name;
/* Get main sequence tag */
if( ( ret = asn1_get_tag( p, end, &len,
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
if( *p + len != end )
return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
while( *p < end )
{
if( ( end - *p ) < 1 )
return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
POLARSSL_ERR_ASN1_OUT_OF_DATA );
tag = **p;
(*p)++;
if( ( ret = asn1_get_len( p, end, &tag_len ) ) != 0 )
return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
if( ( tag & ASN1_CONTEXT_SPECIFIC ) != ASN1_CONTEXT_SPECIFIC )
return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
if( tag != ( ASN1_CONTEXT_SPECIFIC | 2 ) )
{
*p += tag_len;
continue;
}
buf = &(cur->buf);
buf->tag = tag;
buf->p = *p;
buf->len = tag_len;
*p += buf->len;
/* Allocate and assign next pointer */
if (*p < end)
{
cur->next = (asn1_sequence *) malloc(
sizeof( asn1_sequence ) );
if( cur->next == NULL )
return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
POLARSSL_ERR_ASN1_MALLOC_FAILED );
cur = cur->next;
}
}
/* Set final sequence entry's next pointer to NULL */
cur->next = NULL;
if( *p != end )
return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
return( 0 );
}
/*
* X.509 v3 extensions
*
@ -892,6 +988,15 @@ static int x509_get_crt_ext( unsigned char **p,
return ( ret );
crt->ext_types |= EXT_EXTENDED_KEY_USAGE;
}
else if( ( OID_SIZE( OID_SUBJECT_ALT_NAME ) == extn_oid.len ) &&
memcmp( extn_oid.p, OID_SUBJECT_ALT_NAME, extn_oid.len ) == 0 )
{
/* Parse extended key usage */
if( ( ret = x509_get_subject_alt_name( p, end_ext_octet,
&crt->subject_alt_names ) ) != 0 )
return ( ret );
crt->ext_types |= EXT_SUBJECT_ALT_NAME;
}
else
{
/* No parser found, skip extension */
@ -2866,6 +2971,35 @@ static int x509parse_verifycrl(x509_cert *crt, x509_cert *ca,
return flags;
}
int x509_wildcard_verify( const char *cn, x509_name *name )
{
size_t i;
size_t cn_idx = 0;
if( name->val.len < 3 || name->val.p[0] != '*' || name->val.p[1] != '.' )
return( 0 );
for( i = 0; i < strlen( cn ); ++i )
{
if( cn[i] == '.' )
{
cn_idx = i;
break;
}
}
if( cn_idx == 0 )
return( 0 );
if( memcmp( name->val.p + 1, cn + cn_idx, name->val.len - 1 ) == 0 &&
strlen( cn ) - cn_idx == name->val.len - 1 )
{
return( 1 );
}
return( 0 );
}
/*
* Verify the certificate validity
*/
@ -2882,6 +3016,7 @@ int x509parse_verify( x509_cert *crt,
x509_cert *parent;
x509_name *name;
unsigned char hash[64];
x509_sequence *cur = NULL;
*flags = 0;
@ -2895,17 +3030,40 @@ int x509parse_verify( x509_cert *crt,
while( name != NULL )
{
if( memcmp( name->oid.p, OID_CN, 3 ) == 0 &&
memcmp( name->val.p, cn, cn_len ) == 0 &&
if( memcmp( name->oid.p, OID_CN, 3 ) == 0 )
{
if( memcmp( name->val.p, cn, cn_len ) == 0 &&
name->val.len == cn_len )
break;
if( memcmp( name->val.p, "*.", 2 ) == 0 &&
x509_wildcard_verify( cn, name ) )
break;
}
name = name->next;
}
if( name == NULL )
{
if( crt->ext_types & EXT_SUBJECT_ALT_NAME )
{
cur = &crt->subject_alt_names;
while( cur != NULL )
{
if( memcmp( cn, cur->buf.p, cn_len ) == 0 &&
cur->buf.len == cn_len )
break;
cur = cur->next;
}
}
if( cur == NULL )
*flags |= BADCERT_CN_MISMATCH;
}
}
/*
* Iterate upwards in the given cert chain,

77
programs/ssl/test-ca/cert_example.crt Normal file
View File

@ -0,0 +1,77 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13 (0xd)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
Validity
Not Before: Feb 7 16:06:36 2012 GMT
Not After : Feb 7 16:06:36 2022 GMT
Subject: C=NL, O=PolarSSL, CN=example.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b9:3c:4a:c5:c8:a3:8e:90:17:a4:9e:52:aa:71:
75:26:61:80:e7:c7:b5:6d:8c:ff:aa:b6:41:26:b7:
be:11:ad:5c:73:16:0c:64:11:48:04:ff:d6:e1:3b:
05:db:89:bb:b3:97:09:d5:1c:14:dd:68:87:39:b0:
3d:71:cb:e2:76:d0:1a:d8:18:2d:80:1b:54:f6:e5:
44:9a:f1:cb:af:61:2e:df:49:0d:9d:09:b7:ed:b1:
fd:3c:fd:3c:fa:24:cf:5d:bf:7c:e4:53:e7:25:b5:
ea:44:22:e9:26:d3:ea:20:94:9e:e6:61:67:ba:2e:
07:67:0b:03:2f:a2:09:ed:f0:33:8f:0b:ce:10:ef:
67:a4:c6:08:da:c1:ed:c2:3f:d7:4a:dd:15:3d:f9:
5e:1c:81:60:46:3e:b5:b3:3d:2f:a6:de:47:1c:bc:
92:ae:eb:df:27:6b:16:56:b7:dc:ec:d1:55:57:a5:
6e:ec:75:25:f5:b7:7b:df:ab:d2:3a:5a:91:98:7d:
97:17:0b:13:0a:a7:6b:4a:8b:c1:47:30:fb:3a:f8:
41:04:d5:c1:df:b8:1d:bf:7b:01:a5:65:a2:e0:1e:
36:b7:a6:5c:cc:30:5a:f8:cd:6f:cd:f1:19:62:25:
ca:01:e3:35:7f:fa:20:f5:dc:fd:69:b2:6a:00:7d:
17:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
7D:E4:9C:6B:E6:F9:71:7D:46:D2:12:3D:AD:6B:1D:FD:C2:AA:78:4C
X509v3 Authority Key Identifier:
keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
Signature Algorithm: sha1WithRSAEncryption
83:f7:04:f3:bd:08:cf:81:f9:a1:b0:54:a4:5f:91:1d:15:9f:
03:ab:9a:07:0d:bd:ad:fa:ce:44:79:58:9c:88:d1:6e:48:fd:
2b:f2:6e:fc:1f:c6:3a:28:4d:2a:f7:31:27:e4:64:6d:1c:d2:
a7:64:18:9e:0a:07:cd:4c:44:31:e2:8f:c4:4d:d9:e5:38:85:
32:44:ba:3d:0a:97:c8:3f:59:14:8e:aa:98:e1:69:24:49:8a:
0e:3e:01:b5:fd:88:66:bb:ad:0c:fb:da:87:01:8d:f7:72:30:
78:a8:eb:29:4f:3b:20:6b:3e:83:2c:ee:08:88:b1:e9:e2:37:
48:77:76:bf:f2:92:98:58:21:04:02:1c:23:70:ff:10:45:1e:
69:ac:67:23:0f:1e:62:ef:35:d3:c3:94:dc:99:48:7c:05:ad:
c1:1c:1a:2a:e6:e3:d7:89:f5:44:25:1a:aa:7a:d4:8f:b7:5a:
ae:03:4b:be:5e:e8:43:35:12:e8:b9:95:64:81:ef:26:1a:cd:
e4:82:22:de:2e:ac:93:4f:32:f9:0b:0d:b2:5f:69:21:b9:1b:
f8:54:c0:df:11:17:23:85:ae:71:cb:ae:17:e8:36:2f:aa:fe:
04:04:2b:33:1b:12:2b:80:19:11:6f:ce:cb:bb:6c:fe:a5:80:
a7:4a:6d:0f
-----BEGIN CERTIFICATE-----
MIIDOTCCAiGgAwIBAgIBDTANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
MTIwMjA3MTYwNjM2WhcNMjIwMjA3MTYwNjM2WjA2MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxFDASBgNVBAMTC2V4YW1wbGUuY29tMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTxKxcijjpAXpJ5SqnF1JmGA58e1bYz/qrZB
Jre+Ea1ccxYMZBFIBP/W4TsF24m7s5cJ1RwU3WiHObA9ccvidtAa2BgtgBtU9uVE
mvHLr2Eu30kNnQm37bH9PP08+iTPXb985FPnJbXqRCLpJtPqIJSe5mFnui4HZwsD
L6IJ7fAzjwvOEO9npMYI2sHtwj/XSt0VPfleHIFgRj61sz0vpt5HHLySruvfJ2sW
Vrfc7NFVV6Vu7HUl9bd736vSOlqRmH2XFwsTCqdrSovBRzD7OvhBBNXB37gdv3sB
pWWi4B42t6ZczDBa+M1vzfEZYiXKAeM1f/og9dz9abJqAH0X9wIDAQABo00wSzAJ
BgNVHRMEAjAAMB0GA1UdDgQWBBR95Jxr5vlxfUbSEj2tax39wqp4TDAfBgNVHSME
GDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQUFAAOCAQEAg/cE
870Iz4H5obBUpF+RHRWfA6uaBw29rfrORHlYnIjRbkj9K/Ju/B/GOihNKvcxJ+Rk
bRzSp2QYngoHzUxEMeKPxE3Z5TiFMkS6PQqXyD9ZFI6qmOFpJEmKDj4Btf2IZrut
DPvahwGN93IweKjrKU87IGs+gyzuCIix6eI3SHd2v/KSmFghBAIcI3D/EEUeaaxn
Iw8eYu8108OU3JlIfAWtwRwaKubj14n1RCUaqnrUj7dargNLvl7oQzUS6LmVZIHv
JhrN5IIi3i6sk08y+QsNsl9pIbkb+FTA3xEXI4WuccuuF+g2L6r+BAQrMxsSK4AZ
EW/Oy7ts/qWAp0ptDw==
-----END CERTIFICATE-----

80
programs/ssl/test-ca/cert_example_multi.crt Normal file
View File

@ -0,0 +1,80 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15 (0xf)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
Validity
Not Before: Feb 7 16:06:36 2012 GMT
Not After : Feb 7 16:06:36 2022 GMT
Subject: C=NL, O=PolarSSL, CN=www.example.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b9:3c:4a:c5:c8:a3:8e:90:17:a4:9e:52:aa:71:
75:26:61:80:e7:c7:b5:6d:8c:ff:aa:b6:41:26:b7:
be:11:ad:5c:73:16:0c:64:11:48:04:ff:d6:e1:3b:
05:db:89:bb:b3:97:09:d5:1c:14:dd:68:87:39:b0:
3d:71:cb:e2:76:d0:1a:d8:18:2d:80:1b:54:f6:e5:
44:9a:f1:cb:af:61:2e:df:49:0d:9d:09:b7:ed:b1:
fd:3c:fd:3c:fa:24:cf:5d:bf:7c:e4:53:e7:25:b5:
ea:44:22:e9:26:d3:ea:20:94:9e:e6:61:67:ba:2e:
07:67:0b:03:2f:a2:09:ed:f0:33:8f:0b:ce:10:ef:
67:a4:c6:08:da:c1:ed:c2:3f:d7:4a:dd:15:3d:f9:
5e:1c:81:60:46:3e:b5:b3:3d:2f:a6:de:47:1c:bc:
92:ae:eb:df:27:6b:16:56:b7:dc:ec:d1:55:57:a5:
6e:ec:75:25:f5:b7:7b:df:ab:d2:3a:5a:91:98:7d:
97:17:0b:13:0a:a7:6b:4a:8b:c1:47:30:fb:3a:f8:
41:04:d5:c1:df:b8:1d:bf:7b:01:a5:65:a2:e0:1e:
36:b7:a6:5c:cc:30:5a:f8:cd:6f:cd:f1:19:62:25:
ca:01:e3:35:7f:fa:20:f5:dc:fd:69:b2:6a:00:7d:
17:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
7D:E4:9C:6B:E6:F9:71:7D:46:D2:12:3D:AD:6B:1D:FD:C2:AA:78:4C
X509v3 Authority Key Identifier:
keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
X509v3 Subject Alternative Name:
DNS:www.example.com, DNS:example.com, DNS:example.net
Signature Algorithm: sha1WithRSAEncryption
35:06:02:c6:0a:87:d5:02:5e:fa:74:71:50:bc:ac:8d:b2:c1:
00:18:7f:a5:bc:41:c3:fe:69:44:77:3b:2d:62:99:32:5d:c6:
5b:bc:f4:d6:9e:7c:3d:71:ef:46:d9:a9:ee:df:c2:d0:e1:e4:
ba:23:60:96:8a:18:f7:dd:1b:2b:60:fc:b6:19:83:73:97:e8:
99:50:e2:58:81:10:14:ab:8e:e1:64:0a:b5:15:aa:49:c6:dc:
0b:83:34:c5:3c:d4:ee:80:6a:90:db:41:3e:62:81:b8:fb:9e:
32:48:89:80:06:64:52:70:2e:66:31:2f:02:1d:c2:da:47:c1:
7d:ad:48:10:c8:b0:62:76:aa:e5:40:f7:1a:34:75:4b:b3:be:
69:75:dc:72:e0:f6:c2:b8:0a:01:2d:57:6f:26:fc:0f:50:e3:
8d:17:48:a0:5f:83:b3:c1:e7:b2:e4:00:10:90:bb:5f:58:f5:
66:8c:ec:17:82:5a:97:0d:b8:0f:ce:2d:5e:2a:5b:36:bc:e0:
f1:29:77:44:46:17:93:cc:c3:58:5c:c0:ea:01:23:cc:5b:cf:
c4:a2:af:01:24:0f:b5:d3:22:45:c3:a3:ff:0f:4d:b7:bb:96:
01:b4:7b:cc:c4:5e:c7:5f:ed:65:38:3a:1f:58:2c:87:7d:a4:
92:a4:3e:79
-----BEGIN CERTIFICATE-----
MIIDdTCCAl2gAwIBAgIBDzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
MTIwMjA3MTYwNjM2WhcNMjIwMjA3MTYwNjM2WjA6MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxGDAWBgNVBAMTD3d3dy5leGFtcGxlLmNvbTCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBALk8SsXIo46QF6SeUqpxdSZhgOfHtW2M
/6q2QSa3vhGtXHMWDGQRSAT/1uE7BduJu7OXCdUcFN1ohzmwPXHL4nbQGtgYLYAb
VPblRJrxy69hLt9JDZ0Jt+2x/Tz9PPokz12/fORT5yW16kQi6SbT6iCUnuZhZ7ou
B2cLAy+iCe3wM48LzhDvZ6TGCNrB7cI/10rdFT35XhyBYEY+tbM9L6beRxy8kq7r
3ydrFla33OzRVVelbux1JfW3e9+r0jpakZh9lxcLEwqna0qLwUcw+zr4QQTVwd+4
Hb97AaVlouAeNremXMwwWvjNb83xGWIlygHjNX/6IPXc/WmyagB9F/cCAwEAAaOB
hDCBgTAJBgNVHRMEAjAAMB0GA1UdDgQWBBR95Jxr5vlxfUbSEj2tax39wqp4TDAf
BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zA0BgNVHREELTArgg93d3cu
ZXhhbXBsZS5jb22CC2V4YW1wbGUuY29tggtleGFtcGxlLm5ldDANBgkqhkiG9w0B
AQUFAAOCAQEANQYCxgqH1QJe+nRxULysjbLBABh/pbxBw/5pRHc7LWKZMl3GW7z0
1p58PXHvRtmp7t/C0OHkuiNglooY990bK2D8thmDc5fomVDiWIEQFKuO4WQKtRWq
ScbcC4M0xTzU7oBqkNtBPmKBuPueMkiJgAZkUnAuZjEvAh3C2kfBfa1IEMiwYnaq
5UD3GjR1S7O+aXXccuD2wrgKAS1Xbyb8D1DjjRdIoF+Ds8HnsuQAEJC7X1j1Zozs
F4Jalw24D84tXipbNrzg8Sl3REYXk8zDWFzA6gEjzFvPxKKvASQPtdMiRcOj/w9N
t7uWAbR7zMRex1/tZTg6H1gsh32kkqQ+eQ==
-----END CERTIFICATE-----

77
programs/ssl/test-ca/cert_example_wildcard.crt Normal file
View File

@ -0,0 +1,77 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 12 (0xc)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
Validity
Not Before: Feb 7 16:06:36 2012 GMT
Not After : Feb 7 16:06:36 2022 GMT
Subject: C=NL, O=PolarSSL, CN=*.example.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b9:3c:4a:c5:c8:a3:8e:90:17:a4:9e:52:aa:71:
75:26:61:80:e7:c7:b5:6d:8c:ff:aa:b6:41:26:b7:
be:11:ad:5c:73:16:0c:64:11:48:04:ff:d6:e1:3b:
05:db:89:bb:b3:97:09:d5:1c:14:dd:68:87:39:b0:
3d:71:cb:e2:76:d0:1a:d8:18:2d:80:1b:54:f6:e5:
44:9a:f1:cb:af:61:2e:df:49:0d:9d:09:b7:ed:b1:
fd:3c:fd:3c:fa:24:cf:5d:bf:7c:e4:53:e7:25:b5:
ea:44:22:e9:26:d3:ea:20:94:9e:e6:61:67:ba:2e:
07:67:0b:03:2f:a2:09:ed:f0:33:8f:0b:ce:10:ef:
67:a4:c6:08:da:c1:ed:c2:3f:d7:4a:dd:15:3d:f9:
5e:1c:81:60:46:3e:b5:b3:3d:2f:a6:de:47:1c:bc:
92:ae:eb:df:27:6b:16:56:b7:dc:ec:d1:55:57:a5:
6e:ec:75:25:f5:b7:7b:df:ab:d2:3a:5a:91:98:7d:
97:17:0b:13:0a:a7:6b:4a:8b:c1:47:30:fb:3a:f8:
41:04:d5:c1:df:b8:1d:bf:7b:01:a5:65:a2:e0:1e:
36:b7:a6:5c:cc:30:5a:f8:cd:6f:cd:f1:19:62:25:
ca:01:e3:35:7f:fa:20:f5:dc:fd:69:b2:6a:00:7d:
17:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
7D:E4:9C:6B:E6:F9:71:7D:46:D2:12:3D:AD:6B:1D:FD:C2:AA:78:4C
X509v3 Authority Key Identifier:
keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
Signature Algorithm: sha1WithRSAEncryption
91:b3:84:5c:5d:60:f2:a5:0a:4a:dc:d6:c6:75:da:34:52:72:
6c:0e:60:4f:ef:0e:55:f3:4b:bf:d0:40:e7:91:2c:a7:94:8f:
3d:db:0a:ec:b2:f5:83:a7:a1:33:61:96:37:57:14:80:5b:e7:
bc:e1:d3:2c:36:32:6f:ef:7a:00:99:33:15:fc:38:20:df:74:
7d:3d:0f:81:d0:b4:fd:b6:46:f1:c5:b8:bc:de:74:a2:41:a7:
c8:51:da:20:12:82:3e:0c:8c:48:da:19:b6:52:e9:4f:67:c1:
28:9e:20:b6:ce:be:89:bd:64:d7:05:3e:87:af:ba:2b:5d:aa:
fe:62:66:fb:a6:75:ad:89:a1:18:e8:78:54:ea:df:0a:85:e9:
32:32:a8:1a:cd:35:81:f8:a8:da:d1:16:8a:63:e7:67:da:6e:
e1:3b:1c:31:20:99:ee:e2:b2:fb:82:c5:21:e2:63:4c:61:15:
4d:53:ad:dd:15:7f:0b:b6:33:43:ad:27:8a:b1:af:93:17:72:
c4:be:31:26:93:3c:7d:fc:d5:3d:cf:0b:be:c5:7b:e9:b4:f8:
f3:30:f2:f5:a2:27:eb:9a:71:fc:7f:79:5e:88:c5:a6:2d:33:
57:ba:38:06:e6:ad:0b:96:97:9d:cc:94:7b:83:09:17:a6:ee:
ce:bb:0f:36
-----BEGIN CERTIFICATE-----
MIIDOzCCAiOgAwIBAgIBDDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
MTIwMjA3MTYwNjM2WhcNMjIwMjA3MTYwNjM2WjA4MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxFjAUBgNVBAMUDSouZXhhbXBsZS5jb20wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5PErFyKOOkBeknlKqcXUmYYDnx7VtjP+q
tkEmt74RrVxzFgxkEUgE/9bhOwXbibuzlwnVHBTdaIc5sD1xy+J20BrYGC2AG1T2
5USa8cuvYS7fSQ2dCbftsf08/Tz6JM9dv3zkU+cltepEIukm0+oglJ7mYWe6Lgdn
CwMvognt8DOPC84Q72ekxgjawe3CP9dK3RU9+V4cgWBGPrWzPS+m3kccvJKu698n
axZWt9zs0VVXpW7sdSX1t3vfq9I6WpGYfZcXCxMKp2tKi8FHMPs6+EEE1cHfuB2/
ewGlZaLgHja3plzMMFr4zW/N8RliJcoB4zV/+iD13P1psmoAfRf3AgMBAAGjTTBL
MAkGA1UdEwQCMAAwHQYDVR0OBBYEFH3knGvm+XF9RtISPa1rHf3CqnhMMB8GA1Ud
IwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBBQUAA4IBAQCR
s4RcXWDypQpK3NbGddo0UnJsDmBP7w5V80u/0EDnkSynlI892wrssvWDp6EzYZY3
VxSAW+e84dMsNjJv73oAmTMV/Dgg33R9PQ+B0LT9tkbxxbi83nSiQafIUdogEoI+
DIxI2hm2UulPZ8EoniC2zr6JvWTXBT6Hr7orXar+Ymb7pnWtiaEY6HhU6t8Kheky
MqgazTWB+Kja0RaKY+dn2m7hOxwxIJnu4rL7gsUh4mNMYRVNU63dFX8LtjNDrSeK
sa+TF3LEvjEmkzx9/NU9zwu+xXvptPjzMPL1oifrmnH8f3leiMWmLTNXujgG5q0L
lpedzJR7gwkXpu7Ouw82
-----END CERTIFICATE-----

77
programs/ssl/test-ca/cert_example_www.crt Normal file
View File

@ -0,0 +1,77 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14 (0xe)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
Validity
Not Before: Feb 7 16:06:36 2012 GMT
Not After : Feb 7 16:06:36 2022 GMT
Subject: C=NL, O=PolarSSL, CN=www.example.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b9:3c:4a:c5:c8:a3:8e:90:17:a4:9e:52:aa:71:
75:26:61:80:e7:c7:b5:6d:8c:ff:aa:b6:41:26:b7:
be:11:ad:5c:73:16:0c:64:11:48:04:ff:d6:e1:3b:
05:db:89:bb:b3:97:09:d5:1c:14:dd:68:87:39:b0:
3d:71:cb:e2:76:d0:1a:d8:18:2d:80:1b:54:f6:e5:
44:9a:f1:cb:af:61:2e:df:49:0d:9d:09:b7:ed:b1:
fd:3c:fd:3c:fa:24:cf:5d:bf:7c:e4:53:e7:25:b5:
ea:44:22:e9:26:d3:ea:20:94:9e:e6:61:67:ba:2e:
07:67:0b:03:2f:a2:09:ed:f0:33:8f:0b:ce:10:ef:
67:a4:c6:08:da:c1:ed:c2:3f:d7:4a:dd:15:3d:f9:
5e:1c:81:60:46:3e:b5:b3:3d:2f:a6:de:47:1c:bc:
92:ae:eb:df:27:6b:16:56:b7:dc:ec:d1:55:57:a5:
6e:ec:75:25:f5:b7:7b:df:ab:d2:3a:5a:91:98:7d:
97:17:0b:13:0a:a7:6b:4a:8b:c1:47:30:fb:3a:f8:
41:04:d5:c1:df:b8:1d:bf:7b:01:a5:65:a2:e0:1e:
36:b7:a6:5c:cc:30:5a:f8:cd:6f:cd:f1:19:62:25:
ca:01:e3:35:7f:fa:20:f5:dc:fd:69:b2:6a:00:7d:
17:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
7D:E4:9C:6B:E6:F9:71:7D:46:D2:12:3D:AD:6B:1D:FD:C2:AA:78:4C
X509v3 Authority Key Identifier:
keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
Signature Algorithm: sha1WithRSAEncryption
3e:b2:e4:9b:c0:8b:a0:d1:e8:66:f4:03:7b:76:7f:7e:0f:6b:
e5:78:ef:2f:6c:14:d6:22:5c:0c:bf:c8:70:09:ca:c5:64:a8:
77:ed:e2:8d:ab:27:cc:40:ba:a5:95:d7:ec:a1:cc:41:3d:6b:
e3:69:c5:cb:10:c6:75:59:2c:6f:3d:2d:b3:c3:f8:75:4a:d4:
31:2e:e9:fc:72:4b:42:ed:c8:f7:6e:cd:da:98:db:3f:e2:3b:
ea:26:1b:73:eb:59:f5:10:48:07:45:a3:20:40:2c:c6:95:59:
08:82:26:ab:13:9f:ea:66:b1:05:e5:99:1d:26:0f:21:0f:b5:
2e:52:82:99:53:85:a8:fe:b7:6e:e9:ed:44:01:f8:c8:08:d0:
64:25:43:70:da:3f:1b:0d:97:81:1b:2a:5d:e4:17:10:20:b0:
eb:56:44:be:ec:55:4a:66:c1:c9:69:7b:36:01:66:36:14:22:
37:a4:96:d2:db:0e:bd:01:e9:3e:6a:ef:94:94:63:69:ea:27:
7c:40:29:4a:38:f0:06:dd:4a:06:ef:8b:92:98:ad:02:60:a0:
3c:6c:53:4c:a1:5b:ae:c7:a2:61:ee:0e:18:c6:f8:46:80:c6:
2f:55:38:2a:33:84:da:9a:a4:69:ae:c3:8a:a1:e2:07:6c:71:
9b:56:fd:93
-----BEGIN CERTIFICATE-----
MIIDPTCCAiWgAwIBAgIBDjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
MTIwMjA3MTYwNjM2WhcNMjIwMjA3MTYwNjM2WjA6MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxGDAWBgNVBAMTD3d3dy5leGFtcGxlLmNvbTCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBALk8SsXIo46QF6SeUqpxdSZhgOfHtW2M
/6q2QSa3vhGtXHMWDGQRSAT/1uE7BduJu7OXCdUcFN1ohzmwPXHL4nbQGtgYLYAb
VPblRJrxy69hLt9JDZ0Jt+2x/Tz9PPokz12/fORT5yW16kQi6SbT6iCUnuZhZ7ou
B2cLAy+iCe3wM48LzhDvZ6TGCNrB7cI/10rdFT35XhyBYEY+tbM9L6beRxy8kq7r
3ydrFla33OzRVVelbux1JfW3e9+r0jpakZh9lxcLEwqna0qLwUcw+zr4QQTVwd+4
Hb97AaVlouAeNremXMwwWvjNb83xGWIlygHjNX/6IPXc/WmyagB9F/cCAwEAAaNN
MEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUfeSca+b5cX1G0hI9rWsd/cKqeEwwHwYD
VR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQADggEB
AD6y5JvAi6DR6Gb0A3t2f34Pa+V47y9sFNYiXAy/yHAJysVkqHft4o2rJ8xAuqWV
1+yhzEE9a+NpxcsQxnVZLG89LbPD+HVK1DEu6fxyS0LtyPduzdqY2z/iO+omG3Pr
WfUQSAdFoyBALMaVWQiCJqsTn+pmsQXlmR0mDyEPtS5SgplThaj+t27p7UQB+MgI
0GQlQ3DaPxsNl4EbKl3kFxAgsOtWRL7sVUpmwclpezYBZjYUIjekltLbDr0B6T5q
75SUY2nqJ3xAKUo48AbdSgbvi5KYrQJgoDxsU0yhW67HomHuDhjG+EaAxi9VOCoz
hNqapGmuw4qh4gdscZtW/ZM=
-----END CERTIFICATE-----

20
programs/ssl/test-ca/gen_test_ca.sh
View File

@ -58,6 +58,20 @@ openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_sha384.r
cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Cert SHA512" >> sslconf_use.txt
openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_sha512.req -sha512
cat sslconf.txt > sslconf_use.txt;echo "CN=*.example.com" >> sslconf_use.txt
openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_example_wildcard.req
cat sslconf.txt > sslconf_use.txt;echo "CN=example.com" >> sslconf_use.txt
openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_example.req
cat sslconf.txt > sslconf_use.txt;echo "CN=www.example.com" >> sslconf_use.txt
openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_example_www.req
cat sslconf.txt > sslconf_use.txt;echo "CN=www.example.com" >> sslconf_use.txt
echo "[ v3_req ]" >> sslconf_use.txt
echo "subjectAltName = \"DNS:www.example.com,DNS:example.com,DNS:example.net\"" >> sslconf_use.txt
openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_example_multi.req -reqexts "v3_req"
echo "Signing requests"
for i in server1 server2 client1 client2;
do
@ -71,6 +85,12 @@ do
-batch -in cert_$i.req -md $i
done
for i in example_wildcard example example_www example_multi;
do
openssl ca -config sslconf.txt -out cert_$i.crt -passin pass:$PASSWORD \
-batch -in cert_$i.req
done
echo "Revoking firsts"
openssl ca -batch -config sslconf.txt -revoke server1.crt -passin pass:$PASSWORD
openssl ca -batch -config sslconf.txt -revoke client1.crt -passin pass:$PASSWORD

4
programs/ssl/test-ca/index
View File

@ -9,3 +9,7 @@ V 210212144407Z 08 unknown /C=NL/O=PolarSSL/CN=PolarSSL Cert SHA224
V 210212144407Z 09 unknown /C=NL/O=PolarSSL/CN=PolarSSL Cert SHA256
V 210212144407Z 0A unknown /C=NL/O=PolarSSL/CN=PolarSSL Cert SHA384
V 210212144407Z 0B unknown /C=NL/O=PolarSSL/CN=PolarSSL Cert SHA512
V 220207160636Z 0C unknown /C=NL/O=PolarSSL/CN=*.example.com
V 220207160636Z 0D unknown /C=NL/O=PolarSSL/CN=example.com
V 220207160636Z 0E unknown /C=NL/O=PolarSSL/CN=www.example.com
V 220207160636Z 0F unknown /C=NL/O=PolarSSL/CN=www.example.com

77
programs/ssl/test-ca/newcerts/0C.pem Normal file
View File

@ -0,0 +1,77 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 12 (0xc)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
Validity
Not Before: Feb 7 16:06:36 2012 GMT
Not After : Feb 7 16:06:36 2022 GMT
Subject: C=NL, O=PolarSSL, CN=*.example.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b9:3c:4a:c5:c8:a3:8e:90:17:a4:9e:52:aa:71:
75:26:61:80:e7:c7:b5:6d:8c:ff:aa:b6:41:26:b7:
be:11:ad:5c:73:16:0c:64:11:48:04:ff:d6:e1:3b:
05:db:89:bb:b3:97:09:d5:1c:14:dd:68:87:39:b0:
3d:71:cb:e2:76:d0:1a:d8:18:2d:80:1b:54:f6:e5:
44:9a:f1:cb:af:61:2e:df:49:0d:9d:09:b7:ed:b1:
fd:3c:fd:3c:fa:24:cf:5d:bf:7c:e4:53:e7:25:b5:
ea:44:22:e9:26:d3:ea:20:94:9e:e6:61:67:ba:2e:
07:67:0b:03:2f:a2:09:ed:f0:33:8f:0b:ce:10:ef:
67:a4:c6:08:da:c1:ed:c2:3f:d7:4a:dd:15:3d:f9:
5e:1c:81:60:46:3e:b5:b3:3d:2f:a6:de:47:1c:bc:
92:ae:eb:df:27:6b:16:56:b7:dc:ec:d1:55:57:a5:
6e:ec:75:25:f5:b7:7b:df:ab:d2:3a:5a:91:98:7d:
97:17:0b:13:0a:a7:6b:4a:8b:c1:47:30:fb:3a:f8:
41:04:d5:c1:df:b8:1d:bf:7b:01:a5:65:a2:e0:1e:
36:b7:a6:5c:cc:30:5a:f8:cd:6f:cd:f1:19:62:25:
ca:01:e3:35:7f:fa:20:f5:dc:fd:69:b2:6a:00:7d:
17:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
7D:E4:9C:6B:E6:F9:71:7D:46:D2:12:3D:AD:6B:1D:FD:C2:AA:78:4C
X509v3 Authority Key Identifier:
keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
Signature Algorithm: sha1WithRSAEncryption
91:b3:84:5c:5d:60:f2:a5:0a:4a:dc:d6:c6:75:da:34:52:72:
6c:0e:60:4f:ef:0e:55:f3:4b:bf:d0:40:e7:91:2c:a7:94:8f:
3d:db:0a:ec:b2:f5:83:a7:a1:33:61:96:37:57:14:80:5b:e7:
bc:e1:d3:2c:36:32:6f:ef:7a:00:99:33:15:fc:38:20:df:74:
7d:3d:0f:81:d0:b4:fd:b6:46:f1:c5:b8:bc:de:74:a2:41:a7:
c8:51:da:20:12:82:3e:0c:8c:48:da:19:b6:52:e9:4f:67:c1:
28:9e:20:b6:ce:be:89:bd:64:d7:05:3e:87:af:ba:2b:5d:aa:
fe:62:66:fb:a6:75:ad:89:a1:18:e8:78:54:ea:df:0a:85:e9:
32:32:a8:1a:cd:35:81:f8:a8:da:d1:16:8a:63:e7:67:da:6e:
e1:3b:1c:31:20:99:ee:e2:b2:fb:82:c5:21:e2:63:4c:61:15:
4d:53:ad:dd:15:7f:0b:b6:33:43:ad:27:8a:b1:af:93:17:72:
c4:be:31:26:93:3c:7d:fc:d5:3d:cf:0b:be:c5:7b:e9:b4:f8:
f3:30:f2:f5:a2:27:eb:9a:71:fc:7f:79:5e:88:c5:a6:2d:33:
57:ba:38:06:e6:ad:0b:96:97:9d:cc:94:7b:83:09:17:a6:ee:
ce:bb:0f:36
-----BEGIN CERTIFICATE-----
MIIDOzCCAiOgAwIBAgIBDDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
MTIwMjA3MTYwNjM2WhcNMjIwMjA3MTYwNjM2WjA4MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxFjAUBgNVBAMUDSouZXhhbXBsZS5jb20wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5PErFyKOOkBeknlKqcXUmYYDnx7VtjP+q
tkEmt74RrVxzFgxkEUgE/9bhOwXbibuzlwnVHBTdaIc5sD1xy+J20BrYGC2AG1T2
5USa8cuvYS7fSQ2dCbftsf08/Tz6JM9dv3zkU+cltepEIukm0+oglJ7mYWe6Lgdn
CwMvognt8DOPC84Q72ekxgjawe3CP9dK3RU9+V4cgWBGPrWzPS+m3kccvJKu698n
axZWt9zs0VVXpW7sdSX1t3vfq9I6WpGYfZcXCxMKp2tKi8FHMPs6+EEE1cHfuB2/
ewGlZaLgHja3plzMMFr4zW/N8RliJcoB4zV/+iD13P1psmoAfRf3AgMBAAGjTTBL
MAkGA1UdEwQCMAAwHQYDVR0OBBYEFH3knGvm+XF9RtISPa1rHf3CqnhMMB8GA1Ud
IwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBBQUAA4IBAQCR
s4RcXWDypQpK3NbGddo0UnJsDmBP7w5V80u/0EDnkSynlI892wrssvWDp6EzYZY3
VxSAW+e84dMsNjJv73oAmTMV/Dgg33R9PQ+B0LT9tkbxxbi83nSiQafIUdogEoI+
DIxI2hm2UulPZ8EoniC2zr6JvWTXBT6Hr7orXar+Ymb7pnWtiaEY6HhU6t8Kheky
MqgazTWB+Kja0RaKY+dn2m7hOxwxIJnu4rL7gsUh4mNMYRVNU63dFX8LtjNDrSeK
sa+TF3LEvjEmkzx9/NU9zwu+xXvptPjzMPL1oifrmnH8f3leiMWmLTNXujgG5q0L
lpedzJR7gwkXpu7Ouw82
-----END CERTIFICATE-----

77
programs/ssl/test-ca/newcerts/0D.pem Normal file
View File

@ -0,0 +1,77 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13 (0xd)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
Validity
Not Before: Feb 7 16:06:36 2012 GMT
Not After : Feb 7 16:06:36 2022 GMT
Subject: C=NL, O=PolarSSL, CN=example.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b9:3c:4a:c5:c8:a3:8e:90:17:a4:9e:52:aa:71:
75:26:61:80:e7:c7:b5:6d:8c:ff:aa:b6:41:26:b7:
be:11:ad:5c:73:16:0c:64:11:48:04:ff:d6:e1:3b:
05:db:89:bb:b3:97:09:d5:1c:14:dd:68:87:39:b0:
3d:71:cb:e2:76:d0:1a:d8:18:2d:80:1b:54:f6:e5:
44:9a:f1:cb:af:61:2e:df:49:0d:9d:09:b7:ed:b1:
fd:3c:fd:3c:fa:24:cf:5d:bf:7c:e4:53:e7:25:b5:
ea:44:22:e9:26:d3:ea:20:94:9e:e6:61:67:ba:2e:
07:67:0b:03:2f:a2:09:ed:f0:33:8f:0b:ce:10:ef:
67:a4:c6:08:da:c1:ed:c2:3f:d7:4a:dd:15:3d:f9:
5e:1c:81:60:46:3e:b5:b3:3d:2f:a6:de:47:1c:bc:
92:ae:eb:df:27:6b:16:56:b7:dc:ec:d1:55:57:a5:
6e:ec:75:25:f5:b7:7b:df:ab:d2:3a:5a:91:98:7d:
97:17:0b:13:0a:a7:6b:4a:8b:c1:47:30:fb:3a:f8:
41:04:d5:c1:df:b8:1d:bf:7b:01:a5:65:a2:e0:1e:
36:b7:a6:5c:cc:30:5a:f8:cd:6f:cd:f1:19:62:25:
ca:01:e3:35:7f:fa:20:f5:dc:fd:69:b2:6a:00:7d:
17:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
7D:E4:9C:6B:E6:F9:71:7D:46:D2:12:3D:AD:6B:1D:FD:C2:AA:78:4C
X509v3 Authority Key Identifier:
keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
Signature Algorithm: sha1WithRSAEncryption
83:f7:04:f3:bd:08:cf:81:f9:a1:b0:54:a4:5f:91:1d:15:9f:
03:ab:9a:07:0d:bd:ad:fa:ce:44:79:58:9c:88:d1:6e:48:fd:
2b:f2:6e:fc:1f:c6:3a:28:4d:2a:f7:31:27:e4:64:6d:1c:d2:
a7:64:18:9e:0a:07:cd:4c:44:31:e2:8f:c4:4d:d9:e5:38:85:
32:44:ba:3d:0a:97:c8:3f:59:14:8e:aa:98:e1:69:24:49:8a:
0e:3e:01:b5:fd:88:66:bb:ad:0c:fb:da:87:01:8d:f7:72:30:
78:a8:eb:29:4f:3b:20:6b:3e:83:2c:ee:08:88:b1:e9:e2:37:
48:77:76:bf:f2:92:98:58:21:04:02:1c:23:70:ff:10:45:1e:
69:ac:67:23:0f:1e:62:ef:35:d3:c3:94:dc:99:48:7c:05:ad:
c1:1c:1a:2a:e6:e3:d7:89:f5:44:25:1a:aa:7a:d4:8f:b7:5a:
ae:03:4b:be:5e:e8:43:35:12:e8:b9:95:64:81:ef:26:1a:cd:
e4:82:22:de:2e:ac:93:4f:32:f9:0b:0d:b2:5f:69:21:b9:1b:
f8:54:c0:df:11:17:23:85:ae:71:cb:ae:17:e8:36:2f:aa:fe:
04:04:2b:33:1b:12:2b:80:19:11:6f:ce:cb:bb:6c:fe:a5:80:
a7:4a:6d:0f
-----BEGIN CERTIFICATE-----
MIIDOTCCAiGgAwIBAgIBDTANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
MTIwMjA3MTYwNjM2WhcNMjIwMjA3MTYwNjM2WjA2MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxFDASBgNVBAMTC2V4YW1wbGUuY29tMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTxKxcijjpAXpJ5SqnF1JmGA58e1bYz/qrZB
Jre+Ea1ccxYMZBFIBP/W4TsF24m7s5cJ1RwU3WiHObA9ccvidtAa2BgtgBtU9uVE
mvHLr2Eu30kNnQm37bH9PP08+iTPXb985FPnJbXqRCLpJtPqIJSe5mFnui4HZwsD
L6IJ7fAzjwvOEO9npMYI2sHtwj/XSt0VPfleHIFgRj61sz0vpt5HHLySruvfJ2sW
Vrfc7NFVV6Vu7HUl9bd736vSOlqRmH2XFwsTCqdrSovBRzD7OvhBBNXB37gdv3sB
pWWi4B42t6ZczDBa+M1vzfEZYiXKAeM1f/og9dz9abJqAH0X9wIDAQABo00wSzAJ
BgNVHRMEAjAAMB0GA1UdDgQWBBR95Jxr5vlxfUbSEj2tax39wqp4TDAfBgNVHSME
GDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQUFAAOCAQEAg/cE
870Iz4H5obBUpF+RHRWfA6uaBw29rfrORHlYnIjRbkj9K/Ju/B/GOihNKvcxJ+Rk
bRzSp2QYngoHzUxEMeKPxE3Z5TiFMkS6PQqXyD9ZFI6qmOFpJEmKDj4Btf2IZrut
DPvahwGN93IweKjrKU87IGs+gyzuCIix6eI3SHd2v/KSmFghBAIcI3D/EEUeaaxn
Iw8eYu8108OU3JlIfAWtwRwaKubj14n1RCUaqnrUj7dargNLvl7oQzUS6LmVZIHv
JhrN5IIi3i6sk08y+QsNsl9pIbkb+FTA3xEXI4WuccuuF+g2L6r+BAQrMxsSK4AZ
EW/Oy7ts/qWAp0ptDw==
-----END CERTIFICATE-----

77
programs/ssl/test-ca/newcerts/0E.pem Normal file
View File

@ -0,0 +1,77 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14 (0xe)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
Validity
Not Before: Feb 7 16:06:36 2012 GMT
Not After : Feb 7 16:06:36 2022 GMT
Subject: C=NL, O=PolarSSL, CN=www.example.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b9:3c:4a:c5:c8:a3:8e:90:17:a4:9e:52:aa:71:
75:26:61:80:e7:c7:b5:6d:8c:ff:aa:b6:41:26:b7:
be:11:ad:5c:73:16:0c:64:11:48:04:ff:d6:e1:3b:
05:db:89:bb:b3:97:09:d5:1c:14:dd:68:87:39:b0:
3d:71:cb:e2:76:d0:1a:d8:18:2d:80:1b:54:f6:e5:
44:9a:f1:cb:af:61:2e:df:49:0d:9d:09:b7:ed:b1:
fd:3c:fd:3c:fa:24:cf:5d:bf:7c:e4:53:e7:25:b5:
ea:44:22:e9:26:d3:ea:20:94:9e:e6:61:67:ba:2e:
07:67:0b:03:2f:a2:09:ed:f0:33:8f:0b:ce:10:ef:
67:a4:c6:08:da:c1:ed:c2:3f:d7:4a:dd:15:3d:f9:
5e:1c:81:60:46:3e:b5:b3:3d:2f:a6:de:47:1c:bc:
92:ae:eb:df:27:6b:16:56:b7:dc:ec:d1:55:57:a5:
6e:ec:75:25:f5:b7:7b:df:ab:d2:3a:5a:91:98:7d:
97:17:0b:13:0a:a7:6b:4a:8b:c1:47:30:fb:3a:f8:
41:04:d5:c1:df:b8:1d:bf:7b:01:a5:65:a2:e0:1e:
36:b7:a6:5c:cc:30:5a:f8:cd:6f:cd:f1:19:62:25:
ca:01:e3:35:7f:fa:20:f5:dc:fd:69:b2:6a:00:7d:
17:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
7D:E4:9C:6B:E6:F9:71:7D:46:D2:12:3D:AD:6B:1D:FD:C2:AA:78:4C
X509v3 Authority Key Identifier:
keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
Signature Algorithm: sha1WithRSAEncryption
3e:b2:e4:9b:c0:8b:a0:d1:e8:66:f4:03:7b:76:7f:7e:0f:6b:
e5:78:ef:2f:6c:14:d6:22:5c:0c:bf:c8:70:09:ca:c5:64:a8:
77:ed:e2:8d:ab:27:cc:40:ba:a5:95:d7:ec:a1:cc:41:3d:6b:
e3:69:c5:cb:10:c6:75:59:2c:6f:3d:2d:b3:c3:f8:75:4a:d4:
31:2e:e9:fc:72:4b:42:ed:c8:f7:6e:cd:da:98:db:3f:e2:3b:
ea:26:1b:73:eb:59:f5:10:48:07:45:a3:20:40:2c:c6:95:59:
08:82:26:ab:13:9f:ea:66:b1:05:e5:99:1d:26:0f:21:0f:b5:
2e:52:82:99:53:85:a8:fe:b7:6e:e9:ed:44:01:f8:c8:08:d0:
64:25:43:70:da:3f:1b:0d:97:81:1b:2a:5d:e4:17:10:20:b0:
eb:56:44:be:ec:55:4a:66:c1:c9:69:7b:36:01:66:36:14:22:
37:a4:96:d2:db:0e:bd:01:e9:3e:6a:ef:94:94:63:69:ea:27:
7c:40:29:4a:38:f0:06:dd:4a:06:ef:8b:92:98:ad:02:60:a0:
3c:6c:53:4c:a1:5b:ae:c7:a2:61:ee:0e:18:c6:f8:46:80:c6:
2f:55:38:2a:33:84:da:9a:a4:69:ae:c3:8a:a1:e2:07:6c:71:
9b:56:fd:93
-----BEGIN CERTIFICATE-----
MIIDPTCCAiWgAwIBAgIBDjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
MTIwMjA3MTYwNjM2WhcNMjIwMjA3MTYwNjM2WjA6MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxGDAWBgNVBAMTD3d3dy5leGFtcGxlLmNvbTCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBALk8SsXIo46QF6SeUqpxdSZhgOfHtW2M
/6q2QSa3vhGtXHMWDGQRSAT/1uE7BduJu7OXCdUcFN1ohzmwPXHL4nbQGtgYLYAb
VPblRJrxy69hLt9JDZ0Jt+2x/Tz9PPokz12/fORT5yW16kQi6SbT6iCUnuZhZ7ou
B2cLAy+iCe3wM48LzhDvZ6TGCNrB7cI/10rdFT35XhyBYEY+tbM9L6beRxy8kq7r
3ydrFla33OzRVVelbux1JfW3e9+r0jpakZh9lxcLEwqna0qLwUcw+zr4QQTVwd+4
Hb97AaVlouAeNremXMwwWvjNb83xGWIlygHjNX/6IPXc/WmyagB9F/cCAwEAAaNN
MEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUfeSca+b5cX1G0hI9rWsd/cKqeEwwHwYD
VR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQADggEB
AD6y5JvAi6DR6Gb0A3t2f34Pa+V47y9sFNYiXAy/yHAJysVkqHft4o2rJ8xAuqWV
1+yhzEE9a+NpxcsQxnVZLG89LbPD+HVK1DEu6fxyS0LtyPduzdqY2z/iO+omG3Pr
WfUQSAdFoyBALMaVWQiCJqsTn+pmsQXlmR0mDyEPtS5SgplThaj+t27p7UQB+MgI
0GQlQ3DaPxsNl4EbKl3kFxAgsOtWRL7sVUpmwclpezYBZjYUIjekltLbDr0B6T5q
75SUY2nqJ3xAKUo48AbdSgbvi5KYrQJgoDxsU0yhW67HomHuDhjG+EaAxi9VOCoz
hNqapGmuw4qh4gdscZtW/ZM=
-----END CERTIFICATE-----

80
programs/ssl/test-ca/newcerts/0F.pem Normal file
View File

@ -0,0 +1,80 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15 (0xf)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
Validity
Not Before: Feb 7 16:06:36 2012 GMT
Not After : Feb 7 16:06:36 2022 GMT
Subject: C=NL, O=PolarSSL, CN=www.example.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b9:3c:4a:c5:c8:a3:8e:90:17:a4:9e:52:aa:71:
75:26:61:80:e7:c7:b5:6d:8c:ff:aa:b6:41:26:b7:
be:11:ad:5c:73:16:0c:64:11:48:04:ff:d6:e1:3b:
05:db:89:bb:b3:97:09:d5:1c:14:dd:68:87:39:b0:
3d:71:cb:e2:76:d0:1a:d8:18:2d:80:1b:54:f6:e5:
44:9a:f1:cb:af:61:2e:df:49:0d:9d:09:b7:ed:b1:
fd:3c:fd:3c:fa:24:cf:5d:bf:7c:e4:53:e7:25:b5:
ea:44:22:e9:26:d3:ea:20:94:9e:e6:61:67:ba:2e:
07:67:0b:03:2f:a2:09:ed:f0:33:8f:0b:ce:10:ef:
67:a4:c6:08:da:c1:ed:c2:3f:d7:4a:dd:15:3d:f9:
5e:1c:81:60:46:3e:b5:b3:3d:2f:a6:de:47:1c:bc:
92:ae:eb:df:27:6b:16:56:b7:dc:ec:d1:55:57:a5:
6e:ec:75:25:f5:b7:7b:df:ab:d2:3a:5a:91:98:7d:
97:17:0b:13:0a:a7:6b:4a:8b:c1:47:30:fb:3a:f8:
41:04:d5:c1:df:b8:1d:bf:7b:01:a5:65:a2:e0:1e:
36:b7:a6:5c:cc:30:5a:f8:cd:6f:cd:f1:19:62:25:
ca:01:e3:35:7f:fa:20:f5:dc:fd:69:b2:6a:00:7d:
17:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
7D:E4:9C:6B:E6:F9:71:7D:46:D2:12:3D:AD:6B:1D:FD:C2:AA:78:4C
X509v3 Authority Key Identifier:
keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
X509v3 Subject Alternative Name:
DNS:www.example.com, DNS:example.com, DNS:example.net
Signature Algorithm: sha1WithRSAEncryption
35:06:02:c6:0a:87:d5:02:5e:fa:74:71:50:bc:ac:8d:b2:c1:
00:18:7f:a5:bc:41:c3:fe:69:44:77:3b:2d:62:99:32:5d:c6:
5b:bc:f4:d6:9e:7c:3d:71:ef:46:d9:a9:ee:df:c2:d0:e1:e4:
ba:23:60:96:8a:18:f7:dd:1b:2b:60:fc:b6:19:83:73:97:e8:
99:50:e2:58:81:10:14:ab:8e:e1:64:0a:b5:15:aa:49:c6:dc:
0b:83:34:c5:3c:d4:ee:80:6a:90:db:41:3e:62:81:b8:fb:9e:
32:48:89:80:06:64:52:70:2e:66:31:2f:02:1d:c2:da:47:c1:
7d:ad:48:10:c8:b0:62:76:aa:e5:40:f7:1a:34:75:4b:b3:be:
69:75:dc:72:e0:f6:c2:b8:0a:01:2d:57:6f:26:fc:0f:50:e3:
8d:17:48:a0:5f:83:b3:c1:e7:b2:e4:00:10:90:bb:5f:58:f5:
66:8c:ec:17:82:5a:97:0d:b8:0f:ce:2d:5e:2a:5b:36:bc:e0:
f1:29:77:44:46:17:93:cc:c3:58:5c:c0:ea:01:23:cc:5b:cf:
c4:a2:af:01:24:0f:b5:d3:22:45:c3:a3:ff:0f:4d:b7:bb:96:
01:b4:7b:cc:c4:5e:c7:5f:ed:65:38:3a:1f:58:2c:87:7d:a4:
92:a4:3e:79
-----BEGIN CERTIFICATE-----
MIIDdTCCAl2gAwIBAgIBDzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
MTIwMjA3MTYwNjM2WhcNMjIwMjA3MTYwNjM2WjA6MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxGDAWBgNVBAMTD3d3dy5leGFtcGxlLmNvbTCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBALk8SsXIo46QF6SeUqpxdSZhgOfHtW2M
/6q2QSa3vhGtXHMWDGQRSAT/1uE7BduJu7OXCdUcFN1ohzmwPXHL4nbQGtgYLYAb
VPblRJrxy69hLt9JDZ0Jt+2x/Tz9PPokz12/fORT5yW16kQi6SbT6iCUnuZhZ7ou
B2cLAy+iCe3wM48LzhDvZ6TGCNrB7cI/10rdFT35XhyBYEY+tbM9L6beRxy8kq7r
3ydrFla33OzRVVelbux1JfW3e9+r0jpakZh9lxcLEwqna0qLwUcw+zr4QQTVwd+4
Hb97AaVlouAeNremXMwwWvjNb83xGWIlygHjNX/6IPXc/WmyagB9F/cCAwEAAaOB
hDCBgTAJBgNVHRMEAjAAMB0GA1UdDgQWBBR95Jxr5vlxfUbSEj2tax39wqp4TDAf
BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zA0BgNVHREELTArgg93d3cu
ZXhhbXBsZS5jb22CC2V4YW1wbGUuY29tggtleGFtcGxlLm5ldDANBgkqhkiG9w0B
AQUFAAOCAQEANQYCxgqH1QJe+nRxULysjbLBABh/pbxBw/5pRHc7LWKZMl3GW7z0
1p58PXHvRtmp7t/C0OHkuiNglooY990bK2D8thmDc5fomVDiWIEQFKuO4WQKtRWq
ScbcC4M0xTzU7oBqkNtBPmKBuPueMkiJgAZkUnAuZjEvAh3C2kfBfa1IEMiwYnaq
5UD3GjR1S7O+aXXccuD2wrgKAS1Xbyb8D1DjjRdIoF+Ds8HnsuQAEJC7X1j1Zozs
F4Jalw24D84tXipbNrzg8Sl3REYXk8zDWFzA6gEjzFvPxKKvASQPtdMiRcOj/w9N
t7uWAbR7zMRex1/tZTg6H1gsh32kkqQ+eQ==
-----END CERTIFICATE-----

2
programs/ssl/test-ca/serial
View File

@ -1 +1 @@
0C
10

1
programs/ssl/test-ca/sslconf.txt
View File

@ -23,6 +23,7 @@ default_days = 3653
default_md = sha1
policy = my_policy
x509_extensions = v3_usr
copy_extensions = copy
[ my_policy ]
countryName = supplied

80
tests/data_files/cert_example_multi.crt Normal file
View File

@ -0,0 +1,80 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15 (0xf)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
Validity
Not Before: Feb 7 16:06:36 2012 GMT
Not After : Feb 7 16:06:36 2022 GMT
Subject: C=NL, O=PolarSSL, CN=www.example.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b9:3c:4a:c5:c8:a3:8e:90:17:a4:9e:52:aa:71:
75:26:61:80:e7:c7:b5:6d:8c:ff:aa:b6:41:26:b7:
be:11:ad:5c:73:16:0c:64:11:48:04:ff:d6:e1:3b:
05:db:89:bb:b3:97:09:d5:1c:14:dd:68:87:39:b0:
3d:71:cb:e2:76:d0:1a:d8:18:2d:80:1b:54:f6:e5:
44:9a:f1:cb:af:61:2e:df:49:0d:9d:09:b7:ed:b1:
fd:3c:fd:3c:fa:24:cf:5d:bf:7c:e4:53:e7:25:b5:
ea:44:22:e9:26:d3:ea:20:94:9e:e6:61:67:ba:2e:
07:67:0b:03:2f:a2:09:ed:f0:33:8f:0b:ce:10:ef:
67:a4:c6:08:da:c1:ed:c2:3f:d7:4a:dd:15:3d:f9:
5e:1c:81:60:46:3e:b5:b3:3d:2f:a6:de:47:1c:bc:
92:ae:eb:df:27:6b:16:56:b7:dc:ec:d1:55:57:a5:
6e:ec:75:25:f5:b7:7b:df:ab:d2:3a:5a:91:98:7d:
97:17:0b:13:0a:a7:6b:4a:8b:c1:47:30:fb:3a:f8:
41:04:d5:c1:df:b8:1d:bf:7b:01:a5:65:a2:e0:1e:
36:b7:a6:5c:cc:30:5a:f8:cd:6f:cd:f1:19:62:25:
ca:01:e3:35:7f:fa:20:f5:dc:fd:69:b2:6a:00:7d:
17:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
7D:E4:9C:6B:E6:F9:71:7D:46:D2:12:3D:AD:6B:1D:FD:C2:AA:78:4C
X509v3 Authority Key Identifier:
keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
X509v3 Subject Alternative Name:
DNS:www.example.com, DNS:example.com, DNS:example.net
Signature Algorithm: sha1WithRSAEncryption
35:06:02:c6:0a:87:d5:02:5e:fa:74:71:50:bc:ac:8d:b2:c1:
00:18:7f:a5:bc:41:c3:fe:69:44:77:3b:2d:62:99:32:5d:c6:
5b:bc:f4:d6:9e:7c:3d:71:ef:46:d9:a9:ee:df:c2:d0:e1:e4:
ba:23:60:96:8a:18:f7:dd:1b:2b:60:fc:b6:19:83:73:97:e8:
99:50:e2:58:81:10:14:ab:8e:e1:64:0a:b5:15:aa:49:c6:dc:
0b:83:34:c5:3c:d4:ee:80:6a:90:db:41:3e:62:81:b8:fb:9e:
32:48:89:80:06:64:52:70:2e:66:31:2f:02:1d:c2:da:47:c1:
7d:ad:48:10:c8:b0:62:76:aa:e5:40:f7:1a:34:75:4b:b3:be:
69:75:dc:72:e0:f6:c2:b8:0a:01:2d:57:6f:26:fc:0f:50:e3:
8d:17:48:a0:5f:83:b3:c1:e7:b2:e4:00:10:90:bb:5f:58:f5:
66:8c:ec:17:82:5a:97:0d:b8:0f:ce:2d:5e:2a:5b:36:bc:e0:
f1:29:77:44:46:17:93:cc:c3:58:5c:c0:ea:01:23:cc:5b:cf:
c4:a2:af:01:24:0f:b5:d3:22:45:c3:a3:ff:0f:4d:b7:bb:96:
01:b4:7b:cc:c4:5e:c7:5f:ed:65:38:3a:1f:58:2c:87:7d:a4:
92:a4:3e:79
-----BEGIN CERTIFICATE-----
MIIDdTCCAl2gAwIBAgIBDzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
MTIwMjA3MTYwNjM2WhcNMjIwMjA3MTYwNjM2WjA6MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxGDAWBgNVBAMTD3d3dy5leGFtcGxlLmNvbTCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBALk8SsXIo46QF6SeUqpxdSZhgOfHtW2M
/6q2QSa3vhGtXHMWDGQRSAT/1uE7BduJu7OXCdUcFN1ohzmwPXHL4nbQGtgYLYAb
VPblRJrxy69hLt9JDZ0Jt+2x/Tz9PPokz12/fORT5yW16kQi6SbT6iCUnuZhZ7ou
B2cLAy+iCe3wM48LzhDvZ6TGCNrB7cI/10rdFT35XhyBYEY+tbM9L6beRxy8kq7r
3ydrFla33OzRVVelbux1JfW3e9+r0jpakZh9lxcLEwqna0qLwUcw+zr4QQTVwd+4
Hb97AaVlouAeNremXMwwWvjNb83xGWIlygHjNX/6IPXc/WmyagB9F/cCAwEAAaOB
hDCBgTAJBgNVHRMEAjAAMB0GA1UdDgQWBBR95Jxr5vlxfUbSEj2tax39wqp4TDAf
BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zA0BgNVHREELTArgg93d3cu
ZXhhbXBsZS5jb22CC2V4YW1wbGUuY29tggtleGFtcGxlLm5ldDANBgkqhkiG9w0B
AQUFAAOCAQEANQYCxgqH1QJe+nRxULysjbLBABh/pbxBw/5pRHc7LWKZMl3GW7z0
1p58PXHvRtmp7t/C0OHkuiNglooY990bK2D8thmDc5fomVDiWIEQFKuO4WQKtRWq
ScbcC4M0xTzU7oBqkNtBPmKBuPueMkiJgAZkUnAuZjEvAh3C2kfBfa1IEMiwYnaq
5UD3GjR1S7O+aXXccuD2wrgKAS1Xbyb8D1DjjRdIoF+Ds8HnsuQAEJC7X1j1Zozs
F4Jalw24D84tXipbNrzg8Sl3REYXk8zDWFzA6gEjzFvPxKKvASQPtdMiRcOj/w9N
t7uWAbR7zMRex1/tZTg6H1gsh32kkqQ+eQ==
-----END CERTIFICATE-----

77
tests/data_files/cert_example_wildcard.crt Normal file
View File

@ -0,0 +1,77 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 12 (0xc)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
Validity
Not Before: Feb 7 16:06:36 2012 GMT
Not After : Feb 7 16:06:36 2022 GMT
Subject: C=NL, O=PolarSSL, CN=*.example.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b9:3c:4a:c5:c8:a3:8e:90:17:a4:9e:52:aa:71:
75:26:61:80:e7:c7:b5:6d:8c:ff:aa:b6:41:26:b7:
be:11:ad:5c:73:16:0c:64:11:48:04:ff:d6:e1:3b:
05:db:89:bb:b3:97:09:d5:1c:14:dd:68:87:39:b0:
3d:71:cb:e2:76:d0:1a:d8:18:2d:80:1b:54:f6:e5:
44:9a:f1:cb:af:61:2e:df:49:0d:9d:09:b7:ed:b1:
fd:3c:fd:3c:fa:24:cf:5d:bf:7c:e4:53:e7:25:b5:
ea:44:22:e9:26:d3:ea:20:94:9e:e6:61:67:ba:2e:
07:67:0b:03:2f:a2:09:ed:f0:33:8f:0b:ce:10:ef:
67:a4:c6:08:da:c1:ed:c2:3f:d7:4a:dd:15:3d:f9:
5e:1c:81:60:46:3e:b5:b3:3d:2f:a6:de:47:1c:bc:
92:ae:eb:df:27:6b:16:56:b7:dc:ec:d1:55:57:a5:
6e:ec:75:25:f5:b7:7b:df:ab:d2:3a:5a:91:98:7d:
97:17:0b:13:0a:a7:6b:4a:8b:c1:47:30:fb:3a:f8:
41:04:d5:c1:df:b8:1d:bf:7b:01:a5:65:a2:e0:1e:
36:b7:a6:5c:cc:30:5a:f8:cd:6f:cd:f1:19:62:25:
ca:01:e3:35:7f:fa:20:f5:dc:fd:69:b2:6a:00:7d:
17:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
7D:E4:9C:6B:E6:F9:71:7D:46:D2:12:3D:AD:6B:1D:FD:C2:AA:78:4C
X509v3 Authority Key Identifier:
keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
Signature Algorithm: sha1WithRSAEncryption
91:b3:84:5c:5d:60:f2:a5:0a:4a:dc:d6:c6:75:da:34:52:72:
6c:0e:60:4f:ef:0e:55:f3:4b:bf:d0:40:e7:91:2c:a7:94:8f:
3d:db:0a:ec:b2:f5:83:a7:a1:33:61:96:37:57:14:80:5b:e7:
bc:e1:d3:2c:36:32:6f:ef:7a:00:99:33:15:fc:38:20:df:74:
7d:3d:0f:81:d0:b4:fd:b6:46:f1:c5:b8:bc:de:74:a2:41:a7:
c8:51:da:20:12:82:3e:0c:8c:48:da:19:b6:52:e9:4f:67:c1:
28:9e:20:b6:ce:be:89:bd:64:d7:05:3e:87:af:ba:2b:5d:aa:
fe:62:66:fb:a6:75:ad:89:a1:18:e8:78:54:ea:df:0a:85:e9:
32:32:a8:1a:cd:35:81:f8:a8:da:d1:16:8a:63:e7:67:da:6e:
e1:3b:1c:31:20:99:ee:e2:b2:fb:82:c5:21:e2:63:4c:61:15:
4d:53:ad:dd:15:7f:0b:b6:33:43:ad:27:8a:b1:af:93:17:72:
c4:be:31:26:93:3c:7d:fc:d5:3d:cf:0b:be:c5:7b:e9:b4:f8:
f3:30:f2:f5:a2:27:eb:9a:71:fc:7f:79:5e:88:c5:a6:2d:33:
57:ba:38:06:e6:ad:0b:96:97:9d:cc:94:7b:83:09:17:a6:ee:
ce:bb:0f:36
-----BEGIN CERTIFICATE-----
MIIDOzCCAiOgAwIBAgIBDDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
MTIwMjA3MTYwNjM2WhcNMjIwMjA3MTYwNjM2WjA4MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxFjAUBgNVBAMUDSouZXhhbXBsZS5jb20wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5PErFyKOOkBeknlKqcXUmYYDnx7VtjP+q
tkEmt74RrVxzFgxkEUgE/9bhOwXbibuzlwnVHBTdaIc5sD1xy+J20BrYGC2AG1T2
5USa8cuvYS7fSQ2dCbftsf08/Tz6JM9dv3zkU+cltepEIukm0+oglJ7mYWe6Lgdn
CwMvognt8DOPC84Q72ekxgjawe3CP9dK3RU9+V4cgWBGPrWzPS+m3kccvJKu698n
axZWt9zs0VVXpW7sdSX1t3vfq9I6WpGYfZcXCxMKp2tKi8FHMPs6+EEE1cHfuB2/
ewGlZaLgHja3plzMMFr4zW/N8RliJcoB4zV/+iD13P1psmoAfRf3AgMBAAGjTTBL
MAkGA1UdEwQCMAAwHQYDVR0OBBYEFH3knGvm+XF9RtISPa1rHf3CqnhMMB8GA1Ud
IwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBBQUAA4IBAQCR
s4RcXWDypQpK3NbGddo0UnJsDmBP7w5V80u/0EDnkSynlI892wrssvWDp6EzYZY3
VxSAW+e84dMsNjJv73oAmTMV/Dgg33R9PQ+B0LT9tkbxxbi83nSiQafIUdogEoI+
DIxI2hm2UulPZ8EoniC2zr6JvWTXBT6Hr7orXar+Ymb7pnWtiaEY6HhU6t8Kheky
MqgazTWB+Kja0RaKY+dn2m7hOxwxIJnu4rL7gsUh4mNMYRVNU63dFX8LtjNDrSeK
sa+TF3LEvjEmkzx9/NU9zwu+xXvptPjzMPL1oifrmnH8f3leiMWmLTNXujgG5q0L
lpedzJR7gwkXpu7Ouw82
-----END CERTIFICATE-----

32
tests/suites/test_suite_x509parse.data
View File

@ -234,6 +234,38 @@ X509 Certificate verification #20 (Not trusted Cert, allowing callback)
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO
x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl_expired.pem":NULL:0:0:&verify_all
X509 Certificate verification #21 (domain matching wildcard certificate)
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO
x509_verify:"data_files/cert_example_wildcard.crt":"data_files/test-ca.crt":"data_files/crl.pem":"mail.example.com":0:0:NULL
X509 Certificate verification #22 (domain not matching wildcard certificate)
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO
x509_verify:"data_files/cert_example_wildcard.crt":"data_files/test-ca.crt":"data_files/crl.pem":"mail.example.net":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_CN_MISMATCH:NULL
X509 Certificate verification #23 (domain not matching wildcard certificate)
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO
x509_verify:"data_files/cert_example_wildcard.crt":"data_files/test-ca.crt":"data_files/crl.pem":"example.com":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_CN_MISMATCH:NULL
X509 Certificate verification #24 (domain matching multi certificate)
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO
x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"www.example.com":0:0:NULL
X509 Certificate verification #25 (domain matching multi certificate)
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO
x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"example.net":0:0:NULL
X509 Certificate verification #26 (domain not matching multi certificate)
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO
x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"www.example.net":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_CN_MISMATCH:NULL
X509 Certificate verification #27 (domain not matching multi certificate)
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO
x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"xample.net":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_CN_MISMATCH:NULL
X509 Certificate verification #27 (domain not matching multi certificate)
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO
x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"bexample.net":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_CN_MISMATCH:NULL
X509 Parse Selftest
depends_on:POLARSSL_MD5_C:POLARSSL_PEM_C:POLARSSL_SELF_TEST
x509_selftest: