├── .github └── workflows │ ├── .linux.yml.un~ │ ├── .macos.yml.un~ │ ├── lint.yml │ ├── linux.yml │ └── macos.yml ├── .gitmodules ├── LICENSE.md ├── README.md ├── build.zig ├── src ├── SslServer.zig ├── SslStream.zig ├── async_test.zig ├── main.zig ├── normal_test.zig ├── test_files │ ├── root.pem │ ├── server.crt │ └── server.key └── tls_config.zig └── test └── CA ├── LICENSE ├── Makefile ├── README.md ├── chain.pem ├── client.crt ├── client.key ├── intermediate ├── certs │ ├── client.crt │ ├── intermediate.cert.pem │ ├── ocsp-localhost.pem │ ├── revoked.crt │ └── server.crt ├── crl │ └── intermediate.crl.pem ├── crlnumber ├── crlnumber.old ├── csr │ ├── client.pem │ ├── intermediate.csr.pem │ ├── ocsp-localhost.csr.pem │ ├── revoked.pem │ └── server.pem ├── index.txt ├── index.txt.attr ├── index.txt.attr.old ├── index.txt.old ├── newcerts │ ├── 1000.pem │ ├── 1001.pem │ ├── 1002.pem │ └── 1003.pem ├── openssl.cnf ├── private │ ├── client.key │ ├── intermediate.key.pem │ ├── ocsp-localhost.key.pem │ ├── revoked.key │ └── server.key ├── serial └── serial.old ├── makecert.sh ├── ocspfetch.sh ├── ocspserver.sh ├── openssl-intermediate.cnf ├── openssl-root.cnf ├── revoked.crt ├── revoked.key ├── root.pem ├── root ├── certs │ └── ca.cert.pem ├── index.txt ├── index.txt.attr ├── index.txt.old ├── newcerts │ └── 1000.pem ├── openssl.cnf ├── private │ └── ca.key.pem ├── serial └── serial.old ├── server.crt └── server.key /.github/workflows/.linux.yml.un~: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/haze/zig-libressl/6ff30e2f4a916bd5020405f36d25803ed96db06c/.github/workflows/.linux.yml.un~ -------------------------------------------------------------------------------- /.github/workflows/.macos.yml.un~: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/haze/zig-libressl/6ff30e2f4a916bd5020405f36d25803ed96db06c/.github/workflows/.macos.yml.un~ -------------------------------------------------------------------------------- /.github/workflows/lint.yml: -------------------------------------------------------------------------------- 1 | name: Lint 2 | 3 | on: 4 | push: 5 | branches: [ main ] 6 | pull_request: 7 | branches: [ main ] 8 | schedule: 9 | - cron: "0 7 * * *" 10 | 11 | jobs: 12 | lint: 13 | runs-on: ubuntu-latest 14 | steps: 15 | - name: Checkout 16 | uses: actions/checkout@v2 17 | with: 18 | submodules: recursive 19 | 20 | - name: Setup Zig 21 | uses: goto-bus-stop/setup-zig@v1 22 | with: 23 | version: master 24 | 25 | - name: Lint Source 26 | run: zig fmt src 27 | 28 | - name: Lint Build 29 | run: zig fmt build.zig -------------------------------------------------------------------------------- /.github/workflows/linux.yml: -------------------------------------------------------------------------------- 1 | name: Linux 2 | 3 | on: 4 | push: 5 | branches: [ main ] 6 | pull_request: 7 | branches: [ main ] 8 | schedule: 9 | - cron: "0 7 * * *" 10 | 11 | jobs: 12 | test: 13 | runs-on: ubuntu-latest 14 | steps: 15 | - name: Checkout 16 | uses: actions/checkout@v2 17 | with: 18 | submodules: recursive 19 | 20 | - name: Setup Zig 21 | uses: goto-bus-stop/setup-zig@v1 22 | with: 23 | version: master 24 | 25 | - name: Install Automake 26 | run: sudo apt-get install -y automake 27 | 28 | - name: Test 29 | run: zig build --verbose-cc --verbose test 30 | -------------------------------------------------------------------------------- /.github/workflows/macos.yml: -------------------------------------------------------------------------------- 1 | name: MacOS 2 | 3 | on: 4 | push: 5 | branches: [ main ] 6 | pull_request: 7 | branches: [ main ] 8 | schedule: 9 | - cron: "0 7 * * *" 10 | 11 | jobs: 12 | test: 13 | runs-on: macos-latest 14 | steps: 15 | - name: Checkout 16 | uses: actions/checkout@v2 17 | with: 18 | submodules: recursive 19 | 20 | - name: Setup Zig 21 | uses: goto-bus-stop/setup-zig@v1 22 | with: 23 | version: master 24 | 25 | - name: Install Autotmake 26 | run: brew install automake 27 | 28 | - name: Test 29 | run: zig build --verbose-cc --verbose test 30 | -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "libressl"] 2 | path = libressl 3 | url = git@github.com:haze/libressl 4 | -------------------------------------------------------------------------------- /LICENSE.md: -------------------------------------------------------------------------------- 1 | Copyright 2021 Haze Booth 2 | 3 | Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 4 | 5 | 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 6 | 7 | 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 8 | 9 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 10 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 |

Zig-LibreSSL

2 |

3 | 4 |

5 | 6 |

7 | Zig-LibreSSL is an idiomatic zig wrapper around LibreSSL's libTLS for `std.net.Stream` 8 |

9 | 10 | ## Project status 11 | 12 | Zig-LibreSSL is currently a work in progress. I've hand verified that simple 13 | message transactions work, along with use in a homebrewed HTTP client, but there 14 | is still much more to test! Please feel free to open issues for features you 15 | want, or bugs that you encounter. 16 | 17 | ## Quickstart Client 18 | 19 | ```zig 20 | const std = @import("std"); 21 | 22 | pub fn main() !void { 23 | var gpa = std.heap.GeneralPurposeAllocator(.{}){}; 24 | defer _ = gpa.deinit(); 25 | 26 | var tls_configuration = (TlsConfigurationParams{}).build() catch unreachable; 27 | 28 | var connection = try std.net.tcpConnectToHost(&gpa.allocator, "haz.ee", 443); 29 | var ssl_connection = try SslStream.wrapClientStream(tls_configuration, connection, "haz.ee"); 30 | defer ssl_connection.deinit(); 31 | 32 | var writer = ssl_connection.writer(); 33 | var reader = ssl_connection.reader(); 34 | 35 | try writer.writeAll("GET / HTTP/1.1\n\n"); 36 | 37 | while (try reader.readUntilDelimiterOrEofAlloc(&gpa.allocator, '\n', std.math.maxInt(usize))) |line| { 38 | std.debug.print("{s}\n", .{line}); 39 | defer gpa.allocator.free(line); 40 | if (std.mem.eql(u8, line, "")) break; 41 | } 42 | } 43 | ``` 44 | 45 | ## Quickstart Server 46 | 47 | ```zig 48 | const std = @import("std"); 49 | 50 | pub fn main() !void { 51 | var gpa = std.heap.GeneralPurposeAllocator(.{}){}; 52 | defer _ = gpa.deinit(); 53 | 54 | var tls_configuration = try (TlsConfigurationParams{ 55 | .ca = .{ .memory = @embedFile("test_files/root.pem") }, 56 | .cert = .{ .memory = @embedFile("test_files/server.crt") }, 57 | .key = .{ .memory = @embedFile("test_files/server.key") }, 58 | }).build(); 59 | 60 | var stream_server = std.net.StreamServer.init(.{}); 61 | try stream_server.listen(std.net.Address.parseIp("127.0.0.1", 0) catch unreachable); 62 | std.debug.print("Listening on :{}", .{stream_server.listen_address.getPort()}); 63 | 64 | var ssl_server = try SslServer.wrap(tls_configuration, stream_server); 65 | defer ssl_server.deinit(); 66 | 67 | var visitor_count: u64 = 0; 68 | while (visitor_count < 100) : (visitor_count += 1) { 69 | var ssl_connection = try ssl_server.accept(); 70 | defer ssl_connection.deinit(); 71 | 72 | var writer = ssl_connection.writer(); 73 | try writer.print("You are visitor no. {}!\n", .{visitor_count}); 74 | } 75 | } 76 | ``` 77 | 78 | ## TODOS 79 | 80 | Please see the todos in `src/main.zig` 81 | -------------------------------------------------------------------------------- /build.zig: -------------------------------------------------------------------------------- 1 | const std = @import("std"); 2 | const out = std.log.scoped(.libressl); 3 | const builtin = @import("builtin"); 4 | 5 | fn isProgramAvailable(builder: *std.build.Builder, program_name: []const u8) !bool { 6 | const env_map = try std.process.getEnvMap(builder.allocator); 7 | const path_var = env_map.get("PATH") orelse return false; 8 | var path_iter = std.mem.tokenize(u8, path_var, if (builtin.os.tag == .windows) ";" else ":"); 9 | while (path_iter.next()) |path| { 10 | var dir = std.fs.cwd().openIterableDir(path, .{}) catch continue; 11 | defer dir.close(); 12 | 13 | var dir_iterator = dir.iterate(); 14 | while (try dir_iterator.next()) |dir_item| { 15 | if (std.mem.eql(u8, dir_item.name, program_name)) return true; 16 | } 17 | } 18 | return false; 19 | } 20 | 21 | pub fn useLibreSslForStep( 22 | builder: *std.build.Builder, 23 | target: std.zig.CrossTarget, 24 | mode: std.builtin.Mode, 25 | libressl_source_root: []const u8, 26 | rich_step: *std.build.LibExeObjStep, 27 | use_system_libressl: bool, 28 | ) !void { 29 | if (use_system_libressl) { 30 | rich_step.linkSystemLibrary("crypto"); 31 | rich_step.linkSystemLibrary("ssl"); 32 | rich_step.linkSystemLibrary("tls"); 33 | } else { 34 | try @import("libressl/build.zig").linkStepWithLibreSsl(builder, target, mode, libressl_source_root, rich_step); 35 | } 36 | } 37 | 38 | pub fn build(b: *std.build.Builder) !void { 39 | const target = b.standardTargetOptions(.{}); 40 | const mode = b.standardReleaseOptions(); 41 | 42 | var lib = b.addStaticLibrary("zig-libressl", "src/main.zig"); 43 | lib.linkLibC(); 44 | lib.setBuildMode(mode); 45 | lib.install(); 46 | 47 | const use_system_libressl = b.option(bool, "use-system-libressl", "Link and build from the system installed copy of LibreSSL instead of building it from source") orelse false; 48 | 49 | var main_tests = b.addTest("src/normal_test.zig"); 50 | main_tests.setBuildMode(mode); 51 | try useLibreSslForStep(b, target, mode, "./libressl", main_tests, use_system_libressl); 52 | 53 | // TODO(haze): re-enable async tests when zig gets async again 54 | // var async_tests = b.addTest("src/async_test.zig"); 55 | // async_tests.use_stage1 = true; 56 | // async_tests.test_evented_io = true; 57 | // async_tests.setBuildMode(mode); 58 | // try useLibreSslForStep(b, target, mode, "./libressl", async_tests, use_system_libressl); 59 | 60 | const test_step = b.step("test", "Run library tests"); 61 | test_step.dependOn(&main_tests.step); 62 | // test_step.dependOn(&async_tests.step); 63 | } 64 | -------------------------------------------------------------------------------- /src/SslServer.zig: -------------------------------------------------------------------------------- 1 | const std = @import("std"); 2 | const root = @import("main.zig"); 3 | const tls = root.tls; 4 | 5 | const Self = @This(); 6 | 7 | tcp_server: std.net.StreamServer, 8 | tls_configuration: root.TlsConfiguration, 9 | tls_context: *tls.tls, 10 | 11 | const WrapError = error{ OutOfMemory, BadTlsConfiguration }; 12 | 13 | pub fn wrap(tls_configuration: root.TlsConfiguration, tcp_server: std.net.StreamServer) WrapError!Self { 14 | var maybe_tls_context = tls.tls_server(); 15 | if (maybe_tls_context == null) return error.OutOfMemory; 16 | errdefer root.out.warn("{s}", .{tls.tls_error(maybe_tls_context.?)}); 17 | 18 | var tls_context = maybe_tls_context.?; 19 | if (tls.tls_configure(tls_context, tls_configuration.config) == -1) 20 | return error.BadTlsConfiguration; 21 | 22 | return Self{ 23 | .tcp_server = tcp_server, 24 | .tls_configuration = tls_configuration, 25 | .tls_context = tls_context, 26 | }; 27 | } 28 | 29 | pub fn accept(self: *Self) !root.SslStream { 30 | var connection = try self.tcp_server.accept(); 31 | errdefer connection.stream.close(); 32 | 33 | // seems like we need a new tls context for each connection so that we don't close the server's 34 | // context 35 | var new_tls_context: ?*tls.tls = null; 36 | 37 | if (tls.tls_accept_socket(self.tls_context, @ptrCast([*c]?*tls.tls, &new_tls_context), connection.stream.handle) == -1) 38 | return error.TlsAcceptSocket; 39 | 40 | return root.SslStream.wrapServerStream(self.tls_configuration, new_tls_context.?, connection); 41 | } 42 | 43 | pub fn deinit(self: *Self) void { 44 | self.tcp_server.deinit(); 45 | self.* = undefined; 46 | } 47 | -------------------------------------------------------------------------------- /src/SslStream.zig: -------------------------------------------------------------------------------- 1 | const std = @import("std"); 2 | const out = std.log.scoped(.ssl_stream); 3 | const root = @import("main.zig"); 4 | const tls = root.tls; 5 | 6 | const Self = @This(); 7 | 8 | tls_configuration: root.TlsConfiguration, 9 | tls_context: *tls.tls, 10 | tcp_stream: std.net.Stream, 11 | address: ?std.net.Address = null, 12 | 13 | const WrapError = error{ OutOfMemory, BadTlsConfiguration, TlsConnectSocket, TlsAcceptSocket }; 14 | 15 | pub fn wrapClientStream( 16 | tls_configuration: root.TlsConfiguration, 17 | tcp_stream: std.net.Stream, 18 | server_name: []const u8, 19 | ) WrapError!Self { 20 | var maybe_tls_context = tls.tls_client(); 21 | if (maybe_tls_context == null) return error.OutOfMemory; 22 | 23 | var tls_context = maybe_tls_context.?; 24 | if (tls.tls_configure(tls_context, tls_configuration.config) == -1) 25 | return error.BadTlsConfiguration; 26 | 27 | if (tls.tls_connect_socket(tls_context, tcp_stream.handle, server_name.ptr) == -1) 28 | return error.TlsConnectSocket; 29 | 30 | return Self{ 31 | .tls_configuration = tls_configuration, 32 | .tls_context = tls_context, 33 | .tcp_stream = tcp_stream, 34 | }; 35 | } 36 | 37 | pub fn wrapServerStream(tls_configuration: root.TlsConfiguration, tls_context: *tls.tls, connection: std.net.StreamServer.Connection) WrapError!Self { 38 | return Self{ 39 | .tls_configuration = tls_configuration, 40 | .tls_context = tls_context, 41 | .tcp_stream = connection.stream, 42 | .address = connection.address, 43 | }; 44 | } 45 | 46 | pub fn deinit(self: *Self) void { 47 | root.closeTlsContext(self.tls_context, self.tcp_stream.handle) catch |e| { 48 | root.out.err("Failed to call tls_close on client: {} ({s})", .{ e, tls.tls_error(self.tls_context) }); 49 | }; 50 | tls.tls_free(self.tls_context); 51 | self.tcp_stream.close(); 52 | self.* = undefined; 53 | } 54 | 55 | pub const ReadError = error{ReadFailure}; 56 | pub const Reader = std.io.Reader(Self, ReadError, Self.read); 57 | pub fn read(self: Self, buffer: []u8) ReadError!usize { 58 | var output = attemptTlsFunction(.read, tls.tls_read, self.tls_context, buffer, self.tcp_stream.handle); 59 | if (output == -1) { 60 | if (@import("builtin").mode == .Debug) { 61 | out.err("libtls read error: {s}", .{ 62 | std.mem.span(tls.tls_error(self.tls_context)), 63 | }); 64 | } 65 | return error.ReadFailure; 66 | } 67 | return @intCast(usize, output); 68 | } 69 | pub fn reader(self: Self) Reader { 70 | return Reader{ .context = self }; 71 | } 72 | 73 | pub const WriteError = error{WriteFailure}; 74 | pub const Writer = std.io.Writer(Self, WriteError, Self.write); 75 | 76 | const tls_func_kind = enum { read, write }; 77 | fn attemptTlsFunction( 78 | comptime tls_function_kind: tls_func_kind, 79 | function: switch (tls_function_kind) { 80 | .read => fn (?*tls.tls, ?*anyopaque, usize) callconv(.C) isize, 81 | .write => fn (?*tls.tls, ?*const anyopaque, usize) callconv(.C) isize, 82 | }, 83 | tls_context: *tls.tls, 84 | buffer: switch (tls_function_kind) { 85 | .read => []u8, 86 | .write => []const u8, 87 | }, 88 | fd: std.os.socket_t, 89 | ) isize { 90 | var output = function(tls_context, buffer.ptr, buffer.len); 91 | if (std.io.is_async) { 92 | while (output == tls.TLS_WANT_POLLIN or output == tls.TLS_WANT_POLLOUT) { 93 | if (output == tls.TLS_WANT_POLLIN) { 94 | std.event.Loop.instance.?.waitUntilFdReadable(fd); 95 | } else { 96 | std.event.Loop.instance.?.waitUntilFdWritable(fd); 97 | } 98 | output = function(tls_context, buffer.ptr, buffer.len); 99 | } 100 | } else { 101 | while (output == tls.TLS_WANT_POLLIN or output == tls.TLS_WANT_POLLOUT) { 102 | output = function(tls_context, buffer.ptr, buffer.len); 103 | } 104 | } 105 | return output; 106 | } 107 | 108 | pub fn write(self: Self, buffer: []const u8) WriteError!usize { 109 | var output = attemptTlsFunction(.write, tls.tls_write, self.tls_context, buffer, self.tcp_stream.handle); 110 | if (output == -1) { 111 | if (@import("builtin").mode == .Debug) { 112 | out.err("libtls write error: {s}", .{ 113 | std.mem.span(tls.tls_error(self.tls_context)), 114 | }); 115 | } 116 | return error.WriteFailure; 117 | } 118 | return @intCast(usize, output); 119 | } 120 | pub fn writer(self: Self) Writer { 121 | return Writer{ .context = self }; 122 | } 123 | -------------------------------------------------------------------------------- /src/async_test.zig: -------------------------------------------------------------------------------- 1 | const std = @import("std"); 2 | const libressl = @import("main.zig"); 3 | 4 | test "async server & client" { 5 | const ClientCount = 16; 6 | 7 | const message = "bruh moment"; 8 | var params = libressl.TlsConfigurationParams{ 9 | .ca = .{ .memory = @embedFile("test_files/root.pem") }, 10 | .cert = .{ .memory = @embedFile("test_files/server.crt") }, 11 | .key = .{ .memory = @embedFile("test_files/server.key") }, 12 | }; 13 | const conf = try params.build(); 14 | 15 | var stream_server = std.net.StreamServer.init(.{}); 16 | try stream_server.listen(std.net.Address.parseIp("::", 0) catch unreachable); 17 | 18 | var ssl_stream_server = try libressl.SslServer.wrap(conf, stream_server); 19 | 20 | const Server = struct { 21 | fn serverFn(server: *libressl.SslServer, message_to_send: []const u8) !void { 22 | defer server.deinit(); 23 | 24 | var current_client: usize = 0; 25 | var client_frames: [ClientCount]@Frame(@This().handleClient) = undefined; 26 | 27 | while (current_client < ClientCount) : (current_client += 1) { 28 | client_frames[current_client] = async @This().handleClient(try server.accept(), message_to_send); 29 | } 30 | 31 | for (client_frames) |*frame| { 32 | try await frame; 33 | } 34 | } 35 | 36 | fn handleClient( 37 | stream: libressl.SslStream, 38 | message_to_send: []const u8, 39 | ) !void { 40 | var writer = stream.writer(); 41 | try writer.writeAll(message_to_send); 42 | } 43 | }; 44 | 45 | var server_frame = async Server.serverFn(&ssl_stream_server, message); 46 | 47 | const clientFn = struct { 48 | fn clientFn( 49 | server_address: std.net.Address, 50 | tls_configuration: libressl.TlsConfiguration, 51 | ) !void { 52 | var client = try std.net.tcpConnectToAddress(server_address); 53 | var ssl_client = try libressl.SslStream.wrapClientStream(tls_configuration, client, "localhost"); 54 | defer ssl_client.deinit(); 55 | 56 | var client_buf: [message.len]u8 = undefined; 57 | var client_reader = ssl_client.reader(); 58 | const bytes_read = try client_reader.read(&client_buf); 59 | const response = client_buf[0..bytes_read]; 60 | try std.testing.expectEqualStrings(message, response); 61 | } 62 | }.clientFn; 63 | 64 | var client_frames: [ClientCount]@Frame(clientFn) = undefined; 65 | 66 | var client_count: usize = 0; 67 | while (client_count < ClientCount) : (client_count += 1) { 68 | client_frames[client_count] = async clientFn(stream_server.listen_address, conf); 69 | } 70 | 71 | for (client_frames) |*frame| { 72 | try await frame; 73 | } 74 | 75 | try await server_frame; 76 | } 77 | -------------------------------------------------------------------------------- /src/main.zig: -------------------------------------------------------------------------------- 1 | const std = @import("std"); 2 | pub const out = std.log.scoped(.libressl); 3 | 4 | pub const tls = @cImport({ 5 | @cInclude("tls.h"); 6 | }); 7 | 8 | const tls_config = @import("tls_config.zig"); 9 | pub const TlsConfiguration = tls_config.TlsConfiguration; 10 | pub const TlsConfigurationParams = tls_config.TlsConfigurationParams; 11 | pub const SslStream = @import("SslStream.zig"); 12 | pub const SslServer = @import("SslServer.zig"); 13 | 14 | pub fn closeTlsContext(tls_context: *tls.tls, handle: std.os.socket_t) !void { 15 | const was_close_successful = blk: { 16 | var initial_close_attempt_value = tls.tls_close(tls_context); 17 | if (std.io.is_async) { 18 | while (initial_close_attempt_value == tls.TLS_WANT_POLLIN or initial_close_attempt_value == tls.TLS_WANT_POLLIN) { 19 | if (initial_close_attempt_value == tls.TLS_WANT_POLLIN) { 20 | std.event.Loop.instance.?.waitUntilFdReadable(handle); 21 | } else { 22 | std.event.Loop.instance.?.waitUntilFdWritable(handle); 23 | } 24 | initial_close_attempt_value = tls.tls_close(tls_context); 25 | } 26 | } 27 | break :blk initial_close_attempt_value == 0; 28 | }; 29 | if (!was_close_successful) 30 | return error.TlsClose; 31 | } 32 | 33 | // TODO(haze): reuse tls session file https://man.openbsd.org/tls_config_set_session_id.3 34 | // TODO(haze): tls noverify https://man.openbsd.org/tls_config_verify.3 35 | // TODO(haze): investigate tls_client/tls_server NULL return as OOM 36 | // TODO(haze): tls_context reporting (tls version, issuer, expiry, etc) 37 | 38 | // TODO(haze): better error parsing 39 | // TODO(haze): tls keypair/oscp add 40 | // TODO(haze): debug annotations 41 | -------------------------------------------------------------------------------- /src/normal_test.zig: -------------------------------------------------------------------------------- 1 | const std = @import("std"); 2 | const libressl = @import("main.zig"); 3 | 4 | test "server & client" { 5 | const message = "bruh moment"; 6 | var params = libressl.TlsConfigurationParams{ 7 | .ca = .{ .memory = @embedFile("test_files/root.pem") }, 8 | .cert = .{ .memory = @embedFile("test_files/server.crt") }, 9 | .key = .{ .memory = @embedFile("test_files/server.key") }, 10 | }; 11 | const conf = try params.build(); 12 | 13 | var stream_server = std.net.StreamServer.init(.{}); 14 | try stream_server.listen(std.net.Address.parseIp("::", 0) catch unreachable); 15 | 16 | var ssl_stream_server = try libressl.SslServer.wrap(conf, stream_server); 17 | 18 | const serverFn = struct { 19 | fn serverFn(server: *libressl.SslServer, message_to_send: []const u8) !void { 20 | defer server.deinit(); 21 | var ssl_connection = try server.accept(); 22 | defer ssl_connection.deinit(); 23 | 24 | var writer = ssl_connection.writer(); 25 | try writer.writeAll(message_to_send); 26 | } 27 | }.serverFn; 28 | 29 | var thread = try std.Thread.spawn(.{}, serverFn, .{ &ssl_stream_server, message }); 30 | defer thread.join(); 31 | 32 | var client = try std.net.tcpConnectToAddress(stream_server.listen_address); 33 | var ssl_client = try libressl.SslStream.wrapClientStream(conf, client, "localhost"); 34 | 35 | defer ssl_client.deinit(); 36 | 37 | var client_buf: [11]u8 = undefined; 38 | var client_reader = ssl_client.reader(); 39 | _ = try client_reader.readAll(&client_buf); 40 | try std.testing.expectEqualStrings(message, &client_buf); 41 | } 42 | -------------------------------------------------------------------------------- /src/test_files/root.pem: -------------------------------------------------------------------------------- 1 | ../../test/CA/root.pem -------------------------------------------------------------------------------- /src/test_files/server.crt: -------------------------------------------------------------------------------- 1 | ../../test/CA/server.crt -------------------------------------------------------------------------------- /src/test_files/server.key: -------------------------------------------------------------------------------- 1 | ../../test/CA/server.key -------------------------------------------------------------------------------- /src/tls_config.zig: -------------------------------------------------------------------------------- 1 | const std = @import("std"); 2 | const root = @import("main.zig"); 3 | const tls = root.tls; 4 | 5 | pub const TlsConfigurationParams = struct { 6 | const Self = @This(); 7 | pub const Protocol = enum { 8 | tls1_0, 9 | tls1_1, 10 | tls1_2, 11 | tls1_3, 12 | tls1, 13 | all, 14 | default, 15 | 16 | fn native(self: Protocol) u32 { 17 | return switch (self) { 18 | .tls1_0 => tls.TLS_PROTOCOL_TLSv1_0, 19 | .tls1_1 => tls.TLS_PROTOCOL_TLSv1_1, 20 | .tls1_2 => tls.TLS_PROTOCOL_TLSv1_2, 21 | .tls1_3 => tls.TLS_PROTOCOL_TLSv1_3, 22 | .tls1 => tls.TLS_PROTOCOL_TLSv1, 23 | .all => tls.TLS_PROTOCOLS_ALL, 24 | .default => tls.TLS_PROTOCOLS_DEFAULT, 25 | }; 26 | } 27 | }; 28 | 29 | // NOTE(haze): we don't use `@tagName` here because enum tags are interned and don't come with a 30 | // null byte (which is what libtls needs) 31 | 32 | pub const Ciphers = union(enum) { 33 | secure, 34 | compat, 35 | legacy, 36 | insecure, 37 | custom: [*:0]const u8, 38 | 39 | pub fn native(self: Ciphers) [*:0]const u8 { 40 | return switch (self) { 41 | .custom => |payload| payload, 42 | else => @tagName(self) 43 | }; 44 | } 45 | }; 46 | 47 | pub const DheParams = enum { 48 | none, 49 | auto, 50 | legacy, 51 | 52 | pub fn native(self: DheParams) []const u8 { 53 | return switch (self) { 54 | .none => "none", 55 | .auto => "auto", 56 | .legacy => "legacy", 57 | }; 58 | } 59 | }; 60 | 61 | const RootCertificateLoadingMechanism = union(enum) { 62 | /// sets the path (directory) which should be searched for root certificates. 63 | dir_path: []const u8, 64 | /// loads a file containing the root certificates. 65 | file_path: []const u8, 66 | /// sets the root certificates directly from memory. 67 | memory: []const u8, 68 | /// load the default ca_cert as reported by `tls_default_ca_cert_file` 69 | default: void, 70 | }; 71 | 72 | const LoadingMechanism = union(enum) { 73 | /// loads a file containing the item. 74 | file_path: []const u8, 75 | /// sets the item directly from memory. 76 | memory: []const u8, 77 | }; 78 | 79 | const KeypairLoadingMechanism = union(enum) { 80 | /// loads two files from which the public certificate and private key will be read. 81 | file_path: struct { 82 | cert_file_path: []const u8, 83 | key_file_path: []const u8, 84 | }, 85 | /// directly sets the public certificate and private key from memory. 86 | memory: struct { 87 | cert_memory: []const u8, 88 | key_memory: []const u8, 89 | }, 90 | }; 91 | 92 | const KeypairOcspLoadingMechanism = union(enum) { 93 | /// loads three files containing the public certificate, private key, and DER-encoded OCSP staple. 94 | file_path: struct { 95 | cert_file_path: []const u8, 96 | key_file_path: []const u8, 97 | ocsp_file_path: []const u8, 98 | }, 99 | /// directly sets the public certificate, private key, and DER-encoded OCSP staple from memory. 100 | memory: struct { 101 | cert_memory: []const u8, 102 | key_memory: []const u8, 103 | ocsp_memory: []const u8, 104 | }, 105 | }; 106 | 107 | /// specifies which versions of the TLS protocol may be used. 108 | protocol: Protocol = .default, 109 | 110 | /// sets the ALPN protocols that are supported. The alpn string is a comma separated list of protocols, in order of preference. 111 | alpn_protocols: ?[]const u8 = null, 112 | 113 | /// sets the list of ciphers that may be used. 114 | ciphers: Ciphers = .secure, 115 | 116 | /// specifies the parameters that will be used during Diffie-Hellman Ephemeral (DHE) key exchange 117 | /// In auto mode, the key size for the ephemeral key is automatically selected based on the size of the private key being used for signing. In legacy mode, 1024 bit ephemeral keys are used. The default value is none, which disables DHE key exchange. 118 | dhe_params: DheParams = .none, 119 | 120 | /// specifies the names of the elliptic curves that may be used during Elliptic Curve Diffie-Hellman Ephemeral (ECDHE) key exchange. This is a comma separated list, given in order of preference. The special value of "default" will use the default curves (currently X25519, P-256 and P-384). 121 | ecdhe_curves: []const u8 = "default", 122 | 123 | /// prefers ciphers in the client's cipher list when selecting a cipher suite (server only). This is considered to be less secure than preferring the server's list. 124 | prefer_client_ciphers: bool = false, 125 | 126 | /// prefers ciphers in the server's cipher list when selecting a cipher suite (server only). This is considered to be more secure than preferring the client's list and is the default. 127 | prefer_server_ciphers: bool = true, 128 | 129 | /// requires that a valid stapled OCSP response be provided during the TLS handshake. 130 | require_oscp_stapling: bool = false, 131 | 132 | ca: ?RootCertificateLoadingMechanism = null, 133 | 134 | cert: ?LoadingMechanism = null, 135 | crl: ?LoadingMechanism = null, 136 | key: ?LoadingMechanism = null, 137 | ocsp_staple: ?LoadingMechanism = null, 138 | keypair: ?KeypairLoadingMechanism = null, 139 | keypair_ocsp: ?KeypairOcspLoadingMechanism = null, 140 | 141 | /// limits the number of intermediate certificates that will be followed during certificate validation. 142 | verify_depth: ?usize = null, 143 | 144 | /// enables client certificate verification, requiring the client to send a certificate (server only). 145 | verify_client: bool = false, 146 | 147 | /// enables client certificate verification, without requiring the client to send a certificate (server only). 148 | verify_client_optional_cert: bool = false, 149 | 150 | const BuildError = error{ 151 | OutOfMemory, 152 | BadProtocols, 153 | BadAlpn, 154 | BadCiphers, 155 | BadDheParams, 156 | BadEcdheCurves, 157 | BadVerifyDepth, 158 | 159 | BadCaPath, 160 | BadCaFilePath, 161 | BadCaMemory, 162 | BadDefaultCaCertFile, 163 | 164 | BadCertFilePath, 165 | BadCertMemory, 166 | 167 | BadCrlFilePath, 168 | BadCrlMemory, 169 | 170 | BadKeyFilePath, 171 | BadKeyMemory, 172 | 173 | BadOcspStapleFilePath, 174 | BadOcspStapleMemory, 175 | 176 | BadKeypairFilePath, 177 | BadKeypairMemory, 178 | 179 | BadKeypairOcspFilePath, 180 | BadKeypairOcspMemory, 181 | }; 182 | 183 | pub fn build(self: Self) BuildError!TlsConfiguration { 184 | const maybe_config = tls.tls_config_new(); 185 | if (maybe_config == null) return error.OutOfMemory; 186 | var config = maybe_config.?; 187 | 188 | if (tls.tls_config_set_protocols(config, self.protocol.native()) == -1) 189 | return error.BadProtocols; 190 | 191 | if (self.alpn_protocols) |alpn_protocols| 192 | if (tls.tls_config_set_alpn(config, alpn_protocols.ptr) == -1) 193 | return error.BadAlpn; 194 | 195 | if (tls.tls_config_set_ciphers(config, self.ciphers.native()) == -1) 196 | return error.BadCiphers; 197 | if (tls.tls_config_set_dheparams(config, self.dhe_params.native().ptr) == -1) 198 | return error.BadDheParams; 199 | if (tls.tls_config_set_ecdhecurves(config, self.ecdhe_curves.ptr) == -1) 200 | return error.BadEcdheCurves; 201 | 202 | if (self.prefer_server_ciphers) 203 | tls.tls_config_prefer_ciphers_server(config); 204 | 205 | if (self.prefer_client_ciphers) 206 | tls.tls_config_prefer_ciphers_client(config); 207 | 208 | if (self.require_oscp_stapling) 209 | tls.tls_config_ocsp_require_stapling(config); 210 | 211 | if (self.verify_depth) |depth| 212 | if (tls.tls_config_set_verify_depth(config, @intCast(c_int, depth)) == -1) 213 | return error.BadVerifyDepth; 214 | 215 | if (self.verify_client) 216 | tls.tls_config_verify_client(config); 217 | 218 | if (self.verify_client_optional_cert) 219 | tls.tls_config_verify_client_optional(config); 220 | 221 | if (self.ca) |ca_mechanism| { 222 | switch (ca_mechanism) { 223 | .dir_path => |path| if (tls.tls_config_set_ca_path(config, path.ptr) == -1) return error.BadCaPath, 224 | .file_path => |path| if (tls.tls_config_set_ca_file(config, path.ptr) == -1) return error.BadCaFilePath, 225 | .memory => |data| if (tls.tls_config_set_ca_mem(config, data.ptr, data.len) == -1) return error.BadCaMemory, 226 | .default => if (tls.tls_config_set_ca_file(config, tls.tls_default_ca_cert_file()) == -1) return error.BadDefaultCaCertFile, 227 | } 228 | } 229 | 230 | if (self.cert) |cert_loading_mechanism| { 231 | switch (cert_loading_mechanism) { 232 | .file_path => |path| if (tls.tls_config_set_cert_file(config, path.ptr) == -1) return error.BadCertFilePath, 233 | .memory => |data| if (tls.tls_config_set_cert_mem(config, data.ptr, data.len) == -1) return error.BadCertMemory, 234 | } 235 | } 236 | 237 | if (self.crl) |crl_loading_mechanism| { 238 | switch (crl_loading_mechanism) { 239 | .file_path => |path| if (tls.tls_config_set_crl_file(config, path.ptr) == -1) return error.BadCrlFilePath, 240 | .memory => |data| if (tls.tls_config_set_crl_mem(config, data.ptr, data.len) == -1) return error.BadCrlMemory, 241 | } 242 | } 243 | 244 | if (self.key) |key_loading_mechanism| { 245 | switch (key_loading_mechanism) { 246 | .file_path => |path| if (tls.tls_config_set_key_file(config, path.ptr) == -1) return error.BadKeyFilePath, 247 | .memory => |data| if (tls.tls_config_set_key_mem(config, data.ptr, data.len) == -1) return error.BadKeyMemory, 248 | } 249 | } 250 | 251 | if (self.ocsp_staple) |ocsp_staple_loading_mechanism| { 252 | switch (ocsp_staple_loading_mechanism) { 253 | .file_path => |path| if (tls.tls_config_set_ocsp_staple_file(config, path.ptr) == -1) return error.BadOcspStapleFilePath, 254 | .memory => |data| if (tls.tls_config_set_ocsp_staple_mem(config, data.ptr, data.len) == -1) return error.BadOcspStapleMemory, 255 | } 256 | } 257 | 258 | if (self.keypair) |keypair_loading_mechanism| { 259 | switch (keypair_loading_mechanism) { 260 | .file_path => |paths| if (tls.tls_config_set_keypair_file(config, paths.cert_file_path.ptr, paths.key_file_path.ptr) == -1) return error.BadKeypairFilePath, 261 | .memory => |data| if (tls.tls_config_set_keypair_mem(config, data.cert_memory.ptr, data.cert_memory.len, data.key_memory.ptr, data.key_memory.len) == -1) return error.BadKeypairMemory, 262 | } 263 | } 264 | 265 | if (self.keypair_ocsp) |keypair_ocsp_loading_mechanism| { 266 | switch (keypair_ocsp_loading_mechanism) { 267 | .file_path => |paths| if (tls.tls_config_set_keypair_ocsp_file(config, paths.cert_file_path.ptr, paths.key_file_path.ptr, paths.ocsp_file_path.ptr) == -1) return error.BadKeypairOcspFilePath, 268 | .memory => |data| if (tls.tls_config_set_keypair_ocsp_mem(config, data.cert_memory.ptr, data.cert_memory.len, data.key_memory.ptr, data.key_memory.len, data.ocsp_memory.ptr, data.ocsp_memory.len) == -1) return error.BadKeypairOcspMemory, 269 | } 270 | } 271 | 272 | return TlsConfiguration{ 273 | .params = self, 274 | .config = config, 275 | }; 276 | } 277 | }; 278 | 279 | pub const TlsConfiguration = struct { 280 | const Self = @This(); 281 | 282 | params: TlsConfigurationParams, 283 | config: *tls.tls_config, 284 | 285 | pub fn deinit(self: *Self) void { 286 | tls.tls_config_free(self.config); 287 | self.* = undefined; 288 | } 289 | }; 290 | -------------------------------------------------------------------------------- /test/CA/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2018 Bob Beck 2 | 3 | Permission to use, copy, modify, and distribute this software for any 4 | purpose with or without fee is hereby granted, provided that the above 5 | copyright notice and this permission notice appear in all copies. 6 | 7 | THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES 8 | WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR 10 | ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | CTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | -------------------------------------------------------------------------------- /test/CA/Makefile: -------------------------------------------------------------------------------- 1 | all: root.pem chain.pem intermediate/certs/ocsp-localhost.pem revoked.key server.key client.key 2 | 3 | clean: 4 | /bin/rm -rf root intermediate root.pem chain.pem *.key *.crt *.der 5 | 6 | intermediate/certs/ocsp-localhost.pem: intermediate/certs/intermediate.cert.pem 7 | (cd intermediate && openssl genrsa -out private/ocsp-localhost.key.pem 4096) 8 | (cd intermediate && openssl req -batch -config openssl.cnf -new -key private/ocsp-localhost.key.pem -subj "/C=CA/ST=Edmonton/O=Bob Beck/OU=LibTLS Tutorial OCSP division/CN=localhost" -out csr/ocsp-localhost.csr.pem) 9 | openssl ca -batch -config intermediate/openssl.cnf -extensions ocsp -days 375 -notext -md sha256 -in intermediate/csr/ocsp-localhost.csr.pem -out intermediate/certs/ocsp-localhost.pem 10 | 11 | chain.pem: intermediate/certs/intermediate.cert.pem root/certs/ca.cert.pem 12 | cat intermediate/certs/intermediate.cert.pem root/certs/ca.cert.pem > chain.pem 13 | 14 | root.pem: root/certs/ca.cert.pem 15 | cp root/certs/ca.cert.pem root.pem 16 | 17 | root/certs/ca.cert.pem: 18 | mkdir -p root/private 19 | mkdir -p root/certs 20 | mkdir -p root/newcerts 21 | cp openssl-root.cnf root/openssl.cnf 22 | (cd root && openssl genrsa -out private/ca.key.pem 4096) 23 | touch root/index.txt 24 | echo 1000 > root/serial 25 | (cd root && openssl req -batch -config openssl.cnf -key private/ca.key.pem -new -x509 -days 7300 -sha256 -extensions v3_ca -subj "/C=CA/ST=Edmonton/O=Bob Beck/OU=LibTLS Tutorial/CN=Root CA Cert" -out certs/ca.cert.pem) 26 | 27 | intermediate/certs/intermediate.cert.pem: root/certs/ca.cert.pem 28 | mkdir -p intermediate/certs 29 | mkdir -p intermediate/crl 30 | mkdir -p intermediate/csr 31 | mkdir -p intermediate/newcerts 32 | mkdir -p intermediate/private 33 | cp openssl-intermediate.cnf intermediate/openssl.cnf 34 | touch intermediate/index.txt 35 | echo 1000 > intermediate/serial 36 | echo 1000 > intermediate/crlnumber 37 | (cd intermediate && openssl genrsa -out private/intermediate.key.pem 4096) 38 | (cd intermediate && openssl req -batch -config openssl.cnf -key private/intermediate.key.pem -new -sha256 -subj "/C=CA/ST=Edmonton/O=Bob Beck/OU=LibTLS Tutorial/CN=Intermediate CA Cert" -out csr/intermediate.csr.pem) 39 | openssl ca -batch -config root/openssl.cnf -extensions v3_intermediate_ca -days 3600 -notext -md sha256 -in intermediate/csr/intermediate.csr.pem -out intermediate/certs/intermediate.cert.pem 40 | 41 | revoked.key: intermediate/certs/intermediate.cert.pem chain.pem 42 | (cd intermediate && openssl genrsa -out private/revoked.key 2048) 43 | (cd intermediate && openssl req -batch -config openssl.cnf -new -key private/revoked.key -subj "/C=CA/ST=Edmonton/O=Bob Beck/OU=LibTLS Tutorial Revoked Certs/CN=localhost" -out csr/revoked.pem) 44 | openssl ca -batch -config intermediate/openssl.cnf -extensions server_cert -days 375 -notext -md sha256 -in intermediate/csr/revoked.pem -out intermediate/certs/revoked.crt 45 | openssl ca -batch -config intermediate/openssl.cnf -revoke intermediate/certs/revoked.crt 46 | openssl ca -config intermediate/openssl.cnf -gencrl -out intermediate/crl/intermediate.crl.pem 47 | cp intermediate/private/revoked.key revoked.key 48 | cp intermediate/certs/revoked.crt revoked.crt 49 | cat chain.pem >> revoked.crt 50 | 51 | server.key: intermediate/certs/intermediate.cert.pem chain.pem 52 | (cd intermediate && openssl genrsa -out private/server.key 2048) 53 | (cd intermediate && openssl req -batch -config openssl.cnf -new -key private/server.key -subj "/C=CA/ST=Edmonton/O=Bob Beck/OU=LibTLS Tutorial Server Certs/CN=localhost" -out csr/server.pem) 54 | openssl ca -batch -config intermediate/openssl.cnf -extensions server_cert -days 375 -notext -md sha256 -in intermediate/csr/server.pem -out intermediate/certs/server.crt 55 | cp intermediate/private/server.key server.key 56 | cp intermediate/certs/server.crt server.crt 57 | cat chain.pem >> server.crt 58 | 59 | client.key: intermediate/certs/intermediate.cert.pem chain.pem 60 | (cd intermediate && openssl genrsa -out private/client.key 2048) 61 | (cd intermediate && openssl req -batch -config openssl.cnf -new -key private/client.key -subj "/emailAddress=beck@openbsd.org/C=CA/ST=Edmonton/O=Bob Beck/OU=LibTLS Tutorial Client Certs/CN=localhost" -out csr/client.pem) 62 | openssl ca -batch -config intermediate/openssl.cnf -extensions usr_cert -days 375 -notext -md sha256 -in intermediate/csr/client.pem -out intermediate/certs/client.crt 63 | cp intermediate/private/client.key client.key 64 | cp intermediate/certs/client.crt client.crt 65 | cat chain.pem >> client.crt 66 | -------------------------------------------------------------------------------- /test/CA/README.md: -------------------------------------------------------------------------------- 1 | 2 | # Happy Bob's Test CA 3 | 4 | This implements a dumb CA with a root, intermediate, and ocsp signer using the 5 | openssl command.. 6 | 7 | While I am OK with you learning from it, please remember: 8 | 9 | ### Friends do not let friends use the openssl(1) command in production! 10 | 11 | It's nasty and horrible. it does not check return values. for the love of Cthulhu don't trust it for anything real and expose it to input that could come from untrusted sources! 12 | 13 | I am using it here for *TESTING*, and that's all you should do with it. You've been warned. 14 | 15 | Now having said that. the Makefile in here sets everything up. 16 | 17 | - "make" builds the root CA, intermediate, and ocsp signer, along with a server and client certificate, both having a CN for "localhost". 18 | - "make clean" blows away *everything* including the signers and issued certs. Don't do this if you want to keep using the same certs. 19 | - "makecert.sh" is a little shell script that can be use to make client and server certs with an arbitrary CN and email address. 20 | - "ocspfetch.sh" Retreives the OCSP response for server.crt using openssl commands. 21 | -------------------------------------------------------------------------------- /test/CA/chain.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFsjCCA5qgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwZDELMAkGA1UEBhMCQ0Ex 3 | ETAPBgNVBAgMCEVkbW9udG9uMREwDwYDVQQKDAhCb2IgQmVjazEYMBYGA1UECwwP 4 | TGliVExTIFR1dG9yaWFsMRUwEwYDVQQDDAxSb290IENBIENlcnQwHhcNMjIxMDAx 5 | MTcyMTU0WhcNMzIwODA5MTcyMTU0WjBsMQswCQYDVQQGEwJDQTERMA8GA1UECAwI 6 | RWRtb250b24xETAPBgNVBAoMCEJvYiBCZWNrMRgwFgYDVQQLDA9MaWJUTFMgVHV0 7 | b3JpYWwxHTAbBgNVBAMMFEludGVybWVkaWF0ZSBDQSBDZXJ0MIICIjANBgkqhkiG 8 | 9w0BAQEFAAOCAg8AMIICCgKCAgEA4BB3kZ368xlDnt2rpPmTbMQF4aE1mWcKx5M1 9 | x05nDvUUOz3OY08iIaXQJd6MGYcV1or9gAy2NPhajuAHWkm/xjLplVEwBs2mk+Ts 10 | 0jOIKY5LhPvhD1J0gvxZ7HQ/h44KpKhNwNCjc2m9NbjnEXPgUzv+liECeqnQDe5K 11 | rYIWh92LywKezCJmDtNcLyXvJcG+TqXKhjEN8WbzLT3WqSdvWIyGIswFBpCPY7/Y 12 | PUyD29hX07DJLCfBx91Iq3QDYr5agpSmdcglAwb/AsZIci/vh9ZsrIwJuT8GrH5Y 13 | EtZdCpqyCEB9upNEQyhNyY2+rnjPw3KcVGf1TwzBrultWs+UBniBxywxMwzIziBo 14 | S0BqhLecZsroRdGcKMrMRakIr03Bjg7rFgQkSPPO7l1iyEs3CckE4AIbS/Bj+pk/ 15 | LfEEluWWGSYYukMKs+9U+MKX0F/NyYVfvnA8Ex4LDbkNKRziLpehiy+wJl3Kku4q 16 | swiisOqLGItGGBBHzML+zw75sbWtgzt06CHTca8P2GbmS5IdVvQKQ18+t03CbHca 17 | tphQbgXTjY88exaqIr1jP2AFMWzKGKB0yUJ+ZskG0RmbFAPFzvqA9hdLQ3J1zQWe 18 | cmL9Ur374cGqkA4LR1mn4WgsskYYyqS1QBC/5BIhlZCDrd2SMNDxa2vYNzgsvPa6 19 | +NydIrkCAwEAAaNmMGQwHQYDVR0OBBYEFLYmLwQAe5Mb7hmIKo/HppNaWMvCMB8G 20 | A1UdIwQYMBaAFPJ992/6GmE6Vx51ATNfI0t4KSyXMBIGA1UdEwEB/wQIMAYBAf8C 21 | AQAwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQAK+FMQNbH1KEmF 22 | tv2Etgqi9weQ8Zv1aNmvipxtnEujXv+Cickvvy1SunB1hH3UVy78O4+aV65TKnqR 23 | vzYryX/mGkSUgqMvo+7g0GzeW+oeNSJPgER8Jysdg69u06HxLEPowjgQHsXeFG3O 24 | 1NB2p4tr7CtrKm8yiXLbcmCUh9QKi/BlBvYxOevAunmrBd907f0hbY+U/xvqYCTw 25 | A7MULSBDDhxNklp+HgEq5XDiQUdh5hqM4w9lyZvJc6vaDd9302qo1eX7O+atMsv7 26 | pkJV/gpQbWIkcrBG/Xsis664T374Czss11ohEcOdLHU9mmayFaL5YeTbuCsLZaW1 27 | lReUbALBNnB5/85eN2JUGwBFukdMyGn0v+u6U/E3D+JnYPt6fP0dItTvAXo2qhYL 28 | 9I3B1lbwp1Jng/v1CYQ1nBh4LAhqY1la+WauO7Fj0cAeLRIgVLCyispWJOB1J0lG 29 | FJpjCH0x/bdclCuZcOz7qN3Berw+FPe3ZUhSIWGpY1um9wGif3tHZnl2sGNi+hYB 30 | Pv6CZP8x9HehzQqJYj3IytCW+lgYcI8UzFm8SS19gRq85QQtSFrW1e8oJ7mYbiLu 31 | 3tAictLVOUtALySQxRNWYyN91T63xybkqwSTyDdIIc0uH1GM7uJjRzUSJhcjX0o2 32 | X59Eo5OCgmc6uW+uaCDnZ0N3b0O2Dg== 33 | -----END CERTIFICATE----- 34 | -----BEGIN CERTIFICATE----- 35 | MIIFuTCCA6GgAwIBAgIUWpN0nBX6qMZ38jMp79eX4QfjKv0wDQYJKoZIhvcNAQEL 36 | BQAwZDELMAkGA1UEBhMCQ0ExETAPBgNVBAgMCEVkbW9udG9uMREwDwYDVQQKDAhC 37 | b2IgQmVjazEYMBYGA1UECwwPTGliVExTIFR1dG9yaWFsMRUwEwYDVQQDDAxSb290 38 | IENBIENlcnQwHhcNMjIxMDAxMTcyMTUxWhcNNDIwOTI2MTcyMTUxWjBkMQswCQYD 39 | VQQGEwJDQTERMA8GA1UECAwIRWRtb250b24xETAPBgNVBAoMCEJvYiBCZWNrMRgw 40 | FgYDVQQLDA9MaWJUTFMgVHV0b3JpYWwxFTATBgNVBAMMDFJvb3QgQ0EgQ2VydDCC 41 | AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANfG43HX9NadgkmE1l7ZGDTO 42 | 8Fk3BNrCJiG0mnpOHQA1dg+s9tIK5ujfimcNdJUMv8Pz0p/Cx1V+NxGYliGZy58H 43 | olVML8pV/EBcG/7KamGw8+sPmHD80sLXHZU8oIZDaq0oZFQybyCmZJVCxVkcCJ8O 44 | NrxkG4uL6JBj9LxHln0atb4Tksuy3mojPtL0ljzLqw7kHcb4YMz6aBpplU4Vb8U1 45 | Q+yKkGvLGkHQcSAyz6Gl4LbK8n/eJzcrzzxjgE5weNFJwWS2v6i2k4LiXnf1de3U 46 | J70M0gqa+H7lABH4jLs7N1wjEHPgtfvfNLC2yINaV4bLdjlg+PN3PYzmd3khNtfO 47 | f7LVXg4NAvTxcVrBZL0WHO72pIAflA6w3FqPAerhkQA6xoGVr7qd7a2A1TQd7l1K 48 | J8r9eD0eYF9hc/cIb3Uf0h/xFAYAz+trTLKIpZxc14d7n0EOX1/6ltwud+dYsMvZ 49 | XDOWwovmnOEJa6NPJiJpQZboky0Ra3HCbkTNKtfxM4ZsMC+1w8F0t6HDpcvshugl 50 | 6FaRADW+J1feAFRQGqGfNGQUUvWYhw4BYnNnuqYtDsT1PlSWt+jQdC76k1l9qMrI 51 | u/dqgs5tO9hzg5naZC/qTw0zTaeRShsiwj1sVsYuoNQLj7vbguliQxTGmvq/kA1C 52 | pHuvwemoNuF1p43XihS/AgMBAAGjYzBhMB0GA1UdDgQWBBTyffdv+hphOlcedQEz 53 | XyNLeCkslzAfBgNVHSMEGDAWgBTyffdv+hphOlcedQEzXyNLeCkslzAPBgNVHRMB 54 | Af8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAYGxG 55 | G5CkEflZvV3jsgMKWfEZnNLzDoZMP0881AXFVdyIcoscxr5lvdwjfcjfBzDV7qE8 56 | dJxdi3ws/XMyiol/pBjtPFpspgpIhtU7HWn7G8MKCtUoCXfAXhdIY6GIpR+oDZaT 57 | XxyMpPQMQ0vZPRBGbRDNpNuchxqJHGXTyJS23HqHNISKr25SLz1/H0d32G9PCee+ 58 | +ZGgQd67I9FIvIaO692z1NjiR3VayKQrXVoc7HM2Ul+wSn6m0VynGpmB2mW/R8RF 59 | 6WAZIDwitANpT+xvQkMRALcLqiFc7HJFeTvnwA8BKFQXnyxdiNrywimp/GNYb/hs 60 | 2DH4GITlUKuyB+dbYQosXQL9HgMZvgVEPSPFDITvs0XJm6ts3b7m9X4ojoyMrmkI 61 | bJ+4Ievt/xC+yDcvGzifhWN8SnF/2foAYsiLujO8QkA1C5As1+MHRnPe1IpZY+pg 62 | XbrGOsRoEaIxUZywphKWOwb6NUZtIgKxxD7pVjmSrBL4lxxvedoT4IYaAQ3ZXUVc 63 | 2G501SJ0MzyHVA8BJThnpsiEewCEFTrTw2v5IpUDZMs3eOqoNVhrDL27jxsUucss 64 | PbNbBypacy1y2DU8iPapRjif1XmkuXlQHAifYn9ydBx+l9/TzETfK4cn364XFfUy 65 | lybaJU00GZld0TwE80YLBduigVNZ6pftRKV+aU0= 66 | -----END CERTIFICATE----- 67 | -------------------------------------------------------------------------------- /test/CA/client.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFcTCCA1mgAwIBAgICEAMwDQYJKoZIhvcNAQELBQAwbDELMAkGA1UEBhMCQ0Ex 3 | ETAPBgNVBAgMCEVkbW9udG9uMREwDwYDVQQKDAhCb2IgQmVjazEYMBYGA1UECwwP 4 | TGliVExTIFR1dG9yaWFsMR0wGwYDVQQDDBRJbnRlcm1lZGlhdGUgQ0EgQ2VydDAe 5 | Fw0yMjEwMDExNzIxNTZaFw0yMzEwMTExNzIxNTZaMIGPMQswCQYDVQQGEwJDQTER 6 | MA8GA1UECAwIRWRtb250b24xETAPBgNVBAoMCEJvYiBCZWNrMSUwIwYDVQQLDBxM 7 | aWJUTFMgVHV0b3JpYWwgQ2xpZW50IENlcnRzMRIwEAYDVQQDDAlsb2NhbGhvc3Qx 8 | HzAdBgkqhkiG9w0BCQEWEGJlY2tAb3BlbmJzZC5vcmcwggEiMA0GCSqGSIb3DQEB 9 | AQUAA4IBDwAwggEKAoIBAQC4spK3sz9Lf2Xp/1ejSmbfgcKki2lvJPCcVaLTwJ2Q 10 | BNlwSFkRyELRMukdE3yYRyU9OU8RdxJwpOSLFiPDz0yBFYP9tkLXoa0Ce/9WZ0RG 11 | Yqr3ygd1Lk27tV/6UuhHjYqgAqqb6iRwnabfdLD42Csct/suO2RtwoRsUJr6ifYV 12 | Uh8ItBc3mkelRMHt9vD/HPf2oTR154OPNAWjaj5tbwjl8AKIkbZQiaua3t5lM9f8 13 | mzP3F5j50HFwygR1x31kpEbgtXcdcRuLB9drfW/yuSoC9pneJAYS1W1jrMlfeEy9 14 | n91BAlObNHbjsquE3xTP6iVFNotfEpJjGDeDaHT5Atl7AgMBAAGjgfgwgfUwCQYD 15 | VR0TBAIwADARBglghkgBhvhCAQEEBAMCBaAwMwYJYIZIAYb4QgENBCYWJE9wZW5T 16 | U0wgR2VuZXJhdGVkIENsaWVudCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU5+GcYMfY 17 | zCiwnrWnc4dP73SacNswHwYDVR0jBBgwFoAUtiYvBAB7kxvuGYgqj8emk1pYy8Iw 18 | DgYDVR0PAQH/BAQDAgXgMDEGCCsGAQUFBwEBBCUwIzAhBggrBgEFBQcwAYYVaHR0 19 | cDovL2xvY2FsaG9zdDoyNTYwMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD 20 | BDANBgkqhkiG9w0BAQsFAAOCAgEADt9f/xrd2aDI53zwI8L5jepeKfVF0C6qmb+O 21 | oreoH1cZstv6GVm0WXqKRxyRaqZPvVh8yzuL4k1re0+t14BcWwyV+7fK9X3CfUQo 22 | BphMSBccFLQSE2/9da1XKpSzVO52rHVwzTKUZ/RZ0rKoa/Z7bNYHeeFmaD+Y2sn9 23 | WRd6Q64jGKT3jrH8Yw/lDsIe058EIhKRac/69VxFiG2ZOsaqslFuhzfWrMN70ts8 24 | Yr9iAHgxHyMqNBoZtEIeksDsQGo84lXUIYEw7jz6IcxUlDis1U/yhG7mVijuJHW1 25 | WMDCx8UhspYSKXsWNny0YU3lyg67Z7TNwkgoDhW+Gssd/GJ5+yE4WfUF6vSZn2ro 26 | MLhpfYW5Cp/CnoJs8hbEUXpvhaXHZau5Rhc08Cpwho7ooumVBnKHSWGcaN3aFQjh 27 | +eaQ8tjQMqewJur8viXiOKVjAkvmkubjTWf4KI1vBjNqwbVSZ+L8oVR3MLUtblWu 28 | nr3gpzt1SK4t/c1WU2TDGHTyC2Am0242DLggXg+QAwqpWM1H057FSFw3+MLFBRF0 29 | 2+V5I/4QeupVav7+uQ77jqKTTQLcVXw9l4xVMnl7e0ezive9BlwFLvsMBDB3MPQV 30 | cbJA4I+u4NE92dy2wcjm9c7A0Pg1o/0LwkfreySEgCZgiz9o//hlnoN66J27xdwo 31 | dlAdcfw= 32 | -----END CERTIFICATE----- 33 | -----BEGIN CERTIFICATE----- 34 | MIIFsjCCA5qgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwZDELMAkGA1UEBhMCQ0Ex 35 | ETAPBgNVBAgMCEVkbW9udG9uMREwDwYDVQQKDAhCb2IgQmVjazEYMBYGA1UECwwP 36 | TGliVExTIFR1dG9yaWFsMRUwEwYDVQQDDAxSb290IENBIENlcnQwHhcNMjIxMDAx 37 | MTcyMTU0WhcNMzIwODA5MTcyMTU0WjBsMQswCQYDVQQGEwJDQTERMA8GA1UECAwI 38 | RWRtb250b24xETAPBgNVBAoMCEJvYiBCZWNrMRgwFgYDVQQLDA9MaWJUTFMgVHV0 39 | b3JpYWwxHTAbBgNVBAMMFEludGVybWVkaWF0ZSBDQSBDZXJ0MIICIjANBgkqhkiG 40 | 9w0BAQEFAAOCAg8AMIICCgKCAgEA4BB3kZ368xlDnt2rpPmTbMQF4aE1mWcKx5M1 41 | x05nDvUUOz3OY08iIaXQJd6MGYcV1or9gAy2NPhajuAHWkm/xjLplVEwBs2mk+Ts 42 | 0jOIKY5LhPvhD1J0gvxZ7HQ/h44KpKhNwNCjc2m9NbjnEXPgUzv+liECeqnQDe5K 43 | rYIWh92LywKezCJmDtNcLyXvJcG+TqXKhjEN8WbzLT3WqSdvWIyGIswFBpCPY7/Y 44 | PUyD29hX07DJLCfBx91Iq3QDYr5agpSmdcglAwb/AsZIci/vh9ZsrIwJuT8GrH5Y 45 | EtZdCpqyCEB9upNEQyhNyY2+rnjPw3KcVGf1TwzBrultWs+UBniBxywxMwzIziBo 46 | S0BqhLecZsroRdGcKMrMRakIr03Bjg7rFgQkSPPO7l1iyEs3CckE4AIbS/Bj+pk/ 47 | LfEEluWWGSYYukMKs+9U+MKX0F/NyYVfvnA8Ex4LDbkNKRziLpehiy+wJl3Kku4q 48 | swiisOqLGItGGBBHzML+zw75sbWtgzt06CHTca8P2GbmS5IdVvQKQ18+t03CbHca 49 | tphQbgXTjY88exaqIr1jP2AFMWzKGKB0yUJ+ZskG0RmbFAPFzvqA9hdLQ3J1zQWe 50 | cmL9Ur374cGqkA4LR1mn4WgsskYYyqS1QBC/5BIhlZCDrd2SMNDxa2vYNzgsvPa6 51 | +NydIrkCAwEAAaNmMGQwHQYDVR0OBBYEFLYmLwQAe5Mb7hmIKo/HppNaWMvCMB8G 52 | A1UdIwQYMBaAFPJ992/6GmE6Vx51ATNfI0t4KSyXMBIGA1UdEwEB/wQIMAYBAf8C 53 | AQAwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQAK+FMQNbH1KEmF 54 | tv2Etgqi9weQ8Zv1aNmvipxtnEujXv+Cickvvy1SunB1hH3UVy78O4+aV65TKnqR 55 | vzYryX/mGkSUgqMvo+7g0GzeW+oeNSJPgER8Jysdg69u06HxLEPowjgQHsXeFG3O 56 | 1NB2p4tr7CtrKm8yiXLbcmCUh9QKi/BlBvYxOevAunmrBd907f0hbY+U/xvqYCTw 57 | A7MULSBDDhxNklp+HgEq5XDiQUdh5hqM4w9lyZvJc6vaDd9302qo1eX7O+atMsv7 58 | pkJV/gpQbWIkcrBG/Xsis664T374Czss11ohEcOdLHU9mmayFaL5YeTbuCsLZaW1 59 | lReUbALBNnB5/85eN2JUGwBFukdMyGn0v+u6U/E3D+JnYPt6fP0dItTvAXo2qhYL 60 | 9I3B1lbwp1Jng/v1CYQ1nBh4LAhqY1la+WauO7Fj0cAeLRIgVLCyispWJOB1J0lG 61 | FJpjCH0x/bdclCuZcOz7qN3Berw+FPe3ZUhSIWGpY1um9wGif3tHZnl2sGNi+hYB 62 | Pv6CZP8x9HehzQqJYj3IytCW+lgYcI8UzFm8SS19gRq85QQtSFrW1e8oJ7mYbiLu 63 | 3tAictLVOUtALySQxRNWYyN91T63xybkqwSTyDdIIc0uH1GM7uJjRzUSJhcjX0o2 64 | X59Eo5OCgmc6uW+uaCDnZ0N3b0O2Dg== 65 | -----END CERTIFICATE----- 66 | -----BEGIN CERTIFICATE----- 67 | MIIFuTCCA6GgAwIBAgIUWpN0nBX6qMZ38jMp79eX4QfjKv0wDQYJKoZIhvcNAQEL 68 | BQAwZDELMAkGA1UEBhMCQ0ExETAPBgNVBAgMCEVkbW9udG9uMREwDwYDVQQKDAhC 69 | b2IgQmVjazEYMBYGA1UECwwPTGliVExTIFR1dG9yaWFsMRUwEwYDVQQDDAxSb290 70 | IENBIENlcnQwHhcNMjIxMDAxMTcyMTUxWhcNNDIwOTI2MTcyMTUxWjBkMQswCQYD 71 | VQQGEwJDQTERMA8GA1UECAwIRWRtb250b24xETAPBgNVBAoMCEJvYiBCZWNrMRgw 72 | FgYDVQQLDA9MaWJUTFMgVHV0b3JpYWwxFTATBgNVBAMMDFJvb3QgQ0EgQ2VydDCC 73 | AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANfG43HX9NadgkmE1l7ZGDTO 74 | 8Fk3BNrCJiG0mnpOHQA1dg+s9tIK5ujfimcNdJUMv8Pz0p/Cx1V+NxGYliGZy58H 75 | olVML8pV/EBcG/7KamGw8+sPmHD80sLXHZU8oIZDaq0oZFQybyCmZJVCxVkcCJ8O 76 | NrxkG4uL6JBj9LxHln0atb4Tksuy3mojPtL0ljzLqw7kHcb4YMz6aBpplU4Vb8U1 77 | Q+yKkGvLGkHQcSAyz6Gl4LbK8n/eJzcrzzxjgE5weNFJwWS2v6i2k4LiXnf1de3U 78 | J70M0gqa+H7lABH4jLs7N1wjEHPgtfvfNLC2yINaV4bLdjlg+PN3PYzmd3khNtfO 79 | f7LVXg4NAvTxcVrBZL0WHO72pIAflA6w3FqPAerhkQA6xoGVr7qd7a2A1TQd7l1K 80 | J8r9eD0eYF9hc/cIb3Uf0h/xFAYAz+trTLKIpZxc14d7n0EOX1/6ltwud+dYsMvZ 81 | XDOWwovmnOEJa6NPJiJpQZboky0Ra3HCbkTNKtfxM4ZsMC+1w8F0t6HDpcvshugl 82 | 6FaRADW+J1feAFRQGqGfNGQUUvWYhw4BYnNnuqYtDsT1PlSWt+jQdC76k1l9qMrI 83 | u/dqgs5tO9hzg5naZC/qTw0zTaeRShsiwj1sVsYuoNQLj7vbguliQxTGmvq/kA1C 84 | pHuvwemoNuF1p43XihS/AgMBAAGjYzBhMB0GA1UdDgQWBBTyffdv+hphOlcedQEz 85 | XyNLeCkslzAfBgNVHSMEGDAWgBTyffdv+hphOlcedQEzXyNLeCkslzAPBgNVHRMB 86 | Af8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAYGxG 87 | G5CkEflZvV3jsgMKWfEZnNLzDoZMP0881AXFVdyIcoscxr5lvdwjfcjfBzDV7qE8 88 | dJxdi3ws/XMyiol/pBjtPFpspgpIhtU7HWn7G8MKCtUoCXfAXhdIY6GIpR+oDZaT 89 | XxyMpPQMQ0vZPRBGbRDNpNuchxqJHGXTyJS23HqHNISKr25SLz1/H0d32G9PCee+ 90 | +ZGgQd67I9FIvIaO692z1NjiR3VayKQrXVoc7HM2Ul+wSn6m0VynGpmB2mW/R8RF 91 | 6WAZIDwitANpT+xvQkMRALcLqiFc7HJFeTvnwA8BKFQXnyxdiNrywimp/GNYb/hs 92 | 2DH4GITlUKuyB+dbYQosXQL9HgMZvgVEPSPFDITvs0XJm6ts3b7m9X4ojoyMrmkI 93 | bJ+4Ievt/xC+yDcvGzifhWN8SnF/2foAYsiLujO8QkA1C5As1+MHRnPe1IpZY+pg 94 | XbrGOsRoEaIxUZywphKWOwb6NUZtIgKxxD7pVjmSrBL4lxxvedoT4IYaAQ3ZXUVc 95 | 2G501SJ0MzyHVA8BJThnpsiEewCEFTrTw2v5IpUDZMs3eOqoNVhrDL27jxsUucss 96 | PbNbBypacy1y2DU8iPapRjif1XmkuXlQHAifYn9ydBx+l9/TzETfK4cn364XFfUy 97 | lybaJU00GZld0TwE80YLBduigVNZ6pftRKV+aU0= 98 | -----END CERTIFICATE----- 99 | -------------------------------------------------------------------------------- /test/CA/client.key: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC4spK3sz9Lf2Xp 3 | /1ejSmbfgcKki2lvJPCcVaLTwJ2QBNlwSFkRyELRMukdE3yYRyU9OU8RdxJwpOSL 4 | FiPDz0yBFYP9tkLXoa0Ce/9WZ0RGYqr3ygd1Lk27tV/6UuhHjYqgAqqb6iRwnabf 5 | dLD42Csct/suO2RtwoRsUJr6ifYVUh8ItBc3mkelRMHt9vD/HPf2oTR154OPNAWj 6 | aj5tbwjl8AKIkbZQiaua3t5lM9f8mzP3F5j50HFwygR1x31kpEbgtXcdcRuLB9dr 7 | fW/yuSoC9pneJAYS1W1jrMlfeEy9n91BAlObNHbjsquE3xTP6iVFNotfEpJjGDeD 8 | aHT5Atl7AgMBAAECggEAKMbcF4yOa9ero3bJXXa+sZfPZk6VL4GjUZCii0eaQcKg 9 | UubWK1PgVJl91/qGZoRGl3bAmyWDv7TX9FEmAkQRKuqaIniL11mNfd/sZqIT88oy 10 | 3tQOw3M+nDOWBgkp2SpJsbwE+Lk/5FEaF3mG3Nm04vlHjlR0frsUS2mcXbX5y4jd 11 | wafNzRPv4kLpusAKx0pxNh3/OuWuWs+NkevwFLXuD3oRynZ+O/UQGbm4jomPwE+j 12 | JH/DuvTN8jX+7Ism3FsqSXQTyVakaS0hpvp5Dk+DMxLakAnUYVN3qXFe4kReI5/D 13 | LkLQIUH3LXe87hVQEv0qYRa9I1Bn0R5YpHHKWFHzyQKBgQD9wZOpTZOS4N+l6A4Q 14 | 28b7qwWLYjjEbkC4o4rpyZF6CKEeFpNhdgIYm0LvErGieL0PzFavYjKSQ5jchenp 15 | EKznzLYVeAKoeRBipT9qo8DdzvNeOonOGejo/W0qFzfXwNpGxmcgTK00QF2anj12 16 | coyv+kW5bitRjigu1fxhVCzfPQKBgQC6VKtq34DlB7htC5fZlfJ9KUeqZ94SJzuo 17 | jWhKxgxTIC93ATISNr2AXxn1A87eIbM6TGzLv8U0fe0bOU7OtLYOHyfJug3MDS4P 18 | TZdsQAtutjtur26dnaqFw2tV+Ab7oZn+5xB/gl3+FnHGU/zJsISWrMfo7F1DY1P3 19 | 2uc5RmKnFwKBgQDiMBdf9R9S8BFKgCNxkYW3tMT3bjDtnt0f998N7zc2UNTUzgjG 20 | +fp6VoL+OWqPSRI1L84g/OXZDFoIT3Gl5tBIumefkV7FL0yUsXlqo9Z5oEu8NW+6 21 | f8vlSmhw+Us0jNnD9nvcBZzqE2mcNerRVt/iyLI3zGTeiFl3DhSt6OsqfQKBgGe3 22 | ubNDtfvG0GHikiQL027YC4xPRM3WCN9J10PH+hRLViBoCfcZgWJzjX9VH1GGcL2C 23 | zQydMqiFb/Y3cCafcLdroDop1oQ+0eSyzBb1j2eRCIQUIv6ZRNIwdQ7lgP2Qdqfs 24 | 9sIDT06gL7S2C4A5QZSdmKmO6FsabyMINq0rAL8BAoGAaSsrYqNFPxZge7IXrTBM 25 | MnAY+cdMjKW+L6EB02AWZgcVEM9qIddanZ0dVM643mdM/3oWISpjqsp9WW8lw1fx 26 | V3oVVwt9lQ4nZcZpoV0d1dhNSydDpGaB7/kxXJBIG4w8LrUBrRKruz2eB75fGG0C 27 | sWdLYcOkqY0KNeYnGWeBOeY= 28 | -----END PRIVATE KEY----- 29 | -------------------------------------------------------------------------------- /test/CA/intermediate/certs/client.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFcTCCA1mgAwIBAgICEAMwDQYJKoZIhvcNAQELBQAwbDELMAkGA1UEBhMCQ0Ex 3 | ETAPBgNVBAgMCEVkbW9udG9uMREwDwYDVQQKDAhCb2IgQmVjazEYMBYGA1UECwwP 4 | TGliVExTIFR1dG9yaWFsMR0wGwYDVQQDDBRJbnRlcm1lZGlhdGUgQ0EgQ2VydDAe 5 | Fw0yMjEwMDExNzIxNTZaFw0yMzEwMTExNzIxNTZaMIGPMQswCQYDVQQGEwJDQTER 6 | MA8GA1UECAwIRWRtb250b24xETAPBgNVBAoMCEJvYiBCZWNrMSUwIwYDVQQLDBxM 7 | aWJUTFMgVHV0b3JpYWwgQ2xpZW50IENlcnRzMRIwEAYDVQQDDAlsb2NhbGhvc3Qx 8 | HzAdBgkqhkiG9w0BCQEWEGJlY2tAb3BlbmJzZC5vcmcwggEiMA0GCSqGSIb3DQEB 9 | AQUAA4IBDwAwggEKAoIBAQC4spK3sz9Lf2Xp/1ejSmbfgcKki2lvJPCcVaLTwJ2Q 10 | BNlwSFkRyELRMukdE3yYRyU9OU8RdxJwpOSLFiPDz0yBFYP9tkLXoa0Ce/9WZ0RG 11 | Yqr3ygd1Lk27tV/6UuhHjYqgAqqb6iRwnabfdLD42Csct/suO2RtwoRsUJr6ifYV 12 | Uh8ItBc3mkelRMHt9vD/HPf2oTR154OPNAWjaj5tbwjl8AKIkbZQiaua3t5lM9f8 13 | mzP3F5j50HFwygR1x31kpEbgtXcdcRuLB9drfW/yuSoC9pneJAYS1W1jrMlfeEy9 14 | n91BAlObNHbjsquE3xTP6iVFNotfEpJjGDeDaHT5Atl7AgMBAAGjgfgwgfUwCQYD 15 | VR0TBAIwADARBglghkgBhvhCAQEEBAMCBaAwMwYJYIZIAYb4QgENBCYWJE9wZW5T 16 | U0wgR2VuZXJhdGVkIENsaWVudCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU5+GcYMfY 17 | zCiwnrWnc4dP73SacNswHwYDVR0jBBgwFoAUtiYvBAB7kxvuGYgqj8emk1pYy8Iw 18 | DgYDVR0PAQH/BAQDAgXgMDEGCCsGAQUFBwEBBCUwIzAhBggrBgEFBQcwAYYVaHR0 19 | cDovL2xvY2FsaG9zdDoyNTYwMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD 20 | BDANBgkqhkiG9w0BAQsFAAOCAgEADt9f/xrd2aDI53zwI8L5jepeKfVF0C6qmb+O 21 | oreoH1cZstv6GVm0WXqKRxyRaqZPvVh8yzuL4k1re0+t14BcWwyV+7fK9X3CfUQo 22 | BphMSBccFLQSE2/9da1XKpSzVO52rHVwzTKUZ/RZ0rKoa/Z7bNYHeeFmaD+Y2sn9 23 | WRd6Q64jGKT3jrH8Yw/lDsIe058EIhKRac/69VxFiG2ZOsaqslFuhzfWrMN70ts8 24 | Yr9iAHgxHyMqNBoZtEIeksDsQGo84lXUIYEw7jz6IcxUlDis1U/yhG7mVijuJHW1 25 | WMDCx8UhspYSKXsWNny0YU3lyg67Z7TNwkgoDhW+Gssd/GJ5+yE4WfUF6vSZn2ro 26 | MLhpfYW5Cp/CnoJs8hbEUXpvhaXHZau5Rhc08Cpwho7ooumVBnKHSWGcaN3aFQjh 27 | +eaQ8tjQMqewJur8viXiOKVjAkvmkubjTWf4KI1vBjNqwbVSZ+L8oVR3MLUtblWu 28 | nr3gpzt1SK4t/c1WU2TDGHTyC2Am0242DLggXg+QAwqpWM1H057FSFw3+MLFBRF0 29 | 2+V5I/4QeupVav7+uQ77jqKTTQLcVXw9l4xVMnl7e0ezive9BlwFLvsMBDB3MPQV 30 | cbJA4I+u4NE92dy2wcjm9c7A0Pg1o/0LwkfreySEgCZgiz9o//hlnoN66J27xdwo 31 | dlAdcfw= 32 | -----END CERTIFICATE----- 33 | -------------------------------------------------------------------------------- /test/CA/intermediate/certs/intermediate.cert.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFsjCCA5qgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwZDELMAkGA1UEBhMCQ0Ex 3 | ETAPBgNVBAgMCEVkbW9udG9uMREwDwYDVQQKDAhCb2IgQmVjazEYMBYGA1UECwwP 4 | TGliVExTIFR1dG9yaWFsMRUwEwYDVQQDDAxSb290IENBIENlcnQwHhcNMjIxMDAx 5 | MTcyMTU0WhcNMzIwODA5MTcyMTU0WjBsMQswCQYDVQQGEwJDQTERMA8GA1UECAwI 6 | RWRtb250b24xETAPBgNVBAoMCEJvYiBCZWNrMRgwFgYDVQQLDA9MaWJUTFMgVHV0 7 | b3JpYWwxHTAbBgNVBAMMFEludGVybWVkaWF0ZSBDQSBDZXJ0MIICIjANBgkqhkiG 8 | 9w0BAQEFAAOCAg8AMIICCgKCAgEA4BB3kZ368xlDnt2rpPmTbMQF4aE1mWcKx5M1 9 | x05nDvUUOz3OY08iIaXQJd6MGYcV1or9gAy2NPhajuAHWkm/xjLplVEwBs2mk+Ts 10 | 0jOIKY5LhPvhD1J0gvxZ7HQ/h44KpKhNwNCjc2m9NbjnEXPgUzv+liECeqnQDe5K 11 | rYIWh92LywKezCJmDtNcLyXvJcG+TqXKhjEN8WbzLT3WqSdvWIyGIswFBpCPY7/Y 12 | PUyD29hX07DJLCfBx91Iq3QDYr5agpSmdcglAwb/AsZIci/vh9ZsrIwJuT8GrH5Y 13 | EtZdCpqyCEB9upNEQyhNyY2+rnjPw3KcVGf1TwzBrultWs+UBniBxywxMwzIziBo 14 | S0BqhLecZsroRdGcKMrMRakIr03Bjg7rFgQkSPPO7l1iyEs3CckE4AIbS/Bj+pk/ 15 | LfEEluWWGSYYukMKs+9U+MKX0F/NyYVfvnA8Ex4LDbkNKRziLpehiy+wJl3Kku4q 16 | swiisOqLGItGGBBHzML+zw75sbWtgzt06CHTca8P2GbmS5IdVvQKQ18+t03CbHca 17 | tphQbgXTjY88exaqIr1jP2AFMWzKGKB0yUJ+ZskG0RmbFAPFzvqA9hdLQ3J1zQWe 18 | cmL9Ur374cGqkA4LR1mn4WgsskYYyqS1QBC/5BIhlZCDrd2SMNDxa2vYNzgsvPa6 19 | +NydIrkCAwEAAaNmMGQwHQYDVR0OBBYEFLYmLwQAe5Mb7hmIKo/HppNaWMvCMB8G 20 | A1UdIwQYMBaAFPJ992/6GmE6Vx51ATNfI0t4KSyXMBIGA1UdEwEB/wQIMAYBAf8C 21 | AQAwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQAK+FMQNbH1KEmF 22 | tv2Etgqi9weQ8Zv1aNmvipxtnEujXv+Cickvvy1SunB1hH3UVy78O4+aV65TKnqR 23 | vzYryX/mGkSUgqMvo+7g0GzeW+oeNSJPgER8Jysdg69u06HxLEPowjgQHsXeFG3O 24 | 1NB2p4tr7CtrKm8yiXLbcmCUh9QKi/BlBvYxOevAunmrBd907f0hbY+U/xvqYCTw 25 | A7MULSBDDhxNklp+HgEq5XDiQUdh5hqM4w9lyZvJc6vaDd9302qo1eX7O+atMsv7 26 | pkJV/gpQbWIkcrBG/Xsis664T374Czss11ohEcOdLHU9mmayFaL5YeTbuCsLZaW1 27 | lReUbALBNnB5/85eN2JUGwBFukdMyGn0v+u6U/E3D+JnYPt6fP0dItTvAXo2qhYL 28 | 9I3B1lbwp1Jng/v1CYQ1nBh4LAhqY1la+WauO7Fj0cAeLRIgVLCyispWJOB1J0lG 29 | FJpjCH0x/bdclCuZcOz7qN3Berw+FPe3ZUhSIWGpY1um9wGif3tHZnl2sGNi+hYB 30 | Pv6CZP8x9HehzQqJYj3IytCW+lgYcI8UzFm8SS19gRq85QQtSFrW1e8oJ7mYbiLu 31 | 3tAictLVOUtALySQxRNWYyN91T63xybkqwSTyDdIIc0uH1GM7uJjRzUSJhcjX0o2 32 | X59Eo5OCgmc6uW+uaCDnZ0N3b0O2Dg== 33 | -----END CERTIFICATE----- 34 | -------------------------------------------------------------------------------- /test/CA/intermediate/certs/ocsp-localhost.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFzDCCA7SgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwbDELMAkGA1UEBhMCQ0Ex 3 | ETAPBgNVBAgMCEVkbW9udG9uMREwDwYDVQQKDAhCb2IgQmVjazEYMBYGA1UECwwP 4 | TGliVExTIFR1dG9yaWFsMR0wGwYDVQQDDBRJbnRlcm1lZGlhdGUgQ0EgQ2VydDAe 5 | Fw0yMjEwMDExNzIxNTVaFw0yMzEwMTExNzIxNTVaMG8xCzAJBgNVBAYTAkNBMREw 6 | DwYDVQQIDAhFZG1vbnRvbjERMA8GA1UECgwIQm9iIEJlY2sxJjAkBgNVBAsMHUxp 7 | YlRMUyBUdXRvcmlhbCBPQ1NQIGRpdmlzaW9uMRIwEAYDVQQDDAlsb2NhbGhvc3Qw 8 | ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDjLQuwRX2AmM+GpJktdJkJ 9 | 8bao4fxp51I9xmrX4X+HQjL6j2DcnwP1nHBEmMPS7DEfVpP9ZrZyv4J2H0nCPJhl 10 | fDQTZbY/ogXxDDhQZqryhyN96JwBzvyfHcLjD+qYq2eNnfrNtfJob3kX9hKvxPSD 11 | 4lrFaL/A8EyoEyzFsCSUD4y4DAZu6/JPg5CR1FkJbxGnk4sAP4bW/+CH/eIyFtDV 12 | W9ZNALHcSMg6Wa24xK9j3u1HUGJNNuYEV+ykCe8kGEDPAvDAL4XEEmk6/9mIUdYE 13 | LTAK5SMtQyT4U0GPjD76ItkoyrUgXNSGpyK3C+g5TMzYU6JHjNZiveE20VjhO/Zq 14 | Z8KZrHYsvt3PKfJrj+okt8viMNvg+JSP2wUe36sa3ssUaIW5twrg/yRjEYHUNO1X 15 | gn2pzLCpAogEEZSGvk0ovkZa8FJA78cUQNuq7MQb9vZ41/Redyp6VvcO/fV/HvNT 16 | LwBERYI5gkhVUjTQb6ZdsUSVmDxRrDzbD/fSlaM6Xvz8WaG9Vb7fETWCzsLqDVMc 17 | aQsvwLh/IA8BImmN0MMmWEAenVHA1+TJ8uTrus/5efClynUFm0TT80gY9qyGG5Bj 18 | eI+TW9qZMLAi2aoB5vFGw8xLCO/kk6XLcAxBUkayHzZZHXaFTQNgnXloqKrQ9Y2P 19 | GN/i+FbUHqhWR55j45ni8wIDAQABo3UwczAJBgNVHRMEAjAAMB0GA1UdDgQWBBTS 20 | bwTrpa5X7DzPXrVG1cuzg+8r/DAfBgNVHSMEGDAWgBS2Ji8EAHuTG+4ZiCqPx6aT 21 | WljLwjAOBgNVHQ8BAf8EBAMCB4AwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwkwDQYJ 22 | KoZIhvcNAQELBQADggIBAA0cYjTTqIJb2fdzClDhWT3pzAlkjOBCbm1RBogOCgy+ 23 | 8mE2FYVD3cjwlRs1fynwY+GmqAj2puiPxRdG6Vc6Sf14Xyd7PnHiKRonVWny1QbS 24 | Z7rUEBxHEPixRANSOk2H86qwdWTDT+Wy0xR9+wpiaw2UnisqmSk1VOGrIS8tobpS 25 | OjZSM8US/D6DnAYZGm773v/R54xBC5xLxnSk8q8Ux0YKPxAEwhLLtvl+CIucnqeC 26 | P0xygncMcczwPJzBA1DXrhoNiAB4lsWtd8Af91hyBU1T/8Y/pyHszZ+lo9HBrAsz 27 | iYXD6msnb1YzCpl6SP7bBTZXpj+xTjk+QrP9mKl7Z4PpCZMGtvYccpHQsWFm4HnV 28 | EKGoE3W4h4LFhs2Kl4WzPSA5qPkN7ab2uvampJ5B8cpaj7OtTTSDsvfu3NcYaY4c 29 | FgxypJGBdxHtJCpOEsf8JHqt9gjXvyS61LU6MgRV13mMzUS7mCl8trVl43CRKvLr 30 | LVA3wDMXI/jk9+wNHsCMGVP1lXG0gg0R1NA5RFIRWiay4HRFJGwqvKlEBuQD+k5D 31 | h7MXrUacgnwgpMtYEXXrq5mOGBiVPMkUQ+yt+7GgANfmouMN0Rs7NUk+PjMvS3xh 32 | zmn5FWF5djCYmZvL7OuiWTkwv+iYh6jsbJdPhhBHPuVc8Mj85iuYu8ozNEeyf6xJ 33 | -----END CERTIFICATE----- 34 | -------------------------------------------------------------------------------- /test/CA/intermediate/certs/revoked.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFuTCCA6GgAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwbDELMAkGA1UEBhMCQ0Ex 3 | ETAPBgNVBAgMCEVkbW9udG9uMREwDwYDVQQKDAhCb2IgQmVjazEYMBYGA1UECwwP 4 | TGliVExTIFR1dG9yaWFsMR0wGwYDVQQDDBRJbnRlcm1lZGlhdGUgQ0EgQ2VydDAe 5 | Fw0yMjEwMDExNzIxNTVaFw0yMzEwMTExNzIxNTVaMG8xCzAJBgNVBAYTAkNBMREw 6 | DwYDVQQIDAhFZG1vbnRvbjERMA8GA1UECgwIQm9iIEJlY2sxJjAkBgNVBAsMHUxp 7 | YlRMUyBUdXRvcmlhbCBSZXZva2VkIENlcnRzMRIwEAYDVQQDDAlsb2NhbGhvc3Qw 8 | ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiIC3gYsTb/VRJaLBzKT1a 9 | zZ441iog6oWlR423GijMx7DkHV7tJCNDG6RtHebx4qTvg0UB6h7r7wHwVTTujQYk 10 | 9FkQsOF1D+2q89NzaaKqK48ZstfTzQ8dbkbk9xuY340xiKQGAtLzRlo8/6OTOUat 11 | a14rNQSHLq86Md+CX5cZjBPqDSGI+LiBfuX580/g+7R7wOwYyBafT0IQ7KUeTwn7 12 | JhJYGaYtnn71WvJ9EEVwhUKQIW+xS2zkN8LLu74UjGdyJelTsNq2azhhFN4dR8K+ 13 | KW8gj21l61huVcb7bx+LqmvImKKu4BlAx5dDSuC2JknHPOGYmTRSY78aMo919rg/ 14 | AgMBAAGjggFgMIIBXDAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIGQDAzBglg 15 | hkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmljYXRl 16 | MB0GA1UdDgQWBBQxGu65TRXCdJ2PMysS6NF/H7GKcjCBjwYDVR0jBIGHMIGEgBS2 17 | Ji8EAHuTG+4ZiCqPx6aTWljLwqFopGYwZDELMAkGA1UEBhMCQ0ExETAPBgNVBAgM 18 | CEVkbW9udG9uMREwDwYDVQQKDAhCb2IgQmVjazEYMBYGA1UECwwPTGliVExTIFR1 19 | dG9yaWFsMRUwEwYDVQQDDAxSb290IENBIENlcnSCAhAAMA4GA1UdDwEB/wQEAwIF 20 | oDAxBggrBgEFBQcBAQQlMCMwIQYIKwYBBQUHMAGGFWh0dHA6Ly9sb2NhbGhvc3Q6 21 | MjU2MDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEAir4g 22 | YxKvltcMHLfKCeS/D4Rhoy2Y0PofbsNd+f2loHsiuS5Ki6yHU3KTLTuP1rnsU6A0 23 | l3cGwWQH7JkTmCI1Fonl5O7mzWbFVM9l2S932HlmHbdIa0N+2GXQhURR5x7y1QXr 24 | U38aLteJ26iasKM6MxV+6cbpmJllgnMWyGMAKKhJ7S7wRpR4UAkk9VIvfeuWnwNP 25 | Crxpzt9KoqD4bnjPBEg085Hv/05Md/KB4lS38kCK01o8LjLw7GdgfyfWKjTSWwRj 26 | 7Vsqe/9kkibS4Ny6STKc46SVl4X8dBLJ0QAy54fMxP6yeFILFapoTx0RK03xV7DN 27 | HyMosfLVQe+VxsI1SKAULIuI3aCc9u2//v+v+jA3hIQua+f/XRk010l6ExqnPrEe 28 | ZojZIGf8J4xVnwS29F7HlC9mZEuiw4SQcphOVlMtL3WRHOa4fFgb81cTprVeLl5j 29 | b7TD4OY5TMS1SNKwKfyoH5QNLfq7HiO7vYTTV/ssrng3Y98OPxkKL8CITHES/CnN 30 | UwwC2oe/pqSGSjzzDunVaCDBrNEuAtzpMTPeRJvnl6bq93F41XtK7R+708v+45f1 31 | tgbHuyz1YJ1nTUEDovueZNWrAgvBf+mMWv1qVy8nJ+etmGRMNdtZKX3/BI18ampD 32 | of08KqX2PAUMLZUKL2HDY1MDtQryCToFzmhl2uk= 33 | -----END CERTIFICATE----- 34 | -------------------------------------------------------------------------------- /test/CA/intermediate/certs/server.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFuDCCA6CgAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwbDELMAkGA1UEBhMCQ0Ex 3 | ETAPBgNVBAgMCEVkbW9udG9uMREwDwYDVQQKDAhCb2IgQmVjazEYMBYGA1UECwwP 4 | TGliVExTIFR1dG9yaWFsMR0wGwYDVQQDDBRJbnRlcm1lZGlhdGUgQ0EgQ2VydDAe 5 | Fw0yMjEwMDExNzIxNTVaFw0yMzEwMTExNzIxNTVaMG4xCzAJBgNVBAYTAkNBMREw 6 | DwYDVQQIDAhFZG1vbnRvbjERMA8GA1UECgwIQm9iIEJlY2sxJTAjBgNVBAsMHExp 7 | YlRMUyBUdXRvcmlhbCBTZXJ2ZXIgQ2VydHMxEjAQBgNVBAMMCWxvY2FsaG9zdDCC 8 | ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMRtpFLa3mnzddAComuvNxjZ 9 | RofrzX3qpCUjYX1U0S8pX4R2lHPt80NT5Q67VUsTZcGohKnw8N//PGZVorbpGbPa 10 | eujUj6noRzjb+V2SDHH1PeOa3xHwP5pv3Aydh2IFrlY81xX8OIq5blq99sjWeunk 11 | 4E5SrPryAiK9dlXcNTj6MroiK9IVzfQwyfo+NPlmqXHAgxAHH3pLcG8mDl/BFitX 12 | Kb5/daoBDRRgRNqRDf35ZZJSFKG61Y2BKAZmqXhm5gZgSEv3Ivsn4evSIFItZt3Z 13 | 1kPzdTRfa9ckOc6TAVnVZ3tVITpf4vXjIPVPmwVTcKgbzvGh/6zgHfONp8q8FSsC 14 | AwEAAaOCAWAwggFcMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDMGCWCG 15 | SAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUw 16 | HQYDVR0OBBYEFNwIab8sRqlAsimAF6t332UNoFJCMIGPBgNVHSMEgYcwgYSAFLYm 17 | LwQAe5Mb7hmIKo/HppNaWMvCoWikZjBkMQswCQYDVQQGEwJDQTERMA8GA1UECAwI 18 | RWRtb250b24xETAPBgNVBAoMCEJvYiBCZWNrMRgwFgYDVQQLDA9MaWJUTFMgVHV0 19 | b3JpYWwxFTATBgNVBAMMDFJvb3QgQ0EgQ2VydIICEAAwDgYDVR0PAQH/BAQDAgWg 20 | MDEGCCsGAQUFBwEBBCUwIzAhBggrBgEFBQcwAYYVaHR0cDovL2xvY2FsaG9zdDoy 21 | NTYwMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQC265NI 22 | Xsv0qkjwP898Qr3mHRd3G3XsxV6wtYJWCmqq0U5hqcgA7hFVrrBCa2bzXZwmhxnt 23 | GjuTVQvqvp7LXVvHAqe1vGk3fw88aNveqxgEkGMTuceGWgU6KYhFUNws6WnTcCGH 24 | Sf0kWpjfxaIqzOaJjHugsJYNC/jKjOXxv18I+NyBFvx6TtW0yvU8pSxEfjGGDPLy 25 | qHSXPprJvuIyRbt9GZJDAoZaU/HoD3ksSLVTicz+s6UmHPsylMb84E+WF8J627gR 26 | pTmltu6efMJUI7u+ah+uDeIHZn/aBFhL10xOaVuEvsIL0vZZv5+OZgowhDuWEEko 27 | BamR/LXP7NjlJhiKZs9JizzkqdA0atsRug0dZFjbP52vn3Z7wToTUzX2ZEMFWeQk 28 | OjTm8jwQTXVMxR3VvB1TqQlsJBuGwQPhBIpmV/UPw4yVxHJe6fjuecCHYPRVaMd6 29 | q1EpPTNWubM0zLO23MP/UQca69hITtWUPqdLstk/8K4+ELHNCJX6I7HKRjMFhD9q 30 | pVCSbFHLZeNzvtJYb0h6NzuohnO19RsTWJQatVUt0u+cntsUM6C17T6Hgt6OCUAL 31 | qhm94K0W0vzAxwI99johWn9bqk7QAMQO1xHdcUiHsiH8SzgYhMx8fvqRNZQe6LFg 32 | N1nn0Wff3xsND9iGgCOiPVgCggyhBlv1UHP7xQ== 33 | -----END CERTIFICATE----- 34 | -------------------------------------------------------------------------------- /test/CA/intermediate/crl/intermediate.crl.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN X509 CRL----- 2 | MIIC/jCB5wIBATANBgkqhkiG9w0BAQsFADBsMQswCQYDVQQGEwJDQTERMA8GA1UE 3 | CAwIRWRtb250b24xETAPBgNVBAoMCEJvYiBCZWNrMRgwFgYDVQQLDA9MaWJUTFMg 4 | VHV0b3JpYWwxHTAbBgNVBAMMFEludGVybWVkaWF0ZSBDQSBDZXJ0Fw0yMjEwMDEx 5 | NzIxNTVaFw0yMjEwMzExNzIxNTVaMBUwEwICEAEXDTIyMTAwMTE3MjE1NVqgMDAu 6 | MB8GA1UdIwQYMBaAFLYmLwQAe5Mb7hmIKo/HppNaWMvCMAsGA1UdFAQEAgIQADAN 7 | BgkqhkiG9w0BAQsFAAOCAgEATSPZxfkle/Ogywrg54rtOk2t0751QWaoNzcYoLax 8 | 6Iyk0c+RhL/I8asMez4vasxbjvGPkrUg9aXIdXcbETm2qLy7f2EH5BYkWHif+7hL 9 | 7CoYAJL2lZnzDjYFSHHz9NAQu3qCX9nHMZRniMB/Sn7zRxpo6qUrNSIx/RjW3jtY 10 | 3/+cN7pAOyGh6vqznduWID/l9pBpkcR1cDNWYGiD92wO32aDRYj5PJ7VE0W5sKgs 11 | VV3v/LsuJeMSJfUdzFPXOvttSrfC2eQlcT0gB7NxTX+wDNJRmyT2UcN6c84PPkIV 12 | 7XT1zdafHp5RdWYqWsj9Xl2N+3P/yFulTEEQZCH8Atsi8D2rORjKmAOj4vyzX1qV 13 | k16R+fOvtMRW3uxDvjRgDHtY13UvFtLjMTghPNod5wTh20GjQFa5tI2kFFvdctZ5 14 | kYDTmmE62nwGnjVP75pGfVHx6qWLtnjPBkqEsph00bBZCi6y6QHc2PdK5ie7elqD 15 | EmkeGXifYA9ekqgTXjptI5WmKW9c7H6qXI/6eGcOfXtha+hA4lg0dDcfQprikn4J 16 | QZyTu+GJMergulrvP7rlKjYusc0P1KEJ3NvfvU3r3zDNTdJK2DhwxIeoif52HMAo 17 | wjs/wOp3iBUH59dc2eHzU/L9wzLXh7J1HQu43lvF1eWyX5OJ+XYcnMISRxfYqWN/ 18 | JnM= 19 | -----END X509 CRL----- 20 | -------------------------------------------------------------------------------- /test/CA/intermediate/crlnumber: -------------------------------------------------------------------------------- 1 | 1001 2 | -------------------------------------------------------------------------------- /test/CA/intermediate/crlnumber.old: -------------------------------------------------------------------------------- 1 | 1000 2 | -------------------------------------------------------------------------------- /test/CA/intermediate/csr/client.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE REQUEST----- 2 | MIIC1TCCAb0CAQAwgY8xHzAdBgkqhkiG9w0BCQEWEGJlY2tAb3BlbmJzZC5vcmcx 3 | CzAJBgNVBAYTAkNBMREwDwYDVQQIDAhFZG1vbnRvbjERMA8GA1UECgwIQm9iIEJl 4 | Y2sxJTAjBgNVBAsMHExpYlRMUyBUdXRvcmlhbCBDbGllbnQgQ2VydHMxEjAQBgNV 5 | BAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALiy 6 | krezP0t/Zen/V6NKZt+BwqSLaW8k8JxVotPAnZAE2XBIWRHIQtEy6R0TfJhHJT05 7 | TxF3EnCk5IsWI8PPTIEVg/22QtehrQJ7/1ZnREZiqvfKB3UuTbu1X/pS6EeNiqAC 8 | qpvqJHCdpt90sPjYKxy3+y47ZG3ChGxQmvqJ9hVSHwi0FzeaR6VEwe328P8c9/ah 9 | NHXng480BaNqPm1vCOXwAoiRtlCJq5re3mUz1/ybM/cXmPnQcXDKBHXHfWSkRuC1 10 | dx1xG4sH12t9b/K5KgL2md4kBhLVbWOsyV94TL2f3UECU5s0duOyq4TfFM/qJUU2 11 | i18SkmMYN4NodPkC2XsCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQAwAxH1yJbh 12 | dtH+GHyfCaFxttGGv61zvYnzJPWyNWY2ArtdHrOU5y+3z7sqZ5evRU6FG286E1dq 13 | +k7/xth8PFo782ozo4zs+0L973qCLUSO+hhtMIiV85ENjMFXy3/Taz/ZP7SW7siv 14 | 4IqnXrSl3KiZr7dykxyjw1pf31tJAyTb80II696ifjq5Ee93k7ynp+1377UD7TKL 15 | qW14GW/Fn6XHS/RJqit7ro4PARArjtHytVAUkPFjuJjWHQSBxH5XeegYKhddvDUP 16 | /xHyFlQqh6k2AhSSXvo9b6Qgu0Zp1gOo3L5C+FCkLpRa0lSyDhPdeIL6h68XrTX7 17 | PmyjGgmWgWiQ 18 | -----END CERTIFICATE REQUEST----- 19 | -------------------------------------------------------------------------------- /test/CA/intermediate/csr/intermediate.csr.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE REQUEST----- 2 | MIIEsTCCApkCAQAwbDELMAkGA1UEBhMCQ0ExETAPBgNVBAgMCEVkbW9udG9uMREw 3 | DwYDVQQKDAhCb2IgQmVjazEYMBYGA1UECwwPTGliVExTIFR1dG9yaWFsMR0wGwYD 4 | VQQDDBRJbnRlcm1lZGlhdGUgQ0EgQ2VydDCCAiIwDQYJKoZIhvcNAQEBBQADggIP 5 | ADCCAgoCggIBAOAQd5Gd+vMZQ57dq6T5k2zEBeGhNZlnCseTNcdOZw71FDs9zmNP 6 | IiGl0CXejBmHFdaK/YAMtjT4Wo7gB1pJv8Yy6ZVRMAbNppPk7NIziCmOS4T74Q9S 7 | dIL8Wex0P4eOCqSoTcDQo3NpvTW45xFz4FM7/pYhAnqp0A3uSq2CFofdi8sCnswi 8 | Zg7TXC8l7yXBvk6lyoYxDfFm8y091qknb1iMhiLMBQaQj2O/2D1Mg9vYV9OwySwn 9 | wcfdSKt0A2K+WoKUpnXIJQMG/wLGSHIv74fWbKyMCbk/Bqx+WBLWXQqasghAfbqT 10 | REMoTcmNvq54z8NynFRn9U8Mwa7pbVrPlAZ4gccsMTMMyM4gaEtAaoS3nGbK6EXR 11 | nCjKzEWpCK9NwY4O6xYEJEjzzu5dYshLNwnJBOACG0vwY/qZPy3xBJbllhkmGLpD 12 | CrPvVPjCl9BfzcmFX75wPBMeCw25DSkc4i6XoYsvsCZdypLuKrMIorDqixiLRhgQ 13 | R8zC/s8O+bG1rYM7dOgh03GvD9hm5kuSHVb0CkNfPrdNwmx3GraYUG4F042PPHsW 14 | qiK9Yz9gBTFsyhigdMlCfmbJBtEZmxQDxc76gPYXS0Nydc0FnnJi/VK9++HBqpAO 15 | C0dZp+FoLLJGGMqktUAQv+QSIZWQg63dkjDQ8Wtr2Dc4LLz2uvjcnSK5AgMBAAGg 16 | ADANBgkqhkiG9w0BAQsFAAOCAgEAN/2FYTnU9P/u4uJ17CsAokC7gnDBcycpxhzN 17 | UTxwOdwOt2QCm0Y9NFIahRUimaC8QHj4Q4bphdANf+TRUBtgNYGPXBB4ohyb5FuU 18 | Sd/WzcgfoLzvgZCfV4g7gso0Ch3UMGWjM3UZARaYFaUbB+iN/YcdFSZfkZHUIX7I 19 | VmbjRJvywuR4Cl1DZZudcdRNQ9dZz4DiF3ZRzxlFMAoHrYW8nZ7NDpaN9VK+dOwy 20 | GMYh6H6BHcezIW0q5iZzeanKqonVcfw+kIg0QLO9okxoSrcfyIRg6XCkdEYMKoQm 21 | kpGnlEOGqaggsFf/MLKIyHzFOcnfrFyK7hWdOeMnPvlofIb4e42OsTlRrvCKC+xC 22 | rjXweV6aP+CVgEFh/IIK+CVajur+j7KzR07FkgP7GWDnPip2guAy8FwtSYp30iUk 23 | xS+ELhDpYzf8Ue87O3forSCXm/Cj0UidoVZeAmzewMlFtV6sqSPnN7kAbofLhvft 24 | /fzZQB1zi0aFM1HSPl4bljWHtWMAprph0kUvVFfBCyb0MGfZ9qaQtHd6RTTw3IkX 25 | zJOgXlagZTiOzrTtVgLinbBy+LEdi6U/aPa1SzkFV4KUq39VW5uxRuw+m1pkV7mz 26 | eb9rbFCH2Qx8MPZwi83mOWHfs/p9uAJKLUCxuLleXZuTKGj3b7jlZ6axpSLA/IR2 27 | sRzvvIA= 28 | -----END CERTIFICATE REQUEST----- 29 | -------------------------------------------------------------------------------- /test/CA/intermediate/csr/ocsp-localhost.csr.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE REQUEST----- 2 | MIIEtDCCApwCAQAwbzELMAkGA1UEBhMCQ0ExETAPBgNVBAgMCEVkbW9udG9uMREw 3 | DwYDVQQKDAhCb2IgQmVjazEmMCQGA1UECwwdTGliVExTIFR1dG9yaWFsIE9DU1Ag 4 | ZGl2aXNpb24xEjAQBgNVBAMMCWxvY2FsaG9zdDCCAiIwDQYJKoZIhvcNAQEBBQAD 5 | ggIPADCCAgoCggIBAOMtC7BFfYCYz4akmS10mQnxtqjh/GnnUj3Gatfhf4dCMvqP 6 | YNyfA/WccESYw9LsMR9Wk/1mtnK/gnYfScI8mGV8NBNltj+iBfEMOFBmqvKHI33o 7 | nAHO/J8dwuMP6pirZ42d+s218mhveRf2Eq/E9IPiWsVov8DwTKgTLMWwJJQPjLgM 8 | Bm7r8k+DkJHUWQlvEaeTiwA/htb/4If94jIW0NVb1k0AsdxIyDpZrbjEr2Pe7UdQ 9 | Yk025gRX7KQJ7yQYQM8C8MAvhcQSaTr/2YhR1gQtMArlIy1DJPhTQY+MPvoi2SjK 10 | tSBc1IanIrcL6DlMzNhTokeM1mK94TbRWOE79mpnwpmsdiy+3c8p8muP6iS3y+Iw 11 | 2+D4lI/bBR7fqxreyxRohbm3CuD/JGMRgdQ07VeCfanMsKkCiAQRlIa+TSi+Rlrw 12 | UkDvxxRA26rsxBv29njX9F53KnpW9w799X8e81MvAERFgjmCSFVSNNBvpl2xRJWY 13 | PFGsPNsP99KVozpe/PxZob1Vvt8RNYLOwuoNUxxpCy/AuH8gDwEiaY3QwyZYQB6d 14 | UcDX5Mny5Ou6z/l58KXKdQWbRNPzSBj2rIYbkGN4j5Nb2pkwsCLZqgHm8UbDzEsI 15 | 7+STpctwDEFSRrIfNlkddoVNA2CdeWioqtD1jY8Y3+L4VtQeqFZHnmPjmeLzAgMB 16 | AAGgADANBgkqhkiG9w0BAQsFAAOCAgEAxsvimWwxzU+L72PIa6sX9Aw03Gn7Xpr7 17 | 819+q2lwvXiMECHRzuF2japPZ8MGlm6YIb4VExHFL9Rrfda9xelZYhK6JLwzfhxA 18 | h21raic1XsLyjJkB4Z3eImaCb429u51oUnpjhe6wSevvhmxCC16CnVXXKiwK6OiO 19 | 6cKoc25aPxH9eKcREBq4nAJNAdUly5Npotafwv2LTG4vsB7SqLl6TxzMcn57ji9H 20 | C85UYoju1vlmvn5J9sCGJTWMD6a+nmjuARfRtUVZiWBU7O6MiiDEU50vcgEhopjE 21 | Hd7wJfy2svZHV7qrePwj8c+iwh6uCDxO4Dz6tzhAzRbvpxgDiB5STo2Gl1qnjAIn 22 | mSYz6giF42fK4Zq2E/sq+WSml53YOm8Ef2j9xq+OwDUWw6wKBcQnv+MIuREDfJk9 23 | bB1u+3V+Uf+nwwWVwMcduhw1WRtMVmFV5h3dhQuodR0opBkFitHWXvAIWsLCacIL 24 | 2qN16Xw7zGdNTzZHXNLbh2gTwBULUsa79oEVzTZQg5FjtyUJqYo1D2osWjNmV4fy 25 | eFKk/AnAjJLl1U6DQ+F+HqQbCK8YsGFPmbJNkQtR3cUzbCcfXwjWKxvfz9e5ppnr 26 | Wcjsz3LxUTp4qJHj7akgJbRRpju/0YOziGN9Gl0hmKTfrwpq3K5yi55U8qlTggTp 27 | h60THjuc5v8= 28 | -----END CERTIFICATE REQUEST----- 29 | -------------------------------------------------------------------------------- /test/CA/intermediate/csr/revoked.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE REQUEST----- 2 | MIICtDCCAZwCAQAwbzELMAkGA1UEBhMCQ0ExETAPBgNVBAgMCEVkbW9udG9uMREw 3 | DwYDVQQKDAhCb2IgQmVjazEmMCQGA1UECwwdTGliVExTIFR1dG9yaWFsIFJldm9r 4 | ZWQgQ2VydHMxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQAD 5 | ggEPADCCAQoCggEBAKIgLeBixNv9VElosHMpPVrNnjjWKiDqhaVHjbcaKMzHsOQd 6 | Xu0kI0MbpG0d5vHipO+DRQHqHuvvAfBVNO6NBiT0WRCw4XUP7arz03Npoqorjxmy 7 | 19PNDx1uRuT3G5jfjTGIpAYC0vNGWjz/o5M5Rq1rXis1BIcurzox34JflxmME+oN 8 | IYj4uIF+5fnzT+D7tHvA7BjIFp9PQhDspR5PCfsmElgZpi2efvVa8n0QRXCFQpAh 9 | b7FLbOQ3wsu7vhSMZ3Il6VOw2rZrOGEU3h1Hwr4pbyCPbWXrWG5VxvtvH4uqa8iY 10 | oq7gGUDHl0NK4LYmScc84ZiZNFJjvxoyj3X2uD8CAwEAAaAAMA0GCSqGSIb3DQEB 11 | CwUAA4IBAQAcSxdN+i+Ru+neMd32+8kGDSRnev092fCmgxhMuW85UWxb/70VzjMt 12 | eEnSowsIqcMjcN0acG2HFZAfuFbB02sHDNOlAe6B1I/sA87XmQWOCeEXZG6s6v3c 13 | mrynPMe3RRhHoAC4h3NoaeX5WGWj4nt83CYFv3y8w2BW8TAsTpesdw6BpLdfd53X 14 | U+Dz3F9v0tu5iDbnIxADKCzmxMc10egk553Z6Z4rTyk009NzU/H59+LTTe4POr7k 15 | qtVscZm7cKD1L+E0fPPl/5Qxzbwg/TaJsGga98jnzosFsTabZc/1tBilATHeKarP 16 | WvNrU2/fqPuqBklYM4j1YTcZvFWc1NGM 17 | -----END CERTIFICATE REQUEST----- 18 | -------------------------------------------------------------------------------- /test/CA/intermediate/csr/server.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE REQUEST----- 2 | MIICszCCAZsCAQAwbjELMAkGA1UEBhMCQ0ExETAPBgNVBAgMCEVkbW9udG9uMREw 3 | DwYDVQQKDAhCb2IgQmVjazElMCMGA1UECwwcTGliVExTIFR1dG9yaWFsIFNlcnZl 4 | ciBDZXJ0czESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOC 5 | AQ8AMIIBCgKCAQEAxG2kUtreafN10AKia683GNlGh+vNfeqkJSNhfVTRLylfhHaU 6 | c+3zQ1PlDrtVSxNlwaiEqfDw3/88ZlWitukZs9p66NSPqehHONv5XZIMcfU945rf 7 | EfA/mm/cDJ2HYgWuVjzXFfw4irluWr32yNZ66eTgTlKs+vICIr12Vdw1OPoyuiIr 8 | 0hXN9DDJ+j40+WapccCDEAcfektwbyYOX8EWK1cpvn91qgENFGBE2pEN/fllklIU 9 | obrVjYEoBmapeGbmBmBIS/ci+yfh69IgUi1m3dnWQ/N1NF9r1yQ5zpMBWdVne1Uh 10 | Ol/i9eMg9U+bBVNwqBvO8aH/rOAd842nyrwVKwIDAQABoAAwDQYJKoZIhvcNAQEL 11 | BQADggEBADQ6x5gX+8I3oTHF0lcwTW4qI1uCOu1MTQsnHe5KKqhkI/GlDAEcpLDn 12 | zQ8DBqdKRj3IZapmLLPPylJHrQESLVGoLsDZEETn2XWR7mseyJEucAmze9PwJBGo 13 | yMKTcLDHcSy8xxNxcm8j/VDcXLB+95LwsMY7hiJh5Q+zc5kBTp7Ez6burrlSDDaf 14 | c6344BMQEbSuFevslp98tu+/E+guxJVp0yRNE5Os04nEaWyHl+YPQeGCTFyuNnG0 15 | O9SETw+FPLdMpr8hBznYT0pJ+X7v5AGb0ObprDQnaSV3/6iiZ8ueHWyFGAztoQiA 16 | JZnGBJHIdD0rI4bhVP963zMSTu9CPRs= 17 | -----END CERTIFICATE REQUEST----- 18 | -------------------------------------------------------------------------------- /test/CA/intermediate/index.txt: -------------------------------------------------------------------------------- 1 | V 231011172155Z 1000 unknown /C=CA/ST=Edmonton/O=Bob Beck/OU=LibTLS Tutorial OCSP division/CN=localhost 2 | R 231011172155Z 221001172155Z 1001 unknown /C=CA/ST=Edmonton/O=Bob Beck/OU=LibTLS Tutorial Revoked Certs/CN=localhost 3 | V 231011172155Z 1002 unknown /C=CA/ST=Edmonton/O=Bob Beck/OU=LibTLS Tutorial Server Certs/CN=localhost 4 | V 231011172156Z 1003 unknown /C=CA/ST=Edmonton/O=Bob Beck/OU=LibTLS Tutorial Client Certs/CN=localhost/emailAddress=beck@openbsd.org 5 | -------------------------------------------------------------------------------- /test/CA/intermediate/index.txt.attr: -------------------------------------------------------------------------------- 1 | unique_subject = yes 2 | -------------------------------------------------------------------------------- /test/CA/intermediate/index.txt.attr.old: -------------------------------------------------------------------------------- 1 | unique_subject = yes 2 | -------------------------------------------------------------------------------- /test/CA/intermediate/index.txt.old: -------------------------------------------------------------------------------- 1 | V 231011172155Z 1000 unknown /C=CA/ST=Edmonton/O=Bob Beck/OU=LibTLS Tutorial OCSP division/CN=localhost 2 | R 231011172155Z 221001172155Z 1001 unknown /C=CA/ST=Edmonton/O=Bob Beck/OU=LibTLS Tutorial Revoked Certs/CN=localhost 3 | V 231011172155Z 1002 unknown /C=CA/ST=Edmonton/O=Bob Beck/OU=LibTLS Tutorial Server Certs/CN=localhost 4 | -------------------------------------------------------------------------------- /test/CA/intermediate/newcerts/1000.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFzDCCA7SgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwbDELMAkGA1UEBhMCQ0Ex 3 | ETAPBgNVBAgMCEVkbW9udG9uMREwDwYDVQQKDAhCb2IgQmVjazEYMBYGA1UECwwP 4 | TGliVExTIFR1dG9yaWFsMR0wGwYDVQQDDBRJbnRlcm1lZGlhdGUgQ0EgQ2VydDAe 5 | Fw0yMjEwMDExNzIxNTVaFw0yMzEwMTExNzIxNTVaMG8xCzAJBgNVBAYTAkNBMREw 6 | DwYDVQQIDAhFZG1vbnRvbjERMA8GA1UECgwIQm9iIEJlY2sxJjAkBgNVBAsMHUxp 7 | YlRMUyBUdXRvcmlhbCBPQ1NQIGRpdmlzaW9uMRIwEAYDVQQDDAlsb2NhbGhvc3Qw 8 | ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDjLQuwRX2AmM+GpJktdJkJ 9 | 8bao4fxp51I9xmrX4X+HQjL6j2DcnwP1nHBEmMPS7DEfVpP9ZrZyv4J2H0nCPJhl 10 | fDQTZbY/ogXxDDhQZqryhyN96JwBzvyfHcLjD+qYq2eNnfrNtfJob3kX9hKvxPSD 11 | 4lrFaL/A8EyoEyzFsCSUD4y4DAZu6/JPg5CR1FkJbxGnk4sAP4bW/+CH/eIyFtDV 12 | W9ZNALHcSMg6Wa24xK9j3u1HUGJNNuYEV+ykCe8kGEDPAvDAL4XEEmk6/9mIUdYE 13 | LTAK5SMtQyT4U0GPjD76ItkoyrUgXNSGpyK3C+g5TMzYU6JHjNZiveE20VjhO/Zq 14 | Z8KZrHYsvt3PKfJrj+okt8viMNvg+JSP2wUe36sa3ssUaIW5twrg/yRjEYHUNO1X 15 | gn2pzLCpAogEEZSGvk0ovkZa8FJA78cUQNuq7MQb9vZ41/Redyp6VvcO/fV/HvNT 16 | LwBERYI5gkhVUjTQb6ZdsUSVmDxRrDzbD/fSlaM6Xvz8WaG9Vb7fETWCzsLqDVMc 17 | aQsvwLh/IA8BImmN0MMmWEAenVHA1+TJ8uTrus/5efClynUFm0TT80gY9qyGG5Bj 18 | eI+TW9qZMLAi2aoB5vFGw8xLCO/kk6XLcAxBUkayHzZZHXaFTQNgnXloqKrQ9Y2P 19 | GN/i+FbUHqhWR55j45ni8wIDAQABo3UwczAJBgNVHRMEAjAAMB0GA1UdDgQWBBTS 20 | bwTrpa5X7DzPXrVG1cuzg+8r/DAfBgNVHSMEGDAWgBS2Ji8EAHuTG+4ZiCqPx6aT 21 | WljLwjAOBgNVHQ8BAf8EBAMCB4AwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwkwDQYJ 22 | KoZIhvcNAQELBQADggIBAA0cYjTTqIJb2fdzClDhWT3pzAlkjOBCbm1RBogOCgy+ 23 | 8mE2FYVD3cjwlRs1fynwY+GmqAj2puiPxRdG6Vc6Sf14Xyd7PnHiKRonVWny1QbS 24 | Z7rUEBxHEPixRANSOk2H86qwdWTDT+Wy0xR9+wpiaw2UnisqmSk1VOGrIS8tobpS 25 | OjZSM8US/D6DnAYZGm773v/R54xBC5xLxnSk8q8Ux0YKPxAEwhLLtvl+CIucnqeC 26 | P0xygncMcczwPJzBA1DXrhoNiAB4lsWtd8Af91hyBU1T/8Y/pyHszZ+lo9HBrAsz 27 | iYXD6msnb1YzCpl6SP7bBTZXpj+xTjk+QrP9mKl7Z4PpCZMGtvYccpHQsWFm4HnV 28 | EKGoE3W4h4LFhs2Kl4WzPSA5qPkN7ab2uvampJ5B8cpaj7OtTTSDsvfu3NcYaY4c 29 | FgxypJGBdxHtJCpOEsf8JHqt9gjXvyS61LU6MgRV13mMzUS7mCl8trVl43CRKvLr 30 | LVA3wDMXI/jk9+wNHsCMGVP1lXG0gg0R1NA5RFIRWiay4HRFJGwqvKlEBuQD+k5D 31 | h7MXrUacgnwgpMtYEXXrq5mOGBiVPMkUQ+yt+7GgANfmouMN0Rs7NUk+PjMvS3xh 32 | zmn5FWF5djCYmZvL7OuiWTkwv+iYh6jsbJdPhhBHPuVc8Mj85iuYu8ozNEeyf6xJ 33 | -----END CERTIFICATE----- 34 | -------------------------------------------------------------------------------- /test/CA/intermediate/newcerts/1001.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFuTCCA6GgAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwbDELMAkGA1UEBhMCQ0Ex 3 | ETAPBgNVBAgMCEVkbW9udG9uMREwDwYDVQQKDAhCb2IgQmVjazEYMBYGA1UECwwP 4 | TGliVExTIFR1dG9yaWFsMR0wGwYDVQQDDBRJbnRlcm1lZGlhdGUgQ0EgQ2VydDAe 5 | Fw0yMjEwMDExNzIxNTVaFw0yMzEwMTExNzIxNTVaMG8xCzAJBgNVBAYTAkNBMREw 6 | DwYDVQQIDAhFZG1vbnRvbjERMA8GA1UECgwIQm9iIEJlY2sxJjAkBgNVBAsMHUxp 7 | YlRMUyBUdXRvcmlhbCBSZXZva2VkIENlcnRzMRIwEAYDVQQDDAlsb2NhbGhvc3Qw 8 | ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiIC3gYsTb/VRJaLBzKT1a 9 | zZ441iog6oWlR423GijMx7DkHV7tJCNDG6RtHebx4qTvg0UB6h7r7wHwVTTujQYk 10 | 9FkQsOF1D+2q89NzaaKqK48ZstfTzQ8dbkbk9xuY340xiKQGAtLzRlo8/6OTOUat 11 | a14rNQSHLq86Md+CX5cZjBPqDSGI+LiBfuX580/g+7R7wOwYyBafT0IQ7KUeTwn7 12 | JhJYGaYtnn71WvJ9EEVwhUKQIW+xS2zkN8LLu74UjGdyJelTsNq2azhhFN4dR8K+ 13 | KW8gj21l61huVcb7bx+LqmvImKKu4BlAx5dDSuC2JknHPOGYmTRSY78aMo919rg/ 14 | AgMBAAGjggFgMIIBXDAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIGQDAzBglg 15 | hkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmljYXRl 16 | MB0GA1UdDgQWBBQxGu65TRXCdJ2PMysS6NF/H7GKcjCBjwYDVR0jBIGHMIGEgBS2 17 | Ji8EAHuTG+4ZiCqPx6aTWljLwqFopGYwZDELMAkGA1UEBhMCQ0ExETAPBgNVBAgM 18 | CEVkbW9udG9uMREwDwYDVQQKDAhCb2IgQmVjazEYMBYGA1UECwwPTGliVExTIFR1 19 | dG9yaWFsMRUwEwYDVQQDDAxSb290IENBIENlcnSCAhAAMA4GA1UdDwEB/wQEAwIF 20 | oDAxBggrBgEFBQcBAQQlMCMwIQYIKwYBBQUHMAGGFWh0dHA6Ly9sb2NhbGhvc3Q6 21 | MjU2MDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEAir4g 22 | YxKvltcMHLfKCeS/D4Rhoy2Y0PofbsNd+f2loHsiuS5Ki6yHU3KTLTuP1rnsU6A0 23 | l3cGwWQH7JkTmCI1Fonl5O7mzWbFVM9l2S932HlmHbdIa0N+2GXQhURR5x7y1QXr 24 | U38aLteJ26iasKM6MxV+6cbpmJllgnMWyGMAKKhJ7S7wRpR4UAkk9VIvfeuWnwNP 25 | Crxpzt9KoqD4bnjPBEg085Hv/05Md/KB4lS38kCK01o8LjLw7GdgfyfWKjTSWwRj 26 | 7Vsqe/9kkibS4Ny6STKc46SVl4X8dBLJ0QAy54fMxP6yeFILFapoTx0RK03xV7DN 27 | HyMosfLVQe+VxsI1SKAULIuI3aCc9u2//v+v+jA3hIQua+f/XRk010l6ExqnPrEe 28 | ZojZIGf8J4xVnwS29F7HlC9mZEuiw4SQcphOVlMtL3WRHOa4fFgb81cTprVeLl5j 29 | b7TD4OY5TMS1SNKwKfyoH5QNLfq7HiO7vYTTV/ssrng3Y98OPxkKL8CITHES/CnN 30 | UwwC2oe/pqSGSjzzDunVaCDBrNEuAtzpMTPeRJvnl6bq93F41XtK7R+708v+45f1 31 | tgbHuyz1YJ1nTUEDovueZNWrAgvBf+mMWv1qVy8nJ+etmGRMNdtZKX3/BI18ampD 32 | of08KqX2PAUMLZUKL2HDY1MDtQryCToFzmhl2uk= 33 | -----END CERTIFICATE----- 34 | -------------------------------------------------------------------------------- /test/CA/intermediate/newcerts/1002.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFuDCCA6CgAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwbDELMAkGA1UEBhMCQ0Ex 3 | ETAPBgNVBAgMCEVkbW9udG9uMREwDwYDVQQKDAhCb2IgQmVjazEYMBYGA1UECwwP 4 | TGliVExTIFR1dG9yaWFsMR0wGwYDVQQDDBRJbnRlcm1lZGlhdGUgQ0EgQ2VydDAe 5 | Fw0yMjEwMDExNzIxNTVaFw0yMzEwMTExNzIxNTVaMG4xCzAJBgNVBAYTAkNBMREw 6 | DwYDVQQIDAhFZG1vbnRvbjERMA8GA1UECgwIQm9iIEJlY2sxJTAjBgNVBAsMHExp 7 | YlRMUyBUdXRvcmlhbCBTZXJ2ZXIgQ2VydHMxEjAQBgNVBAMMCWxvY2FsaG9zdDCC 8 | ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMRtpFLa3mnzddAComuvNxjZ 9 | RofrzX3qpCUjYX1U0S8pX4R2lHPt80NT5Q67VUsTZcGohKnw8N//PGZVorbpGbPa 10 | eujUj6noRzjb+V2SDHH1PeOa3xHwP5pv3Aydh2IFrlY81xX8OIq5blq99sjWeunk 11 | 4E5SrPryAiK9dlXcNTj6MroiK9IVzfQwyfo+NPlmqXHAgxAHH3pLcG8mDl/BFitX 12 | Kb5/daoBDRRgRNqRDf35ZZJSFKG61Y2BKAZmqXhm5gZgSEv3Ivsn4evSIFItZt3Z 13 | 1kPzdTRfa9ckOc6TAVnVZ3tVITpf4vXjIPVPmwVTcKgbzvGh/6zgHfONp8q8FSsC 14 | AwEAAaOCAWAwggFcMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDMGCWCG 15 | SAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUw 16 | HQYDVR0OBBYEFNwIab8sRqlAsimAF6t332UNoFJCMIGPBgNVHSMEgYcwgYSAFLYm 17 | LwQAe5Mb7hmIKo/HppNaWMvCoWikZjBkMQswCQYDVQQGEwJDQTERMA8GA1UECAwI 18 | RWRtb250b24xETAPBgNVBAoMCEJvYiBCZWNrMRgwFgYDVQQLDA9MaWJUTFMgVHV0 19 | b3JpYWwxFTATBgNVBAMMDFJvb3QgQ0EgQ2VydIICEAAwDgYDVR0PAQH/BAQDAgWg 20 | MDEGCCsGAQUFBwEBBCUwIzAhBggrBgEFBQcwAYYVaHR0cDovL2xvY2FsaG9zdDoy 21 | NTYwMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQC265NI 22 | Xsv0qkjwP898Qr3mHRd3G3XsxV6wtYJWCmqq0U5hqcgA7hFVrrBCa2bzXZwmhxnt 23 | GjuTVQvqvp7LXVvHAqe1vGk3fw88aNveqxgEkGMTuceGWgU6KYhFUNws6WnTcCGH 24 | Sf0kWpjfxaIqzOaJjHugsJYNC/jKjOXxv18I+NyBFvx6TtW0yvU8pSxEfjGGDPLy 25 | qHSXPprJvuIyRbt9GZJDAoZaU/HoD3ksSLVTicz+s6UmHPsylMb84E+WF8J627gR 26 | pTmltu6efMJUI7u+ah+uDeIHZn/aBFhL10xOaVuEvsIL0vZZv5+OZgowhDuWEEko 27 | BamR/LXP7NjlJhiKZs9JizzkqdA0atsRug0dZFjbP52vn3Z7wToTUzX2ZEMFWeQk 28 | OjTm8jwQTXVMxR3VvB1TqQlsJBuGwQPhBIpmV/UPw4yVxHJe6fjuecCHYPRVaMd6 29 | q1EpPTNWubM0zLO23MP/UQca69hITtWUPqdLstk/8K4+ELHNCJX6I7HKRjMFhD9q 30 | pVCSbFHLZeNzvtJYb0h6NzuohnO19RsTWJQatVUt0u+cntsUM6C17T6Hgt6OCUAL 31 | qhm94K0W0vzAxwI99johWn9bqk7QAMQO1xHdcUiHsiH8SzgYhMx8fvqRNZQe6LFg 32 | N1nn0Wff3xsND9iGgCOiPVgCggyhBlv1UHP7xQ== 33 | -----END CERTIFICATE----- 34 | -------------------------------------------------------------------------------- /test/CA/intermediate/newcerts/1003.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFcTCCA1mgAwIBAgICEAMwDQYJKoZIhvcNAQELBQAwbDELMAkGA1UEBhMCQ0Ex 3 | ETAPBgNVBAgMCEVkbW9udG9uMREwDwYDVQQKDAhCb2IgQmVjazEYMBYGA1UECwwP 4 | TGliVExTIFR1dG9yaWFsMR0wGwYDVQQDDBRJbnRlcm1lZGlhdGUgQ0EgQ2VydDAe 5 | Fw0yMjEwMDExNzIxNTZaFw0yMzEwMTExNzIxNTZaMIGPMQswCQYDVQQGEwJDQTER 6 | MA8GA1UECAwIRWRtb250b24xETAPBgNVBAoMCEJvYiBCZWNrMSUwIwYDVQQLDBxM 7 | aWJUTFMgVHV0b3JpYWwgQ2xpZW50IENlcnRzMRIwEAYDVQQDDAlsb2NhbGhvc3Qx 8 | HzAdBgkqhkiG9w0BCQEWEGJlY2tAb3BlbmJzZC5vcmcwggEiMA0GCSqGSIb3DQEB 9 | AQUAA4IBDwAwggEKAoIBAQC4spK3sz9Lf2Xp/1ejSmbfgcKki2lvJPCcVaLTwJ2Q 10 | BNlwSFkRyELRMukdE3yYRyU9OU8RdxJwpOSLFiPDz0yBFYP9tkLXoa0Ce/9WZ0RG 11 | Yqr3ygd1Lk27tV/6UuhHjYqgAqqb6iRwnabfdLD42Csct/suO2RtwoRsUJr6ifYV 12 | Uh8ItBc3mkelRMHt9vD/HPf2oTR154OPNAWjaj5tbwjl8AKIkbZQiaua3t5lM9f8 13 | mzP3F5j50HFwygR1x31kpEbgtXcdcRuLB9drfW/yuSoC9pneJAYS1W1jrMlfeEy9 14 | n91BAlObNHbjsquE3xTP6iVFNotfEpJjGDeDaHT5Atl7AgMBAAGjgfgwgfUwCQYD 15 | VR0TBAIwADARBglghkgBhvhCAQEEBAMCBaAwMwYJYIZIAYb4QgENBCYWJE9wZW5T 16 | U0wgR2VuZXJhdGVkIENsaWVudCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU5+GcYMfY 17 | zCiwnrWnc4dP73SacNswHwYDVR0jBBgwFoAUtiYvBAB7kxvuGYgqj8emk1pYy8Iw 18 | DgYDVR0PAQH/BAQDAgXgMDEGCCsGAQUFBwEBBCUwIzAhBggrBgEFBQcwAYYVaHR0 19 | cDovL2xvY2FsaG9zdDoyNTYwMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD 20 | BDANBgkqhkiG9w0BAQsFAAOCAgEADt9f/xrd2aDI53zwI8L5jepeKfVF0C6qmb+O 21 | oreoH1cZstv6GVm0WXqKRxyRaqZPvVh8yzuL4k1re0+t14BcWwyV+7fK9X3CfUQo 22 | BphMSBccFLQSE2/9da1XKpSzVO52rHVwzTKUZ/RZ0rKoa/Z7bNYHeeFmaD+Y2sn9 23 | WRd6Q64jGKT3jrH8Yw/lDsIe058EIhKRac/69VxFiG2ZOsaqslFuhzfWrMN70ts8 24 | Yr9iAHgxHyMqNBoZtEIeksDsQGo84lXUIYEw7jz6IcxUlDis1U/yhG7mVijuJHW1 25 | WMDCx8UhspYSKXsWNny0YU3lyg67Z7TNwkgoDhW+Gssd/GJ5+yE4WfUF6vSZn2ro 26 | MLhpfYW5Cp/CnoJs8hbEUXpvhaXHZau5Rhc08Cpwho7ooumVBnKHSWGcaN3aFQjh 27 | +eaQ8tjQMqewJur8viXiOKVjAkvmkubjTWf4KI1vBjNqwbVSZ+L8oVR3MLUtblWu 28 | nr3gpzt1SK4t/c1WU2TDGHTyC2Am0242DLggXg+QAwqpWM1H057FSFw3+MLFBRF0 29 | 2+V5I/4QeupVav7+uQ77jqKTTQLcVXw9l4xVMnl7e0ezive9BlwFLvsMBDB3MPQV 30 | cbJA4I+u4NE92dy2wcjm9c7A0Pg1o/0LwkfreySEgCZgiz9o//hlnoN66J27xdwo 31 | dlAdcfw= 32 | -----END CERTIFICATE----- 33 | -------------------------------------------------------------------------------- /test/CA/intermediate/openssl.cnf: -------------------------------------------------------------------------------- 1 | # OpenSSL root CA configuration file. 2 | # Copy to `/root/ca/openssl.cnf`. 3 | 4 | [ ca ] 5 | # `man ca` 6 | default_ca = CA_default 7 | 8 | [ CA_default ] 9 | # Directory and file locations. 10 | dir = intermediate 11 | certs = $dir/certs 12 | crl_dir = $dir/crl 13 | new_certs_dir = $dir/newcerts 14 | database = $dir/index.txt 15 | serial = $dir/serial 16 | RANDFILE = $dir/private/.rand 17 | 18 | # The root key and root certificate. 19 | private_key = $dir/private/intermediate.key.pem 20 | certificate = $dir/certs/intermediate.cert.pem 21 | 22 | # For certificate revocation lists. 23 | crlnumber = $dir/crlnumber 24 | crl = $dir/crl/intermediate.crl.pem 25 | crl_extensions = crl_ext 26 | default_crl_days = 30 27 | 28 | # SHA-1 is deprecated, so use SHA-2 instead. 29 | default_md = sha256 30 | 31 | name_opt = ca_default 32 | cert_opt = ca_default 33 | default_days = 375 34 | preserve = no 35 | policy = policy_loose 36 | 37 | [ policy_strict ] 38 | # The root CA should only sign intermediate certificates that match. 39 | # See the POLICY FORMAT section of `man ca`. 40 | countryName = match 41 | stateOrProvinceName = match 42 | organizationName = match 43 | organizationalUnitName = optional 44 | commonName = supplied 45 | emailAddress = optional 46 | 47 | [ policy_loose ] 48 | # Allow the intermediate CA to sign a more diverse range of certificates. 49 | # See the POLICY FORMAT section of the `ca` man page. 50 | countryName = optional 51 | stateOrProvinceName = optional 52 | localityName = optional 53 | organizationName = optional 54 | organizationalUnitName = optional 55 | commonName = supplied 56 | emailAddress = optional 57 | 58 | [ req ] 59 | # Options for the `req` tool (`man req`). 60 | default_bits = 2048 61 | distinguished_name = req_distinguished_name 62 | string_mask = utf8only 63 | 64 | # SHA-1 is deprecated, so use SHA-2 instead. 65 | default_md = sha256 66 | 67 | # Extension to add when the -x509 option is used. 68 | x509_extensions = v3_ca 69 | 70 | [ req_distinguished_name ] 71 | # See . 72 | countryName = Country Name (2 letter code) 73 | stateOrProvinceName = State or Province Name 74 | localityName = Locality Name 75 | 0.organizationName = Organization Name 76 | organizationalUnitName = Organizational Unit Name 77 | commonName = Common Name 78 | emailAddress = Email Address 79 | 80 | # Optionally, specify some defaults. 81 | countryName_default = 82 | stateOrProvinceName_default = 83 | localityName_default = 84 | 0.organizationName_default = 85 | organizationalUnitName_default = 86 | commonName = 87 | emailAddress_default = 88 | 89 | [ v3_ca ] 90 | # Extensions for a typical CA (`man x509v3_config`). 91 | subjectKeyIdentifier = hash 92 | authorityKeyIdentifier = keyid:always,issuer 93 | basicConstraints = critical, CA:true 94 | keyUsage = critical, digitalSignature, cRLSign, keyCertSign 95 | 96 | [ v3_intermediate_ca ] 97 | # Extensions for a typical intermediate CA (`man x509v3_config`). 98 | subjectKeyIdentifier = hash 99 | authorityKeyIdentifier = keyid:always,issuer 100 | basicConstraints = critical, CA:true, pathlen:0 101 | keyUsage = critical, digitalSignature, cRLSign, keyCertSign 102 | 103 | [ usr_cert ] 104 | # Extensions for client certificates (`man x509v3_config`). 105 | basicConstraints = CA:FALSE 106 | nsCertType = client, email 107 | nsComment = "OpenSSL Generated Client Certificate" 108 | subjectKeyIdentifier = hash 109 | authorityKeyIdentifier = keyid,issuer 110 | keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment 111 | authorityInfoAccess = OCSP;URI:http://localhost:2560 112 | extendedKeyUsage = clientAuth, emailProtection 113 | 114 | [ server_cert ] 115 | # Extensions for server certificates (`man x509v3_config`). 116 | basicConstraints = CA:FALSE 117 | nsCertType = server 118 | nsComment = "OpenSSL Generated Server Certificate" 119 | subjectKeyIdentifier = hash 120 | authorityKeyIdentifier = keyid,issuer:always 121 | keyUsage = critical, digitalSignature, keyEncipherment 122 | authorityInfoAccess = OCSP;URI:http://localhost:2560 123 | extendedKeyUsage = serverAuth 124 | 125 | [ crl_ext ] 126 | # Extension for CRLs (`man x509v3_config`). 127 | authorityKeyIdentifier=keyid:always 128 | 129 | [ ocsp ] 130 | # Extension for OCSP signing certificates (`man ocsp`). 131 | basicConstraints = CA:FALSE 132 | subjectKeyIdentifier = hash 133 | authorityKeyIdentifier = keyid,issuer 134 | keyUsage = critical, digitalSignature 135 | extendedKeyUsage = critical, OCSPSigning 136 | -------------------------------------------------------------------------------- /test/CA/intermediate/private/client.key: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC4spK3sz9Lf2Xp 3 | /1ejSmbfgcKki2lvJPCcVaLTwJ2QBNlwSFkRyELRMukdE3yYRyU9OU8RdxJwpOSL 4 | FiPDz0yBFYP9tkLXoa0Ce/9WZ0RGYqr3ygd1Lk27tV/6UuhHjYqgAqqb6iRwnabf 5 | dLD42Csct/suO2RtwoRsUJr6ifYVUh8ItBc3mkelRMHt9vD/HPf2oTR154OPNAWj 6 | aj5tbwjl8AKIkbZQiaua3t5lM9f8mzP3F5j50HFwygR1x31kpEbgtXcdcRuLB9dr 7 | fW/yuSoC9pneJAYS1W1jrMlfeEy9n91BAlObNHbjsquE3xTP6iVFNotfEpJjGDeD 8 | aHT5Atl7AgMBAAECggEAKMbcF4yOa9ero3bJXXa+sZfPZk6VL4GjUZCii0eaQcKg 9 | UubWK1PgVJl91/qGZoRGl3bAmyWDv7TX9FEmAkQRKuqaIniL11mNfd/sZqIT88oy 10 | 3tQOw3M+nDOWBgkp2SpJsbwE+Lk/5FEaF3mG3Nm04vlHjlR0frsUS2mcXbX5y4jd 11 | wafNzRPv4kLpusAKx0pxNh3/OuWuWs+NkevwFLXuD3oRynZ+O/UQGbm4jomPwE+j 12 | JH/DuvTN8jX+7Ism3FsqSXQTyVakaS0hpvp5Dk+DMxLakAnUYVN3qXFe4kReI5/D 13 | LkLQIUH3LXe87hVQEv0qYRa9I1Bn0R5YpHHKWFHzyQKBgQD9wZOpTZOS4N+l6A4Q 14 | 28b7qwWLYjjEbkC4o4rpyZF6CKEeFpNhdgIYm0LvErGieL0PzFavYjKSQ5jchenp 15 | EKznzLYVeAKoeRBipT9qo8DdzvNeOonOGejo/W0qFzfXwNpGxmcgTK00QF2anj12 16 | coyv+kW5bitRjigu1fxhVCzfPQKBgQC6VKtq34DlB7htC5fZlfJ9KUeqZ94SJzuo 17 | jWhKxgxTIC93ATISNr2AXxn1A87eIbM6TGzLv8U0fe0bOU7OtLYOHyfJug3MDS4P 18 | TZdsQAtutjtur26dnaqFw2tV+Ab7oZn+5xB/gl3+FnHGU/zJsISWrMfo7F1DY1P3 19 | 2uc5RmKnFwKBgQDiMBdf9R9S8BFKgCNxkYW3tMT3bjDtnt0f998N7zc2UNTUzgjG 20 | +fp6VoL+OWqPSRI1L84g/OXZDFoIT3Gl5tBIumefkV7FL0yUsXlqo9Z5oEu8NW+6 21 | f8vlSmhw+Us0jNnD9nvcBZzqE2mcNerRVt/iyLI3zGTeiFl3DhSt6OsqfQKBgGe3 22 | ubNDtfvG0GHikiQL027YC4xPRM3WCN9J10PH+hRLViBoCfcZgWJzjX9VH1GGcL2C 23 | zQydMqiFb/Y3cCafcLdroDop1oQ+0eSyzBb1j2eRCIQUIv6ZRNIwdQ7lgP2Qdqfs 24 | 9sIDT06gL7S2C4A5QZSdmKmO6FsabyMINq0rAL8BAoGAaSsrYqNFPxZge7IXrTBM 25 | MnAY+cdMjKW+L6EB02AWZgcVEM9qIddanZ0dVM643mdM/3oWISpjqsp9WW8lw1fx 26 | V3oVVwt9lQ4nZcZpoV0d1dhNSydDpGaB7/kxXJBIG4w8LrUBrRKruz2eB75fGG0C 27 | sWdLYcOkqY0KNeYnGWeBOeY= 28 | -----END PRIVATE KEY----- 29 | -------------------------------------------------------------------------------- /test/CA/intermediate/private/intermediate.key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDgEHeRnfrzGUOe 3 | 3auk+ZNsxAXhoTWZZwrHkzXHTmcO9RQ7Pc5jTyIhpdAl3owZhxXWiv2ADLY0+FqO 4 | 4AdaSb/GMumVUTAGzaaT5OzSM4gpjkuE++EPUnSC/FnsdD+HjgqkqE3A0KNzab01 5 | uOcRc+BTO/6WIQJ6qdAN7kqtghaH3YvLAp7MImYO01wvJe8lwb5OpcqGMQ3xZvMt 6 | PdapJ29YjIYizAUGkI9jv9g9TIPb2FfTsMksJ8HH3UirdANivlqClKZ1yCUDBv8C 7 | xkhyL++H1mysjAm5PwasflgS1l0KmrIIQH26k0RDKE3Jjb6ueM/DcpxUZ/VPDMGu 8 | 6W1az5QGeIHHLDEzDMjOIGhLQGqEt5xmyuhF0ZwoysxFqQivTcGODusWBCRI887u 9 | XWLISzcJyQTgAhtL8GP6mT8t8QSW5ZYZJhi6Qwqz71T4wpfQX83JhV++cDwTHgsN 10 | uQ0pHOIul6GLL7AmXcqS7iqzCKKw6osYi0YYEEfMwv7PDvmxta2DO3ToIdNxrw/Y 11 | ZuZLkh1W9ApDXz63TcJsdxq2mFBuBdONjzx7FqoivWM/YAUxbMoYoHTJQn5myQbR 12 | GZsUA8XO+oD2F0tDcnXNBZ5yYv1SvfvhwaqQDgtHWafhaCyyRhjKpLVAEL/kEiGV 13 | kIOt3ZIw0PFra9g3OCy89rr43J0iuQIDAQABAoICAGNy658WH2wGqpy4hpaSr3x3 14 | BKVAiCmuMnqiPBxaECPzYydoJ1KsrNmCXwBv5n7uFiNDTYCoI7cfBBKmHJ1WXmf5 15 | 8PL1NfvPC0BZO0OQ276WCa7cnOfQESaSGtd4QTpJMTAkA16xO9rd870EdIqqg8Zt 16 | unGn9RG8jTuhqEOamaV0D7frUdAI9INgDGpgy+RWOcFulJU68JVUvFo4OC6b8i+7 17 | L04Cf7iKMRp06+VJML1DKLgsnx2aB8hNzxNKSrZpBoMutzNPwh213Tm+CCmmXQpN 18 | ga6T+TzfXHbzHOQ/gMxUHPDMrwFAm+uy19O9tgR6WrzFAd30xkxvvQeFU6QavffM 19 | MmKgSxwx+3TqZBPVudzPAAptThcFnaccexUGImYL7F/V7O+B4xsuHy+uH72qyU1s 20 | P7UFpnnGoNVqsMeGWRZikuchcDxv6I1A8bNgY1aeA0xbhD8XB559qQG1k+QL161c 21 | 1CG+Z5l2b7HcbcYGWl1pba0P0dZKMfOlm6aiA2YqCMozi3Vs5zOUGnmbry1yeZbV 22 | RyytueGiUx7OshRIdrFtq23Iesc6BBw4xmrO4epGG5gkKV0CT14sToSctjJyavWe 23 | kvE3b70toCsvMFcc9xh5bqjU9JEoATqCMoV4OU86Ve4CkOrNGc9hjtXGCsZOZp2S 24 | Ray7Kiw8ykr/yg0sRpqBAoIBAQDgHpCqS8Nv6Tc6ySUQut9oLjK2q8SdZf9Uzkdl 25 | jhtEvBBBp5vRi0Ch8rnluiZWloxs5+l5eXe/WN9mldJmdkoejGjute9GFgbZpMWz 26 | U7/s11OXkYrf4Qtldwpe+OEEs13E6m4eLskkP1duLl1bdSdX6TJr5BUrO75/hTvp 27 | jj+mZigAbN+GP1DZUaqi0+7X28/zNbcfWKusbGAcQxYGQWkUiQ9EKALSJKRJuADM 28 | CJRho3GqCPzc2nkbvBOTpHzk/1pmTuly1/0XGFnUmgZscGwB+69ClMyGRuBrz8tZ 29 | 5CHLjCsfMpLXcPA59og2jqrtCbyUY+co8n4Cf39eJdAhckNzAoIBAQD/7+WEB0Mk 30 | IN3Q18WkcPYPPzq4fc3qPjeYDMP0ssv0BNMdaktRIaXhQix29bHqbU1LGZKCMb70 31 | QlcVUVRMB23EI8ta8nElv3kuexMTkm+go9oy8JuGuJ943T3xZ7MdkkpOVj77dMMx 32 | A7I9hk+VzJ/Ju+R0cbqNG0habwv8NrWIP0rtrLUICP/s/o0K9vbDfN51cR2q3A2i 33 | j8Wmc59992qSaPL+Ztk/EhzBF+vfof1KLx3P0yVJ7o4+OAED5Y8op6/rJKyEDf0o 34 | Ic7d+fIuwEAljG2bRU4fHxBwZ6YnpAcnJFjmHkykkXKeKyDhsnBFeJPXa3LLAPns 35 | QU733ozLU+4jAoIBAQDOGA1cLLOZ89JQAqxNCCts+B62kJoLS8JS0CYjo1w8BtzE 36 | I0dMmEtlIXoFYPrkYSjc9R5kEGkn0qgNA/UpN9nM4b2U1kUkJBlEhxsuXvN87j32 37 | gWY9ngsG0UL+NstlsTOnYxTEOK3K4Vya+5PqCH+XfeBaCrHUwenaBkEj8yVg9UwP 38 | qA6cuxiz3z+U4GMgqQg/VMQC1V14/2gaVS6prfjdY3RgbpK5f+x7xfMlrTYV22Eo 39 | xX8R8O2xrXArMvWO96q/rg1LCIe6dzAUK1eA3JjV8gYmqgKx7/dr7PfIv9q7/Tei 40 | RrV13GtsQeLcmLFhrLR3mK73npZ14ZzUjN0qBJM1AoIBAQCI8tkhOLGYl22Z3puH 41 | Tlqb9f150vdoLDqbRdllCndP73T3/HSoyRR14G7iiL3W7v24/coDmJLRKN5oLcip 42 | liAKIA0kcS5SQI6bbIfcpTLOBl8vesf94rSSe/A1SIPzgt/34vZ4nxYDGDM78K6N 43 | PZ0S2VN5a5GjB8JDgcAsCSpB6XwyiYOk9QvcyKi4AUYxfJOczBZP4sf5AG2Gj7/8 44 | K3P/O+Eqd+YvdYWlXSN92rQqCeQt3JHLabb7XARPDXr5CiF79XfKgaHA47ZJ2QDa 45 | O00Xynir6P3QcVLekte5xm99ZlmbaQMh3CI0uGcz3cNtqQOS9Y/LSI5y+M9EmvVD 46 | p3l5AoIBAQCXsjdumTdph8HmYxAbE/Rrmwjial/BOxcyl0ozMdK0yJDD9idKxmfD 47 | 7KTmu2ise4ALcv01VHpwm+tqgbuEI5ZlAP/fJPkpopVxqS0rEmY7CmwTg/PHyz3N 48 | F94cHFHhY0xozSAsWBw+RrLubprBWSfDLH2hMsWER77h4d5AWEzxeE4dtO+7Kkd7 49 | KLdr97Z6DFh1WsBCBZqSBRNVxJr8nNgCOen2w+c0RSo/YWMAbW8d5V/8OMGKpE2a 50 | 08JhPHAKqBw4dypEDyAd62MYivAEBKmgtP0ON4ZH+e6r3q8Pna0LkXBsBoFoGLkv 51 | gGWo9IoT6aT3nygZs7Bx/hvJGMPwq9hx 52 | -----END PRIVATE KEY----- 53 | -------------------------------------------------------------------------------- /test/CA/intermediate/private/ocsp-localhost.key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDjLQuwRX2AmM+G 3 | pJktdJkJ8bao4fxp51I9xmrX4X+HQjL6j2DcnwP1nHBEmMPS7DEfVpP9ZrZyv4J2 4 | H0nCPJhlfDQTZbY/ogXxDDhQZqryhyN96JwBzvyfHcLjD+qYq2eNnfrNtfJob3kX 5 | 9hKvxPSD4lrFaL/A8EyoEyzFsCSUD4y4DAZu6/JPg5CR1FkJbxGnk4sAP4bW/+CH 6 | /eIyFtDVW9ZNALHcSMg6Wa24xK9j3u1HUGJNNuYEV+ykCe8kGEDPAvDAL4XEEmk6 7 | /9mIUdYELTAK5SMtQyT4U0GPjD76ItkoyrUgXNSGpyK3C+g5TMzYU6JHjNZiveE2 8 | 0VjhO/ZqZ8KZrHYsvt3PKfJrj+okt8viMNvg+JSP2wUe36sa3ssUaIW5twrg/yRj 9 | EYHUNO1Xgn2pzLCpAogEEZSGvk0ovkZa8FJA78cUQNuq7MQb9vZ41/Redyp6VvcO 10 | /fV/HvNTLwBERYI5gkhVUjTQb6ZdsUSVmDxRrDzbD/fSlaM6Xvz8WaG9Vb7fETWC 11 | zsLqDVMcaQsvwLh/IA8BImmN0MMmWEAenVHA1+TJ8uTrus/5efClynUFm0TT80gY 12 | 9qyGG5BjeI+TW9qZMLAi2aoB5vFGw8xLCO/kk6XLcAxBUkayHzZZHXaFTQNgnXlo 13 | qKrQ9Y2PGN/i+FbUHqhWR55j45ni8wIDAQABAoICABSipdooJcNFniwrzWIsoi4e 14 | D6p9hJEWGwlTeacMa6ocoEbUOUcxBooL4MLKYZdKLxgapCyzZMU9khsqsmd7W5h0 15 | VMKiTZCwJfwEUSU0fjizf8zTEUC0zYuih25apsOhZjGd9Qc0jMVhws0jZAUlTdSg 16 | /f/KiQh8i2oE+98lJd1xICYjqX3v3r3MRJiKgl/x/9eJ9mlaW+Qxr/KKZD6KhgOr 17 | aObrtjw9PDrYpIgRDaFzwXfl3FgJMZGZbvxjjp5nuZNUQAwlBPCPf5GFZfwU+uy8 18 | Mg37TFuzKquH3H+ujJXqDnG/H/7Fj+R/UA7yfPCfgkfwKOB48YxclRWGpJ0o9jP+ 19 | Um8I6XchU4V4+uIVDCRm5cqB3VaPmdFVufiXHk0EQWk3CjY5yiFTWATZ7w2LmMgq 20 | pVl9ddCHObfq4kcxhpIHCZdkXgpnzA2bEXRj1x2u1W5wdmRvSeo4DBH+l3ZCu5O/ 21 | 3kuE0UaRmiky1eheIO2URJqak9vgEj5YqAcdTZ0UWTBX7sfwimOUsJsoee/hcjIx 22 | R71Yn3SY79YeplsUtNBOt7PkmrLFzM7qVbtZPd8LZVEVkMxkHoQgAzjOYM/4dSSx 23 | AZlr4FA4TdYv9spJsgLm5KkIaNqBoFXhifynCak+/aE2yKpyZ0h2nX8kTYe+Pae4 24 | aRVwkqV4ueSk+EdmrP7JAoIBAQDz1d7sDHrAzICrhlbP/B4XC2Nw+eTTekghbOAC 25 | xrnqqqnRAkE+V/hxTTntOgcFk4/snIZFhxletjYqmuIQU+jBFVwIz9EKXqetTGXV 26 | NYubyWc4Df5CrkqJrzlJiJ1lF2DNcFl+B8fmE8f6UcAjT1DktomDdef3qePDfuwN 27 | SwDCIGQIuhkK5oor9hgZOrstP+KykbBZdYS81VOOQLB087tC6AoUArcg8nAddUY+ 28 | 2ZjhGhOwEn6okQyxCfNx30SpTRBKBHlkNROQzJzgOuxnEjw5QGeUXhgi3/6KJDhp 29 | 1WB/AUvfhLa34uEWRfmRCorJdans45a70/TDqyl/8o6X3ty9AoIBAQDugmjQpY3r 30 | 5GBnnXJJDvKAJZ87ZUGkKWuRB3tocXettiJpnEWvK0U0zvBLB+CuPXNSuo8Lg5xp 31 | BeseZfdBOlVg7tZ7mFXt0R7SII8hpBYOaOsDEsKGWUn+HsO+bO5cVV42/J0GJK2a 32 | +EUN9ZblzpHB7NUdZhvJNe5xvYBBh44zyuQKPqS1ZMai7aFy9VqM5ymQ5Haodqip 33 | /Y6CYPPuzQJu1X7I7bRqzjJ6tr6veJ9p5+FoGOguvTqHSqAYlAvELggiXGGXPns7 34 | 8jWb/PwbRexFVF/GigTBJy56fT+xg39EfG3EYPYOiZrA9NTN452btp911L2xxzQD 35 | awhyqBNwGDFvAoIBAQDoVcsZhDKa7sFTrqedeg95ycIw7guZbhS4tLMmMhEIhyFU 36 | JB/itZPm8bzWS8pRB+/FdseCDF6iHmCya+4nvKw0/pM5WjtG9DY1LGyDoYerI1cU 37 | 1FCHXOdtFecyJ9hBcOsuFXVQXz2b/xE3dRntCzB7HWseNgSXuetqZc+qQuMwFgj7 38 | P8eI2W6iwNTphUrArPTnTWaJdy7Jd0MscnswlOTDtbGUq5mu7RLjHtGWJWREaMKF 39 | rLm/CKbdMiwjPqh/4Qw6WtUIJILGIBECn2KOO5PiwXlwp8+7u08gda7DOSu/GI8h 40 | JaWsxaPPw1EvYKopl9IYBCumQSoiHz9lyMsR7qrJAoIBAQCI0PIDThSdToImreCT 41 | HCnrbKlszubano//v8UA4qX+Vc5juqsWksG+Sz74K2qtSL7QpAfOWQ7uB+EZrPAq 42 | 0KWNVzRd7cLNCvqdGuRALfohBfpZ5vcDTlDtnwQ2RhJtkOLctAf3MC8OCIDEQy7u 43 | YJKoJY0SsjIaN/+x6zyZWoMuHqK1Zb3h+A8iAyJr6WaqESh83zFZ7cdOzA5lp+wF 44 | /j/5CCsUY5bs9Z9rWU0FJzJ68/MPXcpClXXvidVQhAxD2wv7efbZZZQXjRdHhdWw 45 | Z2njU0UlhKK5khpNVW+mCoKE7MOitOQw7qqBKXCxMnKEkjviwciXJGgn1cwgyV1t 46 | HdOtAoIBAFwSLIsM09Dd0az15YZ146qsdbKeN7dJ8fCEHPVw5ZLyTGj8eYqaWKTm 47 | KUtDuaTpLWkKsNQQeBxQP+BKAwommB6Hvx3f5lrsqT3W6lsyU/xmJmUVzROXMaq4 48 | JnBSSYIBtx/Q20wcKxMfIDHsCYTCz5jEU8qlMnzPjViuSBmsJCHMuBHbhPXbjgJ2 49 | W86GqIr9ewPGkSYEJjkaWR8PY6afvCKdZ42Gh3ce73ggNuj8Usm4vn5jvGrN9Nf7 50 | +2+8AvTInaIFUJLcKv4PV3LrvkecWyhVlGVEFApR2OygjiJae9fc75BJubOnjicE 51 | Pvh0OWjQxGJDMFpo1wSueYTe7f0uSUY= 52 | -----END PRIVATE KEY----- 53 | -------------------------------------------------------------------------------- /test/CA/intermediate/private/revoked.key: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCiIC3gYsTb/VRJ 3 | aLBzKT1azZ441iog6oWlR423GijMx7DkHV7tJCNDG6RtHebx4qTvg0UB6h7r7wHw 4 | VTTujQYk9FkQsOF1D+2q89NzaaKqK48ZstfTzQ8dbkbk9xuY340xiKQGAtLzRlo8 5 | /6OTOUata14rNQSHLq86Md+CX5cZjBPqDSGI+LiBfuX580/g+7R7wOwYyBafT0IQ 6 | 7KUeTwn7JhJYGaYtnn71WvJ9EEVwhUKQIW+xS2zkN8LLu74UjGdyJelTsNq2azhh 7 | FN4dR8K+KW8gj21l61huVcb7bx+LqmvImKKu4BlAx5dDSuC2JknHPOGYmTRSY78a 8 | Mo919rg/AgMBAAECggEAALtulF6wb5ekKAWDJ+/yP9KesaW0yVOFznocWxKjpJpE 9 | vAS8e5c0jVfnmI2uooPY2w3wFtL16uWu/Cht6fcvi88II22YMT2CAtNNGaGsv7qI 10 | FbU5vrGzpiLr7/xDFGgq18IrRHpfcP/YzvN1P/GAkJvH/jcfZ/d/WdkOSJTXmpvs 11 | lbg1/KH3II86XSKfFNb0Cl5QEtA8iPN/bv69+brUt8UUzgIzj0W6eHn1Ygwn4K+u 12 | fIeea7RXoGJXGxP1NJcPojvDy8Qq0fE4wTp6EdPnKUewL81KczjqXWFOrhXcrnpU 13 | efwRRfhiDnl6f0aIK347AGpmXeWrYp+b9prGXZ+5sQKBgQDVXNSmYJAvY8P8erY5 14 | aVvZyuntxq/AGgK94a+o1i4yeXBeKa/J3CNYtdmLJtwHnhZtR3apau35UWkG0eWX 15 | OcmI5/ZbBHOwL3t3+woVa1yCa2n2J+PAcApCa7MXcLFafYeFcG9cGJC3O6J8qchD 16 | iEmo8lfVzpFK83tk1WD6r0d1OwKBgQDChi3B/CG4qQN2iOxhIdopoM63ZNs4poxh 17 | UQ5Zgrh4J5ysUZ7TBdqEvvYXiLVcI2Xke1eLUZgwCyVbqlBzEHEl86qTlyRYatgH 18 | wTLNZrS0Zr2zWYcI1SZzvNc5VIzDKDeOmZ4DLl7VuBvNa8yBkqN1TqpmhvjeVCvI 19 | 3PMm6PwIzQKBgHg+FsGlDd0HNn5lkaiNTexRxL/yBz4V6pGkTOCzw9lCQyduCtmS 20 | LIFkCrO3NK0+VJlFewRDdNXbIXtscx1kvcVgJKBqw9/5AnY9jhNALCR78H1/QYVE 21 | HyQLmiSNqAW9VNDI6plWZsg83XewH2KfvhNucD3Yal15FoNfFYZxna3dAoGBAL0U 22 | ne+8O676IlKa32G+/QePtr+O+oQDZ9rEZjVdmh+5KVJaeA5Y10JHOIBBsz/fbJB9 23 | z+etJUg13VdPoqll5wXj5v9VX8/N8zT+d3ouhiIA6A4oTNiqD5lair3AUJ72PaKP 24 | 8YbYEPie3+96BCxCtD43e+zy7390w6aYFoXQ3ANVAoGBANJegjbyAJTQsr9aq/8I 25 | d7Cn4Kxj/B47jgpd/plwfzFFtLZsLkGeINpDINQg5iKMwX1LW4yShN6ZHOL1t+BX 26 | MrFfTZL7OHbvg1S0WqpkJ4+7a0y4uHHiROWscnoeMAH9ZbatIQYjh6vzHQayvE0b 27 | 9AL6jF+aqkY7gbWiNjHFYnPN 28 | -----END PRIVATE KEY----- 29 | -------------------------------------------------------------------------------- /test/CA/intermediate/private/server.key: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDEbaRS2t5p83XQ 3 | AqJrrzcY2UaH68196qQlI2F9VNEvKV+EdpRz7fNDU+UOu1VLE2XBqISp8PDf/zxm 4 | VaK26Rmz2nro1I+p6Ec42/ldkgxx9T3jmt8R8D+ab9wMnYdiBa5WPNcV/DiKuW5a 5 | vfbI1nrp5OBOUqz68gIivXZV3DU4+jK6IivSFc30MMn6PjT5ZqlxwIMQBx96S3Bv 6 | Jg5fwRYrVym+f3WqAQ0UYETakQ39+WWSUhShutWNgSgGZql4ZuYGYEhL9yL7J+Hr 7 | 0iBSLWbd2dZD83U0X2vXJDnOkwFZ1Wd7VSE6X+L14yD1T5sFU3CoG87xof+s4B3z 8 | jafKvBUrAgMBAAECggEAWu0qENSR+lehpJ1jlBdymMUTOh30bKIuQ6bCHSMjBgLP 9 | 3WCKzbNLVVJDiPM8w1kCVIfuiUAoMHhU/EYN4T+8Dx5GoPqsWglU1sQ1BZRywFm2 10 | wWJSelpNBu9a3FgbcEuS7QaSxfGQNt8pb0XaNBPcp+Kz1m289xkJ1gz/9zTNSkbv 11 | jP3o52DGbWJRUCdplpWEEuVnRj0ZAWHeLP4fmLD3W+kt8jUny8+aaiI7Y3+3dfC3 12 | RS4YjHsbHcO2f05qYCnjlIyUfkCPcmdGQ6NtfpVt4YXi42NeB1WexpoCGei9QMWy 13 | FmamJn03gJ7jY+UxoI9tglbe+OHrI+F65SzeCy/U2QKBgQDjjhlnbQD9+rU6rGrq 14 | oa2CaJRpWi0K/dSvm1ZjjSIVAKW5BFFtT9EdUKpEqHiceTjJGNY697DQhGAcJT8o 15 | SQ3aV71VVJ1KhDGE58qIO/EJYwnqJs0+7NbqEzmfaIVVe/40f4udMbrVKH3dmTPl 16 | JjdpQs95PXWBMT4c61SrUk7yPwKBgQDc+3dwg2mA1AA1L1KFPDrHoE+ZlSQVfqiy 17 | PQMPu3x/uqIZrAk08Rtv/Ya/vGb7NGYscgM5PiFHmZcD1mEIaF1kxcg2nGiKI3LP 18 | LnYUKsR1QGK9sxduwK4MjVZ3kKcKW2Xptfxcm5T6g2C5HO6x4dWtGvORMGx95NkG 19 | c9uyQMRKFQKBgQC7qriWzJYR4E7QadvvT5GKSHeFf2JAe2CJxyFzDrU5/wOt17rT 20 | 3QzIEXurDgoSegL0DnC3xwjinxmofKterQkotk2mbxcdmnJAeu1Ud6LtK+nEW2XP 21 | 7IG+IEbYidnUy2K1py7cYGQGYdOUC0J6TI9MV1ZGVgJvns3sCcUVWddT/wKBgBdh 22 | a9O1s7XzuEnoRdze8IEqjwF67CRyEDs7hVVmytdg0cHRl+/ICtUgh99FecfeVWki 23 | bwDhd/fxYi7/wah4ElmVK4fLqKvk8ELHcarUk5CsTUYw6qvHKyMc2ScxYNsRrIi7 24 | voW12F9hAxzS2NZtRIRaM6cK7o+rZOLv4zDK9Xm5AoGAHkbVL6LVWZF0ekkUicuA 25 | R+3WrTHxkrE+4AtNugUqC0vkNyCM9jMGNLN1t5bmzr7s4Sc9Ujy5+vAPrRLGZLVF 26 | 5FtK773N8q7ovyjmyL6hYmEVuWAxFtNAVcgrMeXqcFiUdna0eAPIUlyyfbS0Vpv5 27 | 2KHa1XucBTdkGEUFI+/zYXo= 28 | -----END PRIVATE KEY----- 29 | -------------------------------------------------------------------------------- /test/CA/intermediate/serial: -------------------------------------------------------------------------------- 1 | 1004 2 | -------------------------------------------------------------------------------- /test/CA/intermediate/serial.old: -------------------------------------------------------------------------------- 1 | 1003 2 | -------------------------------------------------------------------------------- /test/CA/makecert.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | usage() { 4 | echo "usage: makecert.sh [-c] [-d days] [-e email] name" 5 | echo " " 6 | echo "name: CN of certficate and name of output file" 7 | echo "-d days: number of days cert to be valid for" 8 | echo "-e email: add email to cert subject" 9 | echo "-c: make a client cert, default is server" 10 | echo " " 11 | echo "script must be run in the CA directory of this tutorial" 12 | exit 1 13 | } 14 | 15 | args=`getopt ce:d: $*` 16 | if [ $? -ne 0 ] 17 | then 18 | usage 19 | fi 20 | 21 | set -- $args 22 | while [ $# -ne 0 ] 23 | do 24 | case "$1" 25 | in 26 | -c) 27 | cflag="$1"; shift;; 28 | -e) 29 | email="$2"; shift; shift;; 30 | -d) 31 | days="$2"; shift; shift;; 32 | --) 33 | shift; break;; 34 | esac 35 | done 36 | 37 | if [ -z "$1" ]; then 38 | usage 39 | else 40 | CN=$1 41 | fi 42 | 43 | if [ -z "$email" ]; then 44 | subject="/C=CA/ST=Edmonton/O=Bob Beck/OU=Certificanator/CN=${CN}" 45 | else 46 | subject="/emailAddress=${email}/C=CA/ST=Edmonton/O=Bob Beck/OU=Certificanator/CN=${CN}" 47 | fi 48 | 49 | if [ -z "$cflag"]; then 50 | type="server_cert" 51 | else 52 | type="user_cert" 53 | fi 54 | 55 | if [ -z "$days"]; then 56 | days="375" 57 | fi 58 | 59 | keyfile="${CN}.key" 60 | csrfile="${CN},csr" 61 | crtfile="${CN}.crt" 62 | 63 | (cd intermediate && openssl genrsa -out private/${keyfile} 2048) 64 | (cd intermediate && openssl req -batch -config openssl.cnf -new -key private/client.key -subj "${subject}" -out csr/$csrfile) 65 | openssl ca -batch -config intermediate/openssl.cnf -extensions ${type} -days ${days} -notext -md sha256 -in intermediate/csr/${csrfile} -out intermediate/certs/${crtfile} 66 | if [ $? -eq 0 ]; then 67 | cp intermediate/private/${keyfile} ${keyfile} 68 | cp intermediate/certs/${crtfile} ${crtfile} 69 | else 70 | echo "openssl ca appears to have been unhappy.. much sadness" 71 | exit 1 72 | fi 73 | -------------------------------------------------------------------------------- /test/CA/ocspfetch.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | cert=$1 4 | chain=chain.pem 5 | out=${1}-ocsp.der 6 | 7 | serial=`openssl x509 -noout -serial -in ${cert} | sed 's/serial=//'` 8 | ocsp_uri=`openssl x509 -noout -ocsp_uri -in ${cert}` 9 | ocsp_host=`echo ${ocsp_uri} | sed '-e s#http://##' -e 's#[:/].*##'` 10 | openssl ocsp -out /dev/null -no_nonce -issuer ${chain} -VAfile ${chain} -header Host ${ocsp_host} -url ${ocsp_uri} -serial 0x${serial} -respout ${out}.new >/dev/null 2>&1 11 | openssl ocsp -out /dev/null -no_nonce -VAfile ${chain} -issuer ${chain} -serial 0x${serial} -respin ${out}.new >/dev/null 2>&1 12 | if [ $? == 0 ]; then 13 | if [ -r "${out}" ]; then 14 | mv ${out} ${out}.old 15 | fi 16 | mv ${out}.new ${out} 17 | fi 18 | -------------------------------------------------------------------------------- /test/CA/ocspserver.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Vanna Vanna make me an OCSP server 4 | # DO NOT USE THIS FACING THE INTERNET. 5 | # GOD KILLS A BAG OF KITTENS EVERY TIME SOMEONE EXPOSES THE OPENSSL COMMAND AS ATTACK SURFACE! 6 | # PLEASE THINK OF THE KITTENS 7 | 8 | openssl ocsp -port 127.0.0.1:2560 -text -sha256 -index intermediate/index.txt -CA chain.pem -rkey intermediate/private/ocsp-localhost.key.pem -rsigner intermediate/certs/ocsp-localhost.pem 9 | 10 | -------------------------------------------------------------------------------- /test/CA/openssl-intermediate.cnf: -------------------------------------------------------------------------------- 1 | # OpenSSL root CA configuration file. 2 | # Copy to `/root/ca/openssl.cnf`. 3 | 4 | [ ca ] 5 | # `man ca` 6 | default_ca = CA_default 7 | 8 | [ CA_default ] 9 | # Directory and file locations. 10 | dir = intermediate 11 | certs = $dir/certs 12 | crl_dir = $dir/crl 13 | new_certs_dir = $dir/newcerts 14 | database = $dir/index.txt 15 | serial = $dir/serial 16 | RANDFILE = $dir/private/.rand 17 | 18 | # The root key and root certificate. 19 | private_key = $dir/private/intermediate.key.pem 20 | certificate = $dir/certs/intermediate.cert.pem 21 | 22 | # For certificate revocation lists. 23 | crlnumber = $dir/crlnumber 24 | crl = $dir/crl/intermediate.crl.pem 25 | crl_extensions = crl_ext 26 | default_crl_days = 30 27 | 28 | # SHA-1 is deprecated, so use SHA-2 instead. 29 | default_md = sha256 30 | 31 | name_opt = ca_default 32 | cert_opt = ca_default 33 | default_days = 375 34 | preserve = no 35 | policy = policy_loose 36 | 37 | [ policy_strict ] 38 | # The root CA should only sign intermediate certificates that match. 39 | # See the POLICY FORMAT section of `man ca`. 40 | countryName = match 41 | stateOrProvinceName = match 42 | organizationName = match 43 | organizationalUnitName = optional 44 | commonName = supplied 45 | emailAddress = optional 46 | 47 | [ policy_loose ] 48 | # Allow the intermediate CA to sign a more diverse range of certificates. 49 | # See the POLICY FORMAT section of the `ca` man page. 50 | countryName = optional 51 | stateOrProvinceName = optional 52 | localityName = optional 53 | organizationName = optional 54 | organizationalUnitName = optional 55 | commonName = supplied 56 | emailAddress = optional 57 | 58 | [ req ] 59 | # Options for the `req` tool (`man req`). 60 | default_bits = 2048 61 | distinguished_name = req_distinguished_name 62 | string_mask = utf8only 63 | 64 | # SHA-1 is deprecated, so use SHA-2 instead. 65 | default_md = sha256 66 | 67 | # Extension to add when the -x509 option is used. 68 | x509_extensions = v3_ca 69 | 70 | [ req_distinguished_name ] 71 | # See . 72 | countryName = Country Name (2 letter code) 73 | stateOrProvinceName = State or Province Name 74 | localityName = Locality Name 75 | 0.organizationName = Organization Name 76 | organizationalUnitName = Organizational Unit Name 77 | commonName = Common Name 78 | emailAddress = Email Address 79 | 80 | # Optionally, specify some defaults. 81 | countryName_default = 82 | stateOrProvinceName_default = 83 | localityName_default = 84 | 0.organizationName_default = 85 | organizationalUnitName_default = 86 | commonName = 87 | emailAddress_default = 88 | 89 | [ v3_ca ] 90 | # Extensions for a typical CA (`man x509v3_config`). 91 | subjectKeyIdentifier = hash 92 | authorityKeyIdentifier = keyid:always,issuer 93 | basicConstraints = critical, CA:true 94 | keyUsage = critical, digitalSignature, cRLSign, keyCertSign 95 | 96 | [ v3_intermediate_ca ] 97 | # Extensions for a typical intermediate CA (`man x509v3_config`). 98 | subjectKeyIdentifier = hash 99 | authorityKeyIdentifier = keyid:always,issuer 100 | basicConstraints = critical, CA:true, pathlen:0 101 | keyUsage = critical, digitalSignature, cRLSign, keyCertSign 102 | 103 | [ usr_cert ] 104 | # Extensions for client certificates (`man x509v3_config`). 105 | basicConstraints = CA:FALSE 106 | nsCertType = client, email 107 | nsComment = "OpenSSL Generated Client Certificate" 108 | subjectKeyIdentifier = hash 109 | authorityKeyIdentifier = keyid,issuer 110 | keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment 111 | authorityInfoAccess = OCSP;URI:http://localhost:2560 112 | extendedKeyUsage = clientAuth, emailProtection 113 | 114 | [ server_cert ] 115 | # Extensions for server certificates (`man x509v3_config`). 116 | basicConstraints = CA:FALSE 117 | nsCertType = server 118 | nsComment = "OpenSSL Generated Server Certificate" 119 | subjectKeyIdentifier = hash 120 | authorityKeyIdentifier = keyid,issuer:always 121 | keyUsage = critical, digitalSignature, keyEncipherment 122 | authorityInfoAccess = OCSP;URI:http://localhost:2560 123 | extendedKeyUsage = serverAuth 124 | 125 | [ crl_ext ] 126 | # Extension for CRLs (`man x509v3_config`). 127 | authorityKeyIdentifier=keyid:always 128 | 129 | [ ocsp ] 130 | # Extension for OCSP signing certificates (`man ocsp`). 131 | basicConstraints = CA:FALSE 132 | subjectKeyIdentifier = hash 133 | authorityKeyIdentifier = keyid,issuer 134 | keyUsage = critical, digitalSignature 135 | extendedKeyUsage = critical, OCSPSigning 136 | -------------------------------------------------------------------------------- /test/CA/openssl-root.cnf: -------------------------------------------------------------------------------- 1 | # OpenSSL root CA configuration file. 2 | # Copy to `/root/ca/openssl.cnf`. 3 | 4 | [ ca ] 5 | # `man ca` 6 | default_ca = CA_default 7 | 8 | [ CA_default ] 9 | # Directory and file locations. 10 | dir = root 11 | certs = $dir/certs 12 | crl_dir = $dir/crl 13 | new_certs_dir = $dir/newcerts 14 | database = $dir/index.txt 15 | serial = $dir/serial 16 | RANDFILE = $dir/private/.rand 17 | 18 | # The root key and root certificate. 19 | private_key = $dir/private/ca.key.pem 20 | certificate = $dir/certs/ca.cert.pem 21 | 22 | # For certificate revocation lists. 23 | crlnumber = $dir/crlnumber 24 | crl = $dir/crl/ca.crl.pem 25 | crl_extensions = crl_ext 26 | default_crl_days = 30 27 | 28 | # SHA-1 is deprecated, so use SHA-2 instead. 29 | default_md = sha256 30 | 31 | name_opt = ca_default 32 | cert_opt = ca_default 33 | default_days = 375 34 | preserve = no 35 | policy = policy_strict 36 | 37 | [ policy_strict ] 38 | # The root CA should only sign intermediate certificates that match. 39 | # See the POLICY FORMAT section of `man ca`. 40 | countryName = match 41 | stateOrProvinceName = match 42 | organizationName = match 43 | organizationalUnitName = optional 44 | commonName = supplied 45 | emailAddress = optional 46 | 47 | [ policy_loose ] 48 | # Allow the intermediate CA to sign a more diverse range of certificates. 49 | # See the POLICY FORMAT section of the `ca` man page. 50 | countryName = optional 51 | stateOrProvinceName = optional 52 | localityName = optional 53 | organizationName = optional 54 | organizationalUnitName = optional 55 | commonName = supplied 56 | emailAddress = optional 57 | 58 | [ req ] 59 | # Options for the `req` tool (`man req`). 60 | default_bits = 2048 61 | distinguished_name = req_distinguished_name 62 | string_mask = utf8only 63 | 64 | # SHA-1 is deprecated, so use SHA-2 instead. 65 | default_md = sha256 66 | 67 | # Extension to add when the -x509 option is used. 68 | x509_extensions = v3_ca 69 | 70 | [ req_distinguished_name ] 71 | # See . 72 | countryName = Country Name (2 letter code) 73 | stateOrProvinceName = State or Province Name 74 | localityName = Locality Name 75 | 0.organizationName = Organization Name 76 | organizationalUnitName = Organizational Unit Name 77 | commonName = Common Name 78 | emailAddress = Email Address 79 | 80 | # Optionally, specify some defaults. 81 | countryName_default = 82 | stateOrProvinceName_default = 83 | localityName_default = 84 | 0.organizationName_default = 85 | organizationalUnitName_default = 86 | commonName = 87 | emailAddress_default = 88 | 89 | [ v3_ca ] 90 | # Extensions for a typical CA (`man x509v3_config`). 91 | subjectKeyIdentifier = hash 92 | authorityKeyIdentifier = keyid:always,issuer 93 | basicConstraints = critical, CA:true 94 | keyUsage = critical, digitalSignature, cRLSign, keyCertSign 95 | 96 | [ v3_intermediate_ca ] 97 | # Extensions for a typical intermediate CA (`man x509v3_config`). 98 | subjectKeyIdentifier = hash 99 | authorityKeyIdentifier = keyid:always,issuer 100 | basicConstraints = critical, CA:true, pathlen:0 101 | keyUsage = critical, digitalSignature, cRLSign, keyCertSign 102 | 103 | [ usr_cert ] 104 | # Extensions for client certificates (`man x509v3_config`). 105 | basicConstraints = CA:FALSE 106 | nsCertType = client, email 107 | nsComment = "OpenSSL Generated Client Certificate" 108 | subjectKeyIdentifier = hash 109 | authorityKeyIdentifier = keyid,issuer 110 | keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment 111 | extendedKeyUsage = clientAuth, emailProtection 112 | 113 | [ server_cert ] 114 | # Extensions for server certificates (`man x509v3_config`). 115 | basicConstraints = CA:FALSE 116 | nsCertType = server 117 | nsComment = "OpenSSL Generated Server Certificate" 118 | subjectKeyIdentifier = hash 119 | authorityKeyIdentifier = keyid,issuer:always 120 | keyUsage = critical, digitalSignature, keyEncipherment 121 | extendedKeyUsage = serverAuth 122 | 123 | [ crl_ext ] 124 | # Extension for CRLs (`man x509v3_config`). 125 | authorityKeyIdentifier=keyid:always 126 | 127 | [ ocsp ] 128 | # Extension for OCSP signing certificates (`man ocsp`). 129 | basicConstraints = CA:FALSE 130 | subjectKeyIdentifier = hash 131 | authorityKeyIdentifier = keyid,issuer 132 | keyUsage = critical, digitalSignature 133 | extendedKeyUsage = critical, OCSPSigning 134 | -------------------------------------------------------------------------------- /test/CA/revoked.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFuTCCA6GgAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwbDELMAkGA1UEBhMCQ0Ex 3 | ETAPBgNVBAgMCEVkbW9udG9uMREwDwYDVQQKDAhCb2IgQmVjazEYMBYGA1UECwwP 4 | TGliVExTIFR1dG9yaWFsMR0wGwYDVQQDDBRJbnRlcm1lZGlhdGUgQ0EgQ2VydDAe 5 | Fw0yMjEwMDExNzIxNTVaFw0yMzEwMTExNzIxNTVaMG8xCzAJBgNVBAYTAkNBMREw 6 | DwYDVQQIDAhFZG1vbnRvbjERMA8GA1UECgwIQm9iIEJlY2sxJjAkBgNVBAsMHUxp 7 | YlRMUyBUdXRvcmlhbCBSZXZva2VkIENlcnRzMRIwEAYDVQQDDAlsb2NhbGhvc3Qw 8 | ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiIC3gYsTb/VRJaLBzKT1a 9 | zZ441iog6oWlR423GijMx7DkHV7tJCNDG6RtHebx4qTvg0UB6h7r7wHwVTTujQYk 10 | 9FkQsOF1D+2q89NzaaKqK48ZstfTzQ8dbkbk9xuY340xiKQGAtLzRlo8/6OTOUat 11 | a14rNQSHLq86Md+CX5cZjBPqDSGI+LiBfuX580/g+7R7wOwYyBafT0IQ7KUeTwn7 12 | JhJYGaYtnn71WvJ9EEVwhUKQIW+xS2zkN8LLu74UjGdyJelTsNq2azhhFN4dR8K+ 13 | KW8gj21l61huVcb7bx+LqmvImKKu4BlAx5dDSuC2JknHPOGYmTRSY78aMo919rg/ 14 | AgMBAAGjggFgMIIBXDAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIGQDAzBglg 15 | hkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmljYXRl 16 | MB0GA1UdDgQWBBQxGu65TRXCdJ2PMysS6NF/H7GKcjCBjwYDVR0jBIGHMIGEgBS2 17 | Ji8EAHuTG+4ZiCqPx6aTWljLwqFopGYwZDELMAkGA1UEBhMCQ0ExETAPBgNVBAgM 18 | CEVkbW9udG9uMREwDwYDVQQKDAhCb2IgQmVjazEYMBYGA1UECwwPTGliVExTIFR1 19 | dG9yaWFsMRUwEwYDVQQDDAxSb290IENBIENlcnSCAhAAMA4GA1UdDwEB/wQEAwIF 20 | oDAxBggrBgEFBQcBAQQlMCMwIQYIKwYBBQUHMAGGFWh0dHA6Ly9sb2NhbGhvc3Q6 21 | MjU2MDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEAir4g 22 | YxKvltcMHLfKCeS/D4Rhoy2Y0PofbsNd+f2loHsiuS5Ki6yHU3KTLTuP1rnsU6A0 23 | l3cGwWQH7JkTmCI1Fonl5O7mzWbFVM9l2S932HlmHbdIa0N+2GXQhURR5x7y1QXr 24 | U38aLteJ26iasKM6MxV+6cbpmJllgnMWyGMAKKhJ7S7wRpR4UAkk9VIvfeuWnwNP 25 | Crxpzt9KoqD4bnjPBEg085Hv/05Md/KB4lS38kCK01o8LjLw7GdgfyfWKjTSWwRj 26 | 7Vsqe/9kkibS4Ny6STKc46SVl4X8dBLJ0QAy54fMxP6yeFILFapoTx0RK03xV7DN 27 | HyMosfLVQe+VxsI1SKAULIuI3aCc9u2//v+v+jA3hIQua+f/XRk010l6ExqnPrEe 28 | ZojZIGf8J4xVnwS29F7HlC9mZEuiw4SQcphOVlMtL3WRHOa4fFgb81cTprVeLl5j 29 | b7TD4OY5TMS1SNKwKfyoH5QNLfq7HiO7vYTTV/ssrng3Y98OPxkKL8CITHES/CnN 30 | UwwC2oe/pqSGSjzzDunVaCDBrNEuAtzpMTPeRJvnl6bq93F41XtK7R+708v+45f1 31 | tgbHuyz1YJ1nTUEDovueZNWrAgvBf+mMWv1qVy8nJ+etmGRMNdtZKX3/BI18ampD 32 | of08KqX2PAUMLZUKL2HDY1MDtQryCToFzmhl2uk= 33 | -----END CERTIFICATE----- 34 | -----BEGIN CERTIFICATE----- 35 | MIIFsjCCA5qgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwZDELMAkGA1UEBhMCQ0Ex 36 | ETAPBgNVBAgMCEVkbW9udG9uMREwDwYDVQQKDAhCb2IgQmVjazEYMBYGA1UECwwP 37 | TGliVExTIFR1dG9yaWFsMRUwEwYDVQQDDAxSb290IENBIENlcnQwHhcNMjIxMDAx 38 | MTcyMTU0WhcNMzIwODA5MTcyMTU0WjBsMQswCQYDVQQGEwJDQTERMA8GA1UECAwI 39 | RWRtb250b24xETAPBgNVBAoMCEJvYiBCZWNrMRgwFgYDVQQLDA9MaWJUTFMgVHV0 40 | b3JpYWwxHTAbBgNVBAMMFEludGVybWVkaWF0ZSBDQSBDZXJ0MIICIjANBgkqhkiG 41 | 9w0BAQEFAAOCAg8AMIICCgKCAgEA4BB3kZ368xlDnt2rpPmTbMQF4aE1mWcKx5M1 42 | x05nDvUUOz3OY08iIaXQJd6MGYcV1or9gAy2NPhajuAHWkm/xjLplVEwBs2mk+Ts 43 | 0jOIKY5LhPvhD1J0gvxZ7HQ/h44KpKhNwNCjc2m9NbjnEXPgUzv+liECeqnQDe5K 44 | rYIWh92LywKezCJmDtNcLyXvJcG+TqXKhjEN8WbzLT3WqSdvWIyGIswFBpCPY7/Y 45 | PUyD29hX07DJLCfBx91Iq3QDYr5agpSmdcglAwb/AsZIci/vh9ZsrIwJuT8GrH5Y 46 | EtZdCpqyCEB9upNEQyhNyY2+rnjPw3KcVGf1TwzBrultWs+UBniBxywxMwzIziBo 47 | S0BqhLecZsroRdGcKMrMRakIr03Bjg7rFgQkSPPO7l1iyEs3CckE4AIbS/Bj+pk/ 48 | LfEEluWWGSYYukMKs+9U+MKX0F/NyYVfvnA8Ex4LDbkNKRziLpehiy+wJl3Kku4q 49 | swiisOqLGItGGBBHzML+zw75sbWtgzt06CHTca8P2GbmS5IdVvQKQ18+t03CbHca 50 | tphQbgXTjY88exaqIr1jP2AFMWzKGKB0yUJ+ZskG0RmbFAPFzvqA9hdLQ3J1zQWe 51 | cmL9Ur374cGqkA4LR1mn4WgsskYYyqS1QBC/5BIhlZCDrd2SMNDxa2vYNzgsvPa6 52 | +NydIrkCAwEAAaNmMGQwHQYDVR0OBBYEFLYmLwQAe5Mb7hmIKo/HppNaWMvCMB8G 53 | A1UdIwQYMBaAFPJ992/6GmE6Vx51ATNfI0t4KSyXMBIGA1UdEwEB/wQIMAYBAf8C 54 | AQAwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQAK+FMQNbH1KEmF 55 | tv2Etgqi9weQ8Zv1aNmvipxtnEujXv+Cickvvy1SunB1hH3UVy78O4+aV65TKnqR 56 | vzYryX/mGkSUgqMvo+7g0GzeW+oeNSJPgER8Jysdg69u06HxLEPowjgQHsXeFG3O 57 | 1NB2p4tr7CtrKm8yiXLbcmCUh9QKi/BlBvYxOevAunmrBd907f0hbY+U/xvqYCTw 58 | A7MULSBDDhxNklp+HgEq5XDiQUdh5hqM4w9lyZvJc6vaDd9302qo1eX7O+atMsv7 59 | pkJV/gpQbWIkcrBG/Xsis664T374Czss11ohEcOdLHU9mmayFaL5YeTbuCsLZaW1 60 | lReUbALBNnB5/85eN2JUGwBFukdMyGn0v+u6U/E3D+JnYPt6fP0dItTvAXo2qhYL 61 | 9I3B1lbwp1Jng/v1CYQ1nBh4LAhqY1la+WauO7Fj0cAeLRIgVLCyispWJOB1J0lG 62 | FJpjCH0x/bdclCuZcOz7qN3Berw+FPe3ZUhSIWGpY1um9wGif3tHZnl2sGNi+hYB 63 | Pv6CZP8x9HehzQqJYj3IytCW+lgYcI8UzFm8SS19gRq85QQtSFrW1e8oJ7mYbiLu 64 | 3tAictLVOUtALySQxRNWYyN91T63xybkqwSTyDdIIc0uH1GM7uJjRzUSJhcjX0o2 65 | X59Eo5OCgmc6uW+uaCDnZ0N3b0O2Dg== 66 | -----END CERTIFICATE----- 67 | -----BEGIN CERTIFICATE----- 68 | MIIFuTCCA6GgAwIBAgIUWpN0nBX6qMZ38jMp79eX4QfjKv0wDQYJKoZIhvcNAQEL 69 | BQAwZDELMAkGA1UEBhMCQ0ExETAPBgNVBAgMCEVkbW9udG9uMREwDwYDVQQKDAhC 70 | b2IgQmVjazEYMBYGA1UECwwPTGliVExTIFR1dG9yaWFsMRUwEwYDVQQDDAxSb290 71 | IENBIENlcnQwHhcNMjIxMDAxMTcyMTUxWhcNNDIwOTI2MTcyMTUxWjBkMQswCQYD 72 | VQQGEwJDQTERMA8GA1UECAwIRWRtb250b24xETAPBgNVBAoMCEJvYiBCZWNrMRgw 73 | FgYDVQQLDA9MaWJUTFMgVHV0b3JpYWwxFTATBgNVBAMMDFJvb3QgQ0EgQ2VydDCC 74 | AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANfG43HX9NadgkmE1l7ZGDTO 75 | 8Fk3BNrCJiG0mnpOHQA1dg+s9tIK5ujfimcNdJUMv8Pz0p/Cx1V+NxGYliGZy58H 76 | olVML8pV/EBcG/7KamGw8+sPmHD80sLXHZU8oIZDaq0oZFQybyCmZJVCxVkcCJ8O 77 | NrxkG4uL6JBj9LxHln0atb4Tksuy3mojPtL0ljzLqw7kHcb4YMz6aBpplU4Vb8U1 78 | Q+yKkGvLGkHQcSAyz6Gl4LbK8n/eJzcrzzxjgE5weNFJwWS2v6i2k4LiXnf1de3U 79 | J70M0gqa+H7lABH4jLs7N1wjEHPgtfvfNLC2yINaV4bLdjlg+PN3PYzmd3khNtfO 80 | f7LVXg4NAvTxcVrBZL0WHO72pIAflA6w3FqPAerhkQA6xoGVr7qd7a2A1TQd7l1K 81 | J8r9eD0eYF9hc/cIb3Uf0h/xFAYAz+trTLKIpZxc14d7n0EOX1/6ltwud+dYsMvZ 82 | XDOWwovmnOEJa6NPJiJpQZboky0Ra3HCbkTNKtfxM4ZsMC+1w8F0t6HDpcvshugl 83 | 6FaRADW+J1feAFRQGqGfNGQUUvWYhw4BYnNnuqYtDsT1PlSWt+jQdC76k1l9qMrI 84 | u/dqgs5tO9hzg5naZC/qTw0zTaeRShsiwj1sVsYuoNQLj7vbguliQxTGmvq/kA1C 85 | pHuvwemoNuF1p43XihS/AgMBAAGjYzBhMB0GA1UdDgQWBBTyffdv+hphOlcedQEz 86 | XyNLeCkslzAfBgNVHSMEGDAWgBTyffdv+hphOlcedQEzXyNLeCkslzAPBgNVHRMB 87 | Af8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAYGxG 88 | G5CkEflZvV3jsgMKWfEZnNLzDoZMP0881AXFVdyIcoscxr5lvdwjfcjfBzDV7qE8 89 | dJxdi3ws/XMyiol/pBjtPFpspgpIhtU7HWn7G8MKCtUoCXfAXhdIY6GIpR+oDZaT 90 | XxyMpPQMQ0vZPRBGbRDNpNuchxqJHGXTyJS23HqHNISKr25SLz1/H0d32G9PCee+ 91 | +ZGgQd67I9FIvIaO692z1NjiR3VayKQrXVoc7HM2Ul+wSn6m0VynGpmB2mW/R8RF 92 | 6WAZIDwitANpT+xvQkMRALcLqiFc7HJFeTvnwA8BKFQXnyxdiNrywimp/GNYb/hs 93 | 2DH4GITlUKuyB+dbYQosXQL9HgMZvgVEPSPFDITvs0XJm6ts3b7m9X4ojoyMrmkI 94 | bJ+4Ievt/xC+yDcvGzifhWN8SnF/2foAYsiLujO8QkA1C5As1+MHRnPe1IpZY+pg 95 | XbrGOsRoEaIxUZywphKWOwb6NUZtIgKxxD7pVjmSrBL4lxxvedoT4IYaAQ3ZXUVc 96 | 2G501SJ0MzyHVA8BJThnpsiEewCEFTrTw2v5IpUDZMs3eOqoNVhrDL27jxsUucss 97 | PbNbBypacy1y2DU8iPapRjif1XmkuXlQHAifYn9ydBx+l9/TzETfK4cn364XFfUy 98 | lybaJU00GZld0TwE80YLBduigVNZ6pftRKV+aU0= 99 | -----END CERTIFICATE----- 100 | -------------------------------------------------------------------------------- /test/CA/revoked.key: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCiIC3gYsTb/VRJ 3 | aLBzKT1azZ441iog6oWlR423GijMx7DkHV7tJCNDG6RtHebx4qTvg0UB6h7r7wHw 4 | VTTujQYk9FkQsOF1D+2q89NzaaKqK48ZstfTzQ8dbkbk9xuY340xiKQGAtLzRlo8 5 | /6OTOUata14rNQSHLq86Md+CX5cZjBPqDSGI+LiBfuX580/g+7R7wOwYyBafT0IQ 6 | 7KUeTwn7JhJYGaYtnn71WvJ9EEVwhUKQIW+xS2zkN8LLu74UjGdyJelTsNq2azhh 7 | FN4dR8K+KW8gj21l61huVcb7bx+LqmvImKKu4BlAx5dDSuC2JknHPOGYmTRSY78a 8 | Mo919rg/AgMBAAECggEAALtulF6wb5ekKAWDJ+/yP9KesaW0yVOFznocWxKjpJpE 9 | vAS8e5c0jVfnmI2uooPY2w3wFtL16uWu/Cht6fcvi88II22YMT2CAtNNGaGsv7qI 10 | FbU5vrGzpiLr7/xDFGgq18IrRHpfcP/YzvN1P/GAkJvH/jcfZ/d/WdkOSJTXmpvs 11 | lbg1/KH3II86XSKfFNb0Cl5QEtA8iPN/bv69+brUt8UUzgIzj0W6eHn1Ygwn4K+u 12 | fIeea7RXoGJXGxP1NJcPojvDy8Qq0fE4wTp6EdPnKUewL81KczjqXWFOrhXcrnpU 13 | efwRRfhiDnl6f0aIK347AGpmXeWrYp+b9prGXZ+5sQKBgQDVXNSmYJAvY8P8erY5 14 | aVvZyuntxq/AGgK94a+o1i4yeXBeKa/J3CNYtdmLJtwHnhZtR3apau35UWkG0eWX 15 | OcmI5/ZbBHOwL3t3+woVa1yCa2n2J+PAcApCa7MXcLFafYeFcG9cGJC3O6J8qchD 16 | iEmo8lfVzpFK83tk1WD6r0d1OwKBgQDChi3B/CG4qQN2iOxhIdopoM63ZNs4poxh 17 | UQ5Zgrh4J5ysUZ7TBdqEvvYXiLVcI2Xke1eLUZgwCyVbqlBzEHEl86qTlyRYatgH 18 | wTLNZrS0Zr2zWYcI1SZzvNc5VIzDKDeOmZ4DLl7VuBvNa8yBkqN1TqpmhvjeVCvI 19 | 3PMm6PwIzQKBgHg+FsGlDd0HNn5lkaiNTexRxL/yBz4V6pGkTOCzw9lCQyduCtmS 20 | LIFkCrO3NK0+VJlFewRDdNXbIXtscx1kvcVgJKBqw9/5AnY9jhNALCR78H1/QYVE 21 | HyQLmiSNqAW9VNDI6plWZsg83XewH2KfvhNucD3Yal15FoNfFYZxna3dAoGBAL0U 22 | ne+8O676IlKa32G+/QePtr+O+oQDZ9rEZjVdmh+5KVJaeA5Y10JHOIBBsz/fbJB9 23 | z+etJUg13VdPoqll5wXj5v9VX8/N8zT+d3ouhiIA6A4oTNiqD5lair3AUJ72PaKP 24 | 8YbYEPie3+96BCxCtD43e+zy7390w6aYFoXQ3ANVAoGBANJegjbyAJTQsr9aq/8I 25 | d7Cn4Kxj/B47jgpd/plwfzFFtLZsLkGeINpDINQg5iKMwX1LW4yShN6ZHOL1t+BX 26 | MrFfTZL7OHbvg1S0WqpkJ4+7a0y4uHHiROWscnoeMAH9ZbatIQYjh6vzHQayvE0b 27 | 9AL6jF+aqkY7gbWiNjHFYnPN 28 | -----END PRIVATE KEY----- 29 | -------------------------------------------------------------------------------- /test/CA/root.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFuTCCA6GgAwIBAgIUWpN0nBX6qMZ38jMp79eX4QfjKv0wDQYJKoZIhvcNAQEL 3 | BQAwZDELMAkGA1UEBhMCQ0ExETAPBgNVBAgMCEVkbW9udG9uMREwDwYDVQQKDAhC 4 | b2IgQmVjazEYMBYGA1UECwwPTGliVExTIFR1dG9yaWFsMRUwEwYDVQQDDAxSb290 5 | IENBIENlcnQwHhcNMjIxMDAxMTcyMTUxWhcNNDIwOTI2MTcyMTUxWjBkMQswCQYD 6 | VQQGEwJDQTERMA8GA1UECAwIRWRtb250b24xETAPBgNVBAoMCEJvYiBCZWNrMRgw 7 | FgYDVQQLDA9MaWJUTFMgVHV0b3JpYWwxFTATBgNVBAMMDFJvb3QgQ0EgQ2VydDCC 8 | AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANfG43HX9NadgkmE1l7ZGDTO 9 | 8Fk3BNrCJiG0mnpOHQA1dg+s9tIK5ujfimcNdJUMv8Pz0p/Cx1V+NxGYliGZy58H 10 | olVML8pV/EBcG/7KamGw8+sPmHD80sLXHZU8oIZDaq0oZFQybyCmZJVCxVkcCJ8O 11 | NrxkG4uL6JBj9LxHln0atb4Tksuy3mojPtL0ljzLqw7kHcb4YMz6aBpplU4Vb8U1 12 | Q+yKkGvLGkHQcSAyz6Gl4LbK8n/eJzcrzzxjgE5weNFJwWS2v6i2k4LiXnf1de3U 13 | J70M0gqa+H7lABH4jLs7N1wjEHPgtfvfNLC2yINaV4bLdjlg+PN3PYzmd3khNtfO 14 | f7LVXg4NAvTxcVrBZL0WHO72pIAflA6w3FqPAerhkQA6xoGVr7qd7a2A1TQd7l1K 15 | J8r9eD0eYF9hc/cIb3Uf0h/xFAYAz+trTLKIpZxc14d7n0EOX1/6ltwud+dYsMvZ 16 | XDOWwovmnOEJa6NPJiJpQZboky0Ra3HCbkTNKtfxM4ZsMC+1w8F0t6HDpcvshugl 17 | 6FaRADW+J1feAFRQGqGfNGQUUvWYhw4BYnNnuqYtDsT1PlSWt+jQdC76k1l9qMrI 18 | u/dqgs5tO9hzg5naZC/qTw0zTaeRShsiwj1sVsYuoNQLj7vbguliQxTGmvq/kA1C 19 | pHuvwemoNuF1p43XihS/AgMBAAGjYzBhMB0GA1UdDgQWBBTyffdv+hphOlcedQEz 20 | XyNLeCkslzAfBgNVHSMEGDAWgBTyffdv+hphOlcedQEzXyNLeCkslzAPBgNVHRMB 21 | Af8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAYGxG 22 | G5CkEflZvV3jsgMKWfEZnNLzDoZMP0881AXFVdyIcoscxr5lvdwjfcjfBzDV7qE8 23 | dJxdi3ws/XMyiol/pBjtPFpspgpIhtU7HWn7G8MKCtUoCXfAXhdIY6GIpR+oDZaT 24 | XxyMpPQMQ0vZPRBGbRDNpNuchxqJHGXTyJS23HqHNISKr25SLz1/H0d32G9PCee+ 25 | +ZGgQd67I9FIvIaO692z1NjiR3VayKQrXVoc7HM2Ul+wSn6m0VynGpmB2mW/R8RF 26 | 6WAZIDwitANpT+xvQkMRALcLqiFc7HJFeTvnwA8BKFQXnyxdiNrywimp/GNYb/hs 27 | 2DH4GITlUKuyB+dbYQosXQL9HgMZvgVEPSPFDITvs0XJm6ts3b7m9X4ojoyMrmkI 28 | bJ+4Ievt/xC+yDcvGzifhWN8SnF/2foAYsiLujO8QkA1C5As1+MHRnPe1IpZY+pg 29 | XbrGOsRoEaIxUZywphKWOwb6NUZtIgKxxD7pVjmSrBL4lxxvedoT4IYaAQ3ZXUVc 30 | 2G501SJ0MzyHVA8BJThnpsiEewCEFTrTw2v5IpUDZMs3eOqoNVhrDL27jxsUucss 31 | PbNbBypacy1y2DU8iPapRjif1XmkuXlQHAifYn9ydBx+l9/TzETfK4cn364XFfUy 32 | lybaJU00GZld0TwE80YLBduigVNZ6pftRKV+aU0= 33 | -----END CERTIFICATE----- 34 | -------------------------------------------------------------------------------- /test/CA/root/certs/ca.cert.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFuTCCA6GgAwIBAgIUWpN0nBX6qMZ38jMp79eX4QfjKv0wDQYJKoZIhvcNAQEL 3 | BQAwZDELMAkGA1UEBhMCQ0ExETAPBgNVBAgMCEVkbW9udG9uMREwDwYDVQQKDAhC 4 | b2IgQmVjazEYMBYGA1UECwwPTGliVExTIFR1dG9yaWFsMRUwEwYDVQQDDAxSb290 5 | IENBIENlcnQwHhcNMjIxMDAxMTcyMTUxWhcNNDIwOTI2MTcyMTUxWjBkMQswCQYD 6 | VQQGEwJDQTERMA8GA1UECAwIRWRtb250b24xETAPBgNVBAoMCEJvYiBCZWNrMRgw 7 | FgYDVQQLDA9MaWJUTFMgVHV0b3JpYWwxFTATBgNVBAMMDFJvb3QgQ0EgQ2VydDCC 8 | AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANfG43HX9NadgkmE1l7ZGDTO 9 | 8Fk3BNrCJiG0mnpOHQA1dg+s9tIK5ujfimcNdJUMv8Pz0p/Cx1V+NxGYliGZy58H 10 | olVML8pV/EBcG/7KamGw8+sPmHD80sLXHZU8oIZDaq0oZFQybyCmZJVCxVkcCJ8O 11 | NrxkG4uL6JBj9LxHln0atb4Tksuy3mojPtL0ljzLqw7kHcb4YMz6aBpplU4Vb8U1 12 | Q+yKkGvLGkHQcSAyz6Gl4LbK8n/eJzcrzzxjgE5weNFJwWS2v6i2k4LiXnf1de3U 13 | J70M0gqa+H7lABH4jLs7N1wjEHPgtfvfNLC2yINaV4bLdjlg+PN3PYzmd3khNtfO 14 | f7LVXg4NAvTxcVrBZL0WHO72pIAflA6w3FqPAerhkQA6xoGVr7qd7a2A1TQd7l1K 15 | J8r9eD0eYF9hc/cIb3Uf0h/xFAYAz+trTLKIpZxc14d7n0EOX1/6ltwud+dYsMvZ 16 | XDOWwovmnOEJa6NPJiJpQZboky0Ra3HCbkTNKtfxM4ZsMC+1w8F0t6HDpcvshugl 17 | 6FaRADW+J1feAFRQGqGfNGQUUvWYhw4BYnNnuqYtDsT1PlSWt+jQdC76k1l9qMrI 18 | u/dqgs5tO9hzg5naZC/qTw0zTaeRShsiwj1sVsYuoNQLj7vbguliQxTGmvq/kA1C 19 | pHuvwemoNuF1p43XihS/AgMBAAGjYzBhMB0GA1UdDgQWBBTyffdv+hphOlcedQEz 20 | XyNLeCkslzAfBgNVHSMEGDAWgBTyffdv+hphOlcedQEzXyNLeCkslzAPBgNVHRMB 21 | Af8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAYGxG 22 | G5CkEflZvV3jsgMKWfEZnNLzDoZMP0881AXFVdyIcoscxr5lvdwjfcjfBzDV7qE8 23 | dJxdi3ws/XMyiol/pBjtPFpspgpIhtU7HWn7G8MKCtUoCXfAXhdIY6GIpR+oDZaT 24 | XxyMpPQMQ0vZPRBGbRDNpNuchxqJHGXTyJS23HqHNISKr25SLz1/H0d32G9PCee+ 25 | +ZGgQd67I9FIvIaO692z1NjiR3VayKQrXVoc7HM2Ul+wSn6m0VynGpmB2mW/R8RF 26 | 6WAZIDwitANpT+xvQkMRALcLqiFc7HJFeTvnwA8BKFQXnyxdiNrywimp/GNYb/hs 27 | 2DH4GITlUKuyB+dbYQosXQL9HgMZvgVEPSPFDITvs0XJm6ts3b7m9X4ojoyMrmkI 28 | bJ+4Ievt/xC+yDcvGzifhWN8SnF/2foAYsiLujO8QkA1C5As1+MHRnPe1IpZY+pg 29 | XbrGOsRoEaIxUZywphKWOwb6NUZtIgKxxD7pVjmSrBL4lxxvedoT4IYaAQ3ZXUVc 30 | 2G501SJ0MzyHVA8BJThnpsiEewCEFTrTw2v5IpUDZMs3eOqoNVhrDL27jxsUucss 31 | PbNbBypacy1y2DU8iPapRjif1XmkuXlQHAifYn9ydBx+l9/TzETfK4cn364XFfUy 32 | lybaJU00GZld0TwE80YLBduigVNZ6pftRKV+aU0= 33 | -----END CERTIFICATE----- 34 | -------------------------------------------------------------------------------- /test/CA/root/index.txt: -------------------------------------------------------------------------------- 1 | V 320809172154Z 1000 unknown /C=CA/ST=Edmonton/O=Bob Beck/OU=LibTLS Tutorial/CN=Intermediate CA Cert 2 | -------------------------------------------------------------------------------- /test/CA/root/index.txt.attr: -------------------------------------------------------------------------------- 1 | unique_subject = yes 2 | -------------------------------------------------------------------------------- /test/CA/root/index.txt.old: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/haze/zig-libressl/6ff30e2f4a916bd5020405f36d25803ed96db06c/test/CA/root/index.txt.old -------------------------------------------------------------------------------- /test/CA/root/newcerts/1000.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFsjCCA5qgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwZDELMAkGA1UEBhMCQ0Ex 3 | ETAPBgNVBAgMCEVkbW9udG9uMREwDwYDVQQKDAhCb2IgQmVjazEYMBYGA1UECwwP 4 | TGliVExTIFR1dG9yaWFsMRUwEwYDVQQDDAxSb290IENBIENlcnQwHhcNMjIxMDAx 5 | MTcyMTU0WhcNMzIwODA5MTcyMTU0WjBsMQswCQYDVQQGEwJDQTERMA8GA1UECAwI 6 | RWRtb250b24xETAPBgNVBAoMCEJvYiBCZWNrMRgwFgYDVQQLDA9MaWJUTFMgVHV0 7 | b3JpYWwxHTAbBgNVBAMMFEludGVybWVkaWF0ZSBDQSBDZXJ0MIICIjANBgkqhkiG 8 | 9w0BAQEFAAOCAg8AMIICCgKCAgEA4BB3kZ368xlDnt2rpPmTbMQF4aE1mWcKx5M1 9 | x05nDvUUOz3OY08iIaXQJd6MGYcV1or9gAy2NPhajuAHWkm/xjLplVEwBs2mk+Ts 10 | 0jOIKY5LhPvhD1J0gvxZ7HQ/h44KpKhNwNCjc2m9NbjnEXPgUzv+liECeqnQDe5K 11 | rYIWh92LywKezCJmDtNcLyXvJcG+TqXKhjEN8WbzLT3WqSdvWIyGIswFBpCPY7/Y 12 | PUyD29hX07DJLCfBx91Iq3QDYr5agpSmdcglAwb/AsZIci/vh9ZsrIwJuT8GrH5Y 13 | EtZdCpqyCEB9upNEQyhNyY2+rnjPw3KcVGf1TwzBrultWs+UBniBxywxMwzIziBo 14 | S0BqhLecZsroRdGcKMrMRakIr03Bjg7rFgQkSPPO7l1iyEs3CckE4AIbS/Bj+pk/ 15 | LfEEluWWGSYYukMKs+9U+MKX0F/NyYVfvnA8Ex4LDbkNKRziLpehiy+wJl3Kku4q 16 | swiisOqLGItGGBBHzML+zw75sbWtgzt06CHTca8P2GbmS5IdVvQKQ18+t03CbHca 17 | tphQbgXTjY88exaqIr1jP2AFMWzKGKB0yUJ+ZskG0RmbFAPFzvqA9hdLQ3J1zQWe 18 | cmL9Ur374cGqkA4LR1mn4WgsskYYyqS1QBC/5BIhlZCDrd2SMNDxa2vYNzgsvPa6 19 | +NydIrkCAwEAAaNmMGQwHQYDVR0OBBYEFLYmLwQAe5Mb7hmIKo/HppNaWMvCMB8G 20 | A1UdIwQYMBaAFPJ992/6GmE6Vx51ATNfI0t4KSyXMBIGA1UdEwEB/wQIMAYBAf8C 21 | AQAwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQAK+FMQNbH1KEmF 22 | tv2Etgqi9weQ8Zv1aNmvipxtnEujXv+Cickvvy1SunB1hH3UVy78O4+aV65TKnqR 23 | vzYryX/mGkSUgqMvo+7g0GzeW+oeNSJPgER8Jysdg69u06HxLEPowjgQHsXeFG3O 24 | 1NB2p4tr7CtrKm8yiXLbcmCUh9QKi/BlBvYxOevAunmrBd907f0hbY+U/xvqYCTw 25 | A7MULSBDDhxNklp+HgEq5XDiQUdh5hqM4w9lyZvJc6vaDd9302qo1eX7O+atMsv7 26 | pkJV/gpQbWIkcrBG/Xsis664T374Czss11ohEcOdLHU9mmayFaL5YeTbuCsLZaW1 27 | lReUbALBNnB5/85eN2JUGwBFukdMyGn0v+u6U/E3D+JnYPt6fP0dItTvAXo2qhYL 28 | 9I3B1lbwp1Jng/v1CYQ1nBh4LAhqY1la+WauO7Fj0cAeLRIgVLCyispWJOB1J0lG 29 | FJpjCH0x/bdclCuZcOz7qN3Berw+FPe3ZUhSIWGpY1um9wGif3tHZnl2sGNi+hYB 30 | Pv6CZP8x9HehzQqJYj3IytCW+lgYcI8UzFm8SS19gRq85QQtSFrW1e8oJ7mYbiLu 31 | 3tAictLVOUtALySQxRNWYyN91T63xybkqwSTyDdIIc0uH1GM7uJjRzUSJhcjX0o2 32 | X59Eo5OCgmc6uW+uaCDnZ0N3b0O2Dg== 33 | -----END CERTIFICATE----- 34 | -------------------------------------------------------------------------------- /test/CA/root/openssl.cnf: -------------------------------------------------------------------------------- 1 | # OpenSSL root CA configuration file. 2 | # Copy to `/root/ca/openssl.cnf`. 3 | 4 | [ ca ] 5 | # `man ca` 6 | default_ca = CA_default 7 | 8 | [ CA_default ] 9 | # Directory and file locations. 10 | dir = root 11 | certs = $dir/certs 12 | crl_dir = $dir/crl 13 | new_certs_dir = $dir/newcerts 14 | database = $dir/index.txt 15 | serial = $dir/serial 16 | RANDFILE = $dir/private/.rand 17 | 18 | # The root key and root certificate. 19 | private_key = $dir/private/ca.key.pem 20 | certificate = $dir/certs/ca.cert.pem 21 | 22 | # For certificate revocation lists. 23 | crlnumber = $dir/crlnumber 24 | crl = $dir/crl/ca.crl.pem 25 | crl_extensions = crl_ext 26 | default_crl_days = 30 27 | 28 | # SHA-1 is deprecated, so use SHA-2 instead. 29 | default_md = sha256 30 | 31 | name_opt = ca_default 32 | cert_opt = ca_default 33 | default_days = 375 34 | preserve = no 35 | policy = policy_strict 36 | 37 | [ policy_strict ] 38 | # The root CA should only sign intermediate certificates that match. 39 | # See the POLICY FORMAT section of `man ca`. 40 | countryName = match 41 | stateOrProvinceName = match 42 | organizationName = match 43 | organizationalUnitName = optional 44 | commonName = supplied 45 | emailAddress = optional 46 | 47 | [ policy_loose ] 48 | # Allow the intermediate CA to sign a more diverse range of certificates. 49 | # See the POLICY FORMAT section of the `ca` man page. 50 | countryName = optional 51 | stateOrProvinceName = optional 52 | localityName = optional 53 | organizationName = optional 54 | organizationalUnitName = optional 55 | commonName = supplied 56 | emailAddress = optional 57 | 58 | [ req ] 59 | # Options for the `req` tool (`man req`). 60 | default_bits = 2048 61 | distinguished_name = req_distinguished_name 62 | string_mask = utf8only 63 | 64 | # SHA-1 is deprecated, so use SHA-2 instead. 65 | default_md = sha256 66 | 67 | # Extension to add when the -x509 option is used. 68 | x509_extensions = v3_ca 69 | 70 | [ req_distinguished_name ] 71 | # See . 72 | countryName = Country Name (2 letter code) 73 | stateOrProvinceName = State or Province Name 74 | localityName = Locality Name 75 | 0.organizationName = Organization Name 76 | organizationalUnitName = Organizational Unit Name 77 | commonName = Common Name 78 | emailAddress = Email Address 79 | 80 | # Optionally, specify some defaults. 81 | countryName_default = 82 | stateOrProvinceName_default = 83 | localityName_default = 84 | 0.organizationName_default = 85 | organizationalUnitName_default = 86 | commonName = 87 | emailAddress_default = 88 | 89 | [ v3_ca ] 90 | # Extensions for a typical CA (`man x509v3_config`). 91 | subjectKeyIdentifier = hash 92 | authorityKeyIdentifier = keyid:always,issuer 93 | basicConstraints = critical, CA:true 94 | keyUsage = critical, digitalSignature, cRLSign, keyCertSign 95 | 96 | [ v3_intermediate_ca ] 97 | # Extensions for a typical intermediate CA (`man x509v3_config`). 98 | subjectKeyIdentifier = hash 99 | authorityKeyIdentifier = keyid:always,issuer 100 | basicConstraints = critical, CA:true, pathlen:0 101 | keyUsage = critical, digitalSignature, cRLSign, keyCertSign 102 | 103 | [ usr_cert ] 104 | # Extensions for client certificates (`man x509v3_config`). 105 | basicConstraints = CA:FALSE 106 | nsCertType = client, email 107 | nsComment = "OpenSSL Generated Client Certificate" 108 | subjectKeyIdentifier = hash 109 | authorityKeyIdentifier = keyid,issuer 110 | keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment 111 | extendedKeyUsage = clientAuth, emailProtection 112 | 113 | [ server_cert ] 114 | # Extensions for server certificates (`man x509v3_config`). 115 | basicConstraints = CA:FALSE 116 | nsCertType = server 117 | nsComment = "OpenSSL Generated Server Certificate" 118 | subjectKeyIdentifier = hash 119 | authorityKeyIdentifier = keyid,issuer:always 120 | keyUsage = critical, digitalSignature, keyEncipherment 121 | extendedKeyUsage = serverAuth 122 | 123 | [ crl_ext ] 124 | # Extension for CRLs (`man x509v3_config`). 125 | authorityKeyIdentifier=keyid:always 126 | 127 | [ ocsp ] 128 | # Extension for OCSP signing certificates (`man ocsp`). 129 | basicConstraints = CA:FALSE 130 | subjectKeyIdentifier = hash 131 | authorityKeyIdentifier = keyid,issuer 132 | keyUsage = critical, digitalSignature 133 | extendedKeyUsage = critical, OCSPSigning 134 | -------------------------------------------------------------------------------- /test/CA/root/private/ca.key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDXxuNx1/TWnYJJ 3 | hNZe2Rg0zvBZNwTawiYhtJp6Th0ANXYPrPbSCubo34pnDXSVDL/D89KfwsdVfjcR 4 | mJYhmcufB6JVTC/KVfxAXBv+ymphsPPrD5hw/NLC1x2VPKCGQ2qtKGRUMm8gpmSV 5 | QsVZHAifDja8ZBuLi+iQY/S8R5Z9GrW+E5LLst5qIz7S9JY8y6sO5B3G+GDM+mga 6 | aZVOFW/FNUPsipBryxpB0HEgMs+hpeC2yvJ/3ic3K888Y4BOcHjRScFktr+otpOC 7 | 4l539XXt1Ce9DNIKmvh+5QAR+Iy7OzdcIxBz4LX73zSwtsiDWleGy3Y5YPjzdz2M 8 | 5nd5ITbXzn+y1V4ODQL08XFawWS9Fhzu9qSAH5QOsNxajwHq4ZEAOsaBla+6ne2t 9 | gNU0He5dSifK/Xg9HmBfYXP3CG91H9If8RQGAM/ra0yyiKWcXNeHe59BDl9f+pbc 10 | LnfnWLDL2VwzlsKL5pzhCWujTyYiaUGW6JMtEWtxwm5EzSrX8TOGbDAvtcPBdLeh 11 | w6XL7IboJehWkQA1vidX3gBUUBqhnzRkFFL1mIcOAWJzZ7qmLQ7E9T5Ulrfo0HQu 12 | +pNZfajKyLv3aoLObTvYc4OZ2mQv6k8NM02nkUobIsI9bFbGLqDUC4+724LpYkMU 13 | xpr6v5ANQqR7r8HpqDbhdaeN14oUvwIDAQABAoICAAHwTrKC/bdV7Unq0HWZXr8k 14 | DYMdBu/45u3OQ8W4i53Tsnlb6lB4ekWlCIck1vjQh1fj328XCW0fuAVHnoWzw4wX 15 | aKJ6j5gHo2oSnx/FbXpDjurRljg2//px2K6yv5XP55ahsnESjkQNVVcFUA+dEbNt 16 | exlrOYIh94Igm8jQndixk5N0dTuw95BIO8lvxXp2BqtDam8TY+SY6rQzYaeKHW8j 17 | VjZlslF9ntabiwCpOYtaxFpFbYivlCD0mvqQbE0yySscOLQbyOdjqI9NqF/3NnWK 18 | E/H+D6m6ZbmCJjjYclnro3OHpHSzaVSCLLovvOfNOSnEDI5hwYAygJI9BIgelRxh 19 | YIo5Zd+swV6PRR0EhUOSgH19K7AUPpuWjC/F4Bm5u4h4qHF3RIXvPcbvSdZ09c/K 20 | RKo30EYnQP4mY5A43vBEdRZByHM1Vmd63ejVyPMLl3FpCK8By8gBB4DuBUbvnRX6 21 | Ivk1eHHNEz/wAJU2GgjIx8/c2t9s3pHKum8o+MOcO0m0lV9dhK8tQK2iR5dwBpD5 22 | a/q7AttEJRsFtdpMX6huT8+SlweGxExBzVHoi5tu5ddTXubMPZA/GQZMtKklwgk0 23 | QVGZyRCDHPn6EsIj/AMlEiQyiEeSc6lz9/m61I9QTbnXZFpvaxKieWLCY0+dEUKA 24 | cJBlvC6Dy8cMFvadUpNBAoIBAQDfi+qYU6SvteZ47DrzjWN6iMHtEaZqx1HH2Hu1 25 | K0vvmOwMTYOVyCO64nPrCeE8ec1nj8xwLlhDNuykRN8qCqY7NhIEl/qsey9hRIpG 26 | dHjB7gLp9Kx7aj3+wej8w/6OUn24rvH5uZ3a7Cq01tA6lP+UjG5Zt8UVxWNaZsRs 27 | LWYv+JZUk7eC7pG62S7yGJ/AB2DOQ9cUe6kpWr/En3wAB+mN4xwnCZkPFPmfhx+E 28 | KiVcfKBnk10K25dtzlQJUpIaa/wyKdtZJzsWPrLrgMqETwEKeu6YaQYx0CM9cf3f 29 | HOUl2Cl7ivcMY2fOIMJNcfBepjgIouKvCIsg9/MSxCSem7P/AoIBAQD3GjbWweuX 30 | P+B4hGtkzBQTZmKo+wLkiro77zmdre1Yv9V+SbHTRjTOch0Ueu6KGN08wMuMtmFm 31 | 8g7w5l4u5ik5FqKq5BmftmrEOpLoN+ERwEmYzIvQtng4ei0BpQBjLSNaKKZbUdnk 32 | r1R5BQtNH6Qt76TA+B+QHuvby0N7LlGoNBTim/wM16NBEboQkNiTrdSW64PD/2SC 33 | quZvg8RJtzcHuF5uukaGeowKzJlvsdgN0y/WZBnCDF1FZrcMFJHgFAdXqnI/4KCF 34 | zYBfxByeHRj0kpJkfGNRwJXfnsfcOeOOrA3afriXG7cbHhcnnNSYCa9jbLEAeOqa 35 | P4GumqUqyp9BAoIBAQC1wwcpegES2X0e3z0DoPe8vwunHc3JTm2BZ9UWNrEUjKuJ 36 | SVFvbP8YSl5kQnFAAe1wgiyBHj2n0TXSTymA/o2w4UL/Ny+cJMEefmNL7BHv5P27 37 | irTf2D+2L6aoNxh4Ujxk+OJI4ZKnWZVT2sIOj+3Ls+9ZxaFbFVa2P48AQl2vLZnW 38 | BRGWRTJ60XJpaHoj4hvlOqXbwryFooMAdYiWYdiWBI50c0pfR/e7rVuD09zy+WZX 39 | MSva0zeqEbSkq92d3CWACCaQs+RILwy9jceckrxO8CumAucFg63TnScFzXHINp1s 40 | FU7QZNcXc+1omPcPjmlLJF3aYcD2OoUKwi7gQ8uzAoIBAQCwIqxyWppPHsYnweQ3 41 | Xkz1IycyYnJGbCih7jz4i3DCsUNCGM+71LBxc+AMqC/+mgihdJ/jNmGpmuNRjjQW 42 | ZBOAUQU0oREuyj3CkCoFg0dYeuM7GpqS9G4ve882++GR0CwB6TXjpC2YF+4zsYfD 43 | uskxwT+EGZmOBqyC6Jm6ZWLpbe5xNVTt5ovFJxilFEp8wgzmYwxymkqP5bgKRzeU 44 | gBem1iHh9b+tvg6y5/J7Lp7eA+p2fLXrnxqhDL1vy/3LZxtwvttfcwOZPMnD+auY 45 | fQ87znqxTAUT0h5C3xCBh3YQTc42L9vuQmA74TAKGX1kvoqZaXGl74ry1k/fIPaY 46 | 0QPBAoIBAQCdTp+FKDcSsURM4I+nfR2ZudVDG6zIgrhMhUoW8VaSZGMuBP7KWgZf 47 | obSdEVpA7Sy3LypH75dST0V8al8LqgxICev52wh0EYUkSot+DKmgmtUeqFaG9fDX 48 | dqXNYbOhbigQ8cban04tie0FN834uKWmo8Z35pLfi2oTzFqkGugq64OJ02EQXsRg 49 | dVxv3ip+GPr6o7D5iFTkFzJ/LJu36BXTeYefEgBhNJCQzdmQg7Odb/UwMxO7jjFE 50 | 8VA5HRIYWAt7ZJ1fXU+nQt33/Tcd4uYsCAijw/0kpC3v6s3SnS7+f6pPCCVUkNni 51 | I3JgqmOYXFMdyqemeASvxfGxNmyhEUje 52 | -----END PRIVATE KEY----- 53 | -------------------------------------------------------------------------------- /test/CA/root/serial: -------------------------------------------------------------------------------- 1 | 1001 2 | -------------------------------------------------------------------------------- /test/CA/root/serial.old: -------------------------------------------------------------------------------- 1 | 1000 2 | -------------------------------------------------------------------------------- /test/CA/server.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFuDCCA6CgAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwbDELMAkGA1UEBhMCQ0Ex 3 | ETAPBgNVBAgMCEVkbW9udG9uMREwDwYDVQQKDAhCb2IgQmVjazEYMBYGA1UECwwP 4 | TGliVExTIFR1dG9yaWFsMR0wGwYDVQQDDBRJbnRlcm1lZGlhdGUgQ0EgQ2VydDAe 5 | Fw0yMjEwMDExNzIxNTVaFw0yMzEwMTExNzIxNTVaMG4xCzAJBgNVBAYTAkNBMREw 6 | DwYDVQQIDAhFZG1vbnRvbjERMA8GA1UECgwIQm9iIEJlY2sxJTAjBgNVBAsMHExp 7 | YlRMUyBUdXRvcmlhbCBTZXJ2ZXIgQ2VydHMxEjAQBgNVBAMMCWxvY2FsaG9zdDCC 8 | ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMRtpFLa3mnzddAComuvNxjZ 9 | RofrzX3qpCUjYX1U0S8pX4R2lHPt80NT5Q67VUsTZcGohKnw8N//PGZVorbpGbPa 10 | eujUj6noRzjb+V2SDHH1PeOa3xHwP5pv3Aydh2IFrlY81xX8OIq5blq99sjWeunk 11 | 4E5SrPryAiK9dlXcNTj6MroiK9IVzfQwyfo+NPlmqXHAgxAHH3pLcG8mDl/BFitX 12 | Kb5/daoBDRRgRNqRDf35ZZJSFKG61Y2BKAZmqXhm5gZgSEv3Ivsn4evSIFItZt3Z 13 | 1kPzdTRfa9ckOc6TAVnVZ3tVITpf4vXjIPVPmwVTcKgbzvGh/6zgHfONp8q8FSsC 14 | AwEAAaOCAWAwggFcMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDMGCWCG 15 | SAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUw 16 | HQYDVR0OBBYEFNwIab8sRqlAsimAF6t332UNoFJCMIGPBgNVHSMEgYcwgYSAFLYm 17 | LwQAe5Mb7hmIKo/HppNaWMvCoWikZjBkMQswCQYDVQQGEwJDQTERMA8GA1UECAwI 18 | RWRtb250b24xETAPBgNVBAoMCEJvYiBCZWNrMRgwFgYDVQQLDA9MaWJUTFMgVHV0 19 | b3JpYWwxFTATBgNVBAMMDFJvb3QgQ0EgQ2VydIICEAAwDgYDVR0PAQH/BAQDAgWg 20 | MDEGCCsGAQUFBwEBBCUwIzAhBggrBgEFBQcwAYYVaHR0cDovL2xvY2FsaG9zdDoy 21 | NTYwMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQC265NI 22 | Xsv0qkjwP898Qr3mHRd3G3XsxV6wtYJWCmqq0U5hqcgA7hFVrrBCa2bzXZwmhxnt 23 | GjuTVQvqvp7LXVvHAqe1vGk3fw88aNveqxgEkGMTuceGWgU6KYhFUNws6WnTcCGH 24 | Sf0kWpjfxaIqzOaJjHugsJYNC/jKjOXxv18I+NyBFvx6TtW0yvU8pSxEfjGGDPLy 25 | qHSXPprJvuIyRbt9GZJDAoZaU/HoD3ksSLVTicz+s6UmHPsylMb84E+WF8J627gR 26 | pTmltu6efMJUI7u+ah+uDeIHZn/aBFhL10xOaVuEvsIL0vZZv5+OZgowhDuWEEko 27 | BamR/LXP7NjlJhiKZs9JizzkqdA0atsRug0dZFjbP52vn3Z7wToTUzX2ZEMFWeQk 28 | OjTm8jwQTXVMxR3VvB1TqQlsJBuGwQPhBIpmV/UPw4yVxHJe6fjuecCHYPRVaMd6 29 | q1EpPTNWubM0zLO23MP/UQca69hITtWUPqdLstk/8K4+ELHNCJX6I7HKRjMFhD9q 30 | pVCSbFHLZeNzvtJYb0h6NzuohnO19RsTWJQatVUt0u+cntsUM6C17T6Hgt6OCUAL 31 | qhm94K0W0vzAxwI99johWn9bqk7QAMQO1xHdcUiHsiH8SzgYhMx8fvqRNZQe6LFg 32 | N1nn0Wff3xsND9iGgCOiPVgCggyhBlv1UHP7xQ== 33 | -----END CERTIFICATE----- 34 | -----BEGIN CERTIFICATE----- 35 | MIIFsjCCA5qgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwZDELMAkGA1UEBhMCQ0Ex 36 | ETAPBgNVBAgMCEVkbW9udG9uMREwDwYDVQQKDAhCb2IgQmVjazEYMBYGA1UECwwP 37 | TGliVExTIFR1dG9yaWFsMRUwEwYDVQQDDAxSb290IENBIENlcnQwHhcNMjIxMDAx 38 | MTcyMTU0WhcNMzIwODA5MTcyMTU0WjBsMQswCQYDVQQGEwJDQTERMA8GA1UECAwI 39 | RWRtb250b24xETAPBgNVBAoMCEJvYiBCZWNrMRgwFgYDVQQLDA9MaWJUTFMgVHV0 40 | b3JpYWwxHTAbBgNVBAMMFEludGVybWVkaWF0ZSBDQSBDZXJ0MIICIjANBgkqhkiG 41 | 9w0BAQEFAAOCAg8AMIICCgKCAgEA4BB3kZ368xlDnt2rpPmTbMQF4aE1mWcKx5M1 42 | x05nDvUUOz3OY08iIaXQJd6MGYcV1or9gAy2NPhajuAHWkm/xjLplVEwBs2mk+Ts 43 | 0jOIKY5LhPvhD1J0gvxZ7HQ/h44KpKhNwNCjc2m9NbjnEXPgUzv+liECeqnQDe5K 44 | rYIWh92LywKezCJmDtNcLyXvJcG+TqXKhjEN8WbzLT3WqSdvWIyGIswFBpCPY7/Y 45 | PUyD29hX07DJLCfBx91Iq3QDYr5agpSmdcglAwb/AsZIci/vh9ZsrIwJuT8GrH5Y 46 | EtZdCpqyCEB9upNEQyhNyY2+rnjPw3KcVGf1TwzBrultWs+UBniBxywxMwzIziBo 47 | S0BqhLecZsroRdGcKMrMRakIr03Bjg7rFgQkSPPO7l1iyEs3CckE4AIbS/Bj+pk/ 48 | LfEEluWWGSYYukMKs+9U+MKX0F/NyYVfvnA8Ex4LDbkNKRziLpehiy+wJl3Kku4q 49 | swiisOqLGItGGBBHzML+zw75sbWtgzt06CHTca8P2GbmS5IdVvQKQ18+t03CbHca 50 | tphQbgXTjY88exaqIr1jP2AFMWzKGKB0yUJ+ZskG0RmbFAPFzvqA9hdLQ3J1zQWe 51 | cmL9Ur374cGqkA4LR1mn4WgsskYYyqS1QBC/5BIhlZCDrd2SMNDxa2vYNzgsvPa6 52 | +NydIrkCAwEAAaNmMGQwHQYDVR0OBBYEFLYmLwQAe5Mb7hmIKo/HppNaWMvCMB8G 53 | A1UdIwQYMBaAFPJ992/6GmE6Vx51ATNfI0t4KSyXMBIGA1UdEwEB/wQIMAYBAf8C 54 | AQAwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQAK+FMQNbH1KEmF 55 | tv2Etgqi9weQ8Zv1aNmvipxtnEujXv+Cickvvy1SunB1hH3UVy78O4+aV65TKnqR 56 | vzYryX/mGkSUgqMvo+7g0GzeW+oeNSJPgER8Jysdg69u06HxLEPowjgQHsXeFG3O 57 | 1NB2p4tr7CtrKm8yiXLbcmCUh9QKi/BlBvYxOevAunmrBd907f0hbY+U/xvqYCTw 58 | A7MULSBDDhxNklp+HgEq5XDiQUdh5hqM4w9lyZvJc6vaDd9302qo1eX7O+atMsv7 59 | pkJV/gpQbWIkcrBG/Xsis664T374Czss11ohEcOdLHU9mmayFaL5YeTbuCsLZaW1 60 | lReUbALBNnB5/85eN2JUGwBFukdMyGn0v+u6U/E3D+JnYPt6fP0dItTvAXo2qhYL 61 | 9I3B1lbwp1Jng/v1CYQ1nBh4LAhqY1la+WauO7Fj0cAeLRIgVLCyispWJOB1J0lG 62 | FJpjCH0x/bdclCuZcOz7qN3Berw+FPe3ZUhSIWGpY1um9wGif3tHZnl2sGNi+hYB 63 | Pv6CZP8x9HehzQqJYj3IytCW+lgYcI8UzFm8SS19gRq85QQtSFrW1e8oJ7mYbiLu 64 | 3tAictLVOUtALySQxRNWYyN91T63xybkqwSTyDdIIc0uH1GM7uJjRzUSJhcjX0o2 65 | X59Eo5OCgmc6uW+uaCDnZ0N3b0O2Dg== 66 | -----END CERTIFICATE----- 67 | -----BEGIN CERTIFICATE----- 68 | MIIFuTCCA6GgAwIBAgIUWpN0nBX6qMZ38jMp79eX4QfjKv0wDQYJKoZIhvcNAQEL 69 | BQAwZDELMAkGA1UEBhMCQ0ExETAPBgNVBAgMCEVkbW9udG9uMREwDwYDVQQKDAhC 70 | b2IgQmVjazEYMBYGA1UECwwPTGliVExTIFR1dG9yaWFsMRUwEwYDVQQDDAxSb290 71 | IENBIENlcnQwHhcNMjIxMDAxMTcyMTUxWhcNNDIwOTI2MTcyMTUxWjBkMQswCQYD 72 | VQQGEwJDQTERMA8GA1UECAwIRWRtb250b24xETAPBgNVBAoMCEJvYiBCZWNrMRgw 73 | FgYDVQQLDA9MaWJUTFMgVHV0b3JpYWwxFTATBgNVBAMMDFJvb3QgQ0EgQ2VydDCC 74 | AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANfG43HX9NadgkmE1l7ZGDTO 75 | 8Fk3BNrCJiG0mnpOHQA1dg+s9tIK5ujfimcNdJUMv8Pz0p/Cx1V+NxGYliGZy58H 76 | olVML8pV/EBcG/7KamGw8+sPmHD80sLXHZU8oIZDaq0oZFQybyCmZJVCxVkcCJ8O 77 | NrxkG4uL6JBj9LxHln0atb4Tksuy3mojPtL0ljzLqw7kHcb4YMz6aBpplU4Vb8U1 78 | Q+yKkGvLGkHQcSAyz6Gl4LbK8n/eJzcrzzxjgE5weNFJwWS2v6i2k4LiXnf1de3U 79 | J70M0gqa+H7lABH4jLs7N1wjEHPgtfvfNLC2yINaV4bLdjlg+PN3PYzmd3khNtfO 80 | f7LVXg4NAvTxcVrBZL0WHO72pIAflA6w3FqPAerhkQA6xoGVr7qd7a2A1TQd7l1K 81 | J8r9eD0eYF9hc/cIb3Uf0h/xFAYAz+trTLKIpZxc14d7n0EOX1/6ltwud+dYsMvZ 82 | XDOWwovmnOEJa6NPJiJpQZboky0Ra3HCbkTNKtfxM4ZsMC+1w8F0t6HDpcvshugl 83 | 6FaRADW+J1feAFRQGqGfNGQUUvWYhw4BYnNnuqYtDsT1PlSWt+jQdC76k1l9qMrI 84 | u/dqgs5tO9hzg5naZC/qTw0zTaeRShsiwj1sVsYuoNQLj7vbguliQxTGmvq/kA1C 85 | pHuvwemoNuF1p43XihS/AgMBAAGjYzBhMB0GA1UdDgQWBBTyffdv+hphOlcedQEz 86 | XyNLeCkslzAfBgNVHSMEGDAWgBTyffdv+hphOlcedQEzXyNLeCkslzAPBgNVHRMB 87 | Af8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAYGxG 88 | G5CkEflZvV3jsgMKWfEZnNLzDoZMP0881AXFVdyIcoscxr5lvdwjfcjfBzDV7qE8 89 | dJxdi3ws/XMyiol/pBjtPFpspgpIhtU7HWn7G8MKCtUoCXfAXhdIY6GIpR+oDZaT 90 | XxyMpPQMQ0vZPRBGbRDNpNuchxqJHGXTyJS23HqHNISKr25SLz1/H0d32G9PCee+ 91 | +ZGgQd67I9FIvIaO692z1NjiR3VayKQrXVoc7HM2Ul+wSn6m0VynGpmB2mW/R8RF 92 | 6WAZIDwitANpT+xvQkMRALcLqiFc7HJFeTvnwA8BKFQXnyxdiNrywimp/GNYb/hs 93 | 2DH4GITlUKuyB+dbYQosXQL9HgMZvgVEPSPFDITvs0XJm6ts3b7m9X4ojoyMrmkI 94 | bJ+4Ievt/xC+yDcvGzifhWN8SnF/2foAYsiLujO8QkA1C5As1+MHRnPe1IpZY+pg 95 | XbrGOsRoEaIxUZywphKWOwb6NUZtIgKxxD7pVjmSrBL4lxxvedoT4IYaAQ3ZXUVc 96 | 2G501SJ0MzyHVA8BJThnpsiEewCEFTrTw2v5IpUDZMs3eOqoNVhrDL27jxsUucss 97 | PbNbBypacy1y2DU8iPapRjif1XmkuXlQHAifYn9ydBx+l9/TzETfK4cn364XFfUy 98 | lybaJU00GZld0TwE80YLBduigVNZ6pftRKV+aU0= 99 | -----END CERTIFICATE----- 100 | -------------------------------------------------------------------------------- /test/CA/server.key: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDEbaRS2t5p83XQ 3 | AqJrrzcY2UaH68196qQlI2F9VNEvKV+EdpRz7fNDU+UOu1VLE2XBqISp8PDf/zxm 4 | VaK26Rmz2nro1I+p6Ec42/ldkgxx9T3jmt8R8D+ab9wMnYdiBa5WPNcV/DiKuW5a 5 | vfbI1nrp5OBOUqz68gIivXZV3DU4+jK6IivSFc30MMn6PjT5ZqlxwIMQBx96S3Bv 6 | Jg5fwRYrVym+f3WqAQ0UYETakQ39+WWSUhShutWNgSgGZql4ZuYGYEhL9yL7J+Hr 7 | 0iBSLWbd2dZD83U0X2vXJDnOkwFZ1Wd7VSE6X+L14yD1T5sFU3CoG87xof+s4B3z 8 | jafKvBUrAgMBAAECggEAWu0qENSR+lehpJ1jlBdymMUTOh30bKIuQ6bCHSMjBgLP 9 | 3WCKzbNLVVJDiPM8w1kCVIfuiUAoMHhU/EYN4T+8Dx5GoPqsWglU1sQ1BZRywFm2 10 | wWJSelpNBu9a3FgbcEuS7QaSxfGQNt8pb0XaNBPcp+Kz1m289xkJ1gz/9zTNSkbv 11 | jP3o52DGbWJRUCdplpWEEuVnRj0ZAWHeLP4fmLD3W+kt8jUny8+aaiI7Y3+3dfC3 12 | RS4YjHsbHcO2f05qYCnjlIyUfkCPcmdGQ6NtfpVt4YXi42NeB1WexpoCGei9QMWy 13 | FmamJn03gJ7jY+UxoI9tglbe+OHrI+F65SzeCy/U2QKBgQDjjhlnbQD9+rU6rGrq 14 | oa2CaJRpWi0K/dSvm1ZjjSIVAKW5BFFtT9EdUKpEqHiceTjJGNY697DQhGAcJT8o 15 | SQ3aV71VVJ1KhDGE58qIO/EJYwnqJs0+7NbqEzmfaIVVe/40f4udMbrVKH3dmTPl 16 | JjdpQs95PXWBMT4c61SrUk7yPwKBgQDc+3dwg2mA1AA1L1KFPDrHoE+ZlSQVfqiy 17 | PQMPu3x/uqIZrAk08Rtv/Ya/vGb7NGYscgM5PiFHmZcD1mEIaF1kxcg2nGiKI3LP 18 | LnYUKsR1QGK9sxduwK4MjVZ3kKcKW2Xptfxcm5T6g2C5HO6x4dWtGvORMGx95NkG 19 | c9uyQMRKFQKBgQC7qriWzJYR4E7QadvvT5GKSHeFf2JAe2CJxyFzDrU5/wOt17rT 20 | 3QzIEXurDgoSegL0DnC3xwjinxmofKterQkotk2mbxcdmnJAeu1Ud6LtK+nEW2XP 21 | 7IG+IEbYidnUy2K1py7cYGQGYdOUC0J6TI9MV1ZGVgJvns3sCcUVWddT/wKBgBdh 22 | a9O1s7XzuEnoRdze8IEqjwF67CRyEDs7hVVmytdg0cHRl+/ICtUgh99FecfeVWki 23 | bwDhd/fxYi7/wah4ElmVK4fLqKvk8ELHcarUk5CsTUYw6qvHKyMc2ScxYNsRrIi7 24 | voW12F9hAxzS2NZtRIRaM6cK7o+rZOLv4zDK9Xm5AoGAHkbVL6LVWZF0ekkUicuA 25 | R+3WrTHxkrE+4AtNugUqC0vkNyCM9jMGNLN1t5bmzr7s4Sc9Ujy5+vAPrRLGZLVF 26 | 5FtK773N8q7ovyjmyL6hYmEVuWAxFtNAVcgrMeXqcFiUdna0eAPIUlyyfbS0Vpv5 27 | 2KHa1XucBTdkGEUFI+/zYXo= 28 | -----END PRIVATE KEY----- 29 | --------------------------------------------------------------------------------