├── dune-project ├── .gitignore ├── tests ├── ocsp │ ├── index.txt │ ├── request.der │ ├── response.der │ ├── key.pem │ ├── test1.pem │ └── certificate.pem ├── crl │ ├── 1.crl │ ├── 10.crl │ ├── 11.crl │ ├── 12.crl │ ├── 13.crl │ ├── 14.crl │ ├── 15.crl │ ├── 16.crl │ ├── 17.crl │ ├── 18.crl │ ├── 19.crl │ ├── 2.crl │ ├── 20.crl │ ├── 21.crl │ ├── 3.crl │ ├── 4.crl │ ├── 5.crl │ ├── 6.crl │ ├── 7.crl │ ├── 8.crl │ ├── 9.crl │ ├── 3.pem │ ├── 9.pem │ ├── 11.pem │ ├── 10.pem │ ├── 17.pem │ ├── 13.pem │ ├── 16.pem │ ├── 15.pem │ ├── 6.pem │ ├── 5.pem │ ├── 4.pem │ ├── 7.pem │ ├── 8.pem │ ├── 21.pem │ ├── 19.pem │ ├── 20.pem │ ├── 1.pem │ ├── 2.pem │ ├── 12.pem │ ├── 14.pem │ └── 18.pem ├── pkcs12 │ ├── ossl.p12 │ ├── ours.p12 │ ├── ossl_aes.p12 │ ├── key.pem │ └── certificate.pem ├── regression │ ├── priv_p256_2.pem │ ├── priv_p384.pem │ ├── pub_p256_2.pem │ ├── priv_p521.pem │ ├── pub_p384.pem │ ├── priv_p256.pem │ ├── pub_p521.pem │ ├── gen_ec.sh │ ├── example-25519.pem │ ├── rsa_pub.pem │ ├── alternate-sha1rsa-oid.pem │ ├── p256_sha384.pem │ ├── yubico.pem │ ├── letsencrypt-root-x2.pem │ ├── until_frac_s.pem │ ├── telesec.pem │ ├── name-constraints.pem │ ├── digicert.pem │ ├── gcloud.pem │ ├── rsa_priv.pem │ ├── openssl_2048.pem │ ├── dfn.pem │ ├── 1.1.1.1.pem │ ├── fu-berlin.pem │ ├── jabber.ccc.de.pem │ ├── izenpe.pem │ ├── pads.ccc.de.pem │ ├── jabber.fu-berlin.de.pem │ ├── PostaCARoot.pem │ └── cacert.pem ├── dune ├── custom_pp │ ├── dune │ ├── custom_pp.expected │ └── custom_pp.ml ├── tests.ml ├── testcertificates │ ├── fido.pem │ ├── cacert-v1.pem │ ├── private │ │ └── cakey.pem │ ├── cacert.pem │ ├── cacert-pathlen-0.pem │ ├── intermediate │ │ ├── private │ │ │ └── cakey.pem │ │ ├── second │ │ │ ├── second.key │ │ │ ├── second-no-cn.pem │ │ │ ├── second-nonrepud.pem │ │ │ ├── second.pem │ │ │ ├── second-bc-true.pem │ │ │ ├── second-any.pem │ │ │ ├── second-time.pem │ │ │ ├── second-unknown-noncrit.pem │ │ │ ├── second-unknown.pem │ │ │ ├── second-subjaltemail.pem │ │ │ ├── second-subj.pem │ │ │ └── second-subj-wild.pem │ │ ├── cacert-v1.pem │ │ ├── cacert-no-bc.pem │ │ ├── cacert-no-keyusage.pem │ │ ├── cacert.pem │ │ ├── cacert-ba-false.pem │ │ ├── cacert-ku-critical.pem │ │ ├── cacert-timestamp.pem │ │ ├── cacert-any-ext.pem │ │ └── cacert-unknown.pem │ ├── cacert-keyusage-crlsign.pem │ ├── cacert-basicconstraint-ca-false.pem │ ├── cacert-ext-usage.pem │ ├── cacert-ext-usage-timestamping.pem │ ├── cacert-unknown-extension.pem │ ├── cacert-unknown-critical-extension.pem │ └── first │ │ ├── first-keyusage-nonrep.pem │ │ ├── first-wildcard.pem │ │ ├── first-basicconstraint-true.pem │ │ ├── first-unknown-extension.pem │ │ ├── first-wildcard-subjaltname.pem │ │ ├── first-keyusage-and-timestamping.pem │ │ ├── first.pem │ │ ├── first-keyusage-any.pem │ │ └── first-unknown-critical-extension.pem ├── csr │ ├── wild-foo-cn.pem │ ├── wild-bar.pem │ ├── your-new-domain.pem │ └── your-new-domain-raw.pem ├── priv.ml ├── pkcs12.ml └── crltests.ml ├── lib ├── dune ├── x509.ml ├── host.ml ├── key_type.ml └── asn_grammars.ml ├── README.md ├── LICENSE.md └── x509.opam /dune-project: -------------------------------------------------------------------------------- 1 | (lang dune 2.0) 2 | (name x509) 3 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | _build/ 2 | *.install 3 | .merlin 4 | 5 | random/ 6 | -------------------------------------------------------------------------------- /tests/ocsp/index.txt: -------------------------------------------------------------------------------- 1 | V 260517090452Z 2710 unknown /CN=test1.example.com/ 2 | -------------------------------------------------------------------------------- /tests/crl/1.crl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mirleft/ocaml-x509/HEAD/tests/crl/1.crl -------------------------------------------------------------------------------- /tests/crl/10.crl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mirleft/ocaml-x509/HEAD/tests/crl/10.crl -------------------------------------------------------------------------------- /tests/crl/11.crl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mirleft/ocaml-x509/HEAD/tests/crl/11.crl -------------------------------------------------------------------------------- /tests/crl/12.crl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mirleft/ocaml-x509/HEAD/tests/crl/12.crl -------------------------------------------------------------------------------- /tests/crl/13.crl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mirleft/ocaml-x509/HEAD/tests/crl/13.crl -------------------------------------------------------------------------------- /tests/crl/14.crl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mirleft/ocaml-x509/HEAD/tests/crl/14.crl -------------------------------------------------------------------------------- /tests/crl/15.crl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mirleft/ocaml-x509/HEAD/tests/crl/15.crl -------------------------------------------------------------------------------- /tests/crl/16.crl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mirleft/ocaml-x509/HEAD/tests/crl/16.crl -------------------------------------------------------------------------------- /tests/crl/17.crl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mirleft/ocaml-x509/HEAD/tests/crl/17.crl -------------------------------------------------------------------------------- /tests/crl/18.crl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mirleft/ocaml-x509/HEAD/tests/crl/18.crl -------------------------------------------------------------------------------- /tests/crl/19.crl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mirleft/ocaml-x509/HEAD/tests/crl/19.crl -------------------------------------------------------------------------------- /tests/crl/2.crl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mirleft/ocaml-x509/HEAD/tests/crl/2.crl -------------------------------------------------------------------------------- /tests/crl/20.crl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mirleft/ocaml-x509/HEAD/tests/crl/20.crl -------------------------------------------------------------------------------- /tests/crl/21.crl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mirleft/ocaml-x509/HEAD/tests/crl/21.crl -------------------------------------------------------------------------------- /tests/crl/3.crl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mirleft/ocaml-x509/HEAD/tests/crl/3.crl -------------------------------------------------------------------------------- /tests/crl/4.crl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mirleft/ocaml-x509/HEAD/tests/crl/4.crl -------------------------------------------------------------------------------- /tests/crl/5.crl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mirleft/ocaml-x509/HEAD/tests/crl/5.crl -------------------------------------------------------------------------------- /tests/crl/6.crl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mirleft/ocaml-x509/HEAD/tests/crl/6.crl -------------------------------------------------------------------------------- /tests/crl/7.crl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mirleft/ocaml-x509/HEAD/tests/crl/7.crl -------------------------------------------------------------------------------- /tests/crl/8.crl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mirleft/ocaml-x509/HEAD/tests/crl/8.crl -------------------------------------------------------------------------------- /tests/crl/9.crl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mirleft/ocaml-x509/HEAD/tests/crl/9.crl -------------------------------------------------------------------------------- /tests/ocsp/request.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mirleft/ocaml-x509/HEAD/tests/ocsp/request.der -------------------------------------------------------------------------------- /tests/pkcs12/ossl.p12: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mirleft/ocaml-x509/HEAD/tests/pkcs12/ossl.p12 -------------------------------------------------------------------------------- /tests/pkcs12/ours.p12: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mirleft/ocaml-x509/HEAD/tests/pkcs12/ours.p12 -------------------------------------------------------------------------------- /tests/ocsp/response.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mirleft/ocaml-x509/HEAD/tests/ocsp/response.der -------------------------------------------------------------------------------- /tests/pkcs12/ossl_aes.p12: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mirleft/ocaml-x509/HEAD/tests/pkcs12/ossl_aes.p12 -------------------------------------------------------------------------------- /tests/regression/priv_p256_2.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCCOeoXq8YUx5Xe34Umx 3 | 6i6PPyVLntmQ/d1BWSHMdGlrxA== 4 | -----END PRIVATE KEY----- 5 | -------------------------------------------------------------------------------- /tests/regression/priv_p384.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | ME4CAQAwEAYHKoZIzj0CAQYFK4EEACIENzA1AgEBBDAJVL2wfNpMCluskwJMZlWZ 3 | tsgiDYP3pvKXl44DiaqaMwkvX1z3rnjtiejsbbpzWfw= 4 | -----END PRIVATE KEY----- 5 | -------------------------------------------------------------------------------- /tests/ocsp/key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MGACAQAwEAYHKoZIzj0CAQYFK4EEACMESTBHAgEBBEIAtmFgIVel9k9Ivp7S5Mlc 3 | adxdv3KvDHc1j787n4avTUpzk+Aj7g0zxen7UsBOk2q/EGbZbtVFsO4zdOvPqP1+ 4 | m94= 5 | -----END PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /tests/regression/pub_p256_2.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEntQBtVe9QH6lTpnxyeQ8MniqIDGn 3 | IJfIfI7WB5hyG+Axar+nP6gcp6MtbU0/KfifjM3O4AJZ8AN31CtdhiRBBg== 4 | -----END PUBLIC KEY----- 5 | -------------------------------------------------------------------------------- /tests/pkcs12/key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MGACAQAwEAYHKoZIzj0CAQYFK4EEACMESTBHAgEBBEIAtmFgIVel9k9Ivp7S5Mlc 3 | adxdv3KvDHc1j787n4avTUpzk+Aj7g0zxen7UsBOk2q/EGbZbtVFsO4zdOvPqP1+ 4 | m94= 5 | -----END PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /tests/regression/priv_p521.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MGACAQAwEAYHKoZIzj0CAQYFK4EEACMESTBHAgEBBEIA+tTKs3+y7P+Ag7Aun6u8 3 | JGAnuVIGEU2cCnQhT+50V/qfgn0kvrTRf5Q9atdJgKmpHX6ImejjbaHHfZrTkTA2 4 | JoQ= 5 | -----END PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /tests/regression/pub_p384.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEhSJSi7Bye+M1BHqDv9yrP/gHOoj2RLmn 3 | tgveHIPR4KjWA0byOxBExaQeVwQ/eRwltFOBpJmCyQit3eW+2PzzGayx4l+bjHiQ 4 | iyGHKYh0nOuOQri+bqXf2Z2qvx33/2i9 5 | -----END PUBLIC KEY----- 6 | -------------------------------------------------------------------------------- /tests/regression/priv_p256.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PRIVATE KEY----- 2 | MHcCAQEEIHE5sa4aN1Qh2oek/0Vsh+AjNW2JvlYClbG5itcElL07oAoGCCqGSM49 3 | AwEHoUQDQgAEGDIcaAYlT2o4IeMoFJtfMj+5ymE7BbwUkT4i3jKMuwPTlbOxcRSy 4 | jdqqvzl3XO8wI36oaY54Z/a/W0pegihH5Q== 5 | -----END EC PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /tests/dune: -------------------------------------------------------------------------------- 1 | (test 2 | (name tests) 3 | (deps (source_tree regression) (source_tree testcertificates) (source_tree crl) (source_tree csr) (source_tree pkcs12) (source_tree ocsp)) 4 | (libraries x509 alcotest ptime.clock.os mirage-crypto-pk mirage-crypto-ec mirage-crypto-rng.unix)) 5 | -------------------------------------------------------------------------------- /tests/regression/pub_p521.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBVd5yFR4sqUTQ6OonZt/9mzIj9oSN 3 | 0QK8Uk1ErHbvBYI8xckRFyDOYccVnT5pDk/AoIEnOlMbNA77woHxNB/Xb5wB+kSY 4 | apm4vdHRpd/Xak02WASE+BCvcSaH2Vkk6DCU9MUmaIoU8a6KoNoaQmlEFrcxG+CO 5 | bb5phTHbr9Z365S5NhE= 6 | -----END PUBLIC KEY----- 7 | -------------------------------------------------------------------------------- /tests/custom_pp/dune: -------------------------------------------------------------------------------- 1 | (executable 2 | (name custom_pp) 3 | (modules custom_pp) 4 | (libraries x509 asn1-combinators fmt)) 5 | 6 | (rule 7 | (with-stdout-to custom_pp.output (run ./custom_pp.exe))) 8 | 9 | (rule 10 | (alias runtest) 11 | (deps (source_tree ../testcertificates)) 12 | (action (diff custom_pp.expected custom_pp.output))) 13 | -------------------------------------------------------------------------------- /tests/regression/gen_ec.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | curve="secp521r1" 4 | file="p521.pem" 5 | 6 | openssl ecparam -name $curve -genkey -noout -out priv_$file 7 | openssl ec -in priv_$file -pubout -out pub_$file 8 | 9 | openssl ec -in priv_$file -no_public -out priv_$file.2 10 | openssl pkcs8 -in priv_$file.2 -nocrypt -topk8 -out priv_$file 11 | rm priv_$file.2 12 | -------------------------------------------------------------------------------- /tests/custom_pp/custom_pp.expected: -------------------------------------------------------------------------------- 1 | Certificate: X.509 certificate 2 | version 3 3 | serial 00d7 9549 bd1a 6717 51 4 | algorithm ECDSA-SHA256 5 | issuer /CN=FT FIDO 0200 6 | valid from 2019-02-26 00:00:00 +00:00 until 2034-02-25 23:59:59 +00:00 7 | subject /CN=FT FIDO P2047001341412 8 | extensions id-fido-u2f-ce-transports NFC,USB,BluetoothLowEnergy 9 | subjectKeyIdentifier 525e a96c 47b9 a479 33a0 9b48 71c3 98df 6407 aaa4 10 | 11 | -------------------------------------------------------------------------------- /tests/regression/example-25519.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIBCDCBuwIURHJlLlP4SM/dDu22B8MqFTMZ5uAwBQYDK2VwMCcxCzAJBgNVBAYT 3 | AkRFMRgwFgYDVQQDDA93d3cuZXhhbXBsZS5jb20wHhcNMjAxMTE2MTYwMzAxWhcN 4 | MjIxMDE3MTYwMzAxWjAnMQswCQYDVQQGEwJERTEYMBYGA1UEAwwPd3d3LmV4YW1w 5 | bGUuY29tMCowBQYDK2VwAyEAygKTwKSBIgaBMrYlbm7ib5HIWVppEazdP+MOPvud 6 | gpgwBQYDK2VwA0EArdE+8IE/aN2CCd/QEBCsvIGbf+l2JvctYjZ8GGmbBvSzYOKZ 7 | v4USO7H+2weZmbIWqqAVtrEKG0bk2GB4+61fCA== 8 | -----END CERTIFICATE----- 9 | -------------------------------------------------------------------------------- /tests/tests.ml: -------------------------------------------------------------------------------- 1 | let suites = 2 | X509tests.x509_tests @ [ 3 | "Regression", Regression.regression_tests ; 4 | "Host names", Regression.hostname_tests ; 5 | "Revoke", Revoke.revoke_tests ; 6 | "CRL", Crltests.crl_tests ; 7 | "PKCS12", Pkcs12.tests ; 8 | "OCSP", Ocsp.tests ; 9 | "Private Key", Priv.tests ; 10 | ] 11 | 12 | 13 | let () = 14 | Printexc.record_backtrace true; 15 | Mirage_crypto_rng_unix.use_default (); 16 | Alcotest.run "X509 tests" suites 17 | -------------------------------------------------------------------------------- /tests/regression/rsa_pub.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoTPB/7ezYcnoa6Ns4GJQ 3 | 74nHjuzJXf+4XWVzruxLq+2SixxWf32/TSaBEHxJoJLEGTcwH25qDv7PhWReQVbr 4 | Zso6p/0z8rWU+1TjvLlZlznAhex7o5uNqC8SsuAVvEvBn3UvwOoydsp6uAVfLxTb 5 | oi1SVwNlUv0CKCJhIJzBIWt03qWQuwH+gjpk+PoB4tLc4GYMp+lIgj94QPPKnOkS 6 | Vhh1UG5DtkDmgrzkqmkntLQYnmAEI+dPTH1ODjMMKgDBzSvHZZlyKTlc76byWhFc 7 | 5lQmYvX3S2foMgBJWBkckakiGOlfTBjIPgFexo70+eXaFGEull3hSaUYI9wyK8GM 8 | OQIDAQAB 9 | -----END PUBLIC KEY----- 10 | -------------------------------------------------------------------------------- /lib/dune: -------------------------------------------------------------------------------- 1 | (library 2 | (name x509) 3 | (public_name x509) 4 | (private_modules asn_grammars registry authenticator certificate validation 5 | public_key private_key crl distinguished_name algorithm 6 | extension pem signing_request general_name host rc2 p12 7 | key_type) 8 | (libraries asn1-combinators fmt ptime mirage-crypto mirage-crypto-pk 9 | gmap domain-name base64 logs mirage-crypto-ec kdf.pbkdf 10 | mirage-crypto-rng ipaddr ohex)) 11 | -------------------------------------------------------------------------------- /lib/x509.ml: -------------------------------------------------------------------------------- 1 | module Host = Host 2 | 3 | module Key_type = Key_type 4 | 5 | module Public_key = Public_key 6 | 7 | module Private_key = Private_key 8 | 9 | module Distinguished_name = Distinguished_name 10 | 11 | module General_name = General_name 12 | 13 | module Certificate = Certificate 14 | 15 | module Validation = Validation 16 | 17 | module Extension = Extension 18 | 19 | module Signing_request = Signing_request 20 | 21 | module CRL = Crl 22 | 23 | module Authenticator = Authenticator 24 | 25 | module PKCS12 = P12 26 | 27 | module OCSP = Ocsp 28 | -------------------------------------------------------------------------------- /tests/testcertificates/fido.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIBZzCCAQ2gAwIBAgIJANeVSb0aZxdRMAoGCCqGSM49BAMCMBcxFTATBgNVBAMM 3 | DEZUIEZJRE8gMDIwMDAgFw0xOTAyMjYwMDAwMDBaGA8yMDM0MDIyNTIzNTk1OVow 4 | ITEfMB0GA1UEAwwWRlQgRklETyBQMjA0NzAwMTM0MTQxMjBZMBMGByqGSM49AgEG 5 | CCqGSM49AwEHA0IABNhGWkOirKU/pjNetYRT4r3eXo677lNwTe3rmqVQ3Va3k8wK 6 | nc8fma17E4+jxJ1F8Ytvxg0nS5O0H50LIOfp+ACjNjA0MB0GA1UdDgQWBBRSXqls 7 | R7mkeTOgm0hxw5jfZAeqpDATBgsrBgEEAYLlHAIBAQQEAwIEcDAKBggqhkjOPQQD 8 | AgNIADBFAiEAp9D/XnMfhqABUJoJ40XCM2Mol6RfT/ClpPf44Kv1GnECIEIX/bzu 9 | uGEKdE2Xrk6AZlBY8bF/jsP/syYjh5rheDIr 10 | -----END CERTIFICATE----- 11 | -------------------------------------------------------------------------------- /tests/ocsp/test1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIBozCCAQQCAicQMAoGCCqGSM49BAMCMBYxFDASBgNVBAMMC2V4YW1wbGUuY29t 3 | MB4XDTIxMDUxOTE0NDIxMFoXDTMxMDUxNzE0NDIxMFowHDEaMBgGA1UEAwwRdGVz 4 | dDEuZXhhbXBsZS5jb20wgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABAFyClcikYSj 5 | iY8V0LSiYk1/ZzN5WbOqsut9jWJhvQcCe+BYnVtTWJU9Hoje9ZzB1PRThwWe+gB9 6 | CEq26N4Yxu7hcwDzKZYU8E5QOyHEKEfBTho6zdMPh+WCWUbZH2FNIRRE1BeKrqJl 7 | Zm68bXCIBUViyXX+6nImGCcmHPGZU2aB6WWNNjAKBggqhkjOPQQDAgOBjAAwgYgC 8 | QgCAu0cwvmP9SIfsbv17zFpoEPvBRc6UH4La7iVmq/un8N5qcBnTNsY3CNzXkT68 9 | P9XQhBzqZOvUIkjw0UgVPk8uvwJCAWXwCHa3nw0C/4qrlm3IIRjWAwygXojPHOxu 10 | Y+XLaPIpLLja2BzfP4uHWlyJAvZW/1SiMuFFv19ICbGmnRQdQyDY 11 | -----END CERTIFICATE----- 12 | -------------------------------------------------------------------------------- /tests/regression/alternate-sha1rsa-oid.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIBwjCCAS+gAwIBAgIQj2d4hVEz0L1DYFVhA9CxCzAJBgUrDgMCHQUAMA8xDTAL 3 | BgNVBAMTBFZQUzEwHhcNMDcwODE4MDkyODUzWhcNMDgwODE3MDkyODUzWjAPMQ0w 4 | CwYDVQQDEwRWUFMxMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDaqKn40uaU 5 | DbFL1NXXZ8/b4ZqDJ6eSI5lysMZHfZDs60G3ocbNKofBvURIutabrFuBCB2S5f/z 6 | ICan0LR4uFpGuZ2I/PuVaU8X5fT8gBh7L636cWzHPPScYts00OyywEq381UB7XwX 7 | YuWpM5kUW5rkbq1JV3ystTR/4YnLl48YtQIDAQABoycwJTATBgNVHSUEDDAKBggr 8 | BgEFBQcDATAOBgNVHQ8EBwMFALAAAAAwCQYFKw4DAh0FAAOBgQBuUrU+J2Z5WKcO 9 | VNjJHFUKo8qpbn8jKQZDl2nvVaXCTXQZblz/qxOm4FaGGzJ/m3GybVZNVfdyHg+U 10 | lmDpFpOITkvcyNc3xjJCf2GVBo/VvdtVt7Myq0IQtAi/CXRK22BRNhSt9uu2EcRu 11 | HIXdFWHEzi6eD4PpNw/0X3ID6Gxk4A== 12 | -----END CERTIFICATE----- 13 | -------------------------------------------------------------------------------- /tests/regression/p256_sha384.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIICADCCAaagAwIBAgIUHyCUM78QgqYYqanmNGJYTXnAk20wCgYIKoZIzj0EAwMw 3 | TzELMAkGA1UEBhMCQVUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0 4 | ZDEdMBsGA1UEAwwUcDI1NiBrZXkgd2l0aCBzaGEzODQwHhcNMjIwOTEzMTA1NDQ1 5 | WhcNMjMwOTA4MTA1NDQ1WjBPMQswCQYDVQQGEwJBVTEhMB8GA1UECgwYSW50ZXJu 6 | ZXQgV2lkZ2l0cyBQdHkgTHRkMR0wGwYDVQQDDBRwMjU2IGtleSB3aXRoIHNoYTM4 7 | NDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABFjrBgci81MwGVNjEtG2gexFcJbK 8 | Y2niGcoU2rAmQrB6PyfbhBHFCwmVwPEGyB39bRI+Toy6qFMMSK35EktMmGujYDBe 9 | MB0GA1UdDgQWBBRqwn0D+5XJdoUbL0JWG+eYO+xRcDAfBgNVHSMEGDAWgBRqwn0D 10 | +5XJdoUbL0JWG+eYO+xRcDAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwICBDAK 11 | BggqhkjOPQQDAwNIADBFAiACu3r0M9V45MGoH9Pv2eXPwNfSiEtcEI5VzxbvO24z 12 | /AIhAKATujXQk8FiBG0jH2982DzQBIQ03OkoA7MmReOomiY/ 13 | -----END CERTIFICATE----- 14 | -------------------------------------------------------------------------------- /tests/testcertificates/cacert-v1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIICATCCAWoCCQD9ajF8CeIw7jANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJB 3 | VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0 4 | cyBQdHkgTHRkMB4XDTE0MDYwNzEzNTE1MVoXDTI0MDYwNDEzNTE1MVowRTELMAkG 5 | A1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0 6 | IFdpZGdpdHMgUHR5IEx0ZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA52G0 7 | B+6RZhjuqk4+LKQFmco3bf5WCf/McuKAj5SmpsTpEf3Ize9QoLnqg9OU8h3d49Ik 8 | 9qr8c1OCMDyJT6KivfoMxcm59LvK4z+FKLkanBkvcPmT2D1vEK8FoH+KRgC4FpW0 9 | pvFZGEumdUAEJja2AL3uqbojZF79zZsGtVYiOwECAwEAATANBgkqhkiG9w0BAQUF 10 | AAOBgQDj8fzfzrhaLooJV+6IGwPbmsL0448vt/0QUY5Q82FfLo1KHNp5j/axSmw3 11 | b90T8OUq6EAAJyW+KLed0Q0YGcz/OcOTh68ellTpeSei3AxNdKxV6ucK70QdR0Wk 12 | mp6jOTmLFTTBoqCRxlbrwgN/nmx77/j002yXcXiGe1Tos9zUKQ== 13 | -----END CERTIFICATE----- 14 | -------------------------------------------------------------------------------- /tests/ocsp/certificate.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIICDDCCAW+gAwIBAgIIQcOa7kqxp9cwCgYIKoZIzj0EAwQwFjEUMBIGA1UEAwwL 3 | ZXhhbXBsZS5jb20wHhcNMjEwNDA0MTcwMTU3WhcNMjIwNDA0MTcwMTU3WjAWMRQw 4 | EgYDVQQDDAtleGFtcGxlLmNvbTCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAXIK 5 | VyKRhKOJjxXQtKJiTX9nM3lZs6qy632NYmG9BwJ74FidW1NYlT0eiN71nMHU9FOH 6 | BZ76AH0ISrbo3hjG7uFzAPMplhTwTlA7IcQoR8FOGjrN0w+H5YJZRtkfYU0hFETU 7 | F4quomVmbrxtcIgFRWLJdf7qciYYJyYc8ZlTZoHpZY02o2QwYjAdBgNVHQ4EFgQU 8 | nku+GxZTewB6/D2bJFQcOkBN4QMwDwYDVR0PAQH/BAUDAwfGADAPBgNVHRMBAf8E 9 | BTADAQH/MB8GA1UdIwQYMBaAFJ5LvhsWU3sAevw9myRUHDpATeEDMAoGCCqGSM49 10 | BAMEA4GKADCBhgJBfZBX4o5Df/fJUnzmQKo6KFFWlc70VkO3hXH6lUhVRLcT+Ame 11 | 6gJUjgYy65GryW4Tx/pFTI7tdX19UDm+kBvgv1sCQRIgxgt/eJ74VsRgt7Br3Smm 12 | px1uULyS4PIGBKT4O4C4bWS1wdzw8ZOlegss1+pkxYYrfJFNJYyBaqY0ScTpvE4F 13 | -----END CERTIFICATE----- 14 | ---- 15 | -------------------------------------------------------------------------------- /tests/pkcs12/certificate.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIICDDCCAW+gAwIBAgIIQcOa7kqxp9cwCgYIKoZIzj0EAwQwFjEUMBIGA1UEAwwL 3 | ZXhhbXBsZS5jb20wHhcNMjEwNDA0MTcwMTU3WhcNMjIwNDA0MTcwMTU3WjAWMRQw 4 | EgYDVQQDDAtleGFtcGxlLmNvbTCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAXIK 5 | VyKRhKOJjxXQtKJiTX9nM3lZs6qy632NYmG9BwJ74FidW1NYlT0eiN71nMHU9FOH 6 | BZ76AH0ISrbo3hjG7uFzAPMplhTwTlA7IcQoR8FOGjrN0w+H5YJZRtkfYU0hFETU 7 | F4quomVmbrxtcIgFRWLJdf7qciYYJyYc8ZlTZoHpZY02o2QwYjAdBgNVHQ4EFgQU 8 | nku+GxZTewB6/D2bJFQcOkBN4QMwDwYDVR0PAQH/BAUDAwfGADAPBgNVHRMBAf8E 9 | BTADAQH/MB8GA1UdIwQYMBaAFJ5LvhsWU3sAevw9myRUHDpATeEDMAoGCCqGSM49 10 | BAMEA4GKADCBhgJBfZBX4o5Df/fJUnzmQKo6KFFWlc70VkO3hXH6lUhVRLcT+Ame 11 | 6gJUjgYy65GryW4Tx/pFTI7tdX19UDm+kBvgv1sCQRIgxgt/eJ74VsRgt7Br3Smm 12 | px1uULyS4PIGBKT4O4C4bWS1wdzw8ZOlegss1+pkxYYrfJFNJYyBaqY0ScTpvE4F 13 | -----END CERTIFICATE----- 14 | ---- 15 | -------------------------------------------------------------------------------- /tests/regression/yubico.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIICGzCCAQWgAwIBAgIEQMQSJTALBgkqhkiG9w0BAQswLjEsMCoGA1UEAxMjWXVi 3 | aWNvIFUyRiBSb290IENBIFNlcmlhbCA0NTcyMDA2MzEwIBcNMTQwODAxMDAwMDAw 4 | WhgPMjA1MDA5MDQwMDAwMDBaMCoxKDAmBgNVBAMMH1l1YmljbyBVMkYgRUUgU2Vy 5 | aWFsIDEwODY1OTE1MjUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAStoklVeyhj 6 | RHTxPqBxr6GzZx1cOmWerwd4zSGAdQuLd9jrnB8zMHh6jOQgDEjAx7X6db7iWGok 7 | EpO42+jOPFrXoxIwEDAOBgorBgEEAYLECgEBBAAwCwYJKoZIhvcNAQELA4IBAQFY 8 | NAaBBxBKeCyS2D2BQAkRkvFmYl5AgPHK2C4Bp873yl8D8MiiZVM2Mcb+caEa5ec4 9 | 5CFF4WeJpx2VbJ4/RGP1Rg7kUcyl+2LcU2aRWZ+3o92m4y4XJE5JEPwIVJJj+1bi 10 | tgFi4GLEvHoxlKroIQbCr4f/OLsUwBK+QUvjhoNsou1CI3fFtJzgnOhDfHf/MAoj 11 | zo7dmP/kyqSy01yrM5OFJ1jc0XcQU4ZgQaayQWWxdVclUbyZuckSwabYdxvCjL67 12 | eDbtxHKI/0NeeCCaVntQ6dbqQxSzhvZ1gkUJNuWNuuJPQQyEn6rPsB71IyKNog5y 13 | peVFaGrk1mk+zOirhMJe 14 | -----END CERTIFICATE----- -------------------------------------------------------------------------------- /tests/regression/letsencrypt-root-x2.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIICGzCCAaGgAwIBAgIQQdKd0XLq7qeAwSxs6S+HUjAKBggqhkjOPQQDAzBPMQsw 3 | CQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFyY2gg 4 | R3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBYMjAeFw0yMDA5MDQwMDAwMDBaFw00 5 | MDA5MTcxNjAwMDBaME8xCzAJBgNVBAYTAlVTMSkwJwYDVQQKEyBJbnRlcm5ldCBT 6 | ZWN1cml0eSBSZXNlYXJjaCBHcm91cDEVMBMGA1UEAxMMSVNSRyBSb290IFgyMHYw 7 | EAYHKoZIzj0CAQYFK4EEACIDYgAEzZvVn4CDCuwJSvMWSj5cz3es3mcFDR0HttwW 8 | +1qLFNvicWDEukWVEYmO6gbf9yoWHKS5xcUy4APgHoIYOIvXRdgKam7mAHf7AlF9 9 | ItgKbppbd9/w+kHsOdx1ymgHDB/qo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0T 10 | AQH/BAUwAwEB/zAdBgNVHQ4EFgQUfEKWrt5LSDv6kviejM9ti6lyN5UwCgYIKoZI 11 | zj0EAwMDaAAwZQIwe3lORlCEwkSHRhtFcP9Ymd70/aTSVaYgLXTWNLxBo1BfASdW 12 | tL4ndQavEi51mI38AjEAi/V3bNTIZargCyzuFJ0nN6T5U6VR5CmD1/iQMVtCnwr1 13 | /q4AaOeMSQ+2b1tbFfLn 14 | -----END CERTIFICATE----- 15 | -------------------------------------------------------------------------------- /tests/csr/wild-foo-cn.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE REQUEST----- 2 | MIICWTCCAUECAQAwFDESMBAGA1UEAwwJKi5mb28uY29tMIIBIjANBgkqhkiG9w0B 3 | AQEFAAOCAQ8AMIIBCgKCAQEA1IoUG5fJRRxiYDxhZa5BPv7SWN9LDVD6DJ3F4cLx 4 | rbcXOooeCbbAIbBdmeVDa/kuHdFDb0ug69w+qRehi1NSJE2Q7JDAWg7hxWFnWKjB 5 | BD3Dlv6RJ90ClFUXhkJsoZbgOQaMAq4O6sC6YhGTw6L4QrkgZS+1xyERfQqa951q 6 | QHbXLFBsi/Ek/DGzphDuuSA7vbIwHKYQ4UXQTcPmCs+i/FxHd3bMkV0iHVD6xS6h 7 | la3k4YYi7Kr0QRbRxEvqGbVOqivPP4IFg3ZCItASLTbKGUFCgKvB9gspbFpc0eUH 8 | sr+NNoRuRq5mjaGmcHMLfY8KH2nxxKTQFh+cE6z30YQfHwIDAQABoAAwDQYJKoZI 9 | hvcNAQELBQADggEBAFHU22XEkexb31Wug07xi/QvNjDapeuhO+pzhSQ5lt3E2arU 10 | eQJqaMcl3Kzon93u8Hp5vcc48rBFe69xl/VTlwPTW4wt98MQKu7jgv2QDeH+Sq3+ 11 | b1wmMAslc+ORXlRFAk7U9bjHHMP6BN7l2C2ujBw6iK3OmiBfI4M3Si2PxCzVXReJ 12 | IMgUZOwa6BBmQ5D1a6njJiJCSMY2T0ttXU4e1/KxURYcvtzLxySxlbyvfwCtqNSY 13 | EMIiBxrfjIaLZ8CG4ybF9STqQP9B9s3NdiDJ7RQsXF1xlQrtXH88/YpW8Pf5u9O/ 14 | Ajf2IL7UZnriamhlAV3hofWiDJbqmh4n/9u14qs= 15 | -----END CERTIFICATE REQUEST----- 16 | -------------------------------------------------------------------------------- /tests/testcertificates/private/cakey.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIICXQIBAAKBgQDnYbQH7pFmGO6qTj4spAWZyjdt/lYJ/8xy4oCPlKamxOkR/cjN 3 | 71CgueqD05TyHd3j0iT2qvxzU4IwPIlPoqK9+gzFybn0u8rjP4UouRqcGS9w+ZPY 4 | PW8QrwWgf4pGALgWlbSm8VkYS6Z1QAQmNrYAve6puiNkXv3Nmwa1ViI7AQIDAQAB 5 | AoGAHDLREQJnH+078O92LlSTBioZ1ULg03kkPoASMO1p3fszeGjYdxiKV/wwc35u 6 | sY8oQqKStKkj+R4dSKmoBleIw6kJivVOnYOakHJcO5MYevXNi0B0Ban3ODi/AMye 7 | zJBS6TXeqaK0/SFGma79SrCVViIlFYP883oRdUX7DEw/NBECQQD1oML+/DNUCuLy 8 | VzwrGYgD1+BsSgQyeXjVNTDqP4Z1IEJc7w6pRBDOUrJcPNKZ5+qVUhwNlHl22ptn 9 | VxuI/MbdAkEA8SbwVbNgWDPFjWwLBpUX2z9dE4u5P2Z5f6T84X4fL0zHJstxtghn 10 | 7QFbT4Gn2XJc0WxDBb6IN8HHY+n9olc4dQJBAKYJdubAer3r4f9pQq3rw0q9yeHJ 11 | os6v2CNfomImcPCJzvJdUq7O6QFfW1wIbWBGKgeoCniPjg/utDAF7QILxS0CQQCu 12 | QaH3e6gJ9FczizgoaIIVpyLd5eBVxPnU1+b4Fof4SPW7vdUMYeSfKZTOzfT5Nx+F 13 | IUMJGpYaHEe1ljb2ISqlAkA4qD6bweRPfRVC3FIH/l0//5yPZ5KpUadtmyF427Pf 14 | 8gbIdJsMLE37Ah0NHz3nS4eWYPoHBjcd4Hc8aJxvpK4s 15 | -----END RSA PRIVATE KEY----- 16 | -------------------------------------------------------------------------------- /tests/testcertificates/cacert.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIICazCCAdSgAwIBAgIJAM7c1BlUjOksMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV 3 | BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX 4 | aWRnaXRzIFB0eSBMdGQwHhcNMTQwNjA2MTI1NjI1WhcNMjQwNjAzMTI1NjI1WjBF 5 | MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50 6 | ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB 7 | gQDnYbQH7pFmGO6qTj4spAWZyjdt/lYJ/8xy4oCPlKamxOkR/cjN71CgueqD05Ty 8 | Hd3j0iT2qvxzU4IwPIlPoqK9+gzFybn0u8rjP4UouRqcGS9w+ZPYPW8QrwWgf4pG 9 | ALgWlbSm8VkYS6Z1QAQmNrYAve6puiNkXv3Nmwa1ViI7AQIDAQABo2MwYTAdBgNV 10 | HQ4EFgQUn3MQYUIRTYLK8P836RfDIMjbHkowHwYDVR0jBBgwFoAUn3MQYUIRTYLK 11 | 8P836RfDIMjbHkowEgYDVR0TAQH/BAgwBgEB/wIBZDALBgNVHQ8EBAMCAQYwDQYJ 12 | KoZIhvcNAQEFBQADgYEAX0qcQDr2Dw6qJkMVZZUmdrnGZ0npmYG7mPH4IN45h1IS 13 | NhpsLAxY0kfPF/gcwGmRzzifUnAZ4huDudUrOWVvVg7Wi5OE1JF2g8nFUzV/z0Cs 14 | 1tUEcSFgWnP8a8CNfXOXq1CSd9IctfoLJ7C/e9vOqw+n5MT85TCbHr/Ib2eYzaQ= 15 | -----END CERTIFICATE----- 16 | -------------------------------------------------------------------------------- /tests/testcertificates/cacert-pathlen-0.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIICazCCAdSgAwIBAgIJAO2nNZ05JgguMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV 3 | BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX 4 | aWRnaXRzIFB0eSBMdGQwHhcNMTQwNjA2MTQ0NzAyWhcNMjQwNjAzMTQ0NzAyWjBF 5 | MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50 6 | ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB 7 | gQDnYbQH7pFmGO6qTj4spAWZyjdt/lYJ/8xy4oCPlKamxOkR/cjN71CgueqD05Ty 8 | Hd3j0iT2qvxzU4IwPIlPoqK9+gzFybn0u8rjP4UouRqcGS9w+ZPYPW8QrwWgf4pG 9 | ALgWlbSm8VkYS6Z1QAQmNrYAve6puiNkXv3Nmwa1ViI7AQIDAQABo2MwYTAdBgNV 10 | HQ4EFgQUn3MQYUIRTYLK8P836RfDIMjbHkowHwYDVR0jBBgwFoAUn3MQYUIRTYLK 11 | 8P836RfDIMjbHkowEgYDVR0TAQH/BAgwBgEB/wIBADALBgNVHQ8EBAMCAQYwDQYJ 12 | KoZIhvcNAQEFBQADgYEAvt+gNpcPebMBYJ3O4346P3ClBfp+jje3GczWqZcWaZMB 13 | JLxLAIhBu62+10R6zEFIEsfefQhX+tFXNI6o1c2eHAeXb1DBnx/iMSoZG4P2UY25 14 | trpv9k0FrLhJlXesgZUV8QyISEoGDv9bghwikArxxvu1Lpw2W1v5eedQMTCVWDg= 15 | -----END CERTIFICATE----- 16 | -------------------------------------------------------------------------------- /tests/testcertificates/intermediate/private/cakey.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIICXAIBAAKBgQDKUyb56vQbinDAjBcXxK9pYXpij3mBnhacIlxkJfqzvr3RhJh7 3 | Bhg1kjrGS3e0kGFt4W7pvQpyp/snUazGQ1+5YEGnryj/a2Jq/1QWBoRIlE4m/rsr 4 | 87KKvqKhiNFMiY4pYEGfFlUxVYbAkPSwXmN9GNjZ+wrz35KQsXjmLsgJFQIDAQAB 5 | AoGAJnKix39UoB8wygZVJRklVFtHzI8DQhRuq4EEGav19k5a+APAjjBcTWHadXBF 6 | 8TQ2r5DVaOmZoKw3WAN3V73Z5KNy8qG7BUi/c7uMkJAnDfXVRGZU58b+K/ga8AeZ 7 | bQ+agYmyo18//EtxHrrcG/bmz/5DEN796npmaDMICrY4X0ECQQD68e9bB93w5/Qk 8 | OwCyT1AaJeblVzDfxvMZfG31UPaZLGS9F12yUAiXy/B+6KGKuLcItHz2Rr5MCD7S 9 | 1/EtkeEpAkEAzmZ+eJouwxtdLow71eE5fzrT8ZFoEOEMUDHVTAUckUzmtuUVkYCg 10 | LmL+2wXf0NsFGw5N7fmAGsc8Ao4XnXQKDQJAL+XP1uM4hIvxeJzedCpZUrRbTvkG 11 | diAGNJ4gasuKVhA4JjN4idlm2nptq/uBIfZB0WKJ24QDPIXyX9Ih0Z3fiQJAQ4gv 12 | i0BPWpEifO9vSHyntmRGIn0EArnPsJGNi5EEltoFhwQPeYsPXf4QCxOx9oEi+4ZD 13 | o0CGVLypeuCJA4CLJQJBAPp2SyfdblsIez+wzzt3e/W6lhBX1BiRgg9pZ7GUwhTN 14 | IQ1FKqflqank2Gk/7mcgHDDtNGgQ+ewxjsdAWX/veX0= 15 | -----END RSA PRIVATE KEY----- 16 | -------------------------------------------------------------------------------- /tests/testcertificates/cacert-keyusage-crlsign.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIICaDCCAdGgAwIBAgIJAIr4AbIHNEAnMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV 3 | BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX 4 | aWRnaXRzIFB0eSBMdGQwHhcNMTQwNjA2MTQ0ODM1WhcNMjQwNjAzMTQ0ODM1WjBF 5 | MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50 6 | ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB 7 | gQDnYbQH7pFmGO6qTj4spAWZyjdt/lYJ/8xy4oCPlKamxOkR/cjN71CgueqD05Ty 8 | Hd3j0iT2qvxzU4IwPIlPoqK9+gzFybn0u8rjP4UouRqcGS9w+ZPYPW8QrwWgf4pG 9 | ALgWlbSm8VkYS6Z1QAQmNrYAve6puiNkXv3Nmwa1ViI7AQIDAQABo2AwXjAdBgNV 10 | HQ4EFgQUn3MQYUIRTYLK8P836RfDIMjbHkowHwYDVR0jBBgwFoAUn3MQYUIRTYLK 11 | 8P836RfDIMjbHkowDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAQIwDQYJKoZI 12 | hvcNAQEFBQADgYEALzv9za/FuK9or2E2gNjK3seGlM8L2p8UjrbOBRv1U6SlErA/ 13 | smGfRefwtisUkkXTsR6WuGvTZhbjgIh2d/HaUqekQlcTNd3WNESfBek4wjkE6LR3 14 | sZQ5+cAQI9zsENCp+fE7dfgRtRgEYEaHxchNQVmYde8cHL1ye0AKcakvtWY= 15 | -----END CERTIFICATE----- 16 | -------------------------------------------------------------------------------- /tests/testcertificates/cacert-basicconstraint-ca-false.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIICZTCCAc6gAwIBAgIJAPcD62VeqwKRMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV 3 | BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX 4 | aWRnaXRzIFB0eSBMdGQwHhcNMTQwNjA2MTQ0OTE4WhcNMjQwNjAzMTQ0OTE4WjBF 5 | MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50 6 | ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB 7 | gQDnYbQH7pFmGO6qTj4spAWZyjdt/lYJ/8xy4oCPlKamxOkR/cjN71CgueqD05Ty 8 | Hd3j0iT2qvxzU4IwPIlPoqK9+gzFybn0u8rjP4UouRqcGS9w+ZPYPW8QrwWgf4pG 9 | ALgWlbSm8VkYS6Z1QAQmNrYAve6puiNkXv3Nmwa1ViI7AQIDAQABo10wWzAdBgNV 10 | HQ4EFgQUn3MQYUIRTYLK8P836RfDIMjbHkowHwYDVR0jBBgwFoAUn3MQYUIRTYLK 11 | 8P836RfDIMjbHkowDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCAQYwDQYJKoZIhvcN 12 | AQEFBQADgYEArlKvupOurdhs55LfUJsLDtWSNE91uFsMMXBPYEar479oF8dhiZ48 13 | xFmB2kKaFPP6M/IKkAsbfPb9tC1SjeytG7ee/yTKTxyW39p1LIL6VJjeHs6lASfp 14 | raJ6S9KiA5p/NYU+FJHIccyjnMSHyIEq59M10udwQEBcNaz/OC6Piag= 15 | -----END CERTIFICATE----- 16 | -------------------------------------------------------------------------------- /tests/testcertificates/cacert-ext-usage.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIICfDCCAeWgAwIBAgIJAIoGsKuY0469MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV 3 | BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX 4 | aWRnaXRzIFB0eSBMdGQwHhcNMTQwNjA3MTQyODUwWhcNMjQwNjA0MTQyODUwWjBF 5 | MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50 6 | ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB 7 | gQDnYbQH7pFmGO6qTj4spAWZyjdt/lYJ/8xy4oCPlKamxOkR/cjN71CgueqD05Ty 8 | Hd3j0iT2qvxzU4IwPIlPoqK9+gzFybn0u8rjP4UouRqcGS9w+ZPYPW8QrwWgf4pG 9 | ALgWlbSm8VkYS6Z1QAQmNrYAve6puiNkXv3Nmwa1ViI7AQIDAQABo3QwcjAdBgNV 10 | HQ4EFgQUn3MQYUIRTYLK8P836RfDIMjbHkowHwYDVR0jBBgwFoAUn3MQYUIRTYLK 11 | 8P836RfDIMjbHkowDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAQYwEgYDVR0l 12 | AQH/BAgwBgYEVR0lADANBgkqhkiG9w0BAQUFAAOBgQByiIZb2wNUHIT3WHTJD4lD 13 | ExMnKn2BSoP24vCJHi/iDbbsMCoaTDv3e5YxBUMoEFEhT1ozHfpU0u+VfFIy9VFC 14 | Ks7Ths7n+7lyzecEJ9eJiq9f8vRCgr4ZhEbK/c7yH707PqOeQ5pSVT9FCM889ZSr 15 | 4EkUhWofJr+JGbnSzn/rxQ== 16 | -----END CERTIFICATE----- 17 | -------------------------------------------------------------------------------- /tests/testcertificates/intermediate/second/second.key: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAOQT5/CXh2Jf4sx5 3 | slV318K4udNRuXJvFRO1lOdUjsEYN2zYC5BapF2lDkJ0Tn6t6TQ3p23lMMZBe/iF 4 | 6WGEzNiA8n+vbiK8LM4nH0r9NrwcnfVf6bSWD4gxj6dtOFSofiwcHHKMLwsKcW/S 5 | 1cas6eDpfnJGQ6AAYDNi13r/Hn93AgMBAAECgYB4qOtIhfGSoqWKhUtKGfekRTPR 6 | zudr2cZtwd9/rmVDVDtmMrmTadCQ1hRAJeWs8PZxsIu8AMcX62bZaIa6F5aCZ7IU 7 | Jwwd9rt6o9pbBh2lcBO+iy+oCwFv7BImP6jFH7ODC7DYrwich2iEWIqNbhoLD8+7 8 | 0B9klyIlpc39fbL+2QJBAPH+cGq330uE8GVWyw3A8GVnkMrrcKKG+EAXMp0cCdSe 9 | YhoGPURk/Uww78GKfCmRFAVkNRQj4fJ+sIc16+nTf4sCQQDxR0Zk5T7sH2A9N2da 10 | Al6q/523sA5AkF/wJ9xmcT5HfZ/xFx0R96TSHR6SplbvXALUeQTWTmbuHkInraxi 11 | Sz1FAkEAk34I9oJrTpQQETP9PrzByIx+667kT6sD08xPxQI526VNFZ+H6A/FcpLB 12 | Dq1hT9Rk54RT9ZqJNEuTPFXZHAMUUQJAXe5rn1gIORC1/N8W41nM1TGSizKFOel7 13 | EBnUmiU4I8jqfYeMD7SjfBFOF7WeXq0phOJgWbZIKCerhZr9Y377KQJAdYo+p8B8 14 | uwp+Yq/9S+JrXtwLYOFYDm5lPykGp1rHZKzJdU6hYMednsSZ0FWZn2M5l0lhgPPs 15 | mPVCW2CSvF+p9Q== 16 | -----END PRIVATE KEY----- 17 | -------------------------------------------------------------------------------- /tests/testcertificates/cacert-ext-usage-timestamping.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIICgDCCAemgAwIBAgIJAKmh6BrU3QWMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV 3 | BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX 4 | aWRnaXRzIFB0eSBMdGQwHhcNMTQwNjA3MTQyOTIyWhcNMjQwNjA0MTQyOTIyWjBF 5 | MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50 6 | ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB 7 | gQDnYbQH7pFmGO6qTj4spAWZyjdt/lYJ/8xy4oCPlKamxOkR/cjN71CgueqD05Ty 8 | Hd3j0iT2qvxzU4IwPIlPoqK9+gzFybn0u8rjP4UouRqcGS9w+ZPYPW8QrwWgf4pG 9 | ALgWlbSm8VkYS6Z1QAQmNrYAve6puiNkXv3Nmwa1ViI7AQIDAQABo3gwdjAdBgNV 10 | HQ4EFgQUn3MQYUIRTYLK8P836RfDIMjbHkowHwYDVR0jBBgwFoAUn3MQYUIRTYLK 11 | 8P836RfDIMjbHkowDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAQYwFgYDVR0l 12 | AQH/BAwwCgYIKwYBBQUHAwgwDQYJKoZIhvcNAQEFBQADgYEAjDf6zUCyJkvOsDrk 13 | ehK3svOhOorccDBflNO590ToMfWXXF3sU5dpZ2tZ0/UZSlFyc5Uzj/nGpielSMcK 14 | zEpQRQS7ZGV7JZ08aNEz7g4n8VxUWW+y2w2R+oX2IEyIdIkSkQK32+TOXkPMHizN 15 | pAeW++JBXYY6QmJW499y2z1UquE= 16 | -----END CERTIFICATE----- 17 | -------------------------------------------------------------------------------- /tests/testcertificates/cacert-unknown-extension.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIICgzCCAeygAwIBAgIJAJtKIRp+wJhvMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV 3 | BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX 4 | aWRnaXRzIFB0eSBMdGQwHhcNMTQwNjA2MTcxODE5WhcNMjQwNjAzMTcxODE5WjBF 5 | MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50 6 | ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB 7 | gQDnYbQH7pFmGO6qTj4spAWZyjdt/lYJ/8xy4oCPlKamxOkR/cjN71CgueqD05Ty 8 | Hd3j0iT2qvxzU4IwPIlPoqK9+gzFybn0u8rjP4UouRqcGS9w+ZPYPW8QrwWgf4pG 9 | ALgWlbSm8VkYS6Z1QAQmNrYAve6puiNkXv3Nmwa1ViI7AQIDAQABo3sweTAdBgNV 10 | HQ4EFgQUn3MQYUIRTYLK8P836RfDIMjbHkowHwYDVR0jBBgwFoAUn3MQYUIRTYLK 11 | 8P836RfDIMjbHkowDwYDVR0TAQH/BAUwAwEB/zAZBgMqAwQEEgwQU29tZSByYW5k 12 | b20gZGF0YTALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEFBQADgYEAzri5kJWI1YTQ 13 | EHCZIf5BXFxpdFKNmMIidkrynGHHVKluVzbroG23I5elnxP3z97za33NpQlk6p1h 14 | TUfFB/+J4FpguXKW6JW3BpY/1jYKKC18NhY3OHubYNdGjqZKPybVm2ZaH3B23q0D 15 | 3IpbNRIxzTmSaWAJZ/zibkW5o2sNRAo= 16 | -----END CERTIFICATE----- 17 | -------------------------------------------------------------------------------- /tests/testcertificates/cacert-unknown-critical-extension.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIICijCCAfOgAwIBAgIJAMtobgMI4HeQMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV 3 | BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX 4 | aWRnaXRzIFB0eSBMdGQwHhcNMTQwNjA2MTQ0NjIyWhcNMjQwNjAzMTQ0NjIyWjBF 5 | MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50 6 | ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB 7 | gQDnYbQH7pFmGO6qTj4spAWZyjdt/lYJ/8xy4oCPlKamxOkR/cjN71CgueqD05Ty 8 | Hd3j0iT2qvxzU4IwPIlPoqK9+gzFybn0u8rjP4UouRqcGS9w+ZPYPW8QrwWgf4pG 9 | ALgWlbSm8VkYS6Z1QAQmNrYAve6puiNkXv3Nmwa1ViI7AQIDAQABo4GBMH8wHQYD 10 | VR0OBBYEFJ9zEGFCEU2CyvD/N+kXwyDI2x5KMB8GA1UdIwQYMBaAFJ9zEGFCEU2C 11 | yvD/N+kXwyDI2x5KMBIGA1UdEwEB/wQIMAYBAf8CAWQwCwYDVR0PBAQDAgEGMBwG 12 | AyoDBAEB/wQSDBBTb21lIHJhbmRvbSBkYXRhMA0GCSqGSIb3DQEBBQUAA4GBAOaD 13 | h3bVjpAdkP6T0D5iVMRS1+cHevvv0HctwxpXwLdqkKU/I2/wR7y99ts9a6ro33Pg 14 | dWCT8plnDsUyU86OJ2+j21U94pihBZ/bn8+cfP0WTT112ZnjOzvMftG4b0I+VnHp 15 | RVGg7KV/er29BP0LA1iZbbLe45ADJGkQR1Ggm3rF 16 | -----END CERTIFICATE----- 17 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ## X.509 - Public Key Infrastructure purely in OCaml 2 | 3 | %%VERSION%% 4 | X.509 is a public key infrastructure used mostly on the Internet. It consists 5 | of certificates which include public keys and identifiers, signed by an 6 | authority. Authorities must be exchanged over a second channel to establish the 7 | trust relationship. This library implements most parts of 8 | [RFC5280](https://tools.ietf.org/html/rfc5280) and 9 | [RFC6125](https://tools.ietf.org/html/rfc6125). The 10 | [Public Key Cryptography Standards (PKCS)](https://en.wikipedia.org/wiki/PKCS) 11 | defines encoding and decoding in ASN.1 DER and PEM format, which is also 12 | implemented by this library - namely PKCS 1, PKCS 7, PKCS 8, PKCS 9 and PKCS 10. 13 | 14 | Read our [Usenix Security 2015 paper](https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/kaloper-mersinjak). 15 | 16 | ## Documentation 17 | 18 | [API documentation](https://mirleft.github.io/ocaml-x509/doc) 19 | 20 | ## Installation 21 | 22 | `opam install x509` will install this library. 23 | -------------------------------------------------------------------------------- /tests/csr/wild-bar.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE REQUEST----- 2 | MIICrDCCAZQCAQAwEjEQMA4GA1UEAwwHZm9vLmNvbTCCASIwDQYJKoZIhvcNAQEB 3 | BQADggEPADCCAQoCggEBAMQibfgxbLeWXHbhy9olGapJd7zUQXWmbMkVUF0BWWaI 4 | 2BmdYHJYhupoK3kY5NQL/ghz3TwHU+K8lKMzQt0sX0w44VzHv8hG8wYHEjKvyL81 5 | o97c/eYxT703oGu1h9WwtwtRVOcZB+hHaQej/KYBJ3Npsy/gtMwnkCMIZrNziBR/ 6 | 6OHH2DmZ/k02tMdFGkcAuUFpnHQoRUr7xdh204lXbb6vvg7dnntZpW79Q3e2CZSZ 7 | Sbb3Q5AD2jQ+qO8A/78hExnpesH8vl9AjGNdM/XUlRwXmkj2SRsKd8RBg75GC8nr 8 | xyjCb3EmUAWJaQwDaaj4Wsqtu48D1QLDGfXjdjC2qvMCAwEAAaBVMFMGCSqGSIb3 9 | DQEJDjFGMEQwQgYDVR0RBDswOYITeW91ci1uZXctZG9tYWluLmNvbYIXd3d3Lnlv 10 | dXItbmV3LWRvbWFpbi5jb22CCSouYmFyLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEA 11 | iKYGNYylPp0qMdxYvS1tIlzGSLs8NA2H9vzohlBPaqU0yYrUh7YwDoDtWjkofBax 12 | fxJsZlO9wBCGNMaTwNxx3uvJ0mPhlQDJvBFcTeOaUwH7Fys2/DKI5JylXEnGbzzk 13 | pw4SqOblw+yGoossvpSWEaXvwX+XiLa3JpMWOT6E+qSqRUUKoJz8tHXBel1T0tL3 14 | SSpSeTBELAkwXV/BWmY8HmsphKGGUKVvdIRrgR7YWMGEU3TR3VhTayc5EO1HpEB7 15 | gZqaVwT29OnQYRfM9EbXRYnqX2guiM/KoouSoLy9NhyVawoOqfAaf6Ysl5JayNL9 16 | QFkrH58zDK3hkOVni7NQ4g== 17 | -----END CERTIFICATE REQUEST----- 18 | -------------------------------------------------------------------------------- /tests/csr/your-new-domain.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE REQUEST----- 2 | MIICsTCCAZkCAQAwIjEgMB4GA1UEAwwXd3d3LnlvdXItbmV3LWRvbWFpbi5jb20w 3 | ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD55xIzpxhQ5Jgz7mc5kZzQ 4 | OiRRuOAx392yBlr0T36rYSpOObwmQtdNou4ireQXIQ27U/t4Kiw4n2xStCSOK2EP 5 | mxgC0JrlL7w7dRDfy4kChzzxoyRVR55VOejhR5XGLy67BchyMCI+pt/0cWCpECrK 6 | UorOgm5eHLDt0djtqaPtdqjwSiiPX/bK3+8vg8NwRvyBekC41znWoTwMNH1FDCHa 7 | /mOQT75c3gmIaUVYBD/yEM5EWEgpkQSSsIi6XynbeAZCeDodNJQt2c7z1iYPHw1Q 8 | wJqLBKrGsGfKlnfF0THf9hzndBEh+RSF1uvt5NbsPHMD5AZEClOwBoJ34IltR1wV 9 | AgMBAAGgSjBIBgkqhkiG9w0BCQ4xOzA5MDcGA1UdEQQwMC6CE3lvdXItbmV3LWRv 10 | bWFpbi5jb22CF3d3dy55b3VyLW5ldy1kb21haW4uY29tMA0GCSqGSIb3DQEBCwUA 11 | A4IBAQDBaQbBgdtWV2+Xzd6AvfnCl1lE8NNyZBNOmhL5yotJhPqKgByzHjCd1pBV 12 | guGd941hVNDqPbrKWbeUf1zgaX/oN2HbbedisH2ntocs4UWsAD2cDzh3P8aE3ixX 13 | JgjnqmMKwLQHupFVIFHOY/9UgFcc+fgvQkOGiJWpB1AYds/++Ucn5SmPEIbJmXBN 14 | 9+tL2vCH0Dd4rV22SfpENqKf1whFjJEDrrvwwlj9eQjkaqm7APi2ypiTiMDQvzr1 15 | nDszGkTwXQCRto4NSNSexAWQhH00iI/jqssjVVhrwCTfJfEMP8BIf2+ONAWmAoxC 16 | ttuCrpcG94ErCLrrCHpMRiy5iLKO 17 | -----END CERTIFICATE REQUEST----- 18 | -------------------------------------------------------------------------------- /lib/host.ml: -------------------------------------------------------------------------------- 1 | type t = [ `Strict | `Wildcard ] * [ `host ] Domain_name.t 2 | 3 | let pp_typ ppf = function 4 | | `Strict -> Fmt.nop ppf () 5 | | `Wildcard -> Fmt.string ppf "*." 6 | 7 | let pp ppf (typ, nam) = 8 | Fmt.pf ppf "%a%a" pp_typ typ Domain_name.pp nam 9 | 10 | module Set = struct 11 | include Set.Make(struct 12 | type nonrec t = t 13 | let compare a b = match a, b with 14 | | (`Strict, a), (`Strict, b) 15 | | (`Wildcard, a), (`Wildcard, b) -> Domain_name.compare a b 16 | | (`Strict, _), (`Wildcard, _) -> -1 17 | | (`Wildcard, _), (`Strict, _) -> 1 18 | end) 19 | 20 | let pp ppf s = 21 | Fmt.(list ~sep:(any ", ") pp) ppf (elements s) 22 | end 23 | 24 | let is_wildcard name = 25 | match Domain_name.get_label name 0 with 26 | | Ok "*" -> Some (Domain_name.drop_label_exn name) 27 | | _ -> None 28 | 29 | let host name = 30 | match Domain_name.of_string name with 31 | | Error _ -> None 32 | | Ok dn -> 33 | let wild, name = match is_wildcard dn with 34 | | None -> `Strict, dn 35 | | Some dn' -> `Wildcard, dn' 36 | in 37 | match Domain_name.host name with 38 | | Error _ -> None 39 | | Ok hostname -> Some (wild, hostname) 40 | 41 | -------------------------------------------------------------------------------- /tests/regression/until_frac_s.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDZjCCAk6gAwIBAgIJAK8XzYo2Lc2EMA0GCSqGSIb3DQEBCwUAMDIxMDAuBgNV 3 | BAMMJ3ZhbGlkX3VudGlsX2NvbnRhaW5zX2ZyYWN0aW9uYWxfc2Vjb25kczAkFw0y 4 | MDA0MjcwOTM0NTNaGBM5OTk5MTIzMTIzNTk1OS45OTlaMDIxMDAuBgNVBAMMJ3Zh 5 | bGlkX3VudGlsX2NvbnRhaW5zX2ZyYWN0aW9uYWxfc2Vjb25kczCCASIwDQYJKoZI 6 | hvcNAQEBBQADggEPADCCAQoCggEBALcbxMTFe2X1kKGSd1zK0W7fY2eDzgng1UzN 7 | 1oLOFFpPlT88cJADtJIpFvdntLBWphAu/hq53tUYS/TSrTy1f+WH4fFuBiJPO8FW 8 | 8xsRhdmx5XwIAyYUhO5onXeBH0nhGS/VxAE/QUj0T1cxgEjJjiwbbF2z3+/4vygM 9 | Ob+0eMdJZD7LL4YBDG5Ttm60s6Gcuw2zapfDI8x7E9rmAGHpqD4XJXuPDoXsh5UC 10 | lOaXH36MNjBdHWcxNzGm3Uwe3EUrumrKXhIzqL1l+/Ku0gJ7nQD9etyLTaJEsxfz 11 | xheAfq/4mnZvYaFq41fp/bCg0etNupFY0Eb4YJVPZrkl/xAh59cCAwEAAaN5MHcw 12 | HQYDVR0OBBYEFDhp/reJqyj1UqrTKuKilkA9Q79cMA8GA1UdDwEB/wQFAwMHoAAw 13 | DAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBQ4af63iaso9VKq0yriopZAPUO/XDAW 14 | BgNVHSUBAf8EDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAQEAAdaTDIV4 15 | wR7xrqLWO9Gt+QS1wUfAe014KJ3WF/8IObHGU1mLPP5KqFnR4w7PikJxqHvdQOC3 16 | NA1ApbkqiNOGEciF6Q5wew42GLOr6EdT0/3L3PLkV/MEIkbT2qqLhIkyzi9BmIFq 17 | pW6w2r3fzyhWsBZm8+odY8WVLnNR1kczc4RE4pYOn8Nyxdo7la4k0op7jawWfLJK 18 | VVXLng0bmXjmVqbzIQQbTyXAC6bPh4iF1uXQ28k4g87xOBYJOkEHqwvJaSuXfPAg 19 | rTJaozrqyrzolduRX23yLMyNSU+I1IN8qbi7R1JZMxTlDS2tMmXCU3HC0YdEg/5T 20 | /WxH7VMSXkFZuA== 21 | -----END CERTIFICATE----- 22 | -------------------------------------------------------------------------------- /tests/csr/your-new-domain-raw.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE REQUEST----- 2 | MIIDYDCCAkgCAQAwgdAxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazES 3 | MBAGA1UEBwwJUm9jaGVzdGVyMRIwEAYDVQQKDAlFbmQgUG9pbnQxFzAVBgNVBAsM 4 | DlRlc3RpbmcgRG9tYWluMUswSQYJKoZIhvcNAQkBFjx5b3VyLWFkbWluaXN0cmF0 5 | aXZlLWFkZHJlc3NAeW91ci1hd2Vzb21lLWV4aXN0aW5nLWRvbWFpbi5jb20xIDAe 6 | BgNVBAMMF3d3dy55b3VyLW5ldy1kb21haW4uY29tMIIBIjANBgkqhkiG9w0BAQEF 7 | AAOCAQ8AMIIBCgKCAQEAzARXVEb2i5eR/bhyFrO34kQ4tdFK72j3hUMTRs2hdvUw 8 | LxKQPcRA+XeXdbJHiLXEJHHn0cd+7FQB1DPMCzEZY6eJGDi3iwaeZ/ybiHEcoNqH 9 | 5xV4QSNUaDfNzrSOnTRvhfg8Bn/YTCRaDhwxVZt0nU8p4ntrFieCyMD0Js70uFAM 10 | KAo4HWjd576jhL3fYROBWiwttP3JPJPzYjsvF7kgYeckfw88ORkrFxxxKaLZCtmr 11 | chDKZRQa6qu6Pd9KQFw2W+F9JzbYVTwiR2RmS9kqP7iajpNvKJTWVDM7Ixdw/lTd 12 | jOHYzoPFqbgVtjbNRwo1eNvqJbTcV/NCYJvj3s/KfQIDAQABoEowSAYJKoZIhvcN 13 | AQkOMTswOTA3BgNVHREEMDAughN5b3VyLW5ldy1kb21haW4uY29tghd3d3cueW91 14 | ci1uZXctZG9tYWluLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAss2p+UK+ZygWtiKm 15 | HBKTqjRHwUKO485uNG2XBIQJzKOYjvRj2vA7qCi2Hb1Pr1ReWY29oqMXN1RdMrcb 16 | Ic+Wt4Jxipg8Pu5O/+cQNc49D8U2umpY99nO/DMkjKVAhbOOFwTqahcPfrKuTOpb 17 | UC7KzVcYi3HFoSdRRJ7Cf3bpxKIJjl2ju/8Tay4+zEYsJgdBEqTcMw4RhaD8T0vB 18 | h0n1Bt5cE6Meic2+gaz4sIhAiFH9oH4lJutcWoRxXEAwMorFk7DlzrGzc1XB2oqI 19 | KXczg1QAUmAGNq4gyQ1F3czq94XYtNGsUT644lS3Fh8hGIQUI7gYNAGY7Niba1YM 20 | KfAccQ== 21 | -----END CERTIFICATE REQUEST----- 22 | -------------------------------------------------------------------------------- /tests/crl/3.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDkjCCAnqgAwIBAgIRAIW9S/PY2uNp9pTXX8OlRCMwDQYJKoZIhvcNAQEFBQAw 3 | PTELMAkGA1UEBhMCRlIxETAPBgNVBAoTCENlcnRwbHVzMRswGQYDVQQDExJDbGFz 4 | cyAyIFByaW1hcnkgQ0EwHhcNOTkwNzA3MTcwNTAwWhcNMTkwNzA2MjM1OTU5WjA9 5 | MQswCQYDVQQGEwJGUjERMA8GA1UEChMIQ2VydHBsdXMxGzAZBgNVBAMTEkNsYXNz 6 | IDIgUHJpbWFyeSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANxQ 7 | ltAS+DXSCHh6tlJw/W/uz7kRy1134ezpfgSN1sxvc0NXYKwzCkTsA18cgCSR5aiR 8 | VhKC9+Ar9NuuYS6JEI1rbLqzAr3VNsVINyPi8Fo3UjMXEuLRYE2+L0ER4/YXJQyL 9 | kcAbmXuZVg2v7tK8R1fjeUl7NIknJITesezpWE7+Tt9avkGtrAjFGA7v0lPubNCd 10 | EgETjdyAYveVqUSISnFOYFWe2yMZeVYHDD9jC1yw4r5+FfyUM1hBOHTE4Y+L3yas 11 | H7WLO7dDWWuwJKZtkIvEcupdM5i3y95ee++U8Rs+yskhwcWYAqqi9lt3m/V+llU0 12 | HGdpwPFC40es/CgcZlUCAwEAAaOBjDCBiTAPBgNVHRMECDAGAQH/AgEKMAsGA1Ud 13 | DwQEAwIBBjAdBgNVHQ4EFgQU43Mt38sOKAze3bOkynm4jrvoMIkwEQYJYIZIAYb4 14 | QgEBBAQDAgEGMDcGA1UdHwQwMC4wLKAqoCiGJmh0dHA6Ly93d3cuY2VydHBsdXMu 15 | Y29tL0NSTC9jbGFzczIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCnVM+IRBnL39R/ 16 | AN9WM2K191EBkOvDP9GIROkkXe/nFL0gt5o8AP5tn9uQ3Nf0YtaLcF3n5QRIqWh8 17 | yfFC82x/xXp8HVGIutIKPidd3i1RTtMTZGnkLuPT55sJmabglZvOGtd/vjzOUrMR 18 | FcEPF80Du5wlFbqidon8BvEY0JNLDnyCt6X09l/+7UCmnYR0ObncHoUW2ikbhiMA 19 | ybuJfm6AiB4vFLQDJKgybwOaRywwvlbGp0ICcBvqQNi6BQNwB6SW//1IMwrh3KWB 20 | kJtN3X3n57LNXMhqlfil9o3EXXgIvnsG1knPGTZQIy4I5p4FTUcY1Rbpsda2ENW7 21 | l7+ijrRU 22 | -----END CERTIFICATE----- 23 | 24 | -------------------------------------------------------------------------------- /LICENSE.md: -------------------------------------------------------------------------------- 1 | Copyright (c) 2014, David Kaloper and Hannes Mehnert 2 | All rights reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without 5 | modification, are permitted provided that the following conditions are met: 6 | 7 | * Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | * Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation 12 | and/or other materials provided with the distribution. 13 | 14 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -------------------------------------------------------------------------------- /tests/crl/9.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDkzCCAnugAwIBAgIQFBOWgxRVjOp7Y+X8NId3RDANBgkqhkiG9w0BAQUFADA0 3 | MRMwEQYDVQQDEwpDb21TaWduIENBMRAwDgYDVQQKEwdDb21TaWduMQswCQYDVQQG 4 | EwJJTDAeFw0wNDAzMjQxMTMyMThaFw0yOTAzMTkxNTAyMThaMDQxEzARBgNVBAMT 5 | CkNvbVNpZ24gQ0ExEDAOBgNVBAoTB0NvbVNpZ24xCzAJBgNVBAYTAklMMIIBIjAN 6 | BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8ORUaSvTx49qROR+WCf4C9DklBKK 7 | 8Rs4OC8fMZwG1Cyn3gsqrhqg455qv588x26i+YtkbDqthVVRVKU4VbirgwTyP2Q2 8 | 98CNQ0NqZtH3FyrV7zb6MBBC11PN+fozc0yz6YQgitZBJzXkOPqUm7h65HkfM/sb 9 | 2CEJKHxNGGleZIp6GZPKfuzzcuc3B1hZKKxC+cX/zT/npfo4sdAMx9lSGlPWgcxC 10 | ejVb7Us6eva1jsz/D3zkYDaHL63woSV9/9JLEYhwVKZBqGdTUkJe5DSe5L6j7Kpi 11 | Xd3DTKaCQeQzC6zJMw9kglcq/QytNuEMrkvF7zuZ2SOzW120V+x0cAwqTwIDAQAB 12 | o4GgMIGdMAwGA1UdEwQFMAMBAf8wPQYDVR0fBDYwNDAyoDCgLoYsaHR0cDovL2Zl 13 | ZGlyLmNvbXNpZ24uY28uaWwvY3JsL0NvbVNpZ25DQS5jcmwwDgYDVR0PAQH/BAQD 14 | AgGGMB8GA1UdIwQYMBaAFEsBmz5WGmU2dst7l6qSBe4y5ygxMB0GA1UdDgQWBBRL 15 | AZs+VhplNnbLe5eqkgXuMucoMTANBgkqhkiG9w0BAQUFAAOCAQEA0Nmlfv4pYEWd 16 | foPPbrxHbvUanlR2QnG0PFg/LUAlQvaBnPGJEMgOqnhPOAlXsDzACPw1jvFIUY0M 17 | cXS6hMTXcpuEfDhOZAYnKuGntewImbQKDdSFc8gS4TXt8QUxHXOZDOuWyt3T5oWq 18 | 8Ir7dcHyCTxlZWTzTNity4hp8+SDtwy9F1qWF8pb/627HOkthIDYIb6FUtnUdLlp 19 | hbpN7Sgy6/lhSuTENh4Z3G+EER+V9YMoGKgzkkMn3V0TBEVPh9VGzT2ouvDzuFYk 20 | Res3x+F2T3I5GN9+dHLHcy056mDmrRGiVod7w2ia/viMcKjfZTL0pECMocJEAw6U 21 | AGegcQCCSA== 22 | -----END CERTIFICATE----- 23 | 24 | -------------------------------------------------------------------------------- /tests/crl/11.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDoTCCAomgAwIBAgILBAAAAAABD4WqLUgwDQYJKoZIhvcNAQEFBQAwOzEYMBYG 3 | A1UEChMPQ3liZXJ0cnVzdCwgSW5jMR8wHQYDVQQDExZDeWJlcnRydXN0IEdsb2Jh 4 | bCBSb290MB4XDTA2MTIxNTA4MDAwMFoXDTIxMTIxNTA4MDAwMFowOzEYMBYGA1UE 5 | ChMPQ3liZXJ0cnVzdCwgSW5jMR8wHQYDVQQDExZDeWJlcnRydXN0IEdsb2JhbCBS 6 | b290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+Mi8vRRQZhP/8NN5 7 | 7CPytxrHjoXxEnOmGaoQ25yiZXRadz5RfVb23CO21O1fWLE3TdVJDm71aofW0ozS 8 | J8bi/zafmGWgE07GKmSb1ZASzxQG9Dvj1Ci+6A74q05IlG2OlTEQXO2iLb3VOm2y 9 | HLtgwEZLAfVJrn5GitB0jaEMAs7u/OePuGtm839EAL9mJRQr3RAwHQeWP032a7iP 10 | t3sMpTjr3kfb1V05/Iin89cqdPHoWqI7n1C6poxFNcJQZZXcY4Lv3b93TZxiyWNz 11 | FtApD0mpSPCzqrdsxacwOUBdrsTiXSZT8M4cIwhhqJQZugRiQOwfOHB3EgZxpzAY 12 | XSUnpQIDAQABo4GlMIGiMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ 13 | MB0GA1UdDgQWBBS2CHsNesysIEyGVjJez6tuhS1wVzA/BgNVHR8EODA2MDSgMqAw 14 | hi5odHRwOi8vd3d3Mi5wdWJsaWMtdHJ1c3QuY29tL2NybC9jdC9jdHJvb3QuY3Js 15 | MB8GA1UdIwQYMBaAFLYIew16zKwgTIZWMl7Pq26FLXBXMA0GCSqGSIb3DQEBBQUA 16 | A4IBAQBW7wojoFROlZfJ+InaRcHUowAl9B8Tq7ejhVhpwjCt2BWKLePJzYFa+HMj 17 | Wqd8BfP9IjsO0QbE2zZMcwSO5bAi5MXzLqXZI+O4Tkogp24CJJ8iYGd7ix1yCcUx 18 | XOl5n4BHPa2hCwcUPUf/A2kaDAtE52Mlp3+yybh2hO0j9n0Hq0V+09+zv+mKts2o 19 | omcrUtW3ZfA5TGOgkXmTUg9U3YO7n9GPp1Nzw8v/MOx8BLjYRB+TX3EJIrduPuoc 20 | A06dGiBh+4E37F78CkWr1+cXVdCg6mCbpvbjjFspwgZgFJ0tl0ypkxWdYcQBX0jW 21 | WL1WMRJOEcgh4LMRkWXbtKaIOM5V 22 | -----END CERTIFICATE----- 23 | 24 | -------------------------------------------------------------------------------- /tests/regression/telesec.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDnzCCAoegAwIBAgIBJjANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJERTEc 3 | MBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1UECxMWVC1UZWxlU2Vj 4 | IFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBSb290IENB 5 | IDIwHhcNOTkwNzA5MTIxMTAwWhcNMTkwNzA5MjM1OTAwWjBxMQswCQYDVQQGEwJE 6 | RTEcMBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1UECxMWVC1UZWxl 7 | U2VjIFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBSb290 8 | IENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrC6M14IspFLEU 9 | ha88EOQ5bzVdSq7d6mGNlUn0b2SjGmBmpKlAIoTZ1KXleJMOaAGtuU1cOs7TuKhC 10 | QN/Po7qCWWqSG6wcmtoIKyUn+WkjR/Hg6yx6m/UTAtB+NHzCnjwAWav12gz1Mjwr 11 | rFDa1sPeg5TKqAyZMg4ISFZbavva4VhYAUlfckE8FQYBjl2tqriTtM2e66foai1S 12 | NNs671x1Udrb8zH57nGYMsRUFUQM+ZtV7a3fGAigo4aKSe5TBY8ZTNXeWHmb0moc 13 | QqvF1afPaA+W5OFhmHZhyJF81j4A4pFQh+GdCuatl9Idxjp9y7zaAzTVjlsB9WoH 14 | txa2bkp/AgMBAAGjQjBAMB0GA1UdDgQWBBQxw3kbuvVT1xfgiXotF2wKsyudMzAP 15 | BgNVHRMECDAGAQH/AgEFMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOC 16 | AQEAlGRZrTlk5ynrE/5aw4sTV8gEJPB0d8Bg42f76Ymmg7+Wgnxu1MM9756Abrsp 17 | tJh6sTtU6zkXR34ajgv8HzFZMQSyzhfzLMdiNlXiItiJVbSYSKpk+tYcNthEeFpa 18 | IzpXl/V6ME+un2pMSyuOoAPjPuCp1NJ70rOo4nI8rZ7/gFnkm0W09juwzTkZmDLl 19 | 6iFhkOQxIY40sfcvNUqFENrnijchvllj4PKFiDFT1FQUhXB59C4Gdyd1Lx+4ivn+ 20 | xbrYNuSD7Odlt79jWvNGr4GUN9RBjNYj1h7P9WgbRGOiWrqnNVmh5XAFmw4jV5mU 21 | Cm26OWMohpLzGITY+9HPBVZkVw== 22 | -----END CERTIFICATE----- 23 | 24 | -------------------------------------------------------------------------------- /tests/crl/10.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDqzCCApOgAwIBAgIRAMcoRwmzuGxFjB36JPU2TukwDQYJKoZIhvcNAQEFBQAw 3 | PDEbMBkGA1UEAxMSQ29tU2lnbiBTZWN1cmVkIENBMRAwDgYDVQQKEwdDb21TaWdu 4 | MQswCQYDVQQGEwJJTDAeFw0wNDAzMjQxMTM3MjBaFw0yOTAzMTYxNTA0NTZaMDwx 5 | GzAZBgNVBAMTEkNvbVNpZ24gU2VjdXJlZCBDQTEQMA4GA1UEChMHQ29tU2lnbjEL 6 | MAkGA1UEBhMCSUwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGtWhf 7 | HZQVw6QIVS3joFd67+l0Kru5fFdJGhFeTymHDEjWaueP1H5XJLkGieQcPOqs49oh 8 | gHMhCu95mGwfCP+hUH3ymBvJVG8+pSjsIQQPRbsHPaHA+iqYHU4Gk/v1iDurX8sW 9 | v+bznkqH7Rnqwp9D5PGBpX8QTz7RSmKtUxvLg/8HZaWSLWapW7ha9B20IZFKF3ue 10 | Mv5WJDmyVIRD9YTC2LxBkMyd1mja6YJQqTtoz7VdApRgFrFD2UNd3V2Hbuq7s8lr 11 | 9gOUCXDeFhF6K+h2j0kQmHe5Y1yLM5d19guMsqtb3nQgJT/j8xH5h2iGNXHDHYwt 12 | 6+UarA9z1YJZQIDTAgMBAAGjgacwgaQwDAYDVR0TBAUwAwEB/zBEBgNVHR8EPTA7 13 | MDmgN6A1hjNodHRwOi8vZmVkaXIuY29tc2lnbi5jby5pbC9jcmwvQ29tU2lnblNl 14 | Y3VyZWRDQS5jcmwwDgYDVR0PAQH/BAQDAgGGMB8GA1UdIwQYMBaAFMFL7XC29z58 15 | ADsAj8c+DkWfHl3sMB0GA1UdDgQWBBTBS+1wtvc+fAA7AI/HPg5Fnx5d7DANBgkq 16 | hkiG9w0BAQUFAAOCAQEAFs/ukhNQq3sUnjO2QiBq1BW9Cav8cujvR3qQrFHBZE7p 17 | iL1DRYHjZiM/EoZNGeQFsOY3wo3aBijJD4mkU6l1P7CW+6tMM1X5eCZGbxs2mPtC 18 | dsGCuY7e+0X5YxtiOzkGynd6qDwJz2w2PQ8KRUtpFhpFfTMDZflScZAmlaxMDPWL 19 | kz/MdXSFmLr/YnpNH4n+rr2UAJm/EaXc4HnFFgt9AmEd6oX5AhVP51qJThRv4zdL 20 | hfXBPGHg/QVBspJ/wx2g0K5SZGBrGMYmnNj1ZOQ2GmKfig8+/21OGVZOIJFsnzQz 21 | OjRXUDpvgV4GxvU+fE6OK85lBi5d0ipTdF7Tbieejw== 22 | -----END CERTIFICATE----- 23 | 24 | -------------------------------------------------------------------------------- /tests/crl/17.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDuDCCAqCgAwIBAgIQDPCOXAgWpa1Cf/DrJxhZ0DANBgkqhkiG9w0BAQUFADBI 3 | MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24x 4 | FzAVBgNVBAMTDlNlY3VyZVRydXN0IENBMB4XDTA2MTEwNzE5MzExOFoXDTI5MTIz 5 | MTE5NDA1NVowSDELMAkGA1UEBhMCVVMxIDAeBgNVBAoTF1NlY3VyZVRydXN0IENv 6 | cnBvcmF0aW9uMRcwFQYDVQQDEw5TZWN1cmVUcnVzdCBDQTCCASIwDQYJKoZIhvcN 7 | AQEBBQADggEPADCCAQoCggEBAKukgeWVzfX2FI7CT8rU4niVWJxB4Q2ZQCQXOZEz 8 | Zum+4YOvYlyJ0fwkW2Gz4BERQRwdbvC4u/jep4G6pkjGnx29vo6pQT64lO0pGtSO 9 | 0gMdA+9tDWccV9cGrcrI9f4Or2YlSASWC12juhbDCE/RRvgUXPLIXgGZbf2IzIao 10 | wW8xQmxSPmjL8xk037uHGFaAJsTQ3MBv396gwpEWoGQRS0S8Hvbn+mPeZqx2pHGj 11 | 7DaUaHp3pLHnDi+BeuK1cobvomuL8A/b01k/unK8RCSc43Oz969XL0Imnal0ugBS 12 | 8kvNU3xHCzaFDmapCJcWNFfBZveA4+1wVMeT4C4oFVmHursCAwEAAaOBnTCBmjAT 13 | BgkrBgEEAYI3FAIEBh4EAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB 14 | /zAdBgNVHQ4EFgQUQjK2FvoE/f5dS3rD/fdMQB1aQ68wNAYDVR0fBC0wKzApoCeg 15 | JYYjaHR0cDovL2NybC5zZWN1cmV0cnVzdC5jb20vU1RDQS5jcmwwEAYJKwYBBAGC 16 | NxUBBAMCAQAwDQYJKoZIhvcNAQEFBQADggEBADDtT0rhWDpSclu1pqNlGKa7UTt3 17 | 6Z3q059c4EVlew3KW+JwULKUBRSuSceNQQcSc5R+DCMh/bwQf2AQWnL1mA6s7Ll/ 18 | 3XpvXdMc9P+IBWlCqQVxyLesJugutIxq/3HcuLHfmbx8IVQr5Fiiu1cprp6poxkm 19 | D5kuCLDv/WnPmRoJjeOnnyvJNjR7JLN4TJUXpAYmHrZkUjZfYGfZnMUFdAvnZyPS 20 | CPyI6a6Lf+Ew9Dd+/cYy2i2eRDAwbO4H3tI0/NL/QPZL9GZGBlSm8jIKYyYwa5vR 21 | 3ItHuuG51WLQoqD0ZwV4KWMabwTW+MZMo5qxN7SN5ShLHZ4swrhovO0C7jE= 22 | -----END CERTIFICATE----- 23 | 24 | -------------------------------------------------------------------------------- /tests/crl/13.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G 3 | A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp 4 | Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1 5 | MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG 6 | A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI 7 | hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL 8 | v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8 9 | eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq 10 | tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd 11 | C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa 12 | zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB 13 | mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH 14 | V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n 15 | bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG 16 | 3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs 17 | J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO 18 | 291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS 19 | ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd 20 | AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7 21 | TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg== 22 | -----END CERTIFICATE----- 23 | 24 | -------------------------------------------------------------------------------- /tests/crl/16.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDvDCCAqSgAwIBAgIQB1YipOjUiolN9BPI8PjqpTANBgkqhkiG9w0BAQUFADBK 3 | MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24x 4 | GTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwHhcNMDYxMTA3MTk0MjI4WhcNMjkx 5 | MjMxMTk1MjA2WjBKMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3Qg 6 | Q29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwggEiMA0GCSqG 7 | SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvNS7YrGxVaQZx5RNoJLNP2MwhR/jxYDiJ 8 | iQPpvepeRlMJ3Fz1Wuj3RSoC6zFh1ykzTM7HfAo3fg+6MpjhHZevj8fcyTiW89sa 9 | /FHtaMbQbqR8JNGuQsiWUGMu4P51/pinX0kuleM5M2SOHqRfkNJnPLLZ/kG5VacJ 10 | jnIFHovdRIWCQtBJwB1g8NEXLJXr9qXBkqPFwqcIYA1gBBCWeZ4WNOaptvolRTnI 11 | HmX5k/Wq8VLcmZg9pYYaDDUz+kulBAYVHDGA76oYa8J719rO+TMg1fW9ajMtgQT7 12 | sFzUnKPiXB3jqUJ1XnvUd+85VLrJChgbEplJL4hL/VBi0XPnj3pDAgMBAAGjgZ0w 13 | gZowEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQF 14 | MAMBAf8wHQYDVR0OBBYEFK9EBMJBfkiD2045AuzshHrmzsmkMDQGA1UdHwQtMCsw 15 | KaAnoCWGI2h0dHA6Ly9jcmwuc2VjdXJldHJ1c3QuY29tL1NHQ0EuY3JsMBAGCSsG 16 | AQQBgjcVAQQDAgEAMA0GCSqGSIb3DQEBBQUAA4IBAQBjGghAfaReUw132HquHw0L 17 | URYD7xh8yOOvaliTFGCRsoTciE6+OYo68+aCiV0BN7OrJKQVDpI1WkpEXk5X+nXO 18 | H0jOZvQ8QCaSmGwb7iRGDBezUqXbpZGRzzfTb+cnCDpOGR86p1hcF895P4vkp9Mm 19 | I50mD1hp/Ed+stCNi5O/KU9DaXR2Z0vPB4zmAve14bRDtUstFJ/53CYNv6ZHdAbY 20 | iNE6KTCEztI5gGIbqMdXSbxqVVFnFUq+NQfk1XWYN3kwFNspnWzFacxHVaIw98xc 21 | f8LDmBxrThaA63p4ZUWiABqvDA1VZDRIuJK58bRQKfJPIx/abKwfROHdI3hRW8cW 22 | -----END CERTIFICATE----- 23 | 24 | -------------------------------------------------------------------------------- /tests/crl/15.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIID5jCCAs6gAwIBAgIQV8szb8JcFuZHFhfjkDFo4DANBgkqhkiG9w0BAQUFADBi 3 | MQswCQYDVQQGEwJVUzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMu 4 | MTAwLgYDVQQDEydOZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3Jp 5 | dHkwHhcNMDYxMjAxMDAwMDAwWhcNMjkxMjMxMjM1OTU5WjBiMQswCQYDVQQGEwJV 6 | UzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMuMTAwLgYDVQQDEydO 7 | ZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqG 8 | SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkvH6SMG3G2I4rC7xGzuAnlt7e+foS0zwz 9 | c7MEL7xxjOWftiJgPl9dzgn/ggwbmlFQGiaJ3dVhXRncEg8tCqJDXRfQNJIg6nPP 10 | OCwGJgl6cvf6UDL4wpPTaaIjzkGxzOTVHzbRijr4jGPiFFlp7Q3Tf2vouAPlT2rl 11 | mGNpSAW+Lv8ztumXWWn4Zxmuk2GWRBXTcrA/vGp97Eh/jcOrqnErU2lBUzS1sLnF 12 | BgrEsEX1QV1uiUV7PTsmjHTC5dLRfbIR1PtYMiKagMnc/Qzpf14Dl847ABSHJ3A4 13 | qY5usyd2mFHgBeMhqxrVhSI8KbWaFsWAqPS7azCPL0YCorEMIuDTAgMBAAGjgZcw 14 | gZQwHQYDVR0OBBYEFCEwyfsA106Y2oeqKtCnLrFAMadMMA4GA1UdDwEB/wQEAwIB 15 | BjAPBgNVHRMBAf8EBTADAQH/MFIGA1UdHwRLMEkwR6BFoEOGQWh0dHA6Ly9jcmwu 16 | bmV0c29sc3NsLmNvbS9OZXR3b3JrU29sdXRpb25zQ2VydGlmaWNhdGVBdXRob3Jp 17 | dHkuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQC7rkvnt1frf6ott3NHhWrB5KUd5Oc8 18 | 6fRZZXe1eltajSU24HqXLjjAV2CDmAaDn7l2em5Q4LqILPxFzBiwmZVRDuwduIj/ 19 | h1AcgsLj4DKAv6ALR8jDMe+ZZzKATxcheQxpXN5eNK4CtSbqUN9/GGUsyfJj4akH 20 | /nxxH2szJGoeBfcFaMBqEssuXmHLrijTfsK0ZpEmXzwuJF/LWA/rKOyvEZbz3Htv 21 | wKeI8lN3s2Berq4o2jUsbzRF0ybh3uxbTydrFny9RAQYgrOJeRcQcT16ohZO9QHN 22 | pGxlaKFJdlxDydi8NmdspZS11My5vWo1ViHe2MPr+8ukYEywVaCge1ey 23 | -----END CERTIFICATE----- 24 | 25 | -------------------------------------------------------------------------------- /tests/crl/6.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIEHTCCAwWgAwIBAgIQToEtioJl4AsC7j41AkblPTANBgkqhkiG9w0BAQUFADCB 3 | gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G 4 | A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV 5 | BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEyMDEwMDAw 6 | MDBaFw0yOTEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl 7 | YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P 8 | RE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0 9 | aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3 10 | UcEbVASY06m/weaKXTuH+7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI 11 | 2GqGd0S7WWaXUF601CxwRM/aN5VCaTwwxHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8 12 | Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV4EajcNxo2f8ESIl33rXp 13 | +2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA1KGzqSX+ 14 | DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5O 15 | nKVIrLsm9wIDAQABo4GOMIGLMB0GA1UdDgQWBBQLWOWLxkwVN6RAqTCpIb5HNlpW 16 | /zAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBJBgNVHR8EQjBAMD6g 17 | PKA6hjhodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9DZXJ0aWZpY2F0aW9u 18 | QXV0aG9yaXR5LmNybDANBgkqhkiG9w0BAQUFAAOCAQEAPpiem/Yb6dc5t3iuHXIY 19 | SdOH5EOC6z/JqvWote9VfCFSZfnVDeFs9D6Mk3ORLgLETgdxb8CPOGEIqB6BCsAv 20 | IC9Bi5HcSEW88cbeunZrM8gALTFGTO3nnc+IlP8zwFboJIYmuNg4ON8qa90SzMc/ 21 | RxdMosIGlgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4 22 | zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd 23 | BA6+C4OmF4O5MBKgxTMVBbkN+8cFduPYSo38NBejxiEovjBFMR7HeL5YYTisO+IB 24 | ZQ== 25 | -----END CERTIFICATE----- 26 | 27 | -------------------------------------------------------------------------------- /tests/crl/5.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIEMDCCAxigAwIBAgIQUJRs7Bjq1ZxN1ZfvdY+grTANBgkqhkiG9w0BAQUFADCB 3 | gjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEk 4 | MCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2VydmljZXMgSW5jMS0wKwYDVQQDEyRY 5 | UmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQxMTAxMTcx 6 | NDA0WhcNMzUwMTAxMDUzNzE5WjCBgjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3 7 | dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2Vy 8 | dmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBB 9 | dXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYJB69FbS6 10 | 38eMpSe2OAtp87ZOqCwuIR1cRN8hXX4jdP5efrRKt6atH67gBhbim1vZZ3RrXYCP 11 | KZ2GG9mcDZhtdhAoWORlsH9KmHmf4MMxfoArtYzAQDsRhtDLooY2YKTVMIJt2W7Q 12 | DxIEM5dfT2Fa8OT5kavnHTu86M/0ay00fOJIYRyO82FEzG+gSqmUsE3a56k0enI4 13 | qEHMPJQRfevIpoy3hsvKMzvZPTeL+3o+hiznc9cKV6xkmxnr9A8ECIqsAxcZZPRa 14 | JSKNNCyy9mgdEm3Tih4U2sSPpuIjhdV6Db1q4Ons7Be7QhtnqiXtRYMh/MHJfNVi 15 | PvryxS3T/dRlAgMBAAGjgZ8wgZwwEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0P 16 | BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMZPoj0GY4QJnM5i5ASs 17 | jVy16bYbMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwueHJhbXBzZWN1cml0 18 | eS5jb20vWEdDQS5jcmwwEAYJKwYBBAGCNxUBBAMCAQEwDQYJKoZIhvcNAQEFBQAD 19 | ggEBAJEVOQMBG2f7Shz5CmBbodpNl2L5JFMn14JkTpAuw0kbK5rc/Kh4ZzXxHfAR 20 | vbdI4xD2Dd8/0sm2qlWkSLoC295ZLhVbO50WfUfXN+pfTXYSNrsf16GBBEYgoyxt 21 | qZ4Bfj8pzgCT3/3JknOJiWSe5yvkHJEs0rnOfc5vMZnT5r7SHpDwCRR5XCOrTdLa 22 | IR9NmXmd4c8nnxCbHIgNsIpkQTG4DmyQJKSbXHGPurt+HBvbaoAPIbzp26a3QPSy 23 | i6mx5O+aGtA9aZnuqCij4Tyz8LIRnM98QObd50N9otg6tamN8jSZxNQQ4Qb9CYQQ 24 | O+7ETPTsJ3xCwnR8gooJybQDJbw= 25 | -----END CERTIFICATE----- 26 | 27 | -------------------------------------------------------------------------------- /tests/crl/4.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb 3 | MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow 4 | GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj 5 | YXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezEL 6 | MAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE 7 | BwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMM 8 | GEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP 9 | ADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQua 10 | BtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe 11 | 3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4 12 | YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZR 13 | rOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cm 14 | ez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQU 15 | oBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF 16 | MAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20v 17 | QUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29t 18 | b2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUF 19 | AAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1Q 20 | GE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz 21 | Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2 22 | G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsi 23 | l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3 24 | smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg== 25 | -----END CERTIFICATE----- 26 | 27 | -------------------------------------------------------------------------------- /tests/regression/name-constraints.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIEMTCCAxmgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMCR1Ix 3 | RDBCBgNVBAoTO0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1 4 | dGlvbnMgQ2VydC4gQXV0aG9yaXR5MUAwPgYDVQQDEzdIZWxsZW5pYyBBY2FkZW1p 5 | YyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIFJvb3RDQSAyMDExMB4XDTExMTIw 6 | NjEzNDk1MloXDTMxMTIwMTEzNDk1MlowgZUxCzAJBgNVBAYTAkdSMUQwQgYDVQQK 7 | EztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIENl 8 | cnQuIEF1dGhvcml0eTFAMD4GA1UEAxM3SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl 9 | c2VhcmNoIEluc3RpdHV0aW9ucyBSb290Q0EgMjAxMTCCASIwDQYJKoZIhvcNAQEB 10 | BQADggEPADCCAQoCggEBAKlTAOMupvaO+mDYLZU++CwqVE7NuYRhlFhPjz2L5EPz 11 | dYmNUeTDN9KKiE15HrcS3UN4SoqS5tdI1Q+kOilENbgH9mgdVc04UfCMJDGFr4PJ 12 | fel3r+0ae50X+bOdOFAPplp5kYCvN66m0zH7tSYJnTxa71HFK9+WXesyHgLacEns 13 | bgzImjeN9/E2YEsmLIKe0HjzDQ9jpFEw4fkrJxIH2Oq9GGKYsFk3fb7u8yBRQlqD 14 | 75O6aRXxYp2fmTmCobd0LovUxQt7L/DICto9eQqakxylKHJzkUOap9FNhYS5qXSP 15 | FEDH3N6sQWRstBmbAmNtJGSPRLIl6s5ddAxjMlyNh+UCAwEAAaOBiTCBhjAPBgNV 16 | HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUppFC/RNhSiOeCKQp 17 | 5dgTBCPuQSUwRwYDVR0eBEAwPqA8MAWCAy5ncjAFggMuZXUwBoIELmVkdTAGggQu 18 | b3JnMAWBAy5ncjAFgQMuZXUwBoEELmVkdTAGgQQub3JnMA0GCSqGSIb3DQEBBQUA 19 | A4IBAQAf73lB4XtuP7KMhjdCSk4cNx6NZrokgclPEg8hwAOXhiVtXdMiKahsog2p 20 | 6z0GW5k6x8zDmjR/qw7IThzh+uTczQ2+vyT+bOdrwg3IBp5OjWEopmr95fZi6hg8 21 | TqBTnbI6nOulnJEWtk2C4AwFSKls9cz4y51JtPACpf1wA+2KIaWuE4ZJwzNzvoc7 22 | dIsXRSZMFpGD/md9zU1jZ/rzAxKWeAaNsWftjj++n08C9bMJL/NMh98qy5V8Acys 23 | Nnq/onN694/BtZqhFLKPM58N7yLcZnuEvUUXBj08yrl3NI/K6s8/MT7jiOOASSXI 24 | l7WdmplNsDz4SgCbZN2fOUvRJ9e4 25 | -----END CERTIFICATE----- 26 | -------------------------------------------------------------------------------- /tests/crl/7.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIEPzCCAyegAwIBAgIBATANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJHQjEb 3 | MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow 4 | GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEkMCIGA1UEAwwbU2VjdXJlIENlcnRp 5 | ZmljYXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVow 6 | fjELMAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G 7 | A1UEBwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxJDAiBgNV 8 | BAMMG1NlY3VyZSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEB 9 | BQADggEPADCCAQoCggEBAMBxM4KK0HDrc4eCQNUd5MvJDkKQ+d40uaG6EfQlhfPM 10 | cm3ye5drswfxdySRXyWP9nQ95IDC+DwN879A6vfIUtFyb+/Iq0G4bi4XKpVpDM3S 11 | HpR7LZQdqnXXs5jLrLxkU0C8j6ysNstcrbvd4JQX7NFc0L/vpZXJkMWwrPsbQ996 12 | CF23uPJAGysnnlDOXmWCiIxe004MeuoIkbY2qitC++rCoznl2yY4rYsK7hljxxwk 13 | 3wN42ubqwUcaCwtGCd0C/N7Lh1/XMGNooa7cMqG6vv5Eq2i2pRcV/b3Vp6ea5EQz 14 | 6YiO/O1R65NxTq0B50SOqy3LqP4BSUjwwN3HaNiS/j0CAwEAAaOBxzCBxDAdBgNV 15 | HQ4EFgQUPNiTiMLAggnMAZkGkyDpnnAJY08wDgYDVR0PAQH/BAQDAgEGMA8GA1Ud 16 | EwEB/wQFMAMBAf8wgYEGA1UdHwR6MHgwO6A5oDeGNWh0dHA6Ly9jcmwuY29tb2Rv 17 | Y2EuY29tL1NlY3VyZUNlcnRpZmljYXRlU2VydmljZXMuY3JsMDmgN6A1hjNodHRw 18 | Oi8vY3JsLmNvbW9kby5uZXQvU2VjdXJlQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmww 19 | DQYJKoZIhvcNAQEFBQADggEBAIcBbSMdflsXfcFhMs+P5/OKlFlm4J4oqF7Tt/Q0 20 | 5qo5spcWxYJvMqTpjOev/e/C6LlLqqP05tqNZSH7uoDrJiiFGv45jN5bBAS0VPmj 21 | Z55B+glSzAVIqMk/IQQezkhr/IXownuvf7fM+F86/TXGDe+X3EyrEeFryzHRbPtI 22 | gKvcnDe4IRRLDXE97IMzbtFuMhbsmMcWi1mmNKsFVy2T96oTy9IT4rcuO81rUBcJ 23 | aD61JlfutuC23bkpgHl9j6PwpCikFcSF9CfUa7/lXORlAnZUtOM3ZiTTGWHIUhDl 24 | izeauan5Hb/qmZJhlv8BzaFfDbxxvA6sCx1HRR3B7Hzs/Sk= 25 | -----END CERTIFICATE----- 26 | 27 | -------------------------------------------------------------------------------- /tests/crl/8.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIEQzCCAyugAwIBAgIBATANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJHQjEb 3 | MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow 4 | GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDElMCMGA1UEAwwcVHJ1c3RlZCBDZXJ0 5 | aWZpY2F0ZSBTZXJ2aWNlczAeFw0wNDAxMDEwMDAwMDBaFw0yODEyMzEyMzU5NTla 6 | MH8xCzAJBgNVBAYTAkdCMRswGQYDVQQIDBJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO 7 | BgNVBAcMB1NhbGZvcmQxGjAYBgNVBAoMEUNvbW9kbyBDQSBMaW1pdGVkMSUwIwYD 8 | VQQDDBxUcnVzdGVkIENlcnRpZmljYXRlIFNlcnZpY2VzMIIBIjANBgkqhkiG9w0B 9 | AQEFAAOCAQ8AMIIBCgKCAQEA33FvNlhTWvI2VFeAxHQIIO0Yfyod5jWaHiWsnOWW 10 | fnJSoBVC21ndZHoa0Lh73TkVvFVIxO06AOoxEbrycXQaZ7jPM8yoMa+j49d/vzMt 11 | TGo87IvDktJTdyR0nAducPy9C1t2ul/y/9c3S0pgePfw+spwtOpZqqPOSC+pw7IL 12 | fhdyFgymBwwbOM/JYrc/oJOlh0Hyt3BAd9i+FHzjqMB6juljatEPmsbS9Is6FARW 13 | 1O24zG71++IsWL1/T2sr92AkWCTOJu80kTrV44HQsvAEAtdbtz6SrGsSivnkBbA7 14 | kUlcsutT6vifR4buv5XAwAaf0lteERv0xwQ1KdJVXOTt6wIDAQABo4HJMIHGMB0G 15 | A1UdDgQWBBTFe1i97doladL3WRaoszLAeydb9DAOBgNVHQ8BAf8EBAMCAQYwDwYD 16 | VR0TAQH/BAUwAwEB/zCBgwYDVR0fBHwwejA8oDqgOIY2aHR0cDovL2NybC5jb21v 17 | ZG9jYS5jb20vVHJ1c3RlZENlcnRpZmljYXRlU2VydmljZXMuY3JsMDqgOKA2hjRo 18 | dHRwOi8vY3JsLmNvbW9kby5uZXQvVHJ1c3RlZENlcnRpZmljYXRlU2VydmljZXMu 19 | Y3JsMA0GCSqGSIb3DQEBBQUAA4IBAQDIk4E7ibSvuIQSTI3S8NtwuleGFTQQuS9/ 20 | HrCoiWChisJ3DFBKmwCL2Iv0QeLQg4pKHBQGsKNoBXAxMKdTmw7pSqBYaWcOrp32 21 | pSxBvzwGa+RZzG0Q8ZZvH9/0BAKkn0U+yNj6NkZEUD+Cl5EfKNsYEYwq5GWDVxIS 22 | jBc/lDb+XbDABHcTuPQV1T84zJQ6VdCsmPW6AF/ghhmBeC8owH7TzEIK9a5QoNE+ 23 | xqFx7D+gIIxmOom0jtTYsU0lR+4viMi14QVFwL4Ucd56/Y57fU0IlqUSc/Atyjcn 24 | dBInTMu2l+nZrghtWjlA3QVHdWpaIbOjGM9O9y5Xt5hwXsjEeLBi 25 | -----END CERTIFICATE----- 26 | 27 | -------------------------------------------------------------------------------- /tests/regression/digicert.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIEQzCCAyugAwIBAgIQCidf5wTW7ssj1c1bSxpOBDANBgkqhkiG9w0BAQwFADBh 3 | MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 4 | d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD 5 | QTAeFw0yMDA5MjMwMDAwMDBaFw0zMDA5MjIyMzU5NTlaMFYxCzAJBgNVBAYTAlVT 6 | MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxMDAuBgNVBAMTJ0RpZ2lDZXJ0IFRMUyBI 7 | eWJyaWQgRUNDIFNIQTM4NCAyMDIwIENBMTB2MBAGByqGSM49AgEGBSuBBAAiA2IA 8 | BMEbxppbmNmkKaDp1AS12+umsmxVwP/tmMZJLwYnUcu/cMEFesOxnYeJuq20ExfJ 9 | qLSDyLiQ0cx0NTY8g3KwtdD3ImnI8YDEe0CPz2iHJlw5ifFNkU3aiYvkA8ND5b8v 10 | c6OCAa4wggGqMB0GA1UdDgQWBBQKvAgpF4ylOW16Ds4zxy6z7fvDejAfBgNVHSME 11 | GDAWgBQD3lA1VtFMu2bwo+IbG8OXsj3RVTAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0l 12 | BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQIMAYBAf8CAQAwdgYI 13 | KwYBBQUHAQEEajBoMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5j 14 | b20wQAYIKwYBBQUHMAKGNGh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdp 15 | Q2VydEdsb2JhbFJvb3RDQS5jcnQwewYDVR0fBHQwcjA3oDWgM4YxaHR0cDovL2Ny 16 | bDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDA3oDWgM4Yx 17 | aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNy 18 | bDAwBgNVHSAEKTAnMAcGBWeBDAEBMAgGBmeBDAECATAIBgZngQwBAgIwCAYGZ4EM 19 | AQIDMA0GCSqGSIb3DQEBDAUAA4IBAQDeOpcbhb17jApY4+PwCwYAeq9EYyp/3YFt 20 | ERim+vc4YLGwOWK9uHsu8AjJkltz32WQt960V6zALxyZZ02LXvIBoa33llPN1d9R 21 | JzcGRvJvPDGJLEoWKRGC5+23QhST4Nlg+j8cZMsywzEXJNmvPlVv/w+AbxsBCMqk 22 | BGPI2lNM8hkmxPad31z6n58SXqJdH/bYF462YvgdgbYKOytobPAyTgr3mYI5sUje 23 | CzqJx1+NLyc8nAK8Ib2HxnC+IrrWzfRLvVNve8KaN9EtBH7TuMwNW4SpDCmGr6fY 24 | 1h3tDjHhkTb9PA36zoaJzu0cIw265vZt6hCmYWJC+/j+fgZwcPwL 25 | -----END CERTIFICATE----- 26 | -------------------------------------------------------------------------------- /lib/key_type.ml: -------------------------------------------------------------------------------- 1 | type t = [ `RSA | `ED25519 | `P256 | `P384 | `P521 ] 2 | 3 | let strings = 4 | [ ("rsa", `RSA) ; ("ed25519", `ED25519) ; 5 | ("p256", `P256) ; ("p384", `P384) ; ("p521", `P521) ] 6 | 7 | let to_string kt = fst (List.find (fun (_, k) -> kt = k) strings) 8 | 9 | let of_string s = 10 | match List.assoc_opt (String.lowercase_ascii s) strings with 11 | | Some kt -> Ok kt 12 | | None -> 13 | Error (`Msg (Fmt.str "unkown key type %s, supported are %a" 14 | s Fmt.(list ~sep:(any ", ") string) (List.map fst strings))) 15 | 16 | let pp ppf t = Fmt.string ppf (to_string t) 17 | 18 | type signature_scheme = [ `RSA_PSS | `RSA_PKCS1 | `ECDSA | `ED25519 ] 19 | 20 | let signature_scheme_to_string = function 21 | | `RSA_PSS -> "RSA-PSS" 22 | | `RSA_PKCS1 -> "RSA-PKCS1" 23 | | `ECDSA -> "ECDSA" 24 | | `ED25519 -> "ED25519" 25 | 26 | let pp_signature_scheme ppf s = Fmt.string ppf (signature_scheme_to_string s) 27 | 28 | let supports_signature_scheme key_typ scheme = 29 | match key_typ, scheme with 30 | | `RSA, (`RSA_PSS | `RSA_PKCS1) -> true 31 | | `ED25519, `ED25519 -> true 32 | | (`P256 | `P384 | `P521), `ECDSA -> true 33 | | _ -> false 34 | 35 | let opt_signature_scheme ?scheme kt = 36 | match scheme with 37 | | Some x -> x 38 | | None -> match kt with 39 | | `RSA -> `RSA_PSS 40 | | `ED25519 -> `ED25519 41 | | `P256 | `P384 | `P521 -> `ECDSA 42 | 43 | (* the default of RSA keys should be PSS, but most deployed certificates still 44 | use PKCS1 (and this library uses pkcs1 by default as well) *) 45 | let x509_default_scheme = function 46 | | `RSA -> `RSA_PKCS1 47 | | x -> opt_signature_scheme x 48 | -------------------------------------------------------------------------------- /tests/crl/21.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIEXjCCA0agAwIBAgIQRL4Mi1AAIbQR0ypoBqmtaTANBgkqhkiG9w0BAQUFADCB 3 | kzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug 4 | Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho 5 | dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xGzAZBgNVBAMTElVUTiAtIERBVEFDb3Jw 6 | IFNHQzAeFw05OTA2MjQxODU3MjFaFw0xOTA2MjQxOTA2MzBaMIGTMQswCQYDVQQG 7 | EwJVUzELMAkGA1UECBMCVVQxFzAVBgNVBAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYD 8 | VQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxITAfBgNVBAsTGGh0dHA6Ly93d3cu 9 | dXNlcnRydXN0LmNvbTEbMBkGA1UEAxMSVVROIC0gREFUQUNvcnAgU0dDMIIBIjAN 10 | BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3+5YEKIrblXEjr8uRgnn4AgPLit6 11 | E5Qbvfa2gI5lBZMAHryv4g+OGQ0SR+ysraP6LnD43m77VkIVni5c7yPeIbkFdicZ 12 | D0/Ww5y0vpQZY/KmEQrrU0icvvIpOxboGqBMpsn0GFlowHDyUwDAXlCCpVZvNvlK 13 | 4ESGoE1O1kduSUrLZ9emxAW5jh70/P/N5zbgnAVssjMiFdC04MwXwLLA9P4yPykq 14 | lXvY8qdOD1R8oQ2AswkDwf9c3V6aPryuvEeKaq5xyh+xKrhfQgUL7EYw0XILyulW 15 | bfXv33i+Ybqypa4ETLyorGkVl73v67SMvzX41MPRKA5cOp9wGDMgd8SirwIDAQAB 16 | o4GrMIGoMAsGA1UdDwQEAwIBxjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRT 17 | MtGzz3/64PGgXYVOktKeRR20TzA9BgNVHR8ENjA0MDKgMKAuhixodHRwOi8vY3Js 18 | LnVzZXJ0cnVzdC5jb20vVVROLURBVEFDb3JwU0dDLmNybDAqBgNVHSUEIzAhBggr 19 | BgEFBQcDAQYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBMA0GCSqGSIb3DQEBBQUAA4IB 20 | AQAnNZcAiosovcYzMB4p/OL31ZjUQLtgyr+rFywJNn9Q+kHcrpY6CiM+iVnJowft 21 | Gzet/Hy+UUla3joKVAgWRcKZsYfNjGjgaQPpxE6YsjuMFrMOoAyYUJuTqXAJyCyj 22 | j98C5OBxOvG0I3KgqgHf35g+FFCgMSa9KOlaMCZ1+XtgHI3zzVAmbQQnmt/VDUVH 23 | KWss5nbZqSl9Mt3JNjy9rjXxEZ4du5A/EkdOjtd+D2JzHVImOBwYSf0wdJrE5SIv 24 | 2MCN7ZF6TACPcn9d2t0bi0Vr591pl6jFVkwPDPafepE39peC4N1xaf92P2BNPM/3 25 | mfnGV/TJVTl4uix5yaaIK/QI 26 | -----END CERTIFICATE----- 27 | 28 | -------------------------------------------------------------------------------- /tests/crl/19.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIEqjCCA5KgAwIBAgIOLmoAAQACH9dSISwRXDswDQYJKoZIhvcNAQEFBQAwdjEL 3 | MAkGA1UEBhMCREUxHDAaBgNVBAoTE1RDIFRydXN0Q2VudGVyIEdtYkgxIjAgBgNV 4 | BAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDIgQ0ExJTAjBgNVBAMTHFRDIFRydXN0 5 | Q2VudGVyIENsYXNzIDIgQ0EgSUkwHhcNMDYwMTEyMTQzODQzWhcNMjUxMjMxMjI1 6 | OTU5WjB2MQswCQYDVQQGEwJERTEcMBoGA1UEChMTVEMgVHJ1c3RDZW50ZXIgR21i 7 | SDEiMCAGA1UECxMZVEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMiBDQTElMCMGA1UEAxMc 8 | VEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMiBDQSBJSTCCASIwDQYJKoZIhvcNAQEBBQAD 9 | ggEPADCCAQoCggEBAKuAh5uO8MN8h9foJIIRszzdQ2Lu+MNF2ujhoF/RKrLqk2jf 10 | tMjWQ+nEdVl//OEd+DFwIxuInie5e/060smp6RQvkL4DUsFJzfb95AhmC1eKokKg 11 | uNV/aVyQMrKXDcpK3EY+AlWJU+MaWss2xgdW94zPEfRMuzBwBJWl9jmM/XOBCH2J 12 | XjIeIqkiRUuwZi4wzJ9l/fzLganx4Duvo4bRierERXlQXa7pIXSSTYtZgo+U4+lK 13 | 8edJsBTj9WLL1XK9H7nSn6DNqPoByNkN39r8R52zyFTfSUrxIan+GE7uSNQZu+99 14 | 5OKdy1u2bv/jzVrndIIFuoAlOMvkaZ6vQaoahPUCAwEAAaOCATQwggEwMA8GA1Ud 15 | EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTjq1RMgKHbVkO3 16 | kUrL84J6E1wIqzCB7QYDVR0fBIHlMIHiMIHfoIHcoIHZhjVodHRwOi8vd3d3LnRy 17 | dXN0Y2VudGVyLmRlL2NybC92Mi90Y19jbGFzc18yX2NhX0lJLmNybIaBn2xkYXA6 18 | Ly93d3cudHJ1c3RjZW50ZXIuZGUvQ049VEMlMjBUcnVzdENlbnRlciUyMENsYXNz 19 | JTIwMiUyMENBJTIwSUksTz1UQyUyMFRydXN0Q2VudGVyJTIwR21iSCxPVT1yb290 20 | Y2VydHMsREM9dHJ1c3RjZW50ZXIsREM9ZGU/Y2VydGlmaWNhdGVSZXZvY2F0aW9u 21 | TGlzdD9iYXNlPzANBgkqhkiG9w0BAQUFAAOCAQEAjNfffu4bgBCzg/XbEeprS6iS 22 | GNn3Bzn1LL4GdXpoUxUc6krtXvwjshOg0wn/9vYua0Fxec3ibf2uWWuFHbhOIprt 23 | ZjluS5TmVfwLG4t3wVMTZonZKNaL80VKY7f9ewthXbhtvsPcW3nS7Yblok2+XnR8 24 | au0WOB9/WIFaGusyiC2y8zl3gK9etmF1KdsjTYjKUCjLhdLTEKJZbtOTVAB6okaV 25 | hgWcqRmY5TFyDADiZ9lA4CQze28suVyrZZ0srHbqNZn1l7kPJOzHdiEoZa5X6AeI 26 | dUpWoNIFOqTmjZKILPPy4cHGYdtBxceb9w4aUUXCYWvcZCcXjFq32nQozZfkvQ== 27 | -----END CERTIFICATE----- 28 | 29 | -------------------------------------------------------------------------------- /tests/crl/20.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIEqjCCA5KgAwIBAgIOSkcAAQAC5aBd1j8AUb8wDQYJKoZIhvcNAQEFBQAwdjEL 3 | MAkGA1UEBhMCREUxHDAaBgNVBAoTE1RDIFRydXN0Q2VudGVyIEdtYkgxIjAgBgNV 4 | BAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDMgQ0ExJTAjBgNVBAMTHFRDIFRydXN0 5 | Q2VudGVyIENsYXNzIDMgQ0EgSUkwHhcNMDYwMTEyMTQ0MTU3WhcNMjUxMjMxMjI1 6 | OTU5WjB2MQswCQYDVQQGEwJERTEcMBoGA1UEChMTVEMgVHJ1c3RDZW50ZXIgR21i 7 | SDEiMCAGA1UECxMZVEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMyBDQTElMCMGA1UEAxMc 8 | VEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMyBDQSBJSTCCASIwDQYJKoZIhvcNAQEBBQAD 9 | ggEPADCCAQoCggEBALTgu1G7OVyLBMVMeRwjhjEQY0NVJz/GRcekPewJDRoeIMJW 10 | Ht4bNwcwIi9v8Qbxq63WyKthoy9DxLCyLfzDlml7forkzMA5EpBCYMnMNWju2l+Q 11 | Vl/NHE1bWEnrDgFPZPosPIlY2C8u4rBo6SI7dYnWRBpl8huXJh0obazovVkdKyT2 12 | 1oQDZogkAHhg8fir/gKya/si+zXmFtGt9i4S5Po1auUZuV3bOx4a+9P/FRQI2Alq 13 | ukWdFHlgfa9Aigdzs5OW03Q0jTo3Kd5c7PXuLjHCINy+8U9/I1LZW+Jk2ZyqBwi1 14 | Rb3R0DHBq1SfqdLDYmAD8bs5SpJKPQq5ncWg/jcCAwEAAaOCATQwggEwMA8GA1Ud 15 | EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTUovyfs8PYA9NX 16 | XAek0CSnwPIA1DCB7QYDVR0fBIHlMIHiMIHfoIHcoIHZhjVodHRwOi8vd3d3LnRy 17 | dXN0Y2VudGVyLmRlL2NybC92Mi90Y19jbGFzc18zX2NhX0lJLmNybIaBn2xkYXA6 18 | Ly93d3cudHJ1c3RjZW50ZXIuZGUvQ049VEMlMjBUcnVzdENlbnRlciUyMENsYXNz 19 | JTIwMyUyMENBJTIwSUksTz1UQyUyMFRydXN0Q2VudGVyJTIwR21iSCxPVT1yb290 20 | Y2VydHMsREM9dHJ1c3RjZW50ZXIsREM9ZGU/Y2VydGlmaWNhdGVSZXZvY2F0aW9u 21 | TGlzdD9iYXNlPzANBgkqhkiG9w0BAQUFAAOCAQEANmDkcPcGIEPZIxpC8vijsrlN 22 | irTzwppVMXzEO2eatN9NDoqTSheLG43KieHPOh6sHfGcMrSOWXaiQYUlN6AT0PV8 23 | TtXqluJucsG7Kv5sbviRmEb8yRtXW+rIGjs/sFGYPAfaLFkB2otE6OF0/ado3VS6 24 | g0bsyEa1+K+XwDsJHI/OcpY9M1ZwvJbL2NV9IJqDnxrcOfHFcqMRA/07QlIp2+gB 25 | 95tejNaNhk4Z+rwcvsUhpYeeeC422wlxo3I0+GzjBgnyXlal092Y+tTmBvTwtiBj 26 | S+opvaqCZh77gaqnN60TGOaSw4HBM7uIHqHn4rS9MWwOUT1v+5ZWgOI2F9Hc5A== 27 | -----END CERTIFICATE----- 28 | 29 | -------------------------------------------------------------------------------- /tests/crl/1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIEvTCCA6WgAwIBAgIBADANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJFVTEn 3 | MCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQL 4 | ExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEiMCAGA1UEAxMZQ2hhbWJlcnMg 5 | b2YgQ29tbWVyY2UgUm9vdDAeFw0wMzA5MzAxNjEzNDNaFw0zNzA5MzAxNjEzNDRa 6 | MH8xCzAJBgNVBAYTAkVVMScwJQYDVQQKEx5BQyBDYW1lcmZpcm1hIFNBIENJRiBB 7 | ODI3NDMyODcxIzAhBgNVBAsTGmh0dHA6Ly93d3cuY2hhbWJlcnNpZ24ub3JnMSIw 8 | IAYDVQQDExlDaGFtYmVycyBvZiBDb21tZXJjZSBSb290MIIBIDANBgkqhkiG9w0B 9 | AQEFAAOCAQ0AMIIBCAKCAQEAtzZV5aVdGDDg2olUkfzIx1L4L1DZ77F1c2VHfRtb 10 | unXF/KGIJPov7coISjlUxFF6tdpg6jg8gbLL8bvZkSM/SAFwdakFKq0fcfPJVD0d 11 | BmpAPrMMhe5cG3nCYsS4No41XQEMIwRHNaqbYE6gZj3LJgqcQKH0XZi/caulAGgq 12 | 7YN6D6IUtdQis4CwPAxaUWktWBiP7Zme8a7ileb2R6jWDA+wWFjbw2Y3npuRVDM3 13 | 0pQcakjJyfKl2qUMI/cjDpwyVV5xnIQFUZot/eZOKjRa3spAN2cMVCFVd9oKDMyX 14 | roDclDZK9D7ONhMeU+SsTjoF7Nuucpw4i9A5O4kKPnf+dQIBA6OCAUQwggFAMBIG 15 | A1UdEwEB/wQIMAYBAf8CAQwwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC5j 16 | aGFtYmVyc2lnbi5vcmcvY2hhbWJlcnNyb290LmNybDAdBgNVHQ4EFgQU45T1sU3p 17 | 26EpW1eLTXYGduHRooowDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIA 18 | BzAnBgNVHREEIDAegRxjaGFtYmVyc3Jvb3RAY2hhbWJlcnNpZ24ub3JnMCcGA1Ud 19 | EgQgMB6BHGNoYW1iZXJzcm9vdEBjaGFtYmVyc2lnbi5vcmcwWAYDVR0gBFEwTzBN 20 | BgsrBgEEAYGHLgoDATA+MDwGCCsGAQUFBwIBFjBodHRwOi8vY3BzLmNoYW1iZXJz 21 | aWduLm9yZy9jcHMvY2hhbWJlcnNyb290Lmh0bWwwDQYJKoZIhvcNAQEFBQADggEB 22 | AAxBl8IahsAifJ/7kPMa0QOx7xP5IV8EnNrJpY0nbJaHkb5BkAFyk+cefV/2icZd 23 | p0AJPaxJRUXcLo0waLIJuvvDL8y6C98/d3tGfToSJI6WjzwFCm/SlCgdbQzALogi 24 | 1djPHRPH8EjX1wWnz8dHnjs8NMiAT9QUu/wNUPf6s+xCX6ndbcj0dc97wXImsQEc 25 | XCz9ek60AcUFV7nnPKoF2YjpB0ZBzu9Bga5Y34OirsrXdx/nADydb47kMgkdTXg0 26 | eDQ8lJsm7U9xxhl6vSAiSFr+S30Dt+dYvsYyTnQeaN2oaFuzPu5ifdmA6Ap1erfu 27 | tGWaIZDgqtCYvDi1czyL+Nw= 28 | -----END CERTIFICATE----- 29 | 30 | -------------------------------------------------------------------------------- /tests/regression/gcloud.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC0Iuq7GtFgSVnO 3 | CG27r4pN5Xsqz7hzomdNLM+hadpbOGZC0fa7bdtXGcKIZs8IZg8ZFjmGvxu3UX8O 4 | JCKURbK5UZXKWrsQjwFivr+YJL3zISqwWh3ibIHp/bs/6azYSW9AZaPhRr/BD2M4 5 | V05C+sL0CBSXX3b+Rr23rW57jqkYAP9TpFGZU2VuqBql/kcD32YNRuVE9ak1Gudt 6 | Du4O9G0EGuOFXIxcPa6TRzVBPtenRSzbeij4Iqf04jM+FgaFz7cUM1fjvEWIuvEV 7 | 1vNwssEPN7sXTYqpWnQOGHI70an5pJ75npo8ZKrwVzAFotSxDPNbBTR0D8vBsFhG 8 | TlmwgtJ9AgMBAAECggEAGJ+fQ5VOYqGUN5A6Y8oCl1RTqk37sj7UbR2/ghqEoSyL 9 | +f1Wg1dogLcCOwAGs+izjqPVmEA+aygmPIoe+fKvFBr9ZUxSvtg1gch+Sy9WkcoK 10 | WlHvPNjFR3WKJ5nrKSOcpApgxPYVVzAhyX1RsuExTgdevTRtASQtYdLAw/4DykZ5 11 | 58nbfMLa9cZ0zu+BTIkKhAAEvjMVnzvuDQWhAShLMQISGbcHVApTzSbj7nCR/tn0 12 | 2B7znmu/YcHTBsNdee1Ic9/cfLWWueGeYt1z2RUo6h9H4ILJ8Vju/pUqCAUFj2c0 13 | tTLs1pKgxbQv/PEW1OKbeM1MqO6ya0buCJy++up9xwKBgQDbKnzQCRtmSIRSCsHW 14 | IYeWwIWvhrQIaQuUtaJ5A/42sKPvIu/HdoScZuZzXsC+WIsmr1XEFUSaxJnAbDhM 15 | 73fuUdNlzoQa+dw3x8eoL2KPhHUMgXgGR//eMMegorzSwR7Lmeu2w1G7UZFVfRby 16 | 6cqBMMvExoMT017UvdEegwoz3wKBgQDSaTNM2eSIlSHWilaudvjzFyFnoYrNd4ep 17 | 52XiSBA/3KMlBv3ZbWmiNlwgKZq77DYnUZGMYdXXbB2edAK5a/ikphNLPRhn1zNq 18 | hVEDXuOwkcyGyNol1P2z9G3n9B+rNy+1RYFAKPJ9/eAqtuxj6kgNDPReXk/a+vtj 19 | +DMsWzGlIwKBgAieLhQ8F3C5L0LOm3qhDOTXoyoYwOGHx+XMEpxxlMBvx7JyjD0q 20 | ouJHhY5JzohtkOMvh87TC0SOsIEJgFk+HVgorYhWS4mIA6nJ2Eb7vgNosPWR7bdJ 21 | g30oK+FcJNKgt2ZIIiWonoEgHvfemFVq7gSQd6LAL41LBXKWGC/79R2/AoGACUGN 22 | eyz+q697zJdLVuNu8iqrUoa9t2oxspy2U6z94gFPv/o9wonYosUnalbKMsgiXbpt 23 | 37ISGSbtaqIJ2KRSTNPtd1rZrv+9iEsTFEXhWEwhpjBBwHZNLtRq3VBU8FA+Lgg/ 24 | tlXWzQoVCWwAnCibQM+4FEqr0qNF2dD6V1IvrecCgYEAr8VENgxbQ+mZq6bIfMqC 25 | vCj0DNppYs0llOlu/9JZZzEHnas9afg+rNlK/Hd5iMgzJ/0bxlI+u/G3do2QJ8dP 26 | z5ewonMpLxmcxWoB/47FdaNhtiMpZkwpi7EOvapzN8jgr8DWeMTl2aA4iMEOk0lj 27 | v7+MqvYwLMfQTrTzGu9VjFo= 28 | -----END PRIVATE KEY----- 29 | -------------------------------------------------------------------------------- /tests/crl/2.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIExTCCA62gAwIBAgIBADANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJFVTEn 3 | MCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQL 4 | ExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEgMB4GA1UEAxMXR2xvYmFsIENo 5 | YW1iZXJzaWduIFJvb3QwHhcNMDMwOTMwMTYxNDE4WhcNMzcwOTMwMTYxNDE4WjB9 6 | MQswCQYDVQQGEwJFVTEnMCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgy 7 | NzQzMjg3MSMwIQYDVQQLExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEgMB4G 8 | A1UEAxMXR2xvYmFsIENoYW1iZXJzaWduIFJvb3QwggEgMA0GCSqGSIb3DQEBAQUA 9 | A4IBDQAwggEIAoIBAQCicKLQn0KuWxfH2H3PFIP8T8mhtxOviteePgQKkotgVvq0 10 | Mi+ITaFgCPS3CU6gSS9J1tPfnZdan5QEcOw/Wdm3zGaLmFIoCQLfxS+EjXqXd7/s 11 | QJ0lcqu1PzKY+7e3/HKE5TWH+VX6ox8Oby4o3Wmg2UIQxvi1RMLQQ3/bvOSiPGpV 12 | eAp3qdjqGTK3L/5cPxvusZjsyq16aUXjlg9V9ubtdepl6DJWk0aJqCWKZQbua795 13 | B9Dxt6/tLE2Su8CoX6dnfQTyFQhwrJLWfQTSM/tMtgsL+xrJxI0DqX5c8lCrEqWh 14 | z0hQpe/SyBoT+rB/sYIcd2oPX9wLlY/vQ37mRQklAgEDo4IBUDCCAUwwEgYDVR0T 15 | AQH/BAgwBgEB/wIBDDA/BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vY3JsLmNoYW1i 16 | ZXJzaWduLm9yZy9jaGFtYmVyc2lnbnJvb3QuY3JsMB0GA1UdDgQWBBRDnDafsJ4w 17 | TcbOX60Qq+UDpfqpFDAOBgNVHQ8BAf8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAH 18 | MCoGA1UdEQQjMCGBH2NoYW1iZXJzaWducm9vdEBjaGFtYmVyc2lnbi5vcmcwKgYD 19 | VR0SBCMwIYEfY2hhbWJlcnNpZ25yb290QGNoYW1iZXJzaWduLm9yZzBbBgNVHSAE 20 | VDBSMFAGCysGAQQBgYcuCgEBMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly9jcHMuY2hh 21 | bWJlcnNpZ24ub3JnL2Nwcy9jaGFtYmVyc2lnbnJvb3QuaHRtbDANBgkqhkiG9w0B 22 | AQUFAAOCAQEAPDtwkfkEVCeR4e3t/mh/YV3lQWVPMvEYBZRqHN4fcNs+ezICNLUM 23 | bKGKfKX0j//U2K0X1S0E0T9YgOKBWYi+wONGkyT+kL0mojAt6JcmVzWJdJYY9hXi 24 | ryQZVgICsroPFOrGimbBhkVVi76SvpykBMdJPJ7oKXqJ1/6v/2j1pReQvayZzKWG 25 | VwlnRtvWFsJG8eSpUPWP0ZIV018+xgBJOm5YstHRJw0lyDL4IBHNfTIzSJRUTN3c 26 | ecQwn+uOuFW114hcxWokPbLTBQNRxgfvzBRydD1ucs4YKIxKoHflCStFREest2d/ 27 | AYoFWpO+ocH/+OcOZ6RHSXZddZAa9SaP8A== 28 | -----END CERTIFICATE----- 29 | 30 | -------------------------------------------------------------------------------- /tests/regression/rsa_priv.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQChM8H/t7Nhyehr 3 | o2zgYlDviceO7Mld/7hdZXOu7Eur7ZKLHFZ/fb9NJoEQfEmgksQZNzAfbmoO/s+F 4 | ZF5BVutmyjqn/TPytZT7VOO8uVmXOcCF7Hujm42oLxKy4BW8S8GfdS/A6jJ2ynq4 5 | BV8vFNuiLVJXA2VS/QIoImEgnMEha3TepZC7Af6COmT4+gHi0tzgZgyn6UiCP3hA 6 | 88qc6RJWGHVQbkO2QOaCvOSqaSe0tBieYAQj509MfU4OMwwqAMHNK8dlmXIpOVzv 7 | pvJaEVzmVCZi9fdLZ+gyAElYGRyRqSIY6V9MGMg+AV7GjvT55doUYS6WXeFJpRgj 8 | 3DIrwYw5AgMBAAECggEAAuXFRO1uYgGZFeY4HMhnoAaf+aez7uabz8H1FF3W9l4s 9 | 1idKPrxp5d8dTsiNIj/BGprtWINJkL9vx3wIXbBMRuq3pzFb767n4KSj+05xl9BH 10 | 76BSkJxJLY67DVAN0/agolce5p7PDWeSUSB3l4cOc5nQ8xNyjM1Tbpk/mbB3oDwg 11 | 6VOGSynp5oNbyuprxC7giVLVV/tWOljN8yr3bKyDmf27/8Jd4iNrhIPPkn9U5scW 12 | WCELWrgDga2p7Wi0MbKcLFG5Juz4nU0oz0nJ/g3IyIBORMTo6dRfcYW90KcLNAvO 13 | /drOr/c1SYfw63e8+nLSkgfKSI24MoV9bVFsOzC1qQKBgQDaK++9V/ph/JaRqGWJ 14 | DHVnHSSGwTt8j3qanuf963kQ3Z0PZzNOE6Y8A/LHOhxhqH0y1S63YEFwMYfy5Vsy 15 | jH8XoxGUolcXrReYoj/qGvhx8FFwV+Aj0xqCwOEhehOxzphV35EdrM1MTXVWnFsT 16 | a1Yq70NLE5cXorwntnKdsjgOAwKBgQC9JxkBTv3RdGpjHozvXIcHUmNHkjY5+s1+ 17 | dDXUmD32frYTcMHGJnMwYILQ4D1B5RmIgnrdjJYs+M10keM8n/CGUovAv1IZqkCa 18 | C6R42eA7vbS+gJ2AS0FibBVNmEr9bobK/kcwEaBme1z+S/YQ5DpGNmx9TAMJ7PRA 19 | OYGVNfbWEwKBgQCu9vlmsb2dA4KFAbWb+R/WN+rpHuJj/HTot3N5kXQf8HpatfrR 20 | LLTuAISc/Z9xOjxdndW/PjR8k1xhkUpX+ZCbFi2tM5wA4tG/mK8FQefpCD9nhzG7 21 | yTrDjYd+33YX7IUCqS6py8FA5gWqFe58XmJWQFeJSAat79ZRSuIUUa7enQKBgQC6 22 | LhCrvA+TKe5Jj9mTBNUXvN1hpiXf3eCElmgh0JQ02rXm3rasjk4VEPnSFNXW1WTT 23 | e/LpvSZYL7EzCyHLG3aJEBjk6Kwr/OtHdSw3k+TliK2uUTQ2AlziPpadYMh3OWJN 24 | zglN5Buoo8Z9u1EBgVNmps0Ua0wWafhkevX0Y0CJpwKBgFmFp46Wr/lV7IF3O30S 25 | 25dgZD47hWAcEEaxE5RQioVrqbUKdvJoQsfoGFwdbhV0V2fLRXgHm0kbcnw0kaN9 26 | E2afghYQRBFskYVft6ROcxbB8dhW1fNMLYHKsbiNyId/XkmEw71gG244yDJP8Q9h 27 | gIwYC+CThlQ9qL+oLurpvy1M 28 | -----END PRIVATE KEY----- 29 | -------------------------------------------------------------------------------- /tests/regression/openssl_2048.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDN/TPIzwalLAgD 3 | o5mTsxKSZhKavdF851DBEvteyx/cNd4Apxtt+4qWuI3Mboqeh/llhGLxJ8ZdiQCI 4 | bhhHsqXjM640AJq2kLm8f0bEweZknT/KD+ThqObNLmhcgaJpjFjG+Z2ZmC5XDi3C 5 | OZKLD/rnuBuDbZqN8n1Tde6S58duI8M2kGvRcVfYPSc+WjMf5yMRMlPOWbYiC+JO 6 | 5afjS/FGOG+RBVVDrxq70UoIJdUd9SssfRB79pGED/3hfTT/Mt2AI7rpgsQOYgrd 7 | 4eut3UsUGZoLR8hLSaG58WjGqQRgsuih+JHAiWcfhploD0Yx8kR99GzxA/8nGYgg 8 | 6RlT389xAgMBAAECggEBAKk+Pkvg/R68fKEwy7/0w2+Refu1tecfztOzmuCZl8XA 9 | ZHS41+qXX5jSbX7n2/DA24IzMW/eNDcpl0yA2GYgO/fewGRtkrApXNGo6SZEAd3s 10 | 7TpBsNZPhcJTPN+0ixKZg1+IO5q01G4mciZAU0z6hjXYqJJlfTTfZWUrYidFVDAC 11 | rIsSAlMAsjzHWugWey8MolMZYBBsEGyXlMc1vf/E2i5lvglEgmgD6Xn86nPS8y9t 12 | 2Z3O01OynMa8sE3LVg09HksvfNL+txfZoxbK8z9CHELvI8gVUJcT6EGEiHeDqXjr 13 | wThK7WCv2yf/lCYE3zxw1bjLzBlI+20ywEvrIry5xAECgYEA7hAHLi9ip7xG4fRo 14 | 1+32d1ZpklyCLJ/lF+UUFfa6wpuXR0muHS+FpOxZO0cNRLE1OMsL7KxeLoBqQfvp 15 | nmhTDsCVq9RBnJPqoB1k11I1gNVHZe1aoqYy17A8TfNetR5RwBjo9XYZfrXeHg9s 16 | qi8uk1D1d3q1AvDvsoHzv5d9dRECgYEA3YKCmNz8oA08MFqCetxm0XEmqqJwlWGr 17 | jX9c1jK6HfamsHS93a2Seb9Zm+fps3PixZZWEEI9n/yJmkM4CkmJBlzUA31gN+gU 18 | AAjsxt8YiSdxO0L1BscxqebOoD2CnWXvk9SHr8kE7WfKe98Bf8/CjN+qL3gNkAp4 19 | dqVXY/yfNGECgYEAvQylZxviMGnnsFAzYiZq72ID/GLSTTW87DjSto50yU5d2BK+ 20 | 3hZ6/vlh8xz9gGtpZGx6T7yiHjOELloqr80RCEoPkaDBaeJdFEHDbuqt6l10kZDn 21 | xPpOrdIaUZzOvO4S5YXimerrXCB4/04ocQ1+4yYLiJI9ZNSIxS1FsARRcMECgYEA 22 | 2LJhcovVs/nepOsWdH0DNOe9zPYmr2yiOEWdm4p6mu99uGgsih3QirwQPL4O2ViI 23 | Q4XD4hn7UXTrZHdX7nBr1Uagvl078NVgI3yXriH4TczBMBlbvWrHAhBimU4zZimf 24 | y34B040S/fEonC/YtqGYENqKEfAfTIeBu4gayx0K3mECgYBmE7Or+YnhIDr3fuDS 25 | lspBeejV17mI/kd7xKBbgirMvIzh/6Wi7PooySLrlcu23/lba3FPl6ZobfHAUCLS 26 | LDttnjIsDJkxXh3fOwJmad9J/hSDt/QdkIivnEgrvCt7s2Tji3OaPTujtaQT0SOZ 27 | ZfOHUpM7RHfGV5KS3qr2C8BjVw== 28 | -----END PRIVATE KEY----- 29 | -------------------------------------------------------------------------------- /tests/crl/12.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIE2DCCBEGgAwIBAgIEN0rSQzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC 3 | VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u 4 | ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc 5 | KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u 6 | ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05OTA1 7 | MjUxNjA5NDBaFw0xOTA1MjUxNjM5NDBaMIHDMQswCQYDVQQGEwJVUzEUMBIGA1UE 8 | ChMLRW50cnVzdC5uZXQxOzA5BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5j 9 | b3JwLiBieSByZWYuIChsaW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBF 10 | bnRydXN0Lm5ldCBMaW1pdGVkMTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUg 11 | U2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGdMA0GCSqGSIb3DQEBAQUA 12 | A4GLADCBhwKBgQDNKIM0VBuJ8w+vN5Ex/68xYMmo6LIQaO2f55M28Qpku0f1BBc/ 13 | I0dNxScZgSYMVHINiC3ZH5oSn7yzcdOAGT9HZnuMNSjSuQrfJNqc1lB5gXpa0zf3 14 | wkrYKZImZNHkmGw6AIr1NJtl+O3jEP/9uElY3KDegjlrgbEWGWG5VLbmQwIBA6OC 15 | AdcwggHTMBEGCWCGSAGG+EIBAQQEAwIABzCCARkGA1UdHwSCARAwggEMMIHeoIHb 16 | oIHYpIHVMIHSMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50cnVzdC5uZXQxOzA5 17 | BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5jb3JwLiBieSByZWYuIChsaW1p 18 | dHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBFbnRydXN0Lm5ldCBMaW1pdGVk 19 | MTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUgU2VydmVyIENlcnRpZmljYXRp 20 | b24gQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMCmgJ6AlhiNodHRwOi8vd3d3LmVu 21 | dHJ1c3QubmV0L0NSTC9uZXQxLmNybDArBgNVHRAEJDAigA8xOTk5MDUyNTE2MDk0 22 | MFqBDzIwMTkwNTI1MTYwOTQwWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAU8Bdi 23 | E1U9s/8KAGv7UISX8+1i0BowHQYDVR0OBBYEFPAXYhNVPbP/CgBr+1CEl/PtYtAa 24 | MAwGA1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EABAwwChsEVjQuMAMCBJAwDQYJKoZI 25 | hvcNAQEFBQADgYEAkNwwAvpkdMKnCqV8IY00F6j7Rw7/JXyNEwr75Ji174z4xRAN 26 | 95K+8cPV1ZVqBLssziY2ZcgxxufuP+NXdYR6Ee9GTxj005i7qIcyunL2POI9n9cd 27 | 2cNgQ4xYDiKWL2KjLB+6rQXvqzJ4h6BUcxm1XAX5Uj5tLUUL9wqT6u0G+bI= 28 | -----END CERTIFICATE----- 29 | 30 | -------------------------------------------------------------------------------- /tests/regression/dfn.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIE1TCCA72gAwIBAgIIUE7G9T0RtGQwDQYJKoZIhvcNAQELBQAwcTELMAkGA1UE 3 | BhMCREUxHDAaBgNVBAoTE0RldXRzY2hlIFRlbGVrb20gQUcxHzAdBgNVBAsTFlQt 4 | VGVsZVNlYyBUcnVzdCBDZW50ZXIxIzAhBgNVBAMTGkRldXRzY2hlIFRlbGVrb20g 5 | Um9vdCBDQSAyMB4XDTE0MDcyMjEyMDgyNloXDTE5MDcwOTIzNTkwMFowWjELMAkG 6 | A1UEBhMCREUxEzARBgNVBAoTCkRGTi1WZXJlaW4xEDAOBgNVBAsTB0RGTi1QS0kx 7 | JDAiBgNVBAMTG0RGTi1WZXJlaW4gUENBIEdsb2JhbCAtIEcwMTCCASIwDQYJKoZI 8 | hvcNAQEBBQADggEPADCCAQoCggEBAOmbw2eF+Q2u9Y1Uw5ZQNT1i6W5M7ZTXAFuV 9 | InTUIOs0j9bswDEEC5mB4qYU0lKgKCOEi3SJBF5b4OJ4wXjLFssoNTl7LZBF0O2g 10 | AHp8v0oOGwDDhulcKzERewzzgiRDjBw4i2poAJru3E94q9LGE5t2re7eJujvAa90 11 | D8EJovZrzr3TzRQwT/Xl46TIYpuCGgMnMA0CZWBN7dEJIyqWNVgn03bGcbaQHcTt 12 | /zWGfW8zs9sPxRHCioOhlF1Ba9jSEPVM/cpRrNm975KDu9rrixZWVkPP4dUTPaYf 13 | JzDNSVTbyRM0mnF1xWzqpwuY+SGdJ68+ozk5SGqMrcmZ+8MS8r0CAwEAAaOCAYYw 14 | ggGCMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUSbfGz+g9H3/qRHsTKffxCnA+ 15 | 3mQwHwYDVR0jBBgwFoAUMcN5G7r1U9cX4Il6LRdsCrMrnTMwEgYDVR0TAQH/BAgw 16 | BgEB/wIBAjBiBgNVHSAEWzBZMBEGDysGAQQBga0hgiwBAQQCAjARBg8rBgEEAYGt 17 | IYIsAQEEAwAwEQYPKwYBBAGBrSGCLAEBBAMBMA8GDSsGAQQBga0hgiwBAQQwDQYL 18 | KwYBBAGBrSGCLB4wPgYDVR0fBDcwNTAzoDGgL4YtaHR0cDovL3BraTAzMzYudGVs 19 | ZXNlYy5kZS9ybC9EVF9ST09UX0NBXzIuY3JsMHgGCCsGAQUFBwEBBGwwajAsBggr 20 | BgEFBQcwAYYgaHR0cDovL29jc3AwMzM2LnRlbGVzZWMuZGUvb2NzcHIwOgYIKwYB 21 | BQUHMAKGLmh0dHA6Ly9wa2kwMzM2LnRlbGVzZWMuZGUvY3J0L0RUX1JPT1RfQ0Ff 22 | Mi5jZXIwDQYJKoZIhvcNAQELBQADggEBAGMgKP2cIYZyvjlGWTkyJbypAZsNzMp9 23 | QZyGbQpuLLMTWXWxM5IbYScW/8Oy1TWC+4QqAUm9ZrtmL7LCBl1uP27jAVpbykNj 24 | XJW24TGnH9UHX03mZYJOMvnDfHpLzU1cdO4h8nUC7FI+0slq05AjbklnNb5/TVak 25 | 7Mwvz7ehl6hyPsm8QNZapAg91ryCw7e3Mo6xLI5qbbc1AhnP9TlEWGOnJAAQsLv8 26 | Tq9uLzi7pVdJP9huUG8sl5bcHUaaZYnPrszy5dmfU7M+oS+SqdgLxoQfBMbrHuif 27 | fbV7pQLxJMUkYxE0zFqTICp5iDolQpCpZTt8htMSFSMp/CzazDlbVBc= 28 | -----END CERTIFICATE----- 29 | 30 | -------------------------------------------------------------------------------- /x509.opam: -------------------------------------------------------------------------------- 1 | opam-version: "2.0" 2 | maintainer: [ 3 | "Hannes Mehnert " 4 | ] 5 | authors: [ 6 | "Hannes Mehnert " 7 | "David Kaloper " 8 | ] 9 | license: "BSD-2-Clause" 10 | tags: "org:mirage" 11 | homepage: "https://github.com/mirleft/ocaml-x509" 12 | doc: "https://mirleft.github.io/ocaml-x509/doc" 13 | bug-reports: "https://github.com/mirleft/ocaml-x509/issues" 14 | depends: [ 15 | "ocaml" {>= "4.13.0"} 16 | "dune" {>= "2.0"} 17 | "asn1-combinators" {>= "0.3.1"} 18 | "ptime" 19 | "base64" {>= "3.3.0"} 20 | "mirage-crypto" {>= "1.0.0"} 21 | "mirage-crypto-pk" 22 | "mirage-crypto-ec" {>= "0.10.7"} 23 | "mirage-crypto-rng" 24 | "mirage-crypto-rng" {with-test & >= "1.2.0"} 25 | "fmt" {>= "0.8.7"} 26 | "alcotest" {with-test} 27 | "gmap" {>= "0.3.0"} 28 | "domain-name" {>= "0.3.0"} 29 | "logs" 30 | "kdf" {>= "1.0.0"} 31 | "ohex" {>= "0.2.0"} 32 | "ipaddr" {>= "5.2.0"} 33 | ] 34 | conflicts: [ "result" {< "1.5"} ] 35 | build: [ 36 | ["dune" "subst"] {dev} 37 | ["dune" "build" "-p" name "-j" jobs] 38 | ["dune" "runtest" "-p" name "-j" jobs] {with-test} 39 | ] 40 | dev-repo: "git+https://github.com/mirleft/ocaml-x509.git" 41 | synopsis: "Public Key Infrastructure (RFC 5280, PKCS) purely in OCaml" 42 | description: """ 43 | X.509 is a public key infrastructure used mostly on the Internet. It consists 44 | of certificates which include public keys and identifiers, signed by an 45 | authority. Authorities must be exchanged over a second channel to establish the 46 | trust relationship. This library implements most parts of RFC5280 and RFC6125. 47 | The Public Key Cryptography Standards (PKCS) defines encoding and decoding 48 | (in ASN.1 DER and PEM format), which is also implemented by this library - 49 | namely PKCS 1, PKCS 5, PKCS 7, PKCS 8, PKCS 9, PKCS 10, and PKCS 12. 50 | """ 51 | x-maintenance-intent: [ "(latest)" ] 52 | -------------------------------------------------------------------------------- /tests/custom_pp/custom_pp.ml: -------------------------------------------------------------------------------- 1 | let fido_u2f_transport_oid = 2 | Asn.OID.(base 1 3 <| 6 <| 1 <| 4 <| 1 <| 45724 <| 2 <| 1 <| 1) 3 | 4 | let fido_u2f_transport_oid_name = "id-fido-u2f-ce-transports" 5 | 6 | type transport = [ 7 | | `Bluetooth_classic 8 | | `Bluetooth_low_energy 9 | | `Usb 10 | | `Nfc 11 | | `Usb_internal 12 | ] 13 | 14 | let pp_transport ppf = function 15 | | `Bluetooth_classic -> Fmt.string ppf "BluetoothClassic" 16 | | `Bluetooth_low_energy -> Fmt.string ppf "BluetoothLowEnergy" 17 | | `Usb -> Fmt.string ppf "USB" 18 | | `Nfc -> Fmt.string ppf "NFC" 19 | | `Usb_internal -> Fmt.string ppf "USBInternal" 20 | 21 | let transports = 22 | let opts = [ 23 | (0, `Bluetooth_classic); 24 | (1, `Bluetooth_low_energy); 25 | (2, `Usb); 26 | (3, `Nfc); 27 | (4, `Usb_internal); 28 | ] in 29 | Asn.S.bit_string_flags opts 30 | 31 | let decode_transports cs = 32 | match Asn.decode (Asn.codec Asn.der transports) cs with 33 | | Ok (a, cs) -> 34 | if String.length cs = 0 then Ok a else Error (`Msg "trailing bytes") 35 | | Error (`Parse msg) -> Error (`Msg msg) 36 | 37 | let custom_pp ppf (oid, data) = 38 | if Asn.OID.equal oid fido_u2f_transport_oid then 39 | match decode_transports data with 40 | | Error `Msg _e -> 41 | Fmt.pf ppf "%s invalid-data" fido_u2f_transport_oid_name 42 | | Ok transports -> 43 | Fmt.pf ppf "%s %a" fido_u2f_transport_oid_name Fmt.(list ~sep:(any ",") pp_transport) transports 44 | else 45 | Fmt.pf ppf "unsupported %a: %a" Asn.OID.pp oid (Ohex.pp_hexdump ()) data 46 | 47 | let () = 48 | let fullpath = "../testcertificates/fido.pem" in 49 | let fd = open_in fullpath in 50 | let ln = in_channel_length fd in 51 | let buf = Bytes.create ln in 52 | really_input fd buf 0 ln; 53 | close_in_noerr fd; 54 | let buf = Bytes.unsafe_to_string buf in 55 | match X509.Certificate.decode_pem buf with 56 | | Error `Msg e -> failwith e 57 | | Ok cert -> 58 | Format.printf "Certificate: %a\n" (X509.Certificate.pp' custom_pp) cert 59 | -------------------------------------------------------------------------------- /tests/priv.ml: -------------------------------------------------------------------------------- 1 | open X509 2 | 3 | let pk_equal a b = 4 | String.equal 5 | Digestif.SHA256.(to_raw_string (digest_string (Private_key.encode_der a))) 6 | Digestif.SHA256.(to_raw_string (digest_string (Private_key.encode_der b))) 7 | 8 | let generate_rsa () = 9 | let seed = "Test1234" in 10 | let pk = Private_key.generate ~seed `RSA in 11 | let pk' = Result.get_ok (Private_key.of_string `RSA seed) in 12 | let pk'' = Result.get_ok (Private_key.of_string ~seed_or_data:`Seed `RSA seed) in 13 | Alcotest.(check bool "generate and of_string" true (pk_equal pk pk')); 14 | Alcotest.(check bool "generate and of_string ~seed" true (pk_equal pk pk'')); 15 | match Private_key.of_string ~seed_or_data:`Data `RSA seed with 16 | | Error _ -> () 17 | | Ok _ -> Alcotest.fail "expected failure (of_string `Data `RSA)" 18 | 19 | let b64_dec s = Base64.decode_exn s 20 | 21 | let test_ec (key_type, data) () = 22 | let pk = Result.get_ok (Private_key.of_octets (b64_dec data) key_type) in 23 | let pk' = Result.get_ok (Private_key.of_string key_type data) in 24 | let pk'' = Result.get_ok (Private_key.of_string ~seed_or_data:`Data key_type data) in 25 | Alcotest.(check bool "generate and of_string" true (pk_equal pk pk')); 26 | Alcotest.(check bool "generate and of_string ~data" true (pk_equal pk pk'')); 27 | match Private_key.of_string ~seed_or_data:`Seed key_type data with 28 | | Error _ -> Alcotest.fail "expected ok (of_string `Seed)" 29 | | Ok pk''' -> Alcotest.(check bool "generate and of_String ~seed" false (pk_equal pk pk''')) 30 | 31 | let ec_data = [ 32 | `ED25519, "W0p4c4tBHtSaTj4zij4oARCjhFbIi8voYg+65bl7wLU=" ; 33 | `P256, "arvDmHpdTdzbc0uo+KCXoArmrmAs2GAvfk14D8gi6gM=" ; 34 | `P384, "UEZz/xVx2f3s7W8/cFy/w38LkjAq0xfMYJiXamdwgW9zwSK18+vrhKzgE23sFnyq" ; 35 | `P521, "AVb4DIpMO5hzyfX1n4qi4xtj/JBDCTCwyOLasKnnVS6FHW2hEZbGwd1c2J4rwpNKZqTKNsKu3dVJAmlp3EFhqv5T" ; 36 | ] 37 | 38 | let tests = 39 | ("Generate RSA", `Quick, generate_rsa) :: 40 | List.map (fun d -> Key_type.to_string (fst d), `Quick, test_ec d) ec_data 41 | -------------------------------------------------------------------------------- /tests/regression/1.1.1.1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFhjCCBQ2gAwIBAgIQBQdvZtEbaSJWzKzVRv/sUzAKBggqhkjOPQQDAzBWMQsw 3 | CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMTAwLgYDVQQDEydEaWdp 4 | Q2VydCBUTFMgSHlicmlkIEVDQyBTSEEzODQgMjAyMCBDQTEwHhcNMjEwMTExMDAw 5 | MDAwWhcNMjIwMTE4MjM1OTU5WjByMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2Fs 6 | aWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEZMBcGA1UEChMQQ2xvdWRm 7 | bGFyZSwgSW5jLjEbMBkGA1UEAxMSY2xvdWRmbGFyZS1kbnMuY29tMFkwEwYHKoZI 8 | zj0CAQYIKoZIzj0DAQcDQgAEF60f6DWvcNONnJ5k/UceW5cMCtEQqCYyETZmTRKZ 9 | w+Exu/UhY3PdpcHBoPBtpMRe4cLb2vkNNIAa97ngOvLVdKOCA58wggObMB8GA1Ud 10 | IwQYMBaAFAq8CCkXjKU5bXoOzjPHLrPt+8N6MB0GA1UdDgQWBBThtvwG+bmLBfTB 11 | 4kibArkLwbU9eTCBpgYDVR0RBIGeMIGbghJjbG91ZGZsYXJlLWRucy5jb22CFCou 12 | Y2xvdWRmbGFyZS1kbnMuY29tgg9vbmUub25lLm9uZS5vbmWHBAEBAQGHBAEAAAGH 13 | BKKfJAGHBKKfLgGHECYGRwBHAAAAAAAAAAAAERGHECYGRwBHAAAAAAAAAAAAEAGH 14 | ECYGRwBHAAAAAAAAAAAAAGSHECYGRwBHAAAAAAAAAAAAZAAwDgYDVR0PAQH/BAQD 15 | AgeAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBlwYDVR0fBIGPMIGM 16 | MESgQqBAhj5odHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRUTFNIeWJy 17 | aWRFQ0NTSEEzODQyMDIwQ0ExLmNybDBEoEKgQIY+aHR0cDovL2NybDQuZGlnaWNl 18 | cnQuY29tL0RpZ2lDZXJ0VExTSHlicmlkRUNDU0hBMzg0MjAyMENBMS5jcmwwSwYD 19 | VR0gBEQwQjA2BglghkgBhv1sAQEwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5k 20 | aWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjCBgwYIKwYBBQUHAQEEdzB1MCQGCCsG 21 | AQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wTQYIKwYBBQUHMAKGQWh0 22 | dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRMU0h5YnJpZEVDQ1NI 23 | QTM4NDIwMjBDQTEuY3J0MAwGA1UdEwEB/wQCMAAwggEEBgorBgEEAdZ5AgQCBIH1 24 | BIHyAPAAdgApeb7wnjk5IfBWc59jpXflvld9nGAK+PlNXSZcJV3HhAAAAXby6BKo 25 | AAAEAwBHMEUCIQDRsvaM+FOVneTUUwY0ggKKCuqKp7wnHvtWHtEUZB+uZwIgJbGG 26 | 3Rsq548BxED2wxZ4q2G/9jo0/EeIEwdl9GC7NEIAdgAiRUUHWVUkVpY/oS/x922G 27 | 4CMmY63AS39dxoNcbuIPAgAAAXby6BMPAAAEAwBHMEUCIQCV3RpnSizsrJ1vi/48 28 | /qT1PoclZYI3N51mveRdD2gkWQIgdWX+MLuAa8ziuKGIlqjoAiaOvs/4IfqthaAN 29 | h6HW8TQwCgYIKoZIzj0EAwMDZwAwZAIwJMLPbL32rtHJ1R9KdC48PdHAPtzXG9OU 30 | cVv+pYYWJoIBItMKbvyYtdLiueUHaXeWAjBFe2+Cpn22YsMxhdW1NV1PTISIrBoA 31 | PQyEQNywp8ocEycVHjf5RsOu2f35uSOLfyo= 32 | -----END CERTIFICATE----- 33 | -------------------------------------------------------------------------------- /tests/regression/fu-berlin.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFjzCCBHegAwIBAgIHF5BgzPm5bjANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQG 3 | EwJERTETMBEGA1UEChMKREZOLVZlcmVpbjEQMA4GA1UECxMHREZOLVBLSTEkMCIG 4 | A1UEAxMbREZOLVZlcmVpbiBQQ0EgR2xvYmFsIC0gRzAxMB4XDTE0MDUxMjE1MDUz 5 | MloXDTE5MDcwOTIzNTkwMFowgbUxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs 6 | aW4xDzANBgNVBAcTBkJlcmxpbjEiMCAGA1UEChMZRnJlaWUgVW5pdmVyc2l0YWV0 7 | IEJlcmxpbjEOMAwGA1UECxMFWkVEQVQxMDAuBgNVBAMTJ0ZyZWllIFVuaXZlcnNp 8 | dGFldCBCZXJsaW4gLSBGVS1DQSAtIEcwMTEeMBwGCSqGSIb3DQEJARYPY2FARlUt 9 | QmVybGluLkRFMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjYUI0048 10 | zDNevkmXipCDjSpIr+sEbhiXPzWnZnCnkmLOrEMFaNDWDX6kcVQ1VP71opEfGuR5 11 | LtW0P6N+JM8E8y5HXdap62bD4Yfg0KQEmlh9vpMQ75BckReW7wRKH/Ntcrg8gwn9 12 | 7d17Hs8hgRGk8cpBRAs5v5hcqRZcjR63mKCismsjld6MVdWSNYhZJhpcnb0dVzMa 13 | 3A7Rf1OsXHwDXrhusCNph1+Pazuw2XbIKWSCsFS4qlhHOj5QA375qk5IjjsUnw2F 14 | qljLiziu9xB4/jhSx1fz6+5RVnTe5Tb9GMbk5RVR+dvPTnzF96T/yW5DqsFIL+xB 15 | YQ8juFoBQog3MwIDAQABo4IB/DCCAfgwEgYDVR0TAQH/BAgwBgEB/wIBATAOBgNV 16 | HQ8BAf8EBAMCAQYwEQYDVR0gBAowCDAGBgRVHSAAMB0GA1UdDgQWBBQG4T30b/Qw 17 | t3o7V7AxBYl7DVhabDAfBgNVHSMEGDAWgBRJt8bP6D0ff+pEexMp9/EKcD7eZDAa 18 | BgNVHREEEzARgQ9jYUBGVS1CZXJsaW4uREUwgYgGA1UdHwSBgDB+MD2gO6A5hjdo 19 | dHRwOi8vY2RwMS5wY2EuZGZuLmRlL2dsb2JhbC1yb290LWNhL3B1Yi9jcmwvY2Fj 20 | cmwuY3JsMD2gO6A5hjdodHRwOi8vY2RwMi5wY2EuZGZuLmRlL2dsb2JhbC1yb290 21 | LWNhL3B1Yi9jcmwvY2FjcmwuY3JsMIHXBggrBgEFBQcBAQSByjCBxzAzBggrBgEF 22 | BQcwAYYnaHR0cDovL29jc3AucGNhLmRmbi5kZS9PQ1NQLVNlcnZlci9PQ1NQMEcG 23 | CCsGAQUFBzAChjtodHRwOi8vY2RwMS5wY2EuZGZuLmRlL2dsb2JhbC1yb290LWNh 24 | L3B1Yi9jYWNlcnQvY2FjZXJ0LmNydDBHBggrBgEFBQcwAoY7aHR0cDovL2NkcDIu 25 | cGNhLmRmbi5kZS9nbG9iYWwtcm9vdC1jYS9wdWIvY2FjZXJ0L2NhY2VydC5jcnQw 26 | DQYJKoZIhvcNAQELBQADggEBADRy38buZjrfDN8mZiukEjlsx+6s/DKj5YYWaAvU 27 | B5kqhL2TM58bPyq4sYAVCDWALifAk11Gx4/Rp1PLNFd4tnoRcQsfgN8ywECpWBbg 28 | ESOC73tfa6ZSPEY8uZ4yUk0o2nwxkgU0V3/b7/51XLp5TA5gBeL3aYcjYQ17QN14 29 | Mh12MiXFp5VbPBDTHkinUXt316A8Qj09wJnHMOjt5M+ZDn82YYC7vFDzjNkNmw46 30 | PRL3hZOfZb1IS+fhVlR4eW0FBLqmGg+4Y7Y4KKrwBcBK3OzME5jN71LkdNu1lkB4 31 | 3OfT+YOMT+pqZp1l0U6DGZa3SZy5xfWY3EL5BYVM8xAfoZg= 32 | -----END CERTIFICATE----- 33 | 34 | -------------------------------------------------------------------------------- /tests/regression/jabber.ccc.de.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFmTCCA4GgAwIBAgIDDfTyMA0GCSqGSIb3DQEBBQUAMHkxEDAOBgNVBAoTB1Jv 3 | b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ 4 | Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y 5 | dEBjYWNlcnQub3JnMB4XDTEzMTAxNzIwNTAxOVoXDTE1MTAxNzIwNTAxOVowbDEL 6 | MAkGA1UEBhMCREUxEDAOBgNVBAgTB0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcx 7 | ITAfBgNVBAoTGENoYW9zIENvbXB1dGVyIENsdWIgZS5WLjEWMBQGA1UEAxMNamFi 8 | YmVyLmNjYy5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMixz4WE 9 | HJn+wfBI6m1d/lITevEBgLXvPS5KdEzuWd/GvPswvXeBVroa1E8f5CjIq9xMS1c5 10 | EvIQ9nPSynzys9YfLgIodWP2SdoaWDXTqj7IYxRgFsbHGhTptG9CMtsIuDxskNxO 11 | QCfqT0Ioab/1Q35ZWmFK+7fRH+4Y1wAEjmGlp2ScZgSX5T5lq+M2SP02o+hqoBGd 12 | 2BaPz4rUz/3rEEFE8iXz4XwJ8X5NJ6aftqvfjXVQDfSCJmVKqfU6vkhk8AuM77qF 13 | Ti6f6IsSQKYJz3wqnWIz61m6gc96+w43KKVFLivCi6ZA3fqqZOOmuahVk43aW8Dx 14 | YkbZF6/6T8P5aWkCAwEAAaOCATUwggExMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/ 15 | BAQDAgOoMDQGA1UdJQQtMCsGCCsGAQUFBwMCBggrBgEFBQcDAQYJYIZIAYb4QgQB 16 | BgorBgEEAYI3CgMDMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDov 17 | L29jc3AuY2FjZXJ0Lm9yZy8wMQYDVR0fBCowKDAmoCSgIoYgaHR0cDovL2NybC5j 18 | YWNlcnQub3JnL3Jldm9rZS5jcmwwcwYDVR0RBGwwaoINamFiYmVyLmNjYy5kZYIY 19 | Y29uZmVyZW5jZS5qYWJiZXIuY2NjLmRlghVqYWJiZXJkLmphYmJlci5jY2MuZGWC 20 | FHB1YnN1Yi5qYWJiZXIuY2NjLmRlghJ2anVkLmphYmJlci5jY2MuZGUwDQYJKoZI 21 | hvcNAQEFBQADggIBAD94CY3aF3oUqB++4fZrweiT0T2wN4cwK7xrEWBEct7Nc3E7 22 | hOYtec5qbOZ2hQ7l7RcCkwg3TXN1vm8+MJD4hCmFEJYjX/ZQ1K5MhUh9rBx80Xuj 23 | zAGiuIa+wGeiohq2lDqRTenPYN1Plq+YV9zPoGNVNZiXzZVzEwKVcacjpMmAX2i0 24 | kfEr0g4AzjnXwjRmzCajRjwuXMsaxzcs+7BNlLCNYyUPVSIXVhSlflVmZ2YweUcW 25 | xEjwT/1y8cfADtPJuaLqZyFjilsWrUpzA8Q3IMFrozhHTor9M6GiMCsbCpDrqvFn 26 | aW+wPARL2mQGqCpj4QztlcNMFvrTAvuShkJJpNTcJuo6BKvfP5DSvA56LUqWLaM4 27 | cUcXQQ9sKL52rM/6cW1fK2zmwdJ5YPcp43WJYRIbVEYKBjjf81HuS+W5AptuWmhB 28 | Z12zaUegpifupWyMMgNgSD5J90JUdPsvsy+8YW2zhYWmllGbd7WSLn0zW/HyWlAt 29 | 0O/JJ6FIkRP2uDwQyzxxhMcRu1dIga5XDcVmRH42KRGSQGfw7cbjXV4qB6ijaTF3 30 | wEUhdUe4/8pDfA9llJ+rc9xzQ2ltBhUDBIpUHye0VPAVlgb4+tJsUhDXdlsExRMz 31 | 5j8efW3YT5V/vmlYp7kTjRkK+0XYjctcXnWITsexrOruGVFkUnlu1hj8DceV 32 | -----END CERTIFICATE----- 33 | 34 | -------------------------------------------------------------------------------- /tests/pkcs12.ml: -------------------------------------------------------------------------------- 1 | open X509 2 | 3 | let mmap file = 4 | let ic = open_in file in 5 | let ln = in_channel_length ic in 6 | let rs = Bytes.create ln in 7 | really_input ic rs 0 ln; 8 | close_in ic; 9 | Bytes.unsafe_to_string rs 10 | 11 | let data file = mmap ("./pkcs12/" ^ file) 12 | 13 | let cert = match Certificate.decode_pem (data "certificate.pem") with 14 | | Ok c -> c 15 | | Error _ -> assert false 16 | 17 | let key = match Private_key.decode_pem (data "key.pem") with 18 | | Ok k -> k 19 | | Error _ -> assert false 20 | 21 | let pass = "1234" 22 | 23 | let cert_and_key xs = 24 | match xs with 25 | | [ `Certificate c ; `Decrypted_private_key k ] -> 26 | Alcotest.(check bool __LOC__ true (c = cert && k = key)) 27 | | _ -> Alcotest.fail "expected certificate and key" 28 | 29 | let openssl1 () = 30 | match PKCS12.decode_der (data "ossl.p12") with 31 | | Error `Msg m -> Alcotest.fail ("failed to decode ossl.p12: " ^ m) 32 | | Ok data -> 33 | match PKCS12.verify pass data with 34 | | Ok xs -> cert_and_key xs 35 | | Error `Msg m -> Alcotest.fail ("failed to verify ossl.p12: " ^ m) 36 | 37 | let openssl2 () = 38 | match PKCS12.decode_der (data "ossl_aes.p12") with 39 | | Error _ -> Alcotest.fail "failed to decode ossl_aes.p12" 40 | | Ok data -> 41 | match PKCS12.verify pass data with 42 | | Ok xs -> cert_and_key xs 43 | | Error _ -> Alcotest.fail "failed to verify ossl_aes.p12" 44 | 45 | let ours () = 46 | match PKCS12.decode_der (data "ours.p12") with 47 | | Error _ -> Alcotest.fail "failed to decode ours.p12" 48 | | Ok data -> 49 | match PKCS12.verify pass data with 50 | | Ok xs -> cert_and_key xs 51 | | Error _ -> Alcotest.fail "failed to verify ours.p12" 52 | 53 | let roundtrip () = 54 | let p12 = PKCS12.create pass [ cert ] key in 55 | match PKCS12.verify pass p12 with 56 | | Ok xs -> cert_and_key xs 57 | | Error _ -> Alcotest.fail "failed roundtrip" 58 | 59 | let tests = [ 60 | "OpenSSL basic", `Quick, openssl1 ; 61 | "OpenSSL AES 256", `Quick, openssl2 ; 62 | "OCaml-X509 AES 256", `Quick, ours ; 63 | "OCaml-X509 create and verify", `Quick, roundtrip ; 64 | ] 65 | -------------------------------------------------------------------------------- /tests/crltests.ml: -------------------------------------------------------------------------------- 1 | open X509 2 | 3 | let of_ic ic = 4 | let ln = in_channel_length ic in 5 | let rs = Bytes.create ln in 6 | really_input ic rs 0 ln; 7 | Bytes.unsafe_to_string rs 8 | 9 | let with_loaded_files file ~f = 10 | let pre = "./crl/" in 11 | let fullpath1 = pre ^ file ^ ".pem" 12 | and fullpath2 = pre ^ file ^ ".crl" 13 | in 14 | let fd1 = open_in fullpath1 15 | and fd2 = open_in fullpath2 16 | in 17 | let buf1 = of_ic fd1 18 | and buf2 = of_ic fd2 19 | in 20 | try let r = f buf1 buf2 in close_in fd1 ; close_in fd2 ; 21 | match r with 22 | | Ok x -> x 23 | | Error (`Msg e) -> Alcotest.failf "decoding error %s" e 24 | with e -> close_in fd1 ; close_in fd2 ; 25 | Alcotest.failf "exception %s" (Printexc.to_string e) 26 | 27 | let allowed_hashes = [ `SHA1 ; `SHA256 ; `SHA384 ; `SHA512 ] 28 | 29 | let one f () = 30 | with_loaded_files f ~f:(fun cert crl -> 31 | let ( let* ) = Result.bind in 32 | let* cert = Certificate.decode_pem cert in 33 | let pubkey = Certificate.public_key cert in 34 | let* crl = CRL.decode_der crl in 35 | Result.map_error 36 | (fun e -> `Msg (Fmt.to_to_string Validation.pp_signature_error e)) 37 | (CRL.validate crl ~allowed_hashes pubkey)) 38 | 39 | let crl_tests = [ 40 | "CRL 1 is good", `Quick, one "1" ; 41 | "CRL 2 is good", `Quick, one "2" ; 42 | "CRL 3 is good", `Quick, one "3" ; 43 | "CRL 4 is good", `Quick, one "4" ; 44 | "CRL 5 is good", `Quick, one "5" ; 45 | "CRL 6 is good", `Quick, one "6" ; 46 | "CRL 7 is good", `Quick, one "7" ; 47 | "CRL 8 is good", `Quick, one "8" ; 48 | "CRL 9 is good", `Quick, one "9" ; 49 | "CRL 10 is good", `Quick, one "10" ; 50 | "CRL 11 is good", `Quick, one "11" ; 51 | "CRL 12 is good", `Quick, one "12" ; 52 | "CRL 13 is good", `Quick, one "13" ; 53 | "CRL 14 is good", `Quick, one "14" ; 54 | "CRL 15 is good", `Quick, one "15" ; 55 | "CRL 16 is good", `Quick, one "16" ; 56 | "CRL 17 is good", `Quick, one "17" ; 57 | "CRL 18 is good", `Quick, one "18" ; 58 | "CRL 19 is good", `Quick, one "19" ; 59 | "CRL 20 is good", `Quick, one "20" ; 60 | "CRL 21 is good", `Quick, one "21" ; 61 | ] 62 | -------------------------------------------------------------------------------- /tests/regression/izenpe.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIF8TCCA9mgAwIBAgIQALC3WhZIX7/hy/WL1xnmfTANBgkqhkiG9w0BAQsFADA4 3 | MQswCQYDVQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6 4 | ZW5wZS5jb20wHhcNMDcxMjEzMTMwODI4WhcNMzcxMjEzMDgyNzI1WjA4MQswCQYD 5 | VQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6ZW5wZS5j 6 | b20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDJ03rKDx6sp4boFmVq 7 | scIbRTJxldn+EFvMr+eleQGPicPK8lVx93e+d5TzcqQsRNiekpsUOqHnJJAKClaO 8 | xdgmlOHZSOEtPtoKct2jmRXagaKH9HtuJneJWK3W6wyyQXpzbm3benhB6QiIEn6H 9 | LmYRY2xU+zydcsC8Lv/Ct90NduM61/e0aL6i9eOBbsFGb12N4E3GVFWJGjMxCrFX 10 | uaOKmMPsOzTFlUFpfnXCPCDFYbpRR6AgkJOhkEvzTnyFRVSa0QUmQbC1TR0zvsQD 11 | yCV8wXDbO/QJLVQnSKwv4cSsPsjLkkxTOTcj7NMB+eAJRE1NZMDhDVqHIrytG6P+ 12 | JrUV86f8hBnp7KGItERphIPzidF0BqnMC9bC3ieFUCbKF7jJeodWLBoBHmy+E60Q 13 | rLUk9TiRodZL2vG70t5HtfG8gfZZa88ZU+mNFctKy6lvROUbQc/hhqfK0GqfvEyN 14 | BjNaooXlkDWgYlwWTvDjovoDGrQscbNYLN57C9saD+veIR8GdwYDsMnvmfzAuU8L 15 | hij+0rnq49qlw0dpEuDb8PYZi+17cNcC1u2HGCgsBCRMd+RIihrGO5rUD8r6ddIB 16 | QFqNeb+Lz0vPqhbBleStTIo+F5HUsWLlguWABKQDfo2/2n+iD5dPDNMN+9fR5XJ+ 17 | HMh3/1uaD7euBUbl8agW7EekFwIDAQABo4H2MIHzMIGwBgNVHREEgagwgaWBD2lu 18 | Zm9AaXplbnBlLmNvbaSBkTCBjjFHMEUGA1UECgw+SVpFTlBFIFMuQS4gLSBDSUYg 19 | QTAxMzM3MjYwLVJNZXJjLlZpdG9yaWEtR2FzdGVpeiBUMTA1NSBGNjIgUzgxQzBB 20 | BgNVBAkMOkF2ZGEgZGVsIE1lZGl0ZXJyYW5lbyBFdG9yYmlkZWEgMTQgLSAwMTAx 21 | MCBWaXRvcmlhLUdhc3RlaXowDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC 22 | AQYwHQYDVR0OBBYEFB0cZQ6o8iV7tJHP5LGx5r1VdGwFMA0GCSqGSIb3DQEBCwUA 23 | A4ICAQB4pgwWSp9MiDrAyw6lFn2fuUhfGI8NYjb2zRlrrKvV9pF9rnHzP7MOeIWb 24 | laQnIUdCSnxIOvVFfLMMjlF4rJUT3sb9fbgakEyrkgPH7UIBzg/YsfqikuFgba56 25 | awmqxinuaElnMIAkejEWOVt+8Rwu3WwJrfIxwYJOubv5vr8qhT/AQKM6WfxZSzwo 26 | JNu0FXWuDYi6LnPAvViH5ULy617uHjAimcs30cQhbIHsvm0m5hzkQiCeR7Csg1lw 27 | LDXWrzY0tM07+DKo7+N4ifuNRSzanLh+QBxh5z6ikixL8s36mLYp//Pye6kfLqCT 28 | VyvehQP5aTfLnnhqBbTFMXiJ7HqnheG5ezzevh55hM6fcA5ZwjUukCox2eRFekGk 29 | LhObNA5me0mrZJfQRsN5nXJQY6aYWwa9SG3YOYNw6DXwBdGqvOPbyALqfP2C2sJb 30 | UjWumDqtujWTI6cfSN01RpiyEGjkpTHCClguGYEQyVB1/OpaFs4R1+7vUIgtYf8/ 31 | QnMFlEPVjjxOAToZpR9GTnfQXeWBIiGH/pR9hNiTrdZoQ0iy2+tzJOeRf1SktoA+ 32 | naM8THLCV8Sg1Mw4J87VBp6iSNnpn86CcDaTmjvfliHjWbcM2pE38P1ZWrOZyGls 33 | QyYBNWNgVYkDOnXYukrZVP/u3oDYLdE41V4tC5h9Pmzb/CaIxw== 34 | -----END CERTIFICATE----- 35 | -------------------------------------------------------------------------------- /tests/regression/pads.ccc.de.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIGXTCCBUWgAwIBAgISBDkcRJF02Qx8APXR8rCrg/9eMA0GCSqGSIb3DQEBCwUA 3 | MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD 4 | ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTExMDExNjA3NTVaFw0y 5 | MDAxMzAxNjA3NTVaMBYxFDASBgNVBAMTC3BhZHMuY2NjLmRlMIICIjANBgkqhkiG 6 | 9w0BAQEFAAOCAg8AMIICCgKCAgEA09UMHZpbLq3EhSaXzjxjLcPpS5B2l6E/rDkd 7 | lQGy6Dc2JnvxJKengEvESDuU5ry61bdDNg8RAYKQwGpNeKsca+86rE9lgCWmbIfQ 8 | 6+Af9B2EE93hEL2N+EMew6ZbO+PqPdvtRupfiNEWdt4M5OPpM2qAwJVxkdyOxk3c 9 | v0JqZ0nKSzIu2pfQ5IEiRtcjEQEJ6BEILY5H1IeiX0y8QDiGjPrqdqQShUd4o0r0 10 | o1Iet1EEVyDZSm6LWvdPQmL+n7GVrKuo40zFh9CqVJo3lZuNgQmzNWefPqUbFq9t 11 | WPbWJQOAbrg1w1H9OWl9cs+f0zEUzLCb7ofMx5bxq7wxYw3t2BE1CwndQqBGA0n4 12 | NduZLu9c9tQGkWcfo9S0OkjcoXip9eoT3UM2r5Cb9FgmjXCbRBpKGQj5pZcrYZt6 13 | yp503fiffiDJYC5x8Cx0Kjanrafbwvi1ZozguDC467OYsj9sPqyPtGDdmfx1LdgF 14 | JVGyH6VBzLCudCjvAtU/ByHFECmCi+c/bvf0fV1hLnZ+rh5rJRsjPjvaUVdiFTGT 15 | /qDVAsvriZdY06ErrbxVIFVF3Z1XzTLCTVH9f0e/4LFS4/xVHAiHsnWyBmEBCBcF 16 | iHeuJZB8oli5SgCLPqhRVAopQNFc7J4vcFBgH60NU+L7+29MxuKmGwDo6CsPjwU3 17 | bwh80ucCAwEAAaOCAm8wggJrMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr 18 | BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU5oDnFCqI 19 | 6EDcML4z3CiQR4TmkTcwHwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEw 20 | bwYIKwYBBQUHAQEEYzBhMC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcC5pbnQteDMu 21 | bGV0c2VuY3J5cHQub3JnMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDMu 22 | bGV0c2VuY3J5cHQub3JnLzAlBgNVHREEHjAcgg0qLnBhZHMuY2NjLmRlggtwYWRz 23 | LmNjYy5kZTBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYG 24 | CCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQQGCisGAQQB 25 | 1nkCBAIEgfUEgfIA8AB2AF6nc/nfVsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVY 26 | AAABbifwEksAAAQDAEcwRQIhALwTIEEy2IFSWsox04rolhV2u7ZhUu+uhZ8GfqXA 27 | /kXiAiBqpoRu5eAGtp/OIGIE5lIxrFvGXulL6qXuA4KgozympQB2AAe3XBvlfWj/ 28 | 8bDGHSMVx7rmV3xXlLdq7rxhOhpp06IcAAABbifwEnMAAAQDAEcwRQIgU8vJo3ZO 29 | U4LEFh588taYBRL4kyYbgs72ptlP3ZNaDrQCIQCqLVvbuAn0YT4t1BJLHpQjITfX 30 | aUlnbi/c0unrKPIm4jANBgkqhkiG9w0BAQsFAAOCAQEABau9X2OKT3SRDwd9/gLt 31 | QXHCWirT+OH1K+1A0TPUb2PL0hRvET1Ens8Lf2uN/cbJTjB1M75IXH0wHb+IHRsG 32 | Fe9H6qplpEuNxKCn8e/WKm4OpJlVKw+ZmiM/o5oIFCpjMxiFljTpa626CikZZUil 33 | wUQ/Upd1O0qWdFR0BPI8xjRU8v0Ck9zNJUgZgyvOOQPIFHqhp4w+tP5DjGsgUJUG 34 | qg3mqxDbyPKe+qhuYqKC8T+FhZlsa0860T9n9tjcSwupemNUNAPRM+sFV6bZzWhb 35 | GcmpYpdj3v1IxCV2yTx+Lmw2VgSnL0pzFFriu118HGtOs/7D7YNMrf4EnsecBV+L 36 | oQ== 37 | -----END CERTIFICATE----- 38 | -------------------------------------------------------------------------------- /tests/regression/jabber.fu-berlin.de.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIGxDCCBaygAwIBAgIHGu0AwHrK3zANBgkqhkiG9w0BAQsFADCBtTELMAkGA1UE 3 | BhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMSIwIAYDVQQK 4 | ExlGcmVpZSBVbml2ZXJzaXRhZXQgQmVybGluMQ4wDAYDVQQLEwVaRURBVDEwMC4G 5 | A1UEAxMnRnJlaWUgVW5pdmVyc2l0YWV0IEJlcmxpbiAtIEZVLUNBIC0gRzAxMR4w 6 | HAYJKoZIhvcNAQkBFg9jYUBGVS1CZXJsaW4uREUwHhcNMTYwMjI0MTAxNzIxWhcN 7 | MTkwNTIzMTAxNzIxWjCBgTELMAkGA1UEBhMCREUxDzANBgNVBAgMBkJlcmxpbjEP 8 | MA0GA1UEBwwGQmVybGluMSIwIAYDVQQKDBlGcmVpZSBVbml2ZXJzaXRhZXQgQmVy 9 | bGluMQ4wDAYDVQQLDAVaRURBVDEcMBoGA1UEAwwTamFiYmVyLmZ1LWJlcmxpbi5k 10 | ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALt8ASnemyham6bEfR5A 11 | Njc/pYErDscO0X+io3duNOxbHqwM8qqEYI8UEnMtafqSEkbdiwPG3vn4GxOLZi+l 12 | MJNsAhFizbHVY//doplFSVMULXq9MReSSv4OQQSSeCUqt1dl7SONBYuXdnMxmlgz 13 | 3+R/KbaJYNN20X6d51OVxBxD0QZQXQLOFn6q6eNmBnhQHaxvrFwjgUB0brj6iquB 14 | G6kJV908Db6abkY+qsWIE3dx4yt5l0fgWZyDao9GQljKeXBfaExmS/mYATJin8gp 15 | xFUyPHNRo3TUnYc9n7L+Mt65Apxn6FBoHF11v0Q9pXxC0FSxj9Wylt9vFJuuGNMk 16 | OFECAwEAAaOCAwkwggMFMFkGA1UdIARSMFAwEQYPKwYBBAGBrSGCLAEBBAMEMBEG 17 | DysGAQQBga0hgiwCAQQDATAPBg0rBgEEAYGtIYIsAQEEMA0GCysGAQQBga0hgiwe 18 | MAgGBmeBDAECAjAJBgNVHRMEAjAAMAsGA1UdDwQEAwIE8DAdBgNVHSUEFjAUBggr 19 | BgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFMtj5x3aWWTi8IM2pfxzfoSym8Or 20 | MB8GA1UdIwQYMBaAFAbhPfRv9DC3ejtXsDEFiXsNWFpsMIHxBgNVHREEgekwgeaC 21 | E2phYmJlci5mdS1iZXJsaW4uZGWCHmNvbmZlcmVuY2UuamFiYmVyLmZ1LWJlcmxp 22 | bi5kZYIZcHJveHkuamFiYmVyLmZ1LWJlcmxpbi5kZYIYZWNoby5qYWJiZXIuZnUt 23 | YmVybGluLmRlghhmaWxlLmphYmJlci5mdS1iZXJsaW4uZGWCJWppdHNpLXZpZGVv 24 | YnJpZGdlLmphYmJlci5mdS1iZXJsaW4uZGWCHW11bHRpY2FzdC5qYWJiZXIuZnUt 25 | YmVybGluLmRlghpwdWJzdWIuamFiYmVyLmZ1LWJlcmxpbi5kZTB1BgNVHR8EbjBs 26 | MDSgMqAwhi5odHRwOi8vY2RwMS5wY2EuZGZuLmRlL2Z1LWNhL3B1Yi9jcmwvY2Fj 27 | cmwuY3JsMDSgMqAwhi5odHRwOi8vY2RwMi5wY2EuZGZuLmRlL2Z1LWNhL3B1Yi9j 28 | cmwvY2FjcmwuY3JsMIHFBggrBgEFBQcBAQSBuDCBtTAzBggrBgEFBQcwAYYnaHR0 29 | cDovL29jc3AucGNhLmRmbi5kZS9PQ1NQLVNlcnZlci9PQ1NQMD4GCCsGAQUFBzAC 30 | hjJodHRwOi8vY2RwMS5wY2EuZGZuLmRlL2Z1LWNhL3B1Yi9jYWNlcnQvY2FjZXJ0 31 | LmNydDA+BggrBgEFBQcwAoYyaHR0cDovL2NkcDIucGNhLmRmbi5kZS9mdS1jYS9w 32 | dWIvY2FjZXJ0L2NhY2VydC5jcnQwDQYJKoZIhvcNAQELBQADggEBAHkluh+KgJJO 33 | dn+AlTGtM6ArYQCJFky1jN0wZFtgiPKYBZFMMoTzAoxGkOHXukWYaL2EcDPka4dp 34 | nfQ5zHZtOi4StpcuipAMcD/wc5GBXLQoKk7Et1g683FzjHotHnpWF+dQEJAIRo+H 35 | Z5VUoGz24crKe64EaSZr4m41Kkdmr4EbTEX4jfapbVN3WRkym6GsNDMr3x3zSp+Q 36 | Cx4J8Da3yf7hnBuO1/zR0STtvRnfNTaIHhPUuPKLSfmhYY6FPG7HYQHrbT7vUGtS 37 | 4AKOsmcPXmlb568ef08c7UNLOYyLKUlX7I42H2s5jdccVu/8dK+9QUKPN935ZxQ/ 38 | 2okVaf5AZuI= 39 | -----END CERTIFICATE----- 40 | -------------------------------------------------------------------------------- /tests/testcertificates/intermediate/cacert-v1.pem: -------------------------------------------------------------------------------- 1 | Certificate: 2 | Data: 3 | Version: 3 (0x2) 4 | Serial Number: 23 (0x17) 5 | Signature Algorithm: sha1WithRSAEncryption 6 | Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd 7 | Validity 8 | Not Before: Jun 8 07:10:36 2014 GMT 9 | Not After : Jun 5 07:10:36 2024 GMT 10 | Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=signing CA 11 | Subject Public Key Info: 12 | Public Key Algorithm: rsaEncryption 13 | Public-Key: (1024 bit) 14 | Modulus: 15 | 00:ca:53:26:f9:ea:f4:1b:8a:70:c0:8c:17:17:c4: 16 | af:69:61:7a:62:8f:79:81:9e:16:9c:22:5c:64:25: 17 | fa:b3:be:bd:d1:84:98:7b:06:18:35:92:3a:c6:4b: 18 | 77:b4:90:61:6d:e1:6e:e9:bd:0a:72:a7:fb:27:51: 19 | ac:c6:43:5f:b9:60:41:a7:af:28:ff:6b:62:6a:ff: 20 | 54:16:06:84:48:94:4e:26:fe:bb:2b:f3:b2:8a:be: 21 | a2:a1:88:d1:4c:89:8e:29:60:41:9f:16:55:31:55: 22 | 86:c0:90:f4:b0:5e:63:7d:18:d8:d9:fb:0a:f3:df: 23 | 92:90:b1:78:e6:2e:c8:09:15 24 | Exponent: 65537 (0x10001) 25 | Signature Algorithm: sha1WithRSAEncryption 26 | ae:5a:77:70:95:f8:37:1e:38:90:3d:ad:ed:23:d9:27:0f:f6: 27 | 22:0d:7f:77:59:2d:62:84:97:12:88:10:48:2d:3e:35:1a:00: 28 | 65:32:1d:b6:fb:90:3b:f8:01:88:8b:d1:8c:1b:da:d8:19:7a: 29 | a3:f2:29:28:c1:a2:f2:2b:a8:42:75:58:d5:4a:69:f0:3f:d4: 30 | 70:49:73:6e:3f:6d:3f:ff:c1:dc:0c:90:1c:c4:08:f0:88:4b: 31 | 6d:25:ab:db:b8:d4:6b:55:cf:23:28:79:11:c0:31:c9:a6:e9: 32 | 85:61:5d:b5:cb:e2:fc:3c:aa:d5:6f:b1:bc:b4:17:7b:89:3f: 33 | 9b:48 34 | -----BEGIN CERTIFICATE----- 35 | MIICEzCCAXygAwIBAgIBFzANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJBVTET 36 | MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ 37 | dHkgTHRkMB4XDTE0MDYwODA3MTAzNloXDTI0MDYwNTA3MTAzNlowWjELMAkGA1UE 38 | BhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdp 39 | ZGdpdHMgUHR5IEx0ZDETMBEGA1UEAwwKc2lnbmluZyBDQTCBnzANBgkqhkiG9w0B 40 | AQEFAAOBjQAwgYkCgYEAylMm+er0G4pwwIwXF8SvaWF6Yo95gZ4WnCJcZCX6s769 41 | 0YSYewYYNZI6xkt3tJBhbeFu6b0Kcqf7J1GsxkNfuWBBp68o/2tiav9UFgaESJRO 42 | Jv67K/Oyir6ioYjRTImOKWBBnxZVMVWGwJD0sF5jfRjY2fsK89+SkLF45i7ICRUC 43 | AwEAATANBgkqhkiG9w0BAQUFAAOBgQCuWndwlfg3HjiQPa3tI9knD/YiDX93WS1i 44 | hJcSiBBILT41GgBlMh22+5A7+AGIi9GMG9rYGXqj8ikowaLyK6hCdVjVSmnwP9Rw 45 | SXNuP20//8HcDJAcxAjwiEttJavbuNRrVc8jKHkRwDHJpumFYV21y+L8PKrVb7G8 46 | tBd7iT+bSA== 47 | -----END CERTIFICATE----- 48 | -------------------------------------------------------------------------------- /tests/regression/PostaCARoot.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIHHzCCBgegAwIBAgIESPx+9TANBgkqhkiG9w0BAQUFADCBrjESMBAGCgmSJomT 3 | 8ixkARkWAnJzMRUwEwYKCZImiZPyLGQBGRYFcG9zdGExEjAQBgoJkiaJk/IsZAEZ 4 | FgJjYTEWMBQGA1UEAxMNQ29uZmlndXJhdGlvbjERMA8GA1UEAxMIU2VydmljZXMx 5 | HDAaBgNVBAMTE1B1YmxpYyBLZXkgU2VydmljZXMxDDAKBgNVBAMTA0FJQTEWMBQG 6 | A1UEAxMNUG9zdGEgQ0EgUm9vdDAeFw0wODEwMjAxMjIyMDhaFw0yODEwMjAxMjUy 7 | MDhaMIGuMRIwEAYKCZImiZPyLGQBGRYCcnMxFTATBgoJkiaJk/IsZAEZFgVwb3N0 8 | YTESMBAGCgmSJomT8ixkARkWAmNhMRYwFAYDVQQDEw1Db25maWd1cmF0aW9uMREw 9 | DwYDVQQDEwhTZXJ2aWNlczEcMBoGA1UEAxMTUHVibGljIEtleSBTZXJ2aWNlczEM 10 | MAoGA1UEAxMDQUlBMRYwFAYDVQQDEw1Qb3N0YSBDQSBSb290MIIBIjANBgkqhkiG 11 | 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqPK9iL7Ar0S+m0qiYxzWVqsdKbIcqhUeRdGs 12 | naBh1TX55FqDNmND3jhXFfzwlGL0B4BXg1eosxW8+00jeF/a9seBFr6r3+fcg1Nz 13 | K7bdY4iNRfMN3X2/6IiwZsFDXTfSbaGcmkbDsz/QwqCKlC6DpjzDYL0szB6LY4J2 14 | QSjkFWtcDGE5VThByshm6Me4l1IQJnC3B7cJHqYTXq6ZWiZvZD3sxNOluVx2ZK1j 15 | fYiD4kvMDd7UxtMIQvVbF/Vx4ZEtA5+eHNyLcqToR2QQh2Qwc9jytPFXJpNXy7bH 16 | DYiLHc8FMF0E1nY36CAyV78PnDPGCIz2tMKpBrBbMKEeLRK6PwIDAQABo4IDQTCC 17 | Az0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwgboGA1UdIASBsjCB 18 | rzCBrAYLKwYBBAH6OAoKAQEwgZwwMAYIKwYBBQUHAgEWJGh0dHA6Ly93d3cuY2Eu 19 | cG9zdGEucnMvZG9rdW1lbnRhY2lqYTBoBggrBgEFBQcCAjBcGlpPdm8gamUgZWxl 20 | a3Ryb25za2kgc2VydGlmaWthdCBST09UIENBIHNlcnZlcmEgU2VydGlmaWthY2lv 21 | bm9nIHRlbGEgUG9zdGU6ICJQb3N0YSBDQSBSb290Ii4wEQYJYIZIAYb4QgEBBAQD 22 | AgAHMIIBvAYDVR0fBIIBszCCAa8wgcmggcaggcOkgcAwgb0xEjAQBgoJkiaJk/Is 23 | ZAEZFgJyczEVMBMGCgmSJomT8ixkARkWBXBvc3RhMRIwEAYKCZImiZPyLGQBGRYC 24 | Y2ExFjAUBgNVBAMTDUNvbmZpZ3VyYXRpb24xETAPBgNVBAMTCFNlcnZpY2VzMRww 25 | GgYDVQQDExNQdWJsaWMgS2V5IFNlcnZpY2VzMQwwCgYDVQQDEwNBSUExFjAUBgNV 26 | BAMTDVBvc3RhIENBIFJvb3QxDTALBgNVBAMTBENSTDEwgeCggd2ggdqGgaNsZGFw 27 | Oi8vbGRhcC5jYS5wb3N0YS5ycy9jbj1Qb3N0YSUyMENBJTIwUm9vdCxjbj1BSUEs 28 | Y249UHVibGljJTIwS2V5JTIwU2VydmljZXMsY249U2VydmljZXMsY249Q29uZmln 29 | dXJhdGlvbixkYz1jYSxkYz1wb3N0YSxkYz1ycz9jZXJ0aWZpY2F0ZVJldm9jYXRp 30 | b25MaXN0JTNCYmluYXJ5hjJodHRwOi8vc2VydGlmaWthdGkuY2EucG9zdGEucnMv 31 | Y3JsL1Bvc3RhQ0FSb290LmNybDArBgNVHRAEJDAigA8yMDA4MTAyMDEyMjIwOFqB 32 | DzIwMjgxMDIwMTI1MjA4WjAfBgNVHSMEGDAWgBTyy43iNe8QQ8Tae8r664kDoSKv 33 | uDAdBgNVHQ4EFgQU8suN4jXvEEPE2nvK+uuJA6Eir7gwHQYJKoZIhvZ9B0EABBAw 34 | DhsIVjcuMTo0LjADAgSQMA0GCSqGSIb3DQEBBQUAA4IBAQBwRqHI5BcFZg+d4kMx 35 | SB2SkBnEhQGFFm74ks57rlIWxJeNCih91cts49XlDjJPyGgtNAg9c6iTQikzRgxE 36 | Z/HQmpxpAeWR8Q3JaTwzS04Zk2MzBSkhodj/PlSrnvahegLX3P+lPlR4+dPByhKV 37 | +YmeFOLyoUSyy+ktdTXMllW7OAuIJtrWrO/TUqILSzpT2ksiU8zKKiSaYqrEMpp+ 38 | 3MzBsmzNj9m0wM/1AsCMK4RbG0C8ENBQ4WHWZlaaBJGl49W9oC4igbHZONrkqIdf 39 | PEYElt7Jmju/rXhsHUlJtGm5cA8Fkla2/a+u+CAtRyPPthzNxJuATvm/McBUvrsx 40 | f/M+ 41 | -----END CERTIFICATE----- 42 | -------------------------------------------------------------------------------- /tests/regression/cacert.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290 3 | IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB 4 | IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA 5 | Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO 6 | BgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEi 7 | MCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJ 8 | ARYSc3VwcG9ydEBjYWNlcnQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC 9 | CgKCAgEAziLA4kZ97DYoB1CW8qAzQIxL8TtmPzHlawI229Z89vGIj053NgVBlfkJ 10 | 8BLPRoZzYLdufujAWGSuzbCtRRcMY/pnCujW0r8+55jE8Ez64AO7NV1sId6eINm6 11 | zWYyN3L69wj1x81YyY7nDl7qPv4coRQKFWyGhFtkZip6qUtTefWIonvuLwphK42y 12 | fk1WpRPs6tqSnqxEQR5YYGUFZvjARL3LlPdCfgv3ZWiYUQXw8wWRBB0bF4LsyFe7 13 | w2t6iPGwcswlWyCR7BYCEo8y6RcYSNDHBS4CMEK4JZwFaz+qOqfrU0j36NK2B5jc 14 | G8Y0f3/JHIJ6BVgrCFvzOKKrF11myZjXnhCLotLddJr3cQxyYN/Nb5gznZY0dj4k 15 | epKwDpUeb+agRThHqtdB7Uq3EvbXG4OKDy7YCbZZ16oE/9KTfWgu3YtLq1i6L43q 16 | laegw1SJpfvbi1EinbLDvhG+LJGGi5Z4rSDTii8aP8bQUWWHIbEZAWV/RRyH9XzQ 17 | QUxPKZgh/TMfdQwEUfoZd9vUFBzugcMd9Zi3aQaRIt0AUMyBMawSB3s42mhb5ivU 18 | fslfrejrckzzAeVLIL+aplfKkQABi6F1ITe1Yw1nPkZPcCBnzsXWWdsC4PDSy826 19 | YreQQejdIOQpvGQpQsgi3Hia/0PsmBsJUUtaWsJx8cTLc6nloQsCAwEAAaOCAc4w 20 | ggHKMB0GA1UdDgQWBBQWtTIb1Mfz4OaO873SsDrusjkY0TCBowYDVR0jBIGbMIGY 21 | gBQWtTIb1Mfz4OaO873SsDrusjkY0aF9pHsweTEQMA4GA1UEChMHUm9vdCBDQTEe 22 | MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0 23 | IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2Vy 24 | dC5vcmeCAQAwDwYDVR0TAQH/BAUwAwEB/zAyBgNVHR8EKzApMCegJaAjhiFodHRw 25 | czovL3d3dy5jYWNlcnQub3JnL3Jldm9rZS5jcmwwMAYJYIZIAYb4QgEEBCMWIWh0 26 | dHBzOi8vd3d3LmNhY2VydC5vcmcvcmV2b2tlLmNybDA0BglghkgBhvhCAQgEJxYl 27 | aHR0cDovL3d3dy5jYWNlcnQub3JnL2luZGV4LnBocD9pZD0xMDBWBglghkgBhvhC 28 | AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQg 29 | b3ZlciB0byBodHRwOi8vd3d3LmNhY2VydC5vcmcwDQYJKoZIhvcNAQEEBQADggIB 30 | ACjH7pyCArpcgBLKNQodgW+JapnM8mgPf6fhjViVPr3yBsOQWqy1YPaZQwGjiHCc 31 | nWKdpIevZ1gNMDY75q1I08t0AoZxPuIrA2jxNGJARjtT6ij0rPtmlVOKTV39O9lg 32 | 18p5aTuxZZKmxoGCXJzN600BiqXfEVWqFcofN8CCmHBh22p8lqOOLlQ+TyGpkO/c 33 | gr/c6EWtTZBzCDyUZbAEmXZ/4rzCahWqlwQ3JNgelE5tDlG+1sSPypZt90Pf6DBl 34 | Jzt7u0NDY8RD97LsaMzhGY4i+5jhe1o+ATc7iwiwovOVThrLm82asduycPAtStvY 35 | sONvRUgzEv/+PDIqVPfE94rwiCPCR/5kenHA0R6mY7AHfqQv0wGP3J8rtsYIqQ+T 36 | SCX8Ev2fQtzzxD72V7DX3WnRBnc0CkvSyqD/HMaMyRa+xMwyN2hzXwj7UfdJUzYF 37 | CpUCTPJ5GhD22Dp1nPMd8aINcGeGG7MW9S/lpOt5hvk9C8JzC6WZrG/8Z7jlLwum 38 | GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk 39 | zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW 40 | omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD 41 | -----END CERTIFICATE----- 42 | -------------------------------------------------------------------------------- /lib/asn_grammars.ml: -------------------------------------------------------------------------------- 1 | let src = Logs.Src.create "x509.decoding" ~doc:"X509 decoding" 2 | module Log = (val Logs.src_log src : Logs.LOG) 3 | 4 | let ( let* ) = Result.bind 5 | 6 | let decode codec cs = 7 | let* a, cs = Asn.decode codec cs in 8 | if String.length cs = 0 then Ok a else Error (`Parse "Leftover") 9 | 10 | let projections_of encoding asn = 11 | let c = Asn.codec encoding asn in (decode c, Asn.encode c) 12 | 13 | module Hashtbl(T : Hashtbl.HashedType) = struct 14 | include Hashtbl.Make (T) 15 | let of_assoc xs = 16 | let ht = create 16 in List.iter (fun (a, b) -> add ht a b) xs; ht 17 | end 18 | 19 | module OID_H = Hashtbl (struct 20 | type t = Asn.oid let (equal, hash) = Asn.OID.(equal, hash) 21 | end) 22 | 23 | let case_of_oid ~default xs = 24 | let ht = OID_H.of_assoc xs in fun a -> 25 | try OID_H.find ht a with Not_found -> default a 26 | 27 | let case_of_oid_f ~default xs = 28 | let ht = OID_H.of_assoc xs in fun (a, b) -> 29 | (try OID_H.find ht a with Not_found -> default a) b 30 | 31 | (* 32 | * A way to parse by propagating (and contributing to) exceptions, so those can 33 | * be handles up in a single place. Meant for parsing embedded structures. 34 | * 35 | * XXX Would be nicer if combinators could handle embedded structures. 36 | *) 37 | let project_exn asn = 38 | let c = Asn.(codec der) asn in 39 | let dec cs = match decode c cs with 40 | | Ok a -> a 41 | | Error err -> Asn.S.error err in 42 | (dec, Asn.encode c) 43 | 44 | let err_to_msg f = Result.map_error (function `Parse msg -> `Msg msg) f 45 | 46 | (* specified in RFC 5280 4.1.2.5.2 - "MUST NOT include fractional seconds" *) 47 | let generalized_time_no_frac_s = 48 | Asn.S.(map 49 | (fun x -> 50 | if Ptime.Span.(equal zero (Ptime.frac_s x)) then 51 | x 52 | else 53 | parse_error "generalized time has fractional seconds") 54 | (fun y -> Ptime.truncate ~frac_s:0 y) 55 | generalized_time) 56 | 57 | (* serial number, as defined in RFC 5280 4.1.2.2: must be > 0 and not be longer 58 | than 20 octets. we accept 0. 59 | we also accept < 0, but when encoding mandate >= 0! 60 | *) 61 | let serial = 62 | Asn.S.(map 63 | (fun x -> 64 | if String.length x > 20 then parse_error "serial exceeds 20 octets"; 65 | if String.length x > 0 && String.get_uint8 x 0 > 0x7F then 66 | Log.warn (fun m -> m "negative serial number %a" Ohex.pp x); 67 | x) 68 | (fun y -> 69 | if String.length y > 20 then failwith "serial exceeds 20 octets"; 70 | if String.length y > 0 && String.get_uint8 y 0 > 0x7F then 71 | "\x00" ^ y 72 | else 73 | y) 74 | integer) 75 | -------------------------------------------------------------------------------- /tests/crl/14.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIHqDCCBpCgAwIBAgIRAMy4579OKRr9otxmpRwsDxEwDQYJKoZIhvcNAQEFBQAw 3 | cjELMAkGA1UEBhMCSFUxETAPBgNVBAcTCEJ1ZGFwZXN0MRYwFAYDVQQKEw1NaWNy 4 | b3NlYyBMdGQuMRQwEgYDVQQLEwtlLVN6aWdubyBDQTEiMCAGA1UEAxMZTWljcm9z 5 | ZWMgZS1Temlnbm8gUm9vdCBDQTAeFw0wNTA0MDYxMjI4NDRaFw0xNzA0MDYxMjI4 6 | NDRaMHIxCzAJBgNVBAYTAkhVMREwDwYDVQQHEwhCdWRhcGVzdDEWMBQGA1UEChMN 7 | TWljcm9zZWMgTHRkLjEUMBIGA1UECxMLZS1Temlnbm8gQ0ExIjAgBgNVBAMTGU1p 8 | Y3Jvc2VjIGUtU3ppZ25vIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw 9 | ggEKAoIBAQDtyADVgXvNOABHzNuEwSFpLHSQDCHZU4ftPkNEU6+r+ICbPHiN1I2u 10 | uO/TEdyB5s87lozWbxXGd36hL+BfkrYn13aaHUM86tnsL+4582pnS4uCzyL4ZVX+ 11 | LMsvfUh6PXX5qqAnu3jCBspRwn5mS6/NoqdNAoI/gqyFxuEPkEeZlApxcpMqyabA 12 | vjxWTHOSJ/FrtfX9/DAFYJLG65Z+AZHCabEeHXtTRbjcQR/Ji3HWVBTji1R4P770 13 | Yjtb9aPs1ZJ04nQw7wHb4dSrmZsqa/i9phyGI0Jf7Enemotb9HI6QMVJPqW+jqpx 14 | 62z69Rrkav17fVVA71hu5tnVvCSrwe+3AgMBAAGjggQ3MIIEMzBnBggrBgEFBQcB 15 | AQRbMFkwKAYIKwYBBQUHMAGGHGh0dHBzOi8vcmNhLmUtc3ppZ25vLmh1L29jc3Aw 16 | LQYIKwYBBQUHMAKGIWh0dHA6Ly93d3cuZS1zemlnbm8uaHUvUm9vdENBLmNydDAP 17 | BgNVHRMBAf8EBTADAQH/MIIBcwYDVR0gBIIBajCCAWYwggFiBgwrBgEEAYGoGAIB 18 | AQEwggFQMCgGCCsGAQUFBwIBFhxodHRwOi8vd3d3LmUtc3ppZ25vLmh1L1NaU1ov 19 | MIIBIgYIKwYBBQUHAgIwggEUHoIBEABBACAAdABhAG4A+gBzAO0AdAB2AOEAbgB5 20 | ACAA6QByAHQAZQBsAG0AZQB6AOkAcwDpAGgAZQB6ACAA6QBzACAAZQBsAGYAbwBn 21 | AGEAZADhAHMA4QBoAG8AegAgAGEAIABTAHoAbwBsAGcA4QBsAHQAYQB0APMAIABT 22 | AHoAbwBsAGcA4QBsAHQAYQB0AOEAcwBpACAAUwB6AGEAYgDhAGwAeQB6AGEAdABh 23 | ACAAcwB6AGUAcgBpAG4AdAAgAGsAZQBsAGwAIABlAGwAagDhAHIAbgBpADoAIABo 24 | AHQAdABwADoALwAvAHcAdwB3AC4AZQAtAHMAegBpAGcAbgBvAC4AaAB1AC8AUwBa 25 | AFMAWgAvMIHIBgNVHR8EgcAwgb0wgbqggbeggbSGIWh0dHA6Ly93d3cuZS1zemln 26 | bm8uaHUvUm9vdENBLmNybIaBjmxkYXA6Ly9sZGFwLmUtc3ppZ25vLmh1L0NOPU1p 27 | Y3Jvc2VjJTIwZS1Temlnbm8lMjBSb290JTIwQ0EsT1U9ZS1Temlnbm8lMjBDQSxP 28 | PU1pY3Jvc2VjJTIwTHRkLixMPUJ1ZGFwZXN0LEM9SFU/Y2VydGlmaWNhdGVSZXZv 29 | Y2F0aW9uTGlzdDtiaW5hcnkwDgYDVR0PAQH/BAQDAgEGMIGWBgNVHREEgY4wgYuB 30 | EGluZm9AZS1zemlnbm8uaHWkdzB1MSMwIQYDVQQDDBpNaWNyb3NlYyBlLVN6aWdu 31 | w7MgUm9vdCBDQTEWMBQGA1UECwwNZS1TemlnbsOzIEhTWjEWMBQGA1UEChMNTWlj 32 | cm9zZWMgS2Z0LjERMA8GA1UEBxMIQnVkYXBlc3QxCzAJBgNVBAYTAkhVMIGsBgNV 33 | HSMEgaQwgaGAFMegSXUWYYTbMUuE0vE3QJDvTtz3oXakdDByMQswCQYDVQQGEwJI 34 | VTERMA8GA1UEBxMIQnVkYXBlc3QxFjAUBgNVBAoTDU1pY3Jvc2VjIEx0ZC4xFDAS 35 | BgNVBAsTC2UtU3ppZ25vIENBMSIwIAYDVQQDExlNaWNyb3NlYyBlLVN6aWdubyBS 36 | b290IENBghEAzLjnv04pGv2i3GalHCwPETAdBgNVHQ4EFgQUx6BJdRZhhNsxS4TS 37 | 8TdAkO9O3PcwDQYJKoZIhvcNAQEFBQADggEBANMTnGZjWS7KXHAM/IO8VbH0jgds 38 | ZifOwTsgqRy7RlRw7lrMoHfqaEQn6/Ip3Xep1fvj1KcExJW4C+FEaGAHQzAxQmHl 39 | 7tnlJNUb3+FKG6qfx1/4ehHqE5MAyopYse7tDk2016g2JnzgOsHVV4Lxdbb9iV/a 40 | 86g4nzUGCM4ilb7N1fy+W955a9x6qWVmvrElWl/tftOsRm1M9DKHtCAE4Gx4sHfR 41 | hUZLphK3dehKyVZs15KrnfVJONJPU+NVkBHbmJbGSfI+9J8b4PeI3CVimUTYc78/ 42 | MPMMNz7UwiiAc7EBt51alhQBS6kRnSlqLtBdgcDPsiBDxwPgN05dCtxZICU= 43 | -----END CERTIFICATE----- 44 | 45 | -------------------------------------------------------------------------------- /tests/crl/18.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIHyTCCBbGgAwIBAgIBATANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJJTDEW 3 | MBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwg 4 | Q2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNh 5 | dGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MTk0NjM2WhcNMzYwOTE3MTk0NjM2WjB9 6 | MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi 7 | U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3Rh 8 | cnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUA 9 | A4ICDwAwggIKAoICAQDBiNsJvGxGfHiflXu1M5DycmLWwTYgIiRezul38kMKogZk 10 | pMyONvg45iPwbm2xPN1yo4UcodM9tDMr0y+v/uqwQVlntsQGfQqedIXWeUyAN3rf 11 | OQVSWff0G0ZDpNKFhdLDcfN1YjS6LIp/Ho/u7TTQEceWzVI9ujPW3U3eCztKS5/C 12 | Ji/6tRYccjV3yjxd5srhJosaNnZcAdt0FCX+7bWgiA/deMotHweXMAEtcnn6RtYT 13 | Kqi5pquDSR3l8u/d5AGOGAqPY1MWhWKpDhk6zLVmpsJrdAfkK+F2PrRt2PZE4XNi 14 | HzvEvqBTViVsUQn3qqvKv3b9bZvzndu/PWa8DFaqr5hIlTpL36dYUNk4dalb6kMM 15 | Av+Z6+hsTXBbKWWc3apdzK8BMewM69KN6Oqce+Zu9ydmDBpI125C4z/eIT574Q1w 16 | +2OqqGwaVLRcJXrJosmLFqa7LH4XXgVNWG4SHQHuEhANxjJ/GP/89PrNbpHoNkm+ 17 | Gkhpi8KWTRoSsmkXwQqQ1vp5Iki/untp+HDH+no32NgN0nZPV/+Qt+OR0t3vwmC3 18 | Zzrd/qqc8NSLf3Iizsafl7b4r4qgEKjZ+xjGtrVcUjyJthkqcwEKDwOzEmDyei+B 19 | 26Nu/yYwl/WL3YlXtq09s68rxbd2AvCl1iuahhQqcvbjM4xdCUsT37uMdBNSSwID 20 | AQABo4ICUjCCAk4wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAa4wHQYDVR0OBBYE 21 | FE4L7xqkQFulF2mHMMo0aEPQQa7yMGQGA1UdHwRdMFswLKAqoCiGJmh0dHA6Ly9j 22 | ZXJ0LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwuY3JsMCugKaAnhiVodHRwOi8vY3Js 23 | LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwuY3JsMIIBXQYDVR0gBIIBVDCCAVAwggFM 24 | BgsrBgEEAYG1NwEBATCCATswLwYIKwYBBQUHAgEWI2h0dHA6Ly9jZXJ0LnN0YXJ0 25 | Y29tLm9yZy9wb2xpY3kucGRmMDUGCCsGAQUFBwIBFilodHRwOi8vY2VydC5zdGFy 26 | dGNvbS5vcmcvaW50ZXJtZWRpYXRlLnBkZjCB0AYIKwYBBQUHAgIwgcMwJxYgU3Rh 27 | cnQgQ29tbWVyY2lhbCAoU3RhcnRDb20pIEx0ZC4wAwIBARqBl0xpbWl0ZWQgTGlh 28 | YmlsaXR5LCByZWFkIHRoZSBzZWN0aW9uICpMZWdhbCBMaW1pdGF0aW9ucyogb2Yg 29 | dGhlIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFBvbGljeSBhdmFp 30 | bGFibGUgYXQgaHR0cDovL2NlcnQuc3RhcnRjb20ub3JnL3BvbGljeS5wZGYwEQYJ 31 | YIZIAYb4QgEBBAQDAgAHMDgGCWCGSAGG+EIBDQQrFilTdGFydENvbSBGcmVlIFNT 32 | TCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOCAgEAFmyZ 33 | 9GYMNPXQhV59CuzaEE44HF7fpiUFS5Eyweg78T3dRAlbB0mKKctmArexmvclmAk8 34 | jhvh3TaHK0u7aNM5Zj2gJsfyOZEdUauCe37Vzlrk4gNXcGmXCPleWKYK34wGmkUW 35 | FjgKXlf2Ysd6AgXmvB618p70qSmD+LIU424oh0TDkBreOKk8rENNZEXO3SipXPJz 36 | ewT4F+irsfMuXGRuczE6Eri8sxHkfY+BUZo7jYn0TZNmezwD7dOaHZrzZVD1oNB1 37 | ny+v8OqCQ5j4aZyJecRDjkZy42Q2Eq/3JR44iZB3fsNrarnDy0RLrHiQi+fHLB5L 38 | EUTINFInzQpdn4XBidUaePKVEFMy3YCEZnXZtWgo+2EuvoSoOMCZEoalHmdkrQYu 39 | L6lwhceWD3yJZfWOQ1QOq92lgDmUYMA0yZZwLKMS9R9Ie70cfmu3nZD0Ijuu+Pwq 40 | yvqCUqDvr0tVk+vBtfAii6w0TiYiBKGHLHVKt+V9E9e4DGTANtLJL4YSjCMJwRuC 41 | O3NJo2pXh5Tl1njFmUNj403gdy3hZZlyaQQaRwnmDwFWJPsfvw55qVguucQJAX6V 42 | um0ABj6y6koQOdjQK/W/7HW/lwLFCRsI3FU34oH7N4RDYiDK51ZLZer+bMEkkySh 43 | NOsF/5oirpt9P/FlUQqmMGqz9IgcgA38corog14= 44 | -----END CERTIFICATE----- 45 | 46 | -------------------------------------------------------------------------------- /tests/testcertificates/intermediate/cacert-no-bc.pem: -------------------------------------------------------------------------------- 1 | Certificate: 2 | Data: 3 | Version: 3 (0x2) 4 | Serial Number: 21 (0x15) 5 | Signature Algorithm: sha1WithRSAEncryption 6 | Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd 7 | Validity 8 | Not Before: Jun 7 20:17:41 2014 GMT 9 | Not After : Jun 4 20:17:41 2024 GMT 10 | Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=signing CA 11 | Subject Public Key Info: 12 | Public Key Algorithm: rsaEncryption 13 | Public-Key: (1024 bit) 14 | Modulus: 15 | 00:ca:53:26:f9:ea:f4:1b:8a:70:c0:8c:17:17:c4: 16 | af:69:61:7a:62:8f:79:81:9e:16:9c:22:5c:64:25: 17 | fa:b3:be:bd:d1:84:98:7b:06:18:35:92:3a:c6:4b: 18 | 77:b4:90:61:6d:e1:6e:e9:bd:0a:72:a7:fb:27:51: 19 | ac:c6:43:5f:b9:60:41:a7:af:28:ff:6b:62:6a:ff: 20 | 54:16:06:84:48:94:4e:26:fe:bb:2b:f3:b2:8a:be: 21 | a2:a1:88:d1:4c:89:8e:29:60:41:9f:16:55:31:55: 22 | 86:c0:90:f4:b0:5e:63:7d:18:d8:d9:fb:0a:f3:df: 23 | 92:90:b1:78:e6:2e:c8:09:15 24 | Exponent: 65537 (0x10001) 25 | X509v3 extensions: 26 | X509v3 Subject Key Identifier: 27 | 70:46:49:1B:C2:71:2E:C0:50:D3:4B:18:58:8A:C4:10:1C:AE:B3:59 28 | X509v3 Authority Key Identifier: 29 | keyid:9F:73:10:61:42:11:4D:82:CA:F0:FF:37:E9:17:C3:20:C8:DB:1E:4A 30 | 31 | X509v3 Key Usage: 32 | Certificate Sign, CRL Sign 33 | Signature Algorithm: sha1WithRSAEncryption 34 | 32:a8:c9:7d:d8:a5:3c:da:f3:58:07:bb:e7:04:e2:fa:db:a3: 35 | 85:bd:06:49:fc:ca:a3:87:cb:5b:43:de:b2:8e:fd:c5:3e:35: 36 | ea:d7:ab:36:d2:f4:b2:05:41:4b:12:6d:82:9f:98:81:49:ad: 37 | 53:a1:d1:72:2e:4e:f3:87:13:c0:b7:4e:1c:a3:b6:66:a1:0d: 38 | 36:8a:58:3c:7f:29:46:a8:88:8a:f9:f8:d2:3d:de:31:00:f3: 39 | 2c:8e:cd:7b:58:11:39:b9:74:10:38:95:d2:84:71:f5:ee:6f: 40 | e4:ed:cd:c6:9a:67:4f:42:d7:ae:4f:9a:ac:22:6c:d3:80:76: 41 | 1f:79 42 | -----BEGIN CERTIFICATE----- 43 | MIICZDCCAc2gAwIBAgIBFTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJBVTET 44 | MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ 45 | dHkgTHRkMB4XDTE0MDYwNzIwMTc0MVoXDTI0MDYwNDIwMTc0MVowWjELMAkGA1UE 46 | BhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdp 47 | ZGdpdHMgUHR5IEx0ZDETMBEGA1UEAwwKc2lnbmluZyBDQTCBnzANBgkqhkiG9w0B 48 | AQEFAAOBjQAwgYkCgYEAylMm+er0G4pwwIwXF8SvaWF6Yo95gZ4WnCJcZCX6s769 49 | 0YSYewYYNZI6xkt3tJBhbeFu6b0Kcqf7J1GsxkNfuWBBp68o/2tiav9UFgaESJRO 50 | Jv67K/Oyir6ioYjRTImOKWBBnxZVMVWGwJD0sF5jfRjY2fsK89+SkLF45i7ICRUC 51 | AwEAAaNPME0wHQYDVR0OBBYEFHBGSRvCcS7AUNNLGFiKxBAcrrNZMB8GA1UdIwQY 52 | MBaAFJ9zEGFCEU2CyvD/N+kXwyDI2x5KMAsGA1UdDwQEAwIBBjANBgkqhkiG9w0B 53 | AQUFAAOBgQAyqMl92KU82vNYB7vnBOL626OFvQZJ/Mqjh8tbQ96yjv3FPjXq16s2 54 | 0vSyBUFLEm2Cn5iBSa1TodFyLk7zhxPAt04co7ZmoQ02ilg8fylGqIiK+fjSPd4x 55 | APMsjs17WBE5uXQQOJXShHH17m/k7c3GmmdPQteuT5qsImzTgHYfeQ== 56 | -----END CERTIFICATE----- 57 | -------------------------------------------------------------------------------- /tests/testcertificates/intermediate/cacert-no-keyusage.pem: -------------------------------------------------------------------------------- 1 | Certificate: 2 | Data: 3 | Version: 3 (0x2) 4 | Serial Number: 18 (0x12) 5 | Signature Algorithm: sha1WithRSAEncryption 6 | Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd 7 | Validity 8 | Not Before: Jun 7 15:05:29 2014 GMT 9 | Not After : Jun 4 15:05:29 2024 GMT 10 | Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=signing CA 11 | Subject Public Key Info: 12 | Public Key Algorithm: rsaEncryption 13 | Public-Key: (1024 bit) 14 | Modulus: 15 | 00:ca:53:26:f9:ea:f4:1b:8a:70:c0:8c:17:17:c4: 16 | af:69:61:7a:62:8f:79:81:9e:16:9c:22:5c:64:25: 17 | fa:b3:be:bd:d1:84:98:7b:06:18:35:92:3a:c6:4b: 18 | 77:b4:90:61:6d:e1:6e:e9:bd:0a:72:a7:fb:27:51: 19 | ac:c6:43:5f:b9:60:41:a7:af:28:ff:6b:62:6a:ff: 20 | 54:16:06:84:48:94:4e:26:fe:bb:2b:f3:b2:8a:be: 21 | a2:a1:88:d1:4c:89:8e:29:60:41:9f:16:55:31:55: 22 | 86:c0:90:f4:b0:5e:63:7d:18:d8:d9:fb:0a:f3:df: 23 | 92:90:b1:78:e6:2e:c8:09:15 24 | Exponent: 65537 (0x10001) 25 | X509v3 extensions: 26 | X509v3 Subject Key Identifier: 27 | 70:46:49:1B:C2:71:2E:C0:50:D3:4B:18:58:8A:C4:10:1C:AE:B3:59 28 | X509v3 Authority Key Identifier: 29 | keyid:9F:73:10:61:42:11:4D:82:CA:F0:FF:37:E9:17:C3:20:C8:DB:1E:4A 30 | 31 | X509v3 Basic Constraints: critical 32 | CA:TRUE 33 | Signature Algorithm: sha1WithRSAEncryption 34 | 6e:6c:e2:73:b6:77:9a:a4:14:34:2d:f9:93:3a:4e:0b:26:f7: 35 | f0:63:c7:8f:1e:2b:cf:fb:f3:db:6d:e1:13:eb:ec:c6:62:f5: 36 | 87:d7:f7:9e:db:55:d2:3f:79:b0:b8:61:5a:2a:c1:2f:e8:b4: 37 | f5:7d:55:fa:9b:d9:cd:09:62:d8:84:d7:86:e1:82:a1:c8:da: 38 | 41:92:5f:aa:f8:6e:59:b2:7d:d0:0a:f0:44:f6:c8:44:91:7d: 39 | 2d:71:59:27:6f:e7:22:0e:65:d5:62:bf:f0:98:53:34:76:16: 40 | 1a:61:46:4a:13:a0:db:71:b6:ca:8e:8e:d6:2a:4e:88:e1:8c: 41 | 99:8b 42 | -----BEGIN CERTIFICATE----- 43 | MIICaDCCAdGgAwIBAgIBEjANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJBVTET 44 | MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ 45 | dHkgTHRkMB4XDTE0MDYwNzE1MDUyOVoXDTI0MDYwNDE1MDUyOVowWjELMAkGA1UE 46 | BhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdp 47 | ZGdpdHMgUHR5IEx0ZDETMBEGA1UEAwwKc2lnbmluZyBDQTCBnzANBgkqhkiG9w0B 48 | AQEFAAOBjQAwgYkCgYEAylMm+er0G4pwwIwXF8SvaWF6Yo95gZ4WnCJcZCX6s769 49 | 0YSYewYYNZI6xkt3tJBhbeFu6b0Kcqf7J1GsxkNfuWBBp68o/2tiav9UFgaESJRO 50 | Jv67K/Oyir6ioYjRTImOKWBBnxZVMVWGwJD0sF5jfRjY2fsK89+SkLF45i7ICRUC 51 | AwEAAaNTMFEwHQYDVR0OBBYEFHBGSRvCcS7AUNNLGFiKxBAcrrNZMB8GA1UdIwQY 52 | MBaAFJ9zEGFCEU2CyvD/N+kXwyDI2x5KMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI 53 | hvcNAQEFBQADgYEAbmzic7Z3mqQUNC35kzpOCyb38GPHjx4rz/vz223hE+vsxmL1 54 | h9f3nttV0j95sLhhWirBL+i09X1V+pvZzQli2ITXhuGCocjaQZJfqvhuWbJ90Arw 55 | RPbIRJF9LXFZJ2/nIg5l1WK/8JhTNHYWGmFGShOg23G2yo6O1ipOiOGMmYs= 56 | -----END CERTIFICATE----- 57 | -------------------------------------------------------------------------------- /tests/testcertificates/intermediate/cacert.pem: -------------------------------------------------------------------------------- 1 | Certificate: 2 | Data: 3 | Version: 3 (0x2) 4 | Serial Number: 8 (0x8) 5 | Signature Algorithm: sha1WithRSAEncryption 6 | Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd 7 | Validity 8 | Not Before: Jun 7 14:06:12 2014 GMT 9 | Not After : Jun 4 14:06:12 2024 GMT 10 | Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=signing CA 11 | Subject Public Key Info: 12 | Public Key Algorithm: rsaEncryption 13 | Public-Key: (1024 bit) 14 | Modulus: 15 | 00:ca:53:26:f9:ea:f4:1b:8a:70:c0:8c:17:17:c4: 16 | af:69:61:7a:62:8f:79:81:9e:16:9c:22:5c:64:25: 17 | fa:b3:be:bd:d1:84:98:7b:06:18:35:92:3a:c6:4b: 18 | 77:b4:90:61:6d:e1:6e:e9:bd:0a:72:a7:fb:27:51: 19 | ac:c6:43:5f:b9:60:41:a7:af:28:ff:6b:62:6a:ff: 20 | 54:16:06:84:48:94:4e:26:fe:bb:2b:f3:b2:8a:be: 21 | a2:a1:88:d1:4c:89:8e:29:60:41:9f:16:55:31:55: 22 | 86:c0:90:f4:b0:5e:63:7d:18:d8:d9:fb:0a:f3:df: 23 | 92:90:b1:78:e6:2e:c8:09:15 24 | Exponent: 65537 (0x10001) 25 | X509v3 extensions: 26 | X509v3 Basic Constraints: critical 27 | CA:TRUE 28 | X509v3 Key Usage: 29 | Certificate Sign 30 | X509v3 Subject Key Identifier: 31 | 70:46:49:1B:C2:71:2E:C0:50:D3:4B:18:58:8A:C4:10:1C:AE:B3:59 32 | X509v3 Authority Key Identifier: 33 | keyid:9F:73:10:61:42:11:4D:82:CA:F0:FF:37:E9:17:C3:20:C8:DB:1E:4A 34 | 35 | Signature Algorithm: sha1WithRSAEncryption 36 | 1d:9e:fa:5f:8f:1e:15:e9:d9:c7:9c:1c:30:0e:78:3c:ac:01: 37 | 4b:5c:42:03:e8:01:c3:1c:22:04:f4:ef:6f:f1:55:cc:fc:70: 38 | a3:75:ae:98:ea:f2:b6:77:a5:46:14:49:56:85:e7:dd:d7:57: 39 | a2:32:12:86:ec:7b:19:4c:d5:76:0b:7c:f5:64:3a:4c:52:b4: 40 | 6b:49:15:58:73:f9:21:23:de:dc:1c:6f:fa:d5:0a:93:1b:7d: 41 | 68:70:a8:47:2d:41:5f:ea:94:a5:6f:69:8d:f8:2f:40:b1:a5: 42 | d2:33:af:6e:32:fe:43:7b:70:73:3e:2b:fa:d7:fa:c7:1e:73: 43 | 10:23 44 | -----BEGIN CERTIFICATE----- 45 | MIICdTCCAd6gAwIBAgIBCDANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJBVTET 46 | MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ 47 | dHkgTHRkMB4XDTE0MDYwNzE0MDYxMloXDTI0MDYwNDE0MDYxMlowWjELMAkGA1UE 48 | BhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdp 49 | ZGdpdHMgUHR5IEx0ZDETMBEGA1UEAwwKc2lnbmluZyBDQTCBnzANBgkqhkiG9w0B 50 | AQEFAAOBjQAwgYkCgYEAylMm+er0G4pwwIwXF8SvaWF6Yo95gZ4WnCJcZCX6s769 51 | 0YSYewYYNZI6xkt3tJBhbeFu6b0Kcqf7J1GsxkNfuWBBp68o/2tiav9UFgaESJRO 52 | Jv67K/Oyir6ioYjRTImOKWBBnxZVMVWGwJD0sF5jfRjY2fsK89+SkLF45i7ICRUC 53 | AwEAAaNgMF4wDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAgQwHQYDVR0OBBYE 54 | FHBGSRvCcS7AUNNLGFiKxBAcrrNZMB8GA1UdIwQYMBaAFJ9zEGFCEU2CyvD/N+kX 55 | wyDI2x5KMA0GCSqGSIb3DQEBBQUAA4GBAB2e+l+PHhXp2cecHDAOeDysAUtcQgPo 56 | AcMcIgT072/xVcz8cKN1rpjq8rZ3pUYUSVaF593XV6IyEobsexlM1XYLfPVkOkxS 57 | tGtJFVhz+SEj3twcb/rVCpMbfWhwqEctQV/qlKVvaY34L0CxpdIzr24y/kN7cHM+ 58 | K/rX+scecxAj 59 | -----END CERTIFICATE----- 60 | -------------------------------------------------------------------------------- /tests/testcertificates/first/first-keyusage-nonrep.pem: -------------------------------------------------------------------------------- 1 | Certificate: 2 | Data: 3 | Version: 3 (0x2) 4 | Serial Number: 7 (0x7) 5 | Signature Algorithm: sha1WithRSAEncryption 6 | Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd 7 | Validity 8 | Not Before: Jun 6 17:24:10 2014 GMT 9 | Not After : Jun 3 17:24:10 2024 GMT 10 | Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=key.foobar.com 11 | Subject Public Key Info: 12 | Public Key Algorithm: rsaEncryption 13 | Public-Key: (1024 bit) 14 | Modulus: 15 | 00:e4:13:e7:f0:97:87:62:5f:e2:cc:79:b2:55:77: 16 | d7:c2:b8:b9:d3:51:b9:72:6f:15:13:b5:94:e7:54: 17 | 8e:c1:18:37:6c:d8:0b:90:5a:a4:5d:a5:0e:42:74: 18 | 4e:7e:ad:e9:34:37:a7:6d:e5:30:c6:41:7b:f8:85: 19 | e9:61:84:cc:d8:80:f2:7f:af:6e:22:bc:2c:ce:27: 20 | 1f:4a:fd:36:bc:1c:9d:f5:5f:e9:b4:96:0f:88:31: 21 | 8f:a7:6d:38:54:a8:7e:2c:1c:1c:72:8c:2f:0b:0a: 22 | 71:6f:d2:d5:c6:ac:e9:e0:e9:7e:72:46:43:a0:00: 23 | 60:33:62:d7:7a:ff:1e:7f:77 24 | Exponent: 65537 (0x10001) 25 | X509v3 extensions: 26 | X509v3 Basic Constraints: 27 | CA:FALSE 28 | X509v3 Key Usage: 29 | Non Repudiation 30 | X509v3 Subject Key Identifier: 31 | 4A:F7:E8:EB:57:1B:AB:49:41:23:E8:02:64:23:83:23:17:0E:CA:05 32 | X509v3 Authority Key Identifier: 33 | keyid:9F:73:10:61:42:11:4D:82:CA:F0:FF:37:E9:17:C3:20:C8:DB:1E:4A 34 | 35 | Signature Algorithm: sha1WithRSAEncryption 36 | 7b:67:67:33:93:3a:16:9b:1b:93:71:3c:0b:90:0c:ba:37:cd: 37 | 53:c7:84:94:6b:c8:ea:6c:3a:c8:da:70:e8:1f:ec:ab:9e:fe: 38 | 4f:f4:69:8d:e4:c0:82:fc:48:9e:f3:a3:a0:91:d7:ef:a0:ac: 39 | 80:38:f5:84:b9:5f:29:9a:57:9c:e3:be:ba:6e:3a:fa:59:89: 40 | cc:c2:36:5f:5a:c0:83:3d:48:3c:3f:51:55:f3:ae:2e:64:40: 41 | 06:8d:de:87:a0:08:33:4f:85:f3:ec:92:f2:eb:a8:0a:5b:94: 42 | 56:a6:23:9a:5f:02:4c:01:9a:d7:f3:5c:67:2c:81:4a:2c:ca: 43 | ae:14 44 | -----BEGIN CERTIFICATE----- 45 | MIICczCCAdygAwIBAgIBBzANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJBVTET 46 | MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ 47 | dHkgTHRkMB4XDTE0MDYwNjE3MjQxMFoXDTI0MDYwMzE3MjQxMFowXjELMAkGA1UE 48 | BhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdp 49 | ZGdpdHMgUHR5IEx0ZDEXMBUGA1UEAwwOa2V5LmZvb2Jhci5jb20wgZ8wDQYJKoZI 50 | hvcNAQEBBQADgY0AMIGJAoGBAOQT5/CXh2Jf4sx5slV318K4udNRuXJvFRO1lOdU 51 | jsEYN2zYC5BapF2lDkJ0Tn6t6TQ3p23lMMZBe/iF6WGEzNiA8n+vbiK8LM4nH0r9 52 | NrwcnfVf6bSWD4gxj6dtOFSofiwcHHKMLwsKcW/S1cas6eDpfnJGQ6AAYDNi13r/ 53 | Hn93AgMBAAGjWjBYMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgZAMB0GA1UdDgQWBBRK 54 | 9+jrVxurSUEj6AJkI4MjFw7KBTAfBgNVHSMEGDAWgBSfcxBhQhFNgsrw/zfpF8Mg 55 | yNseSjANBgkqhkiG9w0BAQUFAAOBgQB7Z2czkzoWmxuTcTwLkAy6N81Tx4SUa8jq 56 | bDrI2nDoH+yrnv5P9GmN5MCC/Eie86OgkdfvoKyAOPWEuV8pmlec4766bjr6WYnM 57 | wjZfWsCDPUg8P1FV864uZEAGjd6HoAgzT4Xz7JLy66gKW5RWpiOaXwJMAZrX81xn 58 | LIFKLMquFA== 59 | -----END CERTIFICATE----- 60 | -------------------------------------------------------------------------------- /tests/testcertificates/intermediate/cacert-ba-false.pem: -------------------------------------------------------------------------------- 1 | Certificate: 2 | Data: 3 | Version: 3 (0x2) 4 | Serial Number: 16 (0x10) 5 | Signature Algorithm: sha1WithRSAEncryption 6 | Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd 7 | Validity 8 | Not Before: Jun 7 15:04:42 2014 GMT 9 | Not After : Jun 4 15:04:42 2024 GMT 10 | Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=signing CA 11 | Subject Public Key Info: 12 | Public Key Algorithm: rsaEncryption 13 | Public-Key: (1024 bit) 14 | Modulus: 15 | 00:ca:53:26:f9:ea:f4:1b:8a:70:c0:8c:17:17:c4: 16 | af:69:61:7a:62:8f:79:81:9e:16:9c:22:5c:64:25: 17 | fa:b3:be:bd:d1:84:98:7b:06:18:35:92:3a:c6:4b: 18 | 77:b4:90:61:6d:e1:6e:e9:bd:0a:72:a7:fb:27:51: 19 | ac:c6:43:5f:b9:60:41:a7:af:28:ff:6b:62:6a:ff: 20 | 54:16:06:84:48:94:4e:26:fe:bb:2b:f3:b2:8a:be: 21 | a2:a1:88:d1:4c:89:8e:29:60:41:9f:16:55:31:55: 22 | 86:c0:90:f4:b0:5e:63:7d:18:d8:d9:fb:0a:f3:df: 23 | 92:90:b1:78:e6:2e:c8:09:15 24 | Exponent: 65537 (0x10001) 25 | X509v3 extensions: 26 | X509v3 Subject Key Identifier: 27 | 70:46:49:1B:C2:71:2E:C0:50:D3:4B:18:58:8A:C4:10:1C:AE:B3:59 28 | X509v3 Authority Key Identifier: 29 | keyid:9F:73:10:61:42:11:4D:82:CA:F0:FF:37:E9:17:C3:20:C8:DB:1E:4A 30 | 31 | X509v3 Basic Constraints: critical 32 | CA:FALSE 33 | X509v3 Key Usage: 34 | Certificate Sign, CRL Sign 35 | Signature Algorithm: sha1WithRSAEncryption 36 | 5a:fb:c5:0a:22:3d:76:de:b6:3a:85:06:9f:dc:97:e7:44:2c: 37 | 88:c5:4f:6f:3e:f9:31:8f:55:25:28:d0:0f:0c:5d:f9:08:b6: 38 | 3e:50:be:5d:ee:d7:bb:47:87:02:d0:a3:73:f4:95:ee:99:d0: 39 | 89:07:f7:a7:89:0a:7d:07:3b:a3:75:8a:af:22:23:30:33:2b: 40 | 96:b1:8d:59:1b:32:63:e4:6c:99:ef:9c:66:30:9b:e7:36:31: 41 | 5d:1e:d8:7e:1b:fa:65:cd:e3:25:28:aa:d6:6a:35:a2:a7:77: 42 | 9b:ca:4d:12:0a:91:3a:5b:74:05:7d:57:9c:4d:d0:a0:74:e5: 43 | 12:73 44 | -----BEGIN CERTIFICATE----- 45 | MIICcjCCAdugAwIBAgIBEDANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJBVTET 46 | MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ 47 | dHkgTHRkMB4XDTE0MDYwNzE1MDQ0MloXDTI0MDYwNDE1MDQ0MlowWjELMAkGA1UE 48 | BhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdp 49 | ZGdpdHMgUHR5IEx0ZDETMBEGA1UEAwwKc2lnbmluZyBDQTCBnzANBgkqhkiG9w0B 50 | AQEFAAOBjQAwgYkCgYEAylMm+er0G4pwwIwXF8SvaWF6Yo95gZ4WnCJcZCX6s769 51 | 0YSYewYYNZI6xkt3tJBhbeFu6b0Kcqf7J1GsxkNfuWBBp68o/2tiav9UFgaESJRO 52 | Jv67K/Oyir6ioYjRTImOKWBBnxZVMVWGwJD0sF5jfRjY2fsK89+SkLF45i7ICRUC 53 | AwEAAaNdMFswHQYDVR0OBBYEFHBGSRvCcS7AUNNLGFiKxBAcrrNZMB8GA1UdIwQY 54 | MBaAFJ9zEGFCEU2CyvD/N+kXwyDI2x5KMAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQD 55 | AgEGMA0GCSqGSIb3DQEBBQUAA4GBAFr7xQoiPXbetjqFBp/cl+dELIjFT28++TGP 56 | VSUo0A8MXfkItj5Qvl3u17tHhwLQo3P0le6Z0IkH96eJCn0HO6N1iq8iIzAzK5ax 57 | jVkbMmPkbJnvnGYwm+c2MV0e2H4b+mXN4yUoqtZqNaKnd5vKTRIKkTpbdAV9V5xN 58 | 0KB05RJz 59 | -----END CERTIFICATE----- 60 | -------------------------------------------------------------------------------- /tests/testcertificates/first/first-wildcard.pem: -------------------------------------------------------------------------------- 1 | Certificate: 2 | Data: 3 | Version: 3 (0x2) 4 | Serial Number: 4 (0x4) 5 | Signature Algorithm: sha1WithRSAEncryption 6 | Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd 7 | Validity 8 | Not Before: Jun 6 17:21:03 2014 GMT 9 | Not After : Jun 3 17:21:03 2024 GMT 10 | Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=*.foobar.com 11 | Subject Public Key Info: 12 | Public Key Algorithm: rsaEncryption 13 | Public-Key: (1024 bit) 14 | Modulus: 15 | 00:e4:13:e7:f0:97:87:62:5f:e2:cc:79:b2:55:77: 16 | d7:c2:b8:b9:d3:51:b9:72:6f:15:13:b5:94:e7:54: 17 | 8e:c1:18:37:6c:d8:0b:90:5a:a4:5d:a5:0e:42:74: 18 | 4e:7e:ad:e9:34:37:a7:6d:e5:30:c6:41:7b:f8:85: 19 | e9:61:84:cc:d8:80:f2:7f:af:6e:22:bc:2c:ce:27: 20 | 1f:4a:fd:36:bc:1c:9d:f5:5f:e9:b4:96:0f:88:31: 21 | 8f:a7:6d:38:54:a8:7e:2c:1c:1c:72:8c:2f:0b:0a: 22 | 71:6f:d2:d5:c6:ac:e9:e0:e9:7e:72:46:43:a0:00: 23 | 60:33:62:d7:7a:ff:1e:7f:77 24 | Exponent: 65537 (0x10001) 25 | X509v3 extensions: 26 | X509v3 Basic Constraints: 27 | CA:FALSE 28 | X509v3 Key Usage: 29 | Digital Signature, Non Repudiation, Key Encipherment 30 | X509v3 Subject Key Identifier: 31 | 4A:F7:E8:EB:57:1B:AB:49:41:23:E8:02:64:23:83:23:17:0E:CA:05 32 | X509v3 Authority Key Identifier: 33 | keyid:9F:73:10:61:42:11:4D:82:CA:F0:FF:37:E9:17:C3:20:C8:DB:1E:4A 34 | 35 | Signature Algorithm: sha1WithRSAEncryption 36 | 68:c1:17:fa:0c:e4:04:cd:2b:19:ea:e7:a6:02:27:73:f2:e2: 37 | 54:b9:6c:8d:2f:06:be:a5:82:83:41:37:ae:f2:5c:cf:62:a0: 38 | 2a:79:37:7c:79:6c:cc:9f:f0:64:a9:8a:1b:93:62:f9:c2:08: 39 | 88:e2:73:77:77:73:f7:3f:9e:d6:b1:2c:56:65:a7:cb:10:b9: 40 | 79:7b:c6:4b:56:8e:08:d7:51:59:f0:47:6f:fd:b9:32:b0:b8: 41 | 69:f1:74:97:a9:9b:11:5a:86:03:14:2a:3b:a7:11:cb:0c:02: 42 | 67:dd:45:db:5d:a3:d0:8a:41:2c:13:3f:7f:37:24:2f:49:d4: 43 | 07:c1 44 | -----BEGIN CERTIFICATE----- 45 | MIICcTCCAdqgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJBVTET 46 | MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ 47 | dHkgTHRkMB4XDTE0MDYwNjE3MjEwM1oXDTI0MDYwMzE3MjEwM1owXDELMAkGA1UE 48 | BhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdp 49 | ZGdpdHMgUHR5IEx0ZDEVMBMGA1UEAwwMKi5mb29iYXIuY29tMIGfMA0GCSqGSIb3 50 | DQEBAQUAA4GNADCBiQKBgQDkE+fwl4diX+LMebJVd9fCuLnTUblybxUTtZTnVI7B 51 | GDds2AuQWqRdpQ5CdE5+rek0N6dt5TDGQXv4helhhMzYgPJ/r24ivCzOJx9K/Ta8 52 | HJ31X+m0lg+IMY+nbThUqH4sHBxyjC8LCnFv0tXGrOng6X5yRkOgAGAzYtd6/x5/ 53 | dwIDAQABo1owWDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAdBgNVHQ4EFgQUSvfo 54 | 61cbq0lBI+gCZCODIxcOygUwHwYDVR0jBBgwFoAUn3MQYUIRTYLK8P836RfDIMjb 55 | HkowDQYJKoZIhvcNAQEFBQADgYEAaMEX+gzkBM0rGernpgInc/LiVLlsjS8GvqWC 56 | g0E3rvJcz2KgKnk3fHlszJ/wZKmKG5Ni+cIIiOJzd3dz9z+e1rEsVmWnyxC5eXvG 57 | S1aOCNdRWfBHb/25MrC4afF0l6mbEVqGAxQqO6cRywwCZ91F212j0IpBLBM/fzck 58 | L0nUB8E= 59 | -----END CERTIFICATE----- 60 | -------------------------------------------------------------------------------- /tests/testcertificates/intermediate/cacert-ku-critical.pem: -------------------------------------------------------------------------------- 1 | Certificate: 2 | Data: 3 | Version: 3 (0x2) 4 | Serial Number: 22 (0x16) 5 | Signature Algorithm: sha1WithRSAEncryption 6 | Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd 7 | Validity 8 | Not Before: Jun 7 20:30:46 2014 GMT 9 | Not After : Jun 4 20:30:46 2024 GMT 10 | Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=signing CA 11 | Subject Public Key Info: 12 | Public Key Algorithm: rsaEncryption 13 | Public-Key: (1024 bit) 14 | Modulus: 15 | 00:ca:53:26:f9:ea:f4:1b:8a:70:c0:8c:17:17:c4: 16 | af:69:61:7a:62:8f:79:81:9e:16:9c:22:5c:64:25: 17 | fa:b3:be:bd:d1:84:98:7b:06:18:35:92:3a:c6:4b: 18 | 77:b4:90:61:6d:e1:6e:e9:bd:0a:72:a7:fb:27:51: 19 | ac:c6:43:5f:b9:60:41:a7:af:28:ff:6b:62:6a:ff: 20 | 54:16:06:84:48:94:4e:26:fe:bb:2b:f3:b2:8a:be: 21 | a2:a1:88:d1:4c:89:8e:29:60:41:9f:16:55:31:55: 22 | 86:c0:90:f4:b0:5e:63:7d:18:d8:d9:fb:0a:f3:df: 23 | 92:90:b1:78:e6:2e:c8:09:15 24 | Exponent: 65537 (0x10001) 25 | X509v3 extensions: 26 | X509v3 Subject Key Identifier: 27 | 70:46:49:1B:C2:71:2E:C0:50:D3:4B:18:58:8A:C4:10:1C:AE:B3:59 28 | X509v3 Authority Key Identifier: 29 | keyid:9F:73:10:61:42:11:4D:82:CA:F0:FF:37:E9:17:C3:20:C8:DB:1E:4A 30 | 31 | X509v3 Basic Constraints: critical 32 | CA:TRUE 33 | X509v3 Key Usage: critical 34 | Certificate Sign, CRL Sign 35 | Signature Algorithm: sha1WithRSAEncryption 36 | 16:a1:47:40:d9:71:b8:ab:84:8f:f7:da:f3:53:cd:ad:a6:4d: 37 | d9:39:32:e9:d5:5c:6d:e3:45:05:00:1e:a3:45:28:c9:a1:c1: 38 | 07:0e:3f:52:ba:70:18:4d:ee:89:5a:80:05:af:dd:24:d6:4a: 39 | b2:c2:2f:a4:2c:4d:2e:60:86:01:6b:07:8f:70:d8:6a:07:a6: 40 | 4a:ce:b0:d0:4b:13:b5:a4:87:ac:ba:45:25:0a:8a:a2:a2:2f: 41 | 59:dd:9c:94:d7:0d:1d:e1:23:44:99:d5:63:5b:46:35:e0:87: 42 | bb:cb:53:24:89:48:e1:5f:0c:d7:02:e2:15:97:37:b1:dd:0d: 43 | 4e:bd 44 | -----BEGIN CERTIFICATE----- 45 | MIICeDCCAeGgAwIBAgIBFjANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJBVTET 46 | MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ 47 | dHkgTHRkMB4XDTE0MDYwNzIwMzA0NloXDTI0MDYwNDIwMzA0NlowWjELMAkGA1UE 48 | BhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdp 49 | ZGdpdHMgUHR5IEx0ZDETMBEGA1UEAwwKc2lnbmluZyBDQTCBnzANBgkqhkiG9w0B 50 | AQEFAAOBjQAwgYkCgYEAylMm+er0G4pwwIwXF8SvaWF6Yo95gZ4WnCJcZCX6s769 51 | 0YSYewYYNZI6xkt3tJBhbeFu6b0Kcqf7J1GsxkNfuWBBp68o/2tiav9UFgaESJRO 52 | Jv67K/Oyir6ioYjRTImOKWBBnxZVMVWGwJD0sF5jfRjY2fsK89+SkLF45i7ICRUC 53 | AwEAAaNjMGEwHQYDVR0OBBYEFHBGSRvCcS7AUNNLGFiKxBAcrrNZMB8GA1UdIwQY 54 | MBaAFJ9zEGFCEU2CyvD/N+kXwyDI2x5KMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P 55 | AQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4GBABahR0DZcbirhI/32vNTza2mTdk5 56 | MunVXG3jRQUAHqNFKMmhwQcOP1K6cBhN7olagAWv3STWSrLCL6QsTS5ghgFrB49w 57 | 2GoHpkrOsNBLE7Wkh6y6RSUKiqKiL1ndnJTXDR3hI0SZ1WNbRjXgh7vLUySJSOFf 58 | DNcC4hWXN7HdDU69 59 | -----END CERTIFICATE----- 60 | -------------------------------------------------------------------------------- /tests/testcertificates/first/first-basicconstraint-true.pem: -------------------------------------------------------------------------------- 1 | Certificate: 2 | Data: 3 | Version: 3 (0x2) 4 | Serial Number: 6 (0x6) 5 | Signature Algorithm: sha1WithRSAEncryption 6 | Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd 7 | Validity 8 | Not Before: Jun 6 17:23:19 2014 GMT 9 | Not After : Jun 3 17:23:19 2024 GMT 10 | Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=ca.foobar.com 11 | Subject Public Key Info: 12 | Public Key Algorithm: rsaEncryption 13 | Public-Key: (1024 bit) 14 | Modulus: 15 | 00:e4:13:e7:f0:97:87:62:5f:e2:cc:79:b2:55:77: 16 | d7:c2:b8:b9:d3:51:b9:72:6f:15:13:b5:94:e7:54: 17 | 8e:c1:18:37:6c:d8:0b:90:5a:a4:5d:a5:0e:42:74: 18 | 4e:7e:ad:e9:34:37:a7:6d:e5:30:c6:41:7b:f8:85: 19 | e9:61:84:cc:d8:80:f2:7f:af:6e:22:bc:2c:ce:27: 20 | 1f:4a:fd:36:bc:1c:9d:f5:5f:e9:b4:96:0f:88:31: 21 | 8f:a7:6d:38:54:a8:7e:2c:1c:1c:72:8c:2f:0b:0a: 22 | 71:6f:d2:d5:c6:ac:e9:e0:e9:7e:72:46:43:a0:00: 23 | 60:33:62:d7:7a:ff:1e:7f:77 24 | Exponent: 65537 (0x10001) 25 | X509v3 extensions: 26 | X509v3 Basic Constraints: 27 | CA:TRUE 28 | X509v3 Key Usage: 29 | Digital Signature, Non Repudiation, Key Encipherment 30 | X509v3 Subject Key Identifier: 31 | 4A:F7:E8:EB:57:1B:AB:49:41:23:E8:02:64:23:83:23:17:0E:CA:05 32 | X509v3 Authority Key Identifier: 33 | keyid:9F:73:10:61:42:11:4D:82:CA:F0:FF:37:E9:17:C3:20:C8:DB:1E:4A 34 | 35 | Signature Algorithm: sha1WithRSAEncryption 36 | 45:b6:bc:bb:49:8b:12:ce:07:14:68:4f:d1:d1:e5:60:a6:9b: 37 | 9a:b0:8e:40:d0:9c:9d:63:3d:5e:ef:5c:1c:80:4b:2d:ba:45: 38 | d5:46:2a:08:06:d1:4f:ce:20:7c:3f:04:c2:69:fe:29:6e:be: 39 | e9:27:fe:7a:7a:6c:75:7f:b1:8f:c8:97:52:85:c3:35:53:b4: 40 | e8:69:f7:ce:fa:a1:48:aa:36:41:37:c3:7d:9f:3f:dc:b3:dd: 41 | 7e:ba:73:b5:94:89:6c:b1:b1:15:c7:48:d1:2f:a7:28:d5:6d: 42 | c3:de:a2:93:da:80:d5:8b:5d:0f:10:47:36:70:a2:10:38:3e: 43 | 57:8e 44 | -----BEGIN CERTIFICATE----- 45 | MIICdTCCAd6gAwIBAgIBBjANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJBVTET 46 | MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ 47 | dHkgTHRkMB4XDTE0MDYwNjE3MjMxOVoXDTI0MDYwMzE3MjMxOVowXTELMAkGA1UE 48 | BhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdp 49 | ZGdpdHMgUHR5IEx0ZDEWMBQGA1UEAwwNY2EuZm9vYmFyLmNvbTCBnzANBgkqhkiG 50 | 9w0BAQEFAAOBjQAwgYkCgYEA5BPn8JeHYl/izHmyVXfXwri501G5cm8VE7WU51SO 51 | wRg3bNgLkFqkXaUOQnROfq3pNDenbeUwxkF7+IXpYYTM2IDyf69uIrwszicfSv02 52 | vByd9V/ptJYPiDGPp204VKh+LBwccowvCwpxb9LVxqzp4Ol+ckZDoABgM2LXev8e 53 | f3cCAwEAAaNdMFswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCBeAwHQYDVR0OBBYE 54 | FEr36OtXG6tJQSPoAmQjgyMXDsoFMB8GA1UdIwQYMBaAFJ9zEGFCEU2CyvD/N+kX 55 | wyDI2x5KMA0GCSqGSIb3DQEBBQUAA4GBAEW2vLtJixLOBxRoT9HR5WCmm5qwjkDQ 56 | nJ1jPV7vXByASy26RdVGKggG0U/OIHw/BMJp/iluvukn/np6bHV/sY/Il1KFwzVT 57 | tOhp9876oUiqNkE3w32fP9yz3X66c7WUiWyxsRXHSNEvpyjVbcPeopPagNWLXQ8Q 58 | RzZwohA4PleO 59 | -----END CERTIFICATE----- 60 | -------------------------------------------------------------------------------- /tests/testcertificates/intermediate/second/second-no-cn.pem: -------------------------------------------------------------------------------- 1 | Certificate: 2 | Data: 3 | Version: 3 (0x2) 4 | Serial Number: 10 (0xa) 5 | Signature Algorithm: sha1WithRSAEncryption 6 | Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=signing CA 7 | Validity 8 | Not Before: Jun 7 20:19:45 2014 GMT 9 | Not After : Jun 4 20:19:45 2024 GMT 10 | Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd 11 | Subject Public Key Info: 12 | Public Key Algorithm: rsaEncryption 13 | Public-Key: (1024 bit) 14 | Modulus: 15 | 00:e4:13:e7:f0:97:87:62:5f:e2:cc:79:b2:55:77: 16 | d7:c2:b8:b9:d3:51:b9:72:6f:15:13:b5:94:e7:54: 17 | 8e:c1:18:37:6c:d8:0b:90:5a:a4:5d:a5:0e:42:74: 18 | 4e:7e:ad:e9:34:37:a7:6d:e5:30:c6:41:7b:f8:85: 19 | e9:61:84:cc:d8:80:f2:7f:af:6e:22:bc:2c:ce:27: 20 | 1f:4a:fd:36:bc:1c:9d:f5:5f:e9:b4:96:0f:88:31: 21 | 8f:a7:6d:38:54:a8:7e:2c:1c:1c:72:8c:2f:0b:0a: 22 | 71:6f:d2:d5:c6:ac:e9:e0:e9:7e:72:46:43:a0:00: 23 | 60:33:62:d7:7a:ff:1e:7f:77 24 | Exponent: 65537 (0x10001) 25 | X509v3 extensions: 26 | X509v3 Basic Constraints: critical 27 | CA:FALSE 28 | X509v3 Key Usage: 29 | Digital Signature, Non Repudiation, Key Encipherment 30 | X509v3 Subject Key Identifier: 31 | 4A:F7:E8:EB:57:1B:AB:49:41:23:E8:02:64:23:83:23:17:0E:CA:05 32 | X509v3 Authority Key Identifier: 33 | keyid:70:46:49:1B:C2:71:2E:C0:50:D3:4B:18:58:8A:C4:10:1C:AE:B3:59 34 | 35 | Signature Algorithm: sha1WithRSAEncryption 36 | 86:ff:aa:35:31:07:ab:76:8d:44:3a:a6:63:40:ce:ac:13:56: 37 | c0:90:12:e1:23:af:0d:b9:16:88:48:7b:a1:00:85:6c:b8:32: 38 | 4d:ed:04:dc:32:05:e9:27:77:e1:1b:16:0b:8e:dc:23:fb:cd: 39 | fc:c7:63:27:35:bd:69:4d:45:ae:ab:b9:06:bb:a1:5e:b5:7e: 40 | 89:72:cc:fe:3e:90:3c:09:bc:e1:1c:b0:bf:c6:d2:40:61:a7: 41 | d6:20:9b:cd:e9:f5:d6:09:f3:1e:ee:6b:6e:d2:31:6e:0d:15: 42 | 8d:dd:9d:f7:8e:d9:96:df:42:7e:e2:0f:0d:37:f4:a8:ef:79: 43 | c1:88 44 | -----BEGIN CERTIFICATE----- 45 | MIICcjCCAdugAwIBAgIBCjANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJBVTET 46 | MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ 47 | dHkgTHRkMRMwEQYDVQQDDApzaWduaW5nIENBMB4XDTE0MDYwNzIwMTk0NVoXDTI0 48 | MDYwNDIwMTk0NVowRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx 49 | ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCBnzANBgkqhkiG9w0B 50 | AQEFAAOBjQAwgYkCgYEA5BPn8JeHYl/izHmyVXfXwri501G5cm8VE7WU51SOwRg3 51 | bNgLkFqkXaUOQnROfq3pNDenbeUwxkF7+IXpYYTM2IDyf69uIrwszicfSv02vByd 52 | 9V/ptJYPiDGPp204VKh+LBwccowvCwpxb9LVxqzp4Ol+ckZDoABgM2LXev8ef3cC 53 | AwEAAaNdMFswDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCBeAwHQYDVR0OBBYEFEr3 54 | 6OtXG6tJQSPoAmQjgyMXDsoFMB8GA1UdIwQYMBaAFHBGSRvCcS7AUNNLGFiKxBAc 55 | rrNZMA0GCSqGSIb3DQEBBQUAA4GBAIb/qjUxB6t2jUQ6pmNAzqwTVsCQEuEjrw25 56 | FohIe6EAhWy4Mk3tBNwyBeknd+EbFguO3CP7zfzHYyc1vWlNRa6ruQa7oV61foly 57 | zP4+kDwJvOEcsL/G0kBhp9Ygm83p9dYJ8x7ua27SMW4NFY3dnfeO2ZbfQn7iDw03 58 | 9KjvecGI 59 | -----END CERTIFICATE----- 60 | -------------------------------------------------------------------------------- /tests/testcertificates/intermediate/second/second-nonrepud.pem: -------------------------------------------------------------------------------- 1 | Certificate: 2 | Data: 3 | Version: 3 (0x2) 4 | Serial Number: 5 (0x5) 5 | Signature Algorithm: sha1WithRSAEncryption 6 | Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=signing CA 7 | Validity 8 | Not Before: Jun 7 15:12:35 2014 GMT 9 | Not After : Jun 4 15:12:35 2024 GMT 10 | Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=second.foobar.com 11 | Subject Public Key Info: 12 | Public Key Algorithm: rsaEncryption 13 | Public-Key: (1024 bit) 14 | Modulus: 15 | 00:e4:13:e7:f0:97:87:62:5f:e2:cc:79:b2:55:77: 16 | d7:c2:b8:b9:d3:51:b9:72:6f:15:13:b5:94:e7:54: 17 | 8e:c1:18:37:6c:d8:0b:90:5a:a4:5d:a5:0e:42:74: 18 | 4e:7e:ad:e9:34:37:a7:6d:e5:30:c6:41:7b:f8:85: 19 | e9:61:84:cc:d8:80:f2:7f:af:6e:22:bc:2c:ce:27: 20 | 1f:4a:fd:36:bc:1c:9d:f5:5f:e9:b4:96:0f:88:31: 21 | 8f:a7:6d:38:54:a8:7e:2c:1c:1c:72:8c:2f:0b:0a: 22 | 71:6f:d2:d5:c6:ac:e9:e0:e9:7e:72:46:43:a0:00: 23 | 60:33:62:d7:7a:ff:1e:7f:77 24 | Exponent: 65537 (0x10001) 25 | X509v3 extensions: 26 | X509v3 Basic Constraints: critical 27 | CA:FALSE 28 | X509v3 Key Usage: 29 | Non Repudiation 30 | X509v3 Subject Key Identifier: 31 | 4A:F7:E8:EB:57:1B:AB:49:41:23:E8:02:64:23:83:23:17:0E:CA:05 32 | X509v3 Authority Key Identifier: 33 | keyid:70:46:49:1B:C2:71:2E:C0:50:D3:4B:18:58:8A:C4:10:1C:AE:B3:59 34 | 35 | Signature Algorithm: sha1WithRSAEncryption 36 | a4:9d:d9:79:78:68:e8:e3:2f:ac:3b:25:6c:f3:05:8d:ab:08: 37 | 3a:ff:a9:85:4e:c2:77:df:38:56:50:d3:7a:77:1f:fd:53:f6: 38 | eb:f0:43:2f:39:61:d0:f6:1b:c8:3b:30:a4:53:c2:a4:eb:02: 39 | 02:ec:11:ee:d6:4c:e9:d5:25:2e:15:ce:e3:c5:9a:04:e3:00: 40 | 45:34:c5:26:69:b4:89:51:fa:41:f5:0a:5e:60:23:b7:ef:f7: 41 | 3e:c9:7a:94:57:31:b1:86:58:31:34:df:25:56:03:a2:3e:c9: 42 | 3f:db:43:58:39:c7:1a:a5:1f:d8:49:cc:09:96:da:0b:e7:21: 43 | b6:06 44 | -----BEGIN CERTIFICATE----- 45 | MIICjjCCAfegAwIBAgIBBTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJBVTET 46 | MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ 47 | dHkgTHRkMRMwEQYDVQQDDApzaWduaW5nIENBMB4XDTE0MDYwNzE1MTIzNVoXDTI0 48 | MDYwNDE1MTIzNVowYTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx 49 | ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEaMBgGA1UEAwwRc2Vj 50 | b25kLmZvb2Jhci5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOQT5/CX 51 | h2Jf4sx5slV318K4udNRuXJvFRO1lOdUjsEYN2zYC5BapF2lDkJ0Tn6t6TQ3p23l 52 | MMZBe/iF6WGEzNiA8n+vbiK8LM4nH0r9NrwcnfVf6bSWD4gxj6dtOFSofiwcHHKM 53 | LwsKcW/S1cas6eDpfnJGQ6AAYDNi13r/Hn93AgMBAAGjXTBbMAwGA1UdEwEB/wQC 54 | MAAwCwYDVR0PBAQDAgZAMB0GA1UdDgQWBBRK9+jrVxurSUEj6AJkI4MjFw7KBTAf 55 | BgNVHSMEGDAWgBRwRkkbwnEuwFDTSxhYisQQHK6zWTANBgkqhkiG9w0BAQUFAAOB 56 | gQCkndl5eGjo4y+sOyVs8wWNqwg6/6mFTsJ33zhWUNN6dx/9U/br8EMvOWHQ9hvI 57 | OzCkU8Kk6wIC7BHu1kzp1SUuFc7jxZoE4wBFNMUmabSJUfpB9QpeYCO37/c+yXqU 58 | VzGxhlgxNN8lVgOiPsk/20NYOccapR/YScwJltoL5yG2Bg== 59 | -----END CERTIFICATE----- 60 | -------------------------------------------------------------------------------- /tests/testcertificates/intermediate/second/second.pem: -------------------------------------------------------------------------------- 1 | Certificate: 2 | Data: 3 | Version: 3 (0x2) 4 | Serial Number: 1 (0x1) 5 | Signature Algorithm: sha1WithRSAEncryption 6 | Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=signing CA 7 | Validity 8 | Not Before: Jun 7 14:46:24 2014 GMT 9 | Not After : Jun 4 14:46:24 2024 GMT 10 | Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=second.foobar.com 11 | Subject Public Key Info: 12 | Public Key Algorithm: rsaEncryption 13 | Public-Key: (1024 bit) 14 | Modulus: 15 | 00:e4:13:e7:f0:97:87:62:5f:e2:cc:79:b2:55:77: 16 | d7:c2:b8:b9:d3:51:b9:72:6f:15:13:b5:94:e7:54: 17 | 8e:c1:18:37:6c:d8:0b:90:5a:a4:5d:a5:0e:42:74: 18 | 4e:7e:ad:e9:34:37:a7:6d:e5:30:c6:41:7b:f8:85: 19 | e9:61:84:cc:d8:80:f2:7f:af:6e:22:bc:2c:ce:27: 20 | 1f:4a:fd:36:bc:1c:9d:f5:5f:e9:b4:96:0f:88:31: 21 | 8f:a7:6d:38:54:a8:7e:2c:1c:1c:72:8c:2f:0b:0a: 22 | 71:6f:d2:d5:c6:ac:e9:e0:e9:7e:72:46:43:a0:00: 23 | 60:33:62:d7:7a:ff:1e:7f:77 24 | Exponent: 65537 (0x10001) 25 | X509v3 extensions: 26 | X509v3 Basic Constraints: critical 27 | CA:FALSE 28 | X509v3 Key Usage: 29 | Digital Signature, Non Repudiation, Key Encipherment 30 | X509v3 Subject Key Identifier: 31 | 4A:F7:E8:EB:57:1B:AB:49:41:23:E8:02:64:23:83:23:17:0E:CA:05 32 | X509v3 Authority Key Identifier: 33 | keyid:70:46:49:1B:C2:71:2E:C0:50:D3:4B:18:58:8A:C4:10:1C:AE:B3:59 34 | 35 | Signature Algorithm: sha1WithRSAEncryption 36 | ba:87:d8:55:8c:17:44:eb:c3:5b:9e:9a:d2:c7:78:d9:b0:00: 37 | 6e:a0:be:68:ed:a6:70:06:46:5b:79:f6:39:1b:d2:be:2d:d1: 38 | 22:4b:28:a7:4d:f5:53:f1:e1:10:c0:fd:11:47:cd:b0:0f:57: 39 | c0:4f:dc:c8:09:0d:77:01:2c:21:e4:37:99:69:81:cb:87:d1: 40 | 64:60:9e:92:56:9b:27:36:e9:e4:d8:5f:86:60:a8:d9:8f:0e: 41 | 75:b1:1a:ef:d7:3a:9b:59:04:2c:e4:7f:16:73:09:b1:86:91: 42 | 03:23:37:25:f3:4c:0a:77:3d:e1:f7:0e:29:35:c1:64:4d:e2: 43 | 62:bb 44 | -----BEGIN CERTIFICATE----- 45 | MIICjjCCAfegAwIBAgIBATANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJBVTET 46 | MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ 47 | dHkgTHRkMRMwEQYDVQQDDApzaWduaW5nIENBMB4XDTE0MDYwNzE0NDYyNFoXDTI0 48 | MDYwNDE0NDYyNFowYTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx 49 | ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEaMBgGA1UEAwwRc2Vj 50 | b25kLmZvb2Jhci5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOQT5/CX 51 | h2Jf4sx5slV318K4udNRuXJvFRO1lOdUjsEYN2zYC5BapF2lDkJ0Tn6t6TQ3p23l 52 | MMZBe/iF6WGEzNiA8n+vbiK8LM4nH0r9NrwcnfVf6bSWD4gxj6dtOFSofiwcHHKM 53 | LwsKcW/S1cas6eDpfnJGQ6AAYDNi13r/Hn93AgMBAAGjXTBbMAwGA1UdEwEB/wQC 54 | MAAwCwYDVR0PBAQDAgXgMB0GA1UdDgQWBBRK9+jrVxurSUEj6AJkI4MjFw7KBTAf 55 | BgNVHSMEGDAWgBRwRkkbwnEuwFDTSxhYisQQHK6zWTANBgkqhkiG9w0BAQUFAAOB 56 | gQC6h9hVjBdE68NbnprSx3jZsABuoL5o7aZwBkZbefY5G9K+LdEiSyinTfVT8eEQ 57 | wP0RR82wD1fAT9zICQ13ASwh5DeZaYHLh9FkYJ6SVpsnNunk2F+GYKjZjw51sRrv 58 | 1zqbWQQs5H8WcwmxhpEDIzcl80wKdz3h9w4pNcFkTeJiuw== 59 | -----END CERTIFICATE----- 60 | -------------------------------------------------------------------------------- /tests/testcertificates/intermediate/second/second-bc-true.pem: -------------------------------------------------------------------------------- 1 | Certificate: 2 | Data: 3 | Version: 3 (0x2) 4 | Serial Number: 2 (0x2) 5 | Signature Algorithm: sha1WithRSAEncryption 6 | Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=signing CA 7 | Validity 8 | Not Before: Jun 7 15:09:33 2014 GMT 9 | Not After : Jun 4 15:09:33 2024 GMT 10 | Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=second.foobar.com 11 | Subject Public Key Info: 12 | Public Key Algorithm: rsaEncryption 13 | Public-Key: (1024 bit) 14 | Modulus: 15 | 00:e4:13:e7:f0:97:87:62:5f:e2:cc:79:b2:55:77: 16 | d7:c2:b8:b9:d3:51:b9:72:6f:15:13:b5:94:e7:54: 17 | 8e:c1:18:37:6c:d8:0b:90:5a:a4:5d:a5:0e:42:74: 18 | 4e:7e:ad:e9:34:37:a7:6d:e5:30:c6:41:7b:f8:85: 19 | e9:61:84:cc:d8:80:f2:7f:af:6e:22:bc:2c:ce:27: 20 | 1f:4a:fd:36:bc:1c:9d:f5:5f:e9:b4:96:0f:88:31: 21 | 8f:a7:6d:38:54:a8:7e:2c:1c:1c:72:8c:2f:0b:0a: 22 | 71:6f:d2:d5:c6:ac:e9:e0:e9:7e:72:46:43:a0:00: 23 | 60:33:62:d7:7a:ff:1e:7f:77 24 | Exponent: 65537 (0x10001) 25 | X509v3 extensions: 26 | X509v3 Basic Constraints: critical 27 | CA:TRUE 28 | X509v3 Key Usage: 29 | Digital Signature, Non Repudiation, Key Encipherment 30 | X509v3 Subject Key Identifier: 31 | 4A:F7:E8:EB:57:1B:AB:49:41:23:E8:02:64:23:83:23:17:0E:CA:05 32 | X509v3 Authority Key Identifier: 33 | keyid:70:46:49:1B:C2:71:2E:C0:50:D3:4B:18:58:8A:C4:10:1C:AE:B3:59 34 | 35 | Signature Algorithm: sha1WithRSAEncryption 36 | 5d:9d:36:2b:33:c8:43:c8:78:13:10:c7:a8:7f:ac:60:f6:19: 37 | 46:36:24:8b:8e:db:20:00:b5:f8:c7:a5:ac:49:56:a6:e1:e6: 38 | dd:fd:07:10:44:2b:aa:42:f5:76:56:81:86:3d:74:53:03:24: 39 | e0:9a:6e:d7:e6:3c:d7:31:87:82:2a:72:fc:67:8f:0e:5a:3b: 40 | 05:c9:5c:52:61:6d:a0:4d:78:ba:8d:97:a5:4c:e1:a6:07:43: 41 | 61:81:c5:94:84:37:47:91:aa:13:b6:57:19:af:57:8d:82:8a: 42 | 50:eb:cc:07:76:cb:1b:35:c3:db:98:2d:ab:d6:cf:d2:c3:a8: 43 | e5:1b 44 | -----BEGIN CERTIFICATE----- 45 | MIICkTCCAfqgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJBVTET 46 | MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ 47 | dHkgTHRkMRMwEQYDVQQDDApzaWduaW5nIENBMB4XDTE0MDYwNzE1MDkzM1oXDTI0 48 | MDYwNDE1MDkzM1owYTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx 49 | ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEaMBgGA1UEAwwRc2Vj 50 | b25kLmZvb2Jhci5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOQT5/CX 51 | h2Jf4sx5slV318K4udNRuXJvFRO1lOdUjsEYN2zYC5BapF2lDkJ0Tn6t6TQ3p23l 52 | MMZBe/iF6WGEzNiA8n+vbiK8LM4nH0r9NrwcnfVf6bSWD4gxj6dtOFSofiwcHHKM 53 | LwsKcW/S1cas6eDpfnJGQ6AAYDNi13r/Hn93AgMBAAGjYDBeMA8GA1UdEwEB/wQF 54 | MAMBAf8wCwYDVR0PBAQDAgXgMB0GA1UdDgQWBBRK9+jrVxurSUEj6AJkI4MjFw7K 55 | BTAfBgNVHSMEGDAWgBRwRkkbwnEuwFDTSxhYisQQHK6zWTANBgkqhkiG9w0BAQUF 56 | AAOBgQBdnTYrM8hDyHgTEMeof6xg9hlGNiSLjtsgALX4x6WsSVam4ebd/QcQRCuq 57 | QvV2VoGGPXRTAyTgmm7X5jzXMYeCKnL8Z48OWjsFyVxSYW2gTXi6jZelTOGmB0Nh 58 | gcWUhDdHkaoTtlcZr1eNgopQ68wHdssbNcPbmC2r1s/Sw6jlGw== 59 | -----END CERTIFICATE----- 60 | -------------------------------------------------------------------------------- /tests/testcertificates/intermediate/cacert-timestamp.pem: -------------------------------------------------------------------------------- 1 | Certificate: 2 | Data: 3 | Version: 3 (0x2) 4 | Serial Number: 17 (0x11) 5 | Signature Algorithm: sha1WithRSAEncryption 6 | Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd 7 | Validity 8 | Not Before: Jun 7 15:05:04 2014 GMT 9 | Not After : Jun 4 15:05:04 2024 GMT 10 | Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=signing CA 11 | Subject Public Key Info: 12 | Public Key Algorithm: rsaEncryption 13 | Public-Key: (1024 bit) 14 | Modulus: 15 | 00:ca:53:26:f9:ea:f4:1b:8a:70:c0:8c:17:17:c4: 16 | af:69:61:7a:62:8f:79:81:9e:16:9c:22:5c:64:25: 17 | fa:b3:be:bd:d1:84:98:7b:06:18:35:92:3a:c6:4b: 18 | 77:b4:90:61:6d:e1:6e:e9:bd:0a:72:a7:fb:27:51: 19 | ac:c6:43:5f:b9:60:41:a7:af:28:ff:6b:62:6a:ff: 20 | 54:16:06:84:48:94:4e:26:fe:bb:2b:f3:b2:8a:be: 21 | a2:a1:88:d1:4c:89:8e:29:60:41:9f:16:55:31:55: 22 | 86:c0:90:f4:b0:5e:63:7d:18:d8:d9:fb:0a:f3:df: 23 | 92:90:b1:78:e6:2e:c8:09:15 24 | Exponent: 65537 (0x10001) 25 | X509v3 extensions: 26 | X509v3 Subject Key Identifier: 27 | 70:46:49:1B:C2:71:2E:C0:50:D3:4B:18:58:8A:C4:10:1C:AE:B3:59 28 | X509v3 Authority Key Identifier: 29 | keyid:9F:73:10:61:42:11:4D:82:CA:F0:FF:37:E9:17:C3:20:C8:DB:1E:4A 30 | 31 | X509v3 Basic Constraints: critical 32 | CA:TRUE 33 | X509v3 Key Usage: 34 | Certificate Sign, CRL Sign 35 | X509v3 Extended Key Usage: 36 | Time Stamping 37 | Signature Algorithm: sha1WithRSAEncryption 38 | a4:df:66:b2:ac:06:4d:0a:2d:68:77:8e:a0:cd:10:cb:de:f5: 39 | 38:46:99:b8:ee:2e:cb:e0:56:c7:67:4a:8b:a9:28:1b:9d:50: 40 | bc:c9:c2:7f:98:45:17:2a:cf:f1:be:2b:bc:e9:03:e8:b7:97: 41 | d6:d5:15:d2:87:1f:03:8b:02:b3:8f:62:5d:55:7e:27:4c:c9: 42 | a7:bd:ed:5d:e2:c6:fc:d5:d9:88:cc:b0:71:c9:36:61:d7:d8: 43 | 28:95:e7:45:e3:7e:e9:d5:5f:af:1f:a0:51:02:34:b9:21:19: 44 | b0:7b:d5:c5:8e:72:97:33:cc:96:14:93:ef:b3:95:db:c0:d0: 45 | 57:0b 46 | -----BEGIN CERTIFICATE----- 47 | MIICijCCAfOgAwIBAgIBETANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJBVTET 48 | MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ 49 | dHkgTHRkMB4XDTE0MDYwNzE1MDUwNFoXDTI0MDYwNDE1MDUwNFowWjELMAkGA1UE 50 | BhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdp 51 | ZGdpdHMgUHR5IEx0ZDETMBEGA1UEAwwKc2lnbmluZyBDQTCBnzANBgkqhkiG9w0B 52 | AQEFAAOBjQAwgYkCgYEAylMm+er0G4pwwIwXF8SvaWF6Yo95gZ4WnCJcZCX6s769 53 | 0YSYewYYNZI6xkt3tJBhbeFu6b0Kcqf7J1GsxkNfuWBBp68o/2tiav9UFgaESJRO 54 | Jv67K/Oyir6ioYjRTImOKWBBnxZVMVWGwJD0sF5jfRjY2fsK89+SkLF45i7ICRUC 55 | AwEAAaN1MHMwHQYDVR0OBBYEFHBGSRvCcS7AUNNLGFiKxBAcrrNZMB8GA1UdIwQY 56 | MBaAFJ9zEGFCEU2CyvD/N+kXwyDI2x5KMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0P 57 | BAQDAgEGMBMGA1UdJQQMMAoGCCsGAQUFBwMIMA0GCSqGSIb3DQEBBQUAA4GBAKTf 58 | ZrKsBk0KLWh3jqDNEMve9ThGmbjuLsvgVsdnSoupKBudULzJwn+YRRcqz/G+K7zp 59 | A+i3l9bVFdKHHwOLArOPYl1VfidMyae97V3ixvzV2YjMsHHJNmHX2CiV50XjfunV 60 | X68foFECNLkhGbB71cWOcpczzJYUk++zldvA0FcL 61 | -----END CERTIFICATE----- 62 | -------------------------------------------------------------------------------- /tests/testcertificates/first/first-unknown-extension.pem: -------------------------------------------------------------------------------- 1 | Certificate: 2 | Data: 3 | Version: 3 (0x2) 4 | Serial Number: 3 (0x3) 5 | Signature Algorithm: sha1WithRSAEncryption 6 | Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd 7 | Validity 8 | Not Before: Jun 6 17:20:25 2014 GMT 9 | Not After : Jun 3 17:20:25 2024 GMT 10 | Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=foobar.com 11 | Subject Public Key Info: 12 | Public Key Algorithm: rsaEncryption 13 | Public-Key: (1024 bit) 14 | Modulus: 15 | 00:e4:13:e7:f0:97:87:62:5f:e2:cc:79:b2:55:77: 16 | d7:c2:b8:b9:d3:51:b9:72:6f:15:13:b5:94:e7:54: 17 | 8e:c1:18:37:6c:d8:0b:90:5a:a4:5d:a5:0e:42:74: 18 | 4e:7e:ad:e9:34:37:a7:6d:e5:30:c6:41:7b:f8:85: 19 | e9:61:84:cc:d8:80:f2:7f:af:6e:22:bc:2c:ce:27: 20 | 1f:4a:fd:36:bc:1c:9d:f5:5f:e9:b4:96:0f:88:31: 21 | 8f:a7:6d:38:54:a8:7e:2c:1c:1c:72:8c:2f:0b:0a: 22 | 71:6f:d2:d5:c6:ac:e9:e0:e9:7e:72:46:43:a0:00: 23 | 60:33:62:d7:7a:ff:1e:7f:77 24 | Exponent: 65537 (0x10001) 25 | X509v3 extensions: 26 | X509v3 Basic Constraints: 27 | CA:FALSE 28 | X509v3 Key Usage: 29 | Digital Signature, Non Repudiation, Key Encipherment 30 | X509v3 Subject Key Identifier: 31 | 4A:F7:E8:EB:57:1B:AB:49:41:23:E8:02:64:23:83:23:17:0E:CA:05 32 | X509v3 Authority Key Identifier: 33 | keyid:9F:73:10:61:42:11:4D:82:CA:F0:FF:37:E9:17:C3:20:C8:DB:1E:4A 34 | 35 | 1.2.3.4: 36 | ..Some random data 37 | Signature Algorithm: sha1WithRSAEncryption 38 | b7:2d:23:88:43:67:46:46:61:df:b8:04:cc:db:54:71:2a:56: 39 | 37:47:13:78:9e:c6:7f:ee:4a:3e:be:41:c9:74:ac:ea:14:e7: 40 | ff:20:4e:92:72:96:e7:72:a2:65:af:ee:6c:d0:d3:d6:f4:24: 41 | 38:e7:e9:b2:ff:40:3e:a1:9b:51:41:b2:2a:55:66:56:c0:fb: 42 | 43:cf:94:7f:b7:d4:0f:9b:61:8b:48:31:f5:49:11:c0:77:af: 43 | a0:6e:57:5c:43:fb:e4:15:90:f2:e3:83:9b:e3:fb:7b:5f:8d: 44 | 88:bc:ce:ab:f3:8f:a6:c6:d8:57:04:65:04:2b:cc:8c:98:9d: 45 | a1:9a 46 | -----BEGIN CERTIFICATE----- 47 | MIICijCCAfOgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJBVTET 48 | MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ 49 | dHkgTHRkMB4XDTE0MDYwNjE3MjAyNVoXDTI0MDYwMzE3MjAyNVowWjELMAkGA1UE 50 | BhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdp 51 | ZGdpdHMgUHR5IEx0ZDETMBEGA1UEAwwKZm9vYmFyLmNvbTCBnzANBgkqhkiG9w0B 52 | AQEFAAOBjQAwgYkCgYEA5BPn8JeHYl/izHmyVXfXwri501G5cm8VE7WU51SOwRg3 53 | bNgLkFqkXaUOQnROfq3pNDenbeUwxkF7+IXpYYTM2IDyf69uIrwszicfSv02vByd 54 | 9V/ptJYPiDGPp204VKh+LBwccowvCwpxb9LVxqzp4Ol+ckZDoABgM2LXev8ef3cC 55 | AwEAAaN1MHMwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwHQYDVR0OBBYEFEr36OtX 56 | G6tJQSPoAmQjgyMXDsoFMB8GA1UdIwQYMBaAFJ9zEGFCEU2CyvD/N+kXwyDI2x5K 57 | MBkGAyoDBAQSDBBTb21lIHJhbmRvbSBkYXRhMA0GCSqGSIb3DQEBBQUAA4GBALct 58 | I4hDZ0ZGYd+4BMzbVHEqVjdHE3iexn/uSj6+Qcl0rOoU5/8gTpJyludyomWv7mzQ 59 | 09b0JDjn6bL/QD6hm1FBsipVZlbA+0PPlH+31A+bYYtIMfVJEcB3r6BuV1xD++QV 60 | kPLjg5vj+3tfjYi8zqvzj6bG2FcEZQQrzIyYnaGa 61 | -----END CERTIFICATE----- 62 | -------------------------------------------------------------------------------- /tests/testcertificates/intermediate/cacert-any-ext.pem: -------------------------------------------------------------------------------- 1 | Certificate: 2 | Data: 3 | Version: 3 (0x2) 4 | Serial Number: 19 (0x13) 5 | Signature Algorithm: sha1WithRSAEncryption 6 | Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd 7 | Validity 8 | Not Before: Jun 7 15:06:35 2014 GMT 9 | Not After : Jun 4 15:06:35 2024 GMT 10 | Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=signing CA 11 | Subject Public Key Info: 12 | Public Key Algorithm: rsaEncryption 13 | Public-Key: (1024 bit) 14 | Modulus: 15 | 00:ca:53:26:f9:ea:f4:1b:8a:70:c0:8c:17:17:c4: 16 | af:69:61:7a:62:8f:79:81:9e:16:9c:22:5c:64:25: 17 | fa:b3:be:bd:d1:84:98:7b:06:18:35:92:3a:c6:4b: 18 | 77:b4:90:61:6d:e1:6e:e9:bd:0a:72:a7:fb:27:51: 19 | ac:c6:43:5f:b9:60:41:a7:af:28:ff:6b:62:6a:ff: 20 | 54:16:06:84:48:94:4e:26:fe:bb:2b:f3:b2:8a:be: 21 | a2:a1:88:d1:4c:89:8e:29:60:41:9f:16:55:31:55: 22 | 86:c0:90:f4:b0:5e:63:7d:18:d8:d9:fb:0a:f3:df: 23 | 92:90:b1:78:e6:2e:c8:09:15 24 | Exponent: 65537 (0x10001) 25 | X509v3 extensions: 26 | X509v3 Subject Key Identifier: 27 | 70:46:49:1B:C2:71:2E:C0:50:D3:4B:18:58:8A:C4:10:1C:AE:B3:59 28 | X509v3 Authority Key Identifier: 29 | keyid:9F:73:10:61:42:11:4D:82:CA:F0:FF:37:E9:17:C3:20:C8:DB:1E:4A 30 | 31 | X509v3 Basic Constraints: critical 32 | CA:TRUE 33 | X509v3 Key Usage: 34 | Certificate Sign, CRL Sign 35 | X509v3 Extended Key Usage: 36 | Any Extended Key Usage 37 | Signature Algorithm: sha1WithRSAEncryption 38 | 5b:69:22:ab:5a:ae:15:d8:a3:35:ff:66:fc:c8:44:25:a3:c2: 39 | 32:26:b2:b8:68:29:30:97:52:a1:31:1f:86:e0:97:6c:00:98: 40 | 75:1f:e8:3d:66:bd:9f:7f:51:e8:3f:d0:28:10:1c:0a:0b:3b: 41 | 8a:69:a8:30:c9:14:22:92:fa:09:bb:04:ab:15:6b:6e:89:14: 42 | 63:26:7b:e3:6d:3d:f3:94:f3:16:9d:25:7f:d6:70:af:fa:99: 43 | f4:a4:38:1e:47:69:87:e1:5c:80:b7:0f:34:36:e2:ba:35:c3: 44 | f0:c3:02:90:16:b5:be:22:84:6e:1e:83:8c:91:55:62:40:23: 45 | 71:c5 46 | -----BEGIN CERTIFICATE----- 47 | MIIChjCCAe+gAwIBAgIBEzANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJBVTET 48 | MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ 49 | dHkgTHRkMB4XDTE0MDYwNzE1MDYzNVoXDTI0MDYwNDE1MDYzNVowWjELMAkGA1UE 50 | BhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdp 51 | ZGdpdHMgUHR5IEx0ZDETMBEGA1UEAwwKc2lnbmluZyBDQTCBnzANBgkqhkiG9w0B 52 | AQEFAAOBjQAwgYkCgYEAylMm+er0G4pwwIwXF8SvaWF6Yo95gZ4WnCJcZCX6s769 53 | 0YSYewYYNZI6xkt3tJBhbeFu6b0Kcqf7J1GsxkNfuWBBp68o/2tiav9UFgaESJRO 54 | Jv67K/Oyir6ioYjRTImOKWBBnxZVMVWGwJD0sF5jfRjY2fsK89+SkLF45i7ICRUC 55 | AwEAAaNxMG8wHQYDVR0OBBYEFHBGSRvCcS7AUNNLGFiKxBAcrrNZMB8GA1UdIwQY 56 | MBaAFJ9zEGFCEU2CyvD/N+kXwyDI2x5KMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0P 57 | BAQDAgEGMA8GA1UdJQQIMAYGBFUdJQAwDQYJKoZIhvcNAQEFBQADgYEAW2kiq1qu 58 | FdijNf9m/MhEJaPCMiayuGgpMJdSoTEfhuCXbACYdR/oPWa9n39R6D/QKBAcCgs7 59 | immoMMkUIpL6CbsEqxVrbokUYyZ7420985TzFp0lf9Zwr/qZ9KQ4Hkdph+FcgLcP 60 | NDbiujXD8MMCkBa1viKEbh6DjJFVYkAjccU= 61 | -----END CERTIFICATE----- 62 | -------------------------------------------------------------------------------- /tests/testcertificates/intermediate/cacert-unknown.pem: -------------------------------------------------------------------------------- 1 | Certificate: 2 | Data: 3 | Version: 3 (0x2) 4 | Serial Number: 20 (0x14) 5 | Signature Algorithm: sha1WithRSAEncryption 6 | Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd 7 | Validity 8 | Not Before: Jun 7 15:07:08 2014 GMT 9 | Not After : Jun 4 15:07:08 2024 GMT 10 | Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=signing CA 11 | Subject Public Key Info: 12 | Public Key Algorithm: rsaEncryption 13 | Public-Key: (1024 bit) 14 | Modulus: 15 | 00:ca:53:26:f9:ea:f4:1b:8a:70:c0:8c:17:17:c4: 16 | af:69:61:7a:62:8f:79:81:9e:16:9c:22:5c:64:25: 17 | fa:b3:be:bd:d1:84:98:7b:06:18:35:92:3a:c6:4b: 18 | 77:b4:90:61:6d:e1:6e:e9:bd:0a:72:a7:fb:27:51: 19 | ac:c6:43:5f:b9:60:41:a7:af:28:ff:6b:62:6a:ff: 20 | 54:16:06:84:48:94:4e:26:fe:bb:2b:f3:b2:8a:be: 21 | a2:a1:88:d1:4c:89:8e:29:60:41:9f:16:55:31:55: 22 | 86:c0:90:f4:b0:5e:63:7d:18:d8:d9:fb:0a:f3:df: 23 | 92:90:b1:78:e6:2e:c8:09:15 24 | Exponent: 65537 (0x10001) 25 | X509v3 extensions: 26 | X509v3 Subject Key Identifier: 27 | 70:46:49:1B:C2:71:2E:C0:50:D3:4B:18:58:8A:C4:10:1C:AE:B3:59 28 | X509v3 Authority Key Identifier: 29 | keyid:9F:73:10:61:42:11:4D:82:CA:F0:FF:37:E9:17:C3:20:C8:DB:1E:4A 30 | 31 | X509v3 Basic Constraints: critical 32 | CA:TRUE 33 | X509v3 Key Usage: 34 | Certificate Sign, CRL Sign 35 | 1.2.3.4: critical 36 | ..Some random data 37 | Signature Algorithm: sha1WithRSAEncryption 38 | 8f:f1:30:c0:f0:33:18:2f:09:bc:cc:70:4b:f5:9a:e5:7c:33: 39 | d7:39:5a:af:bc:10:f9:b4:bf:ce:b5:07:67:26:87:b3:31:67: 40 | ce:41:a3:23:ba:51:85:10:dd:41:2d:e0:16:a0:a3:d0:0c:89: 41 | 92:d0:a8:bc:a9:b2:73:ca:7e:0a:4b:2c:ff:66:f7:61:75:43: 42 | f1:07:32:6b:ec:61:76:35:8c:4d:08:e8:18:d4:ce:75:3e:25: 43 | 1f:cc:0f:66:a0:c4:25:cb:6a:f1:04:da:ad:e6:e7:0a:62:f4: 44 | a5:88:de:ca:70:12:a1:33:05:85:e2:ea:27:97:ac:7d:ef:f8: 45 | 0b:9c 46 | -----BEGIN CERTIFICATE----- 47 | MIICkzCCAfygAwIBAgIBFDANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJBVTET 48 | MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ 49 | dHkgTHRkMB4XDTE0MDYwNzE1MDcwOFoXDTI0MDYwNDE1MDcwOFowWjELMAkGA1UE 50 | BhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdp 51 | ZGdpdHMgUHR5IEx0ZDETMBEGA1UEAwwKc2lnbmluZyBDQTCBnzANBgkqhkiG9w0B 52 | AQEFAAOBjQAwgYkCgYEAylMm+er0G4pwwIwXF8SvaWF6Yo95gZ4WnCJcZCX6s769 53 | 0YSYewYYNZI6xkt3tJBhbeFu6b0Kcqf7J1GsxkNfuWBBp68o/2tiav9UFgaESJRO 54 | Jv67K/Oyir6ioYjRTImOKWBBnxZVMVWGwJD0sF5jfRjY2fsK89+SkLF45i7ICRUC 55 | AwEAAaN+MHwwHQYDVR0OBBYEFHBGSRvCcS7AUNNLGFiKxBAcrrNZMB8GA1UdIwQY 56 | MBaAFJ9zEGFCEU2CyvD/N+kXwyDI2x5KMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0P 57 | BAQDAgEGMBwGAyoDBAEB/wQSDBBTb21lIHJhbmRvbSBkYXRhMA0GCSqGSIb3DQEB 58 | BQUAA4GBAI/xMMDwMxgvCbzMcEv1muV8M9c5Wq+8EPm0v861B2cmh7MxZ85BoyO6 59 | UYUQ3UEt4Bago9AMiZLQqLypsnPKfgpLLP9m92F1Q/EHMmvsYXY1jE0I6BjUznU+ 60 | JR/MD2agxCXLavEE2q3m5wpi9KWI3spwEqEzBYXi6ieXrH3v+Auc 61 | -----END CERTIFICATE----- 62 | -------------------------------------------------------------------------------- /tests/testcertificates/first/first-wildcard-subjaltname.pem: -------------------------------------------------------------------------------- 1 | Certificate: 2 | Data: 3 | Version: 3 (0x2) 4 | Serial Number: 5 (0x5) 5 | Signature Algorithm: sha1WithRSAEncryption 6 | Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd 7 | Validity 8 | Not Before: Jun 6 17:21:48 2014 GMT 9 | Not After : Jun 3 17:21:48 2024 GMT 10 | Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=www.foobar.com 11 | Subject Public Key Info: 12 | Public Key Algorithm: rsaEncryption 13 | Public-Key: (1024 bit) 14 | Modulus: 15 | 00:e4:13:e7:f0:97:87:62:5f:e2:cc:79:b2:55:77: 16 | d7:c2:b8:b9:d3:51:b9:72:6f:15:13:b5:94:e7:54: 17 | 8e:c1:18:37:6c:d8:0b:90:5a:a4:5d:a5:0e:42:74: 18 | 4e:7e:ad:e9:34:37:a7:6d:e5:30:c6:41:7b:f8:85: 19 | e9:61:84:cc:d8:80:f2:7f:af:6e:22:bc:2c:ce:27: 20 | 1f:4a:fd:36:bc:1c:9d:f5:5f:e9:b4:96:0f:88:31: 21 | 8f:a7:6d:38:54:a8:7e:2c:1c:1c:72:8c:2f:0b:0a: 22 | 71:6f:d2:d5:c6:ac:e9:e0:e9:7e:72:46:43:a0:00: 23 | 60:33:62:d7:7a:ff:1e:7f:77 24 | Exponent: 65537 (0x10001) 25 | X509v3 extensions: 26 | X509v3 Basic Constraints: 27 | CA:FALSE 28 | X509v3 Key Usage: 29 | Digital Signature, Non Repudiation, Key Encipherment 30 | X509v3 Subject Key Identifier: 31 | 4A:F7:E8:EB:57:1B:AB:49:41:23:E8:02:64:23:83:23:17:0E:CA:05 32 | X509v3 Authority Key Identifier: 33 | keyid:9F:73:10:61:42:11:4D:82:CA:F0:FF:37:E9:17:C3:20:C8:DB:1E:4A 34 | 35 | X509v3 Subject Alternative Name: 36 | DNS:*.foobar.com 37 | Signature Algorithm: sha1WithRSAEncryption 38 | be:5b:6d:d0:3d:c6:8c:1c:9f:ae:dc:2e:ca:78:8a:55:dd:01: 39 | 34:62:2d:9c:2b:ae:ac:68:5d:97:2d:8c:5e:f8:44:2d:89:f9: 40 | 84:79:94:67:75:13:f1:b4:fa:f2:21:ab:e3:59:15:a4:1c:0e: 41 | 9b:17:51:e4:b0:98:22:d9:33:c1:ef:06:88:f5:f4:78:76:92: 42 | c2:e0:99:ff:d7:24:ef:26:a7:33:8c:1e:7c:56:8b:b5:3a:93: 43 | 6c:3e:00:cb:b6:db:4c:51:5d:9c:0d:94:7f:0f:79:e6:d0:dc: 44 | 1b:18:ab:b1:74:6d:b1:72:76:fb:e8:89:00:d1:f7:99:cb:e3: 45 | d8:77 46 | -----BEGIN CERTIFICATE----- 47 | MIICjDCCAfWgAwIBAgIBBTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJBVTET 48 | MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ 49 | dHkgTHRkMB4XDTE0MDYwNjE3MjE0OFoXDTI0MDYwMzE3MjE0OFowXjELMAkGA1UE 50 | BhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdp 51 | ZGdpdHMgUHR5IEx0ZDEXMBUGA1UEAwwOd3d3LmZvb2Jhci5jb20wgZ8wDQYJKoZI 52 | hvcNAQEBBQADgY0AMIGJAoGBAOQT5/CXh2Jf4sx5slV318K4udNRuXJvFRO1lOdU 53 | jsEYN2zYC5BapF2lDkJ0Tn6t6TQ3p23lMMZBe/iF6WGEzNiA8n+vbiK8LM4nH0r9 54 | NrwcnfVf6bSWD4gxj6dtOFSofiwcHHKMLwsKcW/S1cas6eDpfnJGQ6AAYDNi13r/ 55 | Hn93AgMBAAGjczBxMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXgMB0GA1UdDgQWBBRK 56 | 9+jrVxurSUEj6AJkI4MjFw7KBTAfBgNVHSMEGDAWgBSfcxBhQhFNgsrw/zfpF8Mg 57 | yNseSjAXBgNVHREEEDAOggwqLmZvb2Jhci5jb20wDQYJKoZIhvcNAQEFBQADgYEA 58 | vltt0D3GjByfrtwuyniKVd0BNGItnCuurGhdly2MXvhELYn5hHmUZ3UT8bT68iGr 59 | 41kVpBwOmxdR5LCYItkzwe8GiPX0eHaSwuCZ/9ck7yanM4wefFaLtTqTbD4Ay7bb 60 | TFFdnA2Ufw955tDcGxirsXRtsXJ2++iJANH3mcvj2Hc= 61 | -----END CERTIFICATE----- 62 | -------------------------------------------------------------------------------- /tests/testcertificates/first/first-keyusage-and-timestamping.pem: -------------------------------------------------------------------------------- 1 | Certificate: 2 | Data: 3 | Version: 3 (0x2) 4 | Serial Number: 14 (0xe) 5 | Signature Algorithm: sha1WithRSAEncryption 6 | Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd 7 | Validity 8 | Not Before: Jun 7 14:36:13 2014 GMT 9 | Not After : Jun 4 14:36:13 2024 GMT 10 | Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=ext.foobar.com 11 | Subject Public Key Info: 12 | Public Key Algorithm: rsaEncryption 13 | Public-Key: (1024 bit) 14 | Modulus: 15 | 00:e4:13:e7:f0:97:87:62:5f:e2:cc:79:b2:55:77: 16 | d7:c2:b8:b9:d3:51:b9:72:6f:15:13:b5:94:e7:54: 17 | 8e:c1:18:37:6c:d8:0b:90:5a:a4:5d:a5:0e:42:74: 18 | 4e:7e:ad:e9:34:37:a7:6d:e5:30:c6:41:7b:f8:85: 19 | e9:61:84:cc:d8:80:f2:7f:af:6e:22:bc:2c:ce:27: 20 | 1f:4a:fd:36:bc:1c:9d:f5:5f:e9:b4:96:0f:88:31: 21 | 8f:a7:6d:38:54:a8:7e:2c:1c:1c:72:8c:2f:0b:0a: 22 | 71:6f:d2:d5:c6:ac:e9:e0:e9:7e:72:46:43:a0:00: 23 | 60:33:62:d7:7a:ff:1e:7f:77 24 | Exponent: 65537 (0x10001) 25 | X509v3 extensions: 26 | X509v3 Basic Constraints: critical 27 | CA:FALSE 28 | X509v3 Key Usage: 29 | Digital Signature, Non Repudiation, Key Encipherment 30 | X509v3 Extended Key Usage: 31 | Time Stamping 32 | X509v3 Subject Key Identifier: 33 | 4A:F7:E8:EB:57:1B:AB:49:41:23:E8:02:64:23:83:23:17:0E:CA:05 34 | X509v3 Authority Key Identifier: 35 | keyid:9F:73:10:61:42:11:4D:82:CA:F0:FF:37:E9:17:C3:20:C8:DB:1E:4A 36 | 37 | Signature Algorithm: sha1WithRSAEncryption 38 | aa:94:49:20:a4:23:a8:ff:c1:0f:0c:18:e4:23:c9:04:ed:b6: 39 | 2f:f5:6f:8a:89:4b:37:ca:18:e7:8b:27:d9:7a:fa:9b:fe:d9: 40 | 5f:f1:00:2b:bc:f7:cd:32:b8:00:8b:37:4d:c1:6f:20:08:b7: 41 | 68:76:fe:39:d8:cd:e1:3c:cb:fe:c6:e8:6e:e2:39:08:d9:fa: 42 | 47:01:82:ab:84:56:fa:48:a8:f6:dc:a5:dd:18:34:35:d4:60: 43 | b0:50:22:3a:da:38:64:bd:9b:c5:55:e2:75:41:82:13:bd:5f: 44 | b8:36:dc:21:d6:1c:a1:63:c0:c6:2f:c5:4c:4f:18:6d:6e:36: 45 | 3b:5b 46 | -----BEGIN CERTIFICATE----- 47 | MIICizCCAfSgAwIBAgIBDjANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJBVTET 48 | MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ 49 | dHkgTHRkMB4XDTE0MDYwNzE0MzYxM1oXDTI0MDYwNDE0MzYxM1owXjELMAkGA1UE 50 | BhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdp 51 | ZGdpdHMgUHR5IEx0ZDEXMBUGA1UEAwwOZXh0LmZvb2Jhci5jb20wgZ8wDQYJKoZI 52 | hvcNAQEBBQADgY0AMIGJAoGBAOQT5/CXh2Jf4sx5slV318K4udNRuXJvFRO1lOdU 53 | jsEYN2zYC5BapF2lDkJ0Tn6t6TQ3p23lMMZBe/iF6WGEzNiA8n+vbiK8LM4nH0r9 54 | NrwcnfVf6bSWD4gxj6dtOFSofiwcHHKMLwsKcW/S1cas6eDpfnJGQ6AAYDNi13r/ 55 | Hn93AgMBAAGjcjBwMAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgXgMBMGA1UdJQQM 56 | MAoGCCsGAQUFBwMIMB0GA1UdDgQWBBRK9+jrVxurSUEj6AJkI4MjFw7KBTAfBgNV 57 | HSMEGDAWgBSfcxBhQhFNgsrw/zfpF8MgyNseSjANBgkqhkiG9w0BAQUFAAOBgQCq 58 | lEkgpCOo/8EPDBjkI8kE7bYv9W+KiUs3yhjniyfZevqb/tlf8QArvPfNMrgAizdN 59 | wW8gCLdodv452M3hPMv+xuhu4jkI2fpHAYKrhFb6SKj23KXdGDQ11GCwUCI62jhk 60 | vZvFVeJ1QYITvV+4Ntwh1hyhY8DGL8VMTxhtbjY7Ww== 61 | -----END CERTIFICATE----- 62 | -------------------------------------------------------------------------------- /tests/testcertificates/first/first.pem: -------------------------------------------------------------------------------- 1 | Certificate: 2 | Data: 3 | Version: 3 (0x2) 4 | Serial Number: 1 (0x1) 5 | Signature Algorithm: sha1WithRSAEncryption 6 | Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd 7 | Validity 8 | Not Before: Jun 6 17:11:44 2014 GMT 9 | Not After : Jun 3 17:11:44 2024 GMT 10 | Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=bar.foobar.com 11 | Subject Public Key Info: 12 | Public Key Algorithm: rsaEncryption 13 | Public-Key: (1024 bit) 14 | Modulus: 15 | 00:e4:13:e7:f0:97:87:62:5f:e2:cc:79:b2:55:77: 16 | d7:c2:b8:b9:d3:51:b9:72:6f:15:13:b5:94:e7:54: 17 | 8e:c1:18:37:6c:d8:0b:90:5a:a4:5d:a5:0e:42:74: 18 | 4e:7e:ad:e9:34:37:a7:6d:e5:30:c6:41:7b:f8:85: 19 | e9:61:84:cc:d8:80:f2:7f:af:6e:22:bc:2c:ce:27: 20 | 1f:4a:fd:36:bc:1c:9d:f5:5f:e9:b4:96:0f:88:31: 21 | 8f:a7:6d:38:54:a8:7e:2c:1c:1c:72:8c:2f:0b:0a: 22 | 71:6f:d2:d5:c6:ac:e9:e0:e9:7e:72:46:43:a0:00: 23 | 60:33:62:d7:7a:ff:1e:7f:77 24 | Exponent: 65537 (0x10001) 25 | X509v3 extensions: 26 | X509v3 Basic Constraints: 27 | CA:FALSE 28 | X509v3 Key Usage: 29 | Digital Signature, Non Repudiation, Key Encipherment 30 | X509v3 Subject Key Identifier: 31 | 4A:F7:E8:EB:57:1B:AB:49:41:23:E8:02:64:23:83:23:17:0E:CA:05 32 | X509v3 Authority Key Identifier: 33 | keyid:9F:73:10:61:42:11:4D:82:CA:F0:FF:37:E9:17:C3:20:C8:DB:1E:4A 34 | 35 | X509v3 Subject Alternative Name: 36 | DNS:foo.foobar.com, DNS:foobar.com 37 | Signature Algorithm: sha1WithRSAEncryption 38 | 9c:93:69:c4:94:ac:a3:c5:29:38:48:2f:bb:95:83:a2:62:81: 39 | 30:b7:a0:d1:dd:f2:c7:8c:b7:3e:27:54:1e:a7:43:da:18:90: 40 | 05:d0:ce:08:7e:26:c9:f9:65:7b:65:ce:33:55:95:47:c8:1d: 41 | 4e:bf:0f:64:e9:ae:b1:b8:4a:23:0a:84:15:c2:8d:aa:65:9b: 42 | fa:1c:9c:cb:d8:2d:0a:9c:ee:a6:a0:91:1b:0b:a3:61:48:05: 43 | 45:e1:1e:22:2e:52:0a:9c:0c:9a:80:cc:d4:8f:20:d2:60:2b: 44 | ed:60:7b:51:1c:3d:bc:75:b2:eb:45:67:51:6e:53:24:51:b8: 45 | 6f:8e 46 | -----BEGIN CERTIFICATE----- 47 | MIICmzCCAgSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJBVTET 48 | MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ 49 | dHkgTHRkMB4XDTE0MDYwNjE3MTE0NFoXDTI0MDYwMzE3MTE0NFowXjELMAkGA1UE 50 | BhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdp 51 | ZGdpdHMgUHR5IEx0ZDEXMBUGA1UEAwwOYmFyLmZvb2Jhci5jb20wgZ8wDQYJKoZI 52 | hvcNAQEBBQADgY0AMIGJAoGBAOQT5/CXh2Jf4sx5slV318K4udNRuXJvFRO1lOdU 53 | jsEYN2zYC5BapF2lDkJ0Tn6t6TQ3p23lMMZBe/iF6WGEzNiA8n+vbiK8LM4nH0r9 54 | NrwcnfVf6bSWD4gxj6dtOFSofiwcHHKMLwsKcW/S1cas6eDpfnJGQ6AAYDNi13r/ 55 | Hn93AgMBAAGjgYEwfzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAdBgNVHQ4EFgQU 56 | Svfo61cbq0lBI+gCZCODIxcOygUwHwYDVR0jBBgwFoAUn3MQYUIRTYLK8P836RfD 57 | IMjbHkowJQYDVR0RBB4wHIIOZm9vLmZvb2Jhci5jb22CCmZvb2Jhci5jb20wDQYJ 58 | KoZIhvcNAQEFBQADgYEAnJNpxJSso8UpOEgvu5WDomKBMLeg0d3yx4y3PidUHqdD 59 | 2hiQBdDOCH4myflle2XOM1WVR8gdTr8PZOmusbhKIwqEFcKNqmWb+hycy9gtCpzu 60 | pqCRGwujYUgFReEeIi5SCpwMmoDM1I8g0mAr7WB7URw9vHWy60VnUW5TJFG4b44= 61 | -----END CERTIFICATE----- 62 | -------------------------------------------------------------------------------- /tests/testcertificates/first/first-keyusage-any.pem: -------------------------------------------------------------------------------- 1 | Certificate: 2 | Data: 3 | Version: 3 (0x2) 4 | Serial Number: 15 (0xf) 5 | Signature Algorithm: sha1WithRSAEncryption 6 | Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd 7 | Validity 8 | Not Before: Jun 7 14:38:14 2014 GMT 9 | Not After : Jun 4 14:38:14 2024 GMT 10 | Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=any.foobar.com 11 | Subject Public Key Info: 12 | Public Key Algorithm: rsaEncryption 13 | Public-Key: (1024 bit) 14 | Modulus: 15 | 00:e4:13:e7:f0:97:87:62:5f:e2:cc:79:b2:55:77: 16 | d7:c2:b8:b9:d3:51:b9:72:6f:15:13:b5:94:e7:54: 17 | 8e:c1:18:37:6c:d8:0b:90:5a:a4:5d:a5:0e:42:74: 18 | 4e:7e:ad:e9:34:37:a7:6d:e5:30:c6:41:7b:f8:85: 19 | e9:61:84:cc:d8:80:f2:7f:af:6e:22:bc:2c:ce:27: 20 | 1f:4a:fd:36:bc:1c:9d:f5:5f:e9:b4:96:0f:88:31: 21 | 8f:a7:6d:38:54:a8:7e:2c:1c:1c:72:8c:2f:0b:0a: 22 | 71:6f:d2:d5:c6:ac:e9:e0:e9:7e:72:46:43:a0:00: 23 | 60:33:62:d7:7a:ff:1e:7f:77 24 | Exponent: 65537 (0x10001) 25 | X509v3 extensions: 26 | X509v3 Basic Constraints: critical 27 | CA:FALSE 28 | X509v3 Key Usage: 29 | Digital Signature, Non Repudiation, Key Encipherment 30 | X509v3 Extended Key Usage: 31 | Any Extended Key Usage, Time Stamping 32 | X509v3 Subject Key Identifier: 33 | 4A:F7:E8:EB:57:1B:AB:49:41:23:E8:02:64:23:83:23:17:0E:CA:05 34 | X509v3 Authority Key Identifier: 35 | keyid:9F:73:10:61:42:11:4D:82:CA:F0:FF:37:E9:17:C3:20:C8:DB:1E:4A 36 | 37 | Signature Algorithm: sha1WithRSAEncryption 38 | 91:08:7d:2c:a4:b7:85:af:62:c8:21:96:8a:1d:1f:81:fa:a4: 39 | 67:d4:2b:78:62:44:e6:83:c8:a4:3c:fd:64:f0:b9:fa:bd:c4: 40 | 99:a4:dd:82:f0:8a:75:8f:d1:4b:dd:f7:d3:1b:79:4f:d4:2d: 41 | 16:b1:86:23:54:93:7f:3e:99:b5:4f:f3:e4:fe:6a:76:21:d4: 42 | b0:d5:62:2d:de:63:a2:3a:c7:ae:f3:6d:68:c6:fe:a9:2f:e4: 43 | ef:36:85:42:85:f3:d3:0e:61:44:53:70:93:d0:b2:d4:06:f2: 44 | d7:96:e8:e1:b4:8d:9f:46:a5:a4:0b:08:20:41:8a:ee:04:c8: 45 | 63:4d 46 | -----BEGIN CERTIFICATE----- 47 | MIICkTCCAfqgAwIBAgIBDzANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJBVTET 48 | MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ 49 | dHkgTHRkMB4XDTE0MDYwNzE0MzgxNFoXDTI0MDYwNDE0MzgxNFowXjELMAkGA1UE 50 | BhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdp 51 | ZGdpdHMgUHR5IEx0ZDEXMBUGA1UEAwwOYW55LmZvb2Jhci5jb20wgZ8wDQYJKoZI 52 | hvcNAQEBBQADgY0AMIGJAoGBAOQT5/CXh2Jf4sx5slV318K4udNRuXJvFRO1lOdU 53 | jsEYN2zYC5BapF2lDkJ0Tn6t6TQ3p23lMMZBe/iF6WGEzNiA8n+vbiK8LM4nH0r9 54 | NrwcnfVf6bSWD4gxj6dtOFSofiwcHHKMLwsKcW/S1cas6eDpfnJGQ6AAYDNi13r/ 55 | Hn93AgMBAAGjeDB2MAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgXgMBkGA1UdJQQS 56 | MBAGBFUdJQAGCCsGAQUFBwMIMB0GA1UdDgQWBBRK9+jrVxurSUEj6AJkI4MjFw7K 57 | BTAfBgNVHSMEGDAWgBSfcxBhQhFNgsrw/zfpF8MgyNseSjANBgkqhkiG9w0BAQUF 58 | AAOBgQCRCH0spLeFr2LIIZaKHR+B+qRn1Ct4YkTmg8ikPP1k8Ln6vcSZpN2C8Ip1 59 | j9FL3ffTG3lP1C0WsYYjVJN/Ppm1T/Pk/mp2IdSw1WIt3mOiOseu821oxv6pL+Tv 60 | NoVChfPTDmFEU3CT0LLUBvLXlujhtI2fRqWkCwggQYruBMhjTQ== 61 | -----END CERTIFICATE----- 62 | -------------------------------------------------------------------------------- /tests/testcertificates/intermediate/second/second-any.pem: -------------------------------------------------------------------------------- 1 | Certificate: 2 | Data: 3 | Version: 3 (0x2) 4 | Serial Number: 4 (0x4) 5 | Signature Algorithm: sha1WithRSAEncryption 6 | Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=signing CA 7 | Validity 8 | Not Before: Jun 7 15:12:00 2014 GMT 9 | Not After : Jun 4 15:12:00 2024 GMT 10 | Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=second.foobar.com 11 | Subject Public Key Info: 12 | Public Key Algorithm: rsaEncryption 13 | Public-Key: (1024 bit) 14 | Modulus: 15 | 00:e4:13:e7:f0:97:87:62:5f:e2:cc:79:b2:55:77: 16 | d7:c2:b8:b9:d3:51:b9:72:6f:15:13:b5:94:e7:54: 17 | 8e:c1:18:37:6c:d8:0b:90:5a:a4:5d:a5:0e:42:74: 18 | 4e:7e:ad:e9:34:37:a7:6d:e5:30:c6:41:7b:f8:85: 19 | e9:61:84:cc:d8:80:f2:7f:af:6e:22:bc:2c:ce:27: 20 | 1f:4a:fd:36:bc:1c:9d:f5:5f:e9:b4:96:0f:88:31: 21 | 8f:a7:6d:38:54:a8:7e:2c:1c:1c:72:8c:2f:0b:0a: 22 | 71:6f:d2:d5:c6:ac:e9:e0:e9:7e:72:46:43:a0:00: 23 | 60:33:62:d7:7a:ff:1e:7f:77 24 | Exponent: 65537 (0x10001) 25 | X509v3 extensions: 26 | X509v3 Basic Constraints: critical 27 | CA:FALSE 28 | X509v3 Key Usage: 29 | Digital Signature, Non Repudiation, Key Encipherment 30 | X509v3 Subject Key Identifier: 31 | 4A:F7:E8:EB:57:1B:AB:49:41:23:E8:02:64:23:83:23:17:0E:CA:05 32 | X509v3 Authority Key Identifier: 33 | keyid:70:46:49:1B:C2:71:2E:C0:50:D3:4B:18:58:8A:C4:10:1C:AE:B3:59 34 | 35 | X509v3 Extended Key Usage: 36 | Any Extended Key Usage 37 | Signature Algorithm: sha1WithRSAEncryption 38 | 5f:3b:4b:a3:70:1a:82:3e:9c:bb:cb:16:95:f3:b2:ef:3a:a6: 39 | 09:1d:1c:b9:cb:ce:56:82:29:98:41:b8:c5:58:cb:35:27:45: 40 | 9d:2e:f5:41:e1:a0:7c:5f:ee:2d:0c:9c:9b:42:31:61:27:fb: 41 | 5f:d6:ce:a6:dc:c6:9b:b2:d1:3b:72:1e:b3:f1:20:73:7f:86: 42 | 8a:1d:44:c8:d7:bc:f2:92:4a:2c:48:97:b5:12:63:99:f3:90: 43 | e5:79:bf:68:fe:11:34:1d:ac:75:80:d2:22:7f:53:2d:70:50: 44 | d2:a0:fc:7b:b9:8f:b3:5e:6c:70:b8:55:0b:52:d5:84:b7:7c: 45 | 84:9b 46 | -----BEGIN CERTIFICATE----- 47 | MIICnzCCAgigAwIBAgIBBDANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJBVTET 48 | MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ 49 | dHkgTHRkMRMwEQYDVQQDDApzaWduaW5nIENBMB4XDTE0MDYwNzE1MTIwMFoXDTI0 50 | MDYwNDE1MTIwMFowYTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx 51 | ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEaMBgGA1UEAwwRc2Vj 52 | b25kLmZvb2Jhci5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOQT5/CX 53 | h2Jf4sx5slV318K4udNRuXJvFRO1lOdUjsEYN2zYC5BapF2lDkJ0Tn6t6TQ3p23l 54 | MMZBe/iF6WGEzNiA8n+vbiK8LM4nH0r9NrwcnfVf6bSWD4gxj6dtOFSofiwcHHKM 55 | LwsKcW/S1cas6eDpfnJGQ6AAYDNi13r/Hn93AgMBAAGjbjBsMAwGA1UdEwEB/wQC 56 | MAAwCwYDVR0PBAQDAgXgMB0GA1UdDgQWBBRK9+jrVxurSUEj6AJkI4MjFw7KBTAf 57 | BgNVHSMEGDAWgBRwRkkbwnEuwFDTSxhYisQQHK6zWTAPBgNVHSUECDAGBgRVHSUA 58 | MA0GCSqGSIb3DQEBBQUAA4GBAF87S6NwGoI+nLvLFpXzsu86pgkdHLnLzlaCKZhB 59 | uMVYyzUnRZ0u9UHhoHxf7i0MnJtCMWEn+1/Wzqbcxpuy0TtyHrPxIHN/hoodRMjX 60 | vPKSSixIl7USY5nzkOV5v2j+ETQdrHWA0iJ/Uy1wUNKg/Hu5j7NebHC4VQtS1YS3 61 | fISb 62 | -----END CERTIFICATE----- 63 | -------------------------------------------------------------------------------- /tests/testcertificates/intermediate/second/second-time.pem: -------------------------------------------------------------------------------- 1 | Certificate: 2 | Data: 3 | Version: 3 (0x2) 4 | Serial Number: 3 (0x3) 5 | Signature Algorithm: sha1WithRSAEncryption 6 | Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=signing CA 7 | Validity 8 | Not Before: Jun 7 15:11:22 2014 GMT 9 | Not After : Jun 4 15:11:22 2024 GMT 10 | Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=second.foobar.com 11 | Subject Public Key Info: 12 | Public Key Algorithm: rsaEncryption 13 | Public-Key: (1024 bit) 14 | Modulus: 15 | 00:e4:13:e7:f0:97:87:62:5f:e2:cc:79:b2:55:77: 16 | d7:c2:b8:b9:d3:51:b9:72:6f:15:13:b5:94:e7:54: 17 | 8e:c1:18:37:6c:d8:0b:90:5a:a4:5d:a5:0e:42:74: 18 | 4e:7e:ad:e9:34:37:a7:6d:e5:30:c6:41:7b:f8:85: 19 | e9:61:84:cc:d8:80:f2:7f:af:6e:22:bc:2c:ce:27: 20 | 1f:4a:fd:36:bc:1c:9d:f5:5f:e9:b4:96:0f:88:31: 21 | 8f:a7:6d:38:54:a8:7e:2c:1c:1c:72:8c:2f:0b:0a: 22 | 71:6f:d2:d5:c6:ac:e9:e0:e9:7e:72:46:43:a0:00: 23 | 60:33:62:d7:7a:ff:1e:7f:77 24 | Exponent: 65537 (0x10001) 25 | X509v3 extensions: 26 | X509v3 Basic Constraints: critical 27 | CA:FALSE 28 | X509v3 Key Usage: 29 | Digital Signature, Non Repudiation, Key Encipherment 30 | X509v3 Subject Key Identifier: 31 | 4A:F7:E8:EB:57:1B:AB:49:41:23:E8:02:64:23:83:23:17:0E:CA:05 32 | X509v3 Authority Key Identifier: 33 | keyid:70:46:49:1B:C2:71:2E:C0:50:D3:4B:18:58:8A:C4:10:1C:AE:B3:59 34 | 35 | X509v3 Extended Key Usage: 36 | Time Stamping 37 | Signature Algorithm: sha1WithRSAEncryption 38 | 2e:95:20:c3:be:29:0f:f7:3c:eb:e3:02:e1:11:18:21:88:6f: 39 | 16:d8:e1:04:4b:d8:56:80:4f:e2:78:c0:35:10:b4:0f:11:0d: 40 | 3d:96:0a:77:aa:56:be:27:7c:53:4c:c4:e7:f2:42:9a:3f:c0: 41 | e5:8c:5e:9b:ff:c9:c2:13:d1:57:4a:9c:53:86:c2:c7:04:fa: 42 | 0b:8d:ac:52:0a:d8:e3:5d:d5:a6:f3:c0:67:db:de:43:0b:fd: 43 | 21:2a:7d:67:bd:de:f5:48:5a:f3:a5:d4:ed:18:4a:37:f9:c4: 44 | 6f:6e:7c:ff:b4:4e:db:5a:7b:6d:92:79:68:5d:ce:74:a0:b9: 45 | 96:38 46 | -----BEGIN CERTIFICATE----- 47 | MIICozCCAgygAwIBAgIBAzANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJBVTET 48 | MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ 49 | dHkgTHRkMRMwEQYDVQQDDApzaWduaW5nIENBMB4XDTE0MDYwNzE1MTEyMloXDTI0 50 | MDYwNDE1MTEyMlowYTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx 51 | ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEaMBgGA1UEAwwRc2Vj 52 | b25kLmZvb2Jhci5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOQT5/CX 53 | h2Jf4sx5slV318K4udNRuXJvFRO1lOdUjsEYN2zYC5BapF2lDkJ0Tn6t6TQ3p23l 54 | MMZBe/iF6WGEzNiA8n+vbiK8LM4nH0r9NrwcnfVf6bSWD4gxj6dtOFSofiwcHHKM 55 | LwsKcW/S1cas6eDpfnJGQ6AAYDNi13r/Hn93AgMBAAGjcjBwMAwGA1UdEwEB/wQC 56 | MAAwCwYDVR0PBAQDAgXgMB0GA1UdDgQWBBRK9+jrVxurSUEj6AJkI4MjFw7KBTAf 57 | BgNVHSMEGDAWgBRwRkkbwnEuwFDTSxhYisQQHK6zWTATBgNVHSUEDDAKBggrBgEF 58 | BQcDCDANBgkqhkiG9w0BAQUFAAOBgQAulSDDvikP9zzr4wLhERghiG8W2OEES9hW 59 | gE/ieMA1ELQPEQ09lgp3qla+J3xTTMTn8kKaP8DljF6b/8nCE9FXSpxThsLHBPoL 60 | jaxSCtjjXdWm88Bn295DC/0hKn1nvd71SFrzpdTtGEo3+cRvbnz/tE7bWnttknlo 61 | Xc50oLmWOA== 62 | -----END CERTIFICATE----- 63 | -------------------------------------------------------------------------------- /tests/testcertificates/intermediate/second/second-unknown-noncrit.pem: -------------------------------------------------------------------------------- 1 | Certificate: 2 | Data: 3 | Version: 3 (0x2) 4 | Serial Number: 7 (0x7) 5 | Signature Algorithm: sha1WithRSAEncryption 6 | Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=signing CA 7 | Validity 8 | Not Before: Jun 7 15:14:08 2014 GMT 9 | Not After : Jun 4 15:14:08 2024 GMT 10 | Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=second.foobar.com 11 | Subject Public Key Info: 12 | Public Key Algorithm: rsaEncryption 13 | Public-Key: (1024 bit) 14 | Modulus: 15 | 00:e4:13:e7:f0:97:87:62:5f:e2:cc:79:b2:55:77: 16 | d7:c2:b8:b9:d3:51:b9:72:6f:15:13:b5:94:e7:54: 17 | 8e:c1:18:37:6c:d8:0b:90:5a:a4:5d:a5:0e:42:74: 18 | 4e:7e:ad:e9:34:37:a7:6d:e5:30:c6:41:7b:f8:85: 19 | e9:61:84:cc:d8:80:f2:7f:af:6e:22:bc:2c:ce:27: 20 | 1f:4a:fd:36:bc:1c:9d:f5:5f:e9:b4:96:0f:88:31: 21 | 8f:a7:6d:38:54:a8:7e:2c:1c:1c:72:8c:2f:0b:0a: 22 | 71:6f:d2:d5:c6:ac:e9:e0:e9:7e:72:46:43:a0:00: 23 | 60:33:62:d7:7a:ff:1e:7f:77 24 | Exponent: 65537 (0x10001) 25 | X509v3 extensions: 26 | X509v3 Basic Constraints: critical 27 | CA:FALSE 28 | X509v3 Key Usage: 29 | Digital Signature, Non Repudiation, Key Encipherment 30 | X509v3 Subject Key Identifier: 31 | 4A:F7:E8:EB:57:1B:AB:49:41:23:E8:02:64:23:83:23:17:0E:CA:05 32 | X509v3 Authority Key Identifier: 33 | keyid:70:46:49:1B:C2:71:2E:C0:50:D3:4B:18:58:8A:C4:10:1C:AE:B3:59 34 | 35 | 1.2.3.4: 36 | ..Some random data 37 | Signature Algorithm: sha1WithRSAEncryption 38 | ad:f0:9c:da:6a:61:bd:5f:bd:bb:43:4c:c9:31:ca:07:6c:b0: 39 | 49:1f:9d:f0:72:b7:58:f8:91:a3:c5:d3:9a:46:c7:c7:ad:50: 40 | 7f:2c:05:c0:e2:ba:82:a7:22:2b:33:3a:60:87:dd:c7:18:01: 41 | 52:13:c4:da:63:88:65:cf:a2:a2:db:7f:83:85:11:94:12:82: 42 | d2:d5:91:01:40:7c:9b:8a:a7:33:e7:e0:ab:39:de:b6:ee:56: 43 | 49:50:f8:b5:e7:f0:50:3e:96:e1:ea:5d:5b:00:26:c3:1b:13: 44 | bc:12:da:35:b7:33:f0:cc:bc:ca:b1:1a:79:69:b3:34:22:35: 45 | 31:7f 46 | -----BEGIN CERTIFICATE----- 47 | MIICqTCCAhKgAwIBAgIBBzANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJBVTET 48 | MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ 49 | dHkgTHRkMRMwEQYDVQQDDApzaWduaW5nIENBMB4XDTE0MDYwNzE1MTQwOFoXDTI0 50 | MDYwNDE1MTQwOFowYTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx 51 | ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEaMBgGA1UEAwwRc2Vj 52 | b25kLmZvb2Jhci5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOQT5/CX 53 | h2Jf4sx5slV318K4udNRuXJvFRO1lOdUjsEYN2zYC5BapF2lDkJ0Tn6t6TQ3p23l 54 | MMZBe/iF6WGEzNiA8n+vbiK8LM4nH0r9NrwcnfVf6bSWD4gxj6dtOFSofiwcHHKM 55 | LwsKcW/S1cas6eDpfnJGQ6AAYDNi13r/Hn93AgMBAAGjeDB2MAwGA1UdEwEB/wQC 56 | MAAwCwYDVR0PBAQDAgXgMB0GA1UdDgQWBBRK9+jrVxurSUEj6AJkI4MjFw7KBTAf 57 | BgNVHSMEGDAWgBRwRkkbwnEuwFDTSxhYisQQHK6zWTAZBgMqAwQEEgwQU29tZSBy 58 | YW5kb20gZGF0YTANBgkqhkiG9w0BAQUFAAOBgQCt8JzaamG9X727Q0zJMcoHbLBJ 59 | H53wcrdY+JGjxdOaRsfHrVB/LAXA4rqCpyIrMzpgh93HGAFSE8TaY4hlz6Ki23+D 60 | hRGUEoLS1ZEBQHybiqcz5+CrOd627lZJUPi15/BQPpbh6l1bACbDGxO8Eto1tzPw 61 | zLzKsRp5abM0IjUxfw== 62 | -----END CERTIFICATE----- 63 | -------------------------------------------------------------------------------- /tests/testcertificates/intermediate/second/second-unknown.pem: -------------------------------------------------------------------------------- 1 | Certificate: 2 | Data: 3 | Version: 3 (0x2) 4 | Serial Number: 6 (0x6) 5 | Signature Algorithm: sha1WithRSAEncryption 6 | Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=signing CA 7 | Validity 8 | Not Before: Jun 7 15:13:35 2014 GMT 9 | Not After : Jun 4 15:13:35 2024 GMT 10 | Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=second.foobar.com 11 | Subject Public Key Info: 12 | Public Key Algorithm: rsaEncryption 13 | Public-Key: (1024 bit) 14 | Modulus: 15 | 00:e4:13:e7:f0:97:87:62:5f:e2:cc:79:b2:55:77: 16 | d7:c2:b8:b9:d3:51:b9:72:6f:15:13:b5:94:e7:54: 17 | 8e:c1:18:37:6c:d8:0b:90:5a:a4:5d:a5:0e:42:74: 18 | 4e:7e:ad:e9:34:37:a7:6d:e5:30:c6:41:7b:f8:85: 19 | e9:61:84:cc:d8:80:f2:7f:af:6e:22:bc:2c:ce:27: 20 | 1f:4a:fd:36:bc:1c:9d:f5:5f:e9:b4:96:0f:88:31: 21 | 8f:a7:6d:38:54:a8:7e:2c:1c:1c:72:8c:2f:0b:0a: 22 | 71:6f:d2:d5:c6:ac:e9:e0:e9:7e:72:46:43:a0:00: 23 | 60:33:62:d7:7a:ff:1e:7f:77 24 | Exponent: 65537 (0x10001) 25 | X509v3 extensions: 26 | X509v3 Basic Constraints: critical 27 | CA:FALSE 28 | X509v3 Key Usage: 29 | Digital Signature, Non Repudiation, Key Encipherment 30 | X509v3 Subject Key Identifier: 31 | 4A:F7:E8:EB:57:1B:AB:49:41:23:E8:02:64:23:83:23:17:0E:CA:05 32 | X509v3 Authority Key Identifier: 33 | keyid:70:46:49:1B:C2:71:2E:C0:50:D3:4B:18:58:8A:C4:10:1C:AE:B3:59 34 | 35 | 1.2.3.4: critical 36 | ..Some random data 37 | Signature Algorithm: sha1WithRSAEncryption 38 | 22:43:ed:d2:8f:20:da:b4:31:1d:54:54:80:d4:b7:3b:c8:db: 39 | 81:30:1b:29:c3:e7:76:6c:7c:c1:1d:86:97:d7:98:99:e7:99: 40 | 87:25:11:30:9e:63:e2:4e:b2:a3:c9:97:aa:b0:a6:9c:73:76: 41 | c3:a0:15:b2:05:3e:3f:92:38:aa:62:26:78:56:85:c0:bb:1e: 42 | 39:fa:f7:c8:40:25:9c:f9:c0:ce:70:b9:8a:b0:56:35:f7:54: 43 | 91:b5:b6:33:85:f2:18:ae:f4:ca:a4:d9:a8:41:34:4a:7b:23: 44 | 5d:41:77:87:6d:f9:65:07:62:6d:50:5a:f1:14:13:a3:c8:2f: 45 | 7a:3d 46 | -----BEGIN CERTIFICATE----- 47 | MIICrDCCAhWgAwIBAgIBBjANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJBVTET 48 | MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ 49 | dHkgTHRkMRMwEQYDVQQDDApzaWduaW5nIENBMB4XDTE0MDYwNzE1MTMzNVoXDTI0 50 | MDYwNDE1MTMzNVowYTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx 51 | ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEaMBgGA1UEAwwRc2Vj 52 | b25kLmZvb2Jhci5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOQT5/CX 53 | h2Jf4sx5slV318K4udNRuXJvFRO1lOdUjsEYN2zYC5BapF2lDkJ0Tn6t6TQ3p23l 54 | MMZBe/iF6WGEzNiA8n+vbiK8LM4nH0r9NrwcnfVf6bSWD4gxj6dtOFSofiwcHHKM 55 | LwsKcW/S1cas6eDpfnJGQ6AAYDNi13r/Hn93AgMBAAGjezB5MAwGA1UdEwEB/wQC 56 | MAAwCwYDVR0PBAQDAgXgMB0GA1UdDgQWBBRK9+jrVxurSUEj6AJkI4MjFw7KBTAf 57 | BgNVHSMEGDAWgBRwRkkbwnEuwFDTSxhYisQQHK6zWTAcBgMqAwQBAf8EEgwQU29t 58 | ZSByYW5kb20gZGF0YTANBgkqhkiG9w0BAQUFAAOBgQAiQ+3SjyDatDEdVFSA1Lc7 59 | yNuBMBspw+d2bHzBHYaX15iZ55mHJREwnmPiTrKjyZeqsKacc3bDoBWyBT4/kjiq 60 | YiZ4VoXAux45+vfIQCWc+cDOcLmKsFY191SRtbYzhfIYrvTKpNmoQTRKeyNdQXeH 61 | bfllB2JtUFrxFBOjyC96PQ== 62 | -----END CERTIFICATE----- 63 | -------------------------------------------------------------------------------- /tests/testcertificates/intermediate/second/second-subjaltemail.pem: -------------------------------------------------------------------------------- 1 | Certificate: 2 | Data: 3 | Version: 3 (0x2) 4 | Serial Number: 11 (0xb) 5 | Signature Algorithm: sha1WithRSAEncryption 6 | Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=signing CA 7 | Validity 8 | Not Before: Jun 7 20:27:58 2014 GMT 9 | Not After : Jun 4 20:27:58 2024 GMT 10 | Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=second.foobar.com 11 | Subject Public Key Info: 12 | Public Key Algorithm: rsaEncryption 13 | Public-Key: (1024 bit) 14 | Modulus: 15 | 00:e4:13:e7:f0:97:87:62:5f:e2:cc:79:b2:55:77: 16 | d7:c2:b8:b9:d3:51:b9:72:6f:15:13:b5:94:e7:54: 17 | 8e:c1:18:37:6c:d8:0b:90:5a:a4:5d:a5:0e:42:74: 18 | 4e:7e:ad:e9:34:37:a7:6d:e5:30:c6:41:7b:f8:85: 19 | e9:61:84:cc:d8:80:f2:7f:af:6e:22:bc:2c:ce:27: 20 | 1f:4a:fd:36:bc:1c:9d:f5:5f:e9:b4:96:0f:88:31: 21 | 8f:a7:6d:38:54:a8:7e:2c:1c:1c:72:8c:2f:0b:0a: 22 | 71:6f:d2:d5:c6:ac:e9:e0:e9:7e:72:46:43:a0:00: 23 | 60:33:62:d7:7a:ff:1e:7f:77 24 | Exponent: 65537 (0x10001) 25 | X509v3 extensions: 26 | X509v3 Basic Constraints: critical 27 | CA:FALSE 28 | X509v3 Key Usage: 29 | Digital Signature, Non Repudiation, Key Encipherment 30 | X509v3 Subject Key Identifier: 31 | 4A:F7:E8:EB:57:1B:AB:49:41:23:E8:02:64:23:83:23:17:0E:CA:05 32 | X509v3 Authority Key Identifier: 33 | keyid:70:46:49:1B:C2:71:2E:C0:50:D3:4B:18:58:8A:C4:10:1C:AE:B3:59 34 | 35 | X509v3 Subject Alternative Name: 36 | email:foobar.com 37 | Signature Algorithm: sha1WithRSAEncryption 38 | 37:e6:be:0f:75:4a:b8:c2:e1:7f:e2:70:31:41:12:41:cc:05: 39 | 72:8f:ce:8c:2c:c2:1e:78:03:bb:61:f5:9a:76:cf:36:bb:66: 40 | cf:4c:f1:33:ba:9d:a7:7e:20:92:7c:bb:9c:01:53:ba:c9:13: 41 | 2c:6e:c4:bf:04:ee:76:bc:eb:d3:87:e8:05:5c:62:f1:0e:7c: 42 | 51:12:25:c8:4f:e6:8e:46:c1:15:2a:55:fb:e4:8a:e3:04:7f: 43 | 9f:86:1d:03:e1:25:b4:6b:9a:bd:b6:02:ba:07:d4:82:04:06: 44 | fb:fd:7d:9b:7b:37:96:f2:04:0e:a4:f3:43:6c:9a:f1:fb:1f: 45 | 4b:bc 46 | -----BEGIN CERTIFICATE----- 47 | MIICpTCCAg6gAwIBAgIBCzANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJBVTET 48 | MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ 49 | dHkgTHRkMRMwEQYDVQQDDApzaWduaW5nIENBMB4XDTE0MDYwNzIwMjc1OFoXDTI0 50 | MDYwNDIwMjc1OFowYTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx 51 | ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEaMBgGA1UEAwwRc2Vj 52 | b25kLmZvb2Jhci5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOQT5/CX 53 | h2Jf4sx5slV318K4udNRuXJvFRO1lOdUjsEYN2zYC5BapF2lDkJ0Tn6t6TQ3p23l 54 | MMZBe/iF6WGEzNiA8n+vbiK8LM4nH0r9NrwcnfVf6bSWD4gxj6dtOFSofiwcHHKM 55 | LwsKcW/S1cas6eDpfnJGQ6AAYDNi13r/Hn93AgMBAAGjdDByMAwGA1UdEwEB/wQC 56 | MAAwCwYDVR0PBAQDAgXgMB0GA1UdDgQWBBRK9+jrVxurSUEj6AJkI4MjFw7KBTAf 57 | BgNVHSMEGDAWgBRwRkkbwnEuwFDTSxhYisQQHK6zWTAVBgNVHREEDjAMgQpmb29i 58 | YXIuY29tMA0GCSqGSIb3DQEBBQUAA4GBADfmvg91SrjC4X/icDFBEkHMBXKPzows 59 | wh54A7th9Zp2zza7Zs9M8TO6nad+IJJ8u5wBU7rJEyxuxL8E7na869OH6AVcYvEO 60 | fFESJchP5o5GwRUqVfvkiuMEf5+GHQPhJbRrmr22AroH1IIEBvv9fZt7N5byBA6k 61 | 80NsmvH7H0u8 62 | -----END CERTIFICATE----- 63 | -------------------------------------------------------------------------------- /tests/testcertificates/intermediate/second/second-subj.pem: -------------------------------------------------------------------------------- 1 | Certificate: 2 | Data: 3 | Version: 3 (0x2) 4 | Serial Number: 8 (0x8) 5 | Signature Algorithm: sha1WithRSAEncryption 6 | Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=signing CA 7 | Validity 8 | Not Before: Jun 7 15:15:01 2014 GMT 9 | Not After : Jun 4 15:15:01 2024 GMT 10 | Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=second.foobar.com 11 | Subject Public Key Info: 12 | Public Key Algorithm: rsaEncryption 13 | Public-Key: (1024 bit) 14 | Modulus: 15 | 00:e4:13:e7:f0:97:87:62:5f:e2:cc:79:b2:55:77: 16 | d7:c2:b8:b9:d3:51:b9:72:6f:15:13:b5:94:e7:54: 17 | 8e:c1:18:37:6c:d8:0b:90:5a:a4:5d:a5:0e:42:74: 18 | 4e:7e:ad:e9:34:37:a7:6d:e5:30:c6:41:7b:f8:85: 19 | e9:61:84:cc:d8:80:f2:7f:af:6e:22:bc:2c:ce:27: 20 | 1f:4a:fd:36:bc:1c:9d:f5:5f:e9:b4:96:0f:88:31: 21 | 8f:a7:6d:38:54:a8:7e:2c:1c:1c:72:8c:2f:0b:0a: 22 | 71:6f:d2:d5:c6:ac:e9:e0:e9:7e:72:46:43:a0:00: 23 | 60:33:62:d7:7a:ff:1e:7f:77 24 | Exponent: 65537 (0x10001) 25 | X509v3 extensions: 26 | X509v3 Basic Constraints: critical 27 | CA:FALSE 28 | X509v3 Key Usage: 29 | Digital Signature, Non Repudiation, Key Encipherment 30 | X509v3 Subject Key Identifier: 31 | 4A:F7:E8:EB:57:1B:AB:49:41:23:E8:02:64:23:83:23:17:0E:CA:05 32 | X509v3 Authority Key Identifier: 33 | keyid:70:46:49:1B:C2:71:2E:C0:50:D3:4B:18:58:8A:C4:10:1C:AE:B3:59 34 | 35 | X509v3 Subject Alternative Name: 36 | DNS:foobar.com, DNS:foo.foobar.com 37 | Signature Algorithm: sha1WithRSAEncryption 38 | 77:a1:83:7f:ed:4f:5c:a5:86:55:11:2a:6e:89:0c:07:be:0e: 39 | 1e:5a:b8:94:7f:0d:74:ef:e1:b4:e4:72:68:96:95:2b:00:a2: 40 | 29:a2:4e:16:cd:e8:04:fc:e7:ac:73:04:9a:fc:2a:5d:c2:59: 41 | aa:92:0f:7c:fb:25:39:f9:b9:ed:d2:1a:04:93:8f:e0:d2:41: 42 | eb:81:8d:c6:89:b0:54:de:1d:24:e6:6d:3b:a7:e2:80:61:32: 43 | 98:22:4d:a1:fb:61:5c:ed:15:87:ba:26:5e:91:53:54:47:a9: 44 | 76:b8:4b:bb:00:53:5b:c6:3c:8c:a4:80:d0:13:fa:b0:3c:d4: 45 | 0f:44 46 | -----BEGIN CERTIFICATE----- 47 | MIICtzCCAiCgAwIBAgIBCDANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJBVTET 48 | MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ 49 | dHkgTHRkMRMwEQYDVQQDDApzaWduaW5nIENBMB4XDTE0MDYwNzE1MTUwMVoXDTI0 50 | MDYwNDE1MTUwMVowYTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx 51 | ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEaMBgGA1UEAwwRc2Vj 52 | b25kLmZvb2Jhci5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOQT5/CX 53 | h2Jf4sx5slV318K4udNRuXJvFRO1lOdUjsEYN2zYC5BapF2lDkJ0Tn6t6TQ3p23l 54 | MMZBe/iF6WGEzNiA8n+vbiK8LM4nH0r9NrwcnfVf6bSWD4gxj6dtOFSofiwcHHKM 55 | LwsKcW/S1cas6eDpfnJGQ6AAYDNi13r/Hn93AgMBAAGjgYUwgYIwDAYDVR0TAQH/ 56 | BAIwADALBgNVHQ8EBAMCBeAwHQYDVR0OBBYEFEr36OtXG6tJQSPoAmQjgyMXDsoF 57 | MB8GA1UdIwQYMBaAFHBGSRvCcS7AUNNLGFiKxBAcrrNZMCUGA1UdEQQeMByCCmZv 58 | b2Jhci5jb22CDmZvby5mb29iYXIuY29tMA0GCSqGSIb3DQEBBQUAA4GBAHehg3/t 59 | T1ylhlURKm6JDAe+Dh5auJR/DXTv4bTkcmiWlSsAoimiThbN6AT856xzBJr8Kl3C 60 | WaqSD3z7JTn5ue3SGgSTj+DSQeuBjcaJsFTeHSTmbTun4oBhMpgiTaH7YVztFYe6 61 | Jl6RU1RHqXa4S7sAU1vGPIykgNAT+rA81A9E 62 | -----END CERTIFICATE----- 63 | -------------------------------------------------------------------------------- /tests/testcertificates/intermediate/second/second-subj-wild.pem: -------------------------------------------------------------------------------- 1 | Certificate: 2 | Data: 3 | Version: 3 (0x2) 4 | Serial Number: 9 (0x9) 5 | Signature Algorithm: sha1WithRSAEncryption 6 | Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=signing CA 7 | Validity 8 | Not Before: Jun 7 15:15:26 2014 GMT 9 | Not After : Jun 4 15:15:26 2024 GMT 10 | Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=second.foobar.com 11 | Subject Public Key Info: 12 | Public Key Algorithm: rsaEncryption 13 | Public-Key: (1024 bit) 14 | Modulus: 15 | 00:e4:13:e7:f0:97:87:62:5f:e2:cc:79:b2:55:77: 16 | d7:c2:b8:b9:d3:51:b9:72:6f:15:13:b5:94:e7:54: 17 | 8e:c1:18:37:6c:d8:0b:90:5a:a4:5d:a5:0e:42:74: 18 | 4e:7e:ad:e9:34:37:a7:6d:e5:30:c6:41:7b:f8:85: 19 | e9:61:84:cc:d8:80:f2:7f:af:6e:22:bc:2c:ce:27: 20 | 1f:4a:fd:36:bc:1c:9d:f5:5f:e9:b4:96:0f:88:31: 21 | 8f:a7:6d:38:54:a8:7e:2c:1c:1c:72:8c:2f:0b:0a: 22 | 71:6f:d2:d5:c6:ac:e9:e0:e9:7e:72:46:43:a0:00: 23 | 60:33:62:d7:7a:ff:1e:7f:77 24 | Exponent: 65537 (0x10001) 25 | X509v3 extensions: 26 | X509v3 Basic Constraints: critical 27 | CA:FALSE 28 | X509v3 Key Usage: 29 | Digital Signature, Non Repudiation, Key Encipherment 30 | X509v3 Subject Key Identifier: 31 | 4A:F7:E8:EB:57:1B:AB:49:41:23:E8:02:64:23:83:23:17:0E:CA:05 32 | X509v3 Authority Key Identifier: 33 | keyid:70:46:49:1B:C2:71:2E:C0:50:D3:4B:18:58:8A:C4:10:1C:AE:B3:59 34 | 35 | X509v3 Subject Alternative Name: 36 | DNS:*.foobar.com, DNS:foo.foobar.com 37 | Signature Algorithm: sha1WithRSAEncryption 38 | c8:c4:d0:4a:98:c8:d1:92:54:da:e0:a8:71:05:4e:76:e0:51: 39 | 5f:5f:c0:3f:38:9d:d4:d2:ea:68:c1:61:4c:67:74:22:19:54: 40 | a1:1d:cf:2a:41:69:2a:2b:82:e8:f6:ca:54:4f:c2:bd:5a:0e: 41 | f0:e1:c8:12:5f:9a:75:c0:d2:23:66:ea:dd:a7:2f:a6:7e:ae: 42 | 38:7e:14:2a:f4:d1:90:26:91:cb:0a:9a:5d:de:d6:25:bd:97: 43 | 34:c0:4f:8e:3b:3c:fc:7b:ee:c7:6c:6f:80:e6:a9:4f:6d:87: 44 | 94:d8:6d:cf:be:92:5b:7e:23:e5:eb:55:cb:5c:9b:27:bf:78: 45 | ce:0d 46 | -----BEGIN CERTIFICATE----- 47 | MIICuTCCAiKgAwIBAgIBCTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJBVTET 48 | MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ 49 | dHkgTHRkMRMwEQYDVQQDDApzaWduaW5nIENBMB4XDTE0MDYwNzE1MTUyNloXDTI0 50 | MDYwNDE1MTUyNlowYTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx 51 | ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEaMBgGA1UEAwwRc2Vj 52 | b25kLmZvb2Jhci5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOQT5/CX 53 | h2Jf4sx5slV318K4udNRuXJvFRO1lOdUjsEYN2zYC5BapF2lDkJ0Tn6t6TQ3p23l 54 | MMZBe/iF6WGEzNiA8n+vbiK8LM4nH0r9NrwcnfVf6bSWD4gxj6dtOFSofiwcHHKM 55 | LwsKcW/S1cas6eDpfnJGQ6AAYDNi13r/Hn93AgMBAAGjgYcwgYQwDAYDVR0TAQH/ 56 | BAIwADALBgNVHQ8EBAMCBeAwHQYDVR0OBBYEFEr36OtXG6tJQSPoAmQjgyMXDsoF 57 | MB8GA1UdIwQYMBaAFHBGSRvCcS7AUNNLGFiKxBAcrrNZMCcGA1UdEQQgMB6CDCou 58 | Zm9vYmFyLmNvbYIOZm9vLmZvb2Jhci5jb20wDQYJKoZIhvcNAQEFBQADgYEAyMTQ 59 | SpjI0ZJU2uCocQVOduBRX1/APzid1NLqaMFhTGd0IhlUoR3PKkFpKiuC6PbKVE/C 60 | vVoO8OHIEl+adcDSI2bq3acvpn6uOH4UKvTRkCaRywqaXd7WJb2XNMBPjjs8/Hvu 61 | x2xvgOapT22HlNhtz76SW34j5etVy1ybJ794zg0= 62 | -----END CERTIFICATE----- 63 | -------------------------------------------------------------------------------- /tests/testcertificates/first/first-unknown-critical-extension.pem: -------------------------------------------------------------------------------- 1 | Certificate: 2 | Data: 3 | Version: 3 (0x2) 4 | Serial Number: 2 (0x2) 5 | Signature Algorithm: sha1WithRSAEncryption 6 | Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd 7 | Validity 8 | Not Before: Jun 6 17:16:32 2014 GMT 9 | Not After : Jun 3 17:16:32 2024 GMT 10 | Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=blafasel.com 11 | Subject Public Key Info: 12 | Public Key Algorithm: rsaEncryption 13 | Public-Key: (1024 bit) 14 | Modulus: 15 | 00:e4:13:e7:f0:97:87:62:5f:e2:cc:79:b2:55:77: 16 | d7:c2:b8:b9:d3:51:b9:72:6f:15:13:b5:94:e7:54: 17 | 8e:c1:18:37:6c:d8:0b:90:5a:a4:5d:a5:0e:42:74: 18 | 4e:7e:ad:e9:34:37:a7:6d:e5:30:c6:41:7b:f8:85: 19 | e9:61:84:cc:d8:80:f2:7f:af:6e:22:bc:2c:ce:27: 20 | 1f:4a:fd:36:bc:1c:9d:f5:5f:e9:b4:96:0f:88:31: 21 | 8f:a7:6d:38:54:a8:7e:2c:1c:1c:72:8c:2f:0b:0a: 22 | 71:6f:d2:d5:c6:ac:e9:e0:e9:7e:72:46:43:a0:00: 23 | 60:33:62:d7:7a:ff:1e:7f:77 24 | Exponent: 65537 (0x10001) 25 | X509v3 extensions: 26 | X509v3 Basic Constraints: 27 | CA:FALSE 28 | X509v3 Key Usage: 29 | Digital Signature, Non Repudiation, Key Encipherment 30 | X509v3 Subject Key Identifier: 31 | 4A:F7:E8:EB:57:1B:AB:49:41:23:E8:02:64:23:83:23:17:0E:CA:05 32 | X509v3 Authority Key Identifier: 33 | keyid:9F:73:10:61:42:11:4D:82:CA:F0:FF:37:E9:17:C3:20:C8:DB:1E:4A 34 | 35 | X509v3 Subject Alternative Name: 36 | DNS:foo.foobar.com, DNS:foobar.com 37 | 1.2.3.4: critical 38 | ..Some random data 39 | Signature Algorithm: sha1WithRSAEncryption 40 | 59:43:8c:77:b5:d8:ad:98:b3:2c:e3:47:60:5b:b0:a6:b4:b5: 41 | 1a:22:b2:16:15:d0:2d:6f:9a:a0:2b:f3:45:c8:77:9c:dd:e1: 42 | 82:1d:55:9d:be:ff:53:45:2b:82:d1:ca:fd:a8:7f:6a:2d:47: 43 | b2:79:bc:70:e8:48:8e:48:3a:5f:0b:d9:ee:40:be:87:77:5e: 44 | 0e:69:45:ff:8e:06:b1:b5:87:eb:da:ea:26:d7:7d:e5:b3:d6: 45 | e3:4d:db:53:53:dd:5d:3f:7e:6b:98:a6:bd:db:79:35:f1:13: 46 | b4:1b:e1:8a:9c:84:f9:32:20:31:60:27:8d:e4:1c:c3:f9:dd: 47 | 6d:56 48 | -----BEGIN CERTIFICATE----- 49 | MIICuDCCAiGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJBVTET 50 | MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ 51 | dHkgTHRkMB4XDTE0MDYwNjE3MTYzMloXDTI0MDYwMzE3MTYzMlowXDELMAkGA1UE 52 | BhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdp 53 | ZGdpdHMgUHR5IEx0ZDEVMBMGA1UEAwwMYmxhZmFzZWwuY29tMIGfMA0GCSqGSIb3 54 | DQEBAQUAA4GNADCBiQKBgQDkE+fwl4diX+LMebJVd9fCuLnTUblybxUTtZTnVI7B 55 | GDds2AuQWqRdpQ5CdE5+rek0N6dt5TDGQXv4helhhMzYgPJ/r24ivCzOJx9K/Ta8 56 | HJ31X+m0lg+IMY+nbThUqH4sHBxyjC8LCnFv0tXGrOng6X5yRkOgAGAzYtd6/x5/ 57 | dwIDAQABo4GgMIGdMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXgMB0GA1UdDgQWBBRK 58 | 9+jrVxurSUEj6AJkI4MjFw7KBTAfBgNVHSMEGDAWgBSfcxBhQhFNgsrw/zfpF8Mg 59 | yNseSjAlBgNVHREEHjAcgg5mb28uZm9vYmFyLmNvbYIKZm9vYmFyLmNvbTAcBgMq 60 | AwQBAf8EEgwQU29tZSByYW5kb20gZGF0YTANBgkqhkiG9w0BAQUFAAOBgQBZQ4x3 61 | tditmLMs40dgW7CmtLUaIrIWFdAtb5qgK/NFyHec3eGCHVWdvv9TRSuC0cr9qH9q 62 | LUeyebxw6EiOSDpfC9nuQL6Hd14OaUX/jgaxtYfr2uom133ls9bjTdtTU91dP35r 63 | mKa923k18RO0G+GKnIT5MiAxYCeN5BzD+d1tVg== 64 | -----END CERTIFICATE----- 65 | --------------------------------------------------------------------------------