From 1c59ab5382c9a402890eefaa35ae9c0b6ccc2756 Mon Sep 17 00:00:00 2001 From: Roger Light Date: Mon, 29 Jul 2013 20:52:01 +0100 Subject: [PATCH] Implement SSL hostname verification. --- src/paho/mqtt/client.py | 54 ++- test/lib/03-publish-c2b-qos2-disconnect.py | 11 +- test/lib/08-ssl-connect-cert-auth.py | 4 +- test/lib/08-ssl-connect-no-auth.py | 4 +- test/lib/08-ssl-fake-cacert.py | 2 +- test/lib/python/08-ssl-connect-cert-auth.test | 2 +- test/lib/python/08-ssl-connect-no-auth.test | 2 +- test/lib/python/08-ssl-fake-cacert.test | 2 +- .../lib/python3/08-ssl-connect-cert-auth.test | 2 +- test/lib/python3/08-ssl-connect-no-auth.test | 2 +- test/lib/python3/08-ssl-fake-cacert.test | 2 +- test/ssl/all-ca.crt | 74 ++++ test/ssl/client-expired.crt | 74 +++- test/ssl/client-revoked.crt | 74 +++- test/ssl/client-revoked.csr | 12 - test/ssl/client-revoked.key | 26 +- test/ssl/client.crt | 73 +++- test/ssl/client.key | 26 +- test/ssl/crl.pem | 17 +- test/ssl/fake-ca.crt | 25 -- test/ssl/fake-ca.key | 30 -- test/ssl/gen.sh | 70 +++ test/ssl/openssl.cnf | 406 ++++++++++++++++++ test/ssl/readme.txt | 2 - test/ssl/rootCA/crlnumber | 1 + test/ssl/rootCA/index.txt | 2 + test/ssl/rootCA/index.txt.attr | 1 + test/ssl/rootCA/index.txt.attr.old | 1 + test/ssl/rootCA/index.txt.old | 1 + test/ssl/rootCA/newcerts/01.pem | 57 +++ test/ssl/rootCA/newcerts/02.pem | 58 +++ test/ssl/rootCA/serial | 1 + test/ssl/rootCA/serial.old | 1 + test/ssl/server-expired.crt | 17 - test/ssl/server.crt | 73 +++- test/ssl/server.csr | 13 - test/ssl/server.key | 26 +- test/ssl/signingCA/crlnumber | 1 + test/ssl/signingCA/crlnumber.old | 1 + test/ssl/signingCA/index.txt | 4 + test/ssl/signingCA/index.txt.attr | 1 + test/ssl/signingCA/index.txt.attr.old | 1 + test/ssl/signingCA/index.txt.old | 4 + test/ssl/signingCA/newcerts/01.pem | 60 +++ test/ssl/signingCA/newcerts/02.pem | 60 +++ test/ssl/signingCA/newcerts/03.pem | 61 +++ test/ssl/signingCA/newcerts/04.pem | 61 +++ test/ssl/signingCA/serial | 1 + test/ssl/signingCA/serial.old | 1 + test/ssl/test-alt-ca.crt | 58 +++ test/ssl/test-alt-ca.key | 15 + test/ssl/test-bad-root-ca.crt | 17 + test/ssl/test-bad-root-ca.key | 15 + test/ssl/test-ca-alt.crt | 19 - test/ssl/test-ca-alt.key | 17 - test/ssl/test-ca.crt | 19 - test/ssl/test-ca.key | 17 - test/ssl/test-fake-root-ca.crt | 17 + test/ssl/test-fake-root-ca.key | 15 + test/ssl/test-root-ca.crt | 17 + test/ssl/test-root-ca.key | 15 + test/ssl/test-signing-ca.crt | 57 +++ test/ssl/test-signing-ca.csr | 12 + test/ssl/test-signing-ca.key | 15 + 64 files changed, 1524 insertions(+), 305 deletions(-) create mode 100644 test/ssl/all-ca.crt delete mode 100644 test/ssl/client-revoked.csr delete mode 100644 test/ssl/fake-ca.crt delete mode 100644 test/ssl/fake-ca.key create mode 100755 test/ssl/gen.sh create mode 100644 test/ssl/openssl.cnf delete mode 100644 test/ssl/readme.txt create mode 100644 test/ssl/rootCA/crlnumber create mode 100644 test/ssl/rootCA/index.txt create mode 100644 test/ssl/rootCA/index.txt.attr create mode 100644 test/ssl/rootCA/index.txt.attr.old create mode 100644 test/ssl/rootCA/index.txt.old create mode 100644 test/ssl/rootCA/newcerts/01.pem create mode 100644 test/ssl/rootCA/newcerts/02.pem create mode 100644 test/ssl/rootCA/serial create mode 100644 test/ssl/rootCA/serial.old delete mode 100644 test/ssl/server.csr create mode 100644 test/ssl/signingCA/crlnumber create mode 100644 test/ssl/signingCA/crlnumber.old create mode 100644 test/ssl/signingCA/index.txt create mode 100644 test/ssl/signingCA/index.txt.attr create mode 100644 test/ssl/signingCA/index.txt.attr.old create mode 100644 test/ssl/signingCA/index.txt.old create mode 100644 test/ssl/signingCA/newcerts/01.pem create mode 100644 test/ssl/signingCA/newcerts/02.pem create mode 100644 test/ssl/signingCA/newcerts/03.pem create mode 100644 test/ssl/signingCA/newcerts/04.pem create mode 100644 test/ssl/signingCA/serial create mode 100644 test/ssl/signingCA/serial.old create mode 100644 test/ssl/test-alt-ca.crt create mode 100644 test/ssl/test-alt-ca.key create mode 100644 test/ssl/test-bad-root-ca.crt create mode 100644 test/ssl/test-bad-root-ca.key delete mode 100644 test/ssl/test-ca-alt.crt delete mode 100644 test/ssl/test-ca-alt.key delete mode 100644 test/ssl/test-ca.crt delete mode 100644 test/ssl/test-ca.key create mode 100644 test/ssl/test-fake-root-ca.crt create mode 100644 test/ssl/test-fake-root-ca.key create mode 100644 test/ssl/test-root-ca.crt create mode 100644 test/ssl/test-root-ca.key create mode 100644 test/ssl/test-signing-ca.crt create mode 100644 test/ssl/test-signing-ca.csr create mode 100644 test/ssl/test-signing-ca.key diff --git a/src/paho/mqtt/client.py b/src/paho/mqtt/client.py index f91487f..c80fabd 100755 --- a/src/paho/mqtt/client.py +++ b/src/paho/mqtt/client.py @@ -426,6 +426,7 @@ class Client: self._tls_ca_certs = None self._tls_cert_reqs = None self._tls_ciphers = None + self._tls_insecure = False def __del__(self): pass @@ -509,6 +510,22 @@ class Client: self._tls_version = tls_version self._tls_ciphers = ciphers + def tls_insecure_set(self, value): + """Configure verification of the server hostname in the server certificate. + + If value is set to true, it is impossible to guarantee that the host + you are connecting to is not impersonating your server. This can be + useful in initial server testing, but makes it possible for a malicious + third party to impersonate your server through DNS spoofing, for + example. + + Do not use this function in a real system. Setting value to true means + there is no point using encryption. + + Must be called before connect().""" + self._tls_insecure = value + + def connect(self, host, port=1883, keepalive=60, bind_address=""): """Connect to a remote broker. @@ -605,14 +622,12 @@ class Client: ssl_version=self._tls_version, ciphers=self._tls_ciphers) - try: - self.socket().connect((self._host, self._port)) - except socket.error as err: - (msg) = err - if msg.errno != errno.EINPROGRESS: - print(msg) - return 1 - + if self._tls_insecure == False: + if sys.version_info[0] < 3 or (sys.version_info[0] == 3 and sys.version_info[1] < 2): + self._tls_match_hostname() + else: + ssl.match_hostname(self._ssl.getpeercert(), self._host) + self._sock.setblocking(0) return self._send_connect(self._keepalive, self._clean_session) @@ -1828,3 +1843,26 @@ class Client: self.loop_forever() + def _tls_match_hostname(self): + cert = self._ssl.getpeercert() + san = cert.get('subjectAltName') + if san: + have_san_dns = False + for ((key,value),) in san: + if key == 'DNS': + have_san_dns = True + if value == self._host: + return + + if have_san_dns: + # Only check subject if subjectAltName dns not found. + raise ssl.SSLError('Certificate subject does not match remote hostname.') + subject = cert.get('subject') + if subject: + for ((key,value),) in subject: + if key == 'commonName': + if value == self._host: + return + + raise ssl.SSLError('Certificate subject does not match remote hostname.') + diff --git a/test/lib/03-publish-c2b-qos2-disconnect.py b/test/lib/03-publish-c2b-qos2-disconnect.py index acc1a3f..f21a290 100755 --- a/test/lib/03-publish-c2b-qos2-disconnect.py +++ b/test/lib/03-publish-c2b-qos2-disconnect.py @@ -77,14 +77,11 @@ try: if paho_test.expect_packet(conn, "connect", connect_packet): conn.send(connack_packet) - if paho_test.expect_packet(conn, "2nd retried publish", publish_dup_packet): - conn.send(pubrec_packet) + if paho_test.expect_packet(conn, "retried pubrel", pubrel_dup_packet): + conn.send(pubcomp_packet) - if paho_test.expect_packet(conn, "pubrel", pubrel_packet): - conn.send(pubcomp_packet) - - if paho_test.expect_packet(conn, "disconnect", disconnect_packet): - rc = 0 + if paho_test.expect_packet(conn, "disconnect", disconnect_packet): + rc = 0 conn.close() finally: diff --git a/test/lib/08-ssl-connect-cert-auth.py b/test/lib/08-ssl-connect-cert-auth.py index 4ec1dd7..60663ab 100755 --- a/test/lib/08-ssl-connect-cert-auth.py +++ b/test/lib/08-ssl-connect-cert-auth.py @@ -5,7 +5,7 @@ # The client should connect to port 1888 with keepalive=60, clean session set, # and client id 08-ssl-connect-crt-auth -# It should use the CA certificate ssl/test-ca.crt for verifying the server. +# It should use the CA certificate ssl/all-ca.crt for verifying the server. # The test will send a CONNACK message to the client with rc=0. Upon receiving # the CONNACK and verifying that rc=0, the client should send a DISCONNECT # message. If rc!=0, the client should exit with an error. @@ -37,7 +37,7 @@ disconnect_packet = paho_test.gen_disconnect() sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) -ssock = ssl.wrap_socket(sock, ca_certs="../ssl/test-ca.crt", +ssock = ssl.wrap_socket(sock, ca_certs="../ssl/all-ca.crt", keyfile="../ssl/server.key", certfile="../ssl/server.crt", server_side=True, ssl_version=ssl.PROTOCOL_TLSv1, cert_reqs=ssl.CERT_REQUIRED) ssock.settimeout(10) diff --git a/test/lib/08-ssl-connect-no-auth.py b/test/lib/08-ssl-connect-no-auth.py index 15c6f2d..406f815 100755 --- a/test/lib/08-ssl-connect-no-auth.py +++ b/test/lib/08-ssl-connect-no-auth.py @@ -4,7 +4,7 @@ # The client should connect to port 1888 with keepalive=60, clean session set, # and client id 08-ssl-connect-no-auth -# It should use the CA certificate ssl/test-ca.crt for verifying the server. +# It should use the CA certificate ssl/all-ca.crt for verifying the server. # The test will send a CONNACK message to the client with rc=0. Upon receiving # the CONNACK and verifying that rc=0, the client should send a DISCONNECT # message. If rc!=0, the client should exit with an error. @@ -36,7 +36,7 @@ disconnect_packet = paho_test.gen_disconnect() sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) -ssock = ssl.wrap_socket(sock, ca_certs="../ssl/test-ca.crt", keyfile="../ssl/server.key", certfile="../ssl/server.crt", server_side=True, ssl_version=ssl.PROTOCOL_TLSv1) +ssock = ssl.wrap_socket(sock, ca_certs="../ssl/all-ca.crt", keyfile="../ssl/server.key", certfile="../ssl/server.crt", server_side=True, ssl_version=ssl.PROTOCOL_TLSv1) ssock.settimeout(10) ssock.bind(('', 1888)) ssock.listen(5) diff --git a/test/lib/08-ssl-fake-cacert.py b/test/lib/08-ssl-fake-cacert.py index aa9be9d..819ab8b 100755 --- a/test/lib/08-ssl-fake-cacert.py +++ b/test/lib/08-ssl-fake-cacert.py @@ -21,7 +21,7 @@ if sys.version < '2.7': sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) -ssock = ssl.wrap_socket(sock, ca_certs="../ssl/test-ca.crt", +ssock = ssl.wrap_socket(sock, ca_certs="../ssl/all-ca.crt", keyfile="../ssl/server.key", certfile="../ssl/server.crt", server_side=True, ssl_version=ssl.PROTOCOL_TLSv1, cert_reqs=ssl.CERT_REQUIRED) ssock.settimeout(10) diff --git a/test/lib/python/08-ssl-connect-cert-auth.test b/test/lib/python/08-ssl-connect-cert-auth.test index 95ec548..8493c5a 100755 --- a/test/lib/python/08-ssl-connect-cert-auth.test +++ b/test/lib/python/08-ssl-connect-cert-auth.test @@ -26,7 +26,7 @@ def on_disconnect(mqttc, obj, rc): run = -1 mqttc = mqtt.Client("08-ssl-connect-crt-auth", run) -mqttc.tls_set("../ssl/test-ca.crt", "../ssl/client.crt", "../ssl/client.key") +mqttc.tls_set("../ssl/all-ca.crt", "../ssl/client.crt", "../ssl/client.key") mqttc.on_connect = on_connect mqttc.on_disconnect = on_disconnect diff --git a/test/lib/python/08-ssl-connect-no-auth.test b/test/lib/python/08-ssl-connect-no-auth.test index 4ce73e3..4f07746 100755 --- a/test/lib/python/08-ssl-connect-no-auth.test +++ b/test/lib/python/08-ssl-connect-no-auth.test @@ -26,7 +26,7 @@ def on_disconnect(mqttc, obj, rc): run = -1 mqttc = mqtt.Client("08-ssl-connect-no-auth", run) -mqttc.tls_set("../ssl/test-ca.crt") +mqttc.tls_set("../ssl/all-ca.crt") mqttc.on_connect = on_connect mqttc.on_disconnect = on_disconnect diff --git a/test/lib/python/08-ssl-fake-cacert.test b/test/lib/python/08-ssl-fake-cacert.test index 1fdcdc9..0448e3c 100755 --- a/test/lib/python/08-ssl-fake-cacert.test +++ b/test/lib/python/08-ssl-fake-cacert.test @@ -18,7 +18,7 @@ def on_connect(mqttc, obj, rc): exit(1) mqttc = mqtt.Client("08-ssl-fake-cacert") -mqttc.tls_set("../ssl/fake-ca.crt", "../ssl/client.crt", "../ssl/client.key") +mqttc.tls_set("../ssl/test-fake-root-ca.crt", "../ssl/client.crt", "../ssl/client.key") mqttc.on_connect = on_connect try: diff --git a/test/lib/python3/08-ssl-connect-cert-auth.test b/test/lib/python3/08-ssl-connect-cert-auth.test index 605d1a6..acb1dcd 100755 --- a/test/lib/python3/08-ssl-connect-cert-auth.test +++ b/test/lib/python3/08-ssl-connect-cert-auth.test @@ -23,7 +23,7 @@ def on_disconnect(mqttc, obj, rc): run = -1 mqttc = mqtt.Client("08-ssl-connect-crt-auth", run) -mqttc.tls_set("../ssl/test-ca.crt", "../ssl/client.crt", "../ssl/client.key") +mqttc.tls_set("../ssl/all-ca.crt", "../ssl/client.crt", "../ssl/client.key") mqttc.on_connect = on_connect mqttc.on_disconnect = on_disconnect diff --git a/test/lib/python3/08-ssl-connect-no-auth.test b/test/lib/python3/08-ssl-connect-no-auth.test index a46b4a0..afdc139 100755 --- a/test/lib/python3/08-ssl-connect-no-auth.test +++ b/test/lib/python3/08-ssl-connect-no-auth.test @@ -23,7 +23,7 @@ def on_disconnect(mqttc, obj, rc): run = -1 mqttc = mqtt.Client("08-ssl-connect-no-auth", run) -mqttc.tls_set("../ssl/test-ca.crt") +mqttc.tls_set("../ssl/all-ca.crt") mqttc.on_connect = on_connect mqttc.on_disconnect = on_disconnect diff --git a/test/lib/python3/08-ssl-fake-cacert.test b/test/lib/python3/08-ssl-fake-cacert.test index f9b06d9..fbccc06 100755 --- a/test/lib/python3/08-ssl-fake-cacert.test +++ b/test/lib/python3/08-ssl-fake-cacert.test @@ -18,7 +18,7 @@ def on_connect(mqttc, obj, rc): exit(1) mqttc = mqtt.Client("08-ssl-fake-cacert") -mqttc.tls_set("../ssl/fake-ca.crt", "../ssl/client.crt", "../ssl/client.key") +mqttc.tls_set("../ssl/test-fake-root-ca.crt", "../ssl/client.crt", "../ssl/client.key") mqttc.on_connect = on_connect try: diff --git a/test/ssl/all-ca.crt b/test/ssl/all-ca.crt new file mode 100644 index 0000000..592d8e5 --- /dev/null +++ b/test/ssl/all-ca.crt @@ -0,0 +1,74 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=GB, ST=Derbyshire, L=Derby, O=Paho Project, OU=Testing, CN=Root CA + Validity + Not Before: Jul 29 19:21:30 2013 GMT + Not After : Jul 28 19:21:30 2018 GMT + Subject: C=GB, ST=Derbyshire, O=Paho Project, OU=Testing, CN=Signing CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:dc:26:78:40:ae:b2:ad:2f:26:12:0a:d5:b1:18: + 80:16:d8:88:be:0b:42:ce:32:ad:12:d5:f5:78:1b: + 35:28:f2:13:1b:05:09:fb:7e:d7:d9:a1:8a:0d:4a: + fe:95:37:d4:16:75:83:e4:6a:44:34:33:57:2e:49: + ba:bc:b4:cf:d0:c0:87:e0:bc:f0:60:76:14:00:d6: + eb:cb:f6:db:b3:43:f1:c8:4d:4a:0a:bb:e0:37:7c: + 8e:93:1f:a0:87:68:59:fe:0c:25:40:f3:7c:fd:71: + 90:55:ef:de:18:b4:08:86:c9:75:c2:99:2f:ce:12: + bf:c5:5e:cf:5f:f1:06:53:07 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 29:4D:6E:C7:F2:F7:71:72:DA:27:9C:9C:AB:DA:07:1D:47:9C:D8:41 + X509v3 Authority Key Identifier: + keyid:4A:2B:69:D6:31:1D:A3:68:E8:46:6F:FB:4B:F3:8E:B6:8D:51:0E:BF + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha1WithRSAEncryption + 48:ec:d7:80:8a:8f:82:a6:42:b1:89:2c:b9:4b:6d:0a:37:b8: + 72:19:05:de:75:80:0c:d6:41:97:b2:d7:fe:99:cb:7e:c4:0e: + 77:97:09:a8:9f:87:ff:0b:de:3f:1c:dc:1e:fe:09:36:a7:f5: + 54:9a:85:4e:fb:6f:27:fe:0f:29:45:61:8d:07:c6:0c:da:37: + 3d:a3:69:4b:82:71:e6:24:e0:87:a6:ee:d5:87:61:dd:8f:08: + fe:33:a6:1f:ae:b2:ae:1f:d8:2c:20:c8:a6:fc:33:0e:82:68: + 80:23:61:10:ad:5c:1d:80:d6:b1:5f:e4:af:66:6d:63:10:e4: + 96:e4 +-----BEGIN CERTIFICATE----- +MIICkzCCAfygAwIBAgIBATANBgkqhkiG9w0BAQUFADBtMQswCQYDVQQGEwJHQjET +MBEGA1UECAwKRGVyYnlzaGlyZTEOMAwGA1UEBwwFRGVyYnkxFTATBgNVBAoMDFBh +aG8gUHJvamVjdDEQMA4GA1UECwwHVGVzdGluZzEQMA4GA1UEAwwHUm9vdCBDQTAe +Fw0xMzA3MjkxOTIxMzBaFw0xODA3MjgxOTIxMzBaMGAxCzAJBgNVBAYTAkdCMRMw +EQYDVQQIDApEZXJieXNoaXJlMRUwEwYDVQQKDAxQYWhvIFByb2plY3QxEDAOBgNV +BAsMB1Rlc3RpbmcxEzARBgNVBAMMClNpZ25pbmcgQ0EwgZ8wDQYJKoZIhvcNAQEB +BQADgY0AMIGJAoGBANwmeECusq0vJhIK1bEYgBbYiL4LQs4yrRLV9XgbNSjyExsF +Cft+19mhig1K/pU31BZ1g+RqRDQzVy5Jury0z9DAh+C88GB2FADW68v227ND8chN +Sgq74Dd8jpMfoIdoWf4MJUDzfP1xkFXv3hi0CIbJdcKZL84Sv8Vez1/xBlMHAgMB +AAGjUDBOMB0GA1UdDgQWBBQpTW7H8vdxctonnJyr2gcdR5zYQTAfBgNVHSMEGDAW +gBRKK2nWMR2jaOhGb/tL8462jVEOvzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEB +BQUAA4GBAEjs14CKj4KmQrGJLLlLbQo3uHIZBd51gAzWQZey1/6Zy37EDneXCaif +h/8L3j8c3B7+CTan9VSahU77byf+DylFYY0HxgzaNz2jaUuCceYk4Iem7tWHYd2P +CP4zph+usq4f2CwgyKb8Mw6CaIAjYRCtXB2A1rFf5K9mbWMQ5Jbk +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICqDCCAhGgAwIBAgIJAKrzwmdXIUxsMA0GCSqGSIb3DQEBBQUAMG0xCzAJBgNV +BAYTAkdCMRMwEQYDVQQIDApEZXJieXNoaXJlMQ4wDAYDVQQHDAVEZXJieTEVMBMG +A1UECgwMUGFobyBQcm9qZWN0MRAwDgYDVQQLDAdUZXN0aW5nMRAwDgYDVQQDDAdS +b290IENBMB4XDTEzMDcyOTE5MjEyOVoXDTIzMDcyNzE5MjEyOVowbTELMAkGA1UE +BhMCR0IxEzARBgNVBAgMCkRlcmJ5c2hpcmUxDjAMBgNVBAcMBURlcmJ5MRUwEwYD +VQQKDAxQYWhvIFByb2plY3QxEDAOBgNVBAsMB1Rlc3RpbmcxEDAOBgNVBAMMB1Jv +b3QgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKbPzEEWCKsjjwjJ787u +Q32k5EdqoDddMEjSVbZNSNEwUew1L7O8NTbmtCEeVFQjOLAdmdiF3rQbXHV+Zew0 +jt2g4vtPpl1GOG6jA/6YznKAyQdvGCdYfGZUN2tN+mbtVxWqkHZitQDQGaSHnx24 +NX649La2uyFy+7l9o8++xPONAgMBAAGjUDBOMB0GA1UdDgQWBBRKK2nWMR2jaOhG +b/tL8462jVEOvzAfBgNVHSMEGDAWgBRKK2nWMR2jaOhGb/tL8462jVEOvzAMBgNV +HRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAEd+gW86/W+fisz5PFHAeEw7zn9q +dzLHm7+QZgNLZ9h7/ZbhObRUFMRtU2xm4amyh85h7hUE5R2E2uW2OXumic7/D4ZD +6unjr4m5jwVWDTqTUYIcNSriyoDWAVlPfOWaU5NyUhqS1DM28tvOWVHVLCxmVcZl +tJQqo5eHbQ/+Hjfx +-----END CERTIFICATE----- diff --git a/test/ssl/client-expired.crt b/test/ssl/client-expired.crt index d6df974..0fa27da 100644 --- a/test/ssl/client-expired.crt +++ b/test/ssl/client-expired.crt @@ -1,17 +1,61 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 3 (0x3) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=GB, ST=Derbyshire, O=Paho Project, OU=Testing, CN=Signing CA + Validity + Not Before: Aug 20 00:00:00 2012 GMT + Not After : Aug 21 00:00:00 2012 GMT + Subject: C=GB, ST=Nottinghamshire, L=Nottingham, O=Server, OU=Production, CN=test client expired + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:dc:17:82:af:47:dc:71:77:73:c3:69:11:4b:ff: + 27:0e:29:4b:e6:6f:11:78:e4:56:88:c9:34:13:12: + e1:82:ec:24:fe:65:c8:9d:bb:05:54:20:d0:b4:31: + b9:4b:87:f8:4d:e5:c1:ba:99:f8:a2:cc:ff:8e:89: + f2:7a:68:2f:53:42:4d:73:19:5e:ca:7e:b2:fe:3b: + f7:d1:bc:e8:24:fa:77:47:ee:a4:89:cf:d1:dc:e9: + 99:3f:da:0e:d0:1e:c6:40:d2:60:ee:38:83:4e:a4: + dd:46:a3:6a:ac:c9:61:af:d5:23:9d:23:14:b5:31: + d5:ca:66:7a:30:3f:c2:ce:59 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + 17:CD:6D:67:FB:7D:77:59:0F:6C:F1:9B:0E:B0:EB:AE:BE:E0:9D:47 + X509v3 Authority Key Identifier: + keyid:29:4D:6E:C7:F2:F7:71:72:DA:27:9C:9C:AB:DA:07:1D:47:9C:D8:41 + + Signature Algorithm: sha1WithRSAEncryption + 7f:c3:be:e2:5b:d5:68:27:a6:ea:5a:9d:13:f1:21:47:56:7e: + 19:1e:35:47:2c:35:ff:df:81:71:9a:89:04:d0:f1:e6:49:ee: + c7:2a:a7:5d:2e:f2:19:18:77:f3:fe:c8:21:87:28:51:d5:1a: + 1b:7d:d3:36:58:42:39:df:7b:c8:41:a5:71:1f:56:6c:67:c5: + ee:07:45:ad:1a:91:ed:89:ce:ee:8e:48:cd:32:8e:a4:6a:ae: + 55:bb:3d:c0:77:e7:7a:e3:9d:25:d0:5c:03:6c:be:25:16:67: + 0f:d5:e3:c9:7a:c3:66:8d:8b:09:bf:e5:3d:b7:31:d6:80:d6: + fd:c7 -----BEGIN CERTIFICATE----- -MIICpDCCAg0CCQDNrg5WSiiRqDANBgkqhkiG9w0BAQUFADCBoDELMAkGA1UEBhMC -R0IxFzAVBgNVBAgMDlVuaXRlZCBLaW5nZG9tMQ4wDAYDVQQHDAVEZXJieTEdMBsG -A1UECgwUTW9zcXVpdHRvIFRlc3QgU3VpdGUxDzANBgNVBAsMBkJyb2tlcjEXMBUG -A1UEAwwOYnJva2VyLXRlc3QtY2ExHzAdBgkqhkiG9w0BCQEWEHRlc3RAZXhhbXBs -ZS5jb20wHhcNMTIwNzAzMTQ0MDA3WhcNMTIwNzA0MTQ0MDA3WjCBizELMAkGA1UE -BhMCR0IxFzAVBgNVBAgMDlVuaXRlZCBLaW5nZG9tMQ4wDAYDVQQHDAVEZXJieTEd -MBsGA1UECgwUTW9zcXVpdHRvIFRlc3QgU3VpdGUxFDASBgNVBAsMC0Jyb2tlciBU -ZXN0MR4wHAYDVQQDDBVsb2NhbGhvc3QtY2xpZW50LXRlc3QwgZ8wDQYJKoZIhvcN -AQEBBQADgY0AMIGJAoGBAM1kzx27D7TooydBNi6tTIMvstPZqFviwN5JGCKxs0wI -ZAdVP1HNeECioww4HiMO6J6IfcLppLDuWr1pteSG471MjGLPc0Z6UKNejKntM30p -7649fBZ9DIomVKTJHya/jtU8hIJfSpY29FKGOe3gVjg99nFZtB1dGnycQys5FRVZ -AgMBAAEwDQYJKoZIhvcNAQEFBQADgYEACkRM53UdHTXhDNv+xZk6DJyNneEm0BWG -u9IExujL1YKbEIxlOncacDEzAYe3YbcnzN+1rgYel2l8Oq7Esb4OhlM5ftzfNLw5 -p2uM1QWzB1N1pwJ7BMtlkFuL+JI+VikaVdqvV9YhCDxIUUujoMsXLYzVOVMQbToJ -YedFIjsMj6s= +MIIC0jCCAjugAwIBAgIBAzANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJHQjET +MBEGA1UECAwKRGVyYnlzaGlyZTEVMBMGA1UECgwMUGFobyBQcm9qZWN0MRAwDgYD +VQQLDAdUZXN0aW5nMRMwEQYDVQQDDApTaWduaW5nIENBMB4XDTEyMDgyMDAwMDAw +MFoXDTEyMDgyMTAwMDAwMFowgYAxCzAJBgNVBAYTAkdCMRgwFgYDVQQIDA9Ob3R0 +aW5naGFtc2hpcmUxEzARBgNVBAcMCk5vdHRpbmdoYW0xDzANBgNVBAoMBlNlcnZl +cjETMBEGA1UECwwKUHJvZHVjdGlvbjEcMBoGA1UEAwwTdGVzdCBjbGllbnQgZXhw +aXJlZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA3BeCr0fccXdzw2kRS/8n +DilL5m8ReORWiMk0ExLhguwk/mXInbsFVCDQtDG5S4f4TeXBupn4osz/jonyemgv +U0JNcxleyn6y/jv30bzoJPp3R+6kic/R3OmZP9oO0B7GQNJg7jiDTqTdRqNqrMlh +r9UjnSMUtTHVymZ6MD/CzlkCAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhC +AQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFBfN +bWf7fXdZD2zxmw6w666+4J1HMB8GA1UdIwQYMBaAFClNbsfy93Fy2iecnKvaBx1H +nNhBMA0GCSqGSIb3DQEBBQUAA4GBAH/DvuJb1WgnpupanRPxIUdWfhkeNUcsNf/f +gXGaiQTQ8eZJ7scqp10u8hkYd/P+yCGHKFHVGht90zZYQjnfe8hBpXEfVmxnxe4H +Ra0ake2Jzu6OSM0yjqRqrlW7PcB353rjnSXQXANsviUWZw/V48l6w2aNiwm/5T23 +MdaA1v3H -----END CERTIFICATE----- diff --git a/test/ssl/client-revoked.crt b/test/ssl/client-revoked.crt index ac70249..ed93ffe 100644 --- a/test/ssl/client-revoked.crt +++ b/test/ssl/client-revoked.crt @@ -1,17 +1,61 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4 (0x4) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=GB, ST=Derbyshire, O=Paho Project, OU=Testing, CN=Signing CA + Validity + Not Before: Jul 29 19:21:31 2013 GMT + Not After : Jul 28 19:21:31 2018 GMT + Subject: C=GB, ST=Nottinghamshire, L=Nottingham, O=Server, OU=Production, CN=test client revoked + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:bb:3b:8f:80:95:a8:32:56:ed:b9:c0:79:7f:36: + ef:33:39:1b:b1:c3:1c:0b:51:1b:0a:d4:04:ee:39: + 94:ab:fe:bb:d5:c9:72:be:e0:4c:f4:17:17:fe:a4: + e1:f1:69:2c:67:89:63:e7:0f:84:db:6c:bb:12:fb: + 29:4f:63:11:da:cc:22:85:c4:e8:bf:01:ea:3b:43: + b5:32:48:85:39:74:e5:0d:79:f1:12:19:01:b3:48: + bc:be:aa:9a:74:95:bb:d1:a6:78:51:cc:5b:0f:bc: + af:78:01:7b:42:36:43:41:49:7a:25:24:7e:1c:17: + 3a:4e:bb:a2:e9:65:3c:86:87 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + D8:E8:12:3D:B4:66:6A:1C:DC:F7:14:0D:55:0D:9D:81:A7:1C:52:35 + X509v3 Authority Key Identifier: + keyid:29:4D:6E:C7:F2:F7:71:72:DA:27:9C:9C:AB:DA:07:1D:47:9C:D8:41 + + Signature Algorithm: sha1WithRSAEncryption + 07:18:d5:41:31:1b:85:fe:ab:e9:f5:48:c1:c6:38:e1:28:28: + 90:66:10:8c:d7:ef:15:b7:da:89:5e:78:7d:dc:e5:45:e6:2a: + df:1f:3d:80:5f:0c:87:c8:5c:7e:bd:5b:1c:e3:a0:e2:ab:ee: + e7:8b:82:ec:94:2a:c4:1e:62:fd:4f:f7:ce:78:8f:a5:5a:96: + a7:76:3b:f5:37:73:1f:a0:d7:f0:6f:c5:d6:42:6a:bd:51:2d: + f1:4c:1b:3e:63:51:3f:47:7f:88:a7:16:de:c7:c0:3c:96:78: + a7:76:17:b9:48:85:83:18:bf:9d:b6:14:fa:1e:63:f9:86:2c: + 8a:b1 -----BEGIN CERTIFICATE----- -MIICpDCCAg0CCQDNrg5WSiiRpzANBgkqhkiG9w0BAQUFADCBoDELMAkGA1UEBhMC -R0IxFzAVBgNVBAgMDlVuaXRlZCBLaW5nZG9tMQ4wDAYDVQQHDAVEZXJieTEdMBsG -A1UECgwUTW9zcXVpdHRvIFRlc3QgU3VpdGUxDzANBgNVBAsMBkJyb2tlcjEXMBUG -A1UEAwwOYnJva2VyLXRlc3QtY2ExHzAdBgkqhkiG9w0BCQEWEHRlc3RAZXhhbXBs -ZS5jb20wHhcNMTIwNzAzMTQ0MDAwWhcNMzkxMTE4MTQ0MDAwWjCBizELMAkGA1UE -BhMCR0IxFzAVBgNVBAgMDlVuaXRlZCBLaW5nZG9tMQ4wDAYDVQQHDAVEZXJieTEd -MBsGA1UECgwUTW9zcXVpdHRvIFRlc3QgU3VpdGUxFDASBgNVBAsMC0Jyb2tlciBU -ZXN0MR4wHAYDVQQDDBVsb2NhbGhvc3QtY2xpZW50LXRlc3QwgZ8wDQYJKoZIhvcN -AQEBBQADgY0AMIGJAoGBAM1kzx27D7TooydBNi6tTIMvstPZqFviwN5JGCKxs0wI -ZAdVP1HNeECioww4HiMO6J6IfcLppLDuWr1pteSG471MjGLPc0Z6UKNejKntM30p -7649fBZ9DIomVKTJHya/jtU8hIJfSpY29FKGOe3gVjg99nFZtB1dGnycQys5FRVZ -AgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAXB40zdyBFQ7BjDbDFV/vcx4E2rpVxnQ4 -vtJ8TE7aaBqS9QmxlWYnx8ys/q51mVmOxbA/aIFllaSyR+P0MrgZfbWFtb/PK2IV -VnCciP7dfwqbnsW3ziRUq+mTaaNDPtT+YJrLJyTYNZPRvGIBHOt0NKzNCyvO37v3 -op7ELGt0I+E= +MIIC0jCCAjugAwIBAgIBBDANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJHQjET +MBEGA1UECAwKRGVyYnlzaGlyZTEVMBMGA1UECgwMUGFobyBQcm9qZWN0MRAwDgYD +VQQLDAdUZXN0aW5nMRMwEQYDVQQDDApTaWduaW5nIENBMB4XDTEzMDcyOTE5MjEz +MVoXDTE4MDcyODE5MjEzMVowgYAxCzAJBgNVBAYTAkdCMRgwFgYDVQQIDA9Ob3R0 +aW5naGFtc2hpcmUxEzARBgNVBAcMCk5vdHRpbmdoYW0xDzANBgNVBAoMBlNlcnZl +cjETMBEGA1UECwwKUHJvZHVjdGlvbjEcMBoGA1UEAwwTdGVzdCBjbGllbnQgcmV2 +b2tlZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuzuPgJWoMlbtucB5fzbv +MzkbscMcC1EbCtQE7jmUq/671clyvuBM9BcX/qTh8WksZ4lj5w+E22y7EvspT2MR +2swihcTovwHqO0O1MkiFOXTlDXnxEhkBs0i8vqqadJW70aZ4UcxbD7yveAF7QjZD +QUl6JSR+HBc6Trui6WU8hocCAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhC +AQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFNjo +Ej20Zmoc3PcUDVUNnYGnHFI1MB8GA1UdIwQYMBaAFClNbsfy93Fy2iecnKvaBx1H +nNhBMA0GCSqGSIb3DQEBBQUAA4GBAAcY1UExG4X+q+n1SMHGOOEoKJBmEIzX7xW3 +2oleeH3c5UXmKt8fPYBfDIfIXH69WxzjoOKr7ueLguyUKsQeYv1P9854j6Valqd2 +O/U3cx+g1/BvxdZCar1RLfFMGz5jUT9Hf4inFt7HwDyWeKd2F7lIhYMYv522FPoe +Y/mGLIqx -----END CERTIFICATE----- diff --git a/test/ssl/client-revoked.csr b/test/ssl/client-revoked.csr deleted file mode 100644 index 1314812..0000000 --- a/test/ssl/client-revoked.csr +++ /dev/null @@ -1,12 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIIBzDCCATUCAQAwgYsxCzAJBgNVBAYTAkdCMRcwFQYDVQQIDA5Vbml0ZWQgS2lu -Z2RvbTEOMAwGA1UEBwwFRGVyYnkxHTAbBgNVBAoMFE1vc3F1aXR0byBUZXN0IFN1 -aXRlMRQwEgYDVQQLDAtCcm9rZXIgVGVzdDEeMBwGA1UEAwwVbG9jYWxob3N0LWNs -aWVudC10ZXN0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNZM8duw+06KMn -QTYurUyDL7LT2ahb4sDeSRgisbNMCGQHVT9RzXhAoqMMOB4jDuieiH3C6aSw7lq9 -abXkhuO9TIxiz3NGelCjXoyp7TN9Ke+uPXwWfQyKJlSkyR8mv47VPISCX0qWNvRS -hjnt4FY4PfZxWbQdXRp8nEMrORUVWQIDAQABoAAwDQYJKoZIhvcNAQEFBQADgYEA -uzoEdsl3JkiNIviQzDtr67k6L/vogtVSgRnCFCel16Q0i1W+mVAwUqYArwf/7fwp -UhZPd8NLSVT1pn4Nj2a2Q7S3GMpMguiQlhCol7hZOrNpc0fDGg1JSmYjCEmm3TOl -Z49eyqmE8r4xdDEAyPk3u21HYrZ5RshyS/8vfPwqR9o= ------END CERTIFICATE REQUEST----- diff --git a/test/ssl/client-revoked.key b/test/ssl/client-revoked.key index 479a528..279ea99 100644 --- a/test/ssl/client-revoked.key +++ b/test/ssl/client-revoked.key @@ -1,15 +1,15 @@ -----BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQDNZM8duw+06KMnQTYurUyDL7LT2ahb4sDeSRgisbNMCGQHVT9R -zXhAoqMMOB4jDuieiH3C6aSw7lq9abXkhuO9TIxiz3NGelCjXoyp7TN9Ke+uPXwW -fQyKJlSkyR8mv47VPISCX0qWNvRShjnt4FY4PfZxWbQdXRp8nEMrORUVWQIDAQAB -AoGAdcKxuUMSG1AykwQhk5uKvcBwUGR/0cbte8T+0I1/1j0NVOL8feNHag+VWiEm -rkUS/CoXqNQat9LBNc5RGmh4U35orG2xi/EqcBnp/Mse2UqnOTYO3xjeP+JQBtR9 -EiutMTabnaOIXox2bfb3olKA5b6phTt9Y0v8Li/jbVAhw3ECQQDslDu6ZvkKoljU -VICOteQMMPESsrXVPs5brtxyK2LQn+GBwXvy7d655Ql9jUkyops546aTB6JgYOMs -zDD3oJ7FAkEA3kE1wwap7NxtYSEbtwyIa7r+IKezG9IPwG27EHjTjPBgclOk0ZOf -W51ZD/CYNbA7fYAbqREeBwzhe5u0jfHFhQJBAOccL/T6nxMqYYibPDMtsSfPr9FK -T6OQBVs/SQ8nHxMa/NsbPpCkm04SVuEV4onam7VDlPhRHujz/TlICBYADNkCQEaA -XwJ3ea2mGphF/VmqgxfRYE2RhNJdZxu+cyl9enXpxl5dxBmq/1D7b8YLpuzY83YT -DjMqN+E6p8gjEzo3qFUCQGaSni6qTT9pT22uT3QwLthOPdVacV6a55Ci6g4XaFUR -/Es/nQdkZTbCI1ufGV2Usodsqas+lNGqnClGVHqcUg8= +MIICWwIBAAKBgQC7O4+AlagyVu25wHl/Nu8zORuxwxwLURsK1ATuOZSr/rvVyXK+ +4Ez0Fxf+pOHxaSxniWPnD4TbbLsS+ylPYxHazCKFxOi/Aeo7Q7UySIU5dOUNefES +GQGzSLy+qpp0lbvRpnhRzFsPvK94AXtCNkNBSXolJH4cFzpOu6LpZTyGhwIDAQAB +AoGABGk60ES2WblCkIXAVwbsS8CkrmNyXbHjeTXVh+dDYWn28up0EZsnNPj2T8GC +sTVRHn9WIzNyZdkB70iLiJtE6GBW2gJ0wZnPXXP41AXFLsKzNN4tay50I/jLq4K6 +1iJ48B/18n7XuvVl+AllAwfu+oC/c3yrkE6xIBr152RXl0ECQQDznby6Z3cVTEgJ +GOk7slyedoZhdTR4XReEuvYp7c/2akch68KiADzZLHpCqMxq03kCP14vScBRSfKR +9UDRTT3FAkEAxMAVwcGaZnzpZAO/VZPE+z7ZGsHw4cAPrDDSDYyqX83LXRNyhC7A +y3t1OqtCkhEzw5bsvabuoeNLkXg2Igfj2wJAYiN8INeHaGQHbOrFIlBS8V8r+Vy+ +23IdBFJQ0klECq97olWYXayc1pwNUIcxeiNgzx/58DDUsaqJdnUHPInSRQJAKFbt +3w0P2CWSQLRX/XbPs2e+YbMT7WVQkVBtMOP/ZqcuJAZBu4JOeynz7jSA8KvgPiDq +pzPbx4tvygKorq+JcwJATDLs/UNawCQh1E6VEYXDPzSAhF1eYjvkgt97SzZEgJGb +C4/aRXGjhsJQxHzcyCt4EUdz+2mkxD3L2Qgnq2IXaw== -----END RSA PRIVATE KEY----- diff --git a/test/ssl/client.crt b/test/ssl/client.crt index ac70249..b007d4c 100644 --- a/test/ssl/client.crt +++ b/test/ssl/client.crt @@ -1,17 +1,60 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=GB, ST=Derbyshire, O=Paho Project, OU=Testing, CN=Signing CA + Validity + Not Before: Jul 29 19:21:31 2013 GMT + Not After : Jul 28 19:21:31 2018 GMT + Subject: C=GB, ST=Nottinghamshire, L=Nottingham, O=Server, OU=Production, CN=test client + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:dc:17:82:af:47:dc:71:77:73:c3:69:11:4b:ff: + 27:0e:29:4b:e6:6f:11:78:e4:56:88:c9:34:13:12: + e1:82:ec:24:fe:65:c8:9d:bb:05:54:20:d0:b4:31: + b9:4b:87:f8:4d:e5:c1:ba:99:f8:a2:cc:ff:8e:89: + f2:7a:68:2f:53:42:4d:73:19:5e:ca:7e:b2:fe:3b: + f7:d1:bc:e8:24:fa:77:47:ee:a4:89:cf:d1:dc:e9: + 99:3f:da:0e:d0:1e:c6:40:d2:60:ee:38:83:4e:a4: + dd:46:a3:6a:ac:c9:61:af:d5:23:9d:23:14:b5:31: + d5:ca:66:7a:30:3f:c2:ce:59 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + 17:CD:6D:67:FB:7D:77:59:0F:6C:F1:9B:0E:B0:EB:AE:BE:E0:9D:47 + X509v3 Authority Key Identifier: + keyid:29:4D:6E:C7:F2:F7:71:72:DA:27:9C:9C:AB:DA:07:1D:47:9C:D8:41 + + Signature Algorithm: sha1WithRSAEncryption + b4:11:e8:8a:f5:21:d1:88:22:9e:f3:05:e6:47:c9:9d:87:10: + 09:a1:9c:f1:38:5b:a0:5a:b4:f5:fd:8d:cf:ae:01:7d:b4:a8: + 3c:dd:ed:17:b3:02:56:5b:4a:e6:17:58:8f:46:d4:02:97:95: + 0b:00:0e:b4:77:3e:ad:f0:ce:06:25:38:2d:ff:df:a4:0e:3b: + 83:73:f7:a3:da:c1:a1:24:68:a2:18:71:81:4e:3b:26:5a:e2: + 10:9a:27:95:85:a8:3c:47:3a:60:49:21:2f:12:90:fc:4a:f0: + 71:4d:bc:19:2a:06:07:f4:35:d9:8d:1d:b2:85:93:61:17:45: + 26:9a -----BEGIN CERTIFICATE----- -MIICpDCCAg0CCQDNrg5WSiiRpzANBgkqhkiG9w0BAQUFADCBoDELMAkGA1UEBhMC -R0IxFzAVBgNVBAgMDlVuaXRlZCBLaW5nZG9tMQ4wDAYDVQQHDAVEZXJieTEdMBsG -A1UECgwUTW9zcXVpdHRvIFRlc3QgU3VpdGUxDzANBgNVBAsMBkJyb2tlcjEXMBUG -A1UEAwwOYnJva2VyLXRlc3QtY2ExHzAdBgkqhkiG9w0BCQEWEHRlc3RAZXhhbXBs -ZS5jb20wHhcNMTIwNzAzMTQ0MDAwWhcNMzkxMTE4MTQ0MDAwWjCBizELMAkGA1UE -BhMCR0IxFzAVBgNVBAgMDlVuaXRlZCBLaW5nZG9tMQ4wDAYDVQQHDAVEZXJieTEd -MBsGA1UECgwUTW9zcXVpdHRvIFRlc3QgU3VpdGUxFDASBgNVBAsMC0Jyb2tlciBU -ZXN0MR4wHAYDVQQDDBVsb2NhbGhvc3QtY2xpZW50LXRlc3QwgZ8wDQYJKoZIhvcN -AQEBBQADgY0AMIGJAoGBAM1kzx27D7TooydBNi6tTIMvstPZqFviwN5JGCKxs0wI -ZAdVP1HNeECioww4HiMO6J6IfcLppLDuWr1pteSG471MjGLPc0Z6UKNejKntM30p -7649fBZ9DIomVKTJHya/jtU8hIJfSpY29FKGOe3gVjg99nFZtB1dGnycQys5FRVZ -AgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAXB40zdyBFQ7BjDbDFV/vcx4E2rpVxnQ4 -vtJ8TE7aaBqS9QmxlWYnx8ys/q51mVmOxbA/aIFllaSyR+P0MrgZfbWFtb/PK2IV -VnCciP7dfwqbnsW3ziRUq+mTaaNDPtT+YJrLJyTYNZPRvGIBHOt0NKzNCyvO37v3 -op7ELGt0I+E= +MIICyTCCAjKgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJHQjET +MBEGA1UECAwKRGVyYnlzaGlyZTEVMBMGA1UECgwMUGFobyBQcm9qZWN0MRAwDgYD +VQQLDAdUZXN0aW5nMRMwEQYDVQQDDApTaWduaW5nIENBMB4XDTEzMDcyOTE5MjEz +MVoXDTE4MDcyODE5MjEzMVoweDELMAkGA1UEBhMCR0IxGDAWBgNVBAgMD05vdHRp +bmdoYW1zaGlyZTETMBEGA1UEBwwKTm90dGluZ2hhbTEPMA0GA1UECgwGU2VydmVy +MRMwEQYDVQQLDApQcm9kdWN0aW9uMRQwEgYDVQQDDAt0ZXN0IGNsaWVudDCBnzAN +BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA3BeCr0fccXdzw2kRS/8nDilL5m8ReORW +iMk0ExLhguwk/mXInbsFVCDQtDG5S4f4TeXBupn4osz/jonyemgvU0JNcxleyn6y +/jv30bzoJPp3R+6kic/R3OmZP9oO0B7GQNJg7jiDTqTdRqNqrMlhr9UjnSMUtTHV +ymZ6MD/CzlkCAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3Bl +blNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFBfNbWf7fXdZD2zx +mw6w666+4J1HMB8GA1UdIwQYMBaAFClNbsfy93Fy2iecnKvaBx1HnNhBMA0GCSqG +SIb3DQEBBQUAA4GBALQR6Ir1IdGIIp7zBeZHyZ2HEAmhnPE4W6BatPX9jc+uAX20 +qDzd7RezAlZbSuYXWI9G1AKXlQsADrR3Pq3wzgYlOC3/36QOO4Nz96PawaEkaKIY +cYFOOyZa4hCaJ5WFqDxHOmBJIS8SkPxK8HFNvBkqBgf0NdmNHbKFk2EXRSaa -----END CERTIFICATE----- diff --git a/test/ssl/client.key b/test/ssl/client.key index 479a528..4be1b32 100644 --- a/test/ssl/client.key +++ b/test/ssl/client.key @@ -1,15 +1,15 @@ -----BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQDNZM8duw+06KMnQTYurUyDL7LT2ahb4sDeSRgisbNMCGQHVT9R -zXhAoqMMOB4jDuieiH3C6aSw7lq9abXkhuO9TIxiz3NGelCjXoyp7TN9Ke+uPXwW -fQyKJlSkyR8mv47VPISCX0qWNvRShjnt4FY4PfZxWbQdXRp8nEMrORUVWQIDAQAB -AoGAdcKxuUMSG1AykwQhk5uKvcBwUGR/0cbte8T+0I1/1j0NVOL8feNHag+VWiEm -rkUS/CoXqNQat9LBNc5RGmh4U35orG2xi/EqcBnp/Mse2UqnOTYO3xjeP+JQBtR9 -EiutMTabnaOIXox2bfb3olKA5b6phTt9Y0v8Li/jbVAhw3ECQQDslDu6ZvkKoljU -VICOteQMMPESsrXVPs5brtxyK2LQn+GBwXvy7d655Ql9jUkyops546aTB6JgYOMs -zDD3oJ7FAkEA3kE1wwap7NxtYSEbtwyIa7r+IKezG9IPwG27EHjTjPBgclOk0ZOf -W51ZD/CYNbA7fYAbqREeBwzhe5u0jfHFhQJBAOccL/T6nxMqYYibPDMtsSfPr9FK -T6OQBVs/SQ8nHxMa/NsbPpCkm04SVuEV4onam7VDlPhRHujz/TlICBYADNkCQEaA -XwJ3ea2mGphF/VmqgxfRYE2RhNJdZxu+cyl9enXpxl5dxBmq/1D7b8YLpuzY83YT -DjMqN+E6p8gjEzo3qFUCQGaSni6qTT9pT22uT3QwLthOPdVacV6a55Ci6g4XaFUR -/Es/nQdkZTbCI1ufGV2Usodsqas+lNGqnClGVHqcUg8= +MIICXAIBAAKBgQDcF4KvR9xxd3PDaRFL/ycOKUvmbxF45FaIyTQTEuGC7CT+Zcid +uwVUINC0MblLh/hN5cG6mfiizP+OifJ6aC9TQk1zGV7KfrL+O/fRvOgk+ndH7qSJ +z9Hc6Zk/2g7QHsZA0mDuOINOpN1Go2qsyWGv1SOdIxS1MdXKZnowP8LOWQIDAQAB +AoGAa+NifoXdfAmwR7QzdGuJO5nmyPjdOcPE35yx2D/DKCiWIdbHNvq8q/bCF/Lg +ADSQ9a6Q/uYHSdbv13Gr2XFE8MSOCex5cWe7xcQ4jHM9AR4soMxDLXoEqia6QtFg +RLrVolER/h1QcqJ4pP3QC025JLADXTAvarKAJlkR4nQPigECQQD1xCdxY3mHkl0C +KSVVjyALKrRHoqIxu2w1qivfTqA/S02Ws5tn6g+lkAEUa7Jg2s1/U2HybRAdGz5v +fuIW7eOhAkEA5UGrc2z7TyfKIwO5I6aRLFMqwyMKVdO5v4RZlJGBhtGHLEd5nJMw +ueKLVAUa5/1LaowfLQxYZD+yF8dWdpbvuQJAAbik+hNTR5LL2fcFzuqYs9tRteq6 +rhR89odBlWfMkYTqfzK01O57u5Idn9H9RtZheBHSbss6wKlvL4K4/KYf4QJAZKXk +A5TA8Atj7uNfkIs8CN2qVGk5zFxbm/0a5uLKnsm2MnZeqaLlLXaL/KMRIPBO/8Ps +m/Zjh/9+zHmzN/Uj4QJBAPFmzczJDxDviQcEo7qL9J6JAJtijqDAgv9u1XpqIfIx +GveE+zuKYC2g2Absn1Art3dQgJAsttOF/40HykRLeGc= -----END RSA PRIVATE KEY----- diff --git a/test/ssl/crl.pem b/test/ssl/crl.pem index e8ae499..ddf31de 100644 --- a/test/ssl/crl.pem +++ b/test/ssl/crl.pem @@ -1,11 +1,10 @@ -----BEGIN X509 CRL----- -MIIBmDCCAQECAQEwDQYJKoZIhvcNAQEFBQAwgaAxCzAJBgNVBAYTAkdCMRcwFQYD -VQQIDA5Vbml0ZWQgS2luZ2RvbTEOMAwGA1UEBwwFRGVyYnkxHTAbBgNVBAoMFE1v -c3F1aXR0byBUZXN0IFN1aXRlMQ8wDQYDVQQLDAZCcm9rZXIxFzAVBgNVBAMMDmJy -b2tlci10ZXN0LWNhMR8wHQYJKoZIhvcNAQkBFhB0ZXN0QGV4YW1wbGUuY29tFw0x -MjA3MDMxNTU5MzFaFw0xMjA4MDIxNTU5MzFaMBwwGgIJAM2uDlZKKJGnFw0xMjA3 -MDMxNTU4NDZaoA4wDDAKBgNVHRQEAwIBAzANBgkqhkiG9w0BAQUFAAOBgQCPcwu3 -0rWWICxqPKPCXUWNgeoNygHt/n2Y+n+Y00LtHxAyfj0ag06GuW4cDH7CYNKsrt/s -59O+3VBRFisbMc1k3aSI5CFE4kSabR7OXOxnbNm/+3LFK80Wp17CjyEeFQrEg6tn -apeq3dUczj88uD7z5B/LtW5s+gGWcpgsDIA1wA== +MIIBTjCBuAIBATANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJHQjETMBEGA1UE +CAwKRGVyYnlzaGlyZTEVMBMGA1UECgwMUGFobyBQcm9qZWN0MRAwDgYDVQQLDAdU +ZXN0aW5nMRMwEQYDVQQDDApTaWduaW5nIENBFw0xMzA3MjkxOTIxMzFaFw0xMzA4 +MjgxOTIxMzFaMBQwEgIBBBcNMTMwNzI5MTkyMTMxWqAOMAwwCgYDVR0UBAMCAQEw +DQYJKoZIhvcNAQEFBQADgYEAqKuTRPtsyPDpOFg3PXmCJJJSoTCKwvhYf9GXCfub +OIJMM5IYfcPceLWhsakpJ4fzoFQwhkCB2gQZ9eyIW44FJfKL4EFLqQkj/gKwrXti +TQCii49XDyncCFNjUaWMqB6wYx7gVOLg8NPdE2iLNzhiA4RIWMbT0nyzM0AOzOGF ++k4= -----END X509 CRL----- diff --git a/test/ssl/fake-ca.crt b/test/ssl/fake-ca.crt deleted file mode 100644 index 209af42..0000000 --- a/test/ssl/fake-ca.crt +++ /dev/null @@ -1,25 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEITCCAwmgAwIBAgIJAJu8ZUmvHGqDMA0GCSqGSIb3DQEBBQUAMIGmMQswCQYD -VQQGEwJERTEQMA4GA1UECAwHR2VybWFueTEPMA0GA1UEBwwGQmVybGluMR8wHQYD -VQQKDBZGYWtlIENlcnRpZmljYXRlcyBHbWJoMRcwFQYDVQQLDA5Eb2RneSBEZWFs -aW5nczEZMBcGA1UEAwwQZmFrZS1jZXJ0aWZpY2F0ZTEfMB0GCSqGSIb3DQEJARYQ -ZmFrZUBleGFtcGxlLmNvbTAeFw0xMzAxMjUwOTE0MTJaFw0yMzAxMjMwOTE0MTJa -MIGmMQswCQYDVQQGEwJERTEQMA4GA1UECAwHR2VybWFueTEPMA0GA1UEBwwGQmVy -bGluMR8wHQYDVQQKDBZGYWtlIENlcnRpZmljYXRlcyBHbWJoMRcwFQYDVQQLDA5E -b2RneSBEZWFsaW5nczEZMBcGA1UEAwwQZmFrZS1jZXJ0aWZpY2F0ZTEfMB0GCSqG -SIb3DQEJARYQZmFrZUBleGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBAKRMCDzm2gYvw4LViJLqbyYJLozmv12IIO2XYq1ySVftJlx3rfsP -v67llJ56hncj/c53vCe9U1jcb/R+ycDMP+28XvnEaEGAsotO4W1ky60Sku8rUwKM -wIIMj5/bhPGCuZqw1PTlUfwb5BCcP1Kte+Tx4lElZZ7KgigWFFrxwlORUaRrVrBm -qervDlb4ze7iryShpPQRtWvzCxyXyEB2mD9QEwDdFRF3+mooqCfSxy/LlzMPn2dx -5MJtJ9M1dnjY8vI1GI+Uiw78GigJjlBLiZAfRRTlRWja/Q8vt/j0IbNQHKumfzEe -uTnl0UlpzzX5CpVtfZXJRXtF7KRnCBpMT5ECAwEAAaNQME4wHQYDVR0OBBYEFDA+ -RHNT+TYVdOAJ1YJWIfKlY/zIMB8GA1UdIwQYMBaAFDA+RHNT+TYVdOAJ1YJWIfKl -Y/zIMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAG2oSw+kBTD9/FGJ -+rYAmBchTQTMOS2RPgpudEwRapswLvnYhWh/Vos6I0oQaGu9wf7rYPdqmTsNPoke -/0j/Jqwp7/QEwtu6X0heqtAh/+FJVrpUlLbRoGbAuCb8rS3t3k8zGjaAKzNLB5vL -quy9f4TZI0ojyN7v4q6B5FTdjaaxQa5hFVRno98oipI6jghQsnL9oxqsBedKaRE5 -WowXviqK3umHh0zqfkzVptee5GsNt7MceKRAgWUE2qj70kp2ceSX8D9aoWEar5k8 -VmvWfTAgmFq9GPV2WhJAoDj7P8lGDdqqtoI5qJAg+KSjtC1MSzMDSy/xuW7eFdbJ -qJVuqN8= ------END CERTIFICATE----- diff --git a/test/ssl/fake-ca.key b/test/ssl/fake-ca.key deleted file mode 100644 index 1edfb1b..0000000 --- a/test/ssl/fake-ca.key +++ /dev/null @@ -1,30 +0,0 @@ ------BEGIN ENCRYPTED PRIVATE KEY----- -MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIqEGGNc7YpJYCAggA -MBQGCCqGSIb3DQMHBAiBEYk/9zv90QSCBMj06vSmv9YwCHKKSwyD2u7E+rbUbQz1 -UfY/Shf7zOvBTaELaSsctO9UpoAeWzPjkNvhhTsZIBhHxKomHc+YFBvAHLkUx7mk -9MT9zxC5hQd0k0lcYt4xc5HFpg8AVx34PGA2AnRCWKz+Aj+fgxV0U3tNIzAw8V0w -bZJGLFxQqhLXlME3Bd4iSG+oh5UzjhDvOVMTJoRsOpipOUfx/DKCMB23Z6987k7j -t45VucNF3BlbBlaUDOCUKecMtkYAjHn44D9JmvII53xF5PTUFMVjd3Xdqdo6jQBX -dN/HNigt2iDl1g0Wrere/8CjMFBuh3ANBrIF91eyj1xLTQ8+ZhBVRpEhgq11oMUd -5jqWUJgax7PTgY4wSK24dYak9iSaqi32+1+KxQW8gi2E+vtCBgTO8NbH1F7OJarK -wyUmRSE/hmD1XTLg6QEoKKl7/8WnGL5GkuppMkePHQj1YI5Dpwy4ElVFOzo7VvF0 -gqeLIFP7afE1BoTO7pcu8R30/KjHmg//LFJ4YksYMInyg1zv2djnoE7s/gwLA2jY -J95VhN7SA4r5kpVzHdkwscaQ1J1ss9BLGRSJ2NuMo5vrvFnAHnZ9pvhzUA2UveD9 -EKzSbR8KRZf/BFn6d06n1nVEyNtGvD0p427L4Fn1HmD1yOi5z/iQHpgHUektFrEl -LVduaLONwPyPXX3Gzzuy8ETQVRdiHA6J0ZQh/EpYPtsJ1MvmWMocQwKqaBvyQKc6 -CLop+2/MbAyJszUvUTJIDuXoHO4mm2u7G8h/4KOifDmRyERJdugQ+ZMu3LSgjl+e -/Bi5qSDcgzI3GJLBjTsnkY5yKSz9VpCvvIh0gXlZT/7aFTBkic5+cc2l3K4Sf6DF -C0FY2xfiNiFTsK2LZov4Dc7msv3Psfc0oCABpkv/i+lrHEMnJw3jj/KnVfw30/Gp -/0hgcGBpdQ7EJmGXKY/yAd7gA3frfQ6lT7Fr6MTD6v5LRY7ZfJAka3RCQM4DrIj4 -Tl+CnAskekL2Zgm0L5K1QuVOZkH0uJca7Dy6HEAlSB+EhYQ0F/HZA94Vp/ZjtOvp -cw9PJEztWLYSvsHwC9691vgkG79+YsI3mZ2i+t/Ps0zHe7EL6p3sbHp3h9FZj+7+ -rIfMWF7SGc0mQBNdwq+eyRg46LgZp4Za1R6ap5QoYFtV7cnHzZGeNAk6+ucmtviu -2y5p5d51J1Ll6KELKodDZ7PLUDez9l0JMSLurlysQI7uvM91za6gtjoWgGlhNqYb -/V8Zdj8jn2ri2fL3CGRHAQcPRDy26lzjh5DuHCXkHC8sn8cCl+wJWcBhU1GCrvlk -d0TJZWbm8MDKTxJ+vC/jn0PZkZ0v0fOzVFYgnIDmteBvOx8IRkJUYmIY/tcBcpUz -fMNXYedw9Xdd3dRdGcSuEPcFMtKWNX8H8GW6rydcj1wUsrYL7w8ONLWGWF1u09dQ -N9fV1PK4J3ZS7u6O5aR9Pp+aZIUTj1nUgZucTlmyeNe8wl2pNm1TDNZHuoG1ogFj -SFITR86ftxaYmn6oi5fbmbQN9n1zcSl4a+oAyldm1kwl2t8tbWlxmbfLiiPEkWlP -MZky8x63apLPx1aJ3cf8Ie+ZwmHSYHSvNP89KdLnHOhRULW1KejVyLjmmnlEIRTr -RUY= ------END ENCRYPTED PRIVATE KEY----- diff --git a/test/ssl/gen.sh b/test/ssl/gen.sh new file mode 100755 index 0000000..0ca5452 --- /dev/null +++ b/test/ssl/gen.sh @@ -0,0 +1,70 @@ +# This file generates the keys and certificates used for testing mosquitto. +# None of the keys are encrypted, so do not just use this script to generate +# files for your own use. + +rm -f *.crt *.key *.csr +for a in root signing; do + rm -rf ${a}CA/ + mkdir -p ${a}CA/newcerts + touch ${a}CA/index.txt + echo 01 > ${a}CA/serial + echo 01 > ${a}CA/crlnumber +done +rm -rf certs + +BASESUBJ="/C=GB/ST=Derbyshire/L=Derby/O=Paho Project/OU=Testing" +SBASESUBJ="/C=GB/ST=Nottinghamshire/L=Nottingham/O=Server/OU=Production" +BBASESUBJ="/C=GB/ST=Nottinghamshire/L=Nottingham/O=Server/OU=Bridge" + +# The root CA +openssl genrsa -out test-root-ca.key 1024 +openssl req -new -x509 -days 3650 -key test-root-ca.key -out test-root-ca.crt -config openssl.cnf -subj "${BASESUBJ}/CN=Root CA/" + +# Another root CA that doesn't sign anything +openssl genrsa -out test-bad-root-ca.key 1024 +openssl req -new -x509 -days 3650 -key test-bad-root-ca.key -out test-bad-root-ca.crt -config openssl.cnf -subj "${BASESUBJ}/CN=Bad Root CA/" + +# This is a root CA that has the exact same details as the real root CA, but is a different key and certificate. Effectively a "fake" CA. +openssl genrsa -out test-fake-root-ca.key 1024 +openssl req -new -x509 -days 3650 -key test-fake-root-ca.key -out test-fake-root-ca.crt -config openssl.cnf -subj "${BASESUBJ}/CN=Root CA/" + +# An intermediate CA, signed by the root CA, used to sign server/client csrs. +openssl genrsa -out test-signing-ca.key 1024 +openssl req -out test-signing-ca.csr -key test-signing-ca.key -new -config openssl.cnf -subj "${BASESUBJ}/CN=Signing CA/" +openssl ca -config openssl.cnf -name CA_root -extensions v3_ca -out test-signing-ca.crt -infiles test-signing-ca.csr + +# An alternative intermediate CA, signed by the root CA, not used to sign anything. +openssl genrsa -out test-alt-ca.key 1024 +openssl req -out test-alt-ca.csr -key test-alt-ca.key -new -config openssl.cnf -subj "${BASESUBJ}/CN=Alternative Signing CA/" +openssl ca -config openssl.cnf -name CA_root -extensions v3_ca -out test-alt-ca.crt -infiles test-alt-ca.csr + +# Valid server key and certificate. +openssl genrsa -out server.key 1024 +openssl req -new -key server.key -out server.csr -config openssl.cnf -subj "${SBASESUBJ}/CN=localhost/" +openssl ca -config openssl.cnf -name CA_signing -out server.crt -infiles server.csr + +# Expired server certificate, based on the above server key. +openssl req -new -days 1 -key server.key -out server-expired.csr -config openssl.cnf -subj "${SBASESUBJ}/CN=localhost/" +openssl ca -config openssl.cnf -name CA_signing -days 1 -startdate 120820000000Z -enddate 120821000000Z -out server-expired.crt -infiles server-expired.csr + +# Valid client key and certificate. +openssl genrsa -out client.key 1024 +openssl req -new -key client.key -out client.csr -config openssl.cnf -subj "${SBASESUBJ}/CN=test client/" +openssl ca -config openssl.cnf -name CA_signing -out client.crt -infiles client.csr + +# Expired client certificate, based on the above client key. +openssl req -new -days 1 -key client.key -out client-expired.csr -config openssl.cnf -subj "${SBASESUBJ}/CN=test client expired/" +openssl ca -config openssl.cnf -name CA_signing -days 1 -startdate 120820000000Z -enddate 120821000000Z -out client-expired.crt -infiles client-expired.csr + +# Revoked client certificate, based on a new client key. +openssl genrsa -out client-revoked.key 1024 +openssl req -new -days 1 -key client-revoked.key -out client-revoked.csr -config openssl.cnf -subj "${SBASESUBJ}/CN=test client revoked/" +openssl ca -config openssl.cnf -name CA_signing -out client-revoked.crt -infiles client-revoked.csr +openssl ca -config openssl.cnf -name CA_signing -revoke client-revoked.crt +openssl ca -config openssl.cnf -name CA_signing -gencrl -out crl.pem + +cat test-signing-ca.crt test-root-ca.crt > all-ca.crt +#mkdir certs +#cp test-signing-ca.crt certs/test-signing-ca.pem +#cp test-root-ca.crt certs/test-root.ca.pem +c_rehash certs diff --git a/test/ssl/openssl.cnf b/test/ssl/openssl.cnf new file mode 100644 index 0000000..5de4ed4 --- /dev/null +++ b/test/ssl/openssl.cnf @@ -0,0 +1,406 @@ +# +# OpenSSL example configuration file. +# This is mostly being used for generation of certificate requests. +# + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . +RANDFILE = $ENV::HOME/.rnd + +# Extra OBJECT IDENTIFIER info: +#oid_file = $ENV::HOME/.oid +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] + +# We can add new OIDs in here for use by 'ca', 'req' and 'ts'. +# Add a simple OID like this: +# testoid1=1.2.3.4 +# Or use config file substitution like this: +# testoid2=${testoid1}.5.6 + +# Policies used by the TSA examples. +tsa_policy1 = 1.2.3.4.1 +tsa_policy2 = 1.2.3.4.5.6 +tsa_policy3 = 1.2.3.4.5.7 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_signing ] + +dir = ./signingCA # Where everything is kept +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +#unique_subject = no # Set to 'no' to allow creation of + # several ctificates with same subject. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = test-signing-ca.crt # The CA certificate +serial = $dir/serial # The current serial number +crlnumber = $dir/crlnumber # the current crl number + # must be commented out to leave a V1 CRL +crl = $dir/crl.pem # The current CRL +private_key = test-signing-ca.key # The private key +RANDFILE = $dir/.rand # private random number file + +x509_extensions = usr_cert # The extentions to add to the cert + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +# crl_extensions = crl_ext + +default_days = 1825 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = default # use public key default MD +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_anything + +[ CA_inter ] +dir = ./interCA +certs = $dir/certs +crl_dir = $dir/crl +database = $dir/index.txt +new_certs_dir = $dir/newcerts + +certificate = test-inter-ca.crt +serial = $dir/serial +crlnumber = $dir/crlnumber +crl = $dir/crl.pem +private_key = test-inter-ca.key +RANDFILE = $dir/.rand + +#x509_extensions = v3_ca +x509_extensions = usr_cert + +name_opt = ca_default +cert_opt = ca_default + +default_days = 1825 +default_crl_days = 30 +default_md = default +preserve = no + +policy = policy_match +unique_subject = yes + +[ CA_root ] +dir = ./rootCA +certs = $dir/certs +crl_dir = $dir/crl +database = $dir/index.txt +new_certs_dir = $dir/newcerts + +certificate = test-root-ca.crt +serial = $dir/serial +crlnumber = $dir/crlnumber +crl = $dir/crl.pem +private_key = test-root-ca.key +RANDFILE = $dir/.rand + +x509_extensions = v3_ca + +name_opt = ca_default +cert_opt = ca_default + +default_days = 1825 +default_crl_days = 30 +default_md = default +preserve = no + +policy = policy_match +unique_subject = yes + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ req ] +default_bits = 2048 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extentions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString (PKIX recommendation before 2004) +# utf8only: only UTF8Strings (PKIX recommendation after 2004). +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. +string_mask = utf8only + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = GB +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = Derbyshire + +localityName = Locality Name (eg, city) +localityName_default = Derby + +0.organizationName = Organization Name (eg, company) +0.organizationName_default = Paho Project + +# we can do this but it is not needed normally :-) +#1.organizationName = Second Organization Name (eg, company) +#1.organizationName_default = World Wide Web Pty Ltd + +organizationalUnitName = Organizational Unit Name (eg, section) +organizationalUnitName_default = Testing + +commonName = Common Name (e.g. server FQDN or YOUR name) +commonName_max = 64 + +emailAddress = Email Address +emailAddress_max = 64 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +challengePassword = A challenge password +challengePassword_min = 4 +challengePassword_max = 20 + +unstructuredName = An optional company name + +[ usr_cert ] + +# These extensions are added when 'ca' signs a request. + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +# This is required for TSA certificates. +# extendedKeyUsage = critical,timeStamping + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] + + +# Extensions for a typical CA + + +# PKIX recommendation. + +subjectKeyIdentifier=hash + +authorityKeyIdentifier=keyid:always,issuer + +# This is what PKIX recommends but some broken software chokes on critical +# extensions. +#basicConstraints = critical,CA:true +# So we do this instead. +basicConstraints = CA:true + +# Key usage: this is typical for a CA certificate. However since it will +# prevent it being used as an test self-signed certificate it is best +# left out by default. +# keyUsage = cRLSign, keyCertSign + +# Some might want this also +# nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +# subjectAltName=email:copy +# Copy issuer details +# issuerAltName=issuer:copy + +# DER hex encoding of an extension: beware experts only! +# obj=DER:02:03 +# Where 'obj' is a standard or added object +# You can even override a supported extension: +# basicConstraints= critical, DER:30:03:01:01:FF + +[ crl_ext ] + +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +# issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always + +[ proxy_cert_ext ] +# These extensions should be added when creating a proxy certificate + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +# This really needs to be in place for it to be a proxy certificate. +proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo + +#################################################################### +[ tsa ] + +default_tsa = tsa_config1 # the default TSA section + +[ tsa_config1 ] + +# These are used by the TSA reply generation only. +dir = ./demoCA # TSA root directory +serial = $dir/tsaserial # The current serial number (mandatory) +crypto_device = builtin # OpenSSL engine to use for signing +signer_cert = $dir/tsacert.pem # The TSA signing certificate + # (optional) +certs = $dir/cacert.pem # Certificate chain to include in reply + # (optional) +signer_key = $dir/private/tsakey.pem # The TSA private key (optional) + +default_policy = tsa_policy1 # Policy if request did not specify it + # (optional) +other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) +digests = md5, sha1 # Acceptable message digests (mandatory) +accuracy = secs:1, millisecs:500, microsecs:100 # (optional) +clock_precision_digits = 0 # number of digits after dot. (optional) +ordering = yes # Is ordering defined for timestamps? + # (optional, default: no) +tsa_name = yes # Must the TSA name be included in the reply? + # (optional, default: no) +ess_cert_id_chain = no # Must the ESS cert id chain be included? + # (optional, default: no) diff --git a/test/ssl/readme.txt b/test/ssl/readme.txt deleted file mode 100644 index bbb6ad3..0000000 --- a/test/ssl/readme.txt +++ /dev/null @@ -1,2 +0,0 @@ -This directory contains certificates and keys required for SSL testing. -The CA key has password "password". diff --git a/test/ssl/rootCA/crlnumber b/test/ssl/rootCA/crlnumber new file mode 100644 index 0000000..8a0f05e --- /dev/null +++ b/test/ssl/rootCA/crlnumber @@ -0,0 +1 @@ +01 diff --git a/test/ssl/rootCA/index.txt b/test/ssl/rootCA/index.txt new file mode 100644 index 0000000..cefe83c --- /dev/null +++ b/test/ssl/rootCA/index.txt @@ -0,0 +1,2 @@ +V 180728192130Z 01 unknown /C=GB/ST=Derbyshire/O=Paho Project/OU=Testing/CN=Signing CA +V 180728192130Z 02 unknown /C=GB/ST=Derbyshire/O=Paho Project/OU=Testing/CN=Alternative Signing CA diff --git a/test/ssl/rootCA/index.txt.attr b/test/ssl/rootCA/index.txt.attr new file mode 100644 index 0000000..8f7e63a --- /dev/null +++ b/test/ssl/rootCA/index.txt.attr @@ -0,0 +1 @@ +unique_subject = yes diff --git a/test/ssl/rootCA/index.txt.attr.old b/test/ssl/rootCA/index.txt.attr.old new file mode 100644 index 0000000..8f7e63a --- /dev/null +++ b/test/ssl/rootCA/index.txt.attr.old @@ -0,0 +1 @@ +unique_subject = yes diff --git a/test/ssl/rootCA/index.txt.old b/test/ssl/rootCA/index.txt.old new file mode 100644 index 0000000..dd7ec5e --- /dev/null +++ b/test/ssl/rootCA/index.txt.old @@ -0,0 +1 @@ +V 180728192130Z 01 unknown /C=GB/ST=Derbyshire/O=Paho Project/OU=Testing/CN=Signing CA diff --git a/test/ssl/rootCA/newcerts/01.pem b/test/ssl/rootCA/newcerts/01.pem new file mode 100644 index 0000000..3a10151 --- /dev/null +++ b/test/ssl/rootCA/newcerts/01.pem @@ -0,0 +1,57 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=GB, ST=Derbyshire, L=Derby, O=Paho Project, OU=Testing, CN=Root CA + Validity + Not Before: Jul 29 19:21:30 2013 GMT + Not After : Jul 28 19:21:30 2018 GMT + Subject: C=GB, ST=Derbyshire, O=Paho Project, OU=Testing, CN=Signing CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:dc:26:78:40:ae:b2:ad:2f:26:12:0a:d5:b1:18: + 80:16:d8:88:be:0b:42:ce:32:ad:12:d5:f5:78:1b: + 35:28:f2:13:1b:05:09:fb:7e:d7:d9:a1:8a:0d:4a: + fe:95:37:d4:16:75:83:e4:6a:44:34:33:57:2e:49: + ba:bc:b4:cf:d0:c0:87:e0:bc:f0:60:76:14:00:d6: + eb:cb:f6:db:b3:43:f1:c8:4d:4a:0a:bb:e0:37:7c: + 8e:93:1f:a0:87:68:59:fe:0c:25:40:f3:7c:fd:71: + 90:55:ef:de:18:b4:08:86:c9:75:c2:99:2f:ce:12: + bf:c5:5e:cf:5f:f1:06:53:07 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 29:4D:6E:C7:F2:F7:71:72:DA:27:9C:9C:AB:DA:07:1D:47:9C:D8:41 + X509v3 Authority Key Identifier: + keyid:4A:2B:69:D6:31:1D:A3:68:E8:46:6F:FB:4B:F3:8E:B6:8D:51:0E:BF + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha1WithRSAEncryption + 48:ec:d7:80:8a:8f:82:a6:42:b1:89:2c:b9:4b:6d:0a:37:b8: + 72:19:05:de:75:80:0c:d6:41:97:b2:d7:fe:99:cb:7e:c4:0e: + 77:97:09:a8:9f:87:ff:0b:de:3f:1c:dc:1e:fe:09:36:a7:f5: + 54:9a:85:4e:fb:6f:27:fe:0f:29:45:61:8d:07:c6:0c:da:37: + 3d:a3:69:4b:82:71:e6:24:e0:87:a6:ee:d5:87:61:dd:8f:08: + fe:33:a6:1f:ae:b2:ae:1f:d8:2c:20:c8:a6:fc:33:0e:82:68: + 80:23:61:10:ad:5c:1d:80:d6:b1:5f:e4:af:66:6d:63:10:e4: + 96:e4 +-----BEGIN CERTIFICATE----- +MIICkzCCAfygAwIBAgIBATANBgkqhkiG9w0BAQUFADBtMQswCQYDVQQGEwJHQjET +MBEGA1UECAwKRGVyYnlzaGlyZTEOMAwGA1UEBwwFRGVyYnkxFTATBgNVBAoMDFBh +aG8gUHJvamVjdDEQMA4GA1UECwwHVGVzdGluZzEQMA4GA1UEAwwHUm9vdCBDQTAe +Fw0xMzA3MjkxOTIxMzBaFw0xODA3MjgxOTIxMzBaMGAxCzAJBgNVBAYTAkdCMRMw +EQYDVQQIDApEZXJieXNoaXJlMRUwEwYDVQQKDAxQYWhvIFByb2plY3QxEDAOBgNV +BAsMB1Rlc3RpbmcxEzARBgNVBAMMClNpZ25pbmcgQ0EwgZ8wDQYJKoZIhvcNAQEB +BQADgY0AMIGJAoGBANwmeECusq0vJhIK1bEYgBbYiL4LQs4yrRLV9XgbNSjyExsF +Cft+19mhig1K/pU31BZ1g+RqRDQzVy5Jury0z9DAh+C88GB2FADW68v227ND8chN +Sgq74Dd8jpMfoIdoWf4MJUDzfP1xkFXv3hi0CIbJdcKZL84Sv8Vez1/xBlMHAgMB +AAGjUDBOMB0GA1UdDgQWBBQpTW7H8vdxctonnJyr2gcdR5zYQTAfBgNVHSMEGDAW +gBRKK2nWMR2jaOhGb/tL8462jVEOvzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEB +BQUAA4GBAEjs14CKj4KmQrGJLLlLbQo3uHIZBd51gAzWQZey1/6Zy37EDneXCaif +h/8L3j8c3B7+CTan9VSahU77byf+DylFYY0HxgzaNz2jaUuCceYk4Iem7tWHYd2P +CP4zph+usq4f2CwgyKb8Mw6CaIAjYRCtXB2A1rFf5K9mbWMQ5Jbk +-----END CERTIFICATE----- diff --git a/test/ssl/rootCA/newcerts/02.pem b/test/ssl/rootCA/newcerts/02.pem new file mode 100644 index 0000000..87f092a --- /dev/null +++ b/test/ssl/rootCA/newcerts/02.pem @@ -0,0 +1,58 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=GB, ST=Derbyshire, L=Derby, O=Paho Project, OU=Testing, CN=Root CA + Validity + Not Before: Jul 29 19:21:30 2013 GMT + Not After : Jul 28 19:21:30 2018 GMT + Subject: C=GB, ST=Derbyshire, O=Paho Project, OU=Testing, CN=Alternative Signing CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:d3:16:c8:c3:0c:90:e5:68:3d:11:13:a7:8e:fb: + 11:c5:de:aa:3f:4d:ac:95:4f:c4:c2:60:8a:df:95: + b5:db:75:04:76:42:19:5f:d9:63:0e:e4:c0:8e:db: + a5:5f:21:ec:f3:3d:a0:c1:82:8b:61:b4:1a:5b:3c: + 9e:42:bd:5f:5b:b4:a8:00:8d:e1:bf:99:93:c8:45: + 1f:6d:29:ab:67:f0:35:9c:48:0b:a0:a2:18:32:70: + 35:5e:ea:fe:1f:33:ab:b5:85:ef:1d:2a:a9:75:60: + 38:ed:3a:33:be:5d:40:89:cb:0b:b3:25:e8:e7:bc: + 13:6b:62:28:1d:a7:9c:aa:99 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 3A:70:4C:5D:76:C6:B4:CF:E7:BC:4B:F4:CE:C6:B8:46:C2:95:41:9B + X509v3 Authority Key Identifier: + keyid:4A:2B:69:D6:31:1D:A3:68:E8:46:6F:FB:4B:F3:8E:B6:8D:51:0E:BF + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha1WithRSAEncryption + 2f:74:dd:ef:da:03:cf:14:78:ae:6f:0d:04:29:75:db:c5:a2: + c0:fd:1e:46:bf:3c:25:3c:03:3b:a6:f4:f1:3a:89:54:83:e9: + 3a:0f:d7:81:9a:8d:7f:2d:6b:b1:ca:17:7f:ef:93:18:c4:68: + b8:b2:1d:d2:9c:d9:9f:66:9d:18:25:18:b4:4f:72:bf:24:c5: + 0c:2d:fc:cf:ad:c8:ff:25:f1:36:12:72:b4:46:e1:c9:17:19: + c5:1e:f5:26:8a:ae:33:5f:69:16:6f:62:ce:fc:ba:c3:a3:c5: + 50:a3:a5:42:a9:02:6a:25:77:90:3e:e3:b7:e5:ac:7f:3f:bb: + 1c:17 +-----BEGIN CERTIFICATE----- +MIICnzCCAgigAwIBAgIBAjANBgkqhkiG9w0BAQUFADBtMQswCQYDVQQGEwJHQjET +MBEGA1UECAwKRGVyYnlzaGlyZTEOMAwGA1UEBwwFRGVyYnkxFTATBgNVBAoMDFBh +aG8gUHJvamVjdDEQMA4GA1UECwwHVGVzdGluZzEQMA4GA1UEAwwHUm9vdCBDQTAe +Fw0xMzA3MjkxOTIxMzBaFw0xODA3MjgxOTIxMzBaMGwxCzAJBgNVBAYTAkdCMRMw +EQYDVQQIDApEZXJieXNoaXJlMRUwEwYDVQQKDAxQYWhvIFByb2plY3QxEDAOBgNV +BAsMB1Rlc3RpbmcxHzAdBgNVBAMMFkFsdGVybmF0aXZlIFNpZ25pbmcgQ0EwgZ8w +DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANMWyMMMkOVoPRETp477EcXeqj9NrJVP +xMJgit+Vtdt1BHZCGV/ZYw7kwI7bpV8h7PM9oMGCi2G0Gls8nkK9X1u0qACN4b+Z +k8hFH20pq2fwNZxIC6CiGDJwNV7q/h8zq7WF7x0qqXVgOO06M75dQInLC7Ml6Oe8 +E2tiKB2nnKqZAgMBAAGjUDBOMB0GA1UdDgQWBBQ6cExddsa0z+e8S/TOxrhGwpVB +mzAfBgNVHSMEGDAWgBRKK2nWMR2jaOhGb/tL8462jVEOvzAMBgNVHRMEBTADAQH/ +MA0GCSqGSIb3DQEBBQUAA4GBAC903e/aA88UeK5vDQQpddvFosD9Hka/PCU8Azum +9PE6iVSD6ToP14GajX8ta7HKF3/vkxjEaLiyHdKc2Z9mnRglGLRPcr8kxQwt/M+t +yP8l8TYScrRG4ckXGcUe9SaKrjNfaRZvYs78usOjxVCjpUKpAmold5A+47flrH8/ +uxwX +-----END CERTIFICATE----- diff --git a/test/ssl/rootCA/serial b/test/ssl/rootCA/serial new file mode 100644 index 0000000..75016ea --- /dev/null +++ b/test/ssl/rootCA/serial @@ -0,0 +1 @@ +03 diff --git a/test/ssl/rootCA/serial.old b/test/ssl/rootCA/serial.old new file mode 100644 index 0000000..9e22bcb --- /dev/null +++ b/test/ssl/rootCA/serial.old @@ -0,0 +1 @@ +02 diff --git a/test/ssl/server-expired.crt b/test/ssl/server-expired.crt index cf3824c..e69de29 100644 --- a/test/ssl/server-expired.crt +++ b/test/ssl/server-expired.crt @@ -1,17 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICvjCCAicCCQDNrg5WSiiRqTANBgkqhkiG9w0BAQUFADCBoDELMAkGA1UEBhMC -R0IxFzAVBgNVBAgMDlVuaXRlZCBLaW5nZG9tMQ4wDAYDVQQHDAVEZXJieTEdMBsG -A1UECgwUTW9zcXVpdHRvIFRlc3QgU3VpdGUxDzANBgNVBAsMBkJyb2tlcjEXMBUG -A1UEAwwOYnJva2VyLXRlc3QtY2ExHzAdBgkqhkiG9w0BCQEWEHRlc3RAZXhhbXBs -ZS5jb20wHhcNMTIwNzAzMTU1MDE1WhcNMTIwNzA0MTU1MDE1WjCBpTELMAkGA1UE -BhMCR0IxFzAVBgNVBAgMDlVuaXRlZCBLaW5nZG9tMQ4wDAYDVQQHDAVEZXJieTEd -MBsGA1UECgwUTW9zcXVpdHRvIFRlc3QgU3VpdGUxFDASBgNVBAsMC0Jyb2tlciBU -ZXN0MRcwFQYDVQQDDA5sb2NhbGhvc3QtdGVzdDEfMB0GCSqGSIb3DQEJARYQdGVz -dEBleGFtcGxlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAttnPoWjp -KXROyGM2yqR7IGVmn4RID5hdCCWiJT1s0cSm3BwY3aMD1m/ZrCZfMu3K6tA+9rrh -xMjEVCmG4ez4UdTv+xfxRalo2SkA2J6Yiti5/ec8Hjh6m3ch9F8Ju62XsS5KZl0Q -oOE5D7UrMayq2eflBlO02qobn8114MIc0EkCAwEAATANBgkqhkiG9w0BAQUFAAOB -gQC2KotrVoQCtsqW54VbcaCyHki9GpYw2QR1Ex+0sRCLcr2HhUK471D8BCooNo53 -Kft0yEclN1x5j8I7Rk6QmLmrXDeZBrRqSasDo0glYGCN8QwoVfx5L54r0ktEGDvr -4PUWTieyuLKbFB+be0esM+/5IwpdsgVZuDI3D4jBR53SgQ== ------END CERTIFICATE----- diff --git a/test/ssl/server.crt b/test/ssl/server.crt index 7a1b776..b0941b9 100644 --- a/test/ssl/server.crt +++ b/test/ssl/server.crt @@ -1,17 +1,60 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=GB, ST=Derbyshire, O=Paho Project, OU=Testing, CN=Signing CA + Validity + Not Before: Jul 29 19:21:30 2013 GMT + Not After : Jul 28 19:21:30 2018 GMT + Subject: C=GB, ST=Nottinghamshire, L=Nottingham, O=Server, OU=Production, CN=localhost + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:be:b7:65:98:5e:e1:e0:68:e7:14:04:e5:40:2d: + d3:b4:f2:b2:dd:6e:5c:97:7a:5b:c5:4f:7a:45:11: + 99:4e:56:30:c6:d6:50:29:88:c3:31:6d:b0:f1:a8: + 5f:f5:fd:cc:d1:52:0f:40:70:04:cc:14:0d:98:45: + 62:a8:f9:88:0a:be:20:32:53:c5:48:fb:b0:e4:25: + db:25:ec:0d:c4:6a:28:dc:af:d7:2d:63:99:b9:f4: + c0:32:54:dc:be:4d:9f:7f:67:7e:2a:be:82:2d:de: + 37:35:0b:0d:7b:b8:9c:55:ff:cf:ab:fe:61:e9:8c: + bf:c4:27:e2:56:2f:1a:73:87 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + A1:8C:9A:D1:28:58:68:C5:46:5B:FA:C5:48:01:96:67:55:97:65:8A + X509v3 Authority Key Identifier: + keyid:29:4D:6E:C7:F2:F7:71:72:DA:27:9C:9C:AB:DA:07:1D:47:9C:D8:41 + + Signature Algorithm: sha1WithRSAEncryption + 78:f6:a1:34:ac:2c:a5:0a:1d:82:97:97:1f:f5:03:44:a7:c0: + 4d:e8:8d:67:e7:71:50:30:3c:8b:77:eb:81:96:78:6b:ab:31: + 5a:ba:7b:1c:ad:ec:fd:a6:5d:73:ef:99:2d:6f:9f:7e:13:ac: + b2:61:2f:e4:56:cc:28:f1:e4:7f:ea:a9:b2:f2:85:87:68:52: + 65:b0:42:54:84:92:2f:fb:45:d4:36:e2:3c:0e:4c:a6:6d:82: + 8f:72:c0:66:0c:5f:b2:a7:7c:9b:be:cd:19:55:5d:40:27:99: + 14:e2:cf:59:cb:4b:40:e4:98:2d:f7:93:14:4a:50:dc:75:9c: + 5c:9d -----BEGIN CERTIFICATE----- -MIICvjCCAicCCQDNrg5WSiiRpDANBgkqhkiG9w0BAQUFADCBoDELMAkGA1UEBhMC -R0IxFzAVBgNVBAgMDlVuaXRlZCBLaW5nZG9tMQ4wDAYDVQQHDAVEZXJieTEdMBsG -A1UECgwUTW9zcXVpdHRvIFRlc3QgU3VpdGUxDzANBgNVBAsMBkJyb2tlcjEXMBUG -A1UEAwwOYnJva2VyLXRlc3QtY2ExHzAdBgkqhkiG9w0BCQEWEHRlc3RAZXhhbXBs -ZS5jb20wHhcNMTIwNzAzMTEzMjM0WhcNMzkxMTE4MTEzMjM0WjCBpTELMAkGA1UE -BhMCR0IxFzAVBgNVBAgMDlVuaXRlZCBLaW5nZG9tMQ4wDAYDVQQHDAVEZXJieTEd -MBsGA1UECgwUTW9zcXVpdHRvIFRlc3QgU3VpdGUxFDASBgNVBAsMC0Jyb2tlciBU -ZXN0MRcwFQYDVQQDDA5sb2NhbGhvc3QtdGVzdDEfMB0GCSqGSIb3DQEJARYQdGVz -dEBleGFtcGxlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAttnPoWjp -KXROyGM2yqR7IGVmn4RID5hdCCWiJT1s0cSm3BwY3aMD1m/ZrCZfMu3K6tA+9rrh -xMjEVCmG4ez4UdTv+xfxRalo2SkA2J6Yiti5/ec8Hjh6m3ch9F8Ju62XsS5KZl0Q -oOE5D7UrMayq2eflBlO02qobn8114MIc0EkCAwEAATANBgkqhkiG9w0BAQUFAAOB -gQCNcNqm8mb7K/ys+3LENUB7XccA1gzyb3ylpsqQj5TmGYqT+Z1g7pSw0Pbd94Uc -x+ihqjRo5Eaz7GqCyS7mnNu5aGBHH3s1ir9hT18R7tm+XwMTQcGoRy986O1BJy+r -q1Gg0lmgvu+jlYpR4xJHGzd3wK8agi+y9ZSAlfAZ6hJkrw== +MIICxzCCAjCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJHQjET +MBEGA1UECAwKRGVyYnlzaGlyZTEVMBMGA1UECgwMUGFobyBQcm9qZWN0MRAwDgYD +VQQLDAdUZXN0aW5nMRMwEQYDVQQDDApTaWduaW5nIENBMB4XDTEzMDcyOTE5MjEz +MFoXDTE4MDcyODE5MjEzMFowdjELMAkGA1UEBhMCR0IxGDAWBgNVBAgMD05vdHRp +bmdoYW1zaGlyZTETMBEGA1UEBwwKTm90dGluZ2hhbTEPMA0GA1UECgwGU2VydmVy +MRMwEQYDVQQLDApQcm9kdWN0aW9uMRIwEAYDVQQDDAlsb2NhbGhvc3QwgZ8wDQYJ +KoZIhvcNAQEBBQADgY0AMIGJAoGBAL63ZZhe4eBo5xQE5UAt07Tyst1uXJd6W8VP +ekURmU5WMMbWUCmIwzFtsPGoX/X9zNFSD0BwBMwUDZhFYqj5iAq+IDJTxUj7sOQl +2yXsDcRqKNyv1y1jmbn0wDJU3L5Nn39nfiq+gi3eNzULDXu4nFX/z6v+YemMv8Qn +4lYvGnOHAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5T +U0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBShjJrRKFhoxUZb+sVI +AZZnVZdlijAfBgNVHSMEGDAWgBQpTW7H8vdxctonnJyr2gcdR5zYQTANBgkqhkiG +9w0BAQUFAAOBgQB49qE0rCylCh2Cl5cf9QNEp8BN6I1n53FQMDyLd+uBlnhrqzFa +unscrez9pl1z75ktb59+E6yyYS/kVswo8eR/6qmy8oWHaFJlsEJUhJIv+0XUNuI8 +DkymbYKPcsBmDF+yp3ybvs0ZVV1AJ5kU4s9Zy0tA5Jgt95MUSlDcdZxcnQ== -----END CERTIFICATE----- diff --git a/test/ssl/server.csr b/test/ssl/server.csr deleted file mode 100644 index 81f5dff..0000000 --- a/test/ssl/server.csr +++ /dev/null @@ -1,13 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIIB5jCCAU8CAQAwgaUxCzAJBgNVBAYTAkdCMRcwFQYDVQQIDA5Vbml0ZWQgS2lu -Z2RvbTEOMAwGA1UEBwwFRGVyYnkxHTAbBgNVBAoMFE1vc3F1aXR0byBUZXN0IFN1 -aXRlMRQwEgYDVQQLDAtCcm9rZXIgVGVzdDEXMBUGA1UEAwwObG9jYWxob3N0LXRl -c3QxHzAdBgkqhkiG9w0BCQEWEHRlc3RAZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcN -AQEBBQADgY0AMIGJAoGBALbZz6Fo6Sl0TshjNsqkeyBlZp+ESA+YXQgloiU9bNHE -ptwcGN2jA9Zv2awmXzLtyurQPva64cTIxFQphuHs+FHU7/sX8UWpaNkpANiemIrY -uf3nPB44ept3IfRfCbutl7EuSmZdEKDhOQ+1KzGsqtnn5QZTtNqqG5/NdeDCHNBJ -AgMBAAGgADANBgkqhkiG9w0BAQUFAAOBgQBDqZNA2bsljTddqvAONJDLXv9R7mTy -sGHIRlQoV/p8GMywBaOzh1T5H3RdUKBDKN8Kt9nNW8Xfqi9vJGPse4ZBq11FoC+b -59aFTlh+IXQu0rH9r1E8htjcMdNdzDSFxcD/6cwp1uiFm/2YbYl0iojsKLxbVlaK -jMIfJi3EpeDyHQ== ------END CERTIFICATE REQUEST----- diff --git a/test/ssl/server.key b/test/ssl/server.key index dd76952..bbf5c60 100644 --- a/test/ssl/server.key +++ b/test/ssl/server.key @@ -1,15 +1,15 @@ -----BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQC22c+haOkpdE7IYzbKpHsgZWafhEgPmF0IJaIlPWzRxKbcHBjd -owPWb9msJl8y7crq0D72uuHEyMRUKYbh7PhR1O/7F/FFqWjZKQDYnpiK2Ln95zwe -OHqbdyH0Xwm7rZexLkpmXRCg4TkPtSsxrKrZ5+UGU7TaqhufzXXgwhzQSQIDAQAB -AoGAXUSq8SVHUXrfOL3K1ACkQXkXqKRb8YCBa8dudtpnKHTLvBik4mDlczsoZ/RG -uP6sc6v3gfj/clYKNvfbsmAipRWfHVC157vBlEiBfAoBbNgicF/4dCOSGsDYStOy -F88l1SvcDWjK6u33gj/SBHDMz6SOam2muXZNZa0brSSW2tUCQQDrQTuTHkf4PgUa -5a4stlx4bplAEtJGJvXt4k2xXvtZ1UW/G7xMspphQb8n2UB3uQeXXV6cJAmHnmx2 -2ghxje0zAkEAxvmVMb2ZRmeIfiUOSFXPjtKNqJZG8hpQ8i2yDuyq69Hi7L3SQSGN -V9uPceEdVW+IQEOJg2feXhmlfCNWIFP0kwJBAKy5HzlbsTGEr5DY8zFmzqupYCEX -8ISLFGMMlUhV2StSl7vBbFXPh+NCN0vViSydkAJFDjKLjuegnDgCytI8htsCQA/N -gLjrmwHJdUC3hrPeBNcOB+wsy0OtLWKemHaw+z4xdDljNhCwLn6c1H6x51eCvSqF -cqV6GWIV3VvHnq6AnHsCQBqyU46p0dax4z+5vzbL+zWmi8gdBYvPSY5SpAjsQADQ -A3PcKi2DFuPjcxdl0qr9aq1qg6VUHy3RLTcmgA8YKWo= +MIICWwIBAAKBgQC+t2WYXuHgaOcUBOVALdO08rLdblyXelvFT3pFEZlOVjDG1lAp +iMMxbbDxqF/1/czRUg9AcATMFA2YRWKo+YgKviAyU8VI+7DkJdsl7A3Eaijcr9ct +Y5m59MAyVNy+TZ9/Z34qvoIt3jc1Cw17uJxV/8+r/mHpjL/EJ+JWLxpzhwIDAQAB +AoGAW1dC1UM8M1qKsc/WbHKGXreOavccaYA0y79Q9BuFrTsiiVjDc+EIe3fpsxPN +QeeYXPhMTbRY19US3cb9hahdOtPZc1zKRoloWl995v6X5XufTmgigBRUrRKG6rln +wok6PYwKQmcG+yVaOjPwiJBx+4gfGjD6qO/fhK2sWWtyneECQQDrUEiaWvQE0uli +EI34MhO3As0iYyw1qFHVck4bbFS4RT0gnhWYVeabd5mTKx1ztLlr0ykwaCf9FoMG +U2liyV/VAkEAz3t0v8vZrlpotW9CRzBQ63vYW3+d8m5Hmkvsghrfem52je6MN0oL +2Y7F3JrJh1bC9ZNgtkBF/mIQgv9jGBoP6wJASKTYRQ6fFn4mHmgN6/lJrM3olh0X +oNj9qm9HPaAL53c4j8E92XFrZ8NcXdqJlRbNx0PBC3icH727ZVCK0DxqoQJABTRn +nVgTwdfqwIJl+zsvDHky2Di/UZGKokg9SpY5/OxAdRcC1XA6E98M/5eybn6yrU5h +IrFCEDuNhnu5lKUyuQJAAiNPFWPkl4XeghyzPDA1lUYMwKPr7oEwELqS8fIq/g4K +BI10X7qlpioI4I6jA9lwlIdtR+q620UFZRlQts9nug== -----END RSA PRIVATE KEY----- diff --git a/test/ssl/signingCA/crlnumber b/test/ssl/signingCA/crlnumber new file mode 100644 index 0000000..9e22bcb --- /dev/null +++ b/test/ssl/signingCA/crlnumber @@ -0,0 +1 @@ +02 diff --git a/test/ssl/signingCA/crlnumber.old b/test/ssl/signingCA/crlnumber.old new file mode 100644 index 0000000..8a0f05e --- /dev/null +++ b/test/ssl/signingCA/crlnumber.old @@ -0,0 +1 @@ +01 diff --git a/test/ssl/signingCA/index.txt b/test/ssl/signingCA/index.txt new file mode 100644 index 0000000..a78ae45 --- /dev/null +++ b/test/ssl/signingCA/index.txt @@ -0,0 +1,4 @@ +V 180728192130Z 01 unknown /C=GB/ST=Nottinghamshire/L=Nottingham/O=Server/OU=Production/CN=localhost +V 180728192131Z 02 unknown /C=GB/ST=Nottinghamshire/L=Nottingham/O=Server/OU=Production/CN=test client +V 120821000000Z 03 unknown /C=GB/ST=Nottinghamshire/L=Nottingham/O=Server/OU=Production/CN=test client expired +R 180728192131Z 130729192131Z 04 unknown /C=GB/ST=Nottinghamshire/L=Nottingham/O=Server/OU=Production/CN=test client revoked diff --git a/test/ssl/signingCA/index.txt.attr b/test/ssl/signingCA/index.txt.attr new file mode 100644 index 0000000..8f7e63a --- /dev/null +++ b/test/ssl/signingCA/index.txt.attr @@ -0,0 +1 @@ +unique_subject = yes diff --git a/test/ssl/signingCA/index.txt.attr.old b/test/ssl/signingCA/index.txt.attr.old new file mode 100644 index 0000000..8f7e63a --- /dev/null +++ b/test/ssl/signingCA/index.txt.attr.old @@ -0,0 +1 @@ +unique_subject = yes diff --git a/test/ssl/signingCA/index.txt.old b/test/ssl/signingCA/index.txt.old new file mode 100644 index 0000000..0c9972a --- /dev/null +++ b/test/ssl/signingCA/index.txt.old @@ -0,0 +1,4 @@ +V 180728192130Z 01 unknown /C=GB/ST=Nottinghamshire/L=Nottingham/O=Server/OU=Production/CN=localhost +V 180728192131Z 02 unknown /C=GB/ST=Nottinghamshire/L=Nottingham/O=Server/OU=Production/CN=test client +V 120821000000Z 03 unknown /C=GB/ST=Nottinghamshire/L=Nottingham/O=Server/OU=Production/CN=test client expired +V 180728192131Z 04 unknown /C=GB/ST=Nottinghamshire/L=Nottingham/O=Server/OU=Production/CN=test client revoked diff --git a/test/ssl/signingCA/newcerts/01.pem b/test/ssl/signingCA/newcerts/01.pem new file mode 100644 index 0000000..b0941b9 --- /dev/null +++ b/test/ssl/signingCA/newcerts/01.pem @@ -0,0 +1,60 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=GB, ST=Derbyshire, O=Paho Project, OU=Testing, CN=Signing CA + Validity + Not Before: Jul 29 19:21:30 2013 GMT + Not After : Jul 28 19:21:30 2018 GMT + Subject: C=GB, ST=Nottinghamshire, L=Nottingham, O=Server, OU=Production, CN=localhost + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:be:b7:65:98:5e:e1:e0:68:e7:14:04:e5:40:2d: + d3:b4:f2:b2:dd:6e:5c:97:7a:5b:c5:4f:7a:45:11: + 99:4e:56:30:c6:d6:50:29:88:c3:31:6d:b0:f1:a8: + 5f:f5:fd:cc:d1:52:0f:40:70:04:cc:14:0d:98:45: + 62:a8:f9:88:0a:be:20:32:53:c5:48:fb:b0:e4:25: + db:25:ec:0d:c4:6a:28:dc:af:d7:2d:63:99:b9:f4: + c0:32:54:dc:be:4d:9f:7f:67:7e:2a:be:82:2d:de: + 37:35:0b:0d:7b:b8:9c:55:ff:cf:ab:fe:61:e9:8c: + bf:c4:27:e2:56:2f:1a:73:87 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + A1:8C:9A:D1:28:58:68:C5:46:5B:FA:C5:48:01:96:67:55:97:65:8A + X509v3 Authority Key Identifier: + keyid:29:4D:6E:C7:F2:F7:71:72:DA:27:9C:9C:AB:DA:07:1D:47:9C:D8:41 + + Signature Algorithm: sha1WithRSAEncryption + 78:f6:a1:34:ac:2c:a5:0a:1d:82:97:97:1f:f5:03:44:a7:c0: + 4d:e8:8d:67:e7:71:50:30:3c:8b:77:eb:81:96:78:6b:ab:31: + 5a:ba:7b:1c:ad:ec:fd:a6:5d:73:ef:99:2d:6f:9f:7e:13:ac: + b2:61:2f:e4:56:cc:28:f1:e4:7f:ea:a9:b2:f2:85:87:68:52: + 65:b0:42:54:84:92:2f:fb:45:d4:36:e2:3c:0e:4c:a6:6d:82: + 8f:72:c0:66:0c:5f:b2:a7:7c:9b:be:cd:19:55:5d:40:27:99: + 14:e2:cf:59:cb:4b:40:e4:98:2d:f7:93:14:4a:50:dc:75:9c: + 5c:9d +-----BEGIN CERTIFICATE----- +MIICxzCCAjCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJHQjET +MBEGA1UECAwKRGVyYnlzaGlyZTEVMBMGA1UECgwMUGFobyBQcm9qZWN0MRAwDgYD +VQQLDAdUZXN0aW5nMRMwEQYDVQQDDApTaWduaW5nIENBMB4XDTEzMDcyOTE5MjEz +MFoXDTE4MDcyODE5MjEzMFowdjELMAkGA1UEBhMCR0IxGDAWBgNVBAgMD05vdHRp +bmdoYW1zaGlyZTETMBEGA1UEBwwKTm90dGluZ2hhbTEPMA0GA1UECgwGU2VydmVy +MRMwEQYDVQQLDApQcm9kdWN0aW9uMRIwEAYDVQQDDAlsb2NhbGhvc3QwgZ8wDQYJ +KoZIhvcNAQEBBQADgY0AMIGJAoGBAL63ZZhe4eBo5xQE5UAt07Tyst1uXJd6W8VP +ekURmU5WMMbWUCmIwzFtsPGoX/X9zNFSD0BwBMwUDZhFYqj5iAq+IDJTxUj7sOQl +2yXsDcRqKNyv1y1jmbn0wDJU3L5Nn39nfiq+gi3eNzULDXu4nFX/z6v+YemMv8Qn +4lYvGnOHAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5T +U0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBShjJrRKFhoxUZb+sVI +AZZnVZdlijAfBgNVHSMEGDAWgBQpTW7H8vdxctonnJyr2gcdR5zYQTANBgkqhkiG +9w0BAQUFAAOBgQB49qE0rCylCh2Cl5cf9QNEp8BN6I1n53FQMDyLd+uBlnhrqzFa +unscrez9pl1z75ktb59+E6yyYS/kVswo8eR/6qmy8oWHaFJlsEJUhJIv+0XUNuI8 +DkymbYKPcsBmDF+yp3ybvs0ZVV1AJ5kU4s9Zy0tA5Jgt95MUSlDcdZxcnQ== +-----END CERTIFICATE----- diff --git a/test/ssl/signingCA/newcerts/02.pem b/test/ssl/signingCA/newcerts/02.pem new file mode 100644 index 0000000..b007d4c --- /dev/null +++ b/test/ssl/signingCA/newcerts/02.pem @@ -0,0 +1,60 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=GB, ST=Derbyshire, O=Paho Project, OU=Testing, CN=Signing CA + Validity + Not Before: Jul 29 19:21:31 2013 GMT + Not After : Jul 28 19:21:31 2018 GMT + Subject: C=GB, ST=Nottinghamshire, L=Nottingham, O=Server, OU=Production, CN=test client + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:dc:17:82:af:47:dc:71:77:73:c3:69:11:4b:ff: + 27:0e:29:4b:e6:6f:11:78:e4:56:88:c9:34:13:12: + e1:82:ec:24:fe:65:c8:9d:bb:05:54:20:d0:b4:31: + b9:4b:87:f8:4d:e5:c1:ba:99:f8:a2:cc:ff:8e:89: + f2:7a:68:2f:53:42:4d:73:19:5e:ca:7e:b2:fe:3b: + f7:d1:bc:e8:24:fa:77:47:ee:a4:89:cf:d1:dc:e9: + 99:3f:da:0e:d0:1e:c6:40:d2:60:ee:38:83:4e:a4: + dd:46:a3:6a:ac:c9:61:af:d5:23:9d:23:14:b5:31: + d5:ca:66:7a:30:3f:c2:ce:59 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + 17:CD:6D:67:FB:7D:77:59:0F:6C:F1:9B:0E:B0:EB:AE:BE:E0:9D:47 + X509v3 Authority Key Identifier: + keyid:29:4D:6E:C7:F2:F7:71:72:DA:27:9C:9C:AB:DA:07:1D:47:9C:D8:41 + + Signature Algorithm: sha1WithRSAEncryption + b4:11:e8:8a:f5:21:d1:88:22:9e:f3:05:e6:47:c9:9d:87:10: + 09:a1:9c:f1:38:5b:a0:5a:b4:f5:fd:8d:cf:ae:01:7d:b4:a8: + 3c:dd:ed:17:b3:02:56:5b:4a:e6:17:58:8f:46:d4:02:97:95: + 0b:00:0e:b4:77:3e:ad:f0:ce:06:25:38:2d:ff:df:a4:0e:3b: + 83:73:f7:a3:da:c1:a1:24:68:a2:18:71:81:4e:3b:26:5a:e2: + 10:9a:27:95:85:a8:3c:47:3a:60:49:21:2f:12:90:fc:4a:f0: + 71:4d:bc:19:2a:06:07:f4:35:d9:8d:1d:b2:85:93:61:17:45: + 26:9a +-----BEGIN CERTIFICATE----- +MIICyTCCAjKgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJHQjET +MBEGA1UECAwKRGVyYnlzaGlyZTEVMBMGA1UECgwMUGFobyBQcm9qZWN0MRAwDgYD +VQQLDAdUZXN0aW5nMRMwEQYDVQQDDApTaWduaW5nIENBMB4XDTEzMDcyOTE5MjEz +MVoXDTE4MDcyODE5MjEzMVoweDELMAkGA1UEBhMCR0IxGDAWBgNVBAgMD05vdHRp +bmdoYW1zaGlyZTETMBEGA1UEBwwKTm90dGluZ2hhbTEPMA0GA1UECgwGU2VydmVy +MRMwEQYDVQQLDApQcm9kdWN0aW9uMRQwEgYDVQQDDAt0ZXN0IGNsaWVudDCBnzAN +BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA3BeCr0fccXdzw2kRS/8nDilL5m8ReORW +iMk0ExLhguwk/mXInbsFVCDQtDG5S4f4TeXBupn4osz/jonyemgvU0JNcxleyn6y +/jv30bzoJPp3R+6kic/R3OmZP9oO0B7GQNJg7jiDTqTdRqNqrMlhr9UjnSMUtTHV +ymZ6MD/CzlkCAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3Bl +blNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFBfNbWf7fXdZD2zx +mw6w666+4J1HMB8GA1UdIwQYMBaAFClNbsfy93Fy2iecnKvaBx1HnNhBMA0GCSqG +SIb3DQEBBQUAA4GBALQR6Ir1IdGIIp7zBeZHyZ2HEAmhnPE4W6BatPX9jc+uAX20 +qDzd7RezAlZbSuYXWI9G1AKXlQsADrR3Pq3wzgYlOC3/36QOO4Nz96PawaEkaKIY +cYFOOyZa4hCaJ5WFqDxHOmBJIS8SkPxK8HFNvBkqBgf0NdmNHbKFk2EXRSaa +-----END CERTIFICATE----- diff --git a/test/ssl/signingCA/newcerts/03.pem b/test/ssl/signingCA/newcerts/03.pem new file mode 100644 index 0000000..0fa27da --- /dev/null +++ b/test/ssl/signingCA/newcerts/03.pem @@ -0,0 +1,61 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 3 (0x3) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=GB, ST=Derbyshire, O=Paho Project, OU=Testing, CN=Signing CA + Validity + Not Before: Aug 20 00:00:00 2012 GMT + Not After : Aug 21 00:00:00 2012 GMT + Subject: C=GB, ST=Nottinghamshire, L=Nottingham, O=Server, OU=Production, CN=test client expired + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:dc:17:82:af:47:dc:71:77:73:c3:69:11:4b:ff: + 27:0e:29:4b:e6:6f:11:78:e4:56:88:c9:34:13:12: + e1:82:ec:24:fe:65:c8:9d:bb:05:54:20:d0:b4:31: + b9:4b:87:f8:4d:e5:c1:ba:99:f8:a2:cc:ff:8e:89: + f2:7a:68:2f:53:42:4d:73:19:5e:ca:7e:b2:fe:3b: + f7:d1:bc:e8:24:fa:77:47:ee:a4:89:cf:d1:dc:e9: + 99:3f:da:0e:d0:1e:c6:40:d2:60:ee:38:83:4e:a4: + dd:46:a3:6a:ac:c9:61:af:d5:23:9d:23:14:b5:31: + d5:ca:66:7a:30:3f:c2:ce:59 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + 17:CD:6D:67:FB:7D:77:59:0F:6C:F1:9B:0E:B0:EB:AE:BE:E0:9D:47 + X509v3 Authority Key Identifier: + keyid:29:4D:6E:C7:F2:F7:71:72:DA:27:9C:9C:AB:DA:07:1D:47:9C:D8:41 + + Signature Algorithm: sha1WithRSAEncryption + 7f:c3:be:e2:5b:d5:68:27:a6:ea:5a:9d:13:f1:21:47:56:7e: + 19:1e:35:47:2c:35:ff:df:81:71:9a:89:04:d0:f1:e6:49:ee: + c7:2a:a7:5d:2e:f2:19:18:77:f3:fe:c8:21:87:28:51:d5:1a: + 1b:7d:d3:36:58:42:39:df:7b:c8:41:a5:71:1f:56:6c:67:c5: + ee:07:45:ad:1a:91:ed:89:ce:ee:8e:48:cd:32:8e:a4:6a:ae: + 55:bb:3d:c0:77:e7:7a:e3:9d:25:d0:5c:03:6c:be:25:16:67: + 0f:d5:e3:c9:7a:c3:66:8d:8b:09:bf:e5:3d:b7:31:d6:80:d6: + fd:c7 +-----BEGIN CERTIFICATE----- +MIIC0jCCAjugAwIBAgIBAzANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJHQjET +MBEGA1UECAwKRGVyYnlzaGlyZTEVMBMGA1UECgwMUGFobyBQcm9qZWN0MRAwDgYD +VQQLDAdUZXN0aW5nMRMwEQYDVQQDDApTaWduaW5nIENBMB4XDTEyMDgyMDAwMDAw +MFoXDTEyMDgyMTAwMDAwMFowgYAxCzAJBgNVBAYTAkdCMRgwFgYDVQQIDA9Ob3R0 +aW5naGFtc2hpcmUxEzARBgNVBAcMCk5vdHRpbmdoYW0xDzANBgNVBAoMBlNlcnZl +cjETMBEGA1UECwwKUHJvZHVjdGlvbjEcMBoGA1UEAwwTdGVzdCBjbGllbnQgZXhw +aXJlZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA3BeCr0fccXdzw2kRS/8n +DilL5m8ReORWiMk0ExLhguwk/mXInbsFVCDQtDG5S4f4TeXBupn4osz/jonyemgv +U0JNcxleyn6y/jv30bzoJPp3R+6kic/R3OmZP9oO0B7GQNJg7jiDTqTdRqNqrMlh +r9UjnSMUtTHVymZ6MD/CzlkCAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhC +AQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFBfN +bWf7fXdZD2zxmw6w666+4J1HMB8GA1UdIwQYMBaAFClNbsfy93Fy2iecnKvaBx1H +nNhBMA0GCSqGSIb3DQEBBQUAA4GBAH/DvuJb1WgnpupanRPxIUdWfhkeNUcsNf/f +gXGaiQTQ8eZJ7scqp10u8hkYd/P+yCGHKFHVGht90zZYQjnfe8hBpXEfVmxnxe4H +Ra0ake2Jzu6OSM0yjqRqrlW7PcB353rjnSXQXANsviUWZw/V48l6w2aNiwm/5T23 +MdaA1v3H +-----END CERTIFICATE----- diff --git a/test/ssl/signingCA/newcerts/04.pem b/test/ssl/signingCA/newcerts/04.pem new file mode 100644 index 0000000..ed93ffe --- /dev/null +++ b/test/ssl/signingCA/newcerts/04.pem @@ -0,0 +1,61 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4 (0x4) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=GB, ST=Derbyshire, O=Paho Project, OU=Testing, CN=Signing CA + Validity + Not Before: Jul 29 19:21:31 2013 GMT + Not After : Jul 28 19:21:31 2018 GMT + Subject: C=GB, ST=Nottinghamshire, L=Nottingham, O=Server, OU=Production, CN=test client revoked + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:bb:3b:8f:80:95:a8:32:56:ed:b9:c0:79:7f:36: + ef:33:39:1b:b1:c3:1c:0b:51:1b:0a:d4:04:ee:39: + 94:ab:fe:bb:d5:c9:72:be:e0:4c:f4:17:17:fe:a4: + e1:f1:69:2c:67:89:63:e7:0f:84:db:6c:bb:12:fb: + 29:4f:63:11:da:cc:22:85:c4:e8:bf:01:ea:3b:43: + b5:32:48:85:39:74:e5:0d:79:f1:12:19:01:b3:48: + bc:be:aa:9a:74:95:bb:d1:a6:78:51:cc:5b:0f:bc: + af:78:01:7b:42:36:43:41:49:7a:25:24:7e:1c:17: + 3a:4e:bb:a2:e9:65:3c:86:87 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + D8:E8:12:3D:B4:66:6A:1C:DC:F7:14:0D:55:0D:9D:81:A7:1C:52:35 + X509v3 Authority Key Identifier: + keyid:29:4D:6E:C7:F2:F7:71:72:DA:27:9C:9C:AB:DA:07:1D:47:9C:D8:41 + + Signature Algorithm: sha1WithRSAEncryption + 07:18:d5:41:31:1b:85:fe:ab:e9:f5:48:c1:c6:38:e1:28:28: + 90:66:10:8c:d7:ef:15:b7:da:89:5e:78:7d:dc:e5:45:e6:2a: + df:1f:3d:80:5f:0c:87:c8:5c:7e:bd:5b:1c:e3:a0:e2:ab:ee: + e7:8b:82:ec:94:2a:c4:1e:62:fd:4f:f7:ce:78:8f:a5:5a:96: + a7:76:3b:f5:37:73:1f:a0:d7:f0:6f:c5:d6:42:6a:bd:51:2d: + f1:4c:1b:3e:63:51:3f:47:7f:88:a7:16:de:c7:c0:3c:96:78: + a7:76:17:b9:48:85:83:18:bf:9d:b6:14:fa:1e:63:f9:86:2c: + 8a:b1 +-----BEGIN CERTIFICATE----- +MIIC0jCCAjugAwIBAgIBBDANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJHQjET +MBEGA1UECAwKRGVyYnlzaGlyZTEVMBMGA1UECgwMUGFobyBQcm9qZWN0MRAwDgYD +VQQLDAdUZXN0aW5nMRMwEQYDVQQDDApTaWduaW5nIENBMB4XDTEzMDcyOTE5MjEz +MVoXDTE4MDcyODE5MjEzMVowgYAxCzAJBgNVBAYTAkdCMRgwFgYDVQQIDA9Ob3R0 +aW5naGFtc2hpcmUxEzARBgNVBAcMCk5vdHRpbmdoYW0xDzANBgNVBAoMBlNlcnZl +cjETMBEGA1UECwwKUHJvZHVjdGlvbjEcMBoGA1UEAwwTdGVzdCBjbGllbnQgcmV2 +b2tlZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuzuPgJWoMlbtucB5fzbv +MzkbscMcC1EbCtQE7jmUq/671clyvuBM9BcX/qTh8WksZ4lj5w+E22y7EvspT2MR +2swihcTovwHqO0O1MkiFOXTlDXnxEhkBs0i8vqqadJW70aZ4UcxbD7yveAF7QjZD +QUl6JSR+HBc6Trui6WU8hocCAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhC +AQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFNjo +Ej20Zmoc3PcUDVUNnYGnHFI1MB8GA1UdIwQYMBaAFClNbsfy93Fy2iecnKvaBx1H +nNhBMA0GCSqGSIb3DQEBBQUAA4GBAAcY1UExG4X+q+n1SMHGOOEoKJBmEIzX7xW3 +2oleeH3c5UXmKt8fPYBfDIfIXH69WxzjoOKr7ueLguyUKsQeYv1P9854j6Valqd2 +O/U3cx+g1/BvxdZCar1RLfFMGz5jUT9Hf4inFt7HwDyWeKd2F7lIhYMYv522FPoe +Y/mGLIqx +-----END CERTIFICATE----- diff --git a/test/ssl/signingCA/serial b/test/ssl/signingCA/serial new file mode 100644 index 0000000..eeee65e --- /dev/null +++ b/test/ssl/signingCA/serial @@ -0,0 +1 @@ +05 diff --git a/test/ssl/signingCA/serial.old b/test/ssl/signingCA/serial.old new file mode 100644 index 0000000..6496923 --- /dev/null +++ b/test/ssl/signingCA/serial.old @@ -0,0 +1 @@ +04 diff --git a/test/ssl/test-alt-ca.crt b/test/ssl/test-alt-ca.crt new file mode 100644 index 0000000..87f092a --- /dev/null +++ b/test/ssl/test-alt-ca.crt @@ -0,0 +1,58 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=GB, ST=Derbyshire, L=Derby, O=Paho Project, OU=Testing, CN=Root CA + Validity + Not Before: Jul 29 19:21:30 2013 GMT + Not After : Jul 28 19:21:30 2018 GMT + Subject: C=GB, ST=Derbyshire, O=Paho Project, OU=Testing, CN=Alternative Signing CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:d3:16:c8:c3:0c:90:e5:68:3d:11:13:a7:8e:fb: + 11:c5:de:aa:3f:4d:ac:95:4f:c4:c2:60:8a:df:95: + b5:db:75:04:76:42:19:5f:d9:63:0e:e4:c0:8e:db: + a5:5f:21:ec:f3:3d:a0:c1:82:8b:61:b4:1a:5b:3c: + 9e:42:bd:5f:5b:b4:a8:00:8d:e1:bf:99:93:c8:45: + 1f:6d:29:ab:67:f0:35:9c:48:0b:a0:a2:18:32:70: + 35:5e:ea:fe:1f:33:ab:b5:85:ef:1d:2a:a9:75:60: + 38:ed:3a:33:be:5d:40:89:cb:0b:b3:25:e8:e7:bc: + 13:6b:62:28:1d:a7:9c:aa:99 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 3A:70:4C:5D:76:C6:B4:CF:E7:BC:4B:F4:CE:C6:B8:46:C2:95:41:9B + X509v3 Authority Key Identifier: + keyid:4A:2B:69:D6:31:1D:A3:68:E8:46:6F:FB:4B:F3:8E:B6:8D:51:0E:BF + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha1WithRSAEncryption + 2f:74:dd:ef:da:03:cf:14:78:ae:6f:0d:04:29:75:db:c5:a2: + c0:fd:1e:46:bf:3c:25:3c:03:3b:a6:f4:f1:3a:89:54:83:e9: + 3a:0f:d7:81:9a:8d:7f:2d:6b:b1:ca:17:7f:ef:93:18:c4:68: + b8:b2:1d:d2:9c:d9:9f:66:9d:18:25:18:b4:4f:72:bf:24:c5: + 0c:2d:fc:cf:ad:c8:ff:25:f1:36:12:72:b4:46:e1:c9:17:19: + c5:1e:f5:26:8a:ae:33:5f:69:16:6f:62:ce:fc:ba:c3:a3:c5: + 50:a3:a5:42:a9:02:6a:25:77:90:3e:e3:b7:e5:ac:7f:3f:bb: + 1c:17 +-----BEGIN CERTIFICATE----- +MIICnzCCAgigAwIBAgIBAjANBgkqhkiG9w0BAQUFADBtMQswCQYDVQQGEwJHQjET +MBEGA1UECAwKRGVyYnlzaGlyZTEOMAwGA1UEBwwFRGVyYnkxFTATBgNVBAoMDFBh +aG8gUHJvamVjdDEQMA4GA1UECwwHVGVzdGluZzEQMA4GA1UEAwwHUm9vdCBDQTAe +Fw0xMzA3MjkxOTIxMzBaFw0xODA3MjgxOTIxMzBaMGwxCzAJBgNVBAYTAkdCMRMw +EQYDVQQIDApEZXJieXNoaXJlMRUwEwYDVQQKDAxQYWhvIFByb2plY3QxEDAOBgNV +BAsMB1Rlc3RpbmcxHzAdBgNVBAMMFkFsdGVybmF0aXZlIFNpZ25pbmcgQ0EwgZ8w +DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANMWyMMMkOVoPRETp477EcXeqj9NrJVP +xMJgit+Vtdt1BHZCGV/ZYw7kwI7bpV8h7PM9oMGCi2G0Gls8nkK9X1u0qACN4b+Z +k8hFH20pq2fwNZxIC6CiGDJwNV7q/h8zq7WF7x0qqXVgOO06M75dQInLC7Ml6Oe8 +E2tiKB2nnKqZAgMBAAGjUDBOMB0GA1UdDgQWBBQ6cExddsa0z+e8S/TOxrhGwpVB +mzAfBgNVHSMEGDAWgBRKK2nWMR2jaOhGb/tL8462jVEOvzAMBgNVHRMEBTADAQH/ +MA0GCSqGSIb3DQEBBQUAA4GBAC903e/aA88UeK5vDQQpddvFosD9Hka/PCU8Azum +9PE6iVSD6ToP14GajX8ta7HKF3/vkxjEaLiyHdKc2Z9mnRglGLRPcr8kxQwt/M+t +yP8l8TYScrRG4ckXGcUe9SaKrjNfaRZvYs78usOjxVCjpUKpAmold5A+47flrH8/ +uxwX +-----END CERTIFICATE----- diff --git a/test/ssl/test-alt-ca.key b/test/ssl/test-alt-ca.key new file mode 100644 index 0000000..a9450e1 --- /dev/null +++ b/test/ssl/test-alt-ca.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQDTFsjDDJDlaD0RE6eO+xHF3qo/TayVT8TCYIrflbXbdQR2Qhlf +2WMO5MCO26VfIezzPaDBgothtBpbPJ5CvV9btKgAjeG/mZPIRR9tKatn8DWcSAug +ohgycDVe6v4fM6u1he8dKql1YDjtOjO+XUCJywuzJejnvBNrYigdp5yqmQIDAQAB +AoGAFaQtWwnrxQlF0X1hXWBSNyYX8DuHaRtvgboiIsAXj/NUTMeEEHaaGEnNkBfm +wXUZ9OoplA1NOuwbE6WIWDFQGEgma/yLBdy4HYxQpAbJ1qnR7DyoxQ8NHPhBH+cW +GI92g7NqDEphdoHrWYy5YZYCFVr3pTHXbxlBn/VTLBsQnIECQQDr9BcQxEnPfi6e +Kk8cenA/54tGl7Ewpklb8XBrQrm/djfOAFt+CTMexerBv7BnfgriAg5wtlHtTkpK +BLLULE3pAkEA5QXmZ2WvGl0kvgBYGdiOZAruMobOVxxVxF05gvh8Sw6fNj8pI9pn +sbzyFZWIjcuDBfTLx+GVvkhqtQhs6ZYZMQJBAOSfjR3c45veKrNsUV1Jsavp4cST +xMdbyCcDaSc07x/6HxZGuGAF7/d4VABJiVauBUN6NJ23uuhR/J99r/zvtMkCQCQe +qhfkkZk213Sf2UU6QjrE/ow5dpGGhoBRs6BUUEYGKFYF4BcnevMtOYDt9HtofWGT +GhCMI3G/OhUTHxo38gECQG0nSN+QQ4tddHcktz1rnfwbnmTuNloZLC4ahR67lz75 +uP42Ct0dXPjzakzDCGI2CgNk5QGk/IUO6fq4mYVxqRI= +-----END RSA PRIVATE KEY----- diff --git a/test/ssl/test-bad-root-ca.crt b/test/ssl/test-bad-root-ca.crt new file mode 100644 index 0000000..7d40475 --- /dev/null +++ b/test/ssl/test-bad-root-ca.crt @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICsDCCAhmgAwIBAgIJANKB0fFTAhRpMA0GCSqGSIb3DQEBBQUAMHExCzAJBgNV +BAYTAkdCMRMwEQYDVQQIDApEZXJieXNoaXJlMQ4wDAYDVQQHDAVEZXJieTEVMBMG +A1UECgwMUGFobyBQcm9qZWN0MRAwDgYDVQQLDAdUZXN0aW5nMRQwEgYDVQQDDAtC +YWQgUm9vdCBDQTAeFw0xMzA3MjkxOTIxMjlaFw0yMzA3MjcxOTIxMjlaMHExCzAJ +BgNVBAYTAkdCMRMwEQYDVQQIDApEZXJieXNoaXJlMQ4wDAYDVQQHDAVEZXJieTEV +MBMGA1UECgwMUGFobyBQcm9qZWN0MRAwDgYDVQQLDAdUZXN0aW5nMRQwEgYDVQQD +DAtCYWQgUm9vdCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA6+nf2D7S +IP42qMVmfAEpKZw22qF0mLVjjL22bWVHwwE1CS5euzD/gBM7i0u7hvFgbvI13Yq4 +Du2ebfjv3n4TAIIQg+UOAY5NbzfUG0A+50J6tPpNtnTij3KXskhQRAlvjDSd3TlU +UiONY2HMwaU56ktqXZzZE7prU0RICZ+DK8cCAwEAAaNQME4wHQYDVR0OBBYEFH/5 +0qkqiFd2x/lspeK61TO4PGF1MB8GA1UdIwQYMBaAFH/50qkqiFd2x/lspeK61TO4 +PGF1MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEARtsgIzT+IVRJHYT1 +wP7C2PuXxbRXFG8a0qqGaA0f4SuICq7NvC3bF5l9zDh4yMvftj8keTiOIa3+alw3 +ucdTz25Jaq/ZER/c68cklMPqcgdwcb/RbxpY5t3PittU2J5wAn/MmFfRiqbsxhgW +hkYbAtnqBXzJ8HdN/HmIyFW7+q4= +-----END CERTIFICATE----- diff --git a/test/ssl/test-bad-root-ca.key b/test/ssl/test-bad-root-ca.key new file mode 100644 index 0000000..ffa821e --- /dev/null +++ b/test/ssl/test-bad-root-ca.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQDr6d/YPtIg/jaoxWZ8ASkpnDbaoXSYtWOMvbZtZUfDATUJLl67 +MP+AEzuLS7uG8WBu8jXdirgO7Z5t+O/efhMAghCD5Q4Bjk1vN9QbQD7nQnq0+k22 +dOKPcpeySFBECW+MNJ3dOVRSI41jYczBpTnqS2pdnNkTumtTREgJn4MrxwIDAQAB +AoGBAJk4o/bqDkX5dfy1gPOHOXnaCNKEzJqmLMrrKIHypuIjdZPJ9yLzFu7TDvhQ +rrJdMTm9vHhwMU0Yza41YW2LSsDpeCI0RkpMxG+Aqaxz+kRYPzwDFFI6YAX0NWpS +O9iie9+sDp0MfOwPlDwtY9T7OegrPH/ngtxWxFp7R0YxVLQJAkEA+Or0TgAklxy/ +2LQV27OPFXc0ejYf67hLNdOC66PhTCO18avjEpDEeA00vF5DkqT+VXJVz2XyXX97 ++cCAf3sYhQJBAPKgM3pmHrhMxr+qgyqiTiKD42kASWLDGEDP0EP4tVaZNdwWH2XG +tSanhf6eOdoHlq0+3c3tIDwJZ+uCr21ACtsCQAiUeLVTle9Lg2Vh17sJ9m2j/UAV +K4aBhL4nO0UKEhMAzB23cg1KxirpMZ8olKWyYD3rwf9zISaN5WUXeJZsVM0CQQC5 +GEhNb0yuUzwoil+ojcvH/w/lUeeqZaXCBAghYsKMvzNcpK/tSAt44sKRfYoq8DEe +F+DEscsuogpanAdS9FGTAkAt8POChqwkCSjXQ9TlPQhdL4bRcENBQz6xp9TEOYT+ +M+FFifLj/ke8sRWXjrar1k45u8VWJJmd/0gmsUSiWoaS +-----END RSA PRIVATE KEY----- diff --git a/test/ssl/test-ca-alt.crt b/test/ssl/test-ca-alt.crt deleted file mode 100644 index 37c540c..0000000 --- a/test/ssl/test-ca-alt.crt +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDHjCCAoegAwIBAgIJAK2kGB3tYrLVMA0GCSqGSIb3DQEBBQUAMIGnMQswCQYD -VQQGEwJHQjEXMBUGA1UECAwOVW5pdGVkIEtpbmdkb20xDjAMBgNVBAcMBURlcmJ5 -MR0wGwYDVQQKDBRNb3NxdWl0dG8gVGVzdCBTdWl0ZTEXMBUGA1UECwwOQWx0ZXJu -YXRpdmUgQ0ExFDASBgNVBAMMC3Rlc3QtY2EtYWx0MSEwHwYJKoZIhvcNAQkBFhJj -YS1hbHRAZXhhbXBsZS5jb20wHhcNMTIwNzAzMTQ1MDI3WhcNMzkxMTE5MTQ1MDI3 -WjCBpzELMAkGA1UEBhMCR0IxFzAVBgNVBAgMDlVuaXRlZCBLaW5nZG9tMQ4wDAYD -VQQHDAVEZXJieTEdMBsGA1UECgwUTW9zcXVpdHRvIFRlc3QgU3VpdGUxFzAVBgNV -BAsMDkFsdGVybmF0aXZlIENBMRQwEgYDVQQDDAt0ZXN0LWNhLWFsdDEhMB8GCSqG -SIb3DQEJARYSY2EtYWx0QGV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GN -ADCBiQKBgQDxlFX2Ihc2Uk0ksPe0EJoULBKfr3b5LEuTEqocnypXZ52i61sx8DPd -HM1EBjlxSrUGxPR0mVoL7d/i9kgEs+4seeNeXn27Vot4Wd+jPTyaHbziLUG1L/nZ -112hWfAfqTU6MUFAkv5BNCoHZZKXLybP4tBXgHpwrVzXa9f3hUGfMwIDAQABo1Aw -TjAdBgNVHQ4EFgQUZik8IjLHGc/taXUD60zLp4TA3gkwHwYDVR0jBBgwFoAUZik8 -IjLHGc/taXUD60zLp4TA3gkwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOB -gQAomJg4uKFY3Bi5+k+63O/Ze0SaV9gsgO9GWwb1Jjyi3ZyFTzCGWr3XsD9DsOyT -gHwAzUgDFIyYVXc3kgBBg54wjEA8A7yQ++HIsutEIR3XykbBfU2oS0VbPKejsPrS -4zuGt3nQdYrKI2iD207HG6XiO0VfUTro6BGuazvsfE9jGg== ------END CERTIFICATE----- diff --git a/test/ssl/test-ca-alt.key b/test/ssl/test-ca-alt.key deleted file mode 100644 index 2e14911..0000000 --- a/test/ssl/test-ca-alt.key +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN ENCRYPTED PRIVATE KEY----- -MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQImtEogQ274ucCAggA -MBQGCCqGSIb3DQMHBAgmCV4tCw6jVwSCAoA7cj6maNe06C2LjYbSgRMr4s2DIini -2E1KqqRnrz1Ie3U9a4OzmToGuwDqnYR1uK6ImWHwzFZxXkIfsmJUra2BEnSj7W1N -qGPiQwsBD6L93YyejwoTRFMkkFw6pgdg64eyIstNxYMiiJ9cB+6dc4Z+kY4Ik7Fg -4xR1+PTHVbNpHeM2ApUHuaoOyaMijzdhwwMbUegVdnsrjb6kgM/5EoIsrxvpax4E -JSIk+DpdQ8jspwC6n6RNfYhOJdk6ECSi6Wszz1vfLb76YkSFvSsucxYFK7iH6vW2 -llrW/GqfA1+KQwUbD7RULSne+TIWqkk+Z3u/gpDsDe6qf17b3DLcJFGqRdUZXZ9G -lJfGiWYBro3m/z8gELAfKqVf5BbRYdfAqXdNRHqQkC/VvwsqGknRO0XIawzHxZLA -OajqAZ4MX2lG/GGYGv51bpnB6B7gdT4LcXtJAUUfezBiu+aw0cFxx3Mox+gPQgKy -YimuMLPTVaayFfe963odDwVUTcmh48dIvfvfHonvJA8n6pdF3dl+F4FcJ3yTUdBf -LivlIuXtbobm2ANR4aBrISP47tug11XKs92nGBv5fgvmALr8qjbMLd4naKjA3HR6 -g36cRAu5XBSqN8UNpNyw1lQrQMsNHlFtHhvD5pdh5KuXf9KJrVt6PVUuXCzOb4fW -EvcSSNR2xIJeRkPwdgAIasnnThyCWQPxm+SoYvogNuRMuy/T2k4Y+RtofJ12KfPr -mI7M6x2/TPuSbu9Vnee7Xt67JyCLAv1RLXrzqIIJlHrS4hw7Oza11CBCDbYVT3UE -8Wf1a+L4dF6TSp4NGY6KXaISjvjGGCyueVwH8/YrxnfMk80HvVLNlS3g ------END ENCRYPTED PRIVATE KEY----- diff --git a/test/ssl/test-ca.crt b/test/ssl/test-ca.crt deleted file mode 100644 index 64e29f9..0000000 --- a/test/ssl/test-ca.crt +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDEDCCAnmgAwIBAgIJALKg/M/sjw95MA0GCSqGSIb3DQEBBQUAMIGgMQswCQYD -VQQGEwJHQjEXMBUGA1UECAwOVW5pdGVkIEtpbmdkb20xDjAMBgNVBAcMBURlcmJ5 -MR0wGwYDVQQKDBRNb3NxdWl0dG8gVGVzdCBTdWl0ZTEPMA0GA1UECwwGQnJva2Vy -MRcwFQYDVQQDDA5icm9rZXItdGVzdC1jYTEfMB0GCSqGSIb3DQEJARYQdGVzdEBl -eGFtcGxlLmNvbTAeFw0xMjA3MDMxMTMwMDdaFw0zOTExMTkxMTMwMDdaMIGgMQsw -CQYDVQQGEwJHQjEXMBUGA1UECAwOVW5pdGVkIEtpbmdkb20xDjAMBgNVBAcMBURl -cmJ5MR0wGwYDVQQKDBRNb3NxdWl0dG8gVGVzdCBTdWl0ZTEPMA0GA1UECwwGQnJv -a2VyMRcwFQYDVQQDDA5icm9rZXItdGVzdC1jYTEfMB0GCSqGSIb3DQEJARYQdGVz -dEBleGFtcGxlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxdqM/gN/ -nRuHdvjKQ3nOIHzblSQRmnU17AvusuucKaEAaIBJO05pUryoUfAPhb/QtPbiqGQ+ -VZN5n2Di4MxgYTdQ9SAjJKv/v6TNm23IjlYgt5XnXbvZhGid/FrTjsldPVEKKKM/ -DTPx24o3coE2KxDOjnfGsR20LPnmEp7icBkCAwEAAaNQME4wHQYDVR0OBBYEFO2l -nlq5L/AmkNaZ0s7OqJr1KoUtMB8GA1UdIwQYMBaAFO2lnlq5L/AmkNaZ0s7OqJr1 -KoUtMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAEaeNG4qmUrJtQqR6 -Kq8rIYBfYpkhlWTgo/uOxo8OgAjwhrYja7SBiSDOk7dk+OPdvMxxLIalzb+4IaoH -IMoFBsCuJApFBEkaxE4W6AZA7wjtwq5t3HbRtRD44soBtoeHhPILFfKuWpYVM4Vg -esxJKdf10bGX48nXFREBcSg6ce4= ------END CERTIFICATE----- diff --git a/test/ssl/test-ca.key b/test/ssl/test-ca.key deleted file mode 100644 index 13f7a41..0000000 --- a/test/ssl/test-ca.key +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN ENCRYPTED PRIVATE KEY----- -MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI9H1Lfg1rh7wCAggA -MBQGCCqGSIb3DQMHBAi1Lzw2lwTCCgSCAoAJV4++qH5sbnxx4yOO2OYOn8ceZePP -xjfFHgG3D6AxrQtNnzIqk/WTeSOJKPn3jt5AZmpr///t2cEb45KZFPJff/CzXtfM -jxhbklkTZLBv+4S7Z/Me0Z14eJdjk2uGDnV2dJdCOB7U+Ig06dfyliHktC/CIqiH -5v9qsGog9Dv1oauN6HGcWjIz/fXI3THBRlynNo4tv1BOaoxDXTYenHgo2v4CXmsQ -chOQX6u/RDDpht9Dm45IFQKcHfHbHIpB9s0iXXm+9kbDAdxIRfNV2EywK53Xm3D8 -u0iynbmAlUh30d0n+0sLEbITrs6BTS+/eCvRUnPqerYTVBOpGb+o4GiVLm3LsogH -3nuh//JlRDD894rHLqQQ4uzXHvn1fVFNe+th8kjiIVEr6NevIIBPvTnPrxSFco4k -CHmOMmm+hhp2B2sZa2IFfIKJ64DrmiT5mezG4aMRjkB2PK0MNDctoYdhQYmB01VR -1P0r5svnt39tNep6jQhydiMOXhyhX2AVfbTBG9izoi0Sn2eQ0tYtlT+oQzw7yxK2 -7MOo7PTemlvIsCVgyL1+OkVSBn+n0nHEgRd+DNsu1gsmetUpENfYtqjqnKD6FDLN -gOPJ3Eoj7XIo5qTrKbJd2EQNlzMFCMikfWHcijRLioEhS9tx8PHppdP7MSinXAYc -IsWN1+4lIHj8jsnEWDp3UWy6FkLFsy5iOayWsC1PjJqo4yVdsYJ/Ef34g5IBBB1x -AC7Orq6ZGWoV4jFXkzFj/FhOpf9G6wpQ30qiW/wnVUT09Nr45vsOqcLChLxUO7s7 -VQk9XcDNhUJQB9uVUgF+Z536CG6U9K9fZSqK72iN/1t+dhQn/eZbrwLL ------END ENCRYPTED PRIVATE KEY----- diff --git a/test/ssl/test-fake-root-ca.crt b/test/ssl/test-fake-root-ca.crt new file mode 100644 index 0000000..239a74b --- /dev/null +++ b/test/ssl/test-fake-root-ca.crt @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICqDCCAhGgAwIBAgIJALWM56dkMt5jMA0GCSqGSIb3DQEBBQUAMG0xCzAJBgNV +BAYTAkdCMRMwEQYDVQQIDApEZXJieXNoaXJlMQ4wDAYDVQQHDAVEZXJieTEVMBMG +A1UECgwMUGFobyBQcm9qZWN0MRAwDgYDVQQLDAdUZXN0aW5nMRAwDgYDVQQDDAdS +b290IENBMB4XDTEzMDcyOTE5MjEzMFoXDTIzMDcyNzE5MjEzMFowbTELMAkGA1UE +BhMCR0IxEzARBgNVBAgMCkRlcmJ5c2hpcmUxDjAMBgNVBAcMBURlcmJ5MRUwEwYD +VQQKDAxQYWhvIFByb2plY3QxEDAOBgNVBAsMB1Rlc3RpbmcxEDAOBgNVBAMMB1Jv +b3QgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOpNNgRF6qhcGxndkPFE +1uZVQZ2x9GV3UlARuTnG89MX+6W+fXQ0gfdcbKs1/puhFqvrcqrWmoIgRtM/lZR/ +YDs5EXfpb13V5pDDn8X7AD2+poUb9eHxcB6fKuRbyt1PsS42umwUlpIDtK6p6H8/ +ZfxSiOE73kyY6CUvJfTC4WHrAgMBAAGjUDBOMB0GA1UdDgQWBBSXmasVth7iUHhF +8MDaBnSIGBV4qzAfBgNVHSMEGDAWgBSXmasVth7iUHhF8MDaBnSIGBV4qzAMBgNV +HRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBANAYCcz14fk3Y+9CBMm/kitCWAkI +Ia54KL0A8ynqrLHssO3Ilq+wb10vSNLxhsdws3zNAfXteFxOvGm24Yu+8oTBQ26K +QfTp/cH9yoF97ONMxg7rqANOJeYv0BeJdDcgjCMgmql5ETEz2cf9tTWBUAtd1ZZC +YPS5aiNsetk+XuS9 +-----END CERTIFICATE----- diff --git a/test/ssl/test-fake-root-ca.key b/test/ssl/test-fake-root-ca.key new file mode 100644 index 0000000..4a040e9 --- /dev/null +++ b/test/ssl/test-fake-root-ca.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQDqTTYEReqoXBsZ3ZDxRNbmVUGdsfRld1JQEbk5xvPTF/ulvn10 +NIH3XGyrNf6boRar63Kq1pqCIEbTP5WUf2A7ORF36W9d1eaQw5/F+wA9vqaFG/Xh +8XAenyrkW8rdT7EuNrpsFJaSA7Suqeh/P2X8UojhO95MmOglLyX0wuFh6wIDAQAB +AoGBAMhOUgu9Kivc8l5eiXd6fq5T3NDQPjwwknJZdJzsda7WJhFAlUgvS50Jqu2E +L7MlOJippVJgPZ9ZsLMQ/PQDIWRdLg2K9VLS4nPl3p7LzHoDmqDnMLPo9fUGBile +EnWwSSCWrz8ATyDO1ct5oJmK/S9QRxdvtw+6SbmorhnzypihAkEA+9LNpjnpuOWf +iF0TGWKhK53WPtiCBnuisXGZEZws9mzFGlfdR98sBDyekl7oHOb+JI0SDpPl3PBE +hZXcF7VPtQJBAO4wA1sxXqfYUazt6SInUTzpaNZ9xPrK0p1PgxZLxJrZV6hZByvW +FGb+cKGnOHIYq4tnCg0cyRe1xX4MJU6wrx8CQGRtNUZNYkAykuS2+Z7uDohucbqu +bWxYchGB1CGJvwSnbBONZtn6znsCEdsdrkOYe1HoUIMvyEPMLgd4NEXgMOECQF+u +y/pbR9IXVSAp5oiA0OKuRR49Id85kQf+xAM15sHp44vOT9ItSr7hIa/etA8pl+gF +OYVw9dtfevmauXX2BjMCQQCrse1jUAp3xmsXwb1JieclSh/C/FcGeo6DYpIcm9bK +RiVCmpzy3hOqYW137l5WvpUwZmN2wPvaKCacF/t75EiG +-----END RSA PRIVATE KEY----- diff --git a/test/ssl/test-root-ca.crt b/test/ssl/test-root-ca.crt new file mode 100644 index 0000000..92dd583 --- /dev/null +++ b/test/ssl/test-root-ca.crt @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICqDCCAhGgAwIBAgIJAKrzwmdXIUxsMA0GCSqGSIb3DQEBBQUAMG0xCzAJBgNV +BAYTAkdCMRMwEQYDVQQIDApEZXJieXNoaXJlMQ4wDAYDVQQHDAVEZXJieTEVMBMG +A1UECgwMUGFobyBQcm9qZWN0MRAwDgYDVQQLDAdUZXN0aW5nMRAwDgYDVQQDDAdS +b290IENBMB4XDTEzMDcyOTE5MjEyOVoXDTIzMDcyNzE5MjEyOVowbTELMAkGA1UE +BhMCR0IxEzARBgNVBAgMCkRlcmJ5c2hpcmUxDjAMBgNVBAcMBURlcmJ5MRUwEwYD +VQQKDAxQYWhvIFByb2plY3QxEDAOBgNVBAsMB1Rlc3RpbmcxEDAOBgNVBAMMB1Jv +b3QgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKbPzEEWCKsjjwjJ787u +Q32k5EdqoDddMEjSVbZNSNEwUew1L7O8NTbmtCEeVFQjOLAdmdiF3rQbXHV+Zew0 +jt2g4vtPpl1GOG6jA/6YznKAyQdvGCdYfGZUN2tN+mbtVxWqkHZitQDQGaSHnx24 +NX649La2uyFy+7l9o8++xPONAgMBAAGjUDBOMB0GA1UdDgQWBBRKK2nWMR2jaOhG +b/tL8462jVEOvzAfBgNVHSMEGDAWgBRKK2nWMR2jaOhGb/tL8462jVEOvzAMBgNV +HRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAEd+gW86/W+fisz5PFHAeEw7zn9q +dzLHm7+QZgNLZ9h7/ZbhObRUFMRtU2xm4amyh85h7hUE5R2E2uW2OXumic7/D4ZD +6unjr4m5jwVWDTqTUYIcNSriyoDWAVlPfOWaU5NyUhqS1DM28tvOWVHVLCxmVcZl +tJQqo5eHbQ/+Hjfx +-----END CERTIFICATE----- diff --git a/test/ssl/test-root-ca.key b/test/ssl/test-root-ca.key new file mode 100644 index 0000000..3cb7148 --- /dev/null +++ b/test/ssl/test-root-ca.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQCmz8xBFgirI48Iye/O7kN9pORHaqA3XTBI0lW2TUjRMFHsNS+z +vDU25rQhHlRUIziwHZnYhd60G1x1fmXsNI7doOL7T6ZdRjhuowP+mM5ygMkHbxgn +WHxmVDdrTfpm7VcVqpB2YrUA0Bmkh58duDV+uPS2trshcvu5faPPvsTzjQIDAQAB +AoGAFVhNqJ5rKYr5SISefPocBL3OwByyt6LjBM51TUiCYtIuCW2c1wDkRkwrDHnX +DJUdMdv3za8DmkROBnLQE/N9vEVhrfrDpBpU6ne/0tbxRlmDi1ihH+zgBUZkIkQo +kP5kQrV6Tfv7zhFv6cZzewRjGYzTwt8xWB54bKFlsJSlj/kCQQDY0AirnfIVyK+0 +mkqwYEiXWCQfkdRtbLBwpE8S/bbMQVb+Qxh8iCEdw3u1/c/GRFG/qUQ/54/Tetlx +ZWTTusuXAkEAxPY1+EyW90I8cDSBsrL+S47meut5Qp1Z/WspKjuZgozT7YnECK1k +JWyXIfBixMIqeQp+pVfVRtYSumvnVhAuewJAA3ylBw2NPShzGvZ4SQnjYPu76P4R +aoka9VTPKMEH1ZUfbwtpM2eFENN6A91HICstHWX9gQGaYI5TPO2ih30zlQJBAIRH +06FqVu3DJ3I4YW8R9eXrGHIvmaYapeikQuZhVs0uJdtf7i/hu+PClZIurzb0LLBU +UxBa+Bt2BOf9NkY/4ecCQQCYLGMiKrfckXC6VtQalLuEXkeE8spcdh/NV22Qpim5 +xfir6M2ZcPDxaFpPmSDSS1TRTaeulX/djUE35EdNPVP8 +-----END RSA PRIVATE KEY----- diff --git a/test/ssl/test-signing-ca.crt b/test/ssl/test-signing-ca.crt new file mode 100644 index 0000000..3a10151 --- /dev/null +++ b/test/ssl/test-signing-ca.crt @@ -0,0 +1,57 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=GB, ST=Derbyshire, L=Derby, O=Paho Project, OU=Testing, CN=Root CA + Validity + Not Before: Jul 29 19:21:30 2013 GMT + Not After : Jul 28 19:21:30 2018 GMT + Subject: C=GB, ST=Derbyshire, O=Paho Project, OU=Testing, CN=Signing CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:dc:26:78:40:ae:b2:ad:2f:26:12:0a:d5:b1:18: + 80:16:d8:88:be:0b:42:ce:32:ad:12:d5:f5:78:1b: + 35:28:f2:13:1b:05:09:fb:7e:d7:d9:a1:8a:0d:4a: + fe:95:37:d4:16:75:83:e4:6a:44:34:33:57:2e:49: + ba:bc:b4:cf:d0:c0:87:e0:bc:f0:60:76:14:00:d6: + eb:cb:f6:db:b3:43:f1:c8:4d:4a:0a:bb:e0:37:7c: + 8e:93:1f:a0:87:68:59:fe:0c:25:40:f3:7c:fd:71: + 90:55:ef:de:18:b4:08:86:c9:75:c2:99:2f:ce:12: + bf:c5:5e:cf:5f:f1:06:53:07 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 29:4D:6E:C7:F2:F7:71:72:DA:27:9C:9C:AB:DA:07:1D:47:9C:D8:41 + X509v3 Authority Key Identifier: + keyid:4A:2B:69:D6:31:1D:A3:68:E8:46:6F:FB:4B:F3:8E:B6:8D:51:0E:BF + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha1WithRSAEncryption + 48:ec:d7:80:8a:8f:82:a6:42:b1:89:2c:b9:4b:6d:0a:37:b8: + 72:19:05:de:75:80:0c:d6:41:97:b2:d7:fe:99:cb:7e:c4:0e: + 77:97:09:a8:9f:87:ff:0b:de:3f:1c:dc:1e:fe:09:36:a7:f5: + 54:9a:85:4e:fb:6f:27:fe:0f:29:45:61:8d:07:c6:0c:da:37: + 3d:a3:69:4b:82:71:e6:24:e0:87:a6:ee:d5:87:61:dd:8f:08: + fe:33:a6:1f:ae:b2:ae:1f:d8:2c:20:c8:a6:fc:33:0e:82:68: + 80:23:61:10:ad:5c:1d:80:d6:b1:5f:e4:af:66:6d:63:10:e4: + 96:e4 +-----BEGIN CERTIFICATE----- +MIICkzCCAfygAwIBAgIBATANBgkqhkiG9w0BAQUFADBtMQswCQYDVQQGEwJHQjET +MBEGA1UECAwKRGVyYnlzaGlyZTEOMAwGA1UEBwwFRGVyYnkxFTATBgNVBAoMDFBh +aG8gUHJvamVjdDEQMA4GA1UECwwHVGVzdGluZzEQMA4GA1UEAwwHUm9vdCBDQTAe +Fw0xMzA3MjkxOTIxMzBaFw0xODA3MjgxOTIxMzBaMGAxCzAJBgNVBAYTAkdCMRMw +EQYDVQQIDApEZXJieXNoaXJlMRUwEwYDVQQKDAxQYWhvIFByb2plY3QxEDAOBgNV +BAsMB1Rlc3RpbmcxEzARBgNVBAMMClNpZ25pbmcgQ0EwgZ8wDQYJKoZIhvcNAQEB +BQADgY0AMIGJAoGBANwmeECusq0vJhIK1bEYgBbYiL4LQs4yrRLV9XgbNSjyExsF +Cft+19mhig1K/pU31BZ1g+RqRDQzVy5Jury0z9DAh+C88GB2FADW68v227ND8chN +Sgq74Dd8jpMfoIdoWf4MJUDzfP1xkFXv3hi0CIbJdcKZL84Sv8Vez1/xBlMHAgMB +AAGjUDBOMB0GA1UdDgQWBBQpTW7H8vdxctonnJyr2gcdR5zYQTAfBgNVHSMEGDAW +gBRKK2nWMR2jaOhGb/tL8462jVEOvzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEB +BQUAA4GBAEjs14CKj4KmQrGJLLlLbQo3uHIZBd51gAzWQZey1/6Zy37EDneXCaif +h/8L3j8c3B7+CTan9VSahU77byf+DylFYY0HxgzaNz2jaUuCceYk4Iem7tWHYd2P +CP4zph+usq4f2CwgyKb8Mw6CaIAjYRCtXB2A1rFf5K9mbWMQ5Jbk +-----END CERTIFICATE----- diff --git a/test/ssl/test-signing-ca.csr b/test/ssl/test-signing-ca.csr new file mode 100644 index 0000000..f9bfdf5 --- /dev/null +++ b/test/ssl/test-signing-ca.csr @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBsDCCARkCAQAwcDELMAkGA1UEBhMCR0IxEzARBgNVBAgMCkRlcmJ5c2hpcmUx +DjAMBgNVBAcMBURlcmJ5MRUwEwYDVQQKDAxQYWhvIFByb2plY3QxEDAOBgNVBAsM +B1Rlc3RpbmcxEzARBgNVBAMMClNpZ25pbmcgQ0EwgZ8wDQYJKoZIhvcNAQEBBQAD +gY0AMIGJAoGBANwmeECusq0vJhIK1bEYgBbYiL4LQs4yrRLV9XgbNSjyExsFCft+ +19mhig1K/pU31BZ1g+RqRDQzVy5Jury0z9DAh+C88GB2FADW68v227ND8chNSgq7 +4Dd8jpMfoIdoWf4MJUDzfP1xkFXv3hi0CIbJdcKZL84Sv8Vez1/xBlMHAgMBAAGg +ADANBgkqhkiG9w0BAQUFAAOBgQBhVBQJfwlQ1UcSyuRdJN8skHeWyiFHfRl3bEHf +PS6A1+yr4uZoBTA6AJb3mItXCns1mb4+/mgrlud4KXG5kPzGas7eNpC1fqFywGAC +zS2sA9TzShD+OUR5VDD+d4UqdYUspP+r/aHY1FUVlBL9tC/mUkURXVR2+BUkYnR7 +elw/ig== +-----END CERTIFICATE REQUEST----- diff --git a/test/ssl/test-signing-ca.key b/test/ssl/test-signing-ca.key new file mode 100644 index 0000000..2826af0 --- /dev/null +++ b/test/ssl/test-signing-ca.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICWwIBAAKBgQDcJnhArrKtLyYSCtWxGIAW2Ii+C0LOMq0S1fV4GzUo8hMbBQn7 +ftfZoYoNSv6VN9QWdYPkakQ0M1cuSbq8tM/QwIfgvPBgdhQA1uvL9tuzQ/HITUoK +u+A3fI6TH6CHaFn+DCVA83z9cZBV794YtAiGyXXCmS/OEr/FXs9f8QZTBwIDAQAB +AoGAEEMDNPvylNpbvI9yU3+Uzps2FpusVqDlqfOGC1YvKhQflypbH2myNhA5q1uz +zH/wOax6jp/O4/A6619k3NWaWBUSDeD1jczdzzDB6Eq1+6oj1szwLBA5EQHz5tuM +0BIWVGv12bqY/LGBbYsIABBTr584rA3QSgM3K4SPxKKiyYECQQD6ELRf6hfd5qhs +8RJY5f3yXaV6rSpz8meht4VwMguiYwNBHrHAHxgumMfLiJ2PWa+6aFUxcWs93RfL +5Tzn2DtHAkEA4WADib1R05V3X2XcU9ursA0va5nPEtQ0fNJAUm4iJOtEElk61Ku4 +0KFokloTovpAgno+QxQdy1trwBz/ov2KQQJAaNeaGGCYUxPC57IHBDihSP1UROPX +Wbd3FYlRK+H/mLy0f5fz5F3lEJxDoCUOEi0DDT9zAIDR+qT4tibNa1LwPwJAQDtT +BtCUH487pE6tiqDSv6wiVbJSV/VuuBxcBKIqzQbYMbqIj9AZLiyyVvOhIRPditI4 +KHn1O93kSa56FQPZgQJAV0mCqYciPBU4z3qtLGIDqdzTszBh4U5cTu5M+TICrg20 +dtH2X0dETx7c2+7FDkr1ktVq9skJAXMw6mWM8FMYFg== +-----END RSA PRIVATE KEY----- -- 2.39.5