From: Joni Hahkala Date: Mon, 30 Jan 2012 12:35:59 +0000 (+0000) Subject: default to adding the keyUsage extension to all certificates as required by rfc 5280. X-Git-Url: http://scientific.zcu.cz/git/?a=commitdiff_plain;h=55188797bc05d7117cef4e1ada5ab4f9ce2478f5;p=glite-security-test-utils.git default to adding the keyUsage extension to all certificates as required by rfc 5280. --- diff --git a/config/req_conf.cnf b/config/req_conf.cnf index 21270d8..99cd9fe 100644 --- a/config/req_conf.cnf +++ b/config/req_conf.cnf @@ -59,6 +59,8 @@ basicConstraints = CA:TRUE [ ca_server ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # This is OK for an SSL server. nsCertType = server nsComment = "OpenSSL Generated Server Certificate" @@ -66,35 +68,45 @@ nsComment = "OpenSSL Generated Server Certificate" # nsCertType = objsign [ ca_altname ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # This is OK for an SSL server. nsCertType = server nsComment = "OpenSSL Generated Server Certificate" subjectAltName = DNS:*.hoo.org,DNS:joo.haa.org,IP:123.124.220.1,DNS:g*a.e*.com [ ca_altname2 ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # This is OK for an SSL server. nsCertType = server nsComment = "OpenSSL Generated Server Certificate" subjectAltName = $ENV::DNS_HOSTNAME [ ca_altname3 ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # This is OK for an SSL server. nsCertType = server nsComment = "OpenSSL Generated Server Certificate" subjectAltName = email:john.doe@foo.bar [ ca_client ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # For normal client use this is typical nsCertType = client, email nsComment = "OpenSSL Generated Client Certificate" [ ca_clientserver ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # For normal client use this is typical nsCertType = server, client, email nsComment = "OpenSSL Generated Client Server Certificate" [ ca_fclient ] -# This is typical in keyUsage for a client certificate. +# Test cert without flags. basicConstraints = CA:false keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment nsComment = "OpenSSL Generated Client Certificate with key usage" diff --git a/test/bad-ca/bad.cert b/test/bad-ca/bad.cert index 51504c4..a906e4f 100644 --- a/test/bad-ca/bad.cert +++ b/test/bad-ca/bad.cert @@ -1,19 +1,19 @@ -----BEGIN CERTIFICATE----- -MIIC/zCCAmigAwIBAgIJAPyX1GUEW7U4MA0GCSqGSIb3DQEBBQUAMFkxCzAJBgNV +MIIC/zCCAmigAwIBAgIJAIr7MlTxfRzEMA0GCSqGSIb3DQEBBQUAMFkxCzAJBgNV BAYTAlVHMQ8wDQYDVQQHEwZUcm9waWMxDzANBgNVBAoTBlV0b3BpYTETMBEGA1UE -CxMKUmVsYXhhdGlvbjETMBEGA1UEAxMKdGhlIGJhZCBDQTAeFw0xMDEyMTYxNzIz -MDlaFw0zODA1MDMxNzIzMDlaMFkxCzAJBgNVBAYTAlVHMQ8wDQYDVQQHEwZUcm9w +CxMKUmVsYXhhdGlvbjETMBEGA1UEAxMKdGhlIGJhZCBDQTAeFw0xMjAxMzAxMjE4 +NDlaFw0yNTEwMDgxMjE4NDlaMFkxCzAJBgNVBAYTAlVHMQ8wDQYDVQQHEwZUcm9w aWMxDzANBgNVBAoTBlV0b3BpYTETMBEGA1UECxMKUmVsYXhhdGlvbjETMBEGA1UE -AxMKdGhlIGJhZCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyFjAIRIE -hy7WExZv2wzxQhCjS83hm7MFHhTsL5n+mkWWkpVQaLmGWXrnyn3IUbD2lu5KysL6 -Y3lYqlYBy+z47C0cGLfhLN3K5b5FLSgG+lGGwVdjWIlh3OrLIF/JPvkiqvUyj4vM -cnHKFLrhCJwH9QfkJaoQPTu2MxWQFt8XEnMCAwEAAaOBzjCByzAMBgNVHRMEBTAD -AQH/MB0GA1UdDgQWBBQuDrF3Ok8SCnxrWpbzpcVrOGfXdjCBiwYDVR0jBIGDMIGA -gBQuDrF3Ok8SCnxrWpbzpcVrOGfXdqFdpFswWTELMAkGA1UEBhMCVUcxDzANBgNV +AxMKdGhlIGJhZCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArzvmjayO +WK0rPrBaasFsHJ6ZaXvnHgQ2vm1vfTfw1E3I6P/3iqqzmhEABeLfPrgybZya6RO7 +SCDWMOVOHGX4xdWxUAUea7ehpmLduRcGedt6hJ+jsex7UfRoQRKeobVXEZQLR6Yr +R8IANYFsvLriWtfCjP2kdD5NN6/bfDsT+ecCAwEAAaOBzjCByzAMBgNVHRMEBTAD +AQH/MB0GA1UdDgQWBBSPD7RDRGeCxsPZt5e4Dwl3j8tnRjCBiwYDVR0jBIGDMIGA +gBSPD7RDRGeCxsPZt5e4Dwl3j8tnRqFdpFswWTELMAkGA1UEBhMCVUcxDzANBgNV BAcTBlRyb3BpYzEPMA0GA1UEChMGVXRvcGlhMRMwEQYDVQQLEwpSZWxheGF0aW9u -MRMwEQYDVQQDEwp0aGUgYmFkIENBggkA/JfUZQRbtTgwDgYDVR0PAQH/BAQDAgEG -MA0GCSqGSIb3DQEBBQUAA4GBAMT1HF5n25PgC9dybe2AQzGV9iFIU7KDITtNmGwJ -iOQ6eg+p5d037jxHNSF0EJjAAfCJDGUOn4bZhEDv8zDzVUuuY63yngZ5arVDZaZT -EUF00J6JI389GNqg1ZxpYgSu5gkiSEydr0g5NL6Gu0JsCp5ZVNP1k/thUGqavxMw -feKY +MRMwEQYDVQQDEwp0aGUgYmFkIENBggkAivsyVPF9HMQwDgYDVR0PAQH/BAQDAgEG +MA0GCSqGSIb3DQEBBQUAA4GBAKHxmA8kkBrCQUl3HvyD2Q6zIv+Cg5z1luB2Wz+a +s32yar0yoYR3cOTF5ZrpO5dhJbKZgGD49pcVFFOFjke4+kbwRXIow/r9pc82yHMD +NiVZ4bLbVBJ6H1ZjLrGGnqA8PviYWSN4qYxUVMHWZJpyxS8JOYIJIC1VVoSPlyH6 +v/o7 -----END CERTIFICATE----- diff --git a/test/bad-ca/bad.p12 b/test/bad-ca/bad.p12 index 9673666..724d3dd 100644 Binary files a/test/bad-ca/bad.p12 and b/test/bad-ca/bad.p12 differ diff --git a/test/bad-ca/bad.priv b/test/bad-ca/bad.priv index 0faee27..f6350fc 100644 --- a/test/bad-ca/bad.priv +++ b/test/bad-ca/bad.priv @@ -1,15 +1,16 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQDIWMAhEgSHLtYTFm/bDPFCEKNLzeGbswUeFOwvmf6aRZaSlVBo -uYZZeufKfchRsPaW7krKwvpjeViqVgHL7PjsLRwYt+Es3crlvkUtKAb6UYbBV2NY -iWHc6ssgX8k++SKq9TKPi8xyccoUuuEInAf1B+QlqhA9O7YzFZAW3xcScwIDAQAB -AoGAKoBhaeKXoVH3Sh9VZWPufnRnH/qyJMSqjkIkBMkncPTYR4pzf3P0I2FmcNeU -OnhPJ5+vsCoC0j146NHMGcXQ3HFyOJkH0JdQVw4+DtV361mmQ82rLI8wPnACw4oN -CLG2NyZFBhisxsk8n2H7MdblAFcEwNUDkePF2L9pdbspXWkCQQDkF87ohjcbf35r -yI3oJqcu10GkD6HGblnGOMakrloBDbXDg8CqcNHOYhCDWxZnvwZdVTvnIUM8Ky6R -2vIpu7D3AkEA4NvjhP6t9pI23bnc/31R33c4Lzr/w3htImB1ckBjeRr/+a9RJDgL -ZfjYEbESxpTYkeaxKc0ZDhzgzmzGygiHZQJBAJkvXChRq0TudQsSICvfebw9mLoE -PZO0nNpBWzdSWOQIPyBVpdlR97XxqkFttThr1GxuR9LMRglsvtP6BVT91rUCQHYW -xOwpnE7sBuh3HfsHY6IKSHV1dLDBY/8zzTpNWnBVn60PR3vP+xx4jXDtH8EulnY5 -Qz2Cuu/QdreyJMwhookCQGnQXNNfYJdaJ7poQVgw/6h4LEazL/GUgrBPSKefxJe/ -ns+w5YzdpYOWdydBhB/9J+haE3e/Z8qK0E/z+GSrSNE= ------END RSA PRIVATE KEY----- +-----BEGIN PRIVATE KEY----- +MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAK875o2sjlitKz6w +WmrBbByemWl75x4ENr5tb3038NRNyOj/94qqs5oRAAXi3z64Mm2cmukTu0gg1jDl +Thxl+MXVsVAFHmu3oaZi3bkXBnnbeoSfo7Hse1H0aEESnqG1VxGUC0emK0fCADWB +bLy64lrXwoz9pHQ+TTev23w7E/nnAgMBAAECgYB32peZxTFjU6YlbYeaRwuEE7JI +ZLeyXx12Z/F+ivmMrFtDinesf47yTLhgTkl1Y5USRa/qxVUuQ09dCCnB4LkirKRR +oxbesNaGFRjTZDO3k+78z1Or6yGRPBwqhpEK5HY+9iYEwkhePp/7nmT0v5S9Qf2B +sJixhPi+uH3qrVyeKQJBAOUKLrOZJTP9mhrkPe995Sc6hR0iNE+1htBHdNiWoe8J +1wsPtI74gotX9c5qWmp6X4hGdCmP0upIsfedQfy4/7sCQQDD3FmsWNaxTMEYwXVH +DW2RZFVkOQtCm9ZzcQpwcAkcAGrsSB2AykQC6Fw35FHrkAGICwlD3hDRA9VDNSVZ +zR3FAkADG11A0G4Bw4nonXn9mq6WFqQhngopnqPChYWfPoPZ0z9YhhED83kJ3NqX +vzeUxC4xkgsXWT0aMnw/iKGRhQzrAkAsWmTwM3oC0ofTzFN7kJ3kU91Ggeh74ABz +SgD8L1LQxYNxGG+d76/xHJ9thMXMW2MNZLpnZQ1X189eldVsfZelAkEAkxemU1XQ +2l5sh3VV/+Nc/kZ1Ma/7lphJqVWwvGt4iXgSfvfpY8XKNdvwIkU6L5WXKhmIXn0Q +cY5AfAkr3yDXVg== +-----END PRIVATE KEY----- diff --git a/test/bad-ca/req_conf.cnf b/test/bad-ca/req_conf.cnf index 772b36e..863f5dc 100644 --- a/test/bad-ca/req_conf.cnf +++ b/test/bad-ca/req_conf.cnf @@ -59,6 +59,8 @@ basicConstraints = CA:TRUE [ ca_server ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # This is OK for an SSL server. nsCertType = server nsComment = "OpenSSL Generated Server Certificate" @@ -66,35 +68,45 @@ nsComment = "OpenSSL Generated Server Certificate" # nsCertType = objsign [ ca_altname ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # This is OK for an SSL server. nsCertType = server nsComment = "OpenSSL Generated Server Certificate" subjectAltName = DNS:*.hoo.org,DNS:joo.haa.org,IP:123.124.220.1,DNS:g*a.e*.com [ ca_altname2 ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # This is OK for an SSL server. nsCertType = server nsComment = "OpenSSL Generated Server Certificate" subjectAltName = $ENV::DNS_HOSTNAME [ ca_altname3 ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # This is OK for an SSL server. nsCertType = server nsComment = "OpenSSL Generated Server Certificate" subjectAltName = email:john.doe@foo.bar [ ca_client ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # For normal client use this is typical nsCertType = client, email nsComment = "OpenSSL Generated Client Certificate" [ ca_clientserver ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # For normal client use this is typical nsCertType = server, client, email nsComment = "OpenSSL Generated Client Server Certificate" [ ca_fclient ] -# This is typical in keyUsage for a client certificate. +# Test cert without flags. basicConstraints = CA:false keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment nsComment = "OpenSSL Generated Client Certificate with key usage" diff --git a/test/big-ca/big.cert b/test/big-ca/big.cert index f57f5a9..7cee918 100644 --- a/test/big-ca/big.cert +++ b/test/big-ca/big.cert @@ -1,56 +1,56 @@ -----BEGIN CERTIFICATE----- -MIIKBDCCBeygAwIBAgIJAO61iS86gZAOMA0GCSqGSIb3DQEBBQUAMFkxCzAJBgNV +MIIKBDCCBeygAwIBAgIJAO2oAhKC5DbrMA0GCSqGSIb3DQEBBQUAMFkxCzAJBgNV BAYTAlVHMQ8wDQYDVQQHEwZUcm9waWMxDzANBgNVBAoTBlV0b3BpYTETMBEGA1UE -CxMKUmVsYXhhdGlvbjETMBEGA1UEAxMKdGhlIGJpZyBDQTAeFw0xMDEyMTYxNzIz -MTNaFw0zODA1MDMxNzIzMTNaMFkxCzAJBgNVBAYTAlVHMQ8wDQYDVQQHEwZUcm9w +CxMKUmVsYXhhdGlvbjETMBEGA1UEAxMKdGhlIGJpZyBDQTAeFw0xMjAxMzAxMjE4 +NThaFw0yNTEwMDgxMjE4NThaMFkxCzAJBgNVBAYTAlVHMQ8wDQYDVQQHEwZUcm9w aWMxDzANBgNVBAoTBlV0b3BpYTETMBEGA1UECxMKUmVsYXhhdGlvbjETMBEGA1UE -AxMKdGhlIGJpZyBDQTCCBCIwDQYJKoZIhvcNAQEBBQADggQPADCCBAoCggQBANL4 -TJ9SW2xUysd24EPw09DwTieiFxpUmEJBZy2K651XmuqZRFnIkGw7PsYyHaWbYOvT -E4eyJE0EHZRq76DEudwmeln9q63SVvYak2XYmnlLs6unxf/F580uyLoS8PX0Krey -Jex1RDEipVCM4/eUDn/rfDXE92rQ5lS3RTr/qqc2KvXMZowe8UB231ZNxSvuzx3+ -UcMjxFBeEIC6bh+32uY6RSDKO/pKqO0dSVwKU4UwNplzYLPM1gMaKXhxf1qcdKQa -8Th0eXpXqK0JBNR0OqoAeBWxLSlhZpXvKMiUXvgg2TLiKVozmFGT15eC2QsSq7ij -WD9kbc0d364lGs57upw1aVubzFeaCqDMd5sPyW0MAw93+uZXuRmAwevngVGZzGbI -ArpZhj7+KT8VzATNRkQiZ+/f0koFhY3eAPh1DxExJy0adFSQ7Sf5XBDZNeLVVVjT -WEu3mEZrr7Jo+AvTY9IGA2ETs+JL9QVbmOjyyhVeb6CF+g4VA1gDycH6/yDGENdj -iBvr10Af57Mzxl1wtaE6NM20nvrMPALcBw3Y3EIK9LFDq+EkN63CkczSjKQDsdjf -uGDLELk1l7P6dpqAUbHJaD2JYAARX2IjfLtV/wNZJRWwnLJ9iSb6smaz98vuw5OM -DK2/iUNJxPCe56YYQUqwKSnaUVG3bLRP0+idGb2sUyiytNC95gL76VGnlWeUt4Xo -gj6DPJ/QABcdZ7AhJ/hW8s8yXmjkJyP6pNBr25BY0+LGjP5kuE6YrRQFYcFMrnRS -3FAhd4SkoK3qM0xuTwbzvCbzmcFZDLexG/u6hjm76l0vw4+K0F3bk/ttKZFxvSKm -SDZzQyPrD0a69hKuVD7jt/fD2vU5SkItGpmnnVbuZYssEfE6o450QSbMU4Rcbvw3 -okw5fQYBI7oLdpdLQgMZEtPKGz/76Wqw8eaeAT3rhHZF+wS6/w8NUZtUmem/ESLf -aKDqAmZ4/i8OeCTfn5fbtqyfrni3qR29qlCDlNNcrmM89Vz+p1mSg8hdeAS115Sf -bsbGYtpygeSG0WEAQvG095Gpq4xFmQrbdZ62wTihbQh2rOl8hd2pAO622P8GVj1T -OcK1i4ZtA+TwP789dhr6MgBPn87MlwxDsgNNpcqJyo+CNPJwJ1HgppxJORz/snVC -4dpDcYqsxyOAiKcR2b9jsld9GjxM02cYioxk8L263zbGZ/js7JZvx9Ovu96szdtt -40+bbfQmzbja/fP+rPol/DxQnOhT1/+ub75L4VUx01AWwyFhsK0ozknZ5QgtZxsk -fCuuONW93WQK3uJZdh1MH4q2JOCdl4bvNjJyYFKyma4ZRPCPoI+3VOFqhXV1z7Re -zjsvIuU23dHcepMsinkCAwEAAaOBzjCByzAMBgNVHRMEBTADAQH/MB0GA1UdDgQW -BBSxUNHUrHgUBI5ufRE3C4Uzx2611jCBiwYDVR0jBIGDMIGAgBSxUNHUrHgUBI5u -fRE3C4Uzx2611qFdpFswWTELMAkGA1UEBhMCVUcxDzANBgNVBAcTBlRyb3BpYzEP +AxMKdGhlIGJpZyBDQTCCBCIwDQYJKoZIhvcNAQEBBQADggQPADCCBAoCggQBAOdf +RlWgLzfUL9rRWiOc144dYxxnNo3eVZuBjk14eaRPbayHaOobubHxyVo9TtGo43s9 +PyDvW9dmiv2LaasV89rKs7XmDPn5ITWfkdzuILgRmhAv8eMdtWNRpI5tfDmcd4om +u2Ua1IMrZ9YZf+rLulroa8bOXnR70LxS7wiARx0PUo0hHXPOkGTpL3K/bQI1Cm+o +VnPlE6XyNkmu+EW7d9cuIM66fWI+xwqUkCuqHEr3FpEL/dkkhXjkNDyf898Ev3q/ +6mxg93GnXuy4OeFoLyJDHez+l2mdmqbmWwQHIWCD0qwy/clfPnEsIuWOjH3CosWz +xahhi/zjAhysZzTL/CGbpQn1vFtLOml18lpqsoDoUSaq+W4SEmHV4TkfCnnDu55k +XBYPV2IPeO/UTJapAVjv1jkeUQwuVrmd0EaMwB9jSzPVjYYo2j4YBV8Rm501DrV8 +tPwienD3o0FWfXLVdByr262NXOXbHpNUDbK4gWd9eqRhzXMBSw/4jRKnVpb4o32E +wsAar/LJOVoF9osK2PGaG5tvXH0PP2GUJo59uNmAQ/1Ta2TOTg151+YprakBxOkf +PJEUEqbvWxs0bSVuNcLag/z5ZqzB3tw5BnlA/72XDR/Be74zflkhnTUfAaoO6P3/ +XsscojGgygQZcU6Vc7wCF+kUtowdxD8AvgobQZbsDC1EpZn7y/6l545kAC/D7VJw +8SIWUp1QUtIyl1OEFhecGPsn1NsFWLKOY6PGWsV6gFvGkp4LuXMWKA2VB5s9udAM +CsXq8zCTcWJHbhG8BcxOGudcMtxrc8m9cMVwlSMxP1zVJbf/soDfTqCg643JMNcu +0+7EQlJO+Dsj2mn54vy3WUGugH0iwTlKft3ie+0WbLnryG35b5mvvYL0TP3LoF9X +GFURPwQpKJtQfWGRy9AaBM/pQTPVnZLv4k3cencdJvZUXzUUQv/ma7t1h0wmR/09 +P0LUc5xEhCM1kO7w81DPs03C/h+L7HqtBdUiivCqmjW4IaXCPGG+7Rsj80h2bF71 +38phIz+Lws27cr262uhZENpQ6jo4xvmjat3u0x8P8VXu6L4tkzPpLCKyAHNI1lpZ +QypMWiPaHlCR6BWt92F8dMHhJUwKpxtEGW7XI1Q6kS2q4JT7q1F9zWNg1s+MfwML +lwjZpyfjYDm7Ka+zK8+MPHNILu6UiOOMNkJ41C/H1NRP+h53TH+jrKLj+ZwAgPi2 +0259WaIqcWk+wXnlNC1bEjx8Q3w9r49wJ4/o6yrkTB79XUNWgfAxxUg/Ml8l9nvO +zixO1Osry28QXlbIv47D2kh+PboGpDF2Fty6Orj4dWPXqLVP27zwlyY5o/jyM4J2 +t1/WjIISV4Sh4Gn3+TUCAwEAAaOBzjCByzAMBgNVHRMEBTADAQH/MB0GA1UdDgQW +BBSDDMMlC6a3yAP8hXZ1QxvPlVh0UTCBiwYDVR0jBIGDMIGAgBSDDMMlC6a3yAP8 +hXZ1QxvPlVh0UaFdpFswWTELMAkGA1UEBhMCVUcxDzANBgNVBAcTBlRyb3BpYzEP MA0GA1UEChMGVXRvcGlhMRMwEQYDVQQLEwpSZWxheGF0aW9uMRMwEQYDVQQDEwp0 -aGUgYmlnIENBggkA7rWJLzqBkA4wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEB -BQUAA4IEAQBSE5/nS0jdN4v0rc9V0msXE5rBI3D9zg6ZKvUQW8nYky4pQkY2Mm/v -h60Mu3BpeCUEPTsreJZqiYGJpAeblsjlHzIZXeGpD+VW1/nok3qwrLz/CPYMNzy7 -Qn60Mpd47mvNM5yTygZF/XNO3qT9OTnqa/jmKO6bXJozll8Krb66f/7jSnLRUaVc -kqyuPSNRpINOeOfrtzvzGmyda85S3eipyuHAwANYCbr/RLHIRM1FInJuQJ1utd9S -STzNCfZVO0xMP4jZS3Brno5aQkAPIfysCPvWGWSGAgH92KdL9LqoIHaTGZijtY6A -Fkm4P1MdtGg1X5IaMizFqeDAy/ZAXsrivnnQtucqtNcoP/+kyjrEhgXgHL7xFvQ/ -FVmQ1fZJjp0Wu51bWJFuDXye5p3+x6y9IZk/KY/25m+RQL3Ai95J88maRYz+F1uw -cY1hv1LYKcyOw3K1eCPVpLhBtA7LfZVhZNYuQzEnjrGT2o+y8Y3/9a/JiNUJ57BH -FmlQFsoaGVS08AGuzgLwAX7m1sbltqSLG12dNthso807boKdlqYSPeUctxHBPELQ -Z6KShu3SsanaQaqRMOlhzCktAhMqQ9onM6aAjIE+lXZHOE/vEkIPJ6/uW1+fe6nY -o2jx83RfNTCBMH2TKfu9qnOpCjIW3QAryK6eTacxQsoiFZudQajYKSdXYHejfp1M -WD9eG33z7WVBuf+o7EE6/lhR3vY5E4auB6wqyM3PZJQsAhVqjiaujQee0yiMGja8 -5HVsmv0Pxqi1YnByP6vf2x4KPXzjGrzYqD9VuJuEYl7R9XsRsOOCRKVO+C18iKfe -mcMOt6lYkwEaDiSw9CBfq7I10Ro1Nj/OIoowPV10kyDS1z1gUk/bddl/z4aNkC9K -YeWb9gIf/L3IT6tMklqo46K1pCJAChtreTAHR3Xa6xEC5nkotBQcmlKDHkYzKYeM -u0FW50rohUJ7kz6Djw9IgxEpz6dPJI+C0Hx2I2jbIporD6aK0RiD15/UYu2q8vVp -fJsICJQrLfIzWG++iLlvwApcszWve3CrnWvw6hxzKJ07FX8HMxx3KGPEi3lkUnaR -0lXLLncS4cQSd1k8jRw6ZS68gAMao3wudgijtQlDPSopb4/LUCVCJG38KZ8t+KTZ -fKYcm1TvJFBgK2TIxZIy2g6Y+Es+MpIt2Sb2iV2bf0S0NrJKiNY6Kbl4VktkagTU -LcfHBwp61dJsJwrfoeCFoi50JBMZO2d7Urv70A6RbvhUI43cEj4f4L2ENm/OWMPE -RHAeGUVAQZlmhxqELEAaZK9VGbnvPa9r3m8whn+OkOabWVSZQzMrCizbs5T4EaH1 -m2YchzTLlINAbvI9awVaTdxmWPtWniyb +aGUgYmlnIENBggkA7agCEoLkNuswDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEB +BQUAA4IEAQBIo4+d2oLPML0pb3reUD1I820lLty5Pq2mJ5u84N8XdLD/tCWL6gPC +2vyHycha1mtDjMN8wKKP/VXSythGkoxLRj/58AaAVa3gcFmrcYFXcTQ/YeV8YxqP +pT/KWF1Q6GOnf82DulRdHBtrTvFS05oSPdGMTnMzRvhQjHhYu8YL2fdtkJ0scIcA +s2noEd4g0M7nNodqX6A3FRw/MehX6+d7WhI8bqL1uA6cVOxuvEZvjnDeAKgq07gJ +CRlRw3asds8e0HmIbv4WZ8awDSsw2sDOB5+39s6GmgumEa/UEfpAOZtHOXgNO7RA +td4U9kuKixIKPQjAhL5o2cK1iJQuCzGgcpj4vGt+tvNO3M/stHoEL/mVN5yceXLj +E//aTcWzOhiL5D6HPlch/4xm64PePYhcQhIcnr4/fhXP1CizRXJL9WBxw9BXbJ4f +C9zhgUVYL9cMfrVtJkUIY0lk4ZyurWXVrKvR8pRqXTSc0SXiX11Z7wiUhO4CSYH4 +89ydbzulEaVVkev9DglkK3xpklHstFwI8xn9hvWU3xz/ONdEdP34+SRxs2uXSCz6 +KMCk/YgqwYZ96wwdJC3cabC/rl5srL+aCGRNk4VkYppEXsYaqQ/wK4ucZkejon2L +K7bEsAQqV8q5sbin33mb3dhhzJPjwpEUWp8Yst102f7ln/F/IbPU4emXpKN3Z5tf +1+wZfZRZtBr2mExiYEhtyzbDXCUkdyS+Wq8gCcDx7isCIbfRnupNutwtCrOA2x8Y +h+iYe4d+tTq2504RnAMCtmVOCfblf+OdMgwN0vLVlLgUMnAaleYqIMjA6TxaaPjA +xny+Uhg4UUTt3Ll2zRiukzcY1ZRoaj7SHnFZwmF+hOmVY4ft09waH0XJ6m1K3W/O +YMVXjKrZxAoG9fxTuWfXHIwZCDh3DTOI6I/90McnVF8tsnmzKQmVxhljZUueoN93 +fWoQPV2Pt9TTN8Od5XsgevlD1EnYkQCFCNlzd1mRxgsBEtmDNOLDP5dYPiaOAW+x +OL0VGWZyH2R4/6CZK73z5KF1INZA0GgTnQeFJS25yy1lJZsGQuRzvG16KZDT11V9 +QdkXCLxx36GeqqnDfOdHCZBg/Ks+FqP6nvjpFNbEWZdSLDRBlcZoAF7nTLmd3vkn +VLw6OdGIubr8T3lEfHJP49Y7GKW5OXWNsislnn7f539aCxyR9I58QvSbrFGz9igC +m7SaCRxmO4NhMkQBNjmQEtEyCPtJ4zaTOEp1yoYClrtVwgQyiK0HYwXrewA0v1Y4 +LuTiB1sNJiBLJw09ViCEd0KvUksHEolDHsGB6bwXV33S7oi5AndNb2VozkjcRoXI +FQaKRQyXpKfzrZp9nDqMixdaZOs7w26E -----END CERTIFICATE----- diff --git a/test/big-ca/big.p12 b/test/big-ca/big.p12 index e892636..1fa3bc1 100644 Binary files a/test/big-ca/big.p12 and b/test/big-ca/big.p12 differ diff --git a/test/big-ca/big.priv b/test/big-ca/big.priv index cf331c1..188911c 100644 --- a/test/big-ca/big.priv +++ b/test/big-ca/big.priv @@ -1,99 +1,100 @@ ------BEGIN RSA PRIVATE KEY----- -MIISKQIBAAKCBAEA0vhMn1JbbFTKx3bgQ/DT0PBOJ6IXGlSYQkFnLYrrnVea6plE -WciQbDs+xjIdpZtg69MTh7IkTQQdlGrvoMS53CZ6Wf2rrdJW9hqTZdiaeUuzq6fF -/8XnzS7IuhLw9fQqt7Il7HVEMSKlUIzj95QOf+t8NcT3atDmVLdFOv+qpzYq9cxm -jB7xQHbfVk3FK+7PHf5RwyPEUF4QgLpuH7fa5jpFIMo7+kqo7R1JXApThTA2mXNg -s8zWAxopeHF/Wpx0pBrxOHR5eleorQkE1HQ6qgB4FbEtKWFmle8oyJRe+CDZMuIp -WjOYUZPXl4LZCxKruKNYP2RtzR3friUaznu6nDVpW5vMV5oKoMx3mw/JbQwDD3f6 -5le5GYDB6+eBUZnMZsgCulmGPv4pPxXMBM1GRCJn79/SSgWFjd4A+HUPETEnLRp0 -VJDtJ/lcENk14tVVWNNYS7eYRmuvsmj4C9Nj0gYDYROz4kv1BVuY6PLKFV5voIX6 -DhUDWAPJwfr/IMYQ12OIG+vXQB/nszPGXXC1oTo0zbSe+sw8AtwHDdjcQgr0sUOr -4SQ3rcKRzNKMpAOx2N+4YMsQuTWXs/p2moBRscloPYlgABFfYiN8u1X/A1klFbCc -sn2JJvqyZrP3y+7Dk4wMrb+JQ0nE8J7nphhBSrApKdpRUbdstE/T6J0ZvaxTKLK0 -0L3mAvvpUaeVZ5S3heiCPoM8n9AAFx1nsCEn+FbyzzJeaOQnI/qk0GvbkFjT4saM -/mS4TpitFAVhwUyudFLcUCF3hKSgreozTG5PBvO8JvOZwVkMt7Eb+7qGObvqXS/D -j4rQXduT+20pkXG9IqZINnNDI+sPRrr2Eq5UPuO398Pa9TlKQi0amaedVu5liywR -8TqjjnRBJsxThFxu/DeiTDl9BgEjugt2l0tCAxkS08obP/vparDx5p4BPeuEdkX7 -BLr/Dw1Rm1SZ6b8RIt9ooOoCZnj+Lw54JN+fl9u2rJ+ueLepHb2qUIOU01yuYzz1 -XP6nWZKDyF14BLXXlJ9uxsZi2nKB5IbRYQBC8bT3kamrjEWZCtt1nrbBOKFtCHas -6XyF3akA7rbY/wZWPVM5wrWLhm0D5PA/vz12GvoyAE+fzsyXDEOyA02lyonKj4I0 -8nAnUeCmnEk5HP+ydULh2kNxiqzHI4CIpxHZv2OyV30aPEzTZxiKjGTwvbrfNsZn -+Ozslm/H06+73qzN223jT5tt9CbNuNr98/6s+iX8PFCc6FPX/65vvkvhVTHTUBbD -IWGwrSjOSdnlCC1nGyR8K6441b3dZAre4ll2HUwfirYk4J2Xhu82MnJgUrKZrhlE -8I+gj7dU4WqFdXXPtF7OOy8i5Tbd0dx6kyyKeQIDAQABAoIEAEoLsAjzRPc+w3VC -ue/epNlenm+2qlkpe881WVtYuN2ek9bnOGAyzs3N9XhmupUXdesPSHmGAsutOByR -c81/fqRQNP1E1W7Kto7mQPmsDnuoIEWNOydMdNFFLFpyr3QD4MJcmoblmauNN2yQ -JqsMohIvuoa8vQIWk+ED+h59AY5yqp1ewldHvPEdR8Hoxd1nkfY6/sN42DxE55Hm -3SPwybmolf6uPGLatXOTpd3SGgJTK7asEjLJIAwysH9/hm1tIFtAwY1JBCH2hlNF -KRbQPI7SX1NtviYZ84GIUU4lFTgNf24mhtEL7tgjBbY9zKPgR7kkS6LkQs2NQKbE -iyYRsyuEa5gllJDilfxeB1S7M708TA6v07Xo8CSNVoLP3Emhq2YfqSVyqnWNiziD -E/pTeegME2LTseEdEwT5+Gk73K/yCogAEvhjbXlsQe3/7rPQoIXul7zrkVyWCzKZ -OQYdiZl7VtBJtAcnFbZtsbuBC4B4hsFWhK9QnL3Vhoi46ba9DcgrPOhf3Eq7Z/0z -nNnK51TRMxtH28y2xhFS3H71sEjVw5A76iW5KnmoIrg65fXi/hbaXsJKQ3Jd5wLa -U6pig0ndIOMIRlN/xXSSdALkaf7o2OVF+ZmEChFOSDNX0w8WnDo7G3AYG7ssNx0l -CLT5KmFmduwjngsKT/LxWbT4/sHdCCNDYh75yL3Hd+dUmV8mmJ9G0YXtpPBFtCxk -KUhiLeWX1ZrRSL8mRIy4xfjypmZqnvEPvkngJ1QGb5qynQJmf6pfl3qirr2zL8lh -yykouI5gy7flrgINzhddVK3UzlYJClKks6vu2cnSGt7Co63wIMBRxPXrV0FRz6rD -PFbLdtjkvJgWmfu0fUQqXno124ovEaffHtno8zHqF+qYSk07JE6gt8UbrkETQ28/ -c1kQcCmNmlt+5sfZ5aLEKL/N48voaQ8ZXH0IUo+YPVC3keobgpQ3Snx4S5LEWieF -d+Tbe7RLkUSSkBLFdN3yITsLTOThOouMlb/y/BXlvzt63z041apZO8xVJoq8FRHt -0vyY6oqakBBqm64UsgGwJwinGKERzNV3AP971n1OSETkElMqjnfoL2OwP+czFzDU -NJoc/no1fqX+hOVg6fH05uPgwXq9N1l/g/yUzH4s8/t3ggvIscKBmA+4dw52Ydwu -ptGYyBpAvPxy+FDT9dCD9gKySu60ToP0tGHDUwNJzn330WURea+rjYrLWnGew7PZ -AtmiSYYv6c6eo5CS5GVoSZRiDrsZEbUQIt1F7cvrP1WiwKzxvBWRSzT7Q+x6KcJc -I1GG8juNDSX6H7Z9wKPg/3TPHdBEJlKdNrziQWfvg3EXUW41GXw83wiWFFDDrOIC -vRbhFiECggIBAPu3UNt6SvrixYF+1femlNskteaNAL4JfuO2Ws1yeW7KFxPNctJy -JnPDYmgXtuceQWcknM+UqoswGGPtR/SeDB62Q3YZziZt5xe1xtq/JKFxRU1I9SS3 -9Z7sWOmF4g+d1+5c4aHcM/L4enmsADFsTGO7KDpGtHKSVPEnHe9nH9aJqwJHeqoJ -Y0eOUMgSFNKfsI/ONWrlMqfrZdSeLj+ANxocKgu6ULTwwWVf3bOaucrtdm12nNKm -jtB8uWHNTQtUtdNmHMtftAsEApP2kko6xyGy1vNY//dw78oFVvefX4ur1KlYllWv -qM0tiTbgTFg+88Op2V6aQlGyoa6cMw7JOAIyAsDMKo6/gpftTxgyte/0XqEfPALN -OWQQzGLEGUqWWoTw4Q4nnuFX8W8xv0HlLCNMC8Y1+MicGT/fdsYirUWzpF/SXRxq -rdGpVCxP3hMCcikJdIg5MBi8WhnDPAKqPuTx5jMxyDu/5A/tn+2zRKAnqBN7LfiI -uWnRpAVIi11cThjzg9MK1qBiGi3zcV8qf3vXD93K96/Z3zSzrrJhNa5kh6dnd1ER -oQEhG8BDUJ2sP8yumGUR8ViL7ZR0tjStXUc3IkgvLqCM5haxBRvPgEHA59e+vfi/ -nT1KgVd0N4VbRxHalV6dR3mKfolt+wRoTxELyiDYU0ZMPQPiOUoaUR6NAoICAQDW -j3WZeQpTrk+sSHlUWMLfuE2Zb9rraXruMIsovIl+G6Tea7xB2+hf2c1W20pRz14J -ic1qxRKvxu/lay8KB5b+AOPF/WhWDF5W26xuwXbM0vH3Mgc0u8u7jdPHOeK+vaRd -RriXtdlIdDoqCaY8lbvVj0NpAFMuAR0yN4gc1va2G6lpk33mQuhdBaTeQ8Ta4BR1 -FFI3vajhaALlTY/vDKepqXwqhutkmXM+vHEtZpy27Fj9/KA5xDj5ALvNlBbkN6Xd -rO0GWZUl3AtgTR2h9MG0dFpL4cgTP/h8+Syc4DCsiB2EJRgkTmTwPr7du+PmXm44 -jhUzZA9tQk9alDPoWiQqKAQ5/hIO6iN9dAkrdBht4jxgV2BTMpE/Y8PJMLBeho9Q -5Tbb1JOFTXXMgsz+0Ffxm3xkFMm4e2ZerWcSv97SxOl/3yNAGn1hCJPC8uZmEawv -o5TWMOIcwI7q9DaTQO3tPbLigb6wyOBDFE4hXwy19tBOvMp7bfJiWCgT2TQ33O0K -BBkQqYhpHKn8tUfI5QaU2Q9SnoRMl/CvI4a5ucUnLfFQD+WUxIe8ON6wUZsurd3q -yI9OqegyW6v0FePB/LhLywTMeq3WvvhWnqgfS85d+sWiHLA8JgP9iB0T2uSeB0TQ -07iBOWI2445dcMc+NowMcEixgpZyxOpL1qrKJuuGnQKCAgB8Py8lNscd8aOl2NKK -zGn7hbJX28+6/frpMZC+ijvQaOZdOvLrV7cNOysu0E3S5QdJfzP77pkD3Tic0nnL -D9xRqIvCFti/9U21UV+Xh/Pv0HZxwIpolnkh+e2lTxWXucTk/mnNOGFYFDh4KGNs -AdXvAGnJ4i6dwwc0hadsDU4U2p1Toa61ka60mlXbe7lVgcdoJFQPsJSBeFsqSO3x -IDuSosZKRawitBfyDxDi34PH29CyFXMxM0+ZL4dd9DWMW0Lo1yVtaY74RQF0wafS -BhNW2ezp70thexiRcnNMBRnnWmi9MmH6Z5t9s3VgZfSpNmGiegs2fBQyOWc/RhCZ -ws7nnoHnYp+7GGLA1T1OZ3GQwOGYzE8V3vDuKLCKK9uECpUhu7iLARmWh48/4KFU -SGeyAI5rRybG9u4rrgT1phY7KoH/XlnhdfLYY6mNudqXLYTmJqmjt/66pvYec1UC -x8AFyDVlnbQFciGDjzp63RsJpql6/DljzTEgP3+jr/xCmBZgkIrIODhasDHV7q1O -WS7WFQDa7J236mYXoH2hxQP3Ud33zsWBeZ8sbIhDLbb0LRrM0H2ene2wVFlwBvAN -Lmm1hkxgrxFn5ESKfNRVtuXLDwohXyBsUUCvCUCwx0fEhpqdAHTsX9vw7WCqO2RE -96vXcSdTcRQhxe30Jc07e6QA3QKCAgEAwsrtvk8YpA5OASCvHneTPJ9LvDDD9RQH -ajYiMPKydQ5N6Sywdq5a0qKffOqMF6gHPOuh1fxjUbhv1b4wr49icuqF4BuHXQ/P -mlXHv6ne3GfrCzydNDAG8Bj8GxSfmgH8Nj7dmcacJN54a+/kv35FUMbHMY389nhG -dG/cICq9Q2nrrZEdLS6zXLiiDLREBV6I1B6F4ltK9pGCh4GaWjIICc14j/d7wBJc -gal9qvVM8/mxda2kHa3a953F4wc+nSU0bgPwEOLFuOCEZ4K7k2zta5Jy5A9woKFk -TLm/2hDjv8+31GAFAfk2RLMCf7Z0WpKCyM+dydFe/BfGiXqhgaJM0QURiUD0Thwd -6mitZoj5INHTdLf/GKmBGqbNelu806SgepYO7xeYct53QxvBVtn57bz2+rmwxc8q -imwtduVBO+NQBiqkCy/BgpXR6Jyzthj3VSzTFH6+2dGsLv1WiuvY1pk8Tc3zPPay -O9Q0drGfjZgtWD6oKdUQyF42zIZWlRz7CyvbQbhYwu0mGurN6EKdbgd+lMibXhpX -hfnf98ADkOVx/vjfuueOP8D10+fS1lc9cUlyab1xtD5r56bz5ws0moMPsUDzkFJC -jgluozMkgUgJo3seOQ1edA/eLkd9ZUc+H8UH7jIVy7Vea9DW4tGM5kIOjTH8uuex -uvaCihM5ozUCggIBAODv3U1NeNbEBIGqGTl+/mRq9HQnp0rI5/k1dz79sZDtyCWM -u3SGpKU9V/a60shcgEv8QDQ9clJHoJ/dP29OM0JdcMhntGh9Or5qDEJVK8/NtkuS -eqb52cnsEMr9cBOEmdtHTLvOCYjXIailV0BsHDuuAkBlETbUZ9caxob5X38gBemc -+B5P+rE7BhsZGW5rRh7QVE7g1xzhiOhxUhdT02onphLQc1I9cr+O1QxHmYjAIPJ/ -U49KcZ71rZY2225WihkjYVXw2CmO/HWWIl2QLobs2QGP3RE6p/6qTPDbv5Fq8FIY -upqjNCcKVg6FBqp4hH/GEMBM0N3hHbQrW0eBAV9IH5AXZO1CR353cca710UEZ2Hg -E9Yu8HK5KWmNSXEmmLC/0pEjap+VM8mxUZ7bmpnGuB3uBiC2DE6ROu64Fdy/j6Km -bUFo0Y7AMxFk1nVaXpCtYJeLcpsRsq28raRGgI68049DEgpgEC7u9HTmmUlEJNRO -i6Pf5o9B5Gttc6u5+6fzo0AIJlkoJ8a5lTvcQotTpcWm1lol3YvWEawBlP3T7zvS -AUN6+Pp9DNoL6yVgT5rN+4NOd+zxV5y3xGZ3Si358uz7LnL5kN4pVnJiK9gPhwNb -KOB2UONFc1YhzARjozk7UHDJwBHOtudQsfWrmDrZPbnlyFm2fmJww4Kf/d+f ------END RSA PRIVATE KEY----- +-----BEGIN PRIVATE KEY----- +MIISRAIBADANBgkqhkiG9w0BAQEFAASCEi4wghIqAgEAAoIEAQDnX0ZVoC831C/a +0VojnNeOHWMcZzaN3lWbgY5NeHmkT22sh2jqG7mx8claPU7RqON7PT8g71vXZor9 +i2mrFfPayrO15gz5+SE1n5Hc7iC4EZoQL/HjHbVjUaSObXw5nHeKJrtlGtSDK2fW +GX/qy7pa6GvGzl50e9C8Uu8IgEcdD1KNIR1zzpBk6S9yv20CNQpvqFZz5ROl8jZJ +rvhFu3fXLiDOun1iPscKlJArqhxK9xaRC/3ZJIV45DQ8n/PfBL96v+psYPdxp17s +uDnhaC8iQx3s/pdpnZqm5lsEByFgg9KsMv3JXz5xLCLljox9wqLFs8WoYYv84wIc +rGc0y/whm6UJ9bxbSzppdfJaarKA6FEmqvluEhJh1eE5Hwp5w7ueZFwWD1diD3jv +1EyWqQFY79Y5HlEMLla5ndBGjMAfY0sz1Y2GKNo+GAVfEZudNQ61fLT8Inpw96NB +Vn1y1XQcq9utjVzl2x6TVA2yuIFnfXqkYc1zAUsP+I0Sp1aW+KN9hMLAGq/yyTla +BfaLCtjxmhubb1x9Dz9hlCaOfbjZgEP9U2tkzk4NedfmKa2pAcTpHzyRFBKm71sb +NG0lbjXC2oP8+Waswd7cOQZ5QP+9lw0fwXu+M35ZIZ01HwGqDuj9/17LHKIxoMoE +GXFOlXO8AhfpFLaMHcQ/AL4KG0GW7AwtRKWZ+8v+peeOZAAvw+1ScPEiFlKdUFLS +MpdThBYXnBj7J9TbBViyjmOjxlrFeoBbxpKeC7lzFigNlQebPbnQDArF6vMwk3Fi +R24RvAXMThrnXDLca3PJvXDFcJUjMT9c1SW3/7KA306goOuNyTDXLtPuxEJSTvg7 +I9pp+eL8t1lBroB9IsE5Sn7d4nvtFmy568ht+W+Zr72C9Ez9y6BfVxhVET8EKSib +UH1hkcvQGgTP6UEz1Z2S7+JN3Hp3HSb2VF81FEL/5mu7dYdMJkf9PT9C1HOcRIQj +NZDu8PNQz7NNwv4fi+x6rQXVIorwqpo1uCGlwjxhvu0bI/NIdmxe9d/KYSM/i8LN +u3K9utroWRDaUOo6OMb5o2rd7tMfD/FV7ui+LZMz6SwisgBzSNZaWUMqTFoj2h5Q +kegVrfdhfHTB4SVMCqcbRBlu1yNUOpEtquCU+6tRfc1jYNbPjH8DC5cI2acn42A5 +uymvsyvPjDxzSC7ulIjjjDZCeNQvx9TUT/oed0x/o6yi4/mcAID4ttNufVmiKnFp +PsF55TQtWxI8fEN8Pa+PcCeP6Osq5Ewe/V1DVoHwMcVIPzJfJfZ7zs4sTtTrK8tv +EF5WyL+Ow9pIfj26BqQxdhbcujq4+HVj16i1T9u88JcmOaP48jOCdrdf1oyCEleE +oeBp9/k1AgMBAAECggQBAN/1VDKb7DjBNlU74mGodupEPeSHb8IhXYI6BNGudSh8 +DfA73m0Fy1iYb0vfHkVJknB/V3T83EyDILTN1snZZQL6xLuk5BivctriC6HsClXC +C/vxPNWXszVhGMUY628kqn1agngaYWxafpc6dZyD+W33niOBLOLZ2rIAIQp8iNlz +NHgRft3TK+fR47DR5KWHTAPK0Ww7aCpwauYl7IIrNZRfPTh+QdHwbGAsb+UkM2DJ +Ddn23o/qjxv24S1xsvDEOsiJrlOcBMjJttOye6xZWY5zoyr9QPjlqoY1YhJjCIbQ +8wLmFMxwWhPYIitMMWemGEMAgao8SfHOlwPESd5MOVEaxMUATYOdLPxaQ+4La5/l +wG+Kfghyi8KR8gGFr3Ev6pMmGBDuZqovyeNz/3KyQvCgrx743oDI9f+T57/yjCGV +znxtESG0t5P1UnW0qImiiwtXnCSXBygEPM2I98NJJKyAGhNDS5He6Ri4+s1tVS0k +w6sMVH8m2E6sS3mr6uAV6sMb2Bt1eayr5MzkCsKKDHbIskJhqAgR00sTycKRpXU7 +eBRlRAX+wITA1SAgZc27PaxeJRVVdbyK4ghSVfguVvG27J3Zl+5PdvZ6aG7EYQhW +h0ie07XHSFzkcbSyv7yp1BPQtiQrIkChoAoZypjDh5SL/jMKbqzwPz6w7EMCIRoA +qZDdJQiOkpUpsz7rAjBtVaqogFOHIG37jL3FyoMh+9CLgmRxz8hjTFXeeovZlG0R +xTf4Zw6xTycMTipW2ZrPDF4bPZoiyEHtPu8IaA0MPsejql5QT2EtinOvIUXcZ9v8 +zNNnJDW/Uwi5SBkZN7s4UTmgMOYwxCnnFHBEYqOE6cBOUG9EVOE8gzYSaeWtZS3o +nsuzaxTsSZwV/JbF7AkHl7af1QWMugg5wCPpAlaMHxq/YZNN3GffkVYfDweKoGub +jc7+NuYlj9IC9bHqASptRgoAh9XPxVBofcOh9Prax3U4rHGVgf4EDqaxvWgdTEuw +v1Vz2ah46kPDyTt/rtDDDWWetJhvC/3sHh9fw2BIUubmYCom0XasI4wdUJ9V0b3N +aWPH7AK3wmzM3Yh8KpIJKsl6xTy9zT0HTNCKvo4wG9HvFR5gl2penyV7wJ9FHwy1 +FLABJicLOXbU+NxBfbgxJgoGzvYd3pnbDN5y/DT4CyaLyVdAnH/2EDGBct/2DWae +UxFJFg7ELUUUcP848EdjyVeUTfssnDq0JANL+2G2OSzxsMAyn73ce/cIBqKABxNb +pg1RhGxHasKrvMAQJ1q7/Lw/16q/l+SK7TyYEynol5aPFfmqUHRanYkLz5z4Xm0/ +NdNqcl0DFb8NdXgLwdLpB47ycTkwQC9y8zd9F/2fgX0CggIBAPauqNdavhkZWp5R +EBWhXKnhENvZLSkoXElmOOjnccucgww0NXIez8jhoPXnD5BIbhuwfIumzS47GtJF +IhxMs5L9tTfK8XJAFDAWlaK3m24qcr2tToM5ZXs2RVf0bnspjqsTMz1cL1YTxtsm +M7h8JYg55+CU+yaKcOnEKbgYKry7HOIMQmm8JsWLVGrRVgaCdti/llDdyF9obJUj +ogSLAfF2yegIQhjpD9dDCK+vjTM9O7fDNf+lErOdo8q7A1yV339Soc6awrEQoflV +/G07cxxmOsxmHvuNKHD8Zfphs0nF1PXTbn4ymnyKtPW/ytb9XqIVKorpD3g7+1hB +mcH8oMhk3y9n53fQ0xn0eC2LK7bMiahOvw307oy3gLi1yWt2cB/9Oan+m7oE/kyI +x5cmVwqRE1yAddxSNP3/J0J0e0tcU/ooFZK69vv4P6V9b708RgSw9MRAlNwcLa/1 +BqWw5NBzE2Urfmxyeg/gH9n+BQ43M3M5Id/ShDQmDCeXeC3rXKVk2Zr9+ztUpYc7 +dVfsLBAc1HrNiM4xY5KIaaKC63Eau0agZsSOw2CF6ulo9TOCE1Y4MmCcAdUelEPq +/i5xHBvWk2sQpM6owF9557/m8tXyREEBEkwESZIu9B72ai/OWxakOOcHinrFE2nx +p2rOaHHhTGHOunjxJD4XwT4mZvCLAoICAQDwHJJEIh1G7EQre7tTUvuJEDdIyB2x +NOLA/cehxWtg/BVOIuMEgF3RJ3tKe1F4dt1/47w4OgzvoOguhu/A6DyylR0383qp +i7qHb4IZMvUifHdYIlFlGmr+P8InDsjxm0AJgYc+HQwxNr12oOAin1qOzKwjfRj5 +QiReovoS66TsxxsDdcsdwdaXqEXP1SLTdFuX2cQ562uzcWqS4NOdDH5SQalF7Lum +qCoqG+q4O3s6nqZqg5m1YKjx0hLkbeeNRlvEHJnbHeoXhw0thuytnx1sUGwecCfP +cWlD4ThGSVD5lDZPPCrc9j6nYtqjvB1mgVFjigxiPv18CuEY255SA6bu2ldHxI89 +4YPEHlz0BvsiYnNTek5T8QGQP/HfGPmSLaE0h76YoOBrQg6CdNnPHpPi+sthX3KC +DYeYV650gX0DjtubQRFeCWlHkH8zRR0B0faJZD6q1JqXRJbvaMgq26FCrj+cbzhe +J06D5cGSwZVBpmDl2c1iPVegJTGfLXVb1Gslbc6lkjhgHQbtUvTPV9j9bQ8EVVHM +pydZNGAc6XNCXi1oA5bIB11VpS+WLB9zq/w4LkNrXUakuzdaX8Ox/EUzyN39aDRV +p0BX+MTpJnFk8ZN+4kAhWa86oeuvBgDmnmK2vXS9ZTDUN643p79aUrt2uQLZqIaY +kcC1mO2ASUI1PwKCAgBVTNQpk8FEYJYLRLCxKhkmzSLNQu3w23n+D5ECSHX7GGXg +ZHVOvwTOy+ai4YFqPQGGJaMLj2RH5jxCFZHUA1ndLEnrvwt6nFnevxCDMcZXc+o1 +WKZbjg9facbUwTsq75Xb5knDoArmUvRid3VPB+7ailt6N0oZa6nby+85L3InzPQR +3ndgpKUrjiBkx3pdyeNa0/UghXByPWO+tpGhzIehfZgX2jMw9fZ6Uz2/so669yOd +Sa10dxpebdZjlgN1koW0O1ikXrOQEtZPp8If63zEhz0xzOZNyeQAHecNi5c5nWUk +lDYTAWCWTEiC6g00Bm0g0vzhB/JHe0ZQoG6Qu9DFOsxKUj2iGt3Ejdq4tPUqwtOf +FYvPQbDzi8jBFmtN86iWBzRXailjS7K7uFh8Fc/nYX82b11SEEMuyXpD6o9v4b9Q +M2gyUuBxBMjNavCmmR8FJEOfUU2oRz4tKCdiSCb3RbOhOkb/LR60OqYI9WO+JKxv +3YOvJ9Z7SeTOE/yEtGxW7OaqR8UGISEUACV1f79E2xNGW6hA1Kc/1lfg0DCl7b5w +j6q5sTwyNlyi1Z5kb0hMeiZBbfDcRzSxv6KhYI99uNdFIH48z/GlkjvnCe9St/GO +INa43oqqN/5GbqMNYOfyjlr22I60IU2zRtLDhhhruKJ298tXYttLdV9nJFRYPQKC +AgEA2JcdRYJ0YF6Nm5/QOXh4V4oeJHQHfKsVBDuoEYAQvXqHCWWk3JGijyGLMIOO +2Rh3834NcbbDpoDCD/4+VQfogLrLkYX7FudpCfSHKY3y2/nkecbzHz02WERRMYQ/ +tNlzaV/DDD+NmPMk8tZpeDHAsWFkwdp9ZZLJVeizpc+UhNWRw4xE/YG1vjXXS4Oa +F541ZQPV4t0+2K4tEXLm0BrN9Asw01eZadr1teha0XcuUJF90kUFqTwZCZGS4yVU +ovZdnsih7KrOWAzF0VSNOIx4MRVWghpvfstxxf5qEdTey1Nrrgu7KnihycH9MYdm +CeoK7bxAMXtaksMJi6/H33lV4s1nv+BJyescPhOZi7KkZL7kAuAnucaDv4g++R0B +O2AXs1fjkLBF39rFVd5r/0443p2WSi6cDz5/Gue1AXkwuL3r0N9f+DCLHDf21du5 +L8QjHIolkVmYXW1MrYcaULavf4PI86bL9PqF86qT83rV1VNswsm2X7Cv01DZsxmB +bKVvRWMI7ge4/NISRo/3LvWyUeBHlIQV9oKtluUM8eePxcVINjROlf82rSQFifQh +Julz6YWp4TZRnBUY+Fe8IlhKYE0IGiceVkk5XGGV1i6MSR81ClayvKK20y/udoH2 +3BDxQKAjpxiZdEUJzUBu9t38Jjr7nDVNvGB1shnR20+5/mcCggIBAMAJPCyRqnFZ +wmy3Bqe/LS2eUzly9Rrp1kUHCgmD9uDDfzS7A/NButb17Akd8BPzI3rGTvf83fuJ +ueOVBWRhBV64bDL60BIUmfp4aVmk80GYeSw2TVKIrPrmy/80UVv5b05zTkY8TiKF +FOA1b+g1I2h9/U/DdaC5um1+5oVaBNwsH1BVdW6rRVPhhkw6+EwqDYJMKSQ59O/7 +iyQj2gSfz42FV7CG0X9cHIIB1Cv9hbHoHVm0JwD+bmKNylK/xfClgLTMZGjBCNkx +zmm3YNvM4BBFtmXyKuuBnBOY3u1hw78Xg9tfmFHHODVSkrufxUXfFseqXQ7o6paH +hxxCNrf/Qog+MbepJDf0L2RjfDjLI2Np5+LQUFjvULagTDYLQbbnZedpGDtNRcqj +W4u6HlaGpnABv7RbjikES3hIpkuk3z3lsQIPGG/p/wHdQj9h2dWq8jIPT6zsVm// +5cB6SpIGF6fIFc7GVQ/Qzu8P3ovxgbvaku5p98SCpamGH4xbz9D4hlqiKI45GJiY +SX+taP2q9ehd8wSOHcXQAEUVp+mWTHCSV+lWxve/O6EEjRljUlt9/jxEog6NlK6y +4WtLRNBK6mHaBTVLKzpkrDDzjrOpZqvVm8bNXE5BZ1odGAyNEfygjZu4v8eF4ZHh +ehReaLFnvTEpdNeL7KhhRXDhscR+7hwQ +-----END PRIVATE KEY----- diff --git a/test/big-ca/req_conf.cnf b/test/big-ca/req_conf.cnf index 9524ec5..a3c61f7 100644 --- a/test/big-ca/req_conf.cnf +++ b/test/big-ca/req_conf.cnf @@ -59,6 +59,8 @@ basicConstraints = CA:TRUE [ ca_server ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # This is OK for an SSL server. nsCertType = server nsComment = "OpenSSL Generated Server Certificate" @@ -66,35 +68,45 @@ nsComment = "OpenSSL Generated Server Certificate" # nsCertType = objsign [ ca_altname ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # This is OK for an SSL server. nsCertType = server nsComment = "OpenSSL Generated Server Certificate" subjectAltName = DNS:*.hoo.org,DNS:joo.haa.org,IP:123.124.220.1,DNS:g*a.e*.com [ ca_altname2 ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # This is OK for an SSL server. nsCertType = server nsComment = "OpenSSL Generated Server Certificate" subjectAltName = $ENV::DNS_HOSTNAME [ ca_altname3 ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # This is OK for an SSL server. nsCertType = server nsComment = "OpenSSL Generated Server Certificate" subjectAltName = email:john.doe@foo.bar [ ca_client ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # For normal client use this is typical nsCertType = client, email nsComment = "OpenSSL Generated Client Certificate" [ ca_clientserver ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # For normal client use this is typical nsCertType = server, client, email nsComment = "OpenSSL Generated Client Server Certificate" [ ca_fclient ] -# This is typical in keyUsage for a client certificate. +# Test cert without flags. basicConstraints = CA:false keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment nsComment = "OpenSSL Generated Client Certificate with key usage" diff --git a/test/expired-ca/expired.cert b/test/expired-ca/expired.cert index 6385c4d..8d2b6f2 100644 --- a/test/expired-ca/expired.cert +++ b/test/expired-ca/expired.cert @@ -1,19 +1,19 @@ -----BEGIN CERTIFICATE----- -MIIDCzCCAnSgAwIBAgIJANbLTjynlDJIMA0GCSqGSIb3DQEBBQUAMF0xCzAJBgNV +MIIDCzCCAnSgAwIBAgIJAOhpVce10J0KMA0GCSqGSIb3DQEBBQUAMF0xCzAJBgNV BAYTAlVHMQ8wDQYDVQQHEwZUcm9waWMxDzANBgNVBAoTBlV0b3BpYTETMBEGA1UE -CxMKUmVsYXhhdGlvbjEXMBUGA1UEAxMOdGhlIGV4cGlyZWQgQ0EwHhcNMTAxMjE2 -MTcyMzEzWhcNMTAxMjE1MTcyMzEzWjBdMQswCQYDVQQGEwJVRzEPMA0GA1UEBxMG +CxMKUmVsYXhhdGlvbjEXMBUGA1UEAxMOdGhlIGV4cGlyZWQgQ0EwHhcNMTIwMTMw +MTIxODU4WhcNMTIwMTI5MTIxODU4WjBdMQswCQYDVQQGEwJVRzEPMA0GA1UEBxMG VHJvcGljMQ8wDQYDVQQKEwZVdG9waWExEzARBgNVBAsTClJlbGF4YXRpb24xFzAV BgNVBAMTDnRoZSBleHBpcmVkIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB -gQCyL1xmtX8CGM5PfEou8uW23mlgQecVzCkWSL5q8oa3v0AUTI6oMJzLKOgCt6ej -0HNSnGsoOwQrvG1sjR8GNPcSN7MK4to/1xPR4+wlIr+R5w1s8fCBzQsuVEdIthFp -Hp8U/xB13FDFouFRT7Iztb0Hww1qFQfnKji1f7G7m1VZLwIDAQABo4HSMIHPMAwG -A1UdEwQFMAMBAf8wHQYDVR0OBBYEFFqbGmHdV/NQQlNSwzcfKNJpdmSqMIGPBgNV -HSMEgYcwgYSAFFqbGmHdV/NQQlNSwzcfKNJpdmSqoWGkXzBdMQswCQYDVQQGEwJV +gQC1t53CFkwM8zBKnEpvtDKgvorgvn/bQuMmDvgI4xCCUW9OVPGETmneMUNPfZZM +fpz0fMnXdVPV4EvN3urJukN9r0Wkt8RCbFfNqLDy0WE4ybxD/UoeFv/b63CZoNUb +6eDNti0ysSQu2Vr6JI1HzzfHCRAKR+VLr0ck0Rg9ATZz4wIDAQABo4HSMIHPMAwG +A1UdEwQFMAMBAf8wHQYDVR0OBBYEFJeY0oWWx+v5K4MaIoLNVb2SQGS5MIGPBgNV +HSMEgYcwgYSAFJeY0oWWx+v5K4MaIoLNVb2SQGS5oWGkXzBdMQswCQYDVQQGEwJV RzEPMA0GA1UEBxMGVHJvcGljMQ8wDQYDVQQKEwZVdG9waWExEzARBgNVBAsTClJl -bGF4YXRpb24xFzAVBgNVBAMTDnRoZSBleHBpcmVkIENBggkA1stOPKeUMkgwDgYD -VR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4GBAJHrEyQ6gk50iaWb5CmDwXmk -mJ60QSeogrjZaOXnEE9ibTOU62DHBnRupPl5F5LunBEkj43ZAxemKN66oDjdRRpT -nO1kDuUFCVO223f6o7iYr468k/JfINqs7/6Rli6kHkOrbiWedu/EA4bCuvz8vtdT -cZAQwVROG3O8UCWr54h5 +bGF4YXRpb24xFzAVBgNVBAMTDnRoZSBleHBpcmVkIENBggkA6GlVx7XQnQowDgYD +VR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4GBAB/EsxQPeusXzdverpRgPqwv +bU9A3wzB3Y//mYQ6x5kVEmam7BX7dsBn1LcusxyjPrOtQGJb50fGRcADyvlSZqf+ +DbyeV0q81Qoi9vwWbXD1m7YlF4mIQrTh6vmr+sKfym0YjXrRQ97XAfe4B4/kO0Ic +gxsLwktuviOeRbJw/iyR -----END CERTIFICATE----- diff --git a/test/expired-ca/expired.p12 b/test/expired-ca/expired.p12 index a606eb6..955a999 100644 Binary files a/test/expired-ca/expired.p12 and b/test/expired-ca/expired.p12 differ diff --git a/test/expired-ca/expired.priv b/test/expired-ca/expired.priv index 834337e..7b731bb 100644 --- a/test/expired-ca/expired.priv +++ b/test/expired-ca/expired.priv @@ -1,15 +1,16 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQCyL1xmtX8CGM5PfEou8uW23mlgQecVzCkWSL5q8oa3v0AUTI6o -MJzLKOgCt6ej0HNSnGsoOwQrvG1sjR8GNPcSN7MK4to/1xPR4+wlIr+R5w1s8fCB -zQsuVEdIthFpHp8U/xB13FDFouFRT7Iztb0Hww1qFQfnKji1f7G7m1VZLwIDAQAB -AoGAMB2L5QxDlKxgIaSdX5oln8DlUaHaJc+wlJzmFnkRGdMiGZkmuJIP9OhB5mHz -ec/TJE6qvP1avfiuz64333Qz9xrrZKihCsdgDLsXWGa3Hpg/yt61Ba797XOq3zRp -WN6yTCuckQUHIMOH50j5g5GYMCPRE/MAM3R/Cy/CnGDhWbkCQQDf8dhm0W1UNrsZ -EMsHFVQ7G2gkpJxPQ8nENov/PQwetZXUKGlmYs4NY/DH5QoW25hOS/VmSYV7UH7y -Kj2eOllLAkEAy7C2XkSwp8SnpnIMf6FPofzD26mZi8mOZ0vYkjG//O4DEUMz21FV -0ZIb741ymUHH7avrcfEqBgMyPrGoYXGVLQJBAJ+u6HqwPL/+4ryFz+92EwCukz0F -r3uJv7ZMmtjeI+VF39dPFZDvRTQhHlC7Dc2sudairRJJvIdop4xv+E36Fy8CQE5/ -A0jA3/NHbfRO71IgMDgU2MXGTk34ltBoAkYUthAbCUOVyl4ysgfZbrqaoBc/qnSF -VG7MqY03nh1bCbDDvOECQBGiBBk5Bntn4BsFBrd02TaypGF7htMhzpfMtK4x0ix2 -16GXhgRvAEROLFry5mJaM/Fg8X3ipxbWCyBEzxWnC00= ------END RSA PRIVATE KEY----- +-----BEGIN PRIVATE KEY----- +MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALW3ncIWTAzzMEqc +Sm+0MqC+iuC+f9tC4yYO+AjjEIJRb05U8YROad4xQ099lkx+nPR8ydd1U9XgS83e +6sm6Q32vRaS3xEJsV82osPLRYTjJvEP9Sh4W/9vrcJmg1Rvp4M22LTKxJC7ZWvok +jUfPN8cJEApH5UuvRyTRGD0BNnPjAgMBAAECgYEAn+EOhx5RCS/KNErwXvmfdbhP +vk89dO+TpP+UkVUeSFpX4QZxfGP1V43mWAD6BRF9DMriV5QeD9YJO/e+gYBFMcs/ +gE3r5Fc8gbN3/Cd4qKz7+LMp74o2vHAKSZazXR1eV400GUlfVQFExeyCyL6hSV21 +dWtsdvYz20vCyFNK7tkCQQDZ5aa3bCyTV1/KZuZrfKmb/coI5gXpVFW9hl6BiNg5 +BaYe7PuEHuT78YrqLej/MiAzqiU4QpZkkedYZHx05XsVAkEA1X5YIXRuk0odqPgm +caeOe7Uealolc9tPhc4qH16A8nkzcmuYFZ/584gZU50gRKG8PNO5fEtawhEa5X9p +YLwRFwJAMacJRIbb6X9hjqfAHgI8TBWa8kgoVLEpEJUL+AyM6QGGh0mNTuATYe36 +r75id7Sebed5r8ZMqwIsa5IKYkDguQJAQrS4WrOjfRfyToJCmM5uwY5k03wZKasD +nN4+4RBJH/norj6aBV+33HTQ3QRCOc+DHkpVMVXmJK7thXma9mOsvwJBAMWlj1Mh +mLnIp9qeKYgiMkgceIUwjIcFEjtgdo+JdcouRbiuGJIrX2J4ywuYiNj7ElbXkJrm +27TiftM8hnG/1nM= +-----END PRIVATE KEY----- diff --git a/test/expired-ca/req_conf.cnf b/test/expired-ca/req_conf.cnf index 23b0504..1b14bee 100644 --- a/test/expired-ca/req_conf.cnf +++ b/test/expired-ca/req_conf.cnf @@ -59,6 +59,8 @@ basicConstraints = CA:TRUE [ ca_server ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # This is OK for an SSL server. nsCertType = server nsComment = "OpenSSL Generated Server Certificate" @@ -66,35 +68,45 @@ nsComment = "OpenSSL Generated Server Certificate" # nsCertType = objsign [ ca_altname ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # This is OK for an SSL server. nsCertType = server nsComment = "OpenSSL Generated Server Certificate" subjectAltName = DNS:*.hoo.org,DNS:joo.haa.org,IP:123.124.220.1,DNS:g*a.e*.com [ ca_altname2 ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # This is OK for an SSL server. nsCertType = server nsComment = "OpenSSL Generated Server Certificate" subjectAltName = $ENV::DNS_HOSTNAME [ ca_altname3 ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # This is OK for an SSL server. nsCertType = server nsComment = "OpenSSL Generated Server Certificate" subjectAltName = email:john.doe@foo.bar [ ca_client ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # For normal client use this is typical nsCertType = client, email nsComment = "OpenSSL Generated Client Certificate" [ ca_clientserver ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # For normal client use this is typical nsCertType = server, client, email nsComment = "OpenSSL Generated Client Server Certificate" [ ca_fclient ] -# This is typical in keyUsage for a client certificate. +# Test cert without flags. basicConstraints = CA:false keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment nsComment = "OpenSSL Generated Client Certificate with key usage" diff --git a/test/fake-ca/fake.cert b/test/fake-ca/fake.cert index f779733..87b2fbf 100644 --- a/test/fake-ca/fake.cert +++ b/test/fake-ca/fake.cert @@ -1,19 +1,19 @@ -----BEGIN CERTIFICATE----- -MIIDAjCCAmugAwIBAgIJAJ47rLNvvXxtMA0GCSqGSIb3DQEBBQUAMFoxCzAJBgNV +MIIDAjCCAmugAwIBAgIJAPgDH6mOySl4MA0GCSqGSIb3DQEBBQUAMFoxCzAJBgNV BAYTAlVHMQ8wDQYDVQQHEwZUcm9waWMxDzANBgNVBAoTBlV0b3BpYTETMBEGA1UE -CxMKUmVsYXhhdGlvbjEUMBIGA1UEAxMLdGhlIGZha2UgQ0EwHhcNMTAxMjE2MTcy -MzA5WhcNMzgwNTAzMTcyMzA5WjBaMQswCQYDVQQGEwJVRzEPMA0GA1UEBxMGVHJv +CxMKUmVsYXhhdGlvbjEUMBIGA1UEAxMLdGhlIGZha2UgQ0EwHhcNMTIwMTMwMTIx +ODQ5WhcNMjUxMDA4MTIxODQ5WjBaMQswCQYDVQQGEwJVRzEPMA0GA1UEBxMGVHJv cGljMQ8wDQYDVQQKEwZVdG9waWExEzARBgNVBAsTClJlbGF4YXRpb24xFDASBgNV -BAMTC3RoZSBmYWtlIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDp5shV -W7TJt1k69urRkk1MBD5CEOhgJvCh0PNKQVkF8KjnAqkRDUywUukU0+SIQz/NNYFX -ATC8t3AFUH2sbvEogcpCPTm1D+SQznEYw5G6TO0cPGG085yOWTSdpXI1z3sGBhTs -WMVNYF14gmgNik6vgKAth/tSS3MSLAon086i7wIDAQABo4HPMIHMMAwGA1UdEwQF -MAMBAf8wHQYDVR0OBBYEFJMbyYcSo6yXJUmr8dlyMAkpkY2nMIGMBgNVHSMEgYQw -gYGAFJMbyYcSo6yXJUmr8dlyMAkpkY2noV6kXDBaMQswCQYDVQQGEwJVRzEPMA0G +BAMTC3RoZSBmYWtlIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzlnBR +HSsApirUUdYCygHxFgDZMOBfdcj7cyzWaf/gXb+vgzmdAAezXq96xTN+CqDV7tLC +4MHz420kmymbIzl8Dr0ik8VfeSBl0w5v1Xuyk161pEG1BvBPKk4YLazM7rvVeTcL +GEwQak4F7X4uCtKHascutlH6ZwYk3/a8/bRsnwIDAQABo4HPMIHMMAwGA1UdEwQF +MAMBAf8wHQYDVR0OBBYEFB533RdbipSQkkglGN+ZZRE81WwwMIGMBgNVHSMEgYQw +gYGAFB533RdbipSQkkglGN+ZZRE81WwwoV6kXDBaMQswCQYDVQQGEwJVRzEPMA0G A1UEBxMGVHJvcGljMQ8wDQYDVQQKEwZVdG9waWExEzARBgNVBAsTClJlbGF4YXRp -b24xFDASBgNVBAMTC3RoZSBmYWtlIENBggkAnjuss2+9fG0wDgYDVR0PAQH/BAQD -AgEGMA0GCSqGSIb3DQEBBQUAA4GBAHUG2f9J6MkrzC801Zw6OpasF40i9mSQmEqi -lRU0HeV1Aq21giZ0OSdxgfl1abd2jg/FPZmtakowBWdBbs0woRkBlpGr0HRIDSwk -ajiISVBmWL9KAejQc1e/8QrNOZwTd0NqWLknjw0ecQg6w2YiwzmupcnDOQIDfD02 -A2hHpJQV +b24xFDASBgNVBAMTC3RoZSBmYWtlIENBggkA+AMfqY7JKXgwDgYDVR0PAQH/BAQD +AgEGMA0GCSqGSIb3DQEBBQUAA4GBAG+oJY5ErX0UyYdfbfqV/i1rvYLjYeZj5xih +uLYI6WcMMKBvGZRn83EgpXVdA0kCvoJXaDjsfCuLhf81j8cP+cu1c4l7q9qO4qql +W0fkeZ/AeP9YbC8vB849JRlUhmCkW1GavRd835MHAT5yTxO33Qrh1ImiFHI4Jzgx +4XJm/E8b -----END CERTIFICATE----- diff --git a/test/fake-ca/fake.p12 b/test/fake-ca/fake.p12 index d6a3c3e..da7b2cd 100644 Binary files a/test/fake-ca/fake.p12 and b/test/fake-ca/fake.p12 differ diff --git a/test/fake-ca/fake.priv b/test/fake-ca/fake.priv index 0adf012..3a71a0a 100644 --- a/test/fake-ca/fake.priv +++ b/test/fake-ca/fake.priv @@ -1,15 +1,16 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQDp5shVW7TJt1k69urRkk1MBD5CEOhgJvCh0PNKQVkF8KjnAqkR -DUywUukU0+SIQz/NNYFXATC8t3AFUH2sbvEogcpCPTm1D+SQznEYw5G6TO0cPGG0 -85yOWTSdpXI1z3sGBhTsWMVNYF14gmgNik6vgKAth/tSS3MSLAon086i7wIDAQAB -AoGAdFXIxku6e6mpw94TpPCzaV+i55EpQsmbXaBjoUcnVAECwQNdu5F11y0lqKpL -PErWbOZz0iZRa0uBd+M03pK/dobLuKM4uPx+6XqKyGjzP3TFWj8n8S3v3Vf7YLPn -RI00IkZklPmA6Zwq86woDCouHIQq+4uq1z+eX2UNQJ8iLyECQQD2C4JcfhwN22Y0 -IqmwXCXsy/WkGjCKpaW0V5UPlKe7wz7jyWdp4xmdZd3KyNrl/6nwGwnuQAfsXdO6 -Zs0Posm1AkEA811+UsIZVAeMeuu8i9heT3EcAQfmQK6xCnQaNv4g8B6STkDf5PER -gsg7YUvB4FMdrFuMSRosCWbeGVNj98OQkwJBAIfrm7xUvlK5XSB39Z3Dif/iPHTH -MwGkuIGD0Iim6nJDTb6wSDyqhD/7QicABk0Ai3Rku3uuS7I7svdKSwXUO/ECQAbo -LGGk6Jsd67rBXgSKC4MtrqHI25wSWSv2x5ev9rdZ5sUZykDxJpITpLvKLqJzOXBe -2MhqWb2akcseNsQdZMkCQHQHid1TRCxukOIyrrM+iXrHkDolt2A2xnJMCFuzqHSI -o0MEcNJEuQ/wT41tMYQrXjlkdHeL2coXhn1sh7qwCvU= ------END RSA PRIVATE KEY----- +-----BEGIN PRIVATE KEY----- +MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALOWcFEdKwCmKtRR +1gLKAfEWANkw4F91yPtzLNZp/+Bdv6+DOZ0AB7Ner3rFM34KoNXu0sLgwfPjbSSb +KZsjOXwOvSKTxV95IGXTDm/Ve7KTXrWkQbUG8E8qThgtrMzuu9V5NwsYTBBqTgXt +fi4K0odqxy62UfpnBiTf9rz9tGyfAgMBAAECgYAo4yJ1RUfKIQr1RiCMiAODKThO +OrOK6F026pUVyBJquc1vn1fZp+0Y6IDZWdaMZs0RiAtSNSvTZD8wK2eAm7d1Zhay +Z7DEKKFzjd+n/yOXebQ3WZFFwmSSldUdgL+jmsPUAeDKycCGEOpf0EBDrGL7+/U4 +ntV7K6Qpk1AhEDmvcQJBAO4DjgO2jkOKSKMialU0f4aftVVU7ykfG9VdfSVRzvo8 +CnI93jVXeoh+lh7jNIfWHBG/n/6cnARqaywZOjSMCKkCQQDBKJy0pqAMMXNYHgTw +PBr9labfV5HeiDcDe8KvUz+FtXbTWe32Xy9pq1NrKXKp1dxyqJm/poK4v358THng +DLAHAkEAkeFL4aq6d1sCOjqVwbNzlie9FJgCHcobXSL32S/TFDxIisywrTD4wUAU +8sl/IOJyQc6ZWYzTc0FmfpjXu+04QQJAJGV/qbaf/8wtnNQDQDVDLLdPO1Rn4xOt +shVW6Ox50rsPyeFvKnZjG7kxvcaQmZn3sQ898VPx29gRgGB0spgRbwJAfc6wCeY2 +YFHodO/zf5U5fogiPh6nRw4TUfTBBodRQ4W6QnT4R09rNxvVAT6gtvLCM8a5P514 +MP4ptCGeGD+jXA== +-----END PRIVATE KEY----- diff --git a/test/fake-ca/req_conf.cnf b/test/fake-ca/req_conf.cnf index 597cd4f..0171680 100644 --- a/test/fake-ca/req_conf.cnf +++ b/test/fake-ca/req_conf.cnf @@ -59,6 +59,8 @@ basicConstraints = CA:TRUE [ ca_server ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # This is OK for an SSL server. nsCertType = server nsComment = "OpenSSL Generated Server Certificate" @@ -66,35 +68,45 @@ nsComment = "OpenSSL Generated Server Certificate" # nsCertType = objsign [ ca_altname ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # This is OK for an SSL server. nsCertType = server nsComment = "OpenSSL Generated Server Certificate" subjectAltName = DNS:*.hoo.org,DNS:joo.haa.org,IP:123.124.220.1,DNS:g*a.e*.com [ ca_altname2 ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # This is OK for an SSL server. nsCertType = server nsComment = "OpenSSL Generated Server Certificate" subjectAltName = $ENV::DNS_HOSTNAME [ ca_altname3 ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # This is OK for an SSL server. nsCertType = server nsComment = "OpenSSL Generated Server Certificate" subjectAltName = email:john.doe@foo.bar [ ca_client ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # For normal client use this is typical nsCertType = client, email nsComment = "OpenSSL Generated Client Certificate" [ ca_clientserver ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # For normal client use this is typical nsCertType = server, client, email nsComment = "OpenSSL Generated Client Server Certificate" [ ca_fclient ] -# This is typical in keyUsage for a client certificate. +# Test cert without flags. basicConstraints = CA:false keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment nsComment = "OpenSSL Generated Client Certificate with key usage" diff --git a/test/nokeyusage-ca/nokeyusage.cert b/test/nokeyusage-ca/nokeyusage.cert index aefceff..23783ea 100644 --- a/test/nokeyusage-ca/nokeyusage.cert +++ b/test/nokeyusage-ca/nokeyusage.cert @@ -1,19 +1,19 @@ -----BEGIN CERTIFICATE----- -MIIDFDCCAn2gAwIBAgIJAPZ7YDhrX55SMA0GCSqGSIb3DQEBBQUAMGAxCzAJBgNV +MIIDFDCCAn2gAwIBAgIJALoXg5GbierPMA0GCSqGSIb3DQEBBQUAMGAxCzAJBgNV BAYTAlVHMQ8wDQYDVQQHEwZUcm9waWMxDzANBgNVBAoTBlV0b3BpYTETMBEGA1UE -CxMKUmVsYXhhdGlvbjEaMBgGA1UEAxMRdGhlIG5va2V5dXNhZ2UgQ0EwHhcNMTAx -MjE2MTcyMzEzWhcNMzgwNTAzMTcyMzEzWjBgMQswCQYDVQQGEwJVRzEPMA0GA1UE +CxMKUmVsYXhhdGlvbjEaMBgGA1UEAxMRdGhlIG5va2V5dXNhZ2UgQ0EwHhcNMTIw +MTMwMTIxODU4WhcNMjUxMDA4MTIxODU4WjBgMQswCQYDVQQGEwJVRzEPMA0GA1UE BxMGVHJvcGljMQ8wDQYDVQQKEwZVdG9waWExEzARBgNVBAsTClJlbGF4YXRpb24x GjAYBgNVBAMTEXRoZSBub2tleXVzYWdlIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GN -ADCBiQKBgQDx5Sz93RLCLWRTfRtPmqCzRFvFVp3c+c85paLf4t2Bei/qpu60ptzl -oizAlcKfExOKJ059FTIMIewVEWwcv7JShiB+v2ckFcLTmX2uB+T3ntEJP2T2sTBQ -SvGOopjfbOCn1RjskvSofCW5yu47F+pdCWA+XBeUwsE3QFmzRUejLwIDAQABo4HV -MIHSMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFBBaxa2WNA6NT+7Yh/JWOHWbuDO9 -MIGSBgNVHSMEgYowgYeAFBBaxa2WNA6NT+7Yh/JWOHWbuDO9oWSkYjBgMQswCQYD +ADCBiQKBgQC5ly9mLQi2a+oSMMKtjXSuBuhplOZ4I96GdoXsmfhfST1kL8nUtT6I +4yxL/gBP6sCEYA4dE9Cfkh2GyjxZ8Med5gvRwiDSCoDBV5aW6f5EHFfKPCwQLw4c +6sW5/o005dRG/rT6UmDnZ92hgwgMHBFBYH65oooS38bJMCdCpGzAtQIDAQABo4HV +MIHSMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFGQBn04SrTlLH+zvAyiMarUaAuNa +MIGSBgNVHSMEgYowgYeAFGQBn04SrTlLH+zvAyiMarUaAuNaoWSkYjBgMQswCQYD VQQGEwJVRzEPMA0GA1UEBxMGVHJvcGljMQ8wDQYDVQQKEwZVdG9waWExEzARBgNV -BAsTClJlbGF4YXRpb24xGjAYBgNVBAMTEXRoZSBub2tleXVzYWdlIENBggkA9ntg -OGtfnlIwDgYDVR0PAQH/BAQDAgECMA0GCSqGSIb3DQEBBQUAA4GBAMvhCDIdYcDW -WgWc/S/k7+sEzbA3eASrPR524l/tUwby+VFtDNhzo52jBAB4BXCOeyu3QdckQ5Y4 -AmiJTJ74HUBDVpFsKwVNEgClgJyC8so4FDblPqmuI2vVuH87zUKd467kR8jXU46G -yo/qd5Pjqh+Zm7qQWdTlElovq5qlAB1d +BAsTClJlbGF4YXRpb24xGjAYBgNVBAMTEXRoZSBub2tleXVzYWdlIENBggkAuheD +kZuJ6s8wDgYDVR0PAQH/BAQDAgECMA0GCSqGSIb3DQEBBQUAA4GBAJs6bi2psC4l +ejxqL3h8CdsrOQFJGF5TueGrHm1fb32ML7FzjIW6q6I2A4RrF0J56QCKOIm+yeja +8VR1JwqGy3kUrUJAUIXWC5MO74cEj9Xc+RSWHJr7LnCXmiXD1XkPjObOO6ufxRan +eyVKQiJroBnV5Sdo/1LTgfKnHKoYxijQ -----END CERTIFICATE----- diff --git a/test/nokeyusage-ca/nokeyusage.p12 b/test/nokeyusage-ca/nokeyusage.p12 index 9e0bf16..2123e7b 100644 Binary files a/test/nokeyusage-ca/nokeyusage.p12 and b/test/nokeyusage-ca/nokeyusage.p12 differ diff --git a/test/nokeyusage-ca/nokeyusage.priv b/test/nokeyusage-ca/nokeyusage.priv index 359f435..05fb45a 100644 --- a/test/nokeyusage-ca/nokeyusage.priv +++ b/test/nokeyusage-ca/nokeyusage.priv @@ -1,15 +1,16 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXgIBAAKBgQDx5Sz93RLCLWRTfRtPmqCzRFvFVp3c+c85paLf4t2Bei/qpu60 -ptzloizAlcKfExOKJ059FTIMIewVEWwcv7JShiB+v2ckFcLTmX2uB+T3ntEJP2T2 -sTBQSvGOopjfbOCn1RjskvSofCW5yu47F+pdCWA+XBeUwsE3QFmzRUejLwIDAQAB -AoGBANNoZPr2BJf6Te19sKnQzVP/kWkVu2BOX6LVNVUQlGC9pjUhcgwmrXZwV0Z1 -XKPkazZaBgnhxVy/JPKAyIkTrMcp9lY8ydLsttB0m30pA/Vp+T1zmv+CCKApRMgB -fho0avEmQz5vsa9hppB3E1Ikj47TynaJxBbtk8NON5aqv1cRAkEA/JOeXu0Nddmj -p8p0bPFjetQwDuVnGEpE+u8bvUPjSu6Y9EsJsZfs2VZDifIdan3NvEfo0h2ak5oz -2TCC1WLsOQJBAPUsfr+0NzIuYQR3wl61/vG5o3Usu0OjPxwx35/TgAjNzIcClCC8 -HvAg76JGCBut4UCjIht5WcZpLi9oomdP2qcCQQCpWbkoYL1TtXe7u01Q9pEC/F60 -vi/f43xY3BW3U1uFFHHN6ro3L2yJVQO37HS4wF0/zt9Wcq8AJLZ6+8HdnZRRAkA6 -zvl4MlorB0TuNWvCHBWTFdxHdvtUNgwlTzE8vRaxBexRViUB1R32q2/PlMzNFuA5 -COhdfrYyCXiyln6eGWFxAkEA3A6CojzW5WTf5AruK/yNR0c2gvNwBjhaJjS/oK4k -DwrWW06vqIwrptUYREc08Ysl9miysH7lRLXbH8JfddU6aw== ------END RSA PRIVATE KEY----- +-----BEGIN PRIVATE KEY----- +MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALmXL2YtCLZr6hIw +wq2NdK4G6GmU5ngj3oZ2heyZ+F9JPWQvydS1PojjLEv+AE/qwIRgDh0T0J+SHYbK +PFnwx53mC9HCINIKgMFXlpbp/kQcV8o8LBAvDhzqxbn+jTTl1Eb+tPpSYOdn3aGD +CAwcEUFgfrmiihLfxskwJ0KkbMC1AgMBAAECgYAPKWS76i3uCT7kIYul9gp0NShD +h+CULAn/3iruu11pG2iiiKzqbawgLr7trmCEJt93cQl2IqpGfv9ehaMMjfkgr2Oo +LI4i60w4MtgUpT4jHGXIel5FRvE5K6edP+d7/F0r20V3nMAgs5x8LzYMnEgLltGI +1jVw16VZ3pd3mqJsAQJBAPBX7kODGQuyBYSeCawC2d3i33rGHsW+hsZGPQQdwmsL +hqRG7JZMkEn2GmgwzRBXKHuGGaD95FZEAnRaQbDxZYECQQDFriv4uFUvbbGi85p4 +qUCenf7tEKiUUfjKSCvP2FuhpmjtQN/SeBul1S06Sq31y+P4VIqY6mwSD3hqc60s +wz01AkEA3MZZBskhM54W9YhaqBiCWxFxag0d7VWj5fRVTjesBLq0tqiz4Sh5joc0 +IKtbY3w8oqM/XaR7oEae3pSeLVTBgQJAGgJ7uKMQWkg1mjoxNfUXEoe5VhneBH3w +nTT3xsYx8EgEAEuL55Z0FNLCu6u9zdyA51jAT7RwecPdVSxZOc2KjQJAUzKw3VL1 +qMCvqfnHskuzeX8tMn/X/uRv47M+xG+uC3V7kLsJ2/y2uPNMy9Wl0vFD1l1FKXNy +hPzCsbKr5oBtuQ== +-----END PRIVATE KEY----- diff --git a/test/nokeyusage-ca/req_conf.cnf b/test/nokeyusage-ca/req_conf.cnf index ca5bb3d..4ad12d8 100644 --- a/test/nokeyusage-ca/req_conf.cnf +++ b/test/nokeyusage-ca/req_conf.cnf @@ -59,6 +59,8 @@ basicConstraints = CA:TRUE [ ca_server ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # This is OK for an SSL server. nsCertType = server nsComment = "OpenSSL Generated Server Certificate" @@ -66,35 +68,45 @@ nsComment = "OpenSSL Generated Server Certificate" # nsCertType = objsign [ ca_altname ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # This is OK for an SSL server. nsCertType = server nsComment = "OpenSSL Generated Server Certificate" subjectAltName = DNS:*.hoo.org,DNS:joo.haa.org,IP:123.124.220.1,DNS:g*a.e*.com [ ca_altname2 ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # This is OK for an SSL server. nsCertType = server nsComment = "OpenSSL Generated Server Certificate" subjectAltName = $ENV::DNS_HOSTNAME [ ca_altname3 ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # This is OK for an SSL server. nsCertType = server nsComment = "OpenSSL Generated Server Certificate" subjectAltName = email:john.doe@foo.bar [ ca_client ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # For normal client use this is typical nsCertType = client, email nsComment = "OpenSSL Generated Client Certificate" [ ca_clientserver ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # For normal client use this is typical nsCertType = server, client, email nsComment = "OpenSSL Generated Client Server Certificate" [ ca_fclient ] -# This is typical in keyUsage for a client certificate. +# Test cert without flags. basicConstraints = CA:false keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment nsComment = "OpenSSL Generated Client Certificate with key usage" diff --git a/test/root-ca/req_conf.cnf b/test/root-ca/req_conf.cnf index 91b892c..a5f8561 100644 --- a/test/root-ca/req_conf.cnf +++ b/test/root-ca/req_conf.cnf @@ -59,6 +59,8 @@ basicConstraints = CA:TRUE [ ca_server ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # This is OK for an SSL server. nsCertType = server nsComment = "OpenSSL Generated Server Certificate" @@ -66,35 +68,45 @@ nsComment = "OpenSSL Generated Server Certificate" # nsCertType = objsign [ ca_altname ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # This is OK for an SSL server. nsCertType = server nsComment = "OpenSSL Generated Server Certificate" subjectAltName = DNS:*.hoo.org,DNS:joo.haa.org,IP:123.124.220.1,DNS:g*a.e*.com [ ca_altname2 ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # This is OK for an SSL server. nsCertType = server nsComment = "OpenSSL Generated Server Certificate" subjectAltName = $ENV::DNS_HOSTNAME [ ca_altname3 ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # This is OK for an SSL server. nsCertType = server nsComment = "OpenSSL Generated Server Certificate" subjectAltName = email:john.doe@foo.bar [ ca_client ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # For normal client use this is typical nsCertType = client, email nsComment = "OpenSSL Generated Client Certificate" [ ca_clientserver ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # For normal client use this is typical nsCertType = server, client, email nsComment = "OpenSSL Generated Client Server Certificate" [ ca_fclient ] -# This is typical in keyUsage for a client certificate. +# Test cert without flags. basicConstraints = CA:false keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment nsComment = "OpenSSL Generated Client Certificate with key usage" diff --git a/test/root-ca/root.cert b/test/root-ca/root.cert index 7c47b28..5610225 100644 --- a/test/root-ca/root.cert +++ b/test/root-ca/root.cert @@ -1,19 +1,19 @@ -----BEGIN CERTIFICATE----- -MIIDAjCCAmugAwIBAgIJAKNRwvjdf7maMA0GCSqGSIb3DQEBBQUAMFoxCzAJBgNV +MIIDAjCCAmugAwIBAgIJAKJtBugfITEvMA0GCSqGSIb3DQEBBQUAMFoxCzAJBgNV BAYTAlVHMQ8wDQYDVQQHEwZUcm9waWMxDzANBgNVBAoTBlV0b3BpYTETMBEGA1UE -CxMKUmVsYXhhdGlvbjEUMBIGA1UEAxMLdGhlIHJvb3QgQ0EwHhcNMTAxMjE2MTcy -MzEzWhcNMzgwNTAzMTcyMzEzWjBaMQswCQYDVQQGEwJVRzEPMA0GA1UEBxMGVHJv +CxMKUmVsYXhhdGlvbjEUMBIGA1UEAxMLdGhlIHJvb3QgQ0EwHhcNMTIwMTMwMTIx +ODU4WhcNMjUxMDA4MTIxODU4WjBaMQswCQYDVQQGEwJVRzEPMA0GA1UEBxMGVHJv cGljMQ8wDQYDVQQKEwZVdG9waWExEzARBgNVBAsTClJlbGF4YXRpb24xFDASBgNV -BAMTC3RoZSByb290IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCwtt6B -km6plmUmXk1okHED/Mratlz01+wDjjEH1/DMs0TYCvjdCrijG3Mcu9czj4x4HDv/ -/swoNwT805BgYP00vxDwh3oraTsaipjaxIeYks8hXH54JZuuLOiM5GuTDLkvXdOy -VnaNVU9tFtjJX+kYMvozlDVcH9NJwzyQosaUJQIDAQABo4HPMIHMMAwGA1UdEwQF -MAMBAf8wHQYDVR0OBBYEFNLhBH6Nc1RTScVTrR6E2YoAC2pvMIGMBgNVHSMEgYQw -gYGAFNLhBH6Nc1RTScVTrR6E2YoAC2pvoV6kXDBaMQswCQYDVQQGEwJVRzEPMA0G +BAMTC3RoZSByb290IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDWDFRp +jXzy13Mg5pSaYTgAzYTRUBOJui0R2cVDxWD+gsugeRQJsx834VWCJ4gAodsTBedV ++W1pAeGNTMWX2JxUcWho8phtCzkovAK8u/CepIcv3lfzt9/DcXj276V/VskjmAIM +yTpJVEu1YqaFRlDuwm7BcqWt/dPCY1MU8BUgAQIDAQABo4HPMIHMMAwGA1UdEwQF +MAMBAf8wHQYDVR0OBBYEFFcke4MImokq2/O3k3RI+cTWw71CMIGMBgNVHSMEgYQw +gYGAFFcke4MImokq2/O3k3RI+cTWw71CoV6kXDBaMQswCQYDVQQGEwJVRzEPMA0G A1UEBxMGVHJvcGljMQ8wDQYDVQQKEwZVdG9waWExEzARBgNVBAsTClJlbGF4YXRp -b24xFDASBgNVBAMTC3RoZSByb290IENBggkAo1HC+N1/uZowDgYDVR0PAQH/BAQD -AgEGMA0GCSqGSIb3DQEBBQUAA4GBAK2QXF62pXErsW9eZZasxSOxNyna/4dNsznP -GhA1Ua6hWLUFEiMuzagnuALzTceSS9CJPUBgpIxOIR6bcOlY7MvtmI9rIds97VoI -iCFRCb/eBtqaFgLHwaUFi14z/qxfAscRH53Ub0NNQPrLhOhnMwwvRXJ/wr3zOf8k -RQtwJL57 +b24xFDASBgNVBAMTC3RoZSByb290IENBggkAom0G6B8hMS8wDgYDVR0PAQH/BAQD +AgEGMA0GCSqGSIb3DQEBBQUAA4GBABwT0+dY2Th5kdUWMA63NqXMEl6ycPP72Ers +2odG2UCd7Dj5tCJPWcwaG0YsfZg0e/WH+4gZTNZdNxV46FME3ln2jQFU+nYpjRAY +fPWVkMwWPC3XKKOd/ccNN/I5mcja3qWsnmryed2ZWEfzwhhJpq1ItnitCSX414b/ +TigWZ3NG -----END CERTIFICATE----- diff --git a/test/root-ca/root.p12 b/test/root-ca/root.p12 index 55f38fc..c95f7b6 100644 Binary files a/test/root-ca/root.p12 and b/test/root-ca/root.p12 differ diff --git a/test/root-ca/root.priv b/test/root-ca/root.priv index 10a31ac..71ac1dd 100644 --- a/test/root-ca/root.priv +++ b/test/root-ca/root.priv @@ -1,15 +1,16 @@ ------BEGIN RSA PRIVATE KEY----- -MIICWwIBAAKBgQCwtt6Bkm6plmUmXk1okHED/Mratlz01+wDjjEH1/DMs0TYCvjd -CrijG3Mcu9czj4x4HDv//swoNwT805BgYP00vxDwh3oraTsaipjaxIeYks8hXH54 -JZuuLOiM5GuTDLkvXdOyVnaNVU9tFtjJX+kYMvozlDVcH9NJwzyQosaUJQIDAQAB -AoGAd71BobyOHX1ZxpjJjNuqqJAHCBHfhMw2EOatVGo+sQWb1WQB4w0btPGpm0Ow -ezB+dvhys3B795foWkQkpRmzF4Rb7w3t9DQ1tShqwyXCPTURSl9RxS8nQcGUX2/Y -/8Ei8jGEHWn/8IyryJmnetCulibNFOTVZrB+aAxBPWhopEECQQDmoC6ks//tS7My -9iXx48xyM4Pd2UYzM/eRvjuYsaAbYDF95w5Ai6esdLCVNJgAUe259TtO0cdJgJup -EJwBlVkxAkEAxCg3PeeoOppBLxvtLszlLf8r+DmteI57hGwVPHtIElX7BLg9ItoT -7joP/ZRfE4VZApuf4/kFUOCkb7/U9aWtNQJAO/FibjjCymCkoRhNYIO+/efZ3G2+ -y0w0itMRFm0Emlj0RC8sCybBXBewVfenkl25Fl5hHel0jOw6iUTh559z4QJASek1 -V3gQZXR2F0AYkMfXmwtJEBD7ki9tzynCnrV9JJuNJ+wb7SPq2pq6J7xeTsayEU9+ -YbIVFLJwg0LvBVhV+QJASxW/aJQukNB9fZC3SFBz/6ed17lpK/F8958lnbNJAx1S -Nvcv/KvKiND0dFbAvu/GzL69wjqTq0P6qIQ5U3pYUw== ------END RSA PRIVATE KEY----- +-----BEGIN PRIVATE KEY----- +MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBANYMVGmNfPLXcyDm +lJphOADNhNFQE4m6LRHZxUPFYP6Cy6B5FAmzHzfhVYIniACh2xMF51X5bWkB4Y1M +xZfYnFRxaGjymG0LOSi8Ary78J6khy/eV/O338NxePbvpX9WySOYAgzJOklUS7Vi +poVGUO7CbsFypa3908JjUxTwFSABAgMBAAECgYB+/2nGBrCv1Kz2RFi/EBeOQmIf +Xod5HAFJqg+kmiNmXmw6lhwRdTl8ijGVu6ax2VaF/ua21/rWZstQbtB9u4Nkb/bk +NoA0Kptqa0yGuRVtcZoMtuQu8zRlOjJVB+0IzOQOSc7917d5kSNQFyd/GpttZ6iP +uZqI/NGM62KiXoMS0QJBAP5wRfQs6bKqXs5CFXXa+miyzDUsNXPMXWS0SMeBomoU +tBdvdngjUqBWN7d0Hjymt09P1+iQO1iFqS/UImAvgcMCQQDXXJpBM76vmMoK4r5b +1gbI4cCJiXTZRDGt6df84oWPQ3cFjfsbuhKWYRYoLyy+wJMgfugM5l7fYf797xh6 +ANbrAkEAhmBdUZv2wLlh4KTeGKRR48GqP9rdUA76tBjS5yr7z/KnOklP1BszpCJk +wqq83WNfJLASY2zpKtNMi0oJ7aqpaQJBAJxMFZtafXqdLYzm8HZgBz6FMKHgw4/n +ARMR0nIyx/Goadn7KBIAYfsHbPgu/I9X3a9IywqJqrL+QPx0KNRqhY8CQQDUwb8S +eDP+3r7Kwgp2CGGXvbNOKQ0WKoJjUoRN7UEGX7XYY9BThuCm8dMbNxhiLUxG2Vy4 +aU3HNhRd6EO/2HS3 +-----END PRIVATE KEY----- diff --git a/test/slash-ca/req_conf.cnf b/test/slash-ca/req_conf.cnf index 157af63..1779a96 100644 --- a/test/slash-ca/req_conf.cnf +++ b/test/slash-ca/req_conf.cnf @@ -59,6 +59,8 @@ basicConstraints = CA:TRUE [ ca_server ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # This is OK for an SSL server. nsCertType = server nsComment = "OpenSSL Generated Server Certificate" @@ -66,35 +68,45 @@ nsComment = "OpenSSL Generated Server Certificate" # nsCertType = objsign [ ca_altname ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # This is OK for an SSL server. nsCertType = server nsComment = "OpenSSL Generated Server Certificate" subjectAltName = DNS:*.hoo.org,DNS:joo.haa.org,IP:123.124.220.1,DNS:g*a.e*.com [ ca_altname2 ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # This is OK for an SSL server. nsCertType = server nsComment = "OpenSSL Generated Server Certificate" subjectAltName = $ENV::DNS_HOSTNAME [ ca_altname3 ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # This is OK for an SSL server. nsCertType = server nsComment = "OpenSSL Generated Server Certificate" subjectAltName = email:john.doe@foo.bar [ ca_client ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # For normal client use this is typical nsCertType = client, email nsComment = "OpenSSL Generated Client Certificate" [ ca_clientserver ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # For normal client use this is typical nsCertType = server, client, email nsComment = "OpenSSL Generated Client Server Certificate" [ ca_fclient ] -# This is typical in keyUsage for a client certificate. +# Test cert without flags. basicConstraints = CA:false keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment nsComment = "OpenSSL Generated Client Certificate with key usage" diff --git a/test/slash-ca/slash.cert b/test/slash-ca/slash.cert index c591946..98d4a95 100644 --- a/test/slash-ca/slash.cert +++ b/test/slash-ca/slash.cert @@ -1,20 +1,20 @@ -----BEGIN CERTIFICATE----- -MIIDXDCCAsWgAwIBAgIJAIg5QkW7J8/JMA0GCSqGSIb3DQEBBQUAMHgxCzAJBgNV +MIIDXDCCAsWgAwIBAgIJAOEnYom3UUXiMA0GCSqGSIb3DQEBBQUAMHgxCzAJBgNV BAYTAlVHMQ8wDQYDVQQHEwZUcm9waWMxLDAqBgNVBAoTI2h0dHA6Ly9zbGFzaC5z bGFzaC5lZHU6NzY1Ni90ZXN0aW5nMRMwEQYDVQQLEwpSZWxheGF0aW9uMRUwEwYD -VQQDEwx0aGUgc2xhc2ggQ0EwHhcNMTAxMjE2MTcyMzE0WhcNMzgwNTAzMTcyMzE0 +VQQDEwx0aGUgc2xhc2ggQ0EwHhcNMTIwMTMwMTIxODU4WhcNMjUxMDA4MTIxODU4 WjB4MQswCQYDVQQGEwJVRzEPMA0GA1UEBxMGVHJvcGljMSwwKgYDVQQKEyNodHRw Oi8vc2xhc2guc2xhc2guZWR1Ojc2NTYvdGVzdGluZzETMBEGA1UECxMKUmVsYXhh dGlvbjEVMBMGA1UEAxMMdGhlIHNsYXNoIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GN -ADCBiQKBgQDluI75hMEoE1TGyj7XTjElxLx9LKCj3QmkuNco7/nSVu3jXkEWSUSp -tfNLQ+nnWZ4MlPtL0x21BqFZA5YGV/P8T/Q/oX8fTyFnLc2FTWAmujrbpQHPknUa -EO9CRiJjK7DuoWwsEjRClbRuB297zrTdQH9RFzJ8UbBt4bi0ckNp1QIDAQABo4Ht -MIHqMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFBryqVaj4vDBMxXwlXHGXyWzH1L6 -MIGqBgNVHSMEgaIwgZ+AFBryqVaj4vDBMxXwlXHGXyWzH1L6oXykejB4MQswCQYD +ADCBiQKBgQDH3EfOZgvZ6g9WdrrK1aCAGGD19uZFAleH9tuB3NT8qjJUMOPinwbS +9CMZCOaSSLVFVKuFf25YEy2f2GECa17kztJs/6HYA3vgNkCq4tWGTwJc4YEXTz0i +iRbL0Udipmr1MssLwFtb+XVxCOear+Hw+0wLKwld+CGHwRTgXwzl0QIDAQABo4Ht +MIHqMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFMAwDZL6I8Aj1Cs2p6xFK2E9nFA9 +MIGqBgNVHSMEgaIwgZ+AFMAwDZL6I8Aj1Cs2p6xFK2E9nFA9oXykejB4MQswCQYD VQQGEwJVRzEPMA0GA1UEBxMGVHJvcGljMSwwKgYDVQQKEyNodHRwOi8vc2xhc2gu c2xhc2guZWR1Ojc2NTYvdGVzdGluZzETMBEGA1UECxMKUmVsYXhhdGlvbjEVMBMG -A1UEAxMMdGhlIHNsYXNoIENBggkAiDlCRbsnz8kwDgYDVR0PAQH/BAQDAgEGMA0G -CSqGSIb3DQEBBQUAA4GBAI9+LLLaK1ANc8da9g9w2d8i5jN8ln6pUKcemE0ScT+3 -F0Qyc1jdqpmulEtrHD8/XJDydSoiKhhaWqYbW+KZYIumoWG8fUJ1FJLQfvUqCLaS -dnIvE5h7BaEBERgE450YP1uidOoJXCCqUgpr3SywrSUwEfykwF2veljqn9poYSOM +A1UEAxMMdGhlIHNsYXNoIENBggkA4SdiibdRReIwDgYDVR0PAQH/BAQDAgEGMA0G +CSqGSIb3DQEBBQUAA4GBAJ2rtDNZcbC6Q+mgP32URg7MoF3yr6hQqfJcmYvhCvxW +82gVS/SO1WfPTKScKgNwC/B/R1yP2emRR9uxAPGIMfJEU6gpFnFvcE24XOw2cPaR +aMPRDiqsRuOu/sJqPRIOxReE2Yyd+caBcuf++EARLuzqOe0f39r/92zKRbM2RM54 -----END CERTIFICATE----- diff --git a/test/slash-ca/slash.p12 b/test/slash-ca/slash.p12 index ff9fb63..184c22b 100644 Binary files a/test/slash-ca/slash.p12 and b/test/slash-ca/slash.p12 differ diff --git a/test/slash-ca/slash.priv b/test/slash-ca/slash.priv index deb68cd..b78324b 100644 --- a/test/slash-ca/slash.priv +++ b/test/slash-ca/slash.priv @@ -1,15 +1,16 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXgIBAAKBgQDluI75hMEoE1TGyj7XTjElxLx9LKCj3QmkuNco7/nSVu3jXkEW -SUSptfNLQ+nnWZ4MlPtL0x21BqFZA5YGV/P8T/Q/oX8fTyFnLc2FTWAmujrbpQHP -knUaEO9CRiJjK7DuoWwsEjRClbRuB297zrTdQH9RFzJ8UbBt4bi0ckNp1QIDAQAB -AoGBAN9xbxBhAoh6lSFvI0TFd6SnAjg3KmF45KJmcFIPac4gY++ehGyrA7CXnHh/ -LIqtbsAKQYx1YxXrxxEQHeM5tcTEGyyQl3BN1hAnNviY0IQ95B2yrk3O7nkPpIuT -+id1QCouCQFto/gG3/Z8Yw4CQAkl/CvTDwL5U59+GgvH/bsBAkEA95k+EQ+GVFvS -I7xW0kSKjvPopyFwG8G6viBhNvGHhWTrXCnGsPSEcbKOkMH6G0c6NJ+FOHR3dgqc -JciB8vIddQJBAO2EBa98tcTLzpMWHzaRP6oPErTVpfyTKiC9LhU7XbAlQNN3jZnW -Ay/zZN0WBhvyZ/72MKQfTQoDa2KRxmVqruECQQDVgYZc7dc27Uri1+jCPqqApOEt -JY9n0AG5K3DJETN8ms691aRpOSDwbjmzqCGE3kHZ2OjnCr9swa9ugV1VYuR1AkBI -aCX/kIotO2B3UJglX3REGKJARJ18eTSvlFyXFmkCSOkRTnH5gten55BJIeys2mI/ -xLehYPVwZwh2nTAZPMOhAkEA1w0VCC4WP58r8V79BXXmAPwL9HgeOFmNYn89XO4+ -tyv3MA3BTaS4nYeAL1/QcRHURvuRV3Pl4TmFDeCwdov9Gg== ------END RSA PRIVATE KEY----- +-----BEGIN PRIVATE KEY----- +MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAMfcR85mC9nqD1Z2 +usrVoIAYYPX25kUCV4f224Hc1PyqMlQw4+KfBtL0IxkI5pJItUVUq4V/blgTLZ/Y +YQJrXuTO0mz/odgDe+A2QKri1YZPAlzhgRdPPSKJFsvRR2KmavUyywvAW1v5dXEI +55qv4fD7TAsrCV34IYfBFOBfDOXRAgMBAAECgYB6zCrGc0a21qwj2QF+HPHnopL4 +rYHgRscXQCKw0MmAkOYpenyaQlGEDgL+n8xjdw8BkTtt49UdgnMW8nDwdp4vahML +UlYzmFjzuYtL5FzHSs+IghwinWAVJF0BsuVTTT39Gz7JNUCAuSCe0Qrw7O6e+Agi +BLGznV/BsKe3KRWsAQJBAPxAWdJfGBnQD5Ca9dS9jW5d4JNBgLYuRDnagCM4mpqm +l40lde26RHaCbnLoWlp78I4PqurqtDB8s6/aDISd55ECQQDK1J30INug1d6ucI4k +f/IqogkvZ1zpl1yra1QXcmjYHcoA/jNP5Oh7CcvETP3l2f1bs3ctS/v7kE/nVlTf ++npBAkEA3uA4vLB6yevUpM7V4AcvHFHj6BgbElykuX0+dGBB8dy50ONFZCuM7Czo +S6zSkForvElJmdCQLrsvxHNjVhVykQJAAP/pQ2HCE1nafhuZ574lsGYaC3zD7XbM +gx/FS1RKBf6nlzepgxRKvQiAU5hZi/92CzSoOrXsKQI+EpLPWkc+wQJAKsamGIeS +xpcdjc9KfBTeQTFGGRnfgKjAON8bzsEFCpWEu69ItWpQJPs7LUe7rr5Raq8KCoh/ +2Ywowam7utyVag== +-----END PRIVATE KEY----- diff --git a/test/subca-ca/index.txt b/test/subca-ca/index.txt index e07f2f0..0d5e73b 100644 --- a/test/subca-ca/index.txt +++ b/test/subca-ca/index.txt @@ -1 +1 @@ -V 380503172313Z 0176 unknown /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the subca CA +V 251008121858Z 0176 unknown /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the subca CA diff --git a/test/subca-ca/req_conf.cnf b/test/subca-ca/req_conf.cnf index 2e7632f..b608123 100644 --- a/test/subca-ca/req_conf.cnf +++ b/test/subca-ca/req_conf.cnf @@ -59,6 +59,8 @@ basicConstraints = CA:TRUE [ ca_server ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # This is OK for an SSL server. nsCertType = server nsComment = "OpenSSL Generated Server Certificate" @@ -66,35 +68,45 @@ nsComment = "OpenSSL Generated Server Certificate" # nsCertType = objsign [ ca_altname ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # This is OK for an SSL server. nsCertType = server nsComment = "OpenSSL Generated Server Certificate" subjectAltName = DNS:*.hoo.org,DNS:joo.haa.org,IP:123.124.220.1,DNS:g*a.e*.com [ ca_altname2 ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # This is OK for an SSL server. nsCertType = server nsComment = "OpenSSL Generated Server Certificate" subjectAltName = $ENV::DNS_HOSTNAME [ ca_altname3 ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # This is OK for an SSL server. nsCertType = server nsComment = "OpenSSL Generated Server Certificate" subjectAltName = email:john.doe@foo.bar [ ca_client ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # For normal client use this is typical nsCertType = client, email nsComment = "OpenSSL Generated Client Certificate" [ ca_clientserver ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # For normal client use this is typical nsCertType = server, client, email nsComment = "OpenSSL Generated Client Server Certificate" [ ca_fclient ] -# This is typical in keyUsage for a client certificate. +# Test cert without flags. basicConstraints = CA:false keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment nsComment = "OpenSSL Generated Client Certificate with key usage" diff --git a/test/subca-ca/subca.cert b/test/subca-ca/subca.cert index 253a090..5306e8b 100644 --- a/test/subca-ca/subca.cert +++ b/test/subca-ca/subca.cert @@ -5,59 +5,59 @@ Certificate: Signature Algorithm: md5WithRSAEncryption Issuer: C=UG, L=Tropic, O=Utopia, OU=Relaxation, CN=the root CA Validity - Not Before: Dec 16 17:23:13 2010 GMT - Not After : May 3 17:23:13 2038 GMT + Not Before: Jan 30 12:18:58 2012 GMT + Not After : Oct 8 12:18:58 2025 GMT Subject: C=UG, L=Tropic, O=Utopia, OU=Relaxation, CN=the subca CA Subject Public Key Info: Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:a6:02:9e:e7:e5:25:2f:a0:b7:60:7c:a6:99:2d: - 32:34:6e:c7:bd:11:c5:ca:ac:fd:65:08:de:d8:4e: - 58:b7:19:d6:d7:53:67:9f:3c:76:ab:65:a1:db:5f: - 4f:83:cc:5e:b3:14:73:c0:58:06:4e:10:96:c2:71: - 20:f0:c3:43:d5:82:ea:f4:bc:ce:d3:a1:17:7f:b1: - 2e:a5:2a:cd:67:36:a1:00:28:39:fe:29:95:c8:b9: - d2:60:35:0f:96:ec:6b:00:d4:1d:ae:73:8f:e5:47: - 42:95:16:f1:9f:0a:f6:a0:f5:5a:cb:85:81:15:b2: - 3c:21:ab:4d:cc:b1:52:52:dd + Public-Key: (1024 bit) + Modulus: + 00:c2:68:6a:f6:e3:56:2a:36:fb:c5:f8:4f:1a:fd: + 0b:f0:f6:95:cb:05:30:5e:88:f6:84:b0:71:fe:59: + 98:6f:35:09:2b:40:4d:dd:e5:37:ea:8c:9b:e8:ad: + bf:f5:63:88:e9:ed:4a:69:6a:8c:f0:7c:b7:3b:6a: + 99:5f:1c:d7:d1:d0:ab:ba:1c:55:f6:14:c7:c7:e1: + 07:e5:8e:40:82:56:d8:42:9d:40:ad:ee:2e:7e:32: + db:cd:11:3e:75:87:b0:b9:1f:3c:20:d5:3e:ac:ee: + 86:01:0b:57:9b:3d:d6:5d:b8:cd:bb:ee:b5:ef:87: + f8:91:09:7c:6a:54:64:55:f5 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:TRUE X509v3 Subject Key Identifier: - 72:E2:1C:DF:FA:13:48:67:BA:80:EF:59:BC:ED:EC:15:77:61:AF:CC + 50:09:78:05:FC:8F:6D:EB:38:39:EE:32:06:BD:6D:73:DE:38:AE:87 X509v3 Authority Key Identifier: - keyid:D2:E1:04:7E:8D:73:54:53:49:C5:53:AD:1E:84:D9:8A:00:0B:6A:6F + keyid:57:24:7B:83:08:9A:89:2A:DB:F3:B7:93:74:48:F9:C4:D6:C3:BD:42 DirName:/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the root CA - serial:A3:51:C2:F8:DD:7F:B9:9A + serial:A2:6D:06:E8:1F:21:31:2F X509v3 Key Usage: critical Certificate Sign, CRL Sign Signature Algorithm: md5WithRSAEncryption - 77:fb:7d:ed:41:72:9a:44:a3:aa:c1:fd:45:09:67:2a:46:a9: - d9:72:5d:9a:d8:e3:0d:fe:2b:c7:62:4c:14:04:45:0f:34:a8: - 39:a0:e0:b9:70:74:74:e1:99:da:6a:e7:e8:cc:07:56:b9:a6: - 38:24:46:74:e1:a9:55:02:c0:5a:cf:78:9b:d7:95:76:2f:68: - 36:87:1b:8a:97:80:77:24:5b:6f:db:ec:a3:fc:88:50:3d:be: - f0:e1:ac:6d:1f:02:61:63:d4:8d:88:98:ca:de:0a:da:0e:36: - 19:ea:a6:1c:c1:fa:7c:d1:30:bc:d2:ee:6e:10:15:17:44:fb: - 53:52 + 52:ca:c6:04:5d:02:50:1f:b5:db:8c:2d:d2:0b:ad:71:e8:22: + 55:0d:f5:30:d2:76:77:4e:3f:0c:66:4d:75:40:ee:0d:d9:6d: + 66:5a:5b:2d:17:a1:b5:9f:0c:33:07:23:8d:c5:53:6b:f2:4e: + 9a:46:b1:55:c5:01:d6:a5:7e:d6:10:c7:5b:47:64:88:4e:ef: + be:7e:79:b3:53:7b:7a:75:e8:77:c4:c8:e8:67:3d:29:61:ad: + bb:3d:e4:1e:2d:f2:7a:ad:62:b3:62:4f:7a:24:64:e4:3b:78: + 1a:52:18:e1:6c:bb:0d:15:cb:17:3c:0d:1a:2f:c1:a8:23:c4: + 57:46 -----BEGIN CERTIFICATE----- MIIC/DCCAmWgAwIBAgICAXYwDQYJKoZIhvcNAQEEBQAwWjELMAkGA1UEBhMCVUcx DzANBgNVBAcTBlRyb3BpYzEPMA0GA1UEChMGVXRvcGlhMRMwEQYDVQQLEwpSZWxh -eGF0aW9uMRQwEgYDVQQDEwt0aGUgcm9vdCBDQTAeFw0xMDEyMTYxNzIzMTNaFw0z -ODA1MDMxNzIzMTNaMFsxCzAJBgNVBAYTAlVHMQ8wDQYDVQQHEwZUcm9waWMxDzAN +eGF0aW9uMRQwEgYDVQQDEwt0aGUgcm9vdCBDQTAeFw0xMjAxMzAxMjE4NThaFw0y +NTEwMDgxMjE4NThaMFsxCzAJBgNVBAYTAlVHMQ8wDQYDVQQHEwZUcm9waWMxDzAN BgNVBAoTBlV0b3BpYTETMBEGA1UECxMKUmVsYXhhdGlvbjEVMBMGA1UEAxMMdGhl -IHN1YmNhIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCmAp7n5SUvoLdg -fKaZLTI0bse9EcXKrP1lCN7YTli3GdbXU2efPHarZaHbX0+DzF6zFHPAWAZOEJbC -cSDww0PVgur0vM7ToRd/sS6lKs1nNqEAKDn+KZXIudJgNQ+W7GsA1B2uc4/lR0KV -FvGfCvag9VrLhYEVsjwhq03MsVJS3QIDAQABo4HPMIHMMAwGA1UdEwQFMAMBAf8w -HQYDVR0OBBYEFHLiHN/6E0hnuoDvWbzt7BV3Ya/MMIGMBgNVHSMEgYQwgYGAFNLh -BH6Nc1RTScVTrR6E2YoAC2pvoV6kXDBaMQswCQYDVQQGEwJVRzEPMA0GA1UEBxMG +IHN1YmNhIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCaGr241YqNvvF ++E8a/Qvw9pXLBTBeiPaEsHH+WZhvNQkrQE3d5TfqjJvorb/1Y4jp7UppaozwfLc7 +aplfHNfR0Ku6HFX2FMfH4QfljkCCVthCnUCt7i5+MtvNET51h7C5Hzwg1T6s7oYB +C1ebPdZduM277rXvh/iRCXxqVGRV9QIDAQABo4HPMIHMMAwGA1UdEwQFMAMBAf8w +HQYDVR0OBBYEFFAJeAX8j23rODnuMga9bXPeOK6HMIGMBgNVHSMEgYQwgYGAFFck +e4MImokq2/O3k3RI+cTWw71CoV6kXDBaMQswCQYDVQQGEwJVRzEPMA0GA1UEBxMG VHJvcGljMQ8wDQYDVQQKEwZVdG9waWExEzARBgNVBAsTClJlbGF4YXRpb24xFDAS -BgNVBAMTC3RoZSByb290IENBggkAo1HC+N1/uZowDgYDVR0PAQH/BAQDAgEGMA0G -CSqGSIb3DQEBBAUAA4GBAHf7fe1BcppEo6rB/UUJZypGqdlyXZrY4w3+K8diTBQE -RQ80qDmg4LlwdHThmdpq5+jMB1a5pjgkRnThqVUCwFrPeJvXlXYvaDaHG4qXgHck -W2/b7KP8iFA9vvDhrG0fAmFj1I2ImMreCtoONhnqphzB+nzRMLzS7m4QFRdE+1NS +BgNVBAMTC3RoZSByb290IENBggkAom0G6B8hMS8wDgYDVR0PAQH/BAQDAgEGMA0G +CSqGSIb3DQEBBAUAA4GBAFLKxgRdAlAftduMLdILrXHoIlUN9TDSdndOPwxmTXVA +7g3ZbWZaWy0XobWfDDMHI43FU2vyTppGsVXFAdalftYQx1tHZIhO775+ebNTe3p1 +6HfEyOhnPSlhrbs95B4t8nqtYrNiT3okZOQ7eBpSGOFsuw0Vyxc8DRovwagjxFdG -----END CERTIFICATE----- diff --git a/test/subca-ca/subca.p12 b/test/subca-ca/subca.p12 index 9b7b347..cce9f48 100644 Binary files a/test/subca-ca/subca.p12 and b/test/subca-ca/subca.p12 differ diff --git a/test/subca-ca/subca.priv b/test/subca-ca/subca.priv index 858f6e4..0b52188 100644 --- a/test/subca-ca/subca.priv +++ b/test/subca-ca/subca.priv @@ -1,15 +1,16 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQCmAp7n5SUvoLdgfKaZLTI0bse9EcXKrP1lCN7YTli3GdbXU2ef -PHarZaHbX0+DzF6zFHPAWAZOEJbCcSDww0PVgur0vM7ToRd/sS6lKs1nNqEAKDn+ -KZXIudJgNQ+W7GsA1B2uc4/lR0KVFvGfCvag9VrLhYEVsjwhq03MsVJS3QIDAQAB -AoGAGFHv96cBMJ4J30/DlFMjtLy59D/jSxLWuHN5OhUYOBLH/5mPZ6uS8v8bnCi1 -XGiXQwLvBjGfEtapT2kFW2Av0p4zsAnJ9D1emH5aFD67YXI5vW4PR0R/Lu58SI6a -p5y3aNsxCMmORAsXTfj2C3r/ntCuwUXITP2mUbL8pa2ofz0CQQDZWD9DNRdfDb4W -xQGparH30jxhlkUMxhjnddMnt0pAKxFjWXQQ80EI1mZRDk9gpb14okaEq+dRtkdR -3piJ/a2DAkEAw4kafeTETUSbbACRKmr+5skDuKYWY4nei7JNCP45HkpmIdFSEtvY -ftwkhuhJGtW7q4AuEIyU2QI7DRYg67twHwJAVy4+sgapyUcJ6Lg9YmeZ235JGhvc -trL/alioylWLQxIDd4Z6OBJbE+BsSjcjP/E7fxgYkT8jGnOzR/Ox3CgVYQJBAJoB -yI3TuxEoskl0gOGp+C6JsJakqgmoM1JQEwC8SvyimKKWHVChO3lfpp1jIwExymif -wqhiMXJioWQDQ9angP0CQB+PR9qES3nqqfRn8iCqcxNnmxALGqS2cxmDFxeQqEAL -0mGmZtNxswQr/9BipCHbf5KehNeDuVvMANk1ip00pyc= ------END RSA PRIVATE KEY----- +-----BEGIN PRIVATE KEY----- +MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMJoavbjVio2+8X4 +Txr9C/D2lcsFMF6I9oSwcf5ZmG81CStATd3lN+qMm+itv/VjiOntSmlqjPB8tztq +mV8c19HQq7ocVfYUx8fhB+WOQIJW2EKdQK3uLn4y280RPnWHsLkfPCDVPqzuhgEL +V5s91l24zbvute+H+JEJfGpUZFX1AgMBAAECgYAtkEuBkcagHkLkI05nBOfHkgOJ +ka3EelVMxA3zjwwrBEMh3/BgEVkJn+rqnc5ftPRh3zuReWeO9av8QP+xSxFJsnsL +gKZNpsOSclR+zdpWsiIR9JnO58qnXW+m8AnXArSg8aLG5hFSEKSkxSfNKEybm0nG +fn25zKYTzpnaua/QAQJBAPeJ5jCwWZL35OhBSFwTigm3fAA0ffOSW1tjkm6+byXD +hfMfjvpbe8TQfjKq7UA5KnU7icr+cACiPuNJXo4PTTcCQQDJDZhCSJKwdVVF/lQX +FwcG2T2zyO3RpozXFgXXBT2j3awicxgbjOxUh9ImVOhjlash4aIAcksWzlA0Xyg/ +wawzAkEAoEPw/C8BH41N8C1sKukfoyDfsMZLkap9aZLzGK5FCf8oN3uEN4WJgai3 +PBi8WKtqWNJ+aSYI3/ArpT44cONpSwJAcPruwPC/XeHRlY+h+Ye7LyINBma3HcUW +CBgcGASd6uO6w3Eh7vl2JNpeQaQdIzkL/fIpc07G2338nDGNEKbo+QJBAKdOkF8x +E49CHpIyB+PfYXfNHOSXQMucQSpM21YLj666QPiUd+zLxBnTRdiSq5DAXV83/qrL +Y/mpZlO1XCpNUJs= +-----END PRIVATE KEY----- diff --git a/test/subca-ca/subca.req b/test/subca-ca/subca.req index e6c16a7..4a15956 100644 --- a/test/subca-ca/subca.req +++ b/test/subca-ca/subca.req @@ -1,11 +1,11 @@ -----BEGIN CERTIFICATE REQUEST----- MIIBmzCCAQQCAQAwWzELMAkGA1UEBhMCVUcxDzANBgNVBAcTBlRyb3BpYzEPMA0G A1UEChMGVXRvcGlhMRMwEQYDVQQLEwpSZWxheGF0aW9uMRUwEwYDVQQDEwx0aGUg -c3ViY2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKYCnuflJS+gt2B8 -ppktMjRux70Rxcqs/WUI3thOWLcZ1tdTZ588dqtlodtfT4PMXrMUc8BYBk4QlsJx -IPDDQ9WC6vS8ztOhF3+xLqUqzWc2oQAoOf4plci50mA1D5bsawDUHa5zj+VHQpUW -8Z8K9qD1WsuFgRWyPCGrTcyxUlLdAgMBAAGgADANBgkqhkiG9w0BAQUFAAOBgQCk -MpGCwnIPP/A4U7v6GjNIeaD7SS1yTz8v7Sak7ZqQAgHQubQoOVeMrlWzrIqVbQiZ -g4JM7fjRObd0XSOwaUpMXmlB/O3+WLBsFELudfWslyEaHv0Wkgom+aZP9DRb/lVz -Kg6OaBIApp/5bwATPZxk+9Zo4W6d7LF6tHayHsgJhw== +c3ViY2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMJoavbjVio2+8X4 +Txr9C/D2lcsFMF6I9oSwcf5ZmG81CStATd3lN+qMm+itv/VjiOntSmlqjPB8tztq +mV8c19HQq7ocVfYUx8fhB+WOQIJW2EKdQK3uLn4y280RPnWHsLkfPCDVPqzuhgEL +V5s91l24zbvute+H+JEJfGpUZFX1AgMBAAGgADANBgkqhkiG9w0BAQUFAAOBgQCs +gvrRv5ck4k8xP3vRPwDU7pKwr7iAvwsg5qGF7DtZT+Fr3fxmoZsot68GGkgpCGkZ +E3qWreu8Jms+fQZ1EdDNjHfQDfSNuzI7NJswRSY5dzQUUZhJ9WFqhwOEppvmB18L +fV01wpqFdLnDrbvNK1f/YV/yGllzqlp8jseMw+MW+Q== -----END CERTIFICATE REQUEST----- diff --git a/test/subsubca-ca/index.txt b/test/subsubca-ca/index.txt index c3bfea0..eafa04b 100644 --- a/test/subsubca-ca/index.txt +++ b/test/subsubca-ca/index.txt @@ -1 +1 @@ -V 380503172313Z 0176 unknown /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the subsubca CA +V 251008121858Z 0176 unknown /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the subsubca CA diff --git a/test/subsubca-ca/req_conf.cnf b/test/subsubca-ca/req_conf.cnf index 62ee717..ebc3b00 100644 --- a/test/subsubca-ca/req_conf.cnf +++ b/test/subsubca-ca/req_conf.cnf @@ -59,6 +59,8 @@ basicConstraints = CA:TRUE [ ca_server ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # This is OK for an SSL server. nsCertType = server nsComment = "OpenSSL Generated Server Certificate" @@ -66,35 +68,45 @@ nsComment = "OpenSSL Generated Server Certificate" # nsCertType = objsign [ ca_altname ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # This is OK for an SSL server. nsCertType = server nsComment = "OpenSSL Generated Server Certificate" subjectAltName = DNS:*.hoo.org,DNS:joo.haa.org,IP:123.124.220.1,DNS:g*a.e*.com [ ca_altname2 ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # This is OK for an SSL server. nsCertType = server nsComment = "OpenSSL Generated Server Certificate" subjectAltName = $ENV::DNS_HOSTNAME [ ca_altname3 ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # This is OK for an SSL server. nsCertType = server nsComment = "OpenSSL Generated Server Certificate" subjectAltName = email:john.doe@foo.bar [ ca_client ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # For normal client use this is typical nsCertType = client, email nsComment = "OpenSSL Generated Client Certificate" [ ca_clientserver ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # For normal client use this is typical nsCertType = server, client, email nsComment = "OpenSSL Generated Client Server Certificate" [ ca_fclient ] -# This is typical in keyUsage for a client certificate. +# Test cert without flags. basicConstraints = CA:false keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment nsComment = "OpenSSL Generated Client Certificate with key usage" diff --git a/test/subsubca-ca/subsubca.cert b/test/subsubca-ca/subsubca.cert index fcd5892..3bd01cd 100644 --- a/test/subsubca-ca/subsubca.cert +++ b/test/subsubca-ca/subsubca.cert @@ -5,59 +5,59 @@ Certificate: Signature Algorithm: md5WithRSAEncryption Issuer: C=UG, L=Tropic, O=Utopia, OU=Relaxation, CN=the subca CA Validity - Not Before: Dec 16 17:23:13 2010 GMT - Not After : May 3 17:23:13 2038 GMT + Not Before: Jan 30 12:18:58 2012 GMT + Not After : Oct 8 12:18:58 2025 GMT Subject: C=UG, L=Tropic, O=Utopia, OU=Relaxation, CN=the subsubca CA Subject Public Key Info: Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:b9:e2:be:89:f7:d4:ea:b1:90:2a:13:c3:18:59: - fa:05:cd:52:73:09:18:7d:a8:a1:85:2c:c2:4b:58: - f8:c2:fd:2d:20:97:d0:df:39:be:15:7b:26:72:a1: - 4b:cc:62:03:0c:2b:9b:7d:d1:f0:a4:66:36:d4:48: - 8b:ca:61:73:61:b3:c3:9e:0a:5a:54:d5:43:ad:88: - 2a:0f:85:41:f0:d6:09:8d:d4:9a:f2:10:4e:41:d8: - d2:88:cd:07:78:ea:60:67:28:e1:4f:9e:3d:24:8b: - 64:31:fd:d3:d3:4c:bb:c8:42:49:15:69:f6:06:14: - 00:6d:b7:df:1d:c2:44:88:7d + Public-Key: (1024 bit) + Modulus: + 00:c1:f1:e2:20:04:0b:dc:d9:ad:c2:d7:fa:e6:70: + f3:6f:14:0d:66:4a:ed:c3:66:b9:1a:83:f6:73:67: + 46:0b:e9:f5:11:ee:26:2b:a4:e4:77:92:71:e0:a2: + 1a:76:ba:a3:93:2d:84:05:71:cf:2c:ff:32:99:49: + 5d:ae:d5:9f:b0:d3:d2:7f:50:21:ba:0b:40:d4:6b: + a8:d6:ba:a9:0a:bc:7d:d9:28:bc:45:7a:50:d3:fb: + 41:aa:ea:c0:76:a8:96:e8:c4:8b:fc:6e:c7:88:37: + c2:2f:49:ba:61:fd:97:f7:91:c6:2a:35:1c:3a:8b: + 39:c1:29:97:6e:1b:a1:5b:fb Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:TRUE X509v3 Subject Key Identifier: - 43:B2:E1:9F:EB:C5:ED:9C:C6:76:EF:EC:B4:D1:D3:95:AF:67:45:AD + 13:D5:A4:0F:E9:84:B4:C3:AC:D6:53:CA:7E:C5:B7:D3:61:4C:17:3F X509v3 Authority Key Identifier: - keyid:72:E2:1C:DF:FA:13:48:67:BA:80:EF:59:BC:ED:EC:15:77:61:AF:CC + keyid:50:09:78:05:FC:8F:6D:EB:38:39:EE:32:06:BD:6D:73:DE:38:AE:87 DirName:/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the root CA serial:01:76 X509v3 Key Usage: critical Certificate Sign, CRL Sign Signature Algorithm: md5WithRSAEncryption - 32:3b:67:ad:10:b0:a0:6c:82:39:c9:30:fb:c3:63:20:ff:66: - 11:38:13:58:3a:36:b4:ec:f8:55:9f:c4:05:34:04:9d:f1:5e: - 6a:95:71:79:9f:4d:42:6c:a7:ba:f2:e0:fe:cc:42:7e:85:49: - 56:94:5c:2f:e5:5b:27:ff:52:16:1b:a6:f5:4f:9e:88:67:96: - 6d:b0:71:07:73:d2:08:35:a0:8b:f5:5f:a6:9d:8f:ee:20:49: - 4f:01:39:17:e6:76:4a:43:9c:cd:9c:87:33:c2:5b:ac:8b:f9: - 24:4b:6b:1f:08:ef:99:e3:1a:16:1f:0f:1a:f4:1a:96:91:5c: - 69:d0 + aa:6c:14:cd:1e:53:0b:45:7d:4e:4f:78:4d:a2:ef:20:a6:97: + e9:dd:8b:ca:09:bd:1c:7a:ac:02:e7:c8:44:af:69:a4:cd:de: + b0:34:b5:f4:ba:d7:c8:8f:ab:27:88:e9:48:80:d9:86:88:ee: + 6d:b8:c5:08:a0:d5:bd:ad:cd:71:40:78:7a:5f:aa:46:02:ac: + c2:a0:07:0f:5d:fb:d4:ef:01:13:0c:96:77:7d:ba:89:8d:11: + d4:04:e0:f2:c1:93:5c:ee:31:70:67:57:79:2b:03:bf:72:2e: + 8b:3d:c9:93:22:bd:20:2a:c0:41:30:b8:01:9a:4f:31:0d:58: + f4:88 -----BEGIN CERTIFICATE----- MIIC9zCCAmCgAwIBAgICAXYwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCVUcx DzANBgNVBAcTBlRyb3BpYzEPMA0GA1UEChMGVXRvcGlhMRMwEQYDVQQLEwpSZWxh -eGF0aW9uMRUwEwYDVQQDEwx0aGUgc3ViY2EgQ0EwHhcNMTAxMjE2MTcyMzEzWhcN -MzgwNTAzMTcyMzEzWjBeMQswCQYDVQQGEwJVRzEPMA0GA1UEBxMGVHJvcGljMQ8w +eGF0aW9uMRUwEwYDVQQDEwx0aGUgc3ViY2EgQ0EwHhcNMTIwMTMwMTIxODU4WhcN +MjUxMDA4MTIxODU4WjBeMQswCQYDVQQGEwJVRzEPMA0GA1UEBxMGVHJvcGljMQ8w DQYDVQQKEwZVdG9waWExEzARBgNVBAsTClJlbGF4YXRpb24xGDAWBgNVBAMTD3Ro -ZSBzdWJzdWJjYSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAueK+iffU -6rGQKhPDGFn6Bc1ScwkYfaihhSzCS1j4wv0tIJfQ3zm+FXsmcqFLzGIDDCubfdHw -pGY21EiLymFzYbPDngpaVNVDrYgqD4VB8NYJjdSa8hBOQdjSiM0HeOpgZyjhT549 -JItkMf3T00y7yEJJFWn2BhQAbbffHcJEiH0CAwEAAaOBxjCBwzAMBgNVHRMEBTAD -AQH/MB0GA1UdDgQWBBRDsuGf68XtnMZ27+y00dOVr2dFrTCBgwYDVR0jBHwweoAU -cuIc3/oTSGe6gO9ZvO3sFXdhr8yhXqRcMFoxCzAJBgNVBAYTAlVHMQ8wDQYDVQQH +ZSBzdWJzdWJjYSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwfHiIAQL +3Nmtwtf65nDzbxQNZkrtw2a5GoP2c2dGC+n1Ee4mK6Tkd5Jx4KIadrqjky2EBXHP +LP8ymUldrtWfsNPSf1AhugtA1Guo1rqpCrx92Si8RXpQ0/tBqurAdqiW6MSL/G7H +iDfCL0m6Yf2X95HGKjUcOos5wSmXbhuhW/sCAwEAAaOBxjCBwzAMBgNVHRMEBTAD +AQH/MB0GA1UdDgQWBBQT1aQP6YS0w6zWU8p+xbfTYUwXPzCBgwYDVR0jBHwweoAU +UAl4BfyPbes4Oe4yBr1tc944roehXqRcMFoxCzAJBgNVBAYTAlVHMQ8wDQYDVQQH EwZUcm9waWMxDzANBgNVBAoTBlV0b3BpYTETMBEGA1UECxMKUmVsYXhhdGlvbjEU MBIGA1UEAxMLdGhlIHJvb3QgQ0GCAgF2MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG -9w0BAQQFAAOBgQAyO2etELCgbII5yTD7w2Mg/2YROBNYOja07PhVn8QFNASd8V5q -lXF5n01CbKe68uD+zEJ+hUlWlFwv5Vsn/1IWG6b1T56IZ5ZtsHEHc9IINaCL9V+m -nY/uIElPATkX5nZKQ5zNnIczwlusi/kkS2sfCO+Z4xoWHw8a9BqWkVxp0A== +9w0BAQQFAAOBgQCqbBTNHlMLRX1OT3hNou8gppfp3YvKCb0ceqwC58hEr2mkzd6w +NLX0utfIj6sniOlIgNmGiO5tuMUIoNW9rc1xQHh6X6pGAqzCoAcPXfvU7wETDJZ3 +fbqJjRHUBODywZNc7jFwZ1d5KwO/ci6LPcmTIr0gKsBBMLgBmk8xDVj0iA== -----END CERTIFICATE----- diff --git a/test/subsubca-ca/subsubca.p12 b/test/subsubca-ca/subsubca.p12 index becb15b..0bb3f20 100644 Binary files a/test/subsubca-ca/subsubca.p12 and b/test/subsubca-ca/subsubca.p12 differ diff --git a/test/subsubca-ca/subsubca.priv b/test/subsubca-ca/subsubca.priv index 352bd04..9786f83 100644 --- a/test/subsubca-ca/subsubca.priv +++ b/test/subsubca-ca/subsubca.priv @@ -1,15 +1,16 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXQIBAAKBgQC54r6J99TqsZAqE8MYWfoFzVJzCRh9qKGFLMJLWPjC/S0gl9Df -Ob4VeyZyoUvMYgMMK5t90fCkZjbUSIvKYXNhs8OeClpU1UOtiCoPhUHw1gmN1Jry -EE5B2NKIzQd46mBnKOFPnj0ki2Qx/dPTTLvIQkkVafYGFABtt98dwkSIfQIDAQAB -AoGACLRqkdFuQhNQmffU8gX8pFrqGoL5h6Dm93KSIq8m7xKmE1moqVtt4FmlAkc1 -YnvQgrhkDq9PIpO6y5QeH7sSiRNAWO8iMSuGlsGCv5BqWz6T7qcSSM0k7r7VVdtC -J0xvuTeJJx5zuAHPlBb5gW+B7m9BMBXhkwCZk99EbTBOhmECQQDsDznUQbljz0Ny -klbzbtWppG6JLXmUr6VssRcvMgFVJHrch1+L/zMPS1w+ZERu0orTAGaswiJ5zCgj -+7Luj8BlAkEAyZaDc6VNeVDbL74rQFXDF8bdeuVZKqVgd3fjLY6EoT50U36AlCHg -rJh3xs9eEW5KmUXmyb5Ir8KfGD4icffKOQJBAJMWma4Mlfv/NcO6M7vToAbokoef -claXa7hiUFP0EKiA5p1rLLoK9kHdb0jhKVL0ldQMN+4FuX2zHH/vYfsMT5ECQDgV -aOLutVwwE5r3xF60vX9K82lyj1kfA3SZZRnSkbGuh3yHMEyGFFTQYlpsbNZaoeR8 -nxW3m89STSLYforIjnkCQQDh36p1GeYIVQJ4j6xveOPIG/wb4bj0FqymhsDldtxi -zl6IPPGlzlKyNYp+PLFjJ87FXoPWXa/xYWNZlE8yF2nD ------END RSA PRIVATE KEY----- +-----BEGIN PRIVATE KEY----- +MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAMHx4iAEC9zZrcLX ++uZw828UDWZK7cNmuRqD9nNnRgvp9RHuJiuk5HeSceCiGna6o5MthAVxzyz/MplJ +Xa7Vn7DT0n9QIboLQNRrqNa6qQq8fdkovEV6UNP7QarqwHaolujEi/xux4g3wi9J +umH9l/eRxio1HDqLOcEpl24boVv7AgMBAAECgYEAjvk64rE48YmDYCUKMIFJ5DQb +ILLSDn+Wq6Zms3KJn9TMNniiqP/48PEDhD7cVXSHi8M9FSpuOVS0P25nYrDW9CJA +hAmB9FqD/eier8PFOlP65aVSKAkbNqu44KuyDg5q3gcQ27XmCcDMoOmxBMpecOPl +OhFGOXKXdMpO/3nTgcECQQDszJk3sQHn/xP3orrK1iN2R5UusIBbavm0QO5qlT2Z +XM/cHY9fFFVNYJYXB5ZNI8qt+mE/+I5dFfhQE7s4nMthAkEA0au6WT6T4YdoRIW+ +fuVxfeq3rgUmYjvDUW2PhCpjEi3DwcLuojp/8zkPGXoBjfvoVRloMv2PVwaTXs0V +Lhtg2wJBAMc6oJJln6f0SXVo+WWc4vsp4M8GewfvKiXJF46e/9OfbdbRHAYv0lEm +uUCpBoDiYy0bYmTzF7wjtuaQo01PRiECQCJlOIGxaVMDApDTG+f3PcH5Qj6S67QL +t8Pg5D07MttllIpxrvIABMNipd55DE49d+SV8WkD/YK6Omy/2eyhYycCQQCTulrt +U14yo/PXUmyJ8rb1W+H3kwhvMgcMp5Zhm5UPv9bJJGU7YNna3q4elpdDDn8SAYg1 +Yhu8jPTGwwMOP/4w +-----END PRIVATE KEY----- diff --git a/test/subsubca-ca/subsubca.req b/test/subsubca-ca/subsubca.req index 6d02083..786d3ae 100644 --- a/test/subsubca-ca/subsubca.req +++ b/test/subsubca-ca/subsubca.req @@ -1,11 +1,11 @@ -----BEGIN CERTIFICATE REQUEST----- MIIBnjCCAQcCAQAwXjELMAkGA1UEBhMCVUcxDzANBgNVBAcTBlRyb3BpYzEPMA0G A1UEChMGVXRvcGlhMRMwEQYDVQQLEwpSZWxheGF0aW9uMRgwFgYDVQQDEw90aGUg -c3Vic3ViY2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALnivon31Oqx -kCoTwxhZ+gXNUnMJGH2ooYUswktY+ML9LSCX0N85vhV7JnKhS8xiAwwrm33R8KRm -NtRIi8phc2Gzw54KWlTVQ62IKg+FQfDWCY3UmvIQTkHY0ojNB3jqYGco4U+ePSSL -ZDH909NMu8hCSRVp9gYUAG233x3CRIh9AgMBAAGgADANBgkqhkiG9w0BAQUFAAOB -gQBN3GWZgt/lPxp6arW8azlqgMwrFqay++JhWLzJZHSCIbJYQweYlf3hD69ykfYP -xxqG5+K9T81dJqHSEWgvXysK8yJAIcFUigV2Fdd6ggwUKvRLzBe6rS7b0imV32mP -BF/IVWQXScyQWCpp15ktKXdUY6QkygYeeMnf4Scf2tTlgg== +c3Vic3ViY2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMHx4iAEC9zZ +rcLX+uZw828UDWZK7cNmuRqD9nNnRgvp9RHuJiuk5HeSceCiGna6o5MthAVxzyz/ +MplJXa7Vn7DT0n9QIboLQNRrqNa6qQq8fdkovEV6UNP7QarqwHaolujEi/xux4g3 +wi9JumH9l/eRxio1HDqLOcEpl24boVv7AgMBAAGgADANBgkqhkiG9w0BAQUFAAOB +gQClUJ+/IyD3EjF9mrNduam2Mo018QJIto5xw3GEFABSQDINVVZQjX2hz7bMLnGq ++GfhX8YIaLpAeLLPii0iHrg3khUwH360Kxo45oFAJUAVhGljZztAHmRc+x1RwYxN +m4sRhMKAdL26QwTQuMZzxlSDSJHS5UAc+1B0nVyVqx+GUQ== -----END CERTIFICATE REQUEST----- diff --git a/test/trusted-ca/req_conf.cnf b/test/trusted-ca/req_conf.cnf index 8e7c6f7..eca36f3 100644 --- a/test/trusted-ca/req_conf.cnf +++ b/test/trusted-ca/req_conf.cnf @@ -59,6 +59,8 @@ basicConstraints = CA:TRUE [ ca_server ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # This is OK for an SSL server. nsCertType = server nsComment = "OpenSSL Generated Server Certificate" @@ -66,35 +68,45 @@ nsComment = "OpenSSL Generated Server Certificate" # nsCertType = objsign [ ca_altname ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # This is OK for an SSL server. nsCertType = server nsComment = "OpenSSL Generated Server Certificate" subjectAltName = DNS:*.hoo.org,DNS:joo.haa.org,IP:123.124.220.1,DNS:g*a.e*.com [ ca_altname2 ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # This is OK for an SSL server. nsCertType = server nsComment = "OpenSSL Generated Server Certificate" subjectAltName = $ENV::DNS_HOSTNAME [ ca_altname3 ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # This is OK for an SSL server. nsCertType = server nsComment = "OpenSSL Generated Server Certificate" subjectAltName = email:john.doe@foo.bar [ ca_client ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # For normal client use this is typical nsCertType = client, email nsComment = "OpenSSL Generated Client Certificate" [ ca_clientserver ] +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment # For normal client use this is typical nsCertType = server, client, email nsComment = "OpenSSL Generated Client Server Certificate" [ ca_fclient ] -# This is typical in keyUsage for a client certificate. +# Test cert without flags. basicConstraints = CA:false keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment nsComment = "OpenSSL Generated Client Certificate with key usage" diff --git a/test/trusted-ca/trusted.cert b/test/trusted-ca/trusted.cert index 91b88d0..632117b 100644 --- a/test/trusted-ca/trusted.cert +++ b/test/trusted-ca/trusted.cert @@ -1,19 +1,19 @@ -----BEGIN CERTIFICATE----- -MIIDCzCCAnSgAwIBAgIJAJuFJ8UKay74MA0GCSqGSIb3DQEBBQUAMF0xCzAJBgNV +MIIDCzCCAnSgAwIBAgIJALpkA0P4MdBQMA0GCSqGSIb3DQEBBQUAMF0xCzAJBgNV BAYTAlVHMQ8wDQYDVQQHEwZUcm9waWMxDzANBgNVBAoTBlV0b3BpYTETMBEGA1UE -CxMKUmVsYXhhdGlvbjEXMBUGA1UEAxMOdGhlIHRydXN0ZWQgQ0EwHhcNMTAxMjE2 -MTcyMzA5WhcNMzgwNTAzMTcyMzA5WjBdMQswCQYDVQQGEwJVRzEPMA0GA1UEBxMG +CxMKUmVsYXhhdGlvbjEXMBUGA1UEAxMOdGhlIHRydXN0ZWQgQ0EwHhcNMTIwMTMw +MTIxODQ5WhcNMjUxMDA4MTIxODQ5WjBdMQswCQYDVQQGEwJVRzEPMA0GA1UEBxMG VHJvcGljMQ8wDQYDVQQKEwZVdG9waWExEzARBgNVBAsTClJlbGF4YXRpb24xFzAV BgNVBAMTDnRoZSB0cnVzdGVkIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB -gQDZdPzKqIcYF1MYCcE/VZ63Pz8xJB8NcsLDK/VkWKGVGx6PTnanJ7I9k46ruTkb -i362cmIj70qDNZzVlkaPJJ9ncwedhDvxcxofSVzqetI38RsHYBeLFm011W7wsVl3 -FeMbRRBUkcHSULSNU09lxvzSj3sbTqN8BiQWwKsfmCFH8QIDAQABo4HSMIHPMAwG -A1UdEwQFMAMBAf8wHQYDVR0OBBYEFJO6Gw2Fwc+luvR2I+eCL4VngvNpMIGPBgNV -HSMEgYcwgYSAFJO6Gw2Fwc+luvR2I+eCL4VngvNpoWGkXzBdMQswCQYDVQQGEwJV +gQCv4kT+pYDDFXUfbQOMoJ0AZ4h1Bo9z0zSKHhlhVS747qvlgU1oCV6Bnh9RMfWR +kUvvW8lvwDlPiMcQw/DYYTOnQvXXqiuSBr01tEVH7YNVC4mbEYFSIwmjgEW+ol6Z +uIk+9G5SC2MKVN9X5PZjtHIcvLDzopDHW7yEke9jOCyK4wIDAQABo4HSMIHPMAwG +A1UdEwQFMAMBAf8wHQYDVR0OBBYEFGePn60nINcTy7n5GqHFPJ1FtkpMMIGPBgNV +HSMEgYcwgYSAFGePn60nINcTy7n5GqHFPJ1FtkpMoWGkXzBdMQswCQYDVQQGEwJV RzEPMA0GA1UEBxMGVHJvcGljMQ8wDQYDVQQKEwZVdG9waWExEzARBgNVBAsTClJl -bGF4YXRpb24xFzAVBgNVBAMTDnRoZSB0cnVzdGVkIENBggkAm4UnxQprLvgwDgYD -VR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4GBANBi+lIoIhlKOLs1Wbxfu+Mv -0vxde/ZIWjJ6KTTfXpvhshimKPwVfv+kppJA6wdVtVe7Zx5Jwc9Wt/p6lWD6htoI -8p6k9GCk2sT5DcVlErxi1hIwps+RbkuJVPpwQZFpCdpKyOTcfJvhXlbO27ZI6Qyw -dfTq0+pVfIgUoBVG9Rw/ +bGF4YXRpb24xFzAVBgNVBAMTDnRoZSB0cnVzdGVkIENBggkAumQDQ/gx0FAwDgYD +VR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4GBAJpcvcizPwtuF5GERvEQPVlh +sCfrsPXn+e01qAevpIIIRFvWu1W6dC5pRzRyU7QFGPhmgr2kiT4wxZMVAJ5Vpxpz +/nnTiXSQhSMaWclQ7F+mWtrXVkOgdxziILuzNwrvUo+5beGTlxItkcEK2AuAncl1 +88GVBuPADpITbGmca9j0 -----END CERTIFICATE----- diff --git a/test/trusted-ca/trusted.p12 b/test/trusted-ca/trusted.p12 index 62a90c3..4427ebc 100644 Binary files a/test/trusted-ca/trusted.p12 and b/test/trusted-ca/trusted.p12 differ diff --git a/test/trusted-ca/trusted.priv b/test/trusted-ca/trusted.priv index 02ced14..32866cf 100644 --- a/test/trusted-ca/trusted.priv +++ b/test/trusted-ca/trusted.priv @@ -1,15 +1,16 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQDZdPzKqIcYF1MYCcE/VZ63Pz8xJB8NcsLDK/VkWKGVGx6PTnan -J7I9k46ruTkbi362cmIj70qDNZzVlkaPJJ9ncwedhDvxcxofSVzqetI38RsHYBeL -Fm011W7wsVl3FeMbRRBUkcHSULSNU09lxvzSj3sbTqN8BiQWwKsfmCFH8QIDAQAB -AoGBAMDwj6qwRM0XRN67KP8s1Jn6P/M1/WdNP4kz45KZISTO3xp/n79H9Vm1Jo0u -1oCeEFuIuZLwqcgpNXI813YCJHteXrTx12B5iMroBQ2hmm2plgkcok2dS3NQDnGc -3LeiWaljgLJV+MFA/5cRdP39jFo84gJvsf2XbSkbDPzeTmsRAkEA7S+VjWG8Xxol -65B1nozOaXMoKW1hVFxKHb5bF9p2cmkRLXv9ILnhQohwvPx0XQUuejuNicrB9Mzm -M6XYQk5z1wJBAOq0x0eKgsU9yLktqGBUfWTpfk9tYVr4mS43b6uSUZjRGwcs1o7d -5Ew+oyj204kpkSECxCjRabS73XJ9ihBEKXcCQB+NKunJzJMiGVVCvELBHFwus3L/ -V+ku9bULM3by2rrRezV/vuZxk6OUHtslAh21qL8d2PAxhqeX8i+Aqkn3wbUCQHAv -5SlfHc7mD3HkTx1shVuc+FFC+UwglCexO+GI2RPwr7ioSA6WJbAEKL1F7iscAVEE -H3tbTemj+t/k/f90dVUCQH+ns8UJYRLIhuEW0vF5D1LYNFEtAMly96iCRUChciAF -lV8ve1NcgfvujhQPLC5Sj8pNj/omVwUCFNZNaiQf/9o= ------END RSA PRIVATE KEY----- +-----BEGIN PRIVATE KEY----- +MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBAK/iRP6lgMMVdR9t +A4ygnQBniHUGj3PTNIoeGWFVLvjuq+WBTWgJXoGeH1Ex9ZGRS+9byW/AOU+IxxDD +8NhhM6dC9deqK5IGvTW0RUftg1ULiZsRgVIjCaOARb6iXpm4iT70blILYwpU31fk +9mO0chy8sPOikMdbvISR72M4LIrjAgMBAAECgYARBo43OD4mpEUaLatSSZnpGByV +d3UbeS500EUUrvJFFpV9Oe8MSxvi4DOX4IYs+Suol/H/51Ok51CdxtnhmEcvmKLX +nxnFU+zZIflAThg5IvUIC0GxNq7NNr4omOSciaLwVN8JVxjQD5H7mSajVjXxMeGT +TbyX7dmblQl4qfoVQQJBAN6aHif09z0YEAy2GLxQm+6eFw9k8H32iHn5cg94N9ma ++EYNdsws/qDX9Xes7I3B80n93U9uwPIUklS4xa9/Ru0CQQDKRcMdb5DfgmaW/8Ia +lD9Hm1WChmkN/fb3ooUbPp38pto4QAAfz2vjuXSzkpDIDIOF9Q6azdyrc0SdNg// +XY8PAkA8rvMNnYBRDWBCttmjbK41rK9IqRHOpQirh88KXJGNJuwL3NvH6XQ40ObA +C0opkvgJ8cUFRIIg/G6v3fc2UpI5AkBo3Cedf/Pz2w9CIo7G5qmzfpSi2PlnVoyM +rkUg7aJLk1g3pv4pf4doBAG7AjVqcApTDMqoeCZ4/4XHlnpOoXsDAkBuLWSWMpqS +wX5nmC4bXOUJqOPDgDt3o6QISK9J85tUwb4EmYoFY0VtSyRe5tyWSdxLhc7uCfUZ +eCZueq5lS7YC +-----END PRIVATE KEY-----