Imported Upstream version 3.13.0+dfsg

This commit is contained in:
Mario Fetka 2018-02-19 12:29:49 +01:00
parent 1893aafd38
commit e07619e148
472 changed files with 168552 additions and 31827 deletions

View File

@ -66,7 +66,7 @@
</toolChain> </toolChain>
</folderInfo> </folderInfo>
<sourceEntries> <sourceEntries>
<entry excluding="wolfcrypt/src/misc.c|IDE/LPCXPRESSO/wolf_example|tirtos|testsuite|tests|swig|support|sslSniffer|scripts|rpm|mqx|mplabx|mcapi|m4|IDE/WORKBENCH|IDE/WIN|IDE/ROWLEY-CROSSWORKS-ARM|IDE/MYSQL|IDE/MDK-ARM|IDE/MDK5-ARM|IDE/LPCXPRESSO/wolf_demo|IDE/LPCXPRESSO/lpc_chip_18xx|IDE/LPCXPRESSO/lpc_board_nxp_lpcxpresso_1837|IDE/iOS|IDE/IAR-EWARM|examples|Debug|certs|build-aux|Backup|autom4te.cache|wolfcrypt/src/aes_asm.s|wolfcrypt/src/aes_asm.asm|wolfcrypt/user-crypto" flags="VALUE_WORKSPACE_PATH|RESOLVED" kind="sourcePath" name=""/> <entry excluding="src/bio.c|wolfcrypt/src/evp.c|wolfcrypt/src/misc.c|IDE/LPCXPRESSO/wolf_example|tirtos|testsuite|tests|swig|support|sslSniffer|scripts|rpm|mqx|mplabx|mcapi|m4|IDE/WORKBENCH|IDE/WIN|IDE/ROWLEY-CROSSWORKS-ARM|IDE/MYSQL|IDE/MDK-ARM|IDE/MDK5-ARM|IDE/LPCXPRESSO/wolf_demo|IDE/LPCXPRESSO/lpc_chip_18xx|IDE/LPCXPRESSO/lpc_board_nxp_lpcxpresso_1837|IDE/iOS|IDE/IAR-EWARM|examples|Debug|certs|build-aux|Backup|autom4te.cache|wolfcrypt/src/aes_asm.s|wolfcrypt/src/aes_asm.asm|wolfcrypt/user-crypto" flags="VALUE_WORKSPACE_PATH|RESOLVED" kind="sourcePath" name=""/>
</sourceEntries> </sourceEntries>
</configuration> </configuration>
</storageModule> </storageModule>

48
.gitignore vendored
View File

@ -9,7 +9,8 @@ ctaocrypt/src/src/
*.cache *.cache
.dirstamp .dirstamp
*.user *.user
config* configure
config.*
*Debug/ *Debug/
*Release/ *Release/
*.ncb *.ncb
@ -44,10 +45,17 @@ src/async.c
wolfssl/async.h wolfssl/async.h
wolfcrypt/src/async.c wolfcrypt/src/async.c
wolfssl/wolfcrypt/async.h wolfssl/wolfcrypt/async.h
wolfcrypt/src/port/intel/quickassist.c
wolfcrypt/src/port/intel/quickassist_mem.c
wolfcrypt/src/port/cavium/cavium_nitrox.c
wolfssl/wolfcrypt/port/intel/quickassist.h
wolfssl/wolfcrypt/port/intel/quickassist_mem.h
wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h
ctaocrypt/benchmark/benchmark ctaocrypt/benchmark/benchmark
ctaocrypt/test/testctaocrypt ctaocrypt/test/testctaocrypt
wolfcrypt/benchmark/benchmark wolfcrypt/benchmark/benchmark
wolfcrypt/test/testwolfcrypt wolfcrypt/test/testwolfcrypt
examples/benchmark/tls-bench
examples/client/client examples/client/client
examples/echoclient/echoclient examples/echoclient/echoclient
examples/echoserver/echoserver examples/echoserver/echoserver
@ -74,18 +82,32 @@ certecc.der
certecc.pem certecc.pem
othercert.der othercert.der
othercert.pem othercert.pem
certeccrsa.der
certeccrsa.pem
ntru-cert.der ntru-cert.der
ntru-cert.pem ntru-cert.pem
ntru-key.raw ntru-key.raw
key.der key.der
key.pem key.pem
ecc-public-key.der ecc-public-key.der
ecc-key-pkcs8.der
ecc-key.der ecc-key.der
ecc-key.pem ecc-key.pem
certreq.der certreq.der
certreq.pem certreq.pem
pkcs7cert.der pkcs7cert.der
pkcs7signedData.der pkcs7signedData_RSA_SHA.der
pkcs7signedData_RSA_SHA_noattr.der
pkcs7signedData_RSA_SHA224.der
pkcs7signedData_RSA_SHA256.der
pkcs7signedData_RSA_SHA384.der
pkcs7signedData_RSA_SHA512.der
pkcs7signedData_ECDSA_SHA.der
pkcs7signedData_ECDSA_SHA_noattr.der
pkcs7signedData_ECDSA_SHA224.der
pkcs7signedData_ECDSA_SHA256.der
pkcs7signedData_ECDSA_SHA384.der
pkcs7signedData_ECDSA_SHA512.der
pkcs7envelopedDataDES3.der pkcs7envelopedDataDES3.der
pkcs7envelopedDataAES128CBC.der pkcs7envelopedDataAES128CBC.der
pkcs7envelopedDataAES192CBC.der pkcs7envelopedDataAES192CBC.der
@ -110,6 +132,7 @@ autoscan.log
TAGS TAGS
.DS_Store .DS_Store
support/cyassl.pc support/cyassl.pc
support/wolfssl.pc
cyassl/ctaocrypt/stamp-h1 cyassl/ctaocrypt/stamp-h1
swig/_cyassl.so swig/_cyassl.so
swig/_wolfssl.so swig/_wolfssl.so
@ -150,6 +173,12 @@ mplabx/wolfcrypt_test.X/nbproject/Makefile-*
mplabx/wolfcrypt_test.X/nbproject/Package-default.bash mplabx/wolfcrypt_test.X/nbproject/Package-default.bash
mplabx/wolfssl.X/nbproject/Makefile-* mplabx/wolfssl.X/nbproject/Makefile-*
mplabx/wolfssl.X/nbproject/Package-default.bash mplabx/wolfssl.X/nbproject/Package-default.bash
mplabx/wolfssl.X/nbproject/private
mplabx/wolfcrypt_test.X/nbproject/private
mplabx/wolfcrypt_benchmark.X/nbproject/private
mplabx/wolfssl.X/dist/default/
mplabx/wolfcrypt_test.X/dist/default/
mplabx/wolfcrypt_benchmark.X/dist/default/
*.dSYM *.dSYM
# Vagrant folder # Vagrant folder
@ -190,3 +219,18 @@ wrapper/CSharp/x64/
# Visual Studio Code Workspace Files # Visual Studio Code Workspace Files
*.vscode *.vscode
*.userprefs
IDE/INTIME-RTOS/Debug_*
IDE/VS-ARM/.vs
# Hexiwear
IDE/HEXIWEAR/wolfSSL_HW/Debug
# Linux-SGX
IDE/LINUX-SGX/*.a
# Binaries
wolfcrypt/src/port/intel/qat_test
/mplabx/wolfssl.X/dist/default/
/mplabx/wolfcrypt_test.X/dist/default/

View File

@ -49,7 +49,12 @@
library for compatibility with the Arduino IDE. There is a README.md in library for compatibility with the Arduino IDE. There is a README.md in
IDE/ARDUINO for detailed instructions. IDE/ARDUINO for detailed instructions.
10. Porting to a new platform 10. Building for Android with Visual Studio 2017
Please see the README in IDE/VS-ARM.
Use the Visual Studio solution IDE/VS-ARM/wolfssl.sln.
11. Porting to a new platform
Please see section 2.4 in the manual: Please see section 2.4 in the manual:
http://www.wolfssl.com/yaSSL/Docs-cyassl-manual-2-building-cyassl.html http://www.wolfssl.com/yaSSL/Docs-cyassl-manual-2-building-cyassl.html

View File

@ -33,6 +33,7 @@ CLEANFILES+= cert.der \
key.der \ key.der \
key.pem \ key.pem \
ntru-cert.der \ ntru-cert.der \
ecc-key-pkcs8.der \
ntru-cert.pem \ ntru-cert.pem \
ntru-key.raw \ ntru-key.raw \
othercert.der \ othercert.der \
@ -54,7 +55,18 @@ CLEANFILES+= cert.der \
pkcs7envelopedDataAES128CBC.der \ pkcs7envelopedDataAES128CBC.der \
pkcs7envelopedDataAES192CBC.der \ pkcs7envelopedDataAES192CBC.der \
pkcs7envelopedDataAES256CBC.der \ pkcs7envelopedDataAES256CBC.der \
pkcs7signedData.der pkcs7signedData_RSA_SHA.der \
pkcs7signedData_RSA_SHA_noattr.der \
pkcs7signedData_RSA_SHA224.der \
pkcs7signedData_RSA_SHA256.der \
pkcs7signedData_RSA_SHA384.der \
pkcs7signedData_RSA_SHA512.der \
pkcs7signedData_ECDSA_SHA.der \
pkcs7signedData_ECDSA_SHA_noattr.der \
pkcs7signedData_ECDSA_SHA224.der \
pkcs7signedData_ECDSA_SHA256.der \
pkcs7signedData_ECDSA_SHA384.der \
pkcs7signedData_ECDSA_SHA512.der
exampledir = $(docdir)/example exampledir = $(docdir)/example
dist_example_DATA= dist_example_DATA=

250
README
View File

@ -16,7 +16,7 @@ versions of TLS. They also lower your security by removing PFS. Since current
NTRU suites available do not use ephemeral keys, WOLFSSL_STATIC_RSA needs to be NTRU suites available do not use ephemeral keys, WOLFSSL_STATIC_RSA needs to be
used in order to build with NTRU suites. used in order to build with NTRU suites.
When compiling ssl.c wolfSSL will now issue a compiler error if no cipher suites When compiling ssl.c, wolfSSL will now issue a compiler error if no cipher suites
are available. You can remove this error by defining WOLFSSL_ALLOW_NO_SUITES are available. You can remove this error by defining WOLFSSL_ALLOW_NO_SUITES
in the event that you desire that, i.e., you're not using TLS cipher suites. in the event that you desire that, i.e., you're not using TLS cipher suites.
@ -34,6 +34,254 @@ before calling wolfSSL_new(); Though it's not recommended.
*** end Notes *** *** end Notes ***
********* wolfSSL (Formerly CyaSSL) Release 3.13.0 (12/21/2017)
wolfSSL 3.13.0 includes bug fixes and new features, including support for
TLS 1.3 Draft 21, performance and footprint optimizations, build fixes,
updated examples and project files, and one vulnerability fix. The full list
of changes and additions in this release include:
- Fixes for TLS 1.3, support for Draft 21
- TLS 1.0 disabled by default, addition of “--enable-tls10” configure option
- New option to reduce SHA-256 code size at expense of performance
(USE_SLOW_SHA256)
- New option for memory reduced build (--enable-lowresource)
- AES-GCM performance improvements on AVX1 (IvyBridge) and AVX2
- SHA-256 and SHA-512 performance improvements using AVX1/2 ASM
- SHA-3 size and performance optimizations
- Fixes for Intel AVX2 builds on Mac/OSX
- Intel assembly for Curve25519, and Ed25519 performance optimizations
- New option to force 32-bit mode with “--enable-32bit”
- New option to disable all inline assembly with “--disable-asm”
- Ability to override maximum signature algorithms using WOLFSSL_MAX_SIGALGO
- Fixes for handling of unsupported TLS extensions.
- Fixes for compiling AES-GCM code with GCC 4.8.*
- Allow adjusting static I/O buffer size with WOLFMEM_IO_SZ
- Fixes for building without a filesystem
- Removes 3DES and SHA1 dependencies from PKCS#7
- Adds ability to disable PKCS#7 EncryptedData type (NO_PKCS7_ENCRYPTED_DATA)
- Add ability to get client-side SNI
- Expanded OpenSSL compatibility layer
- Fix for logging file names with OpenSSL compatibility layer enabled, with
WOLFSSL_MAX_ERROR_SZ user-overridable
- Adds static memory support to the wolfSSL example client
- Fixes for sniffer to use TLS 1.2 client method
- Adds option to wolfCrypt benchmark to benchmark individual algorithms
- Adds option to wolfCrypt benchmark to display benchmarks in powers
of 10 (-base10)
- Updated Visual Studio for ARM builds (for ECC supported curves and SHA-384)
- Updated Texas Instruments TI-RTOS build
- Updated STM32 CubeMX build with fixes for SHA
- Updated IAR EWARM project files
- Updated Apple Xcode projects with the addition of a benchmark example project
This release of wolfSSL fixes 1 security vulnerability.
wolfSSL is cited in the recent ROBOT Attack by Böck, Somorovsky, and Young.
The paper notes that wolfSSL only gives a weak oracle without a practical
attack but this is still a flaw. This release contains a fix for this report.
Please note that wolfSSL has static RSA cipher suites disabled by default as
of version 3.6.6 because of the lack of perfect forward secrecy. Only users
who have explicitly enabled static RSA cipher suites with WOLFSSL_STATIC_RSA
and use those suites on a host are affected. More information will be
available on our website at:
https://wolfssl.com/wolfSSL/security/vulnerabilities.php
See INSTALL file for build instructions.
More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html
********* wolfSSL (Formerly CyaSSL) Release 3.12.2 (10/23/2017)
Release 3.12.2 of wolfSSL has bug fixes and new features including:
This release includes many performance improvements with Intel ASM (AVX/AVX2) and AES-NI. New single precision math option to speedup RSA, DH and ECC. Embedded hardware support has been expanded for STM32, PIC32MZ and ATECC508A. AES now supports XTS mode for disk encryption. Certificate improvements for setting serial number, key usage and extended key usage. Refactor of SSL_ and hash types to allow openssl coexistence. Improvements for TLS 1.3. Fixes for OCSP stapling to allow disable and WOLFSSL specific user context for callbacks. Fixes for openssl and MySQL compatibility. Updated Micrium port. Fixes for asynchronous modes.
- Added TLS extension for Supported Point Formats (ec_point_formats)
- Fix to not send OCSP stapling extensions in client_hello when not enabled
- Added new API's for disabling OCSP stapling
- Add check for SIZEOF_LONG with sun and LP64
- Fixes for various TLS 1.3 disable options (RSA, ECC and ED/Curve 25519).
- Fix to disallow upgrading to TLS v1.3
- Fixes for wolfSSL_EVP_CipherFinal() when message size is a round multiple of a block size.
- Add HMAC benchmark and expanded AES key size benchmarks
- Added simple GCC ARM Makefile example
- Add tests for 3072-bit RSA and DH.
- Fixed DRAFT_18 define and fixed downgrading with TLS v1.3
- Fixes to allow custom serial number during certificate generation
- Add method to get WOLFSSL_CTX certificate manager
- Improvement to `wolfSSL_SetOCSP_Cb` to allow context per WOLFSSL object
- Alternate certificate chain support `WOLFSSL_ALT_CERT_CHAINS`. Enables checking cert against multiple CA's.
- Added new `--disable-oldnames` option to allow for using openssl along-side wolfssl headers (without OPENSSL_EXTRA).
- Refactor SSL_ and hashing types to use wolf specific prefix (WOLFSSL and WC_) to allow openssl coexistence.
- Fixes for HAVE_INTEL_MULX
- Cleanup include paths for MySQL cmake build
- Added configure option for building library for wolfSSH (--enable-wolfssh)
- Openssl compatibility layer improvements
- Expanded API unit tests
- Fixes for STM32 crypto hardware acceleration
- Added AES XTS mode (--enable-xts)
- Added ASN Extended Key Usage Support (see wc_SetExtKeyUsage).
- Math updates and added TFM_MIPS speedup.
- Fix for creation of the KeyUsage BitString
- Fix for 8k keys with MySQL compatibility
- Fixes for ATECC508A.
- Fixes for PIC32MZ hashing.
- Fixes and improvements to asynchronous modes for Intel QuickAssist and Cavium Nitrox V.
- Update HASH_DRBG Reseed mechanism and add test case
- Rename the file io.h/io.c to wolfio.h/wolfio.c
- Cleanup the wolfIO_Send function.
- OpenSSL Compatibility Additions and Fixes
- Improvements to Visual Studio DLL project/solution.
- Added function to generate public ECC key from private key
- Added async blocking support for sniffer tool.
- Added wolfCrypt hash tests for empty string and large data.
- Added ability to use of wolf implementation of `strtok` using `USE_WOLF_STRTOK`.
- Updated Micrium uC/OS-III Port
- Updated root certs for OCSP scripts
- New Single Precision math option for RSA, DH and ECC (off by default). See `--enable-sp`.
- Speedups for AES GCM with AESNI (--enable-aesni)
- Speedups for SHA2, ChaCha20/Poly1035 using AVX/AVX2
********* wolfSSL (Formerly CyaSSL) Release 3.12.0 (8/04/2017)
Release 3.12.0 of wolfSSL has bug fixes and new features including:
- TLS 1.3 with Nginx! TLS 1.3 with ARMv8! TLS 1.3 with Async Crypto! (--enable-tls13)
- TLS 1.3 0RTT feature added
- Added port for using Intel SGX with Linux
- Update and fix PIC32MZ port
- Additional unit testing for MD5, SHA, SHA224, SHA256, SHA384, SHA512, RipeMd, HMAC, 3DES, IDEA, ChaCha20, ChaCha20Poly1305 AEAD, Camellia, Rabbit, ARC4, AES, RSA, Hc128
- AVX and AVX2 assembly for improved ChaCha20 performance
- Intel QAT fixes for when using --disable-fastmath
- Update how DTLS handles decryption and MAC failures
- Update DTLS session export version number for --enable-sessionexport feature
- Add additional input argument sanity checks to ARMv8 assembly port
- Fix for making PKCS12 dynamic types match
- Fixes for potential memory leaks when using --enable-fast-rsa
- Fix for when using custom ECC curves and add BRAINPOOLP256R1 test
- Update TI-RTOS port for dependency on new wolfSSL source files
- DTLS multicast feature added, --enable-mcast
- Fix for Async crypto with GCC 7.1 and HMAC when not using Intel QuickAssist
- Improvements and enhancements to Intel QuickAssist support
- Added Xilinx port
- Added SHA3 Keccak feature, --enable-sha3
- Expand wolfSSL Python wrapper to now include a client side implementation
- Adjust example servers to not treat a peer closed error as a hard error
- Added more sanity checks to fp_read_unsigned_bin function
- Add SHA224 and AES key wrap to ARMv8 port
- Update MQX classics and mmCAU ports
- Fix for potential buffer over read with wolfSSL_CertPemToDer
- Add PKCS7/CMS decode support for KARI with IssuerAndSerialNumber
- Fix ThreadX/NetX warning
- Fixes for OCSP and CRL non blocking sockets and for incomplete cert chain with OCSP
- Added RSA PSS sign and verify
- Fix for STM32F4 AES-GCM
- Added enable all feature (--enable-all)
- Added trackmemory feature (--enable-trackmemory)
- Fixes for AES key wrap and PKCS7 on Windows VS
- Added benchmark block size argument
- Support use of staticmemory with PKCS7
- Fix for Blake2b build with GCC 5.4
- Fixes for compiling wolfSSL with GCC version 7, most dealing with switch statement fall through warnings.
- Added warning when compiling without hardened math operations
Note:
There is a known issue with using ChaCha20 AVX assembly on versions of GCC earlier than 5.2. This is encountered with using the wolfSSL enable options --enable-intelasm and --enable-chacha. To avoid this issue ChaCha20 can be enabled with --enable-chacha=noasm.
If using --enable-intelasm and also using --enable-sha224 or --enable-sha256 there is a known issue with trying to use -fsanitize=address.
This release of wolfSSL fixes 1 low level security vulnerability.
Low level fix for a potential DoS attack on a wolfSSL client. Previously a client would accept many warning alert messages without a limit. This fix puts a limit to the number of warning alert messages received and if this limit is reached a fatal error ALERT_COUNT_E is returned. The max number of warning alerts by default is set to 5 and can be adjusted with the macro WOLFSSL_ALERT_COUNT_MAX. Thanks for the report from Tarun Yadav and Koustav Sadhukhan from Defence Research and Development Organization, INDIA.
See INSTALL file for build instructions.
More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html
********* wolfSSL (Formerly CyaSSL) Release 3.11.1 (5/11/2017)
Release 3.11.1 of wolfSSL is a TLS 1.3 BETA release, which includes:
- TLS 1.3 client and server support for TLS 1.3 with Draft 18 support
This is strictly a BETA release, and designed for testing and user feedback.
Please send any comments, testing results, or feedback to wolfSSL at
support@wolfssl.com.
See INSTALL file for build instructions.
More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html
********* wolfSSL (Formerly CyaSSL) Release 3.11.0 (5/04/2017)
Release 3.11.0 of wolfSSL has bug fixes and new features including:
- Code updates for warnings reported by Coverity scans
- Testing and warning fixes for FreeBSD on PowerPC
- Updates and refactoring done to ASN1 parsing functions
- Change max PSK identity buffer to account for an identity length of 128 characters
- Update Arduino script to handle recent files and additions
- Added support for PKCS#7 Signed Data with ECDSA
- Fix for interoperability with ChaCha20-Poly1305 suites using older draft versions
- DTLS update to allow multiple handshake messages in one DTLS record. Thanks to Eric Samsel over at Welch Allyn for reporting this bug.
- Intel QuickAssist asynchronous support (PR #715 - https://www.wolfssl.com/wolfSSL/Blog/Entries/2017/1/18_wolfSSL_Asynchronous_Intel_QuickAssist_Support.html)
- Added support for HAproxy load balancer
- Added option to allow SHA1 with TLS 1.2 for IIS compatibility (WOLFSSL_ALLOW_TLS_SHA1)
- Added Curve25519 51-bit Implementation, increasing performance on systems that have 128 bit types
- Fix to not send session ID on server side if session cache is off unless we're echoing
session ID as part of session tickets
- Fixes for ensuring all default ciphers are setup correctly (see PR #830)
- Added NXP Hexiwear example in `IDE/HEXIWEAR`.
- Added wolfSSL_write_dup() to create write only WOLFSSL object for concurrent access
- Fixes for TLS elliptic curve selection on private key import.
- Fixes for RNG with Intel rdrand and rdseed speedups.
- Improved performance with Intel rdrand to use full 64-bit output
- Added new --enable-intelrand option to indicate use of RDRAND preference for RNG source
- Removed RNG ARC4 support
- Added ECC helpers to get size and id from curve name.
- Added ECC Cofactor DH (ECC-CDH) support
- Added ECC private key only import / export functions.
- Added PKCS8 create function
- Improvements to TLS layer CTX handling for switching keys / certs.
- Added check for duplicate certificate policy OID in certificates.
- Normal math speed-up to not allocate on mp_int and defer until mp_grow
- Reduce heap usage with fast math when not using ALT_ECC_SIZE
- Fixes for building CRL with Windows
- Added support for inline CRL lookup when HAVE_CRL_IO is defined
- Added port for tenAsys INtime RTOS
- Improvements to uTKernel port (WOLFSSL_uTKERNEL2)
- Updated WPA Supplicant support
- Added support for Nginx
- Update stunnel port for version 5.40
- Fixes for STM32 hardware crypto acceleration
- Extended test code coverage in bundled test.c
- Added a sanity check for minimum authentication tag size with AES-GCM. Thanks to Yueh-Hsun Lin and Peng Li at KNOX Security at Samsung Research America for suggesting this.
- Added a sanity check that subject key identifier is marked as non-critical and a check that no policy OIDS appear more than once in the cert policies extension. Thanks to the report from Professor Zhenhua Duan, Professor Cong Tian, and Ph.D candidate Chu Chen from Institute of Computing Theory and Technology (ICTT) of Xidian University, China. Profs. Zhenhua Duan and Cong Tian are supervisors of Ph.D candidate Chu Chen.
This release of wolfSSL fixes 5 low and 1 medium level security vulnerability.
3 Low level fixes reported by Yueh-Hsun Lin and Peng Li from KNOX Security, Samsung Research America.
- Fix for out of bounds memory access in wc_DhParamsLoad() when GetLength() returns a zero. Before this fix there is a case where wolfSSL would read out of bounds memory in the function wc_DhParamsLoad.
- Fix for DH key accepted by wc_DhAgree when the key was malformed.
- Fix for a double free case when adding CA cert into X509_store.
Low level fix for memory management with static memory feature enabled. By default static memory is disabled. Thanks to GitHub user hajjihraf for reporting this.
Low level fix for out of bounds write in the function wolfSSL_X509_NAME_get_text_by_NID. This function is not used by TLS or crypto operations but could result in a buffer out of bounds write by one if called explicitly in an application. Discovered by Aleksandar Nikolic of Cisco Talos. http://talosintelligence.com/vulnerability-reports/
Medium level fix for check on certificate signature. There is a case in release versions 3.9.10, 3.10.0 and 3.10.2 where a corrupted signature on a peer certificate would not be properly flagged. Thanks to Wens Lo, James Tsai, Kenny Chang, and Oscar Yang at Castles Technology.
See INSTALL file for build instructions.
More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html
********* wolfSSL (Formerly CyaSSL) Release 3.10.2 (2/10/2017) ********* wolfSSL (Formerly CyaSSL) Release 3.10.2 (2/10/2017)
Release 3.10.2 of wolfSSL has bug fixes and new features including: Release 3.10.2 of wolfSSL has bug fixes and new features including:

249
README.md
View File

@ -18,7 +18,7 @@ NTRU suites available do not use ephemeral keys, WOLFSSL_STATIC_RSA needs to be
used in order to build with NTRU suites. used in order to build with NTRU suites.
When compiling ssl.c wolfSSL will now issue a compiler error if no cipher suites When compiling ssl.c, wolfSSL will now issue a compiler error if no cipher suites
are available. You can remove this error by defining WOLFSSL_ALLOW_NO_SUITES are available. You can remove this error by defining WOLFSSL_ALLOW_NO_SUITES
in the event that you desire that, i.e., you're not using TLS cipher suites. in the event that you desire that, i.e., you're not using TLS cipher suites.
``` ```
@ -38,6 +38,253 @@ wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
before calling wolfSSL_new(); Though it's not recommended. before calling wolfSSL_new(); Though it's not recommended.
``` ```
# wolfSSL (Formerly CyaSSL) Release 3.13.0 (12/21/2017)
wolfSSL 3.13.0 includes bug fixes and new features, including support for
TLS 1.3 Draft 21, performance and footprint optimizations, build fixes,
updated examples and project files, and one vulnerability fix. The full list
of changes and additions in this release include:
* Fixes for TLS 1.3, support for Draft 21
* TLS 1.0 disabled by default, addition of “--enable-tls10” configure option
* New option to reduce SHA-256 code size at expense of performance
(USE_SLOW_SHA256)
* New option for memory reduced build (--enable-lowresource)
* AES-GCM performance improvements on AVX1 (IvyBridge) and AVX2
* SHA-256 and SHA-512 performance improvements using AVX1/2 ASM
* SHA-3 size and performance optimizations
* Fixes for Intel AVX2 builds on Mac/OSX
* Intel assembly for Curve25519, and Ed25519 performance optimizations
* New option to force 32-bit mode with “--enable-32bit”
* New option to disable all inline assembly with “--disable-asm”
* Ability to override maximum signature algorithms using WOLFSSL_MAX_SIGALGO
* Fixes for handling of unsupported TLS extensions.
* Fixes for compiling AES-GCM code with GCC 4.8.*
* Allow adjusting static I/O buffer size with WOLFMEM_IO_SZ
* Fixes for building without a filesystem
* Removes 3DES and SHA1 dependencies from PKCS#7
* Adds ability to disable PKCS#7 EncryptedData type (NO_PKCS7_ENCRYPTED_DATA)
* Add ability to get client-side SNI
* Expanded OpenSSL compatibility layer
* Fix for logging file names with OpenSSL compatibility layer enabled, with
WOLFSSL_MAX_ERROR_SZ user-overridable
* Adds static memory support to the wolfSSL example client
* Fixes for sniffer to use TLS 1.2 client method
* Adds option to wolfCrypt benchmark to benchmark individual algorithms
* Adds option to wolfCrypt benchmark to display benchmarks in powers
of 10 (-base10)
* Updated Visual Studio for ARM builds (for ECC supported curves and SHA-384)
* Updated Texas Instruments TI-RTOS build
* Updated STM32 CubeMX build with fixes for SHA
* Updated IAR EWARM project files
* Updated Apple Xcode projects with the addition of a benchmark example project
This release of wolfSSL fixes 1 security vulnerability.
wolfSSL is cited in the recent ROBOT Attack by Böck, Somorovsky, and Young.
The paper notes that wolfSSL only gives a weak oracle without a practical
attack but this is still a flaw. This release contains a fix for this report.
Please note that wolfSSL has static RSA cipher suites disabled by default as
of version 3.6.6 because of the lack of perfect forward secrecy. Only users
who have explicitly enabled static RSA cipher suites with WOLFSSL_STATIC_RSA
and use those suites on a host are affected. More information will be
available on our website at:
https://wolfssl.com/wolfSSL/security/vulnerabilities.php
See INSTALL file for build instructions.
More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html
# wolfSSL (Formerly CyaSSL) Release 3.12.2 (10/23/2017)
## Release 3.12.2 of wolfSSL has bug fixes and new features including:
This release includes many performance improvements with Intel ASM (AVX/AVX2) and AES-NI. New single precision math option to speedup RSA, DH and ECC. Embedded hardware support has been expanded for STM32, PIC32MZ and ATECC508A. AES now supports XTS mode for disk encryption. Certificate improvements for setting serial number, key usage and extended key usage. Refactor of SSL_ and hash types to allow openssl coexistence. Improvements for TLS 1.3. Fixes for OCSP stapling to allow disable and WOLFSSL specific user context for callbacks. Fixes for openssl and MySQL compatibility. Updated Micrium port. Fixes for asynchronous modes.
* Added TLS extension for Supported Point Formats (ec_point_formats)
* Fix to not send OCSP stapling extensions in client_hello when not enabled
* Added new API's for disabling OCSP stapling
* Add check for SIZEOF_LONG with sun and LP64
* Fixes for various TLS 1.3 disable options (RSA, ECC and ED/Curve 25519).
* Fix to disallow upgrading to TLS v1.3
* Fixes for wolfSSL_EVP_CipherFinal() when message size is a round multiple of a block size.
* Add HMAC benchmark and expanded AES key size benchmarks
* Added simple GCC ARM Makefile example
* Add tests for 3072-bit RSA and DH.
* Fixed DRAFT_18 define and fixed downgrading with TLS v1.3
* Fixes to allow custom serial number during certificate generation
* Add method to get WOLFSSL_CTX certificate manager
* Improvement to `wolfSSL_SetOCSP_Cb` to allow context per WOLFSSL object
* Alternate certificate chain support `WOLFSSL_ALT_CERT_CHAINS`. Enables checking cert against multiple CA's.
* Added new `--disable-oldnames` option to allow for using openssl along-side wolfssl headers (without OPENSSL_EXTRA).
* Refactor SSL_ and hashing types to use wolf specific prefix (WOLFSSL and WC_) to allow openssl coexistence.
* Fixes for HAVE_INTEL_MULX
* Cleanup include paths for MySQL cmake build
* Added configure option for building library for wolfSSH (--enable-wolfssh)
* Openssl compatibility layer improvements
* Expanded API unit tests
* Fixes for STM32 crypto hardware acceleration
* Added AES XTS mode (--enable-xts)
* Added ASN Extended Key Usage Support (see wc_SetExtKeyUsage).
* Math updates and added TFM_MIPS speedup.
* Fix for creation of the KeyUsage BitString
* Fix for 8k keys with MySQL compatibility
* Fixes for ATECC508A.
* Fixes for PIC32MZ hashing.
* Fixes and improvements to asynchronous modes for Intel QuickAssist and Cavium Nitrox V.
* Update HASH_DRBG Reseed mechanism and add test case
* Rename the file io.h/io.c to wolfio.h/wolfio.c
* Cleanup the wolfIO_Send function.
* OpenSSL Compatibility Additions and Fixes
* Improvements to Visual Studio DLL project/solution.
* Added function to generate public ECC key from private key
* Added async blocking support for sniffer tool.
* Added wolfCrypt hash tests for empty string and large data.
* Added ability to use of wolf implementation of `strtok` using `USE_WOLF_STRTOK`.
* Updated Micrium uC/OS-III Port
* Updated root certs for OCSP scripts
* New Single Precision math option for RSA, DH and ECC (off by default). See `--enable-sp`.
* Speedups for AES GCM with AESNI (--enable-aesni)
* Speedups for SHA2, ChaCha20/Poly1035 using AVX/AVX2
# wolfSSL (Formerly CyaSSL) Release 3.12.0 (8/04/2017)
## Release 3.12.0 of wolfSSL has bug fixes and new features including:
- TLS 1.3 with Nginx! TLS 1.3 with ARMv8! TLS 1.3 with Async Crypto! (--enable-tls13)
- TLS 1.3 0RTT feature added
- Added port for using Intel SGX with Linux
- Update and fix PIC32MZ port
- Additional unit testing for MD5, SHA, SHA224, SHA256, SHA384, SHA512, RipeMd, HMAC, 3DES, IDEA, ChaCha20, ChaCha20Poly1305 AEAD, Camellia, Rabbit, ARC4, AES, RSA, Hc128
- AVX and AVX2 assembly for improved ChaCha20 performance
- Intel QAT fixes for when using --disable-fastmath
- Update how DTLS handles decryption and MAC failures
- Update DTLS session export version number for --enable-sessionexport feature
- Add additional input argument sanity checks to ARMv8 assembly port
- Fix for making PKCS12 dynamic types match
- Fixes for potential memory leaks when using --enable-fast-rsa
- Fix for when using custom ECC curves and add BRAINPOOLP256R1 test
- Update TI-RTOS port for dependency on new wolfSSL source files
- DTLS multicast feature added, --enable-mcast
- Fix for Async crypto with GCC 7.1 and HMAC when not using Intel QuickAssist
- Improvements and enhancements to Intel QuickAssist support
- Added Xilinx port
- Added SHA3 Keccak feature, --enable-sha3
- Expand wolfSSL Python wrapper to now include a client side implementation
- Adjust example servers to not treat a peer closed error as a hard error
- Added more sanity checks to fp_read_unsigned_bin function
- Add SHA224 and AES key wrap to ARMv8 port
- Update MQX classics and mmCAU ports
- Fix for potential buffer over read with wolfSSL_CertPemToDer
- Add PKCS7/CMS decode support for KARI with IssuerAndSerialNumber
- Fix ThreadX/NetX warning
- Fixes for OCSP and CRL non blocking sockets and for incomplete cert chain with OCSP
- Added RSA PSS sign and verify
- Fix for STM32F4 AES-GCM
- Added enable all feature (--enable-all)
- Added trackmemory feature (--enable-trackmemory)
- Fixes for AES key wrap and PKCS7 on Windows VS
- Added benchmark block size argument
- Support use of staticmemory with PKCS7
- Fix for Blake2b build with GCC 5.4
- Fixes for compiling wolfSSL with GCC version 7, most dealing with switch statement fall through warnings.
- Added warning when compiling without hardened math operations
Note:
There is a known issue with using ChaCha20 AVX assembly on versions of GCC earlier than 5.2. This is encountered with using the wolfSSL enable options --enable-intelasm and --enable-chacha. To avoid this issue ChaCha20 can be enabled with --enable-chacha=noasm.
If using --enable-intelasm and also using --enable-sha224 or --enable-sha256 there is a known issue with trying to use -fsanitize=address.
This release of wolfSSL fixes 1 low level security vulnerability.
Low level fix for a potential DoS attack on a wolfSSL client. Previously a client would accept many warning alert messages without a limit. This fix puts a limit to the number of warning alert messages received and if this limit is reached a fatal error ALERT_COUNT_E is returned. The max number of warning alerts by default is set to 5 and can be adjusted with the macro WOLFSSL_ALERT_COUNT_MAX. Thanks for the report from Tarun Yadav and Koustav Sadhukhan from Defence Research and Development Organization, INDIA.
See INSTALL file for build instructions.
More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html
# wolfSSL (Formerly CyaSSL) Release 3.11.1 (5/11/2017)
## Release 3.11.1 of wolfSSL is a TLS 1.3 BETA release, which includes:
- TLS 1.3 client and server support for TLS 1.3 with Draft 18 support
This is strictly a BETA release, and designed for testing and user feedback.
Please send any comments, testing results, or feedback to wolfSSL at
support@wolfssl.com.
See INSTALL file for build instructions.
More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html
# wolfSSL (Formerly CyaSSL) Release 3.11.0 (5/04/2017)
## Release 3.11.0 of wolfSSL has bug fixes and new features including:
- Code updates for warnings reported by Coverity scans
- Testing and warning fixes for FreeBSD on PowerPC
- Updates and refactoring done to ASN1 parsing functions
- Change max PSK identity buffer to account for an identity length of 128 characters
- Update Arduino script to handle recent files and additions
- Added support for PKCS#7 Signed Data with ECDSA
- Fix for interoperability with ChaCha20-Poly1305 suites using older draft versions
- DTLS update to allow multiple handshake messages in one DTLS record. Thanks to Eric Samsel over at Welch Allyn for reporting this bug.
- Intel QuickAssist asynchronous support (PR #715 - https://www.wolfssl.com/wolfSSL/Blog/Entries/2017/1/18_wolfSSL_Asynchronous_Intel_QuickAssist_Support.html)
- Added support for HAproxy load balancer
- Added option to allow SHA1 with TLS 1.2 for IIS compatibility (WOLFSSL_ALLOW_TLS_SHA1)
- Added Curve25519 51-bit Implementation, increasing performance on systems that have 128 bit types
- Fix to not send session ID on server side if session cache is off unless we're echoing
session ID as part of session tickets
- Fixes for ensuring all default ciphers are setup correctly (see PR #830)
- Added NXP Hexiwear example in `IDE/HEXIWEAR`.
- Added wolfSSL_write_dup() to create write only WOLFSSL object for concurrent access
- Fixes for TLS elliptic curve selection on private key import.
- Fixes for RNG with Intel rdrand and rdseed speedups.
- Improved performance with Intel rdrand to use full 64-bit output
- Added new --enable-intelrand option to indicate use of RDRAND preference for RNG source
- Removed RNG ARC4 support
- Added ECC helpers to get size and id from curve name.
- Added ECC Cofactor DH (ECC-CDH) support
- Added ECC private key only import / export functions.
- Added PKCS8 create function
- Improvements to TLS layer CTX handling for switching keys / certs.
- Added check for duplicate certificate policy OID in certificates.
- Normal math speed-up to not allocate on mp_int and defer until mp_grow
- Reduce heap usage with fast math when not using ALT_ECC_SIZE
- Fixes for building CRL with Windows
- Added support for inline CRL lookup when HAVE_CRL_IO is defined
- Added port for tenAsys INtime RTOS
- Improvements to uTKernel port (WOLFSSL_uTKERNEL2)
- Updated WPA Supplicant support
- Added support for Nginx
- Update stunnel port for version 5.40
- Fixes for STM32 hardware crypto acceleration
- Extended test code coverage in bundled test.c
- Added a sanity check for minimum authentication tag size with AES-GCM. Thanks to Yueh-Hsun Lin and Peng Li at KNOX Security at Samsung Research America for suggesting this.
- Added a sanity check that subject key identifier is marked as non-critical and a check that no policy OIDS appear more than once in the cert policies extension. Thanks to the report from Professor Zhenhua Duan, Professor Cong Tian, and Ph.D candidate Chu Chen from Institute of Computing Theory and Technology (ICTT) of Xidian University, China. Profs. Zhenhua Duan and Cong Tian are supervisors of Ph.D candidate Chu Chen.
This release of wolfSSL fixes 5 low and 1 medium level security vulnerability.
3 Low level fixes reported by Yueh-Hsun Lin and Peng Li from KNOX Security, Samsung Research America.
- Fix for out of bounds memory access in wc_DhParamsLoad() when GetLength() returns a zero. Before this fix there is a case where wolfSSL would read out of bounds memory in the function wc_DhParamsLoad.
- Fix for DH key accepted by wc_DhAgree when the key was malformed.
- Fix for a double free case when adding CA cert into X509_store.
Low level fix for memory management with static memory feature enabled. By default static memory is disabled. Thanks to GitHub user hajjihraf for reporting this.
Low level fix for out of bounds write in the function wolfSSL_X509_NAME_get_text_by_NID. This function is not used by TLS or crypto operations but could result in a buffer out of bounds write by one if called explicitly in an application. Discovered by Aleksandar Nikolic of Cisco Talos. http://talosintelligence.com/vulnerability-reports/
Medium level fix for check on certificate signature. There is a case in release versions 3.9.10, 3.10.0 and 3.10.2 where a corrupted signature on a peer certificate would not be properly flagged. Thanks to Wens Lo, James Tsai, Kenny Chang, and Oscar Yang at Castles Technology.
See INSTALL file for build instructions.
More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html
# wolfSSL (Formerly CyaSSL) Release 3.10.2 (2/10/2017) # wolfSSL (Formerly CyaSSL) Release 3.10.2 (2/10/2017)
## Release 3.10.2 of wolfSSL has bug fixes and new features including: ## Release 3.10.2 of wolfSSL has bug fixes and new features including:

View File

@ -22,6 +22,20 @@ if test -e .git; then
# touch async crypt files # touch async crypt files
touch ./wolfcrypt/src/async.c touch ./wolfcrypt/src/async.c
touch ./wolfssl/wolfcrypt/async.h touch ./wolfssl/wolfcrypt/async.h
# touch async port files
touch ./wolfcrypt/src/port/intel/quickassist.c
touch ./wolfcrypt/src/port/intel/quickassist_mem.c
touch ./wolfcrypt/src/port/cavium/cavium_nitrox.c
if [ ! -d ./wolfssl/wolfcrypt/port/intel ]; then
mkdir ./wolfssl/wolfcrypt/port/intel
fi
touch ./wolfssl/wolfcrypt/port/intel/quickassist.h
touch ./wolfssl/wolfcrypt/port/intel/quickassist_mem.h
if [ ! -d ./wolfssl/wolfcrypt/port/cavium ]; then
mkdir ./wolfssl/wolfcrypt/port/cavium
fi
touch ./wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h
else else
WARNINGS="all" WARNINGS="all"
fi fi

BIN
certs/ca-ecc-cert.der Executable file

Binary file not shown.

53
certs/ca-ecc-cert.pem Executable file
View File

@ -0,0 +1,53 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
97:b4:bd:16:78:f8:47:f2
Signature Algorithm: ecdsa-with-SHA256
Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
Not Before: Oct 20 18:19:06 2017 GMT
Not After : Oct 15 18:19:06 2037 GMT
Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:02:d3:d9:6e:d6:01:8e:45:c8:b9:90:31:e5:c0:
4c:e3:9e:ad:29:38:98:ba:10:d6:e9:09:2a:80:a9:
2e:17:2a:b9:8a:bf:33:83:46:e3:95:0b:e4:77:40:
b5:3b:43:45:33:0f:61:53:7c:37:44:c1:cb:fc:80:
ca:e8:43:ea:a7
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Subject Key Identifier:
56:8E:9A:C3:F0:42:DE:18:B9:45:55:6E:F9:93:CF:EA:C3:F3:A5:21
X509v3 Authority Key Identifier:
keyid:56:8E:9A:C3:F0:42:DE:18:B9:45:55:6E:F9:93:CF:EA:C3:F3:A5:21
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
Signature Algorithm: ecdsa-with-SHA256
30:45:02:20:32:26:81:e4:15:ec:e3:aa:d3:e5:b8:2a:ca:a3:
06:a7:04:97:d8:43:7f:d4:94:47:f8:18:0d:93:52:23:8b:08:
02:21:00:e1:9e:34:d0:92:ee:56:0d:23:38:4a:20:bc:cf:11:
c3:33:77:96:81:56:2b:ca:c4:d5:c6:65:5d:36:73:2f:ba
-----BEGIN CERTIFICATE-----
MIICijCCAjCgAwIBAgIJAJe0vRZ4+EfyMAoGCCqGSM49BAMCMIGXMQswCQYDVQQG
EwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEQMA4G
A1UECgwHd29sZlNTTDEUMBIGA1UECwwLRGV2ZWxvcG1lbnQxGDAWBgNVBAMMD3d3
dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe
Fw0xNzEwMjAxODE5MDZaFw0zNzEwMTUxODE5MDZaMIGXMQswCQYDVQQGEwJVUzET
MBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEQMA4GA1UECgwH
d29sZlNTTDEUMBIGA1UECwwLRGV2ZWxvcG1lbnQxGDAWBgNVBAMMD3d3dy53b2xm
c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTBZMBMGByqG
SM49AgEGCCqGSM49AwEHA0IABALT2W7WAY5FyLmQMeXATOOerSk4mLoQ1ukJKoCp
LhcquYq/M4NG45UL5HdAtTtDRTMPYVN8N0TBy/yAyuhD6qejYzBhMB0GA1UdDgQW
BBRWjprD8ELeGLlFVW75k8/qw/OlITAfBgNVHSMEGDAWgBRWjprD8ELeGLlFVW75
k8/qw/OlITAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAKBggqhkjO
PQQDAgNIADBFAiAyJoHkFezjqtPluCrKowanBJfYQ3/UlEf4GA2TUiOLCAIhAOGe
NNCS7lYNIzhKILzPEcMzd5aBVivKxNXGZV02cy+6
-----END CERTIFICATE-----

BIN
certs/ca-ecc-key.der Executable file

Binary file not shown.

5
certs/ca-ecc-key.pem Executable file
View File

@ -0,0 +1,5 @@
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgAuEzmHeXrEpZbSib
bqCTmwdxi01gY4WZ5rsWcOkK9oChRANCAAQC09lu1gGORci5kDHlwEzjnq0pOJi6
ENbpCSqAqS4XKrmKvzODRuOVC+R3QLU7Q0UzD2FTfDdEwcv8gMroQ+qn
-----END PRIVATE KEY-----

BIN
certs/ca-ecc384-cert.der Executable file

Binary file not shown.

58
certs/ca-ecc384-cert.pem Executable file
View File

@ -0,0 +1,58 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
f5:e1:8f:f1:4b:a6:83:8e
Signature Algorithm: ecdsa-with-SHA384
Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
Not Before: Oct 20 18:19:06 2017 GMT
Not After : Oct 15 18:19:06 2037 GMT
Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:ee:82:d4:39:9a:b1:27:82:f4:d7:ea:c6:bc:03:
1d:4d:83:61:f4:03:ae:7e:bd:d8:5a:a5:b9:f0:8e:
a2:a5:da:ce:87:3b:5a:ab:44:16:9c:f5:9f:62:dd:
f6:20:cd:9c:76:3c:40:b1:3f:97:17:df:59:f6:cd:
de:cd:46:35:c0:ed:5e:2e:48:b6:66:91:71:74:b7:
0c:3f:b9:9a:b7:83:bd:93:3f:5f:50:2d:70:3f:de:
35:25:e1:90:3b:86:e0
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Subject Key Identifier:
AB:E0:C3:26:4C:18:D4:72:BB:D2:84:8C:9C:0A:05:92:80:12:53:52
X509v3 Authority Key Identifier:
keyid:AB:E0:C3:26:4C:18:D4:72:BB:D2:84:8C:9C:0A:05:92:80:12:53:52
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
Signature Algorithm: ecdsa-with-SHA384
30:65:02:30:17:dd:b9:a5:e0:ec:8a:03:8b:66:45:69:ad:5e:
ad:32:bc:45:4c:89:85:3f:a1:dd:a4:74:4b:5d:08:65:1b:d8:
07:00:49:5d:ef:10:fc:eb:8f:64:a8:62:99:88:20:59:02:31:
00:94:40:64:29:86:d0:00:76:1c:98:23:9c:b7:9b:be:78:73:
3a:88:be:52:00:3f:e3:81:36:d9:14:22:3d:9e:a2:8a:4a:56:
9c:c4:3f:5f:88:2e:b1:a7:6c:4d:0e:cc:92
-----BEGIN CERTIFICATE-----
MIICxzCCAk2gAwIBAgIJAPXhj/FLpoOOMAoGCCqGSM49BAMDMIGXMQswCQYDVQQG
EwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEQMA4G
A1UECgwHd29sZlNTTDEUMBIGA1UECwwLRGV2ZWxvcG1lbnQxGDAWBgNVBAMMD3d3
dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe
Fw0xNzEwMjAxODE5MDZaFw0zNzEwMTUxODE5MDZaMIGXMQswCQYDVQQGEwJVUzET
MBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEQMA4GA1UECgwH
d29sZlNTTDEUMBIGA1UECwwLRGV2ZWxvcG1lbnQxGDAWBgNVBAMMD3d3dy53b2xm
c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTB2MBAGByqG
SM49AgEGBSuBBAAiA2IABO6C1DmasSeC9NfqxrwDHU2DYfQDrn692FqlufCOoqXa
zoc7WqtEFpz1n2Ld9iDNnHY8QLE/lxffWfbN3s1GNcDtXi5ItmaRcXS3DD+5mreD
vZM/X1AtcD/eNSXhkDuG4KNjMGEwHQYDVR0OBBYEFKvgwyZMGNRyu9KEjJwKBZKA
ElNSMB8GA1UdIwQYMBaAFKvgwyZMGNRyu9KEjJwKBZKAElNSMA8GA1UdEwEB/wQF
MAMBAf8wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMDA2gAMGUCMBfduaXg7IoD
i2ZFaa1erTK8RUyJhT+h3aR0S10IZRvYBwBJXe8Q/OuPZKhimYggWQIxAJRAZCmG
0AB2HJgjnLebvnhzOoi+UgA/44E22RQiPZ6iikpWnMQ/X4gusadsTQ7Mkg==
-----END CERTIFICATE-----

BIN
certs/ca-ecc384-key.der Executable file

Binary file not shown.

6
certs/ca-ecc384-key.pem Executable file
View File

@ -0,0 +1,6 @@
-----BEGIN PRIVATE KEY-----
MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDB7FuPW0oGUbIrdqHju
x36zxdHbLvPtDkiFsfLhejlWwPFiEg81tzm8nCXAduv+VXChZANiAATugtQ5mrEn
gvTX6sa8Ax1Ng2H0A65+vdhapbnwjqKl2s6HO1qrRBac9Z9i3fYgzZx2PECxP5cX
31n2zd7NRjXA7V4uSLZmkXF0tww/uZq3g72TP19QLXA/3jUl4ZA7huA=
-----END PRIVATE KEY-----

108
certs/client-cert-3072.pem Normal file
View File

@ -0,0 +1,108 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
c9:72:2a:eb:e8:4a:47:e7
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_3072, OU = Programming-3072, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
Validity
Not Before: Aug 11 05:14:40 2017 GMT
Not After : May 7 05:14:40 2020 GMT
Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_3072, OU = Programming-3072, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (3072 bit)
Modulus:
00:c1:00:b0:1a:0a:ba:88:03:cc:92:d6:f7:2e:0d:
ad:be:60:f4:a4:53:a3:dc:f9:b6:48:6c:21:33:cf:
7c:a0:c5:35:37:1a:5f:7e:65:33:07:b4:9a:d1:2e:
b2:ed:35:a1:c8:67:b3:db:39:05:8d:aa:81:74:00:
85:22:72:f8:7d:39:47:53:00:56:71:cf:82:d7:fc:
a2:7d:a0:6e:10:a2:96:db:cc:8e:e4:2d:9d:9d:5b:
4a:43:5e:cb:3d:48:72:af:f4:6a:da:34:2f:ed:99:
c1:1b:fb:4c:56:8a:a0:66:8c:fb:5d:10:d5:5b:0f:
96:04:d9:c5:b1:55:f5:88:76:db:d3:da:a1:dc:e9:
ee:d1:67:dd:bf:54:50:07:ef:2f:79:fb:4e:59:2a:
bf:92:0d:80:6f:7b:ec:79:65:9a:c3:08:c0:4f:c6:
6b:33:bf:9d:4d:af:f9:83:af:25:42:4c:93:f1:9f:
d6:33:7d:d4:85:2a:77:44:1d:1f:ca:d3:22:ab:69:
50:35:d8:47:3e:f7:9c:a8:e3:f9:84:60:9e:36:10:
02:5c:9c:1f:33:1c:e6:bb:d0:5f:28:63:27:4c:b5:
1c:71:b3:f4:7a:33:aa:45:70:a9:54:88:70:07:0e:
45:4f:b1:7f:2a:fd:bf:31:da:97:96:c8:55:49:f2:
c3:b6:e6:08:78:ca:40:8b:2e:5d:8e:4e:6c:65:6b:
57:f4:1d:ee:41:b6:ed:24:0d:38:f2:40:bd:7d:59:
6b:c5:d6:67:e2:12:9b:10:05:fe:eb:40:1d:c5:73:
75:ac:e9:9c:07:63:72:e4:c5:04:fe:c9:17:13:bf:
04:02:0e:44:e9:9d:59:6e:7e:63:38:e6:db:31:21:
28:5e:82:20:36:ad:26:fe:ba:6d:af:57:2e:32:aa:
a6:2c:54:b4:25:50:11:ac:25:8b:84:1b:7b:5d:ae:
df:e1:c4:32:3a:b4:60:6c:16:ef:9c:2c:a8:67:d0:
53:f5:c8:97:9a:9e:81:25:e6:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FA:B8:8A:0E:1D:E7:2B:22:BA:2D:F4:54:DD:7E:D4:63:8A:AB:E7:95
X509v3 Authority Key Identifier:
keyid:FA:B8:8A:0E:1D:E7:2B:22:BA:2D:F4:54:DD:7E:D4:63:8A:AB:E7:95
DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_3072/OU=Programming-3072/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:C9:72:2A:EB:E8:4A:47:E7
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
b3:20:83:3d:56:e2:b9:a6:8f:a9:46:fe:ad:9f:c7:d5:e2:dc:
db:78:1e:4c:ca:d5:bd:38:5d:20:bc:18:f9:a0:33:7e:09:df:
89:61:15:85:6d:80:78:3d:b4:6b:30:e6:f3:8a:8f:b2:5d:a0:
6b:41:51:24:1c:4c:5e:db:0d:af:6d:56:12:1b:91:01:ed:0e:
1c:1a:15:95:8f:99:1f:7f:e7:65:e7:0a:fe:24:0c:e0:a1:1f:
16:7f:55:2e:48:98:97:3f:98:a7:90:1f:20:ec:b6:16:fa:2a:
d2:91:3a:5f:83:df:cd:a3:51:37:19:69:c3:be:c9:35:bb:32:
47:e9:e5:30:1f:cd:27:ac:4d:05:31:d9:06:33:5c:6e:f5:bb:
22:b6:7c:68:3d:82:f2:c0:2e:00:34:d9:ed:ba:fc:f5:39:04:
53:32:b7:bb:ff:c6:a1:bc:50:8e:d5:43:b6:48:07:8b:3d:47:
4a:f7:22:f1:c3:4d:3d:db:d4:ca:e6:77:4d:94:7c:79:36:df:
81:de:a7:fc:24:0e:7c:ec:72:2e:4d:b2:dc:7c:93:98:29:62:
8b:67:0a:dd:c5:2f:ea:e1:b0:1d:d2:9d:91:74:30:3f:14:10:
03:95:36:1b:02:2a:84:22:51:fa:26:fb:a4:a7:a7:d0:3f:12:
0d:bc:14:c8:cd:60:a1:53:44:e3:5b:7a:63:ee:3e:50:f8:4a:
ea:0a:2e:c2:9d:69:0c:4b:c6:ea:cd:b2:0d:d0:de:13:09:c9:
f9:d5:7c:e4:f4:b1:55:8f:59:9e:86:b9:51:77:ad:35:06:35:
fa:2c:76:06:41:b9:21:13:dd:94:02:34:66:e0:21:86:8e:08:
9d:06:71:f2:bc:c3:34:10:ff:3d:d4:0c:70:8a:3c:bb:8a:ea:
af:a1:b3:63:78:95:e4:c8:54:3c:87:c5:b4:97:7a:19:a3:59:
75:ac:d6:5b:48:47:55:e8:24:20:fa:e8:2b:66:5d:6a:17:47:
ce:38:93:a7:d1:ed
-----BEGIN CERTIFICATE-----
MIIFyjCCBDKgAwIBAgIJAMlyKuvoSkfnMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD
VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEVMBMG
A1UECgwMd29sZlNTTF8zMDcyMRkwFwYDVQQLDBBQcm9ncmFtbWluZy0zMDcyMRgw
FgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s
ZnNzbC5jb20wHhcNMTcwODExMDUxNDQwWhcNMjAwNTA3MDUxNDQwWjCBnjELMAkG
A1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTAT
BgNVBAoMDHdvbGZTU0xfMzA3MjEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMzA3MjEY
MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
bGZzc2wuY29tMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAwQCwGgq6
iAPMktb3Lg2tvmD0pFOj3Pm2SGwhM898oMU1NxpffmUzB7Sa0S6y7TWhyGez2zkF
jaqBdACFInL4fTlHUwBWcc+C1/yifaBuEKKW28yO5C2dnVtKQ17LPUhyr/Rq2jQv
7ZnBG/tMVoqgZoz7XRDVWw+WBNnFsVX1iHbb09qh3Onu0Wfdv1RQB+8veftOWSq/
kg2Ab3vseWWawwjAT8ZrM7+dTa/5g68lQkyT8Z/WM33UhSp3RB0fytMiq2lQNdhH
PvecqOP5hGCeNhACXJwfMxzmu9BfKGMnTLUccbP0ejOqRXCpVIhwBw5FT7F/Kv2/
MdqXlshVSfLDtuYIeMpAiy5djk5sZWtX9B3uQbbtJA048kC9fVlrxdZn4hKbEAX+
60AdxXN1rOmcB2Ny5MUE/skXE78EAg5E6Z1Zbn5jOObbMSEoXoIgNq0m/rptr1cu
MqqmLFS0JVARrCWLhBt7Xa7f4cQyOrRgbBbvnCyoZ9BT9ciXmp6BJebHAgMBAAGj
ggEHMIIBAzAdBgNVHQ4EFgQU+riKDh3nKyK6LfRU3X7UY4qr55UwgdMGA1UdIwSB
yzCByIAU+riKDh3nKyK6LfRU3X7UY4qr55WhgaSkgaEwgZ4xCzAJBgNVBAYTAlVT
MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRUwEwYDVQQKDAx3
b2xmU1NMXzMwNzIxGTAXBgNVBAsMEFByb2dyYW1taW5nLTMwNzIxGDAWBgNVBAMM
D3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv
bYIJAMlyKuvoSkfnMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggGBALMg
gz1W4rmmj6lG/q2fx9Xi3Nt4HkzK1b04XSC8GPmgM34J34lhFYVtgHg9tGsw5vOK
j7JdoGtBUSQcTF7bDa9tVhIbkQHtDhwaFZWPmR9/52XnCv4kDOChHxZ/VS5ImJc/
mKeQHyDsthb6KtKROl+D382jUTcZacO+yTW7Mkfp5TAfzSesTQUx2QYzXG71uyK2
fGg9gvLALgA02e26/PU5BFMyt7v/xqG8UI7VQ7ZIB4s9R0r3IvHDTT3b1Mrmd02U
fHk234Hep/wkDnzsci5Nstx8k5gpYotnCt3FL+rhsB3SnZF0MD8UEAOVNhsCKoQi
Ufom+6Snp9A/Eg28FMjNYKFTRONbemPuPlD4SuoKLsKdaQxLxurNsg3Q3hMJyfnV
fOT0sVWPWZ6GuVF3rTUGNfosdgZBuSET3ZQCNGbgIYaOCJ0GcfK8wzQQ/z3UDHCK
PLuK6q+hs2N4leTIVDyHxbSXehmjWXWs1ltIR1XoJCD66CtmXWoXR844k6fR7Q==
-----END CERTIFICATE-----

40
certs/client-key-3072.pem Normal file
View File

@ -0,0 +1,40 @@
-----BEGIN PRIVATE KEY-----
MIIG/wIBADANBgkqhkiG9w0BAQEFAASCBukwggblAgEAAoIBgQDBALAaCrqIA8yS
1vcuDa2+YPSkU6Pc+bZIbCEzz3ygxTU3Gl9+ZTMHtJrRLrLtNaHIZ7PbOQWNqoF0
AIUicvh9OUdTAFZxz4LX/KJ9oG4QopbbzI7kLZ2dW0pDXss9SHKv9GraNC/tmcEb
+0xWiqBmjPtdENVbD5YE2cWxVfWIdtvT2qHc6e7RZ92/VFAH7y95+05ZKr+SDYBv
e+x5ZZrDCMBPxmszv51Nr/mDryVCTJPxn9YzfdSFKndEHR/K0yKraVA12Ec+95yo
4/mEYJ42EAJcnB8zHOa70F8oYydMtRxxs/R6M6pFcKlUiHAHDkVPsX8q/b8x2peW
yFVJ8sO25gh4ykCLLl2OTmxla1f0He5Btu0kDTjyQL19WWvF1mfiEpsQBf7rQB3F
c3Ws6ZwHY3LkxQT+yRcTvwQCDkTpnVlufmM45tsxIShegiA2rSb+um2vVy4yqqYs
VLQlUBGsJYuEG3tdrt/hxDI6tGBsFu+cLKhn0FP1yJeanoEl5scCAwEAAQKCAYA4
2WMFyLM47SWM+xTD0/OhaB2naZuSs1sl6fO9txgWowARwwrtyBFH68LOatr5VBrb
VPB9WkZwfBC1gpG0m/jlqcGAiVDtJRp9VETojCDfdYTKKW7Nd0I93234eiuTWYuu
mGgA7e5QJkHjZBoQQ7ULf+tqdlLiB61AsISyv4cbMyd9N6EF2UInHFkMymDodWOe
oo9pZFYZRzDVpcL53xu+5wz+couRKpfDElqEl0p6ROQu/82wTRgUQXXv8kQzEg1Z
Ccm9D66IPLHviG19utUSNll2Fq3i7V88It+NFzBp4yzNvoXOiUFWwDoqHUve2ifV
UDKITEE8Zh3Cm/UGdbNk+lkMOu5tmE0l1tOe2F+9RAjB1SnN8qxMqgMnmftEKYja
3Do9feU0H2ZmKfK6dfECB7NsuVg9mI66Dew0rjQJ0oRG1+qqvPgHROcVnMBMmeU1
bsF2yV2RWCc/4RFuAEi0VM2SgYOst5Voa+Os15rFxZ3APC+FqDmzYyyKVfXpgMEC
gcEA7NuwxVGiseKGVZXG1/JJm86hCNkyAFMx1soGQDXyCZfTKFTwuJr+rImkOLnj
J8i5cGa8v8E8obH/bMeM6hI8qsJ5jr1yHluZBGOy+VNmeV1pCLpCeXF/enn9gTq4
m+X6SCxCn/SQdnr1Z5HT9yTcsWSzKk+T7uVKCZomfmBJyK3hhYsUsCaE0eQjgGfm
yY/HKFVni/wmYLxnDwrMNtIK6aBA3cRrUr8MG8DZDVdourXMUo+G61kEaAV2Wu2R
QrEzAoHBANCZrjOcPOZ5ojRmvqIiwX39U5Ucu9gkYvi63fJgzUcZKoH67D4pK1T7
lvQ93hVnno0tKW16+lUS7EkQs4xmSPK07jQn0xYOkTcBnu4b/lkSIaFouecFd+ls
XKlMz9VR91s89Hnuz0qXL7gpO2D9/bfonAXTsQyyTgNK3opwA4J0AKT+9PUTehGe
pT7OtupGMh7osuNzX7v/9L5VBz24ZOiI35yypOnK/DHJDKzXnXGBxHhEwmdAQe0T
BKMQ8nDcHQKBwQDCdCpQFJFpUPvQT8KLj1J3I9B5Hzc5pROJrxoqpR8sWQT2W6W1
KSpkJCw6lgGzq8rySKY1F0Pby/JTMBC0Kny8BCUf1tBVtAWP4PoSTzIV+WY90Ay6
/z8VIgnJipf9BXXQwuV/xJzFaHUIrmRCxnSY/n9JAUQGISADehaYMhzhMD+yD1jQ
tQ7d8lpjFOoYGH380wDLoBsx1/sUEl1NtGtZGkOmzZb+u/II5u5LUbOddZtlPIgb
t10yuSlNxTQ4eJkCgcEAgxbg23wm5Wuw3J9o03lmAWgOe5mIDqenLso4KlZdCn4t
MWvfxJyYp5pH3gt3IhpxECU+cJek84ulw7DkNKoe06+SNmKEi8rxxRCWsOoUqCL1
0Xp/wUe1eJJplNc5kMQm30ZqGKpTyHtEOMZok2ZqaIWcbyj+jY0L65PEUFleSz/d
G9NBWzY3MxVwoQzE9GrSmov/x2I82mdahbXnjAjyGRPS+qVlb6rpW9wNxBzny2oS
bsY/KSW/iF24P0WqJfSdAoHBAMrAqYYkbFVboqKXci8ngzrBIPTweUaQetseywd3
EsBoCuIub/zOHrXPyEHpQpsWBoyCs7/wFy+e2E8qWJ9GBqVaUdpO1PQbgDBTg3C4
lx91pXJ9wHFFMX7evHYLFLLce6ofhrRDch97aFvdDP0dB7fh32FRUyJzPQwVXOcL
OEyaN2q+5mTLVIohiiryb6SmsD2qbAzym32/826Fku2zwX8j2xdCP/AkdnIPz/L0
H3pgMZYSzYmd0dbSva225DqVew==
-----END PRIVATE KEY-----

30
certs/crl/caEcc384Crl.pem Executable file
View File

@ -0,0 +1,30 @@
Certificate Revocation List (CRL):
Version 2 (0x1)
Signature Algorithm: ecdsa-with-SHA256
Issuer: /C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Development/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Last Update: Oct 20 18:19:08 2017 GMT
Next Update: Jul 16 18:19:08 2020 GMT
CRL extensions:
X509v3 Authority Key Identifier:
keyid:AB:E0:C3:26:4C:18:D4:72:BB:D2:84:8C:9C:0A:05:92:80:12:53:52
X509v3 CRL Number:
8193
No Revoked Certificates.
Signature Algorithm: ecdsa-with-SHA256
30:65:02:31:00:ad:70:4b:08:03:b6:ab:d4:9e:8d:dd:2a:05:
ec:07:6b:86:61:08:69:08:1e:01:02:42:22:5f:a9:6d:4f:de:
20:6b:aa:a0:8f:e4:0a:8e:40:7c:cf:84:fb:10:50:01:90:02:
30:50:35:d3:6c:44:bd:ad:56:9d:3e:47:09:ac:b8:0d:db:5c:
54:f2:1c:25:fb:d2:cb:63:2b:9e:17:a3:1e:0b:ba:15:a8:65:
7e:5b:94:c0:11:f4:e2:c9:f1:25:ba:08:26
-----BEGIN X509 CRL-----
MIIBcjCB+QIBATAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxEzARBgNVBAgM
Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZTU0wx
FDASBgNVBAsMC0RldmVsb3BtZW50MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE3MTAyMDE4MTkwOFoX
DTIwMDcxNjE4MTkwOFqgMDAuMB8GA1UdIwQYMBaAFKvgwyZMGNRyu9KEjJwKBZKA
ElNSMAsGA1UdFAQEAgIgATAKBggqhkjOPQQDAgNoADBlAjEArXBLCAO2q9Sejd0q
BewHa4ZhCGkIHgECQiJfqW1P3iBrqqCP5AqOQHzPhPsQUAGQAjBQNdNsRL2tVp0+
RwmsuA3bXFTyHCX70stjK54Xox4LuhWoZX5blMAR9OLJ8SW6CCY=
-----END X509 CRL-----

28
certs/crl/caEccCrl.pem Executable file
View File

@ -0,0 +1,28 @@
Certificate Revocation List (CRL):
Version 2 (0x1)
Signature Algorithm: ecdsa-with-SHA256
Issuer: /C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Development/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Last Update: Oct 20 18:19:08 2017 GMT
Next Update: Jul 16 18:19:08 2020 GMT
CRL extensions:
X509v3 Authority Key Identifier:
keyid:56:8E:9A:C3:F0:42:DE:18:B9:45:55:6E:F9:93:CF:EA:C3:F3:A5:21
X509v3 CRL Number:
8192
No Revoked Certificates.
Signature Algorithm: ecdsa-with-SHA256
30:45:02:20:51:84:45:49:4b:69:3a:e0:84:d2:9c:e4:62:c9:
4c:30:83:ba:3e:5a:f6:ea:2c:54:50:17:26:4d:fc:82:5f:d2:
02:21:00:e5:6b:a6:1c:e3:83:07:cd:59:04:66:00:a0:76:77:
11:d8:82:76:fd:a9:2d:cc:3a:db:3a:0f:b5:1a:a6:f3:a8
-----BEGIN X509 CRL-----
MIIBUjCB+QIBATAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxEzARBgNVBAgM
Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZTU0wx
FDASBgNVBAsMC0RldmVsb3BtZW50MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE3MTAyMDE4MTkwOFoX
DTIwMDcxNjE4MTkwOFqgMDAuMB8GA1UdIwQYMBaAFFaOmsPwQt4YuUVVbvmTz+rD
86UhMAsGA1UdFAQEAgIgADAKBggqhkjOPQQDAgNIADBFAiBRhEVJS2k64ITSnORi
yUwwg7o+WvbqLFRQFyZN/IJf0gIhAOVrphzjgwfNWQRmAKB2dxHYgnb9qS3MOts6
D7UapvOo
-----END X509 CRL-----

80
certs/crl/crl2.pem Normal file
View File

@ -0,0 +1,80 @@
Certificate Revocation List (CRL):
Version 2 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Last Update: Aug 11 20:07:38 2016 GMT
Next Update: May 8 20:07:38 2019 GMT
CRL extensions:
X509v3 CRL Number:
1
Revoked Certificates:
Serial Number: 02
Revocation Date: Aug 11 20:07:38 2016 GMT
Signature Algorithm: sha256WithRSAEncryption
35:c6:7f:57:9a:e5:86:5a:15:1a:e2:e5:2b:9f:54:79:2a:58:
51:a2:12:0c:4e:53:58:eb:99:e3:c2:ee:2b:d7:23:e4:3c:4d:
0a:ab:ae:71:9b:ce:b1:c1:75:a1:b6:e5:32:5f:10:b0:72:28:
2e:74:b1:99:dd:47:53:20:f6:9a:83:5c:bd:20:b0:aa:df:32:
f6:95:54:98:9e:59:96:55:7b:0a:74:be:94:66:44:b7:32:82:
f0:eb:16:f8:30:86:16:9f:73:43:98:82:b5:5e:ad:58:c0:c8:
79:da:ad:b1:b4:d7:fb:34:c1:cc:3a:67:af:a4:56:5a:70:5c:
2d:1f:73:16:78:92:01:06:e3:2c:fb:f1:ba:d5:8f:f9:be:dd:
e1:4a:ce:de:ca:e6:2d:96:09:24:06:40:9e:10:15:2e:f2:cd:
85:d6:84:88:db:9c:4a:7b:75:7a:06:0e:40:02:20:60:7e:91:
f7:92:53:1e:34:7a:ea:ee:df:e7:cd:a8:9e:a6:61:b4:56:50:
4d:dc:b1:78:0d:86:cf:45:c3:a6:0a:b9:88:2c:56:a7:b1:d3:
d3:0d:44:aa:93:a4:05:4d:ce:9f:01:b0:c6:1e:e4:ea:6b:92:
6f:93:dd:98:cf:fb:1d:06:72:ac:d4:99:e7:f2:b4:11:57:bd:
9d:63:e5:dc
-----BEGIN X509 CRL-----
MIICBDCB7QIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV
BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3Ro
MRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE2MDgxMTIwMDczOFoX
DTE5MDUwODIwMDczOFowFDASAgECFw0xNjA4MTEyMDA3MzhaoA4wDDAKBgNVHRQE
AwIBATANBgkqhkiG9w0BAQsFAAOCAQEANcZ/V5rlhloVGuLlK59UeSpYUaISDE5T
WOuZ48LuK9cj5DxNCquucZvOscF1obblMl8QsHIoLnSxmd1HUyD2moNcvSCwqt8y
9pVUmJ5ZllV7CnS+lGZEtzKC8OsW+DCGFp9zQ5iCtV6tWMDIedqtsbTX+zTBzDpn
r6RWWnBcLR9zFniSAQbjLPvxutWP+b7d4UrO3srmLZYJJAZAnhAVLvLNhdaEiNuc
Snt1egYOQAIgYH6R95JTHjR66u7f582onqZhtFZQTdyxeA2Gz0XDpgq5iCxWp7HT
0w1EqpOkBU3OnwGwxh7k6muSb5PdmM/7HQZyrNSZ5/K0EVe9nWPl3A==
-----END X509 CRL-----
Certificate Revocation List (CRL):
Version 2 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: /C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=Programming-2048/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Last Update: Aug 11 20:07:38 2016 GMT
Next Update: May 8 20:07:38 2019 GMT
CRL extensions:
X509v3 CRL Number:
3
No Revoked Certificates.
Signature Algorithm: sha256WithRSAEncryption
14:85:d5:c8:db:62:74:48:94:5e:dc:52:0f:5e:43:8b:29:83:
32:e0:7a:4c:5c:76:e3:7e:c1:87:74:40:b2:6f:f8:33:4c:2c:
32:08:f0:5f:d9:85:b3:20:05:34:5d:15:4d:ba:45:bc:2d:9c:
ae:40:d0:d8:9a:b3:a1:4f:0b:94:ce:c4:23:c6:bf:a2:f8:a6:
02:4c:6d:ad:5a:59:b3:83:55:dd:37:91:f6:75:d4:6f:83:5f:
1c:29:94:cd:01:09:dc:38:d8:6c:c0:9f:1e:76:9d:f9:8f:70:
0d:48:e5:99:82:90:3a:36:f1:33:17:69:73:8a:ee:a7:22:4c:
58:93:a1:dc:59:b9:44:8f:88:99:0b:c4:d3:74:aa:02:9a:84:
36:48:d8:a0:05:73:bc:14:32:1e:76:23:85:c5:94:56:b2:2c:
61:3b:07:d7:bd:0c:27:f7:d7:23:40:bd:0c:6c:c7:e0:f7:28:
74:67:98:20:93:72:16:b6:6e:67:3f:9e:c9:34:c5:64:09:bf:
b1:ab:87:0c:80:b6:1f:89:d8:0e:67:c2:c7:19:df:ee:9f:b2:
e6:fb:64:3d:82:7a:47:e2:8d:a3:93:1d:29:f6:94:db:83:2f:
b6:0a:a0:da:77:e3:56:ec:d7:d2:22:3c:88:4d:4a:87:de:b5:
1c:eb:7b:08
-----BEGIN X509 CRL-----
MIIB+DCB4QIBATANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCVVMxEDAOBgNV
BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTATBgNVBAoMDHdvbGZTU0xf
MjA0ODEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMjA0ODEYMBYGA1UEAwwPd3d3Lndv
bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xNjA4
MTEyMDA3MzhaFw0xOTA1MDgyMDA3MzhaoA4wDDAKBgNVHRQEAwIBAzANBgkqhkiG
9w0BAQsFAAOCAQEAFIXVyNtidEiUXtxSD15DiymDMuB6TFx2437Bh3RAsm/4M0ws
MgjwX9mFsyAFNF0VTbpFvC2crkDQ2JqzoU8LlM7EI8a/ovimAkxtrVpZs4NV3TeR
9nXUb4NfHCmUzQEJ3DjYbMCfHnad+Y9wDUjlmYKQOjbxMxdpc4rupyJMWJOh3Fm5
RI+ImQvE03SqApqENkjYoAVzvBQyHnYjhcWUVrIsYTsH170MJ/fXI0C9DGzH4Pco
dGeYIJNyFrZuZz+eyTTFZAm/sauHDIC2H4nYDmfCxxnf7p+y5vtkPYJ6R+KNo5Md
KfaU24Mvtgqg2nfjVuzX0iI8iE1Kh961HOt7CA==
-----END X509 CRL-----

View File

@ -55,6 +55,28 @@ mv tmp crl.revoked
# remove revoked so next time through the normal CA won't have server revoked # remove revoked so next time through the normal CA won't have server revoked
cp blank.index.txt demoCA/index.txt cp blank.index.txt demoCA/index.txt
# caEccCrl
openssl ca -config ../renewcerts/wolfssl.cnf -revoke ../server-revoked-cert.pem -keyfile ../ca-ecc-key.pem -cert ../ca-ecc-cert.pem
openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out caEccCrl.pem -keyfile ../ca-ecc-key.pem -cert ../ca-ecc-cert.pem
# metadata
openssl crl -in caEccCrl.pem -text > tmp
mv tmp caEccCrl.pem
# install (only needed if working outside wolfssl)
#cp caEccCrl.pem ~/wolfssl/certs/crl/caEccCrl.pem
# caEcc384Crl
openssl ca -config ../renewcerts/wolfssl.cnf -revoke ../server-revoked-cert.pem -keyfile ../ca-ecc384-key.pem -cert ../ca-ecc384-cert.pem
openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out caEcc384Crl.pem -keyfile ../ca-ecc384-key.pem -cert ../ca-ecc384-cert.pem
# metadata
openssl crl -in caEcc384Crl.pem -text > tmp
mv tmp caEcc384Crl.pem
# install (only needed if working outside wolfssl)
#cp caEcc384Crl.pem ~/wolfssl/certs/crl/caEcc384Crl.pem
# cliCrl # cliCrl
openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out cliCrl.pem -keyfile ../client-key.pem -cert ../client-cert.pem openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out cliCrl.pem -keyfile ../client-key.pem -cert ../client-cert.pem

View File

@ -6,9 +6,10 @@ EXTRA_DIST += \
certs/crl/crl.pem \ certs/crl/crl.pem \
certs/crl/cliCrl.pem \ certs/crl/cliCrl.pem \
certs/crl/eccSrvCRL.pem \ certs/crl/eccSrvCRL.pem \
certs/crl/eccCliCRL.pem certs/crl/eccCliCRL.pem \
certs/crl/crl2.pem \
certs/crl/caEccCrl.pem \
certs/crl/caEcc384Crl.pem
EXTRA_DIST += \ EXTRA_DIST += \
certs/crl/crl.revoked certs/crl/crl.revoked

11
certs/dh3072.pem Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN DH PARAMETERS-----
MIIBiAKCAYEAiRt1P4S2Ee0h8QgPuAbJo8lB21rI+IJzD+uJHlQYvuZIQZ76wgxQ
Z8NdtfUPI2pDM5HZQPNmxpn/l7Z7rydyO59+WBgUn5FuKxHBV0knNnjhCWicBVqs
5gA4vpV0gVMo8K3ftYccchdO7ACRIqrkiNf1PR8DEy0c+95ZaK3gF6Hujcy//s8k
Qu0m3SnQTmI8hTYbX2pHiCHlG4UKLOkv4CD8Hc1VZvWsMgCOo+nt+zWn5nZTQsZ3
d6uQmXzC7MkYSjz0EXUng72ewo8jq1JG4lJdmgTDFR9pnHJpWVLUaT0ZdzYlrwdx
gt63JGCCanK77bZ2rn68fS9zSwQW1aTzAyb78817d358jWWupdxs43DSKWvy63bJ
5UYYElewVaV8zUGTJpn3pcU0vll53gpXXyH4mFLwL3tXtp38QKZV+6/ZFpsgT6ij
CwRI43cixMxXFDOi8JrjEr3/covuUvPJWcKia6V1SFGCDnr//kHNfGPSU6gRA7kD
B/5mOF+iPpwbAgEC
-----END DH PARAMETERS-----

View File

@ -0,0 +1,8 @@
-----BEGIN CERTIFICATE-----
MIIBJDCByaADAgECAgEAMAwGCCqGSM49BAMCBQAwGjELMAkGA1UEChMCV1IxCzAJBgNVBAYTAkRF
MB4XDTE3MDIwNjE0NTY0MVoXDTE4MDIwNjE0NTY0MVowGjELMAkGA1UEChMCV1IxCzAJBgNVBAYT
AkRFMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEJcD9Frgr8rgKHt2szmJSfFgKYH1Xddq9EcHV
KupUa3bmPTb33VGXa6gm/numvZZVhVCdmn5pAdhDRYnZ/korJjAMBggqhkjOPQQDAgUAA0gAMEUC
IDnBQOHgHIudh7nFB0wG/WFMoUutVFN0uQPbVJSWwbQHAiEAmw25n+eEMgMK4Gi7qH1lzxm11WX0
jM1gxQSGZTaja8s=
-----END CERTIFICATE-----

View File

@ -0,0 +1,4 @@
-----BEGIN PRIVATE KEY-----
MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCBmlE/nixmHCpmplUopbqNEo+jJE40p
wfkxzH01tAWqcQ==
-----END PRIVATE KEY-----

4
certs/ecc-privkey.pem Normal file
View File

@ -0,0 +1,4 @@
-----BEGIN EC PRIVATE KEY-----
MDECAQEEIEW2aQJznGyFoThbcujox6zEA41TNQT6bCjcNI3hqAmMoAoGCCqGSM49
AwEH
-----END EC PRIVATE KEY-----

51
certs/ecc/genecc.sh Executable file
View File

@ -0,0 +1,51 @@
#!/bin/bash
# run from wolfssl root
rm ./certs/ecc/*.old
rm ./certs/ecc/index.txt*
rm ./certs/ecc/serial
rm ./certs/ecc/crlnumber
touch ./certs/ecc/index.txt
echo 1000 > ./certs/ecc/serial
echo 2000 > ./certs/ecc/crlnumber
# generate ECC 256-bit CA
openssl ecparam -out ./certs/ca-ecc-key.par -name prime256v1
openssl req -config ./certs/ecc/wolfssl.cnf -extensions v3_ca -x509 -nodes -newkey ec:./certs/ca-ecc-key.par -keyout ./certs/ca-ecc-key.pem -out ./certs/ca-ecc-cert.pem -sha256 -days 7300 -batch -subj "/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Development/CN=www.wolfssl.com/emailAddress=info@wolfssl.com"
openssl x509 -in ./certs/ca-ecc-cert.pem -inform PEM -out ./certs/ca-ecc-cert.der -outform DER
openssl ec -in ./certs/ca-ecc-key.pem -inform PEM -out ./certs/ca-ecc-key.der -outform DER
rm ./certs/ca-ecc-key.par
# generate ECC 384-bit CA
openssl ecparam -out ./certs/ca-ecc384-key.par -name secp384r1
openssl req -config ./certs/ecc/wolfssl.cnf -extensions v3_ca -x509 -nodes -newkey ec:./certs/ca-ecc384-key.par -keyout ./certs/ca-ecc384-key.pem -out ./certs/ca-ecc384-cert.pem -sha384 -days 7300 -batch -subj "/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Development/CN=www.wolfssl.com/emailAddress=info@wolfssl.com"
openssl x509 -in ./certs/ca-ecc384-cert.pem -inform PEM -out ./certs/ca-ecc384-cert.der -outform DER
openssl ec -in ./certs/ca-ecc384-key.pem -inform PEM -out ./certs/ca-ecc384-key.der -outform DER
rm ./certs/ca-ecc384-key.par
# Generate ECC 256-bit server cert
openssl req -config ./certs/ecc/wolfssl.cnf -sha256 -new -key ./certs/ecc-key.pem -out ./certs/server-ecc-req.pem -subj "/C=US/ST=Washington/L=Seattle/O=Eliptic/OU=ECC/CN=www.wolfssl.com/emailAddress=info@wolfssl.com/"
openssl x509 -req -in ./certs/server-ecc-req.pem -CA ./certs/ca-ecc-cert.pem -CAkey ./certs/ca-ecc-key.pem -CAcreateserial -out ./certs/server-ecc.pem -sha256
# Sign server certificate
openssl ca -config ./certs/ecc/wolfssl.cnf -extensions server_cert -days 3650 -notext -md sha256 -in ./certs/server-ecc-req.pem -out ./certs/server-ecc.pem
openssl x509 -in ./certs/server-ecc.pem -outform der -out ./certs/server-ecc.der
rm ./certs/server-ecc-req.pem
# Gen CRL
openssl ca -config ./certs/ecc/wolfssl.cnf -gencrl -crldays 1000 -out ./certs/crl/caEccCrl.pem -keyfile ./certs/ca-ecc-key.pem -cert ./certs/ca-ecc-cert.pem
openssl ca -config ./certs/ecc/wolfssl.cnf -gencrl -crldays 1000 -out ./certs/crl/caEcc384Crl.pem -keyfile ./certs/ca-ecc384-key.pem -cert ./certs/ca-ecc384-cert.pem
# Also manually need to:
# 1. Copy ./certs/server-ecc.der into ./certs/test/server-cert-ecc-badsig.der `cp ./certs/server-ecc.der ./certs/test/server-cert-ecc-badsig.der`
# 2. Modify last byte so its invalidates signature in ./certs/test/server-cert-ecc-badsig.der
# 3. Covert bad cert to pem `openssl x509 -inform der -in ./certs/test/server-cert-ecc-badsig.der -outform pem -out ./certs/test/server-cert-ecc-badsig.pem`
# 4. Update AKID's for CA's in test.c certext_test() function akid_ecc.

8
certs/ecc/include.am Normal file
View File

@ -0,0 +1,8 @@
# vim:ft=automake
# All paths should be given relative to the root
#
EXTRA_DIST += \
certs/ecc/genecc.sh \
certs/ecc/wolfssl.cnf

109
certs/ecc/wolfssl.cnf Normal file
View File

@ -0,0 +1,109 @@
[ ca ]
# `man ca`
default_ca = CA_default
[ CA_default ]
# Directory and file locations.
dir = .
certs = $dir/certs
new_certs_dir = $dir/certs
database = $dir/certs/ecc/index.txt
serial = $dir/certs/ecc/serial
RANDFILE = $dir/private/.rand
# The root key and root certificate.
private_key = $dir/certs/ca-ecc-key.pem
certificate = $dir/certs/ca-ecc-cert.pem
# For certificate revocation lists.
crlnumber = $dir/certs/ecc/crlnumber
crl_extensions = crl_ext
default_crl_days = 1000
# SHA-1 is deprecated, so use SHA-2 instead.
default_md = sha256
name_opt = ca_default
cert_opt = ca_default
default_days = 3650
preserve = no
policy = policy_loose
[ policy_strict ]
# The root CA should only sign intermediate certificates that match.
# See the POLICY FORMAT section of `man ca`.
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ policy_loose ]
# Allow the intermediate CA to sign a more diverse range of certificates.
# See the POLICY FORMAT section of the `ca` man page.
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ req ]
# Options for the `req` tool (`man req`).
default_bits = 2048
distinguished_name = req_distinguished_name
string_mask = utf8only
# SHA-1 is deprecated, so use SHA-2 instead.
default_md = sha256
# Extension to add when the -x509 option is used.
x509_extensions = v3_ca
[ req_distinguished_name ]
countryName = US
stateOrProvinceName = Washington
localityName = Seattle
0.organizationName = wolfSSL
organizationalUnitName = Development
commonName = www.wolfssl.com
emailAddress = info@wolfssl.com
[ v3_ca ]
# Extensions for a typical CA (`man x509v3_config`).
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer
basicConstraints = critical, CA:true
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
[ v3_intermediate_ca ]
# Extensions for a typical intermediate CA (`man x509v3_config`).
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer
basicConstraints = critical, CA:true, pathlen:0
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
[ usr_cert ]
# Extensions for client certificates (`man x509v3_config`).
basicConstraints = CA:FALSE
nsCertType = client, email
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = clientAuth, emailProtection
[ server_cert ]
# Extensions for server certificates (`man x509v3_config`).
basicConstraints = CA:FALSE
nsCertType = server
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer:always
keyUsage = critical, digitalSignature, keyEncipherment, keyAgreement
extendedKeyUsage = serverAuth
[ crl_ext ]
# Extension for CRLs (`man x509v3_config`).
authorityKeyIdentifier=keyid:always

Binary file not shown.

View File

@ -0,0 +1,4 @@
-----BEGIN EDDSA PRIVATE KEY-----
MFICAQAwBQYDK2VwBCIEIE3EyZVR/gbofvUgIsCeuA3yZ9E7DbTQxW7HMDYQhbxl
oSIEIEEH7HUMaHISPASCB24Wb0BBbaSPCPLinadDwiQomH6s
-----END EDDSA PRIVATE KEY-----

Binary file not shown.

View File

@ -0,0 +1,15 @@
-----BEGIN CERTIFICATE-----
MIICWTCCAgugAwIBAgIIAfbhPrx5oYUwBQYDK2VwMIGfMQswCQYDVQQGEwJVUzEQ
MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjENMAsGA1UEBAwEUm9v
dDEQMA4GA1UECgwHd29sZlNTTDEQMA4GA1UECwwHRUQyNTUxOTEYMBYGA1UEAwwP
d3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
MCIYDzIwMTcwNTI4MjMyNjI5WhgPMjAxOTA1MjkyMzI2MjlaMIGdMQswCQYDVQQG
EwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjELMAkGA1UE
BAwCQ0ExEDAOBgNVBAoMB3dvbGZTU0wxEDAOBgNVBAsMB0VEMjU1MTkxGDAWBgNV
BAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3Ns
LmNvbTAqMAUGAytlcAMhAEEH7HUMaHISPASCB24Wb0BBbaSPCPLinadDwiQomH6s
o2EwXzAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBSS1Qva8QSLuaGLAwKfWAA1Ngd6
yTAfBgNVHSMEGDAWgBSGwCfpnvqFwf3jb/xUWXI3xzOSuzAPBgNVHQ8BAf8EBQMC
AcYAMAUGAytlcANBACIbBhfAEXQfZNGj9nsGABoLUI7rsWOSRbrc4sFoFCMMbiyV
PLEcGSeYUD5VUczESVivuUZP7ZxXOAQp1KkS/gg=
-----END CERTIFICATE-----

Binary file not shown.

View File

@ -0,0 +1,4 @@
-----BEGIN EDDSA PRIVATE KEY-----
MFICAQAwBQYDK2VwBCIEIBGdNYxa3ommO8aYO1oGaGSRQBqDYB0sKOdR3bqejqIQ
oSIEIDY9UZ60w5FgsDoJuIdapQUPW1PlZBc+cLkNZhKk5fFR
-----END EDDSA PRIVATE KEY-----

Binary file not shown.

View File

@ -0,0 +1,15 @@
-----BEGIN CERTIFICATE-----
MIICUTCCAgOgAwIBAgIIAckQps/YSE8wBQYDK2VwMIGhMQswCQYDVQQGEwJVUzEQ
MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEPMA0GA1UEBAwGY2xp
ZW50MRAwDgYDVQQKDAd3b2xmU1NMMRAwDgYDVQQLDAdFRDI1NTE5MRgwFgYDVQQD
DA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
b20wIhgPMjAxNzA1MjgyMzI2MjlaGA8yMDE5MDUyOTIzMjYyOVowgaExCzAJBgNV
BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMQ8wDQYD
VQQEDAZjbGllbnQxEDAOBgNVBAoMB3dvbGZTU0wxEDAOBgNVBAsMB0VEMjU1MTkx
GDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3
b2xmc3NsLmNvbTAqMAUGAytlcAMhADY9UZ60w5FgsDoJuIdapQUPW1PlZBc+cLkN
ZhKk5fFRo1MwUTAdBgNVHQ4EFgQUppdwk1xpkyuWMh6Heza6k5opV/EwHwYDVR0j
BBgwFoAUppdwk1xpkyuWMh6Heza6k5opV/EwDwYDVR0PAQH/BAUDAgbAADAFBgMr
ZXADQQCUo3bb4Zv2vjs09vniOoogAIHBlj4tOdodJ/vVfSFRGfo5MTbFOa4RmAvZ
kz+W324RkBsIl8R8ksENe87bJwAP
-----END CERTIFICATE-----

Binary file not shown.

View File

@ -0,0 +1,4 @@
-----BEGIN EDDSA PRIVATE KEY-----
MFICAQAwBQYDK2VwBCIEIFwOftlJ9QL4yEBIBh9UmTRwCu+A6puPK9OFmVk0A19P
oSIEIKZgKbt92EfL1B7QbQ9XANgqH1BqQrxd5bgZZbLfJK9Q
-----END EDDSA PRIVATE KEY-----

Binary file not shown.

View File

@ -0,0 +1,15 @@
-----BEGIN CERTIFICATE-----
MIICWzCCAg2gAwIBAgIIAcUx7uhNOB4wBQYDK2VwMIGfMQswCQYDVQQGEwJVUzEQ
MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjENMAsGA1UEBAwEUm9v
dDEQMA4GA1UECgwHd29sZlNTTDEQMA4GA1UECwwHRUQyNTUxOTEYMBYGA1UEAwwP
d3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
MCIYDzIwMTcwNTI4MjMyNjI5WhgPMjAxOTA1MjkyMzI2MjlaMIGfMQswCQYDVQQG
EwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjENMAsGA1UE
BAwEUm9vdDEQMA4GA1UECgwHd29sZlNTTDEQMA4GA1UECwwHRUQyNTUxOTEYMBYG
A1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZz
c2wuY29tMCowBQYDK2VwAyEApmApu33YR8vUHtBtD1cA2CofUGpCvF3luBllst8k
r1CjYTBfMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFIbAJ+me+oXB/eNv/FRZcjfH
M5K7MB8GA1UdIwQYMBaAFIbAJ+me+oXB/eNv/FRZcjfHM5K7MA8GA1UdDwEB/wQF
AwIBxgAwBQYDK2VwA0EAGj129Ed4mXezQYuGBMzeglOtvFvz3UqPLBGTRI49gqqw
2/VnVoX532VvhensyCrk3/tRluh1wMnenEQlncm/CQ==
-----END CERTIFICATE-----

Binary file not shown.

View File

@ -0,0 +1,4 @@
-----BEGIN EDDSA PRIVATE KEY-----
MFICAQAwBQYDK2VwBCIEINjpdrI/H/eIdfXd+HrGSTBu6Z/LnR4rwBjvu3WJ5ndn
oSIEIBowiBhHL5faBPSk471sDBa5SMHRQteOkoSgdCpDng4p
-----END EDDSA PRIVATE KEY-----

Binary file not shown.

View File

@ -0,0 +1,30 @@
-----BEGIN CERTIFICATE-----
MIICSzCCAf2gAwIBAgIIAdCSEGpaRlcwBQYDK2VwMIGdMQswCQYDVQQGEwJVUzEQ
MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjELMAkGA1UEBAwCQ0Ex
EDAOBgNVBAoMB3dvbGZTU0wxEDAOBgNVBAsMB0VEMjU1MTkxGDAWBgNVBAMMD3d3
dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAi
GA8yMDE3MDUyODIzMjYyOVoYDzIwMTkwNTI5MjMyNjI5WjCBnzELMAkGA1UEBhMC
VVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xDTALBgNVBAQM
BExlYWYxEDAOBgNVBAoMB3dvbGZTU0wxEDAOBgNVBAsMB0VEMjU1MTkxGDAWBgNV
BAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3Ns
LmNvbTAqMAUGAytlcAMhABowiBhHL5faBPSk471sDBa5SMHRQteOkoSgdCpDng4p
o1MwUTAdBgNVHQ4EFgQU9rKEGpW0cDJT/tnrmymAS9a18cAwHwYDVR0jBBgwFoAU
ktUL2vEEi7mhiwMCn1gANTYHeskwDwYDVR0PAQH/BAUDAgbAADAFBgMrZXADQQAS
VncMlkKY2skVbE5IlQUd0Hgy+IZGmkabZIsxsBlrd5mL//wCNgULaTeHYnXaUCwt
XVKUPwCdGEVvNxKO9OQA
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICWTCCAgugAwIBAgIIAfbhPrx5oYUwBQYDK2VwMIGfMQswCQYDVQQGEwJVUzEQ
MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjENMAsGA1UEBAwEUm9v
dDEQMA4GA1UECgwHd29sZlNTTDEQMA4GA1UECwwHRUQyNTUxOTEYMBYGA1UEAwwP
d3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
MCIYDzIwMTcwNTI4MjMyNjI5WhgPMjAxOTA1MjkyMzI2MjlaMIGdMQswCQYDVQQG
EwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjELMAkGA1UE
BAwCQ0ExEDAOBgNVBAoMB3dvbGZTU0wxEDAOBgNVBAsMB0VEMjU1MTkxGDAWBgNV
BAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3Ns
LmNvbTAqMAUGAytlcAMhAEEH7HUMaHISPASCB24Wb0BBbaSPCPLinadDwiQomH6s
o2EwXzAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBSS1Qva8QSLuaGLAwKfWAA1Ngd6
yTAfBgNVHSMEGDAWgBSGwCfpnvqFwf3jb/xUWXI3xzOSuzAPBgNVHQ8BAf8EBQMC
AcYAMAUGAytlcANBACIbBhfAEXQfZNGj9nsGABoLUI7rsWOSRbrc4sFoFCMMbiyV
PLEcGSeYUD5VUczESVivuUZP7ZxXOAQp1KkS/gg=
-----END CERTIFICATE-----

View File

@ -0,0 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ
RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD
VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX
DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y
ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy
VHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr
mD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr
IZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK
mpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu
XmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy
dc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye
jl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1
BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3
DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92
9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx
jkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0
Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz
ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS
R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp
-----END CERTIFICATE-----

23
certs/external/ca-digicert-ev.pem vendored Normal file
View File

@ -0,0 +1,23 @@
-----BEGIN CERTIFICATE-----
MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j
ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL
MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3
LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug
RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm
+9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW
PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM
xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB
Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3
hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg
EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF
MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA
FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec
nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z
eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF
hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2
Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe
vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep
+OkuE6N36B9K
-----END CERTIFICATE-----

View File

@ -1,22 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G
A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp
Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1
MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG
A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL
v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8
eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq
tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd
C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa
zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB
mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH
V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n
bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG
3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs
J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO
291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS
ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd
AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7
TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg==
-----END CERTIFICATE-----

View File

@ -0,0 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4G
A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNp
Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4
MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEG
A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWtiHL8
RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsT
gHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmm
KPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zd
QQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZ
XriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAw
DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI/wS3+o
LkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZU
RUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMp
jjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK
6fBdRoyV3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQX
mcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecs
Mx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpH
WD9f
-----END CERTIFICATE-----

View File

@ -1,28 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCB
yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp
U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW
ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0
aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCByjEL
MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW
ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2ln
biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp
U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y
aXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1
nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbex
t0uz/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIz
SdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQG
BO+QueQA5N06tRn/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+
rCpSx4/VBEnkjWNHiDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/
NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E
BAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAH
BgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVy
aXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFH/TZafC3ey78DAJ80M5+gKv
MzEzMA0GCSqGSIb3DQEBBQUAA4IBAQCTJEowX2LP2BqYLz3q3JktvXf2pXkiOOzE
p6B4Eq1iDkVwZMXnl2YtmAl+X6/WzChl8gGqCBpH3vn5fJJaCGkgDdk+bW48DW7Y
5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKEKQsTb47bDN0lAtukixlE0kF6BWlK
WE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiCKm0oHw0LxOXnGiYZ
4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vEZV8N
hnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq
-----END CERTIFICATE-----

View File

@ -3,5 +3,5 @@
# #
EXTRA_DIST += \ EXTRA_DIST += \
certs/external/ca-globalsign-root-r2.pem \ certs/external/ca-globalsign-root-r3.pem \
certs/external/ca-verisign-g5.pem certs/external/baltimore-cybertrust-root.pem

45
certs/include.am Normal file → Executable file
View File

@ -9,6 +9,7 @@ EXTRA_DIST += \
certs/client-keyEnc.pem \ certs/client-keyEnc.pem \
certs/client-key.pem \ certs/client-key.pem \
certs/ecc-key.pem \ certs/ecc-key.pem \
certs/ecc-privkey.pem \
certs/ecc-keyPkcs8Enc.pem \ certs/ecc-keyPkcs8Enc.pem \
certs/ecc-key-comp.pem \ certs/ecc-key-comp.pem \
certs/ecc-keyPkcs8.pem \ certs/ecc-keyPkcs8.pem \
@ -20,10 +21,12 @@ EXTRA_DIST += \
certs/dh2048.pem \ certs/dh2048.pem \
certs/server-cert.pem \ certs/server-cert.pem \
certs/server-ecc.pem \ certs/server-ecc.pem \
certs/server-ecc-self.pem \
certs/server-ecc-comp.pem \ certs/server-ecc-comp.pem \
certs/server-ecc-rsa.pem \ certs/server-ecc-rsa.pem \
certs/server-keyEnc.pem \ certs/server-keyEnc.pem \
certs/server-key.pem \ certs/server-key.pem \
certs/server-keyPkcs8.der \
certs/server-keyPkcs8Enc12.pem \ certs/server-keyPkcs8Enc12.pem \
certs/server-keyPkcs8Enc2.pem \ certs/server-keyPkcs8Enc2.pem \
certs/server-keyPkcs8Enc.pem \ certs/server-keyPkcs8Enc.pem \
@ -32,7 +35,12 @@ EXTRA_DIST += \
certs/server-revoked-key.pem \ certs/server-revoked-key.pem \
certs/wolfssl-website-ca.pem \ certs/wolfssl-website-ca.pem \
certs/test-servercert.p12 \ certs/test-servercert.p12 \
certs/dsaparams.pem certs/dsaparams.pem \
certs/ecc-privOnlyKey.pem \
certs/ecc-privOnlyCert.pem \
certs/dh3072.pem \
certs/client-cert-3072.pem \
certs/client-key-3072.pem
EXTRA_DIST += \ EXTRA_DIST += \
certs/ca-key.der \ certs/ca-key.der \
certs/ca-cert.der \ certs/ca-cert.der \
@ -51,11 +59,46 @@ EXTRA_DIST += \
certs/server-cert.der \ certs/server-cert.der \
certs/server-ecc-comp.der \ certs/server-ecc-comp.der \
certs/server-ecc.der \ certs/server-ecc.der \
certs/server-ecc-self.der \
certs/server-ecc-rsa.der \ certs/server-ecc-rsa.der \
certs/server-cert-chain.der certs/server-cert-chain.der
EXTRA_DIST += \
certs/ed25519/ca-ed25519.der \
certs/ed25519/ca-ed25519-key.der \
certs/ed25519/ca-ed25519-key.pem \
certs/ed25519/ca-ed25519.pem \
certs/ed25519/client-ed25519.der \
certs/ed25519/client-ed25519-key.der \
certs/ed25519/client-ed25519-key.pem \
certs/ed25519/client-ed25519.pem \
certs/ed25519/root-ed25519.der \
certs/ed25519/root-ed25519-key.der \
certs/ed25519/root-ed25519-key.pem \
certs/ed25519/root-ed25519.pem \
certs/ed25519/server-ed25519.der \
certs/ed25519/server-ed25519-key.der \
certs/ed25519/server-ed25519-key.pem \
certs/ed25519/server-ed25519.pem
# ECC CA prime256v1
EXTRA_DIST += \
certs/ca-ecc-cert.der \
certs/ca-ecc-cert.pem \
certs/ca-ecc-key.der \
certs/ca-ecc-key.pem
# ECC CA SECP384R1
EXTRA_DIST += \
certs/ca-ecc384-cert.der \
certs/ca-ecc384-cert.pem \
certs/ca-ecc384-key.der \
certs/ca-ecc384-key.pem
dist_doc_DATA+= certs/taoCert.txt dist_doc_DATA+= certs/taoCert.txt
EXTRA_DIST+= certs/ntru-key.raw EXTRA_DIST+= certs/ntru-key.raw
include certs/test/include.am
include certs/test-pathlen/include.am include certs/test-pathlen/include.am
include certs/test/include.am
include certs/ecc/include.am

View File

@ -3,15 +3,11 @@
# #
EXTRA_DIST += \ EXTRA_DIST += \
certs/ocsp/index0.txt \ certs/ocsp/index-ca-and-intermediate-cas.txt \
certs/ocsp/index1.txt \ certs/ocsp/index-intermediate1-ca-issued-certs.txt \
certs/ocsp/index2.txt \ certs/ocsp/index-intermediate3-ca-issued-certs.txt \
certs/ocsp/index3.txt \ certs/ocsp/index-intermediate3-ca-issued-certs.txt \
certs/ocsp/openssl.cnf \ certs/ocsp/openssl.cnf \
certs/ocsp/ocspd0.sh \
certs/ocsp/ocspd1.sh \
certs/ocsp/ocspd2.sh \
certs/ocsp/ocspd3.sh \
certs/ocsp/intermediate1-ca-key.pem \ certs/ocsp/intermediate1-ca-key.pem \
certs/ocsp/intermediate1-ca-cert.pem \ certs/ocsp/intermediate1-ca-cert.pem \
certs/ocsp/intermediate2-ca-key.pem \ certs/ocsp/intermediate2-ca-key.pem \

View File

@ -0,0 +1,8 @@
#!/bin/sh
openssl ocsp -port 22221 -nmin 1 \
-index certs/ocsp/index-intermediate1-ca-issued-certs.txt \
-rsigner certs/ocsp/intermediate1-ca-cert.pem \
-rkey certs/ocsp/intermediate1-ca-key.pem \
-CA certs/ocsp/intermediate1-ca-cert.pem \
$@

View File

@ -0,0 +1,8 @@
#!/bin/sh
openssl ocsp -port 22221 -nmin 1 \
-index certs/ocsp/index-intermediate1-ca-issued-certs.txt \
-rsigner certs/ocsp/ocsp-responder-cert.pem \
-rkey certs/ocsp/ocsp-responder-key.pem \
-CA certs/ocsp/intermediate1-ca-cert.pem \
$@

View File

@ -0,0 +1,8 @@
#!/bin/sh
openssl ocsp -port 22222 -nmin 1 \
-index certs/ocsp/index-intermediate2-ca-issued-certs.txt \
-rsigner certs/ocsp/ocsp-responder-cert.pem \
-rkey certs/ocsp/ocsp-responder-key.pem \
-CA certs/ocsp/intermediate2-ca-cert.pem \
$@

View File

@ -0,0 +1,8 @@
#!/bin/sh
openssl ocsp -port 22223 -nmin 1 \
-index certs/ocsp/index-intermediate3-ca-issued-certs.txt \
-rsigner certs/ocsp/ocsp-responder-cert.pem \
-rkey certs/ocsp/ocsp-responder-key.pem \
-CA certs/ocsp/intermediate3-ca-cert.pem \
$@

View File

@ -0,0 +1,8 @@
#!/bin/sh
openssl ocsp -port 22220 -nmin 1 \
-index certs/ocsp/index-ca-and-intermediate-cas.txt \
-rsigner certs/ocsp/ocsp-responder-cert.pem \
-rkey certs/ocsp/ocsp-responder-key.pem \
-CA certs/ocsp/root-ca-cert.pem \
$@

View File

@ -1,8 +0,0 @@
#!/bin/sh
openssl ocsp -port 22220 -nmin 1 \
-index certs/ocsp/index0.txt \
-rsigner certs/ocsp/ocsp-responder-cert.pem \
-rkey certs/ocsp/ocsp-responder-key.pem \
-CA certs/ocsp/root-ca-cert.pem \
$@

View File

@ -1,8 +0,0 @@
#!/bin/sh
openssl ocsp -port 22221 -nmin 1 \
-index certs/ocsp/index1.txt \
-rsigner certs/ocsp/ocsp-responder-cert.pem \
-rkey certs/ocsp/ocsp-responder-key.pem \
-CA certs/ocsp/intermediate1-ca-cert.pem \
$@

View File

@ -1,8 +0,0 @@
#!/bin/sh
openssl ocsp -port 22222 -nmin 1 \
-index certs/ocsp/index2.txt \
-rsigner certs/ocsp/ocsp-responder-cert.pem \
-rkey certs/ocsp/ocsp-responder-key.pem \
-CA certs/ocsp/intermediate2-ca-cert.pem \
$@

View File

@ -1,8 +0,0 @@
#!/bin/sh
openssl ocsp -port 22223 -nmin 1 \
-index certs/ocsp/index3.txt \
-rsigner certs/ocsp/ocsp-responder-cert.pem \
-rkey certs/ocsp/ocsp-responder-key.pem \
-CA certs/ocsp/intermediate3-ca-cert.pem \
$@

View File

@ -16,6 +16,7 @@
# 1024/client-cert.pem # 1024/client-cert.pem
# server-ecc-comp.pem # server-ecc-comp.pem
# client-ca.pem # client-ca.pem
# test/digsigku.pem
# updates the following crls: # updates the following crls:
# crl/cliCrl.pem # crl/cliCrl.pem
# crl/crl.pem # crl/crl.pem
@ -53,6 +54,24 @@ function run_renewcerts(){
openssl x509 -in client-cert.pem -text > tmp.pem openssl x509 -in client-cert.pem -text > tmp.pem
mv tmp.pem client-cert.pem mv tmp.pem client-cert.pem
############################################################
#### update the self-signed (3072-bit) client-cert.pem #####
############################################################
echo "Updating 3072-bit client-cert.pem"
echo ""
#pipe the following arguments to openssl req...
echo -e "US\nMontana\nBozeman\nwolfSSL_3072\nProgramming-3072\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -newkey rsa:3072 -keyout client-key-3072.pem -nodes -out client-cert-3072.csr
openssl x509 -req -in client-cert-3072.csr -days 1000 -extfile wolfssl.cnf -extensions wolfssl_opts -signkey client-key-3072.pem -out client-cert-3072.pem
rm client-cert-3072.csr
openssl x509 -in client-cert-3072.pem -text > tmp.pem
mv tmp.pem client-cert-3072.pem
############################################################ ############################################################
#### update the self-signed (1024-bit) client-cert.pem ##### #### update the self-signed (1024-bit) client-cert.pem #####
############################################################ ############################################################
@ -128,6 +147,23 @@ function run_renewcerts(){
cat ca_tmp.pem >> server-revoked-cert.pem cat ca_tmp.pem >> server-revoked-cert.pem
rm ca_tmp.pem rm ca_tmp.pem
########################################################### ###########################################################
########## update and sign server-duplicate-policy.pem ####
###########################################################
echo "Updating server-duplicate-policy.pem"
echo ""
#pipe the following arguments to openssl req...
echo -e "US\nMontana\nBozeman\nwolfSSL\ntesting duplicate policy\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key server-key.pem -nodes > ./test/server-duplicate-policy-req.pem
openssl x509 -req -in ./test/server-duplicate-policy-req.pem -extfile wolfssl.cnf -extensions policy_test -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 02 > ./test/server-duplicate-policy.pem
rm ./test/server-duplicate-policy-req.pem
openssl x509 -in ca-cert.pem -text > ca_tmp.pem
openssl x509 -in ./test/server-duplicate-policy.pem -text > srv_tmp.pem
mv srv_tmp.pem ./test/server-duplicate-policy.pem
cat ca_tmp.pem >> ./test/server-duplicate-policy.pem
rm ca_tmp.pem
###########################################################
#### update and sign (1024-bit) server-cert.pem ########### #### update and sign (1024-bit) server-cert.pem ###########
########################################################### ###########################################################
echo "Updating 1024-bit server-cert.pem" echo "Updating 1024-bit server-cert.pem"
@ -208,6 +244,22 @@ function run_renewcerts(){
echo "" echo ""
cat client-cert.pem client-ecc-cert.pem > client-ca.pem cat client-cert.pem client-ecc-cert.pem > client-ca.pem
############################################################
###### update the self-signed test/digsigku.pem ##########
############################################################
echo "Updating test/digsigku.pem"
echo ""
#pipe the following arguments to openssl req...
echo -e "US\nWashington\nSeattle\nFoofarah\nArglebargle\nfoobarbaz\ninfo@worlss.com\n.\n.\n" | openssl req -new -key ecc-key.pem -nodes -sha1 -out digsigku.csr
openssl x509 -req -in digsigku.csr -days 1000 -extfile wolfssl.cnf -extensions digsigku -signkey ecc-key.pem -sha1 -set_serial 16393466893990650224 -out digsigku.pem
rm digsigku.csr
openssl x509 -in digsigku.pem -text > tmp.pem
mv tmp.pem digsigku.pem
mv digsigku.pem test/digsigku.pem
############################################################ ############################################################
########## make .der files from .pem files ################# ########## make .der files from .pem files #################
############################################################ ############################################################

View File

@ -148,6 +148,28 @@ subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer authorityKeyIdentifier=keyid,issuer
proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
# Test of rejecting duplicate policy extension OIDs
[ policy_test ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints=CA:FALSE
certificatePolicies=1.2.3.4,@policy_add
[ policy_add ]
policyIdentifier=1.2.3.4
CPS.1="www.wolfssl.com"
userNotice.1=@policy_usr
[ policy_usr ]
explicitText="Test of duplicate OIDs with different qualifiers"
# create certificate without the digitalSignature bit set and uses sha1 sig
[ digsigku ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints=critical, CA:TRUE
keyUsage=critical, nonRepudiation, keyEncipherment
#tsa default #tsa default
[ tsa ] [ tsa ]
default_tsa = tsa_config1 default_tsa = tsa_config1

BIN
certs/server-ecc-self.der Normal file

Binary file not shown.

56
certs/server-ecc-self.pem Normal file
View File

@ -0,0 +1,56 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
ef:46:c7:a4:9b:bb:60:d3
Signature Algorithm: ecdsa-with-SHA256
Issuer: C=US, ST=Washington, L=Seattle, O=Eliptic, OU=ECC, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
Not Before: Aug 11 20:07:38 2016 GMT
Not After : May 8 20:07:38 2019 GMT
Subject: C=US, ST=Washington, L=Seattle, O=Eliptic, OU=ECC, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:bb:33:ac:4c:27:50:4a:c6:4a:a5:04:c3:3c:de:
9f:36:db:72:2d:ce:94:ea:2b:fa:cb:20:09:39:2c:
16:e8:61:02:e9:af:4d:d3:02:93:9a:31:5b:97:92:
21:7f:f0:cf:18:da:91:11:02:34:86:e8:20:58:33:
0b:80:34:89:d8
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30
X509v3 Authority Key Identifier:
keyid:5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30
DirName:/C=US/ST=Washington/L=Seattle/O=Eliptic/OU=ECC/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:EF:46:C7:A4:9B:BB:60:D3
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: ecdsa-with-SHA256
30:46:02:21:00:f1:d0:a6:3e:83:33:24:d1:7a:05:5f:1e:0e:
bd:7d:6b:33:e9:f2:86:f3:f3:3d:a9:ef:6a:87:31:b3:b7:7e:
50:02:21:00:f0:60:dd:ce:a2:db:56:ec:d9:f4:e4:e3:25:d4:
b0:c9:25:7d:ca:7a:5d:ba:c4:b2:f6:7d:04:c7:bd:62:c9:20
-----BEGIN CERTIFICATE-----
MIIDEDCCArWgAwIBAgIJAO9Gx6Sbu2DTMAoGCCqGSM49BAMCMIGPMQswCQYDVQQG
EwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEQMA4G
A1UECgwHRWxpcHRpYzEMMAoGA1UECwwDRUNDMRgwFgYDVQQDDA93d3cud29sZnNz
bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwODEx
MjAwNzM4WhcNMTkwNTA4MjAwNzM4WjCBjzELMAkGA1UEBhMCVVMxEzARBgNVBAgM
Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB0VsaXB0aWMx
DDAKBgNVBAsMA0VDQzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZI
hvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD
QgAEuzOsTCdQSsZKpQTDPN6fNttyLc6U6iv6yyAJOSwW6GEC6a9N0wKTmjFbl5Ih
f/DPGNqREQI0huggWDMLgDSJ2KOB9zCB9DAdBgNVHQ4EFgQUXV0m76x+NvmbdhUr
SiUCI++yiTAwgcQGA1UdIwSBvDCBuYAUXV0m76x+NvmbdhUrSiUCI++yiTChgZWk
gZIwgY8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQH
DAdTZWF0dGxlMRAwDgYDVQQKDAdFbGlwdGljMQwwCgYDVQQLDANFQ0MxGDAWBgNV
BAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3Ns
LmNvbYIJAO9Gx6Sbu2DTMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIh
APHQpj6DMyTRegVfHg69fWsz6fKG8/M9qe9qhzGzt35QAiEA8GDdzqLbVuzZ9OTj
JdSwySV9ynpdusSy9n0Ex71iySA=
-----END CERTIFICATE-----

BIN
certs/server-ecc.der Normal file → Executable file

Binary file not shown.

68
certs/server-ecc.pem Normal file → Executable file
View File

@ -1,13 +1,12 @@
Certificate: Certificate:
Data: Data:
Version: 3 (0x2) Version: 3 (0x2)
Serial Number: Serial Number: 4096 (0x1000)
ef:46:c7:a4:9b:bb:60:d3
Signature Algorithm: ecdsa-with-SHA256 Signature Algorithm: ecdsa-with-SHA256
Issuer: C=US, ST=Washington, L=Seattle, O=Eliptic, OU=ECC, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity Validity
Not Before: Aug 11 20:07:38 2016 GMT Not Before: Oct 20 18:19:06 2017 GMT
Not After : May 8 20:07:38 2019 GMT Not After : Oct 18 18:19:06 2027 GMT
Subject: C=US, ST=Washington, L=Seattle, O=Eliptic, OU=ECC, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject: C=US, ST=Washington, L=Seattle, O=Eliptic, OU=ECC, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Subject Public Key Info: Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey Public Key Algorithm: id-ecPublicKey
@ -21,36 +20,43 @@ Certificate:
ASN1 OID: prime256v1 ASN1 OID: prime256v1
NIST CURVE: P-256 NIST CURVE: P-256
X509v3 extensions: X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Server
X509v3 Subject Key Identifier: X509v3 Subject Key Identifier:
5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30 5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30
X509v3 Authority Key Identifier: X509v3 Authority Key Identifier:
keyid:5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30 keyid:56:8E:9A:C3:F0:42:DE:18:B9:45:55:6E:F9:93:CF:EA:C3:F3:A5:21
DirName:/C=US/ST=Washington/L=Seattle/O=Eliptic/OU=ECC/CN=www.wolfssl.com/emailAddress=info@wolfssl.com DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Development/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:EF:46:C7:A4:9B:BB:60:D3 serial:97:B4:BD:16:78:F8:47:F2
X509v3 Basic Constraints: X509v3 Key Usage: critical
CA:TRUE Digital Signature, Key Encipherment, Key Agreement
X509v3 Extended Key Usage:
TLS Web Server Authentication
Signature Algorithm: ecdsa-with-SHA256 Signature Algorithm: ecdsa-with-SHA256
30:46:02:21:00:f1:d0:a6:3e:83:33:24:d1:7a:05:5f:1e:0e: 30:46:02:21:00:be:b8:58:f0:e4:15:01:1f:df:70:54:73:4a:
bd:7d:6b:33:e9:f2:86:f3:f3:3d:a9:ef:6a:87:31:b3:b7:7e: 6c:40:1f:77:a8:b4:eb:52:1e:bf:f5:0d:b1:33:ca:6a:c4:76:
50:02:21:00:f0:60:dd:ce:a2:db:56:ec:d9:f4:e4:e3:25:d4: b9:02:21:00:97:08:de:2c:28:c1:45:71:b6:2c:54:87:98:63:
b0:c9:25:7d:ca:7a:5d:ba:c4:b2:f6:7d:04:c7:bd:62:c9:20 76:a8:21:34:90:a8:f7:9e:3f:fc:02:b0:e7:d3:09:31:27:e4
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIDEDCCArWgAwIBAgIJAO9Gx6Sbu2DTMAoGCCqGSM49BAMCMIGPMQswCQYDVQQG MIIDUDCCAvWgAwIBAgICEAAwCgYIKoZIzj0EAwIwgZcxCzAJBgNVBAYTAlVTMRMw
EwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEQMA4G EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3
A1UECgwHRWxpcHRpYzEMMAoGA1UECwwDRUNDMRgwFgYDVQQDDA93d3cud29sZnNz b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UEAwwPd3d3LndvbGZz
bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwODEx c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE3MTAy
MjAwNzM4WhcNMTkwNTA4MjAwNzM4WjCBjzELMAkGA1UEBhMCVVMxEzARBgNVBAgM MDE4MTkwNloXDTI3MTAxODE4MTkwNlowgY8xCzAJBgNVBAYTAlVTMRMwEQYDVQQI
Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB0VsaXB0aWMx DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAdFbGlwdGlj
DDAKBgNVBAsMA0VDQzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZI MQwwCgYDVQQLDANFQ0MxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
hvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEH
QgAEuzOsTCdQSsZKpQTDPN6fNttyLc6U6iv6yyAJOSwW6GEC6a9N0wKTmjFbl5Ih A0IABLszrEwnUErGSqUEwzzenzbbci3OlOor+ssgCTksFuhhAumvTdMCk5oxW5eS
f/DPGNqREQI0huggWDMLgDSJ2KOB9zCB9DAdBgNVHQ4EFgQUXV0m76x+NvmbdhUr IX/wzxjakRECNIboIFgzC4A0idijggE1MIIBMTAJBgNVHRMEAjAAMBEGCWCGSAGG
SiUCI++yiTAwgcQGA1UdIwSBvDCBuYAUXV0m76x+NvmbdhUrSiUCI++yiTChgZWk +EIBAQQEAwIGQDAdBgNVHQ4EFgQUXV0m76x+NvmbdhUrSiUCI++yiTAwgcwGA1Ud
gZIwgY8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQH IwSBxDCBwYAUVo6aw/BC3hi5RVVu+ZPP6sPzpSGhgZ2kgZowgZcxCzAJBgNVBAYT
DAdTZWF0dGxlMRAwDgYDVQQKDAdFbGlwdGljMQwwCgYDVQQLDANFQ0MxGDAWBgNV AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD
BAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3Ns VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UEAwwPd3d3
LmNvbYIJAO9Gx6Sbu2DTMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIh LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkA
APHQpj6DMyTRegVfHg69fWsz6fKG8/M9qe9qhzGzt35QAiEA8GDdzqLbVuzZ9OTj l7S9Fnj4R/IwDgYDVR0PAQH/BAQDAgOoMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAoG
JdSwySV9ynpdusSy9n0Ex71iySA= CCqGSM49BAMCA0kAMEYCIQC+uFjw5BUBH99wVHNKbEAfd6i061Iev/UNsTPKasR2
uQIhAJcI3iwowUVxtixUh5hjdqghNJCo954//AKw59MJMSfk
-----END CERTIFICATE----- -----END CERTIFICATE-----

BIN
certs/server-keyPkcs8.der Normal file

Binary file not shown.

View File

@ -0,0 +1,18 @@
[ req ]
distinguished_name = req_distinguished_name
prompt = no
x509_extensions = v3_ca
[ req_distinguished_name ]
C = AU
ST = Queensland
L = Brisbane
O = wolfSSL Inc
OU = Engineering
CN = www.wolfssl.com
emailAddress = support@www.wolfsssl.com
[ v3_ca ]
inhibitAnyPolicy = critical,1
nsComment = "Testing inhibit any"

BIN
certs/test/cert-ext-ia.der Normal file

Binary file not shown.

View File

@ -0,0 +1,18 @@
[ req ]
distinguished_name = req_distinguished_name
prompt = no
x509_extensions = v3_ca
[ req_distinguished_name ]
C = AU
ST = Queensland
L = Brisbane
O = wolfSSL Inc
OU = Engineering
CN = www.wolfssl.com
emailAddress = support@www.wolfsssl.com
[ v3_ca ]
nameConstraints = critical,permitted;email:.wolfssl.com
nsComment = "Testing name constraints"

BIN
certs/test/cert-ext-nc.der Normal file

Binary file not shown.

BIN
certs/test/cert-ext-ns.der Normal file

Binary file not shown.

View File

@ -1,17 +1,16 @@
Certificate: Certificate:
Data: Data:
Version: 3 (0x2) Version: 3 (0x2)
Serial Number: Serial Number: 16393466893990650224 (0xe3814b48a5706170)
e3:81:4b:48:a5:70:61:70
Signature Algorithm: ecdsa-with-SHA1 Signature Algorithm: ecdsa-with-SHA1
Issuer: C=US, ST=Washington, L=Seattle, O=Foofarah, OU=Arglebargle, CN=foobarbaz/emailAddress=info@worlss.com Issuer: C=US, ST=Washington, L=Seattle, O=Foofarah, OU=Arglebargle, CN=foobarbaz/emailAddress=info@worlss.com
Validity Validity
Not Before: Sep 10 00:45:36 2014 GMT Not Before: May 3 00:07:20 2017 GMT
Not After : Jun 6 00:45:36 2017 GMT Not After : Jan 28 00:07:20 2020 GMT
Subject: C=US, ST=Washington, L=Seattle, O=Foofarah, OU=Arglebargle, CN=foobarbaz/emailAddress=info@worlss.com Subject: C=US, ST=Washington, L=Seattle, O=Foofarah, OU=Arglebargle, CN=foobarbaz/emailAddress=info@worlss.com
Subject Public Key Info: Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey Public Key Algorithm: id-ecPublicKey
EC Public Key: Public-Key: (256 bit)
pub: pub:
04:bb:33:ac:4c:27:50:4a:c6:4a:a5:04:c3:3c:de: 04:bb:33:ac:4c:27:50:4a:c6:4a:a5:04:c3:3c:de:
9f:36:db:72:2d:ce:94:ea:2b:fa:cb:20:09:39:2c: 9f:36:db:72:2d:ce:94:ea:2b:fa:cb:20:09:39:2c:
@ -19,34 +18,40 @@ Certificate:
21:7f:f0:cf:18:da:91:11:02:34:86:e8:20:58:33: 21:7f:f0:cf:18:da:91:11:02:34:86:e8:20:58:33:
0b:80:34:89:d8 0b:80:34:89:d8
ASN1 OID: prime256v1 ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions: X509v3 extensions:
X509v3 Subject Key Identifier: X509v3 Subject Key Identifier:
5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30 5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30
X509v3 Authority Key Identifier: X509v3 Authority Key Identifier:
keyid:5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30 keyid:5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30
DirName:/C=US/ST=Washington/L=Seattle/O=Foofarah/OU=Arglebargle/CN=foobarbaz/emailAddress=info@worlss.com
serial:E3:81:4B:48:A5:70:61:70
X509v3 Basic Constraints: critical X509v3 Basic Constraints: critical
CA:TRUE CA:TRUE
X509v3 Key Usage: critical X509v3 Key Usage: critical
Non Repudiation, Key Encipherment Non Repudiation, Key Encipherment
Signature Algorithm: ecdsa-with-SHA1 Signature Algorithm: ecdsa-with-SHA1
30:46:02:21:00:f4:36:ee:86:21:d5:c7:1f:2d:0d:bb:29:ae: 30:46:02:21:00:fe:d6:30:36:fb:43:39:51:d7:4a:02:24:5e:
c1:74:ff:a3:ce:41:fe:cb:93:eb:ff:ef:fe:e3:4d:20:e5:18: b4:b1:11:e3:83:66:00:fc:24:12:1a:7e:a8:05:77:ca:f7:24:
65:02:21:00:b1:39:13:12:e2:b5:19:f2:8f:5b:40:ac:7a:5c: 2d:02:21:00:fb:59:c3:e9:6e:9b:f6:a2:46:0b:d8:ad:33:fb:
e2:a6:e3:d3:e6:9f:79:3c:29:d8:c6:7d:88:f4:60:0c:48:00 89:2d:80:d6:1d:68:1f:f7:d7:93:f1:0b:7a:6b:81:f5:af:62
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIICfTCCAiOgAwIBAgIJAOOBS0ilcGFwMAkGByqGSM49BAEwgZExCzAJBgNVBAYT MIIDKTCCAs+gAwIBAgIJAOOBS0ilcGFwMAkGByqGSM49BAEwgZExCzAJBgNVBAYT
AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMREwDwYD AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMREwDwYD
VQQKDAhGb29mYXJhaDEUMBIGA1UECwwLQXJnbGViYXJnbGUxEjAQBgNVBAMMCWZv VQQKDAhGb29mYXJhaDEUMBIGA1UECwwLQXJnbGViYXJnbGUxEjAQBgNVBAMMCWZv
b2JhcmJhejEeMBwGCSqGSIb3DQEJARYPaW5mb0B3b3Jsc3MuY29tMB4XDTE0MDkx b2JhcmJhejEeMBwGCSqGSIb3DQEJARYPaW5mb0B3b3Jsc3MuY29tMB4XDTE3MDUw
MDAwNDUzNloXDTE3MDYwNjAwNDUzNlowgZExCzAJBgNVBAYTAlVTMRMwEQYDVQQI MzAwMDcyMFoXDTIwMDEyODAwMDcyMFowgZExCzAJBgNVBAYTAlVTMRMwEQYDVQQI
DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMREwDwYDVQQKDAhGb29mYXJh DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMREwDwYDVQQKDAhGb29mYXJh
aDEUMBIGA1UECwwLQXJnbGViYXJnbGUxEjAQBgNVBAMMCWZvb2JhcmJhejEeMBwG aDEUMBIGA1UECwwLQXJnbGViYXJnbGUxEjAQBgNVBAMMCWZvb2JhcmJhejEeMBwG
CSqGSIb3DQEJARYPaW5mb0B3b3Jsc3MuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0D CSqGSIb3DQEJARYPaW5mb0B3b3Jsc3MuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0D
AQcDQgAEuzOsTCdQSsZKpQTDPN6fNttyLc6U6iv6yyAJOSwW6GEC6a9N0wKTmjFb AQcDQgAEuzOsTCdQSsZKpQTDPN6fNttyLc6U6iv6yyAJOSwW6GEC6a9N0wKTmjFb
l5Ihf/DPGNqREQI0huggWDMLgDSJ2KNjMGEwHQYDVR0OBBYEFF1dJu+sfjb5m3YV l5Ihf/DPGNqREQI0huggWDMLgDSJ2KOCAQ0wggEJMB0GA1UdDgQWBBRdXSbvrH42
K0olAiPvsokwMB8GA1UdIwQYMBaAFF1dJu+sfjb5m3YVK0olAiPvsokwMA8GA1Ud +Zt2FStKJQIj77KJMDCBxgYDVR0jBIG+MIG7gBRdXSbvrH42+Zt2FStKJQIj77KJ
EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgVgMAkGByqGSM49BAEDSQAwRgIhAPQ2 MKGBl6SBlDCBkTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAO
7oYh1ccfLQ27Ka7BdP+jzkH+y5Pr/+/+400g5RhlAiEAsTkTEuK1GfKPW0Cselzi BgNVBAcMB1NlYXR0bGUxETAPBgNVBAoMCEZvb2ZhcmFoMRQwEgYDVQQLDAtBcmds
puPT5p95PCnYxn2I9GAMSAA= ZWJhcmdsZTESMBAGA1UEAwwJZm9vYmFyYmF6MR4wHAYJKoZIhvcNAQkBFg9pbmZv
QHdvcmxzcy5jb22CCQDjgUtIpXBhcDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB
/wQEAwIFYDAJBgcqhkjOPQQBA0kAMEYCIQD+1jA2+0M5UddKAiRetLER44NmAPwk
Ehp+qAV3yvckLQIhAPtZw+lum/aiRgvYrTP7iS2A1h1oH/fXk/ELemuB9a9i
-----END CERTIFICATE----- -----END CERTIFICATE-----

View File

@ -0,0 +1,69 @@
#!/bin/sh
TMP="/tmp/`basename $0`"
gen_cert() {
openssl req -x509 -keyform DER -key certs/server-key.der \
-outform DER -out $OUT -config $CONFIG \
>$TMP 2>&1
if [ "$?" = "0" -a -f $OUT ]; then
echo "Created: $OUT"
else
cat $TMP
echo "Failed: $OUT"
fi
rm $TMP
}
OUT=certs/test/cert-ext-nc.der
KEYFILE=certs/test/cert-ext-nc-key.der
CONFIG=certs/test/cert-ext-nc.cfg
tee >$CONFIG <<EOF
[ req ]
distinguished_name = req_distinguished_name
prompt = no
x509_extensions = v3_ca
[ req_distinguished_name ]
C = AU
ST = Queensland
L = Brisbane
O = wolfSSL Inc
OU = Engineering
CN = www.wolfssl.com
emailAddress = support@www.wolfsssl.com
[ v3_ca ]
nameConstraints = critical,permitted;email:.wolfssl.com
nsComment = "Testing name constraints"
EOF
gen_cert
OUT=certs/test/cert-ext-ia.der
KEYFILE=certs/test/cert-ext-ia-key.der
CONFIG=certs/test/cert-ext-ia.cfg
tee >$CONFIG <<EOF
[ req ]
distinguished_name = req_distinguished_name
prompt = no
x509_extensions = v3_ca
[ req_distinguished_name ]
C = AU
ST = Queensland
L = Brisbane
O = wolfSSL Inc
OU = Engineering
CN = www.wolfssl.com
emailAddress = support@www.wolfsssl.com
[ v3_ca ]
inhibitAnyPolicy = critical,1
nsComment = "Testing inhibit any"
EOF
gen_cert

19
certs/test/include.am Normal file
View File

@ -0,0 +1,19 @@
# vim:ft=automake
# All paths should be given relative to the root
#
EXTRA_DIST += \
certs/test/cert-ext-ia.cfg \
certs/test/cert-ext-ia.der \
certs/test/cert-ext-nc.cfg \
certs/test/cert-ext-nc.der \
certs/test/cert-ext-ns.der \
certs/test/gen-ext-certs.sh \
certs/test/server-duplicate-policy.pem
# The certs/server-cert with the last byte (signature byte) changed
EXTRA_DIST += \
certs/test/server-cert-rsa-badsig.der \
certs/test/server-cert-rsa-badsig.pem \
certs/test/server-cert-ecc-badsig.der \
certs/test/server-cert-ecc-badsig.pem

Binary file not shown.

View File

@ -0,0 +1,20 @@
-----BEGIN CERTIFICATE-----
MIIDUDCCAvWgAwIBAgICEAAwCgYIKoZIzj0EAwIwgZcxCzAJBgNVBAYTAlVTMRMw
EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3
b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UEAwwPd3d3LndvbGZz
c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE3MTAy
MDE4MTkwNloXDTI3MTAxODE4MTkwNlowgY8xCzAJBgNVBAYTAlVTMRMwEQYDVQQI
DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAdFbGlwdGlj
MQwwCgYDVQQLDANFQ0MxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEH
A0IABLszrEwnUErGSqUEwzzenzbbci3OlOor+ssgCTksFuhhAumvTdMCk5oxW5eS
IX/wzxjakRECNIboIFgzC4A0idijggE1MIIBMTAJBgNVHRMEAjAAMBEGCWCGSAGG
+EIBAQQEAwIGQDAdBgNVHQ4EFgQUXV0m76x+NvmbdhUrSiUCI++yiTAwgcwGA1Ud
IwSBxDCBwYAUVo6aw/BC3hi5RVVu+ZPP6sPzpSGhgZ2kgZowgZcxCzAJBgNVBAYT
AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD
VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UEAwwPd3d3
LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkA
l7S9Fnj4R/IwDgYDVR0PAQH/BAQDAgOoMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAoG
CCqGSM49BAMCA0kAMEYCIQC+uFjw5BUBH99wVHNKbEAfd6i061Iev/UNsTPKasR2
uQIhAJcI3iwowUVxtixUh5hjdqghNJCo954//AKw59MJMSfl
-----END CERTIFICATE-----

Binary file not shown.

View File

@ -0,0 +1,27 @@
-----BEGIN CERTIFICATE-----
MIIEnjCCA4agAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwODEx
MjAwNzM3WhcNMTkwNTA4MjAwNzM3WjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxEDAO
BgNVBAsMB1N1cHBvcnQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMCVCOFXQfJxbbfSRUEnAWXGRa7yvCQwuJXOL07W9hyIvHyf+6hn
f/5cnFF194rKB+c1L4/hvXvAL3yrZKgX/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/X
GQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBjxfZ/C1loeHOmjBipAm2vwxkBLrgQ48bM
QLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq
0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3uhPSl3PiXSXJag3DOWCktLBpQkIJ
6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAAaOB/DCB+TAdBgNVHQ4EFgQU
sxEyyZKYhOLJ+NA7bgNCyh8OjjwwgckGA1UdIwSBwTCBvoAUJ45nEXTDJh0/7TNj
s6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5h
MRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwK
Q29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcN
AQkBFhBpbmZvQHdvbGZzc2wuY29tggkAt7aQM2YbayMwDAYDVR0TBAUwAwEB/zAN
BgkqhkiG9w0BAQsFAAOCAQEAUf4q3wd+Q8pmjRXEK9tXsgZtDZBm/6UknBTvgfKk
q5mpakkgpdJx5xw8mQfHR/zolrT1QjDOOQFL0cLovJWEh85VXZefz3jzVpulCG2s
9qVcxO8+KjmmSCYpey3gzaaMV0gLuzEywr/ZQ0xHJRiBqMkzgkGbumGG14STFyQl
NspNY2tPlXnYYOAe9azBiqGxfoWOhyAvCDGtXsZKyGH0ngceoiLtc3yF7vpi3FA2
qv3HnaoYBPvqzCxom7OpwpbYwcxafvcNngjgnSmLhEaP05Fqtbh6XMxPVQG4mkig
lEPKJUdSCvf0vrDRcW2lUkplULKtTh3gbAHY+0OA5uQMOA==
-----END CERTIFICATE-----

View File

@ -0,0 +1,182 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
Not Before: Mar 10 20:37:22 2017 GMT
Not After : Dec 5 20:37:22 2019 GMT
Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=testing duplicate policy, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
ad:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
X509v3 Authority Key Identifier:
keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:9C:86:DC:5C:A7:73:35:83
X509v3 Basic Constraints:
CA:FALSE
X509v3 Certificate Policies:
Policy: 1.2.3.4
Policy: 1.2.3.4
CPS: www.wolfssl.com
User Notice:
Explicit Text: Test of duplicate OIDs with different qualifiers
Signature Algorithm: sha256WithRSAEncryption
82:59:1f:4c:a7:19:9f:e7:ab:cc:51:21:da:ef:4f:73:75:22:
6c:db:55:83:c4:35:c7:40:69:49:46:45:56:78:06:03:76:d8:
3b:6c:75:aa:2c:a5:c0:61:e8:5c:c0:2b:ed:66:a9:66:c0:b3:
37:83:23:c5:2c:b2:45:59:61:84:be:dd:44:72:00:7a:6b:f9:
50:89:31:66:a7:84:46:74:0f:bb:5b:05:0d:1f:2d:4d:b4:dc:
69:2c:e2:a0:fd:5e:93:14:c7:ce:a2:6e:50:61:8f:73:94:a0:
7a:65:e5:9d:76:f0:1b:1c:da:da:72:3e:f9:8c:4d:c0:4a:cb:
24:e8:40:51:a1:37:9c:e7:87:1a:0e:cd:a6:7f:54:39:65:5f:
63:64:04:60:5e:cc:1d:a6:71:78:1f:44:32:32:f9:27:0d:23:
75:95:01:0b:0d:f3:90:ec:e2:7e:df:0f:43:96:e4:32:c3:b4:
e2:df:87:12:97:a1:1e:f1:c8:73:fe:5e:ea:55:5c:f7:4b:88:
2e:31:6c:52:ff:b3:05:85:f7:fe:e7:ac:f6:74:a8:4f:8e:96:
88:5f:73:5a:f1:77:9d:b9:16:a3:53:e2:4a:5b:e2:5e:2b:88:
1c:a8:b8:ee:e2:ee:72:cb:b2:51:ab:c2:90:5f:15:df:1c:ff:
fd:0d:95:20
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTcwMzEw
MjAzNzIyWhcNMTkxMjA1MjAzNzIyWjCBoTELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxITAf
BgNVBAsMGHRlc3RpbmcgZHVwbGljYXRlIHBvbGljeTEYMBYGA1UEAwwPd3d3Lndv
bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJUI4VdB8nFtt9JFQScBZcZFrvK8
JDC4lc4vTtb2HIi8fJ/7qGd//lycUXX3isoH5zUvj+G9e8AvfKtkqBf8yl17uuAh
5XIuby6G2JVz2qwbU7lfP9cZDSVP4WNjUYsLZD+tQ7ilHFw0s64AoGPF9n8LWWh4
c6aMGKkCba/DGQEuuBDjxsxAtGmjRjNph27Euxem8+jdrXO8ey8htf1mUQy9VLPh
bV8cvCNz0QkDiRTSELlkwyrQoZZKvOHUGlvHoMDBY3gPRDcwMpaAMiOVoXe6E9KX
c+JdJclqDcM5YKS0sGlCQgnp2Ai8MyCzWCKnquvE4eZhg8XSlt/Z0E+t1wIDAQAB
o4IBcjCCAW4wHQYDVR0OBBYEFLMRMsmSmITiyfjQO24DQsofDo48MIHJBgNVHSME
gcEwgb6AFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJV
UzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwI
U2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xm
c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJAJyG3Fyn
czWDMAkGA1UdEwQCMAAwdgYDVR0gBG8wbTAFBgMqAwQwZAYDKgMEMF0wGwYIKwYB
BQUHAgEWD3d3dy53b2xmc3NsLmNvbTA+BggrBgEFBQcCAjAyGjBUZXN0IG9mIGR1
cGxpY2F0ZSBPSURzIHdpdGggZGlmZmVyZW50IHF1YWxpZmllcnMwDQYJKoZIhvcN
AQELBQADggEBAIJZH0ynGZ/nq8xRIdrvT3N1ImzbVYPENcdAaUlGRVZ4BgN22Dts
daospcBh6FzAK+1mqWbAszeDI8UsskVZYYS+3URyAHpr+VCJMWanhEZ0D7tbBQ0f
LU203Gks4qD9XpMUx86iblBhj3OUoHpl5Z128Bsc2tpyPvmMTcBKyyToQFGhN5zn
hxoOzaZ/VDllX2NkBGBezB2mcXgfRDIy+ScNI3WVAQsN85Ds4n7fD0OW5DLDtOLf
hxKXoR7xyHP+XupVXPdLiC4xbFL/swWF9/7nrPZ0qE+Olohfc1rxd525FqNT4kpb
4l4riByouO7i7nLLslGrwpBfFd8c//0NlSA=
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 11278944607300433283 (0x9c86dc5ca7733583)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
Not Before: Mar 10 20:37:22 2017 GMT
Not After : Dec 5 20:37:22 2019 GMT
Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a:
f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac:
de:03:66:ee:2a:f1:d8:b0:7d:6e:07:54:0b:10:98:
21:4d:80:cb:12:20:e7:cc:4f:de:45:7d:c9:72:77:
32:ea:ca:90:bb:69:52:10:03:2f:a8:f3:95:c5:f1:
8b:62:56:1b:ef:67:6f:a4:10:41:95:ad:0a:9b:e3:
a5:c0:b0:d2:70:76:50:30:5b:a8:e8:08:2c:7c:ed:
a7:a2:7a:8d:38:29:1c:ac:c7:ed:f2:7c:95:b0:95:
82:7d:49:5c:38:cd:77:25:ef:bd:80:75:53:94:3c:
3d:ca:63:5b:9f:15:b5:d3:1d:13:2f:19:d1:3c:db:
76:3a:cc:b8:7d:c9:e5:c2:d7:da:40:6f:d8:21:dc:
73:1b:42:2d:53:9c:fe:1a:fc:7d:ab:7a:36:3f:98:
de:84:7c:05:67:ce:6a:14:38:87:a9:f1:8c:b5:68:
cb:68:7f:71:20:2b:f5:a0:63:f5:56:2f:a3:26:d2:
b7:6f:b1:5a:17:d7:38:99:08:fe:93:58:6f:fe:c3:
13:49:08:16:0b:a7:4d:67:00:52:31:67:23:4e:98:
ed:51:45:1d:b9:04:d9:0b:ec:d8:28:b3:4b:bd:ed:
36:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
X509v3 Authority Key Identifier:
keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:9C:86:DC:5C:A7:73:35:83
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
10:6b:75:29:65:17:7e:78:ae:85:2e:b7:a4:50:98:69:74:f9:
50:a1:8e:2c:9f:b0:43:66:a1:e0:42:32:38:15:5f:2e:cc:cc:
c4:b9:7c:b5:c2:bc:59:24:49:17:ad:1c:e4:6e:dc:70:e3:93:
fc:69:dd:04:7b:41:dd:08:f0:13:ee:2a:cb:6f:cf:af:d4:96:
3c:44:50:29:45:60:89:cd:ec:5f:c1:bb:b0:03:61:74:b3:29:
ad:df:e9:7c:d9:f2:18:22:45:e7:3d:d4:72:37:2c:b4:18:7d:
34:ca:55:00:0d:89:d0:f7:3e:81:4d:da:02:4c:2b:a6:61:4b:
bf:b1:ec:73:11:6a:53:a3:0a:0f:20:04:5d:17:67:b1:a6:a2:
37:a8:f5:ea:78:6d:00:8b:64:16:62:0a:6f:44:94:15:9e:4d:
15:0c:33:f0:ba:9d:e2:be:69:6f:12:9f:69:95:39:ba:97:9e:
c3:af:22:ad:f2:f2:3b:67:81:1a:99:d2:02:89:86:6d:8f:92:
98:32:dd:c1:fa:2e:38:03:2e:fc:02:a5:e7:b8:dc:94:3b:88:
15:4a:09:80:98:61:b4:5e:07:b5:87:57:f4:a0:91:5c:7e:89:
f5:89:16:f2:7a:15:52:1b:55:26:7c:59:d2:d0:23:e3:0e:12:
b1:99:f9:6b
-----BEGIN CERTIFICATE-----
MIIEqjCCA5KgAwIBAgIJAJyG3FynczWDMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD
VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G
A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3
dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe
Fw0xNzAzMTAyMDM3MjJaFw0xOTEyMDUyMDM3MjJaMIGUMQswCQYDVQQGEwJVUzEQ
MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3
dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAL8Myi0Ush6EQlvNOB9K8k11EPG2NZ/fyn0D
mNOs3gNm7irx2LB9bgdUCxCYIU2AyxIg58xP3kV9yXJ3MurKkLtpUhADL6jzlcXx
i2JWG+9nb6QQQZWtCpvjpcCw0nB2UDBbqOgILHztp6J6jTgpHKzH7fJ8lbCVgn1J
XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc
/hr8fat6Nj+Y3oR8BWfOahQ4h6nxjLVoy2h/cSAr9aBj9VYvoybSt2+xWhfXOJkI
/pNYb/7DE0kIFgunTWcAUjFnI06Y7VFFHbkE2Qvs2CizS73tNnkCAwEAAaOB/DCB
+TAdBgNVHQ4EFgQUJ45nEXTDJh0/7TNjs6TYHTDl6NUwgckGA1UdIwSBwTCBvoAU
J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD
VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290
aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAnIbcXKdzNYMwDAYD
VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAEGt1KWUXfniuhS63pFCYaXT5
UKGOLJ+wQ2ah4EIyOBVfLszMxLl8tcK8WSRJF60c5G7ccOOT/GndBHtB3QjwE+4q
y2/Pr9SWPERQKUVgic3sX8G7sANhdLMprd/pfNnyGCJF5z3UcjcstBh9NMpVAA2J
0Pc+gU3aAkwrpmFLv7HscxFqU6MKDyAEXRdnsaaiN6j16nhtAItkFmIKb0SUFZ5N
FQwz8Lqd4r5pbxKfaZU5upeew68irfLyO2eBGpnSAomGbY+SmDLdwfouOAMu/AKl
57jclDuIFUoJgJhhtF4HtYdX9KCRXH6J9YkW8noVUhtVJnxZ0tAj4w4SsZn5aw==
-----END CERTIFICATE-----

File diff suppressed because it is too large Load Diff

View File

@ -1,6 +1,6 @@
/* misc.c /* misc.c
* *
* Copyright (C) 2006-2016 wolfSSL Inc. * Copyright (C) 2006-2017 wolfSSL Inc.
* *
* This file is part of wolfSSL. * This file is part of wolfSSL.
* *

View File

@ -1,6 +1,6 @@
/* wolfcrypt_first.c /* wolfcrypt_first.c
* *
* Copyright (C) 2006-2016 wolfSSL Inc. * Copyright (C) 2006-2017 wolfSSL Inc.
* *
* This file is part of wolfSSL. * This file is part of wolfSSL.
* *

View File

@ -1,6 +1,6 @@
/* wolfcrypt_last.c /* wolfcrypt_last.c
* *
* Copyright (C) 2006-2016 wolfSSL Inc. * Copyright (C) 2006-2017 wolfSSL Inc.
* *
* This file is part of wolfSSL. * This file is part of wolfSSL.
* *

View File

@ -1,6 +1,6 @@
/* callbacks.h /* callbacks.h
* *
* Copyright (C) 2006-2016 wolfSSL Inc. * Copyright (C) 2006-2017 wolfSSL Inc.
* *
* This file is part of wolfSSL. * This file is part of wolfSSL.
* *

View File

@ -1,6 +1,6 @@
/* crl.h /* crl.h
* *
* Copyright (C) 2006-2016 wolfSSL Inc. * Copyright (C) 2006-2017 wolfSSL Inc.
* *
* This file is part of wolfSSL. * This file is part of wolfSSL.
* *

View File

@ -1,6 +1,6 @@
/* aes.h /* aes.h
* *
* Copyright (C) 2006-2016 wolfSSL Inc. * Copyright (C) 2006-2017 wolfSSL Inc.
* *
* This file is part of wolfSSL. * This file is part of wolfSSL.
* *

View File

@ -1,6 +1,6 @@
/* arc4.h /* arc4.h
* *
* Copyright (C) 2006-2016 wolfSSL Inc. * Copyright (C) 2006-2017 wolfSSL Inc.
* *
* This file is part of wolfSSL. * This file is part of wolfSSL.
* *

View File

@ -1,6 +1,6 @@
/* asn.h /* asn.h
* *
* Copyright (C) 2006-2016 wolfSSL Inc. * Copyright (C) 2006-2017 wolfSSL Inc.
* *
* This file is part of wolfSSL. * This file is part of wolfSSL.
* *

View File

@ -1,6 +1,6 @@
/* asn_public.h /* asn_public.h
* *
* Copyright (C) 2006-2016 wolfSSL Inc. * Copyright (C) 2006-2017 wolfSSL Inc.
* *
* This file is part of wolfSSL. * This file is part of wolfSSL.
* *

View File

@ -12,7 +12,7 @@
*/ */
/* blake2-impl.h /* blake2-impl.h
* *
* Copyright (C) 2006-2016 wolfSSL Inc. * Copyright (C) 2006-2017 wolfSSL Inc.
* *
* This file is part of wolfSSL. * This file is part of wolfSSL.
* *

View File

@ -12,7 +12,7 @@
*/ */
/* blake2-int.h /* blake2-int.h
* *
* Copyright (C) 2006-2016 wolfSSL Inc. * Copyright (C) 2006-2017 wolfSSL Inc.
* *
* This file is part of wolfSSL. * This file is part of wolfSSL.
* *

View File

@ -1,6 +1,6 @@
/* blake2.h /* blake2.h
* *
* Copyright (C) 2006-2016 wolfSSL Inc. * Copyright (C) 2006-2017 wolfSSL Inc.
* *
* This file is part of wolfSSL. * This file is part of wolfSSL.
* *

View File

@ -1,6 +1,6 @@
/* camellia.h /* camellia.h
* *
* Copyright (C) 2006-2016 wolfSSL Inc. * Copyright (C) 2006-2017 wolfSSL Inc.
* *
* This file is part of wolfSSL. * This file is part of wolfSSL.
* *

Some files were not shown because too many files have changed in this diff Show More