diff --git a/tools/test_apps/protocols/openssl/CMakeLists.txt b/tools/test_apps/protocols/openssl/CMakeLists.txt new file mode 100644 index 0000000000..90a9a8dc37 --- /dev/null +++ b/tools/test_apps/protocols/openssl/CMakeLists.txt @@ -0,0 +1,14 @@ +# The following four lines of boilerplate have to be in your project's CMakeLists +# in this exact order for cmake to work correctly +cmake_minimum_required(VERSION 3.5) + +# (Not part of the boilerplate) +# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection. +set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) + +include($ENV{IDF_PATH}/tools/cmake/project.cmake) + +project(openssl_connect_test) + +target_add_binary_data(openssl_connect_test.elf "client_certs/ca.crt" TEXT) +target_add_binary_data(openssl_connect_test.elf "client_certs/ca.key" TEXT) diff --git a/tools/test_apps/protocols/openssl/README.md b/tools/test_apps/protocols/openssl/README.md new file mode 100644 index 0000000000..643b198956 --- /dev/null +++ b/tools/test_apps/protocols/openssl/README.md @@ -0,0 +1,11 @@ +# ESP-OPENSSL connect test project + +Main purpose of this application is to test the ESP-OPENSSL library to correctly connect/refuse connectio with TLS servers. +It is possible to run this example manually without any test to exercise ESP-OPENSSL library. + +## Runtime settings +This app waits for user input to provide these parameters: + test-type: "conn" connection test (host, port, test-case) + +## Hardware Required +This test-app can be executed on any ESP32 board, the only required interface is WiFi and connection to a local network and tls server. diff --git a/tools/test_apps/protocols/openssl/app_test.py b/tools/test_apps/protocols/openssl/app_test.py new file mode 100644 index 0000000000..bbbfbdea0c --- /dev/null +++ b/tools/test_apps/protocols/openssl/app_test.py @@ -0,0 +1,126 @@ +from __future__ import print_function +from __future__ import unicode_literals +import re +import os +import socket +from threading import Thread, Event +import ttfw_idf +import ssl + +SERVER_CERTS_DIR = "server_certs/" + + +def _path(f): + return os.path.join(os.path.dirname(os.path.realpath(__file__)),f) + + +def get_my_ip(): + s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) + try: + # doesn't even have to be reachable + s.connect(('10.255.255.255', 1)) + IP = s.getsockname()[0] + except socket.error: + IP = '127.0.0.1' + finally: + s.close() + return IP + + +# Simple TLS server +class TlsServer: + + def __init__(self, port, negotiated_protocol=ssl.PROTOCOL_TLSv1): + self.port = port + self.socket = socket.socket() + self.socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) + self.socket.settimeout(20.0) + self.shutdown = Event() + self.negotiated_protocol = negotiated_protocol + self.conn = None + self.ssl_error = None + self.server_thread = None + + def __enter__(self): + try: + self.socket.bind(('', self.port)) + except socket.error as e: + print("Bind failed:{}".format(e)) + raise + + self.socket.listen(1) + self.server_thread = Thread(target=self.run_server) + self.server_thread.start() + + return self + + def __exit__(self, exc_type, exc_value, traceback): + self.shutdown.set() + self.server_thread.join() + self.socket.close() + if (self.conn is not None): + self.conn.close() + + def run_server(self): + context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH) + context.load_verify_locations(cafile=_path(SERVER_CERTS_DIR + "ca.crt")) + context.load_cert_chain(certfile=_path(SERVER_CERTS_DIR + "server.crt"), keyfile=_path(SERVER_CERTS_DIR + "server.key")) + context.verify_flags = self.negotiated_protocol + self.socket = context.wrap_socket(self.socket, server_side=True) + try: + print("Listening socket") + self.conn, address = self.socket.accept() # accept new connection + self.socket.settimeout(20.0) + print(" - connection from: {}".format(address)) + except ssl.SSLError as e: + self.conn = None + self.ssl_error = str(e) + print(" - SSLError: {}".format(str(e))) + + +@ttfw_idf.idf_custom_test(env_tag="Example_WIFI", group="test-apps") +def test_app_esp_openssl(env, extra_data): + dut1 = env.get_dut("openssl_connect_test", "tools/test_apps/protocols/openssl", dut_class=ttfw_idf.ESP32DUT) + # check and log bin size + binary_file = os.path.join(dut1.app.binary_path, "openssl_connect_test.bin") + bin_size = os.path.getsize(binary_file) + ttfw_idf.log_performance("openssl_connect_test_bin_size", "{}KB".format(bin_size // 1024)) + ttfw_idf.check_performance("openssl_connect_test_bin_size_vin_size", bin_size // 1024, dut1.TARGET) + dut1.start_app() + esp_ip = dut1.expect(re.compile(r" IPv4 address: ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)"), timeout=30) + print("Got IP={}".format(esp_ip[0])) + ip = get_my_ip() + server_port = 2222 + + def start_case(case, desc, negotiated_protocol, result): + with TlsServer(server_port, negotiated_protocol=negotiated_protocol): + print("Starting {}: {}".format(case, desc)) + dut1.write("conn {} {} {}".format(ip, server_port, case)) + dut1.expect(re.compile(result), timeout=10) + return case + + # start test cases + start_case( + case="CONFIG_TLSV1_1_CONNECT_WRONG_CERT_VERIFY_NONE", + desc="Connect with verify_none mode using wrong certs", + negotiated_protocol=ssl.PROTOCOL_TLSv1_1, + result="SSL Connection Succeed") + start_case( + case="CONFIG_TLSV1_1_CONNECT_WRONG_CERT_VERIFY_PEER", + desc="Connect with verify_peer mode using wrong certs", + negotiated_protocol=ssl.PROTOCOL_TLSv1_1, + result="SSL Connection Failed") + start_case( + case="CONFIG_TLSV1_2_CONNECT_WRONG_CERT_VERIFY_NONE", + desc="Connect with verify_none mode using wrong certs", + negotiated_protocol=ssl.PROTOCOL_TLSv1_2, + result="SSL Connection Succeed") + start_case( + case="CONFIG_TLSV1_1_CONNECT_WRONG_CERT_VERIFY_PEER", + desc="Connect with verify_peer mode using wrong certs", + negotiated_protocol=ssl.PROTOCOL_TLSv1_2, + result="SSL Connection Failed") + + +if __name__ == '__main__': + test_app_esp_openssl() diff --git a/tools/test_apps/protocols/openssl/client_certs/ca.crt b/tools/test_apps/protocols/openssl/client_certs/ca.crt new file mode 100644 index 0000000000..85cc2d48da --- /dev/null +++ b/tools/test_apps/protocols/openssl/client_certs/ca.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDTTCCAjWgAwIBAgIUV+ePqdbRF3ln6vDyuopcmiQjLNcwDQYJKoZIhvcNAQEL +BQAwNjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAoM +CUVzcHJlc3NpZjAeFw0yMDEwMDQyMTA3MzhaFw0yMDExMDMyMTA3MzhaMDYxCzAJ +BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQKDAlFc3ByZXNz +aWYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdrEr3ams2MvGm8Xqd +9uMikvx/lQ2S1l5FD8kP7SaMmQJ6I9pLaDTSPzg7ZdiI94B7v1s+DJUPe9t9+Drb +zk1fyI9SFooSkiTKcNcDq0MIKlI/6pBp9B86Bn+wpLL+u8G6616X8ERREltJ/HJh +oR41zCHWYKmkRIEMfXPcRbiqw4dNtos5si26MIbBzouUAaN1odXnXGZxntAn3AmR +jQso9GkW2YlrLhpUFgwLxzJZE8EOZsYXvo4X0/n+LoZIiRAGnX6Zy45zMTWAP5ZL +DEo4RT8a2wOHXw6/as/ec7d7pZHk3lSzsfSONH38OWprieOqqnAK1TqBcjggPXvE +pRq/AgMBAAGjUzBRMB0GA1UdDgQWBBSA0K7lXEuCBvJ5pBixVYLN3lXwDDAfBgNV +HSMEGDAWgBSA0K7lXEuCBvJ5pBixVYLN3lXwDDAPBgNVHRMBAf8EBTADAQH/MA0G +CSqGSIb3DQEBCwUAA4IBAQCaMiRZpBr48Nq4S1xMkPw+ILeyGxwHdHKYMuqrEtKW +ErRy1lij6ShCjKdXGLmjwOAtq8UV5BvtD6Rak88GwiP2D9Jn8Jw4oF7CGxQw/tjQ ++MxRF7ok8XNyp5fYkhGRYph0cMDhfYObku/cE9ser1UxKSq/szS9orTduyUfJZYd +Doe6R7KNTq9uPKs5Gk2Lu7gflqlcv89j+r+r+uWf45uLXGP/8iZ9KEJB7xKuNAR1 +z1HovlFW1h08eLYpaLFKRXkSSmUhdEE59mdIYhToE9AHgoyGJqz3tkhzleRn6lmA +JhDVxbm2xFHWCG9SJ6f8OYHpjOrAKXlX45zOLjUVcsN9 +-----END CERTIFICATE----- diff --git a/tools/test_apps/protocols/openssl/client_certs/ca.key b/tools/test_apps/protocols/openssl/client_certs/ca.key new file mode 100644 index 0000000000..1ff1ca1fd0 --- /dev/null +++ b/tools/test_apps/protocols/openssl/client_certs/ca.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAnaxK92prNjLxpvF6nfbjIpL8f5UNktZeRQ/JD+0mjJkCeiPa +S2g00j84O2XYiPeAe79bPgyVD3vbffg6285NX8iPUhaKEpIkynDXA6tDCCpSP+qQ +afQfOgZ/sKSy/rvBuutel/BEURJbSfxyYaEeNcwh1mCppESBDH1z3EW4qsOHTbaL +ObItujCGwc6LlAGjdaHV51xmcZ7QJ9wJkY0LKPRpFtmJay4aVBYMC8cyWRPBDmbG +F76OF9P5/i6GSIkQBp1+mcuOczE1gD+WSwxKOEU/GtsDh18Ov2rP3nO3e6WR5N5U +s7H0jjR9/Dlqa4njqqpwCtU6gXI4ID17xKUavwIDAQABAoIBAAMEVvLhAGgrFWCi +Yjw/ix0QPvCaA4Z5v5gGs0wwt3odO2Tm5rhmqAwV1ZedXUVRpw23HaHUT83aCtsg +MtAd5HEev09MyxuL3FRbUGHrlv7DAIvkixrb5vUPRsY0gJBLO2u+MTMrD8OVXFXQ +FMg1cwSIgWU+uEBCZ0274MmoM95gk7ZFI3f5TSjFshSBdcaoewdZS0hhKo9GlhmY +Y/zRT0sQfzKZX8zRslqsWjHuJ1um8w+SRZhGX1Pdl8tZpAGoQASzaelJuNAzSQoD +wW+FhpMKAB4VNwgNOD1BDelDdJb1VlK+mt5I/U1tvetynks6NbuEqtMoKFQSXyVH +LLU7V9ECgYEA0U9mtFfmEyZDmvZaPBeiYwC5gYg5NK7QYFvIibkjvIrPvQUIP5jn +kvrZv2Nsyf6iH6oq4xhS8n+JhzteAOJu56YprHbOXcVo7KhxiUcqvUCWyrwL7LiC +zv0nVXW1SGNtSsZ334eI1B27L6wkVLTsz3tKPldn93s7zBE2tsbO2S0CgYEAwNgq +vO60mYrEu/u6Eje59PULuODiFX+cwJoqCmsh1Uc4N3ty5B3pm0eI4aCGPYWpA0aQ +ktxQVVHgXIVHDrqRCY+FqSoBQJ4/QNHtMYA23Uk5CcnrCKrhFtUwdXHbC2Lz1Men +DA8zaxJaaJvqREpQH6w7YLDGyH1Klpe9R4/+3xsCgYBacPKx7mEt2RTROq2W1aeH +G+MMQ25kgzzqxf4K9IKqj1hgFnKP+GPnsJiyCCYTygEHqaHKatI8kjs8wbxGqZC+ +a6AKM3PMNOa3i7kzVhrzl5sQktycNsXe5qg+VxQz6TJqYwOdBJVtAkPFv54bM+o3 +ZNCZy27TEt6tuKppo9HxKQKBgQCKYNNSHWvknaoMRla/ydMbTldqA5zX1mlx3235 +aeSuOVvCnEfWHwzJSuyTEvAg529fFVyatZLDlmwLl+tkS0XV+XHs8GJTrvouljTB +B4LXCTrvpj+MSaoZC0OpktiedBQJhHZ+9c1ssI/FbtQMytJx19IH0PHjXdyO8TV2 +S4KVLwKBgQCYEldaRhQhRVD2JiY2qWqdqDSytX+NkSMF7uJQeAtx1xD+mCQQpKPA +UviFoCpd6X2m2rGpEy/hOAlciS4LDuwzBlIR5XZgtIbTap5l0/fwS4cEvoP3ncYs +y8v+dZLTwu81IlShVIN1c0SszX+yNrVyfdvLLV1boOX4YzE75EObiw== +-----END RSA PRIVATE KEY----- diff --git a/tools/test_apps/protocols/openssl/main/CMakeLists.txt b/tools/test_apps/protocols/openssl/main/CMakeLists.txt new file mode 100644 index 0000000000..8fdabb535b --- /dev/null +++ b/tools/test_apps/protocols/openssl/main/CMakeLists.txt @@ -0,0 +1,2 @@ +idf_component_register(SRCS "main.c" "connect_test.c" + INCLUDE_DIRS "." ) diff --git a/tools/test_apps/protocols/openssl/main/component.mk b/tools/test_apps/protocols/openssl/main/component.mk new file mode 100644 index 0000000000..44bd2b5273 --- /dev/null +++ b/tools/test_apps/protocols/openssl/main/component.mk @@ -0,0 +1,3 @@ +# +# Main Makefile. This is basically the same as a component makefile. +# diff --git a/tools/test_apps/protocols/openssl/main/connect_test.c b/tools/test_apps/protocols/openssl/main/connect_test.c new file mode 100644 index 0000000000..bf99ad4ab1 --- /dev/null +++ b/tools/test_apps/protocols/openssl/main/connect_test.c @@ -0,0 +1,129 @@ +#include +#include +#include +#include +#include "esp_log.h" + +static const char *TAG = "OPENSSL_TEST"; + +static int open_connection(const char *host, const int port) +{ + struct sockaddr_in addr; + struct hostent *h; + int sd; + if ((h = gethostbyname(host)) == NULL) { + ESP_LOGI(TAG, "Failed to get host name %s", host); + return -1; + } + sd = socket(AF_INET, SOCK_STREAM, 0); + bzero(&addr, sizeof(addr)); + addr.sin_family = AF_INET; + addr.sin_port = htons(port); + addr.sin_addr.s_addr = *(long*)(h->h_addr); + if (connect(sd, (struct sockaddr*)&addr, sizeof(addr)) != 0) { + return -1; + } + return sd; +} + +static SSL_CTX* init_ctx(const char *test_case) +{ + extern const unsigned char cacert_pem_start[] asm("_binary_ca_crt_start"); + extern const unsigned char cacert_pem_end[] asm("_binary_ca_crt_end"); + const unsigned int cacert_pem_bytes = cacert_pem_end - cacert_pem_start; + const SSL_METHOD *method = NULL; + SSL_CTX *ctx = NULL; + if (strcmp(test_case, "CONFIG_TLSV1_1_CONNECT_WRONG_CERT_VERIFY_NONE") == 0) { + method = TLSv1_1_client_method(); + ctx = SSL_CTX_new(method); /* Create new context */ + SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL); + } else if (strcmp(test_case, "CONFIG_TLSV1_1_CONNECT_WRONG_CERT_VERIFY_PEER") == 0) { + method = TLSv1_1_client_method(); + ctx = SSL_CTX_new(method); /* Create new context */ + SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); + } else if (strcmp(test_case, "CONFIG_TLSV1_2_CONNECT_WRONG_CERT_VERIFY_NONE") == 0) { + method = TLSv1_2_client_method(); + ctx = SSL_CTX_new(method); /* Create new context */ + SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL); + } else if (strcmp(test_case, "CONFIG_TLSV1_2_CONNECT_WRONG_CERT_VERIFY_PEER") == 0) { + method = TLSv1_2_client_method(); + ctx = SSL_CTX_new(method); /* Create new context */ + SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); + } + X509 *x = d2i_X509(NULL, cacert_pem_start, cacert_pem_bytes); + if(!x) { + ESP_LOGI(TAG, "Loading certs failed"); + goto failed; + } + SSL_CTX_add_client_CA(ctx, x); + return ctx; +failed: + return NULL; +} + +static void start_test(const char *host, const int port, const char *test_case) +{ + SSL_CTX *ctx = NULL; + SSL *ssl = NULL; + int sockfd; + int ret; + + ESP_LOGI(TAG, "Test %s started", test_case); + ctx = init_ctx(test_case); + if (!ctx) { + ESP_LOGI(TAG, "Failed"); + goto failed1; + } + ESP_LOGI(TAG, "Trying connect to %s port %d test case %s ...", host, port, test_case); + sockfd = open_connection(host, port); + if(sockfd < 0) { + ESP_LOGI(TAG,"Failed"); + goto failed1; + } + ESP_LOGI(TAG, "OK"); + ESP_LOGI(TAG, "Create SSL obj"); + ssl = SSL_new(ctx); + if (!ssl) { + ESP_LOGI(TAG,"Failed"); + goto failed2; + } + ESP_LOGI(TAG, "OK"); + SSL_set_fd(ssl, sockfd); + ESP_LOGI(TAG, "SSL verify mode = %d connected to %s port %d ...", SSL_CTX_get_verify_mode(ctx), + host, port); + ret = SSL_connect(ssl); + ESP_LOGI(TAG, "OK"); + if (ret <= 0) { + ESP_LOGI(TAG,"SSL Connection Failed"); + goto failed3; + } + ESP_LOGI(TAG,"SSL Connection Succeed"); +failed3: + SSL_free(ssl); + ssl = NULL; +failed2: + close(sockfd); + sockfd = -1; +failed1: + SSL_CTX_free(ctx); + ctx = NULL; +} + +static void scan(char *s, char **test_type, char **host, int *p, char **test_case) +{ + const char *delim = " "; + *test_type = strtok(s, delim); + *host = strtok(NULL, delim); + *p = atoi(strtok(NULL, delim)); + *test_case = strtok(NULL, delim); +} + +void connection_test(char *line) +{ + char *test_case; + char *test_type; + char *host; + int port; + scan(line, &test_type, &host, &port, &test_case); + start_test(host, port, test_case); +} diff --git a/tools/test_apps/protocols/openssl/main/main.c b/tools/test_apps/protocols/openssl/main/main.c new file mode 100644 index 0000000000..7a65ec6f8b --- /dev/null +++ b/tools/test_apps/protocols/openssl/main/main.c @@ -0,0 +1,71 @@ +/* OpenSSL client test + + This example code is in the Public Domain (or CC0 licensed, at your option.) + + Unless required by applicable law or agreed to in writing, this + software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR + CONDITIONS OF ANY KIND, either express or implied. +*/ +#include +#include +#include +#include "esp_system.h" +#include "nvs_flash.h" +#include "esp_event.h" +#include "esp_netif.h" +#include "esp_log.h" +#include "protocol_examples_common.h" + +static const char *TAG = "OPENSSL_TEST"; +void connection_test(char *line); + +static void get_string(char *line, size_t size) +{ + int count = 0; + while (count < size) { + int c = fgetc(stdin); + if (c == '\n') { + line[count] = '\0'; + break; + } else if (c > 0 && c < 127) { + line[count] = c; + ++count; + } + vTaskDelay(10 / portTICK_PERIOD_MS); + } +} + +void app_main(void) +{ + char line[256]; + + ESP_LOGI(TAG, "[APP] Free memory: %d bytes", esp_get_free_heap_size()); + ESP_LOGI(TAG, "[APP] IDF version: %s", esp_get_idf_version()); + + esp_log_level_set("*", ESP_LOG_INFO); + esp_log_level_set("OPENSSL_CLIENT", ESP_LOG_VERBOSE); + esp_log_level_set("TRANSPORT_TCP", ESP_LOG_VERBOSE); + esp_log_level_set("TRANSPORT_SSL", ESP_LOG_VERBOSE); + esp_log_level_set("TRANSPORT", ESP_LOG_VERBOSE); + esp_log_level_set("OUTBOX", ESP_LOG_VERBOSE); + + ESP_ERROR_CHECK(nvs_flash_init()); + ESP_ERROR_CHECK(esp_netif_init()); + ESP_ERROR_CHECK(esp_event_loop_create_default()); + + /* This helper function configures Wi-Fi or Ethernet, as selected in menuconfig. + * Read "Establishing Wi-Fi or Ethernet Connection" section in + * examples/protocols/README.md for more information about this function. + */ + ESP_ERROR_CHECK(example_connect()); + + while (1) { + get_string(line, sizeof(line)); + if (memcmp(line, "conn", 4) == 0) { + // line starting with "conn" indicate connection tests + connection_test(line); + get_string(line, sizeof(line)); + continue; + } + } +} diff --git a/tools/test_apps/protocols/openssl/server_certs/ca.crt b/tools/test_apps/protocols/openssl/server_certs/ca.crt new file mode 100644 index 0000000000..541d527602 --- /dev/null +++ b/tools/test_apps/protocols/openssl/server_certs/ca.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDTTCCAjWgAwIBAgIUe0ZW+zwJ0KauAHVreTmv8xqC9QgwDQYJKoZIhvcNAQEL +BQAwNjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAoM +CUVzcHJlc3NpZjAeFw0yMDA5MjMwNzU1NTRaFw00ODAyMDkwNzU1NTRaMDYxCzAJ +BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQKDAlFc3ByZXNz +aWYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC52tv077MpX817BVUP +yjmz/Nk1Tj7Za4pHlpVlbRRSlEz5h/62s7arB6dq9K2kC7fTIkw6MN/Qp4zPZ1Ug +0abzZesb71w3NLhw9ModiakDkvdRoDORXbxeJuxHbJyui/8N9UNJfb3IOPX/nSP+ +coDWrkk0GrJbLwU1aLf7zr00iY2yx+lAEd75ElXhKrheUJJ/dpKYl4ZcGSm55WkQ +tJi5dHfZCx1dDXnt49q5hbGa7lsOwdIdE7xM4NtqWo61LJ2Z/scbha48RMvEAnAl +IfG9VcfjfOY1Y3LZemXS1NhuGRRgT3hc/xJFyTja4zg71XK1Z5VJO/QShFuDWnkx +oXrdAgMBAAGjUzBRMB0GA1UdDgQWBBRTSG/RoTNtlXzzHf/WrFRBCO9NMTAfBgNV +HSMEGDAWgBRTSG/RoTNtlXzzHf/WrFRBCO9NMTAPBgNVHRMBAf8EBTADAQH/MA0G +CSqGSIb3DQEBCwUAA4IBAQBqu44Bdq2JWAx3gDrIz42Vvocq4kRkNEg2C00b7OEU +Hi/zm2JTOyoHQfLZWc1Y6dzcPTbA/+7JFgnlgyzfH4YCi8YosEjRB+cBqEwDeeGY +XS0vKxEG69vDb/neqsKsWawKU7P8TVar7qg/41eqoC84o/d23eBFJ0Tr/3EWO5hr +8ct2mSLkewCJIzxqQIsORynxjd7K9N2Dxb7Lg7kremM+nADfrbArSh443t+G9YEY +fDatlIgFXietPyg6i27Aob5Ogs5gmbdY2swEoYfnrN++DpLyLoPB9Y1t/691CkNF +AzCQft+CFyZfNXbjHBE7q3s660/UkC20OyHFyFt9C0q2 +-----END CERTIFICATE----- diff --git a/tools/test_apps/protocols/openssl/server_certs/ca.key b/tools/test_apps/protocols/openssl/server_certs/ca.key new file mode 100644 index 0000000000..99f0a0aea1 --- /dev/null +++ b/tools/test_apps/protocols/openssl/server_certs/ca.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAudrb9O+zKV/NewVVD8o5s/zZNU4+2WuKR5aVZW0UUpRM+Yf+ +trO2qwenavStpAu30yJMOjDf0KeMz2dVINGm82XrG+9cNzS4cPTKHYmpA5L3UaAz +kV28XibsR2ycrov/DfVDSX29yDj1/50j/nKA1q5JNBqyWy8FNWi3+869NImNssfp +QBHe+RJV4Sq4XlCSf3aSmJeGXBkpueVpELSYuXR32QsdXQ157ePauYWxmu5bDsHS +HRO8TODbalqOtSydmf7HG4WuPETLxAJwJSHxvVXH43zmNWNy2Xpl0tTYbhkUYE94 +XP8SRck42uM4O9VytWeVSTv0EoRbg1p5MaF63QIDAQABAoIBAQC480UkcEz4hW/0 +VpAZkILvzFVTKLR+pPgM2Zt+PZiVvSMExwMBScIkXQ+L7kXGFCswntcAqZZxC+ui +khAzAq+DVA8t03sPLRXGwrNHxbA98EjSH/xxUribcVx8j2c0g/ijKUl2nvz3fUfA +wd4J3mS8PuB2S4LmHtquFbHRkiDTX8RPtq+1ZGpl2+u2DlKIyPrkr8UZyZPVVjHd +ACyG4rJdFy/XVS3cGSQ0Nkp/Ml706oSOUklRPzQEumZt6UkdgRYt9VlLL65CzIrF +qW34v0olgD5pVM4hIKIV8GgqGCqKhfsj8Mv6kQ2iO4/Wu32iwwezGpqO5pOUVJLB +t/22iNxBAoGBAOmHHUN9Vl5wnZ88/TG1zU4aom/PHNiPCym1Zr4MekdMtCOFo+i/ +8hB+X8ZfR8VfQpzF2TdvCde0f/nQCT7ixCFmx5ZgD6QqDU2oHqV1N+/6k3IFGG8X +BFcKMOyRU866E7RknMQfXmKc0V9BFnwo1hFfNlaQNUsiT6BX9TXvDzBVAoGBAMu9 +Vpnv95FbFAb3+5gLABfFu9jUDSIanE+YJgtm5akDxF5paYZNTUcTe0KwT/h/nqyU +EyHeb32IbKUOzEmN1RlvfIec2QmZJk0u6TfLRLmORsBxM5z5dn+mvJwsYHaam0iI +pdpbnObCH+dIgGrn6zPPgaLr/NQ/GJMbVpGTVAhpAoGAc9p9MRtAOvABspsuPXgl +F2dtSKzmcaVdc160TvqfuzmZcLn/HBwFuhsH5sEkOQ3OXTpmTfL/Xg0FJGkJ/THA +/ZUg1UBo4heeq/UI5yrlCmA0v+85NPulQo0iwmpCup9j4S28/CtXxvJniKsgvY4A +zXN/4KgAWHr4J+MbGpuz3FUCgYB6ACr3iyaoN+3KLnzOEug/U/ykXnZu0ZiAYQ+H +DFrB1qukDWNPNMLtqNDKomGA4IrXtOOwCE6i0SqdvDrAYNoWnRfo7RdaFAdHeKvW +6TWCF5xuaFsLyKYY0nNm4XvyCaqqyIjoNKvD0sLf8B5V5gKFx+BM+xsuzYmdrWUt +Txem4QKBgQDGTEuEy8lX3AO7+iSwjgOC0mooLOR6MoH3iH81GUj+IuiwngIDRtHj +gIh0mNu6vgQkfBkaP27tyr00PBi3SIGAJOLaTKimjEOk0plTw1ewt4apMlhdcT/f +eVEUD7zpX3v1a8mN34wCRUEilpfMvEpIxW3GnDRzxVaXerydLiApJQ== +-----END RSA PRIVATE KEY----- diff --git a/tools/test_apps/protocols/openssl/server_certs/ca.srl b/tools/test_apps/protocols/openssl/server_certs/ca.srl new file mode 100644 index 0000000000..7736761026 --- /dev/null +++ b/tools/test_apps/protocols/openssl/server_certs/ca.srl @@ -0,0 +1 @@ +2F41CC40E62F73ACADA631D44C6D40D87504A661 diff --git a/tools/test_apps/protocols/openssl/server_certs/server.crt b/tools/test_apps/protocols/openssl/server_certs/server.crt new file mode 100644 index 0000000000..3b594d990c --- /dev/null +++ b/tools/test_apps/protocols/openssl/server_certs/server.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDCTCCAfECFC9BzEDmL3OsraYx1ExtQNh1BKZhMA0GCSqGSIb3DQEBCwUAMDYx +CzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQKDAlFc3By +ZXNzaWYwHhcNMjAwOTIzMDgwMDE5WhcNNDgwMjA5MDgwMDE5WjBMMQswCQYDVQQG +EwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTESMBAGA1UECgwJRXNwcmVzc2lmMRQw +EgYDVQQDDAtDb21tb24gTmFtZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBANjphhEwXDfNjysOcPKhLoQQyZa/5ku3bZFHwlNf4XXbkmPOUgjWOq4JMDC6 +WZB93Ey+OJHIowuoPkADlUtsWRgSLizttn50hcO9PWLfd4NBoNJGqJmh38UiS1tB +SO7YaFcAuXkv+SoirMw5bYuRTJQD8G/j5juvsMUWhif9WsYLPYurkksZqvdZHhrG +nRqPD76RwXpzPwMa5OOj3N9jIxrt4NI8vizjS4weq3e/VNNZS6L93CZFFDB+O382 +ijtavThQ+S9LMyHe+EtoGyF/aSJk58pwo0J+u6t1iblHEBz0O3ZEuUn4vjtNSNnz +f2Mbc/MlPWoibTe2uw7XxbHyaQMCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAdpNQ +lPHWiXizOxK46pI2EfeggUTtlAFoDvAT+s2SdlwZKNw6Hf80yFJ55nnOgmiMN9aq +x7oXFBPdxhgWStqR+yN0KRyoc+5AS3lz4m61l2jIRYYhg7ItURxujGQPfHPcmQSp +A+gkMXt0DBsdYBz/xxa4Bgw9S/BWUsXMLPG95SAPpAObSZEs/QXagVg0fxzdZTc9 +fajmP8S/5sO3MM+krpyh1NcrJZKm9poHYCG8bBOz19SNPl46eQHdoud3dstHPn0Q ++Jmg12w4HZ4Z5CU4zcgCWsGf0D/ezg15NEYU5r3hyskqFtTjOdoXY9cTdmgAtPGn +NiUtKzHKywP+pO5h0Q== +-----END CERTIFICATE----- diff --git a/tools/test_apps/protocols/openssl/server_certs/server.csr b/tools/test_apps/protocols/openssl/server_certs/server.csr new file mode 100644 index 0000000000..3fee563f26 --- /dev/null +++ b/tools/test_apps/protocols/openssl/server_certs/server.csr @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICkTCCAXkCAQAwTDELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx +EjAQBgNVBAoMCUVzcHJlc3NpZjEUMBIGA1UEAwwLQ29tbW9uIE5hbWUwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDY6YYRMFw3zY8rDnDyoS6EEMmWv+ZL +t22RR8JTX+F125JjzlII1jquCTAwulmQfdxMvjiRyKMLqD5AA5VLbFkYEi4s7bZ+ +dIXDvT1i33eDQaDSRqiZod/FIktbQUju2GhXALl5L/kqIqzMOW2LkUyUA/Bv4+Y7 +r7DFFoYn/VrGCz2Lq5JLGar3WR4axp0ajw++kcF6cz8DGuTjo9zfYyMa7eDSPL4s +40uMHqt3v1TTWUui/dwmRRQwfjt/Noo7Wr04UPkvSzMh3vhLaBshf2kiZOfKcKNC +frurdYm5RxAc9Dt2RLlJ+L47TUjZ839jG3PzJT1qIm03trsO18Wx8mkDAgMBAAGg +ADANBgkqhkiG9w0BAQsFAAOCAQEArUWZtrKI9cJEVP2WZXmsSI1vlLhSeqyv+d7z +5nx5Nzmyuhkck75sA6h7cTZ+QPyJbaijDv8cVx7ZWNhwhIjOD0f7LGMK3EYa8skv +SA92liKLL6zFWJKeJ/DhfM3PXp3g2jNKOwOuQkmWXdoqgR+VmlgA58gWS3EeBzNT +C1MwqSd2s/DHOOoEg4FRAjH7DXUSW09vph7zRYr7KzDRSAaE+2S0FK2Uxl7pzpUc +M2hh2GJ/yClP06XYl7OMFiIbp0hhyLBLLbXnZeYz570Cu8kCAhtfTE7CUiV7eAaY +2/Bv8/a5qxaVEI2cbjJsmn0RURkXzo0a3FrXJPBeWqsKlPqlBQ== +-----END CERTIFICATE REQUEST----- diff --git a/tools/test_apps/protocols/openssl/server_certs/server.key b/tools/test_apps/protocols/openssl/server_certs/server.key new file mode 100644 index 0000000000..08b49a1a1e --- /dev/null +++ b/tools/test_apps/protocols/openssl/server_certs/server.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEA2OmGETBcN82PKw5w8qEuhBDJlr/mS7dtkUfCU1/hdduSY85S +CNY6rgkwMLpZkH3cTL44kcijC6g+QAOVS2xZGBIuLO22fnSFw709Yt93g0Gg0kao +maHfxSJLW0FI7thoVwC5eS/5KiKszDlti5FMlAPwb+PmO6+wxRaGJ/1axgs9i6uS +Sxmq91keGsadGo8PvpHBenM/Axrk46Pc32MjGu3g0jy+LONLjB6rd79U01lLov3c +JkUUMH47fzaKO1q9OFD5L0szId74S2gbIX9pImTnynCjQn67q3WJuUcQHPQ7dkS5 +Sfi+O01I2fN/Yxtz8yU9aiJtN7a7DtfFsfJpAwIDAQABAoIBAAxoh2/SSWQz0R3Q +bKukhsmtQCrsfVsVeiIWbcphML+SOPSWp+CziJXOFsCi2F7IpGKLeybzyEfxbuYw +jkjLQOl8mMGfM5JWThSdbbaLPAX5Kh79RcXMGcXoKVFmEasAHC/l7bY+BU3gv+vK +2TZjsHLDKuzrp48AhOcxW6lL9/ZeMUcjg1Qr00s1KzYMpnPSQYT+dH5INTX1fxaY +gIOAipe4Xg5nJKB7eqI7B4d6EJaQhp+SIwtb3aZnETqPLRJFlyiqbaUVPDwWQ4qz +HtN+h749OdmhK6xOyfs02fJBrqpfSXT620qNZTsjfq+GoKCPL1VmSSVuzJtDDclH +e6ikPcECgYEA7+GKRCGHrO8QpubcIVr6VoCz9pwdzFxm5DOjVWfR/kJ2i51ne+f5 +VTEfLlsLQmoY54sSm7ojqpqN+lM7vZfZ8S4V9M+6zGq1I6GK0CA4vTB39qRyqMcv +O+DahEQ+H7DlUsZUYMTjyeSlYcd70h2uQiKQSkDaWKpMYhL6n2/lWuMCgYEA53zf +GvhlB3QSw98vE07/xWEaZWpFGBgTdjMRl8lv0H7yiLV319ax5HwSJZrI9nCM23Lk +CiubgVSb8qtwnbJGlsKgvYbngtOsJMOhggAovyYY6U414hJBwRJz4jb9RIub7cpX ++9RQTw15I7UrQW/Gp7PtnViszDwLBMQOhg2dc2ECgYEA0jjcDV09I8bW1w3WuLyc +Sxa7oFGso54O5cqDR6OWmrbwYOZu/F2NWqWT5/IN6gRFExYEFsmH3ElaR5iN8FeV +vhFfWI577A1P9YvqtP6n+tTxLQttGJCGynkBx4xuzSMfteztoWirIBHrBcfmsXsl +bfwQa6JuN+n2yrRLQ1Kys3UCgYBR/gPUPLkkK7Pd1vaIo0mq8trzovF4OEbkbfBE +UCAfvGdRjt01ASGfaWbQFQQrbfAmZoppI8r/wyU9jgXkhVnFWoiuuNLVnv3xQ624 +KzBDjE30jTQ+r/LEXTHYpVuN5NlFH4+MbkZHyeDniesZUWsOyYdXXSpPaNEKThtK +1hW34QKBgAcqVqoKWSFS2Z44LCE/E9npOxFHZdFsXy0U+EbLBNIoIEMbPex1c5ss +nUzpvQcw8wpEcKn8RKIOMzJtdSat5yzGUIpziRHeSdyYK7pnBHn40SR2yQYDH/YO +C9vrJRcoVFDOHmoQITCW/oOfL/QlKWgL54kmdHNDm8IqTKP2JYp4 +-----END RSA PRIVATE KEY-----