forked from wolfSSL/wolfssl
Testing improvements for cert gen and TLS cert validation:
* Fixes to support certificate generation (`WOLFSSL_CERT_GEN`) without RSA enabled. * Added new ECC CA for 384-bit tests. * Created new server cert chain (ECC CA for 256-bit that signs server-ecc.pem) * Created new `./certs/ecc/genecc.sh` script for generating all ECC CA's, generated server cert req (CSR), signing with CA and the required CRL. * Moved the wolfCrypt ECC CA / ECC cert gen test into `ecc_test` as `ecc_test_cert_gen`. * Refactor duplicate code that saves DER to disk, converts DER to PEM and saves PEM to disk into SaveDerAndPem function. * Changed `ecc_test_make_pub` and `ecc_test_key_gen` to use XMALLOC for temp buffers (uses heap instead of stack). * Cleanup to combine all certificate subject information into global `certDefaultName`. * Updated cert request info to use wolfSSL instead of Yassl. * Cleanup to combine keyUsage into `certKeyUsage` and `certKeyUsage2`. * Re-number error codes in rsa_test. * Moved the certext_test after the ecc_test, since it uses a file generated in `ecc_test_cert_gen`.
This commit is contained in:
David Garske
2
.gitignore
vendored
2
.gitignore
vendored
@ -81,6 +81,8 @@ certecc.der
|
||||
certecc.pem
|
||||
othercert.der
|
||||
othercert.pem
|
||||
certeccrsa.der
|
||||
certeccrsa.pem
|
||||
ntru-cert.der
|
||||
ntru-cert.pem
|
||||
ntru-key.raw
|
||||
|
||||
BIN
certs/ca-ecc-cert.der
Executable file
BIN
certs/ca-ecc-cert.der
Executable file
Binary file not shown.
51
certs/ca-ecc-cert.pem
Executable file
51
certs/ca-ecc-cert.pem
Executable file
@ -0,0 +1,51 @@
|
||||
Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
Serial Number: 10982604883445917224 (0x986a0cf40243a628)
|
||||
Signature Algorithm: ecdsa-with-SHA256
|
||||
Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
|
||||
Validity
|
||||
Not Before: Oct 19 19:06:49 2017 GMT
|
||||
Not After : Oct 14 19:06:49 2037 GMT
|
||||
Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
|
||||
Subject Public Key Info:
|
||||
Public Key Algorithm: id-ecPublicKey
|
||||
Public-Key: (256 bit)
|
||||
pub:
|
||||
04:e6:38:df:16:e3:4b:ea:aa:9f:91:a3:f3:32:40:
|
||||
f6:6c:7e:a1:55:01:38:05:fe:6b:39:37:1c:ea:f9:
|
||||
f9:4d:87:4b:2d:2f:4b:54:e5:9b:4a:1a:ba:0d:02:
|
||||
a5:1c:ec:c1:51:30:c9:3c:94:ac:2e:5b:2f:40:f6:
|
||||
3c:a7:7a:d0:68
|
||||
ASN1 OID: prime256v1
|
||||
X509v3 extensions:
|
||||
X509v3 Subject Key Identifier:
|
||||
FD:9D:85:D5:C1:6F:47:EA:C6:75:96:59:25:37:46:8C:61:DB:E1:C3
|
||||
X509v3 Authority Key Identifier:
|
||||
keyid:FD:9D:85:D5:C1:6F:47:EA:C6:75:96:59:25:37:46:8C:61:DB:E1:C3
|
||||
|
||||
X509v3 Basic Constraints: critical
|
||||
CA:TRUE
|
||||
X509v3 Key Usage: critical
|
||||
Digital Signature, Certificate Sign, CRL Sign
|
||||
Signature Algorithm: ecdsa-with-SHA256
|
||||
30:44:02:20:03:cf:3f:6e:26:f7:76:be:98:81:20:57:6b:4a:
|
||||
55:f7:16:19:21:a0:4c:c8:a1:19:83:4c:66:55:2d:43:36:e1:
|
||||
02:20:4d:26:29:2b:f2:38:94:85:7e:a0:13:b6:c5:8d:61:be:
|
||||
96:15:ad:fe:ae:61:ed:a1:88:f9:79:c6:40:57:e4:9b
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIICiTCCAjCgAwIBAgIJAJhqDPQCQ6YoMAoGCCqGSM49BAMCMIGXMQswCQYDVQQG
|
||||
EwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEQMA4G
|
||||
A1UECgwHd29sZlNTTDEUMBIGA1UECwwLRGV2ZWxvcG1lbnQxGDAWBgNVBAMMD3d3
|
||||
dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe
|
||||
Fw0xNzEwMTkxOTA2NDlaFw0zNzEwMTQxOTA2NDlaMIGXMQswCQYDVQQGEwJVUzET
|
||||
MBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEQMA4GA1UECgwH
|
||||
d29sZlNTTDEUMBIGA1UECwwLRGV2ZWxvcG1lbnQxGDAWBgNVBAMMD3d3dy53b2xm
|
||||
c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTBZMBMGByqG
|
||||
SM49AgEGCCqGSM49AwEHA0IABOY43xbjS+qqn5Gj8zJA9mx+oVUBOAX+azk3HOr5
|
||||
+U2HSy0vS1Tlm0oaug0CpRzswVEwyTyUrC5bL0D2PKd60GijYzBhMB0GA1UdDgQW
|
||||
BBT9nYXVwW9H6sZ1llklN0aMYdvhwzAfBgNVHSMEGDAWgBT9nYXVwW9H6sZ1llkl
|
||||
N0aMYdvhwzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAKBggqhkjO
|
||||
PQQDAgNHADBEAiADzz9uJvd2vpiBIFdrSlX3FhkhoEzIoRmDTGZVLUM24QIgTSYp
|
||||
K/I4lIV+oBO2xY1hvpYVrf6uYe2hiPl5xkBX5Js=
|
||||
-----END CERTIFICATE-----
|
||||
BIN
certs/ca-ecc-key.der
Executable file
BIN
certs/ca-ecc-key.der
Executable file
Binary file not shown.
5
certs/ca-ecc-key.pem
Executable file
5
certs/ca-ecc-key.pem
Executable file
@ -0,0 +1,5 @@
|
||||
-----BEGIN PRIVATE KEY-----
|
||||
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgrLj6Fn0Y1kN7krjS
|
||||
pmBtRA6quQ8cOltX0F9nEcurSIehRANCAATmON8W40vqqp+Ro/MyQPZsfqFVATgF
|
||||
/ms5Nxzq+flNh0stL0tU5ZtKGroNAqUc7MFRMMk8lKwuWy9A9jynetBo
|
||||
-----END PRIVATE KEY-----
|
||||
BIN
certs/ca-ecc384-cert.der
Executable file
BIN
certs/ca-ecc384-cert.der
Executable file
Binary file not shown.
56
certs/ca-ecc384-cert.pem
Executable file
56
certs/ca-ecc384-cert.pem
Executable file
@ -0,0 +1,56 @@
|
||||
Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
Serial Number: 12125228858566244640 (0xa84577679727f920)
|
||||
Signature Algorithm: ecdsa-with-SHA384
|
||||
Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
|
||||
Validity
|
||||
Not Before: Oct 19 19:06:49 2017 GMT
|
||||
Not After : Oct 14 19:06:49 2037 GMT
|
||||
Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
|
||||
Subject Public Key Info:
|
||||
Public Key Algorithm: id-ecPublicKey
|
||||
Public-Key: (384 bit)
|
||||
pub:
|
||||
04:11:3c:5c:d0:64:22:a7:0f:c8:b6:40:84:d7:e9:
|
||||
42:13:88:b9:11:b5:8d:9e:bb:40:b4:9e:f7:20:35:
|
||||
2b:f5:dc:59:70:00:19:32:63:de:56:55:6a:0b:d5:
|
||||
29:ba:c1:26:53:3f:11:b4:9c:d1:0e:23:bf:03:2b:
|
||||
46:45:4e:65:f4:77:22:0a:63:e2:49:5d:f0:a7:8c:
|
||||
29:49:00:33:00:b1:40:19:bf:67:3f:d1:f2:4e:6e:
|
||||
1d:18:81:50:eb:13:6a
|
||||
ASN1 OID: secp384r1
|
||||
X509v3 extensions:
|
||||
X509v3 Subject Key Identifier:
|
||||
97:FD:B4:6D:CE:08:B3:02:57:AB:F3:40:D6:1D:AC:75:32:35:AA:F2
|
||||
X509v3 Authority Key Identifier:
|
||||
keyid:97:FD:B4:6D:CE:08:B3:02:57:AB:F3:40:D6:1D:AC:75:32:35:AA:F2
|
||||
|
||||
X509v3 Basic Constraints: critical
|
||||
CA:TRUE
|
||||
X509v3 Key Usage: critical
|
||||
Digital Signature, Certificate Sign, CRL Sign
|
||||
Signature Algorithm: ecdsa-with-SHA384
|
||||
30:65:02:31:00:9d:49:9e:68:10:55:b3:92:89:23:cf:58:fb:
|
||||
04:ee:ab:ed:3e:3c:f6:94:66:d1:bd:16:8e:ca:52:9f:39:f3:
|
||||
d6:47:c0:cb:45:e2:1e:c6:dd:50:08:37:37:ba:ae:e6:72:02:
|
||||
30:6b:38:53:41:32:3e:55:84:39:65:9b:a7:40:98:05:cd:16:
|
||||
fe:dd:54:3a:38:19:f0:63:b9:c1:45:46:dc:b4:4d:47:21:49:
|
||||
fc:5b:63:a8:16:4c:d8:3f:3b:a8:c9:fb:fa
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIICxzCCAk2gAwIBAgIJAKhFd2eXJ/kgMAoGCCqGSM49BAMDMIGXMQswCQYDVQQG
|
||||
EwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEQMA4G
|
||||
A1UECgwHd29sZlNTTDEUMBIGA1UECwwLRGV2ZWxvcG1lbnQxGDAWBgNVBAMMD3d3
|
||||
dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe
|
||||
Fw0xNzEwMTkxOTA2NDlaFw0zNzEwMTQxOTA2NDlaMIGXMQswCQYDVQQGEwJVUzET
|
||||
MBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEQMA4GA1UECgwH
|
||||
d29sZlNTTDEUMBIGA1UECwwLRGV2ZWxvcG1lbnQxGDAWBgNVBAMMD3d3dy53b2xm
|
||||
c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTB2MBAGByqG
|
||||
SM49AgEGBSuBBAAiA2IABBE8XNBkIqcPyLZAhNfpQhOIuRG1jZ67QLSe9yA1K/Xc
|
||||
WXAAGTJj3lZVagvVKbrBJlM/EbSc0Q4jvwMrRkVOZfR3Igpj4kld8KeMKUkAMwCx
|
||||
QBm/Zz/R8k5uHRiBUOsTaqNjMGEwHQYDVR0OBBYEFJf9tG3OCLMCV6vzQNYdrHUy
|
||||
NaryMB8GA1UdIwQYMBaAFJf9tG3OCLMCV6vzQNYdrHUyNaryMA8GA1UdEwEB/wQF
|
||||
MAMBAf8wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMDA2gAMGUCMQCdSZ5oEFWz
|
||||
kokjz1j7BO6r7T489pRm0b0WjspSnznz1kfAy0XiHsbdUAg3N7qu5nICMGs4U0Ey
|
||||
PlWEOWWbp0CYBc0W/t1UOjgZ8GO5wUVG3LRNRyFJ/FtjqBZM2D87qMn7+g==
|
||||
-----END CERTIFICATE-----
|
||||
BIN
certs/ca-ecc384-key.der
Executable file
BIN
certs/ca-ecc384-key.der
Executable file
Binary file not shown.
6
certs/ca-ecc384-key.pem
Executable file
6
certs/ca-ecc384-key.pem
Executable file
@ -0,0 +1,6 @@
|
||||
-----BEGIN PRIVATE KEY-----
|
||||
MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAle3GsRkzyxKVZhvYJ
|
||||
tHOExBgEpBojdYDOXglcBOCtBI5f18eR53bLiu/A8TQo7lyhZANiAAQRPFzQZCKn
|
||||
D8i2QITX6UITiLkRtY2eu0C0nvcgNSv13FlwABkyY95WVWoL1Sm6wSZTPxG0nNEO
|
||||
I78DK0ZFTmX0dyIKY+JJXfCnjClJADMAsUAZv2c/0fJObh0YgVDrE2o=
|
||||
-----END PRIVATE KEY-----
|
||||
30
certs/crl/caEcc384Crl.pem
Executable file
30
certs/crl/caEcc384Crl.pem
Executable file
@ -0,0 +1,30 @@
|
||||
Certificate Revocation List (CRL):
|
||||
Version 2 (0x1)
|
||||
Signature Algorithm: ecdsa-with-SHA256
|
||||
Issuer: /C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Development/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
|
||||
Last Update: Oct 19 19:06:54 2017 GMT
|
||||
Next Update: Jul 15 19:06:54 2020 GMT
|
||||
CRL extensions:
|
||||
X509v3 Authority Key Identifier:
|
||||
keyid:97:FD:B4:6D:CE:08:B3:02:57:AB:F3:40:D6:1D:AC:75:32:35:AA:F2
|
||||
|
||||
X509v3 CRL Number:
|
||||
8193
|
||||
No Revoked Certificates.
|
||||
Signature Algorithm: ecdsa-with-SHA256
|
||||
30:64:02:30:37:0c:54:d6:da:d1:0b:a0:f9:9f:91:91:41:6d:
|
||||
e3:5f:91:1e:1b:18:ad:ef:cd:a9:80:25:1b:47:81:7a:95:64:
|
||||
fe:a3:98:19:be:8f:a7:69:c7:d0:b4:b5:f1:a2:d5:e0:02:30:
|
||||
2a:33:97:79:c7:31:5a:d6:e0:f0:17:ae:2c:72:3a:8e:5e:82:
|
||||
93:87:af:17:1f:6e:83:dc:81:06:6d:3c:6e:2a:9c:b5:50:bd:
|
||||
a5:66:b3:82:de:48:9a:88:84:a4:a0:f3
|
||||
-----BEGIN X509 CRL-----
|
||||
MIIBcTCB+QIBATAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxEzARBgNVBAgM
|
||||
Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZTU0wx
|
||||
FDASBgNVBAsMC0RldmVsb3BtZW50MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
|
||||
HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE3MTAxOTE5MDY1NFoX
|
||||
DTIwMDcxNTE5MDY1NFqgMDAuMB8GA1UdIwQYMBaAFJf9tG3OCLMCV6vzQNYdrHUy
|
||||
NaryMAsGA1UdFAQEAgIgATAKBggqhkjOPQQDAgNnADBkAjA3DFTW2tELoPmfkZFB
|
||||
beNfkR4bGK3vzamAJRtHgXqVZP6jmBm+j6dpx9C0tfGi1eACMCozl3nHMVrW4PAX
|
||||
rixyOo5egpOHrxcfboPcgQZtPG4qnLVQvaVms4LeSJqIhKSg8w==
|
||||
-----END X509 CRL-----
|
||||
28
certs/crl/caEccCrl.pem
Executable file
28
certs/crl/caEccCrl.pem
Executable file
@ -0,0 +1,28 @@
|
||||
Certificate Revocation List (CRL):
|
||||
Version 2 (0x1)
|
||||
Signature Algorithm: ecdsa-with-SHA256
|
||||
Issuer: /C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Development/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
|
||||
Last Update: Oct 19 19:06:54 2017 GMT
|
||||
Next Update: Jul 15 19:06:54 2020 GMT
|
||||
CRL extensions:
|
||||
X509v3 Authority Key Identifier:
|
||||
keyid:FD:9D:85:D5:C1:6F:47:EA:C6:75:96:59:25:37:46:8C:61:DB:E1:C3
|
||||
|
||||
X509v3 CRL Number:
|
||||
8192
|
||||
No Revoked Certificates.
|
||||
Signature Algorithm: ecdsa-with-SHA256
|
||||
30:44:02:20:02:41:b8:0e:b1:33:d2:5e:b5:1f:fd:0d:09:20:
|
||||
46:25:7e:98:09:d2:2e:20:eb:75:cd:b8:ed:ad:b6:b8:80:2a:
|
||||
02:20:2a:56:04:d8:1a:ab:d7:3a:96:bb:a7:06:b2:93:b7:8b:
|
||||
22:da:f8:49:9c:64:2a:24:6e:c1:b5:b3:8d:80:4c:c7
|
||||
-----BEGIN X509 CRL-----
|
||||
MIIBUTCB+QIBATAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxEzARBgNVBAgM
|
||||
Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZTU0wx
|
||||
FDASBgNVBAsMC0RldmVsb3BtZW50MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
|
||||
HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE3MTAxOTE5MDY1NFoX
|
||||
DTIwMDcxNTE5MDY1NFqgMDAuMB8GA1UdIwQYMBaAFP2dhdXBb0fqxnWWWSU3Roxh
|
||||
2+HDMAsGA1UdFAQEAgIgADAKBggqhkjOPQQDAgNHADBEAiACQbgOsTPSXrUf/Q0J
|
||||
IEYlfpgJ0i4g63XNuO2ttriAKgIgKlYE2Bqr1zqWu6cGspO3iyLa+EmcZCokbsG1
|
||||
s42ATMc=
|
||||
-----END X509 CRL-----
|
||||
@ -55,6 +55,28 @@ mv tmp crl.revoked
|
||||
# remove revoked so next time through the normal CA won't have server revoked
|
||||
cp blank.index.txt demoCA/index.txt
|
||||
|
||||
# caEccCrl
|
||||
openssl ca -config ../renewcerts/wolfssl.cnf -revoke ../server-revoked-cert.pem -keyfile ../ca-ecc-key.pem -cert ../ca-ecc-cert.pem
|
||||
|
||||
openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out caEccCrl.pem -keyfile ../ca-ecc-key.pem -cert ../ca-ecc-cert.pem
|
||||
|
||||
# metadata
|
||||
openssl crl -in caEccCrl.pem -text > tmp
|
||||
mv tmp caEccCrl.pem
|
||||
# install (only needed if working outside wolfssl)
|
||||
#cp caEccCrl.pem ~/wolfssl/certs/crl/caEccCrl.pem
|
||||
|
||||
# caEcc384Crl
|
||||
openssl ca -config ../renewcerts/wolfssl.cnf -revoke ../server-revoked-cert.pem -keyfile ../ca-ecc384-key.pem -cert ../ca-ecc384-cert.pem
|
||||
|
||||
openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out caEcc384Crl.pem -keyfile ../ca-ecc384-key.pem -cert ../ca-ecc384-cert.pem
|
||||
|
||||
# metadata
|
||||
openssl crl -in caEcc384Crl.pem -text > tmp
|
||||
mv tmp caEcc384Crl.pem
|
||||
# install (only needed if working outside wolfssl)
|
||||
#cp caEcc384Crl.pem ~/wolfssl/certs/crl/caEcc384Crl.pem
|
||||
|
||||
# cliCrl
|
||||
openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out cliCrl.pem -keyfile ../client-key.pem -cert ../client-cert.pem
|
||||
|
||||
|
||||
@ -7,9 +7,9 @@ EXTRA_DIST += \
|
||||
certs/crl/cliCrl.pem \
|
||||
certs/crl/eccSrvCRL.pem \
|
||||
certs/crl/eccCliCRL.pem \
|
||||
certs/crl/crl2.pem
|
||||
certs/crl/crl2.pem \
|
||||
certs/crl/caEccCrl.pem \
|
||||
certs/crl/caEcc384Crl.pem
|
||||
|
||||
EXTRA_DIST += \
|
||||
certs/crl/crl.revoked
|
||||
|
||||
|
||||
|
||||
51
certs/ecc/genecc.sh
Executable file
51
certs/ecc/genecc.sh
Executable file
@ -0,0 +1,51 @@
|
||||
#!/bin/bash
|
||||
|
||||
# run from wolfssl root
|
||||
|
||||
rm ./certs/ecc/*.old
|
||||
rm ./certs/ecc/index.txt*
|
||||
rm ./certs/ecc/serial
|
||||
rm ./certs/ecc/crlnumber
|
||||
|
||||
touch ./certs/ecc/index.txt
|
||||
echo 1000 > ./certs/ecc/serial
|
||||
echo 2000 > ./certs/ecc/crlnumber
|
||||
|
||||
# generate ECC 256-bit CA
|
||||
openssl ecparam -out ./certs/ca-ecc-key.par -name prime256v1
|
||||
openssl req -config ./certs/ecc/wolfssl.cnf -extensions v3_ca -x509 -nodes -newkey ec:./certs/ca-ecc-key.par -keyout ./certs/ca-ecc-key.pem -out ./certs/ca-ecc-cert.pem -sha256 -days 7300 -batch -subj "/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Development/CN=www.wolfssl.com/emailAddress=info@wolfssl.com"
|
||||
|
||||
openssl x509 -in ./certs/ca-ecc-cert.pem -inform PEM -out ./certs/ca-ecc-cert.der -outform DER
|
||||
openssl ec -in ./certs/ca-ecc-key.pem -inform PEM -out ./certs/ca-ecc-key.der -outform DER
|
||||
|
||||
rm ./certs/ca-ecc-key.par
|
||||
|
||||
# generate ECC 384-bit CA
|
||||
openssl ecparam -out ./certs/ca-ecc384-key.par -name secp384r1
|
||||
openssl req -config ./certs/ecc/wolfssl.cnf -extensions v3_ca -x509 -nodes -newkey ec:./certs/ca-ecc384-key.par -keyout ./certs/ca-ecc384-key.pem -out ./certs/ca-ecc384-cert.pem -sha384 -days 7300 -batch -subj "/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Development/CN=www.wolfssl.com/emailAddress=info@wolfssl.com"
|
||||
|
||||
openssl x509 -in ./certs/ca-ecc384-cert.pem -inform PEM -out ./certs/ca-ecc384-cert.der -outform DER
|
||||
openssl ec -in ./certs/ca-ecc384-key.pem -inform PEM -out ./certs/ca-ecc384-key.der -outform DER
|
||||
|
||||
rm ./certs/ca-ecc384-key.par
|
||||
|
||||
|
||||
# Generate ECC 256-bit server cert
|
||||
openssl req -config ./certs/ecc/wolfssl.cnf -sha256 -new -key ./certs/ecc-key.pem -out ./certs/server-ecc-req.pem -subj "/C=US/ST=Washington/L=Seattle/O=Eliptic/OU=ECC/CN=www.wolfssl.com/emailAddress=info@wolfssl.com/"
|
||||
openssl x509 -req -in ./certs/server-ecc-req.pem -CA ./certs/ca-ecc-cert.pem -CAkey ./certs/ca-ecc-key.pem -CAcreateserial -out ./certs/server-ecc.pem -sha256
|
||||
|
||||
# Sign server certificate
|
||||
openssl ca -config ./certs/ecc/wolfssl.cnf -extensions server_cert -days 3650 -notext -md sha256 -in ./certs/server-ecc-req.pem -out ./certs/server-ecc.pem
|
||||
openssl x509 -in ./certs/server-ecc.pem -outform der -out ./certs/server-ecc.der
|
||||
|
||||
rm ./certs/server-ecc-req.pem
|
||||
|
||||
# Gen CRL
|
||||
openssl ca -config ./certs/ecc/wolfssl.cnf -gencrl -crldays 1000 -out ./certs/crl/caEccCrl.pem -keyfile ./certs/ca-ecc-key.pem -cert ./certs/ca-ecc-cert.pem
|
||||
openssl ca -config ./certs/ecc/wolfssl.cnf -gencrl -crldays 1000 -out ./certs/crl/caEcc384Crl.pem -keyfile ./certs/ca-ecc384-key.pem -cert ./certs/ca-ecc384-cert.pem
|
||||
|
||||
# Also manually need to:
|
||||
# 1. Copy ./certs/server-ecc.der into ./certs/test/server-cert-ecc-badsig.der `cp ./certs/server-ecc.der ./certs/test/server-cert-ecc-badsig.der`
|
||||
# 2. Modify last byte so its invalidates signature in ./certs/test/server-cert-ecc-badsig.der
|
||||
# 3. Covert bad cert to pem `openssl x509 -inform der -in ./certs/test/server-cert-ecc-badsig.der -outform pem -out ./certs/test/server-cert-ecc-badsig.pem`
|
||||
# 4. Update AKID's for CA's in test.c certext_test() function akid_ecc.
|
||||
8
certs/ecc/include.am
Normal file
8
certs/ecc/include.am
Normal file
@ -0,0 +1,8 @@
|
||||
# vim:ft=automake
|
||||
# All paths should be given relative to the root
|
||||
#
|
||||
|
||||
EXTRA_DIST += \
|
||||
certs/ecc/genecc.sh \
|
||||
certs/ecc/wolfssl.cnf
|
||||
|
||||
109
certs/ecc/wolfssl.cnf
Normal file
109
certs/ecc/wolfssl.cnf
Normal file
@ -0,0 +1,109 @@
|
||||
[ ca ]
|
||||
# `man ca`
|
||||
default_ca = CA_default
|
||||
|
||||
[ CA_default ]
|
||||
# Directory and file locations.
|
||||
dir = .
|
||||
certs = $dir/certs
|
||||
new_certs_dir = $dir/certs
|
||||
database = $dir/certs/ecc/index.txt
|
||||
serial = $dir/certs/ecc/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
|
||||
# The root key and root certificate.
|
||||
private_key = $dir/certs/ca-ecc-key.pem
|
||||
certificate = $dir/certs/ca-ecc-cert.pem
|
||||
|
||||
# For certificate revocation lists.
|
||||
crlnumber = $dir/certs/ecc/crlnumber
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 1000
|
||||
|
||||
# SHA-1 is deprecated, so use SHA-2 instead.
|
||||
default_md = sha256
|
||||
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 3650
|
||||
preserve = no
|
||||
policy = policy_loose
|
||||
|
||||
|
||||
[ policy_strict ]
|
||||
# The root CA should only sign intermediate certificates that match.
|
||||
# See the POLICY FORMAT section of `man ca`.
|
||||
countryName = match
|
||||
stateOrProvinceName = match
|
||||
organizationName = match
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[ policy_loose ]
|
||||
# Allow the intermediate CA to sign a more diverse range of certificates.
|
||||
# See the POLICY FORMAT section of the `ca` man page.
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
localityName = optional
|
||||
organizationName = optional
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[ req ]
|
||||
# Options for the `req` tool (`man req`).
|
||||
default_bits = 2048
|
||||
distinguished_name = req_distinguished_name
|
||||
string_mask = utf8only
|
||||
|
||||
# SHA-1 is deprecated, so use SHA-2 instead.
|
||||
default_md = sha256
|
||||
|
||||
# Extension to add when the -x509 option is used.
|
||||
x509_extensions = v3_ca
|
||||
|
||||
[ req_distinguished_name ]
|
||||
countryName = US
|
||||
stateOrProvinceName = Washington
|
||||
localityName = Seattle
|
||||
0.organizationName = wolfSSL
|
||||
organizationalUnitName = Development
|
||||
commonName = www.wolfssl.com
|
||||
emailAddress = info@wolfssl.com
|
||||
|
||||
[ v3_ca ]
|
||||
# Extensions for a typical CA (`man x509v3_config`).
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
|
||||
[ v3_intermediate_ca ]
|
||||
# Extensions for a typical intermediate CA (`man x509v3_config`).
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true, pathlen:0
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
|
||||
[ usr_cert ]
|
||||
# Extensions for client certificates (`man x509v3_config`).
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = client, email
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = clientAuth, emailProtection
|
||||
|
||||
[ server_cert ]
|
||||
# Extensions for server certificates (`man x509v3_config`).
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = server
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer:always
|
||||
keyUsage = critical, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = serverAuth
|
||||
|
||||
[ crl_ext ]
|
||||
# Extension for CRLs (`man x509v3_config`).
|
||||
authorityKeyIdentifier=keyid:always
|
||||
53
certs/include.am
Normal file → Executable file
53
certs/include.am
Normal file → Executable file
@ -21,6 +21,7 @@ EXTRA_DIST += \
|
||||
certs/dh2048.pem \
|
||||
certs/server-cert.pem \
|
||||
certs/server-ecc.pem \
|
||||
certs/server-ecc-self.pem \
|
||||
certs/server-ecc-comp.pem \
|
||||
certs/server-ecc-rsa.pem \
|
||||
certs/server-keyEnc.pem \
|
||||
@ -35,8 +36,8 @@ EXTRA_DIST += \
|
||||
certs/wolfssl-website-ca.pem \
|
||||
certs/test-servercert.p12 \
|
||||
certs/dsaparams.pem \
|
||||
certs/ecc-privOnlyKey.pem \
|
||||
certs/ecc-privOnlyCert.pem \
|
||||
certs/ecc-privOnlyKey.pem \
|
||||
certs/ecc-privOnlyCert.pem \
|
||||
certs/dh3072.pem \
|
||||
certs/client-cert-3072.pem \
|
||||
certs/client-key-3072.pem
|
||||
@ -58,25 +59,40 @@ EXTRA_DIST += \
|
||||
certs/server-cert.der \
|
||||
certs/server-ecc-comp.der \
|
||||
certs/server-ecc.der \
|
||||
certs/server-ecc-self.der \
|
||||
certs/server-ecc-rsa.der \
|
||||
certs/server-cert-chain.der
|
||||
EXTRA_DIST += \
|
||||
certs/ed25519/ca-ed25519.der \
|
||||
certs/ed25519/ca-ed25519-key.der \
|
||||
certs/ed25519/ca-ed25519-key.pem \
|
||||
certs/ed25519/ca-ed25519.pem \
|
||||
certs/ed25519/client-ed25519.der \
|
||||
certs/ed25519/client-ed25519-key.der \
|
||||
certs/ed25519/client-ed25519-key.pem \
|
||||
certs/ed25519/client-ed25519.pem \
|
||||
certs/ed25519/root-ed25519.der \
|
||||
certs/ed25519/root-ed25519-key.der \
|
||||
certs/ed25519/root-ed25519-key.pem \
|
||||
certs/ed25519/root-ed25519.pem \
|
||||
certs/ed25519/server-ed25519.der \
|
||||
certs/ed25519/server-ed25519-key.der \
|
||||
certs/ed25519/server-ed25519-key.pem \
|
||||
certs/ed25519/server-ed25519.pem
|
||||
certs/ed25519/ca-ed25519.der \
|
||||
certs/ed25519/ca-ed25519-key.der \
|
||||
certs/ed25519/ca-ed25519-key.pem \
|
||||
certs/ed25519/ca-ed25519.pem \
|
||||
certs/ed25519/client-ed25519.der \
|
||||
certs/ed25519/client-ed25519-key.der \
|
||||
certs/ed25519/client-ed25519-key.pem \
|
||||
certs/ed25519/client-ed25519.pem \
|
||||
certs/ed25519/root-ed25519.der \
|
||||
certs/ed25519/root-ed25519-key.der \
|
||||
certs/ed25519/root-ed25519-key.pem \
|
||||
certs/ed25519/root-ed25519.pem \
|
||||
certs/ed25519/server-ed25519.der \
|
||||
certs/ed25519/server-ed25519-key.der \
|
||||
certs/ed25519/server-ed25519-key.pem \
|
||||
certs/ed25519/server-ed25519.pem
|
||||
|
||||
# ECC CA prime256v1
|
||||
EXTRA_DIST += \
|
||||
certs/ca-ecc-cert.der \
|
||||
certs/ca-ecc-cert.pem \
|
||||
certs/ca-ecc-key.der \
|
||||
certs/ca-ecc-key.pem
|
||||
|
||||
# ECC CA SECP384R1
|
||||
EXTRA_DIST += \
|
||||
certs/ca-ecc384-cert.der \
|
||||
certs/ca-ecc384-cert.pem \
|
||||
certs/ca-ecc384-key.der \
|
||||
certs/ca-ecc384-key.pem
|
||||
|
||||
dist_doc_DATA+= certs/taoCert.txt
|
||||
|
||||
@ -85,3 +101,4 @@ EXTRA_DIST+= certs/ntru-key.raw
|
||||
include certs/test/include.am
|
||||
include certs/test-pathlen/include.am
|
||||
include certs/test/include.am
|
||||
include certs/ecc/include.am
|
||||
|
||||
BIN
certs/server-ecc-self.der
Normal file
BIN
certs/server-ecc-self.der
Normal file
Binary file not shown.
56
certs/server-ecc-self.pem
Normal file
56
certs/server-ecc-self.pem
Normal file
@ -0,0 +1,56 @@
|
||||
Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
Serial Number:
|
||||
ef:46:c7:a4:9b:bb:60:d3
|
||||
Signature Algorithm: ecdsa-with-SHA256
|
||||
Issuer: C=US, ST=Washington, L=Seattle, O=Eliptic, OU=ECC, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
|
||||
Validity
|
||||
Not Before: Aug 11 20:07:38 2016 GMT
|
||||
Not After : May 8 20:07:38 2019 GMT
|
||||
Subject: C=US, ST=Washington, L=Seattle, O=Eliptic, OU=ECC, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
|
||||
Subject Public Key Info:
|
||||
Public Key Algorithm: id-ecPublicKey
|
||||
Public-Key: (256 bit)
|
||||
pub:
|
||||
04:bb:33:ac:4c:27:50:4a:c6:4a:a5:04:c3:3c:de:
|
||||
9f:36:db:72:2d:ce:94:ea:2b:fa:cb:20:09:39:2c:
|
||||
16:e8:61:02:e9:af:4d:d3:02:93:9a:31:5b:97:92:
|
||||
21:7f:f0:cf:18:da:91:11:02:34:86:e8:20:58:33:
|
||||
0b:80:34:89:d8
|
||||
ASN1 OID: prime256v1
|
||||
NIST CURVE: P-256
|
||||
X509v3 extensions:
|
||||
X509v3 Subject Key Identifier:
|
||||
5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30
|
||||
X509v3 Authority Key Identifier:
|
||||
keyid:5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30
|
||||
DirName:/C=US/ST=Washington/L=Seattle/O=Eliptic/OU=ECC/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
|
||||
serial:EF:46:C7:A4:9B:BB:60:D3
|
||||
|
||||
X509v3 Basic Constraints:
|
||||
CA:TRUE
|
||||
Signature Algorithm: ecdsa-with-SHA256
|
||||
30:46:02:21:00:f1:d0:a6:3e:83:33:24:d1:7a:05:5f:1e:0e:
|
||||
bd:7d:6b:33:e9:f2:86:f3:f3:3d:a9:ef:6a:87:31:b3:b7:7e:
|
||||
50:02:21:00:f0:60:dd:ce:a2:db:56:ec:d9:f4:e4:e3:25:d4:
|
||||
b0:c9:25:7d:ca:7a:5d:ba:c4:b2:f6:7d:04:c7:bd:62:c9:20
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDEDCCArWgAwIBAgIJAO9Gx6Sbu2DTMAoGCCqGSM49BAMCMIGPMQswCQYDVQQG
|
||||
EwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEQMA4G
|
||||
A1UECgwHRWxpcHRpYzEMMAoGA1UECwwDRUNDMRgwFgYDVQQDDA93d3cud29sZnNz
|
||||
bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwODEx
|
||||
MjAwNzM4WhcNMTkwNTA4MjAwNzM4WjCBjzELMAkGA1UEBhMCVVMxEzARBgNVBAgM
|
||||
Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB0VsaXB0aWMx
|
||||
DDAKBgNVBAsMA0VDQzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZI
|
||||
hvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD
|
||||
QgAEuzOsTCdQSsZKpQTDPN6fNttyLc6U6iv6yyAJOSwW6GEC6a9N0wKTmjFbl5Ih
|
||||
f/DPGNqREQI0huggWDMLgDSJ2KOB9zCB9DAdBgNVHQ4EFgQUXV0m76x+NvmbdhUr
|
||||
SiUCI++yiTAwgcQGA1UdIwSBvDCBuYAUXV0m76x+NvmbdhUrSiUCI++yiTChgZWk
|
||||
gZIwgY8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQH
|
||||
DAdTZWF0dGxlMRAwDgYDVQQKDAdFbGlwdGljMQwwCgYDVQQLDANFQ0MxGDAWBgNV
|
||||
BAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3Ns
|
||||
LmNvbYIJAO9Gx6Sbu2DTMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIh
|
||||
APHQpj6DMyTRegVfHg69fWsz6fKG8/M9qe9qhzGzt35QAiEA8GDdzqLbVuzZ9OTj
|
||||
JdSwySV9ynpdusSy9n0Ex71iySA=
|
||||
-----END CERTIFICATE-----
|
||||
BIN
certs/server-ecc.der
Normal file → Executable file
BIN
certs/server-ecc.der
Normal file → Executable file
Binary file not shown.
69
certs/server-ecc.pem
Normal file → Executable file
69
certs/server-ecc.pem
Normal file → Executable file
@ -1,13 +1,12 @@
|
||||
Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
Serial Number:
|
||||
ef:46:c7:a4:9b:bb:60:d3
|
||||
Serial Number: 4096 (0x1000)
|
||||
Signature Algorithm: ecdsa-with-SHA256
|
||||
Issuer: C=US, ST=Washington, L=Seattle, O=Eliptic, OU=ECC, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
|
||||
Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
|
||||
Validity
|
||||
Not Before: Aug 11 20:07:38 2016 GMT
|
||||
Not After : May 8 20:07:38 2019 GMT
|
||||
Not Before: Oct 19 19:06:49 2017 GMT
|
||||
Not After : Oct 17 19:06:49 2027 GMT
|
||||
Subject: C=US, ST=Washington, L=Seattle, O=Eliptic, OU=ECC, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
|
||||
Subject Public Key Info:
|
||||
Public Key Algorithm: id-ecPublicKey
|
||||
@ -19,38 +18,44 @@ Certificate:
|
||||
21:7f:f0:cf:18:da:91:11:02:34:86:e8:20:58:33:
|
||||
0b:80:34:89:d8
|
||||
ASN1 OID: prime256v1
|
||||
NIST CURVE: P-256
|
||||
X509v3 extensions:
|
||||
X509v3 Basic Constraints:
|
||||
CA:FALSE
|
||||
Netscape Cert Type:
|
||||
SSL Server
|
||||
X509v3 Subject Key Identifier:
|
||||
5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30
|
||||
X509v3 Authority Key Identifier:
|
||||
keyid:5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30
|
||||
DirName:/C=US/ST=Washington/L=Seattle/O=Eliptic/OU=ECC/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
|
||||
serial:EF:46:C7:A4:9B:BB:60:D3
|
||||
keyid:FD:9D:85:D5:C1:6F:47:EA:C6:75:96:59:25:37:46:8C:61:DB:E1:C3
|
||||
DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Development/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
|
||||
serial:98:6A:0C:F4:02:43:A6:28
|
||||
|
||||
X509v3 Basic Constraints:
|
||||
CA:TRUE
|
||||
X509v3 Key Usage: critical
|
||||
Digital Signature, Key Encipherment
|
||||
X509v3 Extended Key Usage:
|
||||
TLS Web Server Authentication
|
||||
Signature Algorithm: ecdsa-with-SHA256
|
||||
30:46:02:21:00:f1:d0:a6:3e:83:33:24:d1:7a:05:5f:1e:0e:
|
||||
bd:7d:6b:33:e9:f2:86:f3:f3:3d:a9:ef:6a:87:31:b3:b7:7e:
|
||||
50:02:21:00:f0:60:dd:ce:a2:db:56:ec:d9:f4:e4:e3:25:d4:
|
||||
b0:c9:25:7d:ca:7a:5d:ba:c4:b2:f6:7d:04:c7:bd:62:c9:20
|
||||
30:45:02:21:00:ce:09:22:ab:21:c1:30:80:33:4b:b4:75:19:
|
||||
0b:37:e5:18:c6:6a:48:b1:a6:2a:0c:d0:91:96:d3:97:db:75:
|
||||
cf:02:20:03:97:6b:90:e1:2e:20:10:e7:bf:c3:25:97:4d:a8:
|
||||
07:9e:14:86:99:bd:87:98:fd:2e:d2:4d:1f:da:52:92:b9
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDEDCCArWgAwIBAgIJAO9Gx6Sbu2DTMAoGCCqGSM49BAMCMIGPMQswCQYDVQQG
|
||||
EwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEQMA4G
|
||||
A1UECgwHRWxpcHRpYzEMMAoGA1UECwwDRUNDMRgwFgYDVQQDDA93d3cud29sZnNz
|
||||
bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwODEx
|
||||
MjAwNzM4WhcNMTkwNTA4MjAwNzM4WjCBjzELMAkGA1UEBhMCVVMxEzARBgNVBAgM
|
||||
Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB0VsaXB0aWMx
|
||||
DDAKBgNVBAsMA0VDQzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZI
|
||||
hvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD
|
||||
QgAEuzOsTCdQSsZKpQTDPN6fNttyLc6U6iv6yyAJOSwW6GEC6a9N0wKTmjFbl5Ih
|
||||
f/DPGNqREQI0huggWDMLgDSJ2KOB9zCB9DAdBgNVHQ4EFgQUXV0m76x+NvmbdhUr
|
||||
SiUCI++yiTAwgcQGA1UdIwSBvDCBuYAUXV0m76x+NvmbdhUrSiUCI++yiTChgZWk
|
||||
gZIwgY8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQH
|
||||
DAdTZWF0dGxlMRAwDgYDVQQKDAdFbGlwdGljMQwwCgYDVQQLDANFQ0MxGDAWBgNV
|
||||
BAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3Ns
|
||||
LmNvbYIJAO9Gx6Sbu2DTMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIh
|
||||
APHQpj6DMyTRegVfHg69fWsz6fKG8/M9qe9qhzGzt35QAiEA8GDdzqLbVuzZ9OTj
|
||||
JdSwySV9ynpdusSy9n0Ex71iySA=
|
||||
MIIDTzCCAvWgAwIBAgICEAAwCgYIKoZIzj0EAwIwgZcxCzAJBgNVBAYTAlVTMRMw
|
||||
EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3
|
||||
b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UEAwwPd3d3LndvbGZz
|
||||
c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE3MTAx
|
||||
OTE5MDY0OVoXDTI3MTAxNzE5MDY0OVowgY8xCzAJBgNVBAYTAlVTMRMwEQYDVQQI
|
||||
DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAdFbGlwdGlj
|
||||
MQwwCgYDVQQLDANFQ0MxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
|
||||
SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEH
|
||||
A0IABLszrEwnUErGSqUEwzzenzbbci3OlOor+ssgCTksFuhhAumvTdMCk5oxW5eS
|
||||
IX/wzxjakRECNIboIFgzC4A0idijggE1MIIBMTAJBgNVHRMEAjAAMBEGCWCGSAGG
|
||||
+EIBAQQEAwIGQDAdBgNVHQ4EFgQUXV0m76x+NvmbdhUrSiUCI++yiTAwgcwGA1Ud
|
||||
IwSBxDCBwYAU/Z2F1cFvR+rGdZZZJTdGjGHb4cOhgZ2kgZowgZcxCzAJBgNVBAYT
|
||||
AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD
|
||||
VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UEAwwPd3d3
|
||||
LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkA
|
||||
mGoM9AJDpigwDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAoG
|
||||
CCqGSM49BAMCA0gAMEUCIQDOCSKrIcEwgDNLtHUZCzflGMZqSLGmKgzQkZbTl9t1
|
||||
zwIgA5drkOEuIBDnv8Mll02oB54Uhpm9h5j9LtJNH9pSkrk=
|
||||
-----END CERTIFICATE-----
|
||||
|
||||
@ -11,3 +11,9 @@ EXTRA_DIST += \
|
||||
certs/test/gen-ext-certs.sh \
|
||||
certs/test/server-duplicate-policy.pem
|
||||
|
||||
# The certs/server-cert with the last byte (signature byte) changed
|
||||
EXTRA_DIST += \
|
||||
certs/test/server-cert-rsa-badsig.der \
|
||||
certs/test/server-cert-rsa-badsig.pem \
|
||||
certs/test/server-cert-ecc-badsig.der \
|
||||
certs/test/server-cert-ecc-badsig.pem
|
||||
|
||||
BIN
certs/test/server-cert-ecc-badsig.der
Executable file
BIN
certs/test/server-cert-ecc-badsig.der
Executable file
Binary file not shown.
20
certs/test/server-cert-ecc-badsig.pem
Executable file
20
certs/test/server-cert-ecc-badsig.pem
Executable file
@ -0,0 +1,20 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDTzCCAvWgAwIBAgICEAAwCgYIKoZIzj0EAwIwgZcxCzAJBgNVBAYTAlVTMRMw
|
||||
EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3
|
||||
b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UEAwwPd3d3LndvbGZz
|
||||
c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE3MTAx
|
||||
OTE5MDY0OVoXDTI3MTAxNzE5MDY0OVowgY8xCzAJBgNVBAYTAlVTMRMwEQYDVQQI
|
||||
DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAdFbGlwdGlj
|
||||
MQwwCgYDVQQLDANFQ0MxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
|
||||
SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEH
|
||||
A0IABLszrEwnUErGSqUEwzzenzbbci3OlOor+ssgCTksFuhhAumvTdMCk5oxW5eS
|
||||
IX/wzxjakRECNIboIFgzC4A0idijggE1MIIBMTAJBgNVHRMEAjAAMBEGCWCGSAGG
|
||||
+EIBAQQEAwIGQDAdBgNVHQ4EFgQUXV0m76x+NvmbdhUrSiUCI++yiTAwgcwGA1Ud
|
||||
IwSBxDCBwYAU/Z2F1cFvR+rGdZZZJTdGjGHb4cOhgZ2kgZowgZcxCzAJBgNVBAYT
|
||||
AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD
|
||||
VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UEAwwPd3d3
|
||||
LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkA
|
||||
mGoM9AJDpigwDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAoG
|
||||
CCqGSM49BAMCA0gAMEUCIQDOCSKrIcEwgDNLtHUZCzflGMZqSLGmKgzQkZbTl9t1
|
||||
zwIgA5drkOEuIBDnv8Mll02oB54Uhpm9h5j9LtJNH9pSkro=
|
||||
-----END CERTIFICATE-----
|
||||
BIN
certs/test/server-cert-rsa-badsig.der
Normal file
BIN
certs/test/server-cert-rsa-badsig.der
Normal file
Binary file not shown.
27
certs/test/server-cert-rsa-badsig.pem
Normal file
27
certs/test/server-cert-rsa-badsig.pem
Normal file
@ -0,0 +1,27 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIEnjCCA4agAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
|
||||
EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
|
||||
d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
|
||||
bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwODEx
|
||||
MjAwNzM3WhcNMTkwNTA4MjAwNzM3WjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
|
||||
B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxEDAO
|
||||
BgNVBAsMB1N1cHBvcnQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
|
||||
SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
|
||||
ADCCAQoCggEBAMCVCOFXQfJxbbfSRUEnAWXGRa7yvCQwuJXOL07W9hyIvHyf+6hn
|
||||
f/5cnFF194rKB+c1L4/hvXvAL3yrZKgX/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/X
|
||||
GQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBjxfZ/C1loeHOmjBipAm2vwxkBLrgQ48bM
|
||||
QLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq
|
||||
0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3uhPSl3PiXSXJag3DOWCktLBpQkIJ
|
||||
6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAAaOB/DCB+TAdBgNVHQ4EFgQU
|
||||
sxEyyZKYhOLJ+NA7bgNCyh8OjjwwgckGA1UdIwSBwTCBvoAUJ45nEXTDJh0/7TNj
|
||||
s6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5h
|
||||
MRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwK
|
||||
Q29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcN
|
||||
AQkBFhBpbmZvQHdvbGZzc2wuY29tggkAt7aQM2YbayMwDAYDVR0TBAUwAwEB/zAN
|
||||
BgkqhkiG9w0BAQsFAAOCAQEAUf4q3wd+Q8pmjRXEK9tXsgZtDZBm/6UknBTvgfKk
|
||||
q5mpakkgpdJx5xw8mQfHR/zolrT1QjDOOQFL0cLovJWEh85VXZefz3jzVpulCG2s
|
||||
9qVcxO8+KjmmSCYpey3gzaaMV0gLuzEywr/ZQ0xHJRiBqMkzgkGbumGG14STFyQl
|
||||
NspNY2tPlXnYYOAe9azBiqGxfoWOhyAvCDGtXsZKyGH0ngceoiLtc3yF7vpi3FA2
|
||||
qv3HnaoYBPvqzCxom7OpwpbYwcxafvcNngjgnSmLhEaP05Fqtbh6XMxPVQG4mkig
|
||||
lEPKJUdSCvf0vrDRcW2lUkplULKtTh3gbAHY+0OA5uQMOA==
|
||||
-----END CERTIFICATE-----
|
||||
12
configure.ac
12
configure.ac
@ -3631,6 +3631,18 @@ fi
|
||||
AM_CONDITIONAL([BUILD_TRUST_PEER_CERT], [test "x$have_tp" = "xyes"])
|
||||
|
||||
|
||||
# dertermine if we have key validation mechanism
|
||||
if test "x$ENABLED_ECC" = "xyes" || test "x$ENABLED_RSA" = "xyes"
|
||||
then
|
||||
if test "x$ENABLED_ASN" = "xyes"
|
||||
then
|
||||
ENABLED_PKI="yes"
|
||||
fi
|
||||
fi
|
||||
AM_CONDITIONAL([BUILD_PKI], [test "x$ENABLED_PKI" = "xyes"])
|
||||
|
||||
|
||||
|
||||
################################################################################
|
||||
# Check for build-type conflicts #
|
||||
################################################################################
|
||||
|
||||
@ -736,7 +736,7 @@ static void Usage(void)
|
||||
#ifdef HAVE_WNR
|
||||
printf("-q <file> Whitewood config file, default %s\n", wnrConfig);
|
||||
#endif
|
||||
printf("-H Force use of the default cipher suite list\n");
|
||||
printf("-H <arg> Internal tests [defCipherList, badCert]\n");
|
||||
#ifdef WOLFSSL_TLS13
|
||||
printf("-J Use HelloRetryRequest to choose group for KE\n");
|
||||
printf("-K Key Exchange for PSK not using (EC)DHE\n");
|
||||
@ -826,6 +826,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
unsigned char alpn_opt = 0;
|
||||
char* cipherList = NULL;
|
||||
int useDefCipherList = 0;
|
||||
int useBadCert = 0;
|
||||
const char* verifyCert = caCertFile;
|
||||
const char* ourCert = cliCertFile;
|
||||
const char* ourKey = cliKeyFile;
|
||||
@ -887,7 +888,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
((func_args*)args)->return_code = -1; /* error state */
|
||||
|
||||
#ifdef NO_RSA
|
||||
verifyCert = (char*)eccCertFile;
|
||||
verifyCert = (char*)caEccCertFile;
|
||||
ourCert = (char*)cliEccCertFile;
|
||||
ourKey = (char*)cliEccKeyFile;
|
||||
#endif
|
||||
@ -910,6 +911,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
(void)updateKeysIVs;
|
||||
(void)useX25519;
|
||||
(void)helloRetry;
|
||||
(void)useBadCert;
|
||||
|
||||
StackTrap();
|
||||
|
||||
@ -917,7 +919,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
/* Not used: All used */
|
||||
while ((ch = mygetopt(argc, argv, "?"
|
||||
"ab:c:defgh:ijk:l:mnop:q:rstuv:wxyz"
|
||||
"A:B:CDE:F:GHIJKL:M:NO:PQRS:TUVW:XYZ:"
|
||||
"A:B:CDE:F:GH:IJKL:M:NO:PQRS:TUVW:XYZ:"
|
||||
"03:")) != -1) {
|
||||
switch (ch) {
|
||||
case '?' :
|
||||
@ -1026,7 +1028,18 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
break;
|
||||
|
||||
case 'H' :
|
||||
useDefCipherList = 1;
|
||||
if (XSTRNCMP(myoptarg, "defCipherList", 13) == 0) {
|
||||
printf("Using default cipher list for testing\n");
|
||||
useDefCipherList = 1;
|
||||
}
|
||||
else if (XSTRNCMP(myoptarg, "badCert", 7) == 0) {
|
||||
printf("Using bad certificate for testing\n");
|
||||
useBadCert = 1;
|
||||
}
|
||||
else {
|
||||
Usage();
|
||||
exit(MY_EX_USAGE);
|
||||
}
|
||||
break;
|
||||
|
||||
case 'A' :
|
||||
@ -1461,7 +1474,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
defaultCipherList = "PSK-AES128-CBC-SHA256";
|
||||
#endif
|
||||
if (wolfSSL_CTX_set_cipher_list(ctx,defaultCipherList)
|
||||
!=WOLFSSL_SUCCESS) {
|
||||
!=WOLFSSL_SUCCESS) {
|
||||
wolfSSL_CTX_free(ctx);
|
||||
err_sys("client can't set cipher list 2");
|
||||
}
|
||||
@ -1477,7 +1490,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
if (cipherList == NULL || (cipherList && useDefCipherList)) {
|
||||
wolfSSL_CTX_allow_anon_cipher(ctx);
|
||||
if (wolfSSL_CTX_set_cipher_list(ctx,"ADH-AES128-SHA")
|
||||
!= WOLFSSL_SUCCESS) {
|
||||
!= WOLFSSL_SUCCESS) {
|
||||
wolfSSL_CTX_free(ctx);
|
||||
err_sys("client can't set cipher list 4");
|
||||
}
|
||||
@ -1531,7 +1544,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
if (useClientCert){
|
||||
#if !defined(NO_FILESYSTEM)
|
||||
if (wolfSSL_CTX_use_certificate_chain_file(ctx, ourCert)
|
||||
!= WOLFSSL_SUCCESS) {
|
||||
!= WOLFSSL_SUCCESS) {
|
||||
wolfSSL_CTX_free(ctx);
|
||||
err_sys("can't load client cert file, check file and run from"
|
||||
" wolfSSL home dir");
|
||||
@ -1549,10 +1562,19 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
#endif /* !defined(NO_FILESYSTEM) */
|
||||
}
|
||||
|
||||
/* for testing only - use client cert as CA to force no signer error */
|
||||
if (useBadCert) {
|
||||
#if !defined(NO_RSA)
|
||||
verifyCert = "./certs/client-cert.pem";
|
||||
#elif defined(HAVE_ECC)
|
||||
verifyCert = "./certs/client-ecc-cert.pem";
|
||||
#endif
|
||||
}
|
||||
|
||||
if (!usePsk && !useAnon && !useVerifyCb) {
|
||||
#if !defined(NO_FILESYSTEM)
|
||||
if (wolfSSL_CTX_load_verify_locations(ctx, verifyCert,0)
|
||||
!= WOLFSSL_SUCCESS) {
|
||||
!= WOLFSSL_SUCCESS) {
|
||||
wolfSSL_CTX_free(ctx);
|
||||
err_sys("can't load ca file, Please run from wolfSSL home dir");
|
||||
}
|
||||
@ -1562,7 +1584,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
#ifdef HAVE_ECC
|
||||
/* load ecc verify too, echoserver uses it by default w/ ecc */
|
||||
#if !defined(NO_FILESYSTEM)
|
||||
if (wolfSSL_CTX_load_verify_locations(ctx, eccCertFile, 0) != WOLFSSL_SUCCESS) {
|
||||
if (wolfSSL_CTX_load_verify_locations(ctx, eccCertFile, 0)
|
||||
!= WOLFSSL_SUCCESS) {
|
||||
wolfSSL_CTX_free(ctx);
|
||||
err_sys("can't load ecc ca file, Please run from wolfSSL home dir");
|
||||
}
|
||||
@ -1573,7 +1596,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
#if defined(WOLFSSL_TRUST_PEER_CERT) && !defined(NO_FILESYSTEM)
|
||||
if (trustCert) {
|
||||
if ((ret = wolfSSL_CTX_trust_peer_cert(ctx, trustCert,
|
||||
WOLFSSL_FILETYPE_PEM)) != WOLFSSL_SUCCESS) {
|
||||
WOLFSSL_FILETYPE_PEM)) != WOLFSSL_SUCCESS) {
|
||||
wolfSSL_CTX_free(ctx);
|
||||
err_sys("can't load trusted peer cert file");
|
||||
}
|
||||
@ -1599,7 +1622,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
#ifdef HAVE_SNI
|
||||
if (sniHostName)
|
||||
if (wolfSSL_CTX_UseSNI(ctx, 0, sniHostName, XSTRLEN(sniHostName))
|
||||
!= WOLFSSL_SUCCESS) {
|
||||
!= WOLFSSL_SUCCESS) {
|
||||
wolfSSL_CTX_free(ctx);
|
||||
err_sys("UseSNI failed");
|
||||
}
|
||||
@ -1634,11 +1657,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
#if defined(HAVE_CURVE25519) && defined(HAVE_SUPPORTED_CURVES)
|
||||
if (useX25519) {
|
||||
if (wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_X25519)
|
||||
!= WOLFSSL_SUCCESS) {
|
||||
!= WOLFSSL_SUCCESS) {
|
||||
err_sys("unable to support X25519");
|
||||
}
|
||||
if (wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_SECP256R1)
|
||||
!= WOLFSSL_SUCCESS) {
|
||||
!= WOLFSSL_SUCCESS) {
|
||||
err_sys("unable to support secp256r1");
|
||||
}
|
||||
}
|
||||
@ -1688,7 +1711,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
if (doMcast) {
|
||||
#ifdef WOLFSSL_MULTICAST
|
||||
wolfSSL_CTX_mcast_set_member_id(ctx, mcastID);
|
||||
if (wolfSSL_CTX_set_cipher_list(ctx, "WDM-NULL-SHA256") != WOLFSSL_SUCCESS) {
|
||||
if (wolfSSL_CTX_set_cipher_list(ctx, "WDM-NULL-SHA256")
|
||||
!= WOLFSSL_SUCCESS) {
|
||||
wolfSSL_CTX_free(ctx);
|
||||
err_sys("Couldn't set multicast cipher list.");
|
||||
}
|
||||
@ -1733,7 +1757,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
}
|
||||
if (onlyKeyShare == 0 || onlyKeyShare == 1) {
|
||||
#ifdef HAVE_FFDHE_2048
|
||||
if (wolfSSL_UseKeyShare(ssl, WOLFSSL_FFDHE_2048) != WOLFSSL_SUCCESS) {
|
||||
if (wolfSSL_UseKeyShare(ssl, WOLFSSL_FFDHE_2048)
|
||||
!= WOLFSSL_SUCCESS) {
|
||||
err_sys("unable to use DH 2048-bit parameters");
|
||||
}
|
||||
#endif
|
||||
@ -1756,7 +1781,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
XMEMSET(sr, 0x5A, sizeof(sr));
|
||||
|
||||
if (wolfSSL_set_secret(ssl, 1, pms, sizeof(pms), cr, sr, suite)
|
||||
!= WOLFSSL_SUCCESS) {
|
||||
!= WOLFSSL_SUCCESS) {
|
||||
wolfSSL_CTX_free(ctx);
|
||||
err_sys("unable to set mcast secret");
|
||||
}
|
||||
@ -1778,7 +1803,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
switch (statusRequest) {
|
||||
case WOLFSSL_CSR_OCSP:
|
||||
if (wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR_OCSP,
|
||||
WOLFSSL_CSR_OCSP_USE_NONCE) != WOLFSSL_SUCCESS) {
|
||||
WOLFSSL_CSR_OCSP_USE_NONCE) != WOLFSSL_SUCCESS) {
|
||||
wolfSSL_free(ssl);
|
||||
wolfSSL_CTX_free(ctx);
|
||||
err_sys("UseCertificateStatusRequest failed");
|
||||
@ -1796,7 +1821,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
case WOLFSSL_CSR2_OCSP:
|
||||
if (wolfSSL_UseOCSPStaplingV2(ssl,
|
||||
WOLFSSL_CSR2_OCSP, WOLFSSL_CSR2_OCSP_USE_NONCE)
|
||||
!= WOLFSSL_SUCCESS) {
|
||||
!= WOLFSSL_SUCCESS) {
|
||||
wolfSSL_free(ssl);
|
||||
wolfSSL_CTX_free(ctx);
|
||||
err_sys("UseCertificateStatusRequest failed");
|
||||
@ -1805,7 +1830,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
case WOLFSSL_CSR2_OCSP_MULTI:
|
||||
if (wolfSSL_UseOCSPStaplingV2(ssl,
|
||||
WOLFSSL_CSR2_OCSP_MULTI, 0)
|
||||
!= WOLFSSL_SUCCESS) {
|
||||
!= WOLFSSL_SUCCESS) {
|
||||
wolfSSL_free(ssl);
|
||||
wolfSSL_CTX_free(ctx);
|
||||
err_sys("UseCertificateStatusRequest failed");
|
||||
@ -1846,7 +1871,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
err_sys("can't enable crl check");
|
||||
}
|
||||
if (wolfSSL_LoadCRL(ssl, crlPemDir, WOLFSSL_FILETYPE_PEM, 0)
|
||||
!= WOLFSSL_SUCCESS) {
|
||||
!= WOLFSSL_SUCCESS) {
|
||||
wolfSSL_free(ssl);
|
||||
wolfSSL_CTX_free(ctx);
|
||||
err_sys("can't load crl, check crlfile and date validity");
|
||||
|
||||
@ -139,7 +139,7 @@ void echoclient_test(void* args)
|
||||
err_sys("can't load ca file, Please run from wolfSSL home dir");
|
||||
#endif
|
||||
#ifdef HAVE_ECC
|
||||
if (SSL_CTX_load_verify_locations(ctx, eccCertFile, 0) != WOLFSSL_SUCCESS)
|
||||
if (SSL_CTX_load_verify_locations(ctx, caEccCertFile, 0) != WOLFSSL_SUCCESS)
|
||||
err_sys("can't load ca file, Please run from wolfSSL home dir");
|
||||
#endif
|
||||
#elif !defined(NO_CERTS)
|
||||
|
||||
@ -411,7 +411,7 @@ static void Usage(void)
|
||||
#endif
|
||||
printf("-g Return basic HTML web page\n");
|
||||
printf("-C <num> The number of connections to accept, default: 1\n");
|
||||
printf("-H Force use of the default cipher suite list\n");
|
||||
printf("-H <arg> Internal tests [defCipherList, badCert]\n");
|
||||
#ifdef WOLFSSL_TLS13
|
||||
printf("-K Key Exchange for PSK not using (EC)DHE\n");
|
||||
printf("-U Update keys and IVs before sending\n");
|
||||
@ -481,6 +481,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
|
||||
unsigned char alpn_opt = 0;
|
||||
char* cipherList = NULL;
|
||||
int useDefCipherList = 0;
|
||||
int useBadCert = 0;
|
||||
const char* verifyCert = cliCertFile;
|
||||
const char* ourCert = svrCertFile;
|
||||
const char* ourKey = svrKeyFile;
|
||||
@ -561,6 +562,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
|
||||
(void)readySignal;
|
||||
(void)updateKeysIVs;
|
||||
(void)mcastID;
|
||||
(void)useBadCert;
|
||||
|
||||
#ifdef CYASSL_TIRTOS
|
||||
fdOpenSession(Task_self());
|
||||
@ -572,7 +574,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
|
||||
/* Not Used: h, m, t, y, z, F, M, T, V, W, X, Y */
|
||||
while ((ch = mygetopt(argc, argv, "?"
|
||||
"abc:defgijk:l:nop:q:rsuv:wx"
|
||||
"A:B:C:D:E:GHIJKL:NO:PQR:S:UYZ:"
|
||||
"A:B:C:D:E:GH:IJKL:NO:PQR:S:UYZ:"
|
||||
"03:")) != -1) {
|
||||
switch (ch) {
|
||||
case '?' :
|
||||
@ -656,7 +658,18 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
|
||||
break;
|
||||
|
||||
case 'H' :
|
||||
useDefCipherList = 1;
|
||||
if (XSTRNCMP(myoptarg, "defCipherList", 13) == 0) {
|
||||
printf("Using default cipher list for testing\n");
|
||||
useDefCipherList = 1;
|
||||
}
|
||||
else if (XSTRNCMP(myoptarg, "badCert", 7) == 0) {
|
||||
printf("Using bad certificate for testing\n");
|
||||
useBadCert = 1;
|
||||
}
|
||||
else {
|
||||
Usage();
|
||||
exit(MY_EX_USAGE);
|
||||
}
|
||||
break;
|
||||
|
||||
case 'A' :
|
||||
@ -969,6 +982,15 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
|
||||
#endif
|
||||
|
||||
#if !defined(NO_CERTS)
|
||||
/* for testing only - use bad cert as server cert for sig confirm err */
|
||||
if (useBadCert) {
|
||||
#if !defined(NO_RSA)
|
||||
ourCert = "./certs/test/server-cert-rsa-badsig.pem";
|
||||
#elif defined(HAVE_ECC)
|
||||
ourCert = "./certs/test/server-cert-ecc-badsig.pem";
|
||||
#endif
|
||||
}
|
||||
|
||||
if ((!usePsk || usePskPlus) && !useAnon) {
|
||||
#if !defined(NO_FILESYSTEM)
|
||||
if (SSL_CTX_use_certificate_chain_file(ctx, ourCert)
|
||||
@ -1063,8 +1085,8 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
|
||||
if using PSK Plus then verify peer certs except PSK suites */
|
||||
if (doCliCertCheck && (usePsk == 0 || usePskPlus) && useAnon == 0) {
|
||||
SSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER |
|
||||
((usePskPlus)? WOLFSSL_VERIFY_FAIL_EXCEPT_PSK :
|
||||
WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT),0);
|
||||
(usePskPlus ? WOLFSSL_VERIFY_FAIL_EXCEPT_PSK :
|
||||
WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT), 0);
|
||||
if (SSL_CTX_load_verify_locations(ctx, verifyCert, 0) != WOLFSSL_SUCCESS)
|
||||
err_sys_ex(runWithErrors, "can't load ca file, Please run from wolfSSL home dir");
|
||||
#ifdef WOLFSSL_TRUST_PEER_CERT
|
||||
|
||||
@ -26,7 +26,19 @@ my @fileList_ecc = (
|
||||
[ "./certs/ecc-keyPub.der", "ecc_key_pub_der_256" ],
|
||||
[ "./certs/server-ecc-comp.der", "serv_ecc_comp_der_256" ],
|
||||
[ "./certs/server-ecc-rsa.der", "serv_ecc_rsa_der_256" ],
|
||||
[ "./certs/server-ecc.der", "serv_ecc_der_256" ]
|
||||
[ "./certs/server-ecc.der", "serv_ecc_der_256" ],
|
||||
[ "./certs/ca-ecc-key.der", "ca_ecc_key_der_256" ],
|
||||
[ "./certs/ca-ecc-cert.der", "ca_ecc_cert_der_256" ],
|
||||
[ "./certs/ca-ecc384-key.der", "ca_ecc_key_der_384" ],
|
||||
[ "./certs/ca-ecc384-cert.der", "ca_ecc_cert_der_384" ]
|
||||
);
|
||||
|
||||
|
||||
# ed25519 keys and certs
|
||||
# Used with HAVE_ED25519 define.
|
||||
my @fileList_ed = (
|
||||
[ "./certs/ed25519/server-ed25519.der", "server_ed25519_cert" ],
|
||||
[ "./certs/ed25519/ca-ed25519.der", "ca_ed25519_cert" ]
|
||||
);
|
||||
|
||||
# 1024-bit certs/keys to be converted
|
||||
@ -64,6 +76,7 @@ my @fileList_2048 = (
|
||||
# ----------------------------------------------------------------------------
|
||||
|
||||
my $num_ecc = @fileList_ecc;
|
||||
my $num_ed = @fileList_ed;
|
||||
my $num_1024 = @fileList_1024;
|
||||
my $num_2048 = @fileList_2048;
|
||||
|
||||
@ -109,7 +122,7 @@ for (my $i = 0; $i < $num_2048; $i++) {
|
||||
|
||||
print OUT_FILE "#endif /* USE_CERT_BUFFERS_2048 */\n\n";
|
||||
|
||||
# convert and print 256-bit cert/keys
|
||||
# convert and print ECC cert/keys
|
||||
print OUT_FILE "#if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)\n\n";
|
||||
for (my $i = 0; $i < $num_ecc; $i++) {
|
||||
|
||||
@ -147,6 +160,23 @@ static const unsigned char dh_g[] =
|
||||
{
|
||||
0x02,
|
||||
};\n\n";
|
||||
|
||||
# convert and print ed25519 cert/keys
|
||||
print OUT_FILE "#if defined(HAVE_ED25519)\n\n";
|
||||
for (my $i = 0; $i < $num_ed; $i++) {
|
||||
|
||||
my $fname = $fileList_ed[$i][0];
|
||||
my $sname = $fileList_ed[$i][1];
|
||||
|
||||
print OUT_FILE "/* $fname, ED25519 */\n";
|
||||
print OUT_FILE "static const unsigned char $sname\[] =\n";
|
||||
print OUT_FILE "{\n";
|
||||
file_to_hex($fname);
|
||||
print OUT_FILE "};\n";
|
||||
print OUT_FILE "static const int sizeof_$sname = sizeof($sname);\n\n";
|
||||
}
|
||||
print OUT_FILE "#endif /* HAVE_ED25519 */\n\n";
|
||||
|
||||
print OUT_FILE "#endif /* WOLFSSL_CERTS_TEST_H */\n\n";
|
||||
|
||||
# close certs_test.h file
|
||||
|
||||
@ -11,6 +11,12 @@ endif
|
||||
if BUILD_EXAMPLE_SERVERS
|
||||
|
||||
dist_noinst_SCRIPTS+= scripts/resume.test
|
||||
|
||||
# only run this test if we have the ability to support cert validation
|
||||
if BUILD_PKI
|
||||
dist_noinst_SCRIPTS+= scripts/tls-cert-fail.test
|
||||
endif
|
||||
|
||||
EXTRA_DIST+= scripts/benchmark.test
|
||||
|
||||
if BUILD_CRL
|
||||
|
||||
@ -269,9 +269,12 @@ do
|
||||
psk=""
|
||||
adh=""
|
||||
port=$openssl_port
|
||||
caCert=""
|
||||
case $wolfSuite in
|
||||
*ECDH-RSA*)
|
||||
port=$ecdh_port ;;
|
||||
*ECDHE-ECDSA*|*ECDH-ECDSA*)
|
||||
caCert="-A./certs/ca-ecc-cert.pem" ;;
|
||||
*PSK*)
|
||||
psk="-s " ;;
|
||||
*ADH*)
|
||||
@ -280,10 +283,10 @@ do
|
||||
|
||||
if [ $version -lt 4 ]
|
||||
then
|
||||
./examples/client/client -p $port -g -r -l $wolfSuite -v $version $psk $adh
|
||||
./examples/client/client -p $port -g -r -l $wolfSuite -v $version $psk $adh $caCert
|
||||
else
|
||||
# do all versions
|
||||
./examples/client/client -p $port -g -r -l $wolfSuite $psk $adh
|
||||
./examples/client/client -p $port -g -r -l $wolfSuite $psk $adh $caCert
|
||||
fi
|
||||
|
||||
client_result=$?
|
||||
|
||||
173
scripts/tls-cert-fail.test
Executable file
173
scripts/tls-cert-fail.test
Executable file
@ -0,0 +1,173 @@
|
||||
#!/bin/sh
|
||||
|
||||
#tls-cert-fail.test
|
||||
|
||||
asn_no_signer_e="-188"
|
||||
asn_sig_confirm_e="-155"
|
||||
exit_code=1
|
||||
counter=0
|
||||
|
||||
# need a unique resume port since may run the same time as testsuite
|
||||
# use server port zero hack to get one
|
||||
tls_port=0
|
||||
|
||||
#no_pid tells us process was never started if -1
|
||||
no_pid=-1
|
||||
|
||||
#server_pid captured on startup, stores the id of the server process
|
||||
server_pid=$no_pid
|
||||
|
||||
# let's use absolute path to a local dir (make distcheck may be in sub dir)
|
||||
# also let's add some randomness by adding pid in case multiple 'make check's
|
||||
# per source tree
|
||||
ready_file=`pwd`/wolfssl_tls_ready$$
|
||||
|
||||
remove_ready_file() {
|
||||
if test -e $ready_file; then
|
||||
echo -e "removing existing ready file"
|
||||
rm $ready_file
|
||||
fi
|
||||
}
|
||||
|
||||
# trap this function so if user aborts with ^C or other kill signal we still
|
||||
# get an exit that will in turn clean up the file system
|
||||
abort_trap() {
|
||||
echo "script aborted"
|
||||
|
||||
if [ $server_pid != $no_pid ]
|
||||
then
|
||||
echo "killing server"
|
||||
kill -9 $server_pid
|
||||
fi
|
||||
|
||||
exit_code=2 #different exit code in case of user interrupt
|
||||
|
||||
echo "got abort signal, exiting with $exit_code"
|
||||
exit $exit_code
|
||||
}
|
||||
trap abort_trap INT TERM
|
||||
|
||||
|
||||
# trap this function so that if we exit on an error the file system will still
|
||||
# be restored and the other tests may still pass. Never call this function
|
||||
# instead use "exit <some value>" and this function will run automatically
|
||||
restore_file_system() {
|
||||
remove_ready_file
|
||||
}
|
||||
trap restore_file_system EXIT
|
||||
|
||||
run_tls_no_signer_test() {
|
||||
echo -e "\nStarting example server for tls no signer fail test...\n"
|
||||
|
||||
remove_ready_file
|
||||
|
||||
# starts the server on tls_port, -R generates ready file to be used as a
|
||||
# mutex lock. We capture the processid into the variable server_pid
|
||||
./examples/server/server -R $ready_file -p $tls_port &
|
||||
server_pid=$!
|
||||
|
||||
while [ ! -s $ready_file -a "$counter" -lt 20 ]; do
|
||||
echo -e "waiting for ready file..."
|
||||
sleep 0.1
|
||||
counter=$((counter+ 1))
|
||||
done
|
||||
|
||||
if test -e $ready_file; then
|
||||
echo -e "found ready file, starting client..."
|
||||
else
|
||||
echo -e "NO ready file ending test..."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# get created port 0 ephemeral port
|
||||
tls_port=`cat $ready_file`
|
||||
|
||||
# starts client on tls_port and captures the output from client
|
||||
capture_out=$(./examples/client/client -p $tls_port -H badCert 2>&1)
|
||||
client_result=$?
|
||||
|
||||
wait $server_pid
|
||||
server_result=$?
|
||||
|
||||
case "$capture_out" in
|
||||
*$asn_no_signer_e*)
|
||||
# only exit with zero on detection of the expected error code
|
||||
echo ""
|
||||
echo "$capture_out"
|
||||
echo ""
|
||||
echo "No signer error as expected! Test pass"
|
||||
echo ""
|
||||
exit_code=0
|
||||
;;
|
||||
*)
|
||||
echo ""
|
||||
echo "Client did not return asn_no_signer_e as expected: $capture_out"
|
||||
echo ""
|
||||
exit_code=1
|
||||
esac
|
||||
}
|
||||
|
||||
run_tls_sig_confirm_test() {
|
||||
echo -e "\nStarting example server for tls sig confirm fail test...\n"
|
||||
|
||||
remove_ready_file
|
||||
|
||||
# starts the server on tls_port, -R generates ready file to be used as a
|
||||
# mutex lock. We capture the processid into the variable server_pid
|
||||
./examples/server/server -R $ready_file -p $tls_port -H badCert &
|
||||
server_pid=$!
|
||||
|
||||
while [ ! -s $ready_file -a "$counter" -lt 20 ]; do
|
||||
echo -e "waiting for ready file..."
|
||||
sleep 0.1
|
||||
counter=$((counter+ 1))
|
||||
done
|
||||
|
||||
if test -e $ready_file; then
|
||||
echo -e "found ready file, starting client..."
|
||||
else
|
||||
echo -e "NO ready file ending test..."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# get created port 0 ephemeral port
|
||||
tls_port=`cat $ready_file`
|
||||
|
||||
# starts client on tls_port and captures the output from client
|
||||
capture_out=$(./examples/client/client -p $tls_port 2>&1)
|
||||
client_result=$?
|
||||
|
||||
wait $server_pid
|
||||
server_result=$?
|
||||
|
||||
case "$capture_out" in
|
||||
*$asn_sig_confirm_e*)
|
||||
# only exit with zero on detection of the expected error code
|
||||
echo ""
|
||||
echo "$capture_out"
|
||||
echo ""
|
||||
echo "Sig confirm error as expected! Test pass"
|
||||
echo ""
|
||||
exit_code=0
|
||||
;;
|
||||
*)
|
||||
echo ""
|
||||
echo "Client did not return asn_sig_confirm_e as expected: $capture_out"
|
||||
echo ""
|
||||
exit_code=1
|
||||
esac
|
||||
}
|
||||
|
||||
|
||||
######### begin program #########
|
||||
|
||||
# run the test
|
||||
run_tls_no_signer_test
|
||||
|
||||
tls_port=0
|
||||
run_tls_sig_confirm_test
|
||||
|
||||
echo "exiting with $exit_code"
|
||||
exit $exit_code
|
||||
########## end program ##########
|
||||
|
||||
@ -181,7 +181,7 @@ port=0
|
||||
./examples/server/server -v 4 -A certs/client-ecc-cert.pem -c certs/server-ecc.pem -k certs/ecc-key.pem -R $ready_file -p $port &
|
||||
server_pid=$!
|
||||
create_port
|
||||
./examples/client/client -v 4 -A certs/server-ecc.pem -c certs/client-ecc-cert.pem -k certs/ecc-client-key.pem -p $port
|
||||
./examples/client/client -v 4 -A certs/ca-ecc-cert.pem -c certs/client-ecc-cert.pem -k certs/ecc-client-key.pem -p $port
|
||||
RESULT=$?
|
||||
remove_ready_file
|
||||
if [ $RESULT -ne 0 ]; then
|
||||
|
||||
@ -10641,7 +10641,7 @@ static void test_wc_ecc_get_curve_id_from_params(void)
|
||||
{
|
||||
int ret = 0;
|
||||
/* self-signed ECC cert, so use server cert as CA */
|
||||
const char* ca_cert = "./certs/server-ecc.pem";
|
||||
const char* ca_cert = "./certs/ca-ecc-cert.pem";
|
||||
const char* server_cert = "./certs/server-ecc.der";
|
||||
byte* cert_buf = NULL;
|
||||
size_t cert_sz = 0;
|
||||
|
||||
@ -54,7 +54,7 @@ static char flagSep[] = " ";
|
||||
static char portFlag[] = "-p";
|
||||
static char svrPort[] = "0";
|
||||
#endif
|
||||
static char forceDefCipherListFlag[] = "-H";
|
||||
static char forceDefCipherListFlag[] = "-HdefCipherList";
|
||||
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
static int devId = INVALID_DEVID;
|
||||
|
||||
@ -29,7 +29,7 @@
|
||||
-u
|
||||
-v 3
|
||||
-l ECDHE-ECDSA-CHACHA20-POLY1305
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.2 DHE-PSK-CHACHA20-POLY1305
|
||||
-u
|
||||
@ -98,7 +98,7 @@
|
||||
-u
|
||||
-v 3
|
||||
-l ECDHE-ECDSA-CHACHA20-POLY1305-OLD
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server DTLSv1 IDEA-CBC-SHA
|
||||
-u
|
||||
@ -291,7 +291,7 @@
|
||||
-u
|
||||
-v 1
|
||||
-l ECDHE-ECDSA-NULL-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.1 ECDHE-ECDSA-NULL-SHA
|
||||
-u
|
||||
@ -304,7 +304,7 @@
|
||||
-u
|
||||
-v 2
|
||||
-l ECDHE-ECDSA-NULL-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.2 ECDHE-ECDSA-NULL-SHA
|
||||
-u
|
||||
@ -317,7 +317,7 @@
|
||||
-u
|
||||
-v 3
|
||||
-l ECDHE-ECDSA-NULL-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server DTLSv1.1 ECDHE-ECDSA-DES3
|
||||
-u
|
||||
@ -330,7 +330,7 @@
|
||||
-u
|
||||
-v 2
|
||||
-l ECDHE-ECDSA-DES-CBC3-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server DTLSv1.1 ECDHE-ECDSA-AES128
|
||||
-u
|
||||
@ -343,7 +343,7 @@
|
||||
-u
|
||||
-v 2
|
||||
-l ECDHE-ECDSA-AES128-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server DTLSv1.1 ECDHE-ECDSA-AES256
|
||||
-u
|
||||
@ -356,7 +356,7 @@
|
||||
-u
|
||||
-v 2
|
||||
-l ECDHE-ECDSA-AES256-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server DTLSv1.2 ECDHE-ECDSA-DES3
|
||||
-u
|
||||
@ -369,7 +369,7 @@
|
||||
-u
|
||||
-v 3
|
||||
-l ECDHE-ECDSA-DES-CBC3-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server DTLSv1.2 ECDHE-ECDSA-AES128
|
||||
-u
|
||||
@ -382,7 +382,7 @@
|
||||
-u
|
||||
-v 3
|
||||
-l ECDHE-ECDSA-AES128-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server DTLSv1.2 ECDHE-ECDSA-AES128-SHA256
|
||||
-u
|
||||
@ -395,7 +395,7 @@
|
||||
-u
|
||||
-v 3
|
||||
-l ECDHE-ECDSA-AES128-SHA256
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server DTLSv1.2 ECDHE-ECDSA-AES256
|
||||
-u
|
||||
@ -408,7 +408,7 @@
|
||||
-u
|
||||
-v 3
|
||||
-l ECDHE-ECDSA-AES256-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server DTLSv1.1 ECDH-RSA-DES3
|
||||
-u
|
||||
@ -505,7 +505,7 @@
|
||||
-u
|
||||
-v 2
|
||||
-l ECDH-ECDSA-DES-CBC3-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server DTLSv1.1 ECDH-ECDSA-AES128
|
||||
-u
|
||||
@ -518,7 +518,7 @@
|
||||
-u
|
||||
-v 2
|
||||
-l ECDH-ECDSA-AES128-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server DTLSv1.1 ECDH-ECDSA-AES256
|
||||
-u
|
||||
@ -531,7 +531,7 @@
|
||||
-u
|
||||
-v 2
|
||||
-l ECDH-ECDSA-AES256-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server DTLSv1.2 ECDH-ECDSA-DES3
|
||||
-u
|
||||
@ -544,7 +544,7 @@
|
||||
-u
|
||||
-v 3
|
||||
-l ECDH-ECDSA-DES-CBC3-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server DTLSv1.2 ECDH-ECDSA-AES128
|
||||
-u
|
||||
@ -557,7 +557,7 @@
|
||||
-u
|
||||
-v 3
|
||||
-l ECDH-ECDSA-AES128-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server DTLSv1.2 ECDH-ECDSA-AES128-SHA256
|
||||
-u
|
||||
@ -570,7 +570,7 @@
|
||||
-u
|
||||
-v 3
|
||||
-l ECDH-ECDSA-AES128-SHA256
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server DTLSv1.2 ECDH-ECDSA-AES256
|
||||
-u
|
||||
@ -583,7 +583,7 @@
|
||||
-u
|
||||
-v 3
|
||||
-l ECDH-ECDSA-AES256-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server DTLSv1.2 ECDHE-RSA-AES256-SHA384
|
||||
-u
|
||||
@ -606,7 +606,7 @@
|
||||
-u
|
||||
-v 3
|
||||
-l ECDHE-ECDSA-AES256-SHA384
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server DTLSv1.2 ECDH-RSA-AES256-SHA384
|
||||
-u
|
||||
@ -631,7 +631,7 @@
|
||||
-u
|
||||
-v 3
|
||||
-l ECDH-ECDSA-AES256-SHA384
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1 ECDHE-PSK-AES128-SHA256
|
||||
-s
|
||||
@ -788,7 +788,7 @@
|
||||
-u
|
||||
-v 3
|
||||
-l ECDHE-ECDSA-AES128-GCM-SHA256
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
|
||||
-u
|
||||
@ -801,7 +801,7 @@
|
||||
-u
|
||||
-v 3
|
||||
-l ECDHE-ECDSA-AES256-GCM-SHA384
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server DTLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256
|
||||
-u
|
||||
@ -814,7 +814,7 @@
|
||||
-u
|
||||
-v 3
|
||||
-l ECDH-ECDSA-AES128-GCM-SHA256
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server DTLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384
|
||||
-u
|
||||
@ -827,7 +827,7 @@
|
||||
-u
|
||||
-v 3
|
||||
-l ECDH-ECDSA-AES256-GCM-SHA384
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server DTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
|
||||
-u
|
||||
@ -908,7 +908,7 @@
|
||||
-u
|
||||
-v 3
|
||||
-l ECDHE-ECDSA-AES128-CCM
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server DTLSv1.2 ECDHE-ECDSA-AES128-CCM-8
|
||||
-u
|
||||
@ -921,7 +921,7 @@
|
||||
-u
|
||||
-v 3
|
||||
-l ECDHE-ECDSA-AES128-CCM-8
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server DTLSv1.2 ECDHE-ECDSA-AES256-CCM-8
|
||||
-u
|
||||
@ -934,7 +934,7 @@
|
||||
-u
|
||||
-v 3
|
||||
-l ECDHE-ECDSA-AES256-CCM-8
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server DTLSv1.2 ADH-AES128-SHA
|
||||
-u
|
||||
|
||||
@ -53,7 +53,7 @@
|
||||
# client TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305-OLD
|
||||
-v 3
|
||||
-l QSH:ECDHE-ECDSA-CHACHA20-POLY1305-OLD
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.2 DHE-RSA-CHACHA20-POLY1305
|
||||
-v 3
|
||||
@ -80,7 +80,7 @@
|
||||
# client TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305
|
||||
-v 3
|
||||
-l QSH:ECDHE-ECDSA-CHACHA20-POLY1305
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server SSLv3 RC4-SHA
|
||||
-v 0
|
||||
@ -339,7 +339,7 @@
|
||||
# client TLSv1 ECDHE-ECDSA-NULL-SHA
|
||||
-v 1
|
||||
-l QSH:ECDHE-ECDSA-NULL-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.1 ECDHE-ECDSA-NULL-SHA
|
||||
-v 2
|
||||
@ -350,7 +350,7 @@
|
||||
# client TLSv1 ECDHE-ECDSA-NULL-SHA
|
||||
-v 2
|
||||
-l QSH:ECDHE-ECDSA-NULL-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.2 ECDHE-ECDSA-NULL-SHA
|
||||
-v 3
|
||||
@ -361,7 +361,7 @@
|
||||
# client TLSv1.2 ECDHE-ECDSA-NULL-SHA
|
||||
-v 3
|
||||
-l QSH:ECDHE-ECDSA-NULL-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.1 ECDHE-RSA-RC4
|
||||
-v 2
|
||||
@ -444,7 +444,7 @@
|
||||
# client TLSv1 ECDHE-ECDSA-RC4
|
||||
-v 1
|
||||
-l QSH:ECDHE-ECDSA-RC4-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1 ECDHE-ECDSA-DES3
|
||||
-v 1
|
||||
@ -455,7 +455,7 @@
|
||||
# client TLSv1 ECDHE-ECDSA-DES3
|
||||
-v 1
|
||||
-l QSH:ECDHE-ECDSA-DES-CBC3-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1 ECDHE-ECDSA-AES128
|
||||
-v 1
|
||||
@ -466,7 +466,7 @@
|
||||
# client TLSv1 ECDHE-ECDSA-AES128
|
||||
-v 1
|
||||
-l QSH:ECDHE-ECDSA-AES128-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1 ECDHE-ECDSA-AES256
|
||||
-v 1
|
||||
@ -477,7 +477,7 @@
|
||||
# client TLSv1 ECDHE-ECDSA-AES256
|
||||
-v 1
|
||||
-l QSH:ECDHE-ECDSA-AES256-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.1 ECDHE-EDCSA-RC4
|
||||
-v 2
|
||||
@ -488,7 +488,7 @@
|
||||
# client TLSv1.1 ECDHE-ECDSA-RC4
|
||||
-v 2
|
||||
-l QSH:ECDHE-ECDSA-RC4-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.1 ECDHE-ECDSA-DES3
|
||||
-v 2
|
||||
@ -499,7 +499,7 @@
|
||||
# client TLSv1.1 ECDHE-ECDSA-DES3
|
||||
-v 2
|
||||
-l QSH:ECDHE-ECDSA-DES-CBC3-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.1 ECDHE-ECDSA-AES128
|
||||
-v 2
|
||||
@ -510,7 +510,7 @@
|
||||
# client TLSv1.1 ECDHE-ECDSA-AES128
|
||||
-v 2
|
||||
-l QSH:ECDHE-ECDSA-AES128-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.1 ECDHE-ECDSA-AES256
|
||||
-v 2
|
||||
@ -521,7 +521,7 @@
|
||||
# client TLSv1.1 ECDHE-ECDSA-AES256
|
||||
-v 2
|
||||
-l QSH:ECDHE-ECDSA-AES256-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.2 ECDHE-ECDSA-RC4
|
||||
-v 3
|
||||
@ -532,7 +532,7 @@
|
||||
# client TLSv1.2 ECDHE-ECDSA-RC4
|
||||
-v 3
|
||||
-l QSH:ECDHE-ECDSA-RC4-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.2 ECDHE-ECDSA-DES3
|
||||
-v 3
|
||||
@ -543,7 +543,7 @@
|
||||
# client TLSv1.2 ECDHE-ECDSA-DES3
|
||||
-v 3
|
||||
-l QSH:ECDHE-ECDSA-DES-CBC3-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.2 ECDHE-ECDSA-AES128
|
||||
-v 3
|
||||
@ -554,7 +554,7 @@
|
||||
# client TLSv1.2 ECDHE-ECDSA-AES128
|
||||
-v 3
|
||||
-l QSH:ECDHE-ECDSA-AES128-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.2 ECDHE-ECDSA-AES128-SHA256
|
||||
-v 3
|
||||
@ -565,7 +565,7 @@
|
||||
# client TLSv1.2 ECDHE-ECDSA-AES128-SHA256
|
||||
-v 3
|
||||
-l QSH:ECDHE-ECDSA-AES128-SHA256
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.2 ECDHE-ECDSA-AES256
|
||||
-v 3
|
||||
@ -576,7 +576,7 @@
|
||||
# client TLSv1.2 ECDHE-ECDSA-AES256
|
||||
-v 3
|
||||
-l QSH:ECDHE-ECDSA-AES256-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1 ECDH-RSA-RC4
|
||||
-v 1
|
||||
@ -717,7 +717,7 @@
|
||||
# client TLSv1 ECDH-ECDSA-RC4
|
||||
-v 1
|
||||
-l QSH:ECDH-ECDSA-RC4-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1 ECDH-ECDSA-DES3
|
||||
-v 1
|
||||
@ -728,7 +728,7 @@
|
||||
# client TLSv1 ECDH-ECDSA-DES3
|
||||
-v 1
|
||||
-l QSH:ECDH-ECDSA-DES-CBC3-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1 ECDH-ECDSA-AES128
|
||||
-v 1
|
||||
@ -739,7 +739,7 @@
|
||||
# client TLSv1 ECDH-ECDSA-AES128
|
||||
-v 1
|
||||
-l QSH:ECDH-ECDSA-AES128-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1 ECDH-ECDSA-AES256
|
||||
-v 1
|
||||
@ -750,7 +750,7 @@
|
||||
# client TLSv1 ECDH-ECDSA-AES256
|
||||
-v 1
|
||||
-l QSH:ECDH-ECDSA-AES256-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.1 ECDH-EDCSA-RC4
|
||||
-v 2
|
||||
@ -761,7 +761,7 @@
|
||||
# client TLSv1.1 ECDH-ECDSA-RC4
|
||||
-v 2
|
||||
-l QSH:ECDH-ECDSA-RC4-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.1 ECDH-ECDSA-DES3
|
||||
-v 2
|
||||
@ -772,7 +772,7 @@
|
||||
# client TLSv1.1 ECDH-ECDSA-DES3
|
||||
-v 2
|
||||
-l QSH:ECDH-ECDSA-DES-CBC3-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.1 ECDH-ECDSA-AES128
|
||||
-v 2
|
||||
@ -783,7 +783,7 @@
|
||||
# client TLSv1.1 ECDH-ECDSA-AES128
|
||||
-v 2
|
||||
-l QSH:ECDH-ECDSA-AES128-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.1 ECDH-ECDSA-AES256
|
||||
-v 2
|
||||
@ -794,7 +794,7 @@
|
||||
# client TLSv1.1 ECDH-ECDSA-AES256
|
||||
-v 2
|
||||
-l QSH:ECDH-ECDSA-AES256-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.2 ECDHE-ECDSA-RC4
|
||||
-v 3
|
||||
@ -805,7 +805,7 @@
|
||||
# client TLSv1.2 ECDH-ECDSA-RC4
|
||||
-v 3
|
||||
-l QSH:ECDH-ECDSA-RC4-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.2 ECDH-ECDSA-DES3
|
||||
-v 3
|
||||
@ -816,7 +816,7 @@
|
||||
# client TLSv1.2 ECDH-ECDSA-DES3
|
||||
-v 3
|
||||
-l QSH:ECDH-ECDSA-DES-CBC3-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.2 ECDH-ECDSA-AES128
|
||||
-v 3
|
||||
@ -827,7 +827,7 @@
|
||||
# client TLSv1.2 ECDH-ECDSA-AES128
|
||||
-v 3
|
||||
-l QSH:ECDH-ECDSA-AES128-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.2 ECDH-ECDSA-AES128-SHA256
|
||||
-v 3
|
||||
@ -838,7 +838,7 @@
|
||||
# client TLSv1.2 ECDH-ECDSA-AES128-SHA256
|
||||
-v 3
|
||||
-l QSH:ECDH-ECDSA-AES128-SHA256
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.2 ECDH-ECDSA-AES256
|
||||
-v 3
|
||||
@ -849,7 +849,7 @@
|
||||
# client TLSv1.2 ECDH-ECDSA-AES256
|
||||
-v 3
|
||||
-l QSH:ECDH-ECDSA-AES256-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.2 ECDHE-RSA-AES256-SHA384
|
||||
-v 3
|
||||
@ -868,7 +868,7 @@
|
||||
# client TLSv1.2 ECDHE-ECDSA-AES256-SHA384
|
||||
-v 3
|
||||
-l QSH:ECDHE-ECDSA-AES256-SHA384
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.2 ECDH-RSA-AES256-SHA384
|
||||
-v 3
|
||||
@ -889,7 +889,7 @@
|
||||
# client TLSv1.2 ECDH-ECDSA-AES256-SHA384
|
||||
-v 3
|
||||
-l QSH:ECDH-ECDSA-AES256-SHA384
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1 HC128-SHA
|
||||
-v 1
|
||||
@ -1646,7 +1646,7 @@
|
||||
# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
|
||||
-v 3
|
||||
-l QSH:ECDHE-ECDSA-AES128-GCM-SHA256
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
|
||||
-v 3
|
||||
@ -1657,7 +1657,7 @@
|
||||
# client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
|
||||
-v 3
|
||||
-l QSH:ECDHE-ECDSA-AES256-GCM-SHA384
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256
|
||||
-v 3
|
||||
@ -1668,7 +1668,7 @@
|
||||
# client TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256
|
||||
-v 3
|
||||
-l QSH:ECDH-ECDSA-AES128-GCM-SHA256
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384
|
||||
-v 3
|
||||
@ -1679,7 +1679,7 @@
|
||||
# client TLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384
|
||||
-v 3
|
||||
-l QSH:ECDH-ECDSA-AES256-GCM-SHA384
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
|
||||
-v 3
|
||||
@ -1778,7 +1778,7 @@
|
||||
# client TLSv1.2 ECDHE-ECDSA-AES128-CCM
|
||||
-v 3
|
||||
-l QSH:ECDHE-ECDSA-AES128-CCM
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.2 ECDHE-ECDSA-AES128-CCM-8
|
||||
-v 3
|
||||
@ -1789,7 +1789,7 @@
|
||||
# client TLSv1.2 ECDHE-ECDSA-AES128-CCM-8
|
||||
-v 3
|
||||
-l QSH:ECDHE-ECDSA-AES128-CCM-8
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.2 ECDHE-ECDSA-AES256-CCM-8
|
||||
-v 3
|
||||
@ -1800,7 +1800,7 @@
|
||||
# client TLSv1.2 ECDHE-ECDSA-AES256-CCM-8
|
||||
-v 3
|
||||
-l QSH:ECDHE-ECDSA-AES256-CCM-8
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.2 PSK-AES128-CCM
|
||||
-s
|
||||
|
||||
@ -29,7 +29,7 @@
|
||||
-G
|
||||
-v 2
|
||||
-l ECDHE-ECDSA-CHACHA20-POLY1305
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server DTLSv1.2 DHE-RSA-CHACHA20-POLY1305
|
||||
-G
|
||||
@ -62,7 +62,7 @@
|
||||
-G
|
||||
-v 3
|
||||
-l ECDHE-ECDSA-CHACHA20-POLY1305
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.2 DHE-PSK-CHACHA20-POLY1305
|
||||
-G
|
||||
@ -131,7 +131,7 @@
|
||||
-G
|
||||
-v 3
|
||||
-l ECDHE-ECDSA-CHACHA20-POLY1305-OLD
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server DTLSv1 RC4-SHA
|
||||
-G
|
||||
@ -364,7 +364,7 @@
|
||||
-G
|
||||
-v 1
|
||||
-l ECDHE-ECDSA-NULL-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.1 ECDHE-ECDSA-NULL-SHA
|
||||
-G
|
||||
@ -377,7 +377,7 @@
|
||||
-G
|
||||
-v 2
|
||||
-l ECDHE-ECDSA-NULL-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.2 ECDHE-ECDSA-NULL-SHA
|
||||
-G
|
||||
@ -390,7 +390,7 @@
|
||||
-G
|
||||
-v 3
|
||||
-l ECDHE-ECDSA-NULL-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server DTLSv1.1 ECDHE-EDCSA-RC4
|
||||
-G
|
||||
@ -403,7 +403,7 @@
|
||||
-G
|
||||
-v 2
|
||||
-l ECDHE-ECDSA-RC4-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server DTLSv1.1 ECDHE-ECDSA-DES3
|
||||
-G
|
||||
@ -416,7 +416,7 @@
|
||||
-G
|
||||
-v 2
|
||||
-l ECDHE-ECDSA-DES-CBC3-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server DTLSv1.1 ECDHE-ECDSA-AES128
|
||||
-G
|
||||
@ -429,7 +429,7 @@
|
||||
-G
|
||||
-v 2
|
||||
-l ECDHE-ECDSA-AES128-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server DTLSv1.1 ECDHE-ECDSA-AES256
|
||||
-G
|
||||
@ -442,7 +442,7 @@
|
||||
-G
|
||||
-v 2
|
||||
-l ECDHE-ECDSA-AES256-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server DTLSv1.2 ECDHE-ECDSA-RC4
|
||||
-G
|
||||
@ -455,7 +455,7 @@
|
||||
-G
|
||||
-v 3
|
||||
-l ECDHE-ECDSA-RC4-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server DTLSv1.2 ECDHE-ECDSA-DES3
|
||||
-G
|
||||
@ -468,7 +468,7 @@
|
||||
-G
|
||||
-v 3
|
||||
-l ECDHE-ECDSA-DES-CBC3-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server DTLSv1.2 ECDHE-ECDSA-AES128
|
||||
-G
|
||||
@ -481,7 +481,7 @@
|
||||
-G
|
||||
-v 3
|
||||
-l ECDHE-ECDSA-AES128-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server DTLSv1.2 ECDHE-ECDSA-AES128-SHA256
|
||||
-G
|
||||
@ -494,7 +494,7 @@
|
||||
-G
|
||||
-v 3
|
||||
-l ECDHE-ECDSA-AES128-SHA256
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server DTLSv1.2 ECDHE-ECDSA-AES256
|
||||
-G
|
||||
@ -507,7 +507,7 @@
|
||||
-G
|
||||
-v 3
|
||||
-l ECDHE-ECDSA-AES256-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server DTLSv1.1 ECDH-RSA-RC4
|
||||
-G
|
||||
@ -628,7 +628,7 @@
|
||||
-G
|
||||
-v 2
|
||||
-l ECDH-ECDSA-RC4-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server DTLSv1.1 ECDH-ECDSA-DES3
|
||||
-G
|
||||
@ -641,7 +641,7 @@
|
||||
-G
|
||||
-v 2
|
||||
-l ECDH-ECDSA-DES-CBC3-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server DTLSv1.1 ECDH-ECDSA-AES128
|
||||
-G
|
||||
@ -654,7 +654,7 @@
|
||||
-G
|
||||
-v 2
|
||||
-l ECDH-ECDSA-AES128-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server DTLSv1.1 ECDH-ECDSA-AES256
|
||||
-G
|
||||
@ -667,7 +667,7 @@
|
||||
-G
|
||||
-v 2
|
||||
-l ECDH-ECDSA-AES256-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server DTLSv1.2 ECDHE-ECDSA-RC4
|
||||
-G
|
||||
@ -680,7 +680,7 @@
|
||||
-G
|
||||
-v 3
|
||||
-l ECDH-ECDSA-RC4-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server DTLSv1.2 ECDH-ECDSA-DES3
|
||||
-G
|
||||
@ -693,7 +693,7 @@
|
||||
-G
|
||||
-v 3
|
||||
-l ECDH-ECDSA-DES-CBC3-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server DTLSv1.2 ECDH-ECDSA-AES128
|
||||
-G
|
||||
@ -706,7 +706,7 @@
|
||||
-G
|
||||
-v 3
|
||||
-l ECDH-ECDSA-AES128-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server DTLSv1.2 ECDH-ECDSA-AES128-SHA256
|
||||
-G
|
||||
@ -719,7 +719,7 @@
|
||||
-G
|
||||
-v 3
|
||||
-l ECDH-ECDSA-AES128-SHA256
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server DTLSv1.2 ECDH-ECDSA-AES256
|
||||
-G
|
||||
@ -732,7 +732,7 @@
|
||||
-G
|
||||
-v 3
|
||||
-l ECDH-ECDSA-AES256-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server DTLSv1.2 ECDHE-RSA-AES256-SHA384
|
||||
-G
|
||||
@ -755,7 +755,7 @@
|
||||
-G
|
||||
-v 3
|
||||
-l ECDHE-ECDSA-AES256-SHA384
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server DTLSv1.2 ECDH-RSA-AES256-SHA384
|
||||
-G
|
||||
@ -780,7 +780,7 @@
|
||||
-G
|
||||
-v 3
|
||||
-l ECDH-ECDSA-AES256-SHA384
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1 ECDHE-PSK-AES128-SHA256
|
||||
-s
|
||||
@ -937,7 +937,7 @@
|
||||
-G
|
||||
-v 3
|
||||
-l ECDHE-ECDSA-AES128-GCM-SHA256
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
|
||||
-G
|
||||
@ -950,7 +950,7 @@
|
||||
-G
|
||||
-v 3
|
||||
-l ECDHE-ECDSA-AES256-GCM-SHA384
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server DTLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256
|
||||
-G
|
||||
@ -963,7 +963,7 @@
|
||||
-G
|
||||
-v 3
|
||||
-l ECDH-ECDSA-AES128-GCM-SHA256
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server DTLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384
|
||||
-G
|
||||
@ -976,7 +976,7 @@
|
||||
-G
|
||||
-v 3
|
||||
-l ECDH-ECDSA-AES256-GCM-SHA384
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server DTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
|
||||
-G
|
||||
@ -1057,7 +1057,7 @@
|
||||
-G
|
||||
-v 3
|
||||
-l ECDHE-ECDSA-AES128-CCM
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server DTLSv1.2 ECDHE-ECDSA-AES128-CCM-8
|
||||
-G
|
||||
@ -1070,7 +1070,7 @@
|
||||
-G
|
||||
-v 3
|
||||
-l ECDHE-ECDSA-AES128-CCM-8
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server DTLSv1.2 ECDHE-ECDSA-AES256-CCM-8
|
||||
-G
|
||||
@ -1083,7 +1083,7 @@
|
||||
-G
|
||||
-v 3
|
||||
-l ECDHE-ECDSA-AES256-CCM-8
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server DTLSv1.2 ADH-AES128-SHA
|
||||
-G
|
||||
|
||||
@ -18,7 +18,7 @@
|
||||
# client TLSv1 ECDHE-ECDSA-AES128
|
||||
-v 1
|
||||
-l ECDHE-ECDSA-AES128-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1 ECDHE-ECDSA-AES128
|
||||
-v 1
|
||||
@ -62,7 +62,7 @@
|
||||
# client TLSv1.1 ECDHE-ECDSA-AES128
|
||||
-v 2
|
||||
-l ECDHE-ECDSA-AES128-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.1 ECDHE-ECDSA-AES128
|
||||
-v 2
|
||||
@ -106,7 +106,7 @@
|
||||
# client TLSv1.2 ECDHE-ECDSA-AES128
|
||||
-v 3
|
||||
-l ECDHE-ECDSA-AES128-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.2 ECDHE-ECDSA-AES128-SHA256
|
||||
-v 3
|
||||
|
||||
@ -47,7 +47,7 @@
|
||||
# client TLSv1.3 TLS13-CHACH20-POLY1305-SHA256
|
||||
-v 4
|
||||
-l TLS13-CHACH20-POLY1305-SHA256
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.3 TLS13-AES128-GCM-SHA256
|
||||
-v 4
|
||||
@ -58,7 +58,7 @@
|
||||
# client TLSv1.3 TLS13-AES128-GCM-SHA256
|
||||
-v 4
|
||||
-l TLS13-AES128-GCM-SHA256
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.3 TLS13-AES256-GCM-SHA384
|
||||
-v 4
|
||||
@ -69,7 +69,7 @@
|
||||
# client TLSv1.3 TLS13-AES256-GCM-SHA384
|
||||
-v 4
|
||||
-l TLS13-AES256-GCM-SHA384
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.3 TLS13-AES128-CCM-SHA256
|
||||
-v 4
|
||||
@ -80,7 +80,7 @@
|
||||
# client TLSv1.3 TLS13-AES128-CCM-SHA256
|
||||
-v 4
|
||||
-l TLS13-AES128-CCM-SHA256
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.3 TLS13-AES128-CCM-8-SHA256
|
||||
-v 4
|
||||
@ -91,7 +91,7 @@
|
||||
# client TLSv1.3 TLS13-AES128-CCM-8-SHA256
|
||||
-v 4
|
||||
-l TLS13-AES128-CCM-8-SHA256
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.3 TLS13-AES128-GCM-SHA256
|
||||
-v 4
|
||||
@ -102,7 +102,7 @@
|
||||
# client TLSv1.3 TLS13-AES128-GCM-SHA256
|
||||
-v 4
|
||||
-l TLS13-AES128-GCM-SHA256
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
-t
|
||||
|
||||
# server TLSv1.3 accepting EarlyData
|
||||
|
||||
@ -23,7 +23,7 @@
|
||||
# client TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305
|
||||
-v 3
|
||||
-l ECDHE-ECDSA-CHACHA20-POLY1305
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.2 DHE-PSK-CHACHA20-POLY1305
|
||||
-v 3
|
||||
@ -80,7 +80,7 @@
|
||||
# client TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305-OLD
|
||||
-v 3
|
||||
-l ECDHE-ECDSA-CHACHA20-POLY1305-OLD
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server SSLv3 RC4-SHA
|
||||
-v 0
|
||||
@ -411,7 +411,7 @@
|
||||
# client TLSv1 ECDHE-ECDSA-NULL-SHA
|
||||
-v 1
|
||||
-l ECDHE-ECDSA-NULL-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.1 ECDHE-ECDSA-NULL-SHA
|
||||
-v 2
|
||||
@ -422,7 +422,7 @@
|
||||
# client TLSv1 ECDHE-ECDSA-NULL-SHA
|
||||
-v 2
|
||||
-l ECDHE-ECDSA-NULL-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.2 ECDHE-ECDSA-NULL-SHA
|
||||
-v 3
|
||||
@ -433,7 +433,7 @@
|
||||
# client TLSv1.2 ECDHE-ECDSA-NULL-SHA
|
||||
-v 3
|
||||
-l ECDHE-ECDSA-NULL-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1 ECDHE-ECDSA-RC4
|
||||
-v 1
|
||||
@ -444,7 +444,7 @@
|
||||
# client TLSv1 ECDHE-ECDSA-RC4
|
||||
-v 1
|
||||
-l ECDHE-ECDSA-RC4-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1 ECDHE-ECDSA-DES3
|
||||
-v 1
|
||||
@ -455,7 +455,7 @@
|
||||
# client TLSv1 ECDHE-ECDSA-DES3
|
||||
-v 1
|
||||
-l ECDHE-ECDSA-DES-CBC3-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1 ECDHE-ECDSA-AES128
|
||||
-v 1
|
||||
@ -466,7 +466,7 @@
|
||||
# client TLSv1 ECDHE-ECDSA-AES128
|
||||
-v 1
|
||||
-l ECDHE-ECDSA-AES128-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1 ECDHE-ECDSA-AES256
|
||||
-v 1
|
||||
@ -477,7 +477,7 @@
|
||||
# client TLSv1 ECDHE-ECDSA-AES256
|
||||
-v 1
|
||||
-l ECDHE-ECDSA-AES256-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.1 ECDHE-EDCSA-RC4
|
||||
-v 2
|
||||
@ -488,7 +488,7 @@
|
||||
# client TLSv1.1 ECDHE-ECDSA-RC4
|
||||
-v 2
|
||||
-l ECDHE-ECDSA-RC4-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.1 ECDHE-ECDSA-DES3
|
||||
-v 2
|
||||
@ -499,7 +499,7 @@
|
||||
# client TLSv1.1 ECDHE-ECDSA-DES3
|
||||
-v 2
|
||||
-l ECDHE-ECDSA-DES-CBC3-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.1 ECDHE-ECDSA-AES128
|
||||
-v 2
|
||||
@ -510,7 +510,7 @@
|
||||
# client TLSv1.1 ECDHE-ECDSA-AES128
|
||||
-v 2
|
||||
-l ECDHE-ECDSA-AES128-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.1 ECDHE-ECDSA-AES256
|
||||
-v 2
|
||||
@ -521,7 +521,7 @@
|
||||
# client TLSv1.1 ECDHE-ECDSA-AES256
|
||||
-v 2
|
||||
-l ECDHE-ECDSA-AES256-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.2 ECDHE-ECDSA-RC4
|
||||
-v 3
|
||||
@ -532,7 +532,7 @@
|
||||
# client TLSv1.2 ECDHE-ECDSA-RC4
|
||||
-v 3
|
||||
-l ECDHE-ECDSA-RC4-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.2 ECDHE-ECDSA-DES3
|
||||
-v 3
|
||||
@ -543,7 +543,7 @@
|
||||
# client TLSv1.2 ECDHE-ECDSA-DES3
|
||||
-v 3
|
||||
-l ECDHE-ECDSA-DES-CBC3-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.2 ECDHE-ECDSA-AES128
|
||||
-v 3
|
||||
@ -554,7 +554,7 @@
|
||||
# client TLSv1.2 ECDHE-ECDSA-AES128
|
||||
-v 3
|
||||
-l ECDHE-ECDSA-AES128-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.2 ECDHE-ECDSA-AES128-SHA256
|
||||
-v 3
|
||||
@ -565,7 +565,7 @@
|
||||
# client TLSv1.2 ECDHE-ECDSA-AES128-SHA256
|
||||
-v 3
|
||||
-l ECDHE-ECDSA-AES128-SHA256
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.2 ECDHE-ECDSA-AES256
|
||||
-v 3
|
||||
@ -576,7 +576,7 @@
|
||||
# client TLSv1.2 ECDHE-ECDSA-AES256
|
||||
-v 3
|
||||
-l ECDHE-ECDSA-AES256-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1 ECDH-RSA-RC4
|
||||
-v 1
|
||||
@ -717,7 +717,7 @@
|
||||
# client TLSv1 ECDH-ECDSA-RC4
|
||||
-v 1
|
||||
-l ECDH-ECDSA-RC4-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1 ECDH-ECDSA-DES3
|
||||
-v 1
|
||||
@ -728,7 +728,7 @@
|
||||
# client TLSv1 ECDH-ECDSA-DES3
|
||||
-v 1
|
||||
-l ECDH-ECDSA-DES-CBC3-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1 ECDH-ECDSA-AES128
|
||||
-v 1
|
||||
@ -739,7 +739,7 @@
|
||||
# client TLSv1 ECDH-ECDSA-AES128
|
||||
-v 1
|
||||
-l ECDH-ECDSA-AES128-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1 ECDH-ECDSA-AES256
|
||||
-v 1
|
||||
@ -750,7 +750,7 @@
|
||||
# client TLSv1 ECDH-ECDSA-AES256
|
||||
-v 1
|
||||
-l ECDH-ECDSA-AES256-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.1 ECDH-EDCSA-RC4
|
||||
-v 2
|
||||
@ -761,7 +761,7 @@
|
||||
# client TLSv1.1 ECDH-ECDSA-RC4
|
||||
-v 2
|
||||
-l ECDH-ECDSA-RC4-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.1 ECDH-ECDSA-DES3
|
||||
-v 2
|
||||
@ -772,7 +772,7 @@
|
||||
# client TLSv1.1 ECDH-ECDSA-DES3
|
||||
-v 2
|
||||
-l ECDH-ECDSA-DES-CBC3-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.1 ECDH-ECDSA-AES128
|
||||
-v 2
|
||||
@ -783,7 +783,7 @@
|
||||
# client TLSv1.1 ECDH-ECDSA-AES128
|
||||
-v 2
|
||||
-l ECDH-ECDSA-AES128-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.1 ECDH-ECDSA-AES256
|
||||
-v 2
|
||||
@ -794,7 +794,7 @@
|
||||
# client TLSv1.1 ECDH-ECDSA-AES256
|
||||
-v 2
|
||||
-l ECDH-ECDSA-AES256-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.2 ECDHE-ECDSA-RC4
|
||||
-v 3
|
||||
@ -805,7 +805,7 @@
|
||||
# client TLSv1.2 ECDH-ECDSA-RC4
|
||||
-v 3
|
||||
-l ECDH-ECDSA-RC4-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.2 ECDH-ECDSA-DES3
|
||||
-v 3
|
||||
@ -816,7 +816,7 @@
|
||||
# client TLSv1.2 ECDH-ECDSA-DES3
|
||||
-v 3
|
||||
-l ECDH-ECDSA-DES-CBC3-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.2 ECDH-ECDSA-AES128
|
||||
-v 3
|
||||
@ -827,7 +827,7 @@
|
||||
# client TLSv1.2 ECDH-ECDSA-AES128
|
||||
-v 3
|
||||
-l ECDH-ECDSA-AES128-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.2 ECDH-ECDSA-AES128-SHA256
|
||||
-v 3
|
||||
@ -838,7 +838,7 @@
|
||||
# client TLSv1.2 ECDH-ECDSA-AES128-SHA256
|
||||
-v 3
|
||||
-l ECDH-ECDSA-AES128-SHA256
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.2 ECDH-ECDSA-AES256
|
||||
-v 3
|
||||
@ -849,7 +849,7 @@
|
||||
# client TLSv1.2 ECDH-ECDSA-AES256
|
||||
-v 3
|
||||
-l ECDH-ECDSA-AES256-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.2 ECDHE-RSA-AES256-SHA384
|
||||
-v 3
|
||||
@ -868,7 +868,7 @@
|
||||
# client TLSv1.2 ECDHE-ECDSA-AES256-SHA384
|
||||
-v 3
|
||||
-l ECDHE-ECDSA-AES256-SHA384
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.2 ECDH-RSA-AES256-SHA384
|
||||
-v 3
|
||||
@ -889,7 +889,7 @@
|
||||
# client TLSv1.2 ECDH-ECDSA-AES256-SHA384
|
||||
-v 3
|
||||
-l ECDH-ECDSA-AES256-SHA384
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1 HC128-SHA
|
||||
-v 1
|
||||
@ -1662,7 +1662,7 @@
|
||||
# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
|
||||
-v 3
|
||||
-l ECDHE-ECDSA-AES128-GCM-SHA256
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
|
||||
-v 3
|
||||
@ -1673,7 +1673,7 @@
|
||||
# client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
|
||||
-v 3
|
||||
-l ECDHE-ECDSA-AES256-GCM-SHA384
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256
|
||||
-v 3
|
||||
@ -1684,7 +1684,7 @@
|
||||
# client TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256
|
||||
-v 3
|
||||
-l ECDH-ECDSA-AES128-GCM-SHA256
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384
|
||||
-v 3
|
||||
@ -1695,7 +1695,7 @@
|
||||
# client TLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384
|
||||
-v 3
|
||||
-l ECDH-ECDSA-AES256-GCM-SHA384
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
|
||||
-v 3
|
||||
@ -1794,7 +1794,7 @@
|
||||
# client TLSv1.2 ECDHE-ECDSA-AES128-CCM
|
||||
-v 3
|
||||
-l ECDHE-ECDSA-AES128-CCM
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.2 ECDHE-ECDSA-AES128-CCM-8
|
||||
-v 3
|
||||
@ -1805,7 +1805,7 @@
|
||||
# client TLSv1.2 ECDHE-ECDSA-AES128-CCM-8
|
||||
-v 3
|
||||
-l ECDHE-ECDSA-AES128-CCM-8
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.2 ECDHE-ECDSA-AES256-CCM-8
|
||||
-v 3
|
||||
@ -1816,7 +1816,7 @@
|
||||
# client TLSv1.2 ECDHE-ECDSA-AES256-CCM-8
|
||||
-v 3
|
||||
-l ECDHE-ECDSA-AES256-CCM-8
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
|
||||
# server TLSv1.2 PSK-AES128-CCM
|
||||
-s
|
||||
@ -2187,7 +2187,7 @@
|
||||
# client TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305
|
||||
-v 3
|
||||
-l ECDHE-ECDSA-CHACHA20-POLY1305
|
||||
-A ./certs/server-ecc.pem
|
||||
-A ./certs/ca-ecc-cert.pem
|
||||
-t
|
||||
|
||||
# server TLSv1.2 private-only key
|
||||
|
||||
@ -162,7 +162,8 @@ ASN Options:
|
||||
#define XTIME(t1) mqx_time((t1))
|
||||
#define HAVE_GMTIME_R
|
||||
|
||||
#elif defined(FREESCALE_KSDK_BM) || defined(FREESCALE_FREE_RTOS) || defined(FREESCALE_KSDK_FREERTOS)
|
||||
#elif defined(FREESCALE_KSDK_BM) || defined(FREESCALE_FREE_RTOS) || \
|
||||
defined(FREESCALE_KSDK_FREERTOS)
|
||||
#include <time.h>
|
||||
#ifndef XTIME
|
||||
/*extern time_t ksdk_time(time_t* timer);*/
|
||||
@ -763,7 +764,10 @@ static int GetInteger7Bit(const byte* input, word32* inOutIdx, word32 maxIdx)
|
||||
return b;
|
||||
}
|
||||
|
||||
#if !defined(NO_DSA) || defined(HAVE_ECC) || (!defined(NO_RSA) && (defined(WOLFSSL_CERT_GEN) || (defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA))))
|
||||
#if !defined(NO_DSA) || defined(HAVE_ECC) || \
|
||||
(!defined(NO_RSA) && \
|
||||
(defined(WOLFSSL_CERT_GEN) || \
|
||||
(defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA))))
|
||||
/* Set the DER/BER encoding of the ASN.1 INTEGER header.
|
||||
*
|
||||
* len Length of data to encode.
|
||||
@ -786,7 +790,8 @@ static int SetASNInt(int len, byte firstByte, byte* output)
|
||||
}
|
||||
#endif
|
||||
|
||||
#if !defined(NO_DSA) || defined(HAVE_ECC) || defined(WOLFSSL_CERT_GEN) || (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && !defined(HAVE_USER_RSA))
|
||||
#if !defined(NO_DSA) || defined(HAVE_ECC) || defined(WOLFSSL_CERT_GEN) || \
|
||||
(defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && !defined(HAVE_USER_RSA))
|
||||
/* Set the DER/BER encoding of the ASN.1 INTEGER element with an mp_int.
|
||||
* The number is assumed to be positive.
|
||||
*
|
||||
@ -851,8 +856,7 @@ static int SetASNIntRSA(mp_int* n, byte* output)
|
||||
|
||||
return idx;
|
||||
}
|
||||
#endif /* !NO_RSA && (WOLFSSL_CERT_GEN || (WOLFSSL_KEY_GEN &&
|
||||
!HAVE_USER_RSA))) */
|
||||
#endif /* !NO_RSA && HAVE_USER_RSA && WOLFSSL_CERT_GEN */
|
||||
|
||||
/* Windows header clash for WinCE using GetVersion */
|
||||
WOLFSSL_LOCAL int GetMyVersion(const byte* input, word32* inOutIdx,
|
||||
@ -4295,7 +4299,7 @@ static int SetCurve(ecc_key* key, byte* output)
|
||||
return idx;
|
||||
}
|
||||
|
||||
#endif /* HAVE_ECC && WOLFSSL_CERT_GEN */
|
||||
#endif /* HAVE_ECC && (WOLFSSL_CERT_GEN || WOLFSSL_KEY_GEN) */
|
||||
|
||||
|
||||
static INLINE int IsSigAlgoECDSA(int algoOID)
|
||||
@ -6668,9 +6672,10 @@ int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz,
|
||||
return outLen + headerLen + footerLen;
|
||||
}
|
||||
|
||||
#endif /* WOLFSSL_KEY_GEN || WOLFSSL_CERT_GEN */
|
||||
#endif /* WOLFSSL_KEY_GEN || WOLFSSL_CERT_GEN || OPENSSL_EXTRA */
|
||||
|
||||
#if !defined(NO_RSA) && (defined(WOLFSSL_CERT_GEN) || (defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA)))
|
||||
#if !defined(NO_RSA) && (defined(WOLFSSL_CERT_GEN) || \
|
||||
(defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA)))
|
||||
/* USER RSA ifdef portions used instead of refactor in consideration for
|
||||
possible fips build */
|
||||
/* Write a public RSA key to output */
|
||||
@ -6932,7 +6937,7 @@ int wc_RsaKeyToPublicDer(RsaKey* key, byte* output, word32 inLen)
|
||||
#endif /* WOLFSSL_KEY_GEN && !NO_RSA && !HAVE_USER_RSA */
|
||||
|
||||
|
||||
#if defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA)
|
||||
#ifdef WOLFSSL_CERT_GEN
|
||||
|
||||
/* Initialize and Set Certificate defaults:
|
||||
version = 3 (0x2)
|
||||
@ -7082,8 +7087,8 @@ static word32 SetUTF8String(word32 len, byte* output)
|
||||
|
||||
#endif /* WOLFSSL_CERT_REQ */
|
||||
|
||||
#endif /*WOLFSSL_CERT_GEN */
|
||||
|
||||
#endif /* defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA) */
|
||||
#if defined(HAVE_ECC) && (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))
|
||||
|
||||
/* Write a public ECC key to output */
|
||||
@ -7216,6 +7221,7 @@ int wc_EccPublicKeyToDer(ecc_key* key, byte* output, word32 inLen,
|
||||
return SetEccPublicKey(output, key, with_AlgCurve);
|
||||
}
|
||||
#endif /* HAVE_ECC && (WOLFSSL_CERT_GEN || WOLFSSL_KEY_GEN) */
|
||||
|
||||
#if defined(HAVE_ED25519) && (defined(WOLFSSL_CERT_GEN) || \
|
||||
defined(WOLFSSL_KEY_GEN))
|
||||
|
||||
@ -7320,7 +7326,9 @@ int wc_Ed25519PublicKeyToDer(ed25519_key* key, byte* output, word32 inLen,
|
||||
return SetEd25519PublicKey(output, key, withAlg);
|
||||
}
|
||||
#endif /* HAVE_ED25519 && (WOLFSSL_CERT_GEN || WOLFSSL_KEY_GEN) */
|
||||
#if defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA)
|
||||
|
||||
|
||||
#ifdef WOLFSSL_CERT_GEN
|
||||
|
||||
static INLINE byte itob(int number)
|
||||
{
|
||||
@ -8163,14 +8171,13 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
|
||||
{
|
||||
int ret;
|
||||
|
||||
(void)eccKey;
|
||||
(void)ntruKey;
|
||||
(void)ntruSz;
|
||||
(void)ed25519Key;
|
||||
|
||||
if (cert == NULL || der == NULL || rng == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
/* make sure at least one key type is provided */
|
||||
if (rsaKey == NULL && eccKey == NULL && ed25519Key == NULL && ntruKey == NULL)
|
||||
return PUBLIC_KEY_E;
|
||||
|
||||
/* init */
|
||||
XMEMSET(der, 0, sizeof(DerCert));
|
||||
|
||||
@ -8198,32 +8205,28 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
|
||||
return ALGO_ID_E;
|
||||
|
||||
/* public key */
|
||||
#ifndef NO_RSA
|
||||
if (cert->keyType == RSA_KEY) {
|
||||
if (rsaKey == NULL)
|
||||
return PUBLIC_KEY_E;
|
||||
der->publicKeySz = SetRsaPublicKey(der->publicKey, rsaKey,
|
||||
sizeof(der->publicKey), 1);
|
||||
if (der->publicKeySz <= 0)
|
||||
return PUBLIC_KEY_E;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_ECC
|
||||
if (cert->keyType == ECC_KEY) {
|
||||
if (eccKey == NULL)
|
||||
return PUBLIC_KEY_E;
|
||||
der->publicKeySz = SetEccPublicKey(der->publicKey, eccKey, 1);
|
||||
if (der->publicKeySz <= 0)
|
||||
return PUBLIC_KEY_E;
|
||||
}
|
||||
#endif /* HAVE_ECC */
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_ED25519
|
||||
if (cert->keyType == ED25519_KEY) {
|
||||
if (ed25519Key == NULL)
|
||||
return PUBLIC_KEY_E;
|
||||
der->publicKeySz = SetEd25519PublicKey(der->publicKey, ed25519Key, 1);
|
||||
if (der->publicKeySz <= 0)
|
||||
return PUBLIC_KEY_E;
|
||||
}
|
||||
#endif
|
||||
|
||||
@ -8232,22 +8235,30 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
|
||||
word32 rc;
|
||||
word16 encodedSz;
|
||||
|
||||
rc = ntru_crypto_ntru_encrypt_publicKey2SubjectPublicKeyInfo( ntruSz,
|
||||
if (ntruKey == NULL)
|
||||
return PUBLIC_KEY_E;
|
||||
|
||||
rc = ntru_crypto_ntru_encrypt_publicKey2SubjectPublicKeyInfo(ntruSz,
|
||||
ntruKey, &encodedSz, NULL);
|
||||
if (rc != NTRU_OK)
|
||||
return PUBLIC_KEY_E;
|
||||
if (encodedSz > MAX_PUBLIC_KEY_SZ)
|
||||
return PUBLIC_KEY_E;
|
||||
|
||||
rc = ntru_crypto_ntru_encrypt_publicKey2SubjectPublicKeyInfo( ntruSz,
|
||||
rc = ntru_crypto_ntru_encrypt_publicKey2SubjectPublicKeyInfo(ntruSz,
|
||||
ntruKey, &encodedSz, der->publicKey);
|
||||
if (rc != NTRU_OK)
|
||||
return PUBLIC_KEY_E;
|
||||
|
||||
der->publicKeySz = encodedSz;
|
||||
}
|
||||
#else
|
||||
(void)ntruSz;
|
||||
#endif /* HAVE_NTRU */
|
||||
|
||||
if (der->publicKeySz <= 0)
|
||||
return PUBLIC_KEY_E;
|
||||
|
||||
der->validitySz = 0;
|
||||
#ifdef WOLFSSL_ALT_NAMES
|
||||
/* date validity copy ? */
|
||||
@ -8800,6 +8811,9 @@ static int EncodeCertReq(Cert* cert, DerCert* der, RsaKey* rsaKey,
|
||||
if (cert == NULL || der == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
if (rsaKey == NULL && eccKey == NULL && ed25519Key == NULL)
|
||||
return PUBLIC_KEY_E;
|
||||
|
||||
/* init */
|
||||
XMEMSET(der, 0, sizeof(DerCert));
|
||||
|
||||
@ -8812,34 +8826,31 @@ static int EncodeCertReq(Cert* cert, DerCert* der, RsaKey* rsaKey,
|
||||
return SUBJECT_E;
|
||||
|
||||
/* public key */
|
||||
#ifndef NO_RSA
|
||||
if (cert->keyType == RSA_KEY) {
|
||||
if (rsaKey == NULL)
|
||||
return PUBLIC_KEY_E;
|
||||
der->publicKeySz = SetRsaPublicKey(der->publicKey, rsaKey,
|
||||
sizeof(der->publicKey), 1);
|
||||
if (der->publicKeySz <= 0)
|
||||
return PUBLIC_KEY_E;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_ECC
|
||||
if (cert->keyType == ECC_KEY) {
|
||||
if (eccKey == NULL)
|
||||
return PUBLIC_KEY_E;
|
||||
der->publicKeySz = SetEccPublicKey(der->publicKey, eccKey, 1);
|
||||
if (der->publicKeySz <= 0)
|
||||
return PUBLIC_KEY_E;
|
||||
}
|
||||
#endif /* HAVE_ECC */
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_ED25519
|
||||
if (cert->keyType == ED25519_KEY) {
|
||||
if (ed25519Key == NULL)
|
||||
return PUBLIC_KEY_E;
|
||||
der->publicKeySz = SetEd25519PublicKey(der->publicKey, ed25519Key, 1);
|
||||
if (der->publicKeySz <= 0)
|
||||
return PUBLIC_KEY_E;
|
||||
}
|
||||
#endif /* HAVE_ED25519 */
|
||||
#endif
|
||||
|
||||
if (der->publicKeySz <= 0)
|
||||
return PUBLIC_KEY_E;
|
||||
|
||||
/* set the extensions */
|
||||
der->extensionsSz = 0;
|
||||
@ -9167,24 +9178,17 @@ int wc_MakeSelfCert(Cert* cert, byte* buffer, word32 buffSz,
|
||||
|
||||
#ifdef WOLFSSL_CERT_EXT
|
||||
|
||||
/* Set KID from RSA or ECC public key */
|
||||
/* Set KID from public key */
|
||||
static int SetKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, ecc_key *eckey,
|
||||
byte *ntruKey, word16 ntruKeySz,
|
||||
ed25519_key* ed25519Key, int kid_type)
|
||||
{
|
||||
byte *buffer;
|
||||
int bufferSz, ret;
|
||||
|
||||
#ifndef HAVE_NTRU
|
||||
(void)ntruKeySz;
|
||||
#endif
|
||||
byte *buffer;
|
||||
int bufferSz, ret;
|
||||
|
||||
if (cert == NULL ||
|
||||
(rsakey == NULL && eckey == NULL && ntruKey == NULL &&
|
||||
ed25519Key == NULL) ||
|
||||
(rsakey != NULL && eckey != NULL) ||
|
||||
(rsakey != NULL && ntruKey != NULL) ||
|
||||
(ntruKey != NULL && eckey != NULL) ||
|
||||
(kid_type != SKID_TYPE && kid_type != AKID_TYPE))
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
@ -9193,31 +9197,35 @@ static int SetKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, ecc_key *eckey,
|
||||
if (buffer == NULL)
|
||||
return MEMORY_E;
|
||||
|
||||
/* Public Key */
|
||||
bufferSz = -1;
|
||||
#ifndef NO_RSA
|
||||
/* RSA public key */
|
||||
if (rsakey != NULL)
|
||||
bufferSz = SetRsaPublicKey(buffer, rsakey, MAX_PUBLIC_KEY_SZ, 0);
|
||||
#endif
|
||||
#ifdef HAVE_ECC
|
||||
/* ECC public key */
|
||||
else if (eckey != NULL)
|
||||
if (eckey != NULL)
|
||||
bufferSz = SetEccPublicKey(buffer, eckey, 0);
|
||||
#endif /* HAVE_ECC */
|
||||
#endif
|
||||
#ifdef HAVE_NTRU
|
||||
/* NTRU public key */
|
||||
else if (ntruKey != NULL) {
|
||||
if (ntruKey != NULL) {
|
||||
bufferSz = MAX_PUBLIC_KEY_SZ;
|
||||
ret = ntru_crypto_ntru_encrypt_publicKey2SubjectPublicKeyInfo(
|
||||
ntruKeySz, ntruKey, (word16 *)(&bufferSz), buffer);
|
||||
if (ret != NTRU_OK)
|
||||
bufferSz = -1;
|
||||
}
|
||||
#else
|
||||
(void)ntruKeySz;
|
||||
#endif
|
||||
#ifdef HAVE_ED25519
|
||||
/* ED25519 public key */
|
||||
else if (ed25519Key != NULL)
|
||||
if (ed25519Key != NULL)
|
||||
bufferSz = SetEd25519PublicKey(buffer, ed25519Key, 0);
|
||||
#endif /* HAVE_ECC */
|
||||
else
|
||||
bufferSz = -1;
|
||||
#endif
|
||||
|
||||
if (bufferSz <= 0) {
|
||||
XFREE(buffer, cert->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
@ -9338,6 +9346,7 @@ int wc_SetSubjectKeyId(Cert *cert, const char* file)
|
||||
}
|
||||
|
||||
/* Load PubKey in internal structure */
|
||||
#ifndef NO_RSA
|
||||
rsakey = (RsaKey*) XMALLOC(sizeof(RsaKey), cert->heap, DYNAMIC_TYPE_RSA);
|
||||
if (rsakey == NULL) {
|
||||
XFREE(der, cert->heap, DYNAMIC_TYPE_CERT);
|
||||
@ -9353,11 +9362,15 @@ int wc_SetSubjectKeyId(Cert *cert, const char* file)
|
||||
|
||||
idx = 0;
|
||||
ret = wc_RsaPublicKeyDecode(der, &idx, rsakey, derSz);
|
||||
if (ret != 0) {
|
||||
if (ret != 0)
|
||||
#endif
|
||||
{
|
||||
#ifndef NO_RSA
|
||||
WOLFSSL_MSG("wc_RsaPublicKeyDecode failed");
|
||||
wc_FreeRsaKey(rsakey);
|
||||
XFREE(rsakey, cert->heap, DYNAMIC_TYPE_RSA);
|
||||
rsakey = NULL;
|
||||
#endif
|
||||
#ifdef HAVE_ECC
|
||||
/* Check to load ecc public key */
|
||||
eckey = (ecc_key*) XMALLOC(sizeof(ecc_key), cert->heap,
|
||||
@ -9393,8 +9406,10 @@ int wc_SetSubjectKeyId(Cert *cert, const char* file)
|
||||
|
||||
ret = wc_SetSubjectKeyIdFromPublicKey(cert, rsakey, eckey);
|
||||
|
||||
#ifndef NO_RSA
|
||||
wc_FreeRsaKey(rsakey);
|
||||
XFREE(rsakey, cert->heap, DYNAMIC_TYPE_RSA);
|
||||
#endif
|
||||
#ifdef HAVE_ECC
|
||||
wc_ecc_free(eckey);
|
||||
XFREE(eckey, cert->heap, DYNAMIC_TYPE_ECC);
|
||||
@ -9766,9 +9781,7 @@ static int SetDatesFromCert(Cert* cert, const byte* der, int derSz)
|
||||
return ret < 0 ? ret : 0;
|
||||
}
|
||||
|
||||
|
||||
#endif /* WOLFSSL_ALT_NAMES && !NO_RSA */
|
||||
|
||||
#endif /* WOLFSSL_ALT_NAMES */
|
||||
|
||||
/* Set cn name from der buffer, return 0 on success */
|
||||
static int SetNameFromCert(CertName* cn, const byte* der, int derSz)
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@ -2077,87 +2077,286 @@ static const int sizeof_serv_ecc_rsa_der_256 = sizeof(serv_ecc_rsa_der_256);
|
||||
/* ./certs/server-ecc.der, ECC */
|
||||
static const unsigned char serv_ecc_der_256[] =
|
||||
{
|
||||
0x30, 0x82, 0x03, 0x10, 0x30, 0x82, 0x02, 0xB5, 0xA0, 0x03,
|
||||
0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xEF, 0x46, 0xC7, 0xA4,
|
||||
0x9B, 0xBB, 0x60, 0xD3, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86,
|
||||
0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x81, 0x8F, 0x31,
|
||||
0x30, 0x82, 0x03, 0x4F, 0x30, 0x82, 0x02, 0xF5, 0xA0, 0x03,
|
||||
0x02, 0x01, 0x02, 0x02, 0x02, 0x10, 0x00, 0x30, 0x0A, 0x06,
|
||||
0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30,
|
||||
0x81, 0x97, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
|
||||
0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06,
|
||||
0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A, 0x57, 0x61, 0x73, 0x68,
|
||||
0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E, 0x31, 0x10, 0x30, 0x0E,
|
||||
0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x53, 0x65, 0x61,
|
||||
0x74, 0x74, 0x6C, 0x65, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03,
|
||||
0x55, 0x04, 0x0A, 0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, 0x53,
|
||||
0x53, 0x4C, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04,
|
||||
0x0B, 0x0C, 0x0B, 0x44, 0x65, 0x76, 0x65, 0x6C, 0x6F, 0x70,
|
||||
0x6D, 0x65, 0x6E, 0x74, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03,
|
||||
0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77,
|
||||
0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D,
|
||||
0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
|
||||
0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66,
|
||||
0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E,
|
||||
0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x37, 0x31,
|
||||
0x30, 0x31, 0x39, 0x31, 0x39, 0x30, 0x36, 0x34, 0x39, 0x5A,
|
||||
0x17, 0x0D, 0x32, 0x37, 0x31, 0x30, 0x31, 0x37, 0x31, 0x39,
|
||||
0x30, 0x36, 0x34, 0x39, 0x5A, 0x30, 0x81, 0x8F, 0x31, 0x0B,
|
||||
0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55,
|
||||
0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
|
||||
0x0C, 0x0A, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74,
|
||||
0x6F, 0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04,
|
||||
0x07, 0x0C, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6C, 0x65,
|
||||
0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C,
|
||||
0x07, 0x45, 0x6C, 0x69, 0x70, 0x74, 0x69, 0x63, 0x31, 0x0C,
|
||||
0x30, 0x0A, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x03, 0x45,
|
||||
0x43, 0x43, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04,
|
||||
0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C,
|
||||
0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F,
|
||||
0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
|
||||
0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40,
|
||||
0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F,
|
||||
0x6D, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
|
||||
0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE,
|
||||
0x3D, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xBB, 0x33,
|
||||
0xAC, 0x4C, 0x27, 0x50, 0x4A, 0xC6, 0x4A, 0xA5, 0x04, 0xC3,
|
||||
0x3C, 0xDE, 0x9F, 0x36, 0xDB, 0x72, 0x2D, 0xCE, 0x94, 0xEA,
|
||||
0x2B, 0xFA, 0xCB, 0x20, 0x09, 0x39, 0x2C, 0x16, 0xE8, 0x61,
|
||||
0x02, 0xE9, 0xAF, 0x4D, 0xD3, 0x02, 0x93, 0x9A, 0x31, 0x5B,
|
||||
0x97, 0x92, 0x21, 0x7F, 0xF0, 0xCF, 0x18, 0xDA, 0x91, 0x11,
|
||||
0x02, 0x34, 0x86, 0xE8, 0x20, 0x58, 0x33, 0x0B, 0x80, 0x34,
|
||||
0x89, 0xD8, 0xA3, 0x82, 0x01, 0x35, 0x30, 0x82, 0x01, 0x31,
|
||||
0x30, 0x09, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x02, 0x30,
|
||||
0x00, 0x30, 0x11, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86,
|
||||
0xF8, 0x42, 0x01, 0x01, 0x04, 0x04, 0x03, 0x02, 0x06, 0x40,
|
||||
0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04,
|
||||
0x14, 0x5D, 0x5D, 0x26, 0xEF, 0xAC, 0x7E, 0x36, 0xF9, 0x9B,
|
||||
0x76, 0x15, 0x2B, 0x4A, 0x25, 0x02, 0x23, 0xEF, 0xB2, 0x89,
|
||||
0x30, 0x30, 0x81, 0xCC, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04,
|
||||
0x81, 0xC4, 0x30, 0x81, 0xC1, 0x80, 0x14, 0xFD, 0x9D, 0x85,
|
||||
0xD5, 0xC1, 0x6F, 0x47, 0xEA, 0xC6, 0x75, 0x96, 0x59, 0x25,
|
||||
0x37, 0x46, 0x8C, 0x61, 0xDB, 0xE1, 0xC3, 0xA1, 0x81, 0x9D,
|
||||
0xA4, 0x81, 0x9A, 0x30, 0x81, 0x97, 0x31, 0x0B, 0x30, 0x09,
|
||||
0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
|
||||
0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A,
|
||||
0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E,
|
||||
0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C,
|
||||
0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6C, 0x65, 0x31, 0x10,
|
||||
0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x07, 0x77,
|
||||
0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x31, 0x14, 0x30, 0x12,
|
||||
0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0B, 0x44, 0x65, 0x76,
|
||||
0x65, 0x6C, 0x6F, 0x70, 0x6D, 0x65, 0x6E, 0x74, 0x31, 0x18,
|
||||
0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77,
|
||||
0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C,
|
||||
0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09,
|
||||
0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16,
|
||||
0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66,
|
||||
0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00,
|
||||
0x98, 0x6A, 0x0C, 0xF4, 0x02, 0x43, 0xA6, 0x28, 0x30, 0x0E,
|
||||
0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04,
|
||||
0x03, 0x02, 0x05, 0xA0, 0x30, 0x13, 0x06, 0x03, 0x55, 0x1D,
|
||||
0x25, 0x04, 0x0C, 0x30, 0x0A, 0x06, 0x08, 0x2B, 0x06, 0x01,
|
||||
0x05, 0x05, 0x07, 0x03, 0x01, 0x30, 0x0A, 0x06, 0x08, 0x2A,
|
||||
0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x03, 0x48, 0x00,
|
||||
0x30, 0x45, 0x02, 0x21, 0x00, 0xCE, 0x09, 0x22, 0xAB, 0x21,
|
||||
0xC1, 0x30, 0x80, 0x33, 0x4B, 0xB4, 0x75, 0x19, 0x0B, 0x37,
|
||||
0xE5, 0x18, 0xC6, 0x6A, 0x48, 0xB1, 0xA6, 0x2A, 0x0C, 0xD0,
|
||||
0x91, 0x96, 0xD3, 0x97, 0xDB, 0x75, 0xCF, 0x02, 0x20, 0x03,
|
||||
0x97, 0x6B, 0x90, 0xE1, 0x2E, 0x20, 0x10, 0xE7, 0xBF, 0xC3,
|
||||
0x25, 0x97, 0x4D, 0xA8, 0x07, 0x9E, 0x14, 0x86, 0x99, 0xBD,
|
||||
0x87, 0x98, 0xFD, 0x2E, 0xD2, 0x4D, 0x1F, 0xDA, 0x52, 0x92,
|
||||
0xB9
|
||||
};
|
||||
static const int sizeof_serv_ecc_der_256 = sizeof(serv_ecc_der_256);
|
||||
|
||||
/* ./certs/ca-ecc-key.der, ECC */
|
||||
static const unsigned char ca_ecc_key_der_256[] =
|
||||
{
|
||||
0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0xAC, 0xB8, 0xFA,
|
||||
0x16, 0x7D, 0x18, 0xD6, 0x43, 0x7B, 0x92, 0xB8, 0xD2, 0xA6,
|
||||
0x60, 0x6D, 0x44, 0x0E, 0xAA, 0xB9, 0x0F, 0x1C, 0x3A, 0x5B,
|
||||
0x57, 0xD0, 0x5F, 0x67, 0x11, 0xCB, 0xAB, 0x48, 0x87, 0xA0,
|
||||
0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01,
|
||||
0x07, 0xA1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xE6, 0x38, 0xDF,
|
||||
0x16, 0xE3, 0x4B, 0xEA, 0xAA, 0x9F, 0x91, 0xA3, 0xF3, 0x32,
|
||||
0x40, 0xF6, 0x6C, 0x7E, 0xA1, 0x55, 0x01, 0x38, 0x05, 0xFE,
|
||||
0x6B, 0x39, 0x37, 0x1C, 0xEA, 0xF9, 0xF9, 0x4D, 0x87, 0x4B,
|
||||
0x2D, 0x2F, 0x4B, 0x54, 0xE5, 0x9B, 0x4A, 0x1A, 0xBA, 0x0D,
|
||||
0x02, 0xA5, 0x1C, 0xEC, 0xC1, 0x51, 0x30, 0xC9, 0x3C, 0x94,
|
||||
0xAC, 0x2E, 0x5B, 0x2F, 0x40, 0xF6, 0x3C, 0xA7, 0x7A, 0xD0,
|
||||
0x68
|
||||
};
|
||||
static const int sizeof_ca_ecc_key_der_256 = sizeof(ca_ecc_key_der_256);
|
||||
|
||||
/* ./certs/ca-ecc-cert.der, ECC */
|
||||
static const unsigned char ca_ecc_cert_der_256[] =
|
||||
{
|
||||
0x30, 0x82, 0x02, 0x89, 0x30, 0x82, 0x02, 0x30, 0xA0, 0x03,
|
||||
0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0x98, 0x6A, 0x0C, 0xF4,
|
||||
0x02, 0x43, 0xA6, 0x28, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86,
|
||||
0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x81, 0x97, 0x31,
|
||||
0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
|
||||
0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04,
|
||||
0x08, 0x0C, 0x0A, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67,
|
||||
0x74, 0x6F, 0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55,
|
||||
0x04, 0x07, 0x0C, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6C,
|
||||
0x65, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A,
|
||||
0x0C, 0x07, 0x45, 0x6C, 0x69, 0x70, 0x74, 0x69, 0x63, 0x31,
|
||||
0x0C, 0x30, 0x0A, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x03,
|
||||
0x45, 0x43, 0x43, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55,
|
||||
0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F,
|
||||
0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31,
|
||||
0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7,
|
||||
0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F,
|
||||
0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63,
|
||||
0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x36, 0x30, 0x38,
|
||||
0x31, 0x31, 0x32, 0x30, 0x30, 0x37, 0x33, 0x38, 0x5A, 0x17,
|
||||
0x0D, 0x31, 0x39, 0x30, 0x35, 0x30, 0x38, 0x32, 0x30, 0x30,
|
||||
0x37, 0x33, 0x38, 0x5A, 0x30, 0x81, 0x8F, 0x31, 0x0B, 0x30,
|
||||
0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53,
|
||||
0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C,
|
||||
0x0A, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F,
|
||||
0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07,
|
||||
0x0C, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6C, 0x65, 0x31,
|
||||
0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x07,
|
||||
0x45, 0x6C, 0x69, 0x70, 0x74, 0x69, 0x63, 0x31, 0x0C, 0x30,
|
||||
0x0A, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x03, 0x45, 0x43,
|
||||
0x43, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03,
|
||||
0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x31,
|
||||
0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0B,
|
||||
0x44, 0x65, 0x76, 0x65, 0x6C, 0x6F, 0x70, 0x6D, 0x65, 0x6E,
|
||||
0x74, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03,
|
||||
0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66,
|
||||
0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30,
|
||||
0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
|
||||
0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77,
|
||||
0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D,
|
||||
0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE,
|
||||
0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D,
|
||||
0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xBB, 0x33, 0xAC,
|
||||
0x4C, 0x27, 0x50, 0x4A, 0xC6, 0x4A, 0xA5, 0x04, 0xC3, 0x3C,
|
||||
0xDE, 0x9F, 0x36, 0xDB, 0x72, 0x2D, 0xCE, 0x94, 0xEA, 0x2B,
|
||||
0xFA, 0xCB, 0x20, 0x09, 0x39, 0x2C, 0x16, 0xE8, 0x61, 0x02,
|
||||
0xE9, 0xAF, 0x4D, 0xD3, 0x02, 0x93, 0x9A, 0x31, 0x5B, 0x97,
|
||||
0x92, 0x21, 0x7F, 0xF0, 0xCF, 0x18, 0xDA, 0x91, 0x11, 0x02,
|
||||
0x34, 0x86, 0xE8, 0x20, 0x58, 0x33, 0x0B, 0x80, 0x34, 0x89,
|
||||
0xD8, 0xA3, 0x81, 0xF7, 0x30, 0x81, 0xF4, 0x30, 0x1D, 0x06,
|
||||
0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x5D, 0x5D,
|
||||
0x26, 0xEF, 0xAC, 0x7E, 0x36, 0xF9, 0x9B, 0x76, 0x15, 0x2B,
|
||||
0x4A, 0x25, 0x02, 0x23, 0xEF, 0xB2, 0x89, 0x30, 0x30, 0x81,
|
||||
0xC4, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, 0x81, 0xBC, 0x30,
|
||||
0x81, 0xB9, 0x80, 0x14, 0x5D, 0x5D, 0x26, 0xEF, 0xAC, 0x7E,
|
||||
0x36, 0xF9, 0x9B, 0x76, 0x15, 0x2B, 0x4A, 0x25, 0x02, 0x23,
|
||||
0xEF, 0xB2, 0x89, 0x30, 0xA1, 0x81, 0x95, 0xA4, 0x81, 0x92,
|
||||
0x30, 0x81, 0x8F, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55,
|
||||
0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11,
|
||||
0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A, 0x57, 0x61, 0x73,
|
||||
0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E, 0x31, 0x10, 0x30,
|
||||
0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x53, 0x65,
|
||||
0x61, 0x74, 0x74, 0x6C, 0x65, 0x31, 0x10, 0x30, 0x0E, 0x06,
|
||||
0x03, 0x55, 0x04, 0x0A, 0x0C, 0x07, 0x45, 0x6C, 0x69, 0x70,
|
||||
0x74, 0x69, 0x63, 0x31, 0x0C, 0x30, 0x0A, 0x06, 0x03, 0x55,
|
||||
0x04, 0x0B, 0x0C, 0x03, 0x45, 0x43, 0x43, 0x31, 0x18, 0x30,
|
||||
0x30, 0x1E, 0x17, 0x0D, 0x31, 0x37, 0x31, 0x30, 0x31, 0x39,
|
||||
0x31, 0x39, 0x30, 0x36, 0x34, 0x39, 0x5A, 0x17, 0x0D, 0x33,
|
||||
0x37, 0x31, 0x30, 0x31, 0x34, 0x31, 0x39, 0x30, 0x36, 0x34,
|
||||
0x39, 0x5A, 0x30, 0x81, 0x97, 0x31, 0x0B, 0x30, 0x09, 0x06,
|
||||
0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13,
|
||||
0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A, 0x57,
|
||||
0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E, 0x31,
|
||||
0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07,
|
||||
0x53, 0x65, 0x61, 0x74, 0x74, 0x6C, 0x65, 0x31, 0x10, 0x30,
|
||||
0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x07, 0x77, 0x6F,
|
||||
0x6C, 0x66, 0x53, 0x53, 0x4C, 0x31, 0x14, 0x30, 0x12, 0x06,
|
||||
0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0B, 0x44, 0x65, 0x76, 0x65,
|
||||
0x6C, 0x6F, 0x70, 0x6D, 0x65, 0x6E, 0x74, 0x31, 0x18, 0x30,
|
||||
0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77,
|
||||
0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E,
|
||||
0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A,
|
||||
0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10,
|
||||
0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73,
|
||||
0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, 0xEF,
|
||||
0x46, 0xC7, 0xA4, 0x9B, 0xBB, 0x60, 0xD3, 0x30, 0x0C, 0x06,
|
||||
0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01,
|
||||
0xFF, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D,
|
||||
0x04, 0x03, 0x02, 0x03, 0x49, 0x00, 0x30, 0x46, 0x02, 0x21,
|
||||
0x00, 0xF1, 0xD0, 0xA6, 0x3E, 0x83, 0x33, 0x24, 0xD1, 0x7A,
|
||||
0x05, 0x5F, 0x1E, 0x0E, 0xBD, 0x7D, 0x6B, 0x33, 0xE9, 0xF2,
|
||||
0x86, 0xF3, 0xF3, 0x3D, 0xA9, 0xEF, 0x6A, 0x87, 0x31, 0xB3,
|
||||
0xB7, 0x7E, 0x50, 0x02, 0x21, 0x00, 0xF0, 0x60, 0xDD, 0xCE,
|
||||
0xA2, 0xDB, 0x56, 0xEC, 0xD9, 0xF4, 0xE4, 0xE3, 0x25, 0xD4,
|
||||
0xB0, 0xC9, 0x25, 0x7D, 0xCA, 0x7A, 0x5D, 0xBA, 0xC4, 0xB2,
|
||||
0xF6, 0x7D, 0x04, 0xC7, 0xBD, 0x62, 0xC9, 0x20
|
||||
0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x59, 0x30, 0x13,
|
||||
0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06,
|
||||
0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03,
|
||||
0x42, 0x00, 0x04, 0xE6, 0x38, 0xDF, 0x16, 0xE3, 0x4B, 0xEA,
|
||||
0xAA, 0x9F, 0x91, 0xA3, 0xF3, 0x32, 0x40, 0xF6, 0x6C, 0x7E,
|
||||
0xA1, 0x55, 0x01, 0x38, 0x05, 0xFE, 0x6B, 0x39, 0x37, 0x1C,
|
||||
0xEA, 0xF9, 0xF9, 0x4D, 0x87, 0x4B, 0x2D, 0x2F, 0x4B, 0x54,
|
||||
0xE5, 0x9B, 0x4A, 0x1A, 0xBA, 0x0D, 0x02, 0xA5, 0x1C, 0xEC,
|
||||
0xC1, 0x51, 0x30, 0xC9, 0x3C, 0x94, 0xAC, 0x2E, 0x5B, 0x2F,
|
||||
0x40, 0xF6, 0x3C, 0xA7, 0x7A, 0xD0, 0x68, 0xA3, 0x63, 0x30,
|
||||
0x61, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16,
|
||||
0x04, 0x14, 0xFD, 0x9D, 0x85, 0xD5, 0xC1, 0x6F, 0x47, 0xEA,
|
||||
0xC6, 0x75, 0x96, 0x59, 0x25, 0x37, 0x46, 0x8C, 0x61, 0xDB,
|
||||
0xE1, 0xC3, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04,
|
||||
0x18, 0x30, 0x16, 0x80, 0x14, 0xFD, 0x9D, 0x85, 0xD5, 0xC1,
|
||||
0x6F, 0x47, 0xEA, 0xC6, 0x75, 0x96, 0x59, 0x25, 0x37, 0x46,
|
||||
0x8C, 0x61, 0xDB, 0xE1, 0xC3, 0x30, 0x0F, 0x06, 0x03, 0x55,
|
||||
0x1D, 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 0x01,
|
||||
0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01,
|
||||
0x01, 0xFF, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x0A,
|
||||
0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02,
|
||||
0x03, 0x47, 0x00, 0x30, 0x44, 0x02, 0x20, 0x03, 0xCF, 0x3F,
|
||||
0x6E, 0x26, 0xF7, 0x76, 0xBE, 0x98, 0x81, 0x20, 0x57, 0x6B,
|
||||
0x4A, 0x55, 0xF7, 0x16, 0x19, 0x21, 0xA0, 0x4C, 0xC8, 0xA1,
|
||||
0x19, 0x83, 0x4C, 0x66, 0x55, 0x2D, 0x43, 0x36, 0xE1, 0x02,
|
||||
0x20, 0x4D, 0x26, 0x29, 0x2B, 0xF2, 0x38, 0x94, 0x85, 0x7E,
|
||||
0xA0, 0x13, 0xB6, 0xC5, 0x8D, 0x61, 0xBE, 0x96, 0x15, 0xAD,
|
||||
0xFE, 0xAE, 0x61, 0xED, 0xA1, 0x88, 0xF9, 0x79, 0xC6, 0x40,
|
||||
0x57, 0xE4, 0x9B
|
||||
};
|
||||
static const int sizeof_serv_ecc_der_256 = sizeof(serv_ecc_der_256);
|
||||
static const int sizeof_ca_ecc_cert_der_256 = sizeof(ca_ecc_cert_der_256);
|
||||
|
||||
/* ./certs/ca-ecc384-key.der, ECC */
|
||||
static const unsigned char ca_ecc_key_der_384[] =
|
||||
{
|
||||
0x30, 0x81, 0xA4, 0x02, 0x01, 0x01, 0x04, 0x30, 0x25, 0x7B,
|
||||
0x71, 0xAC, 0x46, 0x4C, 0xF2, 0xC4, 0xA5, 0x59, 0x86, 0xF6,
|
||||
0x09, 0xB4, 0x73, 0x84, 0xC4, 0x18, 0x04, 0xA4, 0x1A, 0x23,
|
||||
0x75, 0x80, 0xCE, 0x5E, 0x09, 0x5C, 0x04, 0xE0, 0xAD, 0x04,
|
||||
0x8E, 0x5F, 0xD7, 0xC7, 0x91, 0xE7, 0x76, 0xCB, 0x8A, 0xEF,
|
||||
0xC0, 0xF1, 0x34, 0x28, 0xEE, 0x5C, 0xA0, 0x07, 0x06, 0x05,
|
||||
0x2B, 0x81, 0x04, 0x00, 0x22, 0xA1, 0x64, 0x03, 0x62, 0x00,
|
||||
0x04, 0x11, 0x3C, 0x5C, 0xD0, 0x64, 0x22, 0xA7, 0x0F, 0xC8,
|
||||
0xB6, 0x40, 0x84, 0xD7, 0xE9, 0x42, 0x13, 0x88, 0xB9, 0x11,
|
||||
0xB5, 0x8D, 0x9E, 0xBB, 0x40, 0xB4, 0x9E, 0xF7, 0x20, 0x35,
|
||||
0x2B, 0xF5, 0xDC, 0x59, 0x70, 0x00, 0x19, 0x32, 0x63, 0xDE,
|
||||
0x56, 0x55, 0x6A, 0x0B, 0xD5, 0x29, 0xBA, 0xC1, 0x26, 0x53,
|
||||
0x3F, 0x11, 0xB4, 0x9C, 0xD1, 0x0E, 0x23, 0xBF, 0x03, 0x2B,
|
||||
0x46, 0x45, 0x4E, 0x65, 0xF4, 0x77, 0x22, 0x0A, 0x63, 0xE2,
|
||||
0x49, 0x5D, 0xF0, 0xA7, 0x8C, 0x29, 0x49, 0x00, 0x33, 0x00,
|
||||
0xB1, 0x40, 0x19, 0xBF, 0x67, 0x3F, 0xD1, 0xF2, 0x4E, 0x6E,
|
||||
0x1D, 0x18, 0x81, 0x50, 0xEB, 0x13, 0x6A
|
||||
};
|
||||
static const int sizeof_ca_ecc_key_der_384 = sizeof(ca_ecc_key_der_384);
|
||||
|
||||
/* ./certs/ca-ecc384-cert.der, ECC */
|
||||
static const unsigned char ca_ecc_cert_der_384[] =
|
||||
{
|
||||
0x30, 0x82, 0x02, 0xC7, 0x30, 0x82, 0x02, 0x4D, 0xA0, 0x03,
|
||||
0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xA8, 0x45, 0x77, 0x67,
|
||||
0x97, 0x27, 0xF9, 0x20, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86,
|
||||
0x48, 0xCE, 0x3D, 0x04, 0x03, 0x03, 0x30, 0x81, 0x97, 0x31,
|
||||
0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
|
||||
0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04,
|
||||
0x08, 0x0C, 0x0A, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67,
|
||||
0x74, 0x6F, 0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55,
|
||||
0x04, 0x07, 0x0C, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6C,
|
||||
0x65, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A,
|
||||
0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x31,
|
||||
0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0B,
|
||||
0x44, 0x65, 0x76, 0x65, 0x6C, 0x6F, 0x70, 0x6D, 0x65, 0x6E,
|
||||
0x74, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03,
|
||||
0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66,
|
||||
0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30,
|
||||
0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
|
||||
0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77,
|
||||
0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D,
|
||||
0x30, 0x1E, 0x17, 0x0D, 0x31, 0x37, 0x31, 0x30, 0x31, 0x39,
|
||||
0x31, 0x39, 0x30, 0x36, 0x34, 0x39, 0x5A, 0x17, 0x0D, 0x33,
|
||||
0x37, 0x31, 0x30, 0x31, 0x34, 0x31, 0x39, 0x30, 0x36, 0x34,
|
||||
0x39, 0x5A, 0x30, 0x81, 0x97, 0x31, 0x0B, 0x30, 0x09, 0x06,
|
||||
0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13,
|
||||
0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A, 0x57,
|
||||
0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E, 0x31,
|
||||
0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07,
|
||||
0x53, 0x65, 0x61, 0x74, 0x74, 0x6C, 0x65, 0x31, 0x10, 0x30,
|
||||
0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x07, 0x77, 0x6F,
|
||||
0x6C, 0x66, 0x53, 0x53, 0x4C, 0x31, 0x14, 0x30, 0x12, 0x06,
|
||||
0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0B, 0x44, 0x65, 0x76, 0x65,
|
||||
0x6C, 0x6F, 0x70, 0x6D, 0x65, 0x6E, 0x74, 0x31, 0x18, 0x30,
|
||||
0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77,
|
||||
0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E,
|
||||
0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A,
|
||||
0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10,
|
||||
0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73,
|
||||
0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x76, 0x30, 0x10,
|
||||
0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06,
|
||||
0x05, 0x2B, 0x81, 0x04, 0x00, 0x22, 0x03, 0x62, 0x00, 0x04,
|
||||
0x11, 0x3C, 0x5C, 0xD0, 0x64, 0x22, 0xA7, 0x0F, 0xC8, 0xB6,
|
||||
0x40, 0x84, 0xD7, 0xE9, 0x42, 0x13, 0x88, 0xB9, 0x11, 0xB5,
|
||||
0x8D, 0x9E, 0xBB, 0x40, 0xB4, 0x9E, 0xF7, 0x20, 0x35, 0x2B,
|
||||
0xF5, 0xDC, 0x59, 0x70, 0x00, 0x19, 0x32, 0x63, 0xDE, 0x56,
|
||||
0x55, 0x6A, 0x0B, 0xD5, 0x29, 0xBA, 0xC1, 0x26, 0x53, 0x3F,
|
||||
0x11, 0xB4, 0x9C, 0xD1, 0x0E, 0x23, 0xBF, 0x03, 0x2B, 0x46,
|
||||
0x45, 0x4E, 0x65, 0xF4, 0x77, 0x22, 0x0A, 0x63, 0xE2, 0x49,
|
||||
0x5D, 0xF0, 0xA7, 0x8C, 0x29, 0x49, 0x00, 0x33, 0x00, 0xB1,
|
||||
0x40, 0x19, 0xBF, 0x67, 0x3F, 0xD1, 0xF2, 0x4E, 0x6E, 0x1D,
|
||||
0x18, 0x81, 0x50, 0xEB, 0x13, 0x6A, 0xA3, 0x63, 0x30, 0x61,
|
||||
0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04,
|
||||
0x14, 0x97, 0xFD, 0xB4, 0x6D, 0xCE, 0x08, 0xB3, 0x02, 0x57,
|
||||
0xAB, 0xF3, 0x40, 0xD6, 0x1D, 0xAC, 0x75, 0x32, 0x35, 0xAA,
|
||||
0xF2, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, 0x18,
|
||||
0x30, 0x16, 0x80, 0x14, 0x97, 0xFD, 0xB4, 0x6D, 0xCE, 0x08,
|
||||
0xB3, 0x02, 0x57, 0xAB, 0xF3, 0x40, 0xD6, 0x1D, 0xAC, 0x75,
|
||||
0x32, 0x35, 0xAA, 0xF2, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D,
|
||||
0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01,
|
||||
0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01,
|
||||
0xFF, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x0A, 0x06,
|
||||
0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x03, 0x03,
|
||||
0x68, 0x00, 0x30, 0x65, 0x02, 0x31, 0x00, 0x9D, 0x49, 0x9E,
|
||||
0x68, 0x10, 0x55, 0xB3, 0x92, 0x89, 0x23, 0xCF, 0x58, 0xFB,
|
||||
0x04, 0xEE, 0xAB, 0xED, 0x3E, 0x3C, 0xF6, 0x94, 0x66, 0xD1,
|
||||
0xBD, 0x16, 0x8E, 0xCA, 0x52, 0x9F, 0x39, 0xF3, 0xD6, 0x47,
|
||||
0xC0, 0xCB, 0x45, 0xE2, 0x1E, 0xC6, 0xDD, 0x50, 0x08, 0x37,
|
||||
0x37, 0xBA, 0xAE, 0xE6, 0x72, 0x02, 0x30, 0x6B, 0x38, 0x53,
|
||||
0x41, 0x32, 0x3E, 0x55, 0x84, 0x39, 0x65, 0x9B, 0xA7, 0x40,
|
||||
0x98, 0x05, 0xCD, 0x16, 0xFE, 0xDD, 0x54, 0x3A, 0x38, 0x19,
|
||||
0xF0, 0x63, 0xB9, 0xC1, 0x45, 0x46, 0xDC, 0xB4, 0x4D, 0x47,
|
||||
0x21, 0x49, 0xFC, 0x5B, 0x63, 0xA8, 0x16, 0x4C, 0xD8, 0x3F,
|
||||
0x3B, 0xA8, 0xC9, 0xFB, 0xFA
|
||||
};
|
||||
static const int sizeof_ca_ecc_cert_der_384 = sizeof(ca_ecc_cert_der_384);
|
||||
|
||||
#endif /* HAVE_ECC && USE_CERT_BUFFERS_256 */
|
||||
|
||||
@ -2183,158 +2382,142 @@ static const unsigned char dh_g[] =
|
||||
0x02,
|
||||
};
|
||||
|
||||
#ifdef HAVE_ED25519
|
||||
/*
|
||||
* Subject: /C=US/ST=Montana/L=Bozeman/SN=Leaf/O=wolfSSL/OU=ED25519/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
|
||||
* Issuer: /C=US/ST=Montana/L=Bozeman/SN=CA/O=wolfSSL/OU=ED25519/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
|
||||
*/
|
||||
static const unsigned char server_ed25519_pkey[44] = {
|
||||
0x30, 0x2A, 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x70, 0x03,
|
||||
0x21, 0x00, 0x1A, 0x30, 0x88, 0x18, 0x47, 0x2F, 0x97, 0xDA,
|
||||
0x04, 0xF4, 0xA4, 0xE3, 0xBD, 0x6C, 0x0C, 0x16, 0xB9, 0x48,
|
||||
0xC1, 0xD1, 0x42, 0xD7, 0x8E, 0x92, 0x84, 0xA0, 0x74, 0x2A,
|
||||
0x43, 0x9E, 0x0E, 0x29
|
||||
};
|
||||
static const int sizeof_server_ed25519_pkey = sizeof(server_ed25519_pkey);
|
||||
#if defined(HAVE_ED25519)
|
||||
|
||||
static const unsigned char server_ed25519_cert[591] = {
|
||||
0x30, 0x82, 0x02, 0x4B, 0x30, 0x82, 0x01, 0xFD, 0xA0, 0x03,
|
||||
0x02, 0x01, 0x02, 0x02, 0x08, 0x01, 0xD0, 0x92, 0x10, 0x6A,
|
||||
0x5A, 0x46, 0x57, 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x70,
|
||||
0x30, 0x81, 0x9D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55,
|
||||
0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E,
|
||||
0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E,
|
||||
0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03,
|
||||
0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D,
|
||||
0x61, 0x6E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
|
||||
0x04, 0x0C, 0x02, 0x43, 0x41, 0x31, 0x10, 0x30, 0x0E, 0x06,
|
||||
0x03, 0x55, 0x04, 0x0A, 0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66,
|
||||
0x53, 0x53, 0x4C, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55,
|
||||
0x04, 0x0B, 0x0C, 0x07, 0x45, 0x44, 0x32, 0x35, 0x35, 0x31,
|
||||
0x39, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03,
|
||||
0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66,
|
||||
0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30,
|
||||
0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
|
||||
0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77,
|
||||
0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D,
|
||||
0x30, 0x22, 0x18, 0x0F, 0x32, 0x30, 0x31, 0x37, 0x30, 0x35,
|
||||
0x32, 0x38, 0x32, 0x33, 0x32, 0x36, 0x32, 0x39, 0x5A, 0x18,
|
||||
0x0F, 0x32, 0x30, 0x31, 0x39, 0x30, 0x35, 0x32, 0x39, 0x32,
|
||||
0x33, 0x32, 0x36, 0x32, 0x39, 0x5A, 0x30, 0x81, 0x9F, 0x31,
|
||||
0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
|
||||
0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04,
|
||||
0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61,
|
||||
0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C,
|
||||
0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x0D,
|
||||
0x30, 0x0B, 0x06, 0x03, 0x55, 0x04, 0x04, 0x0C, 0x04, 0x4C,
|
||||
0x65, 0x61, 0x66, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55,
|
||||
0x04, 0x0A, 0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53,
|
||||
0x4C, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0B,
|
||||
0x0C, 0x07, 0x45, 0x44, 0x32, 0x35, 0x35, 0x31, 0x39, 0x31,
|
||||
0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F,
|
||||
0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73,
|
||||
0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06,
|
||||
0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01,
|
||||
0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C,
|
||||
0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x2A,
|
||||
0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x70, 0x03, 0x21, 0x00,
|
||||
0x1A, 0x30, 0x88, 0x18, 0x47, 0x2F, 0x97, 0xDA, 0x04, 0xF4,
|
||||
0xA4, 0xE3, 0xBD, 0x6C, 0x0C, 0x16, 0xB9, 0x48, 0xC1, 0xD1,
|
||||
0x42, 0xD7, 0x8E, 0x92, 0x84, 0xA0, 0x74, 0x2A, 0x43, 0x9E,
|
||||
0x0E, 0x29, 0xA3, 0x53, 0x30, 0x51, 0x30, 0x1D, 0x06, 0x03,
|
||||
0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xF6, 0xB2, 0x84,
|
||||
0x1A, 0x95, 0xB4, 0x70, 0x32, 0x53, 0xFE, 0xD9, 0xEB, 0x9B,
|
||||
0x29, 0x80, 0x4B, 0xD6, 0xB5, 0xF1, 0xC0, 0x30, 0x1F, 0x06,
|
||||
0x03, 0x55, 0x1D, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14,
|
||||
0x92, 0xD5, 0x0B, 0xDA, 0xF1, 0x04, 0x8B, 0xB9, 0xA1, 0x8B,
|
||||
0x03, 0x02, 0x9F, 0x58, 0x00, 0x35, 0x36, 0x07, 0x7A, 0xC9,
|
||||
0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01, 0xFF,
|
||||
0x04, 0x05, 0x03, 0x02, 0x06, 0xC0, 0x00, 0x30, 0x05, 0x06,
|
||||
0x03, 0x2B, 0x65, 0x70, 0x03, 0x41, 0x00, 0x12, 0x56, 0x77,
|
||||
0x0C, 0x96, 0x42, 0x98, 0xDA, 0xC9, 0x15, 0x6C, 0x4E, 0x48,
|
||||
0x95, 0x05, 0x1D, 0xD0, 0x78, 0x32, 0xF8, 0x86, 0x46, 0x9A,
|
||||
0x46, 0x9B, 0x64, 0x8B, 0x31, 0xB0, 0x19, 0x6B, 0x77, 0x99,
|
||||
0x8B, 0xFF, 0xFC, 0x02, 0x36, 0x05, 0x0B, 0x69, 0x37, 0x87,
|
||||
0x62, 0x75, 0xDA, 0x50, 0x2C, 0x2D, 0x5D, 0x52, 0x94, 0x3F,
|
||||
0x00, 0x9D, 0x18, 0x45, 0x6F, 0x37, 0x12, 0x8E, 0xF4, 0xE4,
|
||||
0x00
|
||||
/* ./certs/ed25519/server-ed25519.der, ED25519 */
|
||||
static const unsigned char server_ed25519_cert[] =
|
||||
{
|
||||
0x30, 0x82, 0x02, 0x4B, 0x30, 0x82, 0x01, 0xFD, 0xA0, 0x03,
|
||||
0x02, 0x01, 0x02, 0x02, 0x08, 0x01, 0xD0, 0x92, 0x10, 0x6A,
|
||||
0x5A, 0x46, 0x57, 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x70,
|
||||
0x30, 0x81, 0x9D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55,
|
||||
0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E,
|
||||
0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E,
|
||||
0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03,
|
||||
0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D,
|
||||
0x61, 0x6E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
|
||||
0x04, 0x0C, 0x02, 0x43, 0x41, 0x31, 0x10, 0x30, 0x0E, 0x06,
|
||||
0x03, 0x55, 0x04, 0x0A, 0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66,
|
||||
0x53, 0x53, 0x4C, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55,
|
||||
0x04, 0x0B, 0x0C, 0x07, 0x45, 0x44, 0x32, 0x35, 0x35, 0x31,
|
||||
0x39, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03,
|
||||
0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66,
|
||||
0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30,
|
||||
0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
|
||||
0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77,
|
||||
0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D,
|
||||
0x30, 0x22, 0x18, 0x0F, 0x32, 0x30, 0x31, 0x37, 0x30, 0x35,
|
||||
0x32, 0x38, 0x32, 0x33, 0x32, 0x36, 0x32, 0x39, 0x5A, 0x18,
|
||||
0x0F, 0x32, 0x30, 0x31, 0x39, 0x30, 0x35, 0x32, 0x39, 0x32,
|
||||
0x33, 0x32, 0x36, 0x32, 0x39, 0x5A, 0x30, 0x81, 0x9F, 0x31,
|
||||
0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
|
||||
0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04,
|
||||
0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61,
|
||||
0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C,
|
||||
0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x0D,
|
||||
0x30, 0x0B, 0x06, 0x03, 0x55, 0x04, 0x04, 0x0C, 0x04, 0x4C,
|
||||
0x65, 0x61, 0x66, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55,
|
||||
0x04, 0x0A, 0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53,
|
||||
0x4C, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0B,
|
||||
0x0C, 0x07, 0x45, 0x44, 0x32, 0x35, 0x35, 0x31, 0x39, 0x31,
|
||||
0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F,
|
||||
0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73,
|
||||
0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06,
|
||||
0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01,
|
||||
0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C,
|
||||
0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x2A,
|
||||
0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x70, 0x03, 0x21, 0x00,
|
||||
0x1A, 0x30, 0x88, 0x18, 0x47, 0x2F, 0x97, 0xDA, 0x04, 0xF4,
|
||||
0xA4, 0xE3, 0xBD, 0x6C, 0x0C, 0x16, 0xB9, 0x48, 0xC1, 0xD1,
|
||||
0x42, 0xD7, 0x8E, 0x92, 0x84, 0xA0, 0x74, 0x2A, 0x43, 0x9E,
|
||||
0x0E, 0x29, 0xA3, 0x53, 0x30, 0x51, 0x30, 0x1D, 0x06, 0x03,
|
||||
0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xF6, 0xB2, 0x84,
|
||||
0x1A, 0x95, 0xB4, 0x70, 0x32, 0x53, 0xFE, 0xD9, 0xEB, 0x9B,
|
||||
0x29, 0x80, 0x4B, 0xD6, 0xB5, 0xF1, 0xC0, 0x30, 0x1F, 0x06,
|
||||
0x03, 0x55, 0x1D, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14,
|
||||
0x92, 0xD5, 0x0B, 0xDA, 0xF1, 0x04, 0x8B, 0xB9, 0xA1, 0x8B,
|
||||
0x03, 0x02, 0x9F, 0x58, 0x00, 0x35, 0x36, 0x07, 0x7A, 0xC9,
|
||||
0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01, 0xFF,
|
||||
0x04, 0x05, 0x03, 0x02, 0x06, 0xC0, 0x00, 0x30, 0x05, 0x06,
|
||||
0x03, 0x2B, 0x65, 0x70, 0x03, 0x41, 0x00, 0x12, 0x56, 0x77,
|
||||
0x0C, 0x96, 0x42, 0x98, 0xDA, 0xC9, 0x15, 0x6C, 0x4E, 0x48,
|
||||
0x95, 0x05, 0x1D, 0xD0, 0x78, 0x32, 0xF8, 0x86, 0x46, 0x9A,
|
||||
0x46, 0x9B, 0x64, 0x8B, 0x31, 0xB0, 0x19, 0x6B, 0x77, 0x99,
|
||||
0x8B, 0xFF, 0xFC, 0x02, 0x36, 0x05, 0x0B, 0x69, 0x37, 0x87,
|
||||
0x62, 0x75, 0xDA, 0x50, 0x2C, 0x2D, 0x5D, 0x52, 0x94, 0x3F,
|
||||
0x00, 0x9D, 0x18, 0x45, 0x6F, 0x37, 0x12, 0x8E, 0xF4, 0xE4,
|
||||
0x00
|
||||
};
|
||||
static const int sizeof_server_ed25519_cert = sizeof(server_ed25519_cert);
|
||||
|
||||
static const unsigned char ca_ed25519_pkey[44] = {
|
||||
0x30, 0x2A, 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x70, 0x03,
|
||||
0x21, 0x00, 0x41, 0x07, 0xEC, 0x75, 0x0C, 0x68, 0x72, 0x12,
|
||||
0x3C, 0x04, 0x82, 0x07, 0x6E, 0x16, 0x6F, 0x40, 0x41, 0x6D,
|
||||
0xA4, 0x8F, 0x08, 0xF2, 0xE2, 0x9D, 0xA7, 0x43, 0xC2, 0x24,
|
||||
0x28, 0x98, 0x7E, 0xAC
|
||||
};
|
||||
static const int sizeof_ca_ed25519_pkey = sizeof(ca_ed25519_pkey);
|
||||
|
||||
static const unsigned char ca_ed25519_cert[605] = {
|
||||
0x30, 0x82, 0x02, 0x59, 0x30, 0x82, 0x02, 0x0B, 0xA0, 0x03,
|
||||
0x02, 0x01, 0x02, 0x02, 0x08, 0x01, 0xF6, 0xE1, 0x3E, 0xBC,
|
||||
0x79, 0xA1, 0x85, 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x70,
|
||||
0x30, 0x81, 0x9F, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55,
|
||||
0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E,
|
||||
0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E,
|
||||
0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03,
|
||||
0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D,
|
||||
0x61, 0x6E, 0x31, 0x0D, 0x30, 0x0B, 0x06, 0x03, 0x55, 0x04,
|
||||
0x04, 0x0C, 0x04, 0x52, 0x6F, 0x6F, 0x74, 0x31, 0x10, 0x30,
|
||||
0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x07, 0x77, 0x6F,
|
||||
0x6C, 0x66, 0x53, 0x53, 0x4C, 0x31, 0x10, 0x30, 0x0E, 0x06,
|
||||
0x03, 0x55, 0x04, 0x0B, 0x0C, 0x07, 0x45, 0x44, 0x32, 0x35,
|
||||
0x35, 0x31, 0x39, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55,
|
||||
0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F,
|
||||
0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31,
|
||||
0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7,
|
||||
0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F,
|
||||
0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63,
|
||||
0x6F, 0x6D, 0x30, 0x22, 0x18, 0x0F, 0x32, 0x30, 0x31, 0x37,
|
||||
0x30, 0x35, 0x32, 0x38, 0x32, 0x33, 0x32, 0x36, 0x32, 0x39,
|
||||
0x5A, 0x18, 0x0F, 0x32, 0x30, 0x31, 0x39, 0x30, 0x35, 0x32,
|
||||
0x39, 0x32, 0x33, 0x32, 0x36, 0x32, 0x39, 0x5A, 0x30, 0x81,
|
||||
0x9D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
|
||||
0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03,
|
||||
0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61,
|
||||
0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04,
|
||||
0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E,
|
||||
0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x04, 0x0C,
|
||||
0x02, 0x43, 0x41, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55,
|
||||
0x04, 0x0A, 0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53,
|
||||
0x4C, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0B,
|
||||
0x0C, 0x07, 0x45, 0x44, 0x32, 0x35, 0x35, 0x31, 0x39, 0x31,
|
||||
0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F,
|
||||
0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73,
|
||||
0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06,
|
||||
0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01,
|
||||
0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C,
|
||||
0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x2A,
|
||||
0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x70, 0x03, 0x21, 0x00,
|
||||
0x41, 0x07, 0xEC, 0x75, 0x0C, 0x68, 0x72, 0x12, 0x3C, 0x04,
|
||||
0x82, 0x07, 0x6E, 0x16, 0x6F, 0x40, 0x41, 0x6D, 0xA4, 0x8F,
|
||||
0x08, 0xF2, 0xE2, 0x9D, 0xA7, 0x43, 0xC2, 0x24, 0x28, 0x98,
|
||||
0x7E, 0xAC, 0xA3, 0x61, 0x30, 0x5F, 0x30, 0x0C, 0x06, 0x03,
|
||||
0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF,
|
||||
0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04,
|
||||
0x14, 0x92, 0xD5, 0x0B, 0xDA, 0xF1, 0x04, 0x8B, 0xB9, 0xA1,
|
||||
0x8B, 0x03, 0x02, 0x9F, 0x58, 0x00, 0x35, 0x36, 0x07, 0x7A,
|
||||
0xC9, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, 0x18,
|
||||
0x30, 0x16, 0x80, 0x14, 0x86, 0xC0, 0x27, 0xE9, 0x9E, 0xFA,
|
||||
0x85, 0xC1, 0xFD, 0xE3, 0x6F, 0xFC, 0x54, 0x59, 0x72, 0x37,
|
||||
0xC7, 0x33, 0x92, 0xBB, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D,
|
||||
0x0F, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x03, 0x02, 0x01, 0xC6,
|
||||
0x00, 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x70, 0x03, 0x41,
|
||||
0x00, 0x22, 0x1B, 0x06, 0x17, 0xC0, 0x11, 0x74, 0x1F, 0x64,
|
||||
0xD1, 0xA3, 0xF6, 0x7B, 0x06, 0x00, 0x1A, 0x0B, 0x50, 0x8E,
|
||||
0xEB, 0xB1, 0x63, 0x92, 0x45, 0xBA, 0xDC, 0xE2, 0xC1, 0x68,
|
||||
0x14, 0x23, 0x0C, 0x6E, 0x2C, 0x95, 0x3C, 0xB1, 0x1C, 0x19,
|
||||
0x27, 0x98, 0x50, 0x3E, 0x55, 0x51, 0xCC, 0xC4, 0x49, 0x58,
|
||||
0xAF, 0xB9, 0x46, 0x4F, 0xED, 0x9C, 0x57, 0x38, 0x04, 0x29,
|
||||
0xD4, 0xA9, 0x12, 0xFE, 0x08
|
||||
/* ./certs/ed25519/ca-ed25519.der, ED25519 */
|
||||
static const unsigned char ca_ed25519_cert[] =
|
||||
{
|
||||
0x30, 0x82, 0x02, 0x59, 0x30, 0x82, 0x02, 0x0B, 0xA0, 0x03,
|
||||
0x02, 0x01, 0x02, 0x02, 0x08, 0x01, 0xF6, 0xE1, 0x3E, 0xBC,
|
||||
0x79, 0xA1, 0x85, 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x70,
|
||||
0x30, 0x81, 0x9F, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55,
|
||||
0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E,
|
||||
0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E,
|
||||
0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03,
|
||||
0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D,
|
||||
0x61, 0x6E, 0x31, 0x0D, 0x30, 0x0B, 0x06, 0x03, 0x55, 0x04,
|
||||
0x04, 0x0C, 0x04, 0x52, 0x6F, 0x6F, 0x74, 0x31, 0x10, 0x30,
|
||||
0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x07, 0x77, 0x6F,
|
||||
0x6C, 0x66, 0x53, 0x53, 0x4C, 0x31, 0x10, 0x30, 0x0E, 0x06,
|
||||
0x03, 0x55, 0x04, 0x0B, 0x0C, 0x07, 0x45, 0x44, 0x32, 0x35,
|
||||
0x35, 0x31, 0x39, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55,
|
||||
0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F,
|
||||
0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31,
|
||||
0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7,
|
||||
0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F,
|
||||
0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63,
|
||||
0x6F, 0x6D, 0x30, 0x22, 0x18, 0x0F, 0x32, 0x30, 0x31, 0x37,
|
||||
0x30, 0x35, 0x32, 0x38, 0x32, 0x33, 0x32, 0x36, 0x32, 0x39,
|
||||
0x5A, 0x18, 0x0F, 0x32, 0x30, 0x31, 0x39, 0x30, 0x35, 0x32,
|
||||
0x39, 0x32, 0x33, 0x32, 0x36, 0x32, 0x39, 0x5A, 0x30, 0x81,
|
||||
0x9D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
|
||||
0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03,
|
||||
0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61,
|
||||
0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04,
|
||||
0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E,
|
||||
0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x04, 0x0C,
|
||||
0x02, 0x43, 0x41, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55,
|
||||
0x04, 0x0A, 0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53,
|
||||
0x4C, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0B,
|
||||
0x0C, 0x07, 0x45, 0x44, 0x32, 0x35, 0x35, 0x31, 0x39, 0x31,
|
||||
0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F,
|
||||
0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73,
|
||||
0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06,
|
||||
0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01,
|
||||
0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C,
|
||||
0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x2A,
|
||||
0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x70, 0x03, 0x21, 0x00,
|
||||
0x41, 0x07, 0xEC, 0x75, 0x0C, 0x68, 0x72, 0x12, 0x3C, 0x04,
|
||||
0x82, 0x07, 0x6E, 0x16, 0x6F, 0x40, 0x41, 0x6D, 0xA4, 0x8F,
|
||||
0x08, 0xF2, 0xE2, 0x9D, 0xA7, 0x43, 0xC2, 0x24, 0x28, 0x98,
|
||||
0x7E, 0xAC, 0xA3, 0x61, 0x30, 0x5F, 0x30, 0x0C, 0x06, 0x03,
|
||||
0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF,
|
||||
0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04,
|
||||
0x14, 0x92, 0xD5, 0x0B, 0xDA, 0xF1, 0x04, 0x8B, 0xB9, 0xA1,
|
||||
0x8B, 0x03, 0x02, 0x9F, 0x58, 0x00, 0x35, 0x36, 0x07, 0x7A,
|
||||
0xC9, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, 0x18,
|
||||
0x30, 0x16, 0x80, 0x14, 0x86, 0xC0, 0x27, 0xE9, 0x9E, 0xFA,
|
||||
0x85, 0xC1, 0xFD, 0xE3, 0x6F, 0xFC, 0x54, 0x59, 0x72, 0x37,
|
||||
0xC7, 0x33, 0x92, 0xBB, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D,
|
||||
0x0F, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x03, 0x02, 0x01, 0xC6,
|
||||
0x00, 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x70, 0x03, 0x41,
|
||||
0x00, 0x22, 0x1B, 0x06, 0x17, 0xC0, 0x11, 0x74, 0x1F, 0x64,
|
||||
0xD1, 0xA3, 0xF6, 0x7B, 0x06, 0x00, 0x1A, 0x0B, 0x50, 0x8E,
|
||||
0xEB, 0xB1, 0x63, 0x92, 0x45, 0xBA, 0xDC, 0xE2, 0xC1, 0x68,
|
||||
0x14, 0x23, 0x0C, 0x6E, 0x2C, 0x95, 0x3C, 0xB1, 0x1C, 0x19,
|
||||
0x27, 0x98, 0x50, 0x3E, 0x55, 0x51, 0xCC, 0xC4, 0x49, 0x58,
|
||||
0xAF, 0xB9, 0x46, 0x4F, 0xED, 0x9C, 0x57, 0x38, 0x04, 0x29,
|
||||
0xD4, 0xA9, 0x12, 0xFE, 0x08
|
||||
};
|
||||
static const int sizeof_ca_ed25519_cert = sizeof(ca_ed25519_cert);
|
||||
#endif
|
||||
|
||||
#endif /* HAVE_ED25519 */
|
||||
|
||||
#endif /* WOLFSSL_CERTS_TEST_H */
|
||||
|
||||
|
||||
@ -265,6 +265,7 @@
|
||||
#define dhParamFile "certs/dh2048.pem"
|
||||
#define cliEccKeyFile "certs/ecc-client-key.pem"
|
||||
#define cliEccCertFile "certs/client-ecc-cert.pem"
|
||||
#define caEccCertFile "certs/ca-ecc-cert/pem"
|
||||
#define crlPemDir "certs/crl"
|
||||
#ifdef HAVE_WNR
|
||||
/* Whitewood netRandom default config file */
|
||||
@ -283,6 +284,7 @@
|
||||
#define dhParamFile "./certs/dh2048.pem"
|
||||
#define cliEccKeyFile "./certs/ecc-client-key.pem"
|
||||
#define cliEccCertFile "./certs/client-ecc-cert.pem"
|
||||
#define caEccCertFile "./certs/ca-ecc-cert.pem"
|
||||
#define crlPemDir "./certs/crl"
|
||||
#ifdef HAVE_WNR
|
||||
/* Whitewood netRandom default config file */
|
||||
|
||||
Reference in New Issue
Block a user