From 8ae6bf16416412cdab086188860ef236ec3e91e0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Thu, 12 Nov 2015 23:29:27 -0300 Subject: [PATCH 01/22] adds server side Certificate Status Request extension; missing: Finish SendCertificateStatus(); --- examples/server/server.c | 3 ++ src/internal.c | 84 ++++++++++++++++++++++++++++++++++++++- src/ocsp.c | 85 +++++++++++++++++++++++++++++++++------- src/ssl.c | 61 +++++++++++++++++++++++++++- src/tls.c | 59 ++++++++++++++++++++++++---- wolfcrypt/src/asn.c | 19 +++------ wolfssl/internal.h | 38 ++++++++++-------- wolfssl/ocsp.h | 4 +- wolfssl/ssl.h | 5 +++ wolfssl/wolfcrypt/asn.h | 3 ++ 10 files changed, 304 insertions(+), 57 deletions(-) diff --git a/examples/server/server.c b/examples/server/server.c index 1808240a8..9e7dd230a 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -725,6 +725,9 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) CyaSSL_CTX_EnableOCSP(ctx, CYASSL_OCSP_NO_NONCE); } #endif +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) + wolfSSL_CTX_EnableOCSPStapling(ctx); +#endif #ifdef HAVE_PK_CALLBACKS if (pkCallbacks) SetupPkCallbacks(ctx, ssl); diff --git a/src/internal.c b/src/internal.c index 1c6a4c6e4..057e4c9f4 100644 --- a/src/internal.c +++ b/src/internal.c @@ -4368,7 +4368,7 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx, #ifdef HAVE_OCSP if (ssl->ctx->cm->ocspEnabled && ssl->ctx->cm->ocspCheckAll) { WOLFSSL_MSG("Doing Non Leaf OCSP check"); - ret = CheckCertOCSP(ssl->ctx->cm->ocsp, dCert); + ret = CheckCertOCSP(ssl->ctx->cm->ocsp, dCert, NULL); doCrlLookup = (ret == OCSP_CERT_UNKNOWN); if (ret != 0) { doCrlLookup = 0; @@ -4469,7 +4469,7 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx, #ifdef HAVE_OCSP if (doLookup && ssl->ctx->cm->ocspEnabled) { WOLFSSL_MSG("Doing Leaf OCSP check"); - ret = CheckCertOCSP(ssl->ctx->cm->ocsp, dCert); + ret = CheckCertOCSP(ssl->ctx->cm->ocsp, dCert, NULL); doLookup = (ret == OCSP_CERT_UNKNOWN); if (ret != 0) { WOLFSSL_MSG("\tOCSP Lookup not ok"); @@ -8141,6 +8141,86 @@ int SendCertificateRequest(WOLFSSL* ssl) else return SendBuffered(ssl); } + + +int SendCertificateStatus(WOLFSSL* ssl) +{ + int ret = 0; + byte status_type = 0; + + WOLFSSL_ENTER("SendCertificateStatus"); + + (void) ssl; + +#ifdef HAVE_CERTIFICATE_STATUS_REQUEST + status_type = ssl->status_request; +#endif + + switch (status_type) { +#if defined HAVE_CERTIFICATE_STATUS_REQUEST + case WOLFSSL_CSR_OCSP: { + buffer response = {NULL, 0}; + buffer der = ssl->buffers.certificate; +#ifdef WOLFSSL_SMALL_STACK + DecodedCert* cert = NULL; +#else + DecodedCert cert[1]; +#endif + + /* unable to fetch status. skip. */ + if (ssl->ctx->cm == NULL || ssl->ctx->cm->ocspStaplingEnabled == 0) + return 0; + if (der.buffer == NULL || der.length == 0) + return 0; + +#ifdef WOLFSSL_SMALL_STACK + cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (cert == NULL) + return MEMORY_E; +#endif + + InitDecodedCert(cert, der.buffer, der.length, NULL); + + if ((ret = ParseCertRelative(cert, CERT_TYPE, NO_VERIFY, + ssl->ctx->cm)) != 0) { + WOLFSSL_MSG("ParseCert failed"); + } + else { + ret = CheckCertOCSP(ssl->ctx->cm->ocsp_stapling, cert, + &response); + + if (response.buffer) { + if (ret == OCSP_CERT_REVOKED || ret == OCSP_CERT_UNKNOWN) { + ret = 0; /* Forward status to client */ + } + + if (ret == 0) { + + } + + XFREE(response.buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } + + if (ret == OCSP_LOOKUP_FAIL) + ret = 0; /* Suppressing, not critical */ + } + + FreeDecodedCert(cert); +#ifdef WOLFSSL_SMALL_STACK + XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + } + break; +#endif + + default: + break; + } + + return ret; +} + #endif /* !NO_CERTS */ diff --git a/src/ocsp.c b/src/ocsp.c index 567a67de8..f503d5b9c 100644 --- a/src/ocsp.c +++ b/src/ocsp.c @@ -77,6 +77,10 @@ static void FreeOcspEntry(OcspEntry* entry) for (status = entry->status; status; status = next) { next = status->next; + + if (status->rawOcspResponse) + XFREE(status->rawOcspResponse, NULL, DYNAMIC_TYPE_OCSP_STATUS); + XFREE(status, NULL, DYNAMIC_TYPE_OCSP_STATUS); } } @@ -114,7 +118,7 @@ static int xstat2err(int stat) } -int CheckCertOCSP(WOLFSSL_OCSP* ocsp, DecodedCert* cert) +int CheckCertOCSP(WOLFSSL_OCSP* ocsp, DecodedCert* cert, void* encodedResponse) { int ret = OCSP_LOOKUP_FAIL; @@ -137,7 +141,7 @@ int CheckCertOCSP(WOLFSSL_OCSP* ocsp, DecodedCert* cert) #endif if (InitOcspRequest(ocspRequest, cert, ocsp->cm->ocspSendNonce) == 0) { - ret = CheckOcspRequest(ocsp, ocspRequest); + ret = CheckOcspRequest(ocsp, ocspRequest, encodedResponse); FreeOcspRequest(ocspRequest); } @@ -186,7 +190,7 @@ static int GetOcspEntry(WOLFSSL_OCSP* ocsp, OcspRequest* request, static int GetOcspStatus(WOLFSSL_OCSP* ocsp, OcspRequest* request, - OcspEntry* entry, CertStatus** status) + OcspEntry* entry, CertStatus** status, buffer* responseBuffer) { int ret = OCSP_INVALID_STATUS; @@ -204,11 +208,27 @@ static int GetOcspStatus(WOLFSSL_OCSP* ocsp, OcspRequest* request, && !XMEMCMP((*status)->serial, request->serial, (*status)->serialSz)) break; - if (*status) { + if (responseBuffer && *status && !(*status)->rawOcspResponse) { + /* force fetching again */ + ret = OCSP_INVALID_STATUS; + } + else if (*status) { if (ValidateDate((*status)->thisDate, (*status)->thisDateFormat, BEFORE) && ((*status)->nextDate[0] != 0) && ValidateDate((*status)->nextDate, (*status)->nextDateFormat, AFTER)) ret = xstat2err((*status)->status); + + if (responseBuffer) { + responseBuffer->buffer = (byte*)XMALLOC( + (*status)->rawOcspResponseSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + if (responseBuffer->buffer) { + responseBuffer->length = (*status)->rawOcspResponseSz; + XMEMCPY(responseBuffer->buffer, + (*status)->rawOcspResponse, + (*status)->rawOcspResponseSz); + } + } } UnLockMutex(&ocsp->ocspLock); @@ -216,16 +236,18 @@ static int GetOcspStatus(WOLFSSL_OCSP* ocsp, OcspRequest* request, return ret; } -int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest) +int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest, + void* encodedResponse) { - OcspEntry* entry = NULL; - CertStatus* status = NULL; - byte* request = NULL; - int requestSz = 2048; - byte* response = NULL; - const char* url; - int urlSz; - int ret = -1; + OcspEntry* entry = NULL; + CertStatus* status = NULL; + byte* request = NULL; + int requestSz = 2048; + byte* response = NULL; + buffer* responseBuffer = (buffer*) encodedResponse; + const char* url = NULL; + int urlSz = 0; + int ret = -1; #ifdef WOLFSSL_SMALL_STACK CertStatus* newStatus; @@ -237,11 +259,16 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest) WOLFSSL_ENTER("CheckOcspRequest"); + if (responseBuffer) { + responseBuffer->buffer = NULL; + responseBuffer->length = 0; + } + ret = GetOcspEntry(ocsp, ocspRequest, &entry); if (ret != 0) return ret; - ret = GetOcspStatus(ocsp, ocspRequest, entry, &status); + ret = GetOcspStatus(ocsp, ocspRequest, entry, &status, responseBuffer); if (ret != OCSP_INVALID_STATUS) return ret; @@ -300,14 +327,29 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest) ret = OCSP_LOOKUP_FAIL; else { if (CompareOcspReqResp(ocspRequest, ocspResponse) == 0) { + if (responseBuffer) { + responseBuffer->buffer = (byte*)XMALLOC(ret, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + + if (responseBuffer->buffer) { + responseBuffer->length = ret; + XMEMCPY(responseBuffer->buffer, response, ret); + } + } + ret = xstat2err(ocspResponse->status->status); if (LockMutex(&ocsp->ocspLock) != 0) ret = BAD_MUTEX_E; else { - if (status != NULL) + if (status != NULL) { + if (status->rawOcspResponse) + XFREE(status->rawOcspResponse, NULL, + DYNAMIC_TYPE_OCSP_STATUS); + /* Replace existing certificate entry with updated */ XMEMCPY(status, newStatus, sizeof(CertStatus)); + } else { /* Save new certificate entry */ status = (CertStatus*)XMALLOC(sizeof(CertStatus), @@ -320,6 +362,19 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest) } } + if (responseBuffer && responseBuffer->buffer) { + status->rawOcspResponse = (byte*)XMALLOC( + responseBuffer->length, NULL, + DYNAMIC_TYPE_OCSP_STATUS); + + if (status->rawOcspResponse) { + status->rawOcspResponseSz = responseBuffer->length; + XMEMCPY(status->rawOcspResponse, + responseBuffer->buffer, + responseBuffer->length); + } + } + UnLockMutex(&ocsp->ocspLock); } } diff --git a/src/ssl.c b/src/ssl.c index 1473748b0..38c7d7ea7 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -1643,6 +1643,10 @@ void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER* cm) #ifdef HAVE_OCSP if (cm->ocsp) FreeOCSP(cm->ocsp, 1); + #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) + if (cm->ocsp_stapling) + FreeOCSP(cm->ocsp_stapling, 1); + #endif #endif FreeSignerTable(cm->caTable, CA_TABLE_SIZE, NULL); FreeMutex(&cm->caLock); @@ -3460,6 +3464,42 @@ int wolfSSL_CertManagerDisableOCSP(WOLFSSL_CERT_MANAGER* cm) return SSL_SUCCESS; } +/* turn on OCSP Stapling if off and compiled in, set options */ +int wolfSSL_CertManagerEnableOCSPStapling(WOLFSSL_CERT_MANAGER* cm) +{ + int ret = SSL_SUCCESS; + + WOLFSSL_ENTER("wolfSSL_CertManagerEnableOCSPStapling"); + if (cm == NULL) + return BAD_FUNC_ARG; + + #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) + if (cm->ocsp_stapling == NULL) { + cm->ocsp_stapling = (WOLFSSL_OCSP*)XMALLOC(sizeof(WOLFSSL_OCSP), + cm->heap, DYNAMIC_TYPE_OCSP); + if (cm->ocsp_stapling == NULL) + return MEMORY_E; + + if (InitOCSP(cm->ocsp_stapling, cm) != 0) { + WOLFSSL_MSG("Init OCSP failed"); + FreeOCSP(cm->ocsp_stapling, 1); + cm->ocsp_stapling = NULL; + return SSL_FAILURE; + } + } + cm->ocspStaplingEnabled = 1; + + #ifndef WOLFSSL_USER_IO + cm->ocspIOCb = EmbedOcspLookup; + cm->ocspRespFreeCb = EmbedOcspRespFree; + #endif /* WOLFSSL_USER_IO */ + #else + ret = NOT_COMPILED_IN; + #endif + + return ret; +} + #ifdef HAVE_OCSP @@ -3494,7 +3534,7 @@ int wolfSSL_CertManagerCheckOCSP(WOLFSSL_CERT_MANAGER* cm, byte* der, int sz) if ((ret = ParseCertRelative(cert, CERT_TYPE, NO_VERIFY, cm)) != 0) { WOLFSSL_MSG("ParseCert failed"); } - else if ((ret = CheckCertOCSP(cm->ocsp, cert)) != 0) { + else if ((ret = CheckCertOCSP(cm->ocsp, cert, NULL)) != 0) { WOLFSSL_MSG("CheckCertOCSP failed"); } @@ -3629,6 +3669,16 @@ int wolfSSL_CTX_SetOCSP_Cb(WOLFSSL_CTX* ctx, CbOCSPIO ioCb, return BAD_FUNC_ARG; } +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) +int wolfSSL_CTX_EnableOCSPStapling(WOLFSSL_CTX* ctx) +{ + WOLFSSL_ENTER("wolfSSL_CTX_EnableOCSPStapling"); + if (ctx) + return wolfSSL_CertManagerEnableOCSPStapling(ctx->cm); + else + return BAD_FUNC_ARG; +} +#endif #endif /* HAVE_OCSP */ @@ -6132,6 +6182,15 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, WOLFSSL_MSG("accept state CERT_SENT"); case CERT_SENT : + if (!ssl->options.resuming) + if ( (ssl->error = SendCertificateStatus(ssl)) != 0) { + WOLFSSL_ERROR(ssl->error); + return SSL_FATAL_ERROR; + } + ssl->options.acceptState = CERT_STATUS_SENT; + WOLFSSL_MSG("accept state CERT_STATUS_SENT"); + + case CERT_STATUS_SENT : if (!ssl->options.resuming) if ( (ssl->error = SendServerKeyExchange(ssl)) != 0) { WOLFSSL_ERROR(ssl->error); diff --git a/src/tls.c b/src/tls.c index 619f96856..652c6dabf 100644 --- a/src/tls.c +++ b/src/tls.c @@ -1891,11 +1891,6 @@ int TLSX_UseTruncatedHMAC(TLSX** extensions) #ifdef HAVE_CERTIFICATE_STATUS_REQUEST -#ifndef HAVE_OCSP -#error Status Request Extension requires OCSP. \ - Use --enable-ocsp in the configure script or define HAVE_OCSP. -#endif - static void TLSX_CSR_Free(CertificateStatusRequest* csr) { switch (csr->status_type) { @@ -1972,7 +1967,7 @@ static word16 TLSX_CSR_Write(CertificateStatusRequest* csr, byte* output, static int TLSX_CSR_Parse(WOLFSSL* ssl, byte* input, word16 length, byte isRequest) { - int ret = 0; + int ret; /* shut up compiler warnings */ (void) ssl; (void) input; @@ -2019,8 +2014,56 @@ static int TLSX_CSR_Parse(WOLFSSL* ssl, byte* input, word16 length, return length ? BUFFER_ERROR : 0; /* extension_data MUST be empty. */ #endif } + else { +#ifndef NO_WOLFSSL_SERVER + byte status_type; + word16 offset = 0; + word16 size = 0; - return ret; + if (length < ENUM_LEN) + return BUFFER_ERROR; + + status_type = input[offset++]; + + switch (status_type) { + case WOLFSSL_CSR_OCSP: { + + /* skip responder_id_list */ + if (length - offset < OPAQUE16_LEN) + return BUFFER_ERROR; + + ato16(input + offset, &size); + offset += OPAQUE16_LEN + size; + + /* skip request_extensions */ + if (length - offset < OPAQUE16_LEN) + return BUFFER_ERROR; + + ato16(input + offset, &size); + offset += OPAQUE16_LEN + size; + + if (offset > length) + return BUFFER_ERROR; + + /* is able to send OCSP response? */ + if (ssl->ctx->cm == NULL || !ssl->ctx->cm->ocspStaplingEnabled) + return 0; + } + break; + } + + ret = TLSX_UseCertificateStatusRequest(&ssl->extensions, status_type, + 0); + if (ret != SSL_SUCCESS) + return ret; /* throw error */ + + TLSX_SetResponse(ssl, TLSX_STATUS_REQUEST); + ssl->status_request = status_type; + +#endif + } + + return 0; } int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert) @@ -2078,7 +2121,7 @@ int TLSX_CSR_ForceRequest(WOLFSSL* ssl) case WOLFSSL_CSR_OCSP: if (ssl->ctx->cm->ocspEnabled) return CheckOcspRequest(ssl->ctx->cm->ocsp, - &csr->request.ocsp); + &csr->request.ocsp, NULL); else return OCSP_LOOKUP_FAIL; } diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 88073abd2..935574ac7 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -8776,20 +8776,13 @@ void InitOcspResponse(OcspResponse* resp, CertStatus* status, { WOLFSSL_ENTER("InitOcspResponse"); + XMEMSET(status, 0, sizeof(CertStatus)); + XMEMSET(resp, 0, sizeof(OcspResponse)); + resp->responseStatus = -1; - resp->response = NULL; - resp->responseSz = 0; - resp->producedDateFormat = 0; - resp->issuerHash = NULL; - resp->issuerKeyHash = NULL; - resp->sig = NULL; - resp->sigSz = 0; - resp->sigOID = 0; - resp->status = status; - resp->nonce = NULL; - resp->nonceSz = 0; - resp->source = source; - resp->maxIdx = inSz; + resp->status = status; + resp->source = source; + resp->maxIdx = inSz; } diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 76f7f108a..ead5aae36 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -1361,22 +1361,26 @@ struct WOLFSSL_CRL { /* wolfSSL Certificate Manager */ struct WOLFSSL_CERT_MANAGER { Signer* caTable[CA_TABLE_SIZE]; /* the CA signer table */ - void* heap; /* heap helper */ - WOLFSSL_CRL* crl; /* CRL checker */ - WOLFSSL_OCSP* ocsp; /* OCSP checker */ - char* ocspOverrideURL; /* use this responder */ - void* ocspIOCtx; /* I/O callback CTX */ - CallbackCACache caCacheCallback; /* CA cache addition callback */ - CbMissingCRL cbMissingCRL; /* notify through cb of missing crl */ - CbOCSPIO ocspIOCb; /* I/O callback for OCSP lookup */ - CbOCSPRespFree ocspRespFreeCb; /* Frees OCSP Response from IO Cb */ - wolfSSL_Mutex caLock; /* CA list lock */ - byte crlEnabled; /* is CRL on ? */ - byte crlCheckAll; /* always leaf, but all ? */ - byte ocspEnabled; /* is OCSP on ? */ - byte ocspCheckAll; /* always leaf, but all ? */ - byte ocspSendNonce; /* send the OCSP nonce ? */ - byte ocspUseOverrideURL; /* ignore cert's responder, override */ + void* heap; /* heap helper */ + WOLFSSL_CRL* crl; /* CRL checker */ + WOLFSSL_OCSP* ocsp; /* OCSP checker */ +#if !defined(NO_WOLFSSL_SEVER) && defined(HAVE_CERTIFICATE_STATUS_REQUEST) + WOLFSSL_OCSP* ocsp_stapling; /* OCSP checker for OCSP stapling */ +#endif + char* ocspOverrideURL; /* use this responder */ + void* ocspIOCtx; /* I/O callback CTX */ + CallbackCACache caCacheCallback; /* CA cache addition callback */ + CbMissingCRL cbMissingCRL; /* notify through cb of missing crl */ + CbOCSPIO ocspIOCb; /* I/O callback for OCSP lookup */ + CbOCSPRespFree ocspRespFreeCb; /* Frees OCSP Response from IO Cb */ + wolfSSL_Mutex caLock; /* CA list lock */ + byte crlEnabled; /* is CRL on ? */ + byte crlCheckAll; /* always leaf, but all ? */ + byte ocspEnabled; /* is OCSP on ? */ + byte ocspCheckAll; /* always leaf, but all ? */ + byte ocspSendNonce; /* send the OCSP nonce ? */ + byte ocspUseOverrideURL; /* ignore cert's responder, override */ + byte ocspStaplingEnabled; /* is OCSP Stapling on ? */ }; WOLFSSL_LOCAL int CM_SaveCertCache(WOLFSSL_CERT_MANAGER*, const char*); @@ -2033,6 +2037,7 @@ enum AcceptState { ACCEPT_FIRST_REPLY_DONE, SERVER_HELLO_SENT, CERT_SENT, + CERT_STATUS_SENT, KEY_EXCHANGE_SENT, CERT_REQ_SENT, SERVER_HELLO_DONE, @@ -2640,6 +2645,7 @@ WOLFSSL_LOCAL int DoClientTicket(WOLFSSL*, const byte*, word32); WOLFSSL_LOCAL int SendData(WOLFSSL*, const void*, int); WOLFSSL_LOCAL int SendCertificate(WOLFSSL*); WOLFSSL_LOCAL int SendCertificateRequest(WOLFSSL*); +WOLFSSL_LOCAL int SendCertificateStatus(WOLFSSL*); WOLFSSL_LOCAL int SendServerKeyExchange(WOLFSSL*); WOLFSSL_LOCAL int SendBuffered(WOLFSSL*); WOLFSSL_LOCAL int ReceiveData(WOLFSSL*, byte*, int, int); diff --git a/wolfssl/ocsp.h b/wolfssl/ocsp.h index dc76ca16e..8d05c26d0 100644 --- a/wolfssl/ocsp.h +++ b/wolfssl/ocsp.h @@ -39,9 +39,9 @@ typedef struct WOLFSSL_OCSP WOLFSSL_OCSP; WOLFSSL_LOCAL int InitOCSP(WOLFSSL_OCSP*, WOLFSSL_CERT_MANAGER*); WOLFSSL_LOCAL void FreeOCSP(WOLFSSL_OCSP*, int dynamic); -WOLFSSL_LOCAL int CheckCertOCSP(WOLFSSL_OCSP*, DecodedCert*); +WOLFSSL_LOCAL int CheckCertOCSP(WOLFSSL_OCSP*, DecodedCert*, void*); WOLFSSL_LOCAL int CheckOcspRequest(WOLFSSL_OCSP* ocsp, - OcspRequest* ocspRequest); + OcspRequest* ocspRequest, void*); #ifdef __cplusplus } /* extern "C" */ diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 5a30c8c81..415b4bd60 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1269,6 +1269,9 @@ WOLFSSL_API void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_CertManagerSetOCSP_Cb(WOLFSSL_CERT_MANAGER*, CbOCSPIO, CbOCSPRespFree, void*); + WOLFSSL_API int wolfSSL_CertManagerEnableOCSPStapling( + WOLFSSL_CERT_MANAGER* cm); + WOLFSSL_API int wolfSSL_EnableCRL(WOLFSSL* ssl, int options); WOLFSSL_API int wolfSSL_DisableCRL(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_LoadCRL(WOLFSSL*, const char*, int, int); @@ -1287,6 +1290,8 @@ WOLFSSL_API void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_CTX_SetOCSP_OverrideURL(WOLFSSL_CTX*, const char*); WOLFSSL_API int wolfSSL_CTX_SetOCSP_Cb(WOLFSSL_CTX*, CbOCSPIO, CbOCSPRespFree, void*); + + WOLFSSL_API int wolfSSL_CTX_EnableOCSPStapling(WOLFSSL_CTX*); #endif /* !NO_CERTS */ /* end of handshake frees temporary arrays, if user needs for get_keys or diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 339680ca2..e3fd7a569 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -675,6 +675,9 @@ struct CertStatus { byte nextDate[MAX_DATE_SIZE]; byte thisDateFormat; byte nextDateFormat; + + byte* rawOcspResponse; + word32 rawOcspResponseSz; }; From 12802f40c5744697eb70fa049f815e1562773662 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Sun, 15 Nov 2015 14:37:24 -0300 Subject: [PATCH 02/22] finishes SendCertificateStatus(); sending the stored status; --- src/internal.c | 92 ++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 81 insertions(+), 11 deletions(-) diff --git a/src/internal.c b/src/internal.c index 057e4c9f4..08debae7e 100644 --- a/src/internal.c +++ b/src/internal.c @@ -8143,6 +8143,78 @@ int SendCertificateRequest(WOLFSSL* ssl) } +#ifdef HAVE_CERTIFICATE_STATUS_REQUEST +static int BuildCertificateStatus(WOLFSSL* ssl, byte type, buffer status) +{ + byte* output = NULL; + word32 idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; + word32 length = ENUM_LEN + OPAQUE24_LEN + status.length; + int sendSz = idx + length; + int ret = 0; + + WOLFSSL_ENTER("BuildCertificateStatus"); + + if (ssl->keys.encryptionOn) + sendSz += MAX_MSG_EXTRA; + + if ((ret = CheckAvailableSize(ssl, sendSz)) == 0) { + output = ssl->buffers.outputBuffer.buffer + + ssl->buffers.outputBuffer.length; + + AddHeaders(output, length, certificate_status, ssl); + + output[idx++] = type; + + c32to24(status.length, output + idx); + idx += OPAQUE24_LEN; + + XMEMCPY(output + idx, status.buffer, status.length); + idx += status.length; + + if (ssl->keys.encryptionOn) { + byte* input; + int inputSz = idx - RECORD_HEADER_SZ; + + input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (input == NULL) + return MEMORY_E; + + XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz); + sendSz = BuildMessage(ssl, output, sendSz, input,inputSz,handshake); + XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + + if (sendSz < 0) + ret = sendSz; + } + else + ret = HashOutput(ssl, output, sendSz, 0); + + #ifdef WOLFSSL_DTLS + if (ret == 0 && ssl->options.dtls) + ret = DtlsPoolSave(ssl, output, sendSz)); + #endif + + #ifdef WOLFSSL_CALLBACKS + if (ret == 0 && ssl->hsInfoOn) + AddPacketName("CertificateStatus", &ssl->handShakeInfo); + if (ret == 0 && ssl->toInfoOn) + AddPacketInfo("CertificateStatus", &ssl->timeoutInfo, output, + sendSz, ssl->heap); + #endif + + if (ret == 0) { + ssl->buffers.outputBuffer.length += sendSz; + if (!ssl->options.groupMessages) + ret = SendBuffered(ssl); + } + } + + WOLFSSL_LEAVE("BuildCertificateStatus", ret); + return ret; +} +#endif + + int SendCertificateStatus(WOLFSSL* ssl) { int ret = 0; @@ -8182,7 +8254,7 @@ int SendCertificateStatus(WOLFSSL* ssl) InitDecodedCert(cert, der.buffer, der.length, NULL); - if ((ret = ParseCertRelative(cert, CERT_TYPE, NO_VERIFY, + if ((ret = ParseCertRelative(cert, CERT_TYPE, VERIFY, ssl->ctx->cm)) != 0) { WOLFSSL_MSG("ParseCert failed"); } @@ -8190,20 +8262,18 @@ int SendCertificateStatus(WOLFSSL* ssl) ret = CheckCertOCSP(ssl->ctx->cm->ocsp_stapling, cert, &response); + /* Suppressing, not critical */ + if (ret == OCSP_CERT_REVOKED + || ret == OCSP_CERT_UNKNOWN + || ret == OCSP_LOOKUP_FAIL) + ret = 0; + if (response.buffer) { - if (ret == OCSP_CERT_REVOKED || ret == OCSP_CERT_UNKNOWN) { - ret = 0; /* Forward status to client */ - } - - if (ret == 0) { - - } + if (ret == 0) + ret = BuildCertificateStatus(ssl,status_type, response); XFREE(response.buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER); } - - if (ret == OCSP_LOOKUP_FAIL) - ret = 0; /* Suppressing, not critical */ } FreeDecodedCert(cert); From 24907fc818c2ba29a82e18e7c353c68cf88b459b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Sun, 15 Nov 2015 18:43:29 -0300 Subject: [PATCH 03/22] adds buffer logging; --- wolfcrypt/src/logging.c | 38 +++++++++++++++++++++++++++++++++++++ wolfssl/wolfcrypt/logging.h | 2 ++ 2 files changed, 40 insertions(+) diff --git a/wolfcrypt/src/logging.c b/wolfcrypt/src/logging.c index fb90c6dcc..2156b1f43 100644 --- a/wolfcrypt/src/logging.c +++ b/wolfcrypt/src/logging.c @@ -136,6 +136,44 @@ void WOLFSSL_MSG(const char* msg) } +void WOLFSSL_BUFFER(byte* buffer, word32 length) +{ + #define LINE_LEN 16 + + if (loggingEnabled) { + word32 i; + char line[80]; + + if (!buffer) { + wolfssl_log(INFO_LOG, "\tNULL"); + + return; + } + + sprintf(line, "\t"); + + for (i = 0; i < LINE_LEN; i++) { + if (i < length) + sprintf(line + 1 + i * 3,"%02x ", buffer[i]); + else + sprintf(line + 1 + i * 3, " "); + } + + sprintf(line + 1 + LINE_LEN * 3, "| "); + + for (i = 0; i < LINE_LEN; i++) + if (i < length) + sprintf(line + 3 + LINE_LEN * 3 + i, + "%c", 31 < buffer[i] && buffer[i] < 127 ? buffer[i] : '.'); + + wolfssl_log(INFO_LOG, line); + + if (length > LINE_LEN) + WOLFSSL_BUFFER(buffer + LINE_LEN, length - LINE_LEN); + } +} + + void WOLFSSL_ENTER(const char* msg) { if (loggingEnabled) { diff --git a/wolfssl/wolfcrypt/logging.h b/wolfssl/wolfcrypt/logging.h index 2e604080d..03681412d 100644 --- a/wolfssl/wolfcrypt/logging.h +++ b/wolfssl/wolfcrypt/logging.h @@ -56,6 +56,7 @@ WOLFSSL_API int wolfSSL_SetLoggingCb(wolfSSL_Logging_cb log_function); void WOLFSSL_ERROR(int); void WOLFSSL_MSG(const char* msg); + void WOLFSSL_BUFFER(byte* buffer, word32 length); #else /* DEBUG_WOLFSSL */ @@ -65,6 +66,7 @@ WOLFSSL_API int wolfSSL_SetLoggingCb(wolfSSL_Logging_cb log_function); #define WOLFSSL_ERROR(e) #define WOLFSSL_MSG(m) + #define WOLFSSL_BUFFER(b, l) #endif /* DEBUG_WOLFSSL */ From 6d6ca56e4e571ce494cf1b048c84ad0dc25a65a9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Mon, 16 Nov 2015 15:31:50 -0300 Subject: [PATCH 04/22] fixes SendCertificateStatus() loading the CA in the server side to build the OCSP request properly. --- examples/server/server.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/examples/server/server.c b/examples/server/server.c index 9e7dd230a..56a0c680d 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -726,7 +726,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) } #endif #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) - wolfSSL_CTX_EnableOCSPStapling(ctx); + if (wolfSSL_CTX_EnableOCSPStapling(ctx) != SSL_SUCCESS) + err_sys("can't enable OCSP Stapling Certificate Manager"); + if (SSL_CTX_load_verify_locations(ctx, caCert, 0) != SSL_SUCCESS) + err_sys("can't load ca file, Please run from wolfSSL home dir"); #endif #ifdef HAVE_PK_CALLBACKS if (pkCallbacks) From 5e4955f689198443bd01e743d413302821d9b424 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Mon, 16 Nov 2015 16:03:48 -0300 Subject: [PATCH 05/22] reuse OcspRequest data in ocsp stapling; --- src/internal.c | 80 ++++++++++++++++++++++++++++++++++------------ wolfssl/internal.h | 3 ++ 2 files changed, 63 insertions(+), 20 deletions(-) diff --git a/src/internal.c b/src/internal.c index 08debae7e..c7fcd29c7 100644 --- a/src/internal.c +++ b/src/internal.c @@ -542,6 +542,13 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx) #endif #ifdef HAVE_TLS_EXTENSIONS TLSX_FreeAll(ctx->extensions); + + #ifdef HAVE_CERTIFICATE_STATUS_REQUEST + if (ctx->certOcspRequest) { + FreeOcspRequest(ctx->certOcspRequest); + XFREE(ctx->certOcspRequest, NULL, DYNAMIC_TYPE_OCSP_REQUEST); + } + #endif #endif } @@ -8231,35 +8238,69 @@ int SendCertificateStatus(WOLFSSL* ssl) switch (status_type) { #if defined HAVE_CERTIFICATE_STATUS_REQUEST case WOLFSSL_CSR_OCSP: { + OcspRequest* request = ssl->ctx->certOcspRequest; buffer response = {NULL, 0}; - buffer der = ssl->buffers.certificate; -#ifdef WOLFSSL_SMALL_STACK - DecodedCert* cert = NULL; -#else - DecodedCert cert[1]; -#endif /* unable to fetch status. skip. */ if (ssl->ctx->cm == NULL || ssl->ctx->cm->ocspStaplingEnabled == 0) return 0; - if (der.buffer == NULL || der.length == 0) - return 0; + + if (!request || ssl->buffers.weOwnCert) { + buffer der = ssl->buffers.certificate; + #ifdef WOLFSSL_SMALL_STACK + DecodedCert* cert = NULL; + #else + DecodedCert cert[1]; + #endif + + /* unable to fetch status. skip. */ + if (der.buffer == NULL || der.length == 0) + return 0; #ifdef WOLFSSL_SMALL_STACK - cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, + cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (cert == NULL) - return MEMORY_E; + if (cert == NULL) + return MEMORY_E; #endif - InitDecodedCert(cert, der.buffer, der.length, NULL); + InitDecodedCert(cert, der.buffer, der.length, NULL); - if ((ret = ParseCertRelative(cert, CERT_TYPE, VERIFY, + if ((ret = ParseCertRelative(cert, CERT_TYPE, VERIFY, ssl->ctx->cm)) != 0) { - WOLFSSL_MSG("ParseCert failed"); + WOLFSSL_MSG("ParseCert failed"); + } + else { + request = (OcspRequest*)XMALLOC(sizeof(OcspRequest), NULL, + DYNAMIC_TYPE_OCSP_REQUEST); + if (request == NULL) { + FreeDecodedCert(cert); +#ifdef WOLFSSL_SMALL_STACK + XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return MEMORY_E; + } + + ret = InitOcspRequest(request, cert, 0); + if (ret != 0) { + XFREE(request, NULL, DYNAMIC_TYPE_OCSP_REQUEST); + } + else if (!ssl->buffers.weOwnCert && 0 == LockMutex( + &ssl->ctx->cm->ocsp_stapling->ocspLock)) { + if (!ssl->ctx->certOcspRequest) + ssl->ctx->certOcspRequest = request; + UnLockMutex(&ssl->ctx->cm->ocsp_stapling->ocspLock); + } + } + + FreeDecodedCert(cert); +#ifdef WOLFSSL_SMALL_STACK + XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif } - else { - ret = CheckCertOCSP(ssl->ctx->cm->ocsp_stapling, cert, + + if (ret == 0) { + ret = CheckOcspRequest(ssl->ctx->cm->ocsp_stapling, request, &response); /* Suppressing, not critical */ @@ -8274,12 +8315,11 @@ int SendCertificateStatus(WOLFSSL* ssl) XFREE(response.buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER); } + } - FreeDecodedCert(cert); -#ifdef WOLFSSL_SMALL_STACK - XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER); -#endif + if (request != ssl->ctx->certOcspRequest) + XFREE(request, NULL, DYNAMIC_TYPE_OCSP_REQUEST); } break; #endif diff --git a/wolfssl/internal.h b/wolfssl/internal.h index ead5aae36..a553bddba 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -1769,6 +1769,9 @@ struct WOLFSSL_CTX { #endif #ifdef HAVE_TLS_EXTENSIONS TLSX* extensions; /* RFC 6066 TLS Extensions data */ + #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) && !defined(NO_WOLFSSL_SERVER) + OcspRequest* certOcspRequest; + #endif #if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SEVER) SessionTicketEncCb ticketEncCb; /* enc/dec session ticket Cb */ void* ticketEncCtx; /* session encrypt context */ From 60b1a0c8be0b4c60a8cd260501bbd836156962dd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Mon, 16 Nov 2015 16:16:48 -0300 Subject: [PATCH 06/22] fixes scan-build warnings --- src/ocsp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ocsp.c b/src/ocsp.c index f503d5b9c..7852c2bcb 100644 --- a/src/ocsp.c +++ b/src/ocsp.c @@ -362,7 +362,7 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest, } } - if (responseBuffer && responseBuffer->buffer) { + if (status && responseBuffer && responseBuffer->buffer) { status->rawOcspResponse = (byte*)XMALLOC( responseBuffer->length, NULL, DYNAMIC_TYPE_OCSP_STATUS); From aaad9787db214216242de3cfcd62f1217e3642c8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Mon, 23 Nov 2015 09:19:33 -0300 Subject: [PATCH 07/22] updates box version to trusty64; fixes provisioning errors; --- Vagrantfile | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/Vagrantfile b/Vagrantfile index aef42caf7..ddf37ce83 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -17,10 +17,10 @@ cd $LIB.$VER/ && ./autogen.sh && ./configure -q && make -s sudo make install && cd .. && rm -rf $LIB.$VER* -SRC=vagrant DST=wolfssl -cp -rp /$SRC/ $DST/ +cp -rp /vagrant/ $DST/ +chown -hR vagrant:vagrant $DST/ echo "cd $DST" >> .bashrc echo "read -p 'Sync $DST? (y/n) ' -n 1 -r" >> .bashrc @@ -30,20 +30,13 @@ echo " echo -e '\e[0;32mRunning $DST sync\e[0m'" >> .bashrc echo " ./pull_to_vagrant.sh" >> .bashrc echo "fi" >> .bashrc -cd $DST -./autogen.sh -./configure -make check - -cd .. -chown -hR vagrant:vagrant $DST/ /tmp/output SCRIPT VAGRANTFILE_API_VERSION = "2" Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| - config.vm.box = "hashicorp/precise64" + config.vm.box = "ubuntu/trusty64" config.vm.provision "shell", inline: $setup config.vm.network "forwarded_port", guest: 11111, host: 33333 From 51f5ded392c3cd59a16055b623da0f0ed9f942ae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Mon, 23 Nov 2015 09:33:49 -0300 Subject: [PATCH 08/22] adds config to generate ocsp certs --- certs/ocsp/ocsp-key.pem | 27 +++++++++++++++++++++++++++ certs/renewcerts.sh | 21 +++++++++++++++++++-- certs/renewcerts/wolfssl.cnf | 15 ++++++++++++--- 3 files changed, 58 insertions(+), 5 deletions(-) create mode 100644 certs/ocsp/ocsp-key.pem diff --git a/certs/ocsp/ocsp-key.pem b/certs/ocsp/ocsp-key.pem new file mode 100644 index 000000000..61c5616a9 --- /dev/null +++ b/certs/ocsp/ocsp-key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAuLojtPbDexTDpPUdYaH1HmO5hSM0UG34fKKKBIvVdVwt92OI +0Qd66gtFNSvrH7EitJRBOOKddNaLMCIQUcXbyj9GK/7lWj9BdGd1lamU1cPuQviN +65KV4dllt0PEGN4WgJDOJDUhxFWsWlHgLi2zClpPSnMxUO5KFr05i60FSIexmeIQ +pwZyZ8pc0Ze9yPF2+OBK7LyT9GZMKHHR2GYDtJAwuxew/pf1HujHXZuLERkSPKuC +cXj/rj8ysghxshuMJ6wRuNhDSc+wcLHwjK7aJIcXO9gEZWwAdlDvFQjXtHNoJhSH +lcNfbmG4h4T6gBoKi5jz4/9ORBxldHxxVGXlOQIDAQABAoIBAGI2tR1VxYD+/TYL +DGAIV+acZtqeaQYKMf8x++eG4SrQo6/QP8HDFFqzO0yV2SC0cRtJZ5PzCHxCRSaG +Nd8EL2NMWOazUwW0c/yLtTypOPSeg2Mf+3SwLvgxOZ9CbFQ8YAJi+vbNOPLGCijL +N0HWEkcC1P1kWWgKCWIloR7eEt0IQOb5PPSCu3buq/rForb6qUf+L+ESpWed6bnc +uhIrHDuQ/PopW05fW1r61zI286wKdLRyatQsljNqPvVdFVhtCKqCqMHdIzMg2cbh +q9DJMWc/KLjzBk6YPMZKm/4k4RXj+IwS+iITbpUNrhYj2TMevBMPW3AIRobD823D +ehQv+rECgYEA3CWL+G9zJ5PXRDAdQ69lN+CE/Uf9444CN5idMO+qRQ+QE8hWYT/U +PFH/aUgd1k3WJZseR/GTWx29VsRPSDWZXzwzLfUNKnqvp0b2oZe/EdYiRSo8OCPp +kF07HbTKe4Cyma7HdgDkNkS+UW5JujnuLcuee+wTq6xU0289juwFBc8CgYEA1s/d +VtwXqBf3qMxfi+eMa77fqxptAFGtZNKNkYwX42Ow6Hehj8EnoPqYEF+9MzKn/BFh +ROnQ76axKBN8mkRUjpv7d2+zMlDnGrWul8q6VrfGiU2P7jd4L6GY/V1MYktnIBsd +Ld/jW8P0FFfI2RIREPWdrATxBhQpTJfXd/7rLncCgYB1wrvyBCQUSrg/KIGvADbj +wf1Bw23jeMZk2QVU9Q8e7ClE+8iBMvSj47T9q28SgQaJjUWQdIA/oFP1AwPp+4n0 +cK5r6gbF72Tg1Uv+ur6hmuswFlyqJ0O8TrLdvCUIFZr0LJNT4zwwb2tjAdz8ehqX +crFvVqRbE884XuwN9ODm7wKBgQDIEnKlI/kkpq4UmcWkGNXAxNauFr7PPUOyVCln +FoRpVcC/xCzGJ7ExTjWzing950BulgFynhPsIeV+3id/x4S6Dq34YCEXDCMzzWQA +HOHRQvm3iHY1+ZQHSQulb/Bk3LYAQUC8KXspTSlYiSqYgytCEIH6Zd/XOY/9tq8J +JHUHoQKBgHYIB2mRCuDK5C3dCspdPVeAUqptK1nnXxWY/MXA6v+M4wFsIxV7Iwg7 +HEjeD5yKH4619syPCFz3jrCxL0oJqVTD2tnrbLf8idEt2eaV/3o2mUGFjvWpTywg +F8DewhrGh6z7FWHp4cMrxpq1hkdi6k+481T1GKBJ1zBSTzskTHQB +-----END RSA PRIVATE KEY----- diff --git a/certs/renewcerts.sh b/certs/renewcerts.sh index ec4e35e47..de8d8e791 100755 --- a/certs/renewcerts.sh +++ b/certs/renewcerts.sh @@ -202,6 +202,23 @@ function run_renewcerts(){ openssl x509 -in server-ecc-comp.pem -text > tmp.pem mv tmp.pem server-ecc-comp.pem + ########################################################### + ########## update and sign ocsp-cert.pem ################## + ########################################################### + echo "Updating ocsp-cert.pem" + echo "" + #pipe the following arguments to openssl req... + echo -e "US\nMontana\nBozeman\nwolfSSL\nSupport\ocsp.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ocsp/ocsp-key.pem -nodes > ocsp-req.pem + + openssl x509 -req -in ocsp-req.pem -extfile wolfssl.cnf -extensions v3_ocsp -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 03 > ocsp/ocsp-cert.pem + + rm ocsp-req.pem + + openssl x509 -in ca-cert.pem -text > ca_tmp.pem + openssl x509 -in ocsp/ocsp-cert.pem -text > ocsp_tmp.pem + mv ocsp_tmp.pem ocsp/ocsp-cert.pem + cat ca_tmp.pem >> ocsp/ocsp-cert.pem + rm ca_tmp.pem ############################################################ ########## make .der files from .pem files ################# ############################################################ @@ -302,7 +319,7 @@ elif [ ! -z "$1" ]; then echo "" echo "" #else the argument was invalid, tell user to use -h or -help - else + else echo "" echo "That is not a valid option." echo "" @@ -328,7 +345,7 @@ else # check options.h a second time, if the user had # ntru installed on their system and in the default - # path location, then it will now be defined, if the + # path location, then it will now be defined, if the # user does not have ntru on their system this will fail # again and we will not update any certs until user installs # ntru in the default location diff --git a/certs/renewcerts/wolfssl.cnf b/certs/renewcerts/wolfssl.cnf index 7decf9ef9..3da804b44 100644 --- a/certs/renewcerts/wolfssl.cnf +++ b/certs/renewcerts/wolfssl.cnf @@ -1,5 +1,5 @@ # -# wolfssl configuration file +# wolfssl configuration file # HOME = . RANDFILE = $ENV::HOME/.rnd @@ -20,7 +20,7 @@ default_ca = CA_default # The default ca section [ CA_default ] #################################################################### -# CHANGE THIS LINE TO BE YOUR WOLFSSL_ROOT DIRECTORY # +# CHANGE THIS LINE TO BE YOUR WOLFSSL_ROOT DIRECTORY # # # dir = $HOME./.. # #################################################################### @@ -124,6 +124,7 @@ authorityKeyIdentifier=keyid,issuer subjectKeyIdentifier=hash authorityKeyIdentifier=keyid:always,issuer:always basicConstraints=CA:true +authorityInfoAccess = OCSP;URI:http://localhost:22222 # Extensions to add to a certificate request [ v3_req ] @@ -140,6 +141,14 @@ basicConstraints = CA:true [ crl_ext ] authorityKeyIdentifier=keyid:always +# OCSP extensions. +[ v3_ocsp ] +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer:always +keyUsage = nonRepudiation, digitalSignature, keyEncipherment +extendedKeyUsage = OCSPSigning +basicConstraints = CA:false + # These extensions should be added when creating a proxy certificate [ proxy_cert_ext ] basicConstraints=CA:FALSE @@ -158,7 +167,7 @@ dir = ./demoCA # directory serial = $dir/tsaserial # (mandatory) crypto_device = builtin # engine signer_cert = $dir/tsacert.pem # certificate -certs = $dir/cacert.pem # chain +certs = $dir/cacert.pem # chain signer_key = $dir/private/tsakey.pem # (optional) default_policy = tsa_policy1 # Policy other_policies = tsa_policy2, tsa_policy3 # (optional) From b820619e6c46ceb0e7e9c3f40389ae04d06b9dae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Mon, 23 Nov 2015 09:56:45 -0300 Subject: [PATCH 09/22] updates certs; adds ocsp certs; --- certs/1024/ca-cert.pem | 54 ++--- certs/1024/client-cert.der | Bin 969 -> 1021 bytes certs/1024/client-cert.pem | 44 ++-- certs/1024/server-cert.pem | 106 ++++----- certs/ca-cert.der | Bin 1198 -> 1252 bytes certs/ca-cert.pem | 71 ++++--- certs/client-cert.der | Bin 1230 -> 1282 bytes certs/client-cert.pem | 62 +++--- certs/client-ecc-cert.der | Bin 780 -> 835 bytes certs/client-ecc-cert.pem | 42 ++-- certs/crl/cliCrl.pem | 50 ++--- certs/crl/crl.pem | 52 ++--- certs/crl/crl.revoked | 58 ++--- certs/crl/eccCliCRL.pem | 22 +- certs/crl/eccSrvCRL.pem | 20 +- certs/ocsp/index.txt | 1 + certs/ocsp/ocsp-cert.pem | 182 ++++++++++++++++ certs/ocsp/ocspd.sh | 8 + certs/server-cert.der | Bin 1186 -> 1240 bytes certs/server-cert.pem | 141 ++++++------ certs/server-ecc-comp.pem | 32 +-- certs/server-ecc-rsa.pem | 70 +++--- certs/server-ecc.pem | 42 ++-- certs/server-revoked-cert.pem | 141 ++++++------ wolfssl/certs_test.h | 389 ++++++++++++++++++---------------- 25 files changed, 930 insertions(+), 657 deletions(-) create mode 100644 certs/ocsp/index.txt create mode 100644 certs/ocsp/ocsp-cert.pem create mode 100755 certs/ocsp/ocspd.sh diff --git a/certs/1024/ca-cert.pem b/certs/1024/ca-cert.pem index 3deb3628c..41136c2c2 100644 --- a/certs/1024/ca-cert.pem +++ b/certs/1024/ca-cert.pem @@ -1,12 +1,12 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: 10323419125573214618 (0x8f4426ffb743e19a) - Signature Algorithm: sha1WithRSAEncryption + Serial Number: 16629652120256878762 (0xe6c8647ee63b98aa) + Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting_1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Sep 23 19:23:38 2015 GMT - Not After : Jun 19 19:23:38 2018 GMT + Not Before: Nov 23 12:49:37 2015 GMT + Not After : Aug 19 12:49:37 2018 GMT Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting_1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -28,38 +28,42 @@ Certificate: X509v3 Authority Key Identifier: keyid:D3:22:8F:28:2C:E0:05:EE:D3:ED:C3:71:3D:C9:B2:36:3A:1D:BF:A8 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting_1024/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:8F:44:26:FF:B7:43:E1:9A + serial:E6:C8:64:7E:E6:3B:98:AA X509v3 Basic Constraints: CA:TRUE - Signature Algorithm: sha1WithRSAEncryption - 0e:46:ac:d8:29:1d:12:12:06:0c:d3:3f:7d:58:2e:0d:11:5e: - 5d:0d:dd:17:c0:0f:aa:01:4d:a4:c4:84:81:6e:64:ae:d1:5d: - 58:cd:19:6a:74:a4:46:2f:c8:43:79:39:c0:91:4b:7c:71:ea: - 4e:63:44:66:15:41:15:de:50:82:e3:e9:d1:55:55:cc:5a:38: - 1e:3a:59:b3:0e:ee:0e:54:4d:93:e7:e0:8e:27:a5:6e:08:b8: - 6a:39:da:2d:47:62:c4:5b:89:c0:48:48:2a:d5:f0:55:74:fd: - a6:b1:68:3c:70:a4:52:24:81:ec:4c:57:e0:e8:18:73:9d:0a: - 4d:d8 + Authority Information Access: + OCSP - URI:http://localhost:22222 + + Signature Algorithm: sha256WithRSAEncryption + 82:53:ec:89:0a:6a:1b:ae:c3:69:fc:22:b5:d7:d2:f4:0b:6d: + 18:72:f5:64:7f:bb:80:57:e3:f3:b2:af:e1:89:47:03:19:dd: + 6f:62:ed:2b:24:d3:a2:77:c0:83:6a:fb:0f:55:93:78:15:4a: + c1:e0:13:f2:65:9c:7a:8c:6c:98:57:f0:44:9d:3a:9e:6a:30: + 08:9f:33:ce:0d:7e:86:6f:ef:0e:34:41:b9:c6:1d:34:c6:28: + 1e:f9:81:be:68:3d:77:92:50:c5:f8:2f:4c:aa:db:5f:72:93: + 42:eb:8a:cf:24:a0:d9:25:44:46:8b:ed:de:46:d5:1a:90:e9: + d6:d8 -----BEGIN CERTIFICATE----- -MIIDtTCCAx6gAwIBAgIJAI9EJv+3Q+GaMA0GCSqGSIb3DQEBBQUAMIGZMQswCQYD +MIID6jCCA1OgAwIBAgIJAObIZH7mO5iqMA0GCSqGSIb3DQEBCwUAMIGZMQswCQYD VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G A1UECgwIU2F3dG9vdGgxGDAWBgNVBAsMD0NvbnN1bHRpbmdfMTAyNDEYMBYGA1UE AwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu -Y29tMB4XDTE1MDkyMzE5MjMzOFoXDTE4MDYxOTE5MjMzOFowgZkxCzAJBgNVBAYT +Y29tMB4XDTE1MTEyMzEyNDkzN1oXDTE4MDgxOTEyNDkzN1owgZkxCzAJBgNVBAYT AlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQK DAhTYXd0b290aDEYMBYGA1UECwwPQ29uc3VsdGluZ18xMDI0MRgwFgYDVQQDDA93 d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20w gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM2s3Ufsvrckw2MbVJh54ccxFlnW nXedjeKL7QQXssbr5JuRvjFQYpdYtX8p3rNxJAu/lwl/Jtwt7KgusmQreis1GS2i gMuZ/ZRxGyONVNsuYo2BCC30JHInbPnJjttMdbqbAfg/GPTmf/tXlJLMiMS0AMKq -1OWIGLMRL3PA1ikJAgMBAAGjggEBMIH+MB0GA1UdDgQWBBTTIo8oLOAF7tPtw3E9 -ybI2Oh2/qDCBzgYDVR0jBIHGMIHDgBTTIo8oLOAF7tPtw3E9ybI2Oh2/qKGBn6SB -nDCBmTELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0Jv -emVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRgwFgYDVQQLDA9Db25zdWx0aW5nXzEw -MjQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5m -b0B3b2xmc3NsLmNvbYIJAI9EJv+3Q+GaMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcN -AQEFBQADgYEADkas2CkdEhIGDNM/fVguDRFeXQ3dF8APqgFNpMSEgW5krtFdWM0Z -anSkRi/IQ3k5wJFLfHHqTmNEZhVBFd5QguPp0VVVzFo4HjpZsw7uDlRNk+fgjiel -bgi4ajnaLUdixFuJwEhIKtXwVXT9prFoPHCkUiSB7ExX4OgYc50KTdg= +1OWIGLMRL3PA1ikJAgMBAAGjggE2MIIBMjAdBgNVHQ4EFgQU0yKPKCzgBe7T7cNx +PcmyNjodv6gwgc4GA1UdIwSBxjCBw4AU0yKPKCzgBe7T7cNxPcmyNjodv6ihgZ+k +gZwwgZkxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC +b3plbWFuMREwDwYDVQQKDAhTYXd0b290aDEYMBYGA1UECwwPQ29uc3VsdGluZ18x +MDI0MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGlu +Zm9Ad29sZnNzbC5jb22CCQDmyGR+5juYqjAMBgNVHRMEBTADAQH/MDIGCCsGAQUF +BwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL2xvY2FsaG9zdDoyMjIyMjANBgkq +hkiG9w0BAQsFAAOBgQCCU+yJCmobrsNp/CK119L0C20YcvVkf7uAV+Pzsq/hiUcD +Gd1vYu0rJNOid8CDavsPVZN4FUrB4BPyZZx6jGyYV/BEnTqeajAInzPODX6Gb+8O +NEG5xh00xige+YG+aD13klDF+C9MqttfcpNC64rPJKDZJURGi+3eRtUakOnW2A== -----END CERTIFICATE----- diff --git a/certs/1024/client-cert.der b/certs/1024/client-cert.der index c2bd6df8fe58e67cfaf20cb20bce0bd93a31726b..4d4d69ba88f5d813ee46baaddda891ec90644b00 100644 GIT binary patch delta 314 zcmX@f{+C_Cpo#gXK@)S*0%j&gCMHgX%lBs-X^@xCpD3|S%Fxir*wDzt(%3vooY&C8 zz{1cH%AH)pv~Y4K<5GTWgC<6E16elaP+2|}F_y`ROrn#6n9kM1j4|K=NeQ#C8Za|5 z{x>jU)FR z?K>|cBR4Apb7Lbzq2;f(!y!*+Y<+R~^mP5U{V(?Xetn~Oy2&iD{SP+n-B_?k4+6xk5wPV9XZ8pj=2NziyJ#ugT-u=QNVCBinL8W|RB1@MZ xnQvEo!=iHk_u0O@pI4n*#N3i5a+2|D+tRd!r?Lv;bq)Ju&hR{Qn;FaH0{}DKaTfpp delta 262 zcmey%ev)0npo#gYK@+py0%j&gCMHgX$JZD9D!Z@sYof$9DFagjb3+RwLj%Joab80U z14Cm&D0gxV)56J}j7$014VoC44P@DvLuL6`#8@ULGKo$OVmen3Gsb`iBqhwkYQW6M z_}_q+jZ>@5qwPB{BO^B}19M{|gY5RJH4iu5IFKH@^>WAa0L{YW{xfRw#+;$fvsWLJ z-gBIBs?@L42Y=_h&gbG6d9zjjj*P+Gpy^j+I2nvB;!m#->lfU<<3ifQ5RK3F`?K=P zJhbA%mYi-7ThwGJ}td5@eP&)0| FTL53mWPJbt diff --git a/certs/1024/client-cert.pem b/certs/1024/client-cert.pem index 2f13e8e25..f99471e9d 100644 --- a/certs/1024/client-cert.pem +++ b/certs/1024/client-cert.pem @@ -1,12 +1,12 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: 16417767964199037690 (0xe3d7a0fa76df2afa) + Serial Number: 15267089231539806063 (0xd3df98c4801f1f6f) Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL_1024, OU=Programming-1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: May 7 18:21:01 2015 GMT - Not After : Jan 31 18:21:01 2018 GMT + Not Before: Nov 23 12:49:37 2015 GMT + Not After : Aug 19 12:49:37 2018 GMT Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_1024, OU=Programming-1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -28,39 +28,43 @@ Certificate: X509v3 Authority Key Identifier: keyid:81:69:0F:F8:DF:DD:CF:34:29:D5:67:75:71:85:C7:75:10:69:59:EC DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_1024/OU=Programming-1024/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:E3:D7:A0:FA:76:DF:2A:FA + serial:D3:DF:98:C4:80:1F:1F:6F X509v3 Basic Constraints: CA:TRUE + Authority Information Access: + OCSP - URI:http://localhost:22222 + Signature Algorithm: sha256WithRSAEncryption - 1d:b7:d5:7c:e1:b1:d8:c0:67:5d:b5:d3:88:e7:50:29:71:63: - 8f:cc:26:1f:33:09:55:43:9b:ab:c6:1b:bc:c7:01:95:1a:fa: - 65:e0:fd:9c:eb:6f:0a:0f:14:ec:b5:2f:dc:1c:30:dd:52:97: - d4:1c:09:00:33:38:5f:cb:a8:16:8f:11:b7:b8:d0:66:e1:54: - 28:f3:3f:bf:6a:6f:76:48:2a:5e:56:a7:ce:1c:f0:04:dd:17: - bd:06:78:21:6d:d6:b1:9b:75:31:92:c1:fe:d4:8d:d4:67:2f: - 03:1b:27:8d:ab:ff:30:3b:c3:7f:23:e4:ab:5b:91:e1:1b:66: - e6:ed + 71:39:fa:86:c3:54:e5:98:b5:e8:c3:cb:97:2f:86:bf:e8:bc: + fb:eb:d8:73:97:34:9a:16:bf:e0:b2:bd:be:7d:ff:a0:d7:e6: + db:a3:52:43:41:60:f1:d7:c3:63:c0:9b:e2:b2:28:87:70:60: + 5d:2b:5d:56:15:3c:b1:1e:03:53:72:39:32:e2:47:85:f7:8b: + e8:38:50:a9:c9:d3:52:75:0e:16:14:a5:a5:c4:9f:3e:73:d8: + 38:79:bf:f7:9b:4d:0d:f3:aa:ce:a2:03:84:66:14:c9:01:f5: + 86:a5:66:a1:ca:6a:71:5f:2d:31:8e:1c:cc:0c:e6:46:99:5d: + 0a:4c -----BEGIN CERTIFICATE----- -MIIDxTCCAy6gAwIBAgIJAOPXoPp23yr6MA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD +MIID+TCCA2KgAwIBAgIJANPfmMSAHx9vMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEVMBMG A1UECgwMd29sZlNTTF8xMDI0MRkwFwYDVQQLDBBQcm9ncmFtbWluZy0xMDI0MRgw FgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s -ZnNzbC5jb20wHhcNMTUwNTA3MTgyMTAxWhcNMTgwMTMxMTgyMTAxWjCBnjELMAkG +ZnNzbC5jb20wHhcNMTUxMTIzMTI0OTM3WhcNMTgwODE5MTI0OTM3WjCBnjELMAkG A1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTAT BgNVBAoMDHdvbGZTU0xfMTAyNDEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMTAyNDEY MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv bGZzc2wuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8cw6oSfN0oqnv GKXaVZkh+cjss21I5TU1dXc37NFhkF8+2eTV35TKwanXGdqGyehNxGE2gv6rrX53 JbuNEaW8YjqoOMw5ogRmtPf386raTQIOu16NaUjcd8koDiLpa6Qmukzowf1Kbysf -74qu9pBi5WQe6ys8Z8jcJwD2kWhlqQIDAQABo4IBBzCCAQMwHQYDVR0OBBYEFIFp +74qu9pBi5WQe6ys8Z8jcJwD2kWhlqQIDAQABo4IBOzCCATcwHQYDVR0OBBYEFIFp D/jf3c80KdVndXGFx3UQaVnsMIHTBgNVHSMEgcswgciAFIFpD/jf3c80KdVndXGF x3UQaVnsoYGkpIGhMIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQ MA4GA1UEBwwHQm96ZW1hbjEVMBMGA1UECgwMd29sZlNTTF8xMDI0MRkwFwYDVQQL DBBQcm9ncmFtbWluZy0xMDI0MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAd -BgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CCQDj16D6dt8q+jAMBgNVHRME -BTADAQH/MA0GCSqGSIb3DQEBCwUAA4GBAB231XzhsdjAZ12104jnUClxY4/MJh8z -CVVDm6vGG7zHAZUa+mXg/ZzrbwoPFOy1L9wcMN1Sl9QcCQAzOF/LqBaPEbe40Gbh -VCjzP79qb3ZIKl5Wp84c8ATdF70GeCFt1rGbdTGSwf7UjdRnLwMbJ42r/zA7w38j -5KtbkeEbZubt +BgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CCQDT35jEgB8fbzAMBgNVHRME +BTADAQH/MDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL2xvY2Fs +aG9zdDoyMjIyMjANBgkqhkiG9w0BAQsFAAOBgQBxOfqGw1TlmLXow8uXL4a/6Lz7 +69hzlzSaFr/gsr2+ff+g1+bbo1JDQWDx18NjwJvisiiHcGBdK11WFTyxHgNTcjky +4keF94voOFCpydNSdQ4WFKWlxJ8+c9g4eb/3m00N86rOogOEZhTJAfWGpWahympx +Xy0xjhzMDOZGmV0KTA== -----END CERTIFICATE----- diff --git a/certs/1024/server-cert.pem b/certs/1024/server-cert.pem index f278d2c0f..739d80ed5 100644 --- a/certs/1024/server-cert.pem +++ b/certs/1024/server-cert.pem @@ -2,11 +2,11 @@ Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) - Signature Algorithm: sha1WithRSAEncryption + Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting_1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Sep 23 19:23:38 2015 GMT - Not After : Jun 19 19:23:38 2018 GMT + Not Before: Nov 23 12:49:37 2015 GMT + Not After : Aug 19 12:49:37 2018 GMT Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Support_1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -28,50 +28,54 @@ Certificate: X509v3 Authority Key Identifier: keyid:D3:22:8F:28:2C:E0:05:EE:D3:ED:C3:71:3D:C9:B2:36:3A:1D:BF:A8 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting_1024/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:8F:44:26:FF:B7:43:E1:9A + serial:E6:C8:64:7E:E6:3B:98:AA X509v3 Basic Constraints: CA:TRUE - Signature Algorithm: sha1WithRSAEncryption - 0a:04:c7:9a:c4:f6:46:db:e4:85:d4:22:02:12:3e:53:27:25: - 24:8a:9b:2f:93:7f:de:70:94:c5:6c:4c:26:25:25:7a:d7:0f: - 33:b9:9c:d2:5a:94:7f:8d:30:75:ad:82:c9:bf:4b:6c:91:58: - 7c:45:1a:89:df:8e:ca:31:9f:ab:38:b3:ae:c2:8f:14:87:e6: - 1c:ab:12:4e:df:82:36:c9:41:46:c4:05:95:88:62:09:72:57: - 66:31:80:b8:9c:55:a8:fb:74:01:32:e7:5a:40:df:9b:e4:98: - d7:5b:ea:69:5c:14:1b:9b:8b:08:2d:d9:58:28:be:c9:01:e0: - e1:a9 + Authority Information Access: + OCSP - URI:http://localhost:22222 + + Signature Algorithm: sha256WithRSAEncryption + cb:33:02:ab:da:33:24:83:8f:e8:2b:29:13:94:58:f2:df:69: + 69:0c:2f:79:79:4f:fc:35:fd:a5:75:59:a5:18:74:02:79:50: + 49:2e:3b:16:28:4b:b5:0f:2a:a4:e7:b9:2a:33:50:eb:c4:7c: + b4:a2:af:8d:24:f3:27:48:58:01:ac:c0:5d:7a:90:6a:5b:f7: + 4f:d3:a5:96:24:24:96:47:2c:81:97:3c:03:1c:ad:90:c7:22: + 90:91:67:03:7f:81:51:c7:97:d7:76:85:82:66:1b:f8:03:d9: + ae:1d:b0:a1:20:05:55:68:2b:d7:eb:92:dc:ec:cd:be:c6:c8: + 53:df -----BEGIN CERTIFICATE----- -MIIDqTCCAxKgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBmTELMAkGA1UEBhMCVVMx +MIID3jCCA0egAwIBAgIBATANBgkqhkiG9w0BAQsFADCBmTELMAkGA1UEBhMCVVMx EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh d3Rvb3RoMRgwFgYDVQQLDA9Db25zdWx0aW5nXzEwMjQxGDAWBgNVBAMMD3d3dy53 b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0x -NTA5MjMxOTIzMzhaFw0xODA2MTkxOTIzMzhaMIGVMQswCQYDVQQGEwJVUzEQMA4G +NTExMjMxMjQ5MzdaFw0xODA4MTkxMjQ5MzdaMIGVMQswCQYDVQQGEwJVUzEQMA4G A1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEQMA4GA1UECgwHd29sZlNT TDEVMBMGA1UECwwMU3VwcG9ydF8xMDI0MRgwFgYDVQQDDA93d3cud29sZnNzbC5j b20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wgZ8wDQYJKoZIhvcN AQEBBQADgY0AMIGJAoGBAKo+pZzTF0llQ97Q80sc20kM/HplBW3easTkcyyKloKP I6UGcRwGPi+SjQspNEVZ6am8YdckN121xDeNumey7wMn+sG0zWsAZrTWc3AfCDrM d63p+TTU86AtqedYqcBhhLbsPQqt/VyGc6prR9iLLlhLaRKCJlXmFL9VcIj++XXh -AgMBAAGjggEBMIH+MB0GA1UdDgQWBBTZPDXqdA4jvpz8+imQCcHnhBaffDCBzgYD -VR0jBIHGMIHDgBTTIo8oLOAF7tPtw3E9ybI2Oh2/qKGBn6SBnDCBmTELMAkGA1UE -BhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNV -BAoMCFNhd3Rvb3RoMRgwFgYDVQQLDA9Db25zdWx0aW5nXzEwMjQxGDAWBgNVBAMM -D3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv -bYIJAI9EJv+3Q+GaMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEACgTH -msT2RtvkhdQiAhI+UyclJIqbL5N/3nCUxWxMJiUletcPM7mc0lqUf40wda2Cyb9L -bJFYfEUaid+OyjGfqzizrsKPFIfmHKsSTt+CNslBRsQFlYhiCXJXZjGAuJxVqPt0 -ATLnWkDfm+SY11vqaVwUG5uLCC3ZWCi+yQHg4ak= +AgMBAAGjggE2MIIBMjAdBgNVHQ4EFgQU2Tw16nQOI76c/PopkAnB54QWn3wwgc4G +A1UdIwSBxjCBw4AU0yKPKCzgBe7T7cNxPcmyNjodv6ihgZ+kgZwwgZkxCzAJBgNV +BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYD +VQQKDAhTYXd0b290aDEYMBYGA1UECwwPQ29uc3VsdGluZ18xMDI0MRgwFgYDVQQD +DA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j +b22CCQDmyGR+5juYqjAMBgNVHRMEBTADAQH/MDIGCCsGAQUFBwEBBCYwJDAiBggr +BgEFBQcwAYYWaHR0cDovL2xvY2FsaG9zdDoyMjIyMjANBgkqhkiG9w0BAQsFAAOB +gQDLMwKr2jMkg4/oKykTlFjy32lpDC95eU/8Nf2ldVmlGHQCeVBJLjsWKEu1Dyqk +57kqM1DrxHy0oq+NJPMnSFgBrMBdepBqW/dP06WWJCSWRyyBlzwDHK2QxyKQkWcD +f4FRx5fXdoWCZhv4A9muHbChIAVVaCvX65Lc7M2+xshT3w== -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) - Serial Number: 10323419125573214618 (0x8f4426ffb743e19a) - Signature Algorithm: sha1WithRSAEncryption + Serial Number: 16629652120256878762 (0xe6c8647ee63b98aa) + Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting_1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Sep 23 19:23:38 2015 GMT - Not After : Jun 19 19:23:38 2018 GMT + Not Before: Nov 23 12:49:37 2015 GMT + Not After : Aug 19 12:49:37 2018 GMT Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting_1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -93,38 +97,42 @@ Certificate: X509v3 Authority Key Identifier: keyid:D3:22:8F:28:2C:E0:05:EE:D3:ED:C3:71:3D:C9:B2:36:3A:1D:BF:A8 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting_1024/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:8F:44:26:FF:B7:43:E1:9A + serial:E6:C8:64:7E:E6:3B:98:AA X509v3 Basic Constraints: CA:TRUE - Signature Algorithm: sha1WithRSAEncryption - 0e:46:ac:d8:29:1d:12:12:06:0c:d3:3f:7d:58:2e:0d:11:5e: - 5d:0d:dd:17:c0:0f:aa:01:4d:a4:c4:84:81:6e:64:ae:d1:5d: - 58:cd:19:6a:74:a4:46:2f:c8:43:79:39:c0:91:4b:7c:71:ea: - 4e:63:44:66:15:41:15:de:50:82:e3:e9:d1:55:55:cc:5a:38: - 1e:3a:59:b3:0e:ee:0e:54:4d:93:e7:e0:8e:27:a5:6e:08:b8: - 6a:39:da:2d:47:62:c4:5b:89:c0:48:48:2a:d5:f0:55:74:fd: - a6:b1:68:3c:70:a4:52:24:81:ec:4c:57:e0:e8:18:73:9d:0a: - 4d:d8 + Authority Information Access: + OCSP - URI:http://localhost:22222 + + Signature Algorithm: sha256WithRSAEncryption + 82:53:ec:89:0a:6a:1b:ae:c3:69:fc:22:b5:d7:d2:f4:0b:6d: + 18:72:f5:64:7f:bb:80:57:e3:f3:b2:af:e1:89:47:03:19:dd: + 6f:62:ed:2b:24:d3:a2:77:c0:83:6a:fb:0f:55:93:78:15:4a: + c1:e0:13:f2:65:9c:7a:8c:6c:98:57:f0:44:9d:3a:9e:6a:30: + 08:9f:33:ce:0d:7e:86:6f:ef:0e:34:41:b9:c6:1d:34:c6:28: + 1e:f9:81:be:68:3d:77:92:50:c5:f8:2f:4c:aa:db:5f:72:93: + 42:eb:8a:cf:24:a0:d9:25:44:46:8b:ed:de:46:d5:1a:90:e9: + d6:d8 -----BEGIN CERTIFICATE----- -MIIDtTCCAx6gAwIBAgIJAI9EJv+3Q+GaMA0GCSqGSIb3DQEBBQUAMIGZMQswCQYD +MIID6jCCA1OgAwIBAgIJAObIZH7mO5iqMA0GCSqGSIb3DQEBCwUAMIGZMQswCQYD VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G A1UECgwIU2F3dG9vdGgxGDAWBgNVBAsMD0NvbnN1bHRpbmdfMTAyNDEYMBYGA1UE AwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu -Y29tMB4XDTE1MDkyMzE5MjMzOFoXDTE4MDYxOTE5MjMzOFowgZkxCzAJBgNVBAYT +Y29tMB4XDTE1MTEyMzEyNDkzN1oXDTE4MDgxOTEyNDkzN1owgZkxCzAJBgNVBAYT AlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQK DAhTYXd0b290aDEYMBYGA1UECwwPQ29uc3VsdGluZ18xMDI0MRgwFgYDVQQDDA93 d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20w gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM2s3Ufsvrckw2MbVJh54ccxFlnW nXedjeKL7QQXssbr5JuRvjFQYpdYtX8p3rNxJAu/lwl/Jtwt7KgusmQreis1GS2i gMuZ/ZRxGyONVNsuYo2BCC30JHInbPnJjttMdbqbAfg/GPTmf/tXlJLMiMS0AMKq -1OWIGLMRL3PA1ikJAgMBAAGjggEBMIH+MB0GA1UdDgQWBBTTIo8oLOAF7tPtw3E9 -ybI2Oh2/qDCBzgYDVR0jBIHGMIHDgBTTIo8oLOAF7tPtw3E9ybI2Oh2/qKGBn6SB -nDCBmTELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0Jv -emVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRgwFgYDVQQLDA9Db25zdWx0aW5nXzEw -MjQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5m -b0B3b2xmc3NsLmNvbYIJAI9EJv+3Q+GaMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcN -AQEFBQADgYEADkas2CkdEhIGDNM/fVguDRFeXQ3dF8APqgFNpMSEgW5krtFdWM0Z -anSkRi/IQ3k5wJFLfHHqTmNEZhVBFd5QguPp0VVVzFo4HjpZsw7uDlRNk+fgjiel -bgi4ajnaLUdixFuJwEhIKtXwVXT9prFoPHCkUiSB7ExX4OgYc50KTdg= +1OWIGLMRL3PA1ikJAgMBAAGjggE2MIIBMjAdBgNVHQ4EFgQU0yKPKCzgBe7T7cNx +PcmyNjodv6gwgc4GA1UdIwSBxjCBw4AU0yKPKCzgBe7T7cNxPcmyNjodv6ihgZ+k +gZwwgZkxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC +b3plbWFuMREwDwYDVQQKDAhTYXd0b290aDEYMBYGA1UECwwPQ29uc3VsdGluZ18x +MDI0MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGlu +Zm9Ad29sZnNzbC5jb22CCQDmyGR+5juYqjAMBgNVHRMEBTADAQH/MDIGCCsGAQUF +BwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL2xvY2FsaG9zdDoyMjIyMjANBgkq +hkiG9w0BAQsFAAOBgQCCU+yJCmobrsNp/CK119L0C20YcvVkf7uAV+Pzsq/hiUcD +Gd1vYu0rJNOid8CDavsPVZN4FUrB4BPyZZx6jGyYV/BEnTqeajAInzPODX6Gb+8O +NEG5xh00xige+YG+aD13klDF+C9MqttfcpNC64rPJKDZJURGi+3eRtUakOnW2A== -----END CERTIFICATE----- diff --git a/certs/ca-cert.der b/certs/ca-cert.der index d0eab7a3ce08847c4bc6c9160c266eaa3289778b..b61188892a7dd9a237caaa5a29e55d4c226cf4d5 100644 GIT binary patch delta 427 zcmZ3-`Gix#po!&yK@;UVL7$sbh)$ zi#*ld>^s4$^)I{kTvK0dx##k!8;sMIxP)6wUVZrU)b#rEs+|1xi{c{2UsOTLen-z&5+ zGp1#KP~*2`QTysNBf);ENBq{@b3+RwLj%Joab80U z14Cm&2zTS%{fzvLe+(Lb8pyIShsyG?h_Ot*$Rs-X5YrJcme3-%Iozu8yg+^Iwar-^d`#3f2WSd!2Z*qN&$7|f7q^OnoN+EI4WLY)YKSX5~{O5>Ic-mHaz_?S!r(gpU*7{QpecaC#lU7m54NEyYqX)wzAld z2lY?rC(SutPxVc-WXjWrbN-4VW1j{~H*wacHwKva+%> zGP0-{s2C{0_y&w^Vi_eR1y=g{Ir+(nIT`uIC00ftV8F}9snzDu_MMlJk(-r)xrvdH zp?YF+uVqMz%@+HsC;azw?_VD?$MHCKQ0}o0_iFyn_WSp_UTG%pfn;mha9f7)^G&Gn13-~8swXIdM0pzLlM z*EwF!XDggGupMT3E^}O6+khxZK;@Z T-RsYsBQ=r=&3u3DeU}3Odz7!9 delta 378 zcmZqTI>#wt(8O}epow|Y0%j&gCMHgXRqC6Mt}M#qohY$Q%D~jX+|a_v(7-TCoY&C8 zz|hzb%ALf#aC0Z4CL=4mK@%hMtPxVc-WXjWrbN-4VW1j{~PeKacZ@Bw0-Ag zWaMULU~Xb$WC)zLTt+QcX2LO}`O`!{$v&SvXH99?)V~S^t6j4=H+=rYyyEs9{XO#S zRg16mU-g_`XA`n!G^zNmIeqhTlWko0wiZ@#F0;GV6w#SJ z=V(UKF1BlyyH8skc#tfAoM(gVWwcd8VA-c!;y|W9q&1B2Pexet- z<6CCPo}Ita{k3(N!M3tV2R-8VOx+M56?#I)FUh?1-P&TD94 zU}0zp3#yj;etp+@7%%QTvEUX61jEw&cjMzA|*%(<_ z*%=vG)C^P%lwf=V#x}8xl9B=|ef^yLm)V&l+i^EhYA!py|%!C>IZ zq{uK|<&gEWr&_ufXQrR}`u5_r36f%BKjww4d@C(EDTHtNBPK(N zW@2_{FmPc~D5+joH|Ip=)GqF|^(W13ZR)qb|9orqs|(A^xR#U)eP6+(P&l={bNhp)SWz)>2dwCGz(AH*>@TZc-WXjWrbN-4VW1j{~H*wacHwKva+%>GP0-{ zs2C{0_y&w^Vi_eR1y=g{Ir+(nIT`uIC00ftV8F}9snzDu_MMlJk(-r)xrvdHp-{X( zzxJ9SW96Echkh4kX7i*>JZRKCC#h&_((WJUbJXwGe@MCJ73yE_)m_~XZL`2|gX$zE zra3d0_VFaX-y+ATC-ZVnr0)AXX5WvIPvbMwVz{22{Z^vT=JTyzsV$@KU%I`m!h&4XUcvbxx zJ%LHv7yUe##FJpnlR2wURB(^^{yt@qLmPSTce={m7kM$&v_pNx>bo_{_PhW2@x5C1 z?rZt)RXa3{etFrc_B-dC>d%^r6IMzYpTy)YU9wkUY5%nS zU{dm~qrcW&QfQRA#IsHW~ z*8OXY*3JmuCp^hTVCm;|kJ4_rtejG4e?ea%vi(Vv!@EmQc+RO#xx@d@;(=q3NzCrU zw-3gb9ggKQ%G93A_*N%C+P{3|${U3Sr}cCS7* Date: Mon, 23 Nov 2015 13:34:27 -0300 Subject: [PATCH 10/22] adds next update time to ocspd.sh --- certs/ocsp/ocspd.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/certs/ocsp/ocspd.sh b/certs/ocsp/ocspd.sh index 98e1a10d0..6f7ce20fe 100755 --- a/certs/ocsp/ocspd.sh +++ b/certs/ocsp/ocspd.sh @@ -5,4 +5,5 @@ openssl ocsp -index index.txt \ -rsigner ocsp-cert.pem \ -rkey ocsp-key.pem \ -CA ../ca-cert.pem \ + -nmin 1 \ -text From 96e18a8c685d298f5c3f787dd2a9c9f153be2a49 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Mon, 23 Nov 2015 15:08:25 -0300 Subject: [PATCH 11/22] adds next update verification when decoding the OcspResponse; fixes memleak in GetOcspStatus(); If the status was outdated, the responseBuffer was allocated twice; consider error in OcspResponseDecode() also a BAD_CERTIFICATE_STATUS_ERROR; --- src/internal.c | 13 +++++-------- src/ocsp.c | 16 +++++++++------- wolfcrypt/src/asn.c | 24 +++++++++++++----------- 3 files changed, 27 insertions(+), 26 deletions(-) diff --git a/src/internal.c b/src/internal.c index c7fcd29c7..905e88a95 100644 --- a/src/internal.c +++ b/src/internal.c @@ -4861,14 +4861,11 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx, InitOcspResponse(response, status, input +*inOutIdx, status_length); - if ((ret = OcspResponseDecode(response, ssl->ctx->cm)) == 0) { - if (response->responseStatus != OCSP_SUCCESSFUL) - ret = BAD_CERTIFICATE_STATUS_ERROR; - else if (CompareOcspReqResp(request, response) != 0) - ret = BAD_CERTIFICATE_STATUS_ERROR; - else if (response->status->status != CERT_GOOD) - ret = BAD_CERTIFICATE_STATUS_ERROR; - } + if ((OcspResponseDecode(response, ssl->ctx->cm) != 0) + || (response->responseStatus != OCSP_SUCCESSFUL) + || (response->status->status != CERT_GOOD) + || (CompareOcspReqResp(request, response) != 0)) + ret = BAD_CERTIFICATE_STATUS_ERROR; *inOutIdx += status_length; diff --git a/src/ocsp.c b/src/ocsp.c index 7852c2bcb..7283e66ad 100644 --- a/src/ocsp.c +++ b/src/ocsp.c @@ -216,17 +216,19 @@ static int GetOcspStatus(WOLFSSL_OCSP* ocsp, OcspRequest* request, if (ValidateDate((*status)->thisDate, (*status)->thisDateFormat, BEFORE) && ((*status)->nextDate[0] != 0) && ValidateDate((*status)->nextDate, (*status)->nextDateFormat, AFTER)) + { ret = xstat2err((*status)->status); - if (responseBuffer) { - responseBuffer->buffer = (byte*)XMALLOC( + if (responseBuffer) { + responseBuffer->buffer = (byte*)XMALLOC( (*status)->rawOcspResponseSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (responseBuffer->buffer) { - responseBuffer->length = (*status)->rawOcspResponseSz; - XMEMCPY(responseBuffer->buffer, - (*status)->rawOcspResponse, - (*status)->rawOcspResponseSz); + if (responseBuffer->buffer) { + responseBuffer->length = (*status)->rawOcspResponseSz; + XMEMCPY(responseBuffer->buffer, + (*status)->rawOcspResponse, + (*status)->rawOcspResponseSz); + } } } } diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 935574ac7..728a8f737 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -8520,6 +8520,8 @@ static int DecodeSingleResponse(byte* source, if (GetBasicDate(source, &idx, cs->nextDate, &cs->nextDateFormat, size) < 0) return ASN_PARSE_E; + if (!XVALIDATE_DATE(cs->nextDate, cs->nextDateFormat, AFTER)) + return ASN_AFTER_DATE_E; } if (((int)(idx - prevIndex) < wrapperSz) && (source[idx] == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 1))) @@ -8594,7 +8596,7 @@ static int DecodeOcspRespExtensions(byte* source, WOLFSSL_MSG("\tfail: extension data length"); return ASN_PARSE_E; } - + resp->nonce = source + idx; resp->nonceSz = length; } @@ -8758,8 +8760,8 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex, else { Signer* ca = GetCA(cm, resp->issuerHash); - if (!ca || !ConfirmSignature(resp->response, resp->responseSz, - ca->publicKey, ca->pubKeySize, ca->keyOID, + if (!ca || !ConfirmSignature(resp->response, resp->responseSz, + ca->publicKey, ca->pubKeySize, ca->keyOID, resp->sig, resp->sigSz, resp->sigOID, NULL)) { WOLFSSL_MSG("\tOCSP Confirm signature failed"); return ASN_OCSP_CONFIRM_E; @@ -8861,28 +8863,28 @@ word32 EncodeOcspRequestExtensions(OcspRequest* req, byte* output, word32 size) if (totalSz < size) { totalSz = 0; - + XMEMCPY(output + totalSz, seqArray[5], seqSz[5]); totalSz += seqSz[5]; - + XMEMCPY(output + totalSz, seqArray[4], seqSz[4]); totalSz += seqSz[4]; - + XMEMCPY(output + totalSz, seqArray[3], seqSz[3]); totalSz += seqSz[3]; - + XMEMCPY(output + totalSz, seqArray[2], seqSz[2]); totalSz += seqSz[2]; - + XMEMCPY(output + totalSz, NonceObjId, sizeof(NonceObjId)); totalSz += (word32)sizeof(NonceObjId); - + XMEMCPY(output + totalSz, seqArray[1], seqSz[1]); totalSz += seqSz[1]; - + XMEMCPY(output + totalSz, seqArray[0], seqSz[0]); totalSz += seqSz[0]; - + XMEMCPY(output + totalSz, req->nonce, req->nonceSz); totalSz += req->nonceSz; } From f9d6464793530d5b780380e40923e418e8457100 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Mon, 23 Nov 2015 18:05:55 -0300 Subject: [PATCH 12/22] adds basic extension code for CERTIFICATE_STATUS_REQUEST_V2; fixes EncodeOcspRequestExtensions() length check; --- configure.ac | 21 +++ examples/client/client.c | 18 ++- examples/server/server.c | 3 +- src/internal.c | 30 +++- src/ssl.c | 34 +++- src/tls.c | 328 ++++++++++++++++++++++++++++++++++++++- wolfcrypt/src/asn.c | 42 ++--- wolfssl/internal.h | 26 +++- wolfssl/ssl.h | 24 +++ 9 files changed, 489 insertions(+), 37 deletions(-) diff --git a/configure.ac b/configure.ac index 11c5bd149..e7bd09bad 100644 --- a/configure.ac +++ b/configure.ac @@ -1676,6 +1676,26 @@ then fi fi +# Certificate Status Request v2 : a.k.a. OCSP stapling v2 +AC_ARG_ENABLE([ocspstapling2], + [AS_HELP_STRING([--enable-ocspstapling2],[Enable Certificate Status Request v2 - a.k.a. OCSP Stapling v2 (default: disabled)])], + [ ENABLED_CERTIFICATE_STATUS_REQUEST_V2=$enableval ], + [ ENABLED_CERTIFICATE_STATUS_REQUEST_V2=no ] + ) + +if test "x$ENABLED_CERTIFICATE_STATUS_REQUEST_V2" = "xyes" +then + AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_CERTIFICATE_STATUS_REQUEST_V2" + + # Requires OCSP make sure on + if test "x$ENABLED_OCSP" = "xno" + then + ENABLED_OCSP="yes" + AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP" + AM_CONDITIONAL([BUILD_OCSP], [test "x$ENABLED_OCSP" = "xyes"]) + fi +fi + # Renegotiation Indication - (FAKE Secure Renegotiation) AC_ARG_ENABLE([renegotiation-indication], [AS_HELP_STRING([--enable-renegotiation-indication],[Enable Renegotiation Indication (default: disabled)])], @@ -2720,6 +2740,7 @@ echo " * ALPN: $ENABLED_ALPN" echo " * Maximum Fragment Length: $ENABLED_MAX_FRAGMENT" echo " * Truncated HMAC: $ENABLED_TRUNCATED_HMAC" echo " * Certificate Status Request: $ENABLED_CERTIFICATE_STATUS_REQUEST" +echo " * Certificate Status Request v2: $ENABLED_CERTIFICATE_STATUS_REQUEST_V2" echo " * Supported Elliptic Curves: $ENABLED_SUPPORTED_CURVES" echo " * Session Ticket: $ENABLED_SESSION_TICKET" echo " * Renegotiation Indication: $ENABLED_RENEGOTIATION_INDICATION" diff --git a/examples/client/client.c b/examples/client/client.c index f5d005acd..79d735b44 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -358,7 +358,8 @@ static void Usage(void) printf("-o Perform OCSP lookup on peer certificate\n"); printf("-O Perform OCSP lookup using as responder\n"); #endif -#ifdef HAVE_CERTIFICATE_STATUS_REQUEST +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ + || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) printf("-W Use OCSP Stapling\n"); #endif #ifdef ATOMIC_USER @@ -440,7 +441,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #ifdef HAVE_TRUNCATED_HMAC byte truncatedHMAC = 0; #endif -#ifdef HAVE_CERTIFICATE_STATUS_REQUEST +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ + || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) byte statusRequest = 0; #endif @@ -674,7 +676,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) break; case 'W' : - #ifdef HAVE_CERTIFICATE_STATUS_REQUEST + #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ + || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) statusRequest = 1; #endif break; @@ -1010,6 +1013,15 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) wolfSSL_CTX_EnableOCSP(ctx, 0); } #endif +#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 + if (statusRequest) { + if (wolfSSL_UseCertificateStatusRequestV2(ssl, WOLFSSL_CSR2_OCSP, + WOLFSSL_CSR2_OCSP_USE_NONCE) != SSL_SUCCESS) + err_sys("UseCertificateStatusRequest failed"); + + wolfSSL_CTX_EnableOCSP(ctx, 0); + } +#endif tcp_connect(&sockfd, host, port, doDTLS, ssl); diff --git a/examples/server/server.c b/examples/server/server.c index 56a0c680d..000d35a1c 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -725,7 +725,8 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) CyaSSL_CTX_EnableOCSP(ctx, CYASSL_OCSP_NO_NONCE); } #endif -#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ + || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) if (wolfSSL_CTX_EnableOCSPStapling(ctx) != SSL_SUCCESS) err_sys("can't enable OCSP Stapling Certificate Manager"); if (SSL_CTX_load_verify_locations(ctx, caCert, 0) != SSL_SUCCESS) diff --git a/src/internal.c b/src/internal.c index 905e88a95..163c34d5e 100644 --- a/src/internal.c +++ b/src/internal.c @@ -4822,9 +4822,11 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx, return BUFFER_ERROR; switch (status_type) { - #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) + #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ + || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) - case WOLFSSL_CSR_OCSP: { + /* WOLFSSL_CSR_OCSP overlaps with WOLFSSL_CSR2_OCSP */ + case WOLFSSL_CSR2_OCSP: { OcspRequest* request = TLSX_CSR_GetRequest(ssl->extensions); #ifdef WOLFSSL_SMALL_STACK @@ -4842,6 +4844,12 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx, break; } #endif + #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 + if (ssl->status_request_v2) { + ssl->status_request_v2 = 0; + break; + } + #endif return BUFFER_ERROR; } while(0); @@ -8147,7 +8155,8 @@ int SendCertificateRequest(WOLFSSL* ssl) } -#ifdef HAVE_CERTIFICATE_STATUS_REQUEST +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ + || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) static int BuildCertificateStatus(WOLFSSL* ssl, byte type, buffer status) { byte* output = NULL; @@ -8232,9 +8241,15 @@ int SendCertificateStatus(WOLFSSL* ssl) status_type = ssl->status_request; #endif +#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 + status_type = status_type ? status_type : ssl->status_request_v2; +#endif + switch (status_type) { -#if defined HAVE_CERTIFICATE_STATUS_REQUEST - case WOLFSSL_CSR_OCSP: { +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ + || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) + /* case WOLFSSL_CSR_OCSP: */ + case WOLFSSL_CSR2_OCSP: { OcspRequest* request = ssl->ctx->certOcspRequest; buffer response = {NULL, 0}; @@ -8321,6 +8336,11 @@ int SendCertificateStatus(WOLFSSL* ssl) break; #endif +#if defined HAVE_CERTIFICATE_STATUS_REQUEST_V2 + case WOLFSSL_CSR2_OCSP_MULTI: + break; +#endif + default: break; } diff --git a/src/ssl.c b/src/ssl.c index 38c7d7ea7..e7cecf9f3 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -826,6 +826,31 @@ int wolfSSL_CTX_UseCertificateStatusRequest(WOLFSSL_CTX* ctx, byte status_type, #endif /* HAVE_CERTIFICATE_STATUS_REQUEST */ +#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 + +int wolfSSL_UseCertificateStatusRequestV2(WOLFSSL* ssl, byte status_type, + byte options) +{ + if (ssl == NULL || ssl->options.side != WOLFSSL_CLIENT_END) + return BAD_FUNC_ARG; + + return TLSX_UseCertificateStatusRequestV2(&ssl->extensions, status_type, + options); +} + + +int wolfSSL_CTX_UseCertificateStatusRequestV2(WOLFSSL_CTX* ctx, + byte status_type, byte options) +{ + if (ctx == NULL || ctx->method->side != WOLFSSL_CLIENT_END) + return BAD_FUNC_ARG; + + return TLSX_UseCertificateStatusRequestV2(&ctx->extensions, status_type, + options); +} + +#endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */ + /* Elliptic Curves */ #ifdef HAVE_SUPPORTED_CURVES #ifndef NO_WOLFSSL_CLIENT @@ -1643,7 +1668,8 @@ void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER* cm) #ifdef HAVE_OCSP if (cm->ocsp) FreeOCSP(cm->ocsp, 1); - #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) + #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ + || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) if (cm->ocsp_stapling) FreeOCSP(cm->ocsp_stapling, 1); #endif @@ -3473,7 +3499,8 @@ int wolfSSL_CertManagerEnableOCSPStapling(WOLFSSL_CERT_MANAGER* cm) if (cm == NULL) return BAD_FUNC_ARG; - #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) + #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ + || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) if (cm->ocsp_stapling == NULL) { cm->ocsp_stapling = (WOLFSSL_OCSP*)XMALLOC(sizeof(WOLFSSL_OCSP), cm->heap, DYNAMIC_TYPE_OCSP); @@ -3669,7 +3696,8 @@ int wolfSSL_CTX_SetOCSP_Cb(WOLFSSL_CTX* ctx, CbOCSPIO ioCb, return BAD_FUNC_ARG; } -#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ + || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) int wolfSSL_CTX_EnableOCSPStapling(WOLFSSL_CTX* ctx) { WOLFSSL_ENTER("wolfSSL_CTX_EnableOCSPStapling"); diff --git a/src/tls.c b/src/tls.c index 652c6dabf..ba8bd1a7d 100644 --- a/src/tls.c +++ b/src/tls.c @@ -919,7 +919,7 @@ static word16 TLSX_ALPN_GetSize(ALPN *list) length++; /* protocol name length is on one byte */ length += (word16)XSTRLEN(alpn->protocol_name); } - + return length; } @@ -946,7 +946,7 @@ static word16 TLSX_ALPN_Write(ALPN *list, byte *output) /* writing list length */ c16toa(offset - OPAQUE16_LEN, output); - + return offset; } @@ -1917,6 +1917,7 @@ static word16 TLSX_CSR_GetSize(CertificateStatusRequest* csr, byte isRequest) if (csr->request.ocsp.nonceSz) size += OCSP_NONCE_EXT_SZ; + break; } } #endif @@ -1949,7 +1950,7 @@ static word16 TLSX_CSR_Write(CertificateStatusRequest* csr, byte* output, length = EncodeOcspRequestExtensions( &csr->request.ocsp, output + offset + OPAQUE16_LEN, - MAX_OCSP_EXT_SZ); + OCSP_NONCE_EXT_SZ); c16toa(length, output + offset); offset += OPAQUE16_LEN + length; @@ -2052,6 +2053,13 @@ static int TLSX_CSR_Parse(WOLFSSL* ssl, byte* input, word16 length, break; } + /* if using status_request and already sending it, skip this one */ + #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 + if (ssl->status_request_v2) + return 0; + #endif + + /* accept the first good status_type and return */ ret = TLSX_UseCertificateStatusRequest(&ssl->extensions, status_type, 0); if (ret != SSL_SUCCESS) @@ -2187,6 +2195,301 @@ int TLSX_UseCertificateStatusRequest(TLSX** extensions, byte status_type, #endif /* HAVE_CERTIFICATE_STATUS_REQUEST */ +/******************************************************************************/ +/* Certificate Status Request v2 */ +/******************************************************************************/ + +#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 + +static void TLSX_CSR2_FreeAll(CertificateStatusRequestItemV2* csr2) +{ + CertificateStatusRequestItemV2* next; + + for (; csr2; csr2 = next) { + next = csr2->next; + + switch (csr2->status_type) { + case WOLFSSL_CSR2_OCSP: + case WOLFSSL_CSR2_OCSP_MULTI: + FreeOcspRequest(&csr2->request.ocsp); + break; + } + + XFREE(csr2, NULL, DYNAMIC_TYPE_TLSX); + } +} + +static word16 TLSX_CSR2_GetSize(CertificateStatusRequestItemV2* csr2, + byte isRequest) +{ + word16 size = 0; + + /* shut up compiler warnings */ + (void) csr2; (void) isRequest; + +#ifndef NO_WOLFSSL_CLIENT + if (isRequest) { + CertificateStatusRequestItemV2* next; + + for (size = OPAQUE16_LEN; csr2; csr2 = next) { + next = csr2->next; + + switch (csr2->status_type) { + case WOLFSSL_CSR2_OCSP: + case WOLFSSL_CSR2_OCSP_MULTI: + size += ENUM_LEN + 3 * OPAQUE16_LEN; + + if (csr2->request.ocsp.nonceSz) + size += OCSP_NONCE_EXT_SZ; + break; + } + } + } +#endif + + return size; +} + +static word16 TLSX_CSR2_Write(CertificateStatusRequestItemV2* csr2, + byte* output, byte isRequest) +{ + /* shut up compiler warnings */ + (void) csr2; (void) output; (void) isRequest; + +#ifndef NO_WOLFSSL_CLIENT + if (isRequest) { + word16 offset; + word16 length; + + for (offset = OPAQUE16_LEN; csr2 != NULL; csr2 = csr2->next) { + /* status_type */ + output[offset++] = csr2->status_type; + + /* request */ + switch (csr2->status_type) { + case WOLFSSL_CSR2_OCSP: + case WOLFSSL_CSR2_OCSP_MULTI: + /* request_length */ + length = 2 * OPAQUE16_LEN; + + if (csr2->request.ocsp.nonceSz) + length += OCSP_NONCE_EXT_SZ; + + c16toa(length, output + offset); + offset += OPAQUE16_LEN; + + /* responder id list */ + c16toa(0, output + offset); + offset += OPAQUE16_LEN; + + /* request extensions */ + length = 0; + + if (csr2->request.ocsp.nonceSz) + length = EncodeOcspRequestExtensions( + &csr2->request.ocsp, + output + offset + OPAQUE16_LEN, + OCSP_NONCE_EXT_SZ); + + c16toa(length, output + offset); + offset += OPAQUE16_LEN + length; + break; + } + } + + /* list size */ + c16toa(offset - OPAQUE16_LEN, output); + + return offset; + } +#endif + + return 0; +} + +static int TLSX_CSR2_Parse(WOLFSSL* ssl, byte* input, word16 length, + byte isRequest) +{ + int ret; + + /* shut up compiler warnings */ + (void) ssl; (void) input; + + if (!isRequest) { +#ifndef NO_WOLFSSL_CLIENT + TLSX* extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST_V2); + CertificateStatusRequestItemV2* csr2 = extension ? extension->data + : NULL; + + if (!csr2) { + /* look at context level */ + + extension = TLSX_Find(ssl->ctx->extensions, TLSX_STATUS_REQUEST_V2); + csr2 = extension ? extension->data : NULL; + + if (!csr2) + return BUFFER_ERROR; /* unexpected extension */ + } + + ssl->status_request_v2 = 1; + + return length ? BUFFER_ERROR : 0; /* extension_data MUST be empty. */ +#endif + } + else { +#ifndef NO_WOLFSSL_SERVER + byte status_type; + word16 request_length; + word16 offset = 0; + word16 size = 0; + + /* list size */ + ato16(input + offset, &request_length); + offset += OPAQUE16_LEN; + + if (length - OPAQUE16_LEN != request_length) + return BUFFER_ERROR; + + while (length > offset) { + if (length - offset < ENUM_LEN + OPAQUE16_LEN) + return BUFFER_ERROR; + + status_type = input[offset++]; + + ato16(input + offset, &request_length); + offset += OPAQUE16_LEN; + + if (length - offset < request_length) + return BUFFER_ERROR; + + switch (status_type) { + case WOLFSSL_CSR2_OCSP: + case WOLFSSL_CSR2_OCSP_MULTI: + /* skip responder_id_list */ + if (length - offset < OPAQUE16_LEN) + return BUFFER_ERROR; + + ato16(input + offset, &size); + offset += OPAQUE16_LEN + size; + + /* skip request_extensions */ + if (length - offset < OPAQUE16_LEN) + return BUFFER_ERROR; + + ato16(input + offset, &size); + offset += OPAQUE16_LEN + size; + + if (offset > length) + return BUFFER_ERROR; + + /* is able to send OCSP response? */ + if (ssl->ctx->cm == NULL + || !ssl->ctx->cm->ocspStaplingEnabled) + continue; + break; + + default: + /* unkown status type, skipping! */ + offset += request_length; + continue; + } + + /* if using status_request and already sending it, skip this one */ + #ifdef HAVE_CERTIFICATE_STATUS_REQUEST + if (ssl->status_request) + return 0; + #endif + + /* accept the first good status_type and return */ + ret = TLSX_UseCertificateStatusRequestV2(&ssl->extensions, + status_type, 0); + if (ret != SSL_SUCCESS) + return ret; /* throw error */ + + TLSX_SetResponse(ssl, TLSX_STATUS_REQUEST_V2); + ssl->status_request_v2 = status_type; + + return 0; + } +#endif + } + + return 0; +} + +int TLSX_UseCertificateStatusRequestV2(TLSX** extensions, byte status_type, + byte options) +{ + TLSX* extension = NULL; + CertificateStatusRequestItemV2* csr2 = NULL; + int ret = 0; + + if (!extensions) + return BAD_FUNC_ARG; + + if (status_type != WOLFSSL_CSR2_OCSP + && status_type != WOLFSSL_CSR2_OCSP_MULTI) + return BAD_FUNC_ARG; + + csr2 = (CertificateStatusRequestItemV2*) + XMALLOC(sizeof(CertificateStatusRequestItemV2), NULL, DYNAMIC_TYPE_TLSX); + if (!csr2) + return MEMORY_E; + + ForceZero(csr2, sizeof(CertificateStatusRequestItemV2)); + + csr2->status_type = status_type; + csr2->options = options; + csr2->next = NULL; + + switch (csr2->status_type) { + case WOLFSSL_CSR2_OCSP: + case WOLFSSL_CSR2_OCSP_MULTI: + if (options & WOLFSSL_CSR2_OCSP_USE_NONCE) { + WC_RNG rng; + + if (wc_InitRng(&rng) == 0) { + if (wc_RNG_GenerateBlock(&rng, csr2->request.ocsp.nonce, + MAX_OCSP_NONCE_SZ) == 0) + csr2->request.ocsp.nonceSz = MAX_OCSP_NONCE_SZ; + + wc_FreeRng(&rng); + } + } + break; + } + + /* append new item */ + if ((extension = TLSX_Find(*extensions, TLSX_STATUS_REQUEST_V2))) { + CertificateStatusRequestItemV2* last = + (CertificateStatusRequestItemV2*)extension->data; + + for (; last->next; last = last->next); + + last->next = csr2; + } + else if ((ret = TLSX_Push(extensions, TLSX_STATUS_REQUEST_V2, csr2))) { + XFREE(csr2, NULL, DYNAMIC_TYPE_TLSX); + return ret; + } + + return SSL_SUCCESS; +} + +#define CSR2_FREE_ALL TLSX_CSR2_FreeAll +#define CSR2_GET_SIZE TLSX_CSR2_GetSize +#define CSR2_WRITE TLSX_CSR2_Write +#define CSR2_PARSE TLSX_CSR2_Parse + +#else + +#define CSR2_FREE_ALL(data) +#define CSR2_GET_SIZE(a, b) 0 +#define CSR2_WRITE(a, b, c) 0 +#define CSR2_PARSE(a, b, c, d) 0 + +#endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */ + /******************************************************************************/ /* Supported Elliptic Curves */ /******************************************************************************/ @@ -3400,6 +3703,10 @@ void TLSX_FreeAll(TLSX* list) CSR_FREE_ALL(extension->data); break; + case TLSX_STATUS_REQUEST_V2: + CSR2_FREE_ALL(extension->data); + break; + case TLSX_RENEGOTIATION_INFO: SCR_FREE_ALL(extension->data); break; @@ -3471,6 +3778,10 @@ static word16 TLSX_GetSize(TLSX* list, byte* semaphore, byte isRequest) length += CSR_GET_SIZE(extension->data, isRequest); break; + case TLSX_STATUS_REQUEST_V2: + length += CSR2_GET_SIZE(extension->data, isRequest); + break; + case TLSX_RENEGOTIATION_INFO: length += SCR_GET_SIZE(extension->data, isRequest); break; @@ -3545,6 +3856,11 @@ static word16 TLSX_Write(TLSX* list, byte* output, byte* semaphore, isRequest); break; + case TLSX_STATUS_REQUEST_V2: + offset += CSR2_WRITE(extension->data, output + offset, + isRequest); + break; + case TLSX_RENEGOTIATION_INFO: offset += SCR_WRITE(extension->data, output + offset, isRequest); @@ -4044,6 +4360,12 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte isRequest, ret = CSR_PARSE(ssl, input + offset, size, isRequest); break; + case TLSX_STATUS_REQUEST_V2: + WOLFSSL_MSG("Certificate Status Request v2 extension received"); + + ret = CSR2_PARSE(ssl, input + offset, size, isRequest); + break; + case TLSX_RENEGOTIATION_INFO: WOLFSSL_MSG("Secure Renegotiation extension received"); diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 728a8f737..a633dfe50 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -8860,34 +8860,34 @@ word32 EncodeOcspRequestExtensions(OcspRequest* req, byte* output, word32 size) totalSz += seqSz[4] = SetSequence(totalSz, seqArray[4]); totalSz += seqSz[5] = SetExplicit(2, totalSz, seqArray[5]); - if (totalSz < size) - { - totalSz = 0; + if (totalSz > size) + return 0; - XMEMCPY(output + totalSz, seqArray[5], seqSz[5]); - totalSz += seqSz[5]; + totalSz = 0; - XMEMCPY(output + totalSz, seqArray[4], seqSz[4]); - totalSz += seqSz[4]; + XMEMCPY(output + totalSz, seqArray[5], seqSz[5]); + totalSz += seqSz[5]; - XMEMCPY(output + totalSz, seqArray[3], seqSz[3]); - totalSz += seqSz[3]; + XMEMCPY(output + totalSz, seqArray[4], seqSz[4]); + totalSz += seqSz[4]; - XMEMCPY(output + totalSz, seqArray[2], seqSz[2]); - totalSz += seqSz[2]; + XMEMCPY(output + totalSz, seqArray[3], seqSz[3]); + totalSz += seqSz[3]; - XMEMCPY(output + totalSz, NonceObjId, sizeof(NonceObjId)); - totalSz += (word32)sizeof(NonceObjId); + XMEMCPY(output + totalSz, seqArray[2], seqSz[2]); + totalSz += seqSz[2]; - XMEMCPY(output + totalSz, seqArray[1], seqSz[1]); - totalSz += seqSz[1]; + XMEMCPY(output + totalSz, NonceObjId, sizeof(NonceObjId)); + totalSz += (word32)sizeof(NonceObjId); - XMEMCPY(output + totalSz, seqArray[0], seqSz[0]); - totalSz += seqSz[0]; + XMEMCPY(output + totalSz, seqArray[1], seqSz[1]); + totalSz += seqSz[1]; - XMEMCPY(output + totalSz, req->nonce, req->nonceSz); - totalSz += req->nonceSz; - } + XMEMCPY(output + totalSz, seqArray[0], seqSz[0]); + totalSz += seqSz[0]; + + XMEMCPY(output + totalSz, req->nonce, req->nonceSz); + totalSz += req->nonceSz; return totalSz; } @@ -8919,7 +8919,7 @@ int EncodeOcspRequest(OcspRequest* req, byte* output, word32 size) extSz = 0; if (req->nonceSz) - extSz = EncodeOcspRequestExtensions(req, extArray, MAX_OCSP_EXT_SZ); + extSz = EncodeOcspRequestExtensions(req, extArray, OCSP_NONCE_EXT_SZ); totalSz = algoSz + issuerSz + issuerKeySz + snSz; for (i = 4; i >= 0; i--) { diff --git a/wolfssl/internal.h b/wolfssl/internal.h index a553bddba..67a535060 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -1364,7 +1364,8 @@ struct WOLFSSL_CERT_MANAGER { void* heap; /* heap helper */ WOLFSSL_CRL* crl; /* CRL checker */ WOLFSSL_OCSP* ocsp; /* OCSP checker */ -#if !defined(NO_WOLFSSL_SEVER) && defined(HAVE_CERTIFICATE_STATUS_REQUEST) +#if !defined(NO_WOLFSSL_SEVER) && (defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ + || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)) WOLFSSL_OCSP* ocsp_stapling; /* OCSP checker for OCSP stapling */ #endif char* ocspOverrideURL; /* use this responder */ @@ -1470,6 +1471,7 @@ typedef enum { TLSX_STATUS_REQUEST = 0x0005, /* a.k.a. OCSP stappling */ TLSX_SUPPORTED_GROUPS = 0x000a, /* a.k.a. Supported Curves */ TLSX_APPLICATION_LAYER_PROTOCOL = 0x0010, /* a.k.a. ALPN */ + TLSX_STATUS_REQUEST_V2 = 0x0011, /* a.k.a. OCSP stappling v2 */ TLSX_QUANTUM_SAFE_HYBRID = 0x0018, /* a.k.a. QSH */ TLSX_SESSION_TICKET = 0x0023, TLSX_RENEGOTIATION_INFO = 0xff01 @@ -1504,6 +1506,7 @@ WOLFSSL_LOCAL int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, || defined(HAVE_MAX_FRAGMENT) \ || defined(HAVE_TRUNCATED_HMAC) \ || defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ + || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \ || defined(HAVE_SUPPORTED_CURVES) \ || defined(HAVE_ALPN) \ || defined(HAVE_QSH) \ @@ -1594,6 +1597,24 @@ WOLFSSL_LOCAL int TLSX_CSR_ForceRequest(WOLFSSL* ssl); #endif +/** Certificate Status Request v2 - RFC 6961 */ +#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 + +typedef struct CSRIv2 { + byte status_type; + byte options; + word16 request_length; + union { + OcspRequest ocsp; + } request; + struct CSRIv2* next; +} CertificateStatusRequestItemV2; + +WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequestV2(TLSX** extensions, + byte status_type, byte options); + +#endif + /** Supported Elliptic Curves - RFC 4492 (session 4) */ #ifdef HAVE_SUPPORTED_CURVES @@ -2485,6 +2506,9 @@ struct WOLFSSL { #ifdef HAVE_CERTIFICATE_STATUS_REQUEST byte status_request; #endif + #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 + byte status_request_v2; + #endif #ifdef HAVE_SECURE_RENEGOTIATION SecureRenegotiation* secure_renegotiation; /* valid pointer indicates */ #endif /* user turned on */ diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 415b4bd60..9da9c4360 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1439,6 +1439,30 @@ WOLFSSL_API int wolfSSL_CTX_UseCertificateStatusRequest(WOLFSSL_CTX* ctx, #endif #endif +/* Certificate Status Request v2 */ +/* Certificate Status Type */ +enum { + WOLFSSL_CSR2_OCSP = 1, + WOLFSSL_CSR2_OCSP_MULTI = 2 +}; + +/* Certificate Status v2 Options (flags) */ +enum { + WOLFSSL_CSR2_OCSP_USE_NONCE = 0x01 +}; + +#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 +#ifndef NO_WOLFSSL_CLIENT + +WOLFSSL_API int wolfSSL_UseCertificateStatusRequestV2(WOLFSSL* ssl, + unsigned char status_type, unsigned char options); + +WOLFSSL_API int wolfSSL_CTX_UseCertificateStatusRequestV2(WOLFSSL_CTX* ctx, + unsigned char status_type, unsigned char options); + +#endif +#endif + /* Elliptic Curves */ enum { WOLFSSL_ECC_SECP160R1 = 0x10, From 1fbaf089aea2832ee656979c691e90ee90bfc3cb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Tue, 24 Nov 2015 00:47:27 -0300 Subject: [PATCH 13/22] adds support to WOLFSSL_CSR2_OCSP in both DoCertificateStatus() and SendCertificateStatus(); adds contingence plan for status_request_v2; --- src/internal.c | 61 ++++++++++++++++++++++---- src/tls.c | 106 +++++++++++++++++++++++++++++++++++++++++++++ wolfssl/internal.h | 23 +++++++--- 3 files changed, 174 insertions(+), 16 deletions(-) diff --git a/src/internal.c b/src/internal.c index 163c34d5e..0503ae722 100644 --- a/src/internal.c +++ b/src/internal.c @@ -526,6 +526,10 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method) /* In case contexts are held in array and don't want to free actual ctx */ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx) { + int i; + + (void)i; + XFREE(ctx->method, ctx->heap, DYNAMIC_TYPE_METHOD); if (ctx->suites) XFREE(ctx->suites, ctx->heap, DYNAMIC_TYPE_SUITES); @@ -534,22 +538,39 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx) XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_DH); XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH); #endif + #ifndef NO_CERTS XFREE(ctx->privateKey.buffer, ctx->heap, DYNAMIC_TYPE_KEY); XFREE(ctx->certificate.buffer, ctx->heap, DYNAMIC_TYPE_CERT); XFREE(ctx->certChain.buffer, ctx->heap, DYNAMIC_TYPE_CERT); wolfSSL_CertManagerFree(ctx->cm); #endif + #ifdef HAVE_TLS_EXTENSIONS TLSX_FreeAll(ctx->extensions); - #ifdef HAVE_CERTIFICATE_STATUS_REQUEST - if (ctx->certOcspRequest) { - FreeOcspRequest(ctx->certOcspRequest); - XFREE(ctx->certOcspRequest, NULL, DYNAMIC_TYPE_OCSP_REQUEST); - } - #endif +#ifndef NO_WOLFSSL_SERVER + +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ + || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) + if (ctx->certOcspRequest) { + FreeOcspRequest(ctx->certOcspRequest); + XFREE(ctx->certOcspRequest, NULL, DYNAMIC_TYPE_OCSP_REQUEST); + } #endif + +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) + for (i = 0; i < MAX_CHAIN_DEPTH; i++) { + if (ctx->chainOcspRequest[i]) { + FreeOcspRequest(ctx->chainOcspRequest[i]); + XFREE(ctx->chainOcspRequest[i], NULL, DYNAMIC_TYPE_OCSP_REQUEST); + } + } +#endif + +#endif /* NO_WOLFSSL_SERVER */ + +#endif /* HAVE_TLS_EXTENSIONS */ } @@ -4464,14 +4485,21 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx, if (fatal == 0) { int doLookup = 1; -#ifdef HAVE_CERTIFICATE_STATUS_REQUEST + /* TODO CSR2 */ if (ssl->options.side == WOLFSSL_CLIENT_END) { +#ifdef HAVE_CERTIFICATE_STATUS_REQUEST if (ssl->status_request) { fatal = TLSX_CSR_InitRequest(ssl->extensions, dCert); doLookup = 0; } - } #endif +#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 + if (ssl->status_request_v2) { + fatal = TLSX_CSR2_InitRequests(ssl->extensions, dCert); + doLookup = 0; + } +#endif + } #ifdef HAVE_OCSP if (doLookup && ssl->ctx->cm->ocspEnabled) { @@ -4827,7 +4855,7 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx, /* WOLFSSL_CSR_OCSP overlaps with WOLFSSL_CSR2_OCSP */ case WOLFSSL_CSR2_OCSP: { - OcspRequest* request = TLSX_CSR_GetRequest(ssl->extensions); + OcspRequest* request; #ifdef WOLFSSL_SMALL_STACK CertStatus* status; @@ -4840,12 +4868,15 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx, do { #ifdef HAVE_CERTIFICATE_STATUS_REQUEST if (ssl->status_request) { + request = TLSX_CSR_GetRequest(ssl->extensions); ssl->status_request = 0; break; } #endif #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 if (ssl->status_request_v2) { + request = TLSX_CSR2_GetRequest(ssl->extensions, + WOLFSSL_CSR2_OCSP); ssl->status_request_v2 = 0; break; } @@ -4853,6 +4884,9 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx, return BUFFER_ERROR; } while(0); + if (request == NULL) + return BAD_CERTIFICATE_STATUS_ERROR; /* not expected */ + #ifdef WOLFSSL_SMALL_STACK status = (CertStatus*)XMALLOC(sizeof(CertStatus), NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -5132,6 +5166,15 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type) if ((ret = TLSX_CSR_ForceRequest(ssl)) != 0) return ret; } +#endif +#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 + if (ssl->status_request_v2) { + int ret; + + WOLFSSL_MSG("No CertificateStatus before ServerKeyExchange"); + if ((ret = TLSX_CSR2_ForceRequest(ssl)) != 0) + return ret; + } #endif } diff --git a/src/tls.c b/src/tls.c index ba8bd1a7d..177cb73f5 100644 --- a/src/tls.c +++ b/src/tls.c @@ -2329,6 +2329,36 @@ static int TLSX_CSR2_Parse(WOLFSSL* ssl, byte* input, word16 length, if (!csr2) return BUFFER_ERROR; /* unexpected extension */ + + /* enable extension at ssl level */ + for (; csr2; csr2 = csr2->next) { + ret = TLSX_UseCertificateStatusRequestV2(&ssl->extensions, + csr2->status_type, csr2->options); + if (ret != SSL_SUCCESS) + return ret; + + switch (csr2->status_type) { + case WOLFSSL_CSR2_OCSP: + /* followed by */ + case WOLFSSL_CSR2_OCSP_MULTI: + /* propagate nonce */ + if (csr2->request.ocsp.nonceSz) { + OcspRequest* request = + TLSX_CSR2_GetRequest(ssl->extensions, + csr2->status_type); + + if (request) { + XMEMCPY(request->nonce, + csr2->request.ocsp.nonce, + csr2->request.ocsp.nonceSz); + + request->nonceSz = csr2->request.ocsp.nonceSz; + } + } + break; + } + } + } ssl->status_request_v2 = 1; @@ -2417,6 +2447,82 @@ static int TLSX_CSR2_Parse(WOLFSSL* ssl, byte* input, word16 length, return 0; } +int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert) +{ + TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST_V2); + CertificateStatusRequestItemV2* csr2 = extension ? extension->data : NULL; + int ret = 0; + + for (; csr2; csr2 = csr2->next) { + switch (csr2->status_type) { + case WOLFSSL_CSR2_OCSP: + /* followed by */ + + case WOLFSSL_CSR2_OCSP_MULTI: { + byte nonce[MAX_OCSP_NONCE_SZ]; + int nonceSz = csr2->request.ocsp.nonceSz; + + /* preserve nonce */ + XMEMCPY(nonce, csr2->request.ocsp.nonce, nonceSz); + + if ((ret = InitOcspRequest(&csr2->request.ocsp, cert, 0)) != 0) + return ret; + + /* restore nonce */ + XMEMCPY(csr2->request.ocsp.nonce, nonce, nonceSz); + csr2->request.ocsp.nonceSz = nonceSz; + } + break; + } + } + + return ret; +} + +void* TLSX_CSR2_GetRequest(TLSX* extensions, byte status_type) +{ + TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST_V2); + CertificateStatusRequestItemV2* csr2 = extension ? extension->data : NULL; + + for (; csr2; csr2 = csr2->next) { + if (csr2->status_type == status_type) { + switch (csr2->status_type) { + case WOLFSSL_CSR2_OCSP: + /* followed by */ + + case WOLFSSL_CSR2_OCSP_MULTI: + return &csr2->request.ocsp; + break; + } + } + } + + return NULL; +} + +int TLSX_CSR2_ForceRequest(WOLFSSL* ssl) +{ + TLSX* extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST_V2); + CertificateStatusRequestItemV2* csr2 = extension ? extension->data : NULL; + + /* forces only the first one */ + if (csr2) { + switch (csr2->status_type) { + case WOLFSSL_CSR2_OCSP: + /* followed by */ + + case WOLFSSL_CSR2_OCSP_MULTI: + if (ssl->ctx->cm->ocspEnabled) + return CheckOcspRequest(ssl->ctx->cm->ocsp, + &csr2->request.ocsp, NULL); + else + return OCSP_LOOKUP_FAIL; + } + } + + return 0; +} + int TLSX_UseCertificateStatusRequestV2(TLSX** extensions, byte status_type, byte options) { diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 67a535060..9e592fb26 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -1589,11 +1589,11 @@ typedef struct { } request; } CertificateStatusRequest; -WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequest(TLSX** extensions, +WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequest(TLSX** extensions, byte status_type, byte options); -WOLFSSL_LOCAL int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert); -WOLFSSL_LOCAL void* TLSX_CSR_GetRequest(TLSX* extensions); -WOLFSSL_LOCAL int TLSX_CSR_ForceRequest(WOLFSSL* ssl); +WOLFSSL_LOCAL int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert); +WOLFSSL_LOCAL void* TLSX_CSR_GetRequest(TLSX* extensions); +WOLFSSL_LOCAL int TLSX_CSR_ForceRequest(WOLFSSL* ssl); #endif @@ -1610,8 +1610,11 @@ typedef struct CSRIv2 { struct CSRIv2* next; } CertificateStatusRequestItemV2; -WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequestV2(TLSX** extensions, +WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequestV2(TLSX** extensions, byte status_type, byte options); +WOLFSSL_LOCAL int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert); +WOLFSSL_LOCAL void* TLSX_CSR2_GetRequest(TLSX* extensions, byte status_type); +WOLFSSL_LOCAL int TLSX_CSR2_ForceRequest(WOLFSSL* ssl); #endif @@ -1790,8 +1793,14 @@ struct WOLFSSL_CTX { #endif #ifdef HAVE_TLS_EXTENSIONS TLSX* extensions; /* RFC 6066 TLS Extensions data */ - #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) && !defined(NO_WOLFSSL_SERVER) - OcspRequest* certOcspRequest; + #ifndef NO_WOLFSSL_SERVER + #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ + || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) + OcspRequest* certOcspRequest; + #endif + #if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) + OcspRequest* chainOcspRequest[MAX_CHAIN_DEPTH]; + #endif #endif #if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SEVER) SessionTicketEncCb ticketEncCb; /* enc/dec session ticket Cb */ From 07356af78ea8097ae5086df854228ddc96601346 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Mon, 30 Nov 2015 18:34:00 -0300 Subject: [PATCH 14/22] prepares BuildCertificateStatus() to send more than one certificate status; --- src/internal.c | 196 ++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 160 insertions(+), 36 deletions(-) diff --git a/src/internal.c b/src/internal.c index 0503ae722..b7fc15bdc 100644 --- a/src/internal.c +++ b/src/internal.c @@ -4850,6 +4850,7 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx, return BUFFER_ERROR; switch (status_type) { + #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) @@ -4873,6 +4874,7 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx, break; } #endif + #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 if (ssl->status_request_v2) { request = TLSX_CSR2_GetRequest(ssl->extensions, @@ -4881,6 +4883,7 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx, break; } #endif + return BUFFER_ERROR; } while(0); @@ -8200,16 +8203,34 @@ int SendCertificateRequest(WOLFSSL* ssl) #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) -static int BuildCertificateStatus(WOLFSSL* ssl, byte type, buffer status) +static int BuildCertificateStatus(WOLFSSL* ssl, byte type, buffer* status, + byte count) { byte* output = NULL; word32 idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; - word32 length = ENUM_LEN + OPAQUE24_LEN + status.length; - int sendSz = idx + length; + word32 length = ENUM_LEN; + int sendSz = 0; int ret = 0; + int i = 0; WOLFSSL_ENTER("BuildCertificateStatus"); + switch (type) { + case WOLFSSL_CSR2_OCSP_MULTI: + length += OPAQUE24_LEN; + /* followed by */ + + case WOLFSSL_CSR2_OCSP: + for (i = 0; i < count; i++) + length += OPAQUE24_LEN + status[i].length; + break; + + default: + return 0; + } + + sendSz = idx + length; + if (ssl->keys.encryptionOn) sendSz += MAX_MSG_EXTRA; @@ -8221,11 +8242,18 @@ static int BuildCertificateStatus(WOLFSSL* ssl, byte type, buffer status) output[idx++] = type; - c32to24(status.length, output + idx); - idx += OPAQUE24_LEN; + if (type == WOLFSSL_CSR2_OCSP_MULTI) { + c32to24(length - (ENUM_LEN + OPAQUE24_LEN), output + idx); + idx += OPAQUE24_LEN; + } - XMEMCPY(output + idx, status.buffer, status.length); - idx += status.length; + for (i = 0; i < count; i++) { + c32to24(status[i].length, output + idx); + idx += OPAQUE24_LEN; + + XMEMCPY(output + idx, status[i].buffer, status[i].length); + idx += status[i].length; + } if (ssl->keys.encryptionOn) { byte* input; @@ -8280,17 +8308,18 @@ int SendCertificateStatus(WOLFSSL* ssl) (void) ssl; -#ifdef HAVE_CERTIFICATE_STATUS_REQUEST - status_type = ssl->status_request; -#endif + #ifdef HAVE_CERTIFICATE_STATUS_REQUEST + status_type = ssl->status_request; + #endif -#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 - status_type = status_type ? status_type : ssl->status_request_v2; -#endif + #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 + status_type = status_type ? status_type : ssl->status_request_v2; + #endif switch (status_type) { -#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ - || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) + + #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ + || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) /* case WOLFSSL_CSR_OCSP: */ case WOLFSSL_CSR2_OCSP: { OcspRequest* request = ssl->ctx->certOcspRequest; @@ -8302,22 +8331,22 @@ int SendCertificateStatus(WOLFSSL* ssl) if (!request || ssl->buffers.weOwnCert) { buffer der = ssl->buffers.certificate; - #ifdef WOLFSSL_SMALL_STACK - DecodedCert* cert = NULL; - #else - DecodedCert cert[1]; - #endif + #ifdef WOLFSSL_SMALL_STACK + DecodedCert* cert = NULL; + #else + DecodedCert cert[1]; + #endif /* unable to fetch status. skip. */ if (der.buffer == NULL || der.length == 0) return 0; -#ifdef WOLFSSL_SMALL_STACK - cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, + #ifdef WOLFSSL_SMALL_STACK + cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (cert == NULL) - return MEMORY_E; -#endif + if (cert == NULL) + return MEMORY_E; + #endif InitDecodedCert(cert, der.buffer, der.length, NULL); @@ -8330,9 +8359,11 @@ int SendCertificateStatus(WOLFSSL* ssl) DYNAMIC_TYPE_OCSP_REQUEST); if (request == NULL) { FreeDecodedCert(cert); -#ifdef WOLFSSL_SMALL_STACK - XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER); -#endif + + #ifdef WOLFSSL_SMALL_STACK + XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER); + #endif + return MEMORY_E; } @@ -8349,9 +8380,10 @@ int SendCertificateStatus(WOLFSSL* ssl) } FreeDecodedCert(cert); -#ifdef WOLFSSL_SMALL_STACK - XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER); -#endif + + #ifdef WOLFSSL_SMALL_STACK + XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER); + #endif } if (ret == 0) { @@ -8366,7 +8398,8 @@ int SendCertificateStatus(WOLFSSL* ssl) if (response.buffer) { if (ret == 0) - ret = BuildCertificateStatus(ssl,status_type, response); + ret = BuildCertificateStatus(ssl, status_type, + &response, 1); XFREE(response.buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER); } @@ -8377,12 +8410,103 @@ int SendCertificateStatus(WOLFSSL* ssl) XFREE(request, NULL, DYNAMIC_TYPE_OCSP_REQUEST); } break; -#endif -#if defined HAVE_CERTIFICATE_STATUS_REQUEST_V2 - case WOLFSSL_CSR2_OCSP_MULTI: + #endif /* HAVE_CERTIFICATE_STATUS_REQUEST */ + /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */ + + #if defined HAVE_CERTIFICATE_STATUS_REQUEST_V2 + case WOLFSSL_CSR2_OCSP_MULTI: { + OcspRequest* request = ssl->ctx->certOcspRequest; + buffer response = {NULL, 0}; + + /* unable to fetch status. skip. */ + if (ssl->ctx->cm == NULL || ssl->ctx->cm->ocspStaplingEnabled == 0) + return 0; + + if (!request || ssl->buffers.weOwnCert) { + buffer der = ssl->buffers.certificate; + #ifdef WOLFSSL_SMALL_STACK + DecodedCert* cert = NULL; + #else + DecodedCert cert[1]; + #endif + + /* unable to fetch status. skip. */ + if (der.buffer == NULL || der.length == 0) + return 0; + + #ifdef WOLFSSL_SMALL_STACK + cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (cert == NULL) + return MEMORY_E; + #endif + + InitDecodedCert(cert, der.buffer, der.length, NULL); + + if ((ret = ParseCertRelative(cert, CERT_TYPE, VERIFY, + ssl->ctx->cm)) != 0) { + WOLFSSL_MSG("ParseCert failed"); + } + else { + request = (OcspRequest*)XMALLOC(sizeof(OcspRequest), NULL, + DYNAMIC_TYPE_OCSP_REQUEST); + if (request == NULL) { + FreeDecodedCert(cert); + + #ifdef WOLFSSL_SMALL_STACK + XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER); + #endif + + return MEMORY_E; + } + + ret = InitOcspRequest(request, cert, 0); + if (ret != 0) { + XFREE(request, NULL, DYNAMIC_TYPE_OCSP_REQUEST); + } + else if (!ssl->buffers.weOwnCert && 0 == LockMutex( + &ssl->ctx->cm->ocsp_stapling->ocspLock)) { + if (!ssl->ctx->certOcspRequest) + ssl->ctx->certOcspRequest = request; + + UnLockMutex(&ssl->ctx->cm->ocsp_stapling->ocspLock); + } + } + + FreeDecodedCert(cert); + + #ifdef WOLFSSL_SMALL_STACK + XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER); + #endif + } + + if (ret == 0) { + ret = CheckOcspRequest(ssl->ctx->cm->ocsp_stapling, request, + &response); + + /* Suppressing, not critical */ + if (ret == OCSP_CERT_REVOKED + || ret == OCSP_CERT_UNKNOWN + || ret == OCSP_LOOKUP_FAIL) + ret = 0; + + if (response.buffer) { + if (ret == 0) + ret = BuildCertificateStatus(ssl, status_type, + &response, 1); + + XFREE(response.buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } + + } + + if (request != ssl->ctx->certOcspRequest) + XFREE(request, NULL, DYNAMIC_TYPE_OCSP_REQUEST); + } break; -#endif + + #endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */ default: break; From 346dcb0fd9af585bb055e9b8a315b0beb838269a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Mon, 30 Nov 2015 21:26:00 -0300 Subject: [PATCH 15/22] adds WOLFSSL_CSR2_OCSP_MULTI support; --- src/internal.c | 268 +++++++++++++++++++++++++++++++++++++++------ src/tls.c | 59 ++++++---- wolfssl/internal.h | 7 +- 3 files changed, 274 insertions(+), 60 deletions(-) diff --git a/src/internal.c b/src/internal.c index b7fc15bdc..6b2d44459 100644 --- a/src/internal.c +++ b/src/internal.c @@ -4393,7 +4393,13 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx, #if defined(HAVE_OCSP) || defined(HAVE_CRL) if (ret == 0) { int doCrlLookup = 1; + #ifdef HAVE_OCSP + #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 + if (ssl->status_request_v2) + ret = TLSX_CSR2_InitRequests(ssl->extensions, dCert); + else /* skips OCSP and force CRL check */ + #endif if (ssl->ctx->cm->ocspEnabled && ssl->ctx->cm->ocspCheckAll) { WOLFSSL_MSG("Doing Non Leaf OCSP check"); ret = CheckCertOCSP(ssl->ctx->cm->ocsp, dCert, NULL); @@ -4406,7 +4412,7 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx, #endif /* HAVE_OCSP */ #ifdef HAVE_CRL - if (doCrlLookup && ssl->ctx->cm->crlEnabled + if (ret == 0 && doCrlLookup && ssl->ctx->cm->crlEnabled && ssl->ctx->cm->crlCheckAll) { WOLFSSL_MSG("Doing Non Leaf CRL check"); ret = CheckCertCRL(ssl->ctx->cm->crl, dCert); @@ -4858,13 +4864,13 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx, case WOLFSSL_CSR2_OCSP: { OcspRequest* request; - #ifdef WOLFSSL_SMALL_STACK - CertStatus* status; - OcspResponse* response; - #else - CertStatus status[1]; - OcspResponse response[1]; - #endif + #ifdef WOLFSSL_SMALL_STACK + CertStatus* status; + OcspResponse* response; + #else + CertStatus status[1]; + OcspResponse response[1]; + #endif do { #ifdef HAVE_CERTIFICATE_STATUS_REQUEST @@ -4878,7 +4884,7 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx, #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 if (ssl->status_request_v2) { request = TLSX_CSR2_GetRequest(ssl->extensions, - WOLFSSL_CSR2_OCSP); + status_type, 0); ssl->status_request_v2 = 0; break; } @@ -4890,19 +4896,21 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx, if (request == NULL) return BAD_CERTIFICATE_STATUS_ERROR; /* not expected */ - #ifdef WOLFSSL_SMALL_STACK - status = (CertStatus*)XMALLOC(sizeof(CertStatus), NULL, + #ifdef WOLFSSL_SMALL_STACK + status = (CertStatus*)XMALLOC(sizeof(CertStatus), NULL, DYNAMIC_TYPE_TMP_BUFFER); - response = (OcspResponse*)XMALLOC(sizeof(OcspResponse), NULL, + response = (OcspResponse*)XMALLOC(sizeof(OcspResponse), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (status == NULL || response == NULL) { - if (status) XFREE(status, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (response) XFREE(response, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (status == NULL || response == NULL) { + if (status) + XFREE(status, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (response) + XFREE(response, NULL, DYNAMIC_TYPE_TMP_BUFFER); - return MEMORY_ERROR; - } - #endif + return MEMORY_ERROR; + } + #endif InitOcspResponse(response, status, input +*inOutIdx, status_length); @@ -4914,13 +4922,109 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx, *inOutIdx += status_length; - #ifdef WOLFSSL_SMALL_STACK - XFREE(status, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(response, NULL, DYNAMIC_TYPE_TMP_BUFFER); - #endif + #ifdef WOLFSSL_SMALL_STACK + XFREE(status, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(response, NULL, DYNAMIC_TYPE_TMP_BUFFER); + #endif } break; + + #endif + + #if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) + + case WOLFSSL_CSR2_OCSP_MULTI: { + OcspRequest* request; + word32 list_length = status_length; + byte index = 0; + + #ifdef WOLFSSL_SMALL_STACK + CertStatus* status; + OcspResponse* response; + #else + CertStatus status[1]; + OcspResponse response[1]; + #endif + + do { + if (ssl->status_request_v2) { + ssl->status_request_v2 = 0; + break; + } + + return BUFFER_ERROR; + } while(0); + + #ifdef WOLFSSL_SMALL_STACK + status = (CertStatus*)XMALLOC(sizeof(CertStatus), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + response = (OcspResponse*)XMALLOC(sizeof(OcspResponse), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + + if (status == NULL || response == NULL) { + if (status) + XFREE(status, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (response) + XFREE(response, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + return MEMORY_ERROR; + } + #endif + + while (list_length && ret == 0) { + if (OPAQUE24_LEN > list_length) { + ret = BUFFER_ERROR; + break; + } + + c24to32(input + *inOutIdx, &status_length); + *inOutIdx += OPAQUE24_LEN; + list_length -= OPAQUE24_LEN; + + if (status_length > list_length) { + ret = BUFFER_ERROR; + break; + } + + if (status_length) { + InitOcspResponse(response, status, input +*inOutIdx, + status_length); + + if ((OcspResponseDecode(response, ssl->ctx->cm) != 0) + || (response->responseStatus != OCSP_SUCCESSFUL) + || (response->status->status != CERT_GOOD)) + ret = BAD_CERTIFICATE_STATUS_ERROR; + + while (ret == 0) { + request = TLSX_CSR2_GetRequest(ssl->extensions, + status_type, index++); + + if (request == NULL) + ret = BAD_CERTIFICATE_STATUS_ERROR; + else if (CompareOcspReqResp(request, response) == 0) + break; + else if (index == 1) + ret = BAD_CERTIFICATE_STATUS_ERROR; + } + + *inOutIdx += status_length; + list_length -= status_length; + } + } + + #if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) + ssl->status_request_v2 = 0; + #endif + + #ifdef WOLFSSL_SMALL_STACK + XFREE(status, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(response, NULL, DYNAMIC_TYPE_TMP_BUFFER); + #endif + + } + break; + #endif default: @@ -8417,7 +8521,10 @@ int SendCertificateStatus(WOLFSSL* ssl) #if defined HAVE_CERTIFICATE_STATUS_REQUEST_V2 case WOLFSSL_CSR2_OCSP_MULTI: { OcspRequest* request = ssl->ctx->certOcspRequest; - buffer response = {NULL, 0}; + buffer responses[1 + MAX_CHAIN_DEPTH]; + int i = 0; + + ForceZero(responses, sizeof(responses)); /* unable to fetch status. skip. */ if (ssl->ctx->cm == NULL || ssl->ctx->cm->ocspStaplingEnabled == 0) @@ -8483,26 +8590,121 @@ int SendCertificateStatus(WOLFSSL* ssl) if (ret == 0) { ret = CheckOcspRequest(ssl->ctx->cm->ocsp_stapling, request, - &response); + &responses[0]); /* Suppressing, not critical */ if (ret == OCSP_CERT_REVOKED || ret == OCSP_CERT_UNKNOWN || ret == OCSP_LOOKUP_FAIL) ret = 0; - - if (response.buffer) { - if (ret == 0) - ret = BuildCertificateStatus(ssl, status_type, - &response, 1); - - XFREE(response.buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } - } if (request != ssl->ctx->certOcspRequest) XFREE(request, NULL, DYNAMIC_TYPE_OCSP_REQUEST); + + if (ret == 0 && (!ssl->ctx->chainOcspRequest[0] + || ssl->buffers.weOwnCertChain)) { + buffer der = {NULL, 0}; + word32 idx = 0; + #ifdef WOLFSSL_SMALL_STACK + DecodedCert* cert = NULL; + #else + DecodedCert cert[1]; + #endif + + #ifdef WOLFSSL_SMALL_STACK + cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (cert == NULL) + return MEMORY_E; + #endif + + while (idx + OPAQUE24_LEN < ssl->buffers.certChain.length) { + c24to32(ssl->buffers.certChain.buffer + idx, &der.length); + idx += OPAQUE24_LEN; + + der.buffer = ssl->buffers.certChain.buffer + idx; + idx += der.length; + + if (idx > ssl->buffers.certChain.length) + break; + + InitDecodedCert(cert, der.buffer, der.length, NULL); + + if ((ret = ParseCertRelative(cert, CERT_TYPE, VERIFY, + ssl->ctx->cm)) != 0) { + WOLFSSL_MSG("ParseCert failed"); + break; + } + else { + request = (OcspRequest*)XMALLOC(sizeof(OcspRequest), + NULL, DYNAMIC_TYPE_OCSP_REQUEST); + if (request == NULL) { + ret = MEMORY_E; + break; + } + + ret = InitOcspRequest(request, cert, 0); + if (ret != 0) { + XFREE(request, NULL, DYNAMIC_TYPE_OCSP_REQUEST); + break; + } + else if (!ssl->buffers.weOwnCertChain && 0 == + LockMutex( + &ssl->ctx->cm->ocsp_stapling->ocspLock)) { + if (!ssl->ctx->chainOcspRequest[i]) + ssl->ctx->chainOcspRequest[i] = request; + + UnLockMutex( + &ssl->ctx->cm->ocsp_stapling->ocspLock); + } + + ret = CheckOcspRequest(ssl->ctx->cm->ocsp_stapling, + request, &responses[i + 1]); + + /* Suppressing, not critical */ + if (ret == OCSP_CERT_REVOKED + || ret == OCSP_CERT_UNKNOWN + || ret == OCSP_LOOKUP_FAIL) + ret = 0; + + if (request != ssl->ctx->chainOcspRequest[i]) + XFREE(request, NULL, DYNAMIC_TYPE_OCSP_REQUEST); + + i++; + } + + FreeDecodedCert(cert); + } + + #ifdef WOLFSSL_SMALL_STACK + XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER); + #endif + } + else { + while (ret == 0 && + NULL != (request = ssl->ctx->chainOcspRequest[i])) { + ret = CheckOcspRequest(ssl->ctx->cm->ocsp_stapling, + request, &responses[++i]); + + /* Suppressing, not critical */ + if (ret == OCSP_CERT_REVOKED + || ret == OCSP_CERT_UNKNOWN + || ret == OCSP_LOOKUP_FAIL) + ret = 0; + } + } + + if (responses[0].buffer) { + if (ret == 0) + ret = BuildCertificateStatus(ssl, status_type, + responses, i + 1); + + for (i = 0; i < 1 + MAX_CHAIN_DEPTH; i++) + if (responses[i].buffer) + XFREE(responses[i].buffer, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + } } break; diff --git a/src/tls.c b/src/tls.c index 177cb73f5..49bb8c4f9 100644 --- a/src/tls.c +++ b/src/tls.c @@ -2211,7 +2211,8 @@ static void TLSX_CSR2_FreeAll(CertificateStatusRequestItemV2* csr2) switch (csr2->status_type) { case WOLFSSL_CSR2_OCSP: case WOLFSSL_CSR2_OCSP_MULTI: - FreeOcspRequest(&csr2->request.ocsp); + while(csr2->requests--) + FreeOcspRequest(&csr2->request.ocsp[csr2->requests]); break; } @@ -2239,7 +2240,7 @@ static word16 TLSX_CSR2_GetSize(CertificateStatusRequestItemV2* csr2, case WOLFSSL_CSR2_OCSP_MULTI: size += ENUM_LEN + 3 * OPAQUE16_LEN; - if (csr2->request.ocsp.nonceSz) + if (csr2->request.ocsp[0].nonceSz) size += OCSP_NONCE_EXT_SZ; break; } @@ -2272,7 +2273,7 @@ static word16 TLSX_CSR2_Write(CertificateStatusRequestItemV2* csr2, /* request_length */ length = 2 * OPAQUE16_LEN; - if (csr2->request.ocsp.nonceSz) + if (csr2->request.ocsp[0].nonceSz) length += OCSP_NONCE_EXT_SZ; c16toa(length, output + offset); @@ -2285,9 +2286,9 @@ static word16 TLSX_CSR2_Write(CertificateStatusRequestItemV2* csr2, /* request extensions */ length = 0; - if (csr2->request.ocsp.nonceSz) + if (csr2->request.ocsp[0].nonceSz) length = EncodeOcspRequestExtensions( - &csr2->request.ocsp, + &csr2->request.ocsp[0], output + offset + OPAQUE16_LEN, OCSP_NONCE_EXT_SZ); @@ -2342,17 +2343,18 @@ static int TLSX_CSR2_Parse(WOLFSSL* ssl, byte* input, word16 length, /* followed by */ case WOLFSSL_CSR2_OCSP_MULTI: /* propagate nonce */ - if (csr2->request.ocsp.nonceSz) { + if (csr2->request.ocsp[0].nonceSz) { OcspRequest* request = TLSX_CSR2_GetRequest(ssl->extensions, - csr2->status_type); + csr2->status_type, 0); if (request) { XMEMCPY(request->nonce, - csr2->request.ocsp.nonce, - csr2->request.ocsp.nonceSz); + csr2->request.ocsp[0].nonce, + csr2->request.ocsp[0].nonceSz); - request->nonceSz = csr2->request.ocsp.nonceSz; + request->nonceSz = + csr2->request.ocsp[0].nonceSz; } } break; @@ -2456,21 +2458,29 @@ int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert) for (; csr2; csr2 = csr2->next) { switch (csr2->status_type) { case WOLFSSL_CSR2_OCSP: + if (csr2->requests != 0) + break; + /* followed by */ case WOLFSSL_CSR2_OCSP_MULTI: { - byte nonce[MAX_OCSP_NONCE_SZ]; - int nonceSz = csr2->request.ocsp.nonceSz; + if (csr2->requests < 1 + MAX_CHAIN_DEPTH) { + byte nonce[MAX_OCSP_NONCE_SZ]; + int nonceSz = csr2->request.ocsp[0].nonceSz; - /* preserve nonce */ - XMEMCPY(nonce, csr2->request.ocsp.nonce, nonceSz); + /* preserve nonce, replicating nonce of ocsp[0] */ + XMEMCPY(nonce, csr2->request.ocsp[0].nonce, nonceSz); - if ((ret = InitOcspRequest(&csr2->request.ocsp, cert, 0)) != 0) - return ret; + if ((ret = InitOcspRequest( + &csr2->request.ocsp[csr2->requests], cert, 0)) != 0) + return ret; - /* restore nonce */ - XMEMCPY(csr2->request.ocsp.nonce, nonce, nonceSz); - csr2->request.ocsp.nonceSz = nonceSz; + /* restore nonce */ + XMEMCPY(csr2->request.ocsp[csr2->requests].nonce, + nonce, nonceSz); + csr2->request.ocsp[csr2->requests].nonceSz = nonceSz; + csr2->requests++; + } } break; } @@ -2479,7 +2489,7 @@ int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert) return ret; } -void* TLSX_CSR2_GetRequest(TLSX* extensions, byte status_type) +void* TLSX_CSR2_GetRequest(TLSX* extensions, byte status_type, byte index) { TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST_V2); CertificateStatusRequestItemV2* csr2 = extension ? extension->data : NULL; @@ -2491,7 +2501,8 @@ void* TLSX_CSR2_GetRequest(TLSX* extensions, byte status_type) /* followed by */ case WOLFSSL_CSR2_OCSP_MULTI: - return &csr2->request.ocsp; + return index < csr2->requests ? &csr2->request.ocsp[index] + : NULL; break; } } @@ -2514,7 +2525,7 @@ int TLSX_CSR2_ForceRequest(WOLFSSL* ssl) case WOLFSSL_CSR2_OCSP_MULTI: if (ssl->ctx->cm->ocspEnabled) return CheckOcspRequest(ssl->ctx->cm->ocsp, - &csr2->request.ocsp, NULL); + &csr2->request.ocsp[0], NULL); else return OCSP_LOOKUP_FAIL; } @@ -2555,9 +2566,9 @@ int TLSX_UseCertificateStatusRequestV2(TLSX** extensions, byte status_type, WC_RNG rng; if (wc_InitRng(&rng) == 0) { - if (wc_RNG_GenerateBlock(&rng, csr2->request.ocsp.nonce, + if (wc_RNG_GenerateBlock(&rng, csr2->request.ocsp[0].nonce, MAX_OCSP_NONCE_SZ) == 0) - csr2->request.ocsp.nonceSz = MAX_OCSP_NONCE_SZ; + csr2->request.ocsp[0].nonceSz = MAX_OCSP_NONCE_SZ; wc_FreeRng(&rng); } diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 9e592fb26..87d5247bc 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -1603,9 +1603,9 @@ WOLFSSL_LOCAL int TLSX_CSR_ForceRequest(WOLFSSL* ssl); typedef struct CSRIv2 { byte status_type; byte options; - word16 request_length; + word16 requests; union { - OcspRequest ocsp; + OcspRequest ocsp[1 + MAX_CHAIN_DEPTH]; } request; struct CSRIv2* next; } CertificateStatusRequestItemV2; @@ -1613,7 +1613,8 @@ typedef struct CSRIv2 { WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequestV2(TLSX** extensions, byte status_type, byte options); WOLFSSL_LOCAL int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert); -WOLFSSL_LOCAL void* TLSX_CSR2_GetRequest(TLSX* extensions, byte status_type); +WOLFSSL_LOCAL void* TLSX_CSR2_GetRequest(TLSX* extensions, byte status_type, + byte index); WOLFSSL_LOCAL int TLSX_CSR2_ForceRequest(WOLFSSL* ssl); #endif From d30a1be572e888b3ee3e6ee12d8f040d409a6739 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Mon, 7 Dec 2015 18:19:09 -0300 Subject: [PATCH 16/22] adds new certificates for OCSP tests --- certs/ocsp/index.txt | 1 - certs/ocsp/index0.txt | 2 + certs/ocsp/index1.txt | 2 + certs/ocsp/index2.txt | 1 + certs/ocsp/intermediate1-ca-cert.pem | 182 +++++++++++++++++ certs/ocsp/intermediate1-ca-key.pem | 28 +++ certs/ocsp/intermediate2-ca-cert.pem | 182 +++++++++++++++++ certs/ocsp/intermediate2-ca-key.pem | 28 +++ certs/ocsp/ocsp-cert.pem | 182 ----------------- certs/ocsp/ocsp-responder-cert.pem | 180 +++++++++++++++++ .../{ocsp-key.pem => ocsp-responder-key.pem} | 0 certs/ocsp/ocspd.sh | 9 - certs/ocsp/ocspd0.sh | 10 + certs/ocsp/ocspd1.sh | 10 + certs/ocsp/ocspd2.sh | 10 + certs/ocsp/openssl.cnf | 33 ++++ certs/ocsp/renewcerts.sh | 50 +++++ certs/ocsp/root-ca-cert.pem | 91 +++++++++ certs/ocsp/root-ca-key.pem | 28 +++ certs/ocsp/server1-cert.pem | 184 ++++++++++++++++++ certs/ocsp/server1-key.pem | 28 +++ certs/ocsp/server2-cert.pem | 184 ++++++++++++++++++ certs/ocsp/server2-key.pem | 28 +++ certs/ocsp/server3-cert.pem | 184 ++++++++++++++++++ certs/ocsp/server3-key.pem | 28 +++ 25 files changed, 1473 insertions(+), 192 deletions(-) delete mode 100644 certs/ocsp/index.txt create mode 100644 certs/ocsp/index0.txt create mode 100644 certs/ocsp/index1.txt create mode 100644 certs/ocsp/index2.txt create mode 100644 certs/ocsp/intermediate1-ca-cert.pem create mode 100644 certs/ocsp/intermediate1-ca-key.pem create mode 100644 certs/ocsp/intermediate2-ca-cert.pem create mode 100644 certs/ocsp/intermediate2-ca-key.pem delete mode 100644 certs/ocsp/ocsp-cert.pem create mode 100644 certs/ocsp/ocsp-responder-cert.pem rename certs/ocsp/{ocsp-key.pem => ocsp-responder-key.pem} (100%) delete mode 100755 certs/ocsp/ocspd.sh create mode 100755 certs/ocsp/ocspd0.sh create mode 100755 certs/ocsp/ocspd1.sh create mode 100755 certs/ocsp/ocspd2.sh create mode 100644 certs/ocsp/openssl.cnf create mode 100755 certs/ocsp/renewcerts.sh create mode 100644 certs/ocsp/root-ca-cert.pem create mode 100644 certs/ocsp/root-ca-key.pem create mode 100644 certs/ocsp/server1-cert.pem create mode 100644 certs/ocsp/server1-key.pem create mode 100644 certs/ocsp/server2-cert.pem create mode 100644 certs/ocsp/server2-key.pem create mode 100644 certs/ocsp/server3-cert.pem create mode 100644 certs/ocsp/server3-key.pem diff --git a/certs/ocsp/index.txt b/certs/ocsp/index.txt deleted file mode 100644 index 91b85cff4..000000000 --- a/certs/ocsp/index.txt +++ /dev/null @@ -1 +0,0 @@ -V 051213070133Z 01 unknown /C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=Support/CN=www.wolfssl.com/emailAddress=info@wolfssl.com diff --git a/certs/ocsp/index0.txt b/certs/ocsp/index0.txt new file mode 100644 index 000000000..3b7524369 --- /dev/null +++ b/certs/ocsp/index0.txt @@ -0,0 +1,2 @@ +V 161213070133Z 01 unknown /C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL intermediate CA/emailAddress=info@wolfssl.com +R 161213070133Z 151201070133Z 02 unknown /C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL REVOKED intermediate CA/emailAddress=info@wolfssl.com diff --git a/certs/ocsp/index1.txt b/certs/ocsp/index1.txt new file mode 100644 index 000000000..fc223eedc --- /dev/null +++ b/certs/ocsp/index1.txt @@ -0,0 +1,2 @@ +V 161213070133Z 04 unknown /C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=www1.wolfssl.com/emailAddress=info@wolfssl.com +R 161213070133Z 151201070133Z 05 unknown /C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=www2.wolfssl.com/emailAddress=info@wolfssl.com diff --git a/certs/ocsp/index2.txt b/certs/ocsp/index2.txt new file mode 100644 index 000000000..3edb677b5 --- /dev/null +++ b/certs/ocsp/index2.txt @@ -0,0 +1 @@ +V 161213070133Z 06 unknown /C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=www3.wolfssl.com/emailAddress=info@wolfssl.com diff --git a/certs/ocsp/intermediate1-ca-cert.pem b/certs/ocsp/intermediate1-ca-cert.pem new file mode 100644 index 000000000..a4a1cb222 --- /dev/null +++ b/certs/ocsp/intermediate1-ca-cert.pem @@ -0,0 +1,182 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com + Validity + Not Before: Dec 7 22:42:29 2015 GMT + Not After : Sep 2 22:42:29 2018 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL intermediate CA/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:de:b4:c8:5c:77:e0:2d:b1:f5:b9:ad:16:47:35: + a0:35:65:65:c6:e1:40:ab:1e:b4:b9:13:b7:cb:8c: + bb:77:a5:76:da:6d:87:87:f6:4a:4d:13:e4:26:3e: + 27:87:ee:5b:c7:6a:3f:45:30:61:55:5c:f6:35:d1: + 65:fa:98:11:a3:a7:55:d5:be:91:82:4b:fc:be:90: + d6:50:53:63:9a:2c:22:e1:35:11:dc:78:02:97:8a: + e4:46:92:9c:53:08:76:de:1f:53:b6:b8:ca:77:3e: + 79:6e:bc:d0:e3:0d:30:5b:4c:f6:94:0d:30:29:64: + 9f:04:e5:db:fb:89:60:67:bb:af:26:83:51:77:24: + 2f:2b:0b:a1:94:81:10:98:e8:eb:26:a8:1e:7c:e4: + c4:6c:67:06:95:55:4a:dd:52:f4:f2:60:6d:01:2b: + 19:91:35:6d:a4:08:47:06:71:24:00:d9:de:c6:56: + f3:8b:53:2c:e2:9a:96:a5:f3:62:e5:c4:e3:23:f2: + d2:fc:21:ea:0f:62:76:8d:d5:99:48:ce:dc:58:c4: + bb:7f:da:94:2c:80:74:83:c5:e0:b0:15:7e:41:fd: + 0e:f2:f4:f0:78:76:7b:ad:26:0d:aa:48:96:17:2f: + 21:e3:95:2b:26:37:f9:aa:80:2f:fe:de:f6:5e:bc: + 97:7f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + X509v3 Subject Key Identifier: + 83:C6:3A:89:2C:81:F4:02:D7:9D:4C:E2:2A:C0:71:82:64:44:DA:0E + X509v3 Authority Key Identifier: + keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 + DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com + serial:EF:57:D8:F5:69:38:95:25 + + Authority Information Access: + OCSP - URI:http://localhost:22220 + + Signature Algorithm: sha256WithRSAEncryption + 3d:92:fc:b0:73:95:d8:5a:18:e3:27:fc:55:05:14:54:2e:af: + 37:1e:37:11:25:e8:c9:7a:b0:9b:68:fb:a0:69:91:fd:bb:dd: + 00:55:fb:30:b3:4a:59:a6:58:bb:e4:03:3e:f2:98:a2:07:71: + c7:de:3a:a0:0b:eb:43:44:77:2b:fc:5d:96:a7:89:c8:1a:6a: + 6e:b6:34:00:bb:e0:8a:5b:2b:ad:3a:f4:ab:b9:d4:54:f9:85: + 9a:f7:3b:23:00:dc:17:8f:55:1f:b9:e1:17:10:61:91:50:77: + b6:57:be:75:61:6e:cc:9c:27:76:32:c2:de:b4:ee:11:ff:10: + f7:99:49:38:8e:af:af:fa:73:1e:34:20:6c:3e:9f:cb:56:70: + 20:47:21:d3:2c:db:9b:ad:3b:32:96:72:be:d3:1b:d2:33:21: + 9b:4b:86:3a:64:45:37:8b:60:80:3b:3e:08:7a:06:f2:aa:20: + 7b:63:2c:df:03:c0:2a:74:07:61:db:f3:ec:8a:17:a4:36:a1: + 6c:b6:c0:64:f7:8a:5b:d0:43:64:bb:3e:ed:5d:e8:06:9c:b0: + ef:c2:f3:d1:ff:e2:05:5e:1f:e1:bd:ef:2a:32:a3:44:9f:44: + 99:c0:a3:27:8b:af:24:c4:5f:2b:d5:05:a2:18:70:32:a4:d2: + 75:16:1b:b1 +-----BEGIN CERTIFICATE----- +MIIE6TCCA9GgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx +EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM +B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx +MjA3MjI0MjI5WhcNMTgwOTAyMjI0MjI5WjCBnzELMAkGA1UEBhMCVVMxEzARBgNV +BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT +U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSAwHgYDVQQDDBd3b2xmU1NMIGludGVy +bWVkaWF0ZSBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN60yFx34C2x9bmtFkc1oDVlZcbh +QKsetLkTt8uMu3eldtpth4f2Sk0T5CY+J4fuW8dqP0UwYVVc9jXRZfqYEaOnVdW+ +kYJL/L6Q1lBTY5osIuE1Edx4ApeK5EaSnFMIdt4fU7a4ync+eW680OMNMFtM9pQN +MClknwTl2/uJYGe7ryaDUXckLysLoZSBEJjo6yaoHnzkxGxnBpVVSt1S9PJgbQEr +GZE1baQIRwZxJADZ3sZW84tTLOKalqXzYuXE4yPy0vwh6g9ido3VmUjO3FjEu3/a +lCyAdIPF4LAVfkH9DvL08Hh2e60mDapIlhcvIeOVKyY3+aqAL/7e9l68l38CAwEA +AaOCATQwggEwMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFIPGOoksgfQC151M4irA +cYJkRNoOMIHMBgNVHSMEgcQwgcGAFHOwHKQvgsvPR6U417AEgjp+chUhoYGdpIGa +MIGXMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwH +U2VhdHRsZTEQMA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcx +GDAWBgNVBAMMD3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3 +b2xmc3NsLmNvbYIJAO9X2PVpOJUlMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw +AYYWaHR0cDovL2xvY2FsaG9zdDoyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAPZL8 +sHOV2FoY4yf8VQUUVC6vNx43ESXoyXqwm2j7oGmR/bvdAFX7MLNKWaZYu+QDPvKY +ogdxx946oAvrQ0R3K/xdlqeJyBpqbrY0ALvgilsrrTr0q7nUVPmFmvc7IwDcF49V +H7nhFxBhkVB3tle+dWFuzJwndjLC3rTuEf8Q95lJOI6vr/pzHjQgbD6fy1ZwIEch +0yzbm607MpZyvtMb0jMhm0uGOmRFN4tggDs+CHoG8qoge2Ms3wPAKnQHYdvz7IoX +pDahbLbAZPeKW9BDZLs+7V3oBpyw78Lz0f/iBV4f4b3vKjKjRJ9EmcCjJ4uvJMRf +K9UFohhwMqTSdRYbsQ== +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 17246491846582506789 (0xef57d8f569389525) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com + Validity + Not Before: Dec 7 22:42:29 2015 GMT + Not After : Sep 2 22:42:29 2018 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ab:2c:b4:2f:1d:06:09:ef:4e:29:86:84:7e:cc: + bf:a6:79:7c:f0:c0:c1:64:25:8c:75:b7:10:05:ca: + 48:27:0c:0e:32:1c:b0:fe:99:85:39:b6:b9:a2:f7: + 27:ff:6d:3c:8c:16:73:29:21:7f:8b:a6:54:71:90: + ad:cc:05:b9:9f:15:c7:0a:3f:5f:69:f4:0a:5f:8c: + 71:b5:2c:bf:66:e2:03:9a:32:f4:d2:ec:2a:89:4b: + f9:35:88:14:33:47:4e:2e:05:79:01:ed:64:36:76: + b9:f8:85:cd:01:88:ac:c5:b2:b1:59:b8:cd:5a:f4: + 09:09:38:9b:da:5a:cf:ce:78:99:1f:49:3d:41:d6: + 06:7c:52:99:c8:97:d1:b3:80:3a:a2:4f:36:c4:c5: + 96:30:77:31:38:c8:70:cc:e1:67:06:b3:2b:2f:93: + b5:69:cf:83:7e:88:53:9b:0f:46:21:4c:d6:05:36: + 44:99:60:68:47:e5:32:01:12:d4:10:73:ae:9a:34: + 94:fa:6e:b8:58:4f:7b:5b:8a:92:97:ad:fd:97:b9: + 75:ca:c2:d4:45:7d:17:6b:cd:2f:f3:63:7a:0e:30: + b5:0b:a9:d9:a6:7c:74:60:9d:cc:09:03:43:f1:0f: + 90:d3:b7:fe:6c:9f:d9:cd:78:4b:15:ae:8c:5b:f9: + 99:81 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + X509v3 Subject Key Identifier: + 73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 + X509v3 Authority Key Identifier: + keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 + DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com + serial:EF:57:D8:F5:69:38:95:25 + + Authority Information Access: + OCSP - URI:http://localhost:22220 + + Signature Algorithm: sha256WithRSAEncryption + 55:f6:de:bd:4f:ac:95:3a:cc:86:88:c3:4c:fc:0b:91:86:91: + c5:95:ca:5c:f8:c3:bb:d7:c1:bd:6e:c3:2f:94:18:c1:d8:e2: + b5:dd:8b:97:13:3f:5e:76:9c:13:89:14:d4:fc:a6:f7:01:a1: + c5:cf:0e:4d:00:ae:85:09:54:ce:cf:f8:d5:a7:40:60:ac:38: + 72:75:3b:cb:42:e0:4f:a2:60:34:74:ed:be:65:70:b1:4a:d9: + 99:af:17:0f:6f:f4:b7:f3:67:60:57:17:20:ac:88:65:53:0f: + 8c:bc:0b:51:79:a2:af:12:11:26:5e:55:06:1e:5c:8c:58:18: + 4a:4a:d8:e5:f9:fc:69:98:e6:e5:e6:94:5c:82:ee:bf:07:47: + 18:8c:b4:31:b3:d2:c3:02:dc:53:86:c1:1f:fa:31:3f:8f:d2: + 3c:8a:2b:4d:37:1f:0b:26:78:9b:3b:fd:eb:89:a4:d2:47:5e: + 99:82:d1:63:96:5f:46:a6:18:ab:8c:d8:d2:ec:dc:50:dc:67: + c1:63:d0:1e:57:04:10:a9:d5:1d:c0:73:e4:ce:b0:79:62:be: + 11:6e:30:53:3b:df:e7:5d:e4:06:b1:80:c8:1a:33:cc:31:84: + 42:0f:55:ac:d8:5a:e5:d0:0c:1f:c6:ca:1d:e4:8c:3e:31:81: + f9:fe:bc:01 +-----BEGIN CERTIFICATE----- +MIIE6TCCA9GgAwIBAgIJAO9X2PVpOJUlMA0GCSqGSIb3DQEBCwUAMIGXMQswCQYD +VQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEQ +MA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMM +D3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv +bTAeFw0xNTEyMDcyMjQyMjlaFw0xODA5MDIyMjQyMjlaMIGXMQswCQYDVQQGEwJV +UzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEQMA4GA1UE +CgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMMD3dvbGZT +U0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKsstC8dBgnvTimGhH7Mv6Z5fPDA +wWQljHW3EAXKSCcMDjIcsP6ZhTm2uaL3J/9tPIwWcykhf4umVHGQrcwFuZ8Vxwo/ +X2n0Cl+McbUsv2biA5oy9NLsKolL+TWIFDNHTi4FeQHtZDZ2ufiFzQGIrMWysVm4 +zVr0CQk4m9paz854mR9JPUHWBnxSmciX0bOAOqJPNsTFljB3MTjIcMzhZwazKy+T +tWnPg36IU5sPRiFM1gU2RJlgaEflMgES1BBzrpo0lPpuuFhPe1uKkpet/Ze5dcrC +1EV9F2vNL/Njeg4wtQup2aZ8dGCdzAkDQ/EPkNO3/myf2c14SxWujFv5mYECAwEA +AaOCATQwggEwMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFHOwHKQvgsvPR6U417AE +gjp+chUhMIHMBgNVHSMEgcQwgcGAFHOwHKQvgsvPR6U417AEgjp+chUhoYGdpIGa +MIGXMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwH +U2VhdHRsZTEQMA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcx +GDAWBgNVBAMMD3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3 +b2xmc3NsLmNvbYIJAO9X2PVpOJUlMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw +AYYWaHR0cDovL2xvY2FsaG9zdDoyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAVfbe +vU+slTrMhojDTPwLkYaRxZXKXPjDu9fBvW7DL5QYwdjitd2LlxM/XnacE4kU1Pym +9wGhxc8OTQCuhQlUzs/41adAYKw4cnU7y0LgT6JgNHTtvmVwsUrZma8XD2/0t/Nn +YFcXIKyIZVMPjLwLUXmirxIRJl5VBh5cjFgYSkrY5fn8aZjm5eaUXILuvwdHGIy0 +MbPSwwLcU4bBH/oxP4/SPIorTTcfCyZ4mzv964mk0kdemYLRY5ZfRqYYq4zY0uzc +UNxnwWPQHlcEEKnVHcBz5M6weWK+EW4wUzvf513kBrGAyBozzDGEQg9VrNha5dAM +H8bKHeSMPjGB+f68AQ== +-----END CERTIFICATE----- diff --git a/certs/ocsp/intermediate1-ca-key.pem b/certs/ocsp/intermediate1-ca-key.pem new file mode 100644 index 000000000..7147c9b0b --- /dev/null +++ b/certs/ocsp/intermediate1-ca-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQDetMhcd+AtsfW5 +rRZHNaA1ZWXG4UCrHrS5E7fLjLt3pXbabYeH9kpNE+QmPieH7lvHaj9FMGFVXPY1 +0WX6mBGjp1XVvpGCS/y+kNZQU2OaLCLhNRHceAKXiuRGkpxTCHbeH1O2uMp3Pnlu +vNDjDTBbTPaUDTApZJ8E5dv7iWBnu68mg1F3JC8rC6GUgRCY6OsmqB585MRsZwaV +VUrdUvTyYG0BKxmRNW2kCEcGcSQA2d7GVvOLUyzimpal82LlxOMj8tL8IeoPYnaN +1ZlIztxYxLt/2pQsgHSDxeCwFX5B/Q7y9PB4dnutJg2qSJYXLyHjlSsmN/mqgC/+ +3vZevJd/AgMBAAECggEBAJC4sitEyy1mo+QREpUbyAxq5ASlhDyvK4nJwnpH7dsG +b4HqA1TbO9Vyw6QGZ/HxdzrTVGJF2jp6upSmirqZ73yF1UWdHTmq34eG3347clJR +tCjdL8oxQp3v5//kbimXKoeVm/T1iLyMoKTRlny1qWLrVKFJIK8FcEDijl2bHEbL +fdlPSJTN+y0zWoS3urRi/IPrsob23B4ILj0n+yUR4eOK25I3trqgsqcfTyMhX8tH +eyD4C+ir0j5evnmBhsKL0cUgGxGj8aVdOgab8dlKlDNi7HH5fe/FTMAQ344uege8 +D5dytc1H4wWq3le1PsvCh56lyPx7P4BamNzuJ85OnWECgYEA8xSw544oIe6RzMxh +51pYLyf1aU8zd9w0ISkXnXQ4RxcNubbFHLu/S/vSlbE5qqSf128H3XkAP6HT6UJe +JS/WqJbUcdWkzULjj7fLXJ2oer3hrVXq2L9Me1l0XrYoBvRuap15AtQ/cxafxMUZ +HpEWam0EPxoTkTp4EUWi++U09yMCgYEA6org2l1qdqChHw3ihlfl3rKMY/DT+f1b +uMnbMKNhqgyV3ItSh7MnVJurvJ56CQVuVay+T11qfyo3cKzxNYLYTGLvAtBeK/aC +B/hdCvxMBpXd71Vlnz0w6qJi0mkGNNTFGzxwqwPByqP0NyKStPN3W98HwFhiqKmU +y8wpv5ZeUfUCgYEAx1Ba8bLdc10zzbJ0QIgSsK/aCXx4njo/wET6aQ/HqXrctT+J +BlNnur0EYduMhkAwFCylTVMPAh4GLUhO+7zrDReHoMNmOywyfUBeDlXztJkHd+Jw +C0NoSegChDpmPbWk5+SxOcGhORP+8xAN1cNvltpG1hrimn1PwBHSXysEr/MCgYEA +hLVUCPp2dOzqfcHDfLRbcqigWyQ3LOo4bdR5W4n2httcKFAEwJeUF4GFqNIaxuP1 +zDBT9mArFAz1FaIlUVvZu073YiY4QrPWW2AidUbQVaGS1AsD1xguh3SeaePXCSmi +5YhLT9huXJRsaI39aLmhva/ymNjp6fkaIj5BGRCiCckCgYEAkZjADCg9gcqJo5oc +RDMpHT8C6SjE6+W0+00AnH1rSK0ev7uAGb6/rOpsShRiGubo7Ekil1MyMuOFmLPK +9K5oi4KKmVfTaPMfm2UnVCC2Dv2nMXkmYdQKiGgwbAhYfu/wGQXj682r2YYD4Xsa +qz7cWosuOKihAVhA52vZ7YacW2c= +-----END PRIVATE KEY----- diff --git a/certs/ocsp/intermediate2-ca-cert.pem b/certs/ocsp/intermediate2-ca-cert.pem new file mode 100644 index 000000000..34f0c52b8 --- /dev/null +++ b/certs/ocsp/intermediate2-ca-cert.pem @@ -0,0 +1,182 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com + Validity + Not Before: Dec 7 22:42:29 2015 GMT + Not After : Sep 2 22:42:29 2018 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL REVOKED intermediate CA/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:d0:20:3c:35:19:6f:2c:44:b4:7e:42:c7:75:b4: + 6a:2b:a9:23:85:bf:87:b4:ee:ca:d7:4b:1f:31:d7: + 11:02:a1:ab:58:3d:fb:dc:51:ca:3a:1d:1f:95:a6: + 56:82:f7:8f:ff:6b:50:bb:ea:10:e1:47:1d:35:77: + 2e:4b:28:c5:53:46:23:2b:82:fd:5a:d3:f4:21:db: + 0e:e0:f2:76:33:47:b3:00:be:3a:b1:23:98:53:eb: + ea:a0:de:1b:cc:05:4e:ee:63:a8:2c:93:24:d6:98: + 78:74:03:e4:c8:89:43:61:f1:25:b8:cd:3b:87:c1: + 31:25:fd:ba:4c:fc:29:94:45:9e:69:d7:67:0a:8a: + 8e:d5:52:93:30:a2:0e:dd:6a:1c:b0:94:77:db:52: + 52:b7:89:21:be:96:75:24:cb:e9:49:df:81:9d:9d: + f8:55:7d:01:2a:eb:78:03:12:e2:20:6e:db:63:35: + cd:a1:96:f0:f8:8c:20:35:69:87:01:ca:b4:54:36: + a0:15:e0:23:7d:b9:fb:be:99:05:50:f0:bf:ec:7f: + 12:e1:3d:75:15:4e:c8:c2:30:e6:8b:fe:e5:8b:55: + f8:44:5e:e5:e3:56:e0:66:2d:6f:42:5a:45:6b:96: + aa:c7:5d:41:08:5f:ce:d7:dc:9f:20:e4:46:78:ff: + d9:99 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + X509v3 Subject Key Identifier: + 05:D1:BA:86:00:A2:EE:2A:05:24:B7:11:AD:2D:60:F1:90:14:8F:17 + X509v3 Authority Key Identifier: + keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 + DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com + serial:EF:57:D8:F5:69:38:95:25 + + Authority Information Access: + OCSP - URI:http://localhost:22220 + + Signature Algorithm: sha256WithRSAEncryption + 00:5e:fe:87:51:fc:e7:de:5c:e5:97:17:d2:af:6d:3b:65:29: + 27:3b:06:d7:55:5a:93:56:12:0f:8b:e7:57:69:dc:ae:ec:ec: + 2b:cd:cd:d0:15:c0:63:a3:5c:d9:6e:59:d2:88:b6:da:1c:ac: + b7:fe:46:2a:37:7b:5f:0b:30:80:7e:a5:46:8f:38:58:7e:df: + 8e:d0:f9:27:e6:e7:26:01:f8:04:5f:21:0d:7a:27:85:af:f8: + 41:15:aa:1d:73:3d:32:2a:a1:6b:f7:9e:36:3a:a3:26:dc:b8: + be:f2:61:ea:11:49:1c:43:68:5f:8c:a5:87:7b:71:a6:78:d0: + 1a:f1:f7:45:6c:59:eb:88:b5:ef:00:59:4f:71:48:00:73:11: + 2c:74:af:8d:1e:67:ee:cf:b3:9d:a4:64:ee:90:a7:f8:69:0a: + 8f:9b:74:89:68:c7:e4:1b:22:73:f1:23:94:c2:dd:4a:11:ee: + 9c:99:20:f7:e1:06:2a:ef:1b:1a:1c:10:f9:0b:0b:49:82:af: + 5f:38:75:0c:c3:a5:b8:9f:21:c5:61:eb:6d:6e:2d:d5:b5:89: + 19:28:ff:94:c1:55:eb:77:79:b5:57:e1:44:05:54:28:ca:66: + c5:4e:75:63:1b:b7:c4:57:fa:35:94:f7:82:3d:06:cc:f0:13: + bf:0e:23:70 +-----BEGIN CERTIFICATE----- +MIIE8TCCA9mgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx +EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM +B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx +MjA3MjI0MjI5WhcNMTgwOTAyMjI0MjI5WjCBpzELMAkGA1UEBhMCVVMxEzARBgNV +BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT +U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSgwJgYDVQQDDB93b2xmU1NMIFJFVk9L +RUQgaW50ZXJtZWRpYXRlIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu +Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0CA8NRlvLES0fkLH +dbRqK6kjhb+HtO7K10sfMdcRAqGrWD373FHKOh0flaZWgveP/2tQu+oQ4UcdNXcu +SyjFU0YjK4L9WtP0IdsO4PJ2M0ezAL46sSOYU+vqoN4bzAVO7mOoLJMk1ph4dAPk +yIlDYfEluM07h8ExJf26TPwplEWeaddnCoqO1VKTMKIO3WocsJR321JSt4khvpZ1 +JMvpSd+BnZ34VX0BKut4AxLiIG7bYzXNoZbw+IwgNWmHAcq0VDagFeAjfbn7vpkF +UPC/7H8S4T11FU7IwjDmi/7li1X4RF7l41bgZi1vQlpFa5aqx11BCF/O19yfIORG +eP/ZmQIDAQABo4IBNDCCATAwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUBdG6hgCi +7ioFJLcRrS1g8ZAUjxcwgcwGA1UdIwSBxDCBwYAUc7AcpC+Cy89HpTjXsASCOn5y +FSGhgZ2kgZowgZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAw +DgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdp +bmVlcmluZzEYMBYGA1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkB +FhBpbmZvQHdvbGZzc2wuY29tggkA71fY9Wk4lSUwMgYIKwYBBQUHAQEEJjAkMCIG +CCsGAQUFBzABhhZodHRwOi8vbG9jYWxob3N0OjIyMjIwMA0GCSqGSIb3DQEBCwUA +A4IBAQAAXv6HUfzn3lzllxfSr207ZSknOwbXVVqTVhIPi+dXadyu7Owrzc3QFcBj +o1zZblnSiLbaHKy3/kYqN3tfCzCAfqVGjzhYft+O0Pkn5ucmAfgEXyENeieFr/hB +Faodcz0yKqFr9542OqMm3Li+8mHqEUkcQ2hfjKWHe3GmeNAa8fdFbFnriLXvAFlP +cUgAcxEsdK+NHmfuz7OdpGTukKf4aQqPm3SJaMfkGyJz8SOUwt1KEe6cmSD34QYq +7xsaHBD5CwtJgq9fOHUMw6W4nyHFYettbi3VtYkZKP+UwVXrd3m1V+FEBVQoymbF +TnVjG7fEV/o1lPeCPQbM8BO/DiNw +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 17246491846582506789 (0xef57d8f569389525) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com + Validity + Not Before: Dec 7 22:42:29 2015 GMT + Not After : Sep 2 22:42:29 2018 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ab:2c:b4:2f:1d:06:09:ef:4e:29:86:84:7e:cc: + bf:a6:79:7c:f0:c0:c1:64:25:8c:75:b7:10:05:ca: + 48:27:0c:0e:32:1c:b0:fe:99:85:39:b6:b9:a2:f7: + 27:ff:6d:3c:8c:16:73:29:21:7f:8b:a6:54:71:90: + ad:cc:05:b9:9f:15:c7:0a:3f:5f:69:f4:0a:5f:8c: + 71:b5:2c:bf:66:e2:03:9a:32:f4:d2:ec:2a:89:4b: + f9:35:88:14:33:47:4e:2e:05:79:01:ed:64:36:76: + b9:f8:85:cd:01:88:ac:c5:b2:b1:59:b8:cd:5a:f4: + 09:09:38:9b:da:5a:cf:ce:78:99:1f:49:3d:41:d6: + 06:7c:52:99:c8:97:d1:b3:80:3a:a2:4f:36:c4:c5: + 96:30:77:31:38:c8:70:cc:e1:67:06:b3:2b:2f:93: + b5:69:cf:83:7e:88:53:9b:0f:46:21:4c:d6:05:36: + 44:99:60:68:47:e5:32:01:12:d4:10:73:ae:9a:34: + 94:fa:6e:b8:58:4f:7b:5b:8a:92:97:ad:fd:97:b9: + 75:ca:c2:d4:45:7d:17:6b:cd:2f:f3:63:7a:0e:30: + b5:0b:a9:d9:a6:7c:74:60:9d:cc:09:03:43:f1:0f: + 90:d3:b7:fe:6c:9f:d9:cd:78:4b:15:ae:8c:5b:f9: + 99:81 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + X509v3 Subject Key Identifier: + 73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 + X509v3 Authority Key Identifier: + keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 + DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com + serial:EF:57:D8:F5:69:38:95:25 + + Authority Information Access: + OCSP - URI:http://localhost:22220 + + Signature Algorithm: sha256WithRSAEncryption + 55:f6:de:bd:4f:ac:95:3a:cc:86:88:c3:4c:fc:0b:91:86:91: + c5:95:ca:5c:f8:c3:bb:d7:c1:bd:6e:c3:2f:94:18:c1:d8:e2: + b5:dd:8b:97:13:3f:5e:76:9c:13:89:14:d4:fc:a6:f7:01:a1: + c5:cf:0e:4d:00:ae:85:09:54:ce:cf:f8:d5:a7:40:60:ac:38: + 72:75:3b:cb:42:e0:4f:a2:60:34:74:ed:be:65:70:b1:4a:d9: + 99:af:17:0f:6f:f4:b7:f3:67:60:57:17:20:ac:88:65:53:0f: + 8c:bc:0b:51:79:a2:af:12:11:26:5e:55:06:1e:5c:8c:58:18: + 4a:4a:d8:e5:f9:fc:69:98:e6:e5:e6:94:5c:82:ee:bf:07:47: + 18:8c:b4:31:b3:d2:c3:02:dc:53:86:c1:1f:fa:31:3f:8f:d2: + 3c:8a:2b:4d:37:1f:0b:26:78:9b:3b:fd:eb:89:a4:d2:47:5e: + 99:82:d1:63:96:5f:46:a6:18:ab:8c:d8:d2:ec:dc:50:dc:67: + c1:63:d0:1e:57:04:10:a9:d5:1d:c0:73:e4:ce:b0:79:62:be: + 11:6e:30:53:3b:df:e7:5d:e4:06:b1:80:c8:1a:33:cc:31:84: + 42:0f:55:ac:d8:5a:e5:d0:0c:1f:c6:ca:1d:e4:8c:3e:31:81: + f9:fe:bc:01 +-----BEGIN CERTIFICATE----- +MIIE6TCCA9GgAwIBAgIJAO9X2PVpOJUlMA0GCSqGSIb3DQEBCwUAMIGXMQswCQYD +VQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEQ +MA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMM +D3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv +bTAeFw0xNTEyMDcyMjQyMjlaFw0xODA5MDIyMjQyMjlaMIGXMQswCQYDVQQGEwJV +UzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEQMA4GA1UE +CgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMMD3dvbGZT +U0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKsstC8dBgnvTimGhH7Mv6Z5fPDA +wWQljHW3EAXKSCcMDjIcsP6ZhTm2uaL3J/9tPIwWcykhf4umVHGQrcwFuZ8Vxwo/ +X2n0Cl+McbUsv2biA5oy9NLsKolL+TWIFDNHTi4FeQHtZDZ2ufiFzQGIrMWysVm4 +zVr0CQk4m9paz854mR9JPUHWBnxSmciX0bOAOqJPNsTFljB3MTjIcMzhZwazKy+T +tWnPg36IU5sPRiFM1gU2RJlgaEflMgES1BBzrpo0lPpuuFhPe1uKkpet/Ze5dcrC +1EV9F2vNL/Njeg4wtQup2aZ8dGCdzAkDQ/EPkNO3/myf2c14SxWujFv5mYECAwEA +AaOCATQwggEwMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFHOwHKQvgsvPR6U417AE +gjp+chUhMIHMBgNVHSMEgcQwgcGAFHOwHKQvgsvPR6U417AEgjp+chUhoYGdpIGa +MIGXMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwH +U2VhdHRsZTEQMA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcx +GDAWBgNVBAMMD3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3 +b2xmc3NsLmNvbYIJAO9X2PVpOJUlMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw +AYYWaHR0cDovL2xvY2FsaG9zdDoyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAVfbe +vU+slTrMhojDTPwLkYaRxZXKXPjDu9fBvW7DL5QYwdjitd2LlxM/XnacE4kU1Pym +9wGhxc8OTQCuhQlUzs/41adAYKw4cnU7y0LgT6JgNHTtvmVwsUrZma8XD2/0t/Nn +YFcXIKyIZVMPjLwLUXmirxIRJl5VBh5cjFgYSkrY5fn8aZjm5eaUXILuvwdHGIy0 +MbPSwwLcU4bBH/oxP4/SPIorTTcfCyZ4mzv964mk0kdemYLRY5ZfRqYYq4zY0uzc +UNxnwWPQHlcEEKnVHcBz5M6weWK+EW4wUzvf513kBrGAyBozzDGEQg9VrNha5dAM +H8bKHeSMPjGB+f68AQ== +-----END CERTIFICATE----- diff --git a/certs/ocsp/intermediate2-ca-key.pem b/certs/ocsp/intermediate2-ca-key.pem new file mode 100644 index 000000000..61cec0879 --- /dev/null +++ b/certs/ocsp/intermediate2-ca-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDQIDw1GW8sRLR+ +Qsd1tGorqSOFv4e07srXSx8x1xECoatYPfvcUco6HR+VplaC94//a1C76hDhRx01 +dy5LKMVTRiMrgv1a0/Qh2w7g8nYzR7MAvjqxI5hT6+qg3hvMBU7uY6gskyTWmHh0 +A+TIiUNh8SW4zTuHwTEl/bpM/CmURZ5p12cKio7VUpMwog7dahywlHfbUlK3iSG+ +lnUky+lJ34GdnfhVfQEq63gDEuIgbttjNc2hlvD4jCA1aYcByrRUNqAV4CN9ufu+ +mQVQ8L/sfxLhPXUVTsjCMOaL/uWLVfhEXuXjVuBmLW9CWkVrlqrHXUEIX87X3J8g +5EZ4/9mZAgMBAAECggEAR2vofWhfCFgDgJi2DiR9ksIWWJ2jmmmf3kX/TIE7ayXD +wSJ0PeUresnnvtk4MvV1yvcu2221oTlgQqrFjjFNlggppZLsErFNxBiCgJt0CKEA +Qq8FQSiv64y4FcBi1Z60uYYlfjZ4m9Py8g0sA81m/ENe6I41cZ7QmPL7bdPTCPhE +cGwPKjkw1xwDn6EeK5x5sscfCrlKXsH4zhXH67r2iwQ7x5+t4pWApdT15rMX+r0E +HzBoj4wjhR7yo9nZDqhBZiOJF/zQGTCkj6J451Rj47s42fLTYgVyW5D1DO9wBvQQ +i7AwwDuimVqKNGW7J/oRjhiBAKFr2IOGcAFJJbM3SQKBgQD1JRO9umdNfqj38kw5 +DMeydVITvhYjSfc+F2R1hldX9kSdowttJ3GwArnjsZLSfttj7/gnRVPJC+OWvJGm +AmegmCXJGl/mtDAlN+MDJw2/KEdcC4CHMqRokrNNF3zafbTDIDq24kAMx1wef46k +8+9F3IPY+arD50LSkS5+gUUk1wKBgQDZV4R9yCeAE8o+ejks7lBC8kk5CxZKbXPA +o4vPHGKOknmZGqfKJY9Auk7nk4g56K9GxlotlsjwCwuSBdkqjDkqMypHG9odh6s8 +8iFjVGvJvY6x+PXONW6cjG2K6Lif0o0/bx+C+2Sy05koV1eYY4+EskafqTxbQgSa +0t85a6u3DwKBgGK4g7KsFl3G3BS9pqRy2Ris1ljM++1KJB8FHJeXeiUaL5eryTYz +5DyVXHatVAsguwkL4ksuSAd2mjhhx+WqokCyBMVvsZ8egST71Je4anjIp7QRjbjk +VAEo0rwA8W6roNfTatGrW0/KGPbPN4qGEZ14qEAAixxJTUeu36JiPI4RAoGASK43 +pEh2zSHRFCuTSy82r+yOCAFpJuKLPvRyIISBgOQCvexoB/WffinPkSmI+LSTSLu0 +FGLEN2G6MM673LqfszkA/l6WBiIEZZEjETB+CyzUtzdmG9tKbheX2kgQ1YF3sqra +gtbGyfZw1UjABjnlGJ71dxcFFA9zssKp223iMokCgYAEBpHy/x90qWR6d9ApXZnC +PMvcZCa2EgQWBabOkyxF7Ao8mIu0K4rqRM9XBlboRRBQdEP3qL7whJ2voZ7frZYH +E9hcwnH4F6rBki9PHbEaU80FfTUplKr+qMJavhQ8O1zGhWr7JSF6ByqTQDYWI8BX +3Q6DAbgdQeeCKFpi4256AA== +-----END PRIVATE KEY----- diff --git a/certs/ocsp/ocsp-cert.pem b/certs/ocsp/ocsp-cert.pem deleted file mode 100644 index 3867817a5..000000000 --- a/certs/ocsp/ocsp-cert.pem +++ /dev/null @@ -1,182 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 3 (0x3) - Signature Algorithm: sha256WithRSAEncryption - Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Validity - Not Before: Nov 23 12:49:37 2015 GMT - Not After : Aug 19 12:49:37 2018 GMT - Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Support\ocsp.wolfssl.com, CN=info@wolfssl.com - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) - Modulus: - 00:b8:ba:23:b4:f6:c3:7b:14:c3:a4:f5:1d:61:a1: - f5:1e:63:b9:85:23:34:50:6d:f8:7c:a2:8a:04:8b: - d5:75:5c:2d:f7:63:88:d1:07:7a:ea:0b:45:35:2b: - eb:1f:b1:22:b4:94:41:38:e2:9d:74:d6:8b:30:22: - 10:51:c5:db:ca:3f:46:2b:fe:e5:5a:3f:41:74:67: - 75:95:a9:94:d5:c3:ee:42:f8:8d:eb:92:95:e1:d9: - 65:b7:43:c4:18:de:16:80:90:ce:24:35:21:c4:55: - ac:5a:51:e0:2e:2d:b3:0a:5a:4f:4a:73:31:50:ee: - 4a:16:bd:39:8b:ad:05:48:87:b1:99:e2:10:a7:06: - 72:67:ca:5c:d1:97:bd:c8:f1:76:f8:e0:4a:ec:bc: - 93:f4:66:4c:28:71:d1:d8:66:03:b4:90:30:bb:17: - b0:fe:97:f5:1e:e8:c7:5d:9b:8b:11:19:12:3c:ab: - 82:71:78:ff:ae:3f:32:b2:08:71:b2:1b:8c:27:ac: - 11:b8:d8:43:49:cf:b0:70:b1:f0:8c:ae:da:24:87: - 17:3b:d8:04:65:6c:00:76:50:ef:15:08:d7:b4:73: - 68:26:14:87:95:c3:5f:6e:61:b8:87:84:fa:80:1a: - 0a:8b:98:f3:e3:ff:4e:44:1c:65:74:7c:71:54:65: - e5:39 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Subject Key Identifier: - 32:67:E1:B1:79:D2:81:FC:9F:23:0C:70:40:50:B5:46:56:B8:30:36 - X509v3 Authority Key Identifier: - keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 - DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:A6:66:38:49:45:9B:DC:81 - - X509v3 Key Usage: - Digital Signature, Non Repudiation, Key Encipherment - X509v3 Extended Key Usage: - OCSP Signing - X509v3 Basic Constraints: - CA:FALSE - Signature Algorithm: sha256WithRSAEncryption - 66:26:ec:73:2a:08:3b:22:c5:56:35:f7:77:c8:e5:96:88:3d: - 11:78:ac:84:22:25:26:9d:c8:cf:32:ed:fb:bc:38:9f:ae:8d: - 99:13:3a:b3:59:e7:50:a4:b5:56:a8:05:e1:21:6c:26:5c:ee: - f7:55:b7:ea:b2:72:80:4f:4e:70:1d:fb:a7:5e:02:d6:d9:37: - d6:80:71:42:98:63:ef:f4:4a:a1:9a:95:1d:fd:99:13:de:3b: - 10:d6:ed:1b:0d:ff:9e:14:2e:e0:8f:5f:ef:8d:b4:0d:5e:60: - 4b:b9:d4:d1:58:6e:eb:bb:ad:4a:ac:44:13:62:f7:d1:b4:00: - f3:8f:35:bb:b1:76:8f:d9:1a:87:14:66:4b:de:04:91:42:f1: - b7:d2:8b:e1:14:6c:31:30:03:8f:62:f2:b3:ee:f1:67:81:67: - 5f:a1:56:9b:93:54:e8:c7:05:b5:fa:64:c8:b3:a8:b4:1f:49: - 9b:e0:d4:74:01:19:53:07:b1:0a:47:bb:37:37:58:e4:ce:18: - 87:08:a0:8b:69:d3:d5:f3:b6:28:07:2d:56:e7:3e:0e:5f:07: - c5:e0:d8:57:bc:55:96:fc:ec:18:4e:7a:ed:23:7b:53:53:b7: - ee:36:fb:a3:89:65:ce:6e:f1:8f:8a:05:e4:d9:f3:3a:05:8a: - d7:00:95:a0 ------BEGIN CERTIFICATE----- -MIIEsDCCA5igAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx -EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh -d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz -bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUxMTIz -MTI0OTM3WhcNMTgwODE5MTI0OTM3WjCBgTELMAkGA1UEBhMCVVMxEDAOBgNVBAgM -B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxITAf -BgNVBAsMGFN1cHBvcnRcb2NzcC53b2xmc3NsLmNvbTEZMBcGA1UEAwwQaW5mb0B3 -b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALi6I7T2 -w3sUw6T1HWGh9R5juYUjNFBt+HyiigSL1XVcLfdjiNEHeuoLRTUr6x+xIrSUQTji -nXTWizAiEFHF28o/Riv+5Vo/QXRndZWplNXD7kL4jeuSleHZZbdDxBjeFoCQziQ1 -IcRVrFpR4C4tswpaT0pzMVDuSha9OYutBUiHsZniEKcGcmfKXNGXvcjxdvjgSuy8 -k/RmTChx0dhmA7SQMLsXsP6X9R7ox12bixEZEjyrgnF4/64/MrIIcbIbjCesEbjY -Q0nPsHCx8Iyu2iSHFzvYBGVsAHZQ7xUI17RzaCYUh5XDX25huIeE+oAaCouY8+P/ -TkQcZXR8cVRl5TkCAwEAAaOCARwwggEYMB0GA1UdDgQWBBQyZ+GxedKB/J8jDHBA -ULVGVrgwNjCByQYDVR0jBIHBMIG+gBQnjmcRdMMmHT/tM2OzpNgdMOXo1aGBmqSB -lzCBlDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0Jv -emVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgw -FgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s -ZnNzbC5jb22CCQCmZjhJRZvcgTALBgNVHQ8EBAMCBeAwEwYDVR0lBAwwCgYIKwYB -BQUHAwkwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAZibscyoIOyLFVjX3 -d8jllog9EXishCIlJp3IzzLt+7w4n66NmRM6s1nnUKS1VqgF4SFsJlzu91W36rJy -gE9OcB37p14C1tk31oBxQphj7/RKoZqVHf2ZE947ENbtGw3/nhQu4I9f7420DV5g -S7nU0Vhu67utSqxEE2L30bQA8481u7F2j9kahxRmS94EkULxt9KL4RRsMTADj2Ly -s+7xZ4FnX6FWm5NU6McFtfpkyLOotB9Jm+DUdAEZUwexCke7NzdY5M4Yhwigi2nT -1fO2KActVuc+Dl8HxeDYV7xVlvzsGE567SN7U1O37jb7o4llzm7xj4oF5NnzOgWK -1wCVoA== ------END CERTIFICATE----- -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 11990332945272134785 (0xa6663849459bdc81) - Signature Algorithm: sha256WithRSAEncryption - Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Validity - Not Before: Nov 23 12:49:37 2015 GMT - Not After : Aug 19 12:49:37 2018 GMT - Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) - Modulus: - 00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a: - f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac: - de:03:66:ee:2a:f1:d8:b0:7d:6e:07:54:0b:10:98: - 21:4d:80:cb:12:20:e7:cc:4f:de:45:7d:c9:72:77: - 32:ea:ca:90:bb:69:52:10:03:2f:a8:f3:95:c5:f1: - 8b:62:56:1b:ef:67:6f:a4:10:41:95:ad:0a:9b:e3: - a5:c0:b0:d2:70:76:50:30:5b:a8:e8:08:2c:7c:ed: - a7:a2:7a:8d:38:29:1c:ac:c7:ed:f2:7c:95:b0:95: - 82:7d:49:5c:38:cd:77:25:ef:bd:80:75:53:94:3c: - 3d:ca:63:5b:9f:15:b5:d3:1d:13:2f:19:d1:3c:db: - 76:3a:cc:b8:7d:c9:e5:c2:d7:da:40:6f:d8:21:dc: - 73:1b:42:2d:53:9c:fe:1a:fc:7d:ab:7a:36:3f:98: - de:84:7c:05:67:ce:6a:14:38:87:a9:f1:8c:b5:68: - cb:68:7f:71:20:2b:f5:a0:63:f5:56:2f:a3:26:d2: - b7:6f:b1:5a:17:d7:38:99:08:fe:93:58:6f:fe:c3: - 13:49:08:16:0b:a7:4d:67:00:52:31:67:23:4e:98: - ed:51:45:1d:b9:04:d9:0b:ec:d8:28:b3:4b:bd:ed: - 36:79 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Subject Key Identifier: - 27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 - X509v3 Authority Key Identifier: - keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 - DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:A6:66:38:49:45:9B:DC:81 - - X509v3 Basic Constraints: - CA:TRUE - Authority Information Access: - OCSP - URI:http://localhost:22222 - - Signature Algorithm: sha256WithRSAEncryption - 41:8f:fb:6b:65:6b:36:f2:56:4f:0c:48:b0:4d:8c:c2:cb:d6: - 58:7a:83:3a:30:7d:62:7b:86:f1:15:26:b3:26:02:77:f2:c8: - 57:e5:1e:60:68:8b:a4:e8:f3:a8:b2:88:a4:2f:e8:6e:25:8d: - 6b:dc:53:ab:2f:d3:47:8c:d6:27:ab:39:bc:d3:ca:d8:01:96: - a4:44:57:38:93:ab:c3:f3:95:67:7f:cf:25:1d:b7:04:dc:06: - c9:5d:24:c1:54:13:71:81:21:31:ee:9f:b4:9d:ce:98:66:a4: - a0:77:c1:88:18:a4:d1:36:ee:cd:d8:c1:1b:bc:03:d6:85:9a: - 2e:21:82:95:4c:b2:2a:fe:69:db:ac:e4:97:e1:e9:0e:f1:d3: - ef:20:86:03:01:66:6b:f0:26:0f:39:04:26:f5:42:98:3f:95: - 48:5f:b5:5d:bc:49:4c:81:38:d5:e9:72:32:1c:66:1b:12:80: - 0f:db:99:f0:97:67:61:79:ad:ab:be:6a:ea:aa:cc:3d:f9:40: - 99:00:93:bb:df:4b:41:d4:7f:f1:93:b2:70:83:3a:e3:6b:44: - 4b:1f:9f:77:53:ea:5d:e6:59:1e:c0:2d:4b:83:d6:f4:a3:d4: - a9:c3:91:12:e7:61:3f:56:9d:8f:b8:19:29:62:1b:58:df:73: - 99:1f:49:63 ------BEGIN CERTIFICATE----- -MIIE4DCCA8igAwIBAgIJAKZmOElFm9yBMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD -VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G -A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3 -dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe -Fw0xNTExMjMxMjQ5MzdaFw0xODA4MTkxMjQ5MzdaMIGUMQswCQYDVQQGEwJVUzEQ -MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3 -dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns -LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI -hvcNAQEBBQADggEPADCCAQoCggEBAL8Myi0Ush6EQlvNOB9K8k11EPG2NZ/fyn0D -mNOs3gNm7irx2LB9bgdUCxCYIU2AyxIg58xP3kV9yXJ3MurKkLtpUhADL6jzlcXx -i2JWG+9nb6QQQZWtCpvjpcCw0nB2UDBbqOgILHztp6J6jTgpHKzH7fJ8lbCVgn1J -XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc -/hr8fat6Nj+Y3oR8BWfOahQ4h6nxjLVoy2h/cSAr9aBj9VYvoybSt2+xWhfXOJkI -/pNYb/7DE0kIFgunTWcAUjFnI06Y7VFFHbkE2Qvs2CizS73tNnkCAwEAAaOCATEw -ggEtMB0GA1UdDgQWBBQnjmcRdMMmHT/tM2OzpNgdMOXo1TCByQYDVR0jBIHBMIG+ -gBQnjmcRdMMmHT/tM2OzpNgdMOXo1aGBmqSBlzCBlDELMAkGA1UEBhMCVVMxEDAO -BgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rv -b3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5j -b20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CCQCmZjhJRZvcgTAM -BgNVHRMEBTADAQH/MDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDov -L2xvY2FsaG9zdDoyMjIyMjANBgkqhkiG9w0BAQsFAAOCAQEAQY/7a2VrNvJWTwxI -sE2MwsvWWHqDOjB9YnuG8RUmsyYCd/LIV+UeYGiLpOjzqLKIpC/obiWNa9xTqy/T -R4zWJ6s5vNPK2AGWpERXOJOrw/OVZ3/PJR23BNwGyV0kwVQTcYEhMe6ftJ3OmGak -oHfBiBik0TbuzdjBG7wD1oWaLiGClUyyKv5p26zkl+HpDvHT7yCGAwFma/AmDzkE -JvVCmD+VSF+1XbxJTIE41elyMhxmGxKAD9uZ8JdnYXmtq75q6qrMPflAmQCTu99L -QdR/8ZOycIM642tESx+fd1PqXeZZHsAtS4PW9KPUqcOREudhP1adj7gZKWIbWN9z -mR9JYw== ------END CERTIFICATE----- diff --git a/certs/ocsp/ocsp-responder-cert.pem b/certs/ocsp/ocsp-responder-cert.pem new file mode 100644 index 000000000..55a81ac9d --- /dev/null +++ b/certs/ocsp/ocsp-responder-cert.pem @@ -0,0 +1,180 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 3 (0x3) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com + Validity + Not Before: Dec 7 22:42:29 2015 GMT + Not After : Sep 2 22:42:29 2018 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL OCSP Responder/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:b8:ba:23:b4:f6:c3:7b:14:c3:a4:f5:1d:61:a1: + f5:1e:63:b9:85:23:34:50:6d:f8:7c:a2:8a:04:8b: + d5:75:5c:2d:f7:63:88:d1:07:7a:ea:0b:45:35:2b: + eb:1f:b1:22:b4:94:41:38:e2:9d:74:d6:8b:30:22: + 10:51:c5:db:ca:3f:46:2b:fe:e5:5a:3f:41:74:67: + 75:95:a9:94:d5:c3:ee:42:f8:8d:eb:92:95:e1:d9: + 65:b7:43:c4:18:de:16:80:90:ce:24:35:21:c4:55: + ac:5a:51:e0:2e:2d:b3:0a:5a:4f:4a:73:31:50:ee: + 4a:16:bd:39:8b:ad:05:48:87:b1:99:e2:10:a7:06: + 72:67:ca:5c:d1:97:bd:c8:f1:76:f8:e0:4a:ec:bc: + 93:f4:66:4c:28:71:d1:d8:66:03:b4:90:30:bb:17: + b0:fe:97:f5:1e:e8:c7:5d:9b:8b:11:19:12:3c:ab: + 82:71:78:ff:ae:3f:32:b2:08:71:b2:1b:8c:27:ac: + 11:b8:d8:43:49:cf:b0:70:b1:f0:8c:ae:da:24:87: + 17:3b:d8:04:65:6c:00:76:50:ef:15:08:d7:b4:73: + 68:26:14:87:95:c3:5f:6e:61:b8:87:84:fa:80:1a: + 0a:8b:98:f3:e3:ff:4e:44:1c:65:74:7c:71:54:65: + e5:39 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 32:67:E1:B1:79:D2:81:FC:9F:23:0C:70:40:50:B5:46:56:B8:30:36 + X509v3 Authority Key Identifier: + keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 + DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com + serial:EF:57:D8:F5:69:38:95:25 + + X509v3 Extended Key Usage: + OCSP Signing + Signature Algorithm: sha256WithRSAEncryption + 1a:b0:0c:d3:5d:8d:fe:f0:4f:76:8d:cb:47:51:c3:64:0b:8e: + 94:9b:82:eb:2e:53:13:1d:28:31:55:c7:2a:7c:be:4e:32:9f: + 52:fd:2a:9c:a0:e2:9f:7b:23:9d:bf:93:e2:37:ac:40:47:f2: + 2d:ac:e6:8d:23:a2:18:c5:3f:c0:8d:60:4b:c5:2f:55:ae:f3: + 63:ea:e4:2f:20:56:fa:13:7c:d1:af:4f:ef:cb:ad:81:d1:26: + 0d:86:4b:0d:bb:67:8d:b6:a0:51:ac:a5:e5:f1:75:30:77:cc: + a6:57:d6:11:3c:76:7f:a7:b2:85:5e:c2:52:ec:8e:d8:7a:25: + b6:a9:ef:6e:6d:d8:a8:2d:e2:91:6d:fe:2d:11:df:8e:cc:c6: + 96:45:d9:f7:82:8a:58:ec:f7:7a:74:62:17:16:db:e9:8e:dc: + 40:ed:3d:de:1a:2b:af:e7:8e:39:be:91:50:f8:2c:70:bd:1b: + 64:01:db:bb:7a:1c:64:77:fb:ed:55:4c:3f:de:5c:cf:22:01: + 1f:7e:34:84:93:a2:37:06:7e:b2:6c:d1:58:ee:d8:1d:fb:8b: + b2:32:5b:6d:ef:9d:5a:b5:31:9b:f0:74:0b:c6:41:9a:fa:4a: + a5:a2:91:39:a3:a8:d0:69:a6:93:1a:7f:55:e9:04:58:b0:16: + 58:0c:27:92 +-----BEGIN CERTIFICATE----- +MIIExjCCA66gAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx +EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM +B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx +MjA3MjI0MjI5WhcNMTgwOTAyMjI0MjI5WjCBnjELMAkGA1UEBhMCVVMxEzARBgNV +BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT +U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMR8wHQYDVQQDDBZ3b2xmU1NMIE9DU1Ag +UmVzcG9uZGVyMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuLojtPbDexTDpPUdYaH1HmO5hSM0 +UG34fKKKBIvVdVwt92OI0Qd66gtFNSvrH7EitJRBOOKddNaLMCIQUcXbyj9GK/7l +Wj9BdGd1lamU1cPuQviN65KV4dllt0PEGN4WgJDOJDUhxFWsWlHgLi2zClpPSnMx +UO5KFr05i60FSIexmeIQpwZyZ8pc0Ze9yPF2+OBK7LyT9GZMKHHR2GYDtJAwuxew +/pf1HujHXZuLERkSPKuCcXj/rj8ysghxshuMJ6wRuNhDSc+wcLHwjK7aJIcXO9gE +ZWwAdlDvFQjXtHNoJhSHlcNfbmG4h4T6gBoKi5jz4/9ORBxldHxxVGXlOQIDAQAB +o4IBEjCCAQ4wCQYDVR0TBAIwADAdBgNVHQ4EFgQUMmfhsXnSgfyfIwxwQFC1Rla4 +MDYwgcwGA1UdIwSBxDCBwYAUc7AcpC+Cy89HpTjXsASCOn5yFSGhgZ2kgZowgZcx +CzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0 +dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEYMBYG +A1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZz +c2wuY29tggkA71fY9Wk4lSUwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDQYJKoZIhvcN +AQELBQADggEBABqwDNNdjf7wT3aNy0dRw2QLjpSbgusuUxMdKDFVxyp8vk4yn1L9 +Kpyg4p97I52/k+I3rEBH8i2s5o0johjFP8CNYEvFL1Wu82Pq5C8gVvoTfNGvT+/L +rYHRJg2GSw27Z422oFGspeXxdTB3zKZX1hE8dn+nsoVewlLsjth6Jbap725t2Kgt +4pFt/i0R347MxpZF2feCiljs93p0YhcW2+mO3EDtPd4aK6/njjm+kVD4LHC9G2QB +27t6HGR3++1VTD/eXM8iAR9+NISTojcGfrJs0Vju2B37i7IyW23vnVq1MZvwdAvG +QZr6SqWikTmjqNBpppMaf1XpBFiwFlgMJ5I= +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 17246491846582506789 (0xef57d8f569389525) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com + Validity + Not Before: Dec 7 22:42:29 2015 GMT + Not After : Sep 2 22:42:29 2018 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ab:2c:b4:2f:1d:06:09:ef:4e:29:86:84:7e:cc: + bf:a6:79:7c:f0:c0:c1:64:25:8c:75:b7:10:05:ca: + 48:27:0c:0e:32:1c:b0:fe:99:85:39:b6:b9:a2:f7: + 27:ff:6d:3c:8c:16:73:29:21:7f:8b:a6:54:71:90: + ad:cc:05:b9:9f:15:c7:0a:3f:5f:69:f4:0a:5f:8c: + 71:b5:2c:bf:66:e2:03:9a:32:f4:d2:ec:2a:89:4b: + f9:35:88:14:33:47:4e:2e:05:79:01:ed:64:36:76: + b9:f8:85:cd:01:88:ac:c5:b2:b1:59:b8:cd:5a:f4: + 09:09:38:9b:da:5a:cf:ce:78:99:1f:49:3d:41:d6: + 06:7c:52:99:c8:97:d1:b3:80:3a:a2:4f:36:c4:c5: + 96:30:77:31:38:c8:70:cc:e1:67:06:b3:2b:2f:93: + b5:69:cf:83:7e:88:53:9b:0f:46:21:4c:d6:05:36: + 44:99:60:68:47:e5:32:01:12:d4:10:73:ae:9a:34: + 94:fa:6e:b8:58:4f:7b:5b:8a:92:97:ad:fd:97:b9: + 75:ca:c2:d4:45:7d:17:6b:cd:2f:f3:63:7a:0e:30: + b5:0b:a9:d9:a6:7c:74:60:9d:cc:09:03:43:f1:0f: + 90:d3:b7:fe:6c:9f:d9:cd:78:4b:15:ae:8c:5b:f9: + 99:81 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + X509v3 Subject Key Identifier: + 73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 + X509v3 Authority Key Identifier: + keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 + DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com + serial:EF:57:D8:F5:69:38:95:25 + + Authority Information Access: + OCSP - URI:http://localhost:22220 + + Signature Algorithm: sha256WithRSAEncryption + 55:f6:de:bd:4f:ac:95:3a:cc:86:88:c3:4c:fc:0b:91:86:91: + c5:95:ca:5c:f8:c3:bb:d7:c1:bd:6e:c3:2f:94:18:c1:d8:e2: + b5:dd:8b:97:13:3f:5e:76:9c:13:89:14:d4:fc:a6:f7:01:a1: + c5:cf:0e:4d:00:ae:85:09:54:ce:cf:f8:d5:a7:40:60:ac:38: + 72:75:3b:cb:42:e0:4f:a2:60:34:74:ed:be:65:70:b1:4a:d9: + 99:af:17:0f:6f:f4:b7:f3:67:60:57:17:20:ac:88:65:53:0f: + 8c:bc:0b:51:79:a2:af:12:11:26:5e:55:06:1e:5c:8c:58:18: + 4a:4a:d8:e5:f9:fc:69:98:e6:e5:e6:94:5c:82:ee:bf:07:47: + 18:8c:b4:31:b3:d2:c3:02:dc:53:86:c1:1f:fa:31:3f:8f:d2: + 3c:8a:2b:4d:37:1f:0b:26:78:9b:3b:fd:eb:89:a4:d2:47:5e: + 99:82:d1:63:96:5f:46:a6:18:ab:8c:d8:d2:ec:dc:50:dc:67: + c1:63:d0:1e:57:04:10:a9:d5:1d:c0:73:e4:ce:b0:79:62:be: + 11:6e:30:53:3b:df:e7:5d:e4:06:b1:80:c8:1a:33:cc:31:84: + 42:0f:55:ac:d8:5a:e5:d0:0c:1f:c6:ca:1d:e4:8c:3e:31:81: + f9:fe:bc:01 +-----BEGIN CERTIFICATE----- +MIIE6TCCA9GgAwIBAgIJAO9X2PVpOJUlMA0GCSqGSIb3DQEBCwUAMIGXMQswCQYD +VQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEQ +MA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMM +D3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv +bTAeFw0xNTEyMDcyMjQyMjlaFw0xODA5MDIyMjQyMjlaMIGXMQswCQYDVQQGEwJV +UzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEQMA4GA1UE +CgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMMD3dvbGZT +U0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKsstC8dBgnvTimGhH7Mv6Z5fPDA +wWQljHW3EAXKSCcMDjIcsP6ZhTm2uaL3J/9tPIwWcykhf4umVHGQrcwFuZ8Vxwo/ +X2n0Cl+McbUsv2biA5oy9NLsKolL+TWIFDNHTi4FeQHtZDZ2ufiFzQGIrMWysVm4 +zVr0CQk4m9paz854mR9JPUHWBnxSmciX0bOAOqJPNsTFljB3MTjIcMzhZwazKy+T +tWnPg36IU5sPRiFM1gU2RJlgaEflMgES1BBzrpo0lPpuuFhPe1uKkpet/Ze5dcrC +1EV9F2vNL/Njeg4wtQup2aZ8dGCdzAkDQ/EPkNO3/myf2c14SxWujFv5mYECAwEA +AaOCATQwggEwMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFHOwHKQvgsvPR6U417AE +gjp+chUhMIHMBgNVHSMEgcQwgcGAFHOwHKQvgsvPR6U417AEgjp+chUhoYGdpIGa +MIGXMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwH +U2VhdHRsZTEQMA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcx +GDAWBgNVBAMMD3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3 +b2xmc3NsLmNvbYIJAO9X2PVpOJUlMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw +AYYWaHR0cDovL2xvY2FsaG9zdDoyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAVfbe +vU+slTrMhojDTPwLkYaRxZXKXPjDu9fBvW7DL5QYwdjitd2LlxM/XnacE4kU1Pym +9wGhxc8OTQCuhQlUzs/41adAYKw4cnU7y0LgT6JgNHTtvmVwsUrZma8XD2/0t/Nn +YFcXIKyIZVMPjLwLUXmirxIRJl5VBh5cjFgYSkrY5fn8aZjm5eaUXILuvwdHGIy0 +MbPSwwLcU4bBH/oxP4/SPIorTTcfCyZ4mzv964mk0kdemYLRY5ZfRqYYq4zY0uzc +UNxnwWPQHlcEEKnVHcBz5M6weWK+EW4wUzvf513kBrGAyBozzDGEQg9VrNha5dAM +H8bKHeSMPjGB+f68AQ== +-----END CERTIFICATE----- diff --git a/certs/ocsp/ocsp-key.pem b/certs/ocsp/ocsp-responder-key.pem similarity index 100% rename from certs/ocsp/ocsp-key.pem rename to certs/ocsp/ocsp-responder-key.pem diff --git a/certs/ocsp/ocspd.sh b/certs/ocsp/ocspd.sh deleted file mode 100755 index 6f7ce20fe..000000000 --- a/certs/ocsp/ocspd.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/bash - -openssl ocsp -index index.txt \ - -port 22222 \ - -rsigner ocsp-cert.pem \ - -rkey ocsp-key.pem \ - -CA ../ca-cert.pem \ - -nmin 1 \ - -text diff --git a/certs/ocsp/ocspd0.sh b/certs/ocsp/ocspd0.sh new file mode 100755 index 000000000..ea15a1c7a --- /dev/null +++ b/certs/ocsp/ocspd0.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +openssl ocsp \ + -index index0.txt \ + -port 22220 \ + -rsigner ocsp-responder-cert.pem \ + -rkey ocsp-responder-key.pem \ + -CA root-ca-cert.pem \ + -nmin 1 \ + -text diff --git a/certs/ocsp/ocspd1.sh b/certs/ocsp/ocspd1.sh new file mode 100755 index 000000000..60390216d --- /dev/null +++ b/certs/ocsp/ocspd1.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +openssl ocsp \ + -index index1.txt \ + -port 22221 \ + -rsigner ocsp-responder-cert.pem \ + -rkey ocsp-responder-key.pem \ + -CA intermediate1-ca-cert.pem \ + -nmin 1 \ + -text diff --git a/certs/ocsp/ocspd2.sh b/certs/ocsp/ocspd2.sh new file mode 100755 index 000000000..f827bbcb6 --- /dev/null +++ b/certs/ocsp/ocspd2.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +openssl ocsp \ + -index index2.txt \ + -port 22222 \ + -rsigner ocsp-responder-cert.pem \ + -rkey ocsp-responder-key.pem \ + -CA intermediate2-ca-cert.pem \ + -nmin 1 \ + -text diff --git a/certs/ocsp/openssl.cnf b/certs/ocsp/openssl.cnf new file mode 100644 index 000000000..20d2f6df7 --- /dev/null +++ b/certs/ocsp/openssl.cnf @@ -0,0 +1,33 @@ +# +# openssl configuration file for OCSP certificates +# + +# Extensions to add to a certificate request (intermediate1-ca) +[ v3_req1 ] +basicConstraints = CA:false +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always +keyUsage = nonRepudiation, digitalSignature, keyEncipherment +authorityInfoAccess = OCSP;URI:http://localhost:22221 + +# Extensions to add to a certificate request (intermediate2-ca) +[ v3_req2 ] +basicConstraints = CA:false +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always +keyUsage = nonRepudiation, digitalSignature, keyEncipherment +authorityInfoAccess = OCSP;URI:http://localhost:22222 + +# Extensions for a typical CA +[ v3_ca ] +basicConstraints = CA:true +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always +authorityInfoAccess = OCSP;URI:http://localhost:22220 + +# OCSP extensions. +[ v3_ocsp ] +basicConstraints = CA:false +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always +extendedKeyUsage = OCSPSigning diff --git a/certs/ocsp/renewcerts.sh b/certs/ocsp/renewcerts.sh new file mode 100755 index 000000000..30e90cb6a --- /dev/null +++ b/certs/ocsp/renewcerts.sh @@ -0,0 +1,50 @@ +openssl req \ + -new \ + -key root-ca-key.pem \ + -out root-ca-cert.csr \ + -subj "/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com" + +openssl x509 \ + -req -in root-ca-cert.csr \ + -extfile openssl.cnf \ + -extensions v3_ca \ + -days 1000 \ + -signkey root-ca-key.pem \ + -out root-ca-cert.pem + +rm root-ca-cert.csr +openssl x509 -in root-ca-cert.pem -text > tmp.pem +mv tmp.pem root-ca-cert.pem + +# $1 cert, $2 name, $3 ca, $4 extensions, $5 serial +function update_cert() { + openssl req \ + -new \ + -key $1-key.pem \ + -out $1-cert.csr \ + -subj "/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=$2/emailAddress=info@wolfssl.com" + + openssl x509 \ + -req -in $1-cert.csr \ + -extfile openssl.cnf \ + -extensions $4 \ + -days 1000 \ + -CA $3-cert.pem \ + -CAkey $3-key.pem \ + -set_serial $5 \ + -out $1-cert.pem + + rm $1-cert.csr + openssl x509 -in $3-cert.pem -text > $3_tmp.pem + openssl x509 -in $1-cert.pem -text > $1_tmp.pem + mv $1_tmp.pem $1-cert.pem + cat $3_tmp.pem >> $1-cert.pem + rm $3_tmp.pem +} + +update_cert intermediate1-ca "wolfSSL intermediate CA" root-ca v3_ca 01 +update_cert intermediate2-ca "wolfSSL REVOKED intermediate CA" root-ca v3_ca 02 # REVOKED +update_cert ocsp-responder "wolfSSL OCSP Responder" root-ca v3_ocsp 03 +update_cert server1 "www1.wolfssl.com" intermediate1-ca v3_req1 04 +update_cert server2 "www2.wolfssl.com" intermediate1-ca v3_req1 05 # REVOKED +update_cert server3 "www3.wolfssl.com" intermediate2-ca v3_req2 06 diff --git a/certs/ocsp/root-ca-cert.pem b/certs/ocsp/root-ca-cert.pem new file mode 100644 index 000000000..f63c2d9e7 --- /dev/null +++ b/certs/ocsp/root-ca-cert.pem @@ -0,0 +1,91 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 17246491846582506789 (0xef57d8f569389525) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com + Validity + Not Before: Dec 7 22:42:29 2015 GMT + Not After : Sep 2 22:42:29 2018 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ab:2c:b4:2f:1d:06:09:ef:4e:29:86:84:7e:cc: + bf:a6:79:7c:f0:c0:c1:64:25:8c:75:b7:10:05:ca: + 48:27:0c:0e:32:1c:b0:fe:99:85:39:b6:b9:a2:f7: + 27:ff:6d:3c:8c:16:73:29:21:7f:8b:a6:54:71:90: + ad:cc:05:b9:9f:15:c7:0a:3f:5f:69:f4:0a:5f:8c: + 71:b5:2c:bf:66:e2:03:9a:32:f4:d2:ec:2a:89:4b: + f9:35:88:14:33:47:4e:2e:05:79:01:ed:64:36:76: + b9:f8:85:cd:01:88:ac:c5:b2:b1:59:b8:cd:5a:f4: + 09:09:38:9b:da:5a:cf:ce:78:99:1f:49:3d:41:d6: + 06:7c:52:99:c8:97:d1:b3:80:3a:a2:4f:36:c4:c5: + 96:30:77:31:38:c8:70:cc:e1:67:06:b3:2b:2f:93: + b5:69:cf:83:7e:88:53:9b:0f:46:21:4c:d6:05:36: + 44:99:60:68:47:e5:32:01:12:d4:10:73:ae:9a:34: + 94:fa:6e:b8:58:4f:7b:5b:8a:92:97:ad:fd:97:b9: + 75:ca:c2:d4:45:7d:17:6b:cd:2f:f3:63:7a:0e:30: + b5:0b:a9:d9:a6:7c:74:60:9d:cc:09:03:43:f1:0f: + 90:d3:b7:fe:6c:9f:d9:cd:78:4b:15:ae:8c:5b:f9: + 99:81 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + X509v3 Subject Key Identifier: + 73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 + X509v3 Authority Key Identifier: + keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 + DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com + serial:EF:57:D8:F5:69:38:95:25 + + Authority Information Access: + OCSP - URI:http://localhost:22220 + + Signature Algorithm: sha256WithRSAEncryption + 55:f6:de:bd:4f:ac:95:3a:cc:86:88:c3:4c:fc:0b:91:86:91: + c5:95:ca:5c:f8:c3:bb:d7:c1:bd:6e:c3:2f:94:18:c1:d8:e2: + b5:dd:8b:97:13:3f:5e:76:9c:13:89:14:d4:fc:a6:f7:01:a1: + c5:cf:0e:4d:00:ae:85:09:54:ce:cf:f8:d5:a7:40:60:ac:38: + 72:75:3b:cb:42:e0:4f:a2:60:34:74:ed:be:65:70:b1:4a:d9: + 99:af:17:0f:6f:f4:b7:f3:67:60:57:17:20:ac:88:65:53:0f: + 8c:bc:0b:51:79:a2:af:12:11:26:5e:55:06:1e:5c:8c:58:18: + 4a:4a:d8:e5:f9:fc:69:98:e6:e5:e6:94:5c:82:ee:bf:07:47: + 18:8c:b4:31:b3:d2:c3:02:dc:53:86:c1:1f:fa:31:3f:8f:d2: + 3c:8a:2b:4d:37:1f:0b:26:78:9b:3b:fd:eb:89:a4:d2:47:5e: + 99:82:d1:63:96:5f:46:a6:18:ab:8c:d8:d2:ec:dc:50:dc:67: + c1:63:d0:1e:57:04:10:a9:d5:1d:c0:73:e4:ce:b0:79:62:be: + 11:6e:30:53:3b:df:e7:5d:e4:06:b1:80:c8:1a:33:cc:31:84: + 42:0f:55:ac:d8:5a:e5:d0:0c:1f:c6:ca:1d:e4:8c:3e:31:81: + f9:fe:bc:01 +-----BEGIN CERTIFICATE----- +MIIE6TCCA9GgAwIBAgIJAO9X2PVpOJUlMA0GCSqGSIb3DQEBCwUAMIGXMQswCQYD +VQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEQ +MA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMM +D3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv +bTAeFw0xNTEyMDcyMjQyMjlaFw0xODA5MDIyMjQyMjlaMIGXMQswCQYDVQQGEwJV +UzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEQMA4GA1UE +CgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMMD3dvbGZT +U0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKsstC8dBgnvTimGhH7Mv6Z5fPDA +wWQljHW3EAXKSCcMDjIcsP6ZhTm2uaL3J/9tPIwWcykhf4umVHGQrcwFuZ8Vxwo/ +X2n0Cl+McbUsv2biA5oy9NLsKolL+TWIFDNHTi4FeQHtZDZ2ufiFzQGIrMWysVm4 +zVr0CQk4m9paz854mR9JPUHWBnxSmciX0bOAOqJPNsTFljB3MTjIcMzhZwazKy+T +tWnPg36IU5sPRiFM1gU2RJlgaEflMgES1BBzrpo0lPpuuFhPe1uKkpet/Ze5dcrC +1EV9F2vNL/Njeg4wtQup2aZ8dGCdzAkDQ/EPkNO3/myf2c14SxWujFv5mYECAwEA +AaOCATQwggEwMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFHOwHKQvgsvPR6U417AE +gjp+chUhMIHMBgNVHSMEgcQwgcGAFHOwHKQvgsvPR6U417AEgjp+chUhoYGdpIGa +MIGXMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwH +U2VhdHRsZTEQMA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcx +GDAWBgNVBAMMD3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3 +b2xmc3NsLmNvbYIJAO9X2PVpOJUlMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw +AYYWaHR0cDovL2xvY2FsaG9zdDoyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAVfbe +vU+slTrMhojDTPwLkYaRxZXKXPjDu9fBvW7DL5QYwdjitd2LlxM/XnacE4kU1Pym +9wGhxc8OTQCuhQlUzs/41adAYKw4cnU7y0LgT6JgNHTtvmVwsUrZma8XD2/0t/Nn +YFcXIKyIZVMPjLwLUXmirxIRJl5VBh5cjFgYSkrY5fn8aZjm5eaUXILuvwdHGIy0 +MbPSwwLcU4bBH/oxP4/SPIorTTcfCyZ4mzv964mk0kdemYLRY5ZfRqYYq4zY0uzc +UNxnwWPQHlcEEKnVHcBz5M6weWK+EW4wUzvf513kBrGAyBozzDGEQg9VrNha5dAM +H8bKHeSMPjGB+f68AQ== +-----END CERTIFICATE----- diff --git a/certs/ocsp/root-ca-key.pem b/certs/ocsp/root-ca-key.pem new file mode 100644 index 000000000..a7cbcbb60 --- /dev/null +++ b/certs/ocsp/root-ca-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCrLLQvHQYJ704p +hoR+zL+meXzwwMFkJYx1txAFykgnDA4yHLD+mYU5trmi9yf/bTyMFnMpIX+LplRx +kK3MBbmfFccKP19p9ApfjHG1LL9m4gOaMvTS7CqJS/k1iBQzR04uBXkB7WQ2drn4 +hc0BiKzFsrFZuM1a9AkJOJvaWs/OeJkfST1B1gZ8UpnIl9GzgDqiTzbExZYwdzE4 +yHDM4WcGsysvk7Vpz4N+iFObD0YhTNYFNkSZYGhH5TIBEtQQc66aNJT6brhYT3tb +ipKXrf2XuXXKwtRFfRdrzS/zY3oOMLULqdmmfHRgncwJA0PxD5DTt/5sn9nNeEsV +roxb+ZmBAgMBAAECggEAd0Qjm3wOfBeYD0jhwnOoyTZ2vkyfssaS0mYlrNMfaM12 +iqYBELQo5miReaHZ5ZfYCweNX8guVUAkMCiNX81RYy3KTDKRqYJXQ/HYPFMcXXP2 +7Ja6jMfub1FXJ1xULtJs/5XilVwxad1ZgHbBu2LedrUl6wzfUJMeRKWDuiVyCzpK +J2+F1iVH+whBI/eN8qopHM4JeR0W9k7rFJayQZ9iAIfrl2In1hTay9S7HCEdmWz/ +BVI818QXsgCuulR9G2erS0gS181P090YcZeuzh5YfvAnzn7m8BTboJojix5pkfQt +gM5E7YD4nYU1V796P2cfAaMJoQyCW4NSn+kwgLT5rQKBgQDXnHvs/fk+gxFiBt/U +tRfU+iUoiMofrcAZswMBvOZVy40RbtxuNXwnGo9+Bko7XVKekVO6TGUyPSpv1VXR +QCjlk+PsXyx0DD2+Hb3r69wXJ3Wfxe0K+p6CHIuspJUmNrHdpJOBTO8GbHNxuaD/ +kDJvBq+ZkXEKUm9a5BeU5WiwMwKBgQDLPUkr+Mm2pJIIEBF8z3Lr3bWIbZsinxhM +ErQRAQC0J+oBj1kuUoXYoh1hzQK/E90bM2fRUMhgVGIBvwDMv0c+Z2Fb6zK0r3mP +dOLYGOrfavl/f7zhd4TjzPkAF1fbbYbciFQIWW3//q8PXY68eKvwrhGqT+CCwLef +tWC3xrpLewKBgQC7Ht7abgxa+UsjxQ2Kv+O//Zw0EotAdP2sEBUC9Br+yJpUT99U +cmyeT0nLONBBtxtV7JA6tcR5lmX3CrHg2Yrku7XqVSrySBFppsxGLLslCSTnFdJE +Xf8ksntxyKB8uqkgz40IgWlMLOEACPc19MIgYzAQ2g29xI9J1Xy1x2dUywKBgBFo +HVU7yKLw82TnY2gKKHCVG5Akuw27DIyvaWavbE0BwiQCEARMoxQLxnJy6ZJN9Dj5 +LSIbRh4h/AbkQgBHPaXVmtwRh9U71jB4NVmGwM8DzXyjBx1UbDhKfOUKGsc7WTqY +HoJcjnRHbtzlCW2Q9ED316F7l+H6+X8fPLpgteHzAoGARc6B/pWJWkUVM87ObGmr +hiA5YByyC6Rq8HyFEeXiS2fiQPfQF0UC9Qxq9/CBkezb8v+Yb/UT4ieL26c270s5 +JkyYqMoBLgkOKG6nPDD4hxoR24cFmC090RNQOhwwHskh+KjVmf3c/m9wNBSdHTpt +URu+xdmbaoKaH9dIJMUKasc= +-----END PRIVATE KEY----- diff --git a/certs/ocsp/server1-cert.pem b/certs/ocsp/server1-cert.pem new file mode 100644 index 000000000..b4f1426d3 --- /dev/null +++ b/certs/ocsp/server1-cert.pem @@ -0,0 +1,184 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4 (0x4) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL intermediate CA/emailAddress=info@wolfssl.com + Validity + Not Before: Dec 7 22:42:29 2015 GMT + Not After : Sep 2 22:42:29 2018 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=www1.wolfssl.com/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:e6:96:55:75:cf:8a:97:68:8c:b6:38:f6:7a:05: + be:33:b6:51:47:37:8a:f7:db:91:be:92:6b:b7:00: + 8c:f2:c5:24:6e:18:e9:92:00:81:01:dc:b3:4c:28: + a9:b7:80:f1:96:cf:23:7a:2f:ae:f8:e3:0f:2d:d3: + 5e:23:e7:db:4c:b2:5d:89:16:17:be:be:81:db:fb: + 12:6d:28:4b:10:a0:12:04:27:c1:c9:d0:79:95:ef: + e8:8d:8c:59:9b:4e:72:7d:bc:49:2b:22:4e:f8:4f: + e2:0c:f1:e9:e9:97:f9:df:8c:5a:0a:aa:38:1d:43: + 04:a3:a7:89:a1:e2:83:a4:4b:b5:4e:45:88:a6:22: + 5d:ac:a9:58:67:88:c1:d5:61:ef:bd:11:05:27:94: + 47:bb:33:a5:8a:ca:ee:1f:8d:c0:6e:24:af:cd:ca: + bf:80:47:71:95:ac:a9:f1:5d:23:6c:f5:4b:b4:a9: + e1:c4:66:fb:e5:c4:a1:9f:a7:51:d1:78:cd:2e:b4: + 3f:2e:e2:82:f3:7f:c4:a7:f4:31:cf:76:27:3f:db: + 2e:d2:6e:c3:47:23:82:a3:48:40:8c:a7:c1:13:f0: + 63:50:54:43:f6:71:12:e1:6f:a5:7a:58:26:f7:fd: + 8b:3b:70:18:a0:43:ba:01:6b:b3:f8:d5:be:05:13: + 64:31 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + CC:55:15:00:E2:44:89:92:63:6D:10:5D:B9:9E:73:B6:5D:3A:19:CA + X509v3 Authority Key Identifier: + keyid:83:C6:3A:89:2C:81:F4:02:D7:9D:4C:E2:2A:C0:71:82:64:44:DA:0E + DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com + serial:01 + + X509v3 Key Usage: + Digital Signature, Non Repudiation, Key Encipherment + Authority Information Access: + OCSP - URI:http://localhost:22221 + + Signature Algorithm: sha256WithRSAEncryption + d2:c0:12:20:fd:e1:b6:ad:89:ae:6f:60:af:3c:ad:5a:09:04: + 31:99:7a:94:00:56:80:26:5a:13:53:60:f3:81:7c:ac:01:e8: + 7a:87:e9:3c:7a:0f:78:14:fa:3f:f1:54:0f:f9:8d:0e:f9:02: + 66:bd:81:c6:e9:12:1c:b6:db:7b:b0:71:dd:62:06:fd:39:5f: + b3:1f:43:ff:af:91:0f:58:3a:ae:e7:07:a5:da:a1:46:e4:67: + 0a:a4:0d:7e:37:b7:59:92:6c:7b:95:94:2b:33:5c:19:c2:35: + c5:fc:92:10:9e:87:13:8a:82:0f:f7:68:97:e1:b8:94:d3:d4: + d5:89:14:f3:1e:9e:29:1c:af:40:14:4b:80:7a:1e:dd:99:23: + dc:82:79:4b:3c:ac:09:6c:bf:84:97:ba:28:d2:ed:b7:d3:19: + 51:49:c1:1f:37:4d:44:fd:e9:2e:ff:b7:71:f7:35:5b:97:82: + 69:12:75:17:44:b3:a8:57:b8:88:ae:b9:1a:80:31:1f:c9:10: + 91:73:97:98:0b:9a:27:9e:ac:47:99:c6:66:64:f3:b2:36:1f: + 60:ef:fd:43:1e:f5:81:d4:21:89:d1:2e:27:69:9b:39:cb:84: + e4:fc:24:1b:f7:18:ff:78:36:0d:9e:37:59:ff:1d:ec:9b:c4: + 50:7d:42:ea +-----BEGIN CERTIFICATE----- +MIIE7DCCA9SgAwIBAgIBBDANBgkqhkiG9w0BAQsFADCBnzELMAkGA1UEBhMCVVMx +EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM +B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSAwHgYDVQQDDBd3b2xmU1NM +IGludGVybWVkaWF0ZSBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv +bTAeFw0xNTEyMDcyMjQyMjlaFw0xODA5MDIyMjQyMjlaMIGYMQswCQYDVQQGEwJV +UzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEQMA4GA1UE +CgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcxGTAXBgNVBAMMEHd3dzEu +d29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDmllV1z4qXaIy2OPZ6Bb4ztlFH +N4r325G+kmu3AIzyxSRuGOmSAIEB3LNMKKm3gPGWzyN6L6744w8t014j59tMsl2J +Fhe+voHb+xJtKEsQoBIEJ8HJ0HmV7+iNjFmbTnJ9vEkrIk74T+IM8enpl/nfjFoK +qjgdQwSjp4mh4oOkS7VORYimIl2sqVhniMHVYe+9EQUnlEe7M6WKyu4fjcBuJK/N +yr+AR3GVrKnxXSNs9Uu0qeHEZvvlxKGfp1HReM0utD8u4oLzf8Sn9DHPdic/2y7S +bsNHI4KjSECMp8ET8GNQVEP2cRLhb6V6WCb3/Ys7cBigQ7oBa7P41b4FE2QxAgMB +AAGjggE2MIIBMjAJBgNVHRMEAjAAMB0GA1UdDgQWBBTMVRUA4kSJkmNtEF25nnO2 +XToZyjCBxAYDVR0jBIG8MIG5gBSDxjqJLIH0AtedTOIqwHGCZETaDqGBnaSBmjCB +lzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1Nl +YXR0bGUxEDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgw +FgYDVQQDDA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s +ZnNzbC5jb22CAQEwCwYDVR0PBAQDAgXgMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEF +BQcwAYYWaHR0cDovL2xvY2FsaG9zdDoyMjIyMTANBgkqhkiG9w0BAQsFAAOCAQEA +0sASIP3htq2Jrm9grzytWgkEMZl6lABWgCZaE1Ng84F8rAHoeofpPHoPeBT6P/FU +D/mNDvkCZr2BxukSHLbbe7Bx3WIG/Tlfsx9D/6+RD1g6rucHpdqhRuRnCqQNfje3 +WZJse5WUKzNcGcI1xfySEJ6HE4qCD/dol+G4lNPU1YkU8x6eKRyvQBRLgHoe3Zkj +3IJ5SzysCWy/hJe6KNLtt9MZUUnBHzdNRP3pLv+3cfc1W5eCaRJ1F0SzqFe4iK65 +GoAxH8kQkXOXmAuaJ56sR5nGZmTzsjYfYO/9Qx71gdQhidEuJ2mbOcuE5PwkG/cY +/3g2DZ43Wf8d7JvEUH1C6g== +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com + Validity + Not Before: Dec 7 22:42:29 2015 GMT + Not After : Sep 2 22:42:29 2018 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL intermediate CA/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:de:b4:c8:5c:77:e0:2d:b1:f5:b9:ad:16:47:35: + a0:35:65:65:c6:e1:40:ab:1e:b4:b9:13:b7:cb:8c: + bb:77:a5:76:da:6d:87:87:f6:4a:4d:13:e4:26:3e: + 27:87:ee:5b:c7:6a:3f:45:30:61:55:5c:f6:35:d1: + 65:fa:98:11:a3:a7:55:d5:be:91:82:4b:fc:be:90: + d6:50:53:63:9a:2c:22:e1:35:11:dc:78:02:97:8a: + e4:46:92:9c:53:08:76:de:1f:53:b6:b8:ca:77:3e: + 79:6e:bc:d0:e3:0d:30:5b:4c:f6:94:0d:30:29:64: + 9f:04:e5:db:fb:89:60:67:bb:af:26:83:51:77:24: + 2f:2b:0b:a1:94:81:10:98:e8:eb:26:a8:1e:7c:e4: + c4:6c:67:06:95:55:4a:dd:52:f4:f2:60:6d:01:2b: + 19:91:35:6d:a4:08:47:06:71:24:00:d9:de:c6:56: + f3:8b:53:2c:e2:9a:96:a5:f3:62:e5:c4:e3:23:f2: + d2:fc:21:ea:0f:62:76:8d:d5:99:48:ce:dc:58:c4: + bb:7f:da:94:2c:80:74:83:c5:e0:b0:15:7e:41:fd: + 0e:f2:f4:f0:78:76:7b:ad:26:0d:aa:48:96:17:2f: + 21:e3:95:2b:26:37:f9:aa:80:2f:fe:de:f6:5e:bc: + 97:7f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + X509v3 Subject Key Identifier: + 83:C6:3A:89:2C:81:F4:02:D7:9D:4C:E2:2A:C0:71:82:64:44:DA:0E + X509v3 Authority Key Identifier: + keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 + DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com + serial:EF:57:D8:F5:69:38:95:25 + + Authority Information Access: + OCSP - URI:http://localhost:22220 + + Signature Algorithm: sha256WithRSAEncryption + 3d:92:fc:b0:73:95:d8:5a:18:e3:27:fc:55:05:14:54:2e:af: + 37:1e:37:11:25:e8:c9:7a:b0:9b:68:fb:a0:69:91:fd:bb:dd: + 00:55:fb:30:b3:4a:59:a6:58:bb:e4:03:3e:f2:98:a2:07:71: + c7:de:3a:a0:0b:eb:43:44:77:2b:fc:5d:96:a7:89:c8:1a:6a: + 6e:b6:34:00:bb:e0:8a:5b:2b:ad:3a:f4:ab:b9:d4:54:f9:85: + 9a:f7:3b:23:00:dc:17:8f:55:1f:b9:e1:17:10:61:91:50:77: + b6:57:be:75:61:6e:cc:9c:27:76:32:c2:de:b4:ee:11:ff:10: + f7:99:49:38:8e:af:af:fa:73:1e:34:20:6c:3e:9f:cb:56:70: + 20:47:21:d3:2c:db:9b:ad:3b:32:96:72:be:d3:1b:d2:33:21: + 9b:4b:86:3a:64:45:37:8b:60:80:3b:3e:08:7a:06:f2:aa:20: + 7b:63:2c:df:03:c0:2a:74:07:61:db:f3:ec:8a:17:a4:36:a1: + 6c:b6:c0:64:f7:8a:5b:d0:43:64:bb:3e:ed:5d:e8:06:9c:b0: + ef:c2:f3:d1:ff:e2:05:5e:1f:e1:bd:ef:2a:32:a3:44:9f:44: + 99:c0:a3:27:8b:af:24:c4:5f:2b:d5:05:a2:18:70:32:a4:d2: + 75:16:1b:b1 +-----BEGIN CERTIFICATE----- +MIIE6TCCA9GgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx +EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM +B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx +MjA3MjI0MjI5WhcNMTgwOTAyMjI0MjI5WjCBnzELMAkGA1UEBhMCVVMxEzARBgNV +BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT +U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSAwHgYDVQQDDBd3b2xmU1NMIGludGVy +bWVkaWF0ZSBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN60yFx34C2x9bmtFkc1oDVlZcbh +QKsetLkTt8uMu3eldtpth4f2Sk0T5CY+J4fuW8dqP0UwYVVc9jXRZfqYEaOnVdW+ +kYJL/L6Q1lBTY5osIuE1Edx4ApeK5EaSnFMIdt4fU7a4ync+eW680OMNMFtM9pQN +MClknwTl2/uJYGe7ryaDUXckLysLoZSBEJjo6yaoHnzkxGxnBpVVSt1S9PJgbQEr +GZE1baQIRwZxJADZ3sZW84tTLOKalqXzYuXE4yPy0vwh6g9ido3VmUjO3FjEu3/a +lCyAdIPF4LAVfkH9DvL08Hh2e60mDapIlhcvIeOVKyY3+aqAL/7e9l68l38CAwEA +AaOCATQwggEwMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFIPGOoksgfQC151M4irA +cYJkRNoOMIHMBgNVHSMEgcQwgcGAFHOwHKQvgsvPR6U417AEgjp+chUhoYGdpIGa +MIGXMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwH +U2VhdHRsZTEQMA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcx +GDAWBgNVBAMMD3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3 +b2xmc3NsLmNvbYIJAO9X2PVpOJUlMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw +AYYWaHR0cDovL2xvY2FsaG9zdDoyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAPZL8 +sHOV2FoY4yf8VQUUVC6vNx43ESXoyXqwm2j7oGmR/bvdAFX7MLNKWaZYu+QDPvKY +ogdxx946oAvrQ0R3K/xdlqeJyBpqbrY0ALvgilsrrTr0q7nUVPmFmvc7IwDcF49V +H7nhFxBhkVB3tle+dWFuzJwndjLC3rTuEf8Q95lJOI6vr/pzHjQgbD6fy1ZwIEch +0yzbm607MpZyvtMb0jMhm0uGOmRFN4tggDs+CHoG8qoge2Ms3wPAKnQHYdvz7IoX +pDahbLbAZPeKW9BDZLs+7V3oBpyw78Lz0f/iBV4f4b3vKjKjRJ9EmcCjJ4uvJMRf +K9UFohhwMqTSdRYbsQ== +-----END CERTIFICATE----- diff --git a/certs/ocsp/server1-key.pem b/certs/ocsp/server1-key.pem new file mode 100644 index 000000000..e44f63129 --- /dev/null +++ b/certs/ocsp/server1-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDmllV1z4qXaIy2 +OPZ6Bb4ztlFHN4r325G+kmu3AIzyxSRuGOmSAIEB3LNMKKm3gPGWzyN6L6744w8t +014j59tMsl2JFhe+voHb+xJtKEsQoBIEJ8HJ0HmV7+iNjFmbTnJ9vEkrIk74T+IM +8enpl/nfjFoKqjgdQwSjp4mh4oOkS7VORYimIl2sqVhniMHVYe+9EQUnlEe7M6WK +yu4fjcBuJK/Nyr+AR3GVrKnxXSNs9Uu0qeHEZvvlxKGfp1HReM0utD8u4oLzf8Sn +9DHPdic/2y7SbsNHI4KjSECMp8ET8GNQVEP2cRLhb6V6WCb3/Ys7cBigQ7oBa7P4 +1b4FE2QxAgMBAAECggEBAMcAl2DFbOae5FGfd5h3vF8EycCcvuKKLI4775pQb1RV +r8sU1P+cT7o7rsHblh04u0dcHVImNOu3ijISaPyz7R+UEAVve66y23/uf0iVrbL7 +cpEDfsudkFFGa30901elrEm3Za5EPcMvrfdeEHH5Jz02876giS032ZkjzjRYOSRg +TuFhiqjRTMfE6AB63KSRWcb6AYEocHV/jF+IEQcz9ctsv6XKKKJtge4+Y3+gQU4N +ALUE6OjBsD5KpMVuMYBSfTucYi5g2eOK05PoCOR8lTqgvsbof+ALj+84zEpG20aK +p0KdMVwiMolXaYcvKBOGPxZKt7sQaIMitbs0iuErMQECgYEA+cLVZh4qkRnsjPVc +/27qC/VLeWo2QAL7TWC7YgkY0MgNtZXRkJZdKOlzYWo/iJmuxHj7eUFLkoHpPNV2 +X6WG+CGHD1qq/BqLQNlJKS/MtI2VNzOjBJ/J3SktOGo3BwL+Q5uSRNHukQip0YnD +c9GCU4UhfBHr/UNitMBH6N5aPqUCgYEA7FjjTGomVseF5wNbfw2xLjBmRuQ2DDgJ +/OvCtV6it+OiVU9R+cYcz/hVl1QLIkGBHt5hb8O6np4tW5ehKd5LNTtolIO+/BLL +2xPZCLY7U+LES5dgUTC/wb5t5igAmPuOMi9qNQ1kYxbKYJVLRUdwfOM8FNE4gjZF +kj2BIb6OxZ0CgYEAmuXXvWZ2FdmTGHTPwWdDZjkyHtHdZWO0AXA9pnZn2oxH3FdX +SinHCymFsmPXlVtixV0W8UOqn+lMAruMl5MsGtWIUuBzbLj1pjlcI1wOw+ePJFY1 +AxgqdKwl7HgLOqEDmmBwnZfpMi/CSj77ZegIwM2vT6g5yK+zFtCtiGHmbDUCgYBf +L2VLbyzFolGBOk7tGnyTF5b5UguaXC9ZlzGxjc2Gtby5Etr29xy/fUorSgO55hu0 +bOdc9b0BCL9HtgeILyim5ag2t+CA8Kj9MD8mTQ4TuK5Jq0t1J2bzBliIau/irN0V +xRbHCv+1EIas4zOPUTgyc+nMkH5roqPeQ7rv9ijV2QKBgQDJiNmAJv3dlie2x+bj +rX5RDF1Q/egVVGx41jPyuzh0oFLwEQG2lSHEAKgF+gWt0ZMwNzPB9oue2LBSpNFl +7ZdpFCpzD+3OcaxnWYEGT+qNhczbf0PvVNBOzOI33Trr7maktWi0Mh9qmXqoNuwG +uCnrEriJlBk2MV88tIG/ZJ+bvQ== +-----END PRIVATE KEY----- diff --git a/certs/ocsp/server2-cert.pem b/certs/ocsp/server2-cert.pem new file mode 100644 index 000000000..de79496e1 --- /dev/null +++ b/certs/ocsp/server2-cert.pem @@ -0,0 +1,184 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 5 (0x5) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL intermediate CA/emailAddress=info@wolfssl.com + Validity + Not Before: Dec 7 22:42:30 2015 GMT + Not After : Sep 2 22:42:30 2018 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=www2.wolfssl.com/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c6:35:8a:e8:aa:bd:33:c9:5e:84:43:67:42:65: + 2a:3c:e3:89:b4:a6:67:a1:3b:ee:6d:85:d1:d3:2b: + 6e:b1:62:d4:f1:22:43:a0:d5:b7:a5:7d:b5:f5:6c: + 09:06:7c:8c:ef:87:af:4f:34:ce:27:eb:f3:4a:37: + 57:c3:d7:d8:ee:e4:a0:77:65:2c:a7:c2:10:65:6b: + 7b:48:c4:d8:28:fe:4c:4e:4f:7e:2f:20:c4:49:5b: + 71:38:40:0d:36:a3:57:b3:44:da:be:cd:54:14:15: + 66:0f:d3:05:08:f2:2e:03:67:2e:5c:5d:e1:b0:e6: + c0:25:8f:58:77:5b:d3:d7:a8:22:ea:56:d3:0e:01: + 6d:38:34:56:47:aa:12:c4:ba:2a:ef:ec:18:f5:d4: + db:b9:fa:6f:dc:50:eb:ee:10:a2:14:b5:9a:12:e1: + e3:85:0f:79:14:b8:70:6d:0d:1c:1d:38:57:85:6a: + 82:0c:d6:bd:2c:bf:20:f1:28:2e:f6:34:80:a7:0d: + 32:82:35:4f:c1:b1:e5:9e:26:d5:f8:b9:39:57:43: + ef:ed:f1:10:5c:3e:32:ba:d9:e4:9e:40:cd:28:ea: + 26:46:9b:a9:34:8d:9f:b9:fd:45:7d:14:f7:ce:ca: + 3b:85:87:a7:64:74:9c:65:29:18:b3:f5:b1:ad:92: + 62:39 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 7D:6D:FD:F6:0B:4F:3F:4A:62:91:F5:F3:13:60:51:86:C3:5A:9F:D6 + X509v3 Authority Key Identifier: + keyid:83:C6:3A:89:2C:81:F4:02:D7:9D:4C:E2:2A:C0:71:82:64:44:DA:0E + DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com + serial:01 + + X509v3 Key Usage: + Digital Signature, Non Repudiation, Key Encipherment + Authority Information Access: + OCSP - URI:http://localhost:22221 + + Signature Algorithm: sha256WithRSAEncryption + 72:91:43:1a:4f:fb:87:32:dc:12:b0:60:ed:d8:05:f9:ac:62: + 51:1d:21:40:f4:36:86:6c:24:82:33:a5:1e:c9:bd:bb:2a:2f: + 14:76:ef:63:ba:fe:79:c5:14:ac:0b:d7:3d:7d:cd:db:50:98: + 93:05:0e:f2:0f:00:fa:f2:11:dc:10:25:c0:e7:ae:0e:b2:fc: + 86:2a:a1:d9:ee:1c:ad:31:ad:be:69:3f:58:5d:73:cd:bb:df: + 64:3d:bd:aa:e0:30:9e:4b:f5:e5:48:0e:81:c5:81:2e:90:d5: + 73:62:a6:80:9a:71:24:54:95:3a:aa:a0:df:aa:2a:95:9e:90: + 1f:f4:94:cb:ad:9d:47:7f:52:d6:52:16:a4:db:1e:71:71:c9: + a4:4a:02:1c:e5:5d:4d:23:6c:6a:db:60:b4:0e:58:83:1a:86: + af:f0:ec:25:44:63:c6:05:f2:26:f8:34:98:11:93:cd:4d:4d: + 7a:cb:53:e5:86:40:91:fb:6d:16:14:de:c8:d1:5d:65:9d:45: + 92:1c:c0:4f:4f:33:8a:8b:23:93:30:f4:fe:08:92:27:bf:3d: + 11:4e:0b:42:59:69:88:b3:df:45:0f:a0:05:63:03:bd:1c:8c: + 3c:76:1f:20:65:25:8b:3c:34:1e:74:a0:79:05:6e:dd:b6:ae: + 8f:77:b5:0d +-----BEGIN CERTIFICATE----- +MIIE7DCCA9SgAwIBAgIBBTANBgkqhkiG9w0BAQsFADCBnzELMAkGA1UEBhMCVVMx +EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM +B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSAwHgYDVQQDDBd3b2xmU1NM +IGludGVybWVkaWF0ZSBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv +bTAeFw0xNTEyMDcyMjQyMzBaFw0xODA5MDIyMjQyMzBaMIGYMQswCQYDVQQGEwJV +UzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEQMA4GA1UE +CgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcxGTAXBgNVBAMMEHd3dzIu +d29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGNYroqr0zyV6EQ2dCZSo844m0 +pmehO+5thdHTK26xYtTxIkOg1belfbX1bAkGfIzvh69PNM4n6/NKN1fD19ju5KB3 +ZSynwhBla3tIxNgo/kxOT34vIMRJW3E4QA02o1ezRNq+zVQUFWYP0wUI8i4DZy5c +XeGw5sAlj1h3W9PXqCLqVtMOAW04NFZHqhLEuirv7Bj11Nu5+m/cUOvuEKIUtZoS +4eOFD3kUuHBtDRwdOFeFaoIM1r0svyDxKC72NICnDTKCNU/BseWeJtX4uTlXQ+/t +8RBcPjK62eSeQM0o6iZGm6k0jZ+5/UV9FPfOyjuFh6dkdJxlKRiz9bGtkmI5AgMB +AAGjggE2MIIBMjAJBgNVHRMEAjAAMB0GA1UdDgQWBBR9bf32C08/SmKR9fMTYFGG +w1qf1jCBxAYDVR0jBIG8MIG5gBSDxjqJLIH0AtedTOIqwHGCZETaDqGBnaSBmjCB +lzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1Nl +YXR0bGUxEDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgw +FgYDVQQDDA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s +ZnNzbC5jb22CAQEwCwYDVR0PBAQDAgXgMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEF +BQcwAYYWaHR0cDovL2xvY2FsaG9zdDoyMjIyMTANBgkqhkiG9w0BAQsFAAOCAQEA +cpFDGk/7hzLcErBg7dgF+axiUR0hQPQ2hmwkgjOlHsm9uyovFHbvY7r+ecUUrAvX +PX3N21CYkwUO8g8A+vIR3BAlwOeuDrL8hiqh2e4crTGtvmk/WF1zzbvfZD29quAw +nkv15UgOgcWBLpDVc2KmgJpxJFSVOqqg36oqlZ6QH/SUy62dR39S1lIWpNsecXHJ +pEoCHOVdTSNsattgtA5YgxqGr/DsJURjxgXyJvg0mBGTzU1NestT5YZAkfttFhTe +yNFdZZ1FkhzAT08ziosjkzD0/giSJ789EU4LQllpiLPfRQ+gBWMDvRyMPHYfIGUl +izw0HnSgeQVu3bauj3e1DQ== +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com + Validity + Not Before: Dec 7 22:42:29 2015 GMT + Not After : Sep 2 22:42:29 2018 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL intermediate CA/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:de:b4:c8:5c:77:e0:2d:b1:f5:b9:ad:16:47:35: + a0:35:65:65:c6:e1:40:ab:1e:b4:b9:13:b7:cb:8c: + bb:77:a5:76:da:6d:87:87:f6:4a:4d:13:e4:26:3e: + 27:87:ee:5b:c7:6a:3f:45:30:61:55:5c:f6:35:d1: + 65:fa:98:11:a3:a7:55:d5:be:91:82:4b:fc:be:90: + d6:50:53:63:9a:2c:22:e1:35:11:dc:78:02:97:8a: + e4:46:92:9c:53:08:76:de:1f:53:b6:b8:ca:77:3e: + 79:6e:bc:d0:e3:0d:30:5b:4c:f6:94:0d:30:29:64: + 9f:04:e5:db:fb:89:60:67:bb:af:26:83:51:77:24: + 2f:2b:0b:a1:94:81:10:98:e8:eb:26:a8:1e:7c:e4: + c4:6c:67:06:95:55:4a:dd:52:f4:f2:60:6d:01:2b: + 19:91:35:6d:a4:08:47:06:71:24:00:d9:de:c6:56: + f3:8b:53:2c:e2:9a:96:a5:f3:62:e5:c4:e3:23:f2: + d2:fc:21:ea:0f:62:76:8d:d5:99:48:ce:dc:58:c4: + bb:7f:da:94:2c:80:74:83:c5:e0:b0:15:7e:41:fd: + 0e:f2:f4:f0:78:76:7b:ad:26:0d:aa:48:96:17:2f: + 21:e3:95:2b:26:37:f9:aa:80:2f:fe:de:f6:5e:bc: + 97:7f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + X509v3 Subject Key Identifier: + 83:C6:3A:89:2C:81:F4:02:D7:9D:4C:E2:2A:C0:71:82:64:44:DA:0E + X509v3 Authority Key Identifier: + keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 + DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com + serial:EF:57:D8:F5:69:38:95:25 + + Authority Information Access: + OCSP - URI:http://localhost:22220 + + Signature Algorithm: sha256WithRSAEncryption + 3d:92:fc:b0:73:95:d8:5a:18:e3:27:fc:55:05:14:54:2e:af: + 37:1e:37:11:25:e8:c9:7a:b0:9b:68:fb:a0:69:91:fd:bb:dd: + 00:55:fb:30:b3:4a:59:a6:58:bb:e4:03:3e:f2:98:a2:07:71: + c7:de:3a:a0:0b:eb:43:44:77:2b:fc:5d:96:a7:89:c8:1a:6a: + 6e:b6:34:00:bb:e0:8a:5b:2b:ad:3a:f4:ab:b9:d4:54:f9:85: + 9a:f7:3b:23:00:dc:17:8f:55:1f:b9:e1:17:10:61:91:50:77: + b6:57:be:75:61:6e:cc:9c:27:76:32:c2:de:b4:ee:11:ff:10: + f7:99:49:38:8e:af:af:fa:73:1e:34:20:6c:3e:9f:cb:56:70: + 20:47:21:d3:2c:db:9b:ad:3b:32:96:72:be:d3:1b:d2:33:21: + 9b:4b:86:3a:64:45:37:8b:60:80:3b:3e:08:7a:06:f2:aa:20: + 7b:63:2c:df:03:c0:2a:74:07:61:db:f3:ec:8a:17:a4:36:a1: + 6c:b6:c0:64:f7:8a:5b:d0:43:64:bb:3e:ed:5d:e8:06:9c:b0: + ef:c2:f3:d1:ff:e2:05:5e:1f:e1:bd:ef:2a:32:a3:44:9f:44: + 99:c0:a3:27:8b:af:24:c4:5f:2b:d5:05:a2:18:70:32:a4:d2: + 75:16:1b:b1 +-----BEGIN CERTIFICATE----- +MIIE6TCCA9GgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx +EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM +B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx +MjA3MjI0MjI5WhcNMTgwOTAyMjI0MjI5WjCBnzELMAkGA1UEBhMCVVMxEzARBgNV +BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT +U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSAwHgYDVQQDDBd3b2xmU1NMIGludGVy +bWVkaWF0ZSBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN60yFx34C2x9bmtFkc1oDVlZcbh +QKsetLkTt8uMu3eldtpth4f2Sk0T5CY+J4fuW8dqP0UwYVVc9jXRZfqYEaOnVdW+ +kYJL/L6Q1lBTY5osIuE1Edx4ApeK5EaSnFMIdt4fU7a4ync+eW680OMNMFtM9pQN +MClknwTl2/uJYGe7ryaDUXckLysLoZSBEJjo6yaoHnzkxGxnBpVVSt1S9PJgbQEr +GZE1baQIRwZxJADZ3sZW84tTLOKalqXzYuXE4yPy0vwh6g9ido3VmUjO3FjEu3/a +lCyAdIPF4LAVfkH9DvL08Hh2e60mDapIlhcvIeOVKyY3+aqAL/7e9l68l38CAwEA +AaOCATQwggEwMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFIPGOoksgfQC151M4irA +cYJkRNoOMIHMBgNVHSMEgcQwgcGAFHOwHKQvgsvPR6U417AEgjp+chUhoYGdpIGa +MIGXMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwH +U2VhdHRsZTEQMA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcx +GDAWBgNVBAMMD3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3 +b2xmc3NsLmNvbYIJAO9X2PVpOJUlMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw +AYYWaHR0cDovL2xvY2FsaG9zdDoyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAPZL8 +sHOV2FoY4yf8VQUUVC6vNx43ESXoyXqwm2j7oGmR/bvdAFX7MLNKWaZYu+QDPvKY +ogdxx946oAvrQ0R3K/xdlqeJyBpqbrY0ALvgilsrrTr0q7nUVPmFmvc7IwDcF49V +H7nhFxBhkVB3tle+dWFuzJwndjLC3rTuEf8Q95lJOI6vr/pzHjQgbD6fy1ZwIEch +0yzbm607MpZyvtMb0jMhm0uGOmRFN4tggDs+CHoG8qoge2Ms3wPAKnQHYdvz7IoX +pDahbLbAZPeKW9BDZLs+7V3oBpyw78Lz0f/iBV4f4b3vKjKjRJ9EmcCjJ4uvJMRf +K9UFohhwMqTSdRYbsQ== +-----END CERTIFICATE----- diff --git a/certs/ocsp/server2-key.pem b/certs/ocsp/server2-key.pem new file mode 100644 index 000000000..e4b6181e8 --- /dev/null +++ b/certs/ocsp/server2-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDGNYroqr0zyV6E +Q2dCZSo844m0pmehO+5thdHTK26xYtTxIkOg1belfbX1bAkGfIzvh69PNM4n6/NK +N1fD19ju5KB3ZSynwhBla3tIxNgo/kxOT34vIMRJW3E4QA02o1ezRNq+zVQUFWYP +0wUI8i4DZy5cXeGw5sAlj1h3W9PXqCLqVtMOAW04NFZHqhLEuirv7Bj11Nu5+m/c +UOvuEKIUtZoS4eOFD3kUuHBtDRwdOFeFaoIM1r0svyDxKC72NICnDTKCNU/BseWe +JtX4uTlXQ+/t8RBcPjK62eSeQM0o6iZGm6k0jZ+5/UV9FPfOyjuFh6dkdJxlKRiz +9bGtkmI5AgMBAAECggEAL6rWwke1gsvNyD8xiR0tQEF0b5aJW5Q/LeW95WwPjed3 +0Jnt67MaHFmUNfaKYR35Au39si2/2of7FYEjwTyatjETikMxrxKTwOBNYN2+InWt +wjOJ5CmcKwwruVxmERrNT5aiiLp2mvHefrXAAzvC5xycYKhPS6zizuWfX+0ckEM5 +yJnl8TRTjfqExxHS1ciTY4B1w8nfWdYY/xiQW23sCPZ8toqsqAuHJjREmMcj+oer +z8Md1tZNa0ujDy0ejSovCnqzWIi4Umg3SndhRDYKNRAFGPNQmYRM+EWEqQufMaXP +ghD+Heb5RUPSkNW98KdjDGK4WiIeqF45tb+YQ4AvgQKBgQDt2X+FMHG/s7FAEAxA +x6TzIcDedqwEKtO3JbaC+Q0FKwRTGwP1tGOnyqbVrw4cSlza5EvUnK8CZK9I2HFd +qfbP3rtFCtHl9/bpVZPNkaVImzqkfmzmGJIREsCDIPu8THFNyxL2TC27VKCNsSmZ +ui2tuxRJ6/O0DroGdvdnFL89SQKBgQDVVaZjiA5Cr1e5Eo6q3dNNeMSBfTuI90Ja +W1OmVovp2yWYjfFFTW2B9vb4RDaRvIuykGhHgAnGKGmHtv7f0GlY7n6Qr0czvyn5 +6s+fRVIcPzEaTVnxC1g20+XHc41XdqnIOcaUjUz7oqC6g7+Y56WKdvvKitV0Lb98 +ua7ZOM6tcQKBgGWtRMY7H2VD+9HXCmXm8qy9ESYItSBS7o6soIj8zoQXD5I3SkoP +A0sHZqqSWwXdBDTOw1vwXyA2ynfpjwzrS4cxP/0T0wbsKbE11ClcybtwIHGRWhxD +BK4nxgRIZVTpmMYYudJwXlxmoPvxcEc3P6+0+cdgBp5CbWO2F60JQXeBAoGAHxLs +u46z1Q7JTlHfqg/JmX0/0kS1iUvKxHKNCquMkbG0FjaGsDuI+edJLfxxnmTCTG4w +YknKIqz8QiJrmZo33hZPJTACxQzRRm/nciGcxjSGKHif4zZt0P6od5bjPZwxOtL/ +k9/JGNYlZ0WNgO4s9LBEGMqEMPoA7F/3kfhuUmECgYEA6WzFZjs31OqTLE0vnCfL +/b/wPeozaAyjtR/24TNkAFwP/LrBAA5gFOoL8p94ce87yXdm80x3bK6OGbNmor7c +qT/OJgnXV1wTrKYSkFUu7LTC7DihpYy2MqyGg8xGxB4kK1IR+ROB4v3c5RkIqaGF +lTSpXFge771NjCimucIOl/Y= +-----END PRIVATE KEY----- diff --git a/certs/ocsp/server3-cert.pem b/certs/ocsp/server3-cert.pem new file mode 100644 index 000000000..b06624053 --- /dev/null +++ b/certs/ocsp/server3-cert.pem @@ -0,0 +1,184 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 6 (0x6) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL REVOKED intermediate CA/emailAddress=info@wolfssl.com + Validity + Not Before: Dec 7 22:42:30 2015 GMT + Not After : Sep 2 22:42:30 2018 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=www3.wolfssl.com/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:be:19:65:1e:17:39:d4:33:fc:97:64:69:80:51: + fb:6c:7c:ca:e1:ba:2a:ab:d2:dd:30:61:f3:2e:47: + c1:d4:33:c0:ff:53:21:ba:2d:14:a6:b9:7c:66:ca: + 45:7b:1c:7d:8f:fc:75:f3:9a:69:f1:6c:25:46:a0: + 92:5d:00:93:e3:22:a6:60:b9:97:05:37:7f:a1:aa: + cd:22:81:72:b1:22:47:3d:7c:8d:46:55:bc:32:4d: + d2:84:43:5c:15:43:07:22:70:36:39:93:1b:e8:a1: + 46:bb:02:85:ba:1d:31:ac:b1:3c:84:5b:eb:8f:1f: + 62:8a:71:52:9e:0b:63:b6:e6:d6:46:cc:19:06:d6: + bb:06:81:e4:0b:25:14:6c:63:94:70:1a:27:37:95: + 24:40:07:30:f5:24:73:c3:bd:f9:0e:5f:b6:cd:4f: + 18:88:f0:d7:a3:9b:f5:b0:1e:fe:04:03:a5:8d:73: + f7:6b:31:74:85:fd:61:fa:9e:53:37:75:90:e6:f8: + b5:98:66:e8:52:4d:4a:4c:39:05:65:c1:34:f9:c6: + 95:27:b0:07:c1:51:96:a8:82:1b:22:cf:41:df:de: + b4:94:b7:0d:ba:61:fb:f4:40:7c:a1:fc:a2:29:a3: + 47:4d:b4:94:9d:7b:51:ec:e4:13:fb:cd:e9:26:ca: + a7:93 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + C1:CD:C0:2C:34:F4:3B:BB:E3:CA:98:35:7D:6A:15:33:94:5C:11:3A + X509v3 Authority Key Identifier: + keyid:05:D1:BA:86:00:A2:EE:2A:05:24:B7:11:AD:2D:60:F1:90:14:8F:17 + DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com + serial:02 + + X509v3 Key Usage: + Digital Signature, Non Repudiation, Key Encipherment + Authority Information Access: + OCSP - URI:http://localhost:22222 + + Signature Algorithm: sha256WithRSAEncryption + 65:ef:ab:69:45:9f:a9:92:4d:2c:3c:83:11:ec:03:35:9f:f2: + 8d:53:b8:b0:19:7d:93:66:ca:c6:9b:a1:16:ac:9c:29:39:14: + 9f:1e:08:bd:c7:80:31:e0:f5:cc:a5:ff:0e:dc:82:bd:64:fa: + 45:eb:c3:b8:86:20:5e:e5:ab:9a:04:25:4e:57:d0:13:93:3d: + 8b:cd:77:d3:f3:26:29:e9:6a:84:30:27:e3:20:88:3c:dd:91: + b6:37:42:10:d1:70:49:2f:28:33:12:36:06:df:3a:41:22:d3: + a8:f1:91:08:7a:fd:f7:85:1e:0a:2f:70:90:14:d6:8f:95:d2: + 53:4f:cc:f6:ec:91:eb:3b:46:db:12:e3:21:e5:f2:b8:64:90: + cd:d0:54:35:49:d1:1d:07:24:1b:dc:03:d4:27:6e:11:2f:1a: + 60:ac:df:63:ea:90:cd:c0:f0:92:e3:90:49:13:8c:aa:2f:af: + a1:4d:e2:0c:10:26:2f:80:1e:99:2b:d8:b2:30:d2:e8:10:a6: + 8c:01:9b:10:df:b9:4b:25:23:ce:8e:e6:14:eb:dd:ed:8e:6a: + cf:3a:1b:7e:8c:f3:98:d7:7c:e6:d1:b3:b8:20:86:82:c8:b6: + cf:86:91:71:d0:88:24:2d:9a:c0:60:69:0b:8a:58:4a:d3:93: + 41:99:7a:77 +-----BEGIN CERTIFICATE----- +MIIE9DCCA9ygAwIBAgIBBjANBgkqhkiG9w0BAQsFADCBpzELMAkGA1UEBhMCVVMx +EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM +B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSgwJgYDVQQDDB93b2xmU1NM +IFJFVk9LRUQgaW50ZXJtZWRpYXRlIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv +bGZzc2wuY29tMB4XDTE1MTIwNzIyNDIzMFoXDTE4MDkwMjIyNDIzMFowgZgxCzAJ +BgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxl +MRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEZMBcGA1UE +AwwQd3d3My53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3Ns +LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL4ZZR4XOdQz/Jdk +aYBR+2x8yuG6KqvS3TBh8y5HwdQzwP9TIbotFKa5fGbKRXscfY/8dfOaafFsJUag +kl0Ak+MipmC5lwU3f6GqzSKBcrEiRz18jUZVvDJN0oRDXBVDByJwNjmTG+ihRrsC +hbodMayxPIRb648fYopxUp4LY7bm1kbMGQbWuwaB5AslFGxjlHAaJzeVJEAHMPUk +c8O9+Q5fts1PGIjw16Ob9bAe/gQDpY1z92sxdIX9YfqeUzd1kOb4tZhm6FJNSkw5 +BWXBNPnGlSewB8FRlqiCGyLPQd/etJS3Dbph+/RAfKH8oimjR020lJ17UezkE/vN +6SbKp5MCAwEAAaOCATYwggEyMAkGA1UdEwQCMAAwHQYDVR0OBBYEFMHNwCw09Du7 +48qYNX1qFTOUXBE6MIHEBgNVHSMEgbwwgbmAFAXRuoYAou4qBSS3Ea0tYPGQFI8X +oYGdpIGaMIGXMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4G +A1UEBwwHU2VhdHRsZTEQMA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5l +ZXJpbmcxGDAWBgNVBAMMD3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQ +aW5mb0B3b2xmc3NsLmNvbYIBAjALBgNVHQ8EBAMCBeAwMgYIKwYBBQUHAQEEJjAk +MCIGCCsGAQUFBzABhhZodHRwOi8vbG9jYWxob3N0OjIyMjIyMA0GCSqGSIb3DQEB +CwUAA4IBAQBl76tpRZ+pkk0sPIMR7AM1n/KNU7iwGX2TZsrGm6EWrJwpORSfHgi9 +x4Ax4PXMpf8O3IK9ZPpF68O4hiBe5auaBCVOV9ATkz2LzXfT8yYp6WqEMCfjIIg8 +3ZG2N0IQ0XBJLygzEjYG3zpBItOo8ZEIev33hR4KL3CQFNaPldJTT8z27JHrO0bb +EuMh5fK4ZJDN0FQ1SdEdByQb3APUJ24RLxpgrN9j6pDNwPCS45BJE4yqL6+hTeIM +ECYvgB6ZK9iyMNLoEKaMAZsQ37lLJSPOjuYU693tjmrPOht+jPOY13zm0bO4IIaC +yLbPhpFx0IgkLZrAYGkLilhK05NBmXp3 +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com + Validity + Not Before: Dec 7 22:42:29 2015 GMT + Not After : Sep 2 22:42:29 2018 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL REVOKED intermediate CA/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:d0:20:3c:35:19:6f:2c:44:b4:7e:42:c7:75:b4: + 6a:2b:a9:23:85:bf:87:b4:ee:ca:d7:4b:1f:31:d7: + 11:02:a1:ab:58:3d:fb:dc:51:ca:3a:1d:1f:95:a6: + 56:82:f7:8f:ff:6b:50:bb:ea:10:e1:47:1d:35:77: + 2e:4b:28:c5:53:46:23:2b:82:fd:5a:d3:f4:21:db: + 0e:e0:f2:76:33:47:b3:00:be:3a:b1:23:98:53:eb: + ea:a0:de:1b:cc:05:4e:ee:63:a8:2c:93:24:d6:98: + 78:74:03:e4:c8:89:43:61:f1:25:b8:cd:3b:87:c1: + 31:25:fd:ba:4c:fc:29:94:45:9e:69:d7:67:0a:8a: + 8e:d5:52:93:30:a2:0e:dd:6a:1c:b0:94:77:db:52: + 52:b7:89:21:be:96:75:24:cb:e9:49:df:81:9d:9d: + f8:55:7d:01:2a:eb:78:03:12:e2:20:6e:db:63:35: + cd:a1:96:f0:f8:8c:20:35:69:87:01:ca:b4:54:36: + a0:15:e0:23:7d:b9:fb:be:99:05:50:f0:bf:ec:7f: + 12:e1:3d:75:15:4e:c8:c2:30:e6:8b:fe:e5:8b:55: + f8:44:5e:e5:e3:56:e0:66:2d:6f:42:5a:45:6b:96: + aa:c7:5d:41:08:5f:ce:d7:dc:9f:20:e4:46:78:ff: + d9:99 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + X509v3 Subject Key Identifier: + 05:D1:BA:86:00:A2:EE:2A:05:24:B7:11:AD:2D:60:F1:90:14:8F:17 + X509v3 Authority Key Identifier: + keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 + DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com + serial:EF:57:D8:F5:69:38:95:25 + + Authority Information Access: + OCSP - URI:http://localhost:22220 + + Signature Algorithm: sha256WithRSAEncryption + 00:5e:fe:87:51:fc:e7:de:5c:e5:97:17:d2:af:6d:3b:65:29: + 27:3b:06:d7:55:5a:93:56:12:0f:8b:e7:57:69:dc:ae:ec:ec: + 2b:cd:cd:d0:15:c0:63:a3:5c:d9:6e:59:d2:88:b6:da:1c:ac: + b7:fe:46:2a:37:7b:5f:0b:30:80:7e:a5:46:8f:38:58:7e:df: + 8e:d0:f9:27:e6:e7:26:01:f8:04:5f:21:0d:7a:27:85:af:f8: + 41:15:aa:1d:73:3d:32:2a:a1:6b:f7:9e:36:3a:a3:26:dc:b8: + be:f2:61:ea:11:49:1c:43:68:5f:8c:a5:87:7b:71:a6:78:d0: + 1a:f1:f7:45:6c:59:eb:88:b5:ef:00:59:4f:71:48:00:73:11: + 2c:74:af:8d:1e:67:ee:cf:b3:9d:a4:64:ee:90:a7:f8:69:0a: + 8f:9b:74:89:68:c7:e4:1b:22:73:f1:23:94:c2:dd:4a:11:ee: + 9c:99:20:f7:e1:06:2a:ef:1b:1a:1c:10:f9:0b:0b:49:82:af: + 5f:38:75:0c:c3:a5:b8:9f:21:c5:61:eb:6d:6e:2d:d5:b5:89: + 19:28:ff:94:c1:55:eb:77:79:b5:57:e1:44:05:54:28:ca:66: + c5:4e:75:63:1b:b7:c4:57:fa:35:94:f7:82:3d:06:cc:f0:13: + bf:0e:23:70 +-----BEGIN CERTIFICATE----- +MIIE8TCCA9mgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx +EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM +B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx +MjA3MjI0MjI5WhcNMTgwOTAyMjI0MjI5WjCBpzELMAkGA1UEBhMCVVMxEzARBgNV +BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT +U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSgwJgYDVQQDDB93b2xmU1NMIFJFVk9L +RUQgaW50ZXJtZWRpYXRlIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu +Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0CA8NRlvLES0fkLH +dbRqK6kjhb+HtO7K10sfMdcRAqGrWD373FHKOh0flaZWgveP/2tQu+oQ4UcdNXcu +SyjFU0YjK4L9WtP0IdsO4PJ2M0ezAL46sSOYU+vqoN4bzAVO7mOoLJMk1ph4dAPk +yIlDYfEluM07h8ExJf26TPwplEWeaddnCoqO1VKTMKIO3WocsJR321JSt4khvpZ1 +JMvpSd+BnZ34VX0BKut4AxLiIG7bYzXNoZbw+IwgNWmHAcq0VDagFeAjfbn7vpkF +UPC/7H8S4T11FU7IwjDmi/7li1X4RF7l41bgZi1vQlpFa5aqx11BCF/O19yfIORG +eP/ZmQIDAQABo4IBNDCCATAwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUBdG6hgCi +7ioFJLcRrS1g8ZAUjxcwgcwGA1UdIwSBxDCBwYAUc7AcpC+Cy89HpTjXsASCOn5y +FSGhgZ2kgZowgZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAw +DgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdp +bmVlcmluZzEYMBYGA1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkB +FhBpbmZvQHdvbGZzc2wuY29tggkA71fY9Wk4lSUwMgYIKwYBBQUHAQEEJjAkMCIG +CCsGAQUFBzABhhZodHRwOi8vbG9jYWxob3N0OjIyMjIwMA0GCSqGSIb3DQEBCwUA +A4IBAQAAXv6HUfzn3lzllxfSr207ZSknOwbXVVqTVhIPi+dXadyu7Owrzc3QFcBj +o1zZblnSiLbaHKy3/kYqN3tfCzCAfqVGjzhYft+O0Pkn5ucmAfgEXyENeieFr/hB +Faodcz0yKqFr9542OqMm3Li+8mHqEUkcQ2hfjKWHe3GmeNAa8fdFbFnriLXvAFlP +cUgAcxEsdK+NHmfuz7OdpGTukKf4aQqPm3SJaMfkGyJz8SOUwt1KEe6cmSD34QYq +7xsaHBD5CwtJgq9fOHUMw6W4nyHFYettbi3VtYkZKP+UwVXrd3m1V+FEBVQoymbF +TnVjG7fEV/o1lPeCPQbM8BO/DiNw +-----END CERTIFICATE----- diff --git a/certs/ocsp/server3-key.pem b/certs/ocsp/server3-key.pem new file mode 100644 index 000000000..30e108011 --- /dev/null +++ b/certs/ocsp/server3-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC+GWUeFznUM/yX +ZGmAUftsfMrhuiqr0t0wYfMuR8HUM8D/UyG6LRSmuXxmykV7HH2P/HXzmmnxbCVG +oJJdAJPjIqZguZcFN3+hqs0igXKxIkc9fI1GVbwyTdKEQ1wVQwcicDY5kxvooUa7 +AoW6HTGssTyEW+uPH2KKcVKeC2O25tZGzBkG1rsGgeQLJRRsY5RwGic3lSRABzD1 +JHPDvfkOX7bNTxiI8Nejm/WwHv4EA6WNc/drMXSF/WH6nlM3dZDm+LWYZuhSTUpM +OQVlwTT5xpUnsAfBUZaoghsiz0Hf3rSUtw26Yfv0QHyh/KIpo0dNtJSde1Hs5BP7 +zekmyqeTAgMBAAECggEARDViddCJnF1m5X9O548C8qM4PJQK2YoYeVK76cAviQ9k +0XgnouCoB0aIn202Tv0jBHXmcJjYKJrQKS5WNe6OIbJ+FjihOmr2bbCWWCowV+Rf +wW0eV71NgJMx1OlCchKRzcaLfk8NdYPgmBtIlkYBW+BgQXGl7L2rIteUeEbH6Yj9 +yCn7ORQeFSbhZJTn2WdXhK3GWjV+1GyHyUyL2SSa2+G2LZ54Ifquq/F6rMGYB9lY +2K6Q6DB18aVxd/I/OYKeyBZcmJ9COgPUW7/fg0He73aduYdVvWZCRP1ygGdqSZFr +oqLVe34bEVFANUKylzRplRJdC4oKSUyTSubiOMKZ+QKBgQDf0mk3PolyvsfE2YGb +9/DsURIxZg14o9Pysp3yD1vvIYNz6WaddtJaj5OM7NzN8spu3wJSoeVgL6KYI6ah +ZTIYqy4ehOGPKBVL7SvLF+7q/QBMTdfllpdK7GLTtjBnz92TZl9bS/rBc9dCnnBC +EDkPPrc3nbk5/ADWd+K4RPG3HwKBgQDZbdiQCKY2ulppRcwjcAEIjhrFpShV21P6 +JNKt17HDBqULIAn+G9T/Gg/6yHWeY1DUgVBu1avb4L3jdnMPe2O+1jeaDzNRo6Xj +9v6PgGsiv4q7gfz7XqVwylUWIY7O52Ox/q+/QJBfwE0qe+E0t4syb44W4QvD9+k7 +fv77R7dFDQKBgQCe0SfVimtvX05TMN9V87YhiVk2ciqm6uDO+s02YI2kfgxPqFMm +8pRKrExPmBcJj/jyeQ2l4rjm6oYeHFX1ed/1PyoHf9SphxCtgoornzzpw0J94lKK +17Nc96Ucgs+QKiAYonCRULWKpY8d91zCk85ZMfBB54nySg2yIPlgNZOqkwKBgFO/ +Xqnj2vm7f7WKv91qd8tuyNsWCVpAl7EC2+8/5GVlOs71MUQiPkFgLYWADuXKBUlE +4dE/FeokP5/McPcmpL3Nzy7U6gRpDy2mZlipsxp4QpyErge4Zery1CEpHdOOBrV5 +jwIQgUuQS2iwvIbMp53uoAEp/5kk9T4IZXguIGZFAoGAMA/j0kHArT7FINf+O6R4 +3EyUTR139emLKHU2OlH/HfHVRZhHo4AmfUYksf+Njb81A6MKFd1XVmNnaumBIfq+ +6Ohoz1VMoO6aUiMMqbmBGaTHc30FVEtAQIRq2C8UDrEN67Sx3O/ngl0Br7lNri29 +LMSCe8fxf8+Kq0k+6tcsht4= +-----END PRIVATE KEY----- From 196b983b7b67cc0e398cd9c9b6337baa8ddfaa61 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Sun, 13 Dec 2015 18:02:19 -0300 Subject: [PATCH 17/22] adds ocsp test scripts; --- SCRIPTS-LIST | 11 +++++-- certs/external/ca-globalsign-root-r2.pem | 22 +++++++++++++ certs/external/ca-verisign-g5.pem | 28 +++++++++++++++++ certs/ocsp/ocspd0.sh | 14 ++++----- certs/ocsp/ocspd1.sh | 14 ++++----- certs/ocsp/ocspd2.sh | 14 ++++----- configure.ac | 4 +++ examples/client/client.c | 31 ++++++++++++++----- examples/server/server.c | 6 ++-- scripts/include.am | 18 ++++++++++- scripts/ocsp-stapling.test | 39 ++++++++++++++++++++++++ scripts/ocsp-stapling2.test | 35 +++++++++++++++++++++ scripts/ocsp.test | 20 ++++++++++++ src/internal.c | 1 - 14 files changed, 219 insertions(+), 38 deletions(-) create mode 100644 certs/external/ca-globalsign-root-r2.pem create mode 100644 certs/external/ca-verisign-g5.pem create mode 100755 scripts/ocsp-stapling.test create mode 100755 scripts/ocsp-stapling2.test create mode 100755 scripts/ocsp.test diff --git a/SCRIPTS-LIST b/SCRIPTS-LIST index 2f2306590..ffea9432f 100644 --- a/SCRIPTS-LIST +++ b/SCRIPTS-LIST @@ -19,13 +19,20 @@ certs/ renewcerts.sh - renews test certs and crls crl/ gencrls.sh - generates crls, used by renewcerts.sh + ocsp/ + renewcerts.sh - renews ocsp certs + ocspd0.sh - ocsp responder for root-ca-cert.pem + ocspd1.sh - ocsp responder for intermediate1-ca-cert.pem + ocspd2.sh - ocsp responder for intermediate2-ca-cert.pem scripts/ external.test - example client test against our website, part of tests google.test - example client test against google, part of tests resume.test - example sessoin resume test, part of tests - sniffer-testsuite.test - runs snifftest on a pcap of testsuite, part of tests - in sniffer mode + ocsp-stapling.test - example client test against globalsign, part of tests + ocsp-stapling2.test - example client test against example server, part of tests + sniffer-testsuite.test - runs snifftest on a pcap of testsuite, part of tests + in sniffer mode swig/ PythonBuild.sh - builds and runs simple python example diff --git a/certs/external/ca-globalsign-root-r2.pem b/certs/external/ca-globalsign-root-r2.pem new file mode 100644 index 000000000..6f0f8db0d --- /dev/null +++ b/certs/external/ca-globalsign-root-r2.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G +A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp +Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1 +MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG +A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL +v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8 +eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq +tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd +C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa +zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB +mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH +V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n +bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG +3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs +J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO +291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS +ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd +AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7 +TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg== +-----END CERTIFICATE----- diff --git a/certs/external/ca-verisign-g5.pem b/certs/external/ca-verisign-g5.pem new file mode 100644 index 000000000..707ff085b --- /dev/null +++ b/certs/external/ca-verisign-g5.pem @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCB +yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL +ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp +U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW +ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0 +aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCByjEL +MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW +ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2ln +biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp +U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y +aXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1 +nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbex +t0uz/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIz +SdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQG +BO+QueQA5N06tRn/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+ +rCpSx4/VBEnkjWNHiDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/ +NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E +BAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAH +BgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVy +aXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFH/TZafC3ey78DAJ80M5+gKv +MzEzMA0GCSqGSIb3DQEBBQUAA4IBAQCTJEowX2LP2BqYLz3q3JktvXf2pXkiOOzE +p6B4Eq1iDkVwZMXnl2YtmAl+X6/WzChl8gGqCBpH3vn5fJJaCGkgDdk+bW48DW7Y +5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKEKQsTb47bDN0lAtukixlE0kF6BWlK +WE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiCKm0oHw0LxOXnGiYZ +4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vEZV8N +hnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq +-----END CERTIFICATE----- diff --git a/certs/ocsp/ocspd0.sh b/certs/ocsp/ocspd0.sh index ea15a1c7a..33baeee14 100755 --- a/certs/ocsp/ocspd0.sh +++ b/certs/ocsp/ocspd0.sh @@ -1,10 +1,8 @@ #!/bin/bash -openssl ocsp \ - -index index0.txt \ - -port 22220 \ - -rsigner ocsp-responder-cert.pem \ - -rkey ocsp-responder-key.pem \ - -CA root-ca-cert.pem \ - -nmin 1 \ - -text +openssl ocsp -port 22220 -nmin 1 -text \ + -index certs/ocsp/index0.txt \ + -rsigner certs/ocsp/ocsp-responder-cert.pem \ + -rkey certs/ocsp/ocsp-responder-key.pem \ + -CA certs/ocsp/root-ca-cert.pem \ + $@ diff --git a/certs/ocsp/ocspd1.sh b/certs/ocsp/ocspd1.sh index 60390216d..1a6f2dc2a 100755 --- a/certs/ocsp/ocspd1.sh +++ b/certs/ocsp/ocspd1.sh @@ -1,10 +1,8 @@ #!/bin/bash -openssl ocsp \ - -index index1.txt \ - -port 22221 \ - -rsigner ocsp-responder-cert.pem \ - -rkey ocsp-responder-key.pem \ - -CA intermediate1-ca-cert.pem \ - -nmin 1 \ - -text +openssl ocsp -port 22221 -nmin 1 -text \ + -index certs/ocsp/index1.txt \ + -rsigner certs/ocsp/ocsp-responder-cert.pem \ + -rkey certs/ocsp/ocsp-responder-key.pem \ + -CA certs/ocsp/intermediate1-ca-cert.pem \ + $@ diff --git a/certs/ocsp/ocspd2.sh b/certs/ocsp/ocspd2.sh index f827bbcb6..04f3ae2bf 100755 --- a/certs/ocsp/ocspd2.sh +++ b/certs/ocsp/ocspd2.sh @@ -1,10 +1,8 @@ #!/bin/bash -openssl ocsp \ - -index index2.txt \ - -port 22222 \ - -rsigner ocsp-responder-cert.pem \ - -rkey ocsp-responder-key.pem \ - -CA intermediate2-ca-cert.pem \ - -nmin 1 \ - -text +openssl ocsp -port 22222 -nmin 1 -text \ + -index certs/ocsp/index2.txt \ + -rsigner certs/ocsp/ocsp-responder-cert.pem \ + -rkey certs/ocsp/ocsp-responder-key.pem \ + -CA certs/ocsp/intermediate2-ca-cert.pem \ + $@ diff --git a/configure.ac b/configure.ac index e7bd09bad..35497b851 100644 --- a/configure.ac +++ b/configure.ac @@ -1676,6 +1676,8 @@ then fi fi +AM_CONDITIONAL([BUILD_OCSP_STAPLING], [test "x$ENABLED_CERTIFICATE_STATUS_REQUEST" = "xyes"]) + # Certificate Status Request v2 : a.k.a. OCSP stapling v2 AC_ARG_ENABLE([ocspstapling2], [AS_HELP_STRING([--enable-ocspstapling2],[Enable Certificate Status Request v2 - a.k.a. OCSP Stapling v2 (default: disabled)])], @@ -1696,6 +1698,8 @@ then fi fi +AM_CONDITIONAL([BUILD_OCSP_STAPLING_V2], [test "x$ENABLED_CERTIFICATE_STATUS_REQUEST_V2" = "xyes"]) + # Renegotiation Indication - (FAKE Secure Renegotiation) AC_ARG_ENABLE([renegotiation-indication], [AS_HELP_STRING([--enable-renegotiation-indication],[Enable Renegotiation Indication (default: disabled)])], diff --git a/examples/client/client.c b/examples/client/client.c index 79d735b44..f96258664 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -484,7 +484,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #ifndef WOLFSSL_VXWORKS while ((ch = mygetopt(argc, argv, - "?gdeDusmNrwRitfxXUPCVh:p:v:l:A:c:k:Z:b:zS:L:ToO:aB:W")) != -1) { + "?gdeDusmNrwRitfxXUPCVh:p:v:l:A:c:k:Z:b:zS:L:ToO:aB:W:")) != -1) { switch (ch) { case '?' : Usage(); @@ -678,7 +678,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) case 'W' : #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) - statusRequest = 1; + statusRequest = atoi(myoptarg); #endif break; @@ -1006,18 +1006,35 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #endif #ifdef HAVE_CERTIFICATE_STATUS_REQUEST if (statusRequest) { - if (wolfSSL_UseCertificateStatusRequest(ssl, WOLFSSL_CSR_OCSP, + switch (statusRequest) { + case WOLFSSL_CSR_OCSP: + if (wolfSSL_UseCertificateStatusRequest(ssl, WOLFSSL_CSR_OCSP, WOLFSSL_CSR_OCSP_USE_NONCE) != SSL_SUCCESS) - err_sys("UseCertificateStatusRequest failed"); + err_sys("UseCertificateStatusRequest failed"); + + break; + } wolfSSL_CTX_EnableOCSP(ctx, 0); } #endif #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 if (statusRequest) { - if (wolfSSL_UseCertificateStatusRequestV2(ssl, WOLFSSL_CSR2_OCSP, - WOLFSSL_CSR2_OCSP_USE_NONCE) != SSL_SUCCESS) - err_sys("UseCertificateStatusRequest failed"); + switch (statusRequest) { + case WOLFSSL_CSR2_OCSP: + if (wolfSSL_UseCertificateStatusRequestV2(ssl, + WOLFSSL_CSR2_OCSP, WOLFSSL_CSR2_OCSP_USE_NONCE) + != SSL_SUCCESS) + err_sys("UseCertificateStatusRequest failed"); + break; + case WOLFSSL_CSR2_OCSP_MULTI: + if (wolfSSL_UseCertificateStatusRequestV2(ssl, + WOLFSSL_CSR2_OCSP_MULTI, 0) + != SSL_SUCCESS) + err_sys("UseCertificateStatusRequest failed"); + break; + + } wolfSSL_CTX_EnableOCSP(ctx, 0); } diff --git a/examples/server/server.c b/examples/server/server.c index 000d35a1c..b413b81b0 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -729,7 +729,9 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) if (wolfSSL_CTX_EnableOCSPStapling(ctx) != SSL_SUCCESS) err_sys("can't enable OCSP Stapling Certificate Manager"); - if (SSL_CTX_load_verify_locations(ctx, caCert, 0) != SSL_SUCCESS) + if (SSL_CTX_load_verify_locations(ctx, "certs/ocsp/intermediate1-ca-cert.pem", 0) != SSL_SUCCESS) + err_sys("can't load ca file, Please run from wolfSSL home dir"); + if (SSL_CTX_load_verify_locations(ctx, "certs/ocsp/intermediate2-ca-cert.pem", 0) != SSL_SUCCESS) err_sys("can't load ca file, Please run from wolfSSL home dir"); #endif #ifdef HAVE_PK_CALLBACKS @@ -967,5 +969,3 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) return 0; } #endif - - diff --git a/scripts/include.am b/scripts/include.am index 4b2c7982a..b4c66554c 100644 --- a/scripts/include.am +++ b/scripts/include.am @@ -9,8 +9,9 @@ dist_noinst_SCRIPTS+= scripts/sniffer-testsuite.test endif if BUILD_EXAMPLES + dist_noinst_SCRIPTS+= scripts/resume.test -EXTRA_DIST+= scripts/benchmark.test +EXTRA_DIST+= scripts/benchmark.test if BUILD_CRL # make revoked test rely on completion of resume test @@ -23,6 +24,21 @@ dist_noinst_SCRIPTS+= scripts/external.test dist_noinst_SCRIPTS+= scripts/google.test #dist_noinst_SCRIPTS+= scripts/openssl.test endif + +if BUILD_OCSP +dist_noinst_SCRIPTS+= scripts/ocsp.test +endif + +if BUILD_OCSP_STAPLING +dist_noinst_SCRIPTS+= scripts/ocsp-stapling.test +scripts/ocsp-stapling.log: scripts/ocsp.log +endif + +if BUILD_OCSP_STAPLING_V2 +dist_noinst_SCRIPTS+= scripts/ocsp-stapling2.test +scripts/ocsp-stapling2.log: scripts/ocsp.log +endif + endif diff --git a/scripts/ocsp-stapling.test b/scripts/ocsp-stapling.test new file mode 100755 index 000000000..7b4ac9cda --- /dev/null +++ b/scripts/ocsp-stapling.test @@ -0,0 +1,39 @@ +#!/bin/sh + +# ocsp-stapling.test + +trap 'for i in `jobs -p`; do pkill -TERM -P $i; kill $i; done' EXIT + +server=login.live.com +ca=certs/external/ca-verisign-g5.pem + +[ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1 + +# is our desired server there? - login.live.com doesn't answers PING +# ping -c 2 $server +# RESULT=$? +# [ $RESULT -ne 0 ] && echo -e "\n\nCouldn't find $server, skipping" && exit 0 + +# client test against the server +./examples/client/client -X -C -h $server -p 443 -A $ca -g -W 1 +RESULT=$? +[ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1 + +# setup ocsp responder +./certs/ocsp/ocspd1.sh & + +# client test against our own server - GOOD CERT +./examples/server/server -c certs/ocsp/server1-cert.pem -k certs/ocsp/server1-key.pem & +sleep 1 +./examples/client/client -A certs/ocsp/intermediate1-ca-cert.pem -W 1 +RESULT=$? +[ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1 + +# client test against our own server - REVOKED CERT +./examples/server/server -c certs/ocsp/server2-cert.pem -k certs/ocsp/server2-key.pem & +sleep 1 +./examples/client/client -A certs/ocsp/intermediate1-ca-cert.pem -W 1 +RESULT=$? +[ $RESULT -ne 1 ] && echo -e "\n\nClient connection failed $RESULT" && exit 1 + +exit 0 diff --git a/scripts/ocsp-stapling2.test b/scripts/ocsp-stapling2.test new file mode 100755 index 000000000..eb300a625 --- /dev/null +++ b/scripts/ocsp-stapling2.test @@ -0,0 +1,35 @@ +#!/bin/sh + +# ocsp-stapling.test + +trap 'for i in `jobs -p`; do pkill -TERM -P $i; kill $i; done' EXIT + +[ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1 + +# setup ocsp responders +./certs/ocsp/ocspd0.sh & +./certs/ocsp/ocspd1.sh & +./certs/ocsp/ocspd2.sh & + +# client test against our own server - GOOD CERTS +./examples/server/server -c certs/ocsp/server1-cert.pem -k certs/ocsp/server1-key.pem & +sleep 1 +./examples/client/client -A certs/ocsp/intermediate1-ca-cert.pem -W 2 +RESULT=$? +[ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1 + +# client test against our own server - REVOKED SERVER CERT +./examples/server/server -c certs/ocsp/server2-cert.pem -k certs/ocsp/server2-key.pem & +sleep 1 +./examples/client/client -A certs/ocsp/intermediate1-ca-cert.pem -W 2 +RESULT=$? +[ $RESULT -ne 1 ] && echo -e "\n\nClient connection failed $RESULT" && exit 1 + +# client test against our own server - REVOKED INTERMEDIATE CERT +./examples/server/server -c certs/ocsp/server3-cert.pem -k certs/ocsp/server3-key.pem & +sleep 1 +./examples/client/client -A certs/ocsp/intermediate2-ca-cert.pem -W 2 +RESULT=$? +[ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed $RESULT" && exit 1 + +exit 0 diff --git a/scripts/ocsp.test b/scripts/ocsp.test new file mode 100755 index 000000000..66d4488ad --- /dev/null +++ b/scripts/ocsp.test @@ -0,0 +1,20 @@ +#!/bin/sh + +# ocsp-stapling.test + +server=www.globalsign.com +ca=certs/external/ca-globalsign-root-r2.pem + +[ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1 + +# is our desired server there? +ping -c 2 $server +RESULT=$? +[ $RESULT -ne 0 ] && echo -e "\n\nCouldn't find $server, skipping" && exit 0 + +# client test against the server +./examples/client/client -X -C -h $server -p 443 -A $ca -g -o +RESULT=$? +[ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1 + +exit 0 diff --git a/src/internal.c b/src/internal.c index 6b2d44459..6d10a972b 100644 --- a/src/internal.c +++ b/src/internal.c @@ -4491,7 +4491,6 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx, if (fatal == 0) { int doLookup = 1; - /* TODO CSR2 */ if (ssl->options.side == WOLFSSL_CLIENT_END) { #ifdef HAVE_CERTIFICATE_STATUS_REQUEST if (ssl->status_request) { From 0ca6a5601eaeb5cf0911648c54badc55cfe20bbb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Mon, 14 Dec 2015 20:22:48 -0300 Subject: [PATCH 18/22] fixes OCSP_MULTI check; adds root-ca-cert to index0.txt; adds keyUsage to CA certs; sets fixed serial to root-ca-cert; --- certs/ocsp/index0.txt | 1 + certs/ocsp/intermediate1-ca-cert.pem | 156 ++++++++++---------- certs/ocsp/intermediate2-ca-cert.pem | 156 ++++++++++---------- certs/ocsp/ocsp-responder-cert.pem | 152 ++++++++++---------- certs/ocsp/openssl.cnf | 1 + certs/ocsp/renewcerts.sh | 5 +- certs/ocsp/root-ca-cert.pem | 94 +++++++------ certs/ocsp/server1-cert.pem | 203 ++++++++++++++++++++------- certs/ocsp/server2-cert.pem | 203 ++++++++++++++++++++------- certs/ocsp/server3-cert.pem | 203 ++++++++++++++++++++------- examples/server/server.c | 2 +- scripts/ocsp-stapling2.test | 20 ++- src/internal.c | 6 +- src/tls.c | 10 +- wolfssl/internal.h | 2 +- 15 files changed, 766 insertions(+), 448 deletions(-) diff --git a/certs/ocsp/index0.txt b/certs/ocsp/index0.txt index 3b7524369..ba666d9db 100644 --- a/certs/ocsp/index0.txt +++ b/certs/ocsp/index0.txt @@ -1,2 +1,3 @@ +V 161213070133Z 63 unknown /C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com V 161213070133Z 01 unknown /C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL intermediate CA/emailAddress=info@wolfssl.com R 161213070133Z 151201070133Z 02 unknown /C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL REVOKED intermediate CA/emailAddress=info@wolfssl.com diff --git a/certs/ocsp/intermediate1-ca-cert.pem b/certs/ocsp/intermediate1-ca-cert.pem index a4a1cb222..d3a498adf 100644 --- a/certs/ocsp/intermediate1-ca-cert.pem +++ b/certs/ocsp/intermediate1-ca-cert.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 7 22:42:29 2015 GMT - Not After : Sep 2 22:42:29 2018 GMT + Not Before: Dec 14 22:25:23 2015 GMT + Not After : Sep 9 22:25:23 2018 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL intermediate CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -39,33 +39,35 @@ Certificate: X509v3 Authority Key Identifier: keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com - serial:EF:57:D8:F5:69:38:95:25 + serial:63 + X509v3 Key Usage: + Certificate Sign, CRL Sign Authority Information Access: OCSP - URI:http://localhost:22220 Signature Algorithm: sha256WithRSAEncryption - 3d:92:fc:b0:73:95:d8:5a:18:e3:27:fc:55:05:14:54:2e:af: - 37:1e:37:11:25:e8:c9:7a:b0:9b:68:fb:a0:69:91:fd:bb:dd: - 00:55:fb:30:b3:4a:59:a6:58:bb:e4:03:3e:f2:98:a2:07:71: - c7:de:3a:a0:0b:eb:43:44:77:2b:fc:5d:96:a7:89:c8:1a:6a: - 6e:b6:34:00:bb:e0:8a:5b:2b:ad:3a:f4:ab:b9:d4:54:f9:85: - 9a:f7:3b:23:00:dc:17:8f:55:1f:b9:e1:17:10:61:91:50:77: - b6:57:be:75:61:6e:cc:9c:27:76:32:c2:de:b4:ee:11:ff:10: - f7:99:49:38:8e:af:af:fa:73:1e:34:20:6c:3e:9f:cb:56:70: - 20:47:21:d3:2c:db:9b:ad:3b:32:96:72:be:d3:1b:d2:33:21: - 9b:4b:86:3a:64:45:37:8b:60:80:3b:3e:08:7a:06:f2:aa:20: - 7b:63:2c:df:03:c0:2a:74:07:61:db:f3:ec:8a:17:a4:36:a1: - 6c:b6:c0:64:f7:8a:5b:d0:43:64:bb:3e:ed:5d:e8:06:9c:b0: - ef:c2:f3:d1:ff:e2:05:5e:1f:e1:bd:ef:2a:32:a3:44:9f:44: - 99:c0:a3:27:8b:af:24:c4:5f:2b:d5:05:a2:18:70:32:a4:d2: - 75:16:1b:b1 + 1b:83:ce:ad:1e:50:0f:3c:f0:26:17:23:c1:d5:98:88:c8:bc: + 30:5b:bb:01:bd:9b:cc:b3:45:0b:a3:7b:30:0a:54:3f:c7:36: + 16:4b:8b:cb:dd:d1:b3:7b:00:40:48:24:cb:46:3b:e7:e0:5c: + 7b:ec:ca:f8:e0:e5:34:5d:ae:e7:ac:87:15:cd:6c:7e:13:52: + 28:84:55:2b:2a:14:d9:fa:34:ce:fb:15:6c:10:47:c9:e6:ed: + 35:5b:4c:97:9c:dd:51:46:ac:2c:60:b7:2e:9d:2f:cb:0d:83: + 86:f0:a6:1b:6d:26:cb:7f:c4:97:51:6c:a1:a3:8d:6e:be:41: + 4a:ec:b0:cf:b4:ae:ad:e4:65:57:12:5d:bf:a0:78:ce:bf:4b: + 35:fe:bb:94:7a:f1:43:7d:0f:01:45:eb:d1:53:8b:19:db:bf: + 3e:4a:26:77:a1:b5:06:2a:64:ec:53:ca:ec:93:23:a2:4e:6a: + 82:8f:11:f4:cd:5f:6c:6e:22:cd:e1:1c:76:ce:49:f7:ca:43: + 65:aa:f5:9e:e7:ad:eb:99:4f:ff:db:fe:b8:91:ef:2c:ea:92: + 5f:bf:08:78:c1:90:22:37:f3:7e:c3:5b:fc:31:f0:5b:83:65: + 00:d6:5a:55:3a:a2:a8:3f:02:e5:ae:7a:37:7b:3c:39:e7:91: + 4a:2e:53:04 -----BEGIN CERTIFICATE----- -MIIE6TCCA9GgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx +MIIE7jCCA9agAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx -MjA3MjI0MjI5WhcNMTgwOTAyMjI0MjI5WjCBnzELMAkGA1UEBhMCVVMxEzARBgNV +MjE0MjIyNTIzWhcNMTgwOTA5MjIyNTIzWjCBnzELMAkGA1UEBhMCVVMxEzARBgNV BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSAwHgYDVQQDDBd3b2xmU1NMIGludGVy bWVkaWF0ZSBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIw @@ -75,29 +77,29 @@ kYJL/L6Q1lBTY5osIuE1Edx4ApeK5EaSnFMIdt4fU7a4ync+eW680OMNMFtM9pQN MClknwTl2/uJYGe7ryaDUXckLysLoZSBEJjo6yaoHnzkxGxnBpVVSt1S9PJgbQEr GZE1baQIRwZxJADZ3sZW84tTLOKalqXzYuXE4yPy0vwh6g9ido3VmUjO3FjEu3/a lCyAdIPF4LAVfkH9DvL08Hh2e60mDapIlhcvIeOVKyY3+aqAL/7e9l68l38CAwEA -AaOCATQwggEwMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFIPGOoksgfQC151M4irA -cYJkRNoOMIHMBgNVHSMEgcQwgcGAFHOwHKQvgsvPR6U417AEgjp+chUhoYGdpIGa +AaOCATkwggE1MAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFIPGOoksgfQC151M4irA +cYJkRNoOMIHEBgNVHSMEgbwwgbmAFHOwHKQvgsvPR6U417AEgjp+chUhoYGdpIGa MIGXMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwH U2VhdHRsZTEQMA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcx GDAWBgNVBAMMD3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3 -b2xmc3NsLmNvbYIJAO9X2PVpOJUlMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw -AYYWaHR0cDovL2xvY2FsaG9zdDoyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAPZL8 -sHOV2FoY4yf8VQUUVC6vNx43ESXoyXqwm2j7oGmR/bvdAFX7MLNKWaZYu+QDPvKY -ogdxx946oAvrQ0R3K/xdlqeJyBpqbrY0ALvgilsrrTr0q7nUVPmFmvc7IwDcF49V -H7nhFxBhkVB3tle+dWFuzJwndjLC3rTuEf8Q95lJOI6vr/pzHjQgbD6fy1ZwIEch -0yzbm607MpZyvtMb0jMhm0uGOmRFN4tggDs+CHoG8qoge2Ms3wPAKnQHYdvz7IoX -pDahbLbAZPeKW9BDZLs+7V3oBpyw78Lz0f/iBV4f4b3vKjKjRJ9EmcCjJ4uvJMRf -K9UFohhwMqTSdRYbsQ== +b2xmc3NsLmNvbYIBYzALBgNVHQ8EBAMCAQYwMgYIKwYBBQUHAQEEJjAkMCIGCCsG +AQUFBzABhhZodHRwOi8vbG9jYWxob3N0OjIyMjIwMA0GCSqGSIb3DQEBCwUAA4IB +AQAbg86tHlAPPPAmFyPB1ZiIyLwwW7sBvZvMs0ULo3swClQ/xzYWS4vL3dGzewBA +SCTLRjvn4Fx77Mr44OU0Xa7nrIcVzWx+E1IohFUrKhTZ+jTO+xVsEEfJ5u01W0yX +nN1RRqwsYLcunS/LDYOG8KYbbSbLf8SXUWyho41uvkFK7LDPtK6t5GVXEl2/oHjO +v0s1/ruUevFDfQ8BRevRU4sZ278+SiZ3obUGKmTsU8rskyOiTmqCjxH0zV9sbiLN +4Rx2zkn3ykNlqvWe563rmU//2/64ke8s6pJfvwh4wZAiN/N+w1v8MfBbg2UA1lpV +OqKoPwLlrno3ezw555FKLlME -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) - Serial Number: 17246491846582506789 (0xef57d8f569389525) + Serial Number: 99 (0x63) Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 7 22:42:29 2015 GMT - Not After : Sep 2 22:42:29 2018 GMT + Not Before: Dec 14 22:25:23 2015 GMT + Not After : Sep 9 22:25:23 2018 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -130,53 +132,55 @@ Certificate: X509v3 Authority Key Identifier: keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com - serial:EF:57:D8:F5:69:38:95:25 + serial:63 + X509v3 Key Usage: + Certificate Sign, CRL Sign Authority Information Access: OCSP - URI:http://localhost:22220 Signature Algorithm: sha256WithRSAEncryption - 55:f6:de:bd:4f:ac:95:3a:cc:86:88:c3:4c:fc:0b:91:86:91: - c5:95:ca:5c:f8:c3:bb:d7:c1:bd:6e:c3:2f:94:18:c1:d8:e2: - b5:dd:8b:97:13:3f:5e:76:9c:13:89:14:d4:fc:a6:f7:01:a1: - c5:cf:0e:4d:00:ae:85:09:54:ce:cf:f8:d5:a7:40:60:ac:38: - 72:75:3b:cb:42:e0:4f:a2:60:34:74:ed:be:65:70:b1:4a:d9: - 99:af:17:0f:6f:f4:b7:f3:67:60:57:17:20:ac:88:65:53:0f: - 8c:bc:0b:51:79:a2:af:12:11:26:5e:55:06:1e:5c:8c:58:18: - 4a:4a:d8:e5:f9:fc:69:98:e6:e5:e6:94:5c:82:ee:bf:07:47: - 18:8c:b4:31:b3:d2:c3:02:dc:53:86:c1:1f:fa:31:3f:8f:d2: - 3c:8a:2b:4d:37:1f:0b:26:78:9b:3b:fd:eb:89:a4:d2:47:5e: - 99:82:d1:63:96:5f:46:a6:18:ab:8c:d8:d2:ec:dc:50:dc:67: - c1:63:d0:1e:57:04:10:a9:d5:1d:c0:73:e4:ce:b0:79:62:be: - 11:6e:30:53:3b:df:e7:5d:e4:06:b1:80:c8:1a:33:cc:31:84: - 42:0f:55:ac:d8:5a:e5:d0:0c:1f:c6:ca:1d:e4:8c:3e:31:81: - f9:fe:bc:01 + 99:fc:b4:e2:1b:08:32:4b:8e:b3:fa:b4:08:53:f6:55:36:01: + ec:25:89:80:64:60:31:3b:0c:a3:6f:be:73:f7:1a:12:d1:7e: + 3d:db:80:30:72:a8:26:63:35:80:81:b6:61:16:34:c0:fd:e6: + f3:dd:a5:4a:dc:7e:85:87:57:5d:48:8e:09:46:89:89:f8:66: + 56:b5:7d:57:8e:d2:b7:77:3a:b7:51:15:97:fa:e9:d7:72:a5: + e0:e6:51:9a:f3:d8:89:7d:2c:a5:bf:34:7b:d8:f4:2f:b5:4e: + 63:97:a7:5b:69:1a:e2:1c:d8:5f:ca:a8:61:79:dc:01:40:b7: + 43:09:a7:31:a2:dd:b2:c2:0d:98:06:41:c6:60:a7:25:21:cd: + 45:84:fb:34:c7:3b:74:ed:92:c9:d9:34:8e:dc:d5:43:9e:e4: + 60:ff:b1:d8:a0:5a:5d:7d:53:8e:62:e7:b3:8c:64:cf:42:0d: + c6:e5:13:20:20:be:4b:60:5f:6f:f3:15:5b:9c:82:62:03:9f: + 94:d4:b2:8b:86:af:ed:3b:8f:20:68:4d:14:78:23:37:d7:aa: + d9:5e:89:e5:80:7a:6b:a4:b8:63:6f:df:32:ad:cd:5e:5f:60: + f8:e4:fc:3a:ce:67:e7:7a:3b:68:36:98:15:4c:05:f0:53:e7: + d5:08:52:a3 -----BEGIN CERTIFICATE----- -MIIE6TCCA9GgAwIBAgIJAO9X2PVpOJUlMA0GCSqGSIb3DQEBCwUAMIGXMQswCQYD -VQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEQ -MA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMM -D3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv -bTAeFw0xNTEyMDcyMjQyMjlaFw0xODA5MDIyMjQyMjlaMIGXMQswCQYDVQQGEwJV -UzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEQMA4GA1UE -CgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMMD3dvbGZT -U0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKsstC8dBgnvTimGhH7Mv6Z5fPDA -wWQljHW3EAXKSCcMDjIcsP6ZhTm2uaL3J/9tPIwWcykhf4umVHGQrcwFuZ8Vxwo/ -X2n0Cl+McbUsv2biA5oy9NLsKolL+TWIFDNHTi4FeQHtZDZ2ufiFzQGIrMWysVm4 -zVr0CQk4m9paz854mR9JPUHWBnxSmciX0bOAOqJPNsTFljB3MTjIcMzhZwazKy+T -tWnPg36IU5sPRiFM1gU2RJlgaEflMgES1BBzrpo0lPpuuFhPe1uKkpet/Ze5dcrC -1EV9F2vNL/Njeg4wtQup2aZ8dGCdzAkDQ/EPkNO3/myf2c14SxWujFv5mYECAwEA -AaOCATQwggEwMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFHOwHKQvgsvPR6U417AE -gjp+chUhMIHMBgNVHSMEgcQwgcGAFHOwHKQvgsvPR6U417AEgjp+chUhoYGdpIGa -MIGXMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwH -U2VhdHRsZTEQMA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcx -GDAWBgNVBAMMD3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3 -b2xmc3NsLmNvbYIJAO9X2PVpOJUlMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw -AYYWaHR0cDovL2xvY2FsaG9zdDoyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAVfbe -vU+slTrMhojDTPwLkYaRxZXKXPjDu9fBvW7DL5QYwdjitd2LlxM/XnacE4kU1Pym -9wGhxc8OTQCuhQlUzs/41adAYKw4cnU7y0LgT6JgNHTtvmVwsUrZma8XD2/0t/Nn -YFcXIKyIZVMPjLwLUXmirxIRJl5VBh5cjFgYSkrY5fn8aZjm5eaUXILuvwdHGIy0 -MbPSwwLcU4bBH/oxP4/SPIorTTcfCyZ4mzv964mk0kdemYLRY5ZfRqYYq4zY0uzc -UNxnwWPQHlcEEKnVHcBz5M6weWK+EW4wUzvf513kBrGAyBozzDGEQg9VrNha5dAM -H8bKHeSMPjGB+f68AQ== +MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx +EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM +B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx +MjE0MjIyNTIzWhcNMTgwOTA5MjIyNTIzWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV +BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT +U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg +Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQCrLLQvHQYJ704phoR+zL+meXzwwMFkJYx1txAF +ykgnDA4yHLD+mYU5trmi9yf/bTyMFnMpIX+LplRxkK3MBbmfFccKP19p9ApfjHG1 +LL9m4gOaMvTS7CqJS/k1iBQzR04uBXkB7WQ2drn4hc0BiKzFsrFZuM1a9AkJOJva +Ws/OeJkfST1B1gZ8UpnIl9GzgDqiTzbExZYwdzE4yHDM4WcGsysvk7Vpz4N+iFOb +D0YhTNYFNkSZYGhH5TIBEtQQc66aNJT6brhYT3tbipKXrf2XuXXKwtRFfRdrzS/z +Y3oOMLULqdmmfHRgncwJA0PxD5DTt/5sn9nNeEsVroxb+ZmBAgMBAAGjggE5MIIB +NTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBRzsBykL4LLz0elONewBII6fnIVITCB +xAYDVR0jBIG8MIG5gBRzsBykL4LLz0elONewBII6fnIVIaGBnaSBmjCBlzELMAkG +A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx +EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD +DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j +b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW +aHR0cDovL2xvY2FsaG9zdDoyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAmfy04hsI +MkuOs/q0CFP2VTYB7CWJgGRgMTsMo2++c/caEtF+PduAMHKoJmM1gIG2YRY0wP3m +892lStx+hYdXXUiOCUaJifhmVrV9V47St3c6t1EVl/rp13Kl4OZRmvPYiX0spb80 +e9j0L7VOY5enW2ka4hzYX8qoYXncAUC3QwmnMaLdssINmAZBxmCnJSHNRYT7NMc7 +dO2Sydk0jtzVQ57kYP+x2KBaXX1TjmLns4xkz0INxuUTICC+S2Bfb/MVW5yCYgOf +lNSyi4av7TuPIGhNFHgjN9eq2V6J5YB6a6S4Y2/fMq3NXl9g+OT8Os5n53o7aDaY +FUwF8FPn1QhSow== -----END CERTIFICATE----- diff --git a/certs/ocsp/intermediate2-ca-cert.pem b/certs/ocsp/intermediate2-ca-cert.pem index 34f0c52b8..886f251e5 100644 --- a/certs/ocsp/intermediate2-ca-cert.pem +++ b/certs/ocsp/intermediate2-ca-cert.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 7 22:42:29 2015 GMT - Not After : Sep 2 22:42:29 2018 GMT + Not Before: Dec 14 22:25:23 2015 GMT + Not After : Sep 9 22:25:23 2018 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL REVOKED intermediate CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -39,33 +39,35 @@ Certificate: X509v3 Authority Key Identifier: keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com - serial:EF:57:D8:F5:69:38:95:25 + serial:63 + X509v3 Key Usage: + Certificate Sign, CRL Sign Authority Information Access: OCSP - URI:http://localhost:22220 Signature Algorithm: sha256WithRSAEncryption - 00:5e:fe:87:51:fc:e7:de:5c:e5:97:17:d2:af:6d:3b:65:29: - 27:3b:06:d7:55:5a:93:56:12:0f:8b:e7:57:69:dc:ae:ec:ec: - 2b:cd:cd:d0:15:c0:63:a3:5c:d9:6e:59:d2:88:b6:da:1c:ac: - b7:fe:46:2a:37:7b:5f:0b:30:80:7e:a5:46:8f:38:58:7e:df: - 8e:d0:f9:27:e6:e7:26:01:f8:04:5f:21:0d:7a:27:85:af:f8: - 41:15:aa:1d:73:3d:32:2a:a1:6b:f7:9e:36:3a:a3:26:dc:b8: - be:f2:61:ea:11:49:1c:43:68:5f:8c:a5:87:7b:71:a6:78:d0: - 1a:f1:f7:45:6c:59:eb:88:b5:ef:00:59:4f:71:48:00:73:11: - 2c:74:af:8d:1e:67:ee:cf:b3:9d:a4:64:ee:90:a7:f8:69:0a: - 8f:9b:74:89:68:c7:e4:1b:22:73:f1:23:94:c2:dd:4a:11:ee: - 9c:99:20:f7:e1:06:2a:ef:1b:1a:1c:10:f9:0b:0b:49:82:af: - 5f:38:75:0c:c3:a5:b8:9f:21:c5:61:eb:6d:6e:2d:d5:b5:89: - 19:28:ff:94:c1:55:eb:77:79:b5:57:e1:44:05:54:28:ca:66: - c5:4e:75:63:1b:b7:c4:57:fa:35:94:f7:82:3d:06:cc:f0:13: - bf:0e:23:70 + 85:95:3d:99:83:f5:4b:6f:b5:87:88:7a:2f:fe:02:c6:a5:2d: + 55:ff:e6:f3:72:c2:ed:2b:3f:cd:b5:59:5b:30:19:6e:5f:7b: + 2d:48:1e:d1:8e:65:04:86:0e:ef:01:50:ed:d7:ff:23:7e:2c: + 40:37:48:9d:aa:82:cb:82:c9:d7:f4:07:8b:73:6a:3a:fb:1b: + 2f:9d:e7:af:14:5f:2b:49:b2:87:3a:eb:c3:0f:f2:13:d7:49: + 6c:9a:d2:26:39:fa:f8:48:f4:9b:19:30:95:39:67:d8:63:37: + d6:b9:bf:fd:32:e1:fc:a9:2a:97:99:cb:cf:f6:fa:42:4b:ee: + 0e:87:92:16:dc:7e:70:dc:46:ee:8d:52:14:74:b5:6c:4b:9e: + e4:e7:b6:46:1c:82:2b:c5:4c:7d:84:f0:65:15:78:8c:2c:c7: + 7e:6d:db:8d:fc:64:4c:61:a0:b4:87:83:f6:04:59:71:43:8b: + 40:03:ad:e0:18:b9:94:0e:b9:05:22:6a:52:92:fe:48:04:cf: + a4:8c:ca:f6:f6:1c:29:c8:b0:83:a1:79:1a:9a:49:5a:73:c4: + 3d:16:4a:f7:c9:b5:dd:67:2b:bd:7c:11:ac:7f:74:8f:4b:dd: + ed:d3:ea:b8:6d:3a:3e:e7:ff:fc:d8:05:7b:47:49:c0:cc:6e: + 9a:71:23:96 -----BEGIN CERTIFICATE----- -MIIE8TCCA9mgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx +MIIE9jCCA96gAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx -MjA3MjI0MjI5WhcNMTgwOTAyMjI0MjI5WjCBpzELMAkGA1UEBhMCVVMxEzARBgNV +MjE0MjIyNTIzWhcNMTgwOTA5MjIyNTIzWjCBpzELMAkGA1UEBhMCVVMxEzARBgNV BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSgwJgYDVQQDDB93b2xmU1NMIFJFVk9L RUQgaW50ZXJtZWRpYXRlIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu @@ -75,29 +77,29 @@ SyjFU0YjK4L9WtP0IdsO4PJ2M0ezAL46sSOYU+vqoN4bzAVO7mOoLJMk1ph4dAPk yIlDYfEluM07h8ExJf26TPwplEWeaddnCoqO1VKTMKIO3WocsJR321JSt4khvpZ1 JMvpSd+BnZ34VX0BKut4AxLiIG7bYzXNoZbw+IwgNWmHAcq0VDagFeAjfbn7vpkF UPC/7H8S4T11FU7IwjDmi/7li1X4RF7l41bgZi1vQlpFa5aqx11BCF/O19yfIORG -eP/ZmQIDAQABo4IBNDCCATAwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUBdG6hgCi -7ioFJLcRrS1g8ZAUjxcwgcwGA1UdIwSBxDCBwYAUc7AcpC+Cy89HpTjXsASCOn5y +eP/ZmQIDAQABo4IBOTCCATUwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUBdG6hgCi +7ioFJLcRrS1g8ZAUjxcwgcQGA1UdIwSBvDCBuYAUc7AcpC+Cy89HpTjXsASCOn5y FSGhgZ2kgZowgZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAw DgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdp bmVlcmluZzEYMBYGA1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkB -FhBpbmZvQHdvbGZzc2wuY29tggkA71fY9Wk4lSUwMgYIKwYBBQUHAQEEJjAkMCIG -CCsGAQUFBzABhhZodHRwOi8vbG9jYWxob3N0OjIyMjIwMA0GCSqGSIb3DQEBCwUA -A4IBAQAAXv6HUfzn3lzllxfSr207ZSknOwbXVVqTVhIPi+dXadyu7Owrzc3QFcBj -o1zZblnSiLbaHKy3/kYqN3tfCzCAfqVGjzhYft+O0Pkn5ucmAfgEXyENeieFr/hB -Faodcz0yKqFr9542OqMm3Li+8mHqEUkcQ2hfjKWHe3GmeNAa8fdFbFnriLXvAFlP -cUgAcxEsdK+NHmfuz7OdpGTukKf4aQqPm3SJaMfkGyJz8SOUwt1KEe6cmSD34QYq -7xsaHBD5CwtJgq9fOHUMw6W4nyHFYettbi3VtYkZKP+UwVXrd3m1V+FEBVQoymbF -TnVjG7fEV/o1lPeCPQbM8BO/DiNw +FhBpbmZvQHdvbGZzc2wuY29tggFjMAsGA1UdDwQEAwIBBjAyBggrBgEFBQcBAQQm +MCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9sb2NhbGhvc3Q6MjIyMjAwDQYJKoZIhvcN +AQELBQADggEBAIWVPZmD9UtvtYeIei/+AsalLVX/5vNywu0rP821WVswGW5fey1I +HtGOZQSGDu8BUO3X/yN+LEA3SJ2qgsuCydf0B4tzajr7Gy+d568UXytJsoc668MP +8hPXSWya0iY5+vhI9JsZMJU5Z9hjN9a5v/0y4fypKpeZy8/2+kJL7g6HkhbcfnDc +Ru6NUhR0tWxLnuTntkYcgivFTH2E8GUVeIwsx35t2438ZExhoLSHg/YEWXFDi0AD +reAYuZQOuQUialKS/kgEz6SMyvb2HCnIsIOheRqaSVpzxD0WSvfJtd1nK718Eax/ +dI9L3e3T6rhtOj7n//zYBXtHScDMbppxI5Y= -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) - Serial Number: 17246491846582506789 (0xef57d8f569389525) + Serial Number: 99 (0x63) Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 7 22:42:29 2015 GMT - Not After : Sep 2 22:42:29 2018 GMT + Not Before: Dec 14 22:25:23 2015 GMT + Not After : Sep 9 22:25:23 2018 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -130,53 +132,55 @@ Certificate: X509v3 Authority Key Identifier: keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com - serial:EF:57:D8:F5:69:38:95:25 + serial:63 + X509v3 Key Usage: + Certificate Sign, CRL Sign Authority Information Access: OCSP - URI:http://localhost:22220 Signature Algorithm: sha256WithRSAEncryption - 55:f6:de:bd:4f:ac:95:3a:cc:86:88:c3:4c:fc:0b:91:86:91: - c5:95:ca:5c:f8:c3:bb:d7:c1:bd:6e:c3:2f:94:18:c1:d8:e2: - b5:dd:8b:97:13:3f:5e:76:9c:13:89:14:d4:fc:a6:f7:01:a1: - c5:cf:0e:4d:00:ae:85:09:54:ce:cf:f8:d5:a7:40:60:ac:38: - 72:75:3b:cb:42:e0:4f:a2:60:34:74:ed:be:65:70:b1:4a:d9: - 99:af:17:0f:6f:f4:b7:f3:67:60:57:17:20:ac:88:65:53:0f: - 8c:bc:0b:51:79:a2:af:12:11:26:5e:55:06:1e:5c:8c:58:18: - 4a:4a:d8:e5:f9:fc:69:98:e6:e5:e6:94:5c:82:ee:bf:07:47: - 18:8c:b4:31:b3:d2:c3:02:dc:53:86:c1:1f:fa:31:3f:8f:d2: - 3c:8a:2b:4d:37:1f:0b:26:78:9b:3b:fd:eb:89:a4:d2:47:5e: - 99:82:d1:63:96:5f:46:a6:18:ab:8c:d8:d2:ec:dc:50:dc:67: - c1:63:d0:1e:57:04:10:a9:d5:1d:c0:73:e4:ce:b0:79:62:be: - 11:6e:30:53:3b:df:e7:5d:e4:06:b1:80:c8:1a:33:cc:31:84: - 42:0f:55:ac:d8:5a:e5:d0:0c:1f:c6:ca:1d:e4:8c:3e:31:81: - f9:fe:bc:01 + 99:fc:b4:e2:1b:08:32:4b:8e:b3:fa:b4:08:53:f6:55:36:01: + ec:25:89:80:64:60:31:3b:0c:a3:6f:be:73:f7:1a:12:d1:7e: + 3d:db:80:30:72:a8:26:63:35:80:81:b6:61:16:34:c0:fd:e6: + f3:dd:a5:4a:dc:7e:85:87:57:5d:48:8e:09:46:89:89:f8:66: + 56:b5:7d:57:8e:d2:b7:77:3a:b7:51:15:97:fa:e9:d7:72:a5: + e0:e6:51:9a:f3:d8:89:7d:2c:a5:bf:34:7b:d8:f4:2f:b5:4e: + 63:97:a7:5b:69:1a:e2:1c:d8:5f:ca:a8:61:79:dc:01:40:b7: + 43:09:a7:31:a2:dd:b2:c2:0d:98:06:41:c6:60:a7:25:21:cd: + 45:84:fb:34:c7:3b:74:ed:92:c9:d9:34:8e:dc:d5:43:9e:e4: + 60:ff:b1:d8:a0:5a:5d:7d:53:8e:62:e7:b3:8c:64:cf:42:0d: + c6:e5:13:20:20:be:4b:60:5f:6f:f3:15:5b:9c:82:62:03:9f: + 94:d4:b2:8b:86:af:ed:3b:8f:20:68:4d:14:78:23:37:d7:aa: + d9:5e:89:e5:80:7a:6b:a4:b8:63:6f:df:32:ad:cd:5e:5f:60: + f8:e4:fc:3a:ce:67:e7:7a:3b:68:36:98:15:4c:05:f0:53:e7: + d5:08:52:a3 -----BEGIN CERTIFICATE----- -MIIE6TCCA9GgAwIBAgIJAO9X2PVpOJUlMA0GCSqGSIb3DQEBCwUAMIGXMQswCQYD -VQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEQ -MA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMM -D3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv -bTAeFw0xNTEyMDcyMjQyMjlaFw0xODA5MDIyMjQyMjlaMIGXMQswCQYDVQQGEwJV -UzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEQMA4GA1UE -CgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMMD3dvbGZT -U0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKsstC8dBgnvTimGhH7Mv6Z5fPDA -wWQljHW3EAXKSCcMDjIcsP6ZhTm2uaL3J/9tPIwWcykhf4umVHGQrcwFuZ8Vxwo/ -X2n0Cl+McbUsv2biA5oy9NLsKolL+TWIFDNHTi4FeQHtZDZ2ufiFzQGIrMWysVm4 -zVr0CQk4m9paz854mR9JPUHWBnxSmciX0bOAOqJPNsTFljB3MTjIcMzhZwazKy+T -tWnPg36IU5sPRiFM1gU2RJlgaEflMgES1BBzrpo0lPpuuFhPe1uKkpet/Ze5dcrC -1EV9F2vNL/Njeg4wtQup2aZ8dGCdzAkDQ/EPkNO3/myf2c14SxWujFv5mYECAwEA -AaOCATQwggEwMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFHOwHKQvgsvPR6U417AE -gjp+chUhMIHMBgNVHSMEgcQwgcGAFHOwHKQvgsvPR6U417AEgjp+chUhoYGdpIGa -MIGXMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwH -U2VhdHRsZTEQMA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcx -GDAWBgNVBAMMD3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3 -b2xmc3NsLmNvbYIJAO9X2PVpOJUlMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw -AYYWaHR0cDovL2xvY2FsaG9zdDoyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAVfbe -vU+slTrMhojDTPwLkYaRxZXKXPjDu9fBvW7DL5QYwdjitd2LlxM/XnacE4kU1Pym -9wGhxc8OTQCuhQlUzs/41adAYKw4cnU7y0LgT6JgNHTtvmVwsUrZma8XD2/0t/Nn -YFcXIKyIZVMPjLwLUXmirxIRJl5VBh5cjFgYSkrY5fn8aZjm5eaUXILuvwdHGIy0 -MbPSwwLcU4bBH/oxP4/SPIorTTcfCyZ4mzv964mk0kdemYLRY5ZfRqYYq4zY0uzc -UNxnwWPQHlcEEKnVHcBz5M6weWK+EW4wUzvf513kBrGAyBozzDGEQg9VrNha5dAM -H8bKHeSMPjGB+f68AQ== +MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx +EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM +B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx +MjE0MjIyNTIzWhcNMTgwOTA5MjIyNTIzWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV +BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT +U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg +Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQCrLLQvHQYJ704phoR+zL+meXzwwMFkJYx1txAF +ykgnDA4yHLD+mYU5trmi9yf/bTyMFnMpIX+LplRxkK3MBbmfFccKP19p9ApfjHG1 +LL9m4gOaMvTS7CqJS/k1iBQzR04uBXkB7WQ2drn4hc0BiKzFsrFZuM1a9AkJOJva +Ws/OeJkfST1B1gZ8UpnIl9GzgDqiTzbExZYwdzE4yHDM4WcGsysvk7Vpz4N+iFOb +D0YhTNYFNkSZYGhH5TIBEtQQc66aNJT6brhYT3tbipKXrf2XuXXKwtRFfRdrzS/z +Y3oOMLULqdmmfHRgncwJA0PxD5DTt/5sn9nNeEsVroxb+ZmBAgMBAAGjggE5MIIB +NTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBRzsBykL4LLz0elONewBII6fnIVITCB +xAYDVR0jBIG8MIG5gBRzsBykL4LLz0elONewBII6fnIVIaGBnaSBmjCBlzELMAkG +A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx +EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD +DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j +b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW +aHR0cDovL2xvY2FsaG9zdDoyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAmfy04hsI +MkuOs/q0CFP2VTYB7CWJgGRgMTsMo2++c/caEtF+PduAMHKoJmM1gIG2YRY0wP3m +892lStx+hYdXXUiOCUaJifhmVrV9V47St3c6t1EVl/rp13Kl4OZRmvPYiX0spb80 +e9j0L7VOY5enW2ka4hzYX8qoYXncAUC3QwmnMaLdssINmAZBxmCnJSHNRYT7NMc7 +dO2Sydk0jtzVQ57kYP+x2KBaXX1TjmLns4xkz0INxuUTICC+S2Bfb/MVW5yCYgOf +lNSyi4av7TuPIGhNFHgjN9eq2V6J5YB6a6S4Y2/fMq3NXl9g+OT8Os5n53o7aDaY +FUwF8FPn1QhSow== -----END CERTIFICATE----- diff --git a/certs/ocsp/ocsp-responder-cert.pem b/certs/ocsp/ocsp-responder-cert.pem index 55a81ac9d..616752f2e 100644 --- a/certs/ocsp/ocsp-responder-cert.pem +++ b/certs/ocsp/ocsp-responder-cert.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 7 22:42:29 2015 GMT - Not After : Sep 2 22:42:29 2018 GMT + Not Before: Dec 14 22:25:23 2015 GMT + Not After : Sep 9 22:25:23 2018 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL OCSP Responder/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -39,32 +39,32 @@ Certificate: X509v3 Authority Key Identifier: keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com - serial:EF:57:D8:F5:69:38:95:25 + serial:63 X509v3 Extended Key Usage: OCSP Signing Signature Algorithm: sha256WithRSAEncryption - 1a:b0:0c:d3:5d:8d:fe:f0:4f:76:8d:cb:47:51:c3:64:0b:8e: - 94:9b:82:eb:2e:53:13:1d:28:31:55:c7:2a:7c:be:4e:32:9f: - 52:fd:2a:9c:a0:e2:9f:7b:23:9d:bf:93:e2:37:ac:40:47:f2: - 2d:ac:e6:8d:23:a2:18:c5:3f:c0:8d:60:4b:c5:2f:55:ae:f3: - 63:ea:e4:2f:20:56:fa:13:7c:d1:af:4f:ef:cb:ad:81:d1:26: - 0d:86:4b:0d:bb:67:8d:b6:a0:51:ac:a5:e5:f1:75:30:77:cc: - a6:57:d6:11:3c:76:7f:a7:b2:85:5e:c2:52:ec:8e:d8:7a:25: - b6:a9:ef:6e:6d:d8:a8:2d:e2:91:6d:fe:2d:11:df:8e:cc:c6: - 96:45:d9:f7:82:8a:58:ec:f7:7a:74:62:17:16:db:e9:8e:dc: - 40:ed:3d:de:1a:2b:af:e7:8e:39:be:91:50:f8:2c:70:bd:1b: - 64:01:db:bb:7a:1c:64:77:fb:ed:55:4c:3f:de:5c:cf:22:01: - 1f:7e:34:84:93:a2:37:06:7e:b2:6c:d1:58:ee:d8:1d:fb:8b: - b2:32:5b:6d:ef:9d:5a:b5:31:9b:f0:74:0b:c6:41:9a:fa:4a: - a5:a2:91:39:a3:a8:d0:69:a6:93:1a:7f:55:e9:04:58:b0:16: - 58:0c:27:92 + 73:47:ce:37:60:b0:51:a2:91:81:1c:1f:b6:b8:ca:4f:c8:95: + 68:cc:d3:4f:62:df:ff:c0:29:55:16:b2:df:2c:bf:73:b3:7c: + 95:a1:94:cc:a2:9f:30:60:92:fb:ec:31:21:14:09:60:ab:67: + f5:66:e4:bd:fd:18:a9:0b:d7:5e:61:39:37:cb:da:51:84:aa: + 06:38:68:27:eb:16:d7:60:91:23:5e:87:40:7f:e3:ce:40:f1: + 1f:99:50:2b:ba:69:b5:4b:ca:15:d7:9a:0d:9d:8f:ae:83:82: + fb:fc:0a:37:a8:2b:fb:0f:8d:c0:f4:59:3e:7b:81:78:a0:b2: + a2:64:55:41:bc:19:02:8b:de:db:8b:6c:43:fd:f5:23:e2:25: + 63:33:71:53:e7:eb:05:75:3a:56:4b:53:e1:5f:d1:82:c7:fd: + 80:64:27:93:a6:81:38:51:09:25:fc:de:9f:84:f1:b2:07:44: + 5a:f9:b1:70:d6:1b:1e:4f:7c:c9:ca:bd:d7:df:28:86:ce:8d: + 96:f5:54:94:0a:bb:97:5a:04:a4:05:9d:8d:b8:06:0e:ba:fb: + 5a:e1:3f:f2:90:59:1b:dd:e2:23:22:e2:7f:6a:f7:b7:d7:54: + 2b:ca:20:78:2a:6e:65:de:05:50:7d:40:4d:4b:3c:42:38:f5: + 98:e0:23:c9 -----BEGIN CERTIFICATE----- -MIIExjCCA66gAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx +MIIEvjCCA6agAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx -MjA3MjI0MjI5WhcNMTgwOTAyMjI0MjI5WjCBnjELMAkGA1UEBhMCVVMxEzARBgNV +MjE0MjIyNTIzWhcNMTgwOTA5MjIyNTIzWjCBnjELMAkGA1UEBhMCVVMxEzARBgNV BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMR8wHQYDVQQDDBZ3b2xmU1NMIE9DU1Ag UmVzcG9uZGVyMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjAN @@ -74,28 +74,28 @@ Wj9BdGd1lamU1cPuQviN65KV4dllt0PEGN4WgJDOJDUhxFWsWlHgLi2zClpPSnMx UO5KFr05i60FSIexmeIQpwZyZ8pc0Ze9yPF2+OBK7LyT9GZMKHHR2GYDtJAwuxew /pf1HujHXZuLERkSPKuCcXj/rj8ysghxshuMJ6wRuNhDSc+wcLHwjK7aJIcXO9gE ZWwAdlDvFQjXtHNoJhSHlcNfbmG4h4T6gBoKi5jz4/9ORBxldHxxVGXlOQIDAQAB -o4IBEjCCAQ4wCQYDVR0TBAIwADAdBgNVHQ4EFgQUMmfhsXnSgfyfIwxwQFC1Rla4 -MDYwgcwGA1UdIwSBxDCBwYAUc7AcpC+Cy89HpTjXsASCOn5yFSGhgZ2kgZowgZcx +o4IBCjCCAQYwCQYDVR0TBAIwADAdBgNVHQ4EFgQUMmfhsXnSgfyfIwxwQFC1Rla4 +MDYwgcQGA1UdIwSBvDCBuYAUc7AcpC+Cy89HpTjXsASCOn5yFSGhgZ2kgZowgZcx CzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0 dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEYMBYG A1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZz -c2wuY29tggkA71fY9Wk4lSUwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDQYJKoZIhvcN -AQELBQADggEBABqwDNNdjf7wT3aNy0dRw2QLjpSbgusuUxMdKDFVxyp8vk4yn1L9 -Kpyg4p97I52/k+I3rEBH8i2s5o0johjFP8CNYEvFL1Wu82Pq5C8gVvoTfNGvT+/L -rYHRJg2GSw27Z422oFGspeXxdTB3zKZX1hE8dn+nsoVewlLsjth6Jbap725t2Kgt -4pFt/i0R347MxpZF2feCiljs93p0YhcW2+mO3EDtPd4aK6/njjm+kVD4LHC9G2QB -27t6HGR3++1VTD/eXM8iAR9+NISTojcGfrJs0Vju2B37i7IyW23vnVq1MZvwdAvG -QZr6SqWikTmjqNBpppMaf1XpBFiwFlgMJ5I= +c2wuY29tggFjMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA0GCSqGSIb3DQEBCwUAA4IB +AQBzR843YLBRopGBHB+2uMpPyJVozNNPYt//wClVFrLfLL9zs3yVoZTMop8wYJL7 +7DEhFAlgq2f1ZuS9/RipC9deYTk3y9pRhKoGOGgn6xbXYJEjXodAf+POQPEfmVAr +umm1S8oV15oNnY+ug4L7/Ao3qCv7D43A9Fk+e4F4oLKiZFVBvBkCi97bi2xD/fUj +4iVjM3FT5+sFdTpWS1PhX9GCx/2AZCeTpoE4UQkl/N6fhPGyB0Ra+bFw1hseT3zJ +yr3X3yiGzo2W9VSUCruXWgSkBZ2NuAYOuvta4T/ykFkb3eIjIuJ/ave311QryiB4 +Km5l3gVQfUBNSzxCOPWY4CPJ -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) - Serial Number: 17246491846582506789 (0xef57d8f569389525) + Serial Number: 99 (0x63) Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 7 22:42:29 2015 GMT - Not After : Sep 2 22:42:29 2018 GMT + Not Before: Dec 14 22:25:23 2015 GMT + Not After : Sep 9 22:25:23 2018 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -128,53 +128,55 @@ Certificate: X509v3 Authority Key Identifier: keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com - serial:EF:57:D8:F5:69:38:95:25 + serial:63 + X509v3 Key Usage: + Certificate Sign, CRL Sign Authority Information Access: OCSP - URI:http://localhost:22220 Signature Algorithm: sha256WithRSAEncryption - 55:f6:de:bd:4f:ac:95:3a:cc:86:88:c3:4c:fc:0b:91:86:91: - c5:95:ca:5c:f8:c3:bb:d7:c1:bd:6e:c3:2f:94:18:c1:d8:e2: - b5:dd:8b:97:13:3f:5e:76:9c:13:89:14:d4:fc:a6:f7:01:a1: - c5:cf:0e:4d:00:ae:85:09:54:ce:cf:f8:d5:a7:40:60:ac:38: - 72:75:3b:cb:42:e0:4f:a2:60:34:74:ed:be:65:70:b1:4a:d9: - 99:af:17:0f:6f:f4:b7:f3:67:60:57:17:20:ac:88:65:53:0f: - 8c:bc:0b:51:79:a2:af:12:11:26:5e:55:06:1e:5c:8c:58:18: - 4a:4a:d8:e5:f9:fc:69:98:e6:e5:e6:94:5c:82:ee:bf:07:47: - 18:8c:b4:31:b3:d2:c3:02:dc:53:86:c1:1f:fa:31:3f:8f:d2: - 3c:8a:2b:4d:37:1f:0b:26:78:9b:3b:fd:eb:89:a4:d2:47:5e: - 99:82:d1:63:96:5f:46:a6:18:ab:8c:d8:d2:ec:dc:50:dc:67: - c1:63:d0:1e:57:04:10:a9:d5:1d:c0:73:e4:ce:b0:79:62:be: - 11:6e:30:53:3b:df:e7:5d:e4:06:b1:80:c8:1a:33:cc:31:84: - 42:0f:55:ac:d8:5a:e5:d0:0c:1f:c6:ca:1d:e4:8c:3e:31:81: - f9:fe:bc:01 + 99:fc:b4:e2:1b:08:32:4b:8e:b3:fa:b4:08:53:f6:55:36:01: + ec:25:89:80:64:60:31:3b:0c:a3:6f:be:73:f7:1a:12:d1:7e: + 3d:db:80:30:72:a8:26:63:35:80:81:b6:61:16:34:c0:fd:e6: + f3:dd:a5:4a:dc:7e:85:87:57:5d:48:8e:09:46:89:89:f8:66: + 56:b5:7d:57:8e:d2:b7:77:3a:b7:51:15:97:fa:e9:d7:72:a5: + e0:e6:51:9a:f3:d8:89:7d:2c:a5:bf:34:7b:d8:f4:2f:b5:4e: + 63:97:a7:5b:69:1a:e2:1c:d8:5f:ca:a8:61:79:dc:01:40:b7: + 43:09:a7:31:a2:dd:b2:c2:0d:98:06:41:c6:60:a7:25:21:cd: + 45:84:fb:34:c7:3b:74:ed:92:c9:d9:34:8e:dc:d5:43:9e:e4: + 60:ff:b1:d8:a0:5a:5d:7d:53:8e:62:e7:b3:8c:64:cf:42:0d: + c6:e5:13:20:20:be:4b:60:5f:6f:f3:15:5b:9c:82:62:03:9f: + 94:d4:b2:8b:86:af:ed:3b:8f:20:68:4d:14:78:23:37:d7:aa: + d9:5e:89:e5:80:7a:6b:a4:b8:63:6f:df:32:ad:cd:5e:5f:60: + f8:e4:fc:3a:ce:67:e7:7a:3b:68:36:98:15:4c:05:f0:53:e7: + d5:08:52:a3 -----BEGIN CERTIFICATE----- -MIIE6TCCA9GgAwIBAgIJAO9X2PVpOJUlMA0GCSqGSIb3DQEBCwUAMIGXMQswCQYD -VQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEQ -MA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMM -D3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv -bTAeFw0xNTEyMDcyMjQyMjlaFw0xODA5MDIyMjQyMjlaMIGXMQswCQYDVQQGEwJV -UzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEQMA4GA1UE -CgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMMD3dvbGZT -U0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKsstC8dBgnvTimGhH7Mv6Z5fPDA -wWQljHW3EAXKSCcMDjIcsP6ZhTm2uaL3J/9tPIwWcykhf4umVHGQrcwFuZ8Vxwo/ -X2n0Cl+McbUsv2biA5oy9NLsKolL+TWIFDNHTi4FeQHtZDZ2ufiFzQGIrMWysVm4 -zVr0CQk4m9paz854mR9JPUHWBnxSmciX0bOAOqJPNsTFljB3MTjIcMzhZwazKy+T -tWnPg36IU5sPRiFM1gU2RJlgaEflMgES1BBzrpo0lPpuuFhPe1uKkpet/Ze5dcrC -1EV9F2vNL/Njeg4wtQup2aZ8dGCdzAkDQ/EPkNO3/myf2c14SxWujFv5mYECAwEA -AaOCATQwggEwMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFHOwHKQvgsvPR6U417AE -gjp+chUhMIHMBgNVHSMEgcQwgcGAFHOwHKQvgsvPR6U417AEgjp+chUhoYGdpIGa -MIGXMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwH -U2VhdHRsZTEQMA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcx -GDAWBgNVBAMMD3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3 -b2xmc3NsLmNvbYIJAO9X2PVpOJUlMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw -AYYWaHR0cDovL2xvY2FsaG9zdDoyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAVfbe -vU+slTrMhojDTPwLkYaRxZXKXPjDu9fBvW7DL5QYwdjitd2LlxM/XnacE4kU1Pym -9wGhxc8OTQCuhQlUzs/41adAYKw4cnU7y0LgT6JgNHTtvmVwsUrZma8XD2/0t/Nn -YFcXIKyIZVMPjLwLUXmirxIRJl5VBh5cjFgYSkrY5fn8aZjm5eaUXILuvwdHGIy0 -MbPSwwLcU4bBH/oxP4/SPIorTTcfCyZ4mzv964mk0kdemYLRY5ZfRqYYq4zY0uzc -UNxnwWPQHlcEEKnVHcBz5M6weWK+EW4wUzvf513kBrGAyBozzDGEQg9VrNha5dAM -H8bKHeSMPjGB+f68AQ== +MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx +EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM +B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx +MjE0MjIyNTIzWhcNMTgwOTA5MjIyNTIzWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV +BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT +U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg +Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQCrLLQvHQYJ704phoR+zL+meXzwwMFkJYx1txAF +ykgnDA4yHLD+mYU5trmi9yf/bTyMFnMpIX+LplRxkK3MBbmfFccKP19p9ApfjHG1 +LL9m4gOaMvTS7CqJS/k1iBQzR04uBXkB7WQ2drn4hc0BiKzFsrFZuM1a9AkJOJva +Ws/OeJkfST1B1gZ8UpnIl9GzgDqiTzbExZYwdzE4yHDM4WcGsysvk7Vpz4N+iFOb +D0YhTNYFNkSZYGhH5TIBEtQQc66aNJT6brhYT3tbipKXrf2XuXXKwtRFfRdrzS/z +Y3oOMLULqdmmfHRgncwJA0PxD5DTt/5sn9nNeEsVroxb+ZmBAgMBAAGjggE5MIIB +NTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBRzsBykL4LLz0elONewBII6fnIVITCB +xAYDVR0jBIG8MIG5gBRzsBykL4LLz0elONewBII6fnIVIaGBnaSBmjCBlzELMAkG +A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx +EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD +DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j +b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW +aHR0cDovL2xvY2FsaG9zdDoyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAmfy04hsI +MkuOs/q0CFP2VTYB7CWJgGRgMTsMo2++c/caEtF+PduAMHKoJmM1gIG2YRY0wP3m +892lStx+hYdXXUiOCUaJifhmVrV9V47St3c6t1EVl/rp13Kl4OZRmvPYiX0spb80 +e9j0L7VOY5enW2ka4hzYX8qoYXncAUC3QwmnMaLdssINmAZBxmCnJSHNRYT7NMc7 +dO2Sydk0jtzVQ57kYP+x2KBaXX1TjmLns4xkz0INxuUTICC+S2Bfb/MVW5yCYgOf +lNSyi4av7TuPIGhNFHgjN9eq2V6J5YB6a6S4Y2/fMq3NXl9g+OT8Os5n53o7aDaY +FUwF8FPn1QhSow== -----END CERTIFICATE----- diff --git a/certs/ocsp/openssl.cnf b/certs/ocsp/openssl.cnf index 20d2f6df7..2c4234a90 100644 --- a/certs/ocsp/openssl.cnf +++ b/certs/ocsp/openssl.cnf @@ -23,6 +23,7 @@ authorityInfoAccess = OCSP;URI:http://localhost:22222 basicConstraints = CA:true subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer:always +keyUsage = keyCertSign, cRLSign authorityInfoAccess = OCSP;URI:http://localhost:22220 # OCSP extensions. diff --git a/certs/ocsp/renewcerts.sh b/certs/ocsp/renewcerts.sh index 30e90cb6a..2fa007a49 100755 --- a/certs/ocsp/renewcerts.sh +++ b/certs/ocsp/renewcerts.sh @@ -10,6 +10,7 @@ openssl x509 \ -extensions v3_ca \ -days 1000 \ -signkey root-ca-key.pem \ + -set_serial 99 \ -out root-ca-cert.pem rm root-ca-cert.csr @@ -35,11 +36,9 @@ function update_cert() { -out $1-cert.pem rm $1-cert.csr - openssl x509 -in $3-cert.pem -text > $3_tmp.pem openssl x509 -in $1-cert.pem -text > $1_tmp.pem mv $1_tmp.pem $1-cert.pem - cat $3_tmp.pem >> $1-cert.pem - rm $3_tmp.pem + cat $3-cert.pem >> $1-cert.pem } update_cert intermediate1-ca "wolfSSL intermediate CA" root-ca v3_ca 01 diff --git a/certs/ocsp/root-ca-cert.pem b/certs/ocsp/root-ca-cert.pem index f63c2d9e7..34bcd48c6 100644 --- a/certs/ocsp/root-ca-cert.pem +++ b/certs/ocsp/root-ca-cert.pem @@ -1,12 +1,12 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: 17246491846582506789 (0xef57d8f569389525) + Serial Number: 99 (0x63) Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 7 22:42:29 2015 GMT - Not After : Sep 2 22:42:29 2018 GMT + Not Before: Dec 14 22:25:23 2015 GMT + Not After : Sep 9 22:25:23 2018 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -39,53 +39,55 @@ Certificate: X509v3 Authority Key Identifier: keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com - serial:EF:57:D8:F5:69:38:95:25 + serial:63 + X509v3 Key Usage: + Certificate Sign, CRL Sign Authority Information Access: OCSP - URI:http://localhost:22220 Signature Algorithm: sha256WithRSAEncryption - 55:f6:de:bd:4f:ac:95:3a:cc:86:88:c3:4c:fc:0b:91:86:91: - c5:95:ca:5c:f8:c3:bb:d7:c1:bd:6e:c3:2f:94:18:c1:d8:e2: - b5:dd:8b:97:13:3f:5e:76:9c:13:89:14:d4:fc:a6:f7:01:a1: - c5:cf:0e:4d:00:ae:85:09:54:ce:cf:f8:d5:a7:40:60:ac:38: - 72:75:3b:cb:42:e0:4f:a2:60:34:74:ed:be:65:70:b1:4a:d9: - 99:af:17:0f:6f:f4:b7:f3:67:60:57:17:20:ac:88:65:53:0f: - 8c:bc:0b:51:79:a2:af:12:11:26:5e:55:06:1e:5c:8c:58:18: - 4a:4a:d8:e5:f9:fc:69:98:e6:e5:e6:94:5c:82:ee:bf:07:47: - 18:8c:b4:31:b3:d2:c3:02:dc:53:86:c1:1f:fa:31:3f:8f:d2: - 3c:8a:2b:4d:37:1f:0b:26:78:9b:3b:fd:eb:89:a4:d2:47:5e: - 99:82:d1:63:96:5f:46:a6:18:ab:8c:d8:d2:ec:dc:50:dc:67: - c1:63:d0:1e:57:04:10:a9:d5:1d:c0:73:e4:ce:b0:79:62:be: - 11:6e:30:53:3b:df:e7:5d:e4:06:b1:80:c8:1a:33:cc:31:84: - 42:0f:55:ac:d8:5a:e5:d0:0c:1f:c6:ca:1d:e4:8c:3e:31:81: - f9:fe:bc:01 + 99:fc:b4:e2:1b:08:32:4b:8e:b3:fa:b4:08:53:f6:55:36:01: + ec:25:89:80:64:60:31:3b:0c:a3:6f:be:73:f7:1a:12:d1:7e: + 3d:db:80:30:72:a8:26:63:35:80:81:b6:61:16:34:c0:fd:e6: + f3:dd:a5:4a:dc:7e:85:87:57:5d:48:8e:09:46:89:89:f8:66: + 56:b5:7d:57:8e:d2:b7:77:3a:b7:51:15:97:fa:e9:d7:72:a5: + e0:e6:51:9a:f3:d8:89:7d:2c:a5:bf:34:7b:d8:f4:2f:b5:4e: + 63:97:a7:5b:69:1a:e2:1c:d8:5f:ca:a8:61:79:dc:01:40:b7: + 43:09:a7:31:a2:dd:b2:c2:0d:98:06:41:c6:60:a7:25:21:cd: + 45:84:fb:34:c7:3b:74:ed:92:c9:d9:34:8e:dc:d5:43:9e:e4: + 60:ff:b1:d8:a0:5a:5d:7d:53:8e:62:e7:b3:8c:64:cf:42:0d: + c6:e5:13:20:20:be:4b:60:5f:6f:f3:15:5b:9c:82:62:03:9f: + 94:d4:b2:8b:86:af:ed:3b:8f:20:68:4d:14:78:23:37:d7:aa: + d9:5e:89:e5:80:7a:6b:a4:b8:63:6f:df:32:ad:cd:5e:5f:60: + f8:e4:fc:3a:ce:67:e7:7a:3b:68:36:98:15:4c:05:f0:53:e7: + d5:08:52:a3 -----BEGIN CERTIFICATE----- -MIIE6TCCA9GgAwIBAgIJAO9X2PVpOJUlMA0GCSqGSIb3DQEBCwUAMIGXMQswCQYD -VQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEQ -MA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMM -D3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv -bTAeFw0xNTEyMDcyMjQyMjlaFw0xODA5MDIyMjQyMjlaMIGXMQswCQYDVQQGEwJV -UzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEQMA4GA1UE -CgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMMD3dvbGZT -U0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKsstC8dBgnvTimGhH7Mv6Z5fPDA -wWQljHW3EAXKSCcMDjIcsP6ZhTm2uaL3J/9tPIwWcykhf4umVHGQrcwFuZ8Vxwo/ -X2n0Cl+McbUsv2biA5oy9NLsKolL+TWIFDNHTi4FeQHtZDZ2ufiFzQGIrMWysVm4 -zVr0CQk4m9paz854mR9JPUHWBnxSmciX0bOAOqJPNsTFljB3MTjIcMzhZwazKy+T -tWnPg36IU5sPRiFM1gU2RJlgaEflMgES1BBzrpo0lPpuuFhPe1uKkpet/Ze5dcrC -1EV9F2vNL/Njeg4wtQup2aZ8dGCdzAkDQ/EPkNO3/myf2c14SxWujFv5mYECAwEA -AaOCATQwggEwMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFHOwHKQvgsvPR6U417AE -gjp+chUhMIHMBgNVHSMEgcQwgcGAFHOwHKQvgsvPR6U417AEgjp+chUhoYGdpIGa -MIGXMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwH -U2VhdHRsZTEQMA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcx -GDAWBgNVBAMMD3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3 -b2xmc3NsLmNvbYIJAO9X2PVpOJUlMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw -AYYWaHR0cDovL2xvY2FsaG9zdDoyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAVfbe -vU+slTrMhojDTPwLkYaRxZXKXPjDu9fBvW7DL5QYwdjitd2LlxM/XnacE4kU1Pym -9wGhxc8OTQCuhQlUzs/41adAYKw4cnU7y0LgT6JgNHTtvmVwsUrZma8XD2/0t/Nn -YFcXIKyIZVMPjLwLUXmirxIRJl5VBh5cjFgYSkrY5fn8aZjm5eaUXILuvwdHGIy0 -MbPSwwLcU4bBH/oxP4/SPIorTTcfCyZ4mzv964mk0kdemYLRY5ZfRqYYq4zY0uzc -UNxnwWPQHlcEEKnVHcBz5M6weWK+EW4wUzvf513kBrGAyBozzDGEQg9VrNha5dAM -H8bKHeSMPjGB+f68AQ== +MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx +EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM +B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx +MjE0MjIyNTIzWhcNMTgwOTA5MjIyNTIzWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV +BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT +U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg +Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQCrLLQvHQYJ704phoR+zL+meXzwwMFkJYx1txAF +ykgnDA4yHLD+mYU5trmi9yf/bTyMFnMpIX+LplRxkK3MBbmfFccKP19p9ApfjHG1 +LL9m4gOaMvTS7CqJS/k1iBQzR04uBXkB7WQ2drn4hc0BiKzFsrFZuM1a9AkJOJva +Ws/OeJkfST1B1gZ8UpnIl9GzgDqiTzbExZYwdzE4yHDM4WcGsysvk7Vpz4N+iFOb +D0YhTNYFNkSZYGhH5TIBEtQQc66aNJT6brhYT3tbipKXrf2XuXXKwtRFfRdrzS/z +Y3oOMLULqdmmfHRgncwJA0PxD5DTt/5sn9nNeEsVroxb+ZmBAgMBAAGjggE5MIIB +NTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBRzsBykL4LLz0elONewBII6fnIVITCB +xAYDVR0jBIG8MIG5gBRzsBykL4LLz0elONewBII6fnIVIaGBnaSBmjCBlzELMAkG +A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx +EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD +DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j +b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW +aHR0cDovL2xvY2FsaG9zdDoyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAmfy04hsI +MkuOs/q0CFP2VTYB7CWJgGRgMTsMo2++c/caEtF+PduAMHKoJmM1gIG2YRY0wP3m +892lStx+hYdXXUiOCUaJifhmVrV9V47St3c6t1EVl/rp13Kl4OZRmvPYiX0spb80 +e9j0L7VOY5enW2ka4hzYX8qoYXncAUC3QwmnMaLdssINmAZBxmCnJSHNRYT7NMc7 +dO2Sydk0jtzVQ57kYP+x2KBaXX1TjmLns4xkz0INxuUTICC+S2Bfb/MVW5yCYgOf +lNSyi4av7TuPIGhNFHgjN9eq2V6J5YB6a6S4Y2/fMq3NXl9g+OT8Os5n53o7aDaY +FUwF8FPn1QhSow== -----END CERTIFICATE----- diff --git a/certs/ocsp/server1-cert.pem b/certs/ocsp/server1-cert.pem index b4f1426d3..794bb7a31 100644 --- a/certs/ocsp/server1-cert.pem +++ b/certs/ocsp/server1-cert.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL intermediate CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 7 22:42:29 2015 GMT - Not After : Sep 2 22:42:29 2018 GMT + Not Before: Dec 14 22:25:23 2015 GMT + Not After : Sep 9 22:25:23 2018 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=www1.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -47,27 +47,27 @@ Certificate: OCSP - URI:http://localhost:22221 Signature Algorithm: sha256WithRSAEncryption - d2:c0:12:20:fd:e1:b6:ad:89:ae:6f:60:af:3c:ad:5a:09:04: - 31:99:7a:94:00:56:80:26:5a:13:53:60:f3:81:7c:ac:01:e8: - 7a:87:e9:3c:7a:0f:78:14:fa:3f:f1:54:0f:f9:8d:0e:f9:02: - 66:bd:81:c6:e9:12:1c:b6:db:7b:b0:71:dd:62:06:fd:39:5f: - b3:1f:43:ff:af:91:0f:58:3a:ae:e7:07:a5:da:a1:46:e4:67: - 0a:a4:0d:7e:37:b7:59:92:6c:7b:95:94:2b:33:5c:19:c2:35: - c5:fc:92:10:9e:87:13:8a:82:0f:f7:68:97:e1:b8:94:d3:d4: - d5:89:14:f3:1e:9e:29:1c:af:40:14:4b:80:7a:1e:dd:99:23: - dc:82:79:4b:3c:ac:09:6c:bf:84:97:ba:28:d2:ed:b7:d3:19: - 51:49:c1:1f:37:4d:44:fd:e9:2e:ff:b7:71:f7:35:5b:97:82: - 69:12:75:17:44:b3:a8:57:b8:88:ae:b9:1a:80:31:1f:c9:10: - 91:73:97:98:0b:9a:27:9e:ac:47:99:c6:66:64:f3:b2:36:1f: - 60:ef:fd:43:1e:f5:81:d4:21:89:d1:2e:27:69:9b:39:cb:84: - e4:fc:24:1b:f7:18:ff:78:36:0d:9e:37:59:ff:1d:ec:9b:c4: - 50:7d:42:ea + 81:77:93:7b:35:9c:af:00:ca:7a:eb:53:d0:56:f9:11:7b:eb: + 6b:d1:ac:f2:bb:1a:f2:b7:d1:02:59:04:3c:43:09:5a:66:9b: + 05:c9:9b:3c:98:d4:3b:30:dd:8a:8a:97:fb:77:06:22:89:b3: + c6:14:3d:00:ef:48:95:69:6f:74:92:4e:f0:70:fb:7a:d4:84: + f9:26:00:b7:f9:59:14:fb:56:ed:b3:ea:14:de:d6:76:aa:c4: + dd:16:74:f7:5a:32:18:1e:ab:eb:80:3d:2f:5c:fc:29:96:fa: + 62:44:09:bf:3e:f9:ac:2b:6e:36:68:f1:d7:53:eb:a1:47:53: + 99:65:29:3f:21:e2:ce:64:55:37:e0:41:d2:0a:ac:1b:6a:a3: + 62:db:96:46:2e:67:9f:4a:8f:7d:5e:f9:1f:2a:36:e6:c0:2b: + 07:f9:63:d9:54:e7:5b:09:86:7a:dc:75:96:bc:60:28:00:99: + a7:8b:17:7a:bd:8b:06:bc:9f:c4:bc:d7:c8:d5:eb:a6:60:cf: + 0c:07:b3:8c:bd:87:8c:15:12:d2:26:ea:56:ed:d4:c0:87:10: + 50:7f:f6:70:d0:72:fb:f0:75:cf:c7:c2:c9:01:6a:05:68:5e: + 7a:2f:e0:ef:c1:45:e0:31:52:05:d7:12:7a:06:53:81:f7:e8: + cb:14:42:bd -----BEGIN CERTIFICATE----- MIIE7DCCA9SgAwIBAgIBBDANBgkqhkiG9w0BAQsFADCBnzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSAwHgYDVQQDDBd3b2xmU1NM IGludGVybWVkaWF0ZSBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv -bTAeFw0xNTEyMDcyMjQyMjlaFw0xODA5MDIyMjQyMjlaMIGYMQswCQYDVQQGEwJV +bTAeFw0xNTEyMTQyMjI1MjNaFw0xODA5MDkyMjI1MjNaMIGYMQswCQYDVQQGEwJV UzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEQMA4GA1UE CgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcxGTAXBgNVBAMMEHd3dzEu d29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEi @@ -84,12 +84,12 @@ YXR0bGUxEDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgw FgYDVQQDDA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s ZnNzbC5jb22CAQEwCwYDVR0PBAQDAgXgMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEF BQcwAYYWaHR0cDovL2xvY2FsaG9zdDoyMjIyMTANBgkqhkiG9w0BAQsFAAOCAQEA -0sASIP3htq2Jrm9grzytWgkEMZl6lABWgCZaE1Ng84F8rAHoeofpPHoPeBT6P/FU -D/mNDvkCZr2BxukSHLbbe7Bx3WIG/Tlfsx9D/6+RD1g6rucHpdqhRuRnCqQNfje3 -WZJse5WUKzNcGcI1xfySEJ6HE4qCD/dol+G4lNPU1YkU8x6eKRyvQBRLgHoe3Zkj -3IJ5SzysCWy/hJe6KNLtt9MZUUnBHzdNRP3pLv+3cfc1W5eCaRJ1F0SzqFe4iK65 -GoAxH8kQkXOXmAuaJ56sR5nGZmTzsjYfYO/9Qx71gdQhidEuJ2mbOcuE5PwkG/cY -/3g2DZ43Wf8d7JvEUH1C6g== +gXeTezWcrwDKeutT0Fb5EXvra9Gs8rsa8rfRAlkEPEMJWmabBcmbPJjUOzDdioqX ++3cGIomzxhQ9AO9IlWlvdJJO8HD7etSE+SYAt/lZFPtW7bPqFN7WdqrE3RZ091oy +GB6r64A9L1z8KZb6YkQJvz75rCtuNmjx11ProUdTmWUpPyHizmRVN+BB0gqsG2qj +YtuWRi5nn0qPfV75Hyo25sArB/lj2VTnWwmGetx1lrxgKACZp4sXer2LBryfxLzX +yNXrpmDPDAezjL2HjBUS0ibqVu3UwIcQUH/2cNBy+/B1z8fCyQFqBWheei/g78FF +4DFSBdcSegZTgffoyxRCvQ== -----END CERTIFICATE----- Certificate: Data: @@ -98,8 +98,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 7 22:42:29 2015 GMT - Not After : Sep 2 22:42:29 2018 GMT + Not Before: Dec 14 22:25:23 2015 GMT + Not After : Sep 9 22:25:23 2018 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL intermediate CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -132,33 +132,35 @@ Certificate: X509v3 Authority Key Identifier: keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com - serial:EF:57:D8:F5:69:38:95:25 + serial:63 + X509v3 Key Usage: + Certificate Sign, CRL Sign Authority Information Access: OCSP - URI:http://localhost:22220 Signature Algorithm: sha256WithRSAEncryption - 3d:92:fc:b0:73:95:d8:5a:18:e3:27:fc:55:05:14:54:2e:af: - 37:1e:37:11:25:e8:c9:7a:b0:9b:68:fb:a0:69:91:fd:bb:dd: - 00:55:fb:30:b3:4a:59:a6:58:bb:e4:03:3e:f2:98:a2:07:71: - c7:de:3a:a0:0b:eb:43:44:77:2b:fc:5d:96:a7:89:c8:1a:6a: - 6e:b6:34:00:bb:e0:8a:5b:2b:ad:3a:f4:ab:b9:d4:54:f9:85: - 9a:f7:3b:23:00:dc:17:8f:55:1f:b9:e1:17:10:61:91:50:77: - b6:57:be:75:61:6e:cc:9c:27:76:32:c2:de:b4:ee:11:ff:10: - f7:99:49:38:8e:af:af:fa:73:1e:34:20:6c:3e:9f:cb:56:70: - 20:47:21:d3:2c:db:9b:ad:3b:32:96:72:be:d3:1b:d2:33:21: - 9b:4b:86:3a:64:45:37:8b:60:80:3b:3e:08:7a:06:f2:aa:20: - 7b:63:2c:df:03:c0:2a:74:07:61:db:f3:ec:8a:17:a4:36:a1: - 6c:b6:c0:64:f7:8a:5b:d0:43:64:bb:3e:ed:5d:e8:06:9c:b0: - ef:c2:f3:d1:ff:e2:05:5e:1f:e1:bd:ef:2a:32:a3:44:9f:44: - 99:c0:a3:27:8b:af:24:c4:5f:2b:d5:05:a2:18:70:32:a4:d2: - 75:16:1b:b1 + 1b:83:ce:ad:1e:50:0f:3c:f0:26:17:23:c1:d5:98:88:c8:bc: + 30:5b:bb:01:bd:9b:cc:b3:45:0b:a3:7b:30:0a:54:3f:c7:36: + 16:4b:8b:cb:dd:d1:b3:7b:00:40:48:24:cb:46:3b:e7:e0:5c: + 7b:ec:ca:f8:e0:e5:34:5d:ae:e7:ac:87:15:cd:6c:7e:13:52: + 28:84:55:2b:2a:14:d9:fa:34:ce:fb:15:6c:10:47:c9:e6:ed: + 35:5b:4c:97:9c:dd:51:46:ac:2c:60:b7:2e:9d:2f:cb:0d:83: + 86:f0:a6:1b:6d:26:cb:7f:c4:97:51:6c:a1:a3:8d:6e:be:41: + 4a:ec:b0:cf:b4:ae:ad:e4:65:57:12:5d:bf:a0:78:ce:bf:4b: + 35:fe:bb:94:7a:f1:43:7d:0f:01:45:eb:d1:53:8b:19:db:bf: + 3e:4a:26:77:a1:b5:06:2a:64:ec:53:ca:ec:93:23:a2:4e:6a: + 82:8f:11:f4:cd:5f:6c:6e:22:cd:e1:1c:76:ce:49:f7:ca:43: + 65:aa:f5:9e:e7:ad:eb:99:4f:ff:db:fe:b8:91:ef:2c:ea:92: + 5f:bf:08:78:c1:90:22:37:f3:7e:c3:5b:fc:31:f0:5b:83:65: + 00:d6:5a:55:3a:a2:a8:3f:02:e5:ae:7a:37:7b:3c:39:e7:91: + 4a:2e:53:04 -----BEGIN CERTIFICATE----- -MIIE6TCCA9GgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx +MIIE7jCCA9agAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx -MjA3MjI0MjI5WhcNMTgwOTAyMjI0MjI5WjCBnzELMAkGA1UEBhMCVVMxEzARBgNV +MjE0MjIyNTIzWhcNMTgwOTA5MjIyNTIzWjCBnzELMAkGA1UEBhMCVVMxEzARBgNV BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSAwHgYDVQQDDBd3b2xmU1NMIGludGVy bWVkaWF0ZSBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIw @@ -168,17 +170,110 @@ kYJL/L6Q1lBTY5osIuE1Edx4ApeK5EaSnFMIdt4fU7a4ync+eW680OMNMFtM9pQN MClknwTl2/uJYGe7ryaDUXckLysLoZSBEJjo6yaoHnzkxGxnBpVVSt1S9PJgbQEr GZE1baQIRwZxJADZ3sZW84tTLOKalqXzYuXE4yPy0vwh6g9ido3VmUjO3FjEu3/a lCyAdIPF4LAVfkH9DvL08Hh2e60mDapIlhcvIeOVKyY3+aqAL/7e9l68l38CAwEA -AaOCATQwggEwMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFIPGOoksgfQC151M4irA -cYJkRNoOMIHMBgNVHSMEgcQwgcGAFHOwHKQvgsvPR6U417AEgjp+chUhoYGdpIGa +AaOCATkwggE1MAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFIPGOoksgfQC151M4irA +cYJkRNoOMIHEBgNVHSMEgbwwgbmAFHOwHKQvgsvPR6U417AEgjp+chUhoYGdpIGa MIGXMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwH U2VhdHRsZTEQMA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcx GDAWBgNVBAMMD3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3 -b2xmc3NsLmNvbYIJAO9X2PVpOJUlMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw -AYYWaHR0cDovL2xvY2FsaG9zdDoyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAPZL8 -sHOV2FoY4yf8VQUUVC6vNx43ESXoyXqwm2j7oGmR/bvdAFX7MLNKWaZYu+QDPvKY -ogdxx946oAvrQ0R3K/xdlqeJyBpqbrY0ALvgilsrrTr0q7nUVPmFmvc7IwDcF49V -H7nhFxBhkVB3tle+dWFuzJwndjLC3rTuEf8Q95lJOI6vr/pzHjQgbD6fy1ZwIEch -0yzbm607MpZyvtMb0jMhm0uGOmRFN4tggDs+CHoG8qoge2Ms3wPAKnQHYdvz7IoX -pDahbLbAZPeKW9BDZLs+7V3oBpyw78Lz0f/iBV4f4b3vKjKjRJ9EmcCjJ4uvJMRf -K9UFohhwMqTSdRYbsQ== +b2xmc3NsLmNvbYIBYzALBgNVHQ8EBAMCAQYwMgYIKwYBBQUHAQEEJjAkMCIGCCsG +AQUFBzABhhZodHRwOi8vbG9jYWxob3N0OjIyMjIwMA0GCSqGSIb3DQEBCwUAA4IB +AQAbg86tHlAPPPAmFyPB1ZiIyLwwW7sBvZvMs0ULo3swClQ/xzYWS4vL3dGzewBA +SCTLRjvn4Fx77Mr44OU0Xa7nrIcVzWx+E1IohFUrKhTZ+jTO+xVsEEfJ5u01W0yX +nN1RRqwsYLcunS/LDYOG8KYbbSbLf8SXUWyho41uvkFK7LDPtK6t5GVXEl2/oHjO +v0s1/ruUevFDfQ8BRevRU4sZ278+SiZ3obUGKmTsU8rskyOiTmqCjxH0zV9sbiLN +4Rx2zkn3ykNlqvWe563rmU//2/64ke8s6pJfvwh4wZAiN/N+w1v8MfBbg2UA1lpV +OqKoPwLlrno3ezw555FKLlME +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 99 (0x63) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com + Validity + Not Before: Dec 14 22:25:23 2015 GMT + Not After : Sep 9 22:25:23 2018 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ab:2c:b4:2f:1d:06:09:ef:4e:29:86:84:7e:cc: + bf:a6:79:7c:f0:c0:c1:64:25:8c:75:b7:10:05:ca: + 48:27:0c:0e:32:1c:b0:fe:99:85:39:b6:b9:a2:f7: + 27:ff:6d:3c:8c:16:73:29:21:7f:8b:a6:54:71:90: + ad:cc:05:b9:9f:15:c7:0a:3f:5f:69:f4:0a:5f:8c: + 71:b5:2c:bf:66:e2:03:9a:32:f4:d2:ec:2a:89:4b: + f9:35:88:14:33:47:4e:2e:05:79:01:ed:64:36:76: + b9:f8:85:cd:01:88:ac:c5:b2:b1:59:b8:cd:5a:f4: + 09:09:38:9b:da:5a:cf:ce:78:99:1f:49:3d:41:d6: + 06:7c:52:99:c8:97:d1:b3:80:3a:a2:4f:36:c4:c5: + 96:30:77:31:38:c8:70:cc:e1:67:06:b3:2b:2f:93: + b5:69:cf:83:7e:88:53:9b:0f:46:21:4c:d6:05:36: + 44:99:60:68:47:e5:32:01:12:d4:10:73:ae:9a:34: + 94:fa:6e:b8:58:4f:7b:5b:8a:92:97:ad:fd:97:b9: + 75:ca:c2:d4:45:7d:17:6b:cd:2f:f3:63:7a:0e:30: + b5:0b:a9:d9:a6:7c:74:60:9d:cc:09:03:43:f1:0f: + 90:d3:b7:fe:6c:9f:d9:cd:78:4b:15:ae:8c:5b:f9: + 99:81 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + X509v3 Subject Key Identifier: + 73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 + X509v3 Authority Key Identifier: + keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 + DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com + serial:63 + + X509v3 Key Usage: + Certificate Sign, CRL Sign + Authority Information Access: + OCSP - URI:http://localhost:22220 + + Signature Algorithm: sha256WithRSAEncryption + 99:fc:b4:e2:1b:08:32:4b:8e:b3:fa:b4:08:53:f6:55:36:01: + ec:25:89:80:64:60:31:3b:0c:a3:6f:be:73:f7:1a:12:d1:7e: + 3d:db:80:30:72:a8:26:63:35:80:81:b6:61:16:34:c0:fd:e6: + f3:dd:a5:4a:dc:7e:85:87:57:5d:48:8e:09:46:89:89:f8:66: + 56:b5:7d:57:8e:d2:b7:77:3a:b7:51:15:97:fa:e9:d7:72:a5: + e0:e6:51:9a:f3:d8:89:7d:2c:a5:bf:34:7b:d8:f4:2f:b5:4e: + 63:97:a7:5b:69:1a:e2:1c:d8:5f:ca:a8:61:79:dc:01:40:b7: + 43:09:a7:31:a2:dd:b2:c2:0d:98:06:41:c6:60:a7:25:21:cd: + 45:84:fb:34:c7:3b:74:ed:92:c9:d9:34:8e:dc:d5:43:9e:e4: + 60:ff:b1:d8:a0:5a:5d:7d:53:8e:62:e7:b3:8c:64:cf:42:0d: + c6:e5:13:20:20:be:4b:60:5f:6f:f3:15:5b:9c:82:62:03:9f: + 94:d4:b2:8b:86:af:ed:3b:8f:20:68:4d:14:78:23:37:d7:aa: + d9:5e:89:e5:80:7a:6b:a4:b8:63:6f:df:32:ad:cd:5e:5f:60: + f8:e4:fc:3a:ce:67:e7:7a:3b:68:36:98:15:4c:05:f0:53:e7: + d5:08:52:a3 +-----BEGIN CERTIFICATE----- +MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx +EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM +B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx +MjE0MjIyNTIzWhcNMTgwOTA5MjIyNTIzWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV +BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT +U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg +Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQCrLLQvHQYJ704phoR+zL+meXzwwMFkJYx1txAF +ykgnDA4yHLD+mYU5trmi9yf/bTyMFnMpIX+LplRxkK3MBbmfFccKP19p9ApfjHG1 +LL9m4gOaMvTS7CqJS/k1iBQzR04uBXkB7WQ2drn4hc0BiKzFsrFZuM1a9AkJOJva +Ws/OeJkfST1B1gZ8UpnIl9GzgDqiTzbExZYwdzE4yHDM4WcGsysvk7Vpz4N+iFOb +D0YhTNYFNkSZYGhH5TIBEtQQc66aNJT6brhYT3tbipKXrf2XuXXKwtRFfRdrzS/z +Y3oOMLULqdmmfHRgncwJA0PxD5DTt/5sn9nNeEsVroxb+ZmBAgMBAAGjggE5MIIB +NTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBRzsBykL4LLz0elONewBII6fnIVITCB +xAYDVR0jBIG8MIG5gBRzsBykL4LLz0elONewBII6fnIVIaGBnaSBmjCBlzELMAkG +A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx +EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD +DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j +b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW +aHR0cDovL2xvY2FsaG9zdDoyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAmfy04hsI +MkuOs/q0CFP2VTYB7CWJgGRgMTsMo2++c/caEtF+PduAMHKoJmM1gIG2YRY0wP3m +892lStx+hYdXXUiOCUaJifhmVrV9V47St3c6t1EVl/rp13Kl4OZRmvPYiX0spb80 +e9j0L7VOY5enW2ka4hzYX8qoYXncAUC3QwmnMaLdssINmAZBxmCnJSHNRYT7NMc7 +dO2Sydk0jtzVQ57kYP+x2KBaXX1TjmLns4xkz0INxuUTICC+S2Bfb/MVW5yCYgOf +lNSyi4av7TuPIGhNFHgjN9eq2V6J5YB6a6S4Y2/fMq3NXl9g+OT8Os5n53o7aDaY +FUwF8FPn1QhSow== -----END CERTIFICATE----- diff --git a/certs/ocsp/server2-cert.pem b/certs/ocsp/server2-cert.pem index de79496e1..9025271b2 100644 --- a/certs/ocsp/server2-cert.pem +++ b/certs/ocsp/server2-cert.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL intermediate CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 7 22:42:30 2015 GMT - Not After : Sep 2 22:42:30 2018 GMT + Not Before: Dec 14 22:25:23 2015 GMT + Not After : Sep 9 22:25:23 2018 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=www2.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -47,27 +47,27 @@ Certificate: OCSP - URI:http://localhost:22221 Signature Algorithm: sha256WithRSAEncryption - 72:91:43:1a:4f:fb:87:32:dc:12:b0:60:ed:d8:05:f9:ac:62: - 51:1d:21:40:f4:36:86:6c:24:82:33:a5:1e:c9:bd:bb:2a:2f: - 14:76:ef:63:ba:fe:79:c5:14:ac:0b:d7:3d:7d:cd:db:50:98: - 93:05:0e:f2:0f:00:fa:f2:11:dc:10:25:c0:e7:ae:0e:b2:fc: - 86:2a:a1:d9:ee:1c:ad:31:ad:be:69:3f:58:5d:73:cd:bb:df: - 64:3d:bd:aa:e0:30:9e:4b:f5:e5:48:0e:81:c5:81:2e:90:d5: - 73:62:a6:80:9a:71:24:54:95:3a:aa:a0:df:aa:2a:95:9e:90: - 1f:f4:94:cb:ad:9d:47:7f:52:d6:52:16:a4:db:1e:71:71:c9: - a4:4a:02:1c:e5:5d:4d:23:6c:6a:db:60:b4:0e:58:83:1a:86: - af:f0:ec:25:44:63:c6:05:f2:26:f8:34:98:11:93:cd:4d:4d: - 7a:cb:53:e5:86:40:91:fb:6d:16:14:de:c8:d1:5d:65:9d:45: - 92:1c:c0:4f:4f:33:8a:8b:23:93:30:f4:fe:08:92:27:bf:3d: - 11:4e:0b:42:59:69:88:b3:df:45:0f:a0:05:63:03:bd:1c:8c: - 3c:76:1f:20:65:25:8b:3c:34:1e:74:a0:79:05:6e:dd:b6:ae: - 8f:77:b5:0d + a3:33:6d:91:c3:bd:b5:42:e6:6a:b8:1f:01:d8:ef:8c:ab:f9: + f7:e2:ac:23:72:a1:77:41:67:fc:b4:c9:dd:72:d8:25:3c:40: + 17:db:87:c0:6c:55:2c:26:d2:53:d5:e7:81:8e:b3:3f:e1:fd: + fd:73:4b:ee:75:44:04:a6:f1:56:aa:57:94:a3:5e:4d:45:49: + 4b:70:e2:bf:36:e9:8c:68:cf:37:f3:0f:ee:74:4a:ef:f8:8a: + 39:89:9f:3d:26:91:c8:cf:03:45:5a:13:8d:5f:ac:7c:c3:d9: + 34:1c:80:e5:33:40:fc:02:8a:04:36:93:ba:47:c5:bc:34:8b: + dc:30:4c:f5:b0:42:60:3b:59:2e:d6:c6:44:bb:44:dc:2a:05: + bd:f0:37:cc:16:27:a9:b5:f7:7d:fa:3a:7f:3c:64:62:cf:3a: + 2b:2d:85:82:bd:29:96:47:6f:a9:85:5c:4f:ae:72:eb:25:05: + e1:c8:f2:95:9e:02:03:2c:fe:06:1c:83:3a:d2:84:d4:84:17: + d8:49:84:3e:c6:3d:16:10:e5:65:25:68:a5:71:18:8c:2e:40: + a0:1c:43:ba:0f:bc:6c:07:25:29:1f:ab:1e:ff:d0:45:51:3f: + 3f:f5:a1:71:c8:35:87:47:14:c5:8e:1c:e2:94:ff:27:2c:ce: + aa:55:1c:c9 -----BEGIN CERTIFICATE----- MIIE7DCCA9SgAwIBAgIBBTANBgkqhkiG9w0BAQsFADCBnzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSAwHgYDVQQDDBd3b2xmU1NM IGludGVybWVkaWF0ZSBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv -bTAeFw0xNTEyMDcyMjQyMzBaFw0xODA5MDIyMjQyMzBaMIGYMQswCQYDVQQGEwJV +bTAeFw0xNTEyMTQyMjI1MjNaFw0xODA5MDkyMjI1MjNaMIGYMQswCQYDVQQGEwJV UzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEQMA4GA1UE CgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcxGTAXBgNVBAMMEHd3dzIu d29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEi @@ -84,12 +84,12 @@ YXR0bGUxEDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgw FgYDVQQDDA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s ZnNzbC5jb22CAQEwCwYDVR0PBAQDAgXgMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEF BQcwAYYWaHR0cDovL2xvY2FsaG9zdDoyMjIyMTANBgkqhkiG9w0BAQsFAAOCAQEA -cpFDGk/7hzLcErBg7dgF+axiUR0hQPQ2hmwkgjOlHsm9uyovFHbvY7r+ecUUrAvX -PX3N21CYkwUO8g8A+vIR3BAlwOeuDrL8hiqh2e4crTGtvmk/WF1zzbvfZD29quAw -nkv15UgOgcWBLpDVc2KmgJpxJFSVOqqg36oqlZ6QH/SUy62dR39S1lIWpNsecXHJ -pEoCHOVdTSNsattgtA5YgxqGr/DsJURjxgXyJvg0mBGTzU1NestT5YZAkfttFhTe -yNFdZZ1FkhzAT08ziosjkzD0/giSJ789EU4LQllpiLPfRQ+gBWMDvRyMPHYfIGUl -izw0HnSgeQVu3bauj3e1DQ== +ozNtkcO9tULmargfAdjvjKv59+KsI3Khd0Fn/LTJ3XLYJTxAF9uHwGxVLCbSU9Xn +gY6zP+H9/XNL7nVEBKbxVqpXlKNeTUVJS3DivzbpjGjPN/MP7nRK7/iKOYmfPSaR +yM8DRVoTjV+sfMPZNByA5TNA/AKKBDaTukfFvDSL3DBM9bBCYDtZLtbGRLtE3CoF +vfA3zBYnqbX3ffo6fzxkYs86Ky2Fgr0plkdvqYVcT65y6yUF4cjylZ4CAyz+BhyD +OtKE1IQX2EmEPsY9FhDlZSVopXEYjC5AoBxDug+8bAclKR+rHv/QRVE/P/Whccg1 +h0cUxY4c4pT/JyzOqlUcyQ== -----END CERTIFICATE----- Certificate: Data: @@ -98,8 +98,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 7 22:42:29 2015 GMT - Not After : Sep 2 22:42:29 2018 GMT + Not Before: Dec 14 22:25:23 2015 GMT + Not After : Sep 9 22:25:23 2018 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL intermediate CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -132,33 +132,35 @@ Certificate: X509v3 Authority Key Identifier: keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com - serial:EF:57:D8:F5:69:38:95:25 + serial:63 + X509v3 Key Usage: + Certificate Sign, CRL Sign Authority Information Access: OCSP - URI:http://localhost:22220 Signature Algorithm: sha256WithRSAEncryption - 3d:92:fc:b0:73:95:d8:5a:18:e3:27:fc:55:05:14:54:2e:af: - 37:1e:37:11:25:e8:c9:7a:b0:9b:68:fb:a0:69:91:fd:bb:dd: - 00:55:fb:30:b3:4a:59:a6:58:bb:e4:03:3e:f2:98:a2:07:71: - c7:de:3a:a0:0b:eb:43:44:77:2b:fc:5d:96:a7:89:c8:1a:6a: - 6e:b6:34:00:bb:e0:8a:5b:2b:ad:3a:f4:ab:b9:d4:54:f9:85: - 9a:f7:3b:23:00:dc:17:8f:55:1f:b9:e1:17:10:61:91:50:77: - b6:57:be:75:61:6e:cc:9c:27:76:32:c2:de:b4:ee:11:ff:10: - f7:99:49:38:8e:af:af:fa:73:1e:34:20:6c:3e:9f:cb:56:70: - 20:47:21:d3:2c:db:9b:ad:3b:32:96:72:be:d3:1b:d2:33:21: - 9b:4b:86:3a:64:45:37:8b:60:80:3b:3e:08:7a:06:f2:aa:20: - 7b:63:2c:df:03:c0:2a:74:07:61:db:f3:ec:8a:17:a4:36:a1: - 6c:b6:c0:64:f7:8a:5b:d0:43:64:bb:3e:ed:5d:e8:06:9c:b0: - ef:c2:f3:d1:ff:e2:05:5e:1f:e1:bd:ef:2a:32:a3:44:9f:44: - 99:c0:a3:27:8b:af:24:c4:5f:2b:d5:05:a2:18:70:32:a4:d2: - 75:16:1b:b1 + 1b:83:ce:ad:1e:50:0f:3c:f0:26:17:23:c1:d5:98:88:c8:bc: + 30:5b:bb:01:bd:9b:cc:b3:45:0b:a3:7b:30:0a:54:3f:c7:36: + 16:4b:8b:cb:dd:d1:b3:7b:00:40:48:24:cb:46:3b:e7:e0:5c: + 7b:ec:ca:f8:e0:e5:34:5d:ae:e7:ac:87:15:cd:6c:7e:13:52: + 28:84:55:2b:2a:14:d9:fa:34:ce:fb:15:6c:10:47:c9:e6:ed: + 35:5b:4c:97:9c:dd:51:46:ac:2c:60:b7:2e:9d:2f:cb:0d:83: + 86:f0:a6:1b:6d:26:cb:7f:c4:97:51:6c:a1:a3:8d:6e:be:41: + 4a:ec:b0:cf:b4:ae:ad:e4:65:57:12:5d:bf:a0:78:ce:bf:4b: + 35:fe:bb:94:7a:f1:43:7d:0f:01:45:eb:d1:53:8b:19:db:bf: + 3e:4a:26:77:a1:b5:06:2a:64:ec:53:ca:ec:93:23:a2:4e:6a: + 82:8f:11:f4:cd:5f:6c:6e:22:cd:e1:1c:76:ce:49:f7:ca:43: + 65:aa:f5:9e:e7:ad:eb:99:4f:ff:db:fe:b8:91:ef:2c:ea:92: + 5f:bf:08:78:c1:90:22:37:f3:7e:c3:5b:fc:31:f0:5b:83:65: + 00:d6:5a:55:3a:a2:a8:3f:02:e5:ae:7a:37:7b:3c:39:e7:91: + 4a:2e:53:04 -----BEGIN CERTIFICATE----- -MIIE6TCCA9GgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx +MIIE7jCCA9agAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx -MjA3MjI0MjI5WhcNMTgwOTAyMjI0MjI5WjCBnzELMAkGA1UEBhMCVVMxEzARBgNV +MjE0MjIyNTIzWhcNMTgwOTA5MjIyNTIzWjCBnzELMAkGA1UEBhMCVVMxEzARBgNV BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSAwHgYDVQQDDBd3b2xmU1NMIGludGVy bWVkaWF0ZSBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIw @@ -168,17 +170,110 @@ kYJL/L6Q1lBTY5osIuE1Edx4ApeK5EaSnFMIdt4fU7a4ync+eW680OMNMFtM9pQN MClknwTl2/uJYGe7ryaDUXckLysLoZSBEJjo6yaoHnzkxGxnBpVVSt1S9PJgbQEr GZE1baQIRwZxJADZ3sZW84tTLOKalqXzYuXE4yPy0vwh6g9ido3VmUjO3FjEu3/a lCyAdIPF4LAVfkH9DvL08Hh2e60mDapIlhcvIeOVKyY3+aqAL/7e9l68l38CAwEA -AaOCATQwggEwMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFIPGOoksgfQC151M4irA -cYJkRNoOMIHMBgNVHSMEgcQwgcGAFHOwHKQvgsvPR6U417AEgjp+chUhoYGdpIGa +AaOCATkwggE1MAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFIPGOoksgfQC151M4irA +cYJkRNoOMIHEBgNVHSMEgbwwgbmAFHOwHKQvgsvPR6U417AEgjp+chUhoYGdpIGa MIGXMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwH U2VhdHRsZTEQMA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcx GDAWBgNVBAMMD3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3 -b2xmc3NsLmNvbYIJAO9X2PVpOJUlMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw -AYYWaHR0cDovL2xvY2FsaG9zdDoyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAPZL8 -sHOV2FoY4yf8VQUUVC6vNx43ESXoyXqwm2j7oGmR/bvdAFX7MLNKWaZYu+QDPvKY -ogdxx946oAvrQ0R3K/xdlqeJyBpqbrY0ALvgilsrrTr0q7nUVPmFmvc7IwDcF49V -H7nhFxBhkVB3tle+dWFuzJwndjLC3rTuEf8Q95lJOI6vr/pzHjQgbD6fy1ZwIEch -0yzbm607MpZyvtMb0jMhm0uGOmRFN4tggDs+CHoG8qoge2Ms3wPAKnQHYdvz7IoX -pDahbLbAZPeKW9BDZLs+7V3oBpyw78Lz0f/iBV4f4b3vKjKjRJ9EmcCjJ4uvJMRf -K9UFohhwMqTSdRYbsQ== +b2xmc3NsLmNvbYIBYzALBgNVHQ8EBAMCAQYwMgYIKwYBBQUHAQEEJjAkMCIGCCsG +AQUFBzABhhZodHRwOi8vbG9jYWxob3N0OjIyMjIwMA0GCSqGSIb3DQEBCwUAA4IB +AQAbg86tHlAPPPAmFyPB1ZiIyLwwW7sBvZvMs0ULo3swClQ/xzYWS4vL3dGzewBA +SCTLRjvn4Fx77Mr44OU0Xa7nrIcVzWx+E1IohFUrKhTZ+jTO+xVsEEfJ5u01W0yX +nN1RRqwsYLcunS/LDYOG8KYbbSbLf8SXUWyho41uvkFK7LDPtK6t5GVXEl2/oHjO +v0s1/ruUevFDfQ8BRevRU4sZ278+SiZ3obUGKmTsU8rskyOiTmqCjxH0zV9sbiLN +4Rx2zkn3ykNlqvWe563rmU//2/64ke8s6pJfvwh4wZAiN/N+w1v8MfBbg2UA1lpV +OqKoPwLlrno3ezw555FKLlME +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 99 (0x63) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com + Validity + Not Before: Dec 14 22:25:23 2015 GMT + Not After : Sep 9 22:25:23 2018 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ab:2c:b4:2f:1d:06:09:ef:4e:29:86:84:7e:cc: + bf:a6:79:7c:f0:c0:c1:64:25:8c:75:b7:10:05:ca: + 48:27:0c:0e:32:1c:b0:fe:99:85:39:b6:b9:a2:f7: + 27:ff:6d:3c:8c:16:73:29:21:7f:8b:a6:54:71:90: + ad:cc:05:b9:9f:15:c7:0a:3f:5f:69:f4:0a:5f:8c: + 71:b5:2c:bf:66:e2:03:9a:32:f4:d2:ec:2a:89:4b: + f9:35:88:14:33:47:4e:2e:05:79:01:ed:64:36:76: + b9:f8:85:cd:01:88:ac:c5:b2:b1:59:b8:cd:5a:f4: + 09:09:38:9b:da:5a:cf:ce:78:99:1f:49:3d:41:d6: + 06:7c:52:99:c8:97:d1:b3:80:3a:a2:4f:36:c4:c5: + 96:30:77:31:38:c8:70:cc:e1:67:06:b3:2b:2f:93: + b5:69:cf:83:7e:88:53:9b:0f:46:21:4c:d6:05:36: + 44:99:60:68:47:e5:32:01:12:d4:10:73:ae:9a:34: + 94:fa:6e:b8:58:4f:7b:5b:8a:92:97:ad:fd:97:b9: + 75:ca:c2:d4:45:7d:17:6b:cd:2f:f3:63:7a:0e:30: + b5:0b:a9:d9:a6:7c:74:60:9d:cc:09:03:43:f1:0f: + 90:d3:b7:fe:6c:9f:d9:cd:78:4b:15:ae:8c:5b:f9: + 99:81 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + X509v3 Subject Key Identifier: + 73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 + X509v3 Authority Key Identifier: + keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 + DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com + serial:63 + + X509v3 Key Usage: + Certificate Sign, CRL Sign + Authority Information Access: + OCSP - URI:http://localhost:22220 + + Signature Algorithm: sha256WithRSAEncryption + 99:fc:b4:e2:1b:08:32:4b:8e:b3:fa:b4:08:53:f6:55:36:01: + ec:25:89:80:64:60:31:3b:0c:a3:6f:be:73:f7:1a:12:d1:7e: + 3d:db:80:30:72:a8:26:63:35:80:81:b6:61:16:34:c0:fd:e6: + f3:dd:a5:4a:dc:7e:85:87:57:5d:48:8e:09:46:89:89:f8:66: + 56:b5:7d:57:8e:d2:b7:77:3a:b7:51:15:97:fa:e9:d7:72:a5: + e0:e6:51:9a:f3:d8:89:7d:2c:a5:bf:34:7b:d8:f4:2f:b5:4e: + 63:97:a7:5b:69:1a:e2:1c:d8:5f:ca:a8:61:79:dc:01:40:b7: + 43:09:a7:31:a2:dd:b2:c2:0d:98:06:41:c6:60:a7:25:21:cd: + 45:84:fb:34:c7:3b:74:ed:92:c9:d9:34:8e:dc:d5:43:9e:e4: + 60:ff:b1:d8:a0:5a:5d:7d:53:8e:62:e7:b3:8c:64:cf:42:0d: + c6:e5:13:20:20:be:4b:60:5f:6f:f3:15:5b:9c:82:62:03:9f: + 94:d4:b2:8b:86:af:ed:3b:8f:20:68:4d:14:78:23:37:d7:aa: + d9:5e:89:e5:80:7a:6b:a4:b8:63:6f:df:32:ad:cd:5e:5f:60: + f8:e4:fc:3a:ce:67:e7:7a:3b:68:36:98:15:4c:05:f0:53:e7: + d5:08:52:a3 +-----BEGIN CERTIFICATE----- +MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx +EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM +B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx +MjE0MjIyNTIzWhcNMTgwOTA5MjIyNTIzWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV +BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT +U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg +Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQCrLLQvHQYJ704phoR+zL+meXzwwMFkJYx1txAF +ykgnDA4yHLD+mYU5trmi9yf/bTyMFnMpIX+LplRxkK3MBbmfFccKP19p9ApfjHG1 +LL9m4gOaMvTS7CqJS/k1iBQzR04uBXkB7WQ2drn4hc0BiKzFsrFZuM1a9AkJOJva +Ws/OeJkfST1B1gZ8UpnIl9GzgDqiTzbExZYwdzE4yHDM4WcGsysvk7Vpz4N+iFOb +D0YhTNYFNkSZYGhH5TIBEtQQc66aNJT6brhYT3tbipKXrf2XuXXKwtRFfRdrzS/z +Y3oOMLULqdmmfHRgncwJA0PxD5DTt/5sn9nNeEsVroxb+ZmBAgMBAAGjggE5MIIB +NTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBRzsBykL4LLz0elONewBII6fnIVITCB +xAYDVR0jBIG8MIG5gBRzsBykL4LLz0elONewBII6fnIVIaGBnaSBmjCBlzELMAkG +A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx +EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD +DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j +b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW +aHR0cDovL2xvY2FsaG9zdDoyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAmfy04hsI +MkuOs/q0CFP2VTYB7CWJgGRgMTsMo2++c/caEtF+PduAMHKoJmM1gIG2YRY0wP3m +892lStx+hYdXXUiOCUaJifhmVrV9V47St3c6t1EVl/rp13Kl4OZRmvPYiX0spb80 +e9j0L7VOY5enW2ka4hzYX8qoYXncAUC3QwmnMaLdssINmAZBxmCnJSHNRYT7NMc7 +dO2Sydk0jtzVQ57kYP+x2KBaXX1TjmLns4xkz0INxuUTICC+S2Bfb/MVW5yCYgOf +lNSyi4av7TuPIGhNFHgjN9eq2V6J5YB6a6S4Y2/fMq3NXl9g+OT8Os5n53o7aDaY +FUwF8FPn1QhSow== -----END CERTIFICATE----- diff --git a/certs/ocsp/server3-cert.pem b/certs/ocsp/server3-cert.pem index b06624053..fe24c1698 100644 --- a/certs/ocsp/server3-cert.pem +++ b/certs/ocsp/server3-cert.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL REVOKED intermediate CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 7 22:42:30 2015 GMT - Not After : Sep 2 22:42:30 2018 GMT + Not Before: Dec 14 22:25:23 2015 GMT + Not After : Sep 9 22:25:23 2018 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=www3.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -47,27 +47,27 @@ Certificate: OCSP - URI:http://localhost:22222 Signature Algorithm: sha256WithRSAEncryption - 65:ef:ab:69:45:9f:a9:92:4d:2c:3c:83:11:ec:03:35:9f:f2: - 8d:53:b8:b0:19:7d:93:66:ca:c6:9b:a1:16:ac:9c:29:39:14: - 9f:1e:08:bd:c7:80:31:e0:f5:cc:a5:ff:0e:dc:82:bd:64:fa: - 45:eb:c3:b8:86:20:5e:e5:ab:9a:04:25:4e:57:d0:13:93:3d: - 8b:cd:77:d3:f3:26:29:e9:6a:84:30:27:e3:20:88:3c:dd:91: - b6:37:42:10:d1:70:49:2f:28:33:12:36:06:df:3a:41:22:d3: - a8:f1:91:08:7a:fd:f7:85:1e:0a:2f:70:90:14:d6:8f:95:d2: - 53:4f:cc:f6:ec:91:eb:3b:46:db:12:e3:21:e5:f2:b8:64:90: - cd:d0:54:35:49:d1:1d:07:24:1b:dc:03:d4:27:6e:11:2f:1a: - 60:ac:df:63:ea:90:cd:c0:f0:92:e3:90:49:13:8c:aa:2f:af: - a1:4d:e2:0c:10:26:2f:80:1e:99:2b:d8:b2:30:d2:e8:10:a6: - 8c:01:9b:10:df:b9:4b:25:23:ce:8e:e6:14:eb:dd:ed:8e:6a: - cf:3a:1b:7e:8c:f3:98:d7:7c:e6:d1:b3:b8:20:86:82:c8:b6: - cf:86:91:71:d0:88:24:2d:9a:c0:60:69:0b:8a:58:4a:d3:93: - 41:99:7a:77 + c6:3a:40:31:ac:3c:32:72:03:a9:35:86:b5:04:db:d9:39:e0: + 9a:96:54:d4:7f:b8:fe:49:2a:86:37:d8:30:a7:df:1f:08:c6: + 34:77:e3:95:6e:b8:5f:7a:2f:cd:71:04:55:e7:c1:a3:d5:14: + 93:13:b2:69:7c:6a:36:bc:09:15:f8:5a:ab:af:c8:d2:f6:ba: + ee:2b:6b:30:d4:a6:4a:48:08:f8:58:39:1b:6b:67:dd:4c:f9: + ee:9f:c7:cc:e7:19:68:b1:cb:d1:9d:7c:42:12:c5:25:ff:6d: + 81:24:cf:76:06:9c:a6:39:53:60:08:fe:d6:5b:ef:9e:2c:3d: + bf:23:1e:8b:db:0f:57:ae:c4:ee:af:b3:0a:54:86:ad:65:a4: + 6b:a2:c3:ec:34:0a:c3:75:a5:06:2e:67:1c:61:52:61:61:6c: + c4:86:15:71:ea:ac:e2:9f:b7:ae:65:59:89:ab:41:ec:4a:a1: + d8:17:d6:15:cc:98:d7:67:a2:0b:2f:2e:85:ce:e5:32:5a:e1: + c6:54:aa:37:31:ba:f8:31:16:bb:de:3a:d7:9d:9e:63:5d:69: + 25:9f:0e:5a:f3:9d:7f:86:0a:15:3e:64:04:8a:0c:f7:b7:e8: + ec:4f:9f:4e:25:ef:1e:44:a0:73:ca:2e:5b:c0:f1:38:c5:15: + 29:45:04:11 -----BEGIN CERTIFICATE----- MIIE9DCCA9ygAwIBAgIBBjANBgkqhkiG9w0BAQsFADCBpzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSgwJgYDVQQDDB93b2xmU1NM IFJFVk9LRUQgaW50ZXJtZWRpYXRlIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv -bGZzc2wuY29tMB4XDTE1MTIwNzIyNDIzMFoXDTE4MDkwMjIyNDIzMFowgZgxCzAJ +bGZzc2wuY29tMB4XDTE1MTIxNDIyMjUyM1oXDTE4MDkwOTIyMjUyM1owgZgxCzAJ BgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxl MRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEZMBcGA1UE AwwQd3d3My53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3Ns @@ -84,12 +84,12 @@ A1UEBwwHU2VhdHRsZTEQMA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5l ZXJpbmcxGDAWBgNVBAMMD3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQ aW5mb0B3b2xmc3NsLmNvbYIBAjALBgNVHQ8EBAMCBeAwMgYIKwYBBQUHAQEEJjAk MCIGCCsGAQUFBzABhhZodHRwOi8vbG9jYWxob3N0OjIyMjIyMA0GCSqGSIb3DQEB -CwUAA4IBAQBl76tpRZ+pkk0sPIMR7AM1n/KNU7iwGX2TZsrGm6EWrJwpORSfHgi9 -x4Ax4PXMpf8O3IK9ZPpF68O4hiBe5auaBCVOV9ATkz2LzXfT8yYp6WqEMCfjIIg8 -3ZG2N0IQ0XBJLygzEjYG3zpBItOo8ZEIev33hR4KL3CQFNaPldJTT8z27JHrO0bb -EuMh5fK4ZJDN0FQ1SdEdByQb3APUJ24RLxpgrN9j6pDNwPCS45BJE4yqL6+hTeIM -ECYvgB6ZK9iyMNLoEKaMAZsQ37lLJSPOjuYU693tjmrPOht+jPOY13zm0bO4IIaC -yLbPhpFx0IgkLZrAYGkLilhK05NBmXp3 +CwUAA4IBAQDGOkAxrDwycgOpNYa1BNvZOeCallTUf7j+SSqGN9gwp98fCMY0d+OV +brhfei/NcQRV58Gj1RSTE7JpfGo2vAkV+Fqrr8jS9rruK2sw1KZKSAj4WDkba2fd +TPnun8fM5xloscvRnXxCEsUl/22BJM92BpymOVNgCP7WW++eLD2/Ix6L2w9XrsTu +r7MKVIatZaRrosPsNArDdaUGLmccYVJhYWzEhhVx6qzin7euZVmJq0HsSqHYF9YV +zJjXZ6ILLy6FzuUyWuHGVKo3Mbr4MRa73jrXnZ5jXWklnw5a851/hgoVPmQEigz3 +t+jsT59OJe8eRKBzyi5bwPE4xRUpRQQR -----END CERTIFICATE----- Certificate: Data: @@ -98,8 +98,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 7 22:42:29 2015 GMT - Not After : Sep 2 22:42:29 2018 GMT + Not Before: Dec 14 22:25:23 2015 GMT + Not After : Sep 9 22:25:23 2018 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL REVOKED intermediate CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -132,33 +132,35 @@ Certificate: X509v3 Authority Key Identifier: keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com - serial:EF:57:D8:F5:69:38:95:25 + serial:63 + X509v3 Key Usage: + Certificate Sign, CRL Sign Authority Information Access: OCSP - URI:http://localhost:22220 Signature Algorithm: sha256WithRSAEncryption - 00:5e:fe:87:51:fc:e7:de:5c:e5:97:17:d2:af:6d:3b:65:29: - 27:3b:06:d7:55:5a:93:56:12:0f:8b:e7:57:69:dc:ae:ec:ec: - 2b:cd:cd:d0:15:c0:63:a3:5c:d9:6e:59:d2:88:b6:da:1c:ac: - b7:fe:46:2a:37:7b:5f:0b:30:80:7e:a5:46:8f:38:58:7e:df: - 8e:d0:f9:27:e6:e7:26:01:f8:04:5f:21:0d:7a:27:85:af:f8: - 41:15:aa:1d:73:3d:32:2a:a1:6b:f7:9e:36:3a:a3:26:dc:b8: - be:f2:61:ea:11:49:1c:43:68:5f:8c:a5:87:7b:71:a6:78:d0: - 1a:f1:f7:45:6c:59:eb:88:b5:ef:00:59:4f:71:48:00:73:11: - 2c:74:af:8d:1e:67:ee:cf:b3:9d:a4:64:ee:90:a7:f8:69:0a: - 8f:9b:74:89:68:c7:e4:1b:22:73:f1:23:94:c2:dd:4a:11:ee: - 9c:99:20:f7:e1:06:2a:ef:1b:1a:1c:10:f9:0b:0b:49:82:af: - 5f:38:75:0c:c3:a5:b8:9f:21:c5:61:eb:6d:6e:2d:d5:b5:89: - 19:28:ff:94:c1:55:eb:77:79:b5:57:e1:44:05:54:28:ca:66: - c5:4e:75:63:1b:b7:c4:57:fa:35:94:f7:82:3d:06:cc:f0:13: - bf:0e:23:70 + 85:95:3d:99:83:f5:4b:6f:b5:87:88:7a:2f:fe:02:c6:a5:2d: + 55:ff:e6:f3:72:c2:ed:2b:3f:cd:b5:59:5b:30:19:6e:5f:7b: + 2d:48:1e:d1:8e:65:04:86:0e:ef:01:50:ed:d7:ff:23:7e:2c: + 40:37:48:9d:aa:82:cb:82:c9:d7:f4:07:8b:73:6a:3a:fb:1b: + 2f:9d:e7:af:14:5f:2b:49:b2:87:3a:eb:c3:0f:f2:13:d7:49: + 6c:9a:d2:26:39:fa:f8:48:f4:9b:19:30:95:39:67:d8:63:37: + d6:b9:bf:fd:32:e1:fc:a9:2a:97:99:cb:cf:f6:fa:42:4b:ee: + 0e:87:92:16:dc:7e:70:dc:46:ee:8d:52:14:74:b5:6c:4b:9e: + e4:e7:b6:46:1c:82:2b:c5:4c:7d:84:f0:65:15:78:8c:2c:c7: + 7e:6d:db:8d:fc:64:4c:61:a0:b4:87:83:f6:04:59:71:43:8b: + 40:03:ad:e0:18:b9:94:0e:b9:05:22:6a:52:92:fe:48:04:cf: + a4:8c:ca:f6:f6:1c:29:c8:b0:83:a1:79:1a:9a:49:5a:73:c4: + 3d:16:4a:f7:c9:b5:dd:67:2b:bd:7c:11:ac:7f:74:8f:4b:dd: + ed:d3:ea:b8:6d:3a:3e:e7:ff:fc:d8:05:7b:47:49:c0:cc:6e: + 9a:71:23:96 -----BEGIN CERTIFICATE----- -MIIE8TCCA9mgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx +MIIE9jCCA96gAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx -MjA3MjI0MjI5WhcNMTgwOTAyMjI0MjI5WjCBpzELMAkGA1UEBhMCVVMxEzARBgNV +MjE0MjIyNTIzWhcNMTgwOTA5MjIyNTIzWjCBpzELMAkGA1UEBhMCVVMxEzARBgNV BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSgwJgYDVQQDDB93b2xmU1NMIFJFVk9L RUQgaW50ZXJtZWRpYXRlIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu @@ -168,17 +170,110 @@ SyjFU0YjK4L9WtP0IdsO4PJ2M0ezAL46sSOYU+vqoN4bzAVO7mOoLJMk1ph4dAPk yIlDYfEluM07h8ExJf26TPwplEWeaddnCoqO1VKTMKIO3WocsJR321JSt4khvpZ1 JMvpSd+BnZ34VX0BKut4AxLiIG7bYzXNoZbw+IwgNWmHAcq0VDagFeAjfbn7vpkF UPC/7H8S4T11FU7IwjDmi/7li1X4RF7l41bgZi1vQlpFa5aqx11BCF/O19yfIORG -eP/ZmQIDAQABo4IBNDCCATAwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUBdG6hgCi -7ioFJLcRrS1g8ZAUjxcwgcwGA1UdIwSBxDCBwYAUc7AcpC+Cy89HpTjXsASCOn5y +eP/ZmQIDAQABo4IBOTCCATUwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUBdG6hgCi +7ioFJLcRrS1g8ZAUjxcwgcQGA1UdIwSBvDCBuYAUc7AcpC+Cy89HpTjXsASCOn5y FSGhgZ2kgZowgZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAw DgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdp bmVlcmluZzEYMBYGA1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkB -FhBpbmZvQHdvbGZzc2wuY29tggkA71fY9Wk4lSUwMgYIKwYBBQUHAQEEJjAkMCIG -CCsGAQUFBzABhhZodHRwOi8vbG9jYWxob3N0OjIyMjIwMA0GCSqGSIb3DQEBCwUA -A4IBAQAAXv6HUfzn3lzllxfSr207ZSknOwbXVVqTVhIPi+dXadyu7Owrzc3QFcBj -o1zZblnSiLbaHKy3/kYqN3tfCzCAfqVGjzhYft+O0Pkn5ucmAfgEXyENeieFr/hB -Faodcz0yKqFr9542OqMm3Li+8mHqEUkcQ2hfjKWHe3GmeNAa8fdFbFnriLXvAFlP -cUgAcxEsdK+NHmfuz7OdpGTukKf4aQqPm3SJaMfkGyJz8SOUwt1KEe6cmSD34QYq -7xsaHBD5CwtJgq9fOHUMw6W4nyHFYettbi3VtYkZKP+UwVXrd3m1V+FEBVQoymbF -TnVjG7fEV/o1lPeCPQbM8BO/DiNw +FhBpbmZvQHdvbGZzc2wuY29tggFjMAsGA1UdDwQEAwIBBjAyBggrBgEFBQcBAQQm +MCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9sb2NhbGhvc3Q6MjIyMjAwDQYJKoZIhvcN +AQELBQADggEBAIWVPZmD9UtvtYeIei/+AsalLVX/5vNywu0rP821WVswGW5fey1I +HtGOZQSGDu8BUO3X/yN+LEA3SJ2qgsuCydf0B4tzajr7Gy+d568UXytJsoc668MP +8hPXSWya0iY5+vhI9JsZMJU5Z9hjN9a5v/0y4fypKpeZy8/2+kJL7g6HkhbcfnDc +Ru6NUhR0tWxLnuTntkYcgivFTH2E8GUVeIwsx35t2438ZExhoLSHg/YEWXFDi0AD +reAYuZQOuQUialKS/kgEz6SMyvb2HCnIsIOheRqaSVpzxD0WSvfJtd1nK718Eax/ +dI9L3e3T6rhtOj7n//zYBXtHScDMbppxI5Y= +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 99 (0x63) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com + Validity + Not Before: Dec 14 22:25:23 2015 GMT + Not After : Sep 9 22:25:23 2018 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ab:2c:b4:2f:1d:06:09:ef:4e:29:86:84:7e:cc: + bf:a6:79:7c:f0:c0:c1:64:25:8c:75:b7:10:05:ca: + 48:27:0c:0e:32:1c:b0:fe:99:85:39:b6:b9:a2:f7: + 27:ff:6d:3c:8c:16:73:29:21:7f:8b:a6:54:71:90: + ad:cc:05:b9:9f:15:c7:0a:3f:5f:69:f4:0a:5f:8c: + 71:b5:2c:bf:66:e2:03:9a:32:f4:d2:ec:2a:89:4b: + f9:35:88:14:33:47:4e:2e:05:79:01:ed:64:36:76: + b9:f8:85:cd:01:88:ac:c5:b2:b1:59:b8:cd:5a:f4: + 09:09:38:9b:da:5a:cf:ce:78:99:1f:49:3d:41:d6: + 06:7c:52:99:c8:97:d1:b3:80:3a:a2:4f:36:c4:c5: + 96:30:77:31:38:c8:70:cc:e1:67:06:b3:2b:2f:93: + b5:69:cf:83:7e:88:53:9b:0f:46:21:4c:d6:05:36: + 44:99:60:68:47:e5:32:01:12:d4:10:73:ae:9a:34: + 94:fa:6e:b8:58:4f:7b:5b:8a:92:97:ad:fd:97:b9: + 75:ca:c2:d4:45:7d:17:6b:cd:2f:f3:63:7a:0e:30: + b5:0b:a9:d9:a6:7c:74:60:9d:cc:09:03:43:f1:0f: + 90:d3:b7:fe:6c:9f:d9:cd:78:4b:15:ae:8c:5b:f9: + 99:81 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + X509v3 Subject Key Identifier: + 73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 + X509v3 Authority Key Identifier: + keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 + DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com + serial:63 + + X509v3 Key Usage: + Certificate Sign, CRL Sign + Authority Information Access: + OCSP - URI:http://localhost:22220 + + Signature Algorithm: sha256WithRSAEncryption + 99:fc:b4:e2:1b:08:32:4b:8e:b3:fa:b4:08:53:f6:55:36:01: + ec:25:89:80:64:60:31:3b:0c:a3:6f:be:73:f7:1a:12:d1:7e: + 3d:db:80:30:72:a8:26:63:35:80:81:b6:61:16:34:c0:fd:e6: + f3:dd:a5:4a:dc:7e:85:87:57:5d:48:8e:09:46:89:89:f8:66: + 56:b5:7d:57:8e:d2:b7:77:3a:b7:51:15:97:fa:e9:d7:72:a5: + e0:e6:51:9a:f3:d8:89:7d:2c:a5:bf:34:7b:d8:f4:2f:b5:4e: + 63:97:a7:5b:69:1a:e2:1c:d8:5f:ca:a8:61:79:dc:01:40:b7: + 43:09:a7:31:a2:dd:b2:c2:0d:98:06:41:c6:60:a7:25:21:cd: + 45:84:fb:34:c7:3b:74:ed:92:c9:d9:34:8e:dc:d5:43:9e:e4: + 60:ff:b1:d8:a0:5a:5d:7d:53:8e:62:e7:b3:8c:64:cf:42:0d: + c6:e5:13:20:20:be:4b:60:5f:6f:f3:15:5b:9c:82:62:03:9f: + 94:d4:b2:8b:86:af:ed:3b:8f:20:68:4d:14:78:23:37:d7:aa: + d9:5e:89:e5:80:7a:6b:a4:b8:63:6f:df:32:ad:cd:5e:5f:60: + f8:e4:fc:3a:ce:67:e7:7a:3b:68:36:98:15:4c:05:f0:53:e7: + d5:08:52:a3 +-----BEGIN CERTIFICATE----- +MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx +EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM +B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx +MjE0MjIyNTIzWhcNMTgwOTA5MjIyNTIzWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV +BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT +U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg +Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQCrLLQvHQYJ704phoR+zL+meXzwwMFkJYx1txAF +ykgnDA4yHLD+mYU5trmi9yf/bTyMFnMpIX+LplRxkK3MBbmfFccKP19p9ApfjHG1 +LL9m4gOaMvTS7CqJS/k1iBQzR04uBXkB7WQ2drn4hc0BiKzFsrFZuM1a9AkJOJva +Ws/OeJkfST1B1gZ8UpnIl9GzgDqiTzbExZYwdzE4yHDM4WcGsysvk7Vpz4N+iFOb +D0YhTNYFNkSZYGhH5TIBEtQQc66aNJT6brhYT3tbipKXrf2XuXXKwtRFfRdrzS/z +Y3oOMLULqdmmfHRgncwJA0PxD5DTt/5sn9nNeEsVroxb+ZmBAgMBAAGjggE5MIIB +NTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBRzsBykL4LLz0elONewBII6fnIVITCB +xAYDVR0jBIG8MIG5gBRzsBykL4LLz0elONewBII6fnIVIaGBnaSBmjCBlzELMAkG +A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx +EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD +DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j +b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW +aHR0cDovL2xvY2FsaG9zdDoyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAmfy04hsI +MkuOs/q0CFP2VTYB7CWJgGRgMTsMo2++c/caEtF+PduAMHKoJmM1gIG2YRY0wP3m +892lStx+hYdXXUiOCUaJifhmVrV9V47St3c6t1EVl/rp13Kl4OZRmvPYiX0spb80 +e9j0L7VOY5enW2ka4hzYX8qoYXncAUC3QwmnMaLdssINmAZBxmCnJSHNRYT7NMc7 +dO2Sydk0jtzVQ57kYP+x2KBaXX1TjmLns4xkz0INxuUTICC+S2Bfb/MVW5yCYgOf +lNSyi4av7TuPIGhNFHgjN9eq2V6J5YB6a6S4Y2/fMq3NXl9g+OT8Os5n53o7aDaY +FUwF8FPn1QhSow== -----END CERTIFICATE----- diff --git a/examples/server/server.c b/examples/server/server.c index b413b81b0..5949da937 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -598,7 +598,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) if (!usePsk && !useAnon) { - if (SSL_CTX_use_certificate_file(ctx, ourCert, SSL_FILETYPE_PEM) + if (SSL_CTX_use_certificate_chain_file(ctx, ourCert) != SSL_SUCCESS) err_sys("can't load server cert file, check file and run from" " wolfSSL home dir"); diff --git a/scripts/ocsp-stapling2.test b/scripts/ocsp-stapling2.test index eb300a625..d4ce3ec7e 100755 --- a/scripts/ocsp-stapling2.test +++ b/scripts/ocsp-stapling2.test @@ -12,6 +12,12 @@ trap 'for i in `jobs -p`; do pkill -TERM -P $i; kill $i; done' EXIT ./certs/ocsp/ocspd2.sh & # client test against our own server - GOOD CERTS +./examples/server/server -c certs/ocsp/server1-cert.pem -k certs/ocsp/server1-key.pem & +sleep 1 +./examples/client/client -A certs/ocsp/intermediate1-ca-cert.pem -W 1 +RESULT=$? +[ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1 + ./examples/server/server -c certs/ocsp/server1-cert.pem -k certs/ocsp/server1-key.pem & sleep 1 ./examples/client/client -A certs/ocsp/intermediate1-ca-cert.pem -W 2 @@ -19,6 +25,12 @@ RESULT=$? [ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1 # client test against our own server - REVOKED SERVER CERT +./examples/server/server -c certs/ocsp/server2-cert.pem -k certs/ocsp/server2-key.pem & +sleep 1 +./examples/client/client -A certs/ocsp/intermediate1-ca-cert.pem -W 1 +RESULT=$? +[ $RESULT -ne 1 ] && echo -e "\n\nClient connection failed $RESULT" && exit 1 + ./examples/server/server -c certs/ocsp/server2-cert.pem -k certs/ocsp/server2-key.pem & sleep 1 ./examples/client/client -A certs/ocsp/intermediate1-ca-cert.pem -W 2 @@ -28,8 +40,14 @@ RESULT=$? # client test against our own server - REVOKED INTERMEDIATE CERT ./examples/server/server -c certs/ocsp/server3-cert.pem -k certs/ocsp/server3-key.pem & sleep 1 -./examples/client/client -A certs/ocsp/intermediate2-ca-cert.pem -W 2 +./examples/client/client -A certs/ocsp/intermediate2-ca-cert.pem -W 1 RESULT=$? [ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed $RESULT" && exit 1 +./examples/server/server -c certs/ocsp/server3-cert.pem -k certs/ocsp/server3-key.pem & +sleep 1 +./examples/client/client -A certs/ocsp/intermediate2-ca-cert.pem -W 2 +RESULT=$? +[ $RESULT -ne 1 ] && echo -e "\n\nClient connection failed $RESULT" && exit 1 + exit 0 diff --git a/src/internal.c b/src/internal.c index 6d10a972b..d2fc96ef6 100644 --- a/src/internal.c +++ b/src/internal.c @@ -4397,7 +4397,7 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx, #ifdef HAVE_OCSP #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 if (ssl->status_request_v2) - ret = TLSX_CSR2_InitRequests(ssl->extensions, dCert); + ret = TLSX_CSR2_InitRequests(ssl->extensions, dCert, 0); else /* skips OCSP and force CRL check */ #endif if (ssl->ctx->cm->ocspEnabled && ssl->ctx->cm->ocspCheckAll) { @@ -4500,7 +4500,7 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx, #endif #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 if (ssl->status_request_v2) { - fatal = TLSX_CSR2_InitRequests(ssl->extensions, dCert); + fatal = TLSX_CSR2_InitRequests(ssl->extensions, dCert, 1); doLookup = 0; } #endif @@ -5003,7 +5003,7 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx, ret = BAD_CERTIFICATE_STATUS_ERROR; else if (CompareOcspReqResp(request, response) == 0) break; - else if (index == 1) + else if (index == 1) /* server cert must be OK */ ret = BAD_CERTIFICATE_STATUS_ERROR; } diff --git a/src/tls.c b/src/tls.c index 49bb8c4f9..86c364e46 100644 --- a/src/tls.c +++ b/src/tls.c @@ -2449,7 +2449,7 @@ static int TLSX_CSR2_Parse(WOLFSSL* ssl, byte* input, word16 length, return 0; } -int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert) +int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert, byte isPeer) { TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST_V2); CertificateStatusRequestItemV2* csr2 = extension ? extension->data : NULL; @@ -2458,7 +2458,7 @@ int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert) for (; csr2; csr2 = csr2->next) { switch (csr2->status_type) { case WOLFSSL_CSR2_OCSP: - if (csr2->requests != 0) + if (!isPeer || csr2->requests != 0) break; /* followed by */ @@ -2501,8 +2501,10 @@ void* TLSX_CSR2_GetRequest(TLSX* extensions, byte status_type, byte index) /* followed by */ case WOLFSSL_CSR2_OCSP_MULTI: - return index < csr2->requests ? &csr2->request.ocsp[index] - : NULL; + /* requests are initialized in the reverse order */ + return index < csr2->requests + ? &csr2->request.ocsp[csr2->requests - index - 1] + : NULL; break; } } diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 87d5247bc..c75b1af3c 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -1612,7 +1612,7 @@ typedef struct CSRIv2 { WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequestV2(TLSX** extensions, byte status_type, byte options); -WOLFSSL_LOCAL int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert); +WOLFSSL_LOCAL int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert, byte isPeer); WOLFSSL_LOCAL void* TLSX_CSR2_GetRequest(TLSX* extensions, byte status_type, byte index); WOLFSSL_LOCAL int TLSX_CSR2_ForceRequest(WOLFSSL* ssl); From a15c00321141bd9a79a14b0c633a1dca1e2aecf9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Mon, 14 Dec 2015 22:53:04 -0300 Subject: [PATCH 19/22] adds extra certs for ocspstapling tests; --- certs/ocsp/index0.txt | 5 +- certs/ocsp/index1.txt | 4 +- certs/ocsp/index2.txt | 3 +- certs/ocsp/index3.txt | 1 + certs/ocsp/intermediate1-ca-cert.pem | 132 ++++++------- certs/ocsp/intermediate2-ca-cert.pem | 132 ++++++------- certs/ocsp/intermediate3-ca-cert.pem | 186 ++++++++++++++++++ certs/ocsp/intermediate3-ca-key.pem | 28 +++ certs/ocsp/ocsp-responder-cert.pem | 102 +++++----- certs/ocsp/ocspd0.sh | 2 +- certs/ocsp/ocspd1.sh | 2 +- certs/ocsp/ocspd2.sh | 2 +- certs/ocsp/ocspd3.sh | 8 + certs/ocsp/openssl.cnf | 8 + certs/ocsp/renewcerts.sh | 17 +- certs/ocsp/root-ca-cert.pem | 50 ++--- certs/ocsp/server1-cert.pem | 222 ++++++++++----------- certs/ocsp/server2-cert.pem | 222 ++++++++++----------- certs/ocsp/server3-cert.pem | 222 ++++++++++----------- certs/ocsp/server4-cert.pem | 279 +++++++++++++++++++++++++++ certs/ocsp/server4-key.pem | 28 +++ certs/ocsp/server5-cert.pem | 279 +++++++++++++++++++++++++++ certs/ocsp/server5-key.pem | 28 +++ examples/server/server.c | 2 + scripts/include.am | 6 + scripts/ocsp-stapling.test | 8 +- scripts/ocsp-stapling2.test | 34 ++-- 27 files changed, 1438 insertions(+), 574 deletions(-) create mode 100644 certs/ocsp/index3.txt create mode 100644 certs/ocsp/intermediate3-ca-cert.pem create mode 100644 certs/ocsp/intermediate3-ca-key.pem create mode 100755 certs/ocsp/ocspd3.sh create mode 100644 certs/ocsp/server4-cert.pem create mode 100644 certs/ocsp/server4-key.pem create mode 100644 certs/ocsp/server5-cert.pem create mode 100644 certs/ocsp/server5-key.pem diff --git a/certs/ocsp/index0.txt b/certs/ocsp/index0.txt index ba666d9db..256b8ab58 100644 --- a/certs/ocsp/index0.txt +++ b/certs/ocsp/index0.txt @@ -1,3 +1,4 @@ V 161213070133Z 63 unknown /C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com -V 161213070133Z 01 unknown /C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL intermediate CA/emailAddress=info@wolfssl.com -R 161213070133Z 151201070133Z 02 unknown /C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL REVOKED intermediate CA/emailAddress=info@wolfssl.com +V 161213070133Z 01 unknown /C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL intermediate CA 1/emailAddress=info@wolfssl.com +V 161213070133Z 02 unknown /C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL intermediate CA 2/emailAddress=info@wolfssl.com +R 161213070133Z 151201070133Z 03 unknown /C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL REVOKED intermediate CA/emailAddress=info@wolfssl.com diff --git a/certs/ocsp/index1.txt b/certs/ocsp/index1.txt index fc223eedc..a49ec58a3 100644 --- a/certs/ocsp/index1.txt +++ b/certs/ocsp/index1.txt @@ -1,2 +1,2 @@ -V 161213070133Z 04 unknown /C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=www1.wolfssl.com/emailAddress=info@wolfssl.com -R 161213070133Z 151201070133Z 05 unknown /C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=www2.wolfssl.com/emailAddress=info@wolfssl.com +V 161213070133Z 05 unknown /C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=www1.wolfssl.com/emailAddress=info@wolfssl.com +R 161213070133Z 151201070133Z 06 unknown /C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=www2.wolfssl.com/emailAddress=info@wolfssl.com diff --git a/certs/ocsp/index2.txt b/certs/ocsp/index2.txt index 3edb677b5..0a163f7b6 100644 --- a/certs/ocsp/index2.txt +++ b/certs/ocsp/index2.txt @@ -1 +1,2 @@ -V 161213070133Z 06 unknown /C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=www3.wolfssl.com/emailAddress=info@wolfssl.com +V 161213070133Z 07 unknown /C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=www3.wolfssl.com/emailAddress=info@wolfssl.com +R 161213070133Z 151201070133Z 08 unknown /C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=www4.wolfssl.com/emailAddress=info@wolfssl.com diff --git a/certs/ocsp/index3.txt b/certs/ocsp/index3.txt new file mode 100644 index 000000000..eb6d3c048 --- /dev/null +++ b/certs/ocsp/index3.txt @@ -0,0 +1 @@ +V 161213070133Z 09 unknown /C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=www5.wolfssl.com/emailAddress=info@wolfssl.com diff --git a/certs/ocsp/intermediate1-ca-cert.pem b/certs/ocsp/intermediate1-ca-cert.pem index d3a498adf..05e15e413 100644 --- a/certs/ocsp/intermediate1-ca-cert.pem +++ b/certs/ocsp/intermediate1-ca-cert.pem @@ -5,9 +5,9 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 14 22:25:23 2015 GMT - Not After : Sep 9 22:25:23 2018 GMT - Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL intermediate CA/emailAddress=info@wolfssl.com + Not Before: Dec 15 01:27:23 2015 GMT + Not After : Sep 10 01:27:23 2018 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL intermediate CA 1/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) @@ -47,49 +47,49 @@ Certificate: OCSP - URI:http://localhost:22220 Signature Algorithm: sha256WithRSAEncryption - 1b:83:ce:ad:1e:50:0f:3c:f0:26:17:23:c1:d5:98:88:c8:bc: - 30:5b:bb:01:bd:9b:cc:b3:45:0b:a3:7b:30:0a:54:3f:c7:36: - 16:4b:8b:cb:dd:d1:b3:7b:00:40:48:24:cb:46:3b:e7:e0:5c: - 7b:ec:ca:f8:e0:e5:34:5d:ae:e7:ac:87:15:cd:6c:7e:13:52: - 28:84:55:2b:2a:14:d9:fa:34:ce:fb:15:6c:10:47:c9:e6:ed: - 35:5b:4c:97:9c:dd:51:46:ac:2c:60:b7:2e:9d:2f:cb:0d:83: - 86:f0:a6:1b:6d:26:cb:7f:c4:97:51:6c:a1:a3:8d:6e:be:41: - 4a:ec:b0:cf:b4:ae:ad:e4:65:57:12:5d:bf:a0:78:ce:bf:4b: - 35:fe:bb:94:7a:f1:43:7d:0f:01:45:eb:d1:53:8b:19:db:bf: - 3e:4a:26:77:a1:b5:06:2a:64:ec:53:ca:ec:93:23:a2:4e:6a: - 82:8f:11:f4:cd:5f:6c:6e:22:cd:e1:1c:76:ce:49:f7:ca:43: - 65:aa:f5:9e:e7:ad:eb:99:4f:ff:db:fe:b8:91:ef:2c:ea:92: - 5f:bf:08:78:c1:90:22:37:f3:7e:c3:5b:fc:31:f0:5b:83:65: - 00:d6:5a:55:3a:a2:a8:3f:02:e5:ae:7a:37:7b:3c:39:e7:91: - 4a:2e:53:04 + 1e:07:eb:03:66:a7:54:e8:c5:e1:fe:c9:08:58:91:d8:1b:d6: + c8:69:a5:65:03:a3:1a:f4:eb:9d:cd:4a:c1:9d:cd:ac:39:0b: + 49:09:e7:9c:0f:12:cb:3f:29:e1:9c:d1:f4:68:14:02:2e:d3: + fe:3d:63:3c:26:80:38:91:03:c3:52:52:9e:66:4d:59:d1:80: + 97:eb:91:99:5f:e7:d5:8e:e7:c4:c0:d3:f3:12:2e:c9:05:3a: + 54:ed:38:f3:6f:f3:ae:74:18:47:b5:25:c6:e3:44:8c:27:bd: + 3f:bc:e3:f1:0e:e4:50:ff:4c:ec:30:d6:0d:9f:8f:d0:f6:be: + 43:73:94:8f:48:97:38:7c:e8:8a:53:fd:02:4e:0f:2c:14:53: + f4:4c:80:8a:09:b2:b8:a8:0e:11:75:a6:15:6a:5f:c8:06:7b: + ff:a3:76:d0:e8:70:0a:e0:b1:6d:88:54:06:c2:04:f9:81:b0: + 77:af:a4:80:1b:88:64:5e:db:ff:36:dc:e8:d2:7b:4e:55:40: + 3c:f7:cd:33:f9:66:59:2e:9c:18:c7:50:e6:b5:b9:c1:94:3b: + 78:46:05:a6:24:41:2a:28:b5:e8:92:d0:0d:47:18:e8:cc:6e: + e8:11:d2:2a:94:47:75:b5:80:f2:e8:83:34:cc:7f:22:8a:9e: + 49:be:30:c1 -----BEGIN CERTIFICATE----- -MIIE7jCCA9agAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx +MIIE8DCCA9igAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx -MjE0MjIyNTIzWhcNMTgwOTA5MjIyNTIzWjCBnzELMAkGA1UEBhMCVVMxEzARBgNV +MjE1MDEyNzIzWhcNMTgwOTEwMDEyNzIzWjCBoTELMAkGA1UEBhMCVVMxEzARBgNV BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT -U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSAwHgYDVQQDDBd3b2xmU1NMIGludGVy -bWVkaWF0ZSBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN60yFx34C2x9bmtFkc1oDVlZcbh -QKsetLkTt8uMu3eldtpth4f2Sk0T5CY+J4fuW8dqP0UwYVVc9jXRZfqYEaOnVdW+ -kYJL/L6Q1lBTY5osIuE1Edx4ApeK5EaSnFMIdt4fU7a4ync+eW680OMNMFtM9pQN -MClknwTl2/uJYGe7ryaDUXckLysLoZSBEJjo6yaoHnzkxGxnBpVVSt1S9PJgbQEr -GZE1baQIRwZxJADZ3sZW84tTLOKalqXzYuXE4yPy0vwh6g9ido3VmUjO3FjEu3/a -lCyAdIPF4LAVfkH9DvL08Hh2e60mDapIlhcvIeOVKyY3+aqAL/7e9l68l38CAwEA -AaOCATkwggE1MAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFIPGOoksgfQC151M4irA -cYJkRNoOMIHEBgNVHSMEgbwwgbmAFHOwHKQvgsvPR6U417AEgjp+chUhoYGdpIGa -MIGXMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwH -U2VhdHRsZTEQMA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcx -GDAWBgNVBAMMD3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3 -b2xmc3NsLmNvbYIBYzALBgNVHQ8EBAMCAQYwMgYIKwYBBQUHAQEEJjAkMCIGCCsG -AQUFBzABhhZodHRwOi8vbG9jYWxob3N0OjIyMjIwMA0GCSqGSIb3DQEBCwUAA4IB -AQAbg86tHlAPPPAmFyPB1ZiIyLwwW7sBvZvMs0ULo3swClQ/xzYWS4vL3dGzewBA -SCTLRjvn4Fx77Mr44OU0Xa7nrIcVzWx+E1IohFUrKhTZ+jTO+xVsEEfJ5u01W0yX -nN1RRqwsYLcunS/LDYOG8KYbbSbLf8SXUWyho41uvkFK7LDPtK6t5GVXEl2/oHjO -v0s1/ruUevFDfQ8BRevRU4sZ278+SiZ3obUGKmTsU8rskyOiTmqCjxH0zV9sbiLN -4Rx2zkn3ykNlqvWe563rmU//2/64ke8s6pJfvwh4wZAiN/N+w1v8MfBbg2UA1lpV -OqKoPwLlrno3ezw555FKLlME +U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NMIGludGVy +bWVkaWF0ZSBDQSAxMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3rTIXHfgLbH1ua0WRzWgNWVl +xuFAqx60uRO3y4y7d6V22m2Hh/ZKTRPkJj4nh+5bx2o/RTBhVVz2NdFl+pgRo6dV +1b6Rgkv8vpDWUFNjmiwi4TUR3HgCl4rkRpKcUwh23h9TtrjKdz55brzQ4w0wW0z2 +lA0wKWSfBOXb+4lgZ7uvJoNRdyQvKwuhlIEQmOjrJqgefOTEbGcGlVVK3VL08mBt +ASsZkTVtpAhHBnEkANnexlbzi1Ms4pqWpfNi5cTjI/LS/CHqD2J2jdWZSM7cWMS7 +f9qULIB0g8XgsBV+Qf0O8vTweHZ7rSYNqkiWFy8h45UrJjf5qoAv/t72XryXfwID +AQABo4IBOTCCATUwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUg8Y6iSyB9ALXnUzi +KsBxgmRE2g4wgcQGA1UdIwSBvDCBuYAUc7AcpC+Cy89HpTjXsASCOn5yFSGhgZ2k +gZowgZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQH +DAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmlu +ZzEYMBYGA1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkBFhBpbmZv +QHdvbGZzc2wuY29tggFjMAsGA1UdDwQEAwIBBjAyBggrBgEFBQcBAQQmMCQwIgYI +KwYBBQUHMAGGFmh0dHA6Ly9sb2NhbGhvc3Q6MjIyMjAwDQYJKoZIhvcNAQELBQAD +ggEBAB4H6wNmp1ToxeH+yQhYkdgb1shppWUDoxr0653NSsGdzaw5C0kJ55wPEss/ +KeGc0fRoFAIu0/49YzwmgDiRA8NSUp5mTVnRgJfrkZlf59WO58TA0/MSLskFOlTt +OPNv8650GEe1JcbjRIwnvT+84/EO5FD/TOww1g2fj9D2vkNzlI9Ilzh86IpT/QJO +DywUU/RMgIoJsrioDhF1phVqX8gGe/+jdtDocArgsW2IVAbCBPmBsHevpIAbiGRe +2/823OjSe05VQDz3zTP5ZlkunBjHUOa1ucGUO3hGBaYkQSooteiS0A1HGOjMbugR +0iqUR3W1gPLogzTMfyKKnkm+MME= -----END CERTIFICATE----- Certificate: Data: @@ -98,8 +98,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 14 22:25:23 2015 GMT - Not After : Sep 9 22:25:23 2018 GMT + Not Before: Dec 15 01:27:23 2015 GMT + Not After : Sep 10 01:27:23 2018 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -140,27 +140,27 @@ Certificate: OCSP - URI:http://localhost:22220 Signature Algorithm: sha256WithRSAEncryption - 99:fc:b4:e2:1b:08:32:4b:8e:b3:fa:b4:08:53:f6:55:36:01: - ec:25:89:80:64:60:31:3b:0c:a3:6f:be:73:f7:1a:12:d1:7e: - 3d:db:80:30:72:a8:26:63:35:80:81:b6:61:16:34:c0:fd:e6: - f3:dd:a5:4a:dc:7e:85:87:57:5d:48:8e:09:46:89:89:f8:66: - 56:b5:7d:57:8e:d2:b7:77:3a:b7:51:15:97:fa:e9:d7:72:a5: - e0:e6:51:9a:f3:d8:89:7d:2c:a5:bf:34:7b:d8:f4:2f:b5:4e: - 63:97:a7:5b:69:1a:e2:1c:d8:5f:ca:a8:61:79:dc:01:40:b7: - 43:09:a7:31:a2:dd:b2:c2:0d:98:06:41:c6:60:a7:25:21:cd: - 45:84:fb:34:c7:3b:74:ed:92:c9:d9:34:8e:dc:d5:43:9e:e4: - 60:ff:b1:d8:a0:5a:5d:7d:53:8e:62:e7:b3:8c:64:cf:42:0d: - c6:e5:13:20:20:be:4b:60:5f:6f:f3:15:5b:9c:82:62:03:9f: - 94:d4:b2:8b:86:af:ed:3b:8f:20:68:4d:14:78:23:37:d7:aa: - d9:5e:89:e5:80:7a:6b:a4:b8:63:6f:df:32:ad:cd:5e:5f:60: - f8:e4:fc:3a:ce:67:e7:7a:3b:68:36:98:15:4c:05:f0:53:e7: - d5:08:52:a3 + 5a:9d:7f:40:a7:10:51:e5:d7:b3:23:dd:e7:25:c2:bc:00:5a: + d0:6e:cf:26:bb:c1:1d:38:89:ac:3c:0c:37:60:6c:aa:8a:54: + 6b:a4:44:79:d5:49:f5:13:ed:bc:00:4c:dd:ed:eb:2e:64:44: + 9c:4c:96:8a:6a:e6:f6:4d:0a:63:f0:f5:18:e3:5e:72:fc:5a: + 3f:1b:4c:27:eb:6e:57:9d:d5:8e:3d:ee:28:3f:1b:7b:e0:25: + b9:0c:95:21:cd:bd:12:8f:4a:c4:b2:cc:80:da:b5:59:49:4d: + 32:d5:96:90:a0:ec:47:8c:15:0b:de:2a:22:be:d6:d4:d7:09: + d1:85:48:4f:33:92:04:30:d1:d5:14:cb:bd:ab:96:06:93:18: + 62:ed:8f:29:f8:b6:66:06:a7:f1:3a:ae:15:62:36:90:89:de: + 41:41:f2:44:35:ea:4c:7b:fc:0b:6f:08:46:09:de:35:5f:e3: + e6:f3:5a:08:70:a4:28:df:a6:c7:17:d1:c3:ec:70:09:c2:06: + c7:12:29:b9:d6:d6:26:7d:2c:df:86:c7:4d:0a:c6:98:2b:61: + 14:b3:b3:29:8e:c1:85:18:db:fd:54:9d:fe:99:a9:90:d1:c6: + 08:2b:4f:6c:16:47:d9:16:fc:7b:0c:84:a7:15:b0:78:41:48: + 87:f5:98:78 -----BEGIN CERTIFICATE----- MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx -MjE0MjIyNTIzWhcNMTgwOTA5MjIyNTIzWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV +MjE1MDEyNzIzWhcNMTgwOTEwMDEyNzIzWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 @@ -176,11 +176,11 @@ A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW -aHR0cDovL2xvY2FsaG9zdDoyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAmfy04hsI -MkuOs/q0CFP2VTYB7CWJgGRgMTsMo2++c/caEtF+PduAMHKoJmM1gIG2YRY0wP3m -892lStx+hYdXXUiOCUaJifhmVrV9V47St3c6t1EVl/rp13Kl4OZRmvPYiX0spb80 -e9j0L7VOY5enW2ka4hzYX8qoYXncAUC3QwmnMaLdssINmAZBxmCnJSHNRYT7NMc7 -dO2Sydk0jtzVQ57kYP+x2KBaXX1TjmLns4xkz0INxuUTICC+S2Bfb/MVW5yCYgOf -lNSyi4av7TuPIGhNFHgjN9eq2V6J5YB6a6S4Y2/fMq3NXl9g+OT8Os5n53o7aDaY -FUwF8FPn1QhSow== +aHR0cDovL2xvY2FsaG9zdDoyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAWp1/QKcQ +UeXXsyPd5yXCvABa0G7PJrvBHTiJrDwMN2BsqopUa6REedVJ9RPtvABM3e3rLmRE +nEyWimrm9k0KY/D1GONecvxaPxtMJ+tuV53Vjj3uKD8be+AluQyVIc29Eo9KxLLM +gNq1WUlNMtWWkKDsR4wVC94qIr7W1NcJ0YVITzOSBDDR1RTLvauWBpMYYu2PKfi2 +Zgan8TquFWI2kIneQUHyRDXqTHv8C28IRgneNV/j5vNaCHCkKN+mxxfRw+xwCcIG +xxIpudbWJn0s34bHTQrGmCthFLOzKY7BhRjb/VSd/pmpkNHGCCtPbBZH2Rb8ewyE +pxWweEFIh/WYeA== -----END CERTIFICATE----- diff --git a/certs/ocsp/intermediate2-ca-cert.pem b/certs/ocsp/intermediate2-ca-cert.pem index 886f251e5..a045d6776 100644 --- a/certs/ocsp/intermediate2-ca-cert.pem +++ b/certs/ocsp/intermediate2-ca-cert.pem @@ -5,9 +5,9 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 14 22:25:23 2015 GMT - Not After : Sep 9 22:25:23 2018 GMT - Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL REVOKED intermediate CA/emailAddress=info@wolfssl.com + Not Before: Dec 15 01:27:23 2015 GMT + Not After : Sep 10 01:27:23 2018 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL intermediate CA 2/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) @@ -47,49 +47,49 @@ Certificate: OCSP - URI:http://localhost:22220 Signature Algorithm: sha256WithRSAEncryption - 85:95:3d:99:83:f5:4b:6f:b5:87:88:7a:2f:fe:02:c6:a5:2d: - 55:ff:e6:f3:72:c2:ed:2b:3f:cd:b5:59:5b:30:19:6e:5f:7b: - 2d:48:1e:d1:8e:65:04:86:0e:ef:01:50:ed:d7:ff:23:7e:2c: - 40:37:48:9d:aa:82:cb:82:c9:d7:f4:07:8b:73:6a:3a:fb:1b: - 2f:9d:e7:af:14:5f:2b:49:b2:87:3a:eb:c3:0f:f2:13:d7:49: - 6c:9a:d2:26:39:fa:f8:48:f4:9b:19:30:95:39:67:d8:63:37: - d6:b9:bf:fd:32:e1:fc:a9:2a:97:99:cb:cf:f6:fa:42:4b:ee: - 0e:87:92:16:dc:7e:70:dc:46:ee:8d:52:14:74:b5:6c:4b:9e: - e4:e7:b6:46:1c:82:2b:c5:4c:7d:84:f0:65:15:78:8c:2c:c7: - 7e:6d:db:8d:fc:64:4c:61:a0:b4:87:83:f6:04:59:71:43:8b: - 40:03:ad:e0:18:b9:94:0e:b9:05:22:6a:52:92:fe:48:04:cf: - a4:8c:ca:f6:f6:1c:29:c8:b0:83:a1:79:1a:9a:49:5a:73:c4: - 3d:16:4a:f7:c9:b5:dd:67:2b:bd:7c:11:ac:7f:74:8f:4b:dd: - ed:d3:ea:b8:6d:3a:3e:e7:ff:fc:d8:05:7b:47:49:c0:cc:6e: - 9a:71:23:96 + 6a:f5:af:1f:f7:43:ef:10:74:6d:1f:e5:2e:72:5f:d1:84:40: + c8:60:79:b7:66:2e:46:39:bf:95:ca:fe:83:0a:8a:f4:52:6e: + d2:d3:a5:54:7b:0c:29:35:a0:75:7a:e5:35:5d:99:0a:d9:13: + ca:80:46:a0:a2:6d:d5:c4:ff:0c:d5:da:ec:54:86:df:ce:a7: + 92:1a:c7:f6:12:74:04:74:9f:06:39:82:b1:1e:af:47:de:b5: + b7:21:c1:3b:22:27:e3:d0:3f:70:d3:27:1c:63:e0:01:12:80: + 20:e7:ac:6c:f0:8f:7a:72:54:8a:21:2d:0e:17:6c:9d:01:fd: + 42:96:e1:7a:d5:43:d5:65:9b:0b:7c:dd:b6:90:da:cc:3c:d7: + 7a:d3:e2:63:07:e3:96:a7:96:84:d6:0c:9e:31:e0:72:cd:91: + 54:cf:16:38:af:c8:23:04:ce:98:2c:61:11:28:70:d7:34:69: + 55:b7:e0:5b:87:a6:c4:a4:c5:bf:8f:e0:04:5d:e4:14:22:04: + 21:a1:9b:01:19:50:29:03:9d:81:be:e4:ba:4d:68:1c:2f:e4: + e6:05:02:c2:e7:b4:ef:45:be:80:dc:a3:86:58:cf:02:cf:6a: + 69:8d:2b:69:69:cd:81:27:63:e8:2d:55:2a:00:de:0b:15:2c: + 53:95:72:29 -----BEGIN CERTIFICATE----- -MIIE9jCCA96gAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx +MIIE8DCCA9igAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx -MjE0MjIyNTIzWhcNMTgwOTA5MjIyNTIzWjCBpzELMAkGA1UEBhMCVVMxEzARBgNV +MjE1MDEyNzIzWhcNMTgwOTEwMDEyNzIzWjCBoTELMAkGA1UEBhMCVVMxEzARBgNV BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT -U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSgwJgYDVQQDDB93b2xmU1NMIFJFVk9L -RUQgaW50ZXJtZWRpYXRlIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu -Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0CA8NRlvLES0fkLH -dbRqK6kjhb+HtO7K10sfMdcRAqGrWD373FHKOh0flaZWgveP/2tQu+oQ4UcdNXcu -SyjFU0YjK4L9WtP0IdsO4PJ2M0ezAL46sSOYU+vqoN4bzAVO7mOoLJMk1ph4dAPk -yIlDYfEluM07h8ExJf26TPwplEWeaddnCoqO1VKTMKIO3WocsJR321JSt4khvpZ1 -JMvpSd+BnZ34VX0BKut4AxLiIG7bYzXNoZbw+IwgNWmHAcq0VDagFeAjfbn7vpkF -UPC/7H8S4T11FU7IwjDmi/7li1X4RF7l41bgZi1vQlpFa5aqx11BCF/O19yfIORG -eP/ZmQIDAQABo4IBOTCCATUwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUBdG6hgCi -7ioFJLcRrS1g8ZAUjxcwgcQGA1UdIwSBvDCBuYAUc7AcpC+Cy89HpTjXsASCOn5y -FSGhgZ2kgZowgZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAw -DgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdp -bmVlcmluZzEYMBYGA1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkB -FhBpbmZvQHdvbGZzc2wuY29tggFjMAsGA1UdDwQEAwIBBjAyBggrBgEFBQcBAQQm -MCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9sb2NhbGhvc3Q6MjIyMjAwDQYJKoZIhvcN -AQELBQADggEBAIWVPZmD9UtvtYeIei/+AsalLVX/5vNywu0rP821WVswGW5fey1I -HtGOZQSGDu8BUO3X/yN+LEA3SJ2qgsuCydf0B4tzajr7Gy+d568UXytJsoc668MP -8hPXSWya0iY5+vhI9JsZMJU5Z9hjN9a5v/0y4fypKpeZy8/2+kJL7g6HkhbcfnDc -Ru6NUhR0tWxLnuTntkYcgivFTH2E8GUVeIwsx35t2438ZExhoLSHg/YEWXFDi0AD -reAYuZQOuQUialKS/kgEz6SMyvb2HCnIsIOheRqaSVpzxD0WSvfJtd1nK718Eax/ -dI9L3e3T6rhtOj7n//zYBXtHScDMbppxI5Y= +U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NMIGludGVy +bWVkaWF0ZSBDQSAyMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0CA8NRlvLES0fkLHdbRqK6kj +hb+HtO7K10sfMdcRAqGrWD373FHKOh0flaZWgveP/2tQu+oQ4UcdNXcuSyjFU0Yj +K4L9WtP0IdsO4PJ2M0ezAL46sSOYU+vqoN4bzAVO7mOoLJMk1ph4dAPkyIlDYfEl +uM07h8ExJf26TPwplEWeaddnCoqO1VKTMKIO3WocsJR321JSt4khvpZ1JMvpSd+B +nZ34VX0BKut4AxLiIG7bYzXNoZbw+IwgNWmHAcq0VDagFeAjfbn7vpkFUPC/7H8S +4T11FU7IwjDmi/7li1X4RF7l41bgZi1vQlpFa5aqx11BCF/O19yfIORGeP/ZmQID +AQABo4IBOTCCATUwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUBdG6hgCi7ioFJLcR +rS1g8ZAUjxcwgcQGA1UdIwSBvDCBuYAUc7AcpC+Cy89HpTjXsASCOn5yFSGhgZ2k +gZowgZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQH +DAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmlu +ZzEYMBYGA1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkBFhBpbmZv +QHdvbGZzc2wuY29tggFjMAsGA1UdDwQEAwIBBjAyBggrBgEFBQcBAQQmMCQwIgYI +KwYBBQUHMAGGFmh0dHA6Ly9sb2NhbGhvc3Q6MjIyMjAwDQYJKoZIhvcNAQELBQAD +ggEBAGr1rx/3Q+8QdG0f5S5yX9GEQMhgebdmLkY5v5XK/oMKivRSbtLTpVR7DCk1 +oHV65TVdmQrZE8qARqCibdXE/wzV2uxUht/Op5Iax/YSdAR0nwY5grEer0fetbch +wTsiJ+PQP3DTJxxj4AESgCDnrGzwj3pyVIohLQ4XbJ0B/UKW4XrVQ9Vlmwt83baQ +2sw813rT4mMH45anloTWDJ4x4HLNkVTPFjivyCMEzpgsYREocNc0aVW34FuHpsSk +xb+P4ARd5BQiBCGhmwEZUCkDnYG+5LpNaBwv5OYFAsLntO9FvoDco4ZYzwLPammN +K2lpzYEnY+gtVSoA3gsVLFOVcik= -----END CERTIFICATE----- Certificate: Data: @@ -98,8 +98,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 14 22:25:23 2015 GMT - Not After : Sep 9 22:25:23 2018 GMT + Not Before: Dec 15 01:27:23 2015 GMT + Not After : Sep 10 01:27:23 2018 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -140,27 +140,27 @@ Certificate: OCSP - URI:http://localhost:22220 Signature Algorithm: sha256WithRSAEncryption - 99:fc:b4:e2:1b:08:32:4b:8e:b3:fa:b4:08:53:f6:55:36:01: - ec:25:89:80:64:60:31:3b:0c:a3:6f:be:73:f7:1a:12:d1:7e: - 3d:db:80:30:72:a8:26:63:35:80:81:b6:61:16:34:c0:fd:e6: - f3:dd:a5:4a:dc:7e:85:87:57:5d:48:8e:09:46:89:89:f8:66: - 56:b5:7d:57:8e:d2:b7:77:3a:b7:51:15:97:fa:e9:d7:72:a5: - e0:e6:51:9a:f3:d8:89:7d:2c:a5:bf:34:7b:d8:f4:2f:b5:4e: - 63:97:a7:5b:69:1a:e2:1c:d8:5f:ca:a8:61:79:dc:01:40:b7: - 43:09:a7:31:a2:dd:b2:c2:0d:98:06:41:c6:60:a7:25:21:cd: - 45:84:fb:34:c7:3b:74:ed:92:c9:d9:34:8e:dc:d5:43:9e:e4: - 60:ff:b1:d8:a0:5a:5d:7d:53:8e:62:e7:b3:8c:64:cf:42:0d: - c6:e5:13:20:20:be:4b:60:5f:6f:f3:15:5b:9c:82:62:03:9f: - 94:d4:b2:8b:86:af:ed:3b:8f:20:68:4d:14:78:23:37:d7:aa: - d9:5e:89:e5:80:7a:6b:a4:b8:63:6f:df:32:ad:cd:5e:5f:60: - f8:e4:fc:3a:ce:67:e7:7a:3b:68:36:98:15:4c:05:f0:53:e7: - d5:08:52:a3 + 5a:9d:7f:40:a7:10:51:e5:d7:b3:23:dd:e7:25:c2:bc:00:5a: + d0:6e:cf:26:bb:c1:1d:38:89:ac:3c:0c:37:60:6c:aa:8a:54: + 6b:a4:44:79:d5:49:f5:13:ed:bc:00:4c:dd:ed:eb:2e:64:44: + 9c:4c:96:8a:6a:e6:f6:4d:0a:63:f0:f5:18:e3:5e:72:fc:5a: + 3f:1b:4c:27:eb:6e:57:9d:d5:8e:3d:ee:28:3f:1b:7b:e0:25: + b9:0c:95:21:cd:bd:12:8f:4a:c4:b2:cc:80:da:b5:59:49:4d: + 32:d5:96:90:a0:ec:47:8c:15:0b:de:2a:22:be:d6:d4:d7:09: + d1:85:48:4f:33:92:04:30:d1:d5:14:cb:bd:ab:96:06:93:18: + 62:ed:8f:29:f8:b6:66:06:a7:f1:3a:ae:15:62:36:90:89:de: + 41:41:f2:44:35:ea:4c:7b:fc:0b:6f:08:46:09:de:35:5f:e3: + e6:f3:5a:08:70:a4:28:df:a6:c7:17:d1:c3:ec:70:09:c2:06: + c7:12:29:b9:d6:d6:26:7d:2c:df:86:c7:4d:0a:c6:98:2b:61: + 14:b3:b3:29:8e:c1:85:18:db:fd:54:9d:fe:99:a9:90:d1:c6: + 08:2b:4f:6c:16:47:d9:16:fc:7b:0c:84:a7:15:b0:78:41:48: + 87:f5:98:78 -----BEGIN CERTIFICATE----- MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx -MjE0MjIyNTIzWhcNMTgwOTA5MjIyNTIzWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV +MjE1MDEyNzIzWhcNMTgwOTEwMDEyNzIzWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 @@ -176,11 +176,11 @@ A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW -aHR0cDovL2xvY2FsaG9zdDoyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAmfy04hsI -MkuOs/q0CFP2VTYB7CWJgGRgMTsMo2++c/caEtF+PduAMHKoJmM1gIG2YRY0wP3m -892lStx+hYdXXUiOCUaJifhmVrV9V47St3c6t1EVl/rp13Kl4OZRmvPYiX0spb80 -e9j0L7VOY5enW2ka4hzYX8qoYXncAUC3QwmnMaLdssINmAZBxmCnJSHNRYT7NMc7 -dO2Sydk0jtzVQ57kYP+x2KBaXX1TjmLns4xkz0INxuUTICC+S2Bfb/MVW5yCYgOf -lNSyi4av7TuPIGhNFHgjN9eq2V6J5YB6a6S4Y2/fMq3NXl9g+OT8Os5n53o7aDaY -FUwF8FPn1QhSow== +aHR0cDovL2xvY2FsaG9zdDoyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAWp1/QKcQ +UeXXsyPd5yXCvABa0G7PJrvBHTiJrDwMN2BsqopUa6REedVJ9RPtvABM3e3rLmRE +nEyWimrm9k0KY/D1GONecvxaPxtMJ+tuV53Vjj3uKD8be+AluQyVIc29Eo9KxLLM +gNq1WUlNMtWWkKDsR4wVC94qIr7W1NcJ0YVITzOSBDDR1RTLvauWBpMYYu2PKfi2 +Zgan8TquFWI2kIneQUHyRDXqTHv8C28IRgneNV/j5vNaCHCkKN+mxxfRw+xwCcIG +xxIpudbWJn0s34bHTQrGmCthFLOzKY7BhRjb/VSd/pmpkNHGCCtPbBZH2Rb8ewyE +pxWweEFIh/WYeA== -----END CERTIFICATE----- diff --git a/certs/ocsp/intermediate3-ca-cert.pem b/certs/ocsp/intermediate3-ca-cert.pem new file mode 100644 index 000000000..b7629bdc1 --- /dev/null +++ b/certs/ocsp/intermediate3-ca-cert.pem @@ -0,0 +1,186 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 3 (0x3) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com + Validity + Not Before: Dec 15 01:27:23 2015 GMT + Not After : Sep 10 01:27:23 2018 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL REVOKED intermediate CA/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:de:c5:04:10:7d:c2:21:e9:12:45:da:d5:ba:28: + fd:a6:f4:30:44:a0:df:f9:70:5e:17:26:97:59:5c: + 31:eb:13:70:ea:4a:dd:58:3e:4f:33:14:66:59:69: + 7a:aa:90:e0:7c:c4:b2:36:c1:0a:f4:df:3e:34:6c: + 1a:e9:2b:f1:a5:92:7e:a9:68:70:ba:a4:68:88:f3: + ec:10:40:64:a5:64:7d:d9:1e:51:49:9d:7f:c8:cc: + 2b:6d:71:2a:06:ff:e6:1f:84:28:8a:c1:ed:a8:52: + f4:89:a5:c0:77:d8:13:66:c2:65:a5:63:03:98:b0: + 4b:05:4f:0c:84:a0:f4:2d:72:73:6b:fa:0d:e1:cf: + 45:27:ed:a3:8c:02:d7:ee:99:e2:a1:f0:e3:a0:ad: + 69:ed:59:e4:27:41:8f:ef:fa:83:73:8f:5f:2b:68: + 89:13:46:26:dc:f6:28:6b:3b:b2:b8:9b:52:2a:17: + 1b:dc:72:45:73:da:75:24:35:8b:00:5e:23:37:64: + 6a:16:74:b8:ee:fe:b7:11:71:be:0a:73:c8:54:c2: + d9:04:d2:1b:f5:53:ac:8d:2a:4f:fe:33:79:e6:5e: + e7:f3:86:d3:dc:bb:4b:d7:39:7f:5b:3c:67:fe:5e: + 88:51:05:96:f2:b4:9a:45:09:4c:51:f0:6a:4d:88: + 2a:17 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + X509v3 Subject Key Identifier: + BB:15:9E:32:4D:E0:F8:AA:8A:B0:2E:0C:17:2B:5A:41:74:4B:06:45 + X509v3 Authority Key Identifier: + keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 + DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com + serial:63 + + X509v3 Key Usage: + Certificate Sign, CRL Sign + Authority Information Access: + OCSP - URI:http://localhost:22220 + + Signature Algorithm: sha256WithRSAEncryption + 0c:5e:0d:55:3c:e7:fb:5e:c2:09:19:c8:0b:f4:c2:b2:2b:14: + 79:dc:e8:63:f6:8a:0c:03:57:9e:15:47:7e:b6:15:a3:71:90: + 01:11:39:4b:ff:3d:13:34:e4:f3:5b:a3:6c:58:4f:00:d5:c4: + b0:63:6c:90:c9:89:a8:5d:16:87:0a:da:08:40:12:b4:94:00: + 3e:44:00:13:de:34:75:90:38:79:d4:c2:39:6d:ed:17:cb:7e: + 50:ff:da:0b:eb:49:1a:66:e6:dd:eb:66:a5:92:ef:68:d5:c9: + 93:8f:aa:c7:2a:92:6b:95:af:3d:74:de:aa:29:fd:c9:53:56: + ad:9f:e0:05:d1:97:0c:01:3b:f1:c6:a6:90:7e:5c:08:11:5e: + c1:77:5d:64:09:56:ea:78:29:15:a3:ea:44:2a:4c:d6:09:a7: + a0:5f:05:54:2a:61:ca:7a:09:07:14:34:c2:0d:c5:93:cd:28: + 8b:62:26:af:30:25:8a:f1:da:65:fa:db:da:84:ab:d5:0c:37: + ae:5d:95:bd:55:2a:4b:09:e0:d3:3d:8b:3c:ea:f2:b9:68:5e: + e6:21:53:8b:28:78:39:f4:bf:9b:dc:92:bc:4b:14:06:fe:17: + 21:64:be:af:20:e8:e7:fb:67:c8:5e:ec:59:bf:27:a4:cb:e3: + 8a:6d:c3:ac +-----BEGIN CERTIFICATE----- +MIIE9jCCA96gAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx +EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM +B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx +MjE1MDEyNzIzWhcNMTgwOTEwMDEyNzIzWjCBpzELMAkGA1UEBhMCVVMxEzARBgNV +BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT +U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSgwJgYDVQQDDB93b2xmU1NMIFJFVk9L +RUQgaW50ZXJtZWRpYXRlIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu +Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3sUEEH3CIekSRdrV +uij9pvQwRKDf+XBeFyaXWVwx6xNw6krdWD5PMxRmWWl6qpDgfMSyNsEK9N8+NGwa +6SvxpZJ+qWhwuqRoiPPsEEBkpWR92R5RSZ1/yMwrbXEqBv/mH4QoisHtqFL0iaXA +d9gTZsJlpWMDmLBLBU8MhKD0LXJza/oN4c9FJ+2jjALX7pniofDjoK1p7VnkJ0GP +7/qDc49fK2iJE0Ym3PYoazuyuJtSKhcb3HJFc9p1JDWLAF4jN2RqFnS47v63EXG+ +CnPIVMLZBNIb9VOsjSpP/jN55l7n84bT3LtL1zl/Wzxn/l6IUQWW8rSaRQlMUfBq +TYgqFwIDAQABo4IBOTCCATUwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUuxWeMk3g ++KqKsC4MFytaQXRLBkUwgcQGA1UdIwSBvDCBuYAUc7AcpC+Cy89HpTjXsASCOn5y +FSGhgZ2kgZowgZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAw +DgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdp +bmVlcmluZzEYMBYGA1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkB +FhBpbmZvQHdvbGZzc2wuY29tggFjMAsGA1UdDwQEAwIBBjAyBggrBgEFBQcBAQQm +MCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9sb2NhbGhvc3Q6MjIyMjAwDQYJKoZIhvcN +AQELBQADggEBAAxeDVU85/tewgkZyAv0wrIrFHnc6GP2igwDV54VR362FaNxkAER +OUv/PRM05PNbo2xYTwDVxLBjbJDJiahdFocK2ghAErSUAD5EABPeNHWQOHnUwjlt +7RfLflD/2gvrSRpm5t3rZqWS72jVyZOPqscqkmuVrz103qop/clTVq2f4AXRlwwB +O/HGppB+XAgRXsF3XWQJVup4KRWj6kQqTNYJp6BfBVQqYcp6CQcUNMINxZPNKIti +Jq8wJYrx2mX629qEq9UMN65dlb1VKksJ4NM9izzq8rloXuYhU4soeDn0v5vckrxL +FAb+FyFkvq8g6Of7Z8he7Fm/J6TL44ptw6w= +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 99 (0x63) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com + Validity + Not Before: Dec 15 01:27:23 2015 GMT + Not After : Sep 10 01:27:23 2018 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ab:2c:b4:2f:1d:06:09:ef:4e:29:86:84:7e:cc: + bf:a6:79:7c:f0:c0:c1:64:25:8c:75:b7:10:05:ca: + 48:27:0c:0e:32:1c:b0:fe:99:85:39:b6:b9:a2:f7: + 27:ff:6d:3c:8c:16:73:29:21:7f:8b:a6:54:71:90: + ad:cc:05:b9:9f:15:c7:0a:3f:5f:69:f4:0a:5f:8c: + 71:b5:2c:bf:66:e2:03:9a:32:f4:d2:ec:2a:89:4b: + f9:35:88:14:33:47:4e:2e:05:79:01:ed:64:36:76: + b9:f8:85:cd:01:88:ac:c5:b2:b1:59:b8:cd:5a:f4: + 09:09:38:9b:da:5a:cf:ce:78:99:1f:49:3d:41:d6: + 06:7c:52:99:c8:97:d1:b3:80:3a:a2:4f:36:c4:c5: + 96:30:77:31:38:c8:70:cc:e1:67:06:b3:2b:2f:93: + b5:69:cf:83:7e:88:53:9b:0f:46:21:4c:d6:05:36: + 44:99:60:68:47:e5:32:01:12:d4:10:73:ae:9a:34: + 94:fa:6e:b8:58:4f:7b:5b:8a:92:97:ad:fd:97:b9: + 75:ca:c2:d4:45:7d:17:6b:cd:2f:f3:63:7a:0e:30: + b5:0b:a9:d9:a6:7c:74:60:9d:cc:09:03:43:f1:0f: + 90:d3:b7:fe:6c:9f:d9:cd:78:4b:15:ae:8c:5b:f9: + 99:81 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + X509v3 Subject Key Identifier: + 73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 + X509v3 Authority Key Identifier: + keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 + DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com + serial:63 + + X509v3 Key Usage: + Certificate Sign, CRL Sign + Authority Information Access: + OCSP - URI:http://localhost:22220 + + Signature Algorithm: sha256WithRSAEncryption + 5a:9d:7f:40:a7:10:51:e5:d7:b3:23:dd:e7:25:c2:bc:00:5a: + d0:6e:cf:26:bb:c1:1d:38:89:ac:3c:0c:37:60:6c:aa:8a:54: + 6b:a4:44:79:d5:49:f5:13:ed:bc:00:4c:dd:ed:eb:2e:64:44: + 9c:4c:96:8a:6a:e6:f6:4d:0a:63:f0:f5:18:e3:5e:72:fc:5a: + 3f:1b:4c:27:eb:6e:57:9d:d5:8e:3d:ee:28:3f:1b:7b:e0:25: + b9:0c:95:21:cd:bd:12:8f:4a:c4:b2:cc:80:da:b5:59:49:4d: + 32:d5:96:90:a0:ec:47:8c:15:0b:de:2a:22:be:d6:d4:d7:09: + d1:85:48:4f:33:92:04:30:d1:d5:14:cb:bd:ab:96:06:93:18: + 62:ed:8f:29:f8:b6:66:06:a7:f1:3a:ae:15:62:36:90:89:de: + 41:41:f2:44:35:ea:4c:7b:fc:0b:6f:08:46:09:de:35:5f:e3: + e6:f3:5a:08:70:a4:28:df:a6:c7:17:d1:c3:ec:70:09:c2:06: + c7:12:29:b9:d6:d6:26:7d:2c:df:86:c7:4d:0a:c6:98:2b:61: + 14:b3:b3:29:8e:c1:85:18:db:fd:54:9d:fe:99:a9:90:d1:c6: + 08:2b:4f:6c:16:47:d9:16:fc:7b:0c:84:a7:15:b0:78:41:48: + 87:f5:98:78 +-----BEGIN CERTIFICATE----- +MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx +EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM +B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx +MjE1MDEyNzIzWhcNMTgwOTEwMDEyNzIzWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV +BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT +U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg +Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQCrLLQvHQYJ704phoR+zL+meXzwwMFkJYx1txAF +ykgnDA4yHLD+mYU5trmi9yf/bTyMFnMpIX+LplRxkK3MBbmfFccKP19p9ApfjHG1 +LL9m4gOaMvTS7CqJS/k1iBQzR04uBXkB7WQ2drn4hc0BiKzFsrFZuM1a9AkJOJva +Ws/OeJkfST1B1gZ8UpnIl9GzgDqiTzbExZYwdzE4yHDM4WcGsysvk7Vpz4N+iFOb +D0YhTNYFNkSZYGhH5TIBEtQQc66aNJT6brhYT3tbipKXrf2XuXXKwtRFfRdrzS/z +Y3oOMLULqdmmfHRgncwJA0PxD5DTt/5sn9nNeEsVroxb+ZmBAgMBAAGjggE5MIIB +NTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBRzsBykL4LLz0elONewBII6fnIVITCB +xAYDVR0jBIG8MIG5gBRzsBykL4LLz0elONewBII6fnIVIaGBnaSBmjCBlzELMAkG +A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx +EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD +DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j +b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW +aHR0cDovL2xvY2FsaG9zdDoyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAWp1/QKcQ +UeXXsyPd5yXCvABa0G7PJrvBHTiJrDwMN2BsqopUa6REedVJ9RPtvABM3e3rLmRE +nEyWimrm9k0KY/D1GONecvxaPxtMJ+tuV53Vjj3uKD8be+AluQyVIc29Eo9KxLLM +gNq1WUlNMtWWkKDsR4wVC94qIr7W1NcJ0YVITzOSBDDR1RTLvauWBpMYYu2PKfi2 +Zgan8TquFWI2kIneQUHyRDXqTHv8C28IRgneNV/j5vNaCHCkKN+mxxfRw+xwCcIG +xxIpudbWJn0s34bHTQrGmCthFLOzKY7BhRjb/VSd/pmpkNHGCCtPbBZH2Rb8ewyE +pxWweEFIh/WYeA== +-----END CERTIFICATE----- diff --git a/certs/ocsp/intermediate3-ca-key.pem b/certs/ocsp/intermediate3-ca-key.pem new file mode 100644 index 000000000..03ebd4154 --- /dev/null +++ b/certs/ocsp/intermediate3-ca-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDexQQQfcIh6RJF +2tW6KP2m9DBEoN/5cF4XJpdZXDHrE3DqSt1YPk8zFGZZaXqqkOB8xLI2wQr03z40 +bBrpK/Glkn6paHC6pGiI8+wQQGSlZH3ZHlFJnX/IzCttcSoG/+YfhCiKwe2oUvSJ +pcB32BNmwmWlYwOYsEsFTwyEoPQtcnNr+g3hz0Un7aOMAtfumeKh8OOgrWntWeQn +QY/v+oNzj18raIkTRibc9ihrO7K4m1IqFxvcckVz2nUkNYsAXiM3ZGoWdLju/rcR +cb4Kc8hUwtkE0hv1U6yNKk/+M3nmXufzhtPcu0vXOX9bPGf+XohRBZbytJpFCUxR +8GpNiCoXAgMBAAECggEAFkESRd96TE7vT2EsJru/kzUjuUdk+JM8Iw3s4rVuGzDG +//DYqd8XpF+uVdJOucldU7mGoCeqw4mlujDug0qrikHXO28+i7au5rePZpQ4ObmP +ROhdcIA2asXStM0wSKC5yX43Wp1C86TN3w5a6t4AGizjYKFCk7dQ10ftVTaLDhsI +I4uuEZAHA7ruKmQp1DbE+/696kY4GUh2SXYQxee1zb/yYDvA6lGhuDW2Jev+4v4l ++1LZq8E2bE4GsmiLEALiHAdGvOrkZ5MUkiHVTnhGz7THK0OMj/4dJlNCwusyO+O5 +4Zr2LJQ2rnAtVGdtKuVsgwHwQBPpV9bJPkDXEzlXUQKBgQD38kxnjJ5nv0plMA+E +QViItp0qgQeXX18YTlh8yicqVe+t9kKnHm1tqZx/djvvR/51p0SkMfWNvMn8JYXa +dfT3ZX0djrzR9o6FgR8rL+LmPg6jyIn71wBqmMf7A6WQVYuG7fQk3IJNtx52BKcS +f8r2tsdPX8d/FBsCn3m/ZxaEyQKBgQDmAV5xxTbJKdea5pfH33BOCp6HTqSYgf4Y +/5GEO0YLmQoBXAKbX+zcAeiaOt5WvLQgw7LfkznitPlxCkpHr9VcgVarlEjXHa7y +SeJfik5cIFbMZtXqaQ/DIUvOTgnb/ngLxEdrzX4JUnlv/z1BEhWvEYaHn0asEsc4 +zbbcKoEH3wKBgQDRisobcPGmSDm9TmKuqPMDhyFH/IfH2+foCL4rqER1OO84G7i0 +t7hPR1plNizsyfE4yUXvZfFZ+cTR/Xwj5jBCrFiSlEDrSO2l0jvfKbceUi/ZJu/G +ECvf6oKHlstjMYibXZpJVLoip7Fsl/4CWlHTMyE56X4V3Y3+J3yiz6JuUQKBgDPS +byMXGibs5IUkG2KPN1B+GAXIdFFgSI39Vx4B9OA8FQMFZhj33fgb/fpx9RJ55ePT +9ANnuo0X1XPgq6fHOD1lbs+t01OUfoxclUKNeOZM6wGW0e/EyCZg5CGRd6s3hHiy +Op1RaWpUSMQxL+3vUy9ktXjtLBEtEfH8d4zXjsblAoGBAMPAdSskbG+upEYcNR2O +++R9X8BkWhaTDqkAuygsGJDomIgH89wROdlTnsi5LXe/r3uCocRC+M1ChRXm7Zqs +81QjVdls6HVZu5rG82S8itqdXHOXCajb1ls+lNiu7/9tPJVmpYfjfjD4/QHV0vF/ +FqdfthIOUXePjrAKccJDiJIk +-----END PRIVATE KEY----- diff --git a/certs/ocsp/ocsp-responder-cert.pem b/certs/ocsp/ocsp-responder-cert.pem index 616752f2e..90446b51c 100644 --- a/certs/ocsp/ocsp-responder-cert.pem +++ b/certs/ocsp/ocsp-responder-cert.pem @@ -1,12 +1,12 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: 3 (0x3) + Serial Number: 4 (0x4) Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 14 22:25:23 2015 GMT - Not After : Sep 9 22:25:23 2018 GMT + Not Before: Dec 15 01:27:23 2015 GMT + Not After : Sep 10 01:27:23 2018 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL OCSP Responder/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -44,27 +44,27 @@ Certificate: X509v3 Extended Key Usage: OCSP Signing Signature Algorithm: sha256WithRSAEncryption - 73:47:ce:37:60:b0:51:a2:91:81:1c:1f:b6:b8:ca:4f:c8:95: - 68:cc:d3:4f:62:df:ff:c0:29:55:16:b2:df:2c:bf:73:b3:7c: - 95:a1:94:cc:a2:9f:30:60:92:fb:ec:31:21:14:09:60:ab:67: - f5:66:e4:bd:fd:18:a9:0b:d7:5e:61:39:37:cb:da:51:84:aa: - 06:38:68:27:eb:16:d7:60:91:23:5e:87:40:7f:e3:ce:40:f1: - 1f:99:50:2b:ba:69:b5:4b:ca:15:d7:9a:0d:9d:8f:ae:83:82: - fb:fc:0a:37:a8:2b:fb:0f:8d:c0:f4:59:3e:7b:81:78:a0:b2: - a2:64:55:41:bc:19:02:8b:de:db:8b:6c:43:fd:f5:23:e2:25: - 63:33:71:53:e7:eb:05:75:3a:56:4b:53:e1:5f:d1:82:c7:fd: - 80:64:27:93:a6:81:38:51:09:25:fc:de:9f:84:f1:b2:07:44: - 5a:f9:b1:70:d6:1b:1e:4f:7c:c9:ca:bd:d7:df:28:86:ce:8d: - 96:f5:54:94:0a:bb:97:5a:04:a4:05:9d:8d:b8:06:0e:ba:fb: - 5a:e1:3f:f2:90:59:1b:dd:e2:23:22:e2:7f:6a:f7:b7:d7:54: - 2b:ca:20:78:2a:6e:65:de:05:50:7d:40:4d:4b:3c:42:38:f5: - 98:e0:23:c9 + 47:86:d8:ff:a5:6e:18:e4:28:b7:8a:74:f6:81:97:89:be:c7: + cf:8d:1e:15:c2:d3:e1:ff:3e:82:b8:6d:8f:92:c8:a2:55:ff: + df:7a:ed:2b:ee:d5:6f:d3:9e:8e:30:d0:08:d3:6a:39:8f:23: + 45:a3:2d:e6:99:d4:18:49:a3:f9:17:88:b5:68:86:c8:8c:17: + a7:ac:6a:a6:46:6f:b1:a4:6b:f8:8d:e5:d8:68:75:ca:a6:2d: + 36:72:12:0d:1f:12:af:c2:90:e7:bf:4a:3a:f2:02:a0:89:dd: + 6b:f8:92:4b:9b:9c:69:5a:24:a7:3f:9b:b9:8e:60:ef:33:54: + cf:aa:53:01:c2:f9:0d:9d:75:bc:c9:09:0f:40:06:6f:ab:f9: + f2:e7:0d:26:84:24:0c:b0:b2:bb:f0:13:e1:bc:82:e7:48:ce: + 46:d2:36:e6:d9:7a:4e:b3:d3:55:6c:93:a0:6c:1a:83:d5:22: + a1:2c:84:e7:cc:9e:a5:ef:d5:e1:85:36:38:c5:35:a6:87:49: + 74:2c:b0:7c:3d:e7:68:47:5d:46:35:cb:d3:9c:bb:8c:8a:3e: + fd:f9:42:ad:7d:c4:bf:0a:d9:e2:49:04:14:24:11:c1:a4:3d: + 86:93:6e:0c:55:49:ed:3f:f9:82:ec:f8:26:3e:bf:9f:33:21: + 41:55:23:8c -----BEGIN CERTIFICATE----- -MIIEvjCCA6agAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx +MIIEvjCCA6agAwIBAgIBBDANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx -MjE0MjIyNTIzWhcNMTgwOTA5MjIyNTIzWjCBnjELMAkGA1UEBhMCVVMxEzARBgNV +MjE1MDEyNzIzWhcNMTgwOTEwMDEyNzIzWjCBnjELMAkGA1UEBhMCVVMxEzARBgNV BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMR8wHQYDVQQDDBZ3b2xmU1NMIE9DU1Ag UmVzcG9uZGVyMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjAN @@ -80,12 +80,12 @@ CzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0 dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEYMBYG A1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZz c2wuY29tggFjMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA0GCSqGSIb3DQEBCwUAA4IB -AQBzR843YLBRopGBHB+2uMpPyJVozNNPYt//wClVFrLfLL9zs3yVoZTMop8wYJL7 -7DEhFAlgq2f1ZuS9/RipC9deYTk3y9pRhKoGOGgn6xbXYJEjXodAf+POQPEfmVAr -umm1S8oV15oNnY+ug4L7/Ao3qCv7D43A9Fk+e4F4oLKiZFVBvBkCi97bi2xD/fUj -4iVjM3FT5+sFdTpWS1PhX9GCx/2AZCeTpoE4UQkl/N6fhPGyB0Ra+bFw1hseT3zJ -yr3X3yiGzo2W9VSUCruXWgSkBZ2NuAYOuvta4T/ykFkb3eIjIuJ/ave311QryiB4 -Km5l3gVQfUBNSzxCOPWY4CPJ +AQBHhtj/pW4Y5Ci3inT2gZeJvsfPjR4VwtPh/z6CuG2PksiiVf/feu0r7tVv056O +MNAI02o5jyNFoy3mmdQYSaP5F4i1aIbIjBenrGqmRm+xpGv4jeXYaHXKpi02chIN +HxKvwpDnv0o68gKgid1r+JJLm5xpWiSnP5u5jmDvM1TPqlMBwvkNnXW8yQkPQAZv +q/ny5w0mhCQMsLK78BPhvILnSM5G0jbm2XpOs9NVbJOgbBqD1SKhLITnzJ6l79Xh +hTY4xTWmh0l0LLB8PedoR11GNcvTnLuMij79+UKtfcS/CtniSQQUJBHBpD2Gk24M +VUntP/mC7PgmPr+fMyFBVSOM -----END CERTIFICATE----- Certificate: Data: @@ -94,8 +94,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 14 22:25:23 2015 GMT - Not After : Sep 9 22:25:23 2018 GMT + Not Before: Dec 15 01:27:23 2015 GMT + Not After : Sep 10 01:27:23 2018 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -136,27 +136,27 @@ Certificate: OCSP - URI:http://localhost:22220 Signature Algorithm: sha256WithRSAEncryption - 99:fc:b4:e2:1b:08:32:4b:8e:b3:fa:b4:08:53:f6:55:36:01: - ec:25:89:80:64:60:31:3b:0c:a3:6f:be:73:f7:1a:12:d1:7e: - 3d:db:80:30:72:a8:26:63:35:80:81:b6:61:16:34:c0:fd:e6: - f3:dd:a5:4a:dc:7e:85:87:57:5d:48:8e:09:46:89:89:f8:66: - 56:b5:7d:57:8e:d2:b7:77:3a:b7:51:15:97:fa:e9:d7:72:a5: - e0:e6:51:9a:f3:d8:89:7d:2c:a5:bf:34:7b:d8:f4:2f:b5:4e: - 63:97:a7:5b:69:1a:e2:1c:d8:5f:ca:a8:61:79:dc:01:40:b7: - 43:09:a7:31:a2:dd:b2:c2:0d:98:06:41:c6:60:a7:25:21:cd: - 45:84:fb:34:c7:3b:74:ed:92:c9:d9:34:8e:dc:d5:43:9e:e4: - 60:ff:b1:d8:a0:5a:5d:7d:53:8e:62:e7:b3:8c:64:cf:42:0d: - c6:e5:13:20:20:be:4b:60:5f:6f:f3:15:5b:9c:82:62:03:9f: - 94:d4:b2:8b:86:af:ed:3b:8f:20:68:4d:14:78:23:37:d7:aa: - d9:5e:89:e5:80:7a:6b:a4:b8:63:6f:df:32:ad:cd:5e:5f:60: - f8:e4:fc:3a:ce:67:e7:7a:3b:68:36:98:15:4c:05:f0:53:e7: - d5:08:52:a3 + 5a:9d:7f:40:a7:10:51:e5:d7:b3:23:dd:e7:25:c2:bc:00:5a: + d0:6e:cf:26:bb:c1:1d:38:89:ac:3c:0c:37:60:6c:aa:8a:54: + 6b:a4:44:79:d5:49:f5:13:ed:bc:00:4c:dd:ed:eb:2e:64:44: + 9c:4c:96:8a:6a:e6:f6:4d:0a:63:f0:f5:18:e3:5e:72:fc:5a: + 3f:1b:4c:27:eb:6e:57:9d:d5:8e:3d:ee:28:3f:1b:7b:e0:25: + b9:0c:95:21:cd:bd:12:8f:4a:c4:b2:cc:80:da:b5:59:49:4d: + 32:d5:96:90:a0:ec:47:8c:15:0b:de:2a:22:be:d6:d4:d7:09: + d1:85:48:4f:33:92:04:30:d1:d5:14:cb:bd:ab:96:06:93:18: + 62:ed:8f:29:f8:b6:66:06:a7:f1:3a:ae:15:62:36:90:89:de: + 41:41:f2:44:35:ea:4c:7b:fc:0b:6f:08:46:09:de:35:5f:e3: + e6:f3:5a:08:70:a4:28:df:a6:c7:17:d1:c3:ec:70:09:c2:06: + c7:12:29:b9:d6:d6:26:7d:2c:df:86:c7:4d:0a:c6:98:2b:61: + 14:b3:b3:29:8e:c1:85:18:db:fd:54:9d:fe:99:a9:90:d1:c6: + 08:2b:4f:6c:16:47:d9:16:fc:7b:0c:84:a7:15:b0:78:41:48: + 87:f5:98:78 -----BEGIN CERTIFICATE----- MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx -MjE0MjIyNTIzWhcNMTgwOTA5MjIyNTIzWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV +MjE1MDEyNzIzWhcNMTgwOTEwMDEyNzIzWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 @@ -172,11 +172,11 @@ A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW -aHR0cDovL2xvY2FsaG9zdDoyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAmfy04hsI -MkuOs/q0CFP2VTYB7CWJgGRgMTsMo2++c/caEtF+PduAMHKoJmM1gIG2YRY0wP3m -892lStx+hYdXXUiOCUaJifhmVrV9V47St3c6t1EVl/rp13Kl4OZRmvPYiX0spb80 -e9j0L7VOY5enW2ka4hzYX8qoYXncAUC3QwmnMaLdssINmAZBxmCnJSHNRYT7NMc7 -dO2Sydk0jtzVQ57kYP+x2KBaXX1TjmLns4xkz0INxuUTICC+S2Bfb/MVW5yCYgOf -lNSyi4av7TuPIGhNFHgjN9eq2V6J5YB6a6S4Y2/fMq3NXl9g+OT8Os5n53o7aDaY -FUwF8FPn1QhSow== +aHR0cDovL2xvY2FsaG9zdDoyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAWp1/QKcQ +UeXXsyPd5yXCvABa0G7PJrvBHTiJrDwMN2BsqopUa6REedVJ9RPtvABM3e3rLmRE +nEyWimrm9k0KY/D1GONecvxaPxtMJ+tuV53Vjj3uKD8be+AluQyVIc29Eo9KxLLM +gNq1WUlNMtWWkKDsR4wVC94qIr7W1NcJ0YVITzOSBDDR1RTLvauWBpMYYu2PKfi2 +Zgan8TquFWI2kIneQUHyRDXqTHv8C28IRgneNV/j5vNaCHCkKN+mxxfRw+xwCcIG +xxIpudbWJn0s34bHTQrGmCthFLOzKY7BhRjb/VSd/pmpkNHGCCtPbBZH2Rb8ewyE +pxWweEFIh/WYeA== -----END CERTIFICATE----- diff --git a/certs/ocsp/ocspd0.sh b/certs/ocsp/ocspd0.sh index 33baeee14..e0f978773 100755 --- a/certs/ocsp/ocspd0.sh +++ b/certs/ocsp/ocspd0.sh @@ -1,6 +1,6 @@ #!/bin/bash -openssl ocsp -port 22220 -nmin 1 -text \ +openssl ocsp -port 22220 -nmin 1 \ -index certs/ocsp/index0.txt \ -rsigner certs/ocsp/ocsp-responder-cert.pem \ -rkey certs/ocsp/ocsp-responder-key.pem \ diff --git a/certs/ocsp/ocspd1.sh b/certs/ocsp/ocspd1.sh index 1a6f2dc2a..da6babcaa 100755 --- a/certs/ocsp/ocspd1.sh +++ b/certs/ocsp/ocspd1.sh @@ -1,6 +1,6 @@ #!/bin/bash -openssl ocsp -port 22221 -nmin 1 -text \ +openssl ocsp -port 22221 -nmin 1 \ -index certs/ocsp/index1.txt \ -rsigner certs/ocsp/ocsp-responder-cert.pem \ -rkey certs/ocsp/ocsp-responder-key.pem \ diff --git a/certs/ocsp/ocspd2.sh b/certs/ocsp/ocspd2.sh index 04f3ae2bf..3539f38fd 100755 --- a/certs/ocsp/ocspd2.sh +++ b/certs/ocsp/ocspd2.sh @@ -1,6 +1,6 @@ #!/bin/bash -openssl ocsp -port 22222 -nmin 1 -text \ +openssl ocsp -port 22222 -nmin 1 \ -index certs/ocsp/index2.txt \ -rsigner certs/ocsp/ocsp-responder-cert.pem \ -rkey certs/ocsp/ocsp-responder-key.pem \ diff --git a/certs/ocsp/ocspd3.sh b/certs/ocsp/ocspd3.sh new file mode 100755 index 000000000..35130c253 --- /dev/null +++ b/certs/ocsp/ocspd3.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +openssl ocsp -port 22223 -nmin 1 \ + -index certs/ocsp/index3.txt \ + -rsigner certs/ocsp/ocsp-responder-cert.pem \ + -rkey certs/ocsp/ocsp-responder-key.pem \ + -CA certs/ocsp/intermediate3-ca-cert.pem \ + $@ diff --git a/certs/ocsp/openssl.cnf b/certs/ocsp/openssl.cnf index 2c4234a90..71eee9a86 100644 --- a/certs/ocsp/openssl.cnf +++ b/certs/ocsp/openssl.cnf @@ -18,6 +18,14 @@ authorityKeyIdentifier = keyid:always,issuer:always keyUsage = nonRepudiation, digitalSignature, keyEncipherment authorityInfoAccess = OCSP;URI:http://localhost:22222 +# Extensions to add to a certificate request (intermediate3-ca) +[ v3_req3 ] +basicConstraints = CA:false +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always +keyUsage = nonRepudiation, digitalSignature, keyEncipherment +authorityInfoAccess = OCSP;URI:http://localhost:22223 + # Extensions for a typical CA [ v3_ca ] basicConstraints = CA:true diff --git a/certs/ocsp/renewcerts.sh b/certs/ocsp/renewcerts.sh index 2fa007a49..4eb552b42 100755 --- a/certs/ocsp/renewcerts.sh +++ b/certs/ocsp/renewcerts.sh @@ -41,9 +41,14 @@ function update_cert() { cat $3-cert.pem >> $1-cert.pem } -update_cert intermediate1-ca "wolfSSL intermediate CA" root-ca v3_ca 01 -update_cert intermediate2-ca "wolfSSL REVOKED intermediate CA" root-ca v3_ca 02 # REVOKED -update_cert ocsp-responder "wolfSSL OCSP Responder" root-ca v3_ocsp 03 -update_cert server1 "www1.wolfssl.com" intermediate1-ca v3_req1 04 -update_cert server2 "www2.wolfssl.com" intermediate1-ca v3_req1 05 # REVOKED -update_cert server3 "www3.wolfssl.com" intermediate2-ca v3_req2 06 +update_cert intermediate1-ca "wolfSSL intermediate CA 1" root-ca v3_ca 01 +update_cert intermediate2-ca "wolfSSL intermediate CA 2" root-ca v3_ca 02 +update_cert intermediate3-ca "wolfSSL REVOKED intermediate CA" root-ca v3_ca 03 # REVOKED + +update_cert ocsp-responder "wolfSSL OCSP Responder" root-ca v3_ocsp 04 + +update_cert server1 "www1.wolfssl.com" intermediate1-ca v3_req1 05 +update_cert server2 "www2.wolfssl.com" intermediate1-ca v3_req1 06 # REVOKED +update_cert server3 "www3.wolfssl.com" intermediate2-ca v3_req2 07 +update_cert server4 "www4.wolfssl.com" intermediate2-ca v3_req2 08 # REVOKED +update_cert server5 "www5.wolfssl.com" intermediate3-ca v3_req3 09 diff --git a/certs/ocsp/root-ca-cert.pem b/certs/ocsp/root-ca-cert.pem index 34bcd48c6..9d68f8197 100644 --- a/certs/ocsp/root-ca-cert.pem +++ b/certs/ocsp/root-ca-cert.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 14 22:25:23 2015 GMT - Not After : Sep 9 22:25:23 2018 GMT + Not Before: Dec 15 01:27:23 2015 GMT + Not After : Sep 10 01:27:23 2018 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -47,27 +47,27 @@ Certificate: OCSP - URI:http://localhost:22220 Signature Algorithm: sha256WithRSAEncryption - 99:fc:b4:e2:1b:08:32:4b:8e:b3:fa:b4:08:53:f6:55:36:01: - ec:25:89:80:64:60:31:3b:0c:a3:6f:be:73:f7:1a:12:d1:7e: - 3d:db:80:30:72:a8:26:63:35:80:81:b6:61:16:34:c0:fd:e6: - f3:dd:a5:4a:dc:7e:85:87:57:5d:48:8e:09:46:89:89:f8:66: - 56:b5:7d:57:8e:d2:b7:77:3a:b7:51:15:97:fa:e9:d7:72:a5: - e0:e6:51:9a:f3:d8:89:7d:2c:a5:bf:34:7b:d8:f4:2f:b5:4e: - 63:97:a7:5b:69:1a:e2:1c:d8:5f:ca:a8:61:79:dc:01:40:b7: - 43:09:a7:31:a2:dd:b2:c2:0d:98:06:41:c6:60:a7:25:21:cd: - 45:84:fb:34:c7:3b:74:ed:92:c9:d9:34:8e:dc:d5:43:9e:e4: - 60:ff:b1:d8:a0:5a:5d:7d:53:8e:62:e7:b3:8c:64:cf:42:0d: - c6:e5:13:20:20:be:4b:60:5f:6f:f3:15:5b:9c:82:62:03:9f: - 94:d4:b2:8b:86:af:ed:3b:8f:20:68:4d:14:78:23:37:d7:aa: - d9:5e:89:e5:80:7a:6b:a4:b8:63:6f:df:32:ad:cd:5e:5f:60: - f8:e4:fc:3a:ce:67:e7:7a:3b:68:36:98:15:4c:05:f0:53:e7: - d5:08:52:a3 + 5a:9d:7f:40:a7:10:51:e5:d7:b3:23:dd:e7:25:c2:bc:00:5a: + d0:6e:cf:26:bb:c1:1d:38:89:ac:3c:0c:37:60:6c:aa:8a:54: + 6b:a4:44:79:d5:49:f5:13:ed:bc:00:4c:dd:ed:eb:2e:64:44: + 9c:4c:96:8a:6a:e6:f6:4d:0a:63:f0:f5:18:e3:5e:72:fc:5a: + 3f:1b:4c:27:eb:6e:57:9d:d5:8e:3d:ee:28:3f:1b:7b:e0:25: + b9:0c:95:21:cd:bd:12:8f:4a:c4:b2:cc:80:da:b5:59:49:4d: + 32:d5:96:90:a0:ec:47:8c:15:0b:de:2a:22:be:d6:d4:d7:09: + d1:85:48:4f:33:92:04:30:d1:d5:14:cb:bd:ab:96:06:93:18: + 62:ed:8f:29:f8:b6:66:06:a7:f1:3a:ae:15:62:36:90:89:de: + 41:41:f2:44:35:ea:4c:7b:fc:0b:6f:08:46:09:de:35:5f:e3: + e6:f3:5a:08:70:a4:28:df:a6:c7:17:d1:c3:ec:70:09:c2:06: + c7:12:29:b9:d6:d6:26:7d:2c:df:86:c7:4d:0a:c6:98:2b:61: + 14:b3:b3:29:8e:c1:85:18:db:fd:54:9d:fe:99:a9:90:d1:c6: + 08:2b:4f:6c:16:47:d9:16:fc:7b:0c:84:a7:15:b0:78:41:48: + 87:f5:98:78 -----BEGIN CERTIFICATE----- MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx -MjE0MjIyNTIzWhcNMTgwOTA5MjIyNTIzWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV +MjE1MDEyNzIzWhcNMTgwOTEwMDEyNzIzWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 @@ -83,11 +83,11 @@ A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW -aHR0cDovL2xvY2FsaG9zdDoyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAmfy04hsI -MkuOs/q0CFP2VTYB7CWJgGRgMTsMo2++c/caEtF+PduAMHKoJmM1gIG2YRY0wP3m -892lStx+hYdXXUiOCUaJifhmVrV9V47St3c6t1EVl/rp13Kl4OZRmvPYiX0spb80 -e9j0L7VOY5enW2ka4hzYX8qoYXncAUC3QwmnMaLdssINmAZBxmCnJSHNRYT7NMc7 -dO2Sydk0jtzVQ57kYP+x2KBaXX1TjmLns4xkz0INxuUTICC+S2Bfb/MVW5yCYgOf -lNSyi4av7TuPIGhNFHgjN9eq2V6J5YB6a6S4Y2/fMq3NXl9g+OT8Os5n53o7aDaY -FUwF8FPn1QhSow== +aHR0cDovL2xvY2FsaG9zdDoyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAWp1/QKcQ +UeXXsyPd5yXCvABa0G7PJrvBHTiJrDwMN2BsqopUa6REedVJ9RPtvABM3e3rLmRE +nEyWimrm9k0KY/D1GONecvxaPxtMJ+tuV53Vjj3uKD8be+AluQyVIc29Eo9KxLLM +gNq1WUlNMtWWkKDsR4wVC94qIr7W1NcJ0YVITzOSBDDR1RTLvauWBpMYYu2PKfi2 +Zgan8TquFWI2kIneQUHyRDXqTHv8C28IRgneNV/j5vNaCHCkKN+mxxfRw+xwCcIG +xxIpudbWJn0s34bHTQrGmCthFLOzKY7BhRjb/VSd/pmpkNHGCCtPbBZH2Rb8ewyE +pxWweEFIh/WYeA== -----END CERTIFICATE----- diff --git a/certs/ocsp/server1-cert.pem b/certs/ocsp/server1-cert.pem index 794bb7a31..eab440bdf 100644 --- a/certs/ocsp/server1-cert.pem +++ b/certs/ocsp/server1-cert.pem @@ -1,12 +1,12 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: 4 (0x4) + Serial Number: 5 (0x5) Signature Algorithm: sha256WithRSAEncryption - Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL intermediate CA/emailAddress=info@wolfssl.com + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL intermediate CA 1/emailAddress=info@wolfssl.com Validity - Not Before: Dec 14 22:25:23 2015 GMT - Not After : Sep 9 22:25:23 2018 GMT + Not Before: Dec 15 01:27:23 2015 GMT + Not After : Sep 10 01:27:23 2018 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=www1.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -47,49 +47,49 @@ Certificate: OCSP - URI:http://localhost:22221 Signature Algorithm: sha256WithRSAEncryption - 81:77:93:7b:35:9c:af:00:ca:7a:eb:53:d0:56:f9:11:7b:eb: - 6b:d1:ac:f2:bb:1a:f2:b7:d1:02:59:04:3c:43:09:5a:66:9b: - 05:c9:9b:3c:98:d4:3b:30:dd:8a:8a:97:fb:77:06:22:89:b3: - c6:14:3d:00:ef:48:95:69:6f:74:92:4e:f0:70:fb:7a:d4:84: - f9:26:00:b7:f9:59:14:fb:56:ed:b3:ea:14:de:d6:76:aa:c4: - dd:16:74:f7:5a:32:18:1e:ab:eb:80:3d:2f:5c:fc:29:96:fa: - 62:44:09:bf:3e:f9:ac:2b:6e:36:68:f1:d7:53:eb:a1:47:53: - 99:65:29:3f:21:e2:ce:64:55:37:e0:41:d2:0a:ac:1b:6a:a3: - 62:db:96:46:2e:67:9f:4a:8f:7d:5e:f9:1f:2a:36:e6:c0:2b: - 07:f9:63:d9:54:e7:5b:09:86:7a:dc:75:96:bc:60:28:00:99: - a7:8b:17:7a:bd:8b:06:bc:9f:c4:bc:d7:c8:d5:eb:a6:60:cf: - 0c:07:b3:8c:bd:87:8c:15:12:d2:26:ea:56:ed:d4:c0:87:10: - 50:7f:f6:70:d0:72:fb:f0:75:cf:c7:c2:c9:01:6a:05:68:5e: - 7a:2f:e0:ef:c1:45:e0:31:52:05:d7:12:7a:06:53:81:f7:e8: - cb:14:42:bd + cc:2e:e2:e4:a8:f6:e8:73:e4:e8:d9:ee:05:e6:2c:a9:0f:54: + d5:b0:be:ce:20:a6:12:38:63:b8:19:32:c1:12:2f:d4:ee:a5: + 73:2b:72:5c:ad:c7:ed:d7:a4:5e:97:d2:a4:fd:9e:db:3d:e0: + df:a2:96:a9:36:c8:e3:f9:93:d6:84:dc:ad:a4:5f:1e:d4:af: + de:b4:05:9a:e5:ac:c6:b4:f4:9b:69:a0:e8:81:28:32:d7:a0: + 83:1b:2d:18:92:87:33:3f:23:11:11:f5:c9:01:11:35:de:44: + 8d:1d:6b:c4:3a:20:72:64:5d:c1:59:60:cb:5c:3b:ca:a0:27: + ab:e6:6c:ac:31:ec:a9:3a:a0:ec:10:e5:48:34:9b:d3:1c:9e: + 1e:93:2a:ba:47:40:b6:5d:45:c4:b9:cb:d6:63:5b:1a:70:26: + 23:f6:0a:41:53:de:ba:02:db:df:ce:df:6d:7a:9c:85:55:a4: + 01:3e:f5:d1:9c:4a:59:bf:1f:f5:83:fa:92:9a:3d:80:4d:49: + aa:f6:92:5f:94:ee:ef:38:b3:71:9f:96:30:7d:b2:d2:8d:bb: + 16:ed:e1:6f:cd:8e:4e:d2:e0:5b:59:5c:dd:95:de:9f:69:63: + d4:b2:54:52:51:40:e5:50:5c:4b:1c:5e:51:5b:10:b7:19:1f: + 31:08:70:cb -----BEGIN CERTIFICATE----- -MIIE7DCCA9SgAwIBAgIBBDANBgkqhkiG9w0BAQsFADCBnzELMAkGA1UEBhMCVVMx +MIIE7jCCA9agAwIBAgIBBTANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM -B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSAwHgYDVQQDDBd3b2xmU1NM -IGludGVybWVkaWF0ZSBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv -bTAeFw0xNTEyMTQyMjI1MjNaFw0xODA5MDkyMjI1MjNaMIGYMQswCQYDVQQGEwJV -UzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEQMA4GA1UE -CgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcxGTAXBgNVBAMMEHd3dzEu -d29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEi -MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDmllV1z4qXaIy2OPZ6Bb4ztlFH -N4r325G+kmu3AIzyxSRuGOmSAIEB3LNMKKm3gPGWzyN6L6744w8t014j59tMsl2J -Fhe+voHb+xJtKEsQoBIEJ8HJ0HmV7+iNjFmbTnJ9vEkrIk74T+IM8enpl/nfjFoK -qjgdQwSjp4mh4oOkS7VORYimIl2sqVhniMHVYe+9EQUnlEe7M6WKyu4fjcBuJK/N -yr+AR3GVrKnxXSNs9Uu0qeHEZvvlxKGfp1HReM0utD8u4oLzf8Sn9DHPdic/2y7S -bsNHI4KjSECMp8ET8GNQVEP2cRLhb6V6WCb3/Ys7cBigQ7oBa7P41b4FE2QxAgMB -AAGjggE2MIIBMjAJBgNVHRMEAjAAMB0GA1UdDgQWBBTMVRUA4kSJkmNtEF25nnO2 -XToZyjCBxAYDVR0jBIG8MIG5gBSDxjqJLIH0AtedTOIqwHGCZETaDqGBnaSBmjCB -lzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1Nl -YXR0bGUxEDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgw -FgYDVQQDDA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s -ZnNzbC5jb22CAQEwCwYDVR0PBAQDAgXgMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEF -BQcwAYYWaHR0cDovL2xvY2FsaG9zdDoyMjIyMTANBgkqhkiG9w0BAQsFAAOCAQEA -gXeTezWcrwDKeutT0Fb5EXvra9Gs8rsa8rfRAlkEPEMJWmabBcmbPJjUOzDdioqX -+3cGIomzxhQ9AO9IlWlvdJJO8HD7etSE+SYAt/lZFPtW7bPqFN7WdqrE3RZ091oy -GB6r64A9L1z8KZb6YkQJvz75rCtuNmjx11ProUdTmWUpPyHizmRVN+BB0gqsG2qj -YtuWRi5nn0qPfV75Hyo25sArB/lj2VTnWwmGetx1lrxgKACZp4sXer2LBryfxLzX -yNXrpmDPDAezjL2HjBUS0ibqVu3UwIcQUH/2cNBy+/B1z8fCyQFqBWheei/g78FF -4DFSBdcSegZTgffoyxRCvQ== +B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NM +IGludGVybWVkaWF0ZSBDQSAxMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu +Y29tMB4XDTE1MTIxNTAxMjcyM1oXDTE4MDkxMDAxMjcyM1owgZgxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD +VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEZMBcGA1UEAwwQd3d3 +MS53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOaWVXXPipdojLY49noFvjO2 +UUc3ivfbkb6Sa7cAjPLFJG4Y6ZIAgQHcs0woqbeA8ZbPI3ovrvjjDy3TXiPn20yy +XYkWF76+gdv7Em0oSxCgEgQnwcnQeZXv6I2MWZtOcn28SSsiTvhP4gzx6emX+d+M +WgqqOB1DBKOniaHig6RLtU5FiKYiXaypWGeIwdVh770RBSeUR7szpYrK7h+NwG4k +r83Kv4BHcZWsqfFdI2z1S7Sp4cRm++XEoZ+nUdF4zS60Py7igvN/xKf0Mc92Jz/b +LtJuw0cjgqNIQIynwRPwY1BUQ/ZxEuFvpXpYJvf9iztwGKBDugFrs/jVvgUTZDEC +AwEAAaOCATYwggEyMAkGA1UdEwQCMAAwHQYDVR0OBBYEFMxVFQDiRImSY20QXbme +c7ZdOhnKMIHEBgNVHSMEgbwwgbmAFIPGOoksgfQC151M4irAcYJkRNoOoYGdpIGa +MIGXMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwH +U2VhdHRsZTEQMA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcx +GDAWBgNVBAMMD3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3 +b2xmc3NsLmNvbYIBATALBgNVHQ8EBAMCBeAwMgYIKwYBBQUHAQEEJjAkMCIGCCsG +AQUFBzABhhZodHRwOi8vbG9jYWxob3N0OjIyMjIxMA0GCSqGSIb3DQEBCwUAA4IB +AQDMLuLkqPboc+To2e4F5iypD1TVsL7OIKYSOGO4GTLBEi/U7qVzK3Jcrcft16Re +l9Kk/Z7bPeDfopapNsjj+ZPWhNytpF8e1K/etAWa5azGtPSbaaDogSgy16CDGy0Y +koczPyMREfXJARE13kSNHWvEOiByZF3BWWDLXDvKoCer5mysMeypOqDsEOVINJvT +HJ4ekyq6R0C2XUXEucvWY1sacCYj9gpBU966Atvfzt9tepyFVaQBPvXRnEpZvx/1 +g/qSmj2ATUmq9pJflO7vOLNxn5YwfbLSjbsW7eFvzY5O0uBbWVzdld6faWPUslRS +UUDlUFxLHF5RWxC3GR8xCHDL -----END CERTIFICATE----- Certificate: Data: @@ -98,9 +98,9 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 14 22:25:23 2015 GMT - Not After : Sep 9 22:25:23 2018 GMT - Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL intermediate CA/emailAddress=info@wolfssl.com + Not Before: Dec 15 01:27:23 2015 GMT + Not After : Sep 10 01:27:23 2018 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL intermediate CA 1/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) @@ -140,49 +140,49 @@ Certificate: OCSP - URI:http://localhost:22220 Signature Algorithm: sha256WithRSAEncryption - 1b:83:ce:ad:1e:50:0f:3c:f0:26:17:23:c1:d5:98:88:c8:bc: - 30:5b:bb:01:bd:9b:cc:b3:45:0b:a3:7b:30:0a:54:3f:c7:36: - 16:4b:8b:cb:dd:d1:b3:7b:00:40:48:24:cb:46:3b:e7:e0:5c: - 7b:ec:ca:f8:e0:e5:34:5d:ae:e7:ac:87:15:cd:6c:7e:13:52: - 28:84:55:2b:2a:14:d9:fa:34:ce:fb:15:6c:10:47:c9:e6:ed: - 35:5b:4c:97:9c:dd:51:46:ac:2c:60:b7:2e:9d:2f:cb:0d:83: - 86:f0:a6:1b:6d:26:cb:7f:c4:97:51:6c:a1:a3:8d:6e:be:41: - 4a:ec:b0:cf:b4:ae:ad:e4:65:57:12:5d:bf:a0:78:ce:bf:4b: - 35:fe:bb:94:7a:f1:43:7d:0f:01:45:eb:d1:53:8b:19:db:bf: - 3e:4a:26:77:a1:b5:06:2a:64:ec:53:ca:ec:93:23:a2:4e:6a: - 82:8f:11:f4:cd:5f:6c:6e:22:cd:e1:1c:76:ce:49:f7:ca:43: - 65:aa:f5:9e:e7:ad:eb:99:4f:ff:db:fe:b8:91:ef:2c:ea:92: - 5f:bf:08:78:c1:90:22:37:f3:7e:c3:5b:fc:31:f0:5b:83:65: - 00:d6:5a:55:3a:a2:a8:3f:02:e5:ae:7a:37:7b:3c:39:e7:91: - 4a:2e:53:04 + 1e:07:eb:03:66:a7:54:e8:c5:e1:fe:c9:08:58:91:d8:1b:d6: + c8:69:a5:65:03:a3:1a:f4:eb:9d:cd:4a:c1:9d:cd:ac:39:0b: + 49:09:e7:9c:0f:12:cb:3f:29:e1:9c:d1:f4:68:14:02:2e:d3: + fe:3d:63:3c:26:80:38:91:03:c3:52:52:9e:66:4d:59:d1:80: + 97:eb:91:99:5f:e7:d5:8e:e7:c4:c0:d3:f3:12:2e:c9:05:3a: + 54:ed:38:f3:6f:f3:ae:74:18:47:b5:25:c6:e3:44:8c:27:bd: + 3f:bc:e3:f1:0e:e4:50:ff:4c:ec:30:d6:0d:9f:8f:d0:f6:be: + 43:73:94:8f:48:97:38:7c:e8:8a:53:fd:02:4e:0f:2c:14:53: + f4:4c:80:8a:09:b2:b8:a8:0e:11:75:a6:15:6a:5f:c8:06:7b: + ff:a3:76:d0:e8:70:0a:e0:b1:6d:88:54:06:c2:04:f9:81:b0: + 77:af:a4:80:1b:88:64:5e:db:ff:36:dc:e8:d2:7b:4e:55:40: + 3c:f7:cd:33:f9:66:59:2e:9c:18:c7:50:e6:b5:b9:c1:94:3b: + 78:46:05:a6:24:41:2a:28:b5:e8:92:d0:0d:47:18:e8:cc:6e: + e8:11:d2:2a:94:47:75:b5:80:f2:e8:83:34:cc:7f:22:8a:9e: + 49:be:30:c1 -----BEGIN CERTIFICATE----- -MIIE7jCCA9agAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx +MIIE8DCCA9igAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx -MjE0MjIyNTIzWhcNMTgwOTA5MjIyNTIzWjCBnzELMAkGA1UEBhMCVVMxEzARBgNV +MjE1MDEyNzIzWhcNMTgwOTEwMDEyNzIzWjCBoTELMAkGA1UEBhMCVVMxEzARBgNV BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT -U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSAwHgYDVQQDDBd3b2xmU1NMIGludGVy -bWVkaWF0ZSBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN60yFx34C2x9bmtFkc1oDVlZcbh -QKsetLkTt8uMu3eldtpth4f2Sk0T5CY+J4fuW8dqP0UwYVVc9jXRZfqYEaOnVdW+ -kYJL/L6Q1lBTY5osIuE1Edx4ApeK5EaSnFMIdt4fU7a4ync+eW680OMNMFtM9pQN -MClknwTl2/uJYGe7ryaDUXckLysLoZSBEJjo6yaoHnzkxGxnBpVVSt1S9PJgbQEr -GZE1baQIRwZxJADZ3sZW84tTLOKalqXzYuXE4yPy0vwh6g9ido3VmUjO3FjEu3/a -lCyAdIPF4LAVfkH9DvL08Hh2e60mDapIlhcvIeOVKyY3+aqAL/7e9l68l38CAwEA -AaOCATkwggE1MAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFIPGOoksgfQC151M4irA -cYJkRNoOMIHEBgNVHSMEgbwwgbmAFHOwHKQvgsvPR6U417AEgjp+chUhoYGdpIGa -MIGXMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwH -U2VhdHRsZTEQMA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcx -GDAWBgNVBAMMD3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3 -b2xmc3NsLmNvbYIBYzALBgNVHQ8EBAMCAQYwMgYIKwYBBQUHAQEEJjAkMCIGCCsG -AQUFBzABhhZodHRwOi8vbG9jYWxob3N0OjIyMjIwMA0GCSqGSIb3DQEBCwUAA4IB -AQAbg86tHlAPPPAmFyPB1ZiIyLwwW7sBvZvMs0ULo3swClQ/xzYWS4vL3dGzewBA -SCTLRjvn4Fx77Mr44OU0Xa7nrIcVzWx+E1IohFUrKhTZ+jTO+xVsEEfJ5u01W0yX -nN1RRqwsYLcunS/LDYOG8KYbbSbLf8SXUWyho41uvkFK7LDPtK6t5GVXEl2/oHjO -v0s1/ruUevFDfQ8BRevRU4sZ278+SiZ3obUGKmTsU8rskyOiTmqCjxH0zV9sbiLN -4Rx2zkn3ykNlqvWe563rmU//2/64ke8s6pJfvwh4wZAiN/N+w1v8MfBbg2UA1lpV -OqKoPwLlrno3ezw555FKLlME +U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NMIGludGVy +bWVkaWF0ZSBDQSAxMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3rTIXHfgLbH1ua0WRzWgNWVl +xuFAqx60uRO3y4y7d6V22m2Hh/ZKTRPkJj4nh+5bx2o/RTBhVVz2NdFl+pgRo6dV +1b6Rgkv8vpDWUFNjmiwi4TUR3HgCl4rkRpKcUwh23h9TtrjKdz55brzQ4w0wW0z2 +lA0wKWSfBOXb+4lgZ7uvJoNRdyQvKwuhlIEQmOjrJqgefOTEbGcGlVVK3VL08mBt +ASsZkTVtpAhHBnEkANnexlbzi1Ms4pqWpfNi5cTjI/LS/CHqD2J2jdWZSM7cWMS7 +f9qULIB0g8XgsBV+Qf0O8vTweHZ7rSYNqkiWFy8h45UrJjf5qoAv/t72XryXfwID +AQABo4IBOTCCATUwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUg8Y6iSyB9ALXnUzi +KsBxgmRE2g4wgcQGA1UdIwSBvDCBuYAUc7AcpC+Cy89HpTjXsASCOn5yFSGhgZ2k +gZowgZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQH +DAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmlu +ZzEYMBYGA1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkBFhBpbmZv +QHdvbGZzc2wuY29tggFjMAsGA1UdDwQEAwIBBjAyBggrBgEFBQcBAQQmMCQwIgYI +KwYBBQUHMAGGFmh0dHA6Ly9sb2NhbGhvc3Q6MjIyMjAwDQYJKoZIhvcNAQELBQAD +ggEBAB4H6wNmp1ToxeH+yQhYkdgb1shppWUDoxr0653NSsGdzaw5C0kJ55wPEss/ +KeGc0fRoFAIu0/49YzwmgDiRA8NSUp5mTVnRgJfrkZlf59WO58TA0/MSLskFOlTt +OPNv8650GEe1JcbjRIwnvT+84/EO5FD/TOww1g2fj9D2vkNzlI9Ilzh86IpT/QJO +DywUU/RMgIoJsrioDhF1phVqX8gGe/+jdtDocArgsW2IVAbCBPmBsHevpIAbiGRe +2/823OjSe05VQDz3zTP5ZlkunBjHUOa1ucGUO3hGBaYkQSooteiS0A1HGOjMbugR +0iqUR3W1gPLogzTMfyKKnkm+MME= -----END CERTIFICATE----- Certificate: Data: @@ -191,8 +191,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 14 22:25:23 2015 GMT - Not After : Sep 9 22:25:23 2018 GMT + Not Before: Dec 15 01:27:23 2015 GMT + Not After : Sep 10 01:27:23 2018 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -233,27 +233,27 @@ Certificate: OCSP - URI:http://localhost:22220 Signature Algorithm: sha256WithRSAEncryption - 99:fc:b4:e2:1b:08:32:4b:8e:b3:fa:b4:08:53:f6:55:36:01: - ec:25:89:80:64:60:31:3b:0c:a3:6f:be:73:f7:1a:12:d1:7e: - 3d:db:80:30:72:a8:26:63:35:80:81:b6:61:16:34:c0:fd:e6: - f3:dd:a5:4a:dc:7e:85:87:57:5d:48:8e:09:46:89:89:f8:66: - 56:b5:7d:57:8e:d2:b7:77:3a:b7:51:15:97:fa:e9:d7:72:a5: - e0:e6:51:9a:f3:d8:89:7d:2c:a5:bf:34:7b:d8:f4:2f:b5:4e: - 63:97:a7:5b:69:1a:e2:1c:d8:5f:ca:a8:61:79:dc:01:40:b7: - 43:09:a7:31:a2:dd:b2:c2:0d:98:06:41:c6:60:a7:25:21:cd: - 45:84:fb:34:c7:3b:74:ed:92:c9:d9:34:8e:dc:d5:43:9e:e4: - 60:ff:b1:d8:a0:5a:5d:7d:53:8e:62:e7:b3:8c:64:cf:42:0d: - c6:e5:13:20:20:be:4b:60:5f:6f:f3:15:5b:9c:82:62:03:9f: - 94:d4:b2:8b:86:af:ed:3b:8f:20:68:4d:14:78:23:37:d7:aa: - d9:5e:89:e5:80:7a:6b:a4:b8:63:6f:df:32:ad:cd:5e:5f:60: - f8:e4:fc:3a:ce:67:e7:7a:3b:68:36:98:15:4c:05:f0:53:e7: - d5:08:52:a3 + 5a:9d:7f:40:a7:10:51:e5:d7:b3:23:dd:e7:25:c2:bc:00:5a: + d0:6e:cf:26:bb:c1:1d:38:89:ac:3c:0c:37:60:6c:aa:8a:54: + 6b:a4:44:79:d5:49:f5:13:ed:bc:00:4c:dd:ed:eb:2e:64:44: + 9c:4c:96:8a:6a:e6:f6:4d:0a:63:f0:f5:18:e3:5e:72:fc:5a: + 3f:1b:4c:27:eb:6e:57:9d:d5:8e:3d:ee:28:3f:1b:7b:e0:25: + b9:0c:95:21:cd:bd:12:8f:4a:c4:b2:cc:80:da:b5:59:49:4d: + 32:d5:96:90:a0:ec:47:8c:15:0b:de:2a:22:be:d6:d4:d7:09: + d1:85:48:4f:33:92:04:30:d1:d5:14:cb:bd:ab:96:06:93:18: + 62:ed:8f:29:f8:b6:66:06:a7:f1:3a:ae:15:62:36:90:89:de: + 41:41:f2:44:35:ea:4c:7b:fc:0b:6f:08:46:09:de:35:5f:e3: + e6:f3:5a:08:70:a4:28:df:a6:c7:17:d1:c3:ec:70:09:c2:06: + c7:12:29:b9:d6:d6:26:7d:2c:df:86:c7:4d:0a:c6:98:2b:61: + 14:b3:b3:29:8e:c1:85:18:db:fd:54:9d:fe:99:a9:90:d1:c6: + 08:2b:4f:6c:16:47:d9:16:fc:7b:0c:84:a7:15:b0:78:41:48: + 87:f5:98:78 -----BEGIN CERTIFICATE----- MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx -MjE0MjIyNTIzWhcNMTgwOTA5MjIyNTIzWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV +MjE1MDEyNzIzWhcNMTgwOTEwMDEyNzIzWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 @@ -269,11 +269,11 @@ A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW -aHR0cDovL2xvY2FsaG9zdDoyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAmfy04hsI -MkuOs/q0CFP2VTYB7CWJgGRgMTsMo2++c/caEtF+PduAMHKoJmM1gIG2YRY0wP3m -892lStx+hYdXXUiOCUaJifhmVrV9V47St3c6t1EVl/rp13Kl4OZRmvPYiX0spb80 -e9j0L7VOY5enW2ka4hzYX8qoYXncAUC3QwmnMaLdssINmAZBxmCnJSHNRYT7NMc7 -dO2Sydk0jtzVQ57kYP+x2KBaXX1TjmLns4xkz0INxuUTICC+S2Bfb/MVW5yCYgOf -lNSyi4av7TuPIGhNFHgjN9eq2V6J5YB6a6S4Y2/fMq3NXl9g+OT8Os5n53o7aDaY -FUwF8FPn1QhSow== +aHR0cDovL2xvY2FsaG9zdDoyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAWp1/QKcQ +UeXXsyPd5yXCvABa0G7PJrvBHTiJrDwMN2BsqopUa6REedVJ9RPtvABM3e3rLmRE +nEyWimrm9k0KY/D1GONecvxaPxtMJ+tuV53Vjj3uKD8be+AluQyVIc29Eo9KxLLM +gNq1WUlNMtWWkKDsR4wVC94qIr7W1NcJ0YVITzOSBDDR1RTLvauWBpMYYu2PKfi2 +Zgan8TquFWI2kIneQUHyRDXqTHv8C28IRgneNV/j5vNaCHCkKN+mxxfRw+xwCcIG +xxIpudbWJn0s34bHTQrGmCthFLOzKY7BhRjb/VSd/pmpkNHGCCtPbBZH2Rb8ewyE +pxWweEFIh/WYeA== -----END CERTIFICATE----- diff --git a/certs/ocsp/server2-cert.pem b/certs/ocsp/server2-cert.pem index 9025271b2..8aa20085f 100644 --- a/certs/ocsp/server2-cert.pem +++ b/certs/ocsp/server2-cert.pem @@ -1,12 +1,12 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: 5 (0x5) + Serial Number: 6 (0x6) Signature Algorithm: sha256WithRSAEncryption - Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL intermediate CA/emailAddress=info@wolfssl.com + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL intermediate CA 1/emailAddress=info@wolfssl.com Validity - Not Before: Dec 14 22:25:23 2015 GMT - Not After : Sep 9 22:25:23 2018 GMT + Not Before: Dec 15 01:27:23 2015 GMT + Not After : Sep 10 01:27:23 2018 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=www2.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -47,49 +47,49 @@ Certificate: OCSP - URI:http://localhost:22221 Signature Algorithm: sha256WithRSAEncryption - a3:33:6d:91:c3:bd:b5:42:e6:6a:b8:1f:01:d8:ef:8c:ab:f9: - f7:e2:ac:23:72:a1:77:41:67:fc:b4:c9:dd:72:d8:25:3c:40: - 17:db:87:c0:6c:55:2c:26:d2:53:d5:e7:81:8e:b3:3f:e1:fd: - fd:73:4b:ee:75:44:04:a6:f1:56:aa:57:94:a3:5e:4d:45:49: - 4b:70:e2:bf:36:e9:8c:68:cf:37:f3:0f:ee:74:4a:ef:f8:8a: - 39:89:9f:3d:26:91:c8:cf:03:45:5a:13:8d:5f:ac:7c:c3:d9: - 34:1c:80:e5:33:40:fc:02:8a:04:36:93:ba:47:c5:bc:34:8b: - dc:30:4c:f5:b0:42:60:3b:59:2e:d6:c6:44:bb:44:dc:2a:05: - bd:f0:37:cc:16:27:a9:b5:f7:7d:fa:3a:7f:3c:64:62:cf:3a: - 2b:2d:85:82:bd:29:96:47:6f:a9:85:5c:4f:ae:72:eb:25:05: - e1:c8:f2:95:9e:02:03:2c:fe:06:1c:83:3a:d2:84:d4:84:17: - d8:49:84:3e:c6:3d:16:10:e5:65:25:68:a5:71:18:8c:2e:40: - a0:1c:43:ba:0f:bc:6c:07:25:29:1f:ab:1e:ff:d0:45:51:3f: - 3f:f5:a1:71:c8:35:87:47:14:c5:8e:1c:e2:94:ff:27:2c:ce: - aa:55:1c:c9 + 84:39:12:8b:3b:47:c1:57:60:70:5d:21:e4:1f:60:33:20:94: + ab:7d:50:62:55:bf:cc:78:13:40:9d:40:75:14:55:d5:71:e8: + 8a:26:3d:4a:85:94:02:6f:be:1c:84:69:6b:03:9d:74:a7:8c: + f1:0e:e4:4e:79:e3:fc:bd:1f:c7:fb:d6:bb:6e:aa:55:7f:ac: + 6f:da:84:08:b0:97:ef:24:d5:a3:d9:c1:67:78:08:7d:05:18: + c0:58:50:e8:fc:20:65:c6:0a:4e:3a:81:7a:64:0b:81:be:12: + 87:33:18:85:d3:e3:c3:ba:b5:b0:03:9a:16:e3:01:ae:a9:9a: + 9a:ea:84:5f:0e:5c:dd:d4:16:b8:38:e2:63:0a:4f:75:5f:44: + 0b:60:08:f3:d4:df:32:cf:5b:f9:7b:a0:b1:ba:ae:ed:0f:a1: + c5:71:6b:1a:19:13:b7:5f:18:e8:97:51:a2:d3:66:52:b9:8b: + 0e:47:22:c9:61:17:94:80:7c:3d:39:6f:5a:58:18:7b:2e:42: + ea:20:fa:67:58:bf:4c:58:7e:e8:c0:3d:15:08:96:84:57:a8: + 6c:66:58:9d:93:30:64:93:28:7e:cc:1b:a2:e4:f7:d8:69:9c: + 19:07:9f:90:7f:53:a8:4f:59:86:a2:0a:87:c7:35:3d:b7:9d: + 51:61:51:69 -----BEGIN CERTIFICATE----- -MIIE7DCCA9SgAwIBAgIBBTANBgkqhkiG9w0BAQsFADCBnzELMAkGA1UEBhMCVVMx +MIIE7jCCA9agAwIBAgIBBjANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM -B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSAwHgYDVQQDDBd3b2xmU1NM -IGludGVybWVkaWF0ZSBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv -bTAeFw0xNTEyMTQyMjI1MjNaFw0xODA5MDkyMjI1MjNaMIGYMQswCQYDVQQGEwJV -UzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEQMA4GA1UE -CgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcxGTAXBgNVBAMMEHd3dzIu -d29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEi -MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGNYroqr0zyV6EQ2dCZSo844m0 -pmehO+5thdHTK26xYtTxIkOg1belfbX1bAkGfIzvh69PNM4n6/NKN1fD19ju5KB3 -ZSynwhBla3tIxNgo/kxOT34vIMRJW3E4QA02o1ezRNq+zVQUFWYP0wUI8i4DZy5c -XeGw5sAlj1h3W9PXqCLqVtMOAW04NFZHqhLEuirv7Bj11Nu5+m/cUOvuEKIUtZoS -4eOFD3kUuHBtDRwdOFeFaoIM1r0svyDxKC72NICnDTKCNU/BseWeJtX4uTlXQ+/t -8RBcPjK62eSeQM0o6iZGm6k0jZ+5/UV9FPfOyjuFh6dkdJxlKRiz9bGtkmI5AgMB -AAGjggE2MIIBMjAJBgNVHRMEAjAAMB0GA1UdDgQWBBR9bf32C08/SmKR9fMTYFGG -w1qf1jCBxAYDVR0jBIG8MIG5gBSDxjqJLIH0AtedTOIqwHGCZETaDqGBnaSBmjCB -lzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1Nl -YXR0bGUxEDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgw -FgYDVQQDDA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s -ZnNzbC5jb22CAQEwCwYDVR0PBAQDAgXgMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEF -BQcwAYYWaHR0cDovL2xvY2FsaG9zdDoyMjIyMTANBgkqhkiG9w0BAQsFAAOCAQEA -ozNtkcO9tULmargfAdjvjKv59+KsI3Khd0Fn/LTJ3XLYJTxAF9uHwGxVLCbSU9Xn -gY6zP+H9/XNL7nVEBKbxVqpXlKNeTUVJS3DivzbpjGjPN/MP7nRK7/iKOYmfPSaR -yM8DRVoTjV+sfMPZNByA5TNA/AKKBDaTukfFvDSL3DBM9bBCYDtZLtbGRLtE3CoF -vfA3zBYnqbX3ffo6fzxkYs86Ky2Fgr0plkdvqYVcT65y6yUF4cjylZ4CAyz+BhyD -OtKE1IQX2EmEPsY9FhDlZSVopXEYjC5AoBxDug+8bAclKR+rHv/QRVE/P/Whccg1 -h0cUxY4c4pT/JyzOqlUcyQ== +B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NM +IGludGVybWVkaWF0ZSBDQSAxMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu +Y29tMB4XDTE1MTIxNTAxMjcyM1oXDTE4MDkxMDAxMjcyM1owgZgxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD +VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEZMBcGA1UEAwwQd3d3 +Mi53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMY1iuiqvTPJXoRDZ0JlKjzj +ibSmZ6E77m2F0dMrbrFi1PEiQ6DVt6V9tfVsCQZ8jO+Hr080zifr80o3V8PX2O7k +oHdlLKfCEGVre0jE2Cj+TE5Pfi8gxElbcThADTajV7NE2r7NVBQVZg/TBQjyLgNn +Llxd4bDmwCWPWHdb09eoIupW0w4BbTg0VkeqEsS6Ku/sGPXU27n6b9xQ6+4QohS1 +mhLh44UPeRS4cG0NHB04V4VqggzWvSy/IPEoLvY0gKcNMoI1T8Gx5Z4m1fi5OVdD +7+3xEFw+MrrZ5J5AzSjqJkabqTSNn7n9RX0U987KO4WHp2R0nGUpGLP1sa2SYjkC +AwEAAaOCATYwggEyMAkGA1UdEwQCMAAwHQYDVR0OBBYEFH1t/fYLTz9KYpH18xNg +UYbDWp/WMIHEBgNVHSMEgbwwgbmAFIPGOoksgfQC151M4irAcYJkRNoOoYGdpIGa +MIGXMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwH +U2VhdHRsZTEQMA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcx +GDAWBgNVBAMMD3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3 +b2xmc3NsLmNvbYIBATALBgNVHQ8EBAMCBeAwMgYIKwYBBQUHAQEEJjAkMCIGCCsG +AQUFBzABhhZodHRwOi8vbG9jYWxob3N0OjIyMjIxMA0GCSqGSIb3DQEBCwUAA4IB +AQCEORKLO0fBV2BwXSHkH2AzIJSrfVBiVb/MeBNAnUB1FFXVceiKJj1KhZQCb74c +hGlrA510p4zxDuROeeP8vR/H+9a7bqpVf6xv2oQIsJfvJNWj2cFneAh9BRjAWFDo +/CBlxgpOOoF6ZAuBvhKHMxiF0+PDurWwA5oW4wGuqZqa6oRfDlzd1Ba4OOJjCk91 +X0QLYAjz1N8yz1v5e6Cxuq7tD6HFcWsaGRO3Xxjol1Gi02ZSuYsORyLJYReUgHw9 +OW9aWBh7LkLqIPpnWL9MWH7owD0VCJaEV6hsZlidkzBkkyh+zBui5PfYaZwZB5+Q +f1OoT1mGogqHxzU9t51RYVFp -----END CERTIFICATE----- Certificate: Data: @@ -98,9 +98,9 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 14 22:25:23 2015 GMT - Not After : Sep 9 22:25:23 2018 GMT - Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL intermediate CA/emailAddress=info@wolfssl.com + Not Before: Dec 15 01:27:23 2015 GMT + Not After : Sep 10 01:27:23 2018 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL intermediate CA 1/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) @@ -140,49 +140,49 @@ Certificate: OCSP - URI:http://localhost:22220 Signature Algorithm: sha256WithRSAEncryption - 1b:83:ce:ad:1e:50:0f:3c:f0:26:17:23:c1:d5:98:88:c8:bc: - 30:5b:bb:01:bd:9b:cc:b3:45:0b:a3:7b:30:0a:54:3f:c7:36: - 16:4b:8b:cb:dd:d1:b3:7b:00:40:48:24:cb:46:3b:e7:e0:5c: - 7b:ec:ca:f8:e0:e5:34:5d:ae:e7:ac:87:15:cd:6c:7e:13:52: - 28:84:55:2b:2a:14:d9:fa:34:ce:fb:15:6c:10:47:c9:e6:ed: - 35:5b:4c:97:9c:dd:51:46:ac:2c:60:b7:2e:9d:2f:cb:0d:83: - 86:f0:a6:1b:6d:26:cb:7f:c4:97:51:6c:a1:a3:8d:6e:be:41: - 4a:ec:b0:cf:b4:ae:ad:e4:65:57:12:5d:bf:a0:78:ce:bf:4b: - 35:fe:bb:94:7a:f1:43:7d:0f:01:45:eb:d1:53:8b:19:db:bf: - 3e:4a:26:77:a1:b5:06:2a:64:ec:53:ca:ec:93:23:a2:4e:6a: - 82:8f:11:f4:cd:5f:6c:6e:22:cd:e1:1c:76:ce:49:f7:ca:43: - 65:aa:f5:9e:e7:ad:eb:99:4f:ff:db:fe:b8:91:ef:2c:ea:92: - 5f:bf:08:78:c1:90:22:37:f3:7e:c3:5b:fc:31:f0:5b:83:65: - 00:d6:5a:55:3a:a2:a8:3f:02:e5:ae:7a:37:7b:3c:39:e7:91: - 4a:2e:53:04 + 1e:07:eb:03:66:a7:54:e8:c5:e1:fe:c9:08:58:91:d8:1b:d6: + c8:69:a5:65:03:a3:1a:f4:eb:9d:cd:4a:c1:9d:cd:ac:39:0b: + 49:09:e7:9c:0f:12:cb:3f:29:e1:9c:d1:f4:68:14:02:2e:d3: + fe:3d:63:3c:26:80:38:91:03:c3:52:52:9e:66:4d:59:d1:80: + 97:eb:91:99:5f:e7:d5:8e:e7:c4:c0:d3:f3:12:2e:c9:05:3a: + 54:ed:38:f3:6f:f3:ae:74:18:47:b5:25:c6:e3:44:8c:27:bd: + 3f:bc:e3:f1:0e:e4:50:ff:4c:ec:30:d6:0d:9f:8f:d0:f6:be: + 43:73:94:8f:48:97:38:7c:e8:8a:53:fd:02:4e:0f:2c:14:53: + f4:4c:80:8a:09:b2:b8:a8:0e:11:75:a6:15:6a:5f:c8:06:7b: + ff:a3:76:d0:e8:70:0a:e0:b1:6d:88:54:06:c2:04:f9:81:b0: + 77:af:a4:80:1b:88:64:5e:db:ff:36:dc:e8:d2:7b:4e:55:40: + 3c:f7:cd:33:f9:66:59:2e:9c:18:c7:50:e6:b5:b9:c1:94:3b: + 78:46:05:a6:24:41:2a:28:b5:e8:92:d0:0d:47:18:e8:cc:6e: + e8:11:d2:2a:94:47:75:b5:80:f2:e8:83:34:cc:7f:22:8a:9e: + 49:be:30:c1 -----BEGIN CERTIFICATE----- -MIIE7jCCA9agAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx +MIIE8DCCA9igAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx -MjE0MjIyNTIzWhcNMTgwOTA5MjIyNTIzWjCBnzELMAkGA1UEBhMCVVMxEzARBgNV +MjE1MDEyNzIzWhcNMTgwOTEwMDEyNzIzWjCBoTELMAkGA1UEBhMCVVMxEzARBgNV BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT -U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSAwHgYDVQQDDBd3b2xmU1NMIGludGVy -bWVkaWF0ZSBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN60yFx34C2x9bmtFkc1oDVlZcbh -QKsetLkTt8uMu3eldtpth4f2Sk0T5CY+J4fuW8dqP0UwYVVc9jXRZfqYEaOnVdW+ -kYJL/L6Q1lBTY5osIuE1Edx4ApeK5EaSnFMIdt4fU7a4ync+eW680OMNMFtM9pQN -MClknwTl2/uJYGe7ryaDUXckLysLoZSBEJjo6yaoHnzkxGxnBpVVSt1S9PJgbQEr -GZE1baQIRwZxJADZ3sZW84tTLOKalqXzYuXE4yPy0vwh6g9ido3VmUjO3FjEu3/a -lCyAdIPF4LAVfkH9DvL08Hh2e60mDapIlhcvIeOVKyY3+aqAL/7e9l68l38CAwEA -AaOCATkwggE1MAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFIPGOoksgfQC151M4irA -cYJkRNoOMIHEBgNVHSMEgbwwgbmAFHOwHKQvgsvPR6U417AEgjp+chUhoYGdpIGa -MIGXMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwH -U2VhdHRsZTEQMA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcx -GDAWBgNVBAMMD3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3 -b2xmc3NsLmNvbYIBYzALBgNVHQ8EBAMCAQYwMgYIKwYBBQUHAQEEJjAkMCIGCCsG -AQUFBzABhhZodHRwOi8vbG9jYWxob3N0OjIyMjIwMA0GCSqGSIb3DQEBCwUAA4IB -AQAbg86tHlAPPPAmFyPB1ZiIyLwwW7sBvZvMs0ULo3swClQ/xzYWS4vL3dGzewBA -SCTLRjvn4Fx77Mr44OU0Xa7nrIcVzWx+E1IohFUrKhTZ+jTO+xVsEEfJ5u01W0yX -nN1RRqwsYLcunS/LDYOG8KYbbSbLf8SXUWyho41uvkFK7LDPtK6t5GVXEl2/oHjO -v0s1/ruUevFDfQ8BRevRU4sZ278+SiZ3obUGKmTsU8rskyOiTmqCjxH0zV9sbiLN -4Rx2zkn3ykNlqvWe563rmU//2/64ke8s6pJfvwh4wZAiN/N+w1v8MfBbg2UA1lpV -OqKoPwLlrno3ezw555FKLlME +U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NMIGludGVy +bWVkaWF0ZSBDQSAxMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3rTIXHfgLbH1ua0WRzWgNWVl +xuFAqx60uRO3y4y7d6V22m2Hh/ZKTRPkJj4nh+5bx2o/RTBhVVz2NdFl+pgRo6dV +1b6Rgkv8vpDWUFNjmiwi4TUR3HgCl4rkRpKcUwh23h9TtrjKdz55brzQ4w0wW0z2 +lA0wKWSfBOXb+4lgZ7uvJoNRdyQvKwuhlIEQmOjrJqgefOTEbGcGlVVK3VL08mBt +ASsZkTVtpAhHBnEkANnexlbzi1Ms4pqWpfNi5cTjI/LS/CHqD2J2jdWZSM7cWMS7 +f9qULIB0g8XgsBV+Qf0O8vTweHZ7rSYNqkiWFy8h45UrJjf5qoAv/t72XryXfwID +AQABo4IBOTCCATUwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUg8Y6iSyB9ALXnUzi +KsBxgmRE2g4wgcQGA1UdIwSBvDCBuYAUc7AcpC+Cy89HpTjXsASCOn5yFSGhgZ2k +gZowgZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQH +DAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmlu +ZzEYMBYGA1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkBFhBpbmZv +QHdvbGZzc2wuY29tggFjMAsGA1UdDwQEAwIBBjAyBggrBgEFBQcBAQQmMCQwIgYI +KwYBBQUHMAGGFmh0dHA6Ly9sb2NhbGhvc3Q6MjIyMjAwDQYJKoZIhvcNAQELBQAD +ggEBAB4H6wNmp1ToxeH+yQhYkdgb1shppWUDoxr0653NSsGdzaw5C0kJ55wPEss/ +KeGc0fRoFAIu0/49YzwmgDiRA8NSUp5mTVnRgJfrkZlf59WO58TA0/MSLskFOlTt +OPNv8650GEe1JcbjRIwnvT+84/EO5FD/TOww1g2fj9D2vkNzlI9Ilzh86IpT/QJO +DywUU/RMgIoJsrioDhF1phVqX8gGe/+jdtDocArgsW2IVAbCBPmBsHevpIAbiGRe +2/823OjSe05VQDz3zTP5ZlkunBjHUOa1ucGUO3hGBaYkQSooteiS0A1HGOjMbugR +0iqUR3W1gPLogzTMfyKKnkm+MME= -----END CERTIFICATE----- Certificate: Data: @@ -191,8 +191,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 14 22:25:23 2015 GMT - Not After : Sep 9 22:25:23 2018 GMT + Not Before: Dec 15 01:27:23 2015 GMT + Not After : Sep 10 01:27:23 2018 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -233,27 +233,27 @@ Certificate: OCSP - URI:http://localhost:22220 Signature Algorithm: sha256WithRSAEncryption - 99:fc:b4:e2:1b:08:32:4b:8e:b3:fa:b4:08:53:f6:55:36:01: - ec:25:89:80:64:60:31:3b:0c:a3:6f:be:73:f7:1a:12:d1:7e: - 3d:db:80:30:72:a8:26:63:35:80:81:b6:61:16:34:c0:fd:e6: - f3:dd:a5:4a:dc:7e:85:87:57:5d:48:8e:09:46:89:89:f8:66: - 56:b5:7d:57:8e:d2:b7:77:3a:b7:51:15:97:fa:e9:d7:72:a5: - e0:e6:51:9a:f3:d8:89:7d:2c:a5:bf:34:7b:d8:f4:2f:b5:4e: - 63:97:a7:5b:69:1a:e2:1c:d8:5f:ca:a8:61:79:dc:01:40:b7: - 43:09:a7:31:a2:dd:b2:c2:0d:98:06:41:c6:60:a7:25:21:cd: - 45:84:fb:34:c7:3b:74:ed:92:c9:d9:34:8e:dc:d5:43:9e:e4: - 60:ff:b1:d8:a0:5a:5d:7d:53:8e:62:e7:b3:8c:64:cf:42:0d: - c6:e5:13:20:20:be:4b:60:5f:6f:f3:15:5b:9c:82:62:03:9f: - 94:d4:b2:8b:86:af:ed:3b:8f:20:68:4d:14:78:23:37:d7:aa: - d9:5e:89:e5:80:7a:6b:a4:b8:63:6f:df:32:ad:cd:5e:5f:60: - f8:e4:fc:3a:ce:67:e7:7a:3b:68:36:98:15:4c:05:f0:53:e7: - d5:08:52:a3 + 5a:9d:7f:40:a7:10:51:e5:d7:b3:23:dd:e7:25:c2:bc:00:5a: + d0:6e:cf:26:bb:c1:1d:38:89:ac:3c:0c:37:60:6c:aa:8a:54: + 6b:a4:44:79:d5:49:f5:13:ed:bc:00:4c:dd:ed:eb:2e:64:44: + 9c:4c:96:8a:6a:e6:f6:4d:0a:63:f0:f5:18:e3:5e:72:fc:5a: + 3f:1b:4c:27:eb:6e:57:9d:d5:8e:3d:ee:28:3f:1b:7b:e0:25: + b9:0c:95:21:cd:bd:12:8f:4a:c4:b2:cc:80:da:b5:59:49:4d: + 32:d5:96:90:a0:ec:47:8c:15:0b:de:2a:22:be:d6:d4:d7:09: + d1:85:48:4f:33:92:04:30:d1:d5:14:cb:bd:ab:96:06:93:18: + 62:ed:8f:29:f8:b6:66:06:a7:f1:3a:ae:15:62:36:90:89:de: + 41:41:f2:44:35:ea:4c:7b:fc:0b:6f:08:46:09:de:35:5f:e3: + e6:f3:5a:08:70:a4:28:df:a6:c7:17:d1:c3:ec:70:09:c2:06: + c7:12:29:b9:d6:d6:26:7d:2c:df:86:c7:4d:0a:c6:98:2b:61: + 14:b3:b3:29:8e:c1:85:18:db:fd:54:9d:fe:99:a9:90:d1:c6: + 08:2b:4f:6c:16:47:d9:16:fc:7b:0c:84:a7:15:b0:78:41:48: + 87:f5:98:78 -----BEGIN CERTIFICATE----- MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx -MjE0MjIyNTIzWhcNMTgwOTA5MjIyNTIzWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV +MjE1MDEyNzIzWhcNMTgwOTEwMDEyNzIzWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 @@ -269,11 +269,11 @@ A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW -aHR0cDovL2xvY2FsaG9zdDoyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAmfy04hsI -MkuOs/q0CFP2VTYB7CWJgGRgMTsMo2++c/caEtF+PduAMHKoJmM1gIG2YRY0wP3m -892lStx+hYdXXUiOCUaJifhmVrV9V47St3c6t1EVl/rp13Kl4OZRmvPYiX0spb80 -e9j0L7VOY5enW2ka4hzYX8qoYXncAUC3QwmnMaLdssINmAZBxmCnJSHNRYT7NMc7 -dO2Sydk0jtzVQ57kYP+x2KBaXX1TjmLns4xkz0INxuUTICC+S2Bfb/MVW5yCYgOf -lNSyi4av7TuPIGhNFHgjN9eq2V6J5YB6a6S4Y2/fMq3NXl9g+OT8Os5n53o7aDaY -FUwF8FPn1QhSow== +aHR0cDovL2xvY2FsaG9zdDoyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAWp1/QKcQ +UeXXsyPd5yXCvABa0G7PJrvBHTiJrDwMN2BsqopUa6REedVJ9RPtvABM3e3rLmRE +nEyWimrm9k0KY/D1GONecvxaPxtMJ+tuV53Vjj3uKD8be+AluQyVIc29Eo9KxLLM +gNq1WUlNMtWWkKDsR4wVC94qIr7W1NcJ0YVITzOSBDDR1RTLvauWBpMYYu2PKfi2 +Zgan8TquFWI2kIneQUHyRDXqTHv8C28IRgneNV/j5vNaCHCkKN+mxxfRw+xwCcIG +xxIpudbWJn0s34bHTQrGmCthFLOzKY7BhRjb/VSd/pmpkNHGCCtPbBZH2Rb8ewyE +pxWweEFIh/WYeA== -----END CERTIFICATE----- diff --git a/certs/ocsp/server3-cert.pem b/certs/ocsp/server3-cert.pem index fe24c1698..f707abecf 100644 --- a/certs/ocsp/server3-cert.pem +++ b/certs/ocsp/server3-cert.pem @@ -1,12 +1,12 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: 6 (0x6) + Serial Number: 7 (0x7) Signature Algorithm: sha256WithRSAEncryption - Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL REVOKED intermediate CA/emailAddress=info@wolfssl.com + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL intermediate CA 2/emailAddress=info@wolfssl.com Validity - Not Before: Dec 14 22:25:23 2015 GMT - Not After : Sep 9 22:25:23 2018 GMT + Not Before: Dec 15 01:27:23 2015 GMT + Not After : Sep 10 01:27:23 2018 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=www3.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -47,49 +47,49 @@ Certificate: OCSP - URI:http://localhost:22222 Signature Algorithm: sha256WithRSAEncryption - c6:3a:40:31:ac:3c:32:72:03:a9:35:86:b5:04:db:d9:39:e0: - 9a:96:54:d4:7f:b8:fe:49:2a:86:37:d8:30:a7:df:1f:08:c6: - 34:77:e3:95:6e:b8:5f:7a:2f:cd:71:04:55:e7:c1:a3:d5:14: - 93:13:b2:69:7c:6a:36:bc:09:15:f8:5a:ab:af:c8:d2:f6:ba: - ee:2b:6b:30:d4:a6:4a:48:08:f8:58:39:1b:6b:67:dd:4c:f9: - ee:9f:c7:cc:e7:19:68:b1:cb:d1:9d:7c:42:12:c5:25:ff:6d: - 81:24:cf:76:06:9c:a6:39:53:60:08:fe:d6:5b:ef:9e:2c:3d: - bf:23:1e:8b:db:0f:57:ae:c4:ee:af:b3:0a:54:86:ad:65:a4: - 6b:a2:c3:ec:34:0a:c3:75:a5:06:2e:67:1c:61:52:61:61:6c: - c4:86:15:71:ea:ac:e2:9f:b7:ae:65:59:89:ab:41:ec:4a:a1: - d8:17:d6:15:cc:98:d7:67:a2:0b:2f:2e:85:ce:e5:32:5a:e1: - c6:54:aa:37:31:ba:f8:31:16:bb:de:3a:d7:9d:9e:63:5d:69: - 25:9f:0e:5a:f3:9d:7f:86:0a:15:3e:64:04:8a:0c:f7:b7:e8: - ec:4f:9f:4e:25:ef:1e:44:a0:73:ca:2e:5b:c0:f1:38:c5:15: - 29:45:04:11 + 12:62:57:58:a4:74:c0:b3:f1:d7:63:8b:1d:ba:79:99:88:76: + 5f:88:3b:e3:53:8d:d3:88:d0:98:91:3b:72:31:e9:03:5d:d5: + 1d:fe:6a:59:e8:a0:46:5b:4a:5a:3c:ce:60:27:00:36:68:49: + 35:22:cd:16:01:5f:94:67:5e:80:1a:2f:a6:21:4b:1a:d2:f8: + 70:ba:39:0f:d4:54:44:c8:6d:f4:1c:bc:fa:b3:72:32:e5:56: + 18:b8:c0:4c:98:21:56:36:a3:83:94:60:a9:a1:de:8c:7d:22: + 46:40:ac:92:7c:4a:44:6c:24:36:78:ab:f6:93:4f:44:f6:82: + 2e:ba:bc:7f:45:c2:51:be:fa:05:bb:d1:8a:95:84:38:f0:1d: + c7:66:8d:5e:44:05:26:48:b2:bd:4e:56:7a:17:28:b2:fa:3a: + 25:ce:7e:83:9a:ee:76:b0:02:54:a3:65:78:7c:7b:1e:49:ad: + 7f:65:5e:a8:cc:59:1e:fb:61:27:b6:3f:df:31:11:49:06:01: + 58:55:84:35:3e:f6:db:5a:e9:fd:2f:0a:b0:f7:c7:fb:d9:59: + 86:c6:cd:0c:f2:a6:f9:0a:ef:4b:ab:ca:a6:16:b4:df:0f:0d: + c6:d1:32:4f:0d:f9:a8:2a:28:a1:be:e2:c3:62:7e:74:90:58: + bc:67:89:20 -----BEGIN CERTIFICATE----- -MIIE9DCCA9ygAwIBAgIBBjANBgkqhkiG9w0BAQsFADCBpzELMAkGA1UEBhMCVVMx +MIIE7jCCA9agAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM -B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSgwJgYDVQQDDB93b2xmU1NM -IFJFVk9LRUQgaW50ZXJtZWRpYXRlIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv -bGZzc2wuY29tMB4XDTE1MTIxNDIyMjUyM1oXDTE4MDkwOTIyMjUyM1owgZgxCzAJ -BgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxl -MRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEZMBcGA1UE -AwwQd3d3My53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3Ns -LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL4ZZR4XOdQz/Jdk -aYBR+2x8yuG6KqvS3TBh8y5HwdQzwP9TIbotFKa5fGbKRXscfY/8dfOaafFsJUag -kl0Ak+MipmC5lwU3f6GqzSKBcrEiRz18jUZVvDJN0oRDXBVDByJwNjmTG+ihRrsC -hbodMayxPIRb648fYopxUp4LY7bm1kbMGQbWuwaB5AslFGxjlHAaJzeVJEAHMPUk -c8O9+Q5fts1PGIjw16Ob9bAe/gQDpY1z92sxdIX9YfqeUzd1kOb4tZhm6FJNSkw5 -BWXBNPnGlSewB8FRlqiCGyLPQd/etJS3Dbph+/RAfKH8oimjR020lJ17UezkE/vN -6SbKp5MCAwEAAaOCATYwggEyMAkGA1UdEwQCMAAwHQYDVR0OBBYEFMHNwCw09Du7 -48qYNX1qFTOUXBE6MIHEBgNVHSMEgbwwgbmAFAXRuoYAou4qBSS3Ea0tYPGQFI8X -oYGdpIGaMIGXMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4G -A1UEBwwHU2VhdHRsZTEQMA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5l -ZXJpbmcxGDAWBgNVBAMMD3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQ -aW5mb0B3b2xmc3NsLmNvbYIBAjALBgNVHQ8EBAMCBeAwMgYIKwYBBQUHAQEEJjAk -MCIGCCsGAQUFBzABhhZodHRwOi8vbG9jYWxob3N0OjIyMjIyMA0GCSqGSIb3DQEB -CwUAA4IBAQDGOkAxrDwycgOpNYa1BNvZOeCallTUf7j+SSqGN9gwp98fCMY0d+OV -brhfei/NcQRV58Gj1RSTE7JpfGo2vAkV+Fqrr8jS9rruK2sw1KZKSAj4WDkba2fd -TPnun8fM5xloscvRnXxCEsUl/22BJM92BpymOVNgCP7WW++eLD2/Ix6L2w9XrsTu -r7MKVIatZaRrosPsNArDdaUGLmccYVJhYWzEhhVx6qzin7euZVmJq0HsSqHYF9YV -zJjXZ6ILLy6FzuUyWuHGVKo3Mbr4MRa73jrXnZ5jXWklnw5a851/hgoVPmQEigz3 -t+jsT59OJe8eRKBzyi5bwPE4xRUpRQQR +B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NM +IGludGVybWVkaWF0ZSBDQSAyMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu +Y29tMB4XDTE1MTIxNTAxMjcyM1oXDTE4MDkxMDAxMjcyM1owgZgxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD +VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEZMBcGA1UEAwwQd3d3 +My53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL4ZZR4XOdQz/JdkaYBR+2x8 +yuG6KqvS3TBh8y5HwdQzwP9TIbotFKa5fGbKRXscfY/8dfOaafFsJUagkl0Ak+Mi +pmC5lwU3f6GqzSKBcrEiRz18jUZVvDJN0oRDXBVDByJwNjmTG+ihRrsChbodMayx +PIRb648fYopxUp4LY7bm1kbMGQbWuwaB5AslFGxjlHAaJzeVJEAHMPUkc8O9+Q5f +ts1PGIjw16Ob9bAe/gQDpY1z92sxdIX9YfqeUzd1kOb4tZhm6FJNSkw5BWXBNPnG +lSewB8FRlqiCGyLPQd/etJS3Dbph+/RAfKH8oimjR020lJ17UezkE/vN6SbKp5MC +AwEAAaOCATYwggEyMAkGA1UdEwQCMAAwHQYDVR0OBBYEFMHNwCw09Du748qYNX1q +FTOUXBE6MIHEBgNVHSMEgbwwgbmAFAXRuoYAou4qBSS3Ea0tYPGQFI8XoYGdpIGa +MIGXMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwH +U2VhdHRsZTEQMA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcx +GDAWBgNVBAMMD3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3 +b2xmc3NsLmNvbYIBAjALBgNVHQ8EBAMCBeAwMgYIKwYBBQUHAQEEJjAkMCIGCCsG +AQUFBzABhhZodHRwOi8vbG9jYWxob3N0OjIyMjIyMA0GCSqGSIb3DQEBCwUAA4IB +AQASYldYpHTAs/HXY4sdunmZiHZfiDvjU43TiNCYkTtyMekDXdUd/mpZ6KBGW0pa +PM5gJwA2aEk1Is0WAV+UZ16AGi+mIUsa0vhwujkP1FREyG30HLz6s3Iy5VYYuMBM +mCFWNqODlGCpod6MfSJGQKySfEpEbCQ2eKv2k09E9oIuurx/RcJRvvoFu9GKlYQ4 +8B3HZo1eRAUmSLK9TlZ6Fyiy+jolzn6Dmu52sAJUo2V4fHseSa1/ZV6ozFke+2En +tj/fMRFJBgFYVYQ1PvbbWun9Lwqw98f72VmGxs0M8qb5Cu9Lq8qmFrTfDw3G0TJP +DfmoKiihvuLDYn50kFi8Z4kg -----END CERTIFICATE----- Certificate: Data: @@ -98,9 +98,9 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 14 22:25:23 2015 GMT - Not After : Sep 9 22:25:23 2018 GMT - Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL REVOKED intermediate CA/emailAddress=info@wolfssl.com + Not Before: Dec 15 01:27:23 2015 GMT + Not After : Sep 10 01:27:23 2018 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL intermediate CA 2/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) @@ -140,49 +140,49 @@ Certificate: OCSP - URI:http://localhost:22220 Signature Algorithm: sha256WithRSAEncryption - 85:95:3d:99:83:f5:4b:6f:b5:87:88:7a:2f:fe:02:c6:a5:2d: - 55:ff:e6:f3:72:c2:ed:2b:3f:cd:b5:59:5b:30:19:6e:5f:7b: - 2d:48:1e:d1:8e:65:04:86:0e:ef:01:50:ed:d7:ff:23:7e:2c: - 40:37:48:9d:aa:82:cb:82:c9:d7:f4:07:8b:73:6a:3a:fb:1b: - 2f:9d:e7:af:14:5f:2b:49:b2:87:3a:eb:c3:0f:f2:13:d7:49: - 6c:9a:d2:26:39:fa:f8:48:f4:9b:19:30:95:39:67:d8:63:37: - d6:b9:bf:fd:32:e1:fc:a9:2a:97:99:cb:cf:f6:fa:42:4b:ee: - 0e:87:92:16:dc:7e:70:dc:46:ee:8d:52:14:74:b5:6c:4b:9e: - e4:e7:b6:46:1c:82:2b:c5:4c:7d:84:f0:65:15:78:8c:2c:c7: - 7e:6d:db:8d:fc:64:4c:61:a0:b4:87:83:f6:04:59:71:43:8b: - 40:03:ad:e0:18:b9:94:0e:b9:05:22:6a:52:92:fe:48:04:cf: - a4:8c:ca:f6:f6:1c:29:c8:b0:83:a1:79:1a:9a:49:5a:73:c4: - 3d:16:4a:f7:c9:b5:dd:67:2b:bd:7c:11:ac:7f:74:8f:4b:dd: - ed:d3:ea:b8:6d:3a:3e:e7:ff:fc:d8:05:7b:47:49:c0:cc:6e: - 9a:71:23:96 + 6a:f5:af:1f:f7:43:ef:10:74:6d:1f:e5:2e:72:5f:d1:84:40: + c8:60:79:b7:66:2e:46:39:bf:95:ca:fe:83:0a:8a:f4:52:6e: + d2:d3:a5:54:7b:0c:29:35:a0:75:7a:e5:35:5d:99:0a:d9:13: + ca:80:46:a0:a2:6d:d5:c4:ff:0c:d5:da:ec:54:86:df:ce:a7: + 92:1a:c7:f6:12:74:04:74:9f:06:39:82:b1:1e:af:47:de:b5: + b7:21:c1:3b:22:27:e3:d0:3f:70:d3:27:1c:63:e0:01:12:80: + 20:e7:ac:6c:f0:8f:7a:72:54:8a:21:2d:0e:17:6c:9d:01:fd: + 42:96:e1:7a:d5:43:d5:65:9b:0b:7c:dd:b6:90:da:cc:3c:d7: + 7a:d3:e2:63:07:e3:96:a7:96:84:d6:0c:9e:31:e0:72:cd:91: + 54:cf:16:38:af:c8:23:04:ce:98:2c:61:11:28:70:d7:34:69: + 55:b7:e0:5b:87:a6:c4:a4:c5:bf:8f:e0:04:5d:e4:14:22:04: + 21:a1:9b:01:19:50:29:03:9d:81:be:e4:ba:4d:68:1c:2f:e4: + e6:05:02:c2:e7:b4:ef:45:be:80:dc:a3:86:58:cf:02:cf:6a: + 69:8d:2b:69:69:cd:81:27:63:e8:2d:55:2a:00:de:0b:15:2c: + 53:95:72:29 -----BEGIN CERTIFICATE----- -MIIE9jCCA96gAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx +MIIE8DCCA9igAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx -MjE0MjIyNTIzWhcNMTgwOTA5MjIyNTIzWjCBpzELMAkGA1UEBhMCVVMxEzARBgNV +MjE1MDEyNzIzWhcNMTgwOTEwMDEyNzIzWjCBoTELMAkGA1UEBhMCVVMxEzARBgNV BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT -U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSgwJgYDVQQDDB93b2xmU1NMIFJFVk9L -RUQgaW50ZXJtZWRpYXRlIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu -Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0CA8NRlvLES0fkLH -dbRqK6kjhb+HtO7K10sfMdcRAqGrWD373FHKOh0flaZWgveP/2tQu+oQ4UcdNXcu -SyjFU0YjK4L9WtP0IdsO4PJ2M0ezAL46sSOYU+vqoN4bzAVO7mOoLJMk1ph4dAPk -yIlDYfEluM07h8ExJf26TPwplEWeaddnCoqO1VKTMKIO3WocsJR321JSt4khvpZ1 -JMvpSd+BnZ34VX0BKut4AxLiIG7bYzXNoZbw+IwgNWmHAcq0VDagFeAjfbn7vpkF -UPC/7H8S4T11FU7IwjDmi/7li1X4RF7l41bgZi1vQlpFa5aqx11BCF/O19yfIORG -eP/ZmQIDAQABo4IBOTCCATUwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUBdG6hgCi -7ioFJLcRrS1g8ZAUjxcwgcQGA1UdIwSBvDCBuYAUc7AcpC+Cy89HpTjXsASCOn5y -FSGhgZ2kgZowgZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAw -DgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdp -bmVlcmluZzEYMBYGA1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkB -FhBpbmZvQHdvbGZzc2wuY29tggFjMAsGA1UdDwQEAwIBBjAyBggrBgEFBQcBAQQm -MCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9sb2NhbGhvc3Q6MjIyMjAwDQYJKoZIhvcN -AQELBQADggEBAIWVPZmD9UtvtYeIei/+AsalLVX/5vNywu0rP821WVswGW5fey1I -HtGOZQSGDu8BUO3X/yN+LEA3SJ2qgsuCydf0B4tzajr7Gy+d568UXytJsoc668MP -8hPXSWya0iY5+vhI9JsZMJU5Z9hjN9a5v/0y4fypKpeZy8/2+kJL7g6HkhbcfnDc -Ru6NUhR0tWxLnuTntkYcgivFTH2E8GUVeIwsx35t2438ZExhoLSHg/YEWXFDi0AD -reAYuZQOuQUialKS/kgEz6SMyvb2HCnIsIOheRqaSVpzxD0WSvfJtd1nK718Eax/ -dI9L3e3T6rhtOj7n//zYBXtHScDMbppxI5Y= +U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NMIGludGVy +bWVkaWF0ZSBDQSAyMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0CA8NRlvLES0fkLHdbRqK6kj +hb+HtO7K10sfMdcRAqGrWD373FHKOh0flaZWgveP/2tQu+oQ4UcdNXcuSyjFU0Yj +K4L9WtP0IdsO4PJ2M0ezAL46sSOYU+vqoN4bzAVO7mOoLJMk1ph4dAPkyIlDYfEl +uM07h8ExJf26TPwplEWeaddnCoqO1VKTMKIO3WocsJR321JSt4khvpZ1JMvpSd+B +nZ34VX0BKut4AxLiIG7bYzXNoZbw+IwgNWmHAcq0VDagFeAjfbn7vpkFUPC/7H8S +4T11FU7IwjDmi/7li1X4RF7l41bgZi1vQlpFa5aqx11BCF/O19yfIORGeP/ZmQID +AQABo4IBOTCCATUwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUBdG6hgCi7ioFJLcR +rS1g8ZAUjxcwgcQGA1UdIwSBvDCBuYAUc7AcpC+Cy89HpTjXsASCOn5yFSGhgZ2k +gZowgZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQH +DAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmlu +ZzEYMBYGA1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkBFhBpbmZv +QHdvbGZzc2wuY29tggFjMAsGA1UdDwQEAwIBBjAyBggrBgEFBQcBAQQmMCQwIgYI +KwYBBQUHMAGGFmh0dHA6Ly9sb2NhbGhvc3Q6MjIyMjAwDQYJKoZIhvcNAQELBQAD +ggEBAGr1rx/3Q+8QdG0f5S5yX9GEQMhgebdmLkY5v5XK/oMKivRSbtLTpVR7DCk1 +oHV65TVdmQrZE8qARqCibdXE/wzV2uxUht/Op5Iax/YSdAR0nwY5grEer0fetbch +wTsiJ+PQP3DTJxxj4AESgCDnrGzwj3pyVIohLQ4XbJ0B/UKW4XrVQ9Vlmwt83baQ +2sw813rT4mMH45anloTWDJ4x4HLNkVTPFjivyCMEzpgsYREocNc0aVW34FuHpsSk +xb+P4ARd5BQiBCGhmwEZUCkDnYG+5LpNaBwv5OYFAsLntO9FvoDco4ZYzwLPammN +K2lpzYEnY+gtVSoA3gsVLFOVcik= -----END CERTIFICATE----- Certificate: Data: @@ -191,8 +191,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 14 22:25:23 2015 GMT - Not After : Sep 9 22:25:23 2018 GMT + Not Before: Dec 15 01:27:23 2015 GMT + Not After : Sep 10 01:27:23 2018 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -233,27 +233,27 @@ Certificate: OCSP - URI:http://localhost:22220 Signature Algorithm: sha256WithRSAEncryption - 99:fc:b4:e2:1b:08:32:4b:8e:b3:fa:b4:08:53:f6:55:36:01: - ec:25:89:80:64:60:31:3b:0c:a3:6f:be:73:f7:1a:12:d1:7e: - 3d:db:80:30:72:a8:26:63:35:80:81:b6:61:16:34:c0:fd:e6: - f3:dd:a5:4a:dc:7e:85:87:57:5d:48:8e:09:46:89:89:f8:66: - 56:b5:7d:57:8e:d2:b7:77:3a:b7:51:15:97:fa:e9:d7:72:a5: - e0:e6:51:9a:f3:d8:89:7d:2c:a5:bf:34:7b:d8:f4:2f:b5:4e: - 63:97:a7:5b:69:1a:e2:1c:d8:5f:ca:a8:61:79:dc:01:40:b7: - 43:09:a7:31:a2:dd:b2:c2:0d:98:06:41:c6:60:a7:25:21:cd: - 45:84:fb:34:c7:3b:74:ed:92:c9:d9:34:8e:dc:d5:43:9e:e4: - 60:ff:b1:d8:a0:5a:5d:7d:53:8e:62:e7:b3:8c:64:cf:42:0d: - c6:e5:13:20:20:be:4b:60:5f:6f:f3:15:5b:9c:82:62:03:9f: - 94:d4:b2:8b:86:af:ed:3b:8f:20:68:4d:14:78:23:37:d7:aa: - d9:5e:89:e5:80:7a:6b:a4:b8:63:6f:df:32:ad:cd:5e:5f:60: - f8:e4:fc:3a:ce:67:e7:7a:3b:68:36:98:15:4c:05:f0:53:e7: - d5:08:52:a3 + 5a:9d:7f:40:a7:10:51:e5:d7:b3:23:dd:e7:25:c2:bc:00:5a: + d0:6e:cf:26:bb:c1:1d:38:89:ac:3c:0c:37:60:6c:aa:8a:54: + 6b:a4:44:79:d5:49:f5:13:ed:bc:00:4c:dd:ed:eb:2e:64:44: + 9c:4c:96:8a:6a:e6:f6:4d:0a:63:f0:f5:18:e3:5e:72:fc:5a: + 3f:1b:4c:27:eb:6e:57:9d:d5:8e:3d:ee:28:3f:1b:7b:e0:25: + b9:0c:95:21:cd:bd:12:8f:4a:c4:b2:cc:80:da:b5:59:49:4d: + 32:d5:96:90:a0:ec:47:8c:15:0b:de:2a:22:be:d6:d4:d7:09: + d1:85:48:4f:33:92:04:30:d1:d5:14:cb:bd:ab:96:06:93:18: + 62:ed:8f:29:f8:b6:66:06:a7:f1:3a:ae:15:62:36:90:89:de: + 41:41:f2:44:35:ea:4c:7b:fc:0b:6f:08:46:09:de:35:5f:e3: + e6:f3:5a:08:70:a4:28:df:a6:c7:17:d1:c3:ec:70:09:c2:06: + c7:12:29:b9:d6:d6:26:7d:2c:df:86:c7:4d:0a:c6:98:2b:61: + 14:b3:b3:29:8e:c1:85:18:db:fd:54:9d:fe:99:a9:90:d1:c6: + 08:2b:4f:6c:16:47:d9:16:fc:7b:0c:84:a7:15:b0:78:41:48: + 87:f5:98:78 -----BEGIN CERTIFICATE----- MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx -MjE0MjIyNTIzWhcNMTgwOTA5MjIyNTIzWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV +MjE1MDEyNzIzWhcNMTgwOTEwMDEyNzIzWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 @@ -269,11 +269,11 @@ A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW -aHR0cDovL2xvY2FsaG9zdDoyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAmfy04hsI -MkuOs/q0CFP2VTYB7CWJgGRgMTsMo2++c/caEtF+PduAMHKoJmM1gIG2YRY0wP3m -892lStx+hYdXXUiOCUaJifhmVrV9V47St3c6t1EVl/rp13Kl4OZRmvPYiX0spb80 -e9j0L7VOY5enW2ka4hzYX8qoYXncAUC3QwmnMaLdssINmAZBxmCnJSHNRYT7NMc7 -dO2Sydk0jtzVQ57kYP+x2KBaXX1TjmLns4xkz0INxuUTICC+S2Bfb/MVW5yCYgOf -lNSyi4av7TuPIGhNFHgjN9eq2V6J5YB6a6S4Y2/fMq3NXl9g+OT8Os5n53o7aDaY -FUwF8FPn1QhSow== +aHR0cDovL2xvY2FsaG9zdDoyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAWp1/QKcQ +UeXXsyPd5yXCvABa0G7PJrvBHTiJrDwMN2BsqopUa6REedVJ9RPtvABM3e3rLmRE +nEyWimrm9k0KY/D1GONecvxaPxtMJ+tuV53Vjj3uKD8be+AluQyVIc29Eo9KxLLM +gNq1WUlNMtWWkKDsR4wVC94qIr7W1NcJ0YVITzOSBDDR1RTLvauWBpMYYu2PKfi2 +Zgan8TquFWI2kIneQUHyRDXqTHv8C28IRgneNV/j5vNaCHCkKN+mxxfRw+xwCcIG +xxIpudbWJn0s34bHTQrGmCthFLOzKY7BhRjb/VSd/pmpkNHGCCtPbBZH2Rb8ewyE +pxWweEFIh/WYeA== -----END CERTIFICATE----- diff --git a/certs/ocsp/server4-cert.pem b/certs/ocsp/server4-cert.pem new file mode 100644 index 000000000..a73be3fea --- /dev/null +++ b/certs/ocsp/server4-cert.pem @@ -0,0 +1,279 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 8 (0x8) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL intermediate CA 2/emailAddress=info@wolfssl.com + Validity + Not Before: Dec 15 01:27:23 2015 GMT + Not After : Sep 10 01:27:23 2018 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=www4.wolfssl.com/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:9c:ef:8a:7e:84:4d:58:7a:b1:91:c8:cb:68:76: + df:fe:0a:29:fe:7f:74:35:d5:c3:fd:43:be:d7:89: + fc:59:51:5a:30:e9:50:14:84:24:d0:c8:72:7d:d6: + 75:42:12:8b:16:ad:5a:e8:d3:84:a7:07:2b:9e:12: + ef:6a:cd:3e:83:14:b7:26:a2:53:7b:3d:6c:96:7f: + 9c:c5:09:08:0e:55:08:19:b7:5a:1c:46:32:09:da: + 44:b2:ca:fd:4a:e4:be:d0:02:c9:c9:48:03:13:a5: + ad:3e:7b:21:cf:05:3a:b9:25:f5:c1:b8:4e:4d:eb: + 33:99:d1:50:4a:eb:f7:1a:08:6b:d0:5c:9d:48:eb: + 98:fd:dc:89:0f:aa:74:d3:7f:03:1b:59:65:f5:86: + e1:d9:53:ab:e4:53:ab:85:3c:79:8b:45:39:7b:fd: + e9:a2:10:b9:fa:92:71:0e:68:36:66:6e:8c:fb:e2: + 8a:5d:5f:72:66:b0:47:2d:c5:b4:93:ce:61:7f:90: + 1a:64:02:dd:57:9d:f1:f1:e8:75:21:e2:af:44:e3: + 96:f5:1c:e3:73:87:dc:b7:05:12:ad:a5:8f:0c:d8: + 2c:b4:90:b3:d9:e7:13:e1:e5:5e:4c:9b:24:89:08: + 07:9e:aa:6b:9f:64:01:da:ec:95:05:45:84:d9:a9: + db:c7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 9A:D6:EF:4E:0A:7B:8B:74:E6:14:EC:35:9A:05:2A:94:68:09:61:58 + X509v3 Authority Key Identifier: + keyid:05:D1:BA:86:00:A2:EE:2A:05:24:B7:11:AD:2D:60:F1:90:14:8F:17 + DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com + serial:02 + + X509v3 Key Usage: + Digital Signature, Non Repudiation, Key Encipherment + Authority Information Access: + OCSP - URI:http://localhost:22222 + + Signature Algorithm: sha256WithRSAEncryption + 4e:d7:ac:3b:e2:2a:7c:2d:17:95:15:60:7d:d9:59:5f:53:9d: + d7:e4:8d:cf:9d:34:db:ea:e9:6b:1d:8c:d4:6e:4b:df:53:30: + 3f:8e:5b:65:2e:e6:bb:7b:96:b1:2e:9b:65:fa:72:a8:eb:97: + af:47:33:f5:ae:0b:9b:6f:d6:25:9e:60:e4:b2:e5:88:3b:64: + 26:8c:d4:8b:d5:4b:6b:85:23:c3:08:06:ca:b5:d3:88:f3:6b: + 19:be:16:c0:a6:a3:68:25:4b:68:a2:be:a0:38:51:7b:6f:7d: + a7:74:5f:1a:57:cd:29:01:4c:33:e4:52:bf:b9:f9:52:4e:c5: + a1:85:16:90:e3:c4:26:d7:b2:db:07:75:78:1f:90:99:db:cc: + 18:da:7d:58:af:52:e3:67:6a:8f:d2:33:f3:07:7f:da:09:24: + 54:03:cd:9a:ef:8f:15:f2:11:a9:42:71:d6:0b:6b:c8:76:f4: + 62:65:8c:d8:d3:10:19:af:34:9d:01:86:05:02:59:e8:4b:03: + 6d:06:0d:c4:98:38:b5:f2:85:65:29:74:2a:c2:c6:47:8b:e1: + 0e:d4:ee:9b:5d:a6:a5:55:8d:b0:e7:61:55:de:2e:30:50:cf: + 51:ba:c1:64:c0:3a:d0:55:73:fe:3c:79:e8:d7:33:0c:7e:a2: + dc:df:45:ad +-----BEGIN CERTIFICATE----- +MIIE7jCCA9agAwIBAgIBCDANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx +EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM +B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NM +IGludGVybWVkaWF0ZSBDQSAyMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu +Y29tMB4XDTE1MTIxNTAxMjcyM1oXDTE4MDkxMDAxMjcyM1owgZgxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD +VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEZMBcGA1UEAwwQd3d3 +NC53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJzvin6ETVh6sZHIy2h23/4K +Kf5/dDXVw/1DvteJ/FlRWjDpUBSEJNDIcn3WdUISixatWujThKcHK54S72rNPoMU +tyaiU3s9bJZ/nMUJCA5VCBm3WhxGMgnaRLLK/UrkvtACyclIAxOlrT57Ic8FOrkl +9cG4Tk3rM5nRUErr9xoIa9BcnUjrmP3ciQ+qdNN/AxtZZfWG4dlTq+RTq4U8eYtF +OXv96aIQufqScQ5oNmZujPviil1fcmawRy3FtJPOYX+QGmQC3Ved8fHodSHir0Tj +lvUc43OH3LcFEq2ljwzYLLSQs9nnE+HlXkybJIkIB56qa59kAdrslQVFhNmp28cC +AwEAAaOCATYwggEyMAkGA1UdEwQCMAAwHQYDVR0OBBYEFJrW704Ke4t05hTsNZoF +KpRoCWFYMIHEBgNVHSMEgbwwgbmAFAXRuoYAou4qBSS3Ea0tYPGQFI8XoYGdpIGa +MIGXMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwH +U2VhdHRsZTEQMA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcx +GDAWBgNVBAMMD3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3 +b2xmc3NsLmNvbYIBAjALBgNVHQ8EBAMCBeAwMgYIKwYBBQUHAQEEJjAkMCIGCCsG +AQUFBzABhhZodHRwOi8vbG9jYWxob3N0OjIyMjIyMA0GCSqGSIb3DQEBCwUAA4IB +AQBO16w74ip8LReVFWB92VlfU53X5I3PnTTb6ulrHYzUbkvfUzA/jltlLua7e5ax +Lptl+nKo65evRzP1rgubb9YlnmDksuWIO2QmjNSL1UtrhSPDCAbKtdOI82sZvhbA +pqNoJUtoor6gOFF7b32ndF8aV80pAUwz5FK/uflSTsWhhRaQ48Qm17LbB3V4H5CZ +28wY2n1Yr1LjZ2qP0jPzB3/aCSRUA82a748V8hGpQnHWC2vIdvRiZYzY0xAZrzSd +AYYFAlnoSwNtBg3EmDi18oVlKXQqwsZHi+EO1O6bXaalVY2w52FV3i4wUM9RusFk +wDrQVXP+PHno1zMMfqLc30Wt +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com + Validity + Not Before: Dec 15 01:27:23 2015 GMT + Not After : Sep 10 01:27:23 2018 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL intermediate CA 2/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:d0:20:3c:35:19:6f:2c:44:b4:7e:42:c7:75:b4: + 6a:2b:a9:23:85:bf:87:b4:ee:ca:d7:4b:1f:31:d7: + 11:02:a1:ab:58:3d:fb:dc:51:ca:3a:1d:1f:95:a6: + 56:82:f7:8f:ff:6b:50:bb:ea:10:e1:47:1d:35:77: + 2e:4b:28:c5:53:46:23:2b:82:fd:5a:d3:f4:21:db: + 0e:e0:f2:76:33:47:b3:00:be:3a:b1:23:98:53:eb: + ea:a0:de:1b:cc:05:4e:ee:63:a8:2c:93:24:d6:98: + 78:74:03:e4:c8:89:43:61:f1:25:b8:cd:3b:87:c1: + 31:25:fd:ba:4c:fc:29:94:45:9e:69:d7:67:0a:8a: + 8e:d5:52:93:30:a2:0e:dd:6a:1c:b0:94:77:db:52: + 52:b7:89:21:be:96:75:24:cb:e9:49:df:81:9d:9d: + f8:55:7d:01:2a:eb:78:03:12:e2:20:6e:db:63:35: + cd:a1:96:f0:f8:8c:20:35:69:87:01:ca:b4:54:36: + a0:15:e0:23:7d:b9:fb:be:99:05:50:f0:bf:ec:7f: + 12:e1:3d:75:15:4e:c8:c2:30:e6:8b:fe:e5:8b:55: + f8:44:5e:e5:e3:56:e0:66:2d:6f:42:5a:45:6b:96: + aa:c7:5d:41:08:5f:ce:d7:dc:9f:20:e4:46:78:ff: + d9:99 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + X509v3 Subject Key Identifier: + 05:D1:BA:86:00:A2:EE:2A:05:24:B7:11:AD:2D:60:F1:90:14:8F:17 + X509v3 Authority Key Identifier: + keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 + DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com + serial:63 + + X509v3 Key Usage: + Certificate Sign, CRL Sign + Authority Information Access: + OCSP - URI:http://localhost:22220 + + Signature Algorithm: sha256WithRSAEncryption + 6a:f5:af:1f:f7:43:ef:10:74:6d:1f:e5:2e:72:5f:d1:84:40: + c8:60:79:b7:66:2e:46:39:bf:95:ca:fe:83:0a:8a:f4:52:6e: + d2:d3:a5:54:7b:0c:29:35:a0:75:7a:e5:35:5d:99:0a:d9:13: + ca:80:46:a0:a2:6d:d5:c4:ff:0c:d5:da:ec:54:86:df:ce:a7: + 92:1a:c7:f6:12:74:04:74:9f:06:39:82:b1:1e:af:47:de:b5: + b7:21:c1:3b:22:27:e3:d0:3f:70:d3:27:1c:63:e0:01:12:80: + 20:e7:ac:6c:f0:8f:7a:72:54:8a:21:2d:0e:17:6c:9d:01:fd: + 42:96:e1:7a:d5:43:d5:65:9b:0b:7c:dd:b6:90:da:cc:3c:d7: + 7a:d3:e2:63:07:e3:96:a7:96:84:d6:0c:9e:31:e0:72:cd:91: + 54:cf:16:38:af:c8:23:04:ce:98:2c:61:11:28:70:d7:34:69: + 55:b7:e0:5b:87:a6:c4:a4:c5:bf:8f:e0:04:5d:e4:14:22:04: + 21:a1:9b:01:19:50:29:03:9d:81:be:e4:ba:4d:68:1c:2f:e4: + e6:05:02:c2:e7:b4:ef:45:be:80:dc:a3:86:58:cf:02:cf:6a: + 69:8d:2b:69:69:cd:81:27:63:e8:2d:55:2a:00:de:0b:15:2c: + 53:95:72:29 +-----BEGIN CERTIFICATE----- +MIIE8DCCA9igAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx +EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM +B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx +MjE1MDEyNzIzWhcNMTgwOTEwMDEyNzIzWjCBoTELMAkGA1UEBhMCVVMxEzARBgNV +BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT +U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NMIGludGVy +bWVkaWF0ZSBDQSAyMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0CA8NRlvLES0fkLHdbRqK6kj +hb+HtO7K10sfMdcRAqGrWD373FHKOh0flaZWgveP/2tQu+oQ4UcdNXcuSyjFU0Yj +K4L9WtP0IdsO4PJ2M0ezAL46sSOYU+vqoN4bzAVO7mOoLJMk1ph4dAPkyIlDYfEl +uM07h8ExJf26TPwplEWeaddnCoqO1VKTMKIO3WocsJR321JSt4khvpZ1JMvpSd+B +nZ34VX0BKut4AxLiIG7bYzXNoZbw+IwgNWmHAcq0VDagFeAjfbn7vpkFUPC/7H8S +4T11FU7IwjDmi/7li1X4RF7l41bgZi1vQlpFa5aqx11BCF/O19yfIORGeP/ZmQID +AQABo4IBOTCCATUwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUBdG6hgCi7ioFJLcR +rS1g8ZAUjxcwgcQGA1UdIwSBvDCBuYAUc7AcpC+Cy89HpTjXsASCOn5yFSGhgZ2k +gZowgZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQH +DAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmlu +ZzEYMBYGA1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkBFhBpbmZv +QHdvbGZzc2wuY29tggFjMAsGA1UdDwQEAwIBBjAyBggrBgEFBQcBAQQmMCQwIgYI +KwYBBQUHMAGGFmh0dHA6Ly9sb2NhbGhvc3Q6MjIyMjAwDQYJKoZIhvcNAQELBQAD +ggEBAGr1rx/3Q+8QdG0f5S5yX9GEQMhgebdmLkY5v5XK/oMKivRSbtLTpVR7DCk1 +oHV65TVdmQrZE8qARqCibdXE/wzV2uxUht/Op5Iax/YSdAR0nwY5grEer0fetbch +wTsiJ+PQP3DTJxxj4AESgCDnrGzwj3pyVIohLQ4XbJ0B/UKW4XrVQ9Vlmwt83baQ +2sw813rT4mMH45anloTWDJ4x4HLNkVTPFjivyCMEzpgsYREocNc0aVW34FuHpsSk +xb+P4ARd5BQiBCGhmwEZUCkDnYG+5LpNaBwv5OYFAsLntO9FvoDco4ZYzwLPammN +K2lpzYEnY+gtVSoA3gsVLFOVcik= +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 99 (0x63) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com + Validity + Not Before: Dec 15 01:27:23 2015 GMT + Not After : Sep 10 01:27:23 2018 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ab:2c:b4:2f:1d:06:09:ef:4e:29:86:84:7e:cc: + bf:a6:79:7c:f0:c0:c1:64:25:8c:75:b7:10:05:ca: + 48:27:0c:0e:32:1c:b0:fe:99:85:39:b6:b9:a2:f7: + 27:ff:6d:3c:8c:16:73:29:21:7f:8b:a6:54:71:90: + ad:cc:05:b9:9f:15:c7:0a:3f:5f:69:f4:0a:5f:8c: + 71:b5:2c:bf:66:e2:03:9a:32:f4:d2:ec:2a:89:4b: + f9:35:88:14:33:47:4e:2e:05:79:01:ed:64:36:76: + b9:f8:85:cd:01:88:ac:c5:b2:b1:59:b8:cd:5a:f4: + 09:09:38:9b:da:5a:cf:ce:78:99:1f:49:3d:41:d6: + 06:7c:52:99:c8:97:d1:b3:80:3a:a2:4f:36:c4:c5: + 96:30:77:31:38:c8:70:cc:e1:67:06:b3:2b:2f:93: + b5:69:cf:83:7e:88:53:9b:0f:46:21:4c:d6:05:36: + 44:99:60:68:47:e5:32:01:12:d4:10:73:ae:9a:34: + 94:fa:6e:b8:58:4f:7b:5b:8a:92:97:ad:fd:97:b9: + 75:ca:c2:d4:45:7d:17:6b:cd:2f:f3:63:7a:0e:30: + b5:0b:a9:d9:a6:7c:74:60:9d:cc:09:03:43:f1:0f: + 90:d3:b7:fe:6c:9f:d9:cd:78:4b:15:ae:8c:5b:f9: + 99:81 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + X509v3 Subject Key Identifier: + 73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 + X509v3 Authority Key Identifier: + keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 + DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com + serial:63 + + X509v3 Key Usage: + Certificate Sign, CRL Sign + Authority Information Access: + OCSP - URI:http://localhost:22220 + + Signature Algorithm: sha256WithRSAEncryption + 5a:9d:7f:40:a7:10:51:e5:d7:b3:23:dd:e7:25:c2:bc:00:5a: + d0:6e:cf:26:bb:c1:1d:38:89:ac:3c:0c:37:60:6c:aa:8a:54: + 6b:a4:44:79:d5:49:f5:13:ed:bc:00:4c:dd:ed:eb:2e:64:44: + 9c:4c:96:8a:6a:e6:f6:4d:0a:63:f0:f5:18:e3:5e:72:fc:5a: + 3f:1b:4c:27:eb:6e:57:9d:d5:8e:3d:ee:28:3f:1b:7b:e0:25: + b9:0c:95:21:cd:bd:12:8f:4a:c4:b2:cc:80:da:b5:59:49:4d: + 32:d5:96:90:a0:ec:47:8c:15:0b:de:2a:22:be:d6:d4:d7:09: + d1:85:48:4f:33:92:04:30:d1:d5:14:cb:bd:ab:96:06:93:18: + 62:ed:8f:29:f8:b6:66:06:a7:f1:3a:ae:15:62:36:90:89:de: + 41:41:f2:44:35:ea:4c:7b:fc:0b:6f:08:46:09:de:35:5f:e3: + e6:f3:5a:08:70:a4:28:df:a6:c7:17:d1:c3:ec:70:09:c2:06: + c7:12:29:b9:d6:d6:26:7d:2c:df:86:c7:4d:0a:c6:98:2b:61: + 14:b3:b3:29:8e:c1:85:18:db:fd:54:9d:fe:99:a9:90:d1:c6: + 08:2b:4f:6c:16:47:d9:16:fc:7b:0c:84:a7:15:b0:78:41:48: + 87:f5:98:78 +-----BEGIN CERTIFICATE----- +MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx +EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM +B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx +MjE1MDEyNzIzWhcNMTgwOTEwMDEyNzIzWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV +BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT +U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg +Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQCrLLQvHQYJ704phoR+zL+meXzwwMFkJYx1txAF +ykgnDA4yHLD+mYU5trmi9yf/bTyMFnMpIX+LplRxkK3MBbmfFccKP19p9ApfjHG1 +LL9m4gOaMvTS7CqJS/k1iBQzR04uBXkB7WQ2drn4hc0BiKzFsrFZuM1a9AkJOJva +Ws/OeJkfST1B1gZ8UpnIl9GzgDqiTzbExZYwdzE4yHDM4WcGsysvk7Vpz4N+iFOb +D0YhTNYFNkSZYGhH5TIBEtQQc66aNJT6brhYT3tbipKXrf2XuXXKwtRFfRdrzS/z +Y3oOMLULqdmmfHRgncwJA0PxD5DTt/5sn9nNeEsVroxb+ZmBAgMBAAGjggE5MIIB +NTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBRzsBykL4LLz0elONewBII6fnIVITCB +xAYDVR0jBIG8MIG5gBRzsBykL4LLz0elONewBII6fnIVIaGBnaSBmjCBlzELMAkG +A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx +EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD +DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j +b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW +aHR0cDovL2xvY2FsaG9zdDoyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAWp1/QKcQ +UeXXsyPd5yXCvABa0G7PJrvBHTiJrDwMN2BsqopUa6REedVJ9RPtvABM3e3rLmRE +nEyWimrm9k0KY/D1GONecvxaPxtMJ+tuV53Vjj3uKD8be+AluQyVIc29Eo9KxLLM +gNq1WUlNMtWWkKDsR4wVC94qIr7W1NcJ0YVITzOSBDDR1RTLvauWBpMYYu2PKfi2 +Zgan8TquFWI2kIneQUHyRDXqTHv8C28IRgneNV/j5vNaCHCkKN+mxxfRw+xwCcIG +xxIpudbWJn0s34bHTQrGmCthFLOzKY7BhRjb/VSd/pmpkNHGCCtPbBZH2Rb8ewyE +pxWweEFIh/WYeA== +-----END CERTIFICATE----- diff --git a/certs/ocsp/server4-key.pem b/certs/ocsp/server4-key.pem new file mode 100644 index 000000000..39a93b209 --- /dev/null +++ b/certs/ocsp/server4-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCc74p+hE1YerGR +yMtodt/+Cin+f3Q11cP9Q77XifxZUVow6VAUhCTQyHJ91nVCEosWrVro04SnByue +Eu9qzT6DFLcmolN7PWyWf5zFCQgOVQgZt1ocRjIJ2kSyyv1K5L7QAsnJSAMTpa0+ +eyHPBTq5JfXBuE5N6zOZ0VBK6/caCGvQXJ1I65j93IkPqnTTfwMbWWX1huHZU6vk +U6uFPHmLRTl7/emiELn6knEOaDZmboz74opdX3JmsEctxbSTzmF/kBpkAt1XnfHx +6HUh4q9E45b1HONzh9y3BRKtpY8M2Cy0kLPZ5xPh5V5MmySJCAeeqmufZAHa7JUF +RYTZqdvHAgMBAAECggEAMmlQF6vwHIftGmNh08C72yLwsmvGrLRqLKTiXOJaSWa0 +jhmkO7LnEJoTDREiwYKrYzF0jm3DotPO0wxKFAiyF/FDlAl4v5HPm9iKR1DLYa82 +1uvq6kIyOLAAeV5zVud7093Ra/LR6jHCINv01EddwbPL6dqGbMks3jA6lpaN3bJt +85VSy3h6rC2pIZrGddJxDV5jR2gm4N4j8GJoPWpYIGZa/i+GhFmx0OJfUAWTBsGQ +flt4HxtxoR0OkAQ1MnBbBLqadQQiJ3tt47vD5Ma98GGkuq/l9y2rCuJ/t7sjY7+1 +1dnXrMj4VHKTNYEIkmpNti9lblT55P9v5HAYj4SoIQKBgQDP6/Tf1sf12XKZoQvi +qwww32brRqMnj7xpiK9PfsPdnBvq1u8aApQ2XRsHLkH/aq7S91DdLKhn+5fX9TZq +fGtix0V5/JVB11+0Y8hB6YonKtmTxGPScSKQdsSdnvo27yuBfSSp2QuSqYsAqKdV +dU/F++jAeNJFr5lg+X3zo+7gMwKBgQDBOXB3cO6Xjr1vzkxdtxpbKYTVYK5XGFpy +lGDJ9QasDMD6iX8EsTzp0/3CRtITnfYFBiBDXSFDwoUm7TqjdlDh9ahFcvkre/33 +6SmXqHshn/RBl+JCAKYolw7cJmuWAFrJNZPbnbfiuqDNg8wkD3P2VTVkKWjsDpxA +f+99Xm2yHQKBgBBlWvoLxdjtPMxAlt9Y/a0c8NC80UDdZM4tqSVrqaZgGRN7v38d +lPJ0hR0b2Lh7gS3Bsu6+BsmsXVz6SUA8b3tqm1/zOxHmGfXvqGsKL4rHJkEwy25c +3Yzm0LpdPv31/khHxgxewTrfg8aZhhiHF7NVGhWTcYFtR3sOMZB07PFhAoGAf9to +RkDeQD9druwNsD2HHSeeFCvDcTJWN1djrH+MiLBvydjNyecV7YwvcCy4ue5eavig +xLKNXm8K+LUlhiC2aK7LSBlKM7H6Xd9VfFsqDxfu4rCEMTSIvncmiBqMOlfFuzrO +uhXlJgxkd1ls7bej/i5oA/06xmjsj+mYKZcgcykCgYAbONjSKF28CILSDKLepNqx +euRSnKaSgTjcu8B5C6ZWUY8+EsD3Lw6VK2Xn+PPPSS2+Pw7dgLdYybyCgPOLXV+9 +we3d0OyuIPiLiRpfnHVTXdYQBc7qa8khw12LZpodkXwKT85St8jdwJzL1KTZAWqf +N2KyjDHPGPz8paCzS8LfuQ== +-----END PRIVATE KEY----- diff --git a/certs/ocsp/server5-cert.pem b/certs/ocsp/server5-cert.pem new file mode 100644 index 000000000..066f659fd --- /dev/null +++ b/certs/ocsp/server5-cert.pem @@ -0,0 +1,279 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 9 (0x9) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL REVOKED intermediate CA/emailAddress=info@wolfssl.com + Validity + Not Before: Dec 15 01:27:23 2015 GMT + Not After : Sep 10 01:27:23 2018 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=www5.wolfssl.com/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ac:73:6d:e9:fa:8c:36:72:3e:89:3b:52:29:bd: + 14:70:a2:00:b4:08:58:b6:c6:c0:bf:80:6a:1f:a5: + f0:15:fc:f4:19:a2:67:f9:6a:5d:22:69:2e:9c:29: + 53:1e:5a:4a:d1:27:d5:b8:3b:65:37:8a:a2:eb:1b: + d4:5d:90:11:35:11:af:e3:d1:8c:24:5b:b5:90:c0: + bf:de:cb:7a:05:71:1b:ef:76:d7:9d:43:47:85:dc: + 24:b8:b8:54:fc:53:bf:c3:fd:e1:12:c6:fc:1b:6f: + 95:aa:cf:bb:8e:22:af:83:bd:4e:6b:66:fe:7e:7e: + 98:6f:b1:b9:fc:f9:8a:8a:18:92:9a:4c:27:5d:78: + 6b:e9:d0:14:1c:ed:69:6d:29:4c:4e:52:e6:92:24: + 53:b0:2e:c3:a4:94:8f:20:1c:29:5c:97:70:1a:32: + 85:90:71:f7:d7:a5:99:4f:48:c7:3d:fc:3d:a7:e1: + f9:96:ea:c1:6b:ea:31:e0:9b:fb:68:3e:4b:ad:a4: + 2b:06:90:c2:b4:27:ea:f3:a3:3e:6e:32:75:aa:70: + 6a:e3:33:29:fb:42:09:94:79:a5:eb:3c:4e:89:02: + 77:08:fd:da:ba:fc:14:c6:8e:c1:5e:db:6d:d0:07: + 4f:02:79:60:e7:95:c3:c8:f4:54:83:21:12:79:03: + 7f:e1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 2A:48:B6:8B:00:F0:4B:35:73:94:07:87:52:A3:69:5E:E6:D8:42:87 + X509v3 Authority Key Identifier: + keyid:BB:15:9E:32:4D:E0:F8:AA:8A:B0:2E:0C:17:2B:5A:41:74:4B:06:45 + DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com + serial:03 + + X509v3 Key Usage: + Digital Signature, Non Repudiation, Key Encipherment + Authority Information Access: + OCSP - URI:http://localhost:22223 + + Signature Algorithm: sha256WithRSAEncryption + 65:c1:7f:66:88:19:db:04:76:f3:ec:eb:c8:9c:38:3f:3f:83: + 4c:6c:c9:3a:67:2f:cf:45:8d:72:28:d1:85:64:fd:53:0a:4a: + 4a:22:9d:2f:2f:76:19:f5:97:04:cb:a7:1e:83:43:42:58:01: + ca:9b:25:42:bb:d1:5c:05:4f:c1:94:22:40:df:30:42:c1:be: + b9:f2:c0:a4:64:37:9b:9b:ed:20:44:e8:f0:5c:c6:2f:b6:24: + 7f:13:b8:52:02:61:ac:69:4e:f4:bd:72:9d:e9:31:13:5f:12: + d2:cc:e7:eb:16:b3:84:cc:86:40:ee:f9:e1:4c:d8:ea:73:a1: + 32:2a:2c:c7:f6:ba:4f:bf:ba:35:49:71:4c:d1:83:86:7a:44: + 14:f3:b3:12:02:99:33:01:46:50:e0:0c:74:34:03:45:9d:d2: + 2c:e1:83:31:59:d6:e7:69:8f:26:0a:12:5d:90:97:c4:ae:93: + 67:c6:9b:a9:5b:a0:8f:22:ad:e9:e2:17:74:19:93:92:cb:9c: + cc:30:8e:7e:57:8f:37:44:82:04:f0:29:9e:79:37:0a:d6:55: + 56:8e:b6:eb:d8:0f:a5:c4:ec:65:88:98:15:2f:2a:cd:9f:d8: + 11:26:c6:d7:0e:12:4e:62:c5:5c:92:b2:99:db:c2:72:71:6f: + c1:94:24:06 +-----BEGIN CERTIFICATE----- +MIIE9DCCA9ygAwIBAgIBCTANBgkqhkiG9w0BAQsFADCBpzELMAkGA1UEBhMCVVMx +EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM +B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSgwJgYDVQQDDB93b2xmU1NM +IFJFVk9LRUQgaW50ZXJtZWRpYXRlIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv +bGZzc2wuY29tMB4XDTE1MTIxNTAxMjcyM1oXDTE4MDkxMDAxMjcyM1owgZgxCzAJ +BgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxl +MRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEZMBcGA1UE +AwwQd3d3NS53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3Ns +LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKxzben6jDZyPok7 +Uim9FHCiALQIWLbGwL+Aah+l8BX89BmiZ/lqXSJpLpwpUx5aStEn1bg7ZTeKousb +1F2QETURr+PRjCRbtZDAv97LegVxG+92151DR4XcJLi4VPxTv8P94RLG/BtvlarP +u44ir4O9Tmtm/n5+mG+xufz5iooYkppMJ114a+nQFBztaW0pTE5S5pIkU7Auw6SU +jyAcKVyXcBoyhZBx99elmU9Ixz38Pafh+ZbqwWvqMeCb+2g+S62kKwaQwrQn6vOj +Pm4ydapwauMzKftCCZR5pes8TokCdwj92rr8FMaOwV7bbdAHTwJ5YOeVw8j0VIMh +EnkDf+ECAwEAAaOCATYwggEyMAkGA1UdEwQCMAAwHQYDVR0OBBYEFCpItosA8Es1 +c5QHh1KjaV7m2EKHMIHEBgNVHSMEgbwwgbmAFLsVnjJN4PiqirAuDBcrWkF0SwZF +oYGdpIGaMIGXMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4G +A1UEBwwHU2VhdHRsZTEQMA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5l +ZXJpbmcxGDAWBgNVBAMMD3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQ +aW5mb0B3b2xmc3NsLmNvbYIBAzALBgNVHQ8EBAMCBeAwMgYIKwYBBQUHAQEEJjAk +MCIGCCsGAQUFBzABhhZodHRwOi8vbG9jYWxob3N0OjIyMjIzMA0GCSqGSIb3DQEB +CwUAA4IBAQBlwX9miBnbBHbz7OvInDg/P4NMbMk6Zy/PRY1yKNGFZP1TCkpKIp0v +L3YZ9ZcEy6ceg0NCWAHKmyVCu9FcBU/BlCJA3zBCwb658sCkZDebm+0gROjwXMYv +tiR/E7hSAmGsaU70vXKd6TETXxLSzOfrFrOEzIZA7vnhTNjqc6EyKizH9rpPv7o1 +SXFM0YOGekQU87MSApkzAUZQ4Ax0NANFndIs4YMxWdbnaY8mChJdkJfErpNnxpup +W6CPIq3p4hd0GZOSy5zMMI5+V483RIIE8CmeeTcK1lVWjrbr2A+lxOxliJgVLyrN +n9gRJsbXDhJOYsVckrKZ28JycW/BlCQG +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 3 (0x3) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com + Validity + Not Before: Dec 15 01:27:23 2015 GMT + Not After : Sep 10 01:27:23 2018 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL REVOKED intermediate CA/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:de:c5:04:10:7d:c2:21:e9:12:45:da:d5:ba:28: + fd:a6:f4:30:44:a0:df:f9:70:5e:17:26:97:59:5c: + 31:eb:13:70:ea:4a:dd:58:3e:4f:33:14:66:59:69: + 7a:aa:90:e0:7c:c4:b2:36:c1:0a:f4:df:3e:34:6c: + 1a:e9:2b:f1:a5:92:7e:a9:68:70:ba:a4:68:88:f3: + ec:10:40:64:a5:64:7d:d9:1e:51:49:9d:7f:c8:cc: + 2b:6d:71:2a:06:ff:e6:1f:84:28:8a:c1:ed:a8:52: + f4:89:a5:c0:77:d8:13:66:c2:65:a5:63:03:98:b0: + 4b:05:4f:0c:84:a0:f4:2d:72:73:6b:fa:0d:e1:cf: + 45:27:ed:a3:8c:02:d7:ee:99:e2:a1:f0:e3:a0:ad: + 69:ed:59:e4:27:41:8f:ef:fa:83:73:8f:5f:2b:68: + 89:13:46:26:dc:f6:28:6b:3b:b2:b8:9b:52:2a:17: + 1b:dc:72:45:73:da:75:24:35:8b:00:5e:23:37:64: + 6a:16:74:b8:ee:fe:b7:11:71:be:0a:73:c8:54:c2: + d9:04:d2:1b:f5:53:ac:8d:2a:4f:fe:33:79:e6:5e: + e7:f3:86:d3:dc:bb:4b:d7:39:7f:5b:3c:67:fe:5e: + 88:51:05:96:f2:b4:9a:45:09:4c:51:f0:6a:4d:88: + 2a:17 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + X509v3 Subject Key Identifier: + BB:15:9E:32:4D:E0:F8:AA:8A:B0:2E:0C:17:2B:5A:41:74:4B:06:45 + X509v3 Authority Key Identifier: + keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 + DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com + serial:63 + + X509v3 Key Usage: + Certificate Sign, CRL Sign + Authority Information Access: + OCSP - URI:http://localhost:22220 + + Signature Algorithm: sha256WithRSAEncryption + 0c:5e:0d:55:3c:e7:fb:5e:c2:09:19:c8:0b:f4:c2:b2:2b:14: + 79:dc:e8:63:f6:8a:0c:03:57:9e:15:47:7e:b6:15:a3:71:90: + 01:11:39:4b:ff:3d:13:34:e4:f3:5b:a3:6c:58:4f:00:d5:c4: + b0:63:6c:90:c9:89:a8:5d:16:87:0a:da:08:40:12:b4:94:00: + 3e:44:00:13:de:34:75:90:38:79:d4:c2:39:6d:ed:17:cb:7e: + 50:ff:da:0b:eb:49:1a:66:e6:dd:eb:66:a5:92:ef:68:d5:c9: + 93:8f:aa:c7:2a:92:6b:95:af:3d:74:de:aa:29:fd:c9:53:56: + ad:9f:e0:05:d1:97:0c:01:3b:f1:c6:a6:90:7e:5c:08:11:5e: + c1:77:5d:64:09:56:ea:78:29:15:a3:ea:44:2a:4c:d6:09:a7: + a0:5f:05:54:2a:61:ca:7a:09:07:14:34:c2:0d:c5:93:cd:28: + 8b:62:26:af:30:25:8a:f1:da:65:fa:db:da:84:ab:d5:0c:37: + ae:5d:95:bd:55:2a:4b:09:e0:d3:3d:8b:3c:ea:f2:b9:68:5e: + e6:21:53:8b:28:78:39:f4:bf:9b:dc:92:bc:4b:14:06:fe:17: + 21:64:be:af:20:e8:e7:fb:67:c8:5e:ec:59:bf:27:a4:cb:e3: + 8a:6d:c3:ac +-----BEGIN CERTIFICATE----- +MIIE9jCCA96gAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx +EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM +B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx +MjE1MDEyNzIzWhcNMTgwOTEwMDEyNzIzWjCBpzELMAkGA1UEBhMCVVMxEzARBgNV +BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT +U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSgwJgYDVQQDDB93b2xmU1NMIFJFVk9L +RUQgaW50ZXJtZWRpYXRlIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu +Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3sUEEH3CIekSRdrV +uij9pvQwRKDf+XBeFyaXWVwx6xNw6krdWD5PMxRmWWl6qpDgfMSyNsEK9N8+NGwa +6SvxpZJ+qWhwuqRoiPPsEEBkpWR92R5RSZ1/yMwrbXEqBv/mH4QoisHtqFL0iaXA +d9gTZsJlpWMDmLBLBU8MhKD0LXJza/oN4c9FJ+2jjALX7pniofDjoK1p7VnkJ0GP +7/qDc49fK2iJE0Ym3PYoazuyuJtSKhcb3HJFc9p1JDWLAF4jN2RqFnS47v63EXG+ +CnPIVMLZBNIb9VOsjSpP/jN55l7n84bT3LtL1zl/Wzxn/l6IUQWW8rSaRQlMUfBq +TYgqFwIDAQABo4IBOTCCATUwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUuxWeMk3g ++KqKsC4MFytaQXRLBkUwgcQGA1UdIwSBvDCBuYAUc7AcpC+Cy89HpTjXsASCOn5y +FSGhgZ2kgZowgZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAw +DgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdp +bmVlcmluZzEYMBYGA1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkB +FhBpbmZvQHdvbGZzc2wuY29tggFjMAsGA1UdDwQEAwIBBjAyBggrBgEFBQcBAQQm +MCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9sb2NhbGhvc3Q6MjIyMjAwDQYJKoZIhvcN +AQELBQADggEBAAxeDVU85/tewgkZyAv0wrIrFHnc6GP2igwDV54VR362FaNxkAER +OUv/PRM05PNbo2xYTwDVxLBjbJDJiahdFocK2ghAErSUAD5EABPeNHWQOHnUwjlt +7RfLflD/2gvrSRpm5t3rZqWS72jVyZOPqscqkmuVrz103qop/clTVq2f4AXRlwwB +O/HGppB+XAgRXsF3XWQJVup4KRWj6kQqTNYJp6BfBVQqYcp6CQcUNMINxZPNKIti +Jq8wJYrx2mX629qEq9UMN65dlb1VKksJ4NM9izzq8rloXuYhU4soeDn0v5vckrxL +FAb+FyFkvq8g6Of7Z8he7Fm/J6TL44ptw6w= +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 99 (0x63) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com + Validity + Not Before: Dec 15 01:27:23 2015 GMT + Not After : Sep 10 01:27:23 2018 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ab:2c:b4:2f:1d:06:09:ef:4e:29:86:84:7e:cc: + bf:a6:79:7c:f0:c0:c1:64:25:8c:75:b7:10:05:ca: + 48:27:0c:0e:32:1c:b0:fe:99:85:39:b6:b9:a2:f7: + 27:ff:6d:3c:8c:16:73:29:21:7f:8b:a6:54:71:90: + ad:cc:05:b9:9f:15:c7:0a:3f:5f:69:f4:0a:5f:8c: + 71:b5:2c:bf:66:e2:03:9a:32:f4:d2:ec:2a:89:4b: + f9:35:88:14:33:47:4e:2e:05:79:01:ed:64:36:76: + b9:f8:85:cd:01:88:ac:c5:b2:b1:59:b8:cd:5a:f4: + 09:09:38:9b:da:5a:cf:ce:78:99:1f:49:3d:41:d6: + 06:7c:52:99:c8:97:d1:b3:80:3a:a2:4f:36:c4:c5: + 96:30:77:31:38:c8:70:cc:e1:67:06:b3:2b:2f:93: + b5:69:cf:83:7e:88:53:9b:0f:46:21:4c:d6:05:36: + 44:99:60:68:47:e5:32:01:12:d4:10:73:ae:9a:34: + 94:fa:6e:b8:58:4f:7b:5b:8a:92:97:ad:fd:97:b9: + 75:ca:c2:d4:45:7d:17:6b:cd:2f:f3:63:7a:0e:30: + b5:0b:a9:d9:a6:7c:74:60:9d:cc:09:03:43:f1:0f: + 90:d3:b7:fe:6c:9f:d9:cd:78:4b:15:ae:8c:5b:f9: + 99:81 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + X509v3 Subject Key Identifier: + 73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 + X509v3 Authority Key Identifier: + keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 + DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com + serial:63 + + X509v3 Key Usage: + Certificate Sign, CRL Sign + Authority Information Access: + OCSP - URI:http://localhost:22220 + + Signature Algorithm: sha256WithRSAEncryption + 5a:9d:7f:40:a7:10:51:e5:d7:b3:23:dd:e7:25:c2:bc:00:5a: + d0:6e:cf:26:bb:c1:1d:38:89:ac:3c:0c:37:60:6c:aa:8a:54: + 6b:a4:44:79:d5:49:f5:13:ed:bc:00:4c:dd:ed:eb:2e:64:44: + 9c:4c:96:8a:6a:e6:f6:4d:0a:63:f0:f5:18:e3:5e:72:fc:5a: + 3f:1b:4c:27:eb:6e:57:9d:d5:8e:3d:ee:28:3f:1b:7b:e0:25: + b9:0c:95:21:cd:bd:12:8f:4a:c4:b2:cc:80:da:b5:59:49:4d: + 32:d5:96:90:a0:ec:47:8c:15:0b:de:2a:22:be:d6:d4:d7:09: + d1:85:48:4f:33:92:04:30:d1:d5:14:cb:bd:ab:96:06:93:18: + 62:ed:8f:29:f8:b6:66:06:a7:f1:3a:ae:15:62:36:90:89:de: + 41:41:f2:44:35:ea:4c:7b:fc:0b:6f:08:46:09:de:35:5f:e3: + e6:f3:5a:08:70:a4:28:df:a6:c7:17:d1:c3:ec:70:09:c2:06: + c7:12:29:b9:d6:d6:26:7d:2c:df:86:c7:4d:0a:c6:98:2b:61: + 14:b3:b3:29:8e:c1:85:18:db:fd:54:9d:fe:99:a9:90:d1:c6: + 08:2b:4f:6c:16:47:d9:16:fc:7b:0c:84:a7:15:b0:78:41:48: + 87:f5:98:78 +-----BEGIN CERTIFICATE----- +MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx +EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM +B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx +MjE1MDEyNzIzWhcNMTgwOTEwMDEyNzIzWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV +BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT +U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg +Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQCrLLQvHQYJ704phoR+zL+meXzwwMFkJYx1txAF +ykgnDA4yHLD+mYU5trmi9yf/bTyMFnMpIX+LplRxkK3MBbmfFccKP19p9ApfjHG1 +LL9m4gOaMvTS7CqJS/k1iBQzR04uBXkB7WQ2drn4hc0BiKzFsrFZuM1a9AkJOJva +Ws/OeJkfST1B1gZ8UpnIl9GzgDqiTzbExZYwdzE4yHDM4WcGsysvk7Vpz4N+iFOb +D0YhTNYFNkSZYGhH5TIBEtQQc66aNJT6brhYT3tbipKXrf2XuXXKwtRFfRdrzS/z +Y3oOMLULqdmmfHRgncwJA0PxD5DTt/5sn9nNeEsVroxb+ZmBAgMBAAGjggE5MIIB +NTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBRzsBykL4LLz0elONewBII6fnIVITCB +xAYDVR0jBIG8MIG5gBRzsBykL4LLz0elONewBII6fnIVIaGBnaSBmjCBlzELMAkG +A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx +EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD +DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j +b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW +aHR0cDovL2xvY2FsaG9zdDoyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAWp1/QKcQ +UeXXsyPd5yXCvABa0G7PJrvBHTiJrDwMN2BsqopUa6REedVJ9RPtvABM3e3rLmRE +nEyWimrm9k0KY/D1GONecvxaPxtMJ+tuV53Vjj3uKD8be+AluQyVIc29Eo9KxLLM +gNq1WUlNMtWWkKDsR4wVC94qIr7W1NcJ0YVITzOSBDDR1RTLvauWBpMYYu2PKfi2 +Zgan8TquFWI2kIneQUHyRDXqTHv8C28IRgneNV/j5vNaCHCkKN+mxxfRw+xwCcIG +xxIpudbWJn0s34bHTQrGmCthFLOzKY7BhRjb/VSd/pmpkNHGCCtPbBZH2Rb8ewyE +pxWweEFIh/WYeA== +-----END CERTIFICATE----- diff --git a/certs/ocsp/server5-key.pem b/certs/ocsp/server5-key.pem new file mode 100644 index 000000000..a45a1c6e9 --- /dev/null +++ b/certs/ocsp/server5-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCsc23p+ow2cj6J +O1IpvRRwogC0CFi2xsC/gGofpfAV/PQZomf5al0iaS6cKVMeWkrRJ9W4O2U3iqLr +G9RdkBE1Ea/j0YwkW7WQwL/ey3oFcRvvdtedQ0eF3CS4uFT8U7/D/eESxvwbb5Wq +z7uOIq+DvU5rZv5+fphvsbn8+YqKGJKaTCddeGvp0BQc7WltKUxOUuaSJFOwLsOk +lI8gHClcl3AaMoWQcffXpZlPSMc9/D2n4fmW6sFr6jHgm/toPkutpCsGkMK0J+rz +oz5uMnWqcGrjMyn7QgmUeaXrPE6JAncI/dq6/BTGjsFe223QB08CeWDnlcPI9FSD +IRJ5A3/hAgMBAAECggEABz5+EoMc2rin2dntFKXFswmLIATtvRfSRvkc/CFbWYEb +u+vvlDGcofJrK9IslKzUUb7romaUVOX0/A1aOWfw4RrSGa7WxTw4/1CpfrFreckL +lF6YphmKapwZysyrfUIDXzdN+hzzwC9KyTcauNjKKK2OGsLj0+p7es2rc24EHNLj +vFpNj5TC84qsibATY1ny3tcL7SBcNLtiHsm+0JDagGqlW3ptT0oErrzH6jtUAI9j +LLm87mxwJyp4rBZvnP3s4jnOLLCJH40QyrCPKR6L4bAzSaA9kEnBUu+y1y1PyUP7 +goWIPJmfclDFqgB2U7K/QbbfPFpt8pFB9SmbsoIlMQKBgQDgvgf/pdc6q9jAL9UQ +sTYa+iJJIFcjQKA95aCRoUeUjWvjA+2ROmYgLcMi7pxfNyFvYkaOXjBTL+aqSEWI +wQVbnGK4aqG16w2o/P+bWUatpMMWNbwsZGAkXpcgdrg+SbNjrQ2lY35EdmPc025G +Fqx5ouOk7wDlKWQolIwWDh3WNQKBgQDEb47VbrIo8BNnO/xxVjAsU7uQIYZkr/GR +6V5oN+kIXrttReZnY/bUVrV84r49E3cNfoZXlfZa7fAEVb9GWbZMk+9M/s78aU5M +xeFNj7HBfbgG3I+1SZQZaAEK6BZuq8GRCLV2JKOn9iInVQQL57/qz6APjC/a52zJ +asNmmcdIfQKBgBmEWgIjwUEvG8gOZkGj7UG43sWwv1QIVWlRth5y0l7Cg9pdqs6P +c+L5byt7LhP9fXVZEiu98/yt9qGk3Qg+6i3Rnr/Tk5LFImLqftcTltvGVkQiS8A6 +kVPvzXbpI9gmpBCQKHl7x21ch9AdzWp1zpVs8i3a2R4ryex1mUYzyh11AoGAWhKZ +WS7IDNOA4i50Y/fUYQ8IC2AEAvlWeMScoIc6mLbvlHyf2LrSvK0BzUEfYFwjlBF3 +QoQmEa3XB/XVnkmWuOiAqzqP6NfUqol19R21sXaXQrYyQzt46GlzSPABEUA6oulu +Y70LOgI3yPdHwrnCm8YWq+ppKyRBEt6cuNg8s/UCgYEAl3J4fMTYcDjt4H/OTgba +IjKLPV0LuBUfx/PTA0oi81x1c11fM8a/ZeD0QkXDjjrjXM33mbkR0lzFEl7ZOCnh +sRDkkM8MvOsq4KMGnBLQBN0QvKSgsuYDqIEUmFdMHiyckBjuwntMVXnfKYtEJ1Q9 +zYHlJn4e4/2VqGK9PWrgAtA= +-----END PRIVATE KEY----- diff --git a/examples/server/server.c b/examples/server/server.c index 5949da937..c539a18e3 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -733,6 +733,8 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) err_sys("can't load ca file, Please run from wolfSSL home dir"); if (SSL_CTX_load_verify_locations(ctx, "certs/ocsp/intermediate2-ca-cert.pem", 0) != SSL_SUCCESS) err_sys("can't load ca file, Please run from wolfSSL home dir"); + if (SSL_CTX_load_verify_locations(ctx, "certs/ocsp/intermediate3-ca-cert.pem", 0) != SSL_SUCCESS) + err_sys("can't load ca file, Please run from wolfSSL home dir"); #endif #ifdef HAVE_PK_CALLBACKS if (pkCallbacks) diff --git a/scripts/include.am b/scripts/include.am index b4c66554c..5b9d38448 100644 --- a/scripts/include.am +++ b/scripts/include.am @@ -36,11 +36,17 @@ endif if BUILD_OCSP_STAPLING_V2 dist_noinst_SCRIPTS+= scripts/ocsp-stapling2.test + +if BUILD_OCSP_STAPLING +scripts/ocsp-stapling2.log: scripts/ocsp-stapling.log +else scripts/ocsp-stapling2.log: scripts/ocsp.log endif endif +endif + EXTRA_DIST += scripts/testsuite.pcap # leave openssl.test as extra until non bash works diff --git a/scripts/ocsp-stapling.test b/scripts/ocsp-stapling.test index 7b4ac9cda..7d711d417 100755 --- a/scripts/ocsp-stapling.test +++ b/scripts/ocsp-stapling.test @@ -21,19 +21,21 @@ RESULT=$? # setup ocsp responder ./certs/ocsp/ocspd1.sh & +sleep 1 +[ $(jobs -r | wc -l) -ne 1 ] && echo -e "\n\nSetup ocsp responder failed, skipping" && exit 0 # client test against our own server - GOOD CERT ./examples/server/server -c certs/ocsp/server1-cert.pem -k certs/ocsp/server1-key.pem & sleep 1 -./examples/client/client -A certs/ocsp/intermediate1-ca-cert.pem -W 1 +./examples/client/client -A certs/ocsp/root-ca-cert.pem -W 1 RESULT=$? [ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1 # client test against our own server - REVOKED CERT ./examples/server/server -c certs/ocsp/server2-cert.pem -k certs/ocsp/server2-key.pem & sleep 1 -./examples/client/client -A certs/ocsp/intermediate1-ca-cert.pem -W 1 +./examples/client/client -A certs/ocsp/root-ca-cert.pem -W 1 RESULT=$? -[ $RESULT -ne 1 ] && echo -e "\n\nClient connection failed $RESULT" && exit 1 +[ $RESULT -ne 1 ] && echo -e "\n\nClient connection suceeded $RESULT" && exit 1 exit 0 diff --git a/scripts/ocsp-stapling2.test b/scripts/ocsp-stapling2.test index d4ce3ec7e..75877f210 100755 --- a/scripts/ocsp-stapling2.test +++ b/scripts/ocsp-stapling2.test @@ -8,46 +8,48 @@ trap 'for i in `jobs -p`; do pkill -TERM -P $i; kill $i; done' EXIT # setup ocsp responders ./certs/ocsp/ocspd0.sh & -./certs/ocsp/ocspd1.sh & ./certs/ocsp/ocspd2.sh & +./certs/ocsp/ocspd3.sh & +sleep 1 +[ $(jobs -r | wc -l) -ne 3 ] && echo -e "\n\nSetup ocsp responder failed, skipping" && exit 0 # client test against our own server - GOOD CERTS -./examples/server/server -c certs/ocsp/server1-cert.pem -k certs/ocsp/server1-key.pem & +./examples/server/server -c certs/ocsp/server3-cert.pem -k certs/ocsp/server3-key.pem & sleep 1 -./examples/client/client -A certs/ocsp/intermediate1-ca-cert.pem -W 1 +./examples/client/client -A certs/ocsp/root-ca-cert.pem -W 1 RESULT=$? [ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1 -./examples/server/server -c certs/ocsp/server1-cert.pem -k certs/ocsp/server1-key.pem & +./examples/server/server -c certs/ocsp/server3-cert.pem -k certs/ocsp/server3-key.pem & sleep 1 -./examples/client/client -A certs/ocsp/intermediate1-ca-cert.pem -W 2 +./examples/client/client -A certs/ocsp/root-ca-cert.pem -W 2 RESULT=$? [ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1 # client test against our own server - REVOKED SERVER CERT -./examples/server/server -c certs/ocsp/server2-cert.pem -k certs/ocsp/server2-key.pem & +./examples/server/server -c certs/ocsp/server4-cert.pem -k certs/ocsp/server4-key.pem & sleep 1 -./examples/client/client -A certs/ocsp/intermediate1-ca-cert.pem -W 1 +./examples/client/client -A certs/ocsp/root-ca-cert.pem -W 1 RESULT=$? -[ $RESULT -ne 1 ] && echo -e "\n\nClient connection failed $RESULT" && exit 1 +[ $RESULT -ne 1 ] && echo -e "\n\nClient connection suceeded $RESULT" && exit 1 -./examples/server/server -c certs/ocsp/server2-cert.pem -k certs/ocsp/server2-key.pem & +./examples/server/server -c certs/ocsp/server4-cert.pem -k certs/ocsp/server4-key.pem & sleep 1 -./examples/client/client -A certs/ocsp/intermediate1-ca-cert.pem -W 2 +./examples/client/client -A certs/ocsp/root-ca-cert.pem -W 2 RESULT=$? -[ $RESULT -ne 1 ] && echo -e "\n\nClient connection failed $RESULT" && exit 1 +[ $RESULT -ne 1 ] && echo -e "\n\nClient connection suceeded $RESULT" && exit 1 # client test against our own server - REVOKED INTERMEDIATE CERT -./examples/server/server -c certs/ocsp/server3-cert.pem -k certs/ocsp/server3-key.pem & +./examples/server/server -c certs/ocsp/server5-cert.pem -k certs/ocsp/server5-key.pem & sleep 1 -./examples/client/client -A certs/ocsp/intermediate2-ca-cert.pem -W 1 +./examples/client/client -A certs/ocsp/root-ca-cert.pem -W 1 RESULT=$? [ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed $RESULT" && exit 1 -./examples/server/server -c certs/ocsp/server3-cert.pem -k certs/ocsp/server3-key.pem & +./examples/server/server -c certs/ocsp/server5-cert.pem -k certs/ocsp/server5-key.pem & sleep 1 -./examples/client/client -A certs/ocsp/intermediate2-ca-cert.pem -W 2 +./examples/client/client -A certs/ocsp/root-ca-cert.pem -W 2 RESULT=$? -[ $RESULT -ne 1 ] && echo -e "\n\nClient connection failed $RESULT" && exit 1 +[ $RESULT -ne 1 ] && echo -e "\n\nClient connection suceeded $RESULT" && exit 1 exit 0 From 9688a0f0db467631ad566d51e37fe0f09584a103 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Mon, 14 Dec 2015 23:12:08 -0300 Subject: [PATCH 20/22] fixes API names (marketing wise); --- examples/client/client.c | 6 +++--- src/ssl.c | 10 ++++------ wolfssl/ssl.h | 8 ++++---- 3 files changed, 11 insertions(+), 13 deletions(-) diff --git a/examples/client/client.c b/examples/client/client.c index f96258664..db4eef7d6 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -1008,7 +1008,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) if (statusRequest) { switch (statusRequest) { case WOLFSSL_CSR_OCSP: - if (wolfSSL_UseCertificateStatusRequest(ssl, WOLFSSL_CSR_OCSP, + if (wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR_OCSP, WOLFSSL_CSR_OCSP_USE_NONCE) != SSL_SUCCESS) err_sys("UseCertificateStatusRequest failed"); @@ -1022,13 +1022,13 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) if (statusRequest) { switch (statusRequest) { case WOLFSSL_CSR2_OCSP: - if (wolfSSL_UseCertificateStatusRequestV2(ssl, + if (wolfSSL_UseOCSPStaplingV2(ssl, WOLFSSL_CSR2_OCSP, WOLFSSL_CSR2_OCSP_USE_NONCE) != SSL_SUCCESS) err_sys("UseCertificateStatusRequest failed"); break; case WOLFSSL_CSR2_OCSP_MULTI: - if (wolfSSL_UseCertificateStatusRequestV2(ssl, + if (wolfSSL_UseOCSPStaplingV2(ssl, WOLFSSL_CSR2_OCSP_MULTI, 0) != SSL_SUCCESS) err_sys("UseCertificateStatusRequest failed"); diff --git a/src/ssl.c b/src/ssl.c index e7cecf9f3..4ed86a84e 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -803,8 +803,7 @@ int wolfSSL_CTX_UseTruncatedHMAC(WOLFSSL_CTX* ctx) #ifdef HAVE_CERTIFICATE_STATUS_REQUEST -int wolfSSL_UseCertificateStatusRequest(WOLFSSL* ssl, byte status_type, - byte options) +int wolfSSL_UseOCSPStapling(WOLFSSL* ssl, byte status_type, byte options) { if (ssl == NULL || ssl->options.side != WOLFSSL_CLIENT_END) return BAD_FUNC_ARG; @@ -814,7 +813,7 @@ int wolfSSL_UseCertificateStatusRequest(WOLFSSL* ssl, byte status_type, } -int wolfSSL_CTX_UseCertificateStatusRequest(WOLFSSL_CTX* ctx, byte status_type, +int wolfSSL_CTX_UseOCSPStapling(WOLFSSL_CTX* ctx, byte status_type, byte options) { if (ctx == NULL || ctx->method->side != WOLFSSL_CLIENT_END) @@ -828,8 +827,7 @@ int wolfSSL_CTX_UseCertificateStatusRequest(WOLFSSL_CTX* ctx, byte status_type, #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 -int wolfSSL_UseCertificateStatusRequestV2(WOLFSSL* ssl, byte status_type, - byte options) +int wolfSSL_UseOCSPStaplingV2(WOLFSSL* ssl, byte status_type, byte options) { if (ssl == NULL || ssl->options.side != WOLFSSL_CLIENT_END) return BAD_FUNC_ARG; @@ -839,7 +837,7 @@ int wolfSSL_UseCertificateStatusRequestV2(WOLFSSL* ssl, byte status_type, } -int wolfSSL_CTX_UseCertificateStatusRequestV2(WOLFSSL_CTX* ctx, +int wolfSSL_CTX_UseOCSPStaplingV2(WOLFSSL_CTX* ctx, byte status_type, byte options) { if (ctx == NULL || ctx->method->side != WOLFSSL_CLIENT_END) diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 9da9c4360..728ec05e8 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1430,10 +1430,10 @@ enum { #ifdef HAVE_CERTIFICATE_STATUS_REQUEST #ifndef NO_WOLFSSL_CLIENT -WOLFSSL_API int wolfSSL_UseCertificateStatusRequest(WOLFSSL* ssl, +WOLFSSL_API int wolfSSL_UseOCSPStapling(WOLFSSL* ssl, unsigned char status_type, unsigned char options); -WOLFSSL_API int wolfSSL_CTX_UseCertificateStatusRequest(WOLFSSL_CTX* ctx, +WOLFSSL_API int wolfSSL_CTX_UseOCSPStapling(WOLFSSL_CTX* ctx, unsigned char status_type, unsigned char options); #endif @@ -1454,10 +1454,10 @@ enum { #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 #ifndef NO_WOLFSSL_CLIENT -WOLFSSL_API int wolfSSL_UseCertificateStatusRequestV2(WOLFSSL* ssl, +WOLFSSL_API int wolfSSL_UseOCSPStaplingV2(WOLFSSL* ssl, unsigned char status_type, unsigned char options); -WOLFSSL_API int wolfSSL_CTX_UseCertificateStatusRequestV2(WOLFSSL_CTX* ctx, +WOLFSSL_API int wolfSSL_CTX_UseOCSPStaplingV2(WOLFSSL_CTX* ctx, unsigned char status_type, unsigned char options); #endif From 2e00b12b692ca65c1c71df0b1fabe3300f6f16f9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Mon, 28 Dec 2015 17:55:41 -0300 Subject: [PATCH 21/22] updates configure.ac with better option naming. --- configure.ac | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/configure.ac b/configure.ac index 35497b851..055dd78a5 100644 --- a/configure.ac +++ b/configure.ac @@ -1658,7 +1658,7 @@ fi # Certificate Status Request : a.k.a. OCSP Stapling AC_ARG_ENABLE([ocspstapling], - [AS_HELP_STRING([--enable-ocspstapling],[Enable Certificate Status Request - a.k.a. OCSP Stapling (default: disabled)])], + [AS_HELP_STRING([--enable-ocspstapling],[Enable OCSP Stapling (default: disabled)])], [ ENABLED_CERTIFICATE_STATUS_REQUEST=$enableval ], [ ENABLED_CERTIFICATE_STATUS_REQUEST=no ] ) @@ -1680,7 +1680,7 @@ AM_CONDITIONAL([BUILD_OCSP_STAPLING], [test "x$ENABLED_CERTIFICATE_STATUS_REQUES # Certificate Status Request v2 : a.k.a. OCSP stapling v2 AC_ARG_ENABLE([ocspstapling2], - [AS_HELP_STRING([--enable-ocspstapling2],[Enable Certificate Status Request v2 - a.k.a. OCSP Stapling v2 (default: disabled)])], + [AS_HELP_STRING([--enable-ocspstapling2],[Enable OCSP Stapling v2 (default: disabled)])], [ ENABLED_CERTIFICATE_STATUS_REQUEST_V2=$enableval ], [ ENABLED_CERTIFICATE_STATUS_REQUEST_V2=no ] ) @@ -2743,8 +2743,8 @@ echo " * Server Name Indication: $ENABLED_SNI" echo " * ALPN: $ENABLED_ALPN" echo " * Maximum Fragment Length: $ENABLED_MAX_FRAGMENT" echo " * Truncated HMAC: $ENABLED_TRUNCATED_HMAC" -echo " * Certificate Status Request: $ENABLED_CERTIFICATE_STATUS_REQUEST" -echo " * Certificate Status Request v2: $ENABLED_CERTIFICATE_STATUS_REQUEST_V2" +echo " * OCSP Stapling: $ENABLED_CERTIFICATE_STATUS_REQUEST" +echo " * OCSP Stapling v2: $ENABLED_CERTIFICATE_STATUS_REQUEST_V2" echo " * Supported Elliptic Curves: $ENABLED_SUPPORTED_CURVES" echo " * Session Ticket: $ENABLED_SESSION_TICKET" echo " * Renegotiation Indication: $ENABLED_RENEGOTIATION_INDICATION" From 487bb4eb5e92a852ca3b055ebad333c0c5f81448 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Mon, 28 Dec 2015 19:33:06 -0300 Subject: [PATCH 22/22] fixes before merge --- examples/client/client.c | 2 +- src/internal.c | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/examples/client/client.c b/examples/client/client.c index db4eef7d6..fa84beb0d 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -484,7 +484,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #ifndef WOLFSSL_VXWORKS while ((ch = mygetopt(argc, argv, - "?gdeDusmNrwRitfxXUPCVh:p:v:l:A:c:k:Z:b:zS:L:ToO:aB:W:")) != -1) { + "?gdeDusmNrwRitfxXUPCVh:p:v:l:A:c:k:Z:b:zS:F:L:ToO:aB:W:")) != -1) { switch (ch) { case '?' : Usage(); diff --git a/src/internal.c b/src/internal.c index d2fc96ef6..41708b9f7 100644 --- a/src/internal.c +++ b/src/internal.c @@ -8358,7 +8358,7 @@ static int BuildCertificateStatus(WOLFSSL* ssl, byte type, buffer* status, idx += status[i].length; } - if (ssl->keys.encryptionOn) { + if (IsEncryptionOn(ssl, 1)) { byte* input; int inputSz = idx - RECORD_HEADER_SZ; @@ -8367,7 +8367,8 @@ static int BuildCertificateStatus(WOLFSSL* ssl, byte type, buffer* status, return MEMORY_E; XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz); - sendSz = BuildMessage(ssl, output, sendSz, input,inputSz,handshake); + sendSz = BuildMessage(ssl, output, sendSz, input, inputSz, + handshake, 1); XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); if (sendSz < 0)