feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge branch 'crl-revoked'

Browse Source
This commit is contained in:
toddouska
2015-07-23 16:40:30 -07:00
parent 03a50c128a 9f7209b484
commit ddb638d020
11 changed files with 439 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
certs/crl/crl.pem
View File

@ -2,38 +2,40 @@ Certificate Revocation List (CRL):
Version 2 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Last Update: May 7 18:21:01 2015 GMT
Next Update: Jan 31 18:21:01 2018 GMT
Last Update: Jul 23 22:05:10 2015 GMT
Next Update: Apr 18 22:05:10 2018 GMT
CRL extensions:
X509v3 CRL Number:
1
No Revoked Certificates.
Revoked Certificates:
Serial Number: 02
Revocation Date: Jul 23 22:05:10 2015 GMT
Signature Algorithm: sha256WithRSAEncryption
96:e2:b9:11:e0:e5:25:be:ab:69:e5:fa:8a:5c:7f:fc:6f:1d:
8f:4a:54:70:f8:2e:87:fa:b0:f6:fd:3f:8f:9c:75:8a:eb:62:
cc:dd:2c:0a:8c:31:9e:30:3f:22:9b:91:50:6b:43:fd:32:8a:
79:ea:0b:6b:68:6c:82:9c:79:da:20:95:83:25:5e:09:fc:57:
2d:19:f9:bc:5a:67:95:98:65:dc:2d:91:13:2a:81:c2:6d:ff:
12:48:6f:a4:ce:8a:b2:d3:19:b8:c2:86:e0:ba:91:3f:bb:ec:
c6:79:83:50:95:19:95:28:eb:ef:ff:bb:16:8f:3c:7d:4c:d1:
3e:c3:82:22:8f:c5:e8:0e:b3:64:8f:5d:53:32:d5:98:64:9c:
36:c4:6a:cf:68:21:4f:a8:4e:90:37:76:dc:05:70:66:2d:bc:
a0:d8:19:5c:96:90:d6:b9:09:56:46:07:be:3c:ae:08:bb:26:
26:21:2c:d1:48:01:88:28:bc:21:a4:97:b7:3b:f0:7e:67:73:
84:cf:21:43:e7:dd:53:9d:6a:59:c3:e5:98:c9:69:71:c3:e3:
70:28:ba:f9:69:0a:af:78:e5:83:02:13:7e:08:70:8c:f3:8b:
5d:96:b0:78:b9:d9:99:c5:1e:b7:45:dc:28:32:1a:d0:50:4b:
f4:41:92:19
68:55:84:c7:53:54:06:ea:3e:f2:d0:3d:e6:30:84:d5:12:82:
55:5b:4c:74:60:49:5d:4f:73:cd:cc:5f:42:bf:0d:93:93:a6:
81:60:9d:0c:7f:c6:75:f0:77:77:1f:81:cf:02:4a:7f:2e:e3:
1b:c4:b0:eb:0f:25:53:3d:78:7b:3e:8f:16:5e:37:c6:fd:f5:
93:bb:9a:d7:f1:78:eb:78:9f:5d:44:85:e0:5e:14:8b:b5:2b:
c5:af:23:43:82:27:0b:db:de:12:4a:1a:23:a7:f3:d9:3a:3f:
6f:23:e2:53:a0:ef:1e:b5:f2:da:c8:00:d2:f0:57:78:af:5d:
e3:8e:c4:06:27:7d:3d:ee:04:06:96:7a:9b:34:d9:e9:bc:a3:
2d:6c:01:36:c4:5d:bf:c5:7f:74:f3:bb:55:75:ff:a1:a9:66:
cc:b2:e0:a0:f6:0b:05:e1:ac:69:42:3f:df:b4:dd:8f:37:5c:
f5:09:4f:a7:c3:d6:ae:a2:c6:63:f3:ed:03:df:3c:ee:58:c1:
45:e8:85:7b:99:aa:fc:7d:ae:69:94:b9:50:0a:76:7d:b9:fd:
74:55:b8:b1:37:75:7d:f7:e6:1a:91:cd:68:b6:49:37:cb:c8:
e1:69:57:1b:c6:ef:ec:0a:fa:d3:72:92:95:ec:f1:c1:c3:53:
7d:fb:d0:66
-----BEGIN X509 CRL-----
MIIB7jCB1wIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV
MIICBDCB7QIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV
BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3Ro
MRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE1MDUwNzE4MjEwMVoX
DTE4MDEzMTE4MjEwMVqgDjAMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IB
AQCW4rkR4OUlvqtp5fqKXH/8bx2PSlRw+C6H+rD2/T+PnHWK62LM3SwKjDGeMD8i
m5FQa0P9Mop56gtraGyCnHnaIJWDJV4J/FctGfm8WmeVmGXcLZETKoHCbf8SSG+k
zoqy0xm4wobgupE/u+zGeYNQlRmVKOvv/7sWjzx9TNE+w4Iij8XoDrNkj11TMtWY
ZJw2xGrPaCFPqE6QN3bcBXBmLbyg2BlclpDWuQlWRge+PK4IuyYmISzRSAGIKLwh
pJe3O/B+Z3OEzyFD591TnWpZw+WYyWlxw+NwKLr5aQqveOWDAhN+CHCM84tdlrB4
udmZxR63RdwoMhrQUEv0QZIZ
HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE1MDcyMzIyMDUxMFoX
DTE4MDQxODIyMDUxMFowFDASAgECFw0xNTA3MjMyMjA1MTBaoA4wDDAKBgNVHRQE
AwIBATANBgkqhkiG9w0BAQsFAAOCAQEAaFWEx1NUBuo+8tA95jCE1RKCVVtMdGBJ
XU9zzcxfQr8Nk5OmgWCdDH/GdfB3dx+BzwJKfy7jG8Sw6w8lUz14ez6PFl43xv31
k7ua1/F463ifXUSF4F4Ui7Urxa8jQ4InC9veEkoaI6fz2To/byPiU6DvHrXy2sgA
0vBXeK9d447EBid9Pe4EBpZ6mzTZ6byjLWwBNsRdv8V/dPO7VXX/oalmzLLgoPYL
BeGsaUI/37Tdjzdc9QlPp8PWrqLGY/PtA9887ljBReiFe5mq/H2uaZS5UAp2fbn9
dFW4sTd1fffmGpHNaLZJN8vI4WlXG8bv7Ar603KSlezxwcNTffvQZg==
-----END X509 CRL-----

63
certs/crl/crl.revoked
View File

@ -2,40 +2,43 @@ Certificate Revocation List (CRL):
Version 2 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Last Update: May 7 18:21:01 2015 GMT
Next Update: Jan 31 18:21:01 2018 GMT
Last Update: Jul 22 16:17:45 2015 GMT
Next Update: Apr 17 16:17:45 2018 GMT
CRL extensions:
X509v3 CRL Number:
2
7
Revoked Certificates:
Serial Number: 01
Revocation Date: May 7 18:21:01 2015 GMT
Revocation Date: Jul 22 16:17:45 2015 GMT
Serial Number: 02
Revocation Date: Jul 22 16:17:45 2015 GMT
Signature Algorithm: sha256WithRSAEncryption
b7:34:2b:1c:09:6b:a2:9c:12:4f:fd:ef:69:4c:a4:1d:f2:39:
52:29:98:78:b2:86:ea:54:9b:29:e5:c2:88:0e:2f:f9:d2:5b:
9d:49:37:68:26:6c:45:61:d4:9d:05:ef:2d:ca:78:0a:d0:28:
c1:25:f2:f7:6a:ad:df:1d:eb:8a:66:64:4d:0c:02:91:fb:ff:
70:b4:36:b6:e4:79:17:d5:18:6a:72:17:e1:8b:31:49:04:98:
96:88:42:ea:8c:fe:91:40:5a:c5:ad:3b:da:9a:47:43:d6:e9:
f6:59:75:49:91:a9:e4:8b:c8:03:60:6b:36:69:87:71:f1:5b:
92:00:51:bb:fe:d5:4f:0d:0e:f2:56:38:e3:b6:cb:76:11:7b:
17:ad:a5:da:37:87:f2:49:af:73:42:56:ed:6c:a1:8d:46:5c:
dd:00:a7:8f:1f:5a:dd:d7:87:89:43:30:32:fe:e2:d4:b1:29:
12:11:ef:22:0d:8f:7f:c5:33:3b:a9:a7:52:0c:25:b8:0c:e6:
8a:8b:68:8f:55:84:65:04:c7:44:48:36:02:4d:4e:43:09:1d:
1f:3b:f9:4a:0e:ff:59:42:ca:be:0e:a7:79:89:19:31:73:5a:
45:6c:70:56:4d:1b:8a:59:c4:6d:ca:bc:f7:41:c4:f6:f0:fd:
9c:7e:f1:7e
7f:61:91:8a:8c:c1:23:f1:d4:98:d9:67:67:1e:d2:54:2a:ce:
b8:41:d1:f7:c4:88:84:01:a5:52:d6:42:d1:af:e6:c8:fb:13:
51:9e:2e:18:c1:e7:9d:83:81:79:d3:34:a3:14:a8:1c:7b:9e:
07:2b:fb:73:31:ce:17:52:69:80:cc:f7:fd:42:e3:1c:e0:63:
66:70:52:81:09:cc:be:51:02:2c:33:9a:ec:21:15:81:9f:7a:
10:d0:9c:23:f4:e6:b3:2b:e2:36:0e:fb:79:da:52:2c:bc:fa:
dd:9c:53:6b:48:b0:6a:56:5c:7b:87:53:18:94:c4:37:03:bf:
13:18:e3:a4:26:e0:66:0c:dc:e5:99:84:5d:36:69:01:f4:69:
d4:06:eb:43:ff:4f:f5:17:46:9d:b7:cb:45:ec:0d:9e:9c:4a:
96:3c:0b:92:c5:fb:de:d4:3f:af:a9:5e:b1:6f:9d:d7:8b:b5:
ab:86:b6:eb:00:da:b1:f4:6d:72:2d:9b:ec:f3:1b:2f:24:99:
d5:04:7b:4f:f8:7a:2e:4e:b6:ee:be:f8:50:d2:96:96:6f:f6:
3a:c2:7f:35:48:82:1a:84:64:03:e8:58:8e:0c:dc:62:97:cd:
82:ff:16:93:ac:44:14:e1:ae:fc:fb:52:25:b6:0d:70:ec:c4:
93:42:37:af
-----BEGIN X509 CRL-----
MIICBDCB7QIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV
BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3Ro
MRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE1MDUwNzE4MjEwMVoX
DTE4MDEzMTE4MjEwMVowFDASAgEBFw0xNTA1MDcxODIxMDFaoA4wDDAKBgNVHRQE
AwIBAjANBgkqhkiG9w0BAQsFAAOCAQEAtzQrHAlropwST/3vaUykHfI5UimYeLKG
6lSbKeXCiA4v+dJbnUk3aCZsRWHUnQXvLcp4CtAowSXy92qt3x3rimZkTQwCkfv/
cLQ2tuR5F9UYanIX4YsxSQSYlohC6oz+kUBaxa072ppHQ9bp9ll1SZGp5IvIA2Br
NmmHcfFbkgBRu/7VTw0O8lY447bLdhF7F62l2jeH8kmvc0JW7WyhjUZc3QCnjx9a
3deHiUMwMv7i1LEpEhHvIg2Pf8UzO6mnUgwluAzmiotoj1WEZQTHREg2Ak1OQwkd
Hzv5Sg7/WULKvg6neYkZMXNaRWxwVk0bilnEbcq890HE9vD9nH7xfg==
MIICGTCCAQECAQEwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVTMRAwDgYD
VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290
aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xNTA3MjIxNjE3NDVa
Fw0xODA0MTcxNjE3NDVaMCgwEgIBARcNMTUwNzIyMTYxNzQ1WjASAgECFw0xNTA3
MjIxNjE3NDVaoA4wDDAKBgNVHRQEAwIBBzANBgkqhkiG9w0BAQsFAAOCAQEAf2GR
iozBI/HUmNlnZx7SVCrOuEHR98SIhAGlUtZC0a/myPsTUZ4uGMHnnYOBedM0oxSo
HHueByv7czHOF1JpgMz3/ULjHOBjZnBSgQnMvlECLDOa7CEVgZ96ENCcI/Tmsyvi
Ng77edpSLLz63ZxTa0iwalZce4dTGJTENwO/ExjjpCbgZgzc5ZmEXTZpAfRp1Abr
Q/9P9RdGnbfLRewNnpxKljwLksX73tQ/r6lesW+d14u1q4a26wDasfRtci2b7PMb
LySZ1QR7T/h6Lk627r74UNKWlm/2OsJ/NUiCGoRkA+hYjgzcYpfNgv8Wk6xEFOGu
/PtSJbYNcOzEk0I3rw==
-----END X509 CRL-----

28
certs/crl/gencrls.sh
View File

@ -2,9 +2,36 @@
# gencrls, crl config already done, see taoCerts.txt for setup
function setup_files() {
#set up the file system for updating the crls
echo "setting up the file system for generating the crls..."
echo ""
touch ./index.txt
touch ./crlnumber
echo "01" >> crlnumber
touch ./blank.index.txt
mkdir demoCA
touch ./demoCA/index.txt
}
function cleanup_files() {
rm blank.index.txt
rm index.*
rm crlnumber*
rm -r demoCA
echo "Removed ../wolfssl.cnf, blank.index.txt, index.*, crlnumber*, demoCA/"
echo ""
exit 0
}
trap cleanup_files EXIT
#setup the files
setup_files
# caCrl
# revoke server-revoked-cert.pem
openssl ca -config ../renewcerts/wolfssl.cnf -revoke ../server-revoked-cert.pem -keyfile ../ca-key.pem -cert ../ca-cert.pem
openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out crl.pem -keyfile ../ca-key.pem -cert ../ca-cert.pem
# metadata
@ -55,3 +82,4 @@ mv tmp eccSrvCRL.pem
# install (only needed if working outside wolfssl)
#cp eccSrvCRL.pem ~/wolfssl/certs/crl/eccSrvCRL.pem
exit 0

18
certs/gen_revoked.sh Executable file
View File

@ -0,0 +1,18 @@
###########################################################
########## update and sign server-revoked-key.pem ################
###########################################################
echo "Updating server-revoked-cert.pem"
echo ""
#pipe the following arguments to openssl req...
echo -e "US\nMontana\nBozeman\nwolfSSL_revoked\nSupport_revoked\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key server-revoked-key.pem -nodes > server-revoked-req.pem
openssl x509 -req -in server-revoked-req.pem -extfile renewcerts/wolfssl.cnf -extensions wolfssl_opts -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 02 > server-revoked-cert.pem
rm server-revoked-req.pem
openssl x509 -in ca-cert.pem -text > ca_tmp.pem
openssl x509 -in server-revoked-cert.pem -text > srv_tmp.pem
mv srv_tmp.pem server-revoked-cert.pem
cat ca_tmp.pem >> server-revoked-cert.pem
rm ca_tmp.pem

2
certs/include.am
View File

@ -25,6 +25,8 @@ EXTRA_DIST += \
certs/server-keyPkcs8Enc2.pem \
certs/server-keyPkcs8Enc.pem \
certs/server-keyPkcs8.pem \
certs/server-revoked-cert.pem \
certs/server-revoked-key.pem \
certs/wolfssl-website-ca.pem
EXTRA_DIST += \
certs/ca-key.der \

33
certs/renewcerts.sh
View File

@ -98,6 +98,23 @@ function run_renewcerts(){
mv srv_tmp.pem server-cert.pem
cat ca_tmp.pem >> server-cert.pem
rm ca_tmp.pem
###########################################################
########## update and sign server-revoked-key.pem #########
###########################################################
echo "Updating server-revoked-cert.pem"
echo ""
#pipe the following arguments to openssl req...
echo -e "US\nMontana\nBozeman\nwolfSSL_revoked\nSupport_revoked\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key server-revoked-key.pem -nodes > server-revoked-req.pem
openssl x509 -req -in server-revoked-req.pem -extfile wolfssl.cnf -extensions wolfssl_opts -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 02 > server-revoked-cert.pem
rm server-revoked-req.pem
openssl x509 -in ca-cert.pem -text > ca_tmp.pem
openssl x509 -in server-revoked-cert.pem -text > srv_tmp.pem
mv srv_tmp.pem server-revoked-cert.pem
cat ca_tmp.pem >> server-revoked-cert.pem
rm ca_tmp.pem
############################################################
########## update and sign the server-ecc-rsa.pem ##########
############################################################
@ -181,16 +198,6 @@ function run_renewcerts(){
echo "We are back in the certs directory"
echo ""
#set up the file system for updating the crls
echo "setting up the file system for generating the crls..."
echo ""
touch crl/index.txt
touch crl/crlnumber
echo "01" >> crl/crlnumber
touch crl/blank.index.txt
mkdir crl/demoCA
touch crl/demoCA/index.txt
echo "Updating the crls..."
echo ""
cd crl
@ -205,12 +212,6 @@ function run_renewcerts(){
echo ""
rm ../wolfssl.cnf
rm blank.index.txt
rm index.*
rm crlnumber*
rm -r demoCA
echo "Removed ../wolfssl.cnf, blank.index.txt, index.*, crlnumber*, demoCA/"
echo ""
}

173
certs/server-revoked-cert.pem Normal file
View File

@ -0,0 +1,173 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
Not Before: Jul 23 22:04:57 2015 GMT
Not After : Apr 18 22:04:57 2018 GMT
Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_revoked, OU=Support_revoked, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b0:14:16:3a:43:dd:e1:50:45:4f:cf:80:b3:dd:
66:96:c7:e9:f4:dc:de:b6:6b:24:1b:76:48:ac:c6:
23:a5:a7:e4:05:19:bd:b7:f6:de:fa:ff:ed:5b:3c:
79:8a:a9:d5:f1:fb:eb:c8:b1:e4:b2:ab:52:72:89:
93:22:5c:ba:cd:8a:36:2a:2c:d1:40:ec:a8:66:0e:
c3:76:cd:e7:b3:a3:0a:1e:dd:4a:07:82:17:81:ba:
de:57:ce:b6:32:81:c7:bd:11:bb:e9:15:22:4e:e2:
16:ac:e3:d4:c0:68:88:6c:11:fc:c2:bd:1b:db:1d:
fd:e6:43:c7:1b:33:b8:f4:e5:1b:59:39:12:38:4d:
2d:9b:64:68:98:fc:8d:72:12:91:f2:24:25:6c:4c:
4a:48:57:92:00:cc:7e:d8:d4:3d:b8:1d:f2:9e:ea:
b2:23:0f:51:0f:11:41:1c:f5:27:00:1b:08:7a:12:
3a:05:5b:03:24:fe:b1:7b:20:fa:e4:a8:58:c6:ca:
ce:7f:be:95:01:12:9d:05:e6:39:13:1b:c0:3e:56:
2e:2b:9f:76:37:de:de:9b:e0:0d:7a:63:0d:a7:22:
58:db:31:c7:f7:b4:46:5c:ba:b6:4b:48:b1:18:9a:
68:b3:63:47:fd:af:12:5f:2f:fe:10:cb:58:2b:33:
68:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:09:2B:59:E1:2A:EE:D9:EE:40:AA:9C:AB:F0:5D:28:09:4F:22:BB
X509v3 Authority Key Identifier:
keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:D9:80:3A:C3:D2:F4:DA:37
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
34:66:48:5b:30:5c:6e:fa:76:c9:6a:ce:07:79:d9:99:fa:7a:
9d:80:2d:fc:51:78:71:c4:31:2c:40:28:c8:63:26:6f:d2:39:
63:97:3f:00:d3:d0:69:10:3f:a9:00:07:7b:59:44:85:29:03:
31:0a:d8:ed:88:e5:1e:fa:e0:8c:9b:e0:7e:6e:d6:fb:7c:cc:
cf:bd:43:0a:df:15:bd:8f:2a:6f:b2:51:19:b8:2a:64:0e:25:
68:75:af:43:5a:bf:40:2b:69:9c:27:81:0c:5d:78:a1:55:a4:
21:a0:87:9e:a2:aa:60:ac:da:2f:30:f5:d5:c9:c1:22:6b:c1:
06:c2:42:c7:56:35:13:cd:af:5f:c9:89:bf:e9:30:b3:92:bc:
21:6d:b8:23:85:46:44:3f:52:72:a4:7b:95:41:1a:b1:03:92:
aa:0c:5c:2e:16:95:c5:60:7a:6c:6b:f8:ae:9b:b7:08:c9:1f:
0d:85:91:e0:7f:bc:0d:0d:c7:69:2d:5f:99:b7:88:06:be:c5:
d3:84:1a:46:b6:cb:53:04:27:e9:71:36:72:41:f6:63:9b:cb:
25:6f:16:8b:0e:ef:42:db:b5:27:45:cf:a7:3e:3e:ae:78:7c:
d8:6b:a8:f6:52:e4:a7:93:b7:8c:94:d2:4a:93:04:20:67:aa:
c3:ea:24:f9
-----BEGIN CERTIFICATE-----
MIIErjCCA5agAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUwNzIz
MjIwNDU3WhcNMTgwNDE4MjIwNDU3WjCBoDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xGDAWBgNVBAoMD3dvbGZTU0xfcmV2
b2tlZDEYMBYGA1UECwwPU3VwcG9ydF9yZXZva2VkMRgwFgYDVQQDDA93d3cud29s
ZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwFBY6Q93hUEVPz4Cz3WaWx+n03N62
ayQbdkisxiOlp+QFGb239t76/+1bPHmKqdXx++vIseSyq1JyiZMiXLrNijYqLNFA
7KhmDsN2zeezowoe3UoHgheBut5XzrYygce9EbvpFSJO4has49TAaIhsEfzCvRvb
Hf3mQ8cbM7j05RtZORI4TS2bZGiY/I1yEpHyJCVsTEpIV5IAzH7Y1D24HfKe6rIj
D1EPEUEc9ScAGwh6EjoFWwMk/rF7IPrkqFjGys5/vpUBEp0F5jkTG8A+Vi4rn3Y3
3t6b4A16Yw2nIljbMcf3tEZcurZLSLEYmmizY0f9rxJfL/4Qy1grM2iFAgMBAAGj
gfwwgfkwHQYDVR0OBBYEFNgJK1nhKu7Z7kCqnKvwXSgJTyK7MIHJBgNVHSMEgcEw
gb6AFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJVUzEQ
MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3
dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJANmAOsPS9No3
MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBADRmSFswXG76dslqzgd5
2Zn6ep2ALfxReHHEMSxAKMhjJm/SOWOXPwDT0GkQP6kAB3tZRIUpAzEK2O2I5R76
4Iyb4H5u1vt8zM+9QwrfFb2PKm+yURm4KmQOJWh1r0Nav0AraZwngQxdeKFVpCGg
h56iqmCs2i8w9dXJwSJrwQbCQsdWNRPNr1/Jib/pMLOSvCFtuCOFRkQ/UnKke5VB
GrEDkqoMXC4WlcVgemxr+K6btwjJHw2FkeB/vA0Nx2ktX5m3iAa+xdOEGka2y1ME
J+lxNnJB9mObyyVvFosO70LbtSdFz6c+Pq54fNhrqPZS5KeTt4yU0kqTBCBnqsPq
JPk=
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15672591315981621815 (0xd9803ac3d2f4da37)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
Not Before: May 7 18:21:01 2015 GMT
Not After : Jan 31 18:21:01 2018 GMT
Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a:
f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac:
de:03:66:ee:2a:f1:d8:b0:7d:6e:07:54:0b:10:98:
21:4d:80:cb:12:20:e7:cc:4f:de:45:7d:c9:72:77:
32:ea:ca:90:bb:69:52:10:03:2f:a8:f3:95:c5:f1:
8b:62:56:1b:ef:67:6f:a4:10:41:95:ad:0a:9b:e3:
a5:c0:b0:d2:70:76:50:30:5b:a8:e8:08:2c:7c:ed:
a7:a2:7a:8d:38:29:1c:ac:c7:ed:f2:7c:95:b0:95:
82:7d:49:5c:38:cd:77:25:ef:bd:80:75:53:94:3c:
3d:ca:63:5b:9f:15:b5:d3:1d:13:2f:19:d1:3c:db:
76:3a:cc:b8:7d:c9:e5:c2:d7:da:40:6f:d8:21:dc:
73:1b:42:2d:53:9c:fe:1a:fc:7d:ab:7a:36:3f:98:
de:84:7c:05:67:ce:6a:14:38:87:a9:f1:8c:b5:68:
cb:68:7f:71:20:2b:f5:a0:63:f5:56:2f:a3:26:d2:
b7:6f:b1:5a:17:d7:38:99:08:fe:93:58:6f:fe:c3:
13:49:08:16:0b:a7:4d:67:00:52:31:67:23:4e:98:
ed:51:45:1d:b9:04:d9:0b:ec:d8:28:b3:4b:bd:ed:
36:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
X509v3 Authority Key Identifier:
keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:D9:80:3A:C3:D2:F4:DA:37
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
7a:af:44:3b:aa:6f:53:42:b2:33:aa:43:5f:56:30:d3:b9:96:
0b:9a:55:5a:39:2a:0b:4e:e4:2e:f1:95:66:c9:86:36:82:8d:
63:7c:4d:a2:ee:48:ba:03:c7:90:d7:a7:c6:74:60:48:5f:31:
a2:f9:5e:3e:c3:82:e1:e5:2f:41:81:83:29:25:79:d1:53:00:
69:3c:ed:0a:30:3b:41:1d:92:a1:2c:a8:9d:2c:e3:23:87:79:
e0:55:6e:91:a8:50:da:46:2f:c2:20:50:3e:2b:47:97:14:b0:
7d:04:ba:45:51:d0:6e:e1:5a:a2:4b:84:9c:4d:cd:85:04:f9:
28:31:82:93:bc:c7:59:49:91:03:e8:df:6a:e4:56:ad:6a:cb:
1f:0d:37:e4:5e:bd:e7:9f:d5:ec:9d:3c:18:25:9b:f1:2f:50:
7d:eb:31:cb:f1:63:22:9d:57:fc:f3:84:20:1a:c6:07:87:92:
26:9e:15:18:59:33:06:dc:fb:b0:b6:76:5d:f1:c1:2f:c8:2f:
62:9c:c0:d6:de:eb:65:77:f3:5c:a6:c3:88:27:96:75:b4:f4:
54:cd:ff:2d:21:2e:96:f0:07:73:4b:e9:93:92:90:de:62:d9:
a3:3b:ac:6e:24:5f:27:4a:b3:94:70:ff:30:17:e7:7e:32:8f:
65:b7:75:58
-----BEGIN CERTIFICATE-----
MIIEqjCCA5KgAwIBAgIJANmAOsPS9No3MA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD
VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G
A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3
dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe
Fw0xNTA1MDcxODIxMDFaFw0xODAxMzExODIxMDFaMIGUMQswCQYDVQQGEwJVUzEQ
MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3
dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAL8Myi0Ush6EQlvNOB9K8k11EPG2NZ/fyn0D
mNOs3gNm7irx2LB9bgdUCxCYIU2AyxIg58xP3kV9yXJ3MurKkLtpUhADL6jzlcXx
i2JWG+9nb6QQQZWtCpvjpcCw0nB2UDBbqOgILHztp6J6jTgpHKzH7fJ8lbCVgn1J
XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc
/hr8fat6Nj+Y3oR8BWfOahQ4h6nxjLVoy2h/cSAr9aBj9VYvoybSt2+xWhfXOJkI
/pNYb/7DE0kIFgunTWcAUjFnI06Y7VFFHbkE2Qvs2CizS73tNnkCAwEAAaOB/DCB
+TAdBgNVHQ4EFgQUJ45nEXTDJh0/7TNjs6TYHTDl6NUwgckGA1UdIwSBwTCBvoAU
J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD
VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290
aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkA2YA6w9L02jcwDAYD
VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAeq9EO6pvU0KyM6pDX1Yw07mW
C5pVWjkqC07kLvGVZsmGNoKNY3xNou5IugPHkNenxnRgSF8xovlePsOC4eUvQYGD
KSV50VMAaTztCjA7QR2SoSyonSzjI4d54FVukahQ2kYvwiBQPitHlxSwfQS6RVHQ
buFaokuEnE3NhQT5KDGCk7zHWUmRA+jfauRWrWrLHw035F6955/V7J08GCWb8S9Q
fesxy/FjIp1X/POEIBrGB4eSJp4VGFkzBtz7sLZ2XfHBL8gvYpzA1t7rZXfzXKbD
iCeWdbT0VM3/LSEulvAHc0vpk5KQ3mLZozusbiRfJ0qzlHD/MBfnfjKPZbd1WA==
-----END CERTIFICATE-----

27
certs/server-revoked-key.pem Normal file
View File

@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAsBQWOkPd4VBFT8+As91mlsfp9NzetmskG3ZIrMYjpafkBRm9
t/be+v/tWzx5iqnV8fvryLHksqtScomTIly6zYo2KizRQOyoZg7Dds3ns6MKHt1K
B4IXgbreV862MoHHvRG76RUiTuIWrOPUwGiIbBH8wr0b2x395kPHGzO49OUbWTkS
OE0tm2RomPyNchKR8iQlbExKSFeSAMx+2NQ9uB3ynuqyIw9RDxFBHPUnABsIehI6
BVsDJP6xeyD65KhYxsrOf76VARKdBeY5ExvAPlYuK592N97em+ANemMNpyJY2zHH
97RGXLq2S0ixGJpos2NH/a8SXy/+EMtYKzNohQIDAQABAoIBAQCfamBBekZ9gxZt
ztmgfvgt1WutZPdCwzgaoPnlazLE/X9FWuvYjeuN5n44V0VXVLK99q6fsufzF4d6
6bHLr5b1Fog5oQAHPvysAfvYKU345sj37rPinla3/r7lUuLEUZnMRS0TNy4rqyiK
eW+akEnLRnHIwjxhIwNIId83cpmnJfE7ZV7svZvk6Ctc//prFa/Y2AwkZcM2j2iG
xc4kOXr0Y8DE4FYQEZgdJCoYfVDihcwtVXUGm+ZMBNhLzK/KuSxdjL6ySzdCSE9M
mS4ZJPManR9LOIGsKlFsJrGWnFOm/GOMkzdBSLoEqRogHhYsvn7oDnLMHqPA/gE0
M85ytBkVAoGBAOO/tTCd94kDfkXar+5+KvcYwQbwnMIbrN0TiIudpaSnE0dBFqU3
oNC2K+PoGBgwEsEr2ThZCMAbz7NQJYmmNlNlSMNBzeud59F3BqMk3J6k62E0+Fnt
C8OFfZ8V0vbdGehmeArEqHDcRJZBFsrUWb2/9/j4OYpnsozkp6H1pWQrAoGBAMXr
jouX1qXLfKvYEpOKaSf+yjfULjT33ib885Nw2xlRzI6wkjHFsb8DERK36PA3CakU
cdXb923tMMlLoCvSdDd6Qnx1TLRbYaJSFaOLt2we94AvjHtijM6vO7ftd1XvRWer
/Ip9NT9X1NZxP/NTyUL3DgRmXE4L32fr2FFQEJ4PAoGBAKr2QeFY83RatvNhEigJ
dd8/Kcc337SmacEa5KlJkgpjkMkwRvuHIqUJ2zCeDVg63hk7/TebPkJXnjaQt1z4
9Fbt9Qz93MI+KsLGgqj9Bs/gJQE3biazFt2S25YMH+1IVCZspTgQIBF4h9Py0FU5
ypPyAwdV7nvDE/lHu76MU7c5AoGBALUxR5ioc0vplMNF1wvXpRmGet7Nk1fOrESJ
QvzyTsNJTbo8EDscv/Mc/Z5jXA++c0uleenNrSGoCgffAk3cJ6U6em+ye3yKREH0
X/cPy+ZiGzfxT+0NddcqOcPS1HOJz8Jvg43Nvte0sxd3KpK7W//AacbBZzPUTry2
/5zBbdUlAoGAYglAtoHIC0mQxAe6PXy/QRmgj87fPGsbVFOUwBf8Il2UKpfX9blv
0rHb0kenc/DP7ZHZTgdc5qGgRyg0d3+O7W2rWTv1MiX85rUE03TCcyC2l1+M+iyx
6IdHDjYwa4Kt0nT1JxEMjJxe1uhzJfgYJlcz5Iy4ff0xb8/aH0veedc=
-----END RSA PRIVATE KEY-----

3
configure.ac
View File

@ -1414,7 +1414,7 @@ then
fi
# CRL
# CRL
AC_ARG_ENABLE([crl],
[ --enable-crl Enable CRL (default: disabled)],
[ ENABLED_CRL=$enableval ],
@ -1428,7 +1428,6 @@ fi
AM_CONDITIONAL([BUILD_CRL], [test "x$ENABLED_CRL" = "xyes"])
# CRL Monitor
AC_ARG_ENABLE([crl-monitor],
[ --enable-crl-monitor Enable CRL Monitor (default: disabled)],

103
scripts/crl-revoked.test Executable file
View File

@ -0,0 +1,103 @@
#!/bin/sh
#crl.test
revocation_code="-361"
exit_code=1
counter=0
crl_port=11113
#no_pid tells us process was never started if -1
no_pid=-1
#server_pid captured on startup, stores the id of the server process
server_pid=$no_pid
remove_ready_file() {
if test -e /tmp/wolfssl_server_ready; then
echo -e "removing exisitng server_ready file"
rm /tmp/wolfssl_server_ready
fi
}
# trap this function so if user aborts with ^C or other kill signal we still
# get an exit that will in turn clean up the file system
abort_trap() {
echo "script aborted"
if [ $server_pid != $no_pid ]
then
echo "killing server"
kill -9 $server_pid
fi
exit_code=2 #different exit code in case of user interrupt
echo "got abort signal, exiting with $exit_code"
exit $exit_code
}
trap abort_trap INT TERM
# trap this function so that if we exit on an error the file system will still
# be restored and the other tests may still pass. Never call this function
# instead use "exit <some value>" and this function will run automatically
restore_file_system() {
remove_ready_file
}
trap restore_file_system EXIT
run_test() {
echo -e "\nStarting example server for crl test...\n"
remove_ready_file
# starts the server on crl_port, -R generates ready file to be used as a
# mutex lock, -c loads the revoked certificate. We capture the processid
# into the variable server_pid
./examples/server/server -R -p $crl_port -c certs/server-revoked-cert.pem \
-k certs/server-revoked-key.pem &
server_pid=$!
while [ ! -s /tmp/wolfssl_server_ready -a "$counter" -lt 20 ]; do
echo -e "waiting for server_ready file..."
sleep 0.1
counter=$((counter+ 1))
done
# starts client on crl_port and captures the output from client
capture_out=$(./examples/client/client -p $crl_port 2>&1)
client_result=$?
wait $server_pid
server_result=$?
# look up wild-card match
# read about "job control"
case "$capture_out" in
*$revocation_code*)
# only exit with zero on detection of the expected error code
echo ""
echo "Successful Revocation!!!!"
echo ""
exit_code=0
echo "exiting with $exit_code"
exit $exit_code
;;
*)
echo ""
echo "Certificate was not revoked saw this instead: $capture_out"
echo ""
echo "configure with --enable-crl and run this script again"
echo ""
esac
}
######### begin program #########
# run the test
run_test
# If we get to this exit, exit_code will be a -1 signaling failure
echo "exiting with $exit_code certificate was not revoked"
exit $exit_code
########## end program ##########

8
scripts/include.am
View File

@ -10,10 +10,18 @@ endif
if BUILD_EXAMPLES
dist_noinst_SCRIPTS+= scripts/resume.test
if BUILD_CRL
# make revoked test rely on completion of resume test
dist_noinst_SCRIPTS+= scripts/crl-revoked.test
scripts/crl-revoked.log: scripts/resume.log
endif
if !BUILD_IPV6
dist_noinst_SCRIPTS+= scripts/external.test
dist_noinst_SCRIPTS+= scripts/google.test
endif
endif
EXTRA_DIST += scripts/testsuite.pcap