From 37211d463665dc75e1a957b06279af1e1fde654d Mon Sep 17 00:00:00 2001 From: kaleb-himes Date: Tue, 21 Jul 2015 13:56:47 -0600 Subject: [PATCH 1/9] crl script initialize --- configure.ac | 3 +- scripts/crl.test | 126 +++++++++++++++++++++++++++++++++++++++++++++ scripts/include.am | 4 ++ 3 files changed, 131 insertions(+), 2 deletions(-) create mode 100755 scripts/crl.test diff --git a/configure.ac b/configure.ac index e66b68718..718675ae9 100644 --- a/configure.ac +++ b/configure.ac @@ -1414,7 +1414,7 @@ then fi -# CRL +# CRL AC_ARG_ENABLE([crl], [ --enable-crl Enable CRL (default: disabled)], [ ENABLED_CRL=$enableval ], @@ -1428,7 +1428,6 @@ fi AM_CONDITIONAL([BUILD_CRL], [test "x$ENABLED_CRL" = "xyes"]) - # CRL Monitor AC_ARG_ENABLE([crl-monitor], [ --enable-crl-monitor Enable CRL Monitor (default: disabled)], diff --git a/scripts/crl.test b/scripts/crl.test new file mode 100755 index 000000000..2f4c5a9ee --- /dev/null +++ b/scripts/crl.test @@ -0,0 +1,126 @@ +#!/bin/bash + +#crl.test + +dir="certs/crl" +log_file="tests/unit.log" +result_file="make_test_result.txt" +success_line="err = -361, CRL Cert revoked" +exit_code="0" +allowed_to_run="1" +script_1="testsuite/testsuite.test" +script_2="scripts/*.test" + +# trap this function so that if we exit on an error the file system will still +# be restored and the other tests may still pass. Never call this function +# instead use "exit " and this function will run automatically +function restore_file_system() { + move_bad_crl_out + put_in_good_crl +} +trap restore_file_system EXIT + +function can_start() { + + # NICK: need a better way of controlling when this script executes + # I.E. force it to be last or force it to be first + + # grep for any other test scripts that may be running + $allowed_to_run=`ps aux | grep -i "$script_1" | grep -v "grep" | wc -l` + if [ $allowed_to_run -ge 1 ] + then + echo "script is running" + else + echo "script is not running" + fi +} + +function move_good_crl_out() { + if test -e $dir/crl.pem; then + echo "moving good crl out of the way" + mv $dir/crl.pem $dir/crl.unrevoked + else + echo "file not found: $dir/crl.pem" + echo "Please make sure you're running from wolfSSL_root directory" + $exit_code = -1 + echo "exiting with $exit_code" + exit $exit_code + fi +} + +function put_in_bad_crl() { + if test -e $dir/crl.revoked; then + echo "moving crl with server revoked into place" + mv $dir/crl.revoked $dir/crl.pem + else + echo "file not found: $dir/crl.revoked" + echo "Please make sure you're running from wolfSSL_root directory" + $exit_code = -1 + echo "exiting with $exit_code" + exit $exit_code + fi +} + +function run_test() { + + # NICK: is there a better way then scrubbing the .log file to get the + # error code -361 thoughts? + #consider how we might abstract this up one layer perhaps a c program. + + # Redirect stdout and stderr to reduce "noise" + ./testsuite/testsuite.test &> scripts/ignore.txt + rm scripts/ignore.txt + + if test -e $log_file + then + while read line; + do + if [[ "x$success_line" == "x$line" ]] + then + echo "Successful Revocation!!!!" + fi + done < $log_file + fi +} + +function move_bad_crl_out() { + if test -e $dir/crl.pem; then + echo "moving crl with server revoked out of the way" + mv $dir/crl.pem $dir/crl.revoked + else + echo "file system corrupted. $dir/crl.pem missing after test" + $exit_code = -2 + echo "exiting with $exit_code" + exit $exit_code + fi +} + +function put_in_good_crl() { + if test -e $dir/crl.unrevoked; then + echo "moving good crl back into place" + mv $dir/crl.unrevoked $dir/crl.pem + else + echo "file system corrupted. $dir/crl.unrevoked missing after test" + $exit_code = -2 + echo "exiting with $exit_code" + exit $exit_code + fi +} + +######### begin program ######### + +# check if testsuite is currently running +#can_start + +# move good crl to crl.unrevoked +move_good_crl_out + +# move revoked crl into place +put_in_bad_crl + +# run the test +run_test + +echo "exiting with $exit_code" +exit $exit_code +########## end program ########## diff --git a/scripts/include.am b/scripts/include.am index 924634aa7..95ddbb4dd 100644 --- a/scripts/include.am +++ b/scripts/include.am @@ -16,4 +16,8 @@ dist_noinst_SCRIPTS+= scripts/google.test endif endif +if BUILD_CRL +dist_noinst_SCRIPTS+= scripts/crl.test +endif + EXTRA_DIST += scripts/testsuite.pcap From 4743dfe81312f847548f8b2d13c9262798a30f1a Mon Sep 17 00:00:00 2001 From: kaleb-himes Date: Tue, 21 Jul 2015 15:35:24 -0600 Subject: [PATCH 2/9] add a uniquely, always revoked server-cert for testing --- certs/gen_revoked_certs.sh | 18 ++++ certs/server-revoked.pem | 173 +++++++++++++++++++++++++++++++++++++ 2 files changed, 191 insertions(+) create mode 100755 certs/gen_revoked_certs.sh create mode 100644 certs/server-revoked.pem diff --git a/certs/gen_revoked_certs.sh b/certs/gen_revoked_certs.sh new file mode 100755 index 000000000..619b225bc --- /dev/null +++ b/certs/gen_revoked_certs.sh @@ -0,0 +1,18 @@ + ########################################################### + ########## update and sign server-cert.pem ################ + ########################################################### + echo "Updating server-cert.pem" + echo "" + #pipe the following arguments to openssl req... + echo -e "US\nMontana\nBozeman\nwolfSSL\nSupport\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key server-key.pem -nodes > server-req.pem + + openssl x509 -req -in server-req.pem -extfile renewcerts/wolfssl.cnf -extensions wolfssl_opts -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-revoked.pem + + rm server-req.pem + + openssl x509 -in ca-cert.pem -text > ca_tmp.pem + openssl x509 -in server-revoked.pem -text > srv_tmp.pem + mv srv_tmp.pem server-revoked.pem + cat ca_tmp.pem >> server-revoked.pem + rm ca_tmp.pem + diff --git a/certs/server-revoked.pem b/certs/server-revoked.pem new file mode 100644 index 000000000..399ee8676 --- /dev/null +++ b/certs/server-revoked.pem @@ -0,0 +1,173 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com + Validity + Not Before: Jul 21 21:14:46 2015 GMT + Not After : Apr 16 21:14:46 2018 GMT + Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Support, CN=www.wolfssl.com/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (2048 bit) + Modulus (2048 bit): + 00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27: + 01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6: + f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75: + f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab: + 64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e: + 86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25: + 4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c: + 34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6: + 8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc: + 40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8: + dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3: + e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9: + 64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0: + c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77: + ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4: + b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22: + a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f: + ad:d7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C + X509v3 Authority Key Identifier: + keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 + DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com + serial:D9:80:3A:C3:D2:F4:DA:37 + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha1WithRSAEncryption + 08:2d:bc:b5:b7:d9:89:c3:7c:c3:2d:78:f8:5d:25:17:af:fe: + 4c:ee:50:57:96:98:1d:aa:80:c2:e6:86:ed:c8:c0:fa:45:a1: + 3d:fc:1a:26:28:36:3a:73:d6:e5:bc:9f:24:78:72:c1:33:59: + 21:db:f4:d9:d8:af:6b:8d:0a:f1:8d:51:dd:52:d5:6f:ac:02: + e7:39:5d:2e:ac:8f:99:5d:96:15:fd:a9:f1:01:19:a8:29:a8: + 9d:71:de:f8:c9:60:81:41:f3:20:75:67:20:ef:d5:37:e5:ed: + 9d:d9:f6:87:1d:5a:6a:a7:1e:40:82:df:4f:64:6a:67:9c:a8: + 82:ea:9f:33:fb:23:50:49:2a:90:00:c6:91:82:54:c7:a0:dc: + 01:b6:bb:23:5a:61:48:44:8f:e7:16:26:87:04:59:32:15:72: + bc:ab:f5:60:b5:ca:54:13:fa:28:f7:bc:6c:c5:b8:c1:b4:12: + 31:b6:8a:c1:ad:bf:10:db:7d:c7:02:52:e4:e4:f7:2d:74:04: + e4:28:2c:16:cb:b3:34:fc:c9:95:6a:3d:e9:c4:b8:5c:3f:1f: + ae:d6:17:b6:fd:df:fb:e0:80:d5:78:a8:a8:f6:4f:13:9c:33: + 76:51:f5:d7:de:de:ff:f8:11:c6:f9:d5:e8:93:2a:78:8d:a3: + eb:22:34:0a +-----BEGIN CERTIFICATE----- +MIIEnjCCA4agAwIBAgIBATANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMx +EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh +d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUwNzIx +MjExNDQ2WhcNMTgwNDE2MjExNDQ2WjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgT +B01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xEDAOBgNVBAoTB3dvbGZTU0wxEDAO +BgNVBAsTB1N1cHBvcnQxGDAWBgNVBAMTD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG +SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAMCVCOFXQfJxbbfSRUEnAWXGRa7yvCQwuJXOL07W9hyIvHyf+6hn +f/5cnFF194rKB+c1L4/hvXvAL3yrZKgX/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/X +GQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBjxfZ/C1loeHOmjBipAm2vwxkBLrgQ48bM +QLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq +0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3uhPSl3PiXSXJag3DOWCktLBpQkIJ +6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAAaOB/DCB+TAdBgNVHQ4EFgQU +sxEyyZKYhOLJ+NA7bgNCyh8OjjwwgckGA1UdIwSBwTCBvoAUJ45nEXTDJh0/7TNj +s6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5h +MRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwK +Q29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcN +AQkBFhBpbmZvQHdvbGZzc2wuY29tggkA2YA6w9L02jcwDAYDVR0TBAUwAwEB/zAN +BgkqhkiG9w0BAQUFAAOCAQEACC28tbfZicN8wy14+F0lF6/+TO5QV5aYHaqAwuaG +7cjA+kWhPfwaJig2OnPW5byfJHhywTNZIdv02diva40K8Y1R3VLVb6wC5zldLqyP +mV2WFf2p8QEZqCmonXHe+MlggUHzIHVnIO/VN+Xtndn2hx1aaqceQILfT2RqZ5yo +guqfM/sjUEkqkADGkYJUx6DcAba7I1phSESP5xYmhwRZMhVyvKv1YLXKVBP6KPe8 +bMW4wbQSMbaKwa2/ENt9xwJS5OT3LXQE5CgsFsuzNPzJlWo96cS4XD8frtYXtv3f +++CA1XioqPZPE5wzdlH1197e//gRxvnV6JMqeI2j6yI0Cg== +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + d9:80:3a:c3:d2:f4:da:37 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com + Validity + Not Before: May 7 18:21:01 2015 GMT + Not After : Jan 31 18:21:01 2018 GMT + Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (2048 bit) + Modulus (2048 bit): + 00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a: + f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac: + de:03:66:ee:2a:f1:d8:b0:7d:6e:07:54:0b:10:98: + 21:4d:80:cb:12:20:e7:cc:4f:de:45:7d:c9:72:77: + 32:ea:ca:90:bb:69:52:10:03:2f:a8:f3:95:c5:f1: + 8b:62:56:1b:ef:67:6f:a4:10:41:95:ad:0a:9b:e3: + a5:c0:b0:d2:70:76:50:30:5b:a8:e8:08:2c:7c:ed: + a7:a2:7a:8d:38:29:1c:ac:c7:ed:f2:7c:95:b0:95: + 82:7d:49:5c:38:cd:77:25:ef:bd:80:75:53:94:3c: + 3d:ca:63:5b:9f:15:b5:d3:1d:13:2f:19:d1:3c:db: + 76:3a:cc:b8:7d:c9:e5:c2:d7:da:40:6f:d8:21:dc: + 73:1b:42:2d:53:9c:fe:1a:fc:7d:ab:7a:36:3f:98: + de:84:7c:05:67:ce:6a:14:38:87:a9:f1:8c:b5:68: + cb:68:7f:71:20:2b:f5:a0:63:f5:56:2f:a3:26:d2: + b7:6f:b1:5a:17:d7:38:99:08:fe:93:58:6f:fe:c3: + 13:49:08:16:0b:a7:4d:67:00:52:31:67:23:4e:98: + ed:51:45:1d:b9:04:d9:0b:ec:d8:28:b3:4b:bd:ed: + 36:79 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 + X509v3 Authority Key Identifier: + keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 + DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com + serial:D9:80:3A:C3:D2:F4:DA:37 + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 7a:af:44:3b:aa:6f:53:42:b2:33:aa:43:5f:56:30:d3:b9:96: + 0b:9a:55:5a:39:2a:0b:4e:e4:2e:f1:95:66:c9:86:36:82:8d: + 63:7c:4d:a2:ee:48:ba:03:c7:90:d7:a7:c6:74:60:48:5f:31: + a2:f9:5e:3e:c3:82:e1:e5:2f:41:81:83:29:25:79:d1:53:00: + 69:3c:ed:0a:30:3b:41:1d:92:a1:2c:a8:9d:2c:e3:23:87:79: + e0:55:6e:91:a8:50:da:46:2f:c2:20:50:3e:2b:47:97:14:b0: + 7d:04:ba:45:51:d0:6e:e1:5a:a2:4b:84:9c:4d:cd:85:04:f9: + 28:31:82:93:bc:c7:59:49:91:03:e8:df:6a:e4:56:ad:6a:cb: + 1f:0d:37:e4:5e:bd:e7:9f:d5:ec:9d:3c:18:25:9b:f1:2f:50: + 7d:eb:31:cb:f1:63:22:9d:57:fc:f3:84:20:1a:c6:07:87:92: + 26:9e:15:18:59:33:06:dc:fb:b0:b6:76:5d:f1:c1:2f:c8:2f: + 62:9c:c0:d6:de:eb:65:77:f3:5c:a6:c3:88:27:96:75:b4:f4: + 54:cd:ff:2d:21:2e:96:f0:07:73:4b:e9:93:92:90:de:62:d9: + a3:3b:ac:6e:24:5f:27:4a:b3:94:70:ff:30:17:e7:7e:32:8f: + 65:b7:75:58 +-----BEGIN CERTIFICATE----- +MIIEqjCCA5KgAwIBAgIJANmAOsPS9No3MA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD +VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G +A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3 +dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe +Fw0xNTA1MDcxODIxMDFaFw0xODAxMzExODIxMDFaMIGUMQswCQYDVQQGEwJVUzEQ +MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3 +dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns +LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAL8Myi0Ush6EQlvNOB9K8k11EPG2NZ/fyn0D +mNOs3gNm7irx2LB9bgdUCxCYIU2AyxIg58xP3kV9yXJ3MurKkLtpUhADL6jzlcXx +i2JWG+9nb6QQQZWtCpvjpcCw0nB2UDBbqOgILHztp6J6jTgpHKzH7fJ8lbCVgn1J +XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc +/hr8fat6Nj+Y3oR8BWfOahQ4h6nxjLVoy2h/cSAr9aBj9VYvoybSt2+xWhfXOJkI +/pNYb/7DE0kIFgunTWcAUjFnI06Y7VFFHbkE2Qvs2CizS73tNnkCAwEAAaOB/DCB ++TAdBgNVHQ4EFgQUJ45nEXTDJh0/7TNjs6TYHTDl6NUwgckGA1UdIwSBwTCBvoAU +J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD +VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 +aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t +MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkA2YA6w9L02jcwDAYD +VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAeq9EO6pvU0KyM6pDX1Yw07mW +C5pVWjkqC07kLvGVZsmGNoKNY3xNou5IugPHkNenxnRgSF8xovlePsOC4eUvQYGD +KSV50VMAaTztCjA7QR2SoSyonSzjI4d54FVukahQ2kYvwiBQPitHlxSwfQS6RVHQ +buFaokuEnE3NhQT5KDGCk7zHWUmRA+jfauRWrWrLHw035F6955/V7J08GCWb8S9Q +fesxy/FjIp1X/POEIBrGB4eSJp4VGFkzBtz7sLZ2XfHBL8gvYpzA1t7rZXfzXKbD +iCeWdbT0VM3/LSEulvAHc0vpk5KQ3mLZozusbiRfJ0qzlHD/MBfnfjKPZbd1WA== +-----END CERTIFICATE----- From 27202912e8e2c25b79ec7a5b633092f6a9d582cb Mon Sep 17 00:00:00 2001 From: Nickolas Lapp Date: Tue, 21 Jul 2015 17:17:41 -0600 Subject: [PATCH 3/9] Adjusted gencrls and renewcerts to add a revoked server cert --- certs/crl/gencrls.sh | 3 + certs/renewcerts.sh | 17 ++++ certs/server-revoked-cert.pem | 172 ++++++++++++++++++++++++++++++++++ certs/server-revoked-key.pem | 27 ++++++ 4 files changed, 219 insertions(+) create mode 100644 certs/server-revoked-cert.pem create mode 100644 certs/server-revoked-key.pem diff --git a/certs/crl/gencrls.sh b/certs/crl/gencrls.sh index a18ecf3f7..a84c82510 100755 --- a/certs/crl/gencrls.sh +++ b/certs/crl/gencrls.sh @@ -5,6 +5,9 @@ # caCrl +# revoke server-revoked-cert.pem +openssl ca -config ../renewcerts/wolfssl.cnf -revoke ../server-revoked-cert.pem -keyfile ../ca-key.pem -cert ../ca-cert.pem + openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out crl.pem -keyfile ../ca-key.pem -cert ../ca-cert.pem # metadata diff --git a/certs/renewcerts.sh b/certs/renewcerts.sh index a048b631d..493998b90 100755 --- a/certs/renewcerts.sh +++ b/certs/renewcerts.sh @@ -98,6 +98,23 @@ function run_renewcerts(){ mv srv_tmp.pem server-cert.pem cat ca_tmp.pem >> server-cert.pem rm ca_tmp.pem + ########################################################### + ########## update and sign server-revoked-key.pem ################ + ########################################################### + echo "Updating server-revoked-cert.pem" + echo "" + #pipe the following arguments to openssl req... + echo -e "US\nMontana\nBozeman\nwolfSSL\nSupport\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key server-revoked-key.pem -nodes > server-revoked-req.pem + + openssl x509 -req -in server-revoked-req.pem -extfile wolfssl.cnf -extensions wolfssl_opts -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 02 > server-revoked-cert.pem + + rm server-revoked-req.pem + + openssl x509 -in ca-cert.pem -text > ca_tmp.pem + openssl x509 -in server-revoked-cert.pem -text > srv_tmp.pem + mv srv_tmp.pem server-revoked-cert.pem + cat ca_tmp.pem >> server-revoked-cert.pem + rm ca_tmp.pem ############################################################ ########## update and sign the server-ecc-rsa.pem ########## ############################################################ diff --git a/certs/server-revoked-cert.pem b/certs/server-revoked-cert.pem new file mode 100644 index 000000000..f1a84b26b --- /dev/null +++ b/certs/server-revoked-cert.pem @@ -0,0 +1,172 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com + Validity + Not Before: Jul 21 22:43:25 2015 GMT + Not After : Apr 16 22:43:25 2018 GMT + Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Support, CN=www.wolfssl.com/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:b0:14:16:3a:43:dd:e1:50:45:4f:cf:80:b3:dd: + 66:96:c7:e9:f4:dc:de:b6:6b:24:1b:76:48:ac:c6: + 23:a5:a7:e4:05:19:bd:b7:f6:de:fa:ff:ed:5b:3c: + 79:8a:a9:d5:f1:fb:eb:c8:b1:e4:b2:ab:52:72:89: + 93:22:5c:ba:cd:8a:36:2a:2c:d1:40:ec:a8:66:0e: + c3:76:cd:e7:b3:a3:0a:1e:dd:4a:07:82:17:81:ba: + de:57:ce:b6:32:81:c7:bd:11:bb:e9:15:22:4e:e2: + 16:ac:e3:d4:c0:68:88:6c:11:fc:c2:bd:1b:db:1d: + fd:e6:43:c7:1b:33:b8:f4:e5:1b:59:39:12:38:4d: + 2d:9b:64:68:98:fc:8d:72:12:91:f2:24:25:6c:4c: + 4a:48:57:92:00:cc:7e:d8:d4:3d:b8:1d:f2:9e:ea: + b2:23:0f:51:0f:11:41:1c:f5:27:00:1b:08:7a:12: + 3a:05:5b:03:24:fe:b1:7b:20:fa:e4:a8:58:c6:ca: + ce:7f:be:95:01:12:9d:05:e6:39:13:1b:c0:3e:56: + 2e:2b:9f:76:37:de:de:9b:e0:0d:7a:63:0d:a7:22: + 58:db:31:c7:f7:b4:46:5c:ba:b6:4b:48:b1:18:9a: + 68:b3:63:47:fd:af:12:5f:2f:fe:10:cb:58:2b:33: + 68:85 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + D8:09:2B:59:E1:2A:EE:D9:EE:40:AA:9C:AB:F0:5D:28:09:4F:22:BB + X509v3 Authority Key Identifier: + keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 + DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com + serial:91:68:6B:F0:94:88:41:A2 + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 21:34:8d:f0:1c:89:16:18:69:b6:5a:6a:c5:56:b0:94:24:19: + 80:52:df:54:1c:2e:63:2a:77:e2:52:76:7c:2c:d8:42:9f:13: + be:26:ab:d1:48:1c:52:91:df:33:57:aa:c9:5e:8e:bd:e3:1b: + 1b:6d:97:26:e8:35:7c:06:e2:11:d2:ff:91:63:53:09:dc:62: + fa:57:9e:75:69:3d:a8:b9:3b:6e:52:b9:c8:93:f1:79:ef:4b: + 7f:71:26:ab:e4:30:a5:bd:d3:9b:79:f5:f0:05:3f:f5:66:92: + c3:e2:3f:b6:08:bc:f5:58:77:34:4d:6e:cf:66:2a:b3:7c:e3: + ea:15:b7:92:e2:74:b6:39:44:9e:c5:ea:e5:21:70:a0:47:fc: + 20:7d:79:0a:a0:a8:3c:51:c6:2d:5f:a3:be:b4:e2:ba:52:27: + 7c:8f:79:b6:ae:b3:e2:4c:35:85:69:cd:d5:3b:ac:2d:1b:e1: + f9:15:97:9a:a3:94:3f:70:50:62:49:b5:52:61:f8:cf:31:2b: + fb:83:b9:df:20:55:8d:73:ea:26:eb:a4:ed:11:9e:52:0f:04: + 40:4d:94:0a:dc:62:f3:3b:88:e2:4d:eb:bd:a2:27:25:a8:63: + 54:f7:52:e3:47:59:a1:bc:f7:7f:81:16:ec:86:79:9b:73:f6: + 96:ec:16:62 +-----BEGIN CERTIFICATE----- +MIIEnjCCA4agAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx +EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh +d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUwNzIx +MjI0MzI1WhcNMTgwNDE2MjI0MzI1WjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM +B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxEDAO +BgNVBAsMB1N1cHBvcnQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG +SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBALAUFjpD3eFQRU/PgLPdZpbH6fTc3rZrJBt2SKzGI6Wn5AUZvbf2 +3vr/7Vs8eYqp1fH768ix5LKrUnKJkyJcus2KNios0UDsqGYOw3bN57OjCh7dSgeC +F4G63lfOtjKBx70Ru+kVIk7iFqzj1MBoiGwR/MK9G9sd/eZDxxszuPTlG1k5EjhN +LZtkaJj8jXISkfIkJWxMSkhXkgDMftjUPbgd8p7qsiMPUQ8RQRz1JwAbCHoSOgVb +AyT+sXsg+uSoWMbKzn++lQESnQXmORMbwD5WLiufdjfe3pvgDXpjDaciWNsxx/e0 +Rly6tktIsRiaaLNjR/2vEl8v/hDLWCszaIUCAwEAAaOB/DCB+TAdBgNVHQ4EFgQU +2AkrWeEq7tnuQKqcq/BdKAlPIrswgckGA1UdIwSBwTCBvoAUJ45nEXTDJh0/7TNj +s6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5h +MRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwK +Q29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcN +AQkBFhBpbmZvQHdvbGZzc2wuY29tggkAkWhr8JSIQaIwDAYDVR0TBAUwAwEB/zAN +BgkqhkiG9w0BAQsFAAOCAQEAITSN8ByJFhhptlpqxVawlCQZgFLfVBwuYyp34lJ2 +fCzYQp8Tviar0UgcUpHfM1eqyV6OveMbG22XJug1fAbiEdL/kWNTCdxi+leedWk9 +qLk7blK5yJPxee9Lf3Emq+Qwpb3Tm3n18AU/9WaSw+I/tgi89Vh3NE1uz2Yqs3zj +6hW3kuJ0tjlEnsXq5SFwoEf8IH15CqCoPFHGLV+jvrTiulInfI95tq6z4kw1hWnN +1TusLRvh+RWXmqOUP3BQYkm1UmH4zzEr+4O53yBVjXPqJuuk7RGeUg8EQE2UCtxi +8zuI4k3rvaInJahjVPdS40dZobz3f4EW7IZ5m3P2luwWYg== +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 10477743214105739682 (0x91686bf0948841a2) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com + Validity + Not Before: Jul 21 22:43:25 2015 GMT + Not After : Apr 16 22:43:25 2018 GMT + Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a: + f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac: + de:03:66:ee:2a:f1:d8:b0:7d:6e:07:54:0b:10:98: + 21:4d:80:cb:12:20:e7:cc:4f:de:45:7d:c9:72:77: + 32:ea:ca:90:bb:69:52:10:03:2f:a8:f3:95:c5:f1: + 8b:62:56:1b:ef:67:6f:a4:10:41:95:ad:0a:9b:e3: + a5:c0:b0:d2:70:76:50:30:5b:a8:e8:08:2c:7c:ed: + a7:a2:7a:8d:38:29:1c:ac:c7:ed:f2:7c:95:b0:95: + 82:7d:49:5c:38:cd:77:25:ef:bd:80:75:53:94:3c: + 3d:ca:63:5b:9f:15:b5:d3:1d:13:2f:19:d1:3c:db: + 76:3a:cc:b8:7d:c9:e5:c2:d7:da:40:6f:d8:21:dc: + 73:1b:42:2d:53:9c:fe:1a:fc:7d:ab:7a:36:3f:98: + de:84:7c:05:67:ce:6a:14:38:87:a9:f1:8c:b5:68: + cb:68:7f:71:20:2b:f5:a0:63:f5:56:2f:a3:26:d2: + b7:6f:b1:5a:17:d7:38:99:08:fe:93:58:6f:fe:c3: + 13:49:08:16:0b:a7:4d:67:00:52:31:67:23:4e:98: + ed:51:45:1d:b9:04:d9:0b:ec:d8:28:b3:4b:bd:ed: + 36:79 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 + X509v3 Authority Key Identifier: + keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 + DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com + serial:91:68:6B:F0:94:88:41:A2 + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + a0:e4:8f:5e:79:82:10:b4:58:d1:67:5e:cb:d0:7a:b5:f6:be: + 9c:27:f3:c7:61:78:44:58:06:ff:09:fb:e6:08:f0:34:55:dd: + 6a:77:92:1a:7b:ef:b8:ed:db:9f:14:f8:b8:af:e9:3e:60:ba: + 90:90:4c:ef:60:01:5e:76:01:64:f0:e5:19:2f:0b:f4:89:a0: + 65:fc:d2:28:3c:ff:7c:ea:07:39:6f:bf:56:c2:52:bd:5b:64: + 21:87:39:75:6e:8f:62:b7:6e:18:e9:5c:4d:f3:16:c8:7a:4e: + d2:d3:d3:55:c0:63:84:18:83:6c:2a:18:a6:ca:d6:02:d6:29: + 88:2a:f7:69:f0:0f:f1:dc:40:ad:88:2f:f6:ab:03:c2:a6:04: + 7e:bf:12:1e:19:c9:fe:d3:c6:13:23:10:9a:f0:76:7e:d1:89: + b1:52:5c:17:06:2f:37:13:25:97:da:67:43:0d:e4:c7:d7:1c: + a3:7e:f8:59:97:fa:c2:12:17:07:95:09:ad:fa:a9:23:29:77: + f0:3d:29:e0:0c:77:a8:ca:db:e3:fa:b4:5a:7d:a7:92:3b:cb: + 95:c2:aa:36:ec:ff:f2:a3:b0:32:b8:1e:26:96:76:07:cd:10: + 04:8b:d4:5a:14:63:10:dd:2a:51:80:b2:2a:ba:0a:f8:51:47: + 92:a4:21:04 +-----BEGIN CERTIFICATE----- +MIIEqjCCA5KgAwIBAgIJAJFoa/CUiEGiMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD +VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G +A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3 +dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe +Fw0xNTA3MjEyMjQzMjVaFw0xODA0MTYyMjQzMjVaMIGUMQswCQYDVQQGEwJVUzEQ +MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3 +dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns +LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAL8Myi0Ush6EQlvNOB9K8k11EPG2NZ/fyn0D +mNOs3gNm7irx2LB9bgdUCxCYIU2AyxIg58xP3kV9yXJ3MurKkLtpUhADL6jzlcXx +i2JWG+9nb6QQQZWtCpvjpcCw0nB2UDBbqOgILHztp6J6jTgpHKzH7fJ8lbCVgn1J +XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc +/hr8fat6Nj+Y3oR8BWfOahQ4h6nxjLVoy2h/cSAr9aBj9VYvoybSt2+xWhfXOJkI +/pNYb/7DE0kIFgunTWcAUjFnI06Y7VFFHbkE2Qvs2CizS73tNnkCAwEAAaOB/DCB ++TAdBgNVHQ4EFgQUJ45nEXTDJh0/7TNjs6TYHTDl6NUwgckGA1UdIwSBwTCBvoAU +J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD +VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 +aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t +MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAkWhr8JSIQaIwDAYD +VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAoOSPXnmCELRY0Wdey9B6tfa+ +nCfzx2F4RFgG/wn75gjwNFXdaneSGnvvuO3bnxT4uK/pPmC6kJBM72ABXnYBZPDl +GS8L9ImgZfzSKDz/fOoHOW+/VsJSvVtkIYc5dW6PYrduGOlcTfMWyHpO0tPTVcBj +hBiDbCoYpsrWAtYpiCr3afAP8dxArYgv9qsDwqYEfr8SHhnJ/tPGEyMQmvB2ftGJ +sVJcFwYvNxMll9pnQw3kx9cco374WZf6whIXB5UJrfqpIyl38D0p4Ax3qMrb4/q0 +Wn2nkjvLlcKqNuz/8qOwMrgeJpZ2B80QBIvUWhRjEN0qUYCyKroK+FFHkqQhBA== +-----END CERTIFICATE----- diff --git a/certs/server-revoked-key.pem b/certs/server-revoked-key.pem new file mode 100644 index 000000000..3cf5640ec --- /dev/null +++ b/certs/server-revoked-key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAsBQWOkPd4VBFT8+As91mlsfp9NzetmskG3ZIrMYjpafkBRm9 +t/be+v/tWzx5iqnV8fvryLHksqtScomTIly6zYo2KizRQOyoZg7Dds3ns6MKHt1K +B4IXgbreV862MoHHvRG76RUiTuIWrOPUwGiIbBH8wr0b2x395kPHGzO49OUbWTkS +OE0tm2RomPyNchKR8iQlbExKSFeSAMx+2NQ9uB3ynuqyIw9RDxFBHPUnABsIehI6 +BVsDJP6xeyD65KhYxsrOf76VARKdBeY5ExvAPlYuK592N97em+ANemMNpyJY2zHH +97RGXLq2S0ixGJpos2NH/a8SXy/+EMtYKzNohQIDAQABAoIBAQCfamBBekZ9gxZt +ztmgfvgt1WutZPdCwzgaoPnlazLE/X9FWuvYjeuN5n44V0VXVLK99q6fsufzF4d6 +6bHLr5b1Fog5oQAHPvysAfvYKU345sj37rPinla3/r7lUuLEUZnMRS0TNy4rqyiK +eW+akEnLRnHIwjxhIwNIId83cpmnJfE7ZV7svZvk6Ctc//prFa/Y2AwkZcM2j2iG +xc4kOXr0Y8DE4FYQEZgdJCoYfVDihcwtVXUGm+ZMBNhLzK/KuSxdjL6ySzdCSE9M +mS4ZJPManR9LOIGsKlFsJrGWnFOm/GOMkzdBSLoEqRogHhYsvn7oDnLMHqPA/gE0 +M85ytBkVAoGBAOO/tTCd94kDfkXar+5+KvcYwQbwnMIbrN0TiIudpaSnE0dBFqU3 +oNC2K+PoGBgwEsEr2ThZCMAbz7NQJYmmNlNlSMNBzeud59F3BqMk3J6k62E0+Fnt +C8OFfZ8V0vbdGehmeArEqHDcRJZBFsrUWb2/9/j4OYpnsozkp6H1pWQrAoGBAMXr +jouX1qXLfKvYEpOKaSf+yjfULjT33ib885Nw2xlRzI6wkjHFsb8DERK36PA3CakU +cdXb923tMMlLoCvSdDd6Qnx1TLRbYaJSFaOLt2we94AvjHtijM6vO7ftd1XvRWer +/Ip9NT9X1NZxP/NTyUL3DgRmXE4L32fr2FFQEJ4PAoGBAKr2QeFY83RatvNhEigJ +dd8/Kcc337SmacEa5KlJkgpjkMkwRvuHIqUJ2zCeDVg63hk7/TebPkJXnjaQt1z4 +9Fbt9Qz93MI+KsLGgqj9Bs/gJQE3biazFt2S25YMH+1IVCZspTgQIBF4h9Py0FU5 +ypPyAwdV7nvDE/lHu76MU7c5AoGBALUxR5ioc0vplMNF1wvXpRmGet7Nk1fOrESJ +QvzyTsNJTbo8EDscv/Mc/Z5jXA++c0uleenNrSGoCgffAk3cJ6U6em+ye3yKREH0 +X/cPy+ZiGzfxT+0NddcqOcPS1HOJz8Jvg43Nvte0sxd3KpK7W//AacbBZzPUTry2 +/5zBbdUlAoGAYglAtoHIC0mQxAe6PXy/QRmgj87fPGsbVFOUwBf8Il2UKpfX9blv +0rHb0kenc/DP7ZHZTgdc5qGgRyg0d3+O7W2rWTv1MiX85rUE03TCcyC2l1+M+iyx +6IdHDjYwa4Kt0nT1JxEMjJxe1uhzJfgYJlcz5Iy4ff0xb8/aH0veedc= +-----END RSA PRIVATE KEY----- From d2de4719eb088b0caf7f5bd8afb5934b3f207480 Mon Sep 17 00:00:00 2001 From: kaleb-himes Date: Wed, 22 Jul 2015 09:31:23 -0600 Subject: [PATCH 4/9] added way to gen revoked without running renewcerts --- certs/crl/gencrls.sh | 25 +++++ certs/gen_revoked.sh | 18 ++++ certs/gen_revoked_certs.sh | 18 ---- certs/renewcerts.sh | 18 +--- certs/server-revoked-cert.pem | 131 ++++++++++++------------- certs/server-revoked.pem | 173 ---------------------------------- 6 files changed, 110 insertions(+), 273 deletions(-) create mode 100755 certs/gen_revoked.sh delete mode 100755 certs/gen_revoked_certs.sh delete mode 100644 certs/server-revoked.pem diff --git a/certs/crl/gencrls.sh b/certs/crl/gencrls.sh index a84c82510..f5c2a435b 100755 --- a/certs/crl/gencrls.sh +++ b/certs/crl/gencrls.sh @@ -2,7 +2,20 @@ # gencrls, crl config already done, see taoCerts.txt for setup +function setup_files() { + #set up the file system for updating the crls + echo "setting up the file system for generating the crls..." + echo "" + touch ./index.txt + touch ./crlnumber + echo "01" >> crlnumber + touch ./blank.index.txt + mkdir demoCA + touch ./demoCA/index.txt +} +#setup the files +setup_files # caCrl # revoke server-revoked-cert.pem @@ -58,3 +71,15 @@ mv tmp eccSrvCRL.pem # install (only needed if working outside wolfssl) #cp eccSrvCRL.pem ~/wolfssl/certs/crl/eccSrvCRL.pem +exit 0 + +function cleanup_files() { + rm blank.index.txt + rm index.* + rm crlnumber* + rm -r demoCA + echo "Removed ../wolfssl.cnf, blank.index.txt, index.*, crlnumber*, demoCA/" + echo "" + exit 0 +} +trap cleanup_files EXIT diff --git a/certs/gen_revoked.sh b/certs/gen_revoked.sh new file mode 100755 index 000000000..e42073d70 --- /dev/null +++ b/certs/gen_revoked.sh @@ -0,0 +1,18 @@ + ########################################################### + ########## update and sign server-revoked-key.pem ################ + ########################################################### + echo "Updating server-revoked-cert.pem" + echo "" + #pipe the following arguments to openssl req... + echo -e "US\nMontana\nBozeman\nwolfSSL\nSupport\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key server-revoked-key.pem -nodes > server-revoked-req.pem + + openssl x509 -req -in server-revoked-req.pem -extfile wolfssl.cnf -extensions wolfssl_opts -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 02 > server-revoked-cert.pem + + rm server-revoked-req.pem + + openssl x509 -in ca-cert.pem -text > ca_tmp.pem + openssl x509 -in server-revoked-cert.pem -text > srv_tmp.pem + mv srv_tmp.pem server-revoked-cert.pem + cat ca_tmp.pem >> server-revoked-cert.pem + rm ca_tmp.pem + diff --git a/certs/gen_revoked_certs.sh b/certs/gen_revoked_certs.sh deleted file mode 100755 index 619b225bc..000000000 --- a/certs/gen_revoked_certs.sh +++ /dev/null @@ -1,18 +0,0 @@ - ########################################################### - ########## update and sign server-cert.pem ################ - ########################################################### - echo "Updating server-cert.pem" - echo "" - #pipe the following arguments to openssl req... - echo -e "US\nMontana\nBozeman\nwolfSSL\nSupport\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key server-key.pem -nodes > server-req.pem - - openssl x509 -req -in server-req.pem -extfile renewcerts/wolfssl.cnf -extensions wolfssl_opts -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-revoked.pem - - rm server-req.pem - - openssl x509 -in ca-cert.pem -text > ca_tmp.pem - openssl x509 -in server-revoked.pem -text > srv_tmp.pem - mv srv_tmp.pem server-revoked.pem - cat ca_tmp.pem >> server-revoked.pem - rm ca_tmp.pem - diff --git a/certs/renewcerts.sh b/certs/renewcerts.sh index 493998b90..c163dcab9 100755 --- a/certs/renewcerts.sh +++ b/certs/renewcerts.sh @@ -99,7 +99,7 @@ function run_renewcerts(){ cat ca_tmp.pem >> server-cert.pem rm ca_tmp.pem ########################################################### - ########## update and sign server-revoked-key.pem ################ + ########## update and sign server-revoked-key.pem ######### ########################################################### echo "Updating server-revoked-cert.pem" echo "" @@ -198,16 +198,6 @@ function run_renewcerts(){ echo "We are back in the certs directory" echo "" - #set up the file system for updating the crls - echo "setting up the file system for generating the crls..." - echo "" - touch crl/index.txt - touch crl/crlnumber - echo "01" >> crl/crlnumber - touch crl/blank.index.txt - mkdir crl/demoCA - touch crl/demoCA/index.txt - echo "Updating the crls..." echo "" cd crl @@ -222,12 +212,6 @@ function run_renewcerts(){ echo "" rm ../wolfssl.cnf - rm blank.index.txt - rm index.* - rm crlnumber* - rm -r demoCA - echo "Removed ../wolfssl.cnf, blank.index.txt, index.*, crlnumber*, demoCA/" - echo "" } diff --git a/certs/server-revoked-cert.pem b/certs/server-revoked-cert.pem index f1a84b26b..e3dfb27c7 100644 --- a/certs/server-revoked-cert.pem +++ b/certs/server-revoked-cert.pem @@ -2,16 +2,16 @@ Certificate: Data: Version: 3 (0x2) Serial Number: 2 (0x2) - Signature Algorithm: sha256WithRSAEncryption + Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Jul 21 22:43:25 2015 GMT - Not After : Apr 16 22:43:25 2018 GMT + Not Before: Jul 22 15:23:38 2015 GMT + Not After : Apr 17 15:23:38 2018 GMT Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Support, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) - Modulus: + RSA Public Key: (2048 bit) + Modulus (2048 bit): 00:b0:14:16:3a:43:dd:e1:50:45:4f:cf:80:b3:dd: 66:96:c7:e9:f4:dc:de:b6:6b:24:1b:76:48:ac:c6: 23:a5:a7:e4:05:19:bd:b7:f6:de:fa:ff:ed:5b:3c: @@ -37,34 +37,34 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:91:68:6B:F0:94:88:41:A2 + serial:D9:80:3A:C3:D2:F4:DA:37 X509v3 Basic Constraints: CA:TRUE - Signature Algorithm: sha256WithRSAEncryption - 21:34:8d:f0:1c:89:16:18:69:b6:5a:6a:c5:56:b0:94:24:19: - 80:52:df:54:1c:2e:63:2a:77:e2:52:76:7c:2c:d8:42:9f:13: - be:26:ab:d1:48:1c:52:91:df:33:57:aa:c9:5e:8e:bd:e3:1b: - 1b:6d:97:26:e8:35:7c:06:e2:11:d2:ff:91:63:53:09:dc:62: - fa:57:9e:75:69:3d:a8:b9:3b:6e:52:b9:c8:93:f1:79:ef:4b: - 7f:71:26:ab:e4:30:a5:bd:d3:9b:79:f5:f0:05:3f:f5:66:92: - c3:e2:3f:b6:08:bc:f5:58:77:34:4d:6e:cf:66:2a:b3:7c:e3: - ea:15:b7:92:e2:74:b6:39:44:9e:c5:ea:e5:21:70:a0:47:fc: - 20:7d:79:0a:a0:a8:3c:51:c6:2d:5f:a3:be:b4:e2:ba:52:27: - 7c:8f:79:b6:ae:b3:e2:4c:35:85:69:cd:d5:3b:ac:2d:1b:e1: - f9:15:97:9a:a3:94:3f:70:50:62:49:b5:52:61:f8:cf:31:2b: - fb:83:b9:df:20:55:8d:73:ea:26:eb:a4:ed:11:9e:52:0f:04: - 40:4d:94:0a:dc:62:f3:3b:88:e2:4d:eb:bd:a2:27:25:a8:63: - 54:f7:52:e3:47:59:a1:bc:f7:7f:81:16:ec:86:79:9b:73:f6: - 96:ec:16:62 + Signature Algorithm: sha1WithRSAEncryption + 9e:cf:e7:a7:b3:0d:40:4c:c1:ec:ad:8d:c4:5e:8c:91:b0:f3: + 8e:12:03:0d:6d:aa:6d:28:ac:2d:77:05:59:a7:e0:68:fd:90: + 17:e2:0e:6c:f0:26:21:85:c2:2b:21:5b:61:c2:70:4d:1e:dc: + 58:e8:bf:5c:d0:81:10:61:5a:03:8e:37:b4:5a:7b:71:1c:d1: + c6:dd:aa:8f:a3:7b:83:90:d1:8c:a4:ff:f5:b3:87:00:d0:f4: + b6:ee:26:ca:58:f2:f8:b3:c1:a0:4c:73:cd:8f:33:d8:75:e6: + 47:88:36:36:98:39:ac:22:75:b6:69:73:ce:c4:1a:40:c2:e7: + f1:da:9c:a2:b7:fb:08:d8:8a:da:4d:f4:26:2b:15:89:c9:cb: + ad:a8:56:c7:fb:e0:2d:f5:95:f5:89:24:02:f1:32:c2:dd:33: + e3:d5:33:65:7c:58:95:82:4f:52:dc:f2:68:83:0b:a8:f4:68: + f7:06:b8:6e:04:30:86:b2:ab:01:ff:bf:66:57:41:77:b9:e7: + ea:af:0d:44:c6:1a:cb:d6:65:f2:f2:4d:2a:ff:19:25:60:f2: + bb:39:c2:96:2a:40:b8:6c:c8:24:c5:1b:dd:43:f0:35:65:80: + 02:86:54:da:f9:36:29:75:46:ff:c5:c3:ee:ff:ea:84:6c:ab: + bd:88:ab:b1 -----BEGIN CERTIFICATE----- -MIIEnjCCA4agAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx +MIIEnjCCA4agAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMx EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz -bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUwNzIx -MjI0MzI1WhcNMTgwNDE2MjI0MzI1WjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM -B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxEDAO -BgNVBAsMB1N1cHBvcnQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUwNzIy +MTUyMzM4WhcNMTgwNDE3MTUyMzM4WjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgT +B01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xEDAOBgNVBAoTB3dvbGZTU0wxEDAO +BgNVBAsTB1N1cHBvcnQxGDAWBgNVBAMTD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBALAUFjpD3eFQRU/PgLPdZpbH6fTc3rZrJBt2SKzGI6Wn5AUZvbf2 3vr/7Vs8eYqp1fH768ix5LKrUnKJkyJcus2KNios0UDsqGYOw3bN57OjCh7dSgeC @@ -76,28 +76,29 @@ Rly6tktIsRiaaLNjR/2vEl8v/hDLWCszaIUCAwEAAaOB/DCB+TAdBgNVHQ4EFgQU s6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5h MRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwK Q29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcN -AQkBFhBpbmZvQHdvbGZzc2wuY29tggkAkWhr8JSIQaIwDAYDVR0TBAUwAwEB/zAN -BgkqhkiG9w0BAQsFAAOCAQEAITSN8ByJFhhptlpqxVawlCQZgFLfVBwuYyp34lJ2 -fCzYQp8Tviar0UgcUpHfM1eqyV6OveMbG22XJug1fAbiEdL/kWNTCdxi+leedWk9 -qLk7blK5yJPxee9Lf3Emq+Qwpb3Tm3n18AU/9WaSw+I/tgi89Vh3NE1uz2Yqs3zj -6hW3kuJ0tjlEnsXq5SFwoEf8IH15CqCoPFHGLV+jvrTiulInfI95tq6z4kw1hWnN -1TusLRvh+RWXmqOUP3BQYkm1UmH4zzEr+4O53yBVjXPqJuuk7RGeUg8EQE2UCtxi -8zuI4k3rvaInJahjVPdS40dZobz3f4EW7IZ5m3P2luwWYg== +AQkBFhBpbmZvQHdvbGZzc2wuY29tggkA2YA6w9L02jcwDAYDVR0TBAUwAwEB/zAN +BgkqhkiG9w0BAQUFAAOCAQEAns/np7MNQEzB7K2NxF6MkbDzjhIDDW2qbSisLXcF +WafgaP2QF+IObPAmIYXCKyFbYcJwTR7cWOi/XNCBEGFaA443tFp7cRzRxt2qj6N7 +g5DRjKT/9bOHAND0tu4myljy+LPBoExzzY8z2HXmR4g2Npg5rCJ1tmlzzsQaQMLn +8dqcorf7CNiK2k30JisVicnLrahWx/vgLfWV9YkkAvEywt0z49UzZXxYlYJPUtzy +aIMLqPRo9wa4bgQwhrKrAf+/ZldBd7nn6q8NRMYay9Zl8vJNKv8ZJWDyuznClipA +uGzIJMUb3UPwNWWAAoZU2vk2KXVG/8XD7v/qhGyrvYirsQ== -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) - Serial Number: 10477743214105739682 (0x91686bf0948841a2) - Signature Algorithm: sha256WithRSAEncryption + Serial Number: + d9:80:3a:c3:d2:f4:da:37 + Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Jul 21 22:43:25 2015 GMT - Not After : Apr 16 22:43:25 2018 GMT + Not Before: May 7 18:21:01 2015 GMT + Not After : Jan 31 18:21:01 2018 GMT Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) - Modulus: + RSA Public Key: (2048 bit) + Modulus (2048 bit): 00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a: f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac: de:03:66:ee:2a:f1:d8:b0:7d:6e:07:54:0b:10:98: @@ -123,32 +124,32 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:91:68:6B:F0:94:88:41:A2 + serial:D9:80:3A:C3:D2:F4:DA:37 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption - a0:e4:8f:5e:79:82:10:b4:58:d1:67:5e:cb:d0:7a:b5:f6:be: - 9c:27:f3:c7:61:78:44:58:06:ff:09:fb:e6:08:f0:34:55:dd: - 6a:77:92:1a:7b:ef:b8:ed:db:9f:14:f8:b8:af:e9:3e:60:ba: - 90:90:4c:ef:60:01:5e:76:01:64:f0:e5:19:2f:0b:f4:89:a0: - 65:fc:d2:28:3c:ff:7c:ea:07:39:6f:bf:56:c2:52:bd:5b:64: - 21:87:39:75:6e:8f:62:b7:6e:18:e9:5c:4d:f3:16:c8:7a:4e: - d2:d3:d3:55:c0:63:84:18:83:6c:2a:18:a6:ca:d6:02:d6:29: - 88:2a:f7:69:f0:0f:f1:dc:40:ad:88:2f:f6:ab:03:c2:a6:04: - 7e:bf:12:1e:19:c9:fe:d3:c6:13:23:10:9a:f0:76:7e:d1:89: - b1:52:5c:17:06:2f:37:13:25:97:da:67:43:0d:e4:c7:d7:1c: - a3:7e:f8:59:97:fa:c2:12:17:07:95:09:ad:fa:a9:23:29:77: - f0:3d:29:e0:0c:77:a8:ca:db:e3:fa:b4:5a:7d:a7:92:3b:cb: - 95:c2:aa:36:ec:ff:f2:a3:b0:32:b8:1e:26:96:76:07:cd:10: - 04:8b:d4:5a:14:63:10:dd:2a:51:80:b2:2a:ba:0a:f8:51:47: - 92:a4:21:04 + 7a:af:44:3b:aa:6f:53:42:b2:33:aa:43:5f:56:30:d3:b9:96: + 0b:9a:55:5a:39:2a:0b:4e:e4:2e:f1:95:66:c9:86:36:82:8d: + 63:7c:4d:a2:ee:48:ba:03:c7:90:d7:a7:c6:74:60:48:5f:31: + a2:f9:5e:3e:c3:82:e1:e5:2f:41:81:83:29:25:79:d1:53:00: + 69:3c:ed:0a:30:3b:41:1d:92:a1:2c:a8:9d:2c:e3:23:87:79: + e0:55:6e:91:a8:50:da:46:2f:c2:20:50:3e:2b:47:97:14:b0: + 7d:04:ba:45:51:d0:6e:e1:5a:a2:4b:84:9c:4d:cd:85:04:f9: + 28:31:82:93:bc:c7:59:49:91:03:e8:df:6a:e4:56:ad:6a:cb: + 1f:0d:37:e4:5e:bd:e7:9f:d5:ec:9d:3c:18:25:9b:f1:2f:50: + 7d:eb:31:cb:f1:63:22:9d:57:fc:f3:84:20:1a:c6:07:87:92: + 26:9e:15:18:59:33:06:dc:fb:b0:b6:76:5d:f1:c1:2f:c8:2f: + 62:9c:c0:d6:de:eb:65:77:f3:5c:a6:c3:88:27:96:75:b4:f4: + 54:cd:ff:2d:21:2e:96:f0:07:73:4b:e9:93:92:90:de:62:d9: + a3:3b:ac:6e:24:5f:27:4a:b3:94:70:ff:30:17:e7:7e:32:8f: + 65:b7:75:58 -----BEGIN CERTIFICATE----- -MIIEqjCCA5KgAwIBAgIJAJFoa/CUiEGiMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD +MIIEqjCCA5KgAwIBAgIJANmAOsPS9No3MA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3 dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe -Fw0xNTA3MjEyMjQzMjVaFw0xODA0MTYyMjQzMjVaMIGUMQswCQYDVQQGEwJVUzEQ +Fw0xNTA1MDcxODIxMDFaFw0xODAxMzExODIxMDFaMIGUMQswCQYDVQQGEwJVUzEQ MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3 dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI @@ -162,11 +163,11 @@ XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t -MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAkWhr8JSIQaIwDAYD -VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAoOSPXnmCELRY0Wdey9B6tfa+ -nCfzx2F4RFgG/wn75gjwNFXdaneSGnvvuO3bnxT4uK/pPmC6kJBM72ABXnYBZPDl -GS8L9ImgZfzSKDz/fOoHOW+/VsJSvVtkIYc5dW6PYrduGOlcTfMWyHpO0tPTVcBj -hBiDbCoYpsrWAtYpiCr3afAP8dxArYgv9qsDwqYEfr8SHhnJ/tPGEyMQmvB2ftGJ -sVJcFwYvNxMll9pnQw3kx9cco374WZf6whIXB5UJrfqpIyl38D0p4Ax3qMrb4/q0 -Wn2nkjvLlcKqNuz/8qOwMrgeJpZ2B80QBIvUWhRjEN0qUYCyKroK+FFHkqQhBA== +MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkA2YA6w9L02jcwDAYD +VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAeq9EO6pvU0KyM6pDX1Yw07mW +C5pVWjkqC07kLvGVZsmGNoKNY3xNou5IugPHkNenxnRgSF8xovlePsOC4eUvQYGD +KSV50VMAaTztCjA7QR2SoSyonSzjI4d54FVukahQ2kYvwiBQPitHlxSwfQS6RVHQ +buFaokuEnE3NhQT5KDGCk7zHWUmRA+jfauRWrWrLHw035F6955/V7J08GCWb8S9Q +fesxy/FjIp1X/POEIBrGB4eSJp4VGFkzBtz7sLZ2XfHBL8gvYpzA1t7rZXfzXKbD +iCeWdbT0VM3/LSEulvAHc0vpk5KQ3mLZozusbiRfJ0qzlHD/MBfnfjKPZbd1WA== -----END CERTIFICATE----- diff --git a/certs/server-revoked.pem b/certs/server-revoked.pem deleted file mode 100644 index 399ee8676..000000000 --- a/certs/server-revoked.pem +++ /dev/null @@ -1,173 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 1 (0x1) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Validity - Not Before: Jul 21 21:14:46 2015 GMT - Not After : Apr 16 21:14:46 2018 GMT - Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Support, CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (2048 bit) - Modulus (2048 bit): - 00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27: - 01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6: - f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75: - f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab: - 64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e: - 86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25: - 4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c: - 34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6: - 8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc: - 40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8: - dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3: - e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9: - 64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0: - c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77: - ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4: - b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22: - a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f: - ad:d7 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Subject Key Identifier: - B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C - X509v3 Authority Key Identifier: - keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 - DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:D9:80:3A:C3:D2:F4:DA:37 - - X509v3 Basic Constraints: - CA:TRUE - Signature Algorithm: sha1WithRSAEncryption - 08:2d:bc:b5:b7:d9:89:c3:7c:c3:2d:78:f8:5d:25:17:af:fe: - 4c:ee:50:57:96:98:1d:aa:80:c2:e6:86:ed:c8:c0:fa:45:a1: - 3d:fc:1a:26:28:36:3a:73:d6:e5:bc:9f:24:78:72:c1:33:59: - 21:db:f4:d9:d8:af:6b:8d:0a:f1:8d:51:dd:52:d5:6f:ac:02: - e7:39:5d:2e:ac:8f:99:5d:96:15:fd:a9:f1:01:19:a8:29:a8: - 9d:71:de:f8:c9:60:81:41:f3:20:75:67:20:ef:d5:37:e5:ed: - 9d:d9:f6:87:1d:5a:6a:a7:1e:40:82:df:4f:64:6a:67:9c:a8: - 82:ea:9f:33:fb:23:50:49:2a:90:00:c6:91:82:54:c7:a0:dc: - 01:b6:bb:23:5a:61:48:44:8f:e7:16:26:87:04:59:32:15:72: - bc:ab:f5:60:b5:ca:54:13:fa:28:f7:bc:6c:c5:b8:c1:b4:12: - 31:b6:8a:c1:ad:bf:10:db:7d:c7:02:52:e4:e4:f7:2d:74:04: - e4:28:2c:16:cb:b3:34:fc:c9:95:6a:3d:e9:c4:b8:5c:3f:1f: - ae:d6:17:b6:fd:df:fb:e0:80:d5:78:a8:a8:f6:4f:13:9c:33: - 76:51:f5:d7:de:de:ff:f8:11:c6:f9:d5:e8:93:2a:78:8d:a3: - eb:22:34:0a ------BEGIN CERTIFICATE----- -MIIEnjCCA4agAwIBAgIBATANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMx -EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh -d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz -bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUwNzIx -MjExNDQ2WhcNMTgwNDE2MjExNDQ2WjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgT -B01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xEDAOBgNVBAoTB3dvbGZTU0wxEDAO -BgNVBAsTB1N1cHBvcnQxGDAWBgNVBAMTD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG -SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBAMCVCOFXQfJxbbfSRUEnAWXGRa7yvCQwuJXOL07W9hyIvHyf+6hn -f/5cnFF194rKB+c1L4/hvXvAL3yrZKgX/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/X -GQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBjxfZ/C1loeHOmjBipAm2vwxkBLrgQ48bM -QLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq -0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3uhPSl3PiXSXJag3DOWCktLBpQkIJ -6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAAaOB/DCB+TAdBgNVHQ4EFgQU -sxEyyZKYhOLJ+NA7bgNCyh8OjjwwgckGA1UdIwSBwTCBvoAUJ45nEXTDJh0/7TNj -s6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5h -MRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwK -Q29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcN -AQkBFhBpbmZvQHdvbGZzc2wuY29tggkA2YA6w9L02jcwDAYDVR0TBAUwAwEB/zAN -BgkqhkiG9w0BAQUFAAOCAQEACC28tbfZicN8wy14+F0lF6/+TO5QV5aYHaqAwuaG -7cjA+kWhPfwaJig2OnPW5byfJHhywTNZIdv02diva40K8Y1R3VLVb6wC5zldLqyP -mV2WFf2p8QEZqCmonXHe+MlggUHzIHVnIO/VN+Xtndn2hx1aaqceQILfT2RqZ5yo -guqfM/sjUEkqkADGkYJUx6DcAba7I1phSESP5xYmhwRZMhVyvKv1YLXKVBP6KPe8 -bMW4wbQSMbaKwa2/ENt9xwJS5OT3LXQE5CgsFsuzNPzJlWo96cS4XD8frtYXtv3f -++CA1XioqPZPE5wzdlH1197e//gRxvnV6JMqeI2j6yI0Cg== ------END CERTIFICATE----- -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - d9:80:3a:c3:d2:f4:da:37 - Signature Algorithm: sha256WithRSAEncryption - Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Validity - Not Before: May 7 18:21:01 2015 GMT - Not After : Jan 31 18:21:01 2018 GMT - Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (2048 bit) - Modulus (2048 bit): - 00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a: - f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac: - de:03:66:ee:2a:f1:d8:b0:7d:6e:07:54:0b:10:98: - 21:4d:80:cb:12:20:e7:cc:4f:de:45:7d:c9:72:77: - 32:ea:ca:90:bb:69:52:10:03:2f:a8:f3:95:c5:f1: - 8b:62:56:1b:ef:67:6f:a4:10:41:95:ad:0a:9b:e3: - a5:c0:b0:d2:70:76:50:30:5b:a8:e8:08:2c:7c:ed: - a7:a2:7a:8d:38:29:1c:ac:c7:ed:f2:7c:95:b0:95: - 82:7d:49:5c:38:cd:77:25:ef:bd:80:75:53:94:3c: - 3d:ca:63:5b:9f:15:b5:d3:1d:13:2f:19:d1:3c:db: - 76:3a:cc:b8:7d:c9:e5:c2:d7:da:40:6f:d8:21:dc: - 73:1b:42:2d:53:9c:fe:1a:fc:7d:ab:7a:36:3f:98: - de:84:7c:05:67:ce:6a:14:38:87:a9:f1:8c:b5:68: - cb:68:7f:71:20:2b:f5:a0:63:f5:56:2f:a3:26:d2: - b7:6f:b1:5a:17:d7:38:99:08:fe:93:58:6f:fe:c3: - 13:49:08:16:0b:a7:4d:67:00:52:31:67:23:4e:98: - ed:51:45:1d:b9:04:d9:0b:ec:d8:28:b3:4b:bd:ed: - 36:79 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Subject Key Identifier: - 27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 - X509v3 Authority Key Identifier: - keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 - DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:D9:80:3A:C3:D2:F4:DA:37 - - X509v3 Basic Constraints: - CA:TRUE - Signature Algorithm: sha256WithRSAEncryption - 7a:af:44:3b:aa:6f:53:42:b2:33:aa:43:5f:56:30:d3:b9:96: - 0b:9a:55:5a:39:2a:0b:4e:e4:2e:f1:95:66:c9:86:36:82:8d: - 63:7c:4d:a2:ee:48:ba:03:c7:90:d7:a7:c6:74:60:48:5f:31: - a2:f9:5e:3e:c3:82:e1:e5:2f:41:81:83:29:25:79:d1:53:00: - 69:3c:ed:0a:30:3b:41:1d:92:a1:2c:a8:9d:2c:e3:23:87:79: - e0:55:6e:91:a8:50:da:46:2f:c2:20:50:3e:2b:47:97:14:b0: - 7d:04:ba:45:51:d0:6e:e1:5a:a2:4b:84:9c:4d:cd:85:04:f9: - 28:31:82:93:bc:c7:59:49:91:03:e8:df:6a:e4:56:ad:6a:cb: - 1f:0d:37:e4:5e:bd:e7:9f:d5:ec:9d:3c:18:25:9b:f1:2f:50: - 7d:eb:31:cb:f1:63:22:9d:57:fc:f3:84:20:1a:c6:07:87:92: - 26:9e:15:18:59:33:06:dc:fb:b0:b6:76:5d:f1:c1:2f:c8:2f: - 62:9c:c0:d6:de:eb:65:77:f3:5c:a6:c3:88:27:96:75:b4:f4: - 54:cd:ff:2d:21:2e:96:f0:07:73:4b:e9:93:92:90:de:62:d9: - a3:3b:ac:6e:24:5f:27:4a:b3:94:70:ff:30:17:e7:7e:32:8f: - 65:b7:75:58 ------BEGIN CERTIFICATE----- -MIIEqjCCA5KgAwIBAgIJANmAOsPS9No3MA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD -VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G -A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3 -dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe -Fw0xNTA1MDcxODIxMDFaFw0xODAxMzExODIxMDFaMIGUMQswCQYDVQQGEwJVUzEQ -MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3 -dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns -LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI -hvcNAQEBBQADggEPADCCAQoCggEBAL8Myi0Ush6EQlvNOB9K8k11EPG2NZ/fyn0D -mNOs3gNm7irx2LB9bgdUCxCYIU2AyxIg58xP3kV9yXJ3MurKkLtpUhADL6jzlcXx -i2JWG+9nb6QQQZWtCpvjpcCw0nB2UDBbqOgILHztp6J6jTgpHKzH7fJ8lbCVgn1J -XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc -/hr8fat6Nj+Y3oR8BWfOahQ4h6nxjLVoy2h/cSAr9aBj9VYvoybSt2+xWhfXOJkI -/pNYb/7DE0kIFgunTWcAUjFnI06Y7VFFHbkE2Qvs2CizS73tNnkCAwEAAaOB/DCB -+TAdBgNVHQ4EFgQUJ45nEXTDJh0/7TNjs6TYHTDl6NUwgckGA1UdIwSBwTCBvoAU -J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD -VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 -aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t -MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkA2YA6w9L02jcwDAYD -VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAeq9EO6pvU0KyM6pDX1Yw07mW -C5pVWjkqC07kLvGVZsmGNoKNY3xNou5IugPHkNenxnRgSF8xovlePsOC4eUvQYGD -KSV50VMAaTztCjA7QR2SoSyonSzjI4d54FVukahQ2kYvwiBQPitHlxSwfQS6RVHQ -buFaokuEnE3NhQT5KDGCk7zHWUmRA+jfauRWrWrLHw035F6955/V7J08GCWb8S9Q -fesxy/FjIp1X/POEIBrGB4eSJp4VGFkzBtz7sLZ2XfHBL8gvYpzA1t7rZXfzXKbD -iCeWdbT0VM3/LSEulvAHc0vpk5KQ3mLZozusbiRfJ0qzlHD/MBfnfjKPZbd1WA== ------END CERTIFICATE----- From f73c6a5ea958f70deca1a8b63d82d8a4e607be05 Mon Sep 17 00:00:00 2001 From: kaleb-himes Date: Wed, 22 Jul 2015 10:05:39 -0600 Subject: [PATCH 5/9] new crl test using server and client instead --- scripts/crl.test | 149 ++++++++++++++++++++--------------------------- 1 file changed, 64 insertions(+), 85 deletions(-) diff --git a/scripts/crl.test b/scripts/crl.test index 2f4c5a9ee..5361e1f27 100755 --- a/scripts/crl.test +++ b/scripts/crl.test @@ -2,74 +2,85 @@ #crl.test -dir="certs/crl" -log_file="tests/unit.log" -result_file="make_test_result.txt" +log_file="scripts/client_result.txt" success_line="err = -361, CRL Cert revoked" -exit_code="0" -allowed_to_run="1" -script_1="testsuite/testsuite.test" -script_2="scripts/*.test" +exit_code="-1" + +crl_port=11113 +no_pid=-1 +server_pid=$no_pid + +function remove_ready_file() { + if test -e /tmp/wolfssl_server_ready; then + echo -e "removing exisitng server_ready file" + rm /tmp/wolfssl_server_ready + fi +} + +# trap this function so if user aborts with ^C or other kill signal we still +# get an exit that will in turn clean up the file system +function abort_trap() { + $exit_code = "-1" + echo "got abort signal, exiting with $exit_code" + exit $exit_code +} +trap abort_trap INT TERM + # trap this function so that if we exit on an error the file system will still # be restored and the other tests may still pass. Never call this function # instead use "exit " and this function will run automatically function restore_file_system() { - move_bad_crl_out - put_in_good_crl + echo "in cleanup" + + if [ $server_pid != $no_pid ] + then + echo "killing server" + kill -9 $server_pid + fi + remove_ready_file } trap restore_file_system EXIT -function can_start() { - - # NICK: need a better way of controlling when this script executes - # I.E. force it to be last or force it to be first - - # grep for any other test scripts that may be running - $allowed_to_run=`ps aux | grep -i "$script_1" | grep -v "grep" | wc -l` - if [ $allowed_to_run -ge 1 ] - then - echo "script is running" - else - echo "script is not running" - fi -} - -function move_good_crl_out() { - if test -e $dir/crl.pem; then - echo "moving good crl out of the way" - mv $dir/crl.pem $dir/crl.unrevoked - else - echo "file not found: $dir/crl.pem" - echo "Please make sure you're running from wolfSSL_root directory" - $exit_code = -1 - echo "exiting with $exit_code" - exit $exit_code - fi -} - -function put_in_bad_crl() { - if test -e $dir/crl.revoked; then - echo "moving crl with server revoked into place" - mv $dir/crl.revoked $dir/crl.pem - else - echo "file not found: $dir/crl.revoked" - echo "Please make sure you're running from wolfSSL_root directory" - $exit_code = -1 - echo "exiting with $exit_code" - exit $exit_code - fi -} - function run_test() { + echo -e "\nStarting example server for crl test...\n" + + remove_ready_file + ./examples/server/server -R -p $crl_port & + server_pid=$! + + while [ ! -s /tmp/wolfssl_server_ready ]; do + echo -e "waiting for server_ready file..." + sleep 0.1 + done + + ./examples/client/client -p $crl_port &> $log_file + client_result=$? + + if [ $client_result != 0 ] + then + echo -e "client failed!" + exit 1 + fi + + wait $server_pid + server_result=$? + + if [ $server_result != 0 ] + then + echo -e "client failed!" + exit 1 + fi + + echo -e "\nSuccess!\n" # NICK: is there a better way then scrubbing the .log file to get the # error code -361 thoughts? #consider how we might abstract this up one layer perhaps a c program. # Redirect stdout and stderr to reduce "noise" - ./testsuite/testsuite.test &> scripts/ignore.txt - rm scripts/ignore.txt +# ./testsuite/testsuite.test &> scripts/ignore.txt +# rm scripts/ignore.txt if test -e $log_file then @@ -83,44 +94,12 @@ function run_test() { fi } -function move_bad_crl_out() { - if test -e $dir/crl.pem; then - echo "moving crl with server revoked out of the way" - mv $dir/crl.pem $dir/crl.revoked - else - echo "file system corrupted. $dir/crl.pem missing after test" - $exit_code = -2 - echo "exiting with $exit_code" - exit $exit_code - fi -} - -function put_in_good_crl() { - if test -e $dir/crl.unrevoked; then - echo "moving good crl back into place" - mv $dir/crl.unrevoked $dir/crl.pem - else - echo "file system corrupted. $dir/crl.unrevoked missing after test" - $exit_code = -2 - echo "exiting with $exit_code" - exit $exit_code - fi -} ######### begin program ######### -# check if testsuite is currently running -#can_start - -# move good crl to crl.unrevoked -move_good_crl_out - -# move revoked crl into place -put_in_bad_crl - # run the test run_test - +$exit_code=0 echo "exiting with $exit_code" exit $exit_code ########## end program ########## From 3732d319551b45fc7812e49a43a6a404a298591f Mon Sep 17 00:00:00 2001 From: Nickolas Lapp Date: Wed, 22 Jul 2015 10:37:24 -0600 Subject: [PATCH 6/9] Fixed file cleanup in gencrls, finished support for crl.test update crls sign revoked cert --- certs/crl/crl.pem | 58 +++++++++---------- certs/crl/crl.revoked | 63 +++++++++++---------- certs/crl/gencrls.sh | 22 ++++---- certs/server-revoked-cert.pem | 101 +++++++++++++++++----------------- scripts/crl.test | 48 +++++++--------- 5 files changed, 143 insertions(+), 149 deletions(-) diff --git a/certs/crl/crl.pem b/certs/crl/crl.pem index 28311c760..caef4cd7a 100644 --- a/certs/crl/crl.pem +++ b/certs/crl/crl.pem @@ -2,38 +2,40 @@ Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Last Update: May 7 18:21:01 2015 GMT - Next Update: Jan 31 18:21:01 2018 GMT + Last Update: Jul 22 16:17:45 2015 GMT + Next Update: Apr 17 16:17:45 2018 GMT CRL extensions: X509v3 CRL Number: - 1 -No Revoked Certificates. + 6 +Revoked Certificates: + Serial Number: 02 + Revocation Date: Jul 22 16:17:45 2015 GMT Signature Algorithm: sha256WithRSAEncryption - 96:e2:b9:11:e0:e5:25:be:ab:69:e5:fa:8a:5c:7f:fc:6f:1d: - 8f:4a:54:70:f8:2e:87:fa:b0:f6:fd:3f:8f:9c:75:8a:eb:62: - cc:dd:2c:0a:8c:31:9e:30:3f:22:9b:91:50:6b:43:fd:32:8a: - 79:ea:0b:6b:68:6c:82:9c:79:da:20:95:83:25:5e:09:fc:57: - 2d:19:f9:bc:5a:67:95:98:65:dc:2d:91:13:2a:81:c2:6d:ff: - 12:48:6f:a4:ce:8a:b2:d3:19:b8:c2:86:e0:ba:91:3f:bb:ec: - c6:79:83:50:95:19:95:28:eb:ef:ff:bb:16:8f:3c:7d:4c:d1: - 3e:c3:82:22:8f:c5:e8:0e:b3:64:8f:5d:53:32:d5:98:64:9c: - 36:c4:6a:cf:68:21:4f:a8:4e:90:37:76:dc:05:70:66:2d:bc: - a0:d8:19:5c:96:90:d6:b9:09:56:46:07:be:3c:ae:08:bb:26: - 26:21:2c:d1:48:01:88:28:bc:21:a4:97:b7:3b:f0:7e:67:73: - 84:cf:21:43:e7:dd:53:9d:6a:59:c3:e5:98:c9:69:71:c3:e3: - 70:28:ba:f9:69:0a:af:78:e5:83:02:13:7e:08:70:8c:f3:8b: - 5d:96:b0:78:b9:d9:99:c5:1e:b7:45:dc:28:32:1a:d0:50:4b: - f4:41:92:19 + 7c:5c:fe:a6:cb:e9:78:ed:10:48:59:4a:e6:d9:96:68:ea:30: + 43:ba:b8:99:d1:8b:96:5e:d9:52:4c:58:3f:c1:d4:98:f1:20: + 46:02:0f:a3:25:7b:9c:06:c7:3d:5a:f1:00:bf:d2:d6:70:5c: + 45:ee:dc:fa:22:58:36:f2:14:06:c4:18:c9:b4:f8:ff:54:56: + cf:ff:71:00:cd:a1:9a:3c:52:dc:6f:a6:c1:fa:67:2f:a9:4d: + 7e:f7:da:c0:4c:29:34:53:8d:27:31:02:ad:05:35:3e:7d:8d: + ea:f7:2a:f8:57:cb:7f:da:27:54:3d:0b:c4:69:a7:40:8f:b3: + cb:fe:dc:76:90:57:aa:62:23:22:61:8a:d5:aa:f4:43:aa:30: + bd:9d:97:df:84:58:7c:f1:d6:78:9d:a9:4f:69:7a:a2:b5:0f: + a2:61:d0:53:93:ea:d1:0f:35:ea:d4:49:09:a1:53:7d:64:ed: + 2a:c0:f3:78:d6:ad:07:38:01:56:d5:bb:66:cc:02:e7:a4:f6: + 9f:65:64:98:f8:db:0d:ed:fc:29:2e:f6:e5:e9:d8:d7:68:97: + 84:05:99:8e:e2:ad:1c:e6:ba:0d:05:46:5c:9a:6f:60:69:b3: + 03:d1:af:b9:3c:52:de:08:48:20:1a:3c:86:49:a8:06:49:b8: + 03:da:ba:89 -----BEGIN X509 CRL----- -MIIB7jCB1wIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV +MIICBDCB7QIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3Ro MRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x -HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE1MDUwNzE4MjEwMVoX -DTE4MDEzMTE4MjEwMVqgDjAMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IB -AQCW4rkR4OUlvqtp5fqKXH/8bx2PSlRw+C6H+rD2/T+PnHWK62LM3SwKjDGeMD8i -m5FQa0P9Mop56gtraGyCnHnaIJWDJV4J/FctGfm8WmeVmGXcLZETKoHCbf8SSG+k -zoqy0xm4wobgupE/u+zGeYNQlRmVKOvv/7sWjzx9TNE+w4Iij8XoDrNkj11TMtWY -ZJw2xGrPaCFPqE6QN3bcBXBmLbyg2BlclpDWuQlWRge+PK4IuyYmISzRSAGIKLwh -pJe3O/B+Z3OEzyFD591TnWpZw+WYyWlxw+NwKLr5aQqveOWDAhN+CHCM84tdlrB4 -udmZxR63RdwoMhrQUEv0QZIZ +HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE1MDcyMjE2MTc0NVoX +DTE4MDQxNzE2MTc0NVowFDASAgECFw0xNTA3MjIxNjE3NDVaoA4wDDAKBgNVHRQE +AwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAfFz+psvpeO0QSFlK5tmWaOowQ7q4mdGL +ll7ZUkxYP8HUmPEgRgIPoyV7nAbHPVrxAL/S1nBcRe7c+iJYNvIUBsQYybT4/1RW +z/9xAM2hmjxS3G+mwfpnL6lNfvfawEwpNFONJzECrQU1Pn2N6vcq+FfLf9onVD0L +xGmnQI+zy/7cdpBXqmIjImGK1ar0Q6owvZ2X34RYfPHWeJ2pT2l6orUPomHQU5Pq +0Q816tRJCaFTfWTtKsDzeNatBzgBVtW7ZswC56T2n2VkmPjbDe38KS725enY12iX +hAWZjuKtHOa6DQVGXJpvYGmzA9GvuTxS3ghIIBo8hkmoBkm4A9q6iQ== -----END X509 CRL----- diff --git a/certs/crl/crl.revoked b/certs/crl/crl.revoked index 60152d880..6bef57e6b 100644 --- a/certs/crl/crl.revoked +++ b/certs/crl/crl.revoked @@ -2,40 +2,43 @@ Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Last Update: May 7 18:21:01 2015 GMT - Next Update: Jan 31 18:21:01 2018 GMT + Last Update: Jul 22 16:17:45 2015 GMT + Next Update: Apr 17 16:17:45 2018 GMT CRL extensions: X509v3 CRL Number: - 2 + 7 Revoked Certificates: Serial Number: 01 - Revocation Date: May 7 18:21:01 2015 GMT + Revocation Date: Jul 22 16:17:45 2015 GMT + Serial Number: 02 + Revocation Date: Jul 22 16:17:45 2015 GMT Signature Algorithm: sha256WithRSAEncryption - b7:34:2b:1c:09:6b:a2:9c:12:4f:fd:ef:69:4c:a4:1d:f2:39: - 52:29:98:78:b2:86:ea:54:9b:29:e5:c2:88:0e:2f:f9:d2:5b: - 9d:49:37:68:26:6c:45:61:d4:9d:05:ef:2d:ca:78:0a:d0:28: - c1:25:f2:f7:6a:ad:df:1d:eb:8a:66:64:4d:0c:02:91:fb:ff: - 70:b4:36:b6:e4:79:17:d5:18:6a:72:17:e1:8b:31:49:04:98: - 96:88:42:ea:8c:fe:91:40:5a:c5:ad:3b:da:9a:47:43:d6:e9: - f6:59:75:49:91:a9:e4:8b:c8:03:60:6b:36:69:87:71:f1:5b: - 92:00:51:bb:fe:d5:4f:0d:0e:f2:56:38:e3:b6:cb:76:11:7b: - 17:ad:a5:da:37:87:f2:49:af:73:42:56:ed:6c:a1:8d:46:5c: - dd:00:a7:8f:1f:5a:dd:d7:87:89:43:30:32:fe:e2:d4:b1:29: - 12:11:ef:22:0d:8f:7f:c5:33:3b:a9:a7:52:0c:25:b8:0c:e6: - 8a:8b:68:8f:55:84:65:04:c7:44:48:36:02:4d:4e:43:09:1d: - 1f:3b:f9:4a:0e:ff:59:42:ca:be:0e:a7:79:89:19:31:73:5a: - 45:6c:70:56:4d:1b:8a:59:c4:6d:ca:bc:f7:41:c4:f6:f0:fd: - 9c:7e:f1:7e + 7f:61:91:8a:8c:c1:23:f1:d4:98:d9:67:67:1e:d2:54:2a:ce: + b8:41:d1:f7:c4:88:84:01:a5:52:d6:42:d1:af:e6:c8:fb:13: + 51:9e:2e:18:c1:e7:9d:83:81:79:d3:34:a3:14:a8:1c:7b:9e: + 07:2b:fb:73:31:ce:17:52:69:80:cc:f7:fd:42:e3:1c:e0:63: + 66:70:52:81:09:cc:be:51:02:2c:33:9a:ec:21:15:81:9f:7a: + 10:d0:9c:23:f4:e6:b3:2b:e2:36:0e:fb:79:da:52:2c:bc:fa: + dd:9c:53:6b:48:b0:6a:56:5c:7b:87:53:18:94:c4:37:03:bf: + 13:18:e3:a4:26:e0:66:0c:dc:e5:99:84:5d:36:69:01:f4:69: + d4:06:eb:43:ff:4f:f5:17:46:9d:b7:cb:45:ec:0d:9e:9c:4a: + 96:3c:0b:92:c5:fb:de:d4:3f:af:a9:5e:b1:6f:9d:d7:8b:b5: + ab:86:b6:eb:00:da:b1:f4:6d:72:2d:9b:ec:f3:1b:2f:24:99: + d5:04:7b:4f:f8:7a:2e:4e:b6:ee:be:f8:50:d2:96:96:6f:f6: + 3a:c2:7f:35:48:82:1a:84:64:03:e8:58:8e:0c:dc:62:97:cd: + 82:ff:16:93:ac:44:14:e1:ae:fc:fb:52:25:b6:0d:70:ec:c4: + 93:42:37:af -----BEGIN X509 CRL----- -MIICBDCB7QIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV -BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3Ro -MRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x -HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE1MDUwNzE4MjEwMVoX -DTE4MDEzMTE4MjEwMVowFDASAgEBFw0xNTA1MDcxODIxMDFaoA4wDDAKBgNVHRQE -AwIBAjANBgkqhkiG9w0BAQsFAAOCAQEAtzQrHAlropwST/3vaUykHfI5UimYeLKG -6lSbKeXCiA4v+dJbnUk3aCZsRWHUnQXvLcp4CtAowSXy92qt3x3rimZkTQwCkfv/ -cLQ2tuR5F9UYanIX4YsxSQSYlohC6oz+kUBaxa072ppHQ9bp9ll1SZGp5IvIA2Br -NmmHcfFbkgBRu/7VTw0O8lY447bLdhF7F62l2jeH8kmvc0JW7WyhjUZc3QCnjx9a -3deHiUMwMv7i1LEpEhHvIg2Pf8UzO6mnUgwluAzmiotoj1WEZQTHREg2Ak1OQwkd -Hzv5Sg7/WULKvg6neYkZMXNaRWxwVk0bilnEbcq890HE9vD9nH7xfg== +MIICGTCCAQECAQEwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVTMRAwDgYD +VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 +aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t +MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xNTA3MjIxNjE3NDVa +Fw0xODA0MTcxNjE3NDVaMCgwEgIBARcNMTUwNzIyMTYxNzQ1WjASAgECFw0xNTA3 +MjIxNjE3NDVaoA4wDDAKBgNVHRQEAwIBBzANBgkqhkiG9w0BAQsFAAOCAQEAf2GR +iozBI/HUmNlnZx7SVCrOuEHR98SIhAGlUtZC0a/myPsTUZ4uGMHnnYOBedM0oxSo +HHueByv7czHOF1JpgMz3/ULjHOBjZnBSgQnMvlECLDOa7CEVgZ96ENCcI/Tmsyvi +Ng77edpSLLz63ZxTa0iwalZce4dTGJTENwO/ExjjpCbgZgzc5ZmEXTZpAfRp1Abr +Q/9P9RdGnbfLRewNnpxKljwLksX73tQ/r6lesW+d14u1q4a26wDasfRtci2b7PMb +LySZ1QR7T/h6Lk627r74UNKWlm/2OsJ/NUiCGoRkA+hYjgzcYpfNgv8Wk6xEFOGu +/PtSJbYNcOzEk0I3rw== -----END X509 CRL----- diff --git a/certs/crl/gencrls.sh b/certs/crl/gencrls.sh index f5c2a435b..3e500ff84 100755 --- a/certs/crl/gencrls.sh +++ b/certs/crl/gencrls.sh @@ -14,6 +14,17 @@ function setup_files() { touch ./demoCA/index.txt } +function cleanup_files() { + rm blank.index.txt + rm index.* + rm crlnumber* + rm -r demoCA + echo "Removed ../wolfssl.cnf, blank.index.txt, index.*, crlnumber*, demoCA/" + echo "" + exit 0 +} +trap cleanup_files EXIT + #setup the files setup_files @@ -72,14 +83,3 @@ mv tmp eccSrvCRL.pem #cp eccSrvCRL.pem ~/wolfssl/certs/crl/eccSrvCRL.pem exit 0 - -function cleanup_files() { - rm blank.index.txt - rm index.* - rm crlnumber* - rm -r demoCA - echo "Removed ../wolfssl.cnf, blank.index.txt, index.*, crlnumber*, demoCA/" - echo "" - exit 0 -} -trap cleanup_files EXIT diff --git a/certs/server-revoked-cert.pem b/certs/server-revoked-cert.pem index e3dfb27c7..c4d4cc68d 100644 --- a/certs/server-revoked-cert.pem +++ b/certs/server-revoked-cert.pem @@ -2,16 +2,16 @@ Certificate: Data: Version: 3 (0x2) Serial Number: 2 (0x2) - Signature Algorithm: sha1WithRSAEncryption + Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Jul 22 15:23:38 2015 GMT - Not After : Apr 17 15:23:38 2018 GMT + Not Before: Jul 22 16:17:13 2015 GMT + Not After : Apr 17 16:17:13 2018 GMT Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Support, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption - RSA Public Key: (2048 bit) - Modulus (2048 bit): + Public-Key: (2048 bit) + Modulus: 00:b0:14:16:3a:43:dd:e1:50:45:4f:cf:80:b3:dd: 66:96:c7:e9:f4:dc:de:b6:6b:24:1b:76:48:ac:c6: 23:a5:a7:e4:05:19:bd:b7:f6:de:fa:ff:ed:5b:3c: @@ -41,30 +41,30 @@ Certificate: X509v3 Basic Constraints: CA:TRUE - Signature Algorithm: sha1WithRSAEncryption - 9e:cf:e7:a7:b3:0d:40:4c:c1:ec:ad:8d:c4:5e:8c:91:b0:f3: - 8e:12:03:0d:6d:aa:6d:28:ac:2d:77:05:59:a7:e0:68:fd:90: - 17:e2:0e:6c:f0:26:21:85:c2:2b:21:5b:61:c2:70:4d:1e:dc: - 58:e8:bf:5c:d0:81:10:61:5a:03:8e:37:b4:5a:7b:71:1c:d1: - c6:dd:aa:8f:a3:7b:83:90:d1:8c:a4:ff:f5:b3:87:00:d0:f4: - b6:ee:26:ca:58:f2:f8:b3:c1:a0:4c:73:cd:8f:33:d8:75:e6: - 47:88:36:36:98:39:ac:22:75:b6:69:73:ce:c4:1a:40:c2:e7: - f1:da:9c:a2:b7:fb:08:d8:8a:da:4d:f4:26:2b:15:89:c9:cb: - ad:a8:56:c7:fb:e0:2d:f5:95:f5:89:24:02:f1:32:c2:dd:33: - e3:d5:33:65:7c:58:95:82:4f:52:dc:f2:68:83:0b:a8:f4:68: - f7:06:b8:6e:04:30:86:b2:ab:01:ff:bf:66:57:41:77:b9:e7: - ea:af:0d:44:c6:1a:cb:d6:65:f2:f2:4d:2a:ff:19:25:60:f2: - bb:39:c2:96:2a:40:b8:6c:c8:24:c5:1b:dd:43:f0:35:65:80: - 02:86:54:da:f9:36:29:75:46:ff:c5:c3:ee:ff:ea:84:6c:ab: - bd:88:ab:b1 + Signature Algorithm: sha256WithRSAEncryption + 9a:f1:4a:20:31:d1:06:ac:6f:88:ff:c5:c1:db:85:cf:a1:bc: + 25:6a:04:12:9a:5e:23:31:ab:d1:aa:cb:a2:a7:0e:8f:9a:2d: + f2:84:5b:40:05:6f:fb:9c:88:e8:a7:92:a4:95:aa:34:c3:7a: + 8c:95:6f:a1:30:9a:a7:0c:1c:57:e0:76:ad:4b:53:c1:71:b3: + 8d:11:96:59:0c:c9:2b:92:69:bb:5a:48:55:23:77:dd:26:0b: + 34:ec:25:98:7a:3b:a5:de:ed:0b:d0:05:80:cc:d2:db:9e:3c: + 9e:b2:49:97:38:06:28:48:44:a8:75:88:43:2c:bc:44:44:4f: + 9a:33:08:8f:dc:8a:51:ce:7e:0f:d6:10:95:01:e1:b4:65:0f: + 0a:9f:23:b0:76:e8:10:c4:ac:80:97:e4:93:1a:ce:1a:a4:ea: + 9d:5d:89:93:ca:83:c0:b0:19:eb:c9:58:f7:bf:22:c0:6f:7d: + 4e:1f:44:69:47:b0:d0:3c:07:db:dc:95:7c:cf:32:fc:3b:4d: + 43:42:c0:c4:cc:af:5a:f0:4e:e1:65:15:12:7d:bd:bc:68:72: + 4c:ae:e5:8a:81:21:fb:1a:45:3f:89:f3:2a:a3:c1:e0:49:8b: + c1:2b:9f:fd:99:54:d4:84:5f:ec:2a:8e:ba:06:23:85:3f:a1: + d9:57:c0:ee -----BEGIN CERTIFICATE----- -MIIEnjCCA4agAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMx +MIIEnjCCA4agAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUwNzIy -MTUyMzM4WhcNMTgwNDE3MTUyMzM4WjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgT -B01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xEDAOBgNVBAoTB3dvbGZTU0wxEDAO -BgNVBAsTB1N1cHBvcnQxGDAWBgNVBAMTD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG +MTYxNzEzWhcNMTgwNDE3MTYxNzEzWjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM +B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxEDAO +BgNVBAsMB1N1cHBvcnQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBALAUFjpD3eFQRU/PgLPdZpbH6fTc3rZrJBt2SKzGI6Wn5AUZvbf2 3vr/7Vs8eYqp1fH768ix5LKrUnKJkyJcus2KNios0UDsqGYOw3bN57OjCh7dSgeC @@ -77,19 +77,18 @@ s6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5h MRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwK Q29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcN AQkBFhBpbmZvQHdvbGZzc2wuY29tggkA2YA6w9L02jcwDAYDVR0TBAUwAwEB/zAN -BgkqhkiG9w0BAQUFAAOCAQEAns/np7MNQEzB7K2NxF6MkbDzjhIDDW2qbSisLXcF -WafgaP2QF+IObPAmIYXCKyFbYcJwTR7cWOi/XNCBEGFaA443tFp7cRzRxt2qj6N7 -g5DRjKT/9bOHAND0tu4myljy+LPBoExzzY8z2HXmR4g2Npg5rCJ1tmlzzsQaQMLn -8dqcorf7CNiK2k30JisVicnLrahWx/vgLfWV9YkkAvEywt0z49UzZXxYlYJPUtzy -aIMLqPRo9wa4bgQwhrKrAf+/ZldBd7nn6q8NRMYay9Zl8vJNKv8ZJWDyuznClipA -uGzIJMUb3UPwNWWAAoZU2vk2KXVG/8XD7v/qhGyrvYirsQ== +BgkqhkiG9w0BAQsFAAOCAQEAmvFKIDHRBqxviP/FwduFz6G8JWoEEppeIzGr0arL +oqcOj5ot8oRbQAVv+5yI6KeSpJWqNMN6jJVvoTCapwwcV+B2rUtTwXGzjRGWWQzJ +K5Jpu1pIVSN33SYLNOwlmHo7pd7tC9AFgMzS2548nrJJlzgGKEhEqHWIQyy8RERP +mjMIj9yKUc5+D9YQlQHhtGUPCp8jsHboEMSsgJfkkxrOGqTqnV2Jk8qDwLAZ68lY +978iwG99Th9EaUew0DwH29yVfM8y/DtNQ0LAxMyvWvBO4WUVEn29vGhyTK7lioEh ++xpFP4nzKqPB4EmLwSuf/ZlU1IRf7CqOugYjhT+h2VfA7g== -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) - Serial Number: - d9:80:3a:c3:d2:f4:da:37 - Signature Algorithm: sha256WithRSAEncryption + Serial Number: 15672591315981621815 (0xd9803ac3d2f4da37) + Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity Not Before: May 7 18:21:01 2015 GMT @@ -97,8 +96,8 @@ Certificate: Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption - RSA Public Key: (2048 bit) - Modulus (2048 bit): + Public-Key: (2048 bit) + Modulus: 00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a: f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac: de:03:66:ee:2a:f1:d8:b0:7d:6e:07:54:0b:10:98: @@ -129,21 +128,21 @@ Certificate: X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 7a:af:44:3b:aa:6f:53:42:b2:33:aa:43:5f:56:30:d3:b9:96: - 0b:9a:55:5a:39:2a:0b:4e:e4:2e:f1:95:66:c9:86:36:82:8d: - 63:7c:4d:a2:ee:48:ba:03:c7:90:d7:a7:c6:74:60:48:5f:31: - a2:f9:5e:3e:c3:82:e1:e5:2f:41:81:83:29:25:79:d1:53:00: - 69:3c:ed:0a:30:3b:41:1d:92:a1:2c:a8:9d:2c:e3:23:87:79: - e0:55:6e:91:a8:50:da:46:2f:c2:20:50:3e:2b:47:97:14:b0: - 7d:04:ba:45:51:d0:6e:e1:5a:a2:4b:84:9c:4d:cd:85:04:f9: - 28:31:82:93:bc:c7:59:49:91:03:e8:df:6a:e4:56:ad:6a:cb: - 1f:0d:37:e4:5e:bd:e7:9f:d5:ec:9d:3c:18:25:9b:f1:2f:50: - 7d:eb:31:cb:f1:63:22:9d:57:fc:f3:84:20:1a:c6:07:87:92: - 26:9e:15:18:59:33:06:dc:fb:b0:b6:76:5d:f1:c1:2f:c8:2f: - 62:9c:c0:d6:de:eb:65:77:f3:5c:a6:c3:88:27:96:75:b4:f4: - 54:cd:ff:2d:21:2e:96:f0:07:73:4b:e9:93:92:90:de:62:d9: - a3:3b:ac:6e:24:5f:27:4a:b3:94:70:ff:30:17:e7:7e:32:8f: - 65:b7:75:58 + 7a:af:44:3b:aa:6f:53:42:b2:33:aa:43:5f:56:30:d3:b9:96: + 0b:9a:55:5a:39:2a:0b:4e:e4:2e:f1:95:66:c9:86:36:82:8d: + 63:7c:4d:a2:ee:48:ba:03:c7:90:d7:a7:c6:74:60:48:5f:31: + a2:f9:5e:3e:c3:82:e1:e5:2f:41:81:83:29:25:79:d1:53:00: + 69:3c:ed:0a:30:3b:41:1d:92:a1:2c:a8:9d:2c:e3:23:87:79: + e0:55:6e:91:a8:50:da:46:2f:c2:20:50:3e:2b:47:97:14:b0: + 7d:04:ba:45:51:d0:6e:e1:5a:a2:4b:84:9c:4d:cd:85:04:f9: + 28:31:82:93:bc:c7:59:49:91:03:e8:df:6a:e4:56:ad:6a:cb: + 1f:0d:37:e4:5e:bd:e7:9f:d5:ec:9d:3c:18:25:9b:f1:2f:50: + 7d:eb:31:cb:f1:63:22:9d:57:fc:f3:84:20:1a:c6:07:87:92: + 26:9e:15:18:59:33:06:dc:fb:b0:b6:76:5d:f1:c1:2f:c8:2f: + 62:9c:c0:d6:de:eb:65:77:f3:5c:a6:c3:88:27:96:75:b4:f4: + 54:cd:ff:2d:21:2e:96:f0:07:73:4b:e9:93:92:90:de:62:d9: + a3:3b:ac:6e:24:5f:27:4a:b3:94:70:ff:30:17:e7:7e:32:8f: + 65:b7:75:58 -----BEGIN CERTIFICATE----- MIIEqjCCA5KgAwIBAgIJANmAOsPS9No3MA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G diff --git a/scripts/crl.test b/scripts/crl.test index 5361e1f27..421359520 100755 --- a/scripts/crl.test +++ b/scripts/crl.test @@ -4,10 +4,12 @@ log_file="scripts/client_result.txt" success_line="err = -361, CRL Cert revoked" -exit_code="-1" +exit_code=-1 crl_port=11113 +#no_pid tells us process was never started if -1 no_pid=-1 +#server_pid captured on startup, stores the id of the server process server_pid=$no_pid function remove_ready_file() { @@ -17,10 +19,17 @@ function remove_ready_file() { fi } +function remove_log_file() { + if test -e $log_file; then + echo -e "removing client log file" + rm $log_file + fi +} + # trap this function so if user aborts with ^C or other kill signal we still # get an exit that will in turn clean up the file system function abort_trap() { - $exit_code = "-1" + exit_code=-2 #different exit code in case of user interrupt echo "got abort signal, exiting with $exit_code" exit $exit_code } @@ -39,6 +48,7 @@ function restore_file_system() { kill -9 $server_pid fi remove_ready_file + remove_log_file } trap restore_file_system EXIT @@ -46,7 +56,11 @@ function run_test() { echo -e "\nStarting example server for crl test...\n" remove_ready_file - ./examples/server/server -R -p $crl_port & + + # starts the server on crl_port, -R generates ready file to be used as a + # mutex lock, -c loads the revoked certificate. We capture the processid + # into the variable server_pid + ./examples/server/server -R -p $crl_port -c certs/server-revoked-cert.pem & server_pid=$! while [ ! -s /tmp/wolfssl_server_ready ]; do @@ -54,34 +68,10 @@ function run_test() { sleep 0.1 done + # starts client on crl_port and redirects output to log_file ./examples/client/client -p $crl_port &> $log_file client_result=$? - if [ $client_result != 0 ] - then - echo -e "client failed!" - exit 1 - fi - - wait $server_pid - server_result=$? - - if [ $server_result != 0 ] - then - echo -e "client failed!" - exit 1 - fi - - echo -e "\nSuccess!\n" - - # NICK: is there a better way then scrubbing the .log file to get the - # error code -361 thoughts? - #consider how we might abstract this up one layer perhaps a c program. - - # Redirect stdout and stderr to reduce "noise" -# ./testsuite/testsuite.test &> scripts/ignore.txt -# rm scripts/ignore.txt - if test -e $log_file then while read line; @@ -99,7 +89,7 @@ function run_test() { # run the test run_test -$exit_code=0 +exit_code=0 echo "exiting with $exit_code" exit $exit_code ########## end program ########## From f9def1431f3a54fe970d16199cc3df8126f4e7b8 Mon Sep 17 00:00:00 2001 From: Nickolas Lapp Date: Wed, 22 Jul 2015 15:08:29 -0600 Subject: [PATCH 7/9] Adding support for crl testing via make check. includes modifying crl.pem/revoked Adding a revoked server cert/key pair. Adding a script to test with a revoked cert (scripts/crl.test) --- certs/crl/crl.pem | 58 ++++++------ certs/crl/crl.revoked | 63 +++++++------ certs/crl/gencrls.sh | 28 ++++++ certs/gen_revoked.sh | 18 ++++ certs/renewcerts.sh | 33 +++---- certs/server-revoked-cert.pem | 172 ++++++++++++++++++++++++++++++++++ certs/server-revoked-key.pem | 27 ++++++ configure.ac | 3 +- scripts/crl.test | 95 +++++++++++++++++++ scripts/include.am | 4 + 10 files changed, 425 insertions(+), 76 deletions(-) create mode 100755 certs/gen_revoked.sh create mode 100644 certs/server-revoked-cert.pem create mode 100644 certs/server-revoked-key.pem create mode 100755 scripts/crl.test diff --git a/certs/crl/crl.pem b/certs/crl/crl.pem index 28311c760..caef4cd7a 100644 --- a/certs/crl/crl.pem +++ b/certs/crl/crl.pem @@ -2,38 +2,40 @@ Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Last Update: May 7 18:21:01 2015 GMT - Next Update: Jan 31 18:21:01 2018 GMT + Last Update: Jul 22 16:17:45 2015 GMT + Next Update: Apr 17 16:17:45 2018 GMT CRL extensions: X509v3 CRL Number: - 1 -No Revoked Certificates. + 6 +Revoked Certificates: + Serial Number: 02 + Revocation Date: Jul 22 16:17:45 2015 GMT Signature Algorithm: sha256WithRSAEncryption - 96:e2:b9:11:e0:e5:25:be:ab:69:e5:fa:8a:5c:7f:fc:6f:1d: - 8f:4a:54:70:f8:2e:87:fa:b0:f6:fd:3f:8f:9c:75:8a:eb:62: - cc:dd:2c:0a:8c:31:9e:30:3f:22:9b:91:50:6b:43:fd:32:8a: - 79:ea:0b:6b:68:6c:82:9c:79:da:20:95:83:25:5e:09:fc:57: - 2d:19:f9:bc:5a:67:95:98:65:dc:2d:91:13:2a:81:c2:6d:ff: - 12:48:6f:a4:ce:8a:b2:d3:19:b8:c2:86:e0:ba:91:3f:bb:ec: - c6:79:83:50:95:19:95:28:eb:ef:ff:bb:16:8f:3c:7d:4c:d1: - 3e:c3:82:22:8f:c5:e8:0e:b3:64:8f:5d:53:32:d5:98:64:9c: - 36:c4:6a:cf:68:21:4f:a8:4e:90:37:76:dc:05:70:66:2d:bc: - a0:d8:19:5c:96:90:d6:b9:09:56:46:07:be:3c:ae:08:bb:26: - 26:21:2c:d1:48:01:88:28:bc:21:a4:97:b7:3b:f0:7e:67:73: - 84:cf:21:43:e7:dd:53:9d:6a:59:c3:e5:98:c9:69:71:c3:e3: - 70:28:ba:f9:69:0a:af:78:e5:83:02:13:7e:08:70:8c:f3:8b: - 5d:96:b0:78:b9:d9:99:c5:1e:b7:45:dc:28:32:1a:d0:50:4b: - f4:41:92:19 + 7c:5c:fe:a6:cb:e9:78:ed:10:48:59:4a:e6:d9:96:68:ea:30: + 43:ba:b8:99:d1:8b:96:5e:d9:52:4c:58:3f:c1:d4:98:f1:20: + 46:02:0f:a3:25:7b:9c:06:c7:3d:5a:f1:00:bf:d2:d6:70:5c: + 45:ee:dc:fa:22:58:36:f2:14:06:c4:18:c9:b4:f8:ff:54:56: + cf:ff:71:00:cd:a1:9a:3c:52:dc:6f:a6:c1:fa:67:2f:a9:4d: + 7e:f7:da:c0:4c:29:34:53:8d:27:31:02:ad:05:35:3e:7d:8d: + ea:f7:2a:f8:57:cb:7f:da:27:54:3d:0b:c4:69:a7:40:8f:b3: + cb:fe:dc:76:90:57:aa:62:23:22:61:8a:d5:aa:f4:43:aa:30: + bd:9d:97:df:84:58:7c:f1:d6:78:9d:a9:4f:69:7a:a2:b5:0f: + a2:61:d0:53:93:ea:d1:0f:35:ea:d4:49:09:a1:53:7d:64:ed: + 2a:c0:f3:78:d6:ad:07:38:01:56:d5:bb:66:cc:02:e7:a4:f6: + 9f:65:64:98:f8:db:0d:ed:fc:29:2e:f6:e5:e9:d8:d7:68:97: + 84:05:99:8e:e2:ad:1c:e6:ba:0d:05:46:5c:9a:6f:60:69:b3: + 03:d1:af:b9:3c:52:de:08:48:20:1a:3c:86:49:a8:06:49:b8: + 03:da:ba:89 -----BEGIN X509 CRL----- -MIIB7jCB1wIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV +MIICBDCB7QIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3Ro MRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x -HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE1MDUwNzE4MjEwMVoX -DTE4MDEzMTE4MjEwMVqgDjAMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IB -AQCW4rkR4OUlvqtp5fqKXH/8bx2PSlRw+C6H+rD2/T+PnHWK62LM3SwKjDGeMD8i -m5FQa0P9Mop56gtraGyCnHnaIJWDJV4J/FctGfm8WmeVmGXcLZETKoHCbf8SSG+k -zoqy0xm4wobgupE/u+zGeYNQlRmVKOvv/7sWjzx9TNE+w4Iij8XoDrNkj11TMtWY -ZJw2xGrPaCFPqE6QN3bcBXBmLbyg2BlclpDWuQlWRge+PK4IuyYmISzRSAGIKLwh -pJe3O/B+Z3OEzyFD591TnWpZw+WYyWlxw+NwKLr5aQqveOWDAhN+CHCM84tdlrB4 -udmZxR63RdwoMhrQUEv0QZIZ +HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE1MDcyMjE2MTc0NVoX +DTE4MDQxNzE2MTc0NVowFDASAgECFw0xNTA3MjIxNjE3NDVaoA4wDDAKBgNVHRQE +AwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAfFz+psvpeO0QSFlK5tmWaOowQ7q4mdGL +ll7ZUkxYP8HUmPEgRgIPoyV7nAbHPVrxAL/S1nBcRe7c+iJYNvIUBsQYybT4/1RW +z/9xAM2hmjxS3G+mwfpnL6lNfvfawEwpNFONJzECrQU1Pn2N6vcq+FfLf9onVD0L +xGmnQI+zy/7cdpBXqmIjImGK1ar0Q6owvZ2X34RYfPHWeJ2pT2l6orUPomHQU5Pq +0Q816tRJCaFTfWTtKsDzeNatBzgBVtW7ZswC56T2n2VkmPjbDe38KS725enY12iX +hAWZjuKtHOa6DQVGXJpvYGmzA9GvuTxS3ghIIBo8hkmoBkm4A9q6iQ== -----END X509 CRL----- diff --git a/certs/crl/crl.revoked b/certs/crl/crl.revoked index 60152d880..6bef57e6b 100644 --- a/certs/crl/crl.revoked +++ b/certs/crl/crl.revoked @@ -2,40 +2,43 @@ Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Last Update: May 7 18:21:01 2015 GMT - Next Update: Jan 31 18:21:01 2018 GMT + Last Update: Jul 22 16:17:45 2015 GMT + Next Update: Apr 17 16:17:45 2018 GMT CRL extensions: X509v3 CRL Number: - 2 + 7 Revoked Certificates: Serial Number: 01 - Revocation Date: May 7 18:21:01 2015 GMT + Revocation Date: Jul 22 16:17:45 2015 GMT + Serial Number: 02 + Revocation Date: Jul 22 16:17:45 2015 GMT Signature Algorithm: sha256WithRSAEncryption - b7:34:2b:1c:09:6b:a2:9c:12:4f:fd:ef:69:4c:a4:1d:f2:39: - 52:29:98:78:b2:86:ea:54:9b:29:e5:c2:88:0e:2f:f9:d2:5b: - 9d:49:37:68:26:6c:45:61:d4:9d:05:ef:2d:ca:78:0a:d0:28: - c1:25:f2:f7:6a:ad:df:1d:eb:8a:66:64:4d:0c:02:91:fb:ff: - 70:b4:36:b6:e4:79:17:d5:18:6a:72:17:e1:8b:31:49:04:98: - 96:88:42:ea:8c:fe:91:40:5a:c5:ad:3b:da:9a:47:43:d6:e9: - f6:59:75:49:91:a9:e4:8b:c8:03:60:6b:36:69:87:71:f1:5b: - 92:00:51:bb:fe:d5:4f:0d:0e:f2:56:38:e3:b6:cb:76:11:7b: - 17:ad:a5:da:37:87:f2:49:af:73:42:56:ed:6c:a1:8d:46:5c: - dd:00:a7:8f:1f:5a:dd:d7:87:89:43:30:32:fe:e2:d4:b1:29: - 12:11:ef:22:0d:8f:7f:c5:33:3b:a9:a7:52:0c:25:b8:0c:e6: - 8a:8b:68:8f:55:84:65:04:c7:44:48:36:02:4d:4e:43:09:1d: - 1f:3b:f9:4a:0e:ff:59:42:ca:be:0e:a7:79:89:19:31:73:5a: - 45:6c:70:56:4d:1b:8a:59:c4:6d:ca:bc:f7:41:c4:f6:f0:fd: - 9c:7e:f1:7e + 7f:61:91:8a:8c:c1:23:f1:d4:98:d9:67:67:1e:d2:54:2a:ce: + b8:41:d1:f7:c4:88:84:01:a5:52:d6:42:d1:af:e6:c8:fb:13: + 51:9e:2e:18:c1:e7:9d:83:81:79:d3:34:a3:14:a8:1c:7b:9e: + 07:2b:fb:73:31:ce:17:52:69:80:cc:f7:fd:42:e3:1c:e0:63: + 66:70:52:81:09:cc:be:51:02:2c:33:9a:ec:21:15:81:9f:7a: + 10:d0:9c:23:f4:e6:b3:2b:e2:36:0e:fb:79:da:52:2c:bc:fa: + dd:9c:53:6b:48:b0:6a:56:5c:7b:87:53:18:94:c4:37:03:bf: + 13:18:e3:a4:26:e0:66:0c:dc:e5:99:84:5d:36:69:01:f4:69: + d4:06:eb:43:ff:4f:f5:17:46:9d:b7:cb:45:ec:0d:9e:9c:4a: + 96:3c:0b:92:c5:fb:de:d4:3f:af:a9:5e:b1:6f:9d:d7:8b:b5: + ab:86:b6:eb:00:da:b1:f4:6d:72:2d:9b:ec:f3:1b:2f:24:99: + d5:04:7b:4f:f8:7a:2e:4e:b6:ee:be:f8:50:d2:96:96:6f:f6: + 3a:c2:7f:35:48:82:1a:84:64:03:e8:58:8e:0c:dc:62:97:cd: + 82:ff:16:93:ac:44:14:e1:ae:fc:fb:52:25:b6:0d:70:ec:c4: + 93:42:37:af -----BEGIN X509 CRL----- -MIICBDCB7QIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV -BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3Ro -MRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x -HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE1MDUwNzE4MjEwMVoX -DTE4MDEzMTE4MjEwMVowFDASAgEBFw0xNTA1MDcxODIxMDFaoA4wDDAKBgNVHRQE -AwIBAjANBgkqhkiG9w0BAQsFAAOCAQEAtzQrHAlropwST/3vaUykHfI5UimYeLKG -6lSbKeXCiA4v+dJbnUk3aCZsRWHUnQXvLcp4CtAowSXy92qt3x3rimZkTQwCkfv/ -cLQ2tuR5F9UYanIX4YsxSQSYlohC6oz+kUBaxa072ppHQ9bp9ll1SZGp5IvIA2Br -NmmHcfFbkgBRu/7VTw0O8lY447bLdhF7F62l2jeH8kmvc0JW7WyhjUZc3QCnjx9a -3deHiUMwMv7i1LEpEhHvIg2Pf8UzO6mnUgwluAzmiotoj1WEZQTHREg2Ak1OQwkd -Hzv5Sg7/WULKvg6neYkZMXNaRWxwVk0bilnEbcq890HE9vD9nH7xfg== +MIICGTCCAQECAQEwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVTMRAwDgYD +VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 +aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t +MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xNTA3MjIxNjE3NDVa +Fw0xODA0MTcxNjE3NDVaMCgwEgIBARcNMTUwNzIyMTYxNzQ1WjASAgECFw0xNTA3 +MjIxNjE3NDVaoA4wDDAKBgNVHRQEAwIBBzANBgkqhkiG9w0BAQsFAAOCAQEAf2GR +iozBI/HUmNlnZx7SVCrOuEHR98SIhAGlUtZC0a/myPsTUZ4uGMHnnYOBedM0oxSo +HHueByv7czHOF1JpgMz3/ULjHOBjZnBSgQnMvlECLDOa7CEVgZ96ENCcI/Tmsyvi +Ng77edpSLLz63ZxTa0iwalZce4dTGJTENwO/ExjjpCbgZgzc5ZmEXTZpAfRp1Abr +Q/9P9RdGnbfLRewNnpxKljwLksX73tQ/r6lesW+d14u1q4a26wDasfRtci2b7PMb +LySZ1QR7T/h6Lk627r74UNKWlm/2OsJ/NUiCGoRkA+hYjgzcYpfNgv8Wk6xEFOGu +/PtSJbYNcOzEk0I3rw== -----END X509 CRL----- diff --git a/certs/crl/gencrls.sh b/certs/crl/gencrls.sh index a18ecf3f7..3e500ff84 100755 --- a/certs/crl/gencrls.sh +++ b/certs/crl/gencrls.sh @@ -2,9 +2,36 @@ # gencrls, crl config already done, see taoCerts.txt for setup +function setup_files() { + #set up the file system for updating the crls + echo "setting up the file system for generating the crls..." + echo "" + touch ./index.txt + touch ./crlnumber + echo "01" >> crlnumber + touch ./blank.index.txt + mkdir demoCA + touch ./demoCA/index.txt +} +function cleanup_files() { + rm blank.index.txt + rm index.* + rm crlnumber* + rm -r demoCA + echo "Removed ../wolfssl.cnf, blank.index.txt, index.*, crlnumber*, demoCA/" + echo "" + exit 0 +} +trap cleanup_files EXIT + +#setup the files +setup_files # caCrl +# revoke server-revoked-cert.pem +openssl ca -config ../renewcerts/wolfssl.cnf -revoke ../server-revoked-cert.pem -keyfile ../ca-key.pem -cert ../ca-cert.pem + openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out crl.pem -keyfile ../ca-key.pem -cert ../ca-cert.pem # metadata @@ -55,3 +82,4 @@ mv tmp eccSrvCRL.pem # install (only needed if working outside wolfssl) #cp eccSrvCRL.pem ~/wolfssl/certs/crl/eccSrvCRL.pem +exit 0 diff --git a/certs/gen_revoked.sh b/certs/gen_revoked.sh new file mode 100755 index 000000000..e42073d70 --- /dev/null +++ b/certs/gen_revoked.sh @@ -0,0 +1,18 @@ + ########################################################### + ########## update and sign server-revoked-key.pem ################ + ########################################################### + echo "Updating server-revoked-cert.pem" + echo "" + #pipe the following arguments to openssl req... + echo -e "US\nMontana\nBozeman\nwolfSSL\nSupport\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key server-revoked-key.pem -nodes > server-revoked-req.pem + + openssl x509 -req -in server-revoked-req.pem -extfile wolfssl.cnf -extensions wolfssl_opts -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 02 > server-revoked-cert.pem + + rm server-revoked-req.pem + + openssl x509 -in ca-cert.pem -text > ca_tmp.pem + openssl x509 -in server-revoked-cert.pem -text > srv_tmp.pem + mv srv_tmp.pem server-revoked-cert.pem + cat ca_tmp.pem >> server-revoked-cert.pem + rm ca_tmp.pem + diff --git a/certs/renewcerts.sh b/certs/renewcerts.sh index a048b631d..c163dcab9 100755 --- a/certs/renewcerts.sh +++ b/certs/renewcerts.sh @@ -98,6 +98,23 @@ function run_renewcerts(){ mv srv_tmp.pem server-cert.pem cat ca_tmp.pem >> server-cert.pem rm ca_tmp.pem + ########################################################### + ########## update and sign server-revoked-key.pem ######### + ########################################################### + echo "Updating server-revoked-cert.pem" + echo "" + #pipe the following arguments to openssl req... + echo -e "US\nMontana\nBozeman\nwolfSSL\nSupport\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key server-revoked-key.pem -nodes > server-revoked-req.pem + + openssl x509 -req -in server-revoked-req.pem -extfile wolfssl.cnf -extensions wolfssl_opts -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 02 > server-revoked-cert.pem + + rm server-revoked-req.pem + + openssl x509 -in ca-cert.pem -text > ca_tmp.pem + openssl x509 -in server-revoked-cert.pem -text > srv_tmp.pem + mv srv_tmp.pem server-revoked-cert.pem + cat ca_tmp.pem >> server-revoked-cert.pem + rm ca_tmp.pem ############################################################ ########## update and sign the server-ecc-rsa.pem ########## ############################################################ @@ -181,16 +198,6 @@ function run_renewcerts(){ echo "We are back in the certs directory" echo "" - #set up the file system for updating the crls - echo "setting up the file system for generating the crls..." - echo "" - touch crl/index.txt - touch crl/crlnumber - echo "01" >> crl/crlnumber - touch crl/blank.index.txt - mkdir crl/demoCA - touch crl/demoCA/index.txt - echo "Updating the crls..." echo "" cd crl @@ -205,12 +212,6 @@ function run_renewcerts(){ echo "" rm ../wolfssl.cnf - rm blank.index.txt - rm index.* - rm crlnumber* - rm -r demoCA - echo "Removed ../wolfssl.cnf, blank.index.txt, index.*, crlnumber*, demoCA/" - echo "" } diff --git a/certs/server-revoked-cert.pem b/certs/server-revoked-cert.pem new file mode 100644 index 000000000..c4d4cc68d --- /dev/null +++ b/certs/server-revoked-cert.pem @@ -0,0 +1,172 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com + Validity + Not Before: Jul 22 16:17:13 2015 GMT + Not After : Apr 17 16:17:13 2018 GMT + Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Support, CN=www.wolfssl.com/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:b0:14:16:3a:43:dd:e1:50:45:4f:cf:80:b3:dd: + 66:96:c7:e9:f4:dc:de:b6:6b:24:1b:76:48:ac:c6: + 23:a5:a7:e4:05:19:bd:b7:f6:de:fa:ff:ed:5b:3c: + 79:8a:a9:d5:f1:fb:eb:c8:b1:e4:b2:ab:52:72:89: + 93:22:5c:ba:cd:8a:36:2a:2c:d1:40:ec:a8:66:0e: + c3:76:cd:e7:b3:a3:0a:1e:dd:4a:07:82:17:81:ba: + de:57:ce:b6:32:81:c7:bd:11:bb:e9:15:22:4e:e2: + 16:ac:e3:d4:c0:68:88:6c:11:fc:c2:bd:1b:db:1d: + fd:e6:43:c7:1b:33:b8:f4:e5:1b:59:39:12:38:4d: + 2d:9b:64:68:98:fc:8d:72:12:91:f2:24:25:6c:4c: + 4a:48:57:92:00:cc:7e:d8:d4:3d:b8:1d:f2:9e:ea: + b2:23:0f:51:0f:11:41:1c:f5:27:00:1b:08:7a:12: + 3a:05:5b:03:24:fe:b1:7b:20:fa:e4:a8:58:c6:ca: + ce:7f:be:95:01:12:9d:05:e6:39:13:1b:c0:3e:56: + 2e:2b:9f:76:37:de:de:9b:e0:0d:7a:63:0d:a7:22: + 58:db:31:c7:f7:b4:46:5c:ba:b6:4b:48:b1:18:9a: + 68:b3:63:47:fd:af:12:5f:2f:fe:10:cb:58:2b:33: + 68:85 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + D8:09:2B:59:E1:2A:EE:D9:EE:40:AA:9C:AB:F0:5D:28:09:4F:22:BB + X509v3 Authority Key Identifier: + keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 + DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com + serial:D9:80:3A:C3:D2:F4:DA:37 + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 9a:f1:4a:20:31:d1:06:ac:6f:88:ff:c5:c1:db:85:cf:a1:bc: + 25:6a:04:12:9a:5e:23:31:ab:d1:aa:cb:a2:a7:0e:8f:9a:2d: + f2:84:5b:40:05:6f:fb:9c:88:e8:a7:92:a4:95:aa:34:c3:7a: + 8c:95:6f:a1:30:9a:a7:0c:1c:57:e0:76:ad:4b:53:c1:71:b3: + 8d:11:96:59:0c:c9:2b:92:69:bb:5a:48:55:23:77:dd:26:0b: + 34:ec:25:98:7a:3b:a5:de:ed:0b:d0:05:80:cc:d2:db:9e:3c: + 9e:b2:49:97:38:06:28:48:44:a8:75:88:43:2c:bc:44:44:4f: + 9a:33:08:8f:dc:8a:51:ce:7e:0f:d6:10:95:01:e1:b4:65:0f: + 0a:9f:23:b0:76:e8:10:c4:ac:80:97:e4:93:1a:ce:1a:a4:ea: + 9d:5d:89:93:ca:83:c0:b0:19:eb:c9:58:f7:bf:22:c0:6f:7d: + 4e:1f:44:69:47:b0:d0:3c:07:db:dc:95:7c:cf:32:fc:3b:4d: + 43:42:c0:c4:cc:af:5a:f0:4e:e1:65:15:12:7d:bd:bc:68:72: + 4c:ae:e5:8a:81:21:fb:1a:45:3f:89:f3:2a:a3:c1:e0:49:8b: + c1:2b:9f:fd:99:54:d4:84:5f:ec:2a:8e:ba:06:23:85:3f:a1: + d9:57:c0:ee +-----BEGIN CERTIFICATE----- +MIIEnjCCA4agAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx +EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh +d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUwNzIy +MTYxNzEzWhcNMTgwNDE3MTYxNzEzWjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM +B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxEDAO +BgNVBAsMB1N1cHBvcnQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG +SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBALAUFjpD3eFQRU/PgLPdZpbH6fTc3rZrJBt2SKzGI6Wn5AUZvbf2 +3vr/7Vs8eYqp1fH768ix5LKrUnKJkyJcus2KNios0UDsqGYOw3bN57OjCh7dSgeC +F4G63lfOtjKBx70Ru+kVIk7iFqzj1MBoiGwR/MK9G9sd/eZDxxszuPTlG1k5EjhN +LZtkaJj8jXISkfIkJWxMSkhXkgDMftjUPbgd8p7qsiMPUQ8RQRz1JwAbCHoSOgVb +AyT+sXsg+uSoWMbKzn++lQESnQXmORMbwD5WLiufdjfe3pvgDXpjDaciWNsxx/e0 +Rly6tktIsRiaaLNjR/2vEl8v/hDLWCszaIUCAwEAAaOB/DCB+TAdBgNVHQ4EFgQU +2AkrWeEq7tnuQKqcq/BdKAlPIrswgckGA1UdIwSBwTCBvoAUJ45nEXTDJh0/7TNj +s6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5h +MRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwK +Q29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcN +AQkBFhBpbmZvQHdvbGZzc2wuY29tggkA2YA6w9L02jcwDAYDVR0TBAUwAwEB/zAN +BgkqhkiG9w0BAQsFAAOCAQEAmvFKIDHRBqxviP/FwduFz6G8JWoEEppeIzGr0arL +oqcOj5ot8oRbQAVv+5yI6KeSpJWqNMN6jJVvoTCapwwcV+B2rUtTwXGzjRGWWQzJ +K5Jpu1pIVSN33SYLNOwlmHo7pd7tC9AFgMzS2548nrJJlzgGKEhEqHWIQyy8RERP +mjMIj9yKUc5+D9YQlQHhtGUPCp8jsHboEMSsgJfkkxrOGqTqnV2Jk8qDwLAZ68lY +978iwG99Th9EaUew0DwH29yVfM8y/DtNQ0LAxMyvWvBO4WUVEn29vGhyTK7lioEh ++xpFP4nzKqPB4EmLwSuf/ZlU1IRf7CqOugYjhT+h2VfA7g== +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 15672591315981621815 (0xd9803ac3d2f4da37) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com + Validity + Not Before: May 7 18:21:01 2015 GMT + Not After : Jan 31 18:21:01 2018 GMT + Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a: + f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac: + de:03:66:ee:2a:f1:d8:b0:7d:6e:07:54:0b:10:98: + 21:4d:80:cb:12:20:e7:cc:4f:de:45:7d:c9:72:77: + 32:ea:ca:90:bb:69:52:10:03:2f:a8:f3:95:c5:f1: + 8b:62:56:1b:ef:67:6f:a4:10:41:95:ad:0a:9b:e3: + a5:c0:b0:d2:70:76:50:30:5b:a8:e8:08:2c:7c:ed: + a7:a2:7a:8d:38:29:1c:ac:c7:ed:f2:7c:95:b0:95: + 82:7d:49:5c:38:cd:77:25:ef:bd:80:75:53:94:3c: + 3d:ca:63:5b:9f:15:b5:d3:1d:13:2f:19:d1:3c:db: + 76:3a:cc:b8:7d:c9:e5:c2:d7:da:40:6f:d8:21:dc: + 73:1b:42:2d:53:9c:fe:1a:fc:7d:ab:7a:36:3f:98: + de:84:7c:05:67:ce:6a:14:38:87:a9:f1:8c:b5:68: + cb:68:7f:71:20:2b:f5:a0:63:f5:56:2f:a3:26:d2: + b7:6f:b1:5a:17:d7:38:99:08:fe:93:58:6f:fe:c3: + 13:49:08:16:0b:a7:4d:67:00:52:31:67:23:4e:98: + ed:51:45:1d:b9:04:d9:0b:ec:d8:28:b3:4b:bd:ed: + 36:79 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 + X509v3 Authority Key Identifier: + keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 + DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com + serial:D9:80:3A:C3:D2:F4:DA:37 + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 7a:af:44:3b:aa:6f:53:42:b2:33:aa:43:5f:56:30:d3:b9:96: + 0b:9a:55:5a:39:2a:0b:4e:e4:2e:f1:95:66:c9:86:36:82:8d: + 63:7c:4d:a2:ee:48:ba:03:c7:90:d7:a7:c6:74:60:48:5f:31: + a2:f9:5e:3e:c3:82:e1:e5:2f:41:81:83:29:25:79:d1:53:00: + 69:3c:ed:0a:30:3b:41:1d:92:a1:2c:a8:9d:2c:e3:23:87:79: + e0:55:6e:91:a8:50:da:46:2f:c2:20:50:3e:2b:47:97:14:b0: + 7d:04:ba:45:51:d0:6e:e1:5a:a2:4b:84:9c:4d:cd:85:04:f9: + 28:31:82:93:bc:c7:59:49:91:03:e8:df:6a:e4:56:ad:6a:cb: + 1f:0d:37:e4:5e:bd:e7:9f:d5:ec:9d:3c:18:25:9b:f1:2f:50: + 7d:eb:31:cb:f1:63:22:9d:57:fc:f3:84:20:1a:c6:07:87:92: + 26:9e:15:18:59:33:06:dc:fb:b0:b6:76:5d:f1:c1:2f:c8:2f: + 62:9c:c0:d6:de:eb:65:77:f3:5c:a6:c3:88:27:96:75:b4:f4: + 54:cd:ff:2d:21:2e:96:f0:07:73:4b:e9:93:92:90:de:62:d9: + a3:3b:ac:6e:24:5f:27:4a:b3:94:70:ff:30:17:e7:7e:32:8f: + 65:b7:75:58 +-----BEGIN CERTIFICATE----- +MIIEqjCCA5KgAwIBAgIJANmAOsPS9No3MA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD +VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G +A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3 +dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe +Fw0xNTA1MDcxODIxMDFaFw0xODAxMzExODIxMDFaMIGUMQswCQYDVQQGEwJVUzEQ +MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3 +dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns +LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAL8Myi0Ush6EQlvNOB9K8k11EPG2NZ/fyn0D +mNOs3gNm7irx2LB9bgdUCxCYIU2AyxIg58xP3kV9yXJ3MurKkLtpUhADL6jzlcXx +i2JWG+9nb6QQQZWtCpvjpcCw0nB2UDBbqOgILHztp6J6jTgpHKzH7fJ8lbCVgn1J +XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc +/hr8fat6Nj+Y3oR8BWfOahQ4h6nxjLVoy2h/cSAr9aBj9VYvoybSt2+xWhfXOJkI +/pNYb/7DE0kIFgunTWcAUjFnI06Y7VFFHbkE2Qvs2CizS73tNnkCAwEAAaOB/DCB ++TAdBgNVHQ4EFgQUJ45nEXTDJh0/7TNjs6TYHTDl6NUwgckGA1UdIwSBwTCBvoAU +J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD +VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 +aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t +MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkA2YA6w9L02jcwDAYD +VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAeq9EO6pvU0KyM6pDX1Yw07mW +C5pVWjkqC07kLvGVZsmGNoKNY3xNou5IugPHkNenxnRgSF8xovlePsOC4eUvQYGD +KSV50VMAaTztCjA7QR2SoSyonSzjI4d54FVukahQ2kYvwiBQPitHlxSwfQS6RVHQ +buFaokuEnE3NhQT5KDGCk7zHWUmRA+jfauRWrWrLHw035F6955/V7J08GCWb8S9Q +fesxy/FjIp1X/POEIBrGB4eSJp4VGFkzBtz7sLZ2XfHBL8gvYpzA1t7rZXfzXKbD +iCeWdbT0VM3/LSEulvAHc0vpk5KQ3mLZozusbiRfJ0qzlHD/MBfnfjKPZbd1WA== +-----END CERTIFICATE----- diff --git a/certs/server-revoked-key.pem b/certs/server-revoked-key.pem new file mode 100644 index 000000000..3cf5640ec --- /dev/null +++ b/certs/server-revoked-key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAsBQWOkPd4VBFT8+As91mlsfp9NzetmskG3ZIrMYjpafkBRm9 +t/be+v/tWzx5iqnV8fvryLHksqtScomTIly6zYo2KizRQOyoZg7Dds3ns6MKHt1K +B4IXgbreV862MoHHvRG76RUiTuIWrOPUwGiIbBH8wr0b2x395kPHGzO49OUbWTkS +OE0tm2RomPyNchKR8iQlbExKSFeSAMx+2NQ9uB3ynuqyIw9RDxFBHPUnABsIehI6 +BVsDJP6xeyD65KhYxsrOf76VARKdBeY5ExvAPlYuK592N97em+ANemMNpyJY2zHH +97RGXLq2S0ixGJpos2NH/a8SXy/+EMtYKzNohQIDAQABAoIBAQCfamBBekZ9gxZt +ztmgfvgt1WutZPdCwzgaoPnlazLE/X9FWuvYjeuN5n44V0VXVLK99q6fsufzF4d6 +6bHLr5b1Fog5oQAHPvysAfvYKU345sj37rPinla3/r7lUuLEUZnMRS0TNy4rqyiK +eW+akEnLRnHIwjxhIwNIId83cpmnJfE7ZV7svZvk6Ctc//prFa/Y2AwkZcM2j2iG +xc4kOXr0Y8DE4FYQEZgdJCoYfVDihcwtVXUGm+ZMBNhLzK/KuSxdjL6ySzdCSE9M +mS4ZJPManR9LOIGsKlFsJrGWnFOm/GOMkzdBSLoEqRogHhYsvn7oDnLMHqPA/gE0 +M85ytBkVAoGBAOO/tTCd94kDfkXar+5+KvcYwQbwnMIbrN0TiIudpaSnE0dBFqU3 +oNC2K+PoGBgwEsEr2ThZCMAbz7NQJYmmNlNlSMNBzeud59F3BqMk3J6k62E0+Fnt +C8OFfZ8V0vbdGehmeArEqHDcRJZBFsrUWb2/9/j4OYpnsozkp6H1pWQrAoGBAMXr +jouX1qXLfKvYEpOKaSf+yjfULjT33ib885Nw2xlRzI6wkjHFsb8DERK36PA3CakU +cdXb923tMMlLoCvSdDd6Qnx1TLRbYaJSFaOLt2we94AvjHtijM6vO7ftd1XvRWer +/Ip9NT9X1NZxP/NTyUL3DgRmXE4L32fr2FFQEJ4PAoGBAKr2QeFY83RatvNhEigJ +dd8/Kcc337SmacEa5KlJkgpjkMkwRvuHIqUJ2zCeDVg63hk7/TebPkJXnjaQt1z4 +9Fbt9Qz93MI+KsLGgqj9Bs/gJQE3biazFt2S25YMH+1IVCZspTgQIBF4h9Py0FU5 +ypPyAwdV7nvDE/lHu76MU7c5AoGBALUxR5ioc0vplMNF1wvXpRmGet7Nk1fOrESJ +QvzyTsNJTbo8EDscv/Mc/Z5jXA++c0uleenNrSGoCgffAk3cJ6U6em+ye3yKREH0 +X/cPy+ZiGzfxT+0NddcqOcPS1HOJz8Jvg43Nvte0sxd3KpK7W//AacbBZzPUTry2 +/5zBbdUlAoGAYglAtoHIC0mQxAe6PXy/QRmgj87fPGsbVFOUwBf8Il2UKpfX9blv +0rHb0kenc/DP7ZHZTgdc5qGgRyg0d3+O7W2rWTv1MiX85rUE03TCcyC2l1+M+iyx +6IdHDjYwa4Kt0nT1JxEMjJxe1uhzJfgYJlcz5Iy4ff0xb8/aH0veedc= +-----END RSA PRIVATE KEY----- diff --git a/configure.ac b/configure.ac index e66b68718..718675ae9 100644 --- a/configure.ac +++ b/configure.ac @@ -1414,7 +1414,7 @@ then fi -# CRL +# CRL AC_ARG_ENABLE([crl], [ --enable-crl Enable CRL (default: disabled)], [ ENABLED_CRL=$enableval ], @@ -1428,7 +1428,6 @@ fi AM_CONDITIONAL([BUILD_CRL], [test "x$ENABLED_CRL" = "xyes"]) - # CRL Monitor AC_ARG_ENABLE([crl-monitor], [ --enable-crl-monitor Enable CRL Monitor (default: disabled)], diff --git a/scripts/crl.test b/scripts/crl.test new file mode 100755 index 000000000..421359520 --- /dev/null +++ b/scripts/crl.test @@ -0,0 +1,95 @@ +#!/bin/bash + +#crl.test + +log_file="scripts/client_result.txt" +success_line="err = -361, CRL Cert revoked" +exit_code=-1 + +crl_port=11113 +#no_pid tells us process was never started if -1 +no_pid=-1 +#server_pid captured on startup, stores the id of the server process +server_pid=$no_pid + +function remove_ready_file() { + if test -e /tmp/wolfssl_server_ready; then + echo -e "removing exisitng server_ready file" + rm /tmp/wolfssl_server_ready + fi +} + +function remove_log_file() { + if test -e $log_file; then + echo -e "removing client log file" + rm $log_file + fi +} + +# trap this function so if user aborts with ^C or other kill signal we still +# get an exit that will in turn clean up the file system +function abort_trap() { + exit_code=-2 #different exit code in case of user interrupt + echo "got abort signal, exiting with $exit_code" + exit $exit_code +} +trap abort_trap INT TERM + + +# trap this function so that if we exit on an error the file system will still +# be restored and the other tests may still pass. Never call this function +# instead use "exit " and this function will run automatically +function restore_file_system() { + echo "in cleanup" + + if [ $server_pid != $no_pid ] + then + echo "killing server" + kill -9 $server_pid + fi + remove_ready_file + remove_log_file +} +trap restore_file_system EXIT + +function run_test() { + echo -e "\nStarting example server for crl test...\n" + + remove_ready_file + + # starts the server on crl_port, -R generates ready file to be used as a + # mutex lock, -c loads the revoked certificate. We capture the processid + # into the variable server_pid + ./examples/server/server -R -p $crl_port -c certs/server-revoked-cert.pem & + server_pid=$! + + while [ ! -s /tmp/wolfssl_server_ready ]; do + echo -e "waiting for server_ready file..." + sleep 0.1 + done + + # starts client on crl_port and redirects output to log_file + ./examples/client/client -p $crl_port &> $log_file + client_result=$? + + if test -e $log_file + then + while read line; + do + if [[ "x$success_line" == "x$line" ]] + then + echo "Successful Revocation!!!!" + fi + done < $log_file + fi +} + + +######### begin program ######### + +# run the test +run_test +exit_code=0 +echo "exiting with $exit_code" +exit $exit_code +########## end program ########## diff --git a/scripts/include.am b/scripts/include.am index 924634aa7..95ddbb4dd 100644 --- a/scripts/include.am +++ b/scripts/include.am @@ -16,4 +16,8 @@ dist_noinst_SCRIPTS+= scripts/google.test endif endif +if BUILD_CRL +dist_noinst_SCRIPTS+= scripts/crl.test +endif + EXTRA_DIST += scripts/testsuite.pcap From 1a0a9de9c65b62bdd8d43841aa28767e69587fc9 Mon Sep 17 00:00:00 2001 From: kaleb-himes Date: Thu, 23 Jul 2015 14:11:10 -0600 Subject: [PATCH 8/9] changes post review crl-revoked dash compliant. revoked-cert has unique fields new print statements --- certs/crl/crl.pem | 54 ++++++++-------- certs/gen_revoked.sh | 4 +- certs/renewcerts.sh | 2 +- certs/server-revoked-cert.pem | 83 ++++++++++++------------ scripts/{crl.test => crl-revoked.test} | 90 ++++++++++++++------------ scripts/include.am | 10 ++- 6 files changed, 128 insertions(+), 115 deletions(-) rename scripts/{crl.test => crl-revoked.test} (54%) diff --git a/certs/crl/crl.pem b/certs/crl/crl.pem index caef4cd7a..20610ef60 100644 --- a/certs/crl/crl.pem +++ b/certs/crl/crl.pem @@ -2,40 +2,40 @@ Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Last Update: Jul 22 16:17:45 2015 GMT - Next Update: Apr 17 16:17:45 2018 GMT + Last Update: Jul 23 22:05:10 2015 GMT + Next Update: Apr 18 22:05:10 2018 GMT CRL extensions: X509v3 CRL Number: - 6 + 1 Revoked Certificates: Serial Number: 02 - Revocation Date: Jul 22 16:17:45 2015 GMT + Revocation Date: Jul 23 22:05:10 2015 GMT Signature Algorithm: sha256WithRSAEncryption - 7c:5c:fe:a6:cb:e9:78:ed:10:48:59:4a:e6:d9:96:68:ea:30: - 43:ba:b8:99:d1:8b:96:5e:d9:52:4c:58:3f:c1:d4:98:f1:20: - 46:02:0f:a3:25:7b:9c:06:c7:3d:5a:f1:00:bf:d2:d6:70:5c: - 45:ee:dc:fa:22:58:36:f2:14:06:c4:18:c9:b4:f8:ff:54:56: - cf:ff:71:00:cd:a1:9a:3c:52:dc:6f:a6:c1:fa:67:2f:a9:4d: - 7e:f7:da:c0:4c:29:34:53:8d:27:31:02:ad:05:35:3e:7d:8d: - ea:f7:2a:f8:57:cb:7f:da:27:54:3d:0b:c4:69:a7:40:8f:b3: - cb:fe:dc:76:90:57:aa:62:23:22:61:8a:d5:aa:f4:43:aa:30: - bd:9d:97:df:84:58:7c:f1:d6:78:9d:a9:4f:69:7a:a2:b5:0f: - a2:61:d0:53:93:ea:d1:0f:35:ea:d4:49:09:a1:53:7d:64:ed: - 2a:c0:f3:78:d6:ad:07:38:01:56:d5:bb:66:cc:02:e7:a4:f6: - 9f:65:64:98:f8:db:0d:ed:fc:29:2e:f6:e5:e9:d8:d7:68:97: - 84:05:99:8e:e2:ad:1c:e6:ba:0d:05:46:5c:9a:6f:60:69:b3: - 03:d1:af:b9:3c:52:de:08:48:20:1a:3c:86:49:a8:06:49:b8: - 03:da:ba:89 + 68:55:84:c7:53:54:06:ea:3e:f2:d0:3d:e6:30:84:d5:12:82: + 55:5b:4c:74:60:49:5d:4f:73:cd:cc:5f:42:bf:0d:93:93:a6: + 81:60:9d:0c:7f:c6:75:f0:77:77:1f:81:cf:02:4a:7f:2e:e3: + 1b:c4:b0:eb:0f:25:53:3d:78:7b:3e:8f:16:5e:37:c6:fd:f5: + 93:bb:9a:d7:f1:78:eb:78:9f:5d:44:85:e0:5e:14:8b:b5:2b: + c5:af:23:43:82:27:0b:db:de:12:4a:1a:23:a7:f3:d9:3a:3f: + 6f:23:e2:53:a0:ef:1e:b5:f2:da:c8:00:d2:f0:57:78:af:5d: + e3:8e:c4:06:27:7d:3d:ee:04:06:96:7a:9b:34:d9:e9:bc:a3: + 2d:6c:01:36:c4:5d:bf:c5:7f:74:f3:bb:55:75:ff:a1:a9:66: + cc:b2:e0:a0:f6:0b:05:e1:ac:69:42:3f:df:b4:dd:8f:37:5c: + f5:09:4f:a7:c3:d6:ae:a2:c6:63:f3:ed:03:df:3c:ee:58:c1: + 45:e8:85:7b:99:aa:fc:7d:ae:69:94:b9:50:0a:76:7d:b9:fd: + 74:55:b8:b1:37:75:7d:f7:e6:1a:91:cd:68:b6:49:37:cb:c8: + e1:69:57:1b:c6:ef:ec:0a:fa:d3:72:92:95:ec:f1:c1:c3:53: + 7d:fb:d0:66 -----BEGIN X509 CRL----- MIICBDCB7QIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3Ro MRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x -HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE1MDcyMjE2MTc0NVoX -DTE4MDQxNzE2MTc0NVowFDASAgECFw0xNTA3MjIxNjE3NDVaoA4wDDAKBgNVHRQE -AwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAfFz+psvpeO0QSFlK5tmWaOowQ7q4mdGL -ll7ZUkxYP8HUmPEgRgIPoyV7nAbHPVrxAL/S1nBcRe7c+iJYNvIUBsQYybT4/1RW -z/9xAM2hmjxS3G+mwfpnL6lNfvfawEwpNFONJzECrQU1Pn2N6vcq+FfLf9onVD0L -xGmnQI+zy/7cdpBXqmIjImGK1ar0Q6owvZ2X34RYfPHWeJ2pT2l6orUPomHQU5Pq -0Q816tRJCaFTfWTtKsDzeNatBzgBVtW7ZswC56T2n2VkmPjbDe38KS725enY12iX -hAWZjuKtHOa6DQVGXJpvYGmzA9GvuTxS3ghIIBo8hkmoBkm4A9q6iQ== +HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE1MDcyMzIyMDUxMFoX +DTE4MDQxODIyMDUxMFowFDASAgECFw0xNTA3MjMyMjA1MTBaoA4wDDAKBgNVHRQE +AwIBATANBgkqhkiG9w0BAQsFAAOCAQEAaFWEx1NUBuo+8tA95jCE1RKCVVtMdGBJ +XU9zzcxfQr8Nk5OmgWCdDH/GdfB3dx+BzwJKfy7jG8Sw6w8lUz14ez6PFl43xv31 +k7ua1/F463ifXUSF4F4Ui7Urxa8jQ4InC9veEkoaI6fz2To/byPiU6DvHrXy2sgA +0vBXeK9d447EBid9Pe4EBpZ6mzTZ6byjLWwBNsRdv8V/dPO7VXX/oalmzLLgoPYL +BeGsaUI/37Tdjzdc9QlPp8PWrqLGY/PtA9887ljBReiFe5mq/H2uaZS5UAp2fbn9 +dFW4sTd1fffmGpHNaLZJN8vI4WlXG8bv7Ar603KSlezxwcNTffvQZg== -----END X509 CRL----- diff --git a/certs/gen_revoked.sh b/certs/gen_revoked.sh index e42073d70..143f2bc6a 100755 --- a/certs/gen_revoked.sh +++ b/certs/gen_revoked.sh @@ -4,9 +4,9 @@ echo "Updating server-revoked-cert.pem" echo "" #pipe the following arguments to openssl req... - echo -e "US\nMontana\nBozeman\nwolfSSL\nSupport\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key server-revoked-key.pem -nodes > server-revoked-req.pem + echo -e "US\nMontana\nBozeman\nwolfSSL_revoked\nSupport_revoked\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key server-revoked-key.pem -nodes > server-revoked-req.pem - openssl x509 -req -in server-revoked-req.pem -extfile wolfssl.cnf -extensions wolfssl_opts -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 02 > server-revoked-cert.pem + openssl x509 -req -in server-revoked-req.pem -extfile renewcerts/wolfssl.cnf -extensions wolfssl_opts -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 02 > server-revoked-cert.pem rm server-revoked-req.pem diff --git a/certs/renewcerts.sh b/certs/renewcerts.sh index c163dcab9..d021258f3 100755 --- a/certs/renewcerts.sh +++ b/certs/renewcerts.sh @@ -104,7 +104,7 @@ function run_renewcerts(){ echo "Updating server-revoked-cert.pem" echo "" #pipe the following arguments to openssl req... - echo -e "US\nMontana\nBozeman\nwolfSSL\nSupport\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key server-revoked-key.pem -nodes > server-revoked-req.pem + echo -e "US\nMontana\nBozeman\nwolfSSL_revoked\nSupport_revoked\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key server-revoked-key.pem -nodes > server-revoked-req.pem openssl x509 -req -in server-revoked-req.pem -extfile wolfssl.cnf -extensions wolfssl_opts -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 02 > server-revoked-cert.pem diff --git a/certs/server-revoked-cert.pem b/certs/server-revoked-cert.pem index c4d4cc68d..65028f3b0 100644 --- a/certs/server-revoked-cert.pem +++ b/certs/server-revoked-cert.pem @@ -5,9 +5,9 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Jul 22 16:17:13 2015 GMT - Not After : Apr 17 16:17:13 2018 GMT - Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Support, CN=www.wolfssl.com/emailAddress=info@wolfssl.com + Not Before: Jul 23 22:04:57 2015 GMT + Not After : Apr 18 22:04:57 2018 GMT + Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_revoked, OU=Support_revoked, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) @@ -42,47 +42,48 @@ Certificate: X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 9a:f1:4a:20:31:d1:06:ac:6f:88:ff:c5:c1:db:85:cf:a1:bc: - 25:6a:04:12:9a:5e:23:31:ab:d1:aa:cb:a2:a7:0e:8f:9a:2d: - f2:84:5b:40:05:6f:fb:9c:88:e8:a7:92:a4:95:aa:34:c3:7a: - 8c:95:6f:a1:30:9a:a7:0c:1c:57:e0:76:ad:4b:53:c1:71:b3: - 8d:11:96:59:0c:c9:2b:92:69:bb:5a:48:55:23:77:dd:26:0b: - 34:ec:25:98:7a:3b:a5:de:ed:0b:d0:05:80:cc:d2:db:9e:3c: - 9e:b2:49:97:38:06:28:48:44:a8:75:88:43:2c:bc:44:44:4f: - 9a:33:08:8f:dc:8a:51:ce:7e:0f:d6:10:95:01:e1:b4:65:0f: - 0a:9f:23:b0:76:e8:10:c4:ac:80:97:e4:93:1a:ce:1a:a4:ea: - 9d:5d:89:93:ca:83:c0:b0:19:eb:c9:58:f7:bf:22:c0:6f:7d: - 4e:1f:44:69:47:b0:d0:3c:07:db:dc:95:7c:cf:32:fc:3b:4d: - 43:42:c0:c4:cc:af:5a:f0:4e:e1:65:15:12:7d:bd:bc:68:72: - 4c:ae:e5:8a:81:21:fb:1a:45:3f:89:f3:2a:a3:c1:e0:49:8b: - c1:2b:9f:fd:99:54:d4:84:5f:ec:2a:8e:ba:06:23:85:3f:a1: - d9:57:c0:ee + 34:66:48:5b:30:5c:6e:fa:76:c9:6a:ce:07:79:d9:99:fa:7a: + 9d:80:2d:fc:51:78:71:c4:31:2c:40:28:c8:63:26:6f:d2:39: + 63:97:3f:00:d3:d0:69:10:3f:a9:00:07:7b:59:44:85:29:03: + 31:0a:d8:ed:88:e5:1e:fa:e0:8c:9b:e0:7e:6e:d6:fb:7c:cc: + cf:bd:43:0a:df:15:bd:8f:2a:6f:b2:51:19:b8:2a:64:0e:25: + 68:75:af:43:5a:bf:40:2b:69:9c:27:81:0c:5d:78:a1:55:a4: + 21:a0:87:9e:a2:aa:60:ac:da:2f:30:f5:d5:c9:c1:22:6b:c1: + 06:c2:42:c7:56:35:13:cd:af:5f:c9:89:bf:e9:30:b3:92:bc: + 21:6d:b8:23:85:46:44:3f:52:72:a4:7b:95:41:1a:b1:03:92: + aa:0c:5c:2e:16:95:c5:60:7a:6c:6b:f8:ae:9b:b7:08:c9:1f: + 0d:85:91:e0:7f:bc:0d:0d:c7:69:2d:5f:99:b7:88:06:be:c5: + d3:84:1a:46:b6:cb:53:04:27:e9:71:36:72:41:f6:63:9b:cb: + 25:6f:16:8b:0e:ef:42:db:b5:27:45:cf:a7:3e:3e:ae:78:7c: + d8:6b:a8:f6:52:e4:a7:93:b7:8c:94:d2:4a:93:04:20:67:aa: + c3:ea:24:f9 -----BEGIN CERTIFICATE----- -MIIEnjCCA4agAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx +MIIErjCCA5agAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz -bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUwNzIy -MTYxNzEzWhcNMTgwNDE3MTYxNzEzWjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM -B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxEDAO -BgNVBAsMB1N1cHBvcnQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG -SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBALAUFjpD3eFQRU/PgLPdZpbH6fTc3rZrJBt2SKzGI6Wn5AUZvbf2 -3vr/7Vs8eYqp1fH768ix5LKrUnKJkyJcus2KNios0UDsqGYOw3bN57OjCh7dSgeC -F4G63lfOtjKBx70Ru+kVIk7iFqzj1MBoiGwR/MK9G9sd/eZDxxszuPTlG1k5EjhN -LZtkaJj8jXISkfIkJWxMSkhXkgDMftjUPbgd8p7qsiMPUQ8RQRz1JwAbCHoSOgVb -AyT+sXsg+uSoWMbKzn++lQESnQXmORMbwD5WLiufdjfe3pvgDXpjDaciWNsxx/e0 -Rly6tktIsRiaaLNjR/2vEl8v/hDLWCszaIUCAwEAAaOB/DCB+TAdBgNVHQ4EFgQU -2AkrWeEq7tnuQKqcq/BdKAlPIrswgckGA1UdIwSBwTCBvoAUJ45nEXTDJh0/7TNj -s6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5h -MRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwK -Q29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcN -AQkBFhBpbmZvQHdvbGZzc2wuY29tggkA2YA6w9L02jcwDAYDVR0TBAUwAwEB/zAN -BgkqhkiG9w0BAQsFAAOCAQEAmvFKIDHRBqxviP/FwduFz6G8JWoEEppeIzGr0arL -oqcOj5ot8oRbQAVv+5yI6KeSpJWqNMN6jJVvoTCapwwcV+B2rUtTwXGzjRGWWQzJ -K5Jpu1pIVSN33SYLNOwlmHo7pd7tC9AFgMzS2548nrJJlzgGKEhEqHWIQyy8RERP -mjMIj9yKUc5+D9YQlQHhtGUPCp8jsHboEMSsgJfkkxrOGqTqnV2Jk8qDwLAZ68lY -978iwG99Th9EaUew0DwH29yVfM8y/DtNQ0LAxMyvWvBO4WUVEn29vGhyTK7lioEh -+xpFP4nzKqPB4EmLwSuf/ZlU1IRf7CqOugYjhT+h2VfA7g== +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUwNzIz +MjIwNDU3WhcNMTgwNDE4MjIwNDU3WjCBoDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM +B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xGDAWBgNVBAoMD3dvbGZTU0xfcmV2 +b2tlZDEYMBYGA1UECwwPU3VwcG9ydF9yZXZva2VkMRgwFgYDVQQDDA93d3cud29s +ZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwFBY6Q93hUEVPz4Cz3WaWx+n03N62 +ayQbdkisxiOlp+QFGb239t76/+1bPHmKqdXx++vIseSyq1JyiZMiXLrNijYqLNFA +7KhmDsN2zeezowoe3UoHgheBut5XzrYygce9EbvpFSJO4has49TAaIhsEfzCvRvb +Hf3mQ8cbM7j05RtZORI4TS2bZGiY/I1yEpHyJCVsTEpIV5IAzH7Y1D24HfKe6rIj +D1EPEUEc9ScAGwh6EjoFWwMk/rF7IPrkqFjGys5/vpUBEp0F5jkTG8A+Vi4rn3Y3 +3t6b4A16Yw2nIljbMcf3tEZcurZLSLEYmmizY0f9rxJfL/4Qy1grM2iFAgMBAAGj +gfwwgfkwHQYDVR0OBBYEFNgJK1nhKu7Z7kCqnKvwXSgJTyK7MIHJBgNVHSMEgcEw +gb6AFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJVUzEQ +MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3 +dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns +LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJANmAOsPS9No3 +MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBADRmSFswXG76dslqzgd5 +2Zn6ep2ALfxReHHEMSxAKMhjJm/SOWOXPwDT0GkQP6kAB3tZRIUpAzEK2O2I5R76 +4Iyb4H5u1vt8zM+9QwrfFb2PKm+yURm4KmQOJWh1r0Nav0AraZwngQxdeKFVpCGg +h56iqmCs2i8w9dXJwSJrwQbCQsdWNRPNr1/Jib/pMLOSvCFtuCOFRkQ/UnKke5VB +GrEDkqoMXC4WlcVgemxr+K6btwjJHw2FkeB/vA0Nx2ktX5m3iAa+xdOEGka2y1ME +J+lxNnJB9mObyyVvFosO70LbtSdFz6c+Pq54fNhrqPZS5KeTt4yU0kqTBCBnqsPq +JPk= -----END CERTIFICATE----- Certificate: Data: diff --git a/scripts/crl.test b/scripts/crl-revoked.test similarity index 54% rename from scripts/crl.test rename to scripts/crl-revoked.test index 421359520..ea72750ee 100755 --- a/scripts/crl.test +++ b/scripts/crl-revoked.test @@ -1,35 +1,36 @@ -#!/bin/bash +#!/bin/sh #crl.test -log_file="scripts/client_result.txt" -success_line="err = -361, CRL Cert revoked" -exit_code=-1 - +revocation_code="-361" +exit_code=1 +counter=0 crl_port=11113 #no_pid tells us process was never started if -1 no_pid=-1 #server_pid captured on startup, stores the id of the server process server_pid=$no_pid -function remove_ready_file() { +remove_ready_file() { if test -e /tmp/wolfssl_server_ready; then echo -e "removing exisitng server_ready file" rm /tmp/wolfssl_server_ready fi } -function remove_log_file() { - if test -e $log_file; then - echo -e "removing client log file" - rm $log_file - fi -} - # trap this function so if user aborts with ^C or other kill signal we still # get an exit that will in turn clean up the file system -function abort_trap() { - exit_code=-2 #different exit code in case of user interrupt +abort_trap() { + echo "script aborted" + + if [ $server_pid != $no_pid ] + then + echo "killing server" + kill -9 $server_pid + fi + + exit_code=2 #different exit code in case of user interrupt + echo "got abort signal, exiting with $exit_code" exit $exit_code } @@ -39,20 +40,12 @@ trap abort_trap INT TERM # trap this function so that if we exit on an error the file system will still # be restored and the other tests may still pass. Never call this function # instead use "exit " and this function will run automatically -function restore_file_system() { - echo "in cleanup" - - if [ $server_pid != $no_pid ] - then - echo "killing server" - kill -9 $server_pid - fi +restore_file_system() { remove_ready_file - remove_log_file } trap restore_file_system EXIT -function run_test() { +run_test() { echo -e "\nStarting example server for crl test...\n" remove_ready_file @@ -60,28 +53,42 @@ function run_test() { # starts the server on crl_port, -R generates ready file to be used as a # mutex lock, -c loads the revoked certificate. We capture the processid # into the variable server_pid - ./examples/server/server -R -p $crl_port -c certs/server-revoked-cert.pem & + ./examples/server/server -R -p $crl_port -c certs/server-revoked-cert.pem \ + -k certs/server-revoked-key.pem & server_pid=$! - while [ ! -s /tmp/wolfssl_server_ready ]; do + while [ ! -s /tmp/wolfssl_server_ready -a "$counter" -lt 20 ]; do echo -e "waiting for server_ready file..." sleep 0.1 + counter=$((counter+ 1)) done - # starts client on crl_port and redirects output to log_file - ./examples/client/client -p $crl_port &> $log_file + # starts client on crl_port and captures the output from client + capture_out=$(./examples/client/client -p $crl_port 2>&1) client_result=$? - if test -e $log_file - then - while read line; - do - if [[ "x$success_line" == "x$line" ]] - then - echo "Successful Revocation!!!!" - fi - done < $log_file - fi + wait $server_pid + server_result=$? + + # look up wild-card match + # read about "job control" + case "$capture_out" in + *$revocation_code*) + # only exit with zero on detection of the expected error code + echo "" + echo "Successful Revocation!!!!" + echo "" + exit_code=0 + echo "exiting with $exit_code" + exit $exit_code + ;; + *) + echo "" + echo "Certificate was not revoked saw this instead: $capture_out" + echo "" + echo "configure with --enable-crl and run this script again" + echo "" + esac } @@ -89,7 +96,8 @@ function run_test() { # run the test run_test -exit_code=0 -echo "exiting with $exit_code" + +# If we get to this exit, exit_code will be a -1 signaling failure +echo "exiting with $exit_code certificate was not revoked" exit $exit_code ########## end program ########## diff --git a/scripts/include.am b/scripts/include.am index 95ddbb4dd..4b1b105c5 100644 --- a/scripts/include.am +++ b/scripts/include.am @@ -10,14 +10,18 @@ endif if BUILD_EXAMPLES dist_noinst_SCRIPTS+= scripts/resume.test + +if BUILD_CRL +# make revoked test rely on completion of resume test +dist_noinst_SCRIPTS+= scripts/crl-revoked.test +scripts/crl-revoked.log: scripts/resume.log +endif + if !BUILD_IPV6 dist_noinst_SCRIPTS+= scripts/external.test dist_noinst_SCRIPTS+= scripts/google.test endif endif -if BUILD_CRL -dist_noinst_SCRIPTS+= scripts/crl.test -endif EXTRA_DIST += scripts/testsuite.pcap From 9f7209b484e8311f71aa7e55ed2cf3e16521d339 Mon Sep 17 00:00:00 2001 From: toddouska Date: Thu, 23 Jul 2015 16:37:37 -0700 Subject: [PATCH 9/9] add new certs to include.am --- certs/include.am | 2 ++ 1 file changed, 2 insertions(+) diff --git a/certs/include.am b/certs/include.am index b5192043e..a5e1ae2cc 100644 --- a/certs/include.am +++ b/certs/include.am @@ -25,6 +25,8 @@ EXTRA_DIST += \ certs/server-keyPkcs8Enc2.pem \ certs/server-keyPkcs8Enc.pem \ certs/server-keyPkcs8.pem \ + certs/server-revoked-cert.pem \ + certs/server-revoked-key.pem \ certs/wolfssl-website-ca.pem EXTRA_DIST += \ certs/ca-key.der \