diff --git a/certs/crl/server-goodaltCrl.pem b/certs/crl/server-goodaltCrl.pem new file mode 100644 index 000000000..1a2a082a4 --- /dev/null +++ b/certs/crl/server-goodaltCrl.pem @@ -0,0 +1,38 @@ +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/ST=Montana/L=Bozeman/OU=Engineering/CN=www.nomatch.com/emailAddress=info@wolfssl.com + Last Update: Jun 13 16:02:51 2018 GMT + Next Update: Mar 9 16:02:51 2021 GMT + CRL extensions: + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 60:64:8d:80:20:c1:5e:48:cc:61:ba:31:b1:59:13:21:8c:d0: + ff:a3:ed:70:b0:ba:04:67:df:bb:f0:aa:db:71:85:2d:c3:ae: + ab:79:a0:83:68:df:70:f5:85:1a:8e:7c:6d:91:89:a3:af:ae: + 4f:72:05:37:d9:aa:76:a5:86:10:0a:89:7a:d9:06:6a:6b:43: + 51:8c:b3:ce:28:79:0c:70:d0:9a:f7:89:a5:ff:5f:4a:08:2f: + ca:3c:83:3e:d2:74:c1:02:37:f9:5d:e8:10:d2:7a:d1:df:b7: + 13:40:34:2c:c5:61:71:d7:24:79:46:26:f7:b7:6f:b5:05:8a: + 96:d6:a8:89:73:e6:ac:5b:96:df:be:08:6d:2b:2e:da:00:c8: + dc:11:54:c2:b9:f5:80:21:79:98:12:5d:91:bb:54:61:d8:d0: + c1:42:3d:9c:24:d5:11:0e:33:ea:3e:84:66:6e:65:2c:59:c5: + c9:b8:7b:e8:b3:ce:fc:66:d8:cc:68:98:55:9a:ff:54:fe:b0: + 74:1f:d7:cc:af:f8:76:b9:ed:cf:46:07:2e:74:0e:50:b9:e9: + 46:28:22:82:d7:2b:3c:81:81:e8:12:f1:5c:6e:88:ac:c7:c5: + 3c:1d:46:95:ff:9e:fe:7f:38:6c:a6:4d:ac:75:86:d4:4c:8a: + 75:e9:a2:88 +-----BEGIN X509 CRL----- +MIIB3DCBxQIBATANBgkqhkiG9w0BAQUFADCBgjELMAkGA1UEBhMCVVMxEDAOBgNV +BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFDASBgNVBAsMC0VuZ2luZWVy +aW5nMRgwFgYDVQQDDA93d3cubm9tYXRjaC5jb20xHzAdBgkqhkiG9w0BCQEWEGlu +Zm9Ad29sZnNzbC5jb20XDTE4MDYxMzE2MDI1MVoXDTIxMDMwOTE2MDI1MVqgDjAM +MAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4IBAQBgZI2AIMFeSMxhujGxWRMh +jND/o+1wsLoEZ9+78KrbcYUtw66reaCDaN9w9YUajnxtkYmjr65PcgU32ap2pYYQ +Col62QZqa0NRjLPOKHkMcNCa94ml/19KCC/KPIM+0nTBAjf5XegQ0nrR37cTQDQs +xWFx1yR5Rib3t2+1BYqW1qiJc+asW5bfvghtKy7aAMjcEVTCufWAIXmYEl2Ru1Rh +2NDBQj2cJNURDjPqPoRmbmUsWcXJuHvos878ZtjMaJhVmv9U/rB0H9fMr/h2ue3P +RgcudA5QuelGKCKC1ys8gYHoEvFcboisx8U8HUaV/57+fzhspk2sdYbUTIp16aKI +-----END X509 CRL----- diff --git a/certs/crl/server-goodaltwildCrl.pem b/certs/crl/server-goodaltwildCrl.pem new file mode 100644 index 000000000..a79341530 --- /dev/null +++ b/certs/crl/server-goodaltwildCrl.pem @@ -0,0 +1,38 @@ +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/ST=Montana/L=Bozeman/OU=Engineering/CN=www.nomatch.com/emailAddress=info@wolfssl.com + Last Update: Jun 12 23:10:47 2018 GMT + Next Update: Mar 8 23:10:47 2021 GMT + CRL extensions: + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 16:c2:f1:59:3a:bb:50:6c:b0:f8:c4:e8:29:ac:cc:33:a7:e8: + bb:12:88:0b:9b:a0:2f:bf:39:d7:97:c9:9c:17:60:e5:31:5f: + 9f:5d:ce:70:ff:1e:aa:6f:5a:72:8c:29:a3:70:3a:bb:33:e5: + 2a:c8:61:03:96:3e:96:81:7c:fb:0d:5c:b7:67:b0:44:90:a7: + 24:63:9b:df:80:ec:8c:3a:0b:8c:16:2e:09:09:9e:fd:f8:0d: + fa:a5:63:a3:d4:6a:28:10:ab:57:3a:59:e7:1f:84:e5:30:ad: + 17:fd:f7:15:c2:75:e8:18:46:c3:5d:2c:4e:6f:ec:bd:8c:fa: + 8f:00:9e:4a:1c:c3:0d:cf:2e:24:9a:fc:13:9c:76:91:ac:e0: + 87:dd:fa:37:7a:24:72:35:1a:97:56:2f:13:0e:75:11:cd:e2: + 41:dd:12:b0:63:2f:01:52:af:dd:63:5d:59:7c:16:ed:a4:bb: + 89:d2:42:27:7f:69:c5:09:0c:db:8a:d7:0e:4b:70:ea:1f:17: + 68:a5:ac:86:66:25:1c:d4:89:47:8e:64:4f:08:30:35:5e:69: + 11:53:21:e9:c6:bd:16:ec:84:51:69:2b:bd:4a:de:65:f1:be: + 5d:32:b2:fd:85:0d:d0:47:60:c0:fc:56:d8:d6:7e:05:d2:ac: + 0c:44:1f:c7 +-----BEGIN X509 CRL----- +MIIB3DCBxQIBATANBgkqhkiG9w0BAQUFADCBgjELMAkGA1UEBhMCVVMxEDAOBgNV +BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFDASBgNVBAsMC0VuZ2luZWVy +aW5nMRgwFgYDVQQDDA93d3cubm9tYXRjaC5jb20xHzAdBgkqhkiG9w0BCQEWEGlu +Zm9Ad29sZnNzbC5jb20XDTE4MDYxMjIzMTA0N1oXDTIxMDMwODIzMTA0N1qgDjAM +MAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4IBAQAWwvFZOrtQbLD4xOgprMwz +p+i7EogLm6AvvznXl8mcF2DlMV+fXc5w/x6qb1pyjCmjcDq7M+UqyGEDlj6WgXz7 +DVy3Z7BEkKckY5vfgOyMOguMFi4JCZ79+A36pWOj1GooEKtXOlnnH4TlMK0X/fcV +wnXoGEbDXSxOb+y9jPqPAJ5KHMMNzy4kmvwTnHaRrOCH3fo3eiRyNRqXVi8TDnUR +zeJB3RKwYy8BUq/dY11ZfBbtpLuJ0kInf2nFCQzbitcOS3DqHxdopayGZiUc1IlH +jmRPCDA1XmkRUyHpxr0W7IRRaSu9St5l8b5dMrL9hQ3QR2DA/FbY1n4F0qwMRB/H +-----END X509 CRL----- diff --git a/certs/crl/server-goodcnCrl.pem b/certs/crl/server-goodcnCrl.pem new file mode 100644 index 000000000..9ebfb0838 --- /dev/null +++ b/certs/crl/server-goodcnCrl.pem @@ -0,0 +1,38 @@ +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/ST=Montana/L=Bozeman/OU=Engineering/CN=localhost/emailAddress=info@wolfssl.com + Last Update: Jun 13 16:02:51 2018 GMT + Next Update: Mar 9 16:02:51 2021 GMT + CRL extensions: + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + b9:a1:1b:20:dd:23:b2:20:e4:b5:97:84:21:44:e6:f1:98:0b: + 6b:30:22:d2:85:8e:11:19:17:e9:8a:0c:4d:cd:12:61:b0:a1: + 62:a0:4a:58:05:e2:b7:ba:50:86:41:8e:46:ae:c5:8a:36:7c: + c8:ea:94:f3:30:53:46:2b:0f:1c:b3:d0:01:f1:ad:47:e1:a8: + 18:65:e1:b2:32:8d:4d:31:32:f3:54:92:39:e3:f2:cc:2d:a1: + 90:f2:51:79:69:c7:f8:28:ac:53:a9:c2:49:a7:d3:b7:cc:cb: + ac:6f:7d:d5:e5:8e:a1:8f:a6:51:8a:e9:b2:43:e6:5b:7e:e8: + dd:19:a0:00:ba:a3:71:ce:33:a2:bb:77:9c:6d:75:89:fd:1a: + 19:da:0a:b4:6a:12:36:e9:cf:e3:83:e1:33:be:41:5b:72:45: + 21:11:69:90:aa:72:f7:09:50:cb:d2:d5:df:63:da:7d:0b:29: + 5e:c1:cf:cc:d5:11:07:40:92:04:6a:3b:8e:0a:7a:5f:12:f3: + 36:d5:fd:af:84:5f:4c:bd:a1:b4:b1:f4:db:d1:03:5a:38:22: + bc:17:7a:ff:39:78:4a:c0:c7:b3:f3:3c:02:84:cd:93:30:5b: + aa:94:11:32:b8:6f:d3:54:7f:16:e8:b4:d7:54:1b:65:2e:7b: + d1:70:bb:e9 +-----BEGIN X509 CRL----- +MIIB1TCBvgIBATANBgkqhkiG9w0BAQUFADB8MQswCQYDVQQGEwJVUzEQMA4GA1UE +CAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECwwLRW5naW5lZXJp +bmcxEjAQBgNVBAMMCWxvY2FsaG9zdDEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xm +c3NsLmNvbRcNMTgwNjEzMTYwMjUxWhcNMjEwMzA5MTYwMjUxWqAOMAwwCgYDVR0U +BAMCAQEwDQYJKoZIhvcNAQEFBQADggEBALmhGyDdI7Ig5LWXhCFE5vGYC2swItKF +jhEZF+mKDE3NEmGwoWKgSlgF4re6UIZBjkauxYo2fMjqlPMwU0YrDxyz0AHxrUfh +qBhl4bIyjU0xMvNUkjnj8swtoZDyUXlpx/gorFOpwkmn07fMy6xvfdXljqGPplGK +6bJD5lt+6N0ZoAC6o3HOM6K7d5xtdYn9GhnaCrRqEjbpz+OD4TO+QVtyRSERaZCq +cvcJUMvS1d9j2n0LKV7Bz8zVEQdAkgRqO44Kel8S8zbV/a+EX0y9obSx9NvRA1o4 +IrwXev85eErAx7PzPAKEzZMwW6qUETK4b9NUfxbotNdUG2Uue9Fwu+k= +-----END X509 CRL----- diff --git a/certs/crl/server-goodcnwildCrl.pem b/certs/crl/server-goodcnwildCrl.pem new file mode 100644 index 000000000..fb72e1d53 --- /dev/null +++ b/certs/crl/server-goodcnwildCrl.pem @@ -0,0 +1,38 @@ +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/ST=Montana/L=Bozeman/OU=Engineering/CN=*localhost/emailAddress=info@wolfssl.com + Last Update: Jun 12 23:10:47 2018 GMT + Next Update: Mar 8 23:10:47 2021 GMT + CRL extensions: + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 79:7e:bd:34:d2:3d:f5:91:b1:79:de:50:c2:26:d5:8e:05:f7: + 30:26:bd:2f:dd:6a:a1:cf:15:91:fd:95:30:a7:04:5a:65:33: + e4:fb:63:79:dd:6e:63:bd:d1:55:bd:c8:22:3c:c2:6a:40:38: + 75:85:6a:e1:24:a3:99:e3:13:30:c2:cb:15:cc:50:4b:03:87: + b8:90:9c:e8:95:2a:62:1f:ed:33:30:a8:04:9f:67:b7:4c:bd: + 31:b3:19:59:18:9c:6d:64:c2:22:d4:8d:8e:7e:98:c2:39:b0: + 28:35:ed:8f:37:6b:03:57:3b:ef:e8:28:26:8a:f0:de:8a:21: + e8:c3:d9:68:2e:ee:cb:cb:89:4f:af:4d:37:ad:98:64:38:6e: + d8:87:fb:3b:0b:b6:a5:58:da:5e:f2:81:a1:18:90:d6:1b:f7: + 8a:1b:11:3a:6d:55:0c:09:4d:cd:ea:43:01:a4:92:05:50:7e: + b4:1a:8f:54:b2:cb:4c:94:09:e0:85:cc:29:22:e4:5b:29:ee: + 65:91:e3:4a:f9:64:19:40:25:17:27:a1:91:2b:2e:18:6d:2a: + 26:9a:e3:82:05:a6:0b:67:24:a1:dc:d4:29:ad:47:f0:89:28: + 65:da:fe:fc:62:86:47:05:51:54:08:dc:b3:e5:99:48:d6:da: + 52:be:85:7c +-----BEGIN X509 CRL----- +MIIB1jCBvwIBATANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJVUzEQMA4GA1UE +CAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECwwLRW5naW5lZXJp +bmcxEzARBgNVBAMMCipsb2NhbGhvc3QxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s +ZnNzbC5jb20XDTE4MDYxMjIzMTA0N1oXDTIxMDMwODIzMTA0N1qgDjAMMAoGA1Ud +FAQDAgEBMA0GCSqGSIb3DQEBBQUAA4IBAQB5fr000j31kbF53lDCJtWOBfcwJr0v +3WqhzxWR/ZUwpwRaZTPk+2N53W5jvdFVvcgiPMJqQDh1hWrhJKOZ4xMwwssVzFBL +A4e4kJzolSpiH+0zMKgEn2e3TL0xsxlZGJxtZMIi1I2OfpjCObAoNe2PN2sDVzvv +6CgmivDeiiHow9loLu7Ly4lPr003rZhkOG7Yh/s7C7alWNpe8oGhGJDWG/eKGxE6 +bVUMCU3N6kMBpJIFUH60Go9UsstMlAnghcwpIuRbKe5lkeNK+WQZQCUXJ6GRKy4Y +bSommuOCBaYLZySh3NQprUfwiShl2v78YoZHBVFUCNyz5ZlI1tpSvoV8 +-----END X509 CRL----- diff --git a/certs/test/gen-testcerts.sh b/certs/test/gen-testcerts.sh index f51942597..634b62166 100755 --- a/certs/test/gen-testcerts.sh +++ b/certs/test/gen-testcerts.sh @@ -1,43 +1,97 @@ #!/bin/sh -# Generate CN=localhost, AltName=localhost\0h -echo "step 1 create key" -openssl genrsa -out server-badaltnamenull.key 2048 +# Args: 1=FileName, 2=CN, 3=AltName +function build_test_cert_conf { + echo "[ req ]" > $1.conf + echo "prompt = no" >> $1.conf + echo "default_bits = 2048" >> $1.conf + echo "distinguished_name = req_distinguished_name" >> $1.conf + echo "req_extensions = req_ext" >> $1.conf + echo "" >> $1.conf + echo "[ req_distinguished_name ]" >> $1.conf + echo "C = US" >> $1.conf + echo "ST = Montana" >> $1.conf + echo "L = Bozeman" >> $1.conf + echo "OU = Engineering" >> $1.conf + echo "CN = $2" >> $1.conf + echo "emailAddress = info@wolfssl.com" >> $1.conf + echo "" >> $1.conf + echo "[ req_ext ]" >> $1.conf + if [ -n "$3" ]; then + if [[ "$3" != *"DER"* ]]; then + echo "subjectAltName = @alt_names" >> $1.conf + echo "[alt_names]" >> $1.conf + echo "DNS.1 = $3" >> $1.conf + else + echo "subjectAltName = $3" >> $1.conf + fi + fi +} -echo "step 2 create csr" -echo "US\nMontana\nBozeman\nEngineering\nlocalhost\n.\n" | openssl req -new -sha256 -out server-badaltnamenull.csr -key server-badaltnamenull.key -config server-badaltnamenull.conf +# Args: 1=FileName +function generate_test_cert { + rm $1.der + rm $1.pem -echo "step 3 check csr" -openssl req -text -noout -in server-badaltnamenull.csr + echo "step 1 create configuration" + build_test_cert_conf $1 $2 $3 -echo "step 4 create cert" -openssl x509 -req -days 1000 -in server-badaltnamenull.csr -signkey server-badaltnamenull.key \ - -out server-badaltnamenull.pem -extensions req_ext -extfile server-badaltnamenull.conf + echo "step 2 create csr" + openssl req -new -sha256 -out $1.csr -key ../server-key.pem -config $1.conf -echo "step 5 make human reviewable" -openssl x509 -inform pem -in server-badaltnamenull.pem -text > tmp.pem -mv tmp.pem server-badaltnamenull.pem + echo "step 3 check csr" + openssl req -text -noout -in $1.csr -openssl x509 -inform pem -in server-badaltnamenull.pem -outform der -out server-badaltnamenull.der + echo "step 4 create cert" + openssl x509 -req -days 1000 -sha256 -in $1.csr -signkey ../server-key.pem \ + -out $1.pem -extensions req_ext -extfile $1.conf + rm $1.conf + rm $1.csr + + if [ -n "$4" ]; then + echo "step 5 generate crl" + mkdir ../crl/demoCA + touch ../crl/demoCA/index.txt + echo "01" > ../crl/crlnumber + openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out crl.revoked -keyfile ../server-key.pem -cert $1.pem + rm ../crl/$1Crl.pem + openssl crl -in crl.revoked -text > tmp.pem + mv tmp.pem ../crl/$1Crl.pem + rm crl.revoked + rm -rf ../crl/demoCA + rm ../crl/crlnumber* + fi + + echo "step 6 add cert text information to pem" + openssl x509 -inform pem -in $1.pem -text > tmp.pem + mv tmp.pem $1.pem + + echo "step 7 make binary der version" + openssl x509 -inform pem -in $1.pem -outform der -out $1.der +} -# Generate CN=www.nomatch.com, no AltName -echo "step 1 create key" -openssl genrsa -out server-nomatch.key 2048 +# Generate Good CN=localhost, Alt=None +generate_test_cert server-goodcn localhost "" 1 -echo "step 2 create csr" -echo "US\nMontana\nBozeman\nEngineering\nwww.nomatch.com\n.\n" | openssl req -new -sha256 -out server-nomatch.csr -key server-nomatch.key -config server-nomatch.conf +# Generate Good CN=www.nomatch.com, Alt=localhost +generate_test_cert server-goodalt www.nomatch.com localhost 1 -echo "step 3 check csr" -openssl req -text -noout -in server-nomatch.csr +# Generate Good CN=*localhost, Alt=None +generate_test_cert server-goodcnwild *localhost "" 1 -echo "step 4 create cert" -openssl x509 -req -days 1000 -in server-nomatch.csr -signkey server-nomatch.key \ - -out server-nomatch.pem -extensions req_ext -extfile server-nomatch.conf +# Generate Good CN=www.nomatch.com, Alt=*localhost +generate_test_cert server-goodaltwild www.nomatch.com *localhost 1 -echo "step 5 make human reviewable" -openssl x509 -inform pem -in server-nomatch.pem -text > tmp.pem -mv tmp.pem server-nomatch.pem +# Generate Bad CN=localhost\0h, Alt=None +# DG: Have not found a way to properly encode null in common name +generate_test_cert server-badcnnull DER:30:0d:82:0b:6c:6f:63:61:6c:68:6f:73:74:00:68 -openssl x509 -inform pem -in server-nomatch.pem -outform der -out server-nomatch.der +# Generate Bad Name CN=www.nomatch.com, Alt=None +generate_test_cert server-badcn www.nomatch.com +# Generate Bad Alt CN=www.nomatch.com, Alt=localhost\0h +generate_test_cert server-badaltnull www.nomatch.com DER:30:0d:82:0b:6c:6f:63:61:6c:68:6f:73:74:00:68 + +# Generate Bad Alt Name CN=www.nomatch.com, Alt=www.nomatch.com +generate_test_cert server-badaltname www.nomatch.com www.nomatch.com diff --git a/certs/test/include.am b/certs/test/include.am index 0e8eec225..fd8bc9e1f 100644 --- a/certs/test/include.am +++ b/certs/test/include.am @@ -20,16 +20,26 @@ EXTRA_DIST += \ EXTRA_DIST += \ certs/test/gen-testcerts.sh \ - certs/test/server-badaltnamenull.conf \ - certs/test/server-badaltnamenull.csr \ - certs/test/server-badaltnamenull.key \ - certs/test/server-badaltnamenull.pem \ - certs/test/server-badaltnamenull.der \ - certs/test/server-nomatch.conf \ - certs/test/server-nomatch.csr \ - certs/test/server-nomatch.key \ - certs/test/server-nomatch.pem \ - certs/test/server-nomatch.der + certs/test/server-goodcn.pem \ + certs/test/server-goodcn.der \ + certs/test/server-goodalt.pem \ + certs/test/server-goodalt.der \ + certs/test/server-goodcnwild.pem \ + certs/test/server-goodcnwild.der \ + certs/test/server-goodaltwild.pem \ + certs/test/server-goodaltwild.der \ + certs/test/server-badcnnull.pem \ + certs/test/server-badcnnull.der \ + certs/test/server-badcn.pem \ + certs/test/server-badcn.der \ + certs/test/server-badaltnull.pem \ + certs/test/server-badaltnull.der \ + certs/test/server-badaltname.der \ + certs/test/server-badaltname.pem \ + certs/crl/server-goodaltCrl.pem \ + certs/crl/server-goodcnCrl.pem \ + certs/crl/server-goodaltwildCrl.pem \ + certs/crl/server-goodcnwildCrl.pem EXTRA_DIST += \ certs/test/crit-cert.pem \ diff --git a/certs/test/server-badaltname.der b/certs/test/server-badaltname.der new file mode 100644 index 000000000..9abc5d65e Binary files /dev/null and b/certs/test/server-badaltname.der differ diff --git a/certs/test/server-badaltname.pem b/certs/test/server-badaltname.pem new file mode 100644 index 000000000..5d4026e5b --- /dev/null +++ b/certs/test/server-badaltname.pem @@ -0,0 +1,74 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 18173611275853114373 (0xfc35a32adf422c05) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com/emailAddress=info@wolfssl.com + Validity + Not Before: Jun 12 23:10:48 2018 GMT + Not After : Mar 8 23:10:48 2021 GMT + Subject: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27: + 01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6: + f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75: + f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab: + 64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e: + 86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25: + 4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c: + 34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6: + 8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc: + 40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8: + dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3: + e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9: + 64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0: + c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77: + ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4: + b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22: + a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f: + ad:d7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Alternative Name: + DNS:www.nomatch.com + Signature Algorithm: sha256WithRSAEncryption + 50:71:b9:85:03:6e:8b:65:4e:55:8e:36:c6:e6:41:9b:ff:06: + 23:e1:11:6f:a0:98:ab:45:da:31:77:f3:85:c7:3e:60:79:f6: + 1d:20:52:72:72:d4:e1:67:a7:53:9d:c2:3a:2e:ab:99:a8:3a: + 43:3f:77:bb:69:46:94:79:b4:7c:29:63:a0:ae:8d:8e:e3:e8: + 60:77:71:a2:c2:df:bd:d2:19:06:40:c0:7e:88:5c:9c:ec:f8: + 31:4d:d5:ac:19:a4:cc:08:49:69:47:02:19:50:64:12:01:bd: + c0:57:62:f9:c7:b1:3b:b4:b2:2f:a3:0c:27:92:ba:56:0d:83: + 7e:fd:d7:7e:60:82:cd:39:06:70:4b:11:89:c9:1b:7d:a4:47: + b3:fe:66:5a:4c:d7:99:32:44:e3:0a:fc:6c:18:7b:9e:0c:52: + bc:73:67:a8:d8:b9:74:7c:fd:4e:c8:ba:93:6e:1d:79:51:ac: + 48:51:78:c6:63:bf:24:2b:25:a2:2f:ca:c2:4a:74:46:82:43: + b9:0a:fb:13:07:29:16:a4:22:ae:f2:52:2d:7f:f7:9b:70:29: + 8a:2b:9f:3c:d7:07:bf:3d:41:83:02:05:90:39:85:be:f9:c4: + 63:fd:e9:6f:8f:ea:27:89:9a:8d:90:1f:8e:8d:46:ab:c9:c2: + 77:f8:d5:29 +-----BEGIN CERTIFICATE----- +MIIDpzCCAo+gAwIBAgIJAPw1oyrfQiwFMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD +VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIG +A1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMMD3d3dy5ub21hdGNoLmNvbTEfMB0G +CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0xODA2MTIyMzEwNDhaFw0y +MTAzMDgyMzEwNDhaMIGCMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQ +MA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMM +D3d3dy5ub21hdGNoLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv +bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfSRUEn +AWXGRa7yvCQwuJXOL07W9hyIvHyf+6hnf/5cnFF194rKB+c1L4/hvXvAL3yrZKgX +/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBj +xfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9 +ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIj +laF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBP +rdcCAwEAAaMeMBwwGgYDVR0RBBMwEYIPd3d3Lm5vbWF0Y2guY29tMA0GCSqGSIb3 +DQEBCwUAA4IBAQBQcbmFA26LZU5VjjbG5kGb/wYj4RFvoJirRdoxd/OFxz5gefYd +IFJyctThZ6dTncI6LquZqDpDP3e7aUaUebR8KWOgro2O4+hgd3Giwt+90hkGQMB+ +iFyc7PgxTdWsGaTMCElpRwIZUGQSAb3AV2L5x7E7tLIvowwnkrpWDYN+/dd+YILN +OQZwSxGJyRt9pEez/mZaTNeZMkTjCvxsGHueDFK8c2eo2Ll0fP1OyLqTbh15UaxI +UXjGY78kKyWiL8rCSnRGgkO5CvsTBykWpCKu8lItf/ebcCmKK5881we/PUGDAgWQ +OYW++cRj/elvj+oniZqNkB+OjUarycJ3+NUp +-----END CERTIFICATE----- diff --git a/certs/test/server-badaltnamenull.conf b/certs/test/server-badaltnamenull.conf deleted file mode 100644 index cfca7b7e1..000000000 --- a/certs/test/server-badaltnamenull.conf +++ /dev/null @@ -1,17 +0,0 @@ -[ req ] -default_bits = 2048 -distinguished_name = req_distinguished_name -req_extensions = req_ext - -[ req_distinguished_name ] -countryName = US -stateOrProvinceName = Montana -localityName = Bozeman -organizationName = Engineering -commonName = www.wolfssl.com -commonName_max = 64 -commonName_default = localhost - -[ req_ext ] -#subjectAltName = localhost\0h -subjectAltName = DER:30:0d:82:0b:6c:6f:63:61:6c:68:6f:73:74:00:68 diff --git a/certs/test/server-badaltnamenull.csr b/certs/test/server-badaltnamenull.csr deleted file mode 100644 index 7ee5658d6..000000000 --- a/certs/test/server-badaltnamenull.csr +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIICyTCCAbECAQAwWzELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAO -BgNVBAcMB0JvemVtYW4xFDASBgNVBAoMC0VuZ2luZWVyaW5nMRIwEAYDVQQDDAls -b2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBWOI9sH7D -UouzlAgOLJgVQEyrHw9nwxeIEqmxfU2kZZcD95DWBzExpT0mbluER8yoj6E3//LY -58aDdASC+x/gxTLWuCNIgF9GWIOfP2TaWj9AHT6mIeklP2z9qJm3Md7UT52xOLkz -0wblZzSjcqEY61c1MGH6xAtfYfWZgmkxej4aAKd7jR1LAXCSIx+EO2WvvA8c5fiS -ozQgftXSM/5437VVSwu4dH4ptRNou/6nXi74cYzO4+/Unh7j/4ggwuvegNdEqeRg -CtASpQalRN+xrqghQaj786t/kBkqH6L0KKzzcsfLi4oE6dJXn4e7SFWgzbRayp5y -a7jal5x/6U+5AgMBAAGgKTAnBgkqhkiG9w0BCQ4xGjAYMBYGA1UdEQQPMA2CC2xv -Y2FsaG9zdABoMA0GCSqGSIb3DQEBCwUAA4IBAQCHfMbbmvXJGKjO6Z6UOkF3f7sa -cB8gEyjm9+Aa8gMQnaWOH8Sw6nGhGNSOVTQUIqt8EohqNCd/jrjZF34mecaJ3ycw -ryt7AGQzQX5uutBLVr55jszVVC8EDKuPzO3jXH6h6ptvSebG/0KL0P+JHL5JvzZ1 -wAsTBtnnnrnxCQO3a2SFC4zVyH+LCP+EWehH7Sjt9FtrCIoP+xoM6AJ2tCxb4CHH -A8WGuw36lG78DH6rs4kbh0iCP/pKYrYeG9EBOj6+Bw7WF4ee6QhL0VzHXUcIFjkp -YlVLGBTL6KVjPW4uim1az5F1+HxZTvbAbnPU7f81M2ePmqbFfODYO1KPXycg ------END CERTIFICATE REQUEST----- diff --git a/certs/test/server-badaltnamenull.der b/certs/test/server-badaltnamenull.der deleted file mode 100644 index b84405722..000000000 Binary files a/certs/test/server-badaltnamenull.der and /dev/null differ diff --git a/certs/test/server-badaltnamenull.key b/certs/test/server-badaltnamenull.key deleted file mode 100644 index b7d71ee2b..000000000 --- a/certs/test/server-badaltnamenull.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAwVjiPbB+w1KLs5QIDiyYFUBMqx8PZ8MXiBKpsX1NpGWXA/eQ -1gcxMaU9Jm5bhEfMqI+hN//y2OfGg3QEgvsf4MUy1rgjSIBfRliDnz9k2lo/QB0+ -piHpJT9s/aiZtzHe1E+dsTi5M9MG5Wc0o3KhGOtXNTBh+sQLX2H1mYJpMXo+GgCn -e40dSwFwkiMfhDtlr7wPHOX4kqM0IH7V0jP+eN+1VUsLuHR+KbUTaLv+p14u+HGM -zuPv1J4e4/+IIMLr3oDXRKnkYArQEqUGpUTfsa6oIUGo+/Orf5AZKh+i9Cis83LH -y4uKBOnSV5+Hu0hVoM20Wsqecmu42pecf+lPuQIDAQABAoIBAEL0a8xfHVa4dCZo -4e0+ph/d127+34/YMILvq5IKSWPfxk8aYS6s6O0/QpDXcJu7XXUV4AeLe+Z/RPBq -sdFF84Eb6QIQXC+UPOoYZuQzyNIQpIyoU/SmE53RfAXPaAPXokm1lG81rHT05BN3 -DPR5Eq6VeOqzaYq0bxfFzY4uag02pITGuYMIxuBkJ+q9mu9XTaBWY1mGlD0zqxUZ -LC0dgrWklJFNHNWddrsMl0LDXFRfuxdFmoZT5NBLh+DWgKq/IW+TAqe3lZGVCPFs -cctR3WevykigH5TZmK3gsT98kqe5y9xO+pOpAvNAKeiXVYEREzE+PbsdiLiXbaEy -X1pUB70CgYEA7BSSQqa5duNNwOFp9DcNmMj1VKE2ixhRZi+R7jxHquiyh6IQv7tf -865f8ZA55mPwy5h/Gqin6YdswvkwHUqbEstnQ+BXmcXaI0EY6iZAkSSKbC0ygr3o -yVuRSCJmkCdmb8KIz0yguEjOmbNcavaH9ivE7KS6DhYb65PwyGuCxqsCgYEA0alC -a84cpN59zFTaW85gpq1zeWMbXmkBees8xnygJ4kZw2MkqQSZw+zUFdb9WbltSAsU -Y8eF0SAaShoXfa7BwB2Bnrs7NZMQzZfVmSG5QLF45v+087guN7pgWnmkUQ0G9ijc -oLI5Mn3oMy9UrJ48JUVwYysaacgRa73tMsGZ0ysCgYALrbDWjzzZfsEX6468QATy -K+7G8vqpwtgz/+JuMJkzATPjtcayVWiXu2aPopzaotMEn1SaUwGLceGVe5I/wLMP -KPTAzNZIixsRZ2T+IEpNY8tdMpcvFInxfBAhy2Hbe7d7i9oMtzO0KhXeUJsfx3ZO -XTfupO93Ruy2qKjeoULk5QKBgCDD9O9oHK3fX4WJVT63t/8UaFF2HZbZjjOBgdP7 -MgQ7tt0EJ3yKjYVDA7oOCTX2do+lu6AEVHNkMveVsEoh/4GImvM1i4FJ5Hxc2DLA -RHVJxv1CxQK5q+9lnx1EmVtZT9c0d5Zdg/bSGnG1WeRILlocyf2VhOE3NRHDcshV -3TZVAoGAXP0SDgRcA544d0zdw07f9/KgHlYcsJuPGt2F7UzjIZiBivr3yh+EXBw2 -xMqRwFnsBeOgvW/i3Je01RjeWZL6M9Lq1ywk2HZtDPnN6dP15LwSS33OBRca5Fk+ -CyKDfZHd+8c2wj8hNsxd/D4N7ZVDrU3UNvMslHwGh0PbIaQxcQM= ------END RSA PRIVATE KEY----- diff --git a/certs/test/server-badaltnamenull.pem b/certs/test/server-badaltnamenull.pem deleted file mode 100644 index 61017211c..000000000 --- a/certs/test/server-badaltnamenull.pem +++ /dev/null @@ -1,72 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 15650401360786530715 (0xd931651e45f8a19b) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, ST=Montana, L=Bozeman, O=Engineering, CN=localhost - Validity - Not Before: May 3 16:02:13 2018 GMT - Not After : Jan 27 16:02:13 2021 GMT - Subject: C=US, ST=Montana, L=Bozeman, O=Engineering, CN=localhost - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) - Modulus: - 00:c1:58:e2:3d:b0:7e:c3:52:8b:b3:94:08:0e:2c: - 98:15:40:4c:ab:1f:0f:67:c3:17:88:12:a9:b1:7d: - 4d:a4:65:97:03:f7:90:d6:07:31:31:a5:3d:26:6e: - 5b:84:47:cc:a8:8f:a1:37:ff:f2:d8:e7:c6:83:74: - 04:82:fb:1f:e0:c5:32:d6:b8:23:48:80:5f:46:58: - 83:9f:3f:64:da:5a:3f:40:1d:3e:a6:21:e9:25:3f: - 6c:fd:a8:99:b7:31:de:d4:4f:9d:b1:38:b9:33:d3: - 06:e5:67:34:a3:72:a1:18:eb:57:35:30:61:fa:c4: - 0b:5f:61:f5:99:82:69:31:7a:3e:1a:00:a7:7b:8d: - 1d:4b:01:70:92:23:1f:84:3b:65:af:bc:0f:1c:e5: - f8:92:a3:34:20:7e:d5:d2:33:fe:78:df:b5:55:4b: - 0b:b8:74:7e:29:b5:13:68:bb:fe:a7:5e:2e:f8:71: - 8c:ce:e3:ef:d4:9e:1e:e3:ff:88:20:c2:eb:de:80: - d7:44:a9:e4:60:0a:d0:12:a5:06:a5:44:df:b1:ae: - a8:21:41:a8:fb:f3:ab:7f:90:19:2a:1f:a2:f4:28: - ac:f3:72:c7:cb:8b:8a:04:e9:d2:57:9f:87:bb:48: - 55:a0:cd:b4:5a:ca:9e:72:6b:b8:da:97:9c:7f:e9: - 4f:b9 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Subject Alternative Name: - DNS:localhost - Signature Algorithm: sha1WithRSAEncryption - ae:76:ea:5e:33:2c:cf:16:c8:ec:a2:27:2a:19:b9:22:bb:69: - b4:96:35:f7:25:1c:dd:8b:fb:c4:a8:32:17:89:73:a0:bc:23: - a3:49:d4:fd:1a:d7:fc:bf:87:5d:42:12:4b:20:20:74:47:7e: - 7c:97:89:c1:f1:a3:82:3a:58:0b:b4:05:0b:c1:02:da:a6:dc: - ca:6c:60:58:fe:83:1c:fc:ed:c7:bc:96:df:b2:af:31:f5:28: - 45:2d:d5:c0:5a:42:95:c3:64:c5:46:5c:cd:8e:d6:7b:fd:9c: - f5:75:44:cc:d6:7e:d8:96:55:5c:00:9f:1f:ac:f1:0a:07:29: - 0c:ba:ab:7d:1f:ac:8d:40:55:86:e4:35:1d:11:89:10:8b:c2: - 67:ff:99:32:66:f3:5d:4a:c3:37:5e:37:32:40:7b:29:50:25: - e5:c1:d8:df:7b:64:3e:f7:c4:1e:01:88:fe:24:f6:0c:ea:f7: - 72:df:1e:72:0c:9b:64:c3:6b:ec:ce:99:b1:75:61:f2:ac:d5: - 6f:7b:7d:06:7b:6c:a8:6c:ac:46:37:dd:af:e6:cb:8f:70:d7: - 57:e2:38:d9:e6:9a:93:da:53:06:e6:39:c5:79:6a:0a:ac:49: - da:04:a1:60:2f:5f:96:ef:ca:6c:34:62:6c:ac:25:1c:d5:e0: - f7:8e:7c:df ------BEGIN CERTIFICATE----- -MIIDUzCCAjugAwIBAgIJANkxZR5F+KGbMA0GCSqGSIb3DQEBBQUAMFsxCzAJBgNV -BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRQwEgYD -VQQKDAtFbmdpbmVlcmluZzESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTE4MDUwMzE2 -MDIxM1oXDTIxMDEyNzE2MDIxM1owWzELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01v -bnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFDASBgNVBAoMC0VuZ2luZWVyaW5nMRIw -EAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB -AQDBWOI9sH7DUouzlAgOLJgVQEyrHw9nwxeIEqmxfU2kZZcD95DWBzExpT0mbluE -R8yoj6E3//LY58aDdASC+x/gxTLWuCNIgF9GWIOfP2TaWj9AHT6mIeklP2z9qJm3 -Md7UT52xOLkz0wblZzSjcqEY61c1MGH6xAtfYfWZgmkxej4aAKd7jR1LAXCSIx+E -O2WvvA8c5fiSozQgftXSM/5437VVSwu4dH4ptRNou/6nXi74cYzO4+/Unh7j/4gg -wuvegNdEqeRgCtASpQalRN+xrqghQaj786t/kBkqH6L0KKzzcsfLi4oE6dJXn4e7 -SFWgzbRayp5ya7jal5x/6U+5AgMBAAGjGjAYMBYGA1UdEQQPMA2CC2xvY2FsaG9z -dABoMA0GCSqGSIb3DQEBBQUAA4IBAQCudupeMyzPFsjsoicqGbkiu2m0ljX3JRzd -i/vEqDIXiXOgvCOjSdT9Gtf8v4ddQhJLICB0R358l4nB8aOCOlgLtAULwQLaptzK -bGBY/oMc/O3HvJbfsq8x9ShFLdXAWkKVw2TFRlzNjtZ7/Zz1dUTM1n7YllVcAJ8f -rPEKBykMuqt9H6yNQFWG5DUdEYkQi8Jn/5kyZvNdSsM3XjcyQHspUCXlwdjfe2Q+ -98QeAYj+JPYM6vdy3x5yDJtkw2vszpmxdWHyrNVve30Ge2yobKxGN92v5suPcNdX -4jjZ5pqT2lMG5jnFeWoKrEnaBKFgL1+W78psNGJsrCUc1eD3jnzf ------END CERTIFICATE----- diff --git a/certs/test/server-badaltnull.der b/certs/test/server-badaltnull.der new file mode 100644 index 000000000..d65b52e12 Binary files /dev/null and b/certs/test/server-badaltnull.der differ diff --git a/certs/test/server-badaltnull.pem b/certs/test/server-badaltnull.pem new file mode 100644 index 000000000..af1e9c877 --- /dev/null +++ b/certs/test/server-badaltnull.pem @@ -0,0 +1,74 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 18337557996975909176 (0xfe7c17d779df6938) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com/emailAddress=info@wolfssl.com + Validity + Not Before: Jun 12 23:10:48 2018 GMT + Not After : Mar 8 23:10:48 2021 GMT + Subject: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27: + 01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6: + f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75: + f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab: + 64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e: + 86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25: + 4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c: + 34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6: + 8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc: + 40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8: + dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3: + e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9: + 64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0: + c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77: + ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4: + b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22: + a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f: + ad:d7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Alternative Name: + DNS:localhost + Signature Algorithm: sha256WithRSAEncryption + 24:29:6d:72:5e:f9:49:79:0a:c1:d7:bb:c2:eb:b5:4b:f6:b6: + 05:e3:99:7a:df:68:ee:8d:94:66:f2:31:1f:9e:c2:86:77:5d: + 3b:75:86:9a:98:c1:8b:54:18:ab:9e:13:64:af:5b:b8:35:0c: + d4:e6:dc:3e:03:d9:26:06:75:6b:13:a2:e9:3d:19:0a:65:d7: + e2:1e:c2:67:fe:d7:f0:64:d8:ae:20:c3:81:1b:7f:a4:76:6e: + 4a:5c:ae:23:6e:85:32:25:3c:5e:54:7a:bf:49:5a:a2:11:53: + a1:ce:d9:4b:19:ef:1c:ba:0e:f9:8e:c4:da:90:69:2f:ec:87: + 08:24:d7:6a:18:63:56:3e:a0:a6:22:f1:e0:10:bd:cc:68:50: + 99:e7:4f:51:27:00:da:36:2c:df:26:ab:41:5e:c3:fb:1b:bb: + 58:3f:8c:4a:b2:30:71:66:92:9e:05:a1:c9:90:f9:06:0a:79: + 33:f4:e3:b9:da:43:38:8f:82:15:1e:98:7a:b8:da:e7:a4:f6: + 08:bc:54:c6:7b:64:c2:56:a0:83:f9:c0:d5:60:ba:a3:df:8a: + 04:bc:65:d6:82:23:82:50:2f:a9:f6:bd:03:c6:3d:5e:00:b8: + a0:c5:0f:eb:cf:59:67:d9:a3:e1:84:f9:d1:91:65:67:96:93: + b6:0b:15:80 +-----BEGIN CERTIFICATE----- +MIIDozCCAougAwIBAgIJAP58F9d532k4MA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD +VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIG +A1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMMD3d3dy5ub21hdGNoLmNvbTEfMB0G +CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0xODA2MTIyMzEwNDhaFw0y +MTAzMDgyMzEwNDhaMIGCMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQ +MA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMM +D3d3dy5ub21hdGNoLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv +bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfSRUEn +AWXGRa7yvCQwuJXOL07W9hyIvHyf+6hnf/5cnFF194rKB+c1L4/hvXvAL3yrZKgX +/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBj +xfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9 +ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIj +laF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBP +rdcCAwEAAaMaMBgwFgYDVR0RBA8wDYILbG9jYWxob3N0AGgwDQYJKoZIhvcNAQEL +BQADggEBACQpbXJe+Ul5CsHXu8LrtUv2tgXjmXrfaO6NlGbyMR+ewoZ3XTt1hpqY +wYtUGKueE2SvW7g1DNTm3D4D2SYGdWsTouk9GQpl1+Iewmf+1/Bk2K4gw4Ebf6R2 +bkpcriNuhTIlPF5Uer9JWqIRU6HO2UsZ7xy6DvmOxNqQaS/shwgk12oYY1Y+oKYi +8eAQvcxoUJnnT1EnANo2LN8mq0Few/sbu1g/jEqyMHFmkp4FocmQ+QYKeTP047na +QziPghUemHq42uek9gi8VMZ7ZMJWoIP5wNVguqPfigS8ZdaCI4JQL6n2vQPGPV4A +uKDFD+vPWWfZo+GE+dGRZWeWk7YLFYA= +-----END CERTIFICATE----- diff --git a/certs/test/server-badcn.der b/certs/test/server-badcn.der new file mode 100644 index 000000000..867fdb41a Binary files /dev/null and b/certs/test/server-badcn.der differ diff --git a/certs/test/server-badcn.pem b/certs/test/server-badcn.pem new file mode 100644 index 000000000..3b761a368 --- /dev/null +++ b/certs/test/server-badcn.pem @@ -0,0 +1,70 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 10690824908453597701 (0x945d709ca0465205) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com/emailAddress=info@wolfssl.com + Validity + Not Before: Jun 12 23:10:48 2018 GMT + Not After : Mar 8 23:10:48 2021 GMT + Subject: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27: + 01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6: + f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75: + f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab: + 64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e: + 86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25: + 4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c: + 34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6: + 8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc: + 40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8: + dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3: + e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9: + 64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0: + c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77: + ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4: + b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22: + a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f: + ad:d7 + Exponent: 65537 (0x10001) + Signature Algorithm: sha256WithRSAEncryption + 6b:4d:4f:75:40:7b:1c:c0:08:e7:ae:b1:e7:57:9e:c0:ee:ca: + 15:46:e9:e5:02:dd:fb:e1:f3:39:b9:b4:d3:b5:a4:cb:5b:16: + 4d:90:43:54:62:8d:d5:58:68:12:35:d7:73:ba:86:33:27:7e: + e7:f4:4b:90:40:f3:e2:62:90:57:08:e0:a6:10:76:62:00:bd: + 60:29:dc:52:10:98:bb:81:4c:f7:f8:cf:46:64:66:fa:85:dd: + e0:90:fb:27:3d:74:2f:fb:7c:29:fe:ae:a7:a6:8d:1e:41:d6: + d6:02:90:28:51:fc:ce:87:bc:39:58:d7:94:5a:c6:6c:2c:3f: + dc:99:14:ec:66:43:5f:cf:0b:47:1c:1e:9e:27:05:8b:8e:55: + d8:c0:25:45:40:3b:93:4f:a2:d9:58:ef:c0:c1:57:4c:67:2f: + 33:84:01:d0:bc:0a:d0:95:44:ae:eb:f8:fd:68:d5:5a:33:b4: + b3:cb:ad:1b:ce:ec:ae:04:b4:5d:0a:29:ad:2a:66:a5:cf:73: + c3:bf:ce:ce:43:4d:01:ea:e8:45:23:e5:3f:21:22:2e:6e:9b: + 22:d0:e8:c9:e2:c9:2c:a5:6a:27:9d:7f:8a:17:ae:c7:3d:54: + 6b:bd:85:76:44:e6:16:1f:72:31:a0:75:b8:1f:89:a4:7e:c1: + 2d:d0:96:05 +-----BEGIN CERTIFICATE----- +MIIDhzCCAm+gAwIBAgIJAJRdcJygRlIFMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD +VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIG +A1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMMD3d3dy5ub21hdGNoLmNvbTEfMB0G +CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0xODA2MTIyMzEwNDhaFw0y +MTAzMDgyMzEwNDhaMIGCMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQ +MA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMM +D3d3dy5ub21hdGNoLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv +bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfSRUEn +AWXGRa7yvCQwuJXOL07W9hyIvHyf+6hnf/5cnFF194rKB+c1L4/hvXvAL3yrZKgX +/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBj +xfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9 +ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIj +laF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBP +rdcCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAa01PdUB7HMAI566x51eewO7KFUbp +5QLd++HzObm007Wky1sWTZBDVGKN1VhoEjXXc7qGMyd+5/RLkEDz4mKQVwjgphB2 +YgC9YCncUhCYu4FM9/jPRmRm+oXd4JD7Jz10L/t8Kf6up6aNHkHW1gKQKFH8zoe8 +OVjXlFrGbCw/3JkU7GZDX88LRxwenicFi45V2MAlRUA7k0+i2VjvwMFXTGcvM4QB +0LwK0JVEruv4/WjVWjO0s8utG87srgS0XQoprSpmpc9zw7/OzkNNAeroRSPlPyEi +Lm6bItDoyeLJLKVqJ51/iheuxz1Ua72FdkTmFh9yMaB1uB+JpH7BLdCWBQ== +-----END CERTIFICATE----- diff --git a/certs/test/server-badcnnull.der b/certs/test/server-badcnnull.der new file mode 100644 index 000000000..74a57f400 Binary files /dev/null and b/certs/test/server-badcnnull.der differ diff --git a/certs/test/server-badcnnull.pem b/certs/test/server-badcnnull.pem new file mode 100644 index 000000000..a3ffaec6a --- /dev/null +++ b/certs/test/server-badcnnull.pem @@ -0,0 +1,72 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 14443731963441436391 (0xc87271b1cfe1d6e7) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=DER:30:0d:82:0b:6c:6f:63:61:6c:68:6f:73:74:00:68/emailAddress=info@wolfssl.com + Validity + Not Before: Jun 12 23:10:47 2018 GMT + Not After : Mar 8 23:10:47 2021 GMT + Subject: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=DER:30:0d:82:0b:6c:6f:63:61:6c:68:6f:73:74:00:68/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27: + 01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6: + f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75: + f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab: + 64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e: + 86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25: + 4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c: + 34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6: + 8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc: + 40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8: + dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3: + e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9: + 64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0: + c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77: + ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4: + b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22: + a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f: + ad:d7 + Exponent: 65537 (0x10001) + Signature Algorithm: sha256WithRSAEncryption + 28:2d:4a:7a:b9:22:94:2a:92:90:d8:e8:2b:bc:c5:39:46:03: + c3:16:97:a1:21:1c:8d:19:f9:d2:c5:9f:36:8c:d4:04:b0:69: + cd:2f:28:3f:95:e9:3d:22:e1:b3:c0:f0:73:f3:b8:fa:cb:63: + a4:7d:b9:3c:dc:fc:f1:7e:fd:b0:8b:c6:5e:f2:60:90:51:5a: + 94:92:e0:48:04:44:53:4f:73:e5:73:27:c5:54:94:ed:69:a4: + 8f:5c:62:0f:fa:3b:4f:c5:2b:d4:26:0d:3c:39:e1:c7:ce:d5: + 81:b6:c8:7f:63:e1:7a:de:0f:d2:ca:97:2b:7d:cc:09:53:69: + 2c:a4:d8:19:58:ad:eb:48:ce:c7:69:1b:63:57:26:5a:9b:5d: + be:98:9d:58:b2:b3:c0:79:8b:bf:f4:39:f2:a1:5d:30:63:4a: + 66:15:1d:8f:a2:e4:83:b2:25:06:74:66:8f:32:b1:5d:a7:7f: + 6f:70:f6:4e:2a:10:33:6f:c2:a4:38:34:87:f6:3f:82:a7:a5: + ab:fa:7d:43:38:f6:8d:bc:04:e1:b2:81:10:c7:6a:03:ed:0c: + 89:b9:06:b3:61:e4:c1:ca:9e:88:48:39:a6:41:e8:7f:f8:d7: + 7d:48:46:fb:9f:53:de:8c:be:6a:25:77:8c:48:bf:a4:7d:b0: + 96:dd:d0:86 +-----BEGIN CERTIFICATE----- +MIIDyTCCArGgAwIBAgIJAMhycbHP4dbnMA0GCSqGSIb3DQEBCwUAMIGjMQswCQYD +VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIG +A1UECwwLRW5naW5lZXJpbmcxOTA3BgNVBAMMMERFUjozMDowZDo4MjowYjo2Yzo2 +Zjo2Mzo2MTo2Yzo2ODo2Zjo3Mzo3NDowMDo2ODEfMB0GCSqGSIb3DQEJARYQaW5m +b0B3b2xmc3NsLmNvbTAeFw0xODA2MTIyMzEwNDdaFw0yMTAzMDgyMzEwNDdaMIGj +MQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1h +bjEUMBIGA1UECwwLRW5naW5lZXJpbmcxOTA3BgNVBAMMMERFUjozMDowZDo4Mjow +Yjo2Yzo2Zjo2Mzo2MTo2Yzo2ODo2Zjo3Mzo3NDowMDo2ODEfMB0GCSqGSIb3DQEJ +ARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBAMCVCOFXQfJxbbfSRUEnAWXGRa7yvCQwuJXOL07W9hyIvHyf+6hnf/5cnFF1 +94rKB+c1L4/hvXvAL3yrZKgX/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+Fj +Y1GLC2Q/rUO4pRxcNLOuAKBjxfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0Yz +aYduxLsXpvPo3a1zvHsvIbX9ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh +1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMg +s1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAKC1K +erkilCqSkNjoK7zFOUYDwxaXoSEcjRn50sWfNozUBLBpzS8oP5XpPSLhs8Dwc/O4 ++stjpH25PNz88X79sIvGXvJgkFFalJLgSAREU09z5XMnxVSU7Wmkj1xiD/o7T8Ur +1CYNPDnhx87VgbbIf2Phet4P0sqXK33MCVNpLKTYGVit60jOx2kbY1cmWptdvpid +WLKzwHmLv/Q58qFdMGNKZhUdj6Lkg7IlBnRmjzKxXad/b3D2TioQM2/CpDg0h/Y/ +gqelq/p9Qzj2jbwE4bKBEMdqA+0MibkGs2HkwcqeiEg5pkHof/jXfUhG+59T3oy+ +aiV3jEi/pH2wlt3Qhg== +-----END CERTIFICATE----- diff --git a/certs/test/server-goodalt.der b/certs/test/server-goodalt.der new file mode 100644 index 000000000..7ec7392c9 Binary files /dev/null and b/certs/test/server-goodalt.der differ diff --git a/certs/test/server-goodalt.pem b/certs/test/server-goodalt.pem new file mode 100644 index 000000000..b8950929c --- /dev/null +++ b/certs/test/server-goodalt.pem @@ -0,0 +1,74 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 14615220398693458350 (0xcad3b184922aa1ae) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com/emailAddress=info@wolfssl.com + Validity + Not Before: Jun 13 16:02:51 2018 GMT + Not After : Mar 9 16:02:51 2021 GMT + Subject: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27: + 01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6: + f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75: + f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab: + 64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e: + 86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25: + 4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c: + 34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6: + 8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc: + 40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8: + dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3: + e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9: + 64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0: + c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77: + ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4: + b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22: + a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f: + ad:d7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Alternative Name: + DNS:localhost + Signature Algorithm: sha256WithRSAEncryption + 5a:08:fc:f5:82:0b:a3:9b:8e:d0:95:92:46:df:a1:cd:8a:e5: + c5:57:71:d4:6f:f4:d9:73:66:bc:7e:d9:66:a7:67:c7:29:1c: + 8d:d4:33:92:54:f3:7d:fd:5d:ef:b1:a8:07:a6:ee:df:99:f6: + 70:56:d2:f6:0b:15:0b:70:6f:da:bd:c4:37:ef:99:f9:b7:f3: + 59:70:12:41:f5:72:1c:61:1d:51:6d:22:c5:8c:8b:78:f8:77: + 00:11:e3:b2:a6:b7:e9:00:02:f0:e7:8f:e3:50:cb:20:8b:ff: + f5:31:ce:7b:c1:ae:8f:a3:3c:60:81:da:34:6f:5f:d0:45:6d: + bf:c2:69:54:5a:58:d3:57:29:5e:0f:85:d7:73:e1:db:b1:15: + 26:a8:66:72:51:d7:e7:b3:b8:87:b1:ab:6c:51:4b:7c:98:c7: + c4:a8:ba:b0:3d:05:b5:95:2e:b5:a4:47:87:cd:86:3d:6c:45: + 54:46:63:c8:15:d6:06:39:a3:d6:b1:3f:f7:eb:a0:7c:c1:97: + a9:7f:11:f7:ee:e5:6d:53:90:30:6c:39:0a:6b:0d:d6:8e:eb: + 38:9f:bc:09:c1:fc:67:28:4a:fd:59:60:df:d0:19:f9:35:52: + 4c:5e:85:98:c5:d4:e9:fe:17:04:22:f8:f1:dd:4b:8f:29:0e: + b5:04:37:c1 +-----BEGIN CERTIFICATE----- +MIIDoTCCAomgAwIBAgIJAMrTsYSSKqGuMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD +VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIG +A1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMMD3d3dy5ub21hdGNoLmNvbTEfMB0G +CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0xODA2MTMxNjAyNTFaFw0y +MTAzMDkxNjAyNTFaMIGCMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQ +MA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMM +D3d3dy5ub21hdGNoLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv +bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfSRUEn +AWXGRa7yvCQwuJXOL07W9hyIvHyf+6hnf/5cnFF194rKB+c1L4/hvXvAL3yrZKgX +/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBj +xfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9 +ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIj +laF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBP +rdcCAwEAAaMYMBYwFAYDVR0RBA0wC4IJbG9jYWxob3N0MA0GCSqGSIb3DQEBCwUA +A4IBAQBaCPz1ggujm47QlZJG36HNiuXFV3HUb/TZc2a8ftlmp2fHKRyN1DOSVPN9 +/V3vsagHpu7fmfZwVtL2CxULcG/avcQ375n5t/NZcBJB9XIcYR1RbSLFjIt4+HcA +EeOyprfpAALw54/jUMsgi//1Mc57wa6Pozxggdo0b1/QRW2/wmlUWljTVyleD4XX +c+HbsRUmqGZyUdfns7iHsatsUUt8mMfEqLqwPQW1lS61pEeHzYY9bEVURmPIFdYG +OaPWsT/366B8wZepfxH37uVtU5AwbDkKaw3Wjus4n7wJwfxnKEr9WWDf0Bn5NVJM +XoWYxdTp/hcEIvjx3UuPKQ61BDfB +-----END CERTIFICATE----- diff --git a/certs/test/server-goodaltwild.der b/certs/test/server-goodaltwild.der new file mode 100644 index 000000000..f57483430 Binary files /dev/null and b/certs/test/server-goodaltwild.der differ diff --git a/certs/test/server-goodaltwild.pem b/certs/test/server-goodaltwild.pem new file mode 100644 index 000000000..801656bff --- /dev/null +++ b/certs/test/server-goodaltwild.pem @@ -0,0 +1,74 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 17517463568368655517 (0xf31a884dce75dc9d) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com/emailAddress=info@wolfssl.com + Validity + Not Before: Jun 12 23:10:47 2018 GMT + Not After : Mar 8 23:10:47 2021 GMT + Subject: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27: + 01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6: + f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75: + f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab: + 64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e: + 86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25: + 4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c: + 34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6: + 8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc: + 40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8: + dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3: + e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9: + 64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0: + c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77: + ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4: + b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22: + a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f: + ad:d7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Alternative Name: + DNS:*localhost + Signature Algorithm: sha256WithRSAEncryption + af:29:93:9d:e0:ec:8e:4d:aa:e6:12:90:45:af:56:32:5d:97: + 68:21:68:04:8f:82:80:ee:15:46:00:a2:9c:83:a0:f3:44:e3: + 95:d6:93:49:30:0e:86:00:fa:1f:8c:c0:63:a2:4b:f5:3b:f8: + 81:ce:f2:88:98:18:c3:bc:55:0c:48:69:e0:0b:64:44:1c:6d: + 35:5d:cd:75:59:c0:00:d4:19:c8:ba:f1:7f:c6:3c:00:f4:0f: + fe:c2:fa:e8:5c:22:8d:0b:ea:7e:c7:80:d1:01:f3:bb:1a:58: + e5:6e:2a:78:73:61:cb:30:cd:66:79:c3:42:b3:71:1c:4c:39: + 13:fd:c5:73:43:25:0d:3d:9b:49:ff:36:53:c7:6a:6f:20:0a: + f5:b0:67:ac:d0:ff:a8:62:25:72:eb:f4:c1:66:30:31:4c:6c: + bb:ab:55:08:36:fb:a3:8d:99:b0:e0:5c:88:09:ba:fe:5c:a0: + 94:db:97:bb:1f:01:7c:d8:50:7a:c8:a2:cf:23:d5:a9:84:d5: + 86:f9:02:96:1d:73:50:53:f8:f2:14:5b:2a:43:e1:b1:7b:b9: + 0e:a4:d9:88:dd:fe:71:41:b9:fd:bc:8e:9b:ad:4a:7e:e6:72: + 8b:a3:9b:66:37:84:ef:8e:c0:f6:95:ea:0f:80:e6:27:c0:8b: + 6e:91:a1:5a +-----BEGIN CERTIFICATE----- +MIIDojCCAoqgAwIBAgIJAPMaiE3OddydMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD +VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIG +A1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMMD3d3dy5ub21hdGNoLmNvbTEfMB0G +CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0xODA2MTIyMzEwNDdaFw0y +MTAzMDgyMzEwNDdaMIGCMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQ +MA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMM +D3d3dy5ub21hdGNoLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv +bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfSRUEn +AWXGRa7yvCQwuJXOL07W9hyIvHyf+6hnf/5cnFF194rKB+c1L4/hvXvAL3yrZKgX +/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBj +xfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9 +ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIj +laF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBP +rdcCAwEAAaMZMBcwFQYDVR0RBA4wDIIKKmxvY2FsaG9zdDANBgkqhkiG9w0BAQsF +AAOCAQEArymTneDsjk2q5hKQRa9WMl2XaCFoBI+CgO4VRgCinIOg80TjldaTSTAO +hgD6H4zAY6JL9Tv4gc7yiJgYw7xVDEhp4AtkRBxtNV3NdVnAANQZyLrxf8Y8APQP +/sL66FwijQvqfseA0QHzuxpY5W4qeHNhyzDNZnnDQrNxHEw5E/3Fc0MlDT2bSf82 +U8dqbyAK9bBnrND/qGIlcuv0wWYwMUxsu6tVCDb7o42ZsOBciAm6/lyglNuXux8B +fNhQesiizyPVqYTVhvkClh1zUFP48hRbKkPhsXu5DqTZiN3+cUG5/byOm61KfuZy +i6ObZjeE747A9pXqD4DmJ8CLbpGhWg== +-----END CERTIFICATE----- diff --git a/certs/test/server-goodcn.der b/certs/test/server-goodcn.der new file mode 100644 index 000000000..78edebedc Binary files /dev/null and b/certs/test/server-goodcn.der differ diff --git a/certs/test/server-goodcn.pem b/certs/test/server-goodcn.pem new file mode 100644 index 000000000..3bcd40ee4 --- /dev/null +++ b/certs/test/server-goodcn.pem @@ -0,0 +1,70 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 9494820020802705564 (0x83c46080d236589c) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=localhost/emailAddress=info@wolfssl.com + Validity + Not Before: Jun 13 16:02:51 2018 GMT + Not After : Mar 9 16:02:51 2021 GMT + Subject: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=localhost/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27: + 01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6: + f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75: + f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab: + 64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e: + 86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25: + 4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c: + 34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6: + 8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc: + 40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8: + dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3: + e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9: + 64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0: + c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77: + ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4: + b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22: + a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f: + ad:d7 + Exponent: 65537 (0x10001) + Signature Algorithm: sha256WithRSAEncryption + 00:fe:cb:dd:9b:51:8c:57:e6:e8:8b:96:92:70:0b:c3:e8:15: + c4:f1:fd:e6:39:c7:f8:d5:0d:8e:ae:f7:27:17:46:e3:fd:70: + 26:24:d3:61:a7:8b:7e:7b:97:f6:21:30:f4:24:f9:c3:22:76: + a6:68:83:40:ce:9d:69:d7:e4:9e:e5:ff:cf:a3:3e:c0:52:a8: + 7e:93:7f:d5:5b:63:37:45:fd:ca:f4:8f:8e:2a:50:ac:80:ce: + 4e:2c:1a:3b:ec:ed:8f:ae:4f:09:54:9d:b1:3f:05:bc:cf:24: + 3f:f4:9a:1d:4d:dc:ba:33:b0:b4:7a:a6:54:38:de:dc:b4:f1: + 27:ce:6f:2c:d0:7e:62:8a:84:af:40:af:d2:2a:1f:40:fe:5e: + 14:9d:05:30:2b:4f:7b:95:86:2d:9b:a9:fb:00:eb:1b:a1:fd: + 0b:67:de:66:9d:e3:b8:3e:e7:8a:b1:7e:38:3f:0e:db:53:c5: + 5d:18:a7:66:49:8e:51:03:3c:6a:cb:fa:1a:ef:83:a7:7b:f2: + 23:f9:fb:7d:30:91:7d:c0:3a:63:b9:89:19:9c:bf:8d:f8:5d: + 4a:9b:a6:48:02:35:f0:19:ea:92:09:8a:78:7a:09:eb:8c:61: + e7:6a:11:85:a9:a6:a6:fb:94:48:ff:86:4e:c1:13:49:13:a5: + 72:b6:25:c8 +-----BEGIN CERTIFICATE----- +MIIDeTCCAmGgAwIBAgIJAIPEYIDSNlicMA0GCSqGSIb3DQEBCwUAMHwxCzAJBgNV +BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRQwEgYD +VQQLDAtFbmdpbmVlcmluZzESMBAGA1UEAwwJbG9jYWxob3N0MR8wHQYJKoZIhvcN +AQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4MDYxMzE2MDI1MVoXDTIxMDMwOTE2 +MDI1MVowfDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcM +B0JvemVtYW4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRIwEAYDVQQDDAlsb2NhbGhv +c3QxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQDAlQjhV0HycW230kVBJwFlxkWu8rwkMLiVzi9O +1vYciLx8n/uoZ3/+XJxRdfeKygfnNS+P4b17wC98q2SoF/zKXXu64CHlci5vLobY +lXParBtTuV8/1xkNJU/hY2NRiwtkP61DuKUcXDSzrgCgY8X2fwtZaHhzpowYqQJt +r8MZAS64EOPGzEC0aaNGM2mHbsS7F6bz6N2tc7x7LyG1/WZRDL1Us+FtXxy8I3PR +CQOJFNIQuWTDKtChlkq84dQaW8egwMFjeA9ENzAyloAyI5Whd7oT0pdz4l0lyWoN +wzlgpLSwaUJCCenYCLwzILNYIqeq68Th5mGDxdKW39nQT63XAgMBAAEwDQYJKoZI +hvcNAQELBQADggEBAAD+y92bUYxX5uiLlpJwC8PoFcTx/eY5x/jVDY6u9ycXRuP9 +cCYk02Gni357l/YhMPQk+cMidqZog0DOnWnX5J7l/8+jPsBSqH6Tf9VbYzdF/cr0 +j44qUKyAzk4sGjvs7Y+uTwlUnbE/BbzPJD/0mh1N3LozsLR6plQ43ty08SfObyzQ +fmKKhK9Ar9IqH0D+XhSdBTArT3uVhi2bqfsA6xuh/Qtn3mad47g+54qxfjg/DttT +xV0Yp2ZJjlEDPGrL+hrvg6d78iP5+30wkX3AOmO5iRmcv434XUqbpkgCNfAZ6pIJ +inh6CeuMYedqEYWppqb7lEj/hk7BE0kTpXK2Jcg= +-----END CERTIFICATE----- diff --git a/certs/test/server-goodcnwild.der b/certs/test/server-goodcnwild.der new file mode 100644 index 000000000..e6ef31417 Binary files /dev/null and b/certs/test/server-goodcnwild.der differ diff --git a/certs/test/server-goodcnwild.pem b/certs/test/server-goodcnwild.pem new file mode 100644 index 000000000..656604158 --- /dev/null +++ b/certs/test/server-goodcnwild.pem @@ -0,0 +1,70 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 9769574718208722881 (0x87948071dd77c7c1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=*localhost/emailAddress=info@wolfssl.com + Validity + Not Before: Jun 12 23:10:47 2018 GMT + Not After : Mar 8 23:10:47 2021 GMT + Subject: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=*localhost/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27: + 01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6: + f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75: + f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab: + 64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e: + 86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25: + 4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c: + 34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6: + 8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc: + 40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8: + dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3: + e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9: + 64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0: + c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77: + ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4: + b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22: + a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f: + ad:d7 + Exponent: 65537 (0x10001) + Signature Algorithm: sha256WithRSAEncryption + 34:ef:b2:dc:02:ec:6a:b5:58:e6:2b:13:18:30:57:e2:ef:22: + 0f:7c:7d:e3:00:77:cc:c4:d9:97:7f:e8:69:f4:87:22:1a:b8: + a1:f2:17:18:94:23:cb:05:c2:90:86:c0:37:6a:90:da:00:70: + dd:de:11:68:48:95:eb:4d:08:1e:73:1e:68:6e:1b:1e:1f:93: + a1:fc:21:05:a7:99:1a:73:0a:88:37:60:f0:ba:8d:b6:b4:3f: + c8:ed:2f:7b:56:9f:a5:c0:00:19:01:e8:e3:d1:06:fc:27:b7: + 5d:f5:53:f9:00:6e:d4:f2:31:1c:a3:cd:12:5f:72:38:09:8a: + be:54:e3:6f:15:31:28:c3:c9:09:60:92:a9:c6:e1:66:33:c4: + 4d:24:f0:74:8e:87:29:63:67:6b:20:e0:5b:81:04:65:cc:0e: + 69:db:7f:e7:93:85:d5:04:26:bb:82:9e:69:61:f2:37:e4:6c: + e2:87:e1:cd:37:40:69:a4:7f:f4:e3:39:d8:fb:2d:53:61:d7: + 4d:1d:39:e0:db:0a:10:7c:f3:4e:30:55:ef:3f:8a:8b:4a:47: + 99:f5:10:60:78:83:38:90:ab:33:59:45:d2:e6:62:df:3d:cd: + a6:7c:39:91:9c:ae:96:36:b7:7f:c1:46:10:a8:c9:4e:be:66: + 6c:61:46:a2 +-----BEGIN CERTIFICATE----- +MIIDezCCAmOgAwIBAgIJAIeUgHHdd8fBMA0GCSqGSIb3DQEBCwUAMH0xCzAJBgNV +BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRQwEgYD +VQQLDAtFbmdpbmVlcmluZzETMBEGA1UEAwwKKmxvY2FsaG9zdDEfMB0GCSqGSIb3 +DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0xODA2MTIyMzEwNDdaFw0yMTAzMDgy +MzEwNDdaMH0xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQH +DAdCb3plbWFuMRQwEgYDVQQLDAtFbmdpbmVlcmluZzETMBEGA1UEAwwKKmxvY2Fs +aG9zdDEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfSRUEnAWXGRa7yvCQwuJXO +L07W9hyIvHyf+6hnf/5cnFF194rKB+c1L4/hvXvAL3yrZKgX/Mpde7rgIeVyLm8u +htiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBjxfZ/C1loeHOmjBip +Am2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9ZlEMvVSz4W1fHLwj +c9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3uhPSl3PiXSXJ +ag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAATANBgkq +hkiG9w0BAQsFAAOCAQEANO+y3ALsarVY5isTGDBX4u8iD3x94wB3zMTZl3/oafSH +Ihq4ofIXGJQjywXCkIbAN2qQ2gBw3d4RaEiV600IHnMeaG4bHh+TofwhBaeZGnMK +iDdg8LqNtrQ/yO0ve1afpcAAGQHo49EG/Ce3XfVT+QBu1PIxHKPNEl9yOAmKvlTj +bxUxKMPJCWCSqcbhZjPETSTwdI6HKWNnayDgW4EEZcwOadt/55OF1QQmu4KeaWHy +N+Rs4ofhzTdAaaR/9OM52PstU2HXTR054NsKEHzzTjBV7z+Ki0pHmfUQYHiDOJCr +M1lF0uZi3z3Npnw5kZyulja3f8FGEKjJTr5mbGFGog== +-----END CERTIFICATE----- diff --git a/certs/test/server-nomatch.conf b/certs/test/server-nomatch.conf deleted file mode 100644 index b53010c37..000000000 --- a/certs/test/server-nomatch.conf +++ /dev/null @@ -1,16 +0,0 @@ -[ req ] -default_bits = 2048 -distinguished_name = req_distinguished_name -req_extensions = req_ext - -[ req_distinguished_name ] -countryName = US -stateOrProvinceName = Montana -localityName = Bozeman -organizationName = Engineering -commonName = www.nomatch.com -commonName_max = 64 - -[ req_ext ] -#subjectAltName = localhost\0h -#subjectAltName = DER:30:0d:82:0b:6c:6f:63:61:6c:68:6f:73:74:00:68 diff --git a/certs/test/server-nomatch.csr b/certs/test/server-nomatch.csr deleted file mode 100644 index 5fdc8f777..000000000 --- a/certs/test/server-nomatch.csr +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIICtDCCAZwCAQAwYDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAO -BgNVBAcMB0JvemVtYW4xFDASBgNVBAoMC0VuZ2luZWVyaW5nMRcwFQYDVQQDDA53 -d3cubm9uYW1lLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ1B -JYwNWaXJdfnKJAz61T0m1w6xMGxELhZWjDks49zn98lW8E8wMZtCoguE1feuu9pF -6yGnfRmK2J+4QjeWVejmMqt8SQyJpW8nWCvRpFVha0RFbmT60nuvKMRX68Lku6iU -Vav2KHU+cz4yBj1m9QO6AqzJWQWiLY5t25OBq+EkhWUd9I39rGmF8ba1Bnpus27U -tqRVJ8cmEwnNPc8ihvcN8RsrYdnQNyYIiIUdJIA2iduDE7PeOSY3jT9mtmeWQOHp -l91xh/RGbJWNpLBd66TkreLTnz4zmQMMTzZGj1pdv9B3UFc6mIMNWmLsERRhiOMO -hiaFfEJwFJZBN9PaXYsCAwEAAaAPMA0GCSqGSIb3DQEJDjEAMA0GCSqGSIb3DQEB -CwUAA4IBAQCA0S++HN0qb94u8setTM5akJjpM1b2o4rcrQluFKMel8mMip9hinvG -sPkJL1KB28/O9TcdmMX57zfXBsumxLSpjzmjIqri7fVabcu/kybE2wdNNvM+9ZzT -pNbYhWEhsCS8XAegiApx/JVszmH77GLExuVAY2XqxA7Cy2Ia/qyiR6v0agMd6I4z -T7nlJHBckOOEdJ6cjqy67vqWy+BKwCK/kRnOJuirIeJ+SechS4tXuRrVni0pkDuK -xQ2uHQjpzFR40U6pFGgwZcdR1bvLCWOlC7efS4ayIETZzhOuXTZa4qQ5/IcCyM+N -scJS5z+YQpQMgOs5jj5DWYLUtMs63UmQ ------END CERTIFICATE REQUEST----- diff --git a/certs/test/server-nomatch.der b/certs/test/server-nomatch.der deleted file mode 100644 index 0dcf502a0..000000000 Binary files a/certs/test/server-nomatch.der and /dev/null differ diff --git a/certs/test/server-nomatch.key b/certs/test/server-nomatch.key deleted file mode 100644 index 182b27380..000000000 --- a/certs/test/server-nomatch.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAnUEljA1Zpcl1+cokDPrVPSbXDrEwbEQuFlaMOSzj3Of3yVbw -TzAxm0KiC4TV96672kXrIad9GYrYn7hCN5ZV6OYyq3xJDImlbydYK9GkVWFrREVu -ZPrSe68oxFfrwuS7qJRVq/YodT5zPjIGPWb1A7oCrMlZBaItjm3bk4Gr4SSFZR30 -jf2saYXxtrUGem6zbtS2pFUnxyYTCc09zyKG9w3xGyth2dA3JgiIhR0kgDaJ24MT -s945JjeNP2a2Z5ZA4emX3XGH9EZslY2ksF3rpOSt4tOfPjOZAwxPNkaPWl2/0HdQ -VzqYgw1aYuwRFGGI4w6GJoV8QnAUlkE309pdiwIDAQABAoIBAQCKxhIHfUSOvLHj -JRMZbUY/OAZzTcTo1mZBilEmp8nSidculA1wJJyyYmQ0fB6C/G2E20z8Hx2UK+at -VOMCwSXBaVxv3zdr3BDlfbgeu1wliNornoYkkQCs68+zLc+95zMAOx87qPjdNqZm -zaiaCUDR8BYqO2nXQd6oIaSzkKyI+tqTO9zW4NG8Y5zv0waKCjPK9Ep/kze9uC4S -WIp2eYhUb+x60dECDBGI9xvlgeZyP5PMCfCyaZk3CxnLsR4tI9R5WwDgMcjCShJk -3+kHyrtNU8ak2TrfUoh96arHu0HMLFJaJSdxYT9FUSKhKu+fWMn1J36AkxdqntAw -6HATVD4ZAoGBAM0DCqI5BKvmPWdO587+fpPAa76iqQDqqkaAQ94xcGtTYA0yEfbA -V4JFfsCEFm7evteMmJgmDyNNVvnSi/LQhL+ih40Q0LKREYzBiMy3aothQZAYb+Ex -fVllfZhIaWI8q/DoeZ7qohRHFGBA/znav6vls3kE3jRWx0O30eq9cX1tAoGBAMRd -bQNcp2mCm+fe//s5GKXm4ak4zeo077fUCxJly4DE5e2+IGrP+JYwVrJsMuFu/3C1 -/6+qCgLS+/08BMQ+e6xmTDJrRXtk9KmDI38tEoqzH8tkAgSTxby771/5uNr7hbgX -LtCCIsxhwSAML0b7M2I8xmEfL3Dmu1q7/GEDAMPXAoGABd/ucBOeNKbWX519OwtD -6Uv8Smwy15nh4z9NspJMHGc5O2eR6DY+y7beGPowAmFTqq2WudVtXZ+bvHDyHbUn -+K3ZoIs4z8UkcZoiJ2uiG/hffpeUrSlT5DnqTXDVxEDk1HR0977Vgis/RDrYlXnV -QEHG0NL44xsRfrlHxKhFFkkCgYB1HsgzliLgQp+c2BxUCkUSRrhXx2LCC5rjSRzl -d0O+5THC8IDDVJIPentrZi+e2CaRYmxDqSbZcmAMNa0eI6p+NHHELMk/hQKMzIPy -ib6ibZ5MILU3Z7AsFuf6labVLeoe1+z7PnNk9fVLmRjlvFR0ho1IRmJ0c5pRzwgE -ENd29wKBgA5WnuCBKF9Kv8H9E1hAuAGXwBxmw9PVeWB63/TAernlOQhF47ra9ExH -GtkZv9D/2tNJaoft1YQ1yhBn7l7rW+vfQYXAOW4yRg0FSOOgefBwN/eTOXVRU9Zg -9LBwnQlvimQUm0GrxLLAseDqFMn/a3x/KxftvF95JGx/1Lscukdz ------END RSA PRIVATE KEY----- diff --git a/certs/test/server-nomatch.pem b/certs/test/server-nomatch.pem deleted file mode 100644 index a1753cbf3..000000000 --- a/certs/test/server-nomatch.pem +++ /dev/null @@ -1,69 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 13225619248861184800 (0xb78ad6a26ef08320) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, ST=Montana, L=Bozeman, O=Engineering, CN=www.noname.com - Validity - Not Before: May 24 21:25:38 2018 GMT - Not After : Feb 17 21:25:38 2021 GMT - Subject: C=US, ST=Montana, L=Bozeman, O=Engineering, CN=www.noname.com - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) - Modulus: - 00:9d:41:25:8c:0d:59:a5:c9:75:f9:ca:24:0c:fa: - d5:3d:26:d7:0e:b1:30:6c:44:2e:16:56:8c:39:2c: - e3:dc:e7:f7:c9:56:f0:4f:30:31:9b:42:a2:0b:84: - d5:f7:ae:bb:da:45:eb:21:a7:7d:19:8a:d8:9f:b8: - 42:37:96:55:e8:e6:32:ab:7c:49:0c:89:a5:6f:27: - 58:2b:d1:a4:55:61:6b:44:45:6e:64:fa:d2:7b:af: - 28:c4:57:eb:c2:e4:bb:a8:94:55:ab:f6:28:75:3e: - 73:3e:32:06:3d:66:f5:03:ba:02:ac:c9:59:05:a2: - 2d:8e:6d:db:93:81:ab:e1:24:85:65:1d:f4:8d:fd: - ac:69:85:f1:b6:b5:06:7a:6e:b3:6e:d4:b6:a4:55: - 27:c7:26:13:09:cd:3d:cf:22:86:f7:0d:f1:1b:2b: - 61:d9:d0:37:26:08:88:85:1d:24:80:36:89:db:83: - 13:b3:de:39:26:37:8d:3f:66:b6:67:96:40:e1:e9: - 97:dd:71:87:f4:46:6c:95:8d:a4:b0:5d:eb:a4:e4: - ad:e2:d3:9f:3e:33:99:03:0c:4f:36:46:8f:5a:5d: - bf:d0:77:50:57:3a:98:83:0d:5a:62:ec:11:14:61: - 88:e3:0e:86:26:85:7c:42:70:14:96:41:37:d3:da: - 5d:8b - Exponent: 65537 (0x10001) - Signature Algorithm: sha1WithRSAEncryption - 6d:df:c3:7a:74:32:b6:ba:f5:2c:87:93:6c:64:7c:b9:5f:6e: - 79:f3:e7:b2:6a:58:c6:8d:20:9a:f6:46:b1:60:f9:59:59:6f: - 22:32:e3:f8:5c:a2:2d:53:84:48:b9:68:6d:2e:59:03:c1:e4: - ad:5b:ce:91:6e:13:bd:5c:71:2a:69:d8:7d:a8:07:cf:6f:83: - 0c:05:cf:d4:39:7f:10:3d:35:98:1c:f9:77:26:53:d5:81:f1: - 6a:0b:ca:fb:86:f9:6d:bb:92:b9:e0:57:a2:3b:43:14:cc:e0: - 75:27:10:c2:50:1d:91:ca:af:f8:36:88:cc:5d:1d:37:77:fe: - 1d:ea:b3:d9:94:b6:e4:b1:a7:29:2b:e4:1e:c7:f6:65:1d:59: - d7:e2:2d:01:d2:08:a1:72:a0:b2:f1:3f:9c:fd:27:f9:46:85: - e3:05:a5:34:b0:a6:6c:44:f0:42:16:32:71:2f:cd:82:c2:33: - 05:0a:3c:3c:e7:87:17:d7:1f:a9:4e:83:c2:1e:46:a5:0f:7a: - c2:98:f7:98:a1:75:b8:72:26:d9:1b:65:24:f0:f3:d7:2c:9c: - cf:a6:88:c4:8c:56:00:87:16:be:49:28:91:a0:bc:c7:9f:e3: - 02:35:fb:0b:39:e3:c0:f9:f3:ed:bb:7d:2e:4c:09:7a:88:53: - b1:16:5c:b4 ------BEGIN CERTIFICATE----- -MIIDQTCCAimgAwIBAgIJALeK1qJu8IMgMA0GCSqGSIb3DQEBBQUAMGAxCzAJBgNV -BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRQwEgYD -VQQKDAtFbmdpbmVlcmluZzEXMBUGA1UEAwwOd3d3Lm5vbmFtZS5jb20wHhcNMTgw -NTI0MjEyNTM4WhcNMjEwMjE3MjEyNTM4WjBgMQswCQYDVQQGEwJVUzEQMA4GA1UE -CAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECgwLRW5naW5lZXJp -bmcxFzAVBgNVBAMMDnd3dy5ub25hbWUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEAnUEljA1Zpcl1+cokDPrVPSbXDrEwbEQuFlaMOSzj3Of3yVbw -TzAxm0KiC4TV96672kXrIad9GYrYn7hCN5ZV6OYyq3xJDImlbydYK9GkVWFrREVu -ZPrSe68oxFfrwuS7qJRVq/YodT5zPjIGPWb1A7oCrMlZBaItjm3bk4Gr4SSFZR30 -jf2saYXxtrUGem6zbtS2pFUnxyYTCc09zyKG9w3xGyth2dA3JgiIhR0kgDaJ24MT -s945JjeNP2a2Z5ZA4emX3XGH9EZslY2ksF3rpOSt4tOfPjOZAwxPNkaPWl2/0HdQ -VzqYgw1aYuwRFGGI4w6GJoV8QnAUlkE309pdiwIDAQABMA0GCSqGSIb3DQEBBQUA -A4IBAQBt38N6dDK2uvUsh5NsZHy5X2558+eyaljGjSCa9kaxYPlZWW8iMuP4XKIt -U4RIuWhtLlkDweStW86RbhO9XHEqadh9qAfPb4MMBc/UOX8QPTWYHPl3JlPVgfFq -C8r7hvltu5K54FeiO0MUzOB1JxDCUB2Ryq/4NojMXR03d/4d6rPZlLbksacpK+Qe -x/ZlHVnX4i0B0gihcqCy8T+c/Sf5RoXjBaU0sKZsRPBCFjJxL82CwjMFCjw854cX -1x+pToPCHkalD3rCmPeYoXW4cibZG2Uk8PPXLJzPpojEjFYAhxa+SSiRoLzHn+MC -NfsLOePA+fPtu30uTAl6iFOxFly0 ------END CERTIFICATE----- diff --git a/src/internal.c b/src/internal.c index bb116852a..e838fde16 100644 --- a/src/internal.c +++ b/src/internal.c @@ -7651,6 +7651,7 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) return 1 on success */ int MatchDomainName(const char* pattern, int len, const char* str) { + int ret = 0; char p, s; if (pattern == NULL || str == NULL || len <= 0) @@ -7659,7 +7660,7 @@ int MatchDomainName(const char* pattern, int len, const char* str) while (len > 0) { p = (char)XTOLOWER((unsigned char)*pattern++); - if (p == 0) + if (p == '\0') break; if (p == '*') { @@ -7683,11 +7684,18 @@ int MatchDomainName(const char* pattern, int len, const char* str) return 0; } - if (len > 0) + + if (len > 0) { + str++; len--; + } } - return *str == '\0'; + if (*str == '\0' && len == 0) { + ret = 1; /* success */ + } + + return ret; } @@ -7705,7 +7713,7 @@ int CheckAltNames(DecodedCert* dCert, char* domain) while (altName) { WOLFSSL_MSG("\tindividual AltName check"); - if (MatchDomainName(altName->name,(int)XSTRLEN(altName->name), domain)){ + if (MatchDomainName(altName->name, altName->len, domain)){ match = 1; break; } @@ -7742,8 +7750,7 @@ static int CheckForAltNames(DecodedCert* dCert, char* domain, int* checkCN) while (altName) { WOLFSSL_MSG("\tindividual AltName check"); - if (MatchDomainName(altName->name, (int)XSTRLEN(altName->name), - domain)) { + if (MatchDomainName(altName->name, altName->len, domain)) { match = 1; *checkCN = 0; break; @@ -7953,7 +7960,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) while (cur != NULL) { if (cur->type == ASN_RFC822_TYPE) { DNS_entry* dnsEntry; - int strLen = (int)XSTRLEN(cur->name); + int strLen = cur->len; dnsEntry = (DNS_entry*)XMALLOC(sizeof(DNS_entry), x509->heap, DYNAMIC_TYPE_ALTNAME); @@ -7970,7 +7977,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) XFREE(dnsEntry, x509->heap, DYNAMIC_TYPE_ALTNAME); return MEMORY_E; } - + dnsEntry->len = strLen; XMEMCPY(dnsEntry->name, cur->name, strLen); dnsEntry->name[strLen] = '\0'; diff --git a/tests/test-fails.conf b/tests/test-fails.conf index 32fd0c0e1..e9fda3021 100644 --- a/tests/test-fails.conf +++ b/tests/test-fails.conf @@ -1,30 +1,61 @@ -# server bad certificate alt name +# server bad certificate common name has null +# DG: Have not found a way to properly encode null in common name -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 --k ./certs/test/server-badaltnamenull.key --c ./certs/test/server-badaltnamenull.pem +-k ./certs/server-key.pem +-c ./certs/test/server-badcnnull.pem -d -# client bad certificate alt name +# client bad certificate common name has null -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 -h localhost --A ./certs/test/server-badaltnamenull.pem +-A ./certs/test/server-badcnnull.pem +-m +-x + +# server bad certificate alternate name has null +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-k ./certs/server-key.pem +-c ./certs/test/server-badaltnull.pem +-d + +# client bad certificate alternate name has null +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-h localhost +-A ./certs/test/server-badaltnull.pem -m -x # server nomatch common name -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 --k ./certs/test/server-nomatch.key --c ./certs/test/server-nomatch.pem +-k ./certs/server-key.pem +-c ./certs/test/server-badcn.pem -d # client nomatch common name -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 -h localhost --A ./certs/test/server-nomatch.pem +-A ./certs/test/server-badcn.pem +-m +-x + +# server nomatch alternate name +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-k ./certs/server-key.pem +-c ./certs/test/server-badaltname.pem +-d + +# client nomatch alternate name +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-h localhost +-A ./certs/test/server-badaltname.pem -m -x diff --git a/tests/test.conf b/tests/test.conf index 18cb942e5..96f94b7d0 100644 --- a/tests/test.conf +++ b/tests/test.conf @@ -2246,3 +2246,59 @@ -D certs/dh3072.pem -c certs/client-cert-3072.pem -k certs/client-key-3072.pem + +# server good certificate common name +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-k ./certs/server-key.pem +-c ./certs/test/server-goodcn.pem +-d + +# client good certificate common name +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-h localhost +-A ./certs/test/server-goodcn.pem +-m + +# server good certificate alt name +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-k ./certs/server-key.pem +-c ./certs/test/server-goodalt.pem +-d + +# client good certificate alt name +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-h localhost +-A ./certs/test/server-goodalt.pem +-m + +# server good certificate common name wild +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-k ./certs/server-key.pem +-c ./certs/test/server-goodcnwild.pem +-d + +# client good certificate common name wild +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-h localhost +-A ./certs/test/server-goodcnwild.pem +-m + +# server good certificate alt name wild +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-k ./certs/server-key.pem +-c ./certs/test/server-goodaltwild.pem +-d + +# client good certificate alt name wild +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-h localhost +-A ./certs/test/server-goodaltwild.pem +-m diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index b8eb7b864..500296088 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -4203,9 +4203,10 @@ static int GetName(DecodedCert* cert, int nameType) XFREE(emailName, cert->heap, DYNAMIC_TYPE_ALTNAME); return MEMORY_E; } + emailName->len = adv; XMEMCPY(emailName->name, &cert->source[cert->srcIdx], adv); - emailName->name[adv] = 0; + emailName->name[adv] = '\0'; emailName->next = cert->altEmailNames; cert->altEmailNames = emailName; @@ -5547,7 +5548,7 @@ static int ConfirmNameConstraints(Signer* signer, DecodedCert* cert) DNS_entry* name = cert->altNames; while (name != NULL) { if (MatchBaseName(ASN_DNS_TYPE, - name->name, (int)XSTRLEN(name->name), + name->name, name->len, base->name, base->nameSz)) { return 0; } @@ -5560,7 +5561,7 @@ static int ConfirmNameConstraints(Signer* signer, DecodedCert* cert) DNS_entry* name = cert->altEmailNames; while (name != NULL) { if (MatchBaseName(ASN_RFC822_TYPE, - name->name, (int)XSTRLEN(name->name), + name->name, name->len, base->name, base->nameSz)) { return 0; } @@ -5604,7 +5605,7 @@ static int ConfirmNameConstraints(Signer* signer, DecodedCert* cert) while (name != NULL) { matchDns = MatchBaseName(ASN_DNS_TYPE, - name->name, (int)XSTRLEN(name->name), + name->name, name->len, base->name, base->nameSz); name = name->next; } @@ -5619,7 +5620,7 @@ static int ConfirmNameConstraints(Signer* signer, DecodedCert* cert) while (name != NULL) { matchEmail = MatchBaseName(ASN_DNS_TYPE, - name->name, (int)XSTRLEN(name->name), + name->name, name->len, base->name, base->nameSz); name = name->next; } @@ -5700,7 +5701,7 @@ static int DecodeAltNames(byte* input, int sz, DecodedCert* cert) XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME); return MEMORY_E; } - + dnsEntry->len = strLen; XMEMCPY(dnsEntry->name, &input[idx], strLen); dnsEntry->name[strLen] = '\0'; @@ -5737,7 +5738,7 @@ static int DecodeAltNames(byte* input, int sz, DecodedCert* cert) XFREE(emailEntry, cert->heap, DYNAMIC_TYPE_ALTNAME); return MEMORY_E; } - + emailEntry->len = strLen; XMEMCPY(emailEntry->name, &input[idx], strLen); emailEntry->name[strLen] = '\0'; @@ -5808,7 +5809,7 @@ static int DecodeAltNames(byte* input, int sz, DecodedCert* cert) XFREE(uriEntry, cert->heap, DYNAMIC_TYPE_ALTNAME); return MEMORY_E; } - + uriEntry->len = strLen; XMEMCPY(uriEntry->name, &input[idx], strLen); uriEntry->name[strLen] = '\0'; diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 35b372355..039ee34fa 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -439,6 +439,7 @@ typedef struct DNS_entry DNS_entry; struct DNS_entry { DNS_entry* next; /* next on DNS list */ int type; /* i.e. ASN_DNS_TYPE */ + int len; /* actual DNS len */ char* name; /* actual DNS name */ };