wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 19:54:40 +02:00
Code Issues Packages Projects Releases Wiki Activity

remove extra cert and key, plus add new test

Browse Source
This commit is contained in:
Jacob Barthelmeh
2016-02-11 13:49:07 -07:00
parent 1197f88c4f
commit 3e860107f3
8 changed files with 213 additions and 80 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
certs/include.am
View File

@@ -27,10 +27,7 @@ EXTRA_DIST += \
certs/server-keyPkcs8.pem \ certs/server-keyPkcs8.pem \
certs/server-revoked-cert.pem \ certs/server-revoked-cert.pem \
certs/server-revoked-key.pem \ certs/server-revoked-key.pem \
certs/wolfssl-website-ca.pem \ certs/wolfssl-website-ca.pem
certs/rsa-ecc-key.pem \
certs/rsa-signed-ecc-cert.pem \
certs/rsa-signed-ecc-ca.pem
EXTRA_DIST += \ EXTRA_DIST += \
certs/ca-key.der \ certs/ca-key.der \
certs/ca-cert.der \ certs/ca-cert.der \

21
certs/renewcerts.sh
View File

@@ -94,16 +94,6 @@ function run_renewcerts(){
openssl x509 -in \1024/ca-cert.pem -text > \1024/tmp.pem openssl x509 -in \1024/ca-cert.pem -text > \1024/tmp.pem
mv \1024/tmp.pem \1024/ca-cert.pem mv \1024/tmp.pem \1024/ca-cert.pem
############################################################
########## update the self-signed rsa-signed-ecc-ca.pem ####
############################################################
echo "Updating rsa-signed-ecc-ca.pem"
echo ""
#pipe the following arguments to openssl req...
echo -e "US\nMontana\nBozeman\nwolfSSL\nConsulting_rsa-ecc\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ca-key.pem -nodes -out ca-rsa-ecc-cert.csr
openssl x509 -req -in ca-rsa-ecc-cert.csr -days 1000 -extfile wolfssl.cnf -extensions wolfssl_opts -signkey ca-key.pem -out rsa-signed-ecc-ca.pem
rm ca-rsa-ecc-cert.csr
########################################################### ###########################################################
########## update and sign server-cert.pem ################ ########## update and sign server-cert.pem ################
########################################################### ###########################################################
@@ -212,17 +202,6 @@ function run_renewcerts(){
openssl x509 -in server-ecc-comp.pem -text > tmp.pem openssl x509 -in server-ecc-comp.pem -text > tmp.pem
mv tmp.pem server-ecc-comp.pem mv tmp.pem server-ecc-comp.pem
############################################################
###### update rsa-signed-ecc-cert.pem ##########
############################################################
echo "Updating rsa-signed-ecc-cert.pem"
echo ""
#pipe the following arguments to openssl req...
echo -e "US\nMontana\nBozeman\nwolfSSL\nConsulting_rsa-ecc\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key rsa-ecc-key.pem -out server-rsa-signed-ecc.csr
openssl req -x509 -in server-rsa-signed-ecc.csr -days 1000 -key ca-key.pem -out rsa-signed-ecc-cert.pem
rm server-rsa-signed-ecc.csr
############################################################ ############################################################
########## make .der files from .pem files ################# ########## make .der files from .pem files #################
############################################################ ############################################################

5
certs/rsa-ecc-key.pem
View File

@@ -1,5 +0,0 @@
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIIdLUY+7ywLvHw3hXcRh3Yjk2isYn3xRzNzh8PL8c++doAoGCCqGSM49
AwEHoUQDQgAE5N/MA+vrmu1j6+9L9x53MwRlxQVYreEo6GbI08kMZg7Xcdo9wJ06
6EBsqo5FdrTtYLMgKLCtvXAVcwTOj8wA9A==
-----END EC PRIVATE KEY-----

28
certs/rsa-signed-ecc-ca.pem
View File

@@ -1,28 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIEwTCCA6mgAwIBAgIJANSPE5wECQHCMA0GCSqGSIb3DQEBCwUAMIGbMQswCQYD
VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEQMA4G
A1UECgwHd29sZlNTTDEbMBkGA1UECwwSQ29uc3VsdGluZ19yc2EtZWNjMRgwFgYD
VQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
bC5jb20wHhcNMTYwMjEwMTc0NjMxWhcNMTgxMTA2MTc0NjMxWjCBmzELMAkGA1UE
BhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNV
BAoMB3dvbGZTU0wxGzAZBgNVBAsMEkNvbnN1bHRpbmdfcnNhLWVjYzEYMBYGA1UE
AwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvwzKLRSyHoRCW804
H0ryTXUQ8bY1n9/KfQOY06zeA2buKvHYsH1uB1QLEJghTYDLEiDnzE/eRX3Jcncy
6sqQu2lSEAMvqPOVxfGLYlYb72dvpBBBla0Km+OlwLDScHZQMFuo6AgsfO2nonqN
OCkcrMft8nyVsJWCfUlcOM13Je+9gHVTlDw9ymNbnxW10x0TLxnRPNt2Osy4fcnl
wtfaQG/YIdxzG0ItU5z+Gvx9q3o2P5jehHwFZ85qFDiHqfGMtWjLaH9xICv1oGP1
Vi+jJtK3b7FaF9c4mQj+k1hv/sMTSQgWC6dNZwBSMWcjTpjtUUUduQTZC+zYKLNL
ve02eQIDAQABo4IBBDCCAQAwHQYDVR0OBBYEFCeOZxF0wyYdP+0zY7Ok2B0w5ejV
MIHQBgNVHSMEgcgwgcWAFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGhpIGeMIGbMQsw
CQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEQ
MA4GA1UECgwHd29sZlNTTDEbMBkGA1UECwwSQ29uc3VsdGluZ19yc2EtZWNjMRgw
FgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s
ZnNzbC5jb22CCQDUjxOcBAkBwjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUA
A4IBAQCInkcGU17ednsQj9aUge/19pr8hTvIyOgSjo6jeyNFYR3dwtSCyiNp+3xy
0751Qr3bsZFypZ6KYdq262592jS1FCA8PPT0lj2b+rs7ltt0+SWwNa5gd53i6bqL
F2eGuJxB8+eaYCNtvHb+vVt4wE+xc4arEXohNOK98Ue8a1z4t5GJgld2qIO596fC
5AF51wT2W+nmkPD8Uc57qbT0dGcYMrbV1CEzRznKlEM7/lwQzosanq2WAej/LuoK
E7fFK/HsKmGNo5h9xmp8Mffrhv/FtNY8goOzGgGVLIBEJhhAXdxMD7StDJ/wO4Yn
YVhUYNYXHRfLqlfrOKTlpom0tSTm
-----END CERTIFICATE-----

20
certs/rsa-signed-ecc-cert.pem
View File

@@ -1,20 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDQDCCAiigAwIBAgIJAIsWzJR4pzZ8MA0GCSqGSIb3DQEBCwUAMIGbMQswCQYD
VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEQMA4G
A1UECgwHd29sZlNTTDEbMBkGA1UECwwSQ29uc3VsdGluZ19yc2EtZWNjMRgwFgYD
VQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
bC5jb20wHhcNMTYwMjEwMTc0NjMxWhcNMTgxMTA2MTc0NjMxWjCBmzELMAkGA1UE
BhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNV
BAoMB3dvbGZTU0wxGzAZBgNVBAsMEkNvbnN1bHRpbmdfcnNhLWVjYzEYMBYGA1UE
AwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
Y29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5N/MA+vrmu1j6+9L9x53MwRl
xQVYreEo6GbI08kMZg7Xcdo9wJ066EBsqo5FdrTtYLMgKLCtvXAVcwTOj8wA9KNQ
ME4wHQYDVR0OBBYEFJG5qzs7kKdpUhrSzNazXAYADDbDMB8GA1UdIwQYMBaAFJG5
qzs7kKdpUhrSzNazXAYADDbDMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQAD
ggEBAE6wOs43QszCln/y1KlG6AQz2KhnW+qWLhc7tfjHxAzH3OjgSPZ2nbVfE0w9
PKakWrbOYfDpMAPH4HHwbQpwJ6glHYb/ARqcRDobj8Myx4OKG7UsIRjwnyQl0BhR
sx1V1ATnNeJ/LEKm3PdO3OvfnyHUwSeH2iA8bXfpIE1jUirsbA/pAA88vJ04u4fC
uCFWQqpoCZSxqDqT4kBqKjbcfPR/2jP5XxbTbfboSdyZ6Zx2P7/AuoWgW/Nxej2P
up0rgYptHMbN+UPvjg6z2WPadC1gmJ81HEag5Mx9kl1HyDavUN/pgX+9eGYuKR5J
wJ9nFJSlBHlndOp+CSUHtI0cw1M=
-----END CERTIFICATE-----

3
tests/include.am
View File

@@ -22,5 +22,6 @@ EXTRA_DIST += tests/unit.h
EXTRA_DIST += tests/test.conf \ EXTRA_DIST += tests/test.conf \
tests/test-qsh.conf \ tests/test-qsh.conf \
tests/test-psk-no-id.conf \ tests/test-psk-no-id.conf \
tests/test-dtls.conf tests/test-dtls.conf \
tests/test-sig.conf
DISTCLEANFILES+= tests/.libs/unit.test DISTCLEANFILES+= tests/.libs/unit.test

12
tests/suites.c
View File

@@ -498,8 +498,18 @@ int SuiteTest(void)
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
#endif #endif
#ifndef WC_STRICT_SIG
/* add extra signature test suites */
strcpy(argv0[1], "tests/test-sig.conf");
printf("starting sig extra cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
#endif
#ifdef HAVE_QSH #ifdef HAVE_QSH
/* add dtls extra suites */ /* add QSH extra suites */
strcpy(argv0[1], "tests/test-qsh.conf"); strcpy(argv0[1], "tests/test-qsh.conf");
printf("starting qsh extra cipher suite tests\n"); printf("starting qsh extra cipher suite tests\n");
test_harness(&args); test_harness(&args);

199
tests/test-sig.conf Normal file
View File

@@ -0,0 +1,199 @@
# server TLSv1 ECDHE-ECDSA-DES3
-v 1
-l ECDHE-ECDSA-DES-CBC3-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client TLSv1 ECDHE-ECDSA-DES3
-v 1
-l ECDHE-ECDSA-DES-CBC3-SHA
-A ./certs/ca-cert.pem
# server TLSv1 ECDHE-ECDSA-AES128
-v 1
-l ECDHE-ECDSA-AES128-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1 ECDHE-ECDSA-AES128
-v 1
-l ECDHE-ECDSA-AES128-SHA
-A ./certs/server-ecc.pem
# server TLSv1 ECDHE-ECDSA-AES128
-v 1
-l ECDHE-ECDSA-AES128-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client TLSv1 ECDHE-ECDSA-AES128
-v 1
-l ECDHE-ECDSA-AES128-SHA
-A ./certs/ca-cert.pem
# server TLSv1 ECDHE-ECDSA-AES256
-v 1
-l ECDHE-ECDSA-AES256-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client TLSv1 ECDHE-ECDSA-AES256
-v 1
-l ECDHE-ECDSA-AES256-SHA
-A ./certs/ca-cert.pem
# server TLSv1.1 ECDHE-ECDSA-DES3
-v 2
-l ECDHE-ECDSA-DES-CBC3-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client TLSv1.1 ECDHE-ECDSA-DES3
-v 2
-l ECDHE-ECDSA-DES-CBC3-SHA
-A ./certs/ca-cert.pem
# server TLSv1.1 ECDHE-ECDSA-AES128
-v 2
-l ECDHE-ECDSA-AES128-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.1 ECDHE-ECDSA-AES128
-v 2
-l ECDHE-ECDSA-AES128-SHA
-A ./certs/server-ecc.pem
# server TLSv1.1 ECDHE-ECDSA-AES128
-v 2
-l ECDHE-ECDSA-AES128-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client TLSv1.1 ECDHE-ECDSA-AES128
-v 2
-l ECDHE-ECDSA-AES128-SHA
-A ./certs/ca-cert.pem
# server TLSv1.1 ECDHE-ECDSA-AES256
-v 2
-l ECDHE-ECDSA-AES256-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client TLSv1.1 ECDHE-ECDSA-AES256
-v 2
-l ECDHE-ECDSA-AES256-SHA
-A ./certs/ca-cert.pem
# server TLSv1.2 ECDHE-ECDSA-DES3
-v 3
-l ECDHE-ECDSA-DES-CBC3-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDHE-ECDSA-DES3
-v 3
-l ECDHE-ECDSA-DES-CBC3-SHA
-A ./certs/ca-cert.pem
# server TLSv1.2 ECDHE-ECDSA-AES128
-v 3
-l ECDHE-ECDSA-AES128-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDHE-ECDSA-AES128
-v 3
-l ECDHE-ECDSA-AES128-SHA
-A ./certs/server-ecc.pem
# server TLSv1.2 ECDHE-ECDSA-AES128-SHA256
-v 3
-l ECDHE-ECDSA-AES128-SHA256
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDHE-ECDSA-AES128-SHA256
-v 3
-l ECDHE-ECDSA-AES128-SHA256
-A ./certs/ca-cert.pem
# server TLSv1.2 ECDHE-ECDSA-AES256
-v 3
-l ECDHE-ECDSA-AES256-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDHE-ECDSA-AES256
-v 3
-l ECDHE-ECDSA-AES256-SHA
-A ./certs/ca-cert.pem
# server TLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305
-v 3
-l ECDHE-ECDSA-CHACHA20-POLY1305
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305
-v 3
-l ECDHE-ECDSA-CHACHA20-POLY1305
-A ./certs/ca-cert.pem
# server TLSv1.2 ECDH-ECDSA-AES128-SHA256
-v 3
-l ECDH-ECDSA-AES128-SHA256
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDH-ECDSA-AES128-SHA256
-v 3
-l ECDH-ECDSA-AES128-SHA256
-A ./certs/ca-cert.pem
# server TLSv1.2 ECDH-ECDSA-AES256
-v 3
-l ECDH-ECDSA-AES256-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDH-ECDSA-AES256
-v 3
-l ECDH-ECDSA-AES256-SHA
-A ./certs/ca-cert.pem
# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-A ./certs/ca-cert.pem
# server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
-v 3
-l ECDHE-ECDSA-AES256-GCM-SHA384
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
-v 3
-l ECDHE-ECDSA-AES256-GCM-SHA384
-A ./certs/ca-cert.pem
# server TLSv1.2 ECDHE-ECDSA-AES128-CCM-8
-v 3
-l ECDHE-ECDSA-AES128-CCM-8
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDHE-ECDSA-AES128-CCM-8
-v 3
-l ECDHE-ECDSA-AES128-CCM-8
-A ./certs/ca-cert.pem