diff --git a/SCRIPTS-LIST b/SCRIPTS-LIST index 2f2306590..ffea9432f 100644 --- a/SCRIPTS-LIST +++ b/SCRIPTS-LIST @@ -19,13 +19,20 @@ certs/ renewcerts.sh - renews test certs and crls crl/ gencrls.sh - generates crls, used by renewcerts.sh + ocsp/ + renewcerts.sh - renews ocsp certs + ocspd0.sh - ocsp responder for root-ca-cert.pem + ocspd1.sh - ocsp responder for intermediate1-ca-cert.pem + ocspd2.sh - ocsp responder for intermediate2-ca-cert.pem scripts/ external.test - example client test against our website, part of tests google.test - example client test against google, part of tests resume.test - example sessoin resume test, part of tests - sniffer-testsuite.test - runs snifftest on a pcap of testsuite, part of tests - in sniffer mode + ocsp-stapling.test - example client test against globalsign, part of tests + ocsp-stapling2.test - example client test against example server, part of tests + sniffer-testsuite.test - runs snifftest on a pcap of testsuite, part of tests + in sniffer mode swig/ PythonBuild.sh - builds and runs simple python example diff --git a/Vagrantfile b/Vagrantfile index aef42caf7..ddf37ce83 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -17,10 +17,10 @@ cd $LIB.$VER/ && ./autogen.sh && ./configure -q && make -s sudo make install && cd .. && rm -rf $LIB.$VER* -SRC=vagrant DST=wolfssl -cp -rp /$SRC/ $DST/ +cp -rp /vagrant/ $DST/ +chown -hR vagrant:vagrant $DST/ echo "cd $DST" >> .bashrc echo "read -p 'Sync $DST? (y/n) ' -n 1 -r" >> .bashrc @@ -30,20 +30,13 @@ echo " echo -e '\e[0;32mRunning $DST sync\e[0m'" >> .bashrc echo " ./pull_to_vagrant.sh" >> .bashrc echo "fi" >> .bashrc -cd $DST -./autogen.sh -./configure -make check - -cd .. -chown -hR vagrant:vagrant $DST/ /tmp/output SCRIPT VAGRANTFILE_API_VERSION = "2" Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| - config.vm.box = "hashicorp/precise64" + config.vm.box = "ubuntu/trusty64" config.vm.provision "shell", inline: $setup config.vm.network "forwarded_port", guest: 11111, host: 33333 diff --git a/certs/1024/ca-cert.pem b/certs/1024/ca-cert.pem index 3deb3628c..41136c2c2 100644 --- a/certs/1024/ca-cert.pem +++ b/certs/1024/ca-cert.pem @@ -1,12 +1,12 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: 10323419125573214618 (0x8f4426ffb743e19a) - Signature Algorithm: sha1WithRSAEncryption + Serial Number: 16629652120256878762 (0xe6c8647ee63b98aa) + Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting_1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Sep 23 19:23:38 2015 GMT - Not After : Jun 19 19:23:38 2018 GMT + Not Before: Nov 23 12:49:37 2015 GMT + Not After : Aug 19 12:49:37 2018 GMT Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting_1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -28,38 +28,42 @@ Certificate: X509v3 Authority Key Identifier: keyid:D3:22:8F:28:2C:E0:05:EE:D3:ED:C3:71:3D:C9:B2:36:3A:1D:BF:A8 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting_1024/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:8F:44:26:FF:B7:43:E1:9A + serial:E6:C8:64:7E:E6:3B:98:AA X509v3 Basic Constraints: CA:TRUE - Signature Algorithm: sha1WithRSAEncryption - 0e:46:ac:d8:29:1d:12:12:06:0c:d3:3f:7d:58:2e:0d:11:5e: - 5d:0d:dd:17:c0:0f:aa:01:4d:a4:c4:84:81:6e:64:ae:d1:5d: - 58:cd:19:6a:74:a4:46:2f:c8:43:79:39:c0:91:4b:7c:71:ea: - 4e:63:44:66:15:41:15:de:50:82:e3:e9:d1:55:55:cc:5a:38: - 1e:3a:59:b3:0e:ee:0e:54:4d:93:e7:e0:8e:27:a5:6e:08:b8: - 6a:39:da:2d:47:62:c4:5b:89:c0:48:48:2a:d5:f0:55:74:fd: - a6:b1:68:3c:70:a4:52:24:81:ec:4c:57:e0:e8:18:73:9d:0a: - 4d:d8 + Authority Information Access: + OCSP - URI:http://localhost:22222 + + Signature Algorithm: sha256WithRSAEncryption + 82:53:ec:89:0a:6a:1b:ae:c3:69:fc:22:b5:d7:d2:f4:0b:6d: + 18:72:f5:64:7f:bb:80:57:e3:f3:b2:af:e1:89:47:03:19:dd: + 6f:62:ed:2b:24:d3:a2:77:c0:83:6a:fb:0f:55:93:78:15:4a: + c1:e0:13:f2:65:9c:7a:8c:6c:98:57:f0:44:9d:3a:9e:6a:30: + 08:9f:33:ce:0d:7e:86:6f:ef:0e:34:41:b9:c6:1d:34:c6:28: + 1e:f9:81:be:68:3d:77:92:50:c5:f8:2f:4c:aa:db:5f:72:93: + 42:eb:8a:cf:24:a0:d9:25:44:46:8b:ed:de:46:d5:1a:90:e9: + d6:d8 -----BEGIN CERTIFICATE----- -MIIDtTCCAx6gAwIBAgIJAI9EJv+3Q+GaMA0GCSqGSIb3DQEBBQUAMIGZMQswCQYD +MIID6jCCA1OgAwIBAgIJAObIZH7mO5iqMA0GCSqGSIb3DQEBCwUAMIGZMQswCQYD VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G A1UECgwIU2F3dG9vdGgxGDAWBgNVBAsMD0NvbnN1bHRpbmdfMTAyNDEYMBYGA1UE AwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu -Y29tMB4XDTE1MDkyMzE5MjMzOFoXDTE4MDYxOTE5MjMzOFowgZkxCzAJBgNVBAYT +Y29tMB4XDTE1MTEyMzEyNDkzN1oXDTE4MDgxOTEyNDkzN1owgZkxCzAJBgNVBAYT AlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQK DAhTYXd0b290aDEYMBYGA1UECwwPQ29uc3VsdGluZ18xMDI0MRgwFgYDVQQDDA93 d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20w gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM2s3Ufsvrckw2MbVJh54ccxFlnW nXedjeKL7QQXssbr5JuRvjFQYpdYtX8p3rNxJAu/lwl/Jtwt7KgusmQreis1GS2i gMuZ/ZRxGyONVNsuYo2BCC30JHInbPnJjttMdbqbAfg/GPTmf/tXlJLMiMS0AMKq -1OWIGLMRL3PA1ikJAgMBAAGjggEBMIH+MB0GA1UdDgQWBBTTIo8oLOAF7tPtw3E9 -ybI2Oh2/qDCBzgYDVR0jBIHGMIHDgBTTIo8oLOAF7tPtw3E9ybI2Oh2/qKGBn6SB -nDCBmTELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0Jv -emVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRgwFgYDVQQLDA9Db25zdWx0aW5nXzEw -MjQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5m -b0B3b2xmc3NsLmNvbYIJAI9EJv+3Q+GaMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcN -AQEFBQADgYEADkas2CkdEhIGDNM/fVguDRFeXQ3dF8APqgFNpMSEgW5krtFdWM0Z -anSkRi/IQ3k5wJFLfHHqTmNEZhVBFd5QguPp0VVVzFo4HjpZsw7uDlRNk+fgjiel -bgi4ajnaLUdixFuJwEhIKtXwVXT9prFoPHCkUiSB7ExX4OgYc50KTdg= +1OWIGLMRL3PA1ikJAgMBAAGjggE2MIIBMjAdBgNVHQ4EFgQU0yKPKCzgBe7T7cNx +PcmyNjodv6gwgc4GA1UdIwSBxjCBw4AU0yKPKCzgBe7T7cNxPcmyNjodv6ihgZ+k +gZwwgZkxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC +b3plbWFuMREwDwYDVQQKDAhTYXd0b290aDEYMBYGA1UECwwPQ29uc3VsdGluZ18x +MDI0MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGlu +Zm9Ad29sZnNzbC5jb22CCQDmyGR+5juYqjAMBgNVHRMEBTADAQH/MDIGCCsGAQUF +BwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL2xvY2FsaG9zdDoyMjIyMjANBgkq +hkiG9w0BAQsFAAOBgQCCU+yJCmobrsNp/CK119L0C20YcvVkf7uAV+Pzsq/hiUcD +Gd1vYu0rJNOid8CDavsPVZN4FUrB4BPyZZx6jGyYV/BEnTqeajAInzPODX6Gb+8O +NEG5xh00xige+YG+aD13klDF+C9MqttfcpNC64rPJKDZJURGi+3eRtUakOnW2A== -----END CERTIFICATE----- diff --git a/certs/1024/client-cert.der b/certs/1024/client-cert.der index c2bd6df8f..4d4d69ba8 100644 Binary files a/certs/1024/client-cert.der and b/certs/1024/client-cert.der differ diff --git a/certs/1024/client-cert.pem b/certs/1024/client-cert.pem index 2f13e8e25..f99471e9d 100644 --- a/certs/1024/client-cert.pem +++ b/certs/1024/client-cert.pem @@ -1,12 +1,12 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: 16417767964199037690 (0xe3d7a0fa76df2afa) + Serial Number: 15267089231539806063 (0xd3df98c4801f1f6f) Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL_1024, OU=Programming-1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: May 7 18:21:01 2015 GMT - Not After : Jan 31 18:21:01 2018 GMT + Not Before: Nov 23 12:49:37 2015 GMT + Not After : Aug 19 12:49:37 2018 GMT Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_1024, OU=Programming-1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -28,39 +28,43 @@ Certificate: X509v3 Authority Key Identifier: keyid:81:69:0F:F8:DF:DD:CF:34:29:D5:67:75:71:85:C7:75:10:69:59:EC DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_1024/OU=Programming-1024/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:E3:D7:A0:FA:76:DF:2A:FA + serial:D3:DF:98:C4:80:1F:1F:6F X509v3 Basic Constraints: CA:TRUE + Authority Information Access: + OCSP - URI:http://localhost:22222 + Signature Algorithm: sha256WithRSAEncryption - 1d:b7:d5:7c:e1:b1:d8:c0:67:5d:b5:d3:88:e7:50:29:71:63: - 8f:cc:26:1f:33:09:55:43:9b:ab:c6:1b:bc:c7:01:95:1a:fa: - 65:e0:fd:9c:eb:6f:0a:0f:14:ec:b5:2f:dc:1c:30:dd:52:97: - d4:1c:09:00:33:38:5f:cb:a8:16:8f:11:b7:b8:d0:66:e1:54: - 28:f3:3f:bf:6a:6f:76:48:2a:5e:56:a7:ce:1c:f0:04:dd:17: - bd:06:78:21:6d:d6:b1:9b:75:31:92:c1:fe:d4:8d:d4:67:2f: - 03:1b:27:8d:ab:ff:30:3b:c3:7f:23:e4:ab:5b:91:e1:1b:66: - e6:ed + 71:39:fa:86:c3:54:e5:98:b5:e8:c3:cb:97:2f:86:bf:e8:bc: + fb:eb:d8:73:97:34:9a:16:bf:e0:b2:bd:be:7d:ff:a0:d7:e6: + db:a3:52:43:41:60:f1:d7:c3:63:c0:9b:e2:b2:28:87:70:60: + 5d:2b:5d:56:15:3c:b1:1e:03:53:72:39:32:e2:47:85:f7:8b: + e8:38:50:a9:c9:d3:52:75:0e:16:14:a5:a5:c4:9f:3e:73:d8: + 38:79:bf:f7:9b:4d:0d:f3:aa:ce:a2:03:84:66:14:c9:01:f5: + 86:a5:66:a1:ca:6a:71:5f:2d:31:8e:1c:cc:0c:e6:46:99:5d: + 0a:4c -----BEGIN CERTIFICATE----- -MIIDxTCCAy6gAwIBAgIJAOPXoPp23yr6MA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD +MIID+TCCA2KgAwIBAgIJANPfmMSAHx9vMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEVMBMG A1UECgwMd29sZlNTTF8xMDI0MRkwFwYDVQQLDBBQcm9ncmFtbWluZy0xMDI0MRgw FgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s -ZnNzbC5jb20wHhcNMTUwNTA3MTgyMTAxWhcNMTgwMTMxMTgyMTAxWjCBnjELMAkG +ZnNzbC5jb20wHhcNMTUxMTIzMTI0OTM3WhcNMTgwODE5MTI0OTM3WjCBnjELMAkG A1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTAT BgNVBAoMDHdvbGZTU0xfMTAyNDEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMTAyNDEY MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv bGZzc2wuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8cw6oSfN0oqnv GKXaVZkh+cjss21I5TU1dXc37NFhkF8+2eTV35TKwanXGdqGyehNxGE2gv6rrX53 JbuNEaW8YjqoOMw5ogRmtPf386raTQIOu16NaUjcd8koDiLpa6Qmukzowf1Kbysf -74qu9pBi5WQe6ys8Z8jcJwD2kWhlqQIDAQABo4IBBzCCAQMwHQYDVR0OBBYEFIFp +74qu9pBi5WQe6ys8Z8jcJwD2kWhlqQIDAQABo4IBOzCCATcwHQYDVR0OBBYEFIFp D/jf3c80KdVndXGFx3UQaVnsMIHTBgNVHSMEgcswgciAFIFpD/jf3c80KdVndXGF x3UQaVnsoYGkpIGhMIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQ MA4GA1UEBwwHQm96ZW1hbjEVMBMGA1UECgwMd29sZlNTTF8xMDI0MRkwFwYDVQQL DBBQcm9ncmFtbWluZy0xMDI0MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAd -BgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CCQDj16D6dt8q+jAMBgNVHRME -BTADAQH/MA0GCSqGSIb3DQEBCwUAA4GBAB231XzhsdjAZ12104jnUClxY4/MJh8z -CVVDm6vGG7zHAZUa+mXg/ZzrbwoPFOy1L9wcMN1Sl9QcCQAzOF/LqBaPEbe40Gbh -VCjzP79qb3ZIKl5Wp84c8ATdF70GeCFt1rGbdTGSwf7UjdRnLwMbJ42r/zA7w38j -5KtbkeEbZubt +BgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CCQDT35jEgB8fbzAMBgNVHRME +BTADAQH/MDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL2xvY2Fs +aG9zdDoyMjIyMjANBgkqhkiG9w0BAQsFAAOBgQBxOfqGw1TlmLXow8uXL4a/6Lz7 +69hzlzSaFr/gsr2+ff+g1+bbo1JDQWDx18NjwJvisiiHcGBdK11WFTyxHgNTcjky +4keF94voOFCpydNSdQ4WFKWlxJ8+c9g4eb/3m00N86rOogOEZhTJAfWGpWahympx +Xy0xjhzMDOZGmV0KTA== -----END CERTIFICATE----- diff --git a/certs/1024/server-cert.pem b/certs/1024/server-cert.pem index f278d2c0f..739d80ed5 100644 --- a/certs/1024/server-cert.pem +++ b/certs/1024/server-cert.pem @@ -2,11 +2,11 @@ Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) - Signature Algorithm: sha1WithRSAEncryption + Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting_1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Sep 23 19:23:38 2015 GMT - Not After : Jun 19 19:23:38 2018 GMT + Not Before: Nov 23 12:49:37 2015 GMT + Not After : Aug 19 12:49:37 2018 GMT Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Support_1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -28,50 +28,54 @@ Certificate: X509v3 Authority Key Identifier: keyid:D3:22:8F:28:2C:E0:05:EE:D3:ED:C3:71:3D:C9:B2:36:3A:1D:BF:A8 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting_1024/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:8F:44:26:FF:B7:43:E1:9A + serial:E6:C8:64:7E:E6:3B:98:AA X509v3 Basic Constraints: CA:TRUE - Signature Algorithm: sha1WithRSAEncryption - 0a:04:c7:9a:c4:f6:46:db:e4:85:d4:22:02:12:3e:53:27:25: - 24:8a:9b:2f:93:7f:de:70:94:c5:6c:4c:26:25:25:7a:d7:0f: - 33:b9:9c:d2:5a:94:7f:8d:30:75:ad:82:c9:bf:4b:6c:91:58: - 7c:45:1a:89:df:8e:ca:31:9f:ab:38:b3:ae:c2:8f:14:87:e6: - 1c:ab:12:4e:df:82:36:c9:41:46:c4:05:95:88:62:09:72:57: - 66:31:80:b8:9c:55:a8:fb:74:01:32:e7:5a:40:df:9b:e4:98: - d7:5b:ea:69:5c:14:1b:9b:8b:08:2d:d9:58:28:be:c9:01:e0: - e1:a9 + Authority Information Access: + OCSP - URI:http://localhost:22222 + + Signature Algorithm: sha256WithRSAEncryption + cb:33:02:ab:da:33:24:83:8f:e8:2b:29:13:94:58:f2:df:69: + 69:0c:2f:79:79:4f:fc:35:fd:a5:75:59:a5:18:74:02:79:50: + 49:2e:3b:16:28:4b:b5:0f:2a:a4:e7:b9:2a:33:50:eb:c4:7c: + b4:a2:af:8d:24:f3:27:48:58:01:ac:c0:5d:7a:90:6a:5b:f7: + 4f:d3:a5:96:24:24:96:47:2c:81:97:3c:03:1c:ad:90:c7:22: + 90:91:67:03:7f:81:51:c7:97:d7:76:85:82:66:1b:f8:03:d9: + ae:1d:b0:a1:20:05:55:68:2b:d7:eb:92:dc:ec:cd:be:c6:c8: + 53:df -----BEGIN CERTIFICATE----- -MIIDqTCCAxKgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBmTELMAkGA1UEBhMCVVMx +MIID3jCCA0egAwIBAgIBATANBgkqhkiG9w0BAQsFADCBmTELMAkGA1UEBhMCVVMx EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh d3Rvb3RoMRgwFgYDVQQLDA9Db25zdWx0aW5nXzEwMjQxGDAWBgNVBAMMD3d3dy53 b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0x -NTA5MjMxOTIzMzhaFw0xODA2MTkxOTIzMzhaMIGVMQswCQYDVQQGEwJVUzEQMA4G +NTExMjMxMjQ5MzdaFw0xODA4MTkxMjQ5MzdaMIGVMQswCQYDVQQGEwJVUzEQMA4G A1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEQMA4GA1UECgwHd29sZlNT TDEVMBMGA1UECwwMU3VwcG9ydF8xMDI0MRgwFgYDVQQDDA93d3cud29sZnNzbC5j b20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wgZ8wDQYJKoZIhvcN AQEBBQADgY0AMIGJAoGBAKo+pZzTF0llQ97Q80sc20kM/HplBW3easTkcyyKloKP I6UGcRwGPi+SjQspNEVZ6am8YdckN121xDeNumey7wMn+sG0zWsAZrTWc3AfCDrM d63p+TTU86AtqedYqcBhhLbsPQqt/VyGc6prR9iLLlhLaRKCJlXmFL9VcIj++XXh -AgMBAAGjggEBMIH+MB0GA1UdDgQWBBTZPDXqdA4jvpz8+imQCcHnhBaffDCBzgYD -VR0jBIHGMIHDgBTTIo8oLOAF7tPtw3E9ybI2Oh2/qKGBn6SBnDCBmTELMAkGA1UE -BhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNV -BAoMCFNhd3Rvb3RoMRgwFgYDVQQLDA9Db25zdWx0aW5nXzEwMjQxGDAWBgNVBAMM -D3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv -bYIJAI9EJv+3Q+GaMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEACgTH -msT2RtvkhdQiAhI+UyclJIqbL5N/3nCUxWxMJiUletcPM7mc0lqUf40wda2Cyb9L -bJFYfEUaid+OyjGfqzizrsKPFIfmHKsSTt+CNslBRsQFlYhiCXJXZjGAuJxVqPt0 -ATLnWkDfm+SY11vqaVwUG5uLCC3ZWCi+yQHg4ak= +AgMBAAGjggE2MIIBMjAdBgNVHQ4EFgQU2Tw16nQOI76c/PopkAnB54QWn3wwgc4G +A1UdIwSBxjCBw4AU0yKPKCzgBe7T7cNxPcmyNjodv6ihgZ+kgZwwgZkxCzAJBgNV +BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYD +VQQKDAhTYXd0b290aDEYMBYGA1UECwwPQ29uc3VsdGluZ18xMDI0MRgwFgYDVQQD +DA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j +b22CCQDmyGR+5juYqjAMBgNVHRMEBTADAQH/MDIGCCsGAQUFBwEBBCYwJDAiBggr +BgEFBQcwAYYWaHR0cDovL2xvY2FsaG9zdDoyMjIyMjANBgkqhkiG9w0BAQsFAAOB +gQDLMwKr2jMkg4/oKykTlFjy32lpDC95eU/8Nf2ldVmlGHQCeVBJLjsWKEu1Dyqk +57kqM1DrxHy0oq+NJPMnSFgBrMBdepBqW/dP06WWJCSWRyyBlzwDHK2QxyKQkWcD +f4FRx5fXdoWCZhv4A9muHbChIAVVaCvX65Lc7M2+xshT3w== -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) - Serial Number: 10323419125573214618 (0x8f4426ffb743e19a) - Signature Algorithm: sha1WithRSAEncryption + Serial Number: 16629652120256878762 (0xe6c8647ee63b98aa) + Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting_1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Sep 23 19:23:38 2015 GMT - Not After : Jun 19 19:23:38 2018 GMT + Not Before: Nov 23 12:49:37 2015 GMT + Not After : Aug 19 12:49:37 2018 GMT Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting_1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -93,38 +97,42 @@ Certificate: X509v3 Authority Key Identifier: keyid:D3:22:8F:28:2C:E0:05:EE:D3:ED:C3:71:3D:C9:B2:36:3A:1D:BF:A8 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting_1024/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:8F:44:26:FF:B7:43:E1:9A + serial:E6:C8:64:7E:E6:3B:98:AA X509v3 Basic Constraints: CA:TRUE - Signature Algorithm: sha1WithRSAEncryption - 0e:46:ac:d8:29:1d:12:12:06:0c:d3:3f:7d:58:2e:0d:11:5e: - 5d:0d:dd:17:c0:0f:aa:01:4d:a4:c4:84:81:6e:64:ae:d1:5d: - 58:cd:19:6a:74:a4:46:2f:c8:43:79:39:c0:91:4b:7c:71:ea: - 4e:63:44:66:15:41:15:de:50:82:e3:e9:d1:55:55:cc:5a:38: - 1e:3a:59:b3:0e:ee:0e:54:4d:93:e7:e0:8e:27:a5:6e:08:b8: - 6a:39:da:2d:47:62:c4:5b:89:c0:48:48:2a:d5:f0:55:74:fd: - a6:b1:68:3c:70:a4:52:24:81:ec:4c:57:e0:e8:18:73:9d:0a: - 4d:d8 + Authority Information Access: + OCSP - URI:http://localhost:22222 + + Signature Algorithm: sha256WithRSAEncryption + 82:53:ec:89:0a:6a:1b:ae:c3:69:fc:22:b5:d7:d2:f4:0b:6d: + 18:72:f5:64:7f:bb:80:57:e3:f3:b2:af:e1:89:47:03:19:dd: + 6f:62:ed:2b:24:d3:a2:77:c0:83:6a:fb:0f:55:93:78:15:4a: + c1:e0:13:f2:65:9c:7a:8c:6c:98:57:f0:44:9d:3a:9e:6a:30: + 08:9f:33:ce:0d:7e:86:6f:ef:0e:34:41:b9:c6:1d:34:c6:28: + 1e:f9:81:be:68:3d:77:92:50:c5:f8:2f:4c:aa:db:5f:72:93: + 42:eb:8a:cf:24:a0:d9:25:44:46:8b:ed:de:46:d5:1a:90:e9: + d6:d8 -----BEGIN CERTIFICATE----- -MIIDtTCCAx6gAwIBAgIJAI9EJv+3Q+GaMA0GCSqGSIb3DQEBBQUAMIGZMQswCQYD +MIID6jCCA1OgAwIBAgIJAObIZH7mO5iqMA0GCSqGSIb3DQEBCwUAMIGZMQswCQYD VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G A1UECgwIU2F3dG9vdGgxGDAWBgNVBAsMD0NvbnN1bHRpbmdfMTAyNDEYMBYGA1UE AwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu -Y29tMB4XDTE1MDkyMzE5MjMzOFoXDTE4MDYxOTE5MjMzOFowgZkxCzAJBgNVBAYT +Y29tMB4XDTE1MTEyMzEyNDkzN1oXDTE4MDgxOTEyNDkzN1owgZkxCzAJBgNVBAYT AlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQK DAhTYXd0b290aDEYMBYGA1UECwwPQ29uc3VsdGluZ18xMDI0MRgwFgYDVQQDDA93 d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20w gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM2s3Ufsvrckw2MbVJh54ccxFlnW nXedjeKL7QQXssbr5JuRvjFQYpdYtX8p3rNxJAu/lwl/Jtwt7KgusmQreis1GS2i gMuZ/ZRxGyONVNsuYo2BCC30JHInbPnJjttMdbqbAfg/GPTmf/tXlJLMiMS0AMKq -1OWIGLMRL3PA1ikJAgMBAAGjggEBMIH+MB0GA1UdDgQWBBTTIo8oLOAF7tPtw3E9 -ybI2Oh2/qDCBzgYDVR0jBIHGMIHDgBTTIo8oLOAF7tPtw3E9ybI2Oh2/qKGBn6SB -nDCBmTELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0Jv -emVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRgwFgYDVQQLDA9Db25zdWx0aW5nXzEw -MjQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5m -b0B3b2xmc3NsLmNvbYIJAI9EJv+3Q+GaMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcN -AQEFBQADgYEADkas2CkdEhIGDNM/fVguDRFeXQ3dF8APqgFNpMSEgW5krtFdWM0Z -anSkRi/IQ3k5wJFLfHHqTmNEZhVBFd5QguPp0VVVzFo4HjpZsw7uDlRNk+fgjiel -bgi4ajnaLUdixFuJwEhIKtXwVXT9prFoPHCkUiSB7ExX4OgYc50KTdg= +1OWIGLMRL3PA1ikJAgMBAAGjggE2MIIBMjAdBgNVHQ4EFgQU0yKPKCzgBe7T7cNx +PcmyNjodv6gwgc4GA1UdIwSBxjCBw4AU0yKPKCzgBe7T7cNxPcmyNjodv6ihgZ+k +gZwwgZkxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC +b3plbWFuMREwDwYDVQQKDAhTYXd0b290aDEYMBYGA1UECwwPQ29uc3VsdGluZ18x +MDI0MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGlu +Zm9Ad29sZnNzbC5jb22CCQDmyGR+5juYqjAMBgNVHRMEBTADAQH/MDIGCCsGAQUF +BwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL2xvY2FsaG9zdDoyMjIyMjANBgkq +hkiG9w0BAQsFAAOBgQCCU+yJCmobrsNp/CK119L0C20YcvVkf7uAV+Pzsq/hiUcD +Gd1vYu0rJNOid8CDavsPVZN4FUrB4BPyZZx6jGyYV/BEnTqeajAInzPODX6Gb+8O +NEG5xh00xige+YG+aD13klDF+C9MqttfcpNC64rPJKDZJURGi+3eRtUakOnW2A== -----END CERTIFICATE----- diff --git a/certs/ca-cert.der b/certs/ca-cert.der index d0eab7a3c..b61188892 100644 Binary files a/certs/ca-cert.der and b/certs/ca-cert.der differ diff --git a/certs/ca-cert.pem b/certs/ca-cert.pem index 6eacbebd0..0fc46c04d 100644 --- a/certs/ca-cert.pem +++ b/certs/ca-cert.pem @@ -1,12 +1,12 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: 15672591315981621815 (0xd9803ac3d2f4da37) + Serial Number: 11990332945272134785 (0xa6663849459bdc81) Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: May 7 18:21:01 2015 GMT - Not After : Jan 31 18:21:01 2018 GMT + Not Before: Nov 23 12:49:37 2015 GMT + Not After : Aug 19 12:49:37 2018 GMT Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -37,32 +37,35 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:D9:80:3A:C3:D2:F4:DA:37 + serial:A6:66:38:49:45:9B:DC:81 X509v3 Basic Constraints: CA:TRUE + Authority Information Access: + OCSP - URI:http://localhost:22222 + Signature Algorithm: sha256WithRSAEncryption - 7a:af:44:3b:aa:6f:53:42:b2:33:aa:43:5f:56:30:d3:b9:96: - 0b:9a:55:5a:39:2a:0b:4e:e4:2e:f1:95:66:c9:86:36:82:8d: - 63:7c:4d:a2:ee:48:ba:03:c7:90:d7:a7:c6:74:60:48:5f:31: - a2:f9:5e:3e:c3:82:e1:e5:2f:41:81:83:29:25:79:d1:53:00: - 69:3c:ed:0a:30:3b:41:1d:92:a1:2c:a8:9d:2c:e3:23:87:79: - e0:55:6e:91:a8:50:da:46:2f:c2:20:50:3e:2b:47:97:14:b0: - 7d:04:ba:45:51:d0:6e:e1:5a:a2:4b:84:9c:4d:cd:85:04:f9: - 28:31:82:93:bc:c7:59:49:91:03:e8:df:6a:e4:56:ad:6a:cb: - 1f:0d:37:e4:5e:bd:e7:9f:d5:ec:9d:3c:18:25:9b:f1:2f:50: - 7d:eb:31:cb:f1:63:22:9d:57:fc:f3:84:20:1a:c6:07:87:92: - 26:9e:15:18:59:33:06:dc:fb:b0:b6:76:5d:f1:c1:2f:c8:2f: - 62:9c:c0:d6:de:eb:65:77:f3:5c:a6:c3:88:27:96:75:b4:f4: - 54:cd:ff:2d:21:2e:96:f0:07:73:4b:e9:93:92:90:de:62:d9: - a3:3b:ac:6e:24:5f:27:4a:b3:94:70:ff:30:17:e7:7e:32:8f: - 65:b7:75:58 + 41:8f:fb:6b:65:6b:36:f2:56:4f:0c:48:b0:4d:8c:c2:cb:d6: + 58:7a:83:3a:30:7d:62:7b:86:f1:15:26:b3:26:02:77:f2:c8: + 57:e5:1e:60:68:8b:a4:e8:f3:a8:b2:88:a4:2f:e8:6e:25:8d: + 6b:dc:53:ab:2f:d3:47:8c:d6:27:ab:39:bc:d3:ca:d8:01:96: + a4:44:57:38:93:ab:c3:f3:95:67:7f:cf:25:1d:b7:04:dc:06: + c9:5d:24:c1:54:13:71:81:21:31:ee:9f:b4:9d:ce:98:66:a4: + a0:77:c1:88:18:a4:d1:36:ee:cd:d8:c1:1b:bc:03:d6:85:9a: + 2e:21:82:95:4c:b2:2a:fe:69:db:ac:e4:97:e1:e9:0e:f1:d3: + ef:20:86:03:01:66:6b:f0:26:0f:39:04:26:f5:42:98:3f:95: + 48:5f:b5:5d:bc:49:4c:81:38:d5:e9:72:32:1c:66:1b:12:80: + 0f:db:99:f0:97:67:61:79:ad:ab:be:6a:ea:aa:cc:3d:f9:40: + 99:00:93:bb:df:4b:41:d4:7f:f1:93:b2:70:83:3a:e3:6b:44: + 4b:1f:9f:77:53:ea:5d:e6:59:1e:c0:2d:4b:83:d6:f4:a3:d4: + a9:c3:91:12:e7:61:3f:56:9d:8f:b8:19:29:62:1b:58:df:73: + 99:1f:49:63 -----BEGIN CERTIFICATE----- -MIIEqjCCA5KgAwIBAgIJANmAOsPS9No3MA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD +MIIE4DCCA8igAwIBAgIJAKZmOElFm9yBMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3 dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe -Fw0xNTA1MDcxODIxMDFaFw0xODAxMzExODIxMDFaMIGUMQswCQYDVQQGEwJVUzEQ +Fw0xNTExMjMxMjQ5MzdaFw0xODA4MTkxMjQ5MzdaMIGUMQswCQYDVQQGEwJVUzEQ MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3 dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI @@ -71,16 +74,18 @@ mNOs3gNm7irx2LB9bgdUCxCYIU2AyxIg58xP3kV9yXJ3MurKkLtpUhADL6jzlcXx i2JWG+9nb6QQQZWtCpvjpcCw0nB2UDBbqOgILHztp6J6jTgpHKzH7fJ8lbCVgn1J XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc /hr8fat6Nj+Y3oR8BWfOahQ4h6nxjLVoy2h/cSAr9aBj9VYvoybSt2+xWhfXOJkI -/pNYb/7DE0kIFgunTWcAUjFnI06Y7VFFHbkE2Qvs2CizS73tNnkCAwEAAaOB/DCB -+TAdBgNVHQ4EFgQUJ45nEXTDJh0/7TNjs6TYHTDl6NUwgckGA1UdIwSBwTCBvoAU -J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD -VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 -aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t -MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkA2YA6w9L02jcwDAYD -VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAeq9EO6pvU0KyM6pDX1Yw07mW -C5pVWjkqC07kLvGVZsmGNoKNY3xNou5IugPHkNenxnRgSF8xovlePsOC4eUvQYGD -KSV50VMAaTztCjA7QR2SoSyonSzjI4d54FVukahQ2kYvwiBQPitHlxSwfQS6RVHQ -buFaokuEnE3NhQT5KDGCk7zHWUmRA+jfauRWrWrLHw035F6955/V7J08GCWb8S9Q -fesxy/FjIp1X/POEIBrGB4eSJp4VGFkzBtz7sLZ2XfHBL8gvYpzA1t7rZXfzXKbD -iCeWdbT0VM3/LSEulvAHc0vpk5KQ3mLZozusbiRfJ0qzlHD/MBfnfjKPZbd1WA== +/pNYb/7DE0kIFgunTWcAUjFnI06Y7VFFHbkE2Qvs2CizS73tNnkCAwEAAaOCATEw +ggEtMB0GA1UdDgQWBBQnjmcRdMMmHT/tM2OzpNgdMOXo1TCByQYDVR0jBIHBMIG+ +gBQnjmcRdMMmHT/tM2OzpNgdMOXo1aGBmqSBlzCBlDELMAkGA1UEBhMCVVMxEDAO +BgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rv +b3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5j +b20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CCQCmZjhJRZvcgTAM +BgNVHRMEBTADAQH/MDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDov +L2xvY2FsaG9zdDoyMjIyMjANBgkqhkiG9w0BAQsFAAOCAQEAQY/7a2VrNvJWTwxI +sE2MwsvWWHqDOjB9YnuG8RUmsyYCd/LIV+UeYGiLpOjzqLKIpC/obiWNa9xTqy/T +R4zWJ6s5vNPK2AGWpERXOJOrw/OVZ3/PJR23BNwGyV0kwVQTcYEhMe6ftJ3OmGak +oHfBiBik0TbuzdjBG7wD1oWaLiGClUyyKv5p26zkl+HpDvHT7yCGAwFma/AmDzkE +JvVCmD+VSF+1XbxJTIE41elyMhxmGxKAD9uZ8JdnYXmtq75q6qrMPflAmQCTu99L +QdR/8ZOycIM642tESx+fd1PqXeZZHsAtS4PW9KPUqcOREudhP1adj7gZKWIbWN9z +mR9JYw== -----END CERTIFICATE----- diff --git a/certs/client-cert.der b/certs/client-cert.der index 9a7e0bf9b..0596ce743 100644 Binary files a/certs/client-cert.der and b/certs/client-cert.der differ diff --git a/certs/client-cert.pem b/certs/client-cert.pem index 569cdddac..296581003 100644 --- a/certs/client-cert.pem +++ b/certs/client-cert.pem @@ -1,12 +1,12 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: 12260966172072242701 (0xaa27b3c5a9726e0d) + Serial Number: 10777134365807824960 (0x9590129b22a15040) Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL_2048, OU=Programming-2048, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: May 7 18:21:01 2015 GMT - Not After : Jan 31 18:21:01 2018 GMT + Not Before: Nov 23 12:49:37 2015 GMT + Not After : Aug 19 12:49:37 2018 GMT Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_2048, OU=Programming-2048, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -37,32 +37,35 @@ Certificate: X509v3 Authority Key Identifier: keyid:33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0 DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=Programming-2048/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:AA:27:B3:C5:A9:72:6E:0D + serial:95:90:12:9B:22:A1:50:40 X509v3 Basic Constraints: CA:TRUE + Authority Information Access: + OCSP - URI:http://localhost:22222 + Signature Algorithm: sha256WithRSAEncryption - 51:96:a7:1c:26:5d:1c:90:c6:32:9f:96:15:f2:1d:e7:93:9c: - ac:75:56:95:fd:20:70:ab:45:6a:09:b0:f3:f2:03:a8:db:dc: - 2f:bc:1f:87:7a:a3:d4:8f:d5:49:97:7e:3c:54:ac:b1:e3:f0: - 39:0d:fe:09:9a:23:f6:32:a6:41:59:bd:60:e8:bd:de:00:36: - 6f:3e:e9:41:6f:a9:63:c7:aa:d5:7b:f3:e4:39:48:9e:f6:60: - c6:c6:86:d5:72:86:23:cd:f5:6a:63:53:a4:f8:fc:51:6a:cd: - 60:74:8e:a3:86:61:01:34:78:f7:29:97:b3:a7:34:b6:0a:de: - b5:71:7a:09:a6:3e:d6:82:58:89:67:9c:c5:68:62:ba:06:d6: - 39:bb:cb:3a:c0:e0:63:1f:c7:0c:9c:12:86:ec:f7:39:6a:61: - 93:d0:33:14:c6:55:3b:b6:cf:80:5b:8c:43:ef:43:44:0b:3c: - 93:39:a3:4e:15:d1:0b:5f:84:98:1d:cd:9f:a9:47:eb:3b:56: - 30:b6:76:92:c1:48:5f:bc:95:b0:50:1a:55:c8:4e:62:47:87: - 54:64:0c:9b:91:fa:43:b3:29:48:be:e6:12:eb:e3:44:c6:52: - e4:40:c6:83:95:1b:a7:65:27:69:73:2f:c8:a0:4d:7f:be:ea: - 9b:67:b2:7b + 7b:91:63:8d:39:54:64:3c:b4:3f:d5:c8:4f:bf:0b:bf:af:5c: + 9c:41:c7:0b:52:6d:c6:f0:de:7c:ff:9b:4e:fe:f3:22:a5:00: + 13:9f:81:e4:6d:70:2c:f9:7a:f4:d8:50:be:72:e1:04:8b:b0: + 05:e3:61:82:3f:65:de:f9:e9:d3:3d:97:7d:88:b7:99:85:c1: + e5:5c:57:a7:9c:1f:f2:b8:ce:ec:d7:d1:9b:ec:fb:0e:6f:02: + ad:51:c0:76:dd:66:0a:ce:0d:09:e6:a8:42:b0:06:c3:04:e7: + 1c:c7:10:83:07:f2:e6:11:1a:cd:a7:b9:7e:17:ef:ea:63:9c: + f2:a5:be:6b:b6:df:eb:5a:75:01:59:05:f7:ec:49:75:10:dd: + 40:1a:25:25:4f:78:6e:e1:92:21:b5:b8:82:2f:33:b3:5b:b6: + 81:b8:b1:a4:0c:8d:98:74:74:da:0d:90:33:c8:a7:aa:0d:06: + 5a:04:eb:37:d3:e4:55:0c:93:b6:c8:3a:e8:a7:2b:4e:b8:90: + bb:36:0b:db:7f:2e:99:23:76:68:81:a8:73:74:e7:68:fb:1d: + ff:5b:ec:b5:6b:30:d1:d0:2b:89:a6:c6:a9:fc:03:66:fe:b5: + 8c:af:de:8e:2a:b4:78:9c:d7:4a:fc:9c:c4:7c:19:20:83:0e: + fd:3f:4d:a7 -----BEGIN CERTIFICATE----- -MIIEyjCCA7KgAwIBAgIJAKons8Wpcm4NMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD +MIIE/jCCA+agAwIBAgIJAJWQEpsioVBAMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEVMBMG A1UECgwMd29sZlNTTF8yMDQ4MRkwFwYDVQQLDBBQcm9ncmFtbWluZy0yMDQ4MRgw FgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s -ZnNzbC5jb20wHhcNMTUwNTA3MTgyMTAxWhcNMTgwMTMxMTgyMTAxWjCBnjELMAkG +ZnNzbC5jb20wHhcNMTUxMTIzMTI0OTM3WhcNMTgwODE5MTI0OTM3WjCBnjELMAkG A1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTAT BgNVBAoMDHdvbGZTU0xfMjA0ODEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMjA0ODEY MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv @@ -72,16 +75,17 @@ StIb94u6zw357+zxgR57mwNHmr9lzH9lJGmm6BSJW+Q098WwFJP1Z3s6enjhAVZW kaYTQo3SPECcTO/Rht83URsMoTv18aNKNeThzpbfG36/TpfQEOioCDCBryALQxTF dGe0MoJvjYbCiECZNoO6HkByIhfXUmUkc7DO7xnNrv94bHvAEgPUTnINUG07ozuj mV6dyNkMhbPZitlUJttt+qy7/yVMxNF59HHThkAYE7BjtXJOMMSXhIYtVi/XFfd/ -wK71/Fvl+6G60wIDAQABo4IBBzCCAQMwHQYDVR0OBBYEFDPYRWbXaIcYflQNcCeR +wK71/Fvl+6G60wIDAQABo4IBOzCCATcwHQYDVR0OBBYEFDPYRWbXaIcYflQNcCeR xybXhWXAMIHTBgNVHSMEgcswgciAFDPYRWbXaIcYflQNcCeRxybXhWXAoYGkpIGh MIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96 ZW1hbjEVMBMGA1UECgwMd29sZlNTTF8yMDQ4MRkwFwYDVQQLDBBQcm9ncmFtbWlu Zy0yMDQ4MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEW -EGluZm9Ad29sZnNzbC5jb22CCQCqJ7PFqXJuDTAMBgNVHRMEBTADAQH/MA0GCSqG -SIb3DQEBCwUAA4IBAQBRlqccJl0ckMYyn5YV8h3nk5ysdVaV/SBwq0VqCbDz8gOo -29wvvB+HeqPUj9VJl348VKyx4/A5Df4JmiP2MqZBWb1g6L3eADZvPulBb6ljx6rV -e/PkOUie9mDGxobVcoYjzfVqY1Ok+PxRas1gdI6jhmEBNHj3KZezpzS2Ct61cXoJ -pj7WgliJZ5zFaGK6BtY5u8s6wOBjH8cMnBKG7Pc5amGT0DMUxlU7ts+AW4xD70NE -CzyTOaNOFdELX4SYHc2fqUfrO1YwtnaSwUhfvJWwUBpVyE5iR4dUZAybkfpDsylI -vuYS6+NExlLkQMaDlRunZSdpcy/IoE1/vuqbZ7J7 +EGluZm9Ad29sZnNzbC5jb22CCQCVkBKbIqFQQDAMBgNVHRMEBTADAQH/MDIGCCsG +AQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL2xvY2FsaG9zdDoyMjIyMjAN +BgkqhkiG9w0BAQsFAAOCAQEAe5FjjTlUZDy0P9XIT78Lv69cnEHHC1JtxvDefP+b +Tv7zIqUAE5+B5G1wLPl69NhQvnLhBIuwBeNhgj9l3vnp0z2XfYi3mYXB5VxXp5wf +8rjO7NfRm+z7Dm8CrVHAdt1mCs4NCeaoQrAGwwTnHMcQgwfy5hEazae5fhfv6mOc +8qW+a7bf61p1AVkF9+xJdRDdQBolJU94buGSIbW4gi8zs1u2gbixpAyNmHR02g2Q +M8inqg0GWgTrN9PkVQyTtsg66KcrTriQuzYL238umSN2aIGoc3TnaPsd/1vstWsw +0dAriabGqfwDZv61jK/ejiq0eJzXSvycxHwZIIMO/T9Npw== -----END CERTIFICATE----- diff --git a/certs/client-ecc-cert.der b/certs/client-ecc-cert.der index fa9a24839..5b6226714 100644 Binary files a/certs/client-ecc-cert.der and b/certs/client-ecc-cert.der differ diff --git a/certs/client-ecc-cert.pem b/certs/client-ecc-cert.pem index 20905154c..e5d3e4b0d 100644 --- a/certs/client-ecc-cert.pem +++ b/certs/client-ecc-cert.pem @@ -1,12 +1,12 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: 16108595702940209934 (0xdf8d3a71e022930e) + Serial Number: 14757985853299502082 (0xcccee5f142282c02) Signature Algorithm: ecdsa-with-SHA256 Issuer: C=US, ST=Oregon, L=Salem, O=Client ECC, OU=Fast, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: May 7 18:21:01 2015 GMT - Not After : Jan 31 18:21:01 2018 GMT + Not Before: Nov 23 12:49:37 2015 GMT + Not After : Aug 19 12:49:37 2018 GMT Subject: C=US, ST=Oregon, L=Salem, O=Client ECC, OU=Fast, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: id-ecPublicKey @@ -24,31 +24,35 @@ Certificate: X509v3 Authority Key Identifier: keyid:EB:D4:4B:59:6B:95:61:3F:51:57:B6:04:4D:89:41:88:44:5C:AB:F2 DirName:/C=US/ST=Oregon/L=Salem/O=Client ECC/OU=Fast/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:DF:8D:3A:71:E0:22:93:0E + serial:CC:CE:E5:F1:42:28:2C:02 X509v3 Basic Constraints: CA:TRUE + Authority Information Access: + OCSP - URI:http://localhost:22222 + Signature Algorithm: ecdsa-with-SHA256 - 30:44:02:20:74:7b:ae:7e:9c:c8:69:95:8a:0b:ad:7f:c9:37: - 3d:3c:7f:b7:ef:f3:da:9b:ea:d0:a7:76:0a:a4:77:12:f7:a8: - 02:20:71:95:87:89:b7:a8:8b:bb:fa:9f:84:dc:2b:71:dc:4a: - c5:5a:65:b2:fc:33:c4:ce:36:4f:ab:c6:38:36:6c:88 + 30:45:02:21:00:9f:24:c2:3b:e6:e5:2a:2d:d1:99:67:ca:f5: + ed:d1:d6:90:19:16:16:f8:9e:56:a9:ed:1b:19:92:54:0e:a7: + e2:02:20:51:c1:57:81:ba:50:7f:09:38:b6:16:7d:dc:63:50: + f3:f3:ed:b0:8d:56:75:94:91:21:71:32:b7:c2:59:c9:60 -----BEGIN CERTIFICATE----- -MIIDCDCCAq+gAwIBAgIJAN+NOnHgIpMOMAoGCCqGSM49BAMCMIGNMQswCQYDVQQG +MIIDPzCCAuWgAwIBAgIJAMzO5fFCKCwCMAoGCCqGSM49BAMCMIGNMQswCQYDVQQG EwJVUzEPMA0GA1UECAwGT3JlZ29uMQ4wDAYDVQQHDAVTYWxlbTETMBEGA1UECgwK Q2xpZW50IEVDQzENMAsGA1UECwwERmFzdDEYMBYGA1UEAwwPd3d3LndvbGZzc2wu -Y29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE1MDUwNzE4 -MjEwMVoXDTE4MDEzMTE4MjEwMVowgY0xCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZP +Y29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE1MTEyMzEy +NDkzN1oXDTE4MDgxOTEyNDkzN1owgY0xCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZP cmVnb24xDjAMBgNVBAcMBVNhbGVtMRMwEQYDVQQKDApDbGllbnQgRUNDMQ0wCwYD VQQLDARGYXN0MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0B CQEWEGluZm9Ad29sZnNzbC5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARV v/QPRFCaPc6bt/DFTfVwe9TsJI4ZgOxaTKIkA2Ism9rvojUSQ4R2FsZWlQbMAam9 -9nUaQve9qbI2Il/HXX+0o4H1MIHyMB0GA1UdDgQWBBTr1EtZa5VhP1FXtgRNiUGI -RFyr8jCBwgYDVR0jBIG6MIG3gBTr1EtZa5VhP1FXtgRNiUGIRFyr8qGBk6SBkDCB -jTELMAkGA1UEBhMCVVMxDzANBgNVBAgMBk9yZWdvbjEOMAwGA1UEBwwFU2FsZW0x -EzARBgNVBAoMCkNsaWVudCBFQ0MxDTALBgNVBAsMBEZhc3QxGDAWBgNVBAMMD3d3 -dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJ -AN+NOnHgIpMOMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgdHuufpzI -aZWKC61/yTc9PH+37/Pam+rQp3YKpHcS96gCIHGVh4m3qIu7+p+E3Ctx3ErFWmWy -/DPEzjZPq8Y4NmyI +9nUaQve9qbI2Il/HXX+0o4IBKjCCASYwHQYDVR0OBBYEFOvUS1lrlWE/UVe2BE2J +QYhEXKvyMIHCBgNVHSMEgbowgbeAFOvUS1lrlWE/UVe2BE2JQYhEXKvyoYGTpIGQ +MIGNMQswCQYDVQQGEwJVUzEPMA0GA1UECAwGT3JlZ29uMQ4wDAYDVQQHDAVTYWxl +bTETMBEGA1UECgwKQ2xpZW50IEVDQzENMAsGA1UECwwERmFzdDEYMBYGA1UEAwwP +d3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t +ggkAzM7l8UIoLAIwDAYDVR0TBAUwAwEB/zAyBggrBgEFBQcBAQQmMCQwIgYIKwYB +BQUHMAGGFmh0dHA6Ly9sb2NhbGhvc3Q6MjIyMjIwCgYIKoZIzj0EAwIDSAAwRQIh +AJ8kwjvm5Sot0ZlnyvXt0daQGRYW+J5Wqe0bGZJUDqfiAiBRwVeBulB/CTi2Fn3c +Y1Dz8+2wjVZ1lJEhcTK3wlnJYA== -----END CERTIFICATE----- diff --git a/certs/crl/cliCrl.pem b/certs/crl/cliCrl.pem index da4e61795..4d60c7ad4 100644 --- a/certs/crl/cliCrl.pem +++ b/certs/crl/cliCrl.pem @@ -2,38 +2,38 @@ Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: /C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=Programming-2048/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Last Update: May 7 18:21:01 2015 GMT - Next Update: Jan 31 18:21:01 2018 GMT + Last Update: Nov 23 12:49:37 2015 GMT + Next Update: Aug 19 12:49:37 2018 GMT CRL extensions: X509v3 CRL Number: 3 No Revoked Certificates. Signature Algorithm: sha256WithRSAEncryption - a2:15:f0:cf:70:85:49:b9:5b:c1:af:2b:22:14:9d:ee:11:8d: - 93:2d:58:17:d8:f6:b6:1a:1a:25:a2:27:c9:6b:4f:b3:31:c7: - 2c:52:c4:53:59:19:ef:cf:91:ee:b5:19:28:37:49:9e:b6:e0: - 41:62:4c:9f:f1:34:bf:88:aa:ae:24:38:8d:29:0a:64:08:a8: - 68:f4:b5:28:73:d6:94:b9:0a:3f:7c:c1:22:72:be:14:ba:c9: - 1b:9d:26:af:78:c2:cf:5f:ff:1e:cc:25:c0:63:f1:9b:97:85: - 5c:c0:4d:14:ed:f9:ad:cb:02:7d:05:c7:5c:c1:7c:89:72:35: - 49:70:a8:b1:ae:91:96:77:9a:c6:cb:38:27:88:3f:f4:c8:ba: - c9:08:7f:dd:a6:41:82:62:65:a0:f2:0c:36:5a:d9:15:57:5e: - 66:c3:a2:ff:5e:4d:7c:bc:4b:7c:30:84:44:e3:06:34:a8:42: - 3b:d9:6a:04:4a:0b:e5:59:66:63:b9:7a:80:48:68:31:1c:aa: - 98:bc:09:0e:a7:83:5f:a7:00:f1:fb:78:bc:08:86:73:ef:53: - 25:b8:1b:5e:7c:77:a8:12:7b:52:7f:1e:63:bc:db:60:99:46: - ab:e1:2e:48:d1:28:40:68:1e:9e:a0:2f:14:04:66:b3:b1:b1: - 3b:d0:46:64 + 09:be:cf:c6:43:19:57:e4:49:37:90:ae:a4:15:a7:a1:61:f4: + 4d:62:12:f4:62:da:05:49:f6:14:78:68:1a:75:11:ee:42:53: + d2:83:32:87:40:d7:60:c2:1e:b6:b8:e4:87:a5:fb:ab:a9:df: + 40:4f:a0:f9:04:d3:c4:1e:52:d8:3b:c5:72:8f:df:da:02:16: + c9:c7:0c:4b:45:8c:4a:9f:37:7b:ee:3b:7c:7b:b3:93:b2:22: + b6:8c:83:8c:56:8f:c0:a6:5d:e8:3c:1a:af:5d:ae:b4:84:91: + 6c:96:03:04:32:3d:56:24:91:cf:b5:5d:d6:15:de:76:36:ea: + 7d:30:12:7e:56:ab:47:00:e9:fb:11:b7:89:da:60:32:54:64: + 8e:bb:09:59:ea:58:e2:08:40:85:ae:a6:4f:c9:1a:8b:31:32: + b5:2a:54:c7:80:41:19:c9:7a:96:f8:8d:1d:7b:98:45:8f:fd: + 5d:ed:f5:88:b8:aa:77:1e:a4:07:29:5c:23:27:e9:89:29:a6: + 2d:76:30:a4:8b:c5:af:29:19:b7:1d:0a:c9:f8:cf:f9:0e:3f: + a2:48:7f:84:29:1b:3b:f4:7a:51:6d:8e:4a:df:e6:e5:80:76: + 7e:a0:7d:a4:95:bb:df:6f:99:95:83:bd:79:5c:c2:5c:8d:8a: + 0e:97:ca:c8 -----BEGIN X509 CRL----- MIIB+DCB4QIBATANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCVVMxEDAOBgNV BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTATBgNVBAoMDHdvbGZTU0xf MjA0ODEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMjA0ODEYMBYGA1UEAwwPd3d3Lndv -bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xNTA1 -MDcxODIxMDFaFw0xODAxMzExODIxMDFaoA4wDDAKBgNVHRQEAwIBAzANBgkqhkiG -9w0BAQsFAAOCAQEAohXwz3CFSblbwa8rIhSd7hGNky1YF9j2thoaJaInyWtPszHH -LFLEU1kZ78+R7rUZKDdJnrbgQWJMn/E0v4iqriQ4jSkKZAioaPS1KHPWlLkKP3zB -InK+FLrJG50mr3jCz1//HswlwGPxm5eFXMBNFO35rcsCfQXHXMF8iXI1SXCosa6R -lneaxss4J4g/9Mi6yQh/3aZBgmJloPIMNlrZFVdeZsOi/15NfLxLfDCEROMGNKhC -O9lqBEoL5VlmY7l6gEhoMRyqmLwJDqeDX6cA8ft4vAiGc+9TJbgbXnx3qBJ7Un8e -Y7zbYJlGq+EuSNEoQGgenqAvFARms7GxO9BGZA== +bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xNTEx +MjMxMjQ5MzdaFw0xODA4MTkxMjQ5MzdaoA4wDDAKBgNVHRQEAwIBAzANBgkqhkiG +9w0BAQsFAAOCAQEACb7PxkMZV+RJN5CupBWnoWH0TWIS9GLaBUn2FHhoGnUR7kJT +0oMyh0DXYMIetrjkh6X7q6nfQE+g+QTTxB5S2DvFco/f2gIWyccMS0WMSp83e+47 +fHuzk7IitoyDjFaPwKZd6Dwar12utISRbJYDBDI9ViSRz7Vd1hXedjbqfTASflar +RwDp+xG3idpgMlRkjrsJWepY4ghAha6mT8kaizEytSpUx4BBGcl6lviNHXuYRY/9 +Xe31iLiqdx6kBylcIyfpiSmmLXYwpIvFrykZtx0KyfjP+Q4/okh/hCkbO/R6UW2O +St/m5YB2fqB9pJW732+ZlYO9eVzCXI2KDpfKyA== -----END X509 CRL----- diff --git a/certs/crl/crl.pem b/certs/crl/crl.pem index 20610ef60..b8a079224 100644 --- a/certs/crl/crl.pem +++ b/certs/crl/crl.pem @@ -2,40 +2,40 @@ Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Last Update: Jul 23 22:05:10 2015 GMT - Next Update: Apr 18 22:05:10 2018 GMT + Last Update: Nov 23 12:49:37 2015 GMT + Next Update: Aug 19 12:49:37 2018 GMT CRL extensions: X509v3 CRL Number: 1 Revoked Certificates: Serial Number: 02 - Revocation Date: Jul 23 22:05:10 2015 GMT + Revocation Date: Nov 23 12:49:37 2015 GMT Signature Algorithm: sha256WithRSAEncryption - 68:55:84:c7:53:54:06:ea:3e:f2:d0:3d:e6:30:84:d5:12:82: - 55:5b:4c:74:60:49:5d:4f:73:cd:cc:5f:42:bf:0d:93:93:a6: - 81:60:9d:0c:7f:c6:75:f0:77:77:1f:81:cf:02:4a:7f:2e:e3: - 1b:c4:b0:eb:0f:25:53:3d:78:7b:3e:8f:16:5e:37:c6:fd:f5: - 93:bb:9a:d7:f1:78:eb:78:9f:5d:44:85:e0:5e:14:8b:b5:2b: - c5:af:23:43:82:27:0b:db:de:12:4a:1a:23:a7:f3:d9:3a:3f: - 6f:23:e2:53:a0:ef:1e:b5:f2:da:c8:00:d2:f0:57:78:af:5d: - e3:8e:c4:06:27:7d:3d:ee:04:06:96:7a:9b:34:d9:e9:bc:a3: - 2d:6c:01:36:c4:5d:bf:c5:7f:74:f3:bb:55:75:ff:a1:a9:66: - cc:b2:e0:a0:f6:0b:05:e1:ac:69:42:3f:df:b4:dd:8f:37:5c: - f5:09:4f:a7:c3:d6:ae:a2:c6:63:f3:ed:03:df:3c:ee:58:c1: - 45:e8:85:7b:99:aa:fc:7d:ae:69:94:b9:50:0a:76:7d:b9:fd: - 74:55:b8:b1:37:75:7d:f7:e6:1a:91:cd:68:b6:49:37:cb:c8: - e1:69:57:1b:c6:ef:ec:0a:fa:d3:72:92:95:ec:f1:c1:c3:53: - 7d:fb:d0:66 + 3c:36:71:b3:df:e4:08:16:59:55:3c:2c:f4:80:4e:e6:2f:db: + 9c:26:8d:3f:ef:c4:99:3e:14:7f:de:51:ea:ca:4a:6b:c5:ee: + 54:04:c8:87:54:43:d7:df:ad:33:1c:7e:b6:09:e2:fb:da:27: + 9d:ca:5e:fd:3c:f5:78:64:6f:2d:3d:05:26:68:e0:ed:36:25: + 8f:95:57:0e:85:16:3d:01:bd:69:9f:70:b9:12:bc:2f:45:dc: + 20:30:e0:55:a3:50:e2:d8:bd:94:50:01:11:ec:fa:19:a0:85: + 75:a3:bc:74:f5:08:48:b6:c8:09:10:e2:4c:f5:73:e3:c9:38: + 7e:4f:cc:9d:9c:51:04:0d:2f:5e:fb:b3:49:66:86:8e:16:d6: + 2d:97:50:b2:b0:d9:5e:ed:4f:fc:f3:db:03:6e:25:a7:b7:e3: + 81:f8:6a:21:0d:fa:aa:96:30:80:11:fa:67:ea:f4:92:f8:69: + cc:a0:1d:04:ec:3f:21:58:70:f9:f4:50:b3:79:ad:2b:ae:07: + a4:c6:6b:2f:45:85:e2:bf:de:64:a0:50:2b:15:c9:c1:ae:5e: + 7f:ff:4d:c0:e5:d0:13:7d:cc:0d:cf:7c:4d:28:7b:8e:4b:4a: + c0:02:0d:b6:1e:9a:38:b8:99:70:be:fa:1f:35:d7:92:ac:36: + c8:0c:07:d8 -----BEGIN X509 CRL----- MIICBDCB7QIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3Ro MRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x -HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE1MDcyMzIyMDUxMFoX -DTE4MDQxODIyMDUxMFowFDASAgECFw0xNTA3MjMyMjA1MTBaoA4wDDAKBgNVHRQE -AwIBATANBgkqhkiG9w0BAQsFAAOCAQEAaFWEx1NUBuo+8tA95jCE1RKCVVtMdGBJ -XU9zzcxfQr8Nk5OmgWCdDH/GdfB3dx+BzwJKfy7jG8Sw6w8lUz14ez6PFl43xv31 -k7ua1/F463ifXUSF4F4Ui7Urxa8jQ4InC9veEkoaI6fz2To/byPiU6DvHrXy2sgA -0vBXeK9d447EBid9Pe4EBpZ6mzTZ6byjLWwBNsRdv8V/dPO7VXX/oalmzLLgoPYL -BeGsaUI/37Tdjzdc9QlPp8PWrqLGY/PtA9887ljBReiFe5mq/H2uaZS5UAp2fbn9 -dFW4sTd1fffmGpHNaLZJN8vI4WlXG8bv7Ar603KSlezxwcNTffvQZg== +HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE1MTEyMzEyNDkzN1oX +DTE4MDgxOTEyNDkzN1owFDASAgECFw0xNTExMjMxMjQ5MzdaoA4wDDAKBgNVHRQE +AwIBATANBgkqhkiG9w0BAQsFAAOCAQEAPDZxs9/kCBZZVTws9IBO5i/bnCaNP+/E +mT4Uf95R6spKa8XuVATIh1RD19+tMxx+tgni+9onncpe/Tz1eGRvLT0FJmjg7TYl +j5VXDoUWPQG9aZ9wuRK8L0XcIDDgVaNQ4ti9lFABEez6GaCFdaO8dPUISLbICRDi +TPVz48k4fk/MnZxRBA0vXvuzSWaGjhbWLZdQsrDZXu1P/PPbA24lp7fjgfhqIQ36 +qpYwgBH6Z+r0kvhpzKAdBOw/IVhw+fRQs3mtK64HpMZrL0WF4r/eZKBQKxXJwa5e +f/9NwOXQE33MDc98TSh7jktKwAINth6aOLiZcL76HzXXkqw2yAwH2A== -----END X509 CRL----- diff --git a/certs/crl/crl.revoked b/certs/crl/crl.revoked index 6bef57e6b..9e9d883ee 100644 --- a/certs/crl/crl.revoked +++ b/certs/crl/crl.revoked @@ -2,43 +2,43 @@ Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Last Update: Jul 22 16:17:45 2015 GMT - Next Update: Apr 17 16:17:45 2018 GMT + Last Update: Nov 23 12:49:37 2015 GMT + Next Update: Aug 19 12:49:37 2018 GMT CRL extensions: X509v3 CRL Number: - 7 + 2 Revoked Certificates: Serial Number: 01 - Revocation Date: Jul 22 16:17:45 2015 GMT + Revocation Date: Nov 23 12:49:37 2015 GMT Serial Number: 02 - Revocation Date: Jul 22 16:17:45 2015 GMT + Revocation Date: Nov 23 12:49:37 2015 GMT Signature Algorithm: sha256WithRSAEncryption - 7f:61:91:8a:8c:c1:23:f1:d4:98:d9:67:67:1e:d2:54:2a:ce: - b8:41:d1:f7:c4:88:84:01:a5:52:d6:42:d1:af:e6:c8:fb:13: - 51:9e:2e:18:c1:e7:9d:83:81:79:d3:34:a3:14:a8:1c:7b:9e: - 07:2b:fb:73:31:ce:17:52:69:80:cc:f7:fd:42:e3:1c:e0:63: - 66:70:52:81:09:cc:be:51:02:2c:33:9a:ec:21:15:81:9f:7a: - 10:d0:9c:23:f4:e6:b3:2b:e2:36:0e:fb:79:da:52:2c:bc:fa: - dd:9c:53:6b:48:b0:6a:56:5c:7b:87:53:18:94:c4:37:03:bf: - 13:18:e3:a4:26:e0:66:0c:dc:e5:99:84:5d:36:69:01:f4:69: - d4:06:eb:43:ff:4f:f5:17:46:9d:b7:cb:45:ec:0d:9e:9c:4a: - 96:3c:0b:92:c5:fb:de:d4:3f:af:a9:5e:b1:6f:9d:d7:8b:b5: - ab:86:b6:eb:00:da:b1:f4:6d:72:2d:9b:ec:f3:1b:2f:24:99: - d5:04:7b:4f:f8:7a:2e:4e:b6:ee:be:f8:50:d2:96:96:6f:f6: - 3a:c2:7f:35:48:82:1a:84:64:03:e8:58:8e:0c:dc:62:97:cd: - 82:ff:16:93:ac:44:14:e1:ae:fc:fb:52:25:b6:0d:70:ec:c4: - 93:42:37:af + 33:65:94:a5:92:9f:6e:21:0f:75:3a:d2:05:f5:5e:f2:ef:8c: + 85:5f:a1:27:d3:25:41:06:e3:fd:76:54:86:c8:cf:ed:b3:99: + e9:9b:de:e9:b4:b5:59:7a:79:98:77:3a:1a:08:d9:08:fc:ad: + b1:22:67:c8:86:03:24:db:61:e7:0d:92:57:8f:71:e9:59:c7: + 42:8a:ec:03:ff:0e:c1:c3:bb:59:06:db:14:70:5b:21:c2:19: + 3a:52:ab:e6:15:19:32:42:f7:db:90:7e:d8:3f:f3:e6:70:61: + b7:ba:56:6c:c7:a8:9b:2e:43:a7:de:f8:25:99:e4:2b:d8:fb: + 5c:c3:43:a6:d9:4e:cd:7b:7c:e4:6f:8d:12:80:de:92:1d:73: + c5:41:8d:9a:ca:e7:ac:c4:49:71:9d:be:44:f0:a3:e5:e7:62: + 3e:9e:ce:41:9c:2c:0d:27:f9:4d:1b:03:18:5e:4b:04:71:46: + 5f:9e:8f:2e:b4:46:84:ee:09:bd:82:a8:01:26:59:31:1a:b0: + b3:79:73:67:06:c3:85:a3:6f:69:99:e0:35:67:8a:20:bb:c7: + 4e:ac:c4:76:50:1b:43:47:89:b9:85:e0:bc:fc:21:1c:dc:0b: + 4b:14:46:e0:2f:81:e2:75:04:ff:5f:d9:ed:65:38:1d:d8:5f: + 58:a0:21:7a -----BEGIN X509 CRL----- MIICGTCCAQECAQEwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVTMRAwDgYD VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t -MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xNTA3MjIxNjE3NDVa -Fw0xODA0MTcxNjE3NDVaMCgwEgIBARcNMTUwNzIyMTYxNzQ1WjASAgECFw0xNTA3 -MjIxNjE3NDVaoA4wDDAKBgNVHRQEAwIBBzANBgkqhkiG9w0BAQsFAAOCAQEAf2GR -iozBI/HUmNlnZx7SVCrOuEHR98SIhAGlUtZC0a/myPsTUZ4uGMHnnYOBedM0oxSo -HHueByv7czHOF1JpgMz3/ULjHOBjZnBSgQnMvlECLDOa7CEVgZ96ENCcI/Tmsyvi -Ng77edpSLLz63ZxTa0iwalZce4dTGJTENwO/ExjjpCbgZgzc5ZmEXTZpAfRp1Abr -Q/9P9RdGnbfLRewNnpxKljwLksX73tQ/r6lesW+d14u1q4a26wDasfRtci2b7PMb -LySZ1QR7T/h6Lk627r74UNKWlm/2OsJ/NUiCGoRkA+hYjgzcYpfNgv8Wk6xEFOGu -/PtSJbYNcOzEk0I3rw== +MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xNTExMjMxMjQ5Mzda +Fw0xODA4MTkxMjQ5MzdaMCgwEgIBARcNMTUxMTIzMTI0OTM3WjASAgECFw0xNTEx +MjMxMjQ5MzdaoA4wDDAKBgNVHRQEAwIBAjANBgkqhkiG9w0BAQsFAAOCAQEAM2WU +pZKfbiEPdTrSBfVe8u+MhV+hJ9MlQQbj/XZUhsjP7bOZ6Zve6bS1WXp5mHc6GgjZ +CPytsSJnyIYDJNth5w2SV49x6VnHQorsA/8OwcO7WQbbFHBbIcIZOlKr5hUZMkL3 +25B+2D/z5nBht7pWbMeomy5Dp974JZnkK9j7XMNDptlOzXt85G+NEoDekh1zxUGN +msrnrMRJcZ2+RPCj5ediPp7OQZwsDSf5TRsDGF5LBHFGX56PLrRGhO4JvYKoASZZ +MRqws3lzZwbDhaNvaZngNWeKILvHTqzEdlAbQ0eJuYXgvPwhHNwLSxRG4C+B4nUE +/1/Z7WU4HdhfWKAheg== -----END X509 CRL----- diff --git a/certs/crl/eccCliCRL.pem b/certs/crl/eccCliCRL.pem index 2e00a3729..f710e1bba 100644 --- a/certs/crl/eccCliCRL.pem +++ b/certs/crl/eccCliCRL.pem @@ -2,23 +2,23 @@ Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: ecdsa-with-SHA256 Issuer: /C=US/ST=Oregon/L=Salem/O=Client ECC/OU=Fast/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Last Update: May 7 18:21:01 2015 GMT - Next Update: Jan 31 18:21:01 2018 GMT + Last Update: Nov 23 12:49:37 2015 GMT + Next Update: Aug 19 12:49:37 2018 GMT CRL extensions: X509v3 CRL Number: 4 No Revoked Certificates. Signature Algorithm: ecdsa-with-SHA256 - 30:44:02:20:62:9b:53:ee:21:52:bc:61:e8:ec:7b:f8:28:35: - 43:98:b8:57:9c:c7:73:cc:a0:45:e8:b9:96:2e:1c:c6:62:ff: - 02:20:2b:64:b8:3a:30:2c:15:7f:cf:57:99:60:9d:51:82:82: - ef:b6:13:cc:86:93:a2:19:41:12:a0:ec:7e:1e:07:09 + 30:46:02:21:00:e7:d9:ab:e9:39:c3:65:d9:12:3c:c5:31:85: + ad:d6:b8:00:91:24:a3:ff:4d:fc:88:27:3d:7c:e2:2e:ae:0f: + c1:02:21:00:9e:94:0b:f7:1c:e3:21:39:48:ff:d1:b0:b4:48: + 38:e3:e4:4b:90:b8:35:8b:7a:0d:79:f5:09:22:85:b1:fe:83 -----BEGIN X509 CRL----- -MIIBJTCBzQIBATAKBggqhkjOPQQDAjCBjTELMAkGA1UEBhMCVVMxDzANBgNVBAgM +MIIBJzCBzQIBATAKBggqhkjOPQQDAjCBjTELMAkGA1UEBhMCVVMxDzANBgNVBAgM Bk9yZWdvbjEOMAwGA1UEBwwFU2FsZW0xEzARBgNVBAoMCkNsaWVudCBFQ0MxDTAL BgNVBAsMBEZhc3QxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3 -DQEJARYQaW5mb0B3b2xmc3NsLmNvbRcNMTUwNTA3MTgyMTAxWhcNMTgwMTMxMTgy -MTAxWqAOMAwwCgYDVR0UBAMCAQQwCgYIKoZIzj0EAwIDRwAwRAIgYptT7iFSvGHo -7Hv4KDVDmLhXnMdzzKBF6LmWLhzGYv8CICtkuDowLBV/z1eZYJ1RgoLvthPMhpOi -GUESoOx+HgcJ +DQEJARYQaW5mb0B3b2xmc3NsLmNvbRcNMTUxMTIzMTI0OTM3WhcNMTgwODE5MTI0 +OTM3WqAOMAwwCgYDVR0UBAMCAQQwCgYIKoZIzj0EAwIDSQAwRgIhAOfZq+k5w2XZ +EjzFMYWt1rgAkSSj/038iCc9fOIurg/BAiEAnpQL9xzjITlI/9GwtEg44+RLkLg1 +i3oNefUJIoWx/oM= -----END X509 CRL----- diff --git a/certs/crl/eccSrvCRL.pem b/certs/crl/eccSrvCRL.pem index 0746599f3..a4e818cdb 100644 --- a/certs/crl/eccSrvCRL.pem +++ b/certs/crl/eccSrvCRL.pem @@ -2,23 +2,23 @@ Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: ecdsa-with-SHA256 Issuer: /C=US/ST=Washington/L=Seattle/O=Eliptic/OU=ECC/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Last Update: May 7 18:21:01 2015 GMT - Next Update: Jan 31 18:21:01 2018 GMT + Last Update: Nov 23 12:49:37 2015 GMT + Next Update: Aug 19 12:49:37 2018 GMT CRL extensions: X509v3 CRL Number: 5 No Revoked Certificates. Signature Algorithm: ecdsa-with-SHA256 - 30:45:02:20:0d:fe:b7:79:fb:66:6c:cb:36:0a:1a:f3:6d:73: - ea:68:ab:fc:46:7e:49:bd:15:2a:9f:a1:17:50:56:82:cf:1f: - 02:21:00:ff:13:85:80:29:a4:60:54:10:93:fb:20:13:b8:9c: - 25:48:53:5e:4b:33:ef:5c:aa:9e:98:74:e0:c8:c3:ef:df + 30:45:02:21:00:8a:64:7e:f4:81:8e:83:c1:49:61:47:c6:29: + a6:d5:7b:c2:6d:29:23:f2:25:10:a6:2b:6b:5d:27:4e:e8:fb: + 99:02:20:5f:98:76:40:29:c5:c1:c6:9c:ab:e4:aa:df:4b:06: + e9:e7:6a:5c:cf:b1:6b:b1:36:98:32:91:a9:fe:d5:65:eb -----BEGIN X509 CRL----- MIIBKDCBzwIBATAKBggqhkjOPQQDAjCBjzELMAkGA1UEBhMCVVMxEzARBgNVBAgM Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB0VsaXB0aWMx DDAKBgNVBAsMA0VDQzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZI -hvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xNTA1MDcxODIxMDFaFw0xODAxMzEx -ODIxMDFaoA4wDDAKBgNVHRQEAwIBBTAKBggqhkjOPQQDAgNIADBFAiAN/rd5+2Zs -yzYKGvNtc+poq/xGfkm9FSqfoRdQVoLPHwIhAP8ThYAppGBUEJP7IBO4nCVIU15L -M+9cqp6YdODIw+/f +hvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xNTExMjMxMjQ5MzdaFw0xODA4MTkx +MjQ5MzdaoA4wDDAKBgNVHRQEAwIBBTAKBggqhkjOPQQDAgNIADBFAiEAimR+9IGO +g8FJYUfGKabVe8JtKSPyJRCmK2tdJ07o+5kCIF+YdkApxcHGnKvkqt9LBunnalzP +sWuxNpgykan+1WXr -----END X509 CRL----- diff --git a/certs/external/ca-globalsign-root-r2.pem b/certs/external/ca-globalsign-root-r2.pem new file mode 100644 index 000000000..6f0f8db0d --- /dev/null +++ b/certs/external/ca-globalsign-root-r2.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G +A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp +Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1 +MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG +A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL +v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8 +eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq +tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd +C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa +zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB +mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH +V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n +bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG +3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs +J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO +291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS +ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd +AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7 +TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg== +-----END CERTIFICATE----- diff --git a/certs/external/ca-verisign-g5.pem b/certs/external/ca-verisign-g5.pem new file mode 100644 index 000000000..707ff085b --- /dev/null +++ b/certs/external/ca-verisign-g5.pem @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCB +yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL +ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp +U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW +ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0 +aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCByjEL +MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW +ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2ln +biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp +U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y +aXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1 +nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbex +t0uz/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIz +SdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQG +BO+QueQA5N06tRn/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+ +rCpSx4/VBEnkjWNHiDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/ +NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E +BAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAH +BgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVy +aXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFH/TZafC3ey78DAJ80M5+gKv +MzEzMA0GCSqGSIb3DQEBBQUAA4IBAQCTJEowX2LP2BqYLz3q3JktvXf2pXkiOOzE +p6B4Eq1iDkVwZMXnl2YtmAl+X6/WzChl8gGqCBpH3vn5fJJaCGkgDdk+bW48DW7Y +5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKEKQsTb47bDN0lAtukixlE0kF6BWlK +WE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiCKm0oHw0LxOXnGiYZ +4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vEZV8N +hnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq +-----END CERTIFICATE----- diff --git a/certs/ocsp/index0.txt b/certs/ocsp/index0.txt new file mode 100644 index 000000000..256b8ab58 --- /dev/null +++ b/certs/ocsp/index0.txt @@ -0,0 +1,4 @@ +V 161213070133Z 63 unknown /C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com +V 161213070133Z 01 unknown /C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL intermediate CA 1/emailAddress=info@wolfssl.com +V 161213070133Z 02 unknown /C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL intermediate CA 2/emailAddress=info@wolfssl.com +R 161213070133Z 151201070133Z 03 unknown /C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL REVOKED intermediate CA/emailAddress=info@wolfssl.com diff --git a/certs/ocsp/index1.txt b/certs/ocsp/index1.txt new file mode 100644 index 000000000..a49ec58a3 --- /dev/null +++ b/certs/ocsp/index1.txt @@ -0,0 +1,2 @@ +V 161213070133Z 05 unknown /C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=www1.wolfssl.com/emailAddress=info@wolfssl.com +R 161213070133Z 151201070133Z 06 unknown /C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=www2.wolfssl.com/emailAddress=info@wolfssl.com diff --git a/certs/ocsp/index2.txt b/certs/ocsp/index2.txt new file mode 100644 index 000000000..0a163f7b6 --- /dev/null +++ b/certs/ocsp/index2.txt @@ -0,0 +1,2 @@ +V 161213070133Z 07 unknown /C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=www3.wolfssl.com/emailAddress=info@wolfssl.com +R 161213070133Z 151201070133Z 08 unknown /C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=www4.wolfssl.com/emailAddress=info@wolfssl.com diff --git a/certs/ocsp/index3.txt b/certs/ocsp/index3.txt new file mode 100644 index 000000000..eb6d3c048 --- /dev/null +++ b/certs/ocsp/index3.txt @@ -0,0 +1 @@ +V 161213070133Z 09 unknown /C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=www5.wolfssl.com/emailAddress=info@wolfssl.com diff --git a/certs/ocsp/intermediate1-ca-cert.pem b/certs/ocsp/intermediate1-ca-cert.pem new file mode 100644 index 000000000..05e15e413 --- /dev/null +++ b/certs/ocsp/intermediate1-ca-cert.pem @@ -0,0 +1,186 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com + Validity + Not Before: Dec 15 01:27:23 2015 GMT + Not After : Sep 10 01:27:23 2018 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL intermediate CA 1/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:de:b4:c8:5c:77:e0:2d:b1:f5:b9:ad:16:47:35: + a0:35:65:65:c6:e1:40:ab:1e:b4:b9:13:b7:cb:8c: + bb:77:a5:76:da:6d:87:87:f6:4a:4d:13:e4:26:3e: + 27:87:ee:5b:c7:6a:3f:45:30:61:55:5c:f6:35:d1: + 65:fa:98:11:a3:a7:55:d5:be:91:82:4b:fc:be:90: + d6:50:53:63:9a:2c:22:e1:35:11:dc:78:02:97:8a: + e4:46:92:9c:53:08:76:de:1f:53:b6:b8:ca:77:3e: + 79:6e:bc:d0:e3:0d:30:5b:4c:f6:94:0d:30:29:64: + 9f:04:e5:db:fb:89:60:67:bb:af:26:83:51:77:24: + 2f:2b:0b:a1:94:81:10:98:e8:eb:26:a8:1e:7c:e4: + c4:6c:67:06:95:55:4a:dd:52:f4:f2:60:6d:01:2b: + 19:91:35:6d:a4:08:47:06:71:24:00:d9:de:c6:56: + f3:8b:53:2c:e2:9a:96:a5:f3:62:e5:c4:e3:23:f2: + d2:fc:21:ea:0f:62:76:8d:d5:99:48:ce:dc:58:c4: + bb:7f:da:94:2c:80:74:83:c5:e0:b0:15:7e:41:fd: + 0e:f2:f4:f0:78:76:7b:ad:26:0d:aa:48:96:17:2f: + 21:e3:95:2b:26:37:f9:aa:80:2f:fe:de:f6:5e:bc: + 97:7f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + X509v3 Subject Key Identifier: + 83:C6:3A:89:2C:81:F4:02:D7:9D:4C:E2:2A:C0:71:82:64:44:DA:0E + X509v3 Authority Key Identifier: + keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 + DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com + serial:63 + + X509v3 Key Usage: + Certificate Sign, CRL Sign + Authority Information Access: + OCSP - URI:http://localhost:22220 + + Signature Algorithm: sha256WithRSAEncryption + 1e:07:eb:03:66:a7:54:e8:c5:e1:fe:c9:08:58:91:d8:1b:d6: + c8:69:a5:65:03:a3:1a:f4:eb:9d:cd:4a:c1:9d:cd:ac:39:0b: + 49:09:e7:9c:0f:12:cb:3f:29:e1:9c:d1:f4:68:14:02:2e:d3: + fe:3d:63:3c:26:80:38:91:03:c3:52:52:9e:66:4d:59:d1:80: + 97:eb:91:99:5f:e7:d5:8e:e7:c4:c0:d3:f3:12:2e:c9:05:3a: + 54:ed:38:f3:6f:f3:ae:74:18:47:b5:25:c6:e3:44:8c:27:bd: + 3f:bc:e3:f1:0e:e4:50:ff:4c:ec:30:d6:0d:9f:8f:d0:f6:be: + 43:73:94:8f:48:97:38:7c:e8:8a:53:fd:02:4e:0f:2c:14:53: + f4:4c:80:8a:09:b2:b8:a8:0e:11:75:a6:15:6a:5f:c8:06:7b: + ff:a3:76:d0:e8:70:0a:e0:b1:6d:88:54:06:c2:04:f9:81:b0: + 77:af:a4:80:1b:88:64:5e:db:ff:36:dc:e8:d2:7b:4e:55:40: + 3c:f7:cd:33:f9:66:59:2e:9c:18:c7:50:e6:b5:b9:c1:94:3b: + 78:46:05:a6:24:41:2a:28:b5:e8:92:d0:0d:47:18:e8:cc:6e: + e8:11:d2:2a:94:47:75:b5:80:f2:e8:83:34:cc:7f:22:8a:9e: + 49:be:30:c1 +-----BEGIN CERTIFICATE----- +MIIE8DCCA9igAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx +EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM +B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx +MjE1MDEyNzIzWhcNMTgwOTEwMDEyNzIzWjCBoTELMAkGA1UEBhMCVVMxEzARBgNV +BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT +U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NMIGludGVy +bWVkaWF0ZSBDQSAxMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3rTIXHfgLbH1ua0WRzWgNWVl +xuFAqx60uRO3y4y7d6V22m2Hh/ZKTRPkJj4nh+5bx2o/RTBhVVz2NdFl+pgRo6dV +1b6Rgkv8vpDWUFNjmiwi4TUR3HgCl4rkRpKcUwh23h9TtrjKdz55brzQ4w0wW0z2 +lA0wKWSfBOXb+4lgZ7uvJoNRdyQvKwuhlIEQmOjrJqgefOTEbGcGlVVK3VL08mBt +ASsZkTVtpAhHBnEkANnexlbzi1Ms4pqWpfNi5cTjI/LS/CHqD2J2jdWZSM7cWMS7 +f9qULIB0g8XgsBV+Qf0O8vTweHZ7rSYNqkiWFy8h45UrJjf5qoAv/t72XryXfwID +AQABo4IBOTCCATUwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUg8Y6iSyB9ALXnUzi +KsBxgmRE2g4wgcQGA1UdIwSBvDCBuYAUc7AcpC+Cy89HpTjXsASCOn5yFSGhgZ2k +gZowgZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQH +DAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmlu +ZzEYMBYGA1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkBFhBpbmZv +QHdvbGZzc2wuY29tggFjMAsGA1UdDwQEAwIBBjAyBggrBgEFBQcBAQQmMCQwIgYI +KwYBBQUHMAGGFmh0dHA6Ly9sb2NhbGhvc3Q6MjIyMjAwDQYJKoZIhvcNAQELBQAD +ggEBAB4H6wNmp1ToxeH+yQhYkdgb1shppWUDoxr0653NSsGdzaw5C0kJ55wPEss/ +KeGc0fRoFAIu0/49YzwmgDiRA8NSUp5mTVnRgJfrkZlf59WO58TA0/MSLskFOlTt +OPNv8650GEe1JcbjRIwnvT+84/EO5FD/TOww1g2fj9D2vkNzlI9Ilzh86IpT/QJO +DywUU/RMgIoJsrioDhF1phVqX8gGe/+jdtDocArgsW2IVAbCBPmBsHevpIAbiGRe +2/823OjSe05VQDz3zTP5ZlkunBjHUOa1ucGUO3hGBaYkQSooteiS0A1HGOjMbugR +0iqUR3W1gPLogzTMfyKKnkm+MME= +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 99 (0x63) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com + Validity + Not Before: Dec 15 01:27:23 2015 GMT + Not After : Sep 10 01:27:23 2018 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ab:2c:b4:2f:1d:06:09:ef:4e:29:86:84:7e:cc: + bf:a6:79:7c:f0:c0:c1:64:25:8c:75:b7:10:05:ca: + 48:27:0c:0e:32:1c:b0:fe:99:85:39:b6:b9:a2:f7: + 27:ff:6d:3c:8c:16:73:29:21:7f:8b:a6:54:71:90: + ad:cc:05:b9:9f:15:c7:0a:3f:5f:69:f4:0a:5f:8c: + 71:b5:2c:bf:66:e2:03:9a:32:f4:d2:ec:2a:89:4b: + f9:35:88:14:33:47:4e:2e:05:79:01:ed:64:36:76: + b9:f8:85:cd:01:88:ac:c5:b2:b1:59:b8:cd:5a:f4: + 09:09:38:9b:da:5a:cf:ce:78:99:1f:49:3d:41:d6: + 06:7c:52:99:c8:97:d1:b3:80:3a:a2:4f:36:c4:c5: + 96:30:77:31:38:c8:70:cc:e1:67:06:b3:2b:2f:93: + b5:69:cf:83:7e:88:53:9b:0f:46:21:4c:d6:05:36: + 44:99:60:68:47:e5:32:01:12:d4:10:73:ae:9a:34: + 94:fa:6e:b8:58:4f:7b:5b:8a:92:97:ad:fd:97:b9: + 75:ca:c2:d4:45:7d:17:6b:cd:2f:f3:63:7a:0e:30: + b5:0b:a9:d9:a6:7c:74:60:9d:cc:09:03:43:f1:0f: + 90:d3:b7:fe:6c:9f:d9:cd:78:4b:15:ae:8c:5b:f9: + 99:81 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + X509v3 Subject Key Identifier: + 73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 + X509v3 Authority Key Identifier: + keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 + DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com + serial:63 + + X509v3 Key Usage: + Certificate Sign, CRL Sign + Authority Information Access: + OCSP - URI:http://localhost:22220 + + Signature Algorithm: sha256WithRSAEncryption + 5a:9d:7f:40:a7:10:51:e5:d7:b3:23:dd:e7:25:c2:bc:00:5a: + d0:6e:cf:26:bb:c1:1d:38:89:ac:3c:0c:37:60:6c:aa:8a:54: + 6b:a4:44:79:d5:49:f5:13:ed:bc:00:4c:dd:ed:eb:2e:64:44: + 9c:4c:96:8a:6a:e6:f6:4d:0a:63:f0:f5:18:e3:5e:72:fc:5a: + 3f:1b:4c:27:eb:6e:57:9d:d5:8e:3d:ee:28:3f:1b:7b:e0:25: + b9:0c:95:21:cd:bd:12:8f:4a:c4:b2:cc:80:da:b5:59:49:4d: + 32:d5:96:90:a0:ec:47:8c:15:0b:de:2a:22:be:d6:d4:d7:09: + d1:85:48:4f:33:92:04:30:d1:d5:14:cb:bd:ab:96:06:93:18: + 62:ed:8f:29:f8:b6:66:06:a7:f1:3a:ae:15:62:36:90:89:de: + 41:41:f2:44:35:ea:4c:7b:fc:0b:6f:08:46:09:de:35:5f:e3: + e6:f3:5a:08:70:a4:28:df:a6:c7:17:d1:c3:ec:70:09:c2:06: + c7:12:29:b9:d6:d6:26:7d:2c:df:86:c7:4d:0a:c6:98:2b:61: + 14:b3:b3:29:8e:c1:85:18:db:fd:54:9d:fe:99:a9:90:d1:c6: + 08:2b:4f:6c:16:47:d9:16:fc:7b:0c:84:a7:15:b0:78:41:48: + 87:f5:98:78 +-----BEGIN CERTIFICATE----- +MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx +EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM +B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx +MjE1MDEyNzIzWhcNMTgwOTEwMDEyNzIzWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV +BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT +U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg +Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQCrLLQvHQYJ704phoR+zL+meXzwwMFkJYx1txAF +ykgnDA4yHLD+mYU5trmi9yf/bTyMFnMpIX+LplRxkK3MBbmfFccKP19p9ApfjHG1 +LL9m4gOaMvTS7CqJS/k1iBQzR04uBXkB7WQ2drn4hc0BiKzFsrFZuM1a9AkJOJva +Ws/OeJkfST1B1gZ8UpnIl9GzgDqiTzbExZYwdzE4yHDM4WcGsysvk7Vpz4N+iFOb +D0YhTNYFNkSZYGhH5TIBEtQQc66aNJT6brhYT3tbipKXrf2XuXXKwtRFfRdrzS/z +Y3oOMLULqdmmfHRgncwJA0PxD5DTt/5sn9nNeEsVroxb+ZmBAgMBAAGjggE5MIIB +NTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBRzsBykL4LLz0elONewBII6fnIVITCB +xAYDVR0jBIG8MIG5gBRzsBykL4LLz0elONewBII6fnIVIaGBnaSBmjCBlzELMAkG +A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx +EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD +DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j +b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW +aHR0cDovL2xvY2FsaG9zdDoyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAWp1/QKcQ +UeXXsyPd5yXCvABa0G7PJrvBHTiJrDwMN2BsqopUa6REedVJ9RPtvABM3e3rLmRE +nEyWimrm9k0KY/D1GONecvxaPxtMJ+tuV53Vjj3uKD8be+AluQyVIc29Eo9KxLLM +gNq1WUlNMtWWkKDsR4wVC94qIr7W1NcJ0YVITzOSBDDR1RTLvauWBpMYYu2PKfi2 +Zgan8TquFWI2kIneQUHyRDXqTHv8C28IRgneNV/j5vNaCHCkKN+mxxfRw+xwCcIG +xxIpudbWJn0s34bHTQrGmCthFLOzKY7BhRjb/VSd/pmpkNHGCCtPbBZH2Rb8ewyE +pxWweEFIh/WYeA== +-----END CERTIFICATE----- diff --git a/certs/ocsp/intermediate1-ca-key.pem b/certs/ocsp/intermediate1-ca-key.pem new file mode 100644 index 000000000..7147c9b0b --- /dev/null +++ b/certs/ocsp/intermediate1-ca-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQDetMhcd+AtsfW5 +rRZHNaA1ZWXG4UCrHrS5E7fLjLt3pXbabYeH9kpNE+QmPieH7lvHaj9FMGFVXPY1 +0WX6mBGjp1XVvpGCS/y+kNZQU2OaLCLhNRHceAKXiuRGkpxTCHbeH1O2uMp3Pnlu +vNDjDTBbTPaUDTApZJ8E5dv7iWBnu68mg1F3JC8rC6GUgRCY6OsmqB585MRsZwaV +VUrdUvTyYG0BKxmRNW2kCEcGcSQA2d7GVvOLUyzimpal82LlxOMj8tL8IeoPYnaN +1ZlIztxYxLt/2pQsgHSDxeCwFX5B/Q7y9PB4dnutJg2qSJYXLyHjlSsmN/mqgC/+ +3vZevJd/AgMBAAECggEBAJC4sitEyy1mo+QREpUbyAxq5ASlhDyvK4nJwnpH7dsG +b4HqA1TbO9Vyw6QGZ/HxdzrTVGJF2jp6upSmirqZ73yF1UWdHTmq34eG3347clJR +tCjdL8oxQp3v5//kbimXKoeVm/T1iLyMoKTRlny1qWLrVKFJIK8FcEDijl2bHEbL +fdlPSJTN+y0zWoS3urRi/IPrsob23B4ILj0n+yUR4eOK25I3trqgsqcfTyMhX8tH +eyD4C+ir0j5evnmBhsKL0cUgGxGj8aVdOgab8dlKlDNi7HH5fe/FTMAQ344uege8 +D5dytc1H4wWq3le1PsvCh56lyPx7P4BamNzuJ85OnWECgYEA8xSw544oIe6RzMxh +51pYLyf1aU8zd9w0ISkXnXQ4RxcNubbFHLu/S/vSlbE5qqSf128H3XkAP6HT6UJe +JS/WqJbUcdWkzULjj7fLXJ2oer3hrVXq2L9Me1l0XrYoBvRuap15AtQ/cxafxMUZ +HpEWam0EPxoTkTp4EUWi++U09yMCgYEA6org2l1qdqChHw3ihlfl3rKMY/DT+f1b +uMnbMKNhqgyV3ItSh7MnVJurvJ56CQVuVay+T11qfyo3cKzxNYLYTGLvAtBeK/aC +B/hdCvxMBpXd71Vlnz0w6qJi0mkGNNTFGzxwqwPByqP0NyKStPN3W98HwFhiqKmU +y8wpv5ZeUfUCgYEAx1Ba8bLdc10zzbJ0QIgSsK/aCXx4njo/wET6aQ/HqXrctT+J +BlNnur0EYduMhkAwFCylTVMPAh4GLUhO+7zrDReHoMNmOywyfUBeDlXztJkHd+Jw +C0NoSegChDpmPbWk5+SxOcGhORP+8xAN1cNvltpG1hrimn1PwBHSXysEr/MCgYEA +hLVUCPp2dOzqfcHDfLRbcqigWyQ3LOo4bdR5W4n2httcKFAEwJeUF4GFqNIaxuP1 +zDBT9mArFAz1FaIlUVvZu073YiY4QrPWW2AidUbQVaGS1AsD1xguh3SeaePXCSmi +5YhLT9huXJRsaI39aLmhva/ymNjp6fkaIj5BGRCiCckCgYEAkZjADCg9gcqJo5oc +RDMpHT8C6SjE6+W0+00AnH1rSK0ev7uAGb6/rOpsShRiGubo7Ekil1MyMuOFmLPK +9K5oi4KKmVfTaPMfm2UnVCC2Dv2nMXkmYdQKiGgwbAhYfu/wGQXj682r2YYD4Xsa +qz7cWosuOKihAVhA52vZ7YacW2c= +-----END PRIVATE KEY----- diff --git a/certs/ocsp/intermediate2-ca-cert.pem b/certs/ocsp/intermediate2-ca-cert.pem new file mode 100644 index 000000000..a045d6776 --- /dev/null +++ b/certs/ocsp/intermediate2-ca-cert.pem @@ -0,0 +1,186 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com + Validity + Not Before: Dec 15 01:27:23 2015 GMT + Not After : Sep 10 01:27:23 2018 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL intermediate CA 2/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:d0:20:3c:35:19:6f:2c:44:b4:7e:42:c7:75:b4: + 6a:2b:a9:23:85:bf:87:b4:ee:ca:d7:4b:1f:31:d7: + 11:02:a1:ab:58:3d:fb:dc:51:ca:3a:1d:1f:95:a6: + 56:82:f7:8f:ff:6b:50:bb:ea:10:e1:47:1d:35:77: + 2e:4b:28:c5:53:46:23:2b:82:fd:5a:d3:f4:21:db: + 0e:e0:f2:76:33:47:b3:00:be:3a:b1:23:98:53:eb: + ea:a0:de:1b:cc:05:4e:ee:63:a8:2c:93:24:d6:98: + 78:74:03:e4:c8:89:43:61:f1:25:b8:cd:3b:87:c1: + 31:25:fd:ba:4c:fc:29:94:45:9e:69:d7:67:0a:8a: + 8e:d5:52:93:30:a2:0e:dd:6a:1c:b0:94:77:db:52: + 52:b7:89:21:be:96:75:24:cb:e9:49:df:81:9d:9d: + f8:55:7d:01:2a:eb:78:03:12:e2:20:6e:db:63:35: + cd:a1:96:f0:f8:8c:20:35:69:87:01:ca:b4:54:36: + a0:15:e0:23:7d:b9:fb:be:99:05:50:f0:bf:ec:7f: + 12:e1:3d:75:15:4e:c8:c2:30:e6:8b:fe:e5:8b:55: + f8:44:5e:e5:e3:56:e0:66:2d:6f:42:5a:45:6b:96: + aa:c7:5d:41:08:5f:ce:d7:dc:9f:20:e4:46:78:ff: + d9:99 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + X509v3 Subject Key Identifier: + 05:D1:BA:86:00:A2:EE:2A:05:24:B7:11:AD:2D:60:F1:90:14:8F:17 + X509v3 Authority Key Identifier: + keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 + DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com + serial:63 + + X509v3 Key Usage: + Certificate Sign, CRL Sign + Authority Information Access: + OCSP - URI:http://localhost:22220 + + Signature Algorithm: sha256WithRSAEncryption + 6a:f5:af:1f:f7:43:ef:10:74:6d:1f:e5:2e:72:5f:d1:84:40: + c8:60:79:b7:66:2e:46:39:bf:95:ca:fe:83:0a:8a:f4:52:6e: + d2:d3:a5:54:7b:0c:29:35:a0:75:7a:e5:35:5d:99:0a:d9:13: + ca:80:46:a0:a2:6d:d5:c4:ff:0c:d5:da:ec:54:86:df:ce:a7: + 92:1a:c7:f6:12:74:04:74:9f:06:39:82:b1:1e:af:47:de:b5: + b7:21:c1:3b:22:27:e3:d0:3f:70:d3:27:1c:63:e0:01:12:80: + 20:e7:ac:6c:f0:8f:7a:72:54:8a:21:2d:0e:17:6c:9d:01:fd: + 42:96:e1:7a:d5:43:d5:65:9b:0b:7c:dd:b6:90:da:cc:3c:d7: + 7a:d3:e2:63:07:e3:96:a7:96:84:d6:0c:9e:31:e0:72:cd:91: + 54:cf:16:38:af:c8:23:04:ce:98:2c:61:11:28:70:d7:34:69: + 55:b7:e0:5b:87:a6:c4:a4:c5:bf:8f:e0:04:5d:e4:14:22:04: + 21:a1:9b:01:19:50:29:03:9d:81:be:e4:ba:4d:68:1c:2f:e4: + e6:05:02:c2:e7:b4:ef:45:be:80:dc:a3:86:58:cf:02:cf:6a: + 69:8d:2b:69:69:cd:81:27:63:e8:2d:55:2a:00:de:0b:15:2c: + 53:95:72:29 +-----BEGIN CERTIFICATE----- +MIIE8DCCA9igAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx +EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM +B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx +MjE1MDEyNzIzWhcNMTgwOTEwMDEyNzIzWjCBoTELMAkGA1UEBhMCVVMxEzARBgNV +BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT +U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NMIGludGVy +bWVkaWF0ZSBDQSAyMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0CA8NRlvLES0fkLHdbRqK6kj +hb+HtO7K10sfMdcRAqGrWD373FHKOh0flaZWgveP/2tQu+oQ4UcdNXcuSyjFU0Yj +K4L9WtP0IdsO4PJ2M0ezAL46sSOYU+vqoN4bzAVO7mOoLJMk1ph4dAPkyIlDYfEl +uM07h8ExJf26TPwplEWeaddnCoqO1VKTMKIO3WocsJR321JSt4khvpZ1JMvpSd+B +nZ34VX0BKut4AxLiIG7bYzXNoZbw+IwgNWmHAcq0VDagFeAjfbn7vpkFUPC/7H8S +4T11FU7IwjDmi/7li1X4RF7l41bgZi1vQlpFa5aqx11BCF/O19yfIORGeP/ZmQID +AQABo4IBOTCCATUwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUBdG6hgCi7ioFJLcR +rS1g8ZAUjxcwgcQGA1UdIwSBvDCBuYAUc7AcpC+Cy89HpTjXsASCOn5yFSGhgZ2k +gZowgZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQH +DAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmlu +ZzEYMBYGA1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkBFhBpbmZv +QHdvbGZzc2wuY29tggFjMAsGA1UdDwQEAwIBBjAyBggrBgEFBQcBAQQmMCQwIgYI +KwYBBQUHMAGGFmh0dHA6Ly9sb2NhbGhvc3Q6MjIyMjAwDQYJKoZIhvcNAQELBQAD +ggEBAGr1rx/3Q+8QdG0f5S5yX9GEQMhgebdmLkY5v5XK/oMKivRSbtLTpVR7DCk1 +oHV65TVdmQrZE8qARqCibdXE/wzV2uxUht/Op5Iax/YSdAR0nwY5grEer0fetbch +wTsiJ+PQP3DTJxxj4AESgCDnrGzwj3pyVIohLQ4XbJ0B/UKW4XrVQ9Vlmwt83baQ +2sw813rT4mMH45anloTWDJ4x4HLNkVTPFjivyCMEzpgsYREocNc0aVW34FuHpsSk +xb+P4ARd5BQiBCGhmwEZUCkDnYG+5LpNaBwv5OYFAsLntO9FvoDco4ZYzwLPammN +K2lpzYEnY+gtVSoA3gsVLFOVcik= +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 99 (0x63) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com + Validity + Not Before: Dec 15 01:27:23 2015 GMT + Not After : Sep 10 01:27:23 2018 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ab:2c:b4:2f:1d:06:09:ef:4e:29:86:84:7e:cc: + bf:a6:79:7c:f0:c0:c1:64:25:8c:75:b7:10:05:ca: + 48:27:0c:0e:32:1c:b0:fe:99:85:39:b6:b9:a2:f7: + 27:ff:6d:3c:8c:16:73:29:21:7f:8b:a6:54:71:90: + ad:cc:05:b9:9f:15:c7:0a:3f:5f:69:f4:0a:5f:8c: + 71:b5:2c:bf:66:e2:03:9a:32:f4:d2:ec:2a:89:4b: + f9:35:88:14:33:47:4e:2e:05:79:01:ed:64:36:76: + b9:f8:85:cd:01:88:ac:c5:b2:b1:59:b8:cd:5a:f4: + 09:09:38:9b:da:5a:cf:ce:78:99:1f:49:3d:41:d6: + 06:7c:52:99:c8:97:d1:b3:80:3a:a2:4f:36:c4:c5: + 96:30:77:31:38:c8:70:cc:e1:67:06:b3:2b:2f:93: + b5:69:cf:83:7e:88:53:9b:0f:46:21:4c:d6:05:36: + 44:99:60:68:47:e5:32:01:12:d4:10:73:ae:9a:34: + 94:fa:6e:b8:58:4f:7b:5b:8a:92:97:ad:fd:97:b9: + 75:ca:c2:d4:45:7d:17:6b:cd:2f:f3:63:7a:0e:30: + b5:0b:a9:d9:a6:7c:74:60:9d:cc:09:03:43:f1:0f: + 90:d3:b7:fe:6c:9f:d9:cd:78:4b:15:ae:8c:5b:f9: + 99:81 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + X509v3 Subject Key Identifier: + 73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 + X509v3 Authority Key Identifier: + keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 + DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com + serial:63 + + X509v3 Key Usage: + Certificate Sign, CRL Sign + Authority Information Access: + OCSP - URI:http://localhost:22220 + + Signature Algorithm: sha256WithRSAEncryption + 5a:9d:7f:40:a7:10:51:e5:d7:b3:23:dd:e7:25:c2:bc:00:5a: + d0:6e:cf:26:bb:c1:1d:38:89:ac:3c:0c:37:60:6c:aa:8a:54: + 6b:a4:44:79:d5:49:f5:13:ed:bc:00:4c:dd:ed:eb:2e:64:44: + 9c:4c:96:8a:6a:e6:f6:4d:0a:63:f0:f5:18:e3:5e:72:fc:5a: + 3f:1b:4c:27:eb:6e:57:9d:d5:8e:3d:ee:28:3f:1b:7b:e0:25: + b9:0c:95:21:cd:bd:12:8f:4a:c4:b2:cc:80:da:b5:59:49:4d: + 32:d5:96:90:a0:ec:47:8c:15:0b:de:2a:22:be:d6:d4:d7:09: + d1:85:48:4f:33:92:04:30:d1:d5:14:cb:bd:ab:96:06:93:18: + 62:ed:8f:29:f8:b6:66:06:a7:f1:3a:ae:15:62:36:90:89:de: + 41:41:f2:44:35:ea:4c:7b:fc:0b:6f:08:46:09:de:35:5f:e3: + e6:f3:5a:08:70:a4:28:df:a6:c7:17:d1:c3:ec:70:09:c2:06: + c7:12:29:b9:d6:d6:26:7d:2c:df:86:c7:4d:0a:c6:98:2b:61: + 14:b3:b3:29:8e:c1:85:18:db:fd:54:9d:fe:99:a9:90:d1:c6: + 08:2b:4f:6c:16:47:d9:16:fc:7b:0c:84:a7:15:b0:78:41:48: + 87:f5:98:78 +-----BEGIN CERTIFICATE----- +MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx +EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM +B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx +MjE1MDEyNzIzWhcNMTgwOTEwMDEyNzIzWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV +BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT +U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg +Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQCrLLQvHQYJ704phoR+zL+meXzwwMFkJYx1txAF +ykgnDA4yHLD+mYU5trmi9yf/bTyMFnMpIX+LplRxkK3MBbmfFccKP19p9ApfjHG1 +LL9m4gOaMvTS7CqJS/k1iBQzR04uBXkB7WQ2drn4hc0BiKzFsrFZuM1a9AkJOJva +Ws/OeJkfST1B1gZ8UpnIl9GzgDqiTzbExZYwdzE4yHDM4WcGsysvk7Vpz4N+iFOb +D0YhTNYFNkSZYGhH5TIBEtQQc66aNJT6brhYT3tbipKXrf2XuXXKwtRFfRdrzS/z +Y3oOMLULqdmmfHRgncwJA0PxD5DTt/5sn9nNeEsVroxb+ZmBAgMBAAGjggE5MIIB +NTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBRzsBykL4LLz0elONewBII6fnIVITCB +xAYDVR0jBIG8MIG5gBRzsBykL4LLz0elONewBII6fnIVIaGBnaSBmjCBlzELMAkG +A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx +EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD +DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j +b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW +aHR0cDovL2xvY2FsaG9zdDoyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAWp1/QKcQ +UeXXsyPd5yXCvABa0G7PJrvBHTiJrDwMN2BsqopUa6REedVJ9RPtvABM3e3rLmRE +nEyWimrm9k0KY/D1GONecvxaPxtMJ+tuV53Vjj3uKD8be+AluQyVIc29Eo9KxLLM +gNq1WUlNMtWWkKDsR4wVC94qIr7W1NcJ0YVITzOSBDDR1RTLvauWBpMYYu2PKfi2 +Zgan8TquFWI2kIneQUHyRDXqTHv8C28IRgneNV/j5vNaCHCkKN+mxxfRw+xwCcIG +xxIpudbWJn0s34bHTQrGmCthFLOzKY7BhRjb/VSd/pmpkNHGCCtPbBZH2Rb8ewyE +pxWweEFIh/WYeA== +-----END CERTIFICATE----- diff --git a/certs/ocsp/intermediate2-ca-key.pem b/certs/ocsp/intermediate2-ca-key.pem new file mode 100644 index 000000000..61cec0879 --- /dev/null +++ b/certs/ocsp/intermediate2-ca-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDQIDw1GW8sRLR+ +Qsd1tGorqSOFv4e07srXSx8x1xECoatYPfvcUco6HR+VplaC94//a1C76hDhRx01 +dy5LKMVTRiMrgv1a0/Qh2w7g8nYzR7MAvjqxI5hT6+qg3hvMBU7uY6gskyTWmHh0 +A+TIiUNh8SW4zTuHwTEl/bpM/CmURZ5p12cKio7VUpMwog7dahywlHfbUlK3iSG+ +lnUky+lJ34GdnfhVfQEq63gDEuIgbttjNc2hlvD4jCA1aYcByrRUNqAV4CN9ufu+ +mQVQ8L/sfxLhPXUVTsjCMOaL/uWLVfhEXuXjVuBmLW9CWkVrlqrHXUEIX87X3J8g +5EZ4/9mZAgMBAAECggEAR2vofWhfCFgDgJi2DiR9ksIWWJ2jmmmf3kX/TIE7ayXD +wSJ0PeUresnnvtk4MvV1yvcu2221oTlgQqrFjjFNlggppZLsErFNxBiCgJt0CKEA +Qq8FQSiv64y4FcBi1Z60uYYlfjZ4m9Py8g0sA81m/ENe6I41cZ7QmPL7bdPTCPhE +cGwPKjkw1xwDn6EeK5x5sscfCrlKXsH4zhXH67r2iwQ7x5+t4pWApdT15rMX+r0E +HzBoj4wjhR7yo9nZDqhBZiOJF/zQGTCkj6J451Rj47s42fLTYgVyW5D1DO9wBvQQ +i7AwwDuimVqKNGW7J/oRjhiBAKFr2IOGcAFJJbM3SQKBgQD1JRO9umdNfqj38kw5 +DMeydVITvhYjSfc+F2R1hldX9kSdowttJ3GwArnjsZLSfttj7/gnRVPJC+OWvJGm +AmegmCXJGl/mtDAlN+MDJw2/KEdcC4CHMqRokrNNF3zafbTDIDq24kAMx1wef46k +8+9F3IPY+arD50LSkS5+gUUk1wKBgQDZV4R9yCeAE8o+ejks7lBC8kk5CxZKbXPA +o4vPHGKOknmZGqfKJY9Auk7nk4g56K9GxlotlsjwCwuSBdkqjDkqMypHG9odh6s8 +8iFjVGvJvY6x+PXONW6cjG2K6Lif0o0/bx+C+2Sy05koV1eYY4+EskafqTxbQgSa +0t85a6u3DwKBgGK4g7KsFl3G3BS9pqRy2Ris1ljM++1KJB8FHJeXeiUaL5eryTYz +5DyVXHatVAsguwkL4ksuSAd2mjhhx+WqokCyBMVvsZ8egST71Je4anjIp7QRjbjk +VAEo0rwA8W6roNfTatGrW0/KGPbPN4qGEZ14qEAAixxJTUeu36JiPI4RAoGASK43 +pEh2zSHRFCuTSy82r+yOCAFpJuKLPvRyIISBgOQCvexoB/WffinPkSmI+LSTSLu0 +FGLEN2G6MM673LqfszkA/l6WBiIEZZEjETB+CyzUtzdmG9tKbheX2kgQ1YF3sqra +gtbGyfZw1UjABjnlGJ71dxcFFA9zssKp223iMokCgYAEBpHy/x90qWR6d9ApXZnC +PMvcZCa2EgQWBabOkyxF7Ao8mIu0K4rqRM9XBlboRRBQdEP3qL7whJ2voZ7frZYH +E9hcwnH4F6rBki9PHbEaU80FfTUplKr+qMJavhQ8O1zGhWr7JSF6ByqTQDYWI8BX +3Q6DAbgdQeeCKFpi4256AA== +-----END PRIVATE KEY----- diff --git a/certs/ocsp/intermediate3-ca-cert.pem b/certs/ocsp/intermediate3-ca-cert.pem new file mode 100644 index 000000000..b7629bdc1 --- /dev/null +++ b/certs/ocsp/intermediate3-ca-cert.pem @@ -0,0 +1,186 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 3 (0x3) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com + Validity + Not Before: Dec 15 01:27:23 2015 GMT + Not After : Sep 10 01:27:23 2018 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL REVOKED intermediate CA/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:de:c5:04:10:7d:c2:21:e9:12:45:da:d5:ba:28: + fd:a6:f4:30:44:a0:df:f9:70:5e:17:26:97:59:5c: + 31:eb:13:70:ea:4a:dd:58:3e:4f:33:14:66:59:69: + 7a:aa:90:e0:7c:c4:b2:36:c1:0a:f4:df:3e:34:6c: + 1a:e9:2b:f1:a5:92:7e:a9:68:70:ba:a4:68:88:f3: + ec:10:40:64:a5:64:7d:d9:1e:51:49:9d:7f:c8:cc: + 2b:6d:71:2a:06:ff:e6:1f:84:28:8a:c1:ed:a8:52: + f4:89:a5:c0:77:d8:13:66:c2:65:a5:63:03:98:b0: + 4b:05:4f:0c:84:a0:f4:2d:72:73:6b:fa:0d:e1:cf: + 45:27:ed:a3:8c:02:d7:ee:99:e2:a1:f0:e3:a0:ad: + 69:ed:59:e4:27:41:8f:ef:fa:83:73:8f:5f:2b:68: + 89:13:46:26:dc:f6:28:6b:3b:b2:b8:9b:52:2a:17: + 1b:dc:72:45:73:da:75:24:35:8b:00:5e:23:37:64: + 6a:16:74:b8:ee:fe:b7:11:71:be:0a:73:c8:54:c2: + d9:04:d2:1b:f5:53:ac:8d:2a:4f:fe:33:79:e6:5e: + e7:f3:86:d3:dc:bb:4b:d7:39:7f:5b:3c:67:fe:5e: + 88:51:05:96:f2:b4:9a:45:09:4c:51:f0:6a:4d:88: + 2a:17 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + X509v3 Subject Key Identifier: + BB:15:9E:32:4D:E0:F8:AA:8A:B0:2E:0C:17:2B:5A:41:74:4B:06:45 + X509v3 Authority Key Identifier: + keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 + DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com + serial:63 + + X509v3 Key Usage: + Certificate Sign, CRL Sign + Authority Information Access: + OCSP - URI:http://localhost:22220 + + Signature Algorithm: sha256WithRSAEncryption + 0c:5e:0d:55:3c:e7:fb:5e:c2:09:19:c8:0b:f4:c2:b2:2b:14: + 79:dc:e8:63:f6:8a:0c:03:57:9e:15:47:7e:b6:15:a3:71:90: + 01:11:39:4b:ff:3d:13:34:e4:f3:5b:a3:6c:58:4f:00:d5:c4: + b0:63:6c:90:c9:89:a8:5d:16:87:0a:da:08:40:12:b4:94:00: + 3e:44:00:13:de:34:75:90:38:79:d4:c2:39:6d:ed:17:cb:7e: + 50:ff:da:0b:eb:49:1a:66:e6:dd:eb:66:a5:92:ef:68:d5:c9: + 93:8f:aa:c7:2a:92:6b:95:af:3d:74:de:aa:29:fd:c9:53:56: + ad:9f:e0:05:d1:97:0c:01:3b:f1:c6:a6:90:7e:5c:08:11:5e: + c1:77:5d:64:09:56:ea:78:29:15:a3:ea:44:2a:4c:d6:09:a7: + a0:5f:05:54:2a:61:ca:7a:09:07:14:34:c2:0d:c5:93:cd:28: + 8b:62:26:af:30:25:8a:f1:da:65:fa:db:da:84:ab:d5:0c:37: + ae:5d:95:bd:55:2a:4b:09:e0:d3:3d:8b:3c:ea:f2:b9:68:5e: + e6:21:53:8b:28:78:39:f4:bf:9b:dc:92:bc:4b:14:06:fe:17: + 21:64:be:af:20:e8:e7:fb:67:c8:5e:ec:59:bf:27:a4:cb:e3: + 8a:6d:c3:ac +-----BEGIN CERTIFICATE----- +MIIE9jCCA96gAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx +EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM +B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx +MjE1MDEyNzIzWhcNMTgwOTEwMDEyNzIzWjCBpzELMAkGA1UEBhMCVVMxEzARBgNV +BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT +U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSgwJgYDVQQDDB93b2xmU1NMIFJFVk9L +RUQgaW50ZXJtZWRpYXRlIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu +Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3sUEEH3CIekSRdrV +uij9pvQwRKDf+XBeFyaXWVwx6xNw6krdWD5PMxRmWWl6qpDgfMSyNsEK9N8+NGwa +6SvxpZJ+qWhwuqRoiPPsEEBkpWR92R5RSZ1/yMwrbXEqBv/mH4QoisHtqFL0iaXA +d9gTZsJlpWMDmLBLBU8MhKD0LXJza/oN4c9FJ+2jjALX7pniofDjoK1p7VnkJ0GP +7/qDc49fK2iJE0Ym3PYoazuyuJtSKhcb3HJFc9p1JDWLAF4jN2RqFnS47v63EXG+ +CnPIVMLZBNIb9VOsjSpP/jN55l7n84bT3LtL1zl/Wzxn/l6IUQWW8rSaRQlMUfBq +TYgqFwIDAQABo4IBOTCCATUwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUuxWeMk3g ++KqKsC4MFytaQXRLBkUwgcQGA1UdIwSBvDCBuYAUc7AcpC+Cy89HpTjXsASCOn5y +FSGhgZ2kgZowgZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAw +DgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdp +bmVlcmluZzEYMBYGA1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkB +FhBpbmZvQHdvbGZzc2wuY29tggFjMAsGA1UdDwQEAwIBBjAyBggrBgEFBQcBAQQm +MCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9sb2NhbGhvc3Q6MjIyMjAwDQYJKoZIhvcN +AQELBQADggEBAAxeDVU85/tewgkZyAv0wrIrFHnc6GP2igwDV54VR362FaNxkAER +OUv/PRM05PNbo2xYTwDVxLBjbJDJiahdFocK2ghAErSUAD5EABPeNHWQOHnUwjlt +7RfLflD/2gvrSRpm5t3rZqWS72jVyZOPqscqkmuVrz103qop/clTVq2f4AXRlwwB +O/HGppB+XAgRXsF3XWQJVup4KRWj6kQqTNYJp6BfBVQqYcp6CQcUNMINxZPNKIti +Jq8wJYrx2mX629qEq9UMN65dlb1VKksJ4NM9izzq8rloXuYhU4soeDn0v5vckrxL +FAb+FyFkvq8g6Of7Z8he7Fm/J6TL44ptw6w= +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 99 (0x63) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com + Validity + Not Before: Dec 15 01:27:23 2015 GMT + Not After : Sep 10 01:27:23 2018 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ab:2c:b4:2f:1d:06:09:ef:4e:29:86:84:7e:cc: + bf:a6:79:7c:f0:c0:c1:64:25:8c:75:b7:10:05:ca: + 48:27:0c:0e:32:1c:b0:fe:99:85:39:b6:b9:a2:f7: + 27:ff:6d:3c:8c:16:73:29:21:7f:8b:a6:54:71:90: + ad:cc:05:b9:9f:15:c7:0a:3f:5f:69:f4:0a:5f:8c: + 71:b5:2c:bf:66:e2:03:9a:32:f4:d2:ec:2a:89:4b: + f9:35:88:14:33:47:4e:2e:05:79:01:ed:64:36:76: + b9:f8:85:cd:01:88:ac:c5:b2:b1:59:b8:cd:5a:f4: + 09:09:38:9b:da:5a:cf:ce:78:99:1f:49:3d:41:d6: + 06:7c:52:99:c8:97:d1:b3:80:3a:a2:4f:36:c4:c5: + 96:30:77:31:38:c8:70:cc:e1:67:06:b3:2b:2f:93: + b5:69:cf:83:7e:88:53:9b:0f:46:21:4c:d6:05:36: + 44:99:60:68:47:e5:32:01:12:d4:10:73:ae:9a:34: + 94:fa:6e:b8:58:4f:7b:5b:8a:92:97:ad:fd:97:b9: + 75:ca:c2:d4:45:7d:17:6b:cd:2f:f3:63:7a:0e:30: + b5:0b:a9:d9:a6:7c:74:60:9d:cc:09:03:43:f1:0f: + 90:d3:b7:fe:6c:9f:d9:cd:78:4b:15:ae:8c:5b:f9: + 99:81 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + X509v3 Subject Key Identifier: + 73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 + X509v3 Authority Key Identifier: + keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 + DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com + serial:63 + + X509v3 Key Usage: + Certificate Sign, CRL Sign + Authority Information Access: + OCSP - URI:http://localhost:22220 + + Signature Algorithm: sha256WithRSAEncryption + 5a:9d:7f:40:a7:10:51:e5:d7:b3:23:dd:e7:25:c2:bc:00:5a: + d0:6e:cf:26:bb:c1:1d:38:89:ac:3c:0c:37:60:6c:aa:8a:54: + 6b:a4:44:79:d5:49:f5:13:ed:bc:00:4c:dd:ed:eb:2e:64:44: + 9c:4c:96:8a:6a:e6:f6:4d:0a:63:f0:f5:18:e3:5e:72:fc:5a: + 3f:1b:4c:27:eb:6e:57:9d:d5:8e:3d:ee:28:3f:1b:7b:e0:25: + b9:0c:95:21:cd:bd:12:8f:4a:c4:b2:cc:80:da:b5:59:49:4d: + 32:d5:96:90:a0:ec:47:8c:15:0b:de:2a:22:be:d6:d4:d7:09: + d1:85:48:4f:33:92:04:30:d1:d5:14:cb:bd:ab:96:06:93:18: + 62:ed:8f:29:f8:b6:66:06:a7:f1:3a:ae:15:62:36:90:89:de: + 41:41:f2:44:35:ea:4c:7b:fc:0b:6f:08:46:09:de:35:5f:e3: + e6:f3:5a:08:70:a4:28:df:a6:c7:17:d1:c3:ec:70:09:c2:06: + c7:12:29:b9:d6:d6:26:7d:2c:df:86:c7:4d:0a:c6:98:2b:61: + 14:b3:b3:29:8e:c1:85:18:db:fd:54:9d:fe:99:a9:90:d1:c6: + 08:2b:4f:6c:16:47:d9:16:fc:7b:0c:84:a7:15:b0:78:41:48: + 87:f5:98:78 +-----BEGIN CERTIFICATE----- +MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx +EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM +B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx +MjE1MDEyNzIzWhcNMTgwOTEwMDEyNzIzWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV +BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT +U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg +Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQCrLLQvHQYJ704phoR+zL+meXzwwMFkJYx1txAF +ykgnDA4yHLD+mYU5trmi9yf/bTyMFnMpIX+LplRxkK3MBbmfFccKP19p9ApfjHG1 +LL9m4gOaMvTS7CqJS/k1iBQzR04uBXkB7WQ2drn4hc0BiKzFsrFZuM1a9AkJOJva +Ws/OeJkfST1B1gZ8UpnIl9GzgDqiTzbExZYwdzE4yHDM4WcGsysvk7Vpz4N+iFOb +D0YhTNYFNkSZYGhH5TIBEtQQc66aNJT6brhYT3tbipKXrf2XuXXKwtRFfRdrzS/z +Y3oOMLULqdmmfHRgncwJA0PxD5DTt/5sn9nNeEsVroxb+ZmBAgMBAAGjggE5MIIB +NTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBRzsBykL4LLz0elONewBII6fnIVITCB +xAYDVR0jBIG8MIG5gBRzsBykL4LLz0elONewBII6fnIVIaGBnaSBmjCBlzELMAkG +A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx +EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD +DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j +b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW +aHR0cDovL2xvY2FsaG9zdDoyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAWp1/QKcQ +UeXXsyPd5yXCvABa0G7PJrvBHTiJrDwMN2BsqopUa6REedVJ9RPtvABM3e3rLmRE +nEyWimrm9k0KY/D1GONecvxaPxtMJ+tuV53Vjj3uKD8be+AluQyVIc29Eo9KxLLM +gNq1WUlNMtWWkKDsR4wVC94qIr7W1NcJ0YVITzOSBDDR1RTLvauWBpMYYu2PKfi2 +Zgan8TquFWI2kIneQUHyRDXqTHv8C28IRgneNV/j5vNaCHCkKN+mxxfRw+xwCcIG +xxIpudbWJn0s34bHTQrGmCthFLOzKY7BhRjb/VSd/pmpkNHGCCtPbBZH2Rb8ewyE +pxWweEFIh/WYeA== +-----END CERTIFICATE----- diff --git a/certs/ocsp/intermediate3-ca-key.pem b/certs/ocsp/intermediate3-ca-key.pem new file mode 100644 index 000000000..03ebd4154 --- /dev/null +++ b/certs/ocsp/intermediate3-ca-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDexQQQfcIh6RJF +2tW6KP2m9DBEoN/5cF4XJpdZXDHrE3DqSt1YPk8zFGZZaXqqkOB8xLI2wQr03z40 +bBrpK/Glkn6paHC6pGiI8+wQQGSlZH3ZHlFJnX/IzCttcSoG/+YfhCiKwe2oUvSJ +pcB32BNmwmWlYwOYsEsFTwyEoPQtcnNr+g3hz0Un7aOMAtfumeKh8OOgrWntWeQn +QY/v+oNzj18raIkTRibc9ihrO7K4m1IqFxvcckVz2nUkNYsAXiM3ZGoWdLju/rcR +cb4Kc8hUwtkE0hv1U6yNKk/+M3nmXufzhtPcu0vXOX9bPGf+XohRBZbytJpFCUxR +8GpNiCoXAgMBAAECggEAFkESRd96TE7vT2EsJru/kzUjuUdk+JM8Iw3s4rVuGzDG +//DYqd8XpF+uVdJOucldU7mGoCeqw4mlujDug0qrikHXO28+i7au5rePZpQ4ObmP +ROhdcIA2asXStM0wSKC5yX43Wp1C86TN3w5a6t4AGizjYKFCk7dQ10ftVTaLDhsI +I4uuEZAHA7ruKmQp1DbE+/696kY4GUh2SXYQxee1zb/yYDvA6lGhuDW2Jev+4v4l ++1LZq8E2bE4GsmiLEALiHAdGvOrkZ5MUkiHVTnhGz7THK0OMj/4dJlNCwusyO+O5 +4Zr2LJQ2rnAtVGdtKuVsgwHwQBPpV9bJPkDXEzlXUQKBgQD38kxnjJ5nv0plMA+E +QViItp0qgQeXX18YTlh8yicqVe+t9kKnHm1tqZx/djvvR/51p0SkMfWNvMn8JYXa +dfT3ZX0djrzR9o6FgR8rL+LmPg6jyIn71wBqmMf7A6WQVYuG7fQk3IJNtx52BKcS +f8r2tsdPX8d/FBsCn3m/ZxaEyQKBgQDmAV5xxTbJKdea5pfH33BOCp6HTqSYgf4Y +/5GEO0YLmQoBXAKbX+zcAeiaOt5WvLQgw7LfkznitPlxCkpHr9VcgVarlEjXHa7y +SeJfik5cIFbMZtXqaQ/DIUvOTgnb/ngLxEdrzX4JUnlv/z1BEhWvEYaHn0asEsc4 +zbbcKoEH3wKBgQDRisobcPGmSDm9TmKuqPMDhyFH/IfH2+foCL4rqER1OO84G7i0 +t7hPR1plNizsyfE4yUXvZfFZ+cTR/Xwj5jBCrFiSlEDrSO2l0jvfKbceUi/ZJu/G +ECvf6oKHlstjMYibXZpJVLoip7Fsl/4CWlHTMyE56X4V3Y3+J3yiz6JuUQKBgDPS +byMXGibs5IUkG2KPN1B+GAXIdFFgSI39Vx4B9OA8FQMFZhj33fgb/fpx9RJ55ePT +9ANnuo0X1XPgq6fHOD1lbs+t01OUfoxclUKNeOZM6wGW0e/EyCZg5CGRd6s3hHiy +Op1RaWpUSMQxL+3vUy9ktXjtLBEtEfH8d4zXjsblAoGBAMPAdSskbG+upEYcNR2O +++R9X8BkWhaTDqkAuygsGJDomIgH89wROdlTnsi5LXe/r3uCocRC+M1ChRXm7Zqs +81QjVdls6HVZu5rG82S8itqdXHOXCajb1ls+lNiu7/9tPJVmpYfjfjD4/QHV0vF/ +FqdfthIOUXePjrAKccJDiJIk +-----END PRIVATE KEY----- diff --git a/certs/ocsp/ocsp-responder-cert.pem b/certs/ocsp/ocsp-responder-cert.pem new file mode 100644 index 000000000..90446b51c --- /dev/null +++ b/certs/ocsp/ocsp-responder-cert.pem @@ -0,0 +1,182 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4 (0x4) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com + Validity + Not Before: Dec 15 01:27:23 2015 GMT + Not After : Sep 10 01:27:23 2018 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL OCSP Responder/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:b8:ba:23:b4:f6:c3:7b:14:c3:a4:f5:1d:61:a1: + f5:1e:63:b9:85:23:34:50:6d:f8:7c:a2:8a:04:8b: + d5:75:5c:2d:f7:63:88:d1:07:7a:ea:0b:45:35:2b: + eb:1f:b1:22:b4:94:41:38:e2:9d:74:d6:8b:30:22: + 10:51:c5:db:ca:3f:46:2b:fe:e5:5a:3f:41:74:67: + 75:95:a9:94:d5:c3:ee:42:f8:8d:eb:92:95:e1:d9: + 65:b7:43:c4:18:de:16:80:90:ce:24:35:21:c4:55: + ac:5a:51:e0:2e:2d:b3:0a:5a:4f:4a:73:31:50:ee: + 4a:16:bd:39:8b:ad:05:48:87:b1:99:e2:10:a7:06: + 72:67:ca:5c:d1:97:bd:c8:f1:76:f8:e0:4a:ec:bc: + 93:f4:66:4c:28:71:d1:d8:66:03:b4:90:30:bb:17: + b0:fe:97:f5:1e:e8:c7:5d:9b:8b:11:19:12:3c:ab: + 82:71:78:ff:ae:3f:32:b2:08:71:b2:1b:8c:27:ac: + 11:b8:d8:43:49:cf:b0:70:b1:f0:8c:ae:da:24:87: + 17:3b:d8:04:65:6c:00:76:50:ef:15:08:d7:b4:73: + 68:26:14:87:95:c3:5f:6e:61:b8:87:84:fa:80:1a: + 0a:8b:98:f3:e3:ff:4e:44:1c:65:74:7c:71:54:65: + e5:39 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 32:67:E1:B1:79:D2:81:FC:9F:23:0C:70:40:50:B5:46:56:B8:30:36 + X509v3 Authority Key Identifier: + keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 + DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com + serial:63 + + X509v3 Extended Key Usage: + OCSP Signing + Signature Algorithm: sha256WithRSAEncryption + 47:86:d8:ff:a5:6e:18:e4:28:b7:8a:74:f6:81:97:89:be:c7: + cf:8d:1e:15:c2:d3:e1:ff:3e:82:b8:6d:8f:92:c8:a2:55:ff: + df:7a:ed:2b:ee:d5:6f:d3:9e:8e:30:d0:08:d3:6a:39:8f:23: + 45:a3:2d:e6:99:d4:18:49:a3:f9:17:88:b5:68:86:c8:8c:17: + a7:ac:6a:a6:46:6f:b1:a4:6b:f8:8d:e5:d8:68:75:ca:a6:2d: + 36:72:12:0d:1f:12:af:c2:90:e7:bf:4a:3a:f2:02:a0:89:dd: + 6b:f8:92:4b:9b:9c:69:5a:24:a7:3f:9b:b9:8e:60:ef:33:54: + cf:aa:53:01:c2:f9:0d:9d:75:bc:c9:09:0f:40:06:6f:ab:f9: + f2:e7:0d:26:84:24:0c:b0:b2:bb:f0:13:e1:bc:82:e7:48:ce: + 46:d2:36:e6:d9:7a:4e:b3:d3:55:6c:93:a0:6c:1a:83:d5:22: + a1:2c:84:e7:cc:9e:a5:ef:d5:e1:85:36:38:c5:35:a6:87:49: + 74:2c:b0:7c:3d:e7:68:47:5d:46:35:cb:d3:9c:bb:8c:8a:3e: + fd:f9:42:ad:7d:c4:bf:0a:d9:e2:49:04:14:24:11:c1:a4:3d: + 86:93:6e:0c:55:49:ed:3f:f9:82:ec:f8:26:3e:bf:9f:33:21: + 41:55:23:8c +-----BEGIN CERTIFICATE----- +MIIEvjCCA6agAwIBAgIBBDANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx +EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM +B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx +MjE1MDEyNzIzWhcNMTgwOTEwMDEyNzIzWjCBnjELMAkGA1UEBhMCVVMxEzARBgNV +BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT +U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMR8wHQYDVQQDDBZ3b2xmU1NMIE9DU1Ag +UmVzcG9uZGVyMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuLojtPbDexTDpPUdYaH1HmO5hSM0 +UG34fKKKBIvVdVwt92OI0Qd66gtFNSvrH7EitJRBOOKddNaLMCIQUcXbyj9GK/7l +Wj9BdGd1lamU1cPuQviN65KV4dllt0PEGN4WgJDOJDUhxFWsWlHgLi2zClpPSnMx +UO5KFr05i60FSIexmeIQpwZyZ8pc0Ze9yPF2+OBK7LyT9GZMKHHR2GYDtJAwuxew +/pf1HujHXZuLERkSPKuCcXj/rj8ysghxshuMJ6wRuNhDSc+wcLHwjK7aJIcXO9gE +ZWwAdlDvFQjXtHNoJhSHlcNfbmG4h4T6gBoKi5jz4/9ORBxldHxxVGXlOQIDAQAB +o4IBCjCCAQYwCQYDVR0TBAIwADAdBgNVHQ4EFgQUMmfhsXnSgfyfIwxwQFC1Rla4 +MDYwgcQGA1UdIwSBvDCBuYAUc7AcpC+Cy89HpTjXsASCOn5yFSGhgZ2kgZowgZcx +CzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0 +dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEYMBYG +A1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZz +c2wuY29tggFjMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA0GCSqGSIb3DQEBCwUAA4IB +AQBHhtj/pW4Y5Ci3inT2gZeJvsfPjR4VwtPh/z6CuG2PksiiVf/feu0r7tVv056O +MNAI02o5jyNFoy3mmdQYSaP5F4i1aIbIjBenrGqmRm+xpGv4jeXYaHXKpi02chIN +HxKvwpDnv0o68gKgid1r+JJLm5xpWiSnP5u5jmDvM1TPqlMBwvkNnXW8yQkPQAZv +q/ny5w0mhCQMsLK78BPhvILnSM5G0jbm2XpOs9NVbJOgbBqD1SKhLITnzJ6l79Xh +hTY4xTWmh0l0LLB8PedoR11GNcvTnLuMij79+UKtfcS/CtniSQQUJBHBpD2Gk24M +VUntP/mC7PgmPr+fMyFBVSOM +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 99 (0x63) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com + Validity + Not Before: Dec 15 01:27:23 2015 GMT + Not After : Sep 10 01:27:23 2018 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ab:2c:b4:2f:1d:06:09:ef:4e:29:86:84:7e:cc: + bf:a6:79:7c:f0:c0:c1:64:25:8c:75:b7:10:05:ca: + 48:27:0c:0e:32:1c:b0:fe:99:85:39:b6:b9:a2:f7: + 27:ff:6d:3c:8c:16:73:29:21:7f:8b:a6:54:71:90: + ad:cc:05:b9:9f:15:c7:0a:3f:5f:69:f4:0a:5f:8c: + 71:b5:2c:bf:66:e2:03:9a:32:f4:d2:ec:2a:89:4b: + f9:35:88:14:33:47:4e:2e:05:79:01:ed:64:36:76: + b9:f8:85:cd:01:88:ac:c5:b2:b1:59:b8:cd:5a:f4: + 09:09:38:9b:da:5a:cf:ce:78:99:1f:49:3d:41:d6: + 06:7c:52:99:c8:97:d1:b3:80:3a:a2:4f:36:c4:c5: + 96:30:77:31:38:c8:70:cc:e1:67:06:b3:2b:2f:93: + b5:69:cf:83:7e:88:53:9b:0f:46:21:4c:d6:05:36: + 44:99:60:68:47:e5:32:01:12:d4:10:73:ae:9a:34: + 94:fa:6e:b8:58:4f:7b:5b:8a:92:97:ad:fd:97:b9: + 75:ca:c2:d4:45:7d:17:6b:cd:2f:f3:63:7a:0e:30: + b5:0b:a9:d9:a6:7c:74:60:9d:cc:09:03:43:f1:0f: + 90:d3:b7:fe:6c:9f:d9:cd:78:4b:15:ae:8c:5b:f9: + 99:81 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + X509v3 Subject Key Identifier: + 73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 + X509v3 Authority Key Identifier: + keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 + DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com + serial:63 + + X509v3 Key Usage: + Certificate Sign, CRL Sign + Authority Information Access: + OCSP - URI:http://localhost:22220 + + Signature Algorithm: sha256WithRSAEncryption + 5a:9d:7f:40:a7:10:51:e5:d7:b3:23:dd:e7:25:c2:bc:00:5a: + d0:6e:cf:26:bb:c1:1d:38:89:ac:3c:0c:37:60:6c:aa:8a:54: + 6b:a4:44:79:d5:49:f5:13:ed:bc:00:4c:dd:ed:eb:2e:64:44: + 9c:4c:96:8a:6a:e6:f6:4d:0a:63:f0:f5:18:e3:5e:72:fc:5a: + 3f:1b:4c:27:eb:6e:57:9d:d5:8e:3d:ee:28:3f:1b:7b:e0:25: + b9:0c:95:21:cd:bd:12:8f:4a:c4:b2:cc:80:da:b5:59:49:4d: + 32:d5:96:90:a0:ec:47:8c:15:0b:de:2a:22:be:d6:d4:d7:09: + d1:85:48:4f:33:92:04:30:d1:d5:14:cb:bd:ab:96:06:93:18: + 62:ed:8f:29:f8:b6:66:06:a7:f1:3a:ae:15:62:36:90:89:de: + 41:41:f2:44:35:ea:4c:7b:fc:0b:6f:08:46:09:de:35:5f:e3: + e6:f3:5a:08:70:a4:28:df:a6:c7:17:d1:c3:ec:70:09:c2:06: + c7:12:29:b9:d6:d6:26:7d:2c:df:86:c7:4d:0a:c6:98:2b:61: + 14:b3:b3:29:8e:c1:85:18:db:fd:54:9d:fe:99:a9:90:d1:c6: + 08:2b:4f:6c:16:47:d9:16:fc:7b:0c:84:a7:15:b0:78:41:48: + 87:f5:98:78 +-----BEGIN CERTIFICATE----- +MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx +EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM +B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx +MjE1MDEyNzIzWhcNMTgwOTEwMDEyNzIzWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV +BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT +U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg +Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQCrLLQvHQYJ704phoR+zL+meXzwwMFkJYx1txAF +ykgnDA4yHLD+mYU5trmi9yf/bTyMFnMpIX+LplRxkK3MBbmfFccKP19p9ApfjHG1 +LL9m4gOaMvTS7CqJS/k1iBQzR04uBXkB7WQ2drn4hc0BiKzFsrFZuM1a9AkJOJva +Ws/OeJkfST1B1gZ8UpnIl9GzgDqiTzbExZYwdzE4yHDM4WcGsysvk7Vpz4N+iFOb +D0YhTNYFNkSZYGhH5TIBEtQQc66aNJT6brhYT3tbipKXrf2XuXXKwtRFfRdrzS/z +Y3oOMLULqdmmfHRgncwJA0PxD5DTt/5sn9nNeEsVroxb+ZmBAgMBAAGjggE5MIIB +NTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBRzsBykL4LLz0elONewBII6fnIVITCB +xAYDVR0jBIG8MIG5gBRzsBykL4LLz0elONewBII6fnIVIaGBnaSBmjCBlzELMAkG +A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx +EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD +DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j +b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW +aHR0cDovL2xvY2FsaG9zdDoyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAWp1/QKcQ +UeXXsyPd5yXCvABa0G7PJrvBHTiJrDwMN2BsqopUa6REedVJ9RPtvABM3e3rLmRE +nEyWimrm9k0KY/D1GONecvxaPxtMJ+tuV53Vjj3uKD8be+AluQyVIc29Eo9KxLLM +gNq1WUlNMtWWkKDsR4wVC94qIr7W1NcJ0YVITzOSBDDR1RTLvauWBpMYYu2PKfi2 +Zgan8TquFWI2kIneQUHyRDXqTHv8C28IRgneNV/j5vNaCHCkKN+mxxfRw+xwCcIG +xxIpudbWJn0s34bHTQrGmCthFLOzKY7BhRjb/VSd/pmpkNHGCCtPbBZH2Rb8ewyE +pxWweEFIh/WYeA== +-----END CERTIFICATE----- diff --git a/certs/ocsp/ocsp-responder-key.pem b/certs/ocsp/ocsp-responder-key.pem new file mode 100644 index 000000000..61c5616a9 --- /dev/null +++ b/certs/ocsp/ocsp-responder-key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAuLojtPbDexTDpPUdYaH1HmO5hSM0UG34fKKKBIvVdVwt92OI +0Qd66gtFNSvrH7EitJRBOOKddNaLMCIQUcXbyj9GK/7lWj9BdGd1lamU1cPuQviN +65KV4dllt0PEGN4WgJDOJDUhxFWsWlHgLi2zClpPSnMxUO5KFr05i60FSIexmeIQ +pwZyZ8pc0Ze9yPF2+OBK7LyT9GZMKHHR2GYDtJAwuxew/pf1HujHXZuLERkSPKuC +cXj/rj8ysghxshuMJ6wRuNhDSc+wcLHwjK7aJIcXO9gEZWwAdlDvFQjXtHNoJhSH +lcNfbmG4h4T6gBoKi5jz4/9ORBxldHxxVGXlOQIDAQABAoIBAGI2tR1VxYD+/TYL +DGAIV+acZtqeaQYKMf8x++eG4SrQo6/QP8HDFFqzO0yV2SC0cRtJZ5PzCHxCRSaG +Nd8EL2NMWOazUwW0c/yLtTypOPSeg2Mf+3SwLvgxOZ9CbFQ8YAJi+vbNOPLGCijL +N0HWEkcC1P1kWWgKCWIloR7eEt0IQOb5PPSCu3buq/rForb6qUf+L+ESpWed6bnc +uhIrHDuQ/PopW05fW1r61zI286wKdLRyatQsljNqPvVdFVhtCKqCqMHdIzMg2cbh +q9DJMWc/KLjzBk6YPMZKm/4k4RXj+IwS+iITbpUNrhYj2TMevBMPW3AIRobD823D +ehQv+rECgYEA3CWL+G9zJ5PXRDAdQ69lN+CE/Uf9444CN5idMO+qRQ+QE8hWYT/U +PFH/aUgd1k3WJZseR/GTWx29VsRPSDWZXzwzLfUNKnqvp0b2oZe/EdYiRSo8OCPp +kF07HbTKe4Cyma7HdgDkNkS+UW5JujnuLcuee+wTq6xU0289juwFBc8CgYEA1s/d +VtwXqBf3qMxfi+eMa77fqxptAFGtZNKNkYwX42Ow6Hehj8EnoPqYEF+9MzKn/BFh +ROnQ76axKBN8mkRUjpv7d2+zMlDnGrWul8q6VrfGiU2P7jd4L6GY/V1MYktnIBsd +Ld/jW8P0FFfI2RIREPWdrATxBhQpTJfXd/7rLncCgYB1wrvyBCQUSrg/KIGvADbj +wf1Bw23jeMZk2QVU9Q8e7ClE+8iBMvSj47T9q28SgQaJjUWQdIA/oFP1AwPp+4n0 +cK5r6gbF72Tg1Uv+ur6hmuswFlyqJ0O8TrLdvCUIFZr0LJNT4zwwb2tjAdz8ehqX +crFvVqRbE884XuwN9ODm7wKBgQDIEnKlI/kkpq4UmcWkGNXAxNauFr7PPUOyVCln +FoRpVcC/xCzGJ7ExTjWzing950BulgFynhPsIeV+3id/x4S6Dq34YCEXDCMzzWQA +HOHRQvm3iHY1+ZQHSQulb/Bk3LYAQUC8KXspTSlYiSqYgytCEIH6Zd/XOY/9tq8J +JHUHoQKBgHYIB2mRCuDK5C3dCspdPVeAUqptK1nnXxWY/MXA6v+M4wFsIxV7Iwg7 +HEjeD5yKH4619syPCFz3jrCxL0oJqVTD2tnrbLf8idEt2eaV/3o2mUGFjvWpTywg +F8DewhrGh6z7FWHp4cMrxpq1hkdi6k+481T1GKBJ1zBSTzskTHQB +-----END RSA PRIVATE KEY----- diff --git a/certs/ocsp/ocspd0.sh b/certs/ocsp/ocspd0.sh new file mode 100755 index 000000000..e0f978773 --- /dev/null +++ b/certs/ocsp/ocspd0.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +openssl ocsp -port 22220 -nmin 1 \ + -index certs/ocsp/index0.txt \ + -rsigner certs/ocsp/ocsp-responder-cert.pem \ + -rkey certs/ocsp/ocsp-responder-key.pem \ + -CA certs/ocsp/root-ca-cert.pem \ + $@ diff --git a/certs/ocsp/ocspd1.sh b/certs/ocsp/ocspd1.sh new file mode 100755 index 000000000..da6babcaa --- /dev/null +++ b/certs/ocsp/ocspd1.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +openssl ocsp -port 22221 -nmin 1 \ + -index certs/ocsp/index1.txt \ + -rsigner certs/ocsp/ocsp-responder-cert.pem \ + -rkey certs/ocsp/ocsp-responder-key.pem \ + -CA certs/ocsp/intermediate1-ca-cert.pem \ + $@ diff --git a/certs/ocsp/ocspd2.sh b/certs/ocsp/ocspd2.sh new file mode 100755 index 000000000..3539f38fd --- /dev/null +++ b/certs/ocsp/ocspd2.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +openssl ocsp -port 22222 -nmin 1 \ + -index certs/ocsp/index2.txt \ + -rsigner certs/ocsp/ocsp-responder-cert.pem \ + -rkey certs/ocsp/ocsp-responder-key.pem \ + -CA certs/ocsp/intermediate2-ca-cert.pem \ + $@ diff --git a/certs/ocsp/ocspd3.sh b/certs/ocsp/ocspd3.sh new file mode 100755 index 000000000..35130c253 --- /dev/null +++ b/certs/ocsp/ocspd3.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +openssl ocsp -port 22223 -nmin 1 \ + -index certs/ocsp/index3.txt \ + -rsigner certs/ocsp/ocsp-responder-cert.pem \ + -rkey certs/ocsp/ocsp-responder-key.pem \ + -CA certs/ocsp/intermediate3-ca-cert.pem \ + $@ diff --git a/certs/ocsp/openssl.cnf b/certs/ocsp/openssl.cnf new file mode 100644 index 000000000..71eee9a86 --- /dev/null +++ b/certs/ocsp/openssl.cnf @@ -0,0 +1,42 @@ +# +# openssl configuration file for OCSP certificates +# + +# Extensions to add to a certificate request (intermediate1-ca) +[ v3_req1 ] +basicConstraints = CA:false +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always +keyUsage = nonRepudiation, digitalSignature, keyEncipherment +authorityInfoAccess = OCSP;URI:http://localhost:22221 + +# Extensions to add to a certificate request (intermediate2-ca) +[ v3_req2 ] +basicConstraints = CA:false +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always +keyUsage = nonRepudiation, digitalSignature, keyEncipherment +authorityInfoAccess = OCSP;URI:http://localhost:22222 + +# Extensions to add to a certificate request (intermediate3-ca) +[ v3_req3 ] +basicConstraints = CA:false +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always +keyUsage = nonRepudiation, digitalSignature, keyEncipherment +authorityInfoAccess = OCSP;URI:http://localhost:22223 + +# Extensions for a typical CA +[ v3_ca ] +basicConstraints = CA:true +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always +keyUsage = keyCertSign, cRLSign +authorityInfoAccess = OCSP;URI:http://localhost:22220 + +# OCSP extensions. +[ v3_ocsp ] +basicConstraints = CA:false +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always +extendedKeyUsage = OCSPSigning diff --git a/certs/ocsp/renewcerts.sh b/certs/ocsp/renewcerts.sh new file mode 100755 index 000000000..4eb552b42 --- /dev/null +++ b/certs/ocsp/renewcerts.sh @@ -0,0 +1,54 @@ +openssl req \ + -new \ + -key root-ca-key.pem \ + -out root-ca-cert.csr \ + -subj "/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com" + +openssl x509 \ + -req -in root-ca-cert.csr \ + -extfile openssl.cnf \ + -extensions v3_ca \ + -days 1000 \ + -signkey root-ca-key.pem \ + -set_serial 99 \ + -out root-ca-cert.pem + +rm root-ca-cert.csr +openssl x509 -in root-ca-cert.pem -text > tmp.pem +mv tmp.pem root-ca-cert.pem + +# $1 cert, $2 name, $3 ca, $4 extensions, $5 serial +function update_cert() { + openssl req \ + -new \ + -key $1-key.pem \ + -out $1-cert.csr \ + -subj "/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=$2/emailAddress=info@wolfssl.com" + + openssl x509 \ + -req -in $1-cert.csr \ + -extfile openssl.cnf \ + -extensions $4 \ + -days 1000 \ + -CA $3-cert.pem \ + -CAkey $3-key.pem \ + -set_serial $5 \ + -out $1-cert.pem + + rm $1-cert.csr + openssl x509 -in $1-cert.pem -text > $1_tmp.pem + mv $1_tmp.pem $1-cert.pem + cat $3-cert.pem >> $1-cert.pem +} + +update_cert intermediate1-ca "wolfSSL intermediate CA 1" root-ca v3_ca 01 +update_cert intermediate2-ca "wolfSSL intermediate CA 2" root-ca v3_ca 02 +update_cert intermediate3-ca "wolfSSL REVOKED intermediate CA" root-ca v3_ca 03 # REVOKED + +update_cert ocsp-responder "wolfSSL OCSP Responder" root-ca v3_ocsp 04 + +update_cert server1 "www1.wolfssl.com" intermediate1-ca v3_req1 05 +update_cert server2 "www2.wolfssl.com" intermediate1-ca v3_req1 06 # REVOKED +update_cert server3 "www3.wolfssl.com" intermediate2-ca v3_req2 07 +update_cert server4 "www4.wolfssl.com" intermediate2-ca v3_req2 08 # REVOKED +update_cert server5 "www5.wolfssl.com" intermediate3-ca v3_req3 09 diff --git a/certs/ocsp/root-ca-cert.pem b/certs/ocsp/root-ca-cert.pem new file mode 100644 index 000000000..9d68f8197 --- /dev/null +++ b/certs/ocsp/root-ca-cert.pem @@ -0,0 +1,93 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 99 (0x63) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com + Validity + Not Before: Dec 15 01:27:23 2015 GMT + Not After : Sep 10 01:27:23 2018 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ab:2c:b4:2f:1d:06:09:ef:4e:29:86:84:7e:cc: + bf:a6:79:7c:f0:c0:c1:64:25:8c:75:b7:10:05:ca: + 48:27:0c:0e:32:1c:b0:fe:99:85:39:b6:b9:a2:f7: + 27:ff:6d:3c:8c:16:73:29:21:7f:8b:a6:54:71:90: + ad:cc:05:b9:9f:15:c7:0a:3f:5f:69:f4:0a:5f:8c: + 71:b5:2c:bf:66:e2:03:9a:32:f4:d2:ec:2a:89:4b: + f9:35:88:14:33:47:4e:2e:05:79:01:ed:64:36:76: + b9:f8:85:cd:01:88:ac:c5:b2:b1:59:b8:cd:5a:f4: + 09:09:38:9b:da:5a:cf:ce:78:99:1f:49:3d:41:d6: + 06:7c:52:99:c8:97:d1:b3:80:3a:a2:4f:36:c4:c5: + 96:30:77:31:38:c8:70:cc:e1:67:06:b3:2b:2f:93: + b5:69:cf:83:7e:88:53:9b:0f:46:21:4c:d6:05:36: + 44:99:60:68:47:e5:32:01:12:d4:10:73:ae:9a:34: + 94:fa:6e:b8:58:4f:7b:5b:8a:92:97:ad:fd:97:b9: + 75:ca:c2:d4:45:7d:17:6b:cd:2f:f3:63:7a:0e:30: + b5:0b:a9:d9:a6:7c:74:60:9d:cc:09:03:43:f1:0f: + 90:d3:b7:fe:6c:9f:d9:cd:78:4b:15:ae:8c:5b:f9: + 99:81 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + X509v3 Subject Key Identifier: + 73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 + X509v3 Authority Key Identifier: + keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 + DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com + serial:63 + + X509v3 Key Usage: + Certificate Sign, CRL Sign + Authority Information Access: + OCSP - URI:http://localhost:22220 + + Signature Algorithm: sha256WithRSAEncryption + 5a:9d:7f:40:a7:10:51:e5:d7:b3:23:dd:e7:25:c2:bc:00:5a: + d0:6e:cf:26:bb:c1:1d:38:89:ac:3c:0c:37:60:6c:aa:8a:54: + 6b:a4:44:79:d5:49:f5:13:ed:bc:00:4c:dd:ed:eb:2e:64:44: + 9c:4c:96:8a:6a:e6:f6:4d:0a:63:f0:f5:18:e3:5e:72:fc:5a: + 3f:1b:4c:27:eb:6e:57:9d:d5:8e:3d:ee:28:3f:1b:7b:e0:25: + b9:0c:95:21:cd:bd:12:8f:4a:c4:b2:cc:80:da:b5:59:49:4d: + 32:d5:96:90:a0:ec:47:8c:15:0b:de:2a:22:be:d6:d4:d7:09: + d1:85:48:4f:33:92:04:30:d1:d5:14:cb:bd:ab:96:06:93:18: + 62:ed:8f:29:f8:b6:66:06:a7:f1:3a:ae:15:62:36:90:89:de: + 41:41:f2:44:35:ea:4c:7b:fc:0b:6f:08:46:09:de:35:5f:e3: + e6:f3:5a:08:70:a4:28:df:a6:c7:17:d1:c3:ec:70:09:c2:06: + c7:12:29:b9:d6:d6:26:7d:2c:df:86:c7:4d:0a:c6:98:2b:61: + 14:b3:b3:29:8e:c1:85:18:db:fd:54:9d:fe:99:a9:90:d1:c6: + 08:2b:4f:6c:16:47:d9:16:fc:7b:0c:84:a7:15:b0:78:41:48: + 87:f5:98:78 +-----BEGIN CERTIFICATE----- +MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx +EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM +B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx +MjE1MDEyNzIzWhcNMTgwOTEwMDEyNzIzWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV +BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT +U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg +Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQCrLLQvHQYJ704phoR+zL+meXzwwMFkJYx1txAF +ykgnDA4yHLD+mYU5trmi9yf/bTyMFnMpIX+LplRxkK3MBbmfFccKP19p9ApfjHG1 +LL9m4gOaMvTS7CqJS/k1iBQzR04uBXkB7WQ2drn4hc0BiKzFsrFZuM1a9AkJOJva +Ws/OeJkfST1B1gZ8UpnIl9GzgDqiTzbExZYwdzE4yHDM4WcGsysvk7Vpz4N+iFOb +D0YhTNYFNkSZYGhH5TIBEtQQc66aNJT6brhYT3tbipKXrf2XuXXKwtRFfRdrzS/z +Y3oOMLULqdmmfHRgncwJA0PxD5DTt/5sn9nNeEsVroxb+ZmBAgMBAAGjggE5MIIB +NTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBRzsBykL4LLz0elONewBII6fnIVITCB +xAYDVR0jBIG8MIG5gBRzsBykL4LLz0elONewBII6fnIVIaGBnaSBmjCBlzELMAkG +A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx +EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD +DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j +b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW +aHR0cDovL2xvY2FsaG9zdDoyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAWp1/QKcQ +UeXXsyPd5yXCvABa0G7PJrvBHTiJrDwMN2BsqopUa6REedVJ9RPtvABM3e3rLmRE +nEyWimrm9k0KY/D1GONecvxaPxtMJ+tuV53Vjj3uKD8be+AluQyVIc29Eo9KxLLM +gNq1WUlNMtWWkKDsR4wVC94qIr7W1NcJ0YVITzOSBDDR1RTLvauWBpMYYu2PKfi2 +Zgan8TquFWI2kIneQUHyRDXqTHv8C28IRgneNV/j5vNaCHCkKN+mxxfRw+xwCcIG +xxIpudbWJn0s34bHTQrGmCthFLOzKY7BhRjb/VSd/pmpkNHGCCtPbBZH2Rb8ewyE +pxWweEFIh/WYeA== +-----END CERTIFICATE----- diff --git a/certs/ocsp/root-ca-key.pem b/certs/ocsp/root-ca-key.pem new file mode 100644 index 000000000..a7cbcbb60 --- /dev/null +++ b/certs/ocsp/root-ca-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCrLLQvHQYJ704p +hoR+zL+meXzwwMFkJYx1txAFykgnDA4yHLD+mYU5trmi9yf/bTyMFnMpIX+LplRx +kK3MBbmfFccKP19p9ApfjHG1LL9m4gOaMvTS7CqJS/k1iBQzR04uBXkB7WQ2drn4 +hc0BiKzFsrFZuM1a9AkJOJvaWs/OeJkfST1B1gZ8UpnIl9GzgDqiTzbExZYwdzE4 +yHDM4WcGsysvk7Vpz4N+iFObD0YhTNYFNkSZYGhH5TIBEtQQc66aNJT6brhYT3tb +ipKXrf2XuXXKwtRFfRdrzS/zY3oOMLULqdmmfHRgncwJA0PxD5DTt/5sn9nNeEsV +roxb+ZmBAgMBAAECggEAd0Qjm3wOfBeYD0jhwnOoyTZ2vkyfssaS0mYlrNMfaM12 +iqYBELQo5miReaHZ5ZfYCweNX8guVUAkMCiNX81RYy3KTDKRqYJXQ/HYPFMcXXP2 +7Ja6jMfub1FXJ1xULtJs/5XilVwxad1ZgHbBu2LedrUl6wzfUJMeRKWDuiVyCzpK +J2+F1iVH+whBI/eN8qopHM4JeR0W9k7rFJayQZ9iAIfrl2In1hTay9S7HCEdmWz/ +BVI818QXsgCuulR9G2erS0gS181P090YcZeuzh5YfvAnzn7m8BTboJojix5pkfQt +gM5E7YD4nYU1V796P2cfAaMJoQyCW4NSn+kwgLT5rQKBgQDXnHvs/fk+gxFiBt/U +tRfU+iUoiMofrcAZswMBvOZVy40RbtxuNXwnGo9+Bko7XVKekVO6TGUyPSpv1VXR +QCjlk+PsXyx0DD2+Hb3r69wXJ3Wfxe0K+p6CHIuspJUmNrHdpJOBTO8GbHNxuaD/ +kDJvBq+ZkXEKUm9a5BeU5WiwMwKBgQDLPUkr+Mm2pJIIEBF8z3Lr3bWIbZsinxhM +ErQRAQC0J+oBj1kuUoXYoh1hzQK/E90bM2fRUMhgVGIBvwDMv0c+Z2Fb6zK0r3mP +dOLYGOrfavl/f7zhd4TjzPkAF1fbbYbciFQIWW3//q8PXY68eKvwrhGqT+CCwLef +tWC3xrpLewKBgQC7Ht7abgxa+UsjxQ2Kv+O//Zw0EotAdP2sEBUC9Br+yJpUT99U +cmyeT0nLONBBtxtV7JA6tcR5lmX3CrHg2Yrku7XqVSrySBFppsxGLLslCSTnFdJE +Xf8ksntxyKB8uqkgz40IgWlMLOEACPc19MIgYzAQ2g29xI9J1Xy1x2dUywKBgBFo +HVU7yKLw82TnY2gKKHCVG5Akuw27DIyvaWavbE0BwiQCEARMoxQLxnJy6ZJN9Dj5 +LSIbRh4h/AbkQgBHPaXVmtwRh9U71jB4NVmGwM8DzXyjBx1UbDhKfOUKGsc7WTqY +HoJcjnRHbtzlCW2Q9ED316F7l+H6+X8fPLpgteHzAoGARc6B/pWJWkUVM87ObGmr +hiA5YByyC6Rq8HyFEeXiS2fiQPfQF0UC9Qxq9/CBkezb8v+Yb/UT4ieL26c270s5 +JkyYqMoBLgkOKG6nPDD4hxoR24cFmC090RNQOhwwHskh+KjVmf3c/m9wNBSdHTpt +URu+xdmbaoKaH9dIJMUKasc= +-----END PRIVATE KEY----- diff --git a/certs/ocsp/server1-cert.pem b/certs/ocsp/server1-cert.pem new file mode 100644 index 000000000..eab440bdf --- /dev/null +++ b/certs/ocsp/server1-cert.pem @@ -0,0 +1,279 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 5 (0x5) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL intermediate CA 1/emailAddress=info@wolfssl.com + Validity + Not Before: Dec 15 01:27:23 2015 GMT + Not After : Sep 10 01:27:23 2018 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=www1.wolfssl.com/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:e6:96:55:75:cf:8a:97:68:8c:b6:38:f6:7a:05: + be:33:b6:51:47:37:8a:f7:db:91:be:92:6b:b7:00: + 8c:f2:c5:24:6e:18:e9:92:00:81:01:dc:b3:4c:28: + a9:b7:80:f1:96:cf:23:7a:2f:ae:f8:e3:0f:2d:d3: + 5e:23:e7:db:4c:b2:5d:89:16:17:be:be:81:db:fb: + 12:6d:28:4b:10:a0:12:04:27:c1:c9:d0:79:95:ef: + e8:8d:8c:59:9b:4e:72:7d:bc:49:2b:22:4e:f8:4f: + e2:0c:f1:e9:e9:97:f9:df:8c:5a:0a:aa:38:1d:43: + 04:a3:a7:89:a1:e2:83:a4:4b:b5:4e:45:88:a6:22: + 5d:ac:a9:58:67:88:c1:d5:61:ef:bd:11:05:27:94: + 47:bb:33:a5:8a:ca:ee:1f:8d:c0:6e:24:af:cd:ca: + bf:80:47:71:95:ac:a9:f1:5d:23:6c:f5:4b:b4:a9: + e1:c4:66:fb:e5:c4:a1:9f:a7:51:d1:78:cd:2e:b4: + 3f:2e:e2:82:f3:7f:c4:a7:f4:31:cf:76:27:3f:db: + 2e:d2:6e:c3:47:23:82:a3:48:40:8c:a7:c1:13:f0: + 63:50:54:43:f6:71:12:e1:6f:a5:7a:58:26:f7:fd: + 8b:3b:70:18:a0:43:ba:01:6b:b3:f8:d5:be:05:13: + 64:31 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + CC:55:15:00:E2:44:89:92:63:6D:10:5D:B9:9E:73:B6:5D:3A:19:CA + X509v3 Authority Key Identifier: + keyid:83:C6:3A:89:2C:81:F4:02:D7:9D:4C:E2:2A:C0:71:82:64:44:DA:0E + DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com + serial:01 + + X509v3 Key Usage: + Digital Signature, Non Repudiation, Key Encipherment + Authority Information Access: + OCSP - URI:http://localhost:22221 + + Signature Algorithm: sha256WithRSAEncryption + cc:2e:e2:e4:a8:f6:e8:73:e4:e8:d9:ee:05:e6:2c:a9:0f:54: + d5:b0:be:ce:20:a6:12:38:63:b8:19:32:c1:12:2f:d4:ee:a5: + 73:2b:72:5c:ad:c7:ed:d7:a4:5e:97:d2:a4:fd:9e:db:3d:e0: + df:a2:96:a9:36:c8:e3:f9:93:d6:84:dc:ad:a4:5f:1e:d4:af: + de:b4:05:9a:e5:ac:c6:b4:f4:9b:69:a0:e8:81:28:32:d7:a0: + 83:1b:2d:18:92:87:33:3f:23:11:11:f5:c9:01:11:35:de:44: + 8d:1d:6b:c4:3a:20:72:64:5d:c1:59:60:cb:5c:3b:ca:a0:27: + ab:e6:6c:ac:31:ec:a9:3a:a0:ec:10:e5:48:34:9b:d3:1c:9e: + 1e:93:2a:ba:47:40:b6:5d:45:c4:b9:cb:d6:63:5b:1a:70:26: + 23:f6:0a:41:53:de:ba:02:db:df:ce:df:6d:7a:9c:85:55:a4: + 01:3e:f5:d1:9c:4a:59:bf:1f:f5:83:fa:92:9a:3d:80:4d:49: + aa:f6:92:5f:94:ee:ef:38:b3:71:9f:96:30:7d:b2:d2:8d:bb: + 16:ed:e1:6f:cd:8e:4e:d2:e0:5b:59:5c:dd:95:de:9f:69:63: + d4:b2:54:52:51:40:e5:50:5c:4b:1c:5e:51:5b:10:b7:19:1f: + 31:08:70:cb +-----BEGIN CERTIFICATE----- +MIIE7jCCA9agAwIBAgIBBTANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx +EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM +B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NM +IGludGVybWVkaWF0ZSBDQSAxMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu +Y29tMB4XDTE1MTIxNTAxMjcyM1oXDTE4MDkxMDAxMjcyM1owgZgxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD +VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEZMBcGA1UEAwwQd3d3 +MS53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOaWVXXPipdojLY49noFvjO2 +UUc3ivfbkb6Sa7cAjPLFJG4Y6ZIAgQHcs0woqbeA8ZbPI3ovrvjjDy3TXiPn20yy +XYkWF76+gdv7Em0oSxCgEgQnwcnQeZXv6I2MWZtOcn28SSsiTvhP4gzx6emX+d+M +WgqqOB1DBKOniaHig6RLtU5FiKYiXaypWGeIwdVh770RBSeUR7szpYrK7h+NwG4k +r83Kv4BHcZWsqfFdI2z1S7Sp4cRm++XEoZ+nUdF4zS60Py7igvN/xKf0Mc92Jz/b +LtJuw0cjgqNIQIynwRPwY1BUQ/ZxEuFvpXpYJvf9iztwGKBDugFrs/jVvgUTZDEC +AwEAAaOCATYwggEyMAkGA1UdEwQCMAAwHQYDVR0OBBYEFMxVFQDiRImSY20QXbme +c7ZdOhnKMIHEBgNVHSMEgbwwgbmAFIPGOoksgfQC151M4irAcYJkRNoOoYGdpIGa +MIGXMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwH +U2VhdHRsZTEQMA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcx +GDAWBgNVBAMMD3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3 +b2xmc3NsLmNvbYIBATALBgNVHQ8EBAMCBeAwMgYIKwYBBQUHAQEEJjAkMCIGCCsG +AQUFBzABhhZodHRwOi8vbG9jYWxob3N0OjIyMjIxMA0GCSqGSIb3DQEBCwUAA4IB +AQDMLuLkqPboc+To2e4F5iypD1TVsL7OIKYSOGO4GTLBEi/U7qVzK3Jcrcft16Re +l9Kk/Z7bPeDfopapNsjj+ZPWhNytpF8e1K/etAWa5azGtPSbaaDogSgy16CDGy0Y +koczPyMREfXJARE13kSNHWvEOiByZF3BWWDLXDvKoCer5mysMeypOqDsEOVINJvT +HJ4ekyq6R0C2XUXEucvWY1sacCYj9gpBU966Atvfzt9tepyFVaQBPvXRnEpZvx/1 +g/qSmj2ATUmq9pJflO7vOLNxn5YwfbLSjbsW7eFvzY5O0uBbWVzdld6faWPUslRS +UUDlUFxLHF5RWxC3GR8xCHDL +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com + Validity + Not Before: Dec 15 01:27:23 2015 GMT + Not After : Sep 10 01:27:23 2018 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL intermediate CA 1/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:de:b4:c8:5c:77:e0:2d:b1:f5:b9:ad:16:47:35: + a0:35:65:65:c6:e1:40:ab:1e:b4:b9:13:b7:cb:8c: + bb:77:a5:76:da:6d:87:87:f6:4a:4d:13:e4:26:3e: + 27:87:ee:5b:c7:6a:3f:45:30:61:55:5c:f6:35:d1: + 65:fa:98:11:a3:a7:55:d5:be:91:82:4b:fc:be:90: + d6:50:53:63:9a:2c:22:e1:35:11:dc:78:02:97:8a: + e4:46:92:9c:53:08:76:de:1f:53:b6:b8:ca:77:3e: + 79:6e:bc:d0:e3:0d:30:5b:4c:f6:94:0d:30:29:64: + 9f:04:e5:db:fb:89:60:67:bb:af:26:83:51:77:24: + 2f:2b:0b:a1:94:81:10:98:e8:eb:26:a8:1e:7c:e4: + c4:6c:67:06:95:55:4a:dd:52:f4:f2:60:6d:01:2b: + 19:91:35:6d:a4:08:47:06:71:24:00:d9:de:c6:56: + f3:8b:53:2c:e2:9a:96:a5:f3:62:e5:c4:e3:23:f2: + d2:fc:21:ea:0f:62:76:8d:d5:99:48:ce:dc:58:c4: + bb:7f:da:94:2c:80:74:83:c5:e0:b0:15:7e:41:fd: + 0e:f2:f4:f0:78:76:7b:ad:26:0d:aa:48:96:17:2f: + 21:e3:95:2b:26:37:f9:aa:80:2f:fe:de:f6:5e:bc: + 97:7f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + X509v3 Subject Key Identifier: + 83:C6:3A:89:2C:81:F4:02:D7:9D:4C:E2:2A:C0:71:82:64:44:DA:0E + X509v3 Authority Key Identifier: + keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 + DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com + serial:63 + + X509v3 Key Usage: + Certificate Sign, CRL Sign + Authority Information Access: + OCSP - URI:http://localhost:22220 + + Signature Algorithm: sha256WithRSAEncryption + 1e:07:eb:03:66:a7:54:e8:c5:e1:fe:c9:08:58:91:d8:1b:d6: + c8:69:a5:65:03:a3:1a:f4:eb:9d:cd:4a:c1:9d:cd:ac:39:0b: + 49:09:e7:9c:0f:12:cb:3f:29:e1:9c:d1:f4:68:14:02:2e:d3: + fe:3d:63:3c:26:80:38:91:03:c3:52:52:9e:66:4d:59:d1:80: + 97:eb:91:99:5f:e7:d5:8e:e7:c4:c0:d3:f3:12:2e:c9:05:3a: + 54:ed:38:f3:6f:f3:ae:74:18:47:b5:25:c6:e3:44:8c:27:bd: + 3f:bc:e3:f1:0e:e4:50:ff:4c:ec:30:d6:0d:9f:8f:d0:f6:be: + 43:73:94:8f:48:97:38:7c:e8:8a:53:fd:02:4e:0f:2c:14:53: + f4:4c:80:8a:09:b2:b8:a8:0e:11:75:a6:15:6a:5f:c8:06:7b: + ff:a3:76:d0:e8:70:0a:e0:b1:6d:88:54:06:c2:04:f9:81:b0: + 77:af:a4:80:1b:88:64:5e:db:ff:36:dc:e8:d2:7b:4e:55:40: + 3c:f7:cd:33:f9:66:59:2e:9c:18:c7:50:e6:b5:b9:c1:94:3b: + 78:46:05:a6:24:41:2a:28:b5:e8:92:d0:0d:47:18:e8:cc:6e: + e8:11:d2:2a:94:47:75:b5:80:f2:e8:83:34:cc:7f:22:8a:9e: + 49:be:30:c1 +-----BEGIN CERTIFICATE----- +MIIE8DCCA9igAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx +EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM +B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx +MjE1MDEyNzIzWhcNMTgwOTEwMDEyNzIzWjCBoTELMAkGA1UEBhMCVVMxEzARBgNV +BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT +U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NMIGludGVy +bWVkaWF0ZSBDQSAxMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3rTIXHfgLbH1ua0WRzWgNWVl +xuFAqx60uRO3y4y7d6V22m2Hh/ZKTRPkJj4nh+5bx2o/RTBhVVz2NdFl+pgRo6dV +1b6Rgkv8vpDWUFNjmiwi4TUR3HgCl4rkRpKcUwh23h9TtrjKdz55brzQ4w0wW0z2 +lA0wKWSfBOXb+4lgZ7uvJoNRdyQvKwuhlIEQmOjrJqgefOTEbGcGlVVK3VL08mBt +ASsZkTVtpAhHBnEkANnexlbzi1Ms4pqWpfNi5cTjI/LS/CHqD2J2jdWZSM7cWMS7 +f9qULIB0g8XgsBV+Qf0O8vTweHZ7rSYNqkiWFy8h45UrJjf5qoAv/t72XryXfwID +AQABo4IBOTCCATUwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUg8Y6iSyB9ALXnUzi +KsBxgmRE2g4wgcQGA1UdIwSBvDCBuYAUc7AcpC+Cy89HpTjXsASCOn5yFSGhgZ2k +gZowgZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQH +DAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmlu +ZzEYMBYGA1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkBFhBpbmZv +QHdvbGZzc2wuY29tggFjMAsGA1UdDwQEAwIBBjAyBggrBgEFBQcBAQQmMCQwIgYI +KwYBBQUHMAGGFmh0dHA6Ly9sb2NhbGhvc3Q6MjIyMjAwDQYJKoZIhvcNAQELBQAD +ggEBAB4H6wNmp1ToxeH+yQhYkdgb1shppWUDoxr0653NSsGdzaw5C0kJ55wPEss/ +KeGc0fRoFAIu0/49YzwmgDiRA8NSUp5mTVnRgJfrkZlf59WO58TA0/MSLskFOlTt +OPNv8650GEe1JcbjRIwnvT+84/EO5FD/TOww1g2fj9D2vkNzlI9Ilzh86IpT/QJO +DywUU/RMgIoJsrioDhF1phVqX8gGe/+jdtDocArgsW2IVAbCBPmBsHevpIAbiGRe +2/823OjSe05VQDz3zTP5ZlkunBjHUOa1ucGUO3hGBaYkQSooteiS0A1HGOjMbugR +0iqUR3W1gPLogzTMfyKKnkm+MME= +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 99 (0x63) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com + Validity + Not Before: Dec 15 01:27:23 2015 GMT + Not After : Sep 10 01:27:23 2018 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ab:2c:b4:2f:1d:06:09:ef:4e:29:86:84:7e:cc: + bf:a6:79:7c:f0:c0:c1:64:25:8c:75:b7:10:05:ca: + 48:27:0c:0e:32:1c:b0:fe:99:85:39:b6:b9:a2:f7: + 27:ff:6d:3c:8c:16:73:29:21:7f:8b:a6:54:71:90: + ad:cc:05:b9:9f:15:c7:0a:3f:5f:69:f4:0a:5f:8c: + 71:b5:2c:bf:66:e2:03:9a:32:f4:d2:ec:2a:89:4b: + f9:35:88:14:33:47:4e:2e:05:79:01:ed:64:36:76: + b9:f8:85:cd:01:88:ac:c5:b2:b1:59:b8:cd:5a:f4: + 09:09:38:9b:da:5a:cf:ce:78:99:1f:49:3d:41:d6: + 06:7c:52:99:c8:97:d1:b3:80:3a:a2:4f:36:c4:c5: + 96:30:77:31:38:c8:70:cc:e1:67:06:b3:2b:2f:93: + b5:69:cf:83:7e:88:53:9b:0f:46:21:4c:d6:05:36: + 44:99:60:68:47:e5:32:01:12:d4:10:73:ae:9a:34: + 94:fa:6e:b8:58:4f:7b:5b:8a:92:97:ad:fd:97:b9: + 75:ca:c2:d4:45:7d:17:6b:cd:2f:f3:63:7a:0e:30: + b5:0b:a9:d9:a6:7c:74:60:9d:cc:09:03:43:f1:0f: + 90:d3:b7:fe:6c:9f:d9:cd:78:4b:15:ae:8c:5b:f9: + 99:81 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + X509v3 Subject Key Identifier: + 73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 + X509v3 Authority Key Identifier: + keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 + DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com + serial:63 + + X509v3 Key Usage: + Certificate Sign, CRL Sign + Authority Information Access: + OCSP - URI:http://localhost:22220 + + Signature Algorithm: sha256WithRSAEncryption + 5a:9d:7f:40:a7:10:51:e5:d7:b3:23:dd:e7:25:c2:bc:00:5a: + d0:6e:cf:26:bb:c1:1d:38:89:ac:3c:0c:37:60:6c:aa:8a:54: + 6b:a4:44:79:d5:49:f5:13:ed:bc:00:4c:dd:ed:eb:2e:64:44: + 9c:4c:96:8a:6a:e6:f6:4d:0a:63:f0:f5:18:e3:5e:72:fc:5a: + 3f:1b:4c:27:eb:6e:57:9d:d5:8e:3d:ee:28:3f:1b:7b:e0:25: + b9:0c:95:21:cd:bd:12:8f:4a:c4:b2:cc:80:da:b5:59:49:4d: + 32:d5:96:90:a0:ec:47:8c:15:0b:de:2a:22:be:d6:d4:d7:09: + d1:85:48:4f:33:92:04:30:d1:d5:14:cb:bd:ab:96:06:93:18: + 62:ed:8f:29:f8:b6:66:06:a7:f1:3a:ae:15:62:36:90:89:de: + 41:41:f2:44:35:ea:4c:7b:fc:0b:6f:08:46:09:de:35:5f:e3: + e6:f3:5a:08:70:a4:28:df:a6:c7:17:d1:c3:ec:70:09:c2:06: + c7:12:29:b9:d6:d6:26:7d:2c:df:86:c7:4d:0a:c6:98:2b:61: + 14:b3:b3:29:8e:c1:85:18:db:fd:54:9d:fe:99:a9:90:d1:c6: + 08:2b:4f:6c:16:47:d9:16:fc:7b:0c:84:a7:15:b0:78:41:48: + 87:f5:98:78 +-----BEGIN CERTIFICATE----- +MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx +EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM +B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx +MjE1MDEyNzIzWhcNMTgwOTEwMDEyNzIzWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV +BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT +U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg +Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQCrLLQvHQYJ704phoR+zL+meXzwwMFkJYx1txAF +ykgnDA4yHLD+mYU5trmi9yf/bTyMFnMpIX+LplRxkK3MBbmfFccKP19p9ApfjHG1 +LL9m4gOaMvTS7CqJS/k1iBQzR04uBXkB7WQ2drn4hc0BiKzFsrFZuM1a9AkJOJva +Ws/OeJkfST1B1gZ8UpnIl9GzgDqiTzbExZYwdzE4yHDM4WcGsysvk7Vpz4N+iFOb +D0YhTNYFNkSZYGhH5TIBEtQQc66aNJT6brhYT3tbipKXrf2XuXXKwtRFfRdrzS/z +Y3oOMLULqdmmfHRgncwJA0PxD5DTt/5sn9nNeEsVroxb+ZmBAgMBAAGjggE5MIIB +NTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBRzsBykL4LLz0elONewBII6fnIVITCB +xAYDVR0jBIG8MIG5gBRzsBykL4LLz0elONewBII6fnIVIaGBnaSBmjCBlzELMAkG +A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx +EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD +DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j +b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW +aHR0cDovL2xvY2FsaG9zdDoyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAWp1/QKcQ +UeXXsyPd5yXCvABa0G7PJrvBHTiJrDwMN2BsqopUa6REedVJ9RPtvABM3e3rLmRE +nEyWimrm9k0KY/D1GONecvxaPxtMJ+tuV53Vjj3uKD8be+AluQyVIc29Eo9KxLLM +gNq1WUlNMtWWkKDsR4wVC94qIr7W1NcJ0YVITzOSBDDR1RTLvauWBpMYYu2PKfi2 +Zgan8TquFWI2kIneQUHyRDXqTHv8C28IRgneNV/j5vNaCHCkKN+mxxfRw+xwCcIG +xxIpudbWJn0s34bHTQrGmCthFLOzKY7BhRjb/VSd/pmpkNHGCCtPbBZH2Rb8ewyE +pxWweEFIh/WYeA== +-----END CERTIFICATE----- diff --git a/certs/ocsp/server1-key.pem b/certs/ocsp/server1-key.pem new file mode 100644 index 000000000..e44f63129 --- /dev/null +++ b/certs/ocsp/server1-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDmllV1z4qXaIy2 +OPZ6Bb4ztlFHN4r325G+kmu3AIzyxSRuGOmSAIEB3LNMKKm3gPGWzyN6L6744w8t +014j59tMsl2JFhe+voHb+xJtKEsQoBIEJ8HJ0HmV7+iNjFmbTnJ9vEkrIk74T+IM +8enpl/nfjFoKqjgdQwSjp4mh4oOkS7VORYimIl2sqVhniMHVYe+9EQUnlEe7M6WK +yu4fjcBuJK/Nyr+AR3GVrKnxXSNs9Uu0qeHEZvvlxKGfp1HReM0utD8u4oLzf8Sn +9DHPdic/2y7SbsNHI4KjSECMp8ET8GNQVEP2cRLhb6V6WCb3/Ys7cBigQ7oBa7P4 +1b4FE2QxAgMBAAECggEBAMcAl2DFbOae5FGfd5h3vF8EycCcvuKKLI4775pQb1RV +r8sU1P+cT7o7rsHblh04u0dcHVImNOu3ijISaPyz7R+UEAVve66y23/uf0iVrbL7 +cpEDfsudkFFGa30901elrEm3Za5EPcMvrfdeEHH5Jz02876giS032ZkjzjRYOSRg +TuFhiqjRTMfE6AB63KSRWcb6AYEocHV/jF+IEQcz9ctsv6XKKKJtge4+Y3+gQU4N +ALUE6OjBsD5KpMVuMYBSfTucYi5g2eOK05PoCOR8lTqgvsbof+ALj+84zEpG20aK +p0KdMVwiMolXaYcvKBOGPxZKt7sQaIMitbs0iuErMQECgYEA+cLVZh4qkRnsjPVc +/27qC/VLeWo2QAL7TWC7YgkY0MgNtZXRkJZdKOlzYWo/iJmuxHj7eUFLkoHpPNV2 +X6WG+CGHD1qq/BqLQNlJKS/MtI2VNzOjBJ/J3SktOGo3BwL+Q5uSRNHukQip0YnD +c9GCU4UhfBHr/UNitMBH6N5aPqUCgYEA7FjjTGomVseF5wNbfw2xLjBmRuQ2DDgJ +/OvCtV6it+OiVU9R+cYcz/hVl1QLIkGBHt5hb8O6np4tW5ehKd5LNTtolIO+/BLL +2xPZCLY7U+LES5dgUTC/wb5t5igAmPuOMi9qNQ1kYxbKYJVLRUdwfOM8FNE4gjZF +kj2BIb6OxZ0CgYEAmuXXvWZ2FdmTGHTPwWdDZjkyHtHdZWO0AXA9pnZn2oxH3FdX +SinHCymFsmPXlVtixV0W8UOqn+lMAruMl5MsGtWIUuBzbLj1pjlcI1wOw+ePJFY1 +AxgqdKwl7HgLOqEDmmBwnZfpMi/CSj77ZegIwM2vT6g5yK+zFtCtiGHmbDUCgYBf +L2VLbyzFolGBOk7tGnyTF5b5UguaXC9ZlzGxjc2Gtby5Etr29xy/fUorSgO55hu0 +bOdc9b0BCL9HtgeILyim5ag2t+CA8Kj9MD8mTQ4TuK5Jq0t1J2bzBliIau/irN0V +xRbHCv+1EIas4zOPUTgyc+nMkH5roqPeQ7rv9ijV2QKBgQDJiNmAJv3dlie2x+bj +rX5RDF1Q/egVVGx41jPyuzh0oFLwEQG2lSHEAKgF+gWt0ZMwNzPB9oue2LBSpNFl +7ZdpFCpzD+3OcaxnWYEGT+qNhczbf0PvVNBOzOI33Trr7maktWi0Mh9qmXqoNuwG +uCnrEriJlBk2MV88tIG/ZJ+bvQ== +-----END PRIVATE KEY----- diff --git a/certs/ocsp/server2-cert.pem b/certs/ocsp/server2-cert.pem new file mode 100644 index 000000000..8aa20085f --- /dev/null +++ b/certs/ocsp/server2-cert.pem @@ -0,0 +1,279 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 6 (0x6) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL intermediate CA 1/emailAddress=info@wolfssl.com + Validity + Not Before: Dec 15 01:27:23 2015 GMT + Not After : Sep 10 01:27:23 2018 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=www2.wolfssl.com/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c6:35:8a:e8:aa:bd:33:c9:5e:84:43:67:42:65: + 2a:3c:e3:89:b4:a6:67:a1:3b:ee:6d:85:d1:d3:2b: + 6e:b1:62:d4:f1:22:43:a0:d5:b7:a5:7d:b5:f5:6c: + 09:06:7c:8c:ef:87:af:4f:34:ce:27:eb:f3:4a:37: + 57:c3:d7:d8:ee:e4:a0:77:65:2c:a7:c2:10:65:6b: + 7b:48:c4:d8:28:fe:4c:4e:4f:7e:2f:20:c4:49:5b: + 71:38:40:0d:36:a3:57:b3:44:da:be:cd:54:14:15: + 66:0f:d3:05:08:f2:2e:03:67:2e:5c:5d:e1:b0:e6: + c0:25:8f:58:77:5b:d3:d7:a8:22:ea:56:d3:0e:01: + 6d:38:34:56:47:aa:12:c4:ba:2a:ef:ec:18:f5:d4: + db:b9:fa:6f:dc:50:eb:ee:10:a2:14:b5:9a:12:e1: + e3:85:0f:79:14:b8:70:6d:0d:1c:1d:38:57:85:6a: + 82:0c:d6:bd:2c:bf:20:f1:28:2e:f6:34:80:a7:0d: + 32:82:35:4f:c1:b1:e5:9e:26:d5:f8:b9:39:57:43: + ef:ed:f1:10:5c:3e:32:ba:d9:e4:9e:40:cd:28:ea: + 26:46:9b:a9:34:8d:9f:b9:fd:45:7d:14:f7:ce:ca: + 3b:85:87:a7:64:74:9c:65:29:18:b3:f5:b1:ad:92: + 62:39 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 7D:6D:FD:F6:0B:4F:3F:4A:62:91:F5:F3:13:60:51:86:C3:5A:9F:D6 + X509v3 Authority Key Identifier: + keyid:83:C6:3A:89:2C:81:F4:02:D7:9D:4C:E2:2A:C0:71:82:64:44:DA:0E + DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com + serial:01 + + X509v3 Key Usage: + Digital Signature, Non Repudiation, Key Encipherment + Authority Information Access: + OCSP - URI:http://localhost:22221 + + Signature Algorithm: sha256WithRSAEncryption + 84:39:12:8b:3b:47:c1:57:60:70:5d:21:e4:1f:60:33:20:94: + ab:7d:50:62:55:bf:cc:78:13:40:9d:40:75:14:55:d5:71:e8: + 8a:26:3d:4a:85:94:02:6f:be:1c:84:69:6b:03:9d:74:a7:8c: + f1:0e:e4:4e:79:e3:fc:bd:1f:c7:fb:d6:bb:6e:aa:55:7f:ac: + 6f:da:84:08:b0:97:ef:24:d5:a3:d9:c1:67:78:08:7d:05:18: + c0:58:50:e8:fc:20:65:c6:0a:4e:3a:81:7a:64:0b:81:be:12: + 87:33:18:85:d3:e3:c3:ba:b5:b0:03:9a:16:e3:01:ae:a9:9a: + 9a:ea:84:5f:0e:5c:dd:d4:16:b8:38:e2:63:0a:4f:75:5f:44: + 0b:60:08:f3:d4:df:32:cf:5b:f9:7b:a0:b1:ba:ae:ed:0f:a1: + c5:71:6b:1a:19:13:b7:5f:18:e8:97:51:a2:d3:66:52:b9:8b: + 0e:47:22:c9:61:17:94:80:7c:3d:39:6f:5a:58:18:7b:2e:42: + ea:20:fa:67:58:bf:4c:58:7e:e8:c0:3d:15:08:96:84:57:a8: + 6c:66:58:9d:93:30:64:93:28:7e:cc:1b:a2:e4:f7:d8:69:9c: + 19:07:9f:90:7f:53:a8:4f:59:86:a2:0a:87:c7:35:3d:b7:9d: + 51:61:51:69 +-----BEGIN CERTIFICATE----- +MIIE7jCCA9agAwIBAgIBBjANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx +EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM +B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NM +IGludGVybWVkaWF0ZSBDQSAxMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu +Y29tMB4XDTE1MTIxNTAxMjcyM1oXDTE4MDkxMDAxMjcyM1owgZgxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD +VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEZMBcGA1UEAwwQd3d3 +Mi53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMY1iuiqvTPJXoRDZ0JlKjzj +ibSmZ6E77m2F0dMrbrFi1PEiQ6DVt6V9tfVsCQZ8jO+Hr080zifr80o3V8PX2O7k +oHdlLKfCEGVre0jE2Cj+TE5Pfi8gxElbcThADTajV7NE2r7NVBQVZg/TBQjyLgNn +Llxd4bDmwCWPWHdb09eoIupW0w4BbTg0VkeqEsS6Ku/sGPXU27n6b9xQ6+4QohS1 +mhLh44UPeRS4cG0NHB04V4VqggzWvSy/IPEoLvY0gKcNMoI1T8Gx5Z4m1fi5OVdD +7+3xEFw+MrrZ5J5AzSjqJkabqTSNn7n9RX0U987KO4WHp2R0nGUpGLP1sa2SYjkC +AwEAAaOCATYwggEyMAkGA1UdEwQCMAAwHQYDVR0OBBYEFH1t/fYLTz9KYpH18xNg +UYbDWp/WMIHEBgNVHSMEgbwwgbmAFIPGOoksgfQC151M4irAcYJkRNoOoYGdpIGa +MIGXMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwH +U2VhdHRsZTEQMA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcx +GDAWBgNVBAMMD3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3 +b2xmc3NsLmNvbYIBATALBgNVHQ8EBAMCBeAwMgYIKwYBBQUHAQEEJjAkMCIGCCsG +AQUFBzABhhZodHRwOi8vbG9jYWxob3N0OjIyMjIxMA0GCSqGSIb3DQEBCwUAA4IB +AQCEORKLO0fBV2BwXSHkH2AzIJSrfVBiVb/MeBNAnUB1FFXVceiKJj1KhZQCb74c +hGlrA510p4zxDuROeeP8vR/H+9a7bqpVf6xv2oQIsJfvJNWj2cFneAh9BRjAWFDo +/CBlxgpOOoF6ZAuBvhKHMxiF0+PDurWwA5oW4wGuqZqa6oRfDlzd1Ba4OOJjCk91 +X0QLYAjz1N8yz1v5e6Cxuq7tD6HFcWsaGRO3Xxjol1Gi02ZSuYsORyLJYReUgHw9 +OW9aWBh7LkLqIPpnWL9MWH7owD0VCJaEV6hsZlidkzBkkyh+zBui5PfYaZwZB5+Q +f1OoT1mGogqHxzU9t51RYVFp +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com + Validity + Not Before: Dec 15 01:27:23 2015 GMT + Not After : Sep 10 01:27:23 2018 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL intermediate CA 1/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:de:b4:c8:5c:77:e0:2d:b1:f5:b9:ad:16:47:35: + a0:35:65:65:c6:e1:40:ab:1e:b4:b9:13:b7:cb:8c: + bb:77:a5:76:da:6d:87:87:f6:4a:4d:13:e4:26:3e: + 27:87:ee:5b:c7:6a:3f:45:30:61:55:5c:f6:35:d1: + 65:fa:98:11:a3:a7:55:d5:be:91:82:4b:fc:be:90: + d6:50:53:63:9a:2c:22:e1:35:11:dc:78:02:97:8a: + e4:46:92:9c:53:08:76:de:1f:53:b6:b8:ca:77:3e: + 79:6e:bc:d0:e3:0d:30:5b:4c:f6:94:0d:30:29:64: + 9f:04:e5:db:fb:89:60:67:bb:af:26:83:51:77:24: + 2f:2b:0b:a1:94:81:10:98:e8:eb:26:a8:1e:7c:e4: + c4:6c:67:06:95:55:4a:dd:52:f4:f2:60:6d:01:2b: + 19:91:35:6d:a4:08:47:06:71:24:00:d9:de:c6:56: + f3:8b:53:2c:e2:9a:96:a5:f3:62:e5:c4:e3:23:f2: + d2:fc:21:ea:0f:62:76:8d:d5:99:48:ce:dc:58:c4: + bb:7f:da:94:2c:80:74:83:c5:e0:b0:15:7e:41:fd: + 0e:f2:f4:f0:78:76:7b:ad:26:0d:aa:48:96:17:2f: + 21:e3:95:2b:26:37:f9:aa:80:2f:fe:de:f6:5e:bc: + 97:7f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + X509v3 Subject Key Identifier: + 83:C6:3A:89:2C:81:F4:02:D7:9D:4C:E2:2A:C0:71:82:64:44:DA:0E + X509v3 Authority Key Identifier: + keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 + DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com + serial:63 + + X509v3 Key Usage: + Certificate Sign, CRL Sign + Authority Information Access: + OCSP - URI:http://localhost:22220 + + Signature Algorithm: sha256WithRSAEncryption + 1e:07:eb:03:66:a7:54:e8:c5:e1:fe:c9:08:58:91:d8:1b:d6: + c8:69:a5:65:03:a3:1a:f4:eb:9d:cd:4a:c1:9d:cd:ac:39:0b: + 49:09:e7:9c:0f:12:cb:3f:29:e1:9c:d1:f4:68:14:02:2e:d3: + fe:3d:63:3c:26:80:38:91:03:c3:52:52:9e:66:4d:59:d1:80: + 97:eb:91:99:5f:e7:d5:8e:e7:c4:c0:d3:f3:12:2e:c9:05:3a: + 54:ed:38:f3:6f:f3:ae:74:18:47:b5:25:c6:e3:44:8c:27:bd: + 3f:bc:e3:f1:0e:e4:50:ff:4c:ec:30:d6:0d:9f:8f:d0:f6:be: + 43:73:94:8f:48:97:38:7c:e8:8a:53:fd:02:4e:0f:2c:14:53: + f4:4c:80:8a:09:b2:b8:a8:0e:11:75:a6:15:6a:5f:c8:06:7b: + ff:a3:76:d0:e8:70:0a:e0:b1:6d:88:54:06:c2:04:f9:81:b0: + 77:af:a4:80:1b:88:64:5e:db:ff:36:dc:e8:d2:7b:4e:55:40: + 3c:f7:cd:33:f9:66:59:2e:9c:18:c7:50:e6:b5:b9:c1:94:3b: + 78:46:05:a6:24:41:2a:28:b5:e8:92:d0:0d:47:18:e8:cc:6e: + e8:11:d2:2a:94:47:75:b5:80:f2:e8:83:34:cc:7f:22:8a:9e: + 49:be:30:c1 +-----BEGIN CERTIFICATE----- +MIIE8DCCA9igAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx +EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM +B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx +MjE1MDEyNzIzWhcNMTgwOTEwMDEyNzIzWjCBoTELMAkGA1UEBhMCVVMxEzARBgNV +BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT +U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NMIGludGVy +bWVkaWF0ZSBDQSAxMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3rTIXHfgLbH1ua0WRzWgNWVl +xuFAqx60uRO3y4y7d6V22m2Hh/ZKTRPkJj4nh+5bx2o/RTBhVVz2NdFl+pgRo6dV +1b6Rgkv8vpDWUFNjmiwi4TUR3HgCl4rkRpKcUwh23h9TtrjKdz55brzQ4w0wW0z2 +lA0wKWSfBOXb+4lgZ7uvJoNRdyQvKwuhlIEQmOjrJqgefOTEbGcGlVVK3VL08mBt +ASsZkTVtpAhHBnEkANnexlbzi1Ms4pqWpfNi5cTjI/LS/CHqD2J2jdWZSM7cWMS7 +f9qULIB0g8XgsBV+Qf0O8vTweHZ7rSYNqkiWFy8h45UrJjf5qoAv/t72XryXfwID +AQABo4IBOTCCATUwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUg8Y6iSyB9ALXnUzi +KsBxgmRE2g4wgcQGA1UdIwSBvDCBuYAUc7AcpC+Cy89HpTjXsASCOn5yFSGhgZ2k +gZowgZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQH +DAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmlu +ZzEYMBYGA1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkBFhBpbmZv +QHdvbGZzc2wuY29tggFjMAsGA1UdDwQEAwIBBjAyBggrBgEFBQcBAQQmMCQwIgYI +KwYBBQUHMAGGFmh0dHA6Ly9sb2NhbGhvc3Q6MjIyMjAwDQYJKoZIhvcNAQELBQAD +ggEBAB4H6wNmp1ToxeH+yQhYkdgb1shppWUDoxr0653NSsGdzaw5C0kJ55wPEss/ +KeGc0fRoFAIu0/49YzwmgDiRA8NSUp5mTVnRgJfrkZlf59WO58TA0/MSLskFOlTt +OPNv8650GEe1JcbjRIwnvT+84/EO5FD/TOww1g2fj9D2vkNzlI9Ilzh86IpT/QJO +DywUU/RMgIoJsrioDhF1phVqX8gGe/+jdtDocArgsW2IVAbCBPmBsHevpIAbiGRe +2/823OjSe05VQDz3zTP5ZlkunBjHUOa1ucGUO3hGBaYkQSooteiS0A1HGOjMbugR +0iqUR3W1gPLogzTMfyKKnkm+MME= +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 99 (0x63) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com + Validity + Not Before: Dec 15 01:27:23 2015 GMT + Not After : Sep 10 01:27:23 2018 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ab:2c:b4:2f:1d:06:09:ef:4e:29:86:84:7e:cc: + bf:a6:79:7c:f0:c0:c1:64:25:8c:75:b7:10:05:ca: + 48:27:0c:0e:32:1c:b0:fe:99:85:39:b6:b9:a2:f7: + 27:ff:6d:3c:8c:16:73:29:21:7f:8b:a6:54:71:90: + ad:cc:05:b9:9f:15:c7:0a:3f:5f:69:f4:0a:5f:8c: + 71:b5:2c:bf:66:e2:03:9a:32:f4:d2:ec:2a:89:4b: + f9:35:88:14:33:47:4e:2e:05:79:01:ed:64:36:76: + b9:f8:85:cd:01:88:ac:c5:b2:b1:59:b8:cd:5a:f4: + 09:09:38:9b:da:5a:cf:ce:78:99:1f:49:3d:41:d6: + 06:7c:52:99:c8:97:d1:b3:80:3a:a2:4f:36:c4:c5: + 96:30:77:31:38:c8:70:cc:e1:67:06:b3:2b:2f:93: + b5:69:cf:83:7e:88:53:9b:0f:46:21:4c:d6:05:36: + 44:99:60:68:47:e5:32:01:12:d4:10:73:ae:9a:34: + 94:fa:6e:b8:58:4f:7b:5b:8a:92:97:ad:fd:97:b9: + 75:ca:c2:d4:45:7d:17:6b:cd:2f:f3:63:7a:0e:30: + b5:0b:a9:d9:a6:7c:74:60:9d:cc:09:03:43:f1:0f: + 90:d3:b7:fe:6c:9f:d9:cd:78:4b:15:ae:8c:5b:f9: + 99:81 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + X509v3 Subject Key Identifier: + 73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 + X509v3 Authority Key Identifier: + keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 + DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com + serial:63 + + X509v3 Key Usage: + Certificate Sign, CRL Sign + Authority Information Access: + OCSP - URI:http://localhost:22220 + + Signature Algorithm: sha256WithRSAEncryption + 5a:9d:7f:40:a7:10:51:e5:d7:b3:23:dd:e7:25:c2:bc:00:5a: + d0:6e:cf:26:bb:c1:1d:38:89:ac:3c:0c:37:60:6c:aa:8a:54: + 6b:a4:44:79:d5:49:f5:13:ed:bc:00:4c:dd:ed:eb:2e:64:44: + 9c:4c:96:8a:6a:e6:f6:4d:0a:63:f0:f5:18:e3:5e:72:fc:5a: + 3f:1b:4c:27:eb:6e:57:9d:d5:8e:3d:ee:28:3f:1b:7b:e0:25: + b9:0c:95:21:cd:bd:12:8f:4a:c4:b2:cc:80:da:b5:59:49:4d: + 32:d5:96:90:a0:ec:47:8c:15:0b:de:2a:22:be:d6:d4:d7:09: + d1:85:48:4f:33:92:04:30:d1:d5:14:cb:bd:ab:96:06:93:18: + 62:ed:8f:29:f8:b6:66:06:a7:f1:3a:ae:15:62:36:90:89:de: + 41:41:f2:44:35:ea:4c:7b:fc:0b:6f:08:46:09:de:35:5f:e3: + e6:f3:5a:08:70:a4:28:df:a6:c7:17:d1:c3:ec:70:09:c2:06: + c7:12:29:b9:d6:d6:26:7d:2c:df:86:c7:4d:0a:c6:98:2b:61: + 14:b3:b3:29:8e:c1:85:18:db:fd:54:9d:fe:99:a9:90:d1:c6: + 08:2b:4f:6c:16:47:d9:16:fc:7b:0c:84:a7:15:b0:78:41:48: + 87:f5:98:78 +-----BEGIN CERTIFICATE----- +MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx +EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM +B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx +MjE1MDEyNzIzWhcNMTgwOTEwMDEyNzIzWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV +BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT +U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg +Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQCrLLQvHQYJ704phoR+zL+meXzwwMFkJYx1txAF +ykgnDA4yHLD+mYU5trmi9yf/bTyMFnMpIX+LplRxkK3MBbmfFccKP19p9ApfjHG1 +LL9m4gOaMvTS7CqJS/k1iBQzR04uBXkB7WQ2drn4hc0BiKzFsrFZuM1a9AkJOJva +Ws/OeJkfST1B1gZ8UpnIl9GzgDqiTzbExZYwdzE4yHDM4WcGsysvk7Vpz4N+iFOb +D0YhTNYFNkSZYGhH5TIBEtQQc66aNJT6brhYT3tbipKXrf2XuXXKwtRFfRdrzS/z +Y3oOMLULqdmmfHRgncwJA0PxD5DTt/5sn9nNeEsVroxb+ZmBAgMBAAGjggE5MIIB +NTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBRzsBykL4LLz0elONewBII6fnIVITCB +xAYDVR0jBIG8MIG5gBRzsBykL4LLz0elONewBII6fnIVIaGBnaSBmjCBlzELMAkG +A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx +EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD +DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j +b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW +aHR0cDovL2xvY2FsaG9zdDoyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAWp1/QKcQ +UeXXsyPd5yXCvABa0G7PJrvBHTiJrDwMN2BsqopUa6REedVJ9RPtvABM3e3rLmRE +nEyWimrm9k0KY/D1GONecvxaPxtMJ+tuV53Vjj3uKD8be+AluQyVIc29Eo9KxLLM +gNq1WUlNMtWWkKDsR4wVC94qIr7W1NcJ0YVITzOSBDDR1RTLvauWBpMYYu2PKfi2 +Zgan8TquFWI2kIneQUHyRDXqTHv8C28IRgneNV/j5vNaCHCkKN+mxxfRw+xwCcIG +xxIpudbWJn0s34bHTQrGmCthFLOzKY7BhRjb/VSd/pmpkNHGCCtPbBZH2Rb8ewyE +pxWweEFIh/WYeA== +-----END CERTIFICATE----- diff --git a/certs/ocsp/server2-key.pem b/certs/ocsp/server2-key.pem new file mode 100644 index 000000000..e4b6181e8 --- /dev/null +++ b/certs/ocsp/server2-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDGNYroqr0zyV6E +Q2dCZSo844m0pmehO+5thdHTK26xYtTxIkOg1belfbX1bAkGfIzvh69PNM4n6/NK +N1fD19ju5KB3ZSynwhBla3tIxNgo/kxOT34vIMRJW3E4QA02o1ezRNq+zVQUFWYP +0wUI8i4DZy5cXeGw5sAlj1h3W9PXqCLqVtMOAW04NFZHqhLEuirv7Bj11Nu5+m/c +UOvuEKIUtZoS4eOFD3kUuHBtDRwdOFeFaoIM1r0svyDxKC72NICnDTKCNU/BseWe +JtX4uTlXQ+/t8RBcPjK62eSeQM0o6iZGm6k0jZ+5/UV9FPfOyjuFh6dkdJxlKRiz +9bGtkmI5AgMBAAECggEAL6rWwke1gsvNyD8xiR0tQEF0b5aJW5Q/LeW95WwPjed3 +0Jnt67MaHFmUNfaKYR35Au39si2/2of7FYEjwTyatjETikMxrxKTwOBNYN2+InWt +wjOJ5CmcKwwruVxmERrNT5aiiLp2mvHefrXAAzvC5xycYKhPS6zizuWfX+0ckEM5 +yJnl8TRTjfqExxHS1ciTY4B1w8nfWdYY/xiQW23sCPZ8toqsqAuHJjREmMcj+oer +z8Md1tZNa0ujDy0ejSovCnqzWIi4Umg3SndhRDYKNRAFGPNQmYRM+EWEqQufMaXP +ghD+Heb5RUPSkNW98KdjDGK4WiIeqF45tb+YQ4AvgQKBgQDt2X+FMHG/s7FAEAxA +x6TzIcDedqwEKtO3JbaC+Q0FKwRTGwP1tGOnyqbVrw4cSlza5EvUnK8CZK9I2HFd +qfbP3rtFCtHl9/bpVZPNkaVImzqkfmzmGJIREsCDIPu8THFNyxL2TC27VKCNsSmZ +ui2tuxRJ6/O0DroGdvdnFL89SQKBgQDVVaZjiA5Cr1e5Eo6q3dNNeMSBfTuI90Ja +W1OmVovp2yWYjfFFTW2B9vb4RDaRvIuykGhHgAnGKGmHtv7f0GlY7n6Qr0czvyn5 +6s+fRVIcPzEaTVnxC1g20+XHc41XdqnIOcaUjUz7oqC6g7+Y56WKdvvKitV0Lb98 +ua7ZOM6tcQKBgGWtRMY7H2VD+9HXCmXm8qy9ESYItSBS7o6soIj8zoQXD5I3SkoP +A0sHZqqSWwXdBDTOw1vwXyA2ynfpjwzrS4cxP/0T0wbsKbE11ClcybtwIHGRWhxD +BK4nxgRIZVTpmMYYudJwXlxmoPvxcEc3P6+0+cdgBp5CbWO2F60JQXeBAoGAHxLs +u46z1Q7JTlHfqg/JmX0/0kS1iUvKxHKNCquMkbG0FjaGsDuI+edJLfxxnmTCTG4w +YknKIqz8QiJrmZo33hZPJTACxQzRRm/nciGcxjSGKHif4zZt0P6od5bjPZwxOtL/ +k9/JGNYlZ0WNgO4s9LBEGMqEMPoA7F/3kfhuUmECgYEA6WzFZjs31OqTLE0vnCfL +/b/wPeozaAyjtR/24TNkAFwP/LrBAA5gFOoL8p94ce87yXdm80x3bK6OGbNmor7c +qT/OJgnXV1wTrKYSkFUu7LTC7DihpYy2MqyGg8xGxB4kK1IR+ROB4v3c5RkIqaGF +lTSpXFge771NjCimucIOl/Y= +-----END PRIVATE KEY----- diff --git a/certs/ocsp/server3-cert.pem b/certs/ocsp/server3-cert.pem new file mode 100644 index 000000000..f707abecf --- /dev/null +++ b/certs/ocsp/server3-cert.pem @@ -0,0 +1,279 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 7 (0x7) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL intermediate CA 2/emailAddress=info@wolfssl.com + Validity + Not Before: Dec 15 01:27:23 2015 GMT + Not After : Sep 10 01:27:23 2018 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=www3.wolfssl.com/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:be:19:65:1e:17:39:d4:33:fc:97:64:69:80:51: + fb:6c:7c:ca:e1:ba:2a:ab:d2:dd:30:61:f3:2e:47: + c1:d4:33:c0:ff:53:21:ba:2d:14:a6:b9:7c:66:ca: + 45:7b:1c:7d:8f:fc:75:f3:9a:69:f1:6c:25:46:a0: + 92:5d:00:93:e3:22:a6:60:b9:97:05:37:7f:a1:aa: + cd:22:81:72:b1:22:47:3d:7c:8d:46:55:bc:32:4d: + d2:84:43:5c:15:43:07:22:70:36:39:93:1b:e8:a1: + 46:bb:02:85:ba:1d:31:ac:b1:3c:84:5b:eb:8f:1f: + 62:8a:71:52:9e:0b:63:b6:e6:d6:46:cc:19:06:d6: + bb:06:81:e4:0b:25:14:6c:63:94:70:1a:27:37:95: + 24:40:07:30:f5:24:73:c3:bd:f9:0e:5f:b6:cd:4f: + 18:88:f0:d7:a3:9b:f5:b0:1e:fe:04:03:a5:8d:73: + f7:6b:31:74:85:fd:61:fa:9e:53:37:75:90:e6:f8: + b5:98:66:e8:52:4d:4a:4c:39:05:65:c1:34:f9:c6: + 95:27:b0:07:c1:51:96:a8:82:1b:22:cf:41:df:de: + b4:94:b7:0d:ba:61:fb:f4:40:7c:a1:fc:a2:29:a3: + 47:4d:b4:94:9d:7b:51:ec:e4:13:fb:cd:e9:26:ca: + a7:93 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + C1:CD:C0:2C:34:F4:3B:BB:E3:CA:98:35:7D:6A:15:33:94:5C:11:3A + X509v3 Authority Key Identifier: + keyid:05:D1:BA:86:00:A2:EE:2A:05:24:B7:11:AD:2D:60:F1:90:14:8F:17 + DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com + serial:02 + + X509v3 Key Usage: + Digital Signature, Non Repudiation, Key Encipherment + Authority Information Access: + OCSP - URI:http://localhost:22222 + + Signature Algorithm: sha256WithRSAEncryption + 12:62:57:58:a4:74:c0:b3:f1:d7:63:8b:1d:ba:79:99:88:76: + 5f:88:3b:e3:53:8d:d3:88:d0:98:91:3b:72:31:e9:03:5d:d5: + 1d:fe:6a:59:e8:a0:46:5b:4a:5a:3c:ce:60:27:00:36:68:49: + 35:22:cd:16:01:5f:94:67:5e:80:1a:2f:a6:21:4b:1a:d2:f8: + 70:ba:39:0f:d4:54:44:c8:6d:f4:1c:bc:fa:b3:72:32:e5:56: + 18:b8:c0:4c:98:21:56:36:a3:83:94:60:a9:a1:de:8c:7d:22: + 46:40:ac:92:7c:4a:44:6c:24:36:78:ab:f6:93:4f:44:f6:82: + 2e:ba:bc:7f:45:c2:51:be:fa:05:bb:d1:8a:95:84:38:f0:1d: + c7:66:8d:5e:44:05:26:48:b2:bd:4e:56:7a:17:28:b2:fa:3a: + 25:ce:7e:83:9a:ee:76:b0:02:54:a3:65:78:7c:7b:1e:49:ad: + 7f:65:5e:a8:cc:59:1e:fb:61:27:b6:3f:df:31:11:49:06:01: + 58:55:84:35:3e:f6:db:5a:e9:fd:2f:0a:b0:f7:c7:fb:d9:59: + 86:c6:cd:0c:f2:a6:f9:0a:ef:4b:ab:ca:a6:16:b4:df:0f:0d: + c6:d1:32:4f:0d:f9:a8:2a:28:a1:be:e2:c3:62:7e:74:90:58: + bc:67:89:20 +-----BEGIN CERTIFICATE----- +MIIE7jCCA9agAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx +EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM +B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NM +IGludGVybWVkaWF0ZSBDQSAyMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu +Y29tMB4XDTE1MTIxNTAxMjcyM1oXDTE4MDkxMDAxMjcyM1owgZgxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD +VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEZMBcGA1UEAwwQd3d3 +My53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL4ZZR4XOdQz/JdkaYBR+2x8 +yuG6KqvS3TBh8y5HwdQzwP9TIbotFKa5fGbKRXscfY/8dfOaafFsJUagkl0Ak+Mi +pmC5lwU3f6GqzSKBcrEiRz18jUZVvDJN0oRDXBVDByJwNjmTG+ihRrsChbodMayx +PIRb648fYopxUp4LY7bm1kbMGQbWuwaB5AslFGxjlHAaJzeVJEAHMPUkc8O9+Q5f +ts1PGIjw16Ob9bAe/gQDpY1z92sxdIX9YfqeUzd1kOb4tZhm6FJNSkw5BWXBNPnG +lSewB8FRlqiCGyLPQd/etJS3Dbph+/RAfKH8oimjR020lJ17UezkE/vN6SbKp5MC +AwEAAaOCATYwggEyMAkGA1UdEwQCMAAwHQYDVR0OBBYEFMHNwCw09Du748qYNX1q +FTOUXBE6MIHEBgNVHSMEgbwwgbmAFAXRuoYAou4qBSS3Ea0tYPGQFI8XoYGdpIGa +MIGXMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwH +U2VhdHRsZTEQMA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcx +GDAWBgNVBAMMD3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3 +b2xmc3NsLmNvbYIBAjALBgNVHQ8EBAMCBeAwMgYIKwYBBQUHAQEEJjAkMCIGCCsG +AQUFBzABhhZodHRwOi8vbG9jYWxob3N0OjIyMjIyMA0GCSqGSIb3DQEBCwUAA4IB +AQASYldYpHTAs/HXY4sdunmZiHZfiDvjU43TiNCYkTtyMekDXdUd/mpZ6KBGW0pa +PM5gJwA2aEk1Is0WAV+UZ16AGi+mIUsa0vhwujkP1FREyG30HLz6s3Iy5VYYuMBM +mCFWNqODlGCpod6MfSJGQKySfEpEbCQ2eKv2k09E9oIuurx/RcJRvvoFu9GKlYQ4 +8B3HZo1eRAUmSLK9TlZ6Fyiy+jolzn6Dmu52sAJUo2V4fHseSa1/ZV6ozFke+2En +tj/fMRFJBgFYVYQ1PvbbWun9Lwqw98f72VmGxs0M8qb5Cu9Lq8qmFrTfDw3G0TJP +DfmoKiihvuLDYn50kFi8Z4kg +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com + Validity + Not Before: Dec 15 01:27:23 2015 GMT + Not After : Sep 10 01:27:23 2018 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL intermediate CA 2/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:d0:20:3c:35:19:6f:2c:44:b4:7e:42:c7:75:b4: + 6a:2b:a9:23:85:bf:87:b4:ee:ca:d7:4b:1f:31:d7: + 11:02:a1:ab:58:3d:fb:dc:51:ca:3a:1d:1f:95:a6: + 56:82:f7:8f:ff:6b:50:bb:ea:10:e1:47:1d:35:77: + 2e:4b:28:c5:53:46:23:2b:82:fd:5a:d3:f4:21:db: + 0e:e0:f2:76:33:47:b3:00:be:3a:b1:23:98:53:eb: + ea:a0:de:1b:cc:05:4e:ee:63:a8:2c:93:24:d6:98: + 78:74:03:e4:c8:89:43:61:f1:25:b8:cd:3b:87:c1: + 31:25:fd:ba:4c:fc:29:94:45:9e:69:d7:67:0a:8a: + 8e:d5:52:93:30:a2:0e:dd:6a:1c:b0:94:77:db:52: + 52:b7:89:21:be:96:75:24:cb:e9:49:df:81:9d:9d: + f8:55:7d:01:2a:eb:78:03:12:e2:20:6e:db:63:35: + cd:a1:96:f0:f8:8c:20:35:69:87:01:ca:b4:54:36: + a0:15:e0:23:7d:b9:fb:be:99:05:50:f0:bf:ec:7f: + 12:e1:3d:75:15:4e:c8:c2:30:e6:8b:fe:e5:8b:55: + f8:44:5e:e5:e3:56:e0:66:2d:6f:42:5a:45:6b:96: + aa:c7:5d:41:08:5f:ce:d7:dc:9f:20:e4:46:78:ff: + d9:99 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + X509v3 Subject Key Identifier: + 05:D1:BA:86:00:A2:EE:2A:05:24:B7:11:AD:2D:60:F1:90:14:8F:17 + X509v3 Authority Key Identifier: + keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 + DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com + serial:63 + + X509v3 Key Usage: + Certificate Sign, CRL Sign + Authority Information Access: + OCSP - URI:http://localhost:22220 + + Signature Algorithm: sha256WithRSAEncryption + 6a:f5:af:1f:f7:43:ef:10:74:6d:1f:e5:2e:72:5f:d1:84:40: + c8:60:79:b7:66:2e:46:39:bf:95:ca:fe:83:0a:8a:f4:52:6e: + d2:d3:a5:54:7b:0c:29:35:a0:75:7a:e5:35:5d:99:0a:d9:13: + ca:80:46:a0:a2:6d:d5:c4:ff:0c:d5:da:ec:54:86:df:ce:a7: + 92:1a:c7:f6:12:74:04:74:9f:06:39:82:b1:1e:af:47:de:b5: + b7:21:c1:3b:22:27:e3:d0:3f:70:d3:27:1c:63:e0:01:12:80: + 20:e7:ac:6c:f0:8f:7a:72:54:8a:21:2d:0e:17:6c:9d:01:fd: + 42:96:e1:7a:d5:43:d5:65:9b:0b:7c:dd:b6:90:da:cc:3c:d7: + 7a:d3:e2:63:07:e3:96:a7:96:84:d6:0c:9e:31:e0:72:cd:91: + 54:cf:16:38:af:c8:23:04:ce:98:2c:61:11:28:70:d7:34:69: + 55:b7:e0:5b:87:a6:c4:a4:c5:bf:8f:e0:04:5d:e4:14:22:04: + 21:a1:9b:01:19:50:29:03:9d:81:be:e4:ba:4d:68:1c:2f:e4: + e6:05:02:c2:e7:b4:ef:45:be:80:dc:a3:86:58:cf:02:cf:6a: + 69:8d:2b:69:69:cd:81:27:63:e8:2d:55:2a:00:de:0b:15:2c: + 53:95:72:29 +-----BEGIN CERTIFICATE----- +MIIE8DCCA9igAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx +EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM +B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx +MjE1MDEyNzIzWhcNMTgwOTEwMDEyNzIzWjCBoTELMAkGA1UEBhMCVVMxEzARBgNV +BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT +U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NMIGludGVy +bWVkaWF0ZSBDQSAyMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0CA8NRlvLES0fkLHdbRqK6kj +hb+HtO7K10sfMdcRAqGrWD373FHKOh0flaZWgveP/2tQu+oQ4UcdNXcuSyjFU0Yj +K4L9WtP0IdsO4PJ2M0ezAL46sSOYU+vqoN4bzAVO7mOoLJMk1ph4dAPkyIlDYfEl +uM07h8ExJf26TPwplEWeaddnCoqO1VKTMKIO3WocsJR321JSt4khvpZ1JMvpSd+B +nZ34VX0BKut4AxLiIG7bYzXNoZbw+IwgNWmHAcq0VDagFeAjfbn7vpkFUPC/7H8S +4T11FU7IwjDmi/7li1X4RF7l41bgZi1vQlpFa5aqx11BCF/O19yfIORGeP/ZmQID +AQABo4IBOTCCATUwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUBdG6hgCi7ioFJLcR +rS1g8ZAUjxcwgcQGA1UdIwSBvDCBuYAUc7AcpC+Cy89HpTjXsASCOn5yFSGhgZ2k +gZowgZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQH +DAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmlu +ZzEYMBYGA1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkBFhBpbmZv +QHdvbGZzc2wuY29tggFjMAsGA1UdDwQEAwIBBjAyBggrBgEFBQcBAQQmMCQwIgYI +KwYBBQUHMAGGFmh0dHA6Ly9sb2NhbGhvc3Q6MjIyMjAwDQYJKoZIhvcNAQELBQAD +ggEBAGr1rx/3Q+8QdG0f5S5yX9GEQMhgebdmLkY5v5XK/oMKivRSbtLTpVR7DCk1 +oHV65TVdmQrZE8qARqCibdXE/wzV2uxUht/Op5Iax/YSdAR0nwY5grEer0fetbch +wTsiJ+PQP3DTJxxj4AESgCDnrGzwj3pyVIohLQ4XbJ0B/UKW4XrVQ9Vlmwt83baQ +2sw813rT4mMH45anloTWDJ4x4HLNkVTPFjivyCMEzpgsYREocNc0aVW34FuHpsSk +xb+P4ARd5BQiBCGhmwEZUCkDnYG+5LpNaBwv5OYFAsLntO9FvoDco4ZYzwLPammN +K2lpzYEnY+gtVSoA3gsVLFOVcik= +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 99 (0x63) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com + Validity + Not Before: Dec 15 01:27:23 2015 GMT + Not After : Sep 10 01:27:23 2018 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ab:2c:b4:2f:1d:06:09:ef:4e:29:86:84:7e:cc: + bf:a6:79:7c:f0:c0:c1:64:25:8c:75:b7:10:05:ca: + 48:27:0c:0e:32:1c:b0:fe:99:85:39:b6:b9:a2:f7: + 27:ff:6d:3c:8c:16:73:29:21:7f:8b:a6:54:71:90: + ad:cc:05:b9:9f:15:c7:0a:3f:5f:69:f4:0a:5f:8c: + 71:b5:2c:bf:66:e2:03:9a:32:f4:d2:ec:2a:89:4b: + f9:35:88:14:33:47:4e:2e:05:79:01:ed:64:36:76: + b9:f8:85:cd:01:88:ac:c5:b2:b1:59:b8:cd:5a:f4: + 09:09:38:9b:da:5a:cf:ce:78:99:1f:49:3d:41:d6: + 06:7c:52:99:c8:97:d1:b3:80:3a:a2:4f:36:c4:c5: + 96:30:77:31:38:c8:70:cc:e1:67:06:b3:2b:2f:93: + b5:69:cf:83:7e:88:53:9b:0f:46:21:4c:d6:05:36: + 44:99:60:68:47:e5:32:01:12:d4:10:73:ae:9a:34: + 94:fa:6e:b8:58:4f:7b:5b:8a:92:97:ad:fd:97:b9: + 75:ca:c2:d4:45:7d:17:6b:cd:2f:f3:63:7a:0e:30: + b5:0b:a9:d9:a6:7c:74:60:9d:cc:09:03:43:f1:0f: + 90:d3:b7:fe:6c:9f:d9:cd:78:4b:15:ae:8c:5b:f9: + 99:81 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + X509v3 Subject Key Identifier: + 73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 + X509v3 Authority Key Identifier: + keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 + DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com + serial:63 + + X509v3 Key Usage: + Certificate Sign, CRL Sign + Authority Information Access: + OCSP - URI:http://localhost:22220 + + Signature Algorithm: sha256WithRSAEncryption + 5a:9d:7f:40:a7:10:51:e5:d7:b3:23:dd:e7:25:c2:bc:00:5a: + d0:6e:cf:26:bb:c1:1d:38:89:ac:3c:0c:37:60:6c:aa:8a:54: + 6b:a4:44:79:d5:49:f5:13:ed:bc:00:4c:dd:ed:eb:2e:64:44: + 9c:4c:96:8a:6a:e6:f6:4d:0a:63:f0:f5:18:e3:5e:72:fc:5a: + 3f:1b:4c:27:eb:6e:57:9d:d5:8e:3d:ee:28:3f:1b:7b:e0:25: + b9:0c:95:21:cd:bd:12:8f:4a:c4:b2:cc:80:da:b5:59:49:4d: + 32:d5:96:90:a0:ec:47:8c:15:0b:de:2a:22:be:d6:d4:d7:09: + d1:85:48:4f:33:92:04:30:d1:d5:14:cb:bd:ab:96:06:93:18: + 62:ed:8f:29:f8:b6:66:06:a7:f1:3a:ae:15:62:36:90:89:de: + 41:41:f2:44:35:ea:4c:7b:fc:0b:6f:08:46:09:de:35:5f:e3: + e6:f3:5a:08:70:a4:28:df:a6:c7:17:d1:c3:ec:70:09:c2:06: + c7:12:29:b9:d6:d6:26:7d:2c:df:86:c7:4d:0a:c6:98:2b:61: + 14:b3:b3:29:8e:c1:85:18:db:fd:54:9d:fe:99:a9:90:d1:c6: + 08:2b:4f:6c:16:47:d9:16:fc:7b:0c:84:a7:15:b0:78:41:48: + 87:f5:98:78 +-----BEGIN CERTIFICATE----- +MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx +EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM +B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx +MjE1MDEyNzIzWhcNMTgwOTEwMDEyNzIzWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV +BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT +U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg +Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQCrLLQvHQYJ704phoR+zL+meXzwwMFkJYx1txAF +ykgnDA4yHLD+mYU5trmi9yf/bTyMFnMpIX+LplRxkK3MBbmfFccKP19p9ApfjHG1 +LL9m4gOaMvTS7CqJS/k1iBQzR04uBXkB7WQ2drn4hc0BiKzFsrFZuM1a9AkJOJva +Ws/OeJkfST1B1gZ8UpnIl9GzgDqiTzbExZYwdzE4yHDM4WcGsysvk7Vpz4N+iFOb +D0YhTNYFNkSZYGhH5TIBEtQQc66aNJT6brhYT3tbipKXrf2XuXXKwtRFfRdrzS/z +Y3oOMLULqdmmfHRgncwJA0PxD5DTt/5sn9nNeEsVroxb+ZmBAgMBAAGjggE5MIIB +NTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBRzsBykL4LLz0elONewBII6fnIVITCB +xAYDVR0jBIG8MIG5gBRzsBykL4LLz0elONewBII6fnIVIaGBnaSBmjCBlzELMAkG +A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx +EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD +DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j +b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW +aHR0cDovL2xvY2FsaG9zdDoyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAWp1/QKcQ +UeXXsyPd5yXCvABa0G7PJrvBHTiJrDwMN2BsqopUa6REedVJ9RPtvABM3e3rLmRE +nEyWimrm9k0KY/D1GONecvxaPxtMJ+tuV53Vjj3uKD8be+AluQyVIc29Eo9KxLLM +gNq1WUlNMtWWkKDsR4wVC94qIr7W1NcJ0YVITzOSBDDR1RTLvauWBpMYYu2PKfi2 +Zgan8TquFWI2kIneQUHyRDXqTHv8C28IRgneNV/j5vNaCHCkKN+mxxfRw+xwCcIG +xxIpudbWJn0s34bHTQrGmCthFLOzKY7BhRjb/VSd/pmpkNHGCCtPbBZH2Rb8ewyE +pxWweEFIh/WYeA== +-----END CERTIFICATE----- diff --git a/certs/ocsp/server3-key.pem b/certs/ocsp/server3-key.pem new file mode 100644 index 000000000..30e108011 --- /dev/null +++ b/certs/ocsp/server3-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC+GWUeFznUM/yX +ZGmAUftsfMrhuiqr0t0wYfMuR8HUM8D/UyG6LRSmuXxmykV7HH2P/HXzmmnxbCVG +oJJdAJPjIqZguZcFN3+hqs0igXKxIkc9fI1GVbwyTdKEQ1wVQwcicDY5kxvooUa7 +AoW6HTGssTyEW+uPH2KKcVKeC2O25tZGzBkG1rsGgeQLJRRsY5RwGic3lSRABzD1 +JHPDvfkOX7bNTxiI8Nejm/WwHv4EA6WNc/drMXSF/WH6nlM3dZDm+LWYZuhSTUpM +OQVlwTT5xpUnsAfBUZaoghsiz0Hf3rSUtw26Yfv0QHyh/KIpo0dNtJSde1Hs5BP7 +zekmyqeTAgMBAAECggEARDViddCJnF1m5X9O548C8qM4PJQK2YoYeVK76cAviQ9k +0XgnouCoB0aIn202Tv0jBHXmcJjYKJrQKS5WNe6OIbJ+FjihOmr2bbCWWCowV+Rf +wW0eV71NgJMx1OlCchKRzcaLfk8NdYPgmBtIlkYBW+BgQXGl7L2rIteUeEbH6Yj9 +yCn7ORQeFSbhZJTn2WdXhK3GWjV+1GyHyUyL2SSa2+G2LZ54Ifquq/F6rMGYB9lY +2K6Q6DB18aVxd/I/OYKeyBZcmJ9COgPUW7/fg0He73aduYdVvWZCRP1ygGdqSZFr +oqLVe34bEVFANUKylzRplRJdC4oKSUyTSubiOMKZ+QKBgQDf0mk3PolyvsfE2YGb +9/DsURIxZg14o9Pysp3yD1vvIYNz6WaddtJaj5OM7NzN8spu3wJSoeVgL6KYI6ah +ZTIYqy4ehOGPKBVL7SvLF+7q/QBMTdfllpdK7GLTtjBnz92TZl9bS/rBc9dCnnBC +EDkPPrc3nbk5/ADWd+K4RPG3HwKBgQDZbdiQCKY2ulppRcwjcAEIjhrFpShV21P6 +JNKt17HDBqULIAn+G9T/Gg/6yHWeY1DUgVBu1avb4L3jdnMPe2O+1jeaDzNRo6Xj +9v6PgGsiv4q7gfz7XqVwylUWIY7O52Ox/q+/QJBfwE0qe+E0t4syb44W4QvD9+k7 +fv77R7dFDQKBgQCe0SfVimtvX05TMN9V87YhiVk2ciqm6uDO+s02YI2kfgxPqFMm +8pRKrExPmBcJj/jyeQ2l4rjm6oYeHFX1ed/1PyoHf9SphxCtgoornzzpw0J94lKK +17Nc96Ucgs+QKiAYonCRULWKpY8d91zCk85ZMfBB54nySg2yIPlgNZOqkwKBgFO/ +Xqnj2vm7f7WKv91qd8tuyNsWCVpAl7EC2+8/5GVlOs71MUQiPkFgLYWADuXKBUlE +4dE/FeokP5/McPcmpL3Nzy7U6gRpDy2mZlipsxp4QpyErge4Zery1CEpHdOOBrV5 +jwIQgUuQS2iwvIbMp53uoAEp/5kk9T4IZXguIGZFAoGAMA/j0kHArT7FINf+O6R4 +3EyUTR139emLKHU2OlH/HfHVRZhHo4AmfUYksf+Njb81A6MKFd1XVmNnaumBIfq+ +6Ohoz1VMoO6aUiMMqbmBGaTHc30FVEtAQIRq2C8UDrEN67Sx3O/ngl0Br7lNri29 +LMSCe8fxf8+Kq0k+6tcsht4= +-----END PRIVATE KEY----- diff --git a/certs/ocsp/server4-cert.pem b/certs/ocsp/server4-cert.pem new file mode 100644 index 000000000..a73be3fea --- /dev/null +++ b/certs/ocsp/server4-cert.pem @@ -0,0 +1,279 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 8 (0x8) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL intermediate CA 2/emailAddress=info@wolfssl.com + Validity + Not Before: Dec 15 01:27:23 2015 GMT + Not After : Sep 10 01:27:23 2018 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=www4.wolfssl.com/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:9c:ef:8a:7e:84:4d:58:7a:b1:91:c8:cb:68:76: + df:fe:0a:29:fe:7f:74:35:d5:c3:fd:43:be:d7:89: + fc:59:51:5a:30:e9:50:14:84:24:d0:c8:72:7d:d6: + 75:42:12:8b:16:ad:5a:e8:d3:84:a7:07:2b:9e:12: + ef:6a:cd:3e:83:14:b7:26:a2:53:7b:3d:6c:96:7f: + 9c:c5:09:08:0e:55:08:19:b7:5a:1c:46:32:09:da: + 44:b2:ca:fd:4a:e4:be:d0:02:c9:c9:48:03:13:a5: + ad:3e:7b:21:cf:05:3a:b9:25:f5:c1:b8:4e:4d:eb: + 33:99:d1:50:4a:eb:f7:1a:08:6b:d0:5c:9d:48:eb: + 98:fd:dc:89:0f:aa:74:d3:7f:03:1b:59:65:f5:86: + e1:d9:53:ab:e4:53:ab:85:3c:79:8b:45:39:7b:fd: + e9:a2:10:b9:fa:92:71:0e:68:36:66:6e:8c:fb:e2: + 8a:5d:5f:72:66:b0:47:2d:c5:b4:93:ce:61:7f:90: + 1a:64:02:dd:57:9d:f1:f1:e8:75:21:e2:af:44:e3: + 96:f5:1c:e3:73:87:dc:b7:05:12:ad:a5:8f:0c:d8: + 2c:b4:90:b3:d9:e7:13:e1:e5:5e:4c:9b:24:89:08: + 07:9e:aa:6b:9f:64:01:da:ec:95:05:45:84:d9:a9: + db:c7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 9A:D6:EF:4E:0A:7B:8B:74:E6:14:EC:35:9A:05:2A:94:68:09:61:58 + X509v3 Authority Key Identifier: + keyid:05:D1:BA:86:00:A2:EE:2A:05:24:B7:11:AD:2D:60:F1:90:14:8F:17 + DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com + serial:02 + + X509v3 Key Usage: + Digital Signature, Non Repudiation, Key Encipherment + Authority Information Access: + OCSP - URI:http://localhost:22222 + + Signature Algorithm: sha256WithRSAEncryption + 4e:d7:ac:3b:e2:2a:7c:2d:17:95:15:60:7d:d9:59:5f:53:9d: + d7:e4:8d:cf:9d:34:db:ea:e9:6b:1d:8c:d4:6e:4b:df:53:30: + 3f:8e:5b:65:2e:e6:bb:7b:96:b1:2e:9b:65:fa:72:a8:eb:97: + af:47:33:f5:ae:0b:9b:6f:d6:25:9e:60:e4:b2:e5:88:3b:64: + 26:8c:d4:8b:d5:4b:6b:85:23:c3:08:06:ca:b5:d3:88:f3:6b: + 19:be:16:c0:a6:a3:68:25:4b:68:a2:be:a0:38:51:7b:6f:7d: + a7:74:5f:1a:57:cd:29:01:4c:33:e4:52:bf:b9:f9:52:4e:c5: + a1:85:16:90:e3:c4:26:d7:b2:db:07:75:78:1f:90:99:db:cc: + 18:da:7d:58:af:52:e3:67:6a:8f:d2:33:f3:07:7f:da:09:24: + 54:03:cd:9a:ef:8f:15:f2:11:a9:42:71:d6:0b:6b:c8:76:f4: + 62:65:8c:d8:d3:10:19:af:34:9d:01:86:05:02:59:e8:4b:03: + 6d:06:0d:c4:98:38:b5:f2:85:65:29:74:2a:c2:c6:47:8b:e1: + 0e:d4:ee:9b:5d:a6:a5:55:8d:b0:e7:61:55:de:2e:30:50:cf: + 51:ba:c1:64:c0:3a:d0:55:73:fe:3c:79:e8:d7:33:0c:7e:a2: + dc:df:45:ad +-----BEGIN CERTIFICATE----- +MIIE7jCCA9agAwIBAgIBCDANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx +EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM +B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NM +IGludGVybWVkaWF0ZSBDQSAyMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu +Y29tMB4XDTE1MTIxNTAxMjcyM1oXDTE4MDkxMDAxMjcyM1owgZgxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD +VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEZMBcGA1UEAwwQd3d3 +NC53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJzvin6ETVh6sZHIy2h23/4K +Kf5/dDXVw/1DvteJ/FlRWjDpUBSEJNDIcn3WdUISixatWujThKcHK54S72rNPoMU +tyaiU3s9bJZ/nMUJCA5VCBm3WhxGMgnaRLLK/UrkvtACyclIAxOlrT57Ic8FOrkl +9cG4Tk3rM5nRUErr9xoIa9BcnUjrmP3ciQ+qdNN/AxtZZfWG4dlTq+RTq4U8eYtF +OXv96aIQufqScQ5oNmZujPviil1fcmawRy3FtJPOYX+QGmQC3Ved8fHodSHir0Tj +lvUc43OH3LcFEq2ljwzYLLSQs9nnE+HlXkybJIkIB56qa59kAdrslQVFhNmp28cC +AwEAAaOCATYwggEyMAkGA1UdEwQCMAAwHQYDVR0OBBYEFJrW704Ke4t05hTsNZoF +KpRoCWFYMIHEBgNVHSMEgbwwgbmAFAXRuoYAou4qBSS3Ea0tYPGQFI8XoYGdpIGa +MIGXMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwH +U2VhdHRsZTEQMA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcx +GDAWBgNVBAMMD3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3 +b2xmc3NsLmNvbYIBAjALBgNVHQ8EBAMCBeAwMgYIKwYBBQUHAQEEJjAkMCIGCCsG +AQUFBzABhhZodHRwOi8vbG9jYWxob3N0OjIyMjIyMA0GCSqGSIb3DQEBCwUAA4IB +AQBO16w74ip8LReVFWB92VlfU53X5I3PnTTb6ulrHYzUbkvfUzA/jltlLua7e5ax +Lptl+nKo65evRzP1rgubb9YlnmDksuWIO2QmjNSL1UtrhSPDCAbKtdOI82sZvhbA +pqNoJUtoor6gOFF7b32ndF8aV80pAUwz5FK/uflSTsWhhRaQ48Qm17LbB3V4H5CZ +28wY2n1Yr1LjZ2qP0jPzB3/aCSRUA82a748V8hGpQnHWC2vIdvRiZYzY0xAZrzSd +AYYFAlnoSwNtBg3EmDi18oVlKXQqwsZHi+EO1O6bXaalVY2w52FV3i4wUM9RusFk +wDrQVXP+PHno1zMMfqLc30Wt +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com + Validity + Not Before: Dec 15 01:27:23 2015 GMT + Not After : Sep 10 01:27:23 2018 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL intermediate CA 2/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:d0:20:3c:35:19:6f:2c:44:b4:7e:42:c7:75:b4: + 6a:2b:a9:23:85:bf:87:b4:ee:ca:d7:4b:1f:31:d7: + 11:02:a1:ab:58:3d:fb:dc:51:ca:3a:1d:1f:95:a6: + 56:82:f7:8f:ff:6b:50:bb:ea:10:e1:47:1d:35:77: + 2e:4b:28:c5:53:46:23:2b:82:fd:5a:d3:f4:21:db: + 0e:e0:f2:76:33:47:b3:00:be:3a:b1:23:98:53:eb: + ea:a0:de:1b:cc:05:4e:ee:63:a8:2c:93:24:d6:98: + 78:74:03:e4:c8:89:43:61:f1:25:b8:cd:3b:87:c1: + 31:25:fd:ba:4c:fc:29:94:45:9e:69:d7:67:0a:8a: + 8e:d5:52:93:30:a2:0e:dd:6a:1c:b0:94:77:db:52: + 52:b7:89:21:be:96:75:24:cb:e9:49:df:81:9d:9d: + f8:55:7d:01:2a:eb:78:03:12:e2:20:6e:db:63:35: + cd:a1:96:f0:f8:8c:20:35:69:87:01:ca:b4:54:36: + a0:15:e0:23:7d:b9:fb:be:99:05:50:f0:bf:ec:7f: + 12:e1:3d:75:15:4e:c8:c2:30:e6:8b:fe:e5:8b:55: + f8:44:5e:e5:e3:56:e0:66:2d:6f:42:5a:45:6b:96: + aa:c7:5d:41:08:5f:ce:d7:dc:9f:20:e4:46:78:ff: + d9:99 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + X509v3 Subject Key Identifier: + 05:D1:BA:86:00:A2:EE:2A:05:24:B7:11:AD:2D:60:F1:90:14:8F:17 + X509v3 Authority Key Identifier: + keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 + DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com + serial:63 + + X509v3 Key Usage: + Certificate Sign, CRL Sign + Authority Information Access: + OCSP - URI:http://localhost:22220 + + Signature Algorithm: sha256WithRSAEncryption + 6a:f5:af:1f:f7:43:ef:10:74:6d:1f:e5:2e:72:5f:d1:84:40: + c8:60:79:b7:66:2e:46:39:bf:95:ca:fe:83:0a:8a:f4:52:6e: + d2:d3:a5:54:7b:0c:29:35:a0:75:7a:e5:35:5d:99:0a:d9:13: + ca:80:46:a0:a2:6d:d5:c4:ff:0c:d5:da:ec:54:86:df:ce:a7: + 92:1a:c7:f6:12:74:04:74:9f:06:39:82:b1:1e:af:47:de:b5: + b7:21:c1:3b:22:27:e3:d0:3f:70:d3:27:1c:63:e0:01:12:80: + 20:e7:ac:6c:f0:8f:7a:72:54:8a:21:2d:0e:17:6c:9d:01:fd: + 42:96:e1:7a:d5:43:d5:65:9b:0b:7c:dd:b6:90:da:cc:3c:d7: + 7a:d3:e2:63:07:e3:96:a7:96:84:d6:0c:9e:31:e0:72:cd:91: + 54:cf:16:38:af:c8:23:04:ce:98:2c:61:11:28:70:d7:34:69: + 55:b7:e0:5b:87:a6:c4:a4:c5:bf:8f:e0:04:5d:e4:14:22:04: + 21:a1:9b:01:19:50:29:03:9d:81:be:e4:ba:4d:68:1c:2f:e4: + e6:05:02:c2:e7:b4:ef:45:be:80:dc:a3:86:58:cf:02:cf:6a: + 69:8d:2b:69:69:cd:81:27:63:e8:2d:55:2a:00:de:0b:15:2c: + 53:95:72:29 +-----BEGIN CERTIFICATE----- +MIIE8DCCA9igAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx +EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM +B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx +MjE1MDEyNzIzWhcNMTgwOTEwMDEyNzIzWjCBoTELMAkGA1UEBhMCVVMxEzARBgNV +BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT +U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NMIGludGVy +bWVkaWF0ZSBDQSAyMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0CA8NRlvLES0fkLHdbRqK6kj +hb+HtO7K10sfMdcRAqGrWD373FHKOh0flaZWgveP/2tQu+oQ4UcdNXcuSyjFU0Yj +K4L9WtP0IdsO4PJ2M0ezAL46sSOYU+vqoN4bzAVO7mOoLJMk1ph4dAPkyIlDYfEl +uM07h8ExJf26TPwplEWeaddnCoqO1VKTMKIO3WocsJR321JSt4khvpZ1JMvpSd+B +nZ34VX0BKut4AxLiIG7bYzXNoZbw+IwgNWmHAcq0VDagFeAjfbn7vpkFUPC/7H8S +4T11FU7IwjDmi/7li1X4RF7l41bgZi1vQlpFa5aqx11BCF/O19yfIORGeP/ZmQID +AQABo4IBOTCCATUwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUBdG6hgCi7ioFJLcR +rS1g8ZAUjxcwgcQGA1UdIwSBvDCBuYAUc7AcpC+Cy89HpTjXsASCOn5yFSGhgZ2k +gZowgZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQH +DAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmlu +ZzEYMBYGA1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkBFhBpbmZv +QHdvbGZzc2wuY29tggFjMAsGA1UdDwQEAwIBBjAyBggrBgEFBQcBAQQmMCQwIgYI +KwYBBQUHMAGGFmh0dHA6Ly9sb2NhbGhvc3Q6MjIyMjAwDQYJKoZIhvcNAQELBQAD +ggEBAGr1rx/3Q+8QdG0f5S5yX9GEQMhgebdmLkY5v5XK/oMKivRSbtLTpVR7DCk1 +oHV65TVdmQrZE8qARqCibdXE/wzV2uxUht/Op5Iax/YSdAR0nwY5grEer0fetbch +wTsiJ+PQP3DTJxxj4AESgCDnrGzwj3pyVIohLQ4XbJ0B/UKW4XrVQ9Vlmwt83baQ +2sw813rT4mMH45anloTWDJ4x4HLNkVTPFjivyCMEzpgsYREocNc0aVW34FuHpsSk +xb+P4ARd5BQiBCGhmwEZUCkDnYG+5LpNaBwv5OYFAsLntO9FvoDco4ZYzwLPammN +K2lpzYEnY+gtVSoA3gsVLFOVcik= +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 99 (0x63) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com + Validity + Not Before: Dec 15 01:27:23 2015 GMT + Not After : Sep 10 01:27:23 2018 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ab:2c:b4:2f:1d:06:09:ef:4e:29:86:84:7e:cc: + bf:a6:79:7c:f0:c0:c1:64:25:8c:75:b7:10:05:ca: + 48:27:0c:0e:32:1c:b0:fe:99:85:39:b6:b9:a2:f7: + 27:ff:6d:3c:8c:16:73:29:21:7f:8b:a6:54:71:90: + ad:cc:05:b9:9f:15:c7:0a:3f:5f:69:f4:0a:5f:8c: + 71:b5:2c:bf:66:e2:03:9a:32:f4:d2:ec:2a:89:4b: + f9:35:88:14:33:47:4e:2e:05:79:01:ed:64:36:76: + b9:f8:85:cd:01:88:ac:c5:b2:b1:59:b8:cd:5a:f4: + 09:09:38:9b:da:5a:cf:ce:78:99:1f:49:3d:41:d6: + 06:7c:52:99:c8:97:d1:b3:80:3a:a2:4f:36:c4:c5: + 96:30:77:31:38:c8:70:cc:e1:67:06:b3:2b:2f:93: + b5:69:cf:83:7e:88:53:9b:0f:46:21:4c:d6:05:36: + 44:99:60:68:47:e5:32:01:12:d4:10:73:ae:9a:34: + 94:fa:6e:b8:58:4f:7b:5b:8a:92:97:ad:fd:97:b9: + 75:ca:c2:d4:45:7d:17:6b:cd:2f:f3:63:7a:0e:30: + b5:0b:a9:d9:a6:7c:74:60:9d:cc:09:03:43:f1:0f: + 90:d3:b7:fe:6c:9f:d9:cd:78:4b:15:ae:8c:5b:f9: + 99:81 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + X509v3 Subject Key Identifier: + 73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 + X509v3 Authority Key Identifier: + keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 + DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com + serial:63 + + X509v3 Key Usage: + Certificate Sign, CRL Sign + Authority Information Access: + OCSP - URI:http://localhost:22220 + + Signature Algorithm: sha256WithRSAEncryption + 5a:9d:7f:40:a7:10:51:e5:d7:b3:23:dd:e7:25:c2:bc:00:5a: + d0:6e:cf:26:bb:c1:1d:38:89:ac:3c:0c:37:60:6c:aa:8a:54: + 6b:a4:44:79:d5:49:f5:13:ed:bc:00:4c:dd:ed:eb:2e:64:44: + 9c:4c:96:8a:6a:e6:f6:4d:0a:63:f0:f5:18:e3:5e:72:fc:5a: + 3f:1b:4c:27:eb:6e:57:9d:d5:8e:3d:ee:28:3f:1b:7b:e0:25: + b9:0c:95:21:cd:bd:12:8f:4a:c4:b2:cc:80:da:b5:59:49:4d: + 32:d5:96:90:a0:ec:47:8c:15:0b:de:2a:22:be:d6:d4:d7:09: + d1:85:48:4f:33:92:04:30:d1:d5:14:cb:bd:ab:96:06:93:18: + 62:ed:8f:29:f8:b6:66:06:a7:f1:3a:ae:15:62:36:90:89:de: + 41:41:f2:44:35:ea:4c:7b:fc:0b:6f:08:46:09:de:35:5f:e3: + e6:f3:5a:08:70:a4:28:df:a6:c7:17:d1:c3:ec:70:09:c2:06: + c7:12:29:b9:d6:d6:26:7d:2c:df:86:c7:4d:0a:c6:98:2b:61: + 14:b3:b3:29:8e:c1:85:18:db:fd:54:9d:fe:99:a9:90:d1:c6: + 08:2b:4f:6c:16:47:d9:16:fc:7b:0c:84:a7:15:b0:78:41:48: + 87:f5:98:78 +-----BEGIN CERTIFICATE----- +MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx +EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM +B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx +MjE1MDEyNzIzWhcNMTgwOTEwMDEyNzIzWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV +BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT +U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg +Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQCrLLQvHQYJ704phoR+zL+meXzwwMFkJYx1txAF +ykgnDA4yHLD+mYU5trmi9yf/bTyMFnMpIX+LplRxkK3MBbmfFccKP19p9ApfjHG1 +LL9m4gOaMvTS7CqJS/k1iBQzR04uBXkB7WQ2drn4hc0BiKzFsrFZuM1a9AkJOJva +Ws/OeJkfST1B1gZ8UpnIl9GzgDqiTzbExZYwdzE4yHDM4WcGsysvk7Vpz4N+iFOb +D0YhTNYFNkSZYGhH5TIBEtQQc66aNJT6brhYT3tbipKXrf2XuXXKwtRFfRdrzS/z +Y3oOMLULqdmmfHRgncwJA0PxD5DTt/5sn9nNeEsVroxb+ZmBAgMBAAGjggE5MIIB +NTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBRzsBykL4LLz0elONewBII6fnIVITCB +xAYDVR0jBIG8MIG5gBRzsBykL4LLz0elONewBII6fnIVIaGBnaSBmjCBlzELMAkG +A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx +EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD +DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j +b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW +aHR0cDovL2xvY2FsaG9zdDoyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAWp1/QKcQ +UeXXsyPd5yXCvABa0G7PJrvBHTiJrDwMN2BsqopUa6REedVJ9RPtvABM3e3rLmRE +nEyWimrm9k0KY/D1GONecvxaPxtMJ+tuV53Vjj3uKD8be+AluQyVIc29Eo9KxLLM +gNq1WUlNMtWWkKDsR4wVC94qIr7W1NcJ0YVITzOSBDDR1RTLvauWBpMYYu2PKfi2 +Zgan8TquFWI2kIneQUHyRDXqTHv8C28IRgneNV/j5vNaCHCkKN+mxxfRw+xwCcIG +xxIpudbWJn0s34bHTQrGmCthFLOzKY7BhRjb/VSd/pmpkNHGCCtPbBZH2Rb8ewyE +pxWweEFIh/WYeA== +-----END CERTIFICATE----- diff --git a/certs/ocsp/server4-key.pem b/certs/ocsp/server4-key.pem new file mode 100644 index 000000000..39a93b209 --- /dev/null +++ b/certs/ocsp/server4-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCc74p+hE1YerGR +yMtodt/+Cin+f3Q11cP9Q77XifxZUVow6VAUhCTQyHJ91nVCEosWrVro04SnByue +Eu9qzT6DFLcmolN7PWyWf5zFCQgOVQgZt1ocRjIJ2kSyyv1K5L7QAsnJSAMTpa0+ +eyHPBTq5JfXBuE5N6zOZ0VBK6/caCGvQXJ1I65j93IkPqnTTfwMbWWX1huHZU6vk +U6uFPHmLRTl7/emiELn6knEOaDZmboz74opdX3JmsEctxbSTzmF/kBpkAt1XnfHx +6HUh4q9E45b1HONzh9y3BRKtpY8M2Cy0kLPZ5xPh5V5MmySJCAeeqmufZAHa7JUF +RYTZqdvHAgMBAAECggEAMmlQF6vwHIftGmNh08C72yLwsmvGrLRqLKTiXOJaSWa0 +jhmkO7LnEJoTDREiwYKrYzF0jm3DotPO0wxKFAiyF/FDlAl4v5HPm9iKR1DLYa82 +1uvq6kIyOLAAeV5zVud7093Ra/LR6jHCINv01EddwbPL6dqGbMks3jA6lpaN3bJt +85VSy3h6rC2pIZrGddJxDV5jR2gm4N4j8GJoPWpYIGZa/i+GhFmx0OJfUAWTBsGQ +flt4HxtxoR0OkAQ1MnBbBLqadQQiJ3tt47vD5Ma98GGkuq/l9y2rCuJ/t7sjY7+1 +1dnXrMj4VHKTNYEIkmpNti9lblT55P9v5HAYj4SoIQKBgQDP6/Tf1sf12XKZoQvi +qwww32brRqMnj7xpiK9PfsPdnBvq1u8aApQ2XRsHLkH/aq7S91DdLKhn+5fX9TZq +fGtix0V5/JVB11+0Y8hB6YonKtmTxGPScSKQdsSdnvo27yuBfSSp2QuSqYsAqKdV +dU/F++jAeNJFr5lg+X3zo+7gMwKBgQDBOXB3cO6Xjr1vzkxdtxpbKYTVYK5XGFpy +lGDJ9QasDMD6iX8EsTzp0/3CRtITnfYFBiBDXSFDwoUm7TqjdlDh9ahFcvkre/33 +6SmXqHshn/RBl+JCAKYolw7cJmuWAFrJNZPbnbfiuqDNg8wkD3P2VTVkKWjsDpxA +f+99Xm2yHQKBgBBlWvoLxdjtPMxAlt9Y/a0c8NC80UDdZM4tqSVrqaZgGRN7v38d +lPJ0hR0b2Lh7gS3Bsu6+BsmsXVz6SUA8b3tqm1/zOxHmGfXvqGsKL4rHJkEwy25c +3Yzm0LpdPv31/khHxgxewTrfg8aZhhiHF7NVGhWTcYFtR3sOMZB07PFhAoGAf9to +RkDeQD9druwNsD2HHSeeFCvDcTJWN1djrH+MiLBvydjNyecV7YwvcCy4ue5eavig +xLKNXm8K+LUlhiC2aK7LSBlKM7H6Xd9VfFsqDxfu4rCEMTSIvncmiBqMOlfFuzrO +uhXlJgxkd1ls7bej/i5oA/06xmjsj+mYKZcgcykCgYAbONjSKF28CILSDKLepNqx +euRSnKaSgTjcu8B5C6ZWUY8+EsD3Lw6VK2Xn+PPPSS2+Pw7dgLdYybyCgPOLXV+9 +we3d0OyuIPiLiRpfnHVTXdYQBc7qa8khw12LZpodkXwKT85St8jdwJzL1KTZAWqf +N2KyjDHPGPz8paCzS8LfuQ== +-----END PRIVATE KEY----- diff --git a/certs/ocsp/server5-cert.pem b/certs/ocsp/server5-cert.pem new file mode 100644 index 000000000..066f659fd --- /dev/null +++ b/certs/ocsp/server5-cert.pem @@ -0,0 +1,279 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 9 (0x9) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL REVOKED intermediate CA/emailAddress=info@wolfssl.com + Validity + Not Before: Dec 15 01:27:23 2015 GMT + Not After : Sep 10 01:27:23 2018 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=www5.wolfssl.com/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ac:73:6d:e9:fa:8c:36:72:3e:89:3b:52:29:bd: + 14:70:a2:00:b4:08:58:b6:c6:c0:bf:80:6a:1f:a5: + f0:15:fc:f4:19:a2:67:f9:6a:5d:22:69:2e:9c:29: + 53:1e:5a:4a:d1:27:d5:b8:3b:65:37:8a:a2:eb:1b: + d4:5d:90:11:35:11:af:e3:d1:8c:24:5b:b5:90:c0: + bf:de:cb:7a:05:71:1b:ef:76:d7:9d:43:47:85:dc: + 24:b8:b8:54:fc:53:bf:c3:fd:e1:12:c6:fc:1b:6f: + 95:aa:cf:bb:8e:22:af:83:bd:4e:6b:66:fe:7e:7e: + 98:6f:b1:b9:fc:f9:8a:8a:18:92:9a:4c:27:5d:78: + 6b:e9:d0:14:1c:ed:69:6d:29:4c:4e:52:e6:92:24: + 53:b0:2e:c3:a4:94:8f:20:1c:29:5c:97:70:1a:32: + 85:90:71:f7:d7:a5:99:4f:48:c7:3d:fc:3d:a7:e1: + f9:96:ea:c1:6b:ea:31:e0:9b:fb:68:3e:4b:ad:a4: + 2b:06:90:c2:b4:27:ea:f3:a3:3e:6e:32:75:aa:70: + 6a:e3:33:29:fb:42:09:94:79:a5:eb:3c:4e:89:02: + 77:08:fd:da:ba:fc:14:c6:8e:c1:5e:db:6d:d0:07: + 4f:02:79:60:e7:95:c3:c8:f4:54:83:21:12:79:03: + 7f:e1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 2A:48:B6:8B:00:F0:4B:35:73:94:07:87:52:A3:69:5E:E6:D8:42:87 + X509v3 Authority Key Identifier: + keyid:BB:15:9E:32:4D:E0:F8:AA:8A:B0:2E:0C:17:2B:5A:41:74:4B:06:45 + DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com + serial:03 + + X509v3 Key Usage: + Digital Signature, Non Repudiation, Key Encipherment + Authority Information Access: + OCSP - URI:http://localhost:22223 + + Signature Algorithm: sha256WithRSAEncryption + 65:c1:7f:66:88:19:db:04:76:f3:ec:eb:c8:9c:38:3f:3f:83: + 4c:6c:c9:3a:67:2f:cf:45:8d:72:28:d1:85:64:fd:53:0a:4a: + 4a:22:9d:2f:2f:76:19:f5:97:04:cb:a7:1e:83:43:42:58:01: + ca:9b:25:42:bb:d1:5c:05:4f:c1:94:22:40:df:30:42:c1:be: + b9:f2:c0:a4:64:37:9b:9b:ed:20:44:e8:f0:5c:c6:2f:b6:24: + 7f:13:b8:52:02:61:ac:69:4e:f4:bd:72:9d:e9:31:13:5f:12: + d2:cc:e7:eb:16:b3:84:cc:86:40:ee:f9:e1:4c:d8:ea:73:a1: + 32:2a:2c:c7:f6:ba:4f:bf:ba:35:49:71:4c:d1:83:86:7a:44: + 14:f3:b3:12:02:99:33:01:46:50:e0:0c:74:34:03:45:9d:d2: + 2c:e1:83:31:59:d6:e7:69:8f:26:0a:12:5d:90:97:c4:ae:93: + 67:c6:9b:a9:5b:a0:8f:22:ad:e9:e2:17:74:19:93:92:cb:9c: + cc:30:8e:7e:57:8f:37:44:82:04:f0:29:9e:79:37:0a:d6:55: + 56:8e:b6:eb:d8:0f:a5:c4:ec:65:88:98:15:2f:2a:cd:9f:d8: + 11:26:c6:d7:0e:12:4e:62:c5:5c:92:b2:99:db:c2:72:71:6f: + c1:94:24:06 +-----BEGIN CERTIFICATE----- +MIIE9DCCA9ygAwIBAgIBCTANBgkqhkiG9w0BAQsFADCBpzELMAkGA1UEBhMCVVMx +EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM +B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSgwJgYDVQQDDB93b2xmU1NM +IFJFVk9LRUQgaW50ZXJtZWRpYXRlIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv +bGZzc2wuY29tMB4XDTE1MTIxNTAxMjcyM1oXDTE4MDkxMDAxMjcyM1owgZgxCzAJ +BgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxl +MRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEZMBcGA1UE +AwwQd3d3NS53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3Ns +LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKxzben6jDZyPok7 +Uim9FHCiALQIWLbGwL+Aah+l8BX89BmiZ/lqXSJpLpwpUx5aStEn1bg7ZTeKousb +1F2QETURr+PRjCRbtZDAv97LegVxG+92151DR4XcJLi4VPxTv8P94RLG/BtvlarP +u44ir4O9Tmtm/n5+mG+xufz5iooYkppMJ114a+nQFBztaW0pTE5S5pIkU7Auw6SU +jyAcKVyXcBoyhZBx99elmU9Ixz38Pafh+ZbqwWvqMeCb+2g+S62kKwaQwrQn6vOj +Pm4ydapwauMzKftCCZR5pes8TokCdwj92rr8FMaOwV7bbdAHTwJ5YOeVw8j0VIMh +EnkDf+ECAwEAAaOCATYwggEyMAkGA1UdEwQCMAAwHQYDVR0OBBYEFCpItosA8Es1 +c5QHh1KjaV7m2EKHMIHEBgNVHSMEgbwwgbmAFLsVnjJN4PiqirAuDBcrWkF0SwZF +oYGdpIGaMIGXMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4G +A1UEBwwHU2VhdHRsZTEQMA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5l +ZXJpbmcxGDAWBgNVBAMMD3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQ +aW5mb0B3b2xmc3NsLmNvbYIBAzALBgNVHQ8EBAMCBeAwMgYIKwYBBQUHAQEEJjAk +MCIGCCsGAQUFBzABhhZodHRwOi8vbG9jYWxob3N0OjIyMjIzMA0GCSqGSIb3DQEB +CwUAA4IBAQBlwX9miBnbBHbz7OvInDg/P4NMbMk6Zy/PRY1yKNGFZP1TCkpKIp0v +L3YZ9ZcEy6ceg0NCWAHKmyVCu9FcBU/BlCJA3zBCwb658sCkZDebm+0gROjwXMYv +tiR/E7hSAmGsaU70vXKd6TETXxLSzOfrFrOEzIZA7vnhTNjqc6EyKizH9rpPv7o1 +SXFM0YOGekQU87MSApkzAUZQ4Ax0NANFndIs4YMxWdbnaY8mChJdkJfErpNnxpup +W6CPIq3p4hd0GZOSy5zMMI5+V483RIIE8CmeeTcK1lVWjrbr2A+lxOxliJgVLyrN +n9gRJsbXDhJOYsVckrKZ28JycW/BlCQG +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 3 (0x3) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com + Validity + Not Before: Dec 15 01:27:23 2015 GMT + Not After : Sep 10 01:27:23 2018 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL REVOKED intermediate CA/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:de:c5:04:10:7d:c2:21:e9:12:45:da:d5:ba:28: + fd:a6:f4:30:44:a0:df:f9:70:5e:17:26:97:59:5c: + 31:eb:13:70:ea:4a:dd:58:3e:4f:33:14:66:59:69: + 7a:aa:90:e0:7c:c4:b2:36:c1:0a:f4:df:3e:34:6c: + 1a:e9:2b:f1:a5:92:7e:a9:68:70:ba:a4:68:88:f3: + ec:10:40:64:a5:64:7d:d9:1e:51:49:9d:7f:c8:cc: + 2b:6d:71:2a:06:ff:e6:1f:84:28:8a:c1:ed:a8:52: + f4:89:a5:c0:77:d8:13:66:c2:65:a5:63:03:98:b0: + 4b:05:4f:0c:84:a0:f4:2d:72:73:6b:fa:0d:e1:cf: + 45:27:ed:a3:8c:02:d7:ee:99:e2:a1:f0:e3:a0:ad: + 69:ed:59:e4:27:41:8f:ef:fa:83:73:8f:5f:2b:68: + 89:13:46:26:dc:f6:28:6b:3b:b2:b8:9b:52:2a:17: + 1b:dc:72:45:73:da:75:24:35:8b:00:5e:23:37:64: + 6a:16:74:b8:ee:fe:b7:11:71:be:0a:73:c8:54:c2: + d9:04:d2:1b:f5:53:ac:8d:2a:4f:fe:33:79:e6:5e: + e7:f3:86:d3:dc:bb:4b:d7:39:7f:5b:3c:67:fe:5e: + 88:51:05:96:f2:b4:9a:45:09:4c:51:f0:6a:4d:88: + 2a:17 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + X509v3 Subject Key Identifier: + BB:15:9E:32:4D:E0:F8:AA:8A:B0:2E:0C:17:2B:5A:41:74:4B:06:45 + X509v3 Authority Key Identifier: + keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 + DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com + serial:63 + + X509v3 Key Usage: + Certificate Sign, CRL Sign + Authority Information Access: + OCSP - URI:http://localhost:22220 + + Signature Algorithm: sha256WithRSAEncryption + 0c:5e:0d:55:3c:e7:fb:5e:c2:09:19:c8:0b:f4:c2:b2:2b:14: + 79:dc:e8:63:f6:8a:0c:03:57:9e:15:47:7e:b6:15:a3:71:90: + 01:11:39:4b:ff:3d:13:34:e4:f3:5b:a3:6c:58:4f:00:d5:c4: + b0:63:6c:90:c9:89:a8:5d:16:87:0a:da:08:40:12:b4:94:00: + 3e:44:00:13:de:34:75:90:38:79:d4:c2:39:6d:ed:17:cb:7e: + 50:ff:da:0b:eb:49:1a:66:e6:dd:eb:66:a5:92:ef:68:d5:c9: + 93:8f:aa:c7:2a:92:6b:95:af:3d:74:de:aa:29:fd:c9:53:56: + ad:9f:e0:05:d1:97:0c:01:3b:f1:c6:a6:90:7e:5c:08:11:5e: + c1:77:5d:64:09:56:ea:78:29:15:a3:ea:44:2a:4c:d6:09:a7: + a0:5f:05:54:2a:61:ca:7a:09:07:14:34:c2:0d:c5:93:cd:28: + 8b:62:26:af:30:25:8a:f1:da:65:fa:db:da:84:ab:d5:0c:37: + ae:5d:95:bd:55:2a:4b:09:e0:d3:3d:8b:3c:ea:f2:b9:68:5e: + e6:21:53:8b:28:78:39:f4:bf:9b:dc:92:bc:4b:14:06:fe:17: + 21:64:be:af:20:e8:e7:fb:67:c8:5e:ec:59:bf:27:a4:cb:e3: + 8a:6d:c3:ac +-----BEGIN CERTIFICATE----- +MIIE9jCCA96gAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx +EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM +B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx +MjE1MDEyNzIzWhcNMTgwOTEwMDEyNzIzWjCBpzELMAkGA1UEBhMCVVMxEzARBgNV +BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT +U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSgwJgYDVQQDDB93b2xmU1NMIFJFVk9L +RUQgaW50ZXJtZWRpYXRlIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu +Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3sUEEH3CIekSRdrV +uij9pvQwRKDf+XBeFyaXWVwx6xNw6krdWD5PMxRmWWl6qpDgfMSyNsEK9N8+NGwa +6SvxpZJ+qWhwuqRoiPPsEEBkpWR92R5RSZ1/yMwrbXEqBv/mH4QoisHtqFL0iaXA +d9gTZsJlpWMDmLBLBU8MhKD0LXJza/oN4c9FJ+2jjALX7pniofDjoK1p7VnkJ0GP +7/qDc49fK2iJE0Ym3PYoazuyuJtSKhcb3HJFc9p1JDWLAF4jN2RqFnS47v63EXG+ +CnPIVMLZBNIb9VOsjSpP/jN55l7n84bT3LtL1zl/Wzxn/l6IUQWW8rSaRQlMUfBq +TYgqFwIDAQABo4IBOTCCATUwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUuxWeMk3g ++KqKsC4MFytaQXRLBkUwgcQGA1UdIwSBvDCBuYAUc7AcpC+Cy89HpTjXsASCOn5y +FSGhgZ2kgZowgZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAw +DgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdp +bmVlcmluZzEYMBYGA1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkB +FhBpbmZvQHdvbGZzc2wuY29tggFjMAsGA1UdDwQEAwIBBjAyBggrBgEFBQcBAQQm +MCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9sb2NhbGhvc3Q6MjIyMjAwDQYJKoZIhvcN +AQELBQADggEBAAxeDVU85/tewgkZyAv0wrIrFHnc6GP2igwDV54VR362FaNxkAER +OUv/PRM05PNbo2xYTwDVxLBjbJDJiahdFocK2ghAErSUAD5EABPeNHWQOHnUwjlt +7RfLflD/2gvrSRpm5t3rZqWS72jVyZOPqscqkmuVrz103qop/clTVq2f4AXRlwwB +O/HGppB+XAgRXsF3XWQJVup4KRWj6kQqTNYJp6BfBVQqYcp6CQcUNMINxZPNKIti +Jq8wJYrx2mX629qEq9UMN65dlb1VKksJ4NM9izzq8rloXuYhU4soeDn0v5vckrxL +FAb+FyFkvq8g6Of7Z8he7Fm/J6TL44ptw6w= +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 99 (0x63) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com + Validity + Not Before: Dec 15 01:27:23 2015 GMT + Not After : Sep 10 01:27:23 2018 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ab:2c:b4:2f:1d:06:09:ef:4e:29:86:84:7e:cc: + bf:a6:79:7c:f0:c0:c1:64:25:8c:75:b7:10:05:ca: + 48:27:0c:0e:32:1c:b0:fe:99:85:39:b6:b9:a2:f7: + 27:ff:6d:3c:8c:16:73:29:21:7f:8b:a6:54:71:90: + ad:cc:05:b9:9f:15:c7:0a:3f:5f:69:f4:0a:5f:8c: + 71:b5:2c:bf:66:e2:03:9a:32:f4:d2:ec:2a:89:4b: + f9:35:88:14:33:47:4e:2e:05:79:01:ed:64:36:76: + b9:f8:85:cd:01:88:ac:c5:b2:b1:59:b8:cd:5a:f4: + 09:09:38:9b:da:5a:cf:ce:78:99:1f:49:3d:41:d6: + 06:7c:52:99:c8:97:d1:b3:80:3a:a2:4f:36:c4:c5: + 96:30:77:31:38:c8:70:cc:e1:67:06:b3:2b:2f:93: + b5:69:cf:83:7e:88:53:9b:0f:46:21:4c:d6:05:36: + 44:99:60:68:47:e5:32:01:12:d4:10:73:ae:9a:34: + 94:fa:6e:b8:58:4f:7b:5b:8a:92:97:ad:fd:97:b9: + 75:ca:c2:d4:45:7d:17:6b:cd:2f:f3:63:7a:0e:30: + b5:0b:a9:d9:a6:7c:74:60:9d:cc:09:03:43:f1:0f: + 90:d3:b7:fe:6c:9f:d9:cd:78:4b:15:ae:8c:5b:f9: + 99:81 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + X509v3 Subject Key Identifier: + 73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 + X509v3 Authority Key Identifier: + keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 + DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com + serial:63 + + X509v3 Key Usage: + Certificate Sign, CRL Sign + Authority Information Access: + OCSP - URI:http://localhost:22220 + + Signature Algorithm: sha256WithRSAEncryption + 5a:9d:7f:40:a7:10:51:e5:d7:b3:23:dd:e7:25:c2:bc:00:5a: + d0:6e:cf:26:bb:c1:1d:38:89:ac:3c:0c:37:60:6c:aa:8a:54: + 6b:a4:44:79:d5:49:f5:13:ed:bc:00:4c:dd:ed:eb:2e:64:44: + 9c:4c:96:8a:6a:e6:f6:4d:0a:63:f0:f5:18:e3:5e:72:fc:5a: + 3f:1b:4c:27:eb:6e:57:9d:d5:8e:3d:ee:28:3f:1b:7b:e0:25: + b9:0c:95:21:cd:bd:12:8f:4a:c4:b2:cc:80:da:b5:59:49:4d: + 32:d5:96:90:a0:ec:47:8c:15:0b:de:2a:22:be:d6:d4:d7:09: + d1:85:48:4f:33:92:04:30:d1:d5:14:cb:bd:ab:96:06:93:18: + 62:ed:8f:29:f8:b6:66:06:a7:f1:3a:ae:15:62:36:90:89:de: + 41:41:f2:44:35:ea:4c:7b:fc:0b:6f:08:46:09:de:35:5f:e3: + e6:f3:5a:08:70:a4:28:df:a6:c7:17:d1:c3:ec:70:09:c2:06: + c7:12:29:b9:d6:d6:26:7d:2c:df:86:c7:4d:0a:c6:98:2b:61: + 14:b3:b3:29:8e:c1:85:18:db:fd:54:9d:fe:99:a9:90:d1:c6: + 08:2b:4f:6c:16:47:d9:16:fc:7b:0c:84:a7:15:b0:78:41:48: + 87:f5:98:78 +-----BEGIN CERTIFICATE----- +MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx +EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM +B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx +MjE1MDEyNzIzWhcNMTgwOTEwMDEyNzIzWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV +BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT +U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg +Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQCrLLQvHQYJ704phoR+zL+meXzwwMFkJYx1txAF +ykgnDA4yHLD+mYU5trmi9yf/bTyMFnMpIX+LplRxkK3MBbmfFccKP19p9ApfjHG1 +LL9m4gOaMvTS7CqJS/k1iBQzR04uBXkB7WQ2drn4hc0BiKzFsrFZuM1a9AkJOJva +Ws/OeJkfST1B1gZ8UpnIl9GzgDqiTzbExZYwdzE4yHDM4WcGsysvk7Vpz4N+iFOb +D0YhTNYFNkSZYGhH5TIBEtQQc66aNJT6brhYT3tbipKXrf2XuXXKwtRFfRdrzS/z +Y3oOMLULqdmmfHRgncwJA0PxD5DTt/5sn9nNeEsVroxb+ZmBAgMBAAGjggE5MIIB +NTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBRzsBykL4LLz0elONewBII6fnIVITCB +xAYDVR0jBIG8MIG5gBRzsBykL4LLz0elONewBII6fnIVIaGBnaSBmjCBlzELMAkG +A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx +EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD +DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j +b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW +aHR0cDovL2xvY2FsaG9zdDoyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAWp1/QKcQ +UeXXsyPd5yXCvABa0G7PJrvBHTiJrDwMN2BsqopUa6REedVJ9RPtvABM3e3rLmRE +nEyWimrm9k0KY/D1GONecvxaPxtMJ+tuV53Vjj3uKD8be+AluQyVIc29Eo9KxLLM +gNq1WUlNMtWWkKDsR4wVC94qIr7W1NcJ0YVITzOSBDDR1RTLvauWBpMYYu2PKfi2 +Zgan8TquFWI2kIneQUHyRDXqTHv8C28IRgneNV/j5vNaCHCkKN+mxxfRw+xwCcIG +xxIpudbWJn0s34bHTQrGmCthFLOzKY7BhRjb/VSd/pmpkNHGCCtPbBZH2Rb8ewyE +pxWweEFIh/WYeA== +-----END CERTIFICATE----- diff --git a/certs/ocsp/server5-key.pem b/certs/ocsp/server5-key.pem new file mode 100644 index 000000000..a45a1c6e9 --- /dev/null +++ b/certs/ocsp/server5-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCsc23p+ow2cj6J +O1IpvRRwogC0CFi2xsC/gGofpfAV/PQZomf5al0iaS6cKVMeWkrRJ9W4O2U3iqLr +G9RdkBE1Ea/j0YwkW7WQwL/ey3oFcRvvdtedQ0eF3CS4uFT8U7/D/eESxvwbb5Wq +z7uOIq+DvU5rZv5+fphvsbn8+YqKGJKaTCddeGvp0BQc7WltKUxOUuaSJFOwLsOk +lI8gHClcl3AaMoWQcffXpZlPSMc9/D2n4fmW6sFr6jHgm/toPkutpCsGkMK0J+rz +oz5uMnWqcGrjMyn7QgmUeaXrPE6JAncI/dq6/BTGjsFe223QB08CeWDnlcPI9FSD +IRJ5A3/hAgMBAAECggEABz5+EoMc2rin2dntFKXFswmLIATtvRfSRvkc/CFbWYEb +u+vvlDGcofJrK9IslKzUUb7romaUVOX0/A1aOWfw4RrSGa7WxTw4/1CpfrFreckL +lF6YphmKapwZysyrfUIDXzdN+hzzwC9KyTcauNjKKK2OGsLj0+p7es2rc24EHNLj +vFpNj5TC84qsibATY1ny3tcL7SBcNLtiHsm+0JDagGqlW3ptT0oErrzH6jtUAI9j +LLm87mxwJyp4rBZvnP3s4jnOLLCJH40QyrCPKR6L4bAzSaA9kEnBUu+y1y1PyUP7 +goWIPJmfclDFqgB2U7K/QbbfPFpt8pFB9SmbsoIlMQKBgQDgvgf/pdc6q9jAL9UQ +sTYa+iJJIFcjQKA95aCRoUeUjWvjA+2ROmYgLcMi7pxfNyFvYkaOXjBTL+aqSEWI +wQVbnGK4aqG16w2o/P+bWUatpMMWNbwsZGAkXpcgdrg+SbNjrQ2lY35EdmPc025G +Fqx5ouOk7wDlKWQolIwWDh3WNQKBgQDEb47VbrIo8BNnO/xxVjAsU7uQIYZkr/GR +6V5oN+kIXrttReZnY/bUVrV84r49E3cNfoZXlfZa7fAEVb9GWbZMk+9M/s78aU5M +xeFNj7HBfbgG3I+1SZQZaAEK6BZuq8GRCLV2JKOn9iInVQQL57/qz6APjC/a52zJ +asNmmcdIfQKBgBmEWgIjwUEvG8gOZkGj7UG43sWwv1QIVWlRth5y0l7Cg9pdqs6P +c+L5byt7LhP9fXVZEiu98/yt9qGk3Qg+6i3Rnr/Tk5LFImLqftcTltvGVkQiS8A6 +kVPvzXbpI9gmpBCQKHl7x21ch9AdzWp1zpVs8i3a2R4ryex1mUYzyh11AoGAWhKZ +WS7IDNOA4i50Y/fUYQ8IC2AEAvlWeMScoIc6mLbvlHyf2LrSvK0BzUEfYFwjlBF3 +QoQmEa3XB/XVnkmWuOiAqzqP6NfUqol19R21sXaXQrYyQzt46GlzSPABEUA6oulu +Y70LOgI3yPdHwrnCm8YWq+ppKyRBEt6cuNg8s/UCgYEAl3J4fMTYcDjt4H/OTgba +IjKLPV0LuBUfx/PTA0oi81x1c11fM8a/ZeD0QkXDjjrjXM33mbkR0lzFEl7ZOCnh +sRDkkM8MvOsq4KMGnBLQBN0QvKSgsuYDqIEUmFdMHiyckBjuwntMVXnfKYtEJ1Q9 +zYHlJn4e4/2VqGK9PWrgAtA= +-----END PRIVATE KEY----- diff --git a/certs/renewcerts.sh b/certs/renewcerts.sh index ec4e35e47..de8d8e791 100755 --- a/certs/renewcerts.sh +++ b/certs/renewcerts.sh @@ -202,6 +202,23 @@ function run_renewcerts(){ openssl x509 -in server-ecc-comp.pem -text > tmp.pem mv tmp.pem server-ecc-comp.pem + ########################################################### + ########## update and sign ocsp-cert.pem ################## + ########################################################### + echo "Updating ocsp-cert.pem" + echo "" + #pipe the following arguments to openssl req... + echo -e "US\nMontana\nBozeman\nwolfSSL\nSupport\ocsp.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ocsp/ocsp-key.pem -nodes > ocsp-req.pem + + openssl x509 -req -in ocsp-req.pem -extfile wolfssl.cnf -extensions v3_ocsp -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 03 > ocsp/ocsp-cert.pem + + rm ocsp-req.pem + + openssl x509 -in ca-cert.pem -text > ca_tmp.pem + openssl x509 -in ocsp/ocsp-cert.pem -text > ocsp_tmp.pem + mv ocsp_tmp.pem ocsp/ocsp-cert.pem + cat ca_tmp.pem >> ocsp/ocsp-cert.pem + rm ca_tmp.pem ############################################################ ########## make .der files from .pem files ################# ############################################################ @@ -302,7 +319,7 @@ elif [ ! -z "$1" ]; then echo "" echo "" #else the argument was invalid, tell user to use -h or -help - else + else echo "" echo "That is not a valid option." echo "" @@ -328,7 +345,7 @@ else # check options.h a second time, if the user had # ntru installed on their system and in the default - # path location, then it will now be defined, if the + # path location, then it will now be defined, if the # user does not have ntru on their system this will fail # again and we will not update any certs until user installs # ntru in the default location diff --git a/certs/renewcerts/wolfssl.cnf b/certs/renewcerts/wolfssl.cnf index 7decf9ef9..3da804b44 100644 --- a/certs/renewcerts/wolfssl.cnf +++ b/certs/renewcerts/wolfssl.cnf @@ -1,5 +1,5 @@ # -# wolfssl configuration file +# wolfssl configuration file # HOME = . RANDFILE = $ENV::HOME/.rnd @@ -20,7 +20,7 @@ default_ca = CA_default # The default ca section [ CA_default ] #################################################################### -# CHANGE THIS LINE TO BE YOUR WOLFSSL_ROOT DIRECTORY # +# CHANGE THIS LINE TO BE YOUR WOLFSSL_ROOT DIRECTORY # # # dir = $HOME./.. # #################################################################### @@ -124,6 +124,7 @@ authorityKeyIdentifier=keyid,issuer subjectKeyIdentifier=hash authorityKeyIdentifier=keyid:always,issuer:always basicConstraints=CA:true +authorityInfoAccess = OCSP;URI:http://localhost:22222 # Extensions to add to a certificate request [ v3_req ] @@ -140,6 +141,14 @@ basicConstraints = CA:true [ crl_ext ] authorityKeyIdentifier=keyid:always +# OCSP extensions. +[ v3_ocsp ] +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer:always +keyUsage = nonRepudiation, digitalSignature, keyEncipherment +extendedKeyUsage = OCSPSigning +basicConstraints = CA:false + # These extensions should be added when creating a proxy certificate [ proxy_cert_ext ] basicConstraints=CA:FALSE @@ -158,7 +167,7 @@ dir = ./demoCA # directory serial = $dir/tsaserial # (mandatory) crypto_device = builtin # engine signer_cert = $dir/tsacert.pem # certificate -certs = $dir/cacert.pem # chain +certs = $dir/cacert.pem # chain signer_key = $dir/private/tsakey.pem # (optional) default_policy = tsa_policy1 # Policy other_policies = tsa_policy2, tsa_policy3 # (optional) diff --git a/certs/server-cert.der b/certs/server-cert.der index 0c936a241..1b61be8e9 100644 Binary files a/certs/server-cert.der and b/certs/server-cert.der differ diff --git a/certs/server-cert.pem b/certs/server-cert.pem index 95df724e7..52c22de78 100644 --- a/certs/server-cert.pem +++ b/certs/server-cert.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: May 7 18:21:01 2015 GMT - Not After : Jan 31 18:21:01 2018 GMT + Not Before: Nov 23 12:49:37 2015 GMT + Not After : Aug 19 12:49:37 2018 GMT Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Support, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -37,32 +37,35 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:D9:80:3A:C3:D2:F4:DA:37 + serial:A6:66:38:49:45:9B:DC:81 X509v3 Basic Constraints: CA:TRUE + Authority Information Access: + OCSP - URI:http://localhost:22222 + Signature Algorithm: sha256WithRSAEncryption - 67:c0:2c:a9:43:47:e7:11:14:77:ae:cc:d8:e0:6b:23:82:91: - 63:e8:a8:0d:21:c5:c8:47:97:2f:d5:f3:86:fb:6c:ce:25:f9: - 7c:78:c8:3a:22:68:f2:16:1e:d2:d2:3f:24:04:87:f2:b7:c1: - 62:63:ba:c5:fa:ae:d2:20:81:1a:d2:0c:ae:26:6b:1b:2b:10: - d3:e1:9a:4e:64:6c:97:db:36:a8:8f:f8:05:63:bf:ba:0d:88: - 0b:87:46:c9:e4:64:e3:d7:bd:b8:2d:d5:c1:c3:c4:db:55:68: - dc:a3:7a:40:b9:a9:f6:04:4a:22:cf:98:76:1c:e4:a3:ff:79: - 19:96:57:63:07:6f:f6:32:77:16:50:9b:e3:34:18:d4:eb:be: - fd:b6:6f:e3:c7:f6:85:bf:ac:32:ad:98:57:be:13:92:44:10: - a5:f3:ae:e2:66:da:44:a9:94:71:3f:d0:2f:20:59:87:e4:5a: - 40:ee:d2:e4:0c:ce:25:94:dc:0f:fe:38:e0:41:52:34:5c:bb: - c3:db:c1:5f:76:c3:5d:0e:32:69:2b:9d:01:ed:50:1b:4f:77: - a9:a9:d8:71:30:cb:2e:2c:70:00:ab:78:4b:d7:15:d9:17:f8: - 64:b2:f7:3a:da:e1:0b:8b:0a:e1:4e:b1:03:46:14:ca:94:e3: - 44:77:d7:59 + 71:17:8f:6f:7d:d6:11:01:79:ac:e9:c2:fb:71:69:6b:0c:64: + 91:c1:32:8b:9c:62:72:b5:62:bb:f8:cf:6c:27:df:f0:64:d6: + 4a:55:4f:7f:4a:8b:7b:80:5b:3c:a0:31:b0:25:92:02:02:9c: + 99:a5:8e:0c:61:ef:b4:1e:01:2e:1c:e9:9c:59:2d:ef:6e:03: + 4d:f1:59:e5:5f:69:66:5c:0a:e6:cd:f6:74:20:86:4c:f6:8f: + 22:86:68:7e:fe:67:3f:3d:19:b8:61:ef:c5:a5:58:a8:2a:ce: + d3:2c:a7:1b:dd:c8:59:c7:e7:cf:42:42:db:af:fe:15:82:c9: + e5:53:fa:b4:37:55:67:47:0f:e7:24:88:14:a3:6c:be:5f:72: + 05:5f:56:33:aa:7f:ac:2e:10:92:b7:a2:f9:c1:62:0c:3b:0c: + 69:9a:71:15:11:bc:37:bf:8e:23:14:c2:b1:0d:df:89:45:1e: + df:14:e8:95:35:88:27:a8:ab:dd:7c:23:3f:bb:fe:4e:0e:ea: + a6:ee:f5:77:fb:aa:b8:28:33:f9:61:b0:d2:79:46:a4:ba:a0: + 90:c8:e7:96:8f:27:e9:1e:d0:92:43:bb:84:c7:f3:28:0c:41: + aa:77:39:65:aa:0d:02:b0:e0:4d:b1:17:41:c9:f0:d4:47:87: + fb:0f:f0:40 -----BEGIN CERTIFICATE----- -MIIEnjCCA4agAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx +MIIE1DCCA7ygAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz -bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUwNTA3 -MTgyMTAxWhcNMTgwMTMxMTgyMTAxWjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUxMTIz +MTI0OTM3WhcNMTgwODE5MTI0OTM3WjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxEDAO BgNVBAsMB1N1cHBvcnQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP @@ -71,28 +74,29 @@ f/5cnFF194rKB+c1L4/hvXvAL3yrZKgX/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/X GQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBjxfZ/C1loeHOmjBipAm2vwxkBLrgQ48bM QLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq 0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3uhPSl3PiXSXJag3DOWCktLBpQkIJ -6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAAaOB/DCB+TAdBgNVHQ4EFgQU -sxEyyZKYhOLJ+NA7bgNCyh8OjjwwgckGA1UdIwSBwTCBvoAUJ45nEXTDJh0/7TNj -s6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5h -MRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwK -Q29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcN -AQkBFhBpbmZvQHdvbGZzc2wuY29tggkA2YA6w9L02jcwDAYDVR0TBAUwAwEB/zAN -BgkqhkiG9w0BAQsFAAOCAQEAZ8AsqUNH5xEUd67M2OBrI4KRY+ioDSHFyEeXL9Xz -hvtsziX5fHjIOiJo8hYe0tI/JASH8rfBYmO6xfqu0iCBGtIMriZrGysQ0+GaTmRs -l9s2qI/4BWO/ug2IC4dGyeRk49e9uC3VwcPE21Vo3KN6QLmp9gRKIs+Ydhzko/95 -GZZXYwdv9jJ3FlCb4zQY1Ou+/bZv48f2hb+sMq2YV74TkkQQpfOu4mbaRKmUcT/Q -LyBZh+RaQO7S5AzOJZTcD/444EFSNFy7w9vBX3bDXQ4yaSudAe1QG093qanYcTDL -LixwAKt4S9cV2Rf4ZLL3OtrhC4sK4U6xA0YUypTjRHfXWQ== +6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAAaOCATEwggEtMB0GA1UdDgQW +BBSzETLJkpiE4sn40DtuA0LKHw6OPDCByQYDVR0jBIHBMIG+gBQnjmcRdMMmHT/t +M2OzpNgdMOXo1aGBmqSBlzCBlDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRh +bmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMwEQYDVQQL +DApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG +9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CCQCmZjhJRZvcgTAMBgNVHRMEBTADAQH/ +MDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL2xvY2FsaG9zdDoy +MjIyMjANBgkqhkiG9w0BAQsFAAOCAQEAcRePb33WEQF5rOnC+3FpawxkkcEyi5xi +crViu/jPbCff8GTWSlVPf0qLe4BbPKAxsCWSAgKcmaWODGHvtB4BLhzpnFkt724D +TfFZ5V9pZlwK5s32dCCGTPaPIoZofv5nPz0ZuGHvxaVYqCrO0yynG93IWcfnz0JC +26/+FYLJ5VP6tDdVZ0cP5ySIFKNsvl9yBV9WM6p/rC4Qkrei+cFiDDsMaZpxFRG8 +N7+OIxTCsQ3fiUUe3xTolTWIJ6ir3XwjP7v+Tg7qpu71d/uquCgz+WGw0nlGpLqg +kMjnlo8n6R7QkkO7hMfzKAxBqnc5ZaoNArDgTbEXQcnw1EeH+w/wQA== -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) - Serial Number: 15672591315981621815 (0xd9803ac3d2f4da37) + Serial Number: 11990332945272134785 (0xa6663849459bdc81) Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: May 7 18:21:01 2015 GMT - Not After : Jan 31 18:21:01 2018 GMT + Not Before: Nov 23 12:49:37 2015 GMT + Not After : Aug 19 12:49:37 2018 GMT Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -123,32 +127,35 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:D9:80:3A:C3:D2:F4:DA:37 + serial:A6:66:38:49:45:9B:DC:81 X509v3 Basic Constraints: CA:TRUE + Authority Information Access: + OCSP - URI:http://localhost:22222 + Signature Algorithm: sha256WithRSAEncryption - 7a:af:44:3b:aa:6f:53:42:b2:33:aa:43:5f:56:30:d3:b9:96: - 0b:9a:55:5a:39:2a:0b:4e:e4:2e:f1:95:66:c9:86:36:82:8d: - 63:7c:4d:a2:ee:48:ba:03:c7:90:d7:a7:c6:74:60:48:5f:31: - a2:f9:5e:3e:c3:82:e1:e5:2f:41:81:83:29:25:79:d1:53:00: - 69:3c:ed:0a:30:3b:41:1d:92:a1:2c:a8:9d:2c:e3:23:87:79: - e0:55:6e:91:a8:50:da:46:2f:c2:20:50:3e:2b:47:97:14:b0: - 7d:04:ba:45:51:d0:6e:e1:5a:a2:4b:84:9c:4d:cd:85:04:f9: - 28:31:82:93:bc:c7:59:49:91:03:e8:df:6a:e4:56:ad:6a:cb: - 1f:0d:37:e4:5e:bd:e7:9f:d5:ec:9d:3c:18:25:9b:f1:2f:50: - 7d:eb:31:cb:f1:63:22:9d:57:fc:f3:84:20:1a:c6:07:87:92: - 26:9e:15:18:59:33:06:dc:fb:b0:b6:76:5d:f1:c1:2f:c8:2f: - 62:9c:c0:d6:de:eb:65:77:f3:5c:a6:c3:88:27:96:75:b4:f4: - 54:cd:ff:2d:21:2e:96:f0:07:73:4b:e9:93:92:90:de:62:d9: - a3:3b:ac:6e:24:5f:27:4a:b3:94:70:ff:30:17:e7:7e:32:8f: - 65:b7:75:58 + 41:8f:fb:6b:65:6b:36:f2:56:4f:0c:48:b0:4d:8c:c2:cb:d6: + 58:7a:83:3a:30:7d:62:7b:86:f1:15:26:b3:26:02:77:f2:c8: + 57:e5:1e:60:68:8b:a4:e8:f3:a8:b2:88:a4:2f:e8:6e:25:8d: + 6b:dc:53:ab:2f:d3:47:8c:d6:27:ab:39:bc:d3:ca:d8:01:96: + a4:44:57:38:93:ab:c3:f3:95:67:7f:cf:25:1d:b7:04:dc:06: + c9:5d:24:c1:54:13:71:81:21:31:ee:9f:b4:9d:ce:98:66:a4: + a0:77:c1:88:18:a4:d1:36:ee:cd:d8:c1:1b:bc:03:d6:85:9a: + 2e:21:82:95:4c:b2:2a:fe:69:db:ac:e4:97:e1:e9:0e:f1:d3: + ef:20:86:03:01:66:6b:f0:26:0f:39:04:26:f5:42:98:3f:95: + 48:5f:b5:5d:bc:49:4c:81:38:d5:e9:72:32:1c:66:1b:12:80: + 0f:db:99:f0:97:67:61:79:ad:ab:be:6a:ea:aa:cc:3d:f9:40: + 99:00:93:bb:df:4b:41:d4:7f:f1:93:b2:70:83:3a:e3:6b:44: + 4b:1f:9f:77:53:ea:5d:e6:59:1e:c0:2d:4b:83:d6:f4:a3:d4: + a9:c3:91:12:e7:61:3f:56:9d:8f:b8:19:29:62:1b:58:df:73: + 99:1f:49:63 -----BEGIN CERTIFICATE----- -MIIEqjCCA5KgAwIBAgIJANmAOsPS9No3MA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD +MIIE4DCCA8igAwIBAgIJAKZmOElFm9yBMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3 dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe -Fw0xNTA1MDcxODIxMDFaFw0xODAxMzExODIxMDFaMIGUMQswCQYDVQQGEwJVUzEQ +Fw0xNTExMjMxMjQ5MzdaFw0xODA4MTkxMjQ5MzdaMIGUMQswCQYDVQQGEwJVUzEQ MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3 dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI @@ -157,16 +164,18 @@ mNOs3gNm7irx2LB9bgdUCxCYIU2AyxIg58xP3kV9yXJ3MurKkLtpUhADL6jzlcXx i2JWG+9nb6QQQZWtCpvjpcCw0nB2UDBbqOgILHztp6J6jTgpHKzH7fJ8lbCVgn1J XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc /hr8fat6Nj+Y3oR8BWfOahQ4h6nxjLVoy2h/cSAr9aBj9VYvoybSt2+xWhfXOJkI -/pNYb/7DE0kIFgunTWcAUjFnI06Y7VFFHbkE2Qvs2CizS73tNnkCAwEAAaOB/DCB -+TAdBgNVHQ4EFgQUJ45nEXTDJh0/7TNjs6TYHTDl6NUwgckGA1UdIwSBwTCBvoAU -J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD -VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 -aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t -MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkA2YA6w9L02jcwDAYD -VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAeq9EO6pvU0KyM6pDX1Yw07mW -C5pVWjkqC07kLvGVZsmGNoKNY3xNou5IugPHkNenxnRgSF8xovlePsOC4eUvQYGD -KSV50VMAaTztCjA7QR2SoSyonSzjI4d54FVukahQ2kYvwiBQPitHlxSwfQS6RVHQ -buFaokuEnE3NhQT5KDGCk7zHWUmRA+jfauRWrWrLHw035F6955/V7J08GCWb8S9Q -fesxy/FjIp1X/POEIBrGB4eSJp4VGFkzBtz7sLZ2XfHBL8gvYpzA1t7rZXfzXKbD -iCeWdbT0VM3/LSEulvAHc0vpk5KQ3mLZozusbiRfJ0qzlHD/MBfnfjKPZbd1WA== +/pNYb/7DE0kIFgunTWcAUjFnI06Y7VFFHbkE2Qvs2CizS73tNnkCAwEAAaOCATEw +ggEtMB0GA1UdDgQWBBQnjmcRdMMmHT/tM2OzpNgdMOXo1TCByQYDVR0jBIHBMIG+ +gBQnjmcRdMMmHT/tM2OzpNgdMOXo1aGBmqSBlzCBlDELMAkGA1UEBhMCVVMxEDAO +BgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rv +b3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5j +b20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CCQCmZjhJRZvcgTAM +BgNVHRMEBTADAQH/MDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDov +L2xvY2FsaG9zdDoyMjIyMjANBgkqhkiG9w0BAQsFAAOCAQEAQY/7a2VrNvJWTwxI +sE2MwsvWWHqDOjB9YnuG8RUmsyYCd/LIV+UeYGiLpOjzqLKIpC/obiWNa9xTqy/T +R4zWJ6s5vNPK2AGWpERXOJOrw/OVZ3/PJR23BNwGyV0kwVQTcYEhMe6ftJ3OmGak +oHfBiBik0TbuzdjBG7wD1oWaLiGClUyyKv5p26zkl+HpDvHT7yCGAwFma/AmDzkE +JvVCmD+VSF+1XbxJTIE41elyMhxmGxKAD9uZ8JdnYXmtq75q6qrMPflAmQCTu99L +QdR/8ZOycIM642tESx+fd1PqXeZZHsAtS4PW9KPUqcOREudhP1adj7gZKWIbWN9z +mR9JYw== -----END CERTIFICATE----- diff --git a/certs/server-ecc-comp.pem b/certs/server-ecc-comp.pem index 50b74f85b..a525a11e8 100644 --- a/certs/server-ecc-comp.pem +++ b/certs/server-ecc-comp.pem @@ -1,12 +1,12 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: 17764616133298603308 (0xf6889840946fc52c) + Serial Number: 11822929415875787476 (0xa4137ba9c5cafad4) Signature Algorithm: ecdsa-with-SHA256 Issuer: C=US, ST=Montana, L=Bozeman, O=Elliptic - comp, OU=Server ECC-comp, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: May 7 18:21:01 2015 GMT - Not After : Jan 31 18:21:01 2018 GMT + Not Before: Nov 23 12:49:37 2015 GMT + Not After : Aug 19 12:49:37 2018 GMT Subject: C=US, ST=Montana, L=Bozeman, O=Elliptic - comp, OU=Server ECC-comp, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: id-ecPublicKey @@ -22,31 +22,35 @@ Certificate: X509v3 Authority Key Identifier: keyid:8C:38:3A:6B:B8:24:B7:DF:6E:F4:59:AC:56:4E:AA:E2:58:A6:5A:18 DirName:/C=US/ST=Montana/L=Bozeman/O=Elliptic - comp/OU=Server ECC-comp/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:F6:88:98:40:94:6F:C5:2C + serial:A4:13:7B:A9:C5:CA:FA:D4 X509v3 Basic Constraints: CA:TRUE + Authority Information Access: + OCSP - URI:http://localhost:22222 + Signature Algorithm: ecdsa-with-SHA256 - 30:46:02:21:00:9c:f8:3e:f6:5e:cd:da:b1:08:fe:e2:bd:78: - 14:b5:33:b3:29:69:d0:a0:de:19:05:ec:c3:46:29:01:8c:4c: - 56:02:21:00:e2:e7:ea:37:c1:08:f6:15:73:0c:92:4f:25:63: - f6:53:96:31:4c:9f:1d:1a:1f:c0:a0:a3:48:bd:71:ce:13:11 + 30:44:02:20:49:71:5d:49:af:24:71:91:d3:64:0f:f2:bd:be: + 51:47:4e:5b:04:c4:04:fe:bf:16:73:d1:7a:a5:05:fe:19:99: + 02:20:2c:ab:64:34:e8:c7:7b:c7:79:38:32:64:d9:e1:1b:e8: + 1e:d6:31:67:ef:e2:67:4b:e3:86:7f:94:cb:fa:d2:d4 -----BEGIN CERTIFICATE----- -MIIDJTCCAsqgAwIBAgIJAPaImECUb8UsMAoGCCqGSM49BAMCMIGgMQswCQYDVQQG +MIIDVzCCAv6gAwIBAgIJAKQTe6nFyvrUMAoGCCqGSM49BAMCMIGgMQswCQYDVQQG EwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEYMBYGA1UE CgwPRWxsaXB0aWMgLSBjb21wMRgwFgYDVQQLDA9TZXJ2ZXIgRUNDLWNvbXAxGDAW BgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xm -c3NsLmNvbTAeFw0xNTA1MDcxODIxMDFaFw0xODAxMzExODIxMDFaMIGgMQswCQYD +c3NsLmNvbTAeFw0xNTExMjMxMjQ5MzdaFw0xODA4MTkxMjQ5MzdaMIGgMQswCQYD VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEYMBYG A1UECgwPRWxsaXB0aWMgLSBjb21wMRgwFgYDVQQLDA9TZXJ2ZXIgRUNDLWNvbXAx GDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3 b2xmc3NsLmNvbTA5MBMGByqGSM49AgEGCCqGSM49AwEHAyIAArszrEwnUErGSqUE -wzzenzbbci3OlOor+ssgCTksFuhho4IBCTCCAQUwHQYDVR0OBBYEFIw4Omu4JLff +wzzenzbbci3OlOor+ssgCTksFuhho4IBPTCCATkwHQYDVR0OBBYEFIw4Omu4JLff bvRZrFZOquJYploYMIHVBgNVHSMEgc0wgcqAFIw4Omu4JLffbvRZrFZOquJYploY oYGmpIGjMIGgMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UE BwwHQm96ZW1hbjEYMBYGA1UECgwPRWxsaXB0aWMgLSBjb21wMRgwFgYDVQQLDA9T ZXJ2ZXIgRUNDLWNvbXAxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG -SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJAPaImECUb8UsMAwGA1UdEwQFMAMB -Af8wCgYIKoZIzj0EAwIDSQAwRgIhAJz4PvZezdqxCP7ivXgUtTOzKWnQoN4ZBezD -RikBjExWAiEA4ufqN8EI9hVzDJJPJWP2U5YxTJ8dGh/AoKNIvXHOExE= +SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJAKQTe6nFyvrUMAwGA1UdEwQFMAMB +Af8wMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzABhhZodHRwOi8vbG9jYWxob3N0 +OjIyMjIyMAoGCCqGSM49BAMCA0cAMEQCIElxXUmvJHGR02QP8r2+UUdOWwTEBP6/ +FnPReqUF/hmZAiAsq2Q06Md7x3k4MmTZ4RvoHtYxZ+/iZ0vjhn+Uy/rS1A== -----END CERTIFICATE----- diff --git a/certs/server-ecc-rsa.pem b/certs/server-ecc-rsa.pem index 4c90d1dd4..9e65019dd 100644 --- a/certs/server-ecc-rsa.pem +++ b/certs/server-ecc-rsa.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: May 7 18:21:01 2015 GMT - Not After : Jan 31 18:21:01 2018 GMT + Not Before: Nov 23 12:49:37 2015 GMT + Not After : Aug 19 12:49:37 2018 GMT Subject: C=US, ST=Montana, L=Bozeman, O=Elliptic - RSAsig, OU=ECC-RSAsig, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: id-ecPublicKey @@ -24,46 +24,50 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:D9:80:3A:C3:D2:F4:DA:37 + serial:A6:66:38:49:45:9B:DC:81 X509v3 Basic Constraints: CA:TRUE + Authority Information Access: + OCSP - URI:http://localhost:22222 + Signature Algorithm: sha256WithRSAEncryption - ac:2b:a9:d9:15:3b:9a:42:fb:86:2b:c1:f2:18:7c:a6:ca:27: - 0b:48:81:64:20:3b:d3:4f:ee:95:d4:c5:fd:5f:c7:d6:ab:a1: - 41:85:cc:e1:16:e1:fd:ce:8a:af:95:27:f2:f0:7a:3d:59:5d: - 3a:5d:03:99:cb:4c:5c:19:35:9c:b2:6e:7e:2b:10:e2:7f:ef: - 14:35:79:ca:67:eb:51:a9:e9:bb:5f:52:af:9d:79:80:b5:31: - 5c:f0:20:ca:c7:e9:9b:29:82:c4:a4:74:0a:2a:76:ea:ad:59: - a2:f9:a2:cf:53:40:11:ac:1a:de:fc:ab:28:96:9f:cf:ff:b9: - 74:31:95:c4:6d:d2:76:c1:93:97:75:a6:9f:69:a3:7d:92:75: - b8:27:a2:bd:4d:4b:54:11:b4:8a:43:f2:fc:10:a5:82:fb:51: - 45:57:86:00:85:71:91:21:37:5c:9f:f3:68:06:ae:9e:86:46: - 8d:4b:e3:d0:42:a4:cf:c1:5d:95:bc:1a:92:f8:44:1e:a0:1b: - c8:98:41:af:8e:94:41:60:69:b1:7c:8e:70:ce:88:42:44:3a: - 2d:3f:de:6e:3a:aa:d1:64:be:03:68:60:b6:ac:e5:44:c1:bb: - f1:c9:40:90:c2:c9:8f:ec:32:9d:e0:b4:4b:1a:e7:da:99:94: - fe:e2:b6:2a + 59:56:ea:45:49:9c:ae:e2:07:31:cd:d0:a0:db:af:7d:6d:60: + ef:ac:e0:30:46:01:f7:43:fc:5c:ab:32:1b:2f:8b:97:14:b4: + dc:68:1c:f2:11:a7:f4:b8:9a:84:02:10:0c:52:ba:c1:7a:f2: + 3f:aa:09:cb:e4:08:70:c5:76:8f:9c:7e:24:7a:62:55:0f:ae: + b8:b8:5f:57:22:9e:8d:85:75:67:88:b3:39:2c:57:bd:aa:8a: + e5:d6:5b:64:0f:1b:47:a7:83:6d:fa:73:4f:ac:f7:ae:6a:ea: + 4d:ca:36:d6:b7:21:a6:01:c3:b5:a2:0e:27:44:2b:f3:62:8f: + 96:70:45:c3:31:48:8e:fc:e7:64:7e:8a:93:42:f7:03:d5:71: + d2:a5:8f:f5:60:6e:88:9b:d4:6a:fc:a1:1e:ae:a4:b4:34:13: + 9b:4c:2c:67:1e:2f:f3:bb:bf:73:87:a0:18:16:af:df:02:bf: + f1:a5:89:61:af:29:48:59:c8:a5:13:70:05:c2:f8:ca:30:91: + 82:22:cf:09:c1:0f:a7:96:fb:19:59:09:72:03:b3:9a:be:89: + 62:5a:cd:ab:d0:e5:43:50:5f:3f:d8:d0:b3:66:63:5e:8f:c1: + e4:35:fa:1f:f5:88:31:5f:a1:71:f4:e7:ab:c4:4e:64:74:72: + c6:ca:1c:aa -----BEGIN CERTIFICATE----- -MIID4DCCAsigAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx +MIIEFjCCAv6gAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz -bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUwNTA3 -MTgyMTAxWhcNMTgwMTMxMTgyMTAxWjCBnTELMAkGA1UEBhMCVVMxEDAOBgNVBAgM +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUxMTIz +MTI0OTM3WhcNMTgwODE5MTI0OTM3WjCBnTELMAkGA1UEBhMCVVMxEDAOBgNVBAgM B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xGjAYBgNVBAoMEUVsbGlwdGljIC0g UlNBc2lnMRMwEQYDVQQLDApFQ0MtUlNBc2lnMRgwFgYDVQQDDA93d3cud29sZnNz bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wWTATBgcqhkjO PQIBBggqhkjOPQMBBwNCAAS7M6xMJ1BKxkqlBMM83p8223ItzpTqK/rLIAk5LBbo -YQLpr03TApOaMVuXkiF/8M8Y2pERAjSG6CBYMwuANInYo4H8MIH5MB0GA1UdDgQW -BBRdXSbvrH42+Zt2FStKJQIj77KJMDCByQYDVR0jBIHBMIG+gBQnjmcRdMMmHT/t -M2OzpNgdMOXo1aGBmqSBlzCBlDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRh -bmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMwEQYDVQQL -DApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG -9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CCQDZgDrD0vTaNzAMBgNVHRMEBTADAQH/ -MA0GCSqGSIb3DQEBCwUAA4IBAQCsK6nZFTuaQvuGK8HyGHymyicLSIFkIDvTT+6V -1MX9X8fWq6FBhczhFuH9zoqvlSfy8Ho9WV06XQOZy0xcGTWcsm5+KxDif+8UNXnK -Z+tRqem7X1KvnXmAtTFc8CDKx+mbKYLEpHQKKnbqrVmi+aLPU0ARrBre/Ksolp/P -/7l0MZXEbdJ2wZOXdaafaaN9knW4J6K9TUtUEbSKQ/L8EKWC+1FFV4YAhXGRITdc -n/NoBq6ehkaNS+PQQqTPwV2VvBqS+EQeoBvImEGvjpRBYGmxfI5wzohCRDotP95u -OqrRZL4DaGC2rOVEwbvxyUCQwsmP7DKd4LRLGufamZT+4rYq +YQLpr03TApOaMVuXkiF/8M8Y2pERAjSG6CBYMwuANInYo4IBMTCCAS0wHQYDVR0O +BBYEFF1dJu+sfjb5m3YVK0olAiPvsokwMIHJBgNVHSMEgcEwgb6AFCeOZxF0wyYd +P+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9u +dGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3dG9vdGgxEzARBgNV +BAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG +SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJAKZmOElFm9yBMAwGA1UdEwQFMAMB +Af8wMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzABhhZodHRwOi8vbG9jYWxob3N0 +OjIyMjIyMA0GCSqGSIb3DQEBCwUAA4IBAQBZVupFSZyu4gcxzdCg2699bWDvrOAw +RgH3Q/xcqzIbL4uXFLTcaBzyEaf0uJqEAhAMUrrBevI/qgnL5AhwxXaPnH4kemJV +D664uF9XIp6NhXVniLM5LFe9qorl1ltkDxtHp4Nt+nNPrPeuaupNyjbWtyGmAcO1 +og4nRCvzYo+WcEXDMUiO/OdkfoqTQvcD1XHSpY/1YG6Im9Rq/KEerqS0NBObTCxn +Hi/zu79zh6AYFq/fAr/xpYlhrylIWcilE3AFwvjKMJGCIs8JwQ+nlvsZWQlyA7Oa +voliWs2r0OVDUF8/2NCzZmNej8HkNfof9YgxX6Fx9OerxE5kdHLGyhyq -----END CERTIFICATE----- diff --git a/certs/server-ecc.pem b/certs/server-ecc.pem index 1957e0eab..55d2e1825 100644 --- a/certs/server-ecc.pem +++ b/certs/server-ecc.pem @@ -1,12 +1,12 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: 12841786837162396166 (0xb2373116f65a0a06) + Serial Number: 16848175057268226162 (0xe9d0bdf2fa11b872) Signature Algorithm: ecdsa-with-SHA256 Issuer: C=US, ST=Washington, L=Seattle, O=Eliptic, OU=ECC, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: May 7 18:21:01 2015 GMT - Not After : Jan 31 18:21:01 2018 GMT + Not Before: Nov 23 12:49:37 2015 GMT + Not After : Aug 19 12:49:37 2018 GMT Subject: C=US, ST=Washington, L=Seattle, O=Eliptic, OU=ECC, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: id-ecPublicKey @@ -24,31 +24,35 @@ Certificate: X509v3 Authority Key Identifier: keyid:5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30 DirName:/C=US/ST=Washington/L=Seattle/O=Eliptic/OU=ECC/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:B2:37:31:16:F6:5A:0A:06 + serial:E9:D0:BD:F2:FA:11:B8:72 X509v3 Basic Constraints: CA:TRUE + Authority Information Access: + OCSP - URI:http://localhost:22222 + Signature Algorithm: ecdsa-with-SHA256 - 30:45:02:20:35:25:33:ea:7c:3b:e2:2e:ed:e4:2e:9a:91:f1: - c3:86:ff:a7:27:35:a9:f6:29:d6:f8:d5:9a:0b:35:f1:21:c7: - 02:21:00:bc:79:f7:fd:66:d4:d3:46:61:e4:19:e5:f7:74:03: - 83:27:f8:26:c0:86:15:a9:e2:10:e3:ad:6b:b9:1c:1d:eb + 30:45:02:21:00:f1:2d:c5:41:b2:f3:7d:ae:f5:58:d9:96:b3: + b8:d5:d6:c6:71:b2:de:45:8f:78:56:74:d3:6b:7c:e6:c8:42: + 6a:02:20:53:2d:22:00:e8:61:39:0c:d2:bc:29:11:51:eb:0e: + fa:ec:bd:b0:f6:5d:58:e7:1e:49:e4:f2:2a:77:b1:15:3e -----BEGIN CERTIFICATE----- -MIIDDzCCArWgAwIBAgIJALI3MRb2WgoGMAoGCCqGSM49BAMCMIGPMQswCQYDVQQG +MIIDRTCCAuugAwIBAgIJAOnQvfL6EbhyMAoGCCqGSM49BAMCMIGPMQswCQYDVQQG EwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEQMA4G A1UECgwHRWxpcHRpYzEMMAoGA1UECwwDRUNDMRgwFgYDVQQDDA93d3cud29sZnNz -bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUwNTA3 -MTgyMTAxWhcNMTgwMTMxMTgyMTAxWjCBjzELMAkGA1UEBhMCVVMxEzARBgNVBAgM +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUxMTIz +MTI0OTM3WhcNMTgwODE5MTI0OTM3WjCBjzELMAkGA1UEBhMCVVMxEzARBgNVBAgM Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB0VsaXB0aWMx DDAKBgNVBAsMA0VDQzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZI hvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD QgAEuzOsTCdQSsZKpQTDPN6fNttyLc6U6iv6yyAJOSwW6GEC6a9N0wKTmjFbl5Ih -f/DPGNqREQI0huggWDMLgDSJ2KOB9zCB9DAdBgNVHQ4EFgQUXV0m76x+NvmbdhUr -SiUCI++yiTAwgcQGA1UdIwSBvDCBuYAUXV0m76x+NvmbdhUrSiUCI++yiTChgZWk -gZIwgY8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQH -DAdTZWF0dGxlMRAwDgYDVQQKDAdFbGlwdGljMQwwCgYDVQQLDANFQ0MxGDAWBgNV -BAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3Ns -LmNvbYIJALI3MRb2WgoGMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIg -NSUz6nw74i7t5C6akfHDhv+nJzWp9inW+NWaCzXxIccCIQC8eff9ZtTTRmHkGeX3 -dAODJ/gmwIYVqeIQ461ruRwd6w== +f/DPGNqREQI0huggWDMLgDSJ2KOCASwwggEoMB0GA1UdDgQWBBRdXSbvrH42+Zt2 +FStKJQIj77KJMDCBxAYDVR0jBIG8MIG5gBRdXSbvrH42+Zt2FStKJQIj77KJMKGB +laSBkjCBjzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNV +BAcMB1NlYXR0bGUxEDAOBgNVBAoMB0VsaXB0aWMxDDAKBgNVBAsMA0VDQzEYMBYG +A1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZz +c2wuY29tggkA6dC98voRuHIwDAYDVR0TBAUwAwEB/zAyBggrBgEFBQcBAQQmMCQw +IgYIKwYBBQUHMAGGFmh0dHA6Ly9sb2NhbGhvc3Q6MjIyMjIwCgYIKoZIzj0EAwID +SAAwRQIhAPEtxUGy832u9VjZlrO41dbGcbLeRY94VnTTa3zmyEJqAiBTLSIA6GE5 +DNK8KRFR6w767L2w9l1Y5x5J5PIqd7EVPg== -----END CERTIFICATE----- diff --git a/certs/server-revoked-cert.pem b/certs/server-revoked-cert.pem index 65028f3b0..d59bd28a3 100644 --- a/certs/server-revoked-cert.pem +++ b/certs/server-revoked-cert.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Jul 23 22:04:57 2015 GMT - Not After : Apr 18 22:04:57 2018 GMT + Not Before: Nov 23 12:49:37 2015 GMT + Not After : Aug 19 12:49:37 2018 GMT Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_revoked, OU=Support_revoked, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -37,32 +37,35 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:D9:80:3A:C3:D2:F4:DA:37 + serial:A6:66:38:49:45:9B:DC:81 X509v3 Basic Constraints: CA:TRUE + Authority Information Access: + OCSP - URI:http://localhost:22222 + Signature Algorithm: sha256WithRSAEncryption - 34:66:48:5b:30:5c:6e:fa:76:c9:6a:ce:07:79:d9:99:fa:7a: - 9d:80:2d:fc:51:78:71:c4:31:2c:40:28:c8:63:26:6f:d2:39: - 63:97:3f:00:d3:d0:69:10:3f:a9:00:07:7b:59:44:85:29:03: - 31:0a:d8:ed:88:e5:1e:fa:e0:8c:9b:e0:7e:6e:d6:fb:7c:cc: - cf:bd:43:0a:df:15:bd:8f:2a:6f:b2:51:19:b8:2a:64:0e:25: - 68:75:af:43:5a:bf:40:2b:69:9c:27:81:0c:5d:78:a1:55:a4: - 21:a0:87:9e:a2:aa:60:ac:da:2f:30:f5:d5:c9:c1:22:6b:c1: - 06:c2:42:c7:56:35:13:cd:af:5f:c9:89:bf:e9:30:b3:92:bc: - 21:6d:b8:23:85:46:44:3f:52:72:a4:7b:95:41:1a:b1:03:92: - aa:0c:5c:2e:16:95:c5:60:7a:6c:6b:f8:ae:9b:b7:08:c9:1f: - 0d:85:91:e0:7f:bc:0d:0d:c7:69:2d:5f:99:b7:88:06:be:c5: - d3:84:1a:46:b6:cb:53:04:27:e9:71:36:72:41:f6:63:9b:cb: - 25:6f:16:8b:0e:ef:42:db:b5:27:45:cf:a7:3e:3e:ae:78:7c: - d8:6b:a8:f6:52:e4:a7:93:b7:8c:94:d2:4a:93:04:20:67:aa: - c3:ea:24:f9 + 34:08:b8:9f:36:68:00:9b:46:f1:f5:b5:ec:b8:4e:7d:b2:5e: + 83:c1:5a:f1:37:56:ed:9a:99:c7:69:34:65:51:b0:ce:0d:2e: + 49:e8:99:c4:ed:aa:ba:cf:2d:ef:33:da:49:20:bb:31:d8:39: + 96:26:5a:4d:99:56:43:e6:8e:84:a8:c2:09:10:db:27:7e:7d: + a3:f4:6a:09:3e:01:84:6b:a4:22:3e:4f:fb:8c:42:e5:cb:99: + 82:7c:05:c1:c3:1d:bc:a1:eb:c1:d2:02:b1:b6:5a:e5:59:e0: + d1:e0:8f:90:6b:97:2c:bf:d1:e3:67:a9:42:08:16:b4:2e:e7: + d2:39:d6:6a:e3:7e:4c:a6:11:4e:04:7a:0c:6f:69:c3:44:ff: + d7:d2:8f:44:7d:94:a5:73:8a:db:9f:0a:10:76:53:81:b9:f3: + 5d:98:24:f4:09:2d:77:95:79:c8:29:e8:64:20:15:b4:4b:47: + 56:67:a5:b4:51:23:dc:0f:f9:e1:f2:aa:2a:3f:cb:1e:2b:9d: + 71:fd:7e:2d:b6:23:aa:c4:c3:b6:b8:88:1a:d5:08:68:8a:2e: + 50:48:39:f6:fe:fb:f9:dc:0f:da:eb:8c:0e:39:21:3b:79:9a: + dc:cc:1c:79:35:a4:35:ac:06:6f:f8:f2:3c:56:0a:03:08:77: + b8:26:e3:c7 -----BEGIN CERTIFICATE----- -MIIErjCCA5agAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx +MIIE5DCCA8ygAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz -bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUwNzIz -MjIwNDU3WhcNMTgwNDE4MjIwNDU3WjCBoDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUxMTIz +MTI0OTM3WhcNMTgwODE5MTI0OTM3WjCBoDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xGDAWBgNVBAoMD3dvbGZTU0xfcmV2 b2tlZDEYMBYGA1UECwwPU3VwcG9ydF9yZXZva2VkMRgwFgYDVQQDDA93d3cud29s ZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0G @@ -72,28 +75,29 @@ ayQbdkisxiOlp+QFGb239t76/+1bPHmKqdXx++vIseSyq1JyiZMiXLrNijYqLNFA Hf3mQ8cbM7j05RtZORI4TS2bZGiY/I1yEpHyJCVsTEpIV5IAzH7Y1D24HfKe6rIj D1EPEUEc9ScAGwh6EjoFWwMk/rF7IPrkqFjGys5/vpUBEp0F5jkTG8A+Vi4rn3Y3 3t6b4A16Yw2nIljbMcf3tEZcurZLSLEYmmizY0f9rxJfL/4Qy1grM2iFAgMBAAGj -gfwwgfkwHQYDVR0OBBYEFNgJK1nhKu7Z7kCqnKvwXSgJTyK7MIHJBgNVHSMEgcEw -gb6AFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJVUzEQ -MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3 -dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns -LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJANmAOsPS9No3 -MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBADRmSFswXG76dslqzgd5 -2Zn6ep2ALfxReHHEMSxAKMhjJm/SOWOXPwDT0GkQP6kAB3tZRIUpAzEK2O2I5R76 -4Iyb4H5u1vt8zM+9QwrfFb2PKm+yURm4KmQOJWh1r0Nav0AraZwngQxdeKFVpCGg -h56iqmCs2i8w9dXJwSJrwQbCQsdWNRPNr1/Jib/pMLOSvCFtuCOFRkQ/UnKke5VB -GrEDkqoMXC4WlcVgemxr+K6btwjJHw2FkeB/vA0Nx2ktX5m3iAa+xdOEGka2y1ME -J+lxNnJB9mObyyVvFosO70LbtSdFz6c+Pq54fNhrqPZS5KeTt4yU0kqTBCBnqsPq -JPk= +ggExMIIBLTAdBgNVHQ4EFgQU2AkrWeEq7tnuQKqcq/BdKAlPIrswgckGA1UdIwSB +wTCBvoAUJ45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVT +MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhT +YXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZz +c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkApmY4SUWb +3IEwDAYDVR0TBAUwAwEB/zAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0 +dHA6Ly9sb2NhbGhvc3Q6MjIyMjIwDQYJKoZIhvcNAQELBQADggEBADQIuJ82aACb +RvH1tey4Tn2yXoPBWvE3Vu2amcdpNGVRsM4NLknomcTtqrrPLe8z2kkguzHYOZYm +Wk2ZVkPmjoSowgkQ2yd+faP0agk+AYRrpCI+T/uMQuXLmYJ8BcHDHbyh68HSArG2 +WuVZ4NHgj5Brlyy/0eNnqUIIFrQu59I51mrjfkymEU4EegxvacNE/9fSj0R9lKVz +itufChB2U4G5812YJPQJLXeVecgp6GQgFbRLR1ZnpbRRI9wP+eHyqio/yx4rnXH9 +fi22I6rEw7a4iBrVCGiKLlBIOfb++/ncD9rrjA45ITt5mtzMHHk1pDWsBm/48jxW +CgMId7gm48c= -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) - Serial Number: 15672591315981621815 (0xd9803ac3d2f4da37) + Serial Number: 11990332945272134785 (0xa6663849459bdc81) Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: May 7 18:21:01 2015 GMT - Not After : Jan 31 18:21:01 2018 GMT + Not Before: Nov 23 12:49:37 2015 GMT + Not After : Aug 19 12:49:37 2018 GMT Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -124,32 +128,35 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:D9:80:3A:C3:D2:F4:DA:37 + serial:A6:66:38:49:45:9B:DC:81 X509v3 Basic Constraints: CA:TRUE + Authority Information Access: + OCSP - URI:http://localhost:22222 + Signature Algorithm: sha256WithRSAEncryption - 7a:af:44:3b:aa:6f:53:42:b2:33:aa:43:5f:56:30:d3:b9:96: - 0b:9a:55:5a:39:2a:0b:4e:e4:2e:f1:95:66:c9:86:36:82:8d: - 63:7c:4d:a2:ee:48:ba:03:c7:90:d7:a7:c6:74:60:48:5f:31: - a2:f9:5e:3e:c3:82:e1:e5:2f:41:81:83:29:25:79:d1:53:00: - 69:3c:ed:0a:30:3b:41:1d:92:a1:2c:a8:9d:2c:e3:23:87:79: - e0:55:6e:91:a8:50:da:46:2f:c2:20:50:3e:2b:47:97:14:b0: - 7d:04:ba:45:51:d0:6e:e1:5a:a2:4b:84:9c:4d:cd:85:04:f9: - 28:31:82:93:bc:c7:59:49:91:03:e8:df:6a:e4:56:ad:6a:cb: - 1f:0d:37:e4:5e:bd:e7:9f:d5:ec:9d:3c:18:25:9b:f1:2f:50: - 7d:eb:31:cb:f1:63:22:9d:57:fc:f3:84:20:1a:c6:07:87:92: - 26:9e:15:18:59:33:06:dc:fb:b0:b6:76:5d:f1:c1:2f:c8:2f: - 62:9c:c0:d6:de:eb:65:77:f3:5c:a6:c3:88:27:96:75:b4:f4: - 54:cd:ff:2d:21:2e:96:f0:07:73:4b:e9:93:92:90:de:62:d9: - a3:3b:ac:6e:24:5f:27:4a:b3:94:70:ff:30:17:e7:7e:32:8f: - 65:b7:75:58 + 41:8f:fb:6b:65:6b:36:f2:56:4f:0c:48:b0:4d:8c:c2:cb:d6: + 58:7a:83:3a:30:7d:62:7b:86:f1:15:26:b3:26:02:77:f2:c8: + 57:e5:1e:60:68:8b:a4:e8:f3:a8:b2:88:a4:2f:e8:6e:25:8d: + 6b:dc:53:ab:2f:d3:47:8c:d6:27:ab:39:bc:d3:ca:d8:01:96: + a4:44:57:38:93:ab:c3:f3:95:67:7f:cf:25:1d:b7:04:dc:06: + c9:5d:24:c1:54:13:71:81:21:31:ee:9f:b4:9d:ce:98:66:a4: + a0:77:c1:88:18:a4:d1:36:ee:cd:d8:c1:1b:bc:03:d6:85:9a: + 2e:21:82:95:4c:b2:2a:fe:69:db:ac:e4:97:e1:e9:0e:f1:d3: + ef:20:86:03:01:66:6b:f0:26:0f:39:04:26:f5:42:98:3f:95: + 48:5f:b5:5d:bc:49:4c:81:38:d5:e9:72:32:1c:66:1b:12:80: + 0f:db:99:f0:97:67:61:79:ad:ab:be:6a:ea:aa:cc:3d:f9:40: + 99:00:93:bb:df:4b:41:d4:7f:f1:93:b2:70:83:3a:e3:6b:44: + 4b:1f:9f:77:53:ea:5d:e6:59:1e:c0:2d:4b:83:d6:f4:a3:d4: + a9:c3:91:12:e7:61:3f:56:9d:8f:b8:19:29:62:1b:58:df:73: + 99:1f:49:63 -----BEGIN CERTIFICATE----- -MIIEqjCCA5KgAwIBAgIJANmAOsPS9No3MA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD +MIIE4DCCA8igAwIBAgIJAKZmOElFm9yBMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3 dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe -Fw0xNTA1MDcxODIxMDFaFw0xODAxMzExODIxMDFaMIGUMQswCQYDVQQGEwJVUzEQ +Fw0xNTExMjMxMjQ5MzdaFw0xODA4MTkxMjQ5MzdaMIGUMQswCQYDVQQGEwJVUzEQ MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3 dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI @@ -158,16 +165,18 @@ mNOs3gNm7irx2LB9bgdUCxCYIU2AyxIg58xP3kV9yXJ3MurKkLtpUhADL6jzlcXx i2JWG+9nb6QQQZWtCpvjpcCw0nB2UDBbqOgILHztp6J6jTgpHKzH7fJ8lbCVgn1J XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc /hr8fat6Nj+Y3oR8BWfOahQ4h6nxjLVoy2h/cSAr9aBj9VYvoybSt2+xWhfXOJkI -/pNYb/7DE0kIFgunTWcAUjFnI06Y7VFFHbkE2Qvs2CizS73tNnkCAwEAAaOB/DCB -+TAdBgNVHQ4EFgQUJ45nEXTDJh0/7TNjs6TYHTDl6NUwgckGA1UdIwSBwTCBvoAU -J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD -VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 -aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t -MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkA2YA6w9L02jcwDAYD -VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAeq9EO6pvU0KyM6pDX1Yw07mW -C5pVWjkqC07kLvGVZsmGNoKNY3xNou5IugPHkNenxnRgSF8xovlePsOC4eUvQYGD -KSV50VMAaTztCjA7QR2SoSyonSzjI4d54FVukahQ2kYvwiBQPitHlxSwfQS6RVHQ -buFaokuEnE3NhQT5KDGCk7zHWUmRA+jfauRWrWrLHw035F6955/V7J08GCWb8S9Q -fesxy/FjIp1X/POEIBrGB4eSJp4VGFkzBtz7sLZ2XfHBL8gvYpzA1t7rZXfzXKbD -iCeWdbT0VM3/LSEulvAHc0vpk5KQ3mLZozusbiRfJ0qzlHD/MBfnfjKPZbd1WA== +/pNYb/7DE0kIFgunTWcAUjFnI06Y7VFFHbkE2Qvs2CizS73tNnkCAwEAAaOCATEw +ggEtMB0GA1UdDgQWBBQnjmcRdMMmHT/tM2OzpNgdMOXo1TCByQYDVR0jBIHBMIG+ +gBQnjmcRdMMmHT/tM2OzpNgdMOXo1aGBmqSBlzCBlDELMAkGA1UEBhMCVVMxEDAO +BgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rv +b3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5j +b20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CCQCmZjhJRZvcgTAM +BgNVHRMEBTADAQH/MDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDov +L2xvY2FsaG9zdDoyMjIyMjANBgkqhkiG9w0BAQsFAAOCAQEAQY/7a2VrNvJWTwxI +sE2MwsvWWHqDOjB9YnuG8RUmsyYCd/LIV+UeYGiLpOjzqLKIpC/obiWNa9xTqy/T +R4zWJ6s5vNPK2AGWpERXOJOrw/OVZ3/PJR23BNwGyV0kwVQTcYEhMe6ftJ3OmGak +oHfBiBik0TbuzdjBG7wD1oWaLiGClUyyKv5p26zkl+HpDvHT7yCGAwFma/AmDzkE +JvVCmD+VSF+1XbxJTIE41elyMhxmGxKAD9uZ8JdnYXmtq75q6qrMPflAmQCTu99L +QdR/8ZOycIM642tESx+fd1PqXeZZHsAtS4PW9KPUqcOREudhP1adj7gZKWIbWN9z +mR9JYw== -----END CERTIFICATE----- diff --git a/configure.ac b/configure.ac index 949852207..d8e839889 100644 --- a/configure.ac +++ b/configure.ac @@ -1658,7 +1658,7 @@ fi # Certificate Status Request : a.k.a. OCSP Stapling AC_ARG_ENABLE([ocspstapling], - [AS_HELP_STRING([--enable-ocspstapling],[Enable Certificate Status Request - a.k.a. OCSP Stapling (default: disabled)])], + [AS_HELP_STRING([--enable-ocspstapling],[Enable OCSP Stapling (default: disabled)])], [ ENABLED_CERTIFICATE_STATUS_REQUEST=$enableval ], [ ENABLED_CERTIFICATE_STATUS_REQUEST=no ] ) @@ -1676,6 +1676,30 @@ then fi fi +AM_CONDITIONAL([BUILD_OCSP_STAPLING], [test "x$ENABLED_CERTIFICATE_STATUS_REQUEST" = "xyes"]) + +# Certificate Status Request v2 : a.k.a. OCSP stapling v2 +AC_ARG_ENABLE([ocspstapling2], + [AS_HELP_STRING([--enable-ocspstapling2],[Enable OCSP Stapling v2 (default: disabled)])], + [ ENABLED_CERTIFICATE_STATUS_REQUEST_V2=$enableval ], + [ ENABLED_CERTIFICATE_STATUS_REQUEST_V2=no ] + ) + +if test "x$ENABLED_CERTIFICATE_STATUS_REQUEST_V2" = "xyes" +then + AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_CERTIFICATE_STATUS_REQUEST_V2" + + # Requires OCSP make sure on + if test "x$ENABLED_OCSP" = "xno" + then + ENABLED_OCSP="yes" + AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP" + AM_CONDITIONAL([BUILD_OCSP], [test "x$ENABLED_OCSP" = "xyes"]) + fi +fi + +AM_CONDITIONAL([BUILD_OCSP_STAPLING_V2], [test "x$ENABLED_CERTIFICATE_STATUS_REQUEST_V2" = "xyes"]) + # Renegotiation Indication - (FAKE Secure Renegotiation) AC_ARG_ENABLE([renegotiation-indication], [AS_HELP_STRING([--enable-renegotiation-indication],[Enable Renegotiation Indication (default: disabled)])], @@ -2737,7 +2761,8 @@ echo " * Server Name Indication: $ENABLED_SNI" echo " * ALPN: $ENABLED_ALPN" echo " * Maximum Fragment Length: $ENABLED_MAX_FRAGMENT" echo " * Truncated HMAC: $ENABLED_TRUNCATED_HMAC" -echo " * Certificate Status Request: $ENABLED_CERTIFICATE_STATUS_REQUEST" +echo " * OCSP Stapling: $ENABLED_CERTIFICATE_STATUS_REQUEST" +echo " * OCSP Stapling v2: $ENABLED_CERTIFICATE_STATUS_REQUEST_V2" echo " * Supported Elliptic Curves: $ENABLED_SUPPORTED_CURVES" echo " * Session Ticket: $ENABLED_SESSION_TICKET" echo " * Renegotiation Indication: $ENABLED_RENEGOTIATION_INDICATION" diff --git a/examples/client/client.c b/examples/client/client.c index 6b9221142..ec7ee6652 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -364,7 +364,8 @@ static void Usage(void) printf("-o Perform OCSP lookup on peer certificate\n"); printf("-O Perform OCSP lookup using as responder\n"); #endif -#ifdef HAVE_CERTIFICATE_STATUS_REQUEST +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ + || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) printf("-W Use OCSP Stapling\n"); #endif #ifdef ATOMIC_USER @@ -446,7 +447,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #ifdef HAVE_TRUNCATED_HMAC byte truncatedHMAC = 0; #endif -#ifdef HAVE_CERTIFICATE_STATUS_REQUEST +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ + || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) byte statusRequest = 0; #endif @@ -488,7 +490,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #ifndef WOLFSSL_VXWORKS while ((ch = mygetopt(argc, argv, - "?gdeDusmNrwRitfxXUPCVh:p:v:l:A:c:k:Z:b:zS:F:L:ToO:aB:W")) != -1) { + "?gdeDusmNrwRitfxXUPCVh:p:v:l:A:c:k:Z:b:zS:F:L:ToO:aB:W:")) != -1) { switch (ch) { case '?' : Usage(); @@ -680,8 +682,9 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) break; case 'W' : - #ifdef HAVE_CERTIFICATE_STATUS_REQUEST - statusRequest = 1; + #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ + || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) + statusRequest = atoi(myoptarg); #endif break; @@ -1009,9 +1012,35 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #endif #ifdef HAVE_CERTIFICATE_STATUS_REQUEST if (statusRequest) { - if (wolfSSL_UseCertificateStatusRequest(ssl, WOLFSSL_CSR_OCSP, + switch (statusRequest) { + case WOLFSSL_CSR_OCSP: + if (wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR_OCSP, WOLFSSL_CSR_OCSP_USE_NONCE) != SSL_SUCCESS) - err_sys("UseCertificateStatusRequest failed"); + err_sys("UseCertificateStatusRequest failed"); + + break; + } + + wolfSSL_CTX_EnableOCSP(ctx, 0); + } +#endif +#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 + if (statusRequest) { + switch (statusRequest) { + case WOLFSSL_CSR2_OCSP: + if (wolfSSL_UseOCSPStaplingV2(ssl, + WOLFSSL_CSR2_OCSP, WOLFSSL_CSR2_OCSP_USE_NONCE) + != SSL_SUCCESS) + err_sys("UseCertificateStatusRequest failed"); + break; + case WOLFSSL_CSR2_OCSP_MULTI: + if (wolfSSL_UseOCSPStaplingV2(ssl, + WOLFSSL_CSR2_OCSP_MULTI, 0) + != SSL_SUCCESS) + err_sys("UseCertificateStatusRequest failed"); + break; + + } wolfSSL_CTX_EnableOCSP(ctx, 0); } diff --git a/examples/server/server.c b/examples/server/server.c index f2da9f7d1..d899dacb3 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -610,7 +610,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) if (!usePsk && !useAnon) { - if (SSL_CTX_use_certificate_file(ctx, ourCert, SSL_FILETYPE_PEM) + if (SSL_CTX_use_certificate_chain_file(ctx, ourCert) != SSL_SUCCESS) err_sys("can't load server cert file, check file and run from" " wolfSSL home dir"); @@ -743,6 +743,17 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) CyaSSL_CTX_EnableOCSP(ctx, CYASSL_OCSP_NO_NONCE); } #endif +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ + || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) + if (wolfSSL_CTX_EnableOCSPStapling(ctx) != SSL_SUCCESS) + err_sys("can't enable OCSP Stapling Certificate Manager"); + if (SSL_CTX_load_verify_locations(ctx, "certs/ocsp/intermediate1-ca-cert.pem", 0) != SSL_SUCCESS) + err_sys("can't load ca file, Please run from wolfSSL home dir"); + if (SSL_CTX_load_verify_locations(ctx, "certs/ocsp/intermediate2-ca-cert.pem", 0) != SSL_SUCCESS) + err_sys("can't load ca file, Please run from wolfSSL home dir"); + if (SSL_CTX_load_verify_locations(ctx, "certs/ocsp/intermediate3-ca-cert.pem", 0) != SSL_SUCCESS) + err_sys("can't load ca file, Please run from wolfSSL home dir"); +#endif #ifdef HAVE_PK_CALLBACKS if (pkCallbacks) SetupPkCallbacks(ctx, ssl); @@ -986,5 +997,3 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) return 0; } #endif - - diff --git a/scripts/include.am b/scripts/include.am index 4b2c7982a..5b9d38448 100644 --- a/scripts/include.am +++ b/scripts/include.am @@ -9,8 +9,9 @@ dist_noinst_SCRIPTS+= scripts/sniffer-testsuite.test endif if BUILD_EXAMPLES + dist_noinst_SCRIPTS+= scripts/resume.test -EXTRA_DIST+= scripts/benchmark.test +EXTRA_DIST+= scripts/benchmark.test if BUILD_CRL # make revoked test rely on completion of resume test @@ -23,6 +24,27 @@ dist_noinst_SCRIPTS+= scripts/external.test dist_noinst_SCRIPTS+= scripts/google.test #dist_noinst_SCRIPTS+= scripts/openssl.test endif + +if BUILD_OCSP +dist_noinst_SCRIPTS+= scripts/ocsp.test +endif + +if BUILD_OCSP_STAPLING +dist_noinst_SCRIPTS+= scripts/ocsp-stapling.test +scripts/ocsp-stapling.log: scripts/ocsp.log +endif + +if BUILD_OCSP_STAPLING_V2 +dist_noinst_SCRIPTS+= scripts/ocsp-stapling2.test + +if BUILD_OCSP_STAPLING +scripts/ocsp-stapling2.log: scripts/ocsp-stapling.log +else +scripts/ocsp-stapling2.log: scripts/ocsp.log +endif + +endif + endif diff --git a/scripts/ocsp-stapling.test b/scripts/ocsp-stapling.test new file mode 100755 index 000000000..7d711d417 --- /dev/null +++ b/scripts/ocsp-stapling.test @@ -0,0 +1,41 @@ +#!/bin/sh + +# ocsp-stapling.test + +trap 'for i in `jobs -p`; do pkill -TERM -P $i; kill $i; done' EXIT + +server=login.live.com +ca=certs/external/ca-verisign-g5.pem + +[ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1 + +# is our desired server there? - login.live.com doesn't answers PING +# ping -c 2 $server +# RESULT=$? +# [ $RESULT -ne 0 ] && echo -e "\n\nCouldn't find $server, skipping" && exit 0 + +# client test against the server +./examples/client/client -X -C -h $server -p 443 -A $ca -g -W 1 +RESULT=$? +[ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1 + +# setup ocsp responder +./certs/ocsp/ocspd1.sh & +sleep 1 +[ $(jobs -r | wc -l) -ne 1 ] && echo -e "\n\nSetup ocsp responder failed, skipping" && exit 0 + +# client test against our own server - GOOD CERT +./examples/server/server -c certs/ocsp/server1-cert.pem -k certs/ocsp/server1-key.pem & +sleep 1 +./examples/client/client -A certs/ocsp/root-ca-cert.pem -W 1 +RESULT=$? +[ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1 + +# client test against our own server - REVOKED CERT +./examples/server/server -c certs/ocsp/server2-cert.pem -k certs/ocsp/server2-key.pem & +sleep 1 +./examples/client/client -A certs/ocsp/root-ca-cert.pem -W 1 +RESULT=$? +[ $RESULT -ne 1 ] && echo -e "\n\nClient connection suceeded $RESULT" && exit 1 + +exit 0 diff --git a/scripts/ocsp-stapling2.test b/scripts/ocsp-stapling2.test new file mode 100755 index 000000000..75877f210 --- /dev/null +++ b/scripts/ocsp-stapling2.test @@ -0,0 +1,55 @@ +#!/bin/sh + +# ocsp-stapling.test + +trap 'for i in `jobs -p`; do pkill -TERM -P $i; kill $i; done' EXIT + +[ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1 + +# setup ocsp responders +./certs/ocsp/ocspd0.sh & +./certs/ocsp/ocspd2.sh & +./certs/ocsp/ocspd3.sh & +sleep 1 +[ $(jobs -r | wc -l) -ne 3 ] && echo -e "\n\nSetup ocsp responder failed, skipping" && exit 0 + +# client test against our own server - GOOD CERTS +./examples/server/server -c certs/ocsp/server3-cert.pem -k certs/ocsp/server3-key.pem & +sleep 1 +./examples/client/client -A certs/ocsp/root-ca-cert.pem -W 1 +RESULT=$? +[ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1 + +./examples/server/server -c certs/ocsp/server3-cert.pem -k certs/ocsp/server3-key.pem & +sleep 1 +./examples/client/client -A certs/ocsp/root-ca-cert.pem -W 2 +RESULT=$? +[ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1 + +# client test against our own server - REVOKED SERVER CERT +./examples/server/server -c certs/ocsp/server4-cert.pem -k certs/ocsp/server4-key.pem & +sleep 1 +./examples/client/client -A certs/ocsp/root-ca-cert.pem -W 1 +RESULT=$? +[ $RESULT -ne 1 ] && echo -e "\n\nClient connection suceeded $RESULT" && exit 1 + +./examples/server/server -c certs/ocsp/server4-cert.pem -k certs/ocsp/server4-key.pem & +sleep 1 +./examples/client/client -A certs/ocsp/root-ca-cert.pem -W 2 +RESULT=$? +[ $RESULT -ne 1 ] && echo -e "\n\nClient connection suceeded $RESULT" && exit 1 + +# client test against our own server - REVOKED INTERMEDIATE CERT +./examples/server/server -c certs/ocsp/server5-cert.pem -k certs/ocsp/server5-key.pem & +sleep 1 +./examples/client/client -A certs/ocsp/root-ca-cert.pem -W 1 +RESULT=$? +[ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed $RESULT" && exit 1 + +./examples/server/server -c certs/ocsp/server5-cert.pem -k certs/ocsp/server5-key.pem & +sleep 1 +./examples/client/client -A certs/ocsp/root-ca-cert.pem -W 2 +RESULT=$? +[ $RESULT -ne 1 ] && echo -e "\n\nClient connection suceeded $RESULT" && exit 1 + +exit 0 diff --git a/scripts/ocsp.test b/scripts/ocsp.test new file mode 100755 index 000000000..66d4488ad --- /dev/null +++ b/scripts/ocsp.test @@ -0,0 +1,20 @@ +#!/bin/sh + +# ocsp-stapling.test + +server=www.globalsign.com +ca=certs/external/ca-globalsign-root-r2.pem + +[ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1 + +# is our desired server there? +ping -c 2 $server +RESULT=$? +[ $RESULT -ne 0 ] && echo -e "\n\nCouldn't find $server, skipping" && exit 0 + +# client test against the server +./examples/client/client -X -C -h $server -p 443 -A $ca -g -o +RESULT=$? +[ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1 + +exit 0 diff --git a/src/internal.c b/src/internal.c index db7f9f65c..31e0a8f94 100644 --- a/src/internal.c +++ b/src/internal.c @@ -541,6 +541,10 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method) /* In case contexts are held in array and don't want to free actual ctx */ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx) { + int i; + + (void)i; + XFREE(ctx->method, ctx->heap, DYNAMIC_TYPE_METHOD); if (ctx->suites) XFREE(ctx->suites, ctx->heap, DYNAMIC_TYPE_SUITES); @@ -549,15 +553,39 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx) XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_DH); XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH); #endif + #ifndef NO_CERTS XFREE(ctx->privateKey.buffer, ctx->heap, DYNAMIC_TYPE_KEY); XFREE(ctx->certificate.buffer, ctx->heap, DYNAMIC_TYPE_CERT); XFREE(ctx->certChain.buffer, ctx->heap, DYNAMIC_TYPE_CERT); wolfSSL_CertManagerFree(ctx->cm); #endif + #ifdef HAVE_TLS_EXTENSIONS TLSX_FreeAll(ctx->extensions); + +#ifndef NO_WOLFSSL_SERVER + +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ + || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) + if (ctx->certOcspRequest) { + FreeOcspRequest(ctx->certOcspRequest); + XFREE(ctx->certOcspRequest, NULL, DYNAMIC_TYPE_OCSP_REQUEST); + } #endif + +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) + for (i = 0; i < MAX_CHAIN_DEPTH; i++) { + if (ctx->chainOcspRequest[i]) { + FreeOcspRequest(ctx->chainOcspRequest[i]); + XFREE(ctx->chainOcspRequest[i], NULL, DYNAMIC_TYPE_OCSP_REQUEST); + } + } +#endif + +#endif /* NO_WOLFSSL_SERVER */ + +#endif /* HAVE_TLS_EXTENSIONS */ } @@ -4507,10 +4535,16 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx, #if defined(HAVE_OCSP) || defined(HAVE_CRL) if (ret == 0) { int doCrlLookup = 1; + #ifdef HAVE_OCSP + #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 + if (ssl->status_request_v2) + ret = TLSX_CSR2_InitRequests(ssl->extensions, dCert, 0); + else /* skips OCSP and force CRL check */ + #endif if (ssl->ctx->cm->ocspEnabled && ssl->ctx->cm->ocspCheckAll) { WOLFSSL_MSG("Doing Non Leaf OCSP check"); - ret = CheckCertOCSP(ssl->ctx->cm->ocsp, dCert); + ret = CheckCertOCSP(ssl->ctx->cm->ocsp, dCert, NULL); doCrlLookup = (ret == OCSP_CERT_UNKNOWN); if (ret != 0) { doCrlLookup = 0; @@ -4520,7 +4554,7 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx, #endif /* HAVE_OCSP */ #ifdef HAVE_CRL - if (doCrlLookup && ssl->ctx->cm->crlEnabled + if (ret == 0 && doCrlLookup && ssl->ctx->cm->crlEnabled && ssl->ctx->cm->crlCheckAll) { WOLFSSL_MSG("Doing Non Leaf CRL check"); ret = CheckCertCRL(ssl->ctx->cm->crl, dCert); @@ -4599,19 +4633,25 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx, if (fatal == 0) { int doLookup = 1; -#ifdef HAVE_CERTIFICATE_STATUS_REQUEST if (ssl->options.side == WOLFSSL_CLIENT_END) { +#ifdef HAVE_CERTIFICATE_STATUS_REQUEST if (ssl->status_request) { fatal = TLSX_CSR_InitRequest(ssl->extensions, dCert); doLookup = 0; } - } #endif +#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 + if (ssl->status_request_v2) { + fatal = TLSX_CSR2_InitRequests(ssl->extensions, dCert, 1); + doLookup = 0; + } +#endif + } #ifdef HAVE_OCSP if (doLookup && ssl->ctx->cm->ocspEnabled) { WOLFSSL_MSG("Doing Leaf OCSP check"); - ret = CheckCertOCSP(ssl->ctx->cm->ocsp, dCert); + ret = CheckCertOCSP(ssl->ctx->cm->ocsp, dCert, NULL); doLookup = (ret == OCSP_CERT_UNKNOWN); if (ret != 0) { WOLFSSL_MSG("\tOCSP Lookup not ok"); @@ -4957,63 +4997,175 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx, return BUFFER_ERROR; switch (status_type) { - #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) - case WOLFSSL_CSR_OCSP: { - OcspRequest* request = TLSX_CSR_GetRequest(ssl->extensions); + #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ + || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) - #ifdef WOLFSSL_SMALL_STACK - CertStatus* status; - OcspResponse* response; - #else - CertStatus status[1]; - OcspResponse response[1]; - #endif + /* WOLFSSL_CSR_OCSP overlaps with WOLFSSL_CSR2_OCSP */ + case WOLFSSL_CSR2_OCSP: { + OcspRequest* request; + + #ifdef WOLFSSL_SMALL_STACK + CertStatus* status; + OcspResponse* response; + #else + CertStatus status[1]; + OcspResponse response[1]; + #endif do { #ifdef HAVE_CERTIFICATE_STATUS_REQUEST if (ssl->status_request) { + request = TLSX_CSR_GetRequest(ssl->extensions); ssl->status_request = 0; break; } #endif + + #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 + if (ssl->status_request_v2) { + request = TLSX_CSR2_GetRequest(ssl->extensions, + status_type, 0); + ssl->status_request_v2 = 0; + break; + } + #endif + return BUFFER_ERROR; } while(0); - #ifdef WOLFSSL_SMALL_STACK - status = (CertStatus*)XMALLOC(sizeof(CertStatus), NULL, + if (request == NULL) + return BAD_CERTIFICATE_STATUS_ERROR; /* not expected */ + + #ifdef WOLFSSL_SMALL_STACK + status = (CertStatus*)XMALLOC(sizeof(CertStatus), NULL, DYNAMIC_TYPE_TMP_BUFFER); - response = (OcspResponse*)XMALLOC(sizeof(OcspResponse), NULL, + response = (OcspResponse*)XMALLOC(sizeof(OcspResponse), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (status == NULL || response == NULL) { - if (status) XFREE(status, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (response) XFREE(response, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (status == NULL || response == NULL) { + if (status) + XFREE(status, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (response) + XFREE(response, NULL, DYNAMIC_TYPE_TMP_BUFFER); - return MEMORY_ERROR; - } - #endif + return MEMORY_ERROR; + } + #endif InitOcspResponse(response, status, input +*inOutIdx, status_length); - if ((ret = OcspResponseDecode(response, ssl->ctx->cm)) == 0) { - if (response->responseStatus != OCSP_SUCCESSFUL) - ret = BAD_CERTIFICATE_STATUS_ERROR; - else if (CompareOcspReqResp(request, response) != 0) - ret = BAD_CERTIFICATE_STATUS_ERROR; - else if (response->status->status != CERT_GOOD) - ret = BAD_CERTIFICATE_STATUS_ERROR; - } + if ((OcspResponseDecode(response, ssl->ctx->cm) != 0) + || (response->responseStatus != OCSP_SUCCESSFUL) + || (response->status->status != CERT_GOOD) + || (CompareOcspReqResp(request, response) != 0)) + ret = BAD_CERTIFICATE_STATUS_ERROR; *inOutIdx += status_length; - #ifdef WOLFSSL_SMALL_STACK - XFREE(status, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(response, NULL, DYNAMIC_TYPE_TMP_BUFFER); - #endif + #ifdef WOLFSSL_SMALL_STACK + XFREE(status, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(response, NULL, DYNAMIC_TYPE_TMP_BUFFER); + #endif } break; + + #endif + + #if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) + + case WOLFSSL_CSR2_OCSP_MULTI: { + OcspRequest* request; + word32 list_length = status_length; + byte index = 0; + + #ifdef WOLFSSL_SMALL_STACK + CertStatus* status; + OcspResponse* response; + #else + CertStatus status[1]; + OcspResponse response[1]; + #endif + + do { + if (ssl->status_request_v2) { + ssl->status_request_v2 = 0; + break; + } + + return BUFFER_ERROR; + } while(0); + + #ifdef WOLFSSL_SMALL_STACK + status = (CertStatus*)XMALLOC(sizeof(CertStatus), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + response = (OcspResponse*)XMALLOC(sizeof(OcspResponse), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + + if (status == NULL || response == NULL) { + if (status) + XFREE(status, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (response) + XFREE(response, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + return MEMORY_ERROR; + } + #endif + + while (list_length && ret == 0) { + if (OPAQUE24_LEN > list_length) { + ret = BUFFER_ERROR; + break; + } + + c24to32(input + *inOutIdx, &status_length); + *inOutIdx += OPAQUE24_LEN; + list_length -= OPAQUE24_LEN; + + if (status_length > list_length) { + ret = BUFFER_ERROR; + break; + } + + if (status_length) { + InitOcspResponse(response, status, input +*inOutIdx, + status_length); + + if ((OcspResponseDecode(response, ssl->ctx->cm) != 0) + || (response->responseStatus != OCSP_SUCCESSFUL) + || (response->status->status != CERT_GOOD)) + ret = BAD_CERTIFICATE_STATUS_ERROR; + + while (ret == 0) { + request = TLSX_CSR2_GetRequest(ssl->extensions, + status_type, index++); + + if (request == NULL) + ret = BAD_CERTIFICATE_STATUS_ERROR; + else if (CompareOcspReqResp(request, response) == 0) + break; + else if (index == 1) /* server cert must be OK */ + ret = BAD_CERTIFICATE_STATUS_ERROR; + } + + *inOutIdx += status_length; + list_length -= status_length; + } + } + + #if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) + ssl->status_request_v2 = 0; + #endif + + #ifdef WOLFSSL_SMALL_STACK + XFREE(status, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(response, NULL, DYNAMIC_TYPE_TMP_BUFFER); + #endif + + } + break; + #endif default: @@ -5246,6 +5398,15 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type) if ((ret = TLSX_CSR_ForceRequest(ssl)) != 0) return ret; } +#endif +#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 + if (ssl->status_request_v2) { + int ret; + + WOLFSSL_MSG("No CertificateStatus before ServerKeyExchange"); + if ((ret = TLSX_CSR2_ForceRequest(ssl)) != 0) + return ret; + } #endif } @@ -8243,6 +8404,421 @@ int SendCertificateRequest(WOLFSSL* ssl) else return SendBuffered(ssl); } + + +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ + || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) +static int BuildCertificateStatus(WOLFSSL* ssl, byte type, buffer* status, + byte count) +{ + byte* output = NULL; + word32 idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; + word32 length = ENUM_LEN; + int sendSz = 0; + int ret = 0; + int i = 0; + + WOLFSSL_ENTER("BuildCertificateStatus"); + + switch (type) { + case WOLFSSL_CSR2_OCSP_MULTI: + length += OPAQUE24_LEN; + /* followed by */ + + case WOLFSSL_CSR2_OCSP: + for (i = 0; i < count; i++) + length += OPAQUE24_LEN + status[i].length; + break; + + default: + return 0; + } + + sendSz = idx + length; + + if (ssl->keys.encryptionOn) + sendSz += MAX_MSG_EXTRA; + + if ((ret = CheckAvailableSize(ssl, sendSz)) == 0) { + output = ssl->buffers.outputBuffer.buffer + + ssl->buffers.outputBuffer.length; + + AddHeaders(output, length, certificate_status, ssl); + + output[idx++] = type; + + if (type == WOLFSSL_CSR2_OCSP_MULTI) { + c32to24(length - (ENUM_LEN + OPAQUE24_LEN), output + idx); + idx += OPAQUE24_LEN; + } + + for (i = 0; i < count; i++) { + c32to24(status[i].length, output + idx); + idx += OPAQUE24_LEN; + + XMEMCPY(output + idx, status[i].buffer, status[i].length); + idx += status[i].length; + } + + if (IsEncryptionOn(ssl, 1)) { + byte* input; + int inputSz = idx - RECORD_HEADER_SZ; + + input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (input == NULL) + return MEMORY_E; + + XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz); + sendSz = BuildMessage(ssl, output, sendSz, input, inputSz, + handshake, 1); + XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + + if (sendSz < 0) + ret = sendSz; + } + else + ret = HashOutput(ssl, output, sendSz, 0); + + #ifdef WOLFSSL_DTLS + if (ret == 0 && ssl->options.dtls) + ret = DtlsPoolSave(ssl, output, sendSz)); + #endif + + #ifdef WOLFSSL_CALLBACKS + if (ret == 0 && ssl->hsInfoOn) + AddPacketName("CertificateStatus", &ssl->handShakeInfo); + if (ret == 0 && ssl->toInfoOn) + AddPacketInfo("CertificateStatus", &ssl->timeoutInfo, output, + sendSz, ssl->heap); + #endif + + if (ret == 0) { + ssl->buffers.outputBuffer.length += sendSz; + if (!ssl->options.groupMessages) + ret = SendBuffered(ssl); + } + } + + WOLFSSL_LEAVE("BuildCertificateStatus", ret); + return ret; +} +#endif + + +int SendCertificateStatus(WOLFSSL* ssl) +{ + int ret = 0; + byte status_type = 0; + + WOLFSSL_ENTER("SendCertificateStatus"); + + (void) ssl; + + #ifdef HAVE_CERTIFICATE_STATUS_REQUEST + status_type = ssl->status_request; + #endif + + #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 + status_type = status_type ? status_type : ssl->status_request_v2; + #endif + + switch (status_type) { + + #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ + || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) + /* case WOLFSSL_CSR_OCSP: */ + case WOLFSSL_CSR2_OCSP: { + OcspRequest* request = ssl->ctx->certOcspRequest; + buffer response = {NULL, 0}; + + /* unable to fetch status. skip. */ + if (ssl->ctx->cm == NULL || ssl->ctx->cm->ocspStaplingEnabled == 0) + return 0; + + if (!request || ssl->buffers.weOwnCert) { + buffer der = ssl->buffers.certificate; + #ifdef WOLFSSL_SMALL_STACK + DecodedCert* cert = NULL; + #else + DecodedCert cert[1]; + #endif + + /* unable to fetch status. skip. */ + if (der.buffer == NULL || der.length == 0) + return 0; + + #ifdef WOLFSSL_SMALL_STACK + cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (cert == NULL) + return MEMORY_E; + #endif + + InitDecodedCert(cert, der.buffer, der.length, NULL); + + if ((ret = ParseCertRelative(cert, CERT_TYPE, VERIFY, + ssl->ctx->cm)) != 0) { + WOLFSSL_MSG("ParseCert failed"); + } + else { + request = (OcspRequest*)XMALLOC(sizeof(OcspRequest), NULL, + DYNAMIC_TYPE_OCSP_REQUEST); + if (request == NULL) { + FreeDecodedCert(cert); + + #ifdef WOLFSSL_SMALL_STACK + XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER); + #endif + + return MEMORY_E; + } + + ret = InitOcspRequest(request, cert, 0); + if (ret != 0) { + XFREE(request, NULL, DYNAMIC_TYPE_OCSP_REQUEST); + } + else if (!ssl->buffers.weOwnCert && 0 == LockMutex( + &ssl->ctx->cm->ocsp_stapling->ocspLock)) { + if (!ssl->ctx->certOcspRequest) + ssl->ctx->certOcspRequest = request; + UnLockMutex(&ssl->ctx->cm->ocsp_stapling->ocspLock); + } + } + + FreeDecodedCert(cert); + + #ifdef WOLFSSL_SMALL_STACK + XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER); + #endif + } + + if (ret == 0) { + ret = CheckOcspRequest(ssl->ctx->cm->ocsp_stapling, request, + &response); + + /* Suppressing, not critical */ + if (ret == OCSP_CERT_REVOKED + || ret == OCSP_CERT_UNKNOWN + || ret == OCSP_LOOKUP_FAIL) + ret = 0; + + if (response.buffer) { + if (ret == 0) + ret = BuildCertificateStatus(ssl, status_type, + &response, 1); + + XFREE(response.buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } + + } + + if (request != ssl->ctx->certOcspRequest) + XFREE(request, NULL, DYNAMIC_TYPE_OCSP_REQUEST); + } + break; + + #endif /* HAVE_CERTIFICATE_STATUS_REQUEST */ + /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */ + + #if defined HAVE_CERTIFICATE_STATUS_REQUEST_V2 + case WOLFSSL_CSR2_OCSP_MULTI: { + OcspRequest* request = ssl->ctx->certOcspRequest; + buffer responses[1 + MAX_CHAIN_DEPTH]; + int i = 0; + + ForceZero(responses, sizeof(responses)); + + /* unable to fetch status. skip. */ + if (ssl->ctx->cm == NULL || ssl->ctx->cm->ocspStaplingEnabled == 0) + return 0; + + if (!request || ssl->buffers.weOwnCert) { + buffer der = ssl->buffers.certificate; + #ifdef WOLFSSL_SMALL_STACK + DecodedCert* cert = NULL; + #else + DecodedCert cert[1]; + #endif + + /* unable to fetch status. skip. */ + if (der.buffer == NULL || der.length == 0) + return 0; + + #ifdef WOLFSSL_SMALL_STACK + cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (cert == NULL) + return MEMORY_E; + #endif + + InitDecodedCert(cert, der.buffer, der.length, NULL); + + if ((ret = ParseCertRelative(cert, CERT_TYPE, VERIFY, + ssl->ctx->cm)) != 0) { + WOLFSSL_MSG("ParseCert failed"); + } + else { + request = (OcspRequest*)XMALLOC(sizeof(OcspRequest), NULL, + DYNAMIC_TYPE_OCSP_REQUEST); + if (request == NULL) { + FreeDecodedCert(cert); + + #ifdef WOLFSSL_SMALL_STACK + XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER); + #endif + + return MEMORY_E; + } + + ret = InitOcspRequest(request, cert, 0); + if (ret != 0) { + XFREE(request, NULL, DYNAMIC_TYPE_OCSP_REQUEST); + } + else if (!ssl->buffers.weOwnCert && 0 == LockMutex( + &ssl->ctx->cm->ocsp_stapling->ocspLock)) { + if (!ssl->ctx->certOcspRequest) + ssl->ctx->certOcspRequest = request; + + UnLockMutex(&ssl->ctx->cm->ocsp_stapling->ocspLock); + } + } + + FreeDecodedCert(cert); + + #ifdef WOLFSSL_SMALL_STACK + XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER); + #endif + } + + if (ret == 0) { + ret = CheckOcspRequest(ssl->ctx->cm->ocsp_stapling, request, + &responses[0]); + + /* Suppressing, not critical */ + if (ret == OCSP_CERT_REVOKED + || ret == OCSP_CERT_UNKNOWN + || ret == OCSP_LOOKUP_FAIL) + ret = 0; + } + + if (request != ssl->ctx->certOcspRequest) + XFREE(request, NULL, DYNAMIC_TYPE_OCSP_REQUEST); + + if (ret == 0 && (!ssl->ctx->chainOcspRequest[0] + || ssl->buffers.weOwnCertChain)) { + buffer der = {NULL, 0}; + word32 idx = 0; + #ifdef WOLFSSL_SMALL_STACK + DecodedCert* cert = NULL; + #else + DecodedCert cert[1]; + #endif + + #ifdef WOLFSSL_SMALL_STACK + cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (cert == NULL) + return MEMORY_E; + #endif + + while (idx + OPAQUE24_LEN < ssl->buffers.certChain.length) { + c24to32(ssl->buffers.certChain.buffer + idx, &der.length); + idx += OPAQUE24_LEN; + + der.buffer = ssl->buffers.certChain.buffer + idx; + idx += der.length; + + if (idx > ssl->buffers.certChain.length) + break; + + InitDecodedCert(cert, der.buffer, der.length, NULL); + + if ((ret = ParseCertRelative(cert, CERT_TYPE, VERIFY, + ssl->ctx->cm)) != 0) { + WOLFSSL_MSG("ParseCert failed"); + break; + } + else { + request = (OcspRequest*)XMALLOC(sizeof(OcspRequest), + NULL, DYNAMIC_TYPE_OCSP_REQUEST); + if (request == NULL) { + ret = MEMORY_E; + break; + } + + ret = InitOcspRequest(request, cert, 0); + if (ret != 0) { + XFREE(request, NULL, DYNAMIC_TYPE_OCSP_REQUEST); + break; + } + else if (!ssl->buffers.weOwnCertChain && 0 == + LockMutex( + &ssl->ctx->cm->ocsp_stapling->ocspLock)) { + if (!ssl->ctx->chainOcspRequest[i]) + ssl->ctx->chainOcspRequest[i] = request; + + UnLockMutex( + &ssl->ctx->cm->ocsp_stapling->ocspLock); + } + + ret = CheckOcspRequest(ssl->ctx->cm->ocsp_stapling, + request, &responses[i + 1]); + + /* Suppressing, not critical */ + if (ret == OCSP_CERT_REVOKED + || ret == OCSP_CERT_UNKNOWN + || ret == OCSP_LOOKUP_FAIL) + ret = 0; + + if (request != ssl->ctx->chainOcspRequest[i]) + XFREE(request, NULL, DYNAMIC_TYPE_OCSP_REQUEST); + + i++; + } + + FreeDecodedCert(cert); + } + + #ifdef WOLFSSL_SMALL_STACK + XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER); + #endif + } + else { + while (ret == 0 && + NULL != (request = ssl->ctx->chainOcspRequest[i])) { + ret = CheckOcspRequest(ssl->ctx->cm->ocsp_stapling, + request, &responses[++i]); + + /* Suppressing, not critical */ + if (ret == OCSP_CERT_REVOKED + || ret == OCSP_CERT_UNKNOWN + || ret == OCSP_LOOKUP_FAIL) + ret = 0; + } + } + + if (responses[0].buffer) { + if (ret == 0) + ret = BuildCertificateStatus(ssl, status_type, + responses, i + 1); + + for (i = 0; i < 1 + MAX_CHAIN_DEPTH; i++) + if (responses[i].buffer) + XFREE(responses[i].buffer, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + } + } + break; + + #endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */ + + default: + break; + } + + return ret; +} + #endif /* !NO_CERTS */ diff --git a/src/ocsp.c b/src/ocsp.c index 567a67de8..7283e66ad 100644 --- a/src/ocsp.c +++ b/src/ocsp.c @@ -77,6 +77,10 @@ static void FreeOcspEntry(OcspEntry* entry) for (status = entry->status; status; status = next) { next = status->next; + + if (status->rawOcspResponse) + XFREE(status->rawOcspResponse, NULL, DYNAMIC_TYPE_OCSP_STATUS); + XFREE(status, NULL, DYNAMIC_TYPE_OCSP_STATUS); } } @@ -114,7 +118,7 @@ static int xstat2err(int stat) } -int CheckCertOCSP(WOLFSSL_OCSP* ocsp, DecodedCert* cert) +int CheckCertOCSP(WOLFSSL_OCSP* ocsp, DecodedCert* cert, void* encodedResponse) { int ret = OCSP_LOOKUP_FAIL; @@ -137,7 +141,7 @@ int CheckCertOCSP(WOLFSSL_OCSP* ocsp, DecodedCert* cert) #endif if (InitOcspRequest(ocspRequest, cert, ocsp->cm->ocspSendNonce) == 0) { - ret = CheckOcspRequest(ocsp, ocspRequest); + ret = CheckOcspRequest(ocsp, ocspRequest, encodedResponse); FreeOcspRequest(ocspRequest); } @@ -186,7 +190,7 @@ static int GetOcspEntry(WOLFSSL_OCSP* ocsp, OcspRequest* request, static int GetOcspStatus(WOLFSSL_OCSP* ocsp, OcspRequest* request, - OcspEntry* entry, CertStatus** status) + OcspEntry* entry, CertStatus** status, buffer* responseBuffer) { int ret = OCSP_INVALID_STATUS; @@ -204,11 +208,29 @@ static int GetOcspStatus(WOLFSSL_OCSP* ocsp, OcspRequest* request, && !XMEMCMP((*status)->serial, request->serial, (*status)->serialSz)) break; - if (*status) { + if (responseBuffer && *status && !(*status)->rawOcspResponse) { + /* force fetching again */ + ret = OCSP_INVALID_STATUS; + } + else if (*status) { if (ValidateDate((*status)->thisDate, (*status)->thisDateFormat, BEFORE) && ((*status)->nextDate[0] != 0) && ValidateDate((*status)->nextDate, (*status)->nextDateFormat, AFTER)) + { ret = xstat2err((*status)->status); + + if (responseBuffer) { + responseBuffer->buffer = (byte*)XMALLOC( + (*status)->rawOcspResponseSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + if (responseBuffer->buffer) { + responseBuffer->length = (*status)->rawOcspResponseSz; + XMEMCPY(responseBuffer->buffer, + (*status)->rawOcspResponse, + (*status)->rawOcspResponseSz); + } + } + } } UnLockMutex(&ocsp->ocspLock); @@ -216,16 +238,18 @@ static int GetOcspStatus(WOLFSSL_OCSP* ocsp, OcspRequest* request, return ret; } -int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest) +int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest, + void* encodedResponse) { - OcspEntry* entry = NULL; - CertStatus* status = NULL; - byte* request = NULL; - int requestSz = 2048; - byte* response = NULL; - const char* url; - int urlSz; - int ret = -1; + OcspEntry* entry = NULL; + CertStatus* status = NULL; + byte* request = NULL; + int requestSz = 2048; + byte* response = NULL; + buffer* responseBuffer = (buffer*) encodedResponse; + const char* url = NULL; + int urlSz = 0; + int ret = -1; #ifdef WOLFSSL_SMALL_STACK CertStatus* newStatus; @@ -237,11 +261,16 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest) WOLFSSL_ENTER("CheckOcspRequest"); + if (responseBuffer) { + responseBuffer->buffer = NULL; + responseBuffer->length = 0; + } + ret = GetOcspEntry(ocsp, ocspRequest, &entry); if (ret != 0) return ret; - ret = GetOcspStatus(ocsp, ocspRequest, entry, &status); + ret = GetOcspStatus(ocsp, ocspRequest, entry, &status, responseBuffer); if (ret != OCSP_INVALID_STATUS) return ret; @@ -300,14 +329,29 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest) ret = OCSP_LOOKUP_FAIL; else { if (CompareOcspReqResp(ocspRequest, ocspResponse) == 0) { + if (responseBuffer) { + responseBuffer->buffer = (byte*)XMALLOC(ret, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + + if (responseBuffer->buffer) { + responseBuffer->length = ret; + XMEMCPY(responseBuffer->buffer, response, ret); + } + } + ret = xstat2err(ocspResponse->status->status); if (LockMutex(&ocsp->ocspLock) != 0) ret = BAD_MUTEX_E; else { - if (status != NULL) + if (status != NULL) { + if (status->rawOcspResponse) + XFREE(status->rawOcspResponse, NULL, + DYNAMIC_TYPE_OCSP_STATUS); + /* Replace existing certificate entry with updated */ XMEMCPY(status, newStatus, sizeof(CertStatus)); + } else { /* Save new certificate entry */ status = (CertStatus*)XMALLOC(sizeof(CertStatus), @@ -320,6 +364,19 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest) } } + if (status && responseBuffer && responseBuffer->buffer) { + status->rawOcspResponse = (byte*)XMALLOC( + responseBuffer->length, NULL, + DYNAMIC_TYPE_OCSP_STATUS); + + if (status->rawOcspResponse) { + status->rawOcspResponseSz = responseBuffer->length; + XMEMCPY(status->rawOcspResponse, + responseBuffer->buffer, + responseBuffer->length); + } + } + UnLockMutex(&ocsp->ocspLock); } } diff --git a/src/ssl.c b/src/ssl.c index 4a76e40b0..a6d4c2937 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -803,8 +803,7 @@ int wolfSSL_CTX_UseTruncatedHMAC(WOLFSSL_CTX* ctx) #ifdef HAVE_CERTIFICATE_STATUS_REQUEST -int wolfSSL_UseCertificateStatusRequest(WOLFSSL* ssl, byte status_type, - byte options) +int wolfSSL_UseOCSPStapling(WOLFSSL* ssl, byte status_type, byte options) { if (ssl == NULL || ssl->options.side != WOLFSSL_CLIENT_END) return BAD_FUNC_ARG; @@ -814,7 +813,7 @@ int wolfSSL_UseCertificateStatusRequest(WOLFSSL* ssl, byte status_type, } -int wolfSSL_CTX_UseCertificateStatusRequest(WOLFSSL_CTX* ctx, byte status_type, +int wolfSSL_CTX_UseOCSPStapling(WOLFSSL_CTX* ctx, byte status_type, byte options) { if (ctx == NULL || ctx->method->side != WOLFSSL_CLIENT_END) @@ -826,6 +825,30 @@ int wolfSSL_CTX_UseCertificateStatusRequest(WOLFSSL_CTX* ctx, byte status_type, #endif /* HAVE_CERTIFICATE_STATUS_REQUEST */ +#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 + +int wolfSSL_UseOCSPStaplingV2(WOLFSSL* ssl, byte status_type, byte options) +{ + if (ssl == NULL || ssl->options.side != WOLFSSL_CLIENT_END) + return BAD_FUNC_ARG; + + return TLSX_UseCertificateStatusRequestV2(&ssl->extensions, status_type, + options); +} + + +int wolfSSL_CTX_UseOCSPStaplingV2(WOLFSSL_CTX* ctx, + byte status_type, byte options) +{ + if (ctx == NULL || ctx->method->side != WOLFSSL_CLIENT_END) + return BAD_FUNC_ARG; + + return TLSX_UseCertificateStatusRequestV2(&ctx->extensions, status_type, + options); +} + +#endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */ + /* Elliptic Curves */ #ifdef HAVE_SUPPORTED_CURVES #ifndef NO_WOLFSSL_CLIENT @@ -1643,6 +1666,11 @@ void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER* cm) #ifdef HAVE_OCSP if (cm->ocsp) FreeOCSP(cm->ocsp, 1); + #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ + || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) + if (cm->ocsp_stapling) + FreeOCSP(cm->ocsp_stapling, 1); + #endif #endif FreeSignerTable(cm->caTable, CA_TABLE_SIZE, NULL); FreeMutex(&cm->caLock); @@ -3461,6 +3489,43 @@ int wolfSSL_CertManagerDisableOCSP(WOLFSSL_CERT_MANAGER* cm) return SSL_SUCCESS; } +/* turn on OCSP Stapling if off and compiled in, set options */ +int wolfSSL_CertManagerEnableOCSPStapling(WOLFSSL_CERT_MANAGER* cm) +{ + int ret = SSL_SUCCESS; + + WOLFSSL_ENTER("wolfSSL_CertManagerEnableOCSPStapling"); + if (cm == NULL) + return BAD_FUNC_ARG; + + #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ + || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) + if (cm->ocsp_stapling == NULL) { + cm->ocsp_stapling = (WOLFSSL_OCSP*)XMALLOC(sizeof(WOLFSSL_OCSP), + cm->heap, DYNAMIC_TYPE_OCSP); + if (cm->ocsp_stapling == NULL) + return MEMORY_E; + + if (InitOCSP(cm->ocsp_stapling, cm) != 0) { + WOLFSSL_MSG("Init OCSP failed"); + FreeOCSP(cm->ocsp_stapling, 1); + cm->ocsp_stapling = NULL; + return SSL_FAILURE; + } + } + cm->ocspStaplingEnabled = 1; + + #ifndef WOLFSSL_USER_IO + cm->ocspIOCb = EmbedOcspLookup; + cm->ocspRespFreeCb = EmbedOcspRespFree; + #endif /* WOLFSSL_USER_IO */ + #else + ret = NOT_COMPILED_IN; + #endif + + return ret; +} + #ifdef HAVE_OCSP @@ -3495,7 +3560,7 @@ int wolfSSL_CertManagerCheckOCSP(WOLFSSL_CERT_MANAGER* cm, byte* der, int sz) if ((ret = ParseCertRelative(cert, CERT_TYPE, NO_VERIFY, cm)) != 0) { WOLFSSL_MSG("ParseCert failed"); } - else if ((ret = CheckCertOCSP(cm->ocsp, cert)) != 0) { + else if ((ret = CheckCertOCSP(cm->ocsp, cert, NULL)) != 0) { WOLFSSL_MSG("CheckCertOCSP failed"); } @@ -3630,6 +3695,17 @@ int wolfSSL_CTX_SetOCSP_Cb(WOLFSSL_CTX* ctx, CbOCSPIO ioCb, return BAD_FUNC_ARG; } +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ + || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) +int wolfSSL_CTX_EnableOCSPStapling(WOLFSSL_CTX* ctx) +{ + WOLFSSL_ENTER("wolfSSL_CTX_EnableOCSPStapling"); + if (ctx) + return wolfSSL_CertManagerEnableOCSPStapling(ctx->cm); + else + return BAD_FUNC_ARG; +} +#endif #endif /* HAVE_OCSP */ @@ -6077,6 +6153,15 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, WOLFSSL_MSG("accept state CERT_SENT"); case CERT_SENT : + if (!ssl->options.resuming) + if ( (ssl->error = SendCertificateStatus(ssl)) != 0) { + WOLFSSL_ERROR(ssl->error); + return SSL_FATAL_ERROR; + } + ssl->options.acceptState = CERT_STATUS_SENT; + WOLFSSL_MSG("accept state CERT_STATUS_SENT"); + + case CERT_STATUS_SENT : if (!ssl->options.resuming) if ( (ssl->error = SendServerKeyExchange(ssl)) != 0) { WOLFSSL_ERROR(ssl->error); diff --git a/src/tls.c b/src/tls.c index 8cef8597b..744b81828 100644 --- a/src/tls.c +++ b/src/tls.c @@ -919,7 +919,7 @@ static word16 TLSX_ALPN_GetSize(ALPN *list) length++; /* protocol name length is on one byte */ length += (word16)XSTRLEN(alpn->protocol_name); } - + return length; } @@ -946,7 +946,7 @@ static word16 TLSX_ALPN_Write(ALPN *list, byte *output) /* writing list length */ c16toa(offset - OPAQUE16_LEN, output); - + return offset; } @@ -1891,11 +1891,6 @@ int TLSX_UseTruncatedHMAC(TLSX** extensions) #ifdef HAVE_CERTIFICATE_STATUS_REQUEST -#ifndef HAVE_OCSP -#error Status Request Extension requires OCSP. \ - Use --enable-ocsp in the configure script or define HAVE_OCSP. -#endif - static void TLSX_CSR_Free(CertificateStatusRequest* csr) { switch (csr->status_type) { @@ -1922,6 +1917,7 @@ static word16 TLSX_CSR_GetSize(CertificateStatusRequest* csr, byte isRequest) if (csr->request.ocsp.nonceSz) size += OCSP_NONCE_EXT_SZ; + break; } } #endif @@ -1954,7 +1950,7 @@ static word16 TLSX_CSR_Write(CertificateStatusRequest* csr, byte* output, length = EncodeOcspRequestExtensions( &csr->request.ocsp, output + offset + OPAQUE16_LEN, - MAX_OCSP_EXT_SZ); + OCSP_NONCE_EXT_SZ); c16toa(length, output + offset); offset += OPAQUE16_LEN + length; @@ -1972,7 +1968,7 @@ static word16 TLSX_CSR_Write(CertificateStatusRequest* csr, byte* output, static int TLSX_CSR_Parse(WOLFSSL* ssl, byte* input, word16 length, byte isRequest) { - int ret = 0; + int ret; /* shut up compiler warnings */ (void) ssl; (void) input; @@ -2019,8 +2015,63 @@ static int TLSX_CSR_Parse(WOLFSSL* ssl, byte* input, word16 length, return length ? BUFFER_ERROR : 0; /* extension_data MUST be empty. */ #endif } + else { +#ifndef NO_WOLFSSL_SERVER + byte status_type; + word16 offset = 0; + word16 size = 0; - return ret; + if (length < ENUM_LEN) + return BUFFER_ERROR; + + status_type = input[offset++]; + + switch (status_type) { + case WOLFSSL_CSR_OCSP: { + + /* skip responder_id_list */ + if (length - offset < OPAQUE16_LEN) + return BUFFER_ERROR; + + ato16(input + offset, &size); + offset += OPAQUE16_LEN + size; + + /* skip request_extensions */ + if (length - offset < OPAQUE16_LEN) + return BUFFER_ERROR; + + ato16(input + offset, &size); + offset += OPAQUE16_LEN + size; + + if (offset > length) + return BUFFER_ERROR; + + /* is able to send OCSP response? */ + if (ssl->ctx->cm == NULL || !ssl->ctx->cm->ocspStaplingEnabled) + return 0; + } + break; + } + + /* if using status_request and already sending it, skip this one */ + #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 + if (ssl->status_request_v2) + return 0; + #endif + + /* accept the first good status_type and return */ + ret = TLSX_UseCertificateStatusRequest(&ssl->extensions, status_type, + 0); + if (ret != SSL_SUCCESS) + return ret; /* throw error */ + + TLSX_SetResponse(ssl, TLSX_STATUS_REQUEST); + ssl->status_request = status_type; + +#endif + } + + return 0; } int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert) @@ -2078,7 +2129,7 @@ int TLSX_CSR_ForceRequest(WOLFSSL* ssl) case WOLFSSL_CSR_OCSP: if (ssl->ctx->cm->ocspEnabled) return CheckOcspRequest(ssl->ctx->cm->ocsp, - &csr->request.ocsp); + &csr->request.ocsp, NULL); else return OCSP_LOOKUP_FAIL; } @@ -2144,6 +2195,420 @@ int TLSX_UseCertificateStatusRequest(TLSX** extensions, byte status_type, #endif /* HAVE_CERTIFICATE_STATUS_REQUEST */ +/******************************************************************************/ +/* Certificate Status Request v2 */ +/******************************************************************************/ + +#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 + +static void TLSX_CSR2_FreeAll(CertificateStatusRequestItemV2* csr2) +{ + CertificateStatusRequestItemV2* next; + + for (; csr2; csr2 = next) { + next = csr2->next; + + switch (csr2->status_type) { + case WOLFSSL_CSR2_OCSP: + case WOLFSSL_CSR2_OCSP_MULTI: + while(csr2->requests--) + FreeOcspRequest(&csr2->request.ocsp[csr2->requests]); + break; + } + + XFREE(csr2, NULL, DYNAMIC_TYPE_TLSX); + } +} + +static word16 TLSX_CSR2_GetSize(CertificateStatusRequestItemV2* csr2, + byte isRequest) +{ + word16 size = 0; + + /* shut up compiler warnings */ + (void) csr2; (void) isRequest; + +#ifndef NO_WOLFSSL_CLIENT + if (isRequest) { + CertificateStatusRequestItemV2* next; + + for (size = OPAQUE16_LEN; csr2; csr2 = next) { + next = csr2->next; + + switch (csr2->status_type) { + case WOLFSSL_CSR2_OCSP: + case WOLFSSL_CSR2_OCSP_MULTI: + size += ENUM_LEN + 3 * OPAQUE16_LEN; + + if (csr2->request.ocsp[0].nonceSz) + size += OCSP_NONCE_EXT_SZ; + break; + } + } + } +#endif + + return size; +} + +static word16 TLSX_CSR2_Write(CertificateStatusRequestItemV2* csr2, + byte* output, byte isRequest) +{ + /* shut up compiler warnings */ + (void) csr2; (void) output; (void) isRequest; + +#ifndef NO_WOLFSSL_CLIENT + if (isRequest) { + word16 offset; + word16 length; + + for (offset = OPAQUE16_LEN; csr2 != NULL; csr2 = csr2->next) { + /* status_type */ + output[offset++] = csr2->status_type; + + /* request */ + switch (csr2->status_type) { + case WOLFSSL_CSR2_OCSP: + case WOLFSSL_CSR2_OCSP_MULTI: + /* request_length */ + length = 2 * OPAQUE16_LEN; + + if (csr2->request.ocsp[0].nonceSz) + length += OCSP_NONCE_EXT_SZ; + + c16toa(length, output + offset); + offset += OPAQUE16_LEN; + + /* responder id list */ + c16toa(0, output + offset); + offset += OPAQUE16_LEN; + + /* request extensions */ + length = 0; + + if (csr2->request.ocsp[0].nonceSz) + length = EncodeOcspRequestExtensions( + &csr2->request.ocsp[0], + output + offset + OPAQUE16_LEN, + OCSP_NONCE_EXT_SZ); + + c16toa(length, output + offset); + offset += OPAQUE16_LEN + length; + break; + } + } + + /* list size */ + c16toa(offset - OPAQUE16_LEN, output); + + return offset; + } +#endif + + return 0; +} + +static int TLSX_CSR2_Parse(WOLFSSL* ssl, byte* input, word16 length, + byte isRequest) +{ + int ret; + + /* shut up compiler warnings */ + (void) ssl; (void) input; + + if (!isRequest) { +#ifndef NO_WOLFSSL_CLIENT + TLSX* extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST_V2); + CertificateStatusRequestItemV2* csr2 = extension ? extension->data + : NULL; + + if (!csr2) { + /* look at context level */ + + extension = TLSX_Find(ssl->ctx->extensions, TLSX_STATUS_REQUEST_V2); + csr2 = extension ? extension->data : NULL; + + if (!csr2) + return BUFFER_ERROR; /* unexpected extension */ + + /* enable extension at ssl level */ + for (; csr2; csr2 = csr2->next) { + ret = TLSX_UseCertificateStatusRequestV2(&ssl->extensions, + csr2->status_type, csr2->options); + if (ret != SSL_SUCCESS) + return ret; + + switch (csr2->status_type) { + case WOLFSSL_CSR2_OCSP: + /* followed by */ + case WOLFSSL_CSR2_OCSP_MULTI: + /* propagate nonce */ + if (csr2->request.ocsp[0].nonceSz) { + OcspRequest* request = + TLSX_CSR2_GetRequest(ssl->extensions, + csr2->status_type, 0); + + if (request) { + XMEMCPY(request->nonce, + csr2->request.ocsp[0].nonce, + csr2->request.ocsp[0].nonceSz); + + request->nonceSz = + csr2->request.ocsp[0].nonceSz; + } + } + break; + } + } + + } + + ssl->status_request_v2 = 1; + + return length ? BUFFER_ERROR : 0; /* extension_data MUST be empty. */ +#endif + } + else { +#ifndef NO_WOLFSSL_SERVER + byte status_type; + word16 request_length; + word16 offset = 0; + word16 size = 0; + + /* list size */ + ato16(input + offset, &request_length); + offset += OPAQUE16_LEN; + + if (length - OPAQUE16_LEN != request_length) + return BUFFER_ERROR; + + while (length > offset) { + if (length - offset < ENUM_LEN + OPAQUE16_LEN) + return BUFFER_ERROR; + + status_type = input[offset++]; + + ato16(input + offset, &request_length); + offset += OPAQUE16_LEN; + + if (length - offset < request_length) + return BUFFER_ERROR; + + switch (status_type) { + case WOLFSSL_CSR2_OCSP: + case WOLFSSL_CSR2_OCSP_MULTI: + /* skip responder_id_list */ + if (length - offset < OPAQUE16_LEN) + return BUFFER_ERROR; + + ato16(input + offset, &size); + offset += OPAQUE16_LEN + size; + + /* skip request_extensions */ + if (length - offset < OPAQUE16_LEN) + return BUFFER_ERROR; + + ato16(input + offset, &size); + offset += OPAQUE16_LEN + size; + + if (offset > length) + return BUFFER_ERROR; + + /* is able to send OCSP response? */ + if (ssl->ctx->cm == NULL + || !ssl->ctx->cm->ocspStaplingEnabled) + continue; + break; + + default: + /* unkown status type, skipping! */ + offset += request_length; + continue; + } + + /* if using status_request and already sending it, skip this one */ + #ifdef HAVE_CERTIFICATE_STATUS_REQUEST + if (ssl->status_request) + return 0; + #endif + + /* accept the first good status_type and return */ + ret = TLSX_UseCertificateStatusRequestV2(&ssl->extensions, + status_type, 0); + if (ret != SSL_SUCCESS) + return ret; /* throw error */ + + TLSX_SetResponse(ssl, TLSX_STATUS_REQUEST_V2); + ssl->status_request_v2 = status_type; + + return 0; + } +#endif + } + + return 0; +} + +int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert, byte isPeer) +{ + TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST_V2); + CertificateStatusRequestItemV2* csr2 = extension ? extension->data : NULL; + int ret = 0; + + for (; csr2; csr2 = csr2->next) { + switch (csr2->status_type) { + case WOLFSSL_CSR2_OCSP: + if (!isPeer || csr2->requests != 0) + break; + + /* followed by */ + + case WOLFSSL_CSR2_OCSP_MULTI: { + if (csr2->requests < 1 + MAX_CHAIN_DEPTH) { + byte nonce[MAX_OCSP_NONCE_SZ]; + int nonceSz = csr2->request.ocsp[0].nonceSz; + + /* preserve nonce, replicating nonce of ocsp[0] */ + XMEMCPY(nonce, csr2->request.ocsp[0].nonce, nonceSz); + + if ((ret = InitOcspRequest( + &csr2->request.ocsp[csr2->requests], cert, 0)) != 0) + return ret; + + /* restore nonce */ + XMEMCPY(csr2->request.ocsp[csr2->requests].nonce, + nonce, nonceSz); + csr2->request.ocsp[csr2->requests].nonceSz = nonceSz; + csr2->requests++; + } + } + break; + } + } + + return ret; +} + +void* TLSX_CSR2_GetRequest(TLSX* extensions, byte status_type, byte index) +{ + TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST_V2); + CertificateStatusRequestItemV2* csr2 = extension ? extension->data : NULL; + + for (; csr2; csr2 = csr2->next) { + if (csr2->status_type == status_type) { + switch (csr2->status_type) { + case WOLFSSL_CSR2_OCSP: + /* followed by */ + + case WOLFSSL_CSR2_OCSP_MULTI: + /* requests are initialized in the reverse order */ + return index < csr2->requests + ? &csr2->request.ocsp[csr2->requests - index - 1] + : NULL; + break; + } + } + } + + return NULL; +} + +int TLSX_CSR2_ForceRequest(WOLFSSL* ssl) +{ + TLSX* extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST_V2); + CertificateStatusRequestItemV2* csr2 = extension ? extension->data : NULL; + + /* forces only the first one */ + if (csr2) { + switch (csr2->status_type) { + case WOLFSSL_CSR2_OCSP: + /* followed by */ + + case WOLFSSL_CSR2_OCSP_MULTI: + if (ssl->ctx->cm->ocspEnabled) + return CheckOcspRequest(ssl->ctx->cm->ocsp, + &csr2->request.ocsp[0], NULL); + else + return OCSP_LOOKUP_FAIL; + } + } + + return 0; +} + +int TLSX_UseCertificateStatusRequestV2(TLSX** extensions, byte status_type, + byte options) +{ + TLSX* extension = NULL; + CertificateStatusRequestItemV2* csr2 = NULL; + int ret = 0; + + if (!extensions) + return BAD_FUNC_ARG; + + if (status_type != WOLFSSL_CSR2_OCSP + && status_type != WOLFSSL_CSR2_OCSP_MULTI) + return BAD_FUNC_ARG; + + csr2 = (CertificateStatusRequestItemV2*) + XMALLOC(sizeof(CertificateStatusRequestItemV2), NULL, DYNAMIC_TYPE_TLSX); + if (!csr2) + return MEMORY_E; + + ForceZero(csr2, sizeof(CertificateStatusRequestItemV2)); + + csr2->status_type = status_type; + csr2->options = options; + csr2->next = NULL; + + switch (csr2->status_type) { + case WOLFSSL_CSR2_OCSP: + case WOLFSSL_CSR2_OCSP_MULTI: + if (options & WOLFSSL_CSR2_OCSP_USE_NONCE) { + WC_RNG rng; + + if (wc_InitRng(&rng) == 0) { + if (wc_RNG_GenerateBlock(&rng, csr2->request.ocsp[0].nonce, + MAX_OCSP_NONCE_SZ) == 0) + csr2->request.ocsp[0].nonceSz = MAX_OCSP_NONCE_SZ; + + wc_FreeRng(&rng); + } + } + break; + } + + /* append new item */ + if ((extension = TLSX_Find(*extensions, TLSX_STATUS_REQUEST_V2))) { + CertificateStatusRequestItemV2* last = + (CertificateStatusRequestItemV2*)extension->data; + + for (; last->next; last = last->next); + + last->next = csr2; + } + else if ((ret = TLSX_Push(extensions, TLSX_STATUS_REQUEST_V2, csr2))) { + XFREE(csr2, NULL, DYNAMIC_TYPE_TLSX); + return ret; + } + + return SSL_SUCCESS; +} + +#define CSR2_FREE_ALL TLSX_CSR2_FreeAll +#define CSR2_GET_SIZE TLSX_CSR2_GetSize +#define CSR2_WRITE TLSX_CSR2_Write +#define CSR2_PARSE TLSX_CSR2_Parse + +#else + +#define CSR2_FREE_ALL(data) +#define CSR2_GET_SIZE(a, b) 0 +#define CSR2_WRITE(a, b, c) 0 +#define CSR2_PARSE(a, b, c, d) 0 + +#endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */ + /******************************************************************************/ /* Supported Elliptic Curves */ /******************************************************************************/ @@ -3359,6 +3824,10 @@ void TLSX_FreeAll(TLSX* list) CSR_FREE_ALL(extension->data); break; + case TLSX_STATUS_REQUEST_V2: + CSR2_FREE_ALL(extension->data); + break; + case TLSX_RENEGOTIATION_INFO: SCR_FREE_ALL(extension->data); break; @@ -3430,6 +3899,10 @@ static word16 TLSX_GetSize(TLSX* list, byte* semaphore, byte isRequest) length += CSR_GET_SIZE(extension->data, isRequest); break; + case TLSX_STATUS_REQUEST_V2: + length += CSR2_GET_SIZE(extension->data, isRequest); + break; + case TLSX_RENEGOTIATION_INFO: length += SCR_GET_SIZE(extension->data, isRequest); break; @@ -3504,6 +3977,11 @@ static word16 TLSX_Write(TLSX* list, byte* output, byte* semaphore, isRequest); break; + case TLSX_STATUS_REQUEST_V2: + offset += CSR2_WRITE(extension->data, output + offset, + isRequest); + break; + case TLSX_RENEGOTIATION_INFO: offset += SCR_WRITE(extension->data, output + offset, isRequest); @@ -4005,6 +4483,12 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte isRequest, ret = CSR_PARSE(ssl, input + offset, size, isRequest); break; + case TLSX_STATUS_REQUEST_V2: + WOLFSSL_MSG("Certificate Status Request v2 extension received"); + + ret = CSR2_PARSE(ssl, input + offset, size, isRequest); + break; + case TLSX_RENEGOTIATION_INFO: WOLFSSL_MSG("Secure Renegotiation extension received"); diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 479c5d3c8..6488467b7 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -8786,6 +8786,8 @@ static int DecodeSingleResponse(byte* source, if (GetBasicDate(source, &idx, cs->nextDate, &cs->nextDateFormat, size) < 0) return ASN_PARSE_E; + if (!XVALIDATE_DATE(cs->nextDate, cs->nextDateFormat, AFTER)) + return ASN_AFTER_DATE_E; } if (((int)(idx - prevIndex) < wrapperSz) && (source[idx] == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 1))) @@ -8860,7 +8862,7 @@ static int DecodeOcspRespExtensions(byte* source, WOLFSSL_MSG("\tfail: extension data length"); return ASN_PARSE_E; } - + resp->nonce = source + idx; resp->nonceSz = length; } @@ -9024,8 +9026,8 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex, else { Signer* ca = GetCA(cm, resp->issuerHash); - if (!ca || !ConfirmSignature(resp->response, resp->responseSz, - ca->publicKey, ca->pubKeySize, ca->keyOID, + if (!ca || !ConfirmSignature(resp->response, resp->responseSz, + ca->publicKey, ca->pubKeySize, ca->keyOID, resp->sig, resp->sigSz, resp->sigOID, NULL)) { WOLFSSL_MSG("\tOCSP Confirm signature failed"); return ASN_OCSP_CONFIRM_E; @@ -9042,20 +9044,13 @@ void InitOcspResponse(OcspResponse* resp, CertStatus* status, { WOLFSSL_ENTER("InitOcspResponse"); + XMEMSET(status, 0, sizeof(CertStatus)); + XMEMSET(resp, 0, sizeof(OcspResponse)); + resp->responseStatus = -1; - resp->response = NULL; - resp->responseSz = 0; - resp->producedDateFormat = 0; - resp->issuerHash = NULL; - resp->issuerKeyHash = NULL; - resp->sig = NULL; - resp->sigSz = 0; - resp->sigOID = 0; - resp->status = status; - resp->nonce = NULL; - resp->nonceSz = 0; - resp->source = source; - resp->maxIdx = inSz; + resp->status = status; + resp->source = source; + resp->maxIdx = inSz; } @@ -9131,34 +9126,34 @@ word32 EncodeOcspRequestExtensions(OcspRequest* req, byte* output, word32 size) totalSz += seqSz[4] = SetSequence(totalSz, seqArray[4]); totalSz += seqSz[5] = SetExplicit(2, totalSz, seqArray[5]); - if (totalSz < size) - { - totalSz = 0; - - XMEMCPY(output + totalSz, seqArray[5], seqSz[5]); - totalSz += seqSz[5]; - - XMEMCPY(output + totalSz, seqArray[4], seqSz[4]); - totalSz += seqSz[4]; - - XMEMCPY(output + totalSz, seqArray[3], seqSz[3]); - totalSz += seqSz[3]; - - XMEMCPY(output + totalSz, seqArray[2], seqSz[2]); - totalSz += seqSz[2]; - - XMEMCPY(output + totalSz, NonceObjId, sizeof(NonceObjId)); - totalSz += (word32)sizeof(NonceObjId); - - XMEMCPY(output + totalSz, seqArray[1], seqSz[1]); - totalSz += seqSz[1]; - - XMEMCPY(output + totalSz, seqArray[0], seqSz[0]); - totalSz += seqSz[0]; - - XMEMCPY(output + totalSz, req->nonce, req->nonceSz); - totalSz += req->nonceSz; - } + if (totalSz > size) + return 0; + + totalSz = 0; + + XMEMCPY(output + totalSz, seqArray[5], seqSz[5]); + totalSz += seqSz[5]; + + XMEMCPY(output + totalSz, seqArray[4], seqSz[4]); + totalSz += seqSz[4]; + + XMEMCPY(output + totalSz, seqArray[3], seqSz[3]); + totalSz += seqSz[3]; + + XMEMCPY(output + totalSz, seqArray[2], seqSz[2]); + totalSz += seqSz[2]; + + XMEMCPY(output + totalSz, NonceObjId, sizeof(NonceObjId)); + totalSz += (word32)sizeof(NonceObjId); + + XMEMCPY(output + totalSz, seqArray[1], seqSz[1]); + totalSz += seqSz[1]; + + XMEMCPY(output + totalSz, seqArray[0], seqSz[0]); + totalSz += seqSz[0]; + + XMEMCPY(output + totalSz, req->nonce, req->nonceSz); + totalSz += req->nonceSz; return totalSz; } @@ -9190,7 +9185,7 @@ int EncodeOcspRequest(OcspRequest* req, byte* output, word32 size) extSz = 0; if (req->nonceSz) - extSz = EncodeOcspRequestExtensions(req, extArray, MAX_OCSP_EXT_SZ); + extSz = EncodeOcspRequestExtensions(req, extArray, OCSP_NONCE_EXT_SZ); totalSz = algoSz + issuerSz + issuerKeySz + snSz; for (i = 4; i >= 0; i--) { diff --git a/wolfcrypt/src/logging.c b/wolfcrypt/src/logging.c index fb90c6dcc..2156b1f43 100644 --- a/wolfcrypt/src/logging.c +++ b/wolfcrypt/src/logging.c @@ -136,6 +136,44 @@ void WOLFSSL_MSG(const char* msg) } +void WOLFSSL_BUFFER(byte* buffer, word32 length) +{ + #define LINE_LEN 16 + + if (loggingEnabled) { + word32 i; + char line[80]; + + if (!buffer) { + wolfssl_log(INFO_LOG, "\tNULL"); + + return; + } + + sprintf(line, "\t"); + + for (i = 0; i < LINE_LEN; i++) { + if (i < length) + sprintf(line + 1 + i * 3,"%02x ", buffer[i]); + else + sprintf(line + 1 + i * 3, " "); + } + + sprintf(line + 1 + LINE_LEN * 3, "| "); + + for (i = 0; i < LINE_LEN; i++) + if (i < length) + sprintf(line + 3 + LINE_LEN * 3 + i, + "%c", 31 < buffer[i] && buffer[i] < 127 ? buffer[i] : '.'); + + wolfssl_log(INFO_LOG, line); + + if (length > LINE_LEN) + WOLFSSL_BUFFER(buffer + LINE_LEN, length - LINE_LEN); + } +} + + void WOLFSSL_ENTER(const char* msg) { if (loggingEnabled) { diff --git a/wolfssl/certs_test.h b/wolfssl/certs_test.h index 6a3fb4799..c9b0b16a5 100644 --- a/wolfssl/certs_test.h +++ b/wolfssl/certs_test.h @@ -98,9 +98,9 @@ static const int sizeof_client_keypub_der_1024 = sizeof(client_keypub_der_1024); /* ./certs/1024/client-cert.der, 1024-bit */ static const unsigned char client_cert_der_1024[] = { - 0x30, 0x82, 0x03, 0xC5, 0x30, 0x82, 0x03, 0x2E, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xE3, 0xD7, 0xA0, 0xFA, - 0x76, 0xDF, 0x2A, 0xFA, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, + 0x30, 0x82, 0x03, 0xF9, 0x30, 0x82, 0x03, 0x62, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xD3, 0xDF, 0x98, 0xC4, + 0x80, 0x1F, 0x1F, 0x6F, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, @@ -118,10 +118,10 @@ static const unsigned char client_cert_der_1024[] = 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x35, 0x30, 0x35, 0x30, 0x37, - 0x31, 0x38, 0x32, 0x31, 0x30, 0x31, 0x5A, 0x17, 0x0D, 0x31, - 0x38, 0x30, 0x31, 0x33, 0x31, 0x31, 0x38, 0x32, 0x31, 0x30, - 0x31, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, + 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x35, 0x31, 0x31, 0x32, 0x33, + 0x31, 0x32, 0x34, 0x39, 0x33, 0x37, 0x5A, 0x17, 0x0D, 0x31, + 0x38, 0x30, 0x38, 0x31, 0x39, 0x31, 0x32, 0x34, 0x39, 0x33, + 0x37, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, @@ -153,8 +153,8 @@ static const unsigned char client_cert_der_1024[] = 0x4C, 0xE8, 0xC1, 0xFD, 0x4A, 0x6F, 0x2B, 0x1F, 0xEF, 0x8A, 0xAE, 0xF6, 0x90, 0x62, 0xE5, 0x64, 0x1E, 0xEB, 0x2B, 0x3C, 0x67, 0xC8, 0xDC, 0x27, 0x00, 0xF6, 0x91, 0x68, 0x65, 0xA9, - 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, 0x07, 0x30, - 0x82, 0x01, 0x03, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, + 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, 0x3B, 0x30, + 0x82, 0x01, 0x37, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x81, 0x69, 0x0F, 0xF8, 0xDF, 0xDD, 0xCF, 0x34, 0x29, 0xD5, 0x67, 0x75, 0x71, 0x85, 0xC7, 0x75, 0x10, 0x69, 0x59, 0xEC, 0x30, 0x81, 0xD3, 0x06, 0x03, 0x55, @@ -178,23 +178,29 @@ static const unsigned char client_cert_der_1024[] = 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, - 0xE3, 0xD7, 0xA0, 0xFA, 0x76, 0xDF, 0x2A, 0xFA, 0x30, 0x0C, + 0xD3, 0xDF, 0x98, 0xC4, 0x80, 0x1F, 0x1F, 0x6F, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, - 0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, - 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x81, 0x81, - 0x00, 0x1D, 0xB7, 0xD5, 0x7C, 0xE1, 0xB1, 0xD8, 0xC0, 0x67, - 0x5D, 0xB5, 0xD3, 0x88, 0xE7, 0x50, 0x29, 0x71, 0x63, 0x8F, - 0xCC, 0x26, 0x1F, 0x33, 0x09, 0x55, 0x43, 0x9B, 0xAB, 0xC6, - 0x1B, 0xBC, 0xC7, 0x01, 0x95, 0x1A, 0xFA, 0x65, 0xE0, 0xFD, - 0x9C, 0xEB, 0x6F, 0x0A, 0x0F, 0x14, 0xEC, 0xB5, 0x2F, 0xDC, - 0x1C, 0x30, 0xDD, 0x52, 0x97, 0xD4, 0x1C, 0x09, 0x00, 0x33, - 0x38, 0x5F, 0xCB, 0xA8, 0x16, 0x8F, 0x11, 0xB7, 0xB8, 0xD0, - 0x66, 0xE1, 0x54, 0x28, 0xF3, 0x3F, 0xBF, 0x6A, 0x6F, 0x76, - 0x48, 0x2A, 0x5E, 0x56, 0xA7, 0xCE, 0x1C, 0xF0, 0x04, 0xDD, - 0x17, 0xBD, 0x06, 0x78, 0x21, 0x6D, 0xD6, 0xB1, 0x9B, 0x75, - 0x31, 0x92, 0xC1, 0xFE, 0xD4, 0x8D, 0xD4, 0x67, 0x2F, 0x03, - 0x1B, 0x27, 0x8D, 0xAB, 0xFF, 0x30, 0x3B, 0xC3, 0x7F, 0x23, - 0xE4, 0xAB, 0x5B, 0x91, 0xE1, 0x1B, 0x66, 0xE6, 0xED + 0x01, 0xFF, 0x30, 0x32, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, + 0x05, 0x07, 0x01, 0x01, 0x04, 0x26, 0x30, 0x24, 0x30, 0x22, + 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, + 0x86, 0x16, 0x68, 0x74, 0x74, 0x70, 0x3A, 0x2F, 0x2F, 0x6C, + 0x6F, 0x63, 0x61, 0x6C, 0x68, 0x6F, 0x73, 0x74, 0x3A, 0x32, + 0x32, 0x32, 0x32, 0x32, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, + 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, + 0x81, 0x81, 0x00, 0x71, 0x39, 0xFA, 0x86, 0xC3, 0x54, 0xE5, + 0x98, 0xB5, 0xE8, 0xC3, 0xCB, 0x97, 0x2F, 0x86, 0xBF, 0xE8, + 0xBC, 0xFB, 0xEB, 0xD8, 0x73, 0x97, 0x34, 0x9A, 0x16, 0xBF, + 0xE0, 0xB2, 0xBD, 0xBE, 0x7D, 0xFF, 0xA0, 0xD7, 0xE6, 0xDB, + 0xA3, 0x52, 0x43, 0x41, 0x60, 0xF1, 0xD7, 0xC3, 0x63, 0xC0, + 0x9B, 0xE2, 0xB2, 0x28, 0x87, 0x70, 0x60, 0x5D, 0x2B, 0x5D, + 0x56, 0x15, 0x3C, 0xB1, 0x1E, 0x03, 0x53, 0x72, 0x39, 0x32, + 0xE2, 0x47, 0x85, 0xF7, 0x8B, 0xE8, 0x38, 0x50, 0xA9, 0xC9, + 0xD3, 0x52, 0x75, 0x0E, 0x16, 0x14, 0xA5, 0xA5, 0xC4, 0x9F, + 0x3E, 0x73, 0xD8, 0x38, 0x79, 0xBF, 0xF7, 0x9B, 0x4D, 0x0D, + 0xF3, 0xAA, 0xCE, 0xA2, 0x03, 0x84, 0x66, 0x14, 0xC9, 0x01, + 0xF5, 0x86, 0xA5, 0x66, 0xA1, 0xCA, 0x6A, 0x71, 0x5F, 0x2D, + 0x31, 0x8E, 0x1C, 0xCC, 0x0C, 0xE6, 0x46, 0x99, 0x5D, 0x0A, + 0x4C }; static const int sizeof_client_cert_der_1024 = sizeof(client_cert_der_1024); @@ -775,9 +781,9 @@ static const int sizeof_client_keypub_der_2048 = sizeof(client_keypub_der_2048); /* ./certs/client-cert.der, 2048-bit */ static const unsigned char client_cert_der_2048[] = { - 0x30, 0x82, 0x04, 0xCA, 0x30, 0x82, 0x03, 0xB2, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xAA, 0x27, 0xB3, 0xC5, - 0xA9, 0x72, 0x6E, 0x0D, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, + 0x30, 0x82, 0x04, 0xFE, 0x30, 0x82, 0x03, 0xE6, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0x95, 0x90, 0x12, 0x9B, + 0x22, 0xA1, 0x50, 0x40, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, @@ -795,10 +801,10 @@ static const unsigned char client_cert_der_2048[] = 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x35, 0x30, 0x35, 0x30, 0x37, - 0x31, 0x38, 0x32, 0x31, 0x30, 0x31, 0x5A, 0x17, 0x0D, 0x31, - 0x38, 0x30, 0x31, 0x33, 0x31, 0x31, 0x38, 0x32, 0x31, 0x30, - 0x31, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, + 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x35, 0x31, 0x31, 0x32, 0x33, + 0x31, 0x32, 0x34, 0x39, 0x33, 0x37, 0x5A, 0x17, 0x0D, 0x31, + 0x38, 0x30, 0x38, 0x31, 0x39, 0x31, 0x32, 0x34, 0x39, 0x33, + 0x37, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, @@ -844,7 +850,7 @@ static const unsigned char client_cert_der_2048[] = 0x30, 0xC4, 0x97, 0x84, 0x86, 0x2D, 0x56, 0x2F, 0xD7, 0x15, 0xF7, 0x7F, 0xC0, 0xAE, 0xF5, 0xFC, 0x5B, 0xE5, 0xFB, 0xA1, 0xBA, 0xD3, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, - 0x07, 0x30, 0x82, 0x01, 0x03, 0x30, 0x1D, 0x06, 0x03, 0x55, + 0x3B, 0x30, 0x82, 0x01, 0x37, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x33, 0xD8, 0x45, 0x66, 0xD7, 0x68, 0x87, 0x18, 0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, 0xC7, 0x26, 0xD7, 0x85, 0x65, 0xC0, 0x30, 0x81, 0xD3, 0x06, @@ -868,37 +874,42 @@ static const unsigned char client_cert_der_2048[] = 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, - 0x09, 0x00, 0xAA, 0x27, 0xB3, 0xC5, 0xA9, 0x72, 0x6E, 0x0D, + 0x09, 0x00, 0x95, 0x90, 0x12, 0x9B, 0x22, 0xA1, 0x50, 0x40, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, - 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, - 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, - 0x82, 0x01, 0x01, 0x00, 0x51, 0x96, 0xA7, 0x1C, 0x26, 0x5D, - 0x1C, 0x90, 0xC6, 0x32, 0x9F, 0x96, 0x15, 0xF2, 0x1D, 0xE7, - 0x93, 0x9C, 0xAC, 0x75, 0x56, 0x95, 0xFD, 0x20, 0x70, 0xAB, - 0x45, 0x6A, 0x09, 0xB0, 0xF3, 0xF2, 0x03, 0xA8, 0xDB, 0xDC, - 0x2F, 0xBC, 0x1F, 0x87, 0x7A, 0xA3, 0xD4, 0x8F, 0xD5, 0x49, - 0x97, 0x7E, 0x3C, 0x54, 0xAC, 0xB1, 0xE3, 0xF0, 0x39, 0x0D, - 0xFE, 0x09, 0x9A, 0x23, 0xF6, 0x32, 0xA6, 0x41, 0x59, 0xBD, - 0x60, 0xE8, 0xBD, 0xDE, 0x00, 0x36, 0x6F, 0x3E, 0xE9, 0x41, - 0x6F, 0xA9, 0x63, 0xC7, 0xAA, 0xD5, 0x7B, 0xF3, 0xE4, 0x39, - 0x48, 0x9E, 0xF6, 0x60, 0xC6, 0xC6, 0x86, 0xD5, 0x72, 0x86, - 0x23, 0xCD, 0xF5, 0x6A, 0x63, 0x53, 0xA4, 0xF8, 0xFC, 0x51, - 0x6A, 0xCD, 0x60, 0x74, 0x8E, 0xA3, 0x86, 0x61, 0x01, 0x34, - 0x78, 0xF7, 0x29, 0x97, 0xB3, 0xA7, 0x34, 0xB6, 0x0A, 0xDE, - 0xB5, 0x71, 0x7A, 0x09, 0xA6, 0x3E, 0xD6, 0x82, 0x58, 0x89, - 0x67, 0x9C, 0xC5, 0x68, 0x62, 0xBA, 0x06, 0xD6, 0x39, 0xBB, - 0xCB, 0x3A, 0xC0, 0xE0, 0x63, 0x1F, 0xC7, 0x0C, 0x9C, 0x12, - 0x86, 0xEC, 0xF7, 0x39, 0x6A, 0x61, 0x93, 0xD0, 0x33, 0x14, - 0xC6, 0x55, 0x3B, 0xB6, 0xCF, 0x80, 0x5B, 0x8C, 0x43, 0xEF, - 0x43, 0x44, 0x0B, 0x3C, 0x93, 0x39, 0xA3, 0x4E, 0x15, 0xD1, - 0x0B, 0x5F, 0x84, 0x98, 0x1D, 0xCD, 0x9F, 0xA9, 0x47, 0xEB, - 0x3B, 0x56, 0x30, 0xB6, 0x76, 0x92, 0xC1, 0x48, 0x5F, 0xBC, - 0x95, 0xB0, 0x50, 0x1A, 0x55, 0xC8, 0x4E, 0x62, 0x47, 0x87, - 0x54, 0x64, 0x0C, 0x9B, 0x91, 0xFA, 0x43, 0xB3, 0x29, 0x48, - 0xBE, 0xE6, 0x12, 0xEB, 0xE3, 0x44, 0xC6, 0x52, 0xE4, 0x40, - 0xC6, 0x83, 0x95, 0x1B, 0xA7, 0x65, 0x27, 0x69, 0x73, 0x2F, - 0xC8, 0xA0, 0x4D, 0x7F, 0xBE, 0xEA, 0x9B, 0x67, 0xB2, 0x7B - + 0x03, 0x01, 0x01, 0xFF, 0x30, 0x32, 0x06, 0x08, 0x2B, 0x06, + 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x26, 0x30, 0x24, + 0x30, 0x22, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, + 0x30, 0x01, 0x86, 0x16, 0x68, 0x74, 0x74, 0x70, 0x3A, 0x2F, + 0x2F, 0x6C, 0x6F, 0x63, 0x61, 0x6C, 0x68, 0x6F, 0x73, 0x74, + 0x3A, 0x32, 0x32, 0x32, 0x32, 0x32, 0x30, 0x0D, 0x06, 0x09, + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, + 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x7B, 0x91, 0x63, 0x8D, + 0x39, 0x54, 0x64, 0x3C, 0xB4, 0x3F, 0xD5, 0xC8, 0x4F, 0xBF, + 0x0B, 0xBF, 0xAF, 0x5C, 0x9C, 0x41, 0xC7, 0x0B, 0x52, 0x6D, + 0xC6, 0xF0, 0xDE, 0x7C, 0xFF, 0x9B, 0x4E, 0xFE, 0xF3, 0x22, + 0xA5, 0x00, 0x13, 0x9F, 0x81, 0xE4, 0x6D, 0x70, 0x2C, 0xF9, + 0x7A, 0xF4, 0xD8, 0x50, 0xBE, 0x72, 0xE1, 0x04, 0x8B, 0xB0, + 0x05, 0xE3, 0x61, 0x82, 0x3F, 0x65, 0xDE, 0xF9, 0xE9, 0xD3, + 0x3D, 0x97, 0x7D, 0x88, 0xB7, 0x99, 0x85, 0xC1, 0xE5, 0x5C, + 0x57, 0xA7, 0x9C, 0x1F, 0xF2, 0xB8, 0xCE, 0xEC, 0xD7, 0xD1, + 0x9B, 0xEC, 0xFB, 0x0E, 0x6F, 0x02, 0xAD, 0x51, 0xC0, 0x76, + 0xDD, 0x66, 0x0A, 0xCE, 0x0D, 0x09, 0xE6, 0xA8, 0x42, 0xB0, + 0x06, 0xC3, 0x04, 0xE7, 0x1C, 0xC7, 0x10, 0x83, 0x07, 0xF2, + 0xE6, 0x11, 0x1A, 0xCD, 0xA7, 0xB9, 0x7E, 0x17, 0xEF, 0xEA, + 0x63, 0x9C, 0xF2, 0xA5, 0xBE, 0x6B, 0xB6, 0xDF, 0xEB, 0x5A, + 0x75, 0x01, 0x59, 0x05, 0xF7, 0xEC, 0x49, 0x75, 0x10, 0xDD, + 0x40, 0x1A, 0x25, 0x25, 0x4F, 0x78, 0x6E, 0xE1, 0x92, 0x21, + 0xB5, 0xB8, 0x82, 0x2F, 0x33, 0xB3, 0x5B, 0xB6, 0x81, 0xB8, + 0xB1, 0xA4, 0x0C, 0x8D, 0x98, 0x74, 0x74, 0xDA, 0x0D, 0x90, + 0x33, 0xC8, 0xA7, 0xAA, 0x0D, 0x06, 0x5A, 0x04, 0xEB, 0x37, + 0xD3, 0xE4, 0x55, 0x0C, 0x93, 0xB6, 0xC8, 0x3A, 0xE8, 0xA7, + 0x2B, 0x4E, 0xB8, 0x90, 0xBB, 0x36, 0x0B, 0xDB, 0x7F, 0x2E, + 0x99, 0x23, 0x76, 0x68, 0x81, 0xA8, 0x73, 0x74, 0xE7, 0x68, + 0xFB, 0x1D, 0xFF, 0x5B, 0xEC, 0xB5, 0x6B, 0x30, 0xD1, 0xD0, + 0x2B, 0x89, 0xA6, 0xC6, 0xA9, 0xFC, 0x03, 0x66, 0xFE, 0xB5, + 0x8C, 0xAF, 0xDE, 0x8E, 0x2A, 0xB4, 0x78, 0x9C, 0xD7, 0x4A, + 0xFC, 0x9C, 0xC4, 0x7C, 0x19, 0x20, 0x83, 0x0E, 0xFD, 0x3F, + 0x4D, 0xA7 }; static const int sizeof_client_cert_der_2048 = sizeof(client_cert_der_2048); @@ -1154,9 +1165,9 @@ static const int sizeof_rsa_key_der_2048 = sizeof(rsa_key_der_2048); /* ./certs/ca-cert.der, 2048-bit */ static const unsigned char ca_cert_der_2048[] = { - 0x30, 0x82, 0x04, 0xAA, 0x30, 0x82, 0x03, 0x92, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xD9, 0x80, 0x3A, 0xC3, - 0xD2, 0xF4, 0xDA, 0x37, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, + 0x30, 0x82, 0x04, 0xE0, 0x30, 0x82, 0x03, 0xC8, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xA6, 0x66, 0x38, 0x49, + 0x45, 0x9B, 0xDC, 0x81, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, @@ -1173,10 +1184,10 @@ static const unsigned char ca_cert_der_2048[] = 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x35, 0x30, 0x35, 0x30, 0x37, - 0x31, 0x38, 0x32, 0x31, 0x30, 0x31, 0x5A, 0x17, 0x0D, 0x31, - 0x38, 0x30, 0x31, 0x33, 0x31, 0x31, 0x38, 0x32, 0x31, 0x30, - 0x31, 0x5A, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, + 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x35, 0x31, 0x31, 0x32, 0x33, + 0x31, 0x32, 0x34, 0x39, 0x33, 0x37, 0x5A, 0x17, 0x0D, 0x31, + 0x38, 0x30, 0x38, 0x31, 0x39, 0x31, 0x32, 0x34, 0x39, 0x33, + 0x37, 0x5A, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, @@ -1220,60 +1231,66 @@ static const unsigned char ca_cert_der_2048[] = 0x13, 0x49, 0x08, 0x16, 0x0B, 0xA7, 0x4D, 0x67, 0x00, 0x52, 0x31, 0x67, 0x23, 0x4E, 0x98, 0xED, 0x51, 0x45, 0x1D, 0xB9, 0x04, 0xD9, 0x0B, 0xEC, 0xD8, 0x28, 0xB3, 0x4B, 0xBD, 0xED, - 0x36, 0x79, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x81, 0xFC, - 0x30, 0x81, 0xF9, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, - 0x04, 0x16, 0x04, 0x14, 0x27, 0x8E, 0x67, 0x11, 0x74, 0xC3, - 0x26, 0x1D, 0x3F, 0xED, 0x33, 0x63, 0xB3, 0xA4, 0xD8, 0x1D, - 0x30, 0xE5, 0xE8, 0xD5, 0x30, 0x81, 0xC9, 0x06, 0x03, 0x55, - 0x1D, 0x23, 0x04, 0x81, 0xC1, 0x30, 0x81, 0xBE, 0x80, 0x14, - 0x27, 0x8E, 0x67, 0x11, 0x74, 0xC3, 0x26, 0x1D, 0x3F, 0xED, - 0x33, 0x63, 0xB3, 0xA4, 0xD8, 0x1D, 0x30, 0xE5, 0xE8, 0xD5, - 0xA1, 0x81, 0x9A, 0xA4, 0x81, 0x97, 0x30, 0x81, 0x94, 0x31, - 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, - 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, - 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, - 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, - 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53, - 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, 0x31, 0x13, 0x30, - 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0A, 0x43, 0x6F, - 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x31, 0x18, - 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, - 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, - 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, - 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, - 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, - 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, - 0xD9, 0x80, 0x3A, 0xC3, 0xD2, 0xF4, 0xDA, 0x37, 0x30, 0x0C, - 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, - 0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, - 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, 0x01, - 0x01, 0x00, 0x7A, 0xAF, 0x44, 0x3B, 0xAA, 0x6F, 0x53, 0x42, - 0xB2, 0x33, 0xAA, 0x43, 0x5F, 0x56, 0x30, 0xD3, 0xB9, 0x96, - 0x0B, 0x9A, 0x55, 0x5A, 0x39, 0x2A, 0x0B, 0x4E, 0xE4, 0x2E, - 0xF1, 0x95, 0x66, 0xC9, 0x86, 0x36, 0x82, 0x8D, 0x63, 0x7C, - 0x4D, 0xA2, 0xEE, 0x48, 0xBA, 0x03, 0xC7, 0x90, 0xD7, 0xA7, - 0xC6, 0x74, 0x60, 0x48, 0x5F, 0x31, 0xA2, 0xF9, 0x5E, 0x3E, - 0xC3, 0x82, 0xE1, 0xE5, 0x2F, 0x41, 0x81, 0x83, 0x29, 0x25, - 0x79, 0xD1, 0x53, 0x00, 0x69, 0x3C, 0xED, 0x0A, 0x30, 0x3B, - 0x41, 0x1D, 0x92, 0xA1, 0x2C, 0xA8, 0x9D, 0x2C, 0xE3, 0x23, - 0x87, 0x79, 0xE0, 0x55, 0x6E, 0x91, 0xA8, 0x50, 0xDA, 0x46, - 0x2F, 0xC2, 0x20, 0x50, 0x3E, 0x2B, 0x47, 0x97, 0x14, 0xB0, - 0x7D, 0x04, 0xBA, 0x45, 0x51, 0xD0, 0x6E, 0xE1, 0x5A, 0xA2, - 0x4B, 0x84, 0x9C, 0x4D, 0xCD, 0x85, 0x04, 0xF9, 0x28, 0x31, - 0x82, 0x93, 0xBC, 0xC7, 0x59, 0x49, 0x91, 0x03, 0xE8, 0xDF, - 0x6A, 0xE4, 0x56, 0xAD, 0x6A, 0xCB, 0x1F, 0x0D, 0x37, 0xE4, - 0x5E, 0xBD, 0xE7, 0x9F, 0xD5, 0xEC, 0x9D, 0x3C, 0x18, 0x25, - 0x9B, 0xF1, 0x2F, 0x50, 0x7D, 0xEB, 0x31, 0xCB, 0xF1, 0x63, - 0x22, 0x9D, 0x57, 0xFC, 0xF3, 0x84, 0x20, 0x1A, 0xC6, 0x07, - 0x87, 0x92, 0x26, 0x9E, 0x15, 0x18, 0x59, 0x33, 0x06, 0xDC, - 0xFB, 0xB0, 0xB6, 0x76, 0x5D, 0xF1, 0xC1, 0x2F, 0xC8, 0x2F, - 0x62, 0x9C, 0xC0, 0xD6, 0xDE, 0xEB, 0x65, 0x77, 0xF3, 0x5C, - 0xA6, 0xC3, 0x88, 0x27, 0x96, 0x75, 0xB4, 0xF4, 0x54, 0xCD, - 0xFF, 0x2D, 0x21, 0x2E, 0x96, 0xF0, 0x07, 0x73, 0x4B, 0xE9, - 0x93, 0x92, 0x90, 0xDE, 0x62, 0xD9, 0xA3, 0x3B, 0xAC, 0x6E, - 0x24, 0x5F, 0x27, 0x4A, 0xB3, 0x94, 0x70, 0xFF, 0x30, 0x17, - 0xE7, 0x7E, 0x32, 0x8F, 0x65, 0xB7, 0x75, 0x58 + 0x36, 0x79, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, + 0x31, 0x30, 0x82, 0x01, 0x2D, 0x30, 0x1D, 0x06, 0x03, 0x55, + 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x27, 0x8E, 0x67, 0x11, + 0x74, 0xC3, 0x26, 0x1D, 0x3F, 0xED, 0x33, 0x63, 0xB3, 0xA4, + 0xD8, 0x1D, 0x30, 0xE5, 0xE8, 0xD5, 0x30, 0x81, 0xC9, 0x06, + 0x03, 0x55, 0x1D, 0x23, 0x04, 0x81, 0xC1, 0x30, 0x81, 0xBE, + 0x80, 0x14, 0x27, 0x8E, 0x67, 0x11, 0x74, 0xC3, 0x26, 0x1D, + 0x3F, 0xED, 0x33, 0x63, 0xB3, 0xA4, 0xD8, 0x1D, 0x30, 0xE5, + 0xE8, 0xD5, 0xA1, 0x81, 0x9A, 0xA4, 0x81, 0x97, 0x30, 0x81, + 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, + 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, + 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, + 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, + 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, + 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, + 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, 0x31, + 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0A, + 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, + 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, + 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, + 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, + 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, + 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, + 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, + 0x09, 0x00, 0xA6, 0x66, 0x38, 0x49, 0x45, 0x9B, 0xDC, 0x81, + 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, + 0x03, 0x01, 0x01, 0xFF, 0x30, 0x32, 0x06, 0x08, 0x2B, 0x06, + 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x26, 0x30, 0x24, + 0x30, 0x22, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, + 0x30, 0x01, 0x86, 0x16, 0x68, 0x74, 0x74, 0x70, 0x3A, 0x2F, + 0x2F, 0x6C, 0x6F, 0x63, 0x61, 0x6C, 0x68, 0x6F, 0x73, 0x74, + 0x3A, 0x32, 0x32, 0x32, 0x32, 0x32, 0x30, 0x0D, 0x06, 0x09, + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, + 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x41, 0x8F, 0xFB, 0x6B, + 0x65, 0x6B, 0x36, 0xF2, 0x56, 0x4F, 0x0C, 0x48, 0xB0, 0x4D, + 0x8C, 0xC2, 0xCB, 0xD6, 0x58, 0x7A, 0x83, 0x3A, 0x30, 0x7D, + 0x62, 0x7B, 0x86, 0xF1, 0x15, 0x26, 0xB3, 0x26, 0x02, 0x77, + 0xF2, 0xC8, 0x57, 0xE5, 0x1E, 0x60, 0x68, 0x8B, 0xA4, 0xE8, + 0xF3, 0xA8, 0xB2, 0x88, 0xA4, 0x2F, 0xE8, 0x6E, 0x25, 0x8D, + 0x6B, 0xDC, 0x53, 0xAB, 0x2F, 0xD3, 0x47, 0x8C, 0xD6, 0x27, + 0xAB, 0x39, 0xBC, 0xD3, 0xCA, 0xD8, 0x01, 0x96, 0xA4, 0x44, + 0x57, 0x38, 0x93, 0xAB, 0xC3, 0xF3, 0x95, 0x67, 0x7F, 0xCF, + 0x25, 0x1D, 0xB7, 0x04, 0xDC, 0x06, 0xC9, 0x5D, 0x24, 0xC1, + 0x54, 0x13, 0x71, 0x81, 0x21, 0x31, 0xEE, 0x9F, 0xB4, 0x9D, + 0xCE, 0x98, 0x66, 0xA4, 0xA0, 0x77, 0xC1, 0x88, 0x18, 0xA4, + 0xD1, 0x36, 0xEE, 0xCD, 0xD8, 0xC1, 0x1B, 0xBC, 0x03, 0xD6, + 0x85, 0x9A, 0x2E, 0x21, 0x82, 0x95, 0x4C, 0xB2, 0x2A, 0xFE, + 0x69, 0xDB, 0xAC, 0xE4, 0x97, 0xE1, 0xE9, 0x0E, 0xF1, 0xD3, + 0xEF, 0x20, 0x86, 0x03, 0x01, 0x66, 0x6B, 0xF0, 0x26, 0x0F, + 0x39, 0x04, 0x26, 0xF5, 0x42, 0x98, 0x3F, 0x95, 0x48, 0x5F, + 0xB5, 0x5D, 0xBC, 0x49, 0x4C, 0x81, 0x38, 0xD5, 0xE9, 0x72, + 0x32, 0x1C, 0x66, 0x1B, 0x12, 0x80, 0x0F, 0xDB, 0x99, 0xF0, + 0x97, 0x67, 0x61, 0x79, 0xAD, 0xAB, 0xBE, 0x6A, 0xEA, 0xAA, + 0xCC, 0x3D, 0xF9, 0x40, 0x99, 0x00, 0x93, 0xBB, 0xDF, 0x4B, + 0x41, 0xD4, 0x7F, 0xF1, 0x93, 0xB2, 0x70, 0x83, 0x3A, 0xE3, + 0x6B, 0x44, 0x4B, 0x1F, 0x9F, 0x77, 0x53, 0xEA, 0x5D, 0xE6, + 0x59, 0x1E, 0xC0, 0x2D, 0x4B, 0x83, 0xD6, 0xF4, 0xA3, 0xD4, + 0xA9, 0xC3, 0x91, 0x12, 0xE7, 0x61, 0x3F, 0x56, 0x9D, 0x8F, + 0xB8, 0x19, 0x29, 0x62, 0x1B, 0x58, 0xDF, 0x73, 0x99, 0x1F, + 0x49, 0x63 }; static const int sizeof_ca_cert_der_2048 = sizeof(ca_cert_der_2048); @@ -1406,7 +1423,7 @@ static const int sizeof_server_key_der_2048 = sizeof(server_key_der_2048); /* ./certs/server-cert.der, 2048-bit */ static const unsigned char server_cert_der_2048[] = { - 0x30, 0x82, 0x04, 0x9E, 0x30, 0x82, 0x03, 0x86, 0xA0, 0x03, + 0x30, 0x82, 0x04, 0xD4, 0x30, 0x82, 0x03, 0xBC, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x01, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, @@ -1424,10 +1441,10 @@ static const unsigned char server_cert_der_2048[] = 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, - 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x35, 0x30, 0x35, - 0x30, 0x37, 0x31, 0x38, 0x32, 0x31, 0x30, 0x31, 0x5A, 0x17, - 0x0D, 0x31, 0x38, 0x30, 0x31, 0x33, 0x31, 0x31, 0x38, 0x32, - 0x31, 0x30, 0x31, 0x5A, 0x30, 0x81, 0x90, 0x31, 0x0B, 0x30, + 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x35, 0x31, 0x31, + 0x32, 0x33, 0x31, 0x32, 0x34, 0x39, 0x33, 0x37, 0x5A, 0x17, + 0x0D, 0x31, 0x38, 0x30, 0x38, 0x31, 0x39, 0x31, 0x32, 0x34, + 0x39, 0x33, 0x37, 0x5A, 0x30, 0x81, 0x90, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, @@ -1471,60 +1488,66 @@ static const unsigned char server_cert_der_2048[] = 0x69, 0x42, 0x42, 0x09, 0xE9, 0xD8, 0x08, 0xBC, 0x33, 0x20, 0xB3, 0x58, 0x22, 0xA7, 0xAA, 0xEB, 0xC4, 0xE1, 0xE6, 0x61, 0x83, 0xC5, 0xD2, 0x96, 0xDF, 0xD9, 0xD0, 0x4F, 0xAD, 0xD7, - 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x81, 0xFC, 0x30, 0x81, - 0xF9, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, - 0x04, 0x14, 0xB3, 0x11, 0x32, 0xC9, 0x92, 0x98, 0x84, 0xE2, - 0xC9, 0xF8, 0xD0, 0x3B, 0x6E, 0x03, 0x42, 0xCA, 0x1F, 0x0E, - 0x8E, 0x3C, 0x30, 0x81, 0xC9, 0x06, 0x03, 0x55, 0x1D, 0x23, - 0x04, 0x81, 0xC1, 0x30, 0x81, 0xBE, 0x80, 0x14, 0x27, 0x8E, - 0x67, 0x11, 0x74, 0xC3, 0x26, 0x1D, 0x3F, 0xED, 0x33, 0x63, - 0xB3, 0xA4, 0xD8, 0x1D, 0x30, 0xE5, 0xE8, 0xD5, 0xA1, 0x81, - 0x9A, 0xA4, 0x81, 0x97, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, - 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, - 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, - 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, - 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, - 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, 0x0F, - 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53, 0x61, 0x77, - 0x74, 0x6F, 0x6F, 0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, - 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0A, 0x43, 0x6F, 0x6E, 0x73, - 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x31, 0x18, 0x30, 0x16, - 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, - 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, - 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, - 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, - 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, - 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, 0xD9, 0x80, - 0x3A, 0xC3, 0xD2, 0xF4, 0xDA, 0x37, 0x30, 0x0C, 0x06, 0x03, - 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, - 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, - 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, - 0x67, 0xC0, 0x2C, 0xA9, 0x43, 0x47, 0xE7, 0x11, 0x14, 0x77, - 0xAE, 0xCC, 0xD8, 0xE0, 0x6B, 0x23, 0x82, 0x91, 0x63, 0xE8, - 0xA8, 0x0D, 0x21, 0xC5, 0xC8, 0x47, 0x97, 0x2F, 0xD5, 0xF3, - 0x86, 0xFB, 0x6C, 0xCE, 0x25, 0xF9, 0x7C, 0x78, 0xC8, 0x3A, - 0x22, 0x68, 0xF2, 0x16, 0x1E, 0xD2, 0xD2, 0x3F, 0x24, 0x04, - 0x87, 0xF2, 0xB7, 0xC1, 0x62, 0x63, 0xBA, 0xC5, 0xFA, 0xAE, - 0xD2, 0x20, 0x81, 0x1A, 0xD2, 0x0C, 0xAE, 0x26, 0x6B, 0x1B, - 0x2B, 0x10, 0xD3, 0xE1, 0x9A, 0x4E, 0x64, 0x6C, 0x97, 0xDB, - 0x36, 0xA8, 0x8F, 0xF8, 0x05, 0x63, 0xBF, 0xBA, 0x0D, 0x88, - 0x0B, 0x87, 0x46, 0xC9, 0xE4, 0x64, 0xE3, 0xD7, 0xBD, 0xB8, - 0x2D, 0xD5, 0xC1, 0xC3, 0xC4, 0xDB, 0x55, 0x68, 0xDC, 0xA3, - 0x7A, 0x40, 0xB9, 0xA9, 0xF6, 0x04, 0x4A, 0x22, 0xCF, 0x98, - 0x76, 0x1C, 0xE4, 0xA3, 0xFF, 0x79, 0x19, 0x96, 0x57, 0x63, - 0x07, 0x6F, 0xF6, 0x32, 0x77, 0x16, 0x50, 0x9B, 0xE3, 0x34, - 0x18, 0xD4, 0xEB, 0xBE, 0xFD, 0xB6, 0x6F, 0xE3, 0xC7, 0xF6, - 0x85, 0xBF, 0xAC, 0x32, 0xAD, 0x98, 0x57, 0xBE, 0x13, 0x92, - 0x44, 0x10, 0xA5, 0xF3, 0xAE, 0xE2, 0x66, 0xDA, 0x44, 0xA9, - 0x94, 0x71, 0x3F, 0xD0, 0x2F, 0x20, 0x59, 0x87, 0xE4, 0x5A, - 0x40, 0xEE, 0xD2, 0xE4, 0x0C, 0xCE, 0x25, 0x94, 0xDC, 0x0F, - 0xFE, 0x38, 0xE0, 0x41, 0x52, 0x34, 0x5C, 0xBB, 0xC3, 0xDB, - 0xC1, 0x5F, 0x76, 0xC3, 0x5D, 0x0E, 0x32, 0x69, 0x2B, 0x9D, - 0x01, 0xED, 0x50, 0x1B, 0x4F, 0x77, 0xA9, 0xA9, 0xD8, 0x71, - 0x30, 0xCB, 0x2E, 0x2C, 0x70, 0x00, 0xAB, 0x78, 0x4B, 0xD7, - 0x15, 0xD9, 0x17, 0xF8, 0x64, 0xB2, 0xF7, 0x3A, 0xDA, 0xE1, - 0x0B, 0x8B, 0x0A, 0xE1, 0x4E, 0xB1, 0x03, 0x46, 0x14, 0xCA, - 0x94, 0xE3, 0x44, 0x77, 0xD7, 0x59 + 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, 0x31, 0x30, + 0x82, 0x01, 0x2D, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, + 0x04, 0x16, 0x04, 0x14, 0xB3, 0x11, 0x32, 0xC9, 0x92, 0x98, + 0x84, 0xE2, 0xC9, 0xF8, 0xD0, 0x3B, 0x6E, 0x03, 0x42, 0xCA, + 0x1F, 0x0E, 0x8E, 0x3C, 0x30, 0x81, 0xC9, 0x06, 0x03, 0x55, + 0x1D, 0x23, 0x04, 0x81, 0xC1, 0x30, 0x81, 0xBE, 0x80, 0x14, + 0x27, 0x8E, 0x67, 0x11, 0x74, 0xC3, 0x26, 0x1D, 0x3F, 0xED, + 0x33, 0x63, 0xB3, 0xA4, 0xD8, 0x1D, 0x30, 0xE5, 0xE8, 0xD5, + 0xA1, 0x81, 0x9A, 0xA4, 0x81, 0x97, 0x30, 0x81, 0x94, 0x31, + 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, + 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, + 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, + 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, + 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53, + 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, 0x31, 0x13, 0x30, + 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0A, 0x43, 0x6F, + 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x31, 0x18, + 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, + 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, + 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, + 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, + 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, + 0xA6, 0x66, 0x38, 0x49, 0x45, 0x9B, 0xDC, 0x81, 0x30, 0x0C, + 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, + 0x01, 0xFF, 0x30, 0x32, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, + 0x05, 0x07, 0x01, 0x01, 0x04, 0x26, 0x30, 0x24, 0x30, 0x22, + 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, + 0x86, 0x16, 0x68, 0x74, 0x74, 0x70, 0x3A, 0x2F, 0x2F, 0x6C, + 0x6F, 0x63, 0x61, 0x6C, 0x68, 0x6F, 0x73, 0x74, 0x3A, 0x32, + 0x32, 0x32, 0x32, 0x32, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, + 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, + 0x82, 0x01, 0x01, 0x00, 0x71, 0x17, 0x8F, 0x6F, 0x7D, 0xD6, + 0x11, 0x01, 0x79, 0xAC, 0xE9, 0xC2, 0xFB, 0x71, 0x69, 0x6B, + 0x0C, 0x64, 0x91, 0xC1, 0x32, 0x8B, 0x9C, 0x62, 0x72, 0xB5, + 0x62, 0xBB, 0xF8, 0xCF, 0x6C, 0x27, 0xDF, 0xF0, 0x64, 0xD6, + 0x4A, 0x55, 0x4F, 0x7F, 0x4A, 0x8B, 0x7B, 0x80, 0x5B, 0x3C, + 0xA0, 0x31, 0xB0, 0x25, 0x92, 0x02, 0x02, 0x9C, 0x99, 0xA5, + 0x8E, 0x0C, 0x61, 0xEF, 0xB4, 0x1E, 0x01, 0x2E, 0x1C, 0xE9, + 0x9C, 0x59, 0x2D, 0xEF, 0x6E, 0x03, 0x4D, 0xF1, 0x59, 0xE5, + 0x5F, 0x69, 0x66, 0x5C, 0x0A, 0xE6, 0xCD, 0xF6, 0x74, 0x20, + 0x86, 0x4C, 0xF6, 0x8F, 0x22, 0x86, 0x68, 0x7E, 0xFE, 0x67, + 0x3F, 0x3D, 0x19, 0xB8, 0x61, 0xEF, 0xC5, 0xA5, 0x58, 0xA8, + 0x2A, 0xCE, 0xD3, 0x2C, 0xA7, 0x1B, 0xDD, 0xC8, 0x59, 0xC7, + 0xE7, 0xCF, 0x42, 0x42, 0xDB, 0xAF, 0xFE, 0x15, 0x82, 0xC9, + 0xE5, 0x53, 0xFA, 0xB4, 0x37, 0x55, 0x67, 0x47, 0x0F, 0xE7, + 0x24, 0x88, 0x14, 0xA3, 0x6C, 0xBE, 0x5F, 0x72, 0x05, 0x5F, + 0x56, 0x33, 0xAA, 0x7F, 0xAC, 0x2E, 0x10, 0x92, 0xB7, 0xA2, + 0xF9, 0xC1, 0x62, 0x0C, 0x3B, 0x0C, 0x69, 0x9A, 0x71, 0x15, + 0x11, 0xBC, 0x37, 0xBF, 0x8E, 0x23, 0x14, 0xC2, 0xB1, 0x0D, + 0xDF, 0x89, 0x45, 0x1E, 0xDF, 0x14, 0xE8, 0x95, 0x35, 0x88, + 0x27, 0xA8, 0xAB, 0xDD, 0x7C, 0x23, 0x3F, 0xBB, 0xFE, 0x4E, + 0x0E, 0xEA, 0xA6, 0xEE, 0xF5, 0x77, 0xFB, 0xAA, 0xB8, 0x28, + 0x33, 0xF9, 0x61, 0xB0, 0xD2, 0x79, 0x46, 0xA4, 0xBA, 0xA0, + 0x90, 0xC8, 0xE7, 0x96, 0x8F, 0x27, 0xE9, 0x1E, 0xD0, 0x92, + 0x43, 0xBB, 0x84, 0xC7, 0xF3, 0x28, 0x0C, 0x41, 0xAA, 0x77, + 0x39, 0x65, 0xAA, 0x0D, 0x02, 0xB0, 0xE0, 0x4D, 0xB1, 0x17, + 0x41, 0xC9, 0xF0, 0xD4, 0x47, 0x87, 0xFB, 0x0F, 0xF0, 0x40 + }; static const int sizeof_server_cert_der_2048 = sizeof(server_cert_der_2048); diff --git a/wolfssl/internal.h b/wolfssl/internal.h index aa6bd5846..e83d194cd 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -1370,22 +1370,27 @@ struct WOLFSSL_CRL { /* wolfSSL Certificate Manager */ struct WOLFSSL_CERT_MANAGER { Signer* caTable[CA_TABLE_SIZE]; /* the CA signer table */ - void* heap; /* heap helper */ - WOLFSSL_CRL* crl; /* CRL checker */ - WOLFSSL_OCSP* ocsp; /* OCSP checker */ - char* ocspOverrideURL; /* use this responder */ - void* ocspIOCtx; /* I/O callback CTX */ - CallbackCACache caCacheCallback; /* CA cache addition callback */ - CbMissingCRL cbMissingCRL; /* notify through cb of missing crl */ - CbOCSPIO ocspIOCb; /* I/O callback for OCSP lookup */ - CbOCSPRespFree ocspRespFreeCb; /* Frees OCSP Response from IO Cb */ - wolfSSL_Mutex caLock; /* CA list lock */ - byte crlEnabled; /* is CRL on ? */ - byte crlCheckAll; /* always leaf, but all ? */ - byte ocspEnabled; /* is OCSP on ? */ - byte ocspCheckAll; /* always leaf, but all ? */ - byte ocspSendNonce; /* send the OCSP nonce ? */ - byte ocspUseOverrideURL; /* ignore cert's responder, override */ + void* heap; /* heap helper */ + WOLFSSL_CRL* crl; /* CRL checker */ + WOLFSSL_OCSP* ocsp; /* OCSP checker */ +#if !defined(NO_WOLFSSL_SEVER) && (defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ + || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)) + WOLFSSL_OCSP* ocsp_stapling; /* OCSP checker for OCSP stapling */ +#endif + char* ocspOverrideURL; /* use this responder */ + void* ocspIOCtx; /* I/O callback CTX */ + CallbackCACache caCacheCallback; /* CA cache addition callback */ + CbMissingCRL cbMissingCRL; /* notify through cb of missing crl */ + CbOCSPIO ocspIOCb; /* I/O callback for OCSP lookup */ + CbOCSPRespFree ocspRespFreeCb; /* Frees OCSP Response from IO Cb */ + wolfSSL_Mutex caLock; /* CA list lock */ + byte crlEnabled; /* is CRL on ? */ + byte crlCheckAll; /* always leaf, but all ? */ + byte ocspEnabled; /* is OCSP on ? */ + byte ocspCheckAll; /* always leaf, but all ? */ + byte ocspSendNonce; /* send the OCSP nonce ? */ + byte ocspUseOverrideURL; /* ignore cert's responder, override */ + byte ocspStaplingEnabled; /* is OCSP Stapling on ? */ }; WOLFSSL_LOCAL int CM_SaveCertCache(WOLFSSL_CERT_MANAGER*, const char*); @@ -1476,6 +1481,7 @@ typedef enum { TLSX_STATUS_REQUEST = 0x0005, /* a.k.a. OCSP stappling */ TLSX_SUPPORTED_GROUPS = 0x000a, /* a.k.a. Supported Curves */ TLSX_APPLICATION_LAYER_PROTOCOL = 0x0010, /* a.k.a. ALPN */ + TLSX_STATUS_REQUEST_V2 = 0x0011, /* a.k.a. OCSP stappling v2 */ TLSX_QUANTUM_SAFE_HYBRID = 0x0018, /* a.k.a. QSH */ TLSX_SESSION_TICKET = 0x0023, TLSX_RENEGOTIATION_INFO = 0xff01 @@ -1510,6 +1516,7 @@ WOLFSSL_LOCAL int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, || defined(HAVE_MAX_FRAGMENT) \ || defined(HAVE_TRUNCATED_HMAC) \ || defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ + || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \ || defined(HAVE_SUPPORTED_CURVES) \ || defined(HAVE_ALPN) \ || defined(HAVE_QSH) \ @@ -1592,11 +1599,33 @@ typedef struct { } request; } CertificateStatusRequest; -WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequest(TLSX** extensions, +WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequest(TLSX** extensions, byte status_type, byte options); -WOLFSSL_LOCAL int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert); -WOLFSSL_LOCAL void* TLSX_CSR_GetRequest(TLSX* extensions); -WOLFSSL_LOCAL int TLSX_CSR_ForceRequest(WOLFSSL* ssl); +WOLFSSL_LOCAL int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert); +WOLFSSL_LOCAL void* TLSX_CSR_GetRequest(TLSX* extensions); +WOLFSSL_LOCAL int TLSX_CSR_ForceRequest(WOLFSSL* ssl); + +#endif + +/** Certificate Status Request v2 - RFC 6961 */ +#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 + +typedef struct CSRIv2 { + byte status_type; + byte options; + word16 requests; + union { + OcspRequest ocsp[1 + MAX_CHAIN_DEPTH]; + } request; + struct CSRIv2* next; +} CertificateStatusRequestItemV2; + +WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequestV2(TLSX** extensions, + byte status_type, byte options); +WOLFSSL_LOCAL int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert, byte isPeer); +WOLFSSL_LOCAL void* TLSX_CSR2_GetRequest(TLSX* extensions, byte status_type, + byte index); +WOLFSSL_LOCAL int TLSX_CSR2_ForceRequest(WOLFSSL* ssl); #endif @@ -1775,6 +1804,15 @@ struct WOLFSSL_CTX { #endif #ifdef HAVE_TLS_EXTENSIONS TLSX* extensions; /* RFC 6066 TLS Extensions data */ + #ifndef NO_WOLFSSL_SERVER + #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ + || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) + OcspRequest* certOcspRequest; + #endif + #if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) + OcspRequest* chainOcspRequest[MAX_CHAIN_DEPTH]; + #endif + #endif #if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SEVER) SessionTicketEncCb ticketEncCb; /* enc/dec session ticket Cb */ void* ticketEncCtx; /* session encrypt context */ @@ -2043,6 +2081,7 @@ enum AcceptState { ACCEPT_FIRST_REPLY_DONE, SERVER_HELLO_SENT, CERT_SENT, + CERT_STATUS_SENT, KEY_EXCHANGE_SENT, CERT_REQ_SENT, SERVER_HELLO_DONE, @@ -2497,6 +2536,9 @@ struct WOLFSSL { #ifdef HAVE_CERTIFICATE_STATUS_REQUEST byte status_request; #endif + #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 + byte status_request_v2; + #endif #ifdef HAVE_SECURE_RENEGOTIATION SecureRenegotiation* secure_renegotiation; /* valid pointer indicates */ #endif /* user turned on */ @@ -2660,6 +2702,7 @@ WOLFSSL_LOCAL int DoClientTicket(WOLFSSL*, const byte*, word32); WOLFSSL_LOCAL int SendData(WOLFSSL*, const void*, int); WOLFSSL_LOCAL int SendCertificate(WOLFSSL*); WOLFSSL_LOCAL int SendCertificateRequest(WOLFSSL*); +WOLFSSL_LOCAL int SendCertificateStatus(WOLFSSL*); WOLFSSL_LOCAL int SendServerKeyExchange(WOLFSSL*); WOLFSSL_LOCAL int SendBuffered(WOLFSSL*); WOLFSSL_LOCAL int ReceiveData(WOLFSSL*, byte*, int, int); diff --git a/wolfssl/ocsp.h b/wolfssl/ocsp.h index dc76ca16e..8d05c26d0 100644 --- a/wolfssl/ocsp.h +++ b/wolfssl/ocsp.h @@ -39,9 +39,9 @@ typedef struct WOLFSSL_OCSP WOLFSSL_OCSP; WOLFSSL_LOCAL int InitOCSP(WOLFSSL_OCSP*, WOLFSSL_CERT_MANAGER*); WOLFSSL_LOCAL void FreeOCSP(WOLFSSL_OCSP*, int dynamic); -WOLFSSL_LOCAL int CheckCertOCSP(WOLFSSL_OCSP*, DecodedCert*); +WOLFSSL_LOCAL int CheckCertOCSP(WOLFSSL_OCSP*, DecodedCert*, void*); WOLFSSL_LOCAL int CheckOcspRequest(WOLFSSL_OCSP* ocsp, - OcspRequest* ocspRequest); + OcspRequest* ocspRequest, void*); #ifdef __cplusplus } /* extern "C" */ diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 136c6bbd9..06f35e160 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1269,6 +1269,9 @@ WOLFSSL_API void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_CertManagerSetOCSP_Cb(WOLFSSL_CERT_MANAGER*, CbOCSPIO, CbOCSPRespFree, void*); + WOLFSSL_API int wolfSSL_CertManagerEnableOCSPStapling( + WOLFSSL_CERT_MANAGER* cm); + WOLFSSL_API int wolfSSL_EnableCRL(WOLFSSL* ssl, int options); WOLFSSL_API int wolfSSL_DisableCRL(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_LoadCRL(WOLFSSL*, const char*, int, int); @@ -1287,6 +1290,8 @@ WOLFSSL_API void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_CTX_SetOCSP_OverrideURL(WOLFSSL_CTX*, const char*); WOLFSSL_API int wolfSSL_CTX_SetOCSP_Cb(WOLFSSL_CTX*, CbOCSPIO, CbOCSPRespFree, void*); + + WOLFSSL_API int wolfSSL_CTX_EnableOCSPStapling(WOLFSSL_CTX*); #endif /* !NO_CERTS */ /* end of handshake frees temporary arrays, if user needs for get_keys or @@ -1425,10 +1430,34 @@ enum { #ifdef HAVE_CERTIFICATE_STATUS_REQUEST #ifndef NO_WOLFSSL_CLIENT -WOLFSSL_API int wolfSSL_UseCertificateStatusRequest(WOLFSSL* ssl, +WOLFSSL_API int wolfSSL_UseOCSPStapling(WOLFSSL* ssl, unsigned char status_type, unsigned char options); -WOLFSSL_API int wolfSSL_CTX_UseCertificateStatusRequest(WOLFSSL_CTX* ctx, +WOLFSSL_API int wolfSSL_CTX_UseOCSPStapling(WOLFSSL_CTX* ctx, + unsigned char status_type, unsigned char options); + +#endif +#endif + +/* Certificate Status Request v2 */ +/* Certificate Status Type */ +enum { + WOLFSSL_CSR2_OCSP = 1, + WOLFSSL_CSR2_OCSP_MULTI = 2 +}; + +/* Certificate Status v2 Options (flags) */ +enum { + WOLFSSL_CSR2_OCSP_USE_NONCE = 0x01 +}; + +#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 +#ifndef NO_WOLFSSL_CLIENT + +WOLFSSL_API int wolfSSL_UseOCSPStaplingV2(WOLFSSL* ssl, + unsigned char status_type, unsigned char options); + +WOLFSSL_API int wolfSSL_CTX_UseOCSPStaplingV2(WOLFSSL_CTX* ctx, unsigned char status_type, unsigned char options); #endif diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index e77487bd7..a305d01d9 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -684,6 +684,9 @@ struct CertStatus { byte nextDate[MAX_DATE_SIZE]; byte thisDateFormat; byte nextDateFormat; + + byte* rawOcspResponse; + word32 rawOcspResponseSz; }; diff --git a/wolfssl/wolfcrypt/logging.h b/wolfssl/wolfcrypt/logging.h index 2e604080d..03681412d 100644 --- a/wolfssl/wolfcrypt/logging.h +++ b/wolfssl/wolfcrypt/logging.h @@ -56,6 +56,7 @@ WOLFSSL_API int wolfSSL_SetLoggingCb(wolfSSL_Logging_cb log_function); void WOLFSSL_ERROR(int); void WOLFSSL_MSG(const char* msg); + void WOLFSSL_BUFFER(byte* buffer, word32 length); #else /* DEBUG_WOLFSSL */ @@ -65,6 +66,7 @@ WOLFSSL_API int wolfSSL_SetLoggingCb(wolfSSL_Logging_cb log_function); #define WOLFSSL_ERROR(e) #define WOLFSSL_MSG(m) + #define WOLFSSL_BUFFER(b, l) #endif /* DEBUG_WOLFSSL */