Cyclic0007/wolfssl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Cyclic0007:v3.9.8
Branches Tags
Cyclic0007:master Cyclic0007:nightly-snapshot Cyclic0007:revert-9495-aarch64_no_hw_crypto_asm_aes Cyclic0007:revert-9512-20251210-linuxkm-5.17-ubuntu-jammy-tegra-patches Cyclic0007:TLS13-cipher-suite-fix Cyclic0007:revert-9145-zd20038_2 Cyclic0007:pr-8603 Cyclic0007:remove-arc4 Cyclic0007:devin-lifeguard/update-rules-d59f9c48 Cyclic0007:revert-8277-aarch64_no_crypto Cyclic0007:revert-5549-fix_sha256_debug Cyclic0007:cert-3389
Cyclic0007:WCv5.2.4-KRNL-CHKIN-r5 Cyclic0007:WCv6.0.0-linuxkm-UPDT-RC2 Cyclic0007:WCv6.0.0-linuxkm-UPDT-RC1 Cyclic0007:WCv5.2.4-KRNL-CHKIN-r4 Cyclic0007:wolfEntropy2d Cyclic0007:v5.8.4-stable Cyclic0007:WCv5.2.5-STM32-PAA Cyclic0007:WCv5.2.4-KRNL-CHKIN Cyclic0007:v5.8.2-stable Cyclic0007:WCv5.2.3-RSA-SWITCH Cyclic0007:wolfEntropy2 Cyclic0007:WCv5.2.3-DHGENPUB-r2 Cyclic0007:WCv5.2.3-DHGENPUB Cyclic0007:v5.8.0-stable Cyclic0007:WCv6.0.0-RC5 Cyclic0007:WCv6.0.0-RC4 Cyclic0007:WCv5.2.3-STM32-PAA Cyclic0007:WCv6.0.0-RC3 Cyclic0007:v5.7.6-stable Cyclic0007:v5.2.1 Cyclic0007:WCv5.2.3-ARMv8-PAA-r2 Cyclic0007:WCv6.0.0-RC2 Cyclic0007:WCv6.0.0-RC1 Cyclic0007:v5.2.1-stable-OS_Seed-HdrOnly Cyclic0007:v5.7.4-stable Cyclic0007:v5.7.2-stable Cyclic0007:wolfEntropy1 Cyclic0007:v5.7.0-stable Cyclic0007:WCv5.2.3-ARMv8-PAA Cyclic0007:v5.6.6-stable Cyclic0007:v5.6.4-stable Cyclic0007:v5.2.1-stable Cyclic0007:WCv5.2.1-PILOT Cyclic0007:v5.6.3-stable Cyclic0007:v5.6.2-stable Cyclic0007:v5.6.0-stable Cyclic0007:v5.5.4-stable Cyclic0007:v5.5.3-stable Cyclic0007:v5.5.2-stable Cyclic0007:v5.5.1-stable Cyclic0007:v5.5.0-stable Cyclic0007:v5.4.0-stable Cyclic0007:v5.3.0-stable Cyclic0007:v5.2.0-stable Cyclic0007:v5.1.1-stable Cyclic0007:WCv5.0-RC12 Cyclic0007:v5.1.0-stable Cyclic0007:WCv5.0-RC11 Cyclic0007:WCv5.0-RC10 Cyclic0007:v5.0.0-stable Cyclic0007:WCv5.0-RC9 Cyclic0007:v4.8.1-stable Cyclic0007:v4.8.0-stable Cyclic0007:WCv5.0-RC8 Cyclic0007:WCv5.0-RC7 Cyclic0007:WCv5.0-RC6 Cyclic0007:WCv5.0-RC5 Cyclic0007:v4.7.1r Cyclic0007:WCv5.0-RC4 Cyclic0007:WCv5.0-RC3 Cyclic0007:WCv5.0-RC2 Cyclic0007:v4.7.0-stable Cyclic0007:v4.6.0-stable Cyclic0007:v4.5.0-stable Cyclic0007:v4.4.0-stable Cyclic0007:v4.3.0-stable Cyclic0007:v4.2.0c Cyclic0007:v4.2.0-stable Cyclic0007:wolfRand-RC2 Cyclic0007:v4.1.0-stable Cyclic0007:wolfRand-RC1 Cyclic0007:v4.0.0-stable Cyclic0007:list Cyclic0007:WCv4-rng-stable Cyclic0007:v3.15.8 Cyclic0007:v3.15.7-stable Cyclic0007:v3.15.6 Cyclic0007:v3.15.5a Cyclic0007:v3.15.5-stable Cyclic0007:WCv4.0-RC9 Cyclic0007:WCv4.0-RC8 Cyclic0007:WCv4.0-RC7 Cyclic0007:v3.15.3-stable Cyclic0007:l Cyclic0007:WCv4-stable Cyclic0007:v3.15.0-stable Cyclic0007:v3.14.5 Cyclic0007:WCv4.0-RC6 Cyclic0007:WCv4.0-RC5 Cyclic0007:WCv4.0-RC4 Cyclic0007:v3.14.4 Cyclic0007:WCv4.0-RC3 Cyclic0007:WCv4.0-RC2 Cyclic0007:WCv4.0-RC1 Cyclic0007:v3.14.2 Cyclic0007:v3.14.0b Cyclic0007:v3.14.0a Cyclic0007:v3.14.0-stable Cyclic0007:v3.13.3 Cyclic0007:v3.13.2 Cyclic0007:v3.13.0-stable Cyclic0007:v3.12.2-stable Cyclic0007:v3.12.0-stable Cyclic0007:v3.11.1-tls13-beta Cyclic0007:v3.11.0-stable Cyclic0007:v3.10.4 Cyclic0007:v3.10.3 Cyclic0007:v3.10.2-stable Cyclic0007:v3.10.0a Cyclic0007:v3.10.0-stable Cyclic0007:v3.9.10b Cyclic0007:v3.9.10-stable Cyclic0007:v3.9.8 Cyclic0007:v3.9.6w Cyclic0007:v3.9.6 Cyclic0007:v3.9.1 Cyclic0007:v3.9.0 Cyclic0007:v3.8.0 Cyclic0007:v3.7.3 Cyclic0007:v3.7.1 Cyclic0007:v3.7.0 Cyclic0007:v3.6.9d Cyclic0007:v3.69.d Cyclic0007:v3.6.9c Cyclic0007:v3.6.9b Cyclic0007:v3.6.9 Cyclic0007:v3.6.8 Cyclic0007:v3.6.6 Cyclic0007:v3.6.2 Cyclic0007:v3.6.0b Cyclic0007:v3.6.0 Cyclic0007:v3.4.8 Cyclic0007:v3.4.6 Cyclic0007:v3.4.2 Cyclic0007:v3.4.0 Cyclic0007:v3.3.3 Cyclic0007:v3.3.2 Cyclic0007:v3.3.0 Cyclic0007:v3.2.6 Cyclic0007:v3.2.4 Cyclic0007:v3.2.0 Cyclic0007:v3.1.0 Cyclic0007:v3.0.2 Cyclic0007:v3.0.0 Cyclic0007:v2.9.4 Cyclic0007:v2.9.2 Cyclic0007:v2.9.1 Cyclic0007:v0.5 Cyclic0007:v2.9.0 Cyclic0007:v2.8.6 Cyclic0007:v2.8.5a Cyclic0007:v2.8.5 Cyclic0007:v2.8.4 Cyclic0007:v2.8.3 Cyclic0007:v2.8.2 Cyclic0007:v2.8.0 Cyclic0007:v2.7.2 Cyclic0007:v2.7.0 Cyclic0007:v2.6.2 Cyclic0007:v2.6.0 Cyclic0007:v2.5.2b Cyclic0007:v2.5.2 Cyclic0007:v2.5.0 Cyclic0007:v2.4.7 Cyclic0007:v2.4.6 Cyclic0007:v2.4.2 Cyclic0007:v2.4.0 Cyclic0007:v2.3.0 Cyclic0007:v2.2.2 Cyclic0007:v2.1.1 Cyclic0007:v2.2.1 Cyclic0007:v2.2.0 Cyclic0007:v2.1.4 Cyclic0007:v2.1.2 Cyclic0007:v2.0.8 Cyclic0007:v2.0.6 Cyclic0007:v2.0.3 Cyclic0007:v2.0.2 Cyclic0007:v2.0rc3 Cyclic0007:v2.0rc2b Cyclic0007:v2.0rc2 Cyclic0007:v2.0rc1 Cyclic0007:v1.9.0 Cyclic0007:v1.8.8.0
..
compare: Cyclic0007:v3.9.10-stable
Branches Tags
Cyclic0007:master Cyclic0007:nightly-snapshot Cyclic0007:revert-9495-aarch64_no_hw_crypto_asm_aes Cyclic0007:revert-9512-20251210-linuxkm-5.17-ubuntu-jammy-tegra-patches Cyclic0007:TLS13-cipher-suite-fix Cyclic0007:revert-9145-zd20038_2 Cyclic0007:pr-8603 Cyclic0007:remove-arc4 Cyclic0007:devin-lifeguard/update-rules-d59f9c48 Cyclic0007:revert-8277-aarch64_no_crypto Cyclic0007:revert-5549-fix_sha256_debug Cyclic0007:cert-3389
Cyclic0007:WCv5.2.4-KRNL-CHKIN-r5 Cyclic0007:WCv6.0.0-linuxkm-UPDT-RC2 Cyclic0007:WCv6.0.0-linuxkm-UPDT-RC1 Cyclic0007:WCv5.2.4-KRNL-CHKIN-r4 Cyclic0007:wolfEntropy2d Cyclic0007:v5.8.4-stable Cyclic0007:WCv5.2.5-STM32-PAA Cyclic0007:WCv5.2.4-KRNL-CHKIN Cyclic0007:v5.8.2-stable Cyclic0007:WCv5.2.3-RSA-SWITCH Cyclic0007:wolfEntropy2 Cyclic0007:WCv5.2.3-DHGENPUB-r2 Cyclic0007:WCv5.2.3-DHGENPUB Cyclic0007:v5.8.0-stable Cyclic0007:WCv6.0.0-RC5 Cyclic0007:WCv6.0.0-RC4 Cyclic0007:WCv5.2.3-STM32-PAA Cyclic0007:WCv6.0.0-RC3 Cyclic0007:v5.7.6-stable Cyclic0007:v5.2.1 Cyclic0007:WCv5.2.3-ARMv8-PAA-r2 Cyclic0007:WCv6.0.0-RC2 Cyclic0007:WCv6.0.0-RC1 Cyclic0007:v5.2.1-stable-OS_Seed-HdrOnly Cyclic0007:v5.7.4-stable Cyclic0007:v5.7.2-stable Cyclic0007:wolfEntropy1 Cyclic0007:v5.7.0-stable Cyclic0007:WCv5.2.3-ARMv8-PAA Cyclic0007:v5.6.6-stable Cyclic0007:v5.6.4-stable Cyclic0007:v5.2.1-stable Cyclic0007:WCv5.2.1-PILOT Cyclic0007:v5.6.3-stable Cyclic0007:v5.6.2-stable Cyclic0007:v5.6.0-stable Cyclic0007:v5.5.4-stable Cyclic0007:v5.5.3-stable Cyclic0007:v5.5.2-stable Cyclic0007:v5.5.1-stable Cyclic0007:v5.5.0-stable Cyclic0007:v5.4.0-stable Cyclic0007:v5.3.0-stable Cyclic0007:v5.2.0-stable Cyclic0007:v5.1.1-stable Cyclic0007:WCv5.0-RC12 Cyclic0007:v5.1.0-stable Cyclic0007:WCv5.0-RC11 Cyclic0007:WCv5.0-RC10 Cyclic0007:v5.0.0-stable Cyclic0007:WCv5.0-RC9 Cyclic0007:v4.8.1-stable Cyclic0007:v4.8.0-stable Cyclic0007:WCv5.0-RC8 Cyclic0007:WCv5.0-RC7 Cyclic0007:WCv5.0-RC6 Cyclic0007:WCv5.0-RC5 Cyclic0007:v4.7.1r Cyclic0007:WCv5.0-RC4 Cyclic0007:WCv5.0-RC3 Cyclic0007:WCv5.0-RC2 Cyclic0007:v4.7.0-stable Cyclic0007:v4.6.0-stable Cyclic0007:v4.5.0-stable Cyclic0007:v4.4.0-stable Cyclic0007:v4.3.0-stable Cyclic0007:v4.2.0c Cyclic0007:v4.2.0-stable Cyclic0007:wolfRand-RC2 Cyclic0007:v4.1.0-stable Cyclic0007:wolfRand-RC1 Cyclic0007:v4.0.0-stable Cyclic0007:list Cyclic0007:WCv4-rng-stable Cyclic0007:v3.15.8 Cyclic0007:v3.15.7-stable Cyclic0007:v3.15.6 Cyclic0007:v3.15.5a Cyclic0007:v3.15.5-stable Cyclic0007:WCv4.0-RC9 Cyclic0007:WCv4.0-RC8 Cyclic0007:WCv4.0-RC7 Cyclic0007:v3.15.3-stable Cyclic0007:l Cyclic0007:WCv4-stable Cyclic0007:v3.15.0-stable Cyclic0007:v3.14.5 Cyclic0007:WCv4.0-RC6 Cyclic0007:WCv4.0-RC5 Cyclic0007:WCv4.0-RC4 Cyclic0007:v3.14.4 Cyclic0007:WCv4.0-RC3 Cyclic0007:WCv4.0-RC2 Cyclic0007:WCv4.0-RC1 Cyclic0007:v3.14.2 Cyclic0007:v3.14.0b Cyclic0007:v3.14.0a Cyclic0007:v3.14.0-stable Cyclic0007:v3.13.3 Cyclic0007:v3.13.2 Cyclic0007:v3.13.0-stable Cyclic0007:v3.12.2-stable Cyclic0007:v3.12.0-stable Cyclic0007:v3.11.1-tls13-beta Cyclic0007:v3.11.0-stable Cyclic0007:v3.10.4 Cyclic0007:v3.10.3 Cyclic0007:v3.10.2-stable Cyclic0007:v3.10.0a Cyclic0007:v3.10.0-stable Cyclic0007:v3.9.10b Cyclic0007:v3.9.10-stable Cyclic0007:v3.9.8 Cyclic0007:v3.9.6w Cyclic0007:v3.9.6 Cyclic0007:v3.9.1 Cyclic0007:v3.9.0 Cyclic0007:v3.8.0 Cyclic0007:v3.7.3 Cyclic0007:v3.7.1 Cyclic0007:v3.7.0 Cyclic0007:v3.6.9d Cyclic0007:v3.69.d Cyclic0007:v3.6.9c Cyclic0007:v3.6.9b Cyclic0007:v3.6.9 Cyclic0007:v3.6.8 Cyclic0007:v3.6.6 Cyclic0007:v3.6.2 Cyclic0007:v3.6.0b Cyclic0007:v3.6.0 Cyclic0007:v3.4.8 Cyclic0007:v3.4.6 Cyclic0007:v3.4.2 Cyclic0007:v3.4.0 Cyclic0007:v3.3.3 Cyclic0007:v3.3.2 Cyclic0007:v3.3.0 Cyclic0007:v3.2.6 Cyclic0007:v3.2.4 Cyclic0007:v3.2.0 Cyclic0007:v3.1.0 Cyclic0007:v3.0.2 Cyclic0007:v3.0.0 Cyclic0007:v2.9.4 Cyclic0007:v2.9.2 Cyclic0007:v2.9.1 Cyclic0007:v0.5 Cyclic0007:v2.9.0 Cyclic0007:v2.8.6 Cyclic0007:v2.8.5a Cyclic0007:v2.8.5 Cyclic0007:v2.8.4 Cyclic0007:v2.8.3 Cyclic0007:v2.8.2 Cyclic0007:v2.8.0 Cyclic0007:v2.7.2 Cyclic0007:v2.7.0 Cyclic0007:v2.6.2 Cyclic0007:v2.6.0 Cyclic0007:v2.5.2b Cyclic0007:v2.5.2 Cyclic0007:v2.5.0 Cyclic0007:v2.4.7 Cyclic0007:v2.4.6 Cyclic0007:v2.4.2 Cyclic0007:v2.4.0 Cyclic0007:v2.3.0 Cyclic0007:v2.2.2 Cyclic0007:v2.1.1 Cyclic0007:v2.2.1 Cyclic0007:v2.2.0 Cyclic0007:v2.1.4 Cyclic0007:v2.1.2 Cyclic0007:v2.0.8 Cyclic0007:v2.0.6 Cyclic0007:v2.0.3 Cyclic0007:v2.0.2 Cyclic0007:v2.0rc3 Cyclic0007:v2.0rc2b Cyclic0007:v2.0rc2 Cyclic0007:v2.0rc1 Cyclic0007:v1.9.0 Cyclic0007:v1.8.8.0

184 Commits
v3.9.8 ... v3.9.10-st

Author SHA1 Message Date
Kaleb Himes
124a8c0c1f Merge pull request #582 from ejohnstown/lean-psk 
Fixes for building the library for Lean PSK
 2016-09-24 10:59:54 -06:00
Kaleb Himes
af5d790aea Merge pull request #581 from ejohnstown/tlsx 
Fixes for building the library with a C++ compiler with TLSX enabled
 2016-09-24 10:45:33 -06:00
John Safranek
8d1aa2238b Fixes for building the library for Lean PSK 
1. Needed to enable static PSK when using Lean PSK
2. Fixed complaints about unused variables.
 2016-09-24 00:18:36 -07:00
John Safranek
5e852dc1a1 Fixes for building the library with a C++ compiler with TLSX enabled 
1. Add many typecasts for malloc() data to proper pointer type.
2. Add many typecasts for constants in tertiary operators.
3. ECC to use local copy of wc_off_on_addr instead of extern copy.
 2016-09-23 23:22:58 -07:00
John Safranek
5ec5b9b07d Merge pull request #580 from JacobBarthelmeh/Testing 
NTRU : warning of variable size as argument
 2016-09-23 15:52:48 -07:00
Jacob Barthelmeh
02b3aa51bd NTRU : warning of variable size as argument 2016-09-23 15:30:33 -06:00
Kaleb Himes
fb01cf7e1b Merge pull request #579 from ejohnstown/release-v3.9.10 
Prepare release v3.9.10
 2016-09-23 15:05:21 -06:00
John Safranek
6895803f2b Prepare release v3.9.10 2016-09-23 12:19:24 -07:00
John Safranek
049956d852 Merge pull request #577 from kaleb-himes/fix-typos 
Fixing typos
 2016-09-23 12:18:23 -07:00
kaleb-himes
4fc0c6c646 fix unused parameter build time error 
fix unused parameter build time error
 2016-09-23 12:23:26 -06:00
kaleb-himes
3bd86d3f87 Fixing typos 2016-09-23 10:45:29 -06:00
JacobBarthelmeh
78246e0fc2 Merge pull request #575 from ejohnstown/fix-option 
move an ifndef NO_AES for one more configure disable/enable combination
 2016-09-22 16:15:49 -06:00
JacobBarthelmeh
98841e8b47 Merge pull request #576 from toddouska/dsa_zero 
add dsa sign sanity check on r/s
 2016-09-22 15:14:43 -06:00
John Safranek
e4b8e6a447 Merge pull request #574 from JacobBarthelmeh/Testing 
Static Analysis : fix a warning of unused variable
 2016-09-22 14:09:46 -07:00
toddouska
d9163e4554 add dsa sign sanity check on r/s 2016-09-22 12:04:48 -07:00
John Safranek
ba6e2b1037 move an ifndef NO_AES for one more configure disable/enable combination 2016-09-22 11:41:16 -07:00
JacobBarthelmeh
c43fd150e9 Static Analysis : fix a warning of unused variable 2016-09-22 09:31:26 -07:00
JacobBarthelmeh
18944dacbf Merge pull request #573 from toddouska/dsa_pad 
fix dsa pre padding
 2016-09-22 09:42:23 -06:00
toddouska
9e4e08d7a7 fix dsa pre padding 2016-09-21 18:51:11 -07:00
toddouska
2368d49678 Merge pull request #572 from ejohnstown/pathlen 
CA Certificate Path Length Checking
 2016-09-21 14:36:24 -07:00
John Safranek
b8704d2dfe Merge pull request #571 from toddouska/new_rng 
Fix Jenkins build 389 single-threaded issue
 2016-09-21 12:59:06 -07:00
John Safranek
74002ce66a Add the new path length test certs to include.am. 2016-09-21 12:34:01 -07:00
JacobBarthelmeh
ab887b88dc Merge pull request #570 from ejohnstown/des3-disable-fix 
Disable DES3 compiler warning fix
 2016-09-21 13:25:00 -06:00
John Safranek
de81c81eae Fixed unused variable complaints when OPENSSL_EXTRA and MD5 are enabled 
and when AES is disabled.
 2016-09-21 10:21:03 -07:00
toddouska
489345f0d4 move CTX new_rng out of with certs block 2016-09-21 09:02:38 -07:00
John Safranek
95acd9c907 Fixed unused variable complaints when KEYGEN and OPENSSL_EXTRA are enabled 
and when AES and MD5 are disabled. It was in the same encrypt function as
before and in the paired decrypt function.
 2016-09-21 07:32:17 -07:00
John Safranek
a42bd30278 CA Certificate Path Length Checking 
1. Check the path length between an intermediate CA cert and its
   signer's path length.
2. Always decode the path length if present and store it in the decoded
   certificate.
3. Save the path length into the signer list.
4. Path length capped at 127.
5. Added some test certs for checking CA path lengths.
 2016-09-20 21:36:37 -07:00
John Safranek
ef7183dcf7 delete redundant #else 2016-09-20 15:59:08 -07:00
toddouska
d9862c1c1a Merge pull request #569 from kaleb-himes/CUSTOMER_REQUEST 
addition to previous customer request
 2016-09-20 12:09:15 -07:00
John Safranek
65a7978dec Merge pull request #567 from toddouska/rng 
RDSEED enhancements
 2016-09-20 12:09:01 -07:00
John Safranek
df1d8200ef Fixed unused variable complaint when KEYGEN and OPENSSL_EXTRA are enabled 
and when AES and DES3 are disabled.
 2016-09-20 12:07:58 -07:00
kaleb-himes
4214f52d77 addition to previous customer request 2016-09-19 16:01:24 -06:00
toddouska
0718aba655 fix comment typo 2016-09-19 13:28:14 -07:00
toddouska
485d814aed Merge pull request #563 from JacobBarthelmeh/ARMv8 
ARMv8 : AES-GCM constraint fix
 2016-09-19 09:30:08 -07:00
toddouska
e0b8e55198 Merge pull request #553 from ejohnstown/disable-des3 
Disable DES3 by default
 2016-09-19 09:27:32 -07:00
toddouska
b4b0b2433e Merge pull request #555 from ejohnstown/autogen-tweak 
Autogen tweak for git worktrees
 2016-09-19 09:26:06 -07:00
toddouska
4c295cd13d Merge pull request #564 from kaleb-himes/CUSTOMER_REQUEST 
Implement requested change from customer
 2016-09-19 09:24:43 -07:00
toddouska
1bab8822a9 Merge pull request #565 from ejohnstown/enable-ecccurveext 
Enable the ECC Supported Curves extension by default
 2016-09-19 09:24:05 -07:00
toddouska
afd039d2e1 Merge pull request #566 from JacobBarthelmeh/master 
Benchmark App : fixed some invalid set key sizes
 2016-09-19 09:23:12 -07:00
Jacob Barthelmeh
6d73175b22 Benchmark App : fixed some invalid set key sizes 2016-09-17 15:07:38 -06:00
toddouska
c51444bec5 update rdseed to 64bit get, more retries, fallback to /dev/urandom on failure 2016-09-16 18:54:47 -07:00
Kaleb Himes
3f95bac55f Merge pull request #562 from ejohnstown/pre-release3.9.9 
Bump version for pre-release REDUX
 2016-09-16 15:07:00 -06:00
kaleb-himes
67c7e7c8de Implement requested change from customer 
Implement requested change from customer
 2016-09-16 14:38:33 -06:00
toddouska
f191cf206e allow single threaded mode to share an RNG at WOLFSSL_CTX level 2016-09-16 13:35:29 -07:00
John Safranek
781e800486 1. Enable the extension ECC Supported Curves by default. 
2. Force the extention disabled if ECC is disabled.
 2016-09-16 13:26:56 -07:00
Jacob Barthelmeh
f755591316 ARMv8 : AES-GCM constraint fix 2016-09-16 19:43:47 +00:00
John Safranek
7a7f2fbe78 Bump version for pre-release. 2016-09-16 10:58:31 -07:00
John Safranek
ef0cd908ea Merge pull request #557 from kaleb-himes/arduino-updates 
fix distribution issue
 2016-09-16 10:55:48 -07:00
toddouska
c85b3b84d9 Merge pull request #554 from JacobBarthelmeh/ARMv8 
ARMv8 : AES-CTR/CBC/GCM speed ups and refactor AES
 2016-09-16 09:34:24 -07:00
John Safranek
03ebb4825e Merge pull request #552 from toddouska/aesca 
prevent compiler from optimzing out PreFetch Td4
 2016-09-16 09:16:07 -07:00
kaleb-himes
14a7065f6e fix distribution issue 2016-09-16 10:04:50 -06:00
John Safranek
4087f6904c Treat project directory as in version control if .git is 
either directory or file.
 2016-09-15 16:09:27 -07:00
Jacob Barthelmeh
6d82cba29c ARMv8 : AES-CTR/CBC/GCM speed ups and refactor AES 2016-09-15 22:50:00 +00:00
John Safranek
ef9c4bf5c9 Add client-ca.pem to the automake include for dist. 2016-09-15 15:38:41 -07:00
John Safranek
bad6be5c76 1. Updated sniffer to allow DES3 to be disabled. 
2. Fixed an unused variable in OpenSSL Extras when DES3 is disabled.
3. Force DES3 enabled when enabling MCAPI.
 2016-09-15 14:53:28 -07:00
John Safranek
e92f0e32b0 Undo making the ECC supported curves extension default to enabled. 2016-09-15 13:15:49 -07:00
dgarske
78c0f98ea9 Merge pull request #551 from kaleb-himes/arduino-updates 
Updates to make building for ARDUINO more intuitive
 2016-09-15 13:01:42 -07:00
John Safranek
0ee7d7cc17 1. Add DES3 enable to full commit test. 
2. Added DES3 to the list of FIPS prereqs.
 2016-09-15 12:19:32 -07:00
John Safranek
e3bb4c29e2 Fix openssl.test with the lean-TLS option 
1. Make new CA cert for test that is both client-cert.pem andr
   client-ecc-cert.pem.
2. Use the new client-ca.pem cert in the test script.
3. Update renewcerts script to generate client-ca.pem.
 2016-09-15 11:39:30 -07:00
toddouska
c1ac0c0f8c Merge pull request #545 from ejohnstown/ems 
Extended Master Secret
 2016-09-15 11:25:41 -07:00
John Safranek
2d4757b446 Disable DES3 by default. Force it enabled when it is a prereq for 
another option. (SCEP and PKCS7)
 2016-09-15 11:23:36 -07:00
John Safranek
19434e285a Update the resume test to rerun itself with the "-n" option to disable 
extended master secret if the option is enabled.
 2016-09-15 10:13:31 -07:00
toddouska
8cdaa06127 prevent compiler from optimzing out PreFetch Td4 2016-09-15 10:02:30 -07:00
kaleb-himes
9d49fae600 Updates to make building for ARDUINO more intuitive 
NO_INLINE not necessary, update README
 2016-09-14 17:01:35 -06:00
JacobBarthelmeh
01be5cdc07 Merge pull request #550 from toddouska/rsainit 
make sure rsa rng is null on init
 2016-09-14 16:31:07 -06:00
toddouska
dc337946d5 make sure rsa rng is null on init 2016-09-14 14:33:08 -07:00
John Safranek
8b713adcfd Extended Master Secret Peer Review Changes 
1. Checked the returns on the hash functions in the sniffer,
   return new error if any fail.
2. Removed the SHA-512 hash from the sniffer's collection of
   hashes. Never used in a cipher suite.
3. Added some logging messages in the EMS support in wolfSSL.
 2016-09-14 13:43:02 -07:00
John Safranek
7410b5784f Merge pull request #548 from toddouska/nocache 
add WC_NO_CACHE_RESISTANT option for old code paths
 2016-09-14 10:24:29 -07:00
toddouska
e039fcefc0 Merge pull request #549 from JacobBarthelmeh/master 
aes.c : check ILP32 macro defined
 2016-09-14 09:58:19 -07:00
Jacob Barthelmeh
109642fef4 aes.c : check ILP32 macro defined 2016-09-14 09:33:48 -06:00
toddouska
b6937626b4 don't require uneeded temp with WC_NO_CACHE_RESISTANT 2016-09-13 17:01:50 -07:00
toddouska
7b3fc558ec add WC_NO_CACHE_RESISTANT option for old code path 2016-09-13 16:45:15 -07:00
John Safranek
b77c350153 Merge pull request #547 from toddouska/mathca 
Remove timing resistant cache key bit monitor leaks
 2016-09-13 14:34:23 -07:00
toddouska
05d78dc2ce Merge pull request #544 from cconlon/rsafix 
include MAX_RSA_INT_SZ in wc_RsaKeyToPublicDer(), for 4096-bit keys
 2016-09-13 11:24:03 -07:00
toddouska
46a0ee8e69 switch ecc timising resistant mulmod double to use temp instead of leaking key bit to cache monitor 2016-09-13 11:10:10 -07:00
John Safranek
0477d5379e Merge pull request #546 from toddouska/aesca 
AES T table cache preload.
 2016-09-13 11:05:28 -07:00
toddouska
6ef9e79ff5 switch timing resistant exptmod to use temp for square instead of leaking key bit to cache monitor 2016-09-13 09:13:39 -07:00
toddouska
6ae1a14c9f do aes cache line stride by bytes, not word32s 2016-09-12 21:09:08 -07:00
John Safranek
77cf700657 Update to allow resumption with session tickets and extended master secret. 2016-09-12 16:06:51 -07:00
toddouska
c6256211d6 compress aes last round decrypt table, prefetch Td tables before aes decrypt rounds, prefecth compressed table before last round 2016-09-12 13:04:30 -07:00
toddouska
97a64bcc7c remove unique aes last round Te table, pre fetch Te tables during software aes encrypt 2016-09-12 12:03:37 -07:00
John Safranek
c1136a30e9 1. Enabled the extended master secret in the Windows IDE user_settings.h 
file by default.
2. Fixed scan-build warning about an assignment to a variable that isn't
used again in the function. Commented out the line.
 2016-09-12 09:42:42 -07:00
John Safranek
b994244011 Revising the Extended Master Secret support. Removing the dynamic 
TLSX support for the extention and treating it like the Signature
and Hash algorithms extension. It is to be enabled by default and
the user can turn it off at run time or build time.
 2016-09-11 18:05:44 -07:00
Chris Conlon
a149d83bff include MAX_RSA_INT_SZ in wc_RsaKeyToPublicDer(), for 4096-bit keys 2016-09-09 16:11:56 -06:00
John Safranek
68e48e84fd Merge pull request #541 from toddouska/comp 
detect server forcing compression on client w/o support
 2016-09-09 13:00:22 -07:00
toddouska
fc54c53f38 Merge pull request #543 from JacobBarthelmeh/ARMv8 
ARMv8 : increase performance with SHA256
 2016-09-09 10:23:44 -07:00
Jacob Barthelmeh
3ec66dd662 ARMv8 : sanity checks and change constraint type 2016-09-09 00:27:40 +00:00
dgarske
bd3e40d2fc Merge pull request #542 from JacobBarthelmeh/master 
verify case with unexpected input
 2016-09-08 16:07:28 -07:00
Jacob Barthelmeh
f4e604dec3 verify case with unexpected input 2016-09-08 15:32:09 -06:00
toddouska
0c21d76ce3 detect client not sending any compression types 2016-09-08 12:06:22 -07:00
John Safranek
4fb1431727 Added support for the extended master secret extension to the sniffer. 2016-09-08 11:25:02 -07:00
Jacob Barthelmeh
79af4d30e0 ARMv8 : increase performance with SHA256 2016-09-08 18:00:24 +00:00
toddouska
3e80d966d2 Merge pull request #540 from dgarske/fix_noprng_nosha2 
Fix to allow disabling P-RNG and SHA256 with CUSTOM_RAND_GENERATE_BLOCK
 2016-09-07 16:33:32 -07:00
toddouska
3aefc42f04 have TLS server side verify no compression is in list if not using compression 2016-09-07 15:28:30 -07:00
David Garske
f6b786cfb5 Updated the random.h source inline comments to clarify SHA256 and RC4. 2016-09-07 09:23:43 -07:00
toddouska
baebec4ca4 Merge pull request #538 from JacobBarthelmeh/ARMv8 
initial ARMv8 instructions
 2016-09-07 09:20:14 -07:00
toddouska
a5db13cd01 detect server forcing compression on client w/o support 2016-09-07 09:17:14 -07:00
David Garske
8d6ea61a4f Fix to allow disabling P-RNG and SHA256 when CUSTOM_RAND_GENERATE_BLOCK is used. Added inline documentation to describe RNG source options. Example: ./configure --enable-cryptonly --disable-hashdrbg CFLAGS="-DNO_SHA256 -DCUSTOM_RAND_GENERATE_BLOCK" 2016-09-06 16:42:53 -07:00
Jacob Barthelmeh
09b29cb1d4 ARMv8 AES: remove extra memcpy during encrypt/decrypt 2016-09-02 22:55:17 +00:00
JacobBarthelmeh
33f24ebaa8 Merge pull request #537 from ejohnstown/ocsp-issuerKeyHash 
OCSP Fixes
 2016-09-02 14:57:07 -06:00
Jacob Barthelmeh
8e4ccd355c refactor ALIGN16 macro to types.h 2016-09-01 21:24:03 +00:00
Chris Conlon
0f0e0ca9a5 add extended master to example client 2016-09-01 15:17:46 -06:00
Chris Conlon
88fab67804 add extended master unit tests 2016-09-01 15:15:17 -06:00
Chris Conlon
e4f527a332 initial extended master secret support 2016-09-01 15:12:54 -06:00
Chris Conlon
5bf8806655 add wc_Sha384/512GetHash() functions 2016-09-01 15:05:27 -06:00
Jacob Barthelmeh
41912b92c6 initial ARMv8 instructions 2016-09-01 18:10:06 +00:00
John Safranek
963b9d4c4d OCSP Fixes 
1. When using Cert Manager OCSP lookup, the issuer key hash wasn't
being set correctly. This could lead to unknown responses from lookup.
2. Default OCSP lookup callback could get blocked waiting for server
to close socket.
 2016-09-01 09:58:34 -07:00
Chris Conlon
a0b02236b8 Merge pull request #527 from danielinux/master 
Support for Frosted OS
 2016-08-31 10:07:25 -06:00
toddouska
092916c253 Merge pull request #536 from ejohnstown/dtls-sctp 
DTLS over SCTP
 2016-08-30 13:09:40 -07:00
John Safranek
e0a035a063 DTLS-SCTP Tests 
1. Added a check to configure for SCTP availablility.
2. Added DTLS-SCTP to the cipher suite test.
 2016-08-29 15:24:51 -07:00
JacobBarthelmeh
de3f66b946 Merge pull request #515 from dgarske/cryptonly_static_mem 
Added support for static memory with wolfCrypt
 2016-08-29 15:23:28 -06:00
David Garske
ddff90ea26 Fix duplicate declaration of "wolfSSL_init_memory_heap" (errors after rebase). 2016-08-29 11:50:43 -07:00
David Garske
6a70403547 Fix for "not used" devId in benchmark. 2016-08-29 11:01:16 -07:00
David Garske
2ecd80ce23 Added support for static memory with wolfCrypt. Adds new "wc_LoadStaticMemory" function and moves "wolfSSL_init_memory_heap" into wolfCrypt layer. Enhanced wolfCrypt test and benchmark to use the static memory tool if enabled. Added support for static memory with "WOLFSSL_DEBUG_MEMORY" defined. Fixed issue with have-iopool and XMALLOC/XFREE. Added check to prevent using WOLFSSL_STATIC_MEMORY with HAVE_IO_POOL, XMALLOC_USER or NO_WOLFSSL_MEMORY defined. 2016-08-29 10:38:06 -07:00
John Safranek
05a35a8332 fix scan-build warning on the simple SCTP example server 2016-08-26 20:33:05 -07:00
John Safranek
aed68e1c69 1. Needed to tell the client to use sctp. 
2. Creating the example sockets needed the IPPROTO type.
 2016-08-26 19:58:36 -07:00
John Safranek
46e92e0211 DTLS-SCTP example client and server 
1. Update the example client and server to test DTLS-SCTP.
2. Modify the test.h functions for setting up connections to allow
for a SCTP option.
3. Update other examples to use the new test.h functions.
4. Removed some prototypes in the client header file were some functions
that should have been static to the client.c file and made them static.
 2016-08-26 19:58:36 -07:00
John Safranek
6d5df3928f SCTP-DTLS examples 
1. Added the set SCTP mode command to client and server.
2. Added a 4K buffer test case.
 2016-08-26 19:58:36 -07:00
John Safranek
bab071f961 1. Implemented the SCTP MTU size changes for transmit. 
2. Simplified the MAX_FRAGMENT size when calling SendData().
 2016-08-26 19:58:36 -07:00
John Safranek
a6c0d4fed7 1. Added missing -DWOLFSSL_SCTP to configure.ac. 
2. Don't do hello verify requests in SCTP mode.
3. Implemented the SCTP MTU size changes.
4. Simplified the MAX_FRAGMENT size when calling ReceiveData().
 2016-08-26 19:58:36 -07:00
John Safranek
52e2f1a7ab typecasts to clear static analysis warnings on SCTP examples 2016-08-26 19:58:36 -07:00
John Safranek
f3dca48e99 Fix polarity on the DTLS-SCTP check. 2016-08-26 19:58:36 -07:00
John Safranek
7b3255b5bb 1. Simplified the IsDtlsSctpMode() check. 
2. Checked IsDtlsSctpMode() to skip saving messages to retransmit and
skip retransmissions.
 2016-08-26 19:57:09 -07:00
John Safranek
c1970434d1 simplify the SCTP options 2016-08-26 19:43:52 -07:00
John Safranek
b7a35eabd2 Add simple SCTP example tools 2016-08-26 19:40:50 -07:00
John Safranek
ebbf5ec72b add new options and accessors for SCTP 2016-08-26 19:40:50 -07:00
John Safranek
2d9b6cf27a added SCTP to configure.ac 2016-08-26 19:40:50 -07:00
dgarske
d7ac7af4b0 Merge pull request #532 from toddouska/sb-aiaddr 
make sure static analysis realizes err_sys does exit()
 2016-08-26 16:29:20 -07:00
dgarske
930c692598 Merge pull request #535 from toddouska/ecc521-no64 
fix normal math 16bit digit_bit for all ecc sizes
 2016-08-26 14:59:01 -07:00
toddouska
bd312cb766 Merge pull request #533 from dgarske/dg_fixes 
Fixes for HMAC/small stack heap and disable RSA warnings
 2016-08-26 14:30:55 -07:00
toddouska
401463a983 Merge pull request #534 from dgarske/ecc_cust_fix 
Fixed issue with "wc_ecc_set_custom_curve" function and ECC test improvements
 2016-08-26 14:25:15 -07:00
toddouska
efabbcf305 fix normal math 16bit digit_bit for all ecc sizes 2016-08-26 13:47:53 -07:00
David Garske
bf23b2f9d1 Fix issue with "wc_ecc_set_custom_curve" function not setting index as "ECC_CUSTOM_IDX". Cleanup of the ECC tests to return actual error code (when available) and make sure keys are free'd. Some trailing whitespace cleanup. 2016-08-26 12:35:47 -07:00
David Garske
925e5e3484 Fixes typo issue with heap in hmac and small stack enabled. Fixed "never read" scan-build warnings with typeH and verify when RSA is disabled. 2016-08-26 10:33:01 -07:00
toddouska
86e889a7fa only force exit() in all cases with gcc since we know noreturn attribute there 2016-08-26 10:20:58 -07:00
toddouska
dd7f9b618d make sure static analysis realizes err_sys does exit() 2016-08-25 12:23:57 -07:00
toddouska
78ca9e7716 Merge pull request #482 from dgarske/async 
Asynchronous wolfCrypt RSA and TLS client support
 2016-08-25 10:06:18 -07:00
toddouska
07345579ec Merge pull request #531 from cconlon/distro 
Add "--enable-distro" build option
 2016-08-23 14:31:23 -07:00
David Garske
a9278fe492 Added check for GetLength result in asn GetIntRsa function. Fixed return code in random.c for "wolfAsync_DevCtxInit" due to copy/paste error. Added RSA wc_RsaCleanup to make sure allocated tmp buffer is always free'd. Eliminated invalid RSA key type checks and "RSA_CHECK_KEYTYPE". 2016-08-23 11:31:15 -07:00
Chris Conlon
91ccf1bd86 do not enable ARC4 or sniffer in distro build 2016-08-22 15:33:45 -06:00
Chris Conlon
45c8ed1436 remove -X from ocsp stapling tests that are not external 2016-08-22 14:18:35 -06:00
toddouska
ebba0efaa4 Merge pull request #528 from jrblixt/tests_api_develop 
Added Functions to wolfSSL/test/api.c
 2016-08-22 09:38:23 -07:00
Chris Conlon
1a94c0bbdd add distro build option 2016-08-22 10:00:37 -06:00
Chris Conlon
6f0239441b Merge pull request #530 from ejohnstown/dtls-ticket 
DTLS and Session Ticket fix
 2016-08-22 09:37:28 -06:00
John Blixt
a9935cbc28 Made changes found by Jenkins. 2016-08-19 10:23:55 -06:00
John Safranek
fa1989b729 fix building the new session ticket message for DTLS, take into account the additional header sizes 2016-08-18 17:51:25 -07:00
John Blixt
813a9b05b5 Clean up and Chris check added the changes. 2016-08-18 15:07:07 -06:00
John Blixt
f61c045e65 Changes to the Assert Macros used and added wolfSSL_CTX_use_certificate_buffer() 2016-08-18 10:03:33 -06:00
Daniele Lacamera
3d3f8c9dd3 Support for Frosted OS 2016-08-18 14:56:14 +02:00
John Blixt
b068eec96d added wolfSSL_CTX_SetMinVersion 2016-08-17 14:41:37 -06:00
John Blixt
73089200bf Merge branch 'master' of https://github.com/wolfSSL/wolfssl into tests_api_develop 2016-08-17 14:12:43 -06:00
John Blixt
cddc771829 Added wolfSSL_SetMinVersion 2016-08-17 14:05:37 -06:00
John Blixt
584733b138 Chris looked at functions added for correctness. 2016-08-17 11:27:14 -06:00
John Blixt
65b2b14a0f added test functions for wolfCrypt_Init and OCSP stapling v1 and v2 2016-08-17 10:32:03 -06:00
David Garske
3e6be9bf2c Fix in "wc_InitRsaKey_ex" for normal math so mp_init isn't called to defer allocation. 2016-08-15 14:07:16 -06:00
David Garske
17a34c5899 Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com. 2016-08-15 13:59:41 -06:00
Chris Conlon
5347e32d63 Merge pull request #526 from toddouska/fm64-types 
don't setup 64bit typedef with fastmath if not needed
 2016-08-15 13:14:59 -06:00
Chris Conlon
d1d6571575 Merge pull request #525 from toddouska/session 
add resume session string script check, make GetDeepCopySession stati…
 2016-08-15 13:11:53 -06:00
toddouska
527c375884 don't setup 64bit typedef with fastmath if not needed 2016-08-15 11:02:06 -07:00
toddouska
d74fa8299a add resume session string script check, make GetDeepCopySession static local and check reutrn code 2016-08-15 09:32:36 -07:00
dgarske
b38218a0b9 Merge pull request #524 from kaleb-himes/certs-buffs-and-tests 
cert updates, new buffers, new test with buffers
 2016-08-14 08:39:37 -07:00
kaleb-himes
da18e463ed remove constraints on inclusion of certs_test.h 2016-08-12 17:00:22 -06:00
kaleb-himes
03295ec6d7 update certs, extend ntru to 1000 days, add der formatted ecc, new ecc buffer test 
changes from first review

move to 256 bit defines
 2016-08-12 13:00:52 -06:00
toddouska
7cf13f84b7 Merge pull request #522 from JacobBarthelmeh/master 
help static analysis tools
 2016-08-10 16:37:16 -07:00
Jacob Barthelmeh
b502d9dcf7 help static analysis tools 2016-08-10 14:23:27 -06:00
JacobBarthelmeh
fd9f8125e3 Merge pull request #521 from dgarske/improve_inline_misc 
Change misc.c error to warning when trying to be compiled and inline enabled
 2016-08-09 13:09:20 -06:00
toddouska
a8b2ced588 Merge pull request #519 from dgarske/fix_compat_wo_ecc 
Fix for openssl compatibility without ECC
 2016-08-08 13:46:58 -07:00
David Garske
317a7f2662 Change misc.c error to warning and exclude the misc.c code from being compiled. Most people include all .c files and by default inlining is allowed, which in turn causes an #error in misc.c and it must be excluded. Since we know its already been properly included there is no reason to throw error here. Instead, show warning and exclude code in .c file. 2016-08-08 13:13:59 -07:00
David Garske
b0e4acaac1 Fix for openssl compatibility without ECC. Disable "wolf_OBJ_nid2sn", "wolf_OBJ_sn2nid" and "wolf_OBJ_obj2nid" when "OPENSSL_EXTRA" defined and "HAVE_ECC" is not defined. 2016-08-08 10:29:58 -07:00
toddouska
76e8438059 Merge pull request #518 from dgarske/fix_build_w_callbacks 
Fix build with "WOLFSSL_CALLBACKS" defined.
 2016-08-06 10:11:53 -07:00
toddouska
49fb0d56b0 Merge pull request #516 from dgarske/fix_asn_wo_hmac 
Fix build issue with ASN enabled and no HMAC
 2016-08-06 10:07:00 -07:00
toddouska
c8cfe1ffa1 Merge pull request #511 from dgarske/openssl_compat_fixes 
Various improvements to support openssl compatibility
 2016-08-06 09:59:31 -07:00
toddouska
dd03af2cf4 Merge pull request #512 from dgarske/fix_crl_pad 
Fixed issue with CRL check and zero pad
 2016-08-06 09:56:59 -07:00
dgarske
cc462e2c50 Merge pull request #513 from kojo1/Der2Pem 
Adds "wc_DerToPem" CRL_TYPE support
 2016-08-05 14:35:15 -07:00
David Garske
d8c63b8e66 Various improvements to support openssl compatibility. 
* Fixed bug with "wolfSSL_get_cipher_name_internal" for loop using incorrect max length for "cipher_name_idx" (this caused fault when library built with NO_ERROR_STRINGS and calling it).
* Adds new "GetCipherNameInternal" function to get cipher name using internal "cipherSuite" index only (for scenario where WOLFSSL object does not exist).
* Implements API's for "wolf_OBJ_nid2sn" and "wolf_OBJ_sn2nid". Uses the ecc.c "ecc_sets" table to locate NID (ECC ID and NID are same).
* Added "WOLFSSL*" to HandShakeInfo.
* Allowed "SetName" to be exposed.
* Added "wolfSSL_X509_load_certificate_buffer". Refactor "wolfSSL_X509_load_certificate_file" to use new function (no duplicate code).
 2016-08-05 14:15:47 -07:00
David Garske
32b0303beb Fix build with "WOLFSSL_CALLBACKS" defined. 2016-08-05 14:06:58 -07:00
David Garske
6b1ff8e9d7 Only try and return serial number or check padding if the serial number size is greater than 1. 2016-08-05 12:53:26 -07:00
David Garske
a17bc2a42e Fix build issue with ASN enabled and no HMAC (missing MAX_DIGEST_SIZE). Switch to using WC_MAX_DIGEST_SIZE from hash.h, which is always available. Added small stack option for digest in MakeSignature. Fixed build error with unused "testVerifyCount" if "NO_ECC_SIGN" or "NO_ECC_VERIFY". 2016-08-05 12:19:30 -07:00
toddouska
eeb506b8c0 Merge pull request #514 from dgarske/fix_arm_cc_warn 
Fixes for warnings when cross-compiling with GCC ARM.
 2016-08-05 10:07:32 -07:00
David Garske
96da2df7ec Additional max index and serial number size checks in "GetSerialNumber". 2016-08-03 17:04:44 -07:00
David Garske
2c1309ffc7 Fixes for warnings when cross-compiling with GCC ARM. 2016-08-03 16:53:53 -07:00
Takashi Kojo
e01dcb671d eliminate tail nl 2016-08-03 11:12:10 +09:00
Takashi Kojo
ed4cd2438f CRL_Type to wc_DerToPem 2016-08-03 10:53:54 +09:00
David Garske
9ddfe93c43 Fixed issue with CRL check and zero pad (the GetRevoked function was not trimming pad). Added new ASN "GetSerialNumber" function and implemented it in three places in asn.c. 2016-08-02 16:47:21 -07:00
162 changed files with 18086 additions and 6501 deletions
Expand all files Collapse all files

7
.gitignore vendored
View File

@@ -19,6 +19,7 @@ config*
ipch/
build-aux/
rpm/spec
*.rpm
stamp-h
cyassl/options.h
wolfssl/options.h
@@ -41,6 +42,8 @@ fips_test.c
fips
src/async.c
wolfssl/async.h
wolfcrypt/src/async.c
wolfssl/wolfcrypt/async.h
ctaocrypt/benchmark/benchmark
ctaocrypt/test/testctaocrypt
wolfcrypt/benchmark/benchmark
@@ -49,6 +52,10 @@ examples/client/client
examples/echoclient/echoclient
examples/echoserver/echoserver
examples/server/server
examples/sctp/sctp-server
examples/sctp/sctp-server-dtls
examples/sctp/sctp-client
examples/sctp/sctp-client-dtls
server_ready
snifftest
output

10
IDE/ARDUINO/README.md
View File

@@ -7,10 +7,16 @@ files to be in the library's root directory with a header file in the name of
the library. This script moves all src/ files to the root wolfssl directory and
creates a stub header file called wolfssl.h.
To configure wolfSSL with Arduino, enter the following from within the
Step 1: To configure wolfSSL with Arduino, enter the following from within the
wolfssl/IDE/ARDUINO directory:
./wolfssl-arduino.sh
./wolfssl-arduino.sh
Step 2: Edit <wolfssl-root>/wolfssl/wolfcrypt/settings.h uncomment the define for
WOLFSSL_ARDUINO
also uncomment the define for INTEL_GALILEO if building for that platform
#####Including wolfSSL in Arduino Libraries (for Arduino version 1.6.6)
1. Copy the wolfSSL directory into Arduino/libraries (or wherever Arduino searches for libraries).

2
IDE/ARDUINO/include.am
View File

@@ -3,6 +3,6 @@
# All paths should be given relative to the root
EXTRA_DIST+= IDE/ARDUINO/README.md
EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_client.ino
EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino
EXTRA_DIST+= IDE/ARDUINO/wolfssl-arduino.sh

0
IDE/ARDUINO/sketches/wolfssl_client.ino → IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino
View File

2
IDE/ARDUINO/wolfssl-arduino.sh
View File

@@ -6,7 +6,7 @@
DIR=${PWD##*/}
if [ "$DIR" == "ARDUINO" ]; then
if [ "$DIR" = "ARDUINO" ]; then
cp ../../src/*.c ../../
cp ../../wolfcrypt/src/*.c ../../
echo "/* stub header file for Arduino compatibility */" >> ../../wolfssl.h

1
IDE/WIN/user_settings.h
View File

@@ -28,6 +28,7 @@
#define WOLFSSL_RIPEMD
#define WOLFSSL_SHA512
#define NO_PSK
#define HAVE_EXTENDED_MASTER
#define WOLFSSL_SNIFFER
#else
/* The servers and clients */

1
IDE/WIN/wolfssl-fips.vcxproj
View File

@@ -300,6 +300,7 @@
<ClCompile Include="..\..\src\ssl.c" />
<ClCompile Include="..\..\src\tls.c" />
<ClCompile Include="..\..\wolfcrypt\src\wc_encrypt.c" />
<ClCompile Include="..\..\wolfcrypt\src\wolfevent.c" />
</ItemGroup>
<ItemGroup>
<CustomBuild Include="..\..\wolfcrypt\src\aes_asm.asm">

39
README
View File

@@ -35,6 +35,45 @@ before calling wolfSSL_new(); Though it's not recommended.
*** end Notes ***
********* wolfSSL (Formerly CyaSSL) Release 3.9.10 (9/23/2016)
Release 3.9.10 of wolfSSL has bug fixes and new features including:
- Default configure option changes:
1. DES3 disabled by default
2. ECC Supported Curves Extension enabled by default
3. New option Extended Master Secret enabled by default
- Added checking CA certificate path length, and new test certs
- Fix to DSA pre padding and sanity check on R/S values
- Added CTX level RNG for single-threaded builds
- Intel RDSEED enhancements
- ARMv8 hardware acceleration support for AES-CBC/CTR/GCM, SHA-256
- Arduino support updates
- Added the Extended Master Secret TLS extension
1. Enabled by default in configure options, API to disable
2. Added support for Extended Master Secret to sniffer
- OCSP fix with issuer key hash, lookup refactor
- Added support for Frosted OS
- Added support for DTLS over SCTP
- Added support for static memory with wolfCrypt
- Fix to ECC Custom Curve support
- Support for asynchronous wolfCrypt RSA and TLS client
- Added distribution build configure option
- Update the test certificates
This release of wolfSSL fixes medium level security vulnerabilities. Fixes for
potential AES, RSA, and ECC side channel leaks is included that a local user
monitoring the same CPU core cache could exploit. VM users, hyper-threading
users, and users where potential attackers have access to the CPU cache will
need to update if they utilize AES, RSA private keys, or ECC private keys.
Thanks to Gorka Irazoqui Apecechea and Xiaofei Guo from Intel Corporation for
the report. More information will be available on our site:
https://wolfssl.com/wolfSSL/security/vulnerabilities.php
See INSTALL file for build instructions.
More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html
********* wolfSSL (Formerly CyaSSL) Release 3.9.8 (7/29/2016)
Release 3.9.8 of wolfSSL has bug fixes and new features including:

43
README.md
View File

@@ -38,6 +38,47 @@ wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
before calling wolfSSL_new(); Though it's not recommended.
```
# wolfSSL (Formerly CyaSSL) Release 3.9.10 (9/23/2016)
## Release 3.9.10 of wolfSSL has bug fixes and new features including:
- Default configure option changes:
1. DES3 disabled by default
2. ECC Supported Curves Extension enabled by default
3. New option Extended Master Secret enabled by default
- Added checking CA certificate path length, and new test certs
- Fix to DSA pre padding and sanity check on R/S values
- Added CTX level RNG for single-threaded builds
- Intel RDSEED enhancements
- ARMv8 hardware acceleration support for AES-CBC/CTR/GCM, SHA-256
- Arduino support updates
- Added the Extended Master Secret TLS extension
1. Enabled by default in configure options, API to disable
2. Added support for Extended Master Secret to sniffer
- OCSP fix with issuer key hash, lookup refactor
- Added support for Frosted OS
- Added support for DTLS over SCTP
- Added support for static memory with wolfCrypt
- Fix to ECC Custom Curve support
- Support for asynchronous wolfCrypt RSA and TLS client
- Added distribution build configure option
- Update the test certificates
This release of wolfSSL fixes medium level security vulnerabilities. Fixes for
potential AES, RSA, and ECC side channel leaks is included that a local user
monitoring the same CPU core cache could exploit. VM users, hyper-threading
users, and users where potential attackers have access to the CPU cache will
need to update if they utilize AES, RSA private keys, or ECC private keys.
Thanks to Gorka Irazoqui Apecechea and Xiaofei Guo from Intel Corporation for
the report. More information will be available on our site:
https://wolfssl.com/wolfSSL/security/vulnerabilities.php
See INSTALL file for build instructions.
More info can be found on-line at https://wolfssl.com/wolfSSL/Docs.html
# wolfSSL (Formerly CyaSSL) Release 3.9.8 (7/29/2016)
##Release 3.9.8 of wolfSSL has bug fixes and new features including:
@@ -1451,4 +1492,4 @@ Run the testsuite program
compatibility functions.
Please send questions or comments to todd@yassl.com
Please send questions or comments to todd@wolfssl.com

2
SCRIPTS-LIST
View File

@@ -24,6 +24,8 @@ certs/
ocspd0.sh - ocsp responder for root-ca-cert.pem
ocspd1.sh - ocsp responder for intermediate1-ca-cert.pem
ocspd2.sh - ocsp responder for intermediate2-ca-cert.pem
test-pathlen/
assemble-chains.sh - composes the cert chain files out of the certs
scripts/
external.test - example client test against our website, part of tests

6
autogen.sh
View File

@@ -13,15 +13,15 @@ if test -d .git; then
fi
# If this is a source checkout then call autoreconf with error as well
if test -d .git; then
if test -e .git; then
WARNINGS="all,error"
# touch fips files for non fips distribution
touch ./ctaocrypt/src/fips.c
touch ./ctaocrypt/src/fips_test.c
# touch async crypt files
touch ./src/async.c
touch ./wolfssl/async.h
touch ./wolfcrypt/src/async.c
touch ./wolfssl/wolfcrypt/async.h
else
WARNINGS="all"
fi

36
certs/1024/ca-cert.pem
View File

@@ -2,12 +2,12 @@ Certificate:
Data:
Version: 3 (0x2)
Serial Number:
ce:e3:ff:31:10:46:d2:76
b5:4e:78:83:dd:ef:e7:8f
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting_1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
Not Before: Jul 25 18:56:34 2016 GMT
Not After : Apr 21 18:56:34 2019 GMT
Not Before: Aug 11 20:07:37 2016 GMT
Not After : May 8 20:07:37 2019 GMT
Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting_1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
@@ -29,25 +29,25 @@ Certificate:
X509v3 Authority Key Identifier:
keyid:D3:22:8F:28:2C:E0:05:EE:D3:ED:C3:71:3D:C9:B2:36:3A:1D:BF:A8
DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting_1024/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:CE:E3:FF:31:10:46:D2:76
serial:B5:4E:78:83:DD:EF:E7:8F
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
95:09:cc:95:d1:ff:84:5b:1e:b4:96:51:58:40:7a:68:c7:7d:
5e:5c:27:f7:15:65:50:ce:02:29:13:6c:5e:2d:68:c7:f2:bd:
eb:6d:ae:fe:5e:8f:05:32:e4:26:f0:f7:f9:64:92:e5:cf:f5:
60:65:71:fa:47:74:dd:2b:c1:c7:e0:e3:a5:6e:97:c6:d8:c0:
90:ff:9d:94:65:85:73:b2:c7:35:ec:d3:44:b5:8f:53:fb:c9:
21:ee:93:5f:1c:d6:0d:d9:b4:c3:0d:74:87:ae:c7:b1:42:be:
69:67:db:1c:79:09:c0:69:ac:4a:7d:ea:24:aa:48:99:3e:32:
76:cb
5a:09:c3:7e:d5:cd:73:6f:d6:5d:1d:6c:a8:4a:12:82:3d:be:
fe:09:d6:02:24:23:9a:07:67:4b:6e:60:a6:6d:42:aa:86:36:
07:20:a9:44:b4:95:d6:81:db:9d:28:13:5f:a9:75:38:2d:80:
c6:60:f7:4a:48:23:c0:97:ee:f7:65:35:19:8d:20:a2:00:24:
5c:d9:35:22:99:1f:dd:5f:0c:83:f8:ab:4d:88:69:6a:b0:f4:
82:5c:77:a5:50:b1:09:d1:5d:94:d8:b0:26:bf:c1:55:14:9f:
e2:f0:2e:48:d1:7b:fc:52:bf:ac:6d:1a:3a:dd:36:ee:ca:51:
4c:1d
-----BEGIN CERTIFICATE-----
MIIDtTCCAx6gAwIBAgIJAM7j/zEQRtJ2MA0GCSqGSIb3DQEBCwUAMIGZMQswCQYD
MIIDtTCCAx6gAwIBAgIJALVOeIPd7+ePMA0GCSqGSIb3DQEBCwUAMIGZMQswCQYD
VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G
A1UECgwIU2F3dG9vdGgxGDAWBgNVBAsMD0NvbnN1bHRpbmdfMTAyNDEYMBYGA1UE
AwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
Y29tMB4XDTE2MDcyNTE4NTYzNFoXDTE5MDQyMTE4NTYzNFowgZkxCzAJBgNVBAYT
Y29tMB4XDTE2MDgxMTIwMDczN1oXDTE5MDUwODIwMDczN1owgZkxCzAJBgNVBAYT
AlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQK
DAhTYXd0b290aDEYMBYGA1UECwwPQ29uc3VsdGluZ18xMDI0MRgwFgYDVQQDDA93
d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20w
@@ -59,8 +59,8 @@ ybI2Oh2/qDCBzgYDVR0jBIHGMIHDgBTTIo8oLOAF7tPtw3E9ybI2Oh2/qKGBn6SB
nDCBmTELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0Jv
emVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRgwFgYDVQQLDA9Db25zdWx0aW5nXzEw
MjQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5m
b0B3b2xmc3NsLmNvbYIJAM7j/zEQRtJ2MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcN
AQELBQADgYEAlQnMldH/hFsetJZRWEB6aMd9Xlwn9xVlUM4CKRNsXi1ox/K9622u
/l6PBTLkJvD3+WSS5c/1YGVx+kd03SvBx+DjpW6XxtjAkP+dlGWFc7LHNezTRLWP
U/vJIe6TXxzWDdm0ww10h67HsUK+aWfbHHkJwGmsSn3qJKpImT4ydss=
b0B3b2xmc3NsLmNvbYIJALVOeIPd7+ePMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcN
AQELBQADgYEAWgnDftXNc2/WXR1sqEoSgj2+/gnWAiQjmgdnS25gpm1CqoY2ByCp
RLSV1oHbnSgTX6l1OC2AxmD3SkgjwJfu92U1GY0gogAkXNk1Ipkf3V8Mg/irTYhp
arD0glx3pVCxCdFdlNiwJr/BVRSf4vAuSNF7/FK/rG0aOt027spRTB0=
-----END CERTIFICATE-----

BIN
certs/1024/client-cert.der
View File

Binary file not shown.

38
certs/1024/client-cert.pem
View File

@@ -2,12 +2,12 @@ Certificate:
Data:
Version: 3 (0x2)
Serial Number:
b1:21:19:7d:16:7a:6d:e5
f3:63:b8:35:1d:0a:d8:d9
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL_1024, OU=Programming-1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
Not Before: Jul 25 18:56:34 2016 GMT
Not After : Apr 21 18:56:34 2019 GMT
Not Before: Aug 11 20:07:37 2016 GMT
Not After : May 8 20:07:37 2019 GMT
Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_1024, OU=Programming-1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
@@ -29,25 +29,25 @@ Certificate:
X509v3 Authority Key Identifier:
keyid:81:69:0F:F8:DF:DD:CF:34:29:D5:67:75:71:85:C7:75:10:69:59:EC
DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_1024/OU=Programming-1024/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:B1:21:19:7D:16:7A:6D:E5
serial:F3:63:B8:35:1D:0A:D8:D9
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
18:ad:2f:70:0b:3b:01:d1:85:e9:5f:be:f6:89:44:9d:06:36:
9d:e1:57:7d:73:02:10:bc:5a:8e:94:15:78:35:d4:98:2e:f9:
ae:df:67:97:6c:f6:89:e7:6e:e7:fb:a2:97:c7:71:a3:d9:03:
68:d2:a1:5b:5a:5b:f7:f3:78:23:fc:ac:71:6f:0b:96:de:e6:
71:9f:90:fd:2a:f9:98:39:ff:87:6a:d2:17:2a:af:e4:d2:b5:
2c:90:fb:cc:76:c0:05:65:09:97:a3:e8:30:7a:75:5f:b9:5d:
5e:c5:c5:ad:aa:66:36:26:d9:67:79:1e:1b:99:d6:f5:aa:d7:
ee:61
31:5e:c5:8c:6f:b7:c5:47:1b:51:5f:99:91:a1:23:45:3c:36:
59:20:fe:90:46:95:79:e8:b8:d9:db:44:7f:63:42:71:59:d5:
59:a5:3c:d3:43:83:a0:7d:1e:56:36:02:92:e2:0a:19:f6:97:
f2:82:12:a6:b2:bf:3b:b6:b0:07:fc:7a:5b:78:22:a0:31:f4:
3d:eb:0a:c5:e4:e5:b4:c7:bb:4f:a9:b8:37:19:bf:c7:64:9d:
74:9e:78:df:09:f5:d6:dd:c2:fb:ce:94:d5:bf:97:b0:76:b5:
e9:10:65:6c:48:85:c4:1b:ff:5b:64:c7:11:30:06:e4:40:f5:
90:2b
-----BEGIN CERTIFICATE-----
MIIDxTCCAy6gAwIBAgIJALEhGX0Wem3lMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD
MIIDxTCCAy6gAwIBAgIJAPNjuDUdCtjZMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD
VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEVMBMG
A1UECgwMd29sZlNTTF8xMDI0MRkwFwYDVQQLDBBQcm9ncmFtbWluZy0xMDI0MRgw
FgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s
ZnNzbC5jb20wHhcNMTYwNzI1MTg1NjM0WhcNMTkwNDIxMTg1NjM0WjCBnjELMAkG
ZnNzbC5jb20wHhcNMTYwODExMjAwNzM3WhcNMTkwNTA4MjAwNzM3WjCBnjELMAkG
A1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTAT
BgNVBAoMDHdvbGZTU0xfMTAyNDEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMTAyNDEY
MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
@@ -59,9 +59,9 @@ D/jf3c80KdVndXGFx3UQaVnsMIHTBgNVHSMEgcswgciAFIFpD/jf3c80KdVndXGF
x3UQaVnsoYGkpIGhMIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQ
MA4GA1UEBwwHQm96ZW1hbjEVMBMGA1UECgwMd29sZlNTTF8xMDI0MRkwFwYDVQQL
DBBQcm9ncmFtbWluZy0xMDI0MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAd
BgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CCQCxIRl9Fnpt5TAMBgNVHRME
BTADAQH/MA0GCSqGSIb3DQEBCwUAA4GBABitL3ALOwHRhelfvvaJRJ0GNp3hV31z
AhC8Wo6UFXg11Jgu+a7fZ5ds9onnbuf7opfHcaPZA2jSoVtaW/fzeCP8rHFvC5be
5nGfkP0q+Zg5/4dq0hcqr+TStSyQ+8x2wAVlCZej6DB6dV+5XV7Fxa2qZjYm2Wd5
HhuZ1vWq1+5h
BgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CCQDzY7g1HQrY2TAMBgNVHRME
BTADAQH/MA0GCSqGSIb3DQEBCwUAA4GBADFexYxvt8VHG1FfmZGhI0U8Nlkg/pBG
lXnouNnbRH9jQnFZ1VmlPNNDg6B9HlY2ApLiChn2l/KCEqayvzu2sAf8elt4IqAx
9D3rCsXk5bTHu0+puDcZv8dknXSeeN8J9dbdwvvOlNW/l7B2tekQZWxIhcQb/1tk
xxEwBuRA9ZAr
-----END CERTIFICATE-----

68
certs/1024/server-cert.pem
View File

@@ -5,8 +5,8 @@ Certificate:
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting_1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
Not Before: Jul 25 18:56:34 2016 GMT
Not After : Apr 21 18:56:34 2019 GMT
Not Before: Aug 11 20:07:38 2016 GMT
Not After : May 8 20:07:38 2019 GMT
Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Support_1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
@@ -28,25 +28,25 @@ Certificate:
X509v3 Authority Key Identifier:
keyid:D3:22:8F:28:2C:E0:05:EE:D3:ED:C3:71:3D:C9:B2:36:3A:1D:BF:A8
DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting_1024/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:CE:E3:FF:31:10:46:D2:76
serial:B5:4E:78:83:DD:EF:E7:8F
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
01:b4:45:a2:b5:7f:2e:76:60:89:2e:a4:9b:c3:06:38:90:68:
7a:6e:98:a8:ad:40:30:32:78:cf:4f:0c:e0:72:51:9a:21:b9:
92:26:36:94:e2:c9:dd:9a:61:0d:a5:b8:cf:06:91:46:82:d2:
7a:57:de:59:48:71:68:79:cc:d8:99:43:2a:af:30:b0:88:76:
ad:1a:40:4e:f8:ab:07:f0:64:c8:77:b0:e3:4e:ad:3e:3f:e0:
71:a0:a2:96:08:8f:6f:a4:e0:6e:49:7d:e7:35:41:e9:da:1f:
c7:f5:97:01:81:3d:64:68:ad:f5:d3:fa:1a:e5:ba:15:d3:ce:
d0:8f
2c:aa:a2:46:f7:79:c7:7f:ce:ef:4d:e6:04:aa:7c:5c:77:72:
55:66:41:97:7f:c5:6e:98:a0:c4:10:c6:d6:9c:70:0a:ee:ba:
ea:98:47:78:6f:33:8f:44:7a:d5:74:8a:7e:ab:49:1d:d7:95:
12:11:8e:a0:54:5d:7d:0b:da:c2:c3:01:1a:e7:20:5e:5a:f7:
16:81:89:b7:cd:e7:dc:46:e6:5e:f9:1a:c2:40:a5:59:f1:f5:
fa:55:db:15:ea:3c:c6:39:fd:e6:7b:5b:01:5f:a7:c9:36:a0:
1e:73:11:b5:d3:b8:3f:8d:88:32:6a:e7:cd:b7:1d:31:4e:49:
e8:b9
-----BEGIN CERTIFICATE-----
MIIDqTCCAxKgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBmTELMAkGA1UEBhMCVVMx
EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
d3Rvb3RoMRgwFgYDVQQLDA9Db25zdWx0aW5nXzEwMjQxGDAWBgNVBAMMD3d3dy53
b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0x
NjA3MjUxODU2MzRaFw0xOTA0MjExODU2MzRaMIGVMQswCQYDVQQGEwJVUzEQMA4G
NjA4MTEyMDA3MzhaFw0xOTA1MDgyMDA3MzhaMIGVMQswCQYDVQQGEwJVUzEQMA4G
A1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEQMA4GA1UECgwHd29sZlNT
TDEVMBMGA1UECwwMU3VwcG9ydF8xMDI0MRgwFgYDVQQDDA93d3cud29sZnNzbC5j
b20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wgZ8wDQYJKoZIhvcN
@@ -58,21 +58,21 @@ VR0jBIHGMIHDgBTTIo8oLOAF7tPtw3E9ybI2Oh2/qKGBn6SBnDCBmTELMAkGA1UE
BhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNV
BAoMCFNhd3Rvb3RoMRgwFgYDVQQLDA9Db25zdWx0aW5nXzEwMjQxGDAWBgNVBAMM
D3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv
bYIJAM7j/zEQRtJ2MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADgYEAAbRF
orV/LnZgiS6km8MGOJBoem6YqK1AMDJ4z08M4HJRmiG5kiY2lOLJ3ZphDaW4zwaR
RoLSelfeWUhxaHnM2JlDKq8wsIh2rRpATvirB/BkyHew406tPj/gcaCilgiPb6Tg
bkl95zVB6dofx/WXAYE9ZGit9dP6GuW6FdPO0I8=
bYIJALVOeIPd7+ePMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADgYEALKqi
Rvd5x3/O703mBKp8XHdyVWZBl3/FbpigxBDG1pxwCu666phHeG8zj0R61XSKfqtJ
HdeVEhGOoFRdfQvawsMBGucgXlr3FoGJt83n3EbmXvkawkClWfH1+lXbFeo8xjn9
5ntbAV+nyTagHnMRtdO4P42IMmrnzbcdMU5J6Lk=
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
ce:e3:ff:31:10:46:d2:76
b5:4e:78:83:dd:ef:e7:8f
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting_1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
Not Before: Jul 25 18:56:34 2016 GMT
Not After : Apr 21 18:56:34 2019 GMT
Not Before: Aug 11 20:07:37 2016 GMT
Not After : May 8 20:07:37 2019 GMT
Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting_1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
@@ -94,25 +94,25 @@ Certificate:
X509v3 Authority Key Identifier:
keyid:D3:22:8F:28:2C:E0:05:EE:D3:ED:C3:71:3D:C9:B2:36:3A:1D:BF:A8
DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting_1024/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:CE:E3:FF:31:10:46:D2:76
serial:B5:4E:78:83:DD:EF:E7:8F
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
95:09:cc:95:d1:ff:84:5b:1e:b4:96:51:58:40:7a:68:c7:7d:
5e:5c:27:f7:15:65:50:ce:02:29:13:6c:5e:2d:68:c7:f2:bd:
eb:6d:ae:fe:5e:8f:05:32:e4:26:f0:f7:f9:64:92:e5:cf:f5:
60:65:71:fa:47:74:dd:2b:c1:c7:e0:e3:a5:6e:97:c6:d8:c0:
90:ff:9d:94:65:85:73:b2:c7:35:ec:d3:44:b5:8f:53:fb:c9:
21:ee:93:5f:1c:d6:0d:d9:b4:c3:0d:74:87:ae:c7:b1:42:be:
69:67:db:1c:79:09:c0:69:ac:4a:7d:ea:24:aa:48:99:3e:32:
76:cb
5a:09:c3:7e:d5:cd:73:6f:d6:5d:1d:6c:a8:4a:12:82:3d:be:
fe:09:d6:02:24:23:9a:07:67:4b:6e:60:a6:6d:42:aa:86:36:
07:20:a9:44:b4:95:d6:81:db:9d:28:13:5f:a9:75:38:2d:80:
c6:60:f7:4a:48:23:c0:97:ee:f7:65:35:19:8d:20:a2:00:24:
5c:d9:35:22:99:1f:dd:5f:0c:83:f8:ab:4d:88:69:6a:b0:f4:
82:5c:77:a5:50:b1:09:d1:5d:94:d8:b0:26:bf:c1:55:14:9f:
e2:f0:2e:48:d1:7b:fc:52:bf:ac:6d:1a:3a:dd:36:ee:ca:51:
4c:1d
-----BEGIN CERTIFICATE-----
MIIDtTCCAx6gAwIBAgIJAM7j/zEQRtJ2MA0GCSqGSIb3DQEBCwUAMIGZMQswCQYD
MIIDtTCCAx6gAwIBAgIJALVOeIPd7+ePMA0GCSqGSIb3DQEBCwUAMIGZMQswCQYD
VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G
A1UECgwIU2F3dG9vdGgxGDAWBgNVBAsMD0NvbnN1bHRpbmdfMTAyNDEYMBYGA1UE
AwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
Y29tMB4XDTE2MDcyNTE4NTYzNFoXDTE5MDQyMTE4NTYzNFowgZkxCzAJBgNVBAYT
Y29tMB4XDTE2MDgxMTIwMDczN1oXDTE5MDUwODIwMDczN1owgZkxCzAJBgNVBAYT
AlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQK
DAhTYXd0b290aDEYMBYGA1UECwwPQ29uc3VsdGluZ18xMDI0MRgwFgYDVQQDDA93
d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20w
@@ -124,8 +124,8 @@ ybI2Oh2/qDCBzgYDVR0jBIHGMIHDgBTTIo8oLOAF7tPtw3E9ybI2Oh2/qKGBn6SB
nDCBmTELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0Jv
emVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRgwFgYDVQQLDA9Db25zdWx0aW5nXzEw
MjQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5m
b0B3b2xmc3NsLmNvbYIJAM7j/zEQRtJ2MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcN
AQELBQADgYEAlQnMldH/hFsetJZRWEB6aMd9Xlwn9xVlUM4CKRNsXi1ox/K9622u
/l6PBTLkJvD3+WSS5c/1YGVx+kd03SvBx+DjpW6XxtjAkP+dlGWFc7LHNezTRLWP
U/vJIe6TXxzWDdm0ww10h67HsUK+aWfbHHkJwGmsSn3qJKpImT4ydss=
b0B3b2xmc3NsLmNvbYIJALVOeIPd7+ePMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcN
AQELBQADgYEAWgnDftXNc2/WXR1sqEoSgj2+/gnWAiQjmgdnS25gpm1CqoY2ByCp
RLSV1oHbnSgTX6l1OC2AxmD3SkgjwJfu92U1GY0gogAkXNk1Ipkf3V8Mg/irTYhp
arD0glx3pVCxCdFdlNiwJr/BVRSf4vAuSNF7/FK/rG0aOt027spRTB0=
-----END CERTIFICATE-----

BIN
certs/ca-cert.der
View File

Binary file not shown.

56
certs/ca-cert.pem
View File

@@ -2,12 +2,12 @@ Certificate:
Data:
Version: 3 (0x2)
Serial Number:
ab:7b:54:2b:4a:61:e6:c9
b7:b6:90:33:66:1b:6b:23
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
Not Before: Jul 25 18:56:34 2016 GMT
Not After : Apr 21 18:56:34 2019 GMT
Not Before: Aug 11 20:07:37 2016 GMT
Not After : May 8 20:07:37 2019 GMT
Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
@@ -38,32 +38,32 @@ Certificate:
X509v3 Authority Key Identifier:
keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:AB:7B:54:2B:4A:61:E6:C9
serial:B7:B6:90:33:66:1B:6B:23
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
43:34:44:86:00:1e:c3:0b:46:6f:4c:e6:84:47:b0:30:bd:e8:
7e:5e:20:f4:d1:60:e1:56:a3:5d:41:d6:f7:74:94:88:f4:4e:
2f:6c:a4:12:ae:0e:98:fd:0c:ef:9a:17:70:23:32:24:3b:97:
01:a9:20:b2:92:ed:69:bd:98:74:be:db:b0:9d:fe:da:77:d4:
51:46:d4:cb:fc:98:32:ea:c1:f2:df:f2:04:05:62:ee:f8:37:
3d:5b:1b:d4:ab:a0:9a:13:e9:19:c0:01:41:7e:e3:cb:97:ba:
b9:0b:6a:61:d8:9b:b5:ed:cb:2e:6c:42:a7:ea:db:fa:e9:48:
93:52:9c:1b:4b:c0:17:8b:fb:1e:ba:09:23:56:ac:e4:d1:de:
e7:c4:a9:48:80:1e:d2:9f:43:3e:f4:40:fb:38:fa:3f:62:52:
ae:73:5e:3d:0e:be:21:4f:a6:5e:1d:4c:14:fd:f9:59:42:91:
28:37:20:e3:5c:6a:08:51:4a:5e:04:ec:8b:98:97:4d:d0:3d:
c9:af:33:22:d2:29:83:fd:b8:cb:99:96:95:c6:38:c8:39:1f:
38:9c:8d:43:8c:33:5f:bf:6f:16:ff:68:1e:8b:b1:f9:b2:ae:
9d:64:ad:54:dd:fa:e0:b0:7c:9b:dd:fd:96:8c:70:8c:5e:e7:
d5:00:fa:f4
0e:93:48:44:4a:72:96:60:71:25:82:a9:2c:ca:60:5b:f2:88:
3e:cf:11:74:5a:11:4a:dc:d9:d8:f6:58:2c:05:d3:56:d9:e9:
8f:37:ef:8e:3e:3b:ff:22:36:00:ca:d8:e2:96:3f:a7:d1:ed:
1f:de:7a:b0:d7:8f:36:bd:41:55:1e:d4:b9:86:3b:87:25:69:
35:60:48:d6:e4:5a:94:ce:a2:fa:70:38:36:c4:85:b4:4b:23:
fe:71:9e:2f:db:06:c7:b5:9c:21:f0:3e:7c:eb:91:f8:5c:09:
fd:84:43:a4:b3:4e:04:0c:22:31:71:6a:48:c8:ab:bb:e8:ce:
fa:67:15:1a:3a:82:98:43:33:b5:0e:1f:1e:89:f8:37:de:1b:
e6:b5:a0:f4:a2:8b:b7:1c:90:ba:98:6d:94:21:08:80:5d:f3:
bf:66:ad:c9:72:28:7a:6a:48:ee:cf:63:69:31:8c:c5:8e:66:
da:4b:78:65:e8:03:3a:4b:f8:cc:42:54:d3:52:5c:2d:04:ae:
26:87:e1:7e:40:cb:45:41:16:4b:6e:a3:2e:4a:76:bd:29:7f:
1c:53:37:06:ad:e9:5b:6a:d6:b7:4e:94:a2:7c:e8:ac:4e:a6:
50:3e:2b:32:9e:68:42:1b:e4:59:67:61:ea:c7:9a:51:9c:1c:
55:a3:77:76
-----BEGIN CERTIFICATE-----
MIIEqjCCA5KgAwIBAgIJAKt7VCtKYebJMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD
MIIEqjCCA5KgAwIBAgIJALe2kDNmG2sjMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD
VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G
A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3
dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe
Fw0xNjA3MjUxODU2MzRaFw0xOTA0MjExODU2MzRaMIGUMQswCQYDVQQGEwJVUzEQ
Fw0xNjA4MTEyMDA3MzdaFw0xOTA1MDgyMDA3MzdaMIGUMQswCQYDVQQGEwJVUzEQ
MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3
dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI
@@ -77,11 +77,11 @@ XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc
J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD
VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290
aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAq3tUK0ph5skwDAYD
VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAQzREhgAewwtGb0zmhEewML3o
fl4g9NFg4VajXUHW93SUiPROL2ykEq4OmP0M75oXcCMyJDuXAakgspLtab2YdL7b
sJ3+2nfUUUbUy/yYMurB8t/yBAVi7vg3PVsb1KugmhPpGcABQX7jy5e6uQtqYdib
te3LLmxCp+rb+ulIk1KcG0vAF4v7HroJI1as5NHe58SpSIAe0p9DPvRA+zj6P2JS
rnNePQ6+IU+mXh1MFP35WUKRKDcg41xqCFFKXgTsi5iXTdA9ya8zItIpg/24y5mW
lcY4yDkfOJyNQ4wzX79vFv9oHoux+bKunWStVN364LB8m939loxwjF7n1QD69A==
MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAt7aQM2YbayMwDAYD
VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEADpNIREpylmBxJYKpLMpgW/KI
Ps8RdFoRStzZ2PZYLAXTVtnpjzfvjj47/yI2AMrY4pY/p9HtH956sNePNr1BVR7U
uYY7hyVpNWBI1uRalM6i+nA4NsSFtEsj/nGeL9sGx7WcIfA+fOuR+FwJ/YRDpLNO
BAwiMXFqSMiru+jO+mcVGjqCmEMztQ4fHon4N94b5rWg9KKLtxyQuphtlCEIgF3z
v2atyXIoempI7s9jaTGMxY5m2kt4ZegDOkv4zEJU01JcLQSuJofhfkDLRUEWS26j
Lkp2vSl/HFM3Bq3pW2rWt06UonzorE6mUD4rMp5oQhvkWWdh6seaUZwcVaN3dg==
-----END CERTIFICATE-----

144
certs/client-ca.pem Normal file
View File

@@ -0,0 +1,144 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
b9:bc:90:ed:ad:aa:0a:8c
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL_2048, OU=Programming-2048, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
Not Before: Aug 11 20:07:37 2016 GMT
Not After : May 8 20:07:37 2019 GMT
Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_2048, OU=Programming-2048, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c3:03:d1:2b:fe:39:a4:32:45:3b:53:c8:84:2b:
2a:7c:74:9a:bd:aa:2a:52:07:47:d6:a6:36:b2:07:
32:8e:d0:ba:69:7b:c6:c3:44:9e:d4:81:48:fd:2d:
68:a2:8b:67:bb:a1:75:c8:36:2c:4a:d2:1b:f7:8b:
ba:cf:0d:f9:ef:ec:f1:81:1e:7b:9b:03:47:9a:bf:
65:cc:7f:65:24:69:a6:e8:14:89:5b:e4:34:f7:c5:
b0:14:93:f5:67:7b:3a:7a:78:e1:01:56:56:91:a6:
13:42:8d:d2:3c:40:9c:4c:ef:d1:86:df:37:51:1b:
0c:a1:3b:f5:f1:a3:4a:35:e4:e1:ce:96:df:1b:7e:
bf:4e:97:d0:10:e8:a8:08:30:81:af:20:0b:43:14:
c5:74:67:b4:32:82:6f:8d:86:c2:88:40:99:36:83:
ba:1e:40:72:22:17:d7:52:65:24:73:b0:ce:ef:19:
cd:ae:ff:78:6c:7b:c0:12:03:d4:4e:72:0d:50:6d:
3b:a3:3b:a3:99:5e:9d:c8:d9:0c:85:b3:d9:8a:d9:
54:26:db:6d:fa:ac:bb:ff:25:4c:c4:d1:79:f4:71:
d3:86:40:18:13:b0:63:b5:72:4e:30:c4:97:84:86:
2d:56:2f:d7:15:f7:7f:c0:ae:f5:fc:5b:e5:fb:a1:
ba:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0
X509v3 Authority Key Identifier:
keyid:33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0
DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=Programming-2048/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:B9:BC:90:ED:AD:AA:0A:8C
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
33:85:08:b4:58:0e:a2:00:03:74:de:77:fb:d1:2b:76:9c:97:
90:20:21:a2:e8:2e:22:50:26:04:76:ba:5b:47:79:e5:52:f7:
c4:0d:79:ff:62:3f:05:7c:c3:08:6c:e0:b7:81:d0:ce:c6:c9:
46:b9:8e:4b:5f:56:79:4b:13:b6:d1:6b:66:4b:ce:00:0d:e3:
76:5e:fb:cb:b5:5d:12:31:05:f1:bb:39:f6:86:90:ca:92:56:
a4:a0:75:21:b6:1d:4c:96:c3:45:eb:5a:91:94:32:d3:59:b8:
c9:73:1f:03:a9:81:63:e0:43:c0:1e:c8:65:be:3b:a7:53:c3:
44:ff:b3:fb:47:84:a8:b6:9d:00:d5:6b:ae:87:f8:bb:35:b2:
6c:66:0b:11:ee:6f:fe:12:ed:59:79:f1:3e:f2:d3:61:27:8b:
95:7e:99:75:8d:a4:9f:34:85:f1:25:4d:48:1e:9b:6b:70:f6:
66:cc:56:b1:a3:02:52:8a:7c:aa:af:07:da:97:c6:0c:a5:8f:
ed:cb:f5:d8:04:5d:97:0a:5d:5a:2b:49:f5:bd:93:e5:23:9b:
99:b5:0c:ff:0c:7e:38:82:b2:6e:ab:8a:c9:a7:45:ab:d6:d7:
93:35:70:07:7e:c8:3d:a5:fe:33:8f:d9:85:c0:c7:5a:02:e4:
7c:d6:35:9e
-----BEGIN CERTIFICATE-----
MIIEyjCCA7KgAwIBAgIJALm8kO2tqgqMMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD
VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEVMBMG
A1UECgwMd29sZlNTTF8yMDQ4MRkwFwYDVQQLDBBQcm9ncmFtbWluZy0yMDQ4MRgw
FgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s
ZnNzbC5jb20wHhcNMTYwODExMjAwNzM3WhcNMTkwNTA4MjAwNzM3WjCBnjELMAkG
A1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTAT
BgNVBAoMDHdvbGZTU0xfMjA0ODEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMjA0ODEY
MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
bGZzc2wuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwwPRK/45
pDJFO1PIhCsqfHSavaoqUgdH1qY2sgcyjtC6aXvGw0Se1IFI/S1oootnu6F1yDYs
StIb94u6zw357+zxgR57mwNHmr9lzH9lJGmm6BSJW+Q098WwFJP1Z3s6enjhAVZW
kaYTQo3SPECcTO/Rht83URsMoTv18aNKNeThzpbfG36/TpfQEOioCDCBryALQxTF
dGe0MoJvjYbCiECZNoO6HkByIhfXUmUkc7DO7xnNrv94bHvAEgPUTnINUG07ozuj
mV6dyNkMhbPZitlUJttt+qy7/yVMxNF59HHThkAYE7BjtXJOMMSXhIYtVi/XFfd/
wK71/Fvl+6G60wIDAQABo4IBBzCCAQMwHQYDVR0OBBYEFDPYRWbXaIcYflQNcCeR
xybXhWXAMIHTBgNVHSMEgcswgciAFDPYRWbXaIcYflQNcCeRxybXhWXAoYGkpIGh
MIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96
ZW1hbjEVMBMGA1UECgwMd29sZlNTTF8yMDQ4MRkwFwYDVQQLDBBQcm9ncmFtbWlu
Zy0yMDQ4MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEW
EGluZm9Ad29sZnNzbC5jb22CCQC5vJDtraoKjDAMBgNVHRMEBTADAQH/MA0GCSqG
SIb3DQEBCwUAA4IBAQAzhQi0WA6iAAN03nf70St2nJeQICGi6C4iUCYEdrpbR3nl
UvfEDXn/Yj8FfMMIbOC3gdDOxslGuY5LX1Z5SxO20WtmS84ADeN2XvvLtV0SMQXx
uzn2hpDKklakoHUhth1MlsNF61qRlDLTWbjJcx8DqYFj4EPAHshlvjunU8NE/7P7
R4Sotp0A1Wuuh/i7NbJsZgsR7m/+Eu1ZefE+8tNhJ4uVfpl1jaSfNIXxJU1IHptr
cPZmzFaxowJSinyqrwfal8YMpY/ty/XYBF2XCl1aK0n1vZPlI5uZtQz/DH44grJu
q4rJp0Wr1teTNXAHfsg9pf4zj9mFwMdaAuR81jWe
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
e7:72:a6:9e:13:1d:17:5c
Signature Algorithm: ecdsa-with-SHA256
Issuer: C=US, ST=Oregon, L=Salem, O=Client ECC, OU=Fast, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
Not Before: Aug 11 20:07:38 2016 GMT
Not After : May 8 20:07:38 2019 GMT
Subject: C=US, ST=Oregon, L=Salem, O=Client ECC, OU=Fast, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:55:bf:f4:0f:44:50:9a:3d:ce:9b:b7:f0:c5:4d:
f5:70:7b:d4:ec:24:8e:19:80:ec:5a:4c:a2:24:03:
62:2c:9b:da:ef:a2:35:12:43:84:76:16:c6:56:95:
06:cc:01:a9:bd:f6:75:1a:42:f7:bd:a9:b2:36:22:
5f:c7:5d:7f:b4
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Subject Key Identifier:
EB:D4:4B:59:6B:95:61:3F:51:57:B6:04:4D:89:41:88:44:5C:AB:F2
X509v3 Authority Key Identifier:
keyid:EB:D4:4B:59:6B:95:61:3F:51:57:B6:04:4D:89:41:88:44:5C:AB:F2
DirName:/C=US/ST=Oregon/L=Salem/O=Client ECC/OU=Fast/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:E7:72:A6:9E:13:1D:17:5C
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: ecdsa-with-SHA256
30:45:02:20:43:9a:b6:7e:87:8e:8c:d7:16:f1:0d:d2:50:11:
a4:ac:b6:ac:07:ef:e9:60:e1:90:a2:5f:c9:76:e6:54:1a:81:
02:21:00:d6:8b:7c:ba:53:12:05:06:fa:8f:c5:c7:58:c3:9a:
9f:a1:84:8c:b4:88:83:4d:6a:b4:b7:85:7a:b3:3c:f3:df
-----BEGIN CERTIFICATE-----
MIIDCTCCAq+gAwIBAgIJAOdypp4THRdcMAoGCCqGSM49BAMCMIGNMQswCQYDVQQG
EwJVUzEPMA0GA1UECAwGT3JlZ29uMQ4wDAYDVQQHDAVTYWxlbTETMBEGA1UECgwK
Q2xpZW50IEVDQzENMAsGA1UECwwERmFzdDEYMBYGA1UEAwwPd3d3LndvbGZzc2wu
Y29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE2MDgxMTIw
MDczOFoXDTE5MDUwODIwMDczOFowgY0xCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZP
cmVnb24xDjAMBgNVBAcMBVNhbGVtMRMwEQYDVQQKDApDbGllbnQgRUNDMQ0wCwYD
VQQLDARGYXN0MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0B
CQEWEGluZm9Ad29sZnNzbC5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARV
v/QPRFCaPc6bt/DFTfVwe9TsJI4ZgOxaTKIkA2Ism9rvojUSQ4R2FsZWlQbMAam9
9nUaQve9qbI2Il/HXX+0o4H1MIHyMB0GA1UdDgQWBBTr1EtZa5VhP1FXtgRNiUGI
RFyr8jCBwgYDVR0jBIG6MIG3gBTr1EtZa5VhP1FXtgRNiUGIRFyr8qGBk6SBkDCB
jTELMAkGA1UEBhMCVVMxDzANBgNVBAgMBk9yZWdvbjEOMAwGA1UEBwwFU2FsZW0x
EzARBgNVBAoMCkNsaWVudCBFQ0MxDTALBgNVBAsMBEZhc3QxGDAWBgNVBAMMD3d3
dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJ
AOdypp4THRdcMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgQ5q2foeO
jNcW8Q3SUBGkrLasB+/pYOGQol/JduZUGoECIQDWi3y6UxIFBvqPxcdYw5qfoYSM
tIiDTWq0t4V6szzz3w==
-----END CERTIFICATE-----

BIN
certs/client-cert.der
View File

Binary file not shown.

56
certs/client-cert.pem
View File

@@ -2,12 +2,12 @@ Certificate:
Data:
Version: 3 (0x2)
Serial Number:
d2:fe:4a:9e:aa:a9:46:31
b9:bc:90:ed:ad:aa:0a:8c
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL_2048, OU=Programming-2048, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
Not Before: Jul 25 18:56:34 2016 GMT
Not After : Apr 21 18:56:34 2019 GMT
Not Before: Aug 11 20:07:37 2016 GMT
Not After : May 8 20:07:37 2019 GMT
Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_2048, OU=Programming-2048, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
@@ -38,32 +38,32 @@ Certificate:
X509v3 Authority Key Identifier:
keyid:33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0
DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=Programming-2048/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:D2:FE:4A:9E:AA:A9:46:31
serial:B9:BC:90:ED:AD:AA:0A:8C
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
87:f1:ab:95:97:e3:c7:71:5d:a9:3d:63:80:be:e2:c0:77:dc:
02:43:70:c5:f2:45:2d:f8:d8:69:92:b6:e8:77:ec:53:49:3a:
37:fc:b7:13:2e:34:60:6d:21:59:da:02:4a:0e:fd:f6:c0:a5:
26:34:a6:6a:9f:c4:7d:28:e1:fd:fb:12:28:b8:b6:01:7f:57:
66:fc:46:85:d2:23:b4:e6:54:0b:ee:2e:9b:a8:e0:70:28:4d:
e7:a5:f5:3d:db:4e:98:98:24:e2:30:99:c9:a0:bf:2b:00:57:
d0:df:9d:fa:57:cf:93:fc:e6:36:0c:a5:58:a1:65:2b:1d:be:
65:79:a0:6b:29:61:d1:52:ef:0f:86:21:76:d2:13:c2:de:73:
17:51:08:65:3e:1d:f9:30:5b:36:76:11:6f:3c:d3:0c:03:6b:
3e:f7:5c:b1:26:a8:1b:a5:01:3a:9a:18:6d:ea:10:29:67:9e:
7b:24:2a:e0:80:dc:6f:35:60:f6:2c:65:02:56:dc:00:84:11:
13:21:23:95:a2:ed:55:ce:79:ed:c2:7b:51:d5:f8:8b:aa:43:
a0:e3:03:5f:17:12:a6:8b:22:a6:83:11:41:b6:4f:c6:71:d2:
80:4d:61:ee:a5:6d:07:26:1a:1d:9c:f4:7b:07:64:a6:d3:9f:
2d:a2:c2:ce
33:85:08:b4:58:0e:a2:00:03:74:de:77:fb:d1:2b:76:9c:97:
90:20:21:a2:e8:2e:22:50:26:04:76:ba:5b:47:79:e5:52:f7:
c4:0d:79:ff:62:3f:05:7c:c3:08:6c:e0:b7:81:d0:ce:c6:c9:
46:b9:8e:4b:5f:56:79:4b:13:b6:d1:6b:66:4b:ce:00:0d:e3:
76:5e:fb:cb:b5:5d:12:31:05:f1:bb:39:f6:86:90:ca:92:56:
a4:a0:75:21:b6:1d:4c:96:c3:45:eb:5a:91:94:32:d3:59:b8:
c9:73:1f:03:a9:81:63:e0:43:c0:1e:c8:65:be:3b:a7:53:c3:
44:ff:b3:fb:47:84:a8:b6:9d:00:d5:6b:ae:87:f8:bb:35:b2:
6c:66:0b:11:ee:6f:fe:12:ed:59:79:f1:3e:f2:d3:61:27:8b:
95:7e:99:75:8d:a4:9f:34:85:f1:25:4d:48:1e:9b:6b:70:f6:
66:cc:56:b1:a3:02:52:8a:7c:aa:af:07:da:97:c6:0c:a5:8f:
ed:cb:f5:d8:04:5d:97:0a:5d:5a:2b:49:f5:bd:93:e5:23:9b:
99:b5:0c:ff:0c:7e:38:82:b2:6e:ab:8a:c9:a7:45:ab:d6:d7:
93:35:70:07:7e:c8:3d:a5:fe:33:8f:d9:85:c0:c7:5a:02:e4:
7c:d6:35:9e
-----BEGIN CERTIFICATE-----
MIIEyjCCA7KgAwIBAgIJANL+Sp6qqUYxMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD
MIIEyjCCA7KgAwIBAgIJALm8kO2tqgqMMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD
VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEVMBMG
A1UECgwMd29sZlNTTF8yMDQ4MRkwFwYDVQQLDBBQcm9ncmFtbWluZy0yMDQ4MRgw
FgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s
ZnNzbC5jb20wHhcNMTYwNzI1MTg1NjM0WhcNMTkwNDIxMTg1NjM0WjCBnjELMAkG
ZnNzbC5jb20wHhcNMTYwODExMjAwNzM3WhcNMTkwNTA4MjAwNzM3WjCBnjELMAkG
A1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTAT
BgNVBAoMDHdvbGZTU0xfMjA0ODEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMjA0ODEY
MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
@@ -78,11 +78,11 @@ xybXhWXAMIHTBgNVHSMEgcswgciAFDPYRWbXaIcYflQNcCeRxybXhWXAoYGkpIGh
MIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96
ZW1hbjEVMBMGA1UECgwMd29sZlNTTF8yMDQ4MRkwFwYDVQQLDBBQcm9ncmFtbWlu
Zy0yMDQ4MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEW
EGluZm9Ad29sZnNzbC5jb22CCQDS/kqeqqlGMTAMBgNVHRMEBTADAQH/MA0GCSqG
SIb3DQEBCwUAA4IBAQCH8auVl+PHcV2pPWOAvuLAd9wCQ3DF8kUt+Nhpkrbod+xT
STo3/LcTLjRgbSFZ2gJKDv32wKUmNKZqn8R9KOH9+xIouLYBf1dm/EaF0iO05lQL
7i6bqOBwKE3npfU9206YmCTiMJnJoL8rAFfQ3536V8+T/OY2DKVYoWUrHb5leaBr
KWHRUu8PhiF20hPC3nMXUQhlPh35MFs2dhFvPNMMA2s+91yxJqgbpQE6mhht6hAp
Z557JCrggNxvNWD2LGUCVtwAhBETISOVou1VznntwntR1fiLqkOg4wNfFxKmiyKm
gxFBtk/GcdKATWHupW0HJhodnPR7B2Sm058tosLO
EGluZm9Ad29sZnNzbC5jb22CCQC5vJDtraoKjDAMBgNVHRMEBTADAQH/MA0GCSqG
SIb3DQEBCwUAA4IBAQAzhQi0WA6iAAN03nf70St2nJeQICGi6C4iUCYEdrpbR3nl
UvfEDXn/Yj8FfMMIbOC3gdDOxslGuY5LX1Z5SxO20WtmS84ADeN2XvvLtV0SMQXx
uzn2hpDKklakoHUhth1MlsNF61qRlDLTWbjJcx8DqYFj4EPAHshlvjunU8NE/7P7
R4Sotp0A1Wuuh/i7NbJsZgsR7m/+Eu1ZefE+8tNhJ4uVfpl1jaSfNIXxJU1IHptr
cPZmzFaxowJSinyqrwfal8YMpY/ty/XYBF2XCl1aK0n1vZPlI5uZtQz/DH44grJu
q4rJp0Wr1teTNXAHfsg9pf4zj9mFwMdaAuR81jWe
-----END CERTIFICATE-----

BIN
certs/client-ecc-cert.der
View File

Binary file not shown.

28
certs/client-ecc-cert.pem
View File

@@ -2,12 +2,12 @@ Certificate:
Data:
Version: 3 (0x2)
Serial Number:
b9:b6:1e:e2:36:6d:2d:60
e7:72:a6:9e:13:1d:17:5c
Signature Algorithm: ecdsa-with-SHA256
Issuer: C=US, ST=Oregon, L=Salem, O=Client ECC, OU=Fast, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
Not Before: Jul 25 18:56:34 2016 GMT
Not After : Apr 21 18:56:34 2019 GMT
Not Before: Aug 11 20:07:38 2016 GMT
Not After : May 8 20:07:38 2019 GMT
Subject: C=US, ST=Oregon, L=Salem, O=Client ECC, OU=Fast, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
@@ -26,21 +26,21 @@ Certificate:
X509v3 Authority Key Identifier:
keyid:EB:D4:4B:59:6B:95:61:3F:51:57:B6:04:4D:89:41:88:44:5C:AB:F2
DirName:/C=US/ST=Oregon/L=Salem/O=Client ECC/OU=Fast/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:B9:B6:1E:E2:36:6D:2D:60
serial:E7:72:A6:9E:13:1D:17:5C
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: ecdsa-with-SHA256
30:45:02:20:33:94:59:9a:cc:b1:19:90:4e:e5:ba:7c:03:a5:
4e:05:e1:17:5d:19:50:aa:42:79:4f:6c:59:d2:55:95:88:81:
02:21:00:aa:90:82:a5:a2:59:e6:a1:d0:93:05:1d:5a:55:3c:
40:aa:9f:00:5a:7e:46:02:74:bc:95:bc:94:85:10:27:e6
30:45:02:20:43:9a:b6:7e:87:8e:8c:d7:16:f1:0d:d2:50:11:
a4:ac:b6:ac:07:ef:e9:60:e1:90:a2:5f:c9:76:e6:54:1a:81:
02:21:00:d6:8b:7c:ba:53:12:05:06:fa:8f:c5:c7:58:c3:9a:
9f:a1:84:8c:b4:88:83:4d:6a:b4:b7:85:7a:b3:3c:f3:df
-----BEGIN CERTIFICATE-----
MIIDCTCCAq+gAwIBAgIJALm2HuI2bS1gMAoGCCqGSM49BAMCMIGNMQswCQYDVQQG
MIIDCTCCAq+gAwIBAgIJAOdypp4THRdcMAoGCCqGSM49BAMCMIGNMQswCQYDVQQG
EwJVUzEPMA0GA1UECAwGT3JlZ29uMQ4wDAYDVQQHDAVTYWxlbTETMBEGA1UECgwK
Q2xpZW50IEVDQzENMAsGA1UECwwERmFzdDEYMBYGA1UEAwwPd3d3LndvbGZzc2wu
Y29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE2MDcyNTE4
NTYzNFoXDTE5MDQyMTE4NTYzNFowgY0xCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZP
Y29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE2MDgxMTIw
MDczOFoXDTE5MDUwODIwMDczOFowgY0xCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZP
cmVnb24xDjAMBgNVBAcMBVNhbGVtMRMwEQYDVQQKDApDbGllbnQgRUNDMQ0wCwYD
VQQLDARGYXN0MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0B
CQEWEGluZm9Ad29sZnNzbC5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARV
@@ -50,7 +50,7 @@ RFyr8jCBwgYDVR0jBIG6MIG3gBTr1EtZa5VhP1FXtgRNiUGIRFyr8qGBk6SBkDCB
jTELMAkGA1UEBhMCVVMxDzANBgNVBAgMBk9yZWdvbjEOMAwGA1UEBwwFU2FsZW0x
EzARBgNVBAoMCkNsaWVudCBFQ0MxDTALBgNVBAsMBEZhc3QxGDAWBgNVBAMMD3d3
dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJ
ALm2HuI2bS1gMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgM5RZmsyx
GZBO5bp8A6VOBeEXXRlQqkJ5T2xZ0lWViIECIQCqkIKlolnmodCTBR1aVTxAqp8A
Wn5GAnS8lbyUhRAn5g==
AOdypp4THRdcMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgQ5q2foeO
jNcW8Q3SUBGkrLasB+/pYOGQol/JduZUGoECIQDWi3y6UxIFBvqPxcdYw5qfoYSM
tIiDTWq0t4V6szzz3w==
-----END CERTIFICATE-----

50
certs/crl/cliCrl.pem
View File

@@ -2,38 +2,38 @@ Certificate Revocation List (CRL):
Version 2 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: /C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=Programming-2048/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Last Update: Jul 25 18:56:35 2016 GMT
Next Update: Apr 21 18:56:35 2019 GMT
Last Update: Aug 11 20:07:38 2016 GMT
Next Update: May 8 20:07:38 2019 GMT
CRL extensions:
X509v3 CRL Number:
3
No Revoked Certificates.
Signature Algorithm: sha256WithRSAEncryption
32:20:a7:c7:0e:06:b4:f2:c4:9d:1e:25:56:f9:3f:78:70:8e:
e7:ca:b6:14:aa:03:9a:ae:5b:26:56:73:c3:93:bd:57:f6:3f:
ac:15:50:6d:1f:55:4a:5f:d6:4d:96:9f:e7:cd:1e:c2:79:9a:
2c:44:35:70:3d:0d:0a:fe:7c:ed:dd:20:72:c7:0f:df:5d:11:
6b:fd:fc:81:66:ef:6f:df:dd:f9:fe:6c:ec:cf:64:ba:c4:83:
42:d3:8c:a4:be:06:4d:c0:2c:0e:d4:8f:dd:c3:7d:82:b0:de:
c7:11:9c:99:4e:f5:64:3a:03:1c:c9:ea:fa:da:df:28:42:0f:
6e:86:f2:fc:ea:63:a7:f4:6a:29:8f:8f:11:ce:7f:44:38:f5:
b6:b4:16:75:e7:37:81:a1:81:c5:13:7d:fe:b3:81:72:db:53:
00:c5:07:10:fb:8f:28:5d:43:3e:5f:d2:b7:f1:61:08:8b:f1:
1f:87:06:b8:c9:5e:da:68:e0:2b:90:50:1f:41:86:1d:1b:9b:
87:57:d3:4a:fa:d2:7f:80:45:81:6d:fe:68:c6:4f:b4:96:78:
a7:fe:80:b0:5d:5c:a2:56:c3:1d:b8:27:19:8a:e5:99:c4:81:
94:09:6f:9f:80:3d:5f:1f:cc:68:89:fe:62:e9:cb:67:3c:aa:
01:46:2c:52
14:85:d5:c8:db:62:74:48:94:5e:dc:52:0f:5e:43:8b:29:83:
32:e0:7a:4c:5c:76:e3:7e:c1:87:74:40:b2:6f:f8:33:4c:2c:
32:08:f0:5f:d9:85:b3:20:05:34:5d:15:4d:ba:45:bc:2d:9c:
ae:40:d0:d8:9a:b3:a1:4f:0b:94:ce:c4:23:c6:bf:a2:f8:a6:
02:4c:6d:ad:5a:59:b3:83:55:dd:37:91:f6:75:d4:6f:83:5f:
1c:29:94:cd:01:09:dc:38:d8:6c:c0:9f:1e:76:9d:f9:8f:70:
0d:48:e5:99:82:90:3a:36:f1:33:17:69:73:8a:ee:a7:22:4c:
58:93:a1:dc:59:b9:44:8f:88:99:0b:c4:d3:74:aa:02:9a:84:
36:48:d8:a0:05:73:bc:14:32:1e:76:23:85:c5:94:56:b2:2c:
61:3b:07:d7:bd:0c:27:f7:d7:23:40:bd:0c:6c:c7:e0:f7:28:
74:67:98:20:93:72:16:b6:6e:67:3f:9e:c9:34:c5:64:09:bf:
b1:ab:87:0c:80:b6:1f:89:d8:0e:67:c2:c7:19:df:ee:9f:b2:
e6:fb:64:3d:82:7a:47:e2:8d:a3:93:1d:29:f6:94:db:83:2f:
b6:0a:a0:da:77:e3:56:ec:d7:d2:22:3c:88:4d:4a:87:de:b5:
1c:eb:7b:08
-----BEGIN X509 CRL-----
MIIB+DCB4QIBATANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCVVMxEDAOBgNV
BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTATBgNVBAoMDHdvbGZTU0xf
MjA0ODEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMjA0ODEYMBYGA1UEAwwPd3d3Lndv
bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xNjA3
MjUxODU2MzVaFw0xOTA0MjExODU2MzVaoA4wDDAKBgNVHRQEAwIBAzANBgkqhkiG
9w0BAQsFAAOCAQEAMiCnxw4GtPLEnR4lVvk/eHCO58q2FKoDmq5bJlZzw5O9V/Y/
rBVQbR9VSl/WTZaf580ewnmaLEQ1cD0NCv587d0gcscP310Ra/38gWbvb9/d+f5s
7M9kusSDQtOMpL4GTcAsDtSP3cN9grDexxGcmU71ZDoDHMnq+trfKEIPboby/Opj
p/RqKY+PEc5/RDj1trQWdec3gaGBxRN9/rOBcttTAMUHEPuPKF1DPl/St/FhCIvx
H4cGuMle2mjgK5BQH0GGHRubh1fTSvrSf4BFgW3+aMZPtJZ4p/6AsF1colbDHbgn
GYrlmcSBlAlvn4A9Xx/MaIn+YunLZzyqAUYsUg==
bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xNjA4
MTEyMDA3MzhaFw0xOTA1MDgyMDA3MzhaoA4wDDAKBgNVHRQEAwIBAzANBgkqhkiG
9w0BAQsFAAOCAQEAFIXVyNtidEiUXtxSD15DiymDMuB6TFx2437Bh3RAsm/4M0ws
MgjwX9mFsyAFNF0VTbpFvC2crkDQ2JqzoU8LlM7EI8a/ovimAkxtrVpZs4NV3TeR
9nXUb4NfHCmUzQEJ3DjYbMCfHnad+Y9wDUjlmYKQOjbxMxdpc4rupyJMWJOh3Fm5
RI+ImQvE03SqApqENkjYoAVzvBQyHnYjhcWUVrIsYTsH170MJ/fXI0C9DGzH4Pco
dGeYIJNyFrZuZz+eyTTFZAm/sauHDIC2H4nYDmfCxxnf7p+y5vtkPYJ6R+KNo5Md
KfaU24Mvtgqg2nfjVuzX0iI8iE1Kh961HOt7CA==
-----END X509 CRL-----

52
certs/crl/crl.pem
View File

@@ -2,40 +2,40 @@ Certificate Revocation List (CRL):
Version 2 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Last Update: Jul 25 18:56:35 2016 GMT
Next Update: Apr 21 18:56:35 2019 GMT
Last Update: Aug 11 20:07:38 2016 GMT
Next Update: May 8 20:07:38 2019 GMT
CRL extensions:
X509v3 CRL Number:
1
Revoked Certificates:
Serial Number: 02
Revocation Date: Jul 25 18:56:35 2016 GMT
Revocation Date: Aug 11 20:07:38 2016 GMT
Signature Algorithm: sha256WithRSAEncryption
46:b9:33:dc:07:be:e4:45:64:3f:3c:80:c8:20:9e:f5:3f:24:
f2:a7:79:a9:3f:66:8b:e6:44:f6:ca:a5:e5:51:e5:11:66:bb:
0c:1d:b1:df:ad:98:d8:b1:c4:b6:0f:c5:09:1c:7f:f7:c3:c0:
c8:7f:8b:8e:a1:e1:fc:0c:a8:17:ce:d1:0e:98:f2:de:8a:b2:
93:6e:a1:1d:bd:66:4e:29:d6:01:fb:6a:50:ff:f1:a5:bd:e1:
85:2e:a1:86:94:dd:0e:c5:d6:6e:5b:68:bb:18:ca:58:b4:b8:
53:d2:79:fe:d2:38:0c:08:f0:5b:08:c1:50:a5:0a:20:14:11:
cd:37:79:4c:c0:b1:77:85:fd:3e:c6:77:da:92:9f:22:2f:f6:
f1:7e:81:09:d0:ff:57:17:28:3d:4c:7f:eb:f0:b9:e4:eb:6c:
25:a5:ce:58:ef:53:9a:92:57:30:2b:c4:fe:8e:26:0b:ce:f5:
e8:ce:83:fd:0a:3b:f1:63:10:fb:50:59:c3:5b:ba:28:b9:79:
38:9f:50:f9:a6:3b:c5:4b:6d:49:24:e1:e7:99:81:d2:9b:29:
df:84:3e:41:0b:f4:1a:db:7a:8a:98:7e:11:02:12:2b:28:af:
4b:e9:bc:98:21:3a:19:ba:50:36:4d:6e:0b:b1:1d:57:11:cf:
3c:29:ba:08
35:c6:7f:57:9a:e5:86:5a:15:1a:e2:e5:2b:9f:54:79:2a:58:
51:a2:12:0c:4e:53:58:eb:99:e3:c2:ee:2b:d7:23:e4:3c:4d:
0a:ab:ae:71:9b:ce:b1:c1:75:a1:b6:e5:32:5f:10:b0:72:28:
2e:74:b1:99:dd:47:53:20:f6:9a:83:5c:bd:20:b0:aa:df:32:
f6:95:54:98:9e:59:96:55:7b:0a:74:be:94:66:44:b7:32:82:
f0:eb:16:f8:30:86:16:9f:73:43:98:82:b5:5e:ad:58:c0:c8:
79:da:ad:b1:b4:d7:fb:34:c1:cc:3a:67:af:a4:56:5a:70:5c:
2d:1f:73:16:78:92:01:06:e3:2c:fb:f1:ba:d5:8f:f9:be:dd:
e1:4a:ce:de:ca:e6:2d:96:09:24:06:40:9e:10:15:2e:f2:cd:
85:d6:84:88:db:9c:4a:7b:75:7a:06:0e:40:02:20:60:7e:91:
f7:92:53:1e:34:7a:ea:ee:df:e7:cd:a8:9e:a6:61:b4:56:50:
4d:dc:b1:78:0d:86:cf:45:c3:a6:0a:b9:88:2c:56:a7:b1:d3:
d3:0d:44:aa:93:a4:05:4d:ce:9f:01:b0:c6:1e:e4:ea:6b:92:
6f:93:dd:98:cf:fb:1d:06:72:ac:d4:99:e7:f2:b4:11:57:bd:
9d:63:e5:dc
-----BEGIN X509 CRL-----
MIICBDCB7QIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV
BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3Ro
MRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE2MDcyNTE4NTYzNVoX
DTE5MDQyMTE4NTYzNVowFDASAgECFw0xNjA3MjUxODU2MzVaoA4wDDAKBgNVHRQE
AwIBATANBgkqhkiG9w0BAQsFAAOCAQEARrkz3Ae+5EVkPzyAyCCe9T8k8qd5qT9m
i+ZE9sql5VHlEWa7DB2x362Y2LHEtg/FCRx/98PAyH+LjqHh/AyoF87RDpjy3oqy
k26hHb1mTinWAftqUP/xpb3hhS6hhpTdDsXWbltouxjKWLS4U9J5/tI4DAjwWwjB
UKUKIBQRzTd5TMCxd4X9PsZ32pKfIi/28X6BCdD/VxcoPUx/6/C55OtsJaXOWO9T
mpJXMCvE/o4mC8716M6D/Qo78WMQ+1BZw1u6KLl5OJ9Q+aY7xUttSSTh55mB0psp
34Q+QQv0Gtt6iph+EQISKyivS+m8mCE6GbpQNk1uC7EdVxHPPCm6CA==
HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE2MDgxMTIwMDczOFoX
DTE5MDUwODIwMDczOFowFDASAgECFw0xNjA4MTEyMDA3MzhaoA4wDDAKBgNVHRQE
AwIBATANBgkqhkiG9w0BAQsFAAOCAQEANcZ/V5rlhloVGuLlK59UeSpYUaISDE5T
WOuZ48LuK9cj5DxNCquucZvOscF1obblMl8QsHIoLnSxmd1HUyD2moNcvSCwqt8y
9pVUmJ5ZllV7CnS+lGZEtzKC8OsW+DCGFp9zQ5iCtV6tWMDIedqtsbTX+zTBzDpn
r6RWWnBcLR9zFniSAQbjLPvxutWP+b7d4UrO3srmLZYJJAZAnhAVLvLNhdaEiNuc
Snt1egYOQAIgYH6R95JTHjR66u7f582onqZhtFZQTdyxeA2Gz0XDpgq5iCxWp7HT
0w1EqpOkBU3OnwGwxh7k6muSb5PdmM/7HQZyrNSZ5/K0EVe9nWPl3A==
-----END X509 CRL-----

56
certs/crl/crl.revoked
View File

@@ -2,43 +2,43 @@ Certificate Revocation List (CRL):
Version 2 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Last Update: Jul 25 18:56:35 2016 GMT
Next Update: Apr 21 18:56:35 2019 GMT
Last Update: Aug 11 20:07:38 2016 GMT
Next Update: May 8 20:07:38 2019 GMT
CRL extensions:
X509v3 CRL Number:
2
Revoked Certificates:
Serial Number: 01
Revocation Date: Jul 25 18:56:35 2016 GMT
Revocation Date: Aug 11 20:07:38 2016 GMT
Serial Number: 02
Revocation Date: Jul 25 18:56:35 2016 GMT
Revocation Date: Aug 11 20:07:38 2016 GMT
Signature Algorithm: sha256WithRSAEncryption
6a:e9:52:bd:52:9c:0d:a2:e4:75:e7:e0:bb:b1:1d:83:c6:62:
77:85:a3:2a:c9:17:dc:50:b7:55:cf:aa:63:67:8d:01:67:3b:
54:0a:3b:44:61:41:be:aa:f7:cb:a8:06:99:6a:6d:82:5b:a5:
40:6c:d1:3e:26:c7:a6:c1:24:15:19:11:45:8f:12:f5:84:e5:
5f:ed:de:03:b8:d7:8a:61:3a:20:4f:87:2e:ca:34:d6:f5:cc:
34:af:3f:df:66:55:e0:2d:e0:47:d8:9e:b7:2a:91:96:f2:01:
74:0c:ef:b7:ca:3a:00:b6:1a:8c:5f:bc:57:d4:62:0c:30:31:
40:d9:e9:a5:ea:75:48:a5:93:40:ba:5d:26:e4:cb:6e:01:16:
ba:ce:4b:96:64:b1:90:a0:bd:1b:56:0e:54:f2:8d:f5:99:37:
5b:ce:1e:17:da:9f:b3:00:9d:b9:23:ae:3d:4e:2d:50:b7:ef:
ce:98:54:db:49:5e:27:f4:50:da:b2:cf:5c:d0:b8:77:06:a3:
15:8f:6b:c3:e8:e9:19:3c:4c:d3:51:f9:a1:77:31:62:e6:94:
25:41:75:6c:eb:05:a4:be:e8:97:1e:b0:c3:27:80:5d:49:17:
02:87:ee:54:8d:83:63:57:5d:38:b2:78:9f:60:36:77:74:59:
db:89:15:cf
91:67:3d:34:8f:85:87:cd:11:0f:e2:af:cd:77:3f:d8:f2:15:
cb:c3:0d:49:02:87:13:f5:82:9e:a9:6f:ed:6a:aa:28:b7:6c:
61:7b:ac:90:d0:e5:a1:3d:80:2c:31:6f:4e:0b:e9:9a:44:db:
6b:24:71:34:9f:d1:51:53:8a:bd:bd:1c:20:e0:96:73:7b:29:
1c:e3:56:97:46:a2:5e:db:ae:fe:1f:4a:c1:5c:5b:30:74:a4:
70:dc:7e:70:7f:42:9f:48:d3:99:16:ff:34:f9:a7:db:ad:3d:
bc:a6:9d:ee:6a:ed:e7:e0:2f:ef:24:ab:4c:9b:44:d8:fc:1c:
48:9f:f4:3c:14:f3:6c:a2:0f:a7:93:00:32:29:96:7e:98:5d:
c9:85:fa:94:4c:e2:03:7e:fb:bf:f0:0e:93:52:3b:8a:e1:43:
fe:3f:f2:57:02:21:e8:ff:43:da:3e:f0:3d:1a:eb:96:7a:0a:
d8:27:56:e2:30:2a:3c:a3:93:ff:1e:3f:98:6b:4e:ea:78:90:
8b:d7:24:0a:98:b8:c1:e8:f5:02:d2:18:07:17:c3:6c:b5:db:
a7:61:c5:5d:8e:36:80:f5:aa:c1:a7:5b:66:4a:dd:17:62:da:
80:70:83:4d:69:fa:c4:f4:2d:27:90:8d:7f:28:34:19:e0:a3:
8a:6b:73:55
-----BEGIN X509 CRL-----
MIICGTCCAQECAQEwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVTMRAwDgYD
VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290
aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xNjA3MjUxODU2MzVa
Fw0xOTA0MjExODU2MzVaMCgwEgIBARcNMTYwNzI1MTg1NjM1WjASAgECFw0xNjA3
MjUxODU2MzVaoA4wDDAKBgNVHRQEAwIBAjANBgkqhkiG9w0BAQsFAAOCAQEAaulS
vVKcDaLkdefgu7Edg8Zid4WjKskX3FC3Vc+qY2eNAWc7VAo7RGFBvqr3y6gGmWpt
glulQGzRPibHpsEkFRkRRY8S9YTlX+3eA7jXimE6IE+HLso01vXMNK8/32ZV4C3g
R9ietyqRlvIBdAzvt8o6ALYajF+8V9RiDDAxQNnppep1SKWTQLpdJuTLbgEWus5L
lmSxkKC9G1YOVPKN9Zk3W84eF9qfswCduSOuPU4tULfvzphU20leJ/RQ2rLPXNC4
dwajFY9rw+jpGTxM01H5oXcxYuaUJUF1bOsFpL7olx6wwyeAXUkXAofuVI2DY1dd
OLJ4n2A2d3RZ24kVzw==
MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xNjA4MTEyMDA3Mzha
Fw0xOTA1MDgyMDA3MzhaMCgwEgIBARcNMTYwODExMjAwNzM4WjASAgECFw0xNjA4
MTEyMDA3MzhaoA4wDDAKBgNVHRQEAwIBAjANBgkqhkiG9w0BAQsFAAOCAQEAkWc9
NI+Fh80RD+KvzXc/2PIVy8MNSQKHE/WCnqlv7WqqKLdsYXuskNDloT2ALDFvTgvp
mkTbayRxNJ/RUVOKvb0cIOCWc3spHONWl0aiXtuu/h9KwVxbMHSkcNx+cH9Cn0jT
mRb/NPmn2609vKad7mrt5+Av7ySrTJtE2PwcSJ/0PBTzbKIPp5MAMimWfphdyYX6
lEziA377v/AOk1I7iuFD/j/yVwIh6P9D2j7wPRrrlnoK2CdW4jAqPKOT/x4/mGtO
6niQi9ckCpi4wej1AtIYBxfDbLXbp2HFXY42gPWqwadbZkrdF2LagHCDTWn6xPQt
J5CNfyg0GeCjimtzVQ==
-----END X509 CRL-----

20
certs/crl/eccCliCRL.pem
View File

@@ -2,23 +2,23 @@ Certificate Revocation List (CRL):
Version 2 (0x1)
Signature Algorithm: ecdsa-with-SHA256
Issuer: /C=US/ST=Oregon/L=Salem/O=Client ECC/OU=Fast/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Last Update: Jul 25 18:56:35 2016 GMT
Next Update: Apr 21 18:56:35 2019 GMT
Last Update: Aug 11 20:07:38 2016 GMT
Next Update: May 8 20:07:38 2019 GMT
CRL extensions:
X509v3 CRL Number:
4
No Revoked Certificates.
Signature Algorithm: ecdsa-with-SHA256
30:45:02:20:63:27:98:5a:26:c9:de:b5:05:68:ea:63:2a:5f:
df:7f:92:37:17:ff:ad:8c:46:c7:e6:35:da:29:e6:e5:81:c7:
02:21:00:ff:d7:35:dd:52:e0:9e:6c:41:9f:8d:6c:b9:a9:6f:
45:d6:1a:65:59:72:a3:d1:70:57:6e:9e:e7:1b:fe:9f:ee
30:45:02:20:05:17:4f:0c:42:51:f6:f5:a3:2e:52:3e:e3:f4:
ed:99:ca:4d:16:75:f7:80:9d:7a:cf:64:5e:ec:cd:9d:f0:86:
02:21:00:e0:38:31:16:e2:ab:e4:d5:4b:cd:67:2f:e1:f0:e5:
ac:f2:8a:4b:03:9b:f1:69:60:2c:bf:dc:02:11:e8:71:f7
-----BEGIN X509 CRL-----
MIIBJjCBzQIBATAKBggqhkjOPQQDAjCBjTELMAkGA1UEBhMCVVMxDzANBgNVBAgM
Bk9yZWdvbjEOMAwGA1UEBwwFU2FsZW0xEzARBgNVBAoMCkNsaWVudCBFQ0MxDTAL
BgNVBAsMBEZhc3QxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3
DQEJARYQaW5mb0B3b2xmc3NsLmNvbRcNMTYwNzI1MTg1NjM1WhcNMTkwNDIxMTg1
NjM1WqAOMAwwCgYDVR0UBAMCAQQwCgYIKoZIzj0EAwIDSAAwRQIgYyeYWibJ3rUF
aOpjKl/ff5I3F/+tjEbH5jXaKeblgccCIQD/1zXdUuCebEGfjWy5qW9F1hplWXKj
0XBXbp7nG/6f7g==
DQEJARYQaW5mb0B3b2xmc3NsLmNvbRcNMTYwODExMjAwNzM4WhcNMTkwNTA4MjAw
NzM4WqAOMAwwCgYDVR0UBAMCAQQwCgYIKoZIzj0EAwIDSAAwRQIgBRdPDEJR9vWj
LlI+4/TtmcpNFnX3gJ16z2Re7M2d8IYCIQDgODEW4qvk1UvNZy/h8OWs8opLA5vx
aWAsv9wCEehx9w==
-----END X509 CRL-----

20
certs/crl/eccSrvCRL.pem
View File

@@ -2,23 +2,23 @@ Certificate Revocation List (CRL):
Version 2 (0x1)
Signature Algorithm: ecdsa-with-SHA256
Issuer: /C=US/ST=Washington/L=Seattle/O=Eliptic/OU=ECC/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Last Update: Jul 25 18:56:35 2016 GMT
Next Update: Apr 21 18:56:35 2019 GMT
Last Update: Aug 11 20:07:38 2016 GMT
Next Update: May 8 20:07:38 2019 GMT
CRL extensions:
X509v3 CRL Number:
5
No Revoked Certificates.
Signature Algorithm: ecdsa-with-SHA256
30:46:02:21:00:f9:33:9e:07:1a:74:76:74:a3:fb:d8:8a:88:
4c:a2:15:4f:03:7e:63:6c:4f:03:1f:87:71:77:7a:8c:1d:a0:
29:02:21:00:93:20:0c:67:58:33:10:f6:f5:a8:69:a2:0f:8c:
7a:24:af:62:95:26:a7:0d:bc:47:81:1c:e6:6a:04:20:ff:6e
30:46:02:21:00:dd:0a:1e:ff:5b:19:4e:40:a1:a8:65:b3:48:
fb:2b:a0:e5:6b:c4:27:31:2b:0b:1e:8c:c2:12:f5:74:74:c2:
5b:02:21:00:f9:67:2e:5c:26:7b:14:a1:16:db:d4:7d:b1:a9:
75:c7:5f:db:6f:c9:57:12:9b:44:99:40:71:70:7d:f9:b6:c8
-----BEGIN X509 CRL-----
MIIBKTCBzwIBATAKBggqhkjOPQQDAjCBjzELMAkGA1UEBhMCVVMxEzARBgNVBAgM
Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB0VsaXB0aWMx
DDAKBgNVBAsMA0VDQzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZI
hvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xNjA3MjUxODU2MzVaFw0xOTA0MjEx
ODU2MzVaoA4wDDAKBgNVHRQEAwIBBTAKBggqhkjOPQQDAgNJADBGAiEA+TOeBxp0
dnSj+9iKiEyiFU8DfmNsTwMfh3F3eowdoCkCIQCTIAxnWDMQ9vWoaaIPjHokr2KV
JqcNvEeBHOZqBCD/bg==
hvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xNjA4MTEyMDA3MzhaFw0xOTA1MDgy
MDA3MzhaoA4wDDAKBgNVHRQEAwIBBTAKBggqhkjOPQQDAgNJADBGAiEA3Qoe/1sZ
TkChqGWzSPsroOVrxCcxKwsejMIS9XR0wlsCIQD5Zy5cJnsUoRbb1H2xqXXHX9tv
yVcSm0SZQHFwffm2yA==
-----END X509 CRL-----

BIN
certs/ecc-client-key.der Normal file
View File

Binary file not shown.

BIN
certs/ecc-client-keyPub.der Normal file
View File

Binary file not shown.

4
certs/ecc-client-keyPub.pem Normal file
View File

@@ -0,0 +1,4 @@
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEVb/0D0RQmj3Om7fwxU31cHvU7CSO
GYDsWkyiJANiLJva76I1EkOEdhbGVpUGzAGpvfZ1GkL3vamyNiJfx11/tA==
-----END PUBLIC KEY-----

2
certs/include.am
View File

@@ -13,6 +13,7 @@ EXTRA_DIST += \
certs/ecc-keyPkcs8.pem \
certs/ecc-client-key.pem \
certs/client-ecc-cert.pem \
certs/client-ca.pem \
certs/ntru-cert.pem \
certs/dh2048.pem \
certs/server-cert.pem \
@@ -46,3 +47,4 @@ dist_doc_DATA+= certs/taoCert.txt
EXTRA_DIST+= certs/ntru-key.raw
include certs/test-pathlen/include.am

40
certs/ntru-cert.pem
View File

@@ -1,28 +1,28 @@
-----BEGIN CERTIFICATE-----
MIIEzzCCA7egAwIBAgIIAU2eYQxWefkwDQYJKoZIhvcNAQEFBQAwgZQxCzAJBgNV
MIIEzzCCA7egAwIBAgIIAVNfm0lhPEQwDQYJKoZIhvcNAQEFBQAwgZQxCzAJBgNV
BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYD
VQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3
LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMCIY
DzIwMTYwNzI0MTk1NjUxWhgPMjAxNzEyMDcxODU2NTFaMIGKMQswCQYDVQQGEwJV
DzIwMTYwODEwMjEwNzUxWhgPMjAxOTA1MDgyMTA3NTFaMIGKMQswCQYDVQQGEwJV
UzELMAkGA1UECAwCT1IxETAPBgNVBAcMCFBvcnRsYW5kMQ4wDAYDVQQKDAV5YVNT
TDEUMBIGA1UECwwLRGV2ZWxvcG1lbnQxFjAUBgNVBAMMDXd3dy55YXNzbC5jb20x
HTAbBgkqhkiG9w0BCQEWDmluZm9AeWFzc2wuY29tMIICTTAaBgsrBgEEAcEWAQEB
AQYLKwYBBAHBFgEBAi4DggItAASCAigvOBBlcFH8dlJJwHU2oejeShSVHrxJouVs
bEw3GMypYjKwYuQI2dgeVjITToINjGJYc4FfEAWLo9M7LEy6meXs6tmbABb6AU5S
p1IG0DH/nn+8pdxDB5dvXFiEXKFHix+D1jAeaoWGxwQayz79ksFJiiQzmZJ/RL49
sWCVRDrimMP++3faRWKVQRsriJtyV92ymMQtdIhrnUNmHRhWCtFTvlNY59TPxV6a
qde+NOh1tbzq7gTRhmhbOTweYXTDjaUdftfLG2c7p6G5RpbQNPkdeFTlompuiwew
KQ7ODblFWis0FivF6vol+TvidZMcxc3NheGWsu6/RpuEZ/sZssGVLdUR+7LOvf9f
NJIJ10+6A4sb9eaDStQ93GTwoFKwvBTRhaYDzXhL/6YzKFJiXUC6Q3UH4dm74Cvy
s6WlzCcBpaFUCVIz5Gsrgrdq9x3hFs1NryYn/Fa/uerGffbseceC2UWdQa0ta2JA
shrTHxK2ObPTDV0wPDVzCTG5XCSRSo0aGS98JIL1uSNfUhk9jfwA7c+F9N16Kle0
cpcKK2xnWH97cpp/CRwGbi4LHQhwfoXmLoEWAVeOdj6PF+Rla4/UtlrdZ1ugha6Z
63TAwrLp2/NfOv+1aB0U5TzGiBB20T3vD+bXI6SXGPHtAJooP/oCLwKqajCFYJ+o
dlUNXpGsoJ6inz+U1uZoh1u6q3KZV8IpXSwBVYyzrBivIRt9+qJgUfwuO+FNqYAw
DQYJKoZIhvcNAQEFBQADggEBAI62PKLge07dXYlSyruxweQe8jscqn5IQoBW4LtR
fd45BS649nTL7XB2d3ldCdRE24mR74cqo/WXaQoyjyYME0r/uvwqiYPFJtydZk/X
mKfz8209b6qtvITL0/mLFDn092fXUVOMRvZ73mqhLOV5995j4e4bsn24dwWfn5Zd
sXrbjVfiVYONT2xeXWZkldlQP9tUeRSoWDjJM4OOR0lVrBVPGj6YkskTbbrNnUNV
vaxnuTJOwDpt+xHtu6IqP9SnFOVt24cIWGp/bFma1KxbxtMCoEF63rawMea51c5V
wI1eg+rlazRjWTHvWLSWLY7DLGh0+IJoRaMcJxaFqun2hAQ=
AQYLKwYBBAHBFgEBAi4DggItAASCAijLUTkEtmdP3XEQ1fYC88/8P8FWqx1kiHFU
GjaK22nUi1i1bsqu+k61/sUzbATXavpA2ay2MUbO9f5YpYYPOLdSCaWrNd9nzlxa
lzqj67x/h7qSKubotJd4U0Bk084Hjqbkxt1MK8SkUz7nFHVbvBmh29WNAyuzf6jt
03Hrc+/tUHLKAEvrygkymsFl9ArSGi141AusGIX0vkN5T+4JfSkFACi3Ux43eCFA
1M7qGUbOl7ylUF76Y6ME7e/uEDa/kIBGu/r52u1yxbxLCJOZPjtJYFaXGgDN4Xal
QWoeTP/7GICdZEttivaxI5Z0IAxt+DlQcLMm3xlppnzVD0FqRR9SQbJ1pvGt2eQO
7D7Y9mJsJU+DCpp4fB42q0JqM/j8w3WwbzN5AOyA9XMiUCHM1c/k5L2GpX6Rs+VS
bhr0uiTo8/ux3ca5l/aHlmlBLcBPNDrasrCCKrs7Tok6ek2R3o3umCmKIGSgcLEv
Ifyg/c/6jc3tipSQkYbtIiitBXoiGk/eEd9fxkhp/+qtOKWUnNsaJUC09KOsA7TB
bK4hJGzzR5TL/45FjDJCspKmOnASaO51hGaoWAyMZPFsCwfkEg9/84bfmw8YmD6k
qBwtkYDrqRHJZB1enmQ61TogoIcxO1F7EPGOCih+Av5xcgWmjD/4Y8lvBCBkHKDh
Adp0B3QFk481vAdk2A5lbeuizXajvWGhvWY2Wzc/Ge3YjcYvo5C34Sx/Ujd5r8Aw
DQYJKoZIhvcNAQEFBQADggEBAFPgoyA+vFwaEeuJ5AxuOEwWyqfLqjBbW3MrMXd3
LqUd+7VmXW7MGgMtyvXDrVi+PCCAdXijKpHgiHdUNz59JmYliAH75tI+EdsQsO3T
zxNZiM/++K5w2o2NFiz4LOm95IxAsXnviYNMBOrzdn4RaAYQ1NYiho6h85SBlfYY
m8kYktgQ4iok9oCkSeKzFDOZbl5ax+iHvSqpcWQmJxU9D2HzToO5kCN2zAHfxowt
PT9SDnIYxzivTbG39HSdG/+p/paVIb7Kj1VOmQjz7e7hYztmqIV2BPg34MNOxKv0
JBIqYQH/F1p9N03IQREMXbh9XNlv35PX5pFj14k8NuhiEhs=
-----END CERTIFICATE-----

BIN
certs/ntru-key.raw
View File

Binary file not shown.

17
certs/renewcerts.sh
View File

@@ -14,9 +14,8 @@
# server-ecc.pem
# 1024/client-cert.der
# 1024/client-cert.pem
#
# Needs to be added:
# server-ecc-comp.pem
# client-ca.pem
# updates the following crls:
# crl/cliCrl.pem
# crl/crl.pem
@@ -202,16 +201,27 @@ function run_renewcerts(){
openssl x509 -in server-ecc-comp.pem -text > tmp.pem
mv tmp.pem server-ecc-comp.pem
############################################################
############## create the client-ca.pem file ###############
############################################################
echo "Updating client-ca.pem"
echo ""
cat client-cert.pem client-ecc-cert.pem > client-ca.pem
############################################################
########## make .der files from .pem files #################
############################################################
openssl x509 -inform PEM -in \1024/client-cert.pem -outform DER -out \1024/client-cert.der
echo "Generating new ca-cert.der, client-cert.der, server-cert.der..."
echo "Creating der formatted certs..."
echo ""
openssl x509 -inform PEM -in ca-cert.pem -outform DER -out ca-cert.der
openssl x509 -inform PEM -in client-cert.pem -outform DER -out client-cert.der
openssl x509 -inform PEM -in server-cert.pem -outform DER -out server-cert.der
openssl x509 -inform PEM -in client-ecc-cert.pem -outform DER -out client-ecc-cert.der
openssl x509 -inform PEM -in server-ecc-rsa.pem -outform DER -out server-ecc-rsa.der
openssl x509 -inform PEM -in server-ecc.pem -outform DER -out server-ecc.der
openssl x509 -inform PEM -in server-ecc-comp.pem -outform DER -out server-ecc-comp.der
echo "Changing directory to wolfssl root..."
echo ""
cd ../
@@ -257,6 +267,7 @@ function restore_config(){
function move_ntru(){
cp ntru-cert.pem certs/ntru-cert.pem
cp ntru-key.raw certs/ntru-key.raw
cp ntru-cert.der certs/ntru-cert.der
}
###############################################################################

BIN
certs/server-cert.der
View File

Binary file not shown.

110
certs/server-cert.pem
View File

@@ -5,8 +5,8 @@ Certificate:
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
Not Before: Jul 25 18:56:34 2016 GMT
Not After : Apr 21 18:56:34 2019 GMT
Not Before: Aug 11 20:07:37 2016 GMT
Not After : May 8 20:07:37 2019 GMT
Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Support, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
@@ -37,32 +37,32 @@ Certificate:
X509v3 Authority Key Identifier:
keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:AB:7B:54:2B:4A:61:E6:C9
serial:B7:B6:90:33:66:1B:6B:23
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
7d:23:ed:97:97:96:3d:0c:a3:33:f5:83:91:c1:c4:ba:a7:19:
4e:12:d0:e7:25:da:f8:d0:53:a5:ab:85:96:23:5a:fa:32:6c:
13:14:ac:5a:2e:c4:6c:9f:a9:8a:f0:d9:ad:dd:71:98:04:09:
3b:25:87:e3:ed:d0:f2:02:20:5a:ba:c6:44:37:be:56:92:46:
7d:52:e7:12:9f:e1:b9:bd:d7:58:c5:81:be:1b:15:c9:d3:57:
46:c8:dc:4e:71:2d:b0:dc:03:81:cd:94:d5:6f:30:dc:47:49:
0c:16:bd:8b:d6:cb:97:38:45:bd:da:a3:82:3f:b4:f3:6b:7b:
40:ea:8e:94:d4:d6:6a:8a:e8:89:15:47:e9:03:95:fb:3c:05:
d3:e2:2d:d6:bd:3c:9b:6b:92:b0:f8:c1:97:cd:4a:a4:98:98:
85:16:d4:24:5f:1b:33:4e:27:56:d5:98:df:e4:2b:da:88:6a:
bb:95:c7:c4:08:0d:e8:fe:5b:ae:52:26:87:0f:93:ba:e3:c8:
19:7c:5d:64:15:7d:ee:65:6e:cf:56:24:a5:4c:5a:07:ed:4b:
56:f4:0f:5b:5f:fa:0f:3f:fa:7a:1f:f8:28:a2:72:14:d5:21:
29:d8:c0:42:a7:de:d2:00:75:d2:dd:db:0d:b0:82:33:2f:2a:
df:a0:87:7d
51:fe:2a:df:07:7e:43:ca:66:8d:15:c4:2b:db:57:b2:06:6d:
0d:90:66:ff:a5:24:9c:14:ef:81:f2:a4:ab:99:a9:6a:49:20:
a5:d2:71:e7:1c:3c:99:07:c7:47:fc:e8:96:b4:f5:42:30:ce:
39:01:4b:d1:c2:e8:bc:95:84:87:ce:55:5d:97:9f:cf:78:f3:
56:9b:a5:08:6d:ac:f6:a5:5c:c4:ef:3e:2a:39:a6:48:26:29:
7b:2d:e0:cd:a6:8c:57:48:0b:bb:31:32:c2:bf:d9:43:4c:47:
25:18:81:a8:c9:33:82:41:9b:ba:61:86:d7:84:93:17:24:25:
36:ca:4d:63:6b:4f:95:79:d8:60:e0:1e:f5:ac:c1:8a:a1:b1:
7e:85:8e:87:20:2f:08:31:ad:5e:c6:4a:c8:61:f4:9e:07:1e:
a2:22:ed:73:7c:85:ee:fa:62:dc:50:36:aa:fd:c7:9d:aa:18:
04:fb:ea:cc:2c:68:9b:b3:a9:c2:96:d8:c1:cc:5a:7e:f7:0d:
9e:08:e0:9d:29:8b:84:46:8f:d3:91:6a:b5:b8:7a:5c:cc:4f:
55:01:b8:9a:48:a0:94:43:ca:25:47:52:0a:f7:f4:be:b0:d1:
71:6d:a5:52:4a:65:50:b2:ad:4e:1d:e0:6c:01:d8:fb:43:80:
e6:e4:0c:37
-----BEGIN CERTIFICATE-----
MIIEnjCCA4agAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwNzI1
MTg1NjM0WhcNMTkwNDIxMTg1NjM0WjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwODEx
MjAwNzM3WhcNMTkwNTA4MjAwNzM3WjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxEDAO
BgNVBAsMB1N1cHBvcnQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
@@ -76,24 +76,24 @@ sxEyyZKYhOLJ+NA7bgNCyh8OjjwwgckGA1UdIwSBwTCBvoAUJ45nEXTDJh0/7TNj
s6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5h
MRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwK
Q29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcN
AQkBFhBpbmZvQHdvbGZzc2wuY29tggkAq3tUK0ph5skwDAYDVR0TBAUwAwEB/zAN
BgkqhkiG9w0BAQsFAAOCAQEAfSPtl5eWPQyjM/WDkcHEuqcZThLQ5yXa+NBTpauF
liNa+jJsExSsWi7EbJ+pivDZrd1xmAQJOyWH4+3Q8gIgWrrGRDe+VpJGfVLnEp/h
ub3XWMWBvhsVydNXRsjcTnEtsNwDgc2U1W8w3EdJDBa9i9bLlzhFvdqjgj+082t7
QOqOlNTWaoroiRVH6QOV+zwF0+It1r08m2uSsPjBl81KpJiYhRbUJF8bM04nVtWY
3+Qr2ohqu5XHxAgN6P5brlImhw+TuuPIGXxdZBV97mVuz1YkpUxaB+1LVvQPW1/6
Dz/6eh/4KKJyFNUhKdjAQqfe0gB10t3bDbCCMy8q36CHfQ==
AQkBFhBpbmZvQHdvbGZzc2wuY29tggkAt7aQM2YbayMwDAYDVR0TBAUwAwEB/zAN
BgkqhkiG9w0BAQsFAAOCAQEAUf4q3wd+Q8pmjRXEK9tXsgZtDZBm/6UknBTvgfKk
q5mpakkgpdJx5xw8mQfHR/zolrT1QjDOOQFL0cLovJWEh85VXZefz3jzVpulCG2s
9qVcxO8+KjmmSCYpey3gzaaMV0gLuzEywr/ZQ0xHJRiBqMkzgkGbumGG14STFyQl
NspNY2tPlXnYYOAe9azBiqGxfoWOhyAvCDGtXsZKyGH0ngceoiLtc3yF7vpi3FA2
qv3HnaoYBPvqzCxom7OpwpbYwcxafvcNngjgnSmLhEaP05Fqtbh6XMxPVQG4mkig
lEPKJUdSCvf0vrDRcW2lUkplULKtTh3gbAHY+0OA5uQMNw==
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
ab:7b:54:2b:4a:61:e6:c9
b7:b6:90:33:66:1b:6b:23
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
Not Before: Jul 25 18:56:34 2016 GMT
Not After : Apr 21 18:56:34 2019 GMT
Not Before: Aug 11 20:07:37 2016 GMT
Not After : May 8 20:07:37 2019 GMT
Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
@@ -124,32 +124,32 @@ Certificate:
X509v3 Authority Key Identifier:
keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:AB:7B:54:2B:4A:61:E6:C9
serial:B7:B6:90:33:66:1B:6B:23
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
43:34:44:86:00:1e:c3:0b:46:6f:4c:e6:84:47:b0:30:bd:e8:
7e:5e:20:f4:d1:60:e1:56:a3:5d:41:d6:f7:74:94:88:f4:4e:
2f:6c:a4:12:ae:0e:98:fd:0c:ef:9a:17:70:23:32:24:3b:97:
01:a9:20:b2:92:ed:69:bd:98:74:be:db:b0:9d:fe:da:77:d4:
51:46:d4:cb:fc:98:32:ea:c1:f2:df:f2:04:05:62:ee:f8:37:
3d:5b:1b:d4:ab:a0:9a:13:e9:19:c0:01:41:7e:e3:cb:97:ba:
b9:0b:6a:61:d8:9b:b5:ed:cb:2e:6c:42:a7:ea:db:fa:e9:48:
93:52:9c:1b:4b:c0:17:8b:fb:1e:ba:09:23:56:ac:e4:d1:de:
e7:c4:a9:48:80:1e:d2:9f:43:3e:f4:40:fb:38:fa:3f:62:52:
ae:73:5e:3d:0e:be:21:4f:a6:5e:1d:4c:14:fd:f9:59:42:91:
28:37:20:e3:5c:6a:08:51:4a:5e:04:ec:8b:98:97:4d:d0:3d:
c9:af:33:22:d2:29:83:fd:b8:cb:99:96:95:c6:38:c8:39:1f:
38:9c:8d:43:8c:33:5f:bf:6f:16:ff:68:1e:8b:b1:f9:b2:ae:
9d:64:ad:54:dd:fa:e0:b0:7c:9b:dd:fd:96:8c:70:8c:5e:e7:
d5:00:fa:f4
0e:93:48:44:4a:72:96:60:71:25:82:a9:2c:ca:60:5b:f2:88:
3e:cf:11:74:5a:11:4a:dc:d9:d8:f6:58:2c:05:d3:56:d9:e9:
8f:37:ef:8e:3e:3b:ff:22:36:00:ca:d8:e2:96:3f:a7:d1:ed:
1f:de:7a:b0:d7:8f:36:bd:41:55:1e:d4:b9:86:3b:87:25:69:
35:60:48:d6:e4:5a:94:ce:a2:fa:70:38:36:c4:85:b4:4b:23:
fe:71:9e:2f:db:06:c7:b5:9c:21:f0:3e:7c:eb:91:f8:5c:09:
fd:84:43:a4:b3:4e:04:0c:22:31:71:6a:48:c8:ab:bb:e8:ce:
fa:67:15:1a:3a:82:98:43:33:b5:0e:1f:1e:89:f8:37:de:1b:
e6:b5:a0:f4:a2:8b:b7:1c:90:ba:98:6d:94:21:08:80:5d:f3:
bf:66:ad:c9:72:28:7a:6a:48:ee:cf:63:69:31:8c:c5:8e:66:
da:4b:78:65:e8:03:3a:4b:f8:cc:42:54:d3:52:5c:2d:04:ae:
26:87:e1:7e:40:cb:45:41:16:4b:6e:a3:2e:4a:76:bd:29:7f:
1c:53:37:06:ad:e9:5b:6a:d6:b7:4e:94:a2:7c:e8:ac:4e:a6:
50:3e:2b:32:9e:68:42:1b:e4:59:67:61:ea:c7:9a:51:9c:1c:
55:a3:77:76
-----BEGIN CERTIFICATE-----
MIIEqjCCA5KgAwIBAgIJAKt7VCtKYebJMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD
MIIEqjCCA5KgAwIBAgIJALe2kDNmG2sjMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD
VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G
A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3
dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe
Fw0xNjA3MjUxODU2MzRaFw0xOTA0MjExODU2MzRaMIGUMQswCQYDVQQGEwJVUzEQ
Fw0xNjA4MTEyMDA3MzdaFw0xOTA1MDgyMDA3MzdaMIGUMQswCQYDVQQGEwJVUzEQ
MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3
dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI
@@ -163,11 +163,11 @@ XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc
J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD
VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290
aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAq3tUK0ph5skwDAYD
VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAQzREhgAewwtGb0zmhEewML3o
fl4g9NFg4VajXUHW93SUiPROL2ykEq4OmP0M75oXcCMyJDuXAakgspLtab2YdL7b
sJ3+2nfUUUbUy/yYMurB8t/yBAVi7vg3PVsb1KugmhPpGcABQX7jy5e6uQtqYdib
te3LLmxCp+rb+ulIk1KcG0vAF4v7HroJI1as5NHe58SpSIAe0p9DPvRA+zj6P2JS
rnNePQ6+IU+mXh1MFP35WUKRKDcg41xqCFFKXgTsi5iXTdA9ya8zItIpg/24y5mW
lcY4yDkfOJyNQ4wzX79vFv9oHoux+bKunWStVN364LB8m939loxwjF7n1QD69A==
MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAt7aQM2YbayMwDAYD
VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEADpNIREpylmBxJYKpLMpgW/KI
Ps8RdFoRStzZ2PZYLAXTVtnpjzfvjj47/yI2AMrY4pY/p9HtH956sNePNr1BVR7U
uYY7hyVpNWBI1uRalM6i+nA4NsSFtEsj/nGeL9sGx7WcIfA+fOuR+FwJ/YRDpLNO
BAwiMXFqSMiru+jO+mcVGjqCmEMztQ4fHon4N94b5rWg9KKLtxyQuphtlCEIgF3z
v2atyXIoempI7s9jaTGMxY5m2kt4ZegDOkv4zEJU01JcLQSuJofhfkDLRUEWS26j
Lkp2vSl/HFM3Bq3pW2rWt06UonzorE6mUD4rMp5oQhvkWWdh6seaUZwcVaN3dg==
-----END CERTIFICATE-----

BIN
certs/server-ecc-comp.der Normal file
View File

Binary file not shown.

26
certs/server-ecc-comp.pem
View File

@@ -2,12 +2,12 @@ Certificate:
Data:
Version: 3 (0x2)
Serial Number:
c2:34:69:f5:eb:33:c2:62
c3:cd:c5:e4:24:18:70:ca
Signature Algorithm: ecdsa-with-SHA256
Issuer: C=US, ST=Montana, L=Bozeman, O=Elliptic - comp, OU=Server ECC-comp, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
Not Before: Jul 25 18:56:35 2016 GMT
Not After : Apr 21 18:56:35 2019 GMT
Not Before: Aug 11 20:07:38 2016 GMT
Not After : May 8 20:07:38 2019 GMT
Subject: C=US, ST=Montana, L=Bozeman, O=Elliptic - comp, OU=Server ECC-comp, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
@@ -24,21 +24,21 @@ Certificate:
X509v3 Authority Key Identifier:
keyid:8C:38:3A:6B:B8:24:B7:DF:6E:F4:59:AC:56:4E:AA:E2:58:A6:5A:18
DirName:/C=US/ST=Montana/L=Bozeman/O=Elliptic - comp/OU=Server ECC-comp/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:C2:34:69:F5:EB:33:C2:62
serial:C3:CD:C5:E4:24:18:70:CA
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: ecdsa-with-SHA256
30:46:02:21:00:92:c1:2e:c6:37:3c:e1:7b:eb:42:8a:44:8c:
e2:58:f0:8e:73:00:d1:51:c8:37:6a:ca:8f:b7:95:3f:f0:f2:
bd:02:21:00:86:16:93:52:16:63:01:02:20:2d:a4:ad:85:eb:
25:92:98:37:01:cc:27:15:42:af:68:62:95:7e:b1:33:c2:70
30:45:02:21:00:ca:10:ec:8f:f1:eb:92:19:76:d7:16:54:f2:
21:1c:38:0e:6e:22:3d:95:a4:bd:c8:8c:d2:d8:28:d3:9c:21:
6d:02:20:71:39:0b:0d:ec:68:8c:64:b6:2c:68:da:03:b1:d8:
e7:d4:f7:cb:a6:73:7e:08:00:c6:b8:04:9d:17:3e:66:7f
-----BEGIN CERTIFICATE-----
MIIDJTCCAsqgAwIBAgIJAMI0afXrM8JiMAoGCCqGSM49BAMCMIGgMQswCQYDVQQG
MIIDJDCCAsqgAwIBAgIJAMPNxeQkGHDKMAoGCCqGSM49BAMCMIGgMQswCQYDVQQG
EwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEYMBYGA1UE
CgwPRWxsaXB0aWMgLSBjb21wMRgwFgYDVQQLDA9TZXJ2ZXIgRUNDLWNvbXAxGDAW
BgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xm
c3NsLmNvbTAeFw0xNjA3MjUxODU2MzVaFw0xOTA0MjExODU2MzVaMIGgMQswCQYD
c3NsLmNvbTAeFw0xNjA4MTEyMDA3MzhaFw0xOTA1MDgyMDA3MzhaMIGgMQswCQYD
VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEYMBYG
A1UECgwPRWxsaXB0aWMgLSBjb21wMRgwFgYDVQQLDA9TZXJ2ZXIgRUNDLWNvbXAx
GDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3
@@ -48,7 +48,7 @@ bvRZrFZOquJYploYMIHVBgNVHSMEgc0wgcqAFIw4Omu4JLffbvRZrFZOquJYploY
oYGmpIGjMIGgMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UE
BwwHQm96ZW1hbjEYMBYGA1UECgwPRWxsaXB0aWMgLSBjb21wMRgwFgYDVQQLDA9T
ZXJ2ZXIgRUNDLWNvbXAxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJAMI0afXrM8JiMAwGA1UdEwQFMAMB
Af8wCgYIKoZIzj0EAwIDSQAwRgIhAJLBLsY3POF760KKRIziWPCOcwDRUcg3asqP
t5U/8PK9AiEAhhaTUhZjAQIgLaStheslkpg3AcwnFUKvaGKVfrEzwnA=
SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJAMPNxeQkGHDKMAwGA1UdEwQFMAMB
Af8wCgYIKoZIzj0EAwIDSAAwRQIhAMoQ7I/x65IZdtcWVPIhHDgObiI9laS9yIzS
2CjTnCFtAiBxOQsN7GiMZLYsaNoDsdjn1PfLpnN+CADGuASdFz5mfw==
-----END CERTIFICATE-----

BIN
certs/server-ecc-rsa.der Normal file
View File

Binary file not shown.

54
certs/server-ecc-rsa.pem
View File

@@ -5,8 +5,8 @@ Certificate:
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
Not Before: Jul 25 18:56:34 2016 GMT
Not After : Apr 21 18:56:34 2019 GMT
Not Before: Aug 11 20:07:38 2016 GMT
Not After : May 8 20:07:38 2019 GMT
Subject: C=US, ST=Montana, L=Bozeman, O=Elliptic - RSAsig, OU=ECC-RSAsig, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
@@ -25,32 +25,32 @@ Certificate:
X509v3 Authority Key Identifier:
keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:AB:7B:54:2B:4A:61:E6:C9
serial:B7:B6:90:33:66:1B:6B:23
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
a1:c6:eb:c0:c2:57:70:88:fd:fe:f7:e5:9e:bd:22:db:2f:49:
3c:d8:9b:d4:db:1f:e1:0c:90:dc:2a:69:5e:1d:bf:c9:26:13:
17:40:9f:bc:8e:7e:66:60:2d:dd:ba:15:49:eb:7d:f8:6f:5c:
76:5f:04:ab:6e:b6:11:5c:35:bd:79:60:e4:fb:ed:66:3c:d5:
ca:5e:f1:9e:cb:d9:6c:7d:58:3b:88:4d:00:56:35:91:02:6d:
ed:6f:c0:e5:2f:74:83:8e:d4:af:35:0b:db:9e:e2:99:17:f2:
09:39:39:3a:f0:ea:d8:c8:7d:16:6b:fa:dc:12:b4:ce:c9:82:
d8:25:cf:8e:6e:a9:2e:ef:47:ca:fa:df:8e:f9:b7:2b:81:59:
c3:30:23:a7:45:7d:17:f4:21:d2:eb:a1:d8:0d:d3:97:75:8c:
fe:1c:4a:44:49:7a:96:82:ee:7c:6f:0f:40:d8:91:b5:89:e3:
33:d8:60:2a:7f:3e:09:42:aa:b9:d5:f7:4a:f9:86:e3:d4:10:
ea:c0:37:06:31:2a:49:ca:de:5c:5b:c7:36:20:4e:6f:3a:cc:
9d:24:bb:f1:6e:c3:68:78:c7:0b:30:c4:8d:b5:43:b0:85:02:
ae:ac:33:ec:55:b8:f0:cc:8e:68:1f:99:24:fb:bd:fc:4c:40:
07:a2:7e:f6
ab:b7:78:c8:18:6e:6a:27:5d:bb:16:a1:d3:ae:b5:fd:46:50:
cf:dc:82:f9:4a:19:ec:bf:44:cd:f5:1f:15:2c:5a:e9:65:27:
b2:e1:88:62:0f:bc:a1:3c:95:fb:62:8a:71:e0:c6:22:ce:2e:
00:ca:4e:7a:03:2a:12:90:98:7b:53:9f:46:a0:ff:6b:04:dc:
2a:8d:bb:93:e7:b9:0b:d0:61:0f:62:97:18:99:bb:e7:1c:e3:
a2:ab:70:8f:32:47:7f:1e:3b:cb:62:55:41:a4:af:1f:01:2c:
9b:b2:cc:06:8d:28:04:57:5b:f6:32:b8:e8:18:b6:6b:a1:b9:
aa:3f:49:ea:c1:02:c7:92:d9:c7:23:ea:a2:f7:70:a9:da:9e:
5e:82:ef:30:07:c7:89:da:c9:e0:cf:ed:e9:4c:34:d4:72:0e:
16:49:82:c5:a9:b4:a7:05:07:cc:5d:eb:b4:ef:9a:09:73:a2:
d4:b6:c5:be:34:c0:c9:09:29:a5:d5:f1:e4:82:49:70:bf:75:
79:15:cd:c1:c8:a3:4d:9b:b4:e2:94:5e:27:61:ea:34:69:88:
47:bd:61:e9:0d:f3:95:8f:ff:53:e7:5c:11:e3:f4:d0:70:ad:
9a:73:5d:29:30:fc:23:2e:c0:62:d4:d3:a8:ce:b2:e9:d3:b9:
3f:10:0a:f2
-----BEGIN CERTIFICATE-----
MIID4DCCAsigAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwNzI1
MTg1NjM0WhcNMTkwNDIxMTg1NjM0WjCBnTELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwODEx
MjAwNzM4WhcNMTkwNTA4MjAwNzM4WjCBnTELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xGjAYBgNVBAoMEUVsbGlwdGljIC0g
UlNBc2lnMRMwEQYDVQQLDApFQ0MtUlNBc2lnMRgwFgYDVQQDDA93d3cud29sZnNz
bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wWTATBgcqhkjO
@@ -60,11 +60,11 @@ BBRdXSbvrH42+Zt2FStKJQIj77KJMDCByQYDVR0jBIHBMIG+gBQnjmcRdMMmHT/t
M2OzpNgdMOXo1aGBmqSBlzCBlDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRh
bmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMwEQYDVQQL
DApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG
9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CCQCre1QrSmHmyTAMBgNVHRMEBTADAQH/
MA0GCSqGSIb3DQEBCwUAA4IBAQChxuvAwldwiP3+9+WevSLbL0k82JvU2x/hDJDc
KmleHb/JJhMXQJ+8jn5mYC3duhVJ6334b1x2XwSrbrYRXDW9eWDk++1mPNXKXvGe
y9lsfVg7iE0AVjWRAm3tb8DlL3SDjtSvNQvbnuKZF/IJOTk68OrYyH0Wa/rcErTO
yYLYJc+Obqku70fK+t+O+bcrgVnDMCOnRX0X9CHS66HYDdOXdYz+HEpESXqWgu58
bw9A2JG1ieMz2GAqfz4JQqq51fdK+Ybj1BDqwDcGMSpJyt5cW8c2IE5vOsydJLvx
bsNoeMcLMMSNtUOwhQKurDPsVbjwzI5oH5kk+738TEAHon72
9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CCQC3tpAzZhtrIzAMBgNVHRMEBTADAQH/
MA0GCSqGSIb3DQEBCwUAA4IBAQCrt3jIGG5qJ127FqHTrrX9RlDP3IL5Shnsv0TN
9R8VLFrpZSey4YhiD7yhPJX7Yopx4MYizi4Ayk56AyoSkJh7U59GoP9rBNwqjbuT
57kL0GEPYpcYmbvnHOOiq3CPMkd/HjvLYlVBpK8fASybsswGjSgEV1v2MrjoGLZr
obmqP0nqwQLHktnHI+qi93Cp2p5egu8wB8eJ2sngz+3pTDTUcg4WSYLFqbSnBQfM
Xeu075oJc6LUtsW+NMDJCSml1fHkgklwv3V5Fc3ByKNNm7TilF4nYeo0aYhHvWHp
DfOVj/9T51wR4/TQcK2ac10pMPwjLsBi1NOozrLp07k/EAry
-----END CERTIFICATE-----

BIN
certs/server-ecc.der Normal file
View File

Binary file not shown.

28
certs/server-ecc.pem
View File

@@ -2,12 +2,12 @@ Certificate:
Data:
Version: 3 (0x2)
Serial Number:
9a:1a:8c:0a:a5:f3:ff:40
ef:46:c7:a4:9b:bb:60:d3
Signature Algorithm: ecdsa-with-SHA256
Issuer: C=US, ST=Washington, L=Seattle, O=Eliptic, OU=ECC, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
Not Before: Jul 25 18:56:35 2016 GMT
Not After : Apr 21 18:56:35 2019 GMT
Not Before: Aug 11 20:07:38 2016 GMT
Not After : May 8 20:07:38 2019 GMT
Subject: C=US, ST=Washington, L=Seattle, O=Eliptic, OU=ECC, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
@@ -26,21 +26,21 @@ Certificate:
X509v3 Authority Key Identifier:
keyid:5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30
DirName:/C=US/ST=Washington/L=Seattle/O=Eliptic/OU=ECC/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:9A:1A:8C:0A:A5:F3:FF:40
serial:EF:46:C7:A4:9B:BB:60:D3
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: ecdsa-with-SHA256
30:44:02:20:09:a3:39:1f:91:7c:61:02:c7:f9:f6:d9:01:9e:
2d:48:62:af:53:0b:21:d1:d1:1b:e4:f7:05:e2:c8:ed:2a:16:
02:20:5f:b0:0b:96:d1:eb:0c:f2:d4:51:74:21:ca:dc:ac:b3:
27:bf:9f:1f:99:fc:1a:22:f2:31:3e:5a:a5:d1:78:24
30:46:02:21:00:f1:d0:a6:3e:83:33:24:d1:7a:05:5f:1e:0e:
bd:7d:6b:33:e9:f2:86:f3:f3:3d:a9:ef:6a:87:31:b3:b7:7e:
50:02:21:00:f0:60:dd:ce:a2:db:56:ec:d9:f4:e4:e3:25:d4:
b0:c9:25:7d:ca:7a:5d:ba:c4:b2:f6:7d:04:c7:bd:62:c9:20
-----BEGIN CERTIFICATE-----
MIIDDjCCArWgAwIBAgIJAJoajAql8/9AMAoGCCqGSM49BAMCMIGPMQswCQYDVQQG
MIIDEDCCArWgAwIBAgIJAO9Gx6Sbu2DTMAoGCCqGSM49BAMCMIGPMQswCQYDVQQG
EwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEQMA4G
A1UECgwHRWxpcHRpYzEMMAoGA1UECwwDRUNDMRgwFgYDVQQDDA93d3cud29sZnNz
bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwNzI1
MTg1NjM1WhcNMTkwNDIxMTg1NjM1WjCBjzELMAkGA1UEBhMCVVMxEzARBgNVBAgM
bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwODEx
MjAwNzM4WhcNMTkwNTA4MjAwNzM4WjCBjzELMAkGA1UEBhMCVVMxEzARBgNVBAgM
Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB0VsaXB0aWMx
DDAKBgNVBAsMA0VDQzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZI
hvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD
@@ -50,7 +50,7 @@ SiUCI++yiTAwgcQGA1UdIwSBvDCBuYAUXV0m76x+NvmbdhUrSiUCI++yiTChgZWk
gZIwgY8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQH
DAdTZWF0dGxlMRAwDgYDVQQKDAdFbGlwdGljMQwwCgYDVQQLDANFQ0MxGDAWBgNV
BAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3Ns
LmNvbYIJAJoajAql8/9AMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIg
CaM5H5F8YQLH+fbZAZ4tSGKvUwsh0dEb5PcF4sjtKhYCIF+wC5bR6wzy1FF0Icrc
rLMnv58fmfwaIvIxPlql0Xgk
LmNvbYIJAO9Gx6Sbu2DTMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIh
APHQpj6DMyTRegVfHg69fWsz6fKG8/M9qe9qhzGzt35QAiEA8GDdzqLbVuzZ9OTj
JdSwySV9ynpdusSy9n0Ex71iySA=
-----END CERTIFICATE-----

112
certs/server-revoked-cert.pem
View File

@@ -5,8 +5,8 @@ Certificate:
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
Not Before: Jul 25 18:56:34 2016 GMT
Not After : Apr 21 18:56:34 2019 GMT
Not Before: Aug 11 20:07:37 2016 GMT
Not After : May 8 20:07:37 2019 GMT
Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_revoked, OU=Support_revoked, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
@@ -37,32 +37,32 @@ Certificate:
X509v3 Authority Key Identifier:
keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:AB:7B:54:2B:4A:61:E6:C9
serial:B7:B6:90:33:66:1B:6B:23
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
3b:7b:7d:00:75:1d:2a:a9:50:73:a3:f2:f1:d7:28:5d:4b:04:
f5:34:15:89:a7:37:df:7b:ec:0f:6a:ac:97:80:88:1d:fa:bc:
f5:4c:f7:bc:32:16:43:17:77:7c:a5:e1:09:a9:57:e3:54:9c:
70:3c:27:f8:d7:35:48:12:95:01:ec:f4:eb:4d:b8:4e:d6:9a:
74:9e:f9:bf:1c:0a:0b:3a:e8:b2:57:c6:ac:3d:ba:27:90:27:
16:f5:24:e1:53:16:4e:32:dd:03:9b:6d:9f:af:f5:c8:91:ec:
e6:af:f1:48:29:3f:d9:0d:f5:07:86:72:80:49:0a:cc:87:cf:
91:7d:04:de:d7:ef:bc:de:73:4f:66:f1:63:c2:2c:63:a3:2f:
70:88:e8:18:c8:17:9b:ea:da:17:f6:00:c4:40:c5:ea:d4:61:
7f:48:07:5f:b3:6c:e6:4c:76:e5:17:ca:b8:82:87:ec:6f:81:
90:76:90:d8:86:3f:28:e8:b8:1f:0d:83:53:33:57:10:d2:2f:
78:d4:2b:30:01:d8:8f:09:7a:a3:92:ee:15:68:67:82:ce:3e:
8a:a6:f2:59:03:68:85:47:bf:26:39:65:d0:c1:e9:93:89:5a:
b3:aa:f9:cf:93:96:fb:82:f6:29:29:19:63:4e:bb:84:56:b6:
57:28:e7:d0
79:13:f5:c1:05:42:12:3a:61:f2:f1:ac:05:6e:15:05:9b:ab:
58:74:b2:3f:00:38:82:77:f7:9a:57:32:e2:af:66:3d:81:25:
09:40:5a:d9:bc:d7:34:18:20:cd:89:b8:7e:c6:94:22:9a:28:
fe:0e:55:73:1d:77:7c:c3:e6:c6:4b:f3:40:0c:8b:cc:93:c1:
11:d1:0f:0e:50:0c:c2:b2:38:73:35:d1:db:d0:55:0d:6d:d7:
33:15:13:e8:a0:77:f3:f1:4d:c2:24:4a:f6:45:4c:67:dd:fd:
7e:46:b9:85:67:06:5a:4e:c1:4f:1f:94:f7:e6:b0:1a:b1:42:
80:97:d2:7d:ed:8e:02:b2:2f:7e:c4:1b:60:d9:84:6e:dd:78:
ef:41:82:81:05:6f:d7:b1:36:59:74:e6:ba:9c:5a:48:a7:58:
d9:71:bd:16:53:32:21:55:89:75:7d:a0:48:12:a9:3d:77:73:
51:a7:c3:e3:c9:df:e1:df:37:29:de:49:47:cf:7f:3c:30:86:
d2:26:f9:45:dc:71:c1:b8:5b:9e:ef:05:64:5a:63:7c:c4:60:
e2:67:f7:cd:e3:be:0b:d2:78:7f:66:c4:f5:c0:1c:6c:f1:e1:
56:c3:01:07:c3:7d:50:73:1f:48:2c:89:88:fb:ec:b2:0b:aa:
bb:0a:1f:f4
-----BEGIN CERTIFICATE-----
MIIErjCCA5agAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwNzI1
MTg1NjM0WhcNMTkwNDIxMTg1NjM0WjCBoDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwODEx
MjAwNzM3WhcNMTkwNTA4MjAwNzM3WjCBoDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xGDAWBgNVBAoMD3dvbGZTU0xfcmV2
b2tlZDEYMBYGA1UECwwPU3VwcG9ydF9yZXZva2VkMRgwFgYDVQQDDA93d3cud29s
ZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0G
@@ -76,25 +76,25 @@ gfwwgfkwHQYDVR0OBBYEFNgJK1nhKu7Z7kCqnKvwXSgJTyK7MIHJBgNVHSMEgcEw
gb6AFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJVUzEQ
MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3
dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJAKt7VCtKYebJ
MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBADt7fQB1HSqpUHOj8vHX
KF1LBPU0FYmnN9977A9qrJeAiB36vPVM97wyFkMXd3yl4QmpV+NUnHA8J/jXNUgS
lQHs9OtNuE7WmnSe+b8cCgs66LJXxqw9uieQJxb1JOFTFk4y3QObbZ+v9ciR7Oav
8UgpP9kN9QeGcoBJCsyHz5F9BN7X77zec09m8WPCLGOjL3CI6BjIF5vq2hf2AMRA
xerUYX9IB1+zbOZMduUXyriCh+xvgZB2kNiGPyjouB8Ng1MzVxDSL3jUKzAB2I8J
eqOS7hVoZ4LOPoqm8lkDaIVHvyY5ZdDB6ZOJWrOq+c+TlvuC9ikpGWNOu4RWtlco
59A=
LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJALe2kDNmG2sj
MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHkT9cEFQhI6YfLxrAVu
FQWbq1h0sj8AOIJ395pXMuKvZj2BJQlAWtm81zQYIM2JuH7GlCKaKP4OVXMdd3zD
5sZL80AMi8yTwRHRDw5QDMKyOHM10dvQVQ1t1zMVE+igd/PxTcIkSvZFTGfd/X5G
uYVnBlpOwU8flPfmsBqxQoCX0n3tjgKyL37EG2DZhG7deO9BgoEFb9exNll05rqc
WkinWNlxvRZTMiFViXV9oEgSqT13c1Gnw+PJ3+HfNyneSUfPfzwwhtIm+UXcccG4
W57vBWRaY3zEYOJn983jvgvSeH9mxPXAHGzx4VbDAQfDfVBzH0gsiYj77LILqrsK
H/Q=
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
ab:7b:54:2b:4a:61:e6:c9
b7:b6:90:33:66:1b:6b:23
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
Not Before: Jul 25 18:56:34 2016 GMT
Not After : Apr 21 18:56:34 2019 GMT
Not Before: Aug 11 20:07:37 2016 GMT
Not After : May 8 20:07:37 2019 GMT
Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
@@ -125,32 +125,32 @@ Certificate:
X509v3 Authority Key Identifier:
keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:AB:7B:54:2B:4A:61:E6:C9
serial:B7:B6:90:33:66:1B:6B:23
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
43:34:44:86:00:1e:c3:0b:46:6f:4c:e6:84:47:b0:30:bd:e8:
7e:5e:20:f4:d1:60:e1:56:a3:5d:41:d6:f7:74:94:88:f4:4e:
2f:6c:a4:12:ae:0e:98:fd:0c:ef:9a:17:70:23:32:24:3b:97:
01:a9:20:b2:92:ed:69:bd:98:74:be:db:b0:9d:fe:da:77:d4:
51:46:d4:cb:fc:98:32:ea:c1:f2:df:f2:04:05:62:ee:f8:37:
3d:5b:1b:d4:ab:a0:9a:13:e9:19:c0:01:41:7e:e3:cb:97:ba:
b9:0b:6a:61:d8:9b:b5:ed:cb:2e:6c:42:a7:ea:db:fa:e9:48:
93:52:9c:1b:4b:c0:17:8b:fb:1e:ba:09:23:56:ac:e4:d1:de:
e7:c4:a9:48:80:1e:d2:9f:43:3e:f4:40:fb:38:fa:3f:62:52:
ae:73:5e:3d:0e:be:21:4f:a6:5e:1d:4c:14:fd:f9:59:42:91:
28:37:20:e3:5c:6a:08:51:4a:5e:04:ec:8b:98:97:4d:d0:3d:
c9:af:33:22:d2:29:83:fd:b8:cb:99:96:95:c6:38:c8:39:1f:
38:9c:8d:43:8c:33:5f:bf:6f:16:ff:68:1e:8b:b1:f9:b2:ae:
9d:64:ad:54:dd:fa:e0:b0:7c:9b:dd:fd:96:8c:70:8c:5e:e7:
d5:00:fa:f4
0e:93:48:44:4a:72:96:60:71:25:82:a9:2c:ca:60:5b:f2:88:
3e:cf:11:74:5a:11:4a:dc:d9:d8:f6:58:2c:05:d3:56:d9:e9:
8f:37:ef:8e:3e:3b:ff:22:36:00:ca:d8:e2:96:3f:a7:d1:ed:
1f:de:7a:b0:d7:8f:36:bd:41:55:1e:d4:b9:86:3b:87:25:69:
35:60:48:d6:e4:5a:94:ce:a2:fa:70:38:36:c4:85:b4:4b:23:
fe:71:9e:2f:db:06:c7:b5:9c:21:f0:3e:7c:eb:91:f8:5c:09:
fd:84:43:a4:b3:4e:04:0c:22:31:71:6a:48:c8:ab:bb:e8:ce:
fa:67:15:1a:3a:82:98:43:33:b5:0e:1f:1e:89:f8:37:de:1b:
e6:b5:a0:f4:a2:8b:b7:1c:90:ba:98:6d:94:21:08:80:5d:f3:
bf:66:ad:c9:72:28:7a:6a:48:ee:cf:63:69:31:8c:c5:8e:66:
da:4b:78:65:e8:03:3a:4b:f8:cc:42:54:d3:52:5c:2d:04:ae:
26:87:e1:7e:40:cb:45:41:16:4b:6e:a3:2e:4a:76:bd:29:7f:
1c:53:37:06:ad:e9:5b:6a:d6:b7:4e:94:a2:7c:e8:ac:4e:a6:
50:3e:2b:32:9e:68:42:1b:e4:59:67:61:ea:c7:9a:51:9c:1c:
55:a3:77:76
-----BEGIN CERTIFICATE-----
MIIEqjCCA5KgAwIBAgIJAKt7VCtKYebJMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD
MIIEqjCCA5KgAwIBAgIJALe2kDNmG2sjMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD
VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G
A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3
dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe
Fw0xNjA3MjUxODU2MzRaFw0xOTA0MjExODU2MzRaMIGUMQswCQYDVQQGEwJVUzEQ
Fw0xNjA4MTEyMDA3MzdaFw0xOTA1MDgyMDA3MzdaMIGUMQswCQYDVQQGEwJVUzEQ
MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3
dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI
@@ -164,11 +164,11 @@ XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc
J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD
VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290
aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAq3tUK0ph5skwDAYD
VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAQzREhgAewwtGb0zmhEewML3o
fl4g9NFg4VajXUHW93SUiPROL2ykEq4OmP0M75oXcCMyJDuXAakgspLtab2YdL7b
sJ3+2nfUUUbUy/yYMurB8t/yBAVi7vg3PVsb1KugmhPpGcABQX7jy5e6uQtqYdib
te3LLmxCp+rb+ulIk1KcG0vAF4v7HroJI1as5NHe58SpSIAe0p9DPvRA+zj6P2JS
rnNePQ6+IU+mXh1MFP35WUKRKDcg41xqCFFKXgTsi5iXTdA9ya8zItIpg/24y5mW
lcY4yDkfOJyNQ4wzX79vFv9oHoux+bKunWStVN364LB8m939loxwjF7n1QD69A==
MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAt7aQM2YbayMwDAYD
VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEADpNIREpylmBxJYKpLMpgW/KI
Ps8RdFoRStzZ2PZYLAXTVtnpjzfvjj47/yI2AMrY4pY/p9HtH956sNePNr1BVR7U
uYY7hyVpNWBI1uRalM6i+nA4NsSFtEsj/nGeL9sGx7WcIfA+fOuR+FwJ/YRDpLNO
BAwiMXFqSMiru+jO+mcVGjqCmEMztQ4fHon4N94b5rWg9KKLtxyQuphtlCEIgF3z
v2atyXIoempI7s9jaTGMxY5m2kt4ZegDOkv4zEJU01JcLQSuJofhfkDLRUEWS26j
Lkp2vSl/HFM3Bq3pW2rWt06UonzorE6mUD4rMp5oQhvkWWdh6seaUZwcVaN3dg==
-----END CERTIFICATE-----

32
certs/test-pathlen/assemble-chains.sh Executable file
View File

@@ -0,0 +1,32 @@
#!/bin/bash
#
# assemble-chains.sh
# Assemble all the certificate CA path test cert chains.
# Success: PathLen of 0
## server-0-ca.pem: signed by ca-cert.pem
## server-0-cert.pem: signed by server-0-ca.pem
cat server-0-cert.pem server-0-ca.pem > server-0-chain.pem
# Success: PathLen of 1
## server-1-ca.pem: signed by ca-cert.pem
## server-1-0-ca.pem: signed by server-1-ca.pem
## server-1-0-cert.pem: signed by server-1-0-ca.pem
cat server-1-0-cert.pem server-1-0-ca.pem server-1-ca.pem > server-1-0-chain.pem
## server-1-cert.pem: signed by server-1-ca.pem
cat server-1-cert.pem server-1-ca.pem > server-1-chain.pem
# Success: PathLen of 127
## server-127-ca.pem: signed by ca-cert.pem
## server-127-cert.pem: signed by server-127-cert.pem
cat server-127-cert.pem server-127-ca.pem > server-127-chain.pem
# Failure: PathLen of 128
## server-128-ca.pem: signed by ca-cert.pem
## server-128-cert.pem: signed by server-128-ca.pem
cat server-128-cert.pem server-128-ca.pem > server-128-chain.pem
# Failure: PathLen of 0, signing PathLen of 1
## server-0-1-ca.pem: signed by server-0-ca.pem
## server-0-1-cert.pem: signed by server-0-1-ca.pem
cat server-0-1-cert.pem server-0-1-ca.pem server-0-ca.pem > server-0-1-chain.pem

23
certs/test-pathlen/include.am Normal file
View File

@@ -0,0 +1,23 @@
# vim:ft=automake
# All paths should be given relative to the root
#
EXTRA_DIST += \
certs/test-pathlen/server-0-1-ca.pem \
certs/test-pathlen/server-0-1-cert.pem \
certs/test-pathlen/server-0-1-chain.pem \
certs/test-pathlen/server-0-ca.pem \
certs/test-pathlen/server-0-cert.pem \
certs/test-pathlen/server-0-chain.pem \
certs/test-pathlen/server-1-0-ca.pem \
certs/test-pathlen/server-1-0-cert.pem \
certs/test-pathlen/server-1-0-chain.pem \
certs/test-pathlen/server-1-ca.pem \
certs/test-pathlen/server-1-cert.pem \
certs/test-pathlen/server-1-chain.pem \
certs/test-pathlen/server-127-ca.pem \
certs/test-pathlen/server-127-cert.pem \
certs/test-pathlen/server-127-chain.pem \
certs/test-pathlen/server-128-ca.pem \
certs/test-pathlen/server-128-cert.pem \
certs/test-pathlen/server-128-chain.pem

89
certs/test-pathlen/server-0-1-ca.pem Normal file
View File

@@ -0,0 +1,89 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 110 (0x6e)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 0 CA/emailAddress=info@wolfssl.com
Validity
Not Before: Sep 20 00:22:35 2016 GMT
Not After : Jun 17 00:22:35 2019 GMT
Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 0-1 CA/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
ad:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
X509v3 Authority Key Identifier:
keyid:B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:64
X509v3 Basic Constraints:
CA:TRUE, pathlen:1
X509v3 Key Usage:
Certificate Sign, CRL Sign
Signature Algorithm: sha1WithRSAEncryption
22:dd:95:9c:dc:e6:7f:ad:df:55:68:c8:21:f8:84:12:fd:13:
22:80:2b:ba:1f:da:9d:d2:55:00:a1:22:fc:50:44:6d:0f:ac:
8a:61:2c:32:c5:63:e1:26:37:10:7c:5e:05:f1:90:0f:21:57:
b4:61:e0:40:0b:4f:1b:bf:8b:d8:fd:28:d6:55:73:bd:a9:5c:
5e:61:89:4f:e1:07:b6:5a:78:c5:0c:65:7a:38:11:e7:86:46:
2a:0c:a5:70:71:aa:16:9c:79:d6:c2:18:4c:b8:fb:86:1a:78:
70:e5:0a:27:48:2a:d4:14:d7:3f:31:76:33:a0:4b:f9:f8:34:
2e:c9:06:e4:e2:a0:0c:02:1e:c4:a0:d3:2b:ce:77:0e:b8:31:
d5:02:66:b1:62:10:5b:63:e2:7f:aa:23:0a:63:d9:33:76:2d:
88:9b:0f:6a:a2:ab:e8:b7:a4:83:7c:8e:1d:8c:45:d7:90:78:
5c:3d:41:85:ac:79:ce:6c:fc:36:6b:20:fa:0c:19:a1:2b:91:
d0:5f:fd:72:86:cb:17:22:02:70:76:ed:61:78:1c:ce:d0:e3:
17:9c:4d:58:9e:30:d5:c7:33:5b:44:0d:16:5c:ca:a4:67:13:
3a:18:f8:94:ac:5e:17:a5:c2:2c:11:89:7b:7a:fd:f5:9a:e3:
19:93:c0:60
-----BEGIN CERTIFICATE-----
MIIEtjCCA56gAwIBAgIBbjANBgkqhkiG9w0BAQUFADCBmDELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFDASBgNVBAMMC1Nl
cnZlciAwIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE2
MDkyMDAwMjIzNVoXDTE5MDYxNzAwMjIzNVowgZoxCzAJBgNVBAYTAlVTMRMwEQYD
VQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYDVQQKDAx3b2xm
U1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRYwFAYDVQQDDA1TZXJ2ZXIg
MC0xIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJUI4VdB8nFtt9JFQScBZcZFrvK8JDC4
lc4vTtb2HIi8fJ/7qGd//lycUXX3isoH5zUvj+G9e8AvfKtkqBf8yl17uuAh5XIu
by6G2JVz2qwbU7lfP9cZDSVP4WNjUYsLZD+tQ7ilHFw0s64AoGPF9n8LWWh4c6aM
GKkCba/DGQEuuBDjxsxAtGmjRjNph27Euxem8+jdrXO8ey8htf1mUQy9VLPhbV8c
vCNz0QkDiRTSELlkwyrQoZZKvOHUGlvHoMDBY3gPRDcwMpaAMiOVoXe6E9KXc+Jd
JclqDcM5YKS0sGlCQgnp2Ai8MyCzWCKnquvE4eZhg8XSlt/Z0E+t1wIDAQABo4IB
BTCCAQEwHQYDVR0OBBYEFLMRMsmSmITiyfjQO24DQsofDo48MIHBBgNVHSMEgbkw
gbaAFLMRMsmSmITiyfjQO24DQsofDo48oYGapIGXMIGUMQswCQYDVQQGEwJVUzEQ
MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3
dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIBZDAPBgNVHRME
CDAGAQH/AgEBMAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAIt2VnNzm
f63fVWjIIfiEEv0TIoAruh/andJVAKEi/FBEbQ+simEsMsVj4SY3EHxeBfGQDyFX
tGHgQAtPG7+L2P0o1lVzvalcXmGJT+EHtlp4xQxlejgR54ZGKgylcHGqFpx51sIY
TLj7hhp4cOUKJ0gq1BTXPzF2M6BL+fg0LskG5OKgDAIexKDTK853Drgx1QJmsWIQ
W2Pif6ojCmPZM3YtiJsPaqKr6Lekg3yOHYxF15B4XD1Bhax5zmz8Nmsg+gwZoSuR
0F/9cobLFyICcHbtYXgcztDjF5xNWJ4w1cczW0QNFlzKpGcTOhj4lKxeF6XCLBGJ
e3r99ZrjGZPAYA==
-----END CERTIFICATE-----

86
certs/test-pathlen/server-0-1-cert.pem Normal file
View File

@@ -0,0 +1,86 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 111 (0x6f)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 0-1 CA/emailAddress=info@wolfssl.com
Validity
Not Before: Sep 20 00:24:02 2016 GMT
Not After : Jun 17 00:24:02 2019 GMT
Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 0-1/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
ad:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
X509v3 Authority Key Identifier:
keyid:B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=Server 0 CA/emailAddress=info@wolfssl.com
serial:6E
X509v3 Basic Constraints:
CA:FALSE
Signature Algorithm: sha1WithRSAEncryption
80:ab:40:d2:72:bd:c9:24:e2:b7:cf:b0:f0:39:3d:36:88:9e:
5c:c9:cd:92:64:fe:8a:09:48:fb:42:38:ae:a9:f3:69:61:f0:
58:38:9c:0b:99:d3:d1:67:7a:cf:21:e1:8e:97:2c:98:14:c1:
a9:62:64:70:d6:bf:5b:ff:85:3d:47:c3:81:84:c4:c5:3d:d3:
41:35:62:e1:25:fc:78:fd:9e:04:44:bf:62:f5:52:a0:38:57:
a1:45:30:38:35:c2:e5:d2:b6:52:8f:c4:3f:c4:d5:f5:22:25:
25:70:c3:b2:4d:9e:29:10:a7:13:84:1a:fc:44:a9:df:35:62:
f9:39:e2:9a:13:2d:84:7e:02:11:b6:f3:95:2c:93:c8:45:26:
2f:d8:c9:23:b5:fa:f1:aa:da:c7:6f:a8:e4:52:4e:f3:94:60:
dc:3e:b3:db:5e:4b:92:a9:55:c1:0e:28:8d:6a:fd:98:65:da:
05:0f:25:ae:7f:20:50:60:43:59:a2:f5:1a:e2:a4:e1:92:ae:
f6:cb:19:39:60:fe:96:a8:f3:40:e4:93:9c:a6:b4:18:12:3d:
d1:78:e3:b0:07:72:fc:9a:75:9f:25:17:f3:00:2c:bc:04:fe:
1a:23:ad:e4:2d:55:a4:d3:0d:3d:60:e5:9f:cf:47:f0:c3:02:
68:b1:07:72
-----BEGIN CERTIFICATE-----
MIIEpDCCA4ygAwIBAgIBbzANBgkqhkiG9w0BAQUFADCBmjELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFjAUBgNVBAMMDVNl
cnZlciAwLTEgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcN
MTYwOTIwMDAyNDAyWhcNMTkwNjE3MDAyNDAyWjCBlzELMAkGA1UEBhMCVVMxEzAR
BgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdv
bGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxEzARBgNVBAMMClNlcnZl
ciAwLTExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAlQjhV0HycW230kVBJwFlxkWu8rwkMLiV
zi9O1vYciLx8n/uoZ3/+XJxRdfeKygfnNS+P4b17wC98q2SoF/zKXXu64CHlci5v
LobYlXParBtTuV8/1xkNJU/hY2NRiwtkP61DuKUcXDSzrgCgY8X2fwtZaHhzpowY
qQJtr8MZAS64EOPGzEC0aaNGM2mHbsS7F6bz6N2tc7x7LyG1/WZRDL1Us+FtXxy8
I3PRCQOJFNIQuWTDKtChlkq84dQaW8egwMFjeA9ENzAyloAyI5Whd7oT0pdz4l0l
yWoNwzlgpLSwaUJCCenYCLwzILNYIqeq68Th5mGDxdKW39nQT63XAgMBAAGjgfUw
gfIwHQYDVR0OBBYEFLMRMsmSmITiyfjQO24DQsofDo48MIHFBgNVHSMEgb0wgbqA
FLMRMsmSmITiyfjQO24DQsofDo48oYGepIGbMIGYMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEVMBMGA1UECgwMd29s
ZlNTTCBJbmMuMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEUMBIGA1UEAwwLU2VydmVy
IDAgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CAW4wCQYDVR0T
BAIwADANBgkqhkiG9w0BAQUFAAOCAQEAgKtA0nK9ySTit8+w8Dk9NoieXMnNkmT+
iglI+0I4rqnzaWHwWDicC5nT0Wd6zyHhjpcsmBTBqWJkcNa/W/+FPUfDgYTExT3T
QTVi4SX8eP2eBES/YvVSoDhXoUUwODXC5dK2Uo/EP8TV9SIlJXDDsk2eKRCnE4Qa
/ESp3zVi+TnimhMthH4CEbbzlSyTyEUmL9jJI7X68arax2+o5FJO85Rg3D6z215L
kqlVwQ4ojWr9mGXaBQ8lrn8gUGBDWaL1GuKk4ZKu9ssZOWD+lqjzQOSTnKa0GBI9
0XjjsAdy/Jp1nyUX8wAsvAT+GiOt5C1VpNMNPWDln89H8MMCaLEHcg==
-----END CERTIFICATE-----

264
certs/test-pathlen/server-0-1-chain.pem Normal file
View File

@@ -0,0 +1,264 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 111 (0x6f)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 0-1 CA/emailAddress=info@wolfssl.com
Validity
Not Before: Sep 20 00:24:02 2016 GMT
Not After : Jun 17 00:24:02 2019 GMT
Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 0-1/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
ad:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
X509v3 Authority Key Identifier:
keyid:B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=Server 0 CA/emailAddress=info@wolfssl.com
serial:6E
X509v3 Basic Constraints:
CA:FALSE
Signature Algorithm: sha1WithRSAEncryption
80:ab:40:d2:72:bd:c9:24:e2:b7:cf:b0:f0:39:3d:36:88:9e:
5c:c9:cd:92:64:fe:8a:09:48:fb:42:38:ae:a9:f3:69:61:f0:
58:38:9c:0b:99:d3:d1:67:7a:cf:21:e1:8e:97:2c:98:14:c1:
a9:62:64:70:d6:bf:5b:ff:85:3d:47:c3:81:84:c4:c5:3d:d3:
41:35:62:e1:25:fc:78:fd:9e:04:44:bf:62:f5:52:a0:38:57:
a1:45:30:38:35:c2:e5:d2:b6:52:8f:c4:3f:c4:d5:f5:22:25:
25:70:c3:b2:4d:9e:29:10:a7:13:84:1a:fc:44:a9:df:35:62:
f9:39:e2:9a:13:2d:84:7e:02:11:b6:f3:95:2c:93:c8:45:26:
2f:d8:c9:23:b5:fa:f1:aa:da:c7:6f:a8:e4:52:4e:f3:94:60:
dc:3e:b3:db:5e:4b:92:a9:55:c1:0e:28:8d:6a:fd:98:65:da:
05:0f:25:ae:7f:20:50:60:43:59:a2:f5:1a:e2:a4:e1:92:ae:
f6:cb:19:39:60:fe:96:a8:f3:40:e4:93:9c:a6:b4:18:12:3d:
d1:78:e3:b0:07:72:fc:9a:75:9f:25:17:f3:00:2c:bc:04:fe:
1a:23:ad:e4:2d:55:a4:d3:0d:3d:60:e5:9f:cf:47:f0:c3:02:
68:b1:07:72
-----BEGIN CERTIFICATE-----
MIIEpDCCA4ygAwIBAgIBbzANBgkqhkiG9w0BAQUFADCBmjELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFjAUBgNVBAMMDVNl
cnZlciAwLTEgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcN
MTYwOTIwMDAyNDAyWhcNMTkwNjE3MDAyNDAyWjCBlzELMAkGA1UEBhMCVVMxEzAR
BgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdv
bGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxEzARBgNVBAMMClNlcnZl
ciAwLTExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAlQjhV0HycW230kVBJwFlxkWu8rwkMLiV
zi9O1vYciLx8n/uoZ3/+XJxRdfeKygfnNS+P4b17wC98q2SoF/zKXXu64CHlci5v
LobYlXParBtTuV8/1xkNJU/hY2NRiwtkP61DuKUcXDSzrgCgY8X2fwtZaHhzpowY
qQJtr8MZAS64EOPGzEC0aaNGM2mHbsS7F6bz6N2tc7x7LyG1/WZRDL1Us+FtXxy8
I3PRCQOJFNIQuWTDKtChlkq84dQaW8egwMFjeA9ENzAyloAyI5Whd7oT0pdz4l0l
yWoNwzlgpLSwaUJCCenYCLwzILNYIqeq68Th5mGDxdKW39nQT63XAgMBAAGjgfUw
gfIwHQYDVR0OBBYEFLMRMsmSmITiyfjQO24DQsofDo48MIHFBgNVHSMEgb0wgbqA
FLMRMsmSmITiyfjQO24DQsofDo48oYGepIGbMIGYMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEVMBMGA1UECgwMd29s
ZlNTTCBJbmMuMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEUMBIGA1UEAwwLU2VydmVy
IDAgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CAW4wCQYDVR0T
BAIwADANBgkqhkiG9w0BAQUFAAOCAQEAgKtA0nK9ySTit8+w8Dk9NoieXMnNkmT+
iglI+0I4rqnzaWHwWDicC5nT0Wd6zyHhjpcsmBTBqWJkcNa/W/+FPUfDgYTExT3T
QTVi4SX8eP2eBES/YvVSoDhXoUUwODXC5dK2Uo/EP8TV9SIlJXDDsk2eKRCnE4Qa
/ESp3zVi+TnimhMthH4CEbbzlSyTyEUmL9jJI7X68arax2+o5FJO85Rg3D6z215L
kqlVwQ4ojWr9mGXaBQ8lrn8gUGBDWaL1GuKk4ZKu9ssZOWD+lqjzQOSTnKa0GBI9
0XjjsAdy/Jp1nyUX8wAsvAT+GiOt5C1VpNMNPWDln89H8MMCaLEHcg==
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 110 (0x6e)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 0 CA/emailAddress=info@wolfssl.com
Validity
Not Before: Sep 20 00:22:35 2016 GMT
Not After : Jun 17 00:22:35 2019 GMT
Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 0-1 CA/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
ad:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
X509v3 Authority Key Identifier:
keyid:B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:64
X509v3 Basic Constraints:
CA:TRUE, pathlen:1
X509v3 Key Usage:
Certificate Sign, CRL Sign
Signature Algorithm: sha1WithRSAEncryption
22:dd:95:9c:dc:e6:7f:ad:df:55:68:c8:21:f8:84:12:fd:13:
22:80:2b:ba:1f:da:9d:d2:55:00:a1:22:fc:50:44:6d:0f:ac:
8a:61:2c:32:c5:63:e1:26:37:10:7c:5e:05:f1:90:0f:21:57:
b4:61:e0:40:0b:4f:1b:bf:8b:d8:fd:28:d6:55:73:bd:a9:5c:
5e:61:89:4f:e1:07:b6:5a:78:c5:0c:65:7a:38:11:e7:86:46:
2a:0c:a5:70:71:aa:16:9c:79:d6:c2:18:4c:b8:fb:86:1a:78:
70:e5:0a:27:48:2a:d4:14:d7:3f:31:76:33:a0:4b:f9:f8:34:
2e:c9:06:e4:e2:a0:0c:02:1e:c4:a0:d3:2b:ce:77:0e:b8:31:
d5:02:66:b1:62:10:5b:63:e2:7f:aa:23:0a:63:d9:33:76:2d:
88:9b:0f:6a:a2:ab:e8:b7:a4:83:7c:8e:1d:8c:45:d7:90:78:
5c:3d:41:85:ac:79:ce:6c:fc:36:6b:20:fa:0c:19:a1:2b:91:
d0:5f:fd:72:86:cb:17:22:02:70:76:ed:61:78:1c:ce:d0:e3:
17:9c:4d:58:9e:30:d5:c7:33:5b:44:0d:16:5c:ca:a4:67:13:
3a:18:f8:94:ac:5e:17:a5:c2:2c:11:89:7b:7a:fd:f5:9a:e3:
19:93:c0:60
-----BEGIN CERTIFICATE-----
MIIEtjCCA56gAwIBAgIBbjANBgkqhkiG9w0BAQUFADCBmDELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFDASBgNVBAMMC1Nl
cnZlciAwIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE2
MDkyMDAwMjIzNVoXDTE5MDYxNzAwMjIzNVowgZoxCzAJBgNVBAYTAlVTMRMwEQYD
VQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYDVQQKDAx3b2xm
U1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRYwFAYDVQQDDA1TZXJ2ZXIg
MC0xIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJUI4VdB8nFtt9JFQScBZcZFrvK8JDC4
lc4vTtb2HIi8fJ/7qGd//lycUXX3isoH5zUvj+G9e8AvfKtkqBf8yl17uuAh5XIu
by6G2JVz2qwbU7lfP9cZDSVP4WNjUYsLZD+tQ7ilHFw0s64AoGPF9n8LWWh4c6aM
GKkCba/DGQEuuBDjxsxAtGmjRjNph27Euxem8+jdrXO8ey8htf1mUQy9VLPhbV8c
vCNz0QkDiRTSELlkwyrQoZZKvOHUGlvHoMDBY3gPRDcwMpaAMiOVoXe6E9KXc+Jd
JclqDcM5YKS0sGlCQgnp2Ai8MyCzWCKnquvE4eZhg8XSlt/Z0E+t1wIDAQABo4IB
BTCCAQEwHQYDVR0OBBYEFLMRMsmSmITiyfjQO24DQsofDo48MIHBBgNVHSMEgbkw
gbaAFLMRMsmSmITiyfjQO24DQsofDo48oYGapIGXMIGUMQswCQYDVQQGEwJVUzEQ
MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3
dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIBZDAPBgNVHRME
CDAGAQH/AgEBMAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAIt2VnNzm
f63fVWjIIfiEEv0TIoAruh/andJVAKEi/FBEbQ+simEsMsVj4SY3EHxeBfGQDyFX
tGHgQAtPG7+L2P0o1lVzvalcXmGJT+EHtlp4xQxlejgR54ZGKgylcHGqFpx51sIY
TLj7hhp4cOUKJ0gq1BTXPzF2M6BL+fg0LskG5OKgDAIexKDTK853Drgx1QJmsWIQ
W2Pif6ojCmPZM3YtiJsPaqKr6Lekg3yOHYxF15B4XD1Bhax5zmz8Nmsg+gwZoSuR
0F/9cobLFyICcHbtYXgcztDjF5xNWJ4w1cczW0QNFlzKpGcTOhj4lKxeF6XCLBGJ
e3r99ZrjGZPAYA==
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 100 (0x64)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
Not Before: Sep 19 23:03:51 2016 GMT
Not After : Jun 16 23:03:51 2019 GMT
Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 0 CA/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
ad:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
X509v3 Authority Key Identifier:
keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:B7:B6:90:33:66:1B:6B:23
X509v3 Basic Constraints:
CA:TRUE, pathlen:0
X509v3 Key Usage:
Certificate Sign, CRL Sign
Signature Algorithm: sha1WithRSAEncryption
a4:3b:22:20:6f:07:33:d0:ae:6d:13:fd:4f:48:dc:03:c6:9c:
e0:34:73:fa:e8:2f:aa:bd:15:1c:87:fe:6f:e4:c6:8e:36:b8:
b6:bb:53:c1:ea:e4:5c:d9:de:44:d5:05:89:88:79:d9:87:c9:
05:78:57:bf:c0:25:1f:18:b6:f6:02:50:c8:b1:d1:0d:64:b0:
da:7e:68:e0:fa:64:68:51:1a:05:7f:7d:33:c5:27:71:0f:f6:
d7:72:19:7c:9f:57:34:5f:45:7a:b5:48:2e:d1:83:36:85:90:
0c:c8:c1:be:3f:c3:7a:a3:ad:9b:3a:ce:a7:b4:50:1b:76:2e:
8a:a4:a4:61:96:75:b4:a7:63:6e:7c:43:2f:98:18:39:92:57:
87:54:76:37:73:53:37:cb:f1:95:34:11:9d:f4:94:e7:19:4a:
9d:5f:91:cc:ff:b4:ed:39:53:82:42:86:2e:24:13:41:a4:4a:
6c:d1:d9:00:ac:76:2c:59:9e:c4:28:33:b5:01:bf:74:63:01:
23:8a:a8:78:e4:b7:e0:8b:ab:ec:b0:43:d8:0b:b8:ff:9e:62:
0a:5d:e4:7c:73:f9:b4:d7:dd:6a:13:a5:28:05:90:f1:26:c1:
4d:2b:db:a2:c6:f5:aa:13:19:a5:28:27:f8:c7:94:e8:ef:21:
85:5b:32:02
-----BEGIN CERTIFICATE-----
MIIEuDCCA6CgAwIBAgIBZDANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMx
EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwOTE5
MjMwMzUxWhcNMTkwNjE2MjMwMzUxWjCBmDELMAkGA1UEBhMCVVMxEzARBgNVBAgM
Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg
SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFDASBgNVBAMMC1NlcnZlciAwIENB
MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAwJUI4VdB8nFtt9JFQScBZcZFrvK8JDC4lc4vTtb2
HIi8fJ/7qGd//lycUXX3isoH5zUvj+G9e8AvfKtkqBf8yl17uuAh5XIuby6G2JVz
2qwbU7lfP9cZDSVP4WNjUYsLZD+tQ7ilHFw0s64AoGPF9n8LWWh4c6aMGKkCba/D
GQEuuBDjxsxAtGmjRjNph27Euxem8+jdrXO8ey8htf1mUQy9VLPhbV8cvCNz0QkD
iRTSELlkwyrQoZZKvOHUGlvHoMDBY3gPRDcwMpaAMiOVoXe6E9KXc+JdJclqDcM5
YKS0sGlCQgnp2Ai8MyCzWCKnquvE4eZhg8XSlt/Z0E+t1wIDAQABo4IBDTCCAQkw
HQYDVR0OBBYEFLMRMsmSmITiyfjQO24DQsofDo48MIHJBgNVHSMEgcEwgb6AFCeO
ZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJVUzEQMA4GA1UE
CAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3dG9vdGgx
EzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEf
MB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJALe2kDNmG2sjMA8GA1Ud
EwQIMAYBAf8CAQAwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCkOyIg
bwcz0K5tE/1PSNwDxpzgNHP66C+qvRUch/5v5MaONri2u1PB6uRc2d5E1QWJiHnZ
h8kFeFe/wCUfGLb2AlDIsdENZLDafmjg+mRoURoFf30zxSdxD/bXchl8n1c0X0V6
tUgu0YM2hZAMyMG+P8N6o62bOs6ntFAbdi6KpKRhlnW0p2NufEMvmBg5kleHVHY3
c1M3y/GVNBGd9JTnGUqdX5HM/7TtOVOCQoYuJBNBpEps0dkArHYsWZ7EKDO1Ab90
YwEjiqh45Lfgi6vssEPYC7j/nmIKXeR8c/m0191qE6UoBZDxJsFNK9uixvWqExml
KCf4x5To7yGFWzIC
-----END CERTIFICATE-----

89
certs/test-pathlen/server-0-ca.pem Normal file
View File

@@ -0,0 +1,89 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 100 (0x64)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
Not Before: Sep 19 23:03:51 2016 GMT
Not After : Jun 16 23:03:51 2019 GMT
Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 0 CA/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
ad:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
X509v3 Authority Key Identifier:
keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:B7:B6:90:33:66:1B:6B:23
X509v3 Basic Constraints:
CA:TRUE, pathlen:0
X509v3 Key Usage:
Certificate Sign, CRL Sign
Signature Algorithm: sha1WithRSAEncryption
a4:3b:22:20:6f:07:33:d0:ae:6d:13:fd:4f:48:dc:03:c6:9c:
e0:34:73:fa:e8:2f:aa:bd:15:1c:87:fe:6f:e4:c6:8e:36:b8:
b6:bb:53:c1:ea:e4:5c:d9:de:44:d5:05:89:88:79:d9:87:c9:
05:78:57:bf:c0:25:1f:18:b6:f6:02:50:c8:b1:d1:0d:64:b0:
da:7e:68:e0:fa:64:68:51:1a:05:7f:7d:33:c5:27:71:0f:f6:
d7:72:19:7c:9f:57:34:5f:45:7a:b5:48:2e:d1:83:36:85:90:
0c:c8:c1:be:3f:c3:7a:a3:ad:9b:3a:ce:a7:b4:50:1b:76:2e:
8a:a4:a4:61:96:75:b4:a7:63:6e:7c:43:2f:98:18:39:92:57:
87:54:76:37:73:53:37:cb:f1:95:34:11:9d:f4:94:e7:19:4a:
9d:5f:91:cc:ff:b4:ed:39:53:82:42:86:2e:24:13:41:a4:4a:
6c:d1:d9:00:ac:76:2c:59:9e:c4:28:33:b5:01:bf:74:63:01:
23:8a:a8:78:e4:b7:e0:8b:ab:ec:b0:43:d8:0b:b8:ff:9e:62:
0a:5d:e4:7c:73:f9:b4:d7:dd:6a:13:a5:28:05:90:f1:26:c1:
4d:2b:db:a2:c6:f5:aa:13:19:a5:28:27:f8:c7:94:e8:ef:21:
85:5b:32:02
-----BEGIN CERTIFICATE-----
MIIEuDCCA6CgAwIBAgIBZDANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMx
EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwOTE5
MjMwMzUxWhcNMTkwNjE2MjMwMzUxWjCBmDELMAkGA1UEBhMCVVMxEzARBgNVBAgM
Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg
SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFDASBgNVBAMMC1NlcnZlciAwIENB
MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAwJUI4VdB8nFtt9JFQScBZcZFrvK8JDC4lc4vTtb2
HIi8fJ/7qGd//lycUXX3isoH5zUvj+G9e8AvfKtkqBf8yl17uuAh5XIuby6G2JVz
2qwbU7lfP9cZDSVP4WNjUYsLZD+tQ7ilHFw0s64AoGPF9n8LWWh4c6aMGKkCba/D
GQEuuBDjxsxAtGmjRjNph27Euxem8+jdrXO8ey8htf1mUQy9VLPhbV8cvCNz0QkD
iRTSELlkwyrQoZZKvOHUGlvHoMDBY3gPRDcwMpaAMiOVoXe6E9KXc+JdJclqDcM5
YKS0sGlCQgnp2Ai8MyCzWCKnquvE4eZhg8XSlt/Z0E+t1wIDAQABo4IBDTCCAQkw
HQYDVR0OBBYEFLMRMsmSmITiyfjQO24DQsofDo48MIHJBgNVHSMEgcEwgb6AFCeO
ZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJVUzEQMA4GA1UE
CAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3dG9vdGgx
EzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEf
MB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJALe2kDNmG2sjMA8GA1Ud
EwQIMAYBAf8CAQAwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCkOyIg
bwcz0K5tE/1PSNwDxpzgNHP66C+qvRUch/5v5MaONri2u1PB6uRc2d5E1QWJiHnZ
h8kFeFe/wCUfGLb2AlDIsdENZLDafmjg+mRoURoFf30zxSdxD/bXchl8n1c0X0V6
tUgu0YM2hZAMyMG+P8N6o62bOs6ntFAbdi6KpKRhlnW0p2NufEMvmBg5kleHVHY3
c1M3y/GVNBGd9JTnGUqdX5HM/7TtOVOCQoYuJBNBpEps0dkArHYsWZ7EKDO1Ab90
YwEjiqh45Lfgi6vssEPYC7j/nmIKXeR8c/m0191qE6UoBZDxJsFNK9uixvWqExml
KCf4x5To7yGFWzIC
-----END CERTIFICATE-----

86
certs/test-pathlen/server-0-cert.pem Normal file
View File

@@ -0,0 +1,86 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 101 (0x65)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 0 CA/emailAddress=info@wolfssl.com
Validity
Not Before: Sep 20 00:03:21 2016 GMT
Not After : Jun 17 00:03:21 2019 GMT
Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 0/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
ad:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
X509v3 Authority Key Identifier:
keyid:B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:64
X509v3 Basic Constraints:
CA:FALSE
Signature Algorithm: sha1WithRSAEncryption
09:2d:8f:57:0a:4c:f7:b1:30:48:1c:eb:00:c3:06:8c:d6:49:
dd:45:92:25:5c:29:1a:86:90:74:28:46:18:65:8f:fb:13:c4:
a7:85:3d:93:42:37:a1:44:aa:17:f6:b3:99:68:05:99:02:e5:
ac:cd:5e:3d:fc:fe:1f:a8:b2:2c:b4:2b:9c:a2:0b:94:f0:7b:
ef:5c:e9:ae:e5:fa:72:b9:a4:d5:b5:09:54:01:02:6a:da:09:
0c:72:4b:14:bd:1d:64:b7:70:80:be:cd:33:86:5e:1f:a0:49:
54:9d:af:eb:5c:dc:d5:15:97:7b:5f:8f:b3:6f:54:ce:16:f7:
d4:be:0b:40:f0:5b:31:54:04:49:37:d2:9d:c8:9a:05:1a:6e:
27:db:37:60:de:32:a7:d9:33:da:4b:a8:9e:08:0a:13:c4:ec:
75:e9:17:39:da:14:21:f5:c4:2b:9c:b6:31:ad:61:df:ed:52:
d2:d6:1f:d9:e0:f9:bb:29:15:9f:40:f5:e2:41:43:90:46:24:
e2:34:55:57:44:7b:46:c5:87:84:80:46:02:a5:db:7d:bc:0d:
69:ce:aa:9e:3e:e3:7a:bf:69:61:88:f7:a1:6e:01:0b:f4:59:
c2:42:d4:e0:32:d4:13:16:8a:39:fe:0b:9d:31:26:47:92:8c:
8f:1e:a4:4e
-----BEGIN CERTIFICATE-----
MIIEnDCCA4SgAwIBAgIBZTANBgkqhkiG9w0BAQUFADCBmDELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFDASBgNVBAMMC1Nl
cnZlciAwIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE2
MDkyMDAwMDMyMVoXDTE5MDYxNzAwMDMyMVowgZUxCzAJBgNVBAYTAlVTMRMwEQYD
VQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYDVQQKDAx3b2xm
U1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMREwDwYDVQQDDAhTZXJ2ZXIg
MDEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfSRUEnAWXGRa7yvCQwuJXOL07W
9hyIvHyf+6hnf/5cnFF194rKB+c1L4/hvXvAL3yrZKgX/Mpde7rgIeVyLm8uhtiV
c9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBjxfZ/C1loeHOmjBipAm2v
wxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9ZlEMvVSz4W1fHLwjc9EJ
A4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3uhPSl3PiXSXJag3D
OWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAAaOB8TCB7jAd
BgNVHQ4EFgQUsxEyyZKYhOLJ+NA7bgNCyh8OjjwwgcEGA1UdIwSBuTCBtoAUsxEy
yZKYhOLJ+NA7bgNCyh8OjjyhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQI
DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290aDET
MBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8w
HQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggFkMAkGA1UdEwQCMAAwDQYJ
KoZIhvcNAQEFBQADggEBAAktj1cKTPexMEgc6wDDBozWSd1FkiVcKRqGkHQoRhhl
j/sTxKeFPZNCN6FEqhf2s5loBZkC5azNXj38/h+osiy0K5yiC5Twe+9c6a7l+nK5
pNW1CVQBAmraCQxySxS9HWS3cIC+zTOGXh+gSVSdr+tc3NUVl3tfj7NvVM4W99S+
C0DwWzFUBEk30p3ImgUabifbN2DeMqfZM9pLqJ4IChPE7HXpFznaFCH1xCuctjGt
Yd/tUtLWH9ng+bspFZ9A9eJBQ5BGJOI0VVdEe0bFh4SARgKl2328DWnOqp4+43q/
aWGI96FuAQv0WcJC1OAy1BMWijn+C50xJkeSjI8epE4=
-----END CERTIFICATE-----

175
certs/test-pathlen/server-0-chain.pem Normal file
View File

@@ -0,0 +1,175 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 101 (0x65)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 0 CA/emailAddress=info@wolfssl.com
Validity
Not Before: Sep 20 00:03:21 2016 GMT
Not After : Jun 17 00:03:21 2019 GMT
Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 0/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
ad:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
X509v3 Authority Key Identifier:
keyid:B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:64
X509v3 Basic Constraints:
CA:FALSE
Signature Algorithm: sha1WithRSAEncryption
09:2d:8f:57:0a:4c:f7:b1:30:48:1c:eb:00:c3:06:8c:d6:49:
dd:45:92:25:5c:29:1a:86:90:74:28:46:18:65:8f:fb:13:c4:
a7:85:3d:93:42:37:a1:44:aa:17:f6:b3:99:68:05:99:02:e5:
ac:cd:5e:3d:fc:fe:1f:a8:b2:2c:b4:2b:9c:a2:0b:94:f0:7b:
ef:5c:e9:ae:e5:fa:72:b9:a4:d5:b5:09:54:01:02:6a:da:09:
0c:72:4b:14:bd:1d:64:b7:70:80:be:cd:33:86:5e:1f:a0:49:
54:9d:af:eb:5c:dc:d5:15:97:7b:5f:8f:b3:6f:54:ce:16:f7:
d4:be:0b:40:f0:5b:31:54:04:49:37:d2:9d:c8:9a:05:1a:6e:
27:db:37:60:de:32:a7:d9:33:da:4b:a8:9e:08:0a:13:c4:ec:
75:e9:17:39:da:14:21:f5:c4:2b:9c:b6:31:ad:61:df:ed:52:
d2:d6:1f:d9:e0:f9:bb:29:15:9f:40:f5:e2:41:43:90:46:24:
e2:34:55:57:44:7b:46:c5:87:84:80:46:02:a5:db:7d:bc:0d:
69:ce:aa:9e:3e:e3:7a:bf:69:61:88:f7:a1:6e:01:0b:f4:59:
c2:42:d4:e0:32:d4:13:16:8a:39:fe:0b:9d:31:26:47:92:8c:
8f:1e:a4:4e
-----BEGIN CERTIFICATE-----
MIIEnDCCA4SgAwIBAgIBZTANBgkqhkiG9w0BAQUFADCBmDELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFDASBgNVBAMMC1Nl
cnZlciAwIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE2
MDkyMDAwMDMyMVoXDTE5MDYxNzAwMDMyMVowgZUxCzAJBgNVBAYTAlVTMRMwEQYD
VQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYDVQQKDAx3b2xm
U1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMREwDwYDVQQDDAhTZXJ2ZXIg
MDEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfSRUEnAWXGRa7yvCQwuJXOL07W
9hyIvHyf+6hnf/5cnFF194rKB+c1L4/hvXvAL3yrZKgX/Mpde7rgIeVyLm8uhtiV
c9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBjxfZ/C1loeHOmjBipAm2v
wxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9ZlEMvVSz4W1fHLwjc9EJ
A4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3uhPSl3PiXSXJag3D
OWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAAaOB8TCB7jAd
BgNVHQ4EFgQUsxEyyZKYhOLJ+NA7bgNCyh8OjjwwgcEGA1UdIwSBuTCBtoAUsxEy
yZKYhOLJ+NA7bgNCyh8OjjyhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQI
DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290aDET
MBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8w
HQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggFkMAkGA1UdEwQCMAAwDQYJ
KoZIhvcNAQEFBQADggEBAAktj1cKTPexMEgc6wDDBozWSd1FkiVcKRqGkHQoRhhl
j/sTxKeFPZNCN6FEqhf2s5loBZkC5azNXj38/h+osiy0K5yiC5Twe+9c6a7l+nK5
pNW1CVQBAmraCQxySxS9HWS3cIC+zTOGXh+gSVSdr+tc3NUVl3tfj7NvVM4W99S+
C0DwWzFUBEk30p3ImgUabifbN2DeMqfZM9pLqJ4IChPE7HXpFznaFCH1xCuctjGt
Yd/tUtLWH9ng+bspFZ9A9eJBQ5BGJOI0VVdEe0bFh4SARgKl2328DWnOqp4+43q/
aWGI96FuAQv0WcJC1OAy1BMWijn+C50xJkeSjI8epE4=
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 100 (0x64)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
Not Before: Sep 19 23:03:51 2016 GMT
Not After : Jun 16 23:03:51 2019 GMT
Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 0 CA/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
ad:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
X509v3 Authority Key Identifier:
keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:B7:B6:90:33:66:1B:6B:23
X509v3 Basic Constraints:
CA:TRUE, pathlen:0
X509v3 Key Usage:
Certificate Sign, CRL Sign
Signature Algorithm: sha1WithRSAEncryption
a4:3b:22:20:6f:07:33:d0:ae:6d:13:fd:4f:48:dc:03:c6:9c:
e0:34:73:fa:e8:2f:aa:bd:15:1c:87:fe:6f:e4:c6:8e:36:b8:
b6:bb:53:c1:ea:e4:5c:d9:de:44:d5:05:89:88:79:d9:87:c9:
05:78:57:bf:c0:25:1f:18:b6:f6:02:50:c8:b1:d1:0d:64:b0:
da:7e:68:e0:fa:64:68:51:1a:05:7f:7d:33:c5:27:71:0f:f6:
d7:72:19:7c:9f:57:34:5f:45:7a:b5:48:2e:d1:83:36:85:90:
0c:c8:c1:be:3f:c3:7a:a3:ad:9b:3a:ce:a7:b4:50:1b:76:2e:
8a:a4:a4:61:96:75:b4:a7:63:6e:7c:43:2f:98:18:39:92:57:
87:54:76:37:73:53:37:cb:f1:95:34:11:9d:f4:94:e7:19:4a:
9d:5f:91:cc:ff:b4:ed:39:53:82:42:86:2e:24:13:41:a4:4a:
6c:d1:d9:00:ac:76:2c:59:9e:c4:28:33:b5:01:bf:74:63:01:
23:8a:a8:78:e4:b7:e0:8b:ab:ec:b0:43:d8:0b:b8:ff:9e:62:
0a:5d:e4:7c:73:f9:b4:d7:dd:6a:13:a5:28:05:90:f1:26:c1:
4d:2b:db:a2:c6:f5:aa:13:19:a5:28:27:f8:c7:94:e8:ef:21:
85:5b:32:02
-----BEGIN CERTIFICATE-----
MIIEuDCCA6CgAwIBAgIBZDANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMx
EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwOTE5
MjMwMzUxWhcNMTkwNjE2MjMwMzUxWjCBmDELMAkGA1UEBhMCVVMxEzARBgNVBAgM
Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg
SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFDASBgNVBAMMC1NlcnZlciAwIENB
MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAwJUI4VdB8nFtt9JFQScBZcZFrvK8JDC4lc4vTtb2
HIi8fJ/7qGd//lycUXX3isoH5zUvj+G9e8AvfKtkqBf8yl17uuAh5XIuby6G2JVz
2qwbU7lfP9cZDSVP4WNjUYsLZD+tQ7ilHFw0s64AoGPF9n8LWWh4c6aMGKkCba/D
GQEuuBDjxsxAtGmjRjNph27Euxem8+jdrXO8ey8htf1mUQy9VLPhbV8cvCNz0QkD
iRTSELlkwyrQoZZKvOHUGlvHoMDBY3gPRDcwMpaAMiOVoXe6E9KXc+JdJclqDcM5
YKS0sGlCQgnp2Ai8MyCzWCKnquvE4eZhg8XSlt/Z0E+t1wIDAQABo4IBDTCCAQkw
HQYDVR0OBBYEFLMRMsmSmITiyfjQO24DQsofDo48MIHJBgNVHSMEgcEwgb6AFCeO
ZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJVUzEQMA4GA1UE
CAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3dG9vdGgx
EzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEf
MB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJALe2kDNmG2sjMA8GA1Ud
EwQIMAYBAf8CAQAwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCkOyIg
bwcz0K5tE/1PSNwDxpzgNHP66C+qvRUch/5v5MaONri2u1PB6uRc2d5E1QWJiHnZ
h8kFeFe/wCUfGLb2AlDIsdENZLDafmjg+mRoURoFf30zxSdxD/bXchl8n1c0X0V6
tUgu0YM2hZAMyMG+P8N6o62bOs6ntFAbdi6KpKRhlnW0p2NufEMvmBg5kleHVHY3
c1M3y/GVNBGd9JTnGUqdX5HM/7TtOVOCQoYuJBNBpEps0dkArHYsWZ7EKDO1Ab90
YwEjiqh45Lfgi6vssEPYC7j/nmIKXeR8c/m0191qE6UoBZDxJsFNK9uixvWqExml
KCf4x5To7yGFWzIC
-----END CERTIFICATE-----

89
certs/test-pathlen/server-1-0-ca.pem Normal file
View File

@@ -0,0 +1,89 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 103 (0x67)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 1 CA/emailAddress=info@wolfssl.com
Validity
Not Before: Sep 20 21:23:18 2016 GMT
Not After : Jun 16 21:23:18 2019 GMT
Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 1-0 CA/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
ad:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
X509v3 Authority Key Identifier:
keyid:B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:66
X509v3 Basic Constraints:
CA:TRUE, pathlen:0
X509v3 Key Usage:
Certificate Sign, CRL Sign
Signature Algorithm: sha1WithRSAEncryption
37:78:ec:5f:82:05:c6:19:f6:3a:be:82:5f:1e:d3:69:26:20:
92:f2:24:e8:6d:5f:44:70:ca:bd:53:24:ab:1f:58:6b:24:08:
d0:3a:a6:46:d3:1d:63:7c:22:8b:4a:e2:69:9e:de:03:08:91:
b5:37:bb:55:fe:91:fc:b4:2f:ce:9f:58:f7:80:6c:77:ed:82:
6d:93:f0:30:9b:42:21:dc:98:64:87:df:f5:2f:f6:90:d9:af:
7b:e0:98:68:07:3a:bd:70:60:e6:c8:4b:a2:c7:aa:9d:3b:cf:
79:07:44:57:86:cc:e2:3a:7d:b1:ee:c7:61:48:8c:0e:b0:8d:
0c:f6:c2:3e:e2:68:2d:50:a7:ac:5b:86:6e:f5:d1:5e:24:dd:
b7:c4:23:c0:90:82:e1:4f:bb:a7:6f:94:d3:9b:a3:28:30:12:
8b:57:18:79:91:92:44:97:ff:08:75:49:74:3b:a8:91:ca:30:
e0:d0:5b:90:b7:26:14:69:b8:fe:72:fa:cd:8a:da:75:28:6d:
e2:e4:82:83:83:01:e4:60:c8:67:5b:ef:04:a9:29:2a:6d:64:
1a:fc:fd:52:57:57:56:b3:bb:06:0e:e5:5f:22:d1:88:6b:12:
aa:f1:d5:91:09:c9:5c:1c:55:18:e6:34:fa:cd:d7:aa:bf:04:
fa:58:7d:cf
-----BEGIN CERTIFICATE-----
MIIEtjCCA56gAwIBAgIBZzANBgkqhkiG9w0BAQUFADCBmDELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFDASBgNVBAMMC1Nl
cnZlciAxIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE2
MDkyMDIxMjMxOFoXDTE5MDYxNjIxMjMxOFowgZoxCzAJBgNVBAYTAlVTMRMwEQYD
VQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYDVQQKDAx3b2xm
U1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRYwFAYDVQQDDA1TZXJ2ZXIg
MS0wIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJUI4VdB8nFtt9JFQScBZcZFrvK8JDC4
lc4vTtb2HIi8fJ/7qGd//lycUXX3isoH5zUvj+G9e8AvfKtkqBf8yl17uuAh5XIu
by6G2JVz2qwbU7lfP9cZDSVP4WNjUYsLZD+tQ7ilHFw0s64AoGPF9n8LWWh4c6aM
GKkCba/DGQEuuBDjxsxAtGmjRjNph27Euxem8+jdrXO8ey8htf1mUQy9VLPhbV8c
vCNz0QkDiRTSELlkwyrQoZZKvOHUGlvHoMDBY3gPRDcwMpaAMiOVoXe6E9KXc+Jd
JclqDcM5YKS0sGlCQgnp2Ai8MyCzWCKnquvE4eZhg8XSlt/Z0E+t1wIDAQABo4IB
BTCCAQEwHQYDVR0OBBYEFLMRMsmSmITiyfjQO24DQsofDo48MIHBBgNVHSMEgbkw
gbaAFLMRMsmSmITiyfjQO24DQsofDo48oYGapIGXMIGUMQswCQYDVQQGEwJVUzEQ
MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3
dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIBZjAPBgNVHRME
CDAGAQH/AgEAMAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAN3jsX4IF
xhn2Or6CXx7TaSYgkvIk6G1fRHDKvVMkqx9YayQI0DqmRtMdY3wii0riaZ7eAwiR
tTe7Vf6R/LQvzp9Y94Bsd+2CbZPwMJtCIdyYZIff9S/2kNmve+CYaAc6vXBg5shL
oseqnTvPeQdEV4bM4jp9se7HYUiMDrCNDPbCPuJoLVCnrFuGbvXRXiTdt8QjwJCC
4U+7p2+U05ujKDASi1cYeZGSRJf/CHVJdDuokcow4NBbkLcmFGm4/nL6zYradSht
4uSCg4MB5GDIZ1vvBKkpKm1kGvz9UldXVrO7Bg7lXyLRiGsSqvHVkQnJXBxVGOY0
+s3Xqr8E+lh9zw==
-----END CERTIFICATE-----

86
certs/test-pathlen/server-1-0-cert.pem Normal file
View File

@@ -0,0 +1,86 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 104 (0x68)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 1-0 CA/emailAddress=info@wolfssl.com
Validity
Not Before: Sep 20 00:07:57 2016 GMT
Not After : Jun 17 00:07:57 2019 GMT
Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 1-0/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
ad:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
X509v3 Authority Key Identifier:
keyid:B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=Server 1 CA/emailAddress=info@wolfssl.com
serial:67
X509v3 Basic Constraints:
CA:FALSE
Signature Algorithm: sha1WithRSAEncryption
6d:98:b9:e7:03:b3:0e:36:15:f5:6f:6c:60:59:9d:60:95:cb:
8c:31:f6:b7:7d:27:6a:37:99:79:cb:06:89:4a:87:c8:a6:d7:
86:46:5c:f3:02:f9:37:98:3a:d2:59:3a:37:59:7e:46:58:ee:
18:b2:77:a9:85:39:45:e1:05:d4:a7:bc:1e:cc:4a:a3:be:1e:
7e:58:15:79:c4:25:8f:1d:3f:f4:e2:5d:3c:c1:a5:45:f3:e0:
fd:97:96:49:78:c7:c7:e2:e9:78:97:91:9c:44:a3:f9:b4:cc:
14:61:b4:03:55:ef:d2:33:3b:8d:8e:01:e1:a1:27:a4:1e:66:
06:13:0b:e0:5b:6b:69:8a:8a:c8:c5:a9:a3:8f:6e:dd:25:03:
5f:3f:65:21:8e:d5:b2:dc:0e:e1:b6:d2:fd:9c:d8:99:33:f6:
4b:8c:71:2b:9e:0a:3a:40:a5:28:ef:d8:65:fb:08:2f:f4:e9:
2b:d6:7c:9c:09:1c:6e:aa:f0:7f:67:13:dc:a3:e6:fa:5c:49:
04:ba:55:d4:3e:4d:17:3d:e9:13:bf:b1:95:e8:71:41:47:4a:
73:52:97:85:71:ac:a1:b7:32:82:64:77:c2:53:5c:f0:35:81:
34:10:77:09:69:04:73:05:39:b6:62:2e:fd:37:a4:20:3e:40:
98:a5:e5:dc
-----BEGIN CERTIFICATE-----
MIIEpDCCA4ygAwIBAgIBaDANBgkqhkiG9w0BAQUFADCBmjELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFjAUBgNVBAMMDVNl
cnZlciAxLTAgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcN
MTYwOTIwMDAwNzU3WhcNMTkwNjE3MDAwNzU3WjCBlzELMAkGA1UEBhMCVVMxEzAR
BgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdv
bGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxEzARBgNVBAMMClNlcnZl
ciAxLTAxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAlQjhV0HycW230kVBJwFlxkWu8rwkMLiV
zi9O1vYciLx8n/uoZ3/+XJxRdfeKygfnNS+P4b17wC98q2SoF/zKXXu64CHlci5v
LobYlXParBtTuV8/1xkNJU/hY2NRiwtkP61DuKUcXDSzrgCgY8X2fwtZaHhzpowY
qQJtr8MZAS64EOPGzEC0aaNGM2mHbsS7F6bz6N2tc7x7LyG1/WZRDL1Us+FtXxy8
I3PRCQOJFNIQuWTDKtChlkq84dQaW8egwMFjeA9ENzAyloAyI5Whd7oT0pdz4l0l
yWoNwzlgpLSwaUJCCenYCLwzILNYIqeq68Th5mGDxdKW39nQT63XAgMBAAGjgfUw
gfIwHQYDVR0OBBYEFLMRMsmSmITiyfjQO24DQsofDo48MIHFBgNVHSMEgb0wgbqA
FLMRMsmSmITiyfjQO24DQsofDo48oYGepIGbMIGYMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEVMBMGA1UECgwMd29s
ZlNTTCBJbmMuMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEUMBIGA1UEAwwLU2VydmVy
IDEgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CAWcwCQYDVR0T
BAIwADANBgkqhkiG9w0BAQUFAAOCAQEAbZi55wOzDjYV9W9sYFmdYJXLjDH2t30n
ajeZecsGiUqHyKbXhkZc8wL5N5g60lk6N1l+RljuGLJ3qYU5ReEF1Ke8HsxKo74e
flgVecQljx0/9OJdPMGlRfPg/ZeWSXjHx+LpeJeRnESj+bTMFGG0A1Xv0jM7jY4B
4aEnpB5mBhML4FtraYqKyMWpo49u3SUDXz9lIY7VstwO4bbS/ZzYmTP2S4xxK54K
OkClKO/YZfsIL/TpK9Z8nAkcbqrwf2cT3KPm+lxJBLpV1D5NFz3pE7+xlehxQUdK
c1KXhXGsobcygmR3wlNc8DWBNBB3CWkEcwU5tmIu/TekID5AmKXl3A==
-----END CERTIFICATE-----

264
certs/test-pathlen/server-1-0-chain.pem Normal file
View File

@@ -0,0 +1,264 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 104 (0x68)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 1-0 CA/emailAddress=info@wolfssl.com
Validity
Not Before: Sep 20 00:07:57 2016 GMT
Not After : Jun 17 00:07:57 2019 GMT
Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 1-0/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
ad:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
X509v3 Authority Key Identifier:
keyid:B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=Server 1 CA/emailAddress=info@wolfssl.com
serial:67
X509v3 Basic Constraints:
CA:FALSE
Signature Algorithm: sha1WithRSAEncryption
6d:98:b9:e7:03:b3:0e:36:15:f5:6f:6c:60:59:9d:60:95:cb:
8c:31:f6:b7:7d:27:6a:37:99:79:cb:06:89:4a:87:c8:a6:d7:
86:46:5c:f3:02:f9:37:98:3a:d2:59:3a:37:59:7e:46:58:ee:
18:b2:77:a9:85:39:45:e1:05:d4:a7:bc:1e:cc:4a:a3:be:1e:
7e:58:15:79:c4:25:8f:1d:3f:f4:e2:5d:3c:c1:a5:45:f3:e0:
fd:97:96:49:78:c7:c7:e2:e9:78:97:91:9c:44:a3:f9:b4:cc:
14:61:b4:03:55:ef:d2:33:3b:8d:8e:01:e1:a1:27:a4:1e:66:
06:13:0b:e0:5b:6b:69:8a:8a:c8:c5:a9:a3:8f:6e:dd:25:03:
5f:3f:65:21:8e:d5:b2:dc:0e:e1:b6:d2:fd:9c:d8:99:33:f6:
4b:8c:71:2b:9e:0a:3a:40:a5:28:ef:d8:65:fb:08:2f:f4:e9:
2b:d6:7c:9c:09:1c:6e:aa:f0:7f:67:13:dc:a3:e6:fa:5c:49:
04:ba:55:d4:3e:4d:17:3d:e9:13:bf:b1:95:e8:71:41:47:4a:
73:52:97:85:71:ac:a1:b7:32:82:64:77:c2:53:5c:f0:35:81:
34:10:77:09:69:04:73:05:39:b6:62:2e:fd:37:a4:20:3e:40:
98:a5:e5:dc
-----BEGIN CERTIFICATE-----
MIIEpDCCA4ygAwIBAgIBaDANBgkqhkiG9w0BAQUFADCBmjELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFjAUBgNVBAMMDVNl
cnZlciAxLTAgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcN
MTYwOTIwMDAwNzU3WhcNMTkwNjE3MDAwNzU3WjCBlzELMAkGA1UEBhMCVVMxEzAR
BgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdv
bGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxEzARBgNVBAMMClNlcnZl
ciAxLTAxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAlQjhV0HycW230kVBJwFlxkWu8rwkMLiV
zi9O1vYciLx8n/uoZ3/+XJxRdfeKygfnNS+P4b17wC98q2SoF/zKXXu64CHlci5v
LobYlXParBtTuV8/1xkNJU/hY2NRiwtkP61DuKUcXDSzrgCgY8X2fwtZaHhzpowY
qQJtr8MZAS64EOPGzEC0aaNGM2mHbsS7F6bz6N2tc7x7LyG1/WZRDL1Us+FtXxy8
I3PRCQOJFNIQuWTDKtChlkq84dQaW8egwMFjeA9ENzAyloAyI5Whd7oT0pdz4l0l
yWoNwzlgpLSwaUJCCenYCLwzILNYIqeq68Th5mGDxdKW39nQT63XAgMBAAGjgfUw
gfIwHQYDVR0OBBYEFLMRMsmSmITiyfjQO24DQsofDo48MIHFBgNVHSMEgb0wgbqA
FLMRMsmSmITiyfjQO24DQsofDo48oYGepIGbMIGYMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEVMBMGA1UECgwMd29s
ZlNTTCBJbmMuMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEUMBIGA1UEAwwLU2VydmVy
IDEgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CAWcwCQYDVR0T
BAIwADANBgkqhkiG9w0BAQUFAAOCAQEAbZi55wOzDjYV9W9sYFmdYJXLjDH2t30n
ajeZecsGiUqHyKbXhkZc8wL5N5g60lk6N1l+RljuGLJ3qYU5ReEF1Ke8HsxKo74e
flgVecQljx0/9OJdPMGlRfPg/ZeWSXjHx+LpeJeRnESj+bTMFGG0A1Xv0jM7jY4B
4aEnpB5mBhML4FtraYqKyMWpo49u3SUDXz9lIY7VstwO4bbS/ZzYmTP2S4xxK54K
OkClKO/YZfsIL/TpK9Z8nAkcbqrwf2cT3KPm+lxJBLpV1D5NFz3pE7+xlehxQUdK
c1KXhXGsobcygmR3wlNc8DWBNBB3CWkEcwU5tmIu/TekID5AmKXl3A==
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 103 (0x67)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 1 CA/emailAddress=info@wolfssl.com
Validity
Not Before: Sep 20 21:23:18 2016 GMT
Not After : Jun 16 21:23:18 2019 GMT
Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 1-0 CA/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
ad:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
X509v3 Authority Key Identifier:
keyid:B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:66
X509v3 Basic Constraints:
CA:TRUE, pathlen:0
X509v3 Key Usage:
Certificate Sign, CRL Sign
Signature Algorithm: sha1WithRSAEncryption
37:78:ec:5f:82:05:c6:19:f6:3a:be:82:5f:1e:d3:69:26:20:
92:f2:24:e8:6d:5f:44:70:ca:bd:53:24:ab:1f:58:6b:24:08:
d0:3a:a6:46:d3:1d:63:7c:22:8b:4a:e2:69:9e:de:03:08:91:
b5:37:bb:55:fe:91:fc:b4:2f:ce:9f:58:f7:80:6c:77:ed:82:
6d:93:f0:30:9b:42:21:dc:98:64:87:df:f5:2f:f6:90:d9:af:
7b:e0:98:68:07:3a:bd:70:60:e6:c8:4b:a2:c7:aa:9d:3b:cf:
79:07:44:57:86:cc:e2:3a:7d:b1:ee:c7:61:48:8c:0e:b0:8d:
0c:f6:c2:3e:e2:68:2d:50:a7:ac:5b:86:6e:f5:d1:5e:24:dd:
b7:c4:23:c0:90:82:e1:4f:bb:a7:6f:94:d3:9b:a3:28:30:12:
8b:57:18:79:91:92:44:97:ff:08:75:49:74:3b:a8:91:ca:30:
e0:d0:5b:90:b7:26:14:69:b8:fe:72:fa:cd:8a:da:75:28:6d:
e2:e4:82:83:83:01:e4:60:c8:67:5b:ef:04:a9:29:2a:6d:64:
1a:fc:fd:52:57:57:56:b3:bb:06:0e:e5:5f:22:d1:88:6b:12:
aa:f1:d5:91:09:c9:5c:1c:55:18:e6:34:fa:cd:d7:aa:bf:04:
fa:58:7d:cf
-----BEGIN CERTIFICATE-----
MIIEtjCCA56gAwIBAgIBZzANBgkqhkiG9w0BAQUFADCBmDELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFDASBgNVBAMMC1Nl
cnZlciAxIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE2
MDkyMDIxMjMxOFoXDTE5MDYxNjIxMjMxOFowgZoxCzAJBgNVBAYTAlVTMRMwEQYD
VQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYDVQQKDAx3b2xm
U1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRYwFAYDVQQDDA1TZXJ2ZXIg
MS0wIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJUI4VdB8nFtt9JFQScBZcZFrvK8JDC4
lc4vTtb2HIi8fJ/7qGd//lycUXX3isoH5zUvj+G9e8AvfKtkqBf8yl17uuAh5XIu
by6G2JVz2qwbU7lfP9cZDSVP4WNjUYsLZD+tQ7ilHFw0s64AoGPF9n8LWWh4c6aM
GKkCba/DGQEuuBDjxsxAtGmjRjNph27Euxem8+jdrXO8ey8htf1mUQy9VLPhbV8c
vCNz0QkDiRTSELlkwyrQoZZKvOHUGlvHoMDBY3gPRDcwMpaAMiOVoXe6E9KXc+Jd
JclqDcM5YKS0sGlCQgnp2Ai8MyCzWCKnquvE4eZhg8XSlt/Z0E+t1wIDAQABo4IB
BTCCAQEwHQYDVR0OBBYEFLMRMsmSmITiyfjQO24DQsofDo48MIHBBgNVHSMEgbkw
gbaAFLMRMsmSmITiyfjQO24DQsofDo48oYGapIGXMIGUMQswCQYDVQQGEwJVUzEQ
MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3
dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIBZjAPBgNVHRME
CDAGAQH/AgEAMAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAN3jsX4IF
xhn2Or6CXx7TaSYgkvIk6G1fRHDKvVMkqx9YayQI0DqmRtMdY3wii0riaZ7eAwiR
tTe7Vf6R/LQvzp9Y94Bsd+2CbZPwMJtCIdyYZIff9S/2kNmve+CYaAc6vXBg5shL
oseqnTvPeQdEV4bM4jp9se7HYUiMDrCNDPbCPuJoLVCnrFuGbvXRXiTdt8QjwJCC
4U+7p2+U05ujKDASi1cYeZGSRJf/CHVJdDuokcow4NBbkLcmFGm4/nL6zYradSht
4uSCg4MB5GDIZ1vvBKkpKm1kGvz9UldXVrO7Bg7lXyLRiGsSqvHVkQnJXBxVGOY0
+s3Xqr8E+lh9zw==
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 102 (0x66)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
Not Before: Sep 19 23:16:34 2016 GMT
Not After : Jun 16 23:16:34 2019 GMT
Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 1 CA/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
ad:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
X509v3 Authority Key Identifier:
keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:B7:B6:90:33:66:1B:6B:23
X509v3 Basic Constraints:
CA:TRUE, pathlen:1
X509v3 Key Usage:
Certificate Sign, CRL Sign
Signature Algorithm: sha1WithRSAEncryption
83:fd:d4:aa:5d:ba:bd:55:4a:76:80:0b:7b:fb:ac:61:46:e5:
e7:0d:2c:2b:85:d3:6a:af:40:4c:f1:51:2b:7d:8b:52:ce:77:
4e:73:39:b2:77:79:95:a6:49:b9:8c:c3:99:8d:d5:71:f4:33:
ca:dc:5a:81:7a:b3:ec:1e:97:ee:c8:b8:c7:ec:7e:91:74:5c:
0a:78:e3:db:a4:6f:90:69:4c:4a:a8:4c:cd:96:f3:8e:94:31:
86:48:b4:77:0a:c6:ee:8d:43:c9:2e:11:86:4c:0d:67:e0:8b:
4c:d2:84:9d:18:88:ef:93:34:bb:69:93:c0:96:a0:d1:4f:b7:
7e:a8:05:99:09:8e:39:66:13:8d:91:fe:05:12:c7:99:6a:2f:
38:5e:58:2f:5d:0c:54:14:6b:c9:8a:dc:c2:21:ce:44:38:09:
f3:13:96:23:12:a6:fc:24:a1:bc:8c:7e:65:9c:1f:e3:f9:58:
a4:42:b7:20:97:29:c6:f2:b7:61:d2:67:25:ba:bb:c0:79:00:
69:e1:30:6d:46:1d:ee:6e:44:ee:7d:9a:35:ef:bb:41:b4:ac:
e0:78:9e:ef:c5:e4:19:09:05:22:0d:06:b3:16:52:df:90:fc:
d5:fb:6f:52:bd:44:55:13:4b:86:81:0b:a9:75:74:64:33:32:
8f:98:a8:50
-----BEGIN CERTIFICATE-----
MIIEuDCCA6CgAwIBAgIBZjANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMx
EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwOTE5
MjMxNjM0WhcNMTkwNjE2MjMxNjM0WjCBmDELMAkGA1UEBhMCVVMxEzARBgNVBAgM
Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg
SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFDASBgNVBAMMC1NlcnZlciAxIENB
MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAwJUI4VdB8nFtt9JFQScBZcZFrvK8JDC4lc4vTtb2
HIi8fJ/7qGd//lycUXX3isoH5zUvj+G9e8AvfKtkqBf8yl17uuAh5XIuby6G2JVz
2qwbU7lfP9cZDSVP4WNjUYsLZD+tQ7ilHFw0s64AoGPF9n8LWWh4c6aMGKkCba/D
GQEuuBDjxsxAtGmjRjNph27Euxem8+jdrXO8ey8htf1mUQy9VLPhbV8cvCNz0QkD
iRTSELlkwyrQoZZKvOHUGlvHoMDBY3gPRDcwMpaAMiOVoXe6E9KXc+JdJclqDcM5
YKS0sGlCQgnp2Ai8MyCzWCKnquvE4eZhg8XSlt/Z0E+t1wIDAQABo4IBDTCCAQkw
HQYDVR0OBBYEFLMRMsmSmITiyfjQO24DQsofDo48MIHJBgNVHSMEgcEwgb6AFCeO
ZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJVUzEQMA4GA1UE
CAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3dG9vdGgx
EzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEf
MB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJALe2kDNmG2sjMA8GA1Ud
EwQIMAYBAf8CAQEwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCD/dSq
Xbq9VUp2gAt7+6xhRuXnDSwrhdNqr0BM8VErfYtSzndOczmyd3mVpkm5jMOZjdVx
9DPK3FqBerPsHpfuyLjH7H6RdFwKeOPbpG+QaUxKqEzNlvOOlDGGSLR3CsbujUPJ
LhGGTA1n4ItM0oSdGIjvkzS7aZPAlqDRT7d+qAWZCY45ZhONkf4FEseZai84Xlgv
XQxUFGvJitzCIc5EOAnzE5YjEqb8JKG8jH5lnB/j+VikQrcglynG8rdh0mclurvA
eQBp4TBtRh3ubkTufZo177tBtKzgeJ7vxeQZCQUiDQazFlLfkPzV+29SvURVE0uG
gQupdXRkMzKPmKhQ
-----END CERTIFICATE-----

89
certs/test-pathlen/server-1-ca.pem Normal file
View File

@@ -0,0 +1,89 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 102 (0x66)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
Not Before: Sep 19 23:16:34 2016 GMT
Not After : Jun 16 23:16:34 2019 GMT
Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 1 CA/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
ad:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
X509v3 Authority Key Identifier:
keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:B7:B6:90:33:66:1B:6B:23
X509v3 Basic Constraints:
CA:TRUE, pathlen:1
X509v3 Key Usage:
Certificate Sign, CRL Sign
Signature Algorithm: sha1WithRSAEncryption
83:fd:d4:aa:5d:ba:bd:55:4a:76:80:0b:7b:fb:ac:61:46:e5:
e7:0d:2c:2b:85:d3:6a:af:40:4c:f1:51:2b:7d:8b:52:ce:77:
4e:73:39:b2:77:79:95:a6:49:b9:8c:c3:99:8d:d5:71:f4:33:
ca:dc:5a:81:7a:b3:ec:1e:97:ee:c8:b8:c7:ec:7e:91:74:5c:
0a:78:e3:db:a4:6f:90:69:4c:4a:a8:4c:cd:96:f3:8e:94:31:
86:48:b4:77:0a:c6:ee:8d:43:c9:2e:11:86:4c:0d:67:e0:8b:
4c:d2:84:9d:18:88:ef:93:34:bb:69:93:c0:96:a0:d1:4f:b7:
7e:a8:05:99:09:8e:39:66:13:8d:91:fe:05:12:c7:99:6a:2f:
38:5e:58:2f:5d:0c:54:14:6b:c9:8a:dc:c2:21:ce:44:38:09:
f3:13:96:23:12:a6:fc:24:a1:bc:8c:7e:65:9c:1f:e3:f9:58:
a4:42:b7:20:97:29:c6:f2:b7:61:d2:67:25:ba:bb:c0:79:00:
69:e1:30:6d:46:1d:ee:6e:44:ee:7d:9a:35:ef:bb:41:b4:ac:
e0:78:9e:ef:c5:e4:19:09:05:22:0d:06:b3:16:52:df:90:fc:
d5:fb:6f:52:bd:44:55:13:4b:86:81:0b:a9:75:74:64:33:32:
8f:98:a8:50
-----BEGIN CERTIFICATE-----
MIIEuDCCA6CgAwIBAgIBZjANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMx
EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwOTE5
MjMxNjM0WhcNMTkwNjE2MjMxNjM0WjCBmDELMAkGA1UEBhMCVVMxEzARBgNVBAgM
Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg
SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFDASBgNVBAMMC1NlcnZlciAxIENB
MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAwJUI4VdB8nFtt9JFQScBZcZFrvK8JDC4lc4vTtb2
HIi8fJ/7qGd//lycUXX3isoH5zUvj+G9e8AvfKtkqBf8yl17uuAh5XIuby6G2JVz
2qwbU7lfP9cZDSVP4WNjUYsLZD+tQ7ilHFw0s64AoGPF9n8LWWh4c6aMGKkCba/D
GQEuuBDjxsxAtGmjRjNph27Euxem8+jdrXO8ey8htf1mUQy9VLPhbV8cvCNz0QkD
iRTSELlkwyrQoZZKvOHUGlvHoMDBY3gPRDcwMpaAMiOVoXe6E9KXc+JdJclqDcM5
YKS0sGlCQgnp2Ai8MyCzWCKnquvE4eZhg8XSlt/Z0E+t1wIDAQABo4IBDTCCAQkw
HQYDVR0OBBYEFLMRMsmSmITiyfjQO24DQsofDo48MIHJBgNVHSMEgcEwgb6AFCeO
ZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJVUzEQMA4GA1UE
CAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3dG9vdGgx
EzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEf
MB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJALe2kDNmG2sjMA8GA1Ud
EwQIMAYBAf8CAQEwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCD/dSq
Xbq9VUp2gAt7+6xhRuXnDSwrhdNqr0BM8VErfYtSzndOczmyd3mVpkm5jMOZjdVx
9DPK3FqBerPsHpfuyLjH7H6RdFwKeOPbpG+QaUxKqEzNlvOOlDGGSLR3CsbujUPJ
LhGGTA1n4ItM0oSdGIjvkzS7aZPAlqDRT7d+qAWZCY45ZhONkf4FEseZai84Xlgv
XQxUFGvJitzCIc5EOAnzE5YjEqb8JKG8jH5lnB/j+VikQrcglynG8rdh0mclurvA
eQBp4TBtRh3ubkTufZo177tBtKzgeJ7vxeQZCQUiDQazFlLfkPzV+29SvURVE0uG
gQupdXRkMzKPmKhQ
-----END CERTIFICATE-----

86
certs/test-pathlen/server-1-cert.pem Normal file
View File

@@ -0,0 +1,86 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 105 (0x69)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 1 CA/emailAddress=info@wolfssl.com
Validity
Not Before: Sep 20 00:06:27 2016 GMT
Not After : Jun 17 00:06:27 2019 GMT
Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 1/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
ad:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
X509v3 Authority Key Identifier:
keyid:B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:66
X509v3 Basic Constraints:
CA:FALSE
Signature Algorithm: sha1WithRSAEncryption
13:f9:04:1c:01:40:c5:1c:e9:51:fc:95:da:cb:d1:44:9f:25:
63:e8:85:f7:85:78:f1:ac:01:2d:25:34:16:96:62:a8:5a:fd:
41:a2:2a:60:b1:c3:97:92:59:0d:ba:2c:74:ae:a5:ff:ae:3d:
22:99:1e:ca:f9:89:4e:7c:c1:65:00:0e:84:61:3f:2d:5f:47:
7f:a9:90:bf:fa:83:64:55:2c:0c:ec:34:92:59:07:b0:86:9d:
66:a4:d4:16:82:e1:a8:ab:d1:12:00:b2:a4:af:c7:69:c4:54:
0b:bb:4f:64:9b:77:94:ed:5d:aa:42:70:4e:7c:5f:ae:46:91:
17:95:0b:27:b3:fd:28:87:34:8c:a8:4e:7d:07:9e:c1:d4:fd:
6b:e5:c5:a9:ca:c3:24:35:26:b5:7e:aa:11:78:f4:fa:c7:66:
59:cd:58:8f:13:7a:cf:00:8d:ba:75:8d:0d:ed:ca:ef:70:93:
d7:8c:d9:a4:c0:4b:b1:00:b3:da:5f:71:a6:6a:4d:3b:40:36:
76:12:75:45:50:a1:32:ca:14:76:9d:d8:3d:92:7e:80:e1:d0:
24:c3:a1:56:77:06:a6:d8:d3:f3:18:c1:69:d4:e3:4d:95:2b:
05:00:1b:e5:2a:a8:ca:69:01:7e:c4:c8:e5:e5:09:b5:3b:65:
73:5f:ba:46
-----BEGIN CERTIFICATE-----
MIIEnDCCA4SgAwIBAgIBaTANBgkqhkiG9w0BAQUFADCBmDELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFDASBgNVBAMMC1Nl
cnZlciAxIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE2
MDkyMDAwMDYyN1oXDTE5MDYxNzAwMDYyN1owgZUxCzAJBgNVBAYTAlVTMRMwEQYD
VQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYDVQQKDAx3b2xm
U1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMREwDwYDVQQDDAhTZXJ2ZXIg
MTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfSRUEnAWXGRa7yvCQwuJXOL07W
9hyIvHyf+6hnf/5cnFF194rKB+c1L4/hvXvAL3yrZKgX/Mpde7rgIeVyLm8uhtiV
c9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBjxfZ/C1loeHOmjBipAm2v
wxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9ZlEMvVSz4W1fHLwjc9EJ
A4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3uhPSl3PiXSXJag3D
OWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAAaOB8TCB7jAd
BgNVHQ4EFgQUsxEyyZKYhOLJ+NA7bgNCyh8OjjwwgcEGA1UdIwSBuTCBtoAUsxEy
yZKYhOLJ+NA7bgNCyh8OjjyhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQI
DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290aDET
MBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8w
HQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggFmMAkGA1UdEwQCMAAwDQYJ
KoZIhvcNAQEFBQADggEBABP5BBwBQMUc6VH8ldrL0USfJWPohfeFePGsAS0lNBaW
Yqha/UGiKmCxw5eSWQ26LHSupf+uPSKZHsr5iU58wWUADoRhPy1fR3+pkL/6g2RV
LAzsNJJZB7CGnWak1BaC4air0RIAsqSvx2nEVAu7T2Sbd5TtXapCcE58X65GkReV
Cyez/SiHNIyoTn0HnsHU/WvlxanKwyQ1JrV+qhF49PrHZlnNWI8Tes8Ajbp1jQ3t
yu9wk9eM2aTAS7EAs9pfcaZqTTtANnYSdUVQoTLKFHad2D2SfoDh0CTDoVZ3BqbY
0/MYwWnU402VKwUAG+UqqMppAX7EyOXlCbU7ZXNfukY=
-----END CERTIFICATE-----

175
certs/test-pathlen/server-1-chain.pem Normal file
View File

@@ -0,0 +1,175 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 105 (0x69)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 1 CA/emailAddress=info@wolfssl.com
Validity
Not Before: Sep 20 00:06:27 2016 GMT
Not After : Jun 17 00:06:27 2019 GMT
Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 1/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
ad:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
X509v3 Authority Key Identifier:
keyid:B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:66
X509v3 Basic Constraints:
CA:FALSE
Signature Algorithm: sha1WithRSAEncryption
13:f9:04:1c:01:40:c5:1c:e9:51:fc:95:da:cb:d1:44:9f:25:
63:e8:85:f7:85:78:f1:ac:01:2d:25:34:16:96:62:a8:5a:fd:
41:a2:2a:60:b1:c3:97:92:59:0d:ba:2c:74:ae:a5:ff:ae:3d:
22:99:1e:ca:f9:89:4e:7c:c1:65:00:0e:84:61:3f:2d:5f:47:
7f:a9:90:bf:fa:83:64:55:2c:0c:ec:34:92:59:07:b0:86:9d:
66:a4:d4:16:82:e1:a8:ab:d1:12:00:b2:a4:af:c7:69:c4:54:
0b:bb:4f:64:9b:77:94:ed:5d:aa:42:70:4e:7c:5f:ae:46:91:
17:95:0b:27:b3:fd:28:87:34:8c:a8:4e:7d:07:9e:c1:d4:fd:
6b:e5:c5:a9:ca:c3:24:35:26:b5:7e:aa:11:78:f4:fa:c7:66:
59:cd:58:8f:13:7a:cf:00:8d:ba:75:8d:0d:ed:ca:ef:70:93:
d7:8c:d9:a4:c0:4b:b1:00:b3:da:5f:71:a6:6a:4d:3b:40:36:
76:12:75:45:50:a1:32:ca:14:76:9d:d8:3d:92:7e:80:e1:d0:
24:c3:a1:56:77:06:a6:d8:d3:f3:18:c1:69:d4:e3:4d:95:2b:
05:00:1b:e5:2a:a8:ca:69:01:7e:c4:c8:e5:e5:09:b5:3b:65:
73:5f:ba:46
-----BEGIN CERTIFICATE-----
MIIEnDCCA4SgAwIBAgIBaTANBgkqhkiG9w0BAQUFADCBmDELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFDASBgNVBAMMC1Nl
cnZlciAxIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE2
MDkyMDAwMDYyN1oXDTE5MDYxNzAwMDYyN1owgZUxCzAJBgNVBAYTAlVTMRMwEQYD
VQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYDVQQKDAx3b2xm
U1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMREwDwYDVQQDDAhTZXJ2ZXIg
MTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfSRUEnAWXGRa7yvCQwuJXOL07W
9hyIvHyf+6hnf/5cnFF194rKB+c1L4/hvXvAL3yrZKgX/Mpde7rgIeVyLm8uhtiV
c9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBjxfZ/C1loeHOmjBipAm2v
wxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9ZlEMvVSz4W1fHLwjc9EJ
A4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3uhPSl3PiXSXJag3D
OWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAAaOB8TCB7jAd
BgNVHQ4EFgQUsxEyyZKYhOLJ+NA7bgNCyh8OjjwwgcEGA1UdIwSBuTCBtoAUsxEy
yZKYhOLJ+NA7bgNCyh8OjjyhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQI
DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290aDET
MBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8w
HQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggFmMAkGA1UdEwQCMAAwDQYJ
KoZIhvcNAQEFBQADggEBABP5BBwBQMUc6VH8ldrL0USfJWPohfeFePGsAS0lNBaW
Yqha/UGiKmCxw5eSWQ26LHSupf+uPSKZHsr5iU58wWUADoRhPy1fR3+pkL/6g2RV
LAzsNJJZB7CGnWak1BaC4air0RIAsqSvx2nEVAu7T2Sbd5TtXapCcE58X65GkReV
Cyez/SiHNIyoTn0HnsHU/WvlxanKwyQ1JrV+qhF49PrHZlnNWI8Tes8Ajbp1jQ3t
yu9wk9eM2aTAS7EAs9pfcaZqTTtANnYSdUVQoTLKFHad2D2SfoDh0CTDoVZ3BqbY
0/MYwWnU402VKwUAG+UqqMppAX7EyOXlCbU7ZXNfukY=
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 102 (0x66)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
Not Before: Sep 19 23:16:34 2016 GMT
Not After : Jun 16 23:16:34 2019 GMT
Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 1 CA/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
ad:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
X509v3 Authority Key Identifier:
keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:B7:B6:90:33:66:1B:6B:23
X509v3 Basic Constraints:
CA:TRUE, pathlen:1
X509v3 Key Usage:
Certificate Sign, CRL Sign
Signature Algorithm: sha1WithRSAEncryption
83:fd:d4:aa:5d:ba:bd:55:4a:76:80:0b:7b:fb:ac:61:46:e5:
e7:0d:2c:2b:85:d3:6a:af:40:4c:f1:51:2b:7d:8b:52:ce:77:
4e:73:39:b2:77:79:95:a6:49:b9:8c:c3:99:8d:d5:71:f4:33:
ca:dc:5a:81:7a:b3:ec:1e:97:ee:c8:b8:c7:ec:7e:91:74:5c:
0a:78:e3:db:a4:6f:90:69:4c:4a:a8:4c:cd:96:f3:8e:94:31:
86:48:b4:77:0a:c6:ee:8d:43:c9:2e:11:86:4c:0d:67:e0:8b:
4c:d2:84:9d:18:88:ef:93:34:bb:69:93:c0:96:a0:d1:4f:b7:
7e:a8:05:99:09:8e:39:66:13:8d:91:fe:05:12:c7:99:6a:2f:
38:5e:58:2f:5d:0c:54:14:6b:c9:8a:dc:c2:21:ce:44:38:09:
f3:13:96:23:12:a6:fc:24:a1:bc:8c:7e:65:9c:1f:e3:f9:58:
a4:42:b7:20:97:29:c6:f2:b7:61:d2:67:25:ba:bb:c0:79:00:
69:e1:30:6d:46:1d:ee:6e:44:ee:7d:9a:35:ef:bb:41:b4:ac:
e0:78:9e:ef:c5:e4:19:09:05:22:0d:06:b3:16:52:df:90:fc:
d5:fb:6f:52:bd:44:55:13:4b:86:81:0b:a9:75:74:64:33:32:
8f:98:a8:50
-----BEGIN CERTIFICATE-----
MIIEuDCCA6CgAwIBAgIBZjANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMx
EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwOTE5
MjMxNjM0WhcNMTkwNjE2MjMxNjM0WjCBmDELMAkGA1UEBhMCVVMxEzARBgNVBAgM
Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg
SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFDASBgNVBAMMC1NlcnZlciAxIENB
MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAwJUI4VdB8nFtt9JFQScBZcZFrvK8JDC4lc4vTtb2
HIi8fJ/7qGd//lycUXX3isoH5zUvj+G9e8AvfKtkqBf8yl17uuAh5XIuby6G2JVz
2qwbU7lfP9cZDSVP4WNjUYsLZD+tQ7ilHFw0s64AoGPF9n8LWWh4c6aMGKkCba/D
GQEuuBDjxsxAtGmjRjNph27Euxem8+jdrXO8ey8htf1mUQy9VLPhbV8cvCNz0QkD
iRTSELlkwyrQoZZKvOHUGlvHoMDBY3gPRDcwMpaAMiOVoXe6E9KXc+JdJclqDcM5
YKS0sGlCQgnp2Ai8MyCzWCKnquvE4eZhg8XSlt/Z0E+t1wIDAQABo4IBDTCCAQkw
HQYDVR0OBBYEFLMRMsmSmITiyfjQO24DQsofDo48MIHJBgNVHSMEgcEwgb6AFCeO
ZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJVUzEQMA4GA1UE
CAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3dG9vdGgx
EzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEf
MB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJALe2kDNmG2sjMA8GA1Ud
EwQIMAYBAf8CAQEwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCD/dSq
Xbq9VUp2gAt7+6xhRuXnDSwrhdNqr0BM8VErfYtSzndOczmyd3mVpkm5jMOZjdVx
9DPK3FqBerPsHpfuyLjH7H6RdFwKeOPbpG+QaUxKqEzNlvOOlDGGSLR3CsbujUPJ
LhGGTA1n4ItM0oSdGIjvkzS7aZPAlqDRT7d+qAWZCY45ZhONkf4FEseZai84Xlgv
XQxUFGvJitzCIc5EOAnzE5YjEqb8JKG8jH5lnB/j+VikQrcglynG8rdh0mclurvA
eQBp4TBtRh3ubkTufZo177tBtKzgeJ7vxeQZCQUiDQazFlLfkPzV+29SvURVE0uG
gQupdXRkMzKPmKhQ
-----END CERTIFICATE-----

89
certs/test-pathlen/server-127-ca.pem Normal file
View File

@@ -0,0 +1,89 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 106 (0x6a)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
Not Before: Sep 19 23:24:16 2016 GMT
Not After : Jun 16 23:24:16 2019 GMT
Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 127 CA/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
ad:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
X509v3 Authority Key Identifier:
keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:B7:B6:90:33:66:1B:6B:23
X509v3 Basic Constraints:
CA:TRUE, pathlen:127
X509v3 Key Usage:
Certificate Sign, CRL Sign
Signature Algorithm: sha1WithRSAEncryption
34:c3:f2:9a:80:df:5c:8a:b4:c1:08:f5:c6:72:a2:74:90:1d:
e9:f9:7a:e7:6e:3b:df:be:01:28:6b:10:ee:5f:9d:8d:5b:7a:
fc:40:12:7f:b6:bb:ac:d9:07:73:78:d0:4f:53:5d:f8:c3:50:
ba:f7:76:a2:e5:12:fa:8f:01:24:a2:b7:8a:e4:6c:0b:62:51:
37:39:4a:90:eb:11:16:26:58:44:ed:3f:41:57:8e:32:7a:e4:
85:a7:ce:44:d2:46:28:9e:29:34:9b:16:a5:17:ef:56:11:0a:
60:b8:88:7c:3e:ed:ec:5e:57:5f:b1:b9:b7:55:38:a0:ea:04:
58:22:04:7e:30:f3:40:33:a1:cd:3f:24:72:7b:a4:b4:2d:b5:
96:b3:80:7a:48:85:83:3c:6e:55:43:7c:13:d3:5e:f8:70:32:
da:5a:78:db:d0:54:54:9c:e9:38:05:da:7c:ac:bb:ec:79:cf:
3e:56:32:ce:29:31:70:07:9a:c7:b4:00:02:33:af:1b:ce:7c:
16:ff:8b:c0:8b:80:1e:0d:c7:d4:07:95:49:d4:9a:ed:55:b6:
1f:bd:e7:77:b9:fa:af:29:6a:49:79:02:3c:b9:ea:6c:68:c3:
ef:ca:40:27:d0:15:d0:da:31:9c:2f:3d:a5:66:e3:f8:a4:98:
d5:00:5f:b2
-----BEGIN CERTIFICATE-----
MIIEujCCA6KgAwIBAgIBajANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMx
EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwOTE5
MjMyNDE2WhcNMTkwNjE2MjMyNDE2WjCBmjELMAkGA1UEBhMCVVMxEzARBgNVBAgM
Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg
SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFjAUBgNVBAMMDVNlcnZlciAxMjcg
Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDAlQjhV0HycW230kVBJwFlxkWu8rwkMLiVzi9O
1vYciLx8n/uoZ3/+XJxRdfeKygfnNS+P4b17wC98q2SoF/zKXXu64CHlci5vLobY
lXParBtTuV8/1xkNJU/hY2NRiwtkP61DuKUcXDSzrgCgY8X2fwtZaHhzpowYqQJt
r8MZAS64EOPGzEC0aaNGM2mHbsS7F6bz6N2tc7x7LyG1/WZRDL1Us+FtXxy8I3PR
CQOJFNIQuWTDKtChlkq84dQaW8egwMFjeA9ENzAyloAyI5Whd7oT0pdz4l0lyWoN
wzlgpLSwaUJCCenYCLwzILNYIqeq68Th5mGDxdKW39nQT63XAgMBAAGjggENMIIB
CTAdBgNVHQ4EFgQUsxEyyZKYhOLJ+NA7bgNCyh8OjjwwgckGA1UdIwSBwTCBvoAU
J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD
VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290
aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAt7aQM2YbayMwDwYD
VR0TBAgwBgEB/wIBfzALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBADTD
8pqA31yKtMEI9cZyonSQHen5euduO9++AShrEO5fnY1bevxAEn+2u6zZB3N40E9T
XfjDULr3dqLlEvqPASSit4rkbAtiUTc5SpDrERYmWETtP0FXjjJ65IWnzkTSRiie
KTSbFqUX71YRCmC4iHw+7exeV1+xubdVOKDqBFgiBH4w80Azoc0/JHJ7pLQttZaz
gHpIhYM8blVDfBPTXvhwMtpaeNvQVFSc6TgF2nysu+x5zz5WMs4pMXAHmse0AAIz
rxvOfBb/i8CLgB4Nx9QHlUnUmu1Vth+953e5+q8pakl5Ajy56mxow+/KQCfQFdDa
MZwvPaVm4/ikmNUAX7I=
-----END CERTIFICATE-----

86
certs/test-pathlen/server-127-cert.pem Normal file
View File

@@ -0,0 +1,86 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 107 (0x6b)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 127 CA/emailAddress=info@wolfssl.com
Validity
Not Before: Sep 20 00:09:11 2016 GMT
Not After : Jun 17 00:09:11 2019 GMT
Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 127/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
ad:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
X509v3 Authority Key Identifier:
keyid:B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:6A
X509v3 Basic Constraints:
CA:FALSE
Signature Algorithm: sha1WithRSAEncryption
65:05:63:43:5f:91:a4:54:31:3e:e8:55:ac:7b:b2:57:c2:f2:
2e:3d:f2:53:cf:13:b5:35:7c:b6:f9:a7:86:e2:41:aa:14:6a:
65:69:17:fb:02:39:7c:31:78:80:9a:0d:27:10:9a:7c:2c:17:
30:03:32:6a:3f:06:fa:19:02:83:91:71:4d:50:e0:55:17:ed:
ec:62:3b:29:51:2e:c9:9a:75:3b:91:f9:bc:d0:2d:4f:ff:30:
d8:1d:b6:7e:8e:39:70:a1:c9:d1:f7:a3:81:a5:7c:5d:e4:e0:
cf:43:60:a1:c0:b8:e7:16:ed:43:6d:b2:09:cd:bc:51:57:f0:
73:a2:cb:03:b6:c7:56:97:96:c6:8c:93:aa:44:3d:62:0c:b5:
ca:b8:65:1b:98:8f:ad:98:9e:9b:2e:83:0d:e6:d0:76:d8:c5:
5c:4a:9e:40:88:65:c0:0e:bc:5c:87:dd:c1:e0:51:b7:8b:d5:
73:da:8d:83:0d:16:60:a3:ff:f4:7c:4a:85:bb:a1:81:f5:9e:
5d:f8:e7:d6:9d:6a:5b:9d:2b:f8:3d:02:16:ff:b9:6a:60:c9:
64:40:5d:9c:37:a4:b8:ee:82:52:5c:db:07:5f:04:98:4a:f2:
ec:6c:86:50:9c:a0:99:5b:24:9a:d9:7d:1f:5d:f3:7e:47:59:
10:48:f5:2a
-----BEGIN CERTIFICATE-----
MIIEoDCCA4igAwIBAgIBazANBgkqhkiG9w0BAQUFADCBmjELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFjAUBgNVBAMMDVNl
cnZlciAxMjcgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcN
MTYwOTIwMDAwOTExWhcNMTkwNjE3MDAwOTExWjCBlzELMAkGA1UEBhMCVVMxEzAR
BgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdv
bGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxEzARBgNVBAMMClNlcnZl
ciAxMjcxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAlQjhV0HycW230kVBJwFlxkWu8rwkMLiV
zi9O1vYciLx8n/uoZ3/+XJxRdfeKygfnNS+P4b17wC98q2SoF/zKXXu64CHlci5v
LobYlXParBtTuV8/1xkNJU/hY2NRiwtkP61DuKUcXDSzrgCgY8X2fwtZaHhzpowY
qQJtr8MZAS64EOPGzEC0aaNGM2mHbsS7F6bz6N2tc7x7LyG1/WZRDL1Us+FtXxy8
I3PRCQOJFNIQuWTDKtChlkq84dQaW8egwMFjeA9ENzAyloAyI5Whd7oT0pdz4l0l
yWoNwzlgpLSwaUJCCenYCLwzILNYIqeq68Th5mGDxdKW39nQT63XAgMBAAGjgfEw
ge4wHQYDVR0OBBYEFLMRMsmSmITiyfjQO24DQsofDo48MIHBBgNVHSMEgbkwgbaA
FLMRMsmSmITiyfjQO24DQsofDo48oYGapIGXMIGUMQswCQYDVQQGEwJVUzEQMA4G
A1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3dG9v
dGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNv
bTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIBajAJBgNVHRMEAjAA
MA0GCSqGSIb3DQEBBQUAA4IBAQBlBWNDX5GkVDE+6FWse7JXwvIuPfJTzxO1NXy2
+aeG4kGqFGplaRf7Ajl8MXiAmg0nEJp8LBcwAzJqPwb6GQKDkXFNUOBVF+3sYjsp
US7JmnU7kfm80C1P/zDYHbZ+jjlwocnR96OBpXxd5ODPQ2ChwLjnFu1DbbIJzbxR
V/BzossDtsdWl5bGjJOqRD1iDLXKuGUbmI+tmJ6bLoMN5tB22MVcSp5AiGXADrxc
h93B4FG3i9Vz2o2DDRZgo//0fEqFu6GB9Z5d+OfWnWpbnSv4PQIW/7lqYMlkQF2c
N6S47oJSXNsHXwSYSvLsbIZQnKCZWySa2X0fXfN+R1kQSPUq
-----END CERTIFICATE-----

175
certs/test-pathlen/server-127-chain.pem Normal file
View File

@@ -0,0 +1,175 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 107 (0x6b)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 127 CA/emailAddress=info@wolfssl.com
Validity
Not Before: Sep 20 00:09:11 2016 GMT
Not After : Jun 17 00:09:11 2019 GMT
Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 127/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
ad:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
X509v3 Authority Key Identifier:
keyid:B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:6A
X509v3 Basic Constraints:
CA:FALSE
Signature Algorithm: sha1WithRSAEncryption
65:05:63:43:5f:91:a4:54:31:3e:e8:55:ac:7b:b2:57:c2:f2:
2e:3d:f2:53:cf:13:b5:35:7c:b6:f9:a7:86:e2:41:aa:14:6a:
65:69:17:fb:02:39:7c:31:78:80:9a:0d:27:10:9a:7c:2c:17:
30:03:32:6a:3f:06:fa:19:02:83:91:71:4d:50:e0:55:17:ed:
ec:62:3b:29:51:2e:c9:9a:75:3b:91:f9:bc:d0:2d:4f:ff:30:
d8:1d:b6:7e:8e:39:70:a1:c9:d1:f7:a3:81:a5:7c:5d:e4:e0:
cf:43:60:a1:c0:b8:e7:16:ed:43:6d:b2:09:cd:bc:51:57:f0:
73:a2:cb:03:b6:c7:56:97:96:c6:8c:93:aa:44:3d:62:0c:b5:
ca:b8:65:1b:98:8f:ad:98:9e:9b:2e:83:0d:e6:d0:76:d8:c5:
5c:4a:9e:40:88:65:c0:0e:bc:5c:87:dd:c1:e0:51:b7:8b:d5:
73:da:8d:83:0d:16:60:a3:ff:f4:7c:4a:85:bb:a1:81:f5:9e:
5d:f8:e7:d6:9d:6a:5b:9d:2b:f8:3d:02:16:ff:b9:6a:60:c9:
64:40:5d:9c:37:a4:b8:ee:82:52:5c:db:07:5f:04:98:4a:f2:
ec:6c:86:50:9c:a0:99:5b:24:9a:d9:7d:1f:5d:f3:7e:47:59:
10:48:f5:2a
-----BEGIN CERTIFICATE-----
MIIEoDCCA4igAwIBAgIBazANBgkqhkiG9w0BAQUFADCBmjELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFjAUBgNVBAMMDVNl
cnZlciAxMjcgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcN
MTYwOTIwMDAwOTExWhcNMTkwNjE3MDAwOTExWjCBlzELMAkGA1UEBhMCVVMxEzAR
BgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdv
bGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxEzARBgNVBAMMClNlcnZl
ciAxMjcxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAlQjhV0HycW230kVBJwFlxkWu8rwkMLiV
zi9O1vYciLx8n/uoZ3/+XJxRdfeKygfnNS+P4b17wC98q2SoF/zKXXu64CHlci5v
LobYlXParBtTuV8/1xkNJU/hY2NRiwtkP61DuKUcXDSzrgCgY8X2fwtZaHhzpowY
qQJtr8MZAS64EOPGzEC0aaNGM2mHbsS7F6bz6N2tc7x7LyG1/WZRDL1Us+FtXxy8
I3PRCQOJFNIQuWTDKtChlkq84dQaW8egwMFjeA9ENzAyloAyI5Whd7oT0pdz4l0l
yWoNwzlgpLSwaUJCCenYCLwzILNYIqeq68Th5mGDxdKW39nQT63XAgMBAAGjgfEw
ge4wHQYDVR0OBBYEFLMRMsmSmITiyfjQO24DQsofDo48MIHBBgNVHSMEgbkwgbaA
FLMRMsmSmITiyfjQO24DQsofDo48oYGapIGXMIGUMQswCQYDVQQGEwJVUzEQMA4G
A1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3dG9v
dGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNv
bTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIBajAJBgNVHRMEAjAA
MA0GCSqGSIb3DQEBBQUAA4IBAQBlBWNDX5GkVDE+6FWse7JXwvIuPfJTzxO1NXy2
+aeG4kGqFGplaRf7Ajl8MXiAmg0nEJp8LBcwAzJqPwb6GQKDkXFNUOBVF+3sYjsp
US7JmnU7kfm80C1P/zDYHbZ+jjlwocnR96OBpXxd5ODPQ2ChwLjnFu1DbbIJzbxR
V/BzossDtsdWl5bGjJOqRD1iDLXKuGUbmI+tmJ6bLoMN5tB22MVcSp5AiGXADrxc
h93B4FG3i9Vz2o2DDRZgo//0fEqFu6GB9Z5d+OfWnWpbnSv4PQIW/7lqYMlkQF2c
N6S47oJSXNsHXwSYSvLsbIZQnKCZWySa2X0fXfN+R1kQSPUq
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 106 (0x6a)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
Not Before: Sep 19 23:24:16 2016 GMT
Not After : Jun 16 23:24:16 2019 GMT
Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 127 CA/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
ad:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
X509v3 Authority Key Identifier:
keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:B7:B6:90:33:66:1B:6B:23
X509v3 Basic Constraints:
CA:TRUE, pathlen:127
X509v3 Key Usage:
Certificate Sign, CRL Sign
Signature Algorithm: sha1WithRSAEncryption
34:c3:f2:9a:80:df:5c:8a:b4:c1:08:f5:c6:72:a2:74:90:1d:
e9:f9:7a:e7:6e:3b:df:be:01:28:6b:10:ee:5f:9d:8d:5b:7a:
fc:40:12:7f:b6:bb:ac:d9:07:73:78:d0:4f:53:5d:f8:c3:50:
ba:f7:76:a2:e5:12:fa:8f:01:24:a2:b7:8a:e4:6c:0b:62:51:
37:39:4a:90:eb:11:16:26:58:44:ed:3f:41:57:8e:32:7a:e4:
85:a7:ce:44:d2:46:28:9e:29:34:9b:16:a5:17:ef:56:11:0a:
60:b8:88:7c:3e:ed:ec:5e:57:5f:b1:b9:b7:55:38:a0:ea:04:
58:22:04:7e:30:f3:40:33:a1:cd:3f:24:72:7b:a4:b4:2d:b5:
96:b3:80:7a:48:85:83:3c:6e:55:43:7c:13:d3:5e:f8:70:32:
da:5a:78:db:d0:54:54:9c:e9:38:05:da:7c:ac:bb:ec:79:cf:
3e:56:32:ce:29:31:70:07:9a:c7:b4:00:02:33:af:1b:ce:7c:
16:ff:8b:c0:8b:80:1e:0d:c7:d4:07:95:49:d4:9a:ed:55:b6:
1f:bd:e7:77:b9:fa:af:29:6a:49:79:02:3c:b9:ea:6c:68:c3:
ef:ca:40:27:d0:15:d0:da:31:9c:2f:3d:a5:66:e3:f8:a4:98:
d5:00:5f:b2
-----BEGIN CERTIFICATE-----
MIIEujCCA6KgAwIBAgIBajANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMx
EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwOTE5
MjMyNDE2WhcNMTkwNjE2MjMyNDE2WjCBmjELMAkGA1UEBhMCVVMxEzARBgNVBAgM
Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg
SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFjAUBgNVBAMMDVNlcnZlciAxMjcg
Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDAlQjhV0HycW230kVBJwFlxkWu8rwkMLiVzi9O
1vYciLx8n/uoZ3/+XJxRdfeKygfnNS+P4b17wC98q2SoF/zKXXu64CHlci5vLobY
lXParBtTuV8/1xkNJU/hY2NRiwtkP61DuKUcXDSzrgCgY8X2fwtZaHhzpowYqQJt
r8MZAS64EOPGzEC0aaNGM2mHbsS7F6bz6N2tc7x7LyG1/WZRDL1Us+FtXxy8I3PR
CQOJFNIQuWTDKtChlkq84dQaW8egwMFjeA9ENzAyloAyI5Whd7oT0pdz4l0lyWoN
wzlgpLSwaUJCCenYCLwzILNYIqeq68Th5mGDxdKW39nQT63XAgMBAAGjggENMIIB
CTAdBgNVHQ4EFgQUsxEyyZKYhOLJ+NA7bgNCyh8OjjwwgckGA1UdIwSBwTCBvoAU
J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD
VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290
aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAt7aQM2YbayMwDwYD
VR0TBAgwBgEB/wIBfzALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBADTD
8pqA31yKtMEI9cZyonSQHen5euduO9++AShrEO5fnY1bevxAEn+2u6zZB3N40E9T
XfjDULr3dqLlEvqPASSit4rkbAtiUTc5SpDrERYmWETtP0FXjjJ65IWnzkTSRiie
KTSbFqUX71YRCmC4iHw+7exeV1+xubdVOKDqBFgiBH4w80Azoc0/JHJ7pLQttZaz
gHpIhYM8blVDfBPTXvhwMtpaeNvQVFSc6TgF2nysu+x5zz5WMs4pMXAHmse0AAIz
rxvOfBb/i8CLgB4Nx9QHlUnUmu1Vth+953e5+q8pakl5Ajy56mxow+/KQCfQFdDa
MZwvPaVm4/ikmNUAX7I=
-----END CERTIFICATE-----

89
certs/test-pathlen/server-128-ca.pem Normal file
View File

@@ -0,0 +1,89 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 108 (0x6c)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
Not Before: Sep 19 23:25:55 2016 GMT
Not After : Jun 16 23:25:55 2019 GMT
Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 128 CA/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
ad:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
X509v3 Authority Key Identifier:
keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:B7:B6:90:33:66:1B:6B:23
X509v3 Basic Constraints:
CA:TRUE, pathlen:128
X509v3 Key Usage:
Certificate Sign, CRL Sign
Signature Algorithm: sha1WithRSAEncryption
2c:4e:94:b0:f6:75:cc:c4:9e:b5:68:56:f6:af:57:00:aa:74:
99:59:6e:a8:de:d1:31:79:8a:b2:0c:42:d1:84:42:e4:89:7a:
65:d1:cb:3f:fe:10:0c:ab:3a:89:a2:34:67:2d:43:cd:c1:09:
80:b5:79:8c:0c:d8:2e:aa:c9:4c:89:59:0b:4a:1f:cd:f3:7c:
c1:7b:9e:26:7e:ea:c6:cd:de:b5:74:10:54:ee:0f:8f:85:5e:
1a:9d:61:59:80:ac:f1:b8:be:a3:7e:57:41:62:6f:c4:30:18:
92:cb:75:a2:fa:97:b7:90:db:ab:4f:b3:0d:05:cc:a9:e6:b8:
b2:57:2d:b8:b6:85:bf:98:7d:43:d1:82:11:3e:ca:8d:2f:b0:
5f:0d:d2:29:70:30:02:08:3a:38:bc:c9:e9:6c:59:7f:17:7b:
97:9a:96:9a:f4:bf:6e:e3:44:70:ac:95:f8:5a:08:74:b4:5f:
35:17:5e:da:77:3b:49:22:1f:9e:1d:1f:da:30:3f:69:6a:61:
57:8b:59:b0:4b:50:c2:22:bd:6b:79:b3:a4:7b:11:00:34:cf:
a9:fc:ad:99:a0:33:5c:1e:45:ab:d8:a7:71:11:c6:3a:f4:cb:
b5:67:85:0d:34:46:fa:f0:76:4b:51:12:6b:3a:fd:25:30:f6:
65:5a:61:ef
-----BEGIN CERTIFICATE-----
MIIEuzCCA6OgAwIBAgIBbDANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMx
EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwOTE5
MjMyNTU1WhcNMTkwNjE2MjMyNTU1WjCBmjELMAkGA1UEBhMCVVMxEzARBgNVBAgM
Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg
SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFjAUBgNVBAMMDVNlcnZlciAxMjgg
Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDAlQjhV0HycW230kVBJwFlxkWu8rwkMLiVzi9O
1vYciLx8n/uoZ3/+XJxRdfeKygfnNS+P4b17wC98q2SoF/zKXXu64CHlci5vLobY
lXParBtTuV8/1xkNJU/hY2NRiwtkP61DuKUcXDSzrgCgY8X2fwtZaHhzpowYqQJt
r8MZAS64EOPGzEC0aaNGM2mHbsS7F6bz6N2tc7x7LyG1/WZRDL1Us+FtXxy8I3PR
CQOJFNIQuWTDKtChlkq84dQaW8egwMFjeA9ENzAyloAyI5Whd7oT0pdz4l0lyWoN
wzlgpLSwaUJCCenYCLwzILNYIqeq68Th5mGDxdKW39nQT63XAgMBAAGjggEOMIIB
CjAdBgNVHQ4EFgQUsxEyyZKYhOLJ+NA7bgNCyh8OjjwwgckGA1UdIwSBwTCBvoAU
J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD
VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290
aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAt7aQM2YbayMwEAYD
VR0TBAkwBwEB/wICAIAwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQAs
TpSw9nXMxJ61aFb2r1cAqnSZWW6o3tExeYqyDELRhELkiXpl0cs//hAMqzqJojRn
LUPNwQmAtXmMDNguqslMiVkLSh/N83zBe54mfurGzd61dBBU7g+PhV4anWFZgKzx
uL6jfldBYm/EMBiSy3Wi+pe3kNurT7MNBcyp5riyVy24toW/mH1D0YIRPsqNL7Bf
DdIpcDACCDo4vMnpbFl/F3uXmpaa9L9u40RwrJX4Wgh0tF81F17adztJIh+eHR/a
MD9pamFXi1mwS1DCIr1rebOkexEANM+p/K2ZoDNcHkWr2KdxEcY69Mu1Z4UNNEb6
8HZLURJrOv0lMPZlWmHv
-----END CERTIFICATE-----

86
certs/test-pathlen/server-128-cert.pem Normal file
View File

@@ -0,0 +1,86 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 109 (0x6d)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 128 CA/emailAddress=info@wolfssl.com
Validity
Not Before: Sep 20 00:10:39 2016 GMT
Not After : Jun 17 00:10:39 2019 GMT
Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 128/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
ad:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
X509v3 Authority Key Identifier:
keyid:B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:6C
X509v3 Basic Constraints:
CA:FALSE
Signature Algorithm: sha1WithRSAEncryption
b5:8d:6e:c1:2f:26:fb:25:f5:48:99:97:42:b0:20:22:73:3a:
37:96:f4:f5:33:ae:10:10:51:2c:8b:30:2e:de:27:0d:f5:68:
b8:fd:4c:28:59:5a:ec:e5:31:7e:83:97:37:96:26:09:88:d1:
19:46:48:74:59:d1:4e:4a:f6:bf:f5:ea:1b:3b:99:d4:aa:7c:
46:60:f5:38:43:a2:2b:a7:d9:b5:30:cb:a5:2b:5a:de:68:a5:
9f:8c:3b:d6:6e:b2:0a:6f:3f:df:88:fe:70:83:d2:21:58:c0:
53:89:da:a0:33:9d:1d:f7:a1:88:d3:18:ac:9c:2a:18:45:68:
37:af:46:85:1a:1c:4c:bf:8c:b0:1a:c6:3e:3e:98:2e:9e:26:
6d:1c:8a:db:15:d2:5e:28:48:cc:07:9d:1d:e1:7d:89:b5:7a:
13:b1:5a:b3:03:3f:77:c4:21:7b:d2:2a:96:24:3c:d9:65:76:
42:e5:cb:20:30:d3:17:bc:f9:8d:dd:e4:63:ae:2a:13:0f:3c:
df:c5:86:dd:d4:db:79:50:6f:88:b8:58:bd:6f:09:2b:c5:21:
bd:1e:a0:9c:e8:97:6b:cb:c8:9a:8e:09:ac:8e:5a:72:ed:d7:
b0:d0:7f:85:b0:91:73:e4:2b:28:e1:a1:6d:3f:2a:8f:ea:d1:
df:57:64:25
-----BEGIN CERTIFICATE-----
MIIEoDCCA4igAwIBAgIBbTANBgkqhkiG9w0BAQUFADCBmjELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFjAUBgNVBAMMDVNl
cnZlciAxMjggQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcN
MTYwOTIwMDAxMDM5WhcNMTkwNjE3MDAxMDM5WjCBlzELMAkGA1UEBhMCVVMxEzAR
BgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdv
bGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxEzARBgNVBAMMClNlcnZl
ciAxMjgxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAlQjhV0HycW230kVBJwFlxkWu8rwkMLiV
zi9O1vYciLx8n/uoZ3/+XJxRdfeKygfnNS+P4b17wC98q2SoF/zKXXu64CHlci5v
LobYlXParBtTuV8/1xkNJU/hY2NRiwtkP61DuKUcXDSzrgCgY8X2fwtZaHhzpowY
qQJtr8MZAS64EOPGzEC0aaNGM2mHbsS7F6bz6N2tc7x7LyG1/WZRDL1Us+FtXxy8
I3PRCQOJFNIQuWTDKtChlkq84dQaW8egwMFjeA9ENzAyloAyI5Whd7oT0pdz4l0l
yWoNwzlgpLSwaUJCCenYCLwzILNYIqeq68Th5mGDxdKW39nQT63XAgMBAAGjgfEw
ge4wHQYDVR0OBBYEFLMRMsmSmITiyfjQO24DQsofDo48MIHBBgNVHSMEgbkwgbaA
FLMRMsmSmITiyfjQO24DQsofDo48oYGapIGXMIGUMQswCQYDVQQGEwJVUzEQMA4G
A1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3dG9v
dGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNv
bTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIBbDAJBgNVHRMEAjAA
MA0GCSqGSIb3DQEBBQUAA4IBAQC1jW7BLyb7JfVImZdCsCAiczo3lvT1M64QEFEs
izAu3icN9Wi4/UwoWVrs5TF+g5c3liYJiNEZRkh0WdFOSva/9eobO5nUqnxGYPU4
Q6Irp9m1MMulK1reaKWfjDvWbrIKbz/fiP5wg9IhWMBTidqgM50d96GI0xisnCoY
RWg3r0aFGhxMv4ywGsY+PpguniZtHIrbFdJeKEjMB50d4X2JtXoTsVqzAz93xCF7
0iqWJDzZZXZC5csgMNMXvPmN3eRjrioTDzzfxYbd1Nt5UG+IuFi9bwkrxSG9HqCc
6Jdry8iajgmsjlpy7dew0H+FsJFz5Cso4aFtPyqP6tHfV2Ql
-----END CERTIFICATE-----

175
certs/test-pathlen/server-128-chain.pem Normal file
View File

@@ -0,0 +1,175 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 109 (0x6d)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 128 CA/emailAddress=info@wolfssl.com
Validity
Not Before: Sep 20 00:10:39 2016 GMT
Not After : Jun 17 00:10:39 2019 GMT
Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 128/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
ad:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
X509v3 Authority Key Identifier:
keyid:B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:6C
X509v3 Basic Constraints:
CA:FALSE
Signature Algorithm: sha1WithRSAEncryption
b5:8d:6e:c1:2f:26:fb:25:f5:48:99:97:42:b0:20:22:73:3a:
37:96:f4:f5:33:ae:10:10:51:2c:8b:30:2e:de:27:0d:f5:68:
b8:fd:4c:28:59:5a:ec:e5:31:7e:83:97:37:96:26:09:88:d1:
19:46:48:74:59:d1:4e:4a:f6:bf:f5:ea:1b:3b:99:d4:aa:7c:
46:60:f5:38:43:a2:2b:a7:d9:b5:30:cb:a5:2b:5a:de:68:a5:
9f:8c:3b:d6:6e:b2:0a:6f:3f:df:88:fe:70:83:d2:21:58:c0:
53:89:da:a0:33:9d:1d:f7:a1:88:d3:18:ac:9c:2a:18:45:68:
37:af:46:85:1a:1c:4c:bf:8c:b0:1a:c6:3e:3e:98:2e:9e:26:
6d:1c:8a:db:15:d2:5e:28:48:cc:07:9d:1d:e1:7d:89:b5:7a:
13:b1:5a:b3:03:3f:77:c4:21:7b:d2:2a:96:24:3c:d9:65:76:
42:e5:cb:20:30:d3:17:bc:f9:8d:dd:e4:63:ae:2a:13:0f:3c:
df:c5:86:dd:d4:db:79:50:6f:88:b8:58:bd:6f:09:2b:c5:21:
bd:1e:a0:9c:e8:97:6b:cb:c8:9a:8e:09:ac:8e:5a:72:ed:d7:
b0:d0:7f:85:b0:91:73:e4:2b:28:e1:a1:6d:3f:2a:8f:ea:d1:
df:57:64:25
-----BEGIN CERTIFICATE-----
MIIEoDCCA4igAwIBAgIBbTANBgkqhkiG9w0BAQUFADCBmjELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFjAUBgNVBAMMDVNl
cnZlciAxMjggQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcN
MTYwOTIwMDAxMDM5WhcNMTkwNjE3MDAxMDM5WjCBlzELMAkGA1UEBhMCVVMxEzAR
BgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdv
bGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxEzARBgNVBAMMClNlcnZl
ciAxMjgxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAlQjhV0HycW230kVBJwFlxkWu8rwkMLiV
zi9O1vYciLx8n/uoZ3/+XJxRdfeKygfnNS+P4b17wC98q2SoF/zKXXu64CHlci5v
LobYlXParBtTuV8/1xkNJU/hY2NRiwtkP61DuKUcXDSzrgCgY8X2fwtZaHhzpowY
qQJtr8MZAS64EOPGzEC0aaNGM2mHbsS7F6bz6N2tc7x7LyG1/WZRDL1Us+FtXxy8
I3PRCQOJFNIQuWTDKtChlkq84dQaW8egwMFjeA9ENzAyloAyI5Whd7oT0pdz4l0l
yWoNwzlgpLSwaUJCCenYCLwzILNYIqeq68Th5mGDxdKW39nQT63XAgMBAAGjgfEw
ge4wHQYDVR0OBBYEFLMRMsmSmITiyfjQO24DQsofDo48MIHBBgNVHSMEgbkwgbaA
FLMRMsmSmITiyfjQO24DQsofDo48oYGapIGXMIGUMQswCQYDVQQGEwJVUzEQMA4G
A1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3dG9v
dGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNv
bTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIBbDAJBgNVHRMEAjAA
MA0GCSqGSIb3DQEBBQUAA4IBAQC1jW7BLyb7JfVImZdCsCAiczo3lvT1M64QEFEs
izAu3icN9Wi4/UwoWVrs5TF+g5c3liYJiNEZRkh0WdFOSva/9eobO5nUqnxGYPU4
Q6Irp9m1MMulK1reaKWfjDvWbrIKbz/fiP5wg9IhWMBTidqgM50d96GI0xisnCoY
RWg3r0aFGhxMv4ywGsY+PpguniZtHIrbFdJeKEjMB50d4X2JtXoTsVqzAz93xCF7
0iqWJDzZZXZC5csgMNMXvPmN3eRjrioTDzzfxYbd1Nt5UG+IuFi9bwkrxSG9HqCc
6Jdry8iajgmsjlpy7dew0H+FsJFz5Cso4aFtPyqP6tHfV2Ql
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 108 (0x6c)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
Not Before: Sep 19 23:25:55 2016 GMT
Not After : Jun 16 23:25:55 2019 GMT
Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 128 CA/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
ad:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
X509v3 Authority Key Identifier:
keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:B7:B6:90:33:66:1B:6B:23
X509v3 Basic Constraints:
CA:TRUE, pathlen:128
X509v3 Key Usage:
Certificate Sign, CRL Sign
Signature Algorithm: sha1WithRSAEncryption
2c:4e:94:b0:f6:75:cc:c4:9e:b5:68:56:f6:af:57:00:aa:74:
99:59:6e:a8:de:d1:31:79:8a:b2:0c:42:d1:84:42:e4:89:7a:
65:d1:cb:3f:fe:10:0c:ab:3a:89:a2:34:67:2d:43:cd:c1:09:
80:b5:79:8c:0c:d8:2e:aa:c9:4c:89:59:0b:4a:1f:cd:f3:7c:
c1:7b:9e:26:7e:ea:c6:cd:de:b5:74:10:54:ee:0f:8f:85:5e:
1a:9d:61:59:80:ac:f1:b8:be:a3:7e:57:41:62:6f:c4:30:18:
92:cb:75:a2:fa:97:b7:90:db:ab:4f:b3:0d:05:cc:a9:e6:b8:
b2:57:2d:b8:b6:85:bf:98:7d:43:d1:82:11:3e:ca:8d:2f:b0:
5f:0d:d2:29:70:30:02:08:3a:38:bc:c9:e9:6c:59:7f:17:7b:
97:9a:96:9a:f4:bf:6e:e3:44:70:ac:95:f8:5a:08:74:b4:5f:
35:17:5e:da:77:3b:49:22:1f:9e:1d:1f:da:30:3f:69:6a:61:
57:8b:59:b0:4b:50:c2:22:bd:6b:79:b3:a4:7b:11:00:34:cf:
a9:fc:ad:99:a0:33:5c:1e:45:ab:d8:a7:71:11:c6:3a:f4:cb:
b5:67:85:0d:34:46:fa:f0:76:4b:51:12:6b:3a:fd:25:30:f6:
65:5a:61:ef
-----BEGIN CERTIFICATE-----
MIIEuzCCA6OgAwIBAgIBbDANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMx
EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwOTE5
MjMyNTU1WhcNMTkwNjE2MjMyNTU1WjCBmjELMAkGA1UEBhMCVVMxEzARBgNVBAgM
Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg
SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFjAUBgNVBAMMDVNlcnZlciAxMjgg
Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDAlQjhV0HycW230kVBJwFlxkWu8rwkMLiVzi9O
1vYciLx8n/uoZ3/+XJxRdfeKygfnNS+P4b17wC98q2SoF/zKXXu64CHlci5vLobY
lXParBtTuV8/1xkNJU/hY2NRiwtkP61DuKUcXDSzrgCgY8X2fwtZaHhzpowYqQJt
r8MZAS64EOPGzEC0aaNGM2mHbsS7F6bz6N2tc7x7LyG1/WZRDL1Us+FtXxy8I3PR
CQOJFNIQuWTDKtChlkq84dQaW8egwMFjeA9ENzAyloAyI5Whd7oT0pdz4l0lyWoN
wzlgpLSwaUJCCenYCLwzILNYIqeq68Th5mGDxdKW39nQT63XAgMBAAGjggEOMIIB
CjAdBgNVHQ4EFgQUsxEyyZKYhOLJ+NA7bgNCyh8OjjwwgckGA1UdIwSBwTCBvoAU
J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD
VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290
aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAt7aQM2YbayMwEAYD
VR0TBAkwBwEB/wICAIAwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQAs
TpSw9nXMxJ61aFb2r1cAqnSZWW6o3tExeYqyDELRhELkiXpl0cs//hAMqzqJojRn
LUPNwQmAtXmMDNguqslMiVkLSh/N83zBe54mfurGzd61dBBU7g+PhV4anWFZgKzx
uL6jfldBYm/EMBiSy3Wi+pe3kNurT7MNBcyp5riyVy24toW/mH1D0YIRPsqNL7Bf
DdIpcDACCDo4vMnpbFl/F3uXmpaa9L9u40RwrJX4Wgh0tF81F17adztJIh+eHR/a
MD9pamFXi1mwS1DCIr1rebOkexEANM+p/K2ZoDNcHkWr2KdxEcY69Mu1Z4UNNEb6
8HZLURJrOv0lMPZlWmHv
-----END CERTIFICATE-----

2
commit-tests.sh
View File

@@ -23,7 +23,7 @@ RESULT=$?
# make sure full config is ok
echo -e "\n\nTesting full config as well...\n\n"
./configure --enable-opensslextra --enable-dh --enable-ecc --enable-dtls --enable-aesgcm --enable-aesccm --enable-hc128 --enable-sniffer --enable-psk --enable-rabbit --enable-camellia --enable-sha512 --enable-crl --enable-ocsp --enable-savesession --enable-savecert --enable-atomicuser --enable-pkcallbacks --enable-scep;
./configure --enable-opensslextra --enable-des3 --enable-dh --enable-ecc --enable-dtls --enable-aesgcm --enable-aesccm --enable-hc128 --enable-sniffer --enable-psk --enable-rabbit --enable-camellia --enable-sha512 --enable-crl --enable-ocsp --enable-savesession --enable-savecert --enable-atomicuser --enable-pkcallbacks --enable-scep;
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "\n\nFull config ./configure failed" && exit 1

370
configure.ac
View File

@@ -1,12 +1,12 @@
# configure.ac
#
# Copyright (C) 2006-2015 wolfSSL Inc.
# Copyright (C) 2006-2016 wolfSSL Inc.
#
# This file is part of wolfSSL. (formerly known as CyaSSL)
#
#
AC_INIT([wolfssl],[3.9.8],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
AC_INIT([wolfssl],[3.9.10],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
AC_CONFIG_AUX_DIR([build-aux])
@@ -35,7 +35,7 @@ AC_CONFIG_MACRO_DIR([m4])
AC_CONFIG_HEADERS([config.h:config.in])dnl Keep filename to 8.3 for MS-DOS.
#shared library versioning
WOLFSSL_LIBRARY_VERSION=7:0:4
WOLFSSL_LIBRARY_VERSION=8:0:5
# | | |
# +------+ | +---+
# | | |
@@ -125,6 +125,71 @@ AS_IF([test "$ax_enable_debug" = "yes"],
[AM_CFLAGS="$AM_CFLAGS -DNDEBUG"])
# Distro build feature subset (Debian, Ubuntu, etc.)
AC_ARG_ENABLE([distro],
[ --enable-distro Enable wolfSSL distro build (default: disabled)],
[ ENABLED_DISTRO=$enableval ],
[ ENABLED_DISTRO=no ]
)
if test "$ENABLED_DISTRO" = "yes"
then
enable_shared=yes
enable_static=yes
enable_dtls=yes
enable_openssh=yes
enable_opensslextra=yes
enable_savesession=yes
enable_savecert=yes
enable_atomicuser=yes
enable_pkcallbacks=yes
enable_aesgcm=yes
enable_aesccm=yes
enable_camellia=yes
enable_ripemd=yes
enable_sha512=yes
enable_sessioncerts=yes
enable_keygen=yes
enable_certgen=yes
enable_certreq=yes
enable_certext=yes
enable_sep=yes
enable_hkdf=yes
enable_dsa=yes
enable_ecccustcurves=yes
enable_compkey=yes
enable_curve25519=yes
enable_ed25519=yes
enable_fpecc=yes
enable_eccencrypt=yes
enable_psk=yes
enable_idea=yes
enable_cmac=yes
enable_webserver=yes
enable_hc128=yes
enable_rabbit=yes
enable_ocsp=yes
enable_ocspstapling=yes
enable_ocspstapling2=yes
enable_crl=yes
enable_crl_monitor=yes
enable_sni=yes
enable_maxfragment=yes
enable_alpn=yes
enable_truncatedhmac=yes
enable_supportedcurves=yes
enable_session_ticket=yes
enable_tlsx=yes
enable_pkcs7=yes
enable_scep=yes
enable_srp=yes
enable_certservice=yes
enable_jni=yes
enable_lighty=yes
enable_stunnel=yes
enable_pwdbased=yes
fi
# SINGLE THREADED
AC_ARG_ENABLE([singlethreaded],
[ --enable-singlethreaded Enable wolfSSL single threaded (default: disabled)],
@@ -156,6 +221,29 @@ then
fi
# DTLS-SCTP
AC_ARG_ENABLE([sctp],
[AS_HELP_STRING([--enable-sctp],[Enable wolfSSL DTLS-SCTP support (default: disabled)])],
[ENABLED_SCTP=$enableval],
[ENABLED_SCTP=no])
AM_CONDITIONAL([BUILD_SCTP], [test "x$ENABLED_SCTP" = "xyes"])
AS_IF([test "x$ENABLED_SCTP" = "xyes"],
[AC_MSG_CHECKING([for SCTP])
AC_RUN_IFELSE(
[AC_LANG_PROGRAM(
[[
#include <sys/socket.h>
#include <arpa/inet.h>
]],
[[int s = socket(AF_INET, SOCK_STREAM, IPPROTO_SCTP); if (s == -1) return 1;]])],
[AC_MSG_RESULT(yes)],
[AC_MSG_RESULT(no)
AC_MSG_ERROR([SCTP not available, remove enable-sctp from configure])])
])
# OpenSSH compatibility Build
AC_ARG_ENABLE([openssh],
[AS_HELP_STRING([--enable-openssh],[Enable OpenSSH compatibility build (default: disabled)])],
@@ -260,7 +348,7 @@ AC_ARG_ENABLE([leanpsk],
if test "$ENABLED_LEANPSK" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LEANPSK -DHAVE_NULL_CIPHER -DSINGLE_THREADED -DNO_AES -DNO_FILESYSTEM -DNO_RABBIT -DNO_RSA -DNO_DSA -DNO_DH -DNO_CERTS -DNO_PWDBASED -DNO_DES3 -DNO_MD4 -DNO_MD5 -DNO_ERROR_STRINGS -DNO_OLD_TLS -DNO_RC4 -DNO_WRITEV -DNO_SESSION_CACHE -DNO_DEV_RANDOM -DWOLFSSL_USER_IO -DNO_SHA -DUSE_SLOW_SHA"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LEANPSK -DWOLFSSL_STATIC_PSK -DHAVE_NULL_CIPHER -DSINGLE_THREADED -DNO_AES -DNO_FILESYSTEM -DNO_RABBIT -DNO_RSA -DNO_DSA -DNO_DH -DNO_CERTS -DNO_PWDBASED -DNO_MD4 -DNO_MD5 -DNO_ERROR_STRINGS -DNO_OLD_TLS -DNO_RC4 -DNO_WRITEV -DNO_SESSION_CACHE -DNO_DEV_RANDOM -DWOLFSSL_USER_IO -DNO_SHA -DUSE_SLOW_SHA"
ENABLED_SLOWMATH="no"
ENABLED_SINGLETHREADED="yes"
fi
@@ -277,7 +365,7 @@ AC_ARG_ENABLE([leantls],
if test "$ENABLED_LEANTLS" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LEANTLS -DNO_WRITEV -DHAVE_ECC -DTFM_ECC256 -DECC_USER_CURVES -DNO_WOLFSSL_SERVER -DNO_RABBIT -DNO_RSA -DNO_DSA -DNO_DH -DNO_PWDBASED -DNO_DES3 -DNO_MD5 -DNO_ERROR_STRINGS -DNO_OLD_TLS -DNO_RC4 -DNO_SESSION_CACHE -DNO_SHA -DUSE_SLOW_SHA -DUSE_SLOW_SHA2 -DNO_PSK -DNO_WOLFSSL_MEMORY"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LEANTLS -DNO_WRITEV -DHAVE_ECC -DTFM_ECC256 -DECC_USER_CURVES -DNO_WOLFSSL_SERVER -DNO_RABBIT -DNO_RSA -DNO_DSA -DNO_DH -DNO_PWDBASED -DNO_MD5 -DNO_ERROR_STRINGS -DNO_OLD_TLS -DNO_RC4 -DNO_SESSION_CACHE -DNO_SHA -DUSE_SLOW_SHA -DUSE_SLOW_SHA2 -DNO_PSK -DNO_WOLFSSL_MEMORY"
fi
AM_CONDITIONAL([BUILD_LEANTLS], [test "x$ENABLED_LEANTLS" = "xyes"])
@@ -454,6 +542,24 @@ fi
AM_CONDITIONAL([BUILD_AESCCM], [test "x$ENABLED_AESCCM" = "xyes"])
# AES-ARM
AC_ARG_ENABLE([armasm],
[AS_HELP_STRING([--enable-armasm],[Enable wolfSSL ARM ASM support (default: disabled)])],
[ ENABLED_ARMASM=$enableval ],
[ ENABLED_ARMASM=no ]
)
if test "$ENABLED_ARMASM" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM"
if test "$GCC" = "yes"
then
# GCC needs this flag
AM_CFLAGS="$AM_CFLAGS -mcpu=generic+crypto"
fi
fi
AM_CONDITIONAL([BUILD_ARMASM], [test "x$ENABLED_ARMASM" = "xyes"])
# AES-NI
AC_ARG_ENABLE([aesni],
[AS_HELP_STRING([--enable-aesni],[Enable wolfSSL AES-NI support (default: disabled)])],
@@ -1203,25 +1309,11 @@ fi
# DES3
AC_ARG_ENABLE([des3],
[ --enable-des3 Enable DES3 (default: enabled)],
[AS_HELP_STRING([--enable-des3],[Enable DES3 (default: disabled)])],
[ ENABLED_DES3=$enableval ],
[ ENABLED_DES3=yes ]
[ ENABLED_DES3=no ]
)
if test "$ENABLED_DES3" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_DES3"
else
# turn off DES3 if leanpsk or leantls on
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_DES3"
ENABLED_DES3=no
fi
fi
AM_CONDITIONAL([BUILD_DES3], [test "x$ENABLED_DES3" = "xyes"])
# IDEA
AC_ARG_ENABLE([idea],
@@ -1399,6 +1491,11 @@ then
AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"
AM_CONDITIONAL([BUILD_SHA512], [test "x$ENABLED_SHA512" = "xyes"])
fi
# requires DES3
if test "x$ENABLED_DES3" = "xno"
then
ENABLED_DES3="yes"
fi
AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS"
fi
@@ -1847,14 +1944,15 @@ fi
# Supported Elliptic Curves Extensions
AC_ARG_ENABLE([supportedcurves],
[AS_HELP_STRING([--enable-supportedcurves],[Enable Supported Elliptic Curves (default: disabled)])],
[ ENABLED_SUPPORTED_CURVES=$enableval ],
[ ENABLED_SUPPORTED_CURVES=no ]
)
[AS_HELP_STRING([--enable-supportedcurves],[Enable Supported Elliptic Curves (default: enabled)])],
[ENABLED_SUPPORTED_CURVES=$enableval],
[ENABLED_SUPPORTED_CURVES=$ECC_DEFAULT])
if test "x$ENABLED_SUPPORTED_CURVES" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SUPPORTED_CURVES"
AS_IF([test "x$ENABLED_ECC" = "xno"],
[ENABLED_SUPPORTED_CURVES=no],
[AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SUPPORTED_CURVES"])
fi
# Session Ticket Extension
@@ -1869,6 +1967,18 @@ then
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SESSION_TICKET"
fi
# Extended Master Secret Extension
AC_ARG_ENABLE([extended-master],
[AS_HELP_STRING([--enable-extended-master],[Enable Extended Master Secret (default: enabled)])],
[ ENABLED_EXTENDED_MASTER=$enableval ],
[ ENABLED_EXTENDED_MASTER=yes ]
)
if test "x$ENABLED_EXTENDED_MASTER" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_EXTENDED_MASTER"
fi
# TLS Extensions
AC_ARG_ENABLE([tlsx],
[ --enable-tlsx Enable all TLS Extensions (default: disabled)],
@@ -1878,28 +1988,24 @@ AC_ARG_ENABLE([tlsx],
if test "x$ENABLED_TLSX" = "xyes"
then
ENABLED_SNI=yes
ENABLED_MAX_FRAGMENT=yes
ENABLED_TRUNCATED_HMAC=yes
ENABLED_SUPPORTED_CURVES=yes
ENABLED_ALPN=yes
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI -DHAVE_MAX_FRAGMENT -DHAVE_TRUNCATED_HMAC -DHAVE_SUPPORTED_CURVES -DHAVE_ALPN"
ENABLED_SNI=yes
ENABLED_MAX_FRAGMENT=yes
ENABLED_TRUNCATED_HMAC=yes
ENABLED_ALPN=yes
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI -DHAVE_MAX_FRAGMENT -DHAVE_TRUNCATED_HMAC -DHAVE_ALPN"
# Check the ECC supported curves prereq
AS_IF([test "x$ENABLED_ECC" = "xyes"],
[ENABLED_SUPPORTED_CURVES=yes
AM_CFLAGS="$AM_CFLAGS -DHAVE_SUPPORTED_CURVES"])
fi
# PKCS7
AC_ARG_ENABLE([pkcs7],
[ --enable-pkcs7 Enable PKCS7 (default: disabled)],
[AS_HELP_STRING([--enable-pkcs7],[Enable PKCS7 (default: disabled)])],
[ ENABLED_PKCS7=$enableval ],
[ ENABLED_PKCS7=no ],
)
if test "$ENABLED_PKCS7" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_PKCS7"
fi
AM_CONDITIONAL([BUILD_PKCS7], [test "x$ENABLED_PKCS7" = "xyes"])
# Simple Certificate Enrollment Protocol (SCEP)
AC_ARG_ENABLE([scep],
@@ -1907,37 +2013,6 @@ AC_ARG_ENABLE([scep],
[ ENABLED_WOLFSCEP=$enableval ],
[ ENABLED_WOLFSCEP=no ]
)
if test "$ENABLED_WOLFSCEP" = "yes"
then
# Enable prereqs if not already enabled
if test "x$ENABLED_KEYGEN" = "xno"
then
ENABLED_KEYGEN="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"
fi
if test "x$ENABLED_CERTGEN" = "xno"
then
ENABLED_CERTGEN="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
fi
if test "x$ENABLED_CERTREQ" = "xno"
then
ENABLED_CERTREQ="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_REQ"
fi
if test "x$ENABLED_CERTEXT" = "xno"
then
ENABLED_CERTEXT="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT"
fi
if test "x$ENABLED_PKCS7" = "xno"
then
ENABLED_PKCS7="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_PKCS7"
AM_CONDITIONAL([BUILD_PKCS7], [test "x$ENABLED_PKCS7" = "xyes"])
fi
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_WOLFSCEP"
fi
# Secure Remote Password
@@ -2439,28 +2514,69 @@ AC_ARG_WITH([cavium],
AC_MSG_CHECKING([for cavium])
CPPFLAGS="$CPPFLAGS -DHAVE_CAVIUM"
if test "x$withval" == "xyes" ; then
AC_MSG_ERROR([need a PATH for --with-cavium])
fi
if test "x$withval" != "xno" ; then
trycaviumdir=$withval
fi
if test "x$withval" == "xyes" ; then
AC_MSG_ERROR([need a PATH for --with-cavium])
fi
if test "x$withval" != "xno" ; then
trycaviumdir=$withval
fi
LDFLAGS="$AM_LDFLAGS $trycaviumdir/api/cavium_common.o"
CPPFLAGS="$CPPFLAGS -I$trycaviumdir/include"
LDFLAGS="$AM_LDFLAGS $trycaviumdir/api/cavium_common.o"
CPPFLAGS="$CPPFLAGS -I$trycaviumdir/include"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include "cavium_common.h"]], [[ CspShutdown(CAVIUM_DEV_ID); ]])],[ cavium_linked=yes ],[ cavium_linked=no ])
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include "cavium_common.h"]], [[ CspShutdown(CAVIUM_DEV_ID); ]])],[ cavium_linked=yes ],[ cavium_linked=no ])
if test "x$cavium_linked" == "xno" ; then
AC_MSG_ERROR([cavium isn't found.
If it's already installed, specify its path using --with-cavium=/dir/])
fi
AC_MSG_RESULT([yes])
enable_shared=no
enable_static=yes
if test "x$cavium_linked" == "xno" ; then
AC_MSG_ERROR([cavium isn't found.
If it's already installed, specify its path using --with-cavium=/dir/])
fi
AC_MSG_RESULT([yes])
enable_shared=no
enable_static=yes
ENABLED_CAVIUM=yes
],
[ ENABLED_CAVIUM=no ]
)
# cavium V
trycaviumdir=""
AC_ARG_WITH([cavium-v],
[ --with-cavium-v=PATH PATH to Cavium V/software dir ],
[
AC_MSG_CHECKING([for cavium])
CPPFLAGS="$CPPFLAGS -DHAVE_CAVIUM -DHAVE_CAVIUM_V"
if test "x$withval" == "xyes" ; then
AC_MSG_ERROR([need a PATH for --with-cavium])
fi
if test "x$withval" != "xno" ; then
trycaviumdir=$withval
fi
LDFLAGS="$AM_LDFLAGS $trycaviumdir/utils/sample_tests/cavium_common.o $trycaviumdir/utils/sample_tests/cavium_sym_crypto.o $trycaviumdir/utils/sample_tests/cavium_asym_crypto.o"
CPPFLAGS="$CPPFLAGS -I$trycaviumdir/include"
#AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include "cavium_common.h"]], [[ CspShutdown(0); ]])],[ cavium_linked=yes ],[ cavium_linked=no ])
if test "x$cavium_linked" == "xno" ; then
AC_MSG_ERROR([cavium isn't found.
If it's already installed, specify its path using --with-cavium-v=/dir/])
fi
AC_MSG_RESULT([yes])
enable_shared=no
enable_static=yes
ENABLED_CAVIUM=yes
ENABLED_CAVIUM_V=yes
],
[
ENABLED_CAVIUM_=no
ENABLED_CAVIUM_V=no
]
)
AM_CONDITIONAL([BUILD_CAVIUM], [test "x$ENABLED_CAVIUM" = "xyes"])
# Fast RSA using Intel IPP
ippdir="${srcdir}/IPP"
@@ -2668,7 +2784,7 @@ AC_ARG_ENABLE([asynccrypt],
if test "$ENABLED_ASYNCCRYPT" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASYNC_CRYPT"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASYNC_CRYPT -DHAVE_WOLF_EVENT"
# if Cavium not enabled the use async simulator for testing
if test "x$ENABLED_CAVIUM" = "xno"
@@ -2679,6 +2795,9 @@ fi
AM_CONDITIONAL([BUILD_ASYNCCRYPT], [test "x$ENABLED_ASYNCCRYPT" = "xyes"])
AM_CONDITIONAL([BUILD_WOLFEVENT], [test "x$ENABLED_ASYNCCRYPT" = "xyes"])
# Session Export
AC_ARG_ENABLE([sessionexport],
@@ -2756,6 +2875,11 @@ AS_IF([test "x$ENABLED_SNIFFER" = "xyes" && \
test "x$ENABLED_RSA" = "xno"],
[AC_MSG_ERROR([please enable rsa if enabling sniffer.])])
# Lean TLS forces off prereqs of SCEP.
AS_IF([test "x$ENABLED_SCEP" = "xyes" && \
test "x$ENABLED_LEANTLS" = "xyes"],
[AC_MSG_ERROR([Cannot use SCEP and Lean TLS at the same time.])])
# CMAC currently requires AES.
AS_IF([test "x$ENABLED_CMAC" = "xyes" && \
test "x$ENABLED_AES" = "xno"],
@@ -2765,6 +2889,62 @@ AS_IF([test "x$ENABLED_CMAC" = "xyes" && \
# Update CFLAGS based on options #
################################################################################
AS_IF([test "x$ENABLED_MCAPI" = "xyes"],
[AS_IF([test "x$ENABLED_DES3" = "xno"],[ENABLED_DES3="yes"])])
if test "$ENABLED_WOLFSCEP" = "yes"
then
# Enable prereqs if not already enabled
if test "x$ENABLED_KEYGEN" = "xno"
then
ENABLED_KEYGEN="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"
fi
if test "x$ENABLED_CERTGEN" = "xno"
then
ENABLED_CERTGEN="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
fi
if test "x$ENABLED_CERTREQ" = "xno"
then
ENABLED_CERTREQ="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_REQ"
fi
if test "x$ENABLED_CERTEXT" = "xno"
then
ENABLED_CERTEXT="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT"
fi
if test "x$ENABLED_PKCS7" = "xno"
then
ENABLED_PKCS7="yes"
fi
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_WOLFSCEP"
fi
if test "x$ENABLED_PKCS7" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_PKCS7"
# Enable prereqs if not already enabled
AS_IF([test "x$ENABLED_DES3" = "xno"],
[ENABLED_DES3=yes])
fi
if test "x$ENABLED_DES3" = "xno"
then
AM_CFLAGS="$AM_CFLAGS -DNO_DES3"
else
# turn off DES3 if leanpsk or leantls on
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_DES3"
ENABLED_DES3=no
fi
fi
AM_CONDITIONAL([BUILD_DES3], [test "x$ENABLED_DES3" = "xyes"])
AM_CONDITIONAL([BUILD_PKCS7], [test "x$ENABLED_PKCS7" = "xyes"])
AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MAX_STRENGTH"])
@@ -2777,6 +2957,15 @@ AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \
test "x$ENABLED_SSLV3" = "xyes"],
[AC_MSG_ERROR([Cannot use Max Strength and SSLv3 at the same time.])])
AS_IF([test "x$ENABLED_SCTP" = "xyes"],
[AM_CFLAGS="-DWOLFSSL_SCTP $AM_CFLAGS"])
# SCTP requires DTLS
AS_IF([test "x$ENABLED_DTLS" = "xno" && \
test "x$ENABLED_SCTP" = "xyes"],
[AM_CFLAGS="-DWOLFSSL_DTLS $AM_CFLAGS"
ENABLED_DTLS=yes])
################################################################################
# OPTIMIZE FLAGS
@@ -2986,6 +3175,7 @@ echo " * Filesystem: $ENABLED_FILESYSTEM"
echo " * OpenSSH Build: $ENABLED_OPENSSH"
echo " * OpenSSL Extra API: $ENABLED_OPENSSLEXTRA"
echo " * Max Strength Build: $ENABLED_MAXSTRENGTH"
echo " * Distro Build: $ENABLED_DISTRO"
echo " * fastmath: $ENABLED_FASTMATH"
echo " * sniffer: $ENABLED_SNIFFER"
echo " * snifftest: $ENABLED_SNIFFTEST"
@@ -3037,6 +3227,7 @@ echo " * LIGHTY: $ENABLED_LIGHTY"
echo " * STUNNEL: $ENABLED_STUNNEL"
echo " * ERROR_STRINGS: $ENABLED_ERROR_STRINGS"
echo " * DTLS: $ENABLED_DTLS"
echo " * SCTP: $ENABLED_SCTP"
echo " * Old TLS Versions: $ENABLED_OLD_TLS"
echo " * SSL version 3.0: $ENABLED_SSLV3"
echo " * OCSP: $ENABLED_OCSP"
@@ -3056,6 +3247,7 @@ echo " * Maximum Fragment Length: $ENABLED_MAX_FRAGMENT"
echo " * Truncated HMAC: $ENABLED_TRUNCATED_HMAC"
echo " * Supported Elliptic Curves: $ENABLED_SUPPORTED_CURVES"
echo " * Session Ticket: $ENABLED_SESSION_TICKET"
echo " * Extended Master Secret: $ENABLED_EXTENDED_MASTER"
echo " * Renegotiation Indication: $ENABLED_RENEGOTIATION_INDICATION"
echo " * Secure Renegotiation: $ENABLED_SECURE_RENEGOTIATION"
echo " * All TLS Extensions: $ENABLED_TLSX"
@@ -3069,6 +3261,8 @@ echo " * Examples: $ENABLED_EXAMPLES"
echo " * User Crypto: $ENABLED_USER_CRYPTO"
echo " * Fast RSA: $ENABLED_FAST_RSA"
echo " * Async Crypto: $ENABLED_ASYNCCRYPT"
echo " * Cavium: $ENABLED_CAVIUM"
echo " * ARM ASM: $ENABLED_ARMASM"
echo ""
echo "---"

5
cyassl/ctaocrypt/aes.h
View File

@@ -56,11 +56,6 @@
#define AesCcmDecrypt wc_AesCcmDecrypt
#endif /* HAVE_AESCCM */
#ifdef HAVE_CAVIUM
#define AesInitCavium wc_AesInitCavium
#define AesFreeCavium wc_AesFreeCavium
#endif
#endif /* CTAO_CRYPT_AES_H */
#endif /* NO_AES */

5
cyassl/ctaocrypt/arc4.h
View File

@@ -26,11 +26,10 @@
/* for arc4 reverse compatibility */
#ifndef NO_RC4
#include <wolfssl/wolfcrypt/arc4.h>
#define CYASSL_ARC4_CAVIUM_MAGIC WOLFSSL_ARC4_CAVIUM_MAGIC
#define Arc4Process wc_Arc4Process
#define Arc4SetKey wc_Arc4SetKey
#define Arc4InitCavium wc_Arc4InitCavium
#define Arc4FreeCavium wc_Arc4FreeCavium
#define Arc4AsyncInit wc_Arc4AsyncInit
#define Arc4AsyncFree wc_Arc4AsyncFree
#endif
#endif /* CTAO_CRYPT_ARC4_H */

6
cyassl/ctaocrypt/des3.h
View File

@@ -39,9 +39,9 @@
#define Des3_CbcEncrypt wc_Des3_CbcEncrypt
#define Des3_CbcDecrypt wc_Des3_CbcDecrypt
#define Des3_CbcDecryptWithKey wc_Des3_CbcDecryptWithKey
#ifdef HAVE_CAVIUM
#define Des3_InitCavium wc_Des3_InitCavium
#define Des3_FreeCavium wc_Des3_FreeCavium
#ifdef WOLFSSL_ASYNC_CRYPT
#define Des3AsyncInit wc_Des3AsyncInit
#define Des3AsyncFree wc_Des3AsyncFree
#endif
#endif /* NO_DES3 */

6
cyassl/ctaocrypt/hmac.h
View File

@@ -30,9 +30,9 @@
#define HmacSetKey wc_HmacSetKey
#define HmacUpdate wc_HmacUpdate
#define HmacFinal wc_HmacFinal
#ifdef HAVE_CAVIUM
#define HmacInitCavium wc_HmacInitCavium
#define HmacFreeCavium wc_HmacFreeCavium
#ifdef WOLFSSL_ASYNC_CRYPT
#define HmacAsyncInit wc_HmacAsyncInit
#define HmacAsyncFree wc_HmacAsyncFree
#endif
#define CyaSSL_GetHmacMaxSize wolfSSL_GetHmacMaxSize
#ifdef HAVE_HKDF

6
cyassl/ctaocrypt/rsa.h
View File

@@ -47,9 +47,9 @@
#define RsaKeyToDer wc_RsaKeyToDer
#endif
#ifdef HAVE_CAVIUM
#define RsaInitCavium wc_RsaInitCavium
#define RsaFreeCavium wc_RsaFreeCavium
#ifdef WOLFSSL_ASYNC_CRYPT
#define RsaAsyncInit wc_RsaAsyncInit
#define RsaAsyncFree wc_RsaAsyncFree
#endif
#endif /* CTAO_CRYPT_RSA_H */

21
cyassl/ctaocrypt/settings.h
View File

@@ -79,9 +79,6 @@
/* Uncomment next line if using STM32F2 */
/* #define CYASSL_STM32F2 */
/* Uncomment next line if using Comverge settings */
/* #define COMVERGE */
/* Uncomment next line if using QL SEP settings */
/* #define CYASSL_QL */
@@ -114,24 +111,6 @@
/* for reverse compatibility after name change */
#include <cyassl/ctaocrypt/settings_comp.h>
#ifdef COMVERGE
#define THREADX
#define HAVE_NETX
#define CYASSL_USER_IO
#define NO_WRITEV
#define NO_DEV_RANDOM
#define NO_FILESYSTEM
#define NO_SHA512
#define NO_DH
#define NO_DSA
#define NO_HC128
#define NO_RSA
#define NO_SESSION_CACHE
#define HAVE_ECC
#endif
#ifdef THREADX
#define SIZEOF_LONG_LONG 8
#endif

156
examples/client/client.c
View File

@@ -53,6 +53,10 @@
#include "examples/client/client.h"
#ifdef WOLFSSL_ASYNC_CRYPT
static int devId = INVALID_DEVID;
#endif
/* Note on using port 0: the client standalone example doesn't utilize the
* port 0 port sharing; that is used by (1) the server in external control
* test mode and (2) the testsuite which uses this code and sets up the correct
@@ -78,7 +82,7 @@ static void NonBlockingSSL_Connect(WOLFSSL* ssl)
#endif
int error = wolfSSL_get_error(ssl, 0);
SOCKET_T sockfd = (SOCKET_T)wolfSSL_get_fd(ssl);
int select_ret;
int select_ret = 0;
while (ret != SSL_SUCCESS && (error == SSL_ERROR_WANT_READ ||
error == SSL_ERROR_WANT_WRITE ||
@@ -91,15 +95,17 @@ static void NonBlockingSSL_Connect(WOLFSSL* ssl)
printf("... client would write block\n");
#ifdef WOLFSSL_ASYNC_CRYPT
else if (error == WC_PENDING_E) {
ret = AsyncCryptPoll(ssl);
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) { break; } else if (ret == 0) { continue; }
}
#endif
#ifdef WOLFSSL_DTLS
currTimeout = wolfSSL_dtls_get_current_timeout(ssl);
#endif
select_ret = tcp_select(sockfd, currTimeout);
if (error != WC_PENDING_E) {
#ifdef WOLFSSL_DTLS
currTimeout = wolfSSL_dtls_get_current_timeout(ssl);
#endif
select_ret = tcp_select(sockfd, currTimeout);
}
if ((select_ret == TEST_RECV_READY) ||
(select_ret == TEST_ERROR_READY)) {
@@ -150,8 +156,10 @@ static void ShowVersions(void)
printf("3\n");
}
int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
int doDTLS, int benchmark, int resumeSession)
/* Measures average time to create, connect and disconnect a connection (TPS).
Benchmark = number of connections. */
static int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
int dtlsUDP, int dtlsSCTP, int benchmark, int resumeSession)
{
/* time passed in number of connects give average */
int times = benchmark;
@@ -174,7 +182,7 @@ int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
if (ssl == NULL)
err_sys("unable to get SSL object");
tcp_connect(&sockfd, host, port, doDTLS, ssl);
tcp_connect(&sockfd, host, port, dtlsUDP, dtlsSCTP, ssl);
#ifndef NO_SESSION_CACHE
if (benchResume)
@@ -209,8 +217,9 @@ int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
return EXIT_SUCCESS;
}
int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port,
int doDTLS, int throughput)
/* Measures throughput in kbps. Throughput = number of bytes */
static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port,
int dtlsUDP, int dtlsSCTP, int throughput)
{
double start, conn_time = 0, tx_time = 0, rx_time = 0;
SOCKET_T sockfd;
@@ -221,7 +230,7 @@ int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port,
ssl = wolfSSL_new(ctx);
if (ssl == NULL)
err_sys("unable to get SSL object");
tcp_connect(&sockfd, host, port, doDTLS, ssl);
tcp_connect(&sockfd, host, port, dtlsUDP, dtlsSCTP, ssl);
if (wolfSSL_set_fd(ssl, sockfd) != SSL_SUCCESS) {
err_sys("error in setting fd");
}
@@ -337,7 +346,8 @@ const char* starttlsCmd[6] = {
"QUIT\r\n",
};
int StartTLS_Init(SOCKET_T* sockfd)
/* Initiates the STARTTLS command sequence over TCP */
static int StartTLS_Init(SOCKET_T* sockfd)
{
char tmpBuf[256];
@@ -393,7 +403,8 @@ int StartTLS_Init(SOCKET_T* sockfd)
return SSL_SUCCESS;
}
int SMTP_Shutdown(WOLFSSL* ssl, int wc_shutdown)
/* Closes down the SMTP connection */
static int SMTP_Shutdown(WOLFSSL* ssl, int wc_shutdown)
{
int ret;
char tmpBuf[256];
@@ -455,6 +466,10 @@ static void Usage(void)
printf("-g Send server HTTP GET\n");
printf("-u Use UDP DTLS,"
" add -v 2 for DTLSv1, -v 3 for DTLSv1.2 (default)\n");
#ifdef WOLFSSL_SCTP
printf("-G Use SCTP DTLS,"
" add -v 2 for DTLSv1, -v 3 for DTLSv1.2 (default)\n");
#endif
printf("-m Match domain name in cert\n");
printf("-N Use Non-blocking sockets\n");
printf("-r Resume session\n");
@@ -479,6 +494,9 @@ static void Usage(void)
#ifdef HAVE_TRUNCATED_HMAC
printf("-T Use Truncated HMAC\n");
#endif
#ifdef HAVE_EXTENDED_MASTER
printf("-n Disable Extended Master Secret\n");
#endif
#ifdef HAVE_OCSP
printf("-o Perform OCSP lookup on peer certificate\n");
printf("-O <url> Perform OCSP lookup using <url> as responder\n");
@@ -545,6 +563,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
int benchmark = 0;
int throughput = 0;
int doDTLS = 0;
int dtlsUDP = 0;
int dtlsSCTP = 0;
int matchName = 0;
int doPeerCheck = 1;
int nonBlocking = 0;
@@ -553,7 +573,9 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
int disableCRL = 0;
int externalTest = 0;
int ret;
#ifndef WOLFSSL_CALLBACKS
int err = 0;
#endif
int scr = 0; /* allow secure renegotiation */
int forceScr = 0; /* force client initiaed scr */
int trackMemory = 0;
@@ -590,6 +612,9 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
byte statusRequest = 0;
#endif
#ifdef HAVE_EXTENDED_MASTER
byte disableExtMasterSecret = 0;
#endif
#ifdef HAVE_OCSP
@@ -632,7 +657,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#ifndef WOLFSSL_VXWORKS
while ((ch = mygetopt(argc, argv,
"?gdeDusmNrwRitfxXUPCVh:p:v:l:A:c:k:Z:b:zS:F:L:ToO:aB:W:E:M:q:"))
"?gdeDuGsmNrwRitfxXUPCVh:p:v:l:A:c:k:Z:b:zS:F:L:TnoO:aB:W:E:M:q:"))
!= -1) {
switch (ch) {
case '?' :
@@ -662,7 +687,15 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
break;
case 'u' :
doDTLS = 1;
doDTLS = 1;
dtlsUDP = 1;
break;
case 'G' :
#ifdef WOLFSSL_SCTP
doDTLS = 1;
dtlsSCTP = 1;
#endif
break;
case 's' :
@@ -830,6 +863,12 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#endif
break;
case 'n' :
#ifdef HAVE_EXTENDED_MASTER
disableExtMasterSecret = 1;
#endif
break;
case 'W' :
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
@@ -1045,6 +1084,12 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
if (ctx == NULL)
err_sys("unable to get ctx");
#ifdef SINGLE_THREADED
if (wolfSSL_CTX_new_rng(ctx) != SSL_SUCCESS) {
err_sys("Single Threaded new rng at CTX failed");
}
#endif
if (cipherList) {
if (wolfSSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS)
err_sys("client can't set cipher list 1");
@@ -1104,6 +1149,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
}
}
#ifdef WOLFSSL_SCTP
if (dtlsSCTP)
wolfSSL_CTX_dtls_set_sctp(ctx);
#endif
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif
@@ -1173,9 +1223,13 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myDateCb);
#endif
#ifdef HAVE_CAVIUM
wolfSSL_CTX_UseCavium(ctx, CAVIUM_DEV_ID);
#endif
#ifdef WOLFSSL_ASYNC_CRYPT
ret = wolfAsync_DevOpen(&devId);
if (ret != 0) {
err_sys("Async device open failed");
}
wolfSSL_CTX_UseAsync(ctx, devId);
#endif /* WOLFSSL_ASYNC_CRYPT */
#ifdef HAVE_SNI
if (sniHostName)
@@ -1197,17 +1251,24 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
if (wolfSSL_CTX_UseSessionTicket(ctx) != SSL_SUCCESS)
err_sys("UseSessionTicket failed");
#endif
#ifdef HAVE_EXTENDED_MASTER
if (disableExtMasterSecret)
if (wolfSSL_CTX_DisableExtendedMasterSecret(ctx) != SSL_SUCCESS)
err_sys("DisableExtendedMasterSecret failed");
#endif
if (benchmark) {
((func_args*)args)->return_code =
ClientBenchmarkConnections(ctx, host, port, doDTLS, benchmark, resumeSession);
ClientBenchmarkConnections(ctx, host, port, dtlsUDP, dtlsSCTP,
benchmark, resumeSession);
wolfSSL_CTX_free(ctx);
exit(EXIT_SUCCESS);
}
if(throughput) {
((func_args*)args)->return_code =
ClientBenchmarkThroughput(ctx, host, port, doDTLS, throughput);
ClientBenchmarkThroughput(ctx, host, port, dtlsUDP, dtlsSCTP,
throughput);
wolfSSL_CTX_free(ctx);
exit(EXIT_SUCCESS);
}
@@ -1293,7 +1354,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
}
#endif
tcp_connect(&sockfd, host, port, doDTLS, ssl);
tcp_connect(&sockfd, host, port, dtlsUDP, dtlsSCTP, ssl);
if (wolfSSL_set_fd(ssl, sockfd) != SSL_SUCCESS) {
err_sys("error in setting fd");
}
@@ -1341,7 +1402,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
do {
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = AsyncCryptPoll(ssl);
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) { break; } else if (ret == 0) { continue; }
}
#endif
@@ -1363,7 +1424,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#else
timeout.tv_sec = 2;
timeout.tv_usec = 0;
NonBlockingSSL_Connect(ctx, ssl); /* will keep retrying on timeout */
NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */
#endif
showPeer(ssl);
@@ -1472,7 +1533,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
}
#endif
if (doDTLS == 0) { /* don't send alert after "break" command */
if (dtlsUDP == 0) { /* don't send alert after "break" command */
ret = wolfSSL_shutdown(ssl);
if (wc_shutdown && ret == SSL_SHUTDOWN_NOT_DONE)
wolfSSL_shutdown(ssl); /* bidirectional shutdown */
@@ -1486,7 +1547,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#ifndef NO_SESSION_CACHE
if (resumeSession) {
if (doDTLS) {
if (dtlsUDP) {
#ifdef USE_WINDOWS_API
Sleep(500);
#elif defined(WOLFSSL_TIRTOS)
@@ -1495,7 +1556,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
sleep(1);
#endif
}
tcp_connect(&sockfd, host, port, doDTLS, sslResume);
tcp_connect(&sockfd, host, port, dtlsUDP, dtlsSCTP, sslResume);
if (wolfSSL_set_fd(sslResume, sockfd) != SSL_SUCCESS) {
err_sys("error in setting fd");
}
@@ -1517,6 +1578,32 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
wolfSSL_set_SessionTicket_cb(sslResume, sessionTicketCB,
(void*)"resumed session");
#endif
#ifdef HAVE_SUPPORTED_CURVES /* add curves to supported curves extension */
if (wolfSSL_UseSupportedCurve(sslResume, WOLFSSL_ECC_SECP256R1)
!= SSL_SUCCESS) {
err_sys("unable to set curve secp256r1");
}
if (wolfSSL_UseSupportedCurve(sslResume, WOLFSSL_ECC_SECP384R1)
!= SSL_SUCCESS) {
err_sys("unable to set curve secp384r1");
}
if (wolfSSL_UseSupportedCurve(sslResume, WOLFSSL_ECC_SECP521R1)
!= SSL_SUCCESS) {
err_sys("unable to set curve secp521r1");
}
if (wolfSSL_UseSupportedCurve(sslResume, WOLFSSL_ECC_SECP224R1)
!= SSL_SUCCESS) {
err_sys("unable to set curve secp224r1");
}
if (wolfSSL_UseSupportedCurve(sslResume, WOLFSSL_ECC_SECP192R1)
!= SSL_SUCCESS) {
err_sys("unable to set curve secp192r1");
}
if (wolfSSL_UseSupportedCurve(sslResume, WOLFSSL_ECC_SECP160R1)
!= SSL_SUCCESS) {
err_sys("unable to set curve secp160r1");
}
#endif
#ifndef WOLFSSL_CALLBACKS
if (nonBlocking) {
@@ -1529,7 +1616,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#else
timeout.tv_sec = 2;
timeout.tv_usec = 0;
NonBlockingSSL_Connect(ctx, ssl); /* will keep retrying on timeout */
NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */
#endif
showPeer(sslResume);
@@ -1620,6 +1707,10 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
((func_args*)args)->return_code = 0;
#ifdef WOLFSSL_ASYNC_CRYPT
wolfAsync_DevClose(&devId);
#endif
#if defined(USE_WOLFSSL_MEMORY) && !defined(WOLFSSL_STATIC_MEMORY)
if (trackMemory)
ShowMemoryTracker();
@@ -1648,11 +1739,6 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
{
func_args args;
#ifdef HAVE_CAVIUM
int ret = OpenNitroxDevice(CAVIUM_DIRECT, CAVIUM_DEV_ID);
if (ret != 0)
err_sys("Cavium OpenNitroxDevice failed");
#endif /* HAVE_CAVIUM */
StartTCP();
@@ -1672,10 +1758,6 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#endif
wolfSSL_Cleanup();
#ifdef HAVE_CAVIUM
CspShutdown(CAVIUM_DEV_ID);
#endif
#ifdef HAVE_WNR
if (wc_FreeNetRandom() < 0)
err_sys("Failed to free netRandom context");

15
examples/client/client.h
View File

@@ -26,21 +26,6 @@
THREAD_RETURN WOLFSSL_THREAD client_test(void* args);
/* Measures average time to create, connect and disconnect a connection (TPS).
Benchmark = number of connections. */
int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
int doDTLS, int benchmark, int resumeSession);
/* Measures throughput in kbps. Throughput = number of bytes */
int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port,
int doDTLS, int throughput);
/* Initiates the STARTTLS command sequence over TCP */
int StartTLS_Init(SOCKET_T* sockfd);
/* Closes down the SMTP connection */
int SMTP_Shutdown(WOLFSSL* ssl, int wc_shutdown);
#endif /* WOLFSSL_CLIENT_H */

35
examples/echoclient/echoclient.c
View File

@@ -52,6 +52,11 @@
#include "examples/echoclient/echoclient.h"
#ifdef WOLFSSL_ASYNC_CRYPT
static int devId = INVALID_DEVID;
#endif
void echoclient_test(void* args)
{
SOCKET_T sockfd = 0;
@@ -162,12 +167,20 @@ void echoclient_test(void* args)
SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif
#if defined(WOLFSSL_MDK_ARM)
#if defined(WOLFSSL_MDK_ARM)
CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
#endif
#endif
#ifdef WOLFSSL_ASYNC_CRYPT
ret = wolfAsync_DevOpen(&devId);
if (ret != 0) {
err_sys("Async device open failed");
}
wolfSSL_CTX_UseAsync(ctx, devId);
#endif /* WOLFSSL_ASYNC_CRYPT */
ssl = SSL_new(ctx);
tcp_connect(&sockfd, yasslIP, port, doDTLS, ssl);
tcp_connect(&sockfd, yasslIP, port, doDTLS, 0, ssl);
SSL_set_fd(ssl, sockfd);
#if defined(USE_WINDOWS_API) && defined(CYASSL_DTLS) && defined(NO_MAIN_DRIVER)
@@ -178,7 +191,7 @@ void echoclient_test(void* args)
do {
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = AsyncCryptPoll(ssl);
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) { break; } else if (ret == 0) { continue; }
}
#endif
@@ -250,6 +263,10 @@ void echoclient_test(void* args)
SSL_free(ssl);
SSL_CTX_free(ctx);
#ifdef WOLFSSL_ASYNC_CRYPT
wolfAsync_DevClose(&devId);
#endif
fflush(fout);
if (inCreated) fclose(fin);
if (outCreated) fclose(fout);
@@ -266,12 +283,6 @@ void echoclient_test(void* args)
{
func_args args;
#ifdef HAVE_CAVIUM
int ret = OpenNitroxDevice(CAVIUM_DIRECT, CAVIUM_DEV_ID);
if (ret != 0)
err_sys("Cavium OpenNitroxDevice failed");
#endif /* HAVE_CAVIUM */
#ifdef HAVE_WNR
if (wc_InitNetRandom(wnrConfig, NULL, 5000) != 0)
err_sys("Whitewood netRandom global config failed");
@@ -293,10 +304,6 @@ void echoclient_test(void* args)
CyaSSL_Cleanup();
#ifdef HAVE_CAVIUM
CspShutdown(CAVIUM_DEV_ID);
#endif
#ifdef HAVE_WNR
if (wc_FreeNetRandom() < 0)
err_sys("Failed to free netRandom context");

32
examples/echoserver/echoserver.c
View File

@@ -53,6 +53,10 @@
#include "examples/echoserver/echoserver.h"
#ifdef WOLFSSL_ASYNC_CRYPT
static int devId = INVALID_DEVID;
#endif
#define SVR_COMMAND_SIZE 256
static void SignalReady(void* args, word16 port)
@@ -132,7 +136,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
fdOpenSession(Task_self());
#endif
tcp_listen(&sockfd, &port, useAnyAddr, doDTLS);
tcp_listen(&sockfd, &port, useAnyAddr, doDTLS, 0);
#if defined(CYASSL_DTLS)
method = CyaDTLSv1_2_server_method();
@@ -226,6 +230,14 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
#endif
}
#ifdef WOLFSSL_ASYNC_CRYPT
ret = wolfAsync_DevOpen(&devId);
if (ret != 0) {
err_sys("Async device open failed");
}
wolfSSL_CTX_UseAsync(ctx, devId);
#endif /* WOLFSSL_ASYNC_CRYPT */
SignalReady(args, port);
while (!shutDown) {
@@ -272,7 +284,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
do {
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = AsyncCryptPoll(ssl);
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) { break; } else if (ret == 0) { continue; }
}
#endif
@@ -361,7 +373,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
CyaSSL_free(ssl);
CloseSocket(clientfd);
#ifdef CYASSL_DTLS
tcp_listen(&sockfd, &port, useAnyAddr, doDTLS);
tcp_listen(&sockfd, &port, useAnyAddr, doDTLS, 0);
SignalReady(args, port);
#endif
}
@@ -390,6 +402,10 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
TicketCleanup();
#endif
#ifdef WOLFSSL_ASYNC_CRYPT
wolfAsync_DevClose(&devId);
#endif
#ifndef CYASSL_TIRTOS
return 0;
#endif
@@ -403,12 +419,6 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
{
func_args args;
#ifdef HAVE_CAVIUM
int ret = OpenNitroxDevice(CAVIUM_DIRECT, CAVIUM_DEV_ID);
if (ret != 0)
err_sys("Cavium OpenNitroxDevice failed");
#endif /* HAVE_CAVIUM */
#ifdef HAVE_WNR
if (wc_InitNetRandom(wnrConfig, NULL, 5000) != 0)
err_sys("Whitewood netRandom global config failed");
@@ -427,10 +437,6 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
echoserver_test(&args);
CyaSSL_Cleanup();
#ifdef HAVE_CAVIUM
CspShutdown(CAVIUM_DEV_ID);
#endif
#ifdef HAVE_WNR
if (wc_FreeNetRandom() < 0)
err_sys("Failed to free netRandom context");

1
examples/include.am
View File

@@ -5,3 +5,4 @@ include examples/client/include.am
include examples/echoclient/include.am
include examples/echoserver/include.am
include examples/server/include.am
include examples/sctp/include.am

38
examples/sctp/include.am Normal file
View File

@@ -0,0 +1,38 @@
# vim:ft=automake
# included from Top Level Makefile.am
# All paths should be given relative to the root
if BUILD_SCTP
if BUILD_EXAMPLE_SERVERS
noinst_PROGRAMS += \
examples/sctp/sctp-server \
examples/sctp/sctp-server-dtls
examples_sctp_sctp_server_SOURCES = examples/sctp/sctp-server.c
examples_sctp_sctp_server_LDADD = $(LIB_STATIC_ADD)
examples_sctp_sctp_server_dtls_SOURCES = examples/sctp/sctp-server-dtls.c
examples_sctp_sctp_server_dtls_LDADD = src/libwolfssl.la $(LIB_STATIC_ADD)
examples_sctp_sctp_server_dtls_DEPENDENCIES = src/libwolfssl.la
endif
if BUILD_EXAMPLE_CLIENTS
noinst_PROGRAMS += \
examples/sctp/sctp-client \
examples/sctp/sctp-client-dtls
examples_sctp_sctp_client_SOURCES = examples/sctp/sctp-client.c
examples_sctp_sctp_client_LDADD = $(LIB_STATIC_ADD)
examples_sctp_sctp_client_dtls_SOURCES = examples/sctp/sctp-client-dtls.c
examples_sctp_sctp_client_dtls_LDADD = src/libwolfssl.la $(LIB_STATIC_ADD)
examples_sctp_sctp_client_dtls_DEPENDENCIES = src/libwolfssl.la
endif
endif
dist_example_DATA += \
examples/sctp/sctp-server.c \
examples/sctp/sctp-server-dtls.c \
examples/sctp/sctp-client.c \
examples/sctp/sctp-client-dtls.c
DISTCLEANFILES += \
examples/sctp/.libs/sctp-server \
examples/sctp/.libs/sctp-server-dtls \
examples/sctp/.libs/sctp-client \
examples/sctp/.libs/sctp-client-dtls

125
examples/sctp/sctp-client-dtls.c Normal file
View File

@@ -0,0 +1,125 @@
/* sctp-client-dtls.c
*
* Copyright (C) 2006-2016 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/* sctp */
#include <sys/socket.h>
#include <sys/types.h>
#include <arpa/inet.h>
#include <netinet/in.h>
/* std */
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
/* wolfssl */
#include <wolfssl/options.h>
#include <wolfssl/ssl.h>
#define cacert "./certs/ca-cert.pem"
static int err_sys(const char* msg)
{
perror(msg);
exit(EXIT_FAILURE);
}
int main()
{
int sd = socket(PF_INET, SOCK_STREAM, IPPROTO_SCTP);
if (sd < 0)
err_sys("sctp socket error");
struct sockaddr_in sa;
memset(&sa, 0, sizeof(sa));
sa.sin_family = AF_INET;
sa.sin_addr.s_addr = inet_addr("127.0.0.1");
sa.sin_port = htons(12345);
int ret = connect(sd, (struct sockaddr*)&sa, sizeof(sa));
if (ret < 0)
err_sys("sctp connect error");
const char* response = "hello there";
char buffer[80];
WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfDTLSv1_2_client_method());
if (ctx == NULL)
err_sys("ctx new dtls client failed");
ret = wolfSSL_CTX_dtls_set_sctp(ctx);
if (ret != SSL_SUCCESS)
err_sys("set sctp mode failed");
ret = wolfSSL_CTX_load_verify_locations(ctx, cacert, NULL);
if (ret != SSL_SUCCESS)
err_sys("ca cert error");
WOLFSSL* ssl = wolfSSL_new(ctx);
if (ssl == NULL)
err_sys("ssl new dtls client failed");
wolfSSL_set_fd(ssl, sd);
ret = wolfSSL_connect(ssl);
if (ret != SSL_SUCCESS)
err_sys("ssl connect failed");
printf("TLS version is %s\n", wolfSSL_get_version(ssl));
printf("Cipher Suite is %s\n",
wolfSSL_CIPHER_get_name(wolfSSL_get_current_cipher(ssl)));
wolfSSL_write(ssl, response, (int)strlen(response));
int got = wolfSSL_read(ssl, buffer, sizeof(buffer));
if (got > 0) {
buffer[got] = 0;
printf("server said: %s\n", buffer);
}
unsigned char bigBuf[4096];
unsigned int i;
for (i = 0; i < (int)sizeof(bigBuf); i++)
bigBuf[i] = (unsigned char)(i & 0xFF);
wolfSSL_write(ssl, bigBuf, sizeof(bigBuf));
memset(bigBuf, 0, sizeof(bigBuf));
wolfSSL_read(ssl, bigBuf, sizeof(bigBuf));
for (i = 0; i < sizeof(bigBuf); i++) {
if (bigBuf[i] != (unsigned char)(i & 0xFF)) {
printf("big message check fail\n");
break;
}
}
wolfSSL_shutdown(ssl);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
close(sd);
return 0;
}

64
examples/sctp/sctp-client.c Normal file
View File

@@ -0,0 +1,64 @@
/* sctp-client.c
*
* Copyright (C) 2006-2016 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/* sctp */
#include <sys/socket.h>
#include <sys/types.h>
#include <arpa/inet.h>
#include <netinet/in.h>
/* std */
#include <stdio.h>
#include <string.h>
#include <unistd.h>
int main()
{
int sd = socket(PF_INET, SOCK_STREAM, IPPROTO_SCTP);
if (sd < 0)
perror("sctp socket error");
struct sockaddr_in sa;
memset(&sa, 0, sizeof(sa));
sa.sin_family = AF_INET;
sa.sin_addr.s_addr = inet_addr("127.0.0.1");
sa.sin_port = htons(12345);
int ret = connect(sd, (struct sockaddr*)&sa, sizeof(sa));
if (ret < 0)
perror("sctp connect error");
const char* msg = "hello sctp";
char buffer[80];
send(sd, msg, strlen(msg), 0);
int got = (int)recv(sd, buffer, sizeof(buffer), 0);
if (got > 0) {
buffer[got] = 0;
printf("server said: %s\n", buffer);
}
close(sd);
return 0;
}

124
examples/sctp/sctp-server-dtls.c Normal file
View File

@@ -0,0 +1,124 @@
/* sctp-server-dtls.c
*
* Copyright (C) 2006-2016 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/* sctp */
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
/* std */
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
/* wolfssl */
#include <wolfssl/options.h>
#include <wolfssl/ssl.h>
#define key "./certs/server-key.pem"
#define cert "./certs/server-cert.pem"
static int err_sys(const char* msg)
{
perror(msg);
exit(EXIT_FAILURE);
}
int main()
{
int sd = socket(PF_INET, SOCK_STREAM, IPPROTO_SCTP);
if (sd < 0)
err_sys("sctp socket error");
struct sockaddr_in sa;
memset(&sa, 0, sizeof(sa));
sa.sin_family = AF_INET;
sa.sin_addr.s_addr = htonl(INADDR_ANY);
sa.sin_port = htons(12345);
int ret = bind(sd, (struct sockaddr*)&sa, sizeof(sa));
if (ret < 0)
err_sys("sctp bind error");
listen(sd, 3);
int client_sd = accept(sd, NULL, NULL);
if (client_sd < 0)
err_sys("sctp accept error");
const char* response = "well hello to you";
char buffer[80];
WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method());
if (ctx == NULL)
err_sys("ctx new dtls server failed");
ret = wolfSSL_CTX_dtls_set_sctp(ctx);
if (ret != SSL_SUCCESS)
err_sys("set sctp mode failed");
ret = wolfSSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM);
if (ret != SSL_SUCCESS)
err_sys("use private key error");
ret = wolfSSL_CTX_use_certificate_file(ctx, cert, SSL_FILETYPE_PEM);
if (ret != SSL_SUCCESS)
err_sys("use cert error");
WOLFSSL* ssl = wolfSSL_new(ctx);
if (ssl == NULL)
err_sys("ssl new dtls server failed");
wolfSSL_set_fd(ssl, client_sd);
ret = wolfSSL_accept(ssl);
if (ret != SSL_SUCCESS)
err_sys("ssl accept failed");
printf("TLS version is %s\n", wolfSSL_get_version(ssl));
printf("Cipher Suite is %s\n",
wolfSSL_CIPHER_get_name(wolfSSL_get_current_cipher(ssl)));
int got = wolfSSL_read(ssl, buffer, sizeof(buffer));
if (got > 0) {
buffer[got] = 0;
printf("client said: %s\n", buffer);
}
wolfSSL_write(ssl, response, (int)strlen(response));
unsigned char bigBuf[4096];
wolfSSL_read(ssl, bigBuf, sizeof(bigBuf));
wolfSSL_write(ssl, bigBuf, sizeof(bigBuf));
wolfSSL_shutdown(ssl);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
close(sd);
return 0;
}

70
examples/sctp/sctp-server.c Normal file
View File

@@ -0,0 +1,70 @@
/* sctp-server.c
*
* Copyright (C) 2006-2016 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/* sctp */
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
/* std */
#include <stdio.h>
#include <string.h>
#include <unistd.h>
int main()
{
int sd = socket(PF_INET, SOCK_STREAM, IPPROTO_SCTP);
if (sd < 0)
perror("sctp socket error");
struct sockaddr_in sa;
memset(&sa, 0, sizeof(sa));
sa.sin_family = AF_INET;
sa.sin_addr.s_addr = htonl(INADDR_ANY);
sa.sin_port = htons(12345);
int ret = bind(sd, (struct sockaddr*)&sa, sizeof(sa));
if (ret < 0)
perror("sctp bind error");
listen(sd, 3);
int client_sd = accept(sd, NULL, NULL);
if (client_sd < 0)
perror("sctp accept error");
const char* response = "hi there";
char buffer[80];
int got = (int)recv(client_sd, buffer, sizeof(buffer), 0);
if (got > 0) {
buffer[got] = 0;
printf("client said: %s\n", buffer);
}
send(client_sd, response, strlen(response), 0);
close(sd);
return 0;
}

65
examples/server/server.c
View File

@@ -55,6 +55,10 @@
#include "examples/server/server.h"
#ifdef WOLFSSL_ASYNC_CRYPT
static int devId = INVALID_DEVID;
#endif
/* Note on using port 0: if the server uses port 0 to bind an ephemeral port
* number and is using the ready file for scripted testing, the code in
* test.h will write the actual port number into the ready file for use
@@ -215,6 +219,10 @@ static void Usage(void)
printf("-t Track wolfSSL memory use\n");
printf("-u Use UDP DTLS,"
" add -v 2 for DTLSv1, -v 3 for DTLSv1.2 (default)\n");
#ifdef WOLFSSL_SCTP
printf("-G Use SCTP DTLS,"
" add -v 2 for DTLSv1, -v 3 for DTLSv1.2 (default)\n");
#endif
printf("-f Fewer packets/group messages\n");
printf("-r Allow one client Resumption\n");
printf("-N Use Non-blocking sockets\n");
@@ -271,6 +279,8 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
int usePskPlus = 0;
int useAnon = 0;
int doDTLS = 0;
int dtlsUDP = 0;
int dtlsSCTP = 0;
int needDH = 0;
int useNtruKey = 0;
int nonBlocking = 0;
@@ -366,7 +376,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
useAnyAddr = 1;
#else
while ((ch = mygetopt(argc, argv,
"?jdbstnNufrawPIR:p:v:l:A:c:k:Z:S:oO:D:L:ieB:E:q:")) != -1) {
"?jdbstnNuGfrawPIR:p:v:l:A:c:k:Z:S:oO:D:L:ieB:E:q:")) != -1) {
switch (ch) {
case '?' :
Usage();
@@ -400,6 +410,14 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
case 'u' :
doDTLS = 1;
dtlsUDP = 1;
break;
case 'G' :
#ifdef WOLFSSL_SCTP
doDTLS = 1;
dtlsSCTP = 1;
#endif
break;
case 'f' :
@@ -559,6 +577,11 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
myoptind = 0; /* reset for test cases */
#endif /* !WOLFSSL_VXWORKS */
/* Can only use DTLS over UDP or SCTP, can't do both. */
if (dtlsUDP && dtlsSCTP) {
err_sys("Cannot use DTLS with both UDP and SCTP.");
}
/* sort out DTLS versus TLS versions */
if (version == CLIENT_INVALID_VERSION) {
if (doDTLS)
@@ -655,7 +678,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
err_sys("unable to load static memory and create ctx");
#else
ctx = SSL_CTX_new(method(NULL));
#endif
#endif /* WOLFSSL_STATIC_MEMORY */
if (ctx == NULL)
err_sys("unable to get ctx");
@@ -685,6 +708,11 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
if (fewerPackets)
CyaSSL_CTX_set_group_messages(ctx);
#ifdef WOLFSSL_SCTP
if (dtlsSCTP)
wolfSSL_CTX_dtls_set_sctp(ctx);
#endif
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif
@@ -806,16 +834,24 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
}
#endif /* USE_WINDOWS_API */
#ifdef WOLFSSL_ASYNC_CRYPT
ret = wolfAsync_DevOpen(&devId);
if (ret != 0) {
err_sys("Async device open failed");
}
wolfSSL_CTX_UseAsync(ctx, devId);
#endif /* WOLFSSL_ASYNC_CRYPT */
while (1) {
/* allow resume option */
if(resumeCount > 1) {
if (doDTLS == 0) {
if (dtlsUDP == 0) {
SOCKADDR_IN_T client;
socklen_t client_len = sizeof(client);
clientfd = accept(sockfd, (struct sockaddr*)&client,
(ACCEPT_THIRD_T)&client_len);
} else {
tcp_listen(&sockfd, &port, useAnyAddr, doDTLS);
tcp_listen(&sockfd, &port, useAnyAddr, dtlsUDP, dtlsSCTP);
clientfd = sockfd;
}
if(WOLFSSL_SOCKET_IS_INVALID(clientfd)) {
@@ -896,7 +932,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
readySignal->srfName = serverReadyFile;
}
tcp_accept(&sockfd, &clientfd, (func_args*)args, port, useAnyAddr,
doDTLS, serverReadyFile ? 1 : 0, doListen);
dtlsUDP, dtlsSCTP, serverReadyFile ? 1 : 0, doListen);
doListen = 0; /* Don't listen next time */
if (SSL_set_fd(ssl, clientfd) != SSL_SUCCESS) {
@@ -911,7 +947,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
#endif
#ifdef WOLFSSL_DTLS
if (doDTLS) {
if (doDTLS && dtlsUDP) {
SOCKADDR_IN_T cliaddr;
byte b[1500];
int n;
@@ -947,7 +983,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
do {
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = AsyncCryptPoll(ssl);
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) { break; } else if (ret == 0) { continue; }
}
#endif
@@ -1027,7 +1063,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
Task_yield();
#endif
if (doDTLS == 0) {
if (dtlsUDP == 0) {
ret = SSL_shutdown(ssl);
if (wc_shutdown && ret == SSL_SHUTDOWN_NOT_DONE)
SSL_shutdown(ssl); /* bidirectional shutdown */
@@ -1088,6 +1124,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
TicketCleanup();
#endif
#ifdef WOLFSSL_ASYNC_CRYPT
wolfAsync_DevClose(&devId);
#endif
/* There are use cases when these assignments are not read. To avoid
* potential confusion those warnings have been handled here.
*/
@@ -1112,11 +1152,6 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
func_args args;
tcp_ready ready;
#ifdef HAVE_CAVIUM
int ret = OpenNitroxDevice(CAVIUM_DIRECT, CAVIUM_DEV_ID);
if (ret != 0)
err_sys("Cavium OpenNitroxDevice failed");
#endif /* HAVE_CAVIUM */
StartTCP();
@@ -1139,10 +1174,6 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
CyaSSL_Cleanup();
FreeTcpReady(&ready);
#ifdef HAVE_CAVIUM
CspShutdown(CAVIUM_DEV_ID);
#endif
#ifdef HAVE_WNR
if (wc_FreeNetRandom() < 0)
err_sys("Failed to free netRandom context");

36
gencertbuf.pl
View File

@@ -15,6 +15,20 @@ use warnings;
# output C header file to write cert/key buffers to
my $outputFile = "./wolfssl/certs_test.h";
# ecc keys and certs to be converted
# Used with HAVE_ECC && USE_CERT_BUFFERS_256
my @fileList_ecc = (
[ "./certs/ecc-client-key.der", "ecc_clikey_der_256" ],
[ "./certs/ecc-client-keyPub.der", "ecc_clikeypub_der_256" ],
[ "./certs/client-ecc-cert.der", "cliecc_cert_der_256" ],
[ "./certs/ecc-key.der", "ecc_key_der_256" ],
[ "./certs/ecc-keyPub.der", "ecc_key_pub_der_256" ],
[ "./certs/server-ecc-comp.der", "serv_ecc_comp_der_256" ],
[ "./certs/server-ecc-rsa.der", "serv_ecc_rsa_der_256" ],
[ "./certs/server-ecc.der", "serv_ecc_der_256" ]
);
# 1024-bit certs/keys to be converted
# Used with USE_CERT_BUFFERS_1024 define.
@@ -25,6 +39,7 @@ my @fileList_1024 = (
[ "./certs/1024/dh1024.der", "dh_key_der_1024" ],
[ "./certs/1024/dsa1024.der", "dsa_key_der_1024" ],
[ "./certs/1024/rsa1024.der", "rsa_key_der_1024" ],
[ "./certs/1024/ca-key.der", "ca_key_der_1024"],
[ "./certs/1024/ca-cert.der", "ca_cert_der_1024" ],
[ "./certs/1024/server-key.der", "server_key_der_1024" ],
[ "./certs/1024/server-cert.der", "server_cert_der_1024" ]
@@ -47,6 +62,7 @@ my @fileList_2048 = (
# ----------------------------------------------------------------------------
my $num_ecc = @fileList_ecc;
my $num_1024 = @fileList_1024;
my $num_2048 = @fileList_2048;
@@ -57,6 +73,7 @@ print OUT_FILE "/* certs_test.h */\n\n";
print OUT_FILE "#ifndef WOLFSSL_CERTS_TEST_H\n";
print OUT_FILE "#define WOLFSSL_CERTS_TEST_H\n\n";
# convert and print 1024-bit cert/keys
print OUT_FILE "#ifdef USE_CERT_BUFFERS_1024\n\n";
for (my $i = 0; $i < $num_1024; $i++) {
@@ -88,7 +105,26 @@ for (my $i = 0; $i < $num_2048; $i++) {
print OUT_FILE "static const int sizeof_$sname = sizeof($sname);\n\n";
}
print OUT_FILE "#endif /* USE_CERT_BUFFERS_2048 */\n\n";
# convert and print 256-bit cert/keys
print OUT_FILE "#if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)\n\n";
for (my $i = 0; $i < $num_ecc; $i++) {
my $fname = $fileList_ecc[$i][0];
my $sname = $fileList_ecc[$i][1];
print OUT_FILE "/* $fname, ECC */\n";
print OUT_FILE "static const unsigned char $sname\[] =\n";
print OUT_FILE "{\n";
file_to_hex($fname);
print OUT_FILE "};\n";
print OUT_FILE "static const int sizeof_$sname = sizeof($sname);\n\n";
}
print OUT_FILE "#endif /* HAVE_ECC && USE_CERT_BUFFERS_256 */\n\n";
print OUT_FILE "/* dh1024 p */
static const unsigned char dh_p[] =
{

7
m4/ax_vcs_checkout.m4
View File

@@ -45,7 +45,10 @@
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#serial 6
#serial 6.1
#
# Added tweak for git. The base repo's .git is a directory. Any worktree's
# .git is a file. Use -e to check for either dir or file.
AC_DEFUN([AX_VCS_SYSTEM],
[AC_PREREQ([2.63])dnl
@@ -54,7 +57,7 @@ AC_DEFUN([AX_VCS_SYSTEM],
AS_IF([test -d ".bzr"],[ac_cv_vcs_system="bazaar"])
AS_IF([test -d ".svn"],[ac_cv_vcs_system="svn"])
AS_IF([test -d ".hg"],[ac_cv_vcs_system="mercurial"])
AS_IF([test -d ".git"],[ac_cv_vcs_system="git"])
AS_IF([test -e ".git"],[ac_cv_vcs_system="git"])
])
AC_DEFINE_UNQUOTED([VCS_SYSTEM],["$ac_cv_vcs_system"],[VCS system])
])

1
mcapi/crypto.c
View File

@@ -223,6 +223,7 @@ int CRYPT_SHA512_Finalize(CRYPT_SHA512_CTX* sha512, unsigned char* digest)
int CRYPT_HMAC_SetKey(CRYPT_HMAC_CTX* hmac, int type, const unsigned char* key,
unsigned int sz)
{
/* compile-time check to verify CRYPT_HMAC_CTX is large enough to hold Hmac */
typedef char hmac_test[sizeof(CRYPT_HMAC_CTX) >= sizeof(Hmac) ? 1 : -1];
(void)sizeof(hmac_test);

2
mcapi/crypto.h
View File

@@ -104,7 +104,7 @@ enum {
/* HMAC */
typedef struct CRYPT_HMAC_CTX {
long long holder[67]; /* big enough to hold internal, but check on init */
long long holder[68]; /* big enough to hold internal, but check on init */
} CRYPT_HMAC_CTX;
int CRYPT_HMAC_SetKey(CRYPT_HMAC_CTX*, int, const unsigned char*, unsigned int);

11
rpm/spec.in
View File

@@ -65,11 +65,15 @@ mkdir -p $RPM_BUILD_ROOT/
%{_docdir}/wolfssl/example/server.c
%{_docdir}/wolfssl/example/echoclient.c
%{_docdir}/wolfssl/example/client.c
%{_docdir}/wolfssl/example/sctp-client.c
%{_docdir}/wolfssl/example/sctp-server.c
%{_docdir}/wolfssl/example/sctp-client-dtls.c
%{_docdir}/wolfssl/example/sctp-server-dtls.c
%{_docdir}/wolfssl/README.txt
%{_libdir}/libwolfssl.la
%{_libdir}/libwolfssl.so
%{_libdir}/libwolfssl.so.3
%{_libdir}/libwolfssl.so.3.4.0
%{_libdir}/libwolfssl.so.3.5.0
%files devel
%defattr(-,root,root,-)
@@ -200,6 +204,7 @@ mkdir -p $RPM_BUILD_ROOT/
%{_includedir}/wolfssl/wolfcrypt/md2.h
%{_includedir}/wolfssl/wolfcrypt/md4.h
%{_includedir}/wolfssl/wolfcrypt/md5.h
%{_includedir}/wolfssl/wolfcrypt/mem_track.h
%{_includedir}/wolfssl/wolfcrypt/memory.h
%{_includedir}/wolfssl/wolfcrypt/misc.h
%{_includedir}/wolfssl/wolfcrypt/mpi_class.h
@@ -222,7 +227,7 @@ mkdir -p $RPM_BUILD_ROOT/
%{_includedir}/wolfssl/wolfcrypt/types.h
%{_includedir}/wolfssl/wolfcrypt/visibility.h
%{_includedir}/wolfssl/wolfcrypt/wc_encrypt.h
%{_includedir}/wolfssl/wolfcrypt/mem_track.h
%{_includedir}/wolfssl/wolfcrypt/wolfevent.h
%{_includedir}/wolfssl/error-ssl.h
%{_includedir}/wolfssl/ocsp.h
%{_includedir}/wolfssl/openssl/asn1.h
@@ -269,6 +274,8 @@ mkdir -p $RPM_BUILD_ROOT/
%{_libdir}/pkgconfig/wolfssl.pc
%changelog
* Fri Sep 23 2016 John Safranek <john@wolfssl.com>
- Add the dtls-sctp example sources
* Mon Jun 14 2016 Jacob Barthelmeh <jacob@wolfssl.com>
- Change location for mem_track.h header
- Added header for cmac.h

4
scripts/ocsp-stapling.test
View File

@@ -25,14 +25,14 @@ sleep 1
# client test against our own server - GOOD CERT
./examples/server/server -c certs/ocsp/server1-cert.pem -k certs/ocsp/server1-key.pem &
sleep 1
./examples/client/client -X -C -A certs/ocsp/root-ca-cert.pem -W 1
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1
# client test against our own server - REVOKED CERT
./examples/server/server -c certs/ocsp/server2-cert.pem -k certs/ocsp/server2-key.pem &
sleep 1
./examples/client/client -X -C -A certs/ocsp/root-ca-cert.pem -W 1
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1
RESULT=$?
[ $RESULT -ne 1 ] && echo -e "\n\nClient connection suceeded $RESULT" && exit 1

12
scripts/ocsp-stapling2.test
View File

@@ -16,39 +16,39 @@ sleep 1
# client test against our own server - GOOD CERTS
./examples/server/server -c certs/ocsp/server3-cert.pem -k certs/ocsp/server3-key.pem &
sleep 1
./examples/client/client -X -C -A certs/ocsp/root-ca-cert.pem -W 1
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1
./examples/server/server -c certs/ocsp/server3-cert.pem -k certs/ocsp/server3-key.pem &
sleep 1
./examples/client/client -X -C -A certs/ocsp/root-ca-cert.pem -W 2
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1
# client test against our own server - REVOKED SERVER CERT
./examples/server/server -c certs/ocsp/server4-cert.pem -k certs/ocsp/server4-key.pem &
sleep 1
./examples/client/client -X -C -A certs/ocsp/root-ca-cert.pem -W 1
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1
RESULT=$?
[ $RESULT -ne 1 ] && echo -e "\n\nClient connection suceeded $RESULT" && exit 1
./examples/server/server -c certs/ocsp/server4-cert.pem -k certs/ocsp/server4-key.pem &
sleep 1
./examples/client/client -X -C -A certs/ocsp/root-ca-cert.pem -W 2
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2
RESULT=$?
[ $RESULT -ne 1 ] && echo -e "\n\nClient connection suceeded $RESULT" && exit 1
# client test against our own server - REVOKED INTERMEDIATE CERT
./examples/server/server -c certs/ocsp/server5-cert.pem -k certs/ocsp/server5-key.pem &
sleep 1
./examples/client/client -X -C -A certs/ocsp/root-ca-cert.pem -W 1
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed $RESULT" && exit 1
./examples/server/server -c certs/ocsp/server5-cert.pem -k certs/ocsp/server5-key.pem &
sleep 1
./examples/client/client -X -C -A certs/ocsp/root-ca-cert.pem -W 2
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2
RESULT=$?
[ $RESULT -ne 1 ] && echo -e "\n\nClient connection suceeded $RESULT" && exit 1

2
scripts/openssl.test
View File

@@ -82,7 +82,7 @@ found_free_port=0
while [ "$counter" -lt 20 ]; do
echo -e "\nTrying to start openssl server on port $openssl_port...\n"
openssl s_server -accept $openssl_port -cert ./certs/server-cert.pem -key ./certs/server-key.pem -quiet -CAfile ./certs/client-cert.pem -www -dhparam ./certs/dh2048.pem -dcert ./certs/server-ecc.pem -dkey ./certs/ecc-key.pem -verify 10 -verify_return_error -cipher "ALL:eNULL" &
openssl s_server -accept $openssl_port -cert ./certs/server-cert.pem -key ./certs/server-key.pem -quiet -CAfile ./certs/client-ca.pem -www -dhparam ./certs/dh2048.pem -dcert ./certs/server-ecc.pem -dkey ./certs/ecc-key.pem -verify 10 -verify_return_error -cipher "ALL:eNULL" &
server_pid=$!
# wait to see if s_server successfully starts before continuing
sleep 0.1

108
scripts/resume.test
View File

@@ -4,6 +4,8 @@
# need a unique resume port since may run the same time as testsuite
# use server port zero hack to get one
resume_string="reused"
ems_string="Extended\ Master\ Secret"
resume_port=0
no_pid=-1
server_pid=$no_pid
@@ -40,50 +42,74 @@ do_trap() {
exit -1
}
do_test() {
echo -e "\nStarting example server for resume test...\n"
remove_ready_file
./examples/server/server -r -R $ready_file -p $resume_port &
server_pid=$!
while [ ! -s $ready_file -a "$counter" -lt 20 ]; do
echo -e "waiting for ready file..."
sleep 0.1
counter=$((counter+ 1))
done
if test -e $ready_file; then
echo -e "found ready file, starting client..."
else
echo -e "NO ready file ending test..."
do_cleanup
exit 1
fi
# get created port 0 ephemeral port
resume_port=`cat $ready_file`
capture_out=$(./examples/client/client $1 -r -p $resume_port 2>&1)
client_result=$?
if [ $client_result != 0 ]
then
echo -e "client failed!"
do_cleanup
exit 1
fi
wait $server_pid
server_result=$?
remove_ready_file
if [ $server_result != 0 ]
then
echo -e "client failed!"
exit 1
fi
case "$capture_out" in
*$resume_string*)
echo "resumed session" ;;
*)
echo "did NOT resume session as expected"
exit 1
;;
esac
}
trap do_trap INT TERM
echo -e "\nStarting example server for resume test...\n"
do_test
remove_ready_file
./examples/server/server -r -R $ready_file -p $resume_port &
server_pid=$!
while [ ! -s $ready_file -a "$counter" -lt 20 ]; do
echo -e "waiting for ready file..."
sleep 0.1
counter=$((counter+ 1))
done
if test -e $ready_file; then
echo -e "found ready file, starting client..."
else
echo -e "NO ready file ending test..."
do_cleanup
exit 1
fi
# get created port 0 ephemeral port
resume_port=`cat $ready_file`
./examples/client/client -r -p $resume_port
client_result=$?
if [ $client_result != 0 ]
then
echo -e "client failed!"
do_cleanup
exit 1
fi
wait $server_pid
server_result=$?
remove_ready_file
if [ $server_result != 0 ]
then
echo -e "client failed!"
exit 1
fi
# Check the client for the extended master secret disable option. If
# present we need to run the test twice.
options_check=`./examples/client/client -?`
case "$options_check" in
*$ems_string*)
echo -e "\nRepeating resume test without extended master secret..."
do_test -n ;;
*)
;;
esac
echo -e "\nSuccess!\n"

23
src/include.am
View File

@@ -62,9 +62,22 @@ endif
src_libwolfssl_la_SOURCES += \
wolfcrypt/src/hmac.c \
wolfcrypt/src/random.c \
wolfcrypt/src/sha256.c \
wolfcrypt/src/hash.c
if BUILD_ARMASM
src_libwolfssl_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha256.c
else
src_libwolfssl_la_SOURCES += wolfcrypt/src/sha256.c
endif
if BUILD_WOLFEVENT
src_libwolfssl_la_SOURCES += wolfcrypt/src/wolfevent.c
endif
if BUILD_ASYNCCRYPT
src_libwolfssl_la_SOURCES += wolfcrypt/src/async.c
endif
if !BUILD_USER_RSA
if BUILD_RSA
if BUILD_FAST_RSA
@@ -76,8 +89,12 @@ endif
endif
if BUILD_AES
if BUILD_ARMASM
src_libwolfssl_la_SOURCES += wolfcrypt/src/port/arm/armv8-aes.c
else
src_libwolfssl_la_SOURCES += wolfcrypt/src/aes.c
endif
endif
if BUILD_CMAC
src_libwolfssl_la_SOURCES += wolfcrypt/src/cmac.c
@@ -254,8 +271,4 @@ if BUILD_SNIFFER
src_libwolfssl_la_SOURCES += src/sniffer.c
endif
if BUILD_ASYNCCRYPT
src_libwolfssl_la_SOURCES += src/async.c
endif
endif # !BUILD_CRYPTONLY

5965
src/internal.c
View File

File diff suppressed because it is too large Load Diff

4
src/io.c
View File

@@ -1015,7 +1015,7 @@ static int process_http_response(int sfd, byte** respBuf,
XMEMCPY(recvBuf, start, len);
/* receive the OCSP response data */
do {
while (len < recvBufSz) {
result = (int)recv(sfd, (char*)recvBuf+len, recvBufSz-len, 0);
if (result > 0)
len += result;
@@ -1023,7 +1023,7 @@ static int process_http_response(int sfd, byte** respBuf,
WOLFSSL_MSG("process_http_response recv ocsp from peer failed");
return -1;
}
} while (len != recvBufSz);
}
*respBuf = recvBuf;
return recvBufSz;

52
src/keys.c
View File

@@ -2070,18 +2070,18 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
dec->arc4 = (Arc4*)XMALLOC(sizeof(Arc4), heap, DYNAMIC_TYPE_CIPHER);
if (dec && dec->arc4 == NULL)
return MEMORY_E;
#ifdef HAVE_CAVIUM
if (devId != NO_CAVIUM_DEVICE) {
#ifdef WOLFSSL_ASYNC_CRYPT
if (devId != INVALID_DEVID) {
if (enc) {
if (wc_Arc4InitCavium(enc->arc4, devId) != 0) {
WOLFSSL_MSG("Arc4InitCavium failed in SetKeys");
return CAVIUM_INIT_E;
if (wc_Arc4AsyncInit(enc->arc4, devId) != 0) {
WOLFSSL_MSG("Arc4AsyncInit failed in SetKeys");
return ASYNC_INIT_E;
}
}
if (dec) {
if (wc_Arc4InitCavium(dec->arc4, devId) != 0) {
WOLFSSL_MSG("Arc4InitCavium failed in SetKeys");
return CAVIUM_INIT_E;
if (wc_Arc4AsyncInit(dec->arc4, devId) != 0) {
WOLFSSL_MSG("Arc4AsyncInit failed in SetKeys");
return ASYNC_INIT_E;
}
}
}
@@ -2282,18 +2282,18 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
dec->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER);
if (dec && dec->des3 == NULL)
return MEMORY_E;
#ifdef HAVE_CAVIUM
if (devId != NO_CAVIUM_DEVICE) {
#ifdef WOLFSSL_ASYNC_CRYPT
if (devId != INVALID_DEVID) {
if (enc) {
if (wc_Des3_InitCavium(enc->des3, devId) != 0) {
WOLFSSL_MSG("Des3_InitCavium failed in SetKeys");
return CAVIUM_INIT_E;
if (wc_Des3AsyncInit(enc->des3, devId) != 0) {
WOLFSSL_MSG("Des3AsyncInit failed in SetKeys");
return ASYNC_INIT_E;
}
}
if (dec) {
if (wc_Des3_InitCavium(dec->des3, devId) != 0) {
WOLFSSL_MSG("Des3_InitCavium failed in SetKeys");
return CAVIUM_INIT_E;
if (wc_Des3AsyncInit(dec->des3, devId) != 0) {
WOLFSSL_MSG("Des3AsyncInit failed in SetKeys");
return ASYNC_INIT_E;
}
}
}
@@ -2346,18 +2346,18 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
if (dec && dec->aes == NULL)
return MEMORY_E;
#ifdef HAVE_CAVIUM
if (devId != NO_CAVIUM_DEVICE) {
#ifdef WOLFSSL_ASYNC_CRYPT
if (devId != INVALID_DEVID) {
if (enc) {
if (wc_AesInitCavium(enc->aes, devId) != 0) {
WOLFSSL_MSG("AesInitCavium failed in SetKeys");
return CAVIUM_INIT_E;
if (wc_AesAsyncInit(enc->aes, devId) != 0) {
WOLFSSL_MSG("AesAsyncInit failed in SetKeys");
return ASYNC_INIT_E;
}
}
if (dec) {
if (wc_AesInitCavium(dec->aes, devId) != 0) {
WOLFSSL_MSG("AesInitCavium failed in SetKeys");
return CAVIUM_INIT_E;
if (wc_AesAsyncInit(dec->aes, devId) != 0) {
WOLFSSL_MSG("AesAsyncInit failed in SetKeys");
return ASYNC_INIT_E;
}
}
}
@@ -2675,14 +2675,14 @@ static int SetAuthKeys(OneTimeAuth* authentication, Keys* keys,
*/
int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side)
{
int devId = NO_CAVIUM_DEVICE, ret, copy = 0;
int devId = INVALID_DEVID, ret, copy = 0;
Ciphers* wc_encrypt = NULL;
Ciphers* wc_decrypt = NULL;
Keys* keys = &ssl->keys;
(void)copy;
#ifdef HAVE_CAVIUM
#ifdef WOLFSSL_ASYNC_CRYPT
devId = ssl->devId;
#endif

255
src/sniffer.c
View File

@@ -90,6 +90,7 @@ enum {
EXT_TYPE_SZ = 2, /* Extension length */
MAX_INPUT_SZ = MAX_RECORD_SIZE + COMP_EXTRA + MAX_MSG_EXTRA +
MTU_EXTRA, /* Max input sz of reassembly */
EXT_MASTER_SECRET = 0x17, /* Extended Master Secret Extension ID */
TICKET_EXT_ID = 0x23 /* Session Ticket Extension ID */
};
@@ -253,7 +254,8 @@ static const char* const msgTable[] =
"Clear ACK Fault",
/* 81 */
"Bad Decrypt Size"
"Bad Decrypt Size",
"Extended Master Secret Hash Error"
};
@@ -329,6 +331,9 @@ typedef struct Flags {
byte srvAckFault; /* server acked unseen data from client */
byte cliSkipPartial; /* client skips partial data to catch up */
byte srvSkipPartial; /* server skips partial data to catch up */
#ifdef HAVE_EXTENDED_MASTER
byte expectEms; /* expect extended master secret */
#endif
} Flags;
@@ -341,6 +346,24 @@ typedef struct FinCaputre {
} FinCaputre;
typedef struct HsHashes {
#ifndef NO_OLD_TLS
#ifndef NO_SHA
Sha hashSha;
#endif
#ifndef NO_MD5
Md5 hashMd5;
#endif
#endif
#ifndef NO_SHA256
Sha256 hashSha256;
#endif
#ifdef WOLFSSL_SHA384
Sha384 hashSha384;
#endif
} HsHashes;
/* Sniffer Session holds info for each client/server SSL/TLS session */
typedef struct SnifferSession {
SnifferServer* context; /* server context */
@@ -363,6 +386,9 @@ typedef struct SnifferSession {
word32 srvReassemblyMemory; /* server packet memory used */
struct SnifferSession* next; /* for hash table list */
byte* ticketID; /* mac ID of session ticket */
#ifdef HAVE_EXTENDED_MASTER
HsHashes* hash;
#endif
} SnifferSession;
@@ -483,6 +509,9 @@ static void FreeSnifferSession(SnifferSession* session)
FreePacketList(session->srvReassemblyList);
free(session->ticketID);
#ifdef HAVE_EXTENDED_MASTER
free(session->hash);
#endif
}
free(session);
}
@@ -533,6 +562,91 @@ void ssl_FreeSniffer(void)
}
#ifdef HAVE_EXTENDED_MASTER
static int HashInit(HsHashes* hash)
{
int ret = 0;
XMEMSET(hash, 0, sizeof(HsHashes));
#ifndef NO_OLD_TLS
#ifndef NO_SHA
if (ret == 0)
ret = wc_InitSha(&hash->hashSha);
#endif
#ifndef NO_MD5
if (ret == 0)
wc_InitMd5(&hash->hashMd5);
#endif
#endif
#ifndef NO_SHA256
if (ret == 0)
ret = wc_InitSha256(&hash->hashSha256);
#endif
#ifdef WOLFSSL_SHA384
if (ret == 0)
ret = wc_InitSha384(&hash->hashSha384);
#endif
return ret;
}
static int HashUpdate(HsHashes* hash, const byte* input, int sz)
{
int ret = 0;
input -= HANDSHAKE_HEADER_SZ;
sz += HANDSHAKE_HEADER_SZ;
#ifndef NO_OLD_TLS
#ifndef NO_SHA
if (ret == 0)
ret = wc_ShaUpdate(&hash->hashSha, input, sz);
#endif
#ifndef NO_MD5
if (ret == 0)
wc_Md5Update(&hash->hashMd5, input, sz);
#endif
#endif
#ifndef NO_SHA256
if (ret == 0)
ret = wc_Sha256Update(&hash->hashSha256, input, sz);
#endif
#ifdef WOLFSSL_SHA384
if (ret == 0)
ret = wc_Sha384Update(&hash->hashSha384, input, sz);
#endif
return ret;
}
static int HashCopy(HS_Hashes* d, HsHashes* s)
{
#ifndef NO_OLD_TLS
#ifndef NO_SHA
XMEMCPY(&d->hashSha, &s->hashSha, sizeof(Sha));
#endif
#ifndef NO_MD5
XMEMCPY(&d->hashMd5, &s->hashMd5, sizeof(Md5));
#endif
#endif
#ifndef NO_SHA256
XMEMCPY(&d->hashSha256, &s->hashSha256, sizeof(Sha256));
#endif
#ifdef WOLFSSL_SHA384
XMEMCPY(&d->hashSha384, &s->hashSha384, sizeof(Sha384));
#endif
return 0;
}
#endif
/* Initialize a SnifferServer */
static void InitSnifferServer(SnifferServer* sniffer)
{
@@ -563,6 +677,9 @@ static void InitFlags(Flags* flags)
flags->srvAckFault = 0;
flags->cliSkipPartial = 0;
flags->srvSkipPartial = 0;
#ifdef HAVE_EXTENDED_MASTER
flags->expectEms = 0;
#endif
}
@@ -600,6 +717,9 @@ static void InitSession(SnifferSession* session)
InitFlags(&session->flags);
InitFinCapture(&session->finCaputre);
#ifdef HAVE_EXTENDED_MASTER
session->hash = 0;
#endif
}
@@ -1483,13 +1603,17 @@ static int ProcessSessionTicket(const byte* input, int* sslBytes,
/* Process Server Hello */
static int ProcessServerHello(const byte* input, int* sslBytes,
static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes,
SnifferSession* session, char* error)
{
ProtocolVersion pv;
byte b;
int toRead = VERSION_SZ + RAN_LEN + ENUM_LEN;
int doResume = 0;
int initialBytes = *sslBytes;
(void)msgSz;
(void)initialBytes;
/* make sure we didn't miss ClientHello */
if (session->flags.clientHello == 0) {
@@ -1548,6 +1672,62 @@ static int ProcessServerHello(const byte* input, int* sslBytes,
return -1;
}
#ifdef HAVE_EXTENDED_MASTER
/* extensions */
if ((initialBytes - *sslBytes) < msgSz) {
word16 len;
/* skip extensions until extended master secret */
/* make sure can read len */
if (SUITE_LEN > *sslBytes) {
SetError(SERVER_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
return -1;
}
len = (word16)((input[0] << 8) | input[1]);
input += SUITE_LEN;
*sslBytes -= SUITE_LEN;
/* make sure can read through all extensions */
if (len > *sslBytes) {
SetError(SERVER_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
return -1;
}
while (len >= EXT_TYPE_SZ + LENGTH_SZ) {
byte extType[EXT_TYPE_SZ];
word16 extLen;
extType[0] = input[0];
extType[1] = input[1];
input += EXT_TYPE_SZ;
*sslBytes -= EXT_TYPE_SZ;
extLen = (word16)((input[0] << 8) | input[1]);
input += LENGTH_SZ;
*sslBytes -= LENGTH_SZ;
/* make sure can read through individual extension */
if (extLen > *sslBytes) {
SetError(SERVER_HELLO_INPUT_STR, error, session,
FATAL_ERROR_STATE);
return -1;
}
if (extType[0] == 0x00 && extType[1] == EXT_MASTER_SECRET) {
session->flags.expectEms = 1;
}
input += extLen;
*sslBytes -= extLen;
len -= extLen + EXT_TYPE_SZ + LENGTH_SZ;
}
}
if (!session->flags.expectEms) {
free(session->hash);
session->hash = NULL;
}
#endif
if (session->sslServer->options.haveSessionId &&
XMEMCMP(session->sslServer->arrays->sessionID,
session->sslClient->arrays->sessionID, ID_LEN) == 0)
@@ -1758,7 +1938,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
return -1;
}
while (len > EXT_TYPE_SZ + LENGTH_SZ) {
while (len >= EXT_TYPE_SZ + LENGTH_SZ) {
byte extType[EXT_TYPE_SZ];
word16 extLen;
@@ -1883,6 +2063,16 @@ static int DoHandShake(const byte* input, int* sslBytes,
return -1;
}
#ifdef HAVE_EXTENDED_MASTER
if (session->hash) {
if (HashUpdate(session->hash, input, size) != 0) {
SetError(EXTENDED_MASTER_HASH_STR, error,
session, FATAL_ERROR_STATE);
return -1;
}
}
#endif
switch (type) {
case hello_verify_request:
Trace(GOT_HELLO_VERIFY_STR);
@@ -1896,7 +2086,7 @@ static int DoHandShake(const byte* input, int* sslBytes,
break;
case server_hello:
Trace(GOT_SERVER_HELLO_STR);
ret = ProcessServerHello(input, sslBytes, session, error);
ret = ProcessServerHello(size, input, sslBytes, session, error);
break;
case certificate_request:
Trace(GOT_CERT_REQ_STR);
@@ -1923,7 +2113,32 @@ static int DoHandShake(const byte* input, int* sslBytes,
break;
case client_key_exchange:
Trace(GOT_CLIENT_KEY_EX_STR);
ret = ProcessClientKeyExchange(input, sslBytes, session, error);
#ifdef HAVE_EXTENDED_MASTER
if (session->flags.expectEms && session->hash != NULL) {
if (HashCopy(session->sslServer->hsHashes,
session->hash) == 0 &&
HashCopy(session->sslClient->hsHashes,
session->hash) == 0) {
session->sslServer->options.haveEMS = 1;
session->sslClient->options.haveEMS = 1;
}
else {
SetError(EXTENDED_MASTER_HASH_STR, error,
session, FATAL_ERROR_STATE);
ret = -1;
}
XMEMSET(session->hash, 0, sizeof(HsHashes));
free(session->hash);
session->hash = NULL;
}
else {
session->sslServer->options.haveEMS = 0;
session->sslClient->options.haveEMS = 0;
}
#endif
if (ret == 0)
ret = ProcessClientKeyExchange(input, sslBytes, session, error);
break;
case certificate_verify:
Trace(GOT_CERT_VER_STR);
@@ -1947,6 +2162,10 @@ static int Decrypt(SSL* ssl, byte* output, const byte* input, word32 sz)
{
int ret = 0;
(void)output;
(void)input;
(void)sz;
switch (ssl->specs.bulk_cipher_algorithm) {
#ifdef BUILD_ARC4
case wolfssl_rc4:
@@ -2135,6 +2354,22 @@ static SnifferSession* CreateSession(IpInfo* ipInfo, TcpInfo* tcpInfo,
return 0;
}
InitSession(session);
#ifdef HAVE_EXTENDED_MASTER
{
HsHashes* newHash = (HsHashes*)malloc(sizeof(HsHashes));
if (newHash == NULL) {
SetError(MEMORY_STR, error, NULL, 0);
free(session);
return 0;
}
if (HashInit(newHash) != 0) {
SetError(EXTENDED_MASTER_HASH_STR, error, NULL, 0);
free(session);
return 0;
}
session->hash = newHash;
}
#endif
session->server = ipInfo->dst;
session->client = ipInfo->src;
session->srvPort = (word16)tcpInfo->dstPort;
@@ -2687,14 +2922,20 @@ static int FindNextRecordInAssembly(SnifferSession* session,
return 0;
}
else if (ssl->specs.cipher_type == block) {
if (ssl->specs.bulk_cipher_algorithm == wolfssl_aes)
if (ssl->specs.bulk_cipher_algorithm == wolfssl_aes) {
#ifdef BUILD_AES
wc_AesSetIV(ssl->decrypt.aes,
curr->data + curr->end - curr->begin
- ssl->specs.block_size + 1);
else if (ssl->specs.bulk_cipher_algorithm == wolfssl_triple_des)
#endif
}
else if (ssl->specs.bulk_cipher_algorithm == wolfssl_triple_des) {
#ifdef BUILD_DES3
wc_Des3_SetIV(ssl->decrypt.des3,
curr->data + curr->end - curr->begin
- ssl->specs.block_size + 1);
#endif
}
}
Trace(DROPPING_LOST_FRAG_STR);

482
src/ssl.c
View File

@@ -354,6 +354,39 @@ void wolfSSL_CTX_free(WOLFSSL_CTX* ctx)
}
#ifdef SINGLE_THREADED
/* no locking in single threaded mode, allow a CTX level rng to be shared with
* WOLFSSL objects, SSL_SUCCESS on ok */
int wolfSSL_CTX_new_rng(WOLFSSL_CTX* ctx)
{
WC_RNG* rng;
int ret;
if (ctx == NULL) {
return BAD_FUNC_ARG;
}
rng = XMALLOC(sizeof(WC_RNG), ctx->heap, DYNAMIC_TYPE_RNG);
if (rng == NULL) {
return MEMORY_E;
}
#ifndef HAVE_FIPS
ret = wc_InitRng_ex(rng, ctx->heap);
#else
ret = wc_InitRng(rng);
#endif
if (ret != 0) {
XFREE(rng, ctx->heap, DYNAMIC_TYPE_RNG);
return ret;
}
ctx->rng = rng;
return SSL_SUCCESS;
}
#endif
WOLFSSL* wolfSSL_new(WOLFSSL_CTX* ctx)
{
WOLFSSL* ssl = NULL;
@@ -547,6 +580,61 @@ int wolfSSL_dtls_get_peer(WOLFSSL* ssl, void* peer, unsigned int* peerSz)
return SSL_NOT_IMPLEMENTED;
#endif
}
#if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS)
int wolfSSL_CTX_dtls_set_sctp(WOLFSSL_CTX* ctx)
{
WOLFSSL_ENTER("wolfSSL_CTX_dtls_set_sctp()");
if (ctx == NULL)
return BAD_FUNC_ARG;
ctx->dtlsSctp = 1;
return SSL_SUCCESS;
}
int wolfSSL_dtls_set_sctp(WOLFSSL* ssl)
{
WOLFSSL_ENTER("wolfSSL_dtls_set_sctp()");
if (ssl == NULL)
return BAD_FUNC_ARG;
ssl->options.dtlsSctp = 1;
return SSL_SUCCESS;
}
int wolfSSL_CTX_dtls_set_mtu(WOLFSSL_CTX* ctx, word16 newMtu)
{
if (ctx == NULL || newMtu > MAX_RECORD_SIZE)
return BAD_FUNC_ARG;
ctx->dtlsMtuSz = newMtu;
return SSL_SUCCESS;
}
int wolfSSL_dtls_set_mtu(WOLFSSL* ssl, word16 newMtu)
{
if (ssl == NULL)
return BAD_FUNC_ARG;
if (newMtu > MAX_RECORD_SIZE) {
ssl->error = BAD_FUNC_ARG;
return SSL_FAILURE;
}
ssl->dtlsMtuSz = newMtu;
return SSL_SUCCESS;
}
#endif /* WOLFSSL_DTLS && WOLFSSL_SCTP */
#endif /* WOLFSSL_LEANPSK */
@@ -638,32 +726,10 @@ int wolfSSL_GetObjectSize(void)
return sizeof(WOLFSSL);
}
#endif
#ifdef WOLFSSL_STATIC_MEMORY
int wolfSSL_init_memory_heap(WOLFSSL_HEAP* heap)
{
word32 wc_MemSz[WOLFMEM_DEF_BUCKETS] = { WOLFMEM_BUCKETS };
word32 wc_Dist[WOLFMEM_DEF_BUCKETS] = { WOLFMEM_DIST };
if (heap == NULL) {
return BAD_FUNC_ARG;
}
XMEMSET(heap, 0, sizeof(WOLFSSL_HEAP));
XMEMCPY(heap->sizeList, wc_MemSz, sizeof(wc_MemSz));
XMEMCPY(heap->distList, wc_Dist, sizeof(wc_Dist));
if (InitMutex(&(heap->memory_mutex)) != 0) {
WOLFSSL_MSG("Error creating heap memory mutex");
return BAD_MUTEX_E;
}
return SSL_SUCCESS;
}
int wolfSSL_CTX_load_static_memory(WOLFSSL_CTX** ctx, wolfSSL_method_func method,
unsigned char* buf, unsigned int sz,
int flag, int max)
@@ -680,34 +746,23 @@ int wolfSSL_CTX_load_static_memory(WOLFSSL_CTX** ctx, wolfSSL_method_func method
return BAD_FUNC_ARG;
}
if (*ctx == NULL) {
if (*ctx == NULL || (*ctx)->heap == NULL) {
if (sizeof(WOLFSSL_HEAP) + sizeof(WOLFSSL_HEAP_HINT) > sz - idx) {
return BUFFER_E; /* not enough memory for structures */
}
heap = (WOLFSSL_HEAP*)buf;
idx += sizeof(WOLFSSL_HEAP);
if (wolfSSL_init_memory_heap(heap) != SSL_SUCCESS) {
if (wolfSSL_init_memory_heap(heap) != 0) {
return SSL_FAILURE;
}
hint = (WOLFSSL_HEAP_HINT*)(buf + idx);
idx += sizeof(WOLFSSL_HEAP_HINT);
XMEMSET(hint, 0, sizeof(WOLFSSL_HEAP_HINT));
hint->memory = heap;
}
else if ((*ctx)->heap == NULL) {
if (sizeof(WOLFSSL_HEAP) + sizeof(WOLFSSL_HEAP_HINT) > sz - idx) {
return BUFFER_E; /* not enough memory for structures */
if (*ctx && (*ctx)->heap == NULL) {
(*ctx)->heap = (void*)hint;
}
heap = (WOLFSSL_HEAP*)buf;
idx += sizeof(WOLFSSL_HEAP);
if (wolfSSL_init_memory_heap(heap) != SSL_SUCCESS) {
return SSL_FAILURE;
}
hint = (WOLFSSL_HEAP_HINT*)(buf + idx);
idx += sizeof(WOLFSSL_HEAP_HINT);
XMEMSET(hint, 0, sizeof(WOLFSSL_HEAP_HINT));
hint->memory = heap;
(*ctx)->heap = (void*)hint;
}
else {
#ifdef WOLFSSL_HEAP_TEST
@@ -767,7 +822,7 @@ int wolfSSL_is_static_memory(WOLFSSL* ssl, WOLFSSL_MEM_CONN_STATS* mem_stats)
}
}
return (ssl->heap)? 1 : 0;
return (ssl->heap) ? 1 : 0;
}
@@ -786,7 +841,7 @@ int wolfSSL_CTX_is_static_memory(WOLFSSL_CTX* ctx, WOLFSSL_MEM_STATS* mem_stats)
}
}
return (ctx->heap)? 1 : 0;
return (ctx->heap) ? 1 : 0;
}
#endif /* WOLFSSL_STATIC_MEMORY */
@@ -1053,17 +1108,22 @@ static int wolfSSL_read_internal(WOLFSSL* ssl, void* data, int sz, int peek)
#ifdef HAVE_ERRNO_H
errno = 0;
#endif
#ifdef WOLFSSL_DTLS
if (ssl->options.dtls)
if (ssl->options.dtls) {
ssl->dtls_expected_rx = max(sz + 100, MAX_MTU);
#ifdef WOLFSSL_SCTP
if (ssl->options.dtlsSctp)
ssl->dtls_expected_rx = max(ssl->dtls_expected_rx, ssl->dtlsMtuSz);
#endif
}
#endif
sz = min(sz, OUTPUT_RECORD_SIZE);
#ifdef HAVE_MAX_FRAGMENT
ret = ReceiveData(ssl, (byte*)data,
min(sz, min(ssl->max_fragment, OUTPUT_RECORD_SIZE)),peek);
#else
ret = ReceiveData(ssl, (byte*)data, min(sz, OUTPUT_RECORD_SIZE), peek);
sz = min(sz, ssl->max_fragment);
#endif
ret = ReceiveData(ssl, (byte*)data, sz, peek);
WOLFSSL_LEAVE("wolfSSL_read_internal()", ret);
@@ -1090,10 +1150,10 @@ int wolfSSL_read(WOLFSSL* ssl, void* data, int sz)
}
#ifdef HAVE_CAVIUM
#ifdef WOLFSSL_ASYNC_CRYPT
/* let's use cavium, SSL_SUCCESS on ok */
int wolfSSL_UseCavium(WOLFSSL* ssl, int devId)
/* let's use async hardware, SSL_SUCCESS on ok */
int wolfSSL_UseAsync(WOLFSSL* ssl, int devId)
{
if (ssl == NULL)
return BAD_FUNC_ARG;
@@ -1104,8 +1164,8 @@ int wolfSSL_UseCavium(WOLFSSL* ssl, int devId)
}
/* let's use cavium, SSL_SUCCESS on ok */
int wolfSSL_CTX_UseCavium(WOLFSSL_CTX* ctx, int devId)
/* let's use async hardware, SSL_SUCCESS on ok */
int wolfSSL_CTX_UseAsync(WOLFSSL_CTX* ctx, int devId)
{
if (ctx == NULL)
return BAD_FUNC_ARG;
@@ -1115,8 +1175,7 @@ int wolfSSL_CTX_UseCavium(WOLFSSL_CTX* ctx, int devId)
return SSL_SUCCESS;
}
#endif /* HAVE_CAVIUM */
#endif /* WOLFSSL_ASYNC_CRYPT */
#ifdef HAVE_SNI
@@ -1723,6 +1782,35 @@ WOLFSSL_API int wolfSSL_set_SessionTicket_cb(WOLFSSL* ssl,
}
#endif
#ifdef HAVE_EXTENDED_MASTER
#ifndef NO_WOLFSSL_CLIENT
int wolfSSL_CTX_DisableExtendedMasterSecret(WOLFSSL_CTX* ctx)
{
if (ctx == NULL)
return BAD_FUNC_ARG;
ctx->haveEMS = 0;
return SSL_SUCCESS;
}
int wolfSSL_DisableExtendedMasterSecret(WOLFSSL* ssl)
{
if (ssl == NULL)
return BAD_FUNC_ARG;
ssl->options.haveEMS = 0;
return SSL_SUCCESS;
}
#endif
#endif
#ifndef WOLFSSL_LEANPSK
int wolfSSL_send(WOLFSSL* ssl, const void* data, int sz, int flags)
@@ -2353,6 +2441,7 @@ int wolfSSL_CertPemToDer(const unsigned char* pem, int pemSz,
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
#ifndef NO_AES
static const char *EVP_AES_128_CBC = "AES-128-CBC";
static const char *EVP_AES_192_CBC = "AES-192-CBC";
static const char *EVP_AES_256_CBC = "AES-256-CBC";
@@ -2362,6 +2451,7 @@ static const char *EVP_AES_256_CBC = "AES-256-CBC";
static const char *EVP_AES_256_CTR = "AES-256-CTR";
#endif
static const int EVP_AES_SIZE = 11;
#endif
#ifndef NO_DES3
static const char *EVP_DES_CBC = "DES-CBC";
@@ -3100,6 +3190,8 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
signer->pubKeySize = cert->pubKeySize;
signer->nameLen = cert->subjectCNLen;
signer->name = cert->subjectCN;
signer->pathLength = cert->pathLength;
signer->pathLengthSet = cert->pathLengthSet;
#ifndef IGNORE_NAME_CONSTRAINTS
signer->permittedNames = cert->permittedNames;
signer->excludedNames = cert->excludedNames;
@@ -3276,6 +3368,9 @@ static int wolfssl_decrypt_buffer_key(DerBuffer* der, byte* password,
byte key[AES_256_KEY_SIZE];
#endif
(void)passwordSz;
(void)key;
WOLFSSL_ENTER("wolfssl_decrypt_buffer_key");
if (der == NULL || password == NULL || info == NULL) {
@@ -3307,8 +3402,7 @@ static int wolfssl_decrypt_buffer_key(DerBuffer* der, byte* password,
#endif
return SSL_FATAL_ERROR;
}
#else
(void) passwordSz;
#endif /* NO_MD5 */
#ifndef NO_DES3
@@ -3357,6 +3451,10 @@ static int wolfssl_encrypt_buffer_key(byte* der, word32 derSz, byte* password,
byte key[AES_256_KEY_SIZE];
#endif
(void)derSz;
(void)passwordSz;
(void)key;
WOLFSSL_ENTER("wolfssl_encrypt_buffer_key");
if (der == NULL || password == NULL || info == NULL || info->ivSz == 0) {
@@ -3382,27 +3480,29 @@ static int wolfssl_encrypt_buffer_key(byte* der, word32 derSz, byte* password,
#endif
return SSL_FATAL_ERROR;
}
#else
(void) passwordSz;
#endif /* NO_MD5 */
if (ret > 0) {
ret = SSL_BAD_FILE; /* Reset error return */
#ifndef NO_DES3
if (XSTRNCMP(info->name, EVP_DES_CBC, EVP_DES_SIZE) == 0)
ret = wc_Des_CbcEncryptWithKey(der, der, derSz, key, info->iv);
else if (XSTRNCMP(info->name, EVP_DES_EDE3_CBC, EVP_DES_EDE3_SIZE) == 0)
ret = wc_Des3_CbcEncryptWithKey(der, der, derSz, key, info->iv);
if (XSTRNCMP(info->name, EVP_DES_CBC, EVP_DES_SIZE) == 0)
ret = wc_Des_CbcEncryptWithKey(der, der, derSz, key, info->iv);
else if (XSTRNCMP(info->name, EVP_DES_EDE3_CBC, EVP_DES_EDE3_SIZE) == 0)
ret = wc_Des3_CbcEncryptWithKey(der, der, derSz, key, info->iv);
#endif /* NO_DES3 */
#ifndef NO_AES
if (XSTRNCMP(info->name, EVP_AES_128_CBC, EVP_AES_SIZE) == 0)
ret = wc_AesCbcEncryptWithKey(der, der, derSz,
key, AES_128_KEY_SIZE, info->iv);
else if (XSTRNCMP(info->name, EVP_AES_192_CBC, EVP_AES_SIZE) == 0)
ret = wc_AesCbcEncryptWithKey(der, der, derSz,
key, AES_192_KEY_SIZE, info->iv);
else if (XSTRNCMP(info->name, EVP_AES_256_CBC, EVP_AES_SIZE) == 0)
ret = wc_AesCbcEncryptWithKey(der, der, derSz,
key, AES_256_KEY_SIZE, info->iv);
if (XSTRNCMP(info->name, EVP_AES_128_CBC, EVP_AES_SIZE) == 0)
ret = wc_AesCbcEncryptWithKey(der, der, derSz,
key, AES_128_KEY_SIZE, info->iv);
else if (XSTRNCMP(info->name, EVP_AES_192_CBC, EVP_AES_SIZE) == 0)
ret = wc_AesCbcEncryptWithKey(der, der, derSz,
key, AES_192_KEY_SIZE, info->iv);
else if (XSTRNCMP(info->name, EVP_AES_256_CBC, EVP_AES_SIZE) == 0)
ret = wc_AesCbcEncryptWithKey(der, der, derSz,
key, AES_256_KEY_SIZE, info->iv);
#endif /* NO_AES */
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -4544,7 +4644,7 @@ int wolfSSL_CertManagerCheckOCSP(WOLFSSL_CERT_MANAGER* cm, byte* der, int sz)
InitDecodedCert(cert, der, sz, NULL);
if ((ret = ParseCertRelative(cert, CERT_TYPE, NO_VERIFY, cm)) != 0) {
if ((ret = ParseCertRelative(cert, CERT_TYPE, VERIFY_OCSP, cm)) != 0) {
WOLFSSL_MSG("ParseCert failed");
}
else if ((ret = CheckCertOCSP(cm->ocsp, cert, NULL)) != 0) {
@@ -5020,7 +5120,7 @@ int wolfSSL_CertManagerCheckCRL(WOLFSSL_CERT_MANAGER* cm, byte* der, int sz)
InitDecodedCert(cert, der, sz, NULL);
if ((ret = ParseCertRelative(cert, CERT_TYPE, NO_VERIFY, cm)) != 0) {
if ((ret = ParseCertRelative(cert, CERT_TYPE, VERIFY_CRL, cm)) != 0) {
WOLFSSL_MSG("ParseCert failed");
}
else if ((ret = CheckCertCRL(cm->crl, cert)) != 0) {
@@ -6787,6 +6887,21 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
}
#endif
/* If SCTP is not enabled returns the state of the dtls option.
* If SCTP is enabled returns dtls && !sctp. */
static INLINE int IsDtlsNotSctpMode(WOLFSSL* ssl)
{
int result = ssl->options.dtls;
if (result) {
#ifdef WOLFSSL_SCTP
result = !ssl->options.dtlsSctp;
#endif
}
return result;
}
/* please see note at top of README if you get an error from connect */
int wolfSSL_connect(WOLFSSL* ssl)
{
@@ -6856,7 +6971,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
/* In DTLS, when resuming, we can go straight to FINISHED,
* or do a cookie exchange and then skip to FINISHED, assume
* we need the cookie exchange first. */
if (ssl->options.dtls)
if (IsDtlsNotSctpMode(ssl))
neededState = SERVER_HELLOVERIFYREQUEST_COMPLETE;
#endif
/* get response */
@@ -6868,7 +6983,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
/* if resumption failed, reset needed state */
else if (neededState == SERVER_FINISHED_COMPLETE)
if (!ssl->options.resuming) {
if (!ssl->options.dtls)
if (!IsDtlsNotSctpMode(ssl))
neededState = SERVER_HELLODONE_COMPLETE;
else
neededState = SERVER_HELLOVERIFYREQUEST_COMPLETE;
@@ -6883,7 +6998,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
return SSL_SUCCESS;
#ifdef WOLFSSL_DTLS
if (ssl->options.dtls) {
if (IsDtlsNotSctpMode(ssl)) {
/* re-init hashes, exclude first hello and verify request */
#ifndef NO_OLD_TLS
wc_InitMd5(&ssl->hsHashes->hashMd5);
@@ -6928,7 +7043,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
case HELLO_AGAIN_REPLY :
#ifdef WOLFSSL_DTLS
if (ssl->options.dtls) {
if (IsDtlsNotSctpMode(ssl)) {
neededState = ssl->options.resuming ?
SERVER_FINISHED_COMPLETE : SERVER_HELLODONE_COMPLETE;
@@ -7635,7 +7750,7 @@ WOLFSSL_SESSION* GetSession(WOLFSSL* ssl, byte* masterSecret,
}
int GetDeepCopySession(WOLFSSL* ssl, WOLFSSL_SESSION* copyFrom)
static int GetDeepCopySession(WOLFSSL* ssl, WOLFSSL_SESSION* copyFrom)
{
WOLFSSL_SESSION* copyInto = &ssl->session;
void* tmpBuff = NULL;
@@ -7733,16 +7848,18 @@ int SetSession(WOLFSSL* ssl, WOLFSSL_SESSION* session)
return SSL_FAILURE;
if (LowResTimer() < (session->bornOn + session->timeout)) {
GetDeepCopySession(ssl, session);
ssl->options.resuming = 1;
int ret = GetDeepCopySession(ssl, session);
if (ret == SSL_SUCCESS) {
ssl->options.resuming = 1;
#ifdef SESSION_CERTS
ssl->version = session->version;
ssl->options.cipherSuite0 = session->cipherSuite0;
ssl->options.cipherSuite = session->cipherSuite;
ssl->version = session->version;
ssl->options.cipherSuite0 = session->cipherSuite0;
ssl->options.cipherSuite = session->cipherSuite;
#endif
}
return SSL_SUCCESS;
return ret;
}
return SSL_FAILURE; /* session timed out */
}
@@ -7804,6 +7921,7 @@ int AddSession(WOLFSSL* ssl)
XMEMCPY(SessionCache[row].Sessions[idx].masterSecret,
ssl->arrays->masterSecret, SECRET_LEN);
SessionCache[row].Sessions[idx].haveEMS = ssl->options.haveEMS;
XMEMCPY(SessionCache[row].Sessions[idx].sessionID, ssl->arrays->sessionID,
ID_LEN);
SessionCache[row].Sessions[idx].sessionIDSz = ssl->arrays->sessionIDSz;
@@ -8290,7 +8408,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
if (hsCb) {
ssl->hsInfoOn = 1;
InitHandShakeInfo(&ssl->handShakeInfo);
InitHandShakeInfo(&ssl->handShakeInfo, ssl);
}
if (toCb) {
ssl->toInfoOn = 1;
@@ -8378,7 +8496,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
ssl->toInfoOn = 0;
}
if (hsCb) {
FinishHandShakeInfo(&ssl->handShakeInfo, ssl);
FinishHandShakeInfo(&ssl->handShakeInfo);
(hsCb)(&ssl->handShakeInfo);
ssl->hsInfoOn = 0;
}
@@ -9324,6 +9442,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
return 0;
#endif
(void)type;
WOLFSSL_ENTER("wolfSSL_EVP_BytesToKey");
wc_InitMd5(md5);
@@ -9342,6 +9462,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
}
else
#endif /* NO_DES3 */
#ifndef NO_AES
if (XSTRNCMP(type, EVP_AES_128_CBC, EVP_AES_SIZE) == 0) {
keyLen = AES_128_KEY_SIZE;
ivLen = AES_IV_SIZE;
@@ -9354,7 +9475,9 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
keyLen = AES_256_KEY_SIZE;
ivLen = AES_IV_SIZE;
}
else {
else
#endif /* NO_AES */
{
#ifdef WOLFSSL_SMALL_STACK
XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
@@ -9652,6 +9775,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
/* do nothing */
}
#ifndef NO_AES
const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cbc(void)
{
WOLFSSL_ENTER("wolfSSL_EVP_aes_128_cbc");
@@ -9693,6 +9818,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
return EVP_AES_256_CTR;
}
#endif /* NO_AES */
#ifndef NO_DES3
const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_cbc(void)
@@ -9771,6 +9897,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
{
int ret = -1; /* failure local, during function 0 means success
because internal functions work that way */
(void)key;
(void)iv;
(void)enc;
@@ -11345,9 +11472,6 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format)
XFILE file;
WOLFSSL_X509* x509 = NULL;
DerBuffer* der = NULL;
WOLFSSL_ENTER("wolfSSL_X509_load_certificate");
/* Check the inputs */
if ((fname == NULL) ||
@@ -11385,6 +11509,26 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format)
XFCLOSE(file);
x509 = wolfSSL_X509_load_certificate_buffer(fileBuffer, (int)sz, format);
if (dynamic)
XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE);
return x509;
}
#endif /* NO_FILESYSTEM */
WOLFSSL_X509* wolfSSL_X509_load_certificate_buffer(
const unsigned char* buf, int sz, int format)
{
int ret;
WOLFSSL_X509* x509 = NULL;
DerBuffer* der = NULL;
WOLFSSL_ENTER("wolfSSL_X509_load_certificate_ex");
if (format == SSL_FILETYPE_PEM) {
int ecc = 0;
#ifdef WOLFSSL_SMALL_STACK
@@ -11397,9 +11541,6 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format)
info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
if (info == NULL) {
if (dynamic)
XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE);
return NULL;
}
#endif
@@ -11408,7 +11549,7 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format)
info->ctx = NULL;
info->consumed = 0;
if (PemToDer(fileBuffer, sz, CERT_TYPE, &der, NULL, info, &ecc) != 0) {
if (PemToDer(buf, sz, CERT_TYPE, &der, NULL, info, &ecc) != 0) {
FreeDer(&der);
}
@@ -11419,13 +11560,10 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format)
else {
ret = AllocDer(&der, (word32)sz, CERT_TYPE, NULL);
if (ret == 0) {
XMEMCPY(der->buffer, fileBuffer, sz);
XMEMCPY(der->buffer, buf, sz);
}
}
if (dynamic)
XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE);
/* At this point we want `der` to have the certificate in DER format */
/* ready to be decoded. */
if (der != NULL && der->buffer != NULL) {
@@ -11466,8 +11604,6 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format)
return x509;
}
#endif /* NO_FILESYSTEM */
#endif /* KEEP_PEER_CERT || SESSION_CERTS */
/* OPENSSL_EXTRA is needed for wolfSSL_X509_d21 function
@@ -17869,12 +18005,18 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
return NULL;
}
#ifdef HAVE_ECC
const char * wolf_OBJ_nid2sn(int n) {
(void)n;
int i;
WOLFSSL_ENTER("wolf_OBJ_nid2sn");
WOLFSSL_STUB("wolf_OBJ_nid2sn");
return 0;
/* find based on NID and return name */
for (i = 0; i < ecc_sets[i].size; i++) {
if (n == ecc_sets[i].id) {
return ecc_sets[i].name;
}
}
return NULL;
}
int wolf_OBJ_obj2nid(const WOLFSSL_ASN1_OBJECT *o) {
@@ -17886,12 +18028,18 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
}
int wolf_OBJ_sn2nid(const char *sn) {
(void)sn;
int i;
WOLFSSL_ENTER("wolf_OBJ_osn2nid");
WOLFSSL_STUB("wolf_OBJ_osn2nid");
return 0;
/* find based on name and return NID */
for (i = 0; i < ecc_sets[i].size; i++) {
if (XSTRNCMP(sn, ecc_sets[i].name, ECC_MAXNAME) == 0) {
return ecc_sets[i].id;
}
}
return -1;
}
#endif /* HAVE_ECC */
WOLFSSL_X509 *PEM_read_bio_WOLFSSL_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u) {
@@ -18993,118 +19141,38 @@ void* wolfSSL_get_jobject(WOLFSSL* ssl)
#endif /* WOLFSSL_JNI */
#ifdef HAVE_WOLF_EVENT
static int _wolfSSL_CTX_poll(WOLFSSL_CTX* ctx, WOLFSSL* ssl, WOLF_EVENT* events,
int maxEvents, unsigned char flags, int* eventCount)
#ifdef WOLFSSL_ASYNC_CRYPT
int wolfSSL_CTX_AsyncPoll(WOLFSSL_CTX* ctx, WOLF_EVENT** events, int maxEvents,
WOLF_EVENT_FLAG flags, int* eventCount)
{
WOLF_EVENT* event, *event_prev = NULL;
int count = 0, ret = SSL_ERROR_NONE;
if (ctx == NULL || maxEvents <= 0) {
if (ctx == NULL) {
return BAD_FUNC_ARG;
}
/* Events arg can be NULL only if peek */
if (events == NULL && !(flags & WOLF_POLL_FLAG_PEEK)) {
return wolfAsync_EventQueuePoll(&ctx->event_queue, NULL,
events, maxEvents, flags, eventCount);
}
int wolfSSL_AsyncPoll(WOLFSSL* ssl, WOLF_EVENT_FLAG flags)
{
int ret, eventCount = 0;
WOLF_EVENT* events[1];
if (ssl == NULL) {
return BAD_FUNC_ARG;
}
#ifndef SINGLE_THREADED
/* In single threaded mode "event_queue.lock" doesn't exist */
if (LockMutex(&ctx->event_queue.lock) != 0) {
return BAD_MUTEX_E;
}
#endif
/* Itterate event queue */
for (event = ctx->event_queue.head; event != NULL; event = event->next)
{
byte removeEvent = 0;
/* Optionally filter by ssl object pointer */
if (ssl == NULL || (ssl == event->ssl)) {
if (flags & WOLF_POLL_FLAG_PEEK) {
if (events) {
/* Copy event data to provided buffer */
XMEMCPY(&events[count], event, sizeof(WOLF_EVENT));
}
count++;
}
else {
/* Check hardware */
if (flags & WOLF_POLL_FLAG_CHECK_HW) {
#ifdef WOLFSSL_ASYNC_CRYPT
if (event->type >= WOLF_EVENT_TYPE_ASYNC_FIRST &&
event->type <= WOLF_EVENT_TYPE_ASYNC_LAST)
{
ret = wolfSSL_async_poll(event, flags);
}
#endif /* WOLFSSL_ASYNC_CRYPT */
}
/* If event is done then return in 'events' argument */
if (event->done) {
/* Copy event data to provided buffer */
XMEMCPY(&events[count], event, sizeof(WOLF_EVENT));
count++;
removeEvent = 1;
}
}
}
if (removeEvent) {
/* Remove from queue list */
if (event_prev == NULL) {
ctx->event_queue.head = event->next;
if (ctx->event_queue.head == NULL) {
ctx->event_queue.tail = NULL;
}
}
else {
event_prev->next = event->next;
}
}
else {
/* Leave in queue, save prev pointer */
event_prev = event;
}
/* Check to make sure our event list isn't full */
if (events && count >= maxEvents) {
break; /* Exit for */
}
/* Check for error */
if (ret < 0) {
break; /* Exit for */
}
}
#ifndef SINGLE_THREADED
UnLockMutex(&ctx->event_queue.lock);
#endif
/* Return number of properly populated events */
if (eventCount) {
*eventCount = count;
/* not filtering on "ssl", since its the asyncDev */
ret = wolfAsync_EventQueuePoll(&ssl->ctx->event_queue, NULL,
events, sizeof(events)/sizeof(events), flags, &eventCount);
if (ret == 0 && eventCount > 0) {
ret = 1; /* Success */
}
return ret;
}
#endif /* WOLFSSL_ASYNC_CRYPT */
int wolfSSL_CTX_poll(WOLFSSL_CTX* ctx, WOLF_EVENT* events,
int maxEvents, unsigned char flags, int* eventCount)
{
return _wolfSSL_CTX_poll(ctx, NULL, events, maxEvents, flags, eventCount);
}
int wolfSSL_poll(WOLFSSL* ssl, WOLF_EVENT* events,
int maxEvents, unsigned char flags, int* eventCount)
{
return _wolfSSL_CTX_poll(ssl->ctx, ssl, events, maxEvents, flags,
eventCount);
}
#endif /* HAVE_WOLF_EVENT */
#endif /* WOLFCRYPT_ONLY */

194
src/tls.c
View File

@@ -341,21 +341,23 @@ static int PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen,
#endif
int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
int BuildTlsHandshakeHash(WOLFSSL* ssl, byte* hash, word32* hashLen)
{
const byte* side;
byte handshake_hash[HSHASH_SZ];
word32 hashSz = FINISHED_SZ;
word32 hashSz = FINISHED_SZ;
if (ssl == NULL || hash == NULL || hashLen == NULL || *hashLen < HSHASH_SZ)
return BAD_FUNC_ARG;
#ifndef NO_OLD_TLS
wc_Md5GetHash(&ssl->hsHashes->hashMd5, handshake_hash);
wc_ShaGetHash(&ssl->hsHashes->hashSha, &handshake_hash[MD5_DIGEST_SIZE]);
wc_Md5GetHash(&ssl->hsHashes->hashMd5, hash);
wc_ShaGetHash(&ssl->hsHashes->hashSha, &hash[MD5_DIGEST_SIZE]);
#endif
if (IsAtLeastTLSv1_2(ssl)) {
#ifndef NO_SHA256
if (ssl->specs.mac_algorithm <= sha256_mac || ssl->specs.mac_algorithm == blake2b_mac) {
int ret = wc_Sha256GetHash(&ssl->hsHashes->hashSha256,handshake_hash);
if (ssl->specs.mac_algorithm <= sha256_mac ||
ssl->specs.mac_algorithm == blake2b_mac) {
int ret = wc_Sha256GetHash(&ssl->hsHashes->hashSha256, hash);
if (ret != 0)
return ret;
@@ -365,7 +367,7 @@ int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
#endif
#ifdef WOLFSSL_SHA384
if (ssl->specs.mac_algorithm == sha384_mac) {
int ret = wc_Sha384Final(&ssl->hsHashes->hashSha384,handshake_hash);
int ret = wc_Sha384GetHash(&ssl->hsHashes->hashSha384, hash);
if (ret != 0)
return ret;
@@ -375,6 +377,23 @@ int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
#endif
}
*hashLen = hashSz;
return 0;
}
int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
{
int ret;
const byte* side;
byte handshake_hash[HSHASH_SZ];
word32 hashSz = HSHASH_SZ;
ret = BuildTlsHandshakeHash(ssl, handshake_hash, &hashSz);
if (ret < 0)
return ret;
if ( XSTRNCMP((const char*)sender, (const char*)client, SIZEOF_SENDER) == 0)
side = tls_client;
else
@@ -420,6 +439,10 @@ ProtocolVersion MakeTLSv1_2(void)
}
#ifdef HAVE_EXTENDED_MASTER
static const byte ext_master_label[EXT_MASTER_LABEL_SZ + 1] =
"extended master secret";
#endif
static const byte master_label[MASTER_LABEL_SZ + 1] = "master secret";
static const byte key_label [KEY_LABEL_SZ + 1] = "key expansion";
@@ -490,10 +513,41 @@ int wolfSSL_MakeTlsMasterSecret(byte* ms, word32 msLen,
}
#ifdef HAVE_EXTENDED_MASTER
/* External facing wrapper so user can call as well, 0 on success */
int wolfSSL_MakeTlsExtendedMasterSecret(byte* ms, word32 msLen,
const byte* pms, word32 pmsLen,
const byte* sHash, word32 sHashLen,
int tls1_2, int hash_type)
{
return PRF(ms, msLen, pms, pmsLen, ext_master_label, EXT_MASTER_LABEL_SZ,
sHash, sHashLen, tls1_2, hash_type);
}
#endif /* HAVE_EXTENDED_MASTER */
int MakeTlsMasterSecret(WOLFSSL* ssl)
{
int ret;
int ret;
#ifdef HAVE_EXTENDED_MASTER
byte handshake_hash[HSHASH_SZ];
word32 hashSz = HSHASH_SZ;
if (ssl->options.haveEMS) {
ret = BuildTlsHandshakeHash(ssl, handshake_hash, &hashSz);
if (ret < 0)
return ret;
ret = wolfSSL_MakeTlsExtendedMasterSecret(
ssl->arrays->masterSecret, SECRET_LEN,
ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz,
handshake_hash, hashSz,
IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
} else
#endif
ret = wolfSSL_MakeTlsMasterSecret(ssl->arrays->masterSecret, SECRET_LEN,
ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz,
ssl->arrays->clientRandom, ssl->arrays->serverRandom,
@@ -876,7 +930,8 @@ static ALPN* TLSX_ALPN_New(char *protocol_name, word16 protocol_nameSz,
alpn->negotiated = 0;
alpn->options = 0;
alpn->protocol_name = XMALLOC(protocol_nameSz + 1, heap, DYNAMIC_TYPE_TLSX);
alpn->protocol_name = (char*)XMALLOC(protocol_nameSz + 1,
heap, DYNAMIC_TYPE_TLSX);
if (alpn->protocol_name == NULL) {
WOLFSSL_MSG("Memory failure");
XFREE(alpn, heap, DYNAMIC_TYPE_TLSX);
@@ -1187,7 +1242,7 @@ int TLSX_ALPN_GetRequest(TLSX* extensions, void** data, word16 *dataSz)
}
*data = alpn->protocol_name;
*dataSz = (word16)XSTRLEN(*data);
*dataSz = (word16)XSTRLEN((char*)*data);
return SSL_SUCCESS;
}
@@ -1228,8 +1283,8 @@ static SNI* TLSX_SNI_New(byte type, const void* data, word16 size, void* heap)
switch (sni->type) {
case WOLFSSL_SNI_HOST_NAME:
sni->data.host_name = XMALLOC(size+1, heap, DYNAMIC_TYPE_TLSX);
sni->data.host_name = (char*)XMALLOC(size + 1, heap,
DYNAMIC_TYPE_TLSX);
if (sni->data.host_name) {
XSTRNCPY(sni->data.host_name, (const char*)data, size);
sni->data.host_name[size] = 0;
@@ -1344,7 +1399,7 @@ static SNI* TLSX_SNI_Find(SNI *list, byte type)
static void TLSX_SNI_SetStatus(TLSX* extensions, byte type, byte status)
{
TLSX* extension = TLSX_Find(extensions, TLSX_SERVER_NAME);
SNI* sni = TLSX_SNI_Find(extension ? extension->data : NULL, type);
SNI* sni = TLSX_SNI_Find(extension ? (SNI*)extension->data : NULL, type);
if (sni)
sni->status = status;
@@ -1354,7 +1409,7 @@ static void TLSX_SNI_SetStatus(TLSX* extensions, byte type, byte status)
byte TLSX_SNI_Status(TLSX* extensions, byte type)
{
TLSX* extension = TLSX_Find(extensions, TLSX_SERVER_NAME);
SNI* sni = TLSX_SNI_Find(extension ? extension->data : NULL, type);
SNI* sni = TLSX_SNI_Find(extension ? (SNI*)extension->data : NULL, type);
if (sni)
return sni->status;
@@ -1481,8 +1536,8 @@ static int TLSX_SNI_VerifyParse(WOLFSSL* ssl, byte isRequest)
#ifndef NO_WOLFSSL_SERVER
TLSX* ctx_ext = TLSX_Find(ssl->ctx->extensions, TLSX_SERVER_NAME);
TLSX* ssl_ext = TLSX_Find(ssl->extensions, TLSX_SERVER_NAME);
SNI* ctx_sni = ctx_ext ? ctx_ext->data : NULL;
SNI* ssl_sni = ssl_ext ? ssl_ext->data : NULL;
SNI* ctx_sni = ctx_ext ? (SNI*)ctx_ext->data : NULL;
SNI* ssl_sni = ssl_ext ? (SNI*)ssl_ext->data : NULL;
SNI* sni = NULL;
for (; ctx_sni; ctx_sni = ctx_sni->next) {
@@ -1566,13 +1621,13 @@ int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, word16 size,
word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type, void** data)
{
TLSX* extension = TLSX_Find(extensions, TLSX_SERVER_NAME);
SNI* sni = TLSX_SNI_Find(extension ? extension->data : NULL, type);
SNI* sni = TLSX_SNI_Find(extension ? (SNI*)extension->data : NULL, type);
if (sni && sni->status != WOLFSSL_SNI_NO_MATCH) {
switch (sni->type) {
case WOLFSSL_SNI_HOST_NAME:
*data = sni->data.host_name;
return XSTRLEN(*data);
return XSTRLEN((char*)*data);
}
}
@@ -1583,7 +1638,7 @@ word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type, void** data)
void TLSX_SNI_SetOptions(TLSX* extensions, byte type, byte options)
{
TLSX* extension = TLSX_Find(extensions, TLSX_SERVER_NAME);
SNI* sni = TLSX_SNI_Find(extension ? extension->data : NULL, type);
SNI* sni = TLSX_SNI_Find(extension ? (SNI*)extension->data : NULL, type);
if (sni)
sni->options = options;
@@ -1816,7 +1871,7 @@ int TLSX_UseMaxFragment(TLSX** extensions, byte mfl, void* heap)
if (mfl < WOLFSSL_MFL_2_9 || WOLFSSL_MFL_2_13 < mfl)
return BAD_FUNC_ARG;
if ((data = XMALLOC(ENUM_LEN, heap, DYNAMIC_TYPE_TLSX)) == NULL)
if ((data = (byte*)XMALLOC(ENUM_LEN, heap, DYNAMIC_TYPE_TLSX)) == NULL)
return MEMORY_E;
data[0] = mfl;
@@ -2777,7 +2832,10 @@ int TLSX_ValidateEllipticCurves(WOLFSSL* ssl, byte first, byte second) {
if (!extension)
return 1; /* no suite restriction */
for (curve = extension->data; curve && !(sig && key); curve = curve->next) {
for (curve = (EllipticCurve*)extension->data;
curve && !(sig && key);
curve = curve->next) {
/* find supported curve */
switch (curve->name) {
#if defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)
@@ -2841,7 +2899,6 @@ int TLSX_ValidateEllipticCurves(WOLFSSL* ssl, byte first, byte second) {
if (first == ECC_BYTE) {
switch (second) {
#ifndef NO_DSA
/* ECDHE_ECDSA */
case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
@@ -2857,6 +2914,7 @@ int TLSX_ValidateEllipticCurves(WOLFSSL* ssl, byte first, byte second) {
key |= ssl->eccTempKeySz == octets;
break;
#ifdef WOLFSSL_STATIC_DH
/* ECDH_ECDSA */
case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:
case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:
@@ -2869,7 +2927,7 @@ int TLSX_ValidateEllipticCurves(WOLFSSL* ssl, byte first, byte second) {
sig |= ssl->pkCurveOID == oid;
key |= ssl->pkCurveOID == oid;
break;
#endif
#endif /* WOLFSSL_STATIC_DH */
#ifndef NO_RSA
/* ECDHE_RSA */
case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
@@ -2884,6 +2942,7 @@ int TLSX_ValidateEllipticCurves(WOLFSSL* ssl, byte first, byte second) {
key |= ssl->eccTempKeySz == octets;
break;
#ifdef WOLFSSL_STATIC_DH
/* ECDH_RSA */
case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:
case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA:
@@ -2896,6 +2955,7 @@ int TLSX_ValidateEllipticCurves(WOLFSSL* ssl, byte first, byte second) {
sig = 1;
key |= ssl->pkCurveOID == oid;
break;
#endif /* WOLFSSL_STATIC_DH */
#endif
default:
sig = 1;
@@ -2907,14 +2967,12 @@ int TLSX_ValidateEllipticCurves(WOLFSSL* ssl, byte first, byte second) {
/* ChaCha20-Poly1305 ECC cipher suites */
if (first == CHACHA_BYTE) {
switch (second) {
#ifndef NO_DSA
/* ECDHE_ECDSA */
case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 :
case TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 :
sig |= ssl->pkCurveOID == oid;
key |= ssl->eccTempKeySz == octets;
break;
#endif
#ifndef NO_RSA
/* ECDHE_RSA */
case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 :
@@ -3175,6 +3233,8 @@ static int TLSX_SessionTicket_Parse(WOLFSSL* ssl, byte* input, word16 length,
{
int ret = 0;
(void) input; /* avoid unused parameter if NO_WOLFSSL_SERVER defined */
if (!isRequest) {
/* client side */
if (length != 0)
@@ -3926,7 +3986,7 @@ void TLSX_FreeAll(TLSX* list, void* heap)
break;
case TLSX_SUPPORTED_GROUPS:
EC_FREE_ALL(extension->data, heap);
EC_FREE_ALL((EllipticCurve*)extension->data, heap);
break;
case TLSX_STATUS_REQUEST:
@@ -3991,7 +4051,7 @@ static word16 TLSX_GetSize(TLSX* list, byte* semaphore, byte isRequest)
case TLSX_SERVER_NAME:
/* SNI only sends the name on the request. */
if (isRequest)
length += SNI_GET_SIZE(extension->data);
length += SNI_GET_SIZE((SNI*)extension->data);
break;
case TLSX_MAX_FRAGMENT_LENGTH:
@@ -4003,7 +4063,7 @@ static word16 TLSX_GetSize(TLSX* list, byte* semaphore, byte isRequest)
break;
case TLSX_SUPPORTED_GROUPS:
length += EC_GET_SIZE(extension->data);
length += EC_GET_SIZE((EllipticCurve*)extension->data);
break;
case TLSX_STATUS_REQUEST:
@@ -4027,7 +4087,7 @@ static word16 TLSX_GetSize(TLSX* list, byte* semaphore, byte isRequest)
break;
case TLSX_APPLICATION_LAYER_PROTOCOL:
length += ALPN_GET_SIZE(extension->data);
length += ALPN_GET_SIZE((ALPN*)extension->data);
break;
}
@@ -4068,11 +4128,11 @@ static word16 TLSX_Write(TLSX* list, byte* output, byte* semaphore,
switch (extension->type) {
case TLSX_SERVER_NAME:
if (isRequest)
offset += SNI_WRITE(extension->data, output + offset);
offset += SNI_WRITE((SNI*)extension->data, output + offset);
break;
case TLSX_MAX_FRAGMENT_LENGTH:
offset += MFL_WRITE(extension->data, output + offset);
offset += MFL_WRITE((byte*)extension->data, output + offset);
break;
case TLSX_TRUNCATED_HMAC:
@@ -4080,7 +4140,8 @@ static word16 TLSX_Write(TLSX* list, byte* output, byte* semaphore,
break;
case TLSX_SUPPORTED_GROUPS:
offset += EC_WRITE(extension->data, output + offset);
offset += EC_WRITE((EllipticCurve*)extension->data,
output + offset);
break;
case TLSX_STATUS_REQUEST:
@@ -4112,7 +4173,7 @@ static word16 TLSX_Write(TLSX* list, byte* output, byte* semaphore,
break;
case TLSX_APPLICATION_LAYER_PROTOCOL:
offset += ALPN_WRITE(extension->data, output + offset);
offset += ALPN_WRITE((ALPN*)extension->data, output + offset);
break;
}
@@ -4434,7 +4495,13 @@ word16 TLSX_GetRequestSize(WOLFSSL* ssl)
length += TLSX_GetSize(ssl->ctx->extensions, semaphore, 1);
if (IsAtLeastTLSv1_2(ssl) && ssl->suites->hashSigAlgoSz)
length += ssl->suites->hashSigAlgoSz + HELLO_EXT_LEN;
length += HELLO_EXT_SZ + HELLO_EXT_SIGALGO_SZ
+ ssl->suites->hashSigAlgoSz;
#ifdef HAVE_EXTENDED_MASTER
if (ssl->options.haveEMS)
length += HELLO_EXT_SZ;
#endif
}
if (length)
@@ -4465,15 +4532,15 @@ word16 TLSX_WriteRequest(WOLFSSL* ssl, byte* output)
offset += TLSX_Write(ssl->ctx->extensions, output + offset,
semaphore, 1);
if (IsAtLeastTLSv1_2(ssl) && ssl->suites->hashSigAlgoSz)
{
if (IsAtLeastTLSv1_2(ssl) && ssl->suites->hashSigAlgoSz) {
int i;
/* extension type */
c16toa(HELLO_EXT_SIG_ALGO, output + offset);
offset += HELLO_EXT_TYPE_SZ;
/* extension data length */
c16toa(OPAQUE16_LEN + ssl->suites->hashSigAlgoSz, output + offset);
c16toa(OPAQUE16_LEN + ssl->suites->hashSigAlgoSz,
output + offset);
offset += OPAQUE16_LEN;
/* sig algos length */
@@ -4485,6 +4552,15 @@ word16 TLSX_WriteRequest(WOLFSSL* ssl, byte* output)
output[offset] = ssl->suites->hashSigAlgo[i];
}
#ifdef HAVE_EXTENDED_MASTER
if (ssl->options.haveEMS) {
c16toa(HELLO_EXT_EXTMS, output + offset);
offset += HELLO_EXT_TYPE_SZ;
c16toa(0, output + offset);
offset += HELLO_EXT_SZ_SZ;
}
#endif
if (offset > OPAQUE16_LEN)
c16toa(offset - OPAQUE16_LEN, output); /* extensions length */
}
@@ -4511,13 +4587,18 @@ word16 TLSX_GetResponseSize(WOLFSSL* ssl)
}
#endif
#ifdef HAVE_EXTENDED_MASTER
if (ssl->options.haveEMS)
length += HELLO_EXT_SZ;
#endif
if (TLSX_SupportExtensions(ssl))
length += TLSX_GetSize(ssl->extensions, semaphore, 0);
/* All the response data is set at the ssl object only, so no ctx here. */
if (length)
length += OPAQUE16_LEN; /* for total length storage */
length += OPAQUE16_LEN; /* for total length storage. */
return length;
}
@@ -4534,6 +4615,15 @@ word16 TLSX_WriteResponse(WOLFSSL *ssl, byte* output)
offset += TLSX_Write(ssl->extensions, output + offset, semaphore, 0);
#ifdef HAVE_EXTENDED_MASTER
if (ssl->options.haveEMS) {
c16toa(HELLO_EXT_EXTMS, output + offset);
offset += HELLO_EXT_TYPE_SZ;
c16toa(0, output + offset);
offset += HELLO_EXT_SZ_SZ;
}
#endif
if (offset > OPAQUE16_LEN)
c16toa(offset - OPAQUE16_LEN, output); /* extensions length */
}
@@ -4549,6 +4639,9 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte isRequest,
{
int ret = 0;
word16 offset = 0;
#ifdef HAVE_EXTENDED_MASTER
byte pendingEMS = 0;
#endif
if (!ssl || !input || (isRequest && !suites))
return BAD_FUNC_ARG;
@@ -4606,6 +4699,18 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte isRequest,
ret = CSR2_PARSE(ssl, input + offset, size, isRequest);
break;
#ifdef HAVE_EXTENDED_MASTER
case HELLO_EXT_EXTMS:
WOLFSSL_MSG("Extended Master Secret extension received");
#ifndef NO_WOLFSSL_SERVER
if (isRequest)
ssl->options.haveEMS = 1;
#endif
pendingEMS = 1;
break;
#endif
case TLSX_RENEGOTIATION_INFO:
WOLFSSL_MSG("Secure Renegotiation extension received");
@@ -4655,6 +4760,11 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte isRequest,
offset += size;
}
#ifdef HAVE_EXTENDED_MASTER
if (!isRequest && ssl->options.haveEMS && !pendingEMS)
ssl->options.haveEMS = 0;
#endif
if (ret == 0)
ret = SNI_VERIFY_PARSE(ssl, isRequest);
@@ -4718,6 +4828,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte isRequest,
WOLFSSL_METHOD* method =
(WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
heap, DYNAMIC_TYPE_METHOD);
(void)heap;
if (method)
InitSSL_Method(method, MakeTLSv1_2());
return method;
@@ -4736,6 +4847,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte isRequest,
WOLFSSL_METHOD* method =
(WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
heap, DYNAMIC_TYPE_METHOD);
(void)heap;
if (method) {
#ifndef NO_SHA256 /* 1.2 requires SHA256 */
InitSSL_Method(method, MakeTLSv1_2());
@@ -4806,6 +4918,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte isRequest,
WOLFSSL_METHOD* method =
(WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
heap, DYNAMIC_TYPE_METHOD);
(void)heap;
if (method) {
InitSSL_Method(method, MakeTLSv1_2());
method->side = WOLFSSL_SERVER_END;
@@ -4826,6 +4939,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte isRequest,
WOLFSSL_METHOD* method =
(WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
heap, DYNAMIC_TYPE_METHOD);
(void)heap;
if (method) {
#ifndef NO_SHA256 /* 1.2 requires SHA256 */
InitSSL_Method(method, MakeTLSv1_2());

2
support/wolfssl.pc
View File

@@ -5,6 +5,6 @@ includedir=${prefix}/include
Name: wolfssl
Description: wolfssl C library.
Version: 3.9.8
Version: 3.9.10
Libs: -L${libdir} -lwolfssl
Cflags: -I${includedir}

351
tests/api.c
View File

@@ -29,6 +29,7 @@
#endif
#include <wolfssl/wolfcrypt/settings.h>
#if defined(WOLFSSL_STATIC_MEMORY)
#include <wolfssl/wolfcrypt/memory.h>
#endif /* WOLFSSL_STATIC_MEMORY */
@@ -101,6 +102,22 @@ static int test_wolfSSL_Cleanup(void)
return result;
}
/* Initialize the wolfCrypt state.
* POST: 0 success.
*/
static int test_wolfCrypt_Init(void)
{
int result;
printf(testingFmt, "wolfCrypt_Init()");
result = wolfCrypt_Init();
printf(resultFmt, result == 0 ? passed : failed);
return result;
} /* END test_wolfCrypt_Init */
/*----------------------------------------------------------------------------*
| Method Allocators
*----------------------------------------------------------------------------*/
@@ -194,6 +211,32 @@ static void test_wolfSSL_CTX_use_certificate_file(void)
#endif
}
/* Test function for wolfSSL_CTX_use_certificate_buffer. Load cert into
* context using buffer.
* PRE: NO_CERTS not defined; USE_CERT_BUFFERS_2048 defined; compile with
* --enable-testcert flag.
*/
static int test_wolfSSL_CTX_use_certificate_buffer(void)
{
#if !defined(NO_CERTS) && defined(USE_CERT_BUFFERS_2048) && !defined(NO_RSA)
WOLFSSL_CTX* ctx;
int ret;
printf(testingFmt, "wolfSSL_CTX_use_certificate_buffer()");
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
ret = wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048,
sizeof_server_cert_der_2048, SSL_FILETYPE_ASN1);
printf(resultFmt, ret == SSL_SUCCESS ? passed : failed);
wolfSSL_CTX_free(ctx);
return ret;
#else
return SSL_SUCCESS;
#endif
} /*END test_wolfSSL_CTX_use_certificate_buffer*/
static void test_wolfSSL_CTX_use_PrivateKey_file(void)
{
@@ -486,6 +529,48 @@ static void test_wolfSSL_SetTmpDH_buffer(void)
#endif
}
/* Test function for wolfSSL_SetMinVersion. Sets the minimum downgrade version
* allowed.
* POST: return 1 on success.
*/
static int test_wolfSSL_SetMinVersion(void)
{
WOLFSSL_CTX* ctx;
WOLFSSL* ssl;
int failFlag, itr;
#ifndef NO_OLD_TLS
const int versions[] = { WOLFSSL_TLSV1, WOLFSSL_TLSV1_1,
WOLFSSL_TLSV1_2};
#else
const int versions[] = { WOLFSSL_TLSV1_2 };
#endif
failFlag = SSL_SUCCESS;
AssertTrue(wolfSSL_Init());
ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
ssl = wolfSSL_new(ctx);
printf(testingFmt, "wolfSSL_SetMinVersion()");
for (itr = 0; itr < (int)(sizeof(versions)/sizeof(int)); itr++){
if(wolfSSL_SetMinVersion(ssl, *(versions + itr)) != SSL_SUCCESS){
failFlag = SSL_FAILURE;
}
}
printf(resultFmt, failFlag == SSL_SUCCESS ? passed : failed);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
AssertTrue(wolfSSL_Cleanup());
return failFlag;
} /* END test_wolfSSL_SetMinVersion */
/*----------------------------------------------------------------------------*
| IO
*----------------------------------------------------------------------------*/
@@ -537,6 +622,7 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args)
char msg[] = "I hear you fa shizzle!";
char input[1024];
int idx;
int ret, err = 0;
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
@@ -586,7 +672,7 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args)
}
ssl = wolfSSL_new(ctx);
tcp_accept(&sockfd, &clientfd, (func_args*)args, port, 0, 0, 0, 1);
tcp_accept(&sockfd, &clientfd, (func_args*)args, port, 0, 0, 0, 0, 1);
CloseSocket(sockfd);
if (wolfSSL_set_fd(ssl, clientfd) != SSL_SUCCESS) {
@@ -602,9 +688,22 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args)
#endif
#endif
if (wolfSSL_accept(ssl) != SSL_SUCCESS)
{
int err = wolfSSL_get_error(ssl, 0);
do {
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) { break; } else if (ret == 0) { continue; }
}
#endif
err = 0; /* Reset error */
ret = wolfSSL_accept(ssl);
if (ret != SSL_SUCCESS) {
err = wolfSSL_get_error(ssl, 0);
}
} while (ret != SSL_SUCCESS && err == WC_PENDING_E);
if (ret != SSL_SUCCESS) {
char buffer[WOLFSSL_MAX_ERROR_SZ];
printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer));
/*err_sys("SSL_accept failed");*/
@@ -666,6 +765,7 @@ static void test_client_nofail(void* args)
char reply[1024];
int input;
int msgSz = (int)XSTRLEN(msg);
int ret, err = 0;
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
@@ -700,18 +800,32 @@ static void test_client_nofail(void* args)
}
ssl = wolfSSL_new(ctx);
tcp_connect(&sockfd, wolfSSLIP, ((func_args*)args)->signal->port, 0, ssl);
tcp_connect(&sockfd, wolfSSLIP, ((func_args*)args)->signal->port,
0, 0, ssl);
if (wolfSSL_set_fd(ssl, sockfd) != SSL_SUCCESS) {
/*err_sys("SSL_set_fd failed");*/
goto done2;
}
if (wolfSSL_connect(ssl) != SSL_SUCCESS)
{
int err = wolfSSL_get_error(ssl, 0);
do {
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) { break; } else if (ret == 0) { continue; }
}
#endif
err = 0; /* Reset error */
ret = wolfSSL_connect(ssl);
if (ret != SSL_SUCCESS) {
err = wolfSSL_get_error(ssl, 0);
}
} while (ret != SSL_SUCCESS && err == WC_PENDING_E);
if (ret != SSL_SUCCESS) {
char buffer[WOLFSSL_MAX_ERROR_SZ];
printf("err = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer));
/*printf("SSL_connect failed");*/
printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer));
/*err_sys("SSL_connect failed");*/
goto done2;
}
@@ -759,6 +873,7 @@ static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args)
int len = (int) XSTRLEN(msg);
char input[1024];
int idx;
int ret, err = 0;
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
@@ -805,14 +920,14 @@ static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args)
socklen_t cliLen;
cliLen = sizeof(cliAddr);
tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 1, 0, 0);
tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 1, 0, 0, 0);
idx = (int)recvfrom(sfd, input, sizeof(input), MSG_PEEK,
(struct sockaddr*)&cliAddr, &cliLen);
AssertIntGT(idx, 0);
wolfSSL_dtls_set_peer(ssl, &cliAddr, cliLen);
}
else {
tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 0, 0, 1);
tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 0, 0, 0, 1);
CloseSocket(sfd);
}
@@ -829,13 +944,27 @@ static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args)
if (callbacks->ssl_ready)
callbacks->ssl_ready(ssl);
/* AssertIntEQ(SSL_SUCCESS, wolfSSL_accept(ssl)); */
if (wolfSSL_accept(ssl) != SSL_SUCCESS) {
int err = wolfSSL_get_error(ssl, 0);
do {
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) { break; } else if (ret == 0) { continue; }
}
#endif
err = 0; /* Reset error */
ret = wolfSSL_accept(ssl);
if (ret != SSL_SUCCESS) {
err = wolfSSL_get_error(ssl, 0);
}
} while (ret != SSL_SUCCESS && err == WC_PENDING_E);
if (ret != SSL_SUCCESS) {
char buffer[WOLFSSL_MAX_ERROR_SZ];
printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer));
} else {
/*err_sys("SSL_accept failed");*/
}
else {
if (0 < (idx = wolfSSL_read(ssl, input, sizeof(input)-1))) {
input[idx] = 0;
printf("Client message: %s\n", input);
@@ -898,6 +1027,7 @@ static void run_wolfssl_client(void* args)
int len = (int) XSTRLEN(msg);
char input[1024];
int idx;
int ret, err = 0;
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
@@ -922,22 +1052,39 @@ static void run_wolfssl_client(void* args)
ssl = wolfSSL_new(ctx);
if (wolfSSL_dtls(ssl)) {
tcp_connect(&sfd, wolfSSLIP, ((func_args*)args)->signal->port, 1, ssl);
tcp_connect(&sfd, wolfSSLIP, ((func_args*)args)->signal->port,
1, 0, ssl);
}
else {
tcp_connect(&sfd, wolfSSLIP, ((func_args*)args)->signal->port, 0, ssl);
tcp_connect(&sfd, wolfSSLIP, ((func_args*)args)->signal->port,
0, 0, ssl);
}
AssertIntEQ(SSL_SUCCESS, wolfSSL_set_fd(ssl, sfd));
if (callbacks->ssl_ready)
callbacks->ssl_ready(ssl);
if (wolfSSL_connect(ssl) != SSL_SUCCESS) {
int err = wolfSSL_get_error(ssl, 0);
do {
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) { break; } else if (ret == 0) { continue; }
}
#endif
err = 0; /* Reset error */
ret = wolfSSL_connect(ssl);
if (ret != SSL_SUCCESS) {
err = wolfSSL_get_error(ssl, 0);
}
} while (ret != SSL_SUCCESS && err == WC_PENDING_E);
if (ret != SSL_SUCCESS) {
char buffer[WOLFSSL_MAX_ERROR_SZ];
printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer));
} else {
/*err_sys("SSL_connect failed");*/
}
else {
AssertIntEQ(len, wolfSSL_write(ssl, msg, len));
if (0 < (idx = wolfSSL_read(ssl, input, sizeof(input)-1))) {
@@ -1780,6 +1927,28 @@ static void test_wolfSSL_UseALPN(void)
#endif
}
static void test_wolfSSL_DisableExtendedMasterSecret(void)
{
#ifdef HAVE_EXTENDED_MASTER
WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
WOLFSSL *ssl = wolfSSL_new(ctx);
AssertNotNull(ctx);
AssertNotNull(ssl);
/* error cases */
AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_DisableExtendedMasterSecret(NULL));
AssertIntNE(SSL_SUCCESS, wolfSSL_DisableExtendedMasterSecret(NULL));
/* success cases */
AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_DisableExtendedMasterSecret(ctx));
AssertIntEQ(SSL_SUCCESS, wolfSSL_DisableExtendedMasterSecret(ssl));
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
#endif
}
/*----------------------------------------------------------------------------*
| X509 Tests
*----------------------------------------------------------------------------*/
@@ -1827,6 +1996,126 @@ static void test_wolfSSL_X509_NAME_get_entry(void)
#endif /* !NO_CERTS */
}
/* Testing function wolfSSL_CTX_SetMinVersion; sets the minimum downgrade
* version allowed.
* POST: 1 on success.
*/
static int test_wolfSSL_CTX_SetMinVersion(void)
{
WOLFSSL_CTX* ctx;
int failFlag, itr;
#ifndef NO_OLD_TLS
const int versions[] = { WOLFSSL_TLSV1, WOLFSSL_TLSV1_1,
WOLFSSL_TLSV1_2 };
#else
const int versions[] = { WOLFSSL_TLSV1_2 };
#endif
failFlag = SSL_SUCCESS;
AssertTrue(wolfSSL_Init());
ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
printf(testingFmt, "wolfSSL_CTX_SetMinVersion()");
for (itr = 0; itr < (int)(sizeof(versions)/sizeof(int)); itr++){
if(wolfSSL_CTX_SetMinVersion(ctx, *(versions + itr)) != SSL_SUCCESS){
failFlag = SSL_FAILURE;
}
}
printf(resultFmt, failFlag == SSL_SUCCESS ? passed : failed);
wolfSSL_CTX_free(ctx);
AssertTrue(wolfSSL_Cleanup());
return failFlag;
} /* END test_wolfSSL_CTX_SetMinVersion */
/*----------------------------------------------------------------------------*
| OCSP Stapling
*----------------------------------------------------------------------------*/
/* Testing wolfSSL_UseOCSPStapling function. OCSP stapling eliminates the need
* need to contact the CA, lowering the cost of cert revocation checking.
* PRE: HAVE_OCSP and HAVE_CERTIFICATE_STATUS_REQUEST
* POST: 1 returned for success.
*/
static int test_wolfSSL_UseOCSPStapling(void)
{
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) && defined(HAVE_OCSP)
int ret;
WOLFSSL_CTX* ctx;
WOLFSSL* ssl;
wolfSSL_Init();
ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
ssl = wolfSSL_new(ctx);
printf(testingFmt, "wolfSSL_UseOCSPStapling()");
ret = wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR2_OCSP,
WOLFSSL_CSR2_OCSP_USE_NONCE);
printf(resultFmt, ret == SSL_SUCCESS ? passed : failed);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
if(ret != SSL_SUCCESS){
wolfSSL_Cleanup();
return SSL_FAILURE;
}
return wolfSSL_Cleanup();
#else
return SSL_SUCCESS;
#endif
} /*END test_wolfSSL_UseOCSPStapling */
/* Testing OCSP stapling version 2, wolfSSL_UseOCSPStaplingV2 funciton. OCSP
* stapling eliminates the need ot contact the CA and lowers cert revocation
* check.
* PRE: HAVE_CERTIFICATE_STATUS_REQUEST_V2 and HAVE_OCSP defined.
*/
static int test_wolfSSL_UseOCSPStaplingV2(void)
{
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) && defined(HAVE_OCSP)
int ret;
WOLFSSL_CTX* ctx;
WOLFSSL* ssl;
wolfSSL_Init();
ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
ssl = wolfSSL_new(ctx);
printf(testingFmt, "wolfSSL_UseOCSPStaplingV2()");
ret = wolfSSL_UseOCSPStaplingV2(ssl, WOLFSSL_CSR2_OCSP,
WOLFSSL_CSR2_OCSP_USE_NONCE );
printf(resultFmt, ret == SSL_SUCCESS ? passed : failed);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
if(ret != SSL_SUCCESS){
wolfSSL_Cleanup();
return SSL_FAILURE;
}
return wolfSSL_Cleanup();
#else
return SSL_SUCCESS;
#endif
} /*END test_wolfSSL_UseOCSPStaplingV2*/
/*----------------------------------------------------------------------------*
| Main
@@ -1835,11 +2124,13 @@ static void test_wolfSSL_X509_NAME_get_entry(void)
void ApiTest(void)
{
printf(" Begin API Tests\n");
test_wolfSSL_Init();
AssertIntEQ(test_wolfSSL_Init(), SSL_SUCCESS);
/* wolfcrypt initialization tests */
AssertFalse(test_wolfCrypt_Init());
test_wolfSSL_Method_Allocators();
test_wolfSSL_CTX_new(wolfSSLv23_server_method());
test_wolfSSL_CTX_use_certificate_file();
AssertIntEQ(test_wolfSSL_CTX_use_certificate_buffer(), SSL_SUCCESS);
test_wolfSSL_CTX_use_PrivateKey_file();
test_wolfSSL_CTX_load_verify_locations();
test_wolfSSL_CTX_trust_peer_cert();
@@ -1851,6 +2142,8 @@ void ApiTest(void)
test_wolfSSL_SetTmpDH_buffer();
test_wolfSSL_read_write();
test_wolfSSL_dtls_export();
AssertIntEQ(test_wolfSSL_SetMinVersion(), SSL_SUCCESS);
AssertIntEQ(test_wolfSSL_CTX_SetMinVersion(), SSL_SUCCESS);
/* TLS extensions tests */
test_wolfSSL_UseSNI();
@@ -1858,10 +2151,16 @@ void ApiTest(void)
test_wolfSSL_UseTruncatedHMAC();
test_wolfSSL_UseSupportedCurve();
test_wolfSSL_UseALPN();
test_wolfSSL_DisableExtendedMasterSecret();
/* X509 tests */
test_wolfSSL_X509_NAME_get_entry();
test_wolfSSL_Cleanup();
/*OCSP Stapling. */
AssertIntEQ(test_wolfSSL_UseOCSPStapling(), SSL_SUCCESS);
AssertIntEQ(test_wolfSSL_UseOCSPStaplingV2(), SSL_SUCCESS);
AssertIntEQ(test_wolfSSL_Cleanup(), SSL_SUCCESS);
printf(" End API Tests\n");
}

Some files were not shown because too many files have changed in this diff Show More