From 08607bf8a209bdc9c78f3af429a7a86bc47e06ac Mon Sep 17 00:00:00 2001 From: kaleb-himes Date: Fri, 24 Jan 2020 17:06:57 -0700 Subject: [PATCH] Fixed first round of feedback, checking leaks next --- .../extendedKeyUsage/ocsp-responder-cert.pem | 182 ------------------ .../extendedKeyUsage/server-int-cert.pem | 94 --------- certfields/extendedKeyUsage/test.c | 19 +- certfields/keyUsage/test.c | 2 +- certs/ocsp-responder-cert.pem | 90 +++++++++ .../keyUsage => certs}/test-intermediate.pem | 92 --------- 6 files changed, 104 insertions(+), 375 deletions(-) delete mode 100644 certfields/extendedKeyUsage/ocsp-responder-cert.pem delete mode 100644 certfields/extendedKeyUsage/server-int-cert.pem create mode 100644 certs/ocsp-responder-cert.pem rename {certfields/keyUsage => certs}/test-intermediate.pem (50%) diff --git a/certfields/extendedKeyUsage/ocsp-responder-cert.pem b/certfields/extendedKeyUsage/ocsp-responder-cert.pem deleted file mode 100644 index 447bc0f7..00000000 --- a/certfields/extendedKeyUsage/ocsp-responder-cert.pem +++ /dev/null @@ -1,182 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 4 (0x4) - Signature Algorithm: sha256WithRSAEncryption - Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com - Validity - Not Before: Apr 13 15:23:10 2018 GMT - Not After : Jan 7 15:23:10 2021 GMT - Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL OCSP Responder/emailAddress=info@wolfssl.com - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) - Modulus: - 00:b8:ba:23:b4:f6:c3:7b:14:c3:a4:f5:1d:61:a1: - f5:1e:63:b9:85:23:34:50:6d:f8:7c:a2:8a:04:8b: - d5:75:5c:2d:f7:63:88:d1:07:7a:ea:0b:45:35:2b: - eb:1f:b1:22:b4:94:41:38:e2:9d:74:d6:8b:30:22: - 10:51:c5:db:ca:3f:46:2b:fe:e5:5a:3f:41:74:67: - 75:95:a9:94:d5:c3:ee:42:f8:8d:eb:92:95:e1:d9: - 65:b7:43:c4:18:de:16:80:90:ce:24:35:21:c4:55: - ac:5a:51:e0:2e:2d:b3:0a:5a:4f:4a:73:31:50:ee: - 4a:16:bd:39:8b:ad:05:48:87:b1:99:e2:10:a7:06: - 72:67:ca:5c:d1:97:bd:c8:f1:76:f8:e0:4a:ec:bc: - 93:f4:66:4c:28:71:d1:d8:66:03:b4:90:30:bb:17: - b0:fe:97:f5:1e:e8:c7:5d:9b:8b:11:19:12:3c:ab: - 82:71:78:ff:ae:3f:32:b2:08:71:b2:1b:8c:27:ac: - 11:b8:d8:43:49:cf:b0:70:b1:f0:8c:ae:da:24:87: - 17:3b:d8:04:65:6c:00:76:50:ef:15:08:d7:b4:73: - 68:26:14:87:95:c3:5f:6e:61:b8:87:84:fa:80:1a: - 0a:8b:98:f3:e3:ff:4e:44:1c:65:74:7c:71:54:65: - e5:39 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - X509v3 Subject Key Identifier: - 32:67:E1:B1:79:D2:81:FC:9F:23:0C:70:40:50:B5:46:56:B8:30:36 - X509v3 Authority Key Identifier: - keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 - DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com - serial:63 - - X509v3 Extended Key Usage: - OCSP Signing - Signature Algorithm: sha256WithRSAEncryption - 9b:56:c5:5f:b9:b2:00:30:ca:05:2a:e8:c6:96:ba:aa:23:40: - 40:89:6d:a2:7a:93:f2:c9:8a:6f:0e:5d:5f:6f:ce:5e:4b:38: - a9:d2:ab:97:78:e3:73:3d:3d:27:e9:00:ce:16:d9:c5:c5:06: - a8:eb:c6:e5:76:4c:f7:60:1a:69:ae:35:d6:f8:0f:da:9c:83: - c6:fb:74:a6:12:e5:c7:64:ae:e7:2c:b6:d3:62:1f:f3:20:11: - 2e:09:9b:14:f0:a3:17:d0:2c:be:4a:39:3a:55:58:2f:90:37: - 04:c5:54:27:9d:0e:51:97:da:21:df:05:ec:ca:79:a8:ca:02: - ca:cf:b7:05:ef:04:fa:f9:81:20:10:c1:7d:4a:a7:93:13:28: - 1e:98:a7:3e:4c:01:13:c3:6b:14:e1:87:37:5f:3a:d3:7d:b6: - d4:d9:0d:56:93:7f:1d:e9:c2:35:c7:11:7f:42:d0:d5:3d:5f: - f6:fc:23:24:e3:45:7f:4f:9e:18:df:7b:41:80:fa:bb:bd:16: - e1:eb:c5:78:52:88:cd:82:c7:92:3a:ce:cb:c6:07:05:ec:70: - 0e:e8:db:44:8f:3b:f3:41:de:b2:19:b0:f6:e0:5a:06:48:d9: - b9:e2:2b:0f:ec:ec:1f:fb:83:4d:80:d4:6e:34:ed:78:a1:be: - a2:cb:07:ab ------BEGIN CERTIFICATE----- -MIIEvjCCA6agAwIBAgIBBDANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx -EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM -B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM -IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgw -NDEzMTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBnjELMAkGA1UEBhMCVVMxEzARBgNV -BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT -U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMR8wHQYDVQQDDBZ3b2xmU1NMIE9DU1Ag -UmVzcG9uZGVyMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjAN -BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuLojtPbDexTDpPUdYaH1HmO5hSM0 -UG34fKKKBIvVdVwt92OI0Qd66gtFNSvrH7EitJRBOOKddNaLMCIQUcXbyj9GK/7l -Wj9BdGd1lamU1cPuQviN65KV4dllt0PEGN4WgJDOJDUhxFWsWlHgLi2zClpPSnMx -UO5KFr05i60FSIexmeIQpwZyZ8pc0Ze9yPF2+OBK7LyT9GZMKHHR2GYDtJAwuxew -/pf1HujHXZuLERkSPKuCcXj/rj8ysghxshuMJ6wRuNhDSc+wcLHwjK7aJIcXO9gE -ZWwAdlDvFQjXtHNoJhSHlcNfbmG4h4T6gBoKi5jz4/9ORBxldHxxVGXlOQIDAQAB -o4IBCjCCAQYwCQYDVR0TBAIwADAdBgNVHQ4EFgQUMmfhsXnSgfyfIwxwQFC1Rla4 -MDYwgcQGA1UdIwSBvDCBuYAUc7AcpC+Cy89HpTjXsASCOn5yFSGhgZ2kgZowgZcx -CzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0 -dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEYMBYG -A1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZz -c2wuY29tggFjMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA0GCSqGSIb3DQEBCwUAA4IB -AQCbVsVfubIAMMoFKujGlrqqI0BAiW2iepPyyYpvDl1fb85eSzip0quXeONzPT0n -6QDOFtnFxQao68bldkz3YBpprjXW+A/anIPG+3SmEuXHZK7nLLbTYh/zIBEuCZsU -8KMX0Cy+Sjk6VVgvkDcExVQnnQ5Rl9oh3wXsynmoygLKz7cF7wT6+YEgEMF9SqeT -EygemKc+TAETw2sU4Yc3XzrTfbbU2Q1Wk38d6cI1xxF/QtDVPV/2/CMk40V/T54Y -33tBgPq7vRbh68V4UojNgseSOs7LxgcF7HAO6NtEjzvzQd6yGbD24FoGSNm54isP -7Owf+4NNgNRuNO14ob6iywer ------END CERTIFICATE----- -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 99 (0x63) - Signature Algorithm: sha256WithRSAEncryption - Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com - Validity - Not Before: Apr 13 15:23:10 2018 GMT - Not After : Jan 7 15:23:10 2021 GMT - Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) - Modulus: - 00:ab:2c:b4:2f:1d:06:09:ef:4e:29:86:84:7e:cc: - bf:a6:79:7c:f0:c0:c1:64:25:8c:75:b7:10:05:ca: - 48:27:0c:0e:32:1c:b0:fe:99:85:39:b6:b9:a2:f7: - 27:ff:6d:3c:8c:16:73:29:21:7f:8b:a6:54:71:90: - ad:cc:05:b9:9f:15:c7:0a:3f:5f:69:f4:0a:5f:8c: - 71:b5:2c:bf:66:e2:03:9a:32:f4:d2:ec:2a:89:4b: - f9:35:88:14:33:47:4e:2e:05:79:01:ed:64:36:76: - b9:f8:85:cd:01:88:ac:c5:b2:b1:59:b8:cd:5a:f4: - 09:09:38:9b:da:5a:cf:ce:78:99:1f:49:3d:41:d6: - 06:7c:52:99:c8:97:d1:b3:80:3a:a2:4f:36:c4:c5: - 96:30:77:31:38:c8:70:cc:e1:67:06:b3:2b:2f:93: - b5:69:cf:83:7e:88:53:9b:0f:46:21:4c:d6:05:36: - 44:99:60:68:47:e5:32:01:12:d4:10:73:ae:9a:34: - 94:fa:6e:b8:58:4f:7b:5b:8a:92:97:ad:fd:97:b9: - 75:ca:c2:d4:45:7d:17:6b:cd:2f:f3:63:7a:0e:30: - b5:0b:a9:d9:a6:7c:74:60:9d:cc:09:03:43:f1:0f: - 90:d3:b7:fe:6c:9f:d9:cd:78:4b:15:ae:8c:5b:f9: - 99:81 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:TRUE - X509v3 Subject Key Identifier: - 73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 - X509v3 Authority Key Identifier: - keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 - DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com - serial:63 - - X509v3 Key Usage: - Certificate Sign, CRL Sign - Authority Information Access: - OCSP - URI:http://127.0.0.1:22220 - - Signature Algorithm: sha256WithRSAEncryption - 6b:10:b1:f8:cb:77:ef:72:f5:f8:fc:70:6d:18:dc:34:fe:d7: - 95:d8:fd:85:8e:ca:4b:f3:be:1f:eb:14:08:dc:23:34:78:98: - 39:d7:9f:c3:52:f6:14:3d:e9:de:5c:c2:d8:b1:4b:a8:4c:5b: - 91:42:66:da:7f:3c:e9:03:20:5e:08:0f:76:79:b9:21:10:89: - b7:73:46:44:7e:6e:28:0c:00:e4:f4:3e:65:aa:f5:c6:27:57: - 2c:bb:1d:ae:e5:94:57:a3:73:9e:6b:44:00:35:4a:f3:c7:34: - 9c:a2:a7:aa:62:9f:1d:ef:a8:6c:be:07:ad:ef:ae:ee:93:0b: - ba:c3:59:4e:90:40:2d:00:5e:f0:0f:0a:de:18:2a:b3:97:31: - 63:84:ff:18:1c:b6:d8:7d:ee:33:ed:99:f0:f5:7f:88:58:b3: - 0d:90:db:eb:44:7e:06:37:61:d4:34:b9:f6:fd:3e:8d:07:e4: - b5:b0:ae:09:ce:98:e4:b0:1b:d5:7b:53:94:dd:8a:b2:20:d6: - b0:72:f8:b1:bc:76:df:16:86:39:7b:e4:a9:15:47:57:ae:ca: - 41:d6:3a:ba:15:d1:c0:b5:38:66:0b:0f:80:8b:a2:07:b4:fc: - 80:1f:a3:4c:1f:d2:65:97:c1:2c:ae:46:31:61:49:0d:d7:5f: - ac:d2:a6:05 ------BEGIN CERTIFICATE----- -MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx -EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM -B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM -IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgw -NDEzMTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV -BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT -U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg -Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 -DQEBAQUAA4IBDwAwggEKAoIBAQCrLLQvHQYJ704phoR+zL+meXzwwMFkJYx1txAF -ykgnDA4yHLD+mYU5trmi9yf/bTyMFnMpIX+LplRxkK3MBbmfFccKP19p9ApfjHG1 -LL9m4gOaMvTS7CqJS/k1iBQzR04uBXkB7WQ2drn4hc0BiKzFsrFZuM1a9AkJOJva -Ws/OeJkfST1B1gZ8UpnIl9GzgDqiTzbExZYwdzE4yHDM4WcGsysvk7Vpz4N+iFOb -D0YhTNYFNkSZYGhH5TIBEtQQc66aNJT6brhYT3tbipKXrf2XuXXKwtRFfRdrzS/z -Y3oOMLULqdmmfHRgncwJA0PxD5DTt/5sn9nNeEsVroxb+ZmBAgMBAAGjggE5MIIB -NTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBRzsBykL4LLz0elONewBII6fnIVITCB -xAYDVR0jBIG8MIG5gBRzsBykL4LLz0elONewBII6fnIVIaGBnaSBmjCBlzELMAkG -A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx -EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD -DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j -b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW -aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAaxCx+Mt3 -73L1+PxwbRjcNP7Xldj9hY7KS/O+H+sUCNwjNHiYOdefw1L2FD3p3lzC2LFLqExb -kUJm2n886QMgXggPdnm5IRCJt3NGRH5uKAwA5PQ+Zar1xidXLLsdruWUV6NznmtE -ADVK88c0nKKnqmKfHe+obL4Hre+u7pMLusNZTpBALQBe8A8K3hgqs5cxY4T/GBy2 -2H3uM+2Z8PV/iFizDZDb60R+Bjdh1DS59v0+jQfktbCuCc6Y5LAb1XtTlN2KsiDW -sHL4sbx23xaGOXvkqRVHV67KQdY6uhXRwLU4ZgsPgIuiB7T8gB+jTB/SZZfBLK5G -MWFJDddfrNKmBQ== ------END CERTIFICATE----- diff --git a/certfields/extendedKeyUsage/server-int-cert.pem b/certfields/extendedKeyUsage/server-int-cert.pem deleted file mode 100644 index 66edf0b5..00000000 --- a/certfields/extendedKeyUsage/server-int-cert.pem +++ /dev/null @@ -1,94 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 4097 (0x1001) - Signature Algorithm: sha256WithRSAEncryption - Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Intermediate CA/emailAddress=info@wolfssl.com - Validity - Not Before: Dec 21 17:54:00 2018 GMT - Not After : Dec 18 17:54:00 2028 GMT - Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Server Chain/emailAddress=info@wolfssl.com - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) - Modulus: - 00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27: - 01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6: - f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75: - f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab: - 64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e: - 86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25: - 4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c: - 34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6: - 8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc: - 40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8: - dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3: - e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9: - 64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0: - c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77: - ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4: - b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22: - a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f: - ad:d7 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - Netscape Cert Type: - SSL Server - X509v3 Subject Key Identifier: - B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C - X509v3 Authority Key Identifier: - keyid:EF:69:E0:F7:D5:1D:E6:99:EC:DC:6D:D0:F7:E2:B9:5C:64:71:83:35 - DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:10:00 - - X509v3 Key Usage: critical - Digital Signature, Key Encipherment, Key Agreement - X509v3 Extended Key Usage: - TLS Web Server Authentication - Signature Algorithm: sha256WithRSAEncryption - 3d:b5:8d:66:7e:85:a0:87:cc:53:a4:c7:c9:63:6b:d4:c4:44: - c7:45:d0:71:ef:2f:58:92:60:7d:c8:37:ed:64:ea:b1:ab:00: - 1b:56:fe:f7:77:78:76:fd:64:63:7d:78:ff:d4:ae:58:1b:f0: - 14:e9:e7:bd:4b:ec:36:6f:34:cb:91:b0:43:25:66:8b:c0:59: - d1:ea:ed:25:0d:5c:72:8a:29:de:8a:c8:77:51:b9:d5:c4:e5: - 26:50:0c:bd:d7:a1:eb:fa:93:ec:3d:36:8f:cf:ee:b6:6b:5c: - a8:4f:1b:71:c6:4d:2c:af:d2:da:20:c8:89:f3:fc:db:84:c2: - a9:f6:97:62:ac:aa:a7:6b:fb:3b:21:51:85:7a:73:55:34:82: - 9b:f8:99:cb:96:89:a2:d3:39:5f:b3:0d:5f:8e:9e:46:4a:55: - 57:ab:de:11:cf:80:1f:25:c9:ec:6f:48:fd:ce:5b:d2:05:07: - 6b:4e:fc:0d:10:a0:8a:82:fb:e4:77:3a:27:e0:0e:0c:fb:43: - 64:5f:90:8e:26:12:94:db:97:18:ec:19:94:1b:56:5c:b9:bb: - 26:9b:1c:15:5c:07:df:d1:2d:9d:41:96:c0:2a:5a:4a:9e:5f: - 9e:66:9a:8c:6c:ff:6c:ca:a1:7d:b6:12:a3:d4:33:0b:00:1e: - ba:5d:3d:7a ------BEGIN CERTIFICATE----- -MIIE5jCCA86gAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwgZ8xCzAJBgNVBAYTAlVT -MRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQK -DAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNT -TCBJbnRlcm1lZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j -b20wHhcNMTgxMjIxMTc1NDAwWhcNMjgxMjE4MTc1NDAwWjCBnDELMAkGA1UEBhMC -VVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNV -BAoMB3dvbGZTU0wxFDASBgNVBAsMC0RldmVsb3BtZW50MR0wGwYDVQQDDBR3b2xm -U1NMIFNlcnZlciBDaGFpbjEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv -bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfSRUEn -AWXGRa7yvCQwuJXOL07W9hyIvHyf+6hnf/5cnFF194rKB+c1L4/hvXvAL3yrZKgX -/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBj -xfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9 -ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIj -laF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBP -rdcCAwEAAaOCASswggEnMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMB0G -A1UdDgQWBBSzETLJkpiE4sn40DtuA0LKHw6OPDCBwgYDVR0jBIG6MIG3gBTvaeD3 -1R3mmezcbdD34rlcZHGDNaGBmqSBlzCBlDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM -B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMw -EQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAd -BgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CAhAAMA4GA1UdDwEB/wQEAwID -qDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAQEAPbWNZn6F -oIfMU6THyWNr1MREx0XQce8vWJJgfcg37WTqsasAG1b+93d4dv1kY314/9SuWBvw -FOnnvUvsNm80y5GwQyVmi8BZ0ertJQ1ccoop3orId1G51cTlJlAMvdeh6/qT7D02 -j8/utmtcqE8bccZNLK/S2iDIifP824TCqfaXYqyqp2v7OyFRhXpzVTSCm/iZy5aJ -otM5X7MNX46eRkpVV6veEc+AHyXJ7G9I/c5b0gUHa078DRCgioL75Hc6J+AODPtD -ZF+QjiYSlNuXGOwZlBtWXLm7JpscFVwH39EtnUGWwCpaSp5fnmaajGz/bMqhfbYS -o9QzCwAeul09eg== ------END CERTIFICATE----- diff --git a/certfields/extendedKeyUsage/test.c b/certfields/extendedKeyUsage/test.c index bad890cf..53b07a48 100644 --- a/certfields/extendedKeyUsage/test.c +++ b/certfields/extendedKeyUsage/test.c @@ -41,8 +41,14 @@ void print_extended_key_use(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk, int crit) while ((obj = wolfSSL_sk_ASN1_OBJECT_pop(sk)) != NULL) { outputSz = wolfSSL_OBJ_obj2txt(DecodedString, MAX_OID_STRING_SZ, obj, 1); - printf("extKeyUsage OID: %s\n", DecodedString); + if (outputSz > 0) + printf("extKeyUsage OID: %s\n", DecodedString); } + } else { + /* silence unused warnings */ + (void) obj; + (void) DecodedString; + (void) outputSz; } return; } @@ -52,8 +58,8 @@ void print_extended_key_use(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk, int crit) int main(int argc, char** argv) { #ifdef OPENSSL_EXTRA - char cert1FName[] = "./ocsp-responder-cert.pem"; - char cert2FName[] = "./server-int-cert.pem"; + char cert1FName[] = "../../certs/server-ecc.pem"; + char cert2FName[] = "../../certs/ocsp-responder-cert.pem"; int numCerts = 2; char* certFName = NULL; @@ -78,12 +84,13 @@ int main(int argc, char** argv) return -999; } - sk = (WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_ext_key_usage, - &crit, NULL); + sk = (WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)*)wolfSSL_X509_get_ext_d2i(x509, + NID_ext_key_usage, + &crit, NULL); print_extended_key_use(sk, crit); - sk_ASN1_OBJECT_free(sk); + wolfSSL_sk_ASN1_OBJECT_free(sk); } #else diff --git a/certfields/keyUsage/test.c b/certfields/keyUsage/test.c index a1ed0546..14516371 100644 --- a/certfields/keyUsage/test.c +++ b/certfields/keyUsage/test.c @@ -38,7 +38,7 @@ void print_use(unsigned int usageMask, char* usage) int main(int argc, char** argv) { #ifdef OPENSSL_EXTRA - char certFName[] = "./test-intermediate.pem"; + char certFName[] = "../../certs/test-intermediate.pem"; WOLFSSL_X509* x509 = NULL; unsigned int keyUsage = 0; diff --git a/certs/ocsp-responder-cert.pem b/certs/ocsp-responder-cert.pem new file mode 100644 index 00000000..b2bdf105 --- /dev/null +++ b/certs/ocsp-responder-cert.pem @@ -0,0 +1,90 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4 (0x4) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com + Validity + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL OCSP Responder/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:b8:ba:23:b4:f6:c3:7b:14:c3:a4:f5:1d:61:a1: + f5:1e:63:b9:85:23:34:50:6d:f8:7c:a2:8a:04:8b: + d5:75:5c:2d:f7:63:88:d1:07:7a:ea:0b:45:35:2b: + eb:1f:b1:22:b4:94:41:38:e2:9d:74:d6:8b:30:22: + 10:51:c5:db:ca:3f:46:2b:fe:e5:5a:3f:41:74:67: + 75:95:a9:94:d5:c3:ee:42:f8:8d:eb:92:95:e1:d9: + 65:b7:43:c4:18:de:16:80:90:ce:24:35:21:c4:55: + ac:5a:51:e0:2e:2d:b3:0a:5a:4f:4a:73:31:50:ee: + 4a:16:bd:39:8b:ad:05:48:87:b1:99:e2:10:a7:06: + 72:67:ca:5c:d1:97:bd:c8:f1:76:f8:e0:4a:ec:bc: + 93:f4:66:4c:28:71:d1:d8:66:03:b4:90:30:bb:17: + b0:fe:97:f5:1e:e8:c7:5d:9b:8b:11:19:12:3c:ab: + 82:71:78:ff:ae:3f:32:b2:08:71:b2:1b:8c:27:ac: + 11:b8:d8:43:49:cf:b0:70:b1:f0:8c:ae:da:24:87: + 17:3b:d8:04:65:6c:00:76:50:ef:15:08:d7:b4:73: + 68:26:14:87:95:c3:5f:6e:61:b8:87:84:fa:80:1a: + 0a:8b:98:f3:e3:ff:4e:44:1c:65:74:7c:71:54:65: + e5:39 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 32:67:E1:B1:79:D2:81:FC:9F:23:0C:70:40:50:B5:46:56:B8:30:36 + X509v3 Authority Key Identifier: + keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 + DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com + serial:63 + + X509v3 Extended Key Usage: + OCSP Signing + Signature Algorithm: sha256WithRSAEncryption + 9b:56:c5:5f:b9:b2:00:30:ca:05:2a:e8:c6:96:ba:aa:23:40: + 40:89:6d:a2:7a:93:f2:c9:8a:6f:0e:5d:5f:6f:ce:5e:4b:38: + a9:d2:ab:97:78:e3:73:3d:3d:27:e9:00:ce:16:d9:c5:c5:06: + a8:eb:c6:e5:76:4c:f7:60:1a:69:ae:35:d6:f8:0f:da:9c:83: + c6:fb:74:a6:12:e5:c7:64:ae:e7:2c:b6:d3:62:1f:f3:20:11: + 2e:09:9b:14:f0:a3:17:d0:2c:be:4a:39:3a:55:58:2f:90:37: + 04:c5:54:27:9d:0e:51:97:da:21:df:05:ec:ca:79:a8:ca:02: + ca:cf:b7:05:ef:04:fa:f9:81:20:10:c1:7d:4a:a7:93:13:28: + 1e:98:a7:3e:4c:01:13:c3:6b:14:e1:87:37:5f:3a:d3:7d:b6: + d4:d9:0d:56:93:7f:1d:e9:c2:35:c7:11:7f:42:d0:d5:3d:5f: + f6:fc:23:24:e3:45:7f:4f:9e:18:df:7b:41:80:fa:bb:bd:16: + e1:eb:c5:78:52:88:cd:82:c7:92:3a:ce:cb:c6:07:05:ec:70: + 0e:e8:db:44:8f:3b:f3:41:de:b2:19:b0:f6:e0:5a:06:48:d9: + b9:e2:2b:0f:ec:ec:1f:fb:83:4d:80:d4:6e:34:ed:78:a1:be: + a2:cb:07:ab +-----BEGIN CERTIFICATE----- +MIIEvjCCA6agAwIBAgIBBDANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx +EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM +B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgw +NDEzMTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBnjELMAkGA1UEBhMCVVMxEzARBgNV +BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT +U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMR8wHQYDVQQDDBZ3b2xmU1NMIE9DU1Ag +UmVzcG9uZGVyMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuLojtPbDexTDpPUdYaH1HmO5hSM0 +UG34fKKKBIvVdVwt92OI0Qd66gtFNSvrH7EitJRBOOKddNaLMCIQUcXbyj9GK/7l +Wj9BdGd1lamU1cPuQviN65KV4dllt0PEGN4WgJDOJDUhxFWsWlHgLi2zClpPSnMx +UO5KFr05i60FSIexmeIQpwZyZ8pc0Ze9yPF2+OBK7LyT9GZMKHHR2GYDtJAwuxew +/pf1HujHXZuLERkSPKuCcXj/rj8ysghxshuMJ6wRuNhDSc+wcLHwjK7aJIcXO9gE +ZWwAdlDvFQjXtHNoJhSHlcNfbmG4h4T6gBoKi5jz4/9ORBxldHxxVGXlOQIDAQAB +o4IBCjCCAQYwCQYDVR0TBAIwADAdBgNVHQ4EFgQUMmfhsXnSgfyfIwxwQFC1Rla4 +MDYwgcQGA1UdIwSBvDCBuYAUc7AcpC+Cy89HpTjXsASCOn5yFSGhgZ2kgZowgZcx +CzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0 +dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEYMBYG +A1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZz +c2wuY29tggFjMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA0GCSqGSIb3DQEBCwUAA4IB +AQCbVsVfubIAMMoFKujGlrqqI0BAiW2iepPyyYpvDl1fb85eSzip0quXeONzPT0n +6QDOFtnFxQao68bldkz3YBpprjXW+A/anIPG+3SmEuXHZK7nLLbTYh/zIBEuCZsU +8KMX0Cy+Sjk6VVgvkDcExVQnnQ5Rl9oh3wXsynmoygLKz7cF7wT6+YEgEMF9SqeT +EygemKc+TAETw2sU4Yc3XzrTfbbU2Q1Wk38d6cI1xxF/QtDVPV/2/CMk40V/T54Y +33tBgPq7vRbh68V4UojNgseSOs7LxgcF7HAO6NtEjzvzQd6yGbD24FoGSNm54isP +7Owf+4NNgNRuNO14ob6iywer +-----END CERTIFICATE----- + diff --git a/certfields/keyUsage/test-intermediate.pem b/certs/test-intermediate.pem similarity index 50% rename from certfields/keyUsage/test-intermediate.pem rename to certs/test-intermediate.pem index 7305fe0e..f51b3056 100644 --- a/certfields/keyUsage/test-intermediate.pem +++ b/certs/test-intermediate.pem @@ -91,96 +91,4 @@ E6tj/rAZ6ho4IhYRMTRD/FDG7BmXA9voByhIiDrlNaL9gxLfVXByYQ34ZhhSWMlG l4YxnqJDDLkP0+s1yeUZTrSL0qzqv4MqSJ0goAhFYJKKJwaTd3S7DiKOVBfy1Od/ 85BNzHXnFsWcSs/c8hkYEvVyji4= -----END CERTIFICATE----- -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 99 (0x63) - Signature Algorithm: sha256WithRSAEncryption - Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com - Validity - Not Before: Apr 13 15:23:10 2018 GMT - Not After : Jan 7 15:23:10 2021 GMT - Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) - Modulus: - 00:ab:2c:b4:2f:1d:06:09:ef:4e:29:86:84:7e:cc: - bf:a6:79:7c:f0:c0:c1:64:25:8c:75:b7:10:05:ca: - 48:27:0c:0e:32:1c:b0:fe:99:85:39:b6:b9:a2:f7: - 27:ff:6d:3c:8c:16:73:29:21:7f:8b:a6:54:71:90: - ad:cc:05:b9:9f:15:c7:0a:3f:5f:69:f4:0a:5f:8c: - 71:b5:2c:bf:66:e2:03:9a:32:f4:d2:ec:2a:89:4b: - f9:35:88:14:33:47:4e:2e:05:79:01:ed:64:36:76: - b9:f8:85:cd:01:88:ac:c5:b2:b1:59:b8:cd:5a:f4: - 09:09:38:9b:da:5a:cf:ce:78:99:1f:49:3d:41:d6: - 06:7c:52:99:c8:97:d1:b3:80:3a:a2:4f:36:c4:c5: - 96:30:77:31:38:c8:70:cc:e1:67:06:b3:2b:2f:93: - b5:69:cf:83:7e:88:53:9b:0f:46:21:4c:d6:05:36: - 44:99:60:68:47:e5:32:01:12:d4:10:73:ae:9a:34: - 94:fa:6e:b8:58:4f:7b:5b:8a:92:97:ad:fd:97:b9: - 75:ca:c2:d4:45:7d:17:6b:cd:2f:f3:63:7a:0e:30: - b5:0b:a9:d9:a6:7c:74:60:9d:cc:09:03:43:f1:0f: - 90:d3:b7:fe:6c:9f:d9:cd:78:4b:15:ae:8c:5b:f9: - 99:81 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:TRUE - X509v3 Subject Key Identifier: - 73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 - X509v3 Authority Key Identifier: - keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21 - DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com - serial:63 - X509v3 Key Usage: - Certificate Sign, CRL Sign - Authority Information Access: - OCSP - URI:http://127.0.0.1:22220 - - Signature Algorithm: sha256WithRSAEncryption - 6b:10:b1:f8:cb:77:ef:72:f5:f8:fc:70:6d:18:dc:34:fe:d7: - 95:d8:fd:85:8e:ca:4b:f3:be:1f:eb:14:08:dc:23:34:78:98: - 39:d7:9f:c3:52:f6:14:3d:e9:de:5c:c2:d8:b1:4b:a8:4c:5b: - 91:42:66:da:7f:3c:e9:03:20:5e:08:0f:76:79:b9:21:10:89: - b7:73:46:44:7e:6e:28:0c:00:e4:f4:3e:65:aa:f5:c6:27:57: - 2c:bb:1d:ae:e5:94:57:a3:73:9e:6b:44:00:35:4a:f3:c7:34: - 9c:a2:a7:aa:62:9f:1d:ef:a8:6c:be:07:ad:ef:ae:ee:93:0b: - ba:c3:59:4e:90:40:2d:00:5e:f0:0f:0a:de:18:2a:b3:97:31: - 63:84:ff:18:1c:b6:d8:7d:ee:33:ed:99:f0:f5:7f:88:58:b3: - 0d:90:db:eb:44:7e:06:37:61:d4:34:b9:f6:fd:3e:8d:07:e4: - b5:b0:ae:09:ce:98:e4:b0:1b:d5:7b:53:94:dd:8a:b2:20:d6: - b0:72:f8:b1:bc:76:df:16:86:39:7b:e4:a9:15:47:57:ae:ca: - 41:d6:3a:ba:15:d1:c0:b5:38:66:0b:0f:80:8b:a2:07:b4:fc: - 80:1f:a3:4c:1f:d2:65:97:c1:2c:ae:46:31:61:49:0d:d7:5f: - ac:d2:a6:05 ------BEGIN CERTIFICATE----- -MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx -EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM -B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM -IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgw -NDEzMTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV -BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT -U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg -Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 -DQEBAQUAA4IBDwAwggEKAoIBAQCrLLQvHQYJ704phoR+zL+meXzwwMFkJYx1txAF -ykgnDA4yHLD+mYU5trmi9yf/bTyMFnMpIX+LplRxkK3MBbmfFccKP19p9ApfjHG1 -LL9m4gOaMvTS7CqJS/k1iBQzR04uBXkB7WQ2drn4hc0BiKzFsrFZuM1a9AkJOJva -Ws/OeJkfST1B1gZ8UpnIl9GzgDqiTzbExZYwdzE4yHDM4WcGsysvk7Vpz4N+iFOb -D0YhTNYFNkSZYGhH5TIBEtQQc66aNJT6brhYT3tbipKXrf2XuXXKwtRFfRdrzS/z -Y3oOMLULqdmmfHRgncwJA0PxD5DTt/5sn9nNeEsVroxb+ZmBAgMBAAGjggE5MIIB -NTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBRzsBykL4LLz0elONewBII6fnIVITCB -xAYDVR0jBIG8MIG5gBRzsBykL4LLz0elONewBII6fnIVIaGBnaSBmjCBlzELMAkG -A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx -EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD -DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j -b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW -aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAaxCx+Mt3 -73L1+PxwbRjcNP7Xldj9hY7KS/O+H+sUCNwjNHiYOdefw1L2FD3p3lzC2LFLqExb -kUJm2n886QMgXggPdnm5IRCJt3NGRH5uKAwA5PQ+Zar1xidXLLsdruWUV6NznmtE -ADVK88c0nKKnqmKfHe+obL4Hre+u7pMLusNZTpBALQBe8A8K3hgqs5cxY4T/GBy2 -2H3uM+2Z8PV/iFizDZDb60R+Bjdh1DS59v0+jQfktbCuCc6Y5LAb1XtTlN2KsiDW -sHL4sbx23xaGOXvkqRVHV67KQdY6uhXRwLU4ZgsPgIuiB7T8gB+jTB/SZZfBLK5G -MWFJDddfrNKmBQ== ------END CERTIFICATE-----