WolfSSL
/
wolfssl-nginx
mirror of https://github.com/wolfSSL/wolfssl-nginx.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #1 from SparkiDev/master 

Initial revision
pull/4/head
toddouska 2017-05-10 14:22:47 -07:00 committed by GitHub
parent 713503ac72 cc3974cc78
commit 18d47ec2b3
52 changed files with 4414 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
README.md
View File

@ -1,2 +1,60 @@
# wolfssl-nginx
Adds wolfSSL support to Nginx.
## wolfSSL Support in Nginx
wolfSSL is supported in Nginx. There are minor changes to the Nginx code base
and recompilation is required.
The tested versions:
- wolfSSL 3.11
- Nginx 1.12.0
- Nginx 1.11.13
- Nginx 1.11.10
- Nginx 1.11.7
- Nginx 1.10.3
### Building
First you will need Nginx source package and wolfSSL source code.
Now build and install wolfSSL. The default installation directory is:
/usr/local.
To enable wolfSSL support in Nginx the source code must be patched:
1. Change into the Nginx source directory.
2. Apply patch: patch -p1 < <wolfssl-nginx>/nginx-<nginx-version>-wolfssl.patch
Now rebuild Nginx:
1. Configure Nginx with this command (extra options may be added as required):
- ./configure --with-wolfssl=/usr/local --with-http_ssl_module
2. Build Nginx: make
### Testing
Nginx has a repository of tests that can be obtained with the following command:
- git clone https://github.com/nginx/nginx-tests.git
To run the tests see the README. Tests are expected to pass with exceptions. An example of runnning the tests:
1. Change into nginx-tests directory.
2. Run tests: TEST_NGINX_BINARY=../nginx-<nginx-version>-wolfssl/objs/nginx prove .
There will be skips of SSL tests for the following reasons:
- no multiple certificates (ssl_certificate.t)
- many not work, leaves coredump (ssl_engine_keys.t)
-There will be failures of SSL tests for the following reasons:
- - no support for setting verification depth
- - no support for certificate authorities in certificate request ("no trusted sent")
Note: the file ssl_ecc.t in wolfssl-nginx can be used with the Nginx test
system.
There are additional tests available in wolfssl-nginx. These are in addition
to the Nginx tests. The OpenSSL's superapp is required for OCSP Stapling
testing. To test:
1. Change into wolfssl-nginx directory.
2. Run the script: ./test.sh (If using IPv6 then set IPV6=yes.)
3. When working, the number of FAIL and UNKNOWN will be 0.
Testing is only supported on Linux with bash.

56
conf/ca-cert-ecc.pem 100644
View File

@ -0,0 +1,56 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
ef:46:c7:a4:9b:bb:60:d3
Signature Algorithm: ecdsa-with-SHA256
Issuer: C=US, ST=Washington, L=Seattle, O=Eliptic, OU=ECC, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
Not Before: Aug 11 20:07:38 2016 GMT
Not After : May 8 20:07:38 2019 GMT
Subject: C=US, ST=Washington, L=Seattle, O=Eliptic, OU=ECC, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:bb:33:ac:4c:27:50:4a:c6:4a:a5:04:c3:3c:de:
9f:36:db:72:2d:ce:94:ea:2b:fa:cb:20:09:39:2c:
16:e8:61:02:e9:af:4d:d3:02:93:9a:31:5b:97:92:
21:7f:f0:cf:18:da:91:11:02:34:86:e8:20:58:33:
0b:80:34:89:d8
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30
X509v3 Authority Key Identifier:
keyid:5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30
DirName:/C=US/ST=Washington/L=Seattle/O=Eliptic/OU=ECC/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:EF:46:C7:A4:9B:BB:60:D3
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: ecdsa-with-SHA256
30:46:02:21:00:f1:d0:a6:3e:83:33:24:d1:7a:05:5f:1e:0e:
bd:7d:6b:33:e9:f2:86:f3:f3:3d:a9:ef:6a:87:31:b3:b7:7e:
50:02:21:00:f0:60:dd:ce:a2:db:56:ec:d9:f4:e4:e3:25:d4:
b0:c9:25:7d:ca:7a:5d:ba:c4:b2:f6:7d:04:c7:bd:62:c9:20
-----BEGIN CERTIFICATE-----
MIIDEDCCArWgAwIBAgIJAO9Gx6Sbu2DTMAoGCCqGSM49BAMCMIGPMQswCQYDVQQG
EwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEQMA4G
A1UECgwHRWxpcHRpYzEMMAoGA1UECwwDRUNDMRgwFgYDVQQDDA93d3cud29sZnNz
bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwODEx
MjAwNzM4WhcNMTkwNTA4MjAwNzM4WjCBjzELMAkGA1UEBhMCVVMxEzARBgNVBAgM
Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB0VsaXB0aWMx
DDAKBgNVBAsMA0VDQzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZI
hvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD
QgAEuzOsTCdQSsZKpQTDPN6fNttyLc6U6iv6yyAJOSwW6GEC6a9N0wKTmjFbl5Ih
f/DPGNqREQI0huggWDMLgDSJ2KOB9zCB9DAdBgNVHQ4EFgQUXV0m76x+NvmbdhUr
SiUCI++yiTAwgcQGA1UdIwSBvDCBuYAUXV0m76x+NvmbdhUrSiUCI++yiTChgZWk
gZIwgY8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQH
DAdTZWF0dGxlMRAwDgYDVQQKDAdFbGlwdGljMQwwCgYDVQQLDANFQ0MxGDAWBgNV
BAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3Ns
LmNvbYIJAO9Gx6Sbu2DTMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIh
APHQpj6DMyTRegVfHg69fWsz6fKG8/M9qe9qhzGzt35QAiEA8GDdzqLbVuzZ9OTj
JdSwySV9ynpdusSy9n0Ex71iySA=
-----END CERTIFICATE-----

87
conf/ca-cert.pem 100644
View File

@ -0,0 +1,87 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
b7:b6:90:33:66:1b:6b:23
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
Not Before: Aug 11 20:07:37 2016 GMT
Not After : May 8 20:07:37 2019 GMT
Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a:
f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac:
de:03:66:ee:2a:f1:d8:b0:7d:6e:07:54:0b:10:98:
21:4d:80:cb:12:20:e7:cc:4f:de:45:7d:c9:72:77:
32:ea:ca:90:bb:69:52:10:03:2f:a8:f3:95:c5:f1:
8b:62:56:1b:ef:67:6f:a4:10:41:95:ad:0a:9b:e3:
a5:c0:b0:d2:70:76:50:30:5b:a8:e8:08:2c:7c:ed:
a7:a2:7a:8d:38:29:1c:ac:c7:ed:f2:7c:95:b0:95:
82:7d:49:5c:38:cd:77:25:ef:bd:80:75:53:94:3c:
3d:ca:63:5b:9f:15:b5:d3:1d:13:2f:19:d1:3c:db:
76:3a:cc:b8:7d:c9:e5:c2:d7:da:40:6f:d8:21:dc:
73:1b:42:2d:53:9c:fe:1a:fc:7d:ab:7a:36:3f:98:
de:84:7c:05:67:ce:6a:14:38:87:a9:f1:8c:b5:68:
cb:68:7f:71:20:2b:f5:a0:63:f5:56:2f:a3:26:d2:
b7:6f:b1:5a:17:d7:38:99:08:fe:93:58:6f:fe:c3:
13:49:08:16:0b:a7:4d:67:00:52:31:67:23:4e:98:
ed:51:45:1d:b9:04:d9:0b:ec:d8:28:b3:4b:bd:ed:
36:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
X509v3 Authority Key Identifier:
keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:B7:B6:90:33:66:1B:6B:23
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
0e:93:48:44:4a:72:96:60:71:25:82:a9:2c:ca:60:5b:f2:88:
3e:cf:11:74:5a:11:4a:dc:d9:d8:f6:58:2c:05:d3:56:d9:e9:
8f:37:ef:8e:3e:3b:ff:22:36:00:ca:d8:e2:96:3f:a7:d1:ed:
1f:de:7a:b0:d7:8f:36:bd:41:55:1e:d4:b9:86:3b:87:25:69:
35:60:48:d6:e4:5a:94:ce:a2:fa:70:38:36:c4:85:b4:4b:23:
fe:71:9e:2f:db:06:c7:b5:9c:21:f0:3e:7c:eb:91:f8:5c:09:
fd:84:43:a4:b3:4e:04:0c:22:31:71:6a:48:c8:ab:bb:e8:ce:
fa:67:15:1a:3a:82:98:43:33:b5:0e:1f:1e:89:f8:37:de:1b:
e6:b5:a0:f4:a2:8b:b7:1c:90:ba:98:6d:94:21:08:80:5d:f3:
bf:66:ad:c9:72:28:7a:6a:48:ee:cf:63:69:31:8c:c5:8e:66:
da:4b:78:65:e8:03:3a:4b:f8:cc:42:54:d3:52:5c:2d:04:ae:
26:87:e1:7e:40:cb:45:41:16:4b:6e:a3:2e:4a:76:bd:29:7f:
1c:53:37:06:ad:e9:5b:6a:d6:b7:4e:94:a2:7c:e8:ac:4e:a6:
50:3e:2b:32:9e:68:42:1b:e4:59:67:61:ea:c7:9a:51:9c:1c:
55:a3:77:76
-----BEGIN CERTIFICATE-----
MIIEqjCCA5KgAwIBAgIJALe2kDNmG2sjMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD
VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G
A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3
dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe
Fw0xNjA4MTEyMDA3MzdaFw0xOTA1MDgyMDA3MzdaMIGUMQswCQYDVQQGEwJVUzEQ
MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3
dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAL8Myi0Ush6EQlvNOB9K8k11EPG2NZ/fyn0D
mNOs3gNm7irx2LB9bgdUCxCYIU2AyxIg58xP3kV9yXJ3MurKkLtpUhADL6jzlcXx
i2JWG+9nb6QQQZWtCpvjpcCw0nB2UDBbqOgILHztp6J6jTgpHKzH7fJ8lbCVgn1J
XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc
/hr8fat6Nj+Y3oR8BWfOahQ4h6nxjLVoy2h/cSAr9aBj9VYvoybSt2+xWhfXOJkI
/pNYb/7DE0kIFgunTWcAUjFnI06Y7VFFHbkE2Qvs2CizS73tNnkCAwEAAaOB/DCB
+TAdBgNVHQ4EFgQUJ45nEXTDJh0/7TNjs6TYHTDl6NUwgckGA1UdIwSBwTCBvoAU
J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD
VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290
aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAt7aQM2YbayMwDAYD
VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEADpNIREpylmBxJYKpLMpgW/KI
Ps8RdFoRStzZ2PZYLAXTVtnpjzfvjj47/yI2AMrY4pY/p9HtH956sNePNr1BVR7U
uYY7hyVpNWBI1uRalM6i+nA4NsSFtEsj/nGeL9sGx7WcIfA+fOuR+FwJ/YRDpLNO
BAwiMXFqSMiru+jO+mcVGjqCmEMztQ4fHon4N94b5rWg9KKLtxyQuphtlCEIgF3z
v2atyXIoempI7s9jaTGMxY5m2kt4ZegDOkv4zEJU01JcLQSuJofhfkDLRUEWS26j
Lkp2vSl/HFM3Bq3pW2rWt06UonzorE6mUD4rMp5oQhvkWWdh6seaUZwcVaN3dg==
-----END CERTIFICATE-----

4
conf/cert-ecc-p8.key 100644
View File

@ -0,0 +1,4 @@
-----BEGIN PRIVATE KEY-----
MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCBFtmkCc5xshaE4W3Lo
6MesxAONUzUE+mwo3DSN4agJjA==
-----END PRIVATE KEY-----

4
conf/cert-ecc-priv.key 100644
View File

@ -0,0 +1,4 @@
-----BEGIN EC PRIVATE KEY-----
MDECAQEEIEW2aQJznGyFoThbcujox6zEA41TNQT6bCjcNI3hqAmMoAoGCCqGSM49
AwEH
-----END EC PRIVATE KEY-----

9
conf/cert-ecc.key 100644
View File

@ -0,0 +1,9 @@
ASN1 OID: prime256v1
-----BEGIN EC PARAMETERS-----
BggqhkjOPQMBBw==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIEW2aQJznGyFoThbcujox6zEA41TNQT6bCjcNI3hqAmMoAoGCCqGSM49
AwEHoUQDQgAEuzOsTCdQSsZKpQTDPN6fNttyLc6U6iv6yyAJOSwW6GEC6a9N0wKT
mjFbl5Ihf/DPGNqREQI0huggWDMLgDSJ2A==
-----END EC PRIVATE KEY-----

56
conf/cert-ecc.pem 100644
View File

@ -0,0 +1,56 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
ef:46:c7:a4:9b:bb:60:d3
Signature Algorithm: ecdsa-with-SHA256
Issuer: C=US, ST=Washington, L=Seattle, O=Eliptic, OU=ECC, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
Not Before: Aug 11 20:07:38 2016 GMT
Not After : May 8 20:07:38 2019 GMT
Subject: C=US, ST=Washington, L=Seattle, O=Eliptic, OU=ECC, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:bb:33:ac:4c:27:50:4a:c6:4a:a5:04:c3:3c:de:
9f:36:db:72:2d:ce:94:ea:2b:fa:cb:20:09:39:2c:
16:e8:61:02:e9:af:4d:d3:02:93:9a:31:5b:97:92:
21:7f:f0:cf:18:da:91:11:02:34:86:e8:20:58:33:
0b:80:34:89:d8
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30
X509v3 Authority Key Identifier:
keyid:5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30
DirName:/C=US/ST=Washington/L=Seattle/O=Eliptic/OU=ECC/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:EF:46:C7:A4:9B:BB:60:D3
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: ecdsa-with-SHA256
30:46:02:21:00:f1:d0:a6:3e:83:33:24:d1:7a:05:5f:1e:0e:
bd:7d:6b:33:e9:f2:86:f3:f3:3d:a9:ef:6a:87:31:b3:b7:7e:
50:02:21:00:f0:60:dd:ce:a2:db:56:ec:d9:f4:e4:e3:25:d4:
b0:c9:25:7d:ca:7a:5d:ba:c4:b2:f6:7d:04:c7:bd:62:c9:20
-----BEGIN CERTIFICATE-----
MIIDEDCCArWgAwIBAgIJAO9Gx6Sbu2DTMAoGCCqGSM49BAMCMIGPMQswCQYDVQQG
EwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEQMA4G
A1UECgwHRWxpcHRpYzEMMAoGA1UECwwDRUNDMRgwFgYDVQQDDA93d3cud29sZnNz
bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwODEx
MjAwNzM4WhcNMTkwNTA4MjAwNzM4WjCBjzELMAkGA1UEBhMCVVMxEzARBgNVBAgM
Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB0VsaXB0aWMx
DDAKBgNVBAsMA0VDQzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZI
hvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD
QgAEuzOsTCdQSsZKpQTDPN6fNttyLc6U6iv6yyAJOSwW6GEC6a9N0wKTmjFbl5Ih
f/DPGNqREQI0huggWDMLgDSJ2KOB9zCB9DAdBgNVHQ4EFgQUXV0m76x+NvmbdhUr
SiUCI++yiTAwgcQGA1UdIwSBvDCBuYAUXV0m76x+NvmbdhUrSiUCI++yiTChgZWk
gZIwgY8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQH
DAdTZWF0dGxlMRAwDgYDVQQKDAdFbGlwdGljMQwwCgYDVQQLDANFQ0MxGDAWBgNV
BAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3Ns
LmNvbYIJAO9Gx6Sbu2DTMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIh
APHQpj6DMyTRegVfHg69fWsz6fKG8/M9qe9qhzGzt35QAiEA8GDdzqLbVuzZ9OTj
JdSwySV9ynpdusSy9n0Ex71iySA=
-----END CERTIFICATE-----

27
conf/cert.key 100644
View File

@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAwJUI4VdB8nFtt9JFQScBZcZFrvK8JDC4lc4vTtb2HIi8fJ/7
qGd//lycUXX3isoH5zUvj+G9e8AvfKtkqBf8yl17uuAh5XIuby6G2JVz2qwbU7lf
P9cZDSVP4WNjUYsLZD+tQ7ilHFw0s64AoGPF9n8LWWh4c6aMGKkCba/DGQEuuBDj
xsxAtGmjRjNph27Euxem8+jdrXO8ey8htf1mUQy9VLPhbV8cvCNz0QkDiRTSELlk
wyrQoZZKvOHUGlvHoMDBY3gPRDcwMpaAMiOVoXe6E9KXc+JdJclqDcM5YKS0sGlC
Qgnp2Ai8MyCzWCKnquvE4eZhg8XSlt/Z0E+t1wIDAQABAoIBAQCa0DQPUmIFUAHv
n+1kbsLE2hryhNeSEEiSxOlq64t1bMZ5OPLJckqGZFSVd8vDmp231B2kAMieTuTd
x7pnFsF0vKnWlI8rMBr77d8hBSPZSjm9mGtlmrjcxH3upkMVLj2+HSJgKnMw1T7Y
oqyGQy7E9WReP4l1DxHYUSVOn9iqo85gs+KK2X4b8GTKmlsFC1uqy+XjP24yIgXz
0PrvdFKB4l90073/MYNFdfpjepcu1rYZxpIm5CgGUFAOeC6peA0Ul7QS2DFAq6EB
QcIw+AdfFuRhd9Jg8p+N6PS662PeKpeB70xs5lU0USsoNPRTHMRYCj+7r7X3SoVD
LTzxWFiBAoGBAPIsVHY5I2PJEDK3k62vvhl1loFk5rW4iUJB0W3QHBv4G6xpyzY8
ZH3c9Bm4w2CxV0hfUk9ZOlV/MsAZQ1A/rs5vF/MOn0DKTq0VO8l56cBZOHNwnAp8
yTpIMqfYSXUKhcLC/RVz2pkJKmmanwpxv7AEpox6Wm9IWlQ7xrFTF9/nAoGBAMuT
3ncVXbdcXHzYkKmYLdZpDmOzo9ymzItqpKISjI57SCyySzfcBhh96v52odSh6T8N
zRtfr1+elltbD6F8r7ObkNtXczrtsCNErkFPHwdCEyNMy/r0FKTV9542fFufqDzB
hV900jkt/9CE3/uzIHoumxeu5roLrl9TpFLtG8SRAoGBAOyY2rvV/vlSSn0CVUlv
VW5SL4SjK7OGYrNU0mNS2uOIdqDvixWl0xgUcndex6MEH54ZYrUbG57D8rUy+UzB
qusMJn3UX0pRXKRFBnBEp1bA1CIUdp7YY1CJkNPiv4GVkjFBhzkaQwsYpVMfORpf
H0O8h2rfbtMiAP4imHBOGhkpAoGBAIpBVihRnl/Ungs7mKNU8mxW1KrpaTOFJAza
1AwtxL9PAmk4fNTm3Ezt1xYRwz4A58MmwFEC3rt1nG9WnHrzju/PisUr0toGakTJ
c/5umYf4W77xfOZltU9s8MnF/xbKixsX4lg9ojerAby/QM5TjI7t7+5ZneBj5nxe
9Y5L8TvBAoGATUX5QIzFW/QqGoq08hysa+kMVja3TnKW1eWK0uL/8fEYEz2GCbjY
dqfJHHFSlDBD4PF4dP1hG0wJzOZoKnGtHN9DvFbbpaS+NXCkXs9P/ABVmTo9I89n
WvUi+LUp0EQR6zUuRr79jhiyX6i/GTKh9dwD5nyaHwx8qbAOITc78bA=
-----END RSA PRIVATE KEY-----

173
conf/cert.pem 100644
View File

@ -0,0 +1,173 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
Not Before: Aug 11 20:07:37 2016 GMT
Not After : May 8 20:07:37 2019 GMT
Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Support, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
ad:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
X509v3 Authority Key Identifier:
keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:B7:B6:90:33:66:1B:6B:23
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
51:fe:2a:df:07:7e:43:ca:66:8d:15:c4:2b:db:57:b2:06:6d:
0d:90:66:ff:a5:24:9c:14:ef:81:f2:a4:ab:99:a9:6a:49:20:
a5:d2:71:e7:1c:3c:99:07:c7:47:fc:e8:96:b4:f5:42:30:ce:
39:01:4b:d1:c2:e8:bc:95:84:87:ce:55:5d:97:9f:cf:78:f3:
56:9b:a5:08:6d:ac:f6:a5:5c:c4:ef:3e:2a:39:a6:48:26:29:
7b:2d:e0:cd:a6:8c:57:48:0b:bb:31:32:c2:bf:d9:43:4c:47:
25:18:81:a8:c9:33:82:41:9b:ba:61:86:d7:84:93:17:24:25:
36:ca:4d:63:6b:4f:95:79:d8:60:e0:1e:f5:ac:c1:8a:a1:b1:
7e:85:8e:87:20:2f:08:31:ad:5e:c6:4a:c8:61:f4:9e:07:1e:
a2:22:ed:73:7c:85:ee:fa:62:dc:50:36:aa:fd:c7:9d:aa:18:
04:fb:ea:cc:2c:68:9b:b3:a9:c2:96:d8:c1:cc:5a:7e:f7:0d:
9e:08:e0:9d:29:8b:84:46:8f:d3:91:6a:b5:b8:7a:5c:cc:4f:
55:01:b8:9a:48:a0:94:43:ca:25:47:52:0a:f7:f4:be:b0:d1:
71:6d:a5:52:4a:65:50:b2:ad:4e:1d:e0:6c:01:d8:fb:43:80:
e6:e4:0c:37
-----BEGIN CERTIFICATE-----
MIIEnjCCA4agAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwODEx
MjAwNzM3WhcNMTkwNTA4MjAwNzM3WjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxEDAO
BgNVBAsMB1N1cHBvcnQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMCVCOFXQfJxbbfSRUEnAWXGRa7yvCQwuJXOL07W9hyIvHyf+6hn
f/5cnFF194rKB+c1L4/hvXvAL3yrZKgX/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/X
GQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBjxfZ/C1loeHOmjBipAm2vwxkBLrgQ48bM
QLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq
0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3uhPSl3PiXSXJag3DOWCktLBpQkIJ
6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAAaOB/DCB+TAdBgNVHQ4EFgQU
sxEyyZKYhOLJ+NA7bgNCyh8OjjwwgckGA1UdIwSBwTCBvoAUJ45nEXTDJh0/7TNj
s6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5h
MRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwK
Q29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcN
AQkBFhBpbmZvQHdvbGZzc2wuY29tggkAt7aQM2YbayMwDAYDVR0TBAUwAwEB/zAN
BgkqhkiG9w0BAQsFAAOCAQEAUf4q3wd+Q8pmjRXEK9tXsgZtDZBm/6UknBTvgfKk
q5mpakkgpdJx5xw8mQfHR/zolrT1QjDOOQFL0cLovJWEh85VXZefz3jzVpulCG2s
9qVcxO8+KjmmSCYpey3gzaaMV0gLuzEywr/ZQ0xHJRiBqMkzgkGbumGG14STFyQl
NspNY2tPlXnYYOAe9azBiqGxfoWOhyAvCDGtXsZKyGH0ngceoiLtc3yF7vpi3FA2
qv3HnaoYBPvqzCxom7OpwpbYwcxafvcNngjgnSmLhEaP05Fqtbh6XMxPVQG4mkig
lEPKJUdSCvf0vrDRcW2lUkplULKtTh3gbAHY+0OA5uQMNw==
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
b7:b6:90:33:66:1b:6b:23
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
Not Before: Aug 11 20:07:37 2016 GMT
Not After : May 8 20:07:37 2019 GMT
Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a:
f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac:
de:03:66:ee:2a:f1:d8:b0:7d:6e:07:54:0b:10:98:
21:4d:80:cb:12:20:e7:cc:4f:de:45:7d:c9:72:77:
32:ea:ca:90:bb:69:52:10:03:2f:a8:f3:95:c5:f1:
8b:62:56:1b:ef:67:6f:a4:10:41:95:ad:0a:9b:e3:
a5:c0:b0:d2:70:76:50:30:5b:a8:e8:08:2c:7c:ed:
a7:a2:7a:8d:38:29:1c:ac:c7:ed:f2:7c:95:b0:95:
82:7d:49:5c:38:cd:77:25:ef:bd:80:75:53:94:3c:
3d:ca:63:5b:9f:15:b5:d3:1d:13:2f:19:d1:3c:db:
76:3a:cc:b8:7d:c9:e5:c2:d7:da:40:6f:d8:21:dc:
73:1b:42:2d:53:9c:fe:1a:fc:7d:ab:7a:36:3f:98:
de:84:7c:05:67:ce:6a:14:38:87:a9:f1:8c:b5:68:
cb:68:7f:71:20:2b:f5:a0:63:f5:56:2f:a3:26:d2:
b7:6f:b1:5a:17:d7:38:99:08:fe:93:58:6f:fe:c3:
13:49:08:16:0b:a7:4d:67:00:52:31:67:23:4e:98:
ed:51:45:1d:b9:04:d9:0b:ec:d8:28:b3:4b:bd:ed:
36:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
X509v3 Authority Key Identifier:
keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:B7:B6:90:33:66:1B:6B:23
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
0e:93:48:44:4a:72:96:60:71:25:82:a9:2c:ca:60:5b:f2:88:
3e:cf:11:74:5a:11:4a:dc:d9:d8:f6:58:2c:05:d3:56:d9:e9:
8f:37:ef:8e:3e:3b:ff:22:36:00:ca:d8:e2:96:3f:a7:d1:ed:
1f:de:7a:b0:d7:8f:36:bd:41:55:1e:d4:b9:86:3b:87:25:69:
35:60:48:d6:e4:5a:94:ce:a2:fa:70:38:36:c4:85:b4:4b:23:
fe:71:9e:2f:db:06:c7:b5:9c:21:f0:3e:7c:eb:91:f8:5c:09:
fd:84:43:a4:b3:4e:04:0c:22:31:71:6a:48:c8:ab:bb:e8:ce:
fa:67:15:1a:3a:82:98:43:33:b5:0e:1f:1e:89:f8:37:de:1b:
e6:b5:a0:f4:a2:8b:b7:1c:90:ba:98:6d:94:21:08:80:5d:f3:
bf:66:ad:c9:72:28:7a:6a:48:ee:cf:63:69:31:8c:c5:8e:66:
da:4b:78:65:e8:03:3a:4b:f8:cc:42:54:d3:52:5c:2d:04:ae:
26:87:e1:7e:40:cb:45:41:16:4b:6e:a3:2e:4a:76:bd:29:7f:
1c:53:37:06:ad:e9:5b:6a:d6:b7:4e:94:a2:7c:e8:ac:4e:a6:
50:3e:2b:32:9e:68:42:1b:e4:59:67:61:ea:c7:9a:51:9c:1c:
55:a3:77:76
-----BEGIN CERTIFICATE-----
MIIEqjCCA5KgAwIBAgIJALe2kDNmG2sjMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD
VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G
A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3
dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe
Fw0xNjA4MTEyMDA3MzdaFw0xOTA1MDgyMDA3MzdaMIGUMQswCQYDVQQGEwJVUzEQ
MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3
dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAL8Myi0Ush6EQlvNOB9K8k11EPG2NZ/fyn0D
mNOs3gNm7irx2LB9bgdUCxCYIU2AyxIg58xP3kV9yXJ3MurKkLtpUhADL6jzlcXx
i2JWG+9nb6QQQZWtCpvjpcCw0nB2UDBbqOgILHztp6J6jTgpHKzH7fJ8lbCVgn1J
XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc
/hr8fat6Nj+Y3oR8BWfOahQ4h6nxjLVoy2h/cSAr9aBj9VYvoybSt2+xWhfXOJkI
/pNYb/7DE0kIFgunTWcAUjFnI06Y7VFFHbkE2Qvs2CizS73tNnkCAwEAAaOB/DCB
+TAdBgNVHQ4EFgQUJ45nEXTDJh0/7TNjs6TYHTDl6NUwgckGA1UdIwSBwTCBvoAU
J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD
VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290
aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAt7aQM2YbayMwDAYD
VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEADpNIREpylmBxJYKpLMpgW/KI
Ps8RdFoRStzZ2PZYLAXTVtnpjzfvjj47/yI2AMrY4pY/p9HtH956sNePNr1BVR7U
uYY7hyVpNWBI1uRalM6i+nA4NsSFtEsj/nGeL9sGx7WcIfA+fOuR+FwJ/YRDpLNO
BAwiMXFqSMiru+jO+mcVGjqCmEMztQ4fHon4N94b5rWg9KKLtxyQuphtlCEIgF3z
v2atyXIoempI7s9jaTGMxY5m2kt4ZegDOkv4zEJU01JcLQSuJofhfkDLRUEWS26j
Lkp2vSl/HFM3Bq3pW2rWt06UonzorE6mUD4rMp5oQhvkWWdh6seaUZwcVaN3dg==
-----END CERTIFICATE-----

39
conf/cliCrl.pem 100644
View File

@ -0,0 +1,39 @@
Certificate Revocation List (CRL):
Version 2 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: /C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=Programming-2048/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Last Update: Aug 11 20:07:38 2016 GMT
Next Update: May 8 20:07:38 2019 GMT
CRL extensions:
X509v3 CRL Number:
3
No Revoked Certificates.
Signature Algorithm: sha256WithRSAEncryption
14:85:d5:c8:db:62:74:48:94:5e:dc:52:0f:5e:43:8b:29:83:
32:e0:7a:4c:5c:76:e3:7e:c1:87:74:40:b2:6f:f8:33:4c:2c:
32:08:f0:5f:d9:85:b3:20:05:34:5d:15:4d:ba:45:bc:2d:9c:
ae:40:d0:d8:9a:b3:a1:4f:0b:94:ce:c4:23:c6:bf:a2:f8:a6:
02:4c:6d:ad:5a:59:b3:83:55:dd:37:91:f6:75:d4:6f:83:5f:
1c:29:94:cd:01:09:dc:38:d8:6c:c0:9f:1e:76:9d:f9:8f:70:
0d:48:e5:99:82:90:3a:36:f1:33:17:69:73:8a:ee:a7:22:4c:
58:93:a1:dc:59:b9:44:8f:88:99:0b:c4:d3:74:aa:02:9a:84:
36:48:d8:a0:05:73:bc:14:32:1e:76:23:85:c5:94:56:b2:2c:
61:3b:07:d7:bd:0c:27:f7:d7:23:40:bd:0c:6c:c7:e0:f7:28:
74:67:98:20:93:72:16:b6:6e:67:3f:9e:c9:34:c5:64:09:bf:
b1:ab:87:0c:80:b6:1f:89:d8:0e:67:c2:c7:19:df:ee:9f:b2:
e6:fb:64:3d:82:7a:47:e2:8d:a3:93:1d:29:f6:94:db:83:2f:
b6:0a:a0:da:77:e3:56:ec:d7:d2:22:3c:88:4d:4a:87:de:b5:
1c:eb:7b:08
-----BEGIN X509 CRL-----
MIIB+DCB4QIBATANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCVVMxEDAOBgNV
BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTATBgNVBAoMDHdvbGZTU0xf
MjA0ODEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMjA0ODEYMBYGA1UEAwwPd3d3Lndv
bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xNjA4
MTEyMDA3MzhaFw0xOTA1MDgyMDA3MzhaoA4wDDAKBgNVHRQEAwIBAzANBgkqhkiG
9w0BAQsFAAOCAQEAFIXVyNtidEiUXtxSD15DiymDMuB6TFx2437Bh3RAsm/4M0ws
MgjwX9mFsyAFNF0VTbpFvC2crkDQ2JqzoU8LlM7EI8a/ovimAkxtrVpZs4NV3TeR
9nXUb4NfHCmUzQEJ3DjYbMCfHnad+Y9wDUjlmYKQOjbxMxdpc4rupyJMWJOh3Fm5
RI+ImQvE03SqApqENkjYoAVzvBQyHnYjhcWUVrIsYTsH170MJ/fXI0C9DGzH4Pco
dGeYIJNyFrZuZz+eyTTFZAm/sauHDIC2H4nYDmfCxxnf7p+y5vtkPYJ6R+KNo5Md
KfaU24Mvtgqg2nfjVuzX0iI8iE1Kh961HOt7CA==
-----END X509 CRL-----

88
conf/client-cert.pem 100644
View File

@ -0,0 +1,88 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
b9:bc:90:ed:ad:aa:0a:8c
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL_2048, OU=Programming-2048, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
Not Before: Aug 11 20:07:37 2016 GMT
Not After : May 8 20:07:37 2019 GMT
Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_2048, OU=Programming-2048, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c3:03:d1:2b:fe:39:a4:32:45:3b:53:c8:84:2b:
2a:7c:74:9a:bd:aa:2a:52:07:47:d6:a6:36:b2:07:
32:8e:d0:ba:69:7b:c6:c3:44:9e:d4:81:48:fd:2d:
68:a2:8b:67:bb:a1:75:c8:36:2c:4a:d2:1b:f7:8b:
ba:cf:0d:f9:ef:ec:f1:81:1e:7b:9b:03:47:9a:bf:
65:cc:7f:65:24:69:a6:e8:14:89:5b:e4:34:f7:c5:
b0:14:93:f5:67:7b:3a:7a:78:e1:01:56:56:91:a6:
13:42:8d:d2:3c:40:9c:4c:ef:d1:86:df:37:51:1b:
0c:a1:3b:f5:f1:a3:4a:35:e4:e1:ce:96:df:1b:7e:
bf:4e:97:d0:10:e8:a8:08:30:81:af:20:0b:43:14:
c5:74:67:b4:32:82:6f:8d:86:c2:88:40:99:36:83:
ba:1e:40:72:22:17:d7:52:65:24:73:b0:ce:ef:19:
cd:ae:ff:78:6c:7b:c0:12:03:d4:4e:72:0d:50:6d:
3b:a3:3b:a3:99:5e:9d:c8:d9:0c:85:b3:d9:8a:d9:
54:26:db:6d:fa:ac:bb:ff:25:4c:c4:d1:79:f4:71:
d3:86:40:18:13:b0:63:b5:72:4e:30:c4:97:84:86:
2d:56:2f:d7:15:f7:7f:c0:ae:f5:fc:5b:e5:fb:a1:
ba:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0
X509v3 Authority Key Identifier:
keyid:33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0
DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=Programming-2048/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:B9:BC:90:ED:AD:AA:0A:8C
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
33:85:08:b4:58:0e:a2:00:03:74:de:77:fb:d1:2b:76:9c:97:
90:20:21:a2:e8:2e:22:50:26:04:76:ba:5b:47:79:e5:52:f7:
c4:0d:79:ff:62:3f:05:7c:c3:08:6c:e0:b7:81:d0:ce:c6:c9:
46:b9:8e:4b:5f:56:79:4b:13:b6:d1:6b:66:4b:ce:00:0d:e3:
76:5e:fb:cb:b5:5d:12:31:05:f1:bb:39:f6:86:90:ca:92:56:
a4:a0:75:21:b6:1d:4c:96:c3:45:eb:5a:91:94:32:d3:59:b8:
c9:73:1f:03:a9:81:63:e0:43:c0:1e:c8:65:be:3b:a7:53:c3:
44:ff:b3:fb:47:84:a8:b6:9d:00:d5:6b:ae:87:f8:bb:35:b2:
6c:66:0b:11:ee:6f:fe:12:ed:59:79:f1:3e:f2:d3:61:27:8b:
95:7e:99:75:8d:a4:9f:34:85:f1:25:4d:48:1e:9b:6b:70:f6:
66:cc:56:b1:a3:02:52:8a:7c:aa:af:07:da:97:c6:0c:a5:8f:
ed:cb:f5:d8:04:5d:97:0a:5d:5a:2b:49:f5:bd:93:e5:23:9b:
99:b5:0c:ff:0c:7e:38:82:b2:6e:ab:8a:c9:a7:45:ab:d6:d7:
93:35:70:07:7e:c8:3d:a5:fe:33:8f:d9:85:c0:c7:5a:02:e4:
7c:d6:35:9e
-----BEGIN CERTIFICATE-----
MIIEyjCCA7KgAwIBAgIJALm8kO2tqgqMMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD
VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEVMBMG
A1UECgwMd29sZlNTTF8yMDQ4MRkwFwYDVQQLDBBQcm9ncmFtbWluZy0yMDQ4MRgw
FgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s
ZnNzbC5jb20wHhcNMTYwODExMjAwNzM3WhcNMTkwNTA4MjAwNzM3WjCBnjELMAkG
A1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTAT
BgNVBAoMDHdvbGZTU0xfMjA0ODEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMjA0ODEY
MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
bGZzc2wuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwwPRK/45
pDJFO1PIhCsqfHSavaoqUgdH1qY2sgcyjtC6aXvGw0Se1IFI/S1oootnu6F1yDYs
StIb94u6zw357+zxgR57mwNHmr9lzH9lJGmm6BSJW+Q098WwFJP1Z3s6enjhAVZW
kaYTQo3SPECcTO/Rht83URsMoTv18aNKNeThzpbfG36/TpfQEOioCDCBryALQxTF
dGe0MoJvjYbCiECZNoO6HkByIhfXUmUkc7DO7xnNrv94bHvAEgPUTnINUG07ozuj
mV6dyNkMhbPZitlUJttt+qy7/yVMxNF59HHThkAYE7BjtXJOMMSXhIYtVi/XFfd/
wK71/Fvl+6G60wIDAQABo4IBBzCCAQMwHQYDVR0OBBYEFDPYRWbXaIcYflQNcCeR
xybXhWXAMIHTBgNVHSMEgcswgciAFDPYRWbXaIcYflQNcCeRxybXhWXAoYGkpIGh
MIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96
ZW1hbjEVMBMGA1UECgwMd29sZlNTTF8yMDQ4MRkwFwYDVQQLDBBQcm9ncmFtbWlu
Zy0yMDQ4MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEW
EGluZm9Ad29sZnNzbC5jb22CCQC5vJDtraoKjDAMBgNVHRMEBTADAQH/MA0GCSqG
SIb3DQEBCwUAA4IBAQAzhQi0WA6iAAN03nf70St2nJeQICGi6C4iUCYEdrpbR3nl
UvfEDXn/Yj8FfMMIbOC3gdDOxslGuY5LX1Z5SxO20WtmS84ADeN2XvvLtV0SMQXx
uzn2hpDKklakoHUhth1MlsNF61qRlDLTWbjJcx8DqYFj4EPAHshlvjunU8NE/7P7
R4Sotp0A1Wuuh/i7NbJsZgsR7m/+Eu1ZefE+8tNhJ4uVfpl1jaSfNIXxJU1IHptr
cPZmzFaxowJSinyqrwfal8YMpY/ty/XYBF2XCl1aK0n1vZPlI5uZtQz/DH44grJu
q4rJp0Wr1teTNXAHfsg9pf4zj9mFwMdaAuR81jWe
-----END CERTIFICATE-----

27
conf/client-key.pem 100644
View File

@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAwwPRK/45pDJFO1PIhCsqfHSavaoqUgdH1qY2sgcyjtC6aXvG
w0Se1IFI/S1oootnu6F1yDYsStIb94u6zw357+zxgR57mwNHmr9lzH9lJGmm6BSJ
W+Q098WwFJP1Z3s6enjhAVZWkaYTQo3SPECcTO/Rht83URsMoTv18aNKNeThzpbf
G36/TpfQEOioCDCBryALQxTFdGe0MoJvjYbCiECZNoO6HkByIhfXUmUkc7DO7xnN
rv94bHvAEgPUTnINUG07ozujmV6dyNkMhbPZitlUJttt+qy7/yVMxNF59HHThkAY
E7BjtXJOMMSXhIYtVi/XFfd/wK71/Fvl+6G60wIDAQABAoIBAQCi5thfEHFkCJ4u
bdFtHoXSCrGMR84sUWqgEp5T3pFMHW3qWXvyd6rZxtmKq9jhFuRjJv+1bBNZuOOl
yHIXLgyfb+VZP3ZvSbERwlouFikN3reO3EDVou7gHqH0vpfbhmOWFM2YCWAtMHac
PM3miO5HknkLWgDiXl8RfH35CLcgBokqXf0AqyLh8LO8JKleJg4fAC3+IZpTW23T
K6uUgmhDNtj2L8Yi/LVBXQ0zYOqkfX7oS1WRVtNcV48flBcvqt7pnqj0z4pMjqDk
VnOyz0+GxWk88yQgi1yWDPprEjuaZ8HfxpaypdWSDZsJQmgkEEXUUOQXOUjQNYuU
bRHej8pZAoGBAOokp/lpM+lx3FJ9iCEoL0neunIW6cxHeogNlFeEWBY6gbA/os+m
bB6wBikAj+d3dqzbysfZXps/JpBSrvw4kAAUu7QPWJTnL2p+HE9BIdQxWR9OihqN
p1dsItjl9H4yphDLZKVVA4emJwWMw9e2J7JNujDaR49U0z2LhI2UmFilAoGBANU4
G8OPxZMMRwtvNZLFsI1GyJIYj/WACvfvof6AubUqusoYsF2lB9CTjdicBBzUYo6m
JoEB/86KKmM0NUCqbYDeiSNqV02ebq2TTlaQC22dc4sMric93k7wqsVseGdslFKc
N2dsLe+7r9+mkDzER8+Nlp6YqbSfxaZQ3LPw+3QXAoGAXoMJYr26fKK/QnT1fBzS
ackEDYV+Pj0kEsMYe/Mp818OdmxZdeRBhGmdMvPNIquwNbpKsjzl2Vi2Yk9d3uWe
CspTsiz3nrNrClt5ZexukU6SIPb8/Bbt03YM4ux/smkTa3gOWkZktF63JaBadTpL
78c8Pvf9JrggxJkKmnO+wxkCgYEAukSTFKw0GTtfkWCs97TWgQU2UVM96GXcry7c
YT7Jfbh/h/A7mwOCKTfOck4R1bHBDAegmZFKjX/sec/xObXphexi99p9vGRNIjwO
8tZR9YfYmcARIF0PKf1b4q7ZHNkhVm38hNBf7RAVHBgh58Q9S9fQnmqVzyLJA3ue
42AB/C8CgYAR0EvPG2e5nxB1R4ZlrjHCxjCsWQZQ2Q+1cAb38NPIYnyo2m72IT/T
f1/qiqs/2Spe81HSwjA34y2jdQ0eTSE01VdwXIm/cuxKbmjVzRh0M06MOkWP5pZA
62P5GYY6Ud2JS7Dz+Z9dKJU4vjWrylznk1M0oUVdEzllQkahn831vw==
-----END RSA PRIVATE KEY-----

44
conf/crl-revoked.pem 100644
View File

@ -0,0 +1,44 @@
Certificate Revocation List (CRL):
Version 2 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Last Update: Aug 11 20:07:38 2016 GMT
Next Update: May 8 20:07:38 2019 GMT
CRL extensions:
X509v3 CRL Number:
2
Revoked Certificates:
Serial Number: 01
Revocation Date: Aug 11 20:07:38 2016 GMT
Serial Number: 02
Revocation Date: Aug 11 20:07:38 2016 GMT
Signature Algorithm: sha256WithRSAEncryption
91:67:3d:34:8f:85:87:cd:11:0f:e2:af:cd:77:3f:d8:f2:15:
cb:c3:0d:49:02:87:13:f5:82:9e:a9:6f:ed:6a:aa:28:b7:6c:
61:7b:ac:90:d0:e5:a1:3d:80:2c:31:6f:4e:0b:e9:9a:44:db:
6b:24:71:34:9f:d1:51:53:8a:bd:bd:1c:20:e0:96:73:7b:29:
1c:e3:56:97:46:a2:5e:db:ae:fe:1f:4a:c1:5c:5b:30:74:a4:
70:dc:7e:70:7f:42:9f:48:d3:99:16:ff:34:f9:a7:db:ad:3d:
bc:a6:9d:ee:6a:ed:e7:e0:2f:ef:24:ab:4c:9b:44:d8:fc:1c:
48:9f:f4:3c:14:f3:6c:a2:0f:a7:93:00:32:29:96:7e:98:5d:
c9:85:fa:94:4c:e2:03:7e:fb:bf:f0:0e:93:52:3b:8a:e1:43:
fe:3f:f2:57:02:21:e8:ff:43:da:3e:f0:3d:1a:eb:96:7a:0a:
d8:27:56:e2:30:2a:3c:a3:93:ff:1e:3f:98:6b:4e:ea:78:90:
8b:d7:24:0a:98:b8:c1:e8:f5:02:d2:18:07:17:c3:6c:b5:db:
a7:61:c5:5d:8e:36:80:f5:aa:c1:a7:5b:66:4a:dd:17:62:da:
80:70:83:4d:69:fa:c4:f4:2d:27:90:8d:7f:28:34:19:e0:a3:
8a:6b:73:55
-----BEGIN X509 CRL-----
MIICGTCCAQECAQEwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVTMRAwDgYD
VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290
aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xNjA4MTEyMDA3Mzha
Fw0xOTA1MDgyMDA3MzhaMCgwEgIBARcNMTYwODExMjAwNzM4WjASAgECFw0xNjA4
MTEyMDA3MzhaoA4wDDAKBgNVHRQEAwIBAjANBgkqhkiG9w0BAQsFAAOCAQEAkWc9
NI+Fh80RD+KvzXc/2PIVy8MNSQKHE/WCnqlv7WqqKLdsYXuskNDloT2ALDFvTgvp
mkTbayRxNJ/RUVOKvb0cIOCWc3spHONWl0aiXtuu/h9KwVxbMHSkcNx+cH9Cn0jT
mRb/NPmn2609vKad7mrt5+Av7ySrTJtE2PwcSJ/0PBTzbKIPp5MAMimWfphdyYX6
lEziA377v/AOk1I7iuFD/j/yVwIh6P9D2j7wPRrrlnoK2CdW4jAqPKOT/x4/mGtO
6niQi9ckCpi4wej1AtIYBxfDbLXbp2HFXY42gPWqwadbZkrdF2LagHCDTWn6xPQt
J5CNfyg0GeCjimtzVQ==
-----END X509 CRL-----

41
conf/crl.pem 100644
View File

@ -0,0 +1,41 @@
Certificate Revocation List (CRL):
Version 2 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Last Update: Aug 11 20:07:38 2016 GMT
Next Update: May 8 20:07:38 2019 GMT
CRL extensions:
X509v3 CRL Number:
1
Revoked Certificates:
Serial Number: 02
Revocation Date: Aug 11 20:07:38 2016 GMT
Signature Algorithm: sha256WithRSAEncryption
35:c6:7f:57:9a:e5:86:5a:15:1a:e2:e5:2b:9f:54:79:2a:58:
51:a2:12:0c:4e:53:58:eb:99:e3:c2:ee:2b:d7:23:e4:3c:4d:
0a:ab:ae:71:9b:ce:b1:c1:75:a1:b6:e5:32:5f:10:b0:72:28:
2e:74:b1:99:dd:47:53:20:f6:9a:83:5c:bd:20:b0:aa:df:32:
f6:95:54:98:9e:59:96:55:7b:0a:74:be:94:66:44:b7:32:82:
f0:eb:16:f8:30:86:16:9f:73:43:98:82:b5:5e:ad:58:c0:c8:
79:da:ad:b1:b4:d7:fb:34:c1:cc:3a:67:af:a4:56:5a:70:5c:
2d:1f:73:16:78:92:01:06:e3:2c:fb:f1:ba:d5:8f:f9:be:dd:
e1:4a:ce:de:ca:e6:2d:96:09:24:06:40:9e:10:15:2e:f2:cd:
85:d6:84:88:db:9c:4a:7b:75:7a:06:0e:40:02:20:60:7e:91:
f7:92:53:1e:34:7a:ea:ee:df:e7:cd:a8:9e:a6:61:b4:56:50:
4d:dc:b1:78:0d:86:cf:45:c3:a6:0a:b9:88:2c:56:a7:b1:d3:
d3:0d:44:aa:93:a4:05:4d:ce:9f:01:b0:c6:1e:e4:ea:6b:92:
6f:93:dd:98:cf:fb:1d:06:72:ac:d4:99:e7:f2:b4:11:57:bd:
9d:63:e5:dc
-----BEGIN X509 CRL-----
MIICBDCB7QIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV
BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3Ro
MRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE2MDgxMTIwMDczOFoX
DTE5MDUwODIwMDczOFowFDASAgECFw0xNjA4MTEyMDA3MzhaoA4wDDAKBgNVHRQE
AwIBATANBgkqhkiG9w0BAQsFAAOCAQEANcZ/V5rlhloVGuLlK59UeSpYUaISDE5T
WOuZ48LuK9cj5DxNCquucZvOscF1obblMl8QsHIoLnSxmd1HUyD2moNcvSCwqt8y
9pVUmJ5ZllV7CnS+lGZEtzKC8OsW+DCGFp9zQ5iCtV6tWMDIedqtsbTX+zTBzDpn
r6RWWnBcLR9zFniSAQbjLPvxutWP+b7d4UrO3srmLZYJJAZAnhAVLvLNhdaEiNuc
Snt1egYOQAIgYH6R95JTHjR66u7f582onqZhtFZQTdyxeA2Gz0XDpgq5iCxWp7HT
0w1EqpOkBU3OnwGwxh7k6muSb5PdmM/7HQZyrNSZ5/K0EVe9nWPl3A==
-----END X509 CRL-----

29
conf/dhparams.pem 100644
View File

@ -0,0 +1,29 @@
Diffie-Hellman-Parameters: (2048 bit)
prime:
00:b0:a1:08:06:9c:08:13:ba:59:06:3c:bc:30:d5:
f5:00:c1:4f:44:a7:d6:ef:4a:c6:25:27:1c:e8:d2:
96:53:0a:5c:91:dd:a2:c2:94:84:bf:7d:b2:44:9f:
9b:d2:c1:8a:c5:be:72:5c:a7:e7:91:e6:d4:9f:73:
07:85:5b:66:48:c7:70:fa:b4:ee:02:c9:3d:9a:4a:
da:3d:c1:46:3e:19:69:d1:17:46:07:a3:4d:9f:2b:
96:17:39:6d:30:8d:2a:f3:94:d3:75:cf:a0:75:e6:
f2:92:1f:1a:70:05:aa:04:83:57:30:fb:da:76:93:
38:50:e8:27:fd:63:ee:3c:e5:b7:c8:09:ae:6f:50:
35:8e:84:ce:4a:00:e9:12:7e:5a:31:d7:33:fc:21:
13:76:cc:16:30:db:0c:fc:c5:62:a7:35:b8:ef:b7:
b0:ac:c0:36:f6:d9:c9:46:48:f9:40:90:00:2b:1b:
aa:6c:e3:1a:c3:0b:03:9e:1b:c2:46:e4:48:4e:22:
73:6f:c3:5f:d4:9a:d6:30:07:48:d6:8c:90:ab:d4:
f6:f1:e3:48:d3:58:4b:a6:b9:cd:29:bf:68:1f:08:
4b:63:86:2f:5c:6b:d6:b6:06:65:f7:a6:dc:00:67:
6b:bb:c3:a9:41:83:fb:c7:fa:c8:e2:1e:7e:af:00:
3f:93
generator: 2 (0x2)
-----BEGIN DH PARAMETERS-----
MIIBCAKCAQEAsKEIBpwIE7pZBjy8MNX1AMFPRKfW70rGJScc6NKWUwpckd2iwpSE
v32yRJ+b0sGKxb5yXKfnkebUn3MHhVtmSMdw+rTuAsk9mkraPcFGPhlp0RdGB6NN
nyuWFzltMI0q85TTdc+gdebykh8acAWqBINXMPvadpM4UOgn/WPuPOW3yAmub1A1
joTOSgDpEn5aMdcz/CETdswWMNsM/MVipzW477ewrMA29tnJRkj5QJAAKxuqbOMa
wwsDnhvCRuRITiJzb8Nf1JrWMAdI1oyQq9T28eNI01hLprnNKb9oHwhLY4YvXGvW
tgZl96bcAGdru8OpQYP7x/rI4h5+rwA/kwIBAg==
-----END DH PARAMETERS-----

52
conf/ecc-3-ca.crt 100644
View File

@ -0,0 +1,52 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4096 (0x1000)
Signature Algorithm: ecdsa-with-SHA256
Issuer: CN=ecc-3-root
Validity
Not Before: Apr 13 04:17:19 2017 GMT
Not After : Apr 11 04:17:19 2027 GMT
Subject: CN=ecc-3-ca
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:9a:3c:72:c0:55:c5:61:97:d1:04:8d:44:92:31:
fc:d8:92:3d:58:fa:11:af:e3:ba:b5:4a:62:00:06:
0f:11:ff:c8:b6:50:12:4d:15:ed:67:6f:c8:af:6c:
5e:26:8c:d4:23:fc:38:e2:9f:d6:c5:6a:4a:ac:76:
a7:e2:10:f5:d9
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Subject Key Identifier:
A2:7D:87:7F:41:EE:FC:77:91:7F:8C:21:EA:22:83:FA:3A:05:C0:97
X509v3 Authority Key Identifier:
keyid:AA:4F:85:4C:EB:3E:30:B9:88:84:0F:E4:81:17:EB:51:85:38:D7:F4
DirName:/CN=ecc-3-root
serial:8F:9F:50:14:32:87:37:CD
X509v3 Basic Constraints:
CA:TRUE
X509v3 Key Usage:
Digital Signature, Non Repudiation, Certificate Sign
X509v3 Extended Key Usage:
TLS Web Server Authentication
Signature Algorithm: ecdsa-with-SHA256
30:45:02:20:70:8c:84:94:5a:94:02:ca:00:d2:53:94:58:21:
aa:4c:58:2b:fa:bb:f6:89:e5:f0:06:33:97:49:02:bb:d5:a1:
02:21:00:83:79:23:a7:49:40:1f:17:2d:65:17:62:8e:7f:3c:
69:15:d7:1b:ce:e9:99:9a:e0:b4:ba:0c:c0:8b:97:05:be
-----BEGIN CERTIFICATE-----
MIIBsjCCAVigAwIBAgICEAAwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKZWNjLTMt
cm9vdDAeFw0xNzA0MTMwNDE3MTlaFw0yNzA0MTEwNDE3MTlaMBMxETAPBgNVBAMM
CGVjYy0zLWNhMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmjxywFXFYZfRBI1E
kjH82JI9WPoRr+O6tUpiAAYPEf/ItlASTRXtZ2/Ir2xeJozUI/w44p/WxWpKrHan
4hD12aOBmTCBljAdBgNVHQ4EFgQUon2Hf0Hu/HeRf4wh6iKD+joFwJcwRQYDVR0j
BD4wPIAUqk+FTOs+MLmIhA/kgRfrUYU41/ShGaQXMBUxEzARBgNVBAMMCmVjYy0z
LXJvb3SCCQCPn1AUMoc3zTAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwICxDATBgNV
HSUEDDAKBggrBgEFBQcDATAKBggqhkjOPQQDAgNIADBFAiBwjISUWpQCygDSU5RY
IapMWCv6u/aJ5fAGM5dJArvVoQIhAIN5I6dJQB8XLWUXYo5/PGkV1xvO6Zma4LS6
DMCLlwW+
-----END CERTIFICATE-----

8
conf/ecc-3-ca.key 100644
View File

@ -0,0 +1,8 @@
-----BEGIN EC PARAMETERS-----
BggqhkjOPQMBBw==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIOdvdNBuIVhOGFNlp1XpaEGHx86yC+80/v1fWlX++8V5oAoGCCqGSM49
AwEHoUQDQgAEmjxywFXFYZfRBI1EkjH82JI9WPoRr+O6tUpiAAYPEf/ItlASTRXt
Z2/Ir2xeJozUI/w44p/WxWpKrHan4hD12Q==
-----END EC PRIVATE KEY-----

96
conf/ecc-3-caleaf.crt 100644
View File

@ -0,0 +1,96 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4097 (0x1001)
Signature Algorithm: ecdsa-with-SHA256
Issuer: CN=ecc-3-ca
Validity
Not Before: Apr 13 04:17:19 2017 GMT
Not After : Apr 11 04:17:19 2027 GMT
Subject: CN=ecc-3-leaf
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:fb:29:bb:9d:a4:5a:05:a4:ee:3b:fc:e5:2a:29:
50:6b:65:9c:c8:dc:64:0a:e8:66:58:fe:8c:fe:cc:
16:de:02:fb:8a:08:29:d0:57:2d:96:48:04:06:e3:
06:4a:bf:ad:e1:ae:6e:01:3d:ee:40:ed:97:5e:3d:
93:eb:bb:d4:e4
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
FB:85:93:45:F4:E7:12:B2:03:E9:13:36:B3:A8:83:6A:71:AE:9A:84
X509v3 Authority Key Identifier:
keyid:A2:7D:87:7F:41:EE:FC:77:91:7F:8C:21:EA:22:83:FA:3A:05:C0:97
Signature Algorithm: ecdsa-with-SHA256
30:44:02:20:06:e5:65:fc:50:08:94:24:47:32:99:c2:42:3e:
74:1a:85:6a:be:4f:b1:ef:26:65:b3:1a:3f:dc:94:5e:ab:9e:
02:20:4a:c6:0b:f2:95:da:fa:be:48:d8:f1:e8:21:03:9e:fb:
e4:4f:1b:9a:87:e0:96:4e:ef:a3:c8:ac:63:95:f0:c6
-----BEGIN CERTIFICATE-----
MIIBZDCCAQugAwIBAgICEAEwCgYIKoZIzj0EAwIwEzERMA8GA1UEAwwIZWNjLTMt
Y2EwHhcNMTcwNDEzMDQxNzE5WhcNMjcwNDExMDQxNzE5WjAVMRMwEQYDVQQDDApl
Y2MtMy1sZWFmMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE+ym7naRaBaTuO/zl
KilQa2WcyNxkCuhmWP6M/swW3gL7iggp0FctlkgEBuMGSr+t4a5uAT3uQO2XXj2T
67vU5KNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQU+4WTRfTnErID6RM2s6iDanGu
moQwHwYDVR0jBBgwFoAUon2Hf0Hu/HeRf4wh6iKD+joFwJcwCgYIKoZIzj0EAwID
RwAwRAIgBuVl/FAIlCRHMpnCQj50GoVqvk+x7yZlsxo/3JReq54CIErGC/KV2vq+
SNjx6CEDnvvkTxuah+CWTu+jyKxjlfDG
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4096 (0x1000)
Signature Algorithm: ecdsa-with-SHA256
Issuer: CN=ecc-3-root
Validity
Not Before: Apr 13 04:17:19 2017 GMT
Not After : Apr 11 04:17:19 2027 GMT
Subject: CN=ecc-3-ca
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:9a:3c:72:c0:55:c5:61:97:d1:04:8d:44:92:31:
fc:d8:92:3d:58:fa:11:af:e3:ba:b5:4a:62:00:06:
0f:11:ff:c8:b6:50:12:4d:15:ed:67:6f:c8:af:6c:
5e:26:8c:d4:23:fc:38:e2:9f:d6:c5:6a:4a:ac:76:
a7:e2:10:f5:d9
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Subject Key Identifier:
A2:7D:87:7F:41:EE:FC:77:91:7F:8C:21:EA:22:83:FA:3A:05:C0:97
X509v3 Authority Key Identifier:
keyid:AA:4F:85:4C:EB:3E:30:B9:88:84:0F:E4:81:17:EB:51:85:38:D7:F4
DirName:/CN=ecc-3-root
serial:8F:9F:50:14:32:87:37:CD
X509v3 Basic Constraints:
CA:TRUE
X509v3 Key Usage:
Digital Signature, Non Repudiation, Certificate Sign
X509v3 Extended Key Usage:
TLS Web Server Authentication
Signature Algorithm: ecdsa-with-SHA256
30:45:02:20:70:8c:84:94:5a:94:02:ca:00:d2:53:94:58:21:
aa:4c:58:2b:fa:bb:f6:89:e5:f0:06:33:97:49:02:bb:d5:a1:
02:21:00:83:79:23:a7:49:40:1f:17:2d:65:17:62:8e:7f:3c:
69:15:d7:1b:ce:e9:99:9a:e0:b4:ba:0c:c0:8b:97:05:be
-----BEGIN CERTIFICATE-----
MIIBsjCCAVigAwIBAgICEAAwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKZWNjLTMt
cm9vdDAeFw0xNzA0MTMwNDE3MTlaFw0yNzA0MTEwNDE3MTlaMBMxETAPBgNVBAMM
CGVjYy0zLWNhMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmjxywFXFYZfRBI1E
kjH82JI9WPoRr+O6tUpiAAYPEf/ItlASTRXtZ2/Ir2xeJozUI/w44p/WxWpKrHan
4hD12aOBmTCBljAdBgNVHQ4EFgQUon2Hf0Hu/HeRf4wh6iKD+joFwJcwRQYDVR0j
BD4wPIAUqk+FTOs+MLmIhA/kgRfrUYU41/ShGaQXMBUxEzARBgNVBAMMCmVjYy0z
LXJvb3SCCQCPn1AUMoc3zTAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwICxDATBgNV
HSUEDDAKBggrBgEFBQcDATAKBggqhkjOPQQDAgNIADBFAiBwjISUWpQCygDSU5RY
IapMWCv6u/aJ5fAGM5dJArvVoQIhAIN5I6dJQB8XLWUXYo5/PGkV1xvO6Zma4LS6
DMCLlwW+
-----END CERTIFICATE-----

44
conf/ecc-3-leaf.crt 100644
View File

@ -0,0 +1,44 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4097 (0x1001)
Signature Algorithm: ecdsa-with-SHA256
Issuer: CN=ecc-3-ca
Validity
Not Before: Apr 13 04:17:19 2017 GMT
Not After : Apr 11 04:17:19 2027 GMT
Subject: CN=ecc-3-leaf
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:fb:29:bb:9d:a4:5a:05:a4:ee:3b:fc:e5:2a:29:
50:6b:65:9c:c8:dc:64:0a:e8:66:58:fe:8c:fe:cc:
16:de:02:fb:8a:08:29:d0:57:2d:96:48:04:06:e3:
06:4a:bf:ad:e1:ae:6e:01:3d:ee:40:ed:97:5e:3d:
93:eb:bb:d4:e4
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
FB:85:93:45:F4:E7:12:B2:03:E9:13:36:B3:A8:83:6A:71:AE:9A:84
X509v3 Authority Key Identifier:
keyid:A2:7D:87:7F:41:EE:FC:77:91:7F:8C:21:EA:22:83:FA:3A:05:C0:97
Signature Algorithm: ecdsa-with-SHA256
30:44:02:20:06:e5:65:fc:50:08:94:24:47:32:99:c2:42:3e:
74:1a:85:6a:be:4f:b1:ef:26:65:b3:1a:3f:dc:94:5e:ab:9e:
02:20:4a:c6:0b:f2:95:da:fa:be:48:d8:f1:e8:21:03:9e:fb:
e4:4f:1b:9a:87:e0:96:4e:ef:a3:c8:ac:63:95:f0:c6
-----BEGIN CERTIFICATE-----
MIIBZDCCAQugAwIBAgICEAEwCgYIKoZIzj0EAwIwEzERMA8GA1UEAwwIZWNjLTMt
Y2EwHhcNMTcwNDEzMDQxNzE5WhcNMjcwNDExMDQxNzE5WjAVMRMwEQYDVQQDDApl
Y2MtMy1sZWFmMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE+ym7naRaBaTuO/zl
KilQa2WcyNxkCuhmWP6M/swW3gL7iggp0FctlkgEBuMGSr+t4a5uAT3uQO2XXj2T
67vU5KNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQU+4WTRfTnErID6RM2s6iDanGu
moQwHwYDVR0jBBgwFoAUon2Hf0Hu/HeRf4wh6iKD+joFwJcwCgYIKoZIzj0EAwID
RwAwRAIgBuVl/FAIlCRHMpnCQj50GoVqvk+x7yZlsxo/3JReq54CIErGC/KV2vq+
SNjx6CEDnvvkTxuah+CWTu+jyKxjlfDG
-----END CERTIFICATE-----

8
conf/ecc-3-leaf.key 100644
View File

@ -0,0 +1,8 @@
-----BEGIN EC PARAMETERS-----
BggqhkjOPQMBBw==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIGG5W4DVYxQGUlQCFVF6knJBJhIpyxlQn3oOC0b+XMK+oAoGCCqGSM49
AwEHoUQDQgAE+ym7naRaBaTuO/zlKilQa2WcyNxkCuhmWP6M/swW3gL7iggp0Fct
lkgEBuMGSr+t4a5uAT3uQO2XXj2T67vU5A==
-----END EC PRIVATE KEY-----

11
conf/ecc-3-root.crt 100644
View File

@ -0,0 +1,11 @@
-----BEGIN CERTIFICATE-----
MIIBljCCAT2gAwIBAgIJAI+fUBQyhzfNMAoGCCqGSM49BAMCMBUxEzARBgNVBAMM
CmVjYy0zLXJvb3QwHhcNMTcwNDEzMDQxNzE5WhcNMTcwNTEzMDQxNzE5WjAVMRMw
EQYDVQQDDAplY2MtMy1yb290MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEu5gb
zk5/vNactCMgdIockN9P9W3QTazRkMRGdSdjV2mvc9rXBitFvxcJNVD3G+biakdu
W/TfwO1i6c3j04jPFaN2MHQwHQYDVR0OBBYEFKpPhUzrPjC5iIQP5IEX61GFONf0
MEUGA1UdIwQ+MDyAFKpPhUzrPjC5iIQP5IEX61GFONf0oRmkFzAVMRMwEQYDVQQD
DAplY2MtMy1yb290ggkAj59QFDKHN80wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD
AgNHADBEAiAjK8/tUwXXbbWGhuPXwNfia6u8xX375sjle3aPw3E8WwIgE8YEwq3G
Hca5vKPwkbpe8IrfC0GLfs4wBnlPOsZApZU=
-----END CERTIFICATE-----

8
conf/ecc-3-root.key 100644
View File

@ -0,0 +1,8 @@
-----BEGIN EC PARAMETERS-----
BggqhkjOPQMBBw==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIEmIgFcBGNFjUcXURgcXgKa3Wdr2GoUK1MufLO5/fal1oAoGCCqGSM49
AwEHoUQDQgAEu5gbzk5/vNactCMgdIockN9P9W3QTazRkMRGdSdjV2mvc9rXBitF
vxcJNVD3G+biakduW/TfwO1i6c3j04jPFQ==
-----END EC PRIVATE KEY-----

26
conf/fastcgi.conf 100644
View File

@ -0,0 +1,26 @@
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;

25
conf/fastcgi_params 100644
View File

@ -0,0 +1,25 @@
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;

129
conf/gen-certs.sh 100755
View File

@ -0,0 +1,129 @@
#!/bin/sh
OPENSSL_CONF="./ca/openssl.conf"
CA_CONF="./ca/ca.conf"
if [ -d ca ]; then
rm -rf ca
fi
mkdir ca
echo "1000" >./ca/certserial
echo -n >./ca/certindex
cat << EOF >$OPENSSL_CONF
[ req ]
encrypt_key = no
distinguished_name = req_distinguished_name
[ req_distinguished_name ]
[ ca ]
default_ca = myca
[ myca ]
default_days = 3650
[ usr_cert ]
basicConstraints = CA:false
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer
[ v3_ca ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always
basicConstraints = CA:true
EOF
cat << EOF >$CA_CONF
[ ca ]
default_ca = myca
[ myca ]
new_certs_dir = ca
database = ca/certindex
default_md = sha256
policy = myca_policy
serial = ca/certserial
default_days = 3650
[ myca_policy ]
commonName = supplied
[ usr_cert ]
basicConstraints = CA:false
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer
[ v3_ca ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always
basicConstraints = CA:true
keyUsage = nonRepudiation,digitalSignature,keyCertSign
extendedKeyUsage = serverAuth
EOF
ISSUER=
for NAME in "ecc-3-root" "ecc-3-ca" "ecc-3-leaf"
do
openssl ecparam -genkey -name prime256v1 -out "./${NAME}.key"
RET=$?
if [ "$RET" != "0" ]; then
echo "Can't create ECC public key for ${NAME}: $RET"
exit 1
fi
EXT=v3_ca
if [ $NAME = "ecc-3-leaf" ]; then
EXT=usr_cert
fi
if [ "$ISSUER" = "" ]; then
openssl req -x509 -new \
-config $OPENSSL_CONF -subj "/CN=${NAME}/" \
-out "./${NAME}.crt" -key "./${NAME}.key" \
-extensions $EXT \
>/dev/null 2>&1
RET=$?
if [ "$RET" != "0" ]; then
echo "Can't create certificate for ${NAME}: $RET"
exit 1
fi
else
openssl req -new \
-config $OPENSSL_CONF -subj "/CN=${NAME}/" \
-out "./ca/${NAME}.csr" -key "./${NAME}.key" \
>/dev/null 2>&1
RET=$?
if [ "$RET" != "0" ]; then
echo "Can't create certificate for ${NAME}: $RET"
exit 1
fi
openssl req -x509 -new \
-config $OPENSSL_CONF -subj "/CN=${NAME}/" \
-out "./${NAME}.crt" -key "./${NAME}.key" \
-extensions $EXT \
>/dev/null 2>&1
RET=$?
if [ "$RET" != "0" ]; then
echo "Can't create certificate for ${NAME}: $RET"
exit 1
fi
openssl ca -batch -config $CA_CONF \
-keyfile "./${ISSUER}.key" -cert "./${ISSUER}.crt" \
-subj "/CN=${NAME}/" -in "./ca/${NAME}.csr" -out "./${NAME}.crt" \
-extensions $EXT \
>/dev/null 2>&1
RET=$?
if [ "$RET" != "0" ]; then
echo "Can't sign certificate for ${NAME}: $RET"
exit 1
fi
BUNDLE="$NAME.crt $BUNDLE"
fi
echo "${NAME}.crt"
ISSUER=$NAME
done
rm -f ecc-3-caleaf.crt
for FILE in $BUNDLE
do
cat $FILE >>ecc-3-caleaf.crt
done

109
conf/koi-utf 100644
View File

@ -0,0 +1,109 @@
# This map is not a full koi8-r <> utf8 map: it does not contain
# box-drawing and some other characters. Besides this map contains
# several koi8-u and Byelorussian letters which are not in koi8-r.
# If you need a full and standard map, use contrib/unicode2nginx/koi-utf
# map instead.
charset_map koi8-r utf-8 {
80 E282AC ; # euro
95 E280A2 ; # bullet
9A C2A0 ; # &nbsp;
9E C2B7 ; # &middot;
A3 D191 ; # small yo
A4 D194 ; # small Ukrainian ye
A6 D196 ; # small Ukrainian i
A7 D197 ; # small Ukrainian yi
AD D291 ; # small Ukrainian soft g
AE D19E ; # small Byelorussian short u
B0 C2B0 ; # &deg;
B3 D081 ; # capital YO
B4 D084 ; # capital Ukrainian YE
B6 D086 ; # capital Ukrainian I
B7 D087 ; # capital Ukrainian YI
B9 E28496 ; # numero sign
BD D290 ; # capital Ukrainian soft G
BE D18E ; # capital Byelorussian short U
BF C2A9 ; # (C)
C0 D18E ; # small yu
C1 D0B0 ; # small a
C2 D0B1 ; # small b
C3 D186 ; # small ts
C4 D0B4 ; # small d
C5 D0B5 ; # small ye
C6 D184 ; # small f
C7 D0B3 ; # small g
C8 D185 ; # small kh
C9 D0B8 ; # small i
CA D0B9 ; # small j
CB D0BA ; # small k
CC D0BB ; # small l
CD D0BC ; # small m
CE D0BD ; # small n
CF D0BE ; # small o
D0 D0BF ; # small p
D1 D18F ; # small ya
D2 D180 ; # small r
D3 D181 ; # small s
D4 D182 ; # small t
D5 D183 ; # small u
D6 D0B6 ; # small zh
D7 D0B2 ; # small v
D8 D18C ; # small soft sign
D9 D18B ; # small y
DA D0B7 ; # small z
DB D188 ; # small sh
DC D18D ; # small e
DD D189 ; # small shch
DE D187 ; # small ch
DF D18A ; # small hard sign
E0 D0AE ; # capital YU
E1 D090 ; # capital A
E2 D091 ; # capital B
E3 D0A6 ; # capital TS
E4 D094 ; # capital D
E5 D095 ; # capital YE
E6 D0A4 ; # capital F
E7 D093 ; # capital G
E8 D0A5 ; # capital KH
E9 D098 ; # capital I
EA D099 ; # capital J
EB D09A ; # capital K
EC D09B ; # capital L
ED D09C ; # capital M
EE D09D ; # capital N
EF D09E ; # capital O
F0 D09F ; # capital P
F1 D0AF ; # capital YA
F2 D0A0 ; # capital R
F3 D0A1 ; # capital S
F4 D0A2 ; # capital T
F5 D0A3 ; # capital U
F6 D096 ; # capital ZH
F7 D092 ; # capital V
F8 D0AC ; # capital soft sign
F9 D0AB ; # capital Y
FA D097 ; # capital Z
FB D0A8 ; # capital SH
FC D0AD ; # capital E
FD D0A9 ; # capital SHCH
FE D0A7 ; # capital CH
FF D0AA ; # capital hard sign
}

103
conf/koi-win 100644
View File

@ -0,0 +1,103 @@
charset_map koi8-r windows-1251 {
80 88 ; # euro
95 95 ; # bullet
9A A0 ; # &nbsp;
9E B7 ; # &middot;
A3 B8 ; # small yo
A4 BA ; # small Ukrainian ye
A6 B3 ; # small Ukrainian i
A7 BF ; # small Ukrainian yi
AD B4 ; # small Ukrainian soft g
AE A2 ; # small Byelorussian short u
B0 B0 ; # &deg;
B3 A8 ; # capital YO
B4 AA ; # capital Ukrainian YE
B6 B2 ; # capital Ukrainian I
B7 AF ; # capital Ukrainian YI
B9 B9 ; # numero sign
BD A5 ; # capital Ukrainian soft G
BE A1 ; # capital Byelorussian short U
BF A9 ; # (C)
C0 FE ; # small yu
C1 E0 ; # small a
C2 E1 ; # small b
C3 F6 ; # small ts
C4 E4 ; # small d
C5 E5 ; # small ye
C6 F4 ; # small f
C7 E3 ; # small g
C8 F5 ; # small kh
C9 E8 ; # small i
CA E9 ; # small j
CB EA ; # small k
CC EB ; # small l
CD EC ; # small m
CE ED ; # small n
CF EE ; # small o
D0 EF ; # small p
D1 FF ; # small ya
D2 F0 ; # small r
D3 F1 ; # small s
D4 F2 ; # small t
D5 F3 ; # small u
D6 E6 ; # small zh
D7 E2 ; # small v
D8 FC ; # small soft sign
D9 FB ; # small y
DA E7 ; # small z
DB F8 ; # small sh
DC FD ; # small e
DD F9 ; # small shch
DE F7 ; # small ch
DF FA ; # small hard sign
E0 DE ; # capital YU
E1 C0 ; # capital A
E2 C1 ; # capital B
E3 D6 ; # capital TS
E4 C4 ; # capital D
E5 C5 ; # capital YE
E6 D4 ; # capital F
E7 C3 ; # capital G
E8 D5 ; # capital KH
E9 C8 ; # capital I
EA C9 ; # capital J
EB CA ; # capital K
EC CB ; # capital L
ED CC ; # capital M
EE CD ; # capital N
EF CE ; # capital O
F0 CF ; # capital P
F1 DF ; # capital YA
F2 D0 ; # capital R
F3 D1 ; # capital S
F4 D2 ; # capital T
F5 D3 ; # capital U
F6 C6 ; # capital ZH
F7 C2 ; # capital V
F8 DC ; # capital soft sign
F9 DB ; # capital Y
FA C7 ; # capital Z
FB D8 ; # capital SH
FC DD ; # capital E
FD D9 ; # capital SHCH
FE D7 ; # capital CH
FF DA ; # capital hard sign
}

89
conf/mime.types 100644
View File

@ -0,0 +1,89 @@
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/png png;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
image/svg+xml svg svgz;
image/webp webp;
application/font-woff woff;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.wap.wmlc wmlc;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
application/vnd.openxmlformats-officedocument.wordprocessingml.document docx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx;
application/vnd.openxmlformats-officedocument.presentationml.presentation pptx;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}

592
conf/nginx.conf 100644
View File

@ -0,0 +1,592 @@
worker_processes 1;
events {
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
ssl_session_tickets off;
# HTTPS server
# Using DH parameters
server {
listen 11443 ssl;
server_name localhost;
ssl_certificate cert.pem;
ssl_certificate_key cert.key;
ssl_dhparam dhparams.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html;
}
}
# Verify client
server {
listen 11444 ssl;
server_name localhost;
ssl_certificate cert.pem;
ssl_certificate_key cert.key;
ssl_client_certificate client-cert.pem;
ssl_verify_client on;
ssl_dhparam dhparams.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html;
}
}
# P384 curve with ECDHE
server {
listen 11445 ssl;
server_name localhost;
ssl_certificate cert.pem;
ssl_certificate_key cert.key;
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html;
}
}
# Default curve with ECDHE and ECDSA
server {
listen 11446 ssl;
server_name localhost;
ssl_certificate cert-ecc.pem;
ssl_certificate_key cert-ecc-p8.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html;
}
}
# Session ticket
server {
listen 11450 ssl;
server_name localhost;
ssl_certificate cert.pem;
ssl_certificate_key cert.key;
ssl_dhparam dhparams.pem;
ssl_session_ticket_key ticket_keys;
ssl_session_tickets on;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html;
}
}
# Session cache off
server {
listen 11455 ssl;
server_name localhost;
ssl_certificate cert.pem;
ssl_certificate_key cert.key;
ssl_dhparam dhparams.pem;
ssl_session_cache off;
ssl_ciphers DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html;
}
}
# Session cache none
server {
listen 11456 ssl;
server_name localhost;
ssl_certificate cert.pem;
ssl_certificate_key cert.key;
ssl_dhparam dhparams.pem;
ssl_session_cache none;
ssl_session_timeout 5m;
ssl_ciphers DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html;
}
}
# Session cache builtin
server {
listen 11457 ssl;
server_name localhost;
ssl_certificate cert.pem;
ssl_certificate_key cert.key;
ssl_dhparam dhparams.pem;
ssl_session_cache builtin:100;
ssl_session_timeout 5m;
ssl_ciphers DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html;
}
}
# Proxy to wolfSSL server
upstream backend {
server 127.0.0.1:12443;
}
server {
listen 127.0.0.1:12443 ssl;
server_name www.wolfssl.com;
ssl_certificate cert.pem;
ssl_certificate_key cert.key;
ssl_dhparam dhparams.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA;
ssl_prefer_server_ciphers on;
location / {
root wolfssl;
index index.html;
}
}
upstream backend_ecdhe_rsa {
server 127.0.0.1:12444;
}
server {
listen 127.0.0.1:12444 ssl;
server_name www.wolfssl.com;
ssl_certificate cert.pem;
ssl_certificate_key cert.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA;
ssl_prefer_server_ciphers on;
location / {
root wolfssl;
index index.html;
}
}
upstream backend_ecdhe_ecdsa {
server 127.0.0.1:12445;
}
server {
listen 127.0.0.1:12445 ssl;
server_name www.wolfssl.com;
ssl_certificate cert-ecc.pem;
ssl_certificate_key cert-ecc-priv.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA;
ssl_prefer_server_ciphers on;
location / {
root wolfssl;
index index.html;
}
}
upstream backend_crl_rev {
server 127.0.0.1:12446;
}
server {
listen 127.0.0.1:12446 ssl;
server_name www.wolfssl.com;
ssl_certificate cert.pem;
ssl_certificate_key cert.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA;
ssl_prefer_server_ciphers on;
location / {
root wolfssl;
index index.html;
}
}
upstream backend_chain {
server 127.0.0.1:12447;
}
server {
listen 127.0.0.1:12447 ssl;
server_name ecc-3-leaf;
ssl_certificate ecc-3-caleaf.crt;
ssl_certificate_key ecc-3-leaf.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA;
ssl_prefer_server_ciphers on;
location / {
root wolfssl;
index index.html;
}
}
upstream backend_bad_chain {
server 127.0.0.1:12448;
}
server {
listen 127.0.0.1:12448 ssl;
server_name ecc-3-leaf;
ssl_certificate ecc-3-leaf.crt;
ssl_certificate_key ecc-3-leaf.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA;
ssl_prefer_server_ciphers on;
location / {
root wolfssl;
index index.html;
}
}
# Proxy using DHE cipher suites and CRL
server {
listen 11460 ssl;
server_name localhost;
ssl_certificate cert.pem;
ssl_certificate_key cert.key;
ssl_dhparam dhparams.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA;
ssl_prefer_server_ciphers on;
location / {
proxy_pass https://backend;
proxy_ssl_name www.wolfssl.com;
proxy_ssl_server_name on;
proxy_ssl_ciphers DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA;
proxy_ssl_trusted_certificate ca-cert.pem;
proxy_ssl_certificate client-cert.pem;
proxy_ssl_certificate_key client-key.pem;
proxy_ssl_verify on;
proxy_ssl_crl crl.pem;
}
}
# Proxy using ECDHE cipher suites and CRL
server {
listen 11461 ssl;
server_name localhost;
ssl_certificate cert.pem;
ssl_certificate_key cert.key;
ssl_dhparam dhparams.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA;
ssl_prefer_server_ciphers on;
location / {
proxy_pass https://backend_ecdhe_rsa;
proxy_ssl_name www.wolfssl.com;
proxy_ssl_server_name on;
proxy_ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA;
proxy_ssl_trusted_certificate ca-cert.pem;
proxy_ssl_certificate client-cert.pem;
proxy_ssl_certificate_key client-key.pem;
proxy_ssl_verify on;
proxy_ssl_crl crl.pem;
}
}
# Proxy using ECDHE and ECDSA cipher suites
server {
listen 11462 ssl;
server_name localhost;
ssl_certificate cert.pem;
ssl_certificate_key cert.key;
ssl_dhparam dhparams.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA;
ssl_prefer_server_ciphers on;
location / {
proxy_pass https://backend_ecdhe_ecdsa;
proxy_ssl_name www.wolfssl.com;
proxy_ssl_server_name on;
proxy_ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA;
proxy_ssl_trusted_certificate ca-cert-ecc.pem;
proxy_ssl_certificate client-cert.pem;
proxy_ssl_certificate_key client-key.pem;
proxy_ssl_verify on;
proxy_ssl_session_reuse on;
}
}
# Proxy using complete chain
server {
listen 11463 ssl;
server_name localhost;
ssl_certificate cert.pem;
ssl_certificate_key cert.key;
ssl_dhparam dhparams.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA;
ssl_prefer_server_ciphers on;
location / {
proxy_pass https://backend_chain;
proxy_ssl_name ecc-3-leaf;
proxy_ssl_server_name on;
proxy_ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA;
proxy_ssl_trusted_certificate ecc-3-root.crt;
proxy_ssl_certificate client-cert.pem;
proxy_ssl_certificate_key client-key.pem;
proxy_ssl_verify on;
proxy_ssl_session_reuse on;
}
}
# Proxy using incomplete chain
server {
listen 11464 ssl;
server_name localhost;
ssl_certificate cert.pem;
ssl_certificate_key cert.key;
ssl_dhparam dhparams.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA;
ssl_prefer_server_ciphers on;
location / {
proxy_pass https://backend_bad_chain;
proxy_ssl_name ecc-3-leaf;
proxy_ssl_server_name on;
proxy_ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA;
proxy_ssl_trusted_certificate ecc-3-root.crt;
proxy_ssl_certificate client-cert.pem;
proxy_ssl_certificate_key client-key.pem;
proxy_ssl_verify on;
proxy_ssl_session_reuse on;
}
}
# Proxy using revoked CRL
server {
listen 11465 ssl;
server_name localhost;
ssl_certificate cert.pem;
ssl_certificate_key cert.key;
ssl_dhparam dhparams.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA;
ssl_prefer_server_ciphers on;
location / {
proxy_pass https://backend_crl_rev;
proxy_ssl_name www.wolfssl.com;
proxy_ssl_server_name on;
proxy_ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA;
proxy_ssl_trusted_certificate ca-cert.pem;
proxy_ssl_certificate client-cert.pem;
proxy_ssl_certificate_key client-key.pem;
proxy_ssl_verify on;
proxy_ssl_crl crl-revoked.pem;
proxy_ssl_session_reuse on;
}
}
# OCSP Stapling
# Valid server certificate - using OCSP responder
server {
listen 11470 ssl;
server_name localhost;
ssl_certificate ocsp-good-cert.pem;
ssl_certificate_key ocsp-good-key.pem;
ssl_stapling on;
ssl_stapling_responder http://127.0.0.1:22221;
ssl_stapling_verify on;
ssl_trusted_certificate ocsp-root-resp-cert.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html;
}
}
# Revoked server certificate - using OCSP responder
server {
listen 11471 ssl;
server_name localhost;
ssl_certificate ocsp-bad-cert.pem;
ssl_certificate_key ocsp-bad-key.pem;
ssl_stapling on;
ssl_stapling_responder http://127.0.0.1:22221;
ssl_trusted_certificate ocsp-root-resp-cert.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html;
}
}
# Valid server certificate in fixed OCSP response
server {
listen 11472 ssl;
server_name localhost;
ssl_certificate ocsp-good-cert.pem;
ssl_certificate_key ocsp-good-key.pem;
ssl_stapling on;
ssl_stapling_file ocsp-good-status.der;
ssl_trusted_certificate ocsp-root-resp-cert.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html;
}
}
# Revoked server certificate in fixed OCSP response
server {
listen 11473 ssl;
server_name localhost;
ssl_certificate ocsp-bad-cert.pem;
ssl_certificate_key ocsp-bad-key.pem;
ssl_stapling on;
ssl_stapling_file ocsp-bad-status.der;
ssl_trusted_certificate ocsp-root-resp-cert.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html;
}
}
# No CA to check responder certificate - using OCSP responder
server {
listen 11474 ssl;
server_name localhost;
ssl_certificate ocsp-good-cert.pem;
ssl_certificate_key ocsp-good-key.pem;
ssl_stapling on;
ssl_stapling_responder http://127.0.0.1:22221;
ssl_stapling_verify on;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html;
}
}
}

186
conf/ocsp-bad-cert.pem 100644
View File

@ -0,0 +1,186 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6 (0x6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL intermediate CA 1/emailAddress=info@wolfssl.com
Validity
Not Before: Dec 30 19:12:46 2015 GMT
Not After : Sep 25 19:12:46 2018 GMT
Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=www2.wolfssl.com/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c6:35:8a:e8:aa:bd:33:c9:5e:84:43:67:42:65:
2a:3c:e3:89:b4:a6:67:a1:3b:ee:6d:85:d1:d3:2b:
6e:b1:62:d4:f1:22:43:a0:d5:b7:a5:7d:b5:f5:6c:
09:06:7c:8c:ef:87:af:4f:34:ce:27:eb:f3:4a:37:
57:c3:d7:d8:ee:e4:a0:77:65:2c:a7:c2:10:65:6b:
7b:48:c4:d8:28:fe:4c:4e:4f:7e:2f:20:c4:49:5b:
71:38:40:0d:36:a3:57:b3:44:da:be:cd:54:14:15:
66:0f:d3:05:08:f2:2e:03:67:2e:5c:5d:e1:b0:e6:
c0:25:8f:58:77:5b:d3:d7:a8:22:ea:56:d3:0e:01:
6d:38:34:56:47:aa:12:c4:ba:2a:ef:ec:18:f5:d4:
db:b9:fa:6f:dc:50:eb:ee:10:a2:14:b5:9a:12:e1:
e3:85:0f:79:14:b8:70:6d:0d:1c:1d:38:57:85:6a:
82:0c:d6:bd:2c:bf:20:f1:28:2e:f6:34:80:a7:0d:
32:82:35:4f:c1:b1:e5:9e:26:d5:f8:b9:39:57:43:
ef:ed:f1:10:5c:3e:32:ba:d9:e4:9e:40:cd:28:ea:
26:46:9b:a9:34:8d:9f:b9:fd:45:7d:14:f7:ce:ca:
3b:85:87:a7:64:74:9c:65:29:18:b3:f5:b1:ad:92:
62:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
7D:6D:FD:F6:0B:4F:3F:4A:62:91:F5:F3:13:60:51:86:C3:5A:9F:D6
X509v3 Authority Key Identifier:
keyid:83:C6:3A:89:2C:81:F4:02:D7:9D:4C:E2:2A:C0:71:82:64:44:DA:0E
DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com
serial:01
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment
Authority Information Access:
OCSP - URI:http://127.0.0.1:22221
Signature Algorithm: sha256WithRSAEncryption
dd:b6:17:51:62:83:8d:32:7f:2f:21:2f:0a:ea:6b:3f:f0:c9:
59:9d:1e:4b:82:7d:aa:1d:6d:a8:f5:c0:20:78:a8:fd:a3:ca:
cb:1f:2b:99:28:97:d2:ce:71:48:95:82:ee:e4:a4:d9:32:75:
7f:1d:b2:97:8d:5c:3c:96:9a:b9:4c:05:fe:d1:af:81:4a:25:
c5:66:a1:f3:c7:0e:f3:76:db:3d:a2:87:7e:5c:c4:0a:d3:d3:
97:a1:7c:46:fc:94:2c:dc:0a:7e:a1:b2:f2:7f:c7:cb:d9:7a:
c2:fa:8d:5b:4a:75:c0:e4:dc:57:4b:84:2a:5a:84:35:13:7b:
15:49:a0:e8:9e:d8:1d:90:a4:99:4e:a4:dd:fc:ba:d3:f5:12:
aa:36:f2:87:04:b4:09:04:6f:94:a1:18:3e:46:ce:ae:55:f4:
0f:d8:26:ee:11:cf:d4:8e:e5:33:da:17:e2:ad:43:05:50:e2:
38:c7:d2:15:18:23:f0:fa:cd:cc:b3:e9:ea:00:5a:af:29:90:
6a:69:8c:ba:c8:f7:84:84:57:0d:80:b1:10:2c:bd:9d:33:42:
6d:f1:58:d5:b4:6a:79:e4:26:8f:41:ef:a2:b5:84:6b:c2:6d:
be:5e:76:8f:29:25:13:e8:ba:dd:aa:64:3e:74:bc:90:2d:aa:
bb:1a:cd:c9
-----BEGIN CERTIFICATE-----
MIIE7jCCA9agAwIBAgIBBjANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM
B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NM
IGludGVybWVkaWF0ZSBDQSAxMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
Y29tMB4XDTE1MTIzMDE5MTI0NloXDTE4MDkyNTE5MTI0NlowgZgxCzAJBgNVBAYT
AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD
VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEZMBcGA1UEAwwQd3d3
Mi53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMY1iuiqvTPJXoRDZ0JlKjzj
ibSmZ6E77m2F0dMrbrFi1PEiQ6DVt6V9tfVsCQZ8jO+Hr080zifr80o3V8PX2O7k
oHdlLKfCEGVre0jE2Cj+TE5Pfi8gxElbcThADTajV7NE2r7NVBQVZg/TBQjyLgNn
Llxd4bDmwCWPWHdb09eoIupW0w4BbTg0VkeqEsS6Ku/sGPXU27n6b9xQ6+4QohS1
mhLh44UPeRS4cG0NHB04V4VqggzWvSy/IPEoLvY0gKcNMoI1T8Gx5Z4m1fi5OVdD
7+3xEFw+MrrZ5J5AzSjqJkabqTSNn7n9RX0U987KO4WHp2R0nGUpGLP1sa2SYjkC
AwEAAaOCATYwggEyMAkGA1UdEwQCMAAwHQYDVR0OBBYEFH1t/fYLTz9KYpH18xNg
UYbDWp/WMIHEBgNVHSMEgbwwgbmAFIPGOoksgfQC151M4irAcYJkRNoOoYGdpIGa
MIGXMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwH
U2VhdHRsZTEQMA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcx
GDAWBgNVBAMMD3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3
b2xmc3NsLmNvbYIBATALBgNVHQ8EBAMCBeAwMgYIKwYBBQUHAQEEJjAkMCIGCCsG
AQUFBzABhhZodHRwOi8vMTI3LjAuMC4xOjIyMjIxMA0GCSqGSIb3DQEBCwUAA4IB
AQDdthdRYoONMn8vIS8K6ms/8MlZnR5Lgn2qHW2o9cAgeKj9o8rLHyuZKJfSznFI
lYLu5KTZMnV/HbKXjVw8lpq5TAX+0a+BSiXFZqHzxw7zdts9ood+XMQK09OXoXxG
/JQs3Ap+obLyf8fL2XrC+o1bSnXA5NxXS4QqWoQ1E3sVSaDontgdkKSZTqTd/LrT
9RKqNvKHBLQJBG+UoRg+Rs6uVfQP2CbuEc/UjuUz2hfirUMFUOI4x9IVGCPw+s3M
s+nqAFqvKZBqaYy6yPeEhFcNgLEQLL2dM0Jt8VjVtGp55CaPQe+itYRrwm2+XnaP
KSUT6LrdqmQ+dLyQLaq7Gs3J
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com
Validity
Not Before: Dec 30 19:12:46 2015 GMT
Not After : Sep 25 19:12:46 2018 GMT
Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL intermediate CA 1/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:de:b4:c8:5c:77:e0:2d:b1:f5:b9:ad:16:47:35:
a0:35:65:65:c6:e1:40:ab:1e:b4:b9:13:b7:cb:8c:
bb:77:a5:76:da:6d:87:87:f6:4a:4d:13:e4:26:3e:
27:87:ee:5b:c7:6a:3f:45:30:61:55:5c:f6:35:d1:
65:fa:98:11:a3:a7:55:d5:be:91:82:4b:fc:be:90:
d6:50:53:63:9a:2c:22:e1:35:11:dc:78:02:97:8a:
e4:46:92:9c:53:08:76:de:1f:53:b6:b8:ca:77:3e:
79:6e:bc:d0:e3:0d:30:5b:4c:f6:94:0d:30:29:64:
9f:04:e5:db:fb:89:60:67:bb:af:26:83:51:77:24:
2f:2b:0b:a1:94:81:10:98:e8:eb:26:a8:1e:7c:e4:
c4:6c:67:06:95:55:4a:dd:52:f4:f2:60:6d:01:2b:
19:91:35:6d:a4:08:47:06:71:24:00:d9:de:c6:56:
f3:8b:53:2c:e2:9a:96:a5:f3:62:e5:c4:e3:23:f2:
d2:fc:21:ea:0f:62:76:8d:d5:99:48:ce:dc:58:c4:
bb:7f:da:94:2c:80:74:83:c5:e0:b0:15:7e:41:fd:
0e:f2:f4:f0:78:76:7b:ad:26:0d:aa:48:96:17:2f:
21:e3:95:2b:26:37:f9:aa:80:2f:fe:de:f6:5e:bc:
97:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:TRUE
X509v3 Subject Key Identifier:
83:C6:3A:89:2C:81:F4:02:D7:9D:4C:E2:2A:C0:71:82:64:44:DA:0E
X509v3 Authority Key Identifier:
keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21
DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com
serial:63
X509v3 Key Usage:
Certificate Sign, CRL Sign
Authority Information Access:
OCSP - URI:http://127.0.0.1:22220
Signature Algorithm: sha256WithRSAEncryption
0f:a2:19:93:09:2f:c8:c5:91:62:2b:1e:9c:69:93:ea:5f:f1:
5e:b8:15:8e:0f:c9:82:08:3a:6b:60:3f:ad:1b:fa:47:94:a7:
31:33:34:6c:cf:09:63:fd:8c:de:62:c4:2e:5f:71:19:2e:a8:
96:63:37:16:e7:bf:37:67:2d:46:36:72:d0:e4:03:a7:89:a1:
e4:4c:2f:76:31:79:0d:84:ae:c8:61:cf:98:03:2f:12:fc:17:
60:60:88:b0:96:a0:a8:59:f5:96:1d:3d:1e:e0:c0:26:fd:1b:
3e:42:73:ad:1d:39:0f:ff:d9:f0:71:52:e3:9a:9b:7a:b4:a2:
af:50:e7:33:7f:66:40:65:bd:31:0c:c9:21:b0:d1:3f:df:b6:
77:e5:05:ca:24:b9:72:c9:82:c6:9f:be:12:f6:5d:39:34:b7:
20:df:e1:24:c3:b2:fe:98:b6:d3:6c:3e:43:62:6b:e2:6d:56:
65:99:3e:aa:2e:a8:cb:82:2d:9b:11:da:8a:b6:63:20:12:c7:
a0:5b:5d:5b:09:29:47:50:ad:4e:1f:68:29:d2:d9:0e:5f:5c:
83:e8:e6:fd:c7:e5:f9:14:0d:14:8e:6e:34:dd:4f:ec:01:75:
54:2d:24:c8:c6:98:c3:7f:d8:1d:4f:c5:ae:e0:b2:8e:f5:a8:
bb:4b:1f:aa
-----BEGIN CERTIFICATE-----
MIIE8DCCA9igAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM
B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM
IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx
MjMwMTkxMjQ2WhcNMTgwOTI1MTkxMjQ2WjCBoTELMAkGA1UEBhMCVVMxEzARBgNV
BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT
U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NMIGludGVy
bWVkaWF0ZSBDQSAxMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3rTIXHfgLbH1ua0WRzWgNWVl
xuFAqx60uRO3y4y7d6V22m2Hh/ZKTRPkJj4nh+5bx2o/RTBhVVz2NdFl+pgRo6dV
1b6Rgkv8vpDWUFNjmiwi4TUR3HgCl4rkRpKcUwh23h9TtrjKdz55brzQ4w0wW0z2
lA0wKWSfBOXb+4lgZ7uvJoNRdyQvKwuhlIEQmOjrJqgefOTEbGcGlVVK3VL08mBt
ASsZkTVtpAhHBnEkANnexlbzi1Ms4pqWpfNi5cTjI/LS/CHqD2J2jdWZSM7cWMS7
f9qULIB0g8XgsBV+Qf0O8vTweHZ7rSYNqkiWFy8h45UrJjf5qoAv/t72XryXfwID
AQABo4IBOTCCATUwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUg8Y6iSyB9ALXnUzi
KsBxgmRE2g4wgcQGA1UdIwSBvDCBuYAUc7AcpC+Cy89HpTjXsASCOn5yFSGhgZ2k
gZowgZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQH
DAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmlu
ZzEYMBYGA1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkBFhBpbmZv
QHdvbGZzc2wuY29tggFjMAsGA1UdDwQEAwIBBjAyBggrBgEFBQcBAQQmMCQwIgYI
KwYBBQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6MjIyMjAwDQYJKoZIhvcNAQELBQAD
ggEBAA+iGZMJL8jFkWIrHpxpk+pf8V64FY4PyYIIOmtgP60b+keUpzEzNGzPCWP9
jN5ixC5fcRkuqJZjNxbnvzdnLUY2ctDkA6eJoeRML3YxeQ2Ershhz5gDLxL8F2Bg
iLCWoKhZ9ZYdPR7gwCb9Gz5Cc60dOQ//2fBxUuOam3q0oq9Q5zN/ZkBlvTEMySGw
0T/ftnflBcokuXLJgsafvhL2XTk0tyDf4STDsv6YttNsPkNia+JtVmWZPqouqMuC
LZsR2oq2YyASx6BbXVsJKUdQrU4faCnS2Q5fXIPo5v3H5fkUDRSObjTdT+wBdVQt
JMjGmMN/2B1Pxa7gso71qLtLH6o=
-----END CERTIFICATE-----

28
conf/ocsp-bad-key.pem 100644
View File

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDGNYroqr0zyV6E
Q2dCZSo844m0pmehO+5thdHTK26xYtTxIkOg1belfbX1bAkGfIzvh69PNM4n6/NK
N1fD19ju5KB3ZSynwhBla3tIxNgo/kxOT34vIMRJW3E4QA02o1ezRNq+zVQUFWYP
0wUI8i4DZy5cXeGw5sAlj1h3W9PXqCLqVtMOAW04NFZHqhLEuirv7Bj11Nu5+m/c
UOvuEKIUtZoS4eOFD3kUuHBtDRwdOFeFaoIM1r0svyDxKC72NICnDTKCNU/BseWe
JtX4uTlXQ+/t8RBcPjK62eSeQM0o6iZGm6k0jZ+5/UV9FPfOyjuFh6dkdJxlKRiz
9bGtkmI5AgMBAAECggEAL6rWwke1gsvNyD8xiR0tQEF0b5aJW5Q/LeW95WwPjed3
0Jnt67MaHFmUNfaKYR35Au39si2/2of7FYEjwTyatjETikMxrxKTwOBNYN2+InWt
wjOJ5CmcKwwruVxmERrNT5aiiLp2mvHefrXAAzvC5xycYKhPS6zizuWfX+0ckEM5
yJnl8TRTjfqExxHS1ciTY4B1w8nfWdYY/xiQW23sCPZ8toqsqAuHJjREmMcj+oer
z8Md1tZNa0ujDy0ejSovCnqzWIi4Umg3SndhRDYKNRAFGPNQmYRM+EWEqQufMaXP
ghD+Heb5RUPSkNW98KdjDGK4WiIeqF45tb+YQ4AvgQKBgQDt2X+FMHG/s7FAEAxA
x6TzIcDedqwEKtO3JbaC+Q0FKwRTGwP1tGOnyqbVrw4cSlza5EvUnK8CZK9I2HFd
qfbP3rtFCtHl9/bpVZPNkaVImzqkfmzmGJIREsCDIPu8THFNyxL2TC27VKCNsSmZ
ui2tuxRJ6/O0DroGdvdnFL89SQKBgQDVVaZjiA5Cr1e5Eo6q3dNNeMSBfTuI90Ja
W1OmVovp2yWYjfFFTW2B9vb4RDaRvIuykGhHgAnGKGmHtv7f0GlY7n6Qr0czvyn5
6s+fRVIcPzEaTVnxC1g20+XHc41XdqnIOcaUjUz7oqC6g7+Y56WKdvvKitV0Lb98
ua7ZOM6tcQKBgGWtRMY7H2VD+9HXCmXm8qy9ESYItSBS7o6soIj8zoQXD5I3SkoP
A0sHZqqSWwXdBDTOw1vwXyA2ynfpjwzrS4cxP/0T0wbsKbE11ClcybtwIHGRWhxD
BK4nxgRIZVTpmMYYudJwXlxmoPvxcEc3P6+0+cdgBp5CbWO2F60JQXeBAoGAHxLs
u46z1Q7JTlHfqg/JmX0/0kS1iUvKxHKNCquMkbG0FjaGsDuI+edJLfxxnmTCTG4w
YknKIqz8QiJrmZo33hZPJTACxQzRRm/nciGcxjSGKHif4zZt0P6od5bjPZwxOtL/
k9/JGNYlZ0WNgO4s9LBEGMqEMPoA7F/3kfhuUmECgYEA6WzFZjs31OqTLE0vnCfL
/b/wPeozaAyjtR/24TNkAFwP/LrBAA5gFOoL8p94ce87yXdm80x3bK6OGbNmor7c
qT/OJgnXV1wTrKYSkFUu7LTC7DihpYy2MqyGg8xGxB4kK1IR+ROB4v3c5RkIqaGF
lTSpXFge771NjCimucIOl/Y=
-----END PRIVATE KEY-----

186
conf/ocsp-good-cert.pem 100644
View File

@ -0,0 +1,186 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5 (0x5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL intermediate CA 1/emailAddress=info@wolfssl.com
Validity
Not Before: Dec 30 19:12:46 2015 GMT
Not After : Sep 25 19:12:46 2018 GMT
Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=www1.wolfssl.com/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:e6:96:55:75:cf:8a:97:68:8c:b6:38:f6:7a:05:
be:33:b6:51:47:37:8a:f7:db:91:be:92:6b:b7:00:
8c:f2:c5:24:6e:18:e9:92:00:81:01:dc:b3:4c:28:
a9:b7:80:f1:96:cf:23:7a:2f:ae:f8:e3:0f:2d:d3:
5e:23:e7:db:4c:b2:5d:89:16:17:be:be:81:db:fb:
12:6d:28:4b:10:a0:12:04:27:c1:c9:d0:79:95:ef:
e8:8d:8c:59:9b:4e:72:7d:bc:49:2b:22:4e:f8:4f:
e2:0c:f1:e9:e9:97:f9:df:8c:5a:0a:aa:38:1d:43:
04:a3:a7:89:a1:e2:83:a4:4b:b5:4e:45:88:a6:22:
5d:ac:a9:58:67:88:c1:d5:61:ef:bd:11:05:27:94:
47:bb:33:a5:8a:ca:ee:1f:8d:c0:6e:24:af:cd:ca:
bf:80:47:71:95:ac:a9:f1:5d:23:6c:f5:4b:b4:a9:
e1:c4:66:fb:e5:c4:a1:9f:a7:51:d1:78:cd:2e:b4:
3f:2e:e2:82:f3:7f:c4:a7:f4:31:cf:76:27:3f:db:
2e:d2:6e:c3:47:23:82:a3:48:40:8c:a7:c1:13:f0:
63:50:54:43:f6:71:12:e1:6f:a5:7a:58:26:f7:fd:
8b:3b:70:18:a0:43:ba:01:6b:b3:f8:d5:be:05:13:
64:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
CC:55:15:00:E2:44:89:92:63:6D:10:5D:B9:9E:73:B6:5D:3A:19:CA
X509v3 Authority Key Identifier:
keyid:83:C6:3A:89:2C:81:F4:02:D7:9D:4C:E2:2A:C0:71:82:64:44:DA:0E
DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com
serial:01
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment
Authority Information Access:
OCSP - URI:http://127.0.0.1:22221
Signature Algorithm: sha256WithRSAEncryption
05:65:8d:f5:fa:47:b1:4d:b9:9b:86:b0:18:9d:c8:94:64:7d:
16:5e:69:69:bb:62:06:9d:8c:be:4f:83:22:f1:0a:7d:ae:f5:
ca:68:78:63:b2:bc:43:12:4f:d3:eb:ce:30:82:d6:be:81:c0:
68:f4:3b:97:5f:3a:2c:88:62:36:0b:83:1d:ba:56:b1:06:65:
cd:4d:ac:1d:92:3f:73:77:10:5b:17:44:1f:66:cf:a8:f2:1f:
18:29:c0:5f:20:b6:cb:15:d4:35:b1:b0:a6:41:a8:6e:f0:29:
83:28:3b:4a:68:e5:b7:42:2f:b4:8a:96:ed:65:84:de:0b:72:
6f:2b:91:10:56:7f:cd:89:5e:22:30:cc:5a:df:39:88:a9:ea:
af:1d:ba:9a:8a:3d:61:a6:c7:45:2d:ce:9f:76:f9:b2:45:9d:
19:68:5d:e7:d6:3e:32:0e:65:83:79:63:81:0e:b5:44:51:47:
9c:a7:6a:c1:5a:04:36:f3:b9:be:4d:76:80:55:2a:76:cd:61:
15:c1:1a:5f:1f:62:b5:0f:ad:7f:48:66:81:eb:7a:04:b4:0a:
92:a4:40:ff:bf:59:34:86:5c:1b:79:10:b4:d4:09:fa:45:3d:
4f:bf:4c:30:b3:18:f2:b9:e9:8d:7c:5f:c0:67:ea:94:fb:ac:
2e:90:ef:0d
-----BEGIN CERTIFICATE-----
MIIE7jCCA9agAwIBAgIBBTANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM
B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NM
IGludGVybWVkaWF0ZSBDQSAxMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
Y29tMB4XDTE1MTIzMDE5MTI0NloXDTE4MDkyNTE5MTI0NlowgZgxCzAJBgNVBAYT
AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD
VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEZMBcGA1UEAwwQd3d3
MS53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOaWVXXPipdojLY49noFvjO2
UUc3ivfbkb6Sa7cAjPLFJG4Y6ZIAgQHcs0woqbeA8ZbPI3ovrvjjDy3TXiPn20yy
XYkWF76+gdv7Em0oSxCgEgQnwcnQeZXv6I2MWZtOcn28SSsiTvhP4gzx6emX+d+M
WgqqOB1DBKOniaHig6RLtU5FiKYiXaypWGeIwdVh770RBSeUR7szpYrK7h+NwG4k
r83Kv4BHcZWsqfFdI2z1S7Sp4cRm++XEoZ+nUdF4zS60Py7igvN/xKf0Mc92Jz/b
LtJuw0cjgqNIQIynwRPwY1BUQ/ZxEuFvpXpYJvf9iztwGKBDugFrs/jVvgUTZDEC
AwEAAaOCATYwggEyMAkGA1UdEwQCMAAwHQYDVR0OBBYEFMxVFQDiRImSY20QXbme
c7ZdOhnKMIHEBgNVHSMEgbwwgbmAFIPGOoksgfQC151M4irAcYJkRNoOoYGdpIGa
MIGXMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwH
U2VhdHRsZTEQMA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcx
GDAWBgNVBAMMD3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3
b2xmc3NsLmNvbYIBATALBgNVHQ8EBAMCBeAwMgYIKwYBBQUHAQEEJjAkMCIGCCsG
AQUFBzABhhZodHRwOi8vMTI3LjAuMC4xOjIyMjIxMA0GCSqGSIb3DQEBCwUAA4IB
AQAFZY31+kexTbmbhrAYnciUZH0WXmlpu2IGnYy+T4Mi8Qp9rvXKaHhjsrxDEk/T
684wgta+gcBo9DuXXzosiGI2C4MdulaxBmXNTawdkj9zdxBbF0QfZs+o8h8YKcBf
ILbLFdQ1sbCmQahu8CmDKDtKaOW3Qi+0ipbtZYTeC3JvK5EQVn/NiV4iMMxa3zmI
qeqvHbqaij1hpsdFLc6fdvmyRZ0ZaF3n1j4yDmWDeWOBDrVEUUecp2rBWgQ287m+
TXaAVSp2zWEVwRpfH2K1D61/SGaB63oEtAqSpED/v1k0hlwbeRC01An6RT1Pv0ww
sxjyuemNfF/AZ+qU+6wukO8N
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com
Validity
Not Before: Dec 30 19:12:46 2015 GMT
Not After : Sep 25 19:12:46 2018 GMT
Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL intermediate CA 1/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:de:b4:c8:5c:77:e0:2d:b1:f5:b9:ad:16:47:35:
a0:35:65:65:c6:e1:40:ab:1e:b4:b9:13:b7:cb:8c:
bb:77:a5:76:da:6d:87:87:f6:4a:4d:13:e4:26:3e:
27:87:ee:5b:c7:6a:3f:45:30:61:55:5c:f6:35:d1:
65:fa:98:11:a3:a7:55:d5:be:91:82:4b:fc:be:90:
d6:50:53:63:9a:2c:22:e1:35:11:dc:78:02:97:8a:
e4:46:92:9c:53:08:76:de:1f:53:b6:b8:ca:77:3e:
79:6e:bc:d0:e3:0d:30:5b:4c:f6:94:0d:30:29:64:
9f:04:e5:db:fb:89:60:67:bb:af:26:83:51:77:24:
2f:2b:0b:a1:94:81:10:98:e8:eb:26:a8:1e:7c:e4:
c4:6c:67:06:95:55:4a:dd:52:f4:f2:60:6d:01:2b:
19:91:35:6d:a4:08:47:06:71:24:00:d9:de:c6:56:
f3:8b:53:2c:e2:9a:96:a5:f3:62:e5:c4:e3:23:f2:
d2:fc:21:ea:0f:62:76:8d:d5:99:48:ce:dc:58:c4:
bb:7f:da:94:2c:80:74:83:c5:e0:b0:15:7e:41:fd:
0e:f2:f4:f0:78:76:7b:ad:26:0d:aa:48:96:17:2f:
21:e3:95:2b:26:37:f9:aa:80:2f:fe:de:f6:5e:bc:
97:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:TRUE
X509v3 Subject Key Identifier:
83:C6:3A:89:2C:81:F4:02:D7:9D:4C:E2:2A:C0:71:82:64:44:DA:0E
X509v3 Authority Key Identifier:
keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21
DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com
serial:63
X509v3 Key Usage:
Certificate Sign, CRL Sign
Authority Information Access:
OCSP - URI:http://127.0.0.1:22220
Signature Algorithm: sha256WithRSAEncryption
0f:a2:19:93:09:2f:c8:c5:91:62:2b:1e:9c:69:93:ea:5f:f1:
5e:b8:15:8e:0f:c9:82:08:3a:6b:60:3f:ad:1b:fa:47:94:a7:
31:33:34:6c:cf:09:63:fd:8c:de:62:c4:2e:5f:71:19:2e:a8:
96:63:37:16:e7:bf:37:67:2d:46:36:72:d0:e4:03:a7:89:a1:
e4:4c:2f:76:31:79:0d:84:ae:c8:61:cf:98:03:2f:12:fc:17:
60:60:88:b0:96:a0:a8:59:f5:96:1d:3d:1e:e0:c0:26:fd:1b:
3e:42:73:ad:1d:39:0f:ff:d9:f0:71:52:e3:9a:9b:7a:b4:a2:
af:50:e7:33:7f:66:40:65:bd:31:0c:c9:21:b0:d1:3f:df:b6:
77:e5:05:ca:24:b9:72:c9:82:c6:9f:be:12:f6:5d:39:34:b7:
20:df:e1:24:c3:b2:fe:98:b6:d3:6c:3e:43:62:6b:e2:6d:56:
65:99:3e:aa:2e:a8:cb:82:2d:9b:11:da:8a:b6:63:20:12:c7:
a0:5b:5d:5b:09:29:47:50:ad:4e:1f:68:29:d2:d9:0e:5f:5c:
83:e8:e6:fd:c7:e5:f9:14:0d:14:8e:6e:34:dd:4f:ec:01:75:
54:2d:24:c8:c6:98:c3:7f:d8:1d:4f:c5:ae:e0:b2:8e:f5:a8:
bb:4b:1f:aa
-----BEGIN CERTIFICATE-----
MIIE8DCCA9igAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM
B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM
IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx
MjMwMTkxMjQ2WhcNMTgwOTI1MTkxMjQ2WjCBoTELMAkGA1UEBhMCVVMxEzARBgNV
BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT
U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NMIGludGVy
bWVkaWF0ZSBDQSAxMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3rTIXHfgLbH1ua0WRzWgNWVl
xuFAqx60uRO3y4y7d6V22m2Hh/ZKTRPkJj4nh+5bx2o/RTBhVVz2NdFl+pgRo6dV
1b6Rgkv8vpDWUFNjmiwi4TUR3HgCl4rkRpKcUwh23h9TtrjKdz55brzQ4w0wW0z2
lA0wKWSfBOXb+4lgZ7uvJoNRdyQvKwuhlIEQmOjrJqgefOTEbGcGlVVK3VL08mBt
ASsZkTVtpAhHBnEkANnexlbzi1Ms4pqWpfNi5cTjI/LS/CHqD2J2jdWZSM7cWMS7
f9qULIB0g8XgsBV+Qf0O8vTweHZ7rSYNqkiWFy8h45UrJjf5qoAv/t72XryXfwID
AQABo4IBOTCCATUwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUg8Y6iSyB9ALXnUzi
KsBxgmRE2g4wgcQGA1UdIwSBvDCBuYAUc7AcpC+Cy89HpTjXsASCOn5yFSGhgZ2k
gZowgZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQH
DAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmlu
ZzEYMBYGA1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkBFhBpbmZv
QHdvbGZzc2wuY29tggFjMAsGA1UdDwQEAwIBBjAyBggrBgEFBQcBAQQmMCQwIgYI
KwYBBQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6MjIyMjAwDQYJKoZIhvcNAQELBQAD
ggEBAA+iGZMJL8jFkWIrHpxpk+pf8V64FY4PyYIIOmtgP60b+keUpzEzNGzPCWP9
jN5ixC5fcRkuqJZjNxbnvzdnLUY2ctDkA6eJoeRML3YxeQ2Ershhz5gDLxL8F2Bg
iLCWoKhZ9ZYdPR7gwCb9Gz5Cc60dOQ//2fBxUuOam3q0oq9Q5zN/ZkBlvTEMySGw
0T/ftnflBcokuXLJgsafvhL2XTk0tyDf4STDsv6YttNsPkNia+JtVmWZPqouqMuC
LZsR2oq2YyASx6BbXVsJKUdQrU4faCnS2Q5fXIPo5v3H5fkUDRSObjTdT+wBdVQt
JMjGmMN/2B1Pxa7gso71qLtLH6o=
-----END CERTIFICATE-----

28
conf/ocsp-good-key.pem 100644
View File

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDmllV1z4qXaIy2
OPZ6Bb4ztlFHN4r325G+kmu3AIzyxSRuGOmSAIEB3LNMKKm3gPGWzyN6L6744w8t
014j59tMsl2JFhe+voHb+xJtKEsQoBIEJ8HJ0HmV7+iNjFmbTnJ9vEkrIk74T+IM
8enpl/nfjFoKqjgdQwSjp4mh4oOkS7VORYimIl2sqVhniMHVYe+9EQUnlEe7M6WK
yu4fjcBuJK/Nyr+AR3GVrKnxXSNs9Uu0qeHEZvvlxKGfp1HReM0utD8u4oLzf8Sn
9DHPdic/2y7SbsNHI4KjSECMp8ET8GNQVEP2cRLhb6V6WCb3/Ys7cBigQ7oBa7P4
1b4FE2QxAgMBAAECggEBAMcAl2DFbOae5FGfd5h3vF8EycCcvuKKLI4775pQb1RV
r8sU1P+cT7o7rsHblh04u0dcHVImNOu3ijISaPyz7R+UEAVve66y23/uf0iVrbL7
cpEDfsudkFFGa30901elrEm3Za5EPcMvrfdeEHH5Jz02876giS032ZkjzjRYOSRg
TuFhiqjRTMfE6AB63KSRWcb6AYEocHV/jF+IEQcz9ctsv6XKKKJtge4+Y3+gQU4N
ALUE6OjBsD5KpMVuMYBSfTucYi5g2eOK05PoCOR8lTqgvsbof+ALj+84zEpG20aK
p0KdMVwiMolXaYcvKBOGPxZKt7sQaIMitbs0iuErMQECgYEA+cLVZh4qkRnsjPVc
/27qC/VLeWo2QAL7TWC7YgkY0MgNtZXRkJZdKOlzYWo/iJmuxHj7eUFLkoHpPNV2
X6WG+CGHD1qq/BqLQNlJKS/MtI2VNzOjBJ/J3SktOGo3BwL+Q5uSRNHukQip0YnD
c9GCU4UhfBHr/UNitMBH6N5aPqUCgYEA7FjjTGomVseF5wNbfw2xLjBmRuQ2DDgJ
/OvCtV6it+OiVU9R+cYcz/hVl1QLIkGBHt5hb8O6np4tW5ehKd5LNTtolIO+/BLL
2xPZCLY7U+LES5dgUTC/wb5t5igAmPuOMi9qNQ1kYxbKYJVLRUdwfOM8FNE4gjZF
kj2BIb6OxZ0CgYEAmuXXvWZ2FdmTGHTPwWdDZjkyHtHdZWO0AXA9pnZn2oxH3FdX
SinHCymFsmPXlVtixV0W8UOqn+lMAruMl5MsGtWIUuBzbLj1pjlcI1wOw+ePJFY1
AxgqdKwl7HgLOqEDmmBwnZfpMi/CSj77ZegIwM2vT6g5yK+zFtCtiGHmbDUCgYBf
L2VLbyzFolGBOk7tGnyTF5b5UguaXC9ZlzGxjc2Gtby5Etr29xy/fUorSgO55hu0
bOdc9b0BCL9HtgeILyim5ag2t+CA8Kj9MD8mTQ4TuK5Jq0t1J2bzBliIau/irN0V
xRbHCv+1EIas4zOPUTgyc+nMkH5roqPeQ7rv9ijV2QKBgQDJiNmAJv3dlie2x+bj
rX5RDF1Q/egVVGx41jPyuzh0oFLwEQG2lSHEAKgF+gWt0ZMwNzPB9oue2LBSpNFl
7ZdpFCpzD+3OcaxnWYEGT+qNhczbf0PvVNBOzOI33Trr7maktWi0Mh9qmXqoNuwG
uCnrEriJlBk2MV88tIG/ZJ+bvQ==
-----END PRIVATE KEY-----

93
conf/ocsp-root-resp-cert.pem 100644
View File

@ -0,0 +1,93 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 99 (0x63)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com
Validity
Not Before: Dec 30 19:12:46 2015 GMT
Not After : Sep 25 19:12:46 2018 GMT
Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:ab:2c:b4:2f:1d:06:09:ef:4e:29:86:84:7e:cc:
bf:a6:79:7c:f0:c0:c1:64:25:8c:75:b7:10:05:ca:
48:27:0c:0e:32:1c:b0:fe:99:85:39:b6:b9:a2:f7:
27:ff:6d:3c:8c:16:73:29:21:7f:8b:a6:54:71:90:
ad:cc:05:b9:9f:15:c7:0a:3f:5f:69:f4:0a:5f:8c:
71:b5:2c:bf:66:e2:03:9a:32:f4:d2:ec:2a:89:4b:
f9:35:88:14:33:47:4e:2e:05:79:01:ed:64:36:76:
b9:f8:85:cd:01:88:ac:c5:b2:b1:59:b8:cd:5a:f4:
09:09:38:9b:da:5a:cf:ce:78:99:1f:49:3d:41:d6:
06:7c:52:99:c8:97:d1:b3:80:3a:a2:4f:36:c4:c5:
96:30:77:31:38:c8:70:cc:e1:67:06:b3:2b:2f:93:
b5:69:cf:83:7e:88:53:9b:0f:46:21:4c:d6:05:36:
44:99:60:68:47:e5:32:01:12:d4:10:73:ae:9a:34:
94:fa:6e:b8:58:4f:7b:5b:8a:92:97:ad:fd:97:b9:
75:ca:c2:d4:45:7d:17:6b:cd:2f:f3:63:7a:0e:30:
b5:0b:a9:d9:a6:7c:74:60:9d:cc:09:03:43:f1:0f:
90:d3:b7:fe:6c:9f:d9:cd:78:4b:15:ae:8c:5b:f9:
99:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:TRUE
X509v3 Subject Key Identifier:
73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21
X509v3 Authority Key Identifier:
keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21
DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com
serial:63
X509v3 Key Usage:
Certificate Sign, CRL Sign
Authority Information Access:
OCSP - URI:http://127.0.0.1:22220
Signature Algorithm: sha256WithRSAEncryption
99:a3:7d:72:17:b7:c0:cd:98:bb:55:fa:f2:ea:9f:17:81:6e:
8e:02:25:c6:4d:42:cd:32:64:13:f4:bf:42:0c:a6:4e:39:45:
52:92:40:ed:16:78:17:a2:45:5e:d9:19:ac:1d:d4:56:68:c8:
55:de:65:ae:ba:72:b0:c0:57:52:5e:5b:08:d9:dd:72:ca:18:
6e:16:61:32:9a:8b:c0:7d:3e:5a:27:bc:2d:81:aa:36:d4:44:
26:52:07:f2:41:3b:d1:0f:2e:64:2e:a7:f8:0f:c3:0e:d3:9d:
73:b9:24:12:e8:ca:28:db:4f:48:c2:43:bb:b7:a8:14:be:8d:
3a:2f:d3:3a:1a:eb:5f:15:61:e3:e8:03:65:88:d5:03:7e:25:
7a:35:8d:45:17:3f:0d:10:fd:8e:27:31:65:ee:de:9d:5c:68:
7f:68:95:bc:85:5a:fa:2a:10:37:82:ca:11:84:9b:90:1e:23:
d6:2b:a6:c5:af:89:ef:31:37:56:0a:91:9e:0f:5b:3e:6c:c1:
7d:29:cd:bb:38:3f:0e:cb:fb:05:04:e6:4f:5c:6a:c5:b6:a4:
0f:0b:6a:25:bf:e9:ed:82:19:bb:6b:9a:2e:7d:40:58:0b:45:
0e:ff:c2:73:39:9c:c2:ef:f4:7c:d0:9e:ae:c9:05:e1:e3:5e:
bf:dd:65:6d
-----BEGIN CERTIFICATE-----
MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM
B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM
IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx
MjMwMTkxMjQ2WhcNMTgwOTI1MTkxMjQ2WjCBlzELMAkGA1UEBhMCVVMxEzARBgNV
BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT
U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg
Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQCrLLQvHQYJ704phoR+zL+meXzwwMFkJYx1txAF
ykgnDA4yHLD+mYU5trmi9yf/bTyMFnMpIX+LplRxkK3MBbmfFccKP19p9ApfjHG1
LL9m4gOaMvTS7CqJS/k1iBQzR04uBXkB7WQ2drn4hc0BiKzFsrFZuM1a9AkJOJva
Ws/OeJkfST1B1gZ8UpnIl9GzgDqiTzbExZYwdzE4yHDM4WcGsysvk7Vpz4N+iFOb
D0YhTNYFNkSZYGhH5TIBEtQQc66aNJT6brhYT3tbipKXrf2XuXXKwtRFfRdrzS/z
Y3oOMLULqdmmfHRgncwJA0PxD5DTt/5sn9nNeEsVroxb+ZmBAgMBAAGjggE5MIIB
NTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBRzsBykL4LLz0elONewBII6fnIVITCB
xAYDVR0jBIG8MIG5gBRzsBykL4LLz0elONewBII6fnIVIaGBnaSBmjCBlzELMAkG
A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx
EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD
DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW
aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAmaN9che3
wM2Yu1X68uqfF4FujgIlxk1CzTJkE/S/QgymTjlFUpJA7RZ4F6JFXtkZrB3UVmjI
Vd5lrrpysMBXUl5bCNndcsoYbhZhMpqLwH0+Wie8LYGqNtREJlIH8kE70Q8uZC6n
+A/DDtOdc7kkEujKKNtPSMJDu7eoFL6NOi/TOhrrXxVh4+gDZYjVA34lejWNRRc/
DRD9jicxZe7enVxof2iVvIVa+ioQN4LKEYSbkB4j1iumxa+J7zE3VgqRng9bPmzB
fSnNuzg/Dsv7BQTmT1xqxbakDwtqJb/p7YIZu2uaLn1AWAtFDv/Cczmcwu/0fNCe
rskF4eNev91lbQ==
-----END CERTIFICATE-----

17
conf/scgi_params 100644
View File

@ -0,0 +1,17 @@
scgi_param REQUEST_METHOD $request_method;
scgi_param REQUEST_URI $request_uri;
scgi_param QUERY_STRING $query_string;
scgi_param CONTENT_TYPE $content_type;
scgi_param DOCUMENT_URI $document_uri;
scgi_param DOCUMENT_ROOT $document_root;
scgi_param SCGI 1;
scgi_param SERVER_PROTOCOL $server_protocol;
scgi_param REQUEST_SCHEME $scheme;
scgi_param HTTPS $https if_not_empty;
scgi_param REMOTE_ADDR $remote_addr;
scgi_param REMOTE_PORT $remote_port;
scgi_param SERVER_PORT $server_port;
scgi_param SERVER_NAME $server_name;

1
conf/ticket_keys 100644
View File

@ -0,0 +1 @@
îÞKÚÌy<C38C>u<EFBFBD>8Ã1ã~òžbÇó€S ]x<>1áx%2\<5C>K¯jy{‘ÿœ

17
conf/uwsgi_params 100644
View File

@ -0,0 +1,17 @@
uwsgi_param QUERY_STRING $query_string;
uwsgi_param REQUEST_METHOD $request_method;
uwsgi_param CONTENT_TYPE $content_type;
uwsgi_param CONTENT_LENGTH $content_length;
uwsgi_param REQUEST_URI $request_uri;
uwsgi_param PATH_INFO $document_uri;
uwsgi_param DOCUMENT_ROOT $document_root;
uwsgi_param SERVER_PROTOCOL $server_protocol;
uwsgi_param REQUEST_SCHEME $scheme;
uwsgi_param HTTPS $https if_not_empty;
uwsgi_param REMOTE_ADDR $remote_addr;
uwsgi_param REMOTE_PORT $remote_port;
uwsgi_param SERVER_PORT $server_port;
uwsgi_param SERVER_NAME $server_name;

126
conf/win-utf 100644
View File

@ -0,0 +1,126 @@
# This map is not a full windows-1251 <> utf8 map: it does not
# contain Serbian and Macedonian letters. If you need a full map,
# use contrib/unicode2nginx/win-utf map instead.
charset_map windows-1251 utf-8 {
82 E2809A ; # single low-9 quotation mark
84 E2809E ; # double low-9 quotation mark
85 E280A6 ; # ellipsis
86 E280A0 ; # dagger
87 E280A1 ; # double dagger
88 E282AC ; # euro
89 E280B0 ; # per mille
91 E28098 ; # left single quotation mark
92 E28099 ; # right single quotation mark
93 E2809C ; # left double quotation mark
94 E2809D ; # right double quotation mark
95 E280A2 ; # bullet
96 E28093 ; # en dash
97 E28094 ; # em dash
99 E284A2 ; # trade mark sign
A0 C2A0 ; # &nbsp;
A1 D18E ; # capital Byelorussian short U
A2 D19E ; # small Byelorussian short u
A4 C2A4 ; # currency sign
A5 D290 ; # capital Ukrainian soft G
A6 C2A6 ; # borken bar
A7 C2A7 ; # section sign
A8 D081 ; # capital YO
A9 C2A9 ; # (C)
AA D084 ; # capital Ukrainian YE
AB C2AB ; # left-pointing double angle quotation mark
AC C2AC ; # not sign
AD C2AD ; # soft hypen
AE C2AE ; # (R)
AF D087 ; # capital Ukrainian YI
B0 C2B0 ; # &deg;
B1 C2B1 ; # plus-minus sign
B2 D086 ; # capital Ukrainian I
B3 D196 ; # small Ukrainian i
B4 D291 ; # small Ukrainian soft g
B5 C2B5 ; # micro sign
B6 C2B6 ; # pilcrow sign
B7 C2B7 ; # &middot;
B8 D191 ; # small yo
B9 E28496 ; # numero sign
BA D194 ; # small Ukrainian ye
BB C2BB ; # right-pointing double angle quotation mark
BF D197 ; # small Ukrainian yi
C0 D090 ; # capital A
C1 D091 ; # capital B
C2 D092 ; # capital V
C3 D093 ; # capital G
C4 D094 ; # capital D
C5 D095 ; # capital YE
C6 D096 ; # capital ZH
C7 D097 ; # capital Z
C8 D098 ; # capital I
C9 D099 ; # capital J
CA D09A ; # capital K
CB D09B ; # capital L
CC D09C ; # capital M
CD D09D ; # capital N
CE D09E ; # capital O
CF D09F ; # capital P
D0 D0A0 ; # capital R
D1 D0A1 ; # capital S
D2 D0A2 ; # capital T
D3 D0A3 ; # capital U
D4 D0A4 ; # capital F
D5 D0A5 ; # capital KH
D6 D0A6 ; # capital TS
D7 D0A7 ; # capital CH
D8 D0A8 ; # capital SH
D9 D0A9 ; # capital SHCH
DA D0AA ; # capital hard sign
DB D0AB ; # capital Y
DC D0AC ; # capital soft sign
DD D0AD ; # capital E
DE D0AE ; # capital YU
DF D0AF ; # capital YA
E0 D0B0 ; # small a
E1 D0B1 ; # small b
E2 D0B2 ; # small v
E3 D0B3 ; # small g
E4 D0B4 ; # small d
E5 D0B5 ; # small ye
E6 D0B6 ; # small zh
E7 D0B7 ; # small z
E8 D0B8 ; # small i
E9 D0B9 ; # small j
EA D0BA ; # small k
EB D0BB ; # small l
EC D0BC ; # small m
ED D0BD ; # small n
EE D0BE ; # small o
EF D0BF ; # small p
F0 D180 ; # small r
F1 D181 ; # small s
F2 D182 ; # small t
F3 D183 ; # small u
F4 D184 ; # small f
F5 D185 ; # small kh
F6 D186 ; # small ts
F7 D187 ; # small ch
F8 D188 ; # small sh
F9 D189 ; # small shch
FA D18A ; # small hard sign
FB D18B ; # small y
FC D18C ; # small soft sign
FD D18D ; # small e
FE D18E ; # small yu
FF D18F ; # small ya
}

25
html/index.html 100644
View File

@ -0,0 +1,25 @@
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>

15
nginx-1.10.3-wolfssl-debug.patch 100644
View File

@ -0,0 +1,15 @@
diff -ur nginx-1.10.3-wolfssl/src/event/ngx_event_openssl.c nginx-1.10.3-wolfssl-debug/src/event/ngx_event_openssl.c
--- nginx-1.10.3-wolfssl/src/event/ngx_event_openssl.c 2017-04-13 15:37:30.867368905 +1000
+++ nginx-1.10.3-wolfssl-debug/src/event/ngx_event_openssl.c 2017-04-13 15:43:02.561501608 +1000
@@ -128,6 +128,11 @@
#endif
+#ifdef WOLFSSL_NGINX
+ /* Turn on internal wolfssl debugging to stdout */
+ wolfSSL_Debugging_ON();
+#endif
+
#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
#ifndef SSL_OP_NO_COMPRESSION
{

258
nginx-1.10.3-wolfssl.patch 100644
View File

@ -0,0 +1,258 @@
diff -ur nginx-1.10.3/auto/lib/openssl/conf nginx-1.10.3-wolfssl/auto/lib/openssl/conf
--- nginx-1.10.3/auto/lib/openssl/conf 2017-02-01 01:01:11.000000000 +1000
+++ nginx-1.10.3-wolfssl/auto/lib/openssl/conf 2017-04-13 10:38:27.614124846 +1000
@@ -53,8 +53,34 @@
ngx_feature_path=
ngx_feature_libs="-lssl -lcrypto $NGX_LIBDL"
ngx_feature_test="SSL_CTX_set_options(NULL, 0)"
+
+ if [ $WOLFSSL != NONE ]; then
+ ngx_feature="wolfSSL library in $WOLFSSL"
+ ngx_feature_path="$WOLFSSL/include/wolfssl $WOLFSSL/include"
+
+ if [ $NGX_RPATH = YES ]; then
+ ngx_feature_libs="-R$WOLFSSL/lib -L$WOLFSSL/lib -lwolfssl $NGX_LIBDL"
+ else
+ ngx_feature_libs="-L$WOLFSSL/lib -lwolfssl $NGX_LIBDL"
+ fi
+
+ CORE_INCS="$CORE_INCS $WOLFSSL/include/wolfssl $WOLFSSL/include"
+ CFLAGS="$CFLAGS -DWOLFSSL_NGINX"
+ fi
+
. auto/feature
+ if [ $WOLFSSL != NONE -a $ngx_found = no ]; then
+cat << END
+
+$0: error: Could not find wolfSSL at $WOLFSSL/include/wolfssl.
+SSL modules require the wolfSSL library.
+
+END
+ exit 1
+ fi
+
+
if [ $ngx_found = no ]; then
# FreeBSD port
diff -ur nginx-1.10.3/auto/options nginx-1.10.3-wolfssl/auto/options
--- nginx-1.10.3/auto/options 2017-02-01 01:01:11.000000000 +1000
+++ nginx-1.10.3-wolfssl/auto/options 2017-04-13 10:38:27.614124846 +1000
@@ -133,6 +133,7 @@
PCRE_CONF_OPT=
PCRE_JIT=NO
+WOLFSSL=NONE
USE_OPENSSL=NO
OPENSSL=NONE
@@ -330,6 +331,7 @@
--with-pcre-opt=*) PCRE_OPT="$value" ;;
--with-pcre-jit) PCRE_JIT=YES ;;
+ --with-wolfssl=*) WOLFSSL="$value" ;;
--with-openssl=*) OPENSSL="$value" ;;
--with-openssl-opt=*) OPENSSL_OPT="$value" ;;
diff -ur nginx-1.10.3/src/event/ngx_event_openssl.c nginx-1.10.3-wolfssl/src/event/ngx_event_openssl.c
--- nginx-1.10.3/src/event/ngx_event_openssl.c 2017-02-01 01:01:11.000000000 +1000
+++ nginx-1.10.3-wolfssl/src/event/ngx_event_openssl.c 2017-04-13 15:37:30.867368905 +1000
@@ -55,7 +55,7 @@
HMAC_CTX *hctx, int enc);
#endif
-#if OPENSSL_VERSION_NUMBER < 0x10002002L
+#if OPENSSL_VERSION_NUMBER < 0x10002002L && !defined(WOLFSSL_NGINX)
static ngx_int_t ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *str);
#endif
@@ -304,6 +304,10 @@
SSL_CTX_set_info_callback(ssl->ctx, ngx_ssl_info_callback);
+#ifdef WOLFSSL_NGINX
+ SSL_CTX_set_verify(ssl->ctx, SSL_VERIFY_NONE, NULL);
+#endif
+
return NGX_OK;
}
@@ -361,8 +365,6 @@
return NGX_ERROR;
}
- X509_free(x509);
-
/* read rest of the chain */
for ( ;; ) {
@@ -527,6 +529,13 @@
return size;
}
+ngx_int_t
+ngx_ssl_set_verify_on(ngx_conf_t *cf, ngx_ssl_t *ssl)
+{
+ SSL_CTX_set_verify(ssl->ctx, SSL_VERIFY_PEER, ngx_ssl_verify_callback);
+
+ return NGX_OK;
+}
ngx_int_t
ngx_ssl_client_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert,
@@ -2971,6 +2980,11 @@
ngx_ssl_cleanup_ctx(void *data)
{
ngx_ssl_t *ssl = data;
+ X509 *x509;
+
+ x509 = SSL_CTX_get_ex_data(ssl->ctx, ngx_ssl_certificate_index);
+ if (x509 != NULL)
+ X509_free(x509);
SSL_CTX_free(ssl->ctx);
}
@@ -2986,7 +3000,7 @@
return NGX_ERROR;
}
-#if OPENSSL_VERSION_NUMBER >= 0x10002002L
+#if OPENSSL_VERSION_NUMBER >= 0x10002002L || defined(WOLFSSL_NGINX)
/* X509_check_host() is only available in OpenSSL 1.0.2+ */
@@ -3103,7 +3117,7 @@
}
-#if OPENSSL_VERSION_NUMBER < 0x10002002L
+#if OPENSSL_VERSION_NUMBER < 0x10002002L && !defined(WOLFSSL_NGINX)
static ngx_int_t
ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *pattern)
diff -ur nginx-1.10.3/src/event/ngx_event_openssl.h nginx-1.10.3-wolfssl/src/event/ngx_event_openssl.h
--- nginx-1.10.3/src/event/ngx_event_openssl.h 2017-02-01 01:01:11.000000000 +1000
+++ nginx-1.10.3-wolfssl/src/event/ngx_event_openssl.h 2017-04-13 15:37:15.307255249 +1000
@@ -142,6 +142,7 @@
ngx_int_t ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data);
ngx_int_t ngx_ssl_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl,
ngx_str_t *cert, ngx_str_t *key, ngx_array_t *passwords);
+ngx_int_t ngx_ssl_set_verify_on(ngx_conf_t *cf, ngx_ssl_t *ssl);
ngx_int_t ngx_ssl_client_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl,
ngx_str_t *cert, ngx_int_t depth);
ngx_int_t ngx_ssl_trusted_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl,
diff -ur nginx-1.10.3/src/event/ngx_event_openssl_stapling.c nginx-1.10.3-wolfssl/src/event/ngx_event_openssl_stapling.c
--- nginx-1.10.3/src/event/ngx_event_openssl_stapling.c 2017-02-01 01:01:11.000000000 +1000
+++ nginx-1.10.3-wolfssl/src/event/ngx_event_openssl_stapling.c 2017-04-13 15:37:15.307255249 +1000
@@ -285,7 +285,9 @@
for (i = 0; i < n; i++) {
issuer = sk_X509_value(chain, i);
if (X509_check_issued(issuer, cert) == X509_V_OK) {
-#if OPENSSL_VERSION_NUMBER >= 0x10100001L
+#ifdef WOLFSSL_NGINX
+ issuer = X509_dup(issuer);
+#elif OPENSSL_VERSION_NUMBER >= 0x10100001L
X509_up_ref(issuer);
#else
CRYPTO_add(&issuer->references, 1, CRYPTO_LOCK_X509);
diff -ur nginx-1.10.3/src/http/modules/ngx_http_proxy_module.c nginx-1.10.3-wolfssl/src/http/modules/ngx_http_proxy_module.c
--- nginx-1.10.3/src/http/modules/ngx_http_proxy_module.c 2017-02-01 01:01:11.000000000 +1000
+++ nginx-1.10.3-wolfssl/src/http/modules/ngx_http_proxy_module.c 2017-04-13 15:37:15.315255307 +1000
@@ -4340,6 +4340,8 @@
return NGX_ERROR;
}
+ ngx_ssl_set_verify_on(cf, plcf->upstream.ssl);
+
if (ngx_ssl_trusted_certificate(cf, plcf->upstream.ssl,
&plcf->ssl_trusted_certificate,
plcf->ssl_verify_depth)
diff -ur nginx-1.10.3/src/http/modules/ngx_http_ssl_module.c nginx-1.10.3-wolfssl/src/http/modules/ngx_http_ssl_module.c
--- nginx-1.10.3/src/http/modules/ngx_http_ssl_module.c 2017-02-01 01:01:11.000000000 +1000
+++ nginx-1.10.3-wolfssl/src/http/modules/ngx_http_ssl_module.c 2017-04-13 15:37:15.315255307 +1000
@@ -14,7 +14,11 @@
ngx_pool_t *pool, ngx_str_t *s);
+#ifndef WOLFSSL_NGINX
#define NGX_DEFAULT_CIPHERS "HIGH:!aNULL:!MD5"
+#else
+#define NGX_DEFAULT_CIPHERS "ALL"
+#endif
#define NGX_DEFAULT_ECDH_CURVE "prime256v1"
#define NGX_HTTP_NPN_ADVERTISE "\x08http/1.1"
diff -ur nginx-1.10.3/src/http/ngx_http_upstream.c nginx-1.10.3-wolfssl/src/http/ngx_http_upstream.c
--- nginx-1.10.3/src/http/ngx_http_upstream.c 2017-02-01 01:01:12.000000000 +1000
+++ nginx-1.10.3-wolfssl/src/http/ngx_http_upstream.c 2017-04-13 15:37:15.307255249 +1000
@@ -1683,7 +1683,12 @@
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
"upstream SSL server name: \"%s\"", name.data);
- if (SSL_set_tlsext_host_name(c->ssl->connection, name.data) == 0) {
+#ifdef WOLFSSL_NGINX
+ if (SSL_set_tlsext_host_name(c->ssl->connection, (char *)name.data) == 0)
+#else
+ if (SSL_set_tlsext_host_name(c->ssl->connection, name.data) == 0)
+#endif
+ {
ngx_ssl_error(NGX_LOG_ERR, r->connection->log, 0,
"SSL_set_tlsext_host_name(\"%s\") failed", name.data);
return NGX_ERROR;
diff -ur nginx-1.10.3/src/mail/ngx_mail_ssl_module.c nginx-1.10.3-wolfssl/src/mail/ngx_mail_ssl_module.c
--- nginx-1.10.3/src/mail/ngx_mail_ssl_module.c 2017-02-01 01:01:12.000000000 +1000
+++ nginx-1.10.3-wolfssl/src/mail/ngx_mail_ssl_module.c 2017-04-13 15:37:15.319255337 +1000
@@ -10,7 +10,11 @@
#include <ngx_mail.h>
+#ifndef WOLFSSL_NGINX
#define NGX_DEFAULT_CIPHERS "HIGH:!aNULL:!MD5"
+#else
+#define NGX_DEFAULT_CIPHERS "ALL"
+#endif
#define NGX_DEFAULT_ECDH_CURVE "prime256v1"
diff -ur nginx-1.10.3/src/stream/ngx_stream_proxy_module.c nginx-1.10.3-wolfssl/src/stream/ngx_stream_proxy_module.c
--- nginx-1.10.3/src/stream/ngx_stream_proxy_module.c 2017-02-01 01:01:12.000000000 +1000
+++ nginx-1.10.3-wolfssl/src/stream/ngx_stream_proxy_module.c 2017-04-13 15:37:15.323255367 +1000
@@ -879,8 +879,13 @@
ngx_log_debug1(NGX_LOG_DEBUG_STREAM, s->connection->log, 0,
"upstream SSL server name: \"%s\"", name.data);
+#ifdef WOLFSSL_NGINX
+ if (SSL_set_tlsext_host_name(u->peer.connection->ssl->connection,
+ (char *)name.data) == 0)
+#else
if (SSL_set_tlsext_host_name(u->peer.connection->ssl->connection, name.data)
== 0)
+#endif
{
ngx_ssl_error(NGX_LOG_ERR, s->connection->log, 0,
"SSL_set_tlsext_host_name(\"%s\") failed", name.data);
@@ -1578,6 +1583,8 @@
return NGX_ERROR;
}
+ ngx_ssl_set_verify_on(cf, plcf->ssl);
+
if (ngx_ssl_trusted_certificate(cf, pscf->ssl,
&pscf->ssl_trusted_certificate,
pscf->ssl_verify_depth)
diff -ur nginx-1.10.3/src/stream/ngx_stream_ssl_module.c nginx-1.10.3-wolfssl/src/stream/ngx_stream_ssl_module.c
--- nginx-1.10.3/src/stream/ngx_stream_ssl_module.c 2017-02-01 01:01:12.000000000 +1000
+++ nginx-1.10.3-wolfssl/src/stream/ngx_stream_ssl_module.c 2017-04-13 15:37:15.323255367 +1000
@@ -10,7 +10,11 @@
#include <ngx_stream.h>
+#ifndef WOLFSSL_NGINX
#define NGX_DEFAULT_CIPHERS "HIGH:!aNULL:!MD5"
+#else
+#define NGX_DEFAULT_CIPHERS "ALL"
+#endif
#define NGX_DEFAULT_ECDH_CURVE "prime256v1"

15
nginx-1.11.10-wolfssl-debug.patch 100644
View File

@ -0,0 +1,15 @@
diff -ur nginx-1.11.10-wolfssl/src/event/ngx_event_openssl.c nginx-1.11.10-wolfssl-debug/src/event/ngx_event_openssl.c
--- nginx-1.11.10-wolfssl/src/event/ngx_event_openssl.c 2017-04-13 14:53:51.151297965 +1000
+++ nginx-1.11.10-wolfssl-debug/src/event/ngx_event_openssl.c 2017-04-13 15:43:18.269591752 +1000
@@ -144,6 +144,11 @@
#endif
+#ifdef WOLFSSL_NGINX
+ /* Turn on internal wolfssl debugging to stdout */
+ wolfSSL_Debugging_ON();
+#endif
+
#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
#ifndef SSL_OP_NO_COMPRESSION
{

179
nginx-1.11.10-wolfssl.patch 100644
View File

@ -0,0 +1,179 @@
diff -ur nginx-1.11.10/auto/lib/openssl/conf nginx-1.11.10-wolfssl/auto/lib/openssl/conf
--- nginx-1.11.10/auto/lib/openssl/conf 2017-02-15 01:36:04.000000000 +1000
+++ nginx-1.11.10-wolfssl/auto/lib/openssl/conf 2017-03-03 12:12:59.991555289 +1000
@@ -61,8 +61,33 @@
ngx_feature_path=
ngx_feature_libs="-lssl -lcrypto $NGX_LIBDL"
ngx_feature_test="SSL_CTX_set_options(NULL, 0)"
+
+ if [ $WOLFSSL != NONE ]; then
+ ngx_feature="wolfSSL library in $WOLFSSL"
+ ngx_feature_path="$WOLFSSL/include/wolfssl"
+
+ if [ $NGX_RPATH = YES ]; then
+ ngx_feature_libs="-R$WOLFSSL/lib -L$WOLFSSL/lib -lwolfssl $NGX_LIBDL"
+ else
+ ngx_feature_libs="-L$WOLFSSL/lib -lwolfssl $NGX_LIBDL"
+ fi
+
+ CORE_INCS="$CORE_INCS $WOLFSSL/include/wolfssl"
+ CFLAGS="$CFLAGS -DWOLFSSL_NGINX"
+ fi
+
. auto/feature
+ if [ $WOLFSSL != NONE -a $ngx_found = no ]; then
+cat << END
+
+$0: error: Could not find wolfSSL at $WOLFSSL/include/wolfssl.
+SSL modules require the wolfSSL library.
+
+END
+ exit 1
+ fi
+
if [ $ngx_found = no ]; then
# FreeBSD port
diff -ur nginx-1.11.10/auto/options nginx-1.11.10-wolfssl/auto/options
--- nginx-1.11.10/auto/options 2017-02-15 01:36:04.000000000 +1000
+++ nginx-1.11.10-wolfssl/auto/options 2017-03-03 12:12:59.991555289 +1000
@@ -141,6 +141,7 @@
PCRE_CONF_OPT=
PCRE_JIT=NO
+WOLFSSL=NONE
USE_OPENSSL=NO
OPENSSL=NONE
@@ -345,6 +346,7 @@
--with-pcre-opt=*) PCRE_OPT="$value" ;;
--with-pcre-jit) PCRE_JIT=YES ;;
+ --with-wolfssl=*) WOLFSSL="$value" ;;
--with-openssl=*) OPENSSL="$value" ;;
--with-openssl-opt=*) OPENSSL_OPT="$value" ;;
diff -ur nginx-1.11.10/src/event/ngx_event_openssl.c nginx-1.11.10-wolfssl/src/event/ngx_event_openssl.c
--- nginx-1.11.10/src/event/ngx_event_openssl.c 2017-02-15 01:36:05.000000000 +1000
+++ nginx-1.11.10-wolfssl/src/event/ngx_event_openssl.c 2017-04-13 14:53:51.151297965 +1000
@@ -340,6 +340,10 @@
SSL_CTX_set_info_callback(ssl->ctx, ngx_ssl_info_callback);
+#ifdef WOLFSSL_NGINX
+ SSL_CTX_set_verify(ssl->ctx, SSL_VERIFY_NONE, NULL);
+#endif
+
return NGX_OK;
}
@@ -648,6 +652,14 @@
ngx_int_t
+ngx_ssl_set_verify_on(ngx_conf_t *cf, ngx_ssl_t *ssl)
+{
+ SSL_CTX_set_verify(ssl->ctx, SSL_VERIFY_PEER, ngx_ssl_verify_callback);
+
+ return NGX_OK;
+}
+
+ngx_int_t
ngx_ssl_client_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert,
ngx_int_t depth)
{
diff -ur nginx-1.11.10/src/event/ngx_event_openssl.h nginx-1.11.10-wolfssl/src/event/ngx_event_openssl.h
--- nginx-1.11.10/src/event/ngx_event_openssl.h 2017-02-15 01:36:05.000000000 +1000
+++ nginx-1.11.10-wolfssl/src/event/ngx_event_openssl.h 2017-04-13 14:54:11.115369454 +1000
@@ -147,6 +147,7 @@
ngx_str_t *cert, ngx_str_t *key, ngx_array_t *passwords);
ngx_int_t ngx_ssl_ciphers(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *ciphers,
ngx_uint_t prefer_server_ciphers);
+ngx_int_t ngx_ssl_set_verify_on(ngx_conf_t *cf, ngx_ssl_t *ssl);
ngx_int_t ngx_ssl_client_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl,
ngx_str_t *cert, ngx_int_t depth);
ngx_int_t ngx_ssl_trusted_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl,
diff -ur nginx-1.11.10/src/event/ngx_event_openssl_stapling.c nginx-1.11.10-wolfssl/src/event/ngx_event_openssl_stapling.c
--- nginx-1.11.10/src/event/ngx_event_openssl_stapling.c 2017-02-15 01:36:05.000000000 +1000
+++ nginx-1.11.10-wolfssl/src/event/ngx_event_openssl_stapling.c 2017-03-03 12:12:59.991555289 +1000
@@ -313,7 +313,9 @@
for (i = 0; i < n; i++) {
issuer = sk_X509_value(chain, i);
if (X509_check_issued(issuer, cert) == X509_V_OK) {
-#if OPENSSL_VERSION_NUMBER >= 0x10100001L
+#ifdef WOLFSSL_NGINX
+ issuer = X509_dup(issuer);
+#elif OPENSSL_VERSION_NUMBER >= 0x10100001L
X509_up_ref(issuer);
#else
CRYPTO_add(&issuer->references, 1, CRYPTO_LOCK_X509);
diff -ur nginx-1.11.10/src/http/modules/ngx_http_proxy_module.c nginx-1.11.10-wolfssl/src/http/modules/ngx_http_proxy_module.c
--- nginx-1.11.10/src/http/modules/ngx_http_proxy_module.c 2017-02-15 01:36:05.000000000 +1000
+++ nginx-1.11.10-wolfssl/src/http/modules/ngx_http_proxy_module.c 2017-04-13 14:54:56.619532795 +1000
@@ -4370,6 +4370,8 @@
return NGX_ERROR;
}
+ ngx_ssl_set_verify_on(cf, plcf->upstream.ssl);
+
if (ngx_ssl_trusted_certificate(cf, plcf->upstream.ssl,
&plcf->ssl_trusted_certificate,
plcf->ssl_verify_depth)
diff -ur nginx-1.11.10/src/http/modules/ngx_http_ssl_module.c nginx-1.11.10-wolfssl/src/http/modules/ngx_http_ssl_module.c
--- nginx-1.11.10/src/http/modules/ngx_http_ssl_module.c 2017-02-15 01:36:05.000000000 +1000
+++ nginx-1.11.10-wolfssl/src/http/modules/ngx_http_ssl_module.c 2017-03-03 12:12:59.991555289 +1000
@@ -14,7 +14,11 @@
ngx_pool_t *pool, ngx_str_t *s);
+#ifndef WOLFSSL_NGINX
#define NGX_DEFAULT_CIPHERS "HIGH:!aNULL:!MD5"
+#else
+#define NGX_DEFAULT_CIPHERS "ALL"
+#endif
#define NGX_DEFAULT_ECDH_CURVE "auto"
#define NGX_HTTP_NPN_ADVERTISE "\x08http/1.1"
diff -ur nginx-1.11.10/src/mail/ngx_mail_ssl_module.c nginx-1.11.10-wolfssl/src/mail/ngx_mail_ssl_module.c
--- nginx-1.11.10/src/mail/ngx_mail_ssl_module.c 2017-02-15 01:36:05.000000000 +1000
+++ nginx-1.11.10-wolfssl/src/mail/ngx_mail_ssl_module.c 2017-03-03 12:12:59.991555289 +1000
@@ -10,7 +10,11 @@
#include <ngx_mail.h>
+#ifndef WOLFSSL_NGINX
#define NGX_DEFAULT_CIPHERS "HIGH:!aNULL:!MD5"
+#else
+#define NGX_DEFAULT_CIPHERS "ALL"
+#endif
#define NGX_DEFAULT_ECDH_CURVE "auto"
diff -ur nginx-1.11.10/src/stream/ngx_stream_proxy_module.c nginx-1.11.10-wolfssl/src/stream/ngx_stream_proxy_module.c
--- nginx-1.11.10/src/stream/ngx_stream_proxy_module.c 2017-02-15 01:36:06.000000000 +1000
+++ nginx-1.11.10-wolfssl/src/stream/ngx_stream_proxy_module.c 2017-04-13 14:56:13.979811627 +1000
@@ -2001,6 +2001,8 @@
return NGX_ERROR;
}
+ ngx_ssl_set_verify_on(cf, plcf->ssl);
+
if (ngx_ssl_trusted_certificate(cf, pscf->ssl,
&pscf->ssl_trusted_certificate,
pscf->ssl_verify_depth)
diff -ur nginx-1.11.10/src/stream/ngx_stream_ssl_module.c nginx-1.11.10-wolfssl/src/stream/ngx_stream_ssl_module.c
--- nginx-1.11.10/src/stream/ngx_stream_ssl_module.c 2017-02-15 01:36:06.000000000 +1000
+++ nginx-1.11.10-wolfssl/src/stream/ngx_stream_ssl_module.c 2017-03-03 12:12:59.991555289 +1000
@@ -14,7 +14,11 @@
ngx_pool_t *pool, ngx_str_t *s);
+#ifndef WOLFSSL_NGINX
#define NGX_DEFAULT_CIPHERS "HIGH:!aNULL:!MD5"
+#else
+#define NGX_DEFAULT_CIPHERS "ALL"
+#endif
#define NGX_DEFAULT_ECDH_CURVE "auto"

15
nginx-1.11.13-wolfssl-debug.patch 100644
View File

@ -0,0 +1,15 @@
diff -ur nginx-1.11.13-wolfssl/src/event/ngx_event_openssl.c nginx-1.11.13-wolfssl-debug/src/event/ngx_event_openssl.c
--- nginx-1.11.13-wolfssl/src/event/ngx_event_openssl.c 2017-04-13 15:07:53.569430271 +1000
+++ nginx-1.11.13-wolfssl-debug/src/event/ngx_event_openssl.c 2017-04-13 15:43:20.801606211 +1000
@@ -144,6 +144,11 @@
#endif
+#ifdef WOLFSSL_NGINX
+ /* Turn on internal wolfssl debugging to stdout */
+ wolfSSL_Debugging_ON();
+#endif
+
#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
#ifndef SSL_OP_NO_COMPRESSION
{

187
nginx-1.11.13-wolfssl.patch 100644
View File

@ -0,0 +1,187 @@
diff -ur nginx-1.11.13/auto/lib/openssl/conf nginx-1.11.13-wolfssl/auto/lib/openssl/conf
--- nginx-1.11.13/auto/lib/openssl/conf 2017-04-05 01:01:57.000000000 +1000
+++ nginx-1.11.13-wolfssl/auto/lib/openssl/conf 2017-04-13 09:30:40.072107746 +1000
@@ -61,8 +61,33 @@
ngx_feature_path=
ngx_feature_libs="-lssl -lcrypto $NGX_LIBDL"
ngx_feature_test="SSL_CTX_set_options(NULL, 0)"
+
+ if [ $WOLFSSL != NONE ]; then
+ ngx_feature="wolfSSL library in $WOLFSSL"
+ ngx_feature_path="$WOLFSSL/include/wolfssl"
+
+ if [ $NGX_RPATH = YES ]; then
+ ngx_feature_libs="-R$WOLFSSL/lib -L$WOLFSSL/lib -lwolfssl $NGX_LIBDL"
+ else
+ ngx_feature_libs="-L$WOLFSSL/lib -lwolfssl $NGX_LIBDL"
+ fi
+
+ CORE_INCS="$CORE_INCS $WOLFSSL/include/wolfssl"
+ CFLAGS="$CFLAGS -DWOLFSSL_NGINX"
+ fi
+
. auto/feature
+ if [ $WOLFSSL != NONE -a $ngx_found = no ]; then
+cat << END
+
+$0: error: Could not find wolfSSL at $WOLFSSL/include/wolfssl.
+SSL modules require the wolfSSL library.
+
+END
+ exit 1
+ fi
+
if [ $ngx_found = no ]; then
# FreeBSD port
diff -ur nginx-1.11.13/auto/options nginx-1.11.13-wolfssl/auto/options
--- nginx-1.11.13/auto/options 2017-04-05 01:01:57.000000000 +1000
+++ nginx-1.11.13-wolfssl/auto/options 2017-04-13 09:32:55.964864689 +1000
@@ -143,6 +143,7 @@
USE_OPENSSL=NO
OPENSSL=NONE
+WOLFSSL=NONE
USE_ZLIB=NO
ZLIB=NONE
@@ -345,6 +346,7 @@
--with-pcre-opt=*) PCRE_OPT="$value" ;;
--with-pcre-jit) PCRE_JIT=YES ;;
+ --with-wolfssl=*) WOLFSSL="$value" ;;
--with-openssl=*) OPENSSL="$value" ;;
--with-openssl-opt=*) OPENSSL_OPT="$value" ;;
@@ -563,6 +565,7 @@
--with-libatomic force libatomic_ops library usage
--with-libatomic=DIR set path to libatomic_ops library sources
+ --with-wolfssl=DIR set path to wolfSSL headers and library
--with-openssl=DIR set path to OpenSSL library sources
--with-openssl-opt=OPTIONS set additional build options for OpenSSL
diff -ur nginx-1.11.13/src/event/ngx_event_openssl.c nginx-1.11.13-wolfssl/src/event/ngx_event_openssl.c
--- nginx-1.11.13/src/event/ngx_event_openssl.c 2017-04-05 01:01:57.000000000 +1000
+++ nginx-1.11.13-wolfssl/src/event/ngx_event_openssl.c 2017-04-13 15:07:53.569430271 +1000
@@ -340,6 +340,10 @@
SSL_CTX_set_info_callback(ssl->ctx, ngx_ssl_info_callback);
+#ifdef WOLFSSL_NGINX
+ SSL_CTX_set_verify(ssl->ctx, SSL_VERIFY_NONE, NULL);
+#endif
+
return NGX_OK;
}
@@ -648,6 +652,14 @@
ngx_int_t
+ngx_ssl_set_verify_on(ngx_conf_t *cf, ngx_ssl_t *ssl)
+{
+ SSL_CTX_set_verify(ssl->ctx, SSL_VERIFY_PEER, ngx_ssl_verify_callback);
+
+ return NGX_OK;
+}
+
+ngx_int_t
ngx_ssl_client_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert,
ngx_int_t depth)
{
diff -ur nginx-1.11.13/src/event/ngx_event_openssl.h nginx-1.11.13-wolfssl/src/event/ngx_event_openssl.h
--- nginx-1.11.13/src/event/ngx_event_openssl.h 2017-04-05 01:01:57.000000000 +1000
+++ nginx-1.11.13-wolfssl/src/event/ngx_event_openssl.h 2017-04-13 15:08:11.385467468 +1000
@@ -147,6 +147,7 @@
ngx_str_t *cert, ngx_str_t *key, ngx_array_t *passwords);
ngx_int_t ngx_ssl_ciphers(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *ciphers,
ngx_uint_t prefer_server_ciphers);
+ngx_int_t ngx_ssl_set_verify_on(ngx_conf_t *cf, ngx_ssl_t *ssl);
ngx_int_t ngx_ssl_client_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl,
ngx_str_t *cert, ngx_int_t depth);
ngx_int_t ngx_ssl_trusted_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl,
diff -ur nginx-1.11.13/src/event/ngx_event_openssl_stapling.c nginx-1.11.13-wolfssl/src/event/ngx_event_openssl_stapling.c
--- nginx-1.11.13/src/event/ngx_event_openssl_stapling.c 2017-04-05 01:01:57.000000000 +1000
+++ nginx-1.11.13-wolfssl/src/event/ngx_event_openssl_stapling.c 2017-04-13 09:34:30.857357204 +1000
@@ -313,7 +313,9 @@
for (i = 0; i < n; i++) {
issuer = sk_X509_value(chain, i);
if (X509_check_issued(issuer, cert) == X509_V_OK) {
-#if OPENSSL_VERSION_NUMBER >= 0x10100001L
+#ifdef WOLFSSL_NGINX
+ issuer = X509_dup(issuer);
+#elif OPENSSL_VERSION_NUMBER >= 0x10100001L
X509_up_ref(issuer);
#else
CRYPTO_add(&issuer->references, 1, CRYPTO_LOCK_X509);
diff -ur nginx-1.11.13/src/http/modules/ngx_http_proxy_module.c nginx-1.11.13-wolfssl/src/http/modules/ngx_http_proxy_module.c
--- nginx-1.11.13/src/http/modules/ngx_http_proxy_module.c 2017-04-05 01:01:58.000000000 +1000
+++ nginx-1.11.13-wolfssl/src/http/modules/ngx_http_proxy_module.c 2017-04-13 15:08:43.989537529 +1000
@@ -4371,6 +4371,8 @@
return NGX_ERROR;
}
+ ngx_ssl_set_verify_on(cf, plcf->upstream.ssl);
+
if (ngx_ssl_trusted_certificate(cf, plcf->upstream.ssl,
&plcf->ssl_trusted_certificate,
plcf->ssl_verify_depth)
diff -ur nginx-1.11.13/src/http/modules/ngx_http_ssl_module.c nginx-1.11.13-wolfssl/src/http/modules/ngx_http_ssl_module.c
--- nginx-1.11.13/src/http/modules/ngx_http_ssl_module.c 2017-04-05 01:01:58.000000000 +1000
+++ nginx-1.11.13-wolfssl/src/http/modules/ngx_http_ssl_module.c 2017-04-13 09:35:07.345539975 +1000
@@ -14,7 +14,11 @@
ngx_pool_t *pool, ngx_str_t *s);
+#ifndef WOLFSSL_NGINX
#define NGX_DEFAULT_CIPHERS "HIGH:!aNULL:!MD5"
+#else
+#define NGX_DEFAULT_CIPHERS "ALL"
+#endif
#define NGX_DEFAULT_ECDH_CURVE "auto"
#define NGX_HTTP_NPN_ADVERTISE "\x08http/1.1"
diff -ur nginx-1.11.13/src/mail/ngx_mail_ssl_module.c nginx-1.11.13-wolfssl/src/mail/ngx_mail_ssl_module.c
--- nginx-1.11.13/src/mail/ngx_mail_ssl_module.c 2017-04-05 01:01:58.000000000 +1000
+++ nginx-1.11.13-wolfssl/src/mail/ngx_mail_ssl_module.c 2017-04-13 09:35:28.825646018 +1000
@@ -10,7 +10,11 @@
#include <ngx_mail.h>
+#ifndef WOLFSSL_NGINX
#define NGX_DEFAULT_CIPHERS "HIGH:!aNULL:!MD5"
+#else
+#define NGX_DEFAULT_CIPHERS "ALL"
+#endif
#define NGX_DEFAULT_ECDH_CURVE "auto"
diff -ur nginx-1.11.13/src/stream/ngx_stream_proxy_module.c nginx-1.11.13-wolfssl/src/stream/ngx_stream_proxy_module.c
--- nginx-1.11.13/src/stream/ngx_stream_proxy_module.c 2017-04-05 01:01:58.000000000 +1000
+++ nginx-1.11.13-wolfssl/src/stream/ngx_stream_proxy_module.c 2017-04-13 15:09:06.433587186 +1000
@@ -2001,6 +2001,8 @@
return NGX_ERROR;
}
+ ngx_ssl_set_verify_on(cf, plcf->ssl);
+
if (ngx_ssl_trusted_certificate(cf, pscf->ssl,
&pscf->ssl_trusted_certificate,
pscf->ssl_verify_depth)
diff -ur nginx-1.11.13/src/stream/ngx_stream_ssl_module.c nginx-1.11.13-wolfssl/src/stream/ngx_stream_ssl_module.c
--- nginx-1.11.13/src/stream/ngx_stream_ssl_module.c 2017-04-05 01:01:58.000000000 +1000
+++ nginx-1.11.13-wolfssl/src/stream/ngx_stream_ssl_module.c 2017-04-13 09:35:48.089740189 +1000
@@ -14,7 +14,11 @@
ngx_pool_t *pool, ngx_str_t *s);
+#ifndef WOLFSSL_NGINX
#define NGX_DEFAULT_CIPHERS "HIGH:!aNULL:!MD5"
+#else
+#define NGX_DEFAULT_CIPHERS "ALL"
+#endif
#define NGX_DEFAULT_ECDH_CURVE "auto"

15
nginx-1.11.7-wolfssl-debug.patch 100644
View File

@ -0,0 +1,15 @@
diff -ur nginx-1.11.7-wolfssl/src/event/ngx_event_openssl.c nginx-1.11.7-wolfssl-debug/src/event/ngx_event_openssl.c
--- nginx-1.11.7-wolfssl/src/event/ngx_event_openssl.c 2017-04-13 14:47:08.313886491 +1000
+++ nginx-1.11.7-wolfssl-debug/src/event/ngx_event_openssl.c 2017-04-13 15:43:23.309620512 +1000
@@ -134,6 +134,11 @@
#endif
+#ifdef WOLFSSL_NGINX
+ /* Turn on internal wolfssl debugging to stdout */
+ wolfSSL_Debugging_ON();
+#endif
+
#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
#ifndef SSL_OP_NO_COMPRESSION
{

179
nginx-1.11.7-wolfssl.patch 100644
View File

@ -0,0 +1,179 @@
diff -ur nginx-1.11.7/auto/lib/openssl/conf nginx-1.11.7-wolfssl/auto/lib/openssl/conf
--- nginx-1.11.7/auto/lib/openssl/conf 2016-12-14 01:21:24.000000000 +1000
+++ nginx-1.11.7-wolfssl/auto/lib/openssl/conf 2017-01-17 16:09:53.864946344 +1000
@@ -53,8 +53,33 @@
ngx_feature_path=
ngx_feature_libs="-lssl -lcrypto $NGX_LIBDL"
ngx_feature_test="SSL_CTX_set_options(NULL, 0)"
+
+ if [ $WOLFSSL != NONE ]; then
+ ngx_feature="wolfSSL library in $WOLFSSL"
+ ngx_feature_path="$WOLFSSL/include/wolfssl"
+
+ if [ $NGX_RPATH = YES ]; then
+ ngx_feature_libs="-R$WOLFSSL/lib -L$WOLFSSL/lib -lwolfssl $NGX_LIBDL"
+ else
+ ngx_feature_libs="-L$WOLFSSL/lib -lwolfssl $NGX_LIBDL"
+ fi
+
+ CORE_INCS="$CORE_INCS $WOLFSSL/include/wolfssl"
+ CFLAGS="$CFLAGS -DWOLFSSL_NGINX"
+ fi
+
. auto/feature
+ if [ $WOLFSSL != NONE -a $ngx_found = no ]; then
+cat << END
+
+$0: error: Could not find wolfSSL at $WOLFSSL/include/wolfssl.
+SSL modules require the wolfSSL library.
+
+END
+ exit 1
+ fi
+
if [ $ngx_found = no ]; then
# FreeBSD port
diff -ur nginx-1.11.7/auto/options nginx-1.11.7-wolfssl/auto/options
--- nginx-1.11.7/auto/options 2016-12-14 01:21:24.000000000 +1000
+++ nginx-1.11.7-wolfssl/auto/options 2017-01-17 16:09:53.864946344 +1000
@@ -141,6 +141,7 @@
PCRE_CONF_OPT=
PCRE_JIT=NO
+WOLFSSL=NONE
USE_OPENSSL=NO
OPENSSL=NONE
@@ -345,6 +346,7 @@
--with-pcre-opt=*) PCRE_OPT="$value" ;;
--with-pcre-jit) PCRE_JIT=YES ;;
+ --with-wolfssl=*) WOLFSSL="$value" ;;
--with-openssl=*) OPENSSL="$value" ;;
--with-openssl-opt=*) OPENSSL_OPT="$value" ;;
diff -ur nginx-1.11.7/src/event/ngx_event_openssl.c nginx-1.11.7-wolfssl/src/event/ngx_event_openssl.c
--- nginx-1.11.7/src/event/ngx_event_openssl.c 2016-12-14 01:21:24.000000000 +1000
+++ nginx-1.11.7-wolfssl/src/event/ngx_event_openssl.c 2017-04-13 14:47:08.313886491 +1000
@@ -330,6 +330,10 @@
SSL_CTX_set_info_callback(ssl->ctx, ngx_ssl_info_callback);
+#ifdef WOLFSSL_NGINX
+ SSL_CTX_set_verify(ssl->ctx, SSL_VERIFY_NONE, NULL);
+#endif
+
return NGX_OK;
}
@@ -638,6 +642,14 @@
ngx_int_t
+ngx_ssl_set_verify_on(ngx_conf_t *cf, ngx_ssl_t *ssl)
+{
+ SSL_CTX_set_verify(ssl->ctx, SSL_VERIFY_PEER, ngx_ssl_verify_callback);
+
+ return NGX_OK;
+}
+
+ngx_int_t
ngx_ssl_client_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert,
ngx_int_t depth)
{
diff -ur nginx-1.11.7/src/event/ngx_event_openssl.h nginx-1.11.7-wolfssl/src/event/ngx_event_openssl.h
--- nginx-1.11.7/src/event/ngx_event_openssl.h 2016-12-14 01:21:24.000000000 +1000
+++ nginx-1.11.7-wolfssl/src/event/ngx_event_openssl.h 2017-04-13 14:49:57.150469616 +1000
@@ -146,6 +146,7 @@
ngx_str_t *cert, ngx_str_t *key, ngx_array_t *passwords);
ngx_int_t ngx_ssl_ciphers(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *ciphers,
ngx_uint_t prefer_server_ciphers);
+ngx_int_t ngx_ssl_set_verify_on(ngx_conf_t *cf, ngx_ssl_t *ssl);
ngx_int_t ngx_ssl_client_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl,
ngx_str_t *cert, ngx_int_t depth);
ngx_int_t ngx_ssl_trusted_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl,
diff -ur nginx-1.11.7/src/event/ngx_event_openssl_stapling.c nginx-1.11.7-wolfssl/src/event/ngx_event_openssl_stapling.c
--- nginx-1.11.7/src/event/ngx_event_openssl_stapling.c 2016-12-14 01:21:24.000000000 +1000
+++ nginx-1.11.7-wolfssl/src/event/ngx_event_openssl_stapling.c 2017-01-17 16:09:53.864946344 +1000
@@ -313,7 +313,9 @@
for (i = 0; i < n; i++) {
issuer = sk_X509_value(chain, i);
if (X509_check_issued(issuer, cert) == X509_V_OK) {
-#if OPENSSL_VERSION_NUMBER >= 0x10100001L
+#ifdef WOLFSSL_NGINX
+ issuer = X509_dup(issuer);
+#elif OPENSSL_VERSION_NUMBER >= 0x10100001L
X509_up_ref(issuer);
#else
CRYPTO_add(&issuer->references, 1, CRYPTO_LOCK_X509);
diff -ur nginx-1.11.7/src/http/modules/ngx_http_proxy_module.c nginx-1.11.7-wolfssl/src/http/modules/ngx_http_proxy_module.c
--- nginx-1.11.7/src/http/modules/ngx_http_proxy_module.c 2016-12-14 01:21:24.000000000 +1000
+++ nginx-1.11.7-wolfssl/src/http/modules/ngx_http_proxy_module.c 2017-04-13 14:48:59.546269024 +1000
@@ -4359,6 +4359,8 @@
return NGX_ERROR;
}
+ ngx_ssl_set_verify_on(cf, plcf->upstream.ssl);
+
if (ngx_ssl_trusted_certificate(cf, plcf->upstream.ssl,
&plcf->ssl_trusted_certificate,
plcf->ssl_verify_depth)
diff -ur nginx-1.11.7/src/http/modules/ngx_http_ssl_module.c nginx-1.11.7-wolfssl/src/http/modules/ngx_http_ssl_module.c
--- nginx-1.11.7/src/http/modules/ngx_http_ssl_module.c 2016-12-14 01:21:24.000000000 +1000
+++ nginx-1.11.7-wolfssl/src/http/modules/ngx_http_ssl_module.c 2017-01-17 16:09:53.864946344 +1000
@@ -14,7 +14,11 @@
ngx_pool_t *pool, ngx_str_t *s);
+#ifndef WOLFSSL_NGINX
#define NGX_DEFAULT_CIPHERS "HIGH:!aNULL:!MD5"
+#else
+#define NGX_DEFAULT_CIPHERS "ALL"
+#endif
#define NGX_DEFAULT_ECDH_CURVE "auto"
#define NGX_HTTP_NPN_ADVERTISE "\x08http/1.1"
diff -ur nginx-1.11.7/src/mail/ngx_mail_ssl_module.c nginx-1.11.7-wolfssl/src/mail/ngx_mail_ssl_module.c
--- nginx-1.11.7/src/mail/ngx_mail_ssl_module.c 2016-12-14 01:21:25.000000000 +1000
+++ nginx-1.11.7-wolfssl/src/mail/ngx_mail_ssl_module.c 2017-01-17 16:09:53.864946344 +1000
@@ -10,7 +10,11 @@
#include <ngx_mail.h>
+#ifndef WOLFSSL_NGINX
#define NGX_DEFAULT_CIPHERS "HIGH:!aNULL:!MD5"
+#else
+#define NGX_DEFAULT_CIPHERS "ALL"
+#endif
#define NGX_DEFAULT_ECDH_CURVE "auto"
diff -ur nginx-1.11.7/src/stream/ngx_stream_proxy_module.c nginx-1.11.7-wolfssl/src/stream/ngx_stream_proxy_module.c
--- nginx-1.11.7/src/stream/ngx_stream_proxy_module.c 2016-12-14 01:21:25.000000000 +1000
+++ nginx-1.11.7-wolfssl/src/stream/ngx_stream_proxy_module.c 2017-04-13 14:51:24.850777768 +1000
@@ -1995,6 +1995,8 @@
return NGX_ERROR;
}
+ ngx_ssl_set_verify_on(cf, plcf->ssl);
+
if (ngx_ssl_trusted_certificate(cf, pscf->ssl,
&pscf->ssl_trusted_certificate,
pscf->ssl_verify_depth)
diff -ur nginx-1.11.7/src/stream/ngx_stream_ssl_module.c nginx-1.11.7-wolfssl/src/stream/ngx_stream_ssl_module.c
--- nginx-1.11.7/src/stream/ngx_stream_ssl_module.c 2016-12-14 01:21:25.000000000 +1000
+++ nginx-1.11.7-wolfssl/src/stream/ngx_stream_ssl_module.c 2017-01-17 16:09:53.864946344 +1000
@@ -14,7 +14,11 @@
ngx_pool_t *pool, ngx_str_t *s);
+#ifndef WOLFSSL_NGINX
#define NGX_DEFAULT_CIPHERS "HIGH:!aNULL:!MD5"
+#else
+#define NGX_DEFAULT_CIPHERS "ALL"
+#endif
#define NGX_DEFAULT_ECDH_CURVE "auto"

15
nginx-1.12.0-wolfssl-debug.patch 100644
View File

@ -0,0 +1,15 @@
diff -ur nginx-1.12.0-wolfssl/src/event/ngx_event_openssl.c nginx-1.12.0-wolfssl-debug/src/event/ngx_event_openssl.c
--- nginx-1.12.0-wolfssl/src/event/ngx_event_openssl.c 2017-04-13 15:05:43.741185370 +1000
+++ nginx-1.12.0-wolfssl-debug/src/event/ngx_event_openssl.c 2017-04-13 15:43:26.645639503 +1000
@@ -144,6 +144,11 @@
#endif
+#ifdef WOLFSSL_NGINX
+ /* Turn on internal wolfssl debugging to stdout */
+ wolfSSL_Debugging_ON();
+#endif
+
#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
#ifndef SSL_OP_NO_COMPRESSION
{

187
nginx-1.12.0-wolfssl.patch 100644
View File

@ -0,0 +1,187 @@
diff -ur nginx-1.12.0/auto/lib/openssl/conf nginx-1.12.0-wolfssl/auto/lib/openssl/conf
--- nginx-1.12.0/auto/lib/openssl/conf 2017-04-13 00:46:01.000000000 +1000
+++ nginx-1.12.0-wolfssl/auto/lib/openssl/conf 2017-04-13 09:53:49.670278950 +1000
@@ -61,8 +61,33 @@
ngx_feature_path=
ngx_feature_libs="-lssl -lcrypto $NGX_LIBDL"
ngx_feature_test="SSL_CTX_set_options(NULL, 0)"
+
+ if [ $WOLFSSL != NONE ]; then
+ ngx_feature="wolfSSL library in $WOLFSSL"
+ ngx_feature_path="$WOLFSSL/include/wolfssl"
+
+ if [ $NGX_RPATH = YES ]; then
+ ngx_feature_libs="-R$WOLFSSL/lib -L$WOLFSSL/lib -lwolfssl $NGX_LIBDL"
+ else
+ ngx_feature_libs="-L$WOLFSSL/lib -lwolfssl $NGX_LIBDL"
+ fi
+
+ CORE_INCS="$CORE_INCS $WOLFSSL/include/wolfssl"
+ CFLAGS="$CFLAGS -DWOLFSSL_NGINX"
+ fi
+
. auto/feature
+ if [ $WOLFSSL != NONE -a $ngx_found = no ]; then
+cat << END
+
+$0: error: Could not find wolfSSL at $WOLFSSL/include/wolfssl.
+SSL modules require the wolfSSL library.
+
+END
+ exit 1
+ fi
+
if [ $ngx_found = no ]; then
# FreeBSD port
diff -ur nginx-1.12.0/auto/options nginx-1.12.0-wolfssl/auto/options
--- nginx-1.12.0/auto/options 2017-04-13 00:46:01.000000000 +1000
+++ nginx-1.12.0-wolfssl/auto/options 2017-04-13 09:52:52.646047189 +1000
@@ -143,6 +143,7 @@
USE_OPENSSL=NO
OPENSSL=NONE
+WOLFSSL=NONE
USE_ZLIB=NO
ZLIB=NONE
@@ -345,6 +346,7 @@
--with-pcre-opt=*) PCRE_OPT="$value" ;;
--with-pcre-jit) PCRE_JIT=YES ;;
+ --with-wolfssl=*) WOLFSSL="$value" ;;
--with-openssl=*) OPENSSL="$value" ;;
--with-openssl-opt=*) OPENSSL_OPT="$value" ;;
@@ -563,6 +565,7 @@
--with-libatomic force libatomic_ops library usage
--with-libatomic=DIR set path to libatomic_ops library sources
+ --with-wolfssl=DIR set path to wolfSSL headers and library
--with-openssl=DIR set path to OpenSSL library sources
--with-openssl-opt=OPTIONS set additional build options for OpenSSL
diff -ur nginx-1.12.0/src/event/ngx_event_openssl.c nginx-1.12.0-wolfssl/src/event/ngx_event_openssl.c
--- nginx-1.12.0/src/event/ngx_event_openssl.c 2017-04-13 00:46:01.000000000 +1000
+++ nginx-1.12.0-wolfssl/src/event/ngx_event_openssl.c 2017-04-13 15:05:43.741185370 +1000
@@ -340,6 +340,10 @@
SSL_CTX_set_info_callback(ssl->ctx, ngx_ssl_info_callback);
+#ifdef WOLFSSL_NGINX
+ SSL_CTX_set_verify(ssl->ctx, SSL_VERIFY_NONE, NULL);
+#endif
+
return NGX_OK;
}
@@ -648,6 +652,14 @@
ngx_int_t
+ngx_ssl_set_verify_on(ngx_conf_t *cf, ngx_ssl_t *ssl)
+{
+ SSL_CTX_set_verify(ssl->ctx, SSL_VERIFY_PEER, ngx_ssl_verify_callback);
+
+ return NGX_OK;
+}
+
+ngx_int_t
ngx_ssl_client_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert,
ngx_int_t depth)
{
diff -ur nginx-1.12.0/src/event/ngx_event_openssl.h nginx-1.12.0-wolfssl/src/event/ngx_event_openssl.h
--- nginx-1.12.0/src/event/ngx_event_openssl.h 2017-04-13 00:46:01.000000000 +1000
+++ nginx-1.12.0-wolfssl/src/event/ngx_event_openssl.h 2017-04-13 15:06:02.777218149 +1000
@@ -147,6 +147,7 @@
ngx_str_t *cert, ngx_str_t *key, ngx_array_t *passwords);
ngx_int_t ngx_ssl_ciphers(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *ciphers,
ngx_uint_t prefer_server_ciphers);
+ngx_int_t ngx_ssl_set_verify_on(ngx_conf_t *cf, ngx_ssl_t *ssl);
ngx_int_t ngx_ssl_client_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl,
ngx_str_t *cert, ngx_int_t depth);
ngx_int_t ngx_ssl_trusted_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl,
diff -ur nginx-1.12.0/src/event/ngx_event_openssl_stapling.c nginx-1.12.0-wolfssl/src/event/ngx_event_openssl_stapling.c
--- nginx-1.12.0/src/event/ngx_event_openssl_stapling.c 2017-04-13 00:46:01.000000000 +1000
+++ nginx-1.12.0-wolfssl/src/event/ngx_event_openssl_stapling.c 2017-04-13 09:54:56.830970748 +1000
@@ -313,7 +313,9 @@
for (i = 0; i < n; i++) {
issuer = sk_X509_value(chain, i);
if (X509_check_issued(issuer, cert) == X509_V_OK) {
-#if OPENSSL_VERSION_NUMBER >= 0x10100001L
+#ifdef WOLFSSL_NGINX
+ issuer = X509_dup(issuer);
+#elif OPENSSL_VERSION_NUMBER >= 0x10100001L
X509_up_ref(issuer);
#else
CRYPTO_add(&issuer->references, 1, CRYPTO_LOCK_X509);
diff -ur nginx-1.12.0/src/http/modules/ngx_http_proxy_module.c nginx-1.12.0-wolfssl/src/http/modules/ngx_http_proxy_module.c
--- nginx-1.12.0/src/http/modules/ngx_http_proxy_module.c 2017-04-13 00:46:02.000000000 +1000
+++ nginx-1.12.0-wolfssl/src/http/modules/ngx_http_proxy_module.c 2017-04-13 15:06:24.397256759 +1000
@@ -4371,6 +4371,8 @@
return NGX_ERROR;
}
+ ngx_ssl_set_verify_on(cf, plcf->upstream.ssl);
+
if (ngx_ssl_trusted_certificate(cf, plcf->upstream.ssl,
&plcf->ssl_trusted_certificate,
plcf->ssl_verify_depth)
diff -ur nginx-1.12.0/src/http/modules/ngx_http_ssl_module.c nginx-1.12.0-wolfssl/src/http/modules/ngx_http_ssl_module.c
--- nginx-1.12.0/src/http/modules/ngx_http_ssl_module.c 2017-04-13 00:46:02.000000000 +1000
+++ nginx-1.12.0-wolfssl/src/http/modules/ngx_http_ssl_module.c 2017-04-13 09:56:08.267656857 +1000
@@ -14,7 +14,11 @@
ngx_pool_t *pool, ngx_str_t *s);
+#ifndef WOLFSSL_NGINX
#define NGX_DEFAULT_CIPHERS "HIGH:!aNULL:!MD5"
+#else
+#define NGX_DEFAULT_CIPHERS "ALL"
+#endif
#define NGX_DEFAULT_ECDH_CURVE "auto"
#define NGX_HTTP_NPN_ADVERTISE "\x08http/1.1"
diff -ur nginx-1.12.0/src/mail/ngx_mail_ssl_module.c nginx-1.12.0-wolfssl/src/mail/ngx_mail_ssl_module.c
--- nginx-1.12.0/src/mail/ngx_mail_ssl_module.c 2017-04-13 00:46:02.000000000 +1000
+++ nginx-1.12.0-wolfssl/src/mail/ngx_mail_ssl_module.c 2017-04-13 09:56:36.643916645 +1000
@@ -10,7 +10,11 @@
#include <ngx_mail.h>
+#ifndef WOLFSSL_NGINX
#define NGX_DEFAULT_CIPHERS "HIGH:!aNULL:!MD5"
+#else
+#define NGX_DEFAULT_CIPHERS "ALL"
+#endif
#define NGX_DEFAULT_ECDH_CURVE "auto"
diff -ur nginx-1.12.0/src/stream/ngx_stream_proxy_module.c nginx-1.12.0-wolfssl/src/stream/ngx_stream_proxy_module.c
--- nginx-1.12.0/src/stream/ngx_stream_proxy_module.c 2017-04-13 00:46:02.000000000 +1000
+++ nginx-1.12.0-wolfssl/src/stream/ngx_stream_proxy_module.c 2017-04-13 15:07:12.337347314 +1000
@@ -2001,6 +2001,8 @@
return NGX_ERROR;
}
+ ngx_ssl_set_verify_on(cf, plcf->ssl);
+
if (ngx_ssl_trusted_certificate(cf, pscf->ssl,
&pscf->ssl_trusted_certificate,
pscf->ssl_verify_depth)
diff -ur nginx-1.12.0/src/stream/ngx_stream_ssl_module.c nginx-1.12.0-wolfssl/src/stream/ngx_stream_ssl_module.c
--- nginx-1.12.0/src/stream/ngx_stream_ssl_module.c 2017-04-13 00:46:02.000000000 +1000
+++ nginx-1.12.0-wolfssl/src/stream/ngx_stream_ssl_module.c 2017-04-13 09:57:09.364207951 +1000
@@ -14,7 +14,11 @@
ngx_pool_t *pool, ngx_str_t *s);
+#ifndef WOLFSSL_NGINX
#define NGX_DEFAULT_CIPHERS "HIGH:!aNULL:!MD5"
+#else
+#define NGX_DEFAULT_CIPHERS "ALL"
+#endif
#define NGX_DEFAULT_ECDH_CURVE "auto"

185
ssl_ecc.t 100644
View File

@ -0,0 +1,185 @@
#!/usr/bin/perl
# (C) Sean Parkinson
# (C) wolfSSL, Inc.
# Tests for http ssl module.
###############################################################################
use warnings;
use strict;
use Test::More;
BEGIN { use FindBin; chdir($FindBin::Bin); }
use lib 'lib';
use Test::Nginx;
###############################################################################
select STDERR; $| = 1;
select STDOUT; $| = 1;
eval { require IO::Socket::SSL; };
plan(skip_all => 'IO::Socket::SSL not installed') if $@;
eval { IO::Socket::SSL::SSL_VERIFY_NONE(); };
plan(skip_all => 'IO::Socket::SSL too old') if $@;
my $t = Test::Nginx->new()->has(qw/http http_ssl rewrite/)
->has_daemon('openssl');
$t->write_file_expand('nginx.conf', <<'EOF');
%%TEST_GLOBALS%%
daemon off;
events {
}
http {
%%TEST_GLOBALS_HTTP%%
ssl_certificate_key localhost.key;
ssl_certificate localhost.crt;
ssl_session_tickets off;
server {
listen 127.0.0.1:8080 ssl;
server_name localhost;
ssl_certificate_key localhost.key;
ssl_certificate localhost.crt;
ssl_session_cache shared:SSL:1m;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA;
location /cipher {
return 200 "body $ssl_cipher";
}
}
}
EOF
$t->write_file('openssl.conf', <<EOF);
[ req ]
encrypt_key = no
distinguished_name = req_distinguished_name
[ req_distinguished_name ]
EOF
my $d = $t->testdir();
$t->write_file('ca.conf', <<EOF);
[ ca ]
default_ca = myca
[ myca ]
new_certs_dir = $d
database = $d/certindex
default_md = sha256
policy = myca_policy
serial = $d/certserial
default_days = 3
[ myca_policy ]
commonName = supplied
EOF
$t->write_file('certserial', '1000');
$t->write_file('certindex', '');
system("openssl ecparam -genkey -name prime256v1 -out '$d/issuer.key' "
. ">>$d/openssl.out 2>&1") == 0
or die "Can't create ECC public key for issuer: $!\n";
system('openssl req -x509 -new '
. "-config '$d/openssl.conf' -subj '/CN=issuer/' "
. "-out '$d/issuer.crt' -key '$d/issuer.key' "
. ">>$d/openssl.out 2>&1") == 0
or die "Can't create certificate for issuer: $!\n";
system("openssl ecparam -genkey -name prime256v1 -out '$d/subject.key' "
. ">>$d/openssl.out 2>&1") == 0
or die "Can't create ECC public key for subject: $!\n";
system("openssl req -new "
. "-config '$d/openssl.conf' -subj '/CN=subject/' "
. "-out '$d/subject.csr' -key '$d/subject.key' "
. ">>$d/openssl.out 2>&1") == 0
or die "Can't create certificate for subject: $!\n";
system("openssl ca -batch -config '$d/ca.conf' "
. "-keyfile '$d/issuer.key' -cert '$d/issuer.crt' "
. "-subj '/CN=subject/' -in '$d/subject.csr' -out '$d/subject.crt' "
. ">>$d/openssl.out 2>&1") == 0
or die "Can't sign certificate for subject: $!\n";
foreach my $name ('localhost') {
system("openssl ecparam -genkey -name prime256v1 "
. "-out '$d/$name.key' >>$d/openssl.out 2>&1") == 0
or die "Can't create ECC public key for $name: $!\n";
system('openssl req -x509 -new '
. "-config '$d/openssl.conf' -subj '/CN=$name/' "
. "-out '$d/$name.crt' -key '$d/$name.key' "
. ">>$d/openssl.out 2>&1") == 0
or die "Can't create certificate for $name: $!\n";
}
my $ctx = new IO::Socket::SSL::SSL_Context(
SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
SSL_session_cache_size => 100);
$t->try_run('no ssl_ecc')->plan(1);
###############################################################################
like(get('/cipher', 8080), qr/^body [\w-]+$/m, 'cipher');
###############################################################################
sub get {
my ($uri, $port) = @_;
my $s = get_ssl_socket($ctx, port($port)) or return;
http_get($uri, socket => $s);
}
sub cert {
my ($uri, $port) = @_;
my $s = get_ssl_socket(undef, port($port),
SSL_cert_file => "$d/subject.crt",
SSL_key_file => "$d/subject.key") or return;
http_get($uri, socket => $s);
}
sub get_ssl_socket {
my ($ctx, $port, %extra) = @_;
my $s;
eval {
local $SIG{ALRM} = sub { die "timeout\n" };
local $SIG{PIPE} = sub { die "sigpipe\n" };
alarm(2);
$s = IO::Socket::SSL->new(
Proto => 'tcp',
PeerAddr => '127.0.0.1',
PeerPort => $port,
SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
SSL_reuse_ctx => $ctx,
SSL_error_trap => sub { die $_[1] },
%extra
);
alarm(0);
};
alarm(0);
if ($@) {
log_in("died: $@");
return undef;
}
return $s;
}
###############################################################################

405
test.sh 100755
View File

@ -0,0 +1,405 @@
#!/bin/bash
NGINX_SRC="../nginx"
if [ "$NGINX_BIN" = "" ]; then
NGINX_BIN="${NGINX_SRC}/objs/nginx"
fi
if [ "$WOLFSSL_SOURCE" = "" ]; then
WOLFSSL_SOURCE="../wolfssl"
fi
WOLFSSL_CLIENT="./examples/client/client"
WOLFSSL_OCSP_CERTS="${WOLFSSL_SOURCE}/certs/ocsp"
NGINX_CONF="./conf"
CLIENT_TMP="/tmp/nginx_client.$$"
SERVER_TMP="/tmp/nginx_server.$$"
OCSP_GOOD="ocsp-good-status.der"
OCSP_BAD="ocsp-bad-status.der"
WN_PATH=`pwd`
WN_OCSP_GOOD="$WN_PATH/conf/$OCSP_GOOD"
WN_OCSP_BAD="$WN_PATH/conf/$OCSP_BAD"
WN_LOGS="$WN_PATH/logs"
WN_ERROR_LOG="$WN_LOGS/error.log"
HOST="127.0.0.1"
if [ "$IPV6" != "" ]; then
HOST="::ffff:127.0.0.1"
fi
if [ ! -f $NGINX_BIN ]; then
echo "Could not find Nginx exe: ${NGINX_BIN}"
echo "Stopping - FAIL"
exit 1
fi
echo "Ngninx binary: $NGINX_BIN"
echo "wolfSSL Source directory: $WOLFSSL_SOURCE"
if [ ! -d $WOLFSSL_SOURCE ]; then
echo "Could not find wolfSSL source directory: ${WOLFSSL_SOURCE}"
echo "Stopping - FAIL"
exit 1
fi
if [ ! -d $WOLFSSL_OCSP_CERTS ]; then
echo "Could not find OCSP certs path: ${WOLFSSL_OCSP_CERTS}"
echo "Stopping - FAIL"
exit 1
fi
echo "Changing into wolfSSL source directory"
cd $WOLFSSL_SOURCE
if [ ! -e $WOLFSSL_CLIENT ]; then
echo "Could not find wolfSSL client: ${WOLFSSL_CLIENT}"
echo "Stopping - FAIL"
exit 1
fi
OPENSSL=`which openssl`
if [ "$?" = "1" ]; then
echo "Could not find openssl superapp"
echo "Stopping - FAIL"
exit 1
fi
echo "OpenSSL superapp found: $OPENSSL"
echo
if [ ! -d $WN_LOGS ]; then
echo "Making directory: ${WN_LOGS}"
mkdir ${WN_LOGS}
fi
# Number of minutes OCSP responses will be valid for
VALID_MIN=60
declare -a EXPECT
declare -a EXPECT_SERVER
declare -a EXP
SERVER_PID=0
OCSP_PID=0
PASS=0
FAIL=0
UNKNOWN=0
run_nginx() {
# valgrind --leak-check=full
${NGINX_BIN} -p ${WN_PATH} \
-g "error_log ${WN_ERROR_LOG} debug;" \
${NGINX_OPTS}
RES=$?
}
do_cleanup() {
echo "# In cleanup"
NGINX_OPTS="-s stop"
run_nginx
rm -f $CLIENT_TMP
rm -f $SERVER_TMP
if [ $SERVER_PID != '0' ]
then
echo "# Killing server"
kill -9 $SERVER_PID
fi
if [ $OCSP_PID != '0' ]
then
echo "# Killing OCSP responder"
kill -9 $OCSP_PID
fi
cd $WN_PATH
rm -rf client_body_temp fastcgi_temp proxy_temp scgi_temp uwsgi_temp
}
do_trap() {
echo "# Got trap"
do_cleanup
exit 1
}
trap do_trap INT TERM
check_log() {
DUMP_LOG="no"
if [ "$EXP" != "" ]; then
for I in ${!EXP[@]}
do
if grep "${EXP[$I]}" $LOG; then
echo "# PASS: Found: ${EXP[$I]}"
echo
PASS=$(($PASS + 1))
else
echo "# FAIL: Didn't find: ${EXP[$I]}"
echo
DUMP_LOG="yes"
FAIL=$(($FAIL + 1))
fi
done
else
DUMP_LOG="yes"
UNKNOWN=$(($UNKNOWN + 1))
fi
if [ "$DUMP_LOG" = "yes" ]; then
cat $LOG
fi
}
client() {
${WOLFSSL_CLIENT} -r -g -p $PORT -h $HOST $OPTS >$CLIENT_TMP 2>&1
echo "# Client Output"
LOG=$CLIENT_TMP
EXP=("${EXPECT[@]}")
check_log
}
client_test() {
OPTS="$OPTS -r -g"
client
}
stapling_test() {
OPTS="$OPTS -g -C -A ${WOLFSSL_OCSP_CERTS}/root-ca-cert.pem -W 1"
client
}
# Start the OSCP responder and generate the response files
${OPENSSL} ocsp -port 22221 -nmin ${VALID_MIN} -index ${WOLFSSL_OCSP_CERTS}/index1.txt -rsigner ${WOLFSSL_OCSP_CERTS}/ocsp-responder-cert.pem -rkey ${WOLFSSL_OCSP_CERTS}/ocsp-responder-key.pem -CA ${WOLFSSL_OCSP_CERTS}/intermediate1-ca-cert.pem >/dev/null 2>&1 &
OCSP_PID=$!
# Generate OCSP response file that indicates certificate is good.
${OPENSSL} ocsp -issuer ${WOLFSSL_OCSP_CERTS}/intermediate1-ca-cert.pem -cert ${WOLFSSL_OCSP_CERTS}/server1-cert.pem -url http://localhost:22221 -resp_text -respout ${WN_OCSP_GOOD} -no_nonce >/dev/null 2>&1
# Generate OCSP response file that indicates certificate is revoked.
${OPENSSL} ocsp -issuer ${WOLFSSL_OCSP_CERTS}/intermediate1-ca-cert.pem -cert ${WOLFSSL_OCSP_CERTS}/server2-cert.pem -url http://localhost:22221 -resp_text -respout ${WN_OCSP_BAD} -no_nonce >/dev/null 2>&1
if [ ! -f $WN_OCSP_GOOD ]; then
echo "Could not find OCSP output file: ${WN_OCSP_GOOD}"
echo "Stopping - FAIL"
exit 1
fi
if [ ! -f $WN_OCSP_BAD ]; then
echo "Could not find OCSP output file: ${WN_OCSP_BAD}"
echo "Stopping - FAIL"
exit 1
fi
echo "Stopping Nginx ..."
NGINX_OPTS="-s stop"
run_nginx
echo "Starting Nginx ..."
# Start Nginx
NGINX_OPTS=
run_nginx
if [ "$RES" != "0" ]; then
echo "Failed to start Nginx"
exit 1
fi
# Default certificate, DH KEA
echo
echo '#'
echo '# DH Key Exchange'
echo '#'
PORT=11443
echo "# Port: $PORT"
OPTS=
EXPECT=("SSL DH size is 2048 bits" "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" "HTTP/1.1 200 OK" "resume response")
client_test
# Default certificate, DH, verify client
echo
echo '#'
echo '# DH Key Exchange verify client'
echo '#'
PORT=11444
echo "# Port: $PORT"
OPTS="-x"
EXPECT=("400 No required SSL certificate was sent")
client_test
# Default certificate, ECDH with SECP384R1
echo
echo '#'
echo '# ECDH Key Exchange: SECP384R1'
echo '#'
PORT=11445
echo "# Port: $PORT"
OPTS=
EXPECT=("SECP384R1" "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" "HTTP/1.1 200 OK")
client_test
# ECC certificate, ECDH with default curve (prime256v1)
echo
echo '#'
echo '# ECC Certificate, ECDH Key Exchange: default curve (prime256v1)'
echo '#'
PORT=11446
echo "# Port: $PORT"
OPTS=
EXPECT=("SECP256R1" "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" "HTTP/1.1 200 OK")
client_test
# Session tickets file
echo
echo '#'
echo '# Session ticket file'
echo '#'
PORT=11450
echo "# Port: $PORT"
OPTS=
EXPECT=("Session Ticket CB" "HTTP/1.1 200 OK")
client_test
echo
echo '#'
echo '# Session cache off'
echo '#'
PORT=11455
echo "# Port: $PORT"
OPTS=
EXPECT=("didn't reuse session id!!!" "HTTP/1.1 200 OK")
client_test
echo
echo '#'
echo '# Session cache none'
echo '#'
PORT=11456
echo "# Port: $PORT"
OPTS=
EXPECT=("didn't reuse session id!!!" "HTTP/1.1 200 OK")
client_test
echo
echo '#'
echo '# Session cache builtin'
echo '#'
PORT=11457
echo "# Port: $PORT"
OPTS=
EXPECT=("reused session id" "HTTP/1.1 200 OK")
client_test
# Proxy to localhost:11111 - DHE-RSA
echo
echo '#'
echo '# Proxy - DHE-RSA'
echo '#'
PORT=11460
echo "# Port: $PORT"
OPTS=
SERVER_OPTS=
EXPECT=("HTTP/1.1 200 OK" "Welcome to wolf")
client_test
# Proxy to localhost:11111 - ECDHE-RSA
echo
echo '#'
echo '# Proxy - ECDHE-RSA'
echo '#'
PORT=11461
echo "# Port: $PORT"
OPTS=
SERVER_OPTS=
EXPECT=("HTTP/1.1 200 OK" "Welcome to wolf")
client_test
# Proxy to localhost:11111 - ECDHE-ECDSA
echo
echo '#'
echo '# Proxy - ECDHE-ECDSA'
echo '#'
PORT=11462
echo "# Port: $PORT"
OPTS=
SERVER_OPTS="-c certs/server-ecc.pem -k certs/ecc-key.pem"
EXPECT=("HTTP/1.1 200 OK" "Welcome to wolf")
client_test
# Proxy to localhost:11111 - ECDHE-ECDSA
echo
echo '#'
echo '# Proxy - ECDHE-ECDSA'
echo '#'
PORT=11463
echo "# Port: $PORT"
OPTS=
SERVER_OPTS="-c certs/server-ecc.pem -k certs/ecc-key.pem"
EXPECT=("HTTP/1.1 200 OK" "Welcome to wolf")
client_test
# Proxy to localhost:11111 - ECDHE-ECDSA
echo
echo '#'
echo '# Proxy - ECDHE-ECDSA'
echo '#'
PORT=11464
echo "# Port: $PORT"
OPTS=
SERVER_OPTS="-c certs/server-ecc.pem -k certs/ecc-key.pem"
EXPECT=("HTTP/1.1 502")
client_test
# Proxy to localhost:11111 - Revoked certificate in CRL
echo
echo '#'
echo '# Proxy - Revoked certificate in CRL'
echo '#'
PORT=11465
echo "# Port: $PORT"
OPTS=
SERVER_OPTS=
EXPECT=("HTTP/1.1 502")
client_test
# OCSP Stapling
# Good certificate
echo
echo '#'
echo '# OCSP Stapling - Good Certificate (Using OCSP Responder)'
echo '#'
PORT=11470
echo "# Port: $PORT"
OPTS=
EXPECT=("HTTP/1.1 200 OK")
stapling_test
stapling_test
# Revoked certificate
echo
echo '#'
echo '# OCSP Stapling - Revoked Certificate (Using OCSP Responder)'
echo '#'
PORT=11471
echo "# Port: $PORT"
OPTS=
EXPECT=("err = -360")
stapling_test
stapling_test
# Good certificate - response file
echo
echo '#'
echo '# OCSP Stapling - Good Certificate (Using pre-generated file)'
echo '#'
PORT=11472
echo "# Port: $PORT"
OPTS=
EXPECT=("HTTP/1.1 200 OK")
stapling_test
# Revoked certificate - response file
echo
echo '#'
echo '# OCSP Stapling - Revoked Certificate (Using pre-generated file)'
echo '#'
PORT=11473
echo "# Port: $PORT"
OPTS=
EXPECT=("err = -360")
stapling_test
# No certificate for verification of OCSP response
echo
echo '#'
echo '# OCSP Stapling - Using OCSP Responder but no cert to verify'
echo '#'
PORT=11474
echo "# Port: $PORT"
OPTS=
EXPECT=("HTTP/1.1 200 OK")
stapling_test
stapling_test
do_cleanup
echo
echo "##############"
echo "# PASS : $PASS"
echo "# FAIL : $FAIL"
echo "# UNKNOWN : $UNKNOWN"
echo "##############"

9
wolfssl/index.html 100644
View File

@ -0,0 +1,9 @@
<!DOCTYPE html>
<html>
<head>
<title>Welcome to wolfSSL!</title>
</head>
<body>
<p>wolfSSL has successfully performed handshake!</p>
</body>
</html>