diff --git a/certs/crl/server-goodaltwildCrl.pem b/certs/crl/server-goodaltwildCrl.pem new file mode 100644 index 000000000..3cb2b27f1 --- /dev/null +++ b/certs/crl/server-goodaltwildCrl.pem @@ -0,0 +1,38 @@ +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/ST=Montana/L=Bozeman/OU=Engineering/CN=www.nomatch.com/emailAddress=info@wolfssl.com + Last Update: Jun 12 21:08:33 2018 GMT + Next Update: Mar 8 21:08:33 2021 GMT + CRL extensions: + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 25:6a:7f:6a:71:9a:66:67:ed:88:29:d4:ec:37:a5:f2:03:0e: + cd:18:c6:f0:a8:2f:3c:8c:cf:83:d2:0c:60:97:52:73:5f:a2: + c3:76:c4:87:b4:0a:b3:7c:0d:37:64:72:30:d6:cc:58:0c:3e: + b6:ec:d0:1d:a1:19:a2:b6:58:c9:63:28:d5:45:45:8c:2f:f7: + 09:05:7d:5e:09:07:c7:53:01:f3:40:70:5f:6a:c1:1f:2c:36: + 27:8e:a1:bb:a0:94:b2:a5:98:76:f8:be:e1:87:22:d1:21:13: + 64:02:2b:de:9d:65:5a:d7:b6:48:08:b3:03:ce:f4:ef:81:66: + 1a:90:ea:b1:f4:cf:57:e2:1c:71:d6:85:24:c2:89:c2:2b:3d: + 14:00:8a:4a:7c:84:52:d5:f0:92:82:7f:04:84:dd:64:b5:86: + d2:a9:16:b1:0d:4c:57:a4:08:9b:82:4c:76:83:c5:77:3f:83: + ee:1e:2a:ea:0d:1c:5a:ff:a6:d7:00:49:ec:55:9b:8b:9e:a3: + ed:94:20:7a:0c:f0:6b:ca:9f:ec:d9:b5:2b:48:6c:a9:9b:fb: + fd:dd:95:e3:68:2c:83:61:ce:64:02:ac:09:e1:2d:3c:93:81: + e0:2c:87:35:14:7c:ae:fb:68:29:c2:35:55:75:fe:4f:9e:15: + 21:eb:bc:75 +-----BEGIN X509 CRL----- +MIIB3DCBxQIBATANBgkqhkiG9w0BAQUFADCBgjELMAkGA1UEBhMCVVMxEDAOBgNV +BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFDASBgNVBAsMC0VuZ2luZWVy +aW5nMRgwFgYDVQQDDA93d3cubm9tYXRjaC5jb20xHzAdBgkqhkiG9w0BCQEWEGlu +Zm9Ad29sZnNzbC5jb20XDTE4MDYxMjIxMDgzM1oXDTIxMDMwODIxMDgzM1qgDjAM +MAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4IBAQAlan9qcZpmZ+2IKdTsN6Xy +Aw7NGMbwqC88jM+D0gxgl1JzX6LDdsSHtAqzfA03ZHIw1sxYDD627NAdoRmitljJ +YyjVRUWML/cJBX1eCQfHUwHzQHBfasEfLDYnjqG7oJSypZh2+L7hhyLRIRNkAive +nWVa17ZICLMDzvTvgWYakOqx9M9X4hxx1oUkwonCKz0UAIpKfIRS1fCSgn8EhN1k +tYbSqRaxDUxXpAibgkx2g8V3P4PuHirqDRxa/6bXAEnsVZuLnqPtlCB6DPBryp/s +2bUrSGypm/v93ZXjaCyDYc5kAqwJ4S08k4HgLIc1FHyu+2gpwjVVdf5PnhUh67x1 +-----END X509 CRL----- diff --git a/certs/crl/server-goodcnwildCrl.pem b/certs/crl/server-goodcnwildCrl.pem new file mode 100644 index 000000000..5ba972e04 --- /dev/null +++ b/certs/crl/server-goodcnwildCrl.pem @@ -0,0 +1,38 @@ +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/ST=Montana/L=Bozeman/OU=Engineering/CN=*localhost/emailAddress=info@wolfssl.com + Last Update: Jun 12 21:08:33 2018 GMT + Next Update: Mar 8 21:08:33 2021 GMT + CRL extensions: + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 7b:61:c6:5b:68:f8:1d:4b:65:f5:67:ee:26:cc:1f:76:fc:70: + 80:55:54:01:66:d9:ba:b0:f5:bc:3e:52:ea:4e:d0:a5:95:eb: + 36:4b:9b:fa:8d:c3:62:3b:9b:e5:5a:8c:4a:50:f4:dc:33:bb: + 8d:d1:41:7f:1b:a7:7e:9a:c5:48:b6:42:85:55:8c:30:ce:16: + 83:e4:f8:20:6d:1d:b4:c6:64:cf:d9:47:19:fa:ee:87:6e:9f: + 61:33:a6:3b:81:24:93:74:e4:33:36:ea:83:42:d5:a0:19:9b: + 91:3c:c4:35:3b:90:37:62:25:fe:a5:2f:6d:2e:ed:02:09:9a: + 8c:9b:c3:2a:eb:90:33:eb:95:60:ff:39:26:ba:63:03:75:a8: + 7e:5b:59:dd:a3:9b:a0:16:ce:aa:96:96:45:9e:53:50:36:bd: + 8d:ef:1e:a3:26:96:94:9f:64:d2:ca:b4:28:21:87:2b:07:1a: + c9:00:28:80:b4:c5:10:f7:28:9b:ff:01:a3:6b:a8:f1:3d:53: + 25:8c:ea:a5:41:43:ec:b5:63:29:51:d8:5a:0b:18:97:59:c2: + f8:0b:6c:ee:99:0a:2d:79:d4:00:8e:ae:36:a5:2e:f6:4f:07: + 0e:85:4c:8d:4b:4b:b2:9f:33:09:0f:ed:59:c2:58:0b:e2:da: + cb:cc:44:f3 +-----BEGIN X509 CRL----- +MIIB1jCBvwIBATANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJVUzEQMA4GA1UE +CAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECwwLRW5naW5lZXJp +bmcxEzARBgNVBAMMCipsb2NhbGhvc3QxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s +ZnNzbC5jb20XDTE4MDYxMjIxMDgzM1oXDTIxMDMwODIxMDgzM1qgDjAMMAoGA1Ud +FAQDAgEBMA0GCSqGSIb3DQEBBQUAA4IBAQB7YcZbaPgdS2X1Z+4mzB92/HCAVVQB +Ztm6sPW8PlLqTtClles2S5v6jcNiO5vlWoxKUPTcM7uN0UF/G6d+msVItkKFVYww +zhaD5PggbR20xmTP2UcZ+u6Hbp9hM6Y7gSSTdOQzNuqDQtWgGZuRPMQ1O5A3YiX+ +pS9tLu0CCZqMm8Mq65Az65Vg/zkmumMDdah+W1ndo5ugFs6qlpZFnlNQNr2N7x6j +JpaUn2TSyrQoIYcrBxrJACiAtMUQ9yib/wGja6jxPVMljOqlQUPstWMpUdhaCxiX +WcL4C2zumQotedQAjq42pS72TwcOhUyNS0uynzMJD+1ZwlgL4trLzETz +-----END X509 CRL----- diff --git a/certs/test/gen-testcerts.sh b/certs/test/gen-testcerts.sh index f51942597..3b6500e1c 100755 --- a/certs/test/gen-testcerts.sh +++ b/certs/test/gen-testcerts.sh @@ -1,43 +1,91 @@ #!/bin/sh -# Generate CN=localhost, AltName=localhost\0h -echo "step 1 create key" -openssl genrsa -out server-badaltnamenull.key 2048 +# Args: 1=FileName, 2=CN, 3=AltName +function build_test_cert_conf { + echo "[ req ]" > $1.conf + echo "prompt = no" >> $1.conf + echo "default_bits = 2048" >> $1.conf + echo "distinguished_name = req_distinguished_name" >> $1.conf + echo "req_extensions = req_ext" >> $1.conf + echo "" >> $1.conf + echo "[ req_distinguished_name ]" >> $1.conf + echo "C = US" >> $1.conf + echo "ST = Montana" >> $1.conf + echo "L = Bozeman" >> $1.conf + echo "OU = Engineering" >> $1.conf + echo "CN = $2" >> $1.conf + echo "emailAddress = info@wolfssl.com" >> $1.conf + echo "" >> $1.conf + echo "[ req_ext ]" >> $1.conf + if [ -n "$3" ]; then + if [[ "$3" != *"DER"* ]]; then + echo "subjectAltName = @alt_names" >> $1.conf + echo "[alt_names]" >> $1.conf + echo "DNS.1 = $3" >> $1.conf + else + echo "subjectAltName = $3" >> $1.conf + fi + fi +} -echo "step 2 create csr" -echo "US\nMontana\nBozeman\nEngineering\nlocalhost\n.\n" | openssl req -new -sha256 -out server-badaltnamenull.csr -key server-badaltnamenull.key -config server-badaltnamenull.conf +# Args: 1=FileName +function generate_test_cert { + rm $1.der + rm $1.pem -echo "step 3 check csr" -openssl req -text -noout -in server-badaltnamenull.csr + echo "step 1 create configuration" + build_test_cert_conf $1 $2 $3 -echo "step 4 create cert" -openssl x509 -req -days 1000 -in server-badaltnamenull.csr -signkey server-badaltnamenull.key \ - -out server-badaltnamenull.pem -extensions req_ext -extfile server-badaltnamenull.conf + echo "step 2 create csr" + openssl req -new -sha256 -out $1.csr -key ../server-key.pem -config $1.conf -echo "step 5 make human reviewable" -openssl x509 -inform pem -in server-badaltnamenull.pem -text > tmp.pem -mv tmp.pem server-badaltnamenull.pem + echo "step 3 check csr" + openssl req -text -noout -in $1.csr -openssl x509 -inform pem -in server-badaltnamenull.pem -outform der -out server-badaltnamenull.der + echo "step 4 create cert" + openssl x509 -req -days 1000 -in $1.csr -signkey ../server-key.pem \ + -out $1.pem -extensions req_ext -extfile $1.conf + rm $1.conf + rm $1.csr + + if [ -n "$4" ]; then + echo "step 5 generate crl" + mkdir ../crl/demoCA + touch ../crl/demoCA/index.txt + echo "01" > ../crl/crlnumber + openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out crl.revoked -keyfile ../server-key.pem -cert $1.pem + rm ../crl/$1Crl.pem + openssl crl -in crl.revoked -text > tmp.pem + mv tmp.pem ../crl/$1Crl.pem + rm crl.revoked + rm -rf ../crl/demoCA + rm ../crl/crlnumber* + fi + + echo "step 6 add cert text information to pem" + openssl x509 -inform pem -in $1.pem -text > tmp.pem + mv tmp.pem $1.pem + + echo "step 7 make binary der version" + openssl x509 -inform pem -in $1.pem -outform der -out $1.der +} -# Generate CN=www.nomatch.com, no AltName -echo "step 1 create key" -openssl genrsa -out server-nomatch.key 2048 +# Generate Good CN=*localhost, Alt=None +generate_test_cert server-goodcnwild *localhost "" 1 -echo "step 2 create csr" -echo "US\nMontana\nBozeman\nEngineering\nwww.nomatch.com\n.\n" | openssl req -new -sha256 -out server-nomatch.csr -key server-nomatch.key -config server-nomatch.conf +# Generate Good CN=www.nomatch.com, Alt=*localhost +generate_test_cert server-goodaltwild www.nomatch.com *localhost 1 -echo "step 3 check csr" -openssl req -text -noout -in server-nomatch.csr +# Generate Bad CN=localhost\0h, Alt=None +# DG: Have not found a way to properly encode null in common name +generate_test_cert server-badcnnull DER:30:0d:82:0b:6c:6f:63:61:6c:68:6f:73:74:00:68 -echo "step 4 create cert" -openssl x509 -req -days 1000 -in server-nomatch.csr -signkey server-nomatch.key \ - -out server-nomatch.pem -extensions req_ext -extfile server-nomatch.conf +# Generate Bad Name CN=www.nomatch.com, Alt=None +generate_test_cert server-badcn www.nomatch.com -echo "step 5 make human reviewable" -openssl x509 -inform pem -in server-nomatch.pem -text > tmp.pem -mv tmp.pem server-nomatch.pem - -openssl x509 -inform pem -in server-nomatch.pem -outform der -out server-nomatch.der +# Generate Bad Alt CN=www.nomatch.com, Alt=localhost\0h +generate_test_cert server-badaltnull www.nomatch.com DER:30:0d:82:0b:6c:6f:63:61:6c:68:6f:73:74:00:68 +# Generate Bad Alt Name CN=www.nomatch.com, Alt=www.nomatch.com +generate_test_cert server-badaltname www.nomatch.com www.nomatch.com diff --git a/certs/test/include.am b/certs/test/include.am index 0e8eec225..c1f4a447d 100644 --- a/certs/test/include.am +++ b/certs/test/include.am @@ -20,16 +20,22 @@ EXTRA_DIST += \ EXTRA_DIST += \ certs/test/gen-testcerts.sh \ - certs/test/server-badaltnamenull.conf \ - certs/test/server-badaltnamenull.csr \ - certs/test/server-badaltnamenull.key \ - certs/test/server-badaltnamenull.pem \ - certs/test/server-badaltnamenull.der \ - certs/test/server-nomatch.conf \ - certs/test/server-nomatch.csr \ - certs/test/server-nomatch.key \ - certs/test/server-nomatch.pem \ - certs/test/server-nomatch.der + certs/test/server-goodcnwild.pem \ + certs/test/server-goodcnwild.der \ + certs/test/server-goodcnwild.csr \ + certs/test/server-goodaltwild.pem \ + certs/test/server-goodaltwild.der \ + certs/test/server-badcnnull.pem \ + certs/test/server-badcnnull.der \ + certs/test/server-badcn.pem \ + certs/test/server-badcn.der \ + certs/test/server-badaltnull.pem \ + certs/test/server-badaltnull.der \ + certs/test/server-badaltname.der \ + certs/test/server-badaltname.pem \ + certs/crl/server-goodaltwildCrl.pem \ + certs/crl/server-goodcnwildCrl.pem + EXTRA_DIST += \ certs/test/crit-cert.pem \ diff --git a/certs/test/server-badaltname.der b/certs/test/server-badaltname.der new file mode 100644 index 000000000..7c831d6be Binary files /dev/null and b/certs/test/server-badaltname.der differ diff --git a/certs/test/server-badaltname.pem b/certs/test/server-badaltname.pem new file mode 100644 index 000000000..f012f2631 --- /dev/null +++ b/certs/test/server-badaltname.pem @@ -0,0 +1,74 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 13794671295210680971 (0xbf708474a84f728b) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com/emailAddress=info@wolfssl.com + Validity + Not Before: Jun 12 21:08:33 2018 GMT + Not After : Mar 8 21:08:33 2021 GMT + Subject: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27: + 01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6: + f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75: + f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab: + 64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e: + 86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25: + 4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c: + 34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6: + 8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc: + 40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8: + dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3: + e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9: + 64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0: + c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77: + ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4: + b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22: + a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f: + ad:d7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Alternative Name: + DNS:www.nomatch.com + Signature Algorithm: sha1WithRSAEncryption + 67:2e:82:45:b1:42:c6:4d:95:cf:0f:f2:8e:96:0b:dd:77:e6: + b4:0f:c0:bc:6b:0f:04:ec:de:e1:e2:6b:0a:49:ac:df:13:8c: + 8f:4c:66:b9:48:ac:2b:f4:ae:ca:35:ad:31:a0:ef:f1:4b:8e: + 02:6d:42:ab:4b:8b:55:14:d8:86:df:f7:b6:cc:ce:42:ec:1b: + 49:53:e8:09:d1:33:d1:cf:a7:a4:40:90:c2:1d:6d:59:09:0d: + 95:06:ef:81:e0:89:8f:71:19:50:97:84:a2:69:25:78:d3:f7: + be:2c:e0:2c:f4:a5:c9:11:d7:fb:bf:b6:de:02:ee:2b:d7:c5: + 55:46:17:7b:d8:9b:49:77:42:ad:43:67:f6:1b:10:a6:fc:ce: + 60:d0:3e:79:3d:b7:ce:63:95:07:af:22:fb:45:6b:9b:da:4e: + a9:96:75:c2:e8:57:30:65:85:50:b0:b3:aa:0d:38:dc:13:0d: + 2a:fa:fa:76:88:89:a1:07:38:e7:98:55:7d:10:ac:48:da:2a: + 2d:09:98:60:d1:0d:03:80:58:11:1a:aa:dd:2e:3e:88:3b:90: + b7:a3:a5:38:25:ef:3c:cb:6f:f9:16:fb:c0:6a:ee:29:73:63: + 55:23:5f:a1:30:08:f1:0c:d0:9a:74:c9:09:c7:c0:06:db:2e: + 82:b4:3c:f0 +-----BEGIN CERTIFICATE----- +MIIDpzCCAo+gAwIBAgIJAL9whHSoT3KLMA0GCSqGSIb3DQEBBQUAMIGCMQswCQYD +VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIG +A1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMMD3d3dy5ub21hdGNoLmNvbTEfMB0G +CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0xODA2MTIyMTA4MzNaFw0y +MTAzMDgyMTA4MzNaMIGCMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQ +MA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMM +D3d3dy5ub21hdGNoLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv +bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfSRUEn +AWXGRa7yvCQwuJXOL07W9hyIvHyf+6hnf/5cnFF194rKB+c1L4/hvXvAL3yrZKgX +/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBj +xfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9 +ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIj +laF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBP +rdcCAwEAAaMeMBwwGgYDVR0RBBMwEYIPd3d3Lm5vbWF0Y2guY29tMA0GCSqGSIb3 +DQEBBQUAA4IBAQBnLoJFsULGTZXPD/KOlgvdd+a0D8C8aw8E7N7h4msKSazfE4yP +TGa5SKwr9K7KNa0xoO/xS44CbUKrS4tVFNiG3/e2zM5C7BtJU+gJ0TPRz6ekQJDC +HW1ZCQ2VBu+B4ImPcRlQl4SiaSV40/e+LOAs9KXJEdf7v7beAu4r18VVRhd72JtJ +d0KtQ2f2GxCm/M5g0D55PbfOY5UHryL7RWub2k6plnXC6FcwZYVQsLOqDTjcEw0q ++vp2iImhBzjnmFV9EKxI2iotCZhg0Q0DgFgRGqrdLj6IO5C3o6U4Je88y2/5FvvA +au4pc2NVI1+hMAjxDNCadMkJx8AG2y6CtDzw +-----END CERTIFICATE----- diff --git a/certs/test/server-badaltnamenull.conf b/certs/test/server-badaltnamenull.conf deleted file mode 100644 index cfca7b7e1..000000000 --- a/certs/test/server-badaltnamenull.conf +++ /dev/null @@ -1,17 +0,0 @@ -[ req ] -default_bits = 2048 -distinguished_name = req_distinguished_name -req_extensions = req_ext - -[ req_distinguished_name ] -countryName = US -stateOrProvinceName = Montana -localityName = Bozeman -organizationName = Engineering -commonName = www.wolfssl.com -commonName_max = 64 -commonName_default = localhost - -[ req_ext ] -#subjectAltName = localhost\0h -subjectAltName = DER:30:0d:82:0b:6c:6f:63:61:6c:68:6f:73:74:00:68 diff --git a/certs/test/server-badaltnamenull.csr b/certs/test/server-badaltnamenull.csr deleted file mode 100644 index 7ee5658d6..000000000 --- a/certs/test/server-badaltnamenull.csr +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIICyTCCAbECAQAwWzELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAO -BgNVBAcMB0JvemVtYW4xFDASBgNVBAoMC0VuZ2luZWVyaW5nMRIwEAYDVQQDDAls -b2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBWOI9sH7D -UouzlAgOLJgVQEyrHw9nwxeIEqmxfU2kZZcD95DWBzExpT0mbluER8yoj6E3//LY -58aDdASC+x/gxTLWuCNIgF9GWIOfP2TaWj9AHT6mIeklP2z9qJm3Md7UT52xOLkz -0wblZzSjcqEY61c1MGH6xAtfYfWZgmkxej4aAKd7jR1LAXCSIx+EO2WvvA8c5fiS -ozQgftXSM/5437VVSwu4dH4ptRNou/6nXi74cYzO4+/Unh7j/4ggwuvegNdEqeRg -CtASpQalRN+xrqghQaj786t/kBkqH6L0KKzzcsfLi4oE6dJXn4e7SFWgzbRayp5y -a7jal5x/6U+5AgMBAAGgKTAnBgkqhkiG9w0BCQ4xGjAYMBYGA1UdEQQPMA2CC2xv -Y2FsaG9zdABoMA0GCSqGSIb3DQEBCwUAA4IBAQCHfMbbmvXJGKjO6Z6UOkF3f7sa -cB8gEyjm9+Aa8gMQnaWOH8Sw6nGhGNSOVTQUIqt8EohqNCd/jrjZF34mecaJ3ycw -ryt7AGQzQX5uutBLVr55jszVVC8EDKuPzO3jXH6h6ptvSebG/0KL0P+JHL5JvzZ1 -wAsTBtnnnrnxCQO3a2SFC4zVyH+LCP+EWehH7Sjt9FtrCIoP+xoM6AJ2tCxb4CHH -A8WGuw36lG78DH6rs4kbh0iCP/pKYrYeG9EBOj6+Bw7WF4ee6QhL0VzHXUcIFjkp -YlVLGBTL6KVjPW4uim1az5F1+HxZTvbAbnPU7f81M2ePmqbFfODYO1KPXycg ------END CERTIFICATE REQUEST----- diff --git a/certs/test/server-badaltnamenull.der b/certs/test/server-badaltnamenull.der deleted file mode 100644 index b84405722..000000000 Binary files a/certs/test/server-badaltnamenull.der and /dev/null differ diff --git a/certs/test/server-badaltnamenull.key b/certs/test/server-badaltnamenull.key deleted file mode 100644 index b7d71ee2b..000000000 --- a/certs/test/server-badaltnamenull.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAwVjiPbB+w1KLs5QIDiyYFUBMqx8PZ8MXiBKpsX1NpGWXA/eQ -1gcxMaU9Jm5bhEfMqI+hN//y2OfGg3QEgvsf4MUy1rgjSIBfRliDnz9k2lo/QB0+ -piHpJT9s/aiZtzHe1E+dsTi5M9MG5Wc0o3KhGOtXNTBh+sQLX2H1mYJpMXo+GgCn -e40dSwFwkiMfhDtlr7wPHOX4kqM0IH7V0jP+eN+1VUsLuHR+KbUTaLv+p14u+HGM -zuPv1J4e4/+IIMLr3oDXRKnkYArQEqUGpUTfsa6oIUGo+/Orf5AZKh+i9Cis83LH -y4uKBOnSV5+Hu0hVoM20Wsqecmu42pecf+lPuQIDAQABAoIBAEL0a8xfHVa4dCZo -4e0+ph/d127+34/YMILvq5IKSWPfxk8aYS6s6O0/QpDXcJu7XXUV4AeLe+Z/RPBq -sdFF84Eb6QIQXC+UPOoYZuQzyNIQpIyoU/SmE53RfAXPaAPXokm1lG81rHT05BN3 -DPR5Eq6VeOqzaYq0bxfFzY4uag02pITGuYMIxuBkJ+q9mu9XTaBWY1mGlD0zqxUZ -LC0dgrWklJFNHNWddrsMl0LDXFRfuxdFmoZT5NBLh+DWgKq/IW+TAqe3lZGVCPFs -cctR3WevykigH5TZmK3gsT98kqe5y9xO+pOpAvNAKeiXVYEREzE+PbsdiLiXbaEy -X1pUB70CgYEA7BSSQqa5duNNwOFp9DcNmMj1VKE2ixhRZi+R7jxHquiyh6IQv7tf -865f8ZA55mPwy5h/Gqin6YdswvkwHUqbEstnQ+BXmcXaI0EY6iZAkSSKbC0ygr3o -yVuRSCJmkCdmb8KIz0yguEjOmbNcavaH9ivE7KS6DhYb65PwyGuCxqsCgYEA0alC -a84cpN59zFTaW85gpq1zeWMbXmkBees8xnygJ4kZw2MkqQSZw+zUFdb9WbltSAsU -Y8eF0SAaShoXfa7BwB2Bnrs7NZMQzZfVmSG5QLF45v+087guN7pgWnmkUQ0G9ijc -oLI5Mn3oMy9UrJ48JUVwYysaacgRa73tMsGZ0ysCgYALrbDWjzzZfsEX6468QATy -K+7G8vqpwtgz/+JuMJkzATPjtcayVWiXu2aPopzaotMEn1SaUwGLceGVe5I/wLMP -KPTAzNZIixsRZ2T+IEpNY8tdMpcvFInxfBAhy2Hbe7d7i9oMtzO0KhXeUJsfx3ZO -XTfupO93Ruy2qKjeoULk5QKBgCDD9O9oHK3fX4WJVT63t/8UaFF2HZbZjjOBgdP7 -MgQ7tt0EJ3yKjYVDA7oOCTX2do+lu6AEVHNkMveVsEoh/4GImvM1i4FJ5Hxc2DLA -RHVJxv1CxQK5q+9lnx1EmVtZT9c0d5Zdg/bSGnG1WeRILlocyf2VhOE3NRHDcshV -3TZVAoGAXP0SDgRcA544d0zdw07f9/KgHlYcsJuPGt2F7UzjIZiBivr3yh+EXBw2 -xMqRwFnsBeOgvW/i3Je01RjeWZL6M9Lq1ywk2HZtDPnN6dP15LwSS33OBRca5Fk+ -CyKDfZHd+8c2wj8hNsxd/D4N7ZVDrU3UNvMslHwGh0PbIaQxcQM= ------END RSA PRIVATE KEY----- diff --git a/certs/test/server-badaltnamenull.pem b/certs/test/server-badaltnamenull.pem deleted file mode 100644 index 61017211c..000000000 --- a/certs/test/server-badaltnamenull.pem +++ /dev/null @@ -1,72 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 15650401360786530715 (0xd931651e45f8a19b) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, ST=Montana, L=Bozeman, O=Engineering, CN=localhost - Validity - Not Before: May 3 16:02:13 2018 GMT - Not After : Jan 27 16:02:13 2021 GMT - Subject: C=US, ST=Montana, L=Bozeman, O=Engineering, CN=localhost - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) - Modulus: - 00:c1:58:e2:3d:b0:7e:c3:52:8b:b3:94:08:0e:2c: - 98:15:40:4c:ab:1f:0f:67:c3:17:88:12:a9:b1:7d: - 4d:a4:65:97:03:f7:90:d6:07:31:31:a5:3d:26:6e: - 5b:84:47:cc:a8:8f:a1:37:ff:f2:d8:e7:c6:83:74: - 04:82:fb:1f:e0:c5:32:d6:b8:23:48:80:5f:46:58: - 83:9f:3f:64:da:5a:3f:40:1d:3e:a6:21:e9:25:3f: - 6c:fd:a8:99:b7:31:de:d4:4f:9d:b1:38:b9:33:d3: - 06:e5:67:34:a3:72:a1:18:eb:57:35:30:61:fa:c4: - 0b:5f:61:f5:99:82:69:31:7a:3e:1a:00:a7:7b:8d: - 1d:4b:01:70:92:23:1f:84:3b:65:af:bc:0f:1c:e5: - f8:92:a3:34:20:7e:d5:d2:33:fe:78:df:b5:55:4b: - 0b:b8:74:7e:29:b5:13:68:bb:fe:a7:5e:2e:f8:71: - 8c:ce:e3:ef:d4:9e:1e:e3:ff:88:20:c2:eb:de:80: - d7:44:a9:e4:60:0a:d0:12:a5:06:a5:44:df:b1:ae: - a8:21:41:a8:fb:f3:ab:7f:90:19:2a:1f:a2:f4:28: - ac:f3:72:c7:cb:8b:8a:04:e9:d2:57:9f:87:bb:48: - 55:a0:cd:b4:5a:ca:9e:72:6b:b8:da:97:9c:7f:e9: - 4f:b9 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Subject Alternative Name: - DNS:localhost - Signature Algorithm: sha1WithRSAEncryption - ae:76:ea:5e:33:2c:cf:16:c8:ec:a2:27:2a:19:b9:22:bb:69: - b4:96:35:f7:25:1c:dd:8b:fb:c4:a8:32:17:89:73:a0:bc:23: - a3:49:d4:fd:1a:d7:fc:bf:87:5d:42:12:4b:20:20:74:47:7e: - 7c:97:89:c1:f1:a3:82:3a:58:0b:b4:05:0b:c1:02:da:a6:dc: - ca:6c:60:58:fe:83:1c:fc:ed:c7:bc:96:df:b2:af:31:f5:28: - 45:2d:d5:c0:5a:42:95:c3:64:c5:46:5c:cd:8e:d6:7b:fd:9c: - f5:75:44:cc:d6:7e:d8:96:55:5c:00:9f:1f:ac:f1:0a:07:29: - 0c:ba:ab:7d:1f:ac:8d:40:55:86:e4:35:1d:11:89:10:8b:c2: - 67:ff:99:32:66:f3:5d:4a:c3:37:5e:37:32:40:7b:29:50:25: - e5:c1:d8:df:7b:64:3e:f7:c4:1e:01:88:fe:24:f6:0c:ea:f7: - 72:df:1e:72:0c:9b:64:c3:6b:ec:ce:99:b1:75:61:f2:ac:d5: - 6f:7b:7d:06:7b:6c:a8:6c:ac:46:37:dd:af:e6:cb:8f:70:d7: - 57:e2:38:d9:e6:9a:93:da:53:06:e6:39:c5:79:6a:0a:ac:49: - da:04:a1:60:2f:5f:96:ef:ca:6c:34:62:6c:ac:25:1c:d5:e0: - f7:8e:7c:df ------BEGIN CERTIFICATE----- -MIIDUzCCAjugAwIBAgIJANkxZR5F+KGbMA0GCSqGSIb3DQEBBQUAMFsxCzAJBgNV -BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRQwEgYD -VQQKDAtFbmdpbmVlcmluZzESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTE4MDUwMzE2 -MDIxM1oXDTIxMDEyNzE2MDIxM1owWzELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01v -bnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFDASBgNVBAoMC0VuZ2luZWVyaW5nMRIw -EAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB -AQDBWOI9sH7DUouzlAgOLJgVQEyrHw9nwxeIEqmxfU2kZZcD95DWBzExpT0mbluE -R8yoj6E3//LY58aDdASC+x/gxTLWuCNIgF9GWIOfP2TaWj9AHT6mIeklP2z9qJm3 -Md7UT52xOLkz0wblZzSjcqEY61c1MGH6xAtfYfWZgmkxej4aAKd7jR1LAXCSIx+E -O2WvvA8c5fiSozQgftXSM/5437VVSwu4dH4ptRNou/6nXi74cYzO4+/Unh7j/4gg -wuvegNdEqeRgCtASpQalRN+xrqghQaj786t/kBkqH6L0KKzzcsfLi4oE6dJXn4e7 -SFWgzbRayp5ya7jal5x/6U+5AgMBAAGjGjAYMBYGA1UdEQQPMA2CC2xvY2FsaG9z -dABoMA0GCSqGSIb3DQEBBQUAA4IBAQCudupeMyzPFsjsoicqGbkiu2m0ljX3JRzd -i/vEqDIXiXOgvCOjSdT9Gtf8v4ddQhJLICB0R358l4nB8aOCOlgLtAULwQLaptzK -bGBY/oMc/O3HvJbfsq8x9ShFLdXAWkKVw2TFRlzNjtZ7/Zz1dUTM1n7YllVcAJ8f -rPEKBykMuqt9H6yNQFWG5DUdEYkQi8Jn/5kyZvNdSsM3XjcyQHspUCXlwdjfe2Q+ -98QeAYj+JPYM6vdy3x5yDJtkw2vszpmxdWHyrNVve30Ge2yobKxGN92v5suPcNdX -4jjZ5pqT2lMG5jnFeWoKrEnaBKFgL1+W78psNGJsrCUc1eD3jnzf ------END CERTIFICATE----- diff --git a/certs/test/server-badaltnull.der b/certs/test/server-badaltnull.der new file mode 100644 index 000000000..c782b0d0f Binary files /dev/null and b/certs/test/server-badaltnull.der differ diff --git a/certs/test/server-badaltnull.pem b/certs/test/server-badaltnull.pem new file mode 100644 index 000000000..b992b0a95 --- /dev/null +++ b/certs/test/server-badaltnull.pem @@ -0,0 +1,74 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 16413372648738711447 (0xe3c80376562ee797) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com/emailAddress=info@wolfssl.com + Validity + Not Before: Jun 12 21:08:33 2018 GMT + Not After : Mar 8 21:08:33 2021 GMT + Subject: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27: + 01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6: + f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75: + f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab: + 64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e: + 86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25: + 4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c: + 34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6: + 8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc: + 40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8: + dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3: + e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9: + 64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0: + c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77: + ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4: + b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22: + a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f: + ad:d7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Alternative Name: + DNS:localhost + Signature Algorithm: sha1WithRSAEncryption + 2e:5d:bf:5a:4a:16:d7:4e:d1:9d:18:07:6c:9a:b5:c3:9c:1c: + a3:75:7b:6c:91:ab:81:d8:f3:39:b9:81:22:5a:ae:ac:6f:47: + 7a:5b:79:6c:17:a7:32:7f:ae:8b:60:1c:e9:2e:fc:2d:be:42: + e8:60:a7:d9:49:d4:71:2a:32:86:0f:14:b1:47:21:97:7a:0f: + 89:e8:60:68:2b:22:22:95:ff:34:4e:42:7c:01:d5:6f:84:58: + 57:bc:1b:85:f1:bb:a9:88:f7:d1:73:3f:b9:5e:fc:f7:28:be: + 92:34:29:68:08:17:64:8d:3e:da:7a:b5:37:eb:e1:7a:fa:7a: + bf:d7:52:97:c6:75:3b:a1:6b:6d:8c:20:ff:38:14:24:e5:69: + 39:69:a8:28:91:26:43:12:e9:1b:90:01:e4:e3:1d:dc:b4:05: + c7:6e:00:27:d0:21:da:0a:2c:a6:82:c0:72:d6:4d:e2:9c:9b: + 12:ea:b6:cf:20:e1:e1:0f:44:52:6c:e8:8f:7f:a6:40:28:27: + 68:c5:46:b9:f5:3e:ee:0e:e5:16:92:e7:b0:e6:2f:2c:fc:77: + 20:98:89:0d:53:c4:92:7b:cd:10:a6:15:74:4a:f8:ac:76:c2: + 7d:7f:85:b2:d5:2c:01:9b:44:a0:aa:07:29:73:2e:5b:bd:c2: + c0:f5:e5:c1 +-----BEGIN CERTIFICATE----- +MIIDozCCAougAwIBAgIJAOPIA3ZWLueXMA0GCSqGSIb3DQEBBQUAMIGCMQswCQYD +VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIG +A1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMMD3d3dy5ub21hdGNoLmNvbTEfMB0G +CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0xODA2MTIyMTA4MzNaFw0y +MTAzMDgyMTA4MzNaMIGCMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQ +MA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMM +D3d3dy5ub21hdGNoLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv +bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfSRUEn +AWXGRa7yvCQwuJXOL07W9hyIvHyf+6hnf/5cnFF194rKB+c1L4/hvXvAL3yrZKgX +/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBj +xfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9 +ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIj +laF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBP +rdcCAwEAAaMaMBgwFgYDVR0RBA8wDYILbG9jYWxob3N0AGgwDQYJKoZIhvcNAQEF +BQADggEBAC5dv1pKFtdO0Z0YB2yatcOcHKN1e2yRq4HY8zm5gSJarqxvR3pbeWwX +pzJ/rotgHOku/C2+Quhgp9lJ1HEqMoYPFLFHIZd6D4noYGgrIiKV/zROQnwB1W+E +WFe8G4Xxu6mI99FzP7le/PcovpI0KWgIF2SNPtp6tTfr4Xr6er/XUpfGdTuha22M +IP84FCTlaTlpqCiRJkMS6RuQAeTjHdy0BcduACfQIdoKLKaCwHLWTeKcmxLqts8g +4eEPRFJs6I9/pkAoJ2jFRrn1Pu4O5RaS57DmLyz8dyCYiQ1TxJJ7zRCmFXRK+Kx2 +wn1/hbLVLAGbRKCqBylzLlu9wsD15cE= +-----END CERTIFICATE----- diff --git a/certs/test/server-badcn.der b/certs/test/server-badcn.der new file mode 100644 index 000000000..e54bbc106 Binary files /dev/null and b/certs/test/server-badcn.der differ diff --git a/certs/test/server-badcn.pem b/certs/test/server-badcn.pem new file mode 100644 index 000000000..ef83f866d --- /dev/null +++ b/certs/test/server-badcn.pem @@ -0,0 +1,70 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 10048089567140838698 (0x8b71fc3968bcfd2a) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com/emailAddress=info@wolfssl.com + Validity + Not Before: Jun 12 21:08:33 2018 GMT + Not After : Mar 8 21:08:33 2021 GMT + Subject: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27: + 01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6: + f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75: + f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab: + 64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e: + 86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25: + 4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c: + 34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6: + 8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc: + 40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8: + dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3: + e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9: + 64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0: + c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77: + ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4: + b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22: + a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f: + ad:d7 + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 21:99:a9:30:5e:1d:61:ba:64:88:4e:a1:15:6d:ea:8b:57:ef: + 40:5e:f7:99:64:12:f8:03:dc:4f:cf:d4:fa:8b:34:62:ad:f1: + d4:6e:94:45:80:b0:4c:cb:a0:12:cc:a1:b5:b7:85:d5:21:c4: + 20:5b:f3:f6:10:c5:46:21:e9:5a:ce:1e:bc:e1:47:a4:0f:8d: + 7f:92:92:af:4a:ea:cb:01:53:9e:f1:07:53:14:22:2b:b1:db: + 47:1f:59:15:87:a0:fd:33:23:03:e7:79:10:7c:90:a1:63:0d: + 06:41:cc:4a:8d:34:4e:ea:fb:ea:4f:c8:85:44:0d:92:29:15: + 85:de:cf:53:85:4b:29:3b:22:a8:7c:6d:3a:62:4c:f5:4c:15: + 18:ea:96:e6:4c:77:a2:eb:48:d7:ca:f5:9f:44:b5:83:02:a1: + 68:9c:38:88:56:db:69:08:b9:8a:7c:78:3d:4d:42:dc:ab:be: + 01:8d:2c:d8:76:5a:7d:1c:67:19:fb:a5:2e:76:60:fe:d6:11: + b7:1f:f9:09:7a:d5:a0:b0:2e:a3:a8:c0:fc:30:7d:72:68:3b: + 6c:26:0d:27:3e:61:1d:56:d2:4d:08:32:13:c3:5b:7c:84:e7: + e1:c6:9e:9b:32:28:0d:a1:84:b1:49:26:3b:15:ea:bc:5f:97: + 7a:27:52:88 +-----BEGIN CERTIFICATE----- +MIIDhzCCAm+gAwIBAgIJAItx/DlovP0qMA0GCSqGSIb3DQEBBQUAMIGCMQswCQYD +VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIG +A1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMMD3d3dy5ub21hdGNoLmNvbTEfMB0G +CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0xODA2MTIyMTA4MzNaFw0y +MTAzMDgyMTA4MzNaMIGCMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQ +MA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMM +D3d3dy5ub21hdGNoLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv +bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfSRUEn +AWXGRa7yvCQwuJXOL07W9hyIvHyf+6hnf/5cnFF194rKB+c1L4/hvXvAL3yrZKgX +/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBj +xfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9 +ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIj +laF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBP +rdcCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAIZmpMF4dYbpkiE6hFW3qi1fvQF73 +mWQS+APcT8/U+os0Yq3x1G6URYCwTMugEsyhtbeF1SHEIFvz9hDFRiHpWs4evOFH +pA+Nf5KSr0rqywFTnvEHUxQiK7HbRx9ZFYeg/TMjA+d5EHyQoWMNBkHMSo00Tur7 +6k/IhUQNkikVhd7PU4VLKTsiqHxtOmJM9UwVGOqW5kx3outI18r1n0S1gwKhaJw4 +iFbbaQi5inx4PU1C3Ku+AY0s2HZafRxnGfulLnZg/tYRtx/5CXrVoLAuo6jA/DB9 +cmg7bCYNJz5hHVbSTQgyE8NbfITn4caemzIoDaGEsUkmOxXqvF+XeidSiA== +-----END CERTIFICATE----- diff --git a/certs/test/server-badcnnull.der b/certs/test/server-badcnnull.der new file mode 100644 index 000000000..fe3c521b9 Binary files /dev/null and b/certs/test/server-badcnnull.der differ diff --git a/certs/test/server-badcnnull.pem b/certs/test/server-badcnnull.pem new file mode 100644 index 000000000..dff524a5b --- /dev/null +++ b/certs/test/server-badcnnull.pem @@ -0,0 +1,72 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 12504341600548822697 (0xad88586f52da1ea9) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=DER:30:0d:82:0b:6c:6f:63:61:6c:68:6f:73:74:00:68/emailAddress=info@wolfssl.com + Validity + Not Before: Jun 12 21:08:33 2018 GMT + Not After : Mar 8 21:08:33 2021 GMT + Subject: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=DER:30:0d:82:0b:6c:6f:63:61:6c:68:6f:73:74:00:68/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27: + 01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6: + f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75: + f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab: + 64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e: + 86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25: + 4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c: + 34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6: + 8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc: + 40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8: + dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3: + e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9: + 64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0: + c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77: + ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4: + b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22: + a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f: + ad:d7 + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 2d:66:45:43:2b:7b:10:1e:9a:2d:65:ee:ff:55:c6:44:71:7f: + db:b8:42:ef:e7:e8:d6:ee:b9:7d:58:7d:e6:a9:c9:8b:9d:56: + 89:0d:7f:b2:e7:e8:48:00:ad:81:aa:e2:97:2b:c5:0d:78:bc: + 3f:b3:ae:67:4a:af:fe:b5:90:5d:97:f6:d5:dd:d9:5c:69:65: + 6c:3b:32:7c:5a:76:16:d9:86:08:24:47:1b:fd:16:4c:5a:72: + 56:17:85:1e:aa:e4:4c:28:aa:91:28:e5:ed:95:28:5f:6b:63: + a8:e7:7e:2d:0c:20:e2:7e:0e:57:ab:6d:e7:e4:fc:13:3b:d7: + bb:df:cd:89:55:56:80:b7:45:0c:74:f6:ae:c3:91:b0:10:69: + 3f:13:ff:7e:43:3d:1e:c3:3b:02:ee:ab:27:64:12:bd:b6:70: + 99:c0:d3:6b:22:b8:f5:3c:6b:3f:ab:a0:fd:ba:cc:50:e5:8a: + 67:b3:ec:8b:15:79:bd:db:e3:64:1a:1d:bb:d5:cb:55:8f:40: + 7f:01:ba:e2:32:dc:87:fa:3c:80:dd:37:7f:de:5b:ca:aa:1d: + 63:46:ec:22:c6:4c:1b:bf:74:50:c4:1a:21:b6:7a:ac:3f:55: + c8:bf:ae:69:80:2f:2d:2b:93:aa:0a:67:97:3c:c6:5b:7a:35: + e7:19:51:bd +-----BEGIN CERTIFICATE----- +MIIDyTCCArGgAwIBAgIJAK2IWG9S2h6pMA0GCSqGSIb3DQEBBQUAMIGjMQswCQYD +VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIG +A1UECwwLRW5naW5lZXJpbmcxOTA3BgNVBAMMMERFUjozMDowZDo4MjowYjo2Yzo2 +Zjo2Mzo2MTo2Yzo2ODo2Zjo3Mzo3NDowMDo2ODEfMB0GCSqGSIb3DQEJARYQaW5m +b0B3b2xmc3NsLmNvbTAeFw0xODA2MTIyMTA4MzNaFw0yMTAzMDgyMTA4MzNaMIGj +MQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1h +bjEUMBIGA1UECwwLRW5naW5lZXJpbmcxOTA3BgNVBAMMMERFUjozMDowZDo4Mjow +Yjo2Yzo2Zjo2Mzo2MTo2Yzo2ODo2Zjo3Mzo3NDowMDo2ODEfMB0GCSqGSIb3DQEJ +ARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBAMCVCOFXQfJxbbfSRUEnAWXGRa7yvCQwuJXOL07W9hyIvHyf+6hnf/5cnFF1 +94rKB+c1L4/hvXvAL3yrZKgX/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+Fj +Y1GLC2Q/rUO4pRxcNLOuAKBjxfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0Yz +aYduxLsXpvPo3a1zvHsvIbX9ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh +1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMg +s1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEALWZF +Qyt7EB6aLWXu/1XGRHF/27hC7+fo1u65fVh95qnJi51WiQ1/sufoSACtgarilyvF +DXi8P7OuZ0qv/rWQXZf21d3ZXGllbDsyfFp2FtmGCCRHG/0WTFpyVheFHqrkTCiq +kSjl7ZUoX2tjqOd+LQwg4n4OV6tt5+T8EzvXu9/NiVVWgLdFDHT2rsORsBBpPxP/ +fkM9HsM7Au6rJ2QSvbZwmcDTayK49TxrP6ug/brMUOWKZ7PsixV5vdvjZBodu9XL +VY9AfwG64jLch/o8gN03f95byqodY0bsIsZMG790UMQaIbZ6rD9VyL+uaYAvLSuT +qgpnlzzGW3o15xlRvQ== +-----END CERTIFICATE----- diff --git a/certs/test/server-goodaltwild.der b/certs/test/server-goodaltwild.der new file mode 100644 index 000000000..e82bd8841 Binary files /dev/null and b/certs/test/server-goodaltwild.der differ diff --git a/certs/test/server-goodaltwild.pem b/certs/test/server-goodaltwild.pem new file mode 100644 index 000000000..4b7bc2479 --- /dev/null +++ b/certs/test/server-goodaltwild.pem @@ -0,0 +1,74 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 14980506928471650860 (0xcfe573ae6ad4b22c) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com/emailAddress=info@wolfssl.com + Validity + Not Before: Jun 12 21:08:33 2018 GMT + Not After : Mar 8 21:08:33 2021 GMT + Subject: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27: + 01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6: + f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75: + f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab: + 64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e: + 86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25: + 4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c: + 34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6: + 8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc: + 40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8: + dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3: + e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9: + 64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0: + c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77: + ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4: + b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22: + a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f: + ad:d7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Alternative Name: + DNS:*localhost + Signature Algorithm: sha1WithRSAEncryption + 5c:8a:c0:87:6d:e8:af:91:5b:fb:43:86:c3:63:ca:3d:d7:5c: + 5b:1a:7a:c2:53:78:f3:7c:32:b3:f0:cf:d0:60:0a:53:22:b1: + c6:50:fe:a8:67:91:90:56:05:67:cf:15:ff:e9:c9:b1:ae:f2: + 9d:97:0e:f5:ec:41:b2:e5:40:0b:8f:83:e1:b9:e4:59:bd:7e: + 5c:a0:d5:31:df:c4:78:1a:ca:13:1b:e3:2f:a8:b7:9f:4e:86: + 59:33:c6:a1:96:c5:f1:5b:83:7c:21:60:97:d1:77:25:40:ac: + 86:cb:c5:b0:d7:db:07:98:0f:63:48:b1:b5:d3:f4:bc:1b:90: + fc:d1:bf:95:53:8f:03:ec:9e:ac:b3:bc:18:c8:53:ca:36:38: + 64:5b:65:65:27:e7:23:f8:6d:68:a3:f2:48:ac:26:00:73:ff: + 68:cd:62:98:65:04:a5:0f:bb:c7:11:a4:7a:6f:0e:79:14:e6: + 19:c4:4f:54:c0:a7:4f:60:99:c1:7c:17:74:6d:38:1c:72:90: + 8d:72:6b:52:dd:68:4a:2c:8b:4e:9d:c3:35:f8:1b:31:6e:eb: + 76:b7:bb:7e:54:86:6f:ac:2e:e4:f6:58:7e:23:75:b0:af:9b: + fc:66:82:4a:e6:47:1d:4b:10:15:26:81:7a:f5:17:b4:44:01: + 1e:84:41:62 +-----BEGIN CERTIFICATE----- +MIIDojCCAoqgAwIBAgIJAM/lc65q1LIsMA0GCSqGSIb3DQEBBQUAMIGCMQswCQYD +VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIG +A1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMMD3d3dy5ub21hdGNoLmNvbTEfMB0G +CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0xODA2MTIyMTA4MzNaFw0y +MTAzMDgyMTA4MzNaMIGCMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQ +MA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMM +D3d3dy5ub21hdGNoLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv +bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfSRUEn +AWXGRa7yvCQwuJXOL07W9hyIvHyf+6hnf/5cnFF194rKB+c1L4/hvXvAL3yrZKgX +/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBj +xfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9 +ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIj +laF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBP +rdcCAwEAAaMZMBcwFQYDVR0RBA4wDIIKKmxvY2FsaG9zdDANBgkqhkiG9w0BAQUF +AAOCAQEAXIrAh23or5Fb+0OGw2PKPddcWxp6wlN483wys/DP0GAKUyKxxlD+qGeR +kFYFZ88V/+nJsa7ynZcO9exBsuVAC4+D4bnkWb1+XKDVMd/EeBrKExvjL6i3n06G +WTPGoZbF8VuDfCFgl9F3JUCshsvFsNfbB5gPY0ixtdP0vBuQ/NG/lVOPA+yerLO8 +GMhTyjY4ZFtlZSfnI/htaKPySKwmAHP/aM1imGUEpQ+7xxGkem8OeRTmGcRPVMCn +T2CZwXwXdG04HHKQjXJrUt1oSiyLTp3DNfgbMW7rdre7flSGb6wu5PZYfiN1sK+b +/GaCSuZHHUsQFSaBevUXtEQBHoRBYg== +-----END CERTIFICATE----- diff --git a/certs/test/server-goodcnwild.der b/certs/test/server-goodcnwild.der new file mode 100644 index 000000000..472993a8f Binary files /dev/null and b/certs/test/server-goodcnwild.der differ diff --git a/certs/test/server-goodcnwild.pem b/certs/test/server-goodcnwild.pem new file mode 100644 index 000000000..7b961cadc --- /dev/null +++ b/certs/test/server-goodcnwild.pem @@ -0,0 +1,70 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 11791884614682041113 (0xa3a53094ba845b19) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=*localhost/emailAddress=info@wolfssl.com + Validity + Not Before: Jun 12 21:08:33 2018 GMT + Not After : Mar 8 21:08:33 2021 GMT + Subject: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=*localhost/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27: + 01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6: + f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75: + f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab: + 64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e: + 86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25: + 4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c: + 34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6: + 8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc: + 40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8: + dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3: + e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9: + 64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0: + c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77: + ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4: + b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22: + a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f: + ad:d7 + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + aa:98:5b:71:d5:fb:0d:0c:f4:a2:8d:df:6c:0f:ae:93:a5:04: + 86:4e:ca:37:0b:89:fb:d5:c0:fa:b2:d2:dd:34:9b:01:c9:6d: + 35:3e:e3:31:b4:82:0b:1c:32:56:ab:61:d6:5d:c3:05:6d:89: + 51:fc:03:c3:a2:75:35:07:76:63:f1:65:24:d3:dd:c3:cf:46: + 06:65:e4:1c:8d:07:c7:be:68:93:f3:d6:eb:ab:ca:99:ad:8d: + bd:20:98:77:56:d6:f1:17:0e:77:6e:2f:9e:f3:54:c3:c3:4c: + 6d:ea:2f:e3:08:04:18:af:23:1d:be:57:1b:e3:6d:d4:d3:60: + 1e:64:83:1d:33:08:24:0b:60:3e:f4:a0:08:31:2e:0d:13:7a: + f5:a3:cc:59:0e:f4:7e:72:a4:19:f2:b7:c4:fc:51:f5:fa:68: + 3f:d7:a6:79:a1:a9:46:d9:52:c2:d9:92:cb:04:6a:a6:d5:73: + 24:6f:7b:5e:9d:97:70:38:a3:82:d6:c5:d8:8b:cc:26:03:72: + b5:72:a5:30:ca:ad:d4:25:b1:59:84:fd:ed:43:cb:b2:80:ec: + 5d:cc:33:6a:a1:49:f6:8e:3e:ab:17:fc:74:c5:ce:d6:2e:05: + bf:a1:26:11:2c:4b:13:d1:15:0f:76:92:a2:d1:28:26:ad:1b: + 65:20:3b:38 +-----BEGIN CERTIFICATE----- +MIIDezCCAmOgAwIBAgIJAKOlMJS6hFsZMA0GCSqGSIb3DQEBBQUAMH0xCzAJBgNV +BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRQwEgYD +VQQLDAtFbmdpbmVlcmluZzETMBEGA1UEAwwKKmxvY2FsaG9zdDEfMB0GCSqGSIb3 +DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0xODA2MTIyMTA4MzNaFw0yMTAzMDgy +MTA4MzNaMH0xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQH +DAdCb3plbWFuMRQwEgYDVQQLDAtFbmdpbmVlcmluZzETMBEGA1UEAwwKKmxvY2Fs +aG9zdDEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfSRUEnAWXGRa7yvCQwuJXO +L07W9hyIvHyf+6hnf/5cnFF194rKB+c1L4/hvXvAL3yrZKgX/Mpde7rgIeVyLm8u +htiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBjxfZ/C1loeHOmjBip +Am2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9ZlEMvVSz4W1fHLwj +c9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3uhPSl3PiXSXJ +ag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAATANBgkq +hkiG9w0BAQUFAAOCAQEAqphbcdX7DQz0oo3fbA+uk6UEhk7KNwuJ+9XA+rLS3TSb +AcltNT7jMbSCCxwyVqth1l3DBW2JUfwDw6J1NQd2Y/FlJNPdw89GBmXkHI0Hx75o +k/PW66vKma2NvSCYd1bW8RcOd24vnvNUw8NMbeov4wgEGK8jHb5XG+Nt1NNgHmSD +HTMIJAtgPvSgCDEuDRN69aPMWQ70fnKkGfK3xPxR9fpoP9emeaGpRtlSwtmSywRq +ptVzJG97Xp2XcDijgtbF2IvMJgNytXKlMMqt1CWxWYT97UPLsoDsXcwzaqFJ9o4+ +qxf8dMXO1i4Fv6EmESxLE9EVD3aSotEoJq0bZSA7OA== +-----END CERTIFICATE----- diff --git a/certs/test/server-nomatch.conf b/certs/test/server-nomatch.conf deleted file mode 100644 index b53010c37..000000000 --- a/certs/test/server-nomatch.conf +++ /dev/null @@ -1,16 +0,0 @@ -[ req ] -default_bits = 2048 -distinguished_name = req_distinguished_name -req_extensions = req_ext - -[ req_distinguished_name ] -countryName = US -stateOrProvinceName = Montana -localityName = Bozeman -organizationName = Engineering -commonName = www.nomatch.com -commonName_max = 64 - -[ req_ext ] -#subjectAltName = localhost\0h -#subjectAltName = DER:30:0d:82:0b:6c:6f:63:61:6c:68:6f:73:74:00:68 diff --git a/certs/test/server-nomatch.csr b/certs/test/server-nomatch.csr deleted file mode 100644 index 5fdc8f777..000000000 --- a/certs/test/server-nomatch.csr +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIICtDCCAZwCAQAwYDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAO -BgNVBAcMB0JvemVtYW4xFDASBgNVBAoMC0VuZ2luZWVyaW5nMRcwFQYDVQQDDA53 -d3cubm9uYW1lLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ1B -JYwNWaXJdfnKJAz61T0m1w6xMGxELhZWjDks49zn98lW8E8wMZtCoguE1feuu9pF -6yGnfRmK2J+4QjeWVejmMqt8SQyJpW8nWCvRpFVha0RFbmT60nuvKMRX68Lku6iU -Vav2KHU+cz4yBj1m9QO6AqzJWQWiLY5t25OBq+EkhWUd9I39rGmF8ba1Bnpus27U -tqRVJ8cmEwnNPc8ihvcN8RsrYdnQNyYIiIUdJIA2iduDE7PeOSY3jT9mtmeWQOHp -l91xh/RGbJWNpLBd66TkreLTnz4zmQMMTzZGj1pdv9B3UFc6mIMNWmLsERRhiOMO -hiaFfEJwFJZBN9PaXYsCAwEAAaAPMA0GCSqGSIb3DQEJDjEAMA0GCSqGSIb3DQEB -CwUAA4IBAQCA0S++HN0qb94u8setTM5akJjpM1b2o4rcrQluFKMel8mMip9hinvG -sPkJL1KB28/O9TcdmMX57zfXBsumxLSpjzmjIqri7fVabcu/kybE2wdNNvM+9ZzT -pNbYhWEhsCS8XAegiApx/JVszmH77GLExuVAY2XqxA7Cy2Ia/qyiR6v0agMd6I4z -T7nlJHBckOOEdJ6cjqy67vqWy+BKwCK/kRnOJuirIeJ+SechS4tXuRrVni0pkDuK -xQ2uHQjpzFR40U6pFGgwZcdR1bvLCWOlC7efS4ayIETZzhOuXTZa4qQ5/IcCyM+N -scJS5z+YQpQMgOs5jj5DWYLUtMs63UmQ ------END CERTIFICATE REQUEST----- diff --git a/certs/test/server-nomatch.der b/certs/test/server-nomatch.der deleted file mode 100644 index 0dcf502a0..000000000 Binary files a/certs/test/server-nomatch.der and /dev/null differ diff --git a/certs/test/server-nomatch.key b/certs/test/server-nomatch.key deleted file mode 100644 index 182b27380..000000000 --- a/certs/test/server-nomatch.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAnUEljA1Zpcl1+cokDPrVPSbXDrEwbEQuFlaMOSzj3Of3yVbw -TzAxm0KiC4TV96672kXrIad9GYrYn7hCN5ZV6OYyq3xJDImlbydYK9GkVWFrREVu -ZPrSe68oxFfrwuS7qJRVq/YodT5zPjIGPWb1A7oCrMlZBaItjm3bk4Gr4SSFZR30 -jf2saYXxtrUGem6zbtS2pFUnxyYTCc09zyKG9w3xGyth2dA3JgiIhR0kgDaJ24MT -s945JjeNP2a2Z5ZA4emX3XGH9EZslY2ksF3rpOSt4tOfPjOZAwxPNkaPWl2/0HdQ -VzqYgw1aYuwRFGGI4w6GJoV8QnAUlkE309pdiwIDAQABAoIBAQCKxhIHfUSOvLHj -JRMZbUY/OAZzTcTo1mZBilEmp8nSidculA1wJJyyYmQ0fB6C/G2E20z8Hx2UK+at -VOMCwSXBaVxv3zdr3BDlfbgeu1wliNornoYkkQCs68+zLc+95zMAOx87qPjdNqZm -zaiaCUDR8BYqO2nXQd6oIaSzkKyI+tqTO9zW4NG8Y5zv0waKCjPK9Ep/kze9uC4S -WIp2eYhUb+x60dECDBGI9xvlgeZyP5PMCfCyaZk3CxnLsR4tI9R5WwDgMcjCShJk -3+kHyrtNU8ak2TrfUoh96arHu0HMLFJaJSdxYT9FUSKhKu+fWMn1J36AkxdqntAw -6HATVD4ZAoGBAM0DCqI5BKvmPWdO587+fpPAa76iqQDqqkaAQ94xcGtTYA0yEfbA -V4JFfsCEFm7evteMmJgmDyNNVvnSi/LQhL+ih40Q0LKREYzBiMy3aothQZAYb+Ex -fVllfZhIaWI8q/DoeZ7qohRHFGBA/znav6vls3kE3jRWx0O30eq9cX1tAoGBAMRd -bQNcp2mCm+fe//s5GKXm4ak4zeo077fUCxJly4DE5e2+IGrP+JYwVrJsMuFu/3C1 -/6+qCgLS+/08BMQ+e6xmTDJrRXtk9KmDI38tEoqzH8tkAgSTxby771/5uNr7hbgX -LtCCIsxhwSAML0b7M2I8xmEfL3Dmu1q7/GEDAMPXAoGABd/ucBOeNKbWX519OwtD -6Uv8Smwy15nh4z9NspJMHGc5O2eR6DY+y7beGPowAmFTqq2WudVtXZ+bvHDyHbUn -+K3ZoIs4z8UkcZoiJ2uiG/hffpeUrSlT5DnqTXDVxEDk1HR0977Vgis/RDrYlXnV -QEHG0NL44xsRfrlHxKhFFkkCgYB1HsgzliLgQp+c2BxUCkUSRrhXx2LCC5rjSRzl -d0O+5THC8IDDVJIPentrZi+e2CaRYmxDqSbZcmAMNa0eI6p+NHHELMk/hQKMzIPy -ib6ibZ5MILU3Z7AsFuf6labVLeoe1+z7PnNk9fVLmRjlvFR0ho1IRmJ0c5pRzwgE -ENd29wKBgA5WnuCBKF9Kv8H9E1hAuAGXwBxmw9PVeWB63/TAernlOQhF47ra9ExH -GtkZv9D/2tNJaoft1YQ1yhBn7l7rW+vfQYXAOW4yRg0FSOOgefBwN/eTOXVRU9Zg -9LBwnQlvimQUm0GrxLLAseDqFMn/a3x/KxftvF95JGx/1Lscukdz ------END RSA PRIVATE KEY----- diff --git a/certs/test/server-nomatch.pem b/certs/test/server-nomatch.pem deleted file mode 100644 index a1753cbf3..000000000 --- a/certs/test/server-nomatch.pem +++ /dev/null @@ -1,69 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 13225619248861184800 (0xb78ad6a26ef08320) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, ST=Montana, L=Bozeman, O=Engineering, CN=www.noname.com - Validity - Not Before: May 24 21:25:38 2018 GMT - Not After : Feb 17 21:25:38 2021 GMT - Subject: C=US, ST=Montana, L=Bozeman, O=Engineering, CN=www.noname.com - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) - Modulus: - 00:9d:41:25:8c:0d:59:a5:c9:75:f9:ca:24:0c:fa: - d5:3d:26:d7:0e:b1:30:6c:44:2e:16:56:8c:39:2c: - e3:dc:e7:f7:c9:56:f0:4f:30:31:9b:42:a2:0b:84: - d5:f7:ae:bb:da:45:eb:21:a7:7d:19:8a:d8:9f:b8: - 42:37:96:55:e8:e6:32:ab:7c:49:0c:89:a5:6f:27: - 58:2b:d1:a4:55:61:6b:44:45:6e:64:fa:d2:7b:af: - 28:c4:57:eb:c2:e4:bb:a8:94:55:ab:f6:28:75:3e: - 73:3e:32:06:3d:66:f5:03:ba:02:ac:c9:59:05:a2: - 2d:8e:6d:db:93:81:ab:e1:24:85:65:1d:f4:8d:fd: - ac:69:85:f1:b6:b5:06:7a:6e:b3:6e:d4:b6:a4:55: - 27:c7:26:13:09:cd:3d:cf:22:86:f7:0d:f1:1b:2b: - 61:d9:d0:37:26:08:88:85:1d:24:80:36:89:db:83: - 13:b3:de:39:26:37:8d:3f:66:b6:67:96:40:e1:e9: - 97:dd:71:87:f4:46:6c:95:8d:a4:b0:5d:eb:a4:e4: - ad:e2:d3:9f:3e:33:99:03:0c:4f:36:46:8f:5a:5d: - bf:d0:77:50:57:3a:98:83:0d:5a:62:ec:11:14:61: - 88:e3:0e:86:26:85:7c:42:70:14:96:41:37:d3:da: - 5d:8b - Exponent: 65537 (0x10001) - Signature Algorithm: sha1WithRSAEncryption - 6d:df:c3:7a:74:32:b6:ba:f5:2c:87:93:6c:64:7c:b9:5f:6e: - 79:f3:e7:b2:6a:58:c6:8d:20:9a:f6:46:b1:60:f9:59:59:6f: - 22:32:e3:f8:5c:a2:2d:53:84:48:b9:68:6d:2e:59:03:c1:e4: - ad:5b:ce:91:6e:13:bd:5c:71:2a:69:d8:7d:a8:07:cf:6f:83: - 0c:05:cf:d4:39:7f:10:3d:35:98:1c:f9:77:26:53:d5:81:f1: - 6a:0b:ca:fb:86:f9:6d:bb:92:b9:e0:57:a2:3b:43:14:cc:e0: - 75:27:10:c2:50:1d:91:ca:af:f8:36:88:cc:5d:1d:37:77:fe: - 1d:ea:b3:d9:94:b6:e4:b1:a7:29:2b:e4:1e:c7:f6:65:1d:59: - d7:e2:2d:01:d2:08:a1:72:a0:b2:f1:3f:9c:fd:27:f9:46:85: - e3:05:a5:34:b0:a6:6c:44:f0:42:16:32:71:2f:cd:82:c2:33: - 05:0a:3c:3c:e7:87:17:d7:1f:a9:4e:83:c2:1e:46:a5:0f:7a: - c2:98:f7:98:a1:75:b8:72:26:d9:1b:65:24:f0:f3:d7:2c:9c: - cf:a6:88:c4:8c:56:00:87:16:be:49:28:91:a0:bc:c7:9f:e3: - 02:35:fb:0b:39:e3:c0:f9:f3:ed:bb:7d:2e:4c:09:7a:88:53: - b1:16:5c:b4 ------BEGIN CERTIFICATE----- -MIIDQTCCAimgAwIBAgIJALeK1qJu8IMgMA0GCSqGSIb3DQEBBQUAMGAxCzAJBgNV -BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRQwEgYD -VQQKDAtFbmdpbmVlcmluZzEXMBUGA1UEAwwOd3d3Lm5vbmFtZS5jb20wHhcNMTgw -NTI0MjEyNTM4WhcNMjEwMjE3MjEyNTM4WjBgMQswCQYDVQQGEwJVUzEQMA4GA1UE -CAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECgwLRW5naW5lZXJp -bmcxFzAVBgNVBAMMDnd3dy5ub25hbWUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEAnUEljA1Zpcl1+cokDPrVPSbXDrEwbEQuFlaMOSzj3Of3yVbw -TzAxm0KiC4TV96672kXrIad9GYrYn7hCN5ZV6OYyq3xJDImlbydYK9GkVWFrREVu -ZPrSe68oxFfrwuS7qJRVq/YodT5zPjIGPWb1A7oCrMlZBaItjm3bk4Gr4SSFZR30 -jf2saYXxtrUGem6zbtS2pFUnxyYTCc09zyKG9w3xGyth2dA3JgiIhR0kgDaJ24MT -s945JjeNP2a2Z5ZA4emX3XGH9EZslY2ksF3rpOSt4tOfPjOZAwxPNkaPWl2/0HdQ -VzqYgw1aYuwRFGGI4w6GJoV8QnAUlkE309pdiwIDAQABMA0GCSqGSIb3DQEBBQUA -A4IBAQBt38N6dDK2uvUsh5NsZHy5X2558+eyaljGjSCa9kaxYPlZWW8iMuP4XKIt -U4RIuWhtLlkDweStW86RbhO9XHEqadh9qAfPb4MMBc/UOX8QPTWYHPl3JlPVgfFq -C8r7hvltu5K54FeiO0MUzOB1JxDCUB2Ryq/4NojMXR03d/4d6rPZlLbksacpK+Qe -x/ZlHVnX4i0B0gihcqCy8T+c/Sf5RoXjBaU0sKZsRPBCFjJxL82CwjMFCjw854cX -1x+pToPCHkalD3rCmPeYoXW4cibZG2Uk8PPXLJzPpojEjFYAhxa+SSiRoLzHn+MC -NfsLOePA+fPtu30uTAl6iFOxFly0 ------END CERTIFICATE----- diff --git a/src/internal.c b/src/internal.c index e63588862..ddf5b8629 100644 --- a/src/internal.c +++ b/src/internal.c @@ -7653,7 +7653,7 @@ int MatchDomainName(const char* pattern, int len, const char* str) while (len > 0) { p = (char)XTOLOWER((unsigned char)*pattern++); - if (p == 0) + if (p == '\0') break; if (p == '*') { @@ -7684,8 +7684,9 @@ int MatchDomainName(const char* pattern, int len, const char* str) } } - if (*str == '\0') + if (*str == '\0' && len == 0) { ret = 1; /* success */ + } return ret; } @@ -7705,7 +7706,7 @@ int CheckAltNames(DecodedCert* dCert, char* domain) while (altName) { WOLFSSL_MSG("\tindividual AltName check"); - if (MatchDomainName(altName->name,(int)XSTRLEN(altName->name), domain)){ + if (MatchDomainName(altName->name, altName->len, domain)){ match = 1; break; } @@ -7742,8 +7743,7 @@ static int CheckForAltNames(DecodedCert* dCert, char* domain, int* checkCN) while (altName) { WOLFSSL_MSG("\tindividual AltName check"); - if (MatchDomainName(altName->name, (int)XSTRLEN(altName->name), - domain)) { + if (MatchDomainName(altName->name, altName->len, domain)) { match = 1; *checkCN = 0; break; @@ -7953,7 +7953,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) while (cur != NULL) { if (cur->type == ASN_RFC822_TYPE) { DNS_entry* dnsEntry; - int strLen = (int)XSTRLEN(cur->name); + int strLen = cur->len; dnsEntry = (DNS_entry*)XMALLOC(sizeof(DNS_entry), x509->heap, DYNAMIC_TYPE_ALTNAME); @@ -7970,7 +7970,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) XFREE(dnsEntry, x509->heap, DYNAMIC_TYPE_ALTNAME); return MEMORY_E; } - + dnsEntry->len = strLen; XMEMCPY(dnsEntry->name, cur->name, strLen); dnsEntry->name[strLen] = '\0'; diff --git a/tests/test-fails.conf b/tests/test-fails.conf index 32fd0c0e1..e9fda3021 100644 --- a/tests/test-fails.conf +++ b/tests/test-fails.conf @@ -1,30 +1,61 @@ -# server bad certificate alt name +# server bad certificate common name has null +# DG: Have not found a way to properly encode null in common name -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 --k ./certs/test/server-badaltnamenull.key --c ./certs/test/server-badaltnamenull.pem +-k ./certs/server-key.pem +-c ./certs/test/server-badcnnull.pem -d -# client bad certificate alt name +# client bad certificate common name has null -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 -h localhost --A ./certs/test/server-badaltnamenull.pem +-A ./certs/test/server-badcnnull.pem +-m +-x + +# server bad certificate alternate name has null +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-k ./certs/server-key.pem +-c ./certs/test/server-badaltnull.pem +-d + +# client bad certificate alternate name has null +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-h localhost +-A ./certs/test/server-badaltnull.pem -m -x # server nomatch common name -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 --k ./certs/test/server-nomatch.key --c ./certs/test/server-nomatch.pem +-k ./certs/server-key.pem +-c ./certs/test/server-badcn.pem -d # client nomatch common name -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 -h localhost --A ./certs/test/server-nomatch.pem +-A ./certs/test/server-badcn.pem +-m +-x + +# server nomatch alternate name +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-k ./certs/server-key.pem +-c ./certs/test/server-badaltname.pem +-d + +# client nomatch alternate name +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-h localhost +-A ./certs/test/server-badaltname.pem -m -x diff --git a/tests/test.conf b/tests/test.conf index 18cb942e5..fdc2b7f5f 100644 --- a/tests/test.conf +++ b/tests/test.conf @@ -2246,3 +2246,31 @@ -D certs/dh3072.pem -c certs/client-cert-3072.pem -k certs/client-key-3072.pem + +# server good certificate common name wild +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-k ./certs/server-key.pem +-c ./certs/test/server-goodcnwild.pem +-d + +# client good certificate common name wild +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-h localhost +-A ./certs/test/server-goodcnwild.pem +-m + +# server good certificate alt name wild +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-k ./certs/server-key.pem +-c ./certs/test/server-goodaltwild.pem +-d + +# client good certificate alt name wild +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-h localhost +-A ./certs/test/server-goodaltwild.pem +-m diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index b8eb7b864..500296088 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -4203,9 +4203,10 @@ static int GetName(DecodedCert* cert, int nameType) XFREE(emailName, cert->heap, DYNAMIC_TYPE_ALTNAME); return MEMORY_E; } + emailName->len = adv; XMEMCPY(emailName->name, &cert->source[cert->srcIdx], adv); - emailName->name[adv] = 0; + emailName->name[adv] = '\0'; emailName->next = cert->altEmailNames; cert->altEmailNames = emailName; @@ -5547,7 +5548,7 @@ static int ConfirmNameConstraints(Signer* signer, DecodedCert* cert) DNS_entry* name = cert->altNames; while (name != NULL) { if (MatchBaseName(ASN_DNS_TYPE, - name->name, (int)XSTRLEN(name->name), + name->name, name->len, base->name, base->nameSz)) { return 0; } @@ -5560,7 +5561,7 @@ static int ConfirmNameConstraints(Signer* signer, DecodedCert* cert) DNS_entry* name = cert->altEmailNames; while (name != NULL) { if (MatchBaseName(ASN_RFC822_TYPE, - name->name, (int)XSTRLEN(name->name), + name->name, name->len, base->name, base->nameSz)) { return 0; } @@ -5604,7 +5605,7 @@ static int ConfirmNameConstraints(Signer* signer, DecodedCert* cert) while (name != NULL) { matchDns = MatchBaseName(ASN_DNS_TYPE, - name->name, (int)XSTRLEN(name->name), + name->name, name->len, base->name, base->nameSz); name = name->next; } @@ -5619,7 +5620,7 @@ static int ConfirmNameConstraints(Signer* signer, DecodedCert* cert) while (name != NULL) { matchEmail = MatchBaseName(ASN_DNS_TYPE, - name->name, (int)XSTRLEN(name->name), + name->name, name->len, base->name, base->nameSz); name = name->next; } @@ -5700,7 +5701,7 @@ static int DecodeAltNames(byte* input, int sz, DecodedCert* cert) XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME); return MEMORY_E; } - + dnsEntry->len = strLen; XMEMCPY(dnsEntry->name, &input[idx], strLen); dnsEntry->name[strLen] = '\0'; @@ -5737,7 +5738,7 @@ static int DecodeAltNames(byte* input, int sz, DecodedCert* cert) XFREE(emailEntry, cert->heap, DYNAMIC_TYPE_ALTNAME); return MEMORY_E; } - + emailEntry->len = strLen; XMEMCPY(emailEntry->name, &input[idx], strLen); emailEntry->name[strLen] = '\0'; @@ -5808,7 +5809,7 @@ static int DecodeAltNames(byte* input, int sz, DecodedCert* cert) XFREE(uriEntry, cert->heap, DYNAMIC_TYPE_ALTNAME); return MEMORY_E; } - + uriEntry->len = strLen; XMEMCPY(uriEntry->name, &input[idx], strLen); uriEntry->name[strLen] = '\0'; diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 35b372355..039ee34fa 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -439,6 +439,7 @@ typedef struct DNS_entry DNS_entry; struct DNS_entry { DNS_entry* next; /* next on DNS list */ int type; /* i.e. ASN_DNS_TYPE */ + int len; /* actual DNS len */ char* name; /* actual DNS name */ };