WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

New tests for cert chains, alternate cert chains, trusted peer certs and DH prime cleanup: 

* Added ECC and RSA intermediate CA's and server/client chain certificates for testing.
* Enhanced suites test to support expected fail arg `-H exitWithRet` in any test .conf file.
* Added new `test-altchains.conf` for testing with `WOLFSSL_ALT_CERT_CHAINS` defined.
* Added new `test-chains` for testing chains.
* Added new `test-dhprime.conf` for DH prime check tests.
* Added new `test-trustedpeer.conf` for testing `WOLFSSL_TRUST_PEER_CERT`.
* Refactor to add `-2` to disable DH prime check by default (except for new test-dhprime.conf).
* Added ability to run a specific test.conf file using syntax like `./tests/unit.test tests/test-altchains.conf`.
pull/1934/head
David Garske 2018-12-21 09:33:54 -08:00
parent 00dd222aa5
commit 59a3b4a110
62 changed files with 2018 additions and 1713 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
certs/crl/ca-int-ecc.pem 100644
View File

@ -0,0 +1,10 @@
-----BEGIN X509 CRL-----
MIIBYDCCAQUCAQEwCgYIKoZIzj0EAwIwgaMxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM
MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJbnRlcm1l
ZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0x
ODEyMjExNzU0MDFaFw0yMTA5MTYxNzU0MDFaoDAwLjAfBgNVHSMEGDAWgBSXHWDD
hyJZm2AfhLSZHIhNv9oebjALBgNVHRQEBAICIAMwCgYIKoZIzj0EAwIDSQAwRgIh
AMrFN7PEk0mtpHWZXJQSaXrc2K2BY/iZ6GlKnbM9G44MAiEA5K9dEKgOX/2VvGlR
YN8aMaQ+Ly9fyMNEnXLR2OOMrBA=
-----END X509 CRL-----

14
certs/crl/ca-int.pem 100644
View File

@ -0,0 +1,14 @@
-----BEGIN X509 CRL-----
MIICHDCCAQQCAQEwDQYJKoZIhvcNAQELBQAwgZ8xCzAJBgNVBAYTAlVTMRMwEQYD
VQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xm
U1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNTTCBJbnRl
cm1lZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE4
MTIyMTE3NTQwMFoXDTIxMDkxNjE3NTQwMFqgMDAuMB8GA1UdIwQYMBaAFO9p4PfV
HeaZ7Nxt0PfiuVxkcYM1MAsGA1UdFAQEAgIgADANBgkqhkiG9w0BAQsFAAOCAQEA
d++OmLaoou17s32sU/onSY1+Y9PoqYcKqkjK14srsvnrMe8AS3QDsuF721cg3Ekp
pghG2pmyrvsCB8uaZ5yGE0B7YZ2ZfKjq6IQAQmcMkZ9tVtchmJNGyuB0T8uL8fJE
JsCvI+eAyYTSjgePQC4x9GMunWwRfQ4DWjXIal8f9WNLnRRZl8MKaTk6fuMM+GBt
6QJ1qEEeWWwbTnCqAia4dJ/IJGn7bbxwMAs305zrBE8G17gzh4Q4aj/nt71+oM5e
Jf4XHs2GahUUz29OqiXwsfNfpF9/DHxjTf0UyHjRVV95hdq2QBQNuozVQ/wDiXSH
12py+paDtyfh1Vw3RapYMQ==
-----END X509 CRL-----

10
certs/crl/client-int-ecc.pem 100644
View File

@ -0,0 +1,10 @@
-----BEGIN X509 CRL-----
MIIBXTCCAQICAQEwCgYIKoZIzj0EAwIwgaAxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM
MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEhMB8GA1UEAwwYd29sZlNTTCBDbGllbnQg
Q2hhaW4gRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xODEy
MjExNzU0MDFaFw0yMTA5MTYxNzU0MDFaoDAwLjAfBgNVHSMEGDAWgBTr1EtZa5Vh
P1FXtgRNiUGIRFyr8jALBgNVHRQEBAICIAUwCgYIKoZIzj0EAwIDSQAwRgIhAJn0
klExhxOHZtOQi45DuNnraKRzWV+V0moXQOvQmP4+AiEAk7Oqvn3Ij3ZhB/V+7VT0
iPE8ipSUmQbQcZzI7BhT86E=
-----END X509 CRL-----

14
certs/crl/client-int.pem 100644
View File

@ -0,0 +1,14 @@
-----BEGIN X509 CRL-----
MIICGTCCAQECAQEwDQYJKoZIhvcNAQELBQAwgZwxCzAJBgNVBAYTAlVTMRMwEQYD
VQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xm
U1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEdMBsGA1UEAwwUd29sZlNTTCBDbGll
bnQgQ2hhaW4xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE4MTIy
MTE3NTQwMFoXDTIxMDkxNjE3NTQwMFqgMDAuMB8GA1UdIwQYMBaAFDPYRWbXaIcY
flQNcCeRxybXhWXAMAsGA1UdFAQEAgIgAjANBgkqhkiG9w0BAQsFAAOCAQEAefil
VL8oAVmbbtUyF7v7cwZ+3Olt6VuCcevIPYMc8yP7huO21UpkjwrVhr0tru6SA5xO
2I1lUwcyuH49c2H/RVEmS7q75TErYyXl/D209+LidOqPAnVibNWBsNaqQUn11dEM
T+VBC6aiUuLxnslpzWUkmromjh0BI2f1AbYEtRDHlaqZakxiZ4FdXPpnopcO44+T
ZLS2Kj52L6ykB1j70I2HOpZ7C07+MTBLvCV8J0Au1+GNBN1TZSO0dOX8AXLSpS+6
q3vxJ1nsNYk/P7KdJO8eGYth9pXffKYPzMz0urrnavNd9nO9bR4u89SLepzuedBK
vX+Acp5M8IcAnw4sEA==
-----END X509 CRL-----

9
certs/crl/include.am
View File

@ -14,3 +14,12 @@ EXTRA_DIST += \
EXTRA_DIST += \ EXTRA_DIST += \
certs/crl/crl.revoked certs/crl/crl.revoked
# Intermediate cert CRL's
EXTRA_DIST += \
certs/crl/ca-int.pem \
certs/crl/client-int.pem \
certs/crl/server-int.pem \
certs/crl/ca-int-ecc.pem \
certs/crl/client-int-ecc.pem \
certs/crl/server-int-ecc.pem

10
certs/crl/server-int-ecc.pem 100644
View File

@ -0,0 +1,10 @@
-----BEGIN X509 CRL-----
MIIBXDCCAQICAQEwCgYIKoZIzj0EAwIwgaAxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM
MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEhMB8GA1UEAwwYd29sZlNTTCBTZXJ2ZXIg
Q2hhaW4gRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xODEy
MjExNzU0MDFaFw0yMTA5MTYxNzU0MDFaoDAwLjAfBgNVHSMEGDAWgBRdXSbvrH42
+Zt2FStKJQIj77KJMDALBgNVHRQEBAICIAQwCgYIKoZIzj0EAwIDSAAwRQIgTKmg
a595JJuQ5U4Alhi7p8424/02UoN4WLg9tZiGtfICIQDKtdI2JZuVpTmCtRRo8gZH
H/s5EUrqsIpXoNMdsGO1+w==
-----END X509 CRL-----

14
certs/crl/server-int.pem 100644
View File

@ -0,0 +1,14 @@
-----BEGIN X509 CRL-----
MIICGTCCAQECAQEwDQYJKoZIhvcNAQELBQAwgZwxCzAJBgNVBAYTAlVTMRMwEQYD
VQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xm
U1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEdMBsGA1UEAwwUd29sZlNTTCBTZXJ2
ZXIgQ2hhaW4xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE4MTIy
MTE3NTQwMFoXDTIxMDkxNjE3NTQwMFqgMDAuMB8GA1UdIwQYMBaAFLMRMsmSmITi
yfjQO24DQsofDo48MAsGA1UdFAQEAgIgATANBgkqhkiG9w0BAQsFAAOCAQEAEhz6
qLMqvX2s8/nsg2BjT+07Di3f3kkCZqxWtdvoSHg44lQof2F6UuTeKzlBWfTmFLE9
qZJ8dj6xSMPEnZnRB1z9HvHRKZGDotuSNWCt4BElXP6ZZpQcIFaYUsWUZJ0Zb7LW
/06fuepQTeHrxvwNPD6SF5+dVX7doQ2l2ytkQvGHznrWsQNdB2H9K2tAZTIbkiQA
KcRP1pm1Dt2pZWPbwHws/AcXM4nCIJRUTlo1drHBClDbJB1n/AU8LjX1shX4AUds
+HthMwVmDUjofoXuqzRVyCtfdMH5tgwY//opif+FRXwXjZajx9K+vu68Qa8hI5+9
sXu6NDs92L2KLfGNmg==
-----END X509 CRL-----

1
certs/include.am
View File

@ -100,3 +100,4 @@ include certs/external/include.am
include certs/ocsp/include.am include certs/ocsp/include.am
include certs/test/include.am include certs/test/include.am
include certs/test-pathlen/include.am include certs/test-pathlen/include.am
include certs/intermediate/include.am

BIN
certs/intermediate/ca-int-cert.der 100644
View File

Binary file not shown.

83
certs/intermediate/ca-int-cert.pem 100644
View File

@ -0,0 +1,83 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4096 (0x1000)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
Not Before: Dec 21 17:54:00 2018 GMT
Not After : Dec 16 17:54:00 2038 GMT
Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Intermediate CA/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c3:a2:73:5d:21:62:20:ce:3a:71:38:a7:94:bb:
db:87:04:1c:5a:1b:9e:4b:0d:3e:ca:f8:a5:f7:0d:
6a:dc:23:90:22:6a:2b:58:63:4a:28:6a:48:a8:e7:
73:1f:a2:55:d8:4d:02:3b:e2:cb:6b:e2:83:c9:51:
8f:77:fd:dc:2d:5d:23:b7:23:9a:7e:b6:29:68:e8:
2a:4e:a9:fe:32:70:31:9e:f0:ef:ee:f8:8d:e3:fc:
f3:d7:28:dd:7a:1d:9e:ad:23:2b:f1:a6:7f:34:52:
29:66:d2:e5:64:55:64:d6:dd:4b:41:3b:55:83:6e:
c0:11:0e:6e:20:c2:16:73:eb:30:ff:09:46:bb:e7:
cc:c6:03:44:41:11:c6:c1:6c:36:2f:4a:f9:91:55:
ca:58:5e:37:b8:28:10:30:89:40:96:77:cf:70:66:
a4:55:fb:69:0b:e7:d9:b2:33:65:db:72:3a:77:b7:
2b:49:fc:b6:cd:58:10:8d:ab:aa:cb:40:45:77:02:
39:18:b3:8f:33:01:48:77:50:be:8e:73:a7:de:36:
a0:49:8e:2c:16:af:b9:fb:42:2d:35:6a:db:34:37:
d5:14:59:7d:65:72:e5:8b:65:55:4b:20:5e:47:f9:
f8:3a:d3:6c:d9:3a:f5:c7:01:46:31:c3:79:9a:18:
be:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EF:69:E0:F7:D5:1D:E6:99:EC:DC:6D:D0:F7:E2:B9:5C:64:71:83:35
X509v3 Authority Key Identifier:
keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
X509v3 Basic Constraints: critical
CA:TRUE, pathlen:0
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
Signature Algorithm: sha256WithRSAEncryption
5e:cd:30:ce:13:06:a8:a3:25:6d:85:68:bf:88:3b:68:12:6a:
5e:5f:22:82:51:4a:fd:b1:ae:b2:c2:3e:a1:e4:73:97:6f:77:
1f:5e:0a:a6:3e:8a:20:93:4c:3f:68:64:69:a8:d7:ae:3e:a5:
58:e4:d0:45:e4:7a:5f:cc:68:23:3d:7b:df:8d:33:8d:ba:0b:
73:dd:97:41:99:1a:26:7f:17:87:c4:76:bb:3b:b5:15:24:b0:
82:4f:2e:0a:c3:fe:ab:75:c9:4d:59:74:1a:c7:33:e7:4f:14:
45:5b:f4:d3:c3:a9:9d:34:a8:e1:2a:33:ea:10:07:db:9e:33:
83:60:f0:dd:7c:27:0d:6b:92:ef:90:cc:35:b3:4e:e3:fa:ca:
87:55:31:e8:7b:8c:c2:35:19:41:6a:76:6c:6c:7a:d0:6a:d1:
2d:a8:a6:97:40:73:52:9c:3c:43:a7:4b:f1:b7:04:af:e0:d1:
32:3c:ac:df:a7:4a:15:fb:2e:56:d8:5c:4c:99:9d:3c:f0:6d:
a0:20:25:96:c9:24:fc:84:4c:dc:de:1d:29:e8:d4:e1:ff:ca:
06:2f:39:ed:24:dc:79:f9:2a:18:00:ae:d2:8b:44:eb:2a:94:
fb:c8:02:86:0d:7e:1f:65:c7:20:06:5e:ca:50:af:bd:71:cb:
06:da:12:ff
-----BEGIN CERTIFICATE-----
MIIEFzCCAv+gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVT
MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhT
YXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZz
c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4MTIy
MTE3NTQwMFoXDTM4MTIxNjE3NTQwMFowgZ8xCzAJBgNVBAYTAlVTMRMwEQYDVQQI
DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM
MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNTTCBJbnRlcm1l
ZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDonNdIWIgzjpxOKeUu9uHBBxaG55L
DT7K+KX3DWrcI5AiaitYY0ooakio53MfolXYTQI74str4oPJUY93/dwtXSO3I5p+
tilo6CpOqf4ycDGe8O/u+I3j/PPXKN16HZ6tIyvxpn80Uilm0uVkVWTW3UtBO1WD
bsARDm4gwhZz6zD/CUa758zGA0RBEcbBbDYvSvmRVcpYXje4KBAwiUCWd89wZqRV
+2kL59myM2Xbcjp3tytJ/LbNWBCNq6rLQEV3AjkYs48zAUh3UL6Oc6feNqBJjiwW
r7n7Qi01ats0N9UUWX1lcuWLZVVLIF5H+fg602zZOvXHAUYxw3maGL5JAgMBAAGj
ZjBkMB0GA1UdDgQWBBTvaeD31R3mmezcbdD34rlcZHGDNTAfBgNVHSMEGDAWgBQn
jmcRdMMmHT/tM2OzpNgdMOXo1TASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB
/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEAXs0wzhMGqKMlbYVov4g7aBJqXl8i
glFK/bGussI+oeRzl293H14Kpj6KIJNMP2hkaajXrj6lWOTQReR6X8xoIz17340z
jboLc92XQZkaJn8Xh8R2uzu1FSSwgk8uCsP+q3XJTVl0Gscz508URVv008OpnTSo
4Soz6hAH254zg2Dw3XwnDWuS75DMNbNO4/rKh1Ux6HuMwjUZQWp2bGx60GrRLaim
l0BzUpw8Q6dL8bcEr+DRMjys36dKFfsuVthcTJmdPPBtoCAllskk/IRM3N4dKejU
4f/KBi857STcefkqGACu0otE6yqU+8gChg1+H2XHIAZeylCvvXHLBtoS/w==
-----END CERTIFICATE-----

BIN
certs/intermediate/ca-int-ecc-cert.der 100644
View File

Binary file not shown.

52
certs/intermediate/ca-int-ecc-cert.pem 100644
View File

@ -0,0 +1,52 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4099 (0x1003)
Signature Algorithm: ecdsa-with-SHA256
Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
Not Before: Dec 21 17:54:01 2018 GMT
Not After : Dec 16 17:54:01 2038 GMT
Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Intermediate CA ECC/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:95:df:1c:b2:9e:20:a9:1d:a2:5b:ab:5c:9b:a8:
66:06:29:e6:b2:d8:e3:14:a6:c3:c1:b4:ad:4d:44:
18:20:1e:5d:67:fd:15:1d:6d:25:e1:17:b1:71:ca:
85:03:f0:d2:af:41:66:46:36:6d:ea:41:cb:4f:c8:
4a:d0:a0:61:8c
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Subject Key Identifier:
97:1D:60:C3:87:22:59:9B:60:1F:84:B4:99:1C:88:4D:BF:DA:1E:6E
X509v3 Authority Key Identifier:
keyid:56:8E:9A:C3:F0:42:DE:18:B9:45:55:6E:F9:93:CF:EA:C3:F3:A5:21
X509v3 Basic Constraints: critical
CA:TRUE, pathlen:0
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
Signature Algorithm: ecdsa-with-SHA256
30:44:02:20:20:8d:bd:bc:08:8a:52:20:ab:bc:f0:94:0c:3c:
38:9c:9e:c0:18:53:94:94:7f:57:3d:15:8e:75:5f:8c:82:79:
02:20:40:3e:0f:27:9a:e8:ba:9b:f4:99:cf:71:36:68:d1:ed:
31:54:37:e8:2e:37:d0:9e:49:a9:27:79:c1:03:34:50
-----BEGIN CERTIFICATE-----
MIICkTCCAjigAwIBAgICEAMwCgYIKoZIzj0EAwIwgZcxCzAJBgNVBAYTAlVTMRMw
EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3
b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UEAwwPd3d3LndvbGZz
c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4MTIy
MTE3NTQwMVoXDTM4MTIxNjE3NTQwMVowgaMxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM
MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJbnRlcm1l
ZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMFkw
EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEld8csp4gqR2iW6tcm6hmBinmstjjFKbD
wbStTUQYIB5dZ/0VHW0l4RexccqFA/DSr0FmRjZt6kHLT8hK0KBhjKNmMGQwHQYD
VR0OBBYEFJcdYMOHIlmbYB+EtJkciE2/2h5uMB8GA1UdIwQYMBaAFFaOmsPwQt4Y
uUVVbvmTz+rD86UhMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGG
MAoGCCqGSM49BAMCA0cAMEQCICCNvbwIilIgq7zwlAw8OJyewBhTlJR/Vz0VjnVf
jIJ5AiBAPg8nmui6m/SZz3E2aNHtMVQ36C430J5JqSd5wQM0UA==
-----END CERTIFICATE-----

BIN
certs/intermediate/ca-int-ecc-key.der 100644
View File

Binary file not shown.

5
certs/intermediate/ca-int-ecc-key.pem 100644
View File

@ -0,0 +1,5 @@
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIDOGXhoaF5CDp/zS7ulq2RPH/WnHFq2fZ0T+vCWd0+LXoAoGCCqGSM49
AwEHoUQDQgAEld8csp4gqR2iW6tcm6hmBinmstjjFKbDwbStTUQYIB5dZ/0VHW0l
4RexccqFA/DSr0FmRjZt6kHLT8hK0KBhjA==
-----END EC PRIVATE KEY-----

BIN
certs/intermediate/ca-int-key.der 100644
View File

Binary file not shown.

27
certs/intermediate/ca-int-key.pem 100644
View File

@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpgIBAAKCAQEAw6JzXSFiIM46cTinlLvbhwQcWhueSw0+yvil9w1q3COQImor
WGNKKGpIqOdzH6JV2E0CO+LLa+KDyVGPd/3cLV0jtyOafrYpaOgqTqn+MnAxnvDv
7viN4/zz1yjdeh2erSMr8aZ/NFIpZtLlZFVk1t1LQTtVg27AEQ5uIMIWc+sw/wlG
u+fMxgNEQRHGwWw2L0r5kVXKWF43uCgQMIlAlnfPcGakVftpC+fZsjNl23I6d7cr
Sfy2zVgQjauqy0BFdwI5GLOPMwFId1C+jnOn3jagSY4sFq+5+0ItNWrbNDfVFFl9
ZXLli2VVSyBeR/n4OtNs2Tr1xwFGMcN5mhi+SQIDAQABAoIBAQCwoB1pyrcOiULI
b+8U4Jpthq+WRvMeLYIwvFcS+uEsiUsbVyF1NoeAf5zEKdqNiAHbPIO0z6j66VI0
U1elbOP5bOrO8O0OU6aFWX7A8MdYgGS8bCkjZvKsEPeRnQqAsvdMt8F39etIsJlC
hUunz1UwjDDiXxBwjnAHtjCFkNW2pt6LscUgqSPr/dYIM6H5ZdSINvUYd9v6xvYz
KQhOZSyikO2sqs/d+tTl1/Onca3HWxynhT4HCe47RQnxaCk+6qa25nrXCIHS+cNh
Ro79iBqkSsG43nYtZ14ZRsPh4jeie0myP1CzYL94fTNuc9wRXJ/dOIjZu3uCHDxt
opSopKSBAoGBAPH4m7hf4DbFtBQCXq3sQw2FqQB4WeEiOSGoZLhivAcarc6gUNZ0
7/eVUJJJ+pW3UlDtZ5aF1yewBXTNackI/pNvHQziSf/hzRzDdsk4ei3cMnctshMk
XM6oHxw1MyR9g3YhYcAvzmDlevwYj/k2ABhnUva2yM3gD77ao0hjwIyZAoGBAM76
Gr3ZwT3hh/CzO8GDZuzwLPahLTcBUmCEb+yfr9ELjPH++p4xOw7QZybxaHKlzla0
wDZ+L5mSL+HciRYIR1JUH+K6PxGqp0ufu6dclLAcNBCEotAtoWSLW3Z7h4LX7/x4
IafDkxHWMWQxYJaLN5REbJArurY0lu1z5uBqpJ0xAoGBALI2NBpbIru0aKjEBg96
jvgKlSoveaMCnalYaLYUof9petFP6bnJbmOeqTTVH6Xc2teXwk9uS8SDM8GO+HaE
FVto3rB6iZ3YJEUnAPm6iuHz54c3NIw8n83krOUNmZkqiAQdGe1+SDW9ThMV1BPr
3a4bi1MB1GsstuwOA2xxa4MhAoGBAIoPNDU9AfRH8shwlcRv5QDY9/UO770ICa3N
yWaZ4cncHYjyHrPUfONVyeilEJmg1bDqYmg25YNXis7qrxpeLUzSRm6S8yzSm0ML
aj2puJh8R5JZFs0sEsKhXkH7BhoV9cN/Ulu4TeqQ6GM/uIDSniEtPwkv0hxlmeML
843wNJuRAoGBAKloBRB17AOMxVrB51GLWmVDOvbb398bL5WDHnM+j5QjEdL25rVx
9jDsw9ysikfkjTvs9UfQ6XUIjwurR40hhWoB5KGKvXU3rO/8ds3Gu1EbGmk0h9dS
seC5knwR/3QrRKHerNP5hzDIeRYaPOnko4Zhoo+28UFAHZcItQGF3lF/
-----END RSA PRIVATE KEY-----

55
certs/intermediate/client-chain-alt-ecc.pem 100644
View File

@ -0,0 +1,55 @@
-----BEGIN CERTIFICATE-----
MIICxjCCAmygAwIBAgICEAUwCgYIKoZIzj0EAwIwgaMxCzAJBgNVBAYTAlVTMRMw
EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3
b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJ
bnRlcm1lZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
Y29tMB4XDTE4MTIyMTE3NTQwMVoXDTI4MTIxODE3NTQwMVowgaAxCzAJBgNVBAYT
AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD
VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEhMB8GA1UEAwwYd29s
ZlNTTCBDbGllbnQgQ2hhaW4gRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZz
c2wuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEVb/0D0RQmj3Om7fwxU31
cHvU7CSOGYDsWkyiJANiLJva76I1EkOEdhbGVpUGzAGpvfZ1GkL3vamyNiJfx11/
tKOBkDCBjTAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAdBgNVHQ4EFgQU
69RLWWuVYT9RV7YETYlBiERcq/IwHwYDVR0jBBgwFoAUlx1gw4ciWZtgH4S0mRyI
Tb/aHm4wDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEF
BQcDBDAKBggqhkjOPQQDAgNIADBFAiBe6My62YzVR/EAn/a2IjlFpCektOZbCnJ0
wFB0KiilZQIhAKofLu9dYlzn5JMB77wMijSohui3fABOA7QX43L+ZYHf
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICkTCCAjigAwIBAgICEAMwCgYIKoZIzj0EAwIwgZcxCzAJBgNVBAYTAlVTMRMw
EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3
b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UEAwwPd3d3LndvbGZz
c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4MTIy
MTE3NTQwMVoXDTM4MTIxNjE3NTQwMVowgaMxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM
MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJbnRlcm1l
ZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMFkw
EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEld8csp4gqR2iW6tcm6hmBinmstjjFKbD
wbStTUQYIB5dZ/0VHW0l4RexccqFA/DSr0FmRjZt6kHLT8hK0KBhjKNmMGQwHQYD
VR0OBBYEFJcdYMOHIlmbYB+EtJkciE2/2h5uMB8GA1UdIwQYMBaAFFaOmsPwQt4Y
uUVVbvmTz+rD86UhMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGG
MAoGCCqGSM49BAMCA0cAMEQCICCNvbwIilIgq7zwlAw8OJyewBhTlJR/Vz0VjnVf
jIJ5AiBAPg8nmui6m/SZz3E2aNHtMVQ36C430J5JqSd5wQM0UA==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G
A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp
Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1
MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG
A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL
v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8
eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq
tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd
C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa
zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB
mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH
V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n
bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG
3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs
J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO
291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS
ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd
AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7
TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg==
-----END CERTIFICATE-----

71
certs/intermediate/client-chain-alt.pem 100644
View File

@ -0,0 +1,71 @@
-----BEGIN CERTIFICATE-----
MIIESjCCAzKgAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwgZ8xCzAJBgNVBAYTAlVT
MRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQK
DAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNT
TCBJbnRlcm1lZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
b20wHhcNMTgxMjIxMTc1NDAwWhcNMjgxMjE4MTc1NDAwWjCBnDELMAkGA1UEBhMC
VVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNV
BAoMB3dvbGZTU0wxFDASBgNVBAsMC0RldmVsb3BtZW50MR0wGwYDVQQDDBR3b2xm
U1NMIENsaWVudCBDaGFpbjEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv
bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMMD0Sv+OaQyRTtTyIQr
Knx0mr2qKlIHR9amNrIHMo7Quml7xsNEntSBSP0taKKLZ7uhdcg2LErSG/eLus8N
+e/s8YEee5sDR5q/Zcx/ZSRppugUiVvkNPfFsBST9Wd7Onp44QFWVpGmE0KN0jxA
nEzv0YbfN1EbDKE79fGjSjXk4c6W3xt+v06X0BDoqAgwga8gC0MUxXRntDKCb42G
wohAmTaDuh5AciIX11JlJHOwzu8Zza7/eGx7wBID1E5yDVBtO6M7o5lencjZDIWz
2YrZVCbbbfqsu/8lTMTRefRx04ZAGBOwY7VyTjDEl4SGLVYv1xX3f8Cu9fxb5fuh
utMCAwEAAaOBkDCBjTAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAdBgNV
HQ4EFgQUM9hFZtdohxh+VA1wJ5HHJteFZcAwHwYDVR0jBBgwFoAU72ng99Ud5pns
3G3Q9+K5XGRxgzUwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMC
BggrBgEFBQcDBDANBgkqhkiG9w0BAQsFAAOCAQEAiIEheKwEinl+zaW6O/5SYeic
XSiRymhyMZnVFXiZ0QP/thNZI0iekpTMkQGT3Bk2aNdIU6uZ2CP8KJhD8+uf4i/E
TLMcSDWSbVNGXcEgIQdxJaE3iRqb7PXj0RWg/hAuzWfVPW7WufU4jToSyS754anI
b9YEBWbfPDpp16prXnEN41M4PYdKHseIeByHWiG9D4b0fIa9UX2cy/KypkF6+LsI
EWdqMZ9I9tEHojaHg3NoO8kRXquj0GGa341SuYp50vNdsD0Vae6jtcK+tD8RsAbT
uLQyRZX/dkjrYwsdeQ9VldZ8htRhIPkPooKkH7EQU9joyCezvZh7CsRbgtBszw==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEFzCCAv+gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVT
MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhT
YXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZz
c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4MTIy
MTE3NTQwMFoXDTM4MTIxNjE3NTQwMFowgZ8xCzAJBgNVBAYTAlVTMRMwEQYDVQQI
DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM
MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNTTCBJbnRlcm1l
ZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDonNdIWIgzjpxOKeUu9uHBBxaG55L
DT7K+KX3DWrcI5AiaitYY0ooakio53MfolXYTQI74str4oPJUY93/dwtXSO3I5p+
tilo6CpOqf4ycDGe8O/u+I3j/PPXKN16HZ6tIyvxpn80Uilm0uVkVWTW3UtBO1WD
bsARDm4gwhZz6zD/CUa758zGA0RBEcbBbDYvSvmRVcpYXje4KBAwiUCWd89wZqRV
+2kL59myM2Xbcjp3tytJ/LbNWBCNq6rLQEV3AjkYs48zAUh3UL6Oc6feNqBJjiwW
r7n7Qi01ats0N9UUWX1lcuWLZVVLIF5H+fg602zZOvXHAUYxw3maGL5JAgMBAAGj
ZjBkMB0GA1UdDgQWBBTvaeD31R3mmezcbdD34rlcZHGDNTAfBgNVHSMEGDAWgBQn
jmcRdMMmHT/tM2OzpNgdMOXo1TASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB
/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEAXs0wzhMGqKMlbYVov4g7aBJqXl8i
glFK/bGussI+oeRzl293H14Kpj6KIJNMP2hkaajXrj6lWOTQReR6X8xoIz17340z
jboLc92XQZkaJn8Xh8R2uzu1FSSwgk8uCsP+q3XJTVl0Gscz508URVv008OpnTSo
4Soz6hAH254zg2Dw3XwnDWuS75DMNbNO4/rKh1Ux6HuMwjUZQWp2bGx60GrRLaim
l0BzUpw8Q6dL8bcEr+DRMjys36dKFfsuVthcTJmdPPBtoCAllskk/IRM3N4dKejU
4f/KBi857STcefkqGACu0otE6yqU+8gChg1+H2XHIAZeylCvvXHLBtoS/w==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G
A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp
Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1
MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG
A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL
v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8
eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq
tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd
C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa
zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB
mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH
V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n
bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG
3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs
J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO
291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS
ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd
AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7
TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg==
-----END CERTIFICATE-----

BIN
certs/intermediate/client-chain-ecc.der 100644
View File

Binary file not shown.

33
certs/intermediate/client-chain-ecc.pem 100644
View File

@ -0,0 +1,33 @@
-----BEGIN CERTIFICATE-----
MIICxjCCAmygAwIBAgICEAUwCgYIKoZIzj0EAwIwgaMxCzAJBgNVBAYTAlVTMRMw
EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3
b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJ
bnRlcm1lZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
Y29tMB4XDTE4MTIyMTE3NTQwMVoXDTI4MTIxODE3NTQwMVowgaAxCzAJBgNVBAYT
AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD
VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEhMB8GA1UEAwwYd29s
ZlNTTCBDbGllbnQgQ2hhaW4gRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZz
c2wuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEVb/0D0RQmj3Om7fwxU31
cHvU7CSOGYDsWkyiJANiLJva76I1EkOEdhbGVpUGzAGpvfZ1GkL3vamyNiJfx11/
tKOBkDCBjTAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAdBgNVHQ4EFgQU
69RLWWuVYT9RV7YETYlBiERcq/IwHwYDVR0jBBgwFoAUlx1gw4ciWZtgH4S0mRyI
Tb/aHm4wDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEF
BQcDBDAKBggqhkjOPQQDAgNIADBFAiBe6My62YzVR/EAn/a2IjlFpCektOZbCnJ0
wFB0KiilZQIhAKofLu9dYlzn5JMB77wMijSohui3fABOA7QX43L+ZYHf
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICkTCCAjigAwIBAgICEAMwCgYIKoZIzj0EAwIwgZcxCzAJBgNVBAYTAlVTMRMw
EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3
b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UEAwwPd3d3LndvbGZz
c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4MTIy
MTE3NTQwMVoXDTM4MTIxNjE3NTQwMVowgaMxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM
MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJbnRlcm1l
ZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMFkw
EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEld8csp4gqR2iW6tcm6hmBinmstjjFKbD
wbStTUQYIB5dZ/0VHW0l4RexccqFA/DSr0FmRjZt6kHLT8hK0KBhjKNmMGQwHQYD
VR0OBBYEFJcdYMOHIlmbYB+EtJkciE2/2h5uMB8GA1UdIwQYMBaAFFaOmsPwQt4Y
uUVVbvmTz+rD86UhMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGG
MAoGCCqGSM49BAMCA0cAMEQCICCNvbwIilIgq7zwlAw8OJyewBhTlJR/Vz0VjnVf
jIJ5AiBAPg8nmui6m/SZz3E2aNHtMVQ36C430J5JqSd5wQM0UA==
-----END CERTIFICATE-----

BIN
certs/intermediate/client-chain.der 100644
View File

Binary file not shown.

49
certs/intermediate/client-chain.pem 100644
View File

@ -0,0 +1,49 @@
-----BEGIN CERTIFICATE-----
MIIESjCCAzKgAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwgZ8xCzAJBgNVBAYTAlVT
MRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQK
DAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNT
TCBJbnRlcm1lZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
b20wHhcNMTgxMjIxMTc1NDAwWhcNMjgxMjE4MTc1NDAwWjCBnDELMAkGA1UEBhMC
VVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNV
BAoMB3dvbGZTU0wxFDASBgNVBAsMC0RldmVsb3BtZW50MR0wGwYDVQQDDBR3b2xm
U1NMIENsaWVudCBDaGFpbjEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv
bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMMD0Sv+OaQyRTtTyIQr
Knx0mr2qKlIHR9amNrIHMo7Quml7xsNEntSBSP0taKKLZ7uhdcg2LErSG/eLus8N
+e/s8YEee5sDR5q/Zcx/ZSRppugUiVvkNPfFsBST9Wd7Onp44QFWVpGmE0KN0jxA
nEzv0YbfN1EbDKE79fGjSjXk4c6W3xt+v06X0BDoqAgwga8gC0MUxXRntDKCb42G
wohAmTaDuh5AciIX11JlJHOwzu8Zza7/eGx7wBID1E5yDVBtO6M7o5lencjZDIWz
2YrZVCbbbfqsu/8lTMTRefRx04ZAGBOwY7VyTjDEl4SGLVYv1xX3f8Cu9fxb5fuh
utMCAwEAAaOBkDCBjTAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAdBgNV
HQ4EFgQUM9hFZtdohxh+VA1wJ5HHJteFZcAwHwYDVR0jBBgwFoAU72ng99Ud5pns
3G3Q9+K5XGRxgzUwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMC
BggrBgEFBQcDBDANBgkqhkiG9w0BAQsFAAOCAQEAiIEheKwEinl+zaW6O/5SYeic
XSiRymhyMZnVFXiZ0QP/thNZI0iekpTMkQGT3Bk2aNdIU6uZ2CP8KJhD8+uf4i/E
TLMcSDWSbVNGXcEgIQdxJaE3iRqb7PXj0RWg/hAuzWfVPW7WufU4jToSyS754anI
b9YEBWbfPDpp16prXnEN41M4PYdKHseIeByHWiG9D4b0fIa9UX2cy/KypkF6+LsI
EWdqMZ9I9tEHojaHg3NoO8kRXquj0GGa341SuYp50vNdsD0Vae6jtcK+tD8RsAbT
uLQyRZX/dkjrYwsdeQ9VldZ8htRhIPkPooKkH7EQU9joyCezvZh7CsRbgtBszw==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEFzCCAv+gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVT
MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhT
YXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZz
c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4MTIy
MTE3NTQwMFoXDTM4MTIxNjE3NTQwMFowgZ8xCzAJBgNVBAYTAlVTMRMwEQYDVQQI
DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM
MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNTTCBJbnRlcm1l
ZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDonNdIWIgzjpxOKeUu9uHBBxaG55L
DT7K+KX3DWrcI5AiaitYY0ooakio53MfolXYTQI74str4oPJUY93/dwtXSO3I5p+
tilo6CpOqf4ycDGe8O/u+I3j/PPXKN16HZ6tIyvxpn80Uilm0uVkVWTW3UtBO1WD
bsARDm4gwhZz6zD/CUa758zGA0RBEcbBbDYvSvmRVcpYXje4KBAwiUCWd89wZqRV
+2kL59myM2Xbcjp3tytJ/LbNWBCNq6rLQEV3AjkYs48zAUh3UL6Oc6feNqBJjiwW
r7n7Qi01ats0N9UUWX1lcuWLZVVLIF5H+fg602zZOvXHAUYxw3maGL5JAgMBAAGj
ZjBkMB0GA1UdDgQWBBTvaeD31R3mmezcbdD34rlcZHGDNTAfBgNVHSMEGDAWgBQn
jmcRdMMmHT/tM2OzpNgdMOXo1TASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB
/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEAXs0wzhMGqKMlbYVov4g7aBJqXl8i
glFK/bGussI+oeRzl293H14Kpj6KIJNMP2hkaajXrj6lWOTQReR6X8xoIz17340z
jboLc92XQZkaJn8Xh8R2uzu1FSSwgk8uCsP+q3XJTVl0Gscz508URVv008OpnTSo
4Soz6hAH254zg2Dw3XwnDWuS75DMNbNO4/rKh1Ux6HuMwjUZQWp2bGx60GrRLaim
l0BzUpw8Q6dL8bcEr+DRMjys36dKFfsuVthcTJmdPPBtoCAllskk/IRM3N4dKejU
4f/KBi857STcefkqGACu0otE6yqU+8gChg1+H2XHIAZeylCvvXHLBtoS/w==
-----END CERTIFICATE-----

BIN
certs/intermediate/client-int-cert.der 100644
View File

Binary file not shown.

88
certs/intermediate/client-int-cert.pem 100644
View File

@ -0,0 +1,88 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4098 (0x1002)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Intermediate CA/emailAddress=info@wolfssl.com
Validity
Not Before: Dec 21 17:54:00 2018 GMT
Not After : Dec 18 17:54:00 2028 GMT
Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Client Chain/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c3:03:d1:2b:fe:39:a4:32:45:3b:53:c8:84:2b:
2a:7c:74:9a:bd:aa:2a:52:07:47:d6:a6:36:b2:07:
32:8e:d0:ba:69:7b:c6:c3:44:9e:d4:81:48:fd:2d:
68:a2:8b:67:bb:a1:75:c8:36:2c:4a:d2:1b:f7:8b:
ba:cf:0d:f9:ef:ec:f1:81:1e:7b:9b:03:47:9a:bf:
65:cc:7f:65:24:69:a6:e8:14:89:5b:e4:34:f7:c5:
b0:14:93:f5:67:7b:3a:7a:78:e1:01:56:56:91:a6:
13:42:8d:d2:3c:40:9c:4c:ef:d1:86:df:37:51:1b:
0c:a1:3b:f5:f1:a3:4a:35:e4:e1:ce:96:df:1b:7e:
bf:4e:97:d0:10:e8:a8:08:30:81:af:20:0b:43:14:
c5:74:67:b4:32:82:6f:8d:86:c2:88:40:99:36:83:
ba:1e:40:72:22:17:d7:52:65:24:73:b0:ce:ef:19:
cd:ae:ff:78:6c:7b:c0:12:03:d4:4e:72:0d:50:6d:
3b:a3:3b:a3:99:5e:9d:c8:d9:0c:85:b3:d9:8a:d9:
54:26:db:6d:fa:ac:bb:ff:25:4c:c4:d1:79:f4:71:
d3:86:40:18:13:b0:63:b5:72:4e:30:c4:97:84:86:
2d:56:2f:d7:15:f7:7f:c0:ae:f5:fc:5b:e5:fb:a1:
ba:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Client, S/MIME
X509v3 Subject Key Identifier:
33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0
X509v3 Authority Key Identifier:
keyid:EF:69:E0:F7:D5:1D:E6:99:EC:DC:6D:D0:F7:E2:B9:5C:64:71:83:35
X509v3 Key Usage: critical
Digital Signature, Non Repudiation, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Client Authentication, E-mail Protection
Signature Algorithm: sha256WithRSAEncryption
88:81:21:78:ac:04:8a:79:7e:cd:a5:ba:3b:fe:52:61:e8:9c:
5d:28:91:ca:68:72:31:99:d5:15:78:99:d1:03:ff:b6:13:59:
23:48:9e:92:94:cc:91:01:93:dc:19:36:68:d7:48:53:ab:99:
d8:23:fc:28:98:43:f3:eb:9f:e2:2f:c4:4c:b3:1c:48:35:92:
6d:53:46:5d:c1:20:21:07:71:25:a1:37:89:1a:9b:ec:f5:e3:
d1:15:a0:fe:10:2e:cd:67:d5:3d:6e:d6:b9:f5:38:8d:3a:12:
c9:2e:f9:e1:a9:c8:6f:d6:04:05:66:df:3c:3a:69:d7:aa:6b:
5e:71:0d:e3:53:38:3d:87:4a:1e:c7:88:78:1c:87:5a:21:bd:
0f:86:f4:7c:86:bd:51:7d:9c:cb:f2:b2:a6:41:7a:f8:bb:08:
11:67:6a:31:9f:48:f6:d1:07:a2:36:87:83:73:68:3b:c9:11:
5e:ab:a3:d0:61:9a:df:8d:52:b9:8a:79:d2:f3:5d:b0:3d:15:
69:ee:a3:b5:c2:be:b4:3f:11:b0:06:d3:b8:b4:32:45:95:ff:
76:48:eb:63:0b:1d:79:0f:55:95:d6:7c:86:d4:61:20:f9:0f:
a2:82:a4:1f:b1:10:53:d8:e8:c8:27:b3:bd:98:7b:0a:c4:5b:
82:d0:6c:cf
-----BEGIN CERTIFICATE-----
MIIESjCCAzKgAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwgZ8xCzAJBgNVBAYTAlVT
MRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQK
DAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNT
TCBJbnRlcm1lZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
b20wHhcNMTgxMjIxMTc1NDAwWhcNMjgxMjE4MTc1NDAwWjCBnDELMAkGA1UEBhMC
VVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNV
BAoMB3dvbGZTU0wxFDASBgNVBAsMC0RldmVsb3BtZW50MR0wGwYDVQQDDBR3b2xm
U1NMIENsaWVudCBDaGFpbjEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv
bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMMD0Sv+OaQyRTtTyIQr
Knx0mr2qKlIHR9amNrIHMo7Quml7xsNEntSBSP0taKKLZ7uhdcg2LErSG/eLus8N
+e/s8YEee5sDR5q/Zcx/ZSRppugUiVvkNPfFsBST9Wd7Onp44QFWVpGmE0KN0jxA
nEzv0YbfN1EbDKE79fGjSjXk4c6W3xt+v06X0BDoqAgwga8gC0MUxXRntDKCb42G
wohAmTaDuh5AciIX11JlJHOwzu8Zza7/eGx7wBID1E5yDVBtO6M7o5lencjZDIWz
2YrZVCbbbfqsu/8lTMTRefRx04ZAGBOwY7VyTjDEl4SGLVYv1xX3f8Cu9fxb5fuh
utMCAwEAAaOBkDCBjTAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAdBgNV
HQ4EFgQUM9hFZtdohxh+VA1wJ5HHJteFZcAwHwYDVR0jBBgwFoAU72ng99Ud5pns
3G3Q9+K5XGRxgzUwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMC
BggrBgEFBQcDBDANBgkqhkiG9w0BAQsFAAOCAQEAiIEheKwEinl+zaW6O/5SYeic
XSiRymhyMZnVFXiZ0QP/thNZI0iekpTMkQGT3Bk2aNdIU6uZ2CP8KJhD8+uf4i/E
TLMcSDWSbVNGXcEgIQdxJaE3iRqb7PXj0RWg/hAuzWfVPW7WufU4jToSyS754anI
b9YEBWbfPDpp16prXnEN41M4PYdKHseIeByHWiG9D4b0fIa9UX2cy/KypkF6+LsI
EWdqMZ9I9tEHojaHg3NoO8kRXquj0GGa341SuYp50vNdsD0Vae6jtcK+tD8RsAbT
uLQyRZX/dkjrYwsdeQ9VldZ8htRhIPkPooKkH7EQU9joyCezvZh7CsRbgtBszw==
-----END CERTIFICATE-----

BIN
certs/intermediate/client-int-ecc-cert.der 100644
View File

Binary file not shown.

57
certs/intermediate/client-int-ecc-cert.pem 100644
View File

@ -0,0 +1,57 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4101 (0x1005)
Signature Algorithm: ecdsa-with-SHA256
Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Intermediate CA ECC/emailAddress=info@wolfssl.com
Validity
Not Before: Dec 21 17:54:01 2018 GMT
Not After : Dec 18 17:54:01 2028 GMT
Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Client Chain ECC/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:55:bf:f4:0f:44:50:9a:3d:ce:9b:b7:f0:c5:4d:
f5:70:7b:d4:ec:24:8e:19:80:ec:5a:4c:a2:24:03:
62:2c:9b:da:ef:a2:35:12:43:84:76:16:c6:56:95:
06:cc:01:a9:bd:f6:75:1a:42:f7:bd:a9:b2:36:22:
5f:c7:5d:7f:b4
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Client, S/MIME
X509v3 Subject Key Identifier:
EB:D4:4B:59:6B:95:61:3F:51:57:B6:04:4D:89:41:88:44:5C:AB:F2
X509v3 Authority Key Identifier:
keyid:97:1D:60:C3:87:22:59:9B:60:1F:84:B4:99:1C:88:4D:BF:DA:1E:6E
X509v3 Key Usage: critical
Digital Signature, Non Repudiation, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Client Authentication, E-mail Protection
Signature Algorithm: ecdsa-with-SHA256
30:45:02:20:5e:e8:cc:ba:d9:8c:d5:47:f1:00:9f:f6:b6:22:
39:45:a4:27:a4:b4:e6:5b:0a:72:74:c0:50:74:2a:28:a5:65:
02:21:00:aa:1f:2e:ef:5d:62:5c:e7:e4:93:01:ef:bc:0c:8a:
34:a8:86:e8:b7:7c:00:4e:03:b4:17:e3:72:fe:65:81:df
-----BEGIN CERTIFICATE-----
MIICxjCCAmygAwIBAgICEAUwCgYIKoZIzj0EAwIwgaMxCzAJBgNVBAYTAlVTMRMw
EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3
b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJ
bnRlcm1lZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
Y29tMB4XDTE4MTIyMTE3NTQwMVoXDTI4MTIxODE3NTQwMVowgaAxCzAJBgNVBAYT
AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD
VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEhMB8GA1UEAwwYd29s
ZlNTTCBDbGllbnQgQ2hhaW4gRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZz
c2wuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEVb/0D0RQmj3Om7fwxU31
cHvU7CSOGYDsWkyiJANiLJva76I1EkOEdhbGVpUGzAGpvfZ1GkL3vamyNiJfx11/
tKOBkDCBjTAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAdBgNVHQ4EFgQU
69RLWWuVYT9RV7YETYlBiERcq/IwHwYDVR0jBBgwFoAUlx1gw4ciWZtgH4S0mRyI
Tb/aHm4wDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEF
BQcDBDAKBggqhkjOPQQDAgNIADBFAiBe6My62YzVR/EAn/a2IjlFpCektOZbCnJ0
wFB0KiilZQIhAKofLu9dYlzn5JMB77wMijSohui3fABOA7QX43L+ZYHf
-----END CERTIFICATE-----

293
certs/intermediate/genintcerts.sh 100755
View File

@ -0,0 +1,293 @@
#!/bin/sh
# Script for generating RSA and ECC Intermediate CA and server/client certs based on it.
# Result is chains that looks like:
# RSA Server
# ROOT: ./certs/ca-cert.pem
# C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com)
# INTERMEDIATE: ./certs/intermediate/ca-int-cert.pem
# C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Intermediate CA/emailAddress=info@wolfssl.com
# SERVER: ./certs/intermediate/server-int-cert.pem
# C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Server Chain/emailAddress=info@wolfssl.com
# RSA Client
# ROOT: ./certs/ca-cert.pem
# C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com)
# INTERMEDIATE: ./certs/intermediate/ca-int-cert.pem
# C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Intermediate CA/emailAddress=info@wolfssl.com
# CLIENT: ./certs/intermediate/client-int-cert.pem
# C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Client Chain/emailAddress=info@wolfssl.com
# ECC Server
# ROOT: ./certs/ca-ecc-cert.pem
# C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
# INTERMEDIATE: ./certs/intermediate/ca-int-ecc-cert.pem
# C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Intermediate CA ECC/emailAddress=info@wolfssl.com
# SERVER: ./certs/intermediate/server-int-ecc-cert.pem
# C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Server Chain ECC/emailAddress=info@wolfssl.com
# ECC Client
# ROOT: ./certs/ca-ecc-cert.pem
# C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
# INTERMEDIATE: ./certs/intermediate/ca-int-ecc-cert.pem
# C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Intermediate CA ECC/emailAddress=info@wolfssl.com
# CLIENT: ./certs/intermediate/client-int-ecc-cert.pem
# C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Client Chain ECC/emailAddress=info@wolfssl.com
# Run from wolfssl-root as `./certs/intermediate/genintcerts.sh`
# To cleanup temp files use `./certs/intermediate/genintcerts.sh clean`
# To cleanup all files use `./certs/intermediate/genintcerts.sh cleanall`
dir="."
cleanup_files(){
rm -f ./certs/intermediate/index.*
rm -f ./certs/intermediate/*.old
rm -f ./certs/intermediate/serial
rm -f ./certs/intermediate/crlnumber
rm -f ./certs/intermediate/*.cnf
rm -rf ./certs/intermediate/new_certs
exit 0
}
check_result() {
if [ $1 -ne 0 ]; then
echo "Step Failed, Abort"
exit 1
else
echo "Step Succeeded!"
fi
}
# Args: 1=CnfFile, 2=Key, 3=Cert
create_ca_config() {
echo "# Generated openssl conf" > "$1"
echo "[ ca ]" >> "$1"
echo "default_ca = CA_default" >> "$1"
echo "" >> "$1"
echo "[ CA_default ]" >> "$1"
echo "certs = $dir/certs/intermediate" >> "$1"
echo "new_certs_dir = $dir/certs/intermediate/new_certs">> "$1"
echo "database = $dir/certs/intermediate/index.txt">> "$1"
echo "serial = $dir/certs/intermediate/serial" >> "$1"
echo "RANDFILE = $dir/private/.rand" >> "$1"
echo "" >> "$1"
echo "private_key = $dir/$2" >> "$1"
echo "certificate = $dir/$3" >> "$1"
echo "" >> "$1"
echo "crlnumber = $dir/certs/intermediate/crlnumber">> "$1"
echo "crl_extensions = crl_ext" >> "$1"
echo "default_crl_days = 1000" >> "$1"
echo "default_md = sha256" >> "$1"
echo "" >> "$1"
echo "name_opt = ca_default" >> "$1"
echo "cert_opt = ca_default" >> "$1"
echo "default_days = 3650" >> "$1"
echo "preserve = no" >> "$1"
echo "policy = policy_loose" >> "$1"
echo "" >> "$1"
echo "[ policy_strict ]" >> "$1"
echo "countryName = match" >> "$1"
echo "stateOrProvinceName = match" >> "$1"
echo "organizationName = match" >> "$1"
echo "organizationalUnitName = optional" >> "$1"
echo "commonName = supplied" >> "$1"
echo "emailAddress = optional" >> "$1"
echo "" >> "$1"
echo "[ policy_loose ]" >> "$1"
echo "countryName = optional" >> "$1"
echo "stateOrProvinceName = optional" >> "$1"
echo "localityName = optional" >> "$1"
echo "organizationName = optional" >> "$1"
echo "organizationalUnitName = optional" >> "$1"
echo "commonName = supplied" >> "$1"
echo "emailAddress = optional" >> "$1"
echo "" >> "$1"
echo "[ req ]" >> "$1"
echo "default_bits = 2048" >> "$1"
echo "distinguished_name = req_distinguished_name" >> "$1"
echo "string_mask = utf8only" >> "$1"
echo "default_md = sha256" >> "$1"
echo "x509_extensions = v3_ca" >> "$1"
echo "" >> "$1"
echo "[ req_distinguished_name ]" >> "$1"
echo "countryName = US" >> "$1"
echo "stateOrProvinceName = Washington" >> "$1"
echo "localityName = Seattle" >> "$1"
echo "organizationName = wolfSSL" >> "$1"
echo "organizationalUnitName = Development" >> "$1"
echo "commonName = www.wolfssl.com" >> "$1"
echo "emailAddress = info@wolfssl.com" >> "$1"
echo "" >> "$1"
echo "[ v3_ca ]" >> "$1"
echo "subjectKeyIdentifier = hash" >> "$1"
echo "authorityKeyIdentifier = keyid:always,issuer" >> "$1"
echo "basicConstraints = critical, CA:true" >> "$1"
echo "keyUsage = critical, digitalSignature, cRLSign, keyCertSign">> "$1"
echo "" >> "$1"
echo "[ v3_intermediate_ca ]" >> "$1"
echo "subjectKeyIdentifier = hash" >> "$1"
echo "authorityKeyIdentifier = keyid:always,issuer" >> "$1"
echo "basicConstraints = critical, CA:true, pathlen:0" >> "$1"
echo "keyUsage = critical, digitalSignature, cRLSign, keyCertSign">> "$1"
echo "" >> "$1"
echo "[ usr_cert ]" >> "$1"
echo "basicConstraints = CA:FALSE" >> "$1"
echo "nsCertType = client, email" >> "$1"
echo "subjectKeyIdentifier = hash" >> "$1"
echo "authorityKeyIdentifier = keyid,issuer" >> "$1"
echo "keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment">> "$1"
echo "extendedKeyUsage = clientAuth, emailProtection" >> "$1"
echo "" >> "$1"
echo "[ server_cert ]" >> "$1"
echo "basicConstraints = CA:FALSE" >> "$1"
echo "nsCertType = server" >> "$1"
echo "subjectKeyIdentifier = hash" >> "$1"
echo "authorityKeyIdentifier = keyid,issuer:always" >> "$1"
echo "keyUsage = critical, digitalSignature, keyEncipherment, keyAgreement">> "$1"
echo "extendedKeyUsage = serverAuth" >> "$1"
echo "" >> "$1"
echo "[ crl_ext ]" >> "$1"
echo "authorityKeyIdentifier=keyid:always" >> "$1"
}
# Args: 1=reqcnf, 2=signcnf, 3=keyfile, 4=certfile, 5=ext, 6=subj, 7=days
create_cert() {
openssl req -config ./certs/intermediate/$1.cnf -new -sha256 \
-key $3 \
-out ./certs/intermediate/tmp.csr \
-subj "/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Development/CN=$6/emailAddress=info@wolfssl.com"
check_result $?
openssl ca -config ./certs/intermediate/$2.cnf -extensions $5 -days $7 -notext -md sha256 \
-in ./certs/intermediate/tmp.csr -out ./certs/intermediate/$4.pem -batch
check_result $?
rm ./certs/intermediate/tmp.csr
# Convert Cert to DER
openssl x509 -in ./certs/intermediate/$4.pem -inform PEM -out ./certs/intermediate/$4.der -outform DER
check_result $?
# Add text to cert PEM file
openssl x509 -in ./certs/intermediate/$4.pem -text > ./certs/intermediate/tmp.pem
check_result $?
mv ./certs/intermediate/tmp.pem ./certs/intermediate/$4.pem
}
if [ "$1" == "clean" ]; then
echo "Cleaning temp files"
cleanup_files
fi
if [ "$1" == "cleanall" ]; then
echo "Cleaning all files"
rm -f ./certs/intermediate/*.pem
rm -f ./certs/intermediate/*.der
rm -f ./certs/intermediate/*.csr
cleanup_files
fi
# Make sure required CA files exist and are populated
rm -f ./certs/intermediate/index.*
touch ./certs/intermediate/index.txt
if [ ! -f ./certs/intermediate/serial ]; then
echo 1000 > ./certs/intermediate/serial
fi
if [ ! -f ./certs/intermediate/crlnumber ]; then
echo 2000 > ./certs/intermediate/crlnumber
fi
if [ ! -d ./certs/intermediate/new_certs ]; then
mkdir ./certs/intermediate/new_certs
fi
# RSA
echo "Creating RSA CA configuration cnf files"
create_ca_config ./certs/intermediate/wolfssl_root.cnf certs/ca-key.pem certs/ca-cert.pem
create_ca_config ./certs/intermediate/wolfssl_int.cnf certs/intermediate/ca-int-key.pem certs/intermediate/ca-int-cert.pem
if [ ! -f ./certs/intermediate/ca-int-key.pem ]; then
echo "Make Intermediate RSA CA Key"
openssl genrsa -out ./certs/intermediate/ca-int-key.pem 2048
check_result $?
openssl rsa -in ./certs/intermediate/ca-int-key.pem -inform PEM -out ./certs/intermediate/ca-int-key.der -outform DER
check_result $?
fi
echo "Create RSA Intermediate CA signed by root"
create_cert wolfssl_int wolfssl_root ./certs/intermediate/ca-int-key.pem ca-int-cert v3_intermediate_ca "wolfSSL Intermediate CA" 7300
echo "Create RSA Server Certificate signed by intermediate"
create_cert wolfssl_int wolfssl_int ./certs/server-key.pem server-int-cert server_cert "wolfSSL Server Chain" 3650
echo "Create RSA Client Certificate signed by intermediate"
create_cert wolfssl_int wolfssl_int ./certs/client-key.pem client-int-cert usr_cert "wolfSSL Client Chain" 3650
echo "Generate CRLs for new certificates"
openssl ca -config ./certs/intermediate/wolfssl_root.cnf -gencrl -crldays 1000 -out ./certs/crl/ca-int.pem -keyfile ./certs/intermediate/ca-int-key.pem -cert ./certs/intermediate/ca-int-cert.pem
check_result $?
openssl ca -config ./certs/intermediate/wolfssl_int.cnf -gencrl -crldays 1000 -out ./certs/crl/server-int.pem -keyfile ./certs/server-key.pem -cert ./certs/intermediate/server-int-cert.pem
check_result $?
openssl ca -config ./certs/intermediate/wolfssl_int.cnf -gencrl -crldays 1000 -out ./certs/crl/client-int.pem -keyfile ./certs/client-key.pem -cert ./certs/intermediate/client-int-cert.pem
check_result $?
echo "Assemble test chains - peer first, then intermediate"
openssl x509 -in ./certs/intermediate/server-int-cert.pem > ./certs/intermediate/server-chain.pem
openssl x509 -in ./certs/intermediate/ca-int-cert.pem >> ./certs/intermediate/server-chain.pem
cat ./certs/intermediate/server-int-cert.der ./certs/intermediate/ca-int-cert.der > ./certs/intermediate/server-chain.der
openssl x509 -in ./certs/intermediate/client-int-cert.pem > ./certs/intermediate/client-chain.pem
openssl x509 -in ./certs/intermediate/ca-int-cert.pem >> ./certs/intermediate/client-chain.pem
cat ./certs/intermediate/client-int-cert.der ./certs/intermediate/ca-int-cert.der > ./certs/intermediate/client-chain.der
echo "Assemble cert chain with extra cert for testing alternate chains"
cp ./certs/intermediate/server-chain.pem ./certs/intermediate/server-chain-alt.pem
cp ./certs/intermediate/client-chain.pem ./certs/intermediate/client-chain-alt.pem
openssl x509 -in ./certs/external/ca-google-root.pem >> ./certs/intermediate/server-chain-alt.pem
openssl x509 -in ./certs/external/ca-google-root.pem >> ./certs/intermediate/client-chain-alt.pem
# ECC
echo "Creating ECC CA configuration cnf files"
create_ca_config ./certs/intermediate/wolfssl_root_ecc.cnf certs/ca-ecc-key.pem certs/ca-ecc-cert.pem
create_ca_config ./certs/intermediate/wolfssl_int_ecc.cnf certs/intermediate/ca-int-ecc-key.pem certs/intermediate/ca-int-ecc-cert.pem
if [ ! -f ./certs/intermediate/ca-int-ecc-key.pem ]; then
echo "Make Intermediate ECC CA Key"
openssl ecparam -name prime256v1 -genkey -noout -out ./certs/intermediate/ca-int-ecc-key.pem
check_result $?
openssl ec -in ./certs/intermediate/ca-int-ecc-key.pem -inform PEM -out ./certs/intermediate/ca-int-ecc-key.der -outform DER
check_result $?
fi
echo "Create ECC Intermediate CA signed by root"
create_cert wolfssl_int_ecc wolfssl_root_ecc ./certs/intermediate/ca-int-ecc-key.pem ca-int-ecc-cert v3_intermediate_ca "wolfSSL Intermediate CA ECC" 7300
echo "Create ECC Server Certificate signed by intermediate"
create_cert wolfssl_int_ecc wolfssl_int_ecc ./certs/ecc-key.pem server-int-ecc-cert server_cert "wolfSSL Server Chain ECC" 3650
echo "Create ECC Client Certificate signed by intermediate"
create_cert wolfssl_int_ecc wolfssl_int_ecc ./certs/ecc-client-key.pem client-int-ecc-cert usr_cert "wolfSSL Client Chain ECC" 3650
echo "Generate CRLs for new certificates"
openssl ca -config ./certs/intermediate/wolfssl_root_ecc.cnf -gencrl -crldays 1000 -out ./certs/crl/ca-int-ecc.pem -keyfile ./certs/intermediate/ca-int-ecc-key.pem -cert ./certs/intermediate/ca-int-ecc-cert.pem
check_result $?
openssl ca -config ./certs/intermediate/wolfssl_int_ecc.cnf -gencrl -crldays 1000 -out ./certs/crl/server-int-ecc.pem -keyfile ./certs/ecc-key.pem -cert ./certs/intermediate/server-int-ecc-cert.pem
check_result $?
openssl ca -config ./certs/intermediate/wolfssl_int_ecc.cnf -gencrl -crldays 1000 -out ./certs/crl/client-int-ecc.pem -keyfile ./certs/ecc-client-key.pem -cert ./certs/intermediate/client-int-ecc-cert.pem
check_result $?
echo "Assemble test chains - peer first, then intermediate"
openssl x509 -in ./certs/intermediate/server-int-ecc-cert.pem > ./certs/intermediate/server-chain-ecc.pem
openssl x509 -in ./certs/intermediate/ca-int-ecc-cert.pem >> ./certs/intermediate/server-chain-ecc.pem
cat ./certs/intermediate/server-int-ecc-cert.der ./certs/intermediate/ca-int-ecc-cert.der > ./certs/intermediate/server-chain-ecc.der
openssl x509 -in ./certs/intermediate/client-int-ecc-cert.pem > ./certs/intermediate/client-chain-ecc.pem
openssl x509 -in ./certs/intermediate/ca-int-ecc-cert.pem >> ./certs/intermediate/client-chain-ecc.pem
cat ./certs/intermediate/client-int-ecc-cert.der ./certs/intermediate/ca-int-ecc-cert.der > ./certs/intermediate/client-chain-ecc.der
echo "Assemble cert chain with extra untrusted cert for testing alternate chains"
cp ./certs/intermediate/server-chain-ecc.pem ./certs/intermediate/server-chain-alt-ecc.pem
cp ./certs/intermediate/client-chain-ecc.pem ./certs/intermediate/client-chain-alt-ecc.pem
openssl x509 -in ./certs/external/ca-google-root.pem >> ./certs/intermediate/server-chain-alt-ecc.pem
openssl x509 -in ./certs/external/ca-google-root.pem >> ./certs/intermediate/client-chain-alt-ecc.pem

34
certs/intermediate/include.am 100644
View File

@ -0,0 +1,34 @@
# vim:ft=automake
# All paths should be given relative to the root
#
EXTRA_DIST += \
certs/intermediate/genintcerts.sh \
certs/intermediate/ca-int-cert.der \
certs/intermediate/ca-int-cert.pem \
certs/intermediate/ca-int-ecc-cert.der \
certs/intermediate/ca-int-ecc-cert.pem \
certs/intermediate/ca-int-ecc-key.der \
certs/intermediate/ca-int-ecc-key.pem \
certs/intermediate/ca-int-key.der \
certs/intermediate/ca-int-key.pem \
certs/intermediate/client-chain-alt-ecc.pem \
certs/intermediate/client-chain-alt.pem \
certs/intermediate/client-chain-ecc.der \
certs/intermediate/client-chain-ecc.pem \
certs/intermediate/client-chain.der \
certs/intermediate/client-chain.pem \
certs/intermediate/client-int-cert.der \
certs/intermediate/client-int-cert.pem \
certs/intermediate/client-int-ecc-cert.der \
certs/intermediate/client-int-ecc-cert.pem \
certs/intermediate/server-chain-alt-ecc.pem \
certs/intermediate/server-chain-alt.pem \
certs/intermediate/server-chain-ecc.der \
certs/intermediate/server-chain-ecc.pem \
certs/intermediate/server-chain.der \
certs/intermediate/server-chain.pem \
certs/intermediate/server-int-cert.der \
certs/intermediate/server-int-cert.pem \
certs/intermediate/server-int-ecc-cert.der \
certs/intermediate/server-int-ecc-cert.pem

59
certs/intermediate/server-chain-alt-ecc.pem 100644
View File

@ -0,0 +1,59 @@
-----BEGIN CERTIFICATE-----
MIIDZDCCAwugAwIBAgICEAQwCgYIKoZIzj0EAwIwgaMxCzAJBgNVBAYTAlVTMRMw
EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3
b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJ
bnRlcm1lZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
Y29tMB4XDTE4MTIyMTE3NTQwMVoXDTI4MTIxODE3NTQwMVowgaAxCzAJBgNVBAYT
AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD
VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEhMB8GA1UEAwwYd29s
ZlNTTCBTZXJ2ZXIgQ2hhaW4gRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZz
c2wuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuzOsTCdQSsZKpQTDPN6f
NttyLc6U6iv6yyAJOSwW6GEC6a9N0wKTmjFbl5Ihf/DPGNqREQI0huggWDMLgDSJ
2KOCAS4wggEqMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMB0GA1UdDgQW
BBRdXSbvrH42+Zt2FStKJQIj77KJMDCBxQYDVR0jBIG9MIG6gBSXHWDDhyJZm2Af
hLSZHIhNv9oebqGBnaSBmjCBlzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hp
bmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZTU0wxFDASBgNV
BAsMC0RldmVsb3BtZW50MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkq
hkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CAhADMA4GA1UdDwEB/wQEAwIDqDAT
BgNVHSUEDDAKBggrBgEFBQcDATAKBggqhkjOPQQDAgNHADBEAiB0XGkL2vHYzyG8
gayx5cWzOHL5nPFQLTEmSVjD3svlfQIgeJ0/W+ISuxstPSXbK6j0dgKQeySoHUmW
RVZXi7tZVPo=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICkTCCAjigAwIBAgICEAMwCgYIKoZIzj0EAwIwgZcxCzAJBgNVBAYTAlVTMRMw
EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3
b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UEAwwPd3d3LndvbGZz
c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4MTIy
MTE3NTQwMVoXDTM4MTIxNjE3NTQwMVowgaMxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM
MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJbnRlcm1l
ZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMFkw
EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEld8csp4gqR2iW6tcm6hmBinmstjjFKbD
wbStTUQYIB5dZ/0VHW0l4RexccqFA/DSr0FmRjZt6kHLT8hK0KBhjKNmMGQwHQYD
VR0OBBYEFJcdYMOHIlmbYB+EtJkciE2/2h5uMB8GA1UdIwQYMBaAFFaOmsPwQt4Y
uUVVbvmTz+rD86UhMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGG
MAoGCCqGSM49BAMCA0cAMEQCICCNvbwIilIgq7zwlAw8OJyewBhTlJR/Vz0VjnVf
jIJ5AiBAPg8nmui6m/SZz3E2aNHtMVQ36C430J5JqSd5wQM0UA==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G
A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp
Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1
MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG
A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL
v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8
eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq
tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd
C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa
zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB
mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH
V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n
bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG
3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs
J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO
291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS
ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd
AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7
TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg==
-----END CERTIFICATE-----

75
certs/intermediate/server-chain-alt.pem 100644
View File

@ -0,0 +1,75 @@
-----BEGIN CERTIFICATE-----
MIIE5jCCA86gAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwgZ8xCzAJBgNVBAYTAlVT
MRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQK
DAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNT
TCBJbnRlcm1lZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
b20wHhcNMTgxMjIxMTc1NDAwWhcNMjgxMjE4MTc1NDAwWjCBnDELMAkGA1UEBhMC
VVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNV
BAoMB3dvbGZTU0wxFDASBgNVBAsMC0RldmVsb3BtZW50MR0wGwYDVQQDDBR3b2xm
U1NMIFNlcnZlciBDaGFpbjEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv
bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfSRUEn
AWXGRa7yvCQwuJXOL07W9hyIvHyf+6hnf/5cnFF194rKB+c1L4/hvXvAL3yrZKgX
/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBj
xfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9
ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIj
laF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBP
rdcCAwEAAaOCASswggEnMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMB0G
A1UdDgQWBBSzETLJkpiE4sn40DtuA0LKHw6OPDCBwgYDVR0jBIG6MIG3gBTvaeD3
1R3mmezcbdD34rlcZHGDNaGBmqSBlzCBlDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMw
EQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAd
BgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CAhAAMA4GA1UdDwEB/wQEAwID
qDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAQEAPbWNZn6F
oIfMU6THyWNr1MREx0XQce8vWJJgfcg37WTqsasAG1b+93d4dv1kY314/9SuWBvw
FOnnvUvsNm80y5GwQyVmi8BZ0ertJQ1ccoop3orId1G51cTlJlAMvdeh6/qT7D02
j8/utmtcqE8bccZNLK/S2iDIifP824TCqfaXYqyqp2v7OyFRhXpzVTSCm/iZy5aJ
otM5X7MNX46eRkpVV6veEc+AHyXJ7G9I/c5b0gUHa078DRCgioL75Hc6J+AODPtD
ZF+QjiYSlNuXGOwZlBtWXLm7JpscFVwH39EtnUGWwCpaSp5fnmaajGz/bMqhfbYS
o9QzCwAeul09eg==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEFzCCAv+gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVT
MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhT
YXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZz
c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4MTIy
MTE3NTQwMFoXDTM4MTIxNjE3NTQwMFowgZ8xCzAJBgNVBAYTAlVTMRMwEQYDVQQI
DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM
MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNTTCBJbnRlcm1l
ZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDonNdIWIgzjpxOKeUu9uHBBxaG55L
DT7K+KX3DWrcI5AiaitYY0ooakio53MfolXYTQI74str4oPJUY93/dwtXSO3I5p+
tilo6CpOqf4ycDGe8O/u+I3j/PPXKN16HZ6tIyvxpn80Uilm0uVkVWTW3UtBO1WD
bsARDm4gwhZz6zD/CUa758zGA0RBEcbBbDYvSvmRVcpYXje4KBAwiUCWd89wZqRV
+2kL59myM2Xbcjp3tytJ/LbNWBCNq6rLQEV3AjkYs48zAUh3UL6Oc6feNqBJjiwW
r7n7Qi01ats0N9UUWX1lcuWLZVVLIF5H+fg602zZOvXHAUYxw3maGL5JAgMBAAGj
ZjBkMB0GA1UdDgQWBBTvaeD31R3mmezcbdD34rlcZHGDNTAfBgNVHSMEGDAWgBQn
jmcRdMMmHT/tM2OzpNgdMOXo1TASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB
/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEAXs0wzhMGqKMlbYVov4g7aBJqXl8i
glFK/bGussI+oeRzl293H14Kpj6KIJNMP2hkaajXrj6lWOTQReR6X8xoIz17340z
jboLc92XQZkaJn8Xh8R2uzu1FSSwgk8uCsP+q3XJTVl0Gscz508URVv008OpnTSo
4Soz6hAH254zg2Dw3XwnDWuS75DMNbNO4/rKh1Ux6HuMwjUZQWp2bGx60GrRLaim
l0BzUpw8Q6dL8bcEr+DRMjys36dKFfsuVthcTJmdPPBtoCAllskk/IRM3N4dKejU
4f/KBi857STcefkqGACu0otE6yqU+8gChg1+H2XHIAZeylCvvXHLBtoS/w==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G
A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp
Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1
MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG
A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL
v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8
eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq
tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd
C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa
zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB
mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH
V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n
bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG
3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs
J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO
291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS
ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd
AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7
TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg==
-----END CERTIFICATE-----

BIN
certs/intermediate/server-chain-ecc.der 100644
View File

Binary file not shown.

37
certs/intermediate/server-chain-ecc.pem 100644
View File

@ -0,0 +1,37 @@
-----BEGIN CERTIFICATE-----
MIIDZDCCAwugAwIBAgICEAQwCgYIKoZIzj0EAwIwgaMxCzAJBgNVBAYTAlVTMRMw
EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3
b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJ
bnRlcm1lZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
Y29tMB4XDTE4MTIyMTE3NTQwMVoXDTI4MTIxODE3NTQwMVowgaAxCzAJBgNVBAYT
AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD
VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEhMB8GA1UEAwwYd29s
ZlNTTCBTZXJ2ZXIgQ2hhaW4gRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZz
c2wuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuzOsTCdQSsZKpQTDPN6f
NttyLc6U6iv6yyAJOSwW6GEC6a9N0wKTmjFbl5Ihf/DPGNqREQI0huggWDMLgDSJ
2KOCAS4wggEqMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMB0GA1UdDgQW
BBRdXSbvrH42+Zt2FStKJQIj77KJMDCBxQYDVR0jBIG9MIG6gBSXHWDDhyJZm2Af
hLSZHIhNv9oebqGBnaSBmjCBlzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hp
bmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZTU0wxFDASBgNV
BAsMC0RldmVsb3BtZW50MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkq
hkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CAhADMA4GA1UdDwEB/wQEAwIDqDAT
BgNVHSUEDDAKBggrBgEFBQcDATAKBggqhkjOPQQDAgNHADBEAiB0XGkL2vHYzyG8
gayx5cWzOHL5nPFQLTEmSVjD3svlfQIgeJ0/W+ISuxstPSXbK6j0dgKQeySoHUmW
RVZXi7tZVPo=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICkTCCAjigAwIBAgICEAMwCgYIKoZIzj0EAwIwgZcxCzAJBgNVBAYTAlVTMRMw
EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3
b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UEAwwPd3d3LndvbGZz
c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4MTIy
MTE3NTQwMVoXDTM4MTIxNjE3NTQwMVowgaMxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM
MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJbnRlcm1l
ZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMFkw
EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEld8csp4gqR2iW6tcm6hmBinmstjjFKbD
wbStTUQYIB5dZ/0VHW0l4RexccqFA/DSr0FmRjZt6kHLT8hK0KBhjKNmMGQwHQYD
VR0OBBYEFJcdYMOHIlmbYB+EtJkciE2/2h5uMB8GA1UdIwQYMBaAFFaOmsPwQt4Y
uUVVbvmTz+rD86UhMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGG
MAoGCCqGSM49BAMCA0cAMEQCICCNvbwIilIgq7zwlAw8OJyewBhTlJR/Vz0VjnVf
jIJ5AiBAPg8nmui6m/SZz3E2aNHtMVQ36C430J5JqSd5wQM0UA==
-----END CERTIFICATE-----

BIN
certs/intermediate/server-chain.der 100644
View File

Binary file not shown.

53
certs/intermediate/server-chain.pem 100644
View File

@ -0,0 +1,53 @@
-----BEGIN CERTIFICATE-----
MIIE5jCCA86gAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwgZ8xCzAJBgNVBAYTAlVT
MRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQK
DAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNT
TCBJbnRlcm1lZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
b20wHhcNMTgxMjIxMTc1NDAwWhcNMjgxMjE4MTc1NDAwWjCBnDELMAkGA1UEBhMC
VVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNV
BAoMB3dvbGZTU0wxFDASBgNVBAsMC0RldmVsb3BtZW50MR0wGwYDVQQDDBR3b2xm
U1NMIFNlcnZlciBDaGFpbjEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv
bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfSRUEn
AWXGRa7yvCQwuJXOL07W9hyIvHyf+6hnf/5cnFF194rKB+c1L4/hvXvAL3yrZKgX
/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBj
xfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9
ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIj
laF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBP
rdcCAwEAAaOCASswggEnMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMB0G
A1UdDgQWBBSzETLJkpiE4sn40DtuA0LKHw6OPDCBwgYDVR0jBIG6MIG3gBTvaeD3
1R3mmezcbdD34rlcZHGDNaGBmqSBlzCBlDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMw
EQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAd
BgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CAhAAMA4GA1UdDwEB/wQEAwID
qDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAQEAPbWNZn6F
oIfMU6THyWNr1MREx0XQce8vWJJgfcg37WTqsasAG1b+93d4dv1kY314/9SuWBvw
FOnnvUvsNm80y5GwQyVmi8BZ0ertJQ1ccoop3orId1G51cTlJlAMvdeh6/qT7D02
j8/utmtcqE8bccZNLK/S2iDIifP824TCqfaXYqyqp2v7OyFRhXpzVTSCm/iZy5aJ
otM5X7MNX46eRkpVV6veEc+AHyXJ7G9I/c5b0gUHa078DRCgioL75Hc6J+AODPtD
ZF+QjiYSlNuXGOwZlBtWXLm7JpscFVwH39EtnUGWwCpaSp5fnmaajGz/bMqhfbYS
o9QzCwAeul09eg==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEFzCCAv+gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVT
MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhT
YXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZz
c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4MTIy
MTE3NTQwMFoXDTM4MTIxNjE3NTQwMFowgZ8xCzAJBgNVBAYTAlVTMRMwEQYDVQQI
DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM
MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNTTCBJbnRlcm1l
ZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDonNdIWIgzjpxOKeUu9uHBBxaG55L
DT7K+KX3DWrcI5AiaitYY0ooakio53MfolXYTQI74str4oPJUY93/dwtXSO3I5p+
tilo6CpOqf4ycDGe8O/u+I3j/PPXKN16HZ6tIyvxpn80Uilm0uVkVWTW3UtBO1WD
bsARDm4gwhZz6zD/CUa758zGA0RBEcbBbDYvSvmRVcpYXje4KBAwiUCWd89wZqRV
+2kL59myM2Xbcjp3tytJ/LbNWBCNq6rLQEV3AjkYs48zAUh3UL6Oc6feNqBJjiwW
r7n7Qi01ats0N9UUWX1lcuWLZVVLIF5H+fg602zZOvXHAUYxw3maGL5JAgMBAAGj
ZjBkMB0GA1UdDgQWBBTvaeD31R3mmezcbdD34rlcZHGDNTAfBgNVHSMEGDAWgBQn
jmcRdMMmHT/tM2OzpNgdMOXo1TASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB
/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEAXs0wzhMGqKMlbYVov4g7aBJqXl8i
glFK/bGussI+oeRzl293H14Kpj6KIJNMP2hkaajXrj6lWOTQReR6X8xoIz17340z
jboLc92XQZkaJn8Xh8R2uzu1FSSwgk8uCsP+q3XJTVl0Gscz508URVv008OpnTSo
4Soz6hAH254zg2Dw3XwnDWuS75DMNbNO4/rKh1Ux6HuMwjUZQWp2bGx60GrRLaim
l0BzUpw8Q6dL8bcEr+DRMjys36dKFfsuVthcTJmdPPBtoCAllskk/IRM3N4dKejU
4f/KBi857STcefkqGACu0otE6yqU+8gChg1+H2XHIAZeylCvvXHLBtoS/w==
-----END CERTIFICATE-----

BIN
certs/intermediate/server-int-cert.der 100644
View File

Binary file not shown.

94
certs/intermediate/server-int-cert.pem 100644
View File

@ -0,0 +1,94 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4097 (0x1001)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Intermediate CA/emailAddress=info@wolfssl.com
Validity
Not Before: Dec 21 17:54:00 2018 GMT
Not After : Dec 18 17:54:00 2028 GMT
Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Server Chain/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
ad:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Server
X509v3 Subject Key Identifier:
B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
X509v3 Authority Key Identifier:
keyid:EF:69:E0:F7:D5:1D:E6:99:EC:DC:6D:D0:F7:E2:B9:5C:64:71:83:35
DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:10:00
X509v3 Key Usage: critical
Digital Signature, Key Encipherment, Key Agreement
X509v3 Extended Key Usage:
TLS Web Server Authentication
Signature Algorithm: sha256WithRSAEncryption
3d:b5:8d:66:7e:85:a0:87:cc:53:a4:c7:c9:63:6b:d4:c4:44:
c7:45:d0:71:ef:2f:58:92:60:7d:c8:37:ed:64:ea:b1:ab:00:
1b:56:fe:f7:77:78:76:fd:64:63:7d:78:ff:d4:ae:58:1b:f0:
14:e9:e7:bd:4b:ec:36:6f:34:cb:91:b0:43:25:66:8b:c0:59:
d1:ea:ed:25:0d:5c:72:8a:29:de:8a:c8:77:51:b9:d5:c4:e5:
26:50:0c:bd:d7:a1:eb:fa:93:ec:3d:36:8f:cf:ee:b6:6b:5c:
a8:4f:1b:71:c6:4d:2c:af:d2:da:20:c8:89:f3:fc:db:84:c2:
a9:f6:97:62:ac:aa:a7:6b:fb:3b:21:51:85:7a:73:55:34:82:
9b:f8:99:cb:96:89:a2:d3:39:5f:b3:0d:5f:8e:9e:46:4a:55:
57:ab:de:11:cf:80:1f:25:c9:ec:6f:48:fd:ce:5b:d2:05:07:
6b:4e:fc:0d:10:a0:8a:82:fb:e4:77:3a:27:e0:0e:0c:fb:43:
64:5f:90:8e:26:12:94:db:97:18:ec:19:94:1b:56:5c:b9:bb:
26:9b:1c:15:5c:07:df:d1:2d:9d:41:96:c0:2a:5a:4a:9e:5f:
9e:66:9a:8c:6c:ff:6c:ca:a1:7d:b6:12:a3:d4:33:0b:00:1e:
ba:5d:3d:7a
-----BEGIN CERTIFICATE-----
MIIE5jCCA86gAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwgZ8xCzAJBgNVBAYTAlVT
MRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQK
DAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNT
TCBJbnRlcm1lZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
b20wHhcNMTgxMjIxMTc1NDAwWhcNMjgxMjE4MTc1NDAwWjCBnDELMAkGA1UEBhMC
VVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNV
BAoMB3dvbGZTU0wxFDASBgNVBAsMC0RldmVsb3BtZW50MR0wGwYDVQQDDBR3b2xm
U1NMIFNlcnZlciBDaGFpbjEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv
bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfSRUEn
AWXGRa7yvCQwuJXOL07W9hyIvHyf+6hnf/5cnFF194rKB+c1L4/hvXvAL3yrZKgX
/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBj
xfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9
ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIj
laF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBP
rdcCAwEAAaOCASswggEnMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMB0G
A1UdDgQWBBSzETLJkpiE4sn40DtuA0LKHw6OPDCBwgYDVR0jBIG6MIG3gBTvaeD3
1R3mmezcbdD34rlcZHGDNaGBmqSBlzCBlDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMw
EQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAd
BgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CAhAAMA4GA1UdDwEB/wQEAwID
qDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAQEAPbWNZn6F
oIfMU6THyWNr1MREx0XQce8vWJJgfcg37WTqsasAG1b+93d4dv1kY314/9SuWBvw
FOnnvUvsNm80y5GwQyVmi8BZ0ertJQ1ccoop3orId1G51cTlJlAMvdeh6/qT7D02
j8/utmtcqE8bccZNLK/S2iDIifP824TCqfaXYqyqp2v7OyFRhXpzVTSCm/iZy5aJ
otM5X7MNX46eRkpVV6veEc+AHyXJ7G9I/c5b0gUHa078DRCgioL75Hc6J+AODPtD
ZF+QjiYSlNuXGOwZlBtWXLm7JpscFVwH39EtnUGWwCpaSp5fnmaajGz/bMqhfbYS
o9QzCwAeul09eg==
-----END CERTIFICATE-----

BIN
certs/intermediate/server-int-ecc-cert.der 100644
View File

Binary file not shown.

63
certs/intermediate/server-int-ecc-cert.pem 100644
View File

@ -0,0 +1,63 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4100 (0x1004)
Signature Algorithm: ecdsa-with-SHA256
Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Intermediate CA ECC/emailAddress=info@wolfssl.com
Validity
Not Before: Dec 21 17:54:01 2018 GMT
Not After : Dec 18 17:54:01 2028 GMT
Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Server Chain ECC/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:bb:33:ac:4c:27:50:4a:c6:4a:a5:04:c3:3c:de:
9f:36:db:72:2d:ce:94:ea:2b:fa:cb:20:09:39:2c:
16:e8:61:02:e9:af:4d:d3:02:93:9a:31:5b:97:92:
21:7f:f0:cf:18:da:91:11:02:34:86:e8:20:58:33:
0b:80:34:89:d8
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Server
X509v3 Subject Key Identifier:
5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30
X509v3 Authority Key Identifier:
keyid:97:1D:60:C3:87:22:59:9B:60:1F:84:B4:99:1C:88:4D:BF:DA:1E:6E
DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Development/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:10:03
X509v3 Key Usage: critical
Digital Signature, Key Encipherment, Key Agreement
X509v3 Extended Key Usage:
TLS Web Server Authentication
Signature Algorithm: ecdsa-with-SHA256
30:44:02:20:74:5c:69:0b:da:f1:d8:cf:21:bc:81:ac:b1:e5:
c5:b3:38:72:f9:9c:f1:50:2d:31:26:49:58:c3:de:cb:e5:7d:
02:20:78:9d:3f:5b:e2:12:bb:1b:2d:3d:25:db:2b:a8:f4:76:
02:90:7b:24:a8:1d:49:96:45:56:57:8b:bb:59:54:fa
-----BEGIN CERTIFICATE-----
MIIDZDCCAwugAwIBAgICEAQwCgYIKoZIzj0EAwIwgaMxCzAJBgNVBAYTAlVTMRMw
EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3
b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJ
bnRlcm1lZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
Y29tMB4XDTE4MTIyMTE3NTQwMVoXDTI4MTIxODE3NTQwMVowgaAxCzAJBgNVBAYT
AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD
VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEhMB8GA1UEAwwYd29s
ZlNTTCBTZXJ2ZXIgQ2hhaW4gRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZz
c2wuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuzOsTCdQSsZKpQTDPN6f
NttyLc6U6iv6yyAJOSwW6GEC6a9N0wKTmjFbl5Ihf/DPGNqREQI0huggWDMLgDSJ
2KOCAS4wggEqMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMB0GA1UdDgQW
BBRdXSbvrH42+Zt2FStKJQIj77KJMDCBxQYDVR0jBIG9MIG6gBSXHWDDhyJZm2Af
hLSZHIhNv9oebqGBnaSBmjCBlzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hp
bmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZTU0wxFDASBgNV
BAsMC0RldmVsb3BtZW50MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkq
hkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CAhADMA4GA1UdDwEB/wQEAwIDqDAT
BgNVHSUEDDAKBggrBgEFBQcDATAKBggqhkjOPQQDAgNHADBEAiB0XGkL2vHYzyG8
gayx5cWzOHL5nPFQLTEmSVjD3svlfQIgeJ0/W+ISuxstPSXbK6j0dgKQeySoHUmW
RVZXi7tZVPo=
-----END CERTIFICATE-----

6
tests/include.am
View File

@ -34,5 +34,9 @@ EXTRA_DIST += tests/test.conf \
tests/test-enckeys.conf \ tests/test-enckeys.conf \
tests/test-maxfrag.conf \ tests/test-maxfrag.conf \
tests/test-maxfrag-dtls.conf \ tests/test-maxfrag-dtls.conf \
tests/test-fails.conf tests/test-fails.conf \
tests/test-chains.conf \
tests/test-altchains.conf \
tests/test-trustedpeer.conf \
tests/test-dhprime.conf
DISTCLEANFILES+= tests/.libs/unit.test DISTCLEANFILES+= tests/.libs/unit.test

210
tests/suites.c
View File

@ -59,8 +59,10 @@ static char flagSep[] = " ";
static char portFlag[] = "-p"; static char portFlag[] = "-p";
static char svrPort[] = "0"; static char svrPort[] = "0";
#endif #endif
static char forceDefCipherListFlag[] = "-HdefCipherList"; static char intTestFlag[] = "-H";
static char exitWithRetFlag[] = "-HexitWithRet"; static char forceDefCipherListFlag[] = "defCipherList";
static char exitWithRetFlag[] = "exitWithRet";
static char disableDHPrimeTest[] = "-2";
#ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_ASYNC_CRYPT
static int devId = INVALID_DEVID; static int devId = INVALID_DEVID;
@ -192,10 +194,10 @@ static int IsValidCert(const char* line)
} }
static int execute_test_case(int svr_argc, char** svr_argv, static int execute_test_case(int svr_argc, char** svr_argv,
int cli_argc, char** cli_argv, int cli_argc, char** cli_argv,
int addNoVerify, int addNonBlocking, int addNoVerify, int addNonBlocking,
int addDisableEMS, int forceSrvDefCipherList, int addDisableEMS, int forceSrvDefCipherList,
int forceCliDefCipherList, int testShouldFail) int forceCliDefCipherList)
{ {
#ifdef WOLFSSL_TIRTOS #ifdef WOLFSSL_TIRTOS
func_args cliArgs = {0}; func_args cliArgs = {0};
@ -219,6 +221,7 @@ static int execute_test_case(int svr_argc, char** svr_argv,
#if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS) #if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS)
char portNumber[8]; char portNumber[8];
#endif #endif
int cliTestShouldFail = 0, svrTestShouldFail = 0;
/* Is Valid Cipher and Version Checks */ /* Is Valid Cipher and Version Checks */
/* build command list for the Is checks below */ /* build command list for the Is checks below */
@ -296,17 +299,17 @@ static int execute_test_case(int svr_argc, char** svr_argv,
} }
#endif #endif
if (forceSrvDefCipherList) { if (forceSrvDefCipherList) {
if (svrArgs.argc >= MAX_ARGS) if (svrArgs.argc + 2 > MAX_ARGS)
printf("cannot add the force def cipher list flag to server\n"); printf("cannot add the force def cipher list flag to server\n");
else else {
svr_argv[svrArgs.argc++] = intTestFlag;
svr_argv[svrArgs.argc++] = forceDefCipherListFlag; svr_argv[svrArgs.argc++] = forceDefCipherListFlag;
}
} }
#ifdef TEST_PK_PRIVKEY #ifdef TEST_PK_PRIVKEY
svr_argv[svrArgs.argc++] = (char*)"-P"; svr_argv[svrArgs.argc++] = (char*)"-P";
#endif #endif
if (testShouldFail) {
svr_argv[svrArgs.argc++] = exitWithRetFlag;
}
/* update server flags list */ /* update server flags list */
commandLine[0] = '\0'; commandLine[0] = '\0';
@ -324,6 +327,11 @@ static int execute_test_case(int svr_argc, char** svr_argv,
tests++; /* test count */ tests++; /* test count */
/* determine based on args if this test is expected to fail */
if (XSTRSTR(commandLine, exitWithRetFlag) != NULL) {
svrTestShouldFail = 1;
}
InitTcpReady(&ready); InitTcpReady(&ready);
#ifdef WOLFSSL_TIRTOS #ifdef WOLFSSL_TIRTOS
@ -362,17 +370,16 @@ static int execute_test_case(int svr_argc, char** svr_argv,
} }
#endif #endif
if (forceCliDefCipherList) { if (forceCliDefCipherList) {
if (cliArgs.argc >= MAX_ARGS) if (cliArgs.argc + 2 > MAX_ARGS)
printf("cannot add the force def cipher list flag to client\n"); printf("cannot add the force def cipher list flag to client\n");
else else {
cli_argv[cliArgs.argc++] = intTestFlag;
cli_argv[cliArgs.argc++] = forceDefCipherListFlag; cli_argv[cliArgs.argc++] = forceDefCipherListFlag;
}
} }
#ifdef TEST_PK_PRIVKEY #ifdef TEST_PK_PRIVKEY
cli_argv[cliArgs.argc++] = (char*)"-P"; cli_argv[cliArgs.argc++] = (char*)"-P";
#endif #endif
if (testShouldFail) {
cli_argv[cliArgs.argc++] = exitWithRetFlag;
}
commandLine[0] = '\0'; commandLine[0] = '\0';
added = 0; added = 0;
@ -387,19 +394,24 @@ static int execute_test_case(int svr_argc, char** svr_argv,
} }
printf("trying client command line[%d]: %s\n", tests, commandLine); printf("trying client command line[%d]: %s\n", tests, commandLine);
/* determine based on args if this test is expected to fail */
if (XSTRSTR(commandLine, exitWithRetFlag) != NULL) {
cliTestShouldFail = 1;
}
/* start client */ /* start client */
client_test(&cliArgs); client_test(&cliArgs);
/* verify results */ /* verify results */
if ((cliArgs.return_code != 0 && testShouldFail == 0) || if ((cliArgs.return_code != 0 && cliTestShouldFail == 0) ||
(cliArgs.return_code == 0 && testShouldFail != 0)) { (cliArgs.return_code == 0 && cliTestShouldFail != 0)) {
printf("client_test failed\n"); printf("client_test failed\n");
XEXIT(EXIT_FAILURE); XEXIT(EXIT_FAILURE);
} }
join_thread(serverThread); join_thread(serverThread);
if ((svrArgs.return_code != 0 && testShouldFail == 0) || if ((svrArgs.return_code != 0 && svrTestShouldFail == 0) ||
(svrArgs.return_code == 0 && testShouldFail != 0)) { (svrArgs.return_code == 0 && svrTestShouldFail != 0)) {
printf("server_test failed\n"); printf("server_test failed\n");
XEXIT(EXIT_FAILURE); XEXIT(EXIT_FAILURE);
} }
@ -409,8 +421,10 @@ static int execute_test_case(int svr_argc, char** svr_argv,
#endif #endif
FreeTcpReady(&ready); FreeTcpReady(&ready);
/* only run the first test for failure cases */ /* only run the first test for expected failure cases */
if (testShouldFail) { /* the example server/client are not designed to handle expected failure in
all cases, such as non-blocking, etc... */
if (svrTestShouldFail || cliTestShouldFail) {
return NOT_BUILT_IN; return NOT_BUILT_IN;
} }
@ -432,12 +446,15 @@ static void test_harness(void* vargs)
char* cursor; char* cursor;
char* comment; char* comment;
const char* fname = "tests/test.conf"; const char* fname = "tests/test.conf";
int testShouldFail = 0; const char* addArgs = NULL;
if (args->argc == 1) { if (args->argc == 1) {
printf("notice: using default file %s\n", fname); printf("notice: using default file %s\n", fname);
} }
else if(args->argc > 3) { else if (args->argc == 3) {
addArgs = args->argv[2];
}
else if (args->argc > 3) {
printf("usage: harness [FILE] [ARG]\n"); printf("usage: harness [FILE] [ARG]\n");
args->return_code = 1; args->return_code = 1;
return; return;
@ -446,9 +463,6 @@ static void test_harness(void* vargs)
if (args->argc >= 2) { if (args->argc >= 2) {
fname = args->argv[1]; fname = args->argv[1];
} }
if (args->argc == 3) {
testShouldFail = 1;
}
file = fopen(fname, "rb"); file = fopen(fname, "rb");
if (file == NULL) { if (file == NULL) {
@ -468,7 +482,7 @@ static void test_harness(void* vargs)
script = (char*)malloc(sz+1); script = (char*)malloc(sz+1);
if (script == 0) { if (script == 0) {
fprintf(stderr, "unable to allocte script buffer\n"); fprintf(stderr, "unable to allocate script buffer\n");
fclose(file); fclose(file);
args->return_code = 1; args->return_code = 1;
return; return;
@ -501,38 +515,29 @@ static void test_harness(void* vargs)
to client mode if we don't have the client command yet */ to client mode if we don't have the client command yet */
if (cliMode == 0) if (cliMode == 0)
cliMode = 1; /* switch to client mode processing */ cliMode = 1; /* switch to client mode processing */
/* skip extra newlines */
else else
do_it = 1; /* Do It, we have server and client */ do_it = 1; /* Do It, we have server and client */
cursor++; cursor++;
break; break;
case '#': case '#':
/* Ignore lines that start with a #. */ /* Ignore lines that start with a # */
comment = XSTRSEP(&cursor, "\n"); comment = XSTRSEP(&cursor, "\n");
#ifdef DEBUG_SUITE_TESTS #ifdef DEBUG_SUITE_TESTS
printf("%s\n", comment); printf("%s\n", comment);
#else #else
(void)comment; (void)comment;
#endif #endif
break; break;
case '-': case '-':
default:
/* Parameters start with a -. They end in either a newline /* Parameters start with a -. They end in either a newline
* or a space. Capture until either, save in Args list. */ * or a space. Capture until either, save in Args list. */
if (cliMode) if (cliMode)
cliArgs[cliArgsSz++] = XSTRSEP(&cursor, " \n"); cliArgs[cliArgsSz++] = XSTRSEP(&cursor, " \n");
else else
svrArgs[svrArgsSz++] = XSTRSEP(&cursor, " \n"); svrArgs[svrArgsSz++] = XSTRSEP(&cursor, " \n");
if (*cursor == 0) /* eof */ if (*cursor == '\0') /* eof */
do_it = 1;
break;
default:
/* Anything from cursor until end of line that isn't the above
* is data for a paramter. Just up until the next newline in
* the Args list. */
if (cliMode)
cliArgs[cliArgsSz++] = XSTRSEP(&cursor, "\n");
else
svrArgs[svrArgsSz++] = XSTRSEP(&cursor, "\n");
if (*cursor == 0) /* eof */
do_it = 1; do_it = 1;
break; break;
} }
@ -543,42 +548,48 @@ static void test_harness(void* vargs)
} }
if (do_it) { if (do_it) {
/* additional arguments processing */
if (cliArgsSz+2 < MAX_ARGS && svrArgsSz+2 < MAX_ARGS) {
if (addArgs == NULL || XSTRSTR(addArgs, "doDH") == NULL) {
/* The `-2` disable DH prime check is added to all tests by default */
cliArgs[cliArgsSz++] = disableDHPrimeTest;
svrArgs[svrArgsSz++] = disableDHPrimeTest;
}
if (addArgs && XSTRSTR(addArgs, "expFail")) {
/* Tests should expect to fail */
cliArgs[cliArgsSz++] = intTestFlag;
cliArgs[cliArgsSz++] = exitWithRetFlag;
svrArgs[svrArgsSz++] = intTestFlag;
svrArgs[svrArgsSz++] = exitWithRetFlag;
}
}
ret = execute_test_case(svrArgsSz, svrArgs, ret = execute_test_case(svrArgsSz, svrArgs,
cliArgsSz, cliArgs, 0, 0, 0, 0, 0, cliArgsSz, cliArgs, 0, 0, 0, 0, 0);
testShouldFail);
/* don't repeat if not supported in build */ /* don't repeat if not supported in build */
if (ret == 0) { if (ret == 0) {
/* test with default cipher list on server side */ /* test with default cipher list on server side */
execute_test_case(svrArgsSz, svrArgs, execute_test_case(svrArgsSz, svrArgs,
cliArgsSz, cliArgs, 0, 0, 0, 1, 0, cliArgsSz, cliArgs, 0, 0, 0, 1, 0);
testShouldFail);
/* test with default cipher list on client side */ /* test with default cipher list on client side */
execute_test_case(svrArgsSz, svrArgs, execute_test_case(svrArgsSz, svrArgs,
cliArgsSz, cliArgs, 0, 0, 0, 0, 1, cliArgsSz, cliArgs, 0, 0, 0, 0, 1);
testShouldFail);
execute_test_case(svrArgsSz, svrArgs, execute_test_case(svrArgsSz, svrArgs,
cliArgsSz, cliArgs, 0, 1, 0, 0, 0, cliArgsSz, cliArgs, 0, 1, 0, 0, 0);
testShouldFail);
execute_test_case(svrArgsSz, svrArgs, execute_test_case(svrArgsSz, svrArgs,
cliArgsSz, cliArgs, 1, 0, 0, 0, 0, cliArgsSz, cliArgs, 1, 0, 0, 0, 0);
testShouldFail);
execute_test_case(svrArgsSz, svrArgs, execute_test_case(svrArgsSz, svrArgs,
cliArgsSz, cliArgs, 1, 1, 0, 0, 0, cliArgsSz, cliArgs, 1, 1, 0, 0, 0);
testShouldFail);
#ifdef HAVE_EXTENDED_MASTER #ifdef HAVE_EXTENDED_MASTER
execute_test_case(svrArgsSz, svrArgs, execute_test_case(svrArgsSz, svrArgs,
cliArgsSz, cliArgs, 0, 0, 1, 0, 0, cliArgsSz, cliArgs, 0, 0, 1, 0, 0);
testShouldFail);
execute_test_case(svrArgsSz, svrArgs, execute_test_case(svrArgsSz, svrArgs,
cliArgsSz, cliArgs, 0, 1, 1, 0, 0, cliArgsSz, cliArgs, 0, 1, 1, 0, 0);
testShouldFail);
execute_test_case(svrArgsSz, svrArgs, execute_test_case(svrArgsSz, svrArgs,
cliArgsSz, cliArgs, 1, 0, 1, 0, 0, cliArgsSz, cliArgs, 1, 0, 1, 0, 0);
testShouldFail);
execute_test_case(svrArgsSz, svrArgs, execute_test_case(svrArgsSz, svrArgs,
cliArgsSz, cliArgs, 1, 1, 1, 0, 0, cliArgsSz, cliArgs, 1, 1, 1, 0, 0);
testShouldFail);
#endif #endif
} }
svrArgsSz = 1; svrArgsSz = 1;
@ -593,7 +604,7 @@ static void test_harness(void* vargs)
#endif /* !NO_WOLFSSL_SERVER && !NO_WOLFSSL_CLIENT */ #endif /* !NO_WOLFSSL_SERVER && !NO_WOLFSSL_CLIENT */
int SuiteTest(void) int SuiteTest(int argc, char** argv)
{ {
#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) #if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT)
func_args args; func_args args;
@ -613,8 +624,6 @@ int SuiteTest(void)
byte memory[200000]; byte memory[200000];
#endif #endif
(void)test_harness;
cipherSuiteCtx = wolfSSL_CTX_new(wolfSSLv23_client_method()); cipherSuiteCtx = wolfSSL_CTX_new(wolfSSLv23_client_method());
if (cipherSuiteCtx == NULL) { if (cipherSuiteCtx == NULL) {
printf("can't get cipher suite ctx\n"); printf("can't get cipher suite ctx\n");
@ -642,6 +651,23 @@ int SuiteTest(void)
wolfSSL_CTX_UseAsync(cipherSuiteCtx, devId); wolfSSL_CTX_UseAsync(cipherSuiteCtx, devId);
#endif /* WOLFSSL_ASYNC_CRYPT */ #endif /* WOLFSSL_ASYNC_CRYPT */
/* support for custom command line tests */
if (argc > 1) {
/* Examples:
./tests/unit.test tests/test-altchains.conf
./tests/unit.test tests/test-fails.conf expFail
./tests/unit.test tests/test-dhprime.conf doDH
*/
args.argc = argc;
args.argv = argv;
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
args.return_code = EXIT_FAILURE;
}
goto exit;
}
/* default case */ /* default case */
args.argc = 1; args.argc = 1;
printf("starting default cipher suite tests\n"); printf("starting default cipher suite tests\n");
@ -806,10 +832,56 @@ int SuiteTest(void)
#endif #endif
#endif #endif
#ifdef WOLFSSL_ALT_CERT_CHAINS
/* tests for alt chains */
strcpy(argv0[1], "tests/test-altchains.conf");
printf("starting certificate alternate chain cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
args.return_code = EXIT_FAILURE;
goto exit;
}
#else
/* tests for chains */
strcpy(argv0[1], "tests/test-chains.conf");
printf("starting certificate chain cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
args.return_code = EXIT_FAILURE;
goto exit;
}
#endif
#ifdef WOLFSSL_TRUST_PEER_CERT
/* tests for trusted peer cert */
strcpy(argv0[1], "tests/test-trustpeer.conf");
printf("starting trusted peer certificate cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
args.return_code = EXIT_FAILURE;
goto exit;
}
#endif
/* tests for dh prime */
args.argc = 3;
strcpy(argv0[1], "tests/test-dhprime.conf");
strcpy(argv0[2], "doDH"); /* add DH prime flag */
printf("starting tests that expect failure\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
args.return_code = EXIT_FAILURE;
goto exit;
}
/* failure tests */ /* failure tests */
args.argc = 3; args.argc = 3;
strcpy(argv0[1], "tests/test-fails.conf"); strcpy(argv0[1], "tests/test-fails.conf");
strcpy(argv0[2], "-f"); strcpy(argv0[2], "expFail"); /* tests are expected to fail */
printf("starting tests that expect failure\n"); printf("starting tests that expect failure\n");
test_harness(&args); test_harness(&args);
if (args.return_code != 0) { if (args.return_code != 0) {
@ -832,4 +904,6 @@ exit:
#else #else
return NOT_COMPILED_IN; return NOT_COMPILED_IN;
#endif /* !NO_WOLFSSL_SERVER && !NO_WOLFSSL_CLIENT */ #endif /* !NO_WOLFSSL_SERVER && !NO_WOLFSSL_CLIENT */
(void)argc;
(void)argv;
} }

212
tests/test-altchains.conf 100644
View File

@ -0,0 +1,212 @@
# Tests will use complete chain with intermediate CA for testing
# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Chain
-v 3
-l DHE-RSA-AES128-GCM-SHA256
-A ./certs/ca-cert.pem
-k ./certs/server-key.pem
-c ./certs/intermediate/server-chain.pem
# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Chain
-v 3
-l DHE-RSA-AES128-GCM-SHA256
-A ./certs/ca-cert.pem
-k ./certs/client-key.pem
-c ./certs/intermediate/client-chain.pem
# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Chain
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-A ./certs/ca-cert.pem
-k ./certs/server-key.pem
-c ./certs/intermediate/server-chain.pem
# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Chain
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-A ./certs/ca-cert.pem
-k ./certs/client-key.pem
-c ./certs/intermediate/client-chain.pem
# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Chain
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-A ./certs/ca-ecc-cert.pem
-k ./certs/ecc-key.pem
-c ./certs/intermediate/server-chain-ecc.pem
# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Chain
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-A ./certs/ca-ecc-cert.pem
-k ./certs/ecc-client-key.pem
-c ./certs/intermediate/client-chain-ecc.pem
# server TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Chain
-v 4
-l TLS13-AES128-GCM-SHA256
-A ./certs/ca-cert.pem
-k ./certs/server-key.pem
-c ./certs/intermediate/server-chain.pem
# client TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Chain
-v 4
-l TLS13-AES128-GCM-SHA256
-A ./certs/ca-cert.pem
-k ./certs/client-key.pem
-c ./certs/intermediate/client-chain.pem
# server TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Chain
-v 4
-l TLS13-AES128-GCM-SHA256
-A ./certs/ca-ecc-cert.pem
-k ./certs/ecc-key.pem
-c ./certs/intermediate/server-chain-ecc.pem
# client TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Chain
-v 4
-l TLS13-AES128-GCM-SHA256
-A ./certs/ca-ecc-cert.pem
-k ./certs/ecc-client-key.pem
-c ./certs/intermediate/client-chain-ecc.pem
# Test will load intermediate CA as trusted and only present the peer cert (partial chain)
# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Partial Chain
-v 3
-l DHE-RSA-AES128-GCM-SHA256
-A ./certs/intermediate/ca-int-cert.pem
-k ./certs/server-key.pem
-c ./certs/intermediate/server-int-cert.pem
# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Partial Chain
-v 3
-l DHE-RSA-AES128-GCM-SHA256
-A ./certs/intermediate/ca-int-cert.pem
-k ./certs/client-key.pem
-c ./certs/intermediate/client-int-cert.pem
# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Partial Chain
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-A ./certs/intermediate/ca-int-cert.pem
-k ./certs/server-key.pem
-c ./certs/intermediate/server-int-cert.pem
# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Partial Chain
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-A ./certs/intermediate/ca-int-cert.pem
-k ./certs/client-key.pem
-c ./certs/intermediate/client-int-cert.pem
# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Partial Chain
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-A ./certs/intermediate/ca-int-ecc-cert.pem
-k ./certs/ecc-key.pem
-c ./certs/intermediate/server-int-ecc-cert.pem
# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Partial Chain
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-A ./certs/intermediate/ca-int-ecc-cert.pem
-k ./certs/ecc-client-key.pem
-c ./certs/intermediate/client-int-ecc-cert.pem
# server TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Partial Chain
-v 4
-l TLS13-AES128-GCM-SHA256
-A ./certs/intermediate/ca-int-cert.pem
-k ./certs/server-key.pem
-c ./certs/intermediate/server-int-cert.pem
# client TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Partial Chain
-v 4
-l TLS13-AES128-GCM-SHA256
-A ./certs/intermediate/ca-int-cert.pem
-k ./certs/client-key.pem
-c ./certs/intermediate/client-int-cert.pem
# server TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Partial Chain
-v 4
-l TLS13-AES128-GCM-SHA256
-A ./certs/intermediate/ca-int-ecc-cert.pem
-k ./certs/ecc-key.pem
-c ./certs/intermediate/server-int-ecc-cert.pem
# client TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Partial Chain
-v 4
-l TLS13-AES128-GCM-SHA256
-A ./certs/intermediate/ca-int-ecc-cert.pem
-k ./certs/ecc-client-key.pem
-c ./certs/intermediate/client-int-ecc-cert.pem
# Test will use alternate chain where chain contains extra cert
# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Alt Chain
-v 3
-l DHE-RSA-AES128-GCM-SHA256
-A ./certs/ca-cert.pem
-k ./certs/server-key.pem
-c ./certs/intermediate/server-chain-alt.pem
# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Alt Chain
-v 3
-l DHE-RSA-AES128-GCM-SHA256
-A ./certs/ca-cert.pem
-k ./certs/client-key.pem
-c ./certs/intermediate/client-chain-alt.pem
# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Alt Chain
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-A ./certs/ca-cert.pem
-k ./certs/server-key.pem
-c ./certs/intermediate/server-chain-alt.pem
# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Alt Chain
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-A ./certs/ca-cert.pem
-k ./certs/client-key.pem
-c ./certs/intermediate/client-chain-alt.pem
# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Alt Chain
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-A ./certs/ca-ecc-cert.pem
-k ./certs/ecc-key.pem
-c ./certs/intermediate/server-chain-alt-ecc.pem
# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Alt Chain
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-A ./certs/ca-ecc-cert.pem
-k ./certs/ecc-client-key.pem
-c ./certs/intermediate/client-chain-alt-ecc.pem
# server TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Alt Chain
-v 4
-l TLS13-AES128-GCM-SHA256
-A ./certs/ca-cert.pem
-k ./certs/server-key.pem
-c ./certs/intermediate/server-chain-alt.pem
# client TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Alt Chain
-v 4
-l TLS13-AES128-GCM-SHA256
-A ./certs/ca-cert.pem
-k ./certs/client-key.pem
-c ./certs/intermediate/client-chain-alt.pem
# server TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Alt Chain
-v 4
-l TLS13-AES128-GCM-SHA256
-A ./certs/ca-ecc-cert.pem
-k ./certs/ecc-key.pem
-c ./certs/intermediate/server-chain-alt-ecc.pem
# client TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Alt Chain
-v 4
-l TLS13-AES128-GCM-SHA256
-A ./certs/ca-ecc-cert.pem
-k ./certs/ecc-client-key.pem
-c ./certs/intermediate/client-chain-alt-ecc.pem

223
tests/test-chains.conf 100644
View File

@ -0,0 +1,223 @@
# Tests will use complete chain with intermediate CA for testing
# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Chain
-v 3
-l DHE-RSA-AES128-GCM-SHA256
-A ./certs/ca-cert.pem
-k ./certs/server-key.pem
-c ./certs/intermediate/server-chain.pem
# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Chain
-v 3
-l DHE-RSA-AES128-GCM-SHA256
-A ./certs/ca-cert.pem
-k ./certs/client-key.pem
-c ./certs/intermediate/client-chain.pem
# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Chain
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-A ./certs/ca-cert.pem
-k ./certs/server-key.pem
-c ./certs/intermediate/server-chain.pem
# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Chain
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-A ./certs/ca-cert.pem
-k ./certs/client-key.pem
-c ./certs/intermediate/client-chain.pem
# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Chain
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-A ./certs/ca-ecc-cert.pem
-k ./certs/ecc-key.pem
-c ./certs/intermediate/server-chain-ecc.pem
# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Chain
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-A ./certs/ca-ecc-cert.pem
-k ./certs/ecc-client-key.pem
-c ./certs/intermediate/client-chain-ecc.pem
# server TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Chain
-v 4
-l TLS13-AES128-GCM-SHA256
-A ./certs/ca-cert.pem
-k ./certs/server-key.pem
-c ./certs/intermediate/server-chain.pem
# client TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Chain
-v 4
-l TLS13-AES128-GCM-SHA256
-A ./certs/ca-cert.pem
-k ./certs/client-key.pem
-c ./certs/intermediate/client-chain.pem
# server TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Chain
-v 4
-l TLS13-AES128-GCM-SHA256
-A ./certs/ca-ecc-cert.pem
-k ./certs/ecc-key.pem
-c ./certs/intermediate/server-chain-ecc.pem
# client TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Chain
-v 4
-l TLS13-AES128-GCM-SHA256
-A ./certs/ca-ecc-cert.pem
-k ./certs/ecc-client-key.pem
-c ./certs/intermediate/client-chain-ecc.pem
# Test will load intermediate CA as trusted and only present the peer cert (partial chain)
# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Partial Chain
-v 3
-l DHE-RSA-AES128-GCM-SHA256
-A ./certs/intermediate/ca-int-cert.pem
-k ./certs/server-key.pem
-c ./certs/intermediate/server-int-cert.pem
# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Partial Chain
-v 3
-l DHE-RSA-AES128-GCM-SHA256
-A ./certs/intermediate/ca-int-cert.pem
-k ./certs/client-key.pem
-c ./certs/intermediate/client-int-cert.pem
# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Partial Chain
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-A ./certs/intermediate/ca-int-cert.pem
-k ./certs/server-key.pem
-c ./certs/intermediate/server-int-cert.pem
# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Partial Chain
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-A ./certs/intermediate/ca-int-cert.pem
-k ./certs/client-key.pem
-c ./certs/intermediate/client-int-cert.pem
# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Partial Chain
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-A ./certs/intermediate/ca-int-ecc-cert.pem
-k ./certs/ecc-key.pem
-c ./certs/intermediate/server-int-ecc-cert.pem
# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Partial Chain
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-A ./certs/intermediate/ca-int-ecc-cert.pem
-k ./certs/ecc-client-key.pem
-c ./certs/intermediate/client-int-ecc-cert.pem
# server TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Partial Chain
-v 4
-l TLS13-AES128-GCM-SHA256
-A ./certs/intermediate/ca-int-cert.pem
-k ./certs/server-key.pem
-c ./certs/intermediate/server-int-cert.pem
# client TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Partial Chain
-v 4
-l TLS13-AES128-GCM-SHA256
-A ./certs/intermediate/ca-int-cert.pem
-k ./certs/client-key.pem
-c ./certs/intermediate/client-int-cert.pem
# server TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Partial Chain
-v 4
-l TLS13-AES128-GCM-SHA256
-A ./certs/intermediate/ca-int-ecc-cert.pem
-k ./certs/ecc-key.pem
-c ./certs/intermediate/server-int-ecc-cert.pem
# client TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Partial Chain
-v 4
-l TLS13-AES128-GCM-SHA256
-A ./certs/intermediate/ca-int-ecc-cert.pem
-k ./certs/ecc-client-key.pem
-c ./certs/intermediate/client-int-ecc-cert.pem
# Test will use alternate chain where chain contains extra cert
# These tests should fail
# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Alt Chain Fail
-v 3
-l DHE-RSA-AES128-GCM-SHA256
-A ./certs/ca-cert.pem
-k ./certs/server-key.pem
-c ./certs/intermediate/server-chain-alt.pem
-H exitWithRet
# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Alt Chain Fail
-v 3
-l DHE-RSA-AES128-GCM-SHA256
-A ./certs/ca-cert.pem
-k ./certs/client-key.pem
-c ./certs/intermediate/client-chain-alt.pem
-H exitWithRet
# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Alt Chain Fail
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-A ./certs/ca-cert.pem
-k ./certs/server-key.pem
-c ./certs/intermediate/server-chain-alt.pem
-H exitWithRet
# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Alt Chain Fail
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-A ./certs/ca-cert.pem
-k ./certs/client-key.pem
-c ./certs/intermediate/client-chain-alt.pem
-H exitWithRet
# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Alt Chain Fail
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-A ./certs/ca-ecc-cert.pem
-k ./certs/ecc-key.pem
-c ./certs/intermediate/server-chain-alt-ecc.pem
-H exitWithRet
# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Alt Chain Fail
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-A ./certs/ca-ecc-cert.pem
-k ./certs/ecc-client-key.pem
-c ./certs/intermediate/client-chain-alt-ecc.pem
-H exitWithRet
# server TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Alt Chain Fail
-v 4
-l TLS13-AES128-GCM-SHA256
-A ./certs/ca-cert.pem
-k ./certs/server-key.pem
-c ./certs/intermediate/server-chain-alt.pem
-H exitWithRet
# client TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Alt Chain Fail
-v 4
-l TLS13-AES128-GCM-SHA256
-A ./certs/ca-cert.pem
-k ./certs/client-key.pem
-c ./certs/intermediate/client-chain-alt.pem
-H exitWithRet
# server TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Alt Chain Fail
-v 4
-l TLS13-AES128-GCM-SHA256
-A ./certs/ca-ecc-cert.pem
-k ./certs/ecc-key.pem
-c ./certs/intermediate/server-chain-alt-ecc.pem
-H exitWithRet
# client TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Alt Chain Fail
-v 4
-l TLS13-AES128-GCM-SHA256
-A ./certs/ca-ecc-cert.pem
-k ./certs/ecc-client-key.pem
-c ./certs/intermediate/client-chain-alt-ecc.pem
-H exitWithRet

25
tests/test-dhprime.conf 100644
View File

@ -0,0 +1,25 @@
# server TLSv1.2 DHE AES128 (DHE prime test)
-v 3
-l DHE-RSA-AES128-SHA
# client TLSv1.2 DHE AES128 (DHE prime test)
-v 3
-l DHE-RSA-AES128-SHA
# server TLSv1.2 DHE AES256-SHA256 (DHE prime test)
-v 3
-l DHE-RSA-AES256-SHA256
# client TLSv1.2 DHE AES256-SHA256 (DHE prime test)
-v 3
-l DHE-RSA-AES256-SHA256
# server TLSv1.2 DHE-PSK-AES128-CBC-SHA256 (DHE prime test)
-s
-v 3
-l DHE-PSK-AES128-CBC-SHA256
# client TLSv1.2 DHE-PSK-AES128-CBC-SHA256 (DHE prime test)
-s
-v 3
-l DHE-PSK-AES128-CBC-SHA256

164
tests/test-dtls.conf
View File

File diff suppressed because it is too large Load Diff

8
tests/test-ed25519.conf
View File

@ -3,14 +3,12 @@
-l ECDHE-ECDSA-AES128-GCM-SHA256 -l ECDHE-ECDSA-AES128-GCM-SHA256
-c ./certs/ed25519/server-ed25519.pem -c ./certs/ed25519/server-ed25519.pem
-k ./certs/ed25519/server-ed25519-key.pem -k ./certs/ed25519/server-ed25519-key.pem
-2
# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 # client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
-v 3 -v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256 -l ECDHE-ECDSA-AES128-GCM-SHA256
-A ./certs/ed25519/root-ed25519.pem -A ./certs/ed25519/root-ed25519.pem
-C -C
-2
# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 # server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
-v 3 -v 3
@ -20,7 +18,6 @@
-A ./certs/ed25519/client-ed25519.pem -A ./certs/ed25519/client-ed25519.pem
-V -V
# Remove -V when CRL for ED25519 certificates available. # Remove -V when CRL for ED25519 certificates available.
-2
# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 # client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
-v 3 -v 3
@ -29,21 +26,18 @@
-k ./certs/ed25519/client-ed25519-key.pem -k ./certs/ed25519/client-ed25519-key.pem
-A ./certs/ed25519/root-ed25519.pem -A ./certs/ed25519/root-ed25519.pem
-C -C
-2
# server TLSv1.3 TLS13-AES128-GCM-SHA256 # server TLSv1.3 TLS13-AES128-GCM-SHA256
-v 4 -v 4
-l TLS13-AES128-GCM-SHA256 -l TLS13-AES128-GCM-SHA256
-c ./certs/ed25519/server-ed25519.pem -c ./certs/ed25519/server-ed25519.pem
-k ./certs/ed25519/server-ed25519-key.pem -k ./certs/ed25519/server-ed25519-key.pem
-2
# client TLSv1.3 TLS13-AES128-GCM-SHA256 # client TLSv1.3 TLS13-AES128-GCM-SHA256
-v 4 -v 4
-l TLS13-AES128-GCM-SHA256 -l TLS13-AES128-GCM-SHA256
-A ./certs/ed25519/root-ed25519.pem -A ./certs/ed25519/root-ed25519.pem
-C -C
-2
# Enable when CRL for ED25519 certificates available. # Enable when CRL for ED25519 certificates available.
# server TLSv1.3 TLS13-AES128-GCM-SHA256 # server TLSv1.3 TLS13-AES128-GCM-SHA256
@ -54,7 +48,6 @@
-A ./certs/ed25519/client-ed25519.pem -A ./certs/ed25519/client-ed25519.pem
-V -V
# Remove -V when CRL for ED25519 certificates available. # Remove -V when CRL for ED25519 certificates available.
-2
# client TLSv1.3 TLS13-AES128-GCM-SHA256 # client TLSv1.3 TLS13-AES128-GCM-SHA256
-v 4 -v 4
@ -63,5 +56,4 @@
-k ./certs/ed25519/client-ed25519-key.pem -k ./certs/ed25519/client-ed25519-key.pem
-A ./certs/ed25519/root-ed25519.pem -A ./certs/ed25519/root-ed25519.pem
-C -C
-2

10
tests/test-enckeys.conf
View File

@ -1,52 +1,42 @@
# server RSA encrypted key # server RSA encrypted key
-v 3 -v 3
-k ./certs/server-keyEnc.pem -k ./certs/server-keyEnc.pem
-2
# client RSA encrypted key # client RSA encrypted key
-v 3 -v 3
-k ./certs/client-keyEnc.pem -k ./certs/client-keyEnc.pem
-2
# server RSA encrypted key PKCS8 # server RSA encrypted key PKCS8
-v 3 -v 3
-k ./certs/server-keyPkcs8Enc.pem -k ./certs/server-keyPkcs8Enc.pem
-2
# client RSA encrypted key # client RSA encrypted key
-v 3 -v 3
-k ./certs/client-keyEnc.pem -k ./certs/client-keyEnc.pem
-2
# server RSA encrypted key PKCS8 2 # server RSA encrypted key PKCS8 2
-v 3 -v 3
-k ./certs/server-keyPkcs8Enc2.pem -k ./certs/server-keyPkcs8Enc2.pem
-2
# client RSA encrypted key # client RSA encrypted key
-v 3 -v 3
-k ./certs/client-keyEnc.pem -k ./certs/client-keyEnc.pem
-2
# server RSA encrypted key PKCS8 12 # server RSA encrypted key PKCS8 12
-v 3 -v 3
-k ./certs/server-keyPkcs8Enc12.pem -k ./certs/server-keyPkcs8Enc12.pem
-2
# client RSA encrypted key # client RSA encrypted key
-v 3 -v 3
-k ./certs/client-keyEnc.pem -k ./certs/client-keyEnc.pem
-2
# server TLSv1.2 ECDHE-ECDSA-AES128-SHA256 PKCS8 encrypted key # server TLSv1.2 ECDHE-ECDSA-AES128-SHA256 PKCS8 encrypted key
-v 3 -v 3
-l ECDHE-ECDSA-AES128-SHA256 -l ECDHE-ECDSA-AES128-SHA256
-c ./certs/server-ecc.pem -c ./certs/server-ecc.pem
-k ./certs/ecc-keyPkcs8Enc.pem -k ./certs/ecc-keyPkcs8Enc.pem
-2
# client TLSv1.2 ECDHE-ECDSA-AES128-SHA256 # client TLSv1.2 ECDHE-ECDSA-AES128-SHA256
-v 3 -v 3
-l ECDHE-ECDSA-AES128-SHA256 -l ECDHE-ECDSA-AES128-SHA256
-A ./certs/ca-ecc-cert.pem -A ./certs/ca-ecc-cert.pem
-2

30
tests/test-fails.conf
View File

@ -5,7 +5,6 @@
-k ./certs/server-key.pem -k ./certs/server-key.pem
-c ./certs/test/server-badcnnull.pem -c ./certs/test/server-badcnnull.pem
-d -d
-2
# client bad certificate common name has null # client bad certificate common name has null
-v 3 -v 3
@ -14,7 +13,6 @@
-A ./certs/test/server-badcnnull.pem -A ./certs/test/server-badcnnull.pem
-m -m
-x -x
-2
# server bad certificate alternate name has null # server bad certificate alternate name has null
-v 3 -v 3
@ -22,7 +20,6 @@
-k ./certs/server-key.pem -k ./certs/server-key.pem
-c ./certs/test/server-badaltnull.pem -c ./certs/test/server-badaltnull.pem
-d -d
-2
# client bad certificate alternate name has null # client bad certificate alternate name has null
-v 3 -v 3
@ -31,7 +28,6 @@
-A ./certs/test/server-badaltnull.pem -A ./certs/test/server-badaltnull.pem
-m -m
-x -x
-2
# server nomatch common name # server nomatch common name
-v 3 -v 3
@ -39,7 +35,6 @@
-k ./certs/server-key.pem -k ./certs/server-key.pem
-c ./certs/test/server-badcn.pem -c ./certs/test/server-badcn.pem
-d -d
-2
# client nomatch common name # client nomatch common name
-v 3 -v 3
@ -48,7 +43,6 @@
-A ./certs/test/server-badcn.pem -A ./certs/test/server-badcn.pem
-m -m
-x -x
-2
# server nomatch alternate name # server nomatch alternate name
-v 3 -v 3
@ -56,7 +50,6 @@
-k ./certs/server-key.pem -k ./certs/server-key.pem
-c ./certs/test/server-badaltname.pem -c ./certs/test/server-badaltname.pem
-d -d
-2
# client nomatch alternate name # client nomatch alternate name
-v 3 -v 3
@ -65,57 +58,47 @@
-A ./certs/test/server-badaltname.pem -A ./certs/test/server-badaltname.pem
-m -m
-x -x
-2
# server RSA no signer error # server RSA no signer error
-v 3 -v 3
-l ECDHE-RSA-AES128-GCM-SHA256 -l ECDHE-RSA-AES128-GCM-SHA256
-2
# client RSA no signer error # client RSA no signer error
-v 3 -v 3
-l ECDHE-RSA-AES128-GCM-SHA256 -l ECDHE-RSA-AES128-GCM-SHA256
-A ./certs/client-cert.pem -A ./certs/client-cert.pem
-2
# server ECC no signer error # server ECC no signer error
-v 3 -v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256 -l ECDHE-ECDSA-AES128-GCM-SHA256
-2
# client ECC no signer error # client ECC no signer error
-v 3 -v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256 -l ECDHE-ECDSA-AES128-GCM-SHA256
-A ./certs/client-ecc-cert.pem -A ./certs/client-ecc-cert.pem
-2
# server RSA bad sig error # server RSA bad sig error
-v 3 -v 3
-l ECDHE-RSA-AES128-GCM-SHA256 -l ECDHE-RSA-AES128-GCM-SHA256
-c ./certs/test/server-cert-rsa-badsig.pem -c ./certs/test/server-cert-rsa-badsig.pem
-2
# client RSA bad sig error # client RSA bad sig error
-v 3 -v 3
-l ECDHE-RSA-AES128-GCM-SHA256 -l ECDHE-RSA-AES128-GCM-SHA256
-2
# server ECC bad sig error # server ECC bad sig error
-v 3 -v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256 -l ECDHE-ECDSA-AES128-GCM-SHA256
-c ./certs/test/server-cert-ecc-badsig.pem -c ./certs/test/server-cert-ecc-badsig.pem
-2
# client ECC bad sig error # client ECC bad sig error
-v 3 -v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256 -l ECDHE-ECDSA-AES128-GCM-SHA256
-2
# server missing CN from alternate names list # server missing CN from alternate names list
-v 3 -v 3
-l ECDHE-RSA-AES128-GCM-SHA256 -l ECDHE-RSA-AES128-GCM-SHA256
-c ./certs/test/server-garbage.pem -c ./certs/test/server-garbage.pem
-2
# client missing CN from alternate names list # client missing CN from alternate names list
-v 3 -v 3
@ -123,53 +106,44 @@
-h localhost -h localhost
-A ./certs/test/server-garbage.pem -A ./certs/test/server-garbage.pem
-m -m
-2
# Verify Callback Failure Tests # Verify Callback Failure Tests
# no error going into callback, return error # no error going into callback, return error
# server # server
-v 3 -v 3
-l ECDHE-RSA-AES128-GCM-SHA256 -l ECDHE-RSA-AES128-GCM-SHA256
-2
# client verify should fail # client verify should fail
-v 3 -v 3
-l ECDHE-RSA-AES128-GCM-SHA256 -l ECDHE-RSA-AES128-GCM-SHA256
-H verifyFail -H verifyFail
-2
# server verify should fail # server verify should fail
-v 3 -v 3
-l ECDHE-RSA-AES128-GCM-SHA256 -l ECDHE-RSA-AES128-GCM-SHA256
-H verifyFail -H verifyFail
-2
# client # client
-v 3 -v 3
-l ECDHE-RSA-AES128-GCM-SHA256 -l ECDHE-RSA-AES128-GCM-SHA256
-2
# server # server
-v 3 -v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256 -l ECDHE-ECDSA-AES128-GCM-SHA256
-2
# client verify should fail # client verify should fail
-v 3 -v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256 -l ECDHE-ECDSA-AES128-GCM-SHA256
-H verifyFail -H verifyFail
-2
# server verify should fail # server verify should fail
-v 3 -v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256 -l ECDHE-ECDSA-AES128-GCM-SHA256
-H verifyFail -H verifyFail
-2
# client # client
-v 3 -v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256 -l ECDHE-ECDSA-AES128-GCM-SHA256
-2
# error going into callback, return error # error going into callback, return error
# server # server
@ -177,23 +151,19 @@
-l ECDHE-RSA-AES128-GCM-SHA256 -l ECDHE-RSA-AES128-GCM-SHA256
-c ./certs/test/server-cert-rsa-badsig.pem -c ./certs/test/server-cert-rsa-badsig.pem
-k ./certs/server-key.pem -k ./certs/server-key.pem
-2
# client verify should fail # client verify should fail
-v 3 -v 3
-l ECDHE-RSA-AES128-GCM-SHA256 -l ECDHE-RSA-AES128-GCM-SHA256
-H verifyFail -H verifyFail
-2
# server # server
-v 3 -v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256 -l ECDHE-ECDSA-AES128-GCM-SHA256
-c ./certs/test/server-cert-ecc-badsig.pem -c ./certs/test/server-cert-ecc-badsig.pem
-k ./certs/ecc-key.pem -k ./certs/ecc-key.pem
-2
# client verify should fail # client verify should fail
-v 3 -v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256 -l ECDHE-ECDSA-AES128-GCM-SHA256
-H verifyFail -H verifyFail
-2

36
tests/test-maxfrag-dtls.conf
View File

@ -4,7 +4,6 @@
-l ECDHE-ECDSA-AES256-GCM-SHA384 -l ECDHE-ECDSA-AES256-GCM-SHA384
-c ./certs/server-ecc.pem -c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem -k ./certs/ecc-key.pem
-2
# client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 # client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
-u -u
@ -12,33 +11,28 @@
-l ECDHE-ECDSA-AES256-GCM-SHA384 -l ECDHE-ECDSA-AES256-GCM-SHA384
-A ./certs/ca-ecc-cert.pem -A ./certs/ca-ecc-cert.pem
-F 1 -F 1
-2
# server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 # server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
-u -u
-v 3 -v 3
-l ECDHE-RSA-AES256-GCM-SHA384 -l ECDHE-RSA-AES256-GCM-SHA384
-2
# client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 # client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
-u -u
-v 3 -v 3
-l ECDHE-RSA-AES256-GCM-SHA384 -l ECDHE-RSA-AES256-GCM-SHA384
-F 1 -F 1
-2
# server DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 # server DTLSv1.2 DHE-RSA-AES256-GCM-SHA384
-u -u
-v 3 -v 3
-l DHE-RSA-AES256-GCM-SHA384 -l DHE-RSA-AES256-GCM-SHA384
-2
# client DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 # client DTLSv1.2 DHE-RSA-AES256-GCM-SHA384
-u -u
-v 3 -v 3
-l DHE-RSA-AES256-GCM-SHA384 -l DHE-RSA-AES256-GCM-SHA384
-F 1 -F 1
-2
# server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 # server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
-u -u
@ -46,7 +40,6 @@
-l ECDHE-ECDSA-AES256-GCM-SHA384 -l ECDHE-ECDSA-AES256-GCM-SHA384
-c ./certs/server-ecc.pem -c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem -k ./certs/ecc-key.pem
-2
# client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 # client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
-u -u
@ -54,33 +47,28 @@
-l ECDHE-ECDSA-AES256-GCM-SHA384 -l ECDHE-ECDSA-AES256-GCM-SHA384
-A ./certs/ca-ecc-cert.pem -A ./certs/ca-ecc-cert.pem
-F 2 -F 2
-2
# server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 # server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
-u -u
-v 3 -v 3
-l ECDHE-RSA-AES256-GCM-SHA384 -l ECDHE-RSA-AES256-GCM-SHA384
-2
# client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 # client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
-u -u
-v 3 -v 3
-l ECDHE-RSA-AES256-GCM-SHA384 -l ECDHE-RSA-AES256-GCM-SHA384
-F 2 -F 2
-2
# server DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 # server DTLSv1.2 DHE-RSA-AES256-GCM-SHA384
-u -u
-v 3 -v 3
-l DHE-RSA-AES256-GCM-SHA384 -l DHE-RSA-AES256-GCM-SHA384
-2
# client DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 # client DTLSv1.2 DHE-RSA-AES256-GCM-SHA384
-u -u
-v 3 -v 3
-l DHE-RSA-AES256-GCM-SHA384 -l DHE-RSA-AES256-GCM-SHA384
-F 2 -F 2
-2
# server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 # server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
-u -u
@ -88,7 +76,6 @@
-l ECDHE-ECDSA-AES256-GCM-SHA384 -l ECDHE-ECDSA-AES256-GCM-SHA384
-c ./certs/server-ecc.pem -c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem -k ./certs/ecc-key.pem
-2
# client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 # client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
-u -u
@ -96,33 +83,28 @@
-l ECDHE-ECDSA-AES256-GCM-SHA384 -l ECDHE-ECDSA-AES256-GCM-SHA384
-A ./certs/ca-ecc-cert.pem -A ./certs/ca-ecc-cert.pem
-F 3 -F 3
-2
# server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 # server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
-u -u
-v 3 -v 3
-l ECDHE-RSA-AES256-GCM-SHA384 -l ECDHE-RSA-AES256-GCM-SHA384
-2
# client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 # client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
-u -u
-v 3 -v 3
-l ECDHE-RSA-AES256-GCM-SHA384 -l ECDHE-RSA-AES256-GCM-SHA384
-F 3 -F 3
-2
# server DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 # server DTLSv1.2 DHE-RSA-AES256-GCM-SHA384
-u -u
-v 3 -v 3
-l DHE-RSA-AES256-GCM-SHA384 -l DHE-RSA-AES256-GCM-SHA384
-2
# client DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 # client DTLSv1.2 DHE-RSA-AES256-GCM-SHA384
-u -u
-v 3 -v 3
-l DHE-RSA-AES256-GCM-SHA384 -l DHE-RSA-AES256-GCM-SHA384
-F 3 -F 3
-2
# server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 # server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
-u -u
@ -130,7 +112,6 @@
-l ECDHE-ECDSA-AES256-GCM-SHA384 -l ECDHE-ECDSA-AES256-GCM-SHA384
-c ./certs/server-ecc.pem -c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem -k ./certs/ecc-key.pem
-2
# client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 # client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
-u -u
@ -138,33 +119,28 @@
-l ECDHE-ECDSA-AES256-GCM-SHA384 -l ECDHE-ECDSA-AES256-GCM-SHA384
-A ./certs/ca-ecc-cert.pem -A ./certs/ca-ecc-cert.pem
-F 4 -F 4
-2
# server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 # server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
-u -u
-v 3 -v 3
-l ECDHE-RSA-AES256-GCM-SHA384 -l ECDHE-RSA-AES256-GCM-SHA384
-2
# client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 # client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
-u -u
-v 3 -v 3
-l ECDHE-RSA-AES256-GCM-SHA384 -l ECDHE-RSA-AES256-GCM-SHA384
-F 4 -F 4
-2
# server DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 # server DTLSv1.2 DHE-RSA-AES256-GCM-SHA384
-u -u
-v 3 -v 3
-l DHE-RSA-AES256-GCM-SHA384 -l DHE-RSA-AES256-GCM-SHA384
-2
# client DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 # client DTLSv1.2 DHE-RSA-AES256-GCM-SHA384
-u -u
-v 3 -v 3
-l DHE-RSA-AES256-GCM-SHA384 -l DHE-RSA-AES256-GCM-SHA384
-F 4 -F 4
-2
# server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 # server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
-u -u
@ -172,7 +148,6 @@
-l ECDHE-ECDSA-AES256-GCM-SHA384 -l ECDHE-ECDSA-AES256-GCM-SHA384
-c ./certs/server-ecc.pem -c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem -k ./certs/ecc-key.pem
-2
# client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 # client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
-u -u
@ -180,33 +155,28 @@
-l ECDHE-ECDSA-AES256-GCM-SHA384 -l ECDHE-ECDSA-AES256-GCM-SHA384
-A ./certs/ca-ecc-cert.pem -A ./certs/ca-ecc-cert.pem
-F 5 -F 5
-2
# server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 # server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
-u -u
-v 3 -v 3
-l ECDHE-RSA-AES256-GCM-SHA384 -l ECDHE-RSA-AES256-GCM-SHA384
-2
# client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 # client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
-u -u
-v 3 -v 3
-l ECDHE-RSA-AES256-GCM-SHA384 -l ECDHE-RSA-AES256-GCM-SHA384
-F 5 -F 5
-2
# server DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 # server DTLSv1.2 DHE-RSA-AES256-GCM-SHA384
-u -u
-v 3 -v 3
-l DHE-RSA-AES256-GCM-SHA384 -l DHE-RSA-AES256-GCM-SHA384
-2
# client DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 # client DTLSv1.2 DHE-RSA-AES256-GCM-SHA384
-u -u
-v 3 -v 3
-l DHE-RSA-AES256-GCM-SHA384 -l DHE-RSA-AES256-GCM-SHA384
-F 5 -F 5
-2
# server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 # server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
-u -u
@ -214,7 +184,6 @@
-l ECDHE-ECDSA-AES256-GCM-SHA384 -l ECDHE-ECDSA-AES256-GCM-SHA384
-c ./certs/server-ecc.pem -c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem -k ./certs/ecc-key.pem
-2
# client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 # client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
-u -u
@ -222,30 +191,25 @@
-l ECDHE-ECDSA-AES256-GCM-SHA384 -l ECDHE-ECDSA-AES256-GCM-SHA384
-A ./certs/ca-ecc-cert.pem -A ./certs/ca-ecc-cert.pem
-F 6 -F 6
-2
# server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 # server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
-u -u
-v 3 -v 3
-l ECDHE-RSA-AES256-GCM-SHA384 -l ECDHE-RSA-AES256-GCM-SHA384
-2
# client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 # client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
-u -u
-v 3 -v 3
-l ECDHE-RSA-AES256-GCM-SHA384 -l ECDHE-RSA-AES256-GCM-SHA384
-F 6 -F 6
-2
# server DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 # server DTLSv1.2 DHE-RSA-AES256-GCM-SHA384
-u -u
-v 3 -v 3
-l DHE-RSA-AES256-GCM-SHA384 -l DHE-RSA-AES256-GCM-SHA384
-2
# client DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 # client DTLSv1.2 DHE-RSA-AES256-GCM-SHA384
-u -u
-v 3 -v 3
-l DHE-RSA-AES256-GCM-SHA384 -l DHE-RSA-AES256-GCM-SHA384
-F 6 -F 6
-2

36
tests/test-maxfrag.conf
View File

@ -3,213 +3,177 @@
-l ECDHE-ECDSA-AES256-GCM-SHA384 -l ECDHE-ECDSA-AES256-GCM-SHA384
-c ./certs/server-ecc.pem -c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem -k ./certs/ecc-key.pem
-2
# client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
-v 3 -v 3
-l ECDHE-ECDSA-AES256-GCM-SHA384 -l ECDHE-ECDSA-AES256-GCM-SHA384
-A ./certs/ca-ecc-cert.pem -A ./certs/ca-ecc-cert.pem
-F 1 -F 1
-2
# server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 # server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
-v 3 -v 3
-l ECDHE-RSA-AES256-GCM-SHA384 -l ECDHE-RSA-AES256-GCM-SHA384
-2
# client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 # client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
-v 3 -v 3
-l ECDHE-RSA-AES256-GCM-SHA384 -l ECDHE-RSA-AES256-GCM-SHA384
-F 1 -F 1
-2
# server TLSv1.2 DHE-RSA-AES256-GCM-SHA384 # server TLSv1.2 DHE-RSA-AES256-GCM-SHA384
-v 3 -v 3
-l DHE-RSA-AES256-GCM-SHA384 -l DHE-RSA-AES256-GCM-SHA384
-2
# client TLSv1.2 DHE-RSA-AES256-GCM-SHA384 # client TLSv1.2 DHE-RSA-AES256-GCM-SHA384
-v 3 -v 3
-l DHE-RSA-AES256-GCM-SHA384 -l DHE-RSA-AES256-GCM-SHA384
-F 1 -F 1
-2
# server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 # server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
-v 3 -v 3
-l ECDHE-ECDSA-AES256-GCM-SHA384 -l ECDHE-ECDSA-AES256-GCM-SHA384
-c ./certs/server-ecc.pem -c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem -k ./certs/ecc-key.pem
-2
# client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
-v 3 -v 3
-l ECDHE-ECDSA-AES256-GCM-SHA384 -l ECDHE-ECDSA-AES256-GCM-SHA384
-A ./certs/ca-ecc-cert.pem -A ./certs/ca-ecc-cert.pem
-F 2 -F 2
-2
# server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 # server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
-v 3 -v 3
-l ECDHE-RSA-AES256-GCM-SHA384 -l ECDHE-RSA-AES256-GCM-SHA384
-2
# client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 # client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
-v 3 -v 3
-l ECDHE-RSA-AES256-GCM-SHA384 -l ECDHE-RSA-AES256-GCM-SHA384
-F 2 -F 2
-2
# server TLSv1.2 DHE-RSA-AES256-GCM-SHA384 # server TLSv1.2 DHE-RSA-AES256-GCM-SHA384
-v 3 -v 3
-l DHE-RSA-AES256-GCM-SHA384 -l DHE-RSA-AES256-GCM-SHA384
-2
# client TLSv1.2 DHE-RSA-AES256-GCM-SHA384 # client TLSv1.2 DHE-RSA-AES256-GCM-SHA384
-v 3 -v 3
-l DHE-RSA-AES256-GCM-SHA384 -l DHE-RSA-AES256-GCM-SHA384
-F 2 -F 2
-2
# server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 # server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
-v 3 -v 3
-l ECDHE-ECDSA-AES256-GCM-SHA384 -l ECDHE-ECDSA-AES256-GCM-SHA384
-c ./certs/server-ecc.pem -c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem -k ./certs/ecc-key.pem
-2
# client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
-v 3 -v 3
-l ECDHE-ECDSA-AES256-GCM-SHA384 -l ECDHE-ECDSA-AES256-GCM-SHA384
-A ./certs/ca-ecc-cert.pem -A ./certs/ca-ecc-cert.pem
-F 3 -F 3
-2
# server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 # server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
-v 3 -v 3
-l ECDHE-RSA-AES256-GCM-SHA384 -l ECDHE-RSA-AES256-GCM-SHA384
-2
# client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 # client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
-v 3 -v 3
-l ECDHE-RSA-AES256-GCM-SHA384 -l ECDHE-RSA-AES256-GCM-SHA384
-F 3 -F 3
-2
# server TLSv1.2 DHE-RSA-AES256-GCM-SHA384 # server TLSv1.2 DHE-RSA-AES256-GCM-SHA384
-v 3 -v 3
-l DHE-RSA-AES256-GCM-SHA384 -l DHE-RSA-AES256-GCM-SHA384
-2
# client TLSv1.2 DHE-RSA-AES256-GCM-SHA384 # client TLSv1.2 DHE-RSA-AES256-GCM-SHA384
-v 3 -v 3
-l DHE-RSA-AES256-GCM-SHA384 -l DHE-RSA-AES256-GCM-SHA384
-F 3 -F 3
-2
# server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 # server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
-v 3 -v 3
-l ECDHE-ECDSA-AES256-GCM-SHA384 -l ECDHE-ECDSA-AES256-GCM-SHA384
-c ./certs/server-ecc.pem -c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem -k ./certs/ecc-key.pem
-2
# client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
-v 3 -v 3
-l ECDHE-ECDSA-AES256-GCM-SHA384 -l ECDHE-ECDSA-AES256-GCM-SHA384
-A ./certs/ca-ecc-cert.pem -A ./certs/ca-ecc-cert.pem
-F 4 -F 4
-2
# server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 # server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
-v 3 -v 3
-l ECDHE-RSA-AES256-GCM-SHA384 -l ECDHE-RSA-AES256-GCM-SHA384
-2
# client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 # client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
-v 3 -v 3
-l ECDHE-RSA-AES256-GCM-SHA384 -l ECDHE-RSA-AES256-GCM-SHA384
-F 4 -F 4
-2
# server TLSv1.2 DHE-RSA-AES256-GCM-SHA384 # server TLSv1.2 DHE-RSA-AES256-GCM-SHA384
-v 3 -v 3
-l DHE-RSA-AES256-GCM-SHA384 -l DHE-RSA-AES256-GCM-SHA384
-2
# client TLSv1.2 DHE-RSA-AES256-GCM-SHA384 # client TLSv1.2 DHE-RSA-AES256-GCM-SHA384
-v 3 -v 3
-l DHE-RSA-AES256-GCM-SHA384 -l DHE-RSA-AES256-GCM-SHA384
-F 4 -F 4
-2
# server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 # server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
-v 3 -v 3
-l ECDHE-ECDSA-AES256-GCM-SHA384 -l ECDHE-ECDSA-AES256-GCM-SHA384
-c ./certs/server-ecc.pem -c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem -k ./certs/ecc-key.pem
-2
# client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
-v 3 -v 3
-l ECDHE-ECDSA-AES256-GCM-SHA384 -l ECDHE-ECDSA-AES256-GCM-SHA384
-A ./certs/ca-ecc-cert.pem -A ./certs/ca-ecc-cert.pem
-F 5 -F 5
-2
# server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 # server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
-v 3 -v 3
-l ECDHE-RSA-AES256-GCM-SHA384 -l ECDHE-RSA-AES256-GCM-SHA384
-2
# client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 # client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
-v 3 -v 3
-l ECDHE-RSA-AES256-GCM-SHA384 -l ECDHE-RSA-AES256-GCM-SHA384
-F 5 -F 5
-2
# server TLSv1.2 DHE-RSA-AES256-GCM-SHA384 # server TLSv1.2 DHE-RSA-AES256-GCM-SHA384
-v 3 -v 3
-l DHE-RSA-AES256-GCM-SHA384 -l DHE-RSA-AES256-GCM-SHA384
-2
# client TLSv1.2 DHE-RSA-AES256-GCM-SHA384 # client TLSv1.2 DHE-RSA-AES256-GCM-SHA384
-v 3 -v 3
-l DHE-RSA-AES256-GCM-SHA384 -l DHE-RSA-AES256-GCM-SHA384
-F 5 -F 5
-2
# server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 # server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
-v 3 -v 3
-l ECDHE-ECDSA-AES256-GCM-SHA384 -l ECDHE-ECDSA-AES256-GCM-SHA384
-c ./certs/server-ecc.pem -c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem -k ./certs/ecc-key.pem
-2
# client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
-v 3 -v 3
-l ECDHE-ECDSA-AES256-GCM-SHA384 -l ECDHE-ECDSA-AES256-GCM-SHA384
-A ./certs/ca-ecc-cert.pem -A ./certs/ca-ecc-cert.pem
-F 6 -F 6
-2
# server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 # server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
-v 3 -v 3
-l ECDHE-RSA-AES256-GCM-SHA384 -l ECDHE-RSA-AES256-GCM-SHA384
-2
# client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 # client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
-v 3 -v 3
-l ECDHE-RSA-AES256-GCM-SHA384 -l ECDHE-RSA-AES256-GCM-SHA384
-F 6 -F 6
-2
# server TLSv1.2 DHE-RSA-AES256-GCM-SHA384 # server TLSv1.2 DHE-RSA-AES256-GCM-SHA384
-v 3 -v 3
-l DHE-RSA-AES256-GCM-SHA384 -l DHE-RSA-AES256-GCM-SHA384
-2
# client TLSv1.2 DHE-RSA-AES256-GCM-SHA384 # client TLSv1.2 DHE-RSA-AES256-GCM-SHA384
-v 3 -v 3
-l DHE-RSA-AES256-GCM-SHA384 -l DHE-RSA-AES256-GCM-SHA384
-F 6 -F 6
-2

54
tests/test-psk-no-id.conf
View File

@ -3,311 +3,263 @@
-I -I
-v 3 -v 3
-l PSK-CHACHA20-POLY1305 -l PSK-CHACHA20-POLY1305
-2
# No Hint client TLSv1.2 PSK-CHACHA20-POLY1305 # No Hint client TLSv1.2 PSK-CHACHA20-POLY1305
-s -s
-v 3 -v 3
-l PSK-CHACHA20-POLY1305 -l PSK-CHACHA20-POLY1305
-2
# No Hint server TLSv1.2 DHE-PSK-CHACHA20-POLY1305 # No Hint server TLSv1.2 DHE-PSK-CHACHA20-POLY1305
-s -s
-I -I
-v 3 -v 3
-l DHE-PSK-CHACHA20-POLY1305 -l DHE-PSK-CHACHA20-POLY1305
-2
# No Hint client TLSv1.2 DHE-PSK-CHACHA20-POLY1305 # No Hint client TLSv1.2 DHE-PSK-CHACHA20-POLY1305
-s -s
-v 3 -v 3
-l DHE-PSK-CHACHA20-POLY1305 -l DHE-PSK-CHACHA20-POLY1305
-2
# No Hint server TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 # No Hint server TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305
-s -s
-I -I
-v 3 -v 3
-l ECDHE-PSK-CHACHA20-POLY1305 -l ECDHE-PSK-CHACHA20-POLY1305
-2
# No Hint client TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 # No Hint client TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305
-s -s
-v 3 -v 3
-l ECDHE-PSK-CHACHA20-POLY1305 -l ECDHE-PSK-CHACHA20-POLY1305
-2
# No Hint server TLSv1 ECDHE-PSK-AES128-SHA256 # No Hint server TLSv1 ECDHE-PSK-AES128-SHA256
-s -s
-I -I
-v 1 -v 1
-l ECDHE-PSK-AES128-SHA256 -l ECDHE-PSK-AES128-SHA256
-2
# No Hint client TLSv1 ECDHE-PSK-AES128-SHA256 # No Hint client TLSv1 ECDHE-PSK-AES128-SHA256
-s -s
-v 1 -v 1
-l ECDHE-PSK-AES128-SHA256 -l ECDHE-PSK-AES128-SHA256
-2
# No Hint server TLSv1.1 ECDHE-PSK-AES128-SHA256 # No Hint server TLSv1.1 ECDHE-PSK-AES128-SHA256
-s -s
-I -I
-v 2 -v 2
-l ECDHE-PSK-AES128-SHA256 -l ECDHE-PSK-AES128-SHA256
-2
# No Hint client TLSv1.1 ECDHE-PSK-AES128-SHA256 # No Hint client TLSv1.1 ECDHE-PSK-AES128-SHA256
-s -s
-v 2 -v 2
-l ECDHE-PSK-AES128-SHA256 -l ECDHE-PSK-AES128-SHA256
-2
# No Hint server TLSv1.2 ECDHE-PSK-AES128-SHA256 # No Hint server TLSv1.2 ECDHE-PSK-AES128-SHA256
-s -s
-I -I
-v 3 -v 3
-l ECDHE-PSK-AES128-SHA256 -l ECDHE-PSK-AES128-SHA256
-2
# No Hint client TLSv1.2 ECDHE-PSK-AES128-SHA256 # No Hint client TLSv1.2 ECDHE-PSK-AES128-SHA256
-s -s
-v 3 -v 3
-l ECDHE-PSK-AES128-SHA256 -l ECDHE-PSK-AES128-SHA256
-2
# No Hint server TLSv1 ECDHE-PSK-NULL-SHA256 # No Hint server TLSv1 ECDHE-PSK-NULL-SHA256
-s -s
-I -I
-v 1 -v 1
-l ECDHE-PSK-NULL-SHA256 -l ECDHE-PSK-NULL-SHA256
-2
# No Hint client TLSv1 ECDHE-PSK-NULL-SHA256 # No Hint client TLSv1 ECDHE-PSK-NULL-SHA256
-s -s
-v 1 -v 1
-l ECDHE-PSK-NULL-SHA256 -l ECDHE-PSK-NULL-SHA256
-2
# No Hint server TLSv1.1 ECDHE-PSK-NULL-SHA256 # No Hint server TLSv1.1 ECDHE-PSK-NULL-SHA256
-s -s
-I -I
-v 2 -v 2
-l ECDHE-PSK-NULL-SHA256 -l ECDHE-PSK-NULL-SHA256
-2
# No Hint client TLSv1.1 ECDHE-PSK-NULL-SHA256 # No Hint client TLSv1.1 ECDHE-PSK-NULL-SHA256
-s -s
-v 2 -v 2
-l ECDHE-PSK-NULL-SHA256 -l ECDHE-PSK-NULL-SHA256
-2
# No Hint server TLSv1.2 ECDHE-PSK-NULL-SHA256 # No Hint server TLSv1.2 ECDHE-PSK-NULL-SHA256
-s -s
-I -I
-v 3 -v 3
-l ECDHE-PSK-NULL-SHA256 -l ECDHE-PSK-NULL-SHA256
-2
# No Hint client TLSv1.2 ECDHE-PSK-NULL-SHA256 # No Hint client TLSv1.2 ECDHE-PSK-NULL-SHA256
-s -s
-v 3 -v 3
-l ECDHE-PSK-NULL-SHA256 -l ECDHE-PSK-NULL-SHA256
-2
# No Hint server TLSv1 PSK-AES128 # No Hint server TLSv1 PSK-AES128
-s -s
-I -I
-v 1 -v 1
-l PSK-AES128-CBC-SHA -l PSK-AES128-CBC-SHA
-2
# No Hint client TLSv1 PSK-AES128 # No Hint client TLSv1 PSK-AES128
-s -s
-v 1 -v 1
-l PSK-AES128-CBC-SHA -l PSK-AES128-CBC-SHA
-2
# No Hint server TLSv1 PSK-AES256 # No Hint server TLSv1 PSK-AES256
-s -s
-I -I
-v 1 -v 1
-l PSK-AES256-CBC-SHA -l PSK-AES256-CBC-SHA
-2
# No Hint client TLSv1 PSK-AES256 # No Hint client TLSv1 PSK-AES256
-s -s
-v 1 -v 1
-l PSK-AES256-CBC-SHA -l PSK-AES256-CBC-SHA
-2
# No Hint server TLSv1.1 PSK-AES128 # No Hint server TLSv1.1 PSK-AES128
-s -s
-I -I
-v 2 -v 2
-l PSK-AES128-CBC-SHA -l PSK-AES128-CBC-SHA
-2
# No Hint client TLSv1.1 PSK-AES128 # No Hint client TLSv1.1 PSK-AES128
-s -s
-v 2 -v 2
-l PSK-AES128-CBC-SHA -l PSK-AES128-CBC-SHA
-2
# No Hint server TLSv1.1 PSK-AES256 # No Hint server TLSv1.1 PSK-AES256
-s -s
-I -I
-v 2 -v 2
-l PSK-AES256-CBC-SHA -l PSK-AES256-CBC-SHA
-2
# No Hint client TLSv1.1 PSK-AES256 # No Hint client TLSv1.1 PSK-AES256
-s -s
-v 2 -v 2
-l PSK-AES256-CBC-SHA -l PSK-AES256-CBC-SHA
-2
# No Hint server TLSv1.2 PSK-AES128 # No Hint server TLSv1.2 PSK-AES128
-s -s
-I -I
-v 3 -v 3
-l PSK-AES128-CBC-SHA -l PSK-AES128-CBC-SHA
-2
# No Hint client TLSv1.2 PSK-AES128 # No Hint client TLSv1.2 PSK-AES128
-s -s
-v 3 -v 3
-l PSK-AES128-CBC-SHA -l PSK-AES128-CBC-SHA
-2
# No Hint server TLSv1.2 PSK-AES256 # No Hint server TLSv1.2 PSK-AES256
-s -s
-I -I
-v 3 -v 3
-l PSK-AES256-CBC-SHA -l PSK-AES256-CBC-SHA
-2
# No Hint client TLSv1.2 PSK-AES256 # No Hint client TLSv1.2 PSK-AES256
-s -s
-v 3 -v 3
-l PSK-AES256-CBC-SHA -l PSK-AES256-CBC-SHA
-2
# No Hint server TLSv1.0 PSK-AES128-SHA256 # No Hint server TLSv1.0 PSK-AES128-SHA256
-s -s
-I -I
-v 1 -v 1
-l PSK-AES128-CBC-SHA256 -l PSK-AES128-CBC-SHA256
-2
# No Hint client TLSv1.0 PSK-AES128-SHA256 # No Hint client TLSv1.0 PSK-AES128-SHA256
-s -s
-v 1 -v 1
-l PSK-AES128-CBC-SHA256 -l PSK-AES128-CBC-SHA256
-2
# No Hint server TLSv1.1 PSK-AES128-SHA256 # No Hint server TLSv1.1 PSK-AES128-SHA256
-s -s
-I -I
-v 2 -v 2
-l PSK-AES128-CBC-SHA256 -l PSK-AES128-CBC-SHA256
-2
# No Hint client TLSv1.1 PSK-AES128-SHA256 # No Hint client TLSv1.1 PSK-AES128-SHA256
-s -s
-v 2 -v 2
-l PSK-AES128-CBC-SHA256 -l PSK-AES128-CBC-SHA256
-2
# No Hint server TLSv1.2 PSK-AES128-SHA256 # No Hint server TLSv1.2 PSK-AES128-SHA256
-s -s
-I -I
-v 3 -v 3
-l PSK-AES128-CBC-SHA256 -l PSK-AES128-CBC-SHA256
-2
# No Hint client TLSv1.2 PSK-AES128-SHA256 # No Hint client TLSv1.2 PSK-AES128-SHA256
-s -s
-v 3 -v 3
-l PSK-AES128-CBC-SHA256 -l PSK-AES128-CBC-SHA256
-2
# No Hint server TLSv1.0 PSK-AES256-SHA384 # No Hint server TLSv1.0 PSK-AES256-SHA384
-s -s
-I -I
-v 1 -v 1
-l PSK-AES256-CBC-SHA384 -l PSK-AES256-CBC-SHA384
-2
# No Hint client TLSv1.0 PSK-AES256-SHA384 # No Hint client TLSv1.0 PSK-AES256-SHA384
-s -s
-v 1 -v 1
-l PSK-AES256-CBC-SHA384 -l PSK-AES256-CBC-SHA384
-2
# No Hint server TLSv1.1 PSK-AES256-SHA384 # No Hint server TLSv1.1 PSK-AES256-SHA384
-s -s
-I -I
-v 2 -v 2
-l PSK-AES256-CBC-SHA384 -l PSK-AES256-CBC-SHA384
-2
# No Hint client TLSv1.1 PSK-AES256-SHA384 # No Hint client TLSv1.1 PSK-AES256-SHA384
-s -s
-v 2 -v 2
-l PSK-AES256-CBC-SHA384 -l PSK-AES256-CBC-SHA384
-2
# No Hint server TLSv1.2 PSK-AES256-SHA384 # No Hint server TLSv1.2 PSK-AES256-SHA384
-s -s
-I -I
-v 3 -v 3
-l PSK-AES256-CBC-SHA384 -l PSK-AES256-CBC-SHA384
-2
# No Hint client TLSv1.2 PSK-AES256-SHA384 # No Hint client TLSv1.2 PSK-AES256-SHA384
-s -s
-v 3 -v 3
-l PSK-AES256-CBC-SHA384 -l PSK-AES256-CBC-SHA384
-2
# server TLSv1.2 PSK-AES128-GCM-SHA256 # server TLSv1.2 PSK-AES128-GCM-SHA256
-s -s
-I -I
-v 3 -v 3
-l PSK-AES128-GCM-SHA256 -l PSK-AES128-GCM-SHA256
-2
# client TLSv1.2 PSK-AES128-GCM-SHA256 # client TLSv1.2 PSK-AES128-GCM-SHA256
-s -s
-v 3 -v 3
-l PSK-AES128-GCM-SHA256 -l PSK-AES128-GCM-SHA256
-2
# server TLSv1.2 PSK-AES256-GCM-SHA384 # server TLSv1.2 PSK-AES256-GCM-SHA384
-s -s
-I -I
-v 3 -v 3
-l PSK-AES256-GCM-SHA384 -l PSK-AES256-GCM-SHA384
-2
# client TLSv1.2 PSK-AES256-GCM-SHA384 # client TLSv1.2 PSK-AES256-GCM-SHA384
-s -s
-v 3 -v 3
-l PSK-AES256-GCM-SHA384 -l PSK-AES256-GCM-SHA384
-2
# server TLSv1.3 AES128-GCM-SHA256 # server TLSv1.3 AES128-GCM-SHA256
-s -s
-v 4 -v 4
-l TLS13-AES128-GCM-SHA256 -l TLS13-AES128-GCM-SHA256
-2
# client TLSv1.3 AES128-GCM-SHA256 # client TLSv1.3 AES128-GCM-SHA256
-s -s
-v 4 -v 4
-l TLS13-AES128-GCM-SHA256 -l TLS13-AES128-GCM-SHA256
-2
# server TLSv1.3 accepting EarlyData using PSK # server TLSv1.3 accepting EarlyData using PSK
-v 4 -v 4
@ -315,7 +267,6 @@
-r -r
-s -s
-0 -0
-2
# client TLSv1.3 sending EarlyData using PSK # client TLSv1.3 sending EarlyData using PSK
-v 4 -v 4
@ -323,14 +274,12 @@
-r -r
-s -s
-0 -0
-2
# server TLSv1.3 not accepting EarlyData using PSK # server TLSv1.3 not accepting EarlyData using PSK
-v 4 -v 4
-l TLS13-AES128-GCM-SHA256 -l TLS13-AES128-GCM-SHA256
-r -r
-s -s
-2
# client TLSv1.3 sending EarlyData using PSK # client TLSv1.3 sending EarlyData using PSK
-v 4 -v 4
@ -338,7 +287,6 @@
-r -r
-s -s
-0 -0
-2
# server TLSv1.3 accepting EarlyData using PSK # server TLSv1.3 accepting EarlyData using PSK
-v 4 -v 4
@ -346,11 +294,9 @@
-r -r
-s -s
-0 -0
-2
# client TLSv1.3 not sending EarlyData using PSK # client TLSv1.3 not sending EarlyData using PSK
-v 4 -v 4
-l TLS13-AES128-GCM-SHA256 -l TLS13-AES128-GCM-SHA256
-r -r
-s -s
-2

2
tests/test-psk.conf
View File

@ -1,9 +1,7 @@
# server - PSK plus certificates # server - PSK plus certificates
-j -j
-l PSK-CHACHA20-POLY1305 -l PSK-CHACHA20-POLY1305
-2
# client- standard PSK # client- standard PSK
-s -s
-l PSK-CHACHA20-POLY1305 -l PSK-CHACHA20-POLY1305
-2

466
tests/test-qsh.conf
View File

File diff suppressed because it is too large Load Diff

190
tests/test-sctp.conf
View File

File diff suppressed because it is too large Load Diff

40
tests/test-sig.conf
View File

@ -3,257 +3,217 @@
-l ECDHE-ECDSA-DES-CBC3-SHA -l ECDHE-ECDSA-DES-CBC3-SHA
-c ./certs/server-ecc-rsa.pem -c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem -k ./certs/ecc-key.pem
-2
# client TLSv1 ECDHE-ECDSA-DES3 # client TLSv1 ECDHE-ECDSA-DES3
-v 1 -v 1
-l ECDHE-ECDSA-DES-CBC3-SHA -l ECDHE-ECDSA-DES-CBC3-SHA
-A ./certs/ca-cert.pem -A ./certs/ca-cert.pem
-2
# server TLSv1 ECDHE-ECDSA-AES128 # server TLSv1 ECDHE-ECDSA-AES128
-v 1 -v 1
-l ECDHE-ECDSA-AES128-SHA -l ECDHE-ECDSA-AES128-SHA
-c ./certs/server-ecc.pem -c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem -k ./certs/ecc-key.pem
-2
# client TLSv1 ECDHE-ECDSA-AES128 # client TLSv1 ECDHE-ECDSA-AES128
-v 1 -v 1
-l ECDHE-ECDSA-AES128-SHA -l ECDHE-ECDSA-AES128-SHA
-A ./certs/ca-ecc-cert.pem -A ./certs/ca-ecc-cert.pem
-2
# server TLSv1 ECDHE-ECDSA-AES128 # server TLSv1 ECDHE-ECDSA-AES128
-v 1 -v 1
-l ECDHE-ECDSA-AES128-SHA -l ECDHE-ECDSA-AES128-SHA
-c ./certs/server-ecc-rsa.pem -c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem -k ./certs/ecc-key.pem
-2
# client TLSv1 ECDHE-ECDSA-AES128 # client TLSv1 ECDHE-ECDSA-AES128
-v 1 -v 1
-l ECDHE-ECDSA-AES128-SHA -l ECDHE-ECDSA-AES128-SHA
-A ./certs/ca-cert.pem -A ./certs/ca-cert.pem
-2
# server TLSv1 ECDHE-ECDSA-AES256 # server TLSv1 ECDHE-ECDSA-AES256
-v 1 -v 1
-l ECDHE-ECDSA-AES256-SHA -l ECDHE-ECDSA-AES256-SHA
-c ./certs/server-ecc-rsa.pem -c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem -k ./certs/ecc-key.pem
-2
# client TLSv1 ECDHE-ECDSA-AES256 # client TLSv1 ECDHE-ECDSA-AES256
-v 1 -v 1
-l ECDHE-ECDSA-AES256-SHA -l ECDHE-ECDSA-AES256-SHA
-A ./certs/ca-cert.pem -A ./certs/ca-cert.pem
-2
# server TLSv1.1 ECDHE-ECDSA-DES3 # server TLSv1.1 ECDHE-ECDSA-DES3
-v 2 -v 2
-l ECDHE-ECDSA-DES-CBC3-SHA -l ECDHE-ECDSA-DES-CBC3-SHA
-c ./certs/server-ecc-rsa.pem -c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem -k ./certs/ecc-key.pem
-2
# client TLSv1.1 ECDHE-ECDSA-DES3 # client TLSv1.1 ECDHE-ECDSA-DES3
-v 2 -v 2
-l ECDHE-ECDSA-DES-CBC3-SHA -l ECDHE-ECDSA-DES-CBC3-SHA
-A ./certs/ca-cert.pem -A ./certs/ca-cert.pem
-2
# server TLSv1.1 ECDHE-ECDSA-AES128 # server TLSv1.1 ECDHE-ECDSA-AES128
-v 2 -v 2
-l ECDHE-ECDSA-AES128-SHA -l ECDHE-ECDSA-AES128-SHA
-c ./certs/server-ecc.pem -c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem -k ./certs/ecc-key.pem
-2
# client TLSv1.1 ECDHE-ECDSA-AES128 # client TLSv1.1 ECDHE-ECDSA-AES128
-v 2 -v 2
-l ECDHE-ECDSA-AES128-SHA -l ECDHE-ECDSA-AES128-SHA
-A ./certs/ca-ecc-cert.pem -A ./certs/ca-ecc-cert.pem
-2
# server TLSv1.1 ECDHE-ECDSA-AES128 # server TLSv1.1 ECDHE-ECDSA-AES128
-v 2 -v 2
-l ECDHE-ECDSA-AES128-SHA -l ECDHE-ECDSA-AES128-SHA
-c ./certs/server-ecc-rsa.pem -c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem -k ./certs/ecc-key.pem
-2
# client TLSv1.1 ECDHE-ECDSA-AES128 # client TLSv1.1 ECDHE-ECDSA-AES128
-v 2 -v 2
-l ECDHE-ECDSA-AES128-SHA -l ECDHE-ECDSA-AES128-SHA
-A ./certs/ca-cert.pem -A ./certs/ca-cert.pem
-2
# server TLSv1.1 ECDHE-ECDSA-AES256 # server TLSv1.1 ECDHE-ECDSA-AES256
-v 2 -v 2
-l ECDHE-ECDSA-AES256-SHA -l ECDHE-ECDSA-AES256-SHA
-c ./certs/server-ecc-rsa.pem -c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem -k ./certs/ecc-key.pem
-2
# client TLSv1.1 ECDHE-ECDSA-AES256 # client TLSv1.1 ECDHE-ECDSA-AES256
-v 2 -v 2
-l ECDHE-ECDSA-AES256-SHA -l ECDHE-ECDSA-AES256-SHA
-A ./certs/ca-cert.pem -A ./certs/ca-cert.pem
-2
# server TLSv1.2 ECDHE-ECDSA-DES3 # server TLSv1.2 ECDHE-ECDSA-DES3
-v 3 -v 3
-l ECDHE-ECDSA-DES-CBC3-SHA -l ECDHE-ECDSA-DES-CBC3-SHA
-c ./certs/server-ecc-rsa.pem -c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem -k ./certs/ecc-key.pem
-2
# client TLSv1.2 ECDHE-ECDSA-DES3 # client TLSv1.2 ECDHE-ECDSA-DES3
-v 3 -v 3
-l ECDHE-ECDSA-DES-CBC3-SHA -l ECDHE-ECDSA-DES-CBC3-SHA
-A ./certs/ca-cert.pem -A ./certs/ca-cert.pem
-2
# server TLSv1.2 ECDHE-ECDSA-AES128 # server TLSv1.2 ECDHE-ECDSA-AES128
-v 3 -v 3
-l ECDHE-ECDSA-AES128-SHA -l ECDHE-ECDSA-AES128-SHA
-c ./certs/server-ecc.pem -c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem -k ./certs/ecc-key.pem
-2
# client TLSv1.2 ECDHE-ECDSA-AES128 # client TLSv1.2 ECDHE-ECDSA-AES128
-v 3 -v 3
-l ECDHE-ECDSA-AES128-SHA -l ECDHE-ECDSA-AES128-SHA
-A ./certs/ca-ecc-cert.pem -A ./certs/ca-ecc-cert.pem
-2
# server TLSv1.2 ECDHE-ECDSA-AES128-SHA256 # server TLSv1.2 ECDHE-ECDSA-AES128-SHA256
-v 3 -v 3
-l ECDHE-ECDSA-AES128-SHA256 -l ECDHE-ECDSA-AES128-SHA256
-c ./certs/server-ecc-rsa.pem -c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem -k ./certs/ecc-key.pem
-2
# client TLSv1.2 ECDHE-ECDSA-AES128-SHA256 # client TLSv1.2 ECDHE-ECDSA-AES128-SHA256
-v 3 -v 3
-l ECDHE-ECDSA-AES128-SHA256 -l ECDHE-ECDSA-AES128-SHA256
-A ./certs/ca-cert.pem -A ./certs/ca-cert.pem
-2
# server TLSv1.2 ECDHE-ECDSA-AES256 # server TLSv1.2 ECDHE-ECDSA-AES256
-v 3 -v 3
-l ECDHE-ECDSA-AES256-SHA -l ECDHE-ECDSA-AES256-SHA
-c ./certs/server-ecc-rsa.pem -c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem -k ./certs/ecc-key.pem
-2
# client TLSv1.2 ECDHE-ECDSA-AES256 # client TLSv1.2 ECDHE-ECDSA-AES256
-v 3 -v 3
-l ECDHE-ECDSA-AES256-SHA -l ECDHE-ECDSA-AES256-SHA
-A ./certs/ca-cert.pem -A ./certs/ca-cert.pem
-2
# server TLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305 # server TLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305
-v 3 -v 3
-l ECDHE-ECDSA-CHACHA20-POLY1305 -l ECDHE-ECDSA-CHACHA20-POLY1305
-c ./certs/server-ecc-rsa.pem -c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem -k ./certs/ecc-key.pem
-2
# client TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305 # client TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305
-v 3 -v 3
-l ECDHE-ECDSA-CHACHA20-POLY1305 -l ECDHE-ECDSA-CHACHA20-POLY1305
-A ./certs/ca-cert.pem -A ./certs/ca-cert.pem
-2
# server TLSv1.2 ECDH-ECDSA-AES128-SHA256 # server TLSv1.2 ECDH-ECDSA-AES128-SHA256
-v 3 -v 3
-l ECDH-ECDSA-AES128-SHA256 -l ECDH-ECDSA-AES128-SHA256
-c ./certs/server-ecc-rsa.pem -c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem -k ./certs/ecc-key.pem
-2
# client TLSv1.2 ECDH-ECDSA-AES128-SHA256 # client TLSv1.2 ECDH-ECDSA-AES128-SHA256
-v 3 -v 3
-l ECDH-ECDSA-AES128-SHA256 -l ECDH-ECDSA-AES128-SHA256
-A ./certs/ca-cert.pem -A ./certs/ca-cert.pem
-2
# server TLSv1.2 ECDH-ECDSA-AES256 # server TLSv1.2 ECDH-ECDSA-AES256
-v 3 -v 3
-l ECDH-ECDSA-AES256-SHA -l ECDH-ECDSA-AES256-SHA
-c ./certs/server-ecc-rsa.pem -c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem -k ./certs/ecc-key.pem
-2
# client TLSv1.2 ECDH-ECDSA-AES256 # client TLSv1.2 ECDH-ECDSA-AES256
-v 3 -v 3
-l ECDH-ECDSA-AES256-SHA -l ECDH-ECDSA-AES256-SHA
-A ./certs/ca-cert.pem -A ./certs/ca-cert.pem
-2
# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 # server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
-v 3 -v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256 -l ECDHE-ECDSA-AES128-GCM-SHA256
-c ./certs/server-ecc-rsa.pem -c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem -k ./certs/ecc-key.pem
-2
# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 # client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
-v 3 -v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256 -l ECDHE-ECDSA-AES128-GCM-SHA256
-A ./certs/ca-cert.pem -A ./certs/ca-cert.pem
-2
# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 # server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
-v 3 -v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256 -l ECDHE-ECDSA-AES128-GCM-SHA256
-c ./certs/server-ecc-rsa.pem -c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-privkey.pem -k ./certs/ecc-privkey.pem
-2
# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 # client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
-v 3 -v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256 -l ECDHE-ECDSA-AES128-GCM-SHA256
-A ./certs/ca-cert.pem -A ./certs/ca-cert.pem
-2
# server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 # server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
-v 3 -v 3
-l ECDHE-ECDSA-AES256-GCM-SHA384 -l ECDHE-ECDSA-AES256-GCM-SHA384
-c ./certs/server-ecc-rsa.pem -c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem -k ./certs/ecc-key.pem
-2
# client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
-v 3 -v 3
-l ECDHE-ECDSA-AES256-GCM-SHA384 -l ECDHE-ECDSA-AES256-GCM-SHA384
-A ./certs/ca-cert.pem -A ./certs/ca-cert.pem
-2
# server TLSv1.2 ECDHE-ECDSA-AES128-CCM # server TLSv1.2 ECDHE-ECDSA-AES128-CCM
-v 3 -v 3
-l ECDHE-ECDSA-AES128-CCM -l ECDHE-ECDSA-AES128-CCM
-c ./certs/server-ecc-rsa.pem -c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem -k ./certs/ecc-key.pem
-2
# client TLSv1.2 ECDHE-ECDSA-AES128-CCM # client TLSv1.2 ECDHE-ECDSA-AES128-CCM
-v 3 -v 3
-l ECDHE-ECDSA-AES128-CCM -l ECDHE-ECDSA-AES128-CCM
-A ./certs/ca-cert.pem -A ./certs/ca-cert.pem
-2
# server TLSv1.2 ECDHE-ECDSA-AES128-CCM-8 # server TLSv1.2 ECDHE-ECDSA-AES128-CCM-8
-v 3 -v 3
-l ECDHE-ECDSA-AES128-CCM-8 -l ECDHE-ECDSA-AES128-CCM-8
-c ./certs/server-ecc-rsa.pem -c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem -k ./certs/ecc-key.pem
-2
# client TLSv1.2 ECDHE-ECDSA-AES128-CCM-8 # client TLSv1.2 ECDHE-ECDSA-AES128-CCM-8
-v 3 -v 3
-l ECDHE-ECDSA-AES128-CCM-8 -l ECDHE-ECDSA-AES128-CCM-8
-A ./certs/ca-cert.pem -A ./certs/ca-cert.pem
-2

12
tests/test-tls13-down.conf
View File

@ -2,55 +2,43 @@
# server TLSv1.3 downgrade # server TLSv1.3 downgrade
#-v d #-v d
#-l TLS13-CHACHA20-POLY1305-SHA256 #-l TLS13-CHACHA20-POLY1305-SHA256
-2
# client TLSv1.2 # client TLSv1.2
#-v 3 #-v 3
-2
# server TLSv1.2 # server TLSv1.2
-v 3 -v 3
-2
# client TLSv1.3 downgrade # client TLSv1.3 downgrade
-v d -v d
-2
# server TLSv1.3 downgrade # server TLSv1.3 downgrade
-v d -v d
-2
# client TLSv1.3 downgrade # client TLSv1.3 downgrade
-v d -v d
-2
# server TLSv1.3 downgrade but don't and resume # server TLSv1.3 downgrade but don't and resume
-v d -v d
-r -r
-2
# client TLSv1.3 downgrade but don't and resume # client TLSv1.3 downgrade but don't and resume
-v d -v d
-r -r
-2
# server TLSv1.3 downgrade and resume # server TLSv1.3 downgrade and resume
-v d -v d
-r -r
-2
# client TLSv1.2 and resume # client TLSv1.2 and resume
-v 3 -v 3
-r -r
-2
# server TLSv1.2 and resume # server TLSv1.2 and resume
-v d -v d
-r -r
-2
# lcient TLSv1.3 downgrade and resume # lcient TLSv1.3 downgrade and resume
-v 3 -v 3
-r -r
-2

14
tests/test-tls13-ecc.conf
View File

@ -3,65 +3,55 @@
-l TLS13-CHACHA20-POLY1305-SHA256 -l TLS13-CHACHA20-POLY1305-SHA256
-c ./certs/server-ecc.pem -c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem -k ./certs/ecc-key.pem
-2
# client TLSv1.3 TLS13-CHACHA20-POLY1305-SHA256 # client TLSv1.3 TLS13-CHACHA20-POLY1305-SHA256
-v 4 -v 4
-l TLS13-CHACHA20-POLY1305-SHA256 -l TLS13-CHACHA20-POLY1305-SHA256
-A ./certs/ca-ecc-cert.pem -A ./certs/ca-ecc-cert.pem
-2
# server TLSv1.3 TLS13-AES128-GCM-SHA256 # server TLSv1.3 TLS13-AES128-GCM-SHA256
-v 4 -v 4
-l TLS13-AES128-GCM-SHA256 -l TLS13-AES128-GCM-SHA256
-c ./certs/server-ecc.pem -c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem -k ./certs/ecc-key.pem
-2
# client TLSv1.3 TLS13-AES128-GCM-SHA256 # client TLSv1.3 TLS13-AES128-GCM-SHA256
-v 4 -v 4
-l TLS13-AES128-GCM-SHA256 -l TLS13-AES128-GCM-SHA256
-A ./certs/ca-ecc-cert.pem -A ./certs/ca-ecc-cert.pem
-2
# server TLSv1.3 TLS13-AES256-GCM-SHA384 # server TLSv1.3 TLS13-AES256-GCM-SHA384
-v 4 -v 4
-l TLS13-AES256-GCM-SHA384 -l TLS13-AES256-GCM-SHA384
-c ./certs/server-ecc.pem -c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem -k ./certs/ecc-key.pem
-2
# client TLSv1.3 TLS13-AES256-GCM-SHA384 # client TLSv1.3 TLS13-AES256-GCM-SHA384
-v 4 -v 4
-l TLS13-AES256-GCM-SHA384 -l TLS13-AES256-GCM-SHA384
-A ./certs/ca-ecc-cert.pem -A ./certs/ca-ecc-cert.pem
-2
# server TLSv1.3 TLS13-AES128-CCM-SHA256 # server TLSv1.3 TLS13-AES128-CCM-SHA256
-v 4 -v 4
-l TLS13-AES128-CCM-SHA256 -l TLS13-AES128-CCM-SHA256
-c ./certs/server-ecc.pem -c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem -k ./certs/ecc-key.pem
-2
# client TLSv1.3 TLS13-AES128-CCM-SHA256 # client TLSv1.3 TLS13-AES128-CCM-SHA256
-v 4 -v 4
-l TLS13-AES128-CCM-SHA256 -l TLS13-AES128-CCM-SHA256
-A ./certs/ca-ecc-cert.pem -A ./certs/ca-ecc-cert.pem
-2
# server TLSv1.3 TLS13-AES128-CCM-8-SHA256 # server TLSv1.3 TLS13-AES128-CCM-8-SHA256
-v 4 -v 4
-l TLS13-AES128-CCM-8-SHA256 -l TLS13-AES128-CCM-8-SHA256
-c ./certs/server-ecc.pem -c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem -k ./certs/ecc-key.pem
-2
# client TLSv1.3 TLS13-AES128-CCM-8-SHA256 # client TLSv1.3 TLS13-AES128-CCM-8-SHA256
-v 4 -v 4
-l TLS13-AES128-CCM-8-SHA256 -l TLS13-AES128-CCM-8-SHA256
-A ./certs/ca-ecc-cert.pem -A ./certs/ca-ecc-cert.pem
-2
# server TLSv1.3 TLS13-AES128-GCM-SHA256 # server TLSv1.3 TLS13-AES128-GCM-SHA256
-v 4 -v 4
@ -69,14 +59,12 @@
-c ./certs/server-ecc.pem -c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem -k ./certs/ecc-key.pem
-t -t
-2
# client TLSv1.3 TLS13-AES128-GCM-SHA256 # client TLSv1.3 TLS13-AES128-GCM-SHA256
-v 4 -v 4
-l TLS13-AES128-GCM-SHA256 -l TLS13-AES128-GCM-SHA256
-A ./certs/ca-ecc-cert.pem -A ./certs/ca-ecc-cert.pem
-t -t
-2
# server TLSv1.3 TLS13-AES128-GCM-SHA256 # server TLSv1.3 TLS13-AES128-GCM-SHA256
-v 4 -v 4
@ -84,11 +72,9 @@
-c ./certs/server-ecc.pem -c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem -k ./certs/ecc-key.pem
-Y -Y
-2
# client TLSv1.3 TLS13-AES128-GCM-SHA256 # client TLSv1.3 TLS13-AES128-GCM-SHA256
-v 4 -v 4
-l TLS13-AES128-GCM-SHA256 -l TLS13-AES128-GCM-SHA256
-A ./certs/ca-ecc-cert.pem -A ./certs/ca-ecc-cert.pem
-y -y
-2

6
tests/test-tls13-psk.conf
View File

@ -3,35 +3,29 @@
-s -s
-l TLS13-AES128-GCM-SHA256 -l TLS13-AES128-GCM-SHA256
-d -d
-2
# client TLSv1.3 PSK # client TLSv1.3 PSK
-v 4 -v 4
-s -s
-l TLS13-AES128-GCM-SHA256 -l TLS13-AES128-GCM-SHA256
-2
# server TLSv1.3 PSK # server TLSv1.3 PSK
-v 4 -v 4
-j -j
-l TLS13-AES128-GCM-SHA256 -l TLS13-AES128-GCM-SHA256
-d -d
-2
# client TLSv1.3 PSK # client TLSv1.3 PSK
-v 4 -v 4
-s -s
-l TLS13-AES128-GCM-SHA256 -l TLS13-AES128-GCM-SHA256
-2
# server TLSv1.3 PSK # server TLSv1.3 PSK
-v 4 -v 4
-j -j
-l TLS13-AES128-GCM-SHA256 -l TLS13-AES128-GCM-SHA256
-d -d
-2
# client TLSv1.3 not-PSK # client TLSv1.3 not-PSK
-v 4 -v 4
-l TLS13-AES128-GCM-SHA256 -l TLS13-AES128-GCM-SHA256
-2

42
tests/test-tls13.conf
View File

@ -1,237 +1,195 @@
# server TLSv1.3 TLS13-CHACHA20-POLY1305-SHA256 # server TLSv1.3 TLS13-CHACHA20-POLY1305-SHA256
-v 4 -v 4
-l TLS13-CHACHA20-POLY1305-SHA256 -l TLS13-CHACHA20-POLY1305-SHA256
-2
# client TLSv1.3 TLS13-CHACHA20-POLY1305-SHA256 # client TLSv1.3 TLS13-CHACHA20-POLY1305-SHA256
-v 4 -v 4
-l TLS13-CHACHA20-POLY1305-SHA256 -l TLS13-CHACHA20-POLY1305-SHA256
-2
# server TLSv1.3 TLS13-AES128-GCM-SHA256 # server TLSv1.3 TLS13-AES128-GCM-SHA256
-v 4 -v 4
-l TLS13-AES128-GCM-SHA256 -l TLS13-AES128-GCM-SHA256
-2
# client TLSv1.3 TLS13-AES128-GCM-SHA256 # client TLSv1.3 TLS13-AES128-GCM-SHA256
-v 4 -v 4
-l TLS13-AES128-GCM-SHA256 -l TLS13-AES128-GCM-SHA256
-2
# server TLSv1.3 TLS13-AES256-GCM-SHA384 # server TLSv1.3 TLS13-AES256-GCM-SHA384
-v 4 -v 4
-l TLS13-AES256-GCM-SHA384 -l TLS13-AES256-GCM-SHA384
-2
# client TLSv1.3 TLS13-AES256-GCM-SHA384 # client TLSv1.3 TLS13-AES256-GCM-SHA384
-v 4 -v 4
-l TLS13-AES256-GCM-SHA384 -l TLS13-AES256-GCM-SHA384
-2
# server TLSv1.3 TLS13-AES128-CCM-SHA256 # server TLSv1.3 TLS13-AES128-CCM-SHA256
-v 4 -v 4
-l TLS13-AES128-CCM-SHA256 -l TLS13-AES128-CCM-SHA256
-2
# client TLSv1.3 TLS13-AES128-CCM-SHA256 # client TLSv1.3 TLS13-AES128-CCM-SHA256
-v 4 -v 4
-l TLS13-AES128-CCM-SHA256 -l TLS13-AES128-CCM-SHA256
-2
# server TLSv1.3 TLS13-AES128-CCM-8-SHA256 # server TLSv1.3 TLS13-AES128-CCM-8-SHA256
-v 4 -v 4
-l TLS13-AES128-CCM-8-SHA256 -l TLS13-AES128-CCM-8-SHA256
-2
# client TLSv1.3 TLS13-AES128-CCM-8-SHA256 # client TLSv1.3 TLS13-AES128-CCM-8-SHA256
-v 4 -v 4
-l TLS13-AES128-CCM-8-SHA256 -l TLS13-AES128-CCM-8-SHA256
-2
# server TLSv1.3 resumption # server TLSv1.3 resumption
-v 4 -v 4
-l TLS13-AES128-GCM-SHA256 -l TLS13-AES128-GCM-SHA256
-r -r
-2
# client TLSv1.3 resumption # client TLSv1.3 resumption
-v 4 -v 4
-l TLS13-AES128-GCM-SHA256 -l TLS13-AES128-GCM-SHA256
-r -r
-2
# server TLSv1.3 resumption - SHA384 # server TLSv1.3 resumption - SHA384
-v 4 -v 4
-l TLS13-AES256-GCM-SHA384 -l TLS13-AES256-GCM-SHA384
-r -r
-2
# client TLSv1.3 resumption - SHA384 # client TLSv1.3 resumption - SHA384
-v 4 -v 4
-l TLS13-AES256-GCM-SHA384 -l TLS13-AES256-GCM-SHA384
-r -r
-2
# server TLSv1.3 PSK without (EC)DHE # server TLSv1.3 PSK without (EC)DHE
-v 4 -v 4
-l TLS13-AES128-GCM-SHA256 -l TLS13-AES128-GCM-SHA256
-r -r
-2
# client TLSv1.3 PSK without (EC)DHE # client TLSv1.3 PSK without (EC)DHE
-v 4 -v 4
-l TLS13-AES128-GCM-SHA256 -l TLS13-AES128-GCM-SHA256
-r -r
-K -K
-2
# server TLSv1.3 accepting EarlyData # server TLSv1.3 accepting EarlyData
-v 4 -v 4
-l TLS13-AES128-GCM-SHA256 -l TLS13-AES128-GCM-SHA256
-r -r
-0 -0
-2
# client TLSv1.3 sending EarlyData # client TLSv1.3 sending EarlyData
-v 4 -v 4
-l TLS13-AES128-GCM-SHA256 -l TLS13-AES128-GCM-SHA256
-r -r
-0 -0
-2
# server TLSv1.3 not accepting EarlyData # server TLSv1.3 not accepting EarlyData
-v 4 -v 4
-l TLS13-AES128-GCM-SHA256 -l TLS13-AES128-GCM-SHA256
-r -r
-2
# client TLSv1.3 sending EarlyData # client TLSv1.3 sending EarlyData
-v 4 -v 4
-l TLS13-AES128-GCM-SHA256 -l TLS13-AES128-GCM-SHA256
-r -r
-0 -0
-2
# server TLSv1.3 accepting EarlyData # server TLSv1.3 accepting EarlyData
-v 4 -v 4
-l TLS13-AES128-GCM-SHA256 -l TLS13-AES128-GCM-SHA256
-r -r
-0 -0
-2
# client TLSv1.3 not sending EarlyData # client TLSv1.3 not sending EarlyData
-v 4 -v 4
-l TLS13-AES128-GCM-SHA256 -l TLS13-AES128-GCM-SHA256
-r -r
-2
# server TLSv1.3 # server TLSv1.3
-v 4 -v 4
-l TLS13-AES128-GCM-SHA256 -l TLS13-AES128-GCM-SHA256
-2
# client TLSv1.3 Fragments # client TLSv1.3 Fragments
-v 4 -v 4
-l TLS13-AES128-GCM-SHA256 -l TLS13-AES128-GCM-SHA256
-F 1 -F 1
-2
# server TLSv1.3 # server TLSv1.3
-v 4 -v 4
-l TLS13-AES128-GCM-SHA256 -l TLS13-AES128-GCM-SHA256
-2
# client TLSv1.3 HelloRetryRequest to negotiate Key Exchange algorithm # client TLSv1.3 HelloRetryRequest to negotiate Key Exchange algorithm
-v 4 -v 4
-l TLS13-AES128-GCM-SHA256 -l TLS13-AES128-GCM-SHA256
-J -J
-2
# server TLSv1.3 # server TLSv1.3
-v 4 -v 4
-l TLS13-AES128-GCM-SHA256 -l TLS13-AES128-GCM-SHA256
-J -J
-2
# client TLSv1.3 HelloRetryRequest with cookie # client TLSv1.3 HelloRetryRequest with cookie
-v 4 -v 4
-l TLS13-AES128-GCM-SHA256 -l TLS13-AES128-GCM-SHA256
-J -J
-2
# server TLSv1.3 # server TLSv1.3
-v 4 -v 4
-l TLS13-AES128-GCM-SHA256 -l TLS13-AES128-GCM-SHA256
-2
# client TLSv1.3 no client certificate # client TLSv1.3 no client certificate
-v 4 -v 4
-l TLS13-AES128-GCM-SHA256 -l TLS13-AES128-GCM-SHA256
-x -x
-2
# server TLSv1.3 # server TLSv1.3
-v 4 -v 4
-l TLS13-AES128-GCM-SHA256 -l TLS13-AES128-GCM-SHA256
-2
# client TLSv1.3 DH key exchange # client TLSv1.3 DH key exchange
-v 4 -v 4
-l TLS13-AES128-GCM-SHA256 -l TLS13-AES128-GCM-SHA256
-y -y
-2
# server TLSv1.3 # server TLSv1.3
-v 4 -v 4
-l TLS13-AES128-GCM-SHA256 -l TLS13-AES128-GCM-SHA256
-2
# client TLSv1.3 ECC key exchange # client TLSv1.3 ECC key exchange
-v 4 -v 4
-l TLS13-AES128-GCM-SHA256 -l TLS13-AES128-GCM-SHA256
-Y -Y
-2
# server TLSv1.3 # server TLSv1.3
-v 4 -v 4
-l TLS13-AES128-GCM-SHA256 -l TLS13-AES128-GCM-SHA256
-2
# client TLSv1.3 ECC key exchange # client TLSv1.3 ECC key exchange
-v 4 -v 4
-l TLS13-AES128-GCM-SHA256 -l TLS13-AES128-GCM-SHA256
-Y -Y
-2
# server TLSv1.3 multiple cipher suites # server TLSv1.3 multiple cipher suites
-v 4 -v 4
-l TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES128-CCM-SHA256:TLS13-AES128-CCM-8-SHA256 -l TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES128-CCM-SHA256:TLS13-AES128-CCM-8-SHA256
-2
# client TLSv1.3 # client TLSv1.3
-v 4 -v 4
-2
# server TLSv1.3 KeyUpdate # server TLSv1.3 KeyUpdate
-v 4 -v 4
-l TLS13-AES128-GCM-SHA256 -l TLS13-AES128-GCM-SHA256
-U -U
-2
# client TLSv1.3 KeyUpdate # client TLSv1.3 KeyUpdate
-v 4 -v 4
-l TLS13-AES128-GCM-SHA256 -l TLS13-AES128-GCM-SHA256
-I -I
-2
# server TLSv1.3 Post-Handshake Authentication # server TLSv1.3 Post-Handshake Authentication
-v 4 -v 4
-l TLS13-AES128-GCM-SHA256 -l TLS13-AES128-GCM-SHA256
-Q -Q
-2
# client TLSv1.3 Post-Handshake Authentication # client TLSv1.3 Post-Handshake Authentication
-v 4 -v 4
-l TLS13-AES128-GCM-SHA256 -l TLS13-AES128-GCM-SHA256
-Q -Q
-2

99
tests/test-trustpeer.conf 100644
View File

@ -0,0 +1,99 @@
# Both client and server use -E [path] for trusted peer
# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Trusted Peer
-v 3
-l DHE-RSA-AES128-GCM-SHA256
-E ./certs/intermediate/client-int-cert.pem
-k ./certs/server-key.pem
-c ./certs/intermediate/server-int-cert.pem
# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Trusted Peer
-v 3
-l DHE-RSA-AES128-GCM-SHA256
-E ./certs/intermediate/server-int-cert.pem
-k ./certs/client-key.pem
-c ./certs/intermediate/client-int-cert.pem
# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Trusted Peer
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-E ./certs/intermediate/client-int-cert.pem
-k ./certs/server-key.pem
-c ./certs/intermediate/server-int-cert.pem
# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Trusted Peer
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-E ./certs/intermediate/server-int-cert.pem
-k ./certs/client-key.pem
-c ./certs/intermediate/client-int-cert.pem
# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Trusted Peer
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-E ./certs/intermediate/client-int-ecc-cert.pem
-k ./certs/ecc-key.pem
-c ./certs/intermediate/server-int-ecc-cert.pem
# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Trusted Peer
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-E ./certs/intermediate/server-int-ecc-cert.pem
-k ./certs/ecc-client-key.pem
-c ./certs/intermediate/client-int-ecc-cert.pem
# server TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Trusted Peer
-v 4
-l TLS13-AES128-GCM-SHA256
-E ./certs/intermediate/client-int-cert.pem
-k ./certs/server-key.pem
-c ./certs/intermediate/server-int-cert.pem
# client TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Trusted Peer
-v 4
-l TLS13-AES128-GCM-SHA256
-E ./certs/intermediate/server-int-cert.pem
-k ./certs/client-key.pem
-c ./certs/intermediate/client-int-cert.pem
# server TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Trusted Peer
-v 4
-l TLS13-AES128-GCM-SHA256
-E ./certs/intermediate/client-int-ecc-cert.pem
-k ./certs/ecc-key.pem
-c ./certs/intermediate/server-int-ecc-cert.pem
# client TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Trusted Peer
-v 4
-l TLS13-AES128-GCM-SHA256
-E ./certs/intermediate/server-int-ecc-cert.pem
-k ./certs/ecc-client-key.pem
-c ./certs/intermediate/client-int-ecc-cert.pem
# Test for ECC self signed certificate as trusted peer
# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Trusted Peer (self signed)
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-E ./certs/client-ecc-cert.pem
-k ./certs/ecc-key.pem
-c ./certs/server-ecc-self.pem
# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Trusted Peer (self signed)
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-E ./certs/server-ecc-self.pem
-k ./certs/ecc-client-key.pem
-c ./certs/client-ecc-cert.pem
# server TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Trusted Peer (self signed)
-v 4
-l TLS13-AES128-GCM-SHA256
-E ./certs/client-ecc-cert.pem
-k ./certs/ecc-key.pem
-c ./certs/server-ecc-self.pem
# client TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Trusted Peer (self signed)
-v 4
-l TLS13-AES128-GCM-SHA256
-E ./certs/server-ecc-self.pem
-k ./certs/ecc-client-key.pem
-c ./certs/client-ecc-cert.pem

532
tests/test.conf
View File

File diff suppressed because it is too large Load Diff

2
tests/unit.c
View File

@ -82,7 +82,7 @@ int unit_test(int argc, char** argv)
#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)
#ifndef SINGLE_THREADED #ifndef SINGLE_THREADED
if ( (ret = SuiteTest()) != 0){ if ( (ret = SuiteTest(argc, argv)) != 0){
printf("suite test failed with %d\n", ret); printf("suite test failed with %d\n", ret);
goto exit; goto exit;
} }

2
tests/unit.h
View File

@ -91,7 +91,7 @@
void ApiTest(void); void ApiTest(void);
int SuiteTest(void); int SuiteTest(int argc, char** argv);
int HashTest(void); int HashTest(void);
void SrpTest(void); void SrpTest(void);