From f71e13fa4d13ff8fdd808eb62e627f87b9487a08 Mon Sep 17 00:00:00 2001 From: Balachandar Namasivayam Date: Tue, 8 May 2018 16:27:21 -0700 Subject: [PATCH 1/9] TLS Plugin Changes. --- FDBLibTLS/FDBLibTLSPolicy.cpp | 451 +++++++---------- FDBLibTLS/FDBLibTLSPolicy.h | 23 +- FDBLibTLS/FDBLibTLSSession.cpp | 137 +++-- FDBLibTLS/FDBLibTLSSession.h | 8 +- FDBLibTLS/FDBLibTLSVerify.cpp | 220 ++++++++ FDBLibTLS/FDBLibTLSVerify.h | 50 ++ FDBLibTLS/ITLSPlugin.h | 19 +- FDBLibTLS/Makefile | 2 +- FDBLibTLS/plugin-test.cpp | 721 +++++++++++++++++++++++---- FDBLibTLS/scripts/make-test-certs.sh | 100 +++- FDBLibTLS/testdata/test-1-client.pem | 106 ---- FDBLibTLS/testdata/test-1-server.pem | 106 ---- FDBLibTLS/testdata/test-2-client.pem | 106 ---- FDBLibTLS/testdata/test-2-server.pem | 106 ---- FDBLibTLS/testdata/test-3-client.pem | 150 ------ FDBLibTLS/testdata/test-3-server.pem | 101 ---- FDBLibTLS/testdata/test-4-client.pem | 80 --- FDBLibTLS/testdata/test-4-server.pem | 80 --- FDBLibTLS/testdata/test-5-client.pem | 80 --- FDBLibTLS/testdata/test-5-server.pem | 80 --- FDBLibTLS/testdata/test-ca-1.pem | 26 + FDBLibTLS/testdata/test-ca-2.pem | 26 + FDBLibTLS/testdata/test-ca-all.pem | 52 ++ FDBLibTLS/testdata/test-client-1.pem | 80 +++ FDBLibTLS/testdata/test-client-2.pem | 80 +++ FDBLibTLS/testdata/test-client-3.pem | 124 +++++ FDBLibTLS/testdata/test-client-4.pem | 82 +++ FDBLibTLS/testdata/test-server-1.pem | 81 +++ FDBLibTLS/testdata/test-server-2.pem | 80 +++ FDBLibTLS/testdata/test-server-3.pem | 75 +++ FDBLibTLS/testdata/test-server-4.pem | 82 +++ FDBLibTLS/verify-test.cpp | 160 ++++-- 32 files changed, 2158 insertions(+), 1516 deletions(-) create mode 100644 FDBLibTLS/FDBLibTLSVerify.cpp create mode 100644 FDBLibTLS/FDBLibTLSVerify.h delete mode 100644 FDBLibTLS/testdata/test-1-client.pem delete mode 100644 FDBLibTLS/testdata/test-1-server.pem delete mode 100644 FDBLibTLS/testdata/test-2-client.pem delete mode 100644 FDBLibTLS/testdata/test-2-server.pem delete mode 100644 FDBLibTLS/testdata/test-3-client.pem delete mode 100644 FDBLibTLS/testdata/test-3-server.pem delete mode 100644 FDBLibTLS/testdata/test-4-client.pem delete mode 100644 FDBLibTLS/testdata/test-4-server.pem delete mode 100644 FDBLibTLS/testdata/test-5-client.pem delete mode 100644 FDBLibTLS/testdata/test-5-server.pem create mode 100644 FDBLibTLS/testdata/test-ca-1.pem create mode 100644 FDBLibTLS/testdata/test-ca-2.pem create mode 100644 FDBLibTLS/testdata/test-ca-all.pem create mode 100644 FDBLibTLS/testdata/test-client-1.pem create mode 100644 FDBLibTLS/testdata/test-client-2.pem create mode 100644 FDBLibTLS/testdata/test-client-3.pem create mode 100644 FDBLibTLS/testdata/test-client-4.pem create mode 100644 FDBLibTLS/testdata/test-server-1.pem create mode 100644 FDBLibTLS/testdata/test-server-2.pem create mode 100644 FDBLibTLS/testdata/test-server-3.pem create mode 100644 FDBLibTLS/testdata/test-server-4.pem diff --git a/FDBLibTLS/FDBLibTLSPolicy.cpp b/FDBLibTLS/FDBLibTLSPolicy.cpp index 992c6b3416..238b2275b1 100644 --- a/FDBLibTLS/FDBLibTLSPolicy.cpp +++ b/FDBLibTLS/FDBLibTLSPolicy.cpp @@ -23,8 +23,7 @@ #include #include -#include -#include +#include #include #include @@ -34,10 +33,12 @@ #include #include +#include +#include FDBLibTLSPolicy::FDBLibTLSPolicy(Reference plugin, ITLSLogFunc logf): - plugin(plugin), logf(logf), tls_cfg(NULL), session_created(false), cert_data_set(false), - key_data_set(false), verify_peers_set(false), verify_cert(true), verify_time(true) { + plugin(plugin), logf(logf), tls_cfg(NULL), roots(NULL), session_created(false), ca_data_set(false), + cert_data_set(false), key_data_set(false), verify_peers_set(false) { if ((tls_cfg = tls_config_new()) == NULL) { logf("FDBLibTLSConfigError", NULL, true, NULL); @@ -46,251 +47,73 @@ FDBLibTLSPolicy::FDBLibTLSPolicy(Reference plugin, ITLSLogFunc // Require client certificates for authentication. tls_config_verify_client(tls_cfg); - - // Name verification is always manually handled (if requested via configuration). - tls_config_insecure_noverifyname(tls_cfg); } FDBLibTLSPolicy::~FDBLibTLSPolicy() { + sk_X509_pop_free(roots, X509_free); tls_config_free(tls_cfg); } -ITLSSession* FDBLibTLSPolicy::create_session(bool is_client, TLSSendCallbackFunc send_func, void* send_ctx, TLSRecvCallbackFunc recv_func, void* recv_ctx, void* uid) { +ITLSSession* FDBLibTLSPolicy::create_session(bool is_client, const char* servername, TLSSendCallbackFunc send_func, void* send_ctx, TLSRecvCallbackFunc recv_func, void* recv_ctx, void* uid) { + if (is_client) { + // If verify peers has been set then there is no point specifying a + // servername, since this will be ignored - the servername should be + // matched by the verify criteria instead. + if (verify_peers_set && servername != NULL) { + logf("FDBLibTLSVerifyPeersWithServerName", NULL, true, NULL); + return NULL; + } + + // If verify peers has not been set, then require a server name to + // avoid an accidental lack of name validation. + if (!verify_peers_set && servername == NULL) { + logf("FDBLibTLSNoServerName", NULL, true, NULL); + return NULL; + } + } + session_created = true; try { - return new FDBLibTLSSession(Reference::addRef(this), is_client, send_func, send_ctx, recv_func, recv_ctx, uid); + return new FDBLibTLSSession(Reference::addRef(this), is_client, servername, send_func, send_ctx, recv_func, recv_ctx, uid); } catch ( ... ) { return NULL; } } -static int hexValue(char c) { - static char const digits[] = "0123456789ABCDEF"; +static int password_cb(char *buf, int size, int rwflag, void *u) { + const char *password = (const char *)u; + int plen; - if (c >= 'a' && c <= 'f') - c -= ('a' - 'A'); + if (size < 0) + return 0; + if (u == NULL) + return 0; - int value = std::find(digits, digits + 16, c) - digits; - if (value >= 16) { - throw std::runtime_error("hexValue"); - } - return value; + plen = strlen(password); + if (plen > size) + return 0; + + // Note: buf does not need to be NUL-terminated since + // we return an explicit length. + strncpy(buf, password, size); + + return plen; } -// Does not handle "raw" form (e.g. #28C4D1), only escaped text -static std::string de4514(std::string const& input, int start, int& out_end) { - std::string output; - - if(input[start] == '#' || input[start] == ' ') { - out_end = start; - return output; - } - - int space_count = 0; - - for(int p = start; p < input.size();) { - switch(input[p]) { - case '\\': // Handle escaped sequence - - // Backslash escaping nothing! - if(p == input.size() - 1) { - out_end = p; - goto FIN; - } - - switch(input[p+1]) { - case ' ': - case '"': - case '#': - case '+': - case ',': - case ';': - case '<': - case '=': - case '>': - case '\\': - output += input[p+1]; - p += 2; - space_count = 0; - continue; - - default: - // Backslash escaping pair of hex digits requires two characters - if(p == input.size() - 2) { - out_end = p; - goto FIN; - } - - try { - output += hexValue(input[p+1]) * 16 + hexValue(input[p+2]); - p += 3; - space_count = 0; - continue; - } catch( ... ) { - out_end = p; - goto FIN; - } - } - - case '"': - case '+': - case ',': - case ';': - case '<': - case '>': - case 0: - // All of these must have been escaped - out_end = p; - goto FIN; - - default: - // Character is what it is - output += input[p]; - if(input[p] == ' ') - space_count++; - else - space_count = 0; - p++; - } - } - - out_end = input.size(); - - FIN: - out_end -= space_count; - output.resize(output.size() - space_count); - - return output; -} - -static std::pair splitPair(std::string const& input, char c) { - int p = input.find_first_of(c); - if(p == input.npos) { - throw std::runtime_error("splitPair"); - } - return std::make_pair(input.substr(0, p), input.substr(p+1, input.size())); -} - -static int abbrevToNID(std::string const& sn) { - int nid = NID_undef; - - if (sn == "C" || sn == "CN" || sn == "L" || sn == "ST" || sn == "O" || sn == "OU") - nid = OBJ_sn2nid(sn.c_str()); - if (nid == NID_undef) - throw std::runtime_error("abbrevToNID"); - - return nid; -} - -void FDBLibTLSPolicy::parse_verify(std::string input) { - int s = 0; - - while (s < input.size()) { - int eq = input.find('=', s); - - if (eq == input.npos) - throw std::runtime_error("parse_verify"); - - std::string term = input.substr(s, eq - s); - - if (term.find("Check.") == 0) { - if (eq + 2 > input.size()) - throw std::runtime_error("parse_verify"); - if (eq + 2 != input.size() && input[eq + 2] != ',') - throw std::runtime_error("parse_verify"); - - bool* flag; - - if (term == "Check.Valid") - flag = &verify_cert; - else if (term == "Check.Unexpired") - flag = &verify_time; - else - throw std::runtime_error("parse_verify"); - - if (input[eq + 1] == '0') - *flag = false; - else if (input[eq + 1] == '1') - *flag = true; - else - throw std::runtime_error("parse_verify"); - - s = eq + 3; - } else { - std::map* criteria = &subject_criteria; - - if (term.find('.') != term.npos) { - auto scoped = splitPair(term, '.'); - - if (scoped.first == "S" || scoped.first == "Subject") - criteria = &subject_criteria; - else if (scoped.first == "I" || scoped.first == "Issuer") - criteria = &issuer_criteria; - else - throw std::runtime_error("parse_verify"); - - term = scoped.second; - } - - int remain; - auto unesc = de4514(input, eq + 1, remain); - - if (remain == eq + 1) - throw std::runtime_error("parse_verify"); - - criteria->insert(std::make_pair(abbrevToNID(term), unesc)); - - if (remain != input.size() && input[remain] != ',') - throw std::runtime_error("parse_verify"); - - s = remain + 1; - } - } -} - -void FDBLibTLSPolicy::reset_verify() { - verify_cert = true; - verify_time = true; - subject_criteria = {}; - issuer_criteria = {}; -} - -int password_cb(char *buf, int size, int rwflag, void *u) { - // A no-op password callback is provided simply to stop libcrypto - // from trying to use its own password reading functionality. - return 0; -} - -bool FDBLibTLSPolicy::set_cert_data(const uint8_t* cert_data, int cert_len) { +struct stack_st_X509* FDBLibTLSPolicy::parse_cert_pem(const uint8_t* cert_pem, size_t cert_pem_len) { struct stack_st_X509 *certs = NULL; - unsigned long errnum; X509 *cert = NULL; BIO *bio = NULL; - long data_len; - char *data; + int errnum; bool rc = false; - // The cert data contains one or more PEM encoded certificates - the - // first certificate is for this host, with any additional certificates - // being the full certificate chain. As such, the last certificate - // is the trusted root certificate. If only one certificate is provided - // then it is required to be a self-signed certificate, which is also - // treated as the trusted root. - - if (cert_data_set) { - logf("FDBLibTLSCertAlreadySet", NULL, true, NULL); + if (cert_pem_len > INT_MAX) goto err; - } - if (session_created) { - logf("FDBLibTLSPolicyAlreadyActive", NULL, true, NULL); - goto err; - } - - if ((certs = sk_X509_new_null()) == NULL) { + if ((bio = BIO_new_mem_buf((void *)cert_pem, cert_pem_len)) == NULL) { logf("FDBLibTLSOutOfMemory", NULL, true, NULL); goto err; } - if ((bio = BIO_new_mem_buf((void *)cert_data, cert_len)) == NULL) { + if ((certs = sk_X509_new_null()) == NULL) { logf("FDBLibTLSOutOfMemory", NULL, true, NULL); goto err; } @@ -318,61 +141,21 @@ bool FDBLibTLSPolicy::set_cert_data(const uint8_t* cert_data, int cert_len) { goto err; } - BIO_free_all(bio); - if ((bio = BIO_new(BIO_s_mem())) == NULL) { - logf("FDBLibTLSOutOfMemory", NULL, true, NULL); - goto err; - } - if (!PEM_write_bio_X509(bio, sk_X509_value(certs, sk_X509_num(certs) - 1))) { - logf("FDBLibTLSCertWriteError", NULL, true, NULL); - goto err; - } - if ((data_len = BIO_get_mem_data(bio, &data)) <= 0) { - logf("FDBLibTLSCertError", NULL, true, NULL); - goto err; - } + BIO_free(bio); - if (tls_config_set_ca_mem(tls_cfg, (const uint8_t *)data, data_len) == -1) { - logf("FDBLibTLSSetCAError", NULL, true, "LibTLSErrorMessage", tls_config_error(tls_cfg), NULL); - goto err; - } - - if (sk_X509_num(certs) > 1) { - BIO_free_all(bio); - if ((bio = BIO_new(BIO_s_mem())) == NULL) { - logf("FDBLibTLSOutOfMemory", NULL, true, NULL); - goto err; - } - for (int i = 0; i < sk_X509_num(certs) - 1; i++) { - if (!PEM_write_bio_X509(bio, sk_X509_value(certs, i))) { - logf("FDBLibTLSCertWriteError", NULL, true, NULL); - goto err; - } - } - if ((data_len = BIO_get_mem_data(bio, &data)) <= 0) { - logf("FDBLibTLSCertError", NULL, true, NULL); - goto err; - } - } - - if (tls_config_set_cert_mem(tls_cfg, (const uint8_t *)data, data_len) == -1) { - logf("FDBLibTLSSetCertError", NULL, true, "LibTLSErrorMessage", tls_config_error(tls_cfg), NULL); - goto err; - } - - rc = true; + return certs; err: sk_X509_pop_free(certs, X509_free); X509_free(cert); - BIO_free_all(bio); + BIO_free(bio); - return rc; + return NULL; } -bool FDBLibTLSPolicy::set_key_data(const uint8_t* key_data, int key_len) { - if (key_data_set) { - logf("FDBLibTLSKeyAlreadySet", NULL, true, NULL); +bool FDBLibTLSPolicy::set_ca_data(const uint8_t* ca_data, int ca_len) { + if (ca_data_set) { + logf("FDBLibTLSCAAlreadySet", NULL, true, NULL); return false; } if (session_created) { @@ -380,17 +163,112 @@ bool FDBLibTLSPolicy::set_key_data(const uint8_t* key_data, int key_len) { return false; } - if (tls_config_set_key_mem(tls_cfg, key_data, key_len) == -1) { - logf("FDBLibTLSKeyError", NULL, true, "LibTLSErrorMessage", tls_config_error(tls_cfg), NULL); + if (ca_len < 0) + return false; + sk_X509_pop_free(roots, X509_free); + if ((roots = parse_cert_pem(ca_data, ca_len)) == NULL) + return false; + + if (tls_config_set_ca_mem(tls_cfg, ca_data, ca_len) == -1) { + logf("FDBLibTLSCAError", NULL, true, "LibTLSErrorMessage", tls_config_error(tls_cfg), NULL); return false; } - key_data_set = true; + ca_data_set = true; return true; } -bool FDBLibTLSPolicy::set_verify_peers(const uint8_t* verify_peers, int verify_peers_len) { +bool FDBLibTLSPolicy::set_cert_data(const uint8_t* cert_data, int cert_len) { + if (cert_data_set) { + logf("FDBLibTLSCertAlreadySet", NULL, true, NULL); + return false; + } + if (session_created) { + logf("FDBLibTLSPolicyAlreadyActive", NULL, true, NULL); + return false; + } + + if (tls_config_set_cert_mem(tls_cfg, cert_data, cert_len) == -1) { + logf("FDBLibTLSCertError", NULL, true, "LibTLSErrorMessage", tls_config_error(tls_cfg), NULL); + return false; + } + + cert_data_set = true; + + return true; +} + +bool FDBLibTLSPolicy::set_key_data(const uint8_t* key_data, int key_len, const char* password) { + EVP_PKEY *key = NULL; + BIO *bio = NULL; + bool rc = false; + + if (key_data_set) { + logf("FDBLibTLSKeyAlreadySet", NULL, true, NULL); + goto err; + } + if (session_created) { + logf("FDBLibTLSPolicyAlreadyActive", NULL, true, NULL); + goto err; + } + + if (password != NULL) { + char *data; + long len; + + if ((bio = BIO_new_mem_buf((void *)key_data, key_len)) == NULL) { + logf("FDBLibTLSOutOfMemory", NULL, true, NULL); + goto err; + } + ERR_clear_error(); + if ((key = PEM_read_bio_PrivateKey(bio, NULL, password_cb, (void *)password)) == NULL) { + int errnum = ERR_peek_error(); + char errbuf[256]; + + if ((ERR_GET_LIB(errnum) == ERR_LIB_PEM && ERR_GET_REASON(errnum) == PEM_R_BAD_DECRYPT) || + (ERR_GET_LIB(errnum) == ERR_LIB_EVP && ERR_GET_REASON(errnum) == EVP_R_BAD_DECRYPT)) { + logf("FDBLibTLSIncorrectPassword", NULL, true, NULL); + } else { + ERR_error_string_n(errnum, errbuf, sizeof(errbuf)); + logf("FDBLibTLSPrivateKeyError", NULL, true, "LibcryptoErrorMessage", errbuf, NULL); + } + goto err; + } + BIO_free(bio); + if ((bio = BIO_new(BIO_s_mem())) == NULL) { + logf("FDBLibTLSOutOfMemory", NULL, true, NULL); + goto err; + } + if (!PEM_write_bio_PrivateKey(bio, key, NULL, NULL, 0, NULL, NULL)) { + logf("FDBLibTLSOutOfMemory", NULL, true, NULL); + goto err; + } + if ((len = BIO_get_mem_data(bio, &data)) <= 0) { + logf("FDBLibTLSOutOfMemory", NULL, true, NULL); + goto err; + } + if (tls_config_set_key_mem(tls_cfg, (const uint8_t *)data, len) == -1) { + logf("FDBLibTLSKeyError", NULL, true, "LibTLSErrorMessage", tls_config_error(tls_cfg), NULL); + goto err; + } + } else { + if (tls_config_set_key_mem(tls_cfg, key_data, key_len) == -1) { + logf("FDBLibTLSKeyError", NULL, true, "LibTLSErrorMessage", tls_config_error(tls_cfg), NULL); + goto err; + } + } + + key_data_set = true; + rc = true; + + err: + BIO_free(bio); + EVP_PKEY_free(key); + return rc; +} + +bool FDBLibTLSPolicy::set_verify_peers(int count, const uint8_t* verify_peers[], int verify_peers_len[]) { if (verify_peers_set) { logf("FDBLibTLSVerifyPeersAlreadySet", NULL, true, NULL); return false; @@ -400,19 +278,26 @@ bool FDBLibTLSPolicy::set_verify_peers(const uint8_t* verify_peers, int verify_p return false; } - try { - parse_verify(std::string((const char*)verify_peers, verify_peers_len)); - } catch ( const std::runtime_error& e ) { - reset_verify(); - logf("FDBLibTLSVerifyPeersParseError", NULL, true, "Config", verify_peers, NULL); + if (count < 1) { + logf("FDBLibTLSNoVerifyPeers", NULL, true, NULL); return false; } - if (!verify_cert) - tls_config_insecure_noverifycert(tls_cfg); + for (int i = 0; i < count; i++) { + try { + Reference verify = Reference(new FDBLibTLSVerify(std::string((const char*)verify_peers[i], verify_peers_len[i]))); + verify_rules.push_back(verify); + } catch ( const std::runtime_error& e ) { + verify_rules.clear(); + logf("FDBLibTLSVerifyPeersParseError", NULL, true, "Config", verify_peers[i], NULL); + return false; + } + } - if (!verify_time) - tls_config_insecure_noverifytime(tls_cfg); + // All verification is manually handled (as requested via configuration). + tls_config_insecure_noverifycert(tls_cfg); + tls_config_insecure_noverifyname(tls_cfg); + tls_config_insecure_noverifytime(tls_cfg); verify_peers_set = true; diff --git a/FDBLibTLS/FDBLibTLSPolicy.h b/FDBLibTLS/FDBLibTLSPolicy.h index 0fb87c9ae8..94717a1aaa 100644 --- a/FDBLibTLS/FDBLibTLSPolicy.h +++ b/FDBLibTLS/FDBLibTLSPolicy.h @@ -23,12 +23,14 @@ #pragma once -#include "FDBLibTLSPlugin.h" #include "ITLSPlugin.h" #include "ReferenceCounted.h" -#include +#include "FDBLibTLSPlugin.h" +#include "FDBLibTLSVerify.h" + #include +#include struct FDBLibTLSPolicy: ITLSPolicy, ReferenceCounted { FDBLibTLSPolicy(Reference plugin, ITLSLogFunc logf); @@ -40,28 +42,29 @@ struct FDBLibTLSPolicy: ITLSPolicy, ReferenceCounted { Reference plugin; ITLSLogFunc logf; - virtual ITLSSession* create_session(bool is_client, TLSSendCallbackFunc send_func, void* send_ctx, TLSRecvCallbackFunc recv_func, void* recv_ctx, void* uid); + virtual ITLSSession* create_session(bool is_client, const char* servername, TLSSendCallbackFunc send_func, void* send_ctx, TLSRecvCallbackFunc recv_func, void* recv_ctx, void* uid); + struct stack_st_X509* parse_cert_pem(const uint8_t* cert_pem, size_t cert_pem_len); void parse_verify(std::string input); void reset_verify(void); + virtual bool set_ca_data(const uint8_t* ca_data, int ca_len); virtual bool set_cert_data(const uint8_t* cert_data, int cert_len); - virtual bool set_key_data(const uint8_t* key_data, int key_len); - virtual bool set_verify_peers(const uint8_t* verify_peers, int verify_peers_len); + virtual bool set_key_data(const uint8_t* key_data, int key_len, const char* password); + virtual bool set_verify_peers(int count, const uint8_t* verify_peers[], int verify_peers_len[]); - struct tls_config *tls_cfg; + struct tls_config* tls_cfg; bool session_created; + bool ca_data_set; bool cert_data_set; bool key_data_set; bool verify_peers_set; - bool verify_cert; - bool verify_time; + struct stack_st_X509* roots; - std::map subject_criteria; - std::map issuer_criteria; + std::vector> verify_rules; }; #endif /* FDB_LIBTLS_POLICY_H */ diff --git a/FDBLibTLS/FDBLibTLSSession.cpp b/FDBLibTLS/FDBLibTLSSession.cpp index a2071e2abb..a67f34fc2f 100644 --- a/FDBLibTLS/FDBLibTLSSession.cpp +++ b/FDBLibTLS/FDBLibTLSSession.cpp @@ -21,11 +21,12 @@ #include "FDBLibTLSSession.h" #include +#include #include #include +#include #include -#include #include #include @@ -54,8 +55,9 @@ static ssize_t tls_write_func(struct tls *ctx, const void *buf, size_t buflen, v return (ssize_t)rv; } -FDBLibTLSSession::FDBLibTLSSession(Reference policy, bool is_client, TLSSendCallbackFunc send_func, void* send_ctx, TLSRecvCallbackFunc recv_func, void* recv_ctx, void* uid) : - tls_ctx(NULL), tls_sctx(NULL), policy(policy), send_func(send_func), send_ctx(send_ctx), recv_func(recv_func), recv_ctx(recv_ctx), handshake_completed(false), uid(uid) { +FDBLibTLSSession::FDBLibTLSSession(Reference policy, bool is_client, const char* servername, TLSSendCallbackFunc send_func, void* send_ctx, TLSRecvCallbackFunc recv_func, void* recv_ctx, void* uid) : + tls_ctx(NULL), tls_sctx(NULL), is_client(is_client), policy(policy), send_func(send_func), send_ctx(send_ctx), + recv_func(recv_func), recv_ctx(recv_ctx), handshake_completed(false), uid(uid) { if (is_client) { if ((tls_ctx = tls_client()) == NULL) { @@ -67,7 +69,7 @@ FDBLibTLSSession::FDBLibTLSSession(Reference policy, bool is_cl tls_free(tls_ctx); throw std::runtime_error("FDBLibTLSConfigureError"); } - if (tls_connect_cbs(tls_ctx, tls_read_func, tls_write_func, this, NULL) == -1) { + if (tls_connect_cbs(tls_ctx, tls_read_func, tls_write_func, this, servername) == -1) { policy->logf("FDBLibTLSConnectError", uid, true, "LibTLSErrorMessage", tls_error(tls_ctx), NULL); tls_free(tls_ctx); throw std::runtime_error("FDBLibTLSConnectError"); @@ -97,8 +99,6 @@ FDBLibTLSSession::~FDBLibTLSSession() { tls_free(tls_sctx); } -int password_cb(char *buf, int size, int rwflag, void *u); - bool match_criteria(X509_NAME *name, int nid, const char *value, size_t len) { unsigned char *name_entry_utf8 = NULL, *criteria_utf8 = NULL; int name_entry_utf8_len, criteria_utf8_len; @@ -138,65 +138,108 @@ bool match_criteria(X509_NAME *name, int nid, const char *value, size_t len) { return rc; } -bool FDBLibTLSSession::check_criteria() { +bool FDBLibTLSSession::check_verify(Reference verify, struct stack_st_X509 *certs) { + X509_STORE_CTX *store_ctx = NULL; X509_NAME *subject, *issuer; - const uint8_t *cert_pem; - size_t cert_pem_len; - X509 *cert = NULL; BIO *bio = NULL; bool rc = false; // If certificate verification is disabled, there's nothing more to do. - if (!policy->verify_cert) + if (!verify->verify_cert) return true; - // If no criteria have been specified, then we're done. - if (policy->subject_criteria.size() == 0 && policy->issuer_criteria.size() == 0) + // Verify the certificate. + if ((store_ctx = X509_STORE_CTX_new()) == NULL) { + policy->logf("FDBLibTLSOutOfMemory", uid, true, NULL); + goto err; + } + if (!X509_STORE_CTX_init(store_ctx, NULL, sk_X509_value(certs, 0), certs)) { + policy->logf("FDBLibTLSStoreCtxInit", uid, true, NULL); + goto err; + } + X509_STORE_CTX_trusted_stack(store_ctx, policy->roots); + X509_STORE_CTX_set_default(store_ctx, is_client ? "ssl_client" : "ssl_server"); + if (!verify->verify_time) + X509_VERIFY_PARAM_set_flags(X509_STORE_CTX_get0_param(store_ctx), X509_V_FLAG_NO_CHECK_TIME); + if (X509_verify_cert(store_ctx) <= 0) { + const char *errstr = X509_verify_cert_error_string(X509_STORE_CTX_get_error(store_ctx)); + policy->logf("FDBLibTLSVerifyCert", uid, true, "VerifyError", errstr, NULL); + goto err; + } + + // Check subject criteria. + if ((subject = X509_get_subject_name(sk_X509_value(store_ctx->chain, 0))) == NULL) { + policy->logf("FDBLibTLSCertSubjectError", uid, true, NULL); + goto err; + } + for (auto &pair: verify->subject_criteria) { + if (!match_criteria(subject, pair.first, pair.second.c_str(), pair.second.size())) { + policy->logf("FDBLibTLSCertSubjectMatchFailure", uid, true, NULL); + goto err; + } + } + + // Check issuer criteria. + if ((issuer = X509_get_issuer_name(sk_X509_value(store_ctx->chain, 0))) == NULL) { + policy->logf("FDBLibTLSCertIssuerError", uid, true, NULL); + goto err; + } + for (auto &pair: verify->issuer_criteria) { + if (!match_criteria(issuer, pair.first, pair.second.c_str(), pair.second.size())) { + policy->logf("FDBLibTLSCertIssuerMatchFailure", uid, true, NULL); + goto err; + } + } + + // Check root criteria - this is the subject of the final certificate in the stack. + if ((subject = X509_get_subject_name(sk_X509_value(store_ctx->chain, sk_X509_num(store_ctx->chain) - 1))) == NULL) { + policy->logf("FDBLibTLSRootSubjectError", uid, true, NULL); + goto err; + } + for (auto &pair: verify->root_criteria) { + if (!match_criteria(subject, pair.first, pair.second.c_str(), pair.second.size())) { + policy->logf("FDBLibTLSRootSubjectMatchFailure", uid, true, NULL); + goto err; + } + } + + // If we got this far, everything checked out... + rc = true; + + err: + X509_STORE_CTX_free(store_ctx); + + return rc; +} + +bool FDBLibTLSSession::verify_peer() { + struct stack_st_X509 *certs = NULL; + const uint8_t *cert_pem; + size_t cert_pem_len; + bool rc = false; + + // If no verify peer rules have been set, we are relying on standard + // libtls verification. + if (policy->verify_rules.empty()) return true; if ((cert_pem = tls_peer_cert_chain_pem(tls_ctx, &cert_pem_len)) == NULL) { policy->logf("FDBLibTLSNoCertError", uid, true, NULL); goto err; } - if ((bio = BIO_new_mem_buf((void *)cert_pem, cert_pem_len)) == NULL) { - policy->logf("FDBLibTLSOutOfMemory", NULL, true, NULL); + if ((certs = policy->parse_cert_pem(cert_pem, cert_pem_len)) == NULL) goto err; - } - if ((cert = PEM_read_bio_X509(bio, NULL, password_cb, NULL)) == NULL) { - policy->logf("FDBLibTLSCertPEMError", uid, true, NULL); - goto err; - } - // Check subject criteria. - if ((subject = X509_get_subject_name(cert)) == NULL) { - policy->logf("FDBLibTLSCertSubjectError", uid, true, NULL); - goto err; - } - for (auto &pair: policy->subject_criteria) { - if (!match_criteria(subject, pair.first, pair.second.c_str(), pair.second.size())) { - policy->logf("FDBLibTLSCertSubjectMatchFailure", uid, true, NULL); - goto err; + // Any matching rule is sufficient. + for (auto &verify_rule: policy->verify_rules) { + if (check_verify(verify_rule, certs)) { + rc = true; + break; } - } - - // Check issuer criteria. - if ((issuer = X509_get_issuer_name(cert)) == NULL) { - policy->logf("FDBLibTLSCertIssuerError", uid, true, NULL); - goto err; } - for (auto &pair: policy->issuer_criteria) { - if (!match_criteria(issuer, pair.first, pair.second.c_str(), pair.second.size())) { - policy->logf("FDBLibTLSCertIssuerMatchFailure", uid, true, NULL); - goto err; - } - } - - // If we got this far, everything checked out... - rc = true; err: - BIO_free_all(bio); - X509_free(cert); + sk_X509_pop_free(certs, X509_free); return rc; } @@ -206,7 +249,7 @@ int FDBLibTLSSession::handshake() { switch (rv) { case 0: - if (!check_criteria()) + if (!verify_peer()) return FAILED; handshake_completed = true; return SUCCESS; diff --git a/FDBLibTLS/FDBLibTLSSession.h b/FDBLibTLS/FDBLibTLSSession.h index d150cc9732..c0e4dca207 100644 --- a/FDBLibTLS/FDBLibTLSSession.h +++ b/FDBLibTLS/FDBLibTLSSession.h @@ -27,17 +27,19 @@ #include "ReferenceCounted.h" #include "FDBLibTLSPolicy.h" +#include "FDBLibTLSVerify.h" #include struct FDBLibTLSSession : ITLSSession, ReferenceCounted { - FDBLibTLSSession(Reference policy, bool is_client, TLSSendCallbackFunc send_func, void* send_ctx, TLSRecvCallbackFunc recv_func, void* recv_ctx, void* uid); + FDBLibTLSSession(Reference policy, bool is_client, const char* servername, TLSSendCallbackFunc send_func, void* send_ctx, TLSRecvCallbackFunc recv_func, void* recv_ctx, void* uid); virtual ~FDBLibTLSSession(); virtual void addref() { ReferenceCounted::addref(); } virtual void delref() { ReferenceCounted::delref(); } - bool check_criteria(); + bool verify_peer(); + bool check_verify(Reference verify, struct stack_st_X509 *certs); virtual int handshake(); virtual int read(uint8_t* data, int length); @@ -45,6 +47,8 @@ struct FDBLibTLSSession : ITLSSession, ReferenceCounted { Reference policy; + bool is_client; + struct tls *tls_ctx; struct tls *tls_sctx; diff --git a/FDBLibTLS/FDBLibTLSVerify.cpp b/FDBLibTLS/FDBLibTLSVerify.cpp new file mode 100644 index 0000000000..74f6c53ad5 --- /dev/null +++ b/FDBLibTLS/FDBLibTLSVerify.cpp @@ -0,0 +1,220 @@ +/* + * FDBLibTLSVerify.cpp + * + * This source file is part of the FoundationDB open source project + * + * Copyright 2013-2018 Apple Inc. and the FoundationDB project authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "FDBLibTLSVerify.h" + +#include + +#include +#include + +static int hexValue(char c) { + static char const digits[] = "0123456789ABCDEF"; + + if (c >= 'a' && c <= 'f') + c -= ('a' - 'A'); + + int value = std::find(digits, digits + 16, c) - digits; + if (value >= 16) { + throw std::runtime_error("hexValue"); + } + return value; +} + +// Does not handle "raw" form (e.g. #28C4D1), only escaped text +static std::string de4514(std::string const& input, int start, int& out_end) { + std::string output; + + if(input[start] == '#' || input[start] == ' ') { + out_end = start; + return output; + } + + int space_count = 0; + + for(int p = start; p < input.size();) { + switch(input[p]) { + case '\\': // Handle escaped sequence + + // Backslash escaping nothing! + if(p == input.size() - 1) { + out_end = p; + goto FIN; + } + + switch(input[p+1]) { + case ' ': + case '"': + case '#': + case '+': + case ',': + case ';': + case '<': + case '=': + case '>': + case '\\': + output += input[p+1]; + p += 2; + space_count = 0; + continue; + + default: + // Backslash escaping pair of hex digits requires two characters + if(p == input.size() - 2) { + out_end = p; + goto FIN; + } + + try { + output += hexValue(input[p+1]) * 16 + hexValue(input[p+2]); + p += 3; + space_count = 0; + continue; + } catch( ... ) { + out_end = p; + goto FIN; + } + } + + case '"': + case '+': + case ',': + case ';': + case '<': + case '>': + case 0: + // All of these must have been escaped + out_end = p; + goto FIN; + + default: + // Character is what it is + output += input[p]; + if(input[p] == ' ') + space_count++; + else + space_count = 0; + p++; + } + } + + out_end = input.size(); + + FIN: + out_end -= space_count; + output.resize(output.size() - space_count); + + return output; +} + +static std::pair splitPair(std::string const& input, char c) { + int p = input.find_first_of(c); + if(p == input.npos) { + throw std::runtime_error("splitPair"); + } + return std::make_pair(input.substr(0, p), input.substr(p+1, input.size())); +} + +static int abbrevToNID(std::string const& sn) { + int nid = NID_undef; + + if (sn == "C" || sn == "CN" || sn == "L" || sn == "ST" || sn == "O" || sn == "OU") + nid = OBJ_sn2nid(sn.c_str()); + if (nid == NID_undef) + throw std::runtime_error("abbrevToNID"); + + return nid; +} + +FDBLibTLSVerify::FDBLibTLSVerify(std::string verify_config): + verify_cert(true), verify_time(true) { + parse_verify(verify_config); +} + +FDBLibTLSVerify::~FDBLibTLSVerify() { +} + +void FDBLibTLSVerify::parse_verify(std::string input) { + int s = 0; + + while (s < input.size()) { + int eq = input.find('=', s); + + if (eq == input.npos) + throw std::runtime_error("parse_verify"); + + std::string term = input.substr(s, eq - s); + + if (term.find("Check.") == 0) { + if (eq + 2 > input.size()) + throw std::runtime_error("parse_verify"); + if (eq + 2 != input.size() && input[eq + 2] != ',') + throw std::runtime_error("parse_verify"); + + bool* flag; + + if (term == "Check.Valid") + flag = &verify_cert; + else if (term == "Check.Unexpired") + flag = &verify_time; + else + throw std::runtime_error("parse_verify"); + + if (input[eq + 1] == '0') + *flag = false; + else if (input[eq + 1] == '1') + *flag = true; + else + throw std::runtime_error("parse_verify"); + + s = eq + 3; + } else { + std::map* criteria = &subject_criteria; + + if (term.find('.') != term.npos) { + auto scoped = splitPair(term, '.'); + + if (scoped.first == "S" || scoped.first == "Subject") + criteria = &subject_criteria; + else if (scoped.first == "I" || scoped.first == "Issuer") + criteria = &issuer_criteria; + else if (scoped.first == "R" || scoped.first == "Root") + criteria = &root_criteria; + else + throw std::runtime_error("parse_verify"); + + term = scoped.second; + } + + int remain; + auto unesc = de4514(input, eq + 1, remain); + + if (remain == eq + 1) + throw std::runtime_error("parse_verify"); + + criteria->insert(std::make_pair(abbrevToNID(term), unesc)); + + if (remain != input.size() && input[remain] != ',') + throw std::runtime_error("parse_verify"); + + s = remain + 1; + } + } +} diff --git a/FDBLibTLS/FDBLibTLSVerify.h b/FDBLibTLS/FDBLibTLSVerify.h new file mode 100644 index 0000000000..e00a8b995c --- /dev/null +++ b/FDBLibTLS/FDBLibTLSVerify.h @@ -0,0 +1,50 @@ +/* + * FDBLibTLSVerify.h + * + * This source file is part of the FoundationDB open source project + * + * Copyright 2013-2018 Apple Inc. and the FoundationDB project authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef FDB_LIBTLS_VERIFY_H +#define FDB_LIBTLS_VERIFY_H + +#pragma once + +#include + +#include "ReferenceCounted.h" + +#include +#include + +struct FDBLibTLSVerify: ReferenceCounted { + FDBLibTLSVerify(std::string verify); + virtual ~FDBLibTLSVerify(); + + virtual void addref() { ReferenceCounted::addref(); } + virtual void delref() { ReferenceCounted::delref(); } + + void parse_verify(std::string input); + + bool verify_cert; + bool verify_time; + + std::map subject_criteria; + std::map issuer_criteria; + std::map root_criteria; +}; + +#endif /* FDB_LIBTLS_VERIFY_H */ diff --git a/FDBLibTLS/ITLSPlugin.h b/FDBLibTLS/ITLSPlugin.h index 40779d2e72..37fa9f65b9 100644 --- a/FDBLibTLS/ITLSPlugin.h +++ b/FDBLibTLS/ITLSPlugin.h @@ -61,6 +61,16 @@ struct ITLSPolicy { virtual void addref() = 0; virtual void delref() = 0; + // set_ca_data should import the provided certificate list and + // associate it with this policy. cert_data will point to a PEM + // encoded certificate list of trust roots. + // + // set_ca_data should return true if the operation succeeded, + // and false otherwise. After the first call to create_session for + // a given policy, set_ca_data should immediately return false + // if called. + virtual bool set_ca_data(const uint8_t* ca_data, int ca_len) = 0; + // set_cert_data should import the provided certificate list and // associate it with this policy. cert_data will point to a PEM // encoded certificate list, ordered such that each certificate @@ -77,7 +87,8 @@ struct ITLSPolicy { // set_key_data should import the provided private key and // associate it with this policy. key_data will point to a PEM - // encoded key. + // encoded key, which may be encrypted. If encrypted the password + // argument should be specified, otherwise it may be NULL. // // key_data may additionally contain certificate information, // which must be ignored. @@ -86,7 +97,7 @@ struct ITLSPolicy { // false otherwise. After the first call to create_session for a // given policy, set_key_data should immediately return false if // called. - virtual bool set_key_data(const uint8_t* key_data, int key_len) = 0; + virtual bool set_key_data(const uint8_t* key_data, int key_len, const char* password) = 0; // set_verify_peers should modify the validation rules for // verifying a peer during connection handshake. The format of @@ -96,7 +107,7 @@ struct ITLSPolicy { // and false otherwise. After the first call to create_session for // a given policy, set_verify_peers should immediately return // false if called. - virtual bool set_verify_peers(const uint8_t* verify_peers, int verify_peers_len) = 0; + virtual bool set_verify_peers(int count, const uint8_t* verify_peers[], int verify_peers_len[]) = 0; // create_session should return a new object that implements // ITLSSession, associated with this policy. After the first call @@ -109,7 +120,7 @@ struct ITLSPolicy { // // uid should only be provided when invoking an ITLSLogFunc, which // will use it to identify this session. - virtual ITLSSession* create_session(bool is_client, TLSSendCallbackFunc send_func, void* send_ctx, TLSRecvCallbackFunc recv_func, void* recv_ctx, void* uid ) = 0; + virtual ITLSSession* create_session(bool is_client, const char *servername, TLSSendCallbackFunc send_func, void* send_ctx, TLSRecvCallbackFunc recv_func, void* recv_ctx, void* uid) = 0; }; // Logs a message/error to the appropriate trace log. diff --git a/FDBLibTLS/Makefile b/FDBLibTLS/Makefile index 4e0782268e..c0d0511622 100644 --- a/FDBLibTLS/Makefile +++ b/FDBLibTLS/Makefile @@ -69,7 +69,7 @@ $(error Unknown platform $(PLATFORM)) endif PLUGIN := FDBLibTLS.$(DYEXT) -OBJECTS := FDBLibTLSPlugin.o FDBLibTLSPolicy.o FDBLibTLSSession.o +OBJECTS := FDBLibTLSPlugin.o FDBLibTLSPolicy.o FDBLibTLSSession.o FDBLibTLSVerify.o LINKLINE := $(CXXFLAGS) $(CFLAGS) $(LDFLAGS) $(OBJECTS) $(LINK_LDFLAGS) -o $(PLUGIN) all: $(PLUGIN) diff --git a/FDBLibTLS/plugin-test.cpp b/FDBLibTLS/plugin-test.cpp index 7156d1b48c..087ca86db3 100644 --- a/FDBLibTLS/plugin-test.cpp +++ b/FDBLibTLS/plugin-test.cpp @@ -48,29 +48,27 @@ static std::string load_file(std::string path) return ss.str(); } -struct FDBLibTLSClientServerTest { - FDBLibTLSClientServerTest(bool client_success, bool server_success, std::string client_path, std::string server_path, std::string client_verify, std::string server_verify): - client_success(client_success), server_success(server_success), client_verify(client_verify), server_verify(server_verify) { - client_data = load_file(TESTDATA + client_path); - server_data = load_file(TESTDATA + server_path); - } - ~FDBLibTLSClientServerTest() {} +struct client_server_test { + std::string ca_path; bool client_success; - bool server_success; + std::string client_path; + const char* client_password; + std::vector client_verify; + const char* servername; - std::string client_data; - std::string client_verify; - std::string server_data; - std::string server_verify; + bool server_success; + std::string server_path; + const char* server_password; + std::vector server_verify; }; struct FDBLibTLSPluginTest { - FDBLibTLSPluginTest(Reference plugin, ITLSLogFunc logf); - ~FDBLibTLSPluginTest(); + FDBLibTLSPluginTest(Reference plugin, ITLSLogFunc logf); + ~FDBLibTLSPluginTest(); - Reference plugin; - ITLSLogFunc logf; + Reference plugin; + ITLSLogFunc logf; boost::circular_buffer client_buffer; boost::circular_buffer server_buffer; @@ -83,13 +81,13 @@ struct FDBLibTLSPluginTest { int server_write(const uint8_t* buf, int len); Reference create_policy(void); - Reference create_client_session(Reference policy); + Reference create_client_session(Reference policy, const char* servername); Reference create_server_session(Reference policy); void circular_reset(void); void circular_self_test(void); - int client_server_test(FDBLibTLSClientServerTest const& cst); + int client_server_test(const struct client_server_test *cst); int set_cert_data_test(void); }; @@ -225,9 +223,9 @@ static int client_recv_func(void* ctx, uint8_t* buf, int len) { } } -Reference FDBLibTLSPluginTest::create_client_session(Reference policy) +Reference FDBLibTLSPluginTest::create_client_session(Reference policy, const char* servername) { - return Reference(policy->create_session(true, client_send_func, this, client_recv_func, this, NULL)); + return Reference(policy->create_session(true, servername, client_send_func, this, client_recv_func, this, NULL)); } static int server_send_func(void* ctx, const uint8_t* buf, int len) { @@ -250,42 +248,74 @@ static int server_recv_func(void* ctx, uint8_t* buf, int len) { Reference FDBLibTLSPluginTest::create_server_session(Reference policy) { - return Reference(policy->create_session(false, server_send_func, this, server_recv_func, this, NULL)); + return Reference(policy->create_session(false, NULL, server_send_func, this, server_recv_func, this, NULL)); } -int FDBLibTLSPluginTest::client_server_test(FDBLibTLSClientServerTest const& cst) +#define MAX_VERIFY_RULES 5 + +static void convert_verify_peers(const std::vector *verify_rules, const uint8_t *verify_peers[], int verify_peers_len[]) { + if (verify_rules->size() > MAX_VERIFY_RULES) + throw std::runtime_error("verify"); + int i = 0; + for (auto &verify_rule: *verify_rules) { + verify_peers[i] = (const uint8_t *)&verify_rule[0]; + verify_peers_len[i] = verify_rule.size(); + i++; + } +} + +int FDBLibTLSPluginTest::client_server_test(const struct client_server_test* cst) { + const uint8_t *verify_peers[MAX_VERIFY_RULES]; + int verify_peers_len[MAX_VERIFY_RULES]; + circular_reset(); + std::string ca_data = load_file(TESTDATA + cst->ca_path); + std::string client_data = load_file(TESTDATA + cst->client_path); + std::string server_data = load_file(TESTDATA + cst->server_path); + Reference client_policy = create_policy(); - if (!client_policy->set_cert_data((const uint8_t*)&cst.client_data[0], cst.client_data.size())) { + if (!client_policy->set_ca_data((const uint8_t*)&ca_data[0], ca_data.size())) { + std::cerr << "FAIL: failed to set client ca data\n"; + return 1; + } + if (!client_policy->set_cert_data((const uint8_t*)&client_data[0], client_data.size())) { std::cerr << "FAIL: failed to set client cert data\n"; return 1; } - if (!client_policy->set_key_data((const uint8_t*)&cst.client_data[0], cst.client_data.size())) { + if (!client_policy->set_key_data((const uint8_t*)&client_data[0], client_data.size(), cst->client_password)) { std::cerr << "FAIL: failed to set client key data\n"; return 1; } - if (!client_policy->set_verify_peers((const uint8_t*)&cst.client_verify[0], cst.client_verify.size())) { - std::cerr << "FAIL: failed to set client key data\n"; - return 1; + if (!cst->client_verify.empty()) { + convert_verify_peers(&cst->client_verify, verify_peers, verify_peers_len); + if (!client_policy->set_verify_peers(cst->client_verify.size(), verify_peers, verify_peers_len)) { + std::cerr << "FAIL: failed to set client verify peers\n"; + return 1; + } } Reference server_policy = create_policy(); - if (!server_policy->set_cert_data((const uint8_t*)&cst.server_data[0], cst.server_data.size())) { + if (!server_policy->set_ca_data((const uint8_t*)&ca_data[0], ca_data.size())) { + std::cerr << "FAIL: failed to set server ca data\n"; + return 1; + } + if (!server_policy->set_cert_data((const uint8_t*)&server_data[0], server_data.size())) { std::cerr << "FAIL: failed to set server cert data\n"; return 1; } - if (!server_policy->set_key_data((const uint8_t*)&cst.server_data[0], cst.server_data.size())) { + if (!server_policy->set_key_data((const uint8_t*)&server_data[0], server_data.size(), cst->server_password)) { std::cerr << "FAIL: failed to set server key data\n"; return 1; } - if (!server_policy->set_verify_peers((const uint8_t*)&cst.server_verify[0], cst.server_verify.size())) { - std::cerr << "FAIL: failed to set client key data\n"; + convert_verify_peers(&cst->server_verify, verify_peers, verify_peers_len); + if (!server_policy->set_verify_peers(cst->server_verify.size(), verify_peers, verify_peers_len)) { + std::cerr << "FAIL: failed to set server verify peers\n"; return 1; } - Reference client_session = create_client_session(client_policy); + Reference client_session = create_client_session(client_policy, cst->servername); Reference server_session = create_server_session(server_policy); if (client_session.getPtr() == NULL || server_session.getPtr() == NULL) @@ -302,7 +332,7 @@ int FDBLibTLSPluginTest::client_server_test(FDBLibTLSClientServerTest const& cst if (rc == ITLSSession::SUCCESS) { client_done = true; } else if (rc == ITLSSession::FAILED) { - if (cst.client_success) { + if (cst->client_success) { std::cerr << "FAIL: failed to complete client handshake\n"; return 1; } else { @@ -320,7 +350,7 @@ int FDBLibTLSPluginTest::client_server_test(FDBLibTLSClientServerTest const& cst if (rc == ITLSSession::SUCCESS) { server_done = true; } else if (rc == ITLSSession::FAILED) { - if (cst.server_success) { + if (cst->server_success) { std::cerr << "FAIL: failed to complete server handshake\n"; return 1; } else { @@ -340,11 +370,15 @@ int FDBLibTLSPluginTest::client_server_test(FDBLibTLSClientServerTest const& cst return 1; } - if (!cst.client_success && !client_failed) + if (!cst->client_success && !client_failed) { std::cerr << "FAIL: client handshake succeeded when it should have failed\n"; - if (!cst.server_success && !server_failed) + return 1; + } + if (!cst->server_success && !server_failed) { std::cerr << "FAIL: server handshake succeeded when it should have failed\n"; - if (!cst.client_success || !cst.server_success) + return 1; + } + if (!cst->client_success || !cst->server_success) return 0; std::cerr << "INFO: handshake completed successfully\n"; @@ -477,6 +511,546 @@ static void logf(const char* event, void* uid, int is_error, ...) { va_end(args); } +const struct client_server_test client_server_tests[] = { + // Single root CA. + { + .ca_path = "test-ca-1.pem", + .client_success = true, + .client_path = "test-client-1.pem", + .client_password = NULL, + .client_verify = {""}, + .servername = NULL, + .server_success = true, + .server_path = "test-server-1.pem", + .server_password = NULL, + .server_verify = {""}, + }, + { + .ca_path = "test-ca-1.pem", + .client_success = true, + .client_path = "test-client-1.pem", + .client_password = NULL, + .client_verify = {""}, + .servername = NULL, + .server_success = true, + .server_path = "test-server-2.pem", + .server_password = NULL, + .server_verify = {""}, + }, + { + .ca_path = "test-ca-1.pem", + .client_success = true, + .client_path = "test-client-2.pem", + .client_password = NULL, + .client_verify = {""}, + .servername = NULL, + .server_success = true, + .server_path = "test-server-1.pem", + .server_password = NULL, + .server_verify = {""}, + }, + { + .ca_path = "test-ca-1.pem", + .client_success = true, + .client_path = "test-client-2.pem", + .client_password = NULL, + .client_verify = {""}, + .servername = NULL, + .server_success = true, + .server_path = "test-server-2.pem", + .server_password = NULL, + .server_verify = {""}, + }, + + // Multiple root CAs. + { + .ca_path = "test-ca-all.pem", + .client_success = true, + .client_path = "test-client-1.pem", + .client_password = NULL, + .client_verify = {""}, + .servername = NULL, + .server_success = true, + .server_path = "test-server-4.pem", + .server_password = "fdb123", + .server_verify = {""}, + }, + { + .ca_path = "test-ca-all.pem", + .client_success = true, + .client_path = "test-client-4.pem", + .client_password = "fdb321", + .client_verify = {""}, + .servername = NULL, + .server_success = true, + .server_path = "test-server-1.pem", + .server_password = "fdb123", + .server_verify = {""}, + }, + { + .ca_path = "test-ca-1.pem", + .client_success = false, + .client_path = "test-client-1.pem", + .client_password = NULL, + .client_verify = {""}, + .servername = NULL, + .server_success = true, + .server_path = "test-server-4.pem", + .server_password = "fdb123", + .server_verify = {""}, + }, + { + .ca_path = "test-ca-2.pem", + .client_success = true, + .client_path = "test-client-1.pem", + .client_password = NULL, + .client_verify = {""}, + .servername = NULL, + .server_success = false, + .server_path = "test-server-4.pem", + .server_password = "fdb123", + .server_verify = {""}, + }, + + // Expired certificates. + { + .ca_path = "test-ca-1.pem", + .client_success = false, + .client_path = "test-client-1.pem", + .client_password = NULL, + .client_verify = {""}, + .servername = NULL, + .server_success = true, + .server_path = "test-server-3.pem", + .server_password = NULL, + .server_verify = {""}, + }, + { + .ca_path = "test-ca-1.pem", + .client_success = true, + .client_path = "test-client-3.pem", + .client_password = NULL, + .client_verify = {""}, + .servername = NULL, + .server_success = false, + .server_path = "test-server-1.pem", + .server_password = NULL, + .server_verify = {""}, + }, + { + .ca_path = "test-ca-1.pem", + .client_success = true, + .client_path = "test-client-1.pem", + .client_password = NULL, + .client_verify = {"Check.Unexpired=0"}, + .servername = NULL, + .server_success = true, + .server_path = "test-server-3.pem", + .server_password = NULL, + .server_verify = {""}, + }, + { + .ca_path = "test-ca-1.pem", + .client_success = true, + .client_path = "test-client-3.pem", + .client_password = NULL, + .client_verify = {""}, + .servername = NULL, + .server_success = true, + .server_path = "test-server-1.pem", + .server_password = NULL, + .server_verify = {"Check.Unexpired=0"}, + }, + { + .ca_path = "test-ca-1.pem", + .client_success = true, + .client_path = "test-client-1.pem", + .client_password = NULL, + .client_verify = {"Check.Valid=0"}, + .servername = NULL, + .server_success = true, + .server_path = "test-server-3.pem", + .server_password = NULL, + .server_verify = {""}, + }, + { + .ca_path = "test-ca-1.pem", + .client_success = true, + .client_path = "test-client-3.pem", + .client_password = NULL, + .client_verify = {""}, + .servername = NULL, + .server_success = true, + .server_path = "test-server-1.pem", + .server_password = NULL, + .server_verify = {"Check.Valid=0"}, + }, + { + .ca_path = "test-ca-1.pem", + .client_success = false, + .client_path = "test-client-1.pem", + .client_password = NULL, + .client_verify = {"I.CN=FDB LibTLS Plugin Test Intermediate CA 1", "I.CN=FDB LibTLS Plugin Test Intermediate CA 2,Check.Unexpired=0"}, + .servername = NULL, + .server_success = true, + .server_path = "test-server-3.pem", + .server_password = NULL, + .server_verify = {""}, + }, + { + .ca_path = "test-ca-1.pem", + .client_success = true, + .client_path = "test-client-1.pem", + .client_password = NULL, + .client_verify = {"I.CN=FDB LibTLS Plugin Test Intermediate CA 1,Check.Unexpired=0", "I.CN=FDB LibTLS Plugin Test Intermediate CA 2"}, + .servername = NULL, + .server_success = true, + .server_path = "test-server-3.pem", + .server_password = NULL, + .server_verify = {""}, + }, + + // Match on specific subject and/or issuer. + { + .ca_path = "test-ca-1.pem", + .client_success = true, + .client_path = "test-client-1.pem", + .client_password = NULL, + .client_verify = {"C=US"}, + .servername = NULL, + .server_success = true, + .server_path = "test-server-1.pem", + .server_password = NULL, + .server_verify = {""}, + }, + { + .ca_path = "test-ca-1.pem", + .client_success = false, + .client_path = "test-client-1.pem", + .client_password = NULL, + .client_verify = {"C=US"}, + .servername = NULL, + .server_success = true, + .server_path = "test-server-2.pem", + .server_password = NULL, + .server_verify = {""}, + }, + { + .ca_path = "test-ca-1.pem", + .client_success = true, + .client_path = "test-client-1.pem", + .client_password = NULL, + .client_verify = {"C=AU"}, + .servername = NULL, + .server_success = true, + .server_path = "test-server-2.pem", + .server_password = NULL, + .server_verify = {""}, + }, + { + .ca_path = "test-ca-1.pem", + .client_success = true, + .client_path = "test-client-1.pem", + .client_password = NULL, + .client_verify = {"C=US", "C=AU"}, + .servername = NULL, + .server_success = true, + .server_path = "test-server-2.pem", + .server_password = NULL, + .server_verify = {""}, + }, + { + .ca_path = "test-ca-1.pem", + .client_success = false, + .client_path = "test-client-1.pem", + .client_password = NULL, + .client_verify = {"C=US", "C=JP"}, + .servername = NULL, + .server_success = true, + .server_path = "test-server-2.pem", + .server_password = NULL, + .server_verify = {""}, + }, + { + .ca_path = "test-ca-1.pem", + .client_success = true, + .client_path = "test-client-1.pem", + .client_password = NULL, + .client_verify = {"CN=FDB LibTLS Plugin Test Server 2\\, \\80 \\<\\01\\+\\02=\\03\\>"}, + .servername = NULL, + .server_success = true, + .server_path = "test-server-2.pem", + .server_password = NULL, + .server_verify = {""}, + }, + { + .ca_path = "test-ca-1.pem", + .client_success = false, + .client_path = "test-client-1.pem", + .client_password = NULL, + .client_verify = {"CN=FDB LibTLS Plugin Test Server 2\\, \\80 \\<\\01\\+\\02=\\04\\>"}, + .servername = NULL, + .server_success = true, + .server_path = "test-server-2.pem", + .server_password = NULL, + .server_verify = {""}, + }, + { + .ca_path = "test-ca-1.pem", + .client_success = false, + .client_path = "test-client-1.pem", + .client_password = NULL, + .client_verify = {"CN=FDB LibTLS Plugin Test Server 2\\, \\81 \\<\\01\\+\\02=\\04\\>"}, + .servername = NULL, + .server_success = true, + .server_path = "test-server-2.pem", + .server_password = NULL, + .server_verify = {""}, + }, + { + .ca_path = "test-ca-1.pem", + .client_success = false, + .client_path = "test-client-1.pem", + .client_password = NULL, + .client_verify = {"CN=FDB LibTLS Plugin Test Server 2\\, \\80 \\<\\01\\+\\02=\\04"}, + .servername = NULL, + .server_success = true, + .server_path = "test-server-2.pem", + .server_password = NULL, + .server_verify = {""}, + }, + { + .ca_path = "test-ca-1.pem", + .client_success = true, + .client_path = "test-client-1.pem", + .client_password = NULL, + .client_verify = {"CN=FDB LibTLS Plugin Test Server 2\\, \\80 \\<\\01\\+\\02=\\03\\>"}, + .servername = NULL, + .server_success = true, + .server_path = "test-server-2.pem", + .server_password = NULL, + .server_verify = {"CN=FDB LibTLS Plugin Test Client 1"}, + }, + { + .ca_path = "test-ca-1.pem", + .client_success = true, + .client_path = "test-client-1.pem", + .client_password = NULL, + .client_verify = {""}, + .servername = NULL, + .server_success = true, + .server_path = "test-server-1.pem", + .server_password = NULL, + .server_verify = {"CN=FDB LibTLS Plugin Test Client 1"}, + }, + { + .ca_path = "test-ca-1.pem", + .client_success = true, + .client_path = "test-client-2.pem", + .client_password = NULL, + .client_verify = {""}, + .servername = NULL, + .server_success = false, + .server_path = "test-server-1.pem", + .server_password = NULL, + .server_verify = {"O=Apple Pty Limited,OU=FDC Team"}, + }, + { + .ca_path = "test-ca-1.pem", + .client_success = true, + .client_path = "test-client-2.pem", + .client_password = NULL, + .client_verify = {"O=Apple Inc.,OU=FDB Team"}, + .servername = NULL, + .server_success = true, + .server_path = "test-server-1.pem", + .server_password = NULL, + .server_verify = {"O=Apple Pty Limited,OU=FDB Team"}, + }, + { + .ca_path = "test-ca-1.pem", + .client_success = false, + .client_path = "test-client-2.pem", + .client_password = NULL, + .client_verify = {"O=Apple Inc.,OU=FDC Team"}, + .servername = NULL, + .server_success = false, + .server_path = "test-server-1.pem", + .server_password = NULL, + .server_verify = {"O=Apple Pty Limited,OU=FDC Team"}, + }, + { + .ca_path = "test-ca-1.pem", + .client_success = true, + .client_path = "test-client-1.pem", + .client_password = NULL, + .client_verify = {"I.C=US,I.ST=California,I.L=Cupertino,I.O=Apple Inc.,I.OU=FDB Team"}, + .servername = NULL, + .server_success = true, + .server_path = "test-server-1.pem", + .server_password = NULL, + .server_verify = {"I.C=US,I.ST=California,I.L=Cupertino,I.O=Apple Inc.,I.OU=FDB Team"}, + }, + { + .ca_path = "test-ca-1.pem", + .client_success = false, + .client_path = "test-client-1.pem", + .client_password = NULL, + .client_verify = {"I.C=US,I.ST=California,I.L=Cupertino,I.O=Apple Inc.,I.OU=FDC Team"}, + .servername = NULL, + .server_success = false, + .server_path = "test-server-1.pem", + .server_password = NULL, + .server_verify = {"I.C=US,I.ST=California,I.L=Cupertino,I.O=Apple Inc.,I.OU=FDC Team"}, + }, + { + .ca_path = "test-ca-1.pem", + .client_success = true, + .client_path = "test-client-1.pem", + .client_password = NULL, + .client_verify = {"I.CN=FDB LibTLS Plugin Test Intermediate CA 1"}, + .servername = NULL, + .server_success = true, + .server_path = "test-server-1.pem", + .server_password = NULL, + .server_verify = {"I.CN=FDB LibTLS Plugin Test Intermediate CA 1"}, + }, + { + .ca_path = "test-ca-1.pem", + .client_success = false, + .client_path = "test-client-1.pem", + .client_password = NULL, + .client_verify = {"I.CN=FDB LibTLS Plugin Test Intermediate CA 2"}, + .servername = NULL, + .server_success = true, + .server_path = "test-server-1.pem", + .server_password = NULL, + .server_verify = {"I.CN=FDB LibTLS Plugin Test Intermediate CA 1"}, + }, + { + .ca_path = "test-ca-1.pem", + .client_success = true, + .client_path = "test-client-1.pem", + .client_password = NULL, + .client_verify = {"I.CN=FDB LibTLS Plugin Test Intermediate CA 2"}, + .servername = NULL, + .server_success = true, + .server_path = "test-server-2.pem", + .server_password = NULL, + .server_verify = {"I.CN=FDB LibTLS Plugin Test Intermediate CA 1"}, + }, + { + .ca_path = "test-ca-1.pem", + .client_success = true, + .client_path = "test-client-1.pem", + .client_password = NULL, + .client_verify = {"CN=FDB LibTLS Plugin Test Server 2\\, \\80 \\<\\01\\+\\02=\\03\\>,I.CN=FDB LibTLS Plugin Test Intermediate CA 2"}, + .servername = NULL, + .server_success = true, + .server_path = "test-server-2.pem", + .server_password = NULL, + .server_verify = {"I.CN=FDB LibTLS Plugin Test Intermediate CA 1,O=Apple Inc.,I.C=US,S.C=US"}, + }, + { + .ca_path = "test-ca-1.pem", + .client_success = false, + .client_path = "test-client-1.pem", + .client_password = NULL, + .client_verify = {"CN=FDB LibTLS Plugin Test Server 2\\, \\80 \\<\\01\\+\\02=\\03\\>,I.CN=FDB LibTLS Plugin Test Intermediate CA 1"}, + .servername = NULL, + .server_success = true, + .server_path = "test-server-2.pem", + .server_password = NULL, + .server_verify = {"I.CN=FDB LibTLS Plugin Test Intermediate CA 1,O=Apple Inc.,I.C=US,S.C=US"}, + }, + { + .ca_path = "test-ca-1.pem", + .client_success = true, + .client_path = "test-client-1.pem", + .client_password = NULL, + .client_verify = {"R.CN=FDB LibTLS Plugin Test Root CA 1"}, + .servername = NULL, + .server_success = true, + .server_path = "test-server-2.pem", + .server_password = NULL, + .server_verify = {"R.CN=FDB LibTLS Plugin Test Root CA 1"}, + }, + { + .ca_path = "test-ca-all.pem", + .client_success = false, + .client_path = "test-client-1.pem", + .client_password = NULL, + .client_verify = {"R.CN=FDB LibTLS Plugin Test Root CA 1"}, + .servername = NULL, + .server_success = true, + .server_path = "test-server-4.pem", + .server_password = "fdb123", + .server_verify = {"R.CN=FDB LibTLS Plugin Test Root CA 1"}, + }, + { + .ca_path = "test-ca-all.pem", + .client_success = true, + .client_path = "test-client-1.pem", + .client_password = NULL, + .client_verify = {"R.CN=FDB LibTLS Plugin Test Root CA 1", "R.CN=FDB LibTLS Plugin Test Root CA 2"}, + .servername = NULL, + .server_success = true, + .server_path = "test-server-4.pem", + .server_password = "fdb123", + .server_verify = {"R.CN=FDB LibTLS Plugin Test Root CA 1"}, + }, + { + .ca_path = "test-ca-all.pem", + .client_success = true, + .client_path = "test-client-1.pem", + .client_password = NULL, + .client_verify = {"R.CN=FDB LibTLS Plugin Test Root CA 2"}, + .servername = NULL, + .server_success = true, + .server_path = "test-server-4.pem", + .server_password = "fdb123", + .server_verify = {"R.CN=FDB LibTLS Plugin Test Root CA 1"}, + }, + { + .ca_path = "test-ca-all.pem", + .client_success = true, + .client_path = "test-client-1.pem", + .client_password = NULL, + .client_verify = {"R.OU=FDB Team"}, + .servername = NULL, + .server_success = true, + .server_path = "test-server-4.pem", + .server_password = "fdb123", + .server_verify = {"R.OU=FDB Team"}, + }, + + // Client performing name validation via servername. + { + .ca_path = "test-ca-1.pem", + .client_success = true, + .client_path = "test-client-1.pem", + .client_password = NULL, + .client_verify = {}, + .servername = "test.foundationdb.org", + .server_success = true, + .server_path = "test-server-1.pem", + .server_password = NULL, + .server_verify = {""}, + }, + { + .ca_path = "test-ca-1.pem", + .client_success = false, + .client_path = "test-client-1.pem", + .client_password = NULL, + .client_verify = {}, + .servername = "www.foundationdb.org", + .server_success = true, + .server_path = "test-server-1.pem", + .server_password = NULL, + .server_verify = {""}, + }, +}; + int main(int argc, char **argv) { void *pluginSO = NULL; @@ -502,81 +1076,12 @@ int main(int argc, char **argv) Reference plugin = Reference((ITLSPlugin *)getPlugin(ITLSPlugin::get_plugin_type_name_and_version())); - std::vector tests = { - // Valid - all use single root CA. - FDBLibTLSClientServerTest(true, true, "test-1-client.pem", "test-1-server.pem", "", ""), - FDBLibTLSClientServerTest(true, true, "test-1-client.pem", "test-2-server.pem", "", ""), - FDBLibTLSClientServerTest(true, true, "test-2-client.pem", "test-2-server.pem", "", ""), - FDBLibTLSClientServerTest(true, true, "test-2-client.pem", "test-1-server.pem", "", ""), - - // Certificates terminate at different intermediate CAs. - FDBLibTLSClientServerTest(false, false, "test-4-client.pem", "test-5-server.pem", "", ""), - FDBLibTLSClientServerTest(false, false, "test-5-client.pem", "test-4-server.pem", "", ""), - FDBLibTLSClientServerTest(true, true, "test-4-client.pem", "test-5-server.pem", - "Check.Valid=0", "Check.Valid=0"), - FDBLibTLSClientServerTest(true, true, "test-5-client.pem", "test-4-server.pem", - "Check.Valid=0", "Check.Valid=0"), - - // Expired certificates. - FDBLibTLSClientServerTest(false, false, "test-1-client.pem", "test-3-server.pem", "", ""), - FDBLibTLSClientServerTest(false, false, "test-3-client.pem", "test-1-server.pem", "", ""), - FDBLibTLSClientServerTest(true, true, "test-1-client.pem", "test-3-server.pem", "Check.Unexpired=0", ""), - FDBLibTLSClientServerTest(true, true, "test-3-client.pem", "test-1-server.pem", "", "Check.Unexpired=0"), - FDBLibTLSClientServerTest(true, true, "test-1-client.pem", "test-3-server.pem", "Check.Valid=0", ""), - FDBLibTLSClientServerTest(true, true, "test-3-client.pem", "test-1-server.pem", "", "Check.Valid=0"), - - // Match on specific subject and/or issuer. - FDBLibTLSClientServerTest(true, true, "test-1-client.pem", "test-1-server.pem", "C=US", ""), - FDBLibTLSClientServerTest(false, true, "test-1-client.pem", "test-2-server.pem", "C=US", ""), - FDBLibTLSClientServerTest(true, true, "test-1-client.pem", "test-2-server.pem", "C=AU", ""), - FDBLibTLSClientServerTest(true, true, "test-1-client.pem", "test-2-server.pem", - "CN=FDB LibTLS Plugin Test Server 2\\, \\80 \\<\\01\\+\\02=\\03\\>", ""), - FDBLibTLSClientServerTest(false, true, "test-1-client.pem", "test-2-server.pem", - "CN=FDB LibTLS Plugin Test Server 2\\, \\80 \\<\\01\\+\\02=\\04\\>", ""), - FDBLibTLSClientServerTest(false, true, "test-1-client.pem", "test-2-server.pem", - "CN=FDB LibTLS Plugin Test Server 2\\, \\81 \\<\\01\\+\\02=\\04\\>", ""), - FDBLibTLSClientServerTest(false, true, "test-1-client.pem", "test-2-server.pem", - "CN=FDB LibTLS Plugin Test Server 2\\, \\80 \\<\\01\\+\\02=\\04", ""), - FDBLibTLSClientServerTest(true, true, "test-1-client.pem", "test-2-server.pem", - "CN=FDB LibTLS Plugin Test Server 2\\, \\80 \\<\\01\\+\\02=\\03\\>", - "CN=FDB LibTLS Plugin Test Client 1"), - FDBLibTLSClientServerTest(true, true, "test-1-client.pem", "test-1-server.pem", - "", "CN=FDB LibTLS Plugin Test Client 1"), - FDBLibTLSClientServerTest(true, false, "test-2-client.pem", "test-1-server.pem", - "", "O=Apple Pty Limited,OU=FDC Team"), - FDBLibTLSClientServerTest(true, true, "test-2-client.pem", "test-1-server.pem", - "O=Apple Inc.,OU=FDB Team", "O=Apple Pty Limited,OU=FDB Team"), - FDBLibTLSClientServerTest(false, false, "test-2-client.pem", "test-1-server.pem", - "O=Apple Inc.,OU=FDC Team", "O=Apple Pty Limited,OU=FDC Team"), - FDBLibTLSClientServerTest(true, true, "test-1-client.pem", "test-1-server.pem", - "I.C=US,I.ST=California,I.L=Cupertino,I.O=Apple Inc.,I.OU=FDB Team", - "I.C=US,I.ST=California,I.L=Cupertino,I.O=Apple Inc.,I.OU=FDB Team"), - FDBLibTLSClientServerTest(false, false, "test-1-client.pem", "test-1-server.pem", - "I.C=US,I.ST=California,I.L=Cupertino,I.O=Apple Inc.,I.OU=FDC Team", - "I.C=US,I.ST=California,I.L=Cupertino,I.O=Apple Inc.,I.OU=FDC Team"), - FDBLibTLSClientServerTest(true, true, "test-1-client.pem", "test-1-server.pem", - "I.CN=FDB LibTLS Plugin Test Intermediate CA 1", - "I.CN=FDB LibTLS Plugin Test Intermediate CA 1"), - FDBLibTLSClientServerTest(false, true, "test-1-client.pem", "test-1-server.pem", - "I.CN=FDB LibTLS Plugin Test Intermediate CA 2", - "I.CN=FDB LibTLS Plugin Test Intermediate CA 1"), - FDBLibTLSClientServerTest(true, true, "test-1-client.pem", "test-2-server.pem", - "I.CN=FDB LibTLS Plugin Test Intermediate CA 2", - "I.CN=FDB LibTLS Plugin Test Intermediate CA 1"), - FDBLibTLSClientServerTest(true, true, "test-1-client.pem", "test-2-server.pem", - "CN=FDB LibTLS Plugin Test Server 2\\, \\80 \\<\\01\\+\\02=\\03\\>,I.CN=FDB LibTLS Plugin Test Intermediate CA 2", - "I.CN=FDB LibTLS Plugin Test Intermediate CA 1,O=Apple Inc.,I.C=US,S.C=US"), - FDBLibTLSClientServerTest(false, true, "test-1-client.pem", "test-2-server.pem", - "CN=FDB LibTLS Plugin Test Server 2\\, \\80 \\<\\01\\+\\02=\\03\\>,I.CN=FDB LibTLS Plugin Test Intermediate CA 1", - "I.CN=FDB LibTLS Plugin Test Intermediate CA 1,O=Apple Inc.,I.C=US,S.C=US"), - }; - FDBLibTLSPluginTest *pt = new FDBLibTLSPluginTest(plugin, (ITLSLogFunc)logf); int test_num = 1; - for (auto &test: tests) { + for (auto &cst: client_server_tests) { std::cerr << "== Test " << test_num++ << " ==\n"; - failed |= pt->client_server_test(test); + failed |= pt->client_server_test(&cst); } delete pt; diff --git a/FDBLibTLS/scripts/make-test-certs.sh b/FDBLibTLS/scripts/make-test-certs.sh index e5e8e46ab0..266e1cd185 100755 --- a/FDBLibTLS/scripts/make-test-certs.sh +++ b/FDBLibTLS/scripts/make-test-certs.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# make-tests-certs.sh +# make-test-certs.sh # # This source file is part of the FoundationDB open source project # @@ -33,6 +33,17 @@ cleanup() { trap cleanup EXIT INT +make_ca_bundle() { + local bundle_file=$1; + shift 1; + + printf '' > "${bundle_file}" + for f in $@; do + openssl x509 -nameopt oneline -subject -issuer -noout -in "${TMPDIR}/${f}" >> "${bundle_file}" + cat "${TMPDIR}/${f}" >> "${bundle_file}" + done +} + make_bundle() { local bundle_file=$1; local key_file=$2; @@ -80,36 +91,60 @@ subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer basicConstraints = critical, CA:false keyUsage = critical, digitalSignature + +[fdb_v3_server_san] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer +basicConstraints = critical, CA:false +keyUsage = critical, digitalSignature +subjectAltName = @fdb_v3_server_alt_names + +[fdb_v3_server_alt_names] +DNS.1 = test.foundationdb.org EOF -# Root CA. +# Root CA 1. openssl req -new -days 3650 -nodes -newkey rsa:2048 -sha256 -x509 \ - -subj "${SUBJECT} Root CA" -keyout "${TMPDIR}/ca-root.key" \ + -subj "${SUBJECT} Root CA 1" -keyout "${TMPDIR}/ca-root-1.key" \ -config "${TMPDIR}/openssl.cnf" -extensions fdb_v3_ca \ - -out "${TMPDIR}/ca-root.crt" + -out "${TMPDIR}/ca-root-1.crt" -# Intermediate CA 1. +# Root CA 2. +openssl req -new -days 3650 -nodes -newkey rsa:2048 -sha256 -x509 \ + -subj "${SUBJECT_ALT} Root CA 2" -keyout "${TMPDIR}/ca-root-2.key" \ + -config "${TMPDIR}/openssl.cnf" -extensions fdb_v3_ca \ + -out "${TMPDIR}/ca-root-2.crt" + +# Intermediate CA 1 (from CA 1). openssl req -new -days 3650 -nodes -newkey rsa:2048 -sha256 \ -subj "${SUBJECT} Intermediate CA 1" -keyout "${TMPDIR}/ca-int-1.key" \ -out "${TMPDIR}/ca-int-1.csr" -openssl x509 -req -days 3650 -CA "${TMPDIR}/ca-root.crt" -CAkey "${TMPDIR}/ca-root.key" \ +openssl x509 -req -days 3650 -CA "${TMPDIR}/ca-root-1.crt" -CAkey "${TMPDIR}/ca-root-1.key" \ -extfile "${TMPDIR}/openssl.cnf" -extensions fdb_v3_ca -days 3650 \ -CAcreateserial -in "${TMPDIR}/ca-int-1.csr" -out "${TMPDIR}/ca-int-1.crt" -# Intermediate CA 2. +# Intermediate CA 2 (from CA 1). openssl req -new -days 3650 -nodes -newkey rsa:2048 -sha256 \ -subj "${SUBJECT} Intermediate CA 2" -keyout "${TMPDIR}/ca-int-2.key" \ -out "${TMPDIR}/ca-int-2.csr" -openssl x509 -req -days 3650 -CA "${TMPDIR}/ca-root.crt" -CAkey "${TMPDIR}/ca-root.key" \ +openssl x509 -req -days 3650 -CA "${TMPDIR}/ca-root-1.crt" -CAkey "${TMPDIR}/ca-root-1.key" \ -extfile "${TMPDIR}/openssl.cnf" -extensions fdb_v3_ca -days 3650 \ -CAcreateserial -in "${TMPDIR}/ca-int-2.csr" -out "${TMPDIR}/ca-int-2.crt" +# Intermediate CA 3 (from CA 2). +openssl req -new -days 3650 -nodes -newkey rsa:2048 -sha256 \ + -subj "${SUBJECT} Intermediate CA 3" -keyout "${TMPDIR}/ca-int-3.key" \ + -out "${TMPDIR}/ca-int-3.csr" +openssl x509 -req -days 3650 -CA "${TMPDIR}/ca-root-2.crt" -CAkey "${TMPDIR}/ca-root-2.key" \ + -extfile "${TMPDIR}/openssl.cnf" -extensions fdb_v3_ca -days 3650 \ + -CAcreateserial -in "${TMPDIR}/ca-int-3.csr" -out "${TMPDIR}/ca-int-3.crt" + # Server 1. openssl req -new -days 3650 -nodes -newkey rsa:2048 -sha256 \ -subj "${SUBJECT} Server 1" -keyout "${TMPDIR}/server-1.key" \ -out "${TMPDIR}/server-1.csr" openssl x509 -req -days 3650 -CA "${TMPDIR}/ca-int-1.crt" -CAkey "${TMPDIR}/ca-int-1.key" \ - -extfile "${TMPDIR}/openssl.cnf" -extensions fdb_v3_other -days 3650 \ + -extfile "${TMPDIR}/openssl.cnf" -extensions fdb_v3_server_san -days 3650 \ -CAcreateserial -in "${TMPDIR}/server-1.csr" -out "${TMPDIR}/server-1.crt" # Server 2. @@ -130,6 +165,15 @@ printf "y\ny\n" | openssl ca -cert "${TMPDIR}/ca-int-1.crt" -keyfile "${TMPDIR}/ -config "${TMPDIR}/openssl.cnf" -notext \ -in "${TMPDIR}/server-3.csr" -out "${TMPDIR}/server-3.crt" +# Server 4. +openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -aes128 -pass pass:fdb123 \ + -out "${TMPDIR}/server-4.key" +openssl req -new -days 3650 -sha256 -key "${TMPDIR}/server-4.key" -passin pass:fdb123 \ + -subj "${SUBJECT} Server 4" -out "${TMPDIR}/server-4.csr" +openssl x509 -req -days 3650 -CA "${TMPDIR}/ca-int-3.crt" -CAkey "${TMPDIR}/ca-int-3.key" \ + -extfile "${TMPDIR}/openssl.cnf" -extensions fdb_v3_other -days 3650 \ + -CAcreateserial -in "${TMPDIR}/server-4.csr" -out "${TMPDIR}/server-4.crt" + # Client 1. openssl req -new -days 3650 -nodes -newkey rsa:2048 -sha256 \ -subj "${SUBJECT} Client 1" -keyout "${TMPDIR}/client-1.key" \ @@ -156,23 +200,35 @@ printf "y\ny\n" | openssl ca -cert "${TMPDIR}/ca-int-1.crt" -keyfile "${TMPDIR}/ -config "${TMPDIR}/openssl.cnf" \ -in "${TMPDIR}/client-3.csr" -out "${TMPDIR}/client-3.crt" +# Client 4. +openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -aes128 -pass pass:fdb321 \ + -out "${TMPDIR}/client-4.key" +openssl req -new -days 3650 -sha256 -key "${TMPDIR}/client-4.key" -passin pass:fdb321 \ + -subj "${SUBJECT} Client 4" -out "${TMPDIR}/client-4.csr" +openssl x509 -req -days 3650 -CA "${TMPDIR}/ca-int-3.crt" -CAkey "${TMPDIR}/ca-int-3.key" \ + -extfile "${TMPDIR}/openssl.cnf" -extensions fdb_v3_other \ + -CAcreateserial -in "${TMPDIR}/client-4.csr" -out "${TMPDIR}/client-4.crt" + # # Test Bundles # -make_bundle 'test-1-server.pem' 'server-1.key' 'server-1.crt' 'ca-int-1.crt' 'ca-root.crt' -make_bundle 'test-1-client.pem' 'client-1.key' 'client-1.crt' 'ca-int-1.crt' 'ca-root.crt' -make_bundle 'test-2-server.pem' 'server-2.key' 'server-2.crt' 'ca-int-2.crt' 'ca-root.crt' -make_bundle 'test-2-client.pem' 'client-2.key' 'client-2.crt' 'ca-int-2.crt' 'ca-root.crt' +make_ca_bundle 'test-ca-1.pem' 'ca-root-1.crt' +make_ca_bundle 'test-ca-2.pem' 'ca-root-2.crt' +make_ca_bundle 'test-ca-all.pem' 'ca-root-1.crt' 'ca-root-2.crt' -# Expired client/server. -make_bundle 'test-3-client.pem' 'client-3.key' 'client-3.crt' 'ca-int-1.crt' 'ca-root.crt' -make_bundle 'test-3-server.pem' 'server-3.key' 'server-3.crt' 'ca-int-1.crt' 'ca-root.crt' +# Valid client/server from intermediate CA 1. +make_bundle 'test-client-1.pem' 'client-1.key' 'client-1.crt' 'ca-int-1.crt' +make_bundle 'test-server-1.pem' 'server-1.key' 'server-1.crt' 'ca-int-1.crt' -# Bundles that terminate at intermediate 1. -make_bundle 'test-4-server.pem' 'server-1.key' 'server-1.crt' 'ca-int-1.crt' -make_bundle 'test-4-client.pem' 'client-1.key' 'client-1.crt' 'ca-int-1.crt' +# Valid client/server from intermediate CA 2. +make_bundle 'test-client-2.pem' 'client-2.key' 'client-2.crt' 'ca-int-2.crt' +make_bundle 'test-server-2.pem' 'server-2.key' 'server-2.crt' 'ca-int-2.crt' -# Bundles that terminate at intermediate 2. -make_bundle 'test-5-server.pem' 'server-2.key' 'server-2.crt' 'ca-int-2.crt' -make_bundle 'test-5-client.pem' 'client-2.key' 'client-2.crt' 'ca-int-2.crt' +# Expired client/server from intermediate CA 1. +make_bundle 'test-client-3.pem' 'client-3.key' 'client-3.crt' 'ca-int-1.crt' +make_bundle 'test-server-3.pem' 'server-3.key' 'server-3.crt' 'ca-int-1.crt' + +# Valid client/server from intermediate CA 3. +make_bundle 'test-client-4.pem' 'client-4.key' 'client-4.crt' 'ca-int-3.crt' +make_bundle 'test-server-4.pem' 'server-4.key' 'server-4.crt' 'ca-int-3.crt' diff --git a/FDBLibTLS/testdata/test-1-client.pem b/FDBLibTLS/testdata/test-1-client.pem deleted file mode 100644 index 085f7e35ea..0000000000 --- a/FDBLibTLS/testdata/test-1-client.pem +++ /dev/null @@ -1,106 +0,0 @@ -subject= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Client 1 -issuer= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Intermediate CA 1 -subject= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Intermediate CA 1 -issuer= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Root CA -subject= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Root CA -issuer= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Root CA ------BEGIN CERTIFICATE----- -MIID/jCCAuagAwIBAgIJALOPTrQGpeslMA0GCSqGSIb3DQEBBQUAMIGRMQswCQYD -VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJQ3VwZXJ0aW5v -MRMwEQYDVQQKDApBcHBsZSBJbmMuMREwDwYDVQQLDAhGREIgVGVhbTExMC8GA1UE -AwwoRkRCIExpYlRMUyBQbHVnaW4gVGVzdCBJbnRlcm1lZGlhdGUgQ0EgMTAeFw0x -ODA0MDcxNDE2MDJaFw0yODA0MDQxNDE2MDJaMIGIMQswCQYDVQQGEwJVUzETMBEG -A1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJQ3VwZXJ0aW5vMRMwEQYDVQQKDApB -cHBsZSBJbmMuMREwDwYDVQQLDAhGREIgVGVhbTEoMCYGA1UEAwwfRkRCIExpYlRM -UyBQbHVnaW4gVGVzdCBDbGllbnQgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC -AQoCggEBALVkdxOmWcd959NyirJ1iz7q5fkjdRUV+88KMMehQWc3f50GJIQ+eZo+ -7RhwVE+n8nd0i5iGfyY6LRuupdwoQUxoZ/5rUIDGKspNO62DVRW+tZqzpEa1+ub5 -75BMoc7I7l9sXDkuiMu1OYcPNKMv4F3mf+B3ourLqjUekKlUv8XIZXAvN+R19HlR -FM8vs8rnhQXx7iWVP91frDvyD8G7lOf6R7R4homnB37kLom8WU+fCmcyA6em0qX0 -JeVP6xk2qXU1cMs7DL8WftdrWHv+a73/l4hytQHo5OvtGaLZhpPYpC/FMSaFHVSM -irWSFK+ZtvaLi3LXc2HGANMokjPoRf8CAwEAAaNgMF4wHQYDVR0OBBYEFPtTL9KZ -jn49cLediy1ixz7AXOI3MB8GA1UdIwQYMBaAFCXTF7f83Hd7xm9gR+O4QrvjNo8Q -MAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBBQUAA4IB -AQA17a4d/tSWIlTkIfkrXziD21+1OsN6/dUrWQK7kxtEe21QXIutccW4bwpM0JDB -M+bZiWkdgQ15+ZotX5UXlBcx9WWDU5RqSO06hhXu5b8gZwfVF4Od6tBdVxkn4KbU -0YujOZrL8fDOrQHqCO7nhNlYgcEn7bKF5wjtOoiKhtA9sLSIZQR5g32kkJXXGvcY -lLWMXygEg9FMQoldW9RHq4GbUiYEeqEq6k4S7cE03R1lvmQEOOAJ2S7LnaS4UHQT -GmW6uvLnJJrG4HB9JGE+y1e9M+C7Enzhi39RGd8ylignGimkdw/1UEWnvKGCqoU7 -ufWGF7eUV8dCqO+jYghIY8rA ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEADCCAuigAwIBAgIJALOPTrQGpeshMA0GCSqGSIb3DQEBBQUAMIGHMQswCQYD -VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJQ3VwZXJ0aW5v -MRMwEQYDVQQKDApBcHBsZSBJbmMuMREwDwYDVQQLDAhGREIgVGVhbTEnMCUGA1UE -AwweRkRCIExpYlRMUyBQbHVnaW4gVGVzdCBSb290IENBMB4XDTE4MDQwNzE0MTYw -MVoXDTI4MDQwNDE0MTYwMVowgZExCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxp -Zm9ybmlhMRIwEAYDVQQHDAlDdXBlcnRpbm8xEzARBgNVBAoMCkFwcGxlIEluYy4x -ETAPBgNVBAsMCEZEQiBUZWFtMTEwLwYDVQQDDChGREIgTGliVExTIFBsdWdpbiBU -ZXN0IEludGVybWVkaWF0ZSBDQSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB -CgKCAQEAyOwdOcYcH3wYou13CchsXh3lLWA85E550tT6/WwDnslQjiMZHFrKvUT2 -B8CUOR3Fr+4RG+cdw80rgojYEUuHKwmIGyjo5IotdaYbWzf6mvYThlIPPudCCkSU -CTtqPv8Oq4QdIpCxHdix0MINKu7c+qt1rUwnDFQSv/gHhVnNxT4r8pwVp6T4hwka -2YQaRNjzUuuFinMub0UtxnUX0rH8X5STlOSVn4Ksjo0OhQzsGEYDx86jVAXjgGcb -2CgGGctgq04hVrngP5ahT1Xeh9YycMlQJXsckJJBxfUJebIjANSRyzxI5fYt+ZkY -qoG5VLPREUQknxcpbT7Rsj0n+k0RhwIDAQABo2MwYTAdBgNVHQ4EFgQUJdMXt/zc -d3vGb2BH47hCu+M2jxAwHwYDVR0jBBgwFoAUnqtGja3O5jGlh5vHgp3Tf8NCPKkw -DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQAD -ggEBAGwW7bRqB7aYUGsD1MOE9d5slp6Iw6wKyNLdg+mzoV+iCV2ZM7ejNRButiAy -vPOxSQwXcibLm/g599e+LY1TiI1XXPbL2bFnTcnThqpHHFe+eRrDgqxO8qJyrcBp -EfyMCJWq7jFg4bWoYTpLeC/RAKyi9fxlqY1NzQCp1bG3LiaDJ5VJd4uwkgX2a0yN -3e0XEFNi7r4u4IHejwFjKWrDg8sstjbY+XOYC4EVQyUsbzeKZKSqnOdR2Jv1QZHH -5O24G/efIFpsA6MVUOfRk0eq0RfKX7CdHn2a5p8aC6E6YMDhXL6xo146n49t9sYD -HMUnfG6AEboTBa/l+zwCG/u4f/Y= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIID9jCCAt6gAwIBAgIJALfRa36cuemYMA0GCSqGSIb3DQEBCwUAMIGHMQswCQYD -VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJQ3VwZXJ0aW5v -MRMwEQYDVQQKDApBcHBsZSBJbmMuMREwDwYDVQQLDAhGREIgVGVhbTEnMCUGA1UE -AwweRkRCIExpYlRMUyBQbHVnaW4gVGVzdCBSb290IENBMB4XDTE4MDQwNzE0MTYw -MVoXDTI4MDQwNDE0MTYwMVowgYcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxp -Zm9ybmlhMRIwEAYDVQQHDAlDdXBlcnRpbm8xEzARBgNVBAoMCkFwcGxlIEluYy4x -ETAPBgNVBAsMCEZEQiBUZWFtMScwJQYDVQQDDB5GREIgTGliVExTIFBsdWdpbiBU -ZXN0IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/J+sL -7POoXNdzYRsMZCI5juxMPOVue5vU2QPU9z/PHBsBICX6tVsCnkzk5CLdM6TxofgX -F+MqRKxtcIqxBcKjjVecJlqHuNY+jS2r8UjcoQm+EQ5RsBWu8yaSnXIiZTccQNjB -5T2awwt9Ptbn946MZfq6oEnn4ZPByu9/nCrlk7QXTkuGdpTnC6paQWt/lVxZfELM -i0g76/K/f3e2Lv9UCvlxKOwFMye9XjwF3ekEmUuio5JZEdn+LIs9zB1zehFhGlYB -TUXnkZ0LTOPbH9OxsOli04n31/n7UbYq1BSuoiXx5A2eHOunMppa0NDg7oXmDSKE -A1zo+QtIu1YPXaLdAgMBAAGjYzBhMB0GA1UdDgQWBBSeq0aNrc7mMaWHm8eCndN/ -w0I8qTAfBgNVHSMEGDAWgBSeq0aNrc7mMaWHm8eCndN/w0I8qTAPBgNVHRMBAf8E -BTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAIOw1jC39 -VW+1fqGT+n44Y6Oh66lAowIvi/BEOW1I4iPAjkr0g6FbbdKeq0VLL7aMMu+q/AOv -UETv7MdVh9xjTLqWZGN0R3Lr/n6ButI3E7MLKL5ByLNCoOhF42aBLINkpKSNFRrQ -40iNoHm3BaNRLKS7poCk5HFkEMjvxdQ1AenNbUa21DTh7y9arHF4CPfi8Ity29jW -ED8jYK/+bWIaO+YhGkRh8UuD3o5WnOti+9QK56qxkPtkqVTh9vMVHfD0DgVeLvMN -nZpTplLTfhjzyFJELwE/U+HJ6KIslmqwarJ1Sla+1gHCmJEbzbsrnb6bLtrHtXCZ -XvmR6B5iRkDVpw== ------END CERTIFICATE----- ------BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC1ZHcTplnHfefT -coqydYs+6uX5I3UVFfvPCjDHoUFnN3+dBiSEPnmaPu0YcFRPp/J3dIuYhn8mOi0b -rqXcKEFMaGf+a1CAxirKTTutg1UVvrWas6RGtfrm+e+QTKHOyO5fbFw5LojLtTmH -DzSjL+Bd5n/gd6Lqy6o1HpCpVL/FyGVwLzfkdfR5URTPL7PK54UF8e4llT/dX6w7 -8g/Bu5Tn+ke0eIaJpwd+5C6JvFlPnwpnMgOnptKl9CXlT+sZNql1NXDLOwy/Fn7X -a1h7/mu9/5eIcrUB6OTr7Rmi2YaT2KQvxTEmhR1UjIq1khSvmbb2i4ty13NhxgDT -KJIz6EX/AgMBAAECggEAEm2Mc2CZCl1OKfsfABZU+SVgC7mAcY30MQp1/jHxtQy8 -WDWBjDXUoMj3yV3QEu+bAGvEqtAvJrEOWBucGgu05pBM0FoSqaJ4QmkqQOxwvm7L -gFXzwINIZCLMJbrDTYC4RtV5YQ3LM/bLS19OF64Lez6piyJcWMIsHo1mYO2NNgiD -7f1x1uQw46Q0YHWeoHY58MPfmgfKsqnJDWc8cCuU9fJOWeU4dVrfW8dh9WVAoLZ7 -qAM5vvap11Qk8RXaRnmLjxN6H1M7iVNfcLVNKfG6XOBBepYjZr/qMkuN3ONuqBHl -fC3Zia2zQZRfiuPspX0KhjCfYAKbIZC6oyrQM2uXgQKBgQDoD5voZiCOeGXJEMUk -9JV4V8A96aE0xxy+OHMogVpysxBO4V0Nh0krSLTt9NXnpjawZQ+3pLQ4+2J2XM2e -fJuJJ7Z+Mhjv6epnMM7FoxK1VF7oe+LE7Yk/kg/moCuVS/XhLdQrhZVBJhfEADS3 -oFybf7Q6rJYtN3OYsiFymyneHwKBgQDIGsY5kGdmx27LS5rPMwdw632TF8G5BGbu -C3ty7LYkOWb/9/V4cuWjW4eLJQqCWbJQrzOvg0coxwXLUuEQik+IP2IkF0YlRS43 -VJuULwOxi3Cbj51RoapHhmYTO9fe2A1N9oJMAqEUHY1q/r9txPcguRWyuH2Yv9Ih -OzHnc2DcIQKBgQCGW0MxMq/2zM5hs0vxMYq4ulWbgwDKxd1mZNiHwxzS+8mdYe22 -P3WlkdrvSqnuDNXtGxYWhU2zEBjZ3rFN6WdD6bJHLkox3YTRafjNhLT4N3kbsV6C -FeU44SBDrsiNEAWz8gy9hgH8TknEOTpMdpQnk7CNqA7q7wgGiFvFNwDukQKBgG7i -R03Gs0XE5aRJtPN0N39fPyqvU24O/mqSekno2dWg6W6WHLQuFwo6whVc5UHuKl2D -eISdnmT+RDuzJXxg6El7tgqByyEEAOQwQjYPB2Du/+tz3Z1KlG0mEJI/6xNVbany -G6m7Gz9mUOMlXzaYmsjLRzbN/OsUAIDhqHm0+cuBAoGAZCND80akS3xr3yC87GyX -aA0RoHXbdB6dbP8Y6XYDXR4QFIA4kXwY5cCLaZA/0hP5FOzDhORmaoaPM8vUdNyb -IYvbw2H6tODiU5oICWY6+HQQ2nXikucI4HDYDLbsiV2htZkEmBYWLilYq0Tb8jC5 -u+ehIIvZYLqKaY1GaKmF86A= ------END PRIVATE KEY----- diff --git a/FDBLibTLS/testdata/test-1-server.pem b/FDBLibTLS/testdata/test-1-server.pem deleted file mode 100644 index b280c8c641..0000000000 --- a/FDBLibTLS/testdata/test-1-server.pem +++ /dev/null @@ -1,106 +0,0 @@ -subject= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Server 1 -issuer= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Intermediate CA 1 -subject= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Intermediate CA 1 -issuer= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Root CA -subject= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Root CA -issuer= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Root CA ------BEGIN CERTIFICATE----- -MIID/jCCAuagAwIBAgIJALOPTrQGpesjMA0GCSqGSIb3DQEBBQUAMIGRMQswCQYD -VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJQ3VwZXJ0aW5v -MRMwEQYDVQQKDApBcHBsZSBJbmMuMREwDwYDVQQLDAhGREIgVGVhbTExMC8GA1UE -AwwoRkRCIExpYlRMUyBQbHVnaW4gVGVzdCBJbnRlcm1lZGlhdGUgQ0EgMTAeFw0x -ODA0MDcxNDE2MDJaFw0yODA0MDQxNDE2MDJaMIGIMQswCQYDVQQGEwJVUzETMBEG -A1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJQ3VwZXJ0aW5vMRMwEQYDVQQKDApB -cHBsZSBJbmMuMREwDwYDVQQLDAhGREIgVGVhbTEoMCYGA1UEAwwfRkRCIExpYlRM -UyBQbHVnaW4gVGVzdCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC -AQoCggEBAJp26QAmlMusO7C8Py/I117r3kHvB+My5kIrj8g9sKpktwTzmsJGpvJU -EaKISEdBsJHLGnZJhwIhr/+MG4WDEM4oFNCtBQZznV3wjIQWq1w4IO8/f3+nBPpW -f14fjs1E911Uo/ZOL9bxvh1SIHkS6itgJi+tgVPx7C3s3W3mC5nU3omsE+Rx4DDm -KUq1kyN1ELBIAceQ4wTmQ5B8dv6MSW7zt8Jdrhfhg2GJIPPB6XUZJ2yIOvgu55GW -J5sMPa0uNDfCsWJ37fzFm+XJ/D96t7x8I49IyfzbIgcU9JYFlcqkryvKh5IpQGGm -H/I6adIWa5xWpMhB2PA6kgtDD07Hu2sCAwEAAaNgMF4wHQYDVR0OBBYEFJ7S+FUz -9ngzH/TNPVeM/cE7LeBGMB8GA1UdIwQYMBaAFCXTF7f83Hd7xm9gR+O4QrvjNo8Q -MAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBBQUAA4IB -AQAx6WHwikVFAH0TRYCznwO6He+0t2pnlyfrI+24N28tzupMSrRPs086UbLgHLz1 -lbkYdheeOkLPzjWi5vfymL1Oua3E2iAXWEpMb4Sg7E5SVHp9yt6gZ0DTVwR+Gcu7 -uooroidAG3OFeOXL5ivU5J5ipaoEAiLprpKxtPzo4z/TxIqw3kJISC56qw9VTJNQ -TQZvneUecykdIZuH61ih0cJLe5WRkEs/63Dgl8TBYiVDbvBSGRbsXoAXcspVlc2x -XOLey5IVJ4/TH5ZBobShC6J1KrjZTNYvUgc44CocOgrc0ePPiQzB7JXxR1H8ATGl -yKjWqT2PkrfHmjdcmsi2GIVt ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEADCCAuigAwIBAgIJALOPTrQGpeshMA0GCSqGSIb3DQEBBQUAMIGHMQswCQYD -VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJQ3VwZXJ0aW5v -MRMwEQYDVQQKDApBcHBsZSBJbmMuMREwDwYDVQQLDAhGREIgVGVhbTEnMCUGA1UE -AwweRkRCIExpYlRMUyBQbHVnaW4gVGVzdCBSb290IENBMB4XDTE4MDQwNzE0MTYw -MVoXDTI4MDQwNDE0MTYwMVowgZExCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxp -Zm9ybmlhMRIwEAYDVQQHDAlDdXBlcnRpbm8xEzARBgNVBAoMCkFwcGxlIEluYy4x -ETAPBgNVBAsMCEZEQiBUZWFtMTEwLwYDVQQDDChGREIgTGliVExTIFBsdWdpbiBU -ZXN0IEludGVybWVkaWF0ZSBDQSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB -CgKCAQEAyOwdOcYcH3wYou13CchsXh3lLWA85E550tT6/WwDnslQjiMZHFrKvUT2 -B8CUOR3Fr+4RG+cdw80rgojYEUuHKwmIGyjo5IotdaYbWzf6mvYThlIPPudCCkSU -CTtqPv8Oq4QdIpCxHdix0MINKu7c+qt1rUwnDFQSv/gHhVnNxT4r8pwVp6T4hwka -2YQaRNjzUuuFinMub0UtxnUX0rH8X5STlOSVn4Ksjo0OhQzsGEYDx86jVAXjgGcb -2CgGGctgq04hVrngP5ahT1Xeh9YycMlQJXsckJJBxfUJebIjANSRyzxI5fYt+ZkY -qoG5VLPREUQknxcpbT7Rsj0n+k0RhwIDAQABo2MwYTAdBgNVHQ4EFgQUJdMXt/zc -d3vGb2BH47hCu+M2jxAwHwYDVR0jBBgwFoAUnqtGja3O5jGlh5vHgp3Tf8NCPKkw -DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQAD -ggEBAGwW7bRqB7aYUGsD1MOE9d5slp6Iw6wKyNLdg+mzoV+iCV2ZM7ejNRButiAy -vPOxSQwXcibLm/g599e+LY1TiI1XXPbL2bFnTcnThqpHHFe+eRrDgqxO8qJyrcBp -EfyMCJWq7jFg4bWoYTpLeC/RAKyi9fxlqY1NzQCp1bG3LiaDJ5VJd4uwkgX2a0yN -3e0XEFNi7r4u4IHejwFjKWrDg8sstjbY+XOYC4EVQyUsbzeKZKSqnOdR2Jv1QZHH -5O24G/efIFpsA6MVUOfRk0eq0RfKX7CdHn2a5p8aC6E6YMDhXL6xo146n49t9sYD -HMUnfG6AEboTBa/l+zwCG/u4f/Y= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIID9jCCAt6gAwIBAgIJALfRa36cuemYMA0GCSqGSIb3DQEBCwUAMIGHMQswCQYD -VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJQ3VwZXJ0aW5v -MRMwEQYDVQQKDApBcHBsZSBJbmMuMREwDwYDVQQLDAhGREIgVGVhbTEnMCUGA1UE -AwweRkRCIExpYlRMUyBQbHVnaW4gVGVzdCBSb290IENBMB4XDTE4MDQwNzE0MTYw -MVoXDTI4MDQwNDE0MTYwMVowgYcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxp -Zm9ybmlhMRIwEAYDVQQHDAlDdXBlcnRpbm8xEzARBgNVBAoMCkFwcGxlIEluYy4x -ETAPBgNVBAsMCEZEQiBUZWFtMScwJQYDVQQDDB5GREIgTGliVExTIFBsdWdpbiBU -ZXN0IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/J+sL -7POoXNdzYRsMZCI5juxMPOVue5vU2QPU9z/PHBsBICX6tVsCnkzk5CLdM6TxofgX -F+MqRKxtcIqxBcKjjVecJlqHuNY+jS2r8UjcoQm+EQ5RsBWu8yaSnXIiZTccQNjB -5T2awwt9Ptbn946MZfq6oEnn4ZPByu9/nCrlk7QXTkuGdpTnC6paQWt/lVxZfELM -i0g76/K/f3e2Lv9UCvlxKOwFMye9XjwF3ekEmUuio5JZEdn+LIs9zB1zehFhGlYB -TUXnkZ0LTOPbH9OxsOli04n31/n7UbYq1BSuoiXx5A2eHOunMppa0NDg7oXmDSKE -A1zo+QtIu1YPXaLdAgMBAAGjYzBhMB0GA1UdDgQWBBSeq0aNrc7mMaWHm8eCndN/ -w0I8qTAfBgNVHSMEGDAWgBSeq0aNrc7mMaWHm8eCndN/w0I8qTAPBgNVHRMBAf8E -BTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAIOw1jC39 -VW+1fqGT+n44Y6Oh66lAowIvi/BEOW1I4iPAjkr0g6FbbdKeq0VLL7aMMu+q/AOv -UETv7MdVh9xjTLqWZGN0R3Lr/n6ButI3E7MLKL5ByLNCoOhF42aBLINkpKSNFRrQ -40iNoHm3BaNRLKS7poCk5HFkEMjvxdQ1AenNbUa21DTh7y9arHF4CPfi8Ity29jW -ED8jYK/+bWIaO+YhGkRh8UuD3o5WnOti+9QK56qxkPtkqVTh9vMVHfD0DgVeLvMN -nZpTplLTfhjzyFJELwE/U+HJ6KIslmqwarJ1Sla+1gHCmJEbzbsrnb6bLtrHtXCZ -XvmR6B5iRkDVpw== ------END CERTIFICATE----- ------BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCadukAJpTLrDuw -vD8vyNde695B7wfjMuZCK4/IPbCqZLcE85rCRqbyVBGiiEhHQbCRyxp2SYcCIa// -jBuFgxDOKBTQrQUGc51d8IyEFqtcOCDvP39/pwT6Vn9eH47NRPddVKP2Ti/W8b4d -UiB5EuorYCYvrYFT8ewt7N1t5guZ1N6JrBPkceAw5ilKtZMjdRCwSAHHkOME5kOQ -fHb+jElu87fCXa4X4YNhiSDzwel1GSdsiDr4LueRliebDD2tLjQ3wrFid+38xZvl -yfw/ere8fCOPSMn82yIHFPSWBZXKpK8ryoeSKUBhph/yOmnSFmucVqTIQdjwOpIL -Qw9Ox7trAgMBAAECggEAOZAMvsCh/NDfobpVddJL6JTPzBRvBQ1H3+rp9z5+ItHL -nq3Fw5aeynnn5IETJnLlgT+GSgSWqoWxV/N3oia40YsATs/bqo7VW1e0ldj43TIR -m/c25XRxl3U6m/H4vqhv4rkTLUvv6hNGvRiI/3W8DJQVRvlK0+S5FlhKIJV1R0sH -tp5vmaPp09Ln+NVno3u3iaYkVgVME4Ukul2i03sQ9OgvZSBCaVr//fMpiPdBeeN6 -QY6XHjeGQRnP/UdzMYJ4Qz1yovL1ntneaTMdz/GkKuAFoNNh8Vr2kiEskW17OWPB -ZGcIT6YpBEPo34xXUhUQt7ylFPxGH+zZyHZ3vb8j6QKBgQDJPeu/iPg+M5nz5gO5 -ge9gzYrhxK/1mwbFlD7qt1NjOSm6xWxUcss3STjuG7jB0c+NopIUoq/egsUnxrRm -4l17uOCYNLbhTJ2ynfv6QnUMxW5Xkve3DkLa2bze/fhMUywTy8N4A7z0+y35qzm3 -lY4rLmQOQKPkmqWRnxU1u8fjFQKBgQDEfpOZ0fp2D/1gTG+D+/zrMEbjnNn3ZO8I -wrjoXwRxcRggt7lJhxgQpwtDr98IqYkDzX7bvyMFJuyTii3NM6NYycpA1pHX70B/ -xMvOcrgJnIUAoJ7nl43Or7s8bFTPDLaD9PNGHjrlkF3JOXqSKEbw367jHVOa4SYr -OjrogjrEfwKBgQDHU2a7ax5+9btqggx0ZQfGOTBzmM60lZ3qe4CqGXUl1YvIrB01 -tBImq4cRCTJB/9/1qO3KNK2/1oUTddRgB5ySnDcRaz0tASc9sQ/Q/JxVTwSRB0gG -78A2Zu6VbLbQWp1Q6kWtDP7PJC+QmRFtDlwn1yZRm6L6HlcaWpi2hU1iVQKBgCEu -ashv8Aad3qCzZ6V3GReyOFZZd2lSjxcAou8ClKJ/gZ6Mx+pFuOee/cT5XwV8c5nD -yuda2JQXJZ4omGFtlej5coEOeuRnD5JD7lK3hqKA3ujjNtJPAnBjto+Wj5/DOtL/ -u1Ec6782aNABN9SUnp4wd7z8h9DAsoxcMfRvgXMLAoGBAJ9gGttfqZbuPz9V0rAo -p05SPPado1i5+2dUOScIbNB6+vQij9IlR2Tzu1T9DwzrBqTDPPmSggeA/JXeTvh6 -Skb9fDukizeDfwPYUN2gljhiJEqFdpRBr5vP0lFi291+a0jMW1zldrumxCcGKMyU -D5ReKLp/zSQSQi/Wt4FF1II7 ------END PRIVATE KEY----- diff --git a/FDBLibTLS/testdata/test-2-client.pem b/FDBLibTLS/testdata/test-2-client.pem deleted file mode 100644 index 25083c63d4..0000000000 --- a/FDBLibTLS/testdata/test-2-client.pem +++ /dev/null @@ -1,106 +0,0 @@ -subject= C = AU, ST = New South Wales, L = Sydney, O = Apple Pty Limited, OU = FDB Team, CN = "FDB LibTLS Plugin Test Client 2, \C2\80 <\01+\02=\03>" -issuer= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Intermediate CA 2 -subject= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Intermediate CA 2 -issuer= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Root CA -subject= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Root CA -issuer= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Root CA ------BEGIN CERTIFICATE----- -MIIEEzCCAvugAwIBAgIJALOPTrQGpesmMA0GCSqGSIb3DQEBBQUAMIGRMQswCQYD -VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJQ3VwZXJ0aW5v -MRMwEQYDVQQKDApBcHBsZSBJbmMuMREwDwYDVQQLDAhGREIgVGVhbTExMC8GA1UE -AwwoRkRCIExpYlRMUyBQbHVnaW4gVGVzdCBJbnRlcm1lZGlhdGUgQ0EgMjAeFw0x -ODA0MDcxNDE2MDJaFw0yODA0MDQxNDE2MDJaMIGdMQswCQYDVQQGEwJBVTEYMBYG -A1UECAwPTmV3IFNvdXRoIFdhbGVzMQ8wDQYDVQQHDAZTeWRuZXkxGjAYBgNVBAoM -EUFwcGxlIFB0eSBMaW1pdGVkMREwDwYDVQQLDAhGREIgVGVhbTE0MDIGA1UEAwwr -RkRCIExpYlRMUyBQbHVnaW4gVGVzdCBDbGllbnQgMiwgwoAgPAErAj0DPjCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALanLExQi/yK2PRyu6Mvdw2MRxUs -26kJftYuK7KtYyltTO3vtj4kNKg1vZI1eezhqr2Ta/1DzE76eLVs8EOW0LAb5oWM -zXdYBXBX4vG+K7pYfjuvZUd6jfX2bHW10xC96HgDTfRn6dof8GR0fILJ6DoEcyI3 -82xnKKxTsgAuXU4uvcsl0g0F78nXuIbk8ZktTV3LIdbOCIcLQfG7DdDyAfEA0T7Q -Vg6eeLknIUvPePxyWkUdYeSCDP2d+3NIlHMxNPmH1q3+fCsEsy/kqdVO9e6KrZla -CKqnc6yYTXvTffpPepC3Igz678iGg3dv9rLj0i4fyTr4tEOTJebO9Ka3TbMCAwEA -AaNgMF4wHQYDVR0OBBYEFKO2/D1IhG8KWFwR6OdyoFqEzIWAMB8GA1UdIwQYMBaA -FJFP+HFpDrD0BRU0yE606s6xkqFBMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQD -AgeAMA0GCSqGSIb3DQEBBQUAA4IBAQAQV3FjsvZvwi5Oi/oSc7Du/BQS9nQ/D4j6 -IeYpd3M0y50awZB83BReYrhdC907xKkLRD0R8oEPDEg5SaSj3vRML4kaUUqnEINW -4JQtv4wNO9CagYriGg8ygQa0xd683svHeXDet3ov11XN/Ms8lfDiOUp2291HgeTW -8hqn1DaNfZrCb3EkdoNThwVKIUzQtEPBuPkLE+XT8kZP5d8KHmv8/9L39NdZY32d -fzKGBeCxZ34pQS0cTap3rZ02nDfV2vNevODRyuqdhs7EQps2Oe1IfPB9GSE0OFUQ -tdphxSjsv1BcHpTwBDpIITKarnceMIKxQjcZU3yPv5ibIaGCgZOt ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEADCCAuigAwIBAgIJALOPTrQGpesiMA0GCSqGSIb3DQEBBQUAMIGHMQswCQYD -VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJQ3VwZXJ0aW5v -MRMwEQYDVQQKDApBcHBsZSBJbmMuMREwDwYDVQQLDAhGREIgVGVhbTEnMCUGA1UE -AwweRkRCIExpYlRMUyBQbHVnaW4gVGVzdCBSb290IENBMB4XDTE4MDQwNzE0MTYw -MVoXDTI4MDQwNDE0MTYwMVowgZExCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxp -Zm9ybmlhMRIwEAYDVQQHDAlDdXBlcnRpbm8xEzARBgNVBAoMCkFwcGxlIEluYy4x -ETAPBgNVBAsMCEZEQiBUZWFtMTEwLwYDVQQDDChGREIgTGliVExTIFBsdWdpbiBU -ZXN0IEludGVybWVkaWF0ZSBDQSAyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB -CgKCAQEApTSBCiUb0amf+QRV2WY6b3bK93D/PSrm4KR/2m2V0lciU1DAk00/kZ52 -ZIZmq8g9EaE2+CaDtU0fMvDZpaZD+vTFRwsx4varehq0ZwX9Wt25i/3G/eGLNlD3 -9E4tDNruK5UQjum4nJ0SV+AdFEGkSfeU3ZJEHYH0NrcbyAUbh0KeWCSwHiYiFJJf -gBYwRq/HdKNoS/4YvLXzTLR7BSm3YcqWlO5tdkJ2lcT/7Th/Hq1TCW/FKwdQJJBq -JrbOYGlMrf1pLO7Drei/xhsYkwTQ899MhSjkBRhc+401p41Mky0n8wLkuPJGhoY3 -9QUOjT+Rmvq5yryg0eWGiFquk6Ru5QIDAQABo2MwYTAdBgNVHQ4EFgQUkU/4cWkO -sPQFFTTITrTqzrGSoUEwHwYDVR0jBBgwFoAUnqtGja3O5jGlh5vHgp3Tf8NCPKkw -DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQAD -ggEBAJfCHU7dm2/2ASyt3wyxivQLxlV6FsEZcF7HcpbbxuB73frGOL4kEoOxvr2X -fBGyjlPMotbc1MeAalAv+hVHdcAcBFPF7lxtYiV6D7YI5T5yVbWSASG3+DMAiW6S -GdQi2eyeh00nH7Y1IkW+yaky0enBtWLzrw+XzHl6xT6DIEJnir//PNxvgXTJ5sjk -6eFAm8HJIqkNQmgfChMQfUH6nm66WwULW6I117RCSkXhIgxZ7wzDq8bXcEdXCrZk -yy5ket9OiVpbd38JgdYirBLmCQVq0uDOOPLz4ZJmNCzQzEt+38AAK2azAk/eb8W9 -JaKWH+5V8lhlyGw1zQKdNEP/wg8= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIID9jCCAt6gAwIBAgIJALfRa36cuemYMA0GCSqGSIb3DQEBCwUAMIGHMQswCQYD -VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJQ3VwZXJ0aW5v -MRMwEQYDVQQKDApBcHBsZSBJbmMuMREwDwYDVQQLDAhGREIgVGVhbTEnMCUGA1UE -AwweRkRCIExpYlRMUyBQbHVnaW4gVGVzdCBSb290IENBMB4XDTE4MDQwNzE0MTYw -MVoXDTI4MDQwNDE0MTYwMVowgYcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxp -Zm9ybmlhMRIwEAYDVQQHDAlDdXBlcnRpbm8xEzARBgNVBAoMCkFwcGxlIEluYy4x -ETAPBgNVBAsMCEZEQiBUZWFtMScwJQYDVQQDDB5GREIgTGliVExTIFBsdWdpbiBU -ZXN0IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/J+sL -7POoXNdzYRsMZCI5juxMPOVue5vU2QPU9z/PHBsBICX6tVsCnkzk5CLdM6TxofgX -F+MqRKxtcIqxBcKjjVecJlqHuNY+jS2r8UjcoQm+EQ5RsBWu8yaSnXIiZTccQNjB -5T2awwt9Ptbn946MZfq6oEnn4ZPByu9/nCrlk7QXTkuGdpTnC6paQWt/lVxZfELM -i0g76/K/f3e2Lv9UCvlxKOwFMye9XjwF3ekEmUuio5JZEdn+LIs9zB1zehFhGlYB -TUXnkZ0LTOPbH9OxsOli04n31/n7UbYq1BSuoiXx5A2eHOunMppa0NDg7oXmDSKE -A1zo+QtIu1YPXaLdAgMBAAGjYzBhMB0GA1UdDgQWBBSeq0aNrc7mMaWHm8eCndN/ -w0I8qTAfBgNVHSMEGDAWgBSeq0aNrc7mMaWHm8eCndN/w0I8qTAPBgNVHRMBAf8E -BTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAIOw1jC39 -VW+1fqGT+n44Y6Oh66lAowIvi/BEOW1I4iPAjkr0g6FbbdKeq0VLL7aMMu+q/AOv -UETv7MdVh9xjTLqWZGN0R3Lr/n6ButI3E7MLKL5ByLNCoOhF42aBLINkpKSNFRrQ -40iNoHm3BaNRLKS7poCk5HFkEMjvxdQ1AenNbUa21DTh7y9arHF4CPfi8Ity29jW -ED8jYK/+bWIaO+YhGkRh8UuD3o5WnOti+9QK56qxkPtkqVTh9vMVHfD0DgVeLvMN -nZpTplLTfhjzyFJELwE/U+HJ6KIslmqwarJ1Sla+1gHCmJEbzbsrnb6bLtrHtXCZ -XvmR6B5iRkDVpw== ------END CERTIFICATE----- ------BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC2pyxMUIv8itj0 -crujL3cNjEcVLNupCX7WLiuyrWMpbUzt77Y+JDSoNb2SNXns4aq9k2v9Q8xO+ni1 -bPBDltCwG+aFjM13WAVwV+Lxviu6WH47r2VHeo319mx1tdMQveh4A030Z+naH/Bk -dHyCyeg6BHMiN/NsZyisU7IALl1OLr3LJdINBe/J17iG5PGZLU1dyyHWzgiHC0Hx -uw3Q8gHxANE+0FYOnni5JyFLz3j8clpFHWHkggz9nftzSJRzMTT5h9at/nwrBLMv -5KnVTvXuiq2ZWgiqp3OsmE170336T3qQtyIM+u/IhoN3b/ay49IuH8k6+LRDkyXm -zvSmt02zAgMBAAECggEAU2sYHSZwOH+FRGcd8RJdcg+N60rYa2QNzG27wVfUwPfN -OaHP/qN0dRpOIPdRXvFVlE0+9aVAKxXTiTBers+zMascZgP/VrEZksxgtn1e5TVD -OakKPVHogdvwfvXylmPVRvJjaOsIb3lExew5bVYfPFgJ6Sfagbi/Z6y1z8VdEbYb -mI34KSZA4bBAMAHPZLa9TGEx/vbPsBlqpU6k8lcoy3cTkO5fCZW4ZZIpwBwef4uJ -UozhRgtTtRBiUpk0F9IoOXonZY1Dtpg+HcDMti/FYgahBVe1hadJ+lbVTxH6GxyI -NJYvptdq5S99UOoJDmCCih0v0ZCUNYWoO0I0vzNncQKBgQDemN7es2fIBstiPjOf -p103DF5j9Uxq5YH9B3wli0CXf6Z2w5uosONoJWgJZKsHJ6f+YSuHsoE/eCrFF3U9 -lxT9Nie/wYYIGedly/VR143aCdiTXI44m5gxXgwaUcjvY1DpWyEAAmr5XNdoyZ5n -LNTvOTb4vVo9SgDU7II7rdpRmwKBgQDSD9aBtIy/650suQK/9RiXRU0Kg7LXXVM5 -lavPgLvH55lufJeGSa8+ofCNeo31N4AaVuU4lkGeny9tLNBQbYAoyAz0lf51qK7B -1u5JqBDyRrIpdkqwbT0FT1pu1LA3+Qg0KQBrTCnOx+YyyVSivR4YMZzJjmwZGKMg -BWOi0PzhyQKBgGR44dfpaIWbs39zjf+ZHnTza0N4+/YgA60/DKUxloULRArFPeRF -e0+N2siqnJvNJYGnQGuugbIxPjTZ4rxbDklAgW6HHkVX099Z0TAQuGFbIltZYoRg -jrBxv8q9cZHD5Uh/LoT/kmNdqYkNwCbX0IDt9UcOyMVzOq7g1eO0FB/TAoGBAMaG -tWIsMwGHOip0SAcHKtB8bI1NXo5v4yH/NDuOHOqXFcj383S02uzEu8XaV6Ozalx6 -V3SdfTLem0IBIneApajlOGlIAQ9N9qu358ixECMJcYQCCiCnfQ4xqvQoCss7judN -ANpnRvPotMS2xkhvl6uh594NvlgRksnGjh3oibcRAoGBAJKiu5ajmIkelzAhFMEC -Slxhg/E+djJ1/SG/FaF8zIyTOxre/QUvmTwFKtHe6A5EfKQo9GCTuHuAcJ1U7eQP -l2BoY0POqJFpw3s/QOt4g/pOz0YjD9GD6awL5WDfO++s4mnI1Snc3wcu99N4Klax -htsaEUECJBUF0ZpIFad73s2f ------END PRIVATE KEY----- diff --git a/FDBLibTLS/testdata/test-2-server.pem b/FDBLibTLS/testdata/test-2-server.pem deleted file mode 100644 index 788cf3c217..0000000000 --- a/FDBLibTLS/testdata/test-2-server.pem +++ /dev/null @@ -1,106 +0,0 @@ -subject= C = AU, ST = New South Wales, L = Sydney, O = Apple Pty Limited, OU = FDB Team, CN = "FDB LibTLS Plugin Test Server 2, \C2\80 <\01+\02=\03>" -issuer= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Intermediate CA 2 -subject= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Intermediate CA 2 -issuer= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Root CA -subject= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Root CA -issuer= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Root CA ------BEGIN CERTIFICATE----- -MIIEEzCCAvugAwIBAgIJALOPTrQGpeskMA0GCSqGSIb3DQEBBQUAMIGRMQswCQYD -VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJQ3VwZXJ0aW5v -MRMwEQYDVQQKDApBcHBsZSBJbmMuMREwDwYDVQQLDAhGREIgVGVhbTExMC8GA1UE -AwwoRkRCIExpYlRMUyBQbHVnaW4gVGVzdCBJbnRlcm1lZGlhdGUgQ0EgMjAeFw0x -ODA0MDcxNDE2MDJaFw0yODA0MDQxNDE2MDJaMIGdMQswCQYDVQQGEwJBVTEYMBYG -A1UECAwPTmV3IFNvdXRoIFdhbGVzMQ8wDQYDVQQHDAZTeWRuZXkxGjAYBgNVBAoM -EUFwcGxlIFB0eSBMaW1pdGVkMREwDwYDVQQLDAhGREIgVGVhbTE0MDIGA1UEAwwr -RkRCIExpYlRMUyBQbHVnaW4gVGVzdCBTZXJ2ZXIgMiwgwoAgPAErAj0DPjCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALAolQZIGMeL5w/Bu2X6lHWjO58u -+HUDtBmr37So4jazhZBSFDBg+QlRMiYGLev9EhvCrUsVcRwtvtcuMI3wfKl7qgbi -ZX8zmrzZ3YJo9U47NzCa05faOl8uSBvuXuXUBLU342WFP8XDB1W8yOBQMK73xoFv -DkcxURx9ZtOhdC3EgYKrFqOB1Azl1DB4gLV3h9rHW5QpQ8SqD9CyggcDBpDeZQIP -+4l5YFE9Nb4kEUTscz2wGn4TdHMmcnVpfUxp1Y2o8Umvh4llXHIPhximGb3JJ4QQ -Sir4ZXeeoooWoJG0sdlqVLroKav/VMGtEu9LyfbrNdKnTJq3ceVQ+HJ2hlMCAwEA -AaNgMF4wHQYDVR0OBBYEFH61Z8O9vFsVdhM4MBU3poX2UMTEMB8GA1UdIwQYMBaA -FJFP+HFpDrD0BRU0yE606s6xkqFBMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQD -AgeAMA0GCSqGSIb3DQEBBQUAA4IBAQCVbxlLGIBCo6/XXjqoMyZc7uQZJj7pGnwh -nIMs2izCLfax8j+QrThO2Qjn03zT/WF8eG6ibPbjgnw3VFwCkV6oQ+BXG6Yt0xqP -4rz1LzxSio6HSm26gSk4SQUsVoAtz3OImoTCFVfz+Mixe87pyVXXEEtCYvfU74H9 -I1WGyNkWAxiJbqeIxF5PKoc3EdnT5mfdC6sdeGm7t2neeS8PDFQtJ4UfVIEK5z1C -MOfQILNkLX2nBYxNqKpV66zf68VZNN9002ZH2FITGqImpj74BEws3sheiuZySdoI -wnAwRnymIMfAmkf9C7Q2ugId0YMMyesaWrIwSlXlJOHGsA1VrBRD ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEADCCAuigAwIBAgIJALOPTrQGpesiMA0GCSqGSIb3DQEBBQUAMIGHMQswCQYD -VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJQ3VwZXJ0aW5v -MRMwEQYDVQQKDApBcHBsZSBJbmMuMREwDwYDVQQLDAhGREIgVGVhbTEnMCUGA1UE -AwweRkRCIExpYlRMUyBQbHVnaW4gVGVzdCBSb290IENBMB4XDTE4MDQwNzE0MTYw -MVoXDTI4MDQwNDE0MTYwMVowgZExCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxp -Zm9ybmlhMRIwEAYDVQQHDAlDdXBlcnRpbm8xEzARBgNVBAoMCkFwcGxlIEluYy4x -ETAPBgNVBAsMCEZEQiBUZWFtMTEwLwYDVQQDDChGREIgTGliVExTIFBsdWdpbiBU -ZXN0IEludGVybWVkaWF0ZSBDQSAyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB -CgKCAQEApTSBCiUb0amf+QRV2WY6b3bK93D/PSrm4KR/2m2V0lciU1DAk00/kZ52 -ZIZmq8g9EaE2+CaDtU0fMvDZpaZD+vTFRwsx4varehq0ZwX9Wt25i/3G/eGLNlD3 -9E4tDNruK5UQjum4nJ0SV+AdFEGkSfeU3ZJEHYH0NrcbyAUbh0KeWCSwHiYiFJJf -gBYwRq/HdKNoS/4YvLXzTLR7BSm3YcqWlO5tdkJ2lcT/7Th/Hq1TCW/FKwdQJJBq -JrbOYGlMrf1pLO7Drei/xhsYkwTQ899MhSjkBRhc+401p41Mky0n8wLkuPJGhoY3 -9QUOjT+Rmvq5yryg0eWGiFquk6Ru5QIDAQABo2MwYTAdBgNVHQ4EFgQUkU/4cWkO -sPQFFTTITrTqzrGSoUEwHwYDVR0jBBgwFoAUnqtGja3O5jGlh5vHgp3Tf8NCPKkw -DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQAD -ggEBAJfCHU7dm2/2ASyt3wyxivQLxlV6FsEZcF7HcpbbxuB73frGOL4kEoOxvr2X -fBGyjlPMotbc1MeAalAv+hVHdcAcBFPF7lxtYiV6D7YI5T5yVbWSASG3+DMAiW6S -GdQi2eyeh00nH7Y1IkW+yaky0enBtWLzrw+XzHl6xT6DIEJnir//PNxvgXTJ5sjk -6eFAm8HJIqkNQmgfChMQfUH6nm66WwULW6I117RCSkXhIgxZ7wzDq8bXcEdXCrZk -yy5ket9OiVpbd38JgdYirBLmCQVq0uDOOPLz4ZJmNCzQzEt+38AAK2azAk/eb8W9 -JaKWH+5V8lhlyGw1zQKdNEP/wg8= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIID9jCCAt6gAwIBAgIJALfRa36cuemYMA0GCSqGSIb3DQEBCwUAMIGHMQswCQYD -VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJQ3VwZXJ0aW5v -MRMwEQYDVQQKDApBcHBsZSBJbmMuMREwDwYDVQQLDAhGREIgVGVhbTEnMCUGA1UE -AwweRkRCIExpYlRMUyBQbHVnaW4gVGVzdCBSb290IENBMB4XDTE4MDQwNzE0MTYw -MVoXDTI4MDQwNDE0MTYwMVowgYcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxp -Zm9ybmlhMRIwEAYDVQQHDAlDdXBlcnRpbm8xEzARBgNVBAoMCkFwcGxlIEluYy4x -ETAPBgNVBAsMCEZEQiBUZWFtMScwJQYDVQQDDB5GREIgTGliVExTIFBsdWdpbiBU -ZXN0IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/J+sL -7POoXNdzYRsMZCI5juxMPOVue5vU2QPU9z/PHBsBICX6tVsCnkzk5CLdM6TxofgX -F+MqRKxtcIqxBcKjjVecJlqHuNY+jS2r8UjcoQm+EQ5RsBWu8yaSnXIiZTccQNjB -5T2awwt9Ptbn946MZfq6oEnn4ZPByu9/nCrlk7QXTkuGdpTnC6paQWt/lVxZfELM -i0g76/K/f3e2Lv9UCvlxKOwFMye9XjwF3ekEmUuio5JZEdn+LIs9zB1zehFhGlYB -TUXnkZ0LTOPbH9OxsOli04n31/n7UbYq1BSuoiXx5A2eHOunMppa0NDg7oXmDSKE -A1zo+QtIu1YPXaLdAgMBAAGjYzBhMB0GA1UdDgQWBBSeq0aNrc7mMaWHm8eCndN/ -w0I8qTAfBgNVHSMEGDAWgBSeq0aNrc7mMaWHm8eCndN/w0I8qTAPBgNVHRMBAf8E -BTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAIOw1jC39 -VW+1fqGT+n44Y6Oh66lAowIvi/BEOW1I4iPAjkr0g6FbbdKeq0VLL7aMMu+q/AOv -UETv7MdVh9xjTLqWZGN0R3Lr/n6ButI3E7MLKL5ByLNCoOhF42aBLINkpKSNFRrQ -40iNoHm3BaNRLKS7poCk5HFkEMjvxdQ1AenNbUa21DTh7y9arHF4CPfi8Ity29jW -ED8jYK/+bWIaO+YhGkRh8UuD3o5WnOti+9QK56qxkPtkqVTh9vMVHfD0DgVeLvMN -nZpTplLTfhjzyFJELwE/U+HJ6KIslmqwarJ1Sla+1gHCmJEbzbsrnb6bLtrHtXCZ -XvmR6B5iRkDVpw== ------END CERTIFICATE----- ------BEGIN PRIVATE KEY----- -MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCwKJUGSBjHi+cP -wbtl+pR1ozufLvh1A7QZq9+0qOI2s4WQUhQwYPkJUTImBi3r/RIbwq1LFXEcLb7X -LjCN8Hype6oG4mV/M5q82d2CaPVOOzcwmtOX2jpfLkgb7l7l1AS1N+NlhT/FwwdV -vMjgUDCu98aBbw5HMVEcfWbToXQtxIGCqxajgdQM5dQweIC1d4fax1uUKUPEqg/Q -soIHAwaQ3mUCD/uJeWBRPTW+JBFE7HM9sBp+E3RzJnJ1aX1MadWNqPFJr4eJZVxy -D4cYphm9ySeEEEoq+GV3nqKKFqCRtLHZalS66Cmr/1TBrRLvS8n26zXSp0yat3Hl -UPhydoZTAgMBAAECggEAVD60NlLYduXzVNfDtVuHEFNGOjSOYfepc/V8gLubo6lr -IMAAI7rcnpYUM5cU8x0OQfRyR8wzUdSWxfWzBs6R78PSZoRzIcgeIl7Wzn0/g3BS -To5czuxwqgBKQAFZpPQmZDwcJfr5qqxAn8IvFweCoMqiRlhELcvqDIP0XxWBqDjc -TNJ988XzZXQmJbjjpWOkUBy2Uqz8lZt8MmxKFpW7SW4tBJwPphnorgjWfjCV/VEh -ORio0rG74NHFo4f1TSrdU2BcB2cbVJ4B+bcUYRdvYmS5bmokhGF8vir0l43gUEdz -Fyk6MaPrTI6cinqzenm3q/0eRvNhBE56U0tiGLn14QKBgQDkCkt1Y4LEboSwsVYl -IXriStqj9p9MOizihh0enhzRXTTQuLX82fNi+bh1LAluwv290Q57pvKa+hB/YciB -o4s7QfSojxQY9DxqvXN7CvxPWXHTyFY5sL4Rm807+C/a9rd39MxBynz9u/7YRvsA -s8v8Y/01qIHnTo+mpDvu6HttWwKBgQDFwdRkgstuE+dXZZe8g1ivh3RNPa968TE3 -b8rzF9/nOJV7f6B/n6YEmHD/cHF5mm1bR+zt/jtf1NCRMpazchw3vT3JzQZYMDnM -SD6vxTs5rG47QLiNyTIRmmD4gsEWBpyvoyP8E/9QdfDT1bWI5zZnky9CquRlN+cu -J1bTsefEaQKBgGJsRxFNd91MThztDV9NSfptkFyAT1TZLxI+DEdwusNqVSdY8cNG -VpP7cC+yaAfURSwuFPAtqDxXfdNc4uuBKNDUsMInrubuUz1Gs5cBsNCWrFhZ+U1B -CWgUNMqTXiRFo/40PAyRVs003NOAH0m4UGyIw3rrVdX9xGaKMAv3b35NAoGATkkl -I4UDs1f9xQNaxi3Y9ePRjqJUzX6d1SxUU1eoM4ia5IDpsJwqxLb0RKrmwRT5JaGb -kbuLFazRxCkar38E3Kv1weWAFXlB6DTRXBPgFjzEhoBgjwCO6ZkLulVIysdjT8Rt -gmUINXn7FGENtFyTlP0XQHUWZVt0ETlRjgxni8ECgYBYv6MoSr0iPjQpxeKvwFDz -d9zE+ZXN+3GwtkI340lKRSc/f0Uq1TlC2w+DzjyyXcrBwubMQKTKcQQSH9f3YbMu -DuxVE9AXdlQ1gSQHGjS0qUWwsS/8Xcjk8ZuduAXPGr/MsvsW+FbbZqG8qdZTeMHu -MSTpOxu9HXC8SHML+y0cpw== ------END PRIVATE KEY----- diff --git a/FDBLibTLS/testdata/test-3-client.pem b/FDBLibTLS/testdata/test-3-client.pem deleted file mode 100644 index 959e3c34fd..0000000000 --- a/FDBLibTLS/testdata/test-3-client.pem +++ /dev/null @@ -1,150 +0,0 @@ -subject= -issuer= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Intermediate CA 1 -subject= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Intermediate CA 1 -issuer= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Root CA -subject= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Root CA -issuer= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Root CA -Certificate: - Data: - Version: 1 (0x0) - Serial Number: 1048578 (0x100002) - Signature Algorithm: sha256WithRSAEncryption - Issuer: C=US, ST=California, L=Cupertino, O=Apple Inc., OU=FDB Team, CN=FDB LibTLS Plugin Test Intermediate CA 1 - Validity - Not Before: Jan 1 00:00:00 2017 GMT - Not After : Dec 31 00:00:00 2017 GMT - Subject: - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) - Modulus: - 00:e4:6f:67:4b:e7:d2:1b:0a:ec:f8:92:ae:1e:d4: - e9:00:6b:47:83:ad:4e:9e:e2:cc:52:b0:8a:04:46: - 57:1f:f7:32:37:cc:f0:cd:ec:c0:b9:b9:27:b4:19: - 33:a1:21:a7:4c:a2:6c:c7:56:31:c4:6a:4f:5f:fb: - 92:6c:22:8f:c4:eb:3f:d1:2b:06:c7:7b:6b:90:83: - 37:d3:59:1c:c0:da:de:85:a1:dc:e6:9d:e1:d8:fc: - 6f:d4:c0:b4:6e:37:3d:d2:d7:4e:4e:04:09:6a:fb: - 9f:d3:cf:b1:80:db:7a:78:97:65:e1:bc:8d:5a:fa: - ec:b1:b6:ee:3f:c9:03:83:ab:0a:9a:8e:03:29:88: - 42:14:50:80:11:a7:d5:2d:87:c8:bd:25:32:9e:55: - fb:22:ef:9c:64:a8:a4:62:3b:d6:86:43:1a:22:a3: - 1c:4b:ee:af:30:70:d3:9c:aa:da:b6:87:61:78:87: - 32:0c:0b:b7:44:16:9b:44:1b:4e:6d:f3:98:99:f8: - ed:ae:41:02:5d:52:9a:98:49:c3:24:24:0b:18:7b: - bf:40:ce:37:65:0f:32:0c:1c:5a:47:4b:b0:3f:db: - 17:b6:89:68:99:3c:0e:70:84:92:5c:33:cb:6d:2e: - 67:c8:af:47:41:87:bd:37:87:88:00:65:1f:7e:7b: - d9:09 - Exponent: 65537 (0x10001) - Signature Algorithm: sha256WithRSAEncryption - 0b:5a:f7:7e:e5:93:4b:25:dc:01:eb:20:37:cb:bd:a9:71:3a: - af:6d:73:d9:9e:3c:8b:5c:6d:74:45:76:72:02:64:7e:e6:41: - bf:29:d7:cd:f8:a7:2d:87:32:6d:25:3f:14:11:2b:95:5a:2e: - a8:8b:ba:b1:f9:52:79:b4:5b:ea:fe:b0:ee:b0:9c:14:53:ba: - 5d:64:aa:b9:d9:ca:17:b2:99:da:34:18:31:56:83:d9:21:8f: - 20:9e:6a:7f:09:41:2f:36:fa:ab:e7:d1:6c:76:50:d4:51:69: - b9:93:ae:9a:eb:8a:6f:a9:91:21:58:a9:3d:53:e8:c1:2c:6f: - 88:25:65:03:8a:90:9c:8e:58:5d:9a:e2:67:8e:6a:f6:11:19: - 24:8d:89:b7:11:5e:a8:dc:21:35:7a:9a:78:8a:94:c2:29:84: - bb:b7:a5:8e:04:79:dc:db:9d:d7:a7:a3:b7:39:e6:c3:a5:be: - 83:ad:59:3a:ee:ea:4a:8a:bd:6e:71:c9:e4:a7:46:d5:a3:fd: - a0:b1:a3:54:8d:bc:01:fb:68:4c:5a:a2:f5:79:44:f7:b9:e9: - 7b:db:91:91:74:5b:68:f6:3a:b2:70:ee:e6:49:f4:f1:a6:53: - 66:13:ce:2f:9e:88:45:66:34:ae:fc:0d:14:02:6f:6a:c9:ac: - b5:3f:89:bc ------BEGIN CERTIFICATE----- -MIIDCDCCAfACAxAAAjANBgkqhkiG9w0BAQsFADCBkTELMAkGA1UEBhMCVVMxEzAR -BgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCUN1cGVydGlubzETMBEGA1UECgwK -QXBwbGUgSW5jLjERMA8GA1UECwwIRkRCIFRlYW0xMTAvBgNVBAMMKEZEQiBMaWJU -TFMgUGx1Z2luIFRlc3QgSW50ZXJtZWRpYXRlIENBIDEwHhcNMTcwMTAxMDAwMDAw -WhcNMTcxMjMxMDAwMDAwWjAAMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC -AQEA5G9nS+fSGwrs+JKuHtTpAGtHg61OnuLMUrCKBEZXH/cyN8zwzezAubkntBkz -oSGnTKJsx1YxxGpPX/uSbCKPxOs/0SsGx3trkIM301kcwNrehaHc5p3h2Pxv1MC0 -bjc90tdOTgQJavuf08+xgNt6eJdl4byNWvrssbbuP8kDg6sKmo4DKYhCFFCAEafV -LYfIvSUynlX7Iu+cZKikYjvWhkMaIqMcS+6vMHDTnKratodheIcyDAu3RBabRBtO -bfOYmfjtrkECXVKamEnDJCQLGHu/QM43ZQ8yDBxaR0uwP9sXtolomTwOcISSXDPL -bS5nyK9HQYe9N4eIAGUffnvZCQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQALWvd+ -5ZNLJdwB6yA3y72pcTqvbXPZnjyLXG10RXZyAmR+5kG/KdfN+KcthzJtJT8UESuV -Wi6oi7qx+VJ5tFvq/rDusJwUU7pdZKq52coXspnaNBgxVoPZIY8gnmp/CUEvNvqr -59FsdlDUUWm5k66a64pvqZEhWKk9U+jBLG+IJWUDipCcjlhdmuJnjmr2ERkkjYm3 -EV6o3CE1epp4ipTCKYS7t6WOBHnc253Xp6O3OebDpb6DrVk67upKir1uccnkp0bV -o/2gsaNUjbwB+2hMWqL1eUT3uel725GRdFto9jqycO7mSfTxplNmE84vnohFZjSu -/A0UAm9qyay1P4m8 ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEADCCAuigAwIBAgIJALOPTrQGpeshMA0GCSqGSIb3DQEBBQUAMIGHMQswCQYD -VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJQ3VwZXJ0aW5v -MRMwEQYDVQQKDApBcHBsZSBJbmMuMREwDwYDVQQLDAhGREIgVGVhbTEnMCUGA1UE -AwweRkRCIExpYlRMUyBQbHVnaW4gVGVzdCBSb290IENBMB4XDTE4MDQwNzE0MTYw -MVoXDTI4MDQwNDE0MTYwMVowgZExCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxp -Zm9ybmlhMRIwEAYDVQQHDAlDdXBlcnRpbm8xEzARBgNVBAoMCkFwcGxlIEluYy4x -ETAPBgNVBAsMCEZEQiBUZWFtMTEwLwYDVQQDDChGREIgTGliVExTIFBsdWdpbiBU -ZXN0IEludGVybWVkaWF0ZSBDQSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB -CgKCAQEAyOwdOcYcH3wYou13CchsXh3lLWA85E550tT6/WwDnslQjiMZHFrKvUT2 -B8CUOR3Fr+4RG+cdw80rgojYEUuHKwmIGyjo5IotdaYbWzf6mvYThlIPPudCCkSU -CTtqPv8Oq4QdIpCxHdix0MINKu7c+qt1rUwnDFQSv/gHhVnNxT4r8pwVp6T4hwka -2YQaRNjzUuuFinMub0UtxnUX0rH8X5STlOSVn4Ksjo0OhQzsGEYDx86jVAXjgGcb -2CgGGctgq04hVrngP5ahT1Xeh9YycMlQJXsckJJBxfUJebIjANSRyzxI5fYt+ZkY -qoG5VLPREUQknxcpbT7Rsj0n+k0RhwIDAQABo2MwYTAdBgNVHQ4EFgQUJdMXt/zc -d3vGb2BH47hCu+M2jxAwHwYDVR0jBBgwFoAUnqtGja3O5jGlh5vHgp3Tf8NCPKkw -DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQAD -ggEBAGwW7bRqB7aYUGsD1MOE9d5slp6Iw6wKyNLdg+mzoV+iCV2ZM7ejNRButiAy -vPOxSQwXcibLm/g599e+LY1TiI1XXPbL2bFnTcnThqpHHFe+eRrDgqxO8qJyrcBp -EfyMCJWq7jFg4bWoYTpLeC/RAKyi9fxlqY1NzQCp1bG3LiaDJ5VJd4uwkgX2a0yN -3e0XEFNi7r4u4IHejwFjKWrDg8sstjbY+XOYC4EVQyUsbzeKZKSqnOdR2Jv1QZHH -5O24G/efIFpsA6MVUOfRk0eq0RfKX7CdHn2a5p8aC6E6YMDhXL6xo146n49t9sYD -HMUnfG6AEboTBa/l+zwCG/u4f/Y= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIID9jCCAt6gAwIBAgIJALfRa36cuemYMA0GCSqGSIb3DQEBCwUAMIGHMQswCQYD -VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJQ3VwZXJ0aW5v -MRMwEQYDVQQKDApBcHBsZSBJbmMuMREwDwYDVQQLDAhGREIgVGVhbTEnMCUGA1UE -AwweRkRCIExpYlRMUyBQbHVnaW4gVGVzdCBSb290IENBMB4XDTE4MDQwNzE0MTYw -MVoXDTI4MDQwNDE0MTYwMVowgYcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxp -Zm9ybmlhMRIwEAYDVQQHDAlDdXBlcnRpbm8xEzARBgNVBAoMCkFwcGxlIEluYy4x -ETAPBgNVBAsMCEZEQiBUZWFtMScwJQYDVQQDDB5GREIgTGliVExTIFBsdWdpbiBU -ZXN0IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/J+sL -7POoXNdzYRsMZCI5juxMPOVue5vU2QPU9z/PHBsBICX6tVsCnkzk5CLdM6TxofgX -F+MqRKxtcIqxBcKjjVecJlqHuNY+jS2r8UjcoQm+EQ5RsBWu8yaSnXIiZTccQNjB -5T2awwt9Ptbn946MZfq6oEnn4ZPByu9/nCrlk7QXTkuGdpTnC6paQWt/lVxZfELM -i0g76/K/f3e2Lv9UCvlxKOwFMye9XjwF3ekEmUuio5JZEdn+LIs9zB1zehFhGlYB -TUXnkZ0LTOPbH9OxsOli04n31/n7UbYq1BSuoiXx5A2eHOunMppa0NDg7oXmDSKE -A1zo+QtIu1YPXaLdAgMBAAGjYzBhMB0GA1UdDgQWBBSeq0aNrc7mMaWHm8eCndN/ -w0I8qTAfBgNVHSMEGDAWgBSeq0aNrc7mMaWHm8eCndN/w0I8qTAPBgNVHRMBAf8E -BTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAIOw1jC39 -VW+1fqGT+n44Y6Oh66lAowIvi/BEOW1I4iPAjkr0g6FbbdKeq0VLL7aMMu+q/AOv -UETv7MdVh9xjTLqWZGN0R3Lr/n6ButI3E7MLKL5ByLNCoOhF42aBLINkpKSNFRrQ -40iNoHm3BaNRLKS7poCk5HFkEMjvxdQ1AenNbUa21DTh7y9arHF4CPfi8Ity29jW -ED8jYK/+bWIaO+YhGkRh8UuD3o5WnOti+9QK56qxkPtkqVTh9vMVHfD0DgVeLvMN -nZpTplLTfhjzyFJELwE/U+HJ6KIslmqwarJ1Sla+1gHCmJEbzbsrnb6bLtrHtXCZ -XvmR6B5iRkDVpw== ------END CERTIFICATE----- ------BEGIN PRIVATE KEY----- -MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQDkb2dL59IbCuz4 -kq4e1OkAa0eDrU6e4sxSsIoERlcf9zI3zPDN7MC5uSe0GTOhIadMomzHVjHEak9f -+5JsIo/E6z/RKwbHe2uQgzfTWRzA2t6FodzmneHY/G/UwLRuNz3S105OBAlq+5/T -z7GA23p4l2XhvI1a+uyxtu4/yQODqwqajgMpiEIUUIARp9Uth8i9JTKeVfsi75xk -qKRiO9aGQxoioxxL7q8wcNOcqtq2h2F4hzIMC7dEFptEG05t85iZ+O2uQQJdUpqY -ScMkJAsYe79AzjdlDzIMHFpHS7A/2xe2iWiZPA5whJJcM8ttLmfIr0dBh703h4gA -ZR9+e9kJAgMBAAECggEBAKC87x+PQN18g6CpfdH+GPINiuXR9ieBCSsKRCOb50R7 -6Z8wGyWbeUV2TsTAkv7HsnQPOqHNOfmuoKm2WKK0cxuqOV6SexO0+cxXONoDs2LU -342ChvDTmY7YmkxHSO7g+iS5EcV9u67G3gDp/Unhpjzis3Ly/ThOpmyqftztMgbb -6KKfgGi3VL+fZ2x8gQt0II2QcO6GIzrPcn9ruEM6tXJhQ50YaSCeCmseKBvKuWPW -b/Gj7wgYhsiMW+nt8QjVam99eCQ6Q94CsapWRdGpj1Nrd4ISREbqr8x4fmcbiSO6 -6HZyUidxZIxr2Y4/BTd/BiIqXXdKAMoCVElmyE09P4ECgYEA9IkOkHq1jDLAmppd -fNSC/ndmITS0imvwzTTubXKOTn3yZHVxk2/ld83aauGA3UwAueW4Hh0hJdIWqC0d -IyaNj3EhcVbidyYwvXdChlPuQ1uccu/earhzsbaFwqNoLVgMrPcB5QcMKUs2/s4Q -tBXOqNlFjDZ+bkHQyGXtFYJzknECgYEA7yUcJqf2jB5e4LWG4Se4zD1E/ccZH3t8 -nhuXa6nDsx2trZBknHpQmc85WzbBITD+LRaamlYpnB1Ueiyr7/Efamtls7NvnoQN -14cNFnnj5HooTHJHgNBuL/M3hr/q8uK4lR6bu/DOfzUfRGowX3pj+POB01ObPdm8 -BUTFwmfJTBkCgYEAkakqccmGZxK8Q9t7oKX9uZJp1ZHNkT6m27WR6MP6HKtNPaXv -l4Fp0KlgV5Yn6qohLJq3x8hWPG8ea+MjnhKS9ETRRPAaShsHoXRuvhE0tg7V7GkR -tcRVtiAhIUWxAoGWW1lvWXuPNPHGupUIwhzTUyTJFrJHMWom8Zg1V0CzkyECgYEA -0JpPXwzejEUlv9+4owhyM34ygyg8KvEduBEbWWfBdKmryR2OFczAKBrRzlYJy3kg -DpaMD5qfOzV+bgAvjuKG496A3WrlL6HDLUD50qRKfQ9tvZll8+BcbWk8A0e/m1TX -bARCFoOsrNvaxWPXhEGPmSZYFc31OdOHJhViZ/z+Y2kCgYEAphx6cPXLMcgv0ivj -SgIG09vo3hGA5r06FkLtGL677CTvYsk/Equ5TkG0AIJ0acY9wiabk6zyM/9XjRAp -Nf8qYzhaMxJiyw+JEXmud4Dc41DqjGm9bLV4tKSR+7xzPBP9Q/QLxfRvArBOKhiX -L5fWmM5SQAoHsf124DTKckNirLI= ------END PRIVATE KEY----- diff --git a/FDBLibTLS/testdata/test-3-server.pem b/FDBLibTLS/testdata/test-3-server.pem deleted file mode 100644 index 27759468f9..0000000000 --- a/FDBLibTLS/testdata/test-3-server.pem +++ /dev/null @@ -1,101 +0,0 @@ -subject= -issuer= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Intermediate CA 1 -subject= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Intermediate CA 1 -issuer= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Root CA -subject= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Root CA -issuer= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Root CA ------BEGIN CERTIFICATE----- -MIIDCDCCAfACAxAAATANBgkqhkiG9w0BAQsFADCBkTELMAkGA1UEBhMCVVMxEzAR -BgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCUN1cGVydGlubzETMBEGA1UECgwK -QXBwbGUgSW5jLjERMA8GA1UECwwIRkRCIFRlYW0xMTAvBgNVBAMMKEZEQiBMaWJU -TFMgUGx1Z2luIFRlc3QgSW50ZXJtZWRpYXRlIENBIDEwHhcNMTcwMTAxMDAwMDAw -WhcNMTcxMjMxMDAwMDAwWjAAMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC -AQEA43+uFNDYKXQQ4fmSencxdm/mfM6FAlGwRBWotptutznfH0N+ulp5RhjRcbGb -AHwPOBBNEBSIV3LhdPXep3NcmSkfaMdnPEgrurI0DLYbxZryEXdJZyoueT+w4TNx -I5mNlZDKD5bH5rhV/dUAmK/+LpWuxWraWYaHBZBsuqpb0MF6IZJAN9Ve9JiKHeiY -6ecz/o9XIrFFeWKMncHwBV1taPPoG2Ksjv8UlqqehrYXG+md958MXf69dkuQJLCS -rojPOkhUroixvGiXJBRSFCyVhQxPCLyASsEv8qPEKMUiW4oY3w5R9RQmw97AHlA1 -7xB4mGZTZEjUIOYDdd8LyuRpawIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAHMAsm -zLtFnDaYaOgJdPpi9VAUkZpbSXcA3a02PzOvLN9VV1Fogf1+F0zYFlWbiYGIwcI4 -3YfuFr97/e0uEQd6pwGc8/a63q+CunGz+HPStWZm+2ZgmJhBH6i1RwmhA9rH6rGK -j2UghYIYT83gn6S2XSfUwzV8gCw+JjJwczcjGpOf9dRCAEsRDcRwUX7rI16cE2tZ -SLzYB/Kg3wSnUXTKXRJfg6VbVRPFXHQlRYpOxe2z5LWoTEo2uYuHgYO+DzSO9pEj -WgyKBwcc+L3zIZFYCqc9EN//QrLlXsiwSDVMvtzVnzvIQKcGF7OE22NyojTaMzQL -2h8UA9W0Mew5PTSl ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEADCCAuigAwIBAgIJALOPTrQGpeshMA0GCSqGSIb3DQEBBQUAMIGHMQswCQYD -VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJQ3VwZXJ0aW5v -MRMwEQYDVQQKDApBcHBsZSBJbmMuMREwDwYDVQQLDAhGREIgVGVhbTEnMCUGA1UE -AwweRkRCIExpYlRMUyBQbHVnaW4gVGVzdCBSb290IENBMB4XDTE4MDQwNzE0MTYw -MVoXDTI4MDQwNDE0MTYwMVowgZExCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxp -Zm9ybmlhMRIwEAYDVQQHDAlDdXBlcnRpbm8xEzARBgNVBAoMCkFwcGxlIEluYy4x -ETAPBgNVBAsMCEZEQiBUZWFtMTEwLwYDVQQDDChGREIgTGliVExTIFBsdWdpbiBU -ZXN0IEludGVybWVkaWF0ZSBDQSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB -CgKCAQEAyOwdOcYcH3wYou13CchsXh3lLWA85E550tT6/WwDnslQjiMZHFrKvUT2 -B8CUOR3Fr+4RG+cdw80rgojYEUuHKwmIGyjo5IotdaYbWzf6mvYThlIPPudCCkSU -CTtqPv8Oq4QdIpCxHdix0MINKu7c+qt1rUwnDFQSv/gHhVnNxT4r8pwVp6T4hwka -2YQaRNjzUuuFinMub0UtxnUX0rH8X5STlOSVn4Ksjo0OhQzsGEYDx86jVAXjgGcb -2CgGGctgq04hVrngP5ahT1Xeh9YycMlQJXsckJJBxfUJebIjANSRyzxI5fYt+ZkY -qoG5VLPREUQknxcpbT7Rsj0n+k0RhwIDAQABo2MwYTAdBgNVHQ4EFgQUJdMXt/zc -d3vGb2BH47hCu+M2jxAwHwYDVR0jBBgwFoAUnqtGja3O5jGlh5vHgp3Tf8NCPKkw -DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQAD -ggEBAGwW7bRqB7aYUGsD1MOE9d5slp6Iw6wKyNLdg+mzoV+iCV2ZM7ejNRButiAy -vPOxSQwXcibLm/g599e+LY1TiI1XXPbL2bFnTcnThqpHHFe+eRrDgqxO8qJyrcBp -EfyMCJWq7jFg4bWoYTpLeC/RAKyi9fxlqY1NzQCp1bG3LiaDJ5VJd4uwkgX2a0yN -3e0XEFNi7r4u4IHejwFjKWrDg8sstjbY+XOYC4EVQyUsbzeKZKSqnOdR2Jv1QZHH -5O24G/efIFpsA6MVUOfRk0eq0RfKX7CdHn2a5p8aC6E6YMDhXL6xo146n49t9sYD -HMUnfG6AEboTBa/l+zwCG/u4f/Y= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIID9jCCAt6gAwIBAgIJALfRa36cuemYMA0GCSqGSIb3DQEBCwUAMIGHMQswCQYD -VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJQ3VwZXJ0aW5v -MRMwEQYDVQQKDApBcHBsZSBJbmMuMREwDwYDVQQLDAhGREIgVGVhbTEnMCUGA1UE -AwweRkRCIExpYlRMUyBQbHVnaW4gVGVzdCBSb290IENBMB4XDTE4MDQwNzE0MTYw -MVoXDTI4MDQwNDE0MTYwMVowgYcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxp -Zm9ybmlhMRIwEAYDVQQHDAlDdXBlcnRpbm8xEzARBgNVBAoMCkFwcGxlIEluYy4x -ETAPBgNVBAsMCEZEQiBUZWFtMScwJQYDVQQDDB5GREIgTGliVExTIFBsdWdpbiBU -ZXN0IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/J+sL -7POoXNdzYRsMZCI5juxMPOVue5vU2QPU9z/PHBsBICX6tVsCnkzk5CLdM6TxofgX -F+MqRKxtcIqxBcKjjVecJlqHuNY+jS2r8UjcoQm+EQ5RsBWu8yaSnXIiZTccQNjB -5T2awwt9Ptbn946MZfq6oEnn4ZPByu9/nCrlk7QXTkuGdpTnC6paQWt/lVxZfELM -i0g76/K/f3e2Lv9UCvlxKOwFMye9XjwF3ekEmUuio5JZEdn+LIs9zB1zehFhGlYB -TUXnkZ0LTOPbH9OxsOli04n31/n7UbYq1BSuoiXx5A2eHOunMppa0NDg7oXmDSKE -A1zo+QtIu1YPXaLdAgMBAAGjYzBhMB0GA1UdDgQWBBSeq0aNrc7mMaWHm8eCndN/ -w0I8qTAfBgNVHSMEGDAWgBSeq0aNrc7mMaWHm8eCndN/w0I8qTAPBgNVHRMBAf8E -BTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAIOw1jC39 -VW+1fqGT+n44Y6Oh66lAowIvi/BEOW1I4iPAjkr0g6FbbdKeq0VLL7aMMu+q/AOv -UETv7MdVh9xjTLqWZGN0R3Lr/n6ButI3E7MLKL5ByLNCoOhF42aBLINkpKSNFRrQ -40iNoHm3BaNRLKS7poCk5HFkEMjvxdQ1AenNbUa21DTh7y9arHF4CPfi8Ity29jW -ED8jYK/+bWIaO+YhGkRh8UuD3o5WnOti+9QK56qxkPtkqVTh9vMVHfD0DgVeLvMN -nZpTplLTfhjzyFJELwE/U+HJ6KIslmqwarJ1Sla+1gHCmJEbzbsrnb6bLtrHtXCZ -XvmR6B5iRkDVpw== ------END CERTIFICATE----- ------BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDjf64U0NgpdBDh -+ZJ6dzF2b+Z8zoUCUbBEFai2m263Od8fQ366WnlGGNFxsZsAfA84EE0QFIhXcuF0 -9d6nc1yZKR9ox2c8SCu6sjQMthvFmvIRd0lnKi55P7DhM3EjmY2VkMoPlsfmuFX9 -1QCYr/4ula7FatpZhocFkGy6qlvQwXohkkA31V70mIod6Jjp5zP+j1cisUV5Yoyd -wfAFXW1o8+gbYqyO/xSWqp6Gthcb6Z33nwxd/r12S5AksJKuiM86SFSuiLG8aJck -FFIULJWFDE8IvIBKwS/yo8QoxSJbihjfDlH1FCbD3sAeUDXvEHiYZlNkSNQg5gN1 -3wvK5GlrAgMBAAECggEAAVjMKwthfD1XrD7SAy+Zd14KO0rttqnNJVoLealJ6oPJ -MmIv6eKHPUcAVm/6vvH9FRPjoOi+NeZUN2ENRGiGb9GygehMUCsNNzm+3SRm3bCh -JkFSie3SAJ3D6lFnphJOqEgHKjh2ToNg3vPX4Q+JrbTtJ/YN/OGzAvFr81721DGO -L7Hs6foBHKrLeibbguVRdc5zc/WtWjGPFhNAmR9qincM3Q9DrUUHjbJzTS1UXDVT -zssTUTZe9TLd4buqHjLLfmiPoTV8qzv5l4RwkmuuLIT+5mO7X41glwdOkBfk+Cum -BZjrjgTDXbqLNXjMsvXkG1hCZQ6qwdT4GINYlYSiQQKBgQD4pJf7xLaX53rj+LDc -HY3TbWDdyS7h7cq4ZoKa1xPt4Va3xIAIst20edTr6tBYtNygjFZwIkPFYGwdGKVK -CqbpzTxVl8p5I3uoUmIFDo8hX7ChLC928K9lfD62agU85ZfP9Vly4zvDG2sIvxpw -HUY/96VhdSG3fssWYvg3dYUGCQKBgQDqOuyrcTHaZujFMN+MIuUExgYOMS0R0O4T -zCMtWIEkjntSk4CBMsHSb/dZH3CbFB90GjS+WklfTBd6kZ8tBO35vtM6nz5NPCEr -2umqJR5hijHV2tB98qV9qJttJrH/z0VKuuZBa14S1rJwGpX9ZoOULwcOGK3VC9pQ -YnH7Wdjw0wKBgFtBZXqE7xL/ZS4IVzjiK+xeJ4Ae13MaKB3XmbWknG7hFkep+ee3 -ZgFX+ZqAeukjsBnIh+zt1nu5cNSY+Akdsbb7mVo8tJYTPM5BNjJu7n8sNJJiuiTo -HyebGxUuAjAgf8BWZvbwiT2JcZYrNVPSmrbdeDg1miNTiMv1lO4d1q2pAoGBANq8 -oFwSX24IAIR1+a2SwLDOhMUoI2Cp7ktKrecg6alL7drVqIH+9oYgzarK84u/JQh1 -mJ/TDQYTtzFdYHrYSaybCgOKxtG1v3yG+QNNmquYNKXzrBSSTv2kQVGTe1LbK2h4 -VaLuM3IAUa7jBQMZgvMVX89IOL3mTcAXzz3dT/zFAoGBAI/pVbABfPihWZ1MrmTN -pnRmQ0461J0WGT+fIgAPR+R+umckHaOVAGiSQomfNrUBbsydoZYu/by7GhIGsDeO -8XKwEP/HLRrABvZu4KLTxa+qTnW/t6BSIfFwQmrNMofxcFRbdzNAODKjyaJG2dqT -ksg9s2SxReRrGOeb43CAw5SC ------END PRIVATE KEY----- diff --git a/FDBLibTLS/testdata/test-4-client.pem b/FDBLibTLS/testdata/test-4-client.pem deleted file mode 100644 index 87f088b96b..0000000000 --- a/FDBLibTLS/testdata/test-4-client.pem +++ /dev/null @@ -1,80 +0,0 @@ -subject= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Client 1 -issuer= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Intermediate CA 1 -subject= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Intermediate CA 1 -issuer= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Root CA ------BEGIN CERTIFICATE----- -MIID/jCCAuagAwIBAgIJALOPTrQGpeslMA0GCSqGSIb3DQEBBQUAMIGRMQswCQYD -VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJQ3VwZXJ0aW5v -MRMwEQYDVQQKDApBcHBsZSBJbmMuMREwDwYDVQQLDAhGREIgVGVhbTExMC8GA1UE -AwwoRkRCIExpYlRMUyBQbHVnaW4gVGVzdCBJbnRlcm1lZGlhdGUgQ0EgMTAeFw0x -ODA0MDcxNDE2MDJaFw0yODA0MDQxNDE2MDJaMIGIMQswCQYDVQQGEwJVUzETMBEG -A1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJQ3VwZXJ0aW5vMRMwEQYDVQQKDApB -cHBsZSBJbmMuMREwDwYDVQQLDAhGREIgVGVhbTEoMCYGA1UEAwwfRkRCIExpYlRM -UyBQbHVnaW4gVGVzdCBDbGllbnQgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC -AQoCggEBALVkdxOmWcd959NyirJ1iz7q5fkjdRUV+88KMMehQWc3f50GJIQ+eZo+ -7RhwVE+n8nd0i5iGfyY6LRuupdwoQUxoZ/5rUIDGKspNO62DVRW+tZqzpEa1+ub5 -75BMoc7I7l9sXDkuiMu1OYcPNKMv4F3mf+B3ourLqjUekKlUv8XIZXAvN+R19HlR -FM8vs8rnhQXx7iWVP91frDvyD8G7lOf6R7R4homnB37kLom8WU+fCmcyA6em0qX0 -JeVP6xk2qXU1cMs7DL8WftdrWHv+a73/l4hytQHo5OvtGaLZhpPYpC/FMSaFHVSM -irWSFK+ZtvaLi3LXc2HGANMokjPoRf8CAwEAAaNgMF4wHQYDVR0OBBYEFPtTL9KZ -jn49cLediy1ixz7AXOI3MB8GA1UdIwQYMBaAFCXTF7f83Hd7xm9gR+O4QrvjNo8Q -MAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBBQUAA4IB -AQA17a4d/tSWIlTkIfkrXziD21+1OsN6/dUrWQK7kxtEe21QXIutccW4bwpM0JDB -M+bZiWkdgQ15+ZotX5UXlBcx9WWDU5RqSO06hhXu5b8gZwfVF4Od6tBdVxkn4KbU -0YujOZrL8fDOrQHqCO7nhNlYgcEn7bKF5wjtOoiKhtA9sLSIZQR5g32kkJXXGvcY -lLWMXygEg9FMQoldW9RHq4GbUiYEeqEq6k4S7cE03R1lvmQEOOAJ2S7LnaS4UHQT -GmW6uvLnJJrG4HB9JGE+y1e9M+C7Enzhi39RGd8ylignGimkdw/1UEWnvKGCqoU7 -ufWGF7eUV8dCqO+jYghIY8rA ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEADCCAuigAwIBAgIJALOPTrQGpeshMA0GCSqGSIb3DQEBBQUAMIGHMQswCQYD -VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJQ3VwZXJ0aW5v -MRMwEQYDVQQKDApBcHBsZSBJbmMuMREwDwYDVQQLDAhGREIgVGVhbTEnMCUGA1UE -AwweRkRCIExpYlRMUyBQbHVnaW4gVGVzdCBSb290IENBMB4XDTE4MDQwNzE0MTYw -MVoXDTI4MDQwNDE0MTYwMVowgZExCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxp -Zm9ybmlhMRIwEAYDVQQHDAlDdXBlcnRpbm8xEzARBgNVBAoMCkFwcGxlIEluYy4x -ETAPBgNVBAsMCEZEQiBUZWFtMTEwLwYDVQQDDChGREIgTGliVExTIFBsdWdpbiBU -ZXN0IEludGVybWVkaWF0ZSBDQSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB -CgKCAQEAyOwdOcYcH3wYou13CchsXh3lLWA85E550tT6/WwDnslQjiMZHFrKvUT2 -B8CUOR3Fr+4RG+cdw80rgojYEUuHKwmIGyjo5IotdaYbWzf6mvYThlIPPudCCkSU -CTtqPv8Oq4QdIpCxHdix0MINKu7c+qt1rUwnDFQSv/gHhVnNxT4r8pwVp6T4hwka -2YQaRNjzUuuFinMub0UtxnUX0rH8X5STlOSVn4Ksjo0OhQzsGEYDx86jVAXjgGcb -2CgGGctgq04hVrngP5ahT1Xeh9YycMlQJXsckJJBxfUJebIjANSRyzxI5fYt+ZkY -qoG5VLPREUQknxcpbT7Rsj0n+k0RhwIDAQABo2MwYTAdBgNVHQ4EFgQUJdMXt/zc -d3vGb2BH47hCu+M2jxAwHwYDVR0jBBgwFoAUnqtGja3O5jGlh5vHgp3Tf8NCPKkw -DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQAD -ggEBAGwW7bRqB7aYUGsD1MOE9d5slp6Iw6wKyNLdg+mzoV+iCV2ZM7ejNRButiAy -vPOxSQwXcibLm/g599e+LY1TiI1XXPbL2bFnTcnThqpHHFe+eRrDgqxO8qJyrcBp -EfyMCJWq7jFg4bWoYTpLeC/RAKyi9fxlqY1NzQCp1bG3LiaDJ5VJd4uwkgX2a0yN -3e0XEFNi7r4u4IHejwFjKWrDg8sstjbY+XOYC4EVQyUsbzeKZKSqnOdR2Jv1QZHH -5O24G/efIFpsA6MVUOfRk0eq0RfKX7CdHn2a5p8aC6E6YMDhXL6xo146n49t9sYD -HMUnfG6AEboTBa/l+zwCG/u4f/Y= ------END CERTIFICATE----- ------BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC1ZHcTplnHfefT -coqydYs+6uX5I3UVFfvPCjDHoUFnN3+dBiSEPnmaPu0YcFRPp/J3dIuYhn8mOi0b -rqXcKEFMaGf+a1CAxirKTTutg1UVvrWas6RGtfrm+e+QTKHOyO5fbFw5LojLtTmH -DzSjL+Bd5n/gd6Lqy6o1HpCpVL/FyGVwLzfkdfR5URTPL7PK54UF8e4llT/dX6w7 -8g/Bu5Tn+ke0eIaJpwd+5C6JvFlPnwpnMgOnptKl9CXlT+sZNql1NXDLOwy/Fn7X -a1h7/mu9/5eIcrUB6OTr7Rmi2YaT2KQvxTEmhR1UjIq1khSvmbb2i4ty13NhxgDT -KJIz6EX/AgMBAAECggEAEm2Mc2CZCl1OKfsfABZU+SVgC7mAcY30MQp1/jHxtQy8 -WDWBjDXUoMj3yV3QEu+bAGvEqtAvJrEOWBucGgu05pBM0FoSqaJ4QmkqQOxwvm7L -gFXzwINIZCLMJbrDTYC4RtV5YQ3LM/bLS19OF64Lez6piyJcWMIsHo1mYO2NNgiD -7f1x1uQw46Q0YHWeoHY58MPfmgfKsqnJDWc8cCuU9fJOWeU4dVrfW8dh9WVAoLZ7 -qAM5vvap11Qk8RXaRnmLjxN6H1M7iVNfcLVNKfG6XOBBepYjZr/qMkuN3ONuqBHl -fC3Zia2zQZRfiuPspX0KhjCfYAKbIZC6oyrQM2uXgQKBgQDoD5voZiCOeGXJEMUk -9JV4V8A96aE0xxy+OHMogVpysxBO4V0Nh0krSLTt9NXnpjawZQ+3pLQ4+2J2XM2e -fJuJJ7Z+Mhjv6epnMM7FoxK1VF7oe+LE7Yk/kg/moCuVS/XhLdQrhZVBJhfEADS3 -oFybf7Q6rJYtN3OYsiFymyneHwKBgQDIGsY5kGdmx27LS5rPMwdw632TF8G5BGbu -C3ty7LYkOWb/9/V4cuWjW4eLJQqCWbJQrzOvg0coxwXLUuEQik+IP2IkF0YlRS43 -VJuULwOxi3Cbj51RoapHhmYTO9fe2A1N9oJMAqEUHY1q/r9txPcguRWyuH2Yv9Ih -OzHnc2DcIQKBgQCGW0MxMq/2zM5hs0vxMYq4ulWbgwDKxd1mZNiHwxzS+8mdYe22 -P3WlkdrvSqnuDNXtGxYWhU2zEBjZ3rFN6WdD6bJHLkox3YTRafjNhLT4N3kbsV6C -FeU44SBDrsiNEAWz8gy9hgH8TknEOTpMdpQnk7CNqA7q7wgGiFvFNwDukQKBgG7i -R03Gs0XE5aRJtPN0N39fPyqvU24O/mqSekno2dWg6W6WHLQuFwo6whVc5UHuKl2D -eISdnmT+RDuzJXxg6El7tgqByyEEAOQwQjYPB2Du/+tz3Z1KlG0mEJI/6xNVbany -G6m7Gz9mUOMlXzaYmsjLRzbN/OsUAIDhqHm0+cuBAoGAZCND80akS3xr3yC87GyX -aA0RoHXbdB6dbP8Y6XYDXR4QFIA4kXwY5cCLaZA/0hP5FOzDhORmaoaPM8vUdNyb -IYvbw2H6tODiU5oICWY6+HQQ2nXikucI4HDYDLbsiV2htZkEmBYWLilYq0Tb8jC5 -u+ehIIvZYLqKaY1GaKmF86A= ------END PRIVATE KEY----- diff --git a/FDBLibTLS/testdata/test-4-server.pem b/FDBLibTLS/testdata/test-4-server.pem deleted file mode 100644 index e80346e9b2..0000000000 --- a/FDBLibTLS/testdata/test-4-server.pem +++ /dev/null @@ -1,80 +0,0 @@ -subject= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Server 1 -issuer= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Intermediate CA 1 -subject= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Intermediate CA 1 -issuer= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Root CA ------BEGIN CERTIFICATE----- -MIID/jCCAuagAwIBAgIJALOPTrQGpesjMA0GCSqGSIb3DQEBBQUAMIGRMQswCQYD -VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJQ3VwZXJ0aW5v -MRMwEQYDVQQKDApBcHBsZSBJbmMuMREwDwYDVQQLDAhGREIgVGVhbTExMC8GA1UE -AwwoRkRCIExpYlRMUyBQbHVnaW4gVGVzdCBJbnRlcm1lZGlhdGUgQ0EgMTAeFw0x -ODA0MDcxNDE2MDJaFw0yODA0MDQxNDE2MDJaMIGIMQswCQYDVQQGEwJVUzETMBEG -A1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJQ3VwZXJ0aW5vMRMwEQYDVQQKDApB -cHBsZSBJbmMuMREwDwYDVQQLDAhGREIgVGVhbTEoMCYGA1UEAwwfRkRCIExpYlRM -UyBQbHVnaW4gVGVzdCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC -AQoCggEBAJp26QAmlMusO7C8Py/I117r3kHvB+My5kIrj8g9sKpktwTzmsJGpvJU -EaKISEdBsJHLGnZJhwIhr/+MG4WDEM4oFNCtBQZznV3wjIQWq1w4IO8/f3+nBPpW -f14fjs1E911Uo/ZOL9bxvh1SIHkS6itgJi+tgVPx7C3s3W3mC5nU3omsE+Rx4DDm -KUq1kyN1ELBIAceQ4wTmQ5B8dv6MSW7zt8Jdrhfhg2GJIPPB6XUZJ2yIOvgu55GW -J5sMPa0uNDfCsWJ37fzFm+XJ/D96t7x8I49IyfzbIgcU9JYFlcqkryvKh5IpQGGm -H/I6adIWa5xWpMhB2PA6kgtDD07Hu2sCAwEAAaNgMF4wHQYDVR0OBBYEFJ7S+FUz -9ngzH/TNPVeM/cE7LeBGMB8GA1UdIwQYMBaAFCXTF7f83Hd7xm9gR+O4QrvjNo8Q -MAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBBQUAA4IB -AQAx6WHwikVFAH0TRYCznwO6He+0t2pnlyfrI+24N28tzupMSrRPs086UbLgHLz1 -lbkYdheeOkLPzjWi5vfymL1Oua3E2iAXWEpMb4Sg7E5SVHp9yt6gZ0DTVwR+Gcu7 -uooroidAG3OFeOXL5ivU5J5ipaoEAiLprpKxtPzo4z/TxIqw3kJISC56qw9VTJNQ -TQZvneUecykdIZuH61ih0cJLe5WRkEs/63Dgl8TBYiVDbvBSGRbsXoAXcspVlc2x -XOLey5IVJ4/TH5ZBobShC6J1KrjZTNYvUgc44CocOgrc0ePPiQzB7JXxR1H8ATGl -yKjWqT2PkrfHmjdcmsi2GIVt ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEADCCAuigAwIBAgIJALOPTrQGpeshMA0GCSqGSIb3DQEBBQUAMIGHMQswCQYD -VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJQ3VwZXJ0aW5v -MRMwEQYDVQQKDApBcHBsZSBJbmMuMREwDwYDVQQLDAhGREIgVGVhbTEnMCUGA1UE -AwweRkRCIExpYlRMUyBQbHVnaW4gVGVzdCBSb290IENBMB4XDTE4MDQwNzE0MTYw -MVoXDTI4MDQwNDE0MTYwMVowgZExCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxp -Zm9ybmlhMRIwEAYDVQQHDAlDdXBlcnRpbm8xEzARBgNVBAoMCkFwcGxlIEluYy4x -ETAPBgNVBAsMCEZEQiBUZWFtMTEwLwYDVQQDDChGREIgTGliVExTIFBsdWdpbiBU -ZXN0IEludGVybWVkaWF0ZSBDQSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB -CgKCAQEAyOwdOcYcH3wYou13CchsXh3lLWA85E550tT6/WwDnslQjiMZHFrKvUT2 -B8CUOR3Fr+4RG+cdw80rgojYEUuHKwmIGyjo5IotdaYbWzf6mvYThlIPPudCCkSU -CTtqPv8Oq4QdIpCxHdix0MINKu7c+qt1rUwnDFQSv/gHhVnNxT4r8pwVp6T4hwka -2YQaRNjzUuuFinMub0UtxnUX0rH8X5STlOSVn4Ksjo0OhQzsGEYDx86jVAXjgGcb -2CgGGctgq04hVrngP5ahT1Xeh9YycMlQJXsckJJBxfUJebIjANSRyzxI5fYt+ZkY -qoG5VLPREUQknxcpbT7Rsj0n+k0RhwIDAQABo2MwYTAdBgNVHQ4EFgQUJdMXt/zc -d3vGb2BH47hCu+M2jxAwHwYDVR0jBBgwFoAUnqtGja3O5jGlh5vHgp3Tf8NCPKkw -DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQAD -ggEBAGwW7bRqB7aYUGsD1MOE9d5slp6Iw6wKyNLdg+mzoV+iCV2ZM7ejNRButiAy -vPOxSQwXcibLm/g599e+LY1TiI1XXPbL2bFnTcnThqpHHFe+eRrDgqxO8qJyrcBp -EfyMCJWq7jFg4bWoYTpLeC/RAKyi9fxlqY1NzQCp1bG3LiaDJ5VJd4uwkgX2a0yN -3e0XEFNi7r4u4IHejwFjKWrDg8sstjbY+XOYC4EVQyUsbzeKZKSqnOdR2Jv1QZHH -5O24G/efIFpsA6MVUOfRk0eq0RfKX7CdHn2a5p8aC6E6YMDhXL6xo146n49t9sYD -HMUnfG6AEboTBa/l+zwCG/u4f/Y= ------END CERTIFICATE----- ------BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCadukAJpTLrDuw -vD8vyNde695B7wfjMuZCK4/IPbCqZLcE85rCRqbyVBGiiEhHQbCRyxp2SYcCIa// -jBuFgxDOKBTQrQUGc51d8IyEFqtcOCDvP39/pwT6Vn9eH47NRPddVKP2Ti/W8b4d -UiB5EuorYCYvrYFT8ewt7N1t5guZ1N6JrBPkceAw5ilKtZMjdRCwSAHHkOME5kOQ -fHb+jElu87fCXa4X4YNhiSDzwel1GSdsiDr4LueRliebDD2tLjQ3wrFid+38xZvl -yfw/ere8fCOPSMn82yIHFPSWBZXKpK8ryoeSKUBhph/yOmnSFmucVqTIQdjwOpIL -Qw9Ox7trAgMBAAECggEAOZAMvsCh/NDfobpVddJL6JTPzBRvBQ1H3+rp9z5+ItHL -nq3Fw5aeynnn5IETJnLlgT+GSgSWqoWxV/N3oia40YsATs/bqo7VW1e0ldj43TIR -m/c25XRxl3U6m/H4vqhv4rkTLUvv6hNGvRiI/3W8DJQVRvlK0+S5FlhKIJV1R0sH -tp5vmaPp09Ln+NVno3u3iaYkVgVME4Ukul2i03sQ9OgvZSBCaVr//fMpiPdBeeN6 -QY6XHjeGQRnP/UdzMYJ4Qz1yovL1ntneaTMdz/GkKuAFoNNh8Vr2kiEskW17OWPB -ZGcIT6YpBEPo34xXUhUQt7ylFPxGH+zZyHZ3vb8j6QKBgQDJPeu/iPg+M5nz5gO5 -ge9gzYrhxK/1mwbFlD7qt1NjOSm6xWxUcss3STjuG7jB0c+NopIUoq/egsUnxrRm -4l17uOCYNLbhTJ2ynfv6QnUMxW5Xkve3DkLa2bze/fhMUywTy8N4A7z0+y35qzm3 -lY4rLmQOQKPkmqWRnxU1u8fjFQKBgQDEfpOZ0fp2D/1gTG+D+/zrMEbjnNn3ZO8I -wrjoXwRxcRggt7lJhxgQpwtDr98IqYkDzX7bvyMFJuyTii3NM6NYycpA1pHX70B/ -xMvOcrgJnIUAoJ7nl43Or7s8bFTPDLaD9PNGHjrlkF3JOXqSKEbw367jHVOa4SYr -OjrogjrEfwKBgQDHU2a7ax5+9btqggx0ZQfGOTBzmM60lZ3qe4CqGXUl1YvIrB01 -tBImq4cRCTJB/9/1qO3KNK2/1oUTddRgB5ySnDcRaz0tASc9sQ/Q/JxVTwSRB0gG -78A2Zu6VbLbQWp1Q6kWtDP7PJC+QmRFtDlwn1yZRm6L6HlcaWpi2hU1iVQKBgCEu -ashv8Aad3qCzZ6V3GReyOFZZd2lSjxcAou8ClKJ/gZ6Mx+pFuOee/cT5XwV8c5nD -yuda2JQXJZ4omGFtlej5coEOeuRnD5JD7lK3hqKA3ujjNtJPAnBjto+Wj5/DOtL/ -u1Ec6782aNABN9SUnp4wd7z8h9DAsoxcMfRvgXMLAoGBAJ9gGttfqZbuPz9V0rAo -p05SPPado1i5+2dUOScIbNB6+vQij9IlR2Tzu1T9DwzrBqTDPPmSggeA/JXeTvh6 -Skb9fDukizeDfwPYUN2gljhiJEqFdpRBr5vP0lFi291+a0jMW1zldrumxCcGKMyU -D5ReKLp/zSQSQi/Wt4FF1II7 ------END PRIVATE KEY----- diff --git a/FDBLibTLS/testdata/test-5-client.pem b/FDBLibTLS/testdata/test-5-client.pem deleted file mode 100644 index a7b8ef6235..0000000000 --- a/FDBLibTLS/testdata/test-5-client.pem +++ /dev/null @@ -1,80 +0,0 @@ -subject= C = AU, ST = New South Wales, L = Sydney, O = Apple Pty Limited, OU = FDB Team, CN = "FDB LibTLS Plugin Test Client 2, \C2\80 <\01+\02=\03>" -issuer= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Intermediate CA 2 -subject= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Intermediate CA 2 -issuer= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Root CA ------BEGIN CERTIFICATE----- -MIIEEzCCAvugAwIBAgIJALOPTrQGpesmMA0GCSqGSIb3DQEBBQUAMIGRMQswCQYD -VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJQ3VwZXJ0aW5v -MRMwEQYDVQQKDApBcHBsZSBJbmMuMREwDwYDVQQLDAhGREIgVGVhbTExMC8GA1UE -AwwoRkRCIExpYlRMUyBQbHVnaW4gVGVzdCBJbnRlcm1lZGlhdGUgQ0EgMjAeFw0x -ODA0MDcxNDE2MDJaFw0yODA0MDQxNDE2MDJaMIGdMQswCQYDVQQGEwJBVTEYMBYG -A1UECAwPTmV3IFNvdXRoIFdhbGVzMQ8wDQYDVQQHDAZTeWRuZXkxGjAYBgNVBAoM -EUFwcGxlIFB0eSBMaW1pdGVkMREwDwYDVQQLDAhGREIgVGVhbTE0MDIGA1UEAwwr -RkRCIExpYlRMUyBQbHVnaW4gVGVzdCBDbGllbnQgMiwgwoAgPAErAj0DPjCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALanLExQi/yK2PRyu6Mvdw2MRxUs -26kJftYuK7KtYyltTO3vtj4kNKg1vZI1eezhqr2Ta/1DzE76eLVs8EOW0LAb5oWM -zXdYBXBX4vG+K7pYfjuvZUd6jfX2bHW10xC96HgDTfRn6dof8GR0fILJ6DoEcyI3 -82xnKKxTsgAuXU4uvcsl0g0F78nXuIbk8ZktTV3LIdbOCIcLQfG7DdDyAfEA0T7Q -Vg6eeLknIUvPePxyWkUdYeSCDP2d+3NIlHMxNPmH1q3+fCsEsy/kqdVO9e6KrZla -CKqnc6yYTXvTffpPepC3Igz678iGg3dv9rLj0i4fyTr4tEOTJebO9Ka3TbMCAwEA -AaNgMF4wHQYDVR0OBBYEFKO2/D1IhG8KWFwR6OdyoFqEzIWAMB8GA1UdIwQYMBaA -FJFP+HFpDrD0BRU0yE606s6xkqFBMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQD -AgeAMA0GCSqGSIb3DQEBBQUAA4IBAQAQV3FjsvZvwi5Oi/oSc7Du/BQS9nQ/D4j6 -IeYpd3M0y50awZB83BReYrhdC907xKkLRD0R8oEPDEg5SaSj3vRML4kaUUqnEINW -4JQtv4wNO9CagYriGg8ygQa0xd683svHeXDet3ov11XN/Ms8lfDiOUp2291HgeTW -8hqn1DaNfZrCb3EkdoNThwVKIUzQtEPBuPkLE+XT8kZP5d8KHmv8/9L39NdZY32d -fzKGBeCxZ34pQS0cTap3rZ02nDfV2vNevODRyuqdhs7EQps2Oe1IfPB9GSE0OFUQ -tdphxSjsv1BcHpTwBDpIITKarnceMIKxQjcZU3yPv5ibIaGCgZOt ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEADCCAuigAwIBAgIJALOPTrQGpesiMA0GCSqGSIb3DQEBBQUAMIGHMQswCQYD -VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJQ3VwZXJ0aW5v -MRMwEQYDVQQKDApBcHBsZSBJbmMuMREwDwYDVQQLDAhGREIgVGVhbTEnMCUGA1UE -AwweRkRCIExpYlRMUyBQbHVnaW4gVGVzdCBSb290IENBMB4XDTE4MDQwNzE0MTYw -MVoXDTI4MDQwNDE0MTYwMVowgZExCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxp -Zm9ybmlhMRIwEAYDVQQHDAlDdXBlcnRpbm8xEzARBgNVBAoMCkFwcGxlIEluYy4x -ETAPBgNVBAsMCEZEQiBUZWFtMTEwLwYDVQQDDChGREIgTGliVExTIFBsdWdpbiBU -ZXN0IEludGVybWVkaWF0ZSBDQSAyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB -CgKCAQEApTSBCiUb0amf+QRV2WY6b3bK93D/PSrm4KR/2m2V0lciU1DAk00/kZ52 -ZIZmq8g9EaE2+CaDtU0fMvDZpaZD+vTFRwsx4varehq0ZwX9Wt25i/3G/eGLNlD3 -9E4tDNruK5UQjum4nJ0SV+AdFEGkSfeU3ZJEHYH0NrcbyAUbh0KeWCSwHiYiFJJf -gBYwRq/HdKNoS/4YvLXzTLR7BSm3YcqWlO5tdkJ2lcT/7Th/Hq1TCW/FKwdQJJBq -JrbOYGlMrf1pLO7Drei/xhsYkwTQ899MhSjkBRhc+401p41Mky0n8wLkuPJGhoY3 -9QUOjT+Rmvq5yryg0eWGiFquk6Ru5QIDAQABo2MwYTAdBgNVHQ4EFgQUkU/4cWkO -sPQFFTTITrTqzrGSoUEwHwYDVR0jBBgwFoAUnqtGja3O5jGlh5vHgp3Tf8NCPKkw -DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQAD -ggEBAJfCHU7dm2/2ASyt3wyxivQLxlV6FsEZcF7HcpbbxuB73frGOL4kEoOxvr2X -fBGyjlPMotbc1MeAalAv+hVHdcAcBFPF7lxtYiV6D7YI5T5yVbWSASG3+DMAiW6S -GdQi2eyeh00nH7Y1IkW+yaky0enBtWLzrw+XzHl6xT6DIEJnir//PNxvgXTJ5sjk -6eFAm8HJIqkNQmgfChMQfUH6nm66WwULW6I117RCSkXhIgxZ7wzDq8bXcEdXCrZk -yy5ket9OiVpbd38JgdYirBLmCQVq0uDOOPLz4ZJmNCzQzEt+38AAK2azAk/eb8W9 -JaKWH+5V8lhlyGw1zQKdNEP/wg8= ------END CERTIFICATE----- ------BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC2pyxMUIv8itj0 -crujL3cNjEcVLNupCX7WLiuyrWMpbUzt77Y+JDSoNb2SNXns4aq9k2v9Q8xO+ni1 -bPBDltCwG+aFjM13WAVwV+Lxviu6WH47r2VHeo319mx1tdMQveh4A030Z+naH/Bk -dHyCyeg6BHMiN/NsZyisU7IALl1OLr3LJdINBe/J17iG5PGZLU1dyyHWzgiHC0Hx -uw3Q8gHxANE+0FYOnni5JyFLz3j8clpFHWHkggz9nftzSJRzMTT5h9at/nwrBLMv -5KnVTvXuiq2ZWgiqp3OsmE170336T3qQtyIM+u/IhoN3b/ay49IuH8k6+LRDkyXm -zvSmt02zAgMBAAECggEAU2sYHSZwOH+FRGcd8RJdcg+N60rYa2QNzG27wVfUwPfN -OaHP/qN0dRpOIPdRXvFVlE0+9aVAKxXTiTBers+zMascZgP/VrEZksxgtn1e5TVD -OakKPVHogdvwfvXylmPVRvJjaOsIb3lExew5bVYfPFgJ6Sfagbi/Z6y1z8VdEbYb -mI34KSZA4bBAMAHPZLa9TGEx/vbPsBlqpU6k8lcoy3cTkO5fCZW4ZZIpwBwef4uJ -UozhRgtTtRBiUpk0F9IoOXonZY1Dtpg+HcDMti/FYgahBVe1hadJ+lbVTxH6GxyI -NJYvptdq5S99UOoJDmCCih0v0ZCUNYWoO0I0vzNncQKBgQDemN7es2fIBstiPjOf -p103DF5j9Uxq5YH9B3wli0CXf6Z2w5uosONoJWgJZKsHJ6f+YSuHsoE/eCrFF3U9 -lxT9Nie/wYYIGedly/VR143aCdiTXI44m5gxXgwaUcjvY1DpWyEAAmr5XNdoyZ5n -LNTvOTb4vVo9SgDU7II7rdpRmwKBgQDSD9aBtIy/650suQK/9RiXRU0Kg7LXXVM5 -lavPgLvH55lufJeGSa8+ofCNeo31N4AaVuU4lkGeny9tLNBQbYAoyAz0lf51qK7B -1u5JqBDyRrIpdkqwbT0FT1pu1LA3+Qg0KQBrTCnOx+YyyVSivR4YMZzJjmwZGKMg -BWOi0PzhyQKBgGR44dfpaIWbs39zjf+ZHnTza0N4+/YgA60/DKUxloULRArFPeRF -e0+N2siqnJvNJYGnQGuugbIxPjTZ4rxbDklAgW6HHkVX099Z0TAQuGFbIltZYoRg -jrBxv8q9cZHD5Uh/LoT/kmNdqYkNwCbX0IDt9UcOyMVzOq7g1eO0FB/TAoGBAMaG -tWIsMwGHOip0SAcHKtB8bI1NXo5v4yH/NDuOHOqXFcj383S02uzEu8XaV6Ozalx6 -V3SdfTLem0IBIneApajlOGlIAQ9N9qu358ixECMJcYQCCiCnfQ4xqvQoCss7judN -ANpnRvPotMS2xkhvl6uh594NvlgRksnGjh3oibcRAoGBAJKiu5ajmIkelzAhFMEC -Slxhg/E+djJ1/SG/FaF8zIyTOxre/QUvmTwFKtHe6A5EfKQo9GCTuHuAcJ1U7eQP -l2BoY0POqJFpw3s/QOt4g/pOz0YjD9GD6awL5WDfO++s4mnI1Snc3wcu99N4Klax -htsaEUECJBUF0ZpIFad73s2f ------END PRIVATE KEY----- diff --git a/FDBLibTLS/testdata/test-5-server.pem b/FDBLibTLS/testdata/test-5-server.pem deleted file mode 100644 index 7003635905..0000000000 --- a/FDBLibTLS/testdata/test-5-server.pem +++ /dev/null @@ -1,80 +0,0 @@ -subject= C = AU, ST = New South Wales, L = Sydney, O = Apple Pty Limited, OU = FDB Team, CN = "FDB LibTLS Plugin Test Server 2, \C2\80 <\01+\02=\03>" -issuer= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Intermediate CA 2 -subject= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Intermediate CA 2 -issuer= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Root CA ------BEGIN CERTIFICATE----- -MIIEEzCCAvugAwIBAgIJALOPTrQGpeskMA0GCSqGSIb3DQEBBQUAMIGRMQswCQYD -VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJQ3VwZXJ0aW5v -MRMwEQYDVQQKDApBcHBsZSBJbmMuMREwDwYDVQQLDAhGREIgVGVhbTExMC8GA1UE -AwwoRkRCIExpYlRMUyBQbHVnaW4gVGVzdCBJbnRlcm1lZGlhdGUgQ0EgMjAeFw0x -ODA0MDcxNDE2MDJaFw0yODA0MDQxNDE2MDJaMIGdMQswCQYDVQQGEwJBVTEYMBYG -A1UECAwPTmV3IFNvdXRoIFdhbGVzMQ8wDQYDVQQHDAZTeWRuZXkxGjAYBgNVBAoM -EUFwcGxlIFB0eSBMaW1pdGVkMREwDwYDVQQLDAhGREIgVGVhbTE0MDIGA1UEAwwr -RkRCIExpYlRMUyBQbHVnaW4gVGVzdCBTZXJ2ZXIgMiwgwoAgPAErAj0DPjCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALAolQZIGMeL5w/Bu2X6lHWjO58u -+HUDtBmr37So4jazhZBSFDBg+QlRMiYGLev9EhvCrUsVcRwtvtcuMI3wfKl7qgbi -ZX8zmrzZ3YJo9U47NzCa05faOl8uSBvuXuXUBLU342WFP8XDB1W8yOBQMK73xoFv -DkcxURx9ZtOhdC3EgYKrFqOB1Azl1DB4gLV3h9rHW5QpQ8SqD9CyggcDBpDeZQIP -+4l5YFE9Nb4kEUTscz2wGn4TdHMmcnVpfUxp1Y2o8Umvh4llXHIPhximGb3JJ4QQ -Sir4ZXeeoooWoJG0sdlqVLroKav/VMGtEu9LyfbrNdKnTJq3ceVQ+HJ2hlMCAwEA -AaNgMF4wHQYDVR0OBBYEFH61Z8O9vFsVdhM4MBU3poX2UMTEMB8GA1UdIwQYMBaA -FJFP+HFpDrD0BRU0yE606s6xkqFBMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQD -AgeAMA0GCSqGSIb3DQEBBQUAA4IBAQCVbxlLGIBCo6/XXjqoMyZc7uQZJj7pGnwh -nIMs2izCLfax8j+QrThO2Qjn03zT/WF8eG6ibPbjgnw3VFwCkV6oQ+BXG6Yt0xqP -4rz1LzxSio6HSm26gSk4SQUsVoAtz3OImoTCFVfz+Mixe87pyVXXEEtCYvfU74H9 -I1WGyNkWAxiJbqeIxF5PKoc3EdnT5mfdC6sdeGm7t2neeS8PDFQtJ4UfVIEK5z1C -MOfQILNkLX2nBYxNqKpV66zf68VZNN9002ZH2FITGqImpj74BEws3sheiuZySdoI -wnAwRnymIMfAmkf9C7Q2ugId0YMMyesaWrIwSlXlJOHGsA1VrBRD ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEADCCAuigAwIBAgIJALOPTrQGpesiMA0GCSqGSIb3DQEBBQUAMIGHMQswCQYD -VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJQ3VwZXJ0aW5v -MRMwEQYDVQQKDApBcHBsZSBJbmMuMREwDwYDVQQLDAhGREIgVGVhbTEnMCUGA1UE -AwweRkRCIExpYlRMUyBQbHVnaW4gVGVzdCBSb290IENBMB4XDTE4MDQwNzE0MTYw -MVoXDTI4MDQwNDE0MTYwMVowgZExCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxp -Zm9ybmlhMRIwEAYDVQQHDAlDdXBlcnRpbm8xEzARBgNVBAoMCkFwcGxlIEluYy4x -ETAPBgNVBAsMCEZEQiBUZWFtMTEwLwYDVQQDDChGREIgTGliVExTIFBsdWdpbiBU -ZXN0IEludGVybWVkaWF0ZSBDQSAyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB -CgKCAQEApTSBCiUb0amf+QRV2WY6b3bK93D/PSrm4KR/2m2V0lciU1DAk00/kZ52 -ZIZmq8g9EaE2+CaDtU0fMvDZpaZD+vTFRwsx4varehq0ZwX9Wt25i/3G/eGLNlD3 -9E4tDNruK5UQjum4nJ0SV+AdFEGkSfeU3ZJEHYH0NrcbyAUbh0KeWCSwHiYiFJJf -gBYwRq/HdKNoS/4YvLXzTLR7BSm3YcqWlO5tdkJ2lcT/7Th/Hq1TCW/FKwdQJJBq -JrbOYGlMrf1pLO7Drei/xhsYkwTQ899MhSjkBRhc+401p41Mky0n8wLkuPJGhoY3 -9QUOjT+Rmvq5yryg0eWGiFquk6Ru5QIDAQABo2MwYTAdBgNVHQ4EFgQUkU/4cWkO -sPQFFTTITrTqzrGSoUEwHwYDVR0jBBgwFoAUnqtGja3O5jGlh5vHgp3Tf8NCPKkw -DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQAD -ggEBAJfCHU7dm2/2ASyt3wyxivQLxlV6FsEZcF7HcpbbxuB73frGOL4kEoOxvr2X -fBGyjlPMotbc1MeAalAv+hVHdcAcBFPF7lxtYiV6D7YI5T5yVbWSASG3+DMAiW6S -GdQi2eyeh00nH7Y1IkW+yaky0enBtWLzrw+XzHl6xT6DIEJnir//PNxvgXTJ5sjk -6eFAm8HJIqkNQmgfChMQfUH6nm66WwULW6I117RCSkXhIgxZ7wzDq8bXcEdXCrZk -yy5ket9OiVpbd38JgdYirBLmCQVq0uDOOPLz4ZJmNCzQzEt+38AAK2azAk/eb8W9 -JaKWH+5V8lhlyGw1zQKdNEP/wg8= ------END CERTIFICATE----- ------BEGIN PRIVATE KEY----- -MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCwKJUGSBjHi+cP -wbtl+pR1ozufLvh1A7QZq9+0qOI2s4WQUhQwYPkJUTImBi3r/RIbwq1LFXEcLb7X -LjCN8Hype6oG4mV/M5q82d2CaPVOOzcwmtOX2jpfLkgb7l7l1AS1N+NlhT/FwwdV -vMjgUDCu98aBbw5HMVEcfWbToXQtxIGCqxajgdQM5dQweIC1d4fax1uUKUPEqg/Q -soIHAwaQ3mUCD/uJeWBRPTW+JBFE7HM9sBp+E3RzJnJ1aX1MadWNqPFJr4eJZVxy -D4cYphm9ySeEEEoq+GV3nqKKFqCRtLHZalS66Cmr/1TBrRLvS8n26zXSp0yat3Hl -UPhydoZTAgMBAAECggEAVD60NlLYduXzVNfDtVuHEFNGOjSOYfepc/V8gLubo6lr -IMAAI7rcnpYUM5cU8x0OQfRyR8wzUdSWxfWzBs6R78PSZoRzIcgeIl7Wzn0/g3BS -To5czuxwqgBKQAFZpPQmZDwcJfr5qqxAn8IvFweCoMqiRlhELcvqDIP0XxWBqDjc -TNJ988XzZXQmJbjjpWOkUBy2Uqz8lZt8MmxKFpW7SW4tBJwPphnorgjWfjCV/VEh -ORio0rG74NHFo4f1TSrdU2BcB2cbVJ4B+bcUYRdvYmS5bmokhGF8vir0l43gUEdz -Fyk6MaPrTI6cinqzenm3q/0eRvNhBE56U0tiGLn14QKBgQDkCkt1Y4LEboSwsVYl -IXriStqj9p9MOizihh0enhzRXTTQuLX82fNi+bh1LAluwv290Q57pvKa+hB/YciB -o4s7QfSojxQY9DxqvXN7CvxPWXHTyFY5sL4Rm807+C/a9rd39MxBynz9u/7YRvsA -s8v8Y/01qIHnTo+mpDvu6HttWwKBgQDFwdRkgstuE+dXZZe8g1ivh3RNPa968TE3 -b8rzF9/nOJV7f6B/n6YEmHD/cHF5mm1bR+zt/jtf1NCRMpazchw3vT3JzQZYMDnM -SD6vxTs5rG47QLiNyTIRmmD4gsEWBpyvoyP8E/9QdfDT1bWI5zZnky9CquRlN+cu -J1bTsefEaQKBgGJsRxFNd91MThztDV9NSfptkFyAT1TZLxI+DEdwusNqVSdY8cNG -VpP7cC+yaAfURSwuFPAtqDxXfdNc4uuBKNDUsMInrubuUz1Gs5cBsNCWrFhZ+U1B -CWgUNMqTXiRFo/40PAyRVs003NOAH0m4UGyIw3rrVdX9xGaKMAv3b35NAoGATkkl -I4UDs1f9xQNaxi3Y9ePRjqJUzX6d1SxUU1eoM4ia5IDpsJwqxLb0RKrmwRT5JaGb -kbuLFazRxCkar38E3Kv1weWAFXlB6DTRXBPgFjzEhoBgjwCO6ZkLulVIysdjT8Rt -gmUINXn7FGENtFyTlP0XQHUWZVt0ETlRjgxni8ECgYBYv6MoSr0iPjQpxeKvwFDz -d9zE+ZXN+3GwtkI340lKRSc/f0Uq1TlC2w+DzjyyXcrBwubMQKTKcQQSH9f3YbMu -DuxVE9AXdlQ1gSQHGjS0qUWwsS/8Xcjk8ZuduAXPGr/MsvsW+FbbZqG8qdZTeMHu -MSTpOxu9HXC8SHML+y0cpw== ------END PRIVATE KEY----- diff --git a/FDBLibTLS/testdata/test-ca-1.pem b/FDBLibTLS/testdata/test-ca-1.pem new file mode 100644 index 0000000000..e833d4e19a --- /dev/null +++ b/FDBLibTLS/testdata/test-ca-1.pem @@ -0,0 +1,26 @@ +subject= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Root CA 1 +issuer= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Root CA 1 +-----BEGIN CERTIFICATE----- +MIID+jCCAuKgAwIBAgIJAJkdwMd9MHxpMA0GCSqGSIb3DQEBCwUAMIGJMQswCQYD +VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJQ3VwZXJ0aW5v +MRMwEQYDVQQKDApBcHBsZSBJbmMuMREwDwYDVQQLDAhGREIgVGVhbTEpMCcGA1UE +AwwgRkRCIExpYlRMUyBQbHVnaW4gVGVzdCBSb290IENBIDEwHhcNMTgwNDI2MTYz +NTU0WhcNMjgwNDIzMTYzNTU0WjCBiTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNh +bGlmb3JuaWExEjAQBgNVBAcMCUN1cGVydGlubzETMBEGA1UECgwKQXBwbGUgSW5j +LjERMA8GA1UECwwIRkRCIFRlYW0xKTAnBgNVBAMMIEZEQiBMaWJUTFMgUGx1Z2lu +IFRlc3QgUm9vdCBDQSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +vfuzumqT8vHWNOwLPnXLJitIJ7vH9leTcWq05/PfeUUyaPDbt1u9ZRFyexew+q3A +DUNKKOrbo53B+aVipxmqmfo8w6jWzv90MpnCOTEQOHeJyiBTUG99yafy9PCE2KDg +T0dXayOeKPjAoTrHDYkZmd2lA7+V+upz7R7bNDjotLW/BctVllc5fw+ky1hWAKqj +Buda0ZNElCI78U9f2aMK41/J5vLaQzQvZ68m5cgKUQ6TwWZ0ZX4p9w5aqiLRlvK+ +Wo+lYe0IFXShX73QIAlcFo+apOZG652VmMXk7vzo8llbxC6s93bwm/WxZ7K3St3O +ttcIiE6mIoG94V0Xzby/fQIDAQABo2MwYTAdBgNVHQ4EFgQUCFkAB0WIBjGP84hL +whmqKiBbyXgwHwYDVR0jBBgwFoAUCFkAB0WIBjGP84hLwhmqKiBbyXgwDwYDVR0T +AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBABLO +dQJuW85pcOhvMf1eaMfNGaKraX/r/+a0TsbbbSDqOKhytqk7JQkGEEzyBuJhfRmG +/jXkikWAId4SBBR67FVcwyqnegzY4ObFeH22hAjfGqL1HDDu+bcpPIJzGN1CqOXB +DVjAo1tKILP2fAVHyFNGKCk60zECtXv7QfkqjMu29kMgkK0dofGIAQeYpJP1WBtH +DUTvzdjv6nBBYMLtJV1TexcSMPn4fAKDfD6uWYSeGhP6J0mfYNHOE2Sn0MuM3+yE +vrPLiCmNctnnWfcIWiUOXA9BF84MWwglK0UETR1CEONvvdpqlmvGf3G8S1r8P0MF +B8mQBTsexWGMb2NTeaY= +-----END CERTIFICATE----- diff --git a/FDBLibTLS/testdata/test-ca-2.pem b/FDBLibTLS/testdata/test-ca-2.pem new file mode 100644 index 0000000000..3efad2691d --- /dev/null +++ b/FDBLibTLS/testdata/test-ca-2.pem @@ -0,0 +1,26 @@ +subject= C = AU, ST = New South Wales, L = Sydney, O = Apple Pty Limited, OU = FDB Team, CN = FDB LibTLS Plugin Test Root CA 2 +issuer= C = AU, ST = New South Wales, L = Sydney, O = Apple Pty Limited, OU = FDB Team, CN = FDB LibTLS Plugin Test Root CA 2 +-----BEGIN CERTIFICATE----- +MIIEDDCCAvSgAwIBAgIJAOikTZQKEq0VMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYD +VQQGEwJBVTEYMBYGA1UECAwPTmV3IFNvdXRoIFdhbGVzMQ8wDQYDVQQHDAZTeWRu +ZXkxGjAYBgNVBAoMEUFwcGxlIFB0eSBMaW1pdGVkMREwDwYDVQQLDAhGREIgVGVh +bTEpMCcGA1UEAwwgRkRCIExpYlRMUyBQbHVnaW4gVGVzdCBSb290IENBIDIwHhcN +MTgwNDI2MTYzNTU0WhcNMjgwNDIzMTYzNTU0WjCBkjELMAkGA1UEBhMCQVUxGDAW +BgNVBAgMD05ldyBTb3V0aCBXYWxlczEPMA0GA1UEBwwGU3lkbmV5MRowGAYDVQQK +DBFBcHBsZSBQdHkgTGltaXRlZDERMA8GA1UECwwIRkRCIFRlYW0xKTAnBgNVBAMM +IEZEQiBMaWJUTFMgUGx1Z2luIFRlc3QgUm9vdCBDQSAyMIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEAlZBDX6/eZDsu8JrEE3rgBcq8qRSAAhcI3B4PRz8K +NgwRGGq+8BrjsTRMqFdl8GpUDbzFKzpZ3I849GwkK+S0YU86dAQa0aORL5oEBisM +wjxDSRe3qyFZBnyJJkVo9BqF3wJhGCnWYNtFQ5OWnBKS3ZPf9jUGGL1q8ZFMoK/T +z5o0KmjH2VIAIW/Jz8Ouf3XQUHG3qC1C6l//BPqKWhxE0dYcDKBTSNMeI/NOsJ2X +PJn4g4NG+SYurQwTFYuFUTIig4p7Zu68VvgyNK/sgWoiR47AyyC9Lc5/Ojr0GMUp +zOhPEUba7ZnSgSlQLFdOyuKPO9LnaRLZ2C0uaW7ZHcXVMwIDAQABo2MwYTAdBgNV +HQ4EFgQU/DxpqnpxElyiZZHTJBmO7bTajGcwHwYDVR0jBBgwFoAU/DxpqnpxElyi +ZZHTJBmO7bTajGcwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJ +KoZIhvcNAQELBQADggEBAE7VijzPBR7ouPkAQI6OEe8iWiaNE2OziZhOofai84ky +ExhGrd5NAC7eSLiIe/iXL1T0XobMwxh+hglz9zqCQ8xOLtH2z3xH97KSehnb/psM +Zz/7fOyHlj3MorRl9xpi7ncz9IY60hKAeYQ8JxSz5Wp/9KyXP+JPGCcnDal7AphW +adesPBGh6eGeAY0EDstETBsm1uMg99ABWeJk/moOlK/8F05lHUa15Pkyxx//S/cf +tKJUUcj8COm8vXvEFIBPi2FH8DKZMLFG8Ld/9N+lfDgp0r1yERxdWK4aB22iRoTL +LX97Vky4ozfdldIFBi2tzYggraPlgVn+Rxza6XXc2xA= +-----END CERTIFICATE----- diff --git a/FDBLibTLS/testdata/test-ca-all.pem b/FDBLibTLS/testdata/test-ca-all.pem new file mode 100644 index 0000000000..8300ccccd9 --- /dev/null +++ b/FDBLibTLS/testdata/test-ca-all.pem @@ -0,0 +1,52 @@ +subject= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Root CA 1 +issuer= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Root CA 1 +-----BEGIN CERTIFICATE----- +MIID+jCCAuKgAwIBAgIJAJkdwMd9MHxpMA0GCSqGSIb3DQEBCwUAMIGJMQswCQYD +VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJQ3VwZXJ0aW5v +MRMwEQYDVQQKDApBcHBsZSBJbmMuMREwDwYDVQQLDAhGREIgVGVhbTEpMCcGA1UE +AwwgRkRCIExpYlRMUyBQbHVnaW4gVGVzdCBSb290IENBIDEwHhcNMTgwNDI2MTYz +NTU0WhcNMjgwNDIzMTYzNTU0WjCBiTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNh +bGlmb3JuaWExEjAQBgNVBAcMCUN1cGVydGlubzETMBEGA1UECgwKQXBwbGUgSW5j +LjERMA8GA1UECwwIRkRCIFRlYW0xKTAnBgNVBAMMIEZEQiBMaWJUTFMgUGx1Z2lu +IFRlc3QgUm9vdCBDQSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +vfuzumqT8vHWNOwLPnXLJitIJ7vH9leTcWq05/PfeUUyaPDbt1u9ZRFyexew+q3A +DUNKKOrbo53B+aVipxmqmfo8w6jWzv90MpnCOTEQOHeJyiBTUG99yafy9PCE2KDg +T0dXayOeKPjAoTrHDYkZmd2lA7+V+upz7R7bNDjotLW/BctVllc5fw+ky1hWAKqj +Buda0ZNElCI78U9f2aMK41/J5vLaQzQvZ68m5cgKUQ6TwWZ0ZX4p9w5aqiLRlvK+ +Wo+lYe0IFXShX73QIAlcFo+apOZG652VmMXk7vzo8llbxC6s93bwm/WxZ7K3St3O +ttcIiE6mIoG94V0Xzby/fQIDAQABo2MwYTAdBgNVHQ4EFgQUCFkAB0WIBjGP84hL +whmqKiBbyXgwHwYDVR0jBBgwFoAUCFkAB0WIBjGP84hLwhmqKiBbyXgwDwYDVR0T +AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBABLO +dQJuW85pcOhvMf1eaMfNGaKraX/r/+a0TsbbbSDqOKhytqk7JQkGEEzyBuJhfRmG +/jXkikWAId4SBBR67FVcwyqnegzY4ObFeH22hAjfGqL1HDDu+bcpPIJzGN1CqOXB +DVjAo1tKILP2fAVHyFNGKCk60zECtXv7QfkqjMu29kMgkK0dofGIAQeYpJP1WBtH +DUTvzdjv6nBBYMLtJV1TexcSMPn4fAKDfD6uWYSeGhP6J0mfYNHOE2Sn0MuM3+yE +vrPLiCmNctnnWfcIWiUOXA9BF84MWwglK0UETR1CEONvvdpqlmvGf3G8S1r8P0MF +B8mQBTsexWGMb2NTeaY= +-----END CERTIFICATE----- +subject= C = AU, ST = New South Wales, L = Sydney, O = Apple Pty Limited, OU = FDB Team, CN = FDB LibTLS Plugin Test Root CA 2 +issuer= C = AU, ST = New South Wales, L = Sydney, O = Apple Pty Limited, OU = FDB Team, CN = FDB LibTLS Plugin Test Root CA 2 +-----BEGIN CERTIFICATE----- +MIIEDDCCAvSgAwIBAgIJAOikTZQKEq0VMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYD +VQQGEwJBVTEYMBYGA1UECAwPTmV3IFNvdXRoIFdhbGVzMQ8wDQYDVQQHDAZTeWRu +ZXkxGjAYBgNVBAoMEUFwcGxlIFB0eSBMaW1pdGVkMREwDwYDVQQLDAhGREIgVGVh +bTEpMCcGA1UEAwwgRkRCIExpYlRMUyBQbHVnaW4gVGVzdCBSb290IENBIDIwHhcN +MTgwNDI2MTYzNTU0WhcNMjgwNDIzMTYzNTU0WjCBkjELMAkGA1UEBhMCQVUxGDAW +BgNVBAgMD05ldyBTb3V0aCBXYWxlczEPMA0GA1UEBwwGU3lkbmV5MRowGAYDVQQK +DBFBcHBsZSBQdHkgTGltaXRlZDERMA8GA1UECwwIRkRCIFRlYW0xKTAnBgNVBAMM +IEZEQiBMaWJUTFMgUGx1Z2luIFRlc3QgUm9vdCBDQSAyMIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEAlZBDX6/eZDsu8JrEE3rgBcq8qRSAAhcI3B4PRz8K +NgwRGGq+8BrjsTRMqFdl8GpUDbzFKzpZ3I849GwkK+S0YU86dAQa0aORL5oEBisM +wjxDSRe3qyFZBnyJJkVo9BqF3wJhGCnWYNtFQ5OWnBKS3ZPf9jUGGL1q8ZFMoK/T +z5o0KmjH2VIAIW/Jz8Ouf3XQUHG3qC1C6l//BPqKWhxE0dYcDKBTSNMeI/NOsJ2X +PJn4g4NG+SYurQwTFYuFUTIig4p7Zu68VvgyNK/sgWoiR47AyyC9Lc5/Ojr0GMUp +zOhPEUba7ZnSgSlQLFdOyuKPO9LnaRLZ2C0uaW7ZHcXVMwIDAQABo2MwYTAdBgNV +HQ4EFgQU/DxpqnpxElyiZZHTJBmO7bTajGcwHwYDVR0jBBgwFoAU/DxpqnpxElyi +ZZHTJBmO7bTajGcwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJ +KoZIhvcNAQELBQADggEBAE7VijzPBR7ouPkAQI6OEe8iWiaNE2OziZhOofai84ky +ExhGrd5NAC7eSLiIe/iXL1T0XobMwxh+hglz9zqCQ8xOLtH2z3xH97KSehnb/psM +Zz/7fOyHlj3MorRl9xpi7ncz9IY60hKAeYQ8JxSz5Wp/9KyXP+JPGCcnDal7AphW +adesPBGh6eGeAY0EDstETBsm1uMg99ABWeJk/moOlK/8F05lHUa15Pkyxx//S/cf +tKJUUcj8COm8vXvEFIBPi2FH8DKZMLFG8Ld/9N+lfDgp0r1yERxdWK4aB22iRoTL +LX97Vky4ozfdldIFBi2tzYggraPlgVn+Rxza6XXc2xA= +-----END CERTIFICATE----- diff --git a/FDBLibTLS/testdata/test-client-1.pem b/FDBLibTLS/testdata/test-client-1.pem new file mode 100644 index 0000000000..5732d03cf6 --- /dev/null +++ b/FDBLibTLS/testdata/test-client-1.pem @@ -0,0 +1,80 @@ +subject= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Client 1 +issuer= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Intermediate CA 1 +subject= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Intermediate CA 1 +issuer= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Root CA 1 +-----BEGIN CERTIFICATE----- +MIID/jCCAuagAwIBAgIJALOPTrQGpet4MA0GCSqGSIb3DQEBBQUAMIGRMQswCQYD +VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJQ3VwZXJ0aW5v +MRMwEQYDVQQKDApBcHBsZSBJbmMuMREwDwYDVQQLDAhGREIgVGVhbTExMC8GA1UE +AwwoRkRCIExpYlRMUyBQbHVnaW4gVGVzdCBJbnRlcm1lZGlhdGUgQ0EgMTAeFw0x +ODA0MjYxNjM1NTVaFw0yODA0MjMxNjM1NTVaMIGIMQswCQYDVQQGEwJVUzETMBEG +A1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJQ3VwZXJ0aW5vMRMwEQYDVQQKDApB +cHBsZSBJbmMuMREwDwYDVQQLDAhGREIgVGVhbTEoMCYGA1UEAwwfRkRCIExpYlRM +UyBQbHVnaW4gVGVzdCBDbGllbnQgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBANj3q3KYExHaOLkrzc+rAHl90pc8/msBoc5CZ+nVHBfyCNkOllNtUh8+ +sSzpkfWJB+XqQhFCj5T9nudwnaTYHASfd9QJ/sf5ImlzP1WiKJFMbxyDMtaRkHkS +KvnMhSquZHdy3UBMKTzUBbSAMHa1YB69BmWYnaUMo6tMyURWMVYIiIR6hP/JOQEi +69iK4IHyCkZBIBim0YFaTm//DD9wMpPQ9WKQCLVvOWXkKzC46onT1B0hQqURab4Y +Tx4lbL+Ux9SfPMchw+q61H6NKDyjy+65YASXW+70WVyuAstISrrjwDVjCZ6wTmMj +KdkPrP6n40NA4s80oT8pTHGj5Qyk9nECAwEAAaNgMF4wHQYDVR0OBBYEFPN0PhhZ +LtP5w/UG720qW63BdUUxMB8GA1UdIwQYMBaAFE5kWrQCBzHu7qG5gMdamzZ0lHpS +MAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBBQUAA4IB +AQB2+Wcc48txPQygh//2nxzxTCUiDhKnxXaOqJawJ1sKwLVhGYvlJQMVBWUUKr46 +xsiYl9AnQu0J0ARHDZKwYvUieaG7wVd4lnsDCifRwyUoML4lETVBucK/oTVt5Kde +hEd6VR8fnS5P5hjnfCZ9XB5EwqRk+nyQO3XFBQLjYBeCqhA9vRnIuE6xYTC20Dss +/zl4SJQRC1WQ0C1+O0719yHgujjsai9jlxLppnxZz12ZfQy7XmXJFCpkMsmI95+e +M4O/7p7RObtlVJCEhleJbc8N8aZ2JYuRENwyuvaG5z2fpK9chrP7YkwE2PMTOGsL +DS21pfxrLCsPWGFe9tLAPauc +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEAjCCAuqgAwIBAgIJALOPTrQGpetyMA0GCSqGSIb3DQEBBQUAMIGJMQswCQYD +VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJQ3VwZXJ0aW5v +MRMwEQYDVQQKDApBcHBsZSBJbmMuMREwDwYDVQQLDAhGREIgVGVhbTEpMCcGA1UE +AwwgRkRCIExpYlRMUyBQbHVnaW4gVGVzdCBSb290IENBIDEwHhcNMTgwNDI2MTYz +NTU0WhcNMjgwNDIzMTYzNTU0WjCBkTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNh +bGlmb3JuaWExEjAQBgNVBAcMCUN1cGVydGlubzETMBEGA1UECgwKQXBwbGUgSW5j +LjERMA8GA1UECwwIRkRCIFRlYW0xMTAvBgNVBAMMKEZEQiBMaWJUTFMgUGx1Z2lu +IFRlc3QgSW50ZXJtZWRpYXRlIENBIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQCqE74CmPzqGMCmWWTrCDBOShmiOcu266V0+upPBn3aEo3ZUevdRDIZ +R5waXh8sVmxoUfQdwxOBZPZFSLULPU9vQDny2DsbYfJ1MLNzEH9W5gHc5YzpvtuE +6cZvaCb8PLGcGOesACwJ2tpc+lI9ZxfB/vIO/ZUcg0mHfhcaE1bHRVrj0yZTkPe/ +yhQWWQshS6locyn+LbvayB72uaC4OeCbucGOH6B4SU1pBpG8OPMD3ktES8nIjDdj +RnuiPestjt7VIB6u37CsTSupK9Gxgyi7U9JI7kwCnRinZmHygDzLzlQ8Awksg/Qb +NuSfV0OcNG3O/Xal4OWhS1AMpayPMxXFAgMBAAGjYzBhMB0GA1UdDgQWBBROZFq0 +Agcx7u6huYDHWps2dJR6UjAfBgNVHSMEGDAWgBQIWQAHRYgGMY/ziEvCGaoqIFvJ +eDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUF +AAOCAQEApoV9izIHMB4418NP8FTdsToMwemxIs/ASoURGPnXnDG3EG9R8E8h64bg +38fddyaOR4AkWyn1DELzlp2vdlA4v8xY5Fu4au5MSvpxzf8H2ia3QUP/xEGj70Vg +6BJhRWQ/iOALVLVsTvJmhXQBlhIsFZMi0eIcr8CqpZ6x80SuLgl67omBvqpoVNuA +Y0FKgva+bNcEDhPur7LYAiTT+0ykgKFMR2/KnPDJOh12lYMw2ILQIQXuYCJJOXNy +nXDXa7l8vxywxMtdk5jqAB8Jct+9gV69F5uW+VuP9CEfHXpOZmDsxbFzsQbU+5mD +xj4rdSXEuk8h9bOBuqUBR9opl7jw9Q== +-----END CERTIFICATE----- +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDY96tymBMR2ji5 +K83PqwB5fdKXPP5rAaHOQmfp1RwX8gjZDpZTbVIfPrEs6ZH1iQfl6kIRQo+U/Z7n +cJ2k2BwEn3fUCf7H+SJpcz9VoiiRTG8cgzLWkZB5Eir5zIUqrmR3ct1ATCk81AW0 +gDB2tWAevQZlmJ2lDKOrTMlEVjFWCIiEeoT/yTkBIuvYiuCB8gpGQSAYptGBWk5v +/ww/cDKT0PVikAi1bzll5CswuOqJ09QdIUKlEWm+GE8eJWy/lMfUnzzHIcPqutR+ +jSg8o8vuuWAEl1vu9FlcrgLLSEq648A1YwmesE5jIynZD6z+p+NDQOLPNKE/KUxx +o+UMpPZxAgMBAAECggEAYhz9hsCGPxhzdij81N/7QvVG+eU3F6SRSvh0jSU1ow5s +OduC1w8kh8SN0kV9H49r5uhcH/n9e96EsRwX7adcZCrIwTYT5NIgYZcgGNVPiwUJ +addacfU5Y8Z3cKavwXFDNVDYBG9sZnlqawlc4RF7+ep4rhCpmS1yBdCfYyum+8Pi +1dQsE3whxDYf+P/f/9Cjlm3UIo8hrYTOr/zq8EushX6cf67q9CxAMCHGxHDONMOX +hAv35vhOHm5WYGuuD9IitEyPFIL9F06/vU+k4uVA8Oo0/8nhl6YTHgLYZoM0dqFm +/ofz4UhDAyyMWE9nHYpXoiSIfpyC3K91ahWdpxXpAQKBgQDzTzxoLQlXyBXDouS7 +zMw/nkqDZ1oy9iOghYSrhiAmyRTFuUzGpjAVdlMaHr0QdrOVS3kEJneDciPe1Uil +Uo6LyN7Y+ePid744gQBj26vznQKe1Q1YXQ3kRVIvV6kHAgFhVMv/x5YV5JsSDtya +FRHavzDlQRjMRKxB1lnjgO51eQKBgQDkSLRM7GK/8h2r7njWGmprDqQums/ZEftQ +9m/HiraXThyJPHYzR2bE4N1nHx4SEiSYulazU3F2s+tp1YIXdDWnRquGhI9OpmcB +Q3R+Af/LIsyBl3ugzjKErHh72WIC/UhAimzLW8h3fQy1uOQOnqnbNpga1BqBl8Bv +c8TyRHgiuQKBgHXqE5tlIB8Dn9CVFAcTpHS8cN4n62XBNdjofDhoIxLI5qFAQT4Q +ckMkefexp+zfqf6Teg2R2t/AJDQs5yz/yodiDOXYjSFG6NAXbKn4XugMUqXJGNOX +HVFgawj4kbkMtsCFyOunvUvU43Yn769YwLNjbv3bw3nTWiv6Bswjwuz5AoGAZfPG +elhUHe9uqvudAdnYTynBz4KacxKhz93PvClKNLbQ7cWP8ITh8+mNV+HA10c9Cuyl +jf8lPGNMLv8I05q135gjQLdxHSoZ9KmAnEoeSEWpWfMiZoXQcApq4L0MFdOycgig +YA4EsMCrbXk+eP0JVPrD4a96iwgQDHaCrcRAdxkCgYEApyJ789WE2tQylL/1vhE6 +cu4iXMYbYTp9w3FaNZF4/yh3AT6VGyU2x28Z3PuZcWFFeZSRYuRhMNglAgSwJgXV +qJdtdKz0gscvDQxT9luqMBNKdh5u8UvwwIxoozbDH6MJ5gchk7h7mB/O/wtaE/7K +EYPR6QVzl4Mv0M2WGZ7kzlg= +-----END PRIVATE KEY----- diff --git a/FDBLibTLS/testdata/test-client-2.pem b/FDBLibTLS/testdata/test-client-2.pem new file mode 100644 index 0000000000..1a99a46e7d --- /dev/null +++ b/FDBLibTLS/testdata/test-client-2.pem @@ -0,0 +1,80 @@ +subject= C = AU, ST = New South Wales, L = Sydney, O = Apple Pty Limited, OU = FDB Team, CN = "FDB LibTLS Plugin Test Client 2, \C2\80 <\01+\02=\03>" +issuer= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Intermediate CA 2 +subject= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Intermediate CA 2 +issuer= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Root CA 1 +-----BEGIN CERTIFICATE----- +MIIEEzCCAvugAwIBAgIJALOPTrQGpet5MA0GCSqGSIb3DQEBBQUAMIGRMQswCQYD +VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJQ3VwZXJ0aW5v +MRMwEQYDVQQKDApBcHBsZSBJbmMuMREwDwYDVQQLDAhGREIgVGVhbTExMC8GA1UE +AwwoRkRCIExpYlRMUyBQbHVnaW4gVGVzdCBJbnRlcm1lZGlhdGUgQ0EgMjAeFw0x +ODA0MjYxNjM1NTVaFw0yODA0MjMxNjM1NTVaMIGdMQswCQYDVQQGEwJBVTEYMBYG +A1UECAwPTmV3IFNvdXRoIFdhbGVzMQ8wDQYDVQQHDAZTeWRuZXkxGjAYBgNVBAoM +EUFwcGxlIFB0eSBMaW1pdGVkMREwDwYDVQQLDAhGREIgVGVhbTE0MDIGA1UEAwwr +RkRCIExpYlRMUyBQbHVnaW4gVGVzdCBDbGllbnQgMiwgwoAgPAErAj0DPjCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMECQvC15g9BhmNov+0Wr/lRCPR9 +shOuuxR2Q5DnFHbef3ZD3wD8B6eZHJMYFXXPFI5+I7Pa37ej1iPtJZLbVM0SzrPw +B5/maTbOTIe5nkmBYe81YnE7dcDCncMlHnUqXZP7ZY14PwxA0c60dky6UYeFkQqJ +H2uzh9siX7qJKdGm5/MlK+wLEsHqg6rHYPEe0o1NHmHvwVVZTGw3DAq5z0fmbWQD +PrTUOzn/4b0bV7zZjy7tBAp65b6bOGfOccF+lvgLEhooMYaoQxYMzOIx0091cClV +FnDTdG9ThANQRp6CshOHDO1kemsdHZkFQbwn5dCWe1I0wwb7RiyNKSKyPhUCAwEA +AaNgMF4wHQYDVR0OBBYEFOQwxEN04ikMQ9IO2+SkTYwy8xMyMB8GA1UdIwQYMBaA +FI3qUMbfoAWLeyNOiULqI+o1FAmMMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQD +AgeAMA0GCSqGSIb3DQEBBQUAA4IBAQAzj35V+V7j8ScwMgPt1f5O1dkw3bVKDtPJ +10b52pXBCelNi/WNY0PTp5vOOQo5n3Cmnte6O5BBZhvRqAhoztMEhe8oxExr6dcj +dGkgXbLDhMeHJNb+qh5wezaiFH7C0cNgLEHHv6fvGIrCKJ4lqdQs+4rmDRynXBSx +Zjt18ciFDgZeCGlU869Le3C3URERGGl/whEHPyknaaJVF0mhqhYXioP83ilh/6Av +2ct9zscavCfmDGa91lDsybJqyndXmtsvFVQy+EVg3vzamx1wMNCCBCXhWv9hGNex +WJplxBSZTNbzH7g06lTcd2m98KFEu25bpyUGeaAIzOT6PtcDeef+ +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEAjCCAuqgAwIBAgIJALOPTrQGpetzMA0GCSqGSIb3DQEBBQUAMIGJMQswCQYD +VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJQ3VwZXJ0aW5v +MRMwEQYDVQQKDApBcHBsZSBJbmMuMREwDwYDVQQLDAhGREIgVGVhbTEpMCcGA1UE +AwwgRkRCIExpYlRMUyBQbHVnaW4gVGVzdCBSb290IENBIDEwHhcNMTgwNDI2MTYz +NTU0WhcNMjgwNDIzMTYzNTU0WjCBkTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNh +bGlmb3JuaWExEjAQBgNVBAcMCUN1cGVydGlubzETMBEGA1UECgwKQXBwbGUgSW5j +LjERMA8GA1UECwwIRkRCIFRlYW0xMTAvBgNVBAMMKEZEQiBMaWJUTFMgUGx1Z2lu +IFRlc3QgSW50ZXJtZWRpYXRlIENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQCrmd2lnZGJt04Zn7ToQBf4zaBNe87YlMGc7gkA9P1fT3QBuT9K5x21 +P3SZQJj9KQ8LQwLYTUTPaJDPQ+rgZrFU9e8lTrKtjD4uPafzSDXLBDz4sDrj26hd +jh7ldMh0qMb+pvzMI+/R1oULQH0+45oweFeEfdrXeMOgITJXtNd4lPB6ezkkIE++ +xbeao2bnTfFVwCsSDuk67tEPce2CKt0jI1/8nLcs4qd3uM0bRWyPd+i6rDQckW/3 +rapPqCiGZoYLwMMVKfZMtLRftx8JQsvK+7vwU+SgOSI9Of8KYkz1nykKEUA0U2Pk +8MxOQ2SFC23ChcZMNaTWxfUQT0Enab4xAgMBAAGjYzBhMB0GA1UdDgQWBBSN6lDG +36AFi3sjTolC6iPqNRQJjDAfBgNVHSMEGDAWgBQIWQAHRYgGMY/ziEvCGaoqIFvJ +eDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUF +AAOCAQEAMHVjMu0aJnfmj44CLsdBVzJSFSg2ibvyRLbIEL22i5HnfAnl4uCW5ms9 +/pYIaOqw0r5av2WfeKBzarGfBC0vnMGUog7rjv6CFDT52o/w5w9ScNAE2m85Ibt4 +q9rlFSh2zOYUCfG5F+7cGHHYrWNvQ4X8p2qziUHZEl3i9hCr9edt+XnVj6Oelb9q +3zDdqOwSklJ4DzcauZORv/FwRggqZlp6upuIdVC5lIygd92k6RugQOwrWhLlaAi+ +OC6Sw45W0RG0K4WqLBrErmqH3OmV8O1xNIAFjADR70AgKYAO9mOobTRx+iD/me5R +0t0M0NLKAVEGiOTvznu/yxnNkDTpsQ== +-----END CERTIFICATE----- +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDBAkLwteYPQYZj +aL/tFq/5UQj0fbITrrsUdkOQ5xR23n92Q98A/AenmRyTGBV1zxSOfiOz2t+3o9Yj +7SWS21TNEs6z8Aef5mk2zkyHuZ5JgWHvNWJxO3XAwp3DJR51Kl2T+2WNeD8MQNHO +tHZMulGHhZEKiR9rs4fbIl+6iSnRpufzJSvsCxLB6oOqx2DxHtKNTR5h78FVWUxs +NwwKuc9H5m1kAz601Ds5/+G9G1e82Y8u7QQKeuW+mzhnznHBfpb4CxIaKDGGqEMW +DMziMdNPdXApVRZw03RvU4QDUEaegrIThwztZHprHR2ZBUG8J+XQlntSNMMG+0Ys +jSkisj4VAgMBAAECggEASkMUfol+e2A61QT408Bm9Qa461lxqyEP2k+mr5o5xYLW +iCqVI0vVpibDV9VsbGfBARKHqiwM6BuhyTD1xAugFUenQJSaWmvND8lQqOhCfwXJ +KMDhn6/BHunCydL+ZRZn6whPip85ov1NvLqyydLmi75YkDUyYb4yB56yNpOQA5oJ +lsJVKDNwSZHk2wcrZZOf9xgBWtBvdwMy8/dpIrGi/zIVLVk8F/L/OhcKULz3xQu9 +j81AU6SiT6tYGuDaM+plUtnUvaBm8BTgk5F6ghOGnN6AmS6FNtM1v4Z3MaP8yYGu +BaUxC15RbuZZkT0d+FNqFpk5/HKKXZV4jOB/bn6eAQKBgQDfEZWGhub7NrptMhr2 +3Wq16JeO9WyWlEHhCYgRaP3LjY4JCCQKbhWkBiukxtOqOqYQ2YlKoPr6EcQHKz3C +CtMMtmBs9sSgtUeIqch7VfmgJMLBi2ONTdCDmOhw3R9oL00L3crWorHme2ZabhCU +RYUKhKQ91V/FaRlrteQHFA1PgwKBgQDdgKC+Tamw6gdVCmtf4GIwBucEgxKoFGT2 +hVb3xIyGexsb6v6e/DICmkNMzUWkZEb1m3PN3rp/76A1uLz6346x60JIotlywyA7 +9ieWOOjXtgRAPpopPrPedFhTjd/UOfIpYl9klJzYBonYC4mj0wxqdsu8niqwIht0 +wSCPtkxwhwKBgQDDrPgebx4VhheZDBftL6OY+PRh+lYL7PexQRw0MYZYVc8fix2a +bKDdJnCIdcVdEV91bm3pojcmwAjWRQ9CtR4Xi7AgRYOMehjLACyWTH/SBA03nF9y +p6zek3Zq8v3G9Z8/Zoq1JzipNtw9PUmb1zPyWxJ8Dz2YvS4IdyEVOHjIowKBgQC3 +pFAg1wTMP4tqryPMrpzZUq+v5vfN0HLQjEZJT3RufpxALjmCGHdh/wGzKDEIFXdb +Y9HEKlgXf9UlFQ/hMv38dp9S12lPI4WTEQdLHc22IhsuJHjtnyXDVlRwmZysOIqU +UxHhsvDCjdE1BIPOBkkx72IE9GFR/EUlLIVRgQOo+wKBgQCD5Hyn1vYxKZ0y4sBi +s2y1joxTZ8thkWs95HzHpv0v0mAzSU4aYdkGzoZI9edBUlutOPutPqyEjCTS+e4X +ruA9d/0zg0sqvzcC074+8LdTR8Vut8QA6Nqve0XpzxZxyQOqfouXRELUBS63uECY +XUDGwPu1yucaorm4BXqdn05Iqg== +-----END PRIVATE KEY----- diff --git a/FDBLibTLS/testdata/test-client-3.pem b/FDBLibTLS/testdata/test-client-3.pem new file mode 100644 index 0000000000..eed3b8484c --- /dev/null +++ b/FDBLibTLS/testdata/test-client-3.pem @@ -0,0 +1,124 @@ +subject= +issuer= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Intermediate CA 1 +subject= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Intermediate CA 1 +issuer= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Root CA 1 +Certificate: + Data: + Version: 1 (0x0) + Serial Number: 1048578 (0x100002) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=California, L=Cupertino, O=Apple Inc., OU=FDB Team, CN=FDB LibTLS Plugin Test Intermediate CA 1 + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Dec 31 00:00:00 2017 GMT + Subject: + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:eb:56:4c:da:09:7f:4c:b7:7e:83:a4:25:12:d3: + a2:ba:73:38:51:6f:e0:7c:7c:87:e6:94:c9:3e:f0: + b2:31:09:90:fc:c7:b4:64:c9:a9:28:89:6e:6a:a1: + 23:41:70:36:6c:13:01:06:40:14:f6:c2:f6:3c:d6: + 8d:9b:42:0f:83:b7:75:9b:05:27:86:55:a0:8b:11: + 7e:f2:43:f2:d8:ae:27:e2:a9:ec:80:55:39:4a:24: + b0:9d:f8:33:ed:d4:ca:41:e9:e6:00:81:d5:ed:47: + 7c:da:33:2b:5a:a7:e0:4c:77:b3:a3:b0:dc:77:3e: + 44:71:57:ba:0e:9f:73:d2:c5:cd:a3:78:37:00:cc: + 55:1a:1c:50:45:37:f5:15:cb:b6:42:44:99:fa:13: + bf:d8:56:c2:39:7d:94:cb:1b:d7:04:98:13:8c:e5: + 52:95:a7:40:2a:da:2b:36:c1:a9:01:7f:08:5c:86: + e6:a6:86:ea:a4:29:ee:9d:e4:4b:86:d0:4d:b8:e1: + 5d:37:df:42:87:66:d2:31:d4:25:0a:5d:6f:60:bd: + 53:2c:95:ea:db:f9:d0:b6:a7:4f:9e:80:0f:54:41: + 93:a6:6c:9c:e9:bb:36:c6:cd:17:b7:20:ba:56:99: + 87:b2:86:47:f3:94:8a:34:66:dd:f4:cc:a7:c4:d1: + c9:71 + Exponent: 65537 (0x10001) + Signature Algorithm: sha256WithRSAEncryption + 99:42:4d:71:3b:5c:70:1f:1a:c5:3b:6a:6a:4a:fe:10:93:6d: + ce:dd:d6:2f:9e:75:0a:27:44:a3:06:96:d9:bd:e3:33:2a:3d: + 14:80:e1:d3:f0:4a:24:f4:30:08:74:8d:b3:1d:78:d8:be:b9: + f2:fa:de:1b:a0:fa:51:d2:c3:ea:47:4a:21:16:21:b9:97:bd: + e7:72:26:ae:42:20:ea:09:2f:34:0b:3e:1f:77:ec:63:a4:10: + 34:b9:3e:9e:22:06:b3:28:c6:e3:d0:ee:7c:64:1c:3c:0f:6c: + c1:9c:b9:84:62:fb:04:8f:2c:49:a6:e8:bb:11:46:30:06:08: + 17:e7:4d:8b:c9:1a:12:74:49:c0:9d:e6:fc:89:c8:b6:81:19: + dc:1d:59:10:5f:2c:d2:c6:e4:73:29:03:8c:7a:c3:41:7c:28: + 88:97:c7:31:6c:78:18:b1:8d:cf:5a:35:de:9b:89:a3:48:9f: + eb:0d:57:8a:d1:be:a0:d6:42:71:8f:7f:1c:f5:ef:d4:00:7d: + a8:7d:e7:03:2b:3f:bf:50:63:e5:72:57:38:ae:50:5f:94:42: + ea:4c:f8:02:b4:33:67:e8:09:bf:9e:21:01:48:63:d4:cf:29: + da:c7:8e:21:a6:ae:1f:e4:56:03:74:c8:2e:3e:77:9d:60:e5: + 53:4c:14:87 +-----BEGIN CERTIFICATE----- +MIIDCDCCAfACAxAAAjANBgkqhkiG9w0BAQsFADCBkTELMAkGA1UEBhMCVVMxEzAR +BgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCUN1cGVydGlubzETMBEGA1UECgwK +QXBwbGUgSW5jLjERMA8GA1UECwwIRkRCIFRlYW0xMTAvBgNVBAMMKEZEQiBMaWJU +TFMgUGx1Z2luIFRlc3QgSW50ZXJtZWRpYXRlIENBIDEwHhcNMTcwMTAxMDAwMDAw +WhcNMTcxMjMxMDAwMDAwWjAAMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEA61ZM2gl/TLd+g6QlEtOiunM4UW/gfHyH5pTJPvCyMQmQ/Me0ZMmpKIluaqEj +QXA2bBMBBkAU9sL2PNaNm0IPg7d1mwUnhlWgixF+8kPy2K4n4qnsgFU5SiSwnfgz +7dTKQenmAIHV7Ud82jMrWqfgTHezo7Dcdz5EcVe6Dp9z0sXNo3g3AMxVGhxQRTf1 +Fcu2QkSZ+hO/2FbCOX2UyxvXBJgTjOVSladAKtorNsGpAX8IXIbmpobqpCnuneRL +htBNuOFdN99Ch2bSMdQlCl1vYL1TLJXq2/nQtqdPnoAPVEGTpmyc6bs2xs0XtyC6 +VpmHsoZH85SKNGbd9MynxNHJcQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCZQk1x +O1xwHxrFO2pqSv4Qk23O3dYvnnUKJ0SjBpbZveMzKj0UgOHT8Eok9DAIdI2zHXjY +vrny+t4boPpR0sPqR0ohFiG5l73nciauQiDqCS80Cz4fd+xjpBA0uT6eIgazKMbj +0O58ZBw8D2zBnLmEYvsEjyxJpui7EUYwBggX502LyRoSdEnAneb8ici2gRncHVkQ +XyzSxuRzKQOMesNBfCiIl8cxbHgYsY3PWjXem4mjSJ/rDVeK0b6g1kJxj38c9e/U +AH2ofecDKz+/UGPlclc4rlBflELqTPgCtDNn6Am/niEBSGPUzynax44hpq4f5FYD +dMguPnedYOVTTBSH +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEAjCCAuqgAwIBAgIJALOPTrQGpetyMA0GCSqGSIb3DQEBBQUAMIGJMQswCQYD +VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJQ3VwZXJ0aW5v +MRMwEQYDVQQKDApBcHBsZSBJbmMuMREwDwYDVQQLDAhGREIgVGVhbTEpMCcGA1UE +AwwgRkRCIExpYlRMUyBQbHVnaW4gVGVzdCBSb290IENBIDEwHhcNMTgwNDI2MTYz +NTU0WhcNMjgwNDIzMTYzNTU0WjCBkTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNh +bGlmb3JuaWExEjAQBgNVBAcMCUN1cGVydGlubzETMBEGA1UECgwKQXBwbGUgSW5j +LjERMA8GA1UECwwIRkRCIFRlYW0xMTAvBgNVBAMMKEZEQiBMaWJUTFMgUGx1Z2lu +IFRlc3QgSW50ZXJtZWRpYXRlIENBIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQCqE74CmPzqGMCmWWTrCDBOShmiOcu266V0+upPBn3aEo3ZUevdRDIZ +R5waXh8sVmxoUfQdwxOBZPZFSLULPU9vQDny2DsbYfJ1MLNzEH9W5gHc5YzpvtuE +6cZvaCb8PLGcGOesACwJ2tpc+lI9ZxfB/vIO/ZUcg0mHfhcaE1bHRVrj0yZTkPe/ +yhQWWQshS6locyn+LbvayB72uaC4OeCbucGOH6B4SU1pBpG8OPMD3ktES8nIjDdj +RnuiPestjt7VIB6u37CsTSupK9Gxgyi7U9JI7kwCnRinZmHygDzLzlQ8Awksg/Qb +NuSfV0OcNG3O/Xal4OWhS1AMpayPMxXFAgMBAAGjYzBhMB0GA1UdDgQWBBROZFq0 +Agcx7u6huYDHWps2dJR6UjAfBgNVHSMEGDAWgBQIWQAHRYgGMY/ziEvCGaoqIFvJ +eDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUF +AAOCAQEApoV9izIHMB4418NP8FTdsToMwemxIs/ASoURGPnXnDG3EG9R8E8h64bg +38fddyaOR4AkWyn1DELzlp2vdlA4v8xY5Fu4au5MSvpxzf8H2ia3QUP/xEGj70Vg +6BJhRWQ/iOALVLVsTvJmhXQBlhIsFZMi0eIcr8CqpZ6x80SuLgl67omBvqpoVNuA +Y0FKgva+bNcEDhPur7LYAiTT+0ykgKFMR2/KnPDJOh12lYMw2ILQIQXuYCJJOXNy +nXDXa7l8vxywxMtdk5jqAB8Jct+9gV69F5uW+VuP9CEfHXpOZmDsxbFzsQbU+5mD +xj4rdSXEuk8h9bOBuqUBR9opl7jw9Q== +-----END CERTIFICATE----- +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDrVkzaCX9Mt36D +pCUS06K6czhRb+B8fIfmlMk+8LIxCZD8x7RkyakoiW5qoSNBcDZsEwEGQBT2wvY8 +1o2bQg+Dt3WbBSeGVaCLEX7yQ/LYrifiqeyAVTlKJLCd+DPt1MpB6eYAgdXtR3za +Mytap+BMd7OjsNx3PkRxV7oOn3PSxc2jeDcAzFUaHFBFN/UVy7ZCRJn6E7/YVsI5 +fZTLG9cEmBOM5VKVp0Aq2is2wakBfwhchuamhuqkKe6d5EuG0E244V0330KHZtIx +1CUKXW9gvVMslerb+dC2p0+egA9UQZOmbJzpuzbGzRe3ILpWmYeyhkfzlIo0Zt30 +zKfE0clxAgMBAAECggEAKZNTfGmVHb6FEUicbBkLdJkKaAi1xghSEgBTFVV8hYFF +JgM58VxXEBxHb3sMOXFTjABHfA0yJu4GhnT5C2a+SuzMUBi3BNp3xFnQ7YfnjTQn +Q7n1WC62Mk0NDrtcoTWojcB+q7REUOkCO6IylI935sp26AJE0KQlf0iaTB8LXT7R +/IeZgUs0qoY+LVa+bsCgXvvFqtf1U3GHgW6R6vNksWAL/hDewJPAo4pzoZYRc1No +TJ8lP2fBNTzn+8zkaoHJ6awT9T0TMlwq0uruDr0wGeSTYpuwP9IuwDdByiJO6EQs +7XNTUlEr5yjfIpR5pnKRxFwlrvPl8xpW32gQgZYoYQKBgQD39P5NEquNM+CNM9EB +381du6bk3kFB2bn49U9jGbU1kcMJekJ6cOsGQgZvtmh7GWkGdey8icjOCxx/rmQ8 +Yk05XD1/qPk1H1EQ0xjJ0NheHSq1eT3L4ZAR9hvCZa7Kn882VgKTAHAnp0XxoIse +mF5TVCPTxHzl1hd9V5ocRinXBQKBgQDy+IM+axVIuTIP2KUs19JooZaSx2k9k575 +7utNCFsvYjA9Gi3QufkBGZ+zoQjwJGKyQbYdldgObMivhylhL/YAsfG0OdZYEMLQ +NF9xHy4nLI/6ikhb7Tm1Ja4iCrEj7H78TLz7U3V2gaOTrpVWg/x+SXg1wz6gMH1p +r2Vm4wZcfQKBgAMD8rfDO1zbPabZ83e/XgL+zjfIUCjZ2f4iFZYR8Pc2z5Vk7DwK +9YC8+tEO+dRNac6PTpK4Zj3DOtR+rW9ijqfc7E6KIoW33MeEma+Sn579YdCVKeA5 +3QOq54mErQx/xwhVIXDiN3rz+NDIcAiuN69xvYHMyOwOn3iBwTkIzWd1AoGAaDUF +tSOgQUyMmBdG4HDAIXgMaG92R56ktHUwHh3TXgMyxUIRHFBm533h7NzIRJaWbfWY +8h9uRuGJQR8rNC+pxqqLC80yjRrDMyEDPjUtSkfmiIH+fs7DzVmX0ancR5gK7pLL +Cs/EtUrsqU5bZnu9Mzy3ffd7SKEDaOx9BR+hftECgYEAs0wGUVW5oZoaHzHorHfG +W4dOwvmcT5Y2uHP8JBiOr3l6NHzdbOhN9DmEo62sf4rIrz+h1TIkLCS36Agm28JL +ptTfVAaB6ufGwBh8uMtzL5cd6gZgG2g9SKEdHCIQ9eQajuepWEgtMJda5e1+zLfB +Na5+X0YtsCTXKtqSMSO0Zy4= +-----END PRIVATE KEY----- diff --git a/FDBLibTLS/testdata/test-client-4.pem b/FDBLibTLS/testdata/test-client-4.pem new file mode 100644 index 0000000000..8abb2e10f0 --- /dev/null +++ b/FDBLibTLS/testdata/test-client-4.pem @@ -0,0 +1,82 @@ +subject= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Client 4 +issuer= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Intermediate CA 3 +subject= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Intermediate CA 3 +issuer= C = AU, ST = New South Wales, L = Sydney, O = Apple Pty Limited, OU = FDB Team, CN = FDB LibTLS Plugin Test Root CA 2 +-----BEGIN CERTIFICATE----- +MIID/jCCAuagAwIBAgIJALOPTrQGpet6MA0GCSqGSIb3DQEBBQUAMIGRMQswCQYD +VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJQ3VwZXJ0aW5v +MRMwEQYDVQQKDApBcHBsZSBJbmMuMREwDwYDVQQLDAhGREIgVGVhbTExMC8GA1UE +AwwoRkRCIExpYlRMUyBQbHVnaW4gVGVzdCBJbnRlcm1lZGlhdGUgQ0EgMzAeFw0x +ODA0MjYxNjM1NTZaFw0yODA0MjMxNjM1NTZaMIGIMQswCQYDVQQGEwJVUzETMBEG +A1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJQ3VwZXJ0aW5vMRMwEQYDVQQKDApB +cHBsZSBJbmMuMREwDwYDVQQLDAhGREIgVGVhbTEoMCYGA1UEAwwfRkRCIExpYlRM +UyBQbHVnaW4gVGVzdCBDbGllbnQgNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBALhJzjx42rEMT6JQC2Dq/A2/iHWyNCW6h6PqLE6JsKsHiUIHLQWbE766 +Pskwg1RpXkfMONyOYVpGSos8jDdxNGbpyCsRFsMcmG/oiGKUY+OCW7S0l5lvSQqX +j18LOTAThSXWZoMvimMMNFivH356GIxR0mTFdv308JR3GgI1dZvvIKvNQUjs/bvG +UUw8Gq9PxbHGLjQFLFYaCPUs8OaO2nTEurM5JpDlEKaqL2usOJgjhvvtlJ4oo+10 +aYNUlIotYxbJsxnAIciR6FjNfUz9z4mrYG62iR6OD4bI3OP74nOv6poim1tze7DP +93E/GEHso+Pfj37m53r50TD+GUHwRJkCAwEAAaNgMF4wHQYDVR0OBBYEFFRemg/3 +R1b0u9qfeB6LQFAc23awMB8GA1UdIwQYMBaAFNJkFNeVtJApFs//7Jvd5R/+BJ0Z +MAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBBQUAA4IB +AQBHrHzTOjZTjWnmTCmUwtDfSXEVQia9DtoaI1dVUDNbANFvMQuAe+ReuEicWmxQ +mhCXkFBgQr56g5QOY1e5ncBpjSqs9GYfheW0L2dTYFvVp+yXAaAVW0sY56dFnrKx +rYiPYO6ssMElGQPUQs8q/Mup/JMvkv3B4fNi+COPy+KNV6t7pzIEydg5uurOkK8J +kwIvyFlit1W+KXIzZlKHCzv4jF0Q3lDXQXjNoLORCAxSgyJVVcxvLzPTtCtKM0XC +0uMc29N61aTmzTonxdoAlxhRhohCfYohTvUg/2JjbUb1U/+VRRkTDl/4H4DegfBm +igvwRnL+koW3Bp8ZdmRfTO88 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIECzCCAvOgAwIBAgIJALOPTrQGpet0MA0GCSqGSIb3DQEBBQUAMIGSMQswCQYD +VQQGEwJBVTEYMBYGA1UECAwPTmV3IFNvdXRoIFdhbGVzMQ8wDQYDVQQHDAZTeWRu +ZXkxGjAYBgNVBAoMEUFwcGxlIFB0eSBMaW1pdGVkMREwDwYDVQQLDAhGREIgVGVh +bTEpMCcGA1UEAwwgRkRCIExpYlRMUyBQbHVnaW4gVGVzdCBSb290IENBIDIwHhcN +MTgwNDI2MTYzNTU0WhcNMjgwNDIzMTYzNTU0WjCBkTELMAkGA1UEBhMCVVMxEzAR +BgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCUN1cGVydGlubzETMBEGA1UECgwK +QXBwbGUgSW5jLjERMA8GA1UECwwIRkRCIFRlYW0xMTAvBgNVBAMMKEZEQiBMaWJU +TFMgUGx1Z2luIFRlc3QgSW50ZXJtZWRpYXRlIENBIDMwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQCZ3UPCarKiS+IqK2VvB0lVQ3L0TPuNUov54L7ELFnB +1lijZWX2wX3Vi0uAyvwmLi+PYkUkzhaNhGWbVPHEFqsOzwMbifGLfdxjetZD0kOr +ZuARithrDXVWZegIXEFDUdnpz74TKG6rCQ6o4WMIFUV/j9770iMtrMABr/BwASrE +sVqAqNe4bOqHJyxyeTxF/vCRme3PVf+u06mM9OLxVVaPRK+tiysdKprjs6oyFoxT +S/Cl+vv7Lnt5Yth0F7YJGMrIKDPuSWCqAfKWAc+b73XPQ14coIczVzQAikyRFmGa +9aaw0aWYI2gjTkuah0c5fboZAuHT0Z7nQVtYUyIYRY8BAgMBAAGjYzBhMB0GA1Ud +DgQWBBTSZBTXlbSQKRbP/+yb3eUf/gSdGTAfBgNVHSMEGDAWgBT8PGmqenESXKJl +kdMkGY7ttNqMZzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkq +hkiG9w0BAQUFAAOCAQEAdoyvb/2+r587RMar6+/OauAVXWwnNEI8hhUvxiTnDq/M +TKu+okSAHSbGvYp5yGD2IXlEZHjtKnMapsih7tvm2VboM7U5Zi3aK7hjvk6Kxs5B +eynHP9dDnUWG/qRbAF83B3mK7ymmrZvJIDwHZEtY9Gmmmb9ty9aK2ywmYtlYgIS8 +FSh/qwzvThIiMuCQma9JJOx6ZDXV2YwCxYtIRAuTvIWuOckb608fPi812k0zYILG +q4VLhZTc2AM8H/629RBRV5zC/tqySLb3VgpWQ2vZSzUwuKIdIPs4lsbNqmsdWIyR +hHnl8610t/JAUdCPHDd1bBlYNgLhMKJTM8fGu9Ux/Q== +-----END CERTIFICATE----- +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFHzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQIin+Bh1kSGiQCAggA +MB0GCWCGSAFlAwQBAgQQecgfNmQfm8gVISC1QceptQSCBNA3fAw+SiU1l/j+Pc05 +2i1VzOkDKQGTSVtpO6tV67p7uWaUS2oCpx36eE1LfJgWOxsk+gizPsH1kFrKlqfl +6SmeVp17dogeBX/uf9bGqyqEO4GXEmxhajMFpE8mmQJ4aSLGuSN2sh1YkI/QrX/v +y6QsJi0hsd/xxjPORoZxhtgRwRaiw2hUF9Al/ipusoRQ+x4of6j6hpVLxAn6yKIk +l6fk+HDlGaEBLZjbTQd/Usx6AlQo5ydEPKdftKx6uHltkt0hrnIJC6pc1w6O3Ndh +An/lagHxNSGfAFNkEH3YCFYtRzAR19a879LKVFqaKfVgfhwv8e0x06GaIfvyaGiY +KbzRkjIUp+Z/0SB8hZVzOTNYcW/0cXRNH498Vv5L4j0irqTyf7yxwiPuWZieBGpa +sLo9gE3Ap0XahS6//G2ZIXAwXN9nVPN4QjyKh4iXmYO0arNiIYZwtHJ77E/O62x7 +cKQA5y4Fsgft0wWUfAi5nZ16qwleXpSMBfnvHMz5RJWIGjpiQ67Mf9u9svudXR0h +5TQaViQLDUVs6kAhulTQvdifPCsIbpLlJ2YxH2L9BsTPnU5oHBU+veFA6zagjh0G +UtyaQWKe8iC7cjeEXRL5s32bfaG4x5FMnNJbU6Sd5qGbFHPJyGorKOCFh8RbTlZV +pXbnYFm8KX1hRu3BbCKxHUVypqyYj7SIOe5ihWkudDq1qDS+ugzMhAdZK+WF+euv +Hzf/HYI3zLKeiZmhmG1ysfs4SRd2K++dYIbmWcFDcNLogsYt4BidH/8VZdxsmd0C +vjt1mY3W3QvV7gWr2ZeMWalmrS+OuTR2jcJPxrqqm8Iz4rGOi/yRrp4i9F3lNuGB +TMo1RP8SFFh9wXvwxRqh8/uWKdeytgqgNbXAA9Lu93IDniGH3ELM655mxbEHFR5W +omCVKu7LTNCgCx1gJDd4zb9cNz0Fmn8dFbdHcmMecil01sDITq6pJRp/niB8MFx9 +Fp8t1wf9FrPVbZ5+yKTVfAms3xgj9NmEs5pBZNbz/z4PKW5WY/fObSAiIwNp+17S +mkFE65YPa93DXjs4u62rP21i5L6e5u7rE/hpw0DbWLpkcYrVUrzoEfWXLnBpcCam +OexWbAZMmp2MWF9YOVsGmAfgmPpE57SPvmuh48vFZfnx58hz/Ejg0MUrtvgRzy0X +RcaSX1AJUJ/+M/qsMNR6AX5z2Ofal1nZj5/lfq/OS2lakn2SbZPczuFb87QjXTuj +GXARzXVlnj4CFHO8mep5Z8SsLHOj2Fdljk3EWoNvm2yE+7nbKHVAeDaEqA3lf1Qw +jZsUX3Smc7jc0hRccvwsaNLDST4H1uorCIqGgtqRhH/FsH7jlmqLi2+CaLLd/KwA +VOJoSLaZP3pWJcF2r+sNfrgsFkK3Pog9BRVt45QCarnnmFKu5PmtGnXDw4kc7eVG +z7on+oRURza5mo0HNZTe+JaJO3FdO5fULxn8kk2JpEGqqSbpT1PUCjAc9oShvV7b +qtYMyFLHn5KBJ64HUdQkeDq7o1s2rmQwbIt48xGRYbUuINFBC2KS4oTPlI8jPuzp +KKWC5TGywFtdiIJTWKyPFiHsOM9nAFv+t/rFVkzThrTPlg0W75TQWcK588Id2yzL +bzKKwKV8N3LcIgVcr+bZHooJbA== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/FDBLibTLS/testdata/test-server-1.pem b/FDBLibTLS/testdata/test-server-1.pem new file mode 100644 index 0000000000..3eff22ab77 --- /dev/null +++ b/FDBLibTLS/testdata/test-server-1.pem @@ -0,0 +1,81 @@ +subject= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Server 1 +issuer= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Intermediate CA 1 +subject= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Intermediate CA 1 +issuer= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Root CA 1 +-----BEGIN CERTIFICATE----- +MIIEIjCCAwqgAwIBAgIJALOPTrQGpet1MA0GCSqGSIb3DQEBBQUAMIGRMQswCQYD +VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJQ3VwZXJ0aW5v +MRMwEQYDVQQKDApBcHBsZSBJbmMuMREwDwYDVQQLDAhGREIgVGVhbTExMC8GA1UE +AwwoRkRCIExpYlRMUyBQbHVnaW4gVGVzdCBJbnRlcm1lZGlhdGUgQ0EgMTAeFw0x +ODA0MjYxNjM1NTRaFw0yODA0MjMxNjM1NTRaMIGIMQswCQYDVQQGEwJVUzETMBEG +A1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJQ3VwZXJ0aW5vMRMwEQYDVQQKDApB +cHBsZSBJbmMuMREwDwYDVQQLDAhGREIgVGVhbTEoMCYGA1UEAwwfRkRCIExpYlRM +UyBQbHVnaW4gVGVzdCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBANlALdHnBWuhYm5bsginazmSRHO0l0lpyjbG6EdlPFLg/Xb7Q3tILGRd +J585iqhCLRRx/HZ0j+yv1WZ3ZFcOEZMessw32kt0LN1fbYPrKkHVkQtZjorxnHWa +IW/JMBvMCZHag9vLI87TRtjMicB9ZxIl4Sppal7FZ0ggYBlOZ+T5G3j08y4tszrr +3Xg4BOuKziSmgQrTBObOG6IvsxZZv/MtwnvPeIowBUOGaux5CIjyotmaUxxaRlH9 +jbVpojtYCDskwSOq5faqPSpaoOKyXLQ87ayAL6nAP2dXvcv44kaaZbZ5lSyrAW3P +hMsGEhhhkdHfrG6ACwHV45k/m2r4kUkCAwEAAaOBgzCBgDAdBgNVHQ4EFgQUw4g/ +xtD1EMkhSpS8jqKa/15emtcwHwYDVR0jBBgwFoAUTmRatAIHMe7uobmAx1qbNnSU +elIwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwIAYDVR0RBBkwF4IVdGVz +dC5mb3VuZGF0aW9uZGIub3JnMA0GCSqGSIb3DQEBBQUAA4IBAQCbNF+pt4RdLkyd +fC0mNxctQeCTIWfoazpZxNrku0gmQmlWnsY8J9TMhF0Mfd3tePXGTsPRyybWObIw +6IKvYCvK8mgz/BlB4RSWs/evVuy+z5hFeBQJJ66dPhfb4gnLw9qnmpXrgudvZkMM +F6pjsNAXxj7yXX5PvgLg+0VysElquwviuQl4AQ4Lit57U+TlLlkRFcTxbb1pZAAK +4q9SWf6rTqwBW6qr8YMbInRZ//cUfprAbDJ2rS6bP+X2S8Qftl66iNOJkhkbRosy +NVn44DGUw5UHL2T4g6FhziisHoga7rMRqMT4Kmo/xcFzRPbP7jggqV485JyLmxXw +vfypbIxc +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEAjCCAuqgAwIBAgIJALOPTrQGpetyMA0GCSqGSIb3DQEBBQUAMIGJMQswCQYD +VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJQ3VwZXJ0aW5v +MRMwEQYDVQQKDApBcHBsZSBJbmMuMREwDwYDVQQLDAhGREIgVGVhbTEpMCcGA1UE +AwwgRkRCIExpYlRMUyBQbHVnaW4gVGVzdCBSb290IENBIDEwHhcNMTgwNDI2MTYz +NTU0WhcNMjgwNDIzMTYzNTU0WjCBkTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNh +bGlmb3JuaWExEjAQBgNVBAcMCUN1cGVydGlubzETMBEGA1UECgwKQXBwbGUgSW5j +LjERMA8GA1UECwwIRkRCIFRlYW0xMTAvBgNVBAMMKEZEQiBMaWJUTFMgUGx1Z2lu +IFRlc3QgSW50ZXJtZWRpYXRlIENBIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQCqE74CmPzqGMCmWWTrCDBOShmiOcu266V0+upPBn3aEo3ZUevdRDIZ +R5waXh8sVmxoUfQdwxOBZPZFSLULPU9vQDny2DsbYfJ1MLNzEH9W5gHc5YzpvtuE +6cZvaCb8PLGcGOesACwJ2tpc+lI9ZxfB/vIO/ZUcg0mHfhcaE1bHRVrj0yZTkPe/ +yhQWWQshS6locyn+LbvayB72uaC4OeCbucGOH6B4SU1pBpG8OPMD3ktES8nIjDdj +RnuiPestjt7VIB6u37CsTSupK9Gxgyi7U9JI7kwCnRinZmHygDzLzlQ8Awksg/Qb +NuSfV0OcNG3O/Xal4OWhS1AMpayPMxXFAgMBAAGjYzBhMB0GA1UdDgQWBBROZFq0 +Agcx7u6huYDHWps2dJR6UjAfBgNVHSMEGDAWgBQIWQAHRYgGMY/ziEvCGaoqIFvJ +eDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUF +AAOCAQEApoV9izIHMB4418NP8FTdsToMwemxIs/ASoURGPnXnDG3EG9R8E8h64bg +38fddyaOR4AkWyn1DELzlp2vdlA4v8xY5Fu4au5MSvpxzf8H2ia3QUP/xEGj70Vg +6BJhRWQ/iOALVLVsTvJmhXQBlhIsFZMi0eIcr8CqpZ6x80SuLgl67omBvqpoVNuA +Y0FKgva+bNcEDhPur7LYAiTT+0ykgKFMR2/KnPDJOh12lYMw2ILQIQXuYCJJOXNy +nXDXa7l8vxywxMtdk5jqAB8Jct+9gV69F5uW+VuP9CEfHXpOZmDsxbFzsQbU+5mD +xj4rdSXEuk8h9bOBuqUBR9opl7jw9Q== +-----END CERTIFICATE----- +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDZQC3R5wVroWJu +W7IIp2s5kkRztJdJaco2xuhHZTxS4P12+0N7SCxkXSefOYqoQi0Ucfx2dI/sr9Vm +d2RXDhGTHrLMN9pLdCzdX22D6ypB1ZELWY6K8Zx1miFvyTAbzAmR2oPbyyPO00bY +zInAfWcSJeEqaWpexWdIIGAZTmfk+Rt49PMuLbM66914OATris4kpoEK0wTmzhui +L7MWWb/zLcJ7z3iKMAVDhmrseQiI8qLZmlMcWkZR/Y21aaI7WAg7JMEjquX2qj0q +WqDisly0PO2sgC+pwD9nV73L+OJGmmW2eZUsqwFtz4TLBhIYYZHR36xugAsB1eOZ +P5tq+JFJAgMBAAECggEBANOvV3Y5tuxi+jgyHM2V5ELapNxhUTB1ZlXthpNar2bK +V+9BcUWE08yPgHYDaXn90VMkpiz98udbhYIsP5cb3EAQH4QhwBDZiIXD4EA0Op6f +bI80mlIEjsGAh6gWz0umioSV+PmHfMKg112UH31yM6ZZRoc+5CioDLUY5sqBvXY7 +AGnxMslXEesIP9VLzautKJJGoCXyZgoEiOpUn1N69BcupipekFNlsIANwqkktE+i +gfq6xC4pxUx8w9wkStVg0DPiasl8cOvD4Cle4Sk30itWhIzQnB0uoUcfVsjiuiuT +kGt0pboQyGrezSsbyjh4vo6kAABc1oxeeNIVh+BHeqECgYEA9illuy5qwcxaHdb5 +g06WIpFk+HsX2yN8wH3FRoDwU2YfOWSP4+bsyCD6KRzfm+Diyucb7B9aLq+k4FvZ +rRhgVvoaGLzLwqU1ue5EQHcmcNabGhJ2kzp9/MeyWa+zxe1l9ugjdgIQt8HA75xI +dMFSPCfCFmXQVP761y5lWSFTOFUCgYEA4e76jMsFY7WEoMNgmiIzN0uk8b6Z1U9W +kmW7ARrRlbjIaBHJCvblakCIir7BqO7Qyw7E/ssbGTBG7KN+ZxhB17RgAzQla5b3 +VtXQ+wTLbsaL0XSjTvGJcseKRGpLA/9JT6krcDUWgWWp9Za+XOqE6138A1S7Uzom +d5Kq4clMuSUCgYBk7e5XRB3jnh0o9PbTHsqyG7kxpI7QfAlvh2H2mXFwUIPm7VOO +FyXonJTVfJA2gouatA2fz+8TC1Nn5mEm9sKxhtRiZi6JfWG8/XOglvn89BEeLInP +rgDwPxTibwcf1UmkZeP8Q7aFEX1BAWw36vgD0C1lL5Ou9ej1h4FofSB5DQKBgQCB +d8OFuLVO7O6ifTM3QA/fSO6tRQ68KKmwXLFrsaWWSXw1/rMZIGBYocBc2XD6UFe/ +dKg4ZcUSixKpegruIv1gEVHPpCspWypDTWVi4t18jjQDA/atP0YHSwcVq19vW/Pz +vTpSI2nRHqPlQsu1TQJ8KbBHbF+oErOGY7qehg78LQKBgQDl3/srSZihKYwva8a+ +FQrZ0978WwD9JsUOFuHp8gQzdArFiK4VCCv57VTL/4cqdVOwW9eDhgeP5cKnAQ99 +5HZzLl+L0b0QfGcerPn4002Us09g7eAh5vHHY7BpdXOU9a9lgfOVWEIMWp1NSGEc +vd2TbSD8vDjbd9hZYh+pqkddCw== +-----END PRIVATE KEY----- diff --git a/FDBLibTLS/testdata/test-server-2.pem b/FDBLibTLS/testdata/test-server-2.pem new file mode 100644 index 0000000000..349abb4e2c --- /dev/null +++ b/FDBLibTLS/testdata/test-server-2.pem @@ -0,0 +1,80 @@ +subject= C = AU, ST = New South Wales, L = Sydney, O = Apple Pty Limited, OU = FDB Team, CN = "FDB LibTLS Plugin Test Server 2, \C2\80 <\01+\02=\03>" +issuer= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Intermediate CA 2 +subject= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Intermediate CA 2 +issuer= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Root CA 1 +-----BEGIN CERTIFICATE----- +MIIEEzCCAvugAwIBAgIJALOPTrQGpet2MA0GCSqGSIb3DQEBBQUAMIGRMQswCQYD +VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJQ3VwZXJ0aW5v +MRMwEQYDVQQKDApBcHBsZSBJbmMuMREwDwYDVQQLDAhGREIgVGVhbTExMC8GA1UE +AwwoRkRCIExpYlRMUyBQbHVnaW4gVGVzdCBJbnRlcm1lZGlhdGUgQ0EgMjAeFw0x +ODA0MjYxNjM1NTRaFw0yODA0MjMxNjM1NTRaMIGdMQswCQYDVQQGEwJBVTEYMBYG +A1UECAwPTmV3IFNvdXRoIFdhbGVzMQ8wDQYDVQQHDAZTeWRuZXkxGjAYBgNVBAoM +EUFwcGxlIFB0eSBMaW1pdGVkMREwDwYDVQQLDAhGREIgVGVhbTE0MDIGA1UEAwwr +RkRCIExpYlRMUyBQbHVnaW4gVGVzdCBTZXJ2ZXIgMiwgwoAgPAErAj0DPjCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO6tYgoMCdvU9QQT556tSgaAGtkf +u2IMZZxoqXqK1Qpfmgg+PkG8+5Dzf+ExdjQUUSS8fPf8AMFx/ZIAMZeNEOnHYPLH +p8iWbIDYyoqqI089WQ5yZ5lypqLvdiTt9HfgaL+rI7fIPNlcGiwdDNq4I9r7rtGv +SoY2ZajgR5hVMessAhVEgb/ahUXlnF2qpuzaSKJMpJU+eCpWO629nNnDCWbJpinB +B5xqhXLdf+clHqdwWtGQVdWTxFOLgy3KAw947FY15hwhZvPSAC1zV/bgaKdh5Tn2 +hXCG4mLQUj/vIX0j285zl0B1i+1tkw+2saUZq+gwvRkV9y2kXNFBlPEcZasCAwEA +AaNgMF4wHQYDVR0OBBYEFFItD8P8VeKOiRbgLBAIROtUHTOnMB8GA1UdIwQYMBaA +FI3qUMbfoAWLeyNOiULqI+o1FAmMMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQD +AgeAMA0GCSqGSIb3DQEBBQUAA4IBAQAnVKze/bSM5Azr5Ig/QfpLTEMSiZJ/A8cM +99EnThay2ZuF+1hUA3JMldI7pgOqCtuTp7BOI1UsMs+KdtJh1eMx+HQ632gf3Hv8 +9k5Q1cONV/mxZywwfBItFf1i49Tj0NXZZKiSyoiUoDaiWMHdpXTdWSu05lpx8rDJ +tcQrrxRFSc3togqvs1+PW+F10s3x0uv5ocHLZ889vx6P8gVleKKP/O8vGOBc44AO +SS/oBHDwY8Q+1blG3tCbSgVpZ1SF6njnMff4fO+LGS8W5aCcHaqne+CeqH+b/GxZ +NUr9Xwh/OjDE8/REGkOwxywvMJEhI9aLxgW7a6yjcMG7HH94pZ4f +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEAjCCAuqgAwIBAgIJALOPTrQGpetzMA0GCSqGSIb3DQEBBQUAMIGJMQswCQYD +VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJQ3VwZXJ0aW5v +MRMwEQYDVQQKDApBcHBsZSBJbmMuMREwDwYDVQQLDAhGREIgVGVhbTEpMCcGA1UE +AwwgRkRCIExpYlRMUyBQbHVnaW4gVGVzdCBSb290IENBIDEwHhcNMTgwNDI2MTYz +NTU0WhcNMjgwNDIzMTYzNTU0WjCBkTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNh +bGlmb3JuaWExEjAQBgNVBAcMCUN1cGVydGlubzETMBEGA1UECgwKQXBwbGUgSW5j +LjERMA8GA1UECwwIRkRCIFRlYW0xMTAvBgNVBAMMKEZEQiBMaWJUTFMgUGx1Z2lu +IFRlc3QgSW50ZXJtZWRpYXRlIENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQCrmd2lnZGJt04Zn7ToQBf4zaBNe87YlMGc7gkA9P1fT3QBuT9K5x21 +P3SZQJj9KQ8LQwLYTUTPaJDPQ+rgZrFU9e8lTrKtjD4uPafzSDXLBDz4sDrj26hd +jh7ldMh0qMb+pvzMI+/R1oULQH0+45oweFeEfdrXeMOgITJXtNd4lPB6ezkkIE++ +xbeao2bnTfFVwCsSDuk67tEPce2CKt0jI1/8nLcs4qd3uM0bRWyPd+i6rDQckW/3 +rapPqCiGZoYLwMMVKfZMtLRftx8JQsvK+7vwU+SgOSI9Of8KYkz1nykKEUA0U2Pk +8MxOQ2SFC23ChcZMNaTWxfUQT0Enab4xAgMBAAGjYzBhMB0GA1UdDgQWBBSN6lDG +36AFi3sjTolC6iPqNRQJjDAfBgNVHSMEGDAWgBQIWQAHRYgGMY/ziEvCGaoqIFvJ +eDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUF +AAOCAQEAMHVjMu0aJnfmj44CLsdBVzJSFSg2ibvyRLbIEL22i5HnfAnl4uCW5ms9 +/pYIaOqw0r5av2WfeKBzarGfBC0vnMGUog7rjv6CFDT52o/w5w9ScNAE2m85Ibt4 +q9rlFSh2zOYUCfG5F+7cGHHYrWNvQ4X8p2qziUHZEl3i9hCr9edt+XnVj6Oelb9q +3zDdqOwSklJ4DzcauZORv/FwRggqZlp6upuIdVC5lIygd92k6RugQOwrWhLlaAi+ +OC6Sw45W0RG0K4WqLBrErmqH3OmV8O1xNIAFjADR70AgKYAO9mOobTRx+iD/me5R +0t0M0NLKAVEGiOTvznu/yxnNkDTpsQ== +-----END CERTIFICATE----- +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDurWIKDAnb1PUE +E+eerUoGgBrZH7tiDGWcaKl6itUKX5oIPj5BvPuQ83/hMXY0FFEkvHz3/ADBcf2S +ADGXjRDpx2Dyx6fIlmyA2MqKqiNPPVkOcmeZcqai73Yk7fR34Gi/qyO3yDzZXBos +HQzauCPa+67Rr0qGNmWo4EeYVTHrLAIVRIG/2oVF5Zxdqqbs2kiiTKSVPngqVjut +vZzZwwlmyaYpwQecaoVy3X/nJR6ncFrRkFXVk8RTi4MtygMPeOxWNeYcIWbz0gAt +c1f24GinYeU59oVwhuJi0FI/7yF9I9vOc5dAdYvtbZMPtrGlGavoML0ZFfctpFzR +QZTxHGWrAgMBAAECggEAKgnBxdE+/0gv64rx9cHB0wlHMUzkfS1/zB+nEh1Xzp7u +C1ujLYLysCIjOO+0SRH3BMhqHmd1Xp0MM2XzViUTgImMatZ9l9fevobwjaHP3EoK +4H+H/b/y16njnjeHIoIVEQU8okcTaJlPRsvLEs7yCcTgkrAUKTV1jFwMYClJRIlB +tH3IwlTc4X4ISLs8jU5TbDwbX/vsfOL9dbhnI0pRJYbjx0A6bPeIwPcBv9MrJ0zC +J08v6CtBtfhg/rr0Il3Shhr+he74R6r9C82095XtdPgV2RdXrwD3VZfJ1N+VE2g4 +xdIQI4TybL7olsduwDz4EDcAkLLQNuMQIJrvmYtDMQKBgQD5dp7whs70bagEIhNc +sviVpOzbwzpB4jjOaJuS+SpTYy6xiZ1GSXokjAlGnx27YJx2F0XsGNbD8YEJplrW +pl6xxxJJ76ClpLMJ4dOaUZICaOUJlvFs/a/eq1DPzm/8de8VnJPxV8NHURGoItjD +Cp5J5Hfs09pAoGed41OU4H1VaQKBgQD07mjzDBOiRMgIyoQqkO7KSUy4VxPWRw/e +UURwkWlDPyb69x8VMlaaVNvtA+C7bHGGNCxQEcl9hy/eFNeLvxZZnB+3CG5BBIfT +ZFXwDLlt4Cck7lT8RmGCHmD7uEeLsKlFXLmdIsGdy4vb5UJoluU1lonYdfMmF1r5 +Wn1D5Yhb8wKBgQDxyxnvBJtfq1Go/+ZIeWgck4jI0YeMCFsLJbV1VXDC9mVxy3LX +h6yN8/Whr+Q/lDrS82fgmYrAzTpHQijV2Nf79Hozk8HgC61FrM9OyjV9hHJLQzSq +cZGff+mKIgvFZgHgrq1uxaQPYfJ9R5lWItqdwIbE0+q9rTwBey+uI5EX0QKBgCQA +WxrGfqhOVdy877pV/VNsfMNnwTmwzktORLILHZ7NzIv9AOubr5EVwhHPjRvfb7xb +NNw8ERLLaSTKiXg4CS/4u8yqh5I0+UYALIWRSTw2Q2qxQXqnWbPHhVfamWGWAPt6 +CqpnLnBkN9WFmEJJU72RuAdCJxBFRJD8VQdC2M0zAoGBAOpbXf1MPtwQIOrBsKiw +pvlRzVKuW4fo8LNqkk/m5f+hR7kptfc2uDU1HiyOjsrsh1AnYD+sg3bH1XGs5Ai7 +y5+C0hQHQln+HWpe/5Pw6IPRsgTHRRkKYtS13QyDGHybU+Pq8ZnY20POOBZyMLqo +jKg/enqxtKZ6M+U4HcjKbewH +-----END PRIVATE KEY----- diff --git a/FDBLibTLS/testdata/test-server-3.pem b/FDBLibTLS/testdata/test-server-3.pem new file mode 100644 index 0000000000..9ecefed291 --- /dev/null +++ b/FDBLibTLS/testdata/test-server-3.pem @@ -0,0 +1,75 @@ +subject= +issuer= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Intermediate CA 1 +subject= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Intermediate CA 1 +issuer= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Root CA 1 +-----BEGIN CERTIFICATE----- +MIIDCDCCAfACAxAAATANBgkqhkiG9w0BAQsFADCBkTELMAkGA1UEBhMCVVMxEzAR +BgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCUN1cGVydGlubzETMBEGA1UECgwK +QXBwbGUgSW5jLjERMA8GA1UECwwIRkRCIFRlYW0xMTAvBgNVBAMMKEZEQiBMaWJU +TFMgUGx1Z2luIFRlc3QgSW50ZXJtZWRpYXRlIENBIDEwHhcNMTcwMTAxMDAwMDAw +WhcNMTcxMjMxMDAwMDAwWjAAMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAqMXM+ZMsh7LrUrGS1Kw6z4eTccaITGxJ2bdPpPrerwQG/2lj5N9kl/YUAUwY +d/iCmc2ZiZ0xf12R39yDiZrzn+QSArmgKpXRoGStleTRw3Zr5KMO9PhCrDrNTP05 +a95y6Pi+GFn/xG74P7dg9JVcmKZ5DS9LKheLzR8wbYNQ28BEq4ljVJ5FCXrSqO1v +tQZ/dK8ThZw64ODFhKNFTTspk6VAecnIG6ABU3E9EZ038423q6OZERBXlHU93Y8F +IGlzaD4zKEGhzbmAdG1+Z9xq6DcuQkrIUzUgHVljIpMGCXzNe7tkXYw29lAapiIK +bcH9GBM6hg3p18SZBsUmYkslhwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBohEcs +wqGHDfn756yZTwX8415Xm4qC9MqcA50I4JGk9KqeUxLCytultTvNIkFMm12TyqAK +lMFK/GFvwJwlz+dBrsraaosw2HVZs9e/kHJA70R/iNwhXb0RUIJrBxzE4M9gQ4I5 +I9DBo8hoaaPU2awHE2Y694qW4dEdFXz2637Afnb/euJ2zm3nhrV05pKu/Wer9cjF +W8Opx2AjgB+/ixftVQuGr3fys0tvhpZlC7MYnFvKFlh6QFvFCSa9M5ESHrnuRg2g +sqDTqdWab1drQvWZyiIBATErMlgQxsAQMT8YH4U4qbGcicYh8Zw4ZIRyHZndMHIU +wgO+WZp3DVHg6Y81 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEAjCCAuqgAwIBAgIJALOPTrQGpetyMA0GCSqGSIb3DQEBBQUAMIGJMQswCQYD +VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJQ3VwZXJ0aW5v +MRMwEQYDVQQKDApBcHBsZSBJbmMuMREwDwYDVQQLDAhGREIgVGVhbTEpMCcGA1UE +AwwgRkRCIExpYlRMUyBQbHVnaW4gVGVzdCBSb290IENBIDEwHhcNMTgwNDI2MTYz +NTU0WhcNMjgwNDIzMTYzNTU0WjCBkTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNh +bGlmb3JuaWExEjAQBgNVBAcMCUN1cGVydGlubzETMBEGA1UECgwKQXBwbGUgSW5j +LjERMA8GA1UECwwIRkRCIFRlYW0xMTAvBgNVBAMMKEZEQiBMaWJUTFMgUGx1Z2lu +IFRlc3QgSW50ZXJtZWRpYXRlIENBIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQCqE74CmPzqGMCmWWTrCDBOShmiOcu266V0+upPBn3aEo3ZUevdRDIZ +R5waXh8sVmxoUfQdwxOBZPZFSLULPU9vQDny2DsbYfJ1MLNzEH9W5gHc5YzpvtuE +6cZvaCb8PLGcGOesACwJ2tpc+lI9ZxfB/vIO/ZUcg0mHfhcaE1bHRVrj0yZTkPe/ +yhQWWQshS6locyn+LbvayB72uaC4OeCbucGOH6B4SU1pBpG8OPMD3ktES8nIjDdj +RnuiPestjt7VIB6u37CsTSupK9Gxgyi7U9JI7kwCnRinZmHygDzLzlQ8Awksg/Qb +NuSfV0OcNG3O/Xal4OWhS1AMpayPMxXFAgMBAAGjYzBhMB0GA1UdDgQWBBROZFq0 +Agcx7u6huYDHWps2dJR6UjAfBgNVHSMEGDAWgBQIWQAHRYgGMY/ziEvCGaoqIFvJ +eDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUF +AAOCAQEApoV9izIHMB4418NP8FTdsToMwemxIs/ASoURGPnXnDG3EG9R8E8h64bg +38fddyaOR4AkWyn1DELzlp2vdlA4v8xY5Fu4au5MSvpxzf8H2ia3QUP/xEGj70Vg +6BJhRWQ/iOALVLVsTvJmhXQBlhIsFZMi0eIcr8CqpZ6x80SuLgl67omBvqpoVNuA +Y0FKgva+bNcEDhPur7LYAiTT+0ykgKFMR2/KnPDJOh12lYMw2ILQIQXuYCJJOXNy +nXDXa7l8vxywxMtdk5jqAB8Jct+9gV69F5uW+VuP9CEfHXpOZmDsxbFzsQbU+5mD +xj4rdSXEuk8h9bOBuqUBR9opl7jw9Q== +-----END CERTIFICATE----- +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCoxcz5kyyHsutS +sZLUrDrPh5NxxohMbEnZt0+k+t6vBAb/aWPk32SX9hQBTBh3+IKZzZmJnTF/XZHf +3IOJmvOf5BICuaAqldGgZK2V5NHDdmvkow70+EKsOs1M/Tlr3nLo+L4YWf/Ebvg/ +t2D0lVyYpnkNL0sqF4vNHzBtg1DbwESriWNUnkUJetKo7W+1Bn90rxOFnDrg4MWE +o0VNOymTpUB5ycgboAFTcT0RnTfzjbero5kREFeUdT3djwUgaXNoPjMoQaHNuYB0 +bX5n3GroNy5CSshTNSAdWWMikwYJfM17u2RdjDb2UBqmIgptwf0YEzqGDenXxJkG +xSZiSyWHAgMBAAECggEBAJi3/EXuVkIoteZrRulpPAJktRgkRVuaNa1rwgcQ94Y5 +R7fA/yKwvs7/XpTZ7d5JoqxYLlInSw3sdr6yRNi0vTV25JFQtU0zqq/Pyn+zwdh0 +hScsIbGsIHDG+NVs4pPog+SqiSFx9w4iOEM3xeUsbtC2+xziKcrZ6ahgS6sdQ4LE +3Wh6MfQTg36GWIhM4FgMiDVWOVV5lXjeRYtNWygfcr7dSDR4LTkUYFXOw/Y2r7gj +U/iWKGXv0VCb5fuzuDSyri2yfOFk73MxknSGseVF9ovUdxZVPaXGhKUt1687yB0o +k5vs6h1bHfutr/YyY8onp1k9teVMFdK1PTbwCKGcCokCgYEA0oF/pCd/5HPDbG6U +a1Yyl9pTWR/+BD7jy0cI39FM6hvNvGuoSaIJNjq1wlTA+HYPKD7WXdnInKQIZhhW +beNP3K+6lbMWa3vu3OlghlwbCymVH43mtWShsoJAACSsH+cjSJUKqxGRbebG2lJb +WFkCxPuGkOeMi3cY1mB+m6Aadz0CgYEAzT9cS5wSW1gTyrZAX7kgnQWdxttIIc53 +JnJXkNt9Re3WZ/d958hTO8GKeL5TRGUWP5B3depiRNedkqNq2Pb03/H7IdeIUnx0 +XDYy34Aq4LFuoss3gMBpQntxHi1ZsK8Dr0OhCmiXKRbOnG+DtRZnFtnWUMHsxT1T +GP97P3QKPBMCgYAt+GnPh3C+iylaPKvc5O4Xi244QGxQsQs+ET0245ZQadH8G+ac +be5lEV0wGyIpIF8fAtn9lNnim0/aO+ZkCQgfwaCVoI582ovHYo/Zx7OANIyEX5DK +fDdzrE4dueR88xUZfLLfuO5xebxjYSjhmk6oheVVL7vZmSCrcFc11TjyYQKBgEEj +TahVVOIWdtmLs6xtdXM/+A3HRAIuo1PZT/8SGZTa4YPHYPbxdbDuQIMHbCe1qTTt +JWyPwTY187U5Fczbu2VjR5865vG+u7MUJFsYMwNybDlQI0JCTmWiBYldPSy8rn+u +B+rkvKx2p4WwQm1zOa5f3gttMDZ8uuWhFz1RF3pvAoGBALEhLdvVbUVjWJzjQOep +hKdWXuo8hWd29XaxYrZkz0BatOxcPVK4PnaTH+dt31vhiE1EpYBFxb6ZsHu+g6NT +x1tsPWY+weGDpIdkvaQt9zrqLh7QaHpvu+S/2tV7DKpx9Qu+NlUsD/Vi12LnRxPU +0Kbv5wbAtjOuAoYMgcb19P1e +-----END PRIVATE KEY----- diff --git a/FDBLibTLS/testdata/test-server-4.pem b/FDBLibTLS/testdata/test-server-4.pem new file mode 100644 index 0000000000..24e0f7a077 --- /dev/null +++ b/FDBLibTLS/testdata/test-server-4.pem @@ -0,0 +1,82 @@ +subject= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Server 4 +issuer= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Intermediate CA 3 +subject= C = US, ST = California, L = Cupertino, O = Apple Inc., OU = FDB Team, CN = FDB LibTLS Plugin Test Intermediate CA 3 +issuer= C = AU, ST = New South Wales, L = Sydney, O = Apple Pty Limited, OU = FDB Team, CN = FDB LibTLS Plugin Test Root CA 2 +-----BEGIN CERTIFICATE----- +MIID/jCCAuagAwIBAgIJALOPTrQGpet3MA0GCSqGSIb3DQEBBQUAMIGRMQswCQYD +VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJQ3VwZXJ0aW5v +MRMwEQYDVQQKDApBcHBsZSBJbmMuMREwDwYDVQQLDAhGREIgVGVhbTExMC8GA1UE +AwwoRkRCIExpYlRMUyBQbHVnaW4gVGVzdCBJbnRlcm1lZGlhdGUgQ0EgMzAeFw0x +ODA0MjYxNjM1NTVaFw0yODA0MjMxNjM1NTVaMIGIMQswCQYDVQQGEwJVUzETMBEG +A1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJQ3VwZXJ0aW5vMRMwEQYDVQQKDApB +cHBsZSBJbmMuMREwDwYDVQQLDAhGREIgVGVhbTEoMCYGA1UEAwwfRkRCIExpYlRM +UyBQbHVnaW4gVGVzdCBTZXJ2ZXIgNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBANkcEPk77yl3JC11UYMR4IWtK4GZpZQ3QOMAD5UHM/naEOQ+tOcbU+C9 +WV+1AnPdmjdMgTuoPg4enJHJKqL/RcBdBfidOmlvgkXJsK22VAGX2vc2kl3KbM2O +8wdW0Wg1+1X6PsLl1agVuqA35BTtKliFGq2kWn/GD7g6Cr5cCcGCBh9SJo2WsCJB +S1NDeq/p0yST4C60pLpLC+nWerzclgZhtWE2rTQyPieAzMbK6BLI80fkyPnUjFLM +q8PZaZUHE3Vfb1GR5cQ2Xo9X433g68BzmPEkwrXi7Kz0clGQkihorlZcwKcBJtmw +sQr4Cj5THn939NDJLjrTTeBLsC1vhk0CAwEAAaNgMF4wHQYDVR0OBBYEFJEzltQT +5y5gQwKRibK7NAjfvJcfMB8GA1UdIwQYMBaAFNJkFNeVtJApFs//7Jvd5R/+BJ0Z +MAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBBQUAA4IB +AQCD1/J06qb2mCcU2+nHKnSfuEg0lqyFiPm/MW+Mti0tqU49QtGzPTqECYIPgGgI +RbiWU/+lvTwShF6TnSynnvFAXpiqzogxgTD5AZAFaatDj07TZpeL3+15JZQRAA1c +JTGSiYbmEBR6H71aXVgUuIbiYp14Q63RX3OcOD65Yycn3jKOfUrHgfPn84+HDusW +2BscBu5fWmH0iNUxblVIihS5XRGoKnjcYAfBSuZ6T/0EOVEITV11Zd8cum97C9xO +a+ZJlwIPd8pM310DsulBC7EaQJNmlEaGrYHsBfjUZe93BsPfA/SK2iBDotuiSfoA +ZQslO1EMS1zORQb3LXDFZBuJ +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIECzCCAvOgAwIBAgIJALOPTrQGpet0MA0GCSqGSIb3DQEBBQUAMIGSMQswCQYD +VQQGEwJBVTEYMBYGA1UECAwPTmV3IFNvdXRoIFdhbGVzMQ8wDQYDVQQHDAZTeWRu +ZXkxGjAYBgNVBAoMEUFwcGxlIFB0eSBMaW1pdGVkMREwDwYDVQQLDAhGREIgVGVh +bTEpMCcGA1UEAwwgRkRCIExpYlRMUyBQbHVnaW4gVGVzdCBSb290IENBIDIwHhcN +MTgwNDI2MTYzNTU0WhcNMjgwNDIzMTYzNTU0WjCBkTELMAkGA1UEBhMCVVMxEzAR +BgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCUN1cGVydGlubzETMBEGA1UECgwK +QXBwbGUgSW5jLjERMA8GA1UECwwIRkRCIFRlYW0xMTAvBgNVBAMMKEZEQiBMaWJU +TFMgUGx1Z2luIFRlc3QgSW50ZXJtZWRpYXRlIENBIDMwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQCZ3UPCarKiS+IqK2VvB0lVQ3L0TPuNUov54L7ELFnB +1lijZWX2wX3Vi0uAyvwmLi+PYkUkzhaNhGWbVPHEFqsOzwMbifGLfdxjetZD0kOr +ZuARithrDXVWZegIXEFDUdnpz74TKG6rCQ6o4WMIFUV/j9770iMtrMABr/BwASrE +sVqAqNe4bOqHJyxyeTxF/vCRme3PVf+u06mM9OLxVVaPRK+tiysdKprjs6oyFoxT +S/Cl+vv7Lnt5Yth0F7YJGMrIKDPuSWCqAfKWAc+b73XPQ14coIczVzQAikyRFmGa +9aaw0aWYI2gjTkuah0c5fboZAuHT0Z7nQVtYUyIYRY8BAgMBAAGjYzBhMB0GA1Ud +DgQWBBTSZBTXlbSQKRbP/+yb3eUf/gSdGTAfBgNVHSMEGDAWgBT8PGmqenESXKJl +kdMkGY7ttNqMZzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkq +hkiG9w0BAQUFAAOCAQEAdoyvb/2+r587RMar6+/OauAVXWwnNEI8hhUvxiTnDq/M +TKu+okSAHSbGvYp5yGD2IXlEZHjtKnMapsih7tvm2VboM7U5Zi3aK7hjvk6Kxs5B +eynHP9dDnUWG/qRbAF83B3mK7ymmrZvJIDwHZEtY9Gmmmb9ty9aK2ywmYtlYgIS8 +FSh/qwzvThIiMuCQma9JJOx6ZDXV2YwCxYtIRAuTvIWuOckb608fPi812k0zYILG +q4VLhZTc2AM8H/629RBRV5zC/tqySLb3VgpWQ2vZSzUwuKIdIPs4lsbNqmsdWIyR +hHnl8610t/JAUdCPHDd1bBlYNgLhMKJTM8fGu9Ux/Q== +-----END CERTIFICATE----- +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFHzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQIx3nCjm2zsV8CAggA +MB0GCWCGSAFlAwQBAgQQK7Wa4+IkQwAbbEqowS8e8QSCBNAiqELNOXJ1yLnkuHku ++qMycK8XJQ/zqyQ2dikHzHX3i90OwHSdZp13i1uHe7nguq8Tz6NQqnEtcLevECz3 +EnEcAZK5Ipmonqn6QWZn6Lglh9mOv0Ykfdpiz2CKkJDwVzoWDPb/fOea0zlPNZAj +w8A+xsGA0Z2NkuBUpYFQgR6WtBKqndi0p6MRWG6aH21p3WCQ37jb0pzQTo3Ki53P +pq84JaphfSvj/DO7Cy0CfWHroAoODCxmjV8oPiddyLqk/Q3kv/nwHIqIKZN5s0OY +wSqkKJO4PkUqPPIa4QatKj7T6uZujRCEZIJPWfW/b9Om9CXdUpsvXEaZu41kAawC +jYyOqQ9CfCSC481R/LGtLOY/7vBiwUTRRLsrGeZkbmWMrK3spbsZqgTI5sl7Ya1C +tDOF7SUqauIdLLhK86jHwjLzebqv/qZ4W/zoOSFNlvsQCF4qRjLMlgA2JzOHtmAW +bYotgN+aOhQmxnrBJVBJChFE1vmsr+hpctJ0U62qtfD29yLO3q4xqbkg239lQEH1 +LtygB2mMJPtL3u+8K2ZNo2cZlNJFeDzNyPhB9+gT5Iil7OW897e9LJl5O/gCbgcS +IgDGY6vgLf64v5MjAbCTSmfX05biP9y1vgXqXT3YtXFqgCjsMZAKVibyXtq9DWUc +b6g1qX+RPBIGxHwCDQPoP/rdQF5WSWN/V6BYr2An9jLL2jRwQuvIG0hw8dtJWr45 +yGXP8A9QD6tL6rY9Bwzd0QjoH9HuQj9DwM6MRx0o2GG8lYJ5l70ZCHrHEO/3mKV0 +RvZBVCYm2wNRnrcmcfjdncMt2AF24Mk4CFcUgOUj8reK+Pg1+o5uThQwsPY7ttwq +rrm8/0Z9MIjPR/lKKunJU+SapULakhIsiSxuLP8R/G//wfjdZPO8T3AMlsyFglA+ +Tdq6b+ji2itL0foiUnaoJUVlH2aO6GteHxj8H4hfeF0IReYzfEiVjcew29sxY+MW +inLp0fcnAQqfk0rsA8agOIq/b/5PMpDvC1XM4MuRW7iLCydUTVENYYWNhIHffOy8 +fIQBTtqsHIEcytehZ6BjNIwr4JsdmcmUWiWveYIqdEv9ayIzuFQh5ZzAD/YemlXh +tCkKjoda+GKSdO5yUlZLRhkbmz/VSYXOLCYOo2nO0zNqyL/kMqQPjMNh6dxIKKTN +XXQjPUHDAjHWlBeXntM/Xqgl35QmzWb3gQU1xMEYqBDHkkc+lnhO/oSWBHaX43ov ++qnvcUaFGlDQexvFVO5AWujv4+Cx9eTukWjjMSKQ3RFsj8akPoKkl0Y+jONI4nR/ +WeSVSz7OFAT16Td8peVPnPCuz1bprmtBLJPSXTNgZNqDeudD9HnV2K0Rrg1D9rwy +NJyOERnw+9goVVqTcOTKON4FqqZM//aS2yrgnxLMjVb4bb69xgtBUjpoWHho9D1b +Aa88mrm8NsCIO8OxLrH9ZX4+CRpJa/SEmxPDQd/Z5qV1uMr7uRI3AlRkpqc3Ui8e +9qobzTd/VnIVMQK8JTW01/hwoK1mccEJPyF7phs22LpXZqKSU2oJ84NzfCLBvfyt +mipPVbuRblbmgRQiF0UhAzJO2JzeMbgY4M/zSXuet+YHYt0y1FrEUFh8dc9TXY8n +Rfsap1higlUefD6p/qj/E8KfVw== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/FDBLibTLS/verify-test.cpp b/FDBLibTLS/verify-test.cpp index d1754f7bb2..43eee377bf 100644 --- a/FDBLibTLS/verify-test.cpp +++ b/FDBLibTLS/verify-test.cpp @@ -22,7 +22,9 @@ #include #include -#include +#include + +#include #include "ITLSPlugin.h" #include "ReferenceCounted.h" @@ -32,10 +34,10 @@ struct FDBLibTLSVerifyTest { FDBLibTLSVerifyTest(std::string input): - input(input), valid(false), verify_cert(true), verify_time(true), subject_criteria({}), issuer_criteria({}) {}; - FDBLibTLSVerifyTest(std::string input, bool verify_cert, bool verify_time, std::map subject, std::map issuer): - input(input), valid(true), verify_cert(verify_cert), verify_time(verify_time), subject_criteria(subject), issuer_criteria(issuer) {}; - ~FDBLibTLSVerifyTest() {}; + input(input), valid(false), verify_cert(true), verify_time(true), subject_criteria({}), issuer_criteria({}), root_criteria({}) {}; + FDBLibTLSVerifyTest(std::string input, bool verify_cert, bool verify_time, std::map subject, std::map issuer, std::map root): + input(input), valid(true), verify_cert(verify_cert), verify_time(verify_time), subject_criteria(subject), issuer_criteria(issuer), root_criteria(root) {}; + ~FDBLibTLSVerifyTest() {}; int run(); @@ -47,6 +49,7 @@ struct FDBLibTLSVerifyTest { std::map subject_criteria; std::map issuer_criteria; + std::map root_criteria; }; static std::string printable( std::string const& val ) { @@ -80,34 +83,95 @@ static void logf(const char* event, void* uid, int is_error, ...) { } int FDBLibTLSVerifyTest::run() { - FDBLibTLSPlugin *plugin = new FDBLibTLSPlugin(); - FDBLibTLSPolicy *policy = new FDBLibTLSPolicy(Reference::addRef(plugin), (ITLSLogFunc)logf); - - bool rc = policy->set_verify_peers((const uint8_t *)input.c_str(), input.size()); - if (rc != valid) { + Reference verify; + try { + verify = Reference(new FDBLibTLSVerify(input)); + } catch ( const std::runtime_error& e ) { if (valid) { std::cerr << "FAIL: Verify test failed, but should have succeeded - '" << input << "'\n"; return 1; - } else { - std::cerr << "FAIL: Verify test should have failed, but succeeded - '" << input << "'\n"; + } + return 0; + } + if (!valid) { + std::cerr << "FAIL: Verify test should have failed, but succeeded - '" << input << "'\n"; + return 1; + } + if (verify->verify_cert != verify_cert) { + std::cerr << "FAIL: Got verify cert " << verify->verify_cert << ", want " << verify_cert << "\n"; + return 1; + } + if (verify->verify_time != verify_time) { + std::cerr << "FAIL: Got verify time " << verify->verify_time << ", want " << verify_time << "\n"; + return 1; + } + if (verify->subject_criteria != subject_criteria) { + std::cerr << "FAIL: Got subject criteria " << criteriaToString(verify->subject_criteria) << ", want " << criteriaToString(subject_criteria) << "\n"; + return 1; + } + if (verify->issuer_criteria != issuer_criteria) { + std::cerr << "FAIL: Got issuer criteria " << criteriaToString(verify->issuer_criteria) << ", want " << criteriaToString(issuer_criteria) << "\n"; + return 1; + } + if (verify->root_criteria != root_criteria) { + std::cerr << "FAIL: Got root criteria " << criteriaToString(verify->root_criteria) << ", want " << criteriaToString(root_criteria) << "\n"; + return 1; + } + return 0; +} + +static int policy_verify_test() { + Reference plugin = Reference(new FDBLibTLSPlugin()); + Reference policy = Reference(new FDBLibTLSPolicy(plugin, (ITLSLogFunc)logf)); + + const char *verify_peers[] = { + "S.CN=abc", + "I.CN=def", + "R.CN=xyz,Check.Unexpired=0", + }; + int verify_peers_len[] = { + (int)strlen(verify_peers[0]), + (int)strlen(verify_peers[1]), + (int)strlen(verify_peers[2]), + }; + Reference verify_rules[] = { + Reference(new FDBLibTLSVerify(std::string(verify_peers[0], verify_peers_len[0]))), + Reference(new FDBLibTLSVerify(std::string(verify_peers[1], verify_peers_len[1]))), + Reference(new FDBLibTLSVerify(std::string(verify_peers[2], verify_peers_len[2]))), + }; + + if (!policy->set_verify_peers(3, (const uint8_t **)verify_peers, verify_peers_len)) { + std::cerr << "FAIL: Policy verify test failed, but should have succeeded\n"; + return 1; + } + if (policy->verify_rules.size() != 3) { + std::cerr << "FAIL: Got " << policy->verify_rules.size() << " verify rule, want 3\n"; + return 1; + } + + int i = 0; + for (auto &verify_rule: policy->verify_rules) { + if (verify_rule->verify_cert != verify_rules[i]->verify_cert) { + std::cerr << "FAIL: Got verify cert " << verify_rule->verify_cert << ", want " << verify_rules[i]->verify_cert << "\n"; return 1; } - } - if (policy->verify_cert != verify_cert) { - std::cerr << "FAIL: Got verify cert " << policy->verify_cert << ", want " << verify_cert << "\n"; - return 1; - } - if (policy->verify_time != verify_time) { - std::cerr << "FAIL: Got verify time " << policy->verify_time << ", want " << verify_time << "\n"; - return 1; - } - if (policy->subject_criteria != subject_criteria) { - std::cerr << "FAIL: Got subject criteria " << criteriaToString(policy->subject_criteria) << ", want " << criteriaToString(subject_criteria) << "\n"; - return 1; - } - if (policy->issuer_criteria != issuer_criteria) { - std::cerr << "FAIL: Got issuer criteria " << criteriaToString(policy->issuer_criteria) << ", want " << criteriaToString(issuer_criteria) << "\n"; - return 1; + if (verify_rule->verify_time != verify_rules[i]->verify_time) { + std::cerr << "FAIL: Got verify time " << verify_rule->verify_time << ", want " << verify_rules[i]->verify_time << "\n"; + return 1; + } + if (verify_rule->subject_criteria != verify_rules[i]->subject_criteria) { + std::cerr << "FAIL: Got subject criteria " << criteriaToString(verify_rule->subject_criteria) << ", want " << criteriaToString(verify_rules[i]->subject_criteria) << "\n"; + return 1; + } + if (verify_rule->issuer_criteria != verify_rules[i]->issuer_criteria) { + std::cerr << "FAIL: Got issuer criteria " << criteriaToString(verify_rule->issuer_criteria) << ", want " << criteriaToString(verify_rules[i]->issuer_criteria) << "\n"; + return 1; + } + if (verify_rule->root_criteria != verify_rules[i]->root_criteria) { + std::cerr << "FAIL: Got root criteria " << criteriaToString(verify_rule->root_criteria) << ", want " << criteriaToString(verify_rules[i]->root_criteria) << "\n"; + return 1; + } + i++; } return 0; } @@ -117,27 +181,33 @@ int main(int argc, char **argv) int failed = 0; std::vector tests = { - FDBLibTLSVerifyTest("", true, true, {}, {}), - FDBLibTLSVerifyTest("Check.Valid=1", true, true, {}, {}), - FDBLibTLSVerifyTest("Check.Valid=0", false, true, {}, {}), - FDBLibTLSVerifyTest("Check.Unexpired=1", true, true, {}, {}), - FDBLibTLSVerifyTest("Check.Unexpired=0", true, false, {}, {}), - FDBLibTLSVerifyTest("Check.Valid=1,Check.Unexpired=0", true, false, {}, {}), - FDBLibTLSVerifyTest("Check.Unexpired=0,Check.Valid=0", false, false, {}, {}), + FDBLibTLSVerifyTest("", true, true, {}, {}, {}), + FDBLibTLSVerifyTest("Check.Valid=1", true, true, {}, {}, {}), + FDBLibTLSVerifyTest("Check.Valid=0", false, true, {}, {}, {}), + FDBLibTLSVerifyTest("Check.Unexpired=1", true, true, {}, {}, {}), + FDBLibTLSVerifyTest("Check.Unexpired=0", true, false, {}, {}, {}), + FDBLibTLSVerifyTest("Check.Valid=1,Check.Unexpired=0", true, false, {}, {}, {}), + FDBLibTLSVerifyTest("Check.Unexpired=0,Check.Valid=0", false, false, {}, {}, {}), FDBLibTLSVerifyTest("Check.Unexpired=0,I.C=US,C=US,S.O=XYZCorp\\, LLC", true, false, - {{NID_countryName, "US"}, {NID_organizationName, "XYZCorp, LLC"}}, {{NID_countryName, "US"}}), + {{NID_countryName, "US"}, {NID_organizationName, "XYZCorp, LLC"}}, {{NID_countryName, "US"}}, {}), FDBLibTLSVerifyTest("Check.Unexpired=0,I.C=US,C=US,S.O=XYZCorp\\= LLC", true, false, - {{NID_countryName, "US"}, {NID_organizationName, "XYZCorp= LLC"}}, {{NID_countryName, "US"}}), + {{NID_countryName, "US"}, {NID_organizationName, "XYZCorp= LLC"}}, {{NID_countryName, "US"}}, {}), + FDBLibTLSVerifyTest("Check.Unexpired=0,R.C=US,C=US,S.O=XYZCorp\\= LLC", true, false, + {{NID_countryName, "US"}, {NID_organizationName, "XYZCorp= LLC"}}, {}, {{NID_countryName, "US"}}), FDBLibTLSVerifyTest("Check.Unexpired=0,I.C=US,C=US,S.O=XYZCorp=LLC", true, false, - {{NID_countryName, "US"}, {NID_organizationName, "XYZCorp=LLC"}}, {{NID_countryName, "US"}}), + {{NID_countryName, "US"}, {NID_organizationName, "XYZCorp=LLC"}}, {{NID_countryName, "US"}}, {}), FDBLibTLSVerifyTest("I.C=US,C=US,Check.Unexpired=0,S.O=XYZCorp=LLC", true, false, - {{NID_countryName, "US"}, {NID_organizationName, "XYZCorp=LLC"}}, {{NID_countryName, "US"}}), + {{NID_countryName, "US"}, {NID_organizationName, "XYZCorp=LLC"}}, {{NID_countryName, "US"}}, {}), FDBLibTLSVerifyTest("I.C=US,C=US,S.O=XYZCorp\\, LLC", true, true, - {{NID_countryName, "US"}, {NID_organizationName, "XYZCorp, LLC"}}, {{NID_countryName, "US"}}), - FDBLibTLSVerifyTest("C=\\,S=abc", true, true, {{NID_countryName, ",S=abc"}}, {}), - FDBLibTLSVerifyTest("CN=\\61\\62\\63", true, true, {{NID_commonName, "abc"}}, {}), - FDBLibTLSVerifyTest("CN=a\\62c", true, true, {{NID_commonName, "abc"}}, {}), - FDBLibTLSVerifyTest("CN=a\\01c", true, true, {{NID_commonName, "a\001c"}}, {}), + {{NID_countryName, "US"}, {NID_organizationName, "XYZCorp, LLC"}}, {{NID_countryName, "US"}}, {}), + FDBLibTLSVerifyTest("I.C=US,C=US,S.O=XYZCorp\\, LLC,R.CN=abc", true, true, + {{NID_countryName, "US"}, {NID_organizationName, "XYZCorp, LLC"}}, + {{NID_countryName, "US"}}, + {{NID_commonName, "abc"}}), + FDBLibTLSVerifyTest("C=\\,S=abc", true, true, {{NID_countryName, ",S=abc"}}, {}, {}), + FDBLibTLSVerifyTest("CN=\\61\\62\\63", true, true, {{NID_commonName, "abc"}}, {}, {}), + FDBLibTLSVerifyTest("CN=a\\62c", true, true, {{NID_commonName, "abc"}}, {}, {}), + FDBLibTLSVerifyTest("CN=a\\01c", true, true, {{NID_commonName, "a\001c"}}, {}, {}), // Invalid cases. FDBLibTLSVerifyTest("Check.Invalid=0"), @@ -153,5 +223,7 @@ int main(int argc, char **argv) for (auto &test: tests) failed |= test.run(); + failed |= policy_verify_test(); + return (failed); } From d3b5cfb93c83a264eebd1f133114b20f0d4cd7b6 Mon Sep 17 00:00:00 2001 From: Balachandar Namasivayam Date: Tue, 8 May 2018 16:28:13 -0700 Subject: [PATCH 2/9] Support latest TLS plugin. Add support for https in backup. --- fdbcli/fdbcli.actor.cpp | 13 ++++ fdbclient/NativeAPI.actor.cpp | 2 +- fdbclient/vexillographer/fdb.options | 6 ++ fdbrpc/BlobStore.actor.cpp | 2 +- fdbrpc/ITLSPlugin.h | 65 +++++++++------- fdbrpc/TLSConnection.actor.cpp | 112 +++++++++++++++++++++------ fdbrpc/TLSConnection.h | 27 ++++--- fdbrpc/sim2.actor.cpp | 4 +- fdbserver/SimulatedCluster.actor.cpp | 1 + fdbserver/fdbserver.actor.cpp | 10 ++- flow/Net2.actor.cpp | 4 +- flow/network.cpp | 2 +- flow/network.h | 2 +- 13 files changed, 181 insertions(+), 69 deletions(-) diff --git a/fdbcli/fdbcli.actor.cpp b/fdbcli/fdbcli.actor.cpp index 865442c9ad..a75012ea86 100644 --- a/fdbcli/fdbcli.actor.cpp +++ b/fdbcli/fdbcli.actor.cpp @@ -2078,6 +2078,7 @@ struct CLIOptions { std::string tlsCertPath; std::string tlsKeyPath; std::string tlsVerifyPeers; + std::string tlsCAPath; CLIOptions( int argc, char* argv[] ) : trace(false), @@ -2151,6 +2152,9 @@ struct CLIOptions { case TLSOptions::OPT_TLS_CERTIFICATES: tlsCertPath = args.OptionArg(); break; + case TLSOptions::OPT_TLS_CA_FILE: + tlsCAPath = args.OptionArg(); + break; case TLSOptions::OPT_TLS_KEY: tlsKeyPath = args.OptionArg(); break; @@ -3177,6 +3181,15 @@ int main(int argc, char **argv) { return 1; } } + if (opt.tlsCAPath.size()) { + try { + setNetworkOption(FDBNetworkOptions::TLS_CA_PATH, opt.tlsCAPath); + } + catch (Error& e) { + fprintf(stderr, "ERROR: cannot set TLS CA path to `%s' (%s)\n", opt.tlsCAPath.c_str(), e.what()); + return 1; + } + } if ( opt.tlsKeyPath.size() ) { try { setNetworkOption(FDBNetworkOptions::TLS_KEY_PATH, opt.tlsKeyPath); diff --git a/fdbclient/NativeAPI.actor.cpp b/fdbclient/NativeAPI.actor.cpp index 05e1915cf8..0e57b69fb6 100644 --- a/fdbclient/NativeAPI.actor.cpp +++ b/fdbclient/NativeAPI.actor.cpp @@ -801,7 +801,7 @@ void setNetworkOption(FDBNetworkOptions::Option option, Optional valu case FDBNetworkOptions::TLS_VERIFY_PEERS: validateOptionValue(value, true); try { - tlsOptions->set_verify_peers( value.get().toString() ); + tlsOptions->set_verify_peers({ value.get().toString() }); } catch( Error& e ) { TraceEvent(SevWarnAlways, "TLSValidationSetError") .detail("Input", value.get().toString() ) diff --git a/fdbclient/vexillographer/fdb.options b/fdbclient/vexillographer/fdb.options index 98950981dc..6123615035 100644 --- a/fdbclient/vexillographer/fdb.options +++ b/fdbclient/vexillographer/fdb.options @@ -79,6 +79,12 @@ description is not currently required but encouraged.