Compare commits
No commits in common. 'i8c-stream-5.26' and 'c9' have entirely different histories.
i8c-stream
...
c9
@ -1 +1 @@
|
|||||||
SOURCES/Net-SSLeay-1.85.tar.gz
|
SOURCES/Net-SSLeay-1.92.tar.gz
|
||||||
|
|||||||
@ -1 +1 @@
|
|||||||
5f1c7b6ccac81efd5b78b1e076c694f96ca5c439 SOURCES/Net-SSLeay-1.85.tar.gz
|
03daf8b342ea57a9b1eef0689275ec99e5008e21 SOURCES/Net-SSLeay-1.92.tar.gz
|
||||||
|
|||||||
@ -1,63 +0,0 @@
|
|||||||
From a00a70b7195438c543191b69382ff20e452548bf Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
|
|
||||||
Date: Mon, 13 Aug 2018 12:33:58 +0200
|
|
||||||
Subject: [PATCH] Adapt CTX_get_min_proto_version tests to system-wide policy
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
In our distribution, /etc/crypto-policies/back-ends/opensslcnf.config
|
|
||||||
can override default minimal SSL/TLS protocol version. If it does,
|
|
||||||
t/local/09_ctx_new.t test will fail because OpenSSL will return
|
|
||||||
different then 0 value.
|
|
||||||
|
|
||||||
This patch parses the configuration file and adjusts expect values in
|
|
||||||
the test.
|
|
||||||
|
|
||||||
Signed-off-by: Petr Písař <ppisar@redhat.com>
|
|
||||||
---
|
|
||||||
t/local/09_ctx_new.t | 22 ++++++++++++++++++++--
|
|
||||||
1 file changed, 20 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/t/local/09_ctx_new.t b/t/local/09_ctx_new.t
|
|
||||||
index 6d06f21..c584856 100644
|
|
||||||
--- a/t/local/09_ctx_new.t
|
|
||||||
+++ b/t/local/09_ctx_new.t
|
|
||||||
@@ -109,14 +109,32 @@ else
|
|
||||||
# Having TLS_method() does not necessarily that proto getters are available
|
|
||||||
if ($ctx_tls && exists &Net::SSLeay::CTX_get_min_proto_version)
|
|
||||||
{
|
|
||||||
+ my $min_ver = 0;
|
|
||||||
+ # Adjust minimal version to system-wide crypto policy
|
|
||||||
+ if (open(my $f, '<', '/etc/crypto-policies/back-ends/opensslcnf.config')) {
|
|
||||||
+ while(<$f>) {
|
|
||||||
+ if (/^MinProtocol = ([\w.]+)\b/) {
|
|
||||||
+ if ($1 eq 'TLSv1') {
|
|
||||||
+ $min_ver = 0x0301;
|
|
||||||
+ } elsif ($1 eq 'TLSv1.1') {
|
|
||||||
+ $min_ver = 0x0302;
|
|
||||||
+ } elsif ($1 eq 'TLSv1.2') {
|
|
||||||
+ $min_ver = 0x0303;
|
|
||||||
+ } elsif ($1 eq 'TLSv1.3') {
|
|
||||||
+ $min_ver = 0x0304;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ close($f);
|
|
||||||
+ }
|
|
||||||
my $ver;
|
|
||||||
$ver = Net::SSLeay::CTX_get_min_proto_version($ctx_tls);
|
|
||||||
- is($ver, 0, 'TLS_method CTX has automatic minimum version');
|
|
||||||
+ is($ver, $min_ver, 'TLS_method CTX has automatic minimum version');
|
|
||||||
$ver = Net::SSLeay::CTX_get_max_proto_version($ctx_tls);
|
|
||||||
is($ver, 0, 'TLS_method CTX has automatic maximum version');
|
|
||||||
|
|
||||||
$ver = Net::SSLeay::get_min_proto_version($ssl_tls);
|
|
||||||
- is($ver, 0, 'SSL from TLS_method CTX has automatic minimum version');
|
|
||||||
+ is($ver, $min_ver, 'SSL from TLS_method CTX has automatic minimum version');
|
|
||||||
$ver = Net::SSLeay::get_max_proto_version($ssl_tls);
|
|
||||||
is($ver, 0, 'SSL from TLS_method CTX has automatic maximum version');
|
|
||||||
|
|
||||||
--
|
|
||||||
2.14.4
|
|
||||||
|
|
||||||
@ -1,237 +0,0 @@
|
|||||||
From b01291bf88dd84529c93973da7c275e0ffe5cc1f Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
|
|
||||||
Date: Fri, 3 Aug 2018 14:30:22 +0200
|
|
||||||
Subject: [PATCH] Adapt to OpenSSL 1.1.1
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
OpenSSL 1.1.1 defaults to TLS 1.3 that handles session tickets and
|
|
||||||
session shutdowns differently. This leads to failing various Net-SSLeay
|
|
||||||
tests that exhibits use cases that are not possible with OpenSSL 1.1.1
|
|
||||||
anymore or where the library behaves differently.
|
|
||||||
|
|
||||||
Since Net-SSLeay is a low-level wrapper, Net-SSLeay will be corrected
|
|
||||||
in tests. Higher-level code as IO::Socket::SSL and other Net::SSLeay
|
|
||||||
applications need to be adjusted on case-to-case basis.
|
|
||||||
|
|
||||||
This patche changes:
|
|
||||||
|
|
||||||
- Retry SSL_read() and SSL_write() (by sebastian [...] breakpoint.cc)
|
|
||||||
- Disable session tickets in t/local/07_sslecho.t.
|
|
||||||
- Adaps t/local/36_verify.t to a session end when Net::SSLeay::read()
|
|
||||||
returns undef.
|
|
||||||
|
|
||||||
https://rt.cpan.org/Public/Bug/Display.html?id=125218
|
|
||||||
https://github.com/openssl/openssl/issues/5637
|
|
||||||
https://github.com/openssl/openssl/issues/6904
|
|
||||||
Signed-off-by: Petr Písař <ppisar@redhat.com>
|
|
||||||
---
|
|
||||||
SSLeay.xs | 56 ++++++++++++++++++++++++++++++++++++++++++++++++----
|
|
||||||
lib/Net/SSLeay.pod | 46 ++++++++++++++++++++++++++++++++++++++++++
|
|
||||||
t/local/07_sslecho.t | 15 ++++++++++++--
|
|
||||||
t/local/36_verify.t | 2 +-
|
|
||||||
4 files changed, 112 insertions(+), 7 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/SSLeay.xs b/SSLeay.xs
|
|
||||||
index bf148c0..5aed4d7 100644
|
|
||||||
--- a/SSLeay.xs
|
|
||||||
+++ b/SSLeay.xs
|
|
||||||
@@ -1999,7 +1999,17 @@ SSL_read(s,max=32768)
|
|
||||||
int got;
|
|
||||||
PPCODE:
|
|
||||||
New(0, buf, max, char);
|
|
||||||
- got = SSL_read(s, buf, max);
|
|
||||||
+
|
|
||||||
+ do {
|
|
||||||
+ int err;
|
|
||||||
+
|
|
||||||
+ got = SSL_read(s, buf, max);
|
|
||||||
+ if (got > 0)
|
|
||||||
+ break;
|
|
||||||
+ err = SSL_get_error(s, got);
|
|
||||||
+ if (err != SSL_ERROR_WANT_READ && err != SSL_ERROR_WANT_WRITE)
|
|
||||||
+ break;
|
|
||||||
+ } while (1);
|
|
||||||
|
|
||||||
/* If in list context, return 2-item list:
|
|
||||||
* first return value: data gotten, or undef on error (got<0)
|
|
||||||
@@ -2051,10 +2061,20 @@ SSL_write(s,buf)
|
|
||||||
SSL * s
|
|
||||||
PREINIT:
|
|
||||||
STRLEN len;
|
|
||||||
+ int err;
|
|
||||||
+ int ret;
|
|
||||||
INPUT:
|
|
||||||
char * buf = SvPV( ST(1), len);
|
|
||||||
CODE:
|
|
||||||
- RETVAL = SSL_write (s, buf, (int)len);
|
|
||||||
+ do {
|
|
||||||
+ ret = SSL_write (s, buf, (int)len);
|
|
||||||
+ if (ret > 0)
|
|
||||||
+ break;
|
|
||||||
+ err = SSL_get_error(s, ret);
|
|
||||||
+ if (err != SSL_ERROR_WANT_READ && err != SSL_ERROR_WANT_WRITE)
|
|
||||||
+ break;
|
|
||||||
+ } while (1);
|
|
||||||
+ RETVAL = ret;
|
|
||||||
OUTPUT:
|
|
||||||
RETVAL
|
|
||||||
|
|
||||||
@@ -2083,8 +2103,20 @@ SSL_write_partial(s,from,count,buf)
|
|
||||||
if (len < 0) {
|
|
||||||
croak("from beyound end of buffer");
|
|
||||||
RETVAL = -1;
|
|
||||||
- } else
|
|
||||||
- RETVAL = SSL_write (s, &(buf[from]), (count<=len)?count:len);
|
|
||||||
+ } else {
|
|
||||||
+ int ret;
|
|
||||||
+ int err;
|
|
||||||
+
|
|
||||||
+ do {
|
|
||||||
+ ret = SSL_write (s, &(buf[from]), (count<=len)?count:len);
|
|
||||||
+ if (ret > 0)
|
|
||||||
+ break;
|
|
||||||
+ err = SSL_get_error(s, ret);
|
|
||||||
+ if (err != SSL_ERROR_WANT_READ && err != SSL_ERROR_WANT_WRITE)
|
|
||||||
+ break;
|
|
||||||
+ } while (1);
|
|
||||||
+ RETVAL = ret;
|
|
||||||
+ }
|
|
||||||
OUTPUT:
|
|
||||||
RETVAL
|
|
||||||
|
|
||||||
@@ -6957,4 +6989,20 @@ SSL_export_keying_material(ssl, outlen, label, p)
|
|
||||||
|
|
||||||
#endif
|
|
||||||
|
|
||||||
+#if OPENSSL_VERSION_NUMBER >= 0x1010100fL
|
|
||||||
+
|
|
||||||
+int
|
|
||||||
+SSL_CTX_set_num_tickets(SSL_CTX *ctx,size_t num_tickets)
|
|
||||||
+
|
|
||||||
+size_t
|
|
||||||
+SSL_CTX_get_num_tickets(SSL_CTX *ctx)
|
|
||||||
+
|
|
||||||
+int
|
|
||||||
+SSL_set_num_tickets(SSL *ssl,size_t num_tickets)
|
|
||||||
+
|
|
||||||
+size_t
|
|
||||||
+SSL_get_num_tickets(SSL *ssl)
|
|
||||||
+
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
#define REM_EOF "/* EOF - SSLeay.xs */"
|
|
||||||
diff --git a/lib/Net/SSLeay.pod b/lib/Net/SSLeay.pod
|
|
||||||
index 2e1aae3..bca7be4 100644
|
|
||||||
--- a/lib/Net/SSLeay.pod
|
|
||||||
+++ b/lib/Net/SSLeay.pod
|
|
||||||
@@ -4437,6 +4437,52 @@ getticket($ssl,$ticket,$data) -> $return_value
|
|
||||||
|
|
||||||
This function is based on the OpenSSL function SSL_set_session_ticket_ext_cb.
|
|
||||||
|
|
||||||
+=item * CTX_set_num_tickets
|
|
||||||
+
|
|
||||||
+B<COMPATIBILITY:> not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1
|
|
||||||
+
|
|
||||||
+Set number of session tickets that will be sent to a client.
|
|
||||||
+
|
|
||||||
+ my $rv = Net::SSLeay::CTX_set_num_tickets($ctx, $number_of_tickets);
|
|
||||||
+ # $ctx - value corresponding to openssl's SSL_CTX structure
|
|
||||||
+ # $number_of_tickets - number of tickets to send
|
|
||||||
+ # returns: 1 on success, 0 on failure
|
|
||||||
+
|
|
||||||
+Set to zero if you do not no want to support a session resumption.
|
|
||||||
+
|
|
||||||
+=item * CTX_get_num_tickets
|
|
||||||
+
|
|
||||||
+B<COMPATIBILITY:> not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1
|
|
||||||
+
|
|
||||||
+Get number of session tickets that will be sent to a client.
|
|
||||||
+
|
|
||||||
+ my $number_of_tickets = Net::SSLeay::CTX_get_num_tickets($ctx);
|
|
||||||
+ # $ctx - value corresponding to openssl's SSL_CTX structure
|
|
||||||
+ # returns: number of tickets to send
|
|
||||||
+
|
|
||||||
+=item * set_num_tickets
|
|
||||||
+
|
|
||||||
+B<COMPATIBILITY:> not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1
|
|
||||||
+
|
|
||||||
+Set number of session tickets that will be sent to a client.
|
|
||||||
+
|
|
||||||
+ my $rv = Net::SSLeay::set_num_tickets($ssl, $number_of_tickets);
|
|
||||||
+ # $ssl - value corresponding to openssl's SSL structure
|
|
||||||
+ # $number_of_tickets - number of tickets to send
|
|
||||||
+ # returns: 1 on success, 0 on failure
|
|
||||||
+
|
|
||||||
+Set to zero if you do not no want to support a session resumption.
|
|
||||||
+
|
|
||||||
+=item * get_num_tickets
|
|
||||||
+
|
|
||||||
+B<COMPATIBILITY:> not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1
|
|
||||||
+
|
|
||||||
+Get number of session tickets that will be sent to a client.
|
|
||||||
+
|
|
||||||
+ my $number_of_tickets = Net::SSLeay::get_num_tickets($ctx);
|
|
||||||
+ # $ctx - value corresponding to openssl's SSL structure
|
|
||||||
+ # returns: number of tickets to send
|
|
||||||
+
|
|
||||||
=item * set_shutdown
|
|
||||||
|
|
||||||
Sets the shutdown state of $ssl to $mode.
|
|
||||||
diff --git a/t/local/07_sslecho.t b/t/local/07_sslecho.t
|
|
||||||
index 5e16b04..5dc946a 100644
|
|
||||||
--- a/t/local/07_sslecho.t
|
|
||||||
+++ b/t/local/07_sslecho.t
|
|
||||||
@@ -13,7 +13,8 @@ BEGIN {
|
|
||||||
plan skip_all => "fork() not supported on $^O" unless $Config{d_fork};
|
|
||||||
}
|
|
||||||
|
|
||||||
-plan tests => 78;
|
|
||||||
+plan tests => 79;
|
|
||||||
+$SIG{'PIPE'} = 'IGNORE';
|
|
||||||
|
|
||||||
my $sock;
|
|
||||||
my $pid;
|
|
||||||
@@ -61,6 +62,16 @@ Net::SSLeay::library_init();
|
|
||||||
ok(Net::SSLeay::CTX_set_cipher_list($ctx, 'ALL'), 'CTX_set_cipher_list');
|
|
||||||
my ($dummy, $errs) = Net::SSLeay::set_cert_and_key($ctx, $cert_pem, $key_pem);
|
|
||||||
ok($errs eq '', "set_cert_and_key: $errs");
|
|
||||||
+ SKIP: {
|
|
||||||
+ skip 'Disabling session tickets requires OpenSSL >= 1.1.1', 1
|
|
||||||
+ unless (&Net::SSLeay::OPENSSL_VERSION_NUMBER >= 0x1010100f);
|
|
||||||
+ # TLS 1.3 server sends session tickets after a handhake as part of
|
|
||||||
+ # the SSL_accept(). If a client finishes all its job including closing
|
|
||||||
+ # TCP connectino before a server sends the tickets, SSL_accept() fails
|
|
||||||
+ # with SSL_ERROR_SYSCALL and EPIPE errno and the server receives
|
|
||||||
+ # SIGPIPE signal. <https://github.com/openssl/openssl/issues/6904>
|
|
||||||
+ ok(Net::SSLeay::CTX_set_num_tickets($ctx, 0), 'Session tickets disabled');
|
|
||||||
+ }
|
|
||||||
|
|
||||||
$pid = fork();
|
|
||||||
BAIL_OUT("failed to fork: $!") unless defined $pid;
|
|
||||||
@@ -351,7 +362,7 @@ waitpid $pid, 0;
|
|
||||||
push @results, [ $? == 0, 'server exited with 0' ];
|
|
||||||
|
|
||||||
END {
|
|
||||||
- Test::More->builder->current_test(51);
|
|
||||||
+ Test::More->builder->current_test(52);
|
|
||||||
for my $t (@results) {
|
|
||||||
ok( $t->[0], $t->[1] );
|
|
||||||
}
|
|
||||||
diff --git a/t/local/36_verify.t b/t/local/36_verify.t
|
|
||||||
index 92afc52..e55b138 100644
|
|
||||||
--- a/t/local/36_verify.t
|
|
||||||
+++ b/t/local/36_verify.t
|
|
||||||
@@ -282,7 +282,7 @@ sub run_server
|
|
||||||
|
|
||||||
# Termination request or other message from client
|
|
||||||
my $msg = Net::SSLeay::read($ssl);
|
|
||||||
- if ($msg eq 'end')
|
|
||||||
+ if (defined $msg and $msg eq 'end')
|
|
||||||
{
|
|
||||||
Net::SSLeay::write($ssl, 'end');
|
|
||||||
exit (0);
|
|
||||||
--
|
|
||||||
2.14.4
|
|
||||||
|
|
||||||
@ -1,30 +0,0 @@
|
|||||||
From 8d83cf9cb0ff0fea802e522f4980124a8075a63f Mon Sep 17 00:00:00 2001
|
|
||||||
From: Chris Novakovic <chris@chrisn.me.uk>
|
|
||||||
Date: Thu, 9 Aug 2018 17:56:26 +0100
|
|
||||||
Subject: [PATCH] Add missing call to va_end() in TRACE()
|
|
||||||
|
|
||||||
In SSLeay.xs, TRACE() makes a call to va_start() without a corresponding
|
|
||||||
call to va_end() before the function returns. Add the missing call to
|
|
||||||
va_end().
|
|
||||||
|
|
||||||
This closes RT#126028. Thanks to Jitka Plesnikova for the report and
|
|
||||||
patch.
|
|
||||||
---
|
|
||||||
SSLeay.xs | 1 +
|
|
||||||
1 file changed, 1 insertion(+)
|
|
||||||
|
|
||||||
diff --git a/SSLeay.xs b/SSLeay.xs
|
|
||||||
index 04070d3..630f09e 100644
|
|
||||||
--- a/SSLeay.xs
|
|
||||||
+++ b/SSLeay.xs
|
|
||||||
@@ -222,6 +222,7 @@ static void TRACE(int level,char *msg,...) {
|
|
||||||
va_start(args,msg);
|
|
||||||
vsnprintf(buf,4095,msg,args);
|
|
||||||
warn("%s",buf);
|
|
||||||
+ va_end(args);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
--
|
|
||||||
2.14.4
|
|
||||||
|
|
||||||
@ -1,57 +0,0 @@
|
|||||||
From 173cd9c1340f1f5231625a1dd4ecaea10c207622 Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
|
|
||||||
Date: Tue, 14 Aug 2018 16:55:52 +0200
|
|
||||||
Subject: [PATCH] Avoid SIGPIPE in t/local/36_verify.t
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
t/local/36_verify.t fails randomly with OpenSSL 1.1.1:
|
|
||||||
|
|
||||||
# Failed test 'Verify callback result and get_verify_result are equal'
|
|
||||||
# at t/local/36_verify.t line 111.
|
|
||||||
# got: '-1'
|
|
||||||
# expected: '0'
|
|
||||||
# Failed test 'Verify result is X509_V_ERR_NO_EXPLICIT_POLICY'
|
|
||||||
# at t/local/36_verify.t line 118.
|
|
||||||
# got: '-1'
|
|
||||||
# expected: '43'
|
|
||||||
Bailout called. Further testing stopped: failed to connect to server: Connection refused
|
|
||||||
FAILED--Further testing stopped: failed to connect to server: Connection refused
|
|
||||||
|
|
||||||
I believe this because TLSv1.3 server can generate SIGPIPE if a client
|
|
||||||
disconnects too soon.
|
|
||||||
|
|
||||||
Signed-off-by: Petr Písař <ppisar@redhat.com>
|
|
||||||
---
|
|
||||||
t/local/36_verify.t | 10 ++++++++++
|
|
||||||
1 file changed, 10 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/t/local/36_verify.t b/t/local/36_verify.t
|
|
||||||
index e55b138..2837288 100644
|
|
||||||
--- a/t/local/36_verify.t
|
|
||||||
+++ b/t/local/36_verify.t
|
|
||||||
@@ -266,10 +266,20 @@ sub run_server
|
|
||||||
|
|
||||||
return if $pid != 0;
|
|
||||||
|
|
||||||
+ $SIG{'PIPE'} = 'IGNORE';
|
|
||||||
my $ctx = Net::SSLeay::CTX_new();
|
|
||||||
Net::SSLeay::set_cert_and_key($ctx, $cert_pem, $key_pem);
|
|
||||||
my $ret = Net::SSLeay::CTX_check_private_key($ctx);
|
|
||||||
BAIL_OUT("Server: CTX_check_private_key failed: $cert_pem, $key_pem") unless $ret == 1;
|
|
||||||
+ if (&Net::SSLeay::OPENSSL_VERSION_NUMBER >= 0x1010100f) {
|
|
||||||
+ # TLS 1.3 server sends session tickets after a handhake as part of
|
|
||||||
+ # the SSL_accept(). If a client finishes all its job including closing
|
|
||||||
+ # TCP connectino before a server sends the tickets, SSL_accept() fails
|
|
||||||
+ # with SSL_ERROR_SYSCALL and EPIPE errno and the server receives
|
|
||||||
+ # SIGPIPE signal. <https://github.com/openssl/openssl/issues/6904>
|
|
||||||
+ my $ret = Net::SSLeay::CTX_set_num_tickets($ctx, 0);
|
|
||||||
+ BAIL_OUT("Session tickets disabled") unless $ret;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
while (1)
|
|
||||||
{
|
|
||||||
--
|
|
||||||
2.14.4
|
|
||||||
|
|
||||||
@ -1,624 +0,0 @@
|
|||||||
From cb4a91f8619afbdcba40a513ce1d2e5bd652c511 Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
|
|
||||||
Date: Mon, 13 Aug 2018 17:27:13 +0200
|
|
||||||
Subject: [PATCH] Generate 2048-bit keys for tests
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
Distributions are experimenting with OpenSSL configured with security
|
|
||||||
level 2. That requires at least 2048-bit RSA keys otherwise tests
|
|
||||||
fail.
|
|
||||||
|
|
||||||
This patch regenerates testing keys, certificates and revocation lists
|
|
||||||
used in tests to meet the security level. The patch also updates
|
|
||||||
scripts used for generating them.
|
|
||||||
|
|
||||||
Signed-off-by: Petr Písař <ppisar@redhat.com>
|
|
||||||
---
|
|
||||||
MANIFEST | 4 ++++
|
|
||||||
examples/makecert.pl | 13 +++++-----
|
|
||||||
examples/req.conf | 2 +-
|
|
||||||
t/data/cert.pem | 42 ++++++++++++++++----------------
|
|
||||||
t/data/key.pem | 43 +++++++++++++++++++++------------
|
|
||||||
t/data/key.pem.e | 47 +++++++++++++++++++++++-------------
|
|
||||||
t/data/test_CA1.conf | 37 +++++++++++++++++++++++++++++
|
|
||||||
t/data/test_CA1.crl.der | Bin 389 -> 438 bytes
|
|
||||||
t/data/test_CA1.crlnumber | 1 +
|
|
||||||
t/data/test_CA1.crt.der | Bin 550 -> 831 bytes
|
|
||||||
t/data/test_CA1.crt.pem | 30 +++++++++++++----------
|
|
||||||
t/data/test_CA1.key.der | Bin 610 -> 1190 bytes
|
|
||||||
t/data/test_CA1.key.pem | 38 +++++++++++++++++++----------
|
|
||||||
t/data/test_CA1_index.txt | 2 ++
|
|
||||||
t/data/test_CA1_index.txt.attr | 0
|
|
||||||
t/data/testcert_wildcard.crt.pem | 50 +++++++++++++++++++++++----------------
|
|
||||||
t/local/07_sslecho.t | 2 +-
|
|
||||||
t/local/50_digest.t | 22 ++++++++---------
|
|
||||||
18 files changed, 215 insertions(+), 118 deletions(-)
|
|
||||||
create mode 100644 t/data/test_CA1.conf
|
|
||||||
create mode 100644 t/data/test_CA1.crlnumber
|
|
||||||
create mode 100644 t/data/test_CA1_index.txt
|
|
||||||
create mode 100644 t/data/test_CA1_index.txt.attr
|
|
||||||
|
|
||||||
diff --git a/MANIFEST b/MANIFEST
|
|
||||||
index 2f18a0a..cedca78 100644
|
|
||||||
--- a/MANIFEST
|
|
||||||
+++ b/MANIFEST
|
|
||||||
@@ -60,12 +60,16 @@ t/data/key.pem.e
|
|
||||||
t/data/pkcs12-full.p12
|
|
||||||
t/data/pkcs12-no-chain.p12
|
|
||||||
t/data/pkcs12-no-passwd.p12
|
|
||||||
+t/data/test_CA1.conf
|
|
||||||
t/data/test_CA1.crl.der
|
|
||||||
+t/data/test_CA1.crlnumber
|
|
||||||
t/data/test_CA1.crt.der
|
|
||||||
t/data/test_CA1.crt.pem
|
|
||||||
t/data/test_CA1.encrypted_key.pem
|
|
||||||
t/data/test_CA1.key.der
|
|
||||||
t/data/test_CA1.key.pem
|
|
||||||
+t/data/test_CA1_index.txt
|
|
||||||
+t/data/test_CA1_index.txt.attr
|
|
||||||
t/data/testcert_extended.crt.pem
|
|
||||||
t/data/testcert_extended.crt.pem_dump
|
|
||||||
t/data/testcert_key_2048.pem
|
|
||||||
diff --git a/examples/makecert.pl b/examples/makecert.pl
|
|
||||||
index 221f720..3fc26ae 100644
|
|
||||||
--- a/examples/makecert.pl
|
|
||||||
+++ b/examples/makecert.pl
|
|
||||||
@@ -25,18 +25,17 @@ open (REQ, "|$exe_path req -config $conf "
|
|
||||||
. "-x509 -days 3650 -new -keyout $key $egd >$cert")
|
|
||||||
or die "cant open req. check your path ($!)";
|
|
||||||
print REQ <<DISTINGUISHED_NAME;
|
|
||||||
-XX
|
|
||||||
+PL
|
|
||||||
+Peoples Republic of Perl
|
|
||||||
+Net::
|
|
||||||
Net::SSLeay
|
|
||||||
-test land
|
|
||||||
-Test City
|
|
||||||
-Net::SSLeay Organization
|
|
||||||
-Test Unit
|
|
||||||
+Net::SSLeay developers
|
|
||||||
127.0.0.1
|
|
||||||
-sampo\@iki.fi
|
|
||||||
+rafl\@debian.org
|
|
||||||
DISTINGUISHED_NAME
|
|
||||||
;
|
|
||||||
close REQ;
|
|
||||||
-system "$exe_path verify $cert"; # Just to check
|
|
||||||
+system "$exe_path verify -CAfile $cert $cert"; # Just to check
|
|
||||||
|
|
||||||
# Generate an encrypted password too
|
|
||||||
system "$exe_path rsa -in $key -des -passout pass:secret -out $key.e";
|
|
||||||
diff --git a/examples/req.conf b/examples/req.conf
|
|
||||||
index 0e102c1..da4510e 100644
|
|
||||||
--- a/examples/req.conf
|
|
||||||
+++ b/examples/req.conf
|
|
||||||
@@ -5,7 +5,7 @@
|
|
||||||
|
|
||||||
####################################################################
|
|
||||||
[ req ]
|
|
||||||
-default_bits = 1024
|
|
||||||
+default_bits = 2048
|
|
||||||
default_keyfile = privkey.pem
|
|
||||||
distinguished_name = req_distinguished_name
|
|
||||||
attributes = req_attr
|
|
||||||
diff --git a/t/data/cert.pem b/t/data/cert.pem
|
|
||||||
index f9ebbf1..2dbc59a 100644
|
|
||||||
--- a/t/data/cert.pem
|
|
||||||
+++ b/t/data/cert.pem
|
|
||||||
@@ -1,23 +1,23 @@
|
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
-MIID7DCCA1WgAwIBAgIJAMGt8vPHln6wMA0GCSqGSIb3DQEBBQUAMIGrMQswCQYD
|
|
||||||
-VQQGEwJQTDEhMB8GA1UECBMYUGVvcGxlcyBSZXB1YmxpYyBvZiBQZXJsMQ4wDAYD
|
|
||||||
-VQQHEwVOZXQ6OjEUMBIGA1UEChMLTmV0OjpTU0xlYXkxHzAdBgNVBAsTFk5ldDo6
|
|
||||||
-U1NMZWF5IGRldmVsb3BlcnMxEjAQBgNVBAMTCTEyNy4wLjAuMTEeMBwGCSqGSIb3
|
|
||||||
-DQEJARYPcmFmbEBkZWJpYW4ub3JnMB4XDTA2MDcxNDAyMjU0OFoXDTE2MDcxMTAy
|
|
||||||
-MjU0OFowgasxCzAJBgNVBAYTAlBMMSEwHwYDVQQIExhQZW9wbGVzIFJlcHVibGlj
|
|
||||||
-IG9mIFBlcmwxDjAMBgNVBAcTBU5ldDo6MRQwEgYDVQQKEwtOZXQ6OlNTTGVheTEf
|
|
||||||
-MB0GA1UECxMWTmV0OjpTU0xlYXkgZGV2ZWxvcGVyczESMBAGA1UEAxMJMTI3LjAu
|
|
||||||
-MC4xMR4wHAYJKoZIhvcNAQkBFg9yYWZsQGRlYmlhbi5vcmcwgZ8wDQYJKoZIhvcN
|
|
||||||
-AQEBBQADgY0AMIGJAoGBALmepX0NR6d7PL576bH95Y4QYlMdbIB/AD8j1+Lb4t9s
|
|
||||||
-xarNhUh1BeloaEktxIKhVIYW7F8NTQC852zULg9bJkKO9DOgr6AO6gBhu2+NCJsq
|
|
||||||
-8oSUEDfAbUzbxdweMHzHjBrvNRaVyhHYebtok+/a+1rqACHRRjE06D2YLl3lW2uD
|
|
||||||
-AgMBAAGjggEUMIIBEDAdBgNVHQ4EFgQUYL9/vBs4R9mn8bOgubigAZpN3KAwgeAG
|
|
||||||
-A1UdIwSB2DCB1YAUYL9/vBs4R9mn8bOgubigAZpN3KChgbGkga4wgasxCzAJBgNV
|
|
||||||
-BAYTAlBMMSEwHwYDVQQIExhQZW9wbGVzIFJlcHVibGljIG9mIFBlcmwxDjAMBgNV
|
|
||||||
-BAcTBU5ldDo6MRQwEgYDVQQKEwtOZXQ6OlNTTGVheTEfMB0GA1UECxMWTmV0OjpT
|
|
||||||
-U0xlYXkgZGV2ZWxvcGVyczESMBAGA1UEAxMJMTI3LjAuMC4xMR4wHAYJKoZIhvcN
|
|
||||||
-AQkBFg9yYWZsQGRlYmlhbi5vcmeCCQDBrfLzx5Z+sDAMBgNVHRMEBTADAQH/MA0G
|
|
||||||
-CSqGSIb3DQEBBQUAA4GBABBpVOWkoAuAdcYhd9FCbeXXluZ8eECV5x2tnCVl52F5
|
|
||||||
-59M9r4C47Hacdx/B62YkrIo5i0Q7Ppjln+Iq4hdzoqAwnlqpm3hYs/W+BSh77P3b
|
|
||||||
-3Tuzcp4K4nlidow/1/leUf9H/MJIbj0qS8ZNp6SvRt/D+PXl0TWKeQIgw3WkT+ea
|
|
||||||
+MIID1DCCArwCCQCTdQYIPzlw2TANBgkqhkiG9w0BAQsFADCBqzELMAkGA1UEBhMC
|
|
||||||
+UEwxITAfBgNVBAgMGFBlb3BsZXMgUmVwdWJsaWMgb2YgUGVybDEOMAwGA1UEBwwF
|
|
||||||
+TmV0OjoxFDASBgNVBAoMC05ldDo6U1NMZWF5MR8wHQYDVQQLDBZOZXQ6OlNTTGVh
|
|
||||||
+eSBkZXZlbG9wZXJzMRIwEAYDVQQDDAkxMjcuMC4wLjExHjAcBgkqhkiG9w0BCQEW
|
|
||||||
+D3JhZmxAZGViaWFuLm9yZzAeFw0xODA4MTMxNTQxMDdaFw0yODA4MTAxNTQxMDda
|
|
||||||
+MIGrMQswCQYDVQQGEwJQTDEhMB8GA1UECAwYUGVvcGxlcyBSZXB1YmxpYyBvZiBQ
|
|
||||||
+ZXJsMQ4wDAYDVQQHDAVOZXQ6OjEUMBIGA1UECgwLTmV0OjpTU0xlYXkxHzAdBgNV
|
|
||||||
+BAsMFk5ldDo6U1NMZWF5IGRldmVsb3BlcnMxEjAQBgNVBAMMCTEyNy4wLjAuMTEe
|
|
||||||
+MBwGCSqGSIb3DQEJARYPcmFmbEBkZWJpYW4ub3JnMIIBIjANBgkqhkiG9w0BAQEF
|
|
||||||
+AAOCAQ8AMIIBCgKCAQEAuObAe3+RV9kcYqaOHq+Re5pTLA781MYVzNfttL2Vmay7
|
|
||||||
+kIxQIzlBoXyo84hEGXlTgFNcq7gb30h1qEt8+lcddYlB3V/kvRBcP6oH4kEL8KVS
|
|
||||||
+dkBTCZFo3UN18OEteywi24va1iJn/2yJXtgdQZFkfak5CFWqm9WVABFUtRXhfSYW
|
|
||||||
+L6QtzfbikNaeXQU7ofQBVoRw4weiNXPC4kNb9ZHR/D8DngJ1Rqn9Ki5zBhRyy1w7
|
|
||||||
+AIUBasKV9AX0xh7im3ycd4CcpdIE82zunv2nx4gKevJEXZsZB+5eSGqYnVjPpiq9
|
|
||||||
+G2EDomC53fhLr34t3UUnH3OF+jsvfDn/rzQI0D00EwIDAQABMA0GCSqGSIb3DQEB
|
|
||||||
+CwUAA4IBAQA26/P5LxK269AUNEVhNyypaDXu9eMVCwxuh1eqVtu6BsCG1BVWz6JX
|
|
||||||
+jOt3dWRbxHqLjeZkMFGHke/K484/bgdeHDQy7i9+P2J7pEOx2knUEYVkfMfxUHP4
|
|
||||||
+58kyzIbsK03HrzA27gkO8ANZsdVfvbDBbAYIPtDJixuAG7meqURWQx9lpS0n2Qi5
|
|
||||||
+naBrXIa2+nM5GVrGcs4DPCLNXcYE4rzJovnNAttWs35XMuWeU7WdIvmmzBGZ3VC1
|
|
||||||
+mvwV8qf3vNmjsmcBkuoVACJHMEX56VPf3Ouv4GEKtoeQLUA7RvG609QumyR9sgtx
|
|
||||||
+N8R5wURTonbHZj57d9ZRRUw91907BBJJ
|
|
||||||
-----END CERTIFICATE-----
|
|
||||||
diff --git a/t/data/key.pem b/t/data/key.pem
|
|
||||||
index abc7faa..ec5701b 100644
|
|
||||||
--- a/t/data/key.pem
|
|
||||||
+++ b/t/data/key.pem
|
|
||||||
@@ -1,15 +1,28 @@
|
|
||||||
------BEGIN RSA PRIVATE KEY-----
|
|
||||||
-MIICXQIBAAKBgQC5nqV9DUenezy+e+mx/eWOEGJTHWyAfwA/I9fi2+LfbMWqzYVI
|
|
||||||
-dQXpaGhJLcSCoVSGFuxfDU0AvOds1C4PWyZCjvQzoK+gDuoAYbtvjQibKvKElBA3
|
|
||||||
-wG1M28XcHjB8x4wa7zUWlcoR2Hm7aJPv2vta6gAh0UYxNOg9mC5d5VtrgwIDAQAB
|
|
||||||
-AoGBAIl4hoW0BSJz8gv9R5nMOWvalIeL3iTYaj1Y9XWNdlwUedzC83gzOxqfecTg
|
|
||||||
-wY4hn7DjX1ISTrpCLX97MVWsIwuY4ltmPykoPtVShZvpVF48H8CUqeY9q8zUybpI
|
|
||||||
-w1MS010A4+mvIJjbOukerKiIIueCEo+WmVaM9wnke4R3CRyJAkEA9tnCKwgm+EON
|
|
||||||
-LMWdM7ANTWzBbp1K51fgyceGPfTurakXfivz7xFKaXWQwICj1cyvgKoXPYqkb+8C
|
|
||||||
-vOu/qLbMXQJBAMB/5g5SaBJEbHWKGhB5bmwmota+LgZtRiJcsABCqm3Bvm+qMG12
|
|
||||||
-U+/22Nv0b49LJGuj/2ZiZFGrG3oNXmjKmV8CQCeACvEF2e6KKLIMYS5fMpG8IGvJ
|
|
||||||
-4a2JQ2AmfFW3tuW1FBxNfjg4JRchB+u16gGRQlgtX5CqecurjF2cv8uIjMUCQHyp
|
|
||||||
-FwnFUgIqb3Z61cA/c0P0jVW12UZuM5IDJjM0+PuVEUdtFml8zITE/dELbceFKPPQ
|
|
||||||
-Q5BBPagpv+R9jdsdAM8CQQDwsZea0tdwI1QevKCu0qoR/+Uu3MtoiyC3GGYoXMFK
|
|
||||||
-CS+3apsVr26N555UngM+gk18N1wpiBY5L/rlPd6XiQ47
|
|
||||||
------END RSA PRIVATE KEY-----
|
|
||||||
+-----BEGIN PRIVATE KEY-----
|
|
||||||
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC45sB7f5FX2Rxi
|
|
||||||
+po4er5F7mlMsDvzUxhXM1+20vZWZrLuQjFAjOUGhfKjziEQZeVOAU1yruBvfSHWo
|
|
||||||
+S3z6Vx11iUHdX+S9EFw/qgfiQQvwpVJ2QFMJkWjdQ3Xw4S17LCLbi9rWImf/bIle
|
|
||||||
+2B1BkWR9qTkIVaqb1ZUAEVS1FeF9JhYvpC3N9uKQ1p5dBTuh9AFWhHDjB6I1c8Li
|
|
||||||
+Q1v1kdH8PwOeAnVGqf0qLnMGFHLLXDsAhQFqwpX0BfTGHuKbfJx3gJyl0gTzbO6e
|
|
||||||
+/afHiAp68kRdmxkH7l5IapidWM+mKr0bYQOiYLnd+Euvfi3dRScfc4X6Oy98Of+v
|
|
||||||
+NAjQPTQTAgMBAAECggEAS1aCEQ/eWav12+A/QhOJNJKh1u7YZ526XjeQ/DbPEMmH
|
|
||||||
+txLkyCVZL4JKmMfp73M26a+Nr84ZVTYB8qunZZ0/PJfLhXbADaTv4WTXR4H3ansC
|
|
||||||
+CXqWGuzrjFQjZx1o2aoXHdtzNBLaywEfS8zExuWFy4m62kGFfW9eAaQOHqamtMWx
|
|
||||||
+jt4x8EIfNOZh74TvGw4LtO6y2lFMRmyXcgKS5yKk3uGCfQqOPs3+cWqAzKzD5Pna
|
|
||||||
+5X+NOW5f/6uTQXSJGpgwEi9CAkbWFhqtrpcI14QLXh3shOv/Woh2bNtH8dIhuQ61
|
|
||||||
+Ii6y4p6AkS9jcO5TYeyYRUpf93NM5pwpL0Vi8cKb2QKBgQDiXy3Ah4N8MRRx7WFa
|
|
||||||
+QW+nSqwuYzeq1q9/zOwxpcZo15+wO+XD7196iwos2pjihnprzEbKM5K38Ed14fZF
|
|
||||||
+nwLomYvJRDo7+EI5WHHp0UHzS4K9g70jszx6dV1O0Ili3B/2vc3BAP4btVT40SO2
|
|
||||||
+mchuZsfzENCqXjIfLclDWgvuPwKBgQDRGhBbSSdaEuT04XeVLh30uN2trlsCch1H
|
|
||||||
+K9TNjSBmG8oFu71sse7qDRq5M6ocvUb408F7khMyu+TkXmJvr8vYwQUS3tGobx0O
|
|
||||||
+8ItOdezKE3VKwIOjG7FVlHigI5cp4VMbQkhnogiOa4RSuMFyHPA2qoOB8c/LBDtS
|
|
||||||
+jC/0EmztLQKBgQDFr3i0+aLJgdLo6vRpbVukLIHQwLSMbI82fC6H7M0oIaVCsgwk
|
|
||||||
+35Xx3ho0sXFx4R5npSzsx70JBLxjJcF7azGPDwgT65Evbc3nZmWUWznMzdSOy80Q
|
|
||||||
+sCXQi03A1jwkKTeAsqBMPCGs8N4TrBAUFpgCUZ+rlLOlFD2RHNr2Bl0E4QKBgB6g
|
|
||||||
+YartMQ1ZXR2c9IXuJkcU2Ks6sWvPSQiGm/mrZQZvpYxnbhxAh4zSdIqRzaW992o0
|
|
||||||
+oc82mwdATAtC48oWBpZt1w9ngW/ZLnlktBK+5PrIFNLpFZ7LTJMLVwulituAfEqu
|
|
||||||
+z6oWKoipqMzw8KyFHo3zNaXPxC6pJQM3M0LdfATVAoGANlsxozI12NnDxI/Mpo8A
|
|
||||||
+jWU2usnWvZmzgnwdXvUsTmsX4CMFe5AdOwtmLo7FRHf/Zk7mPtwv/L+25qVNm1Tk
|
|
||||||
+xwrWe3HDhIB007EQUTbEBLgLC6MFNBrGnTA4aeAqTzzddlElDEl+GugjFTDqu92X
|
|
||||||
+PRJOiNmYxBriKl5Gtren1a0=
|
|
||||||
+-----END PRIVATE KEY-----
|
|
||||||
diff --git a/t/data/key.pem.e b/t/data/key.pem.e
|
|
||||||
index 04d8745..d64ec53 100644
|
|
||||||
--- a/t/data/key.pem.e
|
|
||||||
+++ b/t/data/key.pem.e
|
|
||||||
@@ -1,17 +1,30 @@
|
|
||||||
------BEGIN ENCRYPTED PRIVATE KEY-----
|
|
||||||
-MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIFe4I0QEObHsCAggA
|
|
||||||
-MBQGCCqGSIb3DQMHBAgHBvJrPU9U8wSCAoCkU4ujuUqqzCPpTCWMjdvohENVjF5p
|
|
||||||
-bEt31lo+IP/eVCdJLd3sbQhmv0JjTAE2CGnYlapF28WS2ZCCZfSEkNyY4yI/1Cqa
|
|
||||||
-VdHEJ+7QzVkDQJkYmgvXOFJbEXW7uY5TFsI4MFm1bXwAiU7ZXq1kQt3amMGKdUEG
|
|
||||||
-uGNf1D3OH2RTRfdPZSZYI0WQjLbj4q2v1winMU4Kf0Y0LNNYEsiReFzyKAxwCZ0q
|
|
||||||
-01aoNxga7cSWTnwzwXvzgev2rjx2t/0cxK/IrUyVAk97po7jYZ09ug8MRS7mXi0x
|
|
||||||
-t9zsTK9GRKSazlUdJlHOn0QmC5deDBUmOdYWFSSsKGTTOZeBr29UtcdNzMPNVpOs
|
|
||||||
-pHVUVZRBfLWUDeXSksTVhOAcf06NzkhTJ9mcKUqao++pTQgeKJke4/9QL+mqMDNL
|
|
||||||
-4KKn0VQbAbaWupTYVLLG8V4WdSQOoCZQbD86Ss8mFX2oRoB9PBe4hbTrHkCdMuHm
|
|
||||||
-XjfPAU8Z5ys+IQAcRbVAbOGPoFjGMEwFxl8bn1JTSWhbBDATdbyvstpmlTIsGuBH
|
|
||||||
-7tRU68UFK8pIPCX9MNQkpdAq6Yzl3H05mKyoJqYrYnX9xlqOVhgkHv35RWkxfnyz
|
|
||||||
-efnOMzAHn22h2hqCuxqLydyMSKlE0x9jDAgEChTKzwZCg0D461G3aj3b9MG7QvKz
|
|
||||||
-+sOI5+28g+wpVuv+6DNFgizOlndyY6Y8+lU4k87UeL1Mc/lcZMB60hj4ZkEYoGyK
|
|
||||||
-s0UHtqaq82XlZf3OL3aouQojGBw9DGo/1KWISuM1I3ZCxlqh1uEG3rMnaSTjI6Ao
|
|
||||||
-yClYz274wOXPOhvfcoczs9++IXzltKzuFZeLJ0K+gsKTlk+eGhN0lzav
|
|
||||||
------END ENCRYPTED PRIVATE KEY-----
|
|
||||||
+-----BEGIN RSA PRIVATE KEY-----
|
|
||||||
+Proc-Type: 4,ENCRYPTED
|
|
||||||
+DEK-Info: DES-CBC,DE6A2C7184BF2F32
|
|
||||||
+
|
|
||||||
+8lCM0W2c5qeihKEHkyx67fid9BP2Mds+Bw3IZrPscojIk8vyIyPtCypmi7c6ABGc
|
|
||||||
+ovoCMjZiYcLaXksfw53Gkf1hGvWvZsVFU2HF5+aelYEsdZWjad8zzu3fGpCQFzs9
|
|
||||||
+w4p1S1AX7/BYIWsyNG2O2FeraOkw/rsojKegUXpa2RQl8H/YaTqEWBeP5ZPLn1b+
|
|
||||||
+eH9VcY2UMxMDq3Q7IUilrWTNDrjEVtxODSfIrxt0gyhkeupLmvVc2HXa5S6ZAECU
|
|
||||||
+kW3pvppsJwlSlpiBqfhdEa3RenGywpHnPssckcPgSNGIMysDgf97KEEHbxcVLc1Y
|
|
||||||
+u7IPdK2VWTWUpq+vJVJQWeMwtoI2g+2Kohmnkz9ZIAZPoXEIf5V7WP5NdgD0x9uF
|
|
||||||
+B8anLXY7NAgC0Ea6G75mH2eDErzOEAdnt8A6lXr8i35ObX4HphRk71PZ9yLh5dkG
|
|
||||||
+ACp6ISxIRmy4amR4ga4V2H0RNYszthMT1d4QNK1eWK9lCzk078c4ZXRMz9wqGFcG
|
|
||||||
+nDY3qS77nZZATZiY6pLRcOXB4jX+NmBH2k3zUrN3OqQcEfxnPU2rqmKPQL0xRROZ
|
|
||||||
+f7/xNul6OIj491OlXCMLY4fOmS2ynMb84UUBqBwYCPb+NFJUjRDWigPenKuoweS3
|
|
||||||
+3KaVkTff+Jh/OfIr8JV4nYUN/bz7sfKV7wFd+RBwoxuUaOolJ0l4KTX9NR3HJlUc
|
|
||||||
+71PoQe0LaWit77i/DsfNGs2oDPjOM7KYawlS2o8qYaHjpU2wyWq3Z+dkpPmJs+nw
|
|
||||||
+eDQgZkLCniu5q0MCCex1AODEF1fq8mLaJiGu03iR12jf1wdlHlsBS9DuzUc8/JxC
|
|
||||||
+llgaykLoVM0DihtNwlxsvKCo2ySWbzPC7g0YgtcF7AxskJ5K1khsZWCyDjOaD56m
|
|
||||||
+6JejpU3KqoXWDRLIR+TR6Y4coyEr/LI/uCEuiM9jzmLZtT0/IFg2CXz03eLg3MjO
|
|
||||||
+7Z1XGKjuZC+2GbY4TNo3BtQNl5dhC8drddWcD1VvkBjTiJ3JRFTrzZwKpaGNUKUU
|
|
||||||
+86lkqcbVSwJ5CbxnddtTZ1wmUUKybY41O59HNNGtYjnSgqvshXop8+sAgBPYghwc
|
|
||||||
+YPT/mgpFbXhpbII7rGbepEAckRzBEbGBgAK68ck3EbxpPnwX0zELFCpBZV0mEoUK
|
|
||||||
+AWhM6+08r9eb2X1ly0ubs81GJ2FyvTXHOrvoS/FcMjnz6uh6AQtl1qJGOneB43u3
|
|
||||||
+QHQMe9vP5syX5uFkOSVdwz1kk5HJ8ynemrEPNtHY3QnrzjeXuuOEmKmn9u7OXear
|
|
||||||
+aI4F9kifAl4qrrYGnvMtNQ3ENJwg3bH1gR+oyRG7WE+HYV3JA2bYgunXzUcnE27I
|
|
||||||
+GeoAcf9QFMqhG8Q7G14sApXHJn9hdMOS7q8XhnTn+rzzWszu0KqHRfpS7OYd6aDQ
|
|
||||||
+uzjVca9VS/ReLhKv3TvZXUhBY8V5+a1zdWvciyhvJNPci0KZIj9eaPgOQVcHboEd
|
|
||||||
+23JmLSJzqE2/+ym0O/6p3Llst1EiVJTnDUsf27KWyJvzA7EVdORoXM+Zt2gxMdYx
|
|
||||||
+lzYtPsSfhVURYUnRsWWO3q4T76JKz67PRkq/Na2FzEW4HnYTGb7uqQ==
|
|
||||||
+-----END RSA PRIVATE KEY-----
|
|
||||||
diff --git a/t/data/test_CA1.conf b/t/data/test_CA1.conf
|
|
||||||
new file mode 100644
|
|
||||||
index 0000000..f2be31c
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/t/data/test_CA1.conf
|
|
||||||
@@ -0,0 +1,37 @@
|
|
||||||
+# Generating CA certificate.
|
|
||||||
+# openssl req -x509 -days 36160 -key test_CA1.key.pem -out test_CA1.crt.pem -config test_CA1.conf
|
|
||||||
+#
|
|
||||||
+# Generating CRL in PEM format.
|
|
||||||
+# First you need to reset serial number in test_CA1.crlnumber to match tests before:
|
|
||||||
+# echo 02 >test_CA1.crlnumber
|
|
||||||
+# Then generate CRL in DER format:
|
|
||||||
+# openssl ca -config test_CA1.conf -gencrl -out test_CA1.crl.pem
|
|
||||||
+# Finally convert it to DER format into test_CA1.crl.der:
|
|
||||||
+# openssl crl -inform pem -outform der <test_CA1.crl.pem >test_CA1.crl.der
|
|
||||||
+#
|
|
||||||
+[ req ]
|
|
||||||
+distinguished_name = req_distinguished_name
|
|
||||||
+prompt = no
|
|
||||||
+x509_extensions = req_ext
|
|
||||||
+
|
|
||||||
+[ req_distinguished_name ]
|
|
||||||
+C = US
|
|
||||||
+O = Demo1
|
|
||||||
+CN = CA1
|
|
||||||
+
|
|
||||||
+[ req_ext ]
|
|
||||||
+basicConstraints=critical,CA:TRUE
|
|
||||||
+keyUsage=keyCertSign,cRLSign
|
|
||||||
+subjectKeyIdentifier=hash
|
|
||||||
+authorityKeyIdentifier=keyid,issuer
|
|
||||||
+
|
|
||||||
+[ ca ]
|
|
||||||
+default_ca = test_CA1
|
|
||||||
+
|
|
||||||
+[ test_CA1 ]
|
|
||||||
+database = test_CA1_index.txt
|
|
||||||
+crlnumber = test_CA1.crlnumber
|
|
||||||
+certificate = test_CA1.crt.pem
|
|
||||||
+private_key = test_CA1.key.pem
|
|
||||||
+default_md = sha256
|
|
||||||
+default_crl_days = 30
|
|
||||||
diff --git a/t/data/test_CA1.crl.der b/t/data/test_CA1.crl.der
|
|
||||||
index 5f2cf7cda71eb473f8732060d87718b8be25bf1b..c3948335cddf709f0d88598194ea850b95b64e62 100644
|
|
||||||
GIT binary patch
|
|
||||||
literal 438
|
|
||||||
zcmXqLV%%iVIGc%)(SVnYQ>)FR?K>|cBR4C9fwm#H0Vf-CC<~h~Q)sXup8*eu!^Oku
|
|
||||||
zlA4=uXvky01>!UFFgrUMit`#;7+4sZ7#bNH7+OYwxt4~;P_BWFfd~_`kVzy^+{nP#
|
|
||||||
zz|z3bz{1!f3L*+p4G}dkwJ^1eS^%^OY__Zj3o{cV6Pml2n;01xvTf1={1^(`!uN&U
|
|
||||||
zy1D$z!<Cg6SKXJYe_)m%u2i&hx$w*Mtm7u^0`)bmk)HzAeR^7&sls7f;Sty{)$O>d
|
|
||||||
zK(NAL+o-QKJDKL{$5%W%Qu_a~6<1Vi_y3ulM^4A+rC2{Xxz3Sk=7bfy^F)@hzK|@D
|
|
||||||
zIBXx|tdyzu%S1<i<=y2id9HjWYi<6lULrMl-u;&wmX^JJX||x-boPJtBU;Noo@qIs
|
|
||||||
zAFWz8#q@n#{F{oGe49k3&zt*D&*<varmcCC*4^;C+Gew0*A@A$P}ybb86v@jVZXP}
|
|
||||||
za=9_x`Et5_YZzl&o=;QT<r5}SZKs&EIO=rQ*tv)b&3(r5d9vNB8@H?FU&q`!Bn$w*
|
|
||||||
CGn?E1
|
|
||||||
|
|
||||||
literal 389
|
|
||||||
zcmXqLVr(>Me9gqjXu!+HsnzDu_MMlJk(HIfK--YpfRl|ml!Z;0DKyxS&wvNS;Sy$b
|
|
||||||
zNzKhSG~_Yh0`ZxJnVlUC#d!^l42%sd4Gaw|3=E>cToWJ@!ZoNduwh~rGKoZ1W^55<
|
|
||||||
zpawQWR+NRAi;>wt0%)GB1dE^qzmWloaS+`QQ$dy(m|B=xqUvVErW>dZ=$HjSmqY9k
|
|
||||||
zVPR%sWJ2>Nb7LdJ&gZOGTXHu?F8yjC8E|4>4tL(IwIUA6Q%e5DS9)(%=5@V%dy&E=
|
|
||||||
zSKXJ3wr|=fQak06ZIn{w&XC=a;nwl02@A_^UFh+h^6s&p_s$s0;$jc4!gm(uR;hk)
|
|
||||||
u(v$Eiu=u;vQ^{mgDnm=ScfrSX`&!d>w`Z+0OaHazVsy4$i0A>|I~f3)J7|*t
|
|
||||||
|
|
||||||
diff --git a/t/data/test_CA1.crlnumber b/t/data/test_CA1.crlnumber
|
|
||||||
new file mode 100644
|
|
||||||
index 0000000..9e22bcb
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/t/data/test_CA1.crlnumber
|
|
||||||
@@ -0,0 +1 @@
|
|
||||||
+02
|
|
||||||
diff --git a/t/data/test_CA1.crt.der b/t/data/test_CA1.crt.der
|
|
||||||
index 8031955a343260c858d3ad207938f08543809bc4..01e7c745fd99c3233f5c8f0eb92484471f1e6a85 100644
|
|
||||||
GIT binary patch
|
|
||||||
literal 831
|
|
||||||
zcmXqLVzxGDVp3kf%*4pV#L4h!Rc|(n^zzjPylk9WZ60mkc^MhGSs4tp4Y>_C*_cCF
|
|
||||||
z*o2uvgAMr%ct9L39#)ss+<Zer9s@2ApP7f*+0oEIL7dmn!ob4N#K6+X)W9-Ig5Su{
|
|
||||||
z&>ScL<bVZ8Gp>nI3E4S}tPIRejQk7+O^jSjO^l2TFU4Y)bsjn9&-i?Hs&q=A15=@=
|
|
||||||
z>!IHz*TPipFv*?#_mQLg?FFOSz&z8$bK7_>$0fIRaD}fpv*~_bxOZ0cy%0&egJN#}
|
|
||||||
zKNCM@Ox<%qIaoMK@qxr|xm7W5Y%lt)y1rb@J$vriJwGNiRH$tDSiYiu;hOK!PafU1
|
|
||||||
zlq<aHe>9kFVb+~F8uRvY&x*OmFzF`O(*s9plJf8Fz9y%jc=nWP#JjsJOs}NF)SK?z
|
|
||||||
zNUGiO(PP?rFZT)3+dC%tPFbMQ?N#0)%3;^m?lbM@orSCR9z4++IHj({jYGv~-icmc
|
|
||||||
zfpvf8KCW2g_>)&a=TTf~!bI1kP`MjlUw_`co?pCvPg?%ub5j;dJ8fiQW@KPooL~@V
|
|
||||||
zzz>WBSz$)T|17Kq%s|S38zjKb!UBw4HUn7@hmS>!MPzaDm*x*!=2i(vU5$O%@%4J~
|
|
||||||
ziZFizd62X+i-dt#19k<dNdg!Lj0_K$*_eK{C}#azywyl0Ds9eZO`+nsC)+;Fnfj$)
|
|
||||||
zC}eum<CIDJCRr>g$ts?a!4s2uWUb7RTOM13ub+P~&%i3Ge_C(*xwEf-i|w9$T}<k>
|
|
||||||
zo?TQ_<RsY#Y|FzZefIk5TK9i~(f$QDzp~0lTrGHUc8B7uXM&&f793a8eCmI1+w|i{
|
|
||||||
zxb~fjo%PaY@r^%ca(8`aD_yLgSGFPNM<#0)mrKTHfe#%A6q|0T3C&%)R5PW=YNA*f
|
|
||||||
zXWKQ+{r64yD)oN-VDV6>EX`T*;OXQ)mF+%LbM!lRzT`|ip?rv|%0uzc{hXLA`3a>v
|
|
||||||
l%Vo_{f4yg3QW-yG+pTNNPH}S6KC2$lyK_)5e5FtFCIFX)M(Y3o
|
|
||||||
|
|
||||||
literal 550
|
|
||||||
zcmXqLVp1|_V(ebP%*4pV#4KbIX28qFsnzDu_MMlJk(HIfK--YpfRl|ml!Z;0DKyxS
|
|
||||||
z&wvNS;Sy$bNzKhSG~_Yh0`ZxJnVlUC4HU$A4UG&8fe;L$B>0UCfxyTZh)gX_Eu%;?
|
|
||||||
zu5muHYZzG>m>YW;3>rI`8XFl-$1E`8ZhxQoW%}E^(-)5zuP)O~a+#rP@aTeGoWJ{(
|
|
||||||
zXgP<YWgi~|#NJtOpK0Hzh+Wf{+fKfqEW=j+()4mz^2V(eDzUqdPiJSjH|3Gcl=Z2J
|
|
||||||
z6AYd>+1ym_Q+4dv5G%?1N@UH{9~UgOTc3yPDo=c}pQWZ+<K43##@%5(HX?7GHeF?6
|
|
||||||
zW@KPo9Apq+zz+-nSz$)T|17Kq%s|RO79_yOBE}+eLgv;au9Y4fR%K<P7Azl4Zi-$|
|
|
||||||
zFyIDB^Ruu3gPhGkkc~5;&4aP+hZ7?sNQi+Q*~`EPU<Uft?J7h3;z&uCdnJF@-dxB%
|
|
||||||
zU&)qLWwX%VOp&>{f_e+(4r{n*-`?}`mBQ3BKfT4BAKFhfzu$ALtxWyw`TX372cgWX
|
|
||||||
zDrFZW@R#+3|K8E<cqVkgq20IYzB#IF-uv_Mru}tG*PLD+{3~UB+|q6Fn^Su(-PxY~
|
|
||||||
TT4H7auk;zVYy%?~W2K7#io&(K
|
|
||||||
|
|
||||||
diff --git a/t/data/test_CA1.crt.pem b/t/data/test_CA1.crt.pem
|
|
||||||
index 20196a8..bf94476 100644
|
|
||||||
--- a/t/data/test_CA1.crt.pem
|
|
||||||
+++ b/t/data/test_CA1.crt.pem
|
|
||||||
@@ -1,14 +1,20 @@
|
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
-MIICIjCCAYugAwIBAgIDEjRWMA0GCSqGSIb3DQEBBQUAMCsxCzAJBgNVBAYTAlVT
|
|
||||||
-MQ4wDAYDVQQKEwVEZW1vMTEMMAoGA1UEAxMDQ0ExMCAXDTEyMDEwMTAwMDAwMFoY
|
|
||||||
-DzIxMTExMjMxMjM1OTU5WjArMQswCQYDVQQGEwJVUzEOMAwGA1UEChMFRGVtbzEx
|
|
||||||
-DDAKBgNVBAMTA0NBMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAy1ygNguH
|
|
||||||
-72n0l+1uy9HEM6t2LWJEmC0w4tAuXk9H1FseQMV28eBQXdyg3wK+yli6l6c9k9Aj
|
|
||||||
-HAZ/6TXTVmOxtTgkXbvHlwcE3pTiHJSvZWGQMORCPNkjjiVBiLBdGQ3qFKyV+NA5
|
|
||||||
-K4XnVy0jkeS/BHx7KO7m+DOLVow8FO1CstUCAwEAAaNSMFAwDwYDVR0TAQH/BAUw
|
|
||||||
-AwEB/zAdBgNVHQ4EFgQUyBzakgqpSAg6dnYVOATxNNkV0CAwCwYDVR0PBAQDAgEG
|
|
||||||
-MBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG9w0BAQUFAAOBgQBG1QBfo1kZRN50
|
|
||||||
-/a3ZoQufIj0FJLMS/WkUnW0RLqEewyhEK9u86eoglcz5SxdD4T+VN9+MxoZ2J83P
|
|
||||||
-b21Y4FUDqnkdoGAPdoxX+7iLQcxVoMK72n72QSSzvfnjsr9+pazLp1P6ZK9epbZf
|
|
||||||
-s2WM0ty3a+sYmXANG8wGazAyRDMi0Q==
|
|
||||||
+MIIDOzCCAiOgAwIBAgIJAPKqjWsEG6erMA0GCSqGSIb3DQEBCwUAMCsxCzAJBgNV
|
|
||||||
+BAYTAlVTMQ4wDAYDVQQKDAVEZW1vMTEMMAoGA1UEAwwDQ0ExMCAXDTE4MDgxNDA5
|
|
||||||
+MjUwOVoYDzIxMTcwODE1MDkyNTA5WjArMQswCQYDVQQGEwJVUzEOMAwGA1UECgwF
|
|
||||||
+RGVtbzExDDAKBgNVBAMMA0NBMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
|
|
||||||
+ggEBAOkWXaaJxMZPAeebZRtkUUACcUlFwvt01lYk3AIeyf7xCHft0DJ9UW41Yc62
|
|
||||||
+DNNeY4WICleozLLfbldLalveVBk+wRZGT/lh8WiVvNAjUxNaIeAY+x6qXOw90U6q
|
|
||||||
+16cWR2udzbz4kIB4JLDxd6h/oaz3W+Ti3TkecdlPxVMGoWrcnCievQuaXNYAktkK
|
|
||||||
+5cDEfGJv3bvWHiAhzcolWO7dBALqG1Yngt7YYn248UiWr0pHkBu3iJJNlKAoi0p3
|
|
||||||
+hBUIPoaHTJb53KGqvcHIhVGUfnRGCCQynsiNTRCu/J3jeKJB+Q0QLOJedWCRRWJV
|
|
||||||
+Htj16/O7rw8Xf7xmb5POlKEbQrECAwEAAaNgMF4wDwYDVR0TAQH/BAUwAwEB/zAL
|
|
||||||
+BgNVHQ8EBAMCAQYwHQYDVR0OBBYEFKNz9IPwtJ16EBrVXeGI9ddzqFZPMB8GA1Ud
|
|
||||||
+IwQYMBaAFKNz9IPwtJ16EBrVXeGI9ddzqFZPMA0GCSqGSIb3DQEBCwUAA4IBAQDg
|
|
||||||
+AwYC+oQhav6jtTIkWmac8ykSc53JhvKclfSPElSXguNkkr6SOKR0anOYaAxcZcSt
|
|
||||||
+HMTaSLVT18/gnjA6Wo+WjYfOzev7Frub1xYa2y4+WlpZkh3gBqdXkvNK9UV+/5Ay
|
|
||||||
+v6DZ9QUfWNVw6M24IZrmEfIuoMcmKeVP3raXx8QKvspdmuk8o9j8zG269wZ1oy9u
|
|
||||||
+drBs+GkFagpEaPMQ8IjAIYLaJhKdpaUpZIw6kRZ2CYbWKb/fNA55Lvr4BEggeXVs
|
|
||||||
+qODlk/x5h0yVbC+JuekJYcgjwgp6SCHC32xcah+Qdbl3HTZl+u8DpHlflLba1gNC
|
|
||||||
+Xh6W8yXELtzBEVepTGOy
|
|
||||||
-----END CERTIFICATE-----
|
|
||||||
diff --git a/t/data/test_CA1.key.der b/t/data/test_CA1.key.der
|
|
||||||
index f47e283ca3590063a86aa5297bf1ef0c1981b945..59d9ea111028173c4c6e1e720d8c21d216b0fb55 100644
|
|
||||||
GIT binary patch
|
|
||||||
literal 1190
|
|
||||||
zcmV;X1X=qqf&`)h0RRGm0RaH%7G0)^#Kunn=bL34WKlo@aY;qO`*hY;B-{cX$^P*O
|
|
||||||
zckR$JeNk>TVa~P;(_UkRhzeJz%(CBZS4(PJ-c%Vr!4^hO`C;*BmAud+QxjSt;28TJ
|
|
||||||
zs$A?n(N3z@rxr(Roz1-Xkbrn3u<>`Of1#}RTjb*1IUaG@PsLLPp=#WmD4x9wnq1ZZ
|
|
||||||
zlGzI7z{GrFZ{54r9v~sj$|YFt-2?*a8&)TR-q>P&xbaAquS!Rd8@Gs(O_ZQ0i%NHd
|
|
||||||
z6$n0thfJ3F+@Y$y!N`SClzwzZ2qZF|$c;@9uKb<jc%ni14G=8iUUguRMPgMR*!Ao4
|
|
||||||
zyRQ!yf4pXIlg^Z(8$z)H0|5X50)hbmZusd5dm1KKLrvqH6_|rwcuPB3ZDo$o<sOr0
|
|
||||||
zrvw1b{QE3SEnT3&S;YZIhkvrRt3rdi3~{*6%a-6C`7$=s_8zm|G66?&N*d5qKpit*
|
|
||||||
zd^J~ZXTUI#fi(ZYGXE$FMBq}bpQ0S77QgS7%CJdiGBunTuDzWT6D4_y_v0=eh0|-F
|
|
||||||
z4LTW^i0x}hP6sZXZM0qYyS4Chmt@{SrVE0;CrezwV7nv-o7#*FVrySyvn;<m9=-j%
|
|
||||||
zKdIWZ!;vary&01xX$CvipiQ{j_d&otAm~-blKpK?3^#Rd%wr)Q`6(Jtor7p<`D~tu
|
|
||||||
zn={#4m5Sr>r8o_`bK_}^-kRm%0)c@5_lO}qDXFA+69pqis@XK5Zt9P6>eWhsat4Mw
|
|
||||||
z>-Jh8^bgLA1c+!a4(9g96RrOhEyK@nA0jc$=LmS|_FvW_dn?7JcZ*ml8dXDWJK^47
|
|
||||||
zF!D1T&av8Xuu)7_*zK~S!`*S}7=DN6gKQQ0<)rt2qobj~XlLA)Zw}ZZbfwB20)c@5
|
|
||||||
z@ejL}jhdZAB~SViby=b*wtDO2`6nq>X9$yQ{J|wmjuegURG7J_r4d>PTh^I4)C?Q*
|
|
||||||
z9)Veux$pD=*W~t~fc3D2LC(V9)3%*NbWD_@PSuC5aq5mV{dADtK;!->+`VD6eMs3r
|
|
||||||
z>tv8Zly{`|`pbq6?6z3BPwceJbg!1B0)c>OnzB=!%DPz1Jd5Z;OPHXh>3ez8rdzt8
|
|
||||||
z>ldlW>A6}3#u%Wp?p{Q7UnDu2v&i@eCRzc*#+vB$fG^eIKGEc~7vQ5jtv*+Z+=YL<
|
|
||||||
z<cKp7uEP(nKS8R34y`)?A*k%Q6KUQp#SO+k(}gV^d|Ue<omUL^ei$aBLiz&vF(M%X
|
|
||||||
zfq*;V#Gk31cH^$WCq>?n-H)#v>Fj@46BN6Xjmym)&Au+JJalkJU>97e>dTnKzFRku
|
|
||||||
zs(-><FMOJl*ztTw3|r!@C8Tt$fDDO?8<rid$X;n?@x_bQ&}^w`gL5)_aBqetC09tO
|
|
||||||
z2oLaSlFWBSAzhgNW!2wDjMBT``6;mS&0zw8fCO%29Nhc7wI$JrU0>U-3ulc3C-6jZ
|
|
||||||
z@Xa5J4~-GMFDGKVjdT%l6+scKi(o>4^t-B*j_mPRlXLiWs^#?&{}6`gNSrD!Fs
|
|
||||||
z6Q1~>kmz>A=cmsy`o;aNZ|s@8XEs$`9qUEZ`V1-=dlq~O$gm&Y!T7wdiWgQ#Jr<?O
|
|
||||||
EJ2kXXod5s;
|
|
||||||
|
|
||||||
literal 610
|
|
||||||
zcmV-o0-gOZf&yLw0RRGlfdI=~pf(GK?`iax?QYA_#51dQEn-BNEimHHE?!SZ)LR}v
|
|
||||||
z#dh)FP+i=h-vYkMSh|;|J(JKQ90q^sHPcpOv9&lPUAxDZ2L#@f;vAH(Wnqvo<U%~z
|
|
||||||
zBaS6Oh_GE54eAuEmH5y(D~0D*EhCZSzXW`HDDLL?GmBP?JQVFhveg0u0RRC4fq*)^
|
|
||||||
zp(UFI12~pN|8*VrlXTq_KplScc`*Wk;IgW*b9-^@fm}|OT!0V8gF`mD84#n^(J4(=
|
|
||||||
zrn8mgRREfnCh$#Inpqu<xfA@50NeXGgpv1WkZJ0<;6pl_)ylBxXCH&P`NO2u0e%US
|
|
||||||
zW_7`Vb_B#w%86AetP(}7f#rgDg$)8h0Qp?AsUgVO$H98kPEyeRi{hsD#@mP966F~Q
|
|
||||||
zh9>xazG-J6cx0ZM|Fn$ONT|>~UES-}LGo_SzNV{ytC(g?*8)KR(8hC!krOVdrh*Ks
|
|
||||||
zd`0U%Xz1ZNDdpp(Q-ZHDAc~L2!3|vwNCvtUWL8u7>(Z4GjRs)xCH|#FF!a58{W&}{
|
|
||||||
z0zm+n1A9Wx<*{9*1xyFCRMgl~1D9zM%W(zs!=IYCha^1D<eu`?<QjQrhqKxDk9ygT
|
|
||||||
zKnD$s%^(~3Uh~1H)-_=QK>*1?1kQO&Oo%Q5-^0(KcMVE}bJ%YaHAjLWP*J)Z*iCOl
|
|
||||||
zI+!uWic4hG^Gw;tz5A6uxa7VAqrLZAb?m`@6A=PI0MW|-r=v@lMzw7_Wv4G)sakMm
|
|
||||||
w4XEt$gdSh2A*|=jsV7%bB;&F&mlQ=Y8`dPBSMURc#tTr?jsQ)2o|)<zV1+>_GXMYp
|
|
||||||
|
|
||||||
diff --git a/t/data/test_CA1.key.pem b/t/data/test_CA1.key.pem
|
|
||||||
index 78f0c3b..f3bd4a0 100644
|
|
||||||
--- a/t/data/test_CA1.key.pem
|
|
||||||
+++ b/t/data/test_CA1.key.pem
|
|
||||||
@@ -1,15 +1,27 @@
|
|
||||||
-----BEGIN RSA PRIVATE KEY-----
|
|
||||||
-MIICXgIBAAKBgQDLXKA2C4fvafSX7W7L0cQzq3YtYkSYLTDi0C5eT0fUWx5AxXbx
|
|
||||||
-4FBd3KDfAr7KWLqXpz2T0CMcBn/pNdNWY7G1OCRdu8eXBwTelOIclK9lYZAw5EI8
|
|
||||||
-2SOOJUGIsF0ZDeoUrJX40DkrhedXLSOR5L8EfHso7ub4M4tWjDwU7UKy1QIDAQAB
|
|
||||||
-AoGAOryhJZsFAziWRf91HfeTdN0UQB1+9HkxAoHgsqqxc3tx7IFcTpZcgA/Gg0M2
|
|
||||||
-uhkQo9bRKU1XprOV5FUAmpYm8E1YmlkdjbkT/JAA2/s4hJH3Z5Bp6rngQzqb1cqw
|
|
||||||
-6Wcfg7n5w6TVAX4Jk2Z1wYF2BMRQyolVKawSRa2B5YJ4hQ0CQQD5XLOpIcjZx8F6
|
|
||||||
-1E5S0P6L4qb3xtuH3hLlGQmGJvh+vmlnIXhknpr/tIzWSKjQPV3d69ZB8m7Ovqar
|
|
||||||
-gKuYZkzXAkEA0MZziJETLqmmggyrfEXrPmjo4Tkp5eOlU4KvMiCKj8fBDV0OSAa6
|
|
||||||
-FWRWU/jr0pURjQZg8SX+pUUw9L16/Tk8MwJBAJgDe0LP5bFdpQVMB7NU1NhSA5dp
|
|
||||||
-EstxBfPDn5q4hyQ8z+Se8tXkGnlnh7PZ94962Y5ABw2MzSAb+V7zwafWNWECQQDJ
|
|
||||||
-QQTOeUtMiC4C38PPoHcNSoRz2G8TNUeCIVBRuhzYTW9EOpgxxopLZNXzTNnHvfuV
|
|
||||||
-PrjkvgOjvfdbdezBfhMRAkEA0cr/p6NLmEa1bTtlpy9dqVpwZg2o7PKEHl+qIazn
|
|
||||||
-zKknV1Ik47IylxRFMRvWJJ9X8AOFxgtQ1I4ATXuemeoaYA==
|
|
||||||
+MIIEogIBAAKCAQEA6RZdponExk8B55tlG2RRQAJxSUXC+3TWViTcAh7J/vEId+3Q
|
|
||||||
+Mn1RbjVhzrYM015jhYgKV6jMst9uV0tqW95UGT7BFkZP+WHxaJW80CNTE1oh4Bj7
|
|
||||||
+Hqpc7D3RTqrXpxZHa53NvPiQgHgksPF3qH+hrPdb5OLdOR5x2U/FUwahatycKJ69
|
|
||||||
+C5pc1gCS2QrlwMR8Ym/du9YeICHNyiVY7t0EAuobVieC3thifbjxSJavSkeQG7eI
|
|
||||||
+kk2UoCiLSneEFQg+hodMlvncoaq9wciFUZR+dEYIJDKeyI1NEK78neN4okH5DRAs
|
|
||||||
+4l51YJFFYlUe2PXr87uvDxd/vGZvk86UoRtCsQIDAQABAoIBAG746Ql7GiZYQ03j
|
|
||||||
+nBWYg154SztZbWWO0OUek2inBADO/PssTC1doMFZxQFHh3+ytqtCg7oMcbjPy5bg
|
|
||||||
+HvkyNtP2HrPeMgFHckoa0FRAHTNffDVXb2fAMJGBNP/BMv8oCkTgUq2fohyoFr/v
|
|
||||||
+lsqwSWcyNZwZrr2dExMleYr34y4ehdNrnw06GZiI7WtJTgcunW20Xfe7tfBzl2Te
|
|
||||||
+QaYLgr4nS1zAYLskB5vajAxia19ksyy/Ox69/bw/qdq0w5EqYL0ZkyZpBjvWoE24
|
|
||||||
+2/dBwD0g6FXGkv1tTgw3dW7MYyEe+SkaT52DaGr5bJ6ImzPZW5WK4/GlOA26c+Np
|
|
||||||
+jd6a5eECgYEA94ghPSmppHkTBSNGqtk0oW7qj3Lq1UqAcgaGO+v2WiD0D86MBIho
|
|
||||||
+Lw7m9scTrf8VLcPPcB8iMc3nCHjp9l/WInsrxaZ3i1gpGlVDbTvh3mAw8jMczrHa
|
|
||||||
+cLBRTFbY7bKiw91x6hh+h+eDbBX65aT3f6OjocBoZ9yXbw7YInSlyh0CgYEA8Q+7
|
|
||||||
+lo2anUQlT/oSdVmiKbZ66+T5JylWZwiTbPzBJUyOFI3tVJi5qKURWghb1pk41Awb
|
|
||||||
+8x6BWZS57/QB1+T2oID1sIVBzsLg07adRHRMlKJO1YeuceqONP10kN5A4/4o3L1h
|
|
||||||
+tH1I2UDrZJBClHek9vrLhg7stli5T+y0zHSvlqUCgYBpmrJTncq6WM08i+hCS5ig
|
|
||||||
+pul7edOmW7qg6xepyOm5WgXGGKCz7l5EdV8kOZqzyPgIJloBw8aa6PWAL9XhPtHk
|
|
||||||
+tBfgozytPleK3IV/vOSIMxGuww+vP0Gqgg6tOwAhqOy4E2neLcUNxj/ThS0dfFv7
|
|
||||||
+IJ1XDPd+GCajQvoC+TEiIQKBgDvhxJ+pnXbjrsEnRd6Q3Y+vHOnsf1gTFLuTjcvN
|
|
||||||
+Hc2+Lq08dHBHYBdcqerLmMS+WzeRqn/CXC98mpPY8XxIDFvirSWkdKyADImLG5Yd
|
|
||||||
+rcheaWbxxYvW0GypaYNzMntwb4YmJVdIqAgP8GmSzHdFIV2Y/2XV30eM0rvf+Smw
|
|
||||||
+8s1hAoGABG5kHNz7vLUl0YhdX9uuC2eNAyfwRHHwzR+KD40RvS8nYruNdBFxFUER
|
|
||||||
+rItgQoD0u6qUjuzxWJNz+HWq5fURccov5xWdb0+laCWtE574oJDodsTnp88y+sX9
|
|
||||||
+rW/smbxnNlVdHetF1PoMKhl7FnwKyLAf3sH4vK+KF1ZHPRalyTs=
|
|
||||||
-----END RSA PRIVATE KEY-----
|
|
||||||
diff --git a/t/data/test_CA1_index.txt b/t/data/test_CA1_index.txt
|
|
||||||
new file mode 100644
|
|
||||||
index 0000000..2a43cd5
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/t/data/test_CA1_index.txt
|
|
||||||
@@ -0,0 +1,2 @@
|
|
||||||
+R 120309010800Z 120309010838Z 123459 unknown /C=US/O=Demo1/CN=foo
|
|
||||||
+R 120309005800Z 120309005859Z 12345A unknown /C=US/O=Demo1/CN=bar
|
|
||||||
diff --git a/t/data/test_CA1_index.txt.attr b/t/data/test_CA1_index.txt.attr
|
|
||||||
new file mode 100644
|
|
||||||
index 0000000..e69de29
|
|
||||||
diff --git a/t/data/testcert_wildcard.crt.pem b/t/data/testcert_wildcard.crt.pem
|
|
||||||
index 7270c0c..4ca418d 100644
|
|
||||||
--- a/t/data/testcert_wildcard.crt.pem
|
|
||||||
+++ b/t/data/testcert_wildcard.crt.pem
|
|
||||||
@@ -2,15 +2,15 @@ Certificate:
|
|
||||||
Data:
|
|
||||||
Version: 3 (0x2)
|
|
||||||
Serial Number: 137826015233 (0x2017121801)
|
|
||||||
- Signature Algorithm: sha256WithRSAEncryption
|
|
||||||
+ Signature Algorithm: sha256WithRSAEncryption
|
|
||||||
Issuer: C = US, O = Demo1, CN = CA1
|
|
||||||
Validity
|
|
||||||
- Not Before: Dec 18 17:15:18 2017 GMT
|
|
||||||
- Not After : Dec 19 17:15:18 2032 GMT
|
|
||||||
+ Not Before: Aug 14 10:19:01 2018 GMT
|
|
||||||
+ Not After : Aug 15 10:19:01 2033 GMT
|
|
||||||
Subject: C = US, ST = State, L = City, O = Company, OU = Unit, CN = *.example.com, emailAddress = wildcard@example.com
|
|
||||||
Subject Public Key Info:
|
|
||||||
Public Key Algorithm: rsaEncryption
|
|
||||||
- RSA Public-Key: (2048 bit)
|
|
||||||
+ Public-Key: (2048 bit)
|
|
||||||
Modulus:
|
|
||||||
00:bd:5e:c6:d8:01:f5:cf:85:fe:eb:9b:60:dd:e8:
|
|
||||||
8a:98:09:59:5a:71:fc:a2:ad:38:73:0a:cd:d9:5e:
|
|
||||||
@@ -45,21 +45,28 @@ Certificate:
|
|
||||||
X509v3 Subject Key Identifier:
|
|
||||||
4B:42:86:BA:E2:BE:3D:40:0D:11:1D:66:E7:BE:94:39:B2:84:D3:06
|
|
||||||
X509v3 Authority Key Identifier:
|
|
||||||
- keyid:C8:1C:DA:92:0A:A9:48:08:3A:76:76:15:38:04:F1:34:D9:15:D0:20
|
|
||||||
+ keyid:A3:73:F4:83:F0:B4:9D:7A:10:1A:D5:5D:E1:88:F5:D7:73:A8:56:4F
|
|
||||||
|
|
||||||
Signature Algorithm: sha256WithRSAEncryption
|
|
||||||
- 20:cb:ec:9d:8b:e8:2d:61:74:5e:30:b0:95:88:4e:80:09:df:
|
|
||||||
- c9:7f:b0:c9:d2:19:4e:2c:5a:eb:02:0f:ce:e8:8a:52:fa:22:
|
|
||||||
- 59:b1:c3:7b:39:db:f0:7d:9a:91:19:ef:d5:f7:73:5b:6b:47:
|
|
||||||
- 3d:48:c3:c7:4a:2e:7b:7f:3d:ff:65:53:11:21:95:2c:00:fd:
|
|
||||||
- 39:76:25:8e:05:68:c4:b9:cc:bd:ca:28:60:bf:6d:4c:00:d0:
|
|
||||||
- 4e:b4:4c:62:6b:34:48:2c:60:b9:33:76:3f:3b:72:57:11:ec:
|
|
||||||
- f4:2d:5f:b3:f1:a1:c8:d4:5b:5f:23:6b:b0:ec:28:5a:0b:43:
|
|
||||||
- 7f:e3
|
|
||||||
+ 07:43:9b:e0:21:e6:e1:40:35:09:f3:d6:62:0d:7c:d2:6d:78:
|
|
||||||
+ 75:6e:59:57:00:d9:4a:b2:cd:9f:9c:d2:38:85:bc:f4:d0:bd:
|
|
||||||
+ b5:20:06:af:ed:ae:0a:19:2a:01:af:25:4b:e3:3a:c7:58:a9:
|
|
||||||
+ 5f:bc:86:6a:24:30:2d:0d:bb:1d:3f:dd:98:75:9a:4c:1d:d0:
|
|
||||||
+ a1:8e:43:11:b9:3a:ba:c5:e4:ec:0c:6c:da:b5:34:2a:ab:3f:
|
|
||||||
+ fb:87:27:d2:32:ca:f9:65:1f:f2:ed:e7:7e:c0:11:30:5e:3a:
|
|
||||||
+ f7:97:58:52:ff:e1:be:93:cd:96:03:48:53:bf:58:65:a5:20:
|
|
||||||
+ 09:d9:9b:7c:03:f0:39:61:28:01:92:3e:27:ed:bd:0d:94:06:
|
|
||||||
+ cd:dc:d2:34:04:99:29:fa:5e:1b:bd:70:0f:86:5e:30:df:33:
|
|
||||||
+ fc:4c:89:b5:56:a1:f6:24:c9:1f:aa:86:ef:51:62:39:22:a9:
|
|
||||||
+ a1:ed:d2:42:f6:c0:c9:45:7f:d7:ce:3a:18:ec:5a:8e:57:2e:
|
|
||||||
+ 48:c7:d8:90:1b:a6:2d:30:4b:ad:3a:f4:a7:90:ed:da:37:2f:
|
|
||||||
+ b9:9c:ba:3c:08:b6:d7:53:d9:ae:34:5f:9a:02:8a:65:20:93:
|
|
||||||
+ 17:be:e5:7e:3a:11:10:8e:d2:0c:58:bf:20:32:02:f8:05:de:
|
|
||||||
+ cd:2e:82:f1
|
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
-MIIDhjCCAu+gAwIBAgIFIBcSGAEwDQYJKoZIhvcNAQELBQAwKzELMAkGA1UEBhMC
|
|
||||||
-VVMxDjAMBgNVBAoTBURlbW8xMQwwCgYDVQQDEwNDQTEwHhcNMTcxMjE4MTcxNTE4
|
|
||||||
-WhcNMzIxMjE5MTcxNTE4WjCBijELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVN0YXRl
|
|
||||||
+MIIEBzCCAu+gAwIBAgIFIBcSGAEwDQYJKoZIhvcNAQELBQAwKzELMAkGA1UEBhMC
|
|
||||||
+VVMxDjAMBgNVBAoMBURlbW8xMQwwCgYDVQQDDANDQTEwHhcNMTgwODE0MTAxOTAx
|
|
||||||
+WhcNMzMwODE1MTAxOTAxWjCBijELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVN0YXRl
|
|
||||||
MQ0wCwYDVQQHDARDaXR5MRAwDgYDVQQKDAdDb21wYW55MQ0wCwYDVQQLDARVbml0
|
|
||||||
MRYwFAYDVQQDDA0qLmV4YW1wbGUuY29tMSMwIQYJKoZIhvcNAQkBFhR3aWxkY2Fy
|
|
||||||
ZEBleGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL1e
|
|
||||||
@@ -72,8 +79,11 @@ LU5cgpUvoGJ4WWUGAbcCAwEAAaOB0TCBzjAMBgNVHRMBAf8EAjAAMB0GA1UdJQQW
|
|
||||||
MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAXBgNVHSAEEDAOMAUGAyoEBTAFBgMpAwQw
|
|
||||||
RgYDVR0RBD8wPYINKi5leGFtcGxlLmNvbYEUd2lsZGNhcmRAZXhhbXBsZS5jb22H
|
|
||||||
BAoUHiiHECABDbgBSAEAAAAAAAAAADEwHQYDVR0OBBYEFEtChrrivj1ADREdZue+
|
|
||||||
-lDmyhNMGMB8GA1UdIwQYMBaAFMgc2pIKqUgIOnZ2FTgE8TTZFdAgMA0GCSqGSIb3
|
|
||||||
-DQEBCwUAA4GBACDL7J2L6C1hdF4wsJWIToAJ38l/sMnSGU4sWusCD87oilL6Ilmx
|
|
||||||
-w3s52/B9mpEZ79X3c1trRz1Iw8dKLnt/Pf9lUxEhlSwA/Tl2JY4FaMS5zL3KKGC/
|
|
||||||
-bUwA0E60TGJrNEgsYLkzdj87clcR7PQtX7PxocjUW18ja7DsKFoLQ3/j
|
|
||||||
+lDmyhNMGMB8GA1UdIwQYMBaAFKNz9IPwtJ16EBrVXeGI9ddzqFZPMA0GCSqGSIb3
|
|
||||||
+DQEBCwUAA4IBAQAHQ5vgIebhQDUJ89ZiDXzSbXh1bllXANlKss2fnNI4hbz00L21
|
|
||||||
+IAav7a4KGSoBryVL4zrHWKlfvIZqJDAtDbsdP92YdZpMHdChjkMRuTq6xeTsDGza
|
|
||||||
+tTQqqz/7hyfSMsr5ZR/y7ed+wBEwXjr3l1hS/+G+k82WA0hTv1hlpSAJ2Zt8A/A5
|
|
||||||
+YSgBkj4n7b0NlAbN3NI0BJkp+l4bvXAPhl4w3zP8TIm1VqH2JMkfqobvUWI5Iqmh
|
|
||||||
+7dJC9sDJRX/XzjoY7FqOVy5Ix9iQG6YtMEutOvSnkO3aNy+5nLo8CLbXU9muNF+a
|
|
||||||
+AoplIJMXvuV+OhEQjtIMWL8gMgL4Bd7NLoLx
|
|
||||||
-----END CERTIFICATE-----
|
|
||||||
diff --git a/t/local/07_sslecho.t b/t/local/07_sslecho.t
|
|
||||||
index 5dc946a..74e317a 100644
|
|
||||||
--- a/t/local/07_sslecho.t
|
|
||||||
+++ b/t/local/07_sslecho.t
|
|
||||||
@@ -285,7 +285,7 @@ my @results;
|
|
||||||
push @results, [ $issuer eq $cert_name, 'cert issuer' ];
|
|
||||||
push @results, [ $subject eq $cert_name, 'cert subject' ];
|
|
||||||
push @results, [ substr($cn, length($cn) - 1, 1) ne "\0", 'tailing 0 character is not returned from get_text_by_NID' ];
|
|
||||||
- push @results, [ $fingerprint eq '96:9F:25:FD:42:A7:FC:4D:8B:FF:14:76:7F:2E:07:AF:F6:A4:10:96', 'SHA-1 fingerprint' ];
|
|
||||||
+ push @results, [ $fingerprint eq 'C7:BC:62:F8:50:40:4D:0B:1D:9A:A1:16:39:8D:91:67:91:A4:1D:9D', 'SHA-1 fingerprint' ];
|
|
||||||
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
diff --git a/t/local/50_digest.t b/t/local/50_digest.t
|
|
||||||
index c181837..b2de4dc 100644
|
|
||||||
--- a/t/local/50_digest.t
|
|
||||||
+++ b/t/local/50_digest.t
|
|
||||||
@@ -179,17 +179,17 @@ SKIP: {
|
|
||||||
|
|
||||||
my $file1 = File::Spec->catfile('t', 'data', 'cert.pem');
|
|
||||||
my $results1 = {
|
|
||||||
- md2 => '6d89cda9599a54d03652f9464e8b6e51',
|
|
||||||
- md4 => 'ada352f40f1ca64f4168a8aae7c1a281',
|
|
||||||
- md5 => 'e060f11c6afa9e1f59a8e7c873aa3423',
|
|
||||||
- mdc2 => 'e9ca1fd1cfccfb450b402a0dd446db28',
|
|
||||||
- ripemd160 => 'cbd50056558b01b5e9ec67901b518462b5393e5b',
|
|
||||||
- sha => '79de0d0cc736d98b65f5d6b3ac89e65ca8d3b2a7',
|
|
||||||
- sha1 => '0267dd25bbd8930c537716d972dd9ba128846428',
|
|
||||||
- sha224 => '5b42d5a3b16a6cee821b03c41f0428b09b70695becb0aaafbc7d6419',
|
|
||||||
- sha256 => '764633a51af4ef374cabb1ea859cc324680cfeff694797e90562e19ffb71ab26',
|
|
||||||
- sha512 => '37e3a2e84aec822922c51d4d8d37bf003e1d85f55a4bf2fae2940a5aab5b32f7601c2a9cde5b9c6391aaa4ffef1e845f11d2f0b6a37a9b2f48fb7f6469f0a51c',
|
|
||||||
- whirlpool => 'b2dc90dbbc60e5e2dc28de3bdeab45fb2fa6d13d86ff14908130624a242e38ecc195b3b11a7ef137b77a24e9a0ba5be061ac1baa11892369286d613569199458',
|
|
||||||
+ md2 => '99c30267cbf14bc2841a5b7749ba1cc2',
|
|
||||||
+ md4 => 'd7dc371997d08d4da70501ecdfe6e09e',
|
|
||||||
+ md5 => 'e3fdc3024e8380af1d8dd3a2705ad5c9',
|
|
||||||
+ mdc2 => '44c546567b06aba23e6a808ad2210ad6',
|
|
||||||
+ ripemd160 => 'a8f3023b46590fff58733db0993fb0e66a7c2e33',
|
|
||||||
+ sha => '72bd01553288bc5e4ba558a85970d12a7c296e28',
|
|
||||||
+ sha1 => '9af9b8d6efc1efce1957944b6041fb3e299834b0',
|
|
||||||
+ sha224 => 'fc1ef172129181a1c104467a01300f6b12c472df93f65c545acd0b3b',
|
|
||||||
+ sha256 => 'c49f7c37cfb711b1e660da7567608f9433d1faf6cc903793aedbf61b6c66cfcd',
|
|
||||||
+ sha512 => 'de0fb6197c8e586bc16faf19eb53336ddc2971c2fb0c8ad24accf8bc1fd483357e98b6fc38efcd09c574ecb4ba82bf8f1451e29ba758dc8537a27f57bdc19d44',
|
|
||||||
+ whirlpool => 'f775be3610857166dd466ce9ae481c65d3938f6794b0b17294cb533b0a721b42de3726dbc15f22156778f333ddafb6db8997765a3e30ed436f6cab561ffab5de',
|
|
||||||
};
|
|
||||||
|
|
||||||
my $file2 = File::Spec->catfile('t', 'data', 'binary-test.file');
|
|
||||||
--
|
|
||||||
2.14.4
|
|
||||||
|
|
||||||
@ -1,225 +0,0 @@
|
|||||||
From e0b42b0120b941b5675e4071445424dc8a1230e1 Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
|
|
||||||
Date: Wed, 15 Aug 2018 14:46:52 +0200
|
|
||||||
Subject: [PATCH] Move SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE retry from
|
|
||||||
read()/write() up
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
Original OpenSSL 1.1.1 fix broke IO-Socket-SSL-2.058's t/core.t test
|
|
||||||
because it tests non-blocking socket operations and expects to see
|
|
||||||
SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE errors and to handle them
|
|
||||||
byt itself.
|
|
||||||
|
|
||||||
This patch purifies Net::SSLeay::{read,write}() to behave exactly as
|
|
||||||
underlying OpenSSL functions. The retry is moved to
|
|
||||||
Net::SSLeay::ssl_read_all. All relevant Net::SSLeay::{read,write}() calls in
|
|
||||||
tests are changed into Net::SSLea::ssl_{read,write}_all().
|
|
||||||
|
|
||||||
All applications should implement the retry themsleves or use
|
|
||||||
ssl_*_all() instead.
|
|
||||||
|
|
||||||
Signed-off-by: Petr Písař <ppisar@redhat.com>
|
|
||||||
---
|
|
||||||
SSLeay.xs | 28 +++++++---------------------
|
|
||||||
lib/Net/SSLeay.pm | 22 +++++++++++++++-------
|
|
||||||
t/local/07_sslecho.t | 12 ++++++------
|
|
||||||
t/local/36_verify.t | 9 +++++----
|
|
||||||
4 files changed, 33 insertions(+), 38 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/SSLeay.xs b/SSLeay.xs
|
|
||||||
index 5aed4d7..7cb6eab 100644
|
|
||||||
--- a/SSLeay.xs
|
|
||||||
+++ b/SSLeay.xs
|
|
||||||
@@ -1997,19 +1997,13 @@ SSL_read(s,max=32768)
|
|
||||||
PREINIT:
|
|
||||||
char *buf;
|
|
||||||
int got;
|
|
||||||
+ int succeeded = 1;
|
|
||||||
PPCODE:
|
|
||||||
New(0, buf, max, char);
|
|
||||||
|
|
||||||
- do {
|
|
||||||
- int err;
|
|
||||||
-
|
|
||||||
- got = SSL_read(s, buf, max);
|
|
||||||
- if (got > 0)
|
|
||||||
- break;
|
|
||||||
- err = SSL_get_error(s, got);
|
|
||||||
- if (err != SSL_ERROR_WANT_READ && err != SSL_ERROR_WANT_WRITE)
|
|
||||||
- break;
|
|
||||||
- } while (1);
|
|
||||||
+ got = SSL_read(s, buf, max);
|
|
||||||
+ if (got <= 0 && SSL_ERROR_ZERO_RETURN != SSL_get_error(s, got))
|
|
||||||
+ succeeded = 0;
|
|
||||||
|
|
||||||
/* If in list context, return 2-item list:
|
|
||||||
* first return value: data gotten, or undef on error (got<0)
|
|
||||||
@@ -2017,13 +2011,13 @@ SSL_read(s,max=32768)
|
|
||||||
*/
|
|
||||||
if (GIMME_V==G_ARRAY) {
|
|
||||||
EXTEND(SP, 2);
|
|
||||||
- PUSHs(sv_2mortal(got>=0 ? newSVpvn(buf, got) : newSV(0)));
|
|
||||||
+ PUSHs(sv_2mortal(succeeded ? newSVpvn(buf, got) : newSV(0)));
|
|
||||||
PUSHs(sv_2mortal(newSViv(got)));
|
|
||||||
|
|
||||||
/* If in scalar or void context, return data gotten, or undef on error. */
|
|
||||||
} else {
|
|
||||||
EXTEND(SP, 1);
|
|
||||||
- PUSHs(sv_2mortal(got>=0 ? newSVpvn(buf, got) : newSV(0)));
|
|
||||||
+ PUSHs(sv_2mortal(succeeded ? newSVpvn(buf, got) : newSV(0)));
|
|
||||||
}
|
|
||||||
|
|
||||||
Safefree(buf);
|
|
||||||
@@ -2066,15 +2060,7 @@ SSL_write(s,buf)
|
|
||||||
INPUT:
|
|
||||||
char * buf = SvPV( ST(1), len);
|
|
||||||
CODE:
|
|
||||||
- do {
|
|
||||||
- ret = SSL_write (s, buf, (int)len);
|
|
||||||
- if (ret > 0)
|
|
||||||
- break;
|
|
||||||
- err = SSL_get_error(s, ret);
|
|
||||||
- if (err != SSL_ERROR_WANT_READ && err != SSL_ERROR_WANT_WRITE)
|
|
||||||
- break;
|
|
||||||
- } while (1);
|
|
||||||
- RETVAL = ret;
|
|
||||||
+ RETVAL = SSL_write (s, buf, (int)len);
|
|
||||||
OUTPUT:
|
|
||||||
RETVAL
|
|
||||||
|
|
||||||
diff --git a/lib/Net/SSLeay.pm b/lib/Net/SSLeay.pm
|
|
||||||
index 3adf12c..afc6c8f 100644
|
|
||||||
--- a/lib/Net/SSLeay.pm
|
|
||||||
+++ b/lib/Net/SSLeay.pm
|
|
||||||
@@ -579,14 +579,22 @@ sub debug_read {
|
|
||||||
sub ssl_read_all {
|
|
||||||
my ($ssl,$how_much) = @_;
|
|
||||||
$how_much = 2000000000 unless $how_much;
|
|
||||||
- my ($got, $errs);
|
|
||||||
+ my ($got, $rv, $errs);
|
|
||||||
my $reply = '';
|
|
||||||
|
|
||||||
while ($how_much > 0) {
|
|
||||||
- $got = Net::SSLeay::read($ssl,
|
|
||||||
+ ($got, $rv) = Net::SSLeay::read($ssl,
|
|
||||||
($how_much > 32768) ? 32768 : $how_much
|
|
||||||
);
|
|
||||||
- last if $errs = print_errs('SSL_read');
|
|
||||||
+ if (! defined $got) {
|
|
||||||
+ my $err = Net::SSLeay::get_error($ssl, $rv);
|
|
||||||
+ if ($err != Net::SSLeay::ERROR_WANT_READ() and
|
|
||||||
+ $err != Net::SSLeay::ERROR_WANT_WRITE()) {
|
|
||||||
+ $errs = print_errs('SSL_read');
|
|
||||||
+ last;
|
|
||||||
+ }
|
|
||||||
+ next;
|
|
||||||
+ }
|
|
||||||
$how_much -= blength($got);
|
|
||||||
debug_read(\$reply, \$got) if $trace>1;
|
|
||||||
last if $got eq ''; # EOF
|
|
||||||
@@ -839,14 +847,14 @@ sub ssl_read_until ($;$$) {
|
|
||||||
$found = index($match, $delim);
|
|
||||||
|
|
||||||
if ($found > -1) {
|
|
||||||
- #$got = Net::SSLeay::read($ssl, $found+$len_delim);
|
|
||||||
+ #$got = Net::SSLeay::ssl_read_all($ssl, $found+$len_delim);
|
|
||||||
#read up to the end of the delimiter
|
|
||||||
- $got = Net::SSLeay::read($ssl,
|
|
||||||
+ $got = Net::SSLeay::ssl_read_all($ssl,
|
|
||||||
$found + $len_delim
|
|
||||||
- ((blength($match)) - (blength($got))));
|
|
||||||
$done = 1;
|
|
||||||
} else {
|
|
||||||
- $got = Net::SSLeay::read($ssl, $peek_length);
|
|
||||||
+ $got = Net::SSLeay::ssl_read_all($ssl, $peek_length);
|
|
||||||
$done = 1 if ($peek_length == $max_length - blength($reply));
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -857,7 +865,7 @@ sub ssl_read_until ($;$$) {
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
while (!defined $max_length || length $reply < $max_length) {
|
|
||||||
- $got = Net::SSLeay::read($ssl,1); # one by one
|
|
||||||
+ $got = Net::SSLeay::ssl_read_all($ssl,1); # one by one
|
|
||||||
last if print_errs('SSL_read');
|
|
||||||
debug_read(\$reply, \$got) if $trace>1;
|
|
||||||
last if $got eq '';
|
|
||||||
diff --git a/t/local/07_sslecho.t b/t/local/07_sslecho.t
|
|
||||||
index 74e317a..7f19027 100644
|
|
||||||
--- a/t/local/07_sslecho.t
|
|
||||||
+++ b/t/local/07_sslecho.t
|
|
||||||
@@ -134,10 +134,10 @@ my @results;
|
|
||||||
|
|
||||||
push @results, [ Net::SSLeay::get_cipher($ssl), 'get_cipher' ];
|
|
||||||
|
|
||||||
- push @results, [ Net::SSLeay::write($ssl, $msg), 'write' ];
|
|
||||||
+ push @results, [ Net::SSLeay::ssl_write_all($ssl, $msg), 'write' ];
|
|
||||||
shutdown($s, 1);
|
|
||||||
|
|
||||||
- my ($got) = Net::SSLeay::read($ssl);
|
|
||||||
+ my $got = Net::SSLeay::ssl_read_all($ssl);
|
|
||||||
push @results, [ $got eq uc($msg), 'read' ];
|
|
||||||
|
|
||||||
Net::SSLeay::free($ssl);
|
|
||||||
@@ -177,7 +177,7 @@ my @results;
|
|
||||||
Net::SSLeay::set_fd($ssl, fileno($s));
|
|
||||||
Net::SSLeay::connect($ssl);
|
|
||||||
|
|
||||||
- Net::SSLeay::write($ssl, $msg);
|
|
||||||
+ Net::SSLeay::ssl_write_all($ssl, $msg);
|
|
||||||
|
|
||||||
shutdown $s, 2;
|
|
||||||
close $s;
|
|
||||||
@@ -231,15 +231,15 @@ my @results;
|
|
||||||
Net::SSLeay::set_fd($ssl3, $s3);
|
|
||||||
|
|
||||||
Net::SSLeay::connect($ssl1);
|
|
||||||
- Net::SSLeay::write($ssl1, $msg);
|
|
||||||
+ Net::SSLeay::ssl_write_all($ssl1, $msg);
|
|
||||||
shutdown $s1, 2;
|
|
||||||
|
|
||||||
Net::SSLeay::connect($ssl2);
|
|
||||||
- Net::SSLeay::write($ssl2, $msg);
|
|
||||||
+ Net::SSLeay::ssl_write_all($ssl2, $msg);
|
|
||||||
shutdown $s2, 2;
|
|
||||||
|
|
||||||
Net::SSLeay::connect($ssl3);
|
|
||||||
- Net::SSLeay::write($ssl3, $msg);
|
|
||||||
+ Net::SSLeay::ssl_write_all($ssl3, $msg);
|
|
||||||
shutdown $s3, 2;
|
|
||||||
|
|
||||||
close $s1;
|
|
||||||
diff --git a/t/local/36_verify.t b/t/local/36_verify.t
|
|
||||||
index 2837288..b04be13 100644
|
|
||||||
--- a/t/local/36_verify.t
|
|
||||||
+++ b/t/local/36_verify.t
|
|
||||||
@@ -252,8 +252,9 @@ sub client {
|
|
||||||
Net::SSLeay::set_fd($ssl, $cl);
|
|
||||||
Net::SSLeay::connect($ssl);
|
|
||||||
my $end = "end";
|
|
||||||
- Net::SSLeay::write($ssl, $end);
|
|
||||||
- ok($end eq Net::SSLeay::read($ssl), 'Successful termination');
|
|
||||||
+ Net::SSLeay::ssl_write_all($ssl, $end);
|
|
||||||
+ Net::SSLeay::shutdown($ssl);
|
|
||||||
+ ok($end eq Net::SSLeay::ssl_read_all($ssl), 'Successful termination');
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -291,10 +292,10 @@ sub run_server
|
|
||||||
next unless $ret == 1;
|
|
||||||
|
|
||||||
# Termination request or other message from client
|
|
||||||
- my $msg = Net::SSLeay::read($ssl);
|
|
||||||
+ my $msg = Net::SSLeay::ssl_read_all($ssl);
|
|
||||||
if (defined $msg and $msg eq 'end')
|
|
||||||
{
|
|
||||||
- Net::SSLeay::write($ssl, 'end');
|
|
||||||
+ Net::SSLeay::ssl_write_all($ssl, 'end');
|
|
||||||
exit (0);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
--
|
|
||||||
2.14.4
|
|
||||||
|
|
||||||
@ -1,70 +0,0 @@
|
|||||||
From 122c80853a9bd66f21699fc79a689b3028d00d3b Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
|
|
||||||
Date: Fri, 17 Aug 2018 13:08:44 +0200
|
|
||||||
Subject: [PATCH] Move SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE retry from
|
|
||||||
write_partial()
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
Original OpenSSL 1.1.1 fix broke IO-Socket-SSL-2.058's t/nonblock.t test
|
|
||||||
because it tests non-blocking socket operations and expects to see
|
|
||||||
SSL_ERROR_WANT_WRITE errors and to handle them byt itself.
|
|
||||||
|
|
||||||
This patch purifies Net::SSLeay::write_partial() to behave exactly as
|
|
||||||
underlying OpenSSL SSL_write() function. The retry is already
|
|
||||||
presented in Net::SSLeay::ssl_write_all().
|
|
||||||
|
|
||||||
All applications should implement the retry themsleves or use
|
|
||||||
ssl_*_all() instead.
|
|
||||||
|
|
||||||
Signed-off-by: Petr Písař <ppisar@redhat.com>
|
|
||||||
---
|
|
||||||
SSLeay.xs | 16 ++--------------
|
|
||||||
lib/Net/SSLeay.pod | 3 ++-
|
|
||||||
2 files changed, 4 insertions(+), 15 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/SSLeay.xs b/SSLeay.xs
|
|
||||||
index 7cb6eab..fc7677f 100644
|
|
||||||
--- a/SSLeay.xs
|
|
||||||
+++ b/SSLeay.xs
|
|
||||||
@@ -2089,20 +2089,8 @@ SSL_write_partial(s,from,count,buf)
|
|
||||||
if (len < 0) {
|
|
||||||
croak("from beyound end of buffer");
|
|
||||||
RETVAL = -1;
|
|
||||||
- } else {
|
|
||||||
- int ret;
|
|
||||||
- int err;
|
|
||||||
-
|
|
||||||
- do {
|
|
||||||
- ret = SSL_write (s, &(buf[from]), (count<=len)?count:len);
|
|
||||||
- if (ret > 0)
|
|
||||||
- break;
|
|
||||||
- err = SSL_get_error(s, ret);
|
|
||||||
- if (err != SSL_ERROR_WANT_READ && err != SSL_ERROR_WANT_WRITE)
|
|
||||||
- break;
|
|
||||||
- } while (1);
|
|
||||||
- RETVAL = ret;
|
|
||||||
- }
|
|
||||||
+ } else
|
|
||||||
+ RETVAL = SSL_write (s, &(buf[from]), (count<=len)?count:len);
|
|
||||||
OUTPUT:
|
|
||||||
RETVAL
|
|
||||||
|
|
||||||
diff --git a/lib/Net/SSLeay.pod b/lib/Net/SSLeay.pod
|
|
||||||
index bca7be4..8b5f738 100644
|
|
||||||
--- a/lib/Net/SSLeay.pod
|
|
||||||
+++ b/lib/Net/SSLeay.pod
|
|
||||||
@@ -4819,7 +4819,8 @@ Check openssl doc L<http://www.openssl.org/docs/ssl/SSL_write.html|http://www.op
|
|
||||||
|
|
||||||
B<NOTE:> Does not exactly correspond to any low level API function
|
|
||||||
|
|
||||||
-Writes a fragment of data in $data from the buffer $data into the specified $ssl connection.
|
|
||||||
+Writes a fragment of data in $data from the buffer $data into the specified
|
|
||||||
+$ssl connection. This is a non-blocking function like L<Net::SSLeay::write()>.
|
|
||||||
|
|
||||||
my $rv = Net::SSLeay::write_partial($ssl, $from, $count, $data);
|
|
||||||
# $ssl - value corresponding to openssl's SSL structure
|
|
||||||
--
|
|
||||||
2.14.4
|
|
||||||
|
|
||||||
@ -0,0 +1,37 @@
|
|||||||
|
diff -ru Net-SSLeay-1.90.orig/t/local/44_sess.t Net-SSLeay-1.90/t/local/44_sess.t
|
||||||
|
--- Net-SSLeay-1.90.orig/t/local/44_sess.t 2020-12-12 14:55:23.000000000 +0100
|
||||||
|
+++ Net-SSLeay-1.90/t/local/44_sess.t 2021-06-04 18:50:09.733150048 +0200
|
||||||
|
@@ -13,13 +13,13 @@
|
||||||
|
if (not can_fork()) {
|
||||||
|
plan skip_all => "fork() not supported on this system";
|
||||||
|
} else {
|
||||||
|
- plan tests => 58;
|
||||||
|
+ plan tests => 34;
|
||||||
|
}
|
||||||
|
|
||||||
|
initialise_libssl();
|
||||||
|
|
||||||
|
my @rounds = qw(
|
||||||
|
- TLSv1 TLSv1.1 TLSv1.2 TLSv1.3 TLSv1.3-num-tickets-ssl
|
||||||
|
+ TLSv1.2 TLSv1.3 TLSv1.3-num-tickets-ssl
|
||||||
|
TLSv1.3-num-tickets-ctx-6 TLSv1.3-num-tickets-ctx-0
|
||||||
|
);
|
||||||
|
|
||||||
|
diff -ru Net-SSLeay-1.90.orig/t/local/45_exporter.t Net-SSLeay-1.90/t/local/45_exporter.t
|
||||||
|
--- Net-SSLeay-1.90.orig/t/local/45_exporter.t 2020-12-12 14:55:23.000000000 +0100
|
||||||
|
+++ Net-SSLeay-1.90/t/local/45_exporter.t 2021-06-04 18:50:13.931192784 +0200
|
||||||
|
@@ -15,12 +15,12 @@
|
||||||
|
} elsif (!defined &Net::SSLeay::export_keying_material) {
|
||||||
|
plan skip_all => "No export_keying_material()";
|
||||||
|
} else {
|
||||||
|
- plan tests => 36;
|
||||||
|
+ plan tests => 18;
|
||||||
|
}
|
||||||
|
|
||||||
|
initialise_libssl();
|
||||||
|
|
||||||
|
-my @rounds = qw( TLSv1 TLSv1.1 TLSv1.2 TLSv1.3 );
|
||||||
|
+my @rounds = qw( TLSv1.2 TLSv1.3 );
|
||||||
|
|
||||||
|
my %usable =
|
||||||
|
map {
|
||||||
@ -0,0 +1,16 @@
|
|||||||
|
--- Makefile.PL
|
||||||
|
+++ Makefile.PL
|
||||||
|
@@ -209,7 +209,12 @@ EOM
|
||||||
|
@{ $opts->{lib_links} } = map { $_ =~ s/32\b//g } @{ $opts->{lib_links} } if $Config{use64bitall};
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
- push @{ $opts->{lib_links} }, qw( ssl crypto z );
|
||||||
|
+ if ( eval { require ExtUtils::PkgConfig; ExtUtils::PkgConfig->VERSION('1.16') } && ExtUtils::PkgConfig->exists('openssl') ) {
|
||||||
|
+ push @{ $opts->{lib_links} }, map { s/^-l//; $_ } split(' ', ExtUtils::PkgConfig->libs_only_l('openssl'));
|
||||||
|
+ }
|
||||||
|
+ else {
|
||||||
|
+ push @{ $opts->{lib_links} }, qw( ssl crypto z );
|
||||||
|
+ }
|
||||||
|
|
||||||
|
if (($Config{cc} =~ /aCC/i) && $^O eq 'hpux') {
|
||||||
|
print "*** Enabling HPUX aCC options (+e)\n";
|
||||||
Loading…
Reference in new issue