diff options
Diffstat (limited to '')
32 files changed, 1824 insertions, 0 deletions
diff --git a/tests/ocsp-tests/certs/ca.key b/tests/ocsp-tests/certs/ca.key new file mode 100644 index 0000000..3e6f5d8 --- /dev/null +++ b/tests/ocsp-tests/certs/ca.key @@ -0,0 +1,144 @@ +Public Key Info: + Public Key Algorithm: RSA + Key Security Level: Medium (2048 bits) + +modulus: + 00:a0:55:e9:3e:44:31:28:a3:31:fc:7f:7b:d3:24: + 6a:c1:f1:2e:2e:55:0e:fe:20:61:be:58:fe:7b:b1: + 8a:54:75:0a:90:91:83:a4:f0:9e:aa:6e:fe:d9:a4: + 8f:d5:d4:db:77:b0:66:e2:31:8d:bf:9e:3d:d3:87: + ec:09:a2:15:92:98:c5:9a:68:eb:ec:75:87:a1:82: + 06:a0:69:8e:78:96:37:5c:a0:b7:f9:8b:b3:a8:c0: + a4:90:25:18:e7:e0:ae:38:05:5b:38:3c:87:0b:20: + 9c:de:93:e6:09:f7:9c:54:bb:08:b8:45:90:94:5a: + bf:a0:ef:80:67:1f:46:74:86:42:ff:4e:fd:e1:99: + 0d:40:08:50:63:e8:bb:49:51:a6:23:8d:ef:b5:33: + 0d:19:af:10:d9:1e:eb:ee:b4:2c:1c:a0:25:90:f8: + ef:46:22:40:76:d4:e9:66:44:45:01:c4:ab:52:42: + 6e:1d:e2:5c:1d:52:b8:24:6a:7b:74:74:ef:92:3f: + bb:ff:b3:3a:40:f2:80:39:95:08:f4:18:aa:81:c9: + fb:70:27:7d:7a:63:b2:74:d3:8e:83:2e:a9:85:de: + d1:05:72:0a:0c:c0:78:58:1a:b7:25:d4:bb:14:af: + 3e:af:2b:55:35:58:bd:be:be:00:e5:c1:55:30:e2: + 76:9d: + +public exponent: + 01:00:01: + +private exponent: + 45:69:6b:f4:7c:e9:1b:42:ab:5d:38:83:8e:c0:f1: + 46:cc:f6:c5:30:25:b1:76:ab:5a:10:84:fb:5f:bd: + 17:1b:24:5b:b9:e3:58:00:a3:6f:fd:65:6f:2b:82: + e9:7b:a1:17:8b:d2:be:91:dd:5f:db:4d:c0:c9:d3: + 31:c8:6d:b6:6d:54:fe:a7:f5:9b:04:b6:97:01:07: + 85:62:ad:3f:1f:29:10:7c:b3:a8:e1:06:02:44:83: + f9:b3:55:b8:ec:d7:ff:80:b2:21:02:73:24:2a:16: + 3f:75:9f:dd:28:c9:11:15:77:8c:ee:f0:cc:89:0c: + f4:cb:3a:b7:6a:1e:c2:4a:be:38:97:c4:8a:e9:c6: + 63:12:6f:49:ab:6a:63:15:c2:3e:7a:d1:d9:55:cf: + 76:24:e7:f1:2b:f1:42:9c:bd:bd:c1:a4:bd:70:31: + 8e:7e:be:7d:2b:83:e7:ee:2e:50:36:3c:2a:db:d8: + df:4b:52:ce:d9:8e:ab:03:98:0f:8a:12:f2:01:2f: + bb:da:23:23:e4:fd:87:6e:ea:84:70:68:e1:55:8f: + 0c:14:99:ee:98:ff:09:9c:d4:11:b7:a1:fe:47:a2: + 5f:e7:d6:6f:06:25:cc:c0:b9:bf:01:08:1f:cb:36: + d5:fc:fb:be:e0:7f:54:9e:60:4c:f7:41:66:a1:12: + 31: + +prime1: + 00:cf:14:c8:cc:6d:58:82:10:47:f7:d2:4f:4f:d5: + db:ad:ef:17:97:94:b1:5d:4e:34:ee:97:9c:46:08: + 48:4c:d1:e6:e9:6f:7c:56:b2:2d:63:ba:c5:d1:29: + b5:61:c9:fe:96:6a:72:a7:ce:1a:45:90:96:28:0d: + 7e:02:7a:74:af:a8:50:d6:8e:d9:86:d1:a0:8d:d9: + 6e:7c:05:0b:cd:b4:84:84:78:3f:f2:e5:91:45:cb: + a8:04:3c:86:0a:d8:8f:49:31:74:fd:2b:3a:b8:ee: + da:e8:01:a7:e7:89:fa:b2:60:1b:de:a3:37:4d:98: + e8:a8:5f:0a:68:05:c4:5c:db: + +prime2: + 00:c6:36:30:e5:d1:3d:76:d2:b2:ef:40:67:77:ce: + d8:20:a9:6d:35:c4:1d:45:93:a3:ba:9e:03:d5:ce: + 9e:65:d1:ed:f1:52:0e:d9:7b:a9:f6:6e:cd:dd:ea: + c1:49:a9:47:24:98:7b:3f:f2:fc:cc:a6:65:06:b7: + f2:0a:00:71:31:e8:d0:2a:95:65:06:5b:12:44:8d: + 96:17:d2:42:31:c8:57:41:2d:37:24:57:14:0f:97: + a1:6f:f1:28:db:67:06:67:06:51:16:58:e8:c6:c8: + a7:4c:58:bc:68:69:de:1a:2c:e2:0b:3c:15:d5:28: + b4:90:e8:62:20:0a:81:17:e7: + +coefficient: + 4d:92:c6:fe:bb:a3:0d:d1:33:46:87:75:cb:33:6b: + 68:07:d9:3a:d0:48:9c:75:ee:ba:2c:73:c4:96:96: + 39:d9:b5:65:d2:20:8d:b9:6a:7f:39:a7:dd:44:ea: + 65:8b:fd:2b:dd:0d:08:13:92:c1:98:74:be:5e:cb: + e9:14:a4:d9:02:0b:ee:04:ed:de:34:eb:40:51:d6: + a4:7e:bf:ba:0f:ee:e6:2c:e8:0b:5b:e7:28:bd:2d: + a2:7a:8c:66:83:f6:d6:4c:9f:5d:9c:66:c5:26:1a: + 16:44:43:a9:2c:64:fd:3f:54:a2:14:22:81:e0:80: + 7f:46:5e:a4:8e:cd:8d:50: + +exp1: + 2e:1b:72:9a:11:be:a3:36:fc:cf:31:04:77:c2:26: + 27:94:14:ac:ab:6e:d2:57:97:71:88:50:43:47:94: + d1:85:ea:e4:0e:ee:a0:5f:0b:bc:28:d9:e2:b8:66: + aa:5f:4f:50:2e:63:58:f9:8a:df:f2:51:7c:99:84: + 75:08:ce:f2:4d:87:b2:3e:1c:30:e8:7b:d7:19:92: + 80:0a:9f:96:2d:9b:53:e3:72:59:a2:c3:b5:c6:a2: + a2:4e:d7:89:92:ae:54:9d:ae:6e:b0:31:62:fb:cb: + c1:dc:9c:85:f1:32:e0:84:85:b0:0c:a7:43:9f:c8: + 2d:b4:fb:9c:2d:ac:8b: + +exp2: + 4e:79:88:14:85:2a:1b:90:41:ed:bd:86:f9:85:38: + 46:7e:2d:d1:da:aa:68:30:92:e3:40:ca:6d:ed:17: + 03:63:01:1c:c9:0b:3e:09:da:f9:c9:56:d2:64:ae: + 50:16:a8:27:12:03:c2:06:d7:15:c3:4f:3e:40:b7: + a0:44:1a:8c:d3:0b:0f:c1:04:35:66:fb:2d:8f:0c: + fc:b3:6f:27:bc:94:e7:26:1a:ad:d5:98:08:b0:54: + e7:38:08:a0:0d:03:18:e9:04:53:9f:b1:d1:7a:01: + da:95:4b:4a:df:97:62:af:a0:73:28:3f:d0:9c:04: + 19:57:17:fa:6d:8e:3c:c3: + + +Public Key ID: 2D:D8:14:9A:16:D5:6D:FE:FB:B0:E0:DE:F1:F5:C5:23:0B:D3:62:BE +Public key's random art: ++--[ RSA 2048]----+ +| ..o. . | +| + .. o | +| + . o | +| . + . . | +| . S . . | +| . . .. | +| =.ooo+| +| o.+o+==| +| E+.o.+| ++-----------------+ + +-----BEGIN RSA PRIVATE KEY----- +MIIEoAIBAAKCAQEAoFXpPkQxKKMx/H970yRqwfEuLlUO/iBhvlj+e7GKVHUKkJGD +pPCeqm7+2aSP1dTbd7Bm4jGNv54904fsCaIVkpjFmmjr7HWHoYIGoGmOeJY3XKC3 ++YuzqMCkkCUY5+CuOAVbODyHCyCc3pPmCfecVLsIuEWQlFq/oO+AZx9GdIZC/079 +4ZkNQAhQY+i7SVGmI43vtTMNGa8Q2R7r7rQsHKAlkPjvRiJAdtTpZkRFAcSrUkJu +HeJcHVK4JGp7dHTvkj+7/7M6QPKAOZUI9Biqgcn7cCd9emOydNOOgy6phd7RBXIK +DMB4WBq3JdS7FK8+rytVNVi9vr4A5cFVMOJ2nQIDAQABAoIBAEVpa/R86RtCq104 +g47A8UbM9sUwJbF2q1oQhPtfvRcbJFu541gAo2/9ZW8rgul7oReL0r6R3V/bTcDJ +0zHIbbZtVP6n9ZsEtpcBB4VirT8fKRB8s6jhBgJEg/mzVbjs1/+AsiECcyQqFj91 +n90oyREVd4zu8MyJDPTLOrdqHsJKvjiXxIrpxmMSb0mramMVwj560dlVz3Yk5/Er +8UKcvb3BpL1wMY5+vn0rg+fuLlA2PCrb2N9LUs7ZjqsDmA+KEvIBL7vaIyPk/Ydu +6oRwaOFVjwwUme6Y/wmc1BG3of5Hol/n1m8GJczAub8BCB/LNtX8+77gf1SeYEz3 +QWahEjECgYEAzxTIzG1YghBH99JPT9Xbre8Xl5SxXU407pecRghITNHm6W98VrIt +Y7rF0Sm1Ycn+lmpyp84aRZCWKA1+Anp0r6hQ1o7ZhtGgjdlufAULzbSEhHg/8uWR +RcuoBDyGCtiPSTF0/Ss6uO7a6AGn54n6smAb3qM3TZjoqF8KaAXEXNsCgYEAxjYw +5dE9dtKy70Bnd87YIKltNcQdRZOjup4D1c6eZdHt8VIO2Xup9m7N3erBSalHJJh7 +P/L8zKZlBrfyCgBxMejQKpVlBlsSRI2WF9JCMchXQS03JFcUD5ehb/Eo22cGZwZR +FljoxsinTFi8aGneGiziCzwV1Si0kOhiIAqBF+cCfy4bcpoRvqM2/M8xBHfCJieU +FKyrbtJXl3GIUENHlNGF6uQO7qBfC7wo2eK4ZqpfT1AuY1j5it/yUXyZhHUIzvJN +h7I+HDDoe9cZkoAKn5Ytm1Pjclmiw7XGoqJO14mSrlSdrm6wMWL7y8HcnIXxMuCE +hbAMp0OfyC20+5wtrIsCgYBOeYgUhSobkEHtvYb5hThGfi3R2qpoMJLjQMpt7RcD +YwEcyQs+Cdr5yVbSZK5QFqgnEgPCBtcVw08+QLegRBqM0wsPwQQ1Zvstjwz8s28n +vJTnJhqt1ZgIsFTnOAigDQMY6QRTn7HRegHalUtK35dir6BzKD/QnAQZVxf6bY48 +wwKBgE2Sxv67ow3RM0aHdcsza2gH2TrQSJx17rosc8SWljnZtWXSII25an85p91E +6mWL/SvdDQgTksGYdL5ey+kUpNkCC+4E7d4060BR1qR+v7oP7uYs6Atb5yi9LaJ6 +jGaD9tZMn12cZsUmGhZEQ6ksZP0/VKIUIoHggH9GXqSOzY1Q +-----END RSA PRIVATE KEY----- diff --git a/tests/ocsp-tests/certs/ca.pem b/tests/ocsp-tests/certs/ca.pem new file mode 100644 index 0000000..2a5b006 --- /dev/null +++ b/tests/ocsp-tests/certs/ca.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC8DCCAdigAwIBAgIIVvMK4C5SmsswDQYJKoZIhvcNAQELBQAwHDEaMBgGA1UE +AxMRVGVzdGluZyBBdXRob3JpdHkwIhgPMjAxNjAzMjMyMTMwMTVaGA85OTk5MTIz +MTIzNTk1OVowHDEaMBgGA1UEAxMRVGVzdGluZyBBdXRob3JpdHkwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgVek+RDEoozH8f3vTJGrB8S4uVQ7+IGG+ +WP57sYpUdQqQkYOk8J6qbv7ZpI/V1Nt3sGbiMY2/nj3Th+wJohWSmMWaaOvsdYeh +ggagaY54ljdcoLf5i7OowKSQJRjn4K44BVs4PIcLIJzek+YJ95xUuwi4RZCUWr+g +74BnH0Z0hkL/Tv3hmQ1ACFBj6LtJUaYjje+1Mw0ZrxDZHuvutCwcoCWQ+O9GIkB2 +1OlmREUBxKtSQm4d4lwdUrgkant0dO+SP7v/szpA8oA5lQj0GKqByftwJ316Y7J0 +046DLqmF3tEFcgoMwHhYGrcl1LsUrz6vK1U1WL2+vgDlwVUw4nadAgMBAAGjMjAw +MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFC3YFJoW1W3++7Dg3vH1xSML02K+ +MA0GCSqGSIb3DQEBCwUAA4IBAQBhhfGrP9BMNaa60Cjikm1Qd56yCxew/XzsSiBF +BDqa7WBoI7735Khu8Q0ET0ryIlct19MGUKc8rQoL5I13kPELCCDJ62KY8uokQkZA +5bYt4lKses6Owe4mGhCHSisurgp+c/0T7YuViSHqr4N1qkzXjl41iCt2nOnETqlH +FJS8ctQLpDUWLr6VbM0LvRQ7PXnHQOWjrwb29FpVY2xFN+xFbqL3msgaYD9HNiO8 +btswJKGzXZ+yWDThiceMffFjJXAj9GVOztMMJPcv1PxcQEanxSMwwtiWp04ti8ch +3UMPIlgL2gZLG+7y3TJ59vaa17XyoXAly1RAsUibiNbMBxEw +-----END CERTIFICATE----- diff --git a/tests/ocsp-tests/certs/chain-akamai.com.pem b/tests/ocsp-tests/certs/chain-akamai.com.pem new file mode 100644 index 0000000..bcb506e --- /dev/null +++ b/tests/ocsp-tests/certs/chain-akamai.com.pem @@ -0,0 +1,54 @@ +-----BEGIN CERTIFICATE----- +MIIEujCCBGCgAwIBAgIQY7nsfv+YgzXxE9Z9L4ZNNTAKBggqhkjOPQQDAjCBgDEL +MAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYD +VQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMTEwLwYDVQQDEyhTeW1hbnRlYyBD +bGFzcyAzIEVDQyAyNTYgYml0IFNTTCBDQSAtIEcyMB4XDTE2MDcyODAwMDAwMFoX +DTE3MDcyODIzNTk1OVoweTELMAkGA1UEBhMCVVMxFjAUBgNVBAgMDU1hc3NhY2h1 +c2V0dHMxEjAQBgNVBAcMCUNhbWJyaWRnZTEiMCAGA1UECgwZQWthbWFpIFRlY2hu +b2xvZ2llcywgSW5jLjEaMBgGA1UEAwwRYTI0OC5lLmFrYW1haS5uZXQwWTATBgcq +hkjOPQIBBggqhkjOPQMBBwNCAAQCpvwTzWb1uqosqE52ItPukH6zYbx1GjvTx4Bg +HGulRdgt9psnHybLLv404jXSmt1KkitP6xmokBA4qb1HZnQro4ICwDCCArwwbgYD +VR0RBGcwZYIOKi5ha2FtYWloZC5uZXSCFiouYWthbWFpaGQtc3RhZ2luZy5uZXSC +FyouYWthbWFpemVkLXN0YWdpbmcubmV0gg8qLmFrYW1haXplZC5uZXSCEWEyNDgu +ZS5ha2FtYWkubmV0MAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMGEGA1UdIARa +MFgwVgYGZ4EMAQICMEwwIwYIKwYBBQUHAgEWF2h0dHBzOi8vZC5zeW1jYi5jb20v +Y3BzMCUGCCsGAQUFBwICMBkMF2h0dHBzOi8vZC5zeW1jYi5jb20vcnBhMCsGA1Ud +HwQkMCIwIKAeoByGGmh0dHA6Ly9yYy5zeW1jYi5jb20vcmMuY3JsMB0GA1UdJQQW +MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBQl8IrhS3rZAZUK7cZT +8Yx4H9nz+DBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9yYy5z +eW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9yYy5zeW1jYi5jb20vcmMuY3J0 +MIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHYA3esdK3oNT6Ygi4GtgWhwfi6OnQHV +XIiNPRHEzbbsvswAAAFWMxw8DAAABAMARzBFAiEA0jnhAc04ytMqwcpzdhepDolx +k4/Ly01z7TbzhrdEm68CIDBoqkfHeUf/Egy4Dc6WtF7d4Yaz6VQwtPZtE62nYobW +AHYApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFWMxw8aQAABAMA +RzBFAiEAtmv/WDAEkIzPoAmNg8rDB3hxjrqDE28O9ypcHfLfDKQCIAkexztlslo9 +vvg88draHLAFn6LehOKa+CDmG+7iBshSMAoGCCqGSM49BAMCA0gAMEUCIQCaLLx7 +OCmOUhNgoZX/s6pyGzE4p5dFiLJJm3u6dDw/jQIgS8vB1RZeveychMbXDPrx5y/W +HvfPyxlCkvHQR9TX15o= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEajCCA1KgAwIBAgIQP5KHvp0dpKN6nfYoLndaxDANBgkqhkiG9w0BAQsFADCB +yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL +ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp +U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW +ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0 +aG9yaXR5IC0gRzUwHhcNMTUwNTEyMDAwMDAwWhcNMjUwNTExMjM1OTU5WjCBgDEL +MAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYD +VQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMTEwLwYDVQQDEyhTeW1hbnRlYyBD +bGFzcyAzIEVDQyAyNTYgYml0IFNTTCBDQSAtIEcyMFkwEwYHKoZIzj0CAQYIKoZI +zj0DAQcDQgAEDxukkdfnrOfRTk63ZFvhj39uBNOrONtEt0Bcbb2WljffeYmGZ/ex +Hwie/WM7RoyfvVPoFdyXPiuBRq2Gfw4BOaOCAV0wggFZMC4GCCsGAQUFBwEBBCIw +IDAeBggrBgEFBQcwAYYSaHR0cDovL3Muc3ltY2QuY29tMBIGA1UdEwEB/wQIMAYB +Af8CAQAwZQYDVR0gBF4wXDBaBgpghkgBhvhFAQc2MEwwIwYIKwYBBQUHAgEWF2h0 +dHBzOi8vZC5zeW1jYi5jb20vY3BzMCUGCCsGAQUFBwICMBkaF2h0dHBzOi8vZC5z +eW1jYi5jb20vcnBhMC8GA1UdHwQoMCYwJKAioCCGHmh0dHA6Ly9zLnN5bWNiLmNv +bS9wY2EzLWc1LmNybDAOBgNVHQ8BAf8EBAMCAQYwKwYDVR0RBCQwIqQgMB4xHDAa +BgNVBAMTE1NZTUMtRUNDLUNBLXAyNTYtMjIwHQYDVR0OBBYEFCXwiuFLetkBlQrt +xlPxjHgf2fP4MB8GA1UdIwQYMBaAFH/TZafC3ey78DAJ80M5+gKvMzEzMA0GCSqG +SIb3DQEBCwUAA4IBAQAMMGUXBaWTdaLxsTGtcB/naqjIQrLvoV9NG+7MoHpGd/69 +dZ/h2zOy7sGFUHoG/0HGRA9rxT/5w5GkEVIVkxtWyIWWq6rs4CTZt8Bej/KHYRbo +jtEDUkCTZSTLiCvguPyvinXgxy+LHT+PmdtEfXsvcdbeBSWUYpOsDYvD2hNtz9dw +Od5nBosMApmdxt+z7LQyZu8wMnfI1U6IMO+RWowxZ8uy0oswdFYd32l9xe+aAE/k +y9alLu/M9pvxiUKufqHJRgDBKA6uDjHLMPX+/nxXaNCPX3SI4KVZ1stHQ/U5oNlM +dHN9umAvlU313g0IgJrjsQ2nIdf9dsdP+6lrmP7s +-----END CERTIFICATE----- diff --git a/tests/ocsp-tests/certs/chain-amazon.com-unsorted.pem b/tests/ocsp-tests/certs/chain-amazon.com-unsorted.pem new file mode 100644 index 0000000..fc3818b --- /dev/null +++ b/tests/ocsp-tests/certs/chain-amazon.com-unsorted.pem @@ -0,0 +1,90 @@ +-----BEGIN CERTIFICATE----- +MIIGmzCCBYOgAwIBAgIQHUq9qnjQmv55nUG863p2YjANBgkqhkiG9w0BAQsFADB+ +MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd +BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVj +IENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MB4XDTE2MTAzMTAwMDAwMFoX +DTE3MTIzMTIzNTk1OVowaDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0 +b24xEDAOBgNVBAcMB1NlYXR0bGUxGTAXBgNVBAoMEEFtYXpvbi5jb20sIEluYy4x +FzAVBgNVBAMMDnd3dy5hbWF6b24uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAwlooZ3Wf+B8c1nTZj/14wCPIjyhcOV5ytEZQDbtftWixOxTpG2Sl +k2GI1pztESpopBmbY/haM5YNWDYDHr01AQvzAqwsNyz5sX4rytkIEWI92DomKbvx +QKry0m0Zuj9MzabZb2vHb0dbWwUl2yXn5nlfHJSfmD0TS3UFNaQzXExFnlKU/i7V +omLEB/O9OtfJ0V2XZzbzOx3RfvTy5wmn4AxCC7nGRklNBKVa+npRl0zj+loyCaM+ +AF5YV9ZbURIuxYiZOW3u2a66VzYwCRa2EdtIbPALO/dSrFNAuaAhKqpFN0OB42d1 +6IWUOKiMiHDJL512YAJJBmfQPI7fVQtXJwIDAQABo4IDKTCCAyUwgdQGA1UdEQSB +zDCByYIKYW1hem9uLmNvbYIIYW16bi5jb22CEXVlZGF0YS5hbWF6b24uY29tgg11 +cy5hbWF6b24uY29tgg53d3cuYW1hem9uLmNvbYIMd3d3LmFtem4uY29tghRjb3Jw +b3JhdGUuYW1hem9uLmNvbYIRYnV5Ym94LmFtYXpvbi5jb22CEWlwaG9uZS5hbWF6 +b24uY29tgg15cC5hbWF6b24uY29tgg9ob21lLmFtYXpvbi5jb22CFW9yaWdpbi13 +d3cuYW1hem9uLmNvbTAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUE +FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAj +BggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIw +GQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RD +FIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNv +bS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Mu +c3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNy +dDCCAQYGCisGAQQB1nkCBAIEgfcEgfQA8gB3AN3rHSt6DU+mIIuBrYFocH4ujp0B +1VyIjT0RxM227L7MAAABWBifyfEAAAQDAEgwRgIhAOnxZYIIOlu0L1nvY3+yk8Ay +gYzt3RsoZD1Wcs5Tl+W/AiEArj03tMyYoSa1I25zrqujXDQp5GnMXoI0MHAXINWc +EV0AdwBo9pj4H2SCvjqM7rkoHUz8cVFdZ5PURNEKZ6y7T0/7xAAAAVgYn8oaAAAE +AwBIMEYCIQDRlQQ8KC2R/bvOeWJr0FGedxbjE4OglejZEYKSCHekRQIhALbGyJPw +AagwlRnFD5iqE1ZzSTO6uadnKEazPJcW2sRnMA0GCSqGSIb3DQEBCwUAA4IBAQA6 +5KlsAxxtgfs05qV0ywTqM6qGzBkMIgJzJpCh9OR+X+STrfjphnLQlOwIuHxiF0oV +phsf9oYW6TYQimBIKoFpP94WbG2ojsr39YJ6kiDhudt3ef24QnZ3AtnXM5OLVv46 +iwZst4TwdwO3/Ialn7ql3sVX7+13yscEXfwfMT0JI1yzl+vZ8tR6bc5X9HqwjuAD +JelImPs/TxshDt3JRhbUuKcFxjaEcEtRqoGemgZgEpRnifUSBvnl01IVzb71DGWu +Bpx0qrpruMAUU1lOJrg/rwQMSXC2lSZDiDn1cjK0z+XLi7x86N/7jW6zKh5RjSgr +r6H7ZhiwtwpJzLsjT1CX +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDhDCCAwqgAwIBAgIQL4D+I4wOIg9IZxIokYesszAKBggqhkjOPQQDAzCByjEL +MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW +ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2ln +biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp +U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y +aXR5IC0gRzQwHhcNMDcxMTA1MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCByjELMAkG +A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJp +U2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2lnbiwg +SW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2ln +biBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5 +IC0gRzQwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASnVnp8Utpkmw4tXNherJI9/gHm +GUo9FANL+mAnINmDiWn6VMaaGF5VKmTeBvaNSjutEDxlPZCIBIngMGGzrl0Bp3ve +fLK+ymVhAIau2o970ImtTR1ZmkGxvEeA3J5iw/mjgbIwga8wDwYDVR0TAQH/BAUw +AwEB/zAOBgNVHQ8BAf8EBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJ +aW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYj +aHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFLMW +kf3upm7ktS5Jj4d4gYDs5bG1MAoGCCqGSM49BAMDA2gAMGUCMGYhDBgmYFo4e1ZC +4Kf8NoRRkSAsdk1DPcQdhCPQrNZ8NQbOzWm9kA3bbEhCHQ6qQgIxAJw9SDkjOVga +FRJZap7v1VmyHVIsmXHNxynfGyphe3HR3vPA5Q06Sqotp9iGKt0uEA== +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIFODCCBCCgAwIBAgIQUT+5dDhwtzRAQY0wkwaZ/zANBgkqhkiG9w0BAQsFADCB +yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL +ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp +U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW +ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0 +aG9yaXR5IC0gRzUwHhcNMTMxMDMxMDAwMDAwWhcNMjMxMDMwMjM1OTU5WjB+MQsw +CQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNV +BAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVjIENs +YXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAstgFyhx0LbUXVjnFSlIJluhL2AzxaJ+aQihiw6UwU35VEYJb +A3oNL+F5BMm0lncZgQGUWfm893qZJ4Itt4PdWid/sgN6nFMl6UgfRk/InSn4vnlW +9vf92Tpo2otLgjNBEsPIPMzWlnqEIRoiBAMnF4scaGGTDw5RgDMdtLXO637QYqzu +s3sBdO9pNevK1T2p7peYyo2qRA4lmUoVlqTObQJUHypqJuIGOmNIrLRM0XWTUP8T +L9ba4cYY9Z/JJV3zADreJk20KQnNDz0jbxZKgRb78oMQw7jW2FUyPfG9D72MUpVK +Fpd6UiFjdS8W+cRmvvW1Cdj/JwDNRHxvSz+w9wIDAQABo4IBYzCCAV8wEgYDVR0T +AQH/BAgwBgEB/wIBADAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vczEuc3ltY2Iu +Y29tL3BjYTMtZzUuY3JsMA4GA1UdDwEB/wQEAwIBBjAvBggrBgEFBQcBAQQjMCEw +HwYIKwYBBQUHMAGGE2h0dHA6Ly9zMi5zeW1jYi5jb20wawYDVR0gBGQwYjBgBgpg +hkgBhvhFAQc2MFIwJgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20v +Y3BzMCgGCCsGAQUFBwICMBwaGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20vcnBhMCkG +A1UdEQQiMCCkHjAcMRowGAYDVQQDExFTeW1hbnRlY1BLSS0xLTUzNDAdBgNVHQ4E +FgQUX2DPYZBV34RDFIpgKrL1evRDGO8wHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnz +Qzn6Aq8zMTMwDQYJKoZIhvcNAQELBQADggEBAF6UVkndji1l9cE2UbYD49qecxny +H1mrWH5sJgUs+oHXXCMXIiw3k/eG7IXmsKP9H+IyqEVv4dn7ua/ScKAyQmW/hP4W +Ko8/xabWo5N9Q+l0IZE1KPRj6S7t9/Vcf0uatSDpCr3gRRAMFJSaXaXjS5HoJJtG +QGX0InLNmfiIEfXzf+YzguaoxX7+0AjiJVgIcWjmzaLmFN5OUiQt/eV5E1PnXi8t +TRttQBVSK/eHiXgSgW7ZTaoteNTCLD0IX4eRnh8OsN4wUmSGiaqdZpwOdgyA8nTY +Kvi4Os7X1g8RvmurFPW9QaAiY4nxug9vKWNmLT+sjHLF+8fk1A/yO0+MKcc= +-----END CERTIFICATE----- diff --git a/tests/ocsp-tests/certs/chain-amazon.com.pem b/tests/ocsp-tests/certs/chain-amazon.com.pem new file mode 100644 index 0000000..970f695 --- /dev/null +++ b/tests/ocsp-tests/certs/chain-amazon.com.pem @@ -0,0 +1,68 @@ +-----BEGIN CERTIFICATE----- +MIIGmzCCBYOgAwIBAgIQHUq9qnjQmv55nUG863p2YjANBgkqhkiG9w0BAQsFADB+ +MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd +BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVj +IENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MB4XDTE2MTAzMTAwMDAwMFoX +DTE3MTIzMTIzNTk1OVowaDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0 +b24xEDAOBgNVBAcMB1NlYXR0bGUxGTAXBgNVBAoMEEFtYXpvbi5jb20sIEluYy4x +FzAVBgNVBAMMDnd3dy5hbWF6b24uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAwlooZ3Wf+B8c1nTZj/14wCPIjyhcOV5ytEZQDbtftWixOxTpG2Sl +k2GI1pztESpopBmbY/haM5YNWDYDHr01AQvzAqwsNyz5sX4rytkIEWI92DomKbvx +QKry0m0Zuj9MzabZb2vHb0dbWwUl2yXn5nlfHJSfmD0TS3UFNaQzXExFnlKU/i7V +omLEB/O9OtfJ0V2XZzbzOx3RfvTy5wmn4AxCC7nGRklNBKVa+npRl0zj+loyCaM+ +AF5YV9ZbURIuxYiZOW3u2a66VzYwCRa2EdtIbPALO/dSrFNAuaAhKqpFN0OB42d1 +6IWUOKiMiHDJL512YAJJBmfQPI7fVQtXJwIDAQABo4IDKTCCAyUwgdQGA1UdEQSB +zDCByYIKYW1hem9uLmNvbYIIYW16bi5jb22CEXVlZGF0YS5hbWF6b24uY29tgg11 +cy5hbWF6b24uY29tgg53d3cuYW1hem9uLmNvbYIMd3d3LmFtem4uY29tghRjb3Jw +b3JhdGUuYW1hem9uLmNvbYIRYnV5Ym94LmFtYXpvbi5jb22CEWlwaG9uZS5hbWF6 +b24uY29tgg15cC5hbWF6b24uY29tgg9ob21lLmFtYXpvbi5jb22CFW9yaWdpbi13 +d3cuYW1hem9uLmNvbTAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUE +FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAj +BggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIw +GQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RD +FIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNv +bS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Mu +c3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNy +dDCCAQYGCisGAQQB1nkCBAIEgfcEgfQA8gB3AN3rHSt6DU+mIIuBrYFocH4ujp0B +1VyIjT0RxM227L7MAAABWBifyfEAAAQDAEgwRgIhAOnxZYIIOlu0L1nvY3+yk8Ay +gYzt3RsoZD1Wcs5Tl+W/AiEArj03tMyYoSa1I25zrqujXDQp5GnMXoI0MHAXINWc +EV0AdwBo9pj4H2SCvjqM7rkoHUz8cVFdZ5PURNEKZ6y7T0/7xAAAAVgYn8oaAAAE +AwBIMEYCIQDRlQQ8KC2R/bvOeWJr0FGedxbjE4OglejZEYKSCHekRQIhALbGyJPw +AagwlRnFD5iqE1ZzSTO6uadnKEazPJcW2sRnMA0GCSqGSIb3DQEBCwUAA4IBAQA6 +5KlsAxxtgfs05qV0ywTqM6qGzBkMIgJzJpCh9OR+X+STrfjphnLQlOwIuHxiF0oV +phsf9oYW6TYQimBIKoFpP94WbG2ojsr39YJ6kiDhudt3ef24QnZ3AtnXM5OLVv46 +iwZst4TwdwO3/Ialn7ql3sVX7+13yscEXfwfMT0JI1yzl+vZ8tR6bc5X9HqwjuAD +JelImPs/TxshDt3JRhbUuKcFxjaEcEtRqoGemgZgEpRnifUSBvnl01IVzb71DGWu +Bpx0qrpruMAUU1lOJrg/rwQMSXC2lSZDiDn1cjK0z+XLi7x86N/7jW6zKh5RjSgr +r6H7ZhiwtwpJzLsjT1CX +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFODCCBCCgAwIBAgIQUT+5dDhwtzRAQY0wkwaZ/zANBgkqhkiG9w0BAQsFADCB +yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL +ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp +U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW +ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0 +aG9yaXR5IC0gRzUwHhcNMTMxMDMxMDAwMDAwWhcNMjMxMDMwMjM1OTU5WjB+MQsw +CQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNV +BAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVjIENs +YXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAstgFyhx0LbUXVjnFSlIJluhL2AzxaJ+aQihiw6UwU35VEYJb +A3oNL+F5BMm0lncZgQGUWfm893qZJ4Itt4PdWid/sgN6nFMl6UgfRk/InSn4vnlW +9vf92Tpo2otLgjNBEsPIPMzWlnqEIRoiBAMnF4scaGGTDw5RgDMdtLXO637QYqzu +s3sBdO9pNevK1T2p7peYyo2qRA4lmUoVlqTObQJUHypqJuIGOmNIrLRM0XWTUP8T +L9ba4cYY9Z/JJV3zADreJk20KQnNDz0jbxZKgRb78oMQw7jW2FUyPfG9D72MUpVK +Fpd6UiFjdS8W+cRmvvW1Cdj/JwDNRHxvSz+w9wIDAQABo4IBYzCCAV8wEgYDVR0T +AQH/BAgwBgEB/wIBADAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vczEuc3ltY2Iu +Y29tL3BjYTMtZzUuY3JsMA4GA1UdDwEB/wQEAwIBBjAvBggrBgEFBQcBAQQjMCEw +HwYIKwYBBQUHMAGGE2h0dHA6Ly9zMi5zeW1jYi5jb20wawYDVR0gBGQwYjBgBgpg +hkgBhvhFAQc2MFIwJgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20v +Y3BzMCgGCCsGAQUFBwICMBwaGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20vcnBhMCkG +A1UdEQQiMCCkHjAcMRowGAYDVQQDExFTeW1hbnRlY1BLSS0xLTUzNDAdBgNVHQ4E +FgQUX2DPYZBV34RDFIpgKrL1evRDGO8wHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnz +Qzn6Aq8zMTMwDQYJKoZIhvcNAQELBQADggEBAF6UVkndji1l9cE2UbYD49qecxny +H1mrWH5sJgUs+oHXXCMXIiw3k/eG7IXmsKP9H+IyqEVv4dn7ua/ScKAyQmW/hP4W +Ko8/xabWo5N9Q+l0IZE1KPRj6S7t9/Vcf0uatSDpCr3gRRAMFJSaXaXjS5HoJJtG +QGX0InLNmfiIEfXzf+YzguaoxX7+0AjiJVgIcWjmzaLmFN5OUiQt/eV5E1PnXi8t +TRttQBVSK/eHiXgSgW7ZTaoteNTCLD0IX4eRnh8OsN4wUmSGiaqdZpwOdgyA8nTY +Kvi4Os7X1g8RvmurFPW9QaAiY4nxug9vKWNmLT+sjHLF+8fk1A/yO0+MKcc= +-----END CERTIFICATE----- diff --git a/tests/ocsp-tests/certs/ocsp-akamai.com.der b/tests/ocsp-tests/certs/ocsp-akamai.com.der Binary files differnew file mode 100644 index 0000000..0687207 --- /dev/null +++ b/tests/ocsp-tests/certs/ocsp-akamai.com.der diff --git a/tests/ocsp-tests/certs/ocsp-amazon.com.der b/tests/ocsp-tests/certs/ocsp-amazon.com.der Binary files differnew file mode 100644 index 0000000..71f8f8f --- /dev/null +++ b/tests/ocsp-tests/certs/ocsp-amazon.com.der diff --git a/tests/ocsp-tests/certs/ocsp-server.key b/tests/ocsp-tests/certs/ocsp-server.key new file mode 100644 index 0000000..3092de2 --- /dev/null +++ b/tests/ocsp-tests/certs/ocsp-server.key @@ -0,0 +1,144 @@ +Public Key Info: + Public Key Algorithm: RSA + Key Security Level: Medium (2048 bits) + +modulus: + 00:d3:02:64:0a:0d:62:25:6e:e1:f4:ec:6d:f0:84: + dc:45:38:6e:5e:eb:24:2b:8c:a9:92:81:11:51:d9: + e3:44:cf:6d:5c:3f:d1:b2:12:16:7b:3e:ee:b2:b9: + 95:ac:d3:62:fb:d2:b9:32:75:74:26:47:9a:7c:16: + af:df:c9:93:9e:17:2e:b8:9e:67:25:61:f5:f3:cf: + eb:08:1e:77:71:fe:ac:2f:23:78:10:18:aa:0c:e3: + 2e:3a:79:f5:11:76:16:37:0f:b6:3e:9b:b5:fb:07: + 2d:b1:ef:08:d8:c6:78:e8:5d:97:a4:f0:c7:4f:cc: + 31:80:04:be:b5:da:d9:19:40:73:fd:5b:14:3e:93: + 6d:20:4e:cc:7a:cd:82:94:06:0c:45:3f:ce:33:af: + b1:22:55:2d:f7:5e:83:38:1d:bf:73:5a:61:c2:73: + d4:1d:c2:6d:66:5f:1d:b9:0e:9e:a8:39:1f:7b:a1: + 04:bf:49:af:a9:04:cf:a1:81:ff:1b:81:48:16:77: + 51:97:28:e6:b5:73:c4:56:02:c2:47:fc:59:a4:4d: + 39:0a:31:d0:d3:70:19:3a:20:2b:33:fa:97:f9:8c: + 16:5e:da:ad:86:c6:af:06:87:f8:ec:93:9e:18:d0: + a0:c1:91:ce:ab:09:89:ec:47:3d:4e:5a:64:18:73: + d4:95: + +public exponent: + 01:00:01: + +private exponent: + 00:95:9c:e8:59:c8:4b:82:c7:30:27:7d:4c:26:71: + cd:cc:b6:ca:6b:3a:c6:96:aa:51:c1:b3:0a:18:c3: + 29:45:ac:dd:99:bf:16:6b:f0:2f:48:8b:c2:ab:ae: + b2:d5:ab:bc:4f:59:86:3e:a4:d1:0a:23:53:02:11: + 03:fa:e4:ee:69:f5:7e:07:21:29:79:74:0f:f4:23: + c4:3e:29:7b:ff:b3:d7:5a:45:07:e8:41:d4:b0:f6: + 93:dc:9a:84:8d:30:f1:67:71:18:83:23:dc:d0:74: + b2:8d:ab:32:d6:a1:43:31:5e:cb:1b:04:2e:0e:02: + 76:46:93:16:b5:d2:ca:83:ff:c8:5a:c4:b0:dd:1a: + fa:8b:4c:3e:7e:50:ad:6f:87:4f:56:46:09:8a:33: + 0f:16:ff:c0:e0:ce:8c:a4:78:27:f4:9b:f2:9c:44: + a0:0d:33:42:07:16:1e:7f:4c:d8:79:54:d6:ce:24: + f0:bc:85:67:97:04:7c:43:f3:89:60:41:91:14:b5: + eb:e7:7d:71:3a:ac:73:eb:4c:1b:ee:1e:c2:91:47: + 4e:be:a5:af:94:bc:97:a5:67:61:f6:8c:a6:e9:4f: + 46:dd:f6:a7:4d:df:ea:25:58:1b:d7:e8:43:e8:13: + f6:a1:94:2d:85:8d:df:ee:38:85:fd:2a:5c:1e:c8: + 68:01: + +prime1: + 00:d4:b0:87:a1:7f:b7:8c:ef:99:fb:5d:d7:e4:0a: + 62:78:aa:00:46:dc:01:6d:aa:fc:22:a0:0a:76:54: + d1:ea:3b:54:69:7c:ed:39:64:3d:14:13:48:9c:a5: + 60:66:9f:d0:7e:8c:09:34:23:c7:60:16:58:c6:dd: + 60:05:3c:07:e4:80:b8:17:c9:10:5d:a1:1d:74:b7: + 61:b4:42:24:04:73:a3:c4:ed:72:47:58:86:c6:ef: + 59:af:79:77:02:2e:c1:62:1e:db:c3:6e:67:05:ca: + 70:10:b2:88:9a:23:6c:c8:5d:4e:af:e8:a6:c9:89: + 39:97:21:23:99:bf:e4:94:81: + +prime2: + 00:fd:fa:45:55:f4:ac:5d:da:54:49:4f:1e:96:3a: + 8b:95:bc:3a:bf:6c:ad:a9:54:94:90:e6:fd:10:49: + 74:2e:00:18:43:b9:55:2c:a4:37:19:d8:95:d2:c7: + f1:b2:47:c1:c4:27:f6:d7:d9:76:df:89:43:0e:34: + f0:84:ba:26:5e:97:94:de:30:db:55:ee:83:51:51: + 5e:4f:59:6a:52:69:ca:ed:58:e7:eb:00:46:c1:3c: + 58:be:82:d5:c0:77:64:9b:73:af:77:1a:de:3d:56: + 15:90:90:94:97:67:6e:35:aa:14:b7:43:fc:9a:76: + 17:2a:f5:d5:7d:ce:68:a6:15: + +coefficient: + 36:6e:b8:49:6c:ae:c6:be:21:a2:69:b9:35:af:ff: + 43:90:70:1c:6b:c2:b5:cd:dc:29:dc:5b:bf:50:f3: + d0:63:43:be:bc:5d:f8:9b:64:3c:6e:6e:6b:ee:78: + 48:7a:06:6c:15:85:db:90:e1:bb:ca:ad:23:fd:33: + 04:eb:89:d2:29:c1:c2:4c:69:80:42:c3:6d:9c:e5: + e4:10:f7:4f:f0:68:3b:fb:7e:e6:3d:4c:26:fc:28: + d2:27:f5:43:70:1f:e7:93:ce:58:7b:d5:c0:fc:bf: + 31:4f:52:ff:37:de:f8:f7:f8:1a:42:44:5f:d3:b1: + 02:ed:2d:07:5a:4a:e0:da: + +exp1: + 00:ae:cb:35:6c:40:6e:34:e1:65:06:f4:24:cd:40: + cb:94:a7:01:fb:3a:2b:e2:59:37:45:ad:89:6b:9e: + 61:b5:c2:74:a9:0d:06:58:b8:4c:8a:07:1f:11:bd: + c7:f0:0f:3f:66:00:e8:3f:75:78:11:3b:cc:52:02: + f5:3a:d8:0f:14:77:c4:d3:a7:66:4f:cc:6d:4c:d2: + b8:f5:4f:b6:12:02:87:80:fc:33:82:f6:fa:2c:db: + e0:35:19:f9:f8:4d:3c:98:cb:0b:89:1d:5e:85:9f: + cd:61:ab:98:20:35:24:dd:b5:f1:49:18:46:9a:32: + b0:a5:c7:92:5e:75:1a:02:01: + +exp2: + 2e:09:f8:17:a4:ca:ba:18:a1:be:c8:40:db:2a:b1: + b2:ea:f4:1b:4f:30:0b:c9:f1:44:73:1a:dc:a0:f4: + 16:82:9d:e3:68:ed:2f:b2:74:ea:92:80:56:3d:38: + 6b:00:e6:f7:0f:e7:87:29:3c:8b:38:ee:96:dc:b1: + dc:dd:81:a7:14:03:40:63:ca:de:c0:e5:bd:0f:ea: + f0:a7:5c:c6:a3:b6:cd:5f:98:6a:d9:19:fa:5d:5e: + 18:ea:ce:a4:9c:ff:f7:cd:f8:b8:b6:7e:22:d0:40: + 08:7c:ac:f2:e5:24:ed:45:6f:8b:e9:1f:19:40:de: + e2:42:bd:f8:98:3a:10:21: + + +Public Key ID: E7:3E:A1:70:15:01:A8:DA:F2:70:43:EF:4C:C8:87:1A:C3:98:74:3D +Public key's random art: ++--[ RSA 2048]----+ +| ..... | +| . . | +| .. . | +| . .oE . | +|.+.= +. S.. | +|o B B = .o. | +| O * o ... | +| . . o ... | +| .. | ++-----------------+ + +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA0wJkCg1iJW7h9Oxt8ITcRThuXuskK4ypkoERUdnjRM9tXD/R +shIWez7usrmVrNNi+9K5MnV0JkeafBav38mTnhcuuJ5nJWH188/rCB53cf6sLyN4 +EBiqDOMuOnn1EXYWNw+2Ppu1+wctse8I2MZ46F2XpPDHT8wxgAS+tdrZGUBz/VsU +PpNtIE7Mes2ClAYMRT/OM6+xIlUt916DOB2/c1phwnPUHcJtZl8duQ6eqDkfe6EE +v0mvqQTPoYH/G4FIFndRlyjmtXPEVgLCR/xZpE05CjHQ03AZOiArM/qX+YwWXtqt +hsavBof47JOeGNCgwZHOqwmJ7Ec9TlpkGHPUlQIDAQABAoIBAQCVnOhZyEuCxzAn +fUwmcc3MtsprOsaWqlHBswoYwylFrN2ZvxZr8C9Ii8KrrrLVq7xPWYY+pNEKI1MC +EQP65O5p9X4HISl5dA/0I8Q+KXv/s9daRQfoQdSw9pPcmoSNMPFncRiDI9zQdLKN +qzLWoUMxXssbBC4OAnZGkxa10sqD/8haxLDdGvqLTD5+UK1vh09WRgmKMw8W/8Dg +zoykeCf0m/KcRKANM0IHFh5/TNh5VNbOJPC8hWeXBHxD84lgQZEUtevnfXE6rHPr +TBvuHsKRR06+pa+UvJelZ2H2jKbpT0bd9qdN3+olWBvX6EPoE/ahlC2Fjd/uOIX9 +KlweyGgBAoGBANSwh6F/t4zvmftd1+QKYniqAEbcAW2q/CKgCnZU0eo7VGl87Tlk +PRQTSJylYGaf0H6MCTQjx2AWWMbdYAU8B+SAuBfJEF2hHXS3YbRCJARzo8TtckdY +hsbvWa95dwIuwWIe28NuZwXKcBCyiJojbMhdTq/opsmJOZchI5m/5JSBAoGBAP36 +RVX0rF3aVElPHpY6i5W8Or9sralUlJDm/RBJdC4AGEO5VSykNxnYldLH8bJHwcQn +9tfZdt+JQw408IS6Jl6XlN4w21Xug1FRXk9ZalJpyu1Y5+sARsE8WL6C1cB3ZJtz +r3ca3j1WFZCQlJdnbjWqFLdD/Jp2Fyr11X3OaKYVAoGBAK7LNWxAbjThZQb0JM1A +y5SnAfs6K+JZN0WtiWueYbXCdKkNBli4TIoHHxG9x/APP2YA6D91eBE7zFIC9TrY +DxR3xNOnZk/MbUzSuPVPthICh4D8M4L2+izb4DUZ+fhNPJjLC4kdXoWfzWGrmCA1 +JN218UkYRpoysKXHkl51GgIBAoGALgn4F6TKuhihvshA2yqxsur0G08wC8nxRHMa +3KD0FoKd42jtL7J06pKAVj04awDm9w/nhyk8izjultyx3N2BpxQDQGPK3sDlvQ/q +8KdcxqO2zV+YatkZ+l1eGOrOpJz/9834uLZ+ItBACHys8uUk7UVvi+kfGUDe4kK9 ++Jg6ECECgYA2brhJbK7GviGiabk1r/9DkHAca8K1zdwp3Fu/UPPQY0O+vF34m2Q8 +bm5r7nhIegZsFYXbkOG7yq0j/TME64nSKcHCTGmAQsNtnOXkEPdP8Gg7+37mPUwm +/CjSJ/VDcB/nk85Ye9XA/L8xT1L/N9749/gaQkRf07EC7S0HWkrg2g== +-----END RSA PRIVATE KEY----- diff --git a/tests/ocsp-tests/certs/ocsp-server.pem b/tests/ocsp-tests/certs/ocsp-server.pem new file mode 100644 index 0000000..fb9d2f9 --- /dev/null +++ b/tests/ocsp-tests/certs/ocsp-server.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDQzCCAiugAwIBAgIMVvMY1hLemRdsyqHgMA0GCSqGSIb3DQEBCwUAMBwxGjAY +BgNVBAMTEVRlc3RpbmcgQXV0aG9yaXR5MB4XDTE2MDMyMzIyMjk0MloXDTE3MDMy +MzIyMjk0MlowKzEpMCcGA1UEAxMgVGVzdGluZyBBdXRob3JpdHkgT0NTUCBSZXNw +b25kZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTAmQKDWIlbuH0 +7G3whNxFOG5e6yQrjKmSgRFR2eNEz21cP9GyEhZ7Pu6yuZWs02L70rkydXQmR5p8 +Fq/fyZOeFy64nmclYfXzz+sIHndx/qwvI3gQGKoM4y46efURdhY3D7Y+m7X7By2x +7wjYxnjoXZek8MdPzDGABL612tkZQHP9WxQ+k20gTsx6zYKUBgxFP84zr7EiVS33 +XoM4Hb9zWmHCc9Qdwm1mXx25Dp6oOR97oQS/Sa+pBM+hgf8bgUgWd1GXKOa1c8RW +AsJH/FmkTTkKMdDTcBk6ICsz+pf5jBZe2q2Gxq8Gh/jsk54Y0KDBkc6rCYnsRz1O +WmQYc9SVAgMBAAGjdjB0MAwGA1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUH +AwkwDwYDVR0PAQH/BAUDAweAADAdBgNVHQ4EFgQU5z6hcBUBqNrycEPvTMiHGsOY +dD0wHwYDVR0jBBgwFoAULdgUmhbVbf77sODe8fXFIwvTYr4wDQYJKoZIhvcNAQEL +BQADggEBAHqmxPdEtXJAcLZnvfyExhlkS4QHxj9dw8OWYma1HHAyEiNxLlvXgcng +YspTVNHHHiErluOa3TdDkBlgdTdQ14aRJqEIT+EDXorU8MvvT7ujvDW/hm2IDDbr +bd4Cyd1g6sQJpuilBUvm4RV/LpkkAhRhd4dEhngHsoV0q1FbA7IxiPSNSixVjpBo +u2EhOPQFp4nFxFQvnEFK1gzltj22+plrekuiZtMS7Ofhg+ZaHb2QB0bhvqbMyL6j +b0/sxQZyy1qjID54G6nrr7j+PzN+SHqo1dfWhuYbHBQMJdp+AGmusGFhwGem1PmO +5AadPjc6lXs9mS///txyiheLGJJodQY= +-----END CERTIFICATE----- diff --git a/tests/ocsp-tests/certs/ocsp-staple-unrelated.der b/tests/ocsp-tests/certs/ocsp-staple-unrelated.der Binary files differnew file mode 100644 index 0000000..963da0f --- /dev/null +++ b/tests/ocsp-tests/certs/ocsp-staple-unrelated.der diff --git a/tests/ocsp-tests/certs/ocsp_index.txt b/tests/ocsp-tests/certs/ocsp_index.txt new file mode 100644 index 0000000..e9e2dd7 --- /dev/null +++ b/tests/ocsp-tests/certs/ocsp_index.txt @@ -0,0 +1,2 @@ +R 260329162441Z 160428142441Z 3 unknown CN=localhost +V 260329162441Z 2 unknown CN=localhost diff --git a/tests/ocsp-tests/certs/ocsp_index.txt.attr b/tests/ocsp-tests/certs/ocsp_index.txt.attr new file mode 100644 index 0000000..3a7e39e --- /dev/null +++ b/tests/ocsp-tests/certs/ocsp_index.txt.attr @@ -0,0 +1 @@ +unique_subject = no diff --git a/tests/ocsp-tests/certs/server_bad.key b/tests/ocsp-tests/certs/server_bad.key new file mode 100644 index 0000000..814693e --- /dev/null +++ b/tests/ocsp-tests/certs/server_bad.key @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG4wIBAAKCAYEArwu2ueiYin7b177OgSjWY0Et7ypE1gXTuXdgTyu+LH2pYmsb +HxbAFIDf2OeOs/8z+FK0VqxvcRw2zb3lnsLYD3fgHNj8bZdZssiXy8+um/Mtnec2 +J8tkapdjUVkd7vTsUqardOTRcTwM0SWOgQXirZMSdkU1eoqkzAczxsPJTPVKnqVD +KhBEcPz/7OR+/ocYmQdAaOdl9m6gJn4lBBr2vCozjx0LyWig7zf5j6CgkZECb7jg +rANhDE3gD9iHC8CyaVPLuuDkllwIetBTfWGDi0tdHv1mY3K6YuuDsjdUnmOeFrPL +3i3zvnQEMLAD1f0GeRzUMNTHUOe5bKIAxKW9hlhJat10/VZyuP1Sjm1gdpoJkU4z +g5HPyr/C7mHHC2ofJZZ68Q4bQ2KXAq45MwPPkq0jEFzPdrDR925CRv+3HO6rw+2+ +atIylvZzzdwXfBuB5bOKpcU68tbjGSq58N3V/72DGSxDdNephGTMAmtmum22T+38 +KSPKiuIWT/bsSefbAgMBAAECggGAHQs6hFo9hS1LWN7F8NRPziQwdPB0f3Z0DN/r +0PcXFNa81iGjXGMv97bybVDucpszik5escrmqsPdrAGIKfF2XAqt2tt99skYDvwN +g7mv5RxSQ1Lrv2qV/MGlrwe0WcO1unkBFeIphjpKfiFXJb1OQTKX65vMJcr/UQMY +6i/uJKDGgtA09rPAR2cTJ8E5+Q19XVbArydF2b+9PuXLSoUWz13JNEPDguWjXk3R +UK18Nurylor8bE4bOilptfddYOvV5/UNxgy8y0XJq6ZJ/g3FqRsiu5e5C8jXm2t/ +qfJ33rJIAZv8LW0YWPteNw0OSo4DCbtfZQdekiJwz5tS0shhOqKhcFIX2hRwUMhj +yYBMxota6n5bQcKQBv+jf3URKFMDCThUst3GUZz6GIVb9xqTxavgU/KMXkZPUJ8N +KA5qYBrTK5lMVTf6iZ/N93yZKVky9rrrJdWmX/wWhPt1hr2Mj1UF/W6oi142SLjy +z7M8A/LaI2/gsm8sSp64JjDdtabBAoHBAObVHQSgV4SoseW5j0BjAklFHN9MRjOc +17GgZ4hfIda4bs+RpnDXjREU3kdAFmyg0F3/TLzQZklCAui2NKMvz+XHtbwF9aNP ++fK1eLOKiSRzAlKrAwiNPTKFkIFYNVFthH5pWBzS0be+Va52OoxwnSMmSaBEPzDH +NF7GKZHI+mEDWE+Vz7MiGpLkDuPj3UzG3KQwhxmy+ZVF2LVENFf+FGjiWSQMpxyx +q7M5nzq6pVPSbxqLFF+X9J7MScbCajL6sQKBwQDCIYIMsBM2pf2zFTifsH39BsXP +qpztEmdfDqy6D+dquEH5HTUSt2as6FMyk7oxRmuxxunl5bBtL3X2AR3eDdLP42W0 +sPphUQt2RFpyNu2Sd5pjYXcCxH7IQv16EQqPdxYytBU9jJMnRf+QN7Nl9j4nZrDC +wZcs2PUO1LDoK20+IKSeYRGMUMC65N9x+/qTGEaF4bRJJSGjkhyWPBAdrMekeTJH +4h5YRZfzXspzpJ1CSKRt+1zhO6IWM8YcalQTVksCgcA75eUnxCuxosy23dXMUWTQ +enypfPNihTp7PzJecsEnJKiseBEGiwhx/EZJmtm2ymwHWC4jeLhyHgz/Mfiqt8ds +ysvfxHQfMqubTXfKrxIzQRzDMtkQqQXOTFZZGfiL7q1I2DEjGZmN4nf9U3SR6M79 +xfuo+Myk7awrQ6SZzdsavXF3BVrmEt1ubHtoq0JLn/a1LFqCUqztDTjUoKQsiSPm +q4WSEy5yBbCWS0eER9aKz7pA2wIoZBf39O7YAq7oF6ECgcBl5Gx7+Fa9UjZsrnC/ +8ETQb6OXsfcXv5ceH3etWPef3gJSnG/k2Po9OtugKkWJ42pXLw5JKluFk2mYq1Ff +4WWK09HoGxPvzDf15T6LwCTFwZz5GIj8nOHmfrLIRPWEA39VMYwMeCIsdOMEcRfq +JmrNB2szbaTJVz6YgC4yTcjS2RNORaiOOzxNXB+jlhwY5J7vWl3kHmcfkWsLt47F +5JAM1cf8TsSalDyC8nfUZsxbpAEZ8Nr5JPGYMaiD9ZMXay0CgcEAjDWHG31/+Vmd +L17lUfNCNcyDChlf4cVXA748/HCHM49JuS7NSSxToAzWCaoy5DkUesg0xSHLM0Ko +HOAiCuQmzFDjOIi4/NSDEYwe02SnFF1trGFLIzta+Ona8VQlDKp6onQ9lxefL8In +9+6PujFy6/HEKk57Nypd3k1J0LHj0u5QeRHVnSiMq0XioXR/61yxeNURHPzI+wVd +726pM6NA3e6RFencK5SOgBoUi28RNAE1a3+BiXJGQRD2WxG9DaOG +-----END RSA PRIVATE KEY----- diff --git a/tests/ocsp-tests/certs/server_bad.template b/tests/ocsp-tests/certs/server_bad.template new file mode 100644 index 0000000..0408a97 --- /dev/null +++ b/tests/ocsp-tests/certs/server_bad.template @@ -0,0 +1,9 @@ +# static serial so the OCSP DB does not need to be changed +serial=3 +cn=localhost +tls_www_server +signing_key +encryption_key +dns_name="localhost" +activation_date = "2016-03-29 16:21:42" +expiration_date = "2026-03-29 16:24:41" diff --git a/tests/ocsp-tests/certs/server_good.key b/tests/ocsp-tests/certs/server_good.key new file mode 100644 index 0000000..f5e71dd --- /dev/null +++ b/tests/ocsp-tests/certs/server_good.key @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG5QIBAAKCAYEApKIYxjNSYijlzMBWXLM7BEtKXUFtYpvta/fKgC16wuVW1rCT +sS6xB10QFjeVtYAnDY3qBSC17xVL7gmhYTJHBW6dBEzq0NBLimWDvy9FnHerwSn1 +q1EUBqFjlTKwEgKsRzI5AOnUf0jHV9FoSNJdyTO9vunEAPMylcqQRIDCnkpSQwh/ +8KAU2iIhaasoOw8uj5RH5w8NAepEY8AV+W2OPJB1vGip+TU+q8MoXjT9lYRK0E7J +c6iJAGb24ZjvHp3mpJcDhASifrp6E1OxeFfdADulAQ9xj8VLOzi8EmMjOrZritYl +Iq9ITlyw1ws+bFwG9szLXB6eV38e5Ubbu/VMqGx/XQ90SDgP7MAsorkRoe48i2IQ ++fea9QUGSgOfxAKu/SjehplpsGaARyb1Y5wXxzRnyVrX8dNwP5OojK5mQUaUW76k +biCbwOM37QDPUgwEgpLkItiNCwcXMdjwxsuXSusAn41u9cDF0+uXr9tUkDLaLcNz +9OZyNlZJO1ba3ksvAgMBAAECggGBAJRRPISDA/tO4Qh/Vs6Y4dhShCJTqVonI9Qb +HqIvVuNyfbNYzRXY/L+nhbCeTw9+7q/1ZBlOiNlllExU/MB17SnlpyuSqBGLNiLu +pax9x/bYkTGqvZqjpqj6iJ6HVbxEEDTr+BLslfY9+OkSzSKd8sQrCwyNyXkZoD72 +iNZOMgcs6cNeSvTbIy4JhZSPD+V1HftYGRb+pjdNeGNtT96wZm4FrywYFtlesKFJ +ZnrIvpQO5N+Zuz+pXBOyr0Q65WHt2cOxniTrMTlgWiGJvGlRF6s0UMnVJDFd36dD +OHyCHHkRYxVh5M4wnBnoVjRRPfO7Dr37MdZQuvMgcG3uZ600g2+8UEE6NS1WgsRk +oANsbyzoZkwNJplmPgJZ9b+Iupkp+ivTebzkxZbMWDaM+jGRZy0EwlNHKxRZubcF +bsxnfsR8zlzsTTRRFQxsvqjadg0d0SVH2+3+0ksfCIs7qbqDfLNSLKzkW3pQySII +EOEnNSb4Iwgb/hc7LluBdI5dd9WfEQKBwQDWyuyeepmMR9OqTKXPVB5Xe1yLq3vQ +HCN5n1Fp6weIpiWAZDHTGWfcQkUOVYm0dILoz0JXYQMV5n09NAN7QxU8SAaK5Skb +d2QBawny7At4MrpnSowA0cdyuTughLb7Lg2Yb77u1b09w71vXZHaAqIxmZCUMdjW +7o/PWHbVApmB3XlDpJ3Y2WMIbTKkAWJOgh7IfZXSeJR672yuDJOEfHX3BNcdJQZC +OmuNB36I3ZJmhxTlPOX9kO0nguLNDpol2GMCgcEAxDeyy7nk2kOZWdxzLfSS0m2E +/K3uJCzbqj4LBJ8pZFJRO5V8k4pIArz28jTrgt85OtvG14PJQIYIS1V2kRDFXHt3 +qTKZdzoylpplNTSvIIiVFj7TaneT6E+oqYUKKaYOn8wDMOxgflElf352F7/NgYEA +ZgTrmHm4FdcUQpVRQu3H1Cn4+6oyC5/ZQpxG/WZMbBN6xl5kNMFf4CSw5c98G/ZT +jeb0cb1MrQ6PYNTr8VVbMQd+nJzoYbPyf5UVg03FAoHAN6rF4ljR3Lps0BEnU/Fw +H6oYFRavcwMn6ohw2CuSe0bcJ0dQZm6KLVp7fTiMBNnBZ8b3YaAB5bYjtS36zQJY +yZO9Jlg37CdoIrn0DSJB4rf6+XQnjrrPnxsEqhhbOAP6gAxOBqYccpp9SRSODVtr +X8F16AJ3OVUArnM18QTIdhDJMc/DHQVSFkf+vOSi7sfoZHuvzal0idvtZbparRZ4 +mDmH6sTCt31ejGFp2Nzb6XiO4M6EqM/btsbEMvLa3n4TAoHBAKpImB8bTZNptOz6 +Vu7b4ItDxnSu0QuN7niY7WDua7KHib3G5lz4VbQin8Dk0jo6VOVSlAa2dPJNH2eZ +XJNaVZ0D/X3Vzr9cv0hZ51k8RntabN/oV/t+mNq0PvAW6BHq7agaGe7cRIV7EKrL +adsEdmlcNadTv84MXAiAJjH+eY424wOqBU0Kj/HsoFShYS5KGCp24UbD5fyukPDp +hqd54AA4TpzIgP0wRhmtmBp1zekbpU8wbN2ngjhAPUQhcpEH7QKBwQDFqimO5IDb +8DuWT6E5R/4TYttP2BjtaFgcV26UhKsKlcyy31OP7nHOM9jICodEKCVzfw477Dtf +g8Xp8QUnQ4MM8sTmokMtsKX6yKCGLxeadPV0jw0ASsDH7op0CBH30pcWNVPeEGlC +b3qfqHMNGDQJyAkGun5mAjAzjWT89eDrwJDfeuxnos5+XlAPz/xIqZaj9TSV0Xjs +1U/np8oqu50iEXhyLVqG6GqXRkiqJ4W73qRqCYCBu1O3Fuc00/TOPLM= +-----END RSA PRIVATE KEY----- diff --git a/tests/ocsp-tests/certs/server_good.template b/tests/ocsp-tests/certs/server_good.template new file mode 100644 index 0000000..2d02758 --- /dev/null +++ b/tests/ocsp-tests/certs/server_good.template @@ -0,0 +1,9 @@ +# static serial so the OCSP DB does not need to be changed +serial=2 +cn=localhost +tls_www_server +signing_key +encryption_key +dns_name="localhost" +activation_date = "2016-03-29 16:21:42" +expiration_date = "2026-03-29 16:24:41" diff --git a/tests/ocsp-tests/ocsp-load-chain.sh b/tests/ocsp-tests/ocsp-load-chain.sh new file mode 100755 index 0000000..33cc020 --- /dev/null +++ b/tests/ocsp-tests/ocsp-load-chain.sh @@ -0,0 +1,67 @@ +#!/bin/sh + +# Copyright (C) 2017 Red Hat, Inc. +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see <https://www.gnu.org/licenses/> + +#set -e + +: ${srcdir=.} +: ${OCSPTOOL=../src/ocsptool${EXEEXT}} +: ${DIFF=diff} + +if ! test -x "${OCSPTOOL}"; then + exit 77 +fi + +export TZ="UTC" + +. "${srcdir}/scripts/common.sh" + +skip_if_no_datefudge + +datefudge -s "2017-06-19" \ + "${OCSPTOOL}" -e --load-chain "${srcdir}/ocsp-tests/certs/chain-amazon.com.pem" --infile "${srcdir}/ocsp-tests/certs/ocsp-amazon.com.der" --verify-allow-broken +rc=$? + +# We're done. +if test "${rc}" != "0"; then + echo "Test 1 - Amazon OCSP response verification - failed" + exit ${rc} +fi + +datefudge -s "2017-06-19" \ + "${OCSPTOOL}" -e --load-chain "${srcdir}/ocsp-tests/certs/chain-amazon.com-unsorted.pem" --infile "${srcdir}/ocsp-tests/certs/ocsp-amazon.com.der" --verify-allow-broken +rc=$? + +# We're done. +if test "${rc}" != "0"; then + echo "Test 2 - Amazon OCSP response verification - failed" + exit ${rc} +fi + +# verify an OCSP response using ECDSA +datefudge -s "2017-06-29" \ + "${OCSPTOOL}" -d 6 -e --load-chain "${srcdir}/ocsp-tests/certs/chain-akamai.com.pem" --infile "${srcdir}/ocsp-tests/certs/ocsp-akamai.com.der" +rc=$? + +# We're done. +if test "${rc}" != "0"; then + echo "Test 3 - Akamai (ECDSA) OCSP response verification - failed" + exit ${rc} +fi + +exit 0 diff --git a/tests/ocsp-tests/ocsp-must-staple-connection.sh b/tests/ocsp-tests/ocsp-must-staple-connection.sh new file mode 100755 index 0000000..049491a --- /dev/null +++ b/tests/ocsp-tests/ocsp-must-staple-connection.sh @@ -0,0 +1,515 @@ +#!/bin/sh + +# Copyright (C) 2016 Red Hat, Inc. +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +: ${srcdir=.} +: ${CERTTOOL=../src/certtool${EXEEXT}} +: ${OCSPTOOL=../src/ocsptool${EXEEXT}} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} +: ${DIFF=diff} +TEMPLATE_FILE="ms-out.$$.tmpl.tmp" +SERVER_CERT_FILE="ms-cert.$$.pem.tmp" +SERVER_CERT_NO_EXT_FILE="ms-cert-no-ext.$$.pem.tmp" +OCSP_RESPONSE_FILE="ms-resp.$$.tmp" +OCSP_REQ_FILE="ms-req.$$.tmp" + +export TZ="UTC" + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -x "${OCSPTOOL}"; then + exit 77 +fi + +if ! test -x "${SERV}"; then + exit 77 +fi + +if ! test -x "${CLI}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15" +fi + +. "${srcdir}/scripts/common.sh" + +skip_if_no_datefudge + +eval "${GETPORT}" +# Port for gnutls-serv +TLS_SERVER_PORT=$PORT + +# Port to use for OCSP server, must match the OCSP URI set in the +# server_*.pem certificates +eval "${GETPORT}" +OCSP_PORT=$PORT + +# Maximum timeout for server startup (OCSP and TLS) +SERVER_START_TIMEOUT=10 + +# Check for OpenSSL +: ${OPENSSL=openssl} +if ! ("$OPENSSL" version) > /dev/null 2>&1; then + echo "You need openssl to run this test." + exit 77 +fi + +CERTDATE="2016-04-28" +TESTDATE="2016-04-29" +EXP_OCSP_DATE="2016-03-27" + +OCSP_PID="" +TLS_SERVER_PID="" +stop_servers () +{ + test -z "${OCSP_PID}" || kill "${OCSP_PID}" + test -z "${TLS_SERVER_PID}" || kill "${TLS_SERVER_PID}" + rm -f "$TEMPLATE_FILE" + rm -f "$SERVER_CERT_FILE" + rm -f "$SERVER_CERT_NO_EXT_FILE" + rm -f "$OCSP_RESPONSE_FILE" + rm -f "$OCSP_REQ_FILE" +} +trap stop_servers 1 15 2 EXIT + +echo "=== Generating good server certificate ===" + +rm -f "$TEMPLATE_FILE" +cp "${srcdir}/ocsp-tests/certs/server_good.template" "$TEMPLATE_FILE" +chmod u+w "$TEMPLATE_FILE" +echo "ocsp_uri=http://localhost:${OCSP_PORT}/ocsp/" >>"$TEMPLATE_FILE" + +# Generate certificates with the random port +datefudge -s "${CERTDATE}" ${CERTTOOL} \ + --generate-certificate --load-ca-privkey "${srcdir}/ocsp-tests/certs/ca.key" \ + --load-ca-certificate "${srcdir}/ocsp-tests/certs/ca.pem" \ + --load-privkey "${srcdir}/ocsp-tests/certs/server_good.key" \ + --template "${TEMPLATE_FILE}" --outfile "${SERVER_CERT_NO_EXT_FILE}" 2>/dev/null + +# Generate certificates with the random port (with mandatory stapling extension) +echo "tls_feature = 5" >>"$TEMPLATE_FILE" + +datefudge -s "${CERTDATE}" ${CERTTOOL} \ + --generate-certificate --load-ca-privkey "${srcdir}/ocsp-tests/certs/ca.key" \ + --load-ca-certificate "${srcdir}/ocsp-tests/certs/ca.pem" \ + --load-privkey "${srcdir}/ocsp-tests/certs/server_good.key" \ + --template "${TEMPLATE_FILE}" --outfile "${SERVER_CERT_FILE}" 2>/dev/null + +echo "=== Bringing OCSP server up ===" + +INDEXFILE="ocsp_index.txt" +ATTRFILE="${INDEXFILE}.attr" +cp "${srcdir}/ocsp-tests/certs/ocsp_index.txt" ${INDEXFILE} +cp "${srcdir}/ocsp-tests/certs/ocsp_index.txt.attr" ${ATTRFILE} + +# Start OpenSSL OCSP server +# +# WARNING: As of version 1.0.2g, OpenSSL OCSP cannot bind the TCP port +# if started repeatedly in a short time, probably a lack of +# SO_REUSEADDR usage. +PORT=${OCSP_PORT} +launch_bare_server \ + datefudge "${TESTDATE}" \ + "${OPENSSL}" ocsp -index "${INDEXFILE}" -text \ + -port "${OCSP_PORT}" \ + -rsigner "${srcdir}/ocsp-tests/certs/ocsp-server.pem" \ + -rkey "${srcdir}/ocsp-tests/certs/ocsp-server.key" \ + -CA "${srcdir}/ocsp-tests/certs/ca.pem" +OCSP_PID="${!}" +wait_server "${OCSP_PID}" + +echo "=== Verifying OCSP server is up ===" + +# Port probing (as done in wait_port) makes the OpenSSL OCSP server +# crash due to the "invalid request", so try proper requests +t=0 +while test "${t}" -lt "${SERVER_START_TIMEOUT}"; do + # Run a test request to make sure the server works + datefudge "${TESTDATE}" \ + ${VALGRIND} "${OCSPTOOL}" --ask \ + --load-cert "${SERVER_CERT_FILE}" \ + --load-issuer "${srcdir}/ocsp-tests/certs/ca.pem" \ + --outfile "${OCSP_RESPONSE_FILE}" + rc=$? + if test "${rc}" = "0"; then + break + else + t=`expr ${t} + 1` + sleep 1 + fi +done +# Fail if the final OCSP request failed +if test "${rc}" != "0"; then + echo "OCSP server check failed." + exit ${rc} +fi + +#echo "placed staple in ${OCSP_RESPONSE_FILE}" + +echo "=== Test 1: Server with valid certificate - no staple ===" + +PORT=${TLS_SERVER_PORT} +launch_bare_server \ + datefudge "${TESTDATE}" \ + "${SERV}" --echo --disable-client-cert \ + --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \ + --x509certfile="${SERVER_CERT_FILE}" \ + --port="${TLS_SERVER_PORT}" +TLS_SERVER_PID="${!}" +wait_server $TLS_SERVER_PID + +wait_for_port "${TLS_SERVER_PORT}" + +echo "test 123456" | \ + datefudge -s "${TESTDATE}" \ + "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ + --port="${TLS_SERVER_PORT}" localhost +rc=$? + +if test "${rc}" != "1"; then + echo "Connecting to server with valid certificate and no staple succeeded" + exit ${rc} +fi + +kill "${TLS_SERVER_PID}" +wait "${TLS_SERVER_PID}" +unset TLS_SERVER_PID + +echo "=== Test 2: Server with valid certificate - valid staple ===" + +eval "${GETPORT}" +# Port for gnutls-serv +TLS_SERVER_PORT=$PORT +PORT=${TLS_SERVER_PORT} +launch_bare_server \ + datefudge "${TESTDATE}" \ + "${SERV}" --echo --disable-client-cert \ + --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \ + --x509certfile="${SERVER_CERT_FILE}" \ + --port="${TLS_SERVER_PORT}" \ + --ocsp-response="${OCSP_RESPONSE_FILE}" --ignore-ocsp-response-errors +TLS_SERVER_PID="${!}" +wait_server $TLS_SERVER_PID + +wait_for_port "${TLS_SERVER_PORT}" + +echo "test 123456" | \ + datefudge -s "${TESTDATE}" \ + "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ + --port="${TLS_SERVER_PORT}" localhost +rc=$? + +if test "${rc}" != "0"; then + echo "Connecting to server with valid certificate and valid staple failed" + exit ${rc} +fi + +kill "${TLS_SERVER_PID}" +wait "${TLS_SERVER_PID}" +unset TLS_SERVER_PID + +echo "=== Test 3: Server with valid certificate - invalid staple ===" + +head -c 64 /dev/urandom >"${OCSP_RESPONSE_FILE}" + +eval "${GETPORT}" +# Port for gnutls-serv +TLS_SERVER_PORT=$PORT +PORT=${TLS_SERVER_PORT} +launch_bare_server \ + datefudge "${TESTDATE}" \ + "${SERV}" --echo --disable-client-cert \ + --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \ + --x509certfile="${SERVER_CERT_FILE}" \ + --port="${TLS_SERVER_PORT}" \ + --ocsp-response="${OCSP_RESPONSE_FILE}" --ignore-ocsp-response-errors +TLS_SERVER_PID="${!}" +wait_server $TLS_SERVER_PID + +wait_for_port "${TLS_SERVER_PORT}" + +echo "test 123456" | \ + datefudge -s "${TESTDATE}" \ + "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ + --port="${TLS_SERVER_PORT}" localhost +rc=$? + +if test "${rc}" != "1"; then + echo "Connecting to server with valid certificate and invalid staple succeeded" + exit ${rc} +fi + +kill "${TLS_SERVER_PID}" +wait "${TLS_SERVER_PID}" +unset TLS_SERVER_PID + +echo "=== Test 4: Server with valid certificate - unrelated cert staple ===" + +rm -f "${OCSP_RESPONSE_FILE}" +cp "${srcdir}/ocsp-tests/certs/ocsp-staple-unrelated.der" "${OCSP_RESPONSE_FILE}" + +eval "${GETPORT}" +# Port for gnutls-serv +TLS_SERVER_PORT=$PORT +PORT=${TLS_SERVER_PORT} +launch_bare_server \ + datefudge "${TESTDATE}" \ + "${SERV}" --echo --disable-client-cert \ + --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \ + --x509certfile="${SERVER_CERT_FILE}" \ + --port="${TLS_SERVER_PORT}" \ + --ocsp-response="${OCSP_RESPONSE_FILE}" --ignore-ocsp-response-errors +TLS_SERVER_PID="${!}" +wait_server $TLS_SERVER_PID + +wait_for_port "${TLS_SERVER_PORT}" + +echo "test 123456" | \ + datefudge -s "${TESTDATE}" \ + "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ + --port="${TLS_SERVER_PORT}" localhost +rc=$? + +if test "${rc}" != "1"; then + echo "Connecting to server with valid certificate and invalid staple succeeded" + exit ${rc} +fi + +kill "${TLS_SERVER_PID}" +wait "${TLS_SERVER_PID}" +unset TLS_SERVER_PID + + +echo "=== Test 5: Server with valid certificate - expired staple ===" + +rm -f "${OCSP_RESPONSE_FILE}" + +# Generate an OCSP response which expires in 2 days and use it after +# a month. gnutls server doesn't send such a staple to clients. +${VALGRIND} ${OCSPTOOL} --generate-request --load-issuer "${srcdir}/ocsp-tests/certs/ocsp-server.pem" --load-cert "${SERVER_CERT_FILE}" --outfile "${OCSP_REQ_FILE}" +datefudge -s ${EXP_OCSP_DATE} \ + ${OPENSSL} ocsp -index "${INDEXFILE}" -rsigner "${srcdir}/ocsp-tests/certs/ocsp-server.pem" -rkey "${srcdir}/ocsp-tests/certs/ocsp-server.key" -CA "${srcdir}/ocsp-tests/certs/ca.pem" -reqin "${OCSP_REQ_FILE}" -respout "${OCSP_RESPONSE_FILE}" -ndays 2 + +eval "${GETPORT}" +# Port for gnutls-serv +TLS_SERVER_PORT=$PORT +PORT=${TLS_SERVER_PORT} + +: ${TIMEOUT=timeout} +if ("$TIMEOUT" --version) >/dev/null 2>&1; then +${TIMEOUT} 30 "${SERV}" --echo --disable-client-cert \ + --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \ + --x509certfile="${SERVER_CERT_FILE}" \ + --port="${TLS_SERVER_PORT}" \ + --ocsp-response="${OCSP_RESPONSE_FILE}" +if test $? != 1;then + echo "Running gnutls-serv with an expired response, succeeds!" + exit ${rc} +fi +fi + +echo "=== Test 5.1: Server with valid certificate - expired staple (ignoring errors) ===" + +launch_bare_server \ + datefudge "${TESTDATE}" \ + "${SERV}" --echo --disable-client-cert \ + --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \ + --x509certfile="${SERVER_CERT_FILE}" \ + --port="${TLS_SERVER_PORT}" \ + --ignore-ocsp-response-errors \ + --ocsp-response="${OCSP_RESPONSE_FILE}" +TLS_SERVER_PID="${!}" +wait_server $TLS_SERVER_PID + +wait_for_port "${TLS_SERVER_PORT}" + +echo "test 123456" | \ + datefudge -s "${TESTDATE}" \ + "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ + --port="${TLS_SERVER_PORT}" localhost +rc=$? + +if test "${rc}" != "1"; then + echo "Connecting to server with valid certificate and expired staple succeeded" + exit ${rc} +fi + +kill "${TLS_SERVER_PID}" +wait "${TLS_SERVER_PID}" +unset TLS_SERVER_PID + +echo "=== Test 6: Server with valid certificate - old staple ===" + +# This case is funny. OCSP doesn't mandate an expiration date for a response so +# we are left to decide what to do with responses that don't contain the NextUpdate +# field. Here we test whether a month-old response with no clear expiration is rejected. + +rm -f "${OCSP_RESPONSE_FILE}" + +${VALGRIND} ${OCSPTOOL} --generate-request --load-issuer "${srcdir}/ocsp-tests/certs/ocsp-server.pem" --load-cert "${SERVER_CERT_FILE}" --outfile "${OCSP_REQ_FILE}" +datefudge -s ${EXP_OCSP_DATE} \ + ${OPENSSL} ocsp -index ${INDEXFILE} -rsigner "${srcdir}/ocsp-tests/certs/ocsp-server.pem" -rkey "${srcdir}/ocsp-tests/certs/ocsp-server.key" -CA "${srcdir}/ocsp-tests/certs/ca.pem" -reqin "${OCSP_REQ_FILE}" -respout "${OCSP_RESPONSE_FILE}" + +eval "${GETPORT}" +# Port for gnutls-serv +TLS_SERVER_PORT=$PORT +PORT=${TLS_SERVER_PORT} +launch_bare_server \ + datefudge "${TESTDATE}" \ + "${SERV}" --echo --disable-client-cert \ + --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \ + --x509certfile="${SERVER_CERT_FILE}" \ + --port="${TLS_SERVER_PORT}" \ + --ocsp-response="${OCSP_RESPONSE_FILE}" --ignore-ocsp-response-errors +TLS_SERVER_PID="${!}" +wait_server $TLS_SERVER_PID + +wait_for_port "${TLS_SERVER_PORT}" + +echo "test 123456" | \ + datefudge -s "${TESTDATE}" \ + "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ + --port="${TLS_SERVER_PORT}" localhost +rc=$? + +if test "${rc}" != "1"; then + echo "Connecting to server with valid certificate and old staple succeeded" + exit ${rc} +fi + +kill "${TLS_SERVER_PID}" +wait "${TLS_SERVER_PID}" +unset TLS_SERVER_PID + +echo "=== Test 7: OSCP response error - client doesn't send status_request ===" + +eval "${GETPORT}" +# Port for gnutls-serv +TLS_SERVER_PORT=$PORT +PORT=${TLS_SERVER_PORT} +launch_bare_server \ + datefudge "${TESTDATE}" \ + "${SERV}" --echo --disable-client-cert \ + --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \ + --x509certfile="${SERVER_CERT_FILE}" \ + --port="${TLS_SERVER_PORT}" \ + --ocsp-response="${srcdir}/ocsp-tests/response3.der" --ignore-ocsp-response-errors +TLS_SERVER_PID="${!}" +wait_server $TLS_SERVER_PID + +wait_for_port "${TLS_SERVER_PORT}" + +echo "test 123456" | \ + datefudge -s "${TESTDATE}" \ + "${CLI}" --priority "NORMAL:%NO_EXTENSIONS" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ + --port="${TLS_SERVER_PORT}" localhost +rc=$? + +if test "${rc}" != "0"; then + echo "Connecting to server with valid certificate and OCSP error response failed" + exit ${rc} +fi + +kill "${TLS_SERVER_PID}" +wait "${TLS_SERVER_PID}" +unset TLS_SERVER_PID + +echo "=== Test 8: OSCP response error - client sends status_request, no TLS feature extension ===" + +eval "${GETPORT}" +# Port for gnutls-serv +TLS_SERVER_PORT=$PORT +PORT=${TLS_SERVER_PORT} +launch_bare_server \ + datefudge "${TESTDATE}" \ + "${SERV}" --echo --disable-client-cert \ + --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \ + --x509certfile="${SERVER_CERT_NO_EXT_FILE}" \ + --port="${TLS_SERVER_PORT}" \ + --ocsp-response="${srcdir}/ocsp-tests/response3.der" --ignore-ocsp-response-errors +TLS_SERVER_PID="${!}" +wait_server $TLS_SERVER_PID + +wait_for_port "${TLS_SERVER_PORT}" + +echo "test 123456" | \ + datefudge -s "${TESTDATE}" \ + "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ + --port="${TLS_SERVER_PORT}" localhost +rc=$? + +if test "${rc}" != "0"; then + echo "Connecting to server with valid certificate and OCSP error response failed" + exit ${rc} +fi + +kill "${TLS_SERVER_PID}" +wait "${TLS_SERVER_PID}" +unset TLS_SERVER_PID + +echo "=== Test 9: OSCP response error - client sends status_request, TLS feature extension present ===" + +eval "${GETPORT}" +# Port for gnutls-serv +TLS_SERVER_PORT=$PORT +PORT=${TLS_SERVER_PORT} +launch_bare_server \ + datefudge "${TESTDATE}" \ + "${SERV}" --echo --disable-client-cert \ + --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \ + --x509certfile="${SERVER_CERT_FILE}" \ + --port="${TLS_SERVER_PORT}" \ + --ocsp-response="${srcdir}/ocsp-tests/response3.der" --ignore-ocsp-response-errors +TLS_SERVER_PID="${!}" +wait_server $TLS_SERVER_PID + +wait_for_port "${TLS_SERVER_PORT}" + +echo "test 123456" | \ + datefudge -s "${TESTDATE}" \ + "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ + --port="${TLS_SERVER_PORT}" localhost +rc=$? + +if test "${rc}" = "0"; then + echo "Connecting to server with valid certificate and OCSP error response unexpectedly succeeded" + exit ${rc} +fi + +kill "${TLS_SERVER_PID}" +wait "${TLS_SERVER_PID}" +unset TLS_SERVER_PID + + +kill ${OCSP_PID} +wait ${OCSP_PID} +unset OCSP_PID + +rm -f "${OCSP_RESPONSE_FILE}" +rm -f "${OCSP_REQ_FILE}" +rm -f "${SERVER_CERT_FILE}" +rm -f "${TEMPLATE_FILE}" +rm -f "${INDEXFILE}" "${ATTRFILE}" + +exit 0 diff --git a/tests/ocsp-tests/ocsp-signer-verify.sh b/tests/ocsp-tests/ocsp-signer-verify.sh new file mode 100755 index 0000000..ce815ce --- /dev/null +++ b/tests/ocsp-tests/ocsp-signer-verify.sh @@ -0,0 +1,61 @@ +#!/bin/sh + +# Copyright (C) 2021 Fiona Klute +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see <https://www.gnu.org/licenses/> + +: ${srcdir=.} +: ${OCSPTOOL=../src/ocsptool${EXEEXT}} +: ${DIFF=diff} + +if ! test -x "${OCSPTOOL}"; then + exit 77 +fi + +export TZ="UTC" + +. "${srcdir}/scripts/common.sh" + +skip_if_no_datefudge + +date="2021-07-14 00:00" +sample_dir="${srcdir}/ocsp-tests/signer-verify" +trusted="${sample_dir}/trust.pem" + +verify_response () +{ + echo "verifying ${sample_dir}/${1} using ${trusted}" + datefudge --static "${date}" \ + "${OCSPTOOL}" --infile="${sample_dir}/${1}" \ + --verify-response --load-trust="${trusted}" + return $? +} + +if ! verify_response response-ca.der; then + echo "verification of OCSP response signature by CA failed" + exit 1 +fi + +if ! verify_response response-delegated.der; then + echo "verification of OCSP response signature by delegated signer failed" + exit 1 +fi + +if verify_response response-non-delegated.der; then + echo "verification of OCSP response signature by non-signer certificate " \ + "from the same CA succeeded, but should have failed" + exit 1 +fi diff --git a/tests/ocsp-tests/ocsp-test.sh b/tests/ocsp-tests/ocsp-test.sh new file mode 100755 index 0000000..cfb3033 --- /dev/null +++ b/tests/ocsp-tests/ocsp-test.sh @@ -0,0 +1,72 @@ +#!/bin/sh + +# Copyright (C) 2016 Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +#set -e + +: ${srcdir=.} +: ${OCSPTOOL=../src/ocsptool${EXEEXT}} +: ${DIFF=diff} + +if ! test -x "${OCSPTOOL}"; then + exit 77 +fi + +export TZ="UTC" + +. "${srcdir}/scripts/common.sh" + +skip_if_no_datefudge + +# Note that in rare cases this test may fail because the +# time set using datefudge could have changed since the generation +# (if example the system was busy) + +datefudge -s "2016-04-22" \ + "${OCSPTOOL}" -e --load-signer "${srcdir}/ocsp-tests/certs/ca.pem" --infile "${srcdir}/ocsp-tests/response1.der" +rc=$? + +# We're done. +if test "${rc}" != "0"; then + echo "Test 1 - OCSP signed by CA - failed" + exit ${rc} +fi + +datefudge -s "2016-04-22" \ + "${OCSPTOOL}" -e --load-signer "${srcdir}/ocsp-tests/certs/ocsp-server.pem" --infile "${srcdir}/ocsp-tests/response2.der" +rc=$? + +# We're done. +if test "${rc}" != "0"; then + echo "Test 2 - OCSP signed by delegated cert - failed" + exit ${rc} +fi + +datefudge -s "2016-04-22" \ + "${OCSPTOOL}" -e --load-signer "${srcdir}/ocsp-tests/certs/ca.pem" --infile "${srcdir}/ocsp-tests/response2.der" -d 4 +rc=$? + +# We're done. +if test "${rc}" != "0"; then + echo "Test 3 - OCSP signed by delegated cert - failed" + exit ${rc} +fi + + +exit 0 diff --git a/tests/ocsp-tests/ocsp-tls-connection.sh b/tests/ocsp-tests/ocsp-tls-connection.sh new file mode 100755 index 0000000..84eda22 --- /dev/null +++ b/tests/ocsp-tests/ocsp-tls-connection.sh @@ -0,0 +1,231 @@ +#!/bin/sh + +# Test case: Try to establish TLS connections with gnutls-cli and +# check the validity of the server certificate via OCSP +# +# Copyright (C) 2016 Thomas Klute +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +: ${srcdir=.} +: ${CERTTOOL=../src/certtool${EXEEXT}} +: ${OCSPTOOL=../src/ocsptool${EXEEXT}} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} +: ${DIFF=diff} +TEMPLATE_FILE="out.$$.tmpl.tmp" +SERVER_CERT_FILE="cert.$$.pem.tmp" + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -x "${OCSPTOOL}"; then + exit 77 +fi + +if ! test -x "${SERV}"; then + exit 77 +fi + +if ! test -x "${CLI}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15" +fi + +export TZ="UTC" + +. "${srcdir}/scripts/common.sh" + +skip_if_no_datefudge + +eval "${GETPORT}" +# Port for gnutls-serv +TLS_SERVER_PORT=$PORT + +# Port to use for OCSP server, must match the OCSP URI set in the +# server_*.pem certificates +eval "${GETPORT}" +OCSP_PORT=$PORT + +# Maximum timeout for server startup (OCSP and TLS) +SERVER_START_TIMEOUT=10 + +# Check for OpenSSL +: ${OPENSSL=openssl} +if ! ("$OPENSSL" version) > /dev/null 2>&1; then + echo "You need openssl to run this test." + exit 77 +fi + +CERTDATE="2016-04-28" +TESTDATE="2016-04-29" + +OCSP_PID="" +TLS_SERVER_PID="" +stop_servers () +{ + test -z "${OCSP_PID}" || kill "${OCSP_PID}" + test -z "${TLS_SERVER_PID}" || kill "${TLS_SERVER_PID}" + rm -f "$TEMPLATE_FILE" + rm -f "$SERVER_CERT_FILE" +} +trap stop_servers 1 15 2 EXIT + +echo "=== Generating good server certificate ===" + +rm -f "$TEMPLATE_FILE" +cp "${srcdir}/ocsp-tests/certs/server_good.template" "$TEMPLATE_FILE" +chmod u+w "$TEMPLATE_FILE" +echo "ocsp_uri=http://localhost:${OCSP_PORT}/ocsp/" >>"$TEMPLATE_FILE" + +# Generate certificates with the random port +datefudge -s "${CERTDATE}" ${CERTTOOL} \ + --generate-certificate --load-ca-privkey "${srcdir}/ocsp-tests/certs/ca.key" \ + --load-ca-certificate "${srcdir}/ocsp-tests/certs/ca.pem" \ + --load-privkey "${srcdir}/ocsp-tests/certs/server_good.key" \ + --template "${TEMPLATE_FILE}" --outfile "${SERVER_CERT_FILE}" 2>/dev/null + +echo "=== Bringing OCSP server up ===" + +# Start OpenSSL OCSP server +# +# WARNING: As of version 1.0.2g, OpenSSL OCSP cannot bind the TCP port +# if started repeatedly in a short time, probably a lack of +# SO_REUSEADDR usage. +PORT=${OCSP_PORT} +launch_bare_server \ + datefudge "${TESTDATE}" \ + "${OPENSSL}" ocsp -index "${srcdir}/ocsp-tests/certs/ocsp_index.txt" -text \ + -port "${OCSP_PORT}" \ + -rsigner "${srcdir}/ocsp-tests/certs/ocsp-server.pem" \ + -rkey "${srcdir}/ocsp-tests/certs/ocsp-server.key" \ + -CA "${srcdir}/ocsp-tests/certs/ca.pem" +OCSP_PID="${!}" +wait_server "${OCSP_PID}" + +echo "=== Verifying OCSP server is up ===" + +# Port probing (as done in wait_port) makes the OpenSSL OCSP server +# crash due to the "invalid request", so try proper requests +t=0 +while test "${t}" -lt "${SERVER_START_TIMEOUT}"; do + # Run a test request to make sure the server works + datefudge "${TESTDATE}" \ + ${VALGRIND} "${OCSPTOOL}" --ask \ + --load-cert "${SERVER_CERT_FILE}" \ + --load-issuer "${srcdir}/ocsp-tests/certs/ca.pem" + rc=$? + if test "${rc}" = "0"; then + break + else + t=`expr ${t} + 1` + sleep 1 + fi +done +# Fail if the final OCSP request failed +if test "${rc}" != "0"; then + echo "OCSP server check failed." + exit ${rc} +fi + +echo "=== Test 1: Server with valid certificate ===" + +PORT=${TLS_SERVER_PORT} +launch_bare_server \ + datefudge "${TESTDATE}" \ + "${SERV}" --echo --disable-client-cert \ + --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \ + --x509certfile="${SERVER_CERT_FILE}" \ + --port="${TLS_SERVER_PORT}" +TLS_SERVER_PID="${!}" +wait_server $TLS_SERVER_PID + +wait_for_port "${TLS_SERVER_PORT}" + +echo "test 123456" | \ + datefudge -s "${TESTDATE}" \ + "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ + --port="${TLS_SERVER_PORT}" localhost +rc=$? + +if test "${rc}" != "0"; then + echo "Connecting to server with valid certificate failed." + exit ${rc} +fi + +kill "${TLS_SERVER_PID}" +wait "${TLS_SERVER_PID}" +unset TLS_SERVER_PID + +echo "=== Generating bad server certificate ===" + +rm -f "${SERVER_CERT_FILE}" +rm -f "${TEMPLATE_FILE}" +cp "${srcdir}/ocsp-tests/certs/server_bad.template" "$TEMPLATE_FILE" +echo "ocsp_uri=http://localhost:${OCSP_PORT}/ocsp/" >>"$TEMPLATE_FILE" + +# Generate certificates with the random port +datefudge -s "${CERTDATE}" ${CERTTOOL} \ + --generate-certificate --load-ca-privkey "${srcdir}/ocsp-tests/certs/ca.key" \ + --load-ca-certificate "${srcdir}/ocsp-tests/certs/ca.pem" \ + --load-privkey "${srcdir}/ocsp-tests/certs/server_bad.key" \ + --template "${TEMPLATE_FILE}" --outfile "${SERVER_CERT_FILE}" + +echo "=== Test 2: Server with revoked certificate ===" + +eval "${GETPORT}" +TLS_SERVER_PORT=$PORT + +launch_bare_server \ + datefudge "${TESTDATE}" \ + "${SERV}" --echo --disable-client-cert \ + --x509keyfile="${srcdir}/ocsp-tests/certs/server_bad.key" \ + --x509certfile="${SERVER_CERT_FILE}" \ + --port="${TLS_SERVER_PORT}" +TLS_SERVER_PID="${!}" +wait_server ${TLS_SERVER_PID} +wait_for_port "${TLS_SERVER_PORT}" + +echo "test 123456" | \ + datefudge -s "${TESTDATE}" \ + "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ + --port="${TLS_SERVER_PORT}" localhost +rc=$? + +kill "${TLS_SERVER_PID}" +wait "${TLS_SERVER_PID}" +unset TLS_SERVER_PID + +# This connection should not work because the certificate has been +# revoked. +if test "${rc}" = "0"; then + echo "Connecting to server with revoked certificate succeeded." + exit 1 +fi + +kill ${OCSP_PID} +wait ${OCSP_PID} +unset OCSP_PID + +rm -f "${SERVER_CERT_FILE}" +rm -f "${TEMPLATE_FILE}" + +exit 0 diff --git a/tests/ocsp-tests/ocsptool.sh b/tests/ocsp-tests/ocsptool.sh new file mode 100755 index 0000000..b10013e --- /dev/null +++ b/tests/ocsp-tests/ocsptool.sh @@ -0,0 +1,89 @@ +#!/bin/sh + +# Copyright (C) 2017 Red Hat, Inc. +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see <https://www.gnu.org/licenses/> + +#set -e + +# Sanity check program for various ocsptool options + +: ${srcdir=.} +: ${OCSPTOOL=../src/ocsptool${EXEEXT}} +: ${DIFF=diff} +: ${CMP=cmp} +TMPFILE=ocsp.$$.tmp + +if ! test -x "${OCSPTOOL}"; then + exit 77 +fi + +export TZ="UTC" + +"${OCSPTOOL}" -j --infile "${srcdir}/ocsp-tests/response1.pem" --outfile "${TMPFILE}" +rc=$? + +# We're done. +if test "${rc}" != "0"; then + echo "Test 1 - PEM loading failed" + exit ${rc} +fi + +${CMP} "${srcdir}/ocsp-tests/response1.der" "${TMPFILE}" >/dev/null 2>&1 +rc=$? +if test "${rc}" != "0"; then + echo "Test 1 - Comparison of DER file failed" + exit ${rc} +fi + +"${OCSPTOOL}" -j --outpem --infile "${srcdir}/ocsp-tests/response1.pem" --outfile "${TMPFILE}" +rc=$? + +# We're done. +if test "${rc}" != "0"; then + echo "Test 2 - PEM loading failed" + exit ${rc} +fi + +${DIFF} -B "${srcdir}/ocsp-tests/response1.pem" "${TMPFILE}" >/dev/null 2>&1 +rc=$? +if test "${rc}" != "0"; then + echo "Test 2 - Comparison of PEM file failed $TMPFILE" + exit ${rc} +fi + + +"${OCSPTOOL}" -j --infile "${srcdir}/ocsp-tests/response1.der" +rc=$? + +# We're done. +if test "${rc}" != "0"; then + echo "Test 3 - Transparent (backwards compatible) DER loading failed" + exit ${rc} +fi + +"${OCSPTOOL}" -j --inder --infile "${srcdir}/ocsp-tests/response1.der" +rc=$? + +# We're done. +if test "${rc}" != "0"; then + echo "Test 4 - DER loading failed" + exit ${rc} +fi + +rm -f "${TMPFILE}" + +exit 0 diff --git a/tests/ocsp-tests/response1.der b/tests/ocsp-tests/response1.der Binary files differnew file mode 100644 index 0000000..f632b4a --- /dev/null +++ b/tests/ocsp-tests/response1.der diff --git a/tests/ocsp-tests/response1.pem b/tests/ocsp-tests/response1.pem new file mode 100644 index 0000000..66adfe3 --- /dev/null +++ b/tests/ocsp-tests/response1.pem @@ -0,0 +1,45 @@ +OCSP Response Information: + Response Status: Successful + Response Type: Basic OCSP Response + Version: 1 + Responder ID: CN=Testing Authority + Produced At: Wed Mar 23 21:55:28 UTC 2016 + Responses: + Certificate ID: + Hash Algorithm: SHA1 + Issuer Name Hash: bac68790352ceb4c4de1534445348f8b4b5309b3 + Issuer Key Hash: e865fcb9123c7285fc28c803149f06ad94dfd934 + Serial Number: 56f304a1326dc9b2d51b31b3 + Certificate Status: unknown + This Update: Wed Mar 23 21:55:28 UTC 2016 + Extensions: + Signature Algorithm: RSA-SHA256 + +-----BEGIN OCSP RESPONSE----- +MIIEwAoBAKCCBLkwggS1BgkrBgEFBQcwAQEEggSmMIIEojCBj6EeMBwxGjAYBgNV +BAMTEVRlc3RpbmcgQXV0aG9yaXR5GA8yMDE2MDMyMzIxNTUyOFowXDBaMEUwCQYF +Kw4DAhoFAAQUusaHkDUs60xN4VNERTSPi0tTCbMEFOhl/LkSPHKF/CjIAxSfBq2U +39k0AgxW8wShMm3JstUbMbOCABgPMjAxNjAzMjMyMTU1MjhaMA0GCSqGSIb3DQEB +CwUAA4IBAQBKkt+j9Rd5Pjq67WsiWIc9rVjxA0vdiZahZUAYlCCauKpLN+FxSsda +uCUzYmotc4Jq4Erbmpl0pfvR5Y3nFArCQuKiLayOKk5NevUgnVMLbcaojrtwfPl/ +puf8zPFGOo+Ue2SQH+H8YX3wmQqeMEIblF2GonPVWm8pY+Gjx9ElBjUMCqAoCtig +CWcS9BbOm1BON0IEOsCb9gJ+VtRrLxpaOzLsc0lZGip74IuqHEyb6foA/bME8Ydy +T8v28oA9pfMdW0xoB/drpeq+lJfO3Hiu7QmHC56zRNyWNv3ovU9R87cEGEM2QD7o +/23eXMmoFODYx7Y5B6UOmiD34ufq7UaRoIIC+DCCAvQwggLwMIIB2KADAgECAghW +8wrgLlKayzANBgkqhkiG9w0BAQsFADAcMRowGAYDVQQDExFUZXN0aW5nIEF1dGhv +cml0eTAiGA8yMDE2MDMyMzIxMzAxNVoYDzk5OTkxMjMxMjM1OTU5WjAcMRowGAYD +VQQDExFUZXN0aW5nIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBAKBV6T5EMSijMfx/e9MkasHxLi5VDv4gYb5Y/nuxilR1CpCRg6Twnqpu +/tmkj9XU23ewZuIxjb+ePdOH7AmiFZKYxZpo6+x1h6GCBqBpjniWN1ygt/mLs6jA +pJAlGOfgrjgFWzg8hwsgnN6T5gn3nFS7CLhFkJRav6DvgGcfRnSGQv9O/eGZDUAI +UGPou0lRpiON77UzDRmvENke6+60LBygJZD470YiQHbU6WZERQHEq1JCbh3iXB1S +uCRqe3R075I/u/+zOkDygDmVCPQYqoHJ+3AnfXpjsnTTjoMuqYXe0QVyCgzAeFga +tyXUuxSvPq8rVTVYvb6+AOXBVTDidp0CAwEAAaMyMDAwDwYDVR0TAQH/BAUwAwEB +/zAdBgNVHQ4EFgQULdgUmhbVbf77sODe8fXFIwvTYr4wDQYJKoZIhvcNAQELBQAD +ggEBAGGF8as/0Ew1prrQKOKSbVB3nrILF7D9fOxKIEUEOprtYGgjvvfkqG7xDQRP +SvIiVy3X0wZQpzytCgvkjXeQ8QsIIMnrYpjy6iRCRkDlti3iUqx6zo7B7iYaEIdK +Ky6uCn5z/RPti5WJIeqvg3WqTNeOXjWIK3ac6cROqUcUlLxy1AukNRYuvpVszQu9 +FDs9ecdA5aOvBvb0WlVjbEU37EVuoveayBpgP0c2I7xu2zAkobNdn7JYNOGJx4x9 +8WMlcCP0ZU7O0wwk9y/U/FxARqfFIzDC2JanTi2LxyHdQw8iWAvaBksb7vLdMnn2 +9prXtfKhcCXLVECxSJuI1swHETA= +-----END OCSP RESPONSE----- diff --git a/tests/ocsp-tests/response2.der b/tests/ocsp-tests/response2.der Binary files differnew file mode 100644 index 0000000..ee428bd --- /dev/null +++ b/tests/ocsp-tests/response2.der diff --git a/tests/ocsp-tests/response2.pem b/tests/ocsp-tests/response2.pem new file mode 100644 index 0000000..1ca75c3 --- /dev/null +++ b/tests/ocsp-tests/response2.pem @@ -0,0 +1,47 @@ +OCSP Response Information: + Response Status: Successful + Response Type: Basic OCSP Response + Version: 1 + Responder ID: CN=Testing Authority OCSP Responder + Produced At: Wed Mar 23 22:31:19 UTC 2016 + Responses: + Certificate ID: + Hash Algorithm: SHA1 + Issuer Name Hash: bac68790352ceb4c4de1534445348f8b4b5309b3 + Issuer Key Hash: e865fcb9123c7285fc28c803149f06ad94dfd934 + Serial Number: 56f318d612de99176ccaa1e0 + Certificate Status: unknown + This Update: Wed Mar 23 22:31:19 UTC 2016 + Extensions: + Signature Algorithm: RSA-SHA256 + +-----BEGIN OCSP RESPONSE----- +MIIFIgoBAKCCBRswggUXBgkrBgEFBQcwAQEEggUIMIIFBDCBnqEtMCsxKTAnBgNV +BAMTIFRlc3RpbmcgQXV0aG9yaXR5IE9DU1AgUmVzcG9uZGVyGA8yMDE2MDMyMzIy +MzExOVowXDBaMEUwCQYFKw4DAhoFAAQUusaHkDUs60xN4VNERTSPi0tTCbMEFOhl +/LkSPHKF/CjIAxSfBq2U39k0AgxW8xjWEt6ZF2zKoeCCABgPMjAxNjAzMjMyMjMx +MTlaMA0GCSqGSIb3DQEBCwUAA4IBAQAuMHdyI3qMEyU4v60vCsLQqZkbA7x7lh4X +detCl+Woe0WJoDUKZV8C78Ns9fhMY03tZLH2xGKtS8+C9r7Chi7r5SQUA9XyVaH1 +0L+McNed42kHtxvqNXNjZJHAZtY6NJ7IhocF97tPT/MZT+aCwNVh3DXCAo17b9bO +eKtwM4OwGJhtm4THGS2iyKlytll2yQM52bX/cp1yDensz8zcV1GxCwD2yGEI/iD3 +L/g/IzeY9B3RKZ1uZ21K8VU9aSBygpcbV7Ii9yb+zx21sL2PJCYTHUCsSyzJcWId +csrp8G2fdZfYEI6fJ/1GLUbSfVkbFWmEuvxNdN64vrYF3Vj2EU8qoIIDSzCCA0cw +ggNDMIICK6ADAgECAgxW8xjWEt6ZF2zKoeAwDQYJKoZIhvcNAQELBQAwHDEaMBgG +A1UEAxMRVGVzdGluZyBBdXRob3JpdHkwHhcNMTYwMzIzMjIyOTQyWhcNMTcwMzIz +MjIyOTQyWjArMSkwJwYDVQQDEyBUZXN0aW5nIEF1dGhvcml0eSBPQ1NQIFJlc3Bv +bmRlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANMCZAoNYiVu4fTs +bfCE3EU4bl7rJCuMqZKBEVHZ40TPbVw/0bISFns+7rK5lazTYvvSuTJ1dCZHmnwW +r9/Jk54XLrieZyVh9fPP6wged3H+rC8jeBAYqgzjLjp59RF2FjcPtj6btfsHLbHv +CNjGeOhdl6Twx0/MMYAEvrXa2RlAc/1bFD6TbSBOzHrNgpQGDEU/zjOvsSJVLfde +gzgdv3NaYcJz1B3CbWZfHbkOnqg5H3uhBL9Jr6kEz6GB/xuBSBZ3UZco5rVzxFYC +wkf8WaRNOQox0NNwGTogKzP6l/mMFl7arYbGrwaH+OyTnhjQoMGRzqsJiexHPU5a +ZBhz1JUCAwEAAaN2MHQwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcD +CTAPBgNVHQ8BAf8EBQMDB4AAMB0GA1UdDgQWBBTnPqFwFQGo2vJwQ+9MyIcaw5h0 +PTAfBgNVHSMEGDAWgBQt2BSaFtVt/vuw4N7x9cUjC9NivjANBgkqhkiG9w0BAQsF +AAOCAQEAeqbE90S1ckBwtme9/ITGGWRLhAfGP13Dw5ZiZrUccDISI3EuW9eByeBi +ylNU0cceISuW45rdN0OQGWB1N1DXhpEmoQhP4QNeitTwy+9Pu6O8Nb+GbYgMNutt +3gLJ3WDqxAmm6KUFS+bhFX8umSQCFGF3h0SGeAeyhXSrUVsDsjGI9I1KLFWOkGi7 +YSE49AWnicXEVC+cQUrWDOW2Pbb6mWt6S6Jm0xLs5+GD5lodvZAHRuG+pszIvqNv +T+zFBnLLWqMgPngbqeuvuP4/M35IeqjV19aG5hscFAwl2n4Aaa6wYWHAZ6bU+Y7k +Bp0+NzqVez2ZL//+3HKKF4sYkmh1Bg== +-----END OCSP RESPONSE----- diff --git a/tests/ocsp-tests/response3.der b/tests/ocsp-tests/response3.der new file mode 100644 index 0000000..39e09cf --- /dev/null +++ b/tests/ocsp-tests/response3.der @@ -0,0 +1,2 @@ +0 +
\ No newline at end of file diff --git a/tests/ocsp-tests/signer-verify/response-ca.der b/tests/ocsp-tests/signer-verify/response-ca.der Binary files differnew file mode 100644 index 0000000..6052421 --- /dev/null +++ b/tests/ocsp-tests/signer-verify/response-ca.der diff --git a/tests/ocsp-tests/signer-verify/response-delegated.der b/tests/ocsp-tests/signer-verify/response-delegated.der Binary files differnew file mode 100644 index 0000000..717edfd --- /dev/null +++ b/tests/ocsp-tests/signer-verify/response-delegated.der diff --git a/tests/ocsp-tests/signer-verify/response-non-delegated.der b/tests/ocsp-tests/signer-verify/response-non-delegated.der Binary files differnew file mode 100644 index 0000000..02574d5 --- /dev/null +++ b/tests/ocsp-tests/signer-verify/response-non-delegated.der diff --git a/tests/ocsp-tests/signer-verify/trust.pem b/tests/ocsp-tests/signer-verify/trust.pem new file mode 100644 index 0000000..941a18a --- /dev/null +++ b/tests/ocsp-tests/signer-verify/trust.pem @@ -0,0 +1,50 @@ +-----BEGIN CERTIFICATE----- +MIIEVDCCArygAwIBAgIEL5gfejANBgkqhkiG9w0BAQsFADAcMRowGAYDVQQDExFU +ZXN0aW5nIEF1dGhvcml0eTAeFw0yMTA3MTExNjAxNTFaFw0yMjA3MTExNjAxNTFa +MBExDzANBgNVBAMTBlN1YiBDQTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoC +ggGBAM2sgcNoA0aadfC4CrZYsJyxYU+2o+Ai8YgadLhjQHwVhs6O4oXV5HEcgXrr +t0RLXY1bMnfXESeXMsawAo84D4tFY1WXXwBo6DqwpR886lHtxE8DJeahR6lejt/b +4Pv6i85gDLwVWfPIfvEDo1YBimPWYokRGNdrX087qkVMhiylESH/+E4X4ucEAN2m +bHBuYpw3DtEVZkZFABHBgp+2cj28JX5vDYv4yDbXBe+PlgMQTjpOMJOL5KyEmBh0 +BEqFpWltQvKZSiJEyIxB/SlVCu0RFqDyJDCvmuxZeYVadtna0BZ8mWyE/UCTnntc +/vgcoLVl70rldLqxtM8gauIbnFseUoKO7azsOGvHzpJHep3H45JjaKUzfmGxlkIg +mjzxRUVo6y4B2EzW2uuq/KRUH5E6nz7EXAXLpZorPWM1SO2Wvtj1agcY2B1q3/sb +ytmpAslcA24uhbjliQtv2luloGW9MumbIGMdM9TK3QCi1FmpC/xgLM7x+HY05JMm ++T3mHwIDAQABo4GoMIGlMA8GA1UdEwEB/wQFMAMBAf8wQQYIKwYBBQUHAQEENTAz +MDEGCCsGAQUFBzABhiVodHRwOi8vbG9jYWxob3N0Ojk5MzYvb2NzcC9hdXRob3Jp +dHkvMA8GA1UdDwEB/wQFAwMHBgAwHQYDVR0OBBYEFGzMZrzodsQyo/WdQc9poCPB +rR5EMB8GA1UdIwQYMBaAFKNgxYBNWRk9dHE+PBe9koa4tpMpMA0GCSqGSIb3DQEB +CwUAA4IBgQBYPjCSqo7DuIE8t9/yh0wqOcLXXpM03fxFLeTGZIA+qodW4BN7R1GD +a+CmjXhBZe/hV4h6toENXbLwGZe0rMF8VoV9+YdH8Dc3qW6Xzz5qWbliqi48pi1x +fMPlJFFCd7+Upob4L0OmB+iAk5iLtlSdNivAVelgTX9jqb6d0hSySoaoxfKcqD6L +VhoIc7sjBAFUtRAg9fpqQEVCCoY+uV+Fkf45/i9kyj3uwHiSmdQ8PgggkUr2+KU5 +1O4UJiE/Z/N+7qBBCnrhSqpe3U+pI/2R9OWG4b8+hy3AQBx/3PRmVsSeY64MZm+1 +CKNvNYRhH+EyyFIBxszqJQz9oZSK9/LKkXZNEcJN6p7BNWRxunerzlrexVtFyaX9 +sTCBvJWnioAYRTzuo0sv6BA1jCTUfLp/iKeSwxBftlAGu65c3kynLowITWLCgSiX +N1CZjBW3wLyLs+66Ab4YapdlPka/Ru0ws6v3968iCgixNF3Dtu0nuEe2iYfCrdx2 +1qtUEwQRpJ4= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID9jCCAl6gAwIBAgIBATANBgkqhkiG9w0BAQsFADAcMRowGAYDVQQDExFUZXN0 +aW5nIEF1dGhvcml0eTAeFw0yMTA3MTExNTQxMzBaFw0yMjA3MTExNTQxMzBaMBwx +GjAYBgNVBAMTEVRlc3RpbmcgQXV0aG9yaXR5MIIBojANBgkqhkiG9w0BAQEFAAOC +AY8AMIIBigKCAYEAvws8rQionbM4c8Cy8nYa9CHay+CFvTTLVw9EO0Kczqaq4PAG +uP+72DF4qmoWemNZslV5609K/MMumVzjyBT/b1kn1i8RAH4STKZMpswA2wouLLd0 +QhUYlxvbD+9Fe7LXk9U+kdO6V+lpYQVW0F8uB1zYRIOpuQ11DWXllcDexHHJrTsj +NOeOI3Bicr2QuB1KhOlZHH7sC8eDtTzsT9TLP8ftzEynSeF0MbMobv6IB9xC405V +mD4Zlpmw8Zggu+exOhGNbmlMgvfvfYqRJOjO5JDEEuzgAeOvlqay35VwaVJDdXMF +0Rn+C5n8Hfaz1Eq1qkPo8C13YI2na7ZzhjWP//8H1gJUgkD2ajcR2mD8g2KSx3zw +GQMmLgqTERB6qoR0D+uLfPC7qSA/eIN5PdYGHDRwybKuiQLR2Q2Uh2kvmMk3LoDb +dMLbdKdQTB9aKKsy7lM0NItrXERleu4Ty/rJUVR2miYUqWFHuuNzXLMtVihFgmSb +/G+eSzqzRxauXfzjAgMBAAGjQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/ +BAUDAwcGADAdBgNVHQ4EFgQUo2DFgE1ZGT10cT48F72Shri2kykwDQYJKoZIhvcN +AQELBQADggGBAKqI+hv9mMV/4cGN6XHt5p6ks1j5j6Q5uH8cahQhyIvwc54F3d6q +Arkit25QhGs8IOriAO/BRTMCDv6hKQNgNN/3Lux1NPX9LBddku5S1NtfOF9Lqss4 +E5TYcZxPzY0QxdGeMa0TH5eq+9CNayXqo95n5ixx9NCnMHROAtgOfUr4j3AGfBdz +4C16x35+kB0EO/N4ieCZo84ArF3IpOKd6RLLbI6Y5GygxMn29BLLQWWYsckW67j2 +iQFvlSE67p+lJ3WDQHJ6acgIb1ZNiEAwC5y6za7XPbwhJ02HL+jbL8q4DpNwtd0r +PGU/xMB7C5Sx9DryoWQk9pLelIpLgnDSUfHUuxunpFf5b2QIB/6JKA/f2dNjZY/w +ma/HoS3nN6Poi+tO628GbBh07JTzbL0hTpRCIde5XbbuHyKdS//KERswCXYe0AGB +gL2IE87/6/+Ax+e78O62evlyHpuOQ82PR8qN0sldpANPG2Ko/KUT7W1hlo4wBLrn +1kb6HIISAJS1pQ== +-----END CERTIFICATE----- diff --git a/tests/ocsp-tests/suppressions.valgrind b/tests/ocsp-tests/suppressions.valgrind new file mode 100644 index 0000000..64c3db6 --- /dev/null +++ b/tests/ocsp-tests/suppressions.valgrind @@ -0,0 +1,8 @@ +{ + ld-uncond-jump + Memcheck:Cond + fun:index + fun:expand_dynamic_string_token + fun:fillin_rpath + ... +} |