From 44fe71ba4272464588d4c5ccefa4a0ae94be1632 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Thu, 4 Jun 2026 06:47:13 -0500 Subject: [PATCH 01/12] PYTHON-5040 Regenerate test TLS certificates with Authority Key Identifier Test certificates in test/certificates/ were missing the Authority Key Identifier (AKI) and Subject Key Identifier (SKI) extensions, causing ssl.SSLCertVerificationError on Python 3.13 (macOS and Windows). Adds gen-certs.sh to document and reproduce the generation process. Reverts the PYTHON-5038 workaround that had disabled SSL verification in TestKmsRetryProse.http_post(). --- CONTRIBUTING.md | 10 ++ test/asynchronous/test_encryption.py | 2 - test/certificates/README.md | 40 +++++ test/certificates/ca.pem | 40 ++--- test/certificates/client.pem | 95 ++++++------ test/certificates/crl.pem | 21 ++- test/certificates/gen-certs.sh | 190 +++++++++++++++++++++++ test/certificates/password_protected.pem | 96 ++++++------ test/certificates/server.pem | 100 ++++++------ test/certificates/trusted-ca.pem | 101 +++--------- test/test_encryption.py | 2 - 11 files changed, 441 insertions(+), 256 deletions(-) create mode 100644 test/certificates/README.md create mode 100755 test/certificates/gen-certs.sh diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 773c9ec0d8..61ad4ece29 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -250,6 +250,16 @@ client = MongoClient( If you want to use the actual certificate file then set `tlsCertificateKeyFile` to the local path to `/test/certificates/client.pem` and `tlsCAFile` to the local path to `/test/certificates/ca.pem`. +#### Regenerating test certificates + +If the test certificates in `test/certificates/` need to be regenerated (e.g. after expiry or to add missing extensions), run: + +```bash +cd test/certificates && bash gen-certs.sh +``` + +See `test/certificates/README.md` for full details and constraints on certificate subjects/SANs that must be preserved. + ### Encryption tests - Run `just run-server` to start the server. diff --git a/test/asynchronous/test_encryption.py b/test/asynchronous/test_encryption.py index 455b1940c4..16d0feed4e 100644 --- a/test/asynchronous/test_encryption.py +++ b/test/asynchronous/test_encryption.py @@ -3047,8 +3047,6 @@ async def http_post(self, path, data=None): # each request because the server is single threaded. ctx = ssl.create_default_context(cafile=CA_PEM) ctx.load_cert_chain(CLIENT_PEM) - ctx.check_hostname = False - ctx.verify_mode = ssl.CERT_NONE conn = http.client.HTTPSConnection("127.0.0.1:9003", context=ctx) try: if data is not None: diff --git a/test/certificates/README.md b/test/certificates/README.md new file mode 100644 index 0000000000..5975b4c722 --- /dev/null +++ b/test/certificates/README.md @@ -0,0 +1,40 @@ +# Test TLS Certificates + +These certificates are used by the PyMongo test suite for TLS/SSL integration tests. + +## Regenerating certificates + +Run the generation script from this directory: + +```bash +bash gen-certs.sh +``` + +**Prerequisites:** OpenSSL 1.1+ or LibreSSL 3+ + +## Certificate details + +| File | Subject | Signed by | Purpose | +|---|---|---|---| +| `ca.pem` | `CN=Drivers Testing CA, ...` | Self (CA) | Root CA for test certs | +| `server.pem` | `CN=localhost, ...` + SAN | Drivers Testing CA | MongoDB server cert (key + cert) | +| `client.pem` | `CN=client, O=MDB, ...` | Drivers Testing CA | Client auth cert (key + cert) | +| `password_protected.pem` | Same as client | Drivers Testing CA | Client cert with AES-256 encrypted key | +| `crl.pem` | — | Drivers Testing CA | Empty Certificate Revocation List | +| `trusted-ca.pem` | `CN=Trusted Kernel Test CA, OU=Kernel, ...` | Self (CA) | Separate CA for bundle tests | + +**Password** for `password_protected.pem`: `qwerty` + +## Important constraints + +The following values are hardcoded in tests and **must not change**: + +- Client cert subject: `C=US,ST=New York,L=New York City,O=MDB,OU=Drivers,CN=client` + (used as the MongoDB X.509 username in `test/test_ssl.py`) +- Server cert SAN: `DNS:localhost, IP:127.0.0.1, IP:::1` +- The `server` hostname alias for `127.0.0.1` must be present in `/etc/hosts` for SSL tests to pass + (added automatically by `.evergreen/scripts/setup-system.sh`) + +## Background + +Certificates were regenerated to add the **Authority Key Identifier (AKI)** extension, which Python 3.13 requires for TLS certificate chain validation (PYTHON-5040). Prior to regeneration, certs were missing AKI, causing `ssl.SSLCertVerificationError: Missing Authority Key Identifier` on macOS and Windows with Python 3.13. diff --git a/test/certificates/ca.pem b/test/certificates/ca.pem index 24beea2d48..e83edfc3b3 100644 --- a/test/certificates/ca.pem +++ b/test/certificates/ca.pem @@ -1,21 +1,23 @@ -----BEGIN CERTIFICATE----- -MIIDfzCCAmegAwIBAgIDB1MGMA0GCSqGSIb3DQEBCwUAMHkxGzAZBgNVBAMTEkRy -aXZlcnMgVGVzdGluZyBDQTEQMA4GA1UECxMHRHJpdmVyczEQMA4GA1UEChMHTW9u -Z29EQjEWMBQGA1UEBxMNTmV3IFlvcmsgQ2l0eTERMA8GA1UECBMITmV3IFlvcmsx -CzAJBgNVBAYTAlVTMB4XDTE5MDUyMjIwMjMxMVoXDTM5MDUyMjIwMjMxMVoweTEb -MBkGA1UEAxMSRHJpdmVycyBUZXN0aW5nIENBMRAwDgYDVQQLEwdEcml2ZXJzMRAw -DgYDVQQKEwdNb25nb0RCMRYwFAYDVQQHEw1OZXcgWW9yayBDaXR5MREwDwYDVQQI -EwhOZXcgWW9yazELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw -ggEKAoIBAQCl7VN+WsQfHlwapcOpTLZVoeMAl1LTbWTFuXSAavIyy0W1Ytky1UP/ -bxCSW0mSWwCgqoJ5aXbAvrNRp6ArWu3LsTQIEcD3pEdrFIVQhYzWUs9fXqPyI9k+ -QNNQ+MRFKeGteTPYwF2eVEtPzUHU5ws3+OKp1m6MCLkwAG3RBFUAfddUnLvGoZiT -pd8/eNabhgHvdrCw+tYFCWvSjz7SluEVievpQehrSEPKe8DxJq/IM3tSl3tdylzT -zeiKNO7c7LuQrgjAfrZl7n2SriHIlNmqiDR/kdd8+TxBuxjFlcf2WyHCO3lIcIgH -KXTlhUCg50KfHaxHu05Qw0x8869yIzqbAgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8w -DQYJKoZIhvcNAQELBQADggEBAEHuhTL8KQZcKCTSJbYA9MgZj7U32arMGBbc1hiq -VBREwvdVz4+9tIyWMzN9R/YCKmUTnCq8z3wTlC8kBtxYn/l4Tj8nJYcgLJjQ0Fwe -gT564CmvkUat8uXPz6olOCdwkMpJ9Sj62i0mpgXJdBfxKQ6TZ9yGz6m3jannjZpN -LchB7xSAEWtqUgvNusq0dApJsf4n7jZ+oBZVaQw2+tzaMfaLqHgMwcu1FzA8UKCD -sxCgIsZUs8DdxaD418Ot6nPfheOTqe24n+TTa+Z6O0W0QtnofJBx7tmAo1aEc57i -77s89pfwIJetpIlhzNSMKurCAocFCJMJLAASJFuu6dyDvPo= +MIID0zCCArugAwIBAgIUSQEGio4MzMdMRZD7CIzy3An1YDUwDQYJKoZIhvcNAQEL +BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O +ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTE0MjEwWhcN +NDYwNTMwMTE0MjEwWjB5MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx +FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV +BAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMgVGVzdGluZyBDQTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMciq/J5l9QbqRPRLvDV8Kj+GedoAddM +0WUtI2uMwo9AiFBqr3T7KVQYKaDLt2Kq/4xi3F6cTqNC/sYxeiTJIgsgZtm1wGNd +2orSIVmcMB7t4hZifNvQyWsl3egxEr7DFkcVFomc0aphEi3ukhOvbFvl+ln5W/B6 +DkgK3Kmd1cQd6giWi8FlXko442Kr+c4fhB1vO7Yq6rjmw7A6YgSE+FSS1Yj4ALUW +lBVZwj6h32dImzSeewnskN3VHu5LmTnGxGZFB+T5AKo67Ay7r57Xg9OvbcJqjdFC +6k2wbXFHJ6qKOCV230oP+PZk/MEpPfozXR8B32VNpw0fgtnxFDBv24UCAwEAAaNT +MFEwHQYDVR0OBBYEFO0dJi0baC83wSHVOLkkDWmJj3hvMB8GA1UdIwQYMBaAFO0d +Ji0baC83wSHVOLkkDWmJj3hvMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL +BQADggEBAC2fgKsYBylaHoC2qutDzgHWTYgjE1WbT2xRoEgRXeHJJtn6GD6+DXqs +JZ/hY5grQX7xtletFKpKGup+aMckukW/1UeRIOP5kFO3SCsL97HDH/nERFa18VYz +UZ9aQJdSkmxX4/DZ/wPK+S1AFVdoc1ukIq2Fjc8nBNTsSoePD5wglDZFdFVshMO4 +gL0g1b4GGUJ76tHefBbH7h9LHCWDoKsAYhXIN9hj/pUgKDan1KfCvPlHUOyiEw1K +60zwSW9aAiplxlxsrEYC2NkSPA4izRExxFQiYd6NfjN746Ti/80U+wdhnK86gQb/ +ackczk7G10fqlzvtKkAMdx+eB03Lq+c= -----END CERTIFICATE----- diff --git a/test/certificates/client.pem b/test/certificates/client.pem index 5b07001092..873506308a 100644 --- a/test/certificates/client.pem +++ b/test/certificates/client.pem @@ -1,48 +1,51 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAsNS8UEuin7/K29jXfIOLpIoh1jEyWVqxiie2Onx7uJJKcoKo -khA3XeUnVN0k6X5MwYWcN52xcns7LYtyt06nRpTG2/emoV44w9uKTuHsvUbiOwSV -m/ToKQQ4FUFZoqorXH+ZmJuIpJNfoW+3CkE1vEDCIecIq6BNg5ySsPtvSuSJHGjp -mc7/5ZUDvFE2aJ8QbJU3Ws0HXiEb6ymi048LlzEL2VKX3w6mqqh+7dcZGAy7qYk2 -5FZ9ktKvCeQau7mTyU1hsPrKFiKtMN8Q2ZAItX13asw5/IeSTq2LgLFHlbj5Kpq4 -GmLdNCshzH5X7Ew3IYM8EHmsX8dmD6mhv7vpVwIDAQABAoIBABOdpb4qhcG+3twA -c/cGCKmaASLnljQ/UU6IFTjrsjXJVKTbRaPeVKX/05sgZQXZ0t3s2mV5AsQ2U1w8 -Cd+3w+qaemzQThW8hAOGCROzEDX29QWi/o2sX0ydgTMqaq0Wv3SlWv6I0mGfT45y -/BURIsrdTCvCmz2erLqa1dL4MWJXRFjT9UTs5twlecIOM2IHKoGGagFhymRK4kDe -wTRC9fpfoAgyfus3pCO/wi/F8yKGPDEwY+zgkhrJQ+kSeki7oKdGD1H540vB8gRt -EIqssE0Y6rEYf97WssQlxJgvoJBDSftOijS6mwvoasDUwfFqyyPiirawXWWhHXkc -DjIi/XECgYEA5xfjilw9YyM2UGQNESbNNunPcj7gDZbN347xJwmYmi9AUdPLt9xN -3XaMqqR22k1DUOxC/5hH0uiXir7mDfqmC+XS/ic/VOsa3CDWejkEnyGLiwSHY502 -wD/xWgHwUiGVAG9HY64vnDGm6L3KGXA2oqxanL4V0+0+Ht49pZ16i8sCgYEAw+Ox -CHGtpkzjCP/z8xr+1VTSdpc/4CP2HONnYopcn48KfQnf7Nale69/1kZpypJlvQSG -eeA3jMGigNJEkb8/kaVoRLCisXcwLc0XIfCTeiK6FS0Ka30D/84Qm8UsHxRdpGkM -kYITAa2r64tgRL8as4/ukeXBKE+oOhX43LeEfyUCgYBkf7IX2Ndlhsm3GlvIarxy -NipeP9PGdR/hKlPbq0OvQf9R1q7QrcE7H7Q6/b0mYNV2mtjkOQB7S2WkFDMOP0P5 -BqDEoKLdNkV/F9TOYH+PCNKbyYNrodJOt0Ap6Y/u1+Xpw3sjcXwJDFrO+sKqX2+T -PStG4S+y84jBedsLbDoAEwKBgQCTz7/KC11o2yOFqv09N+WKvBKDgeWlD/2qFr3w -UU9K5viXGVhqshz0k5z25vL09Drowf1nAZVpFMO2SPOMtq8VC6b+Dfr1xmYIaXVH -Gu1tf77CM9Zk/VSDNc66e7GrUgbHBK2DLo+A+Ld9aRIfTcSsMbNnS+LQtCrQibvb -cG7+MQKBgQCY11oMT2dUekoZEyW4no7W5D74lR8ztMjp/fWWTDo/AZGPBY6cZoZF -IICrzYtDT/5BzB0Jh1f4O9ZQkm5+OvlFbmoZoSbMzHL3oJCBOY5K0/kdGXL46WWh -IRJSYakNU6VIS7SjDpKgm9D8befQqZeoSggSjIIULIiAtYgS80vmGA== ------END RSA PRIVATE KEY----- +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCn1zTqr1VSm9GZ +qpTrLfPyaMMCl2B8M571kIq9O5TYIbddQbpvT0xklJTDsWE3JMaQL5Vq4s/yv5Ut +h5J6mfQJC9AdHIQmOsjBTZnQ3KeAKUGcEniJ44C8nVMDy3v/NUq8kaAN5JnBFn0B +b3CoDSVUZfrG7HRfeflJCeKzE9gJAdoW2/EjG90LSfzTiEatHHCOlqX41dlJ0boA +bkhxL/MvL4L9JmxhGZSeDykGDJp081oQE3qMggIvlA8iCD0mwnUqFYoJlS8GeyG2 +jap1kWvjIeUYY16OMHCFCZLDeWubjE/9M7BY9V14ANvCOUnXJuX3MijjJrxwCmvp +y7pCat/LAgMBAAECggEAUOjsyIm3XvhgpWxXF7xyUhRwlco1qAoWghio2SpkyYAP +bfRmlIwsrnv17xSOYc/nrNBTflBSoJn8pxMo6NNYkhfQvoflqKxD5POsx8PnN2As +EbnRw98ZS1OoFjc80j11hsvI1YmzGSLnJg77xvd3XGVA7C5Gt1QMeUo7r8pMJaKm +zaL8Nee3klPn/giu/1iImCVn+7mHshYMZTwQuYJL0RWJiz12jdH2ILF3yLKraUQ+ +gAx2k5KL5AEPWQwstTfM+2G+5GQ8zMimBYm53ZlVlRX6JejgxQKO52A9+M4Jz2yO +uDPJEVc+ka201zDSKjUUNi4IIQyu5gGyMy+FfuEIQQKBgQDn1r4eXDJj/mpCmMag +NcibPnV7m2Ilr0tCGXFNBpW2HVtPNqQ4w+FENSHZU4wWQ03PNfd26j12Gin3wH3V +0xM89w5DGwvggCEj48TP8H9v9PuOI8KY0QlFoA9XeLZ4DPKLbna/1U9DXjqCj+JN +MwG0WPMI+sn+okU5Y48i/QPi6wKBgQC5VQxlGEiVLPdeneZnzg7u9CTDH3WaNjQO +bCZyHyFjCZn388vqtWdHpSkLECET4L+coLMVJO/NOD3k9oDJinklbE2VyicOOhLj +gt/OaURb/yt1exDQ5+LJWa9GhcKEVrohWQCnk9xLw9TdakUVlx0USoQDrQqRloCr +CLbkmnz+oQKBgQDGI+8KrYtXkJmqXz3qsOzJWYE46hzgzkdIr8v4o7cSFVbzhWSn +Kyn8jFhokBH6+PyoKpxb4mgy5ruVhctGEwavJQroaVYmQfuQ29paSVXxDnRsD74B +sy30do6GGKICSjaE2hzdaOY8Um05JtWnWv+K7jaQJx655F+7Y45yvcEzjwKBgA9w +ASdOnYUniLdt6apN5LqMxZ8nOLGOwElPQuiQpURNoXCg8yRq1d6G6GNOhaLVPsC6 +NhCV0g/DFozC57lh+nNekRvgCd7KgZZH6YKVDCepmqIfjSgJmL9y5AG41JoXa0up +0T8kNt5swodq+bQxsS9mgZaYzF+SLMeSY0GpiK3hAoGAR/8/tASO6MYV7uoP6BVl +MytqBmu66BN1AxqR1YBAqxlpEJR7EFc3QTAbLQiS1ZtczVKqNIGiqrv4EfWtVvkm +nvmdVOdta8kF4CsWdu2cpXGQ/Ov5NHHL+x2gqwOKpiInvGbNOnd9K2SGLJW5SSmz +7uONbtZyZcetWlsatP05gE0= +-----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIIDgzCCAmugAwIBAgIDAxOUMA0GCSqGSIb3DQEBCwUAMHkxGzAZBgNVBAMTEkRy -aXZlcnMgVGVzdGluZyBDQTEQMA4GA1UECxMHRHJpdmVyczEQMA4GA1UEChMHTW9u -Z29EQjEWMBQGA1UEBxMNTmV3IFlvcmsgQ2l0eTERMA8GA1UECBMITmV3IFlvcmsx -CzAJBgNVBAYTAlVTMB4XDTE5MDUyMjIzNTU1NFoXDTM5MDUyMjIzNTU1NFowaTEP -MA0GA1UEAxMGY2xpZW50MRAwDgYDVQQLEwdEcml2ZXJzMQwwCgYDVQQKEwNNREIx -FjAUBgNVBAcTDU5ldyBZb3JrIENpdHkxETAPBgNVBAgTCE5ldyBZb3JrMQswCQYD -VQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALDUvFBLop+/ -ytvY13yDi6SKIdYxMllasYontjp8e7iSSnKCqJIQN13lJ1TdJOl+TMGFnDedsXJ7 -Oy2LcrdOp0aUxtv3pqFeOMPbik7h7L1G4jsElZv06CkEOBVBWaKqK1x/mZibiKST -X6FvtwpBNbxAwiHnCKugTYOckrD7b0rkiRxo6ZnO/+WVA7xRNmifEGyVN1rNB14h -G+spotOPC5cxC9lSl98Opqqofu3XGRgMu6mJNuRWfZLSrwnkGru5k8lNYbD6yhYi -rTDfENmQCLV9d2rMOfyHkk6ti4CxR5W4+SqauBpi3TQrIcx+V+xMNyGDPBB5rF/H -Zg+pob+76VcCAwEAAaMkMCIwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUF -BwMCMA0GCSqGSIb3DQEBCwUAA4IBAQAqRcLAGvYMaGYOV4HJTzNotT2qE0I9THNQ -wOV1fBg69x6SrUQTQLjJEptpOA288Wue6Jt3H+p5qAGV5GbXjzN/yjCoItggSKxG -Xg7279nz6/C5faoIKRjpS9R+MsJGlttP9nUzdSxrHvvqm62OuSVFjjETxD39DupE -YPFQoHOxdFTtBQlc/zIKxVdd20rs1xJeeU2/L7jtRBSPuR/Sk8zot7G2/dQHX49y -kHrq8qz12kj1T6XDXf8KZawFywXaz0/Ur+fUYKmkVk1T0JZaNtF4sKqDeNE4zcns -p3xLVDSl1Q5Gwj7bgph9o4Hxs9izPwiqjmNaSjPimGYZ399zcurY +MIID1DCCArygAwIBAgIUKSPIVx8fGO7AXQ+UCeOeYSt3H9MwDQYJKoZIhvcNAQEL +BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O +ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTE0MjEwWhcN +NDYwNTMwMTE0MjEwWjBpMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx +FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxDDAKBgNVBAoMA01EQjEQMA4GA1UECwwH +RHJpdmVyczEPMA0GA1UEAwwGY2xpZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAp9c06q9VUpvRmaqU6y3z8mjDApdgfDOe9ZCKvTuU2CG3XUG6b09M +ZJSUw7FhNyTGkC+VauLP8r+VLYeSepn0CQvQHRyEJjrIwU2Z0NyngClBnBJ4ieOA +vJ1TA8t7/zVKvJGgDeSZwRZ9AW9wqA0lVGX6xux0X3n5SQnisxPYCQHaFtvxIxvd +C0n804hGrRxwjpal+NXZSdG6AG5IcS/zLy+C/SZsYRmUng8pBgyadPNaEBN6jIIC +L5QPIgg9JsJ1KhWKCZUvBnshto2qdZFr4yHlGGNejjBwhQmSw3lrm4xP/TOwWPVd +eADbwjlJ1ybl9zIo4ya8cApr6cu6QmrfywIDAQABo2QwYjAdBgNVHQ4EFgQU1aKR +s+y020aHbSsTpVcmfLPAqCQwHwYDVR0jBBgwFoAU7R0mLRtoLzfBIdU4uSQNaYmP +eG8wCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB +CwUAA4IBAQCaqWIGEPewAZoXKb+eaSa4MdiXujKE1s45UsY2xzGifkbSphdebdyA +5gQPEyEo0/zZXa2eZ9kMdBf36e5LVEXFBdM2emlTUYLFvLI4afcGhIX9cxtdiRR1 +PPONG3MZlVUKYvFatRzdsDjCC1SQwACvPma38oStnb4CCY3W7guTgks1rosm6q6d +zSR0Pp4JAABQaR6Zd6LqnF27Cc1e8fyBv0rkxty45Vpwqk/YhPm9Evd6xF1XnKpc +dOHQwwUNWdi/N1gC4dw6BydOeDoXa6ad6+Eus2M8GpN7Yiy22MQl1d6DdP6yMlBx +FM+uvMUzL20XOIQsyqvphH94FK/Ffw8u -----END CERTIFICATE----- diff --git a/test/certificates/crl.pem b/test/certificates/crl.pem index 733a0acdc0..9c0f0899ba 100644 --- a/test/certificates/crl.pem +++ b/test/certificates/crl.pem @@ -1,13 +1,12 @@ -----BEGIN X509 CRL----- -MIIB6jCB0wIBATANBgkqhkiG9w0BAQsFADB5MRswGQYDVQQDExJEcml2ZXJzIFRl -c3RpbmcgQ0ExEDAOBgNVBAsTB0RyaXZlcnMxEDAOBgNVBAoTB01vbmdvREIxFjAU -BgNVBAcTDU5ldyBZb3JrIENpdHkxETAPBgNVBAgTCE5ldyBZb3JrMQswCQYDVQQG -EwJVUxcNMTkwNTIyMjI0NTUzWhcNMTkwNjIxMjI0NTUzWjAVMBMCAncVFw0xOTA1 -MjIyMjQ1MzJaoA8wDTALBgNVHRQEBAICEAAwDQYJKoZIhvcNAQELBQADggEBACwQ -W9OF6ExJSzzYbpCRroznkfdLG7ghNSxIpBQUGtcnYbkP4em6TdtAj5K3yBjcKn4a -hnUoa5EJGr2Xgg0QascV/1GuWEJC9rsYYB9boVi95l1CrkS0pseaunM086iItZ4a -hRVza8qEMBc3rdsracA7hElYMKdFTRLpIGciJehXzv40yT5XFBHGy/HIT0CD50O7 -BDOHzA+rCFCvxX8UY9myDfb1r1zUW7Gzjn241VT7bcIJmhFE9oV0popzDyqr6GvP -qB2t5VmFpbnSwkuc4ie8Jizip1P8Hg73lut3oVAHACFGPpfaNIAp4GcSH61zJmff -9UBe3CJ1INwqyiuqGeA= +MIIB0jCBuwIBATANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzERMA8GA1UE +CAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01v +bmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMgVGVzdGlu +ZyBDQRcNMjYwNjA0MTE0MjEwWhcNNDYwNTMwMTE0MjEwWqAOMAwwCgYDVR0UBAMC +AQEwDQYJKoZIhvcNAQELBQADggEBAL9Sx5Q2z3yhREf0RZhpvayV/Ck3UOWqEVT5 +c+3yAjNsQrO2OD4Npks2qoopgSB8dfePZSZOfmzbSwiyPOPMs71VOwH2chmZ+3Xp +oDBPmVWsNzpK4fRbE86GIEwg2aBFLjOt4+KWFVftGDw9+Liozp+AWaBAUZTen8ac +eQLeACqbqvuriwqvtD6KCfVE3CDG+AK9CfCdlO52kpkfVBP/TG6FzRXp984Pa7Fg +ORKWRpHQ3XoQiKB6pUwUQdE5yGit1oXNRzouWRN0tq0BkvErQvq2RqKalwWJ65kx +KCWOrTBfDKS28R1P66Eo4+CaFdX4Xju2yCTQNYrg7MrG7T7TAFM= -----END X509 CRL----- diff --git a/test/certificates/gen-certs.sh b/test/certificates/gen-certs.sh new file mode 100755 index 0000000000..33689c3943 --- /dev/null +++ b/test/certificates/gen-certs.sh @@ -0,0 +1,190 @@ +#!/usr/bin/env bash +# Regenerate all TLS test certificates with proper Authority Key Identifier (AKI) +# and Subject Key Identifier (SKI) extensions. +# +# Usage: bash gen-certs.sh (run from test/certificates/) +# +# Prerequisites: OpenSSL 1.1+ or LibreSSL 3+ +# Password for password_protected.pem: qwerty +# See README.md for full details. + +set -euo pipefail + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +TMPDIR="$(mktemp -d)" +trap 'rm -rf "$TMPDIR"' EXIT + +DAYS=7300 # ~20 years + +# ---------------------------------------------------------------------------- +# OpenSSL extension config +# ---------------------------------------------------------------------------- +cat > "$TMPDIR/ext.cnf" << 'EOF' +[ v3_ca ] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer +basicConstraints = critical, CA:TRUE + +[ v3_server ] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer +subjectAltName = DNS:localhost, IP:127.0.0.1, IP:::1 + +[ v3_client ] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer +keyUsage = digitalSignature +extendedKeyUsage = clientAuth +EOF + +# ---------------------------------------------------------------------------- +# OpenSSL CA config (for CRL generation) +# ---------------------------------------------------------------------------- +mkdir -p "$TMPDIR/cadb/newcerts" +touch "$TMPDIR/cadb/index.txt" +printf '01\n' > "$TMPDIR/cadb/serial" +printf '01\n' > "$TMPDIR/cadb/crlnumber" + +cat > "$TMPDIR/ca.cnf" << EOF +[ ca ] +default_ca = CA_default + +[ CA_default ] +dir = $TMPDIR/cadb +new_certs_dir = $TMPDIR/cadb/newcerts +database = $TMPDIR/cadb/index.txt +serial = $TMPDIR/cadb/serial +crlnumber = $TMPDIR/cadb/crlnumber +certificate = $TMPDIR/ca.pem +private_key = $TMPDIR/ca.key +default_days = $DAYS +default_crl_days = $DAYS +default_md = sha256 +preserve = no +policy = policy_match + +[ policy_match ] +countryName = optional +stateOrProvinceName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional +EOF + +# ---------------------------------------------------------------------------- +# 1. Drivers Testing CA +# ---------------------------------------------------------------------------- +echo "==> Generating Drivers Testing CA..." +openssl genrsa -out "$TMPDIR/ca.key" 2048 2>/dev/null +openssl req -new -x509 -days $DAYS \ + -key "$TMPDIR/ca.key" \ + -out "$TMPDIR/ca.pem" \ + -subj "/C=US/ST=New York/L=New York City/O=MongoDB/OU=Drivers/CN=Drivers Testing CA" \ + -extensions v3_ca \ + -config "$TMPDIR/ext.cnf" + +cp "$TMPDIR/ca.pem" "$SCRIPT_DIR/ca.pem" +echo " ca.pem written" + +# ---------------------------------------------------------------------------- +# 2. Server certificate +# ---------------------------------------------------------------------------- +echo "==> Generating server certificate..." +openssl genrsa -out "$TMPDIR/server.key" 2048 2>/dev/null +openssl req -new \ + -key "$TMPDIR/server.key" \ + -out "$TMPDIR/server.csr" \ + -subj "/C=US/ST=New York/L=New York City/O=MongoDB/OU=Drivers/CN=localhost" +openssl x509 -req -days $DAYS \ + -in "$TMPDIR/server.csr" \ + -CA "$TMPDIR/ca.pem" \ + -CAkey "$TMPDIR/ca.key" \ + -CAcreateserial \ + -out "$TMPDIR/server.crt" \ + -extfile "$TMPDIR/ext.cnf" \ + -extensions v3_server 2>/dev/null + +# server.pem = private key + certificate +cat "$TMPDIR/server.key" "$TMPDIR/server.crt" > "$SCRIPT_DIR/server.pem" +echo " server.pem written" + +# ---------------------------------------------------------------------------- +# 3. Client certificate +# ---------------------------------------------------------------------------- +echo "==> Generating client certificate..." +openssl genrsa -out "$TMPDIR/client.key" 2048 2>/dev/null +openssl req -new \ + -key "$TMPDIR/client.key" \ + -out "$TMPDIR/client.csr" \ + -subj "/C=US/ST=New York/L=New York City/O=MDB/OU=Drivers/CN=client" +openssl x509 -req -days $DAYS \ + -in "$TMPDIR/client.csr" \ + -CA "$TMPDIR/ca.pem" \ + -CAkey "$TMPDIR/ca.key" \ + -CAserial "$TMPDIR/ca.srl" \ + -out "$TMPDIR/client.crt" \ + -extfile "$TMPDIR/ext.cnf" \ + -extensions v3_client 2>/dev/null + +# client.pem = private key + certificate +cat "$TMPDIR/client.key" "$TMPDIR/client.crt" > "$SCRIPT_DIR/client.pem" +echo " client.pem written" + +# ---------------------------------------------------------------------------- +# 4. Password-protected client certificate +# ---------------------------------------------------------------------------- +echo "==> Generating password-protected client certificate..." +openssl rsa -in "$TMPDIR/client.key" \ + -aes256 -passout pass:qwerty \ + -out "$TMPDIR/client_enc.key" 2>/dev/null + +# password_protected.pem = encrypted key + certificate (same cert as client) +cat "$TMPDIR/client_enc.key" "$TMPDIR/client.crt" > "$SCRIPT_DIR/password_protected.pem" +echo " password_protected.pem written (password: qwerty)" + +# ---------------------------------------------------------------------------- +# 5. CRL (empty — no revoked certs) +# ---------------------------------------------------------------------------- +echo "==> Generating CRL..." +openssl ca -config "$TMPDIR/ca.cnf" -gencrl -out "$SCRIPT_DIR/crl.pem" 2>/dev/null +echo " crl.pem written" + +# ---------------------------------------------------------------------------- +# 6. Trusted Kernel Test CA (trusted-ca.pem) +# A separate CA used in CA-bundle tests; does NOT sign server/client certs. +# ---------------------------------------------------------------------------- +echo "==> Generating Trusted Kernel Test CA..." +cat > "$TMPDIR/trusted_ext.cnf" << 'EOF' +[ v3_trusted_ca ] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer +basicConstraints = critical, CA:TRUE +EOF + +openssl genrsa -out "$TMPDIR/trusted_ca.key" 2048 2>/dev/null +openssl req -new -x509 -days $DAYS \ + -key "$TMPDIR/trusted_ca.key" \ + -out "$SCRIPT_DIR/trusted-ca.pem" \ + -subj "/C=US/ST=New York/L=New York City/O=MongoDB/OU=Kernel/CN=Trusted Kernel Test CA" \ + -extensions v3_trusted_ca \ + -config "$TMPDIR/trusted_ext.cnf" +echo " trusted-ca.pem written" + +# ---------------------------------------------------------------------------- +# Verify +# ---------------------------------------------------------------------------- +echo "" +echo "==> Verifying AKI is present..." +for cert in ca.pem server.pem client.pem trusted-ca.pem; do + result=$(openssl x509 -noout -text -in "$SCRIPT_DIR/$cert" 2>/dev/null | grep "Authority Key Identifier" | head -1) + if [ -n "$result" ]; then + echo " $cert: OK ($result)" + else + echo " $cert: MISSING AKI - check generation!" >&2 + exit 1 + fi +done + +echo "" +echo "Done. All certificates regenerated with AKI." diff --git a/test/certificates/password_protected.pem b/test/certificates/password_protected.pem index cc9e124703..7f9dfe45a7 100644 --- a/test/certificates/password_protected.pem +++ b/test/certificates/password_protected.pem @@ -1,51 +1,53 @@ -----BEGIN ENCRYPTED PRIVATE KEY----- -MIIFHzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQIC8as6PDVhwECAggA -MB0GCWCGSAFlAwQBAgQQTYOgCJcRqUI7dsgqNojv/ASCBNCG9fiu642V4AuFK34c -Q42lvy/cR0CIXLq/rDXN1L685kdeKex7AfDuRtnjY2+7CLJiJimgQNJXDJPHab/k -MBHbwbBs38fg6eSYX8V08/IyyTege5EJMhYxmieHDC3DXKt0gyHk6hA/r5+Mr49h -HeVGwqBLJEQ3gVIeHaOleZYspsXXWqOPHnFiqnk/biaJS0+LkDDEiQgTLEYSnOjP -lexxUc4BV/TN0Z920tZCMfwx7IXD/C+0AkV/Iqq4LALmT702EccB3indaIJ8biGR -radqDLR32Q+vT9uZHgT8EFiUsISMqhob2mnyTfFV/s9ghWwogjSz0HrRcq6fxdg7 -oeyT9K0ET53AGTGmV0206byPu6qCj1eNvtn+t1Ob+d5hecaTugRMVheWPlc5frsz -AcewDNa0pv4pZItjAGMqOPJHfzEDnzTJXpLqGYhg044H1+OCY8+1YK7U0u8dO+/3 -f5AoDMq18ipDVTFTooJURej4/Wjbrfad3ZFjp86nxfHPeWM1YjC9+IlLtK1wr0/U -V8TjGqCkw8yHayz01A86iA8X53YQBg+tyMGjxmivo6LgFGKa9mXGvDkN+B+0+OcA -PqldAuH/TJhnkqzja767e4n9kcr+TmV19Hn1hcJPTDrRU8+sSqQFsWN4pvHazAYB -UdWie+EXI0eU2Av9JFgrVcpRipXjB48BaPwuBw8hm+VStCH7ynF4lJy6/3esjYwk -Mx+NUf8+pp1DRzpzuJa2vAutzqia5r58+zloQMxkgTZtJkQU6OCRoUhHGVk7WNb1 -nxsibOSzyVSP9ZNbHIHAn43vICFGrPubRs200Kc4CdXsOSEWoP0XYebhiNJgGtQs -KoISsV4dFRLwhaJhIlayTBQz6w6Ph87WbtuiAqoLiuqdXhUGz/79j/6JZqCH8t/H -eZs4Dhu+HdD/wZKJDYAS+JBsiwYWnI3y/EowZYgLdOMI4u6xYDejhxwEw20LW445 -qjJ7pV/iX2uavazHgC91Bfd4zodfXIQ1IDyTmb51UFwx0ARzG6enntduO6xtcYU9 -MXwfrEpuZ/MkWTLkR0PHPbIPcR1MiVwPKdvrLk42Bzj/urtXYrAFUckMFMzEh+uv -0lix2hbq/Xwj4dXcY4w9hnC6QQDCJTf9S6MU6OisrZHKk0qZ2Vb4aU/eBcBsHBwo -X/QGcDHneHxlrrs2eLX26Vh8Odc5h8haeIxnfaa1t+Yv56OKHuAztPMnJOUL7KtQ -A556LxT0b5IGx0RcfUcbG8XbxEHseACptoDOoguh9923IBI0uXmpi8q0P815LPUu -0AsE47ATDMGPnXbopejRDicfgMGjykJn8vKO8r/Ia3Fpnomx4iJNCXGqomL+GMpZ -IhQbKNrRG6XZMlx5kVCT0Qr1nOWMiOTSDCQ5vrG3c1Viu+0bctvidEvs+LCm98tb -7ty8F0uOno0rYGNQz18OEE1Tj+E19Vauz1U35Z5SsgJJ/GfzhSJ79Srmdg2PsAzk -AUNTKXux1GLf1cMjTiiU5g+tCEtUL9Me7lsv3L6aFdrCyRbhXUQfJh4NAG8+3Pvh -EaprThBzKsVvbOfU81mOaH9YMmUgmxG86vxDiNtaWd4v6c1k+HGspJr/q49pcXZP -ltBMuS9AihstZ1sHJsyQCmNXkA== +MIIFNTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQKb6V8p8vtC23xKAM +DjowVQICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEECts1AXkxzEUdhl5 +4whQx6IEggTQpAjBXy1MHrgeHutm9BlTE6qd8DlAb928ul8M9utdoL8zCqSE/sVQ +vLo/WWjJ8qXzgRLvIQHEkpP1EmZ7aEHin6dWWJbPl1ENN2klC55ZlKf9bfFqtz12 +WSx0ZvEHfG02WPPyspT8uQ4uksL4EM9zap7h1GtOAeyxAQF9TqOdOcQnlnI4nyXH +YDcp7Ge/zSZKQdgNRid9T3Vw4EwGcmpYH3W34q36xcp5Dl88gGdueoMHbMgWYJx3 +Ng1pJ6yVc7CHCByGHT7WsRIeqsjyTHIPjbh66fKUy0tNLV5OJBd7Btm5d2ZzCere +oZGrW1AkWkvMM9KOZLz6UVIs63k1ffaVqrB5Br27K2hQGjuNvvh8mI0KmXCSDQmb +gVMFVCuWHMx6EJCDbuP+xceHs5+Af6KRavi+Lr7VVNom06Gxgjk/+gtAxS1cDt66 +NAmSxUTV+j+6Uva1mA87rfD6L0eYrE2QY8ogQY9HqKivWsj6nbhwVE1C+xU/zDua +FNHSjaRlXNbtCeYHBdBHVpR/SvcicCj/6vwjQd00hwZly0CXkmKmIR0UVx7rM+0q +yindY4Pyja8xqQERZcKGylmqkcGZFumpLoGDzCYqgKP8d0cGJRq5ow+oT3Rqi3Zi +S+oN9J3ls9zE5lHvFeGX/+jtCYs1QFokHoktKfg9OQNSrVLrPisalOL5Uel1VblS +rpmv8Ux5mffT3XLIYXyA817fKPfivrl9Nzgf4hsyk2NtoBIbakHKga7ckwbh6tXa +kbqukeHsRIIjYMixfvL21edcjCSTelFWSndAQPw4gPa7kgUO6+FRUSvr/nYsNAaR +bzw3jmezlT57E+iJyy/qlRJIeLHESUxc9nmhGE5f/5m5O2a1oNDiu8FCqkfDXD8Z +d8BNyD8LQt9quhmLSbz2VYnN9W9LOIF7cRLWGGylUhqA4yvZcpgpTfaCjFpMVuRT +PLpBpUbELlIThr2RnxcRDgEAITLtBCR5ZN2exW+OqSDvtoaIE9j1PCl0IRooieGI +wIcsoO/HGTK5WY7oRXgJ0UOxzB4L7hv5ZBlWtU9PQZwylBYjmE6IWBwUNXx1cpaV +bQpQygGJbGQNiqOYHvwQvMDbnlf1+KzrcXmiD29bTWOQYHO4dvku9uN/NZtynfgB +EmysMi1YTj6YyiIByOJQDvEKSj2XPJ6r7CP1oCpY+GSy8YnYHkWwlMOVkN7TjJX2 +g5ti/UGZpwr0RkhYbqCX4NGoUCrUER22NYsJqirJDHMZVGgpTKIQAklFz6igVjSy +vQyYTfqhCQgVtq+wcOJKQklMNserzXSC0CTkBXKRNfIUUUZxp9eri/eCIl3dPTr1 +boRaYCtlbhyTywuJdn1yVME71uhfyYeFhi1xLxo2myC3vw9natBAyUNCUdOOrKBa +RtO9vQgV9xVBFK8Ju3A3if/Abxxmbgev+ZS/4eOs7YD/VVOlGSYXyLzBT49KDXn1 +6Rwzqy19VHgbDkGr5NmEycYtUNZ46Kwk5zUjzeJ7Wgy07flbsK1MQkU1CapgklR+ +CplCKT5483NeP7n+K/qxTWj281W+/28ajogcmWi6rPew1UvtaTbxI/QH9CZSLnk6 +lUGQ7yoXKT+MB2a58j2ejj6XIQ4oXNyZOAERCD+a4x0VZzmHWqirn4o= -----END ENCRYPTED PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIIDgzCCAmugAwIBAgIDBXUHMA0GCSqGSIb3DQEBCwUAMHkxGzAZBgNVBAMTEkRy -aXZlcnMgVGVzdGluZyBDQTEQMA4GA1UECxMHRHJpdmVyczEQMA4GA1UEChMHTW9u -Z29EQjEWMBQGA1UEBxMNTmV3IFlvcmsgQ2l0eTERMA8GA1UECBMITmV3IFlvcmsx -CzAJBgNVBAYTAlVTMB4XDTE5MDUyMzAwMDEyOVoXDTM5MDUyMzAwMDEyOVowaTEP -MA0GA1UEAxMGY2xpZW50MRAwDgYDVQQLEwdEcml2ZXJzMQwwCgYDVQQKEwNNREIx -FjAUBgNVBAcTDU5ldyBZb3JrIENpdHkxETAPBgNVBAgTCE5ldyBZb3JrMQswCQYD -VQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOqCb0Lo4XsV -W327Wlnqc5rwWa5Elw0rFuehSfViRIcYfuFWAPXoOj3fIDsYz6d41G8hp6tkF88p -swlbzDF8Fc7mXDhauwwl2F/NrWYUXwCT8fKju4DtGd2JlDMi1TRDeofkYCGVPp70 -vNqd0H8iDWWs8OmiNrdBLJwNiGaf9y15ena4ImQGitXLFn+qNSXYJ1Rs8p7Y2PTr -L+dff5gJCVbANwGII1rjMAsrMACPVmr8c1Lxoq4fSdJiLweosrv2Lk0WWGsO0Seg -ZY71dNHEyNjItE+VtFEtslJ5L261i3BfF/FqNnH2UmKXzShwfwxyHT8o84gSAltQ -5/lVJ4QQKosCAwEAAaMkMCIwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUF -BwMCMA0GCSqGSIb3DQEBCwUAA4IBAQBOAlKxIMFcTZ+4k8NJv97RSf+zOb5Wu2ct -uxSZxzgKTxLFUuEM8XQiEz1iHQ3XG+uV1fzA74YLQiKjjLrU0mx54eM1vaRtOXvF -sJlzZU8Z2+523FVPx4HBPyObQrfXmIoAiHoQ4VUeepkPRpXxpifgWd/OCWhLDr2/ -0Kgcb0ybaGVDpA0UD9uVIwgFjRu6id7wG+lVcdRxJYskTOOaN2o1hMdAKkrpFQbd -zNRfEoBPUYR3QAmAKP2HBjpgp4ktOHoOKMlfeAuuMCUocSnmPKc3xJaH/6O7rHcf -/Rm0X411RH8JfoXYsSiPsd601kZefhuWvJH0sJLibRDvT7zs8C1v +MIID1DCCArygAwIBAgIUKSPIVx8fGO7AXQ+UCeOeYSt3H9MwDQYJKoZIhvcNAQEL +BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O +ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTE0MjEwWhcN +NDYwNTMwMTE0MjEwWjBpMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx +FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxDDAKBgNVBAoMA01EQjEQMA4GA1UECwwH +RHJpdmVyczEPMA0GA1UEAwwGY2xpZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAp9c06q9VUpvRmaqU6y3z8mjDApdgfDOe9ZCKvTuU2CG3XUG6b09M +ZJSUw7FhNyTGkC+VauLP8r+VLYeSepn0CQvQHRyEJjrIwU2Z0NyngClBnBJ4ieOA +vJ1TA8t7/zVKvJGgDeSZwRZ9AW9wqA0lVGX6xux0X3n5SQnisxPYCQHaFtvxIxvd +C0n804hGrRxwjpal+NXZSdG6AG5IcS/zLy+C/SZsYRmUng8pBgyadPNaEBN6jIIC +L5QPIgg9JsJ1KhWKCZUvBnshto2qdZFr4yHlGGNejjBwhQmSw3lrm4xP/TOwWPVd +eADbwjlJ1ybl9zIo4ya8cApr6cu6QmrfywIDAQABo2QwYjAdBgNVHQ4EFgQU1aKR +s+y020aHbSsTpVcmfLPAqCQwHwYDVR0jBBgwFoAU7R0mLRtoLzfBIdU4uSQNaYmP +eG8wCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB +CwUAA4IBAQCaqWIGEPewAZoXKb+eaSa4MdiXujKE1s45UsY2xzGifkbSphdebdyA +5gQPEyEo0/zZXa2eZ9kMdBf36e5LVEXFBdM2emlTUYLFvLI4afcGhIX9cxtdiRR1 +PPONG3MZlVUKYvFatRzdsDjCC1SQwACvPma38oStnb4CCY3W7guTgks1rosm6q6d +zSR0Pp4JAABQaR6Zd6LqnF27Cc1e8fyBv0rkxty45Vpwqk/YhPm9Evd6xF1XnKpc +dOHQwwUNWdi/N1gC4dw6BydOeDoXa6ad6+Eus2M8GpN7Yiy22MQl1d6DdP6yMlBx +FM+uvMUzL20XOIQsyqvphH94FK/Ffw8u -----END CERTIFICATE----- diff --git a/test/certificates/server.pem b/test/certificates/server.pem index e745e037fc..5540b38ca5 100644 --- a/test/certificates/server.pem +++ b/test/certificates/server.pem @@ -1,49 +1,51 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAhNrB0E6GY/kFSd8/vNpu/t952tbnOsD5drV0XPvmuy7SgKDY -a/S+xb/jPnlZKKehdBnH7qP/gYbv34ZykzcDFZscjPLiGc2cRGP+NQCSFK0d2/7d -y15zSD3zhj14G8+MkpAejTU+0/qFNZMc5neDvGanTe0+8aWa0DXssM0MuTxIv7j6 -CtsMWeqLLofN7a1Kw2UvmieCHfHMuA/08pJwRnV/+5T9WONBPJja2ZQRrG1BjpI4 -81zSPUZesIqi8yDlExdvgNaRZIEHi/njREqwVgJOZomUY57zmKypiMzbz48dDTsV -gUStxrEqbaP+BEjQYPX5+QQk4GdMjkLf52LR6QIDAQABAoIBAHSs+hHLJNOf2zkp -S3y8CUblVMsQeTpsR6otaehPgi9Zy50TpX4KD5D0GMrBH8BIl86y5Zd7h+VlcDzK -gs0vPxI2izhuBovKuzaE6rf5rFFkSBjxGDCG3o/PeJOoYFdsS3RcBbjVzju0hFCs -xnDQ/Wz0anJRrTnjyraY5SnQqx/xuhLXkj/lwWoWjP2bUqDprnuLOj16soNu60Um -JziWbmWx9ty0wohkI/8DPBl9FjSniEEUi9pnZXPElFN6kwPkgdfT5rY/TkMH4lsu -ozOUc5xgwlkT6kVjXHcs3fleuT/mOfVXLPgNms85JKLucfd6KiV7jYZkT/bXIjQ+ -7CZEn0ECgYEA5QiKZgsfJjWvZpt21V/i7dPje2xdwHtZ8F9NjX7ZUFA7mUPxUlwe -GiXxmy6RGzNdnLOto4SF0/7ebuF3koO77oLup5a2etL+y/AnNAufbu4S5D72sbiz -wdLzr3d5JQ12xeaEH6kQNk2SD5/ShctdS6GmTgQPiJIgH0MIdi9F3v0CgYEAlH84 -hMWcC+5b4hHUEexeNkT8kCXwHVcUjGRaYFdSHgovvWllApZDHSWZ+vRcMBdlhNPu -09Btxo99cjOZwGYJyt20QQLGc/ZyiOF4ximQzabTeFgLkTH3Ox6Mh2Rx9yIruYoX -nE3UfMDkYELanEJUv0zenKpZHw7tTt5yXXSlEF0CgYBSsEOvVcKYO/eoluZPYQAA -F2jgzZ4HeUFebDoGpM52lZD+463Dq2hezmYtPaG77U6V3bUJ/TWH9VN/Or290vvN -v83ECcC2FWlSXdD5lFyqYx/E8gqE3YdgqfW62uqM+xBvoKsA9zvYLydVpsEN9v8m -6CSvs/2btA4O21e5u5WBTQKBgGtAb6vFpe0gHRDs24SOeYUs0lWycPhf+qFjobrP -lqnHpa9iPeheat7UV6BfeW3qmBIVl/s4IPE2ld4z0qqZiB0Tf6ssu/TpXNPsNXS6 -dLFz+myC+ufFdNEoQUtQitd5wKbjTCZCOGRaVRgJcSdG6Tq55Fa22mOKPm+mTmed -ZdKpAoGAFsTYBAHPxs8nzkCJCl7KLa4/zgbgywO6EcQgA7tfelB8bc8vcAMG5o+8 -YqAfwxrzhVSVbJx0fibTARXROmbh2pn010l2wj3+qUajM8NiskCPFbSjGy7HSUze -P8Kt1uMDJdj55gATzn44au31QBioZY2zXleorxF21cr+BZCJgfA= ------END RSA PRIVATE KEY----- ------BEGIN CERTIFICATE----- -MIIDlTCCAn2gAwIBAgICdxUwDQYJKoZIhvcNAQELBQAweTEbMBkGA1UEAxMSRHJp -dmVycyBUZXN0aW5nIENBMRAwDgYDVQQLEwdEcml2ZXJzMRAwDgYDVQQKEwdNb25n -b0RCMRYwFAYDVQQHEw1OZXcgWW9yayBDaXR5MREwDwYDVQQIEwhOZXcgWW9yazEL -MAkGA1UEBhMCVVMwHhcNMTkwNTIyMjIzMjU2WhcNMzkwNTIyMjIzMjU2WjBwMRIw -EAYDVQQDEwlsb2NhbGhvc3QxEDAOBgNVBAsTB0RyaXZlcnMxEDAOBgNVBAoTB01v -bmdvREIxFjAUBgNVBAcTDU5ldyBZb3JrIENpdHkxETAPBgNVBAgTCE5ldyBZb3Jr -MQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAITa -wdBOhmP5BUnfP7zabv7fedrW5zrA+Xa1dFz75rsu0oCg2Gv0vsW/4z55WSinoXQZ -x+6j/4GG79+GcpM3AxWbHIzy4hnNnERj/jUAkhStHdv+3ctec0g984Y9eBvPjJKQ -Ho01PtP6hTWTHOZ3g7xmp03tPvGlmtA17LDNDLk8SL+4+grbDFnqiy6Hze2tSsNl -L5ongh3xzLgP9PKScEZ1f/uU/VjjQTyY2tmUEaxtQY6SOPNc0j1GXrCKovMg5RMX -b4DWkWSBB4v540RKsFYCTmaJlGOe85isqYjM28+PHQ07FYFErcaxKm2j/gRI0GD1 -+fkEJOBnTI5C3+di0ekCAwEAAaMwMC4wLAYDVR0RBCUwI4IJbG9jYWxob3N0hwR/ -AAABhxAAAAAAAAAAAAAAAAAAAAABMA0GCSqGSIb3DQEBCwUAA4IBAQBol8+YH7MA -HwnIh7KcJ8h87GkCWsjOJCDJWiYBJArQ0MmgDO0qdx+QEtvLMn3XNtP05ZfK0WyX -or4cWllAkMFYaFbyB2hYazlD1UAAG+22Rku0UP6pJMLbWe6pnqzx+RL68FYdbZhN -fCW2xiiKsdPoo2VEY7eeZKrNr/0RFE5EKXgzmobpTBQT1Dl3Ve4aWLoTy9INlQ/g -z40qS7oq1PjjPLgxINhf4ncJqfmRXugYTOnyFiVXLZTys5Pb9SMKdToGl3NTYWLL -2AZdjr6bKtT+WtXyHqO0cQ8CkAW0M6VOlMluACllcJxfrtdlQS2S4lUIj76QKBdZ -khBHXq/b8MFX ------END CERTIFICATE----- +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCUPK25g5b88xaz +AOQnx1u2oAANgl66JUXF6EDVYojoyH1f8t7yvEIQ7ZS1bupDuIg1lsypAf0VWFYa +5t+2n066XFr1cOl7W+h4nNoTm4uVV5ExZbs2w+TEvzlP7ef6Jo+p3lxCiuXh86Wf +vk/WuIlcGSUn600HrJaKnCIjHoD98iFXLRZpABS7pF8z+b8FxyJEHiiCi7auBo4I +0QLd4w22yl2cAjGb0Jr83KqqN5oii6L8xWwHrKz47Er154xq4/3rHNBWfbhGtfQT +ixB3W+IY8fOaM+cWNCa9MAtbEqj5x9zYDAnCmyUxpPywyFONBTftANiO7E0VVLAk +7vWtL/R5AgMBAAECggEABVyFzVjkuXSyqc9qxm7fx/oqJlLvHtJsSfJ9gyTo3hUq +Rlx1aILF7PDQLm5li1ooQFqaP7PyYGGX3lSNW4CQNg39vYoo7QJE+op0b2hyeE34 +0rg4OOHa61bIjuCEQbg//UfX6bw2Vkwb/cFssnptgBGUwMiHj7MpUA1s7/zmyMh5 +WZ194M/Fb8Oi3yuzngUnxqo8fBUVy1e/HMERLJCI1ifOjQ/3LRjDLHS3vSUUHJNK +fEIwFHIuVRKeT15qH1WiQHo9u2Gf/uRoxSuo6ZI4R8+/81ungk0wHbCG9FkA5zZT +6KJb2aeSY/2I4GhSEM7X/mHSrRlPIixzo6fzJd4JgQKBgQDNiH3/+6QKbIFRqNVG +uTOdY1TWuzPrqYIWyHLR1J/65tHxD6rJmzyJ8ETLH9VA85K0btTfzA83fJnRVTz8 +ouuLDeuMug8V2vCGJ4C7XRtp+4JYrKYmYQXGnW8UdsOUfTfFe0W5j71eVopCUIXo +mwhs//cJqQaZBzBIzodipjaHCQKBgQC4oqLm8hhwvrHe1ez63gHPkAkrFGUEwJkU +vF7Y6Rvlxe3Dd7q0v60OyyftKeLqKLyf1XjYaeI1O7Tb+4aCDleI65yF7cp3mLEy +kQU/VVCBZlV1XiJXaS5CJhen/ftaBDAi/qPqmonRjy/yXPZMJqFM+LjonGK+g+ip +tf6U9Hxt8QKBgCDmt5zRsInGotDqoPGIVh3ct8kEAKS55sw03ESAr/dfGb5oDqPl +SMSgBLMrblzOYO6nS0ZkCQ+Nz6W16mRaxC/nU4ycgCu0d4pSKoZTuj6190Cwqow8 +Pct0ikKRXG+Zt+LR//BbdSnz2oARGc6JesjQFMCkIR1ADFerT/rXtqTZAoGAOc65 +4EL2Qf6CpDkobFcsC/eV10YYZseCZkqgC5vYnzU8PxHyg/rrTRFwW8HciOHeRNDK +eD+WkoIyGxoCQCALahQSup/73zwQZrue//hPL2SB5zBk4idNU2qnx3Iuyz06cQp2 ++dIOymzhXymZ97e0kuvgwPuNswaLxu7zWWG+v5ECgYEAxpP+XbrDVAe696v5vQD8 +4w9LmqULtGAZyfLh3K5Fz8yRPP7uHsKivN8niaTWTGIGmD6Bk2aCdYgON0qp4fD6 +ICN+0lLcDPLcFy+qLACCP9BEONlXyihQGhwsQ3Z+n4bNyJ0kO8f/08UFxfz1xsO1 +y5FdRXA63aJyy1dEkpRauaM= +-----END PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIID5zCCAs+gAwIBAgIUKSPIVx8fGO7AXQ+UCeOeYSt3H9IwDQYJKoZIhvcNAQEL +BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O +ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTE0MjEwWhcN +NDYwNTMwMTE0MjEwWjBwMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx +FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV +BAsMB0RyaXZlcnMxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBAJQ8rbmDlvzzFrMA5CfHW7agAA2CXrolRcXoQNViiOjI +fV/y3vK8QhDtlLVu6kO4iDWWzKkB/RVYVhrm37afTrpcWvVw6Xtb6Hic2hObi5VX +kTFluzbD5MS/OU/t5/omj6neXEKK5eHzpZ++T9a4iVwZJSfrTQesloqcIiMegP3y +IVctFmkAFLukXzP5vwXHIkQeKIKLtq4GjgjRAt3jDbbKXZwCMZvQmvzcqqo3miKL +ovzFbAesrPjsSvXnjGrj/esc0FZ9uEa19BOLEHdb4hjx85oz5xY0Jr0wC1sSqPnH +3NgMCcKbJTGk/LDIU40FN+0A2I7sTRVUsCTu9a0v9HkCAwEAAaNwMG4wHQYDVR0O +BBYEFBOeLQ+CZYYAupW/IQXqUlBMjEdTMB8GA1UdIwQYMBaAFO0dJi0baC83wSHV +OLkkDWmJj3hvMCwGA1UdEQQlMCOCCWxvY2FsaG9zdIcEfwAAAYcQAAAAAAAAAAAA +AAAAAAAAATANBgkqhkiG9w0BAQsFAAOCAQEAP3OaQwijfrhDeJnQEiCLzhuyqh1B +7oWgC9CFG75Qe2VUVXcyIhhgYRE9SNUxv4v8VGEUB1HZmgMBO95xdKGCyIbkPmjI +qyXcGtJwBv4Uj2Fv5pswxMjInCE2qPHK162H2JG1nwRLertiOEvnLca1J9lysaIn +R2O6Ur0AwkWCnssD3z51SYt3xF+veFAMka8elQTMuj6LxerKf6SwaNo2zt24MrKh +zMAHfjrEVAAATUMcDchbcUd2E/DhbdbVEA4r4k4snB9Yg+5PouB824dqiwXiBHu3 +Ka+nFf/Pv+XVjR1pnVbiBaPnYxs+i+z0f3XMN1YMVNZpKF3ure94FQReHQ== +-----END CERTIFICATE----- diff --git a/test/certificates/trusted-ca.pem b/test/certificates/trusted-ca.pem index a6f6f312d0..d10496e8ab 100644 --- a/test/certificates/trusted-ca.pem +++ b/test/certificates/trusted-ca.pem @@ -1,82 +1,23 @@ -# CA bundle file used to test tlsCAFile loading for OCSP. -# Copied from the server: -# https://github.com/mongodb/mongo/blob/r4.3.4/jstests/libs/trusted-ca.pem - -# Autogenerated file, do not edit. -# Generate using jstests/ssl/x509/mkcert.py --config jstests/ssl/x509/certs.yml trusted-ca.pem -# -# CA for alternate client/server certificate chain. -----BEGIN CERTIFICATE----- -MIIDojCCAooCBG585gswDQYJKoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMxETAP -BgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1OZXcgWW9yayBDaXR5MRAwDgYDVQQK -DAdNb25nb0RCMQ8wDQYDVQQLDAZLZXJuZWwxHzAdBgNVBAMMFlRydXN0ZWQgS2Vy -bmVsIFRlc3QgQ0EwHhcNMTkwOTI1MjMyNzQxWhcNMzkwOTI3MjMyNzQxWjB8MQsw -CQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3Jr -IENpdHkxEDAOBgNVBAoMB01vbmdvREIxDzANBgNVBAsMBktlcm5lbDEfMB0GA1UE -AwwWVHJ1c3RlZCBLZXJuZWwgVGVzdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBANlRxtpMeCGhkotkjHQqgqvO6O6hoRoAGGJlDaTVtqrjmC8nwySz -1nAFndqUHttxS3A5j4enOabvffdOcV7+Z6vDQmREF6QZmQAk81pmazSc3wOnRiRs -AhXjld7i+rhB50CW01oYzQB50rlBFu+ONKYj32nBjD+1YN4AZ2tuRlbxfx2uf8Bo -Zowfr4n9nHVcWXBLFmaQLn+88WFO/wuwYUOn6Di1Bvtkvqum0or5QeAF0qkJxfhg -3a4vBnomPdwEXCgAGLvHlB41CWG09EuAjrnE3HPPi5vII8pjY2dKKMomOEYmA+KJ -AC1NlTWdN0TtsoaKnyhMMhLWs3eTyXL7kbkCAwEAAaMxMC8wDAYDVR0TBAUwAwEB -/zAfBgNVHREEGDAWgglsb2NhbGhvc3SCCTEyNy4wLjAuMTANBgkqhkiG9w0BAQsF -AAOCAQEAQk56MO9xAhtO077COCqIYe6pYv3uzOplqjXpJ7Cph7GXwQqdFWfKls7B -cLfF/fhIUZIu5itStEkY+AIwht4mBr1F5+hZUp9KZOed30/ewoBXAUgobLipJV66 -FKg8NRtmJbiZrrC00BSO+pKfQThU8k0zZjBmNmpjxnbKZZSFWUKtbhHV1vujver6 -SXZC7R6692vLwRBMoZxhgy/FkYRdiN0U9wpluKd63eo/O02Nt6OEMyeiyl+Z3JWi -8g5iHNrBYGBbGSnDOnqV6tjEY3eq600JDWiodpA1OQheLi78pkc/VQZwof9dyBCm -6BoCskTjip/UB+vIhdPFT9sgUdgDTg== ------END CERTIFICATE----- ------BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDZUcbaTHghoZKL -ZIx0KoKrzujuoaEaABhiZQ2k1baq45gvJ8Mks9ZwBZ3alB7bcUtwOY+Hpzmm7333 -TnFe/merw0JkRBekGZkAJPNaZms0nN8Dp0YkbAIV45Xe4vq4QedAltNaGM0AedK5 -QRbvjjSmI99pwYw/tWDeAGdrbkZW8X8drn/AaGaMH6+J/Zx1XFlwSxZmkC5/vPFh -Tv8LsGFDp+g4tQb7ZL6rptKK+UHgBdKpCcX4YN2uLwZ6Jj3cBFwoABi7x5QeNQlh -tPRLgI65xNxzz4ubyCPKY2NnSijKJjhGJgPiiQAtTZU1nTdE7bKGip8oTDIS1rN3 -k8ly+5G5AgMBAAECggEAS7GjLKgT88reSzUTgubHquYf1fZwMak01RjTnsVdoboy -aMJVwzPsjgo2yEptUQvuNcGmz54cg5vJaVlmPaspGveg6WGaRmswEo/MP4GK98Fo -IFKkKM2CEHO74O14XLN/w8yFA02+IdtM3X/haEFE71VxXNmwawRXIBxN6Wp4j5Fb -mPLKIspnWQ/Y/Fn799sCFAzX5mKkbCt1IEgKssgQQEm1UkvmCkcZE+mdO/ErYP8A -COO0LpM+TK6WQY2LKiteeCCiosTZFb1GO7MkXrRP5uOBZKaW5kq1R0b6PcopJPCM -OcYF0Zli6KB7oiQLdXgU2jCaxYOnuRb6RYh2l7NvAQKBgQD6CZ9TKOn/EUQtukyw -pvYTyt1hoLXqYGcbRtLc1gcC+Z2BD28hd3eD/mEUv+g/8bq/OP4wYV9X+VRvR8xN -MmfAG/sJeOCOClz1A1TyNeA+G0GZ25qWHyHQ2W4WlSG1CXQgxGzU6wo/t6wiVW5R -O4jplFVEOXznf4vmVfBJK50R2QKBgQDegGxm23jF2N5sIYDZ14oxms8bbjPz8zH6 -tiIRYNGbSzI7J4KFGY2HiBwtf1yxS22HBL69Y1WrEzGm1vm4aZG/GUwBzI79QZAO -+YFIGaIrdlv12Zm6lpJMmAWlOs9XFirC17oQEwOQFweOdQSt7F/+HMZOigdikRBV -pK+8Kfay4QKBgQDarDevHwUmkg8yftA7Xomv3aenjkoK5KzH6jTX9kbDj1L0YG8s -sbLQuVRmNUAFTH+qZUnJPh+IbQIvIHfIu+CI3u+55QFeuCl8DqHoAr5PEr9Ys/qK -eEe2w7HIBj0oe1AYqDEWNUkNWLEuhdCpMowW3CeGN1DJlX7gvyAang4MYQKBgHwM -aWNnFQxo/oiWnTnWm2tQfgszA7AMdF7s0E2UBwhnghfMzU3bkzZuwhbznQATp3rR -QG5iRU7dop7717ni0akTN3cBTu8PcHuIy3UhJXLJyDdnG/gVHnepgew+v340E58R -muB/WUsqK8JWp0c4M8R+0mjTN47ShaLZ8EgdtTbBAoGBAKOcpuDfFEMI+YJgn8zX -h0nFT60LX6Lx+zcSDY9+6J6a4n5NhC+weYCDFOGlsLka1SwHcg1xanfrLVjpH7Ok -HDJGLrSh1FP2Rq/oFxZ/OKCjonHLa8IulqD/AA+sqYRbysKNsT3Pi0554F2xFEqQ -z/C84nlT1R2uTCWIxvrnpU2h ------END PRIVATE KEY----- -# Pre Oct 2019 trusted-ca.pem -# Transitional pending BUILD update. ------BEGIN CERTIFICATE----- -MIIDpjCCAo6gAwIBAgIDAghHMA0GCSqGSIb3DQEBBQUAMHwxHzAdBgNVBAMTFlRy -dXN0ZWQgS2VybmVsIFRlc3QgQ0ExDzANBgNVBAsTBktlcm5lbDEQMA4GA1UEChMH -TW9uZ29EQjEWMBQGA1UEBxMNTmV3IFlvcmsgQ2l0eTERMA8GA1UECBMITmV3IFlv -cmsxCzAJBgNVBAYTAlVTMB4XDTE2MDMzMTE0NTY1NVoXDTM2MDMzMTE0NTY1NVow -fDEfMB0GA1UEAxMWVHJ1c3RlZCBLZXJuZWwgVGVzdCBDQTEPMA0GA1UECxMGS2Vy -bmVsMRAwDgYDVQQKEwdNb25nb0RCMRYwFAYDVQQHEw1OZXcgWW9yayBDaXR5MREw -DwYDVQQIEwhOZXcgWW9yazELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUA -A4IBDwAwggEKAoIBAQCePFHZTydC96SlSHSyu73vw//ddaE33kPllBB9DP2L7yRF -6D/blFmno9fSM+Dfg64VfGV+0pCXPIZbpH29nzJu0DkvHzKiWK7P1zUj8rAHaX++ -d6k0yeTLFM9v+7YE9rHoANVn22aOyDvTgAyMmA0CLn+SmUy6WObwMIf9cZn97Znd -lww7IeFNyK8sWtfsVN4yRBnjr7kKN2Qo0QmWeFa7jxVQptMJQrY8k1PcyVUOgOjQ -ocJLbWLlm9k0/OMEQSwQHJ+d9weUbKjlZ9ExOrm4QuuA2tJhb38baTdAYw3Jui4f -yD6iBAGD0Jkpc+3YaWv6CBmK8NEFkYJD/gn+lJ75AgMBAAGjMTAvMAwGA1UdEwQF -MAMBAf8wHwYDVR0RBBgwFoIJbG9jYWxob3N0ggkxMjcuMC4wLjEwDQYJKoZIhvcN -AQEFBQADggEBADYikjB6iwAUs6sglwkE4rOkeMkJdRCNwK/5LpFJTWrDjBvBQCdA -Y5hlAVq8PfIYeh+wEuSvsEHXmx7W29X2+p4VuJ95/xBA6NLapwtzuiijRj2RBAOG -1EGuyFQUPTL27DR3+tfayNykDclsVDNN8+l7nt56j8HojP74P5OMHtn+6HX5+mtF -FfZMTy0mWguCsMOkZvjAskm6s4U5gEC8pYEoC0ZRbfUdyYsxZe/nrXIFguVlVPCB -XnfB/0iG9t+VH5cUVj1LP9skXTW4kXfhQmljUuo+EVBNR6n2nfTnpoC65WeAgHV4 -V+s9mJsUv2x72KtKYypqEVT0gaJ1WIN9N1s= +MIID2TCCAsGgAwIBAgIUQCWo/PU6IvM6irHYGWdpa3ARHxYwDQYJKoZIhvcNAQEL +BQAwfDELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O +ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMQ8wDQYDVQQLDAZLZXJuZWwx +HzAdBgNVBAMMFlRydXN0ZWQgS2VybmVsIFRlc3QgQ0EwHhcNMjYwNjA0MTE0MjEw +WhcNNDYwNTMwMTE0MjEwWjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlv +cmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxDzAN +BgNVBAsMBktlcm5lbDEfMB0GA1UEAwwWVHJ1c3RlZCBLZXJuZWwgVGVzdCBDQTCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJyY5r4OksZl5CfOZWo+0gk1 +5sSpAr/B4iQPUdA4jQhi5ITfWjHoCB/qvGxW+HZIVe5ojPjfZ7FSum0RKu3XwM8n +nf3uqedHNq2ECSA+h652/Sv6ddT1qmT+UPSo/iRpAIeummTt6/X1aneIz4UtOfl+ +VU2g6mXUZtre/ZOEHruBOhNm1X+usk9BkGpXaeZWqJrLvEQCfmI+uoFxlt3B4V9G +ck/VLOitsr8zGszPe1b1fKmbah4vCDR7VXZx3K6RvMWihkcNlGriROO2OJIBIK8u +XU5pq5l8ltysSrop9RPGY6CROJXP7GYBI58kA6/GDd9288x+4QPuafif/jefrZkC +AwEAAaNTMFEwHQYDVR0OBBYEFAQGvt0Na7xdR65/dDTJ0VAg1mBVMB8GA1UdIwQY +MBaAFAQGvt0Na7xdR65/dDTJ0VAg1mBVMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBAB9VzX0c0Lk2qbKmt4ZQeeUouZhgJmcTFOC3inKqjBVZkLAI +g0iDmdPUzbq0tospuJMNuXdToVcCgQ16Yq5dTcDAHZWcOu8qv41gOGV6Ke0gR7V2 +c5GHJ4TuDVk3SfbuU6+6/P+3CjXWJRJoHM4IfcBMSWJnHSuMjgYQr27NNJdCNroU +0OXr4TqbjzCa3adbzOuQkXPKVq1bmJbfM1V0QBDqtCrvgh5Sl+VxCPJbNyipWGAw +KSAS1vFH1/6C9dD8Ihn9DWXmFPXYZ3kPDbUTKGFaV0rquX4MpYnW7Mcy9SyUuwho +nPyF7IQtRHLCj0eLoLfuayZWgK1c+hZlEZRURLo= -----END CERTIFICATE----- diff --git a/test/test_encryption.py b/test/test_encryption.py index 7df9e7ac38..fd0e05e48d 100644 --- a/test/test_encryption.py +++ b/test/test_encryption.py @@ -3029,8 +3029,6 @@ def http_post(self, path, data=None): # each request because the server is single threaded. ctx = ssl.create_default_context(cafile=CA_PEM) ctx.load_cert_chain(CLIENT_PEM) - ctx.check_hostname = False - ctx.verify_mode = ssl.CERT_NONE conn = http.client.HTTPSConnection("127.0.0.1:9003", context=ctx) try: if data is not None: From 7ea7b943ddb1427cba9283836d320228ec1717ab Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Thu, 4 Jun 2026 07:43:37 -0500 Subject: [PATCH 02/12] PYTHON-5040 Use test/certificates/ certs for SSL test client setup_tests.py was pointing CLIENT_PEM and CA_PEM at the x509gen certs from drivers-evergreen-tools, which were derived from the old test/certificates/ca.pem. After regenerating that CA with a new key pair, the server (which uses test/certificates/) and the client (which trusted x509gen/ca.pem) no longer agreed on the CA, causing ssl.SSLCertVerificationError in SSL auth tasks. --- .evergreen/scripts/setup_tests.py | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.evergreen/scripts/setup_tests.py b/.evergreen/scripts/setup_tests.py index e188dcaa9d..67dd3d6e20 100644 --- a/.evergreen/scripts/setup_tests.py +++ b/.evergreen/scripts/setup_tests.py @@ -341,10 +341,8 @@ def handle_test_env() -> None: run_command(cmd, cwd=DRIVERS_TOOLS) if SSL != "nossl": - if not DRIVERS_TOOLS: - raise RuntimeError("Missing DRIVERS_TOOLS") - write_env("CLIENT_PEM", f"{DRIVERS_TOOLS}/.evergreen/x509gen/client.pem") - write_env("CA_PEM", f"{DRIVERS_TOOLS}/.evergreen/x509gen/ca.pem") + write_env("CLIENT_PEM", ROOT / "test/certificates/client.pem") + write_env("CA_PEM", ROOT / "test/certificates/ca.pem") compressors = os.environ.get("COMPRESSORS") or opts.compressor if compressors == "snappy": From b5d4405effa6ce8a22e2fa5a13a1e4072daba0c0 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Thu, 4 Jun 2026 08:43:38 -0500 Subject: [PATCH 03/12] PYTHON-5040 Export TLS cert paths from integration_tests/run.sh Set TLS_PEM_KEY_FILE, TLS_CA_FILE, and TLS_CERT_KEY_FILE to test/certificates/ so that run-mongodb.sh uses our regenerated certs when the SSL server is started, and async_client_context connects with a CA that matches the server cert. --- integration_tests/run.sh | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/integration_tests/run.sh b/integration_tests/run.sh index 051e2b8a75..bdce3aeea7 100755 --- a/integration_tests/run.sh +++ b/integration_tests/run.sh @@ -2,6 +2,14 @@ # Run all of the integration test files using `uv run`. set -eu +ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" + +# Point run-mongodb.sh (and async_client_context) at our test certificates so +# the server and client agree on the CA, regardless of the CI tool's defaults. +export TLS_PEM_KEY_FILE="$ROOT/test/certificates/server.pem" +export TLS_CA_FILE="$ROOT/test/certificates/ca.pem" +export TLS_CERT_KEY_FILE="$ROOT/test/certificates/client.pem" + for file in integration_tests/test_*.py ; do echo "-----------------" echo "Running $file..." From 840e463a2990097a5f104b66bcdfcc0bd65f8983 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Thu, 4 Jun 2026 09:27:34 -0500 Subject: [PATCH 04/12] PYTHON-5040 Use test/certificates/ certs for SSL integration test server Set TLS_PEM_KEY_FILE, TLS_CA_FILE, and TLS_CERT_KEY_FILE on the setup-mongodb-ssl workflow step so run-mongodb.sh uses our regenerated test/certificates/ certs. async_client_context already trusts test/certificates/ca.pem by default (helpers_shared.py), so server and client now agree on the CA. Also reverts setup_tests.py and integration_tests/run.sh to their state before the failed x509gen fix attempts. --- .evergreen/scripts/setup_tests.py | 6 ++++-- .github/workflows/test-python.yml | 6 +++++- integration_tests/run.sh | 8 -------- 3 files changed, 9 insertions(+), 11 deletions(-) diff --git a/.evergreen/scripts/setup_tests.py b/.evergreen/scripts/setup_tests.py index 67dd3d6e20..e188dcaa9d 100644 --- a/.evergreen/scripts/setup_tests.py +++ b/.evergreen/scripts/setup_tests.py @@ -341,8 +341,10 @@ def handle_test_env() -> None: run_command(cmd, cwd=DRIVERS_TOOLS) if SSL != "nossl": - write_env("CLIENT_PEM", ROOT / "test/certificates/client.pem") - write_env("CA_PEM", ROOT / "test/certificates/ca.pem") + if not DRIVERS_TOOLS: + raise RuntimeError("Missing DRIVERS_TOOLS") + write_env("CLIENT_PEM", f"{DRIVERS_TOOLS}/.evergreen/x509gen/client.pem") + write_env("CA_PEM", f"{DRIVERS_TOOLS}/.evergreen/x509gen/ca.pem") compressors = os.environ.get("COMPRESSORS") or opts.compressor if compressors == "snappy": diff --git a/.github/workflows/test-python.yml b/.github/workflows/test-python.yml index 2a70021cf7..5e31d3a41e 100644 --- a/.github/workflows/test-python.yml +++ b/.github/workflows/test-python.yml @@ -219,12 +219,16 @@ jobs: - id: setup-mongodb uses: mongodb-labs/drivers-evergreen-tools@master - name: Run tests - run: | + run: | just integration-tests - id: setup-mongodb-ssl uses: mongodb-labs/drivers-evergreen-tools@master with: ssl: true + env: + TLS_PEM_KEY_FILE: ${{ github.workspace }}/test/certificates/server.pem + TLS_CA_FILE: ${{ github.workspace }}/test/certificates/ca.pem + TLS_CERT_KEY_FILE: ${{ github.workspace }}/test/certificates/client.pem - name: Run tests run: | just integration-tests diff --git a/integration_tests/run.sh b/integration_tests/run.sh index bdce3aeea7..051e2b8a75 100755 --- a/integration_tests/run.sh +++ b/integration_tests/run.sh @@ -2,14 +2,6 @@ # Run all of the integration test files using `uv run`. set -eu -ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" - -# Point run-mongodb.sh (and async_client_context) at our test certificates so -# the server and client agree on the CA, regardless of the CI tool's defaults. -export TLS_PEM_KEY_FILE="$ROOT/test/certificates/server.pem" -export TLS_CA_FILE="$ROOT/test/certificates/ca.pem" -export TLS_CERT_KEY_FILE="$ROOT/test/certificates/client.pem" - for file in integration_tests/test_*.py ; do echo "-----------------" echo "Running $file..." From 2530bab9c1f11350af933433bd97f3e0ec3d4840 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Thu, 4 Jun 2026 12:05:49 -0500 Subject: [PATCH 05/12] PYTHON-5040 Use test/certificates/ certs for Evergreen SSL test client setup_tests.py was pointing CLIENT_PEM and CA_PEM at x509gen/ certs from drivers-evergreen-tools, which were derived from the old ca.pem. After regenerating test/certificates/ with a new CA key, the server (test/certificates/) and client (x509gen/) no longer agree on the CA. Switch both to test/certificates/ to match the server cert. --- .evergreen/scripts/setup_tests.py | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.evergreen/scripts/setup_tests.py b/.evergreen/scripts/setup_tests.py index e188dcaa9d..67dd3d6e20 100644 --- a/.evergreen/scripts/setup_tests.py +++ b/.evergreen/scripts/setup_tests.py @@ -341,10 +341,8 @@ def handle_test_env() -> None: run_command(cmd, cwd=DRIVERS_TOOLS) if SSL != "nossl": - if not DRIVERS_TOOLS: - raise RuntimeError("Missing DRIVERS_TOOLS") - write_env("CLIENT_PEM", f"{DRIVERS_TOOLS}/.evergreen/x509gen/client.pem") - write_env("CA_PEM", f"{DRIVERS_TOOLS}/.evergreen/x509gen/ca.pem") + write_env("CLIENT_PEM", ROOT / "test/certificates/client.pem") + write_env("CA_PEM", ROOT / "test/certificates/ca.pem") compressors = os.environ.get("COMPRESSORS") or opts.compressor if compressors == "snappy": From ea3f9c499beb7ce72b5901ebe8337d7f9795be8d Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Thu, 4 Jun 2026 13:34:21 -0500 Subject: [PATCH 06/12] PYTHON-5040 Fix KMS mock server TLS for Python 3.13 The CSFLE mock KMS servers were started using x509gen certs that lack the Authority Key Identifier extension, causing Python 3.13 to reject them with ssl.SSLCertVerificationError. - Set CSFLE_TLS_CA_FILE and CSFLE_TLS_CERT_FILE to test/certificates/ in setup_tests.py so the KMIP server and HTTP mock servers use our AKI-enabled certs. - Add wrong-host.pem (SAN: wronghost.example.com) and expired.pem to test/certificates/ and gen-certs.sh for use in KMS TLS error tests. --- .evergreen/scripts/setup_tests.py | 7 ++++ test/certificates/expired.pem | 51 ++++++++++++++++++++++++++++ test/certificates/gen-certs.sh | 55 +++++++++++++++++++++++++++++-- test/certificates/wrong-host.pem | 51 ++++++++++++++++++++++++++++ 4 files changed, 162 insertions(+), 2 deletions(-) create mode 100644 test/certificates/expired.pem create mode 100644 test/certificates/wrong-host.pem diff --git a/.evergreen/scripts/setup_tests.py b/.evergreen/scripts/setup_tests.py index 67dd3d6e20..29d3c3a78b 100644 --- a/.evergreen/scripts/setup_tests.py +++ b/.evergreen/scripts/setup_tests.py @@ -382,6 +382,13 @@ def handle_test_env() -> None: csfle_dir = Path(f"{DRIVERS_TOOLS}/.evergreen/csfle") run_command(f"bash {csfle_dir.as_posix()}/setup-secrets.sh", cwd=csfle_dir) load_config_from_file(csfle_dir / "secrets-export.sh") + + # Override CSFLE TLS cert paths with our AKI-enabled test/certificates/ + # so mock servers use certs that Python 3.13 TLS validation accepts. + certs = ROOT / "test/certificates" + write_env("CSFLE_TLS_CA_FILE", certs / "ca.pem") + write_env("CSFLE_TLS_CERT_FILE", certs / "server.pem") + run_command(f"bash {csfle_dir.as_posix()}/start-servers.sh") if sub_test_name == "pyopenssl": diff --git a/test/certificates/expired.pem b/test/certificates/expired.pem new file mode 100644 index 0000000000..df740d80aa --- /dev/null +++ b/test/certificates/expired.pem @@ -0,0 +1,51 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDN0dp1gg34rnRb +aBXidThGfUiWvBfsMdeTI2sjlqTiEilUdxy2v6Y5XtaHE7ezK++IqML0YIZSyhM2 +obD6pj455eJ78XcFb4PcDVER9BVr3jQnfkXYsNa/9zr+RtPz2JOWy06taE8oYXp/ +hiS491sXApQwTkWBwJ1SNFyQKBFP1GiMYFShIREf1JySLVhzOw19S9VZxqw/1gaV +JyddZ5GYqJrk+CHjim881TdsH+3bBF/KVuN4taLG7E3+b4WIXbNuMlhxF8NDQjlw +el14rwmwsPO7oPg2Q/41ALyh8P58qDb67L5G8HQIkw+rnqeWWUV89SqmTyh30/Mp +2V90+vPzAgMBAAECggEAIW2aLyf9L+zZriI6HQqP0MxhVptca/rDuhHwa+/Nfirt +S9rVWY3H/XJnTQ9emyWhemR6gX654ka6wc6XdCY9s2FLHHlL16Cp3brLS4CwB/x8 +zltGadrS44vP045aYgpEx6Lj95XE9tiE26MZt3GepElBcJUN2fSYOJ/o1sBYi3U3 +u1ioODXHKuNFhFN/ebEYibYrv13amKuSIm5HYwNYbUiaT2ZjrGH2PKulILu5BtmM +melqaILSrhhGVPtDOBX9fgK4hPOWy9AY2fu+ZCdgrynX3jLNMnljw/etR9gf8s1T +E8hR5yi6yr5Lc0HwyUierAvdd3oMuPCXbMQ+0pjhOQKBgQD/fPI/eOta6ZX3VhSG +KemMgp6ecwNp17Fm5+0bLEW1nYLe6qScrsi2RISbM1X8vzpTciOmcoNh/w6APc4f +kPuOCNZ9sNaIMXr7UsBMgtzvW776YH08q3kO3AWtCaYQ9Ie/RX/OhnZ6kKg19oFa +vKhqQJVk4oIFZ6tu6SDTm7FDmwKBgQDOO23y41IQAFYiHq21UA8S/egLJOteb/aq +4FITHpl/QiPzyJKQRVk2EhiZ1vhXaiQE6Oes4L5mbA7PEKk3zfqhPbvutHejuoNF +dSo73oRg+MpIFMFKm/ylZBj4VVRnopN5HPNLpW2gKBxoA6/S//xigEztr1Jcd+z1 +ToOObhSyiQKBgQCp5y62lTR3FgX8IQuvGSpOngLcPoJTnfRFChF9U5jcKW6BzitA +Y1/pDnHdQGt7lLQ2EB6zL04+Gj9Le06bYXBYyXnSxoo0sisl/acSeqhwqWO83/QJ +J8Nu5VUE+PiuJ+AqjA5tirA52/9xO4hUjke1uVNgbt2muIWiUXjaIJzm5wKBgCGf +pNxt3YpIU8K6V73w8JQ7G2L9wPYjsQbJDfiaC5Ko+O2dLPAirlnXd3VVjCXMY1T9 +mBAikEhoo710zPIRPiSdyQ8xEzR5iz9+y8T5EYIx7eD0qVL9vaJFgKC0YM+IvRyI +8M3LieULxR3cRAVVwRNaMbCq3fW/g7228FH/dpZpAoGAdZtp3y4SzHWE8PLChm8z +xhHqVvrNjzY8NPAotYUOZJ7Sev+jlXqZp1sr4SI27tVrkJrYVb2lQdIRMMKJk7I4 +AZ68v+dQjGrX7Xrcu+iqIKlFY7HJT6fwr+syjt50RqYSDCPoETldpUyxyXk91r/L +irsU3E19H05+WGokTLkREts= +-----END PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIID5zCCAs+gAwIBAgIUeclhc3eoIxhcNOU4obPCurzh2rowDQYJKoZIhvcNAQEL +BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O +ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMDAwMTAxMDAwMDAwWhcN +MDEwMTAxMDAwMDAwWjBwMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx +FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV +BAsMB0RyaXZlcnMxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBAM3R2nWCDfiudFtoFeJ1OEZ9SJa8F+wx15MjayOWpOIS +KVR3HLa/pjle1ocTt7Mr74iowvRghlLKEzahsPqmPjnl4nvxdwVvg9wNURH0FWve +NCd+Rdiw1r/3Ov5G0/PYk5bLTq1oTyhhen+GJLj3WxcClDBORYHAnVI0XJAoEU/U +aIxgVKEhER/UnJItWHM7DX1L1VnGrD/WBpUnJ11nkZiomuT4IeOKbzzVN2wf7dsE +X8pW43i1osbsTf5vhYhds24yWHEXw0NCOXB6XXivCbCw87ug+DZD/jUAvKHw/nyo +NvrsvkbwdAiTD6uep5ZZRXz1KqZPKHfT8ynZX3T68/MCAwEAAaNwMG4wHQYDVR0O +BBYEFF9Iy+JbFAKCo4ATeQWKdiJKty8dMB8GA1UdIwQYMBaAFAyrGYdlc3lY1CvP +iPeUn/U/DOodMCwGA1UdEQQlMCOCCWxvY2FsaG9zdIcEfwAAAYcQAAAAAAAAAAAA +AAAAAAAAATANBgkqhkiG9w0BAQsFAAOCAQEAbLsFZ8XoDBqzWQ8Tki1TaMM15pr5 +rLayr9Qk4lLfAKISLSRQ9IC3UNlKt6wyWAm9dCTywGCY+1lwnpgCeK+Ve7w9A06e +AUN4TVNffHb9LNsu+wj9fvyj6FBINtgBKgNWqjy1tQBoEJsZiIIRN1QKNuEgXEvr ++2aKUysdniTIIeQG5HIFd1TIG+ugabVPXOE4sHdUwXpcY6zcF6za/J3y3UvECOtH +bLIoiq7Zo9CDQE4nN3l4c0WkgaSL1YUFZSa5mLJgqUhn9crN1Ir2edoRg/Mn/Qfa +bWg9TVBBYAqYqfSsygObNywBf7V4sdgc2rRxwqh/TQ6TWvVXyN5tmCnE4w== +-----END CERTIFICATE----- diff --git a/test/certificates/gen-certs.sh b/test/certificates/gen-certs.sh index 33689c3943..3cb82d63e4 100755 --- a/test/certificates/gen-certs.sh +++ b/test/certificates/gen-certs.sh @@ -151,7 +151,58 @@ openssl ca -config "$TMPDIR/ca.cnf" -gencrl -out "$SCRIPT_DIR/crl.pem" 2>/dev/nu echo " crl.pem written" # ---------------------------------------------------------------------------- -# 6. Trusted Kernel Test CA (trusted-ca.pem) +# 6. Wrong-host certificate (for KMS TLS tests — hostname deliberately wrong) +# ---------------------------------------------------------------------------- +echo "==> Generating wrong-host certificate..." +cat > "$TMPDIR/wrong_host_ext.cnf" << 'EOF' +[ v3_wrong_host ] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer +subjectAltName = DNS:wronghost.example.com +EOF + +openssl genrsa -out "$TMPDIR/wrong_host.key" 2048 2>/dev/null +openssl req -new \ + -key "$TMPDIR/wrong_host.key" \ + -out "$TMPDIR/wrong_host.csr" \ + -subj "/C=US/ST=New York/L=New York City/O=MongoDB/OU=Drivers/CN=wronghost.example.com" +openssl x509 -req -days $DAYS \ + -in "$TMPDIR/wrong_host.csr" \ + -CA "$TMPDIR/ca.pem" \ + -CAkey "$TMPDIR/ca.key" \ + -CAserial "$TMPDIR/ca.srl" \ + -out "$TMPDIR/wrong_host.crt" \ + -extfile "$TMPDIR/wrong_host_ext.cnf" \ + -extensions v3_wrong_host 2>/dev/null + +cat "$TMPDIR/wrong_host.key" "$TMPDIR/wrong_host.crt" > "$SCRIPT_DIR/wrong-host.pem" +echo " wrong-host.pem written (SAN: wronghost.example.com)" + +# ---------------------------------------------------------------------------- +# 7. Expired certificate (for KMS TLS tests — validity window in the past) +# ---------------------------------------------------------------------------- +echo "==> Generating expired certificate..." +openssl genrsa -out "$TMPDIR/expired.key" 2048 2>/dev/null +openssl req -new \ + -key "$TMPDIR/expired.key" \ + -out "$TMPDIR/expired.csr" \ + -subj "/C=US/ST=New York/L=New York City/O=MongoDB/OU=Drivers/CN=localhost" +openssl x509 -req \ + -not_before 20000101000000Z \ + -not_after 20010101000000Z \ + -in "$TMPDIR/expired.csr" \ + -CA "$TMPDIR/ca.pem" \ + -CAkey "$TMPDIR/ca.key" \ + -CAserial "$TMPDIR/ca.srl" \ + -out "$TMPDIR/expired.crt" \ + -extfile "$TMPDIR/ext.cnf" \ + -extensions v3_server 2>/dev/null + +cat "$TMPDIR/expired.key" "$TMPDIR/expired.crt" > "$SCRIPT_DIR/expired.pem" +echo " expired.pem written (expired 2001-01-01)" + +# ---------------------------------------------------------------------------- +# 8. Trusted Kernel Test CA (trusted-ca.pem) # A separate CA used in CA-bundle tests; does NOT sign server/client certs. # ---------------------------------------------------------------------------- echo "==> Generating Trusted Kernel Test CA..." @@ -176,7 +227,7 @@ echo " trusted-ca.pem written" # ---------------------------------------------------------------------------- echo "" echo "==> Verifying AKI is present..." -for cert in ca.pem server.pem client.pem trusted-ca.pem; do +for cert in ca.pem server.pem client.pem wrong-host.pem trusted-ca.pem; do result=$(openssl x509 -noout -text -in "$SCRIPT_DIR/$cert" 2>/dev/null | grep "Authority Key Identifier" | head -1) if [ -n "$result" ]; then echo " $cert: OK ($result)" diff --git a/test/certificates/wrong-host.pem b/test/certificates/wrong-host.pem new file mode 100644 index 0000000000..a32e592169 --- /dev/null +++ b/test/certificates/wrong-host.pem @@ -0,0 +1,51 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCrY75NyMLhLJSV +b5Vy8wU5jV/WxLj0Hw/+YfdDHZUJcYBqvhpT6wNaeF+IdqvIijwSmHbqvOXafXny +hk1er8Fqwi77yLhcAY2dBqh/8RUKyG8cqsh8FvEvNiVLg7Im/djpUjKpV2iQfYj/ +BwXRGdSloBw3dMPU27XOIGthYU0TKqY/6nhn/5pi3z0G/1txhaLAV/7PsYR6wxZH +d7kDYi10tWGRl1PqDQrTo9z1JXNT5Bda1YCV3YO/t3FUBT3kXbYImKKgAK7K7IRV +ptmS7w5QJyAGOZutP8I3/CVhDWr1zxm8eFteQ8uPk+CgZJtvuxxSIhMBvRNgHiKQ +YH7u99HzAgMBAAECggEAJlE6brF/wE/zOCWmR/jFJkTRNHbu0sVPEhRc74hhlabm +ivbNdA2KxmM7GItPhJpDK/UiQQDScrKy3OHh0lWA7JlVX71UWl2Oh5jBezku9yYw +kTwtbnDCo0d7txJOdiEyqZdS9EEyg3tNcZbkWgdoX08Yf91/Gsu0Lc1ZtH/Id4wn +v+ITs2B3pv5JWJooHDA1st2qXPCTxqBH5UJqFDBgpbYBDYyOHGWxCfOLZ0KMs+et +cUabDk01tU33GdYElNP6Ca12ZKh6i7UrNmVA40zzVYsQnIdx0qAX+TppkzQs2RxX +SuKAmQnnyxsKepqecm4UdzzXSQO3qnnXubfmYJDfYQKBgQDYuZnecTQ0anaVaNaP +sOxCPcqxZM4NqZdac08nW+vfpJm85l+id9FziY5IUTz8W5ijO8iE5oOZahtzbLZV +jQSq57N+CdClrB1HpPwJhXI/oU2Y6o6MDaQHyZq1RMfh+1A3+O65JkFdR25PAMQQ +ZSASxGLktJiuWImAicFtZAEr7QKBgQDKcuyHaxXYmKDWveWw39VgvFxKFles7KLH +ZzuFKyiBAR+COMheDZjvtDvs7gZyhikvVbPM2BdhuqxWqjTd8rMCXRPTsGpWEFkB +XN0BPoRPKeF1FYRfMJey//xUr6KOILQhKnOO3ijazOJy2BPXD7K/qLNlRVUGXOM3 +8YWOxiv5XwKBgHmq+K7gbqZefmQyjwHsGTa26evc47DX3Jhy06UM/cZ36bcaveW/ +zl5GgxImSU6DPZWmIlQ59PdTkkWialps6InpueKwL+pSTb3C6ZuOxyzhqWaHh68o +mUWl8KyDCJPdOpOxtJNM3rU3PL4td+ScYP0oMzyiBnUaT1dR/r0iv2WhAoGAA8Mz +BilFVKsxggwxcqIWUx/tDytvIbWcKNyQTJ9Kt2sP7NmlT6otB3dwDa02zXYU2d5b +4xi5BoXzogCzztQt44NbVPnYYBUZsl7JdLZ2uwnqOMTXmvVKPHdpdyF0gfO1pVAm +qacTV02rf7roU3zlM46tFtq9A8tCJc4FT2v7cT0CgYEAx7OlCb0GOpjkCbDvgc5w ++9yyUBcUqredtUXyAwKN2PticeTi2fi/hxZ6SOKoX2iNPq0JHeNEZl4EIHLGbnVL +CqWpj/V9UKevYU6VLb/EM3V0kGMCfuFU7huZ2T/MDEfT9sAjSHO1nSLK8AUE8H38 +6NARhxCZKTfN/1T/+aezph8= +-----END PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIID5zCCAs+gAwIBAgIUeclhc3eoIxhcNOU4obPCurzh2rkwDQYJKoZIhvcNAQEL +BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O +ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTgwNjEwWhcN +NDYwNTMwMTgwNjEwWjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx +FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV +BAsMB0RyaXZlcnMxHjAcBgNVBAMMFXdyb25naG9zdC5leGFtcGxlLmNvbTCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKtjvk3IwuEslJVvlXLzBTmNX9bE +uPQfD/5h90MdlQlxgGq+GlPrA1p4X4h2q8iKPBKYduq85dp9efKGTV6vwWrCLvvI +uFwBjZ0GqH/xFQrIbxyqyHwW8S82JUuDsib92OlSMqlXaJB9iP8HBdEZ1KWgHDd0 +w9Tbtc4ga2FhTRMqpj/qeGf/mmLfPQb/W3GFosBX/s+xhHrDFkd3uQNiLXS1YZGX +U+oNCtOj3PUlc1PkF1rVgJXdg7+3cVQFPeRdtgiYoqAArsrshFWm2ZLvDlAnIAY5 +m60/wjf8JWENavXPGbx4W15Dy4+T4KBkm2+7HFIiEwG9E2AeIpBgfu730fMCAwEA +AaNkMGIwHQYDVR0OBBYEFLmrT18i2YXmBZ9Reax2+ICrlb4bMB8GA1UdIwQYMBaA +FAyrGYdlc3lY1CvPiPeUn/U/DOodMCAGA1UdEQQZMBeCFXdyb25naG9zdC5leGFt +cGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEARxNAnJVW20EqXPMFaghwX5dKw+ss +1cG74XxecBo3AM7Y2G4o5aiS5DwpSarokw2nLlpgT9PGbvtSxcB5qFG5eArqKEx8 +x7ECw4V56lXJEAUprkS8AioTGpMJJUVJ+nNx0aztWZWfp9D4txU04eqQ373bL51S +ixJS4ruSk1O5sMEMU1Uh4LB8dkKhvNiqjZVm54QMBtYY85CfdsHDDCeukiScZco9 +nZ/KsprgKal1PJ+vls8XiVZVct1cFU+XEAs90U17p2w0zLu/7IkrJPLNH9ueRX2U +GNI6gmwB9XMVqBn3vnYoutsZl78JIN6xI5ifNPJoI05YhlWJ9V8ZsRV0qA== +-----END CERTIFICATE----- From 5180217ea64a394129fe6593345473018c982e9d Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Thu, 4 Jun 2026 13:53:43 -0500 Subject: [PATCH 07/12] PYTHON-5040 Fix x509 auth username and CRL revocation in test certs Two test failures from regenerated certs: 1. test_mongodb_x509_auth: MongoDB derives the x509 username from the cert subject using RFC 4514 reverse order. The old client cert stored the subject with CN first so the reversed form matched MONGODB_X509_USERNAME ("C=US,...,CN=client"). Our new cert stored C=US first, reversing to "CN=client,...,C=US". Fix: use CN-first subject order (/CN=client/OU=.../C=US) in gen-certs.sh. 2. test_tlsCRLFile_support: The test verifies CRL enforcement works by connecting with tlsCRLFile and expecting ConnectionFailure. This requires the server cert to be listed as revoked in crl.pem. Fix: sign the server cert via `openssl ca` (tracked in the CA database), revoke it, then generate the CRL with the revoked entry. --- test/certificates/ca.pem | 34 ++--- test/certificates/client.pem | 90 +++++++------- test/certificates/crl.pem | 17 +-- test/certificates/expired.pem | 82 ++++++------- test/certificates/gen-certs.sh | 23 ++-- test/certificates/password_protected.pem | 94 +++++++------- test/certificates/server.pem | 150 ++++++++++++++++------- test/certificates/trusted-ca.pem | 34 ++--- test/certificates/wrong-host.pem | 86 ++++++------- 9 files changed, 336 insertions(+), 274 deletions(-) diff --git a/test/certificates/ca.pem b/test/certificates/ca.pem index e83edfc3b3..f869356c03 100644 --- a/test/certificates/ca.pem +++ b/test/certificates/ca.pem @@ -1,23 +1,23 @@ -----BEGIN CERTIFICATE----- -MIID0zCCArugAwIBAgIUSQEGio4MzMdMRZD7CIzy3An1YDUwDQYJKoZIhvcNAQEL +MIID0zCCArugAwIBAgIUJseWjXTSpvUEw4c7Gmv15xTidHEwDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTE0MjEwWhcN -NDYwNTMwMTE0MjEwWjB5MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTg1MjM1WhcN +NDYwNTMwMTg1MjM1WjB5MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV BAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMgVGVzdGluZyBDQTCCASIwDQYJ -KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMciq/J5l9QbqRPRLvDV8Kj+GedoAddM -0WUtI2uMwo9AiFBqr3T7KVQYKaDLt2Kq/4xi3F6cTqNC/sYxeiTJIgsgZtm1wGNd -2orSIVmcMB7t4hZifNvQyWsl3egxEr7DFkcVFomc0aphEi3ukhOvbFvl+ln5W/B6 -DkgK3Kmd1cQd6giWi8FlXko442Kr+c4fhB1vO7Yq6rjmw7A6YgSE+FSS1Yj4ALUW -lBVZwj6h32dImzSeewnskN3VHu5LmTnGxGZFB+T5AKo67Ay7r57Xg9OvbcJqjdFC -6k2wbXFHJ6qKOCV230oP+PZk/MEpPfozXR8B32VNpw0fgtnxFDBv24UCAwEAAaNT -MFEwHQYDVR0OBBYEFO0dJi0baC83wSHVOLkkDWmJj3hvMB8GA1UdIwQYMBaAFO0d -Ji0baC83wSHVOLkkDWmJj3hvMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL -BQADggEBAC2fgKsYBylaHoC2qutDzgHWTYgjE1WbT2xRoEgRXeHJJtn6GD6+DXqs -JZ/hY5grQX7xtletFKpKGup+aMckukW/1UeRIOP5kFO3SCsL97HDH/nERFa18VYz -UZ9aQJdSkmxX4/DZ/wPK+S1AFVdoc1ukIq2Fjc8nBNTsSoePD5wglDZFdFVshMO4 -gL0g1b4GGUJ76tHefBbH7h9LHCWDoKsAYhXIN9hj/pUgKDan1KfCvPlHUOyiEw1K -60zwSW9aAiplxlxsrEYC2NkSPA4izRExxFQiYd6NfjN746Ti/80U+wdhnK86gQb/ -ackczk7G10fqlzvtKkAMdx+eB03Lq+c= +KoZIhvcNAQEBBQADggEPADCCAQoCggEBANyGgty8WHa3MAPAhzIFntWTRMx0CgRQ +rAlRwxgA5fmGvB2HQDdXpLmo3g74jt0p4OB+tOC0resv0WAsCSTMkz5suZRrfHk+ +Md1VdxHFl7LpVNtP5XZKIkIwnRB0R6yBPGg9McV5/f3CnYZcMrXtvGsMJF7jWLzf +17k/lHmsUUmFpmLSI0Zir8nRdgAlKSQLeApYudBnPNhCGUJxRtEkVe0EZkH0H2xl ++K6A3Lu8KHRuA0KLKV4rgrMAuFa4TQJjeeZ1LoSouBHslsOxbaQ5f9fqUCO6gjRU +JndsBiDyajI9HWbeKAxJb07lHg/5Zp4VovvosA1rwSQTdfoM7qvEZPUCAwEAAaNT +MFEwHQYDVR0OBBYEFA+r8H4sLl9BSYmez+zQ/3AVgq5dMB8GA1UdIwQYMBaAFA+r +8H4sLl9BSYmez+zQ/3AVgq5dMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL +BQADggEBAHQcCgoZeIcZkk8iEL0cwyeXV/lVrlz0NSoLURJbRwyd18p6xVCMQcg7 +xLk3iljcGSWx9QTrgdpfopLuOvWITl9gfmjHJF5tdA2kEVLZ9nXDZkFKHHGDcM/c +9h/L9X8SgvFGkZOdRLJSXi0QUJgMNCDHyxf/InXntlUI2cXtyfxm8bk2Jsegkw1Y +6jOJbZk+xIm4Qwt3xyYKoQulqp7TWrn0/bcvFcK27P/o9f8Ay06JxwobxRwQAfoq +ZcLea7KGdnvVuYgYea0ZPNNNfeTlgRwTv3KhszMmp5YluA+Pb8idKYfmWYtvYl4f +nynC5NTSKRanQDdqcFUJJqnHNNQLVS8= -----END CERTIFICATE----- diff --git a/test/certificates/client.pem b/test/certificates/client.pem index 873506308a..39f95c3a60 100644 --- a/test/certificates/client.pem +++ b/test/certificates/client.pem @@ -1,51 +1,51 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCn1zTqr1VSm9GZ -qpTrLfPyaMMCl2B8M571kIq9O5TYIbddQbpvT0xklJTDsWE3JMaQL5Vq4s/yv5Ut -h5J6mfQJC9AdHIQmOsjBTZnQ3KeAKUGcEniJ44C8nVMDy3v/NUq8kaAN5JnBFn0B -b3CoDSVUZfrG7HRfeflJCeKzE9gJAdoW2/EjG90LSfzTiEatHHCOlqX41dlJ0boA -bkhxL/MvL4L9JmxhGZSeDykGDJp081oQE3qMggIvlA8iCD0mwnUqFYoJlS8GeyG2 -jap1kWvjIeUYY16OMHCFCZLDeWubjE/9M7BY9V14ANvCOUnXJuX3MijjJrxwCmvp -y7pCat/LAgMBAAECggEAUOjsyIm3XvhgpWxXF7xyUhRwlco1qAoWghio2SpkyYAP -bfRmlIwsrnv17xSOYc/nrNBTflBSoJn8pxMo6NNYkhfQvoflqKxD5POsx8PnN2As -EbnRw98ZS1OoFjc80j11hsvI1YmzGSLnJg77xvd3XGVA7C5Gt1QMeUo7r8pMJaKm -zaL8Nee3klPn/giu/1iImCVn+7mHshYMZTwQuYJL0RWJiz12jdH2ILF3yLKraUQ+ -gAx2k5KL5AEPWQwstTfM+2G+5GQ8zMimBYm53ZlVlRX6JejgxQKO52A9+M4Jz2yO -uDPJEVc+ka201zDSKjUUNi4IIQyu5gGyMy+FfuEIQQKBgQDn1r4eXDJj/mpCmMag -NcibPnV7m2Ilr0tCGXFNBpW2HVtPNqQ4w+FENSHZU4wWQ03PNfd26j12Gin3wH3V -0xM89w5DGwvggCEj48TP8H9v9PuOI8KY0QlFoA9XeLZ4DPKLbna/1U9DXjqCj+JN -MwG0WPMI+sn+okU5Y48i/QPi6wKBgQC5VQxlGEiVLPdeneZnzg7u9CTDH3WaNjQO -bCZyHyFjCZn388vqtWdHpSkLECET4L+coLMVJO/NOD3k9oDJinklbE2VyicOOhLj -gt/OaURb/yt1exDQ5+LJWa9GhcKEVrohWQCnk9xLw9TdakUVlx0USoQDrQqRloCr -CLbkmnz+oQKBgQDGI+8KrYtXkJmqXz3qsOzJWYE46hzgzkdIr8v4o7cSFVbzhWSn -Kyn8jFhokBH6+PyoKpxb4mgy5ruVhctGEwavJQroaVYmQfuQ29paSVXxDnRsD74B -sy30do6GGKICSjaE2hzdaOY8Um05JtWnWv+K7jaQJx655F+7Y45yvcEzjwKBgA9w -ASdOnYUniLdt6apN5LqMxZ8nOLGOwElPQuiQpURNoXCg8yRq1d6G6GNOhaLVPsC6 -NhCV0g/DFozC57lh+nNekRvgCd7KgZZH6YKVDCepmqIfjSgJmL9y5AG41JoXa0up -0T8kNt5swodq+bQxsS9mgZaYzF+SLMeSY0GpiK3hAoGAR/8/tASO6MYV7uoP6BVl -MytqBmu66BN1AxqR1YBAqxlpEJR7EFc3QTAbLQiS1ZtczVKqNIGiqrv4EfWtVvkm -nvmdVOdta8kF4CsWdu2cpXGQ/Ov5NHHL+x2gqwOKpiInvGbNOnd9K2SGLJW5SSmz -7uONbtZyZcetWlsatP05gE0= +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCzQSIoBRUpj6re +P01yUUr6Qa+na6/WkmHuxMe+8blLykrK0cr8csjrM3dFovhCqBTGY3sfxWMn6/Iw +l3dHyG1RcVv//Vj+2elEg0Pt1DYXpWodMZm8XdlkkIH5CAKIVMY/kMpgnyhnDZkT +oLx9xrRtDf10Gp7J5f37Y0OIXGY60MZL66OfHXBgISKsyR5HVa0ysKn6MrlK6Eeu +AUdoMUMcNTdFnI/04NRJ8qQ+7nGQgxwt/iVvUCzpqkq0ZMDq5TD7rwdIivB1SCHK +yYbdTgtIxWQldLMNqzMwIpqIpYmfcKbaGCDO8m5ZQg40CKpd8LROJVMWUX+sWagi +ymVxTsuLAgMBAAECggEAPmpB/eRTK48KRGuPSGxU6pGfm3CMH+8FaZGcKXjad7De +3QMypjdDjV30vEsUHYWQAkoWT4g3z+lAgbnjvxtjMRYDHj31VHvE1OXN68xV72LZ +8YNZT/TvoqwMjY1D8HtwMib0yLLyavuZnvN7XmInZceWxmwUeSF7j6JPG/ZsZDLC +n/ypgxaBv1lrWZaPI0zQAtLrfjk9CMai2vwsvPTw7S9sbkRNfgXOfXtxz+Ngg1Jg +Tppa5GbULytdmxYmEL3zthnmQuJmFTvh8Sp9we80jyq035StvZue7RxeXm6QFF/o ++G9A0KXqfsgG9WuklWSXvXhHBLxIk7GUb3TIh4vWQQKBgQDu4hHcqRfTNwKrADxJ +pkKK/yM4XidkuCn1N/8VIXXpxavQPbshP6e+kyiDlFqgBdEXzKsKJF3T+sRoYaic +NpEVwNf08yAOTnORfKY6r2hEAdf0y4yB2Qv8GT1m9iq2LQSK43G2BlCsh2n+KTZk +/RKm6xs86VBL7qkQRpMfvUOvSwKBgQDAGUVRSDJx3VHLnb4k+6z687btGGYBo/Y+ +p0TAy1lZ7mLWcHfDQgXQ9VbCVQAyGkJrfUpcozMvARDUtzi5DCtEGpA2L0orstIJ +nZw9PLNldYDsfuTLhhBjBLT05ZTXa0PZDXi3Qtw0KWu3sRbZeRvJO+MAZ/zw8kkv +ej4VAXxswQKBgQDtdEkfF/J34PHE+0nyR9NTiYQADw+Hfc0vVUc5QPaNtxEvwX0W +8siSloMqMDjZYo7S4n6OaVHfWiEMRS8ugMs9XWENuvL9ZZxZXRd7tEqnd1Gsovz7 +Qb45DPnNNBuG1T7ztFye/K4KodyJaXwJbMqyo3eC18UahZUGebDbVu5F+wKBgBX6 +Ti3wfqT8V0FeeMSubqn/fCxAIFuLsL6WUI1mNoDNf01dbLZQNW4kw5pUM0OIMZUu +rnVOzqpQCubrV3gEZmbSSzGH04qQWOt0ts1ixnuTJ/7mvbJzUiih/zoNkivbP9Xz +bp447gyhuIs5nY2gB4fMbDo9q3i9n5Xo/HVWyC+BAoGAEqS3DpZLRLRjahMwiEd7 +ojsDa58sp1/q0MyrMuIQvKt6y0MrlGId/TTgr+uLp0PAHZiRcfj+MHYS3q4ftw3M +DKISS1HzC1EDRbrH4IUsJTbqHWTxOQnUWXmeNWuaf3k74H6rsL1er6mq+kG2bKTr +YzZCX2b+WKJ7kbvloaiFfuY= -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID1DCCArygAwIBAgIUKSPIVx8fGO7AXQ+UCeOeYSt3H9MwDQYJKoZIhvcNAQEL +MIID1DCCArygAwIBAgIUbEVC5hWQQpWYIXOynGd8Ku7ioaMwDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTE0MjEwWhcN -NDYwNTMwMTE0MjEwWjBpMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx -FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxDDAKBgNVBAoMA01EQjEQMA4GA1UECwwH -RHJpdmVyczEPMA0GA1UEAwwGY2xpZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEAp9c06q9VUpvRmaqU6y3z8mjDApdgfDOe9ZCKvTuU2CG3XUG6b09M -ZJSUw7FhNyTGkC+VauLP8r+VLYeSepn0CQvQHRyEJjrIwU2Z0NyngClBnBJ4ieOA -vJ1TA8t7/zVKvJGgDeSZwRZ9AW9wqA0lVGX6xux0X3n5SQnisxPYCQHaFtvxIxvd -C0n804hGrRxwjpal+NXZSdG6AG5IcS/zLy+C/SZsYRmUng8pBgyadPNaEBN6jIIC -L5QPIgg9JsJ1KhWKCZUvBnshto2qdZFr4yHlGGNejjBwhQmSw3lrm4xP/TOwWPVd -eADbwjlJ1ybl9zIo4ya8cApr6cu6QmrfywIDAQABo2QwYjAdBgNVHQ4EFgQU1aKR -s+y020aHbSsTpVcmfLPAqCQwHwYDVR0jBBgwFoAU7R0mLRtoLzfBIdU4uSQNaYmP -eG8wCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB -CwUAA4IBAQCaqWIGEPewAZoXKb+eaSa4MdiXujKE1s45UsY2xzGifkbSphdebdyA -5gQPEyEo0/zZXa2eZ9kMdBf36e5LVEXFBdM2emlTUYLFvLI4afcGhIX9cxtdiRR1 -PPONG3MZlVUKYvFatRzdsDjCC1SQwACvPma38oStnb4CCY3W7guTgks1rosm6q6d -zSR0Pp4JAABQaR6Zd6LqnF27Cc1e8fyBv0rkxty45Vpwqk/YhPm9Evd6xF1XnKpc -dOHQwwUNWdi/N1gC4dw6BydOeDoXa6ad6+Eus2M8GpN7Yiy22MQl1d6DdP6yMlBx -FM+uvMUzL20XOIQsyqvphH94FK/Ffw8u +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTg1MjM1WhcN +NDYwNTMwMTg1MjM1WjBpMQ8wDQYDVQQDDAZjbGllbnQxEDAOBgNVBAsMB0RyaXZl +cnMxDDAKBgNVBAoMA01EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UE +CAwITmV3IFlvcmsxCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAs0EiKAUVKY+q3j9NclFK+kGvp2uv1pJh7sTHvvG5S8pKytHK/HLI +6zN3RaL4QqgUxmN7H8VjJ+vyMJd3R8htUXFb//1Y/tnpRIND7dQ2F6VqHTGZvF3Z +ZJCB+QgCiFTGP5DKYJ8oZw2ZE6C8fca0bQ39dBqeyeX9+2NDiFxmOtDGS+ujnx1w +YCEirMkeR1WtMrCp+jK5SuhHrgFHaDFDHDU3RZyP9ODUSfKkPu5xkIMcLf4lb1As +6apKtGTA6uUw+68HSIrwdUghysmG3U4LSMVkJXSzDaszMCKaiKWJn3Cm2hggzvJu +WUIONAiqXfC0TiVTFlF/rFmoIsplcU7LiwIDAQABo2QwYjAdBgNVHQ4EFgQUJD1X +OCILxquIzaglCZR5D4+tImcwHwYDVR0jBBgwFoAUD6vwfiwuX0FJiZ7P7ND/cBWC +rl0wCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB +CwUAA4IBAQBODxEA8m3nXiUu783IWcNGsF2Mzn9vOdL6reTxd3hSqxZfLZi8VfQu +51LY9l3luZ4G+wCK2lcXXtyqNPBRGj8pYLI/KmfYFRMxo+pMDvq8WbALfkvYFvg/ +ZV2VCKvcM4e7IGPe7vx9gTlxVblEGok6t1zzJxCt3TRxi5uUT2tawtkhuZsVaxS9 +rZ1vX/tX7wCnY5dL9/2WXyNwvvpqIM01+u3sSrW9TRHDxGhiXk7h9xlivpET9jvb +Xa4IOq29XGVnTyddAWr0YVZjh7rAaLYY4fy7qrTQijDcdEyj6OVTyk6BXz+7gRgG +Zf70TZTjQH3898e64aClBRa/4v9goUsU -----END CERTIFICATE----- diff --git a/test/certificates/crl.pem b/test/certificates/crl.pem index 9c0f0899ba..b069630870 100644 --- a/test/certificates/crl.pem +++ b/test/certificates/crl.pem @@ -1,12 +1,13 @@ -----BEGIN X509 CRL----- -MIIB0jCBuwIBATANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzERMA8GA1UE +MIIB6DCB0QIBATANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzERMA8GA1UE CAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01v bmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMgVGVzdGlu -ZyBDQRcNMjYwNjA0MTE0MjEwWhcNNDYwNTMwMTE0MjEwWqAOMAwwCgYDVR0UBAMC -AQEwDQYJKoZIhvcNAQELBQADggEBAL9Sx5Q2z3yhREf0RZhpvayV/Ck3UOWqEVT5 -c+3yAjNsQrO2OD4Npks2qoopgSB8dfePZSZOfmzbSwiyPOPMs71VOwH2chmZ+3Xp -oDBPmVWsNzpK4fRbE86GIEwg2aBFLjOt4+KWFVftGDw9+Liozp+AWaBAUZTen8ac -eQLeACqbqvuriwqvtD6KCfVE3CDG+AK9CfCdlO52kpkfVBP/TG6FzRXp984Pa7Fg -ORKWRpHQ3XoQiKB6pUwUQdE5yGit1oXNRzouWRN0tq0BkvErQvq2RqKalwWJ65kx -KCWOrTBfDKS28R1P66Eo4+CaFdX4Xju2yCTQNYrg7MrG7T7TAFM= +ZyBDQRcNMjYwNjA0MTg1MjM1WhcNNDYwNTMwMTg1MjM1WjAUMBICAQEXDTI2MDYw +NDE4NTIzNVqgDjAMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQDOyT3+ +ktzOkBQt3mjCyz7DnzFu+DVh8RH4q1/IvMFtMoLe+QOBb3YzGcdvvbyIIupmrOHV +JsWxkuReJuEYoJxV1B1QNNu1zgqHg1o+gCkFxAFawrPSHHNT7Fp+VDu3Fy7gUcLp +Us1FD+WvRIorJ2NpwLZV862tqvGV1LZ48TsoG0lnW5uOtJN8ivtz8q1H6ZWj1Td2 +PnZx0ojYKH5C6CUSAPjB/jEQv2CnLLu8zOjFVpe0OeJM05xmlY92c6yWe+Ugb7jS +a6kxnblSk0zM7mf+JmV6f52Bvy5bxsYPtnpFE9enV4J+iuVYCE3N4Y9gqTljoxpJ +zEKrPp6XaFLCVRtl -----END X509 CRL----- diff --git a/test/certificates/expired.pem b/test/certificates/expired.pem index df740d80aa..13ed4feca3 100644 --- a/test/certificates/expired.pem +++ b/test/certificates/expired.pem @@ -1,51 +1,51 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDN0dp1gg34rnRb -aBXidThGfUiWvBfsMdeTI2sjlqTiEilUdxy2v6Y5XtaHE7ezK++IqML0YIZSyhM2 -obD6pj455eJ78XcFb4PcDVER9BVr3jQnfkXYsNa/9zr+RtPz2JOWy06taE8oYXp/ -hiS491sXApQwTkWBwJ1SNFyQKBFP1GiMYFShIREf1JySLVhzOw19S9VZxqw/1gaV -JyddZ5GYqJrk+CHjim881TdsH+3bBF/KVuN4taLG7E3+b4WIXbNuMlhxF8NDQjlw -el14rwmwsPO7oPg2Q/41ALyh8P58qDb67L5G8HQIkw+rnqeWWUV89SqmTyh30/Mp -2V90+vPzAgMBAAECggEAIW2aLyf9L+zZriI6HQqP0MxhVptca/rDuhHwa+/Nfirt -S9rVWY3H/XJnTQ9emyWhemR6gX654ka6wc6XdCY9s2FLHHlL16Cp3brLS4CwB/x8 -zltGadrS44vP045aYgpEx6Lj95XE9tiE26MZt3GepElBcJUN2fSYOJ/o1sBYi3U3 -u1ioODXHKuNFhFN/ebEYibYrv13amKuSIm5HYwNYbUiaT2ZjrGH2PKulILu5BtmM -melqaILSrhhGVPtDOBX9fgK4hPOWy9AY2fu+ZCdgrynX3jLNMnljw/etR9gf8s1T -E8hR5yi6yr5Lc0HwyUierAvdd3oMuPCXbMQ+0pjhOQKBgQD/fPI/eOta6ZX3VhSG -KemMgp6ecwNp17Fm5+0bLEW1nYLe6qScrsi2RISbM1X8vzpTciOmcoNh/w6APc4f -kPuOCNZ9sNaIMXr7UsBMgtzvW776YH08q3kO3AWtCaYQ9Ie/RX/OhnZ6kKg19oFa -vKhqQJVk4oIFZ6tu6SDTm7FDmwKBgQDOO23y41IQAFYiHq21UA8S/egLJOteb/aq -4FITHpl/QiPzyJKQRVk2EhiZ1vhXaiQE6Oes4L5mbA7PEKk3zfqhPbvutHejuoNF -dSo73oRg+MpIFMFKm/ylZBj4VVRnopN5HPNLpW2gKBxoA6/S//xigEztr1Jcd+z1 -ToOObhSyiQKBgQCp5y62lTR3FgX8IQuvGSpOngLcPoJTnfRFChF9U5jcKW6BzitA -Y1/pDnHdQGt7lLQ2EB6zL04+Gj9Le06bYXBYyXnSxoo0sisl/acSeqhwqWO83/QJ -J8Nu5VUE+PiuJ+AqjA5tirA52/9xO4hUjke1uVNgbt2muIWiUXjaIJzm5wKBgCGf -pNxt3YpIU8K6V73w8JQ7G2L9wPYjsQbJDfiaC5Ko+O2dLPAirlnXd3VVjCXMY1T9 -mBAikEhoo710zPIRPiSdyQ8xEzR5iz9+y8T5EYIx7eD0qVL9vaJFgKC0YM+IvRyI -8M3LieULxR3cRAVVwRNaMbCq3fW/g7228FH/dpZpAoGAdZtp3y4SzHWE8PLChm8z -xhHqVvrNjzY8NPAotYUOZJ7Sev+jlXqZp1sr4SI27tVrkJrYVb2lQdIRMMKJk7I4 -AZ68v+dQjGrX7Xrcu+iqIKlFY7HJT6fwr+syjt50RqYSDCPoETldpUyxyXk91r/L -irsU3E19H05+WGokTLkREts= +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCa26rANY8pf+t3 +U06CFjFEHTQ08O8opidSAnPMEGWLuiieIrSM/rMpxzIdk4sOlmj5CvBwvSGKiLhy +nPMGh03QZVfLOAdlspcglmmvLqnLMKGjXOKowqgBkwLRRXy66JTX1e06fXf6Nutw +KAYlGAU4PLTtkAASxbZiogCUeuCDrqtmHLxULzaRcPCUzdn/iiiLPrk9bBnUSfSq +8+0g8paCBAUHr4hV5s0SlCtG8d3b5JfRzyesTJllFbji29Ggeud7tsHVPuQfdZgk +pdL9pGeWG3AQWDC+UqKix+/puS1dnAXPFz+ZPZS06z317rDDb5pFMI35DWaGNcog +MR/0WWadAgMBAAECggEACbc3+IyzsXMa4xbpMUyypRce+CZYnuiDxYetW7N4p4JT +u44qXUE6nOeoO4ZO/miN5/gZez1GfjJTPi+eKL3y8hz1m+SlRCpnBG6jbVAEa6De +t0jj2Joz37tpPRd6uqBOfFcp5dZK4XoyHcyJDCk8ZJmccV4sPwFEDt6ioi4uaVyC +TiXbJooLMX1kiTlm4i9PE9aInKsp05DFz0e4oeOfKUBIFpvXWy4GAJTBAGZwl294 +h02Q2bF0ugKrlOh5lBd2bjloE/+k8zQwrILN8FKvPr9/DhO9fXWf1obmMQD3ETQF +jizxr0OTduMA4oDqagyNGtkM7pE4bGRcAFQN7VNfYQKBgQDVJBGT7AnDItx1evSU +kwr0IOhZ8GenpbVAjKAs7nh5D/gXbWyPUdfJQaCwXraVfDARWbnZiplZzvbzDs5Y +GzRbjQF0n2zOdrJfWicaRV7gDEVKshouBR23cpa9DF08Rx9zPPhdCxuQcljHCz8K +nmaHx1k4OlBbdbP/Q2EhQ6FavQKBgQC5/1o5zLNcBRbyQq4SOYJRJ7IxtqgNNk+C +Opdu+Kr0kFMKK+S+VXzI2VMja+Kfx6kyMqgjI+A0nXUzRw9b4WM3WvlVZ0XYh13a +iBB2D9lY8MjxhBwDHaA8yXKLDBtrd1PSi/zuN1NMGHRwIUEgQWW016RzW7QYBfOo +e6a/NSDpYQKBgQCwsyJPe9PsDq6uRq0Vr4HZOp7mUUPd3KcTSIJSPbFqzC5lXbYu +ay92Dg5lqV+9NiOzfqtxClJv/gEFKDUxHfyeGZwnTzQpRoZCPr9ELFancATSFC1Y +Ea29NCZ7vBBftKcCJn3QxTCo4+NtwIkXCJL/5ei1kMKl0ELVUMrphOP0EQKBgQCr +QyYYHJV2gLU9Qwq3ez60bWHWBsM8zyps1niD1PLNGGtt7TbFzz+ETSAReJCG4Ti5 +IQ3StYEH0YiOO7s3thQ+b0UwT1Rv6U0RIMJPg451J9lPEX8dm1TlQ/R1diN1U73a +G848prLLWaU1blliUvVMjFc/ZUwx5qESHTFP1KLGYQKBgQCzGcsFmd58po5CjjrY +sMvxab6U8FUmZVblCVb/KIepejwJRKbRYaiaqHrcD4m6bXVpRftLEDVPq1g+bvGV +1p070ta9y8Zk8BV/XfCv0HLELE7On//ThPhb7L3d2g0NWqhdOhZ1S4YBFiHYNlci ++XYSyDmJohYdvVxbG/YDqxBGbw== -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID5zCCAs+gAwIBAgIUeclhc3eoIxhcNOU4obPCurzh2rowDQYJKoZIhvcNAQEL +MIID5zCCAs+gAwIBAgIUbEVC5hWQQpWYIXOynGd8Ku7ioaUwDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMDAwMTAxMDAwMDAwWhcN MDEwMTAxMDAwMDAwWjBwMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV BAsMB0RyaXZlcnMxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBAM3R2nWCDfiudFtoFeJ1OEZ9SJa8F+wx15MjayOWpOIS -KVR3HLa/pjle1ocTt7Mr74iowvRghlLKEzahsPqmPjnl4nvxdwVvg9wNURH0FWve -NCd+Rdiw1r/3Ov5G0/PYk5bLTq1oTyhhen+GJLj3WxcClDBORYHAnVI0XJAoEU/U -aIxgVKEhER/UnJItWHM7DX1L1VnGrD/WBpUnJ11nkZiomuT4IeOKbzzVN2wf7dsE -X8pW43i1osbsTf5vhYhds24yWHEXw0NCOXB6XXivCbCw87ug+DZD/jUAvKHw/nyo -NvrsvkbwdAiTD6uep5ZZRXz1KqZPKHfT8ynZX3T68/MCAwEAAaNwMG4wHQYDVR0O -BBYEFF9Iy+JbFAKCo4ATeQWKdiJKty8dMB8GA1UdIwQYMBaAFAyrGYdlc3lY1CvP -iPeUn/U/DOodMCwGA1UdEQQlMCOCCWxvY2FsaG9zdIcEfwAAAYcQAAAAAAAAAAAA -AAAAAAAAATANBgkqhkiG9w0BAQsFAAOCAQEAbLsFZ8XoDBqzWQ8Tki1TaMM15pr5 -rLayr9Qk4lLfAKISLSRQ9IC3UNlKt6wyWAm9dCTywGCY+1lwnpgCeK+Ve7w9A06e -AUN4TVNffHb9LNsu+wj9fvyj6FBINtgBKgNWqjy1tQBoEJsZiIIRN1QKNuEgXEvr -+2aKUysdniTIIeQG5HIFd1TIG+ugabVPXOE4sHdUwXpcY6zcF6za/J3y3UvECOtH -bLIoiq7Zo9CDQE4nN3l4c0WkgaSL1YUFZSa5mLJgqUhn9crN1Ir2edoRg/Mn/Qfa -bWg9TVBBYAqYqfSsygObNywBf7V4sdgc2rRxwqh/TQ6TWvVXyN5tmCnE4w== +BQADggEPADCCAQoCggEBAJrbqsA1jyl/63dTToIWMUQdNDTw7yimJ1ICc8wQZYu6 +KJ4itIz+synHMh2Tiw6WaPkK8HC9IYqIuHKc8waHTdBlV8s4B2WylyCWaa8uqcsw +oaNc4qjCqAGTAtFFfLrolNfV7Tp9d/o263AoBiUYBTg8tO2QABLFtmKiAJR64IOu +q2YcvFQvNpFw8JTN2f+KKIs+uT1sGdRJ9Krz7SDyloIEBQeviFXmzRKUK0bx3dvk +l9HPJ6xMmWUVuOLb0aB653u2wdU+5B91mCSl0v2kZ5YbcBBYML5SoqLH7+m5LV2c +Bc8XP5k9lLTrPfXusMNvmkUwjfkNZoY1yiAxH/RZZp0CAwEAAaNwMG4wHQYDVR0O +BBYEFO8aTHYYTacj20OYic5ESjQNkMKHMB8GA1UdIwQYMBaAFA+r8H4sLl9BSYme +z+zQ/3AVgq5dMCwGA1UdEQQlMCOCCWxvY2FsaG9zdIcEfwAAAYcQAAAAAAAAAAAA +AAAAAAAAATANBgkqhkiG9w0BAQsFAAOCAQEAK7YzbtbkzBrjabmpuScvD6HNPwms +j7S0+eSb1uGyW5OtaH42lXICu4L9AGyIk2cdiY3dEzvvKNYqg9+Q+7Zq7XBtBJNb +xkdw011KJF3npgkDQNJIzYu0hBAeKcbZEKGYomE1p4naWbP4Exrsguikc/YyDdRy +DxgNsze67QMbUSvEPoiwnKXkbJ1OdYaGQQF6OZEmH3ARjfPY/OBx8LYGMfeHiLJU +CF4Sw3Ux8KUP2p5gF+jZAwA0mtcZ5EqowNsQ83dQECkHoN1VR1/mVWe2n9vbP2IQ +DeE4qT6t28ZWVv/ex2Kkt+OVcwdKUgi2ijLPEXH1cwWAIN/iv4jqUwKilA== -----END CERTIFICATE----- diff --git a/test/certificates/gen-certs.sh b/test/certificates/gen-certs.sh index 3cb82d63e4..750830b1b6 100755 --- a/test/certificates/gen-certs.sh +++ b/test/certificates/gen-certs.sh @@ -89,6 +89,8 @@ echo " ca.pem written" # ---------------------------------------------------------------------------- # 2. Server certificate +# Signed via `openssl ca` so the cert is tracked in the database and can +# be revoked, which is required for the tlsCRLFile test. # ---------------------------------------------------------------------------- echo "==> Generating server certificate..." openssl genrsa -out "$TMPDIR/server.key" 2048 2>/dev/null @@ -96,19 +98,22 @@ openssl req -new \ -key "$TMPDIR/server.key" \ -out "$TMPDIR/server.csr" \ -subj "/C=US/ST=New York/L=New York City/O=MongoDB/OU=Drivers/CN=localhost" -openssl x509 -req -days $DAYS \ +openssl ca -config "$TMPDIR/ca.cnf" \ -in "$TMPDIR/server.csr" \ - -CA "$TMPDIR/ca.pem" \ - -CAkey "$TMPDIR/ca.key" \ - -CAcreateserial \ -out "$TMPDIR/server.crt" \ + -extensions v3_server \ -extfile "$TMPDIR/ext.cnf" \ - -extensions v3_server 2>/dev/null + -days $DAYS \ + -batch 2>/dev/null # server.pem = private key + certificate cat "$TMPDIR/server.key" "$TMPDIR/server.crt" > "$SCRIPT_DIR/server.pem" echo " server.pem written" +# Revoke the server cert so crl.pem will block connections when checked. +# This is required by test_tlsCRLFile_support which verifies CRL enforcement. +openssl ca -config "$TMPDIR/ca.cnf" -revoke "$TMPDIR/server.crt" 2>/dev/null + # ---------------------------------------------------------------------------- # 3. Client certificate # ---------------------------------------------------------------------------- @@ -117,12 +122,12 @@ openssl genrsa -out "$TMPDIR/client.key" 2048 2>/dev/null openssl req -new \ -key "$TMPDIR/client.key" \ -out "$TMPDIR/client.csr" \ - -subj "/C=US/ST=New York/L=New York City/O=MDB/OU=Drivers/CN=client" + -subj "/CN=client/OU=Drivers/O=MDB/L=New York City/ST=New York/C=US" openssl x509 -req -days $DAYS \ -in "$TMPDIR/client.csr" \ -CA "$TMPDIR/ca.pem" \ -CAkey "$TMPDIR/ca.key" \ - -CAserial "$TMPDIR/ca.srl" \ + -CAcreateserial \ -out "$TMPDIR/client.crt" \ -extfile "$TMPDIR/ext.cnf" \ -extensions v3_client 2>/dev/null @@ -170,7 +175,7 @@ openssl x509 -req -days $DAYS \ -in "$TMPDIR/wrong_host.csr" \ -CA "$TMPDIR/ca.pem" \ -CAkey "$TMPDIR/ca.key" \ - -CAserial "$TMPDIR/ca.srl" \ + -CAcreateserial \ -out "$TMPDIR/wrong_host.crt" \ -extfile "$TMPDIR/wrong_host_ext.cnf" \ -extensions v3_wrong_host 2>/dev/null @@ -193,7 +198,7 @@ openssl x509 -req \ -in "$TMPDIR/expired.csr" \ -CA "$TMPDIR/ca.pem" \ -CAkey "$TMPDIR/ca.key" \ - -CAserial "$TMPDIR/ca.srl" \ + -CAcreateserial \ -out "$TMPDIR/expired.crt" \ -extfile "$TMPDIR/ext.cnf" \ -extensions v3_server 2>/dev/null diff --git a/test/certificates/password_protected.pem b/test/certificates/password_protected.pem index 7f9dfe45a7..6a8cc84126 100644 --- a/test/certificates/password_protected.pem +++ b/test/certificates/password_protected.pem @@ -1,53 +1,53 @@ -----BEGIN ENCRYPTED PRIVATE KEY----- -MIIFNTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQKb6V8p8vtC23xKAM -DjowVQICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEECts1AXkxzEUdhl5 -4whQx6IEggTQpAjBXy1MHrgeHutm9BlTE6qd8DlAb928ul8M9utdoL8zCqSE/sVQ -vLo/WWjJ8qXzgRLvIQHEkpP1EmZ7aEHin6dWWJbPl1ENN2klC55ZlKf9bfFqtz12 -WSx0ZvEHfG02WPPyspT8uQ4uksL4EM9zap7h1GtOAeyxAQF9TqOdOcQnlnI4nyXH -YDcp7Ge/zSZKQdgNRid9T3Vw4EwGcmpYH3W34q36xcp5Dl88gGdueoMHbMgWYJx3 -Ng1pJ6yVc7CHCByGHT7WsRIeqsjyTHIPjbh66fKUy0tNLV5OJBd7Btm5d2ZzCere -oZGrW1AkWkvMM9KOZLz6UVIs63k1ffaVqrB5Br27K2hQGjuNvvh8mI0KmXCSDQmb -gVMFVCuWHMx6EJCDbuP+xceHs5+Af6KRavi+Lr7VVNom06Gxgjk/+gtAxS1cDt66 -NAmSxUTV+j+6Uva1mA87rfD6L0eYrE2QY8ogQY9HqKivWsj6nbhwVE1C+xU/zDua -FNHSjaRlXNbtCeYHBdBHVpR/SvcicCj/6vwjQd00hwZly0CXkmKmIR0UVx7rM+0q -yindY4Pyja8xqQERZcKGylmqkcGZFumpLoGDzCYqgKP8d0cGJRq5ow+oT3Rqi3Zi -S+oN9J3ls9zE5lHvFeGX/+jtCYs1QFokHoktKfg9OQNSrVLrPisalOL5Uel1VblS -rpmv8Ux5mffT3XLIYXyA817fKPfivrl9Nzgf4hsyk2NtoBIbakHKga7ckwbh6tXa -kbqukeHsRIIjYMixfvL21edcjCSTelFWSndAQPw4gPa7kgUO6+FRUSvr/nYsNAaR -bzw3jmezlT57E+iJyy/qlRJIeLHESUxc9nmhGE5f/5m5O2a1oNDiu8FCqkfDXD8Z -d8BNyD8LQt9quhmLSbz2VYnN9W9LOIF7cRLWGGylUhqA4yvZcpgpTfaCjFpMVuRT -PLpBpUbELlIThr2RnxcRDgEAITLtBCR5ZN2exW+OqSDvtoaIE9j1PCl0IRooieGI -wIcsoO/HGTK5WY7oRXgJ0UOxzB4L7hv5ZBlWtU9PQZwylBYjmE6IWBwUNXx1cpaV -bQpQygGJbGQNiqOYHvwQvMDbnlf1+KzrcXmiD29bTWOQYHO4dvku9uN/NZtynfgB -EmysMi1YTj6YyiIByOJQDvEKSj2XPJ6r7CP1oCpY+GSy8YnYHkWwlMOVkN7TjJX2 -g5ti/UGZpwr0RkhYbqCX4NGoUCrUER22NYsJqirJDHMZVGgpTKIQAklFz6igVjSy -vQyYTfqhCQgVtq+wcOJKQklMNserzXSC0CTkBXKRNfIUUUZxp9eri/eCIl3dPTr1 -boRaYCtlbhyTywuJdn1yVME71uhfyYeFhi1xLxo2myC3vw9natBAyUNCUdOOrKBa -RtO9vQgV9xVBFK8Ju3A3if/Abxxmbgev+ZS/4eOs7YD/VVOlGSYXyLzBT49KDXn1 -6Rwzqy19VHgbDkGr5NmEycYtUNZ46Kwk5zUjzeJ7Wgy07flbsK1MQkU1CapgklR+ -CplCKT5483NeP7n+K/qxTWj281W+/28ajogcmWi6rPew1UvtaTbxI/QH9CZSLnk6 -lUGQ7yoXKT+MB2a58j2ejj6XIQ4oXNyZOAERCD+a4x0VZzmHWqirn4o= +MIIFNTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQhpFDlDzmGd+fd50P +flL5XAICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEMKwzbN1ulJC12iH +g+fJQL0EggTQIo0Du/ojwelIuPvDdWdnpKKQBNpYp2y92a7ACy3Y+jpFS6PrlUrF +2w24xma7e5YmTCOG2x3hj+wYno95pJxVJdQ/MF4BjQs8EKOrTwVD6fcxLuNI/8kP +xUlGQFyhc0KgqvISgVEEOHxkNAlkc6/ieaYHlxq0X07oMNF5AUUdLpnqG1trPolP +5Nfn1HxeSXvF+y2LlBKgcY6+ZLc3wdWGjo8nGDA2XdZUzcqQyFKXqragpHRTlIE0 +8mMv1nlu23x9S8nST63kM3GJ4iX8lVY8m6rBKNhuWUs+xbY+Mho8oH0t5h7Db1Pt +zu+SDFKp2Frtxe7uh0lVN1/m84gD8hBYAIm28aI5QhHEW2XKem/H8U/NLWXDwS8L +sy1jViqwKU5Cd1aDdxi2TMIDUanWaJwWZErUUQ/MaVxQGb3hts8ak8VM2jLNscvw +SadbKyiQGWhpze8OQX+eduOXADrRFFzhxRadCflKxh92AgfIP2LY0P8xKI49dSer +9LLDS7Rewu/S7TJPIUr94smL5qKfOWgYa2rx5heri07T6pniaL1R/Wgt7QsVTbey ++Omql0D3Do69RGEPTMjUFzniR0d/FqQRSl3ofntbDPJz4ydSMRDRt7FMTre6IykA +DRQfJ+/hdcZ4lVLY+5TmO4B2XUlufjX9W7NyYTPdiQoPWb4FHTK9V1J3qz0juv9d +6TvQuVDYkbI9beWiI24O6A0q8KbOh/tgABit8hTKItRxzPL6ZCne5g0wPH/0pGfD +tLO4xvWcEqx16CI3MpQggKyLOZADhgrXv+75ud66WkX8YP7ifYeeoXbcnUUVkt+R +r9SRLHs/2RjzO7IqwSTxow7QxrpbhuO0vQIfeiePeQysvgJBkyLNVewG3tmLRKrx +sIEG5XMqQ3hsF+UduzdWafzIdYUBG0chJts6dTrrWWtjGcWI0fq4p7VOA/juxJ1o +7iA7bWvKO/gb1UIK1B/3/I978YWH5p7rqkxoP2BIfBfvGsnBbNgegoVx/MrMPjHQ +nltvtlKycUCN8Hs7GU/1atygGBOoAamePJTkd2dHbwUhiU4Gp6BRw6OQO1fJEqG6 +xrw2vKwcRjsTqc1uciGNgRApRqAbe4JnBdq0PtXiwt0isEsLeG5QUdcayOAI7OPe +x0TH9u5LMHM/XDfk4dxMqopVcYzPr2Gn1FW+G+WD/KzbfGVS1XeeMHzBDl7R1IJA +3elGHWhDjRHp+eXWdjj/wc+iWaGsDKRi02d3AMeTBlEH/33DcRQsz+xNNUxUG0SX +KfXyjnrgtVLBBpQrLCTEZM7MSH5yrw62Q7nZrmS+jo8wJ3HNCTolunGGtQD+7T9E +xILMm3KMGmq/h3K2Jx7NuI7rE4ePrV/3kBHdDEpfzm2J33mKZjkI+tiWGfFSs8Iu +f2+6CQ+YdBBlJDd1KYvq8luASpEDVMhH97i5HinJr8alZuzJPeGYiE9rzoMtHh/R +l8D7xqY9xheyCtO9vTx+WfuMhQS72h1WLNcEYuziK5SlmXM9joXekd3LW5k8T/y6 +vfpzY7Z3UGSq03wL2IOthf7BNiVDze+cfNDjzWr4ps1R2GrAvP7OtF6WsHlphYCp +sAawhTx3ZaU0pNOk0IVQ3FNTCENq3Fn8sQkPMyWmOhtGvgCjD3mhdIs= -----END ENCRYPTED PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID1DCCArygAwIBAgIUKSPIVx8fGO7AXQ+UCeOeYSt3H9MwDQYJKoZIhvcNAQEL +MIID1DCCArygAwIBAgIUbEVC5hWQQpWYIXOynGd8Ku7ioaMwDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTE0MjEwWhcN -NDYwNTMwMTE0MjEwWjBpMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx -FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxDDAKBgNVBAoMA01EQjEQMA4GA1UECwwH -RHJpdmVyczEPMA0GA1UEAwwGY2xpZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEAp9c06q9VUpvRmaqU6y3z8mjDApdgfDOe9ZCKvTuU2CG3XUG6b09M -ZJSUw7FhNyTGkC+VauLP8r+VLYeSepn0CQvQHRyEJjrIwU2Z0NyngClBnBJ4ieOA -vJ1TA8t7/zVKvJGgDeSZwRZ9AW9wqA0lVGX6xux0X3n5SQnisxPYCQHaFtvxIxvd -C0n804hGrRxwjpal+NXZSdG6AG5IcS/zLy+C/SZsYRmUng8pBgyadPNaEBN6jIIC -L5QPIgg9JsJ1KhWKCZUvBnshto2qdZFr4yHlGGNejjBwhQmSw3lrm4xP/TOwWPVd -eADbwjlJ1ybl9zIo4ya8cApr6cu6QmrfywIDAQABo2QwYjAdBgNVHQ4EFgQU1aKR -s+y020aHbSsTpVcmfLPAqCQwHwYDVR0jBBgwFoAU7R0mLRtoLzfBIdU4uSQNaYmP -eG8wCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB -CwUAA4IBAQCaqWIGEPewAZoXKb+eaSa4MdiXujKE1s45UsY2xzGifkbSphdebdyA -5gQPEyEo0/zZXa2eZ9kMdBf36e5LVEXFBdM2emlTUYLFvLI4afcGhIX9cxtdiRR1 -PPONG3MZlVUKYvFatRzdsDjCC1SQwACvPma38oStnb4CCY3W7guTgks1rosm6q6d -zSR0Pp4JAABQaR6Zd6LqnF27Cc1e8fyBv0rkxty45Vpwqk/YhPm9Evd6xF1XnKpc -dOHQwwUNWdi/N1gC4dw6BydOeDoXa6ad6+Eus2M8GpN7Yiy22MQl1d6DdP6yMlBx -FM+uvMUzL20XOIQsyqvphH94FK/Ffw8u +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTg1MjM1WhcN +NDYwNTMwMTg1MjM1WjBpMQ8wDQYDVQQDDAZjbGllbnQxEDAOBgNVBAsMB0RyaXZl +cnMxDDAKBgNVBAoMA01EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UE +CAwITmV3IFlvcmsxCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAs0EiKAUVKY+q3j9NclFK+kGvp2uv1pJh7sTHvvG5S8pKytHK/HLI +6zN3RaL4QqgUxmN7H8VjJ+vyMJd3R8htUXFb//1Y/tnpRIND7dQ2F6VqHTGZvF3Z +ZJCB+QgCiFTGP5DKYJ8oZw2ZE6C8fca0bQ39dBqeyeX9+2NDiFxmOtDGS+ujnx1w +YCEirMkeR1WtMrCp+jK5SuhHrgFHaDFDHDU3RZyP9ODUSfKkPu5xkIMcLf4lb1As +6apKtGTA6uUw+68HSIrwdUghysmG3U4LSMVkJXSzDaszMCKaiKWJn3Cm2hggzvJu +WUIONAiqXfC0TiVTFlF/rFmoIsplcU7LiwIDAQABo2QwYjAdBgNVHQ4EFgQUJD1X +OCILxquIzaglCZR5D4+tImcwHwYDVR0jBBgwFoAUD6vwfiwuX0FJiZ7P7ND/cBWC +rl0wCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB +CwUAA4IBAQBODxEA8m3nXiUu783IWcNGsF2Mzn9vOdL6reTxd3hSqxZfLZi8VfQu +51LY9l3luZ4G+wCK2lcXXtyqNPBRGj8pYLI/KmfYFRMxo+pMDvq8WbALfkvYFvg/ +ZV2VCKvcM4e7IGPe7vx9gTlxVblEGok6t1zzJxCt3TRxi5uUT2tawtkhuZsVaxS9 +rZ1vX/tX7wCnY5dL9/2WXyNwvvpqIM01+u3sSrW9TRHDxGhiXk7h9xlivpET9jvb +Xa4IOq29XGVnTyddAWr0YVZjh7rAaLYY4fy7qrTQijDcdEyj6OVTyk6BXz+7gRgG +Zf70TZTjQH3898e64aClBRa/4v9goUsU -----END CERTIFICATE----- diff --git a/test/certificates/server.pem b/test/certificates/server.pem index 5540b38ca5..7e8a487c50 100644 --- a/test/certificates/server.pem +++ b/test/certificates/server.pem @@ -1,51 +1,107 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCUPK25g5b88xaz -AOQnx1u2oAANgl66JUXF6EDVYojoyH1f8t7yvEIQ7ZS1bupDuIg1lsypAf0VWFYa -5t+2n066XFr1cOl7W+h4nNoTm4uVV5ExZbs2w+TEvzlP7ef6Jo+p3lxCiuXh86Wf -vk/WuIlcGSUn600HrJaKnCIjHoD98iFXLRZpABS7pF8z+b8FxyJEHiiCi7auBo4I -0QLd4w22yl2cAjGb0Jr83KqqN5oii6L8xWwHrKz47Er154xq4/3rHNBWfbhGtfQT -ixB3W+IY8fOaM+cWNCa9MAtbEqj5x9zYDAnCmyUxpPywyFONBTftANiO7E0VVLAk -7vWtL/R5AgMBAAECggEABVyFzVjkuXSyqc9qxm7fx/oqJlLvHtJsSfJ9gyTo3hUq -Rlx1aILF7PDQLm5li1ooQFqaP7PyYGGX3lSNW4CQNg39vYoo7QJE+op0b2hyeE34 -0rg4OOHa61bIjuCEQbg//UfX6bw2Vkwb/cFssnptgBGUwMiHj7MpUA1s7/zmyMh5 -WZ194M/Fb8Oi3yuzngUnxqo8fBUVy1e/HMERLJCI1ifOjQ/3LRjDLHS3vSUUHJNK -fEIwFHIuVRKeT15qH1WiQHo9u2Gf/uRoxSuo6ZI4R8+/81ungk0wHbCG9FkA5zZT -6KJb2aeSY/2I4GhSEM7X/mHSrRlPIixzo6fzJd4JgQKBgQDNiH3/+6QKbIFRqNVG -uTOdY1TWuzPrqYIWyHLR1J/65tHxD6rJmzyJ8ETLH9VA85K0btTfzA83fJnRVTz8 -ouuLDeuMug8V2vCGJ4C7XRtp+4JYrKYmYQXGnW8UdsOUfTfFe0W5j71eVopCUIXo -mwhs//cJqQaZBzBIzodipjaHCQKBgQC4oqLm8hhwvrHe1ez63gHPkAkrFGUEwJkU -vF7Y6Rvlxe3Dd7q0v60OyyftKeLqKLyf1XjYaeI1O7Tb+4aCDleI65yF7cp3mLEy -kQU/VVCBZlV1XiJXaS5CJhen/ftaBDAi/qPqmonRjy/yXPZMJqFM+LjonGK+g+ip -tf6U9Hxt8QKBgCDmt5zRsInGotDqoPGIVh3ct8kEAKS55sw03ESAr/dfGb5oDqPl -SMSgBLMrblzOYO6nS0ZkCQ+Nz6W16mRaxC/nU4ycgCu0d4pSKoZTuj6190Cwqow8 -Pct0ikKRXG+Zt+LR//BbdSnz2oARGc6JesjQFMCkIR1ADFerT/rXtqTZAoGAOc65 -4EL2Qf6CpDkobFcsC/eV10YYZseCZkqgC5vYnzU8PxHyg/rrTRFwW8HciOHeRNDK -eD+WkoIyGxoCQCALahQSup/73zwQZrue//hPL2SB5zBk4idNU2qnx3Iuyz06cQp2 -+dIOymzhXymZ97e0kuvgwPuNswaLxu7zWWG+v5ECgYEAxpP+XbrDVAe696v5vQD8 -4w9LmqULtGAZyfLh3K5Fz8yRPP7uHsKivN8niaTWTGIGmD6Bk2aCdYgON0qp4fD6 -ICN+0lLcDPLcFy+qLACCP9BEONlXyihQGhwsQ3Z+n4bNyJ0kO8f/08UFxfz1xsO1 -y5FdRXA63aJyy1dEkpRauaM= +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCu6DrrhOOu7gCe +MG9iQAlcQwVG6RoXz/8lz416skDb5uVvzVfSEfsg4YB5qNLqcs3Hlq2WcAOZY8mY +1jF59xeatiojmqse0kgMr+GOpUiMJ/vCY8uWcgv94L+kJD25Z+Vgmo0Ja/XeBrOv +kHoDQxw3yHrEsUhD2AeZogh2BL77lCLVUIIugPWUfwOHHqjEo47lEW6RsFN8TY5V ++nJQYfIHNRHeLizVklY+5o41QsYukVsB/thTnVbmM//V89tZMUMUhhfj2QOQ9vZP +WklKOmFLn3Mvoc4eR1RXBpYHxvAVweWOheDo+OIWOrIGyGBNX7hGFmRVQeUOUSVT +rQdYfOspAgMBAAECggEASxFJxG5vB9OHOV2BWJIyUkJDgAkolULEd5ZqWtgpZRfm +rgLcJ8Fm3lhaOxzdlRj7v6coTnI54ToGOo3ngzitDU4UrN5DhkFrAeL0tDO0/M5m +S6poJORCyE4PAiQ5x5rTRBBg6sPGrOmEchvYehDyCfEF2+hYoyGTNXlpFzn3O+LD +gy1hYW/U1k6uqSGsMIc5H76+00xWSTPgpI7UcDll42bRO7Tv91QU4MqEqJhAIJ/F +TayPp6xyGT02zHmeliYC7KuYB4f85r055Ahl+97LsKnZKsLCy7wtgEHAZs0WFfWG +nR0b92WdjLdu4fZuJlyE7Lp6dBdAniLYKOi4po8XnwKBgQDx3wtZkmBJcMf7snUT +uUUCJ7A/BtAa9AboxpRBuVIUprzU3Owk9jucjcflcAFyUX4RFTtnZWYbwZDrN53J +jGDzkfUV8Y6c/tOwkYIh7n9OU63k+FOcKecelcDV4k+SptniZtXS8ZJkBJsAEBiu +q4F7r0gQacWBnqaWOMZQvzlVMwKBgQC5H80GJPz6jlenEhuK6ado5OYvHBngpOhT +XH/xOb37nRHPTQHnuUtfv5G3GYRTXA385Bh31PHbikmx+cUOYB+txY6mBWKewaC3 +TVbSkAQNoFnp8+aqgeTY5yegxMzehdBEHXb8614Xo3XguRubuiKvkKLW8Eog5r2J +jQi2CCdGMwKBgQCWeTDSdOI6TlPcHtX/g0+PW6mmTFLDsfVqc8Bgcy7BckogE6FG +DXpgl0Q5VUlRGanYbuEaHlc8BVxnOZ6MeS0H21IiaLlUqqSAQMY43euNizmwLV22 +1crXmErzxWvDzNHYrClypp9wYf0cOOdiI4jWreGjdGpPjagN5Rxbt9uvSQKBgEIt +gBlmN5lKMUNkUbxC8rmoujC1FvsbeIH0Wzhcr/G2oJs+qCOyNaOw0+JkmM1D5yw0 +ThroYN1efiHFbBBLhIeWS/xFiI/AIDfmydbT7N8CJ6JesmLZtHlliOEL+UDDDUSM +U/DuIuDIamc/RQNScvvX9J5pn9ZLJg56AFcyavfJAoGACwAYmEjQyOLZw+PKlNqN +W3Pm8ticsTx0KDdmOZ2VbGbb/olxLhBk11KUiyZwosLjXsMG2k6j34t3Nh9Gqgwp +tBpIFd4ii/IM1PL7yXIEIHnXN6oBT+DAqTzziE7fJhYAEJWYAt43Mzlm/joJzxwN +o1aioRCmCQZCCbzfCmqW9Jo= -----END PRIVATE KEY----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=New York, L=New York City, O=MongoDB, OU=Drivers, CN=Drivers Testing CA + Validity + Not Before: Jun 4 18:52:35 2026 GMT + Not After : May 30 18:52:35 2046 GMT + Subject: C=US, ST=New York, O=MongoDB, OU=Drivers, CN=localhost + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ae:e8:3a:eb:84:e3:ae:ee:00:9e:30:6f:62:40: + 09:5c:43:05:46:e9:1a:17:cf:ff:25:cf:8d:7a:b2: + 40:db:e6:e5:6f:cd:57:d2:11:fb:20:e1:80:79:a8: + d2:ea:72:cd:c7:96:ad:96:70:03:99:63:c9:98:d6: + 31:79:f7:17:9a:b6:2a:23:9a:ab:1e:d2:48:0c:af: + e1:8e:a5:48:8c:27:fb:c2:63:cb:96:72:0b:fd:e0: + bf:a4:24:3d:b9:67:e5:60:9a:8d:09:6b:f5:de:06: + b3:af:90:7a:03:43:1c:37:c8:7a:c4:b1:48:43:d8: + 07:99:a2:08:76:04:be:fb:94:22:d5:50:82:2e:80: + f5:94:7f:03:87:1e:a8:c4:a3:8e:e5:11:6e:91:b0: + 53:7c:4d:8e:55:fa:72:50:61:f2:07:35:11:de:2e: + 2c:d5:92:56:3e:e6:8e:35:42:c6:2e:91:5b:01:fe: + d8:53:9d:56:e6:33:ff:d5:f3:db:59:31:43:14:86: + 17:e3:d9:03:90:f6:f6:4f:5a:49:4a:3a:61:4b:9f: + 73:2f:a1:ce:1e:47:54:57:06:96:07:c6:f0:15:c1: + e5:8e:85:e0:e8:f8:e2:16:3a:b2:06:c8:60:4d:5f: + b8:46:16:64:55:41:e5:0e:51:25:53:ad:07:58:7c: + eb:29 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 3D:58:96:FA:DA:CE:50:8F:26:C1:85:AC:A6:4B:C7:7D:28:7C:27:5B + X509v3 Authority Key Identifier: + 0F:AB:F0:7E:2C:2E:5F:41:49:89:9E:CF:EC:D0:FF:70:15:82:AE:5D + X509v3 Subject Alternative Name: + DNS:localhost, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 65:75:d0:6a:e8:ea:58:55:ae:af:b5:fd:a3:86:d9:c6:a8:3b: + d0:3d:e8:fd:90:66:71:46:33:75:ee:47:73:85:25:88:8c:5c: + ff:74:db:95:2a:d4:16:18:0c:ac:5c:46:b7:32:bd:56:66:1e: + 22:48:a5:5f:c3:01:57:bc:f7:9a:49:a6:92:54:f1:85:9d:5f: + d5:49:18:9a:c3:36:1a:e6:a3:d3:06:18:fa:b8:0a:11:db:ff: + 91:35:42:7e:68:9c:16:31:f2:36:2c:a3:1e:61:36:d4:51:e0: + e0:f8:1a:a9:75:b9:3d:ae:07:5f:9b:8c:1d:5a:69:d4:38:21: + e3:75:93:6d:95:ac:2d:c6:02:7a:97:dd:e1:b5:62:3c:7f:b3: + 6a:e3:2a:c7:18:bb:30:7c:c6:b8:10:69:9e:3c:76:9e:f0:60: + ac:9b:4e:8b:18:1f:4b:89:34:f4:4f:46:3d:57:6a:7a:2f:1d: + 13:77:1d:87:ca:94:92:e0:9e:d8:93:e3:7c:95:15:6c:ce:d1: + 75:bc:dd:2f:9e:6c:dd:59:13:86:80:49:17:67:fe:77:75:51: + 18:6c:cd:70:9a:66:be:41:cc:c2:24:be:75:4a:95:78:67:cd: + 57:cf:d0:c2:0d:0e:ff:ac:f9:f6:37:a6:df:d3:d6:6d:e8:8e: + ae:df:1f:11 -----BEGIN CERTIFICATE----- -MIID5zCCAs+gAwIBAgIUKSPIVx8fGO7AXQ+UCeOeYSt3H9IwDQYJKoZIhvcNAQEL -BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O -ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTE0MjEwWhcN -NDYwNTMwMTE0MjEwWjBwMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx -FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV -BAsMB0RyaXZlcnMxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBAJQ8rbmDlvzzFrMA5CfHW7agAA2CXrolRcXoQNViiOjI -fV/y3vK8QhDtlLVu6kO4iDWWzKkB/RVYVhrm37afTrpcWvVw6Xtb6Hic2hObi5VX -kTFluzbD5MS/OU/t5/omj6neXEKK5eHzpZ++T9a4iVwZJSfrTQesloqcIiMegP3y -IVctFmkAFLukXzP5vwXHIkQeKIKLtq4GjgjRAt3jDbbKXZwCMZvQmvzcqqo3miKL -ovzFbAesrPjsSvXnjGrj/esc0FZ9uEa19BOLEHdb4hjx85oz5xY0Jr0wC1sSqPnH -3NgMCcKbJTGk/LDIU40FN+0A2I7sTRVUsCTu9a0v9HkCAwEAAaNwMG4wHQYDVR0O -BBYEFBOeLQ+CZYYAupW/IQXqUlBMjEdTMB8GA1UdIwQYMBaAFO0dJi0baC83wSHV -OLkkDWmJj3hvMCwGA1UdEQQlMCOCCWxvY2FsaG9zdIcEfwAAAYcQAAAAAAAAAAAA -AAAAAAAAATANBgkqhkiG9w0BAQsFAAOCAQEAP3OaQwijfrhDeJnQEiCLzhuyqh1B -7oWgC9CFG75Qe2VUVXcyIhhgYRE9SNUxv4v8VGEUB1HZmgMBO95xdKGCyIbkPmjI -qyXcGtJwBv4Uj2Fv5pswxMjInCE2qPHK162H2JG1nwRLertiOEvnLca1J9lysaIn -R2O6Ur0AwkWCnssD3z51SYt3xF+veFAMka8elQTMuj6LxerKf6SwaNo2zt24MrKh -zMAHfjrEVAAATUMcDchbcUd2E/DhbdbVEA4r4k4snB9Yg+5PouB824dqiwXiBHu3 -Ka+nFf/Pv+XVjR1pnVbiBaPnYxs+i+z0f3XMN1YMVNZpKF3ure94FQReHQ== +MIIDvDCCAqSgAwIBAgIBATANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER +MA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNV +BAoMB01vbmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMg +VGVzdGluZyBDQTAeFw0yNjA2MDQxODUyMzVaFw00NjA1MzAxODUyMzVaMFgxCzAJ +BgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazEQMA4GA1UECgwHTW9uZ29EQjEQ +MA4GA1UECwwHRHJpdmVyczESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEArug664Tjru4AnjBvYkAJXEMFRukaF8//Jc+N +erJA2+blb81X0hH7IOGAeajS6nLNx5atlnADmWPJmNYxefcXmrYqI5qrHtJIDK/h +jqVIjCf7wmPLlnIL/eC/pCQ9uWflYJqNCWv13gazr5B6A0McN8h6xLFIQ9gHmaII +dgS++5Qi1VCCLoD1lH8Dhx6oxKOO5RFukbBTfE2OVfpyUGHyBzUR3i4s1ZJWPuaO +NULGLpFbAf7YU51W5jP/1fPbWTFDFIYX49kDkPb2T1pJSjphS59zL6HOHkdUVwaW +B8bwFcHljoXg6PjiFjqyBshgTV+4RhZkVUHlDlElU60HWHzrKQIDAQABo3AwbjAd +BgNVHQ4EFgQUPViW+trOUI8mwYWspkvHfSh8J1swHwYDVR0jBBgwFoAUD6vwfiwu +X0FJiZ7P7ND/cBWCrl0wLAYDVR0RBCUwI4IJbG9jYWxob3N0hwR/AAABhxAAAAAA +AAAAAAAAAAAAAAABMA0GCSqGSIb3DQEBCwUAA4IBAQBlddBq6OpYVa6vtf2jhtnG +qDvQPej9kGZxRjN17kdzhSWIjFz/dNuVKtQWGAysXEa3Mr1WZh4iSKVfwwFXvPea +SaaSVPGFnV/VSRiawzYa5qPTBhj6uAoR2/+RNUJ+aJwWMfI2LKMeYTbUUeDg+Bqp +dbk9rgdfm4wdWmnUOCHjdZNtlawtxgJ6l93htWI8f7Nq4yrHGLswfMa4EGmePHae +8GCsm06LGB9LiTT0T0Y9V2p6Lx0Tdx2HypSS4J7Yk+N8lRVsztF1vN0vnmzdWROG +gEkXZ/53dVEYbM1wmma+QczCJL51SpV4Z81Xz9DCDQ7/rPn2N6bf09Zt6I6u3x8R -----END CERTIFICATE----- diff --git a/test/certificates/trusted-ca.pem b/test/certificates/trusted-ca.pem index d10496e8ab..0e6dbd0fe6 100644 --- a/test/certificates/trusted-ca.pem +++ b/test/certificates/trusted-ca.pem @@ -1,23 +1,23 @@ -----BEGIN CERTIFICATE----- -MIID2TCCAsGgAwIBAgIUQCWo/PU6IvM6irHYGWdpa3ARHxYwDQYJKoZIhvcNAQEL +MIID2TCCAsGgAwIBAgIUcDB3/OfLfieyLQ5ZtrTHZZfXYu8wDQYJKoZIhvcNAQEL BQAwfDELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMQ8wDQYDVQQLDAZLZXJuZWwx -HzAdBgNVBAMMFlRydXN0ZWQgS2VybmVsIFRlc3QgQ0EwHhcNMjYwNjA0MTE0MjEw -WhcNNDYwNTMwMTE0MjEwWjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlv +HzAdBgNVBAMMFlRydXN0ZWQgS2VybmVsIFRlc3QgQ0EwHhcNMjYwNjA0MTg1MjM1 +WhcNNDYwNTMwMTg1MjM1WjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlv cmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxDzAN BgNVBAsMBktlcm5lbDEfMB0GA1UEAwwWVHJ1c3RlZCBLZXJuZWwgVGVzdCBDQTCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJyY5r4OksZl5CfOZWo+0gk1 -5sSpAr/B4iQPUdA4jQhi5ITfWjHoCB/qvGxW+HZIVe5ojPjfZ7FSum0RKu3XwM8n -nf3uqedHNq2ECSA+h652/Sv6ddT1qmT+UPSo/iRpAIeummTt6/X1aneIz4UtOfl+ -VU2g6mXUZtre/ZOEHruBOhNm1X+usk9BkGpXaeZWqJrLvEQCfmI+uoFxlt3B4V9G -ck/VLOitsr8zGszPe1b1fKmbah4vCDR7VXZx3K6RvMWihkcNlGriROO2OJIBIK8u -XU5pq5l8ltysSrop9RPGY6CROJXP7GYBI58kA6/GDd9288x+4QPuafif/jefrZkC -AwEAAaNTMFEwHQYDVR0OBBYEFAQGvt0Na7xdR65/dDTJ0VAg1mBVMB8GA1UdIwQY -MBaAFAQGvt0Na7xdR65/dDTJ0VAg1mBVMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI -hvcNAQELBQADggEBAB9VzX0c0Lk2qbKmt4ZQeeUouZhgJmcTFOC3inKqjBVZkLAI -g0iDmdPUzbq0tospuJMNuXdToVcCgQ16Yq5dTcDAHZWcOu8qv41gOGV6Ke0gR7V2 -c5GHJ4TuDVk3SfbuU6+6/P+3CjXWJRJoHM4IfcBMSWJnHSuMjgYQr27NNJdCNroU -0OXr4TqbjzCa3adbzOuQkXPKVq1bmJbfM1V0QBDqtCrvgh5Sl+VxCPJbNyipWGAw -KSAS1vFH1/6C9dD8Ihn9DWXmFPXYZ3kPDbUTKGFaV0rquX4MpYnW7Mcy9SyUuwho -nPyF7IQtRHLCj0eLoLfuayZWgK1c+hZlEZRURLo= +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMxM+57BJzd0yEdwHJcpDT08 +uIAUwXDtqz73n1VUnD4UoBVx2XvyCvofXT1qSTmD9zDG/KwQu7fcWba7maGMcRMr +nz3/fiDO846pPnxgpklCJ5FO46xtZH5pM0WWjIL6+ee4vIzmS1TIURHBjS1DHBah +q0bz/4I/sOo2hUoABwztOJcm8rKx/vAV/ItKjgUUh8GEFUQj87hY3JFaWclkVTse +gPe2uPOxlbZQ7b+GeQt9EX8svg98GVJwxzqYeIIiOcuJKuOwUxuu55LxE5l8mjXt +bKAs73v5Y/mBU8P5VamABrWDI+HCdd0Ku/IBGeQKsjZdAqKcxTt9p9NpYHiyu2cC +AwEAAaNTMFEwHQYDVR0OBBYEFHy2L5ZFBWL44NIxmD0dYC2Vf8UmMB8GA1UdIwQY +MBaAFHy2L5ZFBWL44NIxmD0dYC2Vf8UmMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBAHrAmym51AOPKXfq39qQ1m516SEQv/ZpAnN5HaGIXSBAne1e +sj3n4YOrvZ23UwkeiCGAOCHTzuRXk+Pd+7Ft8C9fOyrYai5R9NeygNJMtgLB3dhm +iPi6oY3XUBUjbP8VCFiRLuhTQjm65Nt9u9pAaPLrtkXKZlrwFfuIOIB1nJI6NBk8 +q94lJoo5XgMgA3RDmuq1u57nzCCUTi77BZkASTPEIQ4s+wYB4XYb12SSPN95Ns6V +863KZQRFBVqz6ZZoZ9OMZzX4paRi9MCbdIhoibhafjbF5je8wujVVqRsD4ALzwUo +Kyss990wYIZDMTes4dVQRRat/qayHbeCSC+wxu8= -----END CERTIFICATE----- diff --git a/test/certificates/wrong-host.pem b/test/certificates/wrong-host.pem index a32e592169..028bc656a4 100644 --- a/test/certificates/wrong-host.pem +++ b/test/certificates/wrong-host.pem @@ -1,51 +1,51 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCrY75NyMLhLJSV -b5Vy8wU5jV/WxLj0Hw/+YfdDHZUJcYBqvhpT6wNaeF+IdqvIijwSmHbqvOXafXny -hk1er8Fqwi77yLhcAY2dBqh/8RUKyG8cqsh8FvEvNiVLg7Im/djpUjKpV2iQfYj/ -BwXRGdSloBw3dMPU27XOIGthYU0TKqY/6nhn/5pi3z0G/1txhaLAV/7PsYR6wxZH -d7kDYi10tWGRl1PqDQrTo9z1JXNT5Bda1YCV3YO/t3FUBT3kXbYImKKgAK7K7IRV -ptmS7w5QJyAGOZutP8I3/CVhDWr1zxm8eFteQ8uPk+CgZJtvuxxSIhMBvRNgHiKQ -YH7u99HzAgMBAAECggEAJlE6brF/wE/zOCWmR/jFJkTRNHbu0sVPEhRc74hhlabm -ivbNdA2KxmM7GItPhJpDK/UiQQDScrKy3OHh0lWA7JlVX71UWl2Oh5jBezku9yYw -kTwtbnDCo0d7txJOdiEyqZdS9EEyg3tNcZbkWgdoX08Yf91/Gsu0Lc1ZtH/Id4wn -v+ITs2B3pv5JWJooHDA1st2qXPCTxqBH5UJqFDBgpbYBDYyOHGWxCfOLZ0KMs+et -cUabDk01tU33GdYElNP6Ca12ZKh6i7UrNmVA40zzVYsQnIdx0qAX+TppkzQs2RxX -SuKAmQnnyxsKepqecm4UdzzXSQO3qnnXubfmYJDfYQKBgQDYuZnecTQ0anaVaNaP -sOxCPcqxZM4NqZdac08nW+vfpJm85l+id9FziY5IUTz8W5ijO8iE5oOZahtzbLZV -jQSq57N+CdClrB1HpPwJhXI/oU2Y6o6MDaQHyZq1RMfh+1A3+O65JkFdR25PAMQQ -ZSASxGLktJiuWImAicFtZAEr7QKBgQDKcuyHaxXYmKDWveWw39VgvFxKFles7KLH -ZzuFKyiBAR+COMheDZjvtDvs7gZyhikvVbPM2BdhuqxWqjTd8rMCXRPTsGpWEFkB -XN0BPoRPKeF1FYRfMJey//xUr6KOILQhKnOO3ijazOJy2BPXD7K/qLNlRVUGXOM3 -8YWOxiv5XwKBgHmq+K7gbqZefmQyjwHsGTa26evc47DX3Jhy06UM/cZ36bcaveW/ -zl5GgxImSU6DPZWmIlQ59PdTkkWialps6InpueKwL+pSTb3C6ZuOxyzhqWaHh68o -mUWl8KyDCJPdOpOxtJNM3rU3PL4td+ScYP0oMzyiBnUaT1dR/r0iv2WhAoGAA8Mz -BilFVKsxggwxcqIWUx/tDytvIbWcKNyQTJ9Kt2sP7NmlT6otB3dwDa02zXYU2d5b -4xi5BoXzogCzztQt44NbVPnYYBUZsl7JdLZ2uwnqOMTXmvVKPHdpdyF0gfO1pVAm -qacTV02rf7roU3zlM46tFtq9A8tCJc4FT2v7cT0CgYEAx7OlCb0GOpjkCbDvgc5w -+9yyUBcUqredtUXyAwKN2PticeTi2fi/hxZ6SOKoX2iNPq0JHeNEZl4EIHLGbnVL -CqWpj/V9UKevYU6VLb/EM3V0kGMCfuFU7huZ2T/MDEfT9sAjSHO1nSLK8AUE8H38 -6NARhxCZKTfN/1T/+aezph8= +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC6zToi+QIWIW24 +xTSa6ZHUy+r71b+6DRpv92hE9/vTNwWXSFYq8LE1g88UE1aamP1B96wDk/439uDS +9nv5Y/E16fnkuktzDFnWgpPrx1V79XC0lkQGXatiX9Tq1k+CzsPkTIhN5lD7Cqv8 +DdfMdSk6i+CEx1mVP9XMfWeXHuAvv9C2OAyy7dC1vLi5Q2MWQ19cU60mWKLt5LU9 +uCB8FcKwVlzBixXS10/9uNdubLRMEav6synALiFQ6y9Nh0T3MwW0HobynDffese1 +yEhoy2TgjdvMOyoS9nrYHlNbIZlxavd2H8XR7XA2usrF/CIP6FCpICalS4oKfdYB +816+J+CdAgMBAAECggEAHzcfQWvZ+OfCJY+ywDZKu8QNsuKfpM/+vHob7vZ/muaF +ZSfd2lQZUMeDaafnn3L0Uzs3f+uRnjl/jVFKGz0juC4up5Wn+QQ12P4+CLbpJos3 +t72qhWPOuWQpOMryQ3oYywQs/NOBccnxPm/zwUNMze9E5/tGEYY2zHKiRmMO9Htv +/F8llJRVVZwDm0dn3UDTOTr3R7owfF+BoR2R8SPKe9PFP91AqPYxqsvff3iozKPw +uHHFS0EpWD1P/FnK+MjOUlpZhkWkZ5Zh2PeWYqk9mKuQOgMTUWfM/96dmzeIMlrA +dKFN2fkqgEkdUK/fPMWLzwbV9PwiZSDLICe+Wna8kQKBgQD6VakPDTYNOGWbTBwF +8j58kc0AVE1CFSyJ9hKXmdAuj0w/X2+IIygb5VD3v6zp4MCLwG64cVeQW2E7mojD +Dg2dfhjvr9Csh8EURs3lwIylf9pi7OSTEmXHv2OIKOlrSdSPn3NQBX+q/8M793/1 +BonAR8lxMOdS2IvN9WVRY4S4OQKBgQC/B3tkLhIi7y8XLZ459Nehg06qm2GAXgse +Nb9vCXqvf9WHdZ1b0hjS8h2CK+BJ1Wn9QpbfLHET8pz8fBPyfJsXC+sD9JxhJ9tU +GU6rlXitrzF4WD4Slyk3mSpO+yqN4ZQGlhqJhW+kGqIDAyV3FncDYDCeSx6O/Qqm +44WRCWeDhQKBgQDfw7QTXTbEiHXiZBzkf821IcrCEZjhifW++DNUScwZ4kNAnnke +knZmwQsn+bCBekICaadOvRmNUvFOCutWl3g6IB4AGgMIRWykSEoBpaTSxr8aEDCc ++iP6caxxaEiFe4BCRUAY9mFRI7+LGcfJ6Oc29bQtto3/ssr89e5z2uYmmQKBgCqH +wOoR88nBVMulRWgD4go8kMQdKf0JcxI7xy4yfxUZsfGhtvIdeZdlfjpgCGSH1jwj +mjF/1IErb9YqzcocAe+EoMNVr4dV91fm9oPvGFoa+jmf89nxu6R8PlYtR1ElWu6I +dsoNYki4AUAIcEvuPXsL7GchtGEDZ162oyMiY+B9AoGAaOBoT/BWxMO1eDG/wTWj +gG3151f4bb5HEBV7s0xhHdhdnTexJTrAZBLkDpWJmj7d8zlvF1CxeJe8nhHFWbr0 +Zp8Resp6crar6P0aCvJz9e1ynmFMMClgdACoEr+MflImVawGnJ82EgsMk1u+6LQb +esBeRYGyOG5ccB0gLfkEKZg= -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID5zCCAs+gAwIBAgIUeclhc3eoIxhcNOU4obPCurzh2rkwDQYJKoZIhvcNAQEL +MIID5zCCAs+gAwIBAgIUbEVC5hWQQpWYIXOynGd8Ku7ioaQwDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTgwNjEwWhcN -NDYwNTMwMTgwNjEwWjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTg1MjM1WhcN +NDYwNTMwMTg1MjM1WjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV BAsMB0RyaXZlcnMxHjAcBgNVBAMMFXdyb25naG9zdC5leGFtcGxlLmNvbTCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKtjvk3IwuEslJVvlXLzBTmNX9bE -uPQfD/5h90MdlQlxgGq+GlPrA1p4X4h2q8iKPBKYduq85dp9efKGTV6vwWrCLvvI -uFwBjZ0GqH/xFQrIbxyqyHwW8S82JUuDsib92OlSMqlXaJB9iP8HBdEZ1KWgHDd0 -w9Tbtc4ga2FhTRMqpj/qeGf/mmLfPQb/W3GFosBX/s+xhHrDFkd3uQNiLXS1YZGX -U+oNCtOj3PUlc1PkF1rVgJXdg7+3cVQFPeRdtgiYoqAArsrshFWm2ZLvDlAnIAY5 -m60/wjf8JWENavXPGbx4W15Dy4+T4KBkm2+7HFIiEwG9E2AeIpBgfu730fMCAwEA -AaNkMGIwHQYDVR0OBBYEFLmrT18i2YXmBZ9Reax2+ICrlb4bMB8GA1UdIwQYMBaA -FAyrGYdlc3lY1CvPiPeUn/U/DOodMCAGA1UdEQQZMBeCFXdyb25naG9zdC5leGFt -cGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEARxNAnJVW20EqXPMFaghwX5dKw+ss -1cG74XxecBo3AM7Y2G4o5aiS5DwpSarokw2nLlpgT9PGbvtSxcB5qFG5eArqKEx8 -x7ECw4V56lXJEAUprkS8AioTGpMJJUVJ+nNx0aztWZWfp9D4txU04eqQ373bL51S -ixJS4ruSk1O5sMEMU1Uh4LB8dkKhvNiqjZVm54QMBtYY85CfdsHDDCeukiScZco9 -nZ/KsprgKal1PJ+vls8XiVZVct1cFU+XEAs90U17p2w0zLu/7IkrJPLNH9ueRX2U -GNI6gmwB9XMVqBn3vnYoutsZl78JIN6xI5ifNPJoI05YhlWJ9V8ZsRV0qA== +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALrNOiL5AhYhbbjFNJrpkdTL6vvV +v7oNGm/3aET3+9M3BZdIVirwsTWDzxQTVpqY/UH3rAOT/jf24NL2e/lj8TXp+eS6 +S3MMWdaCk+vHVXv1cLSWRAZdq2Jf1OrWT4LOw+RMiE3mUPsKq/wN18x1KTqL4ITH +WZU/1cx9Z5ce4C+/0LY4DLLt0LW8uLlDYxZDX1xTrSZYou3ktT24IHwVwrBWXMGL +FdLXT/24125stEwRq/qzKcAuIVDrL02HRPczBbQehvKcN996x7XISGjLZOCN28w7 +KhL2etgeU1shmXFq93YfxdHtcDa6ysX8Ig/oUKkgJqVLigp91gHzXr4n4J0CAwEA +AaNkMGIwHQYDVR0OBBYEFKvLZ/h0emSijTtXoVcPBibT/IQOMB8GA1UdIwQYMBaA +FA+r8H4sLl9BSYmez+zQ/3AVgq5dMCAGA1UdEQQZMBeCFXdyb25naG9zdC5leGFt +cGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAmz0paStjdFmdOOZMFykfwYY4BwOA +dfO5Lnqqoq3TH9mCoca9kNH4bQBhIzPW9aDnaKf2UuABFTcmxR0FL+Vg04+15sYu +hln/wcTDnFe8MZQGB34zaXIYD5L2NJYXuuHqiodC+Ggh20TGGMSXZpfJotJJF8PD +P5B8eQUdH7lR8UTPkxZQfze9u/uyLZkJoQEbLUwM+vw2eecfqOl5jqnTyUhpq8fY +QFmSboi7UZt8ZNdhzEKqaKloDqfo4Ba2hUZDW2Q6eAs8SgNeAZj2Q9LyEkIRoMLX +/g1tY5+oTuwbtVi55+MC5336sA2AmaTyf9dvgyYB1yIzA+KMJiSGc0rKLg== -----END CERTIFICATE----- From 2af05ecc40b79b3e935e73fa178e09888b2c2c68 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Thu, 4 Jun 2026 19:34:58 -0500 Subject: [PATCH 08/12] PYTHON-5040 Fix CSFLE TLS certs and configure-env for Python 3.13 - configure-env.sh: clone blink1073/allow-cert-folder-override branch of drivers-evergreen-tools which adds CSFLE_TLS_WRONG_HOST_FILE and CSFLE_TLS_EXPIRED_FILE support for overriding hardcoded cert paths - setup_tests.py: set all five CSFLE_TLS_* env vars before setup-secrets.sh runs so they flow through csfle/setup_secrets.py into secrets-export.sh; load_config_from_file persists them for the test runner - Regenerate test/certificates/ with: root CA without AKI (avoids macOS CSSMERR_TP_CERT_SUSPENDED), CN-first client subject (fixes x509 auth username), server cert revoked in CRL (fixes tlsCRLFile test), and wrong-host.pem/expired.pem for KMS TLS error tests --- .evergreen/scripts/configure-env.sh | 4 +- .evergreen/scripts/setup_tests.py | 19 ++- test/certificates/ca.pem | 33 +++-- test/certificates/client.pem | 86 ++++++------- test/certificates/crl.pem | 16 +-- test/certificates/expired.pem | 82 ++++++------ test/certificates/gen-certs.sh | 6 +- test/certificates/password_protected.pem | 90 ++++++------- test/certificates/server.pem | 156 +++++++++++------------ test/certificates/trusted-ca.pem | 33 +++-- test/certificates/wrong-host.pem | 86 ++++++------- 11 files changed, 307 insertions(+), 304 deletions(-) diff --git a/.evergreen/scripts/configure-env.sh b/.evergreen/scripts/configure-env.sh index 8dc328aab3..ae5da8c7e9 100755 --- a/.evergreen/scripts/configure-env.sh +++ b/.evergreen/scripts/configure-env.sh @@ -74,8 +74,8 @@ EOT # Write the .env file for drivers-tools. rm -rf $DRIVERS_TOOLS -BRANCH=master -ORG=mongodb-labs +BRANCH=allow-cert-folder-override +ORG=blink1073 git clone --branch $BRANCH https://github.com/$ORG/drivers-evergreen-tools.git $DRIVERS_TOOLS cat < ${DRIVERS_TOOLS}/.env diff --git a/.evergreen/scripts/setup_tests.py b/.evergreen/scripts/setup_tests.py index 29d3c3a78b..1765f03c38 100644 --- a/.evergreen/scripts/setup_tests.py +++ b/.evergreen/scripts/setup_tests.py @@ -380,15 +380,22 @@ def handle_test_env() -> None: if not DRIVERS_TOOLS: raise RuntimeError("Missing DRIVERS_TOOLS") csfle_dir = Path(f"{DRIVERS_TOOLS}/.evergreen/csfle") - run_command(f"bash {csfle_dir.as_posix()}/setup-secrets.sh", cwd=csfle_dir) - load_config_from_file(csfle_dir / "secrets-export.sh") - # Override CSFLE TLS cert paths with our AKI-enabled test/certificates/ - # so mock servers use certs that Python 3.13 TLS validation accepts. + # Set CSFLE TLS cert paths to our AKI-enabled test/certificates/ before + # setup-secrets.sh runs. setup-secrets.sh uses ${VAR:-default} so + # pre-setting these vars causes them to flow into secrets-export.sh via + # csfle/setup_secrets.py (which reads os.environ for these keys). + # load_config_from_file then persists all vars from that file for the + # test runner, so no separate write_env calls are needed. certs = ROOT / "test/certificates" - write_env("CSFLE_TLS_CA_FILE", certs / "ca.pem") - write_env("CSFLE_TLS_CERT_FILE", certs / "server.pem") + os.environ["CSFLE_TLS_CA_FILE"] = str(certs / "ca.pem") + os.environ["CSFLE_TLS_CERT_FILE"] = str(certs / "server.pem") + os.environ["CSFLE_TLS_CLIENT_CERT_FILE"] = str(certs / "client.pem") + os.environ["CSFLE_TLS_WRONG_HOST_FILE"] = str(certs / "wrong-host.pem") + os.environ["CSFLE_TLS_EXPIRED_FILE"] = str(certs / "expired.pem") + run_command(f"bash {csfle_dir.as_posix()}/setup-secrets.sh", cwd=csfle_dir) + load_config_from_file(csfle_dir / "secrets-export.sh") run_command(f"bash {csfle_dir.as_posix()}/start-servers.sh") if sub_test_name == "pyopenssl": diff --git a/test/certificates/ca.pem b/test/certificates/ca.pem index f869356c03..978edcddea 100644 --- a/test/certificates/ca.pem +++ b/test/certificates/ca.pem @@ -1,23 +1,22 @@ -----BEGIN CERTIFICATE----- -MIID0zCCArugAwIBAgIUJseWjXTSpvUEw4c7Gmv15xTidHEwDQYJKoZIhvcNAQEL +MIIDsjCCApqgAwIBAgIULKg2PII+nqQgPEEysgWStNhMZ+UwDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTg1MjM1WhcN -NDYwNTMwMTg1MjM1WjB5MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTk0OTMyWhcN +NDYwNTMwMTk0OTMyWjB5MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV BAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMgVGVzdGluZyBDQTCCASIwDQYJ -KoZIhvcNAQEBBQADggEPADCCAQoCggEBANyGgty8WHa3MAPAhzIFntWTRMx0CgRQ -rAlRwxgA5fmGvB2HQDdXpLmo3g74jt0p4OB+tOC0resv0WAsCSTMkz5suZRrfHk+ -Md1VdxHFl7LpVNtP5XZKIkIwnRB0R6yBPGg9McV5/f3CnYZcMrXtvGsMJF7jWLzf -17k/lHmsUUmFpmLSI0Zir8nRdgAlKSQLeApYudBnPNhCGUJxRtEkVe0EZkH0H2xl -+K6A3Lu8KHRuA0KLKV4rgrMAuFa4TQJjeeZ1LoSouBHslsOxbaQ5f9fqUCO6gjRU -JndsBiDyajI9HWbeKAxJb07lHg/5Zp4VovvosA1rwSQTdfoM7qvEZPUCAwEAAaNT -MFEwHQYDVR0OBBYEFA+r8H4sLl9BSYmez+zQ/3AVgq5dMB8GA1UdIwQYMBaAFA+r -8H4sLl9BSYmez+zQ/3AVgq5dMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL -BQADggEBAHQcCgoZeIcZkk8iEL0cwyeXV/lVrlz0NSoLURJbRwyd18p6xVCMQcg7 -xLk3iljcGSWx9QTrgdpfopLuOvWITl9gfmjHJF5tdA2kEVLZ9nXDZkFKHHGDcM/c -9h/L9X8SgvFGkZOdRLJSXi0QUJgMNCDHyxf/InXntlUI2cXtyfxm8bk2Jsegkw1Y -6jOJbZk+xIm4Qwt3xyYKoQulqp7TWrn0/bcvFcK27P/o9f8Ay06JxwobxRwQAfoq -ZcLea7KGdnvVuYgYea0ZPNNNfeTlgRwTv3KhszMmp5YluA+Pb8idKYfmWYtvYl4f -nynC5NTSKRanQDdqcFUJJqnHNNQLVS8= +KoZIhvcNAQEBBQADggEPADCCAQoCggEBANRxGUwLE/UuYqbxZpRXtywLyHiRezn2 +uXatT/PcKtICvHMFINe4Co1414lnL2qrhGCxANpeIobzE0w3WSKgHweTISV8+RZp +H2x3EYBd15MbdDdYDhBYUuGIH5N2C3gDYbkcZBY2cK4RB/cruuZLHf1WSVFFUvK1 +V6hWs4w87c1H+QxU5RKvX7T0VNH1PmGp5xSbxwjkdVLb0o9YVN4nTE2FAGvuUp+n +zUrZjGMDEjFYELeFVpQGTgXgvw31EzeOMZvXAo4mWzH1V6z0hdZg0RDbAxT5CcAg +157qSLbQi9BC0/O6kcflqgYOWwrkqOsNs3ryx/8lbxtZtCtRC15ynu0CAwEAAaMy +MDAwHQYDVR0OBBYEFMtZaaZbjHw6O5vfyZtBE20tgGMhMA8GA1UdEwEB/wQFMAMB +Af8wDQYJKoZIhvcNAQELBQADggEBAFRTyRmtpoVEst3l2TeovA4BeCv7zdaI3EbS +vOwCqNdJ84biNlTjtRWrrIdFZOAHnseEvkxXxBewzuFL1tXiGFkwr43vXyf/MIVj +inzIK2mViPM8vIhOCQSpStgvUaTrvxK659VoLC85SzcCDhUzT0MqXeYjw4sHsTvj +f6GLg2oLuPCcxkfbk+cGIkL/3Dc7Aaq1mqhlXmqueGtIgNf+TgqOyeUfBQ9EEuQX +IZyQZ4PlMPWZ54YBa97fmW2+5EhY1WQ7SJ8abpjA2tkCvPcjaubUCjsASb1OusQS +UPwefW3YA87ivSK5Z/D9HVzvNQcPkr9a2ennS94t69hgDdo65sc= -----END CERTIFICATE----- diff --git a/test/certificates/client.pem b/test/certificates/client.pem index 39f95c3a60..0dd0fb129d 100644 --- a/test/certificates/client.pem +++ b/test/certificates/client.pem @@ -1,51 +1,51 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCzQSIoBRUpj6re -P01yUUr6Qa+na6/WkmHuxMe+8blLykrK0cr8csjrM3dFovhCqBTGY3sfxWMn6/Iw -l3dHyG1RcVv//Vj+2elEg0Pt1DYXpWodMZm8XdlkkIH5CAKIVMY/kMpgnyhnDZkT -oLx9xrRtDf10Gp7J5f37Y0OIXGY60MZL66OfHXBgISKsyR5HVa0ysKn6MrlK6Eeu -AUdoMUMcNTdFnI/04NRJ8qQ+7nGQgxwt/iVvUCzpqkq0ZMDq5TD7rwdIivB1SCHK -yYbdTgtIxWQldLMNqzMwIpqIpYmfcKbaGCDO8m5ZQg40CKpd8LROJVMWUX+sWagi -ymVxTsuLAgMBAAECggEAPmpB/eRTK48KRGuPSGxU6pGfm3CMH+8FaZGcKXjad7De -3QMypjdDjV30vEsUHYWQAkoWT4g3z+lAgbnjvxtjMRYDHj31VHvE1OXN68xV72LZ -8YNZT/TvoqwMjY1D8HtwMib0yLLyavuZnvN7XmInZceWxmwUeSF7j6JPG/ZsZDLC -n/ypgxaBv1lrWZaPI0zQAtLrfjk9CMai2vwsvPTw7S9sbkRNfgXOfXtxz+Ngg1Jg -Tppa5GbULytdmxYmEL3zthnmQuJmFTvh8Sp9we80jyq035StvZue7RxeXm6QFF/o -+G9A0KXqfsgG9WuklWSXvXhHBLxIk7GUb3TIh4vWQQKBgQDu4hHcqRfTNwKrADxJ -pkKK/yM4XidkuCn1N/8VIXXpxavQPbshP6e+kyiDlFqgBdEXzKsKJF3T+sRoYaic -NpEVwNf08yAOTnORfKY6r2hEAdf0y4yB2Qv8GT1m9iq2LQSK43G2BlCsh2n+KTZk -/RKm6xs86VBL7qkQRpMfvUOvSwKBgQDAGUVRSDJx3VHLnb4k+6z687btGGYBo/Y+ -p0TAy1lZ7mLWcHfDQgXQ9VbCVQAyGkJrfUpcozMvARDUtzi5DCtEGpA2L0orstIJ -nZw9PLNldYDsfuTLhhBjBLT05ZTXa0PZDXi3Qtw0KWu3sRbZeRvJO+MAZ/zw8kkv -ej4VAXxswQKBgQDtdEkfF/J34PHE+0nyR9NTiYQADw+Hfc0vVUc5QPaNtxEvwX0W -8siSloMqMDjZYo7S4n6OaVHfWiEMRS8ugMs9XWENuvL9ZZxZXRd7tEqnd1Gsovz7 -Qb45DPnNNBuG1T7ztFye/K4KodyJaXwJbMqyo3eC18UahZUGebDbVu5F+wKBgBX6 -Ti3wfqT8V0FeeMSubqn/fCxAIFuLsL6WUI1mNoDNf01dbLZQNW4kw5pUM0OIMZUu -rnVOzqpQCubrV3gEZmbSSzGH04qQWOt0ts1ixnuTJ/7mvbJzUiih/zoNkivbP9Xz -bp447gyhuIs5nY2gB4fMbDo9q3i9n5Xo/HVWyC+BAoGAEqS3DpZLRLRjahMwiEd7 -ojsDa58sp1/q0MyrMuIQvKt6y0MrlGId/TTgr+uLp0PAHZiRcfj+MHYS3q4ftw3M -DKISS1HzC1EDRbrH4IUsJTbqHWTxOQnUWXmeNWuaf3k74H6rsL1er6mq+kG2bKTr -YzZCX2b+WKJ7kbvloaiFfuY= +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDtXBFcwtyqmqPK ++mBDuOxyURSuPSsVn+W2gHij2y145ArA821ivyCXKee/J98mElNXmGAAVpcnSksJ +FvFYz/SH8aHUB9JqczP05dHgCE5EQ6g6D5PF5oiaqac/2VHGqqEs/HRGyNhnROHk +ve0uHVHZUN3UGhTpzAHDRWN7/w5MWXNqRYETaZyI50osBJ+PSkAsgOl4PF1sqXWd +fKLpFkE1V/1Qa0ZsIp8YtXDF9EZp1P1NqoAAsijXIHI5mZefIn9osKeeIluf8/qS +caJRlQ54og/CmRqKK37RLrIV5droBav1OoDE2ANdq7PMVW+CGpUOB00LpNJ5hwrO +ZmCPccV5AgMBAAECggEAAlVUnV0UBsBQ6mKmNhw4BNKruZ/Dz+lbvHzMUs4JhyX0 +vhtWgLFAzIOesdgePzVQaOzIStCPGVWHYc4+LqGStZBoRxmRlbbOtLJaqxFh1ZV1 +rqZvDTO8NYsD6CKGhYWxYmwT54s7Z157uwAr9/dVUeXT3G0qNfcpsEX7GaGy/gih +OudyrWWE23l4EvLr05y/XxdpB7EVTg7XoHqU7auknSuAkqrfNU8w7ylqh8cJZwcM +hDdKeh6NfUc85ONpMU7FTeFlaPcN7Kjvz+hNgX+aGgty3vPzhwn4g5r+eweDFtS0 +JqfoFcj882YEP4EdQG2EU0BZ8s67I/HFN4WBhIZCJQKBgQD9W/+OfyMaGXMF4MEW +X+BxMg3g2cJQR/TG7FLly0boWEgoyUUk7ChPvuYTvfJNUXNEfkc7i4FF7eNNzTnp +VTKfEtxLf/4FsxAexxdJMe61mMnx/FBMYn6VyueNPT9rS1lwOYITclaQPHaDtSYI +wLvuEHktE4X9ViRn+gfsUTFnJQKBgQDv1WE72tQRY4DDrk7ZvKVR351nWWPmWDR1 +veUhpeC3zs9cdRdHeajz6rUpGUQpWV6f+BgwU80BkzgbVU4Qv18xPNDEevCfjPuD +PqQxRI/B0Z5VcbeT2JnqSSF1szOmnA9IZ8FFm/0I4XG6KlAuaaUVWaw+s5qILdn6 +oTgxRpXuxQKBgCvjuQSdX55Q1E0rXyeaGk5hpmfSMUgo/u1K2R13tmPfjziJjVHV +GzKdVkwLNqNQPdCas4pMI2vSxvKeX67dFHTcFo95r66bE2rRgGYsoTaSLkGePObO +lTErwisEdi0HE4pOXAs0XmyEHN+6DMmtYaDe967oV+jH+GyOsrqsYguFAoGAP4HX +T4wwn7IjhK2Bf7KubDG0cot/Ip20toDkTbao/MMssaTn1ytmC8DY29su62wY3G9L +qHBoVsRvFP3PwCuMv3MFLSII2Zbxet15iPpIvuAM9z83h1TR3PIkhBBB2xp0CY4/ +5Xja1iEshklyFfgvmKm4LJpOj0Tk9bL/OD0isqkCgYEA9+jDUU5U2v1gqk6OWiub +HBIpTUP2TL971gVlQrFe/mk+4+GX1vgeHe6xgIQedvombnK7FwyphWWp7+F2C1Ub +7uQN4RtFSft8kow9oF4qgdrWUmu8twi06a+uiKwhhNUSXGkprItR59XIXzQpoYK5 +446o5J4yiqZy/zk+ccgN0aE= -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID1DCCArygAwIBAgIUbEVC5hWQQpWYIXOynGd8Ku7ioaMwDQYJKoZIhvcNAQEL +MIID1DCCArygAwIBAgIUCbg8cGKRX0dJSw6VBWVTBPoft50wDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTg1MjM1WhcN -NDYwNTMwMTg1MjM1WjBpMQ8wDQYDVQQDDAZjbGllbnQxEDAOBgNVBAsMB0RyaXZl +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTk0OTMyWhcN +NDYwNTMwMTk0OTMyWjBpMQ8wDQYDVQQDDAZjbGllbnQxEDAOBgNVBAsMB0RyaXZl cnMxDDAKBgNVBAoMA01EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UE CAwITmV3IFlvcmsxCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEAs0EiKAUVKY+q3j9NclFK+kGvp2uv1pJh7sTHvvG5S8pKytHK/HLI -6zN3RaL4QqgUxmN7H8VjJ+vyMJd3R8htUXFb//1Y/tnpRIND7dQ2F6VqHTGZvF3Z -ZJCB+QgCiFTGP5DKYJ8oZw2ZE6C8fca0bQ39dBqeyeX9+2NDiFxmOtDGS+ujnx1w -YCEirMkeR1WtMrCp+jK5SuhHrgFHaDFDHDU3RZyP9ODUSfKkPu5xkIMcLf4lb1As -6apKtGTA6uUw+68HSIrwdUghysmG3U4LSMVkJXSzDaszMCKaiKWJn3Cm2hggzvJu -WUIONAiqXfC0TiVTFlF/rFmoIsplcU7LiwIDAQABo2QwYjAdBgNVHQ4EFgQUJD1X -OCILxquIzaglCZR5D4+tImcwHwYDVR0jBBgwFoAUD6vwfiwuX0FJiZ7P7ND/cBWC -rl0wCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB -CwUAA4IBAQBODxEA8m3nXiUu783IWcNGsF2Mzn9vOdL6reTxd3hSqxZfLZi8VfQu -51LY9l3luZ4G+wCK2lcXXtyqNPBRGj8pYLI/KmfYFRMxo+pMDvq8WbALfkvYFvg/ -ZV2VCKvcM4e7IGPe7vx9gTlxVblEGok6t1zzJxCt3TRxi5uUT2tawtkhuZsVaxS9 -rZ1vX/tX7wCnY5dL9/2WXyNwvvpqIM01+u3sSrW9TRHDxGhiXk7h9xlivpET9jvb -Xa4IOq29XGVnTyddAWr0YVZjh7rAaLYY4fy7qrTQijDcdEyj6OVTyk6BXz+7gRgG -Zf70TZTjQH3898e64aClBRa/4v9goUsU +MIIBCgKCAQEA7VwRXMLcqpqjyvpgQ7jsclEUrj0rFZ/ltoB4o9steOQKwPNtYr8g +lynnvyffJhJTV5hgAFaXJ0pLCRbxWM/0h/Gh1AfSanMz9OXR4AhOREOoOg+TxeaI +mqmnP9lRxqqhLPx0RsjYZ0Th5L3tLh1R2VDd1BoU6cwBw0Vje/8OTFlzakWBE2mc +iOdKLASfj0pALIDpeDxdbKl1nXyi6RZBNVf9UGtGbCKfGLVwxfRGadT9TaqAALIo +1yByOZmXnyJ/aLCnniJbn/P6knGiUZUOeKIPwpkaiit+0S6yFeXa6AWr9TqAxNgD +XauzzFVvghqVDgdNC6TSeYcKzmZgj3HFeQIDAQABo2QwYjAdBgNVHQ4EFgQUbgzD +I93lHfaMivTtylShgIGRCAcwHwYDVR0jBBgwFoAUy1lppluMfDo7m9/Jm0ETbS2A +YyEwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB +CwUAA4IBAQBNoP5tmkVAQT8+z6TugYjXn5cIGON8Lxpavku39iEr9lWtpfr8Wc30 +uYNzItqJ76sSRruuYVC7TNEldOl33OsW2qaLvjhH9FaGEq+tZszhN3bepAXCbIB8 +mc3jHZw1nUnMf1I26HW5U3HF/qu2sPWbGW4sj4NcTTJ9sJb+KlBRAcowAgLFo4yg +l5zAs1MFoiGa4slk920pU31eEt3zg+14wsxaUrpqTnOm/nZHJJPI0tp7IQsjRI3q +9FCycrgr+w3FnM5dgfggl0O9CBIg10cefRAIBzGE3esmUCjSOvYrvNVlV/yXnv5J +yUoJ6hJYPyB1GbcBwOpUCjnx5noUIKBv -----END CERTIFICATE----- diff --git a/test/certificates/crl.pem b/test/certificates/crl.pem index b069630870..58e2eef08c 100644 --- a/test/certificates/crl.pem +++ b/test/certificates/crl.pem @@ -2,12 +2,12 @@ MIIB6DCB0QIBATANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzERMA8GA1UE CAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01v bmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMgVGVzdGlu -ZyBDQRcNMjYwNjA0MTg1MjM1WhcNNDYwNTMwMTg1MjM1WjAUMBICAQEXDTI2MDYw -NDE4NTIzNVqgDjAMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQDOyT3+ -ktzOkBQt3mjCyz7DnzFu+DVh8RH4q1/IvMFtMoLe+QOBb3YzGcdvvbyIIupmrOHV -JsWxkuReJuEYoJxV1B1QNNu1zgqHg1o+gCkFxAFawrPSHHNT7Fp+VDu3Fy7gUcLp -Us1FD+WvRIorJ2NpwLZV862tqvGV1LZ48TsoG0lnW5uOtJN8ivtz8q1H6ZWj1Td2 -PnZx0ojYKH5C6CUSAPjB/jEQv2CnLLu8zOjFVpe0OeJM05xmlY92c6yWe+Ugb7jS -a6kxnblSk0zM7mf+JmV6f52Bvy5bxsYPtnpFE9enV4J+iuVYCE3N4Y9gqTljoxpJ -zEKrPp6XaFLCVRtl +ZyBDQRcNMjYwNjA0MTk0OTMyWhcNNDYwNTMwMTk0OTMyWjAUMBICAQEXDTI2MDYw +NDE5NDkzMlqgDjAMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQCknpas +Y9CVnP8wAYp/zViQQizwRRD5JtqMCDj8QJTfZ6nTOaRHY3581ulnK8ux/jGeo1WO +QfT1UyS9/CB8PZ4SDpSF1oiKaz3OkEivDeHWvUDYjukHkn1L5Kc/RYEje7/VRRlr +Rouz736sCz+G2BQZSwMpyxEPlozZG4Me4UufCcnkpI0cYRDwKgyUxeP+6xmtWCAK +QG/KzlNgjZPr2jwqlyVxBBtyYweIsJVSEveQQRkjdJYdeyER+vZmCHQSu98VHk0I +SkbaN1CCi56/8uWy8PuZU3FkLweO0gp3XAwh7TXiqVt1SH2gefjyzvyYnsts5Buu +9XP8u5uRAafgdK+k -----END X509 CRL----- diff --git a/test/certificates/expired.pem b/test/certificates/expired.pem index 13ed4feca3..bee2a1a3a7 100644 --- a/test/certificates/expired.pem +++ b/test/certificates/expired.pem @@ -1,51 +1,51 @@ -----BEGIN PRIVATE KEY----- -MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCa26rANY8pf+t3 -U06CFjFEHTQ08O8opidSAnPMEGWLuiieIrSM/rMpxzIdk4sOlmj5CvBwvSGKiLhy -nPMGh03QZVfLOAdlspcglmmvLqnLMKGjXOKowqgBkwLRRXy66JTX1e06fXf6Nutw -KAYlGAU4PLTtkAASxbZiogCUeuCDrqtmHLxULzaRcPCUzdn/iiiLPrk9bBnUSfSq -8+0g8paCBAUHr4hV5s0SlCtG8d3b5JfRzyesTJllFbji29Ggeud7tsHVPuQfdZgk -pdL9pGeWG3AQWDC+UqKix+/puS1dnAXPFz+ZPZS06z317rDDb5pFMI35DWaGNcog -MR/0WWadAgMBAAECggEACbc3+IyzsXMa4xbpMUyypRce+CZYnuiDxYetW7N4p4JT -u44qXUE6nOeoO4ZO/miN5/gZez1GfjJTPi+eKL3y8hz1m+SlRCpnBG6jbVAEa6De -t0jj2Joz37tpPRd6uqBOfFcp5dZK4XoyHcyJDCk8ZJmccV4sPwFEDt6ioi4uaVyC -TiXbJooLMX1kiTlm4i9PE9aInKsp05DFz0e4oeOfKUBIFpvXWy4GAJTBAGZwl294 -h02Q2bF0ugKrlOh5lBd2bjloE/+k8zQwrILN8FKvPr9/DhO9fXWf1obmMQD3ETQF -jizxr0OTduMA4oDqagyNGtkM7pE4bGRcAFQN7VNfYQKBgQDVJBGT7AnDItx1evSU -kwr0IOhZ8GenpbVAjKAs7nh5D/gXbWyPUdfJQaCwXraVfDARWbnZiplZzvbzDs5Y -GzRbjQF0n2zOdrJfWicaRV7gDEVKshouBR23cpa9DF08Rx9zPPhdCxuQcljHCz8K -nmaHx1k4OlBbdbP/Q2EhQ6FavQKBgQC5/1o5zLNcBRbyQq4SOYJRJ7IxtqgNNk+C -Opdu+Kr0kFMKK+S+VXzI2VMja+Kfx6kyMqgjI+A0nXUzRw9b4WM3WvlVZ0XYh13a -iBB2D9lY8MjxhBwDHaA8yXKLDBtrd1PSi/zuN1NMGHRwIUEgQWW016RzW7QYBfOo -e6a/NSDpYQKBgQCwsyJPe9PsDq6uRq0Vr4HZOp7mUUPd3KcTSIJSPbFqzC5lXbYu -ay92Dg5lqV+9NiOzfqtxClJv/gEFKDUxHfyeGZwnTzQpRoZCPr9ELFancATSFC1Y -Ea29NCZ7vBBftKcCJn3QxTCo4+NtwIkXCJL/5ei1kMKl0ELVUMrphOP0EQKBgQCr -QyYYHJV2gLU9Qwq3ez60bWHWBsM8zyps1niD1PLNGGtt7TbFzz+ETSAReJCG4Ti5 -IQ3StYEH0YiOO7s3thQ+b0UwT1Rv6U0RIMJPg451J9lPEX8dm1TlQ/R1diN1U73a -G848prLLWaU1blliUvVMjFc/ZUwx5qESHTFP1KLGYQKBgQCzGcsFmd58po5CjjrY -sMvxab6U8FUmZVblCVb/KIepejwJRKbRYaiaqHrcD4m6bXVpRftLEDVPq1g+bvGV -1p070ta9y8Zk8BV/XfCv0HLELE7On//ThPhb7L3d2g0NWqhdOhZ1S4YBFiHYNlci -+XYSyDmJohYdvVxbG/YDqxBGbw== +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDaBkqdhO2NgX3L +rEVBEA83eTZVqxvJ58NWPMMRjjunUcxVl87gH0Y6idTQPabkgtcm7EqoTp+RHf7S +TQanflcrmpQfjkUo/eE1lQkLWBktIB/ZPk3g5fAGveEaHyJ46P7bmPYRKCRuzyIH +8WtEylVwzkL4fBigG1Ecf5OuHccnarcAWFgEdt34FVeuUkq8WsiaDrZU955yQ2LG +zZOY1OPaLR1G/ZYCLAPgjzjjW6ssgrmBjB8c282glw2f6Wz7V0VU8SWS8LRVwd/O +HDM6NGoGzmSAWNzPjPGwlfhrDkMvm6VfTN83XaWqiezER8a5KqvQ2/+eIojVB8Gs +odmX0pw/AgMBAAECggEAA3OVC9BWaGaT5L0J7aFA9GpdU1bdnkEmhP96QRVk2V3A +o9w+4KpuFLAo59EKCtUNbebQucBg4027wn2IrO8hlyWf0a4RZzg5r/z3gy/2WhIH +nwtO9U/+kETCQwUaKRrbKgPOZXAiv4RU8BZA0fp4BsylH8TrKOG104Mrhdaf1/5f +gUxJohXHk7wNYzUxpl/uOChVom+HkwNAmWGCcr5o9g2Wk5KzWLlNc3hx2TBfldQk +y6pZI1foO9HcVzLAL6uaNUVQSNPfUO9F7USoxLjn1EmJtG/+DMo+hEevQXI/uWkU +IKGhIeS34UpUmcKajCdwPMobgdbCZDPaNy7n0Ys4PQKBgQD3egpKImN3vnXnQT/I +P0KJXISCgX/amhbGbCbEo4piWu9rrUQQUSNhS1j9sYNMCbFY5ALwJbRsNALT58HE +WitSmwUhFzXqiIPryH6uULdWqdv8hkOmxCG6y9yVbPL2ca5tSzKloxDXZS1JOKYH +yHYngaxbnp/o6hTnVJiOuaDuIwKBgQDhiJOnZCIKboSjEYJSO5BEJ1G/qjh40qpM +/filsFw4l6giE8vNJLilWmNuPQR4v3IaN1jemh56iU0/AobO5RRKWk1Ydz/fcJEE +izUi2/93/P6+1oCsKq7e7BOv8gPRFROzxTQRei6DAs/F8bwSZofCT1kFWl7ptFt+ +a/4wO1TlNQKBgF1gVvGR+CX+X05aeE5+UAS0O+tiIXPCIEXOGPKpIlXqKdxfDAd8 +FfVoELPofrn6DkiT/+fM0j7hgQ+jqqEDxMTuaQkLUPSlfeFBTUtIeWThwneN0Yjj +CDcLJLfc2+/RBReIABwvYvNi4at3DG5zXOGbNAV93KhtamW+rbFsqSQxAoGBAIy5 +yNAw9eCmd1K88SFYkztDgYnjr9sMMEFcU5MnSVPypXGmAovdtu1OSi6WGj0x0AO1 +t1kmt4/kLnP7opxkalW+pPZnak6EkahRKHW46l43WclAVQeYlob4rYwiqekDisio +a0XghDcxQO4VWTHuEhXXpwdlDUYsSM7ImdIEo4NlAoGAVoWkYct7h2eN/1wPu7/4 +2ahtxY3MuYwgjwJjytuZu2xdcfckCVQpE84YHoUw9Ui3W9oKqPi9vyCMW7YI940s +07SOFharlJtysSZr8fzJ0sQ8Ub0UtScFcYMsRgrijwk8NadtDuzwOrL1UU33JYox +mn7V5iAY2l8wehayhwWihAA= -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID5zCCAs+gAwIBAgIUbEVC5hWQQpWYIXOynGd8Ku7ioaUwDQYJKoZIhvcNAQEL +MIID5zCCAs+gAwIBAgIUCbg8cGKRX0dJSw6VBWVTBPoft58wDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMDAwMTAxMDAwMDAwWhcN MDEwMTAxMDAwMDAwWjBwMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV BAsMB0RyaXZlcnMxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBAJrbqsA1jyl/63dTToIWMUQdNDTw7yimJ1ICc8wQZYu6 -KJ4itIz+synHMh2Tiw6WaPkK8HC9IYqIuHKc8waHTdBlV8s4B2WylyCWaa8uqcsw -oaNc4qjCqAGTAtFFfLrolNfV7Tp9d/o263AoBiUYBTg8tO2QABLFtmKiAJR64IOu -q2YcvFQvNpFw8JTN2f+KKIs+uT1sGdRJ9Krz7SDyloIEBQeviFXmzRKUK0bx3dvk -l9HPJ6xMmWUVuOLb0aB653u2wdU+5B91mCSl0v2kZ5YbcBBYML5SoqLH7+m5LV2c -Bc8XP5k9lLTrPfXusMNvmkUwjfkNZoY1yiAxH/RZZp0CAwEAAaNwMG4wHQYDVR0O -BBYEFO8aTHYYTacj20OYic5ESjQNkMKHMB8GA1UdIwQYMBaAFA+r8H4sLl9BSYme -z+zQ/3AVgq5dMCwGA1UdEQQlMCOCCWxvY2FsaG9zdIcEfwAAAYcQAAAAAAAAAAAA -AAAAAAAAATANBgkqhkiG9w0BAQsFAAOCAQEAK7YzbtbkzBrjabmpuScvD6HNPwms -j7S0+eSb1uGyW5OtaH42lXICu4L9AGyIk2cdiY3dEzvvKNYqg9+Q+7Zq7XBtBJNb -xkdw011KJF3npgkDQNJIzYu0hBAeKcbZEKGYomE1p4naWbP4Exrsguikc/YyDdRy -DxgNsze67QMbUSvEPoiwnKXkbJ1OdYaGQQF6OZEmH3ARjfPY/OBx8LYGMfeHiLJU -CF4Sw3Ux8KUP2p5gF+jZAwA0mtcZ5EqowNsQ83dQECkHoN1VR1/mVWe2n9vbP2IQ -DeE4qT6t28ZWVv/ex2Kkt+OVcwdKUgi2ijLPEXH1cwWAIN/iv4jqUwKilA== +BQADggEPADCCAQoCggEBANoGSp2E7Y2BfcusRUEQDzd5NlWrG8nnw1Y8wxGOO6dR +zFWXzuAfRjqJ1NA9puSC1ybsSqhOn5Ed/tJNBqd+VyualB+ORSj94TWVCQtYGS0g +H9k+TeDl8Aa94RofInjo/tuY9hEoJG7PIgfxa0TKVXDOQvh8GKAbURx/k64dxydq +twBYWAR23fgVV65SSrxayJoOtlT3nnJDYsbNk5jU49otHUb9lgIsA+CPOONbqyyC +uYGMHxzbzaCXDZ/pbPtXRVTxJZLwtFXB384cMzo0agbOZIBY3M+M8bCV+GsOQy+b +pV9M3zddpaqJ7MRHxrkqq9Db/54iiNUHwayh2ZfSnD8CAwEAAaNwMG4wHQYDVR0O +BBYEFLdAeJ64HzEM3Rb33XIvJhEAKMxfMB8GA1UdIwQYMBaAFMtZaaZbjHw6O5vf +yZtBE20tgGMhMCwGA1UdEQQlMCOCCWxvY2FsaG9zdIcEfwAAAYcQAAAAAAAAAAAA +AAAAAAAAATANBgkqhkiG9w0BAQsFAAOCAQEAQJhjzibpwtZOjNEA8XnEdlQWUEmz +BkkTxNOQkWeClcE/sokv2mIjfp7Yx340wJ7O/CbBNcDUxGksk763HQdTUMIt52Lz +QDjie+TjZYFzmfwFMyGlxHKp9PMoVbxbJN5yVLm4e0Rb7fh5qjap/8mofJCC5Tar +OXz9+vYnVCpAFQmnblptqDp20RqSChMZMWHuLIWDQs5NZszopj6Nr3nFtAQwC6r4 +bVIz/8ulUcOCi+pl1ffO06Pzcda3nyGu1b4j2iG+yKyyViaRuzjCEFEU3WO8YA4Q +sMmKN3HahbyTxcVUaFygPEy+F8erqRWcGoEd0ghNLoFKtI42jZXYATOmJQ== -----END CERTIFICATE----- diff --git a/test/certificates/gen-certs.sh b/test/certificates/gen-certs.sh index 750830b1b6..eb032c7e83 100755 --- a/test/certificates/gen-certs.sh +++ b/test/certificates/gen-certs.sh @@ -22,7 +22,6 @@ DAYS=7300 # ~20 years cat > "$TMPDIR/ext.cnf" << 'EOF' [ v3_ca ] subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid:always,issuer basicConstraints = critical, CA:TRUE [ v3_server ] @@ -214,7 +213,6 @@ echo "==> Generating Trusted Kernel Test CA..." cat > "$TMPDIR/trusted_ext.cnf" << 'EOF' [ v3_trusted_ca ] subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid:always,issuer basicConstraints = critical, CA:TRUE EOF @@ -231,8 +229,8 @@ echo " trusted-ca.pem written" # Verify # ---------------------------------------------------------------------------- echo "" -echo "==> Verifying AKI is present..." -for cert in ca.pem server.pem client.pem wrong-host.pem trusted-ca.pem; do +echo "==> Verifying AKI is present on leaf certs..." +for cert in server.pem client.pem wrong-host.pem; do result=$(openssl x509 -noout -text -in "$SCRIPT_DIR/$cert" 2>/dev/null | grep "Authority Key Identifier" | head -1) if [ -n "$result" ]; then echo " $cert: OK ($result)" diff --git a/test/certificates/password_protected.pem b/test/certificates/password_protected.pem index 6a8cc84126..78428612d3 100644 --- a/test/certificates/password_protected.pem +++ b/test/certificates/password_protected.pem @@ -1,53 +1,53 @@ -----BEGIN ENCRYPTED PRIVATE KEY----- -MIIFNTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQhpFDlDzmGd+fd50P -flL5XAICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEMKwzbN1ulJC12iH -g+fJQL0EggTQIo0Du/ojwelIuPvDdWdnpKKQBNpYp2y92a7ACy3Y+jpFS6PrlUrF -2w24xma7e5YmTCOG2x3hj+wYno95pJxVJdQ/MF4BjQs8EKOrTwVD6fcxLuNI/8kP -xUlGQFyhc0KgqvISgVEEOHxkNAlkc6/ieaYHlxq0X07oMNF5AUUdLpnqG1trPolP -5Nfn1HxeSXvF+y2LlBKgcY6+ZLc3wdWGjo8nGDA2XdZUzcqQyFKXqragpHRTlIE0 -8mMv1nlu23x9S8nST63kM3GJ4iX8lVY8m6rBKNhuWUs+xbY+Mho8oH0t5h7Db1Pt -zu+SDFKp2Frtxe7uh0lVN1/m84gD8hBYAIm28aI5QhHEW2XKem/H8U/NLWXDwS8L -sy1jViqwKU5Cd1aDdxi2TMIDUanWaJwWZErUUQ/MaVxQGb3hts8ak8VM2jLNscvw -SadbKyiQGWhpze8OQX+eduOXADrRFFzhxRadCflKxh92AgfIP2LY0P8xKI49dSer -9LLDS7Rewu/S7TJPIUr94smL5qKfOWgYa2rx5heri07T6pniaL1R/Wgt7QsVTbey -+Omql0D3Do69RGEPTMjUFzniR0d/FqQRSl3ofntbDPJz4ydSMRDRt7FMTre6IykA -DRQfJ+/hdcZ4lVLY+5TmO4B2XUlufjX9W7NyYTPdiQoPWb4FHTK9V1J3qz0juv9d -6TvQuVDYkbI9beWiI24O6A0q8KbOh/tgABit8hTKItRxzPL6ZCne5g0wPH/0pGfD -tLO4xvWcEqx16CI3MpQggKyLOZADhgrXv+75ud66WkX8YP7ifYeeoXbcnUUVkt+R -r9SRLHs/2RjzO7IqwSTxow7QxrpbhuO0vQIfeiePeQysvgJBkyLNVewG3tmLRKrx -sIEG5XMqQ3hsF+UduzdWafzIdYUBG0chJts6dTrrWWtjGcWI0fq4p7VOA/juxJ1o -7iA7bWvKO/gb1UIK1B/3/I978YWH5p7rqkxoP2BIfBfvGsnBbNgegoVx/MrMPjHQ -nltvtlKycUCN8Hs7GU/1atygGBOoAamePJTkd2dHbwUhiU4Gp6BRw6OQO1fJEqG6 -xrw2vKwcRjsTqc1uciGNgRApRqAbe4JnBdq0PtXiwt0isEsLeG5QUdcayOAI7OPe -x0TH9u5LMHM/XDfk4dxMqopVcYzPr2Gn1FW+G+WD/KzbfGVS1XeeMHzBDl7R1IJA -3elGHWhDjRHp+eXWdjj/wc+iWaGsDKRi02d3AMeTBlEH/33DcRQsz+xNNUxUG0SX -KfXyjnrgtVLBBpQrLCTEZM7MSH5yrw62Q7nZrmS+jo8wJ3HNCTolunGGtQD+7T9E -xILMm3KMGmq/h3K2Jx7NuI7rE4ePrV/3kBHdDEpfzm2J33mKZjkI+tiWGfFSs8Iu -f2+6CQ+YdBBlJDd1KYvq8luASpEDVMhH97i5HinJr8alZuzJPeGYiE9rzoMtHh/R -l8D7xqY9xheyCtO9vTx+WfuMhQS72h1WLNcEYuziK5SlmXM9joXekd3LW5k8T/y6 -vfpzY7Z3UGSq03wL2IOthf7BNiVDze+cfNDjzWr4ps1R2GrAvP7OtF6WsHlphYCp -sAawhTx3ZaU0pNOk0IVQ3FNTCENq3Fn8sQkPMyWmOhtGvgCjD3mhdIs= +MIIFNTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQUjmGvGnDzF1d2KML +USvuYgICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEPxe/Opf8jx4H30l +gtFoWwMEggTQVO1+vF+10xVzKQAnX7xtXdNxhpTY0x8QFrx8fniQ2Blf2AmEM4V6 +tknYDhNnb0RY2TQ452cPb1OhYhLtMoGT4ZEkhhm+as+5V90MaJqSiLfDi7hvbOiX +d65kjNqJqS0rbtgFUMV9FtU4PP18Q0BscPNt4CP3fueqS6Zx/7VZEbEz5JqqvLmD ++MxszddisFCpcJvi2V2YW3MsB3Zrj6K2dGpqUFpPiTouDTOKxi7vuRf13F8BFnB0 +gLtgcwp4tbrk+LJYr0Iz4fMMNAYi+0t5eRWh97baQnEnbJaGx9oo2Ef+VwkpEJ9G +4aTrtIh0/LJcrG5SuPRu3FOrArEQItTxiNoHxQsvCvPO/vYTNZA5DAXYisaEGrZB +MMvz8U1tGtiNCJEjoURGOmNPJswTR9DDBu7cXA42vUcFbXZEyJB3pcw3mDu0X9+a +POkD3oXespiPpMfS1Y3WVnrR7DcBZ9DBWdNZ0BSB1kZBrhRUQaXPJ+22IacqtGAk +y/HtovMEw/CeQAdEucG8iIPAGPr8VPY1p7Bz+D+TYFhGlyDhNd7vVHRqtVXXDlQj +eqSwf5n/Gh/f7Q2h1vbzzVHuZ4UoZDP0ZszzGfSA1y8aHLFKHoTrUmvfLGrENh2V +LjcjQLYxnL48qVkClr0tME2fv7P9cPqtIEEXvmzFXT61QrZFiYHCk5HPKoFsBSQl +c7LsuM5X9D7xdV2BrEFXN2awH6z8MgoqdreILm70Ze1pTBM+NzGktMFABcxAXzaQ +llt4oGs8lmGPuQjCnvxPXiLRxj+fLU2YzpzSC2AYEKQ3KRrxYUXGu42oLiIUjK8f +BUsOGnYYGkHCT69WBbgtwl8iC0LDcBObMFFv1IQN4gh7TIZF9bvkCp0S8PNqaT/W +i56cZHVtu86bCBUeNz5SLGnCwGuuvQL53c5fgQuzK9OhxVgNFAsk1YeYcMOFJXvK +oTDqTiQ91aOJPxt88QaxkD/45Vc/EivZ/niB84/32uyT/6ymSzIKtU4ZOBne+Jx9 +MQ1ETkTLG1Qug/gRdJJ+hKuzAOeME1mQ3XbqG8yHVZ6Zkobf95X23yqMq72Ohi4p +BJiE2T4I/F1Cw2hyPOszGV5tXyfcrT2Z7FhJNZReD+gtoYnEeuNNMINYNDagIUNS +PPkwg7JTNOXEHbkGvjoWiAtxnfxpCKU6Fm6kd00vD9Wc9v/QsIBEhrFyvLZk/ucX +I3XYajuoQE/wGphYPuzlOzBOjiQfgVV27CalXJwGHAI/KR8D5lKP0aRwlkLUyU1c +gMlotqKNAxnhr/Nbdj2eo9aCFAW6i8eZIlviW139RWZEp8gRiWcTWQAvV4NhtxxF +4QzopulPmoz4wtQRrlotG+5JW6JqX81+VF53EsiP4C1tnpyxY+MVynAUroeOQvNI +D9aZu3/zA2+ixkrahfoGVSoGTaIAgchRyaEfxfA4YzcdfQkR5dhEJf4u4h5wvUS6 +ZWOA6Ei/NgtjLJXCaQywtseq2KSTgK0R0IyC91mEvR31w1WsMaZxCG9JuJU+Nha2 +R5qIQeMwEOR/+siKxh4QXYK7r70QqFbOkVZDBsaULrMHv66IUceOAjXpuUe4NbV2 +UcDbYWletvU8tKhBdA8SttQib/F2ra5CZVHwrPZOklhTVPQ7qzSDeus= -----END ENCRYPTED PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID1DCCArygAwIBAgIUbEVC5hWQQpWYIXOynGd8Ku7ioaMwDQYJKoZIhvcNAQEL +MIID1DCCArygAwIBAgIUCbg8cGKRX0dJSw6VBWVTBPoft50wDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTg1MjM1WhcN -NDYwNTMwMTg1MjM1WjBpMQ8wDQYDVQQDDAZjbGllbnQxEDAOBgNVBAsMB0RyaXZl +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTk0OTMyWhcN +NDYwNTMwMTk0OTMyWjBpMQ8wDQYDVQQDDAZjbGllbnQxEDAOBgNVBAsMB0RyaXZl cnMxDDAKBgNVBAoMA01EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UE CAwITmV3IFlvcmsxCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEAs0EiKAUVKY+q3j9NclFK+kGvp2uv1pJh7sTHvvG5S8pKytHK/HLI -6zN3RaL4QqgUxmN7H8VjJ+vyMJd3R8htUXFb//1Y/tnpRIND7dQ2F6VqHTGZvF3Z -ZJCB+QgCiFTGP5DKYJ8oZw2ZE6C8fca0bQ39dBqeyeX9+2NDiFxmOtDGS+ujnx1w -YCEirMkeR1WtMrCp+jK5SuhHrgFHaDFDHDU3RZyP9ODUSfKkPu5xkIMcLf4lb1As -6apKtGTA6uUw+68HSIrwdUghysmG3U4LSMVkJXSzDaszMCKaiKWJn3Cm2hggzvJu -WUIONAiqXfC0TiVTFlF/rFmoIsplcU7LiwIDAQABo2QwYjAdBgNVHQ4EFgQUJD1X -OCILxquIzaglCZR5D4+tImcwHwYDVR0jBBgwFoAUD6vwfiwuX0FJiZ7P7ND/cBWC -rl0wCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB -CwUAA4IBAQBODxEA8m3nXiUu783IWcNGsF2Mzn9vOdL6reTxd3hSqxZfLZi8VfQu -51LY9l3luZ4G+wCK2lcXXtyqNPBRGj8pYLI/KmfYFRMxo+pMDvq8WbALfkvYFvg/ -ZV2VCKvcM4e7IGPe7vx9gTlxVblEGok6t1zzJxCt3TRxi5uUT2tawtkhuZsVaxS9 -rZ1vX/tX7wCnY5dL9/2WXyNwvvpqIM01+u3sSrW9TRHDxGhiXk7h9xlivpET9jvb -Xa4IOq29XGVnTyddAWr0YVZjh7rAaLYY4fy7qrTQijDcdEyj6OVTyk6BXz+7gRgG -Zf70TZTjQH3898e64aClBRa/4v9goUsU +MIIBCgKCAQEA7VwRXMLcqpqjyvpgQ7jsclEUrj0rFZ/ltoB4o9steOQKwPNtYr8g +lynnvyffJhJTV5hgAFaXJ0pLCRbxWM/0h/Gh1AfSanMz9OXR4AhOREOoOg+TxeaI +mqmnP9lRxqqhLPx0RsjYZ0Th5L3tLh1R2VDd1BoU6cwBw0Vje/8OTFlzakWBE2mc +iOdKLASfj0pALIDpeDxdbKl1nXyi6RZBNVf9UGtGbCKfGLVwxfRGadT9TaqAALIo +1yByOZmXnyJ/aLCnniJbn/P6knGiUZUOeKIPwpkaiit+0S6yFeXa6AWr9TqAxNgD +XauzzFVvghqVDgdNC6TSeYcKzmZgj3HFeQIDAQABo2QwYjAdBgNVHQ4EFgQUbgzD +I93lHfaMivTtylShgIGRCAcwHwYDVR0jBBgwFoAUy1lppluMfDo7m9/Jm0ETbS2A +YyEwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB +CwUAA4IBAQBNoP5tmkVAQT8+z6TugYjXn5cIGON8Lxpavku39iEr9lWtpfr8Wc30 +uYNzItqJ76sSRruuYVC7TNEldOl33OsW2qaLvjhH9FaGEq+tZszhN3bepAXCbIB8 +mc3jHZw1nUnMf1I26HW5U3HF/qu2sPWbGW4sj4NcTTJ9sJb+KlBRAcowAgLFo4yg +l5zAs1MFoiGa4slk920pU31eEt3zg+14wsxaUrpqTnOm/nZHJJPI0tp7IQsjRI3q +9FCycrgr+w3FnM5dgfggl0O9CBIg10cefRAIBzGE3esmUCjSOvYrvNVlV/yXnv5J +yUoJ6hJYPyB1GbcBwOpUCjnx5noUIKBv -----END CERTIFICATE----- diff --git a/test/certificates/server.pem b/test/certificates/server.pem index 7e8a487c50..5b8a3a424d 100644 --- a/test/certificates/server.pem +++ b/test/certificates/server.pem @@ -1,30 +1,30 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCu6DrrhOOu7gCe -MG9iQAlcQwVG6RoXz/8lz416skDb5uVvzVfSEfsg4YB5qNLqcs3Hlq2WcAOZY8mY -1jF59xeatiojmqse0kgMr+GOpUiMJ/vCY8uWcgv94L+kJD25Z+Vgmo0Ja/XeBrOv -kHoDQxw3yHrEsUhD2AeZogh2BL77lCLVUIIugPWUfwOHHqjEo47lEW6RsFN8TY5V -+nJQYfIHNRHeLizVklY+5o41QsYukVsB/thTnVbmM//V89tZMUMUhhfj2QOQ9vZP -WklKOmFLn3Mvoc4eR1RXBpYHxvAVweWOheDo+OIWOrIGyGBNX7hGFmRVQeUOUSVT -rQdYfOspAgMBAAECggEASxFJxG5vB9OHOV2BWJIyUkJDgAkolULEd5ZqWtgpZRfm -rgLcJ8Fm3lhaOxzdlRj7v6coTnI54ToGOo3ngzitDU4UrN5DhkFrAeL0tDO0/M5m -S6poJORCyE4PAiQ5x5rTRBBg6sPGrOmEchvYehDyCfEF2+hYoyGTNXlpFzn3O+LD -gy1hYW/U1k6uqSGsMIc5H76+00xWSTPgpI7UcDll42bRO7Tv91QU4MqEqJhAIJ/F -TayPp6xyGT02zHmeliYC7KuYB4f85r055Ahl+97LsKnZKsLCy7wtgEHAZs0WFfWG -nR0b92WdjLdu4fZuJlyE7Lp6dBdAniLYKOi4po8XnwKBgQDx3wtZkmBJcMf7snUT -uUUCJ7A/BtAa9AboxpRBuVIUprzU3Owk9jucjcflcAFyUX4RFTtnZWYbwZDrN53J -jGDzkfUV8Y6c/tOwkYIh7n9OU63k+FOcKecelcDV4k+SptniZtXS8ZJkBJsAEBiu -q4F7r0gQacWBnqaWOMZQvzlVMwKBgQC5H80GJPz6jlenEhuK6ado5OYvHBngpOhT -XH/xOb37nRHPTQHnuUtfv5G3GYRTXA385Bh31PHbikmx+cUOYB+txY6mBWKewaC3 -TVbSkAQNoFnp8+aqgeTY5yegxMzehdBEHXb8614Xo3XguRubuiKvkKLW8Eog5r2J -jQi2CCdGMwKBgQCWeTDSdOI6TlPcHtX/g0+PW6mmTFLDsfVqc8Bgcy7BckogE6FG -DXpgl0Q5VUlRGanYbuEaHlc8BVxnOZ6MeS0H21IiaLlUqqSAQMY43euNizmwLV22 -1crXmErzxWvDzNHYrClypp9wYf0cOOdiI4jWreGjdGpPjagN5Rxbt9uvSQKBgEIt -gBlmN5lKMUNkUbxC8rmoujC1FvsbeIH0Wzhcr/G2oJs+qCOyNaOw0+JkmM1D5yw0 -ThroYN1efiHFbBBLhIeWS/xFiI/AIDfmydbT7N8CJ6JesmLZtHlliOEL+UDDDUSM -U/DuIuDIamc/RQNScvvX9J5pn9ZLJg56AFcyavfJAoGACwAYmEjQyOLZw+PKlNqN -W3Pm8ticsTx0KDdmOZ2VbGbb/olxLhBk11KUiyZwosLjXsMG2k6j34t3Nh9Gqgwp -tBpIFd4ii/IM1PL7yXIEIHnXN6oBT+DAqTzziE7fJhYAEJWYAt43Mzlm/joJzxwN -o1aioRCmCQZCCbzfCmqW9Jo= +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCtbTLMvCR2XPs1 +J01nXbnpvcWwwBWQuWwbMZlqNvZPiAgQgjuRmzTlvB/MMgbTPb8mynE9HtnjW0Kq +HDqAXUvBstGSd67Pjd9WCTLcV+JJ7IufUp7SuaijGlVLgtDTNoJ2s4lUN5DWZyx5 +EL8uHH1fXaNurDglGC//F2shUhNlO8xpZXMaKahJZwmsU7aeA9xvrudGwkYQm8Vl ++Zrj24t4J4Oy+7TJEzVZ8lH3wZ9FkG/eiozURmL9uK8bG6DmhqztEKZFpy5LUBY/ +RL2Y1Mcxec0wHxSamRslx3dAcnCutR3A4bs8OoXIwoZoIEQDOFoge67q8sl5lyaZ +SpmsJEq/AgMBAAECggEAALAiN3W3n1CXHordX7+bcTXzhtP8Qeq6ZxE3TpiROZeM +kKQzoExBVXf9mE3KgSQJkhnTgS6SJrjB9vLNuJymJEqVUkNvShuB+1FmBkHDABAU +LbmiL6vU43DDTd1i/rOEqPvlW5Qs2uzl3EUYvRIX3Tz93P6J6nvCFPz+y88LjKdC +aCsA60Hd+cQQ9dJa2qZ5db4YkU2cwGFdMtLEsdGy7SKviOscaTWDFoy6LR+lgqRN +jGoUOSCSzfyXcsDl2Cu36jnQWj7d6tmhTPkdRMPXEvFj7+s0xmB6Z/I3kMFHBCJq +6dAJ2if07JOiPK+AgFAQiK0DndqyTV5FJD21jlmEIQKBgQDY68V7bktXS0nquPGZ +WKnBm/vyulH1PwpTFQHyPAzEUU0jjRaEKYHhTzZu0728HZi8Yw24X3BtcxSQVHeb +8Hz1JCpvVPp+G/jxa+qxwz0upBJPy8rfz7N4R0OjSxVKe/7zu+cl7gAyb0hyo3cf +3pFOGRw5LwlA6dv7U9eOrPGS5QKBgQDMq39juOEKdjIRRsPpFMhF77SefnobqBm8 +9mpZTs4LQNXG8BcUvS6S/xmyDocznFYJbBm9m2+gUCidc5edgkimHdfcTAccxXKQ +ihTimWxubXB4KhhyP9EsTC2ppcPGSO49fCosvqmCFflGp2EUkl9SMSv40UP2xk5b +/7BJ9EvY0wKBgGwMZH2q3pRIyDTGknETnNr3W3P4IsLJ99aSbDnAd4uCA65lpIWI +N02HK1Hg3m1JQL71h+wCffnGjMOnjzx5eYSR0yFJbsxKGqIGYwzQdzU4PHbKx+7b +gkWzGZnI2H4VbVTyj5xxBGAa1jdj/P4+2pnQICLLrwxKcGyrwn8q3dmRAoGAckKP +1LFC2R9RJjn2ZyoWAI0orY74RnZbIBYFGySWfMvOTMh+ajKPTLsjsjbQHez6TzpN +SH/9GmeFtRjyHJm+SxbACplbIyHLqouby0FRunhYYI1HpoigEvXYTCxhllHixuqJ +dP9gDGKODnalCOIKWw1eegMByUO+PTgKR88dhMcCgYA6LNAlqxBwO6dTPQFvGlqS +d67iKwyjbK06iyjvcNf2q4/jh8MC8au8gHDxXG+I5Gp3nMXncuG4GG5Ii/tKX3kt +/6B3b3tlFmdsAmI8xEpiHhDBDXINLRs+w7rkl5oNduHKkCWd9r9KduupJDvTo78h +9yuZwMwRFAIPx9P3YL1SeA== -----END PRIVATE KEY----- Certificate: Data: @@ -33,75 +33,75 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=New York, L=New York City, O=MongoDB, OU=Drivers, CN=Drivers Testing CA Validity - Not Before: Jun 4 18:52:35 2026 GMT - Not After : May 30 18:52:35 2046 GMT + Not Before: Jun 4 19:49:32 2026 GMT + Not After : May 30 19:49:32 2046 GMT Subject: C=US, ST=New York, O=MongoDB, OU=Drivers, CN=localhost Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:ae:e8:3a:eb:84:e3:ae:ee:00:9e:30:6f:62:40: - 09:5c:43:05:46:e9:1a:17:cf:ff:25:cf:8d:7a:b2: - 40:db:e6:e5:6f:cd:57:d2:11:fb:20:e1:80:79:a8: - d2:ea:72:cd:c7:96:ad:96:70:03:99:63:c9:98:d6: - 31:79:f7:17:9a:b6:2a:23:9a:ab:1e:d2:48:0c:af: - e1:8e:a5:48:8c:27:fb:c2:63:cb:96:72:0b:fd:e0: - bf:a4:24:3d:b9:67:e5:60:9a:8d:09:6b:f5:de:06: - b3:af:90:7a:03:43:1c:37:c8:7a:c4:b1:48:43:d8: - 07:99:a2:08:76:04:be:fb:94:22:d5:50:82:2e:80: - f5:94:7f:03:87:1e:a8:c4:a3:8e:e5:11:6e:91:b0: - 53:7c:4d:8e:55:fa:72:50:61:f2:07:35:11:de:2e: - 2c:d5:92:56:3e:e6:8e:35:42:c6:2e:91:5b:01:fe: - d8:53:9d:56:e6:33:ff:d5:f3:db:59:31:43:14:86: - 17:e3:d9:03:90:f6:f6:4f:5a:49:4a:3a:61:4b:9f: - 73:2f:a1:ce:1e:47:54:57:06:96:07:c6:f0:15:c1: - e5:8e:85:e0:e8:f8:e2:16:3a:b2:06:c8:60:4d:5f: - b8:46:16:64:55:41:e5:0e:51:25:53:ad:07:58:7c: - eb:29 + 00:ad:6d:32:cc:bc:24:76:5c:fb:35:27:4d:67:5d: + b9:e9:bd:c5:b0:c0:15:90:b9:6c:1b:31:99:6a:36: + f6:4f:88:08:10:82:3b:91:9b:34:e5:bc:1f:cc:32: + 06:d3:3d:bf:26:ca:71:3d:1e:d9:e3:5b:42:aa:1c: + 3a:80:5d:4b:c1:b2:d1:92:77:ae:cf:8d:df:56:09: + 32:dc:57:e2:49:ec:8b:9f:52:9e:d2:b9:a8:a3:1a: + 55:4b:82:d0:d3:36:82:76:b3:89:54:37:90:d6:67: + 2c:79:10:bf:2e:1c:7d:5f:5d:a3:6e:ac:38:25:18: + 2f:ff:17:6b:21:52:13:65:3b:cc:69:65:73:1a:29: + a8:49:67:09:ac:53:b6:9e:03:dc:6f:ae:e7:46:c2: + 46:10:9b:c5:65:f9:9a:e3:db:8b:78:27:83:b2:fb: + b4:c9:13:35:59:f2:51:f7:c1:9f:45:90:6f:de:8a: + 8c:d4:46:62:fd:b8:af:1b:1b:a0:e6:86:ac:ed:10: + a6:45:a7:2e:4b:50:16:3f:44:bd:98:d4:c7:31:79: + cd:30:1f:14:9a:99:1b:25:c7:77:40:72:70:ae:b5: + 1d:c0:e1:bb:3c:3a:85:c8:c2:86:68:20:44:03:38: + 5a:20:7b:ae:ea:f2:c9:79:97:26:99:4a:99:ac:24: + 4a:bf Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 3D:58:96:FA:DA:CE:50:8F:26:C1:85:AC:A6:4B:C7:7D:28:7C:27:5B + 99:CA:D6:55:64:61:E3:D9:76:00:D1:9B:A1:D7:49:17:8D:5B:6E:DA X509v3 Authority Key Identifier: - 0F:AB:F0:7E:2C:2E:5F:41:49:89:9E:CF:EC:D0:FF:70:15:82:AE:5D + CB:59:69:A6:5B:8C:7C:3A:3B:9B:DF:C9:9B:41:13:6D:2D:80:63:21 X509v3 Subject Alternative Name: DNS:localhost, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1 Signature Algorithm: sha256WithRSAEncryption Signature Value: - 65:75:d0:6a:e8:ea:58:55:ae:af:b5:fd:a3:86:d9:c6:a8:3b: - d0:3d:e8:fd:90:66:71:46:33:75:ee:47:73:85:25:88:8c:5c: - ff:74:db:95:2a:d4:16:18:0c:ac:5c:46:b7:32:bd:56:66:1e: - 22:48:a5:5f:c3:01:57:bc:f7:9a:49:a6:92:54:f1:85:9d:5f: - d5:49:18:9a:c3:36:1a:e6:a3:d3:06:18:fa:b8:0a:11:db:ff: - 91:35:42:7e:68:9c:16:31:f2:36:2c:a3:1e:61:36:d4:51:e0: - e0:f8:1a:a9:75:b9:3d:ae:07:5f:9b:8c:1d:5a:69:d4:38:21: - e3:75:93:6d:95:ac:2d:c6:02:7a:97:dd:e1:b5:62:3c:7f:b3: - 6a:e3:2a:c7:18:bb:30:7c:c6:b8:10:69:9e:3c:76:9e:f0:60: - ac:9b:4e:8b:18:1f:4b:89:34:f4:4f:46:3d:57:6a:7a:2f:1d: - 13:77:1d:87:ca:94:92:e0:9e:d8:93:e3:7c:95:15:6c:ce:d1: - 75:bc:dd:2f:9e:6c:dd:59:13:86:80:49:17:67:fe:77:75:51: - 18:6c:cd:70:9a:66:be:41:cc:c2:24:be:75:4a:95:78:67:cd: - 57:cf:d0:c2:0d:0e:ff:ac:f9:f6:37:a6:df:d3:d6:6d:e8:8e: - ae:df:1f:11 + be:88:47:6a:1f:07:13:1a:5a:5e:08:1a:1f:b4:9c:2b:21:7c: + 4d:6d:c2:8b:b0:af:50:7c:87:b7:23:13:3f:1d:ff:c1:f4:52: + a6:c1:93:d6:85:ee:8d:ed:93:4f:35:c5:87:fa:8f:23:dd:11: + d0:76:32:8a:15:ef:53:ce:cc:e4:89:bc:9a:23:5d:8c:81:b7: + 10:2a:e6:c1:39:d5:f8:88:39:66:93:e3:2f:7c:55:34:d1:c9: + 6e:71:77:30:b1:32:49:35:59:f9:d8:16:c8:ad:77:33:5f:18: + c5:75:3f:e5:8a:ed:5a:d3:8b:21:5c:68:66:fd:62:c3:e7:46: + cb:b4:a6:bf:fe:f8:77:68:8b:c9:c3:a6:7a:1b:af:ee:ce:b1: + 8f:49:8e:a3:a5:c5:a9:d7:68:dc:97:54:d6:f2:f0:59:00:41: + 66:1a:c2:7d:26:da:dd:96:fd:ba:98:da:a3:88:86:17:93:4b: + 4f:b1:65:2c:20:c0:ad:46:73:b8:88:54:2f:0f:39:bc:e9:c8: + d5:3b:69:33:43:75:a3:3b:20:46:e3:fc:f2:8c:0f:11:55:ae: + 02:ef:05:9e:59:bb:ad:e8:b9:cd:f9:7b:5a:5d:93:fa:46:f6: + e0:29:c2:95:7d:30:22:fb:56:53:4a:82:c3:7b:88:49:f0:a1: + a6:ae:c1:c0 -----BEGIN CERTIFICATE----- MIIDvDCCAqSgAwIBAgIBATANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER MA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNV BAoMB01vbmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMg -VGVzdGluZyBDQTAeFw0yNjA2MDQxODUyMzVaFw00NjA1MzAxODUyMzVaMFgxCzAJ +VGVzdGluZyBDQTAeFw0yNjA2MDQxOTQ5MzJaFw00NjA1MzAxOTQ5MzJaMFgxCzAJ BgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazEQMA4GA1UECgwHTW9uZ29EQjEQ MA4GA1UECwwHRHJpdmVyczESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG -9w0BAQEFAAOCAQ8AMIIBCgKCAQEArug664Tjru4AnjBvYkAJXEMFRukaF8//Jc+N -erJA2+blb81X0hH7IOGAeajS6nLNx5atlnADmWPJmNYxefcXmrYqI5qrHtJIDK/h -jqVIjCf7wmPLlnIL/eC/pCQ9uWflYJqNCWv13gazr5B6A0McN8h6xLFIQ9gHmaII -dgS++5Qi1VCCLoD1lH8Dhx6oxKOO5RFukbBTfE2OVfpyUGHyBzUR3i4s1ZJWPuaO -NULGLpFbAf7YU51W5jP/1fPbWTFDFIYX49kDkPb2T1pJSjphS59zL6HOHkdUVwaW -B8bwFcHljoXg6PjiFjqyBshgTV+4RhZkVUHlDlElU60HWHzrKQIDAQABo3AwbjAd -BgNVHQ4EFgQUPViW+trOUI8mwYWspkvHfSh8J1swHwYDVR0jBBgwFoAUD6vwfiwu -X0FJiZ7P7ND/cBWCrl0wLAYDVR0RBCUwI4IJbG9jYWxob3N0hwR/AAABhxAAAAAA -AAAAAAAAAAAAAAABMA0GCSqGSIb3DQEBCwUAA4IBAQBlddBq6OpYVa6vtf2jhtnG -qDvQPej9kGZxRjN17kdzhSWIjFz/dNuVKtQWGAysXEa3Mr1WZh4iSKVfwwFXvPea -SaaSVPGFnV/VSRiawzYa5qPTBhj6uAoR2/+RNUJ+aJwWMfI2LKMeYTbUUeDg+Bqp -dbk9rgdfm4wdWmnUOCHjdZNtlawtxgJ6l93htWI8f7Nq4yrHGLswfMa4EGmePHae -8GCsm06LGB9LiTT0T0Y9V2p6Lx0Tdx2HypSS4J7Yk+N8lRVsztF1vN0vnmzdWROG -gEkXZ/53dVEYbM1wmma+QczCJL51SpV4Z81Xz9DCDQ7/rPn2N6bf09Zt6I6u3x8R +9w0BAQEFAAOCAQ8AMIIBCgKCAQEArW0yzLwkdlz7NSdNZ1256b3FsMAVkLlsGzGZ +ajb2T4gIEII7kZs05bwfzDIG0z2/JspxPR7Z41tCqhw6gF1LwbLRkneuz43fVgky +3FfiSeyLn1Ke0rmooxpVS4LQ0zaCdrOJVDeQ1mcseRC/Lhx9X12jbqw4JRgv/xdr +IVITZTvMaWVzGimoSWcJrFO2ngPcb67nRsJGEJvFZfma49uLeCeDsvu0yRM1WfJR +98GfRZBv3oqM1EZi/bivGxug5oas7RCmRacuS1AWP0S9mNTHMXnNMB8UmpkbJcd3 +QHJwrrUdwOG7PDqFyMKGaCBEAzhaIHuu6vLJeZcmmUqZrCRKvwIDAQABo3AwbjAd +BgNVHQ4EFgQUmcrWVWRh49l2ANGboddJF41bbtowHwYDVR0jBBgwFoAUy1lppluM +fDo7m9/Jm0ETbS2AYyEwLAYDVR0RBCUwI4IJbG9jYWxob3N0hwR/AAABhxAAAAAA +AAAAAAAAAAAAAAABMA0GCSqGSIb3DQEBCwUAA4IBAQC+iEdqHwcTGlpeCBoftJwr +IXxNbcKLsK9QfIe3IxM/Hf/B9FKmwZPWhe6N7ZNPNcWH+o8j3RHQdjKKFe9Tzszk +ibyaI12MgbcQKubBOdX4iDlmk+MvfFU00clucXcwsTJJNVn52BbIrXczXxjFdT/l +iu1a04shXGhm/WLD50bLtKa//vh3aIvJw6Z6G6/uzrGPSY6jpcWp12jcl1TW8vBZ +AEFmGsJ9Jtrdlv26mNqjiIYXk0tPsWUsIMCtRnO4iFQvDzm86cjVO2kzQ3WjOyBG +4/zyjA8RVa4C7wWeWbut6LnN+XtaXZP6RvbgKcKVfTAi+1ZTSoLDe4hJ8KGmrsHA -----END CERTIFICATE----- diff --git a/test/certificates/trusted-ca.pem b/test/certificates/trusted-ca.pem index 0e6dbd0fe6..26504fb0a5 100644 --- a/test/certificates/trusted-ca.pem +++ b/test/certificates/trusted-ca.pem @@ -1,23 +1,22 @@ -----BEGIN CERTIFICATE----- -MIID2TCCAsGgAwIBAgIUcDB3/OfLfieyLQ5ZtrTHZZfXYu8wDQYJKoZIhvcNAQEL +MIIDuDCCAqCgAwIBAgIUXyhWrw0JtVLpIVRkT9Mo+GDBODEwDQYJKoZIhvcNAQEL BQAwfDELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMQ8wDQYDVQQLDAZLZXJuZWwx -HzAdBgNVBAMMFlRydXN0ZWQgS2VybmVsIFRlc3QgQ0EwHhcNMjYwNjA0MTg1MjM1 -WhcNNDYwNTMwMTg1MjM1WjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlv +HzAdBgNVBAMMFlRydXN0ZWQgS2VybmVsIFRlc3QgQ0EwHhcNMjYwNjA0MTk0OTMy +WhcNNDYwNTMwMTk0OTMyWjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlv cmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxDzAN BgNVBAsMBktlcm5lbDEfMB0GA1UEAwwWVHJ1c3RlZCBLZXJuZWwgVGVzdCBDQTCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMxM+57BJzd0yEdwHJcpDT08 -uIAUwXDtqz73n1VUnD4UoBVx2XvyCvofXT1qSTmD9zDG/KwQu7fcWba7maGMcRMr -nz3/fiDO846pPnxgpklCJ5FO46xtZH5pM0WWjIL6+ee4vIzmS1TIURHBjS1DHBah -q0bz/4I/sOo2hUoABwztOJcm8rKx/vAV/ItKjgUUh8GEFUQj87hY3JFaWclkVTse -gPe2uPOxlbZQ7b+GeQt9EX8svg98GVJwxzqYeIIiOcuJKuOwUxuu55LxE5l8mjXt -bKAs73v5Y/mBU8P5VamABrWDI+HCdd0Ku/IBGeQKsjZdAqKcxTt9p9NpYHiyu2cC -AwEAAaNTMFEwHQYDVR0OBBYEFHy2L5ZFBWL44NIxmD0dYC2Vf8UmMB8GA1UdIwQY -MBaAFHy2L5ZFBWL44NIxmD0dYC2Vf8UmMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI -hvcNAQELBQADggEBAHrAmym51AOPKXfq39qQ1m516SEQv/ZpAnN5HaGIXSBAne1e -sj3n4YOrvZ23UwkeiCGAOCHTzuRXk+Pd+7Ft8C9fOyrYai5R9NeygNJMtgLB3dhm -iPi6oY3XUBUjbP8VCFiRLuhTQjm65Nt9u9pAaPLrtkXKZlrwFfuIOIB1nJI6NBk8 -q94lJoo5XgMgA3RDmuq1u57nzCCUTi77BZkASTPEIQ4s+wYB4XYb12SSPN95Ns6V -863KZQRFBVqz6ZZoZ9OMZzX4paRi9MCbdIhoibhafjbF5je8wujVVqRsD4ALzwUo -Kyss990wYIZDMTes4dVQRRat/qayHbeCSC+wxu8= +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALuE20ZJaaGRLzvMaurcKaP3 +AfNEp4n/AY+YjJY4znnXsgmVNDAPA3scOrjeSxjpC/Hw2HoBf4B57Rhy9HE/9alB +RIR7kTG+y/RA5EI6gy7cG1TddP88J0eLkvikVkQhhf8s5mD2n7p7CYtYorCif+57 +yOJVv7dI0Dn0RQ592IFGPDaCIp7XNcrSjBmIahBLOKNHNUkBQ6q69EuWnFfzF9z8 +Rhhn5k+mF8DWcEOxagizWSMIDVuu590OT60GTq7qisK1X3gSb9d3ndZ9OZLNaD8R +gBnkLbpALZl/iRmFTgyfhHqNVufo+gjZhWPscqMgyW8HGDqxr6ZKjCbRHrF885cC +AwEAAaMyMDAwHQYDVR0OBBYEFCszYGV2OdFVVbUnc9BWShN6WtmgMA8GA1UdEwEB +/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAC8jiq+HfRS0fD8nPbzVTv8agIDi +fDFFWPGW3EVjQT/BCaOM2FyfLcpdP0JMsl9B55xlqc4TtOuJkQ4IR93LFcQ+jG+4 +XlnJH3bqMuEgmNfIye2vHFDTDGHflQxDPJ42uwQIYKIE0zPdqEKvobbQ+mIRM5FQ +z7J8QqIqCb9UaaMFxUzDK0m6WQ+OREuf/bIcZhXL/kUmP/eVhHMy8P+NMqWe6UHj +tCDOuzLi+9jch0EaBHwPiOdzvrQc6EcuPT5kzcdN5mwPXCJG+HkYDe5FnRHhJKm1 +wffFeAe6Givp89hMfBpZMO/4gYzaXWrN1b0QjNJmhjqJ5AFp4bM4YqKF73k= -----END CERTIFICATE----- diff --git a/test/certificates/wrong-host.pem b/test/certificates/wrong-host.pem index 028bc656a4..7fc84d88a7 100644 --- a/test/certificates/wrong-host.pem +++ b/test/certificates/wrong-host.pem @@ -1,51 +1,51 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC6zToi+QIWIW24 -xTSa6ZHUy+r71b+6DRpv92hE9/vTNwWXSFYq8LE1g88UE1aamP1B96wDk/439uDS -9nv5Y/E16fnkuktzDFnWgpPrx1V79XC0lkQGXatiX9Tq1k+CzsPkTIhN5lD7Cqv8 -DdfMdSk6i+CEx1mVP9XMfWeXHuAvv9C2OAyy7dC1vLi5Q2MWQ19cU60mWKLt5LU9 -uCB8FcKwVlzBixXS10/9uNdubLRMEav6synALiFQ6y9Nh0T3MwW0HobynDffese1 -yEhoy2TgjdvMOyoS9nrYHlNbIZlxavd2H8XR7XA2usrF/CIP6FCpICalS4oKfdYB -816+J+CdAgMBAAECggEAHzcfQWvZ+OfCJY+ywDZKu8QNsuKfpM/+vHob7vZ/muaF -ZSfd2lQZUMeDaafnn3L0Uzs3f+uRnjl/jVFKGz0juC4up5Wn+QQ12P4+CLbpJos3 -t72qhWPOuWQpOMryQ3oYywQs/NOBccnxPm/zwUNMze9E5/tGEYY2zHKiRmMO9Htv -/F8llJRVVZwDm0dn3UDTOTr3R7owfF+BoR2R8SPKe9PFP91AqPYxqsvff3iozKPw -uHHFS0EpWD1P/FnK+MjOUlpZhkWkZ5Zh2PeWYqk9mKuQOgMTUWfM/96dmzeIMlrA -dKFN2fkqgEkdUK/fPMWLzwbV9PwiZSDLICe+Wna8kQKBgQD6VakPDTYNOGWbTBwF -8j58kc0AVE1CFSyJ9hKXmdAuj0w/X2+IIygb5VD3v6zp4MCLwG64cVeQW2E7mojD -Dg2dfhjvr9Csh8EURs3lwIylf9pi7OSTEmXHv2OIKOlrSdSPn3NQBX+q/8M793/1 -BonAR8lxMOdS2IvN9WVRY4S4OQKBgQC/B3tkLhIi7y8XLZ459Nehg06qm2GAXgse -Nb9vCXqvf9WHdZ1b0hjS8h2CK+BJ1Wn9QpbfLHET8pz8fBPyfJsXC+sD9JxhJ9tU -GU6rlXitrzF4WD4Slyk3mSpO+yqN4ZQGlhqJhW+kGqIDAyV3FncDYDCeSx6O/Qqm -44WRCWeDhQKBgQDfw7QTXTbEiHXiZBzkf821IcrCEZjhifW++DNUScwZ4kNAnnke -knZmwQsn+bCBekICaadOvRmNUvFOCutWl3g6IB4AGgMIRWykSEoBpaTSxr8aEDCc -+iP6caxxaEiFe4BCRUAY9mFRI7+LGcfJ6Oc29bQtto3/ssr89e5z2uYmmQKBgCqH -wOoR88nBVMulRWgD4go8kMQdKf0JcxI7xy4yfxUZsfGhtvIdeZdlfjpgCGSH1jwj -mjF/1IErb9YqzcocAe+EoMNVr4dV91fm9oPvGFoa+jmf89nxu6R8PlYtR1ElWu6I -dsoNYki4AUAIcEvuPXsL7GchtGEDZ162oyMiY+B9AoGAaOBoT/BWxMO1eDG/wTWj -gG3151f4bb5HEBV7s0xhHdhdnTexJTrAZBLkDpWJmj7d8zlvF1CxeJe8nhHFWbr0 -Zp8Resp6crar6P0aCvJz9e1ynmFMMClgdACoEr+MflImVawGnJ82EgsMk1u+6LQb -esBeRYGyOG5ccB0gLfkEKZg= +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC4SiuBOhAIB2OX +z1dPaQ3vY6r86AAKrJbajbJcDQ0ST5+GRfpIKrABbqrlUu+hjPIKtQWrBtBcAsWG +CRYhWq335mo3ygiHefdlTxjWnAn14qU0liyK+u3j51/7nLTjgY93nYylS5rjz2jP +/HdqMKdz1fYQEbmRD7e6+6DrOzQvZZuCgqbveULJmThiTJ/qhUP58BNywPSsCXoZ +KW8LZZhu1VK6MbtACXSF6TNfORYHHs9YrXb6UFY3ENx7kSF4CXdFOeS4JzHn7G4k +Ws7Tv2T6KFqNwVD7NU6cWHsGz37IpbXDg3w3OKxP84+qrlMNkqRvDLZerzSuz++u +8RCCTmedAgMBAAECggEAEBFXbbL0Rt7uDgRj5maQcnjMJbTMnCGkHXYRQPlaVGhg +zkI3qicepWFSwR/UCM/TIp/Z2KmFbSBIvID6TvorBNwwEqEo0TcPHOQilEOSkr+q +C8W0KIHsT9ySf8uP8e4P5iv0YU0QOiCRUOEAQF/xmaXkCE6jUUR/jmv2Acxtplwd +afIGu543/a84ca+3MJVf/O/l8T0Ri5YUl2PwdL3DfrSrf4njuRuAQZtNNGgKC3mu +Fszx+L/SAEtDK0fwGdOkbiTCyX1zwz4YnXYUG2WpOnyEpJa3u/usuK09u3fm3/fL +M3JSwdWbNKFSg0X+BP9XtJ94HefCECLycJ0d+ZJEAQKBgQD0PP+/jvvc02Kmi/pH +5KjRO8kDxSnrz/fHuMqqUv3CYEqf8+EkmLG4rX1b4HtR98VBCGGWGxG1aUgu50Lz +li7q2gGVb7c/zufd5zwJcbCPc52ZPo3VFcKd/6KVi3Fqv4YGRaFs6/r8JP65tQW9 +m3TNFslRPKcGd3dpzI9y5Q/OHQKBgQDBKh4RgceyquQgtzjEblCMzb+1N1s7ucRz +I68mibY6wE9IC+AUDidgOFFfQkrIeOqOM9hu6KmVD3859xbrw8ITMY0IqdOejiMf ++/JYt18uaBZ8zU2iTiHsuJRGwrWEUN3z+8x0uBgY56PIOTKbOciveOqQWa6T1RgS +UG96XmvHgQKBgHV8JjXaLNNTp5+fs9wDZSWI0bALlpfFaVZcULjPxRtMQHli0glN +nifM5IFeoVOTkQIwaujOypzuMPfG7NDJjHYSOjLNE2QRPj3i7mFIm/rVTZkamxVG +K2DfSDERa5RC3tCDjBweA5Roo1NnfYRwlCXXcS2vtFSLARkWemZ1Qz4NAoGACLZp +nMiJxVlH6OHawaFoKLGvD/FrQApk/fyCDe7wNT4vVUST2tO4mvJvWSiYTuqFSdy0 +ymvcGkkUp/ypIAE4Y708a0Ods+0dUHgAulerB2DSgtaPxd5YUWER7w8hONKc8EBP +PISBMb5g+Mr7qVy13JRLoC8rXKej6k+Od6qCmgECgYAZbJiGLpFFYMr0m3mxE/9e +lKUBYB94hrFqRy/+du/DNDJd4IxN75tnzXbfCKXK5Fp53dSG6ko2rb5/6cafxRB7 +uqa7z96VxzA9FPIGOV2sHu/3KMMmeIUor8Svy3MI+hTuNAbJMjVzm2J9OEBBsOT0 +S5pn4mtICgedhH0fkpCjEw== -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID5zCCAs+gAwIBAgIUbEVC5hWQQpWYIXOynGd8Ku7ioaQwDQYJKoZIhvcNAQEL +MIID5zCCAs+gAwIBAgIUCbg8cGKRX0dJSw6VBWVTBPoft54wDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTg1MjM1WhcN -NDYwNTMwMTg1MjM1WjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTk0OTMyWhcN +NDYwNTMwMTk0OTMyWjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV BAsMB0RyaXZlcnMxHjAcBgNVBAMMFXdyb25naG9zdC5leGFtcGxlLmNvbTCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALrNOiL5AhYhbbjFNJrpkdTL6vvV -v7oNGm/3aET3+9M3BZdIVirwsTWDzxQTVpqY/UH3rAOT/jf24NL2e/lj8TXp+eS6 -S3MMWdaCk+vHVXv1cLSWRAZdq2Jf1OrWT4LOw+RMiE3mUPsKq/wN18x1KTqL4ITH -WZU/1cx9Z5ce4C+/0LY4DLLt0LW8uLlDYxZDX1xTrSZYou3ktT24IHwVwrBWXMGL -FdLXT/24125stEwRq/qzKcAuIVDrL02HRPczBbQehvKcN996x7XISGjLZOCN28w7 -KhL2etgeU1shmXFq93YfxdHtcDa6ysX8Ig/oUKkgJqVLigp91gHzXr4n4J0CAwEA -AaNkMGIwHQYDVR0OBBYEFKvLZ/h0emSijTtXoVcPBibT/IQOMB8GA1UdIwQYMBaA -FA+r8H4sLl9BSYmez+zQ/3AVgq5dMCAGA1UdEQQZMBeCFXdyb25naG9zdC5leGFt -cGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAmz0paStjdFmdOOZMFykfwYY4BwOA -dfO5Lnqqoq3TH9mCoca9kNH4bQBhIzPW9aDnaKf2UuABFTcmxR0FL+Vg04+15sYu -hln/wcTDnFe8MZQGB34zaXIYD5L2NJYXuuHqiodC+Ggh20TGGMSXZpfJotJJF8PD -P5B8eQUdH7lR8UTPkxZQfze9u/uyLZkJoQEbLUwM+vw2eecfqOl5jqnTyUhpq8fY -QFmSboi7UZt8ZNdhzEKqaKloDqfo4Ba2hUZDW2Q6eAs8SgNeAZj2Q9LyEkIRoMLX -/g1tY5+oTuwbtVi55+MC5336sA2AmaTyf9dvgyYB1yIzA+KMJiSGc0rKLg== +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALhKK4E6EAgHY5fPV09pDe9jqvzo +AAqsltqNslwNDRJPn4ZF+kgqsAFuquVS76GM8gq1BasG0FwCxYYJFiFarffmajfK +CId592VPGNacCfXipTSWLIr67ePnX/uctOOBj3edjKVLmuPPaM/8d2owp3PV9hAR +uZEPt7r7oOs7NC9lm4KCpu95QsmZOGJMn+qFQ/nwE3LA9KwJehkpbwtlmG7VUrox +u0AJdIXpM185Fgcez1itdvpQVjcQ3HuRIXgJd0U55LgnMefsbiRaztO/ZPooWo3B +UPs1TpxYewbPfsiltcODfDc4rE/zj6quUw2SpG8Mtl6vNK7P767xEIJOZ50CAwEA +AaNkMGIwHQYDVR0OBBYEFN4vEIPI1Z1GFl1EdUv89wb116ybMB8GA1UdIwQYMBaA +FMtZaaZbjHw6O5vfyZtBE20tgGMhMCAGA1UdEQQZMBeCFXdyb25naG9zdC5leGFt +cGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAvMUw0MehwLo7xC8gc1qmhpSQ6Cm1 +KPc6oA1OivbP3FeDNjODoy7E5IFkw976lP24Q3v/O6F3TURZw+Q3LrqtL7MmwtrE +nOppNeS8mYfKy07k0DJcEak+zBczUSCjtVsmN5Azv9L8CLvMe2apYT5JTaMt2wJZ +gbfPQEy1dtsi3ZMPoyQ+4aNiGz5koWb162BZSaeszeshfgU7afrjg0ugPe+X9HRq +dKYHdEHtuwZb9wln7bwckp8B4ciNGOUMuHOlZWUdDAP9ffoV7GF0Y7c3MZC7KgVr +YUq3mLsGaIjjBG4Poz6/tIjhFWl4vNe5RjX9I/+qgY1+Zz2u0vFeNzAAlw== -----END CERTIFICATE----- From 3e6063c7d70fbfc1cee3ab7be8e61ae2b9092432 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Thu, 4 Jun 2026 20:10:40 -0500 Subject: [PATCH 09/12] PYTHON-5040 Fix CA keyUsage and remove issuer from leaf cert AKI Two macOS/Python 3.13 issues with the regenerated certs: 1. CSSMERR_TP_CERT_SUSPENDED on macOS SSL replica sets: the issuer component in leaf cert AKI (authorityKeyIdentifier=keyid,issuer) triggers macOS Secure Transport to do an online revocation lookup for the CA. With no OCSP/CRL URL present, this fails with CERT_SUSPENDED. Fix: use authorityKeyIdentifier=keyid (no issuer) on leaf certs. 2. "CA cert does not include key usage extension" on Python 3.13 macOS: the CA cert was missing a keyUsage extension. Fix: add keyUsage=critical,keyCertSign,cRLSign to the CA and trusted-CA certs. --- test/certificates/ca.pem | 33 ++--- test/certificates/client.pem | 86 ++++++------- test/certificates/crl.pem | 16 +-- test/certificates/expired.pem | 82 ++++++------ test/certificates/gen-certs.sh | 6 +- test/certificates/password_protected.pem | 90 ++++++------- test/certificates/server.pem | 156 +++++++++++------------ test/certificates/trusted-ca.pem | 33 ++--- test/certificates/wrong-host.pem | 86 ++++++------- 9 files changed, 296 insertions(+), 292 deletions(-) diff --git a/test/certificates/ca.pem b/test/certificates/ca.pem index 978edcddea..7037fe33ea 100644 --- a/test/certificates/ca.pem +++ b/test/certificates/ca.pem @@ -1,22 +1,23 @@ -----BEGIN CERTIFICATE----- -MIIDsjCCApqgAwIBAgIULKg2PII+nqQgPEEysgWStNhMZ+UwDQYJKoZIhvcNAQEL +MIIDwjCCAqqgAwIBAgIUCIworzyq+MZP6PgMwJUvbXynSh4wDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTk0OTMyWhcN -NDYwNTMwMTk0OTMyWjB5MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA1MDEwOTI2WhcN +NDYwNTMxMDEwOTI2WjB5MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV BAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMgVGVzdGluZyBDQTCCASIwDQYJ -KoZIhvcNAQEBBQADggEPADCCAQoCggEBANRxGUwLE/UuYqbxZpRXtywLyHiRezn2 -uXatT/PcKtICvHMFINe4Co1414lnL2qrhGCxANpeIobzE0w3WSKgHweTISV8+RZp -H2x3EYBd15MbdDdYDhBYUuGIH5N2C3gDYbkcZBY2cK4RB/cruuZLHf1WSVFFUvK1 -V6hWs4w87c1H+QxU5RKvX7T0VNH1PmGp5xSbxwjkdVLb0o9YVN4nTE2FAGvuUp+n -zUrZjGMDEjFYELeFVpQGTgXgvw31EzeOMZvXAo4mWzH1V6z0hdZg0RDbAxT5CcAg -157qSLbQi9BC0/O6kcflqgYOWwrkqOsNs3ryx/8lbxtZtCtRC15ynu0CAwEAAaMy -MDAwHQYDVR0OBBYEFMtZaaZbjHw6O5vfyZtBE20tgGMhMA8GA1UdEwEB/wQFMAMB -Af8wDQYJKoZIhvcNAQELBQADggEBAFRTyRmtpoVEst3l2TeovA4BeCv7zdaI3EbS -vOwCqNdJ84biNlTjtRWrrIdFZOAHnseEvkxXxBewzuFL1tXiGFkwr43vXyf/MIVj -inzIK2mViPM8vIhOCQSpStgvUaTrvxK659VoLC85SzcCDhUzT0MqXeYjw4sHsTvj -f6GLg2oLuPCcxkfbk+cGIkL/3Dc7Aaq1mqhlXmqueGtIgNf+TgqOyeUfBQ9EEuQX -IZyQZ4PlMPWZ54YBa97fmW2+5EhY1WQ7SJ8abpjA2tkCvPcjaubUCjsASb1OusQS -UPwefW3YA87ivSK5Z/D9HVzvNQcPkr9a2ennS94t69hgDdo65sc= +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMsrDsoEdGpjI2a0tZeg477dzEn2jJR7 ++ejm3NjhAndXi9SA59NhY/5xeKCP78YY5lEf6GXxf7H31AOryq2d3/E2cj6fNMvO +e9eVWPN1X7l902qkuopTd35XgpnD8728+m7qpyVDCtL5hlsdhf2g6ucMri5r2cAp +VWlQ5AsZUKtd/kNHZcR0pD7mwsau9rlOkuHvO8yojQ1ImNT5I8EH+Z71nsjNyybK +6rR3M6KOB9m6vxQD0i18vTONNBLMYuFRmzZuk4s5uUNTlN7o4CBejM+tVABrVTc1 +DumqwMu6gOTg6xjbdWSe/l/YuZYTC/qYYyf2RjLHHm/T/GKXUU80DocCAwEAAaNC +MEAwHQYDVR0OBBYEFBVUg7McKdezoLQJTeiDCxobmW5FMA8GA1UdEwEB/wQFMAMB +Af8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQBF9sb1RAXqYlbx +qZy4elELn1l+yIZTbO1+VDmg1gZflMtkge/wpBNk6yVXXog6XsZ8bdigNtDyPsC/ +30cy+M78AITUiGMnrQU9vfjAfNVRHOBXcQdh2rdDYI0B1ypVpzbyX6qZhg0SiM1S +xYNKSFYZ+4RghyPpP+cMqt43lnpBXUPU+/Y03Kk81e3bj03zy13YDHJAYEipU2i4 +INlZKQ0OcRJC3dWON8QsYiV0fbPKFwaaLvBceNf3JqquHufe3/UPhuN5WcMErOoV +Ys+1hKorovgnrXqm0Aon6lwJrf39C7t0+B+MoD2St8S64QT3dM31cG/7O1IXKQWy +TY31cOt+ -----END CERTIFICATE----- diff --git a/test/certificates/client.pem b/test/certificates/client.pem index 0dd0fb129d..4f74ebd0a9 100644 --- a/test/certificates/client.pem +++ b/test/certificates/client.pem @@ -1,51 +1,51 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDtXBFcwtyqmqPK -+mBDuOxyURSuPSsVn+W2gHij2y145ArA821ivyCXKee/J98mElNXmGAAVpcnSksJ -FvFYz/SH8aHUB9JqczP05dHgCE5EQ6g6D5PF5oiaqac/2VHGqqEs/HRGyNhnROHk -ve0uHVHZUN3UGhTpzAHDRWN7/w5MWXNqRYETaZyI50osBJ+PSkAsgOl4PF1sqXWd -fKLpFkE1V/1Qa0ZsIp8YtXDF9EZp1P1NqoAAsijXIHI5mZefIn9osKeeIluf8/qS -caJRlQ54og/CmRqKK37RLrIV5droBav1OoDE2ANdq7PMVW+CGpUOB00LpNJ5hwrO -ZmCPccV5AgMBAAECggEAAlVUnV0UBsBQ6mKmNhw4BNKruZ/Dz+lbvHzMUs4JhyX0 -vhtWgLFAzIOesdgePzVQaOzIStCPGVWHYc4+LqGStZBoRxmRlbbOtLJaqxFh1ZV1 -rqZvDTO8NYsD6CKGhYWxYmwT54s7Z157uwAr9/dVUeXT3G0qNfcpsEX7GaGy/gih -OudyrWWE23l4EvLr05y/XxdpB7EVTg7XoHqU7auknSuAkqrfNU8w7ylqh8cJZwcM -hDdKeh6NfUc85ONpMU7FTeFlaPcN7Kjvz+hNgX+aGgty3vPzhwn4g5r+eweDFtS0 -JqfoFcj882YEP4EdQG2EU0BZ8s67I/HFN4WBhIZCJQKBgQD9W/+OfyMaGXMF4MEW -X+BxMg3g2cJQR/TG7FLly0boWEgoyUUk7ChPvuYTvfJNUXNEfkc7i4FF7eNNzTnp -VTKfEtxLf/4FsxAexxdJMe61mMnx/FBMYn6VyueNPT9rS1lwOYITclaQPHaDtSYI -wLvuEHktE4X9ViRn+gfsUTFnJQKBgQDv1WE72tQRY4DDrk7ZvKVR351nWWPmWDR1 -veUhpeC3zs9cdRdHeajz6rUpGUQpWV6f+BgwU80BkzgbVU4Qv18xPNDEevCfjPuD -PqQxRI/B0Z5VcbeT2JnqSSF1szOmnA9IZ8FFm/0I4XG6KlAuaaUVWaw+s5qILdn6 -oTgxRpXuxQKBgCvjuQSdX55Q1E0rXyeaGk5hpmfSMUgo/u1K2R13tmPfjziJjVHV -GzKdVkwLNqNQPdCas4pMI2vSxvKeX67dFHTcFo95r66bE2rRgGYsoTaSLkGePObO -lTErwisEdi0HE4pOXAs0XmyEHN+6DMmtYaDe967oV+jH+GyOsrqsYguFAoGAP4HX -T4wwn7IjhK2Bf7KubDG0cot/Ip20toDkTbao/MMssaTn1ytmC8DY29su62wY3G9L -qHBoVsRvFP3PwCuMv3MFLSII2Zbxet15iPpIvuAM9z83h1TR3PIkhBBB2xp0CY4/ -5Xja1iEshklyFfgvmKm4LJpOj0Tk9bL/OD0isqkCgYEA9+jDUU5U2v1gqk6OWiub -HBIpTUP2TL971gVlQrFe/mk+4+GX1vgeHe6xgIQedvombnK7FwyphWWp7+F2C1Ub -7uQN4RtFSft8kow9oF4qgdrWUmu8twi06a+uiKwhhNUSXGkprItR59XIXzQpoYK5 -446o5J4yiqZy/zk+ccgN0aE= +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDBIuoc7BJXkj43 +Ogw4/lOj6l7qJ13wnQKNHLdCuKntuZD8mQ0T7xOKqiRbs4xy2d9zS9bGNfMrT70q +RRRdIrSOTBOGMtUTWtw2WBHOkPF1OlG4aIlLmiM3/W5gQfKxdUvA8UZOjCLtdOuf +Llcdk6sccWhtA4W4glXi46EDGT4tp7htgT076Qa2lfKc1CVgV3LaUIcW8JpHD0+y +U2gSWr8/oE9222fu2MVDyQqR/7WFRBBHR5KJSvx4tJ753Pu19o+T7U5ieLegR1P+ +rI3m0ktJoatomfDdc7R0XcbgqIS/cTjI/7QuRrD7RuHn5I3/0Ml+OwKzElpTlVT6 +LOURN0iBAgMBAAECggEACF3p+LoI4uKO369b9XGeH7sg5MGzFgAFSuXwMfukP+xS +scCzInaQWQjdJZxaBKU34wupaKGQcONF0YGX29+LpSD6VQ1ZcfrVEKUg01sv3Klb +vjKIJR5usWehGxosSIAJebiyGCfFwRX4OaeFJl698k/e618UUU2TKS69jE/xA8L9 +n4lzDyepPf2hA99KG0Es3Ie+lSl9M76Ssg9XY5+7n7W+VBVr5MebDtOEu26XYIIc +FJ0jxVId+xPGvhDcfKvFCcJrtIji38FZBdHbIIrjioFL631iqrRwQTRMUkMY8d44 +POSavdt17zgA3OkBwg7IHa4j6lMRg+D4YYgrmgTGuQKBgQDu4Q0R139ou+n6ZsWt +XeiX5ngCg7+Snq3X+1zNGsUW43DbgLwnMApsoyV0WWccfApMtQCXTgPX68VIg8RF +SbFA/L4S9cM11Ev+GfMXwu/JDnHmOjBj9stFnQMlGxuhvXF6YlK+Ptrt4HOTkrGQ +01eb8NtVqUAZe+3YTW212wikaQKBgQDO+pOygwQnIm+8hPjAV+MyN5v1nvxiOOs0 +o8mx1tqJEMKPQ6fk7JycPNDBilDojkgr8afjpQ5JbFl+Zc/OdhNyiuzfB0LU/5g3 +ExIf5Eq8cdIl7dARu9onQcsXqWcK18kGPnmB4WGo07XkcuYgqRgVoI554dJboJLk +1KRNWEEgWQKBgCOj7EFHN7k2oDg98SxmoHdZaXpmkcScbC+XT0dCwTkjAgmd8XSf +VE7VIJd1Z072qsq7DrWEbEpg4PRqxHPaBNo/W1SU2mVDoXruADkBWqlSwGerMuEX +R0jBnmCA5OSC0VWDKfk8g4mOPXA9KMUE40Ne8jqbn/ataNUm6EGDxoxRAoGBAKDF +bthogF9NlnFe8EGngujM3S3q8qvw/nIDD3Y+J73z8MyLhuyBBh0t+BF9uN8LNfA8 +Y2amHPTXXqSZvNLoUK7WTqvm3fjJGJkfDSMMlyjNWKjxkn9T5V488t5MTafUeWeK +O6OxR8R1voHW5f5UmkqiTklKKbXWgoOQ0JbriJrxAoGALor5MAuJbfaC/ZcW4FVU +gHZJ5I7pvP7+DI/D5Rq3XWhRLTgMERUAzpKQt2fd23g8LDjeTc8TLnrkLC9PpZ10 +fHZQ/a4QolZ9Pq5T9h9HjiCesyLowbfITwfShbTQWR92rvVVh/elSWehy5ANsc87 +pIpaN+cWsG9/np9Z9kWwoBU= -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID1DCCArygAwIBAgIUCbg8cGKRX0dJSw6VBWVTBPoft50wDQYJKoZIhvcNAQEL +MIID1DCCArygAwIBAgIUJMLeJCsPMuRPkCXuMs52RwfFbAAwDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTk0OTMyWhcN -NDYwNTMwMTk0OTMyWjBpMQ8wDQYDVQQDDAZjbGllbnQxEDAOBgNVBAsMB0RyaXZl +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA1MDEwOTI2WhcN +NDYwNTMxMDEwOTI2WjBpMQ8wDQYDVQQDDAZjbGllbnQxEDAOBgNVBAsMB0RyaXZl cnMxDDAKBgNVBAoMA01EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UE CAwITmV3IFlvcmsxCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEA7VwRXMLcqpqjyvpgQ7jsclEUrj0rFZ/ltoB4o9steOQKwPNtYr8g -lynnvyffJhJTV5hgAFaXJ0pLCRbxWM/0h/Gh1AfSanMz9OXR4AhOREOoOg+TxeaI -mqmnP9lRxqqhLPx0RsjYZ0Th5L3tLh1R2VDd1BoU6cwBw0Vje/8OTFlzakWBE2mc -iOdKLASfj0pALIDpeDxdbKl1nXyi6RZBNVf9UGtGbCKfGLVwxfRGadT9TaqAALIo -1yByOZmXnyJ/aLCnniJbn/P6knGiUZUOeKIPwpkaiit+0S6yFeXa6AWr9TqAxNgD -XauzzFVvghqVDgdNC6TSeYcKzmZgj3HFeQIDAQABo2QwYjAdBgNVHQ4EFgQUbgzD -I93lHfaMivTtylShgIGRCAcwHwYDVR0jBBgwFoAUy1lppluMfDo7m9/Jm0ETbS2A -YyEwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB -CwUAA4IBAQBNoP5tmkVAQT8+z6TugYjXn5cIGON8Lxpavku39iEr9lWtpfr8Wc30 -uYNzItqJ76sSRruuYVC7TNEldOl33OsW2qaLvjhH9FaGEq+tZszhN3bepAXCbIB8 -mc3jHZw1nUnMf1I26HW5U3HF/qu2sPWbGW4sj4NcTTJ9sJb+KlBRAcowAgLFo4yg -l5zAs1MFoiGa4slk920pU31eEt3zg+14wsxaUrpqTnOm/nZHJJPI0tp7IQsjRI3q -9FCycrgr+w3FnM5dgfggl0O9CBIg10cefRAIBzGE3esmUCjSOvYrvNVlV/yXnv5J -yUoJ6hJYPyB1GbcBwOpUCjnx5noUIKBv +MIIBCgKCAQEAwSLqHOwSV5I+NzoMOP5To+pe6idd8J0CjRy3Qrip7bmQ/JkNE+8T +iqokW7OMctnfc0vWxjXzK0+9KkUUXSK0jkwThjLVE1rcNlgRzpDxdTpRuGiJS5oj +N/1uYEHysXVLwPFGTowi7XTrny5XHZOrHHFobQOFuIJV4uOhAxk+Lae4bYE9O+kG +tpXynNQlYFdy2lCHFvCaRw9PslNoElq/P6BPdttn7tjFQ8kKkf+1hUQQR0eSiUr8 +eLSe+dz7tfaPk+1OYni3oEdT/qyN5tJLSaGraJnw3XO0dF3G4KiEv3E4yP+0Lkaw ++0bh5+SN/9DJfjsCsxJaU5VU+izlETdIgQIDAQABo2QwYjAdBgNVHQ4EFgQUcICQ +1PTXz/qx3lrQtE2Op0GknT0wHwYDVR0jBBgwFoAUFVSDsxwp17OgtAlN6IMLGhuZ +bkUwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB +CwUAA4IBAQAyFLdTJL3uJlIg4gsQLE7YOR8flyngDYneYhiqwM8VQzXFCGGi7VqC +o2H3SFMnZUm91qupDsa2qaQFULsRgCUm1ArvxVtedkQBlsPylRY5K2/UW/Flz/2C +0Ye8kQMTkCseNPKolwGf5TRSWg9fBNXEYHrtuEW83A0a2/cL3MjehGzblh9BF6Iz +HQvpxM1TcMCrrS96Me3UT6ENxCIzNprFjn58pDGGuOKJd+BXrqXSnXKSJULlEoWv +32/FDsUDe5uI27gu+GvSNZAOddhwXv5OwHNFBgtY/8X9jStUuzhrwLzv6U0V/6Y6 +qtrgSbev2AluiMko8NpevdP2NsOUMxyS -----END CERTIFICATE----- diff --git a/test/certificates/crl.pem b/test/certificates/crl.pem index 58e2eef08c..b729c6473f 100644 --- a/test/certificates/crl.pem +++ b/test/certificates/crl.pem @@ -2,12 +2,12 @@ MIIB6DCB0QIBATANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzERMA8GA1UE CAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01v bmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMgVGVzdGlu -ZyBDQRcNMjYwNjA0MTk0OTMyWhcNNDYwNTMwMTk0OTMyWjAUMBICAQEXDTI2MDYw -NDE5NDkzMlqgDjAMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQCknpas -Y9CVnP8wAYp/zViQQizwRRD5JtqMCDj8QJTfZ6nTOaRHY3581ulnK8ux/jGeo1WO -QfT1UyS9/CB8PZ4SDpSF1oiKaz3OkEivDeHWvUDYjukHkn1L5Kc/RYEje7/VRRlr -Rouz736sCz+G2BQZSwMpyxEPlozZG4Me4UufCcnkpI0cYRDwKgyUxeP+6xmtWCAK -QG/KzlNgjZPr2jwqlyVxBBtyYweIsJVSEveQQRkjdJYdeyER+vZmCHQSu98VHk0I -SkbaN1CCi56/8uWy8PuZU3FkLweO0gp3XAwh7TXiqVt1SH2gefjyzvyYnsts5Buu -9XP8u5uRAafgdK+k +ZyBDQRcNMjYwNjA1MDEwOTI2WhcNNDYwNTMxMDEwOTI2WjAUMBICAQEXDTI2MDYw +NTAxMDkyNlqgDjAMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQCkIvPE +1NaTmcm9wzkeQNuOxcAvT9tHiblThgGiamzMpvncf4e1kCxU6sbqBFp/7E1CmCi2 ++YRLvMQvAnM6QWuslUjHqLDdaEtpUF/E0KKknF/cLLxLN3FeFe41erlgdJa5AjSP +MynUzW28Yc2us6qNYeOnJqL/oEp09upHTDw/V1OcLFxBngzx3KZAvjsUkUCSRa83 +T5R8wM2ALG+ZOkT40gWh/N222vSIYNzfq8hsumG2ZYYEXs268BjclLvQOe8MCMun +NmO1F++wVpbPbKUS89xkewYRLK7L+AjUhINKXJTTtaepSFSA2IVGOmtXD3Z8VeWC +yaGBDaTeyljKqfhl -----END X509 CRL----- diff --git a/test/certificates/expired.pem b/test/certificates/expired.pem index bee2a1a3a7..bdf17a738d 100644 --- a/test/certificates/expired.pem +++ b/test/certificates/expired.pem @@ -1,51 +1,51 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDaBkqdhO2NgX3L -rEVBEA83eTZVqxvJ58NWPMMRjjunUcxVl87gH0Y6idTQPabkgtcm7EqoTp+RHf7S -TQanflcrmpQfjkUo/eE1lQkLWBktIB/ZPk3g5fAGveEaHyJ46P7bmPYRKCRuzyIH -8WtEylVwzkL4fBigG1Ecf5OuHccnarcAWFgEdt34FVeuUkq8WsiaDrZU955yQ2LG -zZOY1OPaLR1G/ZYCLAPgjzjjW6ssgrmBjB8c282glw2f6Wz7V0VU8SWS8LRVwd/O -HDM6NGoGzmSAWNzPjPGwlfhrDkMvm6VfTN83XaWqiezER8a5KqvQ2/+eIojVB8Gs -odmX0pw/AgMBAAECggEAA3OVC9BWaGaT5L0J7aFA9GpdU1bdnkEmhP96QRVk2V3A -o9w+4KpuFLAo59EKCtUNbebQucBg4027wn2IrO8hlyWf0a4RZzg5r/z3gy/2WhIH -nwtO9U/+kETCQwUaKRrbKgPOZXAiv4RU8BZA0fp4BsylH8TrKOG104Mrhdaf1/5f -gUxJohXHk7wNYzUxpl/uOChVom+HkwNAmWGCcr5o9g2Wk5KzWLlNc3hx2TBfldQk -y6pZI1foO9HcVzLAL6uaNUVQSNPfUO9F7USoxLjn1EmJtG/+DMo+hEevQXI/uWkU -IKGhIeS34UpUmcKajCdwPMobgdbCZDPaNy7n0Ys4PQKBgQD3egpKImN3vnXnQT/I -P0KJXISCgX/amhbGbCbEo4piWu9rrUQQUSNhS1j9sYNMCbFY5ALwJbRsNALT58HE -WitSmwUhFzXqiIPryH6uULdWqdv8hkOmxCG6y9yVbPL2ca5tSzKloxDXZS1JOKYH -yHYngaxbnp/o6hTnVJiOuaDuIwKBgQDhiJOnZCIKboSjEYJSO5BEJ1G/qjh40qpM -/filsFw4l6giE8vNJLilWmNuPQR4v3IaN1jemh56iU0/AobO5RRKWk1Ydz/fcJEE -izUi2/93/P6+1oCsKq7e7BOv8gPRFROzxTQRei6DAs/F8bwSZofCT1kFWl7ptFt+ -a/4wO1TlNQKBgF1gVvGR+CX+X05aeE5+UAS0O+tiIXPCIEXOGPKpIlXqKdxfDAd8 -FfVoELPofrn6DkiT/+fM0j7hgQ+jqqEDxMTuaQkLUPSlfeFBTUtIeWThwneN0Yjj -CDcLJLfc2+/RBReIABwvYvNi4at3DG5zXOGbNAV93KhtamW+rbFsqSQxAoGBAIy5 -yNAw9eCmd1K88SFYkztDgYnjr9sMMEFcU5MnSVPypXGmAovdtu1OSi6WGj0x0AO1 -t1kmt4/kLnP7opxkalW+pPZnak6EkahRKHW46l43WclAVQeYlob4rYwiqekDisio -a0XghDcxQO4VWTHuEhXXpwdlDUYsSM7ImdIEo4NlAoGAVoWkYct7h2eN/1wPu7/4 -2ahtxY3MuYwgjwJjytuZu2xdcfckCVQpE84YHoUw9Ui3W9oKqPi9vyCMW7YI940s -07SOFharlJtysSZr8fzJ0sQ8Ub0UtScFcYMsRgrijwk8NadtDuzwOrL1UU33JYox -mn7V5iAY2l8wehayhwWihAA= +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCshzk1c7wW26bs +o/GTWWN2nU+8w7lZClTibEY6/78DW0y0YU6+KPD41GxA4zIemxYY24JwqdnC9keH +JdWSL4YFgidVJUw12Tf+23oRN8+f//c9sb3Bmd6sZfbzYfrEiPdkHrGebcvdSK+O +wSOHZukiDwTz97w+98LD+Wd3p+Vde/jB/KNmcWlNl1Qkq7B3WaeoPNr078LNTuqO +MrGzqVo1bpodXkCvJruxdCNnhARbbHYLVwIaYuC6lqJvJL3u8xD2UebcvTbPos6I +Fjphgaf/FT7EWQflEkrqjvtViOqgfGPd6grrKFbTExOQPyonwe1iHA2rFr5IIicq +bdBpV1UtAgMBAAECggEADN8r1/6R/lyV6BrVJ6qoHo3fCJTLq8Z3DcuJM9an0B7M +KrsFzm8sh0wF5ZNtxlXIwMMDyNcLPZ31OTKL7BOqmpeayqH1PSE/Kb8DLOyui1/j ++NDdeOe7cr5Kvd7GAEq9tlUJ6GmFp7VID8z+ExiM9TMMqg0GGOaQO+HMI+O9W4uI +aDIQ1uaaqaZldHMut8m3hW7RDaqElV717RXHnZEpmZXdoRHPvtsYqPN3f5MKNDU1 +67AuVQCcdDys+8k9iUu3H4DCW4mrxP3PaXm6vuRxqgiNzmUva/pt12UuoDPqj729 +Gn1fRrXZQgbNpGK0WFengf01zFYt5SXVAZleg32rAQKBgQDSLkzT2QThzpbcu7fa +BsfFTDVBf63XycWh+C94g9hQ9OZjDL90X3pUjF/MuPTKcEuBZax4jws7GjOKPL95 +FwZG67TPmIunCUtvxuuj6rtvTjEz8ezYEsfOaU9prv7dPfxRcGOgSWkIXUX8z6H2 +Z2W3uVZSoSGPsH/n2oPX2MjlrQKBgQDSI54qIcfc50ST2RFpHqJpsdn4kMsouPOG +1g+LALTwFN46ABQdJE3K9g5fXvmF0sLPlWdqGCIxUrwXDAhEDmOrlZoJCS+Hn+7l +iG4XNCPVPWfixX2oUA99RfPiu0U9wSVsfwovdsghXG5QTyNa6XyZrhNBpYMIClYV ++tcXH1MdgQKBgQDJWT+SZ0GtDJsrxM1hGcPBN7uBDs68fXhOLRNU8YGGNMaMtwam +dl0bqAqSddFUKfW7dWqfZ/GLYhNj58RKPYtu35kskueeUmIpJ7hQJKwA+jhamfWa +HYu6Ktq/1LwluJ8CaZeXUxxCvhAxG7v98JnaQrv2lpQvMhemRoite+khVQKBgAcQ +UXHDHu/LCmAZ7N7mu7jn1JbpbxrYVL9UlMMsa+iiGvJCLGrqXH8VFFiaXbLk6c2G +jSpg001rJY10xxZakXkkF0B0gZeChcpLcr/u7cFuRf62esncnxir8E3P070GsBZc +kuATkxij/cVPU7XroVedJWKQiL4NcuVcQDyzvdyBAoGAUkPi724pAnlTST6mYMXb +Io82iSHeRwkuisSRDWfmrO3pGe6SkBwDwDyCxoS7fGj3JqsF5NtyRgmgZaLTu42H +oTXrhhMjOzXjBAoG7FtdEs3Wxwyjkf/q6850ZVhVYpdrSzYPaPN/52MoI71qIjHA +2GuEDub85LdRKAMc3fhmxXE= -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID5zCCAs+gAwIBAgIUCbg8cGKRX0dJSw6VBWVTBPoft58wDQYJKoZIhvcNAQEL +MIID5zCCAs+gAwIBAgIUJMLeJCsPMuRPkCXuMs52RwfFbAIwDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMDAwMTAxMDAwMDAwWhcN MDEwMTAxMDAwMDAwWjBwMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV BAsMB0RyaXZlcnMxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBANoGSp2E7Y2BfcusRUEQDzd5NlWrG8nnw1Y8wxGOO6dR -zFWXzuAfRjqJ1NA9puSC1ybsSqhOn5Ed/tJNBqd+VyualB+ORSj94TWVCQtYGS0g -H9k+TeDl8Aa94RofInjo/tuY9hEoJG7PIgfxa0TKVXDOQvh8GKAbURx/k64dxydq -twBYWAR23fgVV65SSrxayJoOtlT3nnJDYsbNk5jU49otHUb9lgIsA+CPOONbqyyC -uYGMHxzbzaCXDZ/pbPtXRVTxJZLwtFXB384cMzo0agbOZIBY3M+M8bCV+GsOQy+b -pV9M3zddpaqJ7MRHxrkqq9Db/54iiNUHwayh2ZfSnD8CAwEAAaNwMG4wHQYDVR0O -BBYEFLdAeJ64HzEM3Rb33XIvJhEAKMxfMB8GA1UdIwQYMBaAFMtZaaZbjHw6O5vf -yZtBE20tgGMhMCwGA1UdEQQlMCOCCWxvY2FsaG9zdIcEfwAAAYcQAAAAAAAAAAAA -AAAAAAAAATANBgkqhkiG9w0BAQsFAAOCAQEAQJhjzibpwtZOjNEA8XnEdlQWUEmz -BkkTxNOQkWeClcE/sokv2mIjfp7Yx340wJ7O/CbBNcDUxGksk763HQdTUMIt52Lz -QDjie+TjZYFzmfwFMyGlxHKp9PMoVbxbJN5yVLm4e0Rb7fh5qjap/8mofJCC5Tar -OXz9+vYnVCpAFQmnblptqDp20RqSChMZMWHuLIWDQs5NZszopj6Nr3nFtAQwC6r4 -bVIz/8ulUcOCi+pl1ffO06Pzcda3nyGu1b4j2iG+yKyyViaRuzjCEFEU3WO8YA4Q -sMmKN3HahbyTxcVUaFygPEy+F8erqRWcGoEd0ghNLoFKtI42jZXYATOmJQ== +BQADggEPADCCAQoCggEBAKyHOTVzvBbbpuyj8ZNZY3adT7zDuVkKVOJsRjr/vwNb +TLRhTr4o8PjUbEDjMh6bFhjbgnCp2cL2R4cl1ZIvhgWCJ1UlTDXZN/7behE3z5// +9z2xvcGZ3qxl9vNh+sSI92QesZ5ty91Ir47BI4dm6SIPBPP3vD73wsP5Z3en5V17 ++MH8o2ZxaU2XVCSrsHdZp6g82vTvws1O6o4ysbOpWjVumh1eQK8mu7F0I2eEBFts +dgtXAhpi4LqWom8kve7zEPZR5ty9Ns+izogWOmGBp/8VPsRZB+USSuqO+1WI6qB8 +Y93qCusoVtMTE5A/KifB7WIcDasWvkgiJypt0GlXVS0CAwEAAaNwMG4wHQYDVR0O +BBYEFIQZ8b2OANToGnZdHc4Vq1arH/VKMB8GA1UdIwQYMBaAFBVUg7McKdezoLQJ +TeiDCxobmW5FMCwGA1UdEQQlMCOCCWxvY2FsaG9zdIcEfwAAAYcQAAAAAAAAAAAA +AAAAAAAAATANBgkqhkiG9w0BAQsFAAOCAQEAWNhUCwXlWImKzbQqEZNwhptUHcm7 +LK/jWbOyo2mFoQyGim6ofMSbb4AMvtVgn9OJYwOajfc5GjrYZ3g9UkCq7hOpOn2A +OmaOL4mLadD6pFpuHvgindAUHZuqh3UFMDP4ekoFS8DhlvZg+GJZkRiaJ1Xo5quM +6sYCoL8VoYT3/ExRQWPocwkQibIBu67N4oMiOZUZ+jDSsPo7XmfFPZeVhAJ0Uxbe +wfgqBnGSwi+87oLUOuUAVeNtF1R7NB2q0xPUbymIL8Pi5R56Yt/fYWe1QP7TuecN +ccfEIaSEUKPoqYiLOseuzASNlpIJV8s+IjNHH1EVTab3+UQDSRmQSr86yQ== -----END CERTIFICATE----- diff --git a/test/certificates/gen-certs.sh b/test/certificates/gen-certs.sh index eb032c7e83..7898bacd93 100755 --- a/test/certificates/gen-certs.sh +++ b/test/certificates/gen-certs.sh @@ -23,15 +23,16 @@ cat > "$TMPDIR/ext.cnf" << 'EOF' [ v3_ca ] subjectKeyIdentifier = hash basicConstraints = critical, CA:TRUE +keyUsage = critical, keyCertSign, cRLSign [ v3_server ] subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid,issuer +authorityKeyIdentifier = keyid subjectAltName = DNS:localhost, IP:127.0.0.1, IP:::1 [ v3_client ] subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid,issuer +authorityKeyIdentifier = keyid keyUsage = digitalSignature extendedKeyUsage = clientAuth EOF @@ -214,6 +215,7 @@ cat > "$TMPDIR/trusted_ext.cnf" << 'EOF' [ v3_trusted_ca ] subjectKeyIdentifier = hash basicConstraints = critical, CA:TRUE +keyUsage = critical, keyCertSign, cRLSign EOF openssl genrsa -out "$TMPDIR/trusted_ca.key" 2048 2>/dev/null diff --git a/test/certificates/password_protected.pem b/test/certificates/password_protected.pem index 78428612d3..409a5677d0 100644 --- a/test/certificates/password_protected.pem +++ b/test/certificates/password_protected.pem @@ -1,53 +1,53 @@ -----BEGIN ENCRYPTED PRIVATE KEY----- -MIIFNTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQUjmGvGnDzF1d2KML -USvuYgICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEPxe/Opf8jx4H30l -gtFoWwMEggTQVO1+vF+10xVzKQAnX7xtXdNxhpTY0x8QFrx8fniQ2Blf2AmEM4V6 -tknYDhNnb0RY2TQ452cPb1OhYhLtMoGT4ZEkhhm+as+5V90MaJqSiLfDi7hvbOiX -d65kjNqJqS0rbtgFUMV9FtU4PP18Q0BscPNt4CP3fueqS6Zx/7VZEbEz5JqqvLmD -+MxszddisFCpcJvi2V2YW3MsB3Zrj6K2dGpqUFpPiTouDTOKxi7vuRf13F8BFnB0 -gLtgcwp4tbrk+LJYr0Iz4fMMNAYi+0t5eRWh97baQnEnbJaGx9oo2Ef+VwkpEJ9G -4aTrtIh0/LJcrG5SuPRu3FOrArEQItTxiNoHxQsvCvPO/vYTNZA5DAXYisaEGrZB -MMvz8U1tGtiNCJEjoURGOmNPJswTR9DDBu7cXA42vUcFbXZEyJB3pcw3mDu0X9+a -POkD3oXespiPpMfS1Y3WVnrR7DcBZ9DBWdNZ0BSB1kZBrhRUQaXPJ+22IacqtGAk -y/HtovMEw/CeQAdEucG8iIPAGPr8VPY1p7Bz+D+TYFhGlyDhNd7vVHRqtVXXDlQj -eqSwf5n/Gh/f7Q2h1vbzzVHuZ4UoZDP0ZszzGfSA1y8aHLFKHoTrUmvfLGrENh2V -LjcjQLYxnL48qVkClr0tME2fv7P9cPqtIEEXvmzFXT61QrZFiYHCk5HPKoFsBSQl -c7LsuM5X9D7xdV2BrEFXN2awH6z8MgoqdreILm70Ze1pTBM+NzGktMFABcxAXzaQ -llt4oGs8lmGPuQjCnvxPXiLRxj+fLU2YzpzSC2AYEKQ3KRrxYUXGu42oLiIUjK8f -BUsOGnYYGkHCT69WBbgtwl8iC0LDcBObMFFv1IQN4gh7TIZF9bvkCp0S8PNqaT/W -i56cZHVtu86bCBUeNz5SLGnCwGuuvQL53c5fgQuzK9OhxVgNFAsk1YeYcMOFJXvK -oTDqTiQ91aOJPxt88QaxkD/45Vc/EivZ/niB84/32uyT/6ymSzIKtU4ZOBne+Jx9 -MQ1ETkTLG1Qug/gRdJJ+hKuzAOeME1mQ3XbqG8yHVZ6Zkobf95X23yqMq72Ohi4p -BJiE2T4I/F1Cw2hyPOszGV5tXyfcrT2Z7FhJNZReD+gtoYnEeuNNMINYNDagIUNS -PPkwg7JTNOXEHbkGvjoWiAtxnfxpCKU6Fm6kd00vD9Wc9v/QsIBEhrFyvLZk/ucX -I3XYajuoQE/wGphYPuzlOzBOjiQfgVV27CalXJwGHAI/KR8D5lKP0aRwlkLUyU1c -gMlotqKNAxnhr/Nbdj2eo9aCFAW6i8eZIlviW139RWZEp8gRiWcTWQAvV4NhtxxF -4QzopulPmoz4wtQRrlotG+5JW6JqX81+VF53EsiP4C1tnpyxY+MVynAUroeOQvNI -D9aZu3/zA2+ixkrahfoGVSoGTaIAgchRyaEfxfA4YzcdfQkR5dhEJf4u4h5wvUS6 -ZWOA6Ei/NgtjLJXCaQywtseq2KSTgK0R0IyC91mEvR31w1WsMaZxCG9JuJU+Nha2 -R5qIQeMwEOR/+siKxh4QXYK7r70QqFbOkVZDBsaULrMHv66IUceOAjXpuUe4NbV2 -UcDbYWletvU8tKhBdA8SttQib/F2ra5CZVHwrPZOklhTVPQ7qzSDeus= +MIIFNTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQEBYtboqnWdJ8eESa +YxMmKQICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEECFmeuF/j03+YvpX +H2iJoQ8EggTQP8xnokAYXmoie9Zq8ZfMm3Z8V2a2IIzANeC/FrR9yQ1L77EuQpzG +/ah5TLBn/SasWRNPMV6M0TI8Cvg3GDKuBdK+GqwQik5masD5UsCx3ihLLiWasF8I +R6w+CWrpZZDLTfQE9ZXEHcb6A8d/pAQig4wPHfBPopTxiCsfCwqkVMMH/KMTfBqO +VKAkRE9e33gmEygO4t1LMtnR34mwgWA5KJOmAlPT3QiEBy/ZpDD/2PFqmqigibdj +YMRy6irIBqlHoDqtWmYuFNBBpVPVBtmFw3DDbbAIwMQ0zq4Il0Pl75REvIebgXEW +tjsOLGomW/gcxf/QCu0zdsNCYVNarXzM2UyJR6AibotjeoUDFn7wR+NRsI7rTYUN +r3cDDdxPebaltVAtwpIY4XoQXZVpfcyz6kmGKlkl9VuzKdSPV3fi7om7aytjFKxf +L0nZ2lsDZ0bhwMv7PKDkNHIPdyUt/XPayFb6+BtF2fCj6FRy5xyhX3sRuVmPdWn9 +21YY+TaE38/kB7ItD07XyrX4YB4lgG0wX+qMUDPH7tX+f/Yor5XQ/it7186z/Yl8 +L7wW4td+mbWWfV8HXhmSeJlbkOzvtzCOmf0ypOCi/Ixw7VVRXITevrdpyb74trQz +HV24x2V+dDHkXxv+kS8tuZ5kRg5ZSqrUSaDoUNIrYhbmJ2QXoew08zvJ6GL5UY2M +a6pQz41GO9cuVLXJiO8nV3VbKoFP1aoxaAYotMKpv00Bf7W39oS9lDY9rA+oHj8J +fKjYjr/ojCHkG4EElkAzcRvKCZpdMFDCf7IaNlSxkHvf33abeHwf7zb0WVXCorbu +499jo2Oc5QVQFxKQIjAjPX3NyvZYqorXa/vxDo2KvofCe2o1NOJ+5zvb0Nk89PWk +vunNo9Oq8M9Dw3S1jh17RJPLmBNsxQ4rqExynVZUcVcdDABnVUR9UDBA0/Pd41Yy +6kIlS2BgkvcL+Y0BK4oZVjz0zuNSlXgeh1gcNfFR8phxRAuYTZ0H70ZPTEfgJ3vn +jNsiPu3C6TLH4k7xs8VtIob5Nm4PrUcV7VNQLA55qZNQeL/uDwwvipY7ypKe0+7Q +bvESiFh4s56OjvBAp1wVjrKDmuzoL3aNr1dHNKMh01ft8pU8U+rcNYkAQ0ZS/mX/ +OIXR1Y+0v4x8OPYK1QWsZxKy2PbfL6oGEmsMh4viv3ZbSElw/gmuTP0+8jpXK71O +MwYdaWq9pCS9RLrcjYHff18vS3zWA6MVkanLNqsiUY8QBW/vTFGRfpFSZWP2AQ4f +IayDtfrqDcwEuOCFiRSrcZCzyGEs4NLgjBDfAi9Fz1Ec/o5f8xdM1Tdb9BSI0dS5 +P4a318l0hbaY5tUPMsOsYQlizgksCdgvxms2k5u4kpJkSkRw+BXgOdxYbeHNWqwL +snYwWmRLOXymu8OeJ2zTQ9QH6ComE+C27KOhxUml5XjHqY2j69qbXkhQWmi0EXj8 +DHJb7VPQZ+7IEjMTXRFmTLSS0S1k0C5CCGC/eYtUFFdQzG/RYSLbic0yICrPCnTq +GX/PiC3E+MTaZrr5ehAHAl+LC0iw6qXMUgBO2rWOYnF2vP56SIvI1yvCgNWpKFN3 +CKyHUKWyislcHqw9lvyzuouoidtUHpWMAEo/hEVb8JF4Y/yNND/4nLU= -----END ENCRYPTED PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID1DCCArygAwIBAgIUCbg8cGKRX0dJSw6VBWVTBPoft50wDQYJKoZIhvcNAQEL +MIID1DCCArygAwIBAgIUJMLeJCsPMuRPkCXuMs52RwfFbAAwDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTk0OTMyWhcN -NDYwNTMwMTk0OTMyWjBpMQ8wDQYDVQQDDAZjbGllbnQxEDAOBgNVBAsMB0RyaXZl +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA1MDEwOTI2WhcN +NDYwNTMxMDEwOTI2WjBpMQ8wDQYDVQQDDAZjbGllbnQxEDAOBgNVBAsMB0RyaXZl cnMxDDAKBgNVBAoMA01EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UE CAwITmV3IFlvcmsxCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEA7VwRXMLcqpqjyvpgQ7jsclEUrj0rFZ/ltoB4o9steOQKwPNtYr8g -lynnvyffJhJTV5hgAFaXJ0pLCRbxWM/0h/Gh1AfSanMz9OXR4AhOREOoOg+TxeaI -mqmnP9lRxqqhLPx0RsjYZ0Th5L3tLh1R2VDd1BoU6cwBw0Vje/8OTFlzakWBE2mc -iOdKLASfj0pALIDpeDxdbKl1nXyi6RZBNVf9UGtGbCKfGLVwxfRGadT9TaqAALIo -1yByOZmXnyJ/aLCnniJbn/P6knGiUZUOeKIPwpkaiit+0S6yFeXa6AWr9TqAxNgD -XauzzFVvghqVDgdNC6TSeYcKzmZgj3HFeQIDAQABo2QwYjAdBgNVHQ4EFgQUbgzD -I93lHfaMivTtylShgIGRCAcwHwYDVR0jBBgwFoAUy1lppluMfDo7m9/Jm0ETbS2A -YyEwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB -CwUAA4IBAQBNoP5tmkVAQT8+z6TugYjXn5cIGON8Lxpavku39iEr9lWtpfr8Wc30 -uYNzItqJ76sSRruuYVC7TNEldOl33OsW2qaLvjhH9FaGEq+tZszhN3bepAXCbIB8 -mc3jHZw1nUnMf1I26HW5U3HF/qu2sPWbGW4sj4NcTTJ9sJb+KlBRAcowAgLFo4yg -l5zAs1MFoiGa4slk920pU31eEt3zg+14wsxaUrpqTnOm/nZHJJPI0tp7IQsjRI3q -9FCycrgr+w3FnM5dgfggl0O9CBIg10cefRAIBzGE3esmUCjSOvYrvNVlV/yXnv5J -yUoJ6hJYPyB1GbcBwOpUCjnx5noUIKBv +MIIBCgKCAQEAwSLqHOwSV5I+NzoMOP5To+pe6idd8J0CjRy3Qrip7bmQ/JkNE+8T +iqokW7OMctnfc0vWxjXzK0+9KkUUXSK0jkwThjLVE1rcNlgRzpDxdTpRuGiJS5oj +N/1uYEHysXVLwPFGTowi7XTrny5XHZOrHHFobQOFuIJV4uOhAxk+Lae4bYE9O+kG +tpXynNQlYFdy2lCHFvCaRw9PslNoElq/P6BPdttn7tjFQ8kKkf+1hUQQR0eSiUr8 +eLSe+dz7tfaPk+1OYni3oEdT/qyN5tJLSaGraJnw3XO0dF3G4KiEv3E4yP+0Lkaw ++0bh5+SN/9DJfjsCsxJaU5VU+izlETdIgQIDAQABo2QwYjAdBgNVHQ4EFgQUcICQ +1PTXz/qx3lrQtE2Op0GknT0wHwYDVR0jBBgwFoAUFVSDsxwp17OgtAlN6IMLGhuZ +bkUwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB +CwUAA4IBAQAyFLdTJL3uJlIg4gsQLE7YOR8flyngDYneYhiqwM8VQzXFCGGi7VqC +o2H3SFMnZUm91qupDsa2qaQFULsRgCUm1ArvxVtedkQBlsPylRY5K2/UW/Flz/2C +0Ye8kQMTkCseNPKolwGf5TRSWg9fBNXEYHrtuEW83A0a2/cL3MjehGzblh9BF6Iz +HQvpxM1TcMCrrS96Me3UT6ENxCIzNprFjn58pDGGuOKJd+BXrqXSnXKSJULlEoWv +32/FDsUDe5uI27gu+GvSNZAOddhwXv5OwHNFBgtY/8X9jStUuzhrwLzv6U0V/6Y6 +qtrgSbev2AluiMko8NpevdP2NsOUMxyS -----END CERTIFICATE----- diff --git a/test/certificates/server.pem b/test/certificates/server.pem index 5b8a3a424d..08cd76dcfd 100644 --- a/test/certificates/server.pem +++ b/test/certificates/server.pem @@ -1,30 +1,30 @@ -----BEGIN PRIVATE KEY----- -MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCtbTLMvCR2XPs1 -J01nXbnpvcWwwBWQuWwbMZlqNvZPiAgQgjuRmzTlvB/MMgbTPb8mynE9HtnjW0Kq -HDqAXUvBstGSd67Pjd9WCTLcV+JJ7IufUp7SuaijGlVLgtDTNoJ2s4lUN5DWZyx5 -EL8uHH1fXaNurDglGC//F2shUhNlO8xpZXMaKahJZwmsU7aeA9xvrudGwkYQm8Vl -+Zrj24t4J4Oy+7TJEzVZ8lH3wZ9FkG/eiozURmL9uK8bG6DmhqztEKZFpy5LUBY/ -RL2Y1Mcxec0wHxSamRslx3dAcnCutR3A4bs8OoXIwoZoIEQDOFoge67q8sl5lyaZ -SpmsJEq/AgMBAAECggEAALAiN3W3n1CXHordX7+bcTXzhtP8Qeq6ZxE3TpiROZeM -kKQzoExBVXf9mE3KgSQJkhnTgS6SJrjB9vLNuJymJEqVUkNvShuB+1FmBkHDABAU -LbmiL6vU43DDTd1i/rOEqPvlW5Qs2uzl3EUYvRIX3Tz93P6J6nvCFPz+y88LjKdC -aCsA60Hd+cQQ9dJa2qZ5db4YkU2cwGFdMtLEsdGy7SKviOscaTWDFoy6LR+lgqRN -jGoUOSCSzfyXcsDl2Cu36jnQWj7d6tmhTPkdRMPXEvFj7+s0xmB6Z/I3kMFHBCJq -6dAJ2if07JOiPK+AgFAQiK0DndqyTV5FJD21jlmEIQKBgQDY68V7bktXS0nquPGZ -WKnBm/vyulH1PwpTFQHyPAzEUU0jjRaEKYHhTzZu0728HZi8Yw24X3BtcxSQVHeb -8Hz1JCpvVPp+G/jxa+qxwz0upBJPy8rfz7N4R0OjSxVKe/7zu+cl7gAyb0hyo3cf -3pFOGRw5LwlA6dv7U9eOrPGS5QKBgQDMq39juOEKdjIRRsPpFMhF77SefnobqBm8 -9mpZTs4LQNXG8BcUvS6S/xmyDocznFYJbBm9m2+gUCidc5edgkimHdfcTAccxXKQ -ihTimWxubXB4KhhyP9EsTC2ppcPGSO49fCosvqmCFflGp2EUkl9SMSv40UP2xk5b -/7BJ9EvY0wKBgGwMZH2q3pRIyDTGknETnNr3W3P4IsLJ99aSbDnAd4uCA65lpIWI -N02HK1Hg3m1JQL71h+wCffnGjMOnjzx5eYSR0yFJbsxKGqIGYwzQdzU4PHbKx+7b -gkWzGZnI2H4VbVTyj5xxBGAa1jdj/P4+2pnQICLLrwxKcGyrwn8q3dmRAoGAckKP -1LFC2R9RJjn2ZyoWAI0orY74RnZbIBYFGySWfMvOTMh+ajKPTLsjsjbQHez6TzpN -SH/9GmeFtRjyHJm+SxbACplbIyHLqouby0FRunhYYI1HpoigEvXYTCxhllHixuqJ -dP9gDGKODnalCOIKWw1eegMByUO+PTgKR88dhMcCgYA6LNAlqxBwO6dTPQFvGlqS -d67iKwyjbK06iyjvcNf2q4/jh8MC8au8gHDxXG+I5Gp3nMXncuG4GG5Ii/tKX3kt -/6B3b3tlFmdsAmI8xEpiHhDBDXINLRs+w7rkl5oNduHKkCWd9r9KduupJDvTo78h -9yuZwMwRFAIPx9P3YL1SeA== +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCuozfwg4XDRJs5 +zPCIEAd3iiS2z+G68X0N444O1Yb/35UslCY2ZkKWs738I/A9AI1Tm74C4l1PMHNO +OlCMcYg2w/fu3VuAa6E7QwPwjRhnoRYl2lgDX+TVKcHXOmD8bKZB+S9V7Rl6CANs +pLqeSlGBQqXORJ2nu0teou6BZUJ9qcRbsC/aHlQleOr13jx1+sfPvwK8rrBeYqH/ +pA982scfE/PU6QnB2v+9Wd/hHt7073ssIE8lsKxoJtSsfebyV5kn48e5kPKWnbLk +ONbD5QRzCs7Z8GbIrzGkXV4mRwUVK5+fCmhVE93g+99paeJpcXOrBmkCTkL9WTyg +GW0vGhDLAgMBAAECggEABaKOnjF1kiTB6COMv1cvu9O2oOTO9nvu+mZqobU8yJTW +ThHvCbeoU7neWicZYV6F249y73TjveJlAL6GStcppgVnbUsHNiWYQOlF/0UOPInI +xSqTxx1uV30kHBBuK2GgxmWGpCclDfhO4/qMwFQgPSOBZh52AoDbSw/G0mC0vIk9 +ddiGMvQHRgh/JEk1vrIqE+lEdiccPNswC2G2FyXWHia6plpZ0VAZXfQH6R4ttykF +CfHUk1gNDuGrXtwHicF4d6XXZsnuPkBQZ/GWmu51gGu5Xhr0TmXY/NPRhamsqsjn +lkrNGV25VxZX1lGM//cqL77Om7m9k5Rx9gnp+8n1QQKBgQDj09FNvc6kB8QzZ3Dn +1YMnNKpSiu5d8qW8iUGUMLIF+d+KTkHa7nLBfjEOUyCVOJh80pUFhvXwL4RtZ72A +Ln2EWZWYxN7aNzuTXQIO6zit+BgosCf2Vqgu06yZtmZARFNxTRRImRwUsPGaqnBH +drxJpQfuomNJfCJ4MY8OmC/URQKBgQDEO5rsV8OioXI7+y0qWSJO113sofwT9VSt +JCy26oN59sbgrcFPohsWISEBrYnjuPEeRf0Z3Hl52Tt49btuIqPmga2II/1Zj6ip +V9cTzwVij3XSfdb/SwcV3GBCzhQjgl6C/1ocpayQHGLaS47+hHFu6sGp2JyxhDKL +owO/twsJzwKBgQCU5crVVEfJTIoeTmysGA8vgGwQplxDamKHZe1GPM0cusIuUhcY +Tt8RNrg49HtHC0YdzkM26Y2y/FtAZZykOb4u0Z3Dymcblx2IojDGL1VL3elsLjTv ++pLQh+c2Ts9lEUK3ufiXuflwTHSa8OmQyzkjqIgWnmrljAu7IiitESmxQQKBgDEH +C1/9VX2uhJID4XbxKic0m9zhY8/AvdU8coeI9Cxmwa2k++VfhRD0WgDHUOo6bNO5 +fNEXSqps4fUIwDl2IikXQToAc+4KfINC1RO354qGeVOL6UmDf1Ow6cQHJPTyP5bP +Ib6Cjii7Tt9nfWSNxqGFubkry4p2kwJcSjV+EB31AoGAMv52cz2i3FDSHYBv+QRF +VrTEfMlV63o/zPYKRx0ZF+9b6Br8z4emeNnb6Fu7nk5glliGMsPbGT/0P2OPYl8/ +Q2Tcp/QlvAtQbeCsOvUQgi0eThxgskcNOMefAr7BFcHSZVgrGixDGrIiIViJGQMF +IyTjmZ1yDgFmUwf8ULuxegw= -----END PRIVATE KEY----- Certificate: Data: @@ -33,75 +33,75 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=New York, L=New York City, O=MongoDB, OU=Drivers, CN=Drivers Testing CA Validity - Not Before: Jun 4 19:49:32 2026 GMT - Not After : May 30 19:49:32 2046 GMT + Not Before: Jun 5 01:09:26 2026 GMT + Not After : May 31 01:09:26 2046 GMT Subject: C=US, ST=New York, O=MongoDB, OU=Drivers, CN=localhost Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:ad:6d:32:cc:bc:24:76:5c:fb:35:27:4d:67:5d: - b9:e9:bd:c5:b0:c0:15:90:b9:6c:1b:31:99:6a:36: - f6:4f:88:08:10:82:3b:91:9b:34:e5:bc:1f:cc:32: - 06:d3:3d:bf:26:ca:71:3d:1e:d9:e3:5b:42:aa:1c: - 3a:80:5d:4b:c1:b2:d1:92:77:ae:cf:8d:df:56:09: - 32:dc:57:e2:49:ec:8b:9f:52:9e:d2:b9:a8:a3:1a: - 55:4b:82:d0:d3:36:82:76:b3:89:54:37:90:d6:67: - 2c:79:10:bf:2e:1c:7d:5f:5d:a3:6e:ac:38:25:18: - 2f:ff:17:6b:21:52:13:65:3b:cc:69:65:73:1a:29: - a8:49:67:09:ac:53:b6:9e:03:dc:6f:ae:e7:46:c2: - 46:10:9b:c5:65:f9:9a:e3:db:8b:78:27:83:b2:fb: - b4:c9:13:35:59:f2:51:f7:c1:9f:45:90:6f:de:8a: - 8c:d4:46:62:fd:b8:af:1b:1b:a0:e6:86:ac:ed:10: - a6:45:a7:2e:4b:50:16:3f:44:bd:98:d4:c7:31:79: - cd:30:1f:14:9a:99:1b:25:c7:77:40:72:70:ae:b5: - 1d:c0:e1:bb:3c:3a:85:c8:c2:86:68:20:44:03:38: - 5a:20:7b:ae:ea:f2:c9:79:97:26:99:4a:99:ac:24: - 4a:bf + 00:ae:a3:37:f0:83:85:c3:44:9b:39:cc:f0:88:10: + 07:77:8a:24:b6:cf:e1:ba:f1:7d:0d:e3:8e:0e:d5: + 86:ff:df:95:2c:94:26:36:66:42:96:b3:bd:fc:23: + f0:3d:00:8d:53:9b:be:02:e2:5d:4f:30:73:4e:3a: + 50:8c:71:88:36:c3:f7:ee:dd:5b:80:6b:a1:3b:43: + 03:f0:8d:18:67:a1:16:25:da:58:03:5f:e4:d5:29: + c1:d7:3a:60:fc:6c:a6:41:f9:2f:55:ed:19:7a:08: + 03:6c:a4:ba:9e:4a:51:81:42:a5:ce:44:9d:a7:bb: + 4b:5e:a2:ee:81:65:42:7d:a9:c4:5b:b0:2f:da:1e: + 54:25:78:ea:f5:de:3c:75:fa:c7:cf:bf:02:bc:ae: + b0:5e:62:a1:ff:a4:0f:7c:da:c7:1f:13:f3:d4:e9: + 09:c1:da:ff:bd:59:df:e1:1e:de:f4:ef:7b:2c:20: + 4f:25:b0:ac:68:26:d4:ac:7d:e6:f2:57:99:27:e3: + c7:b9:90:f2:96:9d:b2:e4:38:d6:c3:e5:04:73:0a: + ce:d9:f0:66:c8:af:31:a4:5d:5e:26:47:05:15:2b: + 9f:9f:0a:68:55:13:dd:e0:fb:df:69:69:e2:69:71: + 73:ab:06:69:02:4e:42:fd:59:3c:a0:19:6d:2f:1a: + 10:cb Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 99:CA:D6:55:64:61:E3:D9:76:00:D1:9B:A1:D7:49:17:8D:5B:6E:DA + CC:CC:54:7B:F2:87:66:CD:2A:F4:75:39:36:9B:60:45:1D:3A:FE:44 X509v3 Authority Key Identifier: - CB:59:69:A6:5B:8C:7C:3A:3B:9B:DF:C9:9B:41:13:6D:2D:80:63:21 + 15:54:83:B3:1C:29:D7:B3:A0:B4:09:4D:E8:83:0B:1A:1B:99:6E:45 X509v3 Subject Alternative Name: DNS:localhost, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1 Signature Algorithm: sha256WithRSAEncryption Signature Value: - be:88:47:6a:1f:07:13:1a:5a:5e:08:1a:1f:b4:9c:2b:21:7c: - 4d:6d:c2:8b:b0:af:50:7c:87:b7:23:13:3f:1d:ff:c1:f4:52: - a6:c1:93:d6:85:ee:8d:ed:93:4f:35:c5:87:fa:8f:23:dd:11: - d0:76:32:8a:15:ef:53:ce:cc:e4:89:bc:9a:23:5d:8c:81:b7: - 10:2a:e6:c1:39:d5:f8:88:39:66:93:e3:2f:7c:55:34:d1:c9: - 6e:71:77:30:b1:32:49:35:59:f9:d8:16:c8:ad:77:33:5f:18: - c5:75:3f:e5:8a:ed:5a:d3:8b:21:5c:68:66:fd:62:c3:e7:46: - cb:b4:a6:bf:fe:f8:77:68:8b:c9:c3:a6:7a:1b:af:ee:ce:b1: - 8f:49:8e:a3:a5:c5:a9:d7:68:dc:97:54:d6:f2:f0:59:00:41: - 66:1a:c2:7d:26:da:dd:96:fd:ba:98:da:a3:88:86:17:93:4b: - 4f:b1:65:2c:20:c0:ad:46:73:b8:88:54:2f:0f:39:bc:e9:c8: - d5:3b:69:33:43:75:a3:3b:20:46:e3:fc:f2:8c:0f:11:55:ae: - 02:ef:05:9e:59:bb:ad:e8:b9:cd:f9:7b:5a:5d:93:fa:46:f6: - e0:29:c2:95:7d:30:22:fb:56:53:4a:82:c3:7b:88:49:f0:a1: - a6:ae:c1:c0 + 3a:72:ef:6a:0c:6a:f1:a6:e2:bc:11:e8:ab:71:01:3c:6f:20: + 35:fc:22:a3:6e:d2:91:6c:08:93:d2:ae:61:37:72:88:8a:73: + 80:87:ec:61:c8:25:e9:e9:df:0f:6b:fb:50:27:36:0f:a5:b0: + 71:1c:9f:c3:fe:94:5f:b2:f4:30:56:81:7a:4e:51:f9:30:cd: + de:0d:90:39:86:3f:c2:f0:cb:8d:c5:29:4a:7d:27:1d:78:5d: + e5:3e:a7:90:08:06:5a:0a:1d:50:d7:39:8d:ee:a4:58:3f:30: + 44:d4:89:dc:94:8f:66:4e:0b:7b:94:e1:06:67:ed:23:ab:22: + e8:77:18:fa:d1:6e:46:df:bd:75:de:c5:d2:b1:ac:ef:df:07: + da:b0:85:2d:47:18:fc:fb:d3:de:10:fb:e0:35:ef:d4:ef:0c: + f5:d4:d6:84:3d:22:fe:44:c9:d2:48:44:ec:24:69:52:15:9d: + 99:52:bc:e7:04:9b:15:85:7e:e0:06:12:bb:ba:96:58:78:a6: + 61:fa:33:01:7c:76:43:6c:c5:3d:11:c5:e1:9b:e8:59:d1:96: + 8c:30:21:e4:73:82:7f:44:76:fb:d2:f1:54:a7:b2:1a:28:ad: + 28:bd:f7:9a:47:ef:dc:b2:1b:26:d7:fe:0a:0d:ae:bd:38:13: + 61:43:f3:e3 -----BEGIN CERTIFICATE----- MIIDvDCCAqSgAwIBAgIBATANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER MA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNV BAoMB01vbmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMg -VGVzdGluZyBDQTAeFw0yNjA2MDQxOTQ5MzJaFw00NjA1MzAxOTQ5MzJaMFgxCzAJ +VGVzdGluZyBDQTAeFw0yNjA2MDUwMTA5MjZaFw00NjA1MzEwMTA5MjZaMFgxCzAJ BgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazEQMA4GA1UECgwHTW9uZ29EQjEQ MA4GA1UECwwHRHJpdmVyczESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG -9w0BAQEFAAOCAQ8AMIIBCgKCAQEArW0yzLwkdlz7NSdNZ1256b3FsMAVkLlsGzGZ -ajb2T4gIEII7kZs05bwfzDIG0z2/JspxPR7Z41tCqhw6gF1LwbLRkneuz43fVgky -3FfiSeyLn1Ke0rmooxpVS4LQ0zaCdrOJVDeQ1mcseRC/Lhx9X12jbqw4JRgv/xdr -IVITZTvMaWVzGimoSWcJrFO2ngPcb67nRsJGEJvFZfma49uLeCeDsvu0yRM1WfJR -98GfRZBv3oqM1EZi/bivGxug5oas7RCmRacuS1AWP0S9mNTHMXnNMB8UmpkbJcd3 -QHJwrrUdwOG7PDqFyMKGaCBEAzhaIHuu6vLJeZcmmUqZrCRKvwIDAQABo3AwbjAd -BgNVHQ4EFgQUmcrWVWRh49l2ANGboddJF41bbtowHwYDVR0jBBgwFoAUy1lppluM -fDo7m9/Jm0ETbS2AYyEwLAYDVR0RBCUwI4IJbG9jYWxob3N0hwR/AAABhxAAAAAA -AAAAAAAAAAAAAAABMA0GCSqGSIb3DQEBCwUAA4IBAQC+iEdqHwcTGlpeCBoftJwr -IXxNbcKLsK9QfIe3IxM/Hf/B9FKmwZPWhe6N7ZNPNcWH+o8j3RHQdjKKFe9Tzszk -ibyaI12MgbcQKubBOdX4iDlmk+MvfFU00clucXcwsTJJNVn52BbIrXczXxjFdT/l -iu1a04shXGhm/WLD50bLtKa//vh3aIvJw6Z6G6/uzrGPSY6jpcWp12jcl1TW8vBZ -AEFmGsJ9Jtrdlv26mNqjiIYXk0tPsWUsIMCtRnO4iFQvDzm86cjVO2kzQ3WjOyBG -4/zyjA8RVa4C7wWeWbut6LnN+XtaXZP6RvbgKcKVfTAi+1ZTSoLDe4hJ8KGmrsHA +9w0BAQEFAAOCAQ8AMIIBCgKCAQEArqM38IOFw0SbOczwiBAHd4okts/huvF9DeOO +DtWG/9+VLJQmNmZClrO9/CPwPQCNU5u+AuJdTzBzTjpQjHGINsP37t1bgGuhO0MD +8I0YZ6EWJdpYA1/k1SnB1zpg/GymQfkvVe0ZeggDbKS6nkpRgUKlzkSdp7tLXqLu +gWVCfanEW7Av2h5UJXjq9d48dfrHz78CvK6wXmKh/6QPfNrHHxPz1OkJwdr/vVnf +4R7e9O97LCBPJbCsaCbUrH3m8leZJ+PHuZDylp2y5DjWw+UEcwrO2fBmyK8xpF1e +JkcFFSufnwpoVRPd4PvfaWniaXFzqwZpAk5C/Vk8oBltLxoQywIDAQABo3AwbjAd +BgNVHQ4EFgQUzMxUe/KHZs0q9HU5NptgRR06/kQwHwYDVR0jBBgwFoAUFVSDsxwp +17OgtAlN6IMLGhuZbkUwLAYDVR0RBCUwI4IJbG9jYWxob3N0hwR/AAABhxAAAAAA +AAAAAAAAAAAAAAABMA0GCSqGSIb3DQEBCwUAA4IBAQA6cu9qDGrxpuK8EeircQE8 +byA1/CKjbtKRbAiT0q5hN3KIinOAh+xhyCXp6d8Pa/tQJzYPpbBxHJ/D/pRfsvQw +VoF6TlH5MM3eDZA5hj/C8MuNxSlKfScdeF3lPqeQCAZaCh1Q1zmN7qRYPzBE1Inc +lI9mTgt7lOEGZ+0jqyLodxj60W5G37113sXSsazv3wfasIUtRxj8+9PeEPvgNe/U +7wz11NaEPSL+RMnSSETsJGlSFZ2ZUrznBJsVhX7gBhK7upZYeKZh+jMBfHZDbMU9 +EcXhm+hZ0ZaMMCHkc4J/RHb70vFUp7IaKK0ovfeaR+/cshsm1/4KDa69OBNhQ/Pj -----END CERTIFICATE----- diff --git a/test/certificates/trusted-ca.pem b/test/certificates/trusted-ca.pem index 26504fb0a5..a7506ba3c7 100644 --- a/test/certificates/trusted-ca.pem +++ b/test/certificates/trusted-ca.pem @@ -1,22 +1,23 @@ -----BEGIN CERTIFICATE----- -MIIDuDCCAqCgAwIBAgIUXyhWrw0JtVLpIVRkT9Mo+GDBODEwDQYJKoZIhvcNAQEL +MIIDyDCCArCgAwIBAgIUUcgTcnV0MsAUzdlCtBW/GPxim3IwDQYJKoZIhvcNAQEL BQAwfDELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMQ8wDQYDVQQLDAZLZXJuZWwx -HzAdBgNVBAMMFlRydXN0ZWQgS2VybmVsIFRlc3QgQ0EwHhcNMjYwNjA0MTk0OTMy -WhcNNDYwNTMwMTk0OTMyWjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlv +HzAdBgNVBAMMFlRydXN0ZWQgS2VybmVsIFRlc3QgQ0EwHhcNMjYwNjA1MDEwOTI2 +WhcNNDYwNTMxMDEwOTI2WjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlv cmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxDzAN BgNVBAsMBktlcm5lbDEfMB0GA1UEAwwWVHJ1c3RlZCBLZXJuZWwgVGVzdCBDQTCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALuE20ZJaaGRLzvMaurcKaP3 -AfNEp4n/AY+YjJY4znnXsgmVNDAPA3scOrjeSxjpC/Hw2HoBf4B57Rhy9HE/9alB -RIR7kTG+y/RA5EI6gy7cG1TddP88J0eLkvikVkQhhf8s5mD2n7p7CYtYorCif+57 -yOJVv7dI0Dn0RQ592IFGPDaCIp7XNcrSjBmIahBLOKNHNUkBQ6q69EuWnFfzF9z8 -Rhhn5k+mF8DWcEOxagizWSMIDVuu590OT60GTq7qisK1X3gSb9d3ndZ9OZLNaD8R -gBnkLbpALZl/iRmFTgyfhHqNVufo+gjZhWPscqMgyW8HGDqxr6ZKjCbRHrF885cC -AwEAAaMyMDAwHQYDVR0OBBYEFCszYGV2OdFVVbUnc9BWShN6WtmgMA8GA1UdEwEB -/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAC8jiq+HfRS0fD8nPbzVTv8agIDi -fDFFWPGW3EVjQT/BCaOM2FyfLcpdP0JMsl9B55xlqc4TtOuJkQ4IR93LFcQ+jG+4 -XlnJH3bqMuEgmNfIye2vHFDTDGHflQxDPJ42uwQIYKIE0zPdqEKvobbQ+mIRM5FQ -z7J8QqIqCb9UaaMFxUzDK0m6WQ+OREuf/bIcZhXL/kUmP/eVhHMy8P+NMqWe6UHj -tCDOuzLi+9jch0EaBHwPiOdzvrQc6EcuPT5kzcdN5mwPXCJG+HkYDe5FnRHhJKm1 -wffFeAe6Givp89hMfBpZMO/4gYzaXWrN1b0QjNJmhjqJ5AFp4bM4YqKF73k= +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJX2Nj0SfMSPuUiViJP0dcw7 +egMyp6VYyY2TCE8HHNqIem163Hy3i49MHKEqr9b5OVIz0RWaU8SdkJ2WwfaOb4G/ +Xu2o7AsDRZVHJwh8BhWu5dco5Fd8DZiUnbiWwdnlmbF/vFB//zGMWGYpGkUOIKuD +dbVdhXTvBrGXY3fDOYa8kjxqhUTJFqhLVESTzfxaiBww0ZMlDpMwgjU9CZJ5C9Sw +wGeRavjIJdiz6ABG1vdSpZ/8E5bL/WYgImonq1vfT3fWjnq8GlaSAW7YrkJ2ANn4 +/BIgkEZbjv+UiadLzUKUT+QT2Uff7bDD+Eh3Bh/j17p5ey8e3M+hkjFbwpoGA4MC +AwEAAaNCMEAwHQYDVR0OBBYEFMnVB5JRAbHlPRh7a6CguKrHtr8kMA8GA1UdEwEB +/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQCAcHZ0 +bfasq8TuSakrHbXd6VN2orX2BUodlAM2Hs/hUtCim8M8dK5iSr/tfW80mfq+bssw +ay+yKJzFlB3PzzLo5b6XBapbjPWiD2lWT5WoIlS/9CAO4BN3edhLAgRRMFgPXyZN +JKkNqg5H0yoLy0z+f0vxx7IIe0GytiwT7T0JLoVGQpjCIkjjm0XSCBPdjTQOow1L +NSE0dfQ9LbsuiAA6t83cl6PUMJHrBpKmzdLYoN6nM/VxAhQSVqy5MfnXgA3BWzra +vXoHA5p2rL1QZ3wQRB3B7kAFxqnrwJJdUTwRjm5RmGMUNjj2hFwAJlfwBQlYoxt1 +6rE4DkIhabfv7Zu1 -----END CERTIFICATE----- diff --git a/test/certificates/wrong-host.pem b/test/certificates/wrong-host.pem index 7fc84d88a7..8f6ed82d07 100644 --- a/test/certificates/wrong-host.pem +++ b/test/certificates/wrong-host.pem @@ -1,51 +1,51 @@ -----BEGIN PRIVATE KEY----- -MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC4SiuBOhAIB2OX -z1dPaQ3vY6r86AAKrJbajbJcDQ0ST5+GRfpIKrABbqrlUu+hjPIKtQWrBtBcAsWG -CRYhWq335mo3ygiHefdlTxjWnAn14qU0liyK+u3j51/7nLTjgY93nYylS5rjz2jP -/HdqMKdz1fYQEbmRD7e6+6DrOzQvZZuCgqbveULJmThiTJ/qhUP58BNywPSsCXoZ -KW8LZZhu1VK6MbtACXSF6TNfORYHHs9YrXb6UFY3ENx7kSF4CXdFOeS4JzHn7G4k -Ws7Tv2T6KFqNwVD7NU6cWHsGz37IpbXDg3w3OKxP84+qrlMNkqRvDLZerzSuz++u -8RCCTmedAgMBAAECggEAEBFXbbL0Rt7uDgRj5maQcnjMJbTMnCGkHXYRQPlaVGhg -zkI3qicepWFSwR/UCM/TIp/Z2KmFbSBIvID6TvorBNwwEqEo0TcPHOQilEOSkr+q -C8W0KIHsT9ySf8uP8e4P5iv0YU0QOiCRUOEAQF/xmaXkCE6jUUR/jmv2Acxtplwd -afIGu543/a84ca+3MJVf/O/l8T0Ri5YUl2PwdL3DfrSrf4njuRuAQZtNNGgKC3mu -Fszx+L/SAEtDK0fwGdOkbiTCyX1zwz4YnXYUG2WpOnyEpJa3u/usuK09u3fm3/fL -M3JSwdWbNKFSg0X+BP9XtJ94HefCECLycJ0d+ZJEAQKBgQD0PP+/jvvc02Kmi/pH -5KjRO8kDxSnrz/fHuMqqUv3CYEqf8+EkmLG4rX1b4HtR98VBCGGWGxG1aUgu50Lz -li7q2gGVb7c/zufd5zwJcbCPc52ZPo3VFcKd/6KVi3Fqv4YGRaFs6/r8JP65tQW9 -m3TNFslRPKcGd3dpzI9y5Q/OHQKBgQDBKh4RgceyquQgtzjEblCMzb+1N1s7ucRz -I68mibY6wE9IC+AUDidgOFFfQkrIeOqOM9hu6KmVD3859xbrw8ITMY0IqdOejiMf -+/JYt18uaBZ8zU2iTiHsuJRGwrWEUN3z+8x0uBgY56PIOTKbOciveOqQWa6T1RgS -UG96XmvHgQKBgHV8JjXaLNNTp5+fs9wDZSWI0bALlpfFaVZcULjPxRtMQHli0glN -nifM5IFeoVOTkQIwaujOypzuMPfG7NDJjHYSOjLNE2QRPj3i7mFIm/rVTZkamxVG -K2DfSDERa5RC3tCDjBweA5Roo1NnfYRwlCXXcS2vtFSLARkWemZ1Qz4NAoGACLZp -nMiJxVlH6OHawaFoKLGvD/FrQApk/fyCDe7wNT4vVUST2tO4mvJvWSiYTuqFSdy0 -ymvcGkkUp/ypIAE4Y708a0Ods+0dUHgAulerB2DSgtaPxd5YUWER7w8hONKc8EBP -PISBMb5g+Mr7qVy13JRLoC8rXKej6k+Od6qCmgECgYAZbJiGLpFFYMr0m3mxE/9e -lKUBYB94hrFqRy/+du/DNDJd4IxN75tnzXbfCKXK5Fp53dSG6ko2rb5/6cafxRB7 -uqa7z96VxzA9FPIGOV2sHu/3KMMmeIUor8Svy3MI+hTuNAbJMjVzm2J9OEBBsOT0 -S5pn4mtICgedhH0fkpCjEw== +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCqOy2pgCy55SlP +jOefFgo814NQiTZUzjslthOd7uobrQYCoLC5N2QwB1I6JlsJuDigo2vWnTB8nTwj +taf1hnAumv1oBvYV25s6nmP6OoOz3rqK0ZqTmXMd7ZlCWi0KmwglfJCsLsFFpGgN +gi1W9eUzVIaJ3BabG02nxRTcsV5oxAIzYdayxqZ/czzAvhfD0bKlfnDkfysWFEP+ +bgHSqNbZtYD4/acHKj5zy5Dyvkf+4rEWJrasqjJW69Q/fRj4eaYpXIz2Jh8Btd6H +8sLsucM5qIKcEwLw7nASLJsKAV+TO0jUbPDEGR2rUxKHoagT6c1pOexa+MsFaAWm +UrHOIFgtAgMBAAECggEABU5WaEXfPwUaUkkzUAVdGNPj2y8Hs0GBXPXNqzrO78Fn +Ik5Va9SC6i9UPA1FgapNE468dgJMyFmTTg6jt1azKPS6SNOMuJYxgrR8q8hGoiTj +Xh/V6FtcV/a3s/aBGGdIK/jzvnYvnobXGnKwDJmaBQ1RqzrhtoB1nXDaa12Y8n16 +dIgqgFK7wIu2c4FRDd0xr3Kq7+Gs3U6z65xyEtRW3ITghaaWsBDXDvHxBOcRm7SM +d8hXPto5sk0V94yJqxY0Xq7rXkDiqeVg+q/5lq/aSdWCNU8mz/+Xmrvvc7uUaHGF +xtTNM5cpVQiyhU3PYAoNa6U1NxHlhNW2yKN8hOTPGQKBgQDqxu23FcX3U9mISWZb +HlG9bzXOxexJAPWuDcIJdA/fI290kFQW2rE/b1jFoUsZL6esFJprinihjE9rdhd8 +vIgiPb2T5eg2h4J/KtXqtySLM00ySu1l6JvSWpZ7hxBDkMon+P160815H0Mko5+V +v9Ndfs2eo0n2LsPMFgv0pRkiyQKBgQC5npEhlqUAmBoIx7PnO6qPlwzWj2lW8l2g +BT3CIjQfbN4++PS2qMmv/3eHkfq3aBpSAXpeeLNEV5flPsJ6OaQSfMT4Wj5bbKEb +Xl8i4WfbC10YIhs6Ur6BOnK6Uyi8ArOFYhVRu/2z3937XM7C7Mz4/g0TsLavJoEu +xelKyc44RQKBgGYOzb1d6K3INHLrPWR0vKG1m1Vkcn+VvDbKYkQLwO6GD+hC6Vr5 +/D0QIS3gHK45KhFC75G6IxBO1yNmtXUS27bO0f9d3OD/bTnsnAspS+h7B57KNYKs +aDg8Ctht8SL96PMRaNchBVwWu/BMdI37Ul19RtMkNn2e/JxWJSJXNqMJAoGAdOfF +iF4UtfcWDomYaP5PQfhkgY35TmV/ShWC/A4GvfQXVZn+pjxQKqS/Z4ctXO4YBaYg +p/dlEJoKdLu+SLSc/XfPpotP0szr+wzI5nMIshDKJTT16RnMGh/xuiA9+4vH/S31 +N3ErLGrGqFWfc20o+3kmS0x1AoNBwW+sqwnG8/ECgYEAzq4Qrm69OmU9zbC0phon +LF03QSPkTInuLvcKAgKeD+kZQ6ZpZCwRnYgRe2XTFcLEwrrZAaem+eNR4tBeE2b9 +duL76gyoukctgb6bZM8TNDJlHg6MoT0RXUjEezMLhYNumrXDO6TCA7ak6gV5AHHw +zs/hznKbNvFW7xLQDPW/1f0= -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID5zCCAs+gAwIBAgIUCbg8cGKRX0dJSw6VBWVTBPoft54wDQYJKoZIhvcNAQEL +MIID5zCCAs+gAwIBAgIUJMLeJCsPMuRPkCXuMs52RwfFbAEwDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTk0OTMyWhcN -NDYwNTMwMTk0OTMyWjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA1MDEwOTI2WhcN +NDYwNTMxMDEwOTI2WjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV BAsMB0RyaXZlcnMxHjAcBgNVBAMMFXdyb25naG9zdC5leGFtcGxlLmNvbTCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALhKK4E6EAgHY5fPV09pDe9jqvzo -AAqsltqNslwNDRJPn4ZF+kgqsAFuquVS76GM8gq1BasG0FwCxYYJFiFarffmajfK -CId592VPGNacCfXipTSWLIr67ePnX/uctOOBj3edjKVLmuPPaM/8d2owp3PV9hAR -uZEPt7r7oOs7NC9lm4KCpu95QsmZOGJMn+qFQ/nwE3LA9KwJehkpbwtlmG7VUrox -u0AJdIXpM185Fgcez1itdvpQVjcQ3HuRIXgJd0U55LgnMefsbiRaztO/ZPooWo3B -UPs1TpxYewbPfsiltcODfDc4rE/zj6quUw2SpG8Mtl6vNK7P767xEIJOZ50CAwEA -AaNkMGIwHQYDVR0OBBYEFN4vEIPI1Z1GFl1EdUv89wb116ybMB8GA1UdIwQYMBaA -FMtZaaZbjHw6O5vfyZtBE20tgGMhMCAGA1UdEQQZMBeCFXdyb25naG9zdC5leGFt -cGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAvMUw0MehwLo7xC8gc1qmhpSQ6Cm1 -KPc6oA1OivbP3FeDNjODoy7E5IFkw976lP24Q3v/O6F3TURZw+Q3LrqtL7MmwtrE -nOppNeS8mYfKy07k0DJcEak+zBczUSCjtVsmN5Azv9L8CLvMe2apYT5JTaMt2wJZ -gbfPQEy1dtsi3ZMPoyQ+4aNiGz5koWb162BZSaeszeshfgU7afrjg0ugPe+X9HRq -dKYHdEHtuwZb9wln7bwckp8B4ciNGOUMuHOlZWUdDAP9ffoV7GF0Y7c3MZC7KgVr -YUq3mLsGaIjjBG4Poz6/tIjhFWl4vNe5RjX9I/+qgY1+Zz2u0vFeNzAAlw== +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKo7LamALLnlKU+M558WCjzXg1CJ +NlTOOyW2E53u6hutBgKgsLk3ZDAHUjomWwm4OKCja9adMHydPCO1p/WGcC6a/WgG +9hXbmzqeY/o6g7PeuorRmpOZcx3tmUJaLQqbCCV8kKwuwUWkaA2CLVb15TNUhonc +FpsbTafFFNyxXmjEAjNh1rLGpn9zPMC+F8PRsqV+cOR/KxYUQ/5uAdKo1tm1gPj9 +pwcqPnPLkPK+R/7isRYmtqyqMlbr1D99GPh5pilcjPYmHwG13ofywuy5wzmogpwT +AvDucBIsmwoBX5M7SNRs8MQZHatTEoehqBPpzWk57Fr4ywVoBaZSsc4gWC0CAwEA +AaNkMGIwHQYDVR0OBBYEFH3RUzpBaqpydyCy2TtnS7kTvBT+MB8GA1UdIwQYMBaA +FBVUg7McKdezoLQJTeiDCxobmW5FMCAGA1UdEQQZMBeCFXdyb25naG9zdC5leGFt +cGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEADEIdgN8segXnSrWnZiWS0dd8qKUx +k8+LQjjhjds9CPh1sq20BPqSmiL2kG+fpzyKqgpcv9BbZB3fpBCfdjfcT+Fd3ceA +HNOvkGdm87mxhvCQrmqkKEPjCDBFgTE8o1UxNTCHEBZ5z496NQ+GrbNzvZRC+QWd +CEI3VtRY0k7tDOmZWZLaPU+E6IPAvMbP2Uaca0Oo1lqPFab5hQkvwjZQa316WcE6 +ZA3PU612Z1xTX2H+mR/uCmUJTJNttTZcLFGjc3XM8aZSuOvBVdwoy1YYeB7pUBL6 +NmYtemygaPiBrIfSC8CrWFL7mtyaZJ7UukniGG5PH9WWm5YRM1lzlZNezQ== -----END CERTIFICATE----- From f3ea73d7e6cfd42327cb4e4949c4dbe605a5b6fc Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Thu, 4 Jun 2026 20:44:00 -0500 Subject: [PATCH 10/12] PYTHON-5040 Remove cRLSign from CA keyUsage to fix macOS CERT_SUSPENDED macOS Secure Transport treats cRLSign in the CA keyUsage as a signal that CRLs exist for this CA and performs CRL revocation checking. Since our server cert IS revoked in crl.pem (required for test_tlsCRLFile_ support), macOS marks it as CSSMERR_TP_CERT_SUSPENDED and the mongod SSL replica set fails to initialise. Python 3.13 only requires that keyUsage is present on CA certs, not specifically cRLSign. Using keyUsage=critical,keyCertSign satisfies Python 3.13 without triggering macOS CRL enforcement. --- test/certificates/ca.pem | 34 ++--- test/certificates/client.pem | 86 ++++++------- test/certificates/crl.pem | 16 +-- test/certificates/expired.pem | 82 ++++++------ test/certificates/gen-certs.sh | 4 +- test/certificates/password_protected.pem | 90 ++++++------- test/certificates/server.pem | 156 +++++++++++------------ test/certificates/trusted-ca.pem | 34 ++--- test/certificates/wrong-host.pem | 86 ++++++------- 9 files changed, 294 insertions(+), 294 deletions(-) diff --git a/test/certificates/ca.pem b/test/certificates/ca.pem index 7037fe33ea..7e79d7087e 100644 --- a/test/certificates/ca.pem +++ b/test/certificates/ca.pem @@ -1,23 +1,23 @@ -----BEGIN CERTIFICATE----- -MIIDwjCCAqqgAwIBAgIUCIworzyq+MZP6PgMwJUvbXynSh4wDQYJKoZIhvcNAQEL +MIIDwjCCAqqgAwIBAgIUG4yLbLc0MS98Rr9VPU52i4oeEcMwDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA1MDEwOTI2WhcN -NDYwNTMxMDEwOTI2WjB5MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA1MDE0MzE4WhcN +NDYwNTMxMDE0MzE4WjB5MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV BAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMgVGVzdGluZyBDQTCCASIwDQYJ -KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMsrDsoEdGpjI2a0tZeg477dzEn2jJR7 -+ejm3NjhAndXi9SA59NhY/5xeKCP78YY5lEf6GXxf7H31AOryq2d3/E2cj6fNMvO -e9eVWPN1X7l902qkuopTd35XgpnD8728+m7qpyVDCtL5hlsdhf2g6ucMri5r2cAp -VWlQ5AsZUKtd/kNHZcR0pD7mwsau9rlOkuHvO8yojQ1ImNT5I8EH+Z71nsjNyybK -6rR3M6KOB9m6vxQD0i18vTONNBLMYuFRmzZuk4s5uUNTlN7o4CBejM+tVABrVTc1 -DumqwMu6gOTg6xjbdWSe/l/YuZYTC/qYYyf2RjLHHm/T/GKXUU80DocCAwEAAaNC -MEAwHQYDVR0OBBYEFBVUg7McKdezoLQJTeiDCxobmW5FMA8GA1UdEwEB/wQFMAMB -Af8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQBF9sb1RAXqYlbx -qZy4elELn1l+yIZTbO1+VDmg1gZflMtkge/wpBNk6yVXXog6XsZ8bdigNtDyPsC/ -30cy+M78AITUiGMnrQU9vfjAfNVRHOBXcQdh2rdDYI0B1ypVpzbyX6qZhg0SiM1S -xYNKSFYZ+4RghyPpP+cMqt43lnpBXUPU+/Y03Kk81e3bj03zy13YDHJAYEipU2i4 -INlZKQ0OcRJC3dWON8QsYiV0fbPKFwaaLvBceNf3JqquHufe3/UPhuN5WcMErOoV -Ys+1hKorovgnrXqm0Aon6lwJrf39C7t0+B+MoD2St8S64QT3dM31cG/7O1IXKQWy -TY31cOt+ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMUpxRwvIP/vSWHitv/vN/T2k3zZO3+I +7j6fxLyQ3kqT9c3VZOCOV3yf9ESfEJpoKiOrUsWE7U/dBDT2gcBsYFuaRc9kzOzV +1XDIdfAhNMeSb9OHxW5gKN+bIiMOlEwzGsfty1hhmpAkZycfTkCvbQ/uyEtRApfC +QnvFYtn/gZ/1jXOa94Zz9uxDVwzBsCQlHf1WpD6h/Uk+QJWTj11osm6nGCFDkugd +BHF7iqcb05IFchM2u3MJQ9GcqHf+HIn/JuPbPP5/Y9kuFomHsabvqIq3Nj3iLUWx +emprLjwpchELbB4VfgOTX9dShQKPQaDZsZI/tsMtRe77AEMubDCsbeMCAwEAAaNC +MEAwHQYDVR0OBBYEFAedCCKz7kaIvK9mkpHLdhyfGtFyMA8GA1UdEwEB/wQFMAMB +Af8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4IBAQCjoRcYDpno/ja9 +jnRtJYBpqnKPv9L2cjChqMxQzfOqmD3aGW3mvn9tyqZ4gDpGrFuwojL7R2syALwX +OtII89+elyMuod/POley5nFBfko6UN6Ot3Anbk3d8YC7BeSJYlpOYJOjb5Cqk2ld +O8sUm2YxT64LdRQZbf0y068UgJiEhBUdY2gYrfj8DAjn+8TMOwXmXqJIzIdl+yX6 +jz8VL5RX++i79HE/PfqKR7uAgA19/KWcUUpT5dEJcFAH5uV+zP39ihlRCAYbEa/d +lI/p/Q4KfpdGSsNvrBK+0abYkH7JLsO6fXDhag8+es45LQPT6yCucXznq5tvl+QT +Z4yZLc0w -----END CERTIFICATE----- diff --git a/test/certificates/client.pem b/test/certificates/client.pem index 4f74ebd0a9..33e03ae915 100644 --- a/test/certificates/client.pem +++ b/test/certificates/client.pem @@ -1,51 +1,51 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDBIuoc7BJXkj43 -Ogw4/lOj6l7qJ13wnQKNHLdCuKntuZD8mQ0T7xOKqiRbs4xy2d9zS9bGNfMrT70q -RRRdIrSOTBOGMtUTWtw2WBHOkPF1OlG4aIlLmiM3/W5gQfKxdUvA8UZOjCLtdOuf -Llcdk6sccWhtA4W4glXi46EDGT4tp7htgT076Qa2lfKc1CVgV3LaUIcW8JpHD0+y -U2gSWr8/oE9222fu2MVDyQqR/7WFRBBHR5KJSvx4tJ753Pu19o+T7U5ieLegR1P+ -rI3m0ktJoatomfDdc7R0XcbgqIS/cTjI/7QuRrD7RuHn5I3/0Ml+OwKzElpTlVT6 -LOURN0iBAgMBAAECggEACF3p+LoI4uKO369b9XGeH7sg5MGzFgAFSuXwMfukP+xS -scCzInaQWQjdJZxaBKU34wupaKGQcONF0YGX29+LpSD6VQ1ZcfrVEKUg01sv3Klb -vjKIJR5usWehGxosSIAJebiyGCfFwRX4OaeFJl698k/e618UUU2TKS69jE/xA8L9 -n4lzDyepPf2hA99KG0Es3Ie+lSl9M76Ssg9XY5+7n7W+VBVr5MebDtOEu26XYIIc -FJ0jxVId+xPGvhDcfKvFCcJrtIji38FZBdHbIIrjioFL631iqrRwQTRMUkMY8d44 -POSavdt17zgA3OkBwg7IHa4j6lMRg+D4YYgrmgTGuQKBgQDu4Q0R139ou+n6ZsWt -XeiX5ngCg7+Snq3X+1zNGsUW43DbgLwnMApsoyV0WWccfApMtQCXTgPX68VIg8RF -SbFA/L4S9cM11Ev+GfMXwu/JDnHmOjBj9stFnQMlGxuhvXF6YlK+Ptrt4HOTkrGQ -01eb8NtVqUAZe+3YTW212wikaQKBgQDO+pOygwQnIm+8hPjAV+MyN5v1nvxiOOs0 -o8mx1tqJEMKPQ6fk7JycPNDBilDojkgr8afjpQ5JbFl+Zc/OdhNyiuzfB0LU/5g3 -ExIf5Eq8cdIl7dARu9onQcsXqWcK18kGPnmB4WGo07XkcuYgqRgVoI554dJboJLk -1KRNWEEgWQKBgCOj7EFHN7k2oDg98SxmoHdZaXpmkcScbC+XT0dCwTkjAgmd8XSf -VE7VIJd1Z072qsq7DrWEbEpg4PRqxHPaBNo/W1SU2mVDoXruADkBWqlSwGerMuEX -R0jBnmCA5OSC0VWDKfk8g4mOPXA9KMUE40Ne8jqbn/ataNUm6EGDxoxRAoGBAKDF -bthogF9NlnFe8EGngujM3S3q8qvw/nIDD3Y+J73z8MyLhuyBBh0t+BF9uN8LNfA8 -Y2amHPTXXqSZvNLoUK7WTqvm3fjJGJkfDSMMlyjNWKjxkn9T5V488t5MTafUeWeK -O6OxR8R1voHW5f5UmkqiTklKKbXWgoOQ0JbriJrxAoGALor5MAuJbfaC/ZcW4FVU -gHZJ5I7pvP7+DI/D5Rq3XWhRLTgMERUAzpKQt2fd23g8LDjeTc8TLnrkLC9PpZ10 -fHZQ/a4QolZ9Pq5T9h9HjiCesyLowbfITwfShbTQWR92rvVVh/elSWehy5ANsc87 -pIpaN+cWsG9/np9Z9kWwoBU= +MIIEugIBADANBgkqhkiG9w0BAQEFAASCBKQwggSgAgEAAoIBAQC4AKy3yN1ylUiC +rP8wqfYzO7c+l+lL9V8Itz05uzHDOnxFVVeVs0Xfvzb7Sc/xepnBlCIRDP5ucmyi +CQw2paK+Sqdk4dteBj5pBXpx5KC8oi6vIrU16gB46f1fpTVMpU6AxMbMOy0i8mtJ +SAH+YgBcyGjpix2I2PQUNSp2tAt9DJlxzmRcclJkkkyHZPMZPkCH0R3Fw6MIGwgm +h14eQhqxvUxcnXDKVt0y0e6uVU6dF7bqyAivzxIU3qFmxxWCsFSANppU0P6TBkIx +ysUgdV/rYkBVxIEi+NZomeGjR3/iKVkpo6yerQoaROWIWnJLLY5BzJc9oG5xnoAg +1qJM1EDRAgMBAAECgf9JSFDXDDN7jzkcfQn7DQtLxwdpm9cECZWamGAqE1lJB+IL +5bwcQxTGfWwdvigIuhYX+DIZLbOntAAlXgp0jpi3xm56H080WLLtNjauEFXJdaO3 +h3s5yG39D4l6A7JWnv/FCUSj0m2ySBpdSpsrVUdlAexxbJaMCjGBBYEEBcZi5r95 +e8K/F78rZXuHJbHfOx+xhKwyIalM8wyp63v6KLBscDy+DaAunOJij8NCpEwENohU +R15jAr60liAOnqJpvUctjjiUdjztbh3v9pQaOrsQ1wgGUL86P7rWV6TgXDe/LWel +6MNLJ/N6Mwmy86Qjoz4mlnaY4LYBUWdAzqd/zKkCgYEA3KvY7Kd4tTs/iElMGk0v +k+l4rONn/GjabyOkkZlc7TulM+7DDKvd/V+ms8c2E1TpW6c2Fn7gaBuC+Wfw23T/ +kXF3T0jFNLI4zOHjE33yT9fqg+0m1iAPVgn4e0eQ+xeB0fr3ILl7hbQY9n3fAM6y +DjfrWDhbDr4x4gBy6C4J70kCgYEA1XX5D8Roa9sGA4RjZz0FlUT1fq3pxEt9O+5a +bId3BAjd1nv6vD6Dln5AGLizv/VnQA/W6lj9ZfPsPrQMQHUpHaeyrcewmbfJ5PVQ +YGQea7ZjuCU1T0IcjrHvLYZIHqAGPrOxDzRiLYuPmKwkl9yokqs1LWYgt1nMd93z +mYwF3UkCgYBhXESqLT2ZoFlolQZJuHJcbS78AJ1ZhR2S2YP7ZVHVrXI3FoniJlYc +Oz5+pU8bemQ3NvArPrFd3X2M8qoW+Wjkz84XIgE4PcXHx4X7jJ8DUT08Fb8DzENX +77A9HBdAYV+6uGKegpeYJxy4bFKetZNjqJJiawLp30p87zvDasShWQKBgA7+5qxQ +4/UPwfBlUIZkJwxBd+2aUh3UH8wiBoAxVA8YgF0dAJRQ3/WmkOIrt5T4rHQ3qKV1 +8vdCl4ogI+wzTtwid871hFaILsrC4Q6kee6fNYouMvyKbG8p2N+d21srasTk4r9q +sqr4bvIOxdNVURJcrLOvxQScblzNXtuelprhAoGAf51AFgJR+K13Y329T3Lex5ee +qvjMMuJIKMTddj0In7TeL5MqUBtMNjvmXQ/mJ2kAyAl7yod6xjAqmTSNc3Nju6qB +/9n2u8NBH9CRdxq7m6mJIbfvAMlqPw32B5jG/dP65eFacsjamTNjWcDy0coZOcQ3 +OfeAwH0y5PwSCsVtmLs= -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID1DCCArygAwIBAgIUJMLeJCsPMuRPkCXuMs52RwfFbAAwDQYJKoZIhvcNAQEL +MIID1DCCArygAwIBAgIUAYDeF//Jvzjf1eM+TBMe+oo6hhswDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA1MDEwOTI2WhcN -NDYwNTMxMDEwOTI2WjBpMQ8wDQYDVQQDDAZjbGllbnQxEDAOBgNVBAsMB0RyaXZl +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA1MDE0MzE4WhcN +NDYwNTMxMDE0MzE4WjBpMQ8wDQYDVQQDDAZjbGllbnQxEDAOBgNVBAsMB0RyaXZl cnMxDDAKBgNVBAoMA01EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UE CAwITmV3IFlvcmsxCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEAwSLqHOwSV5I+NzoMOP5To+pe6idd8J0CjRy3Qrip7bmQ/JkNE+8T -iqokW7OMctnfc0vWxjXzK0+9KkUUXSK0jkwThjLVE1rcNlgRzpDxdTpRuGiJS5oj -N/1uYEHysXVLwPFGTowi7XTrny5XHZOrHHFobQOFuIJV4uOhAxk+Lae4bYE9O+kG -tpXynNQlYFdy2lCHFvCaRw9PslNoElq/P6BPdttn7tjFQ8kKkf+1hUQQR0eSiUr8 -eLSe+dz7tfaPk+1OYni3oEdT/qyN5tJLSaGraJnw3XO0dF3G4KiEv3E4yP+0Lkaw -+0bh5+SN/9DJfjsCsxJaU5VU+izlETdIgQIDAQABo2QwYjAdBgNVHQ4EFgQUcICQ -1PTXz/qx3lrQtE2Op0GknT0wHwYDVR0jBBgwFoAUFVSDsxwp17OgtAlN6IMLGhuZ -bkUwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB -CwUAA4IBAQAyFLdTJL3uJlIg4gsQLE7YOR8flyngDYneYhiqwM8VQzXFCGGi7VqC -o2H3SFMnZUm91qupDsa2qaQFULsRgCUm1ArvxVtedkQBlsPylRY5K2/UW/Flz/2C -0Ye8kQMTkCseNPKolwGf5TRSWg9fBNXEYHrtuEW83A0a2/cL3MjehGzblh9BF6Iz -HQvpxM1TcMCrrS96Me3UT6ENxCIzNprFjn58pDGGuOKJd+BXrqXSnXKSJULlEoWv -32/FDsUDe5uI27gu+GvSNZAOddhwXv5OwHNFBgtY/8X9jStUuzhrwLzv6U0V/6Y6 -qtrgSbev2AluiMko8NpevdP2NsOUMxyS +MIIBCgKCAQEAuACst8jdcpVIgqz/MKn2Mzu3PpfpS/VfCLc9Obsxwzp8RVVXlbNF +3782+0nP8XqZwZQiEQz+bnJsogkMNqWivkqnZOHbXgY+aQV6ceSgvKIuryK1NeoA +eOn9X6U1TKVOgMTGzDstIvJrSUgB/mIAXMho6YsdiNj0FDUqdrQLfQyZcc5kXHJS +ZJJMh2TzGT5Ah9EdxcOjCBsIJodeHkIasb1MXJ1wylbdMtHurlVOnRe26sgIr88S +FN6hZscVgrBUgDaaVND+kwZCMcrFIHVf62JAVcSBIvjWaJnho0d/4ilZKaOsnq0K +GkTliFpySy2OQcyXPaBucZ6AINaiTNRA0QIDAQABo2QwYjAdBgNVHQ4EFgQUPQii +N1XUM2emxoJgNj8ry0yxRh4wHwYDVR0jBBgwFoAUB50IIrPuRoi8r2aSkct2HJ8a +0XIwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB +CwUAA4IBAQBIcLppLz1x+xEqvIWuopnRNqejMOxBqoHgoJs4p8EAmgi0HYZZq3NA +EnIMWE6AUIDbeI1bM64oKY17dQrNKF0okoNUNXW66vfsHLiKhnXsAxanlCeHLYIZ +cKS0/npzpFhKPd2GZM2jPXDNM2u9RAyoi+da5/NcWEoH6QEeAoll5/7dGABS2EM/ +tnKf74sjVQuYwPcWP0S4d5PIkb1t9PwCaKQ0wwZ6WM8lmtiiWOVNpgAjszBrvR5F +52xHHyoTkoXJRd/xV+xD2QPxPX12haVSeQNwAeW6vg4U0oSAECC3WIS/TfnkP1zS +cbmduwH5VCdKRaJXcKXP+YuK8XQfV3IA -----END CERTIFICATE----- diff --git a/test/certificates/crl.pem b/test/certificates/crl.pem index b729c6473f..a258bcf23d 100644 --- a/test/certificates/crl.pem +++ b/test/certificates/crl.pem @@ -2,12 +2,12 @@ MIIB6DCB0QIBATANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzERMA8GA1UE CAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01v bmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMgVGVzdGlu -ZyBDQRcNMjYwNjA1MDEwOTI2WhcNNDYwNTMxMDEwOTI2WjAUMBICAQEXDTI2MDYw -NTAxMDkyNlqgDjAMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQCkIvPE -1NaTmcm9wzkeQNuOxcAvT9tHiblThgGiamzMpvncf4e1kCxU6sbqBFp/7E1CmCi2 -+YRLvMQvAnM6QWuslUjHqLDdaEtpUF/E0KKknF/cLLxLN3FeFe41erlgdJa5AjSP -MynUzW28Yc2us6qNYeOnJqL/oEp09upHTDw/V1OcLFxBngzx3KZAvjsUkUCSRa83 -T5R8wM2ALG+ZOkT40gWh/N222vSIYNzfq8hsumG2ZYYEXs268BjclLvQOe8MCMun -NmO1F++wVpbPbKUS89xkewYRLK7L+AjUhINKXJTTtaepSFSA2IVGOmtXD3Z8VeWC -yaGBDaTeyljKqfhl +ZyBDQRcNMjYwNjA1MDE0MzE4WhcNNDYwNTMxMDE0MzE4WjAUMBICAQEXDTI2MDYw +NTAxNDMxOFqgDjAMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQBh3+5E +QMyGj5BWnN7hC4/ZNj5Q0Rfm0qIZrKQJ2EsiRo/lT33/QGv1oHdd/i7QOWee3UaA +uow1hxHhhUw1gwL6RZz2HmxxxvsecoYIImNq4e+D3Na6B19earihYiZs6JXOi0n0 +2fMxvKd0GqhNyva5nZSNguoL2Bx6nMt2HH0jjKbJYLhfW21aazXjqLBbvXyJ6NMg +Mnoh7/23fqnjtow2lGcICq5N5lH0wvNb62xyqr4viaYy0Heox/yr0DxxAZ9ipXYp +3Ru/T2bnfu0gt+pcbdHq4u+FXtaila08P4pAMHKaXFGpxlv6S2lTuKKMgIV/yKtR +Em4RerccVwXzeI6T -----END X509 CRL----- diff --git a/test/certificates/expired.pem b/test/certificates/expired.pem index bdf17a738d..b0d50b5200 100644 --- a/test/certificates/expired.pem +++ b/test/certificates/expired.pem @@ -1,51 +1,51 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCshzk1c7wW26bs -o/GTWWN2nU+8w7lZClTibEY6/78DW0y0YU6+KPD41GxA4zIemxYY24JwqdnC9keH -JdWSL4YFgidVJUw12Tf+23oRN8+f//c9sb3Bmd6sZfbzYfrEiPdkHrGebcvdSK+O -wSOHZukiDwTz97w+98LD+Wd3p+Vde/jB/KNmcWlNl1Qkq7B3WaeoPNr078LNTuqO -MrGzqVo1bpodXkCvJruxdCNnhARbbHYLVwIaYuC6lqJvJL3u8xD2UebcvTbPos6I -Fjphgaf/FT7EWQflEkrqjvtViOqgfGPd6grrKFbTExOQPyonwe1iHA2rFr5IIicq -bdBpV1UtAgMBAAECggEADN8r1/6R/lyV6BrVJ6qoHo3fCJTLq8Z3DcuJM9an0B7M -KrsFzm8sh0wF5ZNtxlXIwMMDyNcLPZ31OTKL7BOqmpeayqH1PSE/Kb8DLOyui1/j -+NDdeOe7cr5Kvd7GAEq9tlUJ6GmFp7VID8z+ExiM9TMMqg0GGOaQO+HMI+O9W4uI -aDIQ1uaaqaZldHMut8m3hW7RDaqElV717RXHnZEpmZXdoRHPvtsYqPN3f5MKNDU1 -67AuVQCcdDys+8k9iUu3H4DCW4mrxP3PaXm6vuRxqgiNzmUva/pt12UuoDPqj729 -Gn1fRrXZQgbNpGK0WFengf01zFYt5SXVAZleg32rAQKBgQDSLkzT2QThzpbcu7fa -BsfFTDVBf63XycWh+C94g9hQ9OZjDL90X3pUjF/MuPTKcEuBZax4jws7GjOKPL95 -FwZG67TPmIunCUtvxuuj6rtvTjEz8ezYEsfOaU9prv7dPfxRcGOgSWkIXUX8z6H2 -Z2W3uVZSoSGPsH/n2oPX2MjlrQKBgQDSI54qIcfc50ST2RFpHqJpsdn4kMsouPOG -1g+LALTwFN46ABQdJE3K9g5fXvmF0sLPlWdqGCIxUrwXDAhEDmOrlZoJCS+Hn+7l -iG4XNCPVPWfixX2oUA99RfPiu0U9wSVsfwovdsghXG5QTyNa6XyZrhNBpYMIClYV -+tcXH1MdgQKBgQDJWT+SZ0GtDJsrxM1hGcPBN7uBDs68fXhOLRNU8YGGNMaMtwam -dl0bqAqSddFUKfW7dWqfZ/GLYhNj58RKPYtu35kskueeUmIpJ7hQJKwA+jhamfWa -HYu6Ktq/1LwluJ8CaZeXUxxCvhAxG7v98JnaQrv2lpQvMhemRoite+khVQKBgAcQ -UXHDHu/LCmAZ7N7mu7jn1JbpbxrYVL9UlMMsa+iiGvJCLGrqXH8VFFiaXbLk6c2G -jSpg001rJY10xxZakXkkF0B0gZeChcpLcr/u7cFuRf62esncnxir8E3P070GsBZc -kuATkxij/cVPU7XroVedJWKQiL4NcuVcQDyzvdyBAoGAUkPi724pAnlTST6mYMXb -Io82iSHeRwkuisSRDWfmrO3pGe6SkBwDwDyCxoS7fGj3JqsF5NtyRgmgZaLTu42H -oTXrhhMjOzXjBAoG7FtdEs3Wxwyjkf/q6850ZVhVYpdrSzYPaPN/52MoI71qIjHA -2GuEDub85LdRKAMc3fhmxXE= +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCUqmrhMtP8RnGs +9TcWYFHSdLjdjezTmCNCVNIPnTky9oX7O6MwCahwaXJRNmGSvED2DK1q44QbSNRX +WMBtTFhckmx2aRCGVfaRFHHaUx58+DWTDQyc3YHQgIw+wo8endBlcSaCiyF6A7Xd +oir8IGTL90703GwS8pqM+urY4QcgrRrVfoGWgEdzLUSlqk1hC+jFwh0++Ob7EzX3 +I4WfUtLhRRevhS/V08PT1Q4n3kxUt3phFPFD5sb4dIUAZLbNmQ1oO8nnIjpQwhMC +WlAwhWVNYf8H9zkwW7ZPLT3hSeqgrUN1/l0wT1w5AaVElnrDsai2j/3DQdfW18qK +59Y+/y+/AgMBAAECggEAHSCwtTPYvfZtYlZfNzajAWmWKO6cRq7pxZ7J035aDSap +BJrgM9LImlHGsKvHfVD+J1c/iRBPu2rPE9gTR7bsHyMfNioKr09bcnx/fCfJ8vFM +yeWGIZvyyc/N6qQDF5wTDzUWtwAcjIP6l5Sk+GY+aYoogahIUoQPDO1Co0CfvWJw +wpAlaAIvEO1RgaEQVEq3YgbCIpmDEjgwQllVqQ+QBkXUDsw+aYFaktcYkz+LPp6M +MtPhe4DLRABeqDsFtLbi8L07rDdByZNDCa3GFLZOy71YrHHzqENAzvy/6HN+SYn9 +elrWc+qvuSRP/z1JBa8P2Bf5TLCKgSm5amRMFm4brQKBgQDJJF1PA5jmPKiG0ftD +ASn5375OGnTw3SkDFEWJKbEVu2TUa6eZhqUQzRz0j9qNDnpaVVa+88c/tJl1lymV +RG+EsPsoKzHEQJ5FYg+SJz/IR5XMqO9D9Yd+vGRBY9nqO7Q5lbyQqdBiHrQIzKS8 +VRCobA8MZSyGUifnJPNS6JXfqwKBgQC9Ni46GNF8za664JTfyD3PGq92edzMAWZd +x5yLBUC+eh9WKawjr98FFS4UEH22Hrznjp4FqqQnQ04DaDNd6Peeb0G9co2LSguv +8PXiuG4QshmA/yHLTFXbAGCPDV/CF0XqPTyMpHVax8Du/ITpucykenm83s8lhf+T +FwzvqQasPQKBgAQmQ+aFZHobdj6RxmUzePI2s25ZDWCKr3XozSZvPb/9Ba98KRD5 +vh4CnT5OWWvfiJakfA2kac/eoevTGoCB0Osj24qQmY465wj3ZOrW9HHlSCnYslbs +kccDi+3taWlzodwuQp2ZYzsi9wPXdO6NsrJGyGixDaIXv8r88CgdtDnRAoGAVSG+ +lNc70kp89oo7kaB35uobzlOwO33ZwBIi5g37/nfWB5+CWyAzWQcZj1+IIFweJJVv +lh8b8qp+vFuy2OsMFpX6XzHea7BqJ8Rj7ZmLtCld/kNMwjrbWkkGKPccgaiVBXp9 +9s28G5dKwHyPlNXLNKoCgi9BxqFOx7CUWnSTkwUCgYB2a+06EPZi290XgnnN2akt +/GI2xdnY2GDF4AyZuslffdm2MV8Gl8d0xUi5zkps7oEoqJUFg88FUxnnVxTAycLP +gJBSquCgzYaTlg7UrrYEUu27w+VV84zUzf9qnAy+YcqQcyROoDugP5AEhGoXLqke +DwKg2EIYHmc/qhVQXCKvuA== -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID5zCCAs+gAwIBAgIUJMLeJCsPMuRPkCXuMs52RwfFbAIwDQYJKoZIhvcNAQEL +MIID5zCCAs+gAwIBAgIUAYDeF//Jvzjf1eM+TBMe+oo6hh0wDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMDAwMTAxMDAwMDAwWhcN MDEwMTAxMDAwMDAwWjBwMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV BAsMB0RyaXZlcnMxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBAKyHOTVzvBbbpuyj8ZNZY3adT7zDuVkKVOJsRjr/vwNb -TLRhTr4o8PjUbEDjMh6bFhjbgnCp2cL2R4cl1ZIvhgWCJ1UlTDXZN/7behE3z5// -9z2xvcGZ3qxl9vNh+sSI92QesZ5ty91Ir47BI4dm6SIPBPP3vD73wsP5Z3en5V17 -+MH8o2ZxaU2XVCSrsHdZp6g82vTvws1O6o4ysbOpWjVumh1eQK8mu7F0I2eEBFts -dgtXAhpi4LqWom8kve7zEPZR5ty9Ns+izogWOmGBp/8VPsRZB+USSuqO+1WI6qB8 -Y93qCusoVtMTE5A/KifB7WIcDasWvkgiJypt0GlXVS0CAwEAAaNwMG4wHQYDVR0O -BBYEFIQZ8b2OANToGnZdHc4Vq1arH/VKMB8GA1UdIwQYMBaAFBVUg7McKdezoLQJ -TeiDCxobmW5FMCwGA1UdEQQlMCOCCWxvY2FsaG9zdIcEfwAAAYcQAAAAAAAAAAAA -AAAAAAAAATANBgkqhkiG9w0BAQsFAAOCAQEAWNhUCwXlWImKzbQqEZNwhptUHcm7 -LK/jWbOyo2mFoQyGim6ofMSbb4AMvtVgn9OJYwOajfc5GjrYZ3g9UkCq7hOpOn2A -OmaOL4mLadD6pFpuHvgindAUHZuqh3UFMDP4ekoFS8DhlvZg+GJZkRiaJ1Xo5quM -6sYCoL8VoYT3/ExRQWPocwkQibIBu67N4oMiOZUZ+jDSsPo7XmfFPZeVhAJ0Uxbe -wfgqBnGSwi+87oLUOuUAVeNtF1R7NB2q0xPUbymIL8Pi5R56Yt/fYWe1QP7TuecN -ccfEIaSEUKPoqYiLOseuzASNlpIJV8s+IjNHH1EVTab3+UQDSRmQSr86yQ== +BQADggEPADCCAQoCggEBAJSqauEy0/xGcaz1NxZgUdJ0uN2N7NOYI0JU0g+dOTL2 +hfs7ozAJqHBpclE2YZK8QPYMrWrjhBtI1FdYwG1MWFySbHZpEIZV9pEUcdpTHnz4 +NZMNDJzdgdCAjD7Cjx6d0GVxJoKLIXoDtd2iKvwgZMv3TvTcbBLymoz66tjhByCt +GtV+gZaAR3MtRKWqTWEL6MXCHT745vsTNfcjhZ9S0uFFF6+FL9XTw9PVDifeTFS3 +emEU8UPmxvh0hQBkts2ZDWg7yeciOlDCEwJaUDCFZU1h/wf3OTBbtk8tPeFJ6qCt +Q3X+XTBPXDkBpUSWesOxqLaP/cNB19bXyorn1j7/L78CAwEAAaNwMG4wHQYDVR0O +BBYEFLwmWBzr5HQiC9AMIH8MaBKiVhPGMB8GA1UdIwQYMBaAFAedCCKz7kaIvK9m +kpHLdhyfGtFyMCwGA1UdEQQlMCOCCWxvY2FsaG9zdIcEfwAAAYcQAAAAAAAAAAAA +AAAAAAAAATANBgkqhkiG9w0BAQsFAAOCAQEAvAHnUpmT11dC3y6sEUyg5EqSQSD9 +dpOEIVnQ8kLyLAEhxu2LNyJFM0s+luhe4m/5OINlyOKizjGAA0MXjShNFfLioIlf +Gg1gPeTvGXJofIrHPF5EnVLcGGx3bjn3E5d5MEX2V6swA5jxcoiJpfIJACfZfY3M +n13NNIXKXtsoXE8G9HuW2TkINnyJCHJPT6aD7uuA+UElvGMQm1XEZiE69VZbWGgx +lCsR5Y8M9PaXJaO+WGubr4P08LAa+ZA/zFbJyY5ThXr15GkatW6kQvBo1g6zOdGp +inJ+VxAgjOMSlmES3IgypKvliTp1rSRU0j+xwGQNZ2j46ju+oqfV1bQ8wQ== -----END CERTIFICATE----- diff --git a/test/certificates/gen-certs.sh b/test/certificates/gen-certs.sh index 7898bacd93..118e866ebe 100755 --- a/test/certificates/gen-certs.sh +++ b/test/certificates/gen-certs.sh @@ -23,7 +23,7 @@ cat > "$TMPDIR/ext.cnf" << 'EOF' [ v3_ca ] subjectKeyIdentifier = hash basicConstraints = critical, CA:TRUE -keyUsage = critical, keyCertSign, cRLSign +keyUsage = critical, keyCertSign [ v3_server ] subjectKeyIdentifier = hash @@ -215,7 +215,7 @@ cat > "$TMPDIR/trusted_ext.cnf" << 'EOF' [ v3_trusted_ca ] subjectKeyIdentifier = hash basicConstraints = critical, CA:TRUE -keyUsage = critical, keyCertSign, cRLSign +keyUsage = critical, keyCertSign EOF openssl genrsa -out "$TMPDIR/trusted_ca.key" 2048 2>/dev/null diff --git a/test/certificates/password_protected.pem b/test/certificates/password_protected.pem index 409a5677d0..32163a114c 100644 --- a/test/certificates/password_protected.pem +++ b/test/certificates/password_protected.pem @@ -1,53 +1,53 @@ -----BEGIN ENCRYPTED PRIVATE KEY----- -MIIFNTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQEBYtboqnWdJ8eESa -YxMmKQICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEECFmeuF/j03+YvpX -H2iJoQ8EggTQP8xnokAYXmoie9Zq8ZfMm3Z8V2a2IIzANeC/FrR9yQ1L77EuQpzG -/ah5TLBn/SasWRNPMV6M0TI8Cvg3GDKuBdK+GqwQik5masD5UsCx3ihLLiWasF8I -R6w+CWrpZZDLTfQE9ZXEHcb6A8d/pAQig4wPHfBPopTxiCsfCwqkVMMH/KMTfBqO -VKAkRE9e33gmEygO4t1LMtnR34mwgWA5KJOmAlPT3QiEBy/ZpDD/2PFqmqigibdj -YMRy6irIBqlHoDqtWmYuFNBBpVPVBtmFw3DDbbAIwMQ0zq4Il0Pl75REvIebgXEW -tjsOLGomW/gcxf/QCu0zdsNCYVNarXzM2UyJR6AibotjeoUDFn7wR+NRsI7rTYUN -r3cDDdxPebaltVAtwpIY4XoQXZVpfcyz6kmGKlkl9VuzKdSPV3fi7om7aytjFKxf -L0nZ2lsDZ0bhwMv7PKDkNHIPdyUt/XPayFb6+BtF2fCj6FRy5xyhX3sRuVmPdWn9 -21YY+TaE38/kB7ItD07XyrX4YB4lgG0wX+qMUDPH7tX+f/Yor5XQ/it7186z/Yl8 -L7wW4td+mbWWfV8HXhmSeJlbkOzvtzCOmf0ypOCi/Ixw7VVRXITevrdpyb74trQz -HV24x2V+dDHkXxv+kS8tuZ5kRg5ZSqrUSaDoUNIrYhbmJ2QXoew08zvJ6GL5UY2M -a6pQz41GO9cuVLXJiO8nV3VbKoFP1aoxaAYotMKpv00Bf7W39oS9lDY9rA+oHj8J -fKjYjr/ojCHkG4EElkAzcRvKCZpdMFDCf7IaNlSxkHvf33abeHwf7zb0WVXCorbu -499jo2Oc5QVQFxKQIjAjPX3NyvZYqorXa/vxDo2KvofCe2o1NOJ+5zvb0Nk89PWk -vunNo9Oq8M9Dw3S1jh17RJPLmBNsxQ4rqExynVZUcVcdDABnVUR9UDBA0/Pd41Yy -6kIlS2BgkvcL+Y0BK4oZVjz0zuNSlXgeh1gcNfFR8phxRAuYTZ0H70ZPTEfgJ3vn -jNsiPu3C6TLH4k7xs8VtIob5Nm4PrUcV7VNQLA55qZNQeL/uDwwvipY7ypKe0+7Q -bvESiFh4s56OjvBAp1wVjrKDmuzoL3aNr1dHNKMh01ft8pU8U+rcNYkAQ0ZS/mX/ -OIXR1Y+0v4x8OPYK1QWsZxKy2PbfL6oGEmsMh4viv3ZbSElw/gmuTP0+8jpXK71O -MwYdaWq9pCS9RLrcjYHff18vS3zWA6MVkanLNqsiUY8QBW/vTFGRfpFSZWP2AQ4f -IayDtfrqDcwEuOCFiRSrcZCzyGEs4NLgjBDfAi9Fz1Ec/o5f8xdM1Tdb9BSI0dS5 -P4a318l0hbaY5tUPMsOsYQlizgksCdgvxms2k5u4kpJkSkRw+BXgOdxYbeHNWqwL -snYwWmRLOXymu8OeJ2zTQ9QH6ComE+C27KOhxUml5XjHqY2j69qbXkhQWmi0EXj8 -DHJb7VPQZ+7IEjMTXRFmTLSS0S1k0C5CCGC/eYtUFFdQzG/RYSLbic0yICrPCnTq -GX/PiC3E+MTaZrr5ehAHAl+LC0iw6qXMUgBO2rWOYnF2vP56SIvI1yvCgNWpKFN3 -CKyHUKWyislcHqw9lvyzuouoidtUHpWMAEo/hEVb8JF4Y/yNND/4nLU= +MIIFJTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQDGn7dYhmn0u7DQZS +e+Fb2QICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEEeI3oDkWtJo14w7 +STucnF0EggTAM9qVjNQSvjtiSXRVhq6Ab1JVRmsr4VyVPhRTeGoj4z59g4/uFNLp +i12hGtZEH5Ql6icHY+X4vWrwt4IUhkdwzgcSLrZwYTEl5RP4C7N+iZb1PErNoe82 +iEC/gw3XpQZNWKEi8tjd8Wz6EHVn1zKS/7X/IOTlboIMlhnJgLHCqVhPLyxA78OT +2yNNQysHD6Vk3h83jkQAYy5W/pZIl5TVDLyLADt46cq3hDTS99S6jl+kwn0dijjo +mZUilPBman6TQt2vI/kNP0+Qy6DxYkBMLdhnPu40JpvcLpWAxMioqx7by7007W8H +3Aja81hqx2SN1IYVUEs8LshvL7YojhvkbTxH2ma+lnmkyxEBiwbMOiBV3OPEkWYv +HbAg1slT2UTCrClZ6CRPMtD6+fvEn2GgXmblCQf2W/3inTeARJ5p/oNjnFjoU0Yo +BIdVeqdqU09OsjUd8W4B0wKSEaSCpl/oSM2gw4fzEbaU2xlVevVyhrdDr0NS/j6w +QaDiUw0th3NViXy/BLb2l699h6TRInk4njhNNbJX+sYEFuMgwNKdj4PkPkP1t3PR +m91mpnGAhq82dMQnTLm536YXVbeJGQyX3kEXGStZNdQRfz68fAYQ56teQoZfOwDq +zKf4MT8JJfhZWy/dgCOkv72GMJM2ahThWUztbBnHiB0ODf9LdrqnPaDfpPgt4i0N +Gj+L3nuK1LOhp1Ay7Oij66yxWm5bJJ0M7RGgGQsZipEf8+N9iSA9cw1ZKOnSqyMQ +gSAjlnRK0OHyTauyOl22FeEzF7gtWKyLTgnw1zn22oaxZZLOhdcRJJz49bdl3pUm +Lv8JxfN2dbcC/XgOMoC+wFS//WnHro3qvloUEVeYA6acxfvjJizYlGEmw5xG+ZCG +Ju+tKWgA9lUpQXR9peMa958cLSCqlaWSFTSBQ6AMUw0rVZGlMxb1tVmmhRKYOhUN +Eugp0wUKrYArHzfkzqWv0JO2MHi2kbAZCJpFBrrt8ijF8t0KmWsFRl9P4QtBJ2dI +QcMBtgvWC3tr3CFZQ5UpiaP1whLFTG7GhZc7OHG2QF+Ba5fn1HgUgH35W8TQ80XS +uAkkF6GuxGOSTtsvF0nEkNALGM8E1/I+VVZ88d7sA2ws7GHyxtNYUYAdf6hE5X2t +82oIMrN058IL/Bpi/s+xe5zU5NYFXZLUfvlQW//1hDrTF8Vs4UbF882Xae+HNmvF +D9/bafdrdvJSEJ91A4hRl3M+G+qnnJza3fEnY7UKg597X1tSntNc9Grn2M/uKeGp +2df7K8VrEV6GQafbHq7PAOn6vTlwZAgljEj0LUk7ts8I0KY0hpxCo+Y2WKcmiB3P +b8BY/3j0DuJXacv2tC4RrUIC6pHcdQLJTCeCHQMC2IjCwlmnFqtTZ7RUooYmAxJd +DYNRzVw9aYUq7oAhab2x2iWqgTReqlVnKuytNAFJVu+34S8AbCcSrsoa7Xmjqkwr +qxyGb5pW9ZmSM/k0N0hLI/6BbKb7lQYm2EYJiksOhL+EAjH3Qfq6D27zh5UM97dp +7a93RbxCFAFjT+OZQr5PJ7oxRXcCSnabTXA4J6f8JRgfQIhbOfsfovCpxrqa0MSX +tKYeRyZHLqLs9Cgfv9eQhOF9gGddfJ6QKw== -----END ENCRYPTED PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID1DCCArygAwIBAgIUJMLeJCsPMuRPkCXuMs52RwfFbAAwDQYJKoZIhvcNAQEL +MIID1DCCArygAwIBAgIUAYDeF//Jvzjf1eM+TBMe+oo6hhswDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA1MDEwOTI2WhcN -NDYwNTMxMDEwOTI2WjBpMQ8wDQYDVQQDDAZjbGllbnQxEDAOBgNVBAsMB0RyaXZl +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA1MDE0MzE4WhcN +NDYwNTMxMDE0MzE4WjBpMQ8wDQYDVQQDDAZjbGllbnQxEDAOBgNVBAsMB0RyaXZl cnMxDDAKBgNVBAoMA01EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UE CAwITmV3IFlvcmsxCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEAwSLqHOwSV5I+NzoMOP5To+pe6idd8J0CjRy3Qrip7bmQ/JkNE+8T -iqokW7OMctnfc0vWxjXzK0+9KkUUXSK0jkwThjLVE1rcNlgRzpDxdTpRuGiJS5oj -N/1uYEHysXVLwPFGTowi7XTrny5XHZOrHHFobQOFuIJV4uOhAxk+Lae4bYE9O+kG -tpXynNQlYFdy2lCHFvCaRw9PslNoElq/P6BPdttn7tjFQ8kKkf+1hUQQR0eSiUr8 -eLSe+dz7tfaPk+1OYni3oEdT/qyN5tJLSaGraJnw3XO0dF3G4KiEv3E4yP+0Lkaw -+0bh5+SN/9DJfjsCsxJaU5VU+izlETdIgQIDAQABo2QwYjAdBgNVHQ4EFgQUcICQ -1PTXz/qx3lrQtE2Op0GknT0wHwYDVR0jBBgwFoAUFVSDsxwp17OgtAlN6IMLGhuZ -bkUwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB -CwUAA4IBAQAyFLdTJL3uJlIg4gsQLE7YOR8flyngDYneYhiqwM8VQzXFCGGi7VqC -o2H3SFMnZUm91qupDsa2qaQFULsRgCUm1ArvxVtedkQBlsPylRY5K2/UW/Flz/2C -0Ye8kQMTkCseNPKolwGf5TRSWg9fBNXEYHrtuEW83A0a2/cL3MjehGzblh9BF6Iz -HQvpxM1TcMCrrS96Me3UT6ENxCIzNprFjn58pDGGuOKJd+BXrqXSnXKSJULlEoWv -32/FDsUDe5uI27gu+GvSNZAOddhwXv5OwHNFBgtY/8X9jStUuzhrwLzv6U0V/6Y6 -qtrgSbev2AluiMko8NpevdP2NsOUMxyS +MIIBCgKCAQEAuACst8jdcpVIgqz/MKn2Mzu3PpfpS/VfCLc9Obsxwzp8RVVXlbNF +3782+0nP8XqZwZQiEQz+bnJsogkMNqWivkqnZOHbXgY+aQV6ceSgvKIuryK1NeoA +eOn9X6U1TKVOgMTGzDstIvJrSUgB/mIAXMho6YsdiNj0FDUqdrQLfQyZcc5kXHJS +ZJJMh2TzGT5Ah9EdxcOjCBsIJodeHkIasb1MXJ1wylbdMtHurlVOnRe26sgIr88S +FN6hZscVgrBUgDaaVND+kwZCMcrFIHVf62JAVcSBIvjWaJnho0d/4ilZKaOsnq0K +GkTliFpySy2OQcyXPaBucZ6AINaiTNRA0QIDAQABo2QwYjAdBgNVHQ4EFgQUPQii +N1XUM2emxoJgNj8ry0yxRh4wHwYDVR0jBBgwFoAUB50IIrPuRoi8r2aSkct2HJ8a +0XIwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB +CwUAA4IBAQBIcLppLz1x+xEqvIWuopnRNqejMOxBqoHgoJs4p8EAmgi0HYZZq3NA +EnIMWE6AUIDbeI1bM64oKY17dQrNKF0okoNUNXW66vfsHLiKhnXsAxanlCeHLYIZ +cKS0/npzpFhKPd2GZM2jPXDNM2u9RAyoi+da5/NcWEoH6QEeAoll5/7dGABS2EM/ +tnKf74sjVQuYwPcWP0S4d5PIkb1t9PwCaKQ0wwZ6WM8lmtiiWOVNpgAjszBrvR5F +52xHHyoTkoXJRd/xV+xD2QPxPX12haVSeQNwAeW6vg4U0oSAECC3WIS/TfnkP1zS +cbmduwH5VCdKRaJXcKXP+YuK8XQfV3IA -----END CERTIFICATE----- diff --git a/test/certificates/server.pem b/test/certificates/server.pem index 08cd76dcfd..95fb7f32a8 100644 --- a/test/certificates/server.pem +++ b/test/certificates/server.pem @@ -1,30 +1,30 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCuozfwg4XDRJs5 -zPCIEAd3iiS2z+G68X0N444O1Yb/35UslCY2ZkKWs738I/A9AI1Tm74C4l1PMHNO -OlCMcYg2w/fu3VuAa6E7QwPwjRhnoRYl2lgDX+TVKcHXOmD8bKZB+S9V7Rl6CANs -pLqeSlGBQqXORJ2nu0teou6BZUJ9qcRbsC/aHlQleOr13jx1+sfPvwK8rrBeYqH/ -pA982scfE/PU6QnB2v+9Wd/hHt7073ssIE8lsKxoJtSsfebyV5kn48e5kPKWnbLk -ONbD5QRzCs7Z8GbIrzGkXV4mRwUVK5+fCmhVE93g+99paeJpcXOrBmkCTkL9WTyg -GW0vGhDLAgMBAAECggEABaKOnjF1kiTB6COMv1cvu9O2oOTO9nvu+mZqobU8yJTW -ThHvCbeoU7neWicZYV6F249y73TjveJlAL6GStcppgVnbUsHNiWYQOlF/0UOPInI -xSqTxx1uV30kHBBuK2GgxmWGpCclDfhO4/qMwFQgPSOBZh52AoDbSw/G0mC0vIk9 -ddiGMvQHRgh/JEk1vrIqE+lEdiccPNswC2G2FyXWHia6plpZ0VAZXfQH6R4ttykF -CfHUk1gNDuGrXtwHicF4d6XXZsnuPkBQZ/GWmu51gGu5Xhr0TmXY/NPRhamsqsjn -lkrNGV25VxZX1lGM//cqL77Om7m9k5Rx9gnp+8n1QQKBgQDj09FNvc6kB8QzZ3Dn -1YMnNKpSiu5d8qW8iUGUMLIF+d+KTkHa7nLBfjEOUyCVOJh80pUFhvXwL4RtZ72A -Ln2EWZWYxN7aNzuTXQIO6zit+BgosCf2Vqgu06yZtmZARFNxTRRImRwUsPGaqnBH -drxJpQfuomNJfCJ4MY8OmC/URQKBgQDEO5rsV8OioXI7+y0qWSJO113sofwT9VSt -JCy26oN59sbgrcFPohsWISEBrYnjuPEeRf0Z3Hl52Tt49btuIqPmga2II/1Zj6ip -V9cTzwVij3XSfdb/SwcV3GBCzhQjgl6C/1ocpayQHGLaS47+hHFu6sGp2JyxhDKL -owO/twsJzwKBgQCU5crVVEfJTIoeTmysGA8vgGwQplxDamKHZe1GPM0cusIuUhcY -Tt8RNrg49HtHC0YdzkM26Y2y/FtAZZykOb4u0Z3Dymcblx2IojDGL1VL3elsLjTv -+pLQh+c2Ts9lEUK3ufiXuflwTHSa8OmQyzkjqIgWnmrljAu7IiitESmxQQKBgDEH -C1/9VX2uhJID4XbxKic0m9zhY8/AvdU8coeI9Cxmwa2k++VfhRD0WgDHUOo6bNO5 -fNEXSqps4fUIwDl2IikXQToAc+4KfINC1RO354qGeVOL6UmDf1Ow6cQHJPTyP5bP -Ib6Cjii7Tt9nfWSNxqGFubkry4p2kwJcSjV+EB31AoGAMv52cz2i3FDSHYBv+QRF -VrTEfMlV63o/zPYKRx0ZF+9b6Br8z4emeNnb6Fu7nk5glliGMsPbGT/0P2OPYl8/ -Q2Tcp/QlvAtQbeCsOvUQgi0eThxgskcNOMefAr7BFcHSZVgrGixDGrIiIViJGQMF -IyTjmZ1yDgFmUwf8ULuxegw= +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC+qUpDlPLxEh16 +vAuN0M/t7i5cGBU3UQu+MfA9l59iPV6Yme9PQOMXiATEb7yp5G7AaqHqoofz7ntV +ZaPF82ZRGb2jOwplU2wsCIGKO+4ujUaZPThZgLXR7sVX6qSfRM4PYjSqm1Cv5AYC +GOHK1hesAMP5sGdf4LGIIWL9ngEAPrwARpgxVS7RtH1GX5yWUpYjhEyjpMWXkYUE +wFll00LGOqiK+U7V2yyCRU4BUSggFLhbL1n6z1eMFxHwAgJZo/boodPCPhxXFU+c +wFvQbiBlABujyY+iHkSpyytM13hUoWBfM3FLB2zSgmKMAbvaPs+CNjapW1kJGaBg +L1HfqcS3AgMBAAECggEAUTazV44+3cklnX40PbhQmbz3KmtnviRbqCyFdPb9AU+6 +163abhvpn8Bkp3ghGQ0gz/2b8uJAnvtatcmRtWQ0lR8t1DX1+6tJTIhjBYr5rgKn +q+aT9iwJRt86WHSuotkgHRVr8bAu8n1iwcnvhAMmGjJJSDaIEiMX/DCchgOj0YIq +VLJYQkrj6Dii33GeF5eQ4jr27I1RIQSvDEvSffuJpKNbWFap+/epja1MZIenioiu +Vrm6jLPtlqacpREPL8pCGTlAd0GM/nJ/8BrzrodL0P+h7FwnpfDENTWnE9oVSMdL +1t4c1psf3X+hYyMOs9/jtVzoXzeVraGHvwyopv5k4QKBgQD0Dl1PsISWg8mp6CVW +aeIG3cO8oUh5oxwmLQRS16//GMIJCo5o8+6W+3qI6ZGOwwo/THm/GKyuYUN8UKrx ++iNhDJbab3YM24lXDA5QFqO8Dv2JhyXfAb5DQk1ZsdIjbfA6G9T65Foa6dl0IXmi +ByfGXa+tRPNThUvV6XRUEelA5QKBgQDH/fkoU+NIRgaaEiVQneFZz6OlnnmEM+/+ +/Ctm09nCFJLZt8nFisD+F9dVKSv0m1xWgkrG4Pm9bbHq1iBn/09qNp2Jn6W5bYoB +RYI3EdXjb0B/vAm8295afEXXGA6szOZLlcY8sc0QPkdxMmeoV4XkFTlFBE0gNTPm +Q1YCk1PBawKBgDHsVk4cz6JyZugooqqgkinRZ17IpyiqovF0N/QyRsAp8lcjH6p8 +a4va+V/UV4AaiZgVLrpWc8xf/QwK/EzvXBlYF+uq7T0IE3oI70yWtPudHWPqj2ak +1qSvhV8ZruCsdn2Mf+6qk3v55g+JYXYxfINpWqxY9GVbWP3y+WbRGyO5AoGAO7nJ +UxXaZpcjGZgZtL2xsxSjlq6BM84e+lNs0sSp36AtSv/sLiaGBFwyXqhxDBfpt5wp +oMNHUh8UZ0GTY/uHR/0Phy46W+ousLqFbNTSv51V8c/CSLiQ6wz5/oacu1Zl4GTW +UwH2b8dpppCbDFc3ESqVc9sY/WlmGno5kYNWHAkCgYEAhd7xgqJUpM7Klbsl3BR/ +6iEZ30Exf1wlC+nWJSK4iHFH9l9BGHjImENxpKa62Akm0VvE9n1KgKxK1IESziiE +9kAXspYyBT/clOo4v0w5rPIiQ3itm5+ew9gaFiJ+Yfi8MYTIwznsqXvyekqLSrFo +w9efOvZV+XaA79X+bEEd2BA= -----END PRIVATE KEY----- Certificate: Data: @@ -33,75 +33,75 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=New York, L=New York City, O=MongoDB, OU=Drivers, CN=Drivers Testing CA Validity - Not Before: Jun 5 01:09:26 2026 GMT - Not After : May 31 01:09:26 2046 GMT + Not Before: Jun 5 01:43:18 2026 GMT + Not After : May 31 01:43:18 2046 GMT Subject: C=US, ST=New York, O=MongoDB, OU=Drivers, CN=localhost Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:ae:a3:37:f0:83:85:c3:44:9b:39:cc:f0:88:10: - 07:77:8a:24:b6:cf:e1:ba:f1:7d:0d:e3:8e:0e:d5: - 86:ff:df:95:2c:94:26:36:66:42:96:b3:bd:fc:23: - f0:3d:00:8d:53:9b:be:02:e2:5d:4f:30:73:4e:3a: - 50:8c:71:88:36:c3:f7:ee:dd:5b:80:6b:a1:3b:43: - 03:f0:8d:18:67:a1:16:25:da:58:03:5f:e4:d5:29: - c1:d7:3a:60:fc:6c:a6:41:f9:2f:55:ed:19:7a:08: - 03:6c:a4:ba:9e:4a:51:81:42:a5:ce:44:9d:a7:bb: - 4b:5e:a2:ee:81:65:42:7d:a9:c4:5b:b0:2f:da:1e: - 54:25:78:ea:f5:de:3c:75:fa:c7:cf:bf:02:bc:ae: - b0:5e:62:a1:ff:a4:0f:7c:da:c7:1f:13:f3:d4:e9: - 09:c1:da:ff:bd:59:df:e1:1e:de:f4:ef:7b:2c:20: - 4f:25:b0:ac:68:26:d4:ac:7d:e6:f2:57:99:27:e3: - c7:b9:90:f2:96:9d:b2:e4:38:d6:c3:e5:04:73:0a: - ce:d9:f0:66:c8:af:31:a4:5d:5e:26:47:05:15:2b: - 9f:9f:0a:68:55:13:dd:e0:fb:df:69:69:e2:69:71: - 73:ab:06:69:02:4e:42:fd:59:3c:a0:19:6d:2f:1a: - 10:cb + 00:be:a9:4a:43:94:f2:f1:12:1d:7a:bc:0b:8d:d0: + cf:ed:ee:2e:5c:18:15:37:51:0b:be:31:f0:3d:97: + 9f:62:3d:5e:98:99:ef:4f:40:e3:17:88:04:c4:6f: + bc:a9:e4:6e:c0:6a:a1:ea:a2:87:f3:ee:7b:55:65: + a3:c5:f3:66:51:19:bd:a3:3b:0a:65:53:6c:2c:08: + 81:8a:3b:ee:2e:8d:46:99:3d:38:59:80:b5:d1:ee: + c5:57:ea:a4:9f:44:ce:0f:62:34:aa:9b:50:af:e4: + 06:02:18:e1:ca:d6:17:ac:00:c3:f9:b0:67:5f:e0: + b1:88:21:62:fd:9e:01:00:3e:bc:00:46:98:31:55: + 2e:d1:b4:7d:46:5f:9c:96:52:96:23:84:4c:a3:a4: + c5:97:91:85:04:c0:59:65:d3:42:c6:3a:a8:8a:f9: + 4e:d5:db:2c:82:45:4e:01:51:28:20:14:b8:5b:2f: + 59:fa:cf:57:8c:17:11:f0:02:02:59:a3:f6:e8:a1: + d3:c2:3e:1c:57:15:4f:9c:c0:5b:d0:6e:20:65:00: + 1b:a3:c9:8f:a2:1e:44:a9:cb:2b:4c:d7:78:54:a1: + 60:5f:33:71:4b:07:6c:d2:82:62:8c:01:bb:da:3e: + cf:82:36:36:a9:5b:59:09:19:a0:60:2f:51:df:a9: + c4:b7 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - CC:CC:54:7B:F2:87:66:CD:2A:F4:75:39:36:9B:60:45:1D:3A:FE:44 + 90:97:88:F8:24:23:75:CF:5A:A6:3A:DF:44:A3:5A:DD:84:57:B2:F9 X509v3 Authority Key Identifier: - 15:54:83:B3:1C:29:D7:B3:A0:B4:09:4D:E8:83:0B:1A:1B:99:6E:45 + 07:9D:08:22:B3:EE:46:88:BC:AF:66:92:91:CB:76:1C:9F:1A:D1:72 X509v3 Subject Alternative Name: DNS:localhost, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1 Signature Algorithm: sha256WithRSAEncryption Signature Value: - 3a:72:ef:6a:0c:6a:f1:a6:e2:bc:11:e8:ab:71:01:3c:6f:20: - 35:fc:22:a3:6e:d2:91:6c:08:93:d2:ae:61:37:72:88:8a:73: - 80:87:ec:61:c8:25:e9:e9:df:0f:6b:fb:50:27:36:0f:a5:b0: - 71:1c:9f:c3:fe:94:5f:b2:f4:30:56:81:7a:4e:51:f9:30:cd: - de:0d:90:39:86:3f:c2:f0:cb:8d:c5:29:4a:7d:27:1d:78:5d: - e5:3e:a7:90:08:06:5a:0a:1d:50:d7:39:8d:ee:a4:58:3f:30: - 44:d4:89:dc:94:8f:66:4e:0b:7b:94:e1:06:67:ed:23:ab:22: - e8:77:18:fa:d1:6e:46:df:bd:75:de:c5:d2:b1:ac:ef:df:07: - da:b0:85:2d:47:18:fc:fb:d3:de:10:fb:e0:35:ef:d4:ef:0c: - f5:d4:d6:84:3d:22:fe:44:c9:d2:48:44:ec:24:69:52:15:9d: - 99:52:bc:e7:04:9b:15:85:7e:e0:06:12:bb:ba:96:58:78:a6: - 61:fa:33:01:7c:76:43:6c:c5:3d:11:c5:e1:9b:e8:59:d1:96: - 8c:30:21:e4:73:82:7f:44:76:fb:d2:f1:54:a7:b2:1a:28:ad: - 28:bd:f7:9a:47:ef:dc:b2:1b:26:d7:fe:0a:0d:ae:bd:38:13: - 61:43:f3:e3 + 0e:70:c7:0a:1a:ff:56:d8:e4:07:d0:e1:89:e8:0e:54:75:e5: + 66:73:28:88:5f:18:26:4f:32:af:8a:a4:74:2d:b1:70:38:68: + 0d:53:42:b9:82:be:77:f7:2c:31:c6:9b:42:68:f9:c8:d0:dc: + 3f:0e:48:89:b1:87:1d:14:f9:f8:ef:8f:63:3c:75:f3:79:dc: + a3:7c:de:8e:4f:29:2b:4c:17:99:da:69:43:9e:c0:03:28:f5: + d1:97:0f:14:58:de:80:15:58:7b:97:53:74:78:91:07:80:28: + 76:88:f6:f3:2a:49:23:95:2e:7e:bd:32:e3:1e:c0:a2:62:7f: + 3a:a7:f5:96:a8:91:90:c4:ed:31:66:80:01:0e:32:95:20:5b: + 6f:de:69:86:ea:48:ba:1b:bb:21:e9:49:07:31:8e:ba:2a:b7: + 3f:61:d1:a2:2b:fb:0c:16:17:9c:b3:c1:d6:ca:b4:af:74:3e: + 48:ca:c0:81:94:4e:ab:b9:65:b6:71:24:66:8b:ff:02:28:7b: + f7:d7:c9:63:3d:22:8c:54:dc:79:ce:e5:82:b0:64:68:3e:8a: + 84:96:80:73:2c:e8:e3:2c:19:34:3a:dc:cf:1f:ff:e1:b6:4c: + f9:b3:d2:2a:cb:ae:8d:76:aa:b9:cd:b5:80:75:6a:d2:b8:74: + ba:96:ad:e3 -----BEGIN CERTIFICATE----- MIIDvDCCAqSgAwIBAgIBATANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER MA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNV BAoMB01vbmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMg -VGVzdGluZyBDQTAeFw0yNjA2MDUwMTA5MjZaFw00NjA1MzEwMTA5MjZaMFgxCzAJ +VGVzdGluZyBDQTAeFw0yNjA2MDUwMTQzMThaFw00NjA1MzEwMTQzMThaMFgxCzAJ BgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazEQMA4GA1UECgwHTW9uZ29EQjEQ MA4GA1UECwwHRHJpdmVyczESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG -9w0BAQEFAAOCAQ8AMIIBCgKCAQEArqM38IOFw0SbOczwiBAHd4okts/huvF9DeOO -DtWG/9+VLJQmNmZClrO9/CPwPQCNU5u+AuJdTzBzTjpQjHGINsP37t1bgGuhO0MD -8I0YZ6EWJdpYA1/k1SnB1zpg/GymQfkvVe0ZeggDbKS6nkpRgUKlzkSdp7tLXqLu -gWVCfanEW7Av2h5UJXjq9d48dfrHz78CvK6wXmKh/6QPfNrHHxPz1OkJwdr/vVnf -4R7e9O97LCBPJbCsaCbUrH3m8leZJ+PHuZDylp2y5DjWw+UEcwrO2fBmyK8xpF1e -JkcFFSufnwpoVRPd4PvfaWniaXFzqwZpAk5C/Vk8oBltLxoQywIDAQABo3AwbjAd -BgNVHQ4EFgQUzMxUe/KHZs0q9HU5NptgRR06/kQwHwYDVR0jBBgwFoAUFVSDsxwp -17OgtAlN6IMLGhuZbkUwLAYDVR0RBCUwI4IJbG9jYWxob3N0hwR/AAABhxAAAAAA -AAAAAAAAAAAAAAABMA0GCSqGSIb3DQEBCwUAA4IBAQA6cu9qDGrxpuK8EeircQE8 -byA1/CKjbtKRbAiT0q5hN3KIinOAh+xhyCXp6d8Pa/tQJzYPpbBxHJ/D/pRfsvQw -VoF6TlH5MM3eDZA5hj/C8MuNxSlKfScdeF3lPqeQCAZaCh1Q1zmN7qRYPzBE1Inc -lI9mTgt7lOEGZ+0jqyLodxj60W5G37113sXSsazv3wfasIUtRxj8+9PeEPvgNe/U -7wz11NaEPSL+RMnSSETsJGlSFZ2ZUrznBJsVhX7gBhK7upZYeKZh+jMBfHZDbMU9 -EcXhm+hZ0ZaMMCHkc4J/RHb70vFUp7IaKK0ovfeaR+/cshsm1/4KDa69OBNhQ/Pj +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvqlKQ5Ty8RIderwLjdDP7e4uXBgVN1ELvjHw +PZefYj1emJnvT0DjF4gExG+8qeRuwGqh6qKH8+57VWWjxfNmURm9ozsKZVNsLAiB +ijvuLo1GmT04WYC10e7FV+qkn0TOD2I0qptQr+QGAhjhytYXrADD+bBnX+CxiCFi +/Z4BAD68AEaYMVUu0bR9Rl+cllKWI4RMo6TFl5GFBMBZZdNCxjqoivlO1dssgkVO +AVEoIBS4Wy9Z+s9XjBcR8AICWaP26KHTwj4cVxVPnMBb0G4gZQAbo8mPoh5Eqcsr +TNd4VKFgXzNxSwds0oJijAG72j7PgjY2qVtZCRmgYC9R36nEtwIDAQABo3AwbjAd +BgNVHQ4EFgQUkJeI+CQjdc9apjrfRKNa3YRXsvkwHwYDVR0jBBgwFoAUB50IIrPu +Roi8r2aSkct2HJ8a0XIwLAYDVR0RBCUwI4IJbG9jYWxob3N0hwR/AAABhxAAAAAA +AAAAAAAAAAAAAAABMA0GCSqGSIb3DQEBCwUAA4IBAQAOcMcKGv9W2OQH0OGJ6A5U +deVmcyiIXxgmTzKviqR0LbFwOGgNU0K5gr539ywxxptCaPnI0Nw/DkiJsYcdFPn4 +749jPHXzedyjfN6OTykrTBeZ2mlDnsADKPXRlw8UWN6AFVh7l1N0eJEHgCh2iPbz +KkkjlS5+vTLjHsCiYn86p/WWqJGQxO0xZoABDjKVIFtv3mmG6ki6G7sh6UkHMY66 +Krc/YdGiK/sMFhecs8HWyrSvdD5IysCBlE6ruWW2cSRmi/8CKHv318ljPSKMVNx5 +zuWCsGRoPoqEloBzLOjjLBk0OtzPH//htkz5s9Iqy66Ndqq5zbWAdWrSuHS6lq3j -----END CERTIFICATE----- diff --git a/test/certificates/trusted-ca.pem b/test/certificates/trusted-ca.pem index a7506ba3c7..39165b7152 100644 --- a/test/certificates/trusted-ca.pem +++ b/test/certificates/trusted-ca.pem @@ -1,23 +1,23 @@ -----BEGIN CERTIFICATE----- -MIIDyDCCArCgAwIBAgIUUcgTcnV0MsAUzdlCtBW/GPxim3IwDQYJKoZIhvcNAQEL +MIIDyDCCArCgAwIBAgIUXOZb4M9mVy82gQz6t1aJHVdG+/owDQYJKoZIhvcNAQEL BQAwfDELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMQ8wDQYDVQQLDAZLZXJuZWwx -HzAdBgNVBAMMFlRydXN0ZWQgS2VybmVsIFRlc3QgQ0EwHhcNMjYwNjA1MDEwOTI2 -WhcNNDYwNTMxMDEwOTI2WjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlv +HzAdBgNVBAMMFlRydXN0ZWQgS2VybmVsIFRlc3QgQ0EwHhcNMjYwNjA1MDE0MzE4 +WhcNNDYwNTMxMDE0MzE4WjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlv cmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxDzAN BgNVBAsMBktlcm5lbDEfMB0GA1UEAwwWVHJ1c3RlZCBLZXJuZWwgVGVzdCBDQTCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJX2Nj0SfMSPuUiViJP0dcw7 -egMyp6VYyY2TCE8HHNqIem163Hy3i49MHKEqr9b5OVIz0RWaU8SdkJ2WwfaOb4G/ -Xu2o7AsDRZVHJwh8BhWu5dco5Fd8DZiUnbiWwdnlmbF/vFB//zGMWGYpGkUOIKuD -dbVdhXTvBrGXY3fDOYa8kjxqhUTJFqhLVESTzfxaiBww0ZMlDpMwgjU9CZJ5C9Sw -wGeRavjIJdiz6ABG1vdSpZ/8E5bL/WYgImonq1vfT3fWjnq8GlaSAW7YrkJ2ANn4 -/BIgkEZbjv+UiadLzUKUT+QT2Uff7bDD+Eh3Bh/j17p5ey8e3M+hkjFbwpoGA4MC -AwEAAaNCMEAwHQYDVR0OBBYEFMnVB5JRAbHlPRh7a6CguKrHtr8kMA8GA1UdEwEB -/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQCAcHZ0 -bfasq8TuSakrHbXd6VN2orX2BUodlAM2Hs/hUtCim8M8dK5iSr/tfW80mfq+bssw -ay+yKJzFlB3PzzLo5b6XBapbjPWiD2lWT5WoIlS/9CAO4BN3edhLAgRRMFgPXyZN -JKkNqg5H0yoLy0z+f0vxx7IIe0GytiwT7T0JLoVGQpjCIkjjm0XSCBPdjTQOow1L -NSE0dfQ9LbsuiAA6t83cl6PUMJHrBpKmzdLYoN6nM/VxAhQSVqy5MfnXgA3BWzra -vXoHA5p2rL1QZ3wQRB3B7kAFxqnrwJJdUTwRjm5RmGMUNjj2hFwAJlfwBQlYoxt1 -6rE4DkIhabfv7Zu1 +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANkffnDicTbF3B8yzIxz7DP8 +rvy9yVOOGoLyiXITiHmTMNIhfYUdxGqO4RRReztQvW7s6yOQdvqNE8LD7WrzsXOz +JOovPuQZMr6mnSu0bU98Eyar9SfRTbGVmkZiCJTT8jV9wP9nxgFag+1Y6DPUwbOp +zyt9/961woScVbJJwVAdJUv/cp7l7dT16rCS4yuDf+m6xI9Svev7iPcqcyIRDLD5 +EXS1RI8ZLmA3ueIqPQbnRiPzjVRgq56czkZ/g2USJlFlgYoeLAV7JnjYi6Rs/umw +0YqfNl6rD4BznrF4CGuvliWaZu/3pAv/ejmGJNMUbgi3gVAG9nZKzIdiFTtR3xEC +AwEAAaNCMEAwHQYDVR0OBBYEFH69MHf4jQo9TLkJRhgOFoQpFblIMA8GA1UdEwEB +/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4IBAQDFN3c7 +24yHj5lEvZX0H2IH25+5KhFouhkEgQk8OjcB8lpyJEB1scWX0v6RNNr4pmHNs/SF +FOqnVl+JMbcF+HuDM8pVVYeaDe/ZS/pAp6U9HwSNSYltEPThnVfQWKKPeI+8W0YY +WANQPhA8TAYft7lWxaUNlpI1RPEy/YTuMzxZC2H5CPnnIll+zTgt78Bi5halR0YO +EovTitdUom2y0UNPPczCRWoFjHE8MM+xeNhV2ybd8qT5L0sO9FDdh7UoYS1LmL0k ++naes5qWFXhvYXelWwr60H/MI53p+UMGfW95e4IyU4WPXh5Z2jG3hc6tg5kt1ThS +tLX9wRS/xICXNu2l -----END CERTIFICATE----- diff --git a/test/certificates/wrong-host.pem b/test/certificates/wrong-host.pem index 8f6ed82d07..c67bc1bfc3 100644 --- a/test/certificates/wrong-host.pem +++ b/test/certificates/wrong-host.pem @@ -1,51 +1,51 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCqOy2pgCy55SlP -jOefFgo814NQiTZUzjslthOd7uobrQYCoLC5N2QwB1I6JlsJuDigo2vWnTB8nTwj -taf1hnAumv1oBvYV25s6nmP6OoOz3rqK0ZqTmXMd7ZlCWi0KmwglfJCsLsFFpGgN -gi1W9eUzVIaJ3BabG02nxRTcsV5oxAIzYdayxqZ/czzAvhfD0bKlfnDkfysWFEP+ -bgHSqNbZtYD4/acHKj5zy5Dyvkf+4rEWJrasqjJW69Q/fRj4eaYpXIz2Jh8Btd6H -8sLsucM5qIKcEwLw7nASLJsKAV+TO0jUbPDEGR2rUxKHoagT6c1pOexa+MsFaAWm -UrHOIFgtAgMBAAECggEABU5WaEXfPwUaUkkzUAVdGNPj2y8Hs0GBXPXNqzrO78Fn -Ik5Va9SC6i9UPA1FgapNE468dgJMyFmTTg6jt1azKPS6SNOMuJYxgrR8q8hGoiTj -Xh/V6FtcV/a3s/aBGGdIK/jzvnYvnobXGnKwDJmaBQ1RqzrhtoB1nXDaa12Y8n16 -dIgqgFK7wIu2c4FRDd0xr3Kq7+Gs3U6z65xyEtRW3ITghaaWsBDXDvHxBOcRm7SM -d8hXPto5sk0V94yJqxY0Xq7rXkDiqeVg+q/5lq/aSdWCNU8mz/+Xmrvvc7uUaHGF -xtTNM5cpVQiyhU3PYAoNa6U1NxHlhNW2yKN8hOTPGQKBgQDqxu23FcX3U9mISWZb -HlG9bzXOxexJAPWuDcIJdA/fI290kFQW2rE/b1jFoUsZL6esFJprinihjE9rdhd8 -vIgiPb2T5eg2h4J/KtXqtySLM00ySu1l6JvSWpZ7hxBDkMon+P160815H0Mko5+V -v9Ndfs2eo0n2LsPMFgv0pRkiyQKBgQC5npEhlqUAmBoIx7PnO6qPlwzWj2lW8l2g -BT3CIjQfbN4++PS2qMmv/3eHkfq3aBpSAXpeeLNEV5flPsJ6OaQSfMT4Wj5bbKEb -Xl8i4WfbC10YIhs6Ur6BOnK6Uyi8ArOFYhVRu/2z3937XM7C7Mz4/g0TsLavJoEu -xelKyc44RQKBgGYOzb1d6K3INHLrPWR0vKG1m1Vkcn+VvDbKYkQLwO6GD+hC6Vr5 -/D0QIS3gHK45KhFC75G6IxBO1yNmtXUS27bO0f9d3OD/bTnsnAspS+h7B57KNYKs -aDg8Ctht8SL96PMRaNchBVwWu/BMdI37Ul19RtMkNn2e/JxWJSJXNqMJAoGAdOfF -iF4UtfcWDomYaP5PQfhkgY35TmV/ShWC/A4GvfQXVZn+pjxQKqS/Z4ctXO4YBaYg -p/dlEJoKdLu+SLSc/XfPpotP0szr+wzI5nMIshDKJTT16RnMGh/xuiA9+4vH/S31 -N3ErLGrGqFWfc20o+3kmS0x1AoNBwW+sqwnG8/ECgYEAzq4Qrm69OmU9zbC0phon -LF03QSPkTInuLvcKAgKeD+kZQ6ZpZCwRnYgRe2XTFcLEwrrZAaem+eNR4tBeE2b9 -duL76gyoukctgb6bZM8TNDJlHg6MoT0RXUjEezMLhYNumrXDO6TCA7ak6gV5AHHw -zs/hznKbNvFW7xLQDPW/1f0= +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCHx0jJhZSsT6J7 +qZZ3+15MvBddhi9Dn+U5koIMPE7tLOLlydbHhKQULtu2FUG4NaL9wrmfhIDmSySc +Tpc/1SScVmoDzrASj7Yw/fivj0ApfBvQUIzttW+C9zd1nLFyuuYZtNCdcE/MQu/f +Ls16ry/vBs5XgHyICxeShFy/eThVx8xczrSw93NHzdLh3g5G38soJl0kO4z6GLIj +hmEgenn54GWOakzKrSM2pIuw3gFM7d3skr+NiBw4UZpB2sUfJFuwMUaEc7bgG8t7 +dRT3aMoWkTraTr38IU0g0B/kCcjoAvV/lbXqpW0JrzWN+ZPkULQoUZGfj23cemu8 +ia0EBJLBAgMBAAECggEAECJOlF+ypG0MDiy/K/+rG2woTJ0yxZLc7qPpnyGVcVpp +lcuPoYKx6pIM2oyZFBYPiZ7XZsyccoEQVyCBmXyuzoL4Mv6e7n20NQsgv1/CzIsq +VO0VafOqzgGpTejyLwNlbz2MooCjgs6baUZK9V6W0AzbfQtQAOxsfyUKTlhNqOea +IZsNgjXPChrIsjhwcwF+nlHuDiuFa1nGNJNCGJN+mAaANDnmNb7/d62B4PEon6sj +oL8InNKdoBdwIqbPsQY6QWpqz7lGcH1On4M3JRQrprjWeWy6A3zu1kFFcJ2TrHb0 +TWwKW4ot9R25QSws+lwCysKEPD31hkkfA1gzukH9zwKBgQC9DZvhG/QgGmYkG4OD +lFTCZ6tY7xSZO5rnJiw/l+4dn/h9WtmjCu9TXtNifivt0bjQsHbWL25ifjvQf0i3 +XisMi0I2mILNUA5tDxIb2jgmh9JjXEQ9yBbsNVflcFMCwAhdMkp9IjdgGBsg3BV3 +Wt7FsiXPpJQgKsqn/aWhHtCgtwKBgQC33B6wGm9SU1R9xvUW63s31Rcm2knDC/Ng +5XiMrC4KviqAJnpo97OD+3w7Lmu94pnp0VTirr9Tb2UnKpEOZnXOo2Qukj5jnLd7 +4jnTvnSc9CBzx4GJYmCHTzx5kn/IvD/M+AajnkCafGVfTdPNKdVvBQ+A3dVLFsy7 +h0uP0RgARwKBgEdIhVkY2DDuo0rEEQ+g82CmBEaxRxwMDHlRvGdyGveSpPhnNB60 +9c6Ct8OwfVHbvQr7LqPOGJoMrPMNu1ZgrGy7aYj6cn+Fyxq2DwbvfjKRDfQnCxgc +hQAlkPHTK4mi7MRvPQT3zNdv33LBaVqqqcrzRCyKCswiNm2nRzd8Tf/7AoGAXj41 +eL1EHKXcJFCsZqAz282dfWvc7V6d1Sgqn6jOPPF3JZMToeR+HwP0jP1hesbBcCm9 +4igCqEjsR6Q5EHGSp2X3Pyv1UOgO4TB3xcLVUXKNg+taycokgpcp/4MJfyKHbZAh +DxNaOBXVfIGPNJXh8nNcnAiZgVDhhqp2H/Tk4ZcCgYEAn2yQ4lOLKEpxiTLhGmDl +IuowW57i0r3QlkwfhvzhEjN3u51RUIDL2+OypMZng7FkGJEnmsjrrTemswgMnca1 +cPBhdofRIZkKcsAvTzntkwWOpqIiwFJLUS2cpS2MrkACDGuB7OzAPPRn2ybQZ5XO +GCRE+vraCgRvuakD01NnIgs= -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID5zCCAs+gAwIBAgIUJMLeJCsPMuRPkCXuMs52RwfFbAEwDQYJKoZIhvcNAQEL +MIID5zCCAs+gAwIBAgIUAYDeF//Jvzjf1eM+TBMe+oo6hhwwDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA1MDEwOTI2WhcN -NDYwNTMxMDEwOTI2WjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA1MDE0MzE4WhcN +NDYwNTMxMDE0MzE4WjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV BAsMB0RyaXZlcnMxHjAcBgNVBAMMFXdyb25naG9zdC5leGFtcGxlLmNvbTCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKo7LamALLnlKU+M558WCjzXg1CJ -NlTOOyW2E53u6hutBgKgsLk3ZDAHUjomWwm4OKCja9adMHydPCO1p/WGcC6a/WgG -9hXbmzqeY/o6g7PeuorRmpOZcx3tmUJaLQqbCCV8kKwuwUWkaA2CLVb15TNUhonc -FpsbTafFFNyxXmjEAjNh1rLGpn9zPMC+F8PRsqV+cOR/KxYUQ/5uAdKo1tm1gPj9 -pwcqPnPLkPK+R/7isRYmtqyqMlbr1D99GPh5pilcjPYmHwG13ofywuy5wzmogpwT -AvDucBIsmwoBX5M7SNRs8MQZHatTEoehqBPpzWk57Fr4ywVoBaZSsc4gWC0CAwEA -AaNkMGIwHQYDVR0OBBYEFH3RUzpBaqpydyCy2TtnS7kTvBT+MB8GA1UdIwQYMBaA -FBVUg7McKdezoLQJTeiDCxobmW5FMCAGA1UdEQQZMBeCFXdyb25naG9zdC5leGFt -cGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEADEIdgN8segXnSrWnZiWS0dd8qKUx -k8+LQjjhjds9CPh1sq20BPqSmiL2kG+fpzyKqgpcv9BbZB3fpBCfdjfcT+Fd3ceA -HNOvkGdm87mxhvCQrmqkKEPjCDBFgTE8o1UxNTCHEBZ5z496NQ+GrbNzvZRC+QWd -CEI3VtRY0k7tDOmZWZLaPU+E6IPAvMbP2Uaca0Oo1lqPFab5hQkvwjZQa316WcE6 -ZA3PU612Z1xTX2H+mR/uCmUJTJNttTZcLFGjc3XM8aZSuOvBVdwoy1YYeB7pUBL6 -NmYtemygaPiBrIfSC8CrWFL7mtyaZJ7UukniGG5PH9WWm5YRM1lzlZNezQ== +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIfHSMmFlKxPonuplnf7Xky8F12G +L0Of5TmSggw8Tu0s4uXJ1seEpBQu27YVQbg1ov3CuZ+EgOZLJJxOlz/VJJxWagPO +sBKPtjD9+K+PQCl8G9BQjO21b4L3N3WcsXK65hm00J1wT8xC798uzXqvL+8GzleA +fIgLF5KEXL95OFXHzFzOtLD3c0fN0uHeDkbfyygmXSQ7jPoYsiOGYSB6efngZY5q +TMqtIzaki7DeAUzt3eySv42IHDhRmkHaxR8kW7AxRoRztuAby3t1FPdoyhaROtpO +vfwhTSDQH+QJyOgC9X+VteqlbQmvNY35k+RQtChRkZ+Pbdx6a7yJrQQEksECAwEA +AaNkMGIwHQYDVR0OBBYEFCXWhDoXLKT10klVaEv5Rf524HXSMB8GA1UdIwQYMBaA +FAedCCKz7kaIvK9mkpHLdhyfGtFyMCAGA1UdEQQZMBeCFXdyb25naG9zdC5leGFt +cGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAtluArK33MrFPHbNBy6D01AcOk1sy +p2S++XGdPTyNwDGSBlK1FV29WPDt3WzxJ01XB93KZ3jyW6DwuSEpi9sggkHiypU4 +gQZtF65eZACoJWsdxuLCVVOAUHxij6MoEl4O1KCSXEYIUUpTb6aoA6+xJmnS4MfA +2Y5Q1DlbPTm0i72PwCHzhoDYlYPR7yisWCzNtGlXLbAZ8JRlXN0YLS7pw8F4FISG +Cu/kE4LgqSt8cCKRT4jp2NLqKamfxTr/7eFkT0tkZP1GLtWKPpNKgydKbQUhO1NN +IJFrV1sJTzVx9f3+ITp8s6ZGzFWdmMW6+6e5Wt1Bo4TqrYeJfJJUlPVZzA== -----END CERTIFICATE----- From 5397e5062f136fd1c071c4f687727c676646654e Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Mon, 8 Jun 2026 10:29:06 -0500 Subject: [PATCH 11/12] PYTHON-5040 Use cryptography library to generate certs with AKI but no CA SKI Replace the OpenSSL shell script with a Python script (gen-certs.py) that uses the cryptography library for precise extension control. AKI is present on all leaf certs (required by Python 3.13 / OpenSSL 3.x chain building), but SKI is intentionally omitted from the CA cert. Without an explicit SKI on the CA, macOS SecTrust cannot perform keyid-based chain lookup and therefore does not trigger its hard-fail OCSP check, which was the root cause of CSSMERR_TP_CERT_SUSPENDED errors during replica-set inter-node TLS. gen-certs.sh is replaced with a thin wrapper that calls gen-certs.py. OpenSSL 3.6+ automatically injects SKI into every cert it signs regardless of the extension config, making precise control impossible via the CLI. --- test/certificates/ca.pem | 40 ++- test/certificates/client.pem | 96 +++---- test/certificates/crl.pem | 17 +- test/certificates/expired.pem | 96 +++---- test/certificates/gen-certs.py | 349 +++++++++++++++++++++++ test/certificates/gen-certs.sh | 248 +--------------- test/certificates/password_protected.pem | 101 ++++--- test/certificates/server.pem | 148 +++------- test/certificates/trusted-ca.pem | 40 ++- test/certificates/wrong-host.pem | 96 +++---- 10 files changed, 638 insertions(+), 593 deletions(-) create mode 100755 test/certificates/gen-certs.py diff --git a/test/certificates/ca.pem b/test/certificates/ca.pem index 7e79d7087e..9d7397cd62 100644 --- a/test/certificates/ca.pem +++ b/test/certificates/ca.pem @@ -1,23 +1,21 @@ -----BEGIN CERTIFICATE----- -MIIDwjCCAqqgAwIBAgIUG4yLbLc0MS98Rr9VPU52i4oeEcMwDQYJKoZIhvcNAQEL -BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O -ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA1MDE0MzE4WhcN -NDYwNTMxMDE0MzE4WjB5MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx -FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV -BAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMgVGVzdGluZyBDQTCCASIwDQYJ -KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMUpxRwvIP/vSWHitv/vN/T2k3zZO3+I -7j6fxLyQ3kqT9c3VZOCOV3yf9ESfEJpoKiOrUsWE7U/dBDT2gcBsYFuaRc9kzOzV -1XDIdfAhNMeSb9OHxW5gKN+bIiMOlEwzGsfty1hhmpAkZycfTkCvbQ/uyEtRApfC -QnvFYtn/gZ/1jXOa94Zz9uxDVwzBsCQlHf1WpD6h/Uk+QJWTj11osm6nGCFDkugd -BHF7iqcb05IFchM2u3MJQ9GcqHf+HIn/JuPbPP5/Y9kuFomHsabvqIq3Nj3iLUWx -emprLjwpchELbB4VfgOTX9dShQKPQaDZsZI/tsMtRe77AEMubDCsbeMCAwEAAaNC -MEAwHQYDVR0OBBYEFAedCCKz7kaIvK9mkpHLdhyfGtFyMA8GA1UdEwEB/wQFMAMB -Af8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4IBAQCjoRcYDpno/ja9 -jnRtJYBpqnKPv9L2cjChqMxQzfOqmD3aGW3mvn9tyqZ4gDpGrFuwojL7R2syALwX -OtII89+elyMuod/POley5nFBfko6UN6Ot3Anbk3d8YC7BeSJYlpOYJOjb5Cqk2ld -O8sUm2YxT64LdRQZbf0y068UgJiEhBUdY2gYrfj8DAjn+8TMOwXmXqJIzIdl+yX6 -jz8VL5RX++i79HE/PfqKR7uAgA19/KWcUUpT5dEJcFAH5uV+zP39ihlRCAYbEa/d -lI/p/Q4KfpdGSsNvrBK+0abYkH7JLsO6fXDhag8+es45LQPT6yCucXznq5tvl+QT -Z4yZLc0w +MIIDfTCCAmWgAwIBAgIBZDANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER +MA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNV +BAoMB01vbmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMg +VGVzdGluZyBDQTAeFw0yNjA2MDcxNDQwNDFaFw00NjA2MDMxNDQwNDFaMHkxCzAJ +BgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazEWMBQGA1UEBwwNTmV3IFlvcmsg +Q2l0eTEQMA4GA1UECgwHTW9uZ29EQjEQMA4GA1UECwwHRHJpdmVyczEbMBkGA1UE +AwwSRHJpdmVycyBUZXN0aW5nIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEAxTjF0WGvlWXVtzfL+sMHX6gAoS7G1Z0gL1p4iFH59YbGBbVRTgcOf3U3 +yclcyP5bxavT8uFYPwlKNrygUPEZZbc+kPWYuH75FA7KXTJSZxX/YPPV2RxoWljH +eoVapM1Fp6gVJ3MA7nPDGQw8KaRFWHW/7qO52hsHxPW+Of8cZwt473cqZTLpLqJY +jHkJOYDk9RmzAyCLTb1Jebg27MThpuBvwBRBmKXihsysLOu49v3Guk13sCPXhKhP +dGj4f6wJ4NMqraVhGrqcb4vBH/rwf4hzHWox/lEyBEZi2XOIg8pCd2AKrvlh23Pv +ar1MMTvImYNOGpsg1WXrUVGcT8WZ2QIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0G +CSqGSIb3DQEBCwUAA4IBAQByXF3qV07B5LF+YJhKzd/jc1si+rV45IZGHAYvwNx2 +Ftn7EKYGW/d4aGyHg2rTU0A0bch3EIXqE6zQH7YEs/HLDdfubRk6hIiddVGPJozK +Pw7tj5zReTFBe201X62+q8OypVbGZz2wXIGvh5H30c40s0k2AMpUi+DR5Dus+T+b +0if/Pwxsx8HCP1GMLQH6CpxD5gXCMVBGCg+dxZm1pnkZE3ZXHHWProyxJWdNmNK8 +GNWrl0PVSe7STBCmapoDJdgVXpqEz4+qJSPTXgL1HVX6o/wh+EDQRwCak269ia3x +GljNKUeJsvqh2iL3jz1l/vRYvkN5uq66YXEwacqP8NIM -----END CERTIFICATE----- diff --git a/test/certificates/client.pem b/test/certificates/client.pem index 33e03ae915..24a3a6eb6b 100644 --- a/test/certificates/client.pem +++ b/test/certificates/client.pem @@ -1,51 +1,49 @@ ------BEGIN PRIVATE KEY----- -MIIEugIBADANBgkqhkiG9w0BAQEFAASCBKQwggSgAgEAAoIBAQC4AKy3yN1ylUiC -rP8wqfYzO7c+l+lL9V8Itz05uzHDOnxFVVeVs0Xfvzb7Sc/xepnBlCIRDP5ucmyi -CQw2paK+Sqdk4dteBj5pBXpx5KC8oi6vIrU16gB46f1fpTVMpU6AxMbMOy0i8mtJ -SAH+YgBcyGjpix2I2PQUNSp2tAt9DJlxzmRcclJkkkyHZPMZPkCH0R3Fw6MIGwgm -h14eQhqxvUxcnXDKVt0y0e6uVU6dF7bqyAivzxIU3qFmxxWCsFSANppU0P6TBkIx -ysUgdV/rYkBVxIEi+NZomeGjR3/iKVkpo6yerQoaROWIWnJLLY5BzJc9oG5xnoAg -1qJM1EDRAgMBAAECgf9JSFDXDDN7jzkcfQn7DQtLxwdpm9cECZWamGAqE1lJB+IL -5bwcQxTGfWwdvigIuhYX+DIZLbOntAAlXgp0jpi3xm56H080WLLtNjauEFXJdaO3 -h3s5yG39D4l6A7JWnv/FCUSj0m2ySBpdSpsrVUdlAexxbJaMCjGBBYEEBcZi5r95 -e8K/F78rZXuHJbHfOx+xhKwyIalM8wyp63v6KLBscDy+DaAunOJij8NCpEwENohU -R15jAr60liAOnqJpvUctjjiUdjztbh3v9pQaOrsQ1wgGUL86P7rWV6TgXDe/LWel -6MNLJ/N6Mwmy86Qjoz4mlnaY4LYBUWdAzqd/zKkCgYEA3KvY7Kd4tTs/iElMGk0v -k+l4rONn/GjabyOkkZlc7TulM+7DDKvd/V+ms8c2E1TpW6c2Fn7gaBuC+Wfw23T/ -kXF3T0jFNLI4zOHjE33yT9fqg+0m1iAPVgn4e0eQ+xeB0fr3ILl7hbQY9n3fAM6y -DjfrWDhbDr4x4gBy6C4J70kCgYEA1XX5D8Roa9sGA4RjZz0FlUT1fq3pxEt9O+5a -bId3BAjd1nv6vD6Dln5AGLizv/VnQA/W6lj9ZfPsPrQMQHUpHaeyrcewmbfJ5PVQ -YGQea7ZjuCU1T0IcjrHvLYZIHqAGPrOxDzRiLYuPmKwkl9yokqs1LWYgt1nMd93z -mYwF3UkCgYBhXESqLT2ZoFlolQZJuHJcbS78AJ1ZhR2S2YP7ZVHVrXI3FoniJlYc -Oz5+pU8bemQ3NvArPrFd3X2M8qoW+Wjkz84XIgE4PcXHx4X7jJ8DUT08Fb8DzENX -77A9HBdAYV+6uGKegpeYJxy4bFKetZNjqJJiawLp30p87zvDasShWQKBgA7+5qxQ -4/UPwfBlUIZkJwxBd+2aUh3UH8wiBoAxVA8YgF0dAJRQ3/WmkOIrt5T4rHQ3qKV1 -8vdCl4ogI+wzTtwid871hFaILsrC4Q6kee6fNYouMvyKbG8p2N+d21srasTk4r9q -sqr4bvIOxdNVURJcrLOvxQScblzNXtuelprhAoGAf51AFgJR+K13Y329T3Lex5ee -qvjMMuJIKMTddj0In7TeL5MqUBtMNjvmXQ/mJ2kAyAl7yod6xjAqmTSNc3Nju6qB -/9n2u8NBH9CRdxq7m6mJIbfvAMlqPw32B5jG/dP65eFacsjamTNjWcDy0coZOcQ3 -OfeAwH0y5PwSCsVtmLs= ------END PRIVATE KEY----- +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAuRygTOnG7ttRP9IV+fdZbetsMJ3QCCLhws/Vv+zGUqHLR8Qo +G0J6PogYCBGQnXTy3NYN5N1DBH8k5pxamyAQERp/hW41re4oJ88i/OIK2PCRDdnI +4SnEZTOX9iLcdGR8sQoUtW8M2G6pNsvKiZhYskwF/oSsJnLda898KMKf6wCW/TF9 +9W4wlOSgdTvcAB+IrpZ2x2uBUJuyERvKy9k5WfxP2ikdHSXxIw4kwMokXLcJ1Q2k +n7COBBv00K7rBJyCdkrTE6hDnbfzsVZTuTEmaFp1TpDpOXge2ih5YMDREfscEcCl +R7jJpTL/LWbUy0n8TFqfvG5M6NIyJJFwajl4BwIDAQABAoIBABNsopGPknVsBCmb +RP0W7IZxRsgPN04zQtdrcbWTBfiTy737Im5B2owHQeZO2Yr8Q6PSvmB+q1KkeN3O +GF/gzG7PBgSdXPqkXAhZXwWEPrkm/UGj0cV22Yn5EQAeBl4cUU1Ojn+/aGypqA38 +8oLfvqbu/U4I4/ug4AU5H4Ezcw54sq32xCs/pzcNITOGRpIeNjynW+WtnTsWNOVm +KBMagHitFGavNnBbeiHsg7RsvSYZ2NYlr29yCpJlZFBZ3hYxC9ZAJiXWEYbBowxW +Uk9f2GSNRBytzsVRzhkL82/DUfKXXXXjOj1GZlnLaXUHZwvE7s0fteKZMpFbnUi3 +EWaRekkCgYEA3W9PP6bwkVP9D46NSg4AwFBHSrnUZ5GeOMwGoeagAEX7H1Exs15R +gfIKc1hRUYw+4b2zy4pgnsBRVJcAHOZCvOR5N/6nlFWU1tGBkQPBxTXN5jwoew30 +PQzQsRcHqMCxwysw8+nDsY5J5SGdznUFiOkoYi7XHM0tP4UL5qjF61sCgYEA1gHT +H/ec6VflqHpM9hFcTaQMOFYMn/4SNX8wk8wmN28AJPd3WkaOp8vsSr4JdefFz7fP +khbbpDOsmH3ynSCnWUT8XPQDRuhsmm/hUZd2dhDydSo8OhYzYoiV5NA6alJaustc +bbWjEB2xxnVTKnoBMz7rZmDEmM2ASz6vVowAAcUCgYA7wBFOR6maTWN3kyuk0+p3 ++jGChGpAGBbtlIAlp6l86WU9qhcTI1wzCDCxtx8aNhGxsBKX1ZsEuzg27xfktG1F +sxDSfzCQ4hbrcFTZ4H2kzUPl4E28BqPk5VRatLAoZPaSh1EKQAXCH3bpEQ0X7JO1 +wdRXyfPZnbOb9Dal4tylCQKBgHFtpilbZJ+JJwCVUhVaPkIooRF7ClYCpEQWlfjA +S8E15C2zvF7s5s+pFiTHdNw5bG8cTbhwxRnTCbgJiX4ewJRgLCJYcyQyLN3uTs6g +KPmLIfdX23QuMC4ZltkgRNX1sIExKFw92Z/BHWjC5sGsyNYQk1RAFfOneEhpgSWu +LpLBAoGAGrcpDU2lw2iDmaDYqItDlO6kbAcoAb6iQJJXc3c9vdEAfDNbJ+qO+T/a +3YHQ0/1w1XelHDa2ZCwbis2Ik0S6Q73wcapIjEV5+7sWWwZbUM7yPMUoqOe19fdt +aqE+sHpUAAduzULRoeh7/oxDoD+Ha2CfOgElnXctZWRvOxnFOVc= +-----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID1DCCArygAwIBAgIUAYDeF//Jvzjf1eM+TBMe+oo6hhswDQYJKoZIhvcNAQEL -BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O -ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA1MDE0MzE4WhcN -NDYwNTMxMDE0MzE4WjBpMQ8wDQYDVQQDDAZjbGllbnQxEDAOBgNVBAsMB0RyaXZl -cnMxDDAKBgNVBAoMA01EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UE -CAwITmV3IFlvcmsxCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEAuACst8jdcpVIgqz/MKn2Mzu3PpfpS/VfCLc9Obsxwzp8RVVXlbNF -3782+0nP8XqZwZQiEQz+bnJsogkMNqWivkqnZOHbXgY+aQV6ceSgvKIuryK1NeoA -eOn9X6U1TKVOgMTGzDstIvJrSUgB/mIAXMho6YsdiNj0FDUqdrQLfQyZcc5kXHJS -ZJJMh2TzGT5Ah9EdxcOjCBsIJodeHkIasb1MXJ1wylbdMtHurlVOnRe26sgIr88S -FN6hZscVgrBUgDaaVND+kwZCMcrFIHVf62JAVcSBIvjWaJnho0d/4ilZKaOsnq0K -GkTliFpySy2OQcyXPaBucZ6AINaiTNRA0QIDAQABo2QwYjAdBgNVHQ4EFgQUPQii -N1XUM2emxoJgNj8ry0yxRh4wHwYDVR0jBBgwFoAUB50IIrPuRoi8r2aSkct2HJ8a -0XIwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB -CwUAA4IBAQBIcLppLz1x+xEqvIWuopnRNqejMOxBqoHgoJs4p8EAmgi0HYZZq3NA -EnIMWE6AUIDbeI1bM64oKY17dQrNKF0okoNUNXW66vfsHLiKhnXsAxanlCeHLYIZ -cKS0/npzpFhKPd2GZM2jPXDNM2u9RAyoi+da5/NcWEoH6QEeAoll5/7dGABS2EM/ -tnKf74sjVQuYwPcWP0S4d5PIkb1t9PwCaKQ0wwZ6WM8lmtiiWOVNpgAjszBrvR5F -52xHHyoTkoXJRd/xV+xD2QPxPX12haVSeQNwAeW6vg4U0oSAECC3WIS/TfnkP1zS -cbmduwH5VCdKRaJXcKXP+YuK8XQfV3IA +MIIDojCCAoqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER +MA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNV +BAoMB01vbmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMg +VGVzdGluZyBDQTAeFw0yNjA2MDcxNDQwNDFaFw00NjA2MDMxNDQwNDFaMGkxDzAN +BgNVBAMMBmNsaWVudDEQMA4GA1UECwwHRHJpdmVyczEMMAoGA1UECgwDTURCMRYw +FAYDVQQHDA1OZXcgWW9yayBDaXR5MREwDwYDVQQIDAhOZXcgWW9yazELMAkGA1UE +BhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5HKBM6cbu21E/ +0hX591lt62wwndAIIuHCz9W/7MZSoctHxCgbQno+iBgIEZCddPLc1g3k3UMEfyTm +nFqbIBARGn+FbjWt7ignzyL84grY8JEN2cjhKcRlM5f2Itx0ZHyxChS1bwzYbqk2 +y8qJmFiyTAX+hKwmct1rz3wowp/rAJb9MX31bjCU5KB1O9wAH4iulnbHa4FQm7IR +G8rL2TlZ/E/aKR0dJfEjDiTAyiRctwnVDaSfsI4EG/TQrusEnIJ2StMTqEOdt/Ox +VlO5MSZoWnVOkOk5eB7aKHlgwNER+xwRwKVHuMmlMv8tZtTLSfxMWp+8bkzo0jIk +kXBqOXgHAgMBAAGjRTBDMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcD +AjAfBgNVHSMEGDAWgBT4Dj3pNC2ZWJ8q1sWwfkj4H03pmjANBgkqhkiG9w0BAQsF +AAOCAQEAXB/eH7x92bayPaBXr+Pcm3ZoQL22la/YByga6N42xwPNHx0mH70hbf6R +zOZw1pU3vJ0Rx4mrQkfjNE9UkrhHvyF/jdhtyaaneLrE1NiAZfdhKkU4dLb9kV6u +hf8X0Z+Lzo7NTLPJHo2uVaYoVvgOamYK1oALxlIYiZkonCHHXJyCv6l/NQHVwXGd +0QSFYslV9NkpW913T/ZcX3doQ81yLdl4HlzI3Ta+AF7pqnxBibtEGECIYW1Jl7sn +RIiMMcz0gwXMghgdqI//8pO3tvfGBx0nBaKpB+y4hHlbfBlVUVKZA4tndSE3RNE+ +MOhV6IIFKhYkejnmhLQitvpybFqw2w== -----END CERTIFICATE----- diff --git a/test/certificates/crl.pem b/test/certificates/crl.pem index a258bcf23d..2cd6afd097 100644 --- a/test/certificates/crl.pem +++ b/test/certificates/crl.pem @@ -1,13 +1,12 @@ -----BEGIN X509 CRL----- -MIIB6DCB0QIBATANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzERMA8GA1UE +MIIB2DCBwQIBATANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzERMA8GA1UE CAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01v bmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMgVGVzdGlu -ZyBDQRcNMjYwNjA1MDE0MzE4WhcNNDYwNTMxMDE0MzE4WjAUMBICAQEXDTI2MDYw -NTAxNDMxOFqgDjAMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQBh3+5E -QMyGj5BWnN7hC4/ZNj5Q0Rfm0qIZrKQJ2EsiRo/lT33/QGv1oHdd/i7QOWee3UaA -uow1hxHhhUw1gwL6RZz2HmxxxvsecoYIImNq4e+D3Na6B19earihYiZs6JXOi0n0 -2fMxvKd0GqhNyva5nZSNguoL2Bx6nMt2HH0jjKbJYLhfW21aazXjqLBbvXyJ6NMg -Mnoh7/23fqnjtow2lGcICq5N5lH0wvNb62xyqr4viaYy0Heox/yr0DxxAZ9ipXYp -3Ru/T2bnfu0gt+pcbdHq4u+FXtaila08P4pAMHKaXFGpxlv6S2lTuKKMgIV/yKtR -Em4RerccVwXzeI6T +ZyBDQRcNMjYwNjA4MTQ0MDQxWhcNNDYwNjAzMTQ0MDQxWjAUMBICAQEXDTI2MDYw +ODE0NDA0MVowDQYJKoZIhvcNAQELBQADggEBAIXW67werrJCUtUgkbYEzqb2CxQD +/ayr8bf+0vlVoi4w1xjh8C03s3NFBDFSJ8kGQaNMR+Oko9gATUwkY+21+XCzT+4Q +wjaDrJKu1zW6L6aBG8gxOGoxcDbEDizQX8cl9QMIPxDHcslqXGgWlO6o0YOYHThi +BfM1jPP21ZcuQNH4NpnpjhmnIwj5HDYdHVuWKCoxLkpBR/tTMJOtT7g5Pfle5RvU +TJNmY8noQ5TZbO0wJvE8Jb1H531q0OMdgrZ0kM9y2+QudrdDclblvUdpAnax2Jjq +up49pMnDy1hQXgpJffiS4CzVzV9AEGhPgwIdV/xBGFw4xbYVoBaIRnWo7VQ= -----END X509 CRL----- diff --git a/test/certificates/expired.pem b/test/certificates/expired.pem index b0d50b5200..5ddf325461 100644 --- a/test/certificates/expired.pem +++ b/test/certificates/expired.pem @@ -1,51 +1,49 @@ ------BEGIN PRIVATE KEY----- -MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCUqmrhMtP8RnGs -9TcWYFHSdLjdjezTmCNCVNIPnTky9oX7O6MwCahwaXJRNmGSvED2DK1q44QbSNRX -WMBtTFhckmx2aRCGVfaRFHHaUx58+DWTDQyc3YHQgIw+wo8endBlcSaCiyF6A7Xd -oir8IGTL90703GwS8pqM+urY4QcgrRrVfoGWgEdzLUSlqk1hC+jFwh0++Ob7EzX3 -I4WfUtLhRRevhS/V08PT1Q4n3kxUt3phFPFD5sb4dIUAZLbNmQ1oO8nnIjpQwhMC -WlAwhWVNYf8H9zkwW7ZPLT3hSeqgrUN1/l0wT1w5AaVElnrDsai2j/3DQdfW18qK -59Y+/y+/AgMBAAECggEAHSCwtTPYvfZtYlZfNzajAWmWKO6cRq7pxZ7J035aDSap -BJrgM9LImlHGsKvHfVD+J1c/iRBPu2rPE9gTR7bsHyMfNioKr09bcnx/fCfJ8vFM -yeWGIZvyyc/N6qQDF5wTDzUWtwAcjIP6l5Sk+GY+aYoogahIUoQPDO1Co0CfvWJw -wpAlaAIvEO1RgaEQVEq3YgbCIpmDEjgwQllVqQ+QBkXUDsw+aYFaktcYkz+LPp6M -MtPhe4DLRABeqDsFtLbi8L07rDdByZNDCa3GFLZOy71YrHHzqENAzvy/6HN+SYn9 -elrWc+qvuSRP/z1JBa8P2Bf5TLCKgSm5amRMFm4brQKBgQDJJF1PA5jmPKiG0ftD -ASn5375OGnTw3SkDFEWJKbEVu2TUa6eZhqUQzRz0j9qNDnpaVVa+88c/tJl1lymV -RG+EsPsoKzHEQJ5FYg+SJz/IR5XMqO9D9Yd+vGRBY9nqO7Q5lbyQqdBiHrQIzKS8 -VRCobA8MZSyGUifnJPNS6JXfqwKBgQC9Ni46GNF8za664JTfyD3PGq92edzMAWZd -x5yLBUC+eh9WKawjr98FFS4UEH22Hrznjp4FqqQnQ04DaDNd6Peeb0G9co2LSguv -8PXiuG4QshmA/yHLTFXbAGCPDV/CF0XqPTyMpHVax8Du/ITpucykenm83s8lhf+T -FwzvqQasPQKBgAQmQ+aFZHobdj6RxmUzePI2s25ZDWCKr3XozSZvPb/9Ba98KRD5 -vh4CnT5OWWvfiJakfA2kac/eoevTGoCB0Osj24qQmY465wj3ZOrW9HHlSCnYslbs -kccDi+3taWlzodwuQp2ZYzsi9wPXdO6NsrJGyGixDaIXv8r88CgdtDnRAoGAVSG+ -lNc70kp89oo7kaB35uobzlOwO33ZwBIi5g37/nfWB5+CWyAzWQcZj1+IIFweJJVv -lh8b8qp+vFuy2OsMFpX6XzHea7BqJ8Rj7ZmLtCld/kNMwjrbWkkGKPccgaiVBXp9 -9s28G5dKwHyPlNXLNKoCgi9BxqFOx7CUWnSTkwUCgYB2a+06EPZi290XgnnN2akt -/GI2xdnY2GDF4AyZuslffdm2MV8Gl8d0xUi5zkps7oEoqJUFg88FUxnnVxTAycLP -gJBSquCgzYaTlg7UrrYEUu27w+VV84zUzf9qnAy+YcqQcyROoDugP5AEhGoXLqke -DwKg2EIYHmc/qhVQXCKvuA== ------END PRIVATE KEY----- +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAq4Pw2/PV4aBoSt1YE1d4SFL8bi4HaypP7J/cdW6RtxloXKr/ +DqfVQPDdiTIWQE5lrKDzqDpA4Ms7ecIH1iRnEvGXV1Ylj+n+gBF2Vi7UE4JGKbnx ++10X7ysy3X8hNwN571lxvjnVUaO6IHEjLlhNXOsLoOvOz9C78Evk4rRd6dNpt9du +L+4y4XunstTTbqsuV7puzR27HCkwn3Xbz470jPMpUQJ/NRPA9b6+WHaEI7kEp805 +Sklig8nap/GdDxd2i5EPZqpcbgV0RfN42t3Qsak98Beb919xR01GXU1Jurwn2wcJ +EUAnKbBxXyIx4Ltw3Bfald7htvFryhhKjx4tWQIDAQABAoIBAAg0Ma1nqqOV718j +Wr7kGHAHLiVcBMVSuwtzsxEX5pbmO3hxQm1ySDBIxSP2lhth1JmvAjCaBrfp6LCg +gAz1ZUvB7A4EpBvP4rk//JPPPhwnx1DgIMu37njlbVOsbMuLmkXBVsA1VneG+BRs +rPTeyuaGpKIAHX6RuqeaDbrtSy+vtbKPdmuc6g+ariIpkrI920UDdgbfpFAu/4hs ++951C+RVvu9+ZX5HhVFw9/q2+qxGzZj6rbMuSGxifb2ftnMEFAWDUzCI8sPB3QwH +F05zYbMMA4zS0QIVvbYaJN+HEDaOYFXC11hHWfDYZL/Wt3k/evUJd2pExKajomNU +qHHhN70CgYEA5yr5en/uywMVahYzXY9hoZb9v8kt69Nucpkq/sRJ3ZDV7yDr0b3k +0jAc2Up105aq4EBp2tya/KdY4TPIzVeOZ9FZL2rSly4uI8QohSRo4hjCBc5z8SKl +OESFqFruSlMXIaVc5I/R4sJUCnvBkeQw7j4QFFFIR6UcTJBvaCq41X0CgYEAvfCL +9iwPhTnTBQ0WVbtPOYF9Kk1xLCwPWaTS2lAkFsUZ9YIdVZmQMCCvpDKSWUVVsPJx +A0K/Rg8pkYFFPs3EOI2PV51DZrSCgDAdxikZby9amrG1KEwUyR82B9VWgVhIxZnq +KNL1GVRoYOhcnkY/Zv4dn7PnRfEPvCXU65OQjg0CgYEAy7cJZ7S6IVm0U2sBFSA3 +74j6UTrfJwWKPZ9RTnZ4ibMLdNJUPt/TeI9BvRNrRm1uZHUfU+o5AxIOt1dFTAAu +1Lqel7TRpLzjmE1TUBHIBAfBZBCOCCB57V4lUzne6MzUg6gQdrNvSR/ro9lvujuY +CzvSO7VttwWALNDT/L45aJkCgYEAiUg7YQonjZtlsdjrs7tWX7H/zXt7uPl/fsNq +wu/5pZuAT7pjiWMcnCyDxqHmtS8v6FzS4hB0PybmXIyah/IhSN7IJAM+nBUL3arp +WjiKcZpAWl7nGOEkhNlSLAc+Ju6wamH8pNUU4eHoL2LCzoLngIFa1/snxZ2eSdbu +NfbKHGECgYBEdsSWW93KOU4DbEezFWFd83H0ySvf1crdHr7psWBXTpYLnKN9HfS/ +GZ26sYeeq3ouJxG8Eb2yhYCtI20JnWk8lhjYA5lQSA6H0nyqrzKRfPdGerhTKgDK +FHUALHvAM6yF7EpA0ibXGCSrDHJAGGIlMAyUzObbDlTs5+Qwd20+lw== +-----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID5zCCAs+gAwIBAgIUAYDeF//Jvzjf1eM+TBMe+oo6hh0wDQYJKoZIhvcNAQEL -BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O -ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMDAwMTAxMDAwMDAwWhcN -MDEwMTAxMDAwMDAwWjBwMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx -FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV -BAsMB0RyaXZlcnMxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBAJSqauEy0/xGcaz1NxZgUdJ0uN2N7NOYI0JU0g+dOTL2 -hfs7ozAJqHBpclE2YZK8QPYMrWrjhBtI1FdYwG1MWFySbHZpEIZV9pEUcdpTHnz4 -NZMNDJzdgdCAjD7Cjx6d0GVxJoKLIXoDtd2iKvwgZMv3TvTcbBLymoz66tjhByCt -GtV+gZaAR3MtRKWqTWEL6MXCHT745vsTNfcjhZ9S0uFFF6+FL9XTw9PVDifeTFS3 -emEU8UPmxvh0hQBkts2ZDWg7yeciOlDCEwJaUDCFZU1h/wf3OTBbtk8tPeFJ6qCt -Q3X+XTBPXDkBpUSWesOxqLaP/cNB19bXyorn1j7/L78CAwEAAaNwMG4wHQYDVR0O -BBYEFLwmWBzr5HQiC9AMIH8MaBKiVhPGMB8GA1UdIwQYMBaAFAedCCKz7kaIvK9m -kpHLdhyfGtFyMCwGA1UdEQQlMCOCCWxvY2FsaG9zdIcEfwAAAYcQAAAAAAAAAAAA -AAAAAAAAATANBgkqhkiG9w0BAQsFAAOCAQEAvAHnUpmT11dC3y6sEUyg5EqSQSD9 -dpOEIVnQ8kLyLAEhxu2LNyJFM0s+luhe4m/5OINlyOKizjGAA0MXjShNFfLioIlf -Gg1gPeTvGXJofIrHPF5EnVLcGGx3bjn3E5d5MEX2V6swA5jxcoiJpfIJACfZfY3M -n13NNIXKXtsoXE8G9HuW2TkINnyJCHJPT6aD7uuA+UElvGMQm1XEZiE69VZbWGgx -lCsR5Y8M9PaXJaO+WGubr4P08LAa+ZA/zFbJyY5ThXr15GkatW6kQvBo1g6zOdGp -inJ+VxAgjOMSlmES3IgypKvliTp1rSRU0j+xwGQNZ2j46ju+oqfV1bQ8wQ== +MIIDtTCCAp2gAwIBAgIBBDANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER +MA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNV +BAoMB01vbmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMg +VGVzdGluZyBDQTAeFw0wMDAxMDEwMDAwMDBaFw0wMTAxMDEwMDAwMDBaMHAxCzAJ +BgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazEWMBQGA1UEBwwNTmV3IFlvcmsg +Q2l0eTEQMA4GA1UECgwHTW9uZ29EQjEQMA4GA1UECwwHRHJpdmVyczESMBAGA1UE +AwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq4Pw +2/PV4aBoSt1YE1d4SFL8bi4HaypP7J/cdW6RtxloXKr/DqfVQPDdiTIWQE5lrKDz +qDpA4Ms7ecIH1iRnEvGXV1Ylj+n+gBF2Vi7UE4JGKbnx+10X7ysy3X8hNwN571lx +vjnVUaO6IHEjLlhNXOsLoOvOz9C78Evk4rRd6dNpt9duL+4y4XunstTTbqsuV7pu +zR27HCkwn3Xbz470jPMpUQJ/NRPA9b6+WHaEI7kEp805Sklig8nap/GdDxd2i5EP +ZqpcbgV0RfN42t3Qsak98Beb919xR01GXU1Jurwn2wcJEUAnKbBxXyIx4Ltw3Bfa +ld7htvFryhhKjx4tWQIDAQABo1EwTzAsBgNVHREEJTAjgglsb2NhbGhvc3SHBH8A +AAGHEAAAAAAAAAAAAAAAAAAAAAEwHwYDVR0jBBgwFoAU+A496TQtmVifKtbFsH5I ++B9N6ZowDQYJKoZIhvcNAQELBQADggEBAE1vb99WxOr5zlobULL8hrjCXbH5dkL8 +djZfloUZiflzmz5ICxkBe7irBJhK8k4CdE1+NsYHXeEbnfaPxV8Ex8ytQhS7xAOl +nw5TnJX7Su2N9lFW9TLh1nBPX7JxZtK2tCGKM/iTWDrJUw75DadZKexMSZaV0SZR +bjKj/jIFjf4mqkLs97pKXvhjbq6PN0VdRcE+PDxMrAZiJAoF/WThiJ4DCOpts6iQ +tWEcaf5poR4HNaehFS3H92X8Ots5On6nhTlfpMSsDxZjg+c5OQ33yIdgMh437LJL +XQT9eqoqw0l0VUvBQlWTpHZPwH+nGJyj5Jqe1Lo3W+G7I2sDpUPnbBk= -----END CERTIFICATE----- diff --git a/test/certificates/gen-certs.py b/test/certificates/gen-certs.py new file mode 100755 index 0000000000..bf44694a03 --- /dev/null +++ b/test/certificates/gen-certs.py @@ -0,0 +1,349 @@ +#!/usr/bin/env python3 +"""Generate TLS test certificates for the PyMongo test suite. + +Certificates include AKI on leaf certs (required by Python 3.13 / OpenSSL 3.x +chain building) but deliberately omit SKI on the CA cert. Without an explicit +SKI on the CA, macOS SecTrust cannot perform keyid-based chain lookup and +therefore does not trigger its hard-fail OCSP check, which was causing +CSSMERR_TP_CERT_SUSPENDED errors during MongoDB replica-set inter-node TLS. + +Usage: + pip install cryptography + python gen-certs.py # run from test/certificates/ + +Password for password_protected.pem: qwerty +""" +from __future__ import annotations + +import datetime +import ipaddress +import sys +from pathlib import Path + +try: + from cryptography import x509 + from cryptography.hazmat.primitives import hashes, serialization + from cryptography.hazmat.primitives.asymmetric import rsa + from cryptography.hazmat.primitives.serialization import ( + BestAvailableEncryption, + Encoding, + NoEncryption, + PrivateFormat, + ) + from cryptography.x509.oid import ExtendedKeyUsageOID, NameOID +except ImportError: + sys.exit("cryptography package is required: pip install cryptography") + +SCRIPT_DIR = Path(__file__).parent.resolve() +DAYS = 7300 # ~20 years +NOW = datetime.datetime.now(datetime.timezone.utc) +NOT_BEFORE = NOW - datetime.timedelta(days=1) +NOT_AFTER = NOW + datetime.timedelta(days=DAYS) + + +def make_key() -> rsa.RSAPrivateKey: + return rsa.generate_private_key(public_exponent=65537, key_size=2048) + + +def key_pem(key, password=None) -> bytes: + enc = BestAvailableEncryption(password) if password else NoEncryption() + return key.private_bytes(Encoding.PEM, PrivateFormat.TraditionalOpenSSL, enc) + + +def cert_pem(cert) -> bytes: + return cert.public_bytes(Encoding.PEM) + + +def aki_from_ca(ca_key) -> x509.AuthorityKeyIdentifier: + # Derives keyid from the CA's public key directly — no SKI extension needed + # on the CA cert. Python 3.13 / OpenSSL 3.x require AKI to be present on + # leaf certs; the keyid form satisfies that without requiring CA SKI. + return x509.AuthorityKeyIdentifier.from_issuer_public_key(ca_key.public_key()) + + +def server_san() -> x509.SubjectAlternativeName: + return x509.SubjectAlternativeName( + [ + x509.DNSName("localhost"), + x509.IPAddress(ipaddress.IPv4Address("127.0.0.1")), + x509.IPAddress(ipaddress.IPv6Address("::1")), + ] + ) + + +# Canonical names — kept stable so tests that hard-code DN strings keep passing. +CA_NAME = x509.Name( + [ + x509.NameAttribute(NameOID.COUNTRY_NAME, "US"), + x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, "New York"), + x509.NameAttribute(NameOID.LOCALITY_NAME, "New York City"), + x509.NameAttribute(NameOID.ORGANIZATION_NAME, "MongoDB"), + x509.NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, "Drivers"), + x509.NameAttribute(NameOID.COMMON_NAME, "Drivers Testing CA"), + ] +) + +SERVER_NAME = x509.Name( + [ + x509.NameAttribute(NameOID.COUNTRY_NAME, "US"), + x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, "New York"), + x509.NameAttribute(NameOID.LOCALITY_NAME, "New York City"), + x509.NameAttribute(NameOID.ORGANIZATION_NAME, "MongoDB"), + x509.NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, "Drivers"), + x509.NameAttribute(NameOID.COMMON_NAME, "localhost"), + ] +) + +# Attribute order must be CN→OU→O→L→ST→C so that MongoDB's reversed-order +# x509 username string is "C=US,ST=New York,L=New York City,O=MDB,OU=Drivers,CN=client" +# (see MONGODB_X509_USERNAME in test/test_ssl.py). +CLIENT_NAME = x509.Name( + [ + x509.NameAttribute(NameOID.COMMON_NAME, "client"), + x509.NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, "Drivers"), + x509.NameAttribute(NameOID.ORGANIZATION_NAME, "MDB"), + x509.NameAttribute(NameOID.LOCALITY_NAME, "New York City"), + x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, "New York"), + x509.NameAttribute(NameOID.COUNTRY_NAME, "US"), + ] +) + +TRUSTED_CA_NAME = x509.Name( + [ + x509.NameAttribute(NameOID.COUNTRY_NAME, "US"), + x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, "New York"), + x509.NameAttribute(NameOID.LOCALITY_NAME, "New York City"), + x509.NameAttribute(NameOID.ORGANIZATION_NAME, "MongoDB"), + x509.NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, "Kernel"), + x509.NameAttribute(NameOID.COMMON_NAME, "Trusted Kernel Test CA"), + ] +) + + +# --------------------------------------------------------------------------- +# 1. Drivers Testing CA +# --------------------------------------------------------------------------- +print("==> Generating Drivers Testing CA...") +ca_key = make_key() +ca_cert = ( + x509.CertificateBuilder() + .subject_name(CA_NAME) + .issuer_name(CA_NAME) + .public_key(ca_key.public_key()) + .serial_number(100) + .not_valid_before(NOT_BEFORE) + .not_valid_after(NOT_AFTER) + # basicConstraints without critical flag, no SKI — matches old x509gen CA + # structure. Omitting SKI prevents macOS SecTrust from resolving the CA + # via AKI keyid, so it skips OCSP revocation checking for inter-node TLS. + .add_extension(x509.BasicConstraints(ca=True, path_length=None), critical=False) + .sign(ca_key, hashes.SHA256()) +) +(SCRIPT_DIR / "ca.pem").write_bytes(cert_pem(ca_cert)) +print(" ca.pem written") + + +# --------------------------------------------------------------------------- +# 2. Server certificate — serial 1, revoked in crl.pem for test_tlsCRLFile_support +# --------------------------------------------------------------------------- +print("==> Generating server certificate...") +server_key = make_key() +server_cert = ( + x509.CertificateBuilder() + .subject_name(SERVER_NAME) + .issuer_name(CA_NAME) + .public_key(server_key.public_key()) + .serial_number(1) + .not_valid_before(NOT_BEFORE) + .not_valid_after(NOT_AFTER) + .add_extension(server_san(), critical=False) + .add_extension(aki_from_ca(ca_key), critical=False) + .sign(ca_key, hashes.SHA256()) +) +(SCRIPT_DIR / "server.pem").write_bytes(key_pem(server_key) + cert_pem(server_cert)) +print(" server.pem written") + + +# --------------------------------------------------------------------------- +# 3. Client certificate — serial 2 +# --------------------------------------------------------------------------- +print("==> Generating client certificate...") +client_key = make_key() +client_cert = ( + x509.CertificateBuilder() + .subject_name(CLIENT_NAME) + .issuer_name(CA_NAME) + .public_key(client_key.public_key()) + .serial_number(2) + .not_valid_before(NOT_BEFORE) + .not_valid_after(NOT_AFTER) + .add_extension( + x509.KeyUsage( + digital_signature=True, + content_commitment=False, + key_encipherment=False, + data_encipherment=False, + key_agreement=False, + key_cert_sign=False, + crl_sign=False, + encipher_only=False, + decipher_only=False, + ), + critical=False, + ) + .add_extension( + x509.ExtendedKeyUsage([ExtendedKeyUsageOID.CLIENT_AUTH]), + critical=False, + ) + .add_extension(aki_from_ca(ca_key), critical=False) + .sign(ca_key, hashes.SHA256()) +) +(SCRIPT_DIR / "client.pem").write_bytes(key_pem(client_key) + cert_pem(client_cert)) +print(" client.pem written") + + +# --------------------------------------------------------------------------- +# 4. Password-protected client certificate (same cert, encrypted key) +# --------------------------------------------------------------------------- +print("==> Generating password-protected client certificate...") +(SCRIPT_DIR / "password_protected.pem").write_bytes( + key_pem(client_key, password=b"qwerty") + cert_pem(client_cert) +) +print(" password_protected.pem written (password: qwerty)") + + +# --------------------------------------------------------------------------- +# 5. CRL — revokes the server cert (serial 1) for test_tlsCRLFile_support +# --------------------------------------------------------------------------- +print("==> Generating CRL...") +crl = ( + x509.CertificateRevocationListBuilder() + .issuer_name(CA_NAME) + .last_update(NOW) + .next_update(NOW + datetime.timedelta(days=DAYS)) + .add_revoked_certificate( + x509.RevokedCertificateBuilder().serial_number(1).revocation_date(NOW).build() + ) + .sign(ca_key, hashes.SHA256()) +) +(SCRIPT_DIR / "crl.pem").write_bytes(crl.public_bytes(Encoding.PEM)) +print(" crl.pem written") + + +# --------------------------------------------------------------------------- +# 6. Wrong-host certificate (serial 3) — used in KMS TLS tests +# --------------------------------------------------------------------------- +print("==> Generating wrong-host certificate...") +wrong_host_key = make_key() +wrong_host_cert = ( + x509.CertificateBuilder() + .subject_name( + x509.Name( + [ + x509.NameAttribute(NameOID.COUNTRY_NAME, "US"), + x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, "New York"), + x509.NameAttribute(NameOID.LOCALITY_NAME, "New York City"), + x509.NameAttribute(NameOID.ORGANIZATION_NAME, "MongoDB"), + x509.NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, "Drivers"), + x509.NameAttribute(NameOID.COMMON_NAME, "wronghost.example.com"), + ] + ) + ) + .issuer_name(CA_NAME) + .public_key(wrong_host_key.public_key()) + .serial_number(3) + .not_valid_before(NOT_BEFORE) + .not_valid_after(NOT_AFTER) + .add_extension( + x509.SubjectAlternativeName([x509.DNSName("wronghost.example.com")]), + critical=False, + ) + .add_extension(aki_from_ca(ca_key), critical=False) + .sign(ca_key, hashes.SHA256()) +) +(SCRIPT_DIR / "wrong-host.pem").write_bytes(key_pem(wrong_host_key) + cert_pem(wrong_host_cert)) +print(" wrong-host.pem written (SAN: wronghost.example.com)") + + +# --------------------------------------------------------------------------- +# 7. Expired certificate (serial 4) — used in KMS TLS tests +# --------------------------------------------------------------------------- +print("==> Generating expired certificate...") +expired_key = make_key() +expired_cert = ( + x509.CertificateBuilder() + .subject_name(SERVER_NAME) + .issuer_name(CA_NAME) + .public_key(expired_key.public_key()) + .serial_number(4) + .not_valid_before(datetime.datetime(2000, 1, 1, tzinfo=datetime.timezone.utc)) + .not_valid_after(datetime.datetime(2001, 1, 1, tzinfo=datetime.timezone.utc)) + .add_extension(server_san(), critical=False) + .add_extension(aki_from_ca(ca_key), critical=False) + .sign(ca_key, hashes.SHA256()) +) +(SCRIPT_DIR / "expired.pem").write_bytes(key_pem(expired_key) + cert_pem(expired_cert)) +print(" expired.pem written (expired 2001-01-01)") + + +# --------------------------------------------------------------------------- +# 8. Trusted Kernel Test CA — separate CA, used in CA-bundle tests +# --------------------------------------------------------------------------- +print("==> Generating Trusted Kernel Test CA...") +trusted_ca_key = make_key() +trusted_ca_cert = ( + x509.CertificateBuilder() + .subject_name(TRUSTED_CA_NAME) + .issuer_name(TRUSTED_CA_NAME) + .public_key(trusted_ca_key.public_key()) + .serial_number(200) + .not_valid_before(NOT_BEFORE) + .not_valid_after(NOT_AFTER) + .add_extension(x509.BasicConstraints(ca=True, path_length=None), critical=False) + .sign(trusted_ca_key, hashes.SHA256()) +) +(SCRIPT_DIR / "trusted-ca.pem").write_bytes(cert_pem(trusted_ca_cert)) +print(" trusted-ca.pem written") + + +# --------------------------------------------------------------------------- +# Verification +# --------------------------------------------------------------------------- +print() +print("==> Verifying AKI on leaf certs and no SKI on CA...") + +import subprocess + + +def cert_extensions(path: Path) -> str: + return subprocess.check_output( + ["openssl", "x509", "-noout", "-text", "-in", str(path)], + stderr=subprocess.DEVNULL, + ).decode() + + +errors = 0 +for name in ("server.pem", "client.pem", "wrong-host.pem", "expired.pem"): + text = cert_extensions(SCRIPT_DIR / name) + has_aki = "Authority Key Identifier" in text + has_ski = "Subject Key Identifier" in text + if not has_aki: + print(f" {name}: MISSING AKI", file=sys.stderr) + errors += 1 + elif has_ski: + print(f" {name}: OK (AKI present, but unexpected SKI also present)") + else: + print(f" {name}: OK") + +ca_text = cert_extensions(SCRIPT_DIR / "ca.pem") +if "Subject Key Identifier" in ca_text: + print(" ca.pem: UNEXPECTED SKI — OpenSSL auto-added it", file=sys.stderr) + errors += 1 +else: + print(" ca.pem: OK (no SKI)") + +if errors: + sys.exit(1) + +print() +print("Done. All certificates regenerated.") diff --git a/test/certificates/gen-certs.sh b/test/certificates/gen-certs.sh index 118e866ebe..0733e1e515 100755 --- a/test/certificates/gen-certs.sh +++ b/test/certificates/gen-certs.sh @@ -1,246 +1,12 @@ #!/usr/bin/env bash -# Regenerate all TLS test certificates with proper Authority Key Identifier (AKI) -# and Subject Key Identifier (SKI) extensions. +# Thin wrapper — delegates certificate generation to gen-certs.py. +# Using Python's cryptography library gives precise extension control; +# in particular it lets us add AKI to leaf certs without adding SKI to +# the CA cert, which avoids the macOS SecTrust hard-fail OCSP check. # # Usage: bash gen-certs.sh (run from test/certificates/) -# -# Prerequisites: OpenSSL 1.1+ or LibreSSL 3+ -# Password for password_protected.pem: qwerty -# See README.md for full details. +# Requires: pip install cryptography set -euo pipefail - -SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" -TMPDIR="$(mktemp -d)" -trap 'rm -rf "$TMPDIR"' EXIT - -DAYS=7300 # ~20 years - -# ---------------------------------------------------------------------------- -# OpenSSL extension config -# ---------------------------------------------------------------------------- -cat > "$TMPDIR/ext.cnf" << 'EOF' -[ v3_ca ] -subjectKeyIdentifier = hash -basicConstraints = critical, CA:TRUE -keyUsage = critical, keyCertSign - -[ v3_server ] -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid -subjectAltName = DNS:localhost, IP:127.0.0.1, IP:::1 - -[ v3_client ] -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid -keyUsage = digitalSignature -extendedKeyUsage = clientAuth -EOF - -# ---------------------------------------------------------------------------- -# OpenSSL CA config (for CRL generation) -# ---------------------------------------------------------------------------- -mkdir -p "$TMPDIR/cadb/newcerts" -touch "$TMPDIR/cadb/index.txt" -printf '01\n' > "$TMPDIR/cadb/serial" -printf '01\n' > "$TMPDIR/cadb/crlnumber" - -cat > "$TMPDIR/ca.cnf" << EOF -[ ca ] -default_ca = CA_default - -[ CA_default ] -dir = $TMPDIR/cadb -new_certs_dir = $TMPDIR/cadb/newcerts -database = $TMPDIR/cadb/index.txt -serial = $TMPDIR/cadb/serial -crlnumber = $TMPDIR/cadb/crlnumber -certificate = $TMPDIR/ca.pem -private_key = $TMPDIR/ca.key -default_days = $DAYS -default_crl_days = $DAYS -default_md = sha256 -preserve = no -policy = policy_match - -[ policy_match ] -countryName = optional -stateOrProvinceName = optional -organizationName = optional -organizationalUnitName = optional -commonName = supplied -emailAddress = optional -EOF - -# ---------------------------------------------------------------------------- -# 1. Drivers Testing CA -# ---------------------------------------------------------------------------- -echo "==> Generating Drivers Testing CA..." -openssl genrsa -out "$TMPDIR/ca.key" 2048 2>/dev/null -openssl req -new -x509 -days $DAYS \ - -key "$TMPDIR/ca.key" \ - -out "$TMPDIR/ca.pem" \ - -subj "/C=US/ST=New York/L=New York City/O=MongoDB/OU=Drivers/CN=Drivers Testing CA" \ - -extensions v3_ca \ - -config "$TMPDIR/ext.cnf" - -cp "$TMPDIR/ca.pem" "$SCRIPT_DIR/ca.pem" -echo " ca.pem written" - -# ---------------------------------------------------------------------------- -# 2. Server certificate -# Signed via `openssl ca` so the cert is tracked in the database and can -# be revoked, which is required for the tlsCRLFile test. -# ---------------------------------------------------------------------------- -echo "==> Generating server certificate..." -openssl genrsa -out "$TMPDIR/server.key" 2048 2>/dev/null -openssl req -new \ - -key "$TMPDIR/server.key" \ - -out "$TMPDIR/server.csr" \ - -subj "/C=US/ST=New York/L=New York City/O=MongoDB/OU=Drivers/CN=localhost" -openssl ca -config "$TMPDIR/ca.cnf" \ - -in "$TMPDIR/server.csr" \ - -out "$TMPDIR/server.crt" \ - -extensions v3_server \ - -extfile "$TMPDIR/ext.cnf" \ - -days $DAYS \ - -batch 2>/dev/null - -# server.pem = private key + certificate -cat "$TMPDIR/server.key" "$TMPDIR/server.crt" > "$SCRIPT_DIR/server.pem" -echo " server.pem written" - -# Revoke the server cert so crl.pem will block connections when checked. -# This is required by test_tlsCRLFile_support which verifies CRL enforcement. -openssl ca -config "$TMPDIR/ca.cnf" -revoke "$TMPDIR/server.crt" 2>/dev/null - -# ---------------------------------------------------------------------------- -# 3. Client certificate -# ---------------------------------------------------------------------------- -echo "==> Generating client certificate..." -openssl genrsa -out "$TMPDIR/client.key" 2048 2>/dev/null -openssl req -new \ - -key "$TMPDIR/client.key" \ - -out "$TMPDIR/client.csr" \ - -subj "/CN=client/OU=Drivers/O=MDB/L=New York City/ST=New York/C=US" -openssl x509 -req -days $DAYS \ - -in "$TMPDIR/client.csr" \ - -CA "$TMPDIR/ca.pem" \ - -CAkey "$TMPDIR/ca.key" \ - -CAcreateserial \ - -out "$TMPDIR/client.crt" \ - -extfile "$TMPDIR/ext.cnf" \ - -extensions v3_client 2>/dev/null - -# client.pem = private key + certificate -cat "$TMPDIR/client.key" "$TMPDIR/client.crt" > "$SCRIPT_DIR/client.pem" -echo " client.pem written" - -# ---------------------------------------------------------------------------- -# 4. Password-protected client certificate -# ---------------------------------------------------------------------------- -echo "==> Generating password-protected client certificate..." -openssl rsa -in "$TMPDIR/client.key" \ - -aes256 -passout pass:qwerty \ - -out "$TMPDIR/client_enc.key" 2>/dev/null - -# password_protected.pem = encrypted key + certificate (same cert as client) -cat "$TMPDIR/client_enc.key" "$TMPDIR/client.crt" > "$SCRIPT_DIR/password_protected.pem" -echo " password_protected.pem written (password: qwerty)" - -# ---------------------------------------------------------------------------- -# 5. CRL (empty — no revoked certs) -# ---------------------------------------------------------------------------- -echo "==> Generating CRL..." -openssl ca -config "$TMPDIR/ca.cnf" -gencrl -out "$SCRIPT_DIR/crl.pem" 2>/dev/null -echo " crl.pem written" - -# ---------------------------------------------------------------------------- -# 6. Wrong-host certificate (for KMS TLS tests — hostname deliberately wrong) -# ---------------------------------------------------------------------------- -echo "==> Generating wrong-host certificate..." -cat > "$TMPDIR/wrong_host_ext.cnf" << 'EOF' -[ v3_wrong_host ] -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid,issuer -subjectAltName = DNS:wronghost.example.com -EOF - -openssl genrsa -out "$TMPDIR/wrong_host.key" 2048 2>/dev/null -openssl req -new \ - -key "$TMPDIR/wrong_host.key" \ - -out "$TMPDIR/wrong_host.csr" \ - -subj "/C=US/ST=New York/L=New York City/O=MongoDB/OU=Drivers/CN=wronghost.example.com" -openssl x509 -req -days $DAYS \ - -in "$TMPDIR/wrong_host.csr" \ - -CA "$TMPDIR/ca.pem" \ - -CAkey "$TMPDIR/ca.key" \ - -CAcreateserial \ - -out "$TMPDIR/wrong_host.crt" \ - -extfile "$TMPDIR/wrong_host_ext.cnf" \ - -extensions v3_wrong_host 2>/dev/null - -cat "$TMPDIR/wrong_host.key" "$TMPDIR/wrong_host.crt" > "$SCRIPT_DIR/wrong-host.pem" -echo " wrong-host.pem written (SAN: wronghost.example.com)" - -# ---------------------------------------------------------------------------- -# 7. Expired certificate (for KMS TLS tests — validity window in the past) -# ---------------------------------------------------------------------------- -echo "==> Generating expired certificate..." -openssl genrsa -out "$TMPDIR/expired.key" 2048 2>/dev/null -openssl req -new \ - -key "$TMPDIR/expired.key" \ - -out "$TMPDIR/expired.csr" \ - -subj "/C=US/ST=New York/L=New York City/O=MongoDB/OU=Drivers/CN=localhost" -openssl x509 -req \ - -not_before 20000101000000Z \ - -not_after 20010101000000Z \ - -in "$TMPDIR/expired.csr" \ - -CA "$TMPDIR/ca.pem" \ - -CAkey "$TMPDIR/ca.key" \ - -CAcreateserial \ - -out "$TMPDIR/expired.crt" \ - -extfile "$TMPDIR/ext.cnf" \ - -extensions v3_server 2>/dev/null - -cat "$TMPDIR/expired.key" "$TMPDIR/expired.crt" > "$SCRIPT_DIR/expired.pem" -echo " expired.pem written (expired 2001-01-01)" - -# ---------------------------------------------------------------------------- -# 8. Trusted Kernel Test CA (trusted-ca.pem) -# A separate CA used in CA-bundle tests; does NOT sign server/client certs. -# ---------------------------------------------------------------------------- -echo "==> Generating Trusted Kernel Test CA..." -cat > "$TMPDIR/trusted_ext.cnf" << 'EOF' -[ v3_trusted_ca ] -subjectKeyIdentifier = hash -basicConstraints = critical, CA:TRUE -keyUsage = critical, keyCertSign -EOF - -openssl genrsa -out "$TMPDIR/trusted_ca.key" 2048 2>/dev/null -openssl req -new -x509 -days $DAYS \ - -key "$TMPDIR/trusted_ca.key" \ - -out "$SCRIPT_DIR/trusted-ca.pem" \ - -subj "/C=US/ST=New York/L=New York City/O=MongoDB/OU=Kernel/CN=Trusted Kernel Test CA" \ - -extensions v3_trusted_ca \ - -config "$TMPDIR/trusted_ext.cnf" -echo " trusted-ca.pem written" - -# ---------------------------------------------------------------------------- -# Verify -# ---------------------------------------------------------------------------- -echo "" -echo "==> Verifying AKI is present on leaf certs..." -for cert in server.pem client.pem wrong-host.pem; do - result=$(openssl x509 -noout -text -in "$SCRIPT_DIR/$cert" 2>/dev/null | grep "Authority Key Identifier" | head -1) - if [ -n "$result" ]; then - echo " $cert: OK ($result)" - else - echo " $cert: MISSING AKI - check generation!" >&2 - exit 1 - fi -done - -echo "" -echo "Done. All certificates regenerated with AKI." +cd "$(dirname "${BASH_SOURCE[0]}")" +python3 gen-certs.py diff --git a/test/certificates/password_protected.pem b/test/certificates/password_protected.pem index 32163a114c..4c912a26e5 100644 --- a/test/certificates/password_protected.pem +++ b/test/certificates/password_protected.pem @@ -1,53 +1,52 @@ ------BEGIN ENCRYPTED PRIVATE KEY----- -MIIFJTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQDGn7dYhmn0u7DQZS -e+Fb2QICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEEeI3oDkWtJo14w7 -STucnF0EggTAM9qVjNQSvjtiSXRVhq6Ab1JVRmsr4VyVPhRTeGoj4z59g4/uFNLp -i12hGtZEH5Ql6icHY+X4vWrwt4IUhkdwzgcSLrZwYTEl5RP4C7N+iZb1PErNoe82 -iEC/gw3XpQZNWKEi8tjd8Wz6EHVn1zKS/7X/IOTlboIMlhnJgLHCqVhPLyxA78OT -2yNNQysHD6Vk3h83jkQAYy5W/pZIl5TVDLyLADt46cq3hDTS99S6jl+kwn0dijjo -mZUilPBman6TQt2vI/kNP0+Qy6DxYkBMLdhnPu40JpvcLpWAxMioqx7by7007W8H -3Aja81hqx2SN1IYVUEs8LshvL7YojhvkbTxH2ma+lnmkyxEBiwbMOiBV3OPEkWYv -HbAg1slT2UTCrClZ6CRPMtD6+fvEn2GgXmblCQf2W/3inTeARJ5p/oNjnFjoU0Yo -BIdVeqdqU09OsjUd8W4B0wKSEaSCpl/oSM2gw4fzEbaU2xlVevVyhrdDr0NS/j6w -QaDiUw0th3NViXy/BLb2l699h6TRInk4njhNNbJX+sYEFuMgwNKdj4PkPkP1t3PR -m91mpnGAhq82dMQnTLm536YXVbeJGQyX3kEXGStZNdQRfz68fAYQ56teQoZfOwDq -zKf4MT8JJfhZWy/dgCOkv72GMJM2ahThWUztbBnHiB0ODf9LdrqnPaDfpPgt4i0N -Gj+L3nuK1LOhp1Ay7Oij66yxWm5bJJ0M7RGgGQsZipEf8+N9iSA9cw1ZKOnSqyMQ -gSAjlnRK0OHyTauyOl22FeEzF7gtWKyLTgnw1zn22oaxZZLOhdcRJJz49bdl3pUm -Lv8JxfN2dbcC/XgOMoC+wFS//WnHro3qvloUEVeYA6acxfvjJizYlGEmw5xG+ZCG -Ju+tKWgA9lUpQXR9peMa958cLSCqlaWSFTSBQ6AMUw0rVZGlMxb1tVmmhRKYOhUN -Eugp0wUKrYArHzfkzqWv0JO2MHi2kbAZCJpFBrrt8ijF8t0KmWsFRl9P4QtBJ2dI -QcMBtgvWC3tr3CFZQ5UpiaP1whLFTG7GhZc7OHG2QF+Ba5fn1HgUgH35W8TQ80XS -uAkkF6GuxGOSTtsvF0nEkNALGM8E1/I+VVZ88d7sA2ws7GHyxtNYUYAdf6hE5X2t -82oIMrN058IL/Bpi/s+xe5zU5NYFXZLUfvlQW//1hDrTF8Vs4UbF882Xae+HNmvF -D9/bafdrdvJSEJ91A4hRl3M+G+qnnJza3fEnY7UKg597X1tSntNc9Grn2M/uKeGp -2df7K8VrEV6GQafbHq7PAOn6vTlwZAgljEj0LUk7ts8I0KY0hpxCo+Y2WKcmiB3P -b8BY/3j0DuJXacv2tC4RrUIC6pHcdQLJTCeCHQMC2IjCwlmnFqtTZ7RUooYmAxJd -DYNRzVw9aYUq7oAhab2x2iWqgTReqlVnKuytNAFJVu+34S8AbCcSrsoa7Xmjqkwr -qxyGb5pW9ZmSM/k0N0hLI/6BbKb7lQYm2EYJiksOhL+EAjH3Qfq6D27zh5UM97dp -7a93RbxCFAFjT+OZQr5PJ7oxRXcCSnabTXA4J6f8JRgfQIhbOfsfovCpxrqa0MSX -tKYeRyZHLqLs9Cgfv9eQhOF9gGddfJ6QKw== ------END ENCRYPTED PRIVATE KEY----- +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,ACE894CD3148E73BAF1F3F4372149CDC + +WIOLZOyncVs7TWk/9OQSqP3yMKgtLY8I/OfmaZTAkTBk16ok39WLcMHBdfsCOQKN +D2cZUDgAWMpQDsuvrqmazDfO1fJiKF0fRUspKyPTBPEMoWu7tLgS0HUteSylKEfj +TCT1U5yxcjMZ6Ytj4b6E6ur/zIV3fFrXhfpaF8+EDxbSpdaESVfyZZwmrXc2P0Yl +iUedLaVL6atXrzQ7x6MyzNxQGWFlxkETmD0QB5mTvNOiBFiBwpQ/+JnnKo1KQs+H +uwRcQYU2bw77vuovFiukRQ+50bcVRwYq8ebw+nclExZC+eW7N9gPR1k76cHZpXga +91GzwZacMbLrL4STWqFFhQoICEm5aWO0YGodHl3vlpcrkWIjjshinHPEPUVB0EQ4 +I5fY4DO+P5bOoIztlkn6mxSBSGfZpq/p3xFW7pk1IiSJzDyc5bav6+e3maPNG1iT +YMluXSdmuL1NUpgI6BnTyOEmhKTEQWmvJOW9BcCApph7htVVPcT6zLPCtR1BO+3b +qQ/c91sjN7FXfJY+qGGk/swJWwBHITsRW+iYRMqodCtMbDbwH0Zg5FxvUGMm/yOZ +F/vo39zBfXPnI3mUJ+ZuKhkX7fk3SXCt5/lzukvZCFno+4qk0X8AXveDNFPlhScI +xQ7MUCzbg+aZ+l7F/C/sLQrKr1aU00tNitvUwia3NR0Vs7atnKaQJttx8DSa0iBx +bRMq0V1v/aua3b7SUZz7hrvKex855vQPTVSQLMDpR5MmC6M5izA8dXemDdHoafHq +wtTzletA83Y4HRC9Sx0QT7zr5gG5Ng+DnM0yPAH1sUP+rArbl/DqHVxmNkGFo4uL +F80lSToqSvocPZ8jlTDVq7KmTm0B7EIeG0Qp6gzH6iRnT2PArSN4VHnyn1c4POas +ClC15kWXE3qo0RBc88DYzJAuBh5/uk0JhqpCnUKMLnBQskdwVlUUKvNtzHDalvUc +SaddsBUjsNw2dyc9wmK/ai5sFbNIUP9fLK9DAQJWf+u+T5l8TqUYQTG784opNXda +gTI0drGuYJLEK/JxxICD5ZWqpb2KHtSkePfkloKkSj4KRVpL5kvkNMEEjOYOUvjw +qyGia043F8ZIV9K0kgyk8bCgMfU78EsHcFMA8IWaGyCUJi0ocyQydtI8JPIB8Ot9 +CdCSI06wIrVC8ctkrody31jtNtHzNTuBvnd4b1LGOmuzOL2NukE0zcsjXo3+xjPc +hsKp7wsAzVRP1D6bj/gCCjo9c9qFPDw8NTJfS4jpckmIj2ilNH8phdMzV+wImveW +F8sg+tPbvaQQUHDUu7wTZDwL/we5z+FcFo0Evgvrvm2xGBVH8Z6VGZ/Gcr2iWnCl +qMxdhGH8c7vyUBsQlsutwJ8m1PhCs//hRmvrY1lMdq+UND3ncIZTFZRdlT6djb6/ +Gsr8jdCEr7XJJAUUDNqDcWKi54QpxImxiEr8OBcCyxbdCWFjLNXroFxwm1bKnuJu ++z37mzjuJGqCEfxb1mbmTQW8OU8BplBlqbWfYdlkYxVo/dez89qujwl4HGsYpEfu +PEAnLqXlPWlKRw9u8e/FQl/SWZEEdQDB4hsDT45p9h6FEkFeYO2e2WO0PTturI8x +-----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID1DCCArygAwIBAgIUAYDeF//Jvzjf1eM+TBMe+oo6hhswDQYJKoZIhvcNAQEL -BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O -ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA1MDE0MzE4WhcN -NDYwNTMxMDE0MzE4WjBpMQ8wDQYDVQQDDAZjbGllbnQxEDAOBgNVBAsMB0RyaXZl -cnMxDDAKBgNVBAoMA01EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UE -CAwITmV3IFlvcmsxCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEAuACst8jdcpVIgqz/MKn2Mzu3PpfpS/VfCLc9Obsxwzp8RVVXlbNF -3782+0nP8XqZwZQiEQz+bnJsogkMNqWivkqnZOHbXgY+aQV6ceSgvKIuryK1NeoA -eOn9X6U1TKVOgMTGzDstIvJrSUgB/mIAXMho6YsdiNj0FDUqdrQLfQyZcc5kXHJS -ZJJMh2TzGT5Ah9EdxcOjCBsIJodeHkIasb1MXJ1wylbdMtHurlVOnRe26sgIr88S -FN6hZscVgrBUgDaaVND+kwZCMcrFIHVf62JAVcSBIvjWaJnho0d/4ilZKaOsnq0K -GkTliFpySy2OQcyXPaBucZ6AINaiTNRA0QIDAQABo2QwYjAdBgNVHQ4EFgQUPQii -N1XUM2emxoJgNj8ry0yxRh4wHwYDVR0jBBgwFoAUB50IIrPuRoi8r2aSkct2HJ8a -0XIwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB -CwUAA4IBAQBIcLppLz1x+xEqvIWuopnRNqejMOxBqoHgoJs4p8EAmgi0HYZZq3NA -EnIMWE6AUIDbeI1bM64oKY17dQrNKF0okoNUNXW66vfsHLiKhnXsAxanlCeHLYIZ -cKS0/npzpFhKPd2GZM2jPXDNM2u9RAyoi+da5/NcWEoH6QEeAoll5/7dGABS2EM/ -tnKf74sjVQuYwPcWP0S4d5PIkb1t9PwCaKQ0wwZ6WM8lmtiiWOVNpgAjszBrvR5F -52xHHyoTkoXJRd/xV+xD2QPxPX12haVSeQNwAeW6vg4U0oSAECC3WIS/TfnkP1zS -cbmduwH5VCdKRaJXcKXP+YuK8XQfV3IA +MIIDojCCAoqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER +MA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNV +BAoMB01vbmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMg +VGVzdGluZyBDQTAeFw0yNjA2MDcxNDQwNDFaFw00NjA2MDMxNDQwNDFaMGkxDzAN +BgNVBAMMBmNsaWVudDEQMA4GA1UECwwHRHJpdmVyczEMMAoGA1UECgwDTURCMRYw +FAYDVQQHDA1OZXcgWW9yayBDaXR5MREwDwYDVQQIDAhOZXcgWW9yazELMAkGA1UE +BhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5HKBM6cbu21E/ +0hX591lt62wwndAIIuHCz9W/7MZSoctHxCgbQno+iBgIEZCddPLc1g3k3UMEfyTm +nFqbIBARGn+FbjWt7ignzyL84grY8JEN2cjhKcRlM5f2Itx0ZHyxChS1bwzYbqk2 +y8qJmFiyTAX+hKwmct1rz3wowp/rAJb9MX31bjCU5KB1O9wAH4iulnbHa4FQm7IR +G8rL2TlZ/E/aKR0dJfEjDiTAyiRctwnVDaSfsI4EG/TQrusEnIJ2StMTqEOdt/Ox +VlO5MSZoWnVOkOk5eB7aKHlgwNER+xwRwKVHuMmlMv8tZtTLSfxMWp+8bkzo0jIk +kXBqOXgHAgMBAAGjRTBDMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcD +AjAfBgNVHSMEGDAWgBT4Dj3pNC2ZWJ8q1sWwfkj4H03pmjANBgkqhkiG9w0BAQsF +AAOCAQEAXB/eH7x92bayPaBXr+Pcm3ZoQL22la/YByga6N42xwPNHx0mH70hbf6R +zOZw1pU3vJ0Rx4mrQkfjNE9UkrhHvyF/jdhtyaaneLrE1NiAZfdhKkU4dLb9kV6u +hf8X0Z+Lzo7NTLPJHo2uVaYoVvgOamYK1oALxlIYiZkonCHHXJyCv6l/NQHVwXGd +0QSFYslV9NkpW913T/ZcX3doQ81yLdl4HlzI3Ta+AF7pqnxBibtEGECIYW1Jl7sn +RIiMMcz0gwXMghgdqI//8pO3tvfGBx0nBaKpB+y4hHlbfBlVUVKZA4tndSE3RNE+ +MOhV6IIFKhYkejnmhLQitvpybFqw2w== -----END CERTIFICATE----- diff --git a/test/certificates/server.pem b/test/certificates/server.pem index 95fb7f32a8..6eb66f594c 100644 --- a/test/certificates/server.pem +++ b/test/certificates/server.pem @@ -1,107 +1,49 @@ ------BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC+qUpDlPLxEh16 -vAuN0M/t7i5cGBU3UQu+MfA9l59iPV6Yme9PQOMXiATEb7yp5G7AaqHqoofz7ntV -ZaPF82ZRGb2jOwplU2wsCIGKO+4ujUaZPThZgLXR7sVX6qSfRM4PYjSqm1Cv5AYC -GOHK1hesAMP5sGdf4LGIIWL9ngEAPrwARpgxVS7RtH1GX5yWUpYjhEyjpMWXkYUE -wFll00LGOqiK+U7V2yyCRU4BUSggFLhbL1n6z1eMFxHwAgJZo/boodPCPhxXFU+c -wFvQbiBlABujyY+iHkSpyytM13hUoWBfM3FLB2zSgmKMAbvaPs+CNjapW1kJGaBg -L1HfqcS3AgMBAAECggEAUTazV44+3cklnX40PbhQmbz3KmtnviRbqCyFdPb9AU+6 -163abhvpn8Bkp3ghGQ0gz/2b8uJAnvtatcmRtWQ0lR8t1DX1+6tJTIhjBYr5rgKn -q+aT9iwJRt86WHSuotkgHRVr8bAu8n1iwcnvhAMmGjJJSDaIEiMX/DCchgOj0YIq -VLJYQkrj6Dii33GeF5eQ4jr27I1RIQSvDEvSffuJpKNbWFap+/epja1MZIenioiu -Vrm6jLPtlqacpREPL8pCGTlAd0GM/nJ/8BrzrodL0P+h7FwnpfDENTWnE9oVSMdL -1t4c1psf3X+hYyMOs9/jtVzoXzeVraGHvwyopv5k4QKBgQD0Dl1PsISWg8mp6CVW -aeIG3cO8oUh5oxwmLQRS16//GMIJCo5o8+6W+3qI6ZGOwwo/THm/GKyuYUN8UKrx -+iNhDJbab3YM24lXDA5QFqO8Dv2JhyXfAb5DQk1ZsdIjbfA6G9T65Foa6dl0IXmi -ByfGXa+tRPNThUvV6XRUEelA5QKBgQDH/fkoU+NIRgaaEiVQneFZz6OlnnmEM+/+ -/Ctm09nCFJLZt8nFisD+F9dVKSv0m1xWgkrG4Pm9bbHq1iBn/09qNp2Jn6W5bYoB -RYI3EdXjb0B/vAm8295afEXXGA6szOZLlcY8sc0QPkdxMmeoV4XkFTlFBE0gNTPm -Q1YCk1PBawKBgDHsVk4cz6JyZugooqqgkinRZ17IpyiqovF0N/QyRsAp8lcjH6p8 -a4va+V/UV4AaiZgVLrpWc8xf/QwK/EzvXBlYF+uq7T0IE3oI70yWtPudHWPqj2ak -1qSvhV8ZruCsdn2Mf+6qk3v55g+JYXYxfINpWqxY9GVbWP3y+WbRGyO5AoGAO7nJ -UxXaZpcjGZgZtL2xsxSjlq6BM84e+lNs0sSp36AtSv/sLiaGBFwyXqhxDBfpt5wp -oMNHUh8UZ0GTY/uHR/0Phy46W+ousLqFbNTSv51V8c/CSLiQ6wz5/oacu1Zl4GTW -UwH2b8dpppCbDFc3ESqVc9sY/WlmGno5kYNWHAkCgYEAhd7xgqJUpM7Klbsl3BR/ -6iEZ30Exf1wlC+nWJSK4iHFH9l9BGHjImENxpKa62Akm0VvE9n1KgKxK1IESziiE -9kAXspYyBT/clOo4v0w5rPIiQ3itm5+ew9gaFiJ+Yfi8MYTIwznsqXvyekqLSrFo -w9efOvZV+XaA79X+bEEd2BA= ------END PRIVATE KEY----- -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 1 (0x1) - Signature Algorithm: sha256WithRSAEncryption - Issuer: C=US, ST=New York, L=New York City, O=MongoDB, OU=Drivers, CN=Drivers Testing CA - Validity - Not Before: Jun 5 01:43:18 2026 GMT - Not After : May 31 01:43:18 2046 GMT - Subject: C=US, ST=New York, O=MongoDB, OU=Drivers, CN=localhost - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) - Modulus: - 00:be:a9:4a:43:94:f2:f1:12:1d:7a:bc:0b:8d:d0: - cf:ed:ee:2e:5c:18:15:37:51:0b:be:31:f0:3d:97: - 9f:62:3d:5e:98:99:ef:4f:40:e3:17:88:04:c4:6f: - bc:a9:e4:6e:c0:6a:a1:ea:a2:87:f3:ee:7b:55:65: - a3:c5:f3:66:51:19:bd:a3:3b:0a:65:53:6c:2c:08: - 81:8a:3b:ee:2e:8d:46:99:3d:38:59:80:b5:d1:ee: - c5:57:ea:a4:9f:44:ce:0f:62:34:aa:9b:50:af:e4: - 06:02:18:e1:ca:d6:17:ac:00:c3:f9:b0:67:5f:e0: - b1:88:21:62:fd:9e:01:00:3e:bc:00:46:98:31:55: - 2e:d1:b4:7d:46:5f:9c:96:52:96:23:84:4c:a3:a4: - c5:97:91:85:04:c0:59:65:d3:42:c6:3a:a8:8a:f9: - 4e:d5:db:2c:82:45:4e:01:51:28:20:14:b8:5b:2f: - 59:fa:cf:57:8c:17:11:f0:02:02:59:a3:f6:e8:a1: - d3:c2:3e:1c:57:15:4f:9c:c0:5b:d0:6e:20:65:00: - 1b:a3:c9:8f:a2:1e:44:a9:cb:2b:4c:d7:78:54:a1: - 60:5f:33:71:4b:07:6c:d2:82:62:8c:01:bb:da:3e: - cf:82:36:36:a9:5b:59:09:19:a0:60:2f:51:df:a9: - c4:b7 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Subject Key Identifier: - 90:97:88:F8:24:23:75:CF:5A:A6:3A:DF:44:A3:5A:DD:84:57:B2:F9 - X509v3 Authority Key Identifier: - 07:9D:08:22:B3:EE:46:88:BC:AF:66:92:91:CB:76:1C:9F:1A:D1:72 - X509v3 Subject Alternative Name: - DNS:localhost, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1 - Signature Algorithm: sha256WithRSAEncryption - Signature Value: - 0e:70:c7:0a:1a:ff:56:d8:e4:07:d0:e1:89:e8:0e:54:75:e5: - 66:73:28:88:5f:18:26:4f:32:af:8a:a4:74:2d:b1:70:38:68: - 0d:53:42:b9:82:be:77:f7:2c:31:c6:9b:42:68:f9:c8:d0:dc: - 3f:0e:48:89:b1:87:1d:14:f9:f8:ef:8f:63:3c:75:f3:79:dc: - a3:7c:de:8e:4f:29:2b:4c:17:99:da:69:43:9e:c0:03:28:f5: - d1:97:0f:14:58:de:80:15:58:7b:97:53:74:78:91:07:80:28: - 76:88:f6:f3:2a:49:23:95:2e:7e:bd:32:e3:1e:c0:a2:62:7f: - 3a:a7:f5:96:a8:91:90:c4:ed:31:66:80:01:0e:32:95:20:5b: - 6f:de:69:86:ea:48:ba:1b:bb:21:e9:49:07:31:8e:ba:2a:b7: - 3f:61:d1:a2:2b:fb:0c:16:17:9c:b3:c1:d6:ca:b4:af:74:3e: - 48:ca:c0:81:94:4e:ab:b9:65:b6:71:24:66:8b:ff:02:28:7b: - f7:d7:c9:63:3d:22:8c:54:dc:79:ce:e5:82:b0:64:68:3e:8a: - 84:96:80:73:2c:e8:e3:2c:19:34:3a:dc:cf:1f:ff:e1:b6:4c: - f9:b3:d2:2a:cb:ae:8d:76:aa:b9:cd:b5:80:75:6a:d2:b8:74: - ba:96:ad:e3 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEA0hBNfElPk0JZEnSzJHx4bsEgju56r2GmyParCLUR3BvKyqpX +rRLx3TacFDDff92ldI8jZL/Akh1/VZVJe7gTEGmirUGhjAe3efITE5ORERxA8926 +NaUxpzta/IZUNIDwDQQYS/ecYohC4j4qAhWJePKZxeV/HMhNxdp3/9TcnpTBglca +ttVYwXvZc3Y5nwiScmTuisqw6ngpRRRnt+AVcpr3cffCAs8NKwOgf7ed//p6zkP2 +5uoaWuwNS8Gyid5P0HaNxiRjb9mq7D9dL3DxhR4oeCmyX06/rjDp5KsRcSkQvg5L +iSahW9kEA6zYNd2P2ExbZOwVsCokibWSjF8nvwIDAQABAoIBAA861ltV91p+W3Xe +lyRkj9i70M/8E1IG2vBEDgduFVLngu7ppbyrHHUE4hEGsBWVrMrEG/VQf7Y4RESg +s7iwElXEyuIT2ZIM9yz0s5ReRQzAByeHIlqEVRLCV2jqlk1OMdlHvDk5xRFRvsOn +bSVEiXiG4kY6Stp73UOkgMHAHZSzo6fP6yK41k7jwzgXe9pq2fQw6M42QytT0em1 +1i+MJmkbjn30OqbMvY9Tlsj5QEeenzMaRa3VUB7F2nKXSIyKfw67JWr74gKfCpl9 +UmyQjq8CylUKoFXzVcyh1KkdLZQwxCotjhNB5/omYE+OaelBl4nena+JkQlNLBbq +7QxC7IUCgYEA7NR/h8oQX1HF9TAMoGeiFyOxvZjidz6GMZjq/D2uv7z/W1yslKs6 +jxqbHNcQAQlTGi2hKY498HE/CRzWu04nxEg3NZb87Z/pPmzbk71y06mIT1X2eYRP +xI80OkwIHcMGQzpmL+dx4A8WWiSSnrq+2XT0rUp5Hi/XPR+4F/IX31sCgYEA4xEp +Y9rpEiCIjDVCN4O1A/Bk9f8Fz4Aycjc70x4LMQ8FCwRPbYJIsazjWXgb5QFF5TxD +ZX3LcTcgYjPxZYfJNVexUJSW9eEflPVHSkzKg+zojxZ0/IkDCQX0LzVnB4qO3MPC +YvnS98RnXrBTETmhpXj3URojoL0BgCcL1tTKim0CgYALW5mOIpOsbpiGzLoeSzoL +0AtrI1ThER+Qa1wBotepnF/GuugP7TJOwKDlvi6nThItNDkBbC/uQxAZ2Mc3jmT7 +1dbH/Ci/IKcn9kKFkFVcb0n5PA8o/r5wl8mSbikJfFvlh3x1Ga1taGvTAOQDNsOG +XESLtwGd//9bkBTdGSAp9wKBgQCubluWau+KzlU3KB6zGMlwujZEx2EGUxvto8Kg +Xr8IM9qS6P+/R0tiukZ4T41WMdEo1U+M4sLrOQb2iaKSdWo7QR9koJELV6J0Qqw+ +Rpl4GQFaEk1SRkp/nwRDU8nPAEDZFMT6VaIcVdN26QsW+2fS/wc2VVczPp6tfNFa +emMRTQKBgBRiKSQtnWq8hMkGiXl1g/0uoRgITZie+JbvKQdwEHQ1urGjwEQhVLRK +hHFq3hWwgg7L5IDdyJq2pM7XiXl+YW+skPW09+zNzuwDJP0pqfpqo4BtGcGAB4r7 +KSCywCfo61cqwv9rf5RLvfTjOS/fyiwdlKgGQdrFetzVQobAClbf +-----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIIDvDCCAqSgAwIBAgIBATANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER +MIIDtTCCAp2gAwIBAgIBATANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER MA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNV BAoMB01vbmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMg -VGVzdGluZyBDQTAeFw0yNjA2MDUwMTQzMThaFw00NjA1MzEwMTQzMThaMFgxCzAJ -BgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazEQMA4GA1UECgwHTW9uZ29EQjEQ -MA4GA1UECwwHRHJpdmVyczESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG -9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvqlKQ5Ty8RIderwLjdDP7e4uXBgVN1ELvjHw -PZefYj1emJnvT0DjF4gExG+8qeRuwGqh6qKH8+57VWWjxfNmURm9ozsKZVNsLAiB -ijvuLo1GmT04WYC10e7FV+qkn0TOD2I0qptQr+QGAhjhytYXrADD+bBnX+CxiCFi -/Z4BAD68AEaYMVUu0bR9Rl+cllKWI4RMo6TFl5GFBMBZZdNCxjqoivlO1dssgkVO -AVEoIBS4Wy9Z+s9XjBcR8AICWaP26KHTwj4cVxVPnMBb0G4gZQAbo8mPoh5Eqcsr -TNd4VKFgXzNxSwds0oJijAG72j7PgjY2qVtZCRmgYC9R36nEtwIDAQABo3AwbjAd -BgNVHQ4EFgQUkJeI+CQjdc9apjrfRKNa3YRXsvkwHwYDVR0jBBgwFoAUB50IIrPu -Roi8r2aSkct2HJ8a0XIwLAYDVR0RBCUwI4IJbG9jYWxob3N0hwR/AAABhxAAAAAA -AAAAAAAAAAAAAAABMA0GCSqGSIb3DQEBCwUAA4IBAQAOcMcKGv9W2OQH0OGJ6A5U -deVmcyiIXxgmTzKviqR0LbFwOGgNU0K5gr539ywxxptCaPnI0Nw/DkiJsYcdFPn4 -749jPHXzedyjfN6OTykrTBeZ2mlDnsADKPXRlw8UWN6AFVh7l1N0eJEHgCh2iPbz -KkkjlS5+vTLjHsCiYn86p/WWqJGQxO0xZoABDjKVIFtv3mmG6ki6G7sh6UkHMY66 -Krc/YdGiK/sMFhecs8HWyrSvdD5IysCBlE6ruWW2cSRmi/8CKHv318ljPSKMVNx5 -zuWCsGRoPoqEloBzLOjjLBk0OtzPH//htkz5s9Iqy66Ndqq5zbWAdWrSuHS6lq3j +VGVzdGluZyBDQTAeFw0yNjA2MDcxNDQwNDFaFw00NjA2MDMxNDQwNDFaMHAxCzAJ +BgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazEWMBQGA1UEBwwNTmV3IFlvcmsg +Q2l0eTEQMA4GA1UECgwHTW9uZ29EQjEQMA4GA1UECwwHRHJpdmVyczESMBAGA1UE +AwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0hBN +fElPk0JZEnSzJHx4bsEgju56r2GmyParCLUR3BvKyqpXrRLx3TacFDDff92ldI8j +ZL/Akh1/VZVJe7gTEGmirUGhjAe3efITE5ORERxA8926NaUxpzta/IZUNIDwDQQY +S/ecYohC4j4qAhWJePKZxeV/HMhNxdp3/9TcnpTBglcattVYwXvZc3Y5nwiScmTu +isqw6ngpRRRnt+AVcpr3cffCAs8NKwOgf7ed//p6zkP25uoaWuwNS8Gyid5P0HaN +xiRjb9mq7D9dL3DxhR4oeCmyX06/rjDp5KsRcSkQvg5LiSahW9kEA6zYNd2P2Exb +ZOwVsCokibWSjF8nvwIDAQABo1EwTzAsBgNVHREEJTAjgglsb2NhbGhvc3SHBH8A +AAGHEAAAAAAAAAAAAAAAAAAAAAEwHwYDVR0jBBgwFoAU+A496TQtmVifKtbFsH5I ++B9N6ZowDQYJKoZIhvcNAQELBQADggEBABHkqK0cIV7/Q7PCk/i10vVoMruirXQf +5Xw/7XViDugKsfcH9Oavl4Kdi+C0Sigvgjrp8JY13kRsbphwOH6w3Be5HCFK+Wmi +tbktvoB0yMHa7WO0y4bJtOL7ofWwKgjye57NeFM/fmosOPn6mqzm+MYg4V+qEim2 +dQ0iTztt0C/EibQZgO/aqylDYu8fWBMa84To0Pk8jD2fpNF8Ji11564mie3DUtcU +fZCNsZhWOoUNnfrhpmyixabA1f+WHwhPsqikRlo4Rpa/nrJVujlk3PO+7zgH1UCA +WKX9A3R8KlhbPDd94zZf5+gpm39vxo82Lfvc6HunRtcBjE7HdF0tCcg= -----END CERTIFICATE----- diff --git a/test/certificates/trusted-ca.pem b/test/certificates/trusted-ca.pem index 39165b7152..27d32a5db4 100644 --- a/test/certificates/trusted-ca.pem +++ b/test/certificates/trusted-ca.pem @@ -1,23 +1,21 @@ -----BEGIN CERTIFICATE----- -MIIDyDCCArCgAwIBAgIUXOZb4M9mVy82gQz6t1aJHVdG+/owDQYJKoZIhvcNAQEL -BQAwfDELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O -ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMQ8wDQYDVQQLDAZLZXJuZWwx -HzAdBgNVBAMMFlRydXN0ZWQgS2VybmVsIFRlc3QgQ0EwHhcNMjYwNjA1MDE0MzE4 -WhcNNDYwNTMxMDE0MzE4WjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlv -cmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxDzAN -BgNVBAsMBktlcm5lbDEfMB0GA1UEAwwWVHJ1c3RlZCBLZXJuZWwgVGVzdCBDQTCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANkffnDicTbF3B8yzIxz7DP8 -rvy9yVOOGoLyiXITiHmTMNIhfYUdxGqO4RRReztQvW7s6yOQdvqNE8LD7WrzsXOz -JOovPuQZMr6mnSu0bU98Eyar9SfRTbGVmkZiCJTT8jV9wP9nxgFag+1Y6DPUwbOp -zyt9/961woScVbJJwVAdJUv/cp7l7dT16rCS4yuDf+m6xI9Svev7iPcqcyIRDLD5 -EXS1RI8ZLmA3ueIqPQbnRiPzjVRgq56czkZ/g2USJlFlgYoeLAV7JnjYi6Rs/umw -0YqfNl6rD4BznrF4CGuvliWaZu/3pAv/ejmGJNMUbgi3gVAG9nZKzIdiFTtR3xEC -AwEAAaNCMEAwHQYDVR0OBBYEFH69MHf4jQo9TLkJRhgOFoQpFblIMA8GA1UdEwEB -/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4IBAQDFN3c7 -24yHj5lEvZX0H2IH25+5KhFouhkEgQk8OjcB8lpyJEB1scWX0v6RNNr4pmHNs/SF -FOqnVl+JMbcF+HuDM8pVVYeaDe/ZS/pAp6U9HwSNSYltEPThnVfQWKKPeI+8W0YY -WANQPhA8TAYft7lWxaUNlpI1RPEy/YTuMzxZC2H5CPnnIll+zTgt78Bi5halR0YO -EovTitdUom2y0UNPPczCRWoFjHE8MM+xeNhV2ybd8qT5L0sO9FDdh7UoYS1LmL0k -+naes5qWFXhvYXelWwr60H/MI53p+UMGfW95e4IyU4WPXh5Z2jG3hc6tg5kt1ThS -tLX9wRS/xICXNu2l +MIIDhDCCAmygAwIBAgICAMgwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMx +ETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1OZXcgWW9yayBDaXR5MRAwDgYD +VQQKDAdNb25nb0RCMQ8wDQYDVQQLDAZLZXJuZWwxHzAdBgNVBAMMFlRydXN0ZWQg +S2VybmVsIFRlc3QgQ0EwHhcNMjYwNjA3MTQ0MDQxWhcNNDYwNjAzMTQ0MDQxWjB8 +MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZ +b3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxDzANBgNVBAsMBktlcm5lbDEfMB0G +A1UEAwwWVHJ1c3RlZCBLZXJuZWwgVGVzdCBDQTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAKiEqyUOFwSIyN1n65k1/gZmo1aUPnTsCYrwrjP2Z6EazrQP +tKtneZmhqPxEDYtHHtO8KmDt5IXf3bxTQowKVTDuBG7FiwhYN8PmtLRZiWuoq7Ng +uDLFml+psm5zn1exD2/XWpPjaMz/+PepLyUyyovz6G0cUefBBXwMO+YvoBfHIOco +TCF/SSIU4BLCGfzp1E5URwx43etGvqE/4UCGI+TR/tKOsuIPX4gKqX3tWGs5qZAg +NkohTDoRA3lQHDmlopcK+05K9hEvtfDzOavFt5doHEaQlPseUSLjxQpIgK+iaTFt +or62TLF26fMxzQt1h/pRJrLm5rOmA9BxGlI7BAECAwEAAaMQMA4wDAYDVR0TBAUw +AwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAA0dyoOr6z59yoIOvrV2D9EMQcgJJEK6+ +kwsINMPWrJYFATZXwbvg/VJeGMNlw/h6wkDf6pxeRA7E6lELmz3ins3xBsMm8H5D +u8APws9dhy5WjBjBCwSJ6uJpOkQfoREz0ZD+H5ZASmMyFsbI68j8DmW/2+Sfneea ++SVKZNJddaCLajF3kU46iHWLUXHA0zfEeoGPDkSXce+056wth0CQlymVWXrr5KJl +7ZTi31PIhhIRaooclQD5evFgopPf5SEjY2bzJ+LUa3V+9781R4QkQ2YCBJYTInRt +Ol55BOwpQjDajgUnfxyO/oMPbcoQ60zwuwK2hzfwO2b6atfqV044eg== -----END CERTIFICATE----- diff --git a/test/certificates/wrong-host.pem b/test/certificates/wrong-host.pem index c67bc1bfc3..6da8cb6e26 100644 --- a/test/certificates/wrong-host.pem +++ b/test/certificates/wrong-host.pem @@ -1,51 +1,49 @@ ------BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCHx0jJhZSsT6J7 -qZZ3+15MvBddhi9Dn+U5koIMPE7tLOLlydbHhKQULtu2FUG4NaL9wrmfhIDmSySc -Tpc/1SScVmoDzrASj7Yw/fivj0ApfBvQUIzttW+C9zd1nLFyuuYZtNCdcE/MQu/f -Ls16ry/vBs5XgHyICxeShFy/eThVx8xczrSw93NHzdLh3g5G38soJl0kO4z6GLIj -hmEgenn54GWOakzKrSM2pIuw3gFM7d3skr+NiBw4UZpB2sUfJFuwMUaEc7bgG8t7 -dRT3aMoWkTraTr38IU0g0B/kCcjoAvV/lbXqpW0JrzWN+ZPkULQoUZGfj23cemu8 -ia0EBJLBAgMBAAECggEAECJOlF+ypG0MDiy/K/+rG2woTJ0yxZLc7qPpnyGVcVpp -lcuPoYKx6pIM2oyZFBYPiZ7XZsyccoEQVyCBmXyuzoL4Mv6e7n20NQsgv1/CzIsq -VO0VafOqzgGpTejyLwNlbz2MooCjgs6baUZK9V6W0AzbfQtQAOxsfyUKTlhNqOea -IZsNgjXPChrIsjhwcwF+nlHuDiuFa1nGNJNCGJN+mAaANDnmNb7/d62B4PEon6sj -oL8InNKdoBdwIqbPsQY6QWpqz7lGcH1On4M3JRQrprjWeWy6A3zu1kFFcJ2TrHb0 -TWwKW4ot9R25QSws+lwCysKEPD31hkkfA1gzukH9zwKBgQC9DZvhG/QgGmYkG4OD -lFTCZ6tY7xSZO5rnJiw/l+4dn/h9WtmjCu9TXtNifivt0bjQsHbWL25ifjvQf0i3 -XisMi0I2mILNUA5tDxIb2jgmh9JjXEQ9yBbsNVflcFMCwAhdMkp9IjdgGBsg3BV3 -Wt7FsiXPpJQgKsqn/aWhHtCgtwKBgQC33B6wGm9SU1R9xvUW63s31Rcm2knDC/Ng -5XiMrC4KviqAJnpo97OD+3w7Lmu94pnp0VTirr9Tb2UnKpEOZnXOo2Qukj5jnLd7 -4jnTvnSc9CBzx4GJYmCHTzx5kn/IvD/M+AajnkCafGVfTdPNKdVvBQ+A3dVLFsy7 -h0uP0RgARwKBgEdIhVkY2DDuo0rEEQ+g82CmBEaxRxwMDHlRvGdyGveSpPhnNB60 -9c6Ct8OwfVHbvQr7LqPOGJoMrPMNu1ZgrGy7aYj6cn+Fyxq2DwbvfjKRDfQnCxgc -hQAlkPHTK4mi7MRvPQT3zNdv33LBaVqqqcrzRCyKCswiNm2nRzd8Tf/7AoGAXj41 -eL1EHKXcJFCsZqAz282dfWvc7V6d1Sgqn6jOPPF3JZMToeR+HwP0jP1hesbBcCm9 -4igCqEjsR6Q5EHGSp2X3Pyv1UOgO4TB3xcLVUXKNg+taycokgpcp/4MJfyKHbZAh -DxNaOBXVfIGPNJXh8nNcnAiZgVDhhqp2H/Tk4ZcCgYEAn2yQ4lOLKEpxiTLhGmDl -IuowW57i0r3QlkwfhvzhEjN3u51RUIDL2+OypMZng7FkGJEnmsjrrTemswgMnca1 -cPBhdofRIZkKcsAvTzntkwWOpqIiwFJLUS2cpS2MrkACDGuB7OzAPPRn2ybQZ5XO -GCRE+vraCgRvuakD01NnIgs= ------END PRIVATE KEY----- +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAmZdTypo3siRWms5U4cnrQFI5r9sVyndKw8pzMYCy5lhKxadg +vAwQF/6QAnjRvgifjxJOTTXPKSN9aAbpPkn6OEibtffcHtKALmvPNs65b1fE7meL +1MS1PPSi/ymrGdAJQab5wTZ08Fc9BQ2+hFXWBPU1XvJfYqjjKgnezhm3alv0CDxy +e9geIkEwxb4IBxLF4OI07X/6YmORwRZOn98NqqcKXFLhS3B+elJABrSU/td04B6e +RAs1ostFBDm3MDBrS7rs1BFuSKF/g7AWD7yxAffO/MOmHSDiNlcnPnMbSihbRBmz +kGYT77l2NnMPHimCcCueUt44ijDAQVlIKMgJMwIDAQABAoIBAEodA4nYMNf9QO0i +c0MgtCwtgTiidzljpugjYMKaX7lXEX2e7sbO61UouUT4F/2jG5tmMfJ/7J7lSTZR +X2t3Nw7BuqFsIQOef8vmqe7AgiqAJ78CqC7bXLk1MxH9gVrLUCwl7o6VQIhZEFDH ++Q7SfJuX11Ehk3WAGV3HtYOuVRs01IGy0Aj19+wv+dQuoxF/2DjwHbJzZjqVooqA +8jDZI3HfVZmtiOpOmi6InEIP1ANzKtzT01s7SwP8S58Ba7OX+BHRe0OkN2atK+P5 +PM9iT5mSpHbGfNPnjy1HvGd/Ndu0SryCmiD9BkelSL96JcTBkU7r3XzzIaoKHSwX +mBNmCcECgYEAyRXRN3lqAV7pvxsmjTCIalXyHOEmOHxzlWxL4i01lEN/tZte+qJu +FEN8fdBoTp7/BYgtbB+uDrkxwVB/L8wxugANeDMXvTvAFOB3DZJn9olEFoIsljmM +jkmZ9KJeVixnZMOg/38UBWu7Vq/XKgRWpcgEsCeCOIjq3mZgk+n3NQcCgYEAw4kf +gsyAG9bFS2x7ccU5x/I6lH98l+J5TViVWK5oztzuaRSZNvcM3q10VekBTByQwhup +DPoV/nFYG+2mG3VSNFt3d/R015/Z0ZkksR89jV3O3xCeBu6/XnEN8OIwHtnugKFk +P/yrLHZMnDeDLbTudzy8jqPwcX0x4KOxHAhui3UCgYEAiTQuvehFMUw+t5vh8SJ1 +YgDko1nox0/7WbA8EsaAMXrg79xksSUVcRQfJIWINmT8YxzoyUbQb9FjJqEzNzzf +jScuCZ7rCr5zMIt8EDGeaDR+1dDadWItCoUj3CzRq4C+x51IBC0ETzKT7/EpIc02 +BgX1VPCQRNz/TOKT8TkJ6Q8CgYBpFECF1wYlb8Z44OR54GZLyCWo9dXr/X34jdk8 +XgXe3SWV/MbVnfAhno89N8lFsLguSBUR7zdwlFKoN48jhGnXzyuloA5GbhXtKGJq +eQJn/PiWMWTrDtRymUjHoZYAjlc4cwLfzBXk//HtpXtuTaQ1GcOu1/T32DK8qNsd +2H4nnQKBgQDI+5gky0GJX/USYR8aHqvJDuKOUsRvmhtfoH3Yx1BLj+3UX6m8dKnz +3mbfUreuJe96kw2tboNvkLVk2yyRq+xUveCFsBycF7URK4db28uj+cwY7j0CSRMA +fPBqnukm4HzsUTXlUmMFTt5OvjYalZkVfvhUMk6b/Upy9/Dekqg3oQ== +-----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID5zCCAs+gAwIBAgIUAYDeF//Jvzjf1eM+TBMe+oo6hhwwDQYJKoZIhvcNAQEL -BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O -ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA1MDE0MzE4WhcN -NDYwNTMxMDE0MzE4WjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx -FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV -BAsMB0RyaXZlcnMxHjAcBgNVBAMMFXdyb25naG9zdC5leGFtcGxlLmNvbTCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIfHSMmFlKxPonuplnf7Xky8F12G -L0Of5TmSggw8Tu0s4uXJ1seEpBQu27YVQbg1ov3CuZ+EgOZLJJxOlz/VJJxWagPO -sBKPtjD9+K+PQCl8G9BQjO21b4L3N3WcsXK65hm00J1wT8xC798uzXqvL+8GzleA -fIgLF5KEXL95OFXHzFzOtLD3c0fN0uHeDkbfyygmXSQ7jPoYsiOGYSB6efngZY5q -TMqtIzaki7DeAUzt3eySv42IHDhRmkHaxR8kW7AxRoRztuAby3t1FPdoyhaROtpO -vfwhTSDQH+QJyOgC9X+VteqlbQmvNY35k+RQtChRkZ+Pbdx6a7yJrQQEksECAwEA -AaNkMGIwHQYDVR0OBBYEFCXWhDoXLKT10klVaEv5Rf524HXSMB8GA1UdIwQYMBaA -FAedCCKz7kaIvK9mkpHLdhyfGtFyMCAGA1UdEQQZMBeCFXdyb25naG9zdC5leGFt -cGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAtluArK33MrFPHbNBy6D01AcOk1sy -p2S++XGdPTyNwDGSBlK1FV29WPDt3WzxJ01XB93KZ3jyW6DwuSEpi9sggkHiypU4 -gQZtF65eZACoJWsdxuLCVVOAUHxij6MoEl4O1KCSXEYIUUpTb6aoA6+xJmnS4MfA -2Y5Q1DlbPTm0i72PwCHzhoDYlYPR7yisWCzNtGlXLbAZ8JRlXN0YLS7pw8F4FISG -Cu/kE4LgqSt8cCKRT4jp2NLqKamfxTr/7eFkT0tkZP1GLtWKPpNKgydKbQUhO1NN -IJFrV1sJTzVx9f3+ITp8s6ZGzFWdmMW6+6e5Wt1Bo4TqrYeJfJJUlPVZzA== +MIIDtTCCAp2gAwIBAgIBAzANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER +MA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNV +BAoMB01vbmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMg +VGVzdGluZyBDQTAeFw0yNjA2MDcxNDQwNDFaFw00NjA2MDMxNDQwNDFaMHwxCzAJ +BgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazEWMBQGA1UEBwwNTmV3IFlvcmsg +Q2l0eTEQMA4GA1UECgwHTW9uZ29EQjEQMA4GA1UECwwHRHJpdmVyczEeMBwGA1UE +AwwVd3Jvbmdob3N0LmV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAmZdTypo3siRWms5U4cnrQFI5r9sVyndKw8pzMYCy5lhKxadgvAwQ +F/6QAnjRvgifjxJOTTXPKSN9aAbpPkn6OEibtffcHtKALmvPNs65b1fE7meL1MS1 +PPSi/ymrGdAJQab5wTZ08Fc9BQ2+hFXWBPU1XvJfYqjjKgnezhm3alv0CDxye9ge +IkEwxb4IBxLF4OI07X/6YmORwRZOn98NqqcKXFLhS3B+elJABrSU/td04B6eRAs1 +ostFBDm3MDBrS7rs1BFuSKF/g7AWD7yxAffO/MOmHSDiNlcnPnMbSihbRBmzkGYT +77l2NnMPHimCcCueUt44ijDAQVlIKMgJMwIDAQABo0UwQzAgBgNVHREEGTAXghV3 +cm9uZ2hvc3QuZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAU+A496TQtmVifKtbFsH5I ++B9N6ZowDQYJKoZIhvcNAQELBQADggEBAKyB6OAeBsZ+4h2KUfSHAi6r6eLNquu4 +qUx2fF7CeTQjTNbcV8WyL9LsXt2afTGbyiBVUWJivD735egaumA9pyk8OdcIi9rN +M+RyLroH9o3p2dwbjOQOMUoNVnxySZuzEEOdRj0vrTZciOvokSzRmNyp94YXZZbT +/xEAWI629PsChzBFWbBJ5ZgOgD4Yh7jw0AVuskM7gSUf5CqJUpetDDXR8nRxIXKx +HZ5ug+ph+93mBwIO+XPhk4hdVRNvEGmnqq0gBk2PYp+WacRWZkGmqVHvSAtxYCUp +moylFFxGxn0Jhm5iosJASJArcxg0a8bt9/d83IVl7n15/QUa0F2myrs= -----END CERTIFICATE----- From 6709f4a5fc272fd0f69ec727b5024097af9a02fc Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Mon, 8 Jun 2026 11:46:59 -0500 Subject: [PATCH 12/12] PYTHON-5040 Add OCSPNoCheck to leaf certs and fix CA basicConstraints critical flag Two fixes: 1. Add the id-pkix-ocsp-nocheck extension to server and client certs. This tells macOS SecTrust to skip OCSP revocation checking for these certs, suppressing CSSMERR_TP_CERT_SUSPENDED during MongoDB replica-set inter-node TLS without removing the AKI that Python 3.13 requires. 2. Restore critical=True on the CA basicConstraints extension. Python 3.13 on Windows rejects CA certs where basicConstraints is not marked critical (ssl.SSLCertVerificationError: Basic Constraints of CA cert not marked critical). --- test/certificates/ca.pem | 28 ++++---- test/certificates/client.pem | 82 +++++++++++------------ test/certificates/crl.pem | 14 ++-- test/certificates/expired.pem | 78 +++++++++++----------- test/certificates/gen-certs.py | 13 ++-- test/certificates/password_protected.pem | 84 ++++++++++++------------ test/certificates/server.pem | 83 +++++++++++------------ test/certificates/trusted-ca.pem | 28 ++++---- test/certificates/wrong-host.pem | 78 +++++++++++----------- 9 files changed, 246 insertions(+), 242 deletions(-) diff --git a/test/certificates/ca.pem b/test/certificates/ca.pem index 9d7397cd62..076c0bc330 100644 --- a/test/certificates/ca.pem +++ b/test/certificates/ca.pem @@ -1,21 +1,21 @@ -----BEGIN CERTIFICATE----- -MIIDfTCCAmWgAwIBAgIBZDANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER +MIIDgDCCAmigAwIBAgIBZDANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER MA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNV BAoMB01vbmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMg -VGVzdGluZyBDQTAeFw0yNjA2MDcxNDQwNDFaFw00NjA2MDMxNDQwNDFaMHkxCzAJ +VGVzdGluZyBDQTAeFw0yNjA2MDcxNjQ2MzRaFw00NjA2MDMxNjQ2MzRaMHkxCzAJ BgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazEWMBQGA1UEBwwNTmV3IFlvcmsg Q2l0eTEQMA4GA1UECgwHTW9uZ29EQjEQMA4GA1UECwwHRHJpdmVyczEbMBkGA1UE AwwSRHJpdmVycyBUZXN0aW5nIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB -CgKCAQEAxTjF0WGvlWXVtzfL+sMHX6gAoS7G1Z0gL1p4iFH59YbGBbVRTgcOf3U3 -yclcyP5bxavT8uFYPwlKNrygUPEZZbc+kPWYuH75FA7KXTJSZxX/YPPV2RxoWljH -eoVapM1Fp6gVJ3MA7nPDGQw8KaRFWHW/7qO52hsHxPW+Of8cZwt473cqZTLpLqJY -jHkJOYDk9RmzAyCLTb1Jebg27MThpuBvwBRBmKXihsysLOu49v3Guk13sCPXhKhP -dGj4f6wJ4NMqraVhGrqcb4vBH/rwf4hzHWox/lEyBEZi2XOIg8pCd2AKrvlh23Pv -ar1MMTvImYNOGpsg1WXrUVGcT8WZ2QIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0G -CSqGSIb3DQEBCwUAA4IBAQByXF3qV07B5LF+YJhKzd/jc1si+rV45IZGHAYvwNx2 -Ftn7EKYGW/d4aGyHg2rTU0A0bch3EIXqE6zQH7YEs/HLDdfubRk6hIiddVGPJozK -Pw7tj5zReTFBe201X62+q8OypVbGZz2wXIGvh5H30c40s0k2AMpUi+DR5Dus+T+b -0if/Pwxsx8HCP1GMLQH6CpxD5gXCMVBGCg+dxZm1pnkZE3ZXHHWProyxJWdNmNK8 -GNWrl0PVSe7STBCmapoDJdgVXpqEz4+qJSPTXgL1HVX6o/wh+EDQRwCak269ia3x -GljNKUeJsvqh2iL3jz1l/vRYvkN5uq66YXEwacqP8NIM +CgKCAQEAtivC7IhVZ8tIMg+A0PPooBvh46mHE1wv4UOxbGQ8pTYl0IKQPiDQoKB4 +ZAXPRsImlWP0eXE+Fm5M/Xy5/kcQ378KjEVD+bDW8uO7WIo0pBr9ikZrXb7NzY6G +zJ86+xxKK2gsRDlz9oR4KhKkEtn/refCBbyyBknVkut4aIkEVhRgUkcz0TpaBb49 +UZtk03muOINZHEmxQG+0EHm2MSebuBDRIMWmpJm0UGgAacx7IkV5B1TKPmTh4xk5 +go4O4y0JnF5JN3mvwShUX0tPG4XXSb/52PcZRV7wrMLQpf8ANfd2ADuClAYLncJR +PHIJ5PoBFa9KTrUc6KwoLutGeNDP0wIDAQABoxMwETAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQBdOjwb+/O7c8C8r7ZIpe8ycaElrTlX6z0qWLgx +PSuz9twGfxHFcw28r61dMSsojFxVFoUpVxrcbCnFIk7oyiGNTX8MlShVtWswDlmp +Ch6PcB6UxqYhimCCLJG1m1Lcu8oKvj3Ujx8Yjc69S1sphpb3aMn8mBxYd05VMPcH +WLY2i+BByRA+t1+sEROo5I1zzMVHeqsUC1ajUH4Jq5CXl07fZAzrA6jVq7N4KS7v +XeNfhUt0x0xF4oeYBIFTdJJTn7Quy6zgtC4GFdQmS1QtyPmfU5Hasqbn/1ZCEKE6 +IRbWJMZIfc7JDScu2RXSsd8CPeWrCA+AhpzOlRLW/VmiMvrB -----END CERTIFICATE----- diff --git a/test/certificates/client.pem b/test/certificates/client.pem index 24a3a6eb6b..4971d523ab 100644 --- a/test/certificates/client.pem +++ b/test/certificates/client.pem @@ -1,49 +1,49 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAuRygTOnG7ttRP9IV+fdZbetsMJ3QCCLhws/Vv+zGUqHLR8Qo -G0J6PogYCBGQnXTy3NYN5N1DBH8k5pxamyAQERp/hW41re4oJ88i/OIK2PCRDdnI -4SnEZTOX9iLcdGR8sQoUtW8M2G6pNsvKiZhYskwF/oSsJnLda898KMKf6wCW/TF9 -9W4wlOSgdTvcAB+IrpZ2x2uBUJuyERvKy9k5WfxP2ikdHSXxIw4kwMokXLcJ1Q2k -n7COBBv00K7rBJyCdkrTE6hDnbfzsVZTuTEmaFp1TpDpOXge2ih5YMDREfscEcCl -R7jJpTL/LWbUy0n8TFqfvG5M6NIyJJFwajl4BwIDAQABAoIBABNsopGPknVsBCmb -RP0W7IZxRsgPN04zQtdrcbWTBfiTy737Im5B2owHQeZO2Yr8Q6PSvmB+q1KkeN3O -GF/gzG7PBgSdXPqkXAhZXwWEPrkm/UGj0cV22Yn5EQAeBl4cUU1Ojn+/aGypqA38 -8oLfvqbu/U4I4/ug4AU5H4Ezcw54sq32xCs/pzcNITOGRpIeNjynW+WtnTsWNOVm -KBMagHitFGavNnBbeiHsg7RsvSYZ2NYlr29yCpJlZFBZ3hYxC9ZAJiXWEYbBowxW -Uk9f2GSNRBytzsVRzhkL82/DUfKXXXXjOj1GZlnLaXUHZwvE7s0fteKZMpFbnUi3 -EWaRekkCgYEA3W9PP6bwkVP9D46NSg4AwFBHSrnUZ5GeOMwGoeagAEX7H1Exs15R -gfIKc1hRUYw+4b2zy4pgnsBRVJcAHOZCvOR5N/6nlFWU1tGBkQPBxTXN5jwoew30 -PQzQsRcHqMCxwysw8+nDsY5J5SGdznUFiOkoYi7XHM0tP4UL5qjF61sCgYEA1gHT -H/ec6VflqHpM9hFcTaQMOFYMn/4SNX8wk8wmN28AJPd3WkaOp8vsSr4JdefFz7fP -khbbpDOsmH3ynSCnWUT8XPQDRuhsmm/hUZd2dhDydSo8OhYzYoiV5NA6alJaustc -bbWjEB2xxnVTKnoBMz7rZmDEmM2ASz6vVowAAcUCgYA7wBFOR6maTWN3kyuk0+p3 -+jGChGpAGBbtlIAlp6l86WU9qhcTI1wzCDCxtx8aNhGxsBKX1ZsEuzg27xfktG1F -sxDSfzCQ4hbrcFTZ4H2kzUPl4E28BqPk5VRatLAoZPaSh1EKQAXCH3bpEQ0X7JO1 -wdRXyfPZnbOb9Dal4tylCQKBgHFtpilbZJ+JJwCVUhVaPkIooRF7ClYCpEQWlfjA -S8E15C2zvF7s5s+pFiTHdNw5bG8cTbhwxRnTCbgJiX4ewJRgLCJYcyQyLN3uTs6g -KPmLIfdX23QuMC4ZltkgRNX1sIExKFw92Z/BHWjC5sGsyNYQk1RAFfOneEhpgSWu -LpLBAoGAGrcpDU2lw2iDmaDYqItDlO6kbAcoAb6iQJJXc3c9vdEAfDNbJ+qO+T/a -3YHQ0/1w1XelHDa2ZCwbis2Ik0S6Q73wcapIjEV5+7sWWwZbUM7yPMUoqOe19fdt -aqE+sHpUAAduzULRoeh7/oxDoD+Ha2CfOgElnXctZWRvOxnFOVc= +MIIEowIBAAKCAQEAttV0C2SQIDO2jVeWSmp64eI5YFjDpIrSMiRx64sBBHna/jv5 +GutSJHBszK7y+UEfC36GrPzyOLLnMileyzvxTiOkf9GlwAtUiFfyliRBUQK796Cd +HOt46Na7p5c3L1zuYaci/pCRy6tGD+F8td8if6ywVUbfLjNW4x/yIzvh0XKuoP2r +fs2nfky6dMhc6E4KoudXez0xGlze9mVpNwYl9euIS7QnQ1m9L66F5gy6t2+SEmGM +yTYBcNHKZ2d/AJcN97ZQeYSiUcWOJMvwEr+ZXhoqAPmwT0x5kB01VPmbOFUTNYND +fK2uTAooVXQHvGJTDf5UEZrWTjcb6/ktakJPqwIDAQABAoIBAFUrq2LRRmiR3oUK +W7svzi2ixmqw/vaMKq3sF1uMBf3RTChpxLn7DGloK+7PwuVFJlKi7tbwAGBUSuot +pniTZG4roWpfvdBwFsFrAtlZa0nzNZ/95KK/uLPysDk6cp0wM+Yux1kB/MD9eOZV ++tP4bag/SGd5W+c4SE4GqDQspZ38/jy3rhKzfFvASE2Ve0jYEPfY0xqO3aQ1O+42 +UzBcQe6Lq8nbEh1MPbjCZSh/Ky90uAVEcI1hHLFtAq/WlgH7+kaarJwg/Dngh40q +g61YABgtmYsiyGritoHgQ+G9VphkZz4g1HH7CUQIyMmQPVmudVBCHlZNvD/jfgq8 +zEMrSYUCgYEA4tVMtyUUtHeAeTGDxBAYsSqXwsYxQqe77ZzANQa+ViawnLKgElVJ +bGPQB0j2e3ngQlx4nKev70gwzOhvG34z3YAMP8mTCaWjlsZMljxqJ8FxmrN9/kKX +WRrvzeyfUml6cOUifsy4eu7W8P3l0hd/I5giYSBohdEuoEdqCLhCg38CgYEAzlfR +t74G/blokMG/+ty3fc3o+nbWCYgiR/rAJZJHxHLy3ugS2oKreCC07Mw8IWRPKe0o +MbwwlgfCxykI/AzuFxWYFdIc+IFcdF8wTtMFI1MydXpiR3QxqqjqsTgve5zhtLgy +OZOF95awgdJiNU8w4ki/JQL7MWcnXeKyIH+smdUCgYEAy6oObmZp17twa+CMWY7G +TNRcXLKM6jcmYisa3MGIRlwIuTkcxjkzapGX5+KYBLeiJpNWa/mX2vVrc5/CmuHO +ebONy/wV/FRvtGGpxD7MZZOnh+pfVtq9f3DTHYa2ak1wdUsWlNkFTsOB0/Fz1xXn +vrLLM3/guT3famOUje27MssCgYAVbCClxuDK7rjgbn0T+l5CfWI2vqeyDaQhfPL9 +85Xn21dDtSxf6zkKG7ss6ndDsDpXy/tkTnls2hlqu+Pm5yDA3MkRWuMPGb8Thd5q +EJZz+GtArxgM+w88/JSBGag0WTFFpenw+FPsRITGtaTki/gzRgIyQYD6vA7mPGbp +4Nd2kQKBgFGftdMlOReVYotXikYVwyGYm3zCernrZcJkk8nz1sfA5dtWfveKwhYM +c5LiRvy3Kq57E2GQlOX8jkNzLG8lBmDdp7XwNeZQkiMBUUuNBwigufdSY7Gs1lSF +R1/Bju01Sonoct4PSATZ92HAIlb4jLkE4YwzTtdIjVzCdjSag90U -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIIDojCCAoqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER +MIIDszCCApugAwIBAgIBAjANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER MA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNV BAoMB01vbmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMg -VGVzdGluZyBDQTAeFw0yNjA2MDcxNDQwNDFaFw00NjA2MDMxNDQwNDFaMGkxDzAN +VGVzdGluZyBDQTAeFw0yNjA2MDcxNjQ2MzRaFw00NjA2MDMxNjQ2MzRaMGkxDzAN BgNVBAMMBmNsaWVudDEQMA4GA1UECwwHRHJpdmVyczEMMAoGA1UECgwDTURCMRYw FAYDVQQHDA1OZXcgWW9yayBDaXR5MREwDwYDVQQIDAhOZXcgWW9yazELMAkGA1UE -BhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5HKBM6cbu21E/ -0hX591lt62wwndAIIuHCz9W/7MZSoctHxCgbQno+iBgIEZCddPLc1g3k3UMEfyTm -nFqbIBARGn+FbjWt7ignzyL84grY8JEN2cjhKcRlM5f2Itx0ZHyxChS1bwzYbqk2 -y8qJmFiyTAX+hKwmct1rz3wowp/rAJb9MX31bjCU5KB1O9wAH4iulnbHa4FQm7IR -G8rL2TlZ/E/aKR0dJfEjDiTAyiRctwnVDaSfsI4EG/TQrusEnIJ2StMTqEOdt/Ox -VlO5MSZoWnVOkOk5eB7aKHlgwNER+xwRwKVHuMmlMv8tZtTLSfxMWp+8bkzo0jIk -kXBqOXgHAgMBAAGjRTBDMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcD -AjAfBgNVHSMEGDAWgBT4Dj3pNC2ZWJ8q1sWwfkj4H03pmjANBgkqhkiG9w0BAQsF -AAOCAQEAXB/eH7x92bayPaBXr+Pcm3ZoQL22la/YByga6N42xwPNHx0mH70hbf6R -zOZw1pU3vJ0Rx4mrQkfjNE9UkrhHvyF/jdhtyaaneLrE1NiAZfdhKkU4dLb9kV6u -hf8X0Z+Lzo7NTLPJHo2uVaYoVvgOamYK1oALxlIYiZkonCHHXJyCv6l/NQHVwXGd -0QSFYslV9NkpW913T/ZcX3doQ81yLdl4HlzI3Ta+AF7pqnxBibtEGECIYW1Jl7sn -RIiMMcz0gwXMghgdqI//8pO3tvfGBx0nBaKpB+y4hHlbfBlVUVKZA4tndSE3RNE+ -MOhV6IIFKhYkejnmhLQitvpybFqw2w== +BhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC21XQLZJAgM7aN +V5ZKanrh4jlgWMOkitIyJHHriwEEedr+O/ka61IkcGzMrvL5QR8Lfoas/PI4sucy +KV7LO/FOI6R/0aXAC1SIV/KWJEFRArv3oJ0c63jo1runlzcvXO5hpyL+kJHLq0YP +4Xy13yJ/rLBVRt8uM1bjH/IjO+HRcq6g/at+zad+TLp0yFzoTgqi51d7PTEaXN72 +ZWk3BiX164hLtCdDWb0vroXmDLq3b5ISYYzJNgFw0cpnZ38Alw33tlB5hKJRxY4k +y/ASv5leGioA+bBPTHmQHTVU+Zs4VRM1g0N8ra5MCihVdAe8YlMN/lQRmtZONxvr ++S1qQk+rAgMBAAGjVjBUMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcD +AjAfBgNVHSMEGDAWgBS7jDcgkwn6bfnpLrIixK9qJjBn4TAPBgkrBgEFBQcwAQUE +AgUAMA0GCSqGSIb3DQEBCwUAA4IBAQAsOBKVk0iB8MBN8/1mnzrlVZ0Md7VEid27 +fgK1b7xv37PlahEOe0tWxutX4iLneZS+XfWCpvok2UjqJi9di3bWeAckoNNo7GoZ +tu1uom6ne52nQIn7g5VNjOZk66NyAyvlPr+2SMu40GxnOe8OihpNk0aqT4x/Ux54 +/9pLbBd8oHru5Acqwnez3mzSr/wj8l88lpdwFmAx8xvtEzOGn0vOZA1YXHS1lzOZ +jecVNu5q94kXf+3zyVyzE2IgHd+K4Sx7hGuFN2PB05acFV36ZjmdSWFtBxmFV3/8 +rt/0ztRoJyBoX1oSCYIuPtwiYSV0JnaM23YJzPdztv/JnB43Qh3O -----END CERTIFICATE----- diff --git a/test/certificates/crl.pem b/test/certificates/crl.pem index 2cd6afd097..d1a95df0de 100644 --- a/test/certificates/crl.pem +++ b/test/certificates/crl.pem @@ -2,11 +2,11 @@ MIIB2DCBwQIBATANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzERMA8GA1UE CAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01v bmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMgVGVzdGlu -ZyBDQRcNMjYwNjA4MTQ0MDQxWhcNNDYwNjAzMTQ0MDQxWjAUMBICAQEXDTI2MDYw -ODE0NDA0MVowDQYJKoZIhvcNAQELBQADggEBAIXW67werrJCUtUgkbYEzqb2CxQD -/ayr8bf+0vlVoi4w1xjh8C03s3NFBDFSJ8kGQaNMR+Oko9gATUwkY+21+XCzT+4Q -wjaDrJKu1zW6L6aBG8gxOGoxcDbEDizQX8cl9QMIPxDHcslqXGgWlO6o0YOYHThi -BfM1jPP21ZcuQNH4NpnpjhmnIwj5HDYdHVuWKCoxLkpBR/tTMJOtT7g5Pfle5RvU -TJNmY8noQ5TZbO0wJvE8Jb1H531q0OMdgrZ0kM9y2+QudrdDclblvUdpAnax2Jjq -up49pMnDy1hQXgpJffiS4CzVzV9AEGhPgwIdV/xBGFw4xbYVoBaIRnWo7VQ= +ZyBDQRcNMjYwNjA4MTY0NjM0WhcNNDYwNjAzMTY0NjM0WjAUMBICAQEXDTI2MDYw +ODE2NDYzNFowDQYJKoZIhvcNAQELBQADggEBAF6NeCwKF477Zt9hYpVuk7d3Aqhk +m7RXgcrcPpWSA8dDAFCoaxAl09NAEjwePW7n93XEaxSIgyA2NFvvMvJ+nMaIpjNo +HbznIS+57jsxqwbK3mFt268Dv3W4Qrdv1ZFOW+cxd8Wn9XWCwA2Hcvf8lkL6DC4s +qJ8bHVK/GFL9WKBrBK8Xtz1V3jicYn7XdNY5HBxJg0QZkSCTK55nIWBaJLuZPlZ7 +nBARgl2uY2C5MrEjjubQZiFAf081IelQtPIZMRY1E2DhGlKcF3qYKT9xzuVEu4zs +mxkaG8Nf3gHuycnKJQOXvd9ZCYSIB4KHJ7egFCUgLefKSFY4/JNQP2IIWi0= -----END X509 CRL----- diff --git a/test/certificates/expired.pem b/test/certificates/expired.pem index 5ddf325461..141db20b34 100644 --- a/test/certificates/expired.pem +++ b/test/certificates/expired.pem @@ -1,29 +1,29 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAq4Pw2/PV4aBoSt1YE1d4SFL8bi4HaypP7J/cdW6RtxloXKr/ -DqfVQPDdiTIWQE5lrKDzqDpA4Ms7ecIH1iRnEvGXV1Ylj+n+gBF2Vi7UE4JGKbnx -+10X7ysy3X8hNwN571lxvjnVUaO6IHEjLlhNXOsLoOvOz9C78Evk4rRd6dNpt9du -L+4y4XunstTTbqsuV7puzR27HCkwn3Xbz470jPMpUQJ/NRPA9b6+WHaEI7kEp805 -Sklig8nap/GdDxd2i5EPZqpcbgV0RfN42t3Qsak98Beb919xR01GXU1Jurwn2wcJ -EUAnKbBxXyIx4Ltw3Bfald7htvFryhhKjx4tWQIDAQABAoIBAAg0Ma1nqqOV718j -Wr7kGHAHLiVcBMVSuwtzsxEX5pbmO3hxQm1ySDBIxSP2lhth1JmvAjCaBrfp6LCg -gAz1ZUvB7A4EpBvP4rk//JPPPhwnx1DgIMu37njlbVOsbMuLmkXBVsA1VneG+BRs -rPTeyuaGpKIAHX6RuqeaDbrtSy+vtbKPdmuc6g+ariIpkrI920UDdgbfpFAu/4hs -+951C+RVvu9+ZX5HhVFw9/q2+qxGzZj6rbMuSGxifb2ftnMEFAWDUzCI8sPB3QwH -F05zYbMMA4zS0QIVvbYaJN+HEDaOYFXC11hHWfDYZL/Wt3k/evUJd2pExKajomNU -qHHhN70CgYEA5yr5en/uywMVahYzXY9hoZb9v8kt69Nucpkq/sRJ3ZDV7yDr0b3k -0jAc2Up105aq4EBp2tya/KdY4TPIzVeOZ9FZL2rSly4uI8QohSRo4hjCBc5z8SKl -OESFqFruSlMXIaVc5I/R4sJUCnvBkeQw7j4QFFFIR6UcTJBvaCq41X0CgYEAvfCL -9iwPhTnTBQ0WVbtPOYF9Kk1xLCwPWaTS2lAkFsUZ9YIdVZmQMCCvpDKSWUVVsPJx -A0K/Rg8pkYFFPs3EOI2PV51DZrSCgDAdxikZby9amrG1KEwUyR82B9VWgVhIxZnq -KNL1GVRoYOhcnkY/Zv4dn7PnRfEPvCXU65OQjg0CgYEAy7cJZ7S6IVm0U2sBFSA3 -74j6UTrfJwWKPZ9RTnZ4ibMLdNJUPt/TeI9BvRNrRm1uZHUfU+o5AxIOt1dFTAAu -1Lqel7TRpLzjmE1TUBHIBAfBZBCOCCB57V4lUzne6MzUg6gQdrNvSR/ro9lvujuY -CzvSO7VttwWALNDT/L45aJkCgYEAiUg7YQonjZtlsdjrs7tWX7H/zXt7uPl/fsNq -wu/5pZuAT7pjiWMcnCyDxqHmtS8v6FzS4hB0PybmXIyah/IhSN7IJAM+nBUL3arp -WjiKcZpAWl7nGOEkhNlSLAc+Ju6wamH8pNUU4eHoL2LCzoLngIFa1/snxZ2eSdbu -NfbKHGECgYBEdsSWW93KOU4DbEezFWFd83H0ySvf1crdHr7psWBXTpYLnKN9HfS/ -GZ26sYeeq3ouJxG8Eb2yhYCtI20JnWk8lhjYA5lQSA6H0nyqrzKRfPdGerhTKgDK -FHUALHvAM6yF7EpA0ibXGCSrDHJAGGIlMAyUzObbDlTs5+Qwd20+lw== +MIIEpAIBAAKCAQEA+JjRo9fw3m4ldcmlEWfr3toV82PzadoT01MssjOCNfz0R0cI +BOxkzUkDsVLnhbcyksK5cfqvC5aQoCjXwG/fugkN579zvsmPwHhfu8zJLpO9k8Jg ++0kohDDb+k6PQ8OcPU6unRswLQZ43uiRiB9AHbE/BfchXOE9xAnHfHxin47k3dTQ +vj8dHuDyIDe6s7guUNstfdtZq+Xa9DJDuhIEShMBLt4GalEqfUOJ7zZhBB5ag7sm +Waognhvynzj2nmPQ3FCIXnfK1y3at/jEXQxm1ubwVXpG5iFxvYPDRR4JWsYy9yTA +h7QOpZKbh5Kp60kD+AslKyJos+/kTc8RKC1SwwIDAQABAoIBADt9usGWZj6cpltL +P7TsJS6mCxW9aB1/QjpSz8HvgKwx1jWOgpVHCxJzdC5F1EEUJ8amUeG8Z5KC3CZv +z73uJ+Cp1QmOMAFK1Btv0x0qs0Rxt676F+JazhbgaGw8y50gXS3wu+m9/WfxAhD6 +IAWu0NWqOpZPX00OXA0jd/lK/QEIpO2p3EufDCKfJT2jtfl5nAWvR2Iw2FnJ9CpK +HHfhJIX9QNV4v4Uh416MmjdaRCjeDS+ScFOqGbFY0izUXlRsZ1chrB1CK0pShbpi +FnU98uor5QHndBe8xdS3Np449BNH5GhoSivrR0rewaSytM4Ze1E4HGbD94v0Ksrx +Mq52Q50CgYEA/vqYIFBdDseN9LUNciQT8sfmFEtS99HGhXjv1fH3sjEsMuzZaS5Y +gAk+67M00Xq/X6Ds5xkQ1xq8Hgapu49NZaR7g5/KhqVl6gSdwSDQss2AkAPr7EEF +btDWRTp/FLp9lll2YP7KVOqEquGzk8yNzSrkoHPYIPi5gLS70d4BNf0CgYEA+Zeu +ju1C4RMyLuN9eJ7tMicWsJe5BhUkF8CkwPJo8QPGdvvgksog/dLH8Qye/JAqgl0o +9HvRxEUzQqzOrNdM4DY5Xh0f5J/EhyZzgfoks6ay0lInCdXcI4vGspX+Izt3Qm9t +USi7L31elUG/0eKojNozqAhV310ygiLjtG2mp78CgYEAu8i/BP1qq5nYOGKnFmrv +rhv+nO+kmRMLy/z3VW+w5rFERfUdYVNapmEoz9nZinWGP9162/Af8Oulo89wbcvq +SnNK6/Ng6q0hU6o2rKeITEcA6g+ZTxPL9oMjazTbpt5546Lbhi/fv45ASsGSycUa +ogF3A5yNjirgI6P3t2ZzKdkCgYAJtSmX64h/YpTAGB8IMv48xiJuyefrYaUeu2Jt +EsCcJy5v8EoCy5PO64TVTk1cu2q72U2/fJVjEeH1hO0g8drOma1PiMh1xvUI4Kj7 +dDQ7PI+V+JYGHuhKBaS7y3OwAR8ZWWYiEvh81153ZbBFRJCTseTycyiL4H8Xaq36 +lY021wKBgQDV+wxziAlb3UK1M2BAcYKKd8QdFcyC7xmbCyEv+uQUxGJ/DBZ+fGVG +rW973uFRxrBwVkss7WWA/odnP5KuCvsj9uCMWfezPsTlt41pV56O3Xe0cnbbPBGU +v6Y3z4UBT8g91c2307BbX/+krr/2Gq3zvWl8G486zNxNM1mZJof4Ag== -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDtTCCAp2gAwIBAgIBBDANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER @@ -32,18 +32,18 @@ BAoMB01vbmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMg VGVzdGluZyBDQTAeFw0wMDAxMDEwMDAwMDBaFw0wMTAxMDEwMDAwMDBaMHAxCzAJ BgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazEWMBQGA1UEBwwNTmV3IFlvcmsg Q2l0eTEQMA4GA1UECgwHTW9uZ29EQjEQMA4GA1UECwwHRHJpdmVyczESMBAGA1UE -AwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq4Pw -2/PV4aBoSt1YE1d4SFL8bi4HaypP7J/cdW6RtxloXKr/DqfVQPDdiTIWQE5lrKDz -qDpA4Ms7ecIH1iRnEvGXV1Ylj+n+gBF2Vi7UE4JGKbnx+10X7ysy3X8hNwN571lx -vjnVUaO6IHEjLlhNXOsLoOvOz9C78Evk4rRd6dNpt9duL+4y4XunstTTbqsuV7pu -zR27HCkwn3Xbz470jPMpUQJ/NRPA9b6+WHaEI7kEp805Sklig8nap/GdDxd2i5EP -ZqpcbgV0RfN42t3Qsak98Beb919xR01GXU1Jurwn2wcJEUAnKbBxXyIx4Ltw3Bfa -ld7htvFryhhKjx4tWQIDAQABo1EwTzAsBgNVHREEJTAjgglsb2NhbGhvc3SHBH8A -AAGHEAAAAAAAAAAAAAAAAAAAAAEwHwYDVR0jBBgwFoAU+A496TQtmVifKtbFsH5I -+B9N6ZowDQYJKoZIhvcNAQELBQADggEBAE1vb99WxOr5zlobULL8hrjCXbH5dkL8 -djZfloUZiflzmz5ICxkBe7irBJhK8k4CdE1+NsYHXeEbnfaPxV8Ex8ytQhS7xAOl -nw5TnJX7Su2N9lFW9TLh1nBPX7JxZtK2tCGKM/iTWDrJUw75DadZKexMSZaV0SZR -bjKj/jIFjf4mqkLs97pKXvhjbq6PN0VdRcE+PDxMrAZiJAoF/WThiJ4DCOpts6iQ -tWEcaf5poR4HNaehFS3H92X8Ots5On6nhTlfpMSsDxZjg+c5OQ33yIdgMh437LJL -XQT9eqoqw0l0VUvBQlWTpHZPwH+nGJyj5Jqe1Lo3W+G7I2sDpUPnbBk= +AwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+JjR +o9fw3m4ldcmlEWfr3toV82PzadoT01MssjOCNfz0R0cIBOxkzUkDsVLnhbcyksK5 +cfqvC5aQoCjXwG/fugkN579zvsmPwHhfu8zJLpO9k8Jg+0kohDDb+k6PQ8OcPU6u +nRswLQZ43uiRiB9AHbE/BfchXOE9xAnHfHxin47k3dTQvj8dHuDyIDe6s7guUNst +fdtZq+Xa9DJDuhIEShMBLt4GalEqfUOJ7zZhBB5ag7smWaognhvynzj2nmPQ3FCI +XnfK1y3at/jEXQxm1ubwVXpG5iFxvYPDRR4JWsYy9yTAh7QOpZKbh5Kp60kD+Asl +KyJos+/kTc8RKC1SwwIDAQABo1EwTzAsBgNVHREEJTAjgglsb2NhbGhvc3SHBH8A +AAGHEAAAAAAAAAAAAAAAAAAAAAEwHwYDVR0jBBgwFoAUu4w3IJMJ+m356S6yIsSv +aiYwZ+EwDQYJKoZIhvcNAQELBQADggEBAGW/3QzJYeUK6vScwm4nuN8oW7ha9NQl +jqlPAPV6jNCDY5aQJ3zN9v/DDKE1Umpmv739LmyQS1xmKnvT7C3s4nI/BL312Mb5 +9UypdnvB9VGxTs2OaglxPsfMqxacq7wr5MC6ikIv7GieA0EEsWqkKeSf7id3z3cr +WeYmCPGID1OrYpWMT/fTFBEVVYrDpBZc9sla25u7l2ymK2JjqWZorrJAAkzo6WkW +ZRfAh3SUzgHVZMJ9dSdRT0xFiu31tpwKRAdRs/sKVJ/+MIlpfwxjx52RJQCzDd92 +DlaJ/lYEJuwPdOylRi+9EtC5enfyIvlqft00teDAMYM6ZM8D/cLbyBU= -----END CERTIFICATE----- diff --git a/test/certificates/gen-certs.py b/test/certificates/gen-certs.py index bf44694a03..4fd00cee60 100755 --- a/test/certificates/gen-certs.py +++ b/test/certificates/gen-certs.py @@ -133,10 +133,7 @@ def server_san() -> x509.SubjectAlternativeName: .serial_number(100) .not_valid_before(NOT_BEFORE) .not_valid_after(NOT_AFTER) - # basicConstraints without critical flag, no SKI — matches old x509gen CA - # structure. Omitting SKI prevents macOS SecTrust from resolving the CA - # via AKI keyid, so it skips OCSP revocation checking for inter-node TLS. - .add_extension(x509.BasicConstraints(ca=True, path_length=None), critical=False) + .add_extension(x509.BasicConstraints(ca=True, path_length=None), critical=True) .sign(ca_key, hashes.SHA256()) ) (SCRIPT_DIR / "ca.pem").write_bytes(cert_pem(ca_cert)) @@ -158,6 +155,11 @@ def server_san() -> x509.SubjectAlternativeName: .not_valid_after(NOT_AFTER) .add_extension(server_san(), critical=False) .add_extension(aki_from_ca(ca_key), critical=False) + # OCSPNoCheck tells macOS SecTrust to skip OCSP revocation checking for + # this cert. Without it, MongoDB Enterprise's hard-fail OCSP policy + # (kSecRevocationRequirePositiveResponse) causes CSSMERR_TP_CERT_SUSPENDED + # during replica-set inter-node TLS on macOS when AKI is present. + .add_extension(x509.OCSPNoCheck(), critical=False) .sign(ca_key, hashes.SHA256()) ) (SCRIPT_DIR / "server.pem").write_bytes(key_pem(server_key) + cert_pem(server_cert)) @@ -196,6 +198,7 @@ def server_san() -> x509.SubjectAlternativeName: critical=False, ) .add_extension(aki_from_ca(ca_key), critical=False) + .add_extension(x509.OCSPNoCheck(), critical=False) .sign(ca_key, hashes.SHA256()) ) (SCRIPT_DIR / "client.pem").write_bytes(key_pem(client_key) + cert_pem(client_cert)) @@ -299,7 +302,7 @@ def server_san() -> x509.SubjectAlternativeName: .serial_number(200) .not_valid_before(NOT_BEFORE) .not_valid_after(NOT_AFTER) - .add_extension(x509.BasicConstraints(ca=True, path_length=None), critical=False) + .add_extension(x509.BasicConstraints(ca=True, path_length=None), critical=True) .sign(trusted_ca_key, hashes.SHA256()) ) (SCRIPT_DIR / "trusted-ca.pem").write_bytes(cert_pem(trusted_ca_cert)) diff --git a/test/certificates/password_protected.pem b/test/certificates/password_protected.pem index 4c912a26e5..0a4202b87c 100644 --- a/test/certificates/password_protected.pem +++ b/test/certificates/password_protected.pem @@ -1,52 +1,52 @@ -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: AES-256-CBC,ACE894CD3148E73BAF1F3F4372149CDC +DEK-Info: AES-256-CBC,CD109B29CB2ED1E1F980D87AD3B2D4A6 -WIOLZOyncVs7TWk/9OQSqP3yMKgtLY8I/OfmaZTAkTBk16ok39WLcMHBdfsCOQKN -D2cZUDgAWMpQDsuvrqmazDfO1fJiKF0fRUspKyPTBPEMoWu7tLgS0HUteSylKEfj -TCT1U5yxcjMZ6Ytj4b6E6ur/zIV3fFrXhfpaF8+EDxbSpdaESVfyZZwmrXc2P0Yl -iUedLaVL6atXrzQ7x6MyzNxQGWFlxkETmD0QB5mTvNOiBFiBwpQ/+JnnKo1KQs+H -uwRcQYU2bw77vuovFiukRQ+50bcVRwYq8ebw+nclExZC+eW7N9gPR1k76cHZpXga -91GzwZacMbLrL4STWqFFhQoICEm5aWO0YGodHl3vlpcrkWIjjshinHPEPUVB0EQ4 -I5fY4DO+P5bOoIztlkn6mxSBSGfZpq/p3xFW7pk1IiSJzDyc5bav6+e3maPNG1iT -YMluXSdmuL1NUpgI6BnTyOEmhKTEQWmvJOW9BcCApph7htVVPcT6zLPCtR1BO+3b -qQ/c91sjN7FXfJY+qGGk/swJWwBHITsRW+iYRMqodCtMbDbwH0Zg5FxvUGMm/yOZ -F/vo39zBfXPnI3mUJ+ZuKhkX7fk3SXCt5/lzukvZCFno+4qk0X8AXveDNFPlhScI -xQ7MUCzbg+aZ+l7F/C/sLQrKr1aU00tNitvUwia3NR0Vs7atnKaQJttx8DSa0iBx -bRMq0V1v/aua3b7SUZz7hrvKex855vQPTVSQLMDpR5MmC6M5izA8dXemDdHoafHq -wtTzletA83Y4HRC9Sx0QT7zr5gG5Ng+DnM0yPAH1sUP+rArbl/DqHVxmNkGFo4uL -F80lSToqSvocPZ8jlTDVq7KmTm0B7EIeG0Qp6gzH6iRnT2PArSN4VHnyn1c4POas -ClC15kWXE3qo0RBc88DYzJAuBh5/uk0JhqpCnUKMLnBQskdwVlUUKvNtzHDalvUc -SaddsBUjsNw2dyc9wmK/ai5sFbNIUP9fLK9DAQJWf+u+T5l8TqUYQTG784opNXda -gTI0drGuYJLEK/JxxICD5ZWqpb2KHtSkePfkloKkSj4KRVpL5kvkNMEEjOYOUvjw -qyGia043F8ZIV9K0kgyk8bCgMfU78EsHcFMA8IWaGyCUJi0ocyQydtI8JPIB8Ot9 -CdCSI06wIrVC8ctkrody31jtNtHzNTuBvnd4b1LGOmuzOL2NukE0zcsjXo3+xjPc -hsKp7wsAzVRP1D6bj/gCCjo9c9qFPDw8NTJfS4jpckmIj2ilNH8phdMzV+wImveW -F8sg+tPbvaQQUHDUu7wTZDwL/we5z+FcFo0Evgvrvm2xGBVH8Z6VGZ/Gcr2iWnCl -qMxdhGH8c7vyUBsQlsutwJ8m1PhCs//hRmvrY1lMdq+UND3ncIZTFZRdlT6djb6/ -Gsr8jdCEr7XJJAUUDNqDcWKi54QpxImxiEr8OBcCyxbdCWFjLNXroFxwm1bKnuJu -+z37mzjuJGqCEfxb1mbmTQW8OU8BplBlqbWfYdlkYxVo/dez89qujwl4HGsYpEfu -PEAnLqXlPWlKRw9u8e/FQl/SWZEEdQDB4hsDT45p9h6FEkFeYO2e2WO0PTturI8x +zdAY4vil6uYL6KeaFDrMxIqcI4GYxAtur4N/V2tVb687zYNPtdrpYbavsHBAX4an +BkKcsfYHVeCx5NNCyZdUcgbJR4VqRUKkF9g+ou8WzsNMmPcgz8WrSR17c++LqFOX +2HtvuWEOvNoOiCRQQVfB33KCMZp6td5lRNkIJ0RkO0ojE3Oi0VW5qydER0BQ0FuK +P7BnxD7ydqEaIY5gZcTV7CCLwO5R2ryahXvBuyK22DEQwA0Jni+4Bm1KDuoAxnVm +t2xB+xac6nVBdrKrdVRn+W+kXNkDWdQmHh6UTEQhZVgW6oLXsbLEu2uy3gOdH53m +LTHuWcJd82CxtpyJ1S1SGtOgE3HjjKWQ/6O7YMXWmuiJHdoBx+HwlcOCjx8ps6+v +0KOVP/OYxZSTU6bVlYhjeEFGt016dDFMwg94aA3tq5jImfPs4a9zCAG5vffS8joz +7ohg4Gr29um0CLbnYitVCPWoVfAlORzoSjzExDpHg7/AZlAOV0jWqkDRAIO+m8Z4 +rxnPZ2EU8oPZmY0GEuW6YVqFQ3NKdifr2/9weAo8KB86ODc2LtCad2aHcgLFeLyG +xgV6ECJaXYy5vCHVXsYifQvdg/ptYN2ekThmAHVJFWJEJyH37Q+YmEoLiRfBsrdw +KEoQR8Pc3vMp41TeSrrNu8xCGG7cjjAJj3+F3zQVPUN9cn7zrKwiU8FL4zo3MV1M +XoTLzOM1NObZAyEbUYcTBPOBtYRq0CIKxOx/6Hwg1k8QXh9Vuft/EeWd5fqLUtx/ +kNW7jSsd/d165cbY10XVZmuCHqGaMHlIr7llHXrETbOqJPG2CCT7a8wX4Dih8ZF9 +x2NBPgVR6bS+BnnmjocHzqPzmFPunDcWjoUkkgX+wHm8ZhltrbhD+eIhyDkaWZD8 +QsrDgdB+9fceYRha0hUjzBYIIvRUsQpIT2s3OJDwWQkJ4l1QavluLu4bvr3GqWL8 +GfzzoD1UZK7KZnzLwsJwJwt8po1g04buT3N98Xk/s6HmlLLYe8+1sQaX/XMjXmg6 +7/SABoi9JRrogUZtYdThpYP47Q1CC9PD9IC3aXo5O5+deo25s+WJ7GSxm6ocKO0s +5yg2BkEBkF4ig7JZisVaWrgzgTdJzeBux6CcIgdt9qqcuhQU00k+VGDTGM3Wsx+y +Y5KzhZZ8RdKv9USmOS9jnpL3XADCWFrGIcC1bbzs2B8EUlpFWTkSZvnpUvJPNUqi +SEiepHif1DnOe+oBp/w4xLkR6rB5Bjs6qU46Gq8equlDIu0Mu+fCD1ZrKrwbsrJx +EL3ZJ6pCOAm6yddEbddbXY3gL80L3JXTmBgopdq9bn4CgYC53qZeNJcwNSHD/LaC +Tq6XSeo7XM0iQ4VVhW37dWBXRSmtKjgykfOfFw3QMjzu8M7DgKX/nN/FC1bkZkyB +nSQvQy26djNlW7DD8lVl75N8yDkMbNnYolEJb9h5o7paoNGSPEJjYJdZLYqS5qv1 +P0TljqrufzdTRBQ8hHvv5javcjEbc9Ng58PeQNaqShQttcn01Kl+nOmXNBOzLEg/ +XpWewTnDLdUjWpuyHmSvTOJzoVgdQ0B4qLPIvuCE4G8G3eCSQ6elerMH3VYj6GRY -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIIDojCCAoqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER +MIIDszCCApugAwIBAgIBAjANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER MA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNV BAoMB01vbmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMg -VGVzdGluZyBDQTAeFw0yNjA2MDcxNDQwNDFaFw00NjA2MDMxNDQwNDFaMGkxDzAN +VGVzdGluZyBDQTAeFw0yNjA2MDcxNjQ2MzRaFw00NjA2MDMxNjQ2MzRaMGkxDzAN BgNVBAMMBmNsaWVudDEQMA4GA1UECwwHRHJpdmVyczEMMAoGA1UECgwDTURCMRYw FAYDVQQHDA1OZXcgWW9yayBDaXR5MREwDwYDVQQIDAhOZXcgWW9yazELMAkGA1UE -BhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5HKBM6cbu21E/ -0hX591lt62wwndAIIuHCz9W/7MZSoctHxCgbQno+iBgIEZCddPLc1g3k3UMEfyTm -nFqbIBARGn+FbjWt7ignzyL84grY8JEN2cjhKcRlM5f2Itx0ZHyxChS1bwzYbqk2 -y8qJmFiyTAX+hKwmct1rz3wowp/rAJb9MX31bjCU5KB1O9wAH4iulnbHa4FQm7IR -G8rL2TlZ/E/aKR0dJfEjDiTAyiRctwnVDaSfsI4EG/TQrusEnIJ2StMTqEOdt/Ox -VlO5MSZoWnVOkOk5eB7aKHlgwNER+xwRwKVHuMmlMv8tZtTLSfxMWp+8bkzo0jIk -kXBqOXgHAgMBAAGjRTBDMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcD -AjAfBgNVHSMEGDAWgBT4Dj3pNC2ZWJ8q1sWwfkj4H03pmjANBgkqhkiG9w0BAQsF -AAOCAQEAXB/eH7x92bayPaBXr+Pcm3ZoQL22la/YByga6N42xwPNHx0mH70hbf6R -zOZw1pU3vJ0Rx4mrQkfjNE9UkrhHvyF/jdhtyaaneLrE1NiAZfdhKkU4dLb9kV6u -hf8X0Z+Lzo7NTLPJHo2uVaYoVvgOamYK1oALxlIYiZkonCHHXJyCv6l/NQHVwXGd -0QSFYslV9NkpW913T/ZcX3doQ81yLdl4HlzI3Ta+AF7pqnxBibtEGECIYW1Jl7sn -RIiMMcz0gwXMghgdqI//8pO3tvfGBx0nBaKpB+y4hHlbfBlVUVKZA4tndSE3RNE+ -MOhV6IIFKhYkejnmhLQitvpybFqw2w== +BhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC21XQLZJAgM7aN +V5ZKanrh4jlgWMOkitIyJHHriwEEedr+O/ka61IkcGzMrvL5QR8Lfoas/PI4sucy +KV7LO/FOI6R/0aXAC1SIV/KWJEFRArv3oJ0c63jo1runlzcvXO5hpyL+kJHLq0YP +4Xy13yJ/rLBVRt8uM1bjH/IjO+HRcq6g/at+zad+TLp0yFzoTgqi51d7PTEaXN72 +ZWk3BiX164hLtCdDWb0vroXmDLq3b5ISYYzJNgFw0cpnZ38Alw33tlB5hKJRxY4k +y/ASv5leGioA+bBPTHmQHTVU+Zs4VRM1g0N8ra5MCihVdAe8YlMN/lQRmtZONxvr ++S1qQk+rAgMBAAGjVjBUMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcD +AjAfBgNVHSMEGDAWgBS7jDcgkwn6bfnpLrIixK9qJjBn4TAPBgkrBgEFBQcwAQUE +AgUAMA0GCSqGSIb3DQEBCwUAA4IBAQAsOBKVk0iB8MBN8/1mnzrlVZ0Md7VEid27 +fgK1b7xv37PlahEOe0tWxutX4iLneZS+XfWCpvok2UjqJi9di3bWeAckoNNo7GoZ +tu1uom6ne52nQIn7g5VNjOZk66NyAyvlPr+2SMu40GxnOe8OihpNk0aqT4x/Ux54 +/9pLbBd8oHru5Acqwnez3mzSr/wj8l88lpdwFmAx8xvtEzOGn0vOZA1YXHS1lzOZ +jecVNu5q94kXf+3zyVyzE2IgHd+K4Sx7hGuFN2PB05acFV36ZjmdSWFtBxmFV3/8 +rt/0ztRoJyBoX1oSCYIuPtwiYSV0JnaM23YJzPdztv/JnB43Qh3O -----END CERTIFICATE----- diff --git a/test/certificates/server.pem b/test/certificates/server.pem index 6eb66f594c..6a2d8afb33 100644 --- a/test/certificates/server.pem +++ b/test/certificates/server.pem @@ -1,49 +1,50 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEA0hBNfElPk0JZEnSzJHx4bsEgju56r2GmyParCLUR3BvKyqpX -rRLx3TacFDDff92ldI8jZL/Akh1/VZVJe7gTEGmirUGhjAe3efITE5ORERxA8926 -NaUxpzta/IZUNIDwDQQYS/ecYohC4j4qAhWJePKZxeV/HMhNxdp3/9TcnpTBglca -ttVYwXvZc3Y5nwiScmTuisqw6ngpRRRnt+AVcpr3cffCAs8NKwOgf7ed//p6zkP2 -5uoaWuwNS8Gyid5P0HaNxiRjb9mq7D9dL3DxhR4oeCmyX06/rjDp5KsRcSkQvg5L -iSahW9kEA6zYNd2P2ExbZOwVsCokibWSjF8nvwIDAQABAoIBAA861ltV91p+W3Xe -lyRkj9i70M/8E1IG2vBEDgduFVLngu7ppbyrHHUE4hEGsBWVrMrEG/VQf7Y4RESg -s7iwElXEyuIT2ZIM9yz0s5ReRQzAByeHIlqEVRLCV2jqlk1OMdlHvDk5xRFRvsOn -bSVEiXiG4kY6Stp73UOkgMHAHZSzo6fP6yK41k7jwzgXe9pq2fQw6M42QytT0em1 -1i+MJmkbjn30OqbMvY9Tlsj5QEeenzMaRa3VUB7F2nKXSIyKfw67JWr74gKfCpl9 -UmyQjq8CylUKoFXzVcyh1KkdLZQwxCotjhNB5/omYE+OaelBl4nena+JkQlNLBbq -7QxC7IUCgYEA7NR/h8oQX1HF9TAMoGeiFyOxvZjidz6GMZjq/D2uv7z/W1yslKs6 -jxqbHNcQAQlTGi2hKY498HE/CRzWu04nxEg3NZb87Z/pPmzbk71y06mIT1X2eYRP -xI80OkwIHcMGQzpmL+dx4A8WWiSSnrq+2XT0rUp5Hi/XPR+4F/IX31sCgYEA4xEp -Y9rpEiCIjDVCN4O1A/Bk9f8Fz4Aycjc70x4LMQ8FCwRPbYJIsazjWXgb5QFF5TxD -ZX3LcTcgYjPxZYfJNVexUJSW9eEflPVHSkzKg+zojxZ0/IkDCQX0LzVnB4qO3MPC -YvnS98RnXrBTETmhpXj3URojoL0BgCcL1tTKim0CgYALW5mOIpOsbpiGzLoeSzoL -0AtrI1ThER+Qa1wBotepnF/GuugP7TJOwKDlvi6nThItNDkBbC/uQxAZ2Mc3jmT7 -1dbH/Ci/IKcn9kKFkFVcb0n5PA8o/r5wl8mSbikJfFvlh3x1Ga1taGvTAOQDNsOG -XESLtwGd//9bkBTdGSAp9wKBgQCubluWau+KzlU3KB6zGMlwujZEx2EGUxvto8Kg -Xr8IM9qS6P+/R0tiukZ4T41WMdEo1U+M4sLrOQb2iaKSdWo7QR9koJELV6J0Qqw+ -Rpl4GQFaEk1SRkp/nwRDU8nPAEDZFMT6VaIcVdN26QsW+2fS/wc2VVczPp6tfNFa -emMRTQKBgBRiKSQtnWq8hMkGiXl1g/0uoRgITZie+JbvKQdwEHQ1urGjwEQhVLRK -hHFq3hWwgg7L5IDdyJq2pM7XiXl+YW+skPW09+zNzuwDJP0pqfpqo4BtGcGAB4r7 -KSCywCfo61cqwv9rf5RLvfTjOS/fyiwdlKgGQdrFetzVQobAClbf +MIIEogIBAAKCAQEApnGeOYXcLNRyDN6Mg6CZYCjemex7Oc3s1SFrBAWCg1fZ9crd +AGka73j2RQyQlRyJv9kMLgNtc5xzTKsFde50h87ZvPe470TYe4TR2MdkNV4TKy/q +SZeRqcoMOgvxitvaR0s80avi+QQzyGl0Pb+hQfL+SMbLdFXEZ3Sfb29001bG1NnQ +KpT6rry3xpHTlBun+Hk4DcLa/3dwVSRLW8Yweh6cN25Z7ywZjHlSf6rnul2ivP/P +W7hKGKde/bssNwJyt5fHuKa9lxc2GkrPlRf03jiBLjF0CUeIvkaZuzRBe5Etnlf/ +5SmSwsjtsW7swcRUm0BkQWmlvlP6qG2PQfjLkwIDAQABAoIBAAf6OLUVS0Tv/Voy +wNvxzEtPE8HSrOJ+3uO/AWP4DaLU7zK4J+W3cLda/iOEfPOHCO69U1E4EDyZZyKD +RrSgNE0EDYYtZPUKDcqRxmsHV30bueIShSSrOcVZ1HWXXlrWiCMHO9S2BWydyaUv +F+3ghU6Y/ALdJrtrMInGDa3OH9sD+q9+R4W17o7pUP8Eu9be97DnAFQwNaTK3Qx1 +pHjrKkmr8SFGg4cyMCXMRni3KQeH+6QHVxBLIbDioGjGuNNngYgL0aZbw8DNH2Vp +S6My1QCQZ3yaQ0jS/yzgCCPQyglQf3LmE3ydIyK9FaKgOCd3mFM2yEiS87jVzQxx ++RxQMUECgYEA6ei27IJMa7SBMmtdfTQgyb9mXVYFTbtTgHbx8KamdjuRmTQNElYu +iphyyOLCuGxoVj4l6zVwashFshPVax7Oi4ndHNVqIx+iIfohvS0Cl7E6X4yTKnBg +XkqbRyxeXCmfZ6BfJhEiH6unapFesoBdBuwctCEaqOreHNZDvzGeQsECgYEAtinH +Fhcm2kOE/AiszEn1Q5IfDWliEs/lbEzqUmn6T295EY0pF9y5UJcplcgZdMJ2K0iE +Pk1eXAYqhlbkp2MjttYvkD9B4CCnTq5BrlMuYFSC9tnyeFKFYc0EaLbGv7MIYFqD +b1MgZp9wLaF7Kl0y/1AZ/Vv4zTLKCoc0toGt51MCgYA5vNDSZoNYnrC5clkcW66w +PgeViHM8sb212yZzYZ97Vc7lwzxqx00rtt+2iIrKHTBQAX04pvM92HujrlOi4nLX +bMtgn6lYTCmoO2bynFakfQHMrhVxh1WyULYthl0wYLHRUXvLGLWUnblwi7uVUiwk +VknriLRc98Sl15nXavcGwQKBgCY7kIBvbYUj5LZtL69U2nhLI99RvfbK0ZEwd4HC +onmnoNZxNS2/8tkaUO0R6V3bLqgY+UCGRoaz+Jrng+gp46YNQEBbNn1O/S6DXl+z +L6miMzaSOdTNJReIyyMbMY2sitaGSM3FuagwUIATQ2F53Ck/66SEeCzBOyyIgiTI +BPLnAoGAQwkswMBqhr1C9QugLS4VrmsIo3EgsGPYFcif4HY1w/m1Dk9nBk3j4nJT +BqrTcYlhgUXngJZTDifL6sOu47PZ0HOdlEEeEwK+hXEriZPnZ7cCKrScrFzQDbwe +st9MAi7rcu8tW64lfglKS5WX0aE8NGZpef5BDvyYTFkkQ24aZn4= -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIIDtTCCAp2gAwIBAgIBATANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER +MIIDxjCCAq6gAwIBAgIBATANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER MA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNV BAoMB01vbmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMg -VGVzdGluZyBDQTAeFw0yNjA2MDcxNDQwNDFaFw00NjA2MDMxNDQwNDFaMHAxCzAJ +VGVzdGluZyBDQTAeFw0yNjA2MDcxNjQ2MzRaFw00NjA2MDMxNjQ2MzRaMHAxCzAJ BgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazEWMBQGA1UEBwwNTmV3IFlvcmsg Q2l0eTEQMA4GA1UECgwHTW9uZ29EQjEQMA4GA1UECwwHRHJpdmVyczESMBAGA1UE -AwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0hBN -fElPk0JZEnSzJHx4bsEgju56r2GmyParCLUR3BvKyqpXrRLx3TacFDDff92ldI8j -ZL/Akh1/VZVJe7gTEGmirUGhjAe3efITE5ORERxA8926NaUxpzta/IZUNIDwDQQY -S/ecYohC4j4qAhWJePKZxeV/HMhNxdp3/9TcnpTBglcattVYwXvZc3Y5nwiScmTu -isqw6ngpRRRnt+AVcpr3cffCAs8NKwOgf7ed//p6zkP25uoaWuwNS8Gyid5P0HaN -xiRjb9mq7D9dL3DxhR4oeCmyX06/rjDp5KsRcSkQvg5LiSahW9kEA6zYNd2P2Exb -ZOwVsCokibWSjF8nvwIDAQABo1EwTzAsBgNVHREEJTAjgglsb2NhbGhvc3SHBH8A -AAGHEAAAAAAAAAAAAAAAAAAAAAEwHwYDVR0jBBgwFoAU+A496TQtmVifKtbFsH5I -+B9N6ZowDQYJKoZIhvcNAQELBQADggEBABHkqK0cIV7/Q7PCk/i10vVoMruirXQf -5Xw/7XViDugKsfcH9Oavl4Kdi+C0Sigvgjrp8JY13kRsbphwOH6w3Be5HCFK+Wmi -tbktvoB0yMHa7WO0y4bJtOL7ofWwKgjye57NeFM/fmosOPn6mqzm+MYg4V+qEim2 -dQ0iTztt0C/EibQZgO/aqylDYu8fWBMa84To0Pk8jD2fpNF8Ji11564mie3DUtcU -fZCNsZhWOoUNnfrhpmyixabA1f+WHwhPsqikRlo4Rpa/nrJVujlk3PO+7zgH1UCA -WKX9A3R8KlhbPDd94zZf5+gpm39vxo82Lfvc6HunRtcBjE7HdF0tCcg= +AwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApnGe +OYXcLNRyDN6Mg6CZYCjemex7Oc3s1SFrBAWCg1fZ9crdAGka73j2RQyQlRyJv9kM +LgNtc5xzTKsFde50h87ZvPe470TYe4TR2MdkNV4TKy/qSZeRqcoMOgvxitvaR0s8 +0avi+QQzyGl0Pb+hQfL+SMbLdFXEZ3Sfb29001bG1NnQKpT6rry3xpHTlBun+Hk4 +DcLa/3dwVSRLW8Yweh6cN25Z7ywZjHlSf6rnul2ivP/PW7hKGKde/bssNwJyt5fH +uKa9lxc2GkrPlRf03jiBLjF0CUeIvkaZuzRBe5Etnlf/5SmSwsjtsW7swcRUm0Bk +QWmlvlP6qG2PQfjLkwIDAQABo2IwYDAsBgNVHREEJTAjgglsb2NhbGhvc3SHBH8A +AAGHEAAAAAAAAAAAAAAAAAAAAAEwHwYDVR0jBBgwFoAUu4w3IJMJ+m356S6yIsSv +aiYwZ+EwDwYJKwYBBQUHMAEFBAIFADANBgkqhkiG9w0BAQsFAAOCAQEAG0Bxa8TG +CGGOh56knXFYef+k1c1SYr8sjq/XpcYgbG5uuoe8jjxq7ZJF2arKOIINodGTW4+/ +aRliIDa70NL/10rK2x2YVj0M232tTBi/GRuL6MTHAc1zCuYsPco6n37bmXgfVJFH +eThrXCj5UU/rZzf1RQ9YCtxzgPF+gUuY5wMkBdwAjgw4N5KoplU4CYR7LDqHbfmn +a4+I1jiDeMxsptwOmqWhpwpDAUVpfE3zmCIjydFLSmpO5KJMyaf1xqqNAqS1IUVw +fyEogCV0U6SGL9vYdk81PRGaH2FDkpIyKJOfgPkNx4SUxUTn16xS0wlrTauaMotW +q0znO+NPLt8XnA== -----END CERTIFICATE----- diff --git a/test/certificates/trusted-ca.pem b/test/certificates/trusted-ca.pem index 27d32a5db4..794d12f28c 100644 --- a/test/certificates/trusted-ca.pem +++ b/test/certificates/trusted-ca.pem @@ -1,21 +1,21 @@ -----BEGIN CERTIFICATE----- -MIIDhDCCAmygAwIBAgICAMgwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMx +MIIDhzCCAm+gAwIBAgICAMgwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMx ETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1OZXcgWW9yayBDaXR5MRAwDgYD VQQKDAdNb25nb0RCMQ8wDQYDVQQLDAZLZXJuZWwxHzAdBgNVBAMMFlRydXN0ZWQg -S2VybmVsIFRlc3QgQ0EwHhcNMjYwNjA3MTQ0MDQxWhcNNDYwNjAzMTQ0MDQxWjB8 +S2VybmVsIFRlc3QgQ0EwHhcNMjYwNjA3MTY0NjM0WhcNNDYwNjAzMTY0NjM0WjB8 MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZ b3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxDzANBgNVBAsMBktlcm5lbDEfMB0G A1UEAwwWVHJ1c3RlZCBLZXJuZWwgVGVzdCBDQTCCASIwDQYJKoZIhvcNAQEBBQAD -ggEPADCCAQoCggEBAKiEqyUOFwSIyN1n65k1/gZmo1aUPnTsCYrwrjP2Z6EazrQP -tKtneZmhqPxEDYtHHtO8KmDt5IXf3bxTQowKVTDuBG7FiwhYN8PmtLRZiWuoq7Ng -uDLFml+psm5zn1exD2/XWpPjaMz/+PepLyUyyovz6G0cUefBBXwMO+YvoBfHIOco -TCF/SSIU4BLCGfzp1E5URwx43etGvqE/4UCGI+TR/tKOsuIPX4gKqX3tWGs5qZAg -NkohTDoRA3lQHDmlopcK+05K9hEvtfDzOavFt5doHEaQlPseUSLjxQpIgK+iaTFt -or62TLF26fMxzQt1h/pRJrLm5rOmA9BxGlI7BAECAwEAAaMQMA4wDAYDVR0TBAUw -AwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAA0dyoOr6z59yoIOvrV2D9EMQcgJJEK6+ -kwsINMPWrJYFATZXwbvg/VJeGMNlw/h6wkDf6pxeRA7E6lELmz3ins3xBsMm8H5D -u8APws9dhy5WjBjBCwSJ6uJpOkQfoREz0ZD+H5ZASmMyFsbI68j8DmW/2+Sfneea -+SVKZNJddaCLajF3kU46iHWLUXHA0zfEeoGPDkSXce+056wth0CQlymVWXrr5KJl -7ZTi31PIhhIRaooclQD5evFgopPf5SEjY2bzJ+LUa3V+9781R4QkQ2YCBJYTInRt -Ol55BOwpQjDajgUnfxyO/oMPbcoQ60zwuwK2hzfwO2b6atfqV044eg== +ggEPADCCAQoCggEBALfSG9E11bX9gzMVmppmg9qNkuz5HpK78xaT4IAoSMtPXPXS +38Eh/DYfMWAggWZwJj+14C8CbGegERRWMJTA9DVetBr2VvF5CdaMkSqygdOCwm6r +zF8Dv8wcUCGf3DEU5PizCvbPBwROeSAh7ShjSUm81kA7gXeQGxF78JwpsWwJ1T5l +bgvWSlCf6x8wg1d4zzK99YRpPlHzDwg2QHbEw+d42jXAOEvmW2K9QcZPuywCDfwR +i8o6Gprowo/O7QUt2+zf3e4nbBA85cERUM3IIEjLFfnQO+sKJCECS66pwucrSg91 +m6+nXKfQi6rLizOd8zpqHEv2vIj+DVB85mTwF48CAwEAAaMTMBEwDwYDVR0TAQH/ +BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAkpVLHfsziEh+BXGZ6hhV8ilQ7LQD +bR8CS9haRPTqA/i9V3R/qykN0ORUGer+3su5te5r3g1auPL5siFCdpUDpi3i83EQ +qkGNQ1bMEwRTUil94CWHpSkz+MhCoU2SMK3MBkqxq/INJB+NUb9VCFdWA3WSPdHi +CVLYu5xftZ5Q69ikViJABrdyoyv0+Xy9hqGm7QTJBP0Bw+HjVVJUK/7Vv2MgXdUC +27bPCC8p/EI8fpDURikjYHRi43nw394WkYzQHBlLCC4hYtuh39+Q+C3gj1tEhLub +KVKGkx4rC4/pxYXhUx/E83jh8VCMo0X8z0PlJwtIv1bkBRzds2VX2m+7LQ== -----END CERTIFICATE----- diff --git a/test/certificates/wrong-host.pem b/test/certificates/wrong-host.pem index 6da8cb6e26..785af3e2f4 100644 --- a/test/certificates/wrong-host.pem +++ b/test/certificates/wrong-host.pem @@ -1,49 +1,49 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAmZdTypo3siRWms5U4cnrQFI5r9sVyndKw8pzMYCy5lhKxadg -vAwQF/6QAnjRvgifjxJOTTXPKSN9aAbpPkn6OEibtffcHtKALmvPNs65b1fE7meL -1MS1PPSi/ymrGdAJQab5wTZ08Fc9BQ2+hFXWBPU1XvJfYqjjKgnezhm3alv0CDxy -e9geIkEwxb4IBxLF4OI07X/6YmORwRZOn98NqqcKXFLhS3B+elJABrSU/td04B6e -RAs1ostFBDm3MDBrS7rs1BFuSKF/g7AWD7yxAffO/MOmHSDiNlcnPnMbSihbRBmz -kGYT77l2NnMPHimCcCueUt44ijDAQVlIKMgJMwIDAQABAoIBAEodA4nYMNf9QO0i -c0MgtCwtgTiidzljpugjYMKaX7lXEX2e7sbO61UouUT4F/2jG5tmMfJ/7J7lSTZR -X2t3Nw7BuqFsIQOef8vmqe7AgiqAJ78CqC7bXLk1MxH9gVrLUCwl7o6VQIhZEFDH -+Q7SfJuX11Ehk3WAGV3HtYOuVRs01IGy0Aj19+wv+dQuoxF/2DjwHbJzZjqVooqA -8jDZI3HfVZmtiOpOmi6InEIP1ANzKtzT01s7SwP8S58Ba7OX+BHRe0OkN2atK+P5 -PM9iT5mSpHbGfNPnjy1HvGd/Ndu0SryCmiD9BkelSL96JcTBkU7r3XzzIaoKHSwX -mBNmCcECgYEAyRXRN3lqAV7pvxsmjTCIalXyHOEmOHxzlWxL4i01lEN/tZte+qJu -FEN8fdBoTp7/BYgtbB+uDrkxwVB/L8wxugANeDMXvTvAFOB3DZJn9olEFoIsljmM -jkmZ9KJeVixnZMOg/38UBWu7Vq/XKgRWpcgEsCeCOIjq3mZgk+n3NQcCgYEAw4kf -gsyAG9bFS2x7ccU5x/I6lH98l+J5TViVWK5oztzuaRSZNvcM3q10VekBTByQwhup -DPoV/nFYG+2mG3VSNFt3d/R015/Z0ZkksR89jV3O3xCeBu6/XnEN8OIwHtnugKFk -P/yrLHZMnDeDLbTudzy8jqPwcX0x4KOxHAhui3UCgYEAiTQuvehFMUw+t5vh8SJ1 -YgDko1nox0/7WbA8EsaAMXrg79xksSUVcRQfJIWINmT8YxzoyUbQb9FjJqEzNzzf -jScuCZ7rCr5zMIt8EDGeaDR+1dDadWItCoUj3CzRq4C+x51IBC0ETzKT7/EpIc02 -BgX1VPCQRNz/TOKT8TkJ6Q8CgYBpFECF1wYlb8Z44OR54GZLyCWo9dXr/X34jdk8 -XgXe3SWV/MbVnfAhno89N8lFsLguSBUR7zdwlFKoN48jhGnXzyuloA5GbhXtKGJq -eQJn/PiWMWTrDtRymUjHoZYAjlc4cwLfzBXk//HtpXtuTaQ1GcOu1/T32DK8qNsd -2H4nnQKBgQDI+5gky0GJX/USYR8aHqvJDuKOUsRvmhtfoH3Yx1BLj+3UX6m8dKnz -3mbfUreuJe96kw2tboNvkLVk2yyRq+xUveCFsBycF7URK4db28uj+cwY7j0CSRMA -fPBqnukm4HzsUTXlUmMFTt5OvjYalZkVfvhUMk6b/Upy9/Dekqg3oQ== +MIIEpAIBAAKCAQEAthxinLqUjedrn5/5rQ//P1GoKVssNg28mEXDLAWNISM57PF9 +f1mZZVeD86DuGuCN77caUhN62sjWVX+ipexn2Lwaq0tpiXGWK3BwdJFfeqxxO8mp +sKMFZmgl4rAjIzGxPM3Ql/qchX4iwn8nVWB+Fm4U+N+pIR0Lhx9sRe9ysGvhLPXa +bPWqWhzkp3/hdt6JALxYrhHkIFhXkDq8rU+K97SpXrg72hNlQA+p+LZVu1WvDUcR +VefaTvq5an9HN0ItO3eQc5jO6Gsezvhvuwkg6vGCYQ6gkp1nW0uTeI0Wcs1PVUC1 +U1l6GzI6huhdOKSgukUXL84yrfy8fy0AbSGHrQIDAQABAoIBAFeTkfa2IW+WjWKf +v6WyzjiIj9qHjlzWQU5nKiM27jYz5wzj20rNb1/VdM7KIwdI2ukfQGidFpU1RSGr +ti+d3xjS6O5cXz3qImH0ehgMuwJXAENUySZ5V0T2q9V2iAdKQ+YuQfR8YB4wWQ34 +sRU1SJ2Hxc0jXgXfHmaWPW7qZlihTl3lMexkkezezd2DtM7m6GlUip3oqLW2QS1t +wQU8bU+Cdvl6d3+xqS25W5ASd9Okz7ql7ytFLpM/A2EoWRYJxYrGVwgOCqUrH3N2 +AjXfPEQT/ZCspFzCrZ0eKr6EzZoz0V6cPAdrB/QNCtnO2qOy78OIx/eb5LzFMUxC +axJoxd8CgYEA/F5+b1LSXl5JijDZxKj0usRcoAAHCdwJpZtLb7RmYuOBh8daStDr +OPDQWeD+R80D9CRVa9NBzLp537G2dGULHyfUPH1cOeaPf1Dn1tRSpN82o/IfsPN7 +tQtOu0TIlTNl1lbcOiJ98Y87qlATKMFAUYnSnLsZRbZnTCZx5L6bvCMCgYEAuLsf +J3nBMBpYSserICylnedWYn+DXlsLD+gmcCwXruRxp/MmdJLt5tMZZtlbQMhJmrdA +dn2CF0ZwacG4wC85vB405aCr1VmJWdn+gKO8wAfQDkya4bhow2iMbEtX61OPt1L2 +If97qW9b5jTo/xRNUoL9cBvBgDoQlkWi/CioQe8CgYBTLFVhHRul7E8yUx1COijF +8PdR6BBpyHIJeV/oRb1EtBQ5ipMQe0A6uOsB5CwJv+CgsuTQL4TNE1wdRDWMsMx0 +jSzebrZZgsoiPKjb3YgLPGGGsMKPD//iUAK3p1iwC4txk5jrM/jsBre0TsWxtdcb +yF94NhWDKzVqHHWG3Ob4nwKBgQCNx3f6uTSvcZjQE/zf3cRis5mWUV2G/oM3+yn9 +L6ohnc0pZLHgCKC0ZtJ5IFssFkx/hSPhjSRaLsK6OGdOgTBjlB9vGein/2cuYeQ1 +4PVNwPFK+DprATjOuSAFQbJBt8l2nyKvJ0FG4mP7BCLLG07ZBBX1hCf3/Rib7OhR +dfblWwKBgQCtSs3ADkNpXzxh8XufKVDWKuTmBsH15HPPk7coem4K0FwiIZ8ZwE37 +tTtqOHx/wsSqGs6CFr0UW3iS9uRjKrEUCtVWxl/nJGYQYDN+H1Iac8FEEqD2d+5c +VKpULLKMZjfISMhV/QOQMp17wcRFZ5i3QPq6faQA78ogNxuaBAQvLQ== -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDtTCCAp2gAwIBAgIBAzANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER MA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNV BAoMB01vbmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMg -VGVzdGluZyBDQTAeFw0yNjA2MDcxNDQwNDFaFw00NjA2MDMxNDQwNDFaMHwxCzAJ +VGVzdGluZyBDQTAeFw0yNjA2MDcxNjQ2MzRaFw00NjA2MDMxNjQ2MzRaMHwxCzAJ BgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazEWMBQGA1UEBwwNTmV3IFlvcmsg Q2l0eTEQMA4GA1UECgwHTW9uZ29EQjEQMA4GA1UECwwHRHJpdmVyczEeMBwGA1UE AwwVd3Jvbmdob3N0LmV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEAmZdTypo3siRWms5U4cnrQFI5r9sVyndKw8pzMYCy5lhKxadgvAwQ -F/6QAnjRvgifjxJOTTXPKSN9aAbpPkn6OEibtffcHtKALmvPNs65b1fE7meL1MS1 -PPSi/ymrGdAJQab5wTZ08Fc9BQ2+hFXWBPU1XvJfYqjjKgnezhm3alv0CDxye9ge -IkEwxb4IBxLF4OI07X/6YmORwRZOn98NqqcKXFLhS3B+elJABrSU/td04B6eRAs1 -ostFBDm3MDBrS7rs1BFuSKF/g7AWD7yxAffO/MOmHSDiNlcnPnMbSihbRBmzkGYT -77l2NnMPHimCcCueUt44ijDAQVlIKMgJMwIDAQABo0UwQzAgBgNVHREEGTAXghV3 -cm9uZ2hvc3QuZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAU+A496TQtmVifKtbFsH5I -+B9N6ZowDQYJKoZIhvcNAQELBQADggEBAKyB6OAeBsZ+4h2KUfSHAi6r6eLNquu4 -qUx2fF7CeTQjTNbcV8WyL9LsXt2afTGbyiBVUWJivD735egaumA9pyk8OdcIi9rN -M+RyLroH9o3p2dwbjOQOMUoNVnxySZuzEEOdRj0vrTZciOvokSzRmNyp94YXZZbT -/xEAWI629PsChzBFWbBJ5ZgOgD4Yh7jw0AVuskM7gSUf5CqJUpetDDXR8nRxIXKx -HZ5ug+ph+93mBwIO+XPhk4hdVRNvEGmnqq0gBk2PYp+WacRWZkGmqVHvSAtxYCUp -moylFFxGxn0Jhm5iosJASJArcxg0a8bt9/d83IVl7n15/QUa0F2myrs= +MIIBCgKCAQEAthxinLqUjedrn5/5rQ//P1GoKVssNg28mEXDLAWNISM57PF9f1mZ +ZVeD86DuGuCN77caUhN62sjWVX+ipexn2Lwaq0tpiXGWK3BwdJFfeqxxO8mpsKMF +Zmgl4rAjIzGxPM3Ql/qchX4iwn8nVWB+Fm4U+N+pIR0Lhx9sRe9ysGvhLPXabPWq +Whzkp3/hdt6JALxYrhHkIFhXkDq8rU+K97SpXrg72hNlQA+p+LZVu1WvDUcRVefa +Tvq5an9HN0ItO3eQc5jO6Gsezvhvuwkg6vGCYQ6gkp1nW0uTeI0Wcs1PVUC1U1l6 +GzI6huhdOKSgukUXL84yrfy8fy0AbSGHrQIDAQABo0UwQzAgBgNVHREEGTAXghV3 +cm9uZ2hvc3QuZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUu4w3IJMJ+m356S6yIsSv +aiYwZ+EwDQYJKoZIhvcNAQELBQADggEBAHwgMdOsr7myp2O5P2pHLPiUur75H/vK +P/l3asgejFngVDecpJfMVOhNbqeAI7KY8l3fqklRSJXWQ6cfBnXJSoBO5TKF2kSq +DXYfuVHX+Yw7DZvIZ2Kt7ffKR4ljUPqXB1lrKOiTBNs6S++Zzv9rxDJUd/91gcRz +sDZwx/ZHvXyksZC3B8ssA/V1qsKBv/apLE/VM7yTO0FyHhw75OvodZmhxVTuGsn1 ++aQ1xxxBbN3UBA9TPGVSNADGJ7B269jnfNeeRKRDnBxN07iFfc031yDEbvdFr/6K +egMB6Tv0CkupJ9YwTgp63MXW6Z6RebU8TRKggHuFzYUDMKVZrMTpUOs= -----END CERTIFICATE-----