diff options
author | Paul Howarth <paul@city-fan.org> | 2022-12-23 12:34:49 +0000 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2022-12-26 09:47:43 +0100 |
commit | ef07452a5cc379e90c55a16ffa3a313b03f78df5 (patch) | |
tree | e90ece9f4d3fa7a47819a18f84561acf9963ee54 /tests/certs/Server-localhost0h-sv.pem | |
parent | 5ee81c396322799e8c6aea7050861ea4817b74fa (diff) | |
download | curl-ef07452a5cc379e90c55a16ffa3a313b03f78df5.tar.gz |
tests: avoid use of sha1 in certificates
The SHA-1 algorithm is deprecated (particularly for security-sensitive
applications) in a variety of OS environments. This already affects
RHEL-9 and derivatives, which are not willing to use certificates using
that algorithm. The fix is to use sha256 instead, which is already used
for most of the other certificates in the test suite.
Fixes #10135
This gets rid of issues related to sha1 signatures.
Manual steps after "make clean-certs" and "make build-certs":
- Copy tests/certs/stunnel-sv.pem to tests/stunnel.pem
(make clean-certs does not remove the original tests/stunnel.pem)
- Copy tests/certs/Server-localhost-sv.pubkey-pinned into --pinnedpubkey
options of tests/data/test2041 and tests/data/test2087
Closes #10153
Diffstat (limited to 'tests/certs/Server-localhost0h-sv.pem')
-rw-r--r-- | tests/certs/Server-localhost0h-sv.pem | 172 |
1 files changed, 85 insertions, 87 deletions
diff --git a/tests/certs/Server-localhost0h-sv.pem b/tests/certs/Server-localhost0h-sv.pem index 386d00dbe..72f326dfb 100644 --- a/tests/certs/Server-localhost0h-sv.pem +++ b/tests/certs/Server-localhost0h-sv.pem @@ -37,45 +37,46 @@ commonName_value = localhost # The key # the certificate # some dhparam ------BEGIN RSA PRIVATE KEY----- -MIIEpQIBAAKCAQEA6tAcBmFyx5KHQPPDOXIlr+6hVova8Ol5XFoBrC4KCG/0Jdz9 -GK+cwMl/FA+VL+pth8RMBA3FmpqoRLjGAZWkiDdphWgLd9jrzYUuCSzNLTEcc0+/ -UGzcZR4fm8C2/Y4PjdBYpYyCnRAHBKlmR3gCAe1o9GeMFtWowCbrJebQofrQ67kw -7u82wV9PKUhmZsrblhRAyteeJFvIkPzfPRsUwXba9mHKig7E/80TH7dIj86ACUzH -celQXD/TYiXbk+MLxKNq82xCC+UMRSIvkxlSQBsS2R8mLaA52xXeRoICHq1BcsOL -mQWDQ1jSZTvSj5d63EDe4GW0lxkRWZTy9G/M+wIDAQABAoIBAGAciKwP7RRFJLlw -TUNRNp3Zdg5ftmEPn44uhSq9uXuUn4Fz/+C/2NCMaUiDzFPNh8GflmG+ZViP3zop -y1pQrwTWcYmaeb83eeUokxxMSzspM/T6+lroBBobh2KQMhZ8tF8enXo9liTFr6m3 -0NaGB4RUcbZAP/YExErKY0ujO1hg8Zr4lPkFx0Gt3neIz2h869ra1fTF5559XSei -zAQ5MHgxpoAcs+8VzloS8hDgVVe5GBRmcyzqdFiZqo3isG7QaaSgZpw0LO43AHR1 -FANoYNox1dQgsYtYp7oCjyoqeY5kMrqXlHOQ5NbZ4HzUOwJjKUK0miVytRCOSNhm -jv4tlEECgYEA/WTIh37BfR9juVPQgKVtT7k6P6HTEoW52JuDa3Zmnbh3VvpppJs3 -+GM+SGnb0cbiJYrIesoNF91kD0AA0ba97Vn0kR2BWx+g2yfts1QPI8Pt6jfb5xuR -BhYdYdCNxXVgfDgvgz54ngJDEN2SXSQsBbKc7K++wU8kDBGNlJ7qZRsCgYEA7Tpm -luPFFt3lBgCccvI28LWS/B2TnYdbRbceZJ8Fk6R1OdqYJryTqGBsIQz3DTwqF1ok -X7XTXxt7zABZco8Z31W8Ju4yqDgvK8jWOxlKyZjUFyzvGKrzhp5J7WYzkbZ7SJNl -J8TcHtTlF12RqLze2XlUHhHgVFp3xSJRt4ThFaECgYEAgb7aIu7Xeg7ZjCqLZ2PN -HfY1CiH9Js3MREoUt7CviHDMwn+EGmHT/d4rJP73LGnOn/R5BM5yd9bHhjt6b+dH -RsI5xRg7hQIj5jOCtcED44dOShCCC8sErf4i21PjU8jvN4u5YFVbg2SbHIanjAOa -euxjB5pRbT/tsDRIr2HTmSMCgYEA0zskLAkF7lWIXy7eH4/DEdRr26euUB89SzdB -jdD3Ez7lzqzwu9VAGTY6Mbesp5FB3Wc7aimp207KjZxmCRaYr/9UOMnyO01D21XK -Q/dCW32EpFozT6CwlNaO9x8AnieBYN81vBKS+bURhBuh3kDGoZhiKSA7woCHkvX7 -E1DzZuECgYEA1v8fntlJTSJtaahxIimbuTV5XbxysbK+AaWigLaqbGH8nmN1+Pda -saqFgqIu19z3rryiD+aKqZcamhQbZPMufWWEwqk4M+fewvLx/o4rB/0KL/9Lwq00 -luOQzIjTtcNbS47CLIuhfOhGBhiAOtC3Ub6icZ+6+AYXfvJAsqRy2p4= ------END RSA PRIVATE KEY----- +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDfKZNYgh2iuAcq +so+TDt8VSXIGkxlKLcW9VpJa2vTTmgEc7kdXDp7Y1w3Ezkui8PwH7JHplQj06V3y +SfMLmPDYx9RnL/vylDsUyAbaOXCK+UtwqHRrP1vRpBzqvfGeweLnmIhP6Uu2yNae +AfO3ye7N4teWaBTXRMYRE59sBk5XmFPIQN6dRB9q9AGwVkdeO7U8KZuW85paeNER +USUOQ4JK099UWkYA3rCiLmVURECcZNPoP+is4wz7NgrFeTepou8GFEOsniDeMNLq +eX3v8gyTcI27FP9MVkHkKt6SCs5lLNP7KQ9P+RbXYlROTKgFNF3mIOOJvHsf3yFX +ZqkgzuazAgMBAAECggEAa31sIpKx0aHQmeleLJhaLbetu6r44HkBqPxdDHQwvweM +B7JiHHXHX2zejfBMEFUBIJP7iEYoBUeu37hs4CYvxEskbPt44NQzTQQ4AL7wDZCc +nMwXH11qTaU95HfPPQfo0mLvLYaS2J0Oexc3nEwgwXzFGQZTG4ld2fXYsUCsVZX8 +PoHbkKWEHveQEFDmGezguc2UG3DrXaZv5gbMhVik048zX3P5cn0ic9TK9yEFZDXS +8Qiq/SHTHEnkZV5J8s12pcDyQdi1cN96MVZ1/feeg1Pc06q7PN7xvkmZHCQ1tOdl +b7STXNPrJ0P7OwbeB0Q3xNwqI25wicN1oaBvdR/PAQKBgQD4gN6+sR74FNC4q99T +fuFqwJ36W8GG0jc9joJTbITXGSdArQHm838Mippp0P3MrUTLqXI0nhjH8ePjF83R +KRWGoUvSc2Xe7LjzzEmg9CmtB+QD97Qir0468izqnlP1Ef16kbbIMLsoVgIht6YY +klUYs7x3AtDBvHV7EKlP63kUgQKBgQDl5QDW+KZRvQU/G7tWsOZ6iQ3Ed8Zt4uRk +EshPeCoz0S0ks8pzpa+YaAAUKsHvgiL7oLMFquuVHn7TctYBoe2/bwdj0/IW/1pP +oDJqRJIbamjYj6qKG7Ihx0yx+z7f7vbKCgC5ifzy0Xl60E9fRIf3/dVopU+3qtwG +qOphkrNRMwKBgQCrEixFIjGrnsjBGLC5DhOoJcmbXCcx5O1aVwyo2X/pg8td3rv8 +fYvs2k3KorDVgkJl4dRZHKz6mC7FWtG5N4s2DzvfOMncWSJJ00ysnOlD0LbLdG5x +ojU8pxL8wNoTT7sr8bvevI1bCzqUc5TIPZSPWMxZMXr8o/xMKAAmoHfOAQKBgDBH +VlTO5Qa3XlmxdjcvcUd8bsK6sJY1FueZNi3SO3KkVAmoJDUDL4wfEx0pGY810ijr +x4zCJzUqsVGwhRbUrbwNEg053lZMC+g66Tt96P0O7LPF//d+93q2gvnBnKOkaHln +fl14iAFqUkujYXfNSYyf5uhSBxq4K/rOEGKrTzMXAoGBAL3Hz3s5Gvy44SMV0UHl +18gEqR0y9mXfgON9Rk0yE+fFYFRnFf4iHIxhodXPIGeu1CpqtXjEcG8JXVXniaao +qNGbVs2QoBUVW81sHG9h/ulHCAwjFvZhFYgDiRQPcVd3lNJM4gigjRyw/nRnQH+2 +MVCJe5htDEMM58h8LepU4T8M +-----END PRIVATE KEY----- Certificate: Data: Version: 3 (0x2) - Serial Number: 16693795668370 (0xf2ed3c2c192) - Signature Algorithm: sha256WithRSAEncryption + Serial Number: 16717980979573 (0xf3475515175) + Signature Algorithm: sha256WithRSAEncryption Issuer: countryName = NN organizationName = Edel Curl Arctic Illudium Research Cloud commonName = Northern Nowhere Trust Anchor Validity - Not Before: Nov 25 12:32:46 2022 GMT - Not After : Feb 11 12:32:46 2031 GMT + Not Before: Dec 23 12:21:37 2022 GMT + Not After : Mar 11 12:21:37 2031 GMT Subject: countryName = NN organizationName = Edel Curl Arctic Illudium Research Cloud @@ -84,85 +85,82 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:ea:d0:1c:06:61:72:c7:92:87:40:f3:c3:39:72: - 25:af:ee:a1:56:8b:da:f0:e9:79:5c:5a:01:ac:2e: - 0a:08:6f:f4:25:dc:fd:18:af:9c:c0:c9:7f:14:0f: - 95:2f:ea:6d:87:c4:4c:04:0d:c5:9a:9a:a8:44:b8: - c6:01:95:a4:88:37:69:85:68:0b:77:d8:eb:cd:85: - 2e:09:2c:cd:2d:31:1c:73:4f:bf:50:6c:dc:65:1e: - 1f:9b:c0:b6:fd:8e:0f:8d:d0:58:a5:8c:82:9d:10: - 07:04:a9:66:47:78:02:01:ed:68:f4:67:8c:16:d5: - a8:c0:26:eb:25:e6:d0:a1:fa:d0:eb:b9:30:ee:ef: - 36:c1:5f:4f:29:48:66:66:ca:db:96:14:40:ca:d7: - 9e:24:5b:c8:90:fc:df:3d:1b:14:c1:76:da:f6:61: - ca:8a:0e:c4:ff:cd:13:1f:b7:48:8f:ce:80:09:4c: - c7:71:e9:50:5c:3f:d3:62:25:db:93:e3:0b:c4:a3: - 6a:f3:6c:42:0b:e5:0c:45:22:2f:93:19:52:40:1b: - 12:d9:1f:26:2d:a0:39:db:15:de:46:82:02:1e:ad: - 41:72:c3:8b:99:05:83:43:58:d2:65:3b:d2:8f:97: - 7a:dc:40:de:e0:65:b4:97:19:11:59:94:f2:f4:6f: - cc:fb + 00:df:29:93:58:82:1d:a2:b8:07:2a:b2:8f:93:0e: + df:15:49:72:06:93:19:4a:2d:c5:bd:56:92:5a:da: + f4:d3:9a:01:1c:ee:47:57:0e:9e:d8:d7:0d:c4:ce: + 4b:a2:f0:fc:07:ec:91:e9:95:08:f4:e9:5d:f2:49: + f3:0b:98:f0:d8:c7:d4:67:2f:fb:f2:94:3b:14:c8: + 06:da:39:70:8a:f9:4b:70:a8:74:6b:3f:5b:d1:a4: + 1c:ea:bd:f1:9e:c1:e2:e7:98:88:4f:e9:4b:b6:c8: + d6:9e:01:f3:b7:c9:ee:cd:e2:d7:96:68:14:d7:44: + c6:11:13:9f:6c:06:4e:57:98:53:c8:40:de:9d:44: + 1f:6a:f4:01:b0:56:47:5e:3b:b5:3c:29:9b:96:f3: + 9a:5a:78:d1:11:51:25:0e:43:82:4a:d3:df:54:5a: + 46:00:de:b0:a2:2e:65:54:44:40:9c:64:d3:e8:3f: + e8:ac:e3:0c:fb:36:0a:c5:79:37:a9:a2:ef:06:14: + 43:ac:9e:20:de:30:d2:ea:79:7d:ef:f2:0c:93:70: + 8d:bb:14:ff:4c:56:41:e4:2a:de:92:0a:ce:65:2c: + d3:fb:29:0f:4f:f9:16:d7:62:54:4e:4c:a8:05:34: + 5d:e6:20:e3:89:bc:7b:1f:df:21:57:66:a9:20:ce: + e6:b3 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Alternative Name: - DNS:localhost + 0
..localhost.h X509v3 Key Usage: Digital Signature, Key Encipherment, Key Agreement X509v3 Extended Key Usage: TLS Web Server Authentication X509v3 Subject Key Identifier: - 0C:BC:82:3B:78:FB:2E:45:68:C1:8C:F3:D3:90:EA:EB:B4:01:D1:4F + 6B:56:00:F3:01:BC:16:8B:EB:CF:75:A1:89:DB:26:B1:C4:ED:71:64 X509v3 Authority Key Identifier: - keyid:52:40:EE:E1:4F:95:58:29:CA:84:67:8C:0F:8C:CC:FE:8F:A9:FA:A8 - + 87:CB:B1:33:2E:C1:67:7E:71:E3:E5:2B:4C:4D:A4:B3:6E:D2:5B:A9 X509v3 Basic Constraints: CA:FALSE Authority Information Access: CA Issuers - URI:http://test.curl.se/ca/EdelCurlRoot.cer - X509v3 CRL Distribution Points: - Full Name: URI:http://test.curl.se/ca/EdelCurlRoot.crl - Signature Algorithm: sha256WithRSAEncryption - a3:57:b0:64:17:36:45:e1:66:41:3b:73:67:31:03:e8:8e:a7: - cc:eb:b3:0c:94:1f:65:37:e9:fd:f3:b7:a2:78:74:70:fd:16: - 22:5f:e9:01:25:67:6f:7a:6b:1d:b9:28:09:77:92:05:f0:dd: - 7e:55:b3:4a:5d:a9:31:e4:cd:2b:52:01:3d:d0:1b:b6:15:5d: - e8:e4:97:ec:1c:56:6a:e8:4d:cf:32:a2:f4:b5:d7:af:1b:9a: - 14:26:3b:b8:02:39:d4:15:6e:60:09:b5:23:fd:e5:ec:f4:3a: - 17:08:15:de:16:79:07:dd:3e:ae:52:23:b4:71:39:1e:9f:3a: - 22:e7:09:10:28:41:01:50:18:3e:bd:88:d2:3b:9d:0a:4b:98: - 8e:dc:c3:ee:09:aa:76:7f:53:1e:f6:8b:56:72:64:60:02:29: - ed:d8:d2:4e:75:76:f0:e6:40:4c:09:73:ea:a7:2e:3b:ba:35: - 4b:af:93:83:4b:99:10:b8:68:7d:79:3b:19:22:b7:36:e0:c3: - 5a:43:80:7d:e5:6d:6f:f8:78:4a:19:8b:60:26:2b:43:4c:96: - f9:cf:42:b6:8d:01:ee:c7:b9:48:6d:64:e8:a7:1f:e1:d0:f5: - f2:a2:6d:a0:c9:15:9d:12:17:1b:b1:8f:24:62:2f:41:46:51: - 8a:cf:8c:90 + Signature Value: + 5a:b2:83:c0:94:ce:25:aa:a0:f4:b6:71:fb:16:b4:e0:10:3c: + 9c:a0:db:2a:fc:b7:f8:97:64:cc:19:92:56:63:a9:e6:50:d6: + 6d:79:b6:a3:62:23:d2:48:21:37:46:46:3e:9d:cd:1f:55:18: + 77:fd:7f:35:ea:d8:68:9c:1c:2f:c8:23:43:a2:cd:77:3c:5c: + 21:94:93:80:84:d0:6a:8a:5b:ae:11:be:79:3e:80:17:32:9e: + 73:0b:dd:0d:f5:f6:4f:3f:1b:a3:eb:aa:21:06:a7:ef:c7:bf: + e5:87:67:2c:38:a3:c1:d4:f2:b4:ce:72:9d:2e:f8:b9:91:cb: + 83:1a:c9:be:74:bb:ac:78:5c:d9:3e:fd:1f:9d:ac:19:5e:b3: + 00:66:38:71:7e:06:2e:fe:1a:c0:ad:f7:82:1d:85:6d:3d:3c: + 9d:62:66:cd:1e:6d:f1:67:7a:05:4a:58:6e:7a:a7:1f:2f:7c: + 5f:c0:2c:19:df:de:c6:2d:13:c6:3b:ea:6d:98:d0:55:98:4c: + 00:a7:e2:2f:7d:86:24:49:2d:86:c3:75:d0:71:41:16:8c:7b: + 49:25:eb:d2:cd:9b:08:b4:5f:6e:aa:4a:2d:6c:5b:89:67:7f: + 3f:0c:43:43:bd:83:f7:ef:1e:ee:e7:6a:e7:3a:c1:c7:aa:1d: + 5b:34:1b:d1 -----BEGIN CERTIFICATE----- -MIIERjCCAy6gAwIBAgIGDy7TwsGSMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNVBAYT +MIIERjCCAy6gAwIBAgIGDzR1UVF1MA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNVBAYT Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo IENsb3VkMSYwJAYDVQQDDB1Ob3J0aGVybiBOb3doZXJlIFRydXN0IEFuY2hvcjAe -Fw0yMjExMjUxMjMyNDZaFw0zMTAyMTExMjMyNDZaMFQxCzAJBgNVBAYTAk5OMTEw +Fw0yMjEyMjMxMjIxMzdaFw0zMTAzMTExMjIxMzdaMFQxCzAJBgNVBAYTAk5OMTEw LwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNoIENsb3Vk MRIwEAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK -AoIBAQDq0BwGYXLHkodA88M5ciWv7qFWi9rw6XlcWgGsLgoIb/Ql3P0Yr5zAyX8U -D5Uv6m2HxEwEDcWamqhEuMYBlaSIN2mFaAt32OvNhS4JLM0tMRxzT79QbNxlHh+b -wLb9jg+N0FiljIKdEAcEqWZHeAIB7Wj0Z4wW1ajAJusl5tCh+tDruTDu7zbBX08p -SGZmytuWFEDK154kW8iQ/N89GxTBdtr2YcqKDsT/zRMft0iPzoAJTMdx6VBcP9Ni -JduT4wvEo2rzbEIL5QxFIi+TGVJAGxLZHyYtoDnbFd5GggIerUFyw4uZBYNDWNJl -O9KPl3rcQN7gZbSXGRFZlPL0b8z7AgMBAAGjggEIMIIBBDAWBgNVHREEDzANggts +AoIBAQDfKZNYgh2iuAcqso+TDt8VSXIGkxlKLcW9VpJa2vTTmgEc7kdXDp7Y1w3E +zkui8PwH7JHplQj06V3ySfMLmPDYx9RnL/vylDsUyAbaOXCK+UtwqHRrP1vRpBzq +vfGeweLnmIhP6Uu2yNaeAfO3ye7N4teWaBTXRMYRE59sBk5XmFPIQN6dRB9q9AGw +VkdeO7U8KZuW85paeNERUSUOQ4JK099UWkYA3rCiLmVURECcZNPoP+is4wz7NgrF +eTepou8GFEOsniDeMNLqeX3v8gyTcI27FP9MVkHkKt6SCs5lLNP7KQ9P+RbXYlRO +TKgFNF3mIOOJvHsf3yFXZqkgzuazAgMBAAGjggEIMIIBBDAWBgNVHREEDzANggts b2NhbGhvc3QAaDALBgNVHQ8EBAMCA6gwEwYDVR0lBAwwCgYIKwYBBQUHAwEwHQYD -VR0OBBYEFAy8gjt4+y5FaMGM89OQ6uu0AdFPMB8GA1UdIwQYMBaAFFJA7uFPlVgp -yoRnjA+MzP6PqfqoMAkGA1UdEwQCMAAwQwYIKwYBBQUHAQEENzA1MDMGCCsGAQUF +VR0OBBYEFGtWAPMBvBaL6891oYnbJrHE7XFkMB8GA1UdIwQYMBaAFIfLsTMuwWd+ +cePlK0xNpLNu0lupMAkGA1UdEwQCMAAwQwYIKwYBBQUHAQEENzA1MDMGCCsGAQUF BzAChidodHRwOi8vdGVzdC5jdXJsLnNlL2NhL0VkZWxDdXJsUm9vdC5jZXIwOAYD VR0fBDEwLzAtoCugKYYnaHR0cDovL3Rlc3QuY3VybC5zZS9jYS9FZGVsQ3VybFJv -b3QuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQCjV7BkFzZF4WZBO3NnMQPojqfM67MM -lB9lN+n987eieHRw/RYiX+kBJWdvemsduSgJd5IF8N1+VbNKXakx5M0rUgE90Bu2 -FV3o5JfsHFZq6E3PMqL0tdevG5oUJju4AjnUFW5gCbUj/eXs9DoXCBXeFnkH3T6u -UiO0cTkenzoi5wkQKEEBUBg+vYjSO50KS5iO3MPuCap2f1Me9otWcmRgAint2NJO -dXbw5kBMCXPqpy47ujVLr5ODS5kQuGh9eTsZIrc24MNaQ4B95W1v+HhKGYtgJitD -TJb5z0K2jQHux7lIbWTopx/h0PXyom2gyRWdEhcbsY8kYi9BRlGKz4yQ +b3QuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQBasoPAlM4lqqD0tnH7FrTgEDycoNsq +/Lf4l2TMGZJWY6nmUNZtebajYiPSSCE3RkY+nc0fVRh3/X816thonBwvyCNDos13 +PFwhlJOAhNBqiluuEb55PoAXMp5zC90N9fZPPxuj66ohBqfvx7/lh2csOKPB1PK0 +znKdLvi5kcuDGsm+dLuseFzZPv0fnawZXrMAZjhxfgYu/hrArfeCHYVtPTydYmbN +Hm3xZ3oFSlhueqcfL3xfwCwZ397GLRPGO+ptmNBVmEwAp+IvfYYkSS2Gw3XQcUEW +jHtJJevSzZsItF9uqkotbFuJZ38/DENDvYP37x7u52rnOsHHqh1bNBvR -----END CERTIFICATE----- |