diff options
-rw-r--r-- | tests/Makefile.am | 2 | ||||
-rw-r--r-- | tests/cert-common.h | 320 | ||||
-rw-r--r-- | tests/set_x509_key.c | 98 | ||||
-rw-r--r-- | tests/set_x509_key_file.c | 12 | ||||
-rw-r--r-- | tests/set_x509_key_file_der.c | 8 | ||||
-rw-r--r-- | tests/set_x509_key_mem.c | 57 | ||||
-rw-r--r-- | tests/set_x509_pkcs12_key.c | 4 | ||||
-rw-r--r-- | tests/utils-adv.c | 151 | ||||
-rw-r--r-- | tests/utils.h | 8 |
9 files changed, 459 insertions, 201 deletions
diff --git a/tests/Makefile.am b/tests/Makefile.am index 4c043a784d..5f18e4c7e0 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -63,7 +63,7 @@ endif noinst_LTLIBRARIES = libutils.la pkglib_LTLIBRARIES = -libutils_la_SOURCES = utils.h utils.c seccomp.c +libutils_la_SOURCES = utils.h utils.c seccomp.c utils-adv.c libutils_la_LIBADD = ../lib/libgnutls.la ctests = mini-record-2 simple gc set_pkcs12_cred certder certuniqueid \ diff --git a/tests/cert-common.h b/tests/cert-common.h index 0b51e22e8f..d18bebe64e 100644 --- a/tests/cert-common.h +++ b/tests/cert-common.h @@ -384,25 +384,28 @@ const gnutls_datum_t dsa_key = { (void*)dsa_key_pem, static char ca3_cert_pem[] = "-----BEGIN CERTIFICATE-----\n" - "MIIDYDCCAcigAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" - "MCIYDzIwMTQwNDA0MTk1OTA1WhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n" - "BENBLTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD46JAPKrTsNTHl\n" - "zD06eIYBF/8Z+TR0wukp9Cdh8Sw77dODLjy/QrVKiDgDZZdyUc8Agsdr86i95O0p\n" - "w19Np3a0wja0VC9uwppZrpuHsrWukwxIBXoViyBc20Y6Ce8j0scCbR10SP565qXC\n" - "i8vr86S4xmQMRZMtwohP/GWQzt45jqkHPYHjdKzwo2b2XI7joDq0dvbr3MSONkGs\n" - "z7A/1Bl3iH5keDTWjqpJRWqXE79IhGOhELy+gG4VLJDGHWCr2mq24b9Kirp+TTxl\n" - "lUwJRbchqUqerlFdt1NgDoGaJyd73Sh0qcZzmEiOI2hGvBtG86tdQ6veC9dl05et\n" - "pM+6RMABAgMBAAGjQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcE\n" - "ADAdBgNVHQ4EFgQUGD0RYr2H7kfjQUcBMxSTCDQnhu0wDQYJKoZIhvcNAQELBQAD\n" - "ggGBABHQqbXJVHxXAlfq0wOoy/11B4fhXJOxBQy1uvC8PSsZaGUJLH1P/8f+gyn0\n" - "oweedIG+CBMvDTlGnnDrUPZbN8K5HqPpsST9jIDsqAiFKEdi9AuN4/zAjrQq2NjN\n" - "ZtWIacIIRq2k7Qpk5nJn29HBKVabj/SJWuTNN8ume79IqanrMzmuou87QHr1vVOC\n" - "wlSvQ6osHLFBF2QJ6tbT5ZSIy4VJyjyrMt0nOQ5Gl+fLUpcpcymI3MGbEh/WJONV\n" - "CbvFIWdIuUb3T9EVFivMTeNJo6QxLI6vasnJJ0Jgs3yOtRZPVRx6F206EbzLiNfj\n" - "ozEI0j1HdJy8niNwEW0tCzVi/CS5QC/nk1/qXCffxDcGihEBzM3pFxXKQ5YJpSe2\n" - "GVoXfD0uDOccHcYaYbomGi2T63FJ4rG9eKPyYngjKD6aVJcOvldEeUwfYzNKbkFK\n" - "fsI5r+CO25C2qpVomnv7xZBomenu7F8c6RFIjYSIYTGTsgGCe20K7YrLjVErkeLG\n" - "1vDaOg==\n" + "MIID+jCCAmKgAwIBAgIIVzGgXgSsTYwwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UE\n" + "AxMEQ0EtMzAgFw0xNjA1MTAwODQ4MzBaGA85OTk5MTIzMTIzNTk1OVowDzENMAsG\n" + "A1UEAxMEQ0EtMzCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBALbdxniG\n" + "+2wP/ONeZfvR7AJakVo5deFKIHVTiiBWwhg+HSjd4nfDa+vyTt/wIdldP1PriD1R\n" + "igc8z68+RxPpGfAc197pKlKpO08I0L1RDKnjBWr4fGdCzE6uZ/ZsKVifoIZpdC8M\n" + "2IYpAIMajEtnH53XZ1hTEviXTsneuiCTtap73OeSkL71SrIMkgBmAX17gfX3SxFj\n" + "QUzOs6QMMOa3+8GW7RI+E/SyS1QkOO860dj9XYgOnTL20ibGcWF2XmTiQASI+KmH\n" + "vYJCNJF/8pvmyJRyBHGZO830aBY0+DcS2bLKcyMiWfOJw7WnpaO7zSEC5WFgo4jd\n" + "qroUBQdjQNCSSdrt1yYrAl1Sj2PMxYFX4H545Pr2sMpwC9AnPk9+uucT1Inj9615\n" + "qbuXgFwhkgpK5pnPjzKaHp7ESlJj4/dIPTmhlt5BV+CLh7tSLzVLrddGU+os8Jin\n" + "T42radJ5V51Hn0C1CHIaFAuBCd5XRHXtrKb7WcnwCOxlcvux9h5/847F4wIDAQAB\n" + "o1gwVjAPBgNVHRMBAf8EBTADAQH/MBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GA1Ud\n" + "DwEB/wQFAwMHBgAwHQYDVR0OBBYEFPmohhljtqQUE2B2DwGaNTbv8bSvMA0GCSqG\n" + "SIb3DQEBCwUAA4IBgQBhBi8dXQMtXH2oqcuHuEj9JkxraAsaJvc1WAoxbiqVcJKc\n" + "VSC0gvoCY3q+NQvuePzw5dzd5JBfkoIsP5U6ATWAUPPqCP+/jRnFqDQlH626mhDG\n" + "VS8W7Ee8z1KWqnKWGv5nkrZ6r3y9bVaNUmY7rytzuct1bI9YkX1kM66vgnU2xeMI\n" + "jDe36/wTtBRVFPSPpE3KL9hxCg3KgPSeSmmIhmQxJ1M6xe00314/GX3lTDt55UdM\n" + "gmldl2LHV+0i1NPCgnuOEFVOiz2nHAnw2LNmvHEDDpPauz2Meeh9aaDeefIh2u/w\n" + "g39WRPhU1mYvmxvYZqA/jwSctiEhuKEBBZSOHxeTjplH1THlIziVnYyVW4sPMiGU\n" + "ajXhTi47H219hx87+bldruOtirbDIslL9RGWqWAkMeGP+hUl1R2zvDukaqIKqIN8\n" + "1/A/EeMoI6/IHb1BpgY2rGs/I/QTb3VTKqQUYv09Hi+itPCdKqamSm8dZMKKaPA0\n" + "fD9yskUMFPBhfj8BvXg=\n" "-----END CERTIFICATE-----\n"; static char ca3_key_pem[] = @@ -456,8 +459,8 @@ const gnutls_datum_t ca3_cert = { (void*)ca3_cert_pem, static char cli_ca3_cert_pem[] = "-----BEGIN CERTIFICATE-----\n" - "MIIEHzCCAoegAwIBAgIIVyG4kiR7VLIwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UE\n" - "AxMEQ0EtMDAgFw0xNjA0MjgwNzE1MzFaGA85OTk5MTIzMTIzNTk1OVowFjEUMBIG\n" + "MIIEPzCCAqegAwIBAgIIVzGiRh5+VCgwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UE\n" + "AxMEQ0EtMzAgFw0xNjA1MTAwODU2MzlaGA85OTk5MTIzMTIzNTk1OVowFjEUMBIG\n" "A1UEAxMLVGVzdCBjbGllbnQwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIB\n" "gQDhAB7O8se421OVNBKfW81pgGtnn4LNLz+0HYvkb7BbLdiqqqHWQH6BxY30W2q/\n" "bUHVaBFa2OufitMmDGX6iAuIuAshnqIb9h7U84UrHFVhjE9cjuykBhoJbr/5CNL/\n" @@ -467,18 +470,18 @@ static char cli_ca3_cert_pem[] = "GpSNznLe9se1rZeDn/PHRf8UHr2PYpmyBSaSVhUUb217tS1JUODPdTr153XoBQvE\n" "2oAXYsaG4gQjn7g+KRdv5DFo7H+HDUG0SozMsxs2mEgtI8FEj42lNnY8JJ50axDP\n" "GyCez+JosHurUAisotRCVWnL4k19q5irO+Uw1fAxqg1BkN/2g6gWR1M/k/y3+AaT\n" - "auUCAwEAAaN2MHQwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcDAjAP\n" - "BgNVHQ8BAf8EBQMDB4AAMB0GA1UdDgQWBBRdXorh31ji3Vx07Tm7u9jZMbKBajAf\n" - "BgNVHSMEGDAWgBQYPRFivYfuR+NBRwEzFJMINCeG7TANBgkqhkiG9w0BAQsFAAOC\n" - "AYEATOwassPHaWyIHVwSVfRjqivtgC5ZDZOllmPCl11j3ml2u4X2E5bsILXI/Tb3\n" - "i2Kd1G/NXI+ITSzAot7jY2HC1Q8i8bjZFJaks7Dk+R4/Ozh0ZWw70hLFCcbnC/8/\n" - "WCeOxQYKhoZIrN3I6Yl3Ls2+yRnUyOgF67rq5tj7a+FOO2RMjoP1WrtzHG0pQwzb\n" - "yuF6LztHh7ZE7y2fBkWOvSiMgTyd0I4UjaS8WSbWIAj6N4CKFkSwUdc0DU6QqEbA\n" - "gIU0JpnM3rMumSxDLa2BInW/8iY1YEl5MAGWzrb0RNEDxEkrAR1t+QVhBK2nzJkh\n" - "4KUaKOqR1kD2ROSipndXz/lmlNteCBKwHSgmCJNJDXwDyyHGh4HA/FMb35f+1Yfa\n" - "8EUwTIsYEartB+dWn7Wl1sSAbrbz1pCejxI4Z27r154Blho1G31e8XdJM+XJmV3C\n" - "dc0NdLNVapvVCuCIaefQf3KFeeFXAZv62HSoKHNRaGVt6PnGOjEq3qdbQlceIyZF\n" - "N6A1\n" + "auUCAwEAAaOBlTCBkjAMBgNVHRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMC\n" + "MBwGA1UdEQQVMBOBEWhlbGxvQGV4YW1wbGUub3JnMA8GA1UdDwEB/wQFAwMHgAAw\n" + "HQYDVR0OBBYEFF1eiuHfWOLdXHTtObu72NkxsoFqMB8GA1UdIwQYMBaAFPmohhlj\n" + "tqQUE2B2DwGaNTbv8bSvMA0GCSqGSIb3DQEBCwUAA4IBgQA/eaenR+0i8lTpzQlJ\n" + "djl5CZfeY11oH3WH7rM6dDaBaZjz7VIG1ETBByMy/B+2hXOlBGGkbGwtKO01sAH8\n" + "B91UOXvPkxIyofrhEBuGOQ3oN3eyAO48JxT9v6LSgzd82LPhtGErMbFkm/pFBjl4\n" + "F0bBKdMEoPsV/hHnIswkLpefaZ9po5eOrihC3oYPoHhuizSfIn0kzmvyPElduBBN\n" + "OcMPY26XF9tPSa3LKXA0UJo4mhpiVrWh9jbKLquaD+n/qKKV3mS++oytn4d2gdB6\n" + "dcrQTNY74U7bUXutRqDNNlrAxIQ7Qh+stAiZ7CCm143GQBESRiqqKFpxdvVhpwDL\n" + "H/buEo9I6ikYpwPAyIPfL9iMg13M/6NHg0s7C9psv0lInDCS2nFJG8L1Qp0Z6/Wt\n" + "9yEjTuCSyfEdk/1Ar/jaAkKcdXRFptQuLtqFHYaBmXrWPqK4b6H0vKhvOUhXliZc\n" + "0b7e0ldn20vEIdN3Qnoxf+7QVayrzKd7irovD8Xdg+R/E3s=\n" "-----END CERTIFICATE-----\n"; static char cli_ca3_key_pem[] = @@ -530,33 +533,6 @@ const gnutls_datum_t cli_ca3_cert = { (void*)cli_ca3_cert_pem, sizeof(cli_ca3_cert_pem) }; -static char server_ca3_cert_pem[] = - "-----BEGIN CERTIFICATE-----\n" - "MIIEHzCCAoegAwIBAgIIVyG5MAKg0A4wDQYJKoZIhvcNAQELBQAwDzENMAsGA1UE\n" - "AxMEQ0EtMDAgFw0xNjA0MjgwNzE4MDhaGA85OTk5MTIzMTIzNTk1OVowFjEUMBIG\n" - "A1UEAxMLVGVzdCBzZXJ2ZXIwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIB\n" - "gQDZPXiZqiz3wLuz+B4ZnJuCphLEX7k15NcpamL3+9ea4gXyfeFSHbSaihPauBUc\n" - "DMVbL/wfkhxYiJRCX7wqHIkJK4En5aEzSDDa6pI/CI5lSbiXdNDGbFLh5b8Guvhf\n" - "zyy8lDjFNNy3abkfU270tnzFY5mkYwYgjuN/RgPqh0b8McT+xUeN9x4PuSXXmMC1\n" - "r3v7y4JuMxE8ZzGDhW2aQK5Is6QYv0WELS5hVvB8GdP5XQwTJw4HH5i/YES7TENV\n" - "2RByzRY8hFQ9SbK5YHHGoszVJIlIuxm5v8N2Ig1cW6t7t3HnuZbDYRDCERMiEigB\n" - "z8vEZZyFsMLg5Z7JiNKSG/f+ER9CzDJXHgxBctV9EEc2KmRT1P9JeI/xZUOl9lKl\n" - "jc+t8m0Um3Asx5duWm4tcZm7FecnaJiTXD/tEG64qTKWtDuoI7+X9MjHe5lvf2gI\n" - "JT3CoKW24Rn6O1fc9oCCnVAi0V6FLM4XaG50X9NC666RVEFkXih8THA1gC9m9NJM\n" - "rD0CAwEAAaN2MHQwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcDATAP\n" - "BgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBQzneEn04vV/OsF/LXHgWlPXjvZ1jAf\n" - "BgNVHSMEGDAWgBQYPRFivYfuR+NBRwEzFJMINCeG7TANBgkqhkiG9w0BAQsFAAOC\n" - "AYEAFCY8NhmFgy7wWKlaU06i9CcP37BOM43c3F23wOuQ2cwxVLXCToYo92lwNMuW\n" - "B+nN6TDgAahB7dh9Hpkz1swWDzcflm4Ckcd5EVP7mJZx07rWwl7InSsYZ5sUtVuZ\n" - "Pkoum8bNaqfHZ6wnO3hyvp/68lhnwSc12c1ZjdFwDArbQY4jvwnAXNPWiV6XmHIe\n" - "fUH8m9oacKHDGVY0PpZy+0ehO3KSzrBdv6zRSSiI+gdyRzjDI6vjbj3z+afddnWT\n" - "asdnr8RLwpUaidB7MYAf3Ajnuacez/pZ9TVhNnMoN9DqHgY70kULC5sjK0joYj1d\n" - "5YqmNJF4F5zcff3i0Jo4Dpmj0NTMAHz1HlftTjGrQf17CQdev4QxVQSoSaASf4XO\n" - "nZHnn1YseYvmVV/FGLJ4/wgyl6Kqla+Dwy0+jB3GsVNL0CfdBQtPDoYYhffb238R\n" - "AqnDX/ymatC2YqqY7sq4LXd37gh0Us/Wxr5wN3RETo6/qPN9HiBVN/1vYGvhTpUL\n" - "PBwN\n" - "-----END CERTIFICATE-----\n"; - static char server_ca3_key_pem[] = "-----BEGIN RSA PRIVATE KEY-----\n" "MIIG5AIBAAKCAYEA2T14maos98C7s/geGZybgqYSxF+5NeTXKWpi9/vXmuIF8n3h\n" @@ -602,10 +578,70 @@ const gnutls_datum_t server_ca3_key = { (void*)server_ca3_key_pem, sizeof(server_ca3_key_pem) }; -const gnutls_datum_t server_ca3_cert = { (void*)server_ca3_cert_pem, - sizeof(server_ca3_cert_pem) +/* shares server_ca3 key */ +static char server_localhost6_ca3_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIEMDCCApigAwIBAgIIVzGhKhP99McwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UE\n" + "AxMEQ0EtMzAgFw0xNjA1MTAwODUxNTVaGA85OTk5MTIzMTIzNTk1OVowADCCAaIw\n" + "DQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBANk9eJmqLPfAu7P4Hhmcm4KmEsRf\n" + "uTXk1ylqYvf715riBfJ94VIdtJqKE9q4FRwMxVsv/B+SHFiIlEJfvCociQkrgSfl\n" + "oTNIMNrqkj8IjmVJuJd00MZsUuHlvwa6+F/PLLyUOMU03LdpuR9TbvS2fMVjmaRj\n" + "BiCO439GA+qHRvwxxP7FR433Hg+5JdeYwLWve/vLgm4zETxnMYOFbZpArkizpBi/\n" + "RYQtLmFW8HwZ0/ldDBMnDgcfmL9gRLtMQ1XZEHLNFjyEVD1JsrlgccaizNUkiUi7\n" + "Gbm/w3YiDVxbq3u3cee5lsNhEMIREyISKAHPy8RlnIWwwuDlnsmI0pIb9/4RH0LM\n" + "MlceDEFy1X0QRzYqZFPU/0l4j/FlQ6X2UqWNz63ybRSbcCzHl25abi1xmbsV5ydo\n" + "mJNcP+0QbripMpa0O6gjv5f0yMd7mW9/aAglPcKgpbbhGfo7V9z2gIKdUCLRXoUs\n" + "zhdobnRf00LrrpFUQWReKHxMcDWAL2b00kysPQIDAQABo4GcMIGZMAwGA1UdEwEB\n" + "/wQCMAAwIwYDVR0RBBwwGoIKbG9jYWxob3N0NoIMd3d3Lm5vbmUub3JnMBMGA1Ud\n" + "JQQMMAoGCCsGAQUFBwMBMA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFDOd4SfT\n" + "i9X86wX8tceBaU9eO9nWMB8GA1UdIwQYMBaAFPmohhljtqQUE2B2DwGaNTbv8bSv\n" + "MA0GCSqGSIb3DQEBCwUAA4IBgQBeG1Mj+13pX+4qcbZIlcLqsrRjCFeF/3XpbL7f\n" + "bUNaa+DYOOKy8d8/PHpS5uZHxwYOOK13+YOGr8hFBbXiGtl4uKbCmPd23kMfUzbI\n" + "iTuu0DvuENtl6zjY44bjuXxhg9vBC3b2CygF8IWOHuXSVCgNMLzMDEA71uOzpgAT\n" + "OQv+oDAURkWwMZWsGyb30YdoYb2QCqRLdMtVdoGkWq9CniE8rgHmrggSxkdCSOSY\n" + "rPwjCCwCxXQqtZMvZYUws+vrXvPOvZHauQFhvuw6EHV62lQnY9JD8nqtimwuskWw\n" + "hgcyhy4hgvmx7MRF1E+dc/lWSvNSHS6u8n4cTsHeHv2IOPl87y2jXR5lEoMItjZf\n" + "D9B6K0w488yvj1+aheV0mbQDMgR0pzWOVH0oJ6RCM1AFgNU+7/d9ztqBusYJhuL7\n" + "/MT4qYlyaZ3OzkIcD2kfmPLfX6FV5FCfVfNvKeCwvctisKsuJZ1/CIsjpoYJk7uu\n" + "YeI3wIhmivXBor8p5hUzrWqT2y0=\n" + "-----END CERTIFICATE-----\n"; + +const gnutls_datum_t server_ca3_localhost6_cert = { (void*)server_localhost6_ca3_cert_pem, + sizeof(server_localhost6_ca3_cert_pem)-1 }; +/* shares server_ca3 key */ +static char server_localhost_ca3_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIEITCCAomgAwIBAgIIVzGhBTuLU+swDQYJKoZIhvcNAQELBQAwDzENMAsGA1UE\n" + "AxMEQ0EtMzAgFw0xNjA1MTAwODUxMThaGA85OTk5MTIzMTIzNTk1OVowADCCAaIw\n" + "DQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBANk9eJmqLPfAu7P4Hhmcm4KmEsRf\n" + "uTXk1ylqYvf715riBfJ94VIdtJqKE9q4FRwMxVsv/B+SHFiIlEJfvCociQkrgSfl\n" + "oTNIMNrqkj8IjmVJuJd00MZsUuHlvwa6+F/PLLyUOMU03LdpuR9TbvS2fMVjmaRj\n" + "BiCO439GA+qHRvwxxP7FR433Hg+5JdeYwLWve/vLgm4zETxnMYOFbZpArkizpBi/\n" + "RYQtLmFW8HwZ0/ldDBMnDgcfmL9gRLtMQ1XZEHLNFjyEVD1JsrlgccaizNUkiUi7\n" + "Gbm/w3YiDVxbq3u3cee5lsNhEMIREyISKAHPy8RlnIWwwuDlnsmI0pIb9/4RH0LM\n" + "MlceDEFy1X0QRzYqZFPU/0l4j/FlQ6X2UqWNz63ybRSbcCzHl25abi1xmbsV5ydo\n" + "mJNcP+0QbripMpa0O6gjv5f0yMd7mW9/aAglPcKgpbbhGfo7V9z2gIKdUCLRXoUs\n" + "zhdobnRf00LrrpFUQWReKHxMcDWAL2b00kysPQIDAQABo4GNMIGKMAwGA1UdEwEB\n" + "/wQCMAAwFAYDVR0RBA0wC4IJbG9jYWxob3N0MBMGA1UdJQQMMAoGCCsGAQUFBwMB\n" + "MA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFDOd4SfTi9X86wX8tceBaU9eO9nW\n" + "MB8GA1UdIwQYMBaAFPmohhljtqQUE2B2DwGaNTbv8bSvMA0GCSqGSIb3DQEBCwUA\n" + "A4IBgQAAS3T2uhrGl99HErgOFyGLX6c/+moBjJDtMckBW8T3ajxOHzw7XI6I821a\n" + "MPVXaXXHmnTUFhAHZrjpn5UYIwEJUaimtCviumHcK0h/yWnHdbxs+aglu66aJ5V0\n" + "uvPdtLNBtS1y3SryTtskbZ3RPjHiON+brrVH0KcoT+t92T3CDtv0r37k92QKZlRK\n" + "K/wnqTOBUEhvpSztFai5vPy8QWv/RSHb2vFZeJkdiXybcedmLLmp56rWbzzCvfzj\n" + "mfOAFD0oGD8BTDTz55IrAfMvth7OYVqF0Se530c1GRxZwqYrEcfDJAc8QqfnYzkR\n" + "6KRXCVCbJ5CKi3grTzqcAJYsy9sxE2afaa/hh/XnMwYtHgIE1xfrcDnnBuNyYWHZ\n" + "GJaVdRTPtaRXUAJZtGLpy6SBEWGMP7wyhoFdbA3IWYbfypyM/t/LpQHtLzM3N7s8\n" + "oXG/Pucnsyp8fJ3LEJW0STMsWBoPPdfJFdTxK5i+bcmKq3OFPIGfXgw1Jf5vGfgM\n" + "MTK0U84=\n" + "-----END CERTIFICATE-----\n"; + +#define server_ca3_cert server_ca3_localhost_cert +const gnutls_datum_t server_ca3_localhost_cert = { (void*)server_localhost_ca3_cert_pem, + sizeof(server_localhost_ca3_cert_pem)-1}; + static char unknown_ca_cert_pem[] = "-----BEGIN CERTIFICATE-----\n" "MIID4DCCAkigAwIBAgIIVyG62RARjncwDQYJKoZIhvcNAQELBQAwFTETMBEGA1UE\n" @@ -637,96 +673,76 @@ const gnutls_datum_t unknown_ca_cert = { (void*)unknown_ca_cert_pem, static const char server_ca3_pkcs12_pem[] = "-----BEGIN PKCS12-----\n" - "MIIQvwIBAzCCEIcGCSqGSIb3DQEHAaCCEHgEghB0MIIQcDCCBOcGCSqGSIb3DQEH\n" - "BqCCBNgwggTUAgEAMIIEzQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIGlbZ\n" - "V1qak5wCAhTsgIIEoLClLTWuG7yxoUp9Jw34KHHgK5jun/kkUN8RcUDDCOWUsuJG\n" - "HPV9TPAG2LpS39Leg+Uo4NpTTUp8RVnbo2I+jR9Bl/cL6zqG0Y+bpaGKsFwZqYQu\n" - "wbKctXL/yJhPKJ13paJB2W6kvU05KbC/6Zq69zYxfMkm0fPGnruGBenMUYbP/BKM\n" - "6xXmqztGCMHrh9dGyGsGTWN9rJgmNkA/Hh77uIkBdliJHFoS1Rbw7uNbV+3vQcoN\n" - "i66aaZa7SftoudwOOGCLCAY9wz34d2Ni8xLfO9PasqtjkXTAllXqEmh0IzK6E63W\n" - "VUIp/Ea2312LZQ4kkUKm4MzpRpDoOJf2tAUHHbpsSLLBzPUGP8pOZKp73OzQR+PW\n" - "eJhY7sbRcI11qfRD9hteEMEOHU1gJ2dBka7HHvg2bMMArKbtZ3C8Dw6iU42b37xv\n" - "+tKtZrZNYILE4sVTy2bwhupraMkScv90Z4fIfuCZEdzlIaP73CTjp6pe2AqEBKBR\n" - "h+zf/VhonEsoaCSrQ2Ew5BWk1JjBAyHj2WS8vuhrGvqP/k0k0f5Ji0xoqOW9yM6q\n" - "clsfVswsaWR8FuYxKfsuD3styPxW1nHPKET2tWVwSX7WQEwyfSjNAj4EqQGcukpr\n" - "3+bgLJciZxLCmNbXAouZKSO05tH5aLPENclXoeuT4ODn5Hzfjd/xT3wnXPNZN+3+\n" - "+a87CClzqOG892q2mGGOpTmcuDwy20XHiM47hpxIavOn/jKBYH+zJ5GpYV8B4AkD\n" - "WfwnAlPFFZ3Af9Xrc+TpYJ2TE7FRG9Y5XWymhGGkvpyxif8n+QyZAn31lPIiGNPH\n" - "1qcWUmF446wQv9jpbuQswAjQNX4vzTGezPVLLZg/n1dDzzCvG4pDGFqyU7iwjCuh\n" - "vLH+Zuk/3fGMyvXgNj89xZQIqfclWT2AvFOTclTqylz6Toe/zj45rixZ3bFG8hME\n" - "UuEVs3Bz2qRz+JdMSu33qQ4SRUNIePqSMRD8q5aVbZmenNXQtciszBTofSvd8qsu\n" - "S7LaiX3M+VVOxyQaB9c6Ely9hrFNT24iarHFEk5ZYgpUToBTLUDEBqfWr0AhZHCB\n" - "RwTdP4WFmAaOC2/ZINSQE0bxGqo79lyPP0Ysp2dpPxjlAYX0myccuqnBo0rLtV/7\n" - "Sl/9xNj1I7T9qhWzC/WvAjnrlxp4QYgcCLiRe6TaDO1qP47khRyAaxIbLPwYQ6cJ\n" - "TDDu1x9iYTCntmRu5pbzokcpajMIepHVzI7FbpLh2BK/fVFTgHKp5XmemLyN5A47\n" - "itZvz89gxp6304nqW2z8JpKZ/RDCHyA/6H+PwgvnrAmS+hDKJ58OksfRESlyN619\n" - "k9rHtzBoYIlwkhf29pYCaWZ6KWJlgsTG6FKXej6fC7Q94hPkXJRez8Pd8MJR6X+x\n" - "XdYbmGVOSEEujg8Ak4Zf+caQ8iawuHTeMr7h2WNr7xH06Ddw12J4t0LdRKDECMJS\n" - "C9Jb/tICcjJVxKt4QBlXmy2s2R9i2BUkcyPwUNdE6VORBazQ5sXzOGOcl2ef0OHF\n" - "PpE0P9esuXUs9MOqfEe3FnsgFiNjUdPKH5q8mrDDTDGs46RcnJOCwtv6YFrqMIID\n" - "3wYJKoZIhvcNAQcGoIID0DCCA8wCAQAwggPFBgkqhkiG9w0BBwEwHAYKKoZIhvcN\n" - "AQwBAzAOBAis+k2GAXZlEQICFLWAggOYF7BBapV1GKPSkJeC9dgjEL6AdreDBCyh\n" - "LOHoMUKf9AVH4XzgkAtsa1FAomHQscfQKGe3G6vaSi2ugZ0qduasoPlQjldBy+ml\n" - "m7QcBh/0p72XcsC6t6se7UcmWvrnp3Nk3rwAQdeOCMVJvljFq0a+83XcZ8a6XuH2\n" - "7O0EjUQVWfo1cn6ZFo8l6dBuNNPc32XLwdcIXuPTnScGsxZawufbAprbK/yEf3Dn\n" - "IN4POP5KlNdTcv6ko7eGfr2fsOLkDwXWdy42D+oMVc3dj6XTH74FgYv5z8GyELFT\n" - "r8mcSKUsbSHVXcUigv9KMDJ+bMzM9feNhiTzEr45OfGDLgBHLsqCcbhpJeN/rpv5\n" - "1/KKHIRJmO9GU5Qvk97+1MZr3+PDCqJK4qhiIJhvOKfnYAf9ToSat7lHVdFa6ToH\n" - "JK2E7YaFXaMUNii/ZeDZ1n4WcPSkvLJscVk8AhG3emXja96EmJs5aWkKzcJ0ihLX\n" - "vDehuZ7JFBNesHrKcC0IM1KhHCkSd/ijcAG+LOmbdl5KMx0KOepJHIkDrpFfiwwq\n" - "GkANh9u9FIhqvXjDCtmUkp8mI38FBcAtN1X6cQjy1BzPfyecazA5vkzt6CGKalK6\n" - "lTEQjmEftu782r+WhpRw/a7fBM5BDN7QVrvequOtbWRgwFg9xjsSGGw8syO90DxU\n" - "aundXXXfgCvqIIWxciQZ57Cvno88TWPpQCrBZ3XZD/Ajr4PTI+Spe6olJlnskOFW\n" - "MYRrcHQuuH1N/NUVZCxBqOwh7A53TCGoTnCOeU9l4UHTIP1MOsf29G8dCo9RGcrU\n" - "sRx2vgkifOkomUY3+qfjwwipyqWZbuH64ewCbpprPqI7/PVVS+tKqLpLvFJqFrEp\n" - "wPlm+7QlbNUnQSaJ6wIav1Z2VKeeu5BewW9BbHjyadrxYOz893ttBZc3ExewX5Uh\n" - "lPJXj5CXV5tojUJdvDnXNLsFMn+0ksY3i8xAQpeQJsnrYao0k14w14UGhCgylusl\n" - "Z+ogDuWySxyknp/lUN/gE1DbRfZs5o+meg5sMD1DNxeJHPrweB8jT4xKqI0MBYy/\n" - "7zkA/BcN6XYhxMXRSwA7f5NUxmUMrOvbLA9GyGj+Mx0/8YFdKr3WbugzD+c1A1kD\n" - "hzNgkuM2Qgy13MiEmPp0XAPwr0F3bqjgzL13zgfl1XnR0/U5I0kVnAnw1aa6Cckj\n" - "UM2wnEmBYkRhnqA3avOXngrOHuVVJV3lj1Kqu2MaXfYwggeeBgkqhkiG9w0BBwGg\n" - "ggePBIIHizCCB4cwggeDBgsqhkiG9w0BDAoBAqCCBy4wggcqMBwGCiqGSIb3DQEM\n" - "AQMwDgQIQjy2fTdgBPACAhQkBIIHCIB73qFkUGPoMG34/S4Vm/MdLEOwZDDdeOZJ\n" - "Nr8xTnWWAg1Txjxo67TTzx2p/knFsMdqcJBXfKOBu0aK8+wy/EbTtXNB545fuDxD\n" - "a8lPJWIVU1zYR69DE2AGJibatwPLO35u1mQ6+NMclCpM838CqFfFdQVdqtrlBFdM\n" - "Yxwzxt4rJ/uSxhi7dnjU6UH2w25/feLrcCLLbnLMo68HSqmwyg6hoTc5bmUu02j2\n" - "eSvy9cFR2M9kZluli7SFiHysbjlHQD2ahBJM0KEICjIdKkH2D4Qn2mWs+myzCLwA\n" - "9yfBxEnRYosBFYLcBc41thruTNKjj+GoZpqfkfNX4gqxBjMjl6+eIW/fVOxSDVTO\n" - "U1BVb58kdKOQnxVovXrd3LCYQIHxMfHu3MxzG9jc/5p89qZV7UJLsC2yNxlnq4+L\n" - "gXPjEdMhSxr7dteWcqSXlZLZj29KRplo04ZoTVyrfIxi8gEBkuql5uMJrf9TPeNA\n" - "f/Lfasfm95IiujD4RQPlxacUAZSAkKtKG85gvopoiAPiAT6+8igVD6WS1jdKTuY8\n" - "+Zo4N4s/uK6Ey5ck+EpOF+pCrHkIQdGhqLN/CFRxYTogpDBwdmgbv4IBeKEOE5jZ\n" - "jxd9RZvenwumYM5VZjj+SnJ4OoRVO8ZqdbIFWJ71bvuk4e1OnnyDqnsDPkG0Y/zc\n" - "drrMWL6MjfrbefanOE8idnyXwqeEuEhktYkW1Pqn57/ckR+ugx1VLhUmOkKYakbo\n" - "HGdWibIjY/MxsD+83y/x+QT0avN168GpaSd2mNyktUlpH+wuaUj1jZJIl4/mEnpq\n" - "NNkZrDtwwla7iUcwUApVvQli3FAiNYq1ieqpxmz/YPB2Ge9OEVSW4liHro+bPpmZ\n" - "h+S2mzkAesDM/nYAWzRFxsK6C0du2wOHh2IgRjwl1w1aoxrKaw8NYUJwFuFRyiIf\n" - "7/cxfQW9PlIQwwkZ/gBM0q6rDZEbPnO0vuwisV01HUnJ8eeVbunlwRTZDE0BZpCx\n" - "yY7ZG24n0nogQnFsIADT86KhxyOsS6+UKYbYeyQ44ZIakkMTVA1zdb7wMEWT0v93\n" - "KVXQ3oYyoLrdgAWHVAVjVshuNyL0w7toOa6IbuM3FUZQG94A6HQs5mNQUXoBncA7\n" - "F8iVTB16YHyhWRLZrpUVNhOmx9+sZ6mK4Ll2+XJ0sZhCdCNtDtnrb7KPMHeWK3We\n" - "jsdUB48/Wc6WN2tX9CquUXFqHBgY/pHxFG8gNw5+OEpM3OXdPFdMjTFfcUzz5sbs\n" - "iNC9AWgCsINv+MV7qg3m/prNNgrwrMkOtsxHYKwJAZqlc3Y9XVzKfGlNIK9KfbKA\n" - "3VoQenbNV1dst1Nrxl4vuNvbm5II8XDl8bkHWuS1snbxELRLFOSZlYsIw3Yw4sbZ\n" - "V/qqJix11yhpWRrW3/TdxEvEp5MZVuciJp6CS8rNpdAvzSenDQ8XfA2mLXNY5NgM\n" - "NOvBc/XBi9QqGJo20DCeKrOtYXbo7dsVDJrJqRdZT4ftoQQvK22uBW6CmO5cUGkE\n" - "8fP/9Ym5yJEFrHNROsbUqfp+KPPaoVuUNsJDor3evcdAHKOSDldPfbmBLV7sFNEP\n" - "33p5ejwvszAaJEWRf48Y2fRKzfbkyDPYO+5we9XaKhcRvbp6NR0EQl1JLFw2/1nn\n" - "lmDVMc/XJGL6VE7rmM79vTxq4C7YSzWcD+2FM9nWrzweYEKtleHOPdjl2vOziNu0\n" - "f396VtmEho8BHV80A06j+GYlENzodfjsTtcFycCGS3j1dvnBJitD//jqX0p56YsL\n" - "vCjCnn0Isl9WXvooC63ntf2jdcP0xwbQbKEYB0v4ai17AM99WFbzMnw4Hk79MvcE\n" - "85THHdQSceJhFGXhku6MUuWIU1CjTByiiaBZirtBS0da3s2RfyChHlAnMW1vQXRl\n" - "2388E8B3+VCLzfOYqflW983xCzCQONBn6pPQkTIE4y7LyQphZVIWOklqV4HDqSM9\n" - "Nd8u6Lgub6vrEH8qN3ExsmA/zb8uKr82PaXq+TB0KIOixy3ynjWRdVPAvF+ASmR+\n" - "whTJxkfH5mRO1/0/kgtSH/J37HtkAQC7OAUMycdrEC8r2+TKk/CMV00UIEzfCEo1\n" - "kfdSiRB+oBDStE1TJ8X6l0slr7BUNjuinU3Waq5FtybC2cI6MkGq0Dj+1qQflqs6\n" - "eT2SM8MN2v/9ktqDqGqWGuIByxMHJTRcithOhdClCfj2VYWQsp4L6lWtE5EDgEbG\n" - "d3UjaRGUPH58peE3vOziC1sruMN9hEbQU1JYRWerQlBYjt2RAHuSzQhSbu3GKJNV\n" - "1KVDTxVxIpuTcdqKenGTJvA79TPnM/fCVbwgW18DAUhFruqgfCTU8EVMLgqDecnR\n" - "v4YzX3weMpYuhnPqhcOkgImvRJv7C0b/yjV/0ctW0uQxtTD8nAN0wmQyCfY4RTFC\n" - "MBsGCSqGSIb3DQEJFDEOHgwAcwBlAHIAdgBlAHIwIwYJKoZIhvcNAQkVMRYEFDOd\n" - "4SfTi9X86wX8tceBaU9eO9nWMC8wHzAHBgUrDgMCGgQUSrnTiqr47JA4mCEpQDQX\n" - "JMU7QdMECJJR3+yAuOeDAgIoAA==\n" + "MIINAAIBAzCCDMgGCSqGSIb3DQEHAaCCDLkEggy1MIIMsTCCBPcGCSqGSIb3DQEH\n" + "BqCCBOgwggTkAgEAMIIE3QYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIZf8h\n" + "dWt3jYQCAhR5gIIEsDYZE567naoZuAymtn/M3ML4kR817j0chfbqja51b8BdXnk+\n" + "ZXjSEqgO0LWUuwlJNtyCe8bWxl8Tx6FUKKh+ul0elVzn12vko4sfJT48YjCrDm03\n" + "rYYl2sd5vKGRCegDpQtT2nCJYn0NPrlZggsewmP4uDHrSPV+VZu4pL4GM3nKyg7V\n" + "cA3xG68blXUXKuil9woL+Yd3TFI66XKaRFRi+k6xXeAn9mOMYhUE9/tLRKOVPdOy\n" + "OITn3dhBqXr/zcywUHVkrWLeFd9ODJ2qZmkEp/yJznoshne+hbjU3qt+4pUwCAnb\n" + "k8SAqcn4cOl2FM29Wk6LmcBLqDGvYXO6zeeXd2Ln+0iseyWRWt0xWo9KiqbZYEN0\n" + "7Eq2J8QG030a4JplVI2dgw907/pWcNNdz9LgnYF1wH7+GcpGPSPBzFM4n+dn3hRz\n" + "WFQMhpOjdcfJhA8f1A52SmAA6xgR+XCcqqSdcUAosv+z1nIVfDnnnxMmXq4uoVDj\n" + "44vf9pCsOKN+AL+DW2OAdDT7yxHk/aIWElmf7/iJzyihzky+8+GTCY6DQ7chbrVw\n" + "/sQ4F2OhZLMe1RggEmnEpwDz07mfR/qzySF4ssosY0K3rlO4qKEwQ9Jy6igQ+BMC\n" + "erbrN1yFskDK50BmvI3gv59z4ZTf+xL2Vx2Z0ZXmOKbfbYTITxOtyS/aYR9PaUXz\n" + "Y7Lgp0MeOx7BhooheASLasEnSsZEj/3HX/LJEJ4UHFQQ3mRn4wqD9duRJo/2sQJ5\n" + "9J6Fv6oWkgQ0KU5snZMVHi9OvGY5GUaMoDhL/ZsbhM9U1mW8v6QYOPf1ZQGxXSSv\n" + "Ehpkr2B5+/0JIYCaGwnBDw9Ggmtw5qbYXa37hAtas0eNDXndnqfr/3scjU0SIxjs\n" + "Ot027t2nSvls3NZ41Rmh381NF2LsoPWt1NWIZLaX1OBj8xuTh7QNWmgHbA6UWwhA\n" + "oxKUVC0Lbg0eYXC8nejaswNSclk9yIQJuT+P7Aj1dU42lsBOvTAUTQc4GHZtzO4J\n" + "ewy88nZLPgvO9W5KhcBTX8dfmWO/ItSl0ze0fxXOtfMMgF2QH1IoSz84gUG2Kjkf\n" + "hS1EOCeQ4meHciI4/v5S5aA2ZYdwTwgHyz6Z7a/6MgK9Nuh3doX7cdOqYCJVxbKa\n" + "ro/Zp8jVldSBRTfdgu6zmwVQJGtsur5SM+I+wVeFw+9+g6GkYGWqkNPeFAGHHX0H\n" + "gcGxloS5t4rbnC5g9Q3EEU6XpEVwPYQSrtV2U2uu/9ijYPmU60VciFfx26wLnQiw\n" + "gXJQkG7U584jWaX4mbx7nk/XKeQkNi3jX31xa/xx8VTP3NfE+44lNsn+ArLZtqAn\n" + "Zml54SnHTfPfYTsApDbcji+RyXj/L5IDP99kLTSHF8gAUkqAl3vkzI5jRPzZ8BuN\n" + "l529NDLhPZ57SBO4OJP9AuMJG62qiahMg3l34zej/2q/MsLlP8JXbjn8nDa0j8HB\n" + "Jgdz6QNj3fklJEvGaZ7HLKsbCxk4f2Qb02pIgEMN0+VUphmU8LUR7T7cej0mKXeT\n" + "JNBtQK3LE5riVgW7rPHGkcO8CD3PIshmaDt9CeUQMwo6SNVJcpFfKixwR9uHhNk4\n" + "1PGUD5Dk3S9JYy0C2jCCB7IGCSqGSIb3DQEHAaCCB6MEggefMIIHmzCCB5cGCyqG\n" + "SIb3DQEMCgECoIIHLjCCByowHAYKKoZIhvcNAQwBAzAOBAhIMXotmNiA5QICFPkE\n" + "ggcIsF73w/XBwRjSD6+0aYpzcEpgkIfACXekV/3S83CygZlXgqyxrWw0MR+ZfYC9\n" + "66AkSW26XdSjXnmdAyGgVjPxsmb8v5GT9ZwTLuKbUGUOweGTUvZlxwie0Pkry2vX\n" + "XXep5apVxBICituydeFkZLaGgeISgOqoCd9sCL2qKDo+bWD/WUc8feNJtBqrmXhO\n" + "N0R0tP7GF8q5j4oily5jbR9bZtorL6w2xlfXEzydAndrxclHZ4IlND56WDYvNTpN\n" + "EpUNddshpR5Opm8ED9KEaNVcdgVUQzP9epNczEvnb4NVyQrKfp9bcCDoscmNVNsc\n" + "WF8jYeZmz3S3iRhL6wkEihkLnMy7AXVgUEGRyvumM+qw8BlQlb7jyZpHw8wwZPAv\n" + "xCzgpMfJ6Ec17tJ6FoyY+pgx1xFntFv/S9Za1xcTtcKZx7m3VGneElK9uAV9oAbW\n" + "Otx+OliKbcCGit2vjXv3ev/K4T8NyQ2RDZL5A7/JarczHsX9Ju0JLta1+Nmf8Ayc\n" + "figqPF3LTrGewI94wLvqw3l7oFK2m2BmG4Sp1dHGjNdNsnZ3wkDG+jqPX7O2zJlt\n" + "i35x9xlzAvUAWk/MC1hZpuP48N/hOYMryIcM9Xs0TW+JcfpgmszEKTVNlx3zOP+Z\n" + "mtCKFH5ZoUTmBslUeWbwP8t3KMUPfj/B+T9gm/UV1yx9wy1/d4iPeixHO2dbs/KV\n" + "34i8X5++HHOyoksWkYhoSVPg1WaD7kQPj3uuCl7Y7zRCCu24fTiNupJwsTt6gjwA\n" + "uDedwk9KUaNx2AsmcwJOHENEr7ecXFlL00ULuTvS8haqSX7sbzIlpbqTPHL5oxmB\n" + "WAswCPHJg5NHnMc2yGhgGb/2WZEjQ47CCumYKiqkur9GtVfEeIJbUyNk2klwEKSl\n" + "qS452GHVBlsHjTzSkyzb+igqU6uy0S75sf1tYPMLP/FZ+xnqnNMAoBpWg1AKHDdj\n" + "JC3FbzLNNtmqQ1c9YNgllgRp9qu2z+XCRBLdChRfjm2E/CywwmchahrFv2LeeDSW\n" + "eUlJsNAvW0EO2xM0jGETwUhRIkGTxnjGwY8GvL4v7/lj23Tcrw4aZiw8XEDnKXMV\n" + "nHeOE9d/kJXru/bhGl90VbHCFJbyIwV32tl8NiClx0P5z4uAm5w9NiQ4gqVLyHem\n" + "nYeUF1r0nlHkTR2CubXe4OnczD80r3AEYRJjFfC+GmYIzflcctayzuwWoda8Hrcd\n" + "aT4arrzHe43/I6WajAcL+9oV5owdP9bksvZSwqgEFJuF9+zDttoncQHeS4MhHogc\n" + "HxqoTkMGlddogUQWim+ujY94b08Ov8mIEjzXbOm2Ts2LwFzAm/E+duBBX9E3E9g9\n" + "TBDYvY2NsnQsRlLNs8+g+sDa9LZTppqtKo7JED9atgTITiKYpkoqmipObE2vAl83\n" + "Nc2JarRzeYkt4iyyZN3pkmEKQa4KvWL+bCpZ6Vueb+uts8HCIHAuExGD8rC3GMwg\n" + "KCbULQ2R4gQK5HSvoFb4dGoFiouv810mvbY3RLlDEWlmvZ8IIVZ955ureae62si1\n" + "cgsVlqswrmlD5gdDyNNKW+A5saTDJ1eMuyS7+2TEXNXlJo88W5qb2CR4C5dG7thE\n" + "Kbrr1KuEq61ipq86sLnZkV1VveRodf9B5NOsTOOEmIBk0gfRd3jGWxCfFDyOnq1M\n" + "win67CkpkodFvwyjes8yiTHtHkpp63FocuJJflwi9JOWh8eAzLlHTQP+2qV72KIX\n" + "vDPJz6pCo6Houen71MfpSoAEJ7ITREyFZrdH0iebW5nheMJn7r0zlKBqyqivkjCh\n" + "CUQj4c+CJiG3SXU0Rb1kAllhyeW65+Mw1wXszLuVZjFjLP+pV/w3vvQQQ+vR87vK\n" + "2W4np13fSZUaqBl3aLtzoyZMEivudtGkSzmZ2s+wxqozh1hkjowMH7PPkpTufila\n" + "68OD5csm4cV0Sa2WWD1chZ+qRrbrThZ5aSN9C4ixHA1NE+8OGYCPutHOO/jeg5Dx\n" + "ygjRowOHuuh666LYjUj9ZGslsJPLrS8UCpBnCvkGVshP3pf8DwrZd5ixS515DlyL\n" + "CFfsl0sIVrKC/RLbj8GDuGNi2EppDs3WusfDVB0UM3fI7BaZtsBTLISaYfJtc970\n" + "2+lmOgZQfalECCXeNRo5eAfO+QVEiuGBIQP5k+ityKXsuHqN5aming2/3X1QR7Gr\n" + "kHNepPIqf+4CwhTE5Gn88dpP2RLvS1Cj0XHsLYxZkDcOXC4DmMgH2OqLi7N/Mrnm\n" + "51o64JEbpNTQKSjOkQd9ew6bouSM+ehgnV4Hi75SZZ/oa5/EJYn6v2fEcAxd4/9X\n" + "3XWlLsMQktQzaXiWm6Aj6iH0xspgqaJsSkV+pDq/VLDIF9E6Sh3yH3P1GZVZIuwJ\n" + "6TfJ5DQnIja2UqrU90xBgDBiqrKgHZPQVo+ZMVYwIwYJKoZIhvcNAQkVMRYEFDOd\n" + "4SfTi9X86wX8tceBaU9eO9nWMC8GCSqGSIb3DQEJFDEiHiAAcwBlAHIAdgBlAHIA\n" + "LQBsAG8AYwBhAGwAaABvAHMAdDAvMB8wBwYFKw4DAhoEFNkQm49TDWC2lR1GyKaU\n" + "wVWVn1UTBAjIzPZeicMLMAICKAA=\n" "-----END PKCS12-----\n"; const gnutls_datum_t server_ca3_pkcs12 = { (void*)server_ca3_pkcs12_pem, diff --git a/tests/set_x509_key.c b/tests/set_x509_key.c index 7af5e5eae3..2b6dbdb23b 100644 --- a/tests/set_x509_key.c +++ b/tests/set_x509_key.c @@ -38,6 +38,7 @@ #endif #include <unistd.h> #include <assert.h> +#include <time.h> #include <gnutls/gnutls.h> #include <gnutls/abstract.h> #include <gnutls/x509.h> @@ -54,7 +55,16 @@ static void tls_log_func(int level, const char *str) fprintf(stderr, "<%d>| %s", level, str); } -void doit(void) +static time_t mytime(time_t * t) +{ + time_t then = 1461671166; + if (t) + *t = then; + + return then; +} + +static void basic(void) { gnutls_certificate_credentials_t x509_cred; gnutls_pcert_st pcert_list[16]; @@ -68,6 +78,8 @@ void doit(void) */ global_init(); + gnutls_global_set_time_function(mytime); + gnutls_global_set_log_function(tls_log_func); if (debug) gnutls_global_set_log_level(6); @@ -117,6 +129,8 @@ void doit(void) exit(1); } + test_cli_serv(x509_cred, "NORMAL", &ca_cert, "localhost"); + gnutls_certificate_free_credentials(x509_cred); gnutls_global_deinit(); @@ -124,3 +138,85 @@ void doit(void) if (debug) success("success"); } + +static void auto_parse(void) +{ + gnutls_certificate_credentials_t x509_cred; + gnutls_pcert_st pcert_list[16]; + gnutls_privkey_t key; + gnutls_pcert_st second_pcert; + gnutls_privkey_t second_key; + unsigned pcert_list_size; + int ret; + + /* this must be called once in the program + */ + global_init(); + + gnutls_global_set_time_function(time); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + assert(gnutls_certificate_allocate_credentials(&x509_cred)>=0); + assert(gnutls_privkey_init(&key)>=0); + + pcert_list_size = sizeof(pcert_list)/sizeof(pcert_list[0]); + ret = gnutls_pcert_list_import_x509_raw(pcert_list, &pcert_list_size, + &server_ca3_localhost_cert, GNUTLS_X509_FMT_PEM, 0); + if (ret < 0) { + fail("error in gnutls_pcert_list_import_x509_raw: %s\n", gnutls_strerror(ret)); + } + + ret = gnutls_privkey_import_x509_raw(key, &server_ca3_key, GNUTLS_X509_FMT_PEM, NULL, 0); + if (ret < 0) { + fail("error in key import: %s\n", gnutls_strerror(ret)); + } + + ret = gnutls_certificate_set_key(x509_cred, NULL, 0, pcert_list, + pcert_list_size, key); + if (ret < 0) { + fail("error in gnutls_certificate_set_key: %s\n", gnutls_strerror(ret)); + exit(1); + } + + /* set the ECC key */ + assert(gnutls_privkey_init(&second_key)>=0); + + pcert_list_size = 1; + ret = gnutls_pcert_list_import_x509_raw(&second_pcert, &pcert_list_size, + &server_ca3_localhost6_cert, GNUTLS_X509_FMT_PEM, 0); + if (ret < 0) { + fail("error in gnutls_pcert_list_import_x509_raw: %s\n", gnutls_strerror(ret)); + } + + ret = gnutls_privkey_import_x509_raw(second_key, &server_ca3_key, GNUTLS_X509_FMT_PEM, NULL, 0); + if (ret < 0) { + fail("error in key import: %s\n", gnutls_strerror(ret)); + } + + ret = gnutls_certificate_set_key(x509_cred, NULL, 0, &second_pcert, + 1, second_key); + if (ret < 0) { + fail("error in gnutls_certificate_set_key: %s\n", gnutls_strerror(ret)); + exit(1); + } + + test_cli_serv(x509_cred, "NORMAL", &ca3_cert, "localhost"); /* the DNS name of the first cert */ + test_cli_serv(x509_cred, "NORMAL", &ca3_cert, "localhost6"); /* the DNS name of ECC cert */ + test_cli_serv(x509_cred, "NORMAL", &ca3_cert, "www.none.org"); /* the DNS name of ECC cert */ + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("success"); +} + +void doit(void) +{ + basic(); + auto_parse(); +} diff --git a/tests/set_x509_key_file.c b/tests/set_x509_key_file.c index 3661da5eb9..35affc480d 100644 --- a/tests/set_x509_key_file.c +++ b/tests/set_x509_key_file.c @@ -34,6 +34,15 @@ #include "cert-common.h" #include "utils.h" +static time_t mytime(time_t * t) +{ + time_t then = 1461671166; + if (t) + *t = then; + + return then; +} + static void compare(const gnutls_datum_t *der, const void *ipem) { gnutls_datum_t pem = {(void*)ipem, strlen((char*)ipem)}; @@ -64,6 +73,7 @@ void doit(void) global_init(); assert(gnutls_certificate_allocate_credentials(&xcred) >= 0); + gnutls_global_set_time_function(mytime); /* this will fail */ ret = gnutls_certificate_set_x509_key_file2(xcred, certfile, keyfile, @@ -107,6 +117,8 @@ void doit(void) remove(certfile); + test_cli_serv(xcred, "NORMAL", &ca_cert, "localhost"); /* the DNS name of the first cert */ + gnutls_certificate_free_credentials(xcred); gnutls_global_deinit(); } diff --git a/tests/set_x509_key_file_der.c b/tests/set_x509_key_file_der.c index 454ca4beec..c4d28fa2ef 100644 --- a/tests/set_x509_key_file_der.c +++ b/tests/set_x509_key_file_der.c @@ -92,8 +92,8 @@ void doit(void) assert(get_tmpname(certfile)!=NULL); assert(get_tmpname(keyfile)!=NULL); - write_der(certfile, "CERTIFICATE", (char*)server_cert_pem); - write_der(keyfile, "RSA PRIVATE KEY", (char*)server_key_pem); + write_der(certfile, "CERTIFICATE", (char*)server_localhost_ca3_cert_pem); + write_der(keyfile, "RSA PRIVATE KEY", (char*)server_ca3_key_pem); ret = gnutls_certificate_set_x509_key_file2(xcred, certfile, keyfile, GNUTLS_X509_FMT_DER, NULL, 0); @@ -107,11 +107,13 @@ void doit(void) exit(1); } - compare(&tcert, server_cert_pem); + compare(&tcert, server_localhost_ca3_cert_pem); remove(certfile); remove(keyfile); + test_cli_serv(xcred, "NORMAL", &ca3_cert, "localhost"); /* the DNS name of the first cert */ + gnutls_certificate_free_credentials(xcred); gnutls_global_deinit(); } diff --git a/tests/set_x509_key_mem.c b/tests/set_x509_key_mem.c index 672ac0f325..32df0a4ef8 100644 --- a/tests/set_x509_key_mem.c +++ b/tests/set_x509_key_mem.c @@ -41,6 +41,7 @@ #include <gnutls/x509.h> #include "utils.h" +#include "cert-common.h" /* Test for memory allocations in a non-matching key-cert pair loading. * @@ -51,43 +52,6 @@ static void tls_log_func(int level, const char *str) fprintf(stderr, "<%d>| %s", level, str); } -static unsigned char cert_pem[] = - "-----BEGIN CERTIFICATE-----\n" - "MIICHjCCAYmgAwIBAgIERiYdNzALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n" - "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTI3WhcNMDgwNDE3MTMyOTI3WjAdMRsw\n" - "GQYDVQQDExJHbnVUTFMgdGVzdCBjbGllbnQwgZwwCwYJKoZIhvcNAQEBA4GMADCB\n" - "iAKBgLtmQ/Xyxde2jMzF3/WIO7HJS2oOoa0gUEAIgKFPXKPQ+GzP5jz37AR2ExeL\n" - "ZIkiW8DdU3w77XwEu4C5KL6Om8aOoKUSy/VXHqLnu7czSZ/ju0quak1o/8kR4jKN\n" - "zj2AC41179gAgY8oBAOgIo1hBAf6tjd9IQdJ0glhaZiQo1ipAgMBAAGjdjB0MAwG\n" - "A1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDwYDVR0PAQH/BAUDAweg\n" - "ADAdBgNVHQ4EFgQUTLkKm/odNON+3svSBxX+odrLaJEwHwYDVR0jBBgwFoAU6Twc\n" - "+62SbuYGpFYsouHAUyfI8pUwCwYJKoZIhvcNAQEFA4GBALujmBJVZnvaTXr9cFRJ\n" - "jpfc/3X7sLUsMvumcDE01ls/cG5mIatmiyEU9qI3jbgUf82z23ON/acwJf875D3/\n" - "U7jyOsBJ44SEQITbin2yUeJMIm1tievvdNXBDfW95AM507ShzP12sfiJkJfjjdhy\n" - "dc8Siq5JojruiMizAf0pA7in\n" "-----END CERTIFICATE-----\n"; -const gnutls_datum_t cert = { cert_pem, sizeof(cert_pem) - 1}; - -static unsigned char key_pem[] = - "-----BEGIN RSA PRIVATE KEY-----\n" - "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n" - "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n" - "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n" - "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n" - "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n" - "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n" - "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n" - "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n" - "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n" - "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n" - "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n" - "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n" - "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n" - "-----END RSA PRIVATE KEY-----\n"; - -const gnutls_datum_t key = { key_pem, - sizeof(key_pem) - 1 -}; - void doit(void) { gnutls_certificate_credentials_t x509_cred; @@ -103,8 +67,8 @@ void doit(void) gnutls_certificate_allocate_credentials(&x509_cred); - ret = gnutls_certificate_set_x509_key_mem(x509_cred, &cert, - &key, + ret = gnutls_certificate_set_x509_key_mem(x509_cred, &cli_cert, + &server_key, GNUTLS_X509_FMT_PEM); if (ret != GNUTLS_E_CERTIFICATE_KEY_MISMATCH) { fail("error in error code\n"); @@ -117,14 +81,25 @@ void doit(void) gnutls_certificate_allocate_credentials(&x509_cred); gnutls_certificate_set_flags(x509_cred, GNUTLS_CERTIFICATE_SKIP_KEY_CERT_MATCH); - ret = gnutls_certificate_set_x509_key_mem(x509_cred, &cert, - &key, + ret = gnutls_certificate_set_x509_key_mem(x509_cred, &server_ca3_localhost6_cert, + &server_ca3_key, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("error in error code\n"); + exit(1); + } + + ret = gnutls_certificate_set_x509_key_mem(x509_cred, &server_ca3_localhost_cert, + &server_ca3_key, GNUTLS_X509_FMT_PEM); if (ret < 0) { fail("error in error code\n"); exit(1); } + test_cli_serv(x509_cred, "NORMAL", &ca3_cert, "localhost"); + test_cli_serv(x509_cred, "NORMAL", &ca3_cert, "localhost6"); + gnutls_certificate_free_credentials(x509_cred); gnutls_global_deinit(); diff --git a/tests/set_x509_pkcs12_key.c b/tests/set_x509_pkcs12_key.c index 794d0e628d..4ef8239503 100644 --- a/tests/set_x509_pkcs12_key.c +++ b/tests/set_x509_pkcs12_key.c @@ -95,10 +95,12 @@ void doit(void) exit(1); } - compare(&tcert, server_ca3_cert_pem); + compare(&tcert, server_localhost_ca3_cert_pem); remove(certfile); + test_cli_serv(xcred, "NORMAL", &ca3_cert, "localhost"); /* the DNS name of the first cert */ + gnutls_certificate_free_credentials(xcred); gnutls_global_deinit(); } diff --git a/tests/utils-adv.c b/tests/utils-adv.c new file mode 100644 index 0000000000..5e8ccb9896 --- /dev/null +++ b/tests/utils-adv.c @@ -0,0 +1,151 @@ +/* + * Copyright (C) 2008-2016 Free Software Foundation, Inc. + * Copyright (C) 2016 Red Hat, Inc. + * + * Author: Simon Josefsson, Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <errno.h> +#include <assert.h> +#include <gnutls/gnutls.h> +#include "utils.h" +#include "eagain-common.h" + +const char *side = NULL; + +void +test_cli_serv(gnutls_certificate_credentials_t server_cred, const char *prio, + const gnutls_datum_t *ca_cert, const char *host) +{ + int exit_code = EXIT_SUCCESS; + int ret; + /* Server stuff. */ + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + + /* General init. */ + reset_buffers(); + + /* Init server */ + + gnutls_init(&server, GNUTLS_SERVER); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + server_cred); + gnutls_priority_set_direct(server, prio, NULL); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + ret = gnutls_certificate_allocate_credentials(&clientx509cred); + if (ret < 0) + exit(1); + + ret = gnutls_certificate_set_x509_trust_mem(clientx509cred, ca_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + exit(1); + + ret = gnutls_init(&client, GNUTLS_CLIENT); + if (ret < 0) + exit(1); + + + assert(gnutls_server_name_set(client, GNUTLS_NAME_DNS, host, strlen(host))>=0); + + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + if (ret < 0) + exit(1); + + gnutls_priority_set_direct(client, prio, NULL); + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + HANDSHAKE(client, server); + + /* check the number of certificates received and verify */ + { + gnutls_typed_vdata_st data[2]; + unsigned status; + + memset(data, 0, sizeof(data)); + + data[0].type = GNUTLS_DT_DNS_HOSTNAME; + data[0].data = (void*)host; + + data[1].type = GNUTLS_DT_KEY_PURPOSE_OID; + data[1].data = (void*)GNUTLS_KP_TLS_WWW_SERVER; + + ret = gnutls_certificate_verify_peers(client, data, 2, &status); + if (ret < 0) { + fail("could not verify certificate: %s\n", gnutls_strerror(ret)); + exit(1); + } + + if (status != 0) { + gnutls_datum_t t; + assert(gnutls_certificate_verification_status_print(status, GNUTLS_CRT_X509, &t, 0)>=0); + fail("could not verify certificate for '%s': %.4x: %s\n", host, status, t.data); + gnutls_free(t.data); + exit(1); + } + + /* check gnutls_certificate_verify_peers3 */ + ret = gnutls_certificate_verify_peers3(client, host, &status); + if (ret < 0) { + fail("could not verify certificate: %s\n", gnutls_strerror(ret)); + exit(1); + } + + if (status != 0) { + gnutls_datum_t t; + assert(gnutls_certificate_verification_status_print(status, GNUTLS_CRT_X509, &t, 0)>=0); + fail("could not verify certificate3: %.4x: %s\n", status, t.data); + gnutls_free(t.data); + exit(1); + } + } + + gnutls_bye(client, GNUTLS_SHUT_RDWR); + gnutls_bye(server, GNUTLS_SHUT_RDWR); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(clientx509cred); + + if (debug > 0) { + if (exit_code == 0) + puts("Self-test successful"); + else + puts("Self-test failed"); + } +} diff --git a/tests/utils.h b/tests/utils.h index 227a445ee1..dd576e4363 100644 --- a/tests/utils.h +++ b/tests/utils.h @@ -1,7 +1,8 @@ /* - * Copyright (C) 2004-2012 Free Software Foundation, Inc. + * Copyright (C) 2004-2016 Free Software Foundation, Inc. + * Copyright (C) 2016 Red Hat, Inc. * - * Author: Simon Josefsson + * Author: Simon Josefsson, Nikos Mavrogiannopoulos * * This file is part of GnuTLS. * @@ -68,6 +69,9 @@ extern void binprint(const void *str, size_t len); int disable_system_calls(void); void sec_sleep(int sec); +void test_cli_serv(gnutls_certificate_credentials_t server_cred, const char *prio, + const gnutls_datum_t *ca_cert, const char *host); + #define TMPNAME_SIZE 128 char *get_tmpname(char s[TMPNAME_SIZE]); |