diff options
| author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2018-01-31 16:33:43 +0100 |
|---|---|---|
| committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2018-02-06 16:33:22 +0000 |
| commit | da51f56cc21233c2d30f0fe0d171727c3102b2e0 (patch) | |
| tree | 4e579ab70ce4b19bee7984237f3ce05a96d59d83 /chromium/net/data | |
| parent | c8c2d1901aec01e934adf561a9fdf0cc776cdef8 (diff) | |
| download | qtwebengine-chromium-da51f56cc21233c2d30f0fe0d171727c3102b2e0.tar.gz | |
BASELINE: Update Chromium to 65.0.3525.40
Also imports missing submodules
Change-Id: I36901b7c6a325cda3d2c10cedb2186c25af3b79b
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
Diffstat (limited to 'chromium/net/data')
36 files changed, 1833 insertions, 642 deletions
diff --git a/chromium/net/data/gencerts/__init__.py b/chromium/net/data/gencerts/__init__.py new file mode 100755 index 00000000000..a7e82b57760 --- /dev/null +++ b/chromium/net/data/gencerts/__init__.py @@ -0,0 +1,525 @@ +#!/usr/bin/python +# Copyright (c) 2015 The Chromium Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +"""Set of helpers to generate signed X.509v3 certificates. + +This works by shelling out calls to the 'openssl req' and 'openssl ca' +commands, and passing the appropriate command line flags and configuration file +(.cnf). +""" + +import base64 +import os +import shutil +import subprocess +import sys + +import openssl_conf + +# Enum for the "type" of certificate that is to be created. This is used to +# select sane defaults for the .cnf file and command line flags, but they can +# all be overridden. +TYPE_CA = 2 +TYPE_END_ENTITY = 3 + +# March 1st, 2015 12:00 UTC +MARCH_1_2015_UTC = '150301120000Z' + +# March 2nd, 2015 12:00 UTC +MARCH_2_2015_UTC = '150302120000Z' + +# January 1st, 2015 12:00 UTC +JANUARY_1_2015_UTC = '150101120000Z' + +# September 1st, 2015 12:00 UTC +SEPTEMBER_1_2015_UTC = '150901120000Z' + +# January 1st, 2016 12:00 UTC +JANUARY_1_2016_UTC = '160101120000Z' + +# January 1st, 2021 12:00 UTC +JANUARY_1_2021_UTC = '210101120000Z' + +# The default time tests should use when verifying. +DEFAULT_TIME = MARCH_2_2015_UTC + +KEY_PURPOSE_ANY = 'anyExtendedKeyUsage' +KEY_PURPOSE_SERVER_AUTH = 'serverAuth' +KEY_PURPOSE_CLIENT_AUTH = 'clientAuth' + +DEFAULT_KEY_PURPOSE = KEY_PURPOSE_SERVER_AUTH + +# Counters used to generate unique (but readable) path names. +g_cur_path_id = {} + +# Output paths used: +# - g_tmp_dir: where any temporary files (cert req, signing db etc) are +# saved to. + +# See init() for how these are assigned. +g_tmp_dir = None + +# The default validity range of generated certificates. Can be modified with +# set_default_validity_range(). +g_default_start_date = JANUARY_1_2015_UTC +g_default_end_date = JANUARY_1_2016_UTC + + +def set_default_validity_range(start_date, end_date): + """Sets the validity range that will be used for certificates created with + Certificate""" + global g_default_start_date + global g_default_end_date + g_default_start_date = start_date + g_default_end_date = end_date + + +def get_unique_path_id(name): + """Returns a base filename that contains 'name', but is unique to the output + directory""" + # Use case-insensitive matching for counting duplicates, since some + # filesystems are case insensitive, but case preserving. + lowercase_name = name.lower() + path_id = g_cur_path_id.get(lowercase_name, 0) + g_cur_path_id[lowercase_name] = path_id + 1 + + # Use a short and clean name for the first use of this name. + if path_id == 0: + return name + + # Otherwise append the count to make it unique. + return '%s_%d' % (name, path_id) + + +def get_path_in_tmp_dir(name, suffix): + return os.path.join(g_tmp_dir, '%s%s' % (name, suffix)) + + +class Key(object): + """Describes a public + private key pair. It is a dumb wrapper around an + on-disk key.""" + + def __init__(self, path): + self.path = path + + + def get_path(self): + """Returns the path to a file that contains the key contents.""" + return self.path + + +def get_or_generate_key(generation_arguments, path): + """Helper function to either retrieve a key from an existing file |path|, or + generate a new one using the command line |generation_arguments|.""" + + generation_arguments_str = ' '.join(generation_arguments) + + # If the file doesn't already exist, generate a new key using the generation + # parameters. + if not os.path.isfile(path): + key_contents = subprocess.check_output(generation_arguments) + + # Prepend the generation parameters to the key file. + write_string_to_file(generation_arguments_str + '\n' + key_contents, + path) + else: + # If the path already exists, confirm that it is for the expected key type. + first_line = read_file_to_string(path).splitlines()[0] + if first_line != generation_arguments_str: + sys.stderr.write(('\nERROR: The existing key file:\n %s\nis not ' + 'compatible with the requested parameters:\n "%s" vs "%s".\n' + 'Delete the file if you want to re-generate it with the new ' + 'parameters, otherwise pick a new filename\n') % ( + path, first_line, generation_arguments_str)) + sys.exit(1) + + return Key(path) + + +def get_or_generate_rsa_key(size_bits, path): + """Retrieves an existing key from a file if the path exists. Otherwise + generates an RSA key with the specified bit size and saves it to the path.""" + return get_or_generate_key(['openssl', 'genrsa', str(size_bits)], path) + + +def get_or_generate_ec_key(named_curve, path): + """Retrieves an existing key from a file if the path exists. Otherwise + generates an EC key with the specified named curve and saves it to the + path.""" + return get_or_generate_key(['openssl', 'ecparam', '-name', named_curve, + '-genkey'], path) + + +def create_key_path(base_name): + """Generates a name that contains |base_name| in it, and is relative to the + "keys/" directory. If create_key_path(xxx) is called more than once during + the script run, a suffix will be added.""" + + # Save keys to CWD/keys/*.key + keys_dir = 'keys' + + # Create the keys directory if it doesn't exist + if not os.path.exists(keys_dir): + os.makedirs(keys_dir) + + return get_unique_path_id(os.path.join(keys_dir, base_name)) + '.key' + + +class Certificate(object): + """Helper for building an X.509 certificate.""" + + def __init__(self, name, cert_type, issuer): + # The name will be used for the subject's CN, and also as a component of + # the temporary filenames to help with debugging. + self.name = name + self.path_id = get_unique_path_id(name) + + # Allow the caller to override the key later. If no key was set will + # auto-generate one. + self.key = None + + # The issuer is also a Certificate object. Passing |None| means it is a + # self-signed certificate. + self.issuer = issuer + if issuer is None: + self.issuer = self + + # The config contains all the OpenSSL options that will be passed via a + # .cnf file. Set up defaults. + self.config = openssl_conf.Config() + self.init_config() + + # Some settings need to be passed as flags rather than in the .cnf file. + # Technically these can be set though a .cnf, however doing so makes it + # sticky to the issuing certificate, rather than selecting it per + # subordinate certificate. + self.validity_flags = [] + self.md_flags = [] + + # By default OpenSSL will use the current time for the start time. Instead + # default to using a fixed timestamp for more predictable results each time + # the certificates are re-generated. + self.set_validity_range(g_default_start_date, g_default_end_date) + + # Use SHA-256 when THIS certificate is signed (setting it in the + # configuration would instead set the hash to use when signing other + # certificates with this one). + self.set_signature_hash('sha256') + + # Set appropriate key usages and basic constraints. For flexibility in + # testing (since want to generate some flawed certificates) these are set + # on a per-certificate basis rather than automatically when signing. + if cert_type == TYPE_END_ENTITY: + self.get_extensions().set_property('keyUsage', + 'critical,digitalSignature,keyEncipherment') + self.get_extensions().set_property('extendedKeyUsage', + 'serverAuth,clientAuth') + else: + self.get_extensions().set_property('keyUsage', + 'critical,keyCertSign,cRLSign') + self.get_extensions().set_property('basicConstraints', 'critical,CA:true') + + # Tracks whether the PEM file for this certificate has been written (since + # generation is done lazily). + self.finalized = False + + # Initialize any files that will be needed if this certificate is used to + # sign other certificates. Starts off serial numbers at 1, and will + # increment them for each signed certificate. + if not os.path.exists(self.get_serial_path()): + write_string_to_file('01\n', self.get_serial_path()) + if not os.path.exists(self.get_database_path()): + write_string_to_file('', self.get_database_path()) + + + def set_validity_range(self, start_date, end_date): + """Sets the Validity notBefore and notAfter properties for the + certificate""" + self.validity_flags = ['-startdate', start_date, '-enddate', end_date] + + + def set_signature_hash(self, md): + """Sets the hash function that will be used when signing this certificate. + Can be sha1, sha256, sha512, md5, etc.""" + self.md_flags = ['-md', md] + + + def get_extensions(self): + return self.config.get_section('req_ext') + + + def get_path(self, suffix): + """Forms a path to an output file for this certificate, containing the + indicated suffix. The certificate's name will be used as its basis.""" + return os.path.join(g_tmp_dir, '%s%s' % (self.path_id, suffix)) + + + def get_name_path(self, suffix): + """Forms a path to an output file for this CA, containing the indicated + suffix. If multiple certificates have the same name, they will use the same + path.""" + return get_path_in_tmp_dir(self.name, suffix) + + + def set_key(self, key): + assert self.finalized is False + self.set_key_internal(key) + + + def set_key_internal(self, key): + self.key = key + + # Associate the private key with the certificate. + section = self.config.get_section('root_ca') + section.set_property('private_key', self.key.get_path()) + + + def get_key(self): + if self.key is None: + self.set_key_internal( + get_or_generate_rsa_key(2048, create_key_path(self.name))) + return self.key + + + def get_cert_path(self): + return self.get_path('.pem') + + + def get_serial_path(self): + return self.get_name_path('.serial') + + + def get_csr_path(self): + return self.get_path('.csr') + + + def get_database_path(self): + return self.get_name_path('.db') + + + def get_config_path(self): + return self.get_path('.cnf') + + + def get_cert_pem(self): + # Finish generating a .pem file for the certificate. + self.finalize() + + # Read the certificate data. + return read_file_to_string(self.get_cert_path()) + + + def finalize(self): + """Finishes the certificate creation process. This generates any needed + key, creates and signs the CSR. On completion the resulting PEM file can be + found at self.get_cert_path()""" + + if self.finalized: + return # Already finalized, no work needed. + + self.finalized = True + + # Ensure that the issuer has been "finalized", since its outputs need to be + # accessible. Note that self.issuer could be the same as self. + self.issuer.finalize() + + # Ensure the certificate has a key (gets lazily created by this call if + # missing). + self.get_key() + + # Serialize the config to a file. + self.config.write_to_file(self.get_config_path()) + + # Create a CSR. + subprocess.check_call( + ['openssl', 'req', '-new', + '-key', self.key.get_path(), + '-out', self.get_csr_path(), + '-config', self.get_config_path()]) + + cmd = ['openssl', 'ca', '-batch', '-in', + self.get_csr_path(), '-out', self.get_cert_path(), '-config', + self.issuer.get_config_path()] + + if self.issuer == self: + cmd.append('-selfsign') + + # Add in any extra flags. + cmd.extend(self.validity_flags) + cmd.extend(self.md_flags) + + # Run the 'openssl ca' command. + subprocess.check_call(cmd) + + + def init_config(self): + """Initializes default properties in the certificate .cnf file that are + generic enough to work for all certificates (but can be overridden later). + """ + + # -------------------------------------- + # 'req' section + # -------------------------------------- + + section = self.config.get_section('req') + + section.set_property('encrypt_key', 'no') + section.set_property('utf8', 'yes') + section.set_property('string_mask', 'utf8only') + section.set_property('prompt', 'no') + section.set_property('distinguished_name', 'req_dn') + section.set_property('req_extensions', 'req_ext') + + # -------------------------------------- + # 'req_dn' section + # -------------------------------------- + + # This section describes the certificate subject's distinguished name. + + section = self.config.get_section('req_dn') + section.set_property('commonName', '"%s"' % (self.name)) + + # -------------------------------------- + # 'req_ext' section + # -------------------------------------- + + # This section describes the certificate's extensions. + + section = self.config.get_section('req_ext') + section.set_property('subjectKeyIdentifier', 'hash') + + # -------------------------------------- + # SECTIONS FOR CAs + # -------------------------------------- + + # The following sections are used by the 'openssl ca' and relate to the + # signing operation. They are not needed for end-entity certificate + # configurations, but only if this certifiate will be used to sign other + # certificates. + + # -------------------------------------- + # 'ca' section + # -------------------------------------- + + section = self.config.get_section('ca') + section.set_property('default_ca', 'root_ca') + + section = self.config.get_section('root_ca') + section.set_property('certificate', self.get_cert_path()) + section.set_property('new_certs_dir', g_tmp_dir) + section.set_property('serial', self.get_serial_path()) + section.set_property('database', self.get_database_path()) + section.set_property('unique_subject', 'no') + + # These will get overridden via command line flags. + section.set_property('default_days', '365') + section.set_property('default_md', 'sha256') + + section.set_property('policy', 'policy_anything') + section.set_property('email_in_dn', 'no') + section.set_property('preserve', 'yes') + section.set_property('name_opt', 'multiline,-esc_msb,utf8') + section.set_property('cert_opt', 'ca_default') + section.set_property('copy_extensions', 'copy') + section.set_property('x509_extensions', 'signing_ca_ext') + section.set_property('default_crl_days', '30') + section.set_property('crl_extensions', 'crl_ext') + + section = self.config.get_section('policy_anything') + section.set_property('domainComponent', 'optional') + section.set_property('countryName', 'optional') + section.set_property('stateOrProvinceName', 'optional') + section.set_property('localityName', 'optional') + section.set_property('organizationName', 'optional') + section.set_property('organizationalUnitName', 'optional') + section.set_property('commonName', 'optional') + section.set_property('emailAddress', 'optional') + + section = self.config.get_section('signing_ca_ext') + section.set_property('subjectKeyIdentifier', 'hash') + section.set_property('authorityKeyIdentifier', 'keyid:always') + section.set_property('authorityInfoAccess', '@issuer_info') + section.set_property('crlDistributionPoints', '@crl_info') + + section = self.config.get_section('issuer_info') + section.set_property('caIssuers;URI.0', + 'http://url-for-aia/%s.cer' % (self.name)) + + section = self.config.get_section('crl_info') + section.set_property('URI.0', 'http://url-for-crl/%s.crl' % (self.name)) + + section = self.config.get_section('crl_ext') + section.set_property('authorityKeyIdentifier', 'keyid:always') + section.set_property('authorityInfoAccess', '@issuer_info') + + +def text_data_to_pem(block_header, text_data): + return '%s\n-----BEGIN %s-----\n%s\n-----END %s-----\n' % (text_data, + block_header, base64.b64encode(text_data), block_header) + + +def write_chain(description, chain, out_pem): + """Writes the chain to a .pem file as a series of CERTIFICATE blocks""" + + # Prepend the script name that generated the file to the description. + test_data = '[Created by: %s]\n\n%s\n' % (sys.argv[0], description) + + # Write the certificate chain to the output file. + for cert in chain: + test_data += '\n' + cert.get_cert_pem() + + write_string_to_file(test_data, out_pem) + + +def write_string_to_file(data, path): + with open(path, 'w') as f: + f.write(data) + + +def read_file_to_string(path): + with open(path, 'r') as f: + return f.read() + + +def init(invoking_script_path): + """Creates an output directory to contain all the temporary files that may be + created, as well as determining the path for the final output. These paths + are all based off of the name of the calling script. + """ + + global g_tmp_dir + + # The scripts assume to be run from within their containing directory (paths + # to things like "keys/" are written relative). + expected_cwd = os.path.realpath(os.path.dirname(invoking_script_path)) + actual_cwd = os.path.realpath(os.getcwd()) + if actual_cwd != expected_cwd: + sys.stderr.write( + ('Your current working directory must be that containing the python ' + 'scripts:\n%s\nas the script may reference paths relative to this\n') + % (expected_cwd)) + sys.exit(1) + + # Use an output directory with the same name as the invoking script. + g_tmp_dir = 'out' + + # Ensure the output directory exists and is empty. + sys.stdout.write('Creating output directory: %s\n' % (g_tmp_dir)) + shutil.rmtree(g_tmp_dir, True) + os.makedirs(g_tmp_dir) + + +def create_self_signed_root_certificate(name): + return Certificate(name, TYPE_CA, None) + + +def create_intermediate_certificate(name, issuer): + return Certificate(name, TYPE_CA, issuer) + + +def create_end_entity_certificate(name, issuer): + return Certificate(name, TYPE_END_ENTITY, issuer) + +init(sys.argv[0]) diff --git a/chromium/net/data/gencerts/openssl_conf.py b/chromium/net/data/gencerts/openssl_conf.py new file mode 100755 index 00000000000..fe1838d6638 --- /dev/null +++ b/chromium/net/data/gencerts/openssl_conf.py @@ -0,0 +1,136 @@ +#!/usr/bin/python +# Copyright (c) 2015 The Chromium Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +"""This file contains helpers for representing, manipulating, and writing +OpenSSL configuration files [1] + +Configuration files are simply a collection of name=value "properties", which +are grouped into "sections". + +[1] https://www.openssl.org/docs/manmaster/apps/config.html +""" + +class Property(object): + """Represents a key/value pair in OpenSSL .cnf files. + + Names and values are not quoted in any way, so callers need to pass the text + exactly as it should be written to the file (leading and trailing whitespace + doesn't matter). + + For instance: + baseConstraints = critical, CA:false + + Could be represented by a Property where: + name = 'baseConstraints' + value = 'critical, CA:false' + """ + def __init__(self, name, value): + self.name = name + self.value = value + + + def write_to(self, out): + """Outputs this property to .cnf file.""" + out.write('%s = %s\n' % (self.name, self.value)) + + +class Section(object): + """Represents a section in OpenSSL. For instance: + [CA_root] + preserve = true + + Could be represented by a Section where: + name = 'CA_root' + properties = [Property('preserve', 'true')] + """ + def __init__(self, name): + self.name = name + self.properties = [] + + + def ensure_property_name_not_duplicated(self, name): + """Raises an exception of there is more than 1 property named |name|.""" + count = 0 + for prop in self.properties: + if prop.name == name: + count += 1 + if count > 1: + raise Exception('Duplicate property: %s' % (name)) + + + def set_property(self, name, value): + """Replaces, adds, or removes a Property from the Section: + + - If |value| is None, then this is equivalent to calling + remove_property(name) + - If there is an existing property matching |name| then its value is + replaced with |value| + - If there are no properties matching |name| then a new one is added at + the end of the section + + It is expected that there is AT MOST 1 property with the given name. If + that is not the case then this function will raise an error.""" + + if value is None: + self.remove_property(name) + return + + self.ensure_property_name_not_duplicated(name) + + for prop in self.properties: + if prop.name == name: + prop.value = value + return + + self.add_property(name, value) + + + def add_property(self, name, value): + """Adds a property (allows duplicates)""" + self.properties.append(Property(name, value)) + + + def remove_property(self, name): + """Removes the property with the indicated name, if it exists. + + It is expected that there is AT MOST 1 property with the given name. If + that is not the case then this function will raise an error.""" + self.ensure_property_name_not_duplicated(name) + + for i in range(len(self.properties)): + if self.properties[i].name == name: + self.properties.pop(i) + return + + + def write_to(self, out): + """Outputs the section in the format used by .cnf files""" + out.write('[%s]\n' % (self.name)) + for prop in self.properties: + prop.write_to(out) + out.write('\n') + + +class Config(object): + """Represents a .cnf (configuration) file in OpenSSL""" + def __init__(self): + self.sections = [] + + + def get_section(self, name): + """Gets or creates a section with the given name.""" + for section in self.sections: + if section.name == name: + return section + new_section = Section(name) + self.sections.append(new_section) + return new_section + + + def write_to_file(self, path): + """Outputs the Config to a .cnf files.""" + with open(path, 'w') as out: + for section in self.sections: + section.write_to(out) diff --git a/chromium/net/data/ssl/certificates/README b/chromium/net/data/ssl/certificates/README index e70316247ec..3c0f4ac7cc6 100644 --- a/chromium/net/data/ssl/certificates/README +++ b/chromium/net/data/ssl/certificates/README @@ -114,11 +114,16 @@ unit tests. NSS certificate nickname for a user certificate. This certificate's Subject field doesn't have a common name. -- quic_intermediate.crt -- quic_test_ecc.example.com.crt -- quic_test.example.com.crt -- quic_root.crt - These certificates are used by the ProofVerifier's unit tests of QUIC. +===== From net/data/ssl/scripts/generate-quic-chain.sh +- quic-chain.pem +- quic-leaf-cert.key +- quic-leaf-cert.key.pkcs8.pem +- quic-root.pem + These certificates are used by integration tests that use QUIC. + +- quic-leaf-cert.key.sct + This isn't generated and just contains a simple text file (the contents + don't actually matter, just the presence of the file). ===== From net/data/ssl/scripts/generate-test-certs.sh - expired_cert.pem @@ -180,11 +185,11 @@ unit tests. - pre_june_2016.pem - post_june_2016.pem +- dec_2017.pem Certs to test that policies related to enforcing CT on Symantec are - properly gated on the issuance date. These files also contain legacy - Symantec roots to simulate a chain for testing the upcoming Symantec - distrust events; see https://g.co/chrome/symantecpkicerts. (Note, - however, that the leaf and root do not actually form a chain.) + properly gated on the issuance date. See + https://g.co/chrome/symantecpkicerts. (Note, however, that the leaf and + root do not actually form a chain.) - tls_feature_extension.pem A certificate that contains the TLS Feature Extension. diff --git a/chromium/net/data/ssl/certificates/common_name_only.pem b/chromium/net/data/ssl/certificates/common_name_only.pem new file mode 100644 index 00000000000..5f7811a0a46 --- /dev/null +++ b/chromium/net/data/ssl/certificates/common_name_only.pem @@ -0,0 +1,109 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCp1J9FuvCmfgoP +pUn3w+iVRBwBOCXlZyzRcfRsiOfEGNnY8gEDNoyccKFHnj5rtJ/kQc9IgcZC2nob +qUSdHBEhUjKZbDZXOTXlBmpVY3qw0edMgwS9SSmaM5axPXEqJn7KShyzEC+3qux1 +T+gH8DBgwiP2qjM1A6nqf0/QDDms15sKhZJm9Z/MBpbpO/4zPjYSdsADv9sc7uyU +xRnNp3PQWu/hZjgg9w0tZWOzBaKHTHJLV+wH8frRqwLdHoB+gSIUfmNnGHKe59ia +rWjGU4l5b4kOVS8e5dSfdvNLbUM8z8dMvRq68fJnCJLkqnV7cehYmi+c6iGvDbkV +y7vVzfWnAgMBAAECggEALyW5+c/GE1KWVHWcrU4T+axo4eXGj4MvLA4ovyDaxtPn +VpUItu2j56JVA97okVoZsXKbqxNsCQ9CKv+47qzmDIwXRASIqXpWffhj+MSfQQtk +3Rbab/optIdx5E6cZgk91cbxZLyvopuu/XprfhiuNY5wEYB6qtMTjug9LhLWyCa3 +N2tTlIi8qMa79HPYcJ3l7en8jXrx+/856hCGGXXNP6H3HP4Kf171tZryDuekJhwt +pm6chDeFMkvJVa8GflKUxC5aVqhb84apCArvuaP/IXlDf0mEcyToyTjQaHitWtYo +BqueC3wMU5e5TvfQ3CKutWP3L9fQzU/mzpbEAuMMcQKBgQDUU47C0xwaIhfTyY2V +j9xDoEyJiRiaw0wUg2WtlNyIfUCOJSFxHeXqCmu1TurBxoNprlWZCf+myBR7hKXV +XbjRSluo7EFe6qF5ZxfVkTgaggSUmqd65kCDGyWQTZQ4tw+qal6T3TekJOwoAPa0 +ifKfPmzW/uleFwsXRJb5ydNA3QKBgQDMw13gt6s9xSAjvmZwdHdwb7712K4RrcoL +vrdOI6HEVDYsu2+zJxEtp0koE1Dk5LBUP4VAaDw1ABcx+Qon29mFy/orc8uH0PEu +SES6kZxr70eKJ67jvgs370m8zM+IJsC4RJ1wu09Q0vsdJ2TZLG5jlQD1no08Ta37 +Wv27zenGUwKBgH7ukPsBj9xDo3D2HlFaFnjLPNZAAliLBlGBF+kEhC6Iim4v3mUs +VYVrw2Y5jnhXf7pPAVcjNhVzqWMKMsVyaQmdZVyAGLhwliXorsP7M8oNDkX0iskb +G1gFg5hX+JNLRO9A9dd5uUjE1fU4VkQp78SpYhHJhKO+LOA1HfioYkV1AoGALHAt +3Iof2M0CN5+nvboY/cbSq6o1xNJxqfDe+U9UWTZpd3XKPRg6ay0F/HOMt9BF0FLk +yWCVyG7XmdnRcWsOHzJwfaOoxTX8Ua4PdGoLh4UrgnkwRG7HIoGFADt2wraeVp9V +h9Su1vyi0OXuxg8VefkpdyTMxAybuJQ7wtliZc8CgYEAouBfKjc3xn/jrf++kgie +taZ+ormKZs2mfTfcEMeQv7Bd7sEUWCoRevdorTlHaw1DKBqFq56Y1v3ppH83C6DH +5v1+43M6zq7qWGSgf5nbQ1ZBMUR0FMcBujc9JFX52Zc7ScvE1hwMT3lBJut/ln5W +h1oQd50MoCr4WE39Em4/H3o= +-----END PRIVATE KEY----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 24 (0x18) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=California, L=Mountain View, O=Test CA, CN=Test Root CA + Validity + Not Before: Dec 20 00:00:00 2017 GMT + Not After : Dec 20 00:00:00 2020 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:a9:d4:9f:45:ba:f0:a6:7e:0a:0f:a5:49:f7:c3: + e8:95:44:1c:01:38:25:e5:67:2c:d1:71:f4:6c:88: + e7:c4:18:d9:d8:f2:01:03:36:8c:9c:70:a1:47:9e: + 3e:6b:b4:9f:e4:41:cf:48:81:c6:42:da:7a:1b:a9: + 44:9d:1c:11:21:52:32:99:6c:36:57:39:35:e5:06: + 6a:55:63:7a:b0:d1:e7:4c:83:04:bd:49:29:9a:33: + 96:b1:3d:71:2a:26:7e:ca:4a:1c:b3:10:2f:b7:aa: + ec:75:4f:e8:07:f0:30:60:c2:23:f6:aa:33:35:03: + a9:ea:7f:4f:d0:0c:39:ac:d7:9b:0a:85:92:66:f5: + 9f:cc:06:96:e9:3b:fe:33:3e:36:12:76:c0:03:bf: + db:1c:ee:ec:94:c5:19:cd:a7:73:d0:5a:ef:e1:66: + 38:20:f7:0d:2d:65:63:b3:05:a2:87:4c:72:4b:57: + ec:07:f1:fa:d1:ab:02:dd:1e:80:7e:81:22:14:7e: + 63:67:18:72:9e:e7:d8:9a:ad:68:c6:53:89:79:6f: + 89:0e:55:2f:1e:e5:d4:9f:76:f3:4b:6d:43:3c:cf: + c7:4c:bd:1a:ba:f1:f2:67:08:92:e4:aa:75:7b:71: + e8:58:9a:2f:9c:ea:21:af:0d:b9:15:cb:bb:d5:cd: + f5:a7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + 41:E5:87:59:14:3F:3E:99:24:67:DF:F8:B7:59:F6:81:3D:9C:F7:14 + X509v3 Authority Key Identifier: + keyid:9B:26:0B:8A:98:A9:BB:1D:B9:1F:1C:E3:1A:40:33:ED:8E:17:88:AB + + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + 39:41:78:9d:38:e1:d2:7e:92:34:7a:da:32:6c:2d:51:d6:a4: + c1:d9:84:5f:24:2e:8f:ce:a8:60:29:ba:01:01:4b:a3:e0:fe: + 56:9c:5a:0b:8b:9f:b1:b6:55:89:0e:40:8f:09:0c:10:f1:dc: + 9a:3d:85:7c:ef:83:f9:0e:42:81:89:ac:a4:11:b9:e9:fd:db: + 58:54:63:51:66:5c:0e:0e:42:68:58:d9:0e:aa:54:70:6d:e7: + 51:e5:8b:fd:d0:da:dd:7b:b9:97:55:42:42:e7:39:b4:4b:4b: + c4:89:90:d1:6e:4b:0a:fd:cc:a8:a3:a7:70:ed:d6:e8:c4:09: + 80:d7:b0:09:ae:db:d2:4b:4f:0a:ec:73:28:bf:6f:cb:61:bd: + ab:5f:9a:2d:81:5e:e0:be:8c:32:d1:24:ea:a3:83:04:b8:81: + 97:e2:26:91:a2:fa:da:18:fa:54:58:46:d9:38:9b:66:b0:80: + 1d:a3:55:5b:86:7d:77:ca:0c:ba:e1:e6:c5:8c:e3:08:73:0f: + 73:b7:8b:42:75:6b:62:6e:bf:73:2d:4c:11:07:b4:b7:a0:72: + 0d:23:08:4b:65:8e:fd:1d:61:15:e6:d0:a5:ad:31:0b:d4:35: + 3a:f7:aa:e7:50:38:a2:dc:b0:24:52:9d:86:fc:ce:1a:d8:29: + 4b:de:82:af +-----BEGIN CERTIFICATE----- +MIIDrTCCApWgAwIBAgIBGDANBgkqhkiG9w0BAQsFADBjMQswCQYDVQQGEwJVUzET +MBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzEQMA4G +A1UECgwHVGVzdCBDQTEVMBMGA1UEAwwMVGVzdCBSb290IENBMB4XDTE3MTIyMDAw +MDAwMFoXDTIwMTIyMDAwMDAwMFowYDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNh +bGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3Qg +Q0ExEjAQBgNVBAMMCTEyNy4wLjAuMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBAKnUn0W68KZ+Cg+lSffD6JVEHAE4JeVnLNFx9GyI58QY2djyAQM2jJxw +oUeePmu0n+RBz0iBxkLaehupRJ0cESFSMplsNlc5NeUGalVjerDR50yDBL1JKZoz +lrE9cSomfspKHLMQL7eq7HVP6AfwMGDCI/aqMzUDqep/T9AMOazXmwqFkmb1n8wG +luk7/jM+NhJ2wAO/2xzu7JTFGc2nc9Ba7+FmOCD3DS1lY7MFoodMcktX7Afx+tGr +At0egH6BIhR+Y2cYcp7n2JqtaMZTiXlviQ5VLx7l1J9280ttQzzPx0y9Grrx8mcI +kuSqdXtx6FiaL5zqIa8NuRXLu9XN9acCAwEAAaNvMG0wDAYDVR0TAQH/BAIwADAd +BgNVHQ4EFgQUQeWHWRQ/PpkkZ9/4t1n2gT2c9xQwHwYDVR0jBBgwFoAUmyYLipip +ux25HxzjGkAz7Y4XiKswHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0G +CSqGSIb3DQEBCwUAA4IBAQA5QXidOOHSfpI0etoybC1R1qTB2YRfJC6PzqhgKboB +AUuj4P5WnFoLi5+xtlWJDkCPCQwQ8dyaPYV874P5DkKBiaykEbnp/dtYVGNRZlwO +DkJoWNkOqlRwbedR5Yv90Nrde7mXVUJC5zm0S0vEiZDRbksK/cyoo6dw7dboxAmA +17AJrtvSS08K7HMov2/LYb2rX5otgV7gvowy0STqo4MEuIGX4iaRovraGPpUWEbZ +OJtmsIAdo1Vbhn13ygy64ebFjOMIcw9zt4tCdWtibr9zLUwRB7S3oHINIwhLZY79 +HWEV5tClrTEL1DU696rnUDii3LAkUp2G/M4a2ClL3oKv +-----END CERTIFICATE----- diff --git a/chromium/net/data/ssl/certificates/crlset_by_leaf_subject_no_spki.raw b/chromium/net/data/ssl/certificates/crlset_by_leaf_subject_no_spki.raw Binary files differnew file mode 100644 index 00000000000..3a22aa7dd4c --- /dev/null +++ b/chromium/net/data/ssl/certificates/crlset_by_leaf_subject_no_spki.raw diff --git a/chromium/net/data/ssl/certificates/crlset_by_root_subject.raw b/chromium/net/data/ssl/certificates/crlset_by_root_subject.raw Binary files differnew file mode 100644 index 00000000000..95404126d17 --- /dev/null +++ b/chromium/net/data/ssl/certificates/crlset_by_root_subject.raw diff --git a/chromium/net/data/ssl/certificates/crlset_by_root_subject_no_spki.raw b/chromium/net/data/ssl/certificates/crlset_by_root_subject_no_spki.raw Binary files differnew file mode 100644 index 00000000000..d556a83ada6 --- /dev/null +++ b/chromium/net/data/ssl/certificates/crlset_by_root_subject_no_spki.raw diff --git a/chromium/net/data/ssl/certificates/dec_2017.pem b/chromium/net/data/ssl/certificates/dec_2017.pem new file mode 100644 index 00000000000..e0dff799390 --- /dev/null +++ b/chromium/net/data/ssl/certificates/dec_2017.pem @@ -0,0 +1,84 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 25 (0x19) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=California, L=Mountain View, O=Test CA, CN=Test Root CA + Validity + Not Before: Dec 20 00:00:00 2017 GMT + Not After : Dec 20 00:00:00 2020 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:d0:c1:27:76:2d:56:e6:b9:e3:23:b9:b6:c3:0e: + f4:8c:cb:73:85:0e:45:ed:b8:ea:e6:21:b6:60:56: + 1d:b7:24:72:b9:51:72:68:07:22:9f:8f:fd:47:c7: + da:9b:7b:5c:ad:e8:f5:6a:72:4d:8b:e4:55:fc:c6: + 41:d8:53:5e:0a:ba:35:4e:bc:98:21:d0:c2:ae:f7: + ff:ec:8f:26:eb:a1:71:74:11:b7:21:fd:38:04:5a: + e5:42:3d:02:28:05:3a:8d:2d:9b:5e:7b:39:35:e4: + fe:59:a8:98:39:c7:6c:d1:9e:1a:d7:c3:11:78:cb: + 44:72:e4:a0:89:83:e2:f8:de:c9:46:3a:c5:71:7f: + af:ee:e5:ba:1f:fa:97:19:f0:d0:5c:32:81:d3:7d: + 80:99:70:49:2a:ba:c8:40:b0:32:51:ec:16:3b:4d: + 61:05:e2:dc:b9:24:f0:a6:6b:ad:cd:53:1d:cd:9a: + ba:bb:df:96:f1:ac:e6:5e:03:cb:98:07:da:21:6e: + 8c:ac:56:37:39:15:d4:ab:b0:43:d1:64:7a:05:59: + f8:f8:bd:4e:31:c7:8c:d6:23:e8:3d:99:ea:75:78: + 25:8d:1a:83:32:39:ec:ec:69:ef:76:cc:b6:cf:06: + 0e:1d:ca:ac:8c:b7:10:a7:d2:ec:18:86:7c:6f:20: + 9c:bf + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + 4F:62:A1:56:D4:81:D5:18:65:C6:E0:DC:91:72:07:32:58:0C:79:EE + X509v3 Authority Key Identifier: + keyid:9B:26:0B:8A:98:A9:BB:1D:B9:1F:1C:E3:1A:40:33:ED:8E:17:88:AB + + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha256WithRSAEncryption + a5:16:f1:6f:8d:ab:b2:d7:c1:f6:98:98:d4:2d:8d:0f:85:09: + 65:73:f4:72:40:66:8b:28:f3:e4:d8:b8:8e:21:2b:9f:27:f2: + ab:0f:b6:e7:94:9a:1c:b1:58:9a:71:5e:79:d4:1b:9b:11:f3: + 52:ee:a2:00:85:75:d5:a0:6e:af:11:39:cd:72:f8:a8:57:09: + 09:4f:df:e7:42:26:63:08:a2:fb:19:ff:ab:97:e4:f1:01:7c: + df:e5:87:58:e7:90:e6:61:c0:f8:35:89:5f:4b:f2:f0:ae:cb: + 1a:69:3b:1f:0b:ac:38:18:28:5a:ca:92:75:fa:ee:56:69:dd: + dc:e8:c4:db:8f:84:20:d2:50:ee:34:32:e6:2f:90:aa:12:3d: + db:56:a3:38:0f:80:b7:f5:32:b6:12:b8:30:1c:14:84:83:4e: + 7b:42:49:16:ef:1e:b0:3a:f5:03:30:72:86:1f:0d:77:1a:7b: + 44:8b:60:e4:34:49:d8:b0:af:8d:a6:f1:08:70:b3:69:54:5f: + e0:2f:6d:42:2f:ff:68:07:fd:cf:c1:f7:fa:e7:5f:fe:1f:93: + ba:02:01:29:69:37:97:6a:16:03:7f:2d:0c:b2:2a:d8:43:13: + ed:cf:1b:2d:1f:b0:f3:b6:e1:98:cb:92:d3:26:5e:f4:a7:a3: + 90:de:6a:ab +-----BEGIN CERTIFICATE----- +MIIDvzCCAqegAwIBAgIBGTANBgkqhkiG9w0BAQsFADBjMQswCQYDVQQGEwJVUzET +MBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzEQMA4G +A1UECgwHVGVzdCBDQTEVMBMGA1UEAwwMVGVzdCBSb290IENBMB4XDTE3MTIyMDAw +MDAwMFoXDTIwMTIyMDAwMDAwMFowYDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNh +bGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3Qg +Q0ExEjAQBgNVBAMMCTEyNy4wLjAuMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBANDBJ3YtVua54yO5tsMO9IzLc4UORe246uYhtmBWHbckcrlRcmgHIp+P +/UfH2pt7XK3o9WpyTYvkVfzGQdhTXgq6NU68mCHQwq73/+yPJuuhcXQRtyH9OARa +5UI9AigFOo0tm157OTXk/lmomDnHbNGeGtfDEXjLRHLkoImD4vjeyUY6xXF/r+7l +uh/6lxnw0FwygdN9gJlwSSq6yECwMlHsFjtNYQXi3Lkk8KZrrc1THc2aurvflvGs +5l4Dy5gH2iFujKxWNzkV1KuwQ9FkegVZ+Pi9TjHHjNYj6D2Z6nV4JY0agzI57Oxp +73bMts8GDh3KrIy3EKfS7BiGfG8gnL8CAwEAAaOBgDB+MAwGA1UdEwEB/wQCMAAw +HQYDVR0OBBYEFE9ioVbUgdUYZcbg3JFyBzJYDHnuMB8GA1UdIwQYMBaAFJsmC4qY +qbsduR8c4xpAM+2OF4irMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAP +BgNVHREECDAGhwR/AAABMA0GCSqGSIb3DQEBCwUAA4IBAQClFvFvjauy18H2mJjU +LY0PhQllc/RyQGaLKPPk2LiOISufJ/KrD7bnlJocsViacV551BubEfNS7qIAhXXV +oG6vETnNcvioVwkJT9/nQiZjCKL7Gf+rl+TxAXzf5YdY55DmYcD4NYlfS/Lwrssa +aTsfC6w4GChaypJ1+u5Wad3c6MTbj4Qg0lDuNDLmL5CqEj3bVqM4D4C39TK2Ergw +HBSEg057QkkW7x6wOvUDMHKGHw13GntEi2DkNEnYsK+NpvEIcLNpVF/gL21CL/9o +B/3Pwff651/+H5O6AgEpaTeXahYDfy0MsirYQxPtzxstH7DztuGYy5LTJl70p6OQ +3mqr +-----END CERTIFICATE----- diff --git a/chromium/net/data/ssl/certificates/quic-chain.pem b/chromium/net/data/ssl/certificates/quic-chain.pem new file mode 100644 index 00000000000..ab0893b282f --- /dev/null +++ b/chromium/net/data/ssl/certificates/quic-chain.pem @@ -0,0 +1,147 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Test Intermediate CA + Validity + Not Before: Dec 18 23:44:03 2017 GMT + Not After : Dec 16 23:44:03 2027 GMT + Subject: CN=test.example.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:b2:56:6f:7e:d4:b4:b6:4e:e3:15:8e:8a:e9:46: + 06:15:63:4c:6d:3a:32:67:c7:14:a4:17:fc:b7:04: + 98:fb:b5:11:ae:93:1c:20:73:15:cd:b3:bc:ee:61: + 82:8e:cb:b8:78:ca:6d:e6:57:73:f3:45:6e:1e:c3: + 27:5d:af:5e:52:6d:12:47:44:72:3d:7d:8a:c1:47: + 50:19:4a:21:a4:08:b4:cc:2e:9c:a2:2a:ce:1b:87: + 82:ae:3a:23:b0:dd:d2:3e:64:fe:ce:a6:35:34:93: + 07:f8:88:6e:c8:be:b2:0b:5f:9c:96:0e:79:1c:a3: + 2b:c9:23:5a:8a:1f:1e:17:e2:a9:d4:3c:49:22:29: + 43:fa:63:55:3c:72:62:4a:d1:72:5a:ae:75:a8:14: + 67:eb:58:88:ce:11:0c:bf:09:67:f2:bb:c8:80:3e: + 4a:f0:35:ad:d2:dc:43:a3:2f:da:c6:3b:1c:6e:76: + 70:31:73:cc:33:5b:4f:36:dc:f3:8f:9f:a6:07:6d: + 61:e0:66:6f:2c:76:bd:85:a3:8b:d0:8a:ce:c4:bc: + 97:e0:ed:e1:29:df:a1:62:b9:ad:d8:0f:1a:f8:ae: + 44:fe:a6:28:95:c4:cc:df:b5:f7:6d:46:ae:ef:9b: + af:73:50:1d:9f:f0:c7:a0:ef:37:4b:13:73:96:24: + 95:0f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + DNS:test.example.com + Signature Algorithm: sha256WithRSAEncryption + bd:55:54:e5:ac:2b:e6:6f:c9:45:b7:77:97:af:37:e6:6b:60: + cb:51:0f:b0:2c:40:71:39:73:7a:0b:6f:37:a5:cc:40:4f:d1: + 43:3d:8e:1d:37:ba:ff:2d:7b:80:21:fd:ec:e4:7c:20:6a:ce: + 6e:28:9b:c1:4e:9e:1e:17:1f:cb:04:61:c1:d0:72:0c:31:f6: + ee:2b:a9:9c:29:6b:45:bd:97:57:a6:25:f3:f0:6b:08:3f:4e: + 00:33:cf:47:3b:50:4a:15:a7:a0:c8:e0:8b:86:7b:48:3e:39: + 15:00:0a:aa:79:3c:8d:fd:d7:4a:68:2f:05:2b:60:2a:d1:7e: + 1c:bc:06:e9:b7:51:35:71:d7:6b:f4:b8:f3:17:d7:f1:d4:8d: + f8:0e:4a:11:34:4d:d9:19:70:33:0a:66:e6:4c:11:93:90:5c: + 5d:a1:f3:8a:1c:ce:0c:12:5e:a9:6b:e1:1f:eb:b3:65:b8:bc: + 1a:48:af:cc:af:fc:db:3e:0b:32:47:8d:fc:ed:b3:50:9a:65: + b8:19:eb:db:18:21:5f:e4:1d:c5:87:57:9b:5a:8a:59:16:84: + 8d:27:3e:f9:7a:c0:fa:e7:84:90:da:1a:03:98:b5:c6:a9:52: + ed:df:0e:7a:02:c7:e6:82:d2:06:cb:97:75:90:89:d6:d1:cf: + 43:74:09:f7 +-----BEGIN CERTIFICATE----- +MIIDATCCAemgAwIBAgIBATANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRUZXN0 +IEludGVybWVkaWF0ZSBDQTAeFw0xNzEyMTgyMzQ0MDNaFw0yNzEyMTYyMzQ0MDNa +MBsxGTAXBgNVBAMMEHRlc3QuZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQCyVm9+1LS2TuMVjorpRgYVY0xtOjJnxxSkF/y3BJj7tRGu +kxwgcxXNs7zuYYKOy7h4ym3mV3PzRW4ewyddr15SbRJHRHI9fYrBR1AZSiGkCLTM +LpyiKs4bh4KuOiOw3dI+ZP7OpjU0kwf4iG7IvrILX5yWDnkcoyvJI1qKHx4X4qnU +PEkiKUP6Y1U8cmJK0XJarnWoFGfrWIjOEQy/CWfyu8iAPkrwNa3S3EOjL9rGOxxu +dnAxc8wzW0823POPn6YHbWHgZm8sdr2Fo4vQis7EvJfg7eEp36Fiua3YDxr4rkT+ +piiVxMzftfdtRq7vm69zUB2f8Meg7zdLE3OWJJUPAgMBAAGjTDBKMAwGA1UdEwEB +/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBsGA1UdEQQUMBKC +EHRlc3QuZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQADggEBAL1VVOWsK+ZvyUW3 +d5evN+ZrYMtRD7AsQHE5c3oLbzelzEBP0UM9jh03uv8te4Ah/ezkfCBqzm4om8FO +nh4XH8sEYcHQcgwx9u4rqZwpa0W9l1emJfPwawg/TgAzz0c7UEoVp6DI4IuGe0g+ +ORUACqp5PI3910poLwUrYCrRfhy8Bum3UTVx12v0uPMX1/HUjfgOShE0TdkZcDMK +ZuZMEZOQXF2h84oczgwSXqlr4R/rs2W4vBpIr8yv/Ns+CzJHjfzts1CaZbgZ69sY +IV/kHcWHV5tailkWhI0nPvl6wPrnhJDaGgOYtcapUu3fDnoCx+aC0gbLl3WQidbR +z0N0Cfc= +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Test Root CA + Validity + Not Before: Dec 18 23:44:03 2017 GMT + Not After : Dec 16 23:44:03 2027 GMT + Subject: CN=Test Intermediate CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:e4:cd:89:4c:65:4f:4d:68:bd:2a:7a:4f:0b:10: + 3f:02:d6:2a:5b:5b:76:c8:97:59:67:19:6e:95:45: + c3:38:a4:c7:29:f5:f7:95:52:97:a3:01:19:b2:b3: + ec:09:97:08:4f:f1:db:43:67:50:59:ac:ca:9a:05: + 56:fc:73:42:f3:90:e1:e5:3e:03:75:35:33:d2:df: + aa:3d:f8:ca:16:5e:7e:ef:01:9c:2a:30:eb:c7:cc: + 06:04:90:14:c0:54:f5:96:22:26:30:39:73:c5:c0: + 9d:0d:b0:9f:b0:e5:cf:f6:b1:0c:10:ab:f0:c9:54: + a6:30:d5:b4:fd:a7:23:7f:1e:57:7b:72:d7:af:0d: + a2:3e:4d:b2:c5:51:70:2a:06:2f:66:21:ca:7f:7d: + 6b:60:24:5e:ed:5f:74:ee:4b:b1:f1:ec:54:a0:fb: + 89:05:69:94:78:9b:a4:85:8c:ea:e6:b5:d6:fd:c5: + 6d:98:28:e4:1d:81:1b:26:3b:21:c2:e4:df:bd:a1: + 0d:51:35:40:43:a0:a4:00:66:fa:97:46:d6:9d:95: + ca:da:62:f8:c7:60:6c:e4:89:c2:d0:74:30:fe:2a: + db:54:95:5b:68:5f:ca:bd:e9:af:27:13:fc:c4:6f: + e6:5d:05:92:cc:bc:e4:76:8a:2e:34:0b:5e:39:11: + 75:57 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + Signature Algorithm: sha256WithRSAEncryption + 60:4e:38:f3:7b:00:46:75:8f:d0:4e:08:76:2d:ed:9f:bf:cc: + 50:1b:bf:e4:6d:76:50:fe:fa:7d:46:90:1c:75:f1:3f:47:19: + eb:02:38:cb:3e:56:0f:8f:09:ae:a8:42:d0:e6:5a:31:54:24: + b2:fe:4b:a2:e4:44:14:64:44:d8:50:12:62:4a:06:60:29:22: + 95:bb:c8:7e:dd:d4:7d:a6:dd:3c:0d:fb:71:67:6f:9b:49:05: + 09:7c:5c:63:2b:df:71:aa:ae:92:28:98:73:c2:60:b6:54:10: + f6:f5:54:d6:93:0a:22:56:0a:fd:45:8a:a4:d7:a7:21:df:f5: + 53:07:1c:3b:63:c1:7c:4e:f0:3d:5c:c4:c9:cc:55:ae:ec:fb: + 2e:4f:b0:f9:5b:1d:c3:46:ba:38:f6:ff:8d:b3:3b:d0:7d:15: + 3f:fd:6a:bd:a1:59:18:ff:57:fc:d6:c0:3d:7e:75:61:ff:13: + 09:81:5f:38:82:22:78:78:97:5e:e6:7c:fb:16:a8:92:40:97: + eb:7c:a5:37:da:ca:5f:28:69:e4:63:b7:07:61:ad:e8:5a:e8: + 06:55:c0:34:7c:30:66:1e:9a:7e:ed:cb:c8:14:c1:e3:b3:ac: + 8d:89:9c:6b:b1:ea:eb:71:94:c0:1d:63:b7:d9:82:74:13:0c: + ee:8a:ca:dc +-----BEGIN CERTIFICATE----- +MIIC1DCCAbygAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0 +IFJvb3QgQ0EwHhcNMTcxMjE4MjM0NDAzWhcNMjcxMjE2MjM0NDAzWjAfMR0wGwYD +VQQDDBRUZXN0IEludGVybWVkaWF0ZSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAOTNiUxlT01ovSp6TwsQPwLWKltbdsiXWWcZbpVFwzikxyn195VS +l6MBGbKz7AmXCE/x20NnUFmsypoFVvxzQvOQ4eU+A3U1M9Lfqj34yhZefu8BnCow +68fMBgSQFMBU9ZYiJjA5c8XAnQ2wn7Dlz/axDBCr8MlUpjDVtP2nI38eV3ty168N +oj5NssVRcCoGL2Yhyn99a2AkXu1fdO5LsfHsVKD7iQVplHibpIWM6ua11v3FbZgo +5B2BGyY7IcLk372hDVE1QEOgpABm+pdG1p2Vytpi+MdgbOSJwtB0MP4q21SVW2hf +yr3prycT/MRv5l0Fksy85HaKLjQLXjkRdVcCAwEAAaMjMCEwDwYDVR0TAQH/BAUw +AwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAGBOOPN7AEZ1 +j9BOCHYt7Z+/zFAbv+RtdlD++n1GkBx18T9HGesCOMs+Vg+PCa6oQtDmWjFUJLL+ +S6LkRBRkRNhQEmJKBmApIpW7yH7d1H2m3TwN+3Fnb5tJBQl8XGMr33GqrpIomHPC +YLZUEPb1VNaTCiJWCv1FiqTXpyHf9VMHHDtjwXxO8D1cxMnMVa7s+y5PsPlbHcNG +ujj2/42zO9B9FT/9ar2hWRj/V/zWwD1+dWH/EwmBXziCInh4l17mfPsWqJJAl+t8 +pTfayl8oaeRjtwdhreha6AZVwDR8MGYemn7ty8gUweOzrI2JnGux6utxlMAdY7fZ +gnQTDO6Kytw= +-----END CERTIFICATE----- diff --git a/chromium/net/data/ssl/certificates/quic-leaf-cert.key b/chromium/net/data/ssl/certificates/quic-leaf-cert.key Binary files differnew file mode 100644 index 00000000000..e509d72513b --- /dev/null +++ b/chromium/net/data/ssl/certificates/quic-leaf-cert.key diff --git a/chromium/net/data/ssl/certificates/quic-leaf-cert.key.pkcs8.pem b/chromium/net/data/ssl/certificates/quic-leaf-cert.key.pkcs8.pem new file mode 100644 index 00000000000..00983fc3aae --- /dev/null +++ b/chromium/net/data/ssl/certificates/quic-leaf-cert.key.pkcs8.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCyVm9+1LS2TuMV +jorpRgYVY0xtOjJnxxSkF/y3BJj7tRGukxwgcxXNs7zuYYKOy7h4ym3mV3PzRW4e +wyddr15SbRJHRHI9fYrBR1AZSiGkCLTMLpyiKs4bh4KuOiOw3dI+ZP7OpjU0kwf4 +iG7IvrILX5yWDnkcoyvJI1qKHx4X4qnUPEkiKUP6Y1U8cmJK0XJarnWoFGfrWIjO +EQy/CWfyu8iAPkrwNa3S3EOjL9rGOxxudnAxc8wzW0823POPn6YHbWHgZm8sdr2F +o4vQis7EvJfg7eEp36Fiua3YDxr4rkT+piiVxMzftfdtRq7vm69zUB2f8Meg7zdL +E3OWJJUPAgMBAAECggEAWhFzcB/nQOfoonuCRrxZ2DV1ZPjueiE+mH2Q4bINvZo+ +WufrXawiB+jN86sFsC7NdRvvk1T5t5SKQDkZyaQHRCPYBmxYMhwUlvb4Sj15bgoD +ndewvepWe+rdoja0zd/KDj8dvaqN1oankOr+4J4G992LDPI0UrVKKOSVFosOvMqh +zAJy19KGzfSzBU40xnWk4MEq7ZPksdeMFN5Dv+C4lFCmd/ddTFQ7EcqeSRqv2JCC +fAH9wF6GFUXfYqU7h3CTt686kxhbgle4U5rzr126ByZjysAKv5OnNOEDlNi8D5og +SX/vjuek8eL3Ypmho1Wch+f3w315gs8KWQjx0lcv+QKBgQDlvCRPat/qu0v/hsE7 +iopkV5I3AghzfNXzaHFrwgkXFXu+pArTk3r22aY3strAXfiYp7Blz10+LUrZyvB6 +0wa//Mk3nZ67BcViy1HykJJd6hHXYXxqih8Ig0JQJrD12iEwo3RUZ/G+L4EVOcG/ +kS/C8sUbp3j6mqxJe18xgvCF0wKBgQDGugDL8xfzuqTT3XPhCTmUL1nAO3Xv0vRb +Vuzx0bFeGvAPHWFAb2FtEkXc4pDCPb+73q9ByBwukVB0nPpiaPzlJHGMocBANxh6 +tvO/XMcfmQmhQ+2yXgXEb7/RamULdjn7dlE+0l8kvCI37LYB/lPq2cdA1vnugxkB +55fls4GCVQKBgQC35snyQQ2KK/CEVmzsqtRpyqgjHJ+DQ1VJijvxFNyN/AaY71wz +TgXLASPLxoLSJudP3Dya40oy8bLPcWLcD32BxmuU97oO4GnH0haBZDWmtC8gCMu9 +xV9eQyScYLybsceL1ezTfHnJ0uE0Co4MOb7QAeLDZmazxYlRMU9cpQLBPQKBgQCT +yYwCIHy1kx41OUGOH3AklbonTZD9k2KJ8vEvPQSsuVfBxdWnN626kZZHGG8TJRzL +uGWZhBoBP6wXrQ4/1VgNiLaxITF6D/8yc5B9xZ+IDiWtOnkw5t9fIMQEFx2iEoA4 +U9tD3utGxGqmMHGCtgLuaprVy4n/KJuWYQcDmiU8KQKBgQClNWD+p5caD82Z4QB5 +Y/lTbjmmF4nLHlwfLpWI+nJ76kvFMnLYgJY8oZgBwBZsEkQG8so/nejBFsYvIDeR +5W7cQVJ+ED8GCF9O4H77U0R8rpuL4z61ni4rXHc9+rABaHBHJ1aF8h3SlceHVdow +FBU427jUeVKBN9UnFo4wrogjMA== +-----END PRIVATE KEY----- diff --git a/chromium/net/data/ssl/certificates/quic_test.example.com.key.sct b/chromium/net/data/ssl/certificates/quic-leaf-cert.key.sct Binary files differindex 0d19282b535..0d19282b535 100644 --- a/chromium/net/data/ssl/certificates/quic_test.example.com.key.sct +++ b/chromium/net/data/ssl/certificates/quic-leaf-cert.key.sct diff --git a/chromium/net/data/ssl/certificates/quic-root.pem b/chromium/net/data/ssl/certificates/quic-root.pem new file mode 100644 index 00000000000..f25cd2eeed3 --- /dev/null +++ b/chromium/net/data/ssl/certificates/quic-root.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC1DCCAbygAwIBAgIJANU1FI5oBbmLMA0GCSqGSIb3DQEBCwUAMBcxFTATBgNV +BAMMDFRlc3QgUm9vdCBDQTAeFw0xNzEyMTgyMzQ0MDNaFw0yNzEyMTYyMzQ0MDNa +MBcxFTATBgNVBAMMDFRlc3QgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBALqSSRbDX0cmxTOeBh4qqMtw8BA7J8l6CYZqeUgigR67xAvJGEqx +WhYDBjodWIYucrwqkRuju1ufRXVNAD8rqs47db5NPDHH+FqN33RkSa9XIdOGdnHX +NfCQ13Vpq9tnvZ3zCzvSWXDVYz6GcCBJ51tjWNZtX8O8N179HcVef3LhBGweAJJv ++FkOLiClZ1y2A5hfdmuYmIYy2Iwc7we/R6jm+Ns0pVA8NrLicEHzrxJLMlMD5+zd +WjkY6Bv9OdPipmEr1/EP3957bZ7uIUZWEq79SnQ90sKkMVS+q7Ckz7PdMBJI+fZc +HsjucLXL0tysbcF+CtYqHsbrazye0yERUFECAwEAAaMjMCEwDwYDVR0TAQH/BAUw +AwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAJZRG2cJGaGF +Tl8H6+SltT9dlZ//Z7ZNsWEfv8xehGrRHsV2kxXvuVf1K4EpP3FAEvDJgOvP1MkA +rmcpI9SsY4cr0Zy/s+Ez8SwespXkSKvtCXCmq9/kpadFPDWwR1NAXVzSEuhXJxDR +bA+boLCu6rMFbkoRi/aFYzro+9m8RsXlyYGVGspov411lu56huoJ3ooGTIfQM8or +N6ZNWkb+RTUUj29o3qr3kiQv73mB6h47/3IkYC5mITl+vK3OtwIRwjLzXZuS40/W +RlI+SRYG4/yTzgV1DB4JlVJl4qMsF3z1zY1P7WeCU4YqZoIam/Ig/ZzxfOFTczk8 +vw1/E4YbkfE= +-----END CERTIFICATE----- diff --git a/chromium/net/data/ssl/certificates/quic_chain.crt b/chromium/net/data/ssl/certificates/quic_chain.crt deleted file mode 100644 index 57a8f342837..00000000000 --- a/chromium/net/data/ssl/certificates/quic_chain.crt +++ /dev/null @@ -1,226 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 3 (0x3) - Signature Algorithm: sha1WithRSAEncryption - Issuer: O=Acme Co, CN=Intermediate CA - Validity - Not Before: Jan 1 10:00:00 2013 GMT - Not After : Dec 31 10:00:00 2023 GMT - Subject: O=Acme Co, CN=Leaf certificate - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) - Modulus: - 00:d5:ca:19:79:8e:a9:ab:46:f0:4e:b7:58:6d:b3: - a3:9a:68:10:52:af:f0:00:94:ae:34:bd:b4:50:1f: - a3:26:a4:9e:1c:90:37:5b:3d:e8:d7:3b:bc:93:fb: - 00:fb:c7:49:54:9b:f1:d0:9a:f2:51:84:7b:59:8b: - bd:66:f3:ae:92:5a:b9:63:8c:64:a7:d0:9e:e3:0c: - 50:d2:cf:93:9d:e9:4a:11:57:93:c1:de:af:7b:5a: - 44:1d:0a:8c:22:a6:1d:c6:ad:e9:8f:16:8d:4e:91: - f1:d3:f1:f3:82:fe:f6:55:dc:72:f1:11:07:75:ec: - bb:e9:3a:35:87:43:81:5e:dc:43:4a:b7:7c:a1:1a: - d5:d2:c1:40:39:69:7d:89:ad:64:1b:31:34:a8:ea: - 9e:5e:26:fc:71:d2:c6:6b:e5:c2:73:30:3f:59:a7: - 35:8d:a9:a5:e9:3d:43:41:bd:54:f2:2a:e1:15:0c: - 35:30:6b:8b:f2:77:ca:5c:07:8f:58:f4:54:77:5e: - af:ce:b1:c1:2b:a7:bb:c0:e9:7d:ef:1a:d7:03:ee: - 8f:67:ad:c6:e6:1d:a9:e7:91:3f:41:e7:d6:86:20: - 8c:53:b3:d8:79:09:e2:4b:15:5a:d8:92:3b:62:4f: - 68:e4:cb:d0:a4:4e:b6:7d:3e:5f:b0:24:ea:62:61: - cf:7b - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Key Usage: critical - Digital Signature, Key Encipherment - X509v3 Extended Key Usage: - TLS Web Server Authentication - X509v3 Basic Constraints: critical - CA:FALSE - X509v3 Subject Alternative Name: - DNS:test.example.com - Signature Algorithm: sha1WithRSAEncryption - 58:c3:dc:e3:4d:ec:76:c6:62:99:ba:ba:6d:da:e4:2f:ec:00: - f8:fb:2a:e3:f6:a4:bc:37:c9:53:0f:73:2e:a6:79:8f:6b:ef: - 87:16:56:7b:9e:6d:ac:1a:ec:8b:49:71:7d:f2:11:11:a4:0d: - 5e:6e:be:93:6b:fe:cb:44:1b:4e:99:2a:d2:eb:d8:91:80:d7: - c8:87:fd:c8:fa:cf:c2:68:06:07:2d:60:ae:56:c4:3c:49:4d: - e3:05:3f:1b:15:a8:a9:ea:85:d8:af:d3:f5:be:b5:71:28:23: - 8d:04:f1:c6:e1:fb:0c:1b:ac:5a:2d:e0:7f:fb:4e:79:47:29: - b3:9c:27:09:7d:3c:84:0b:59:0a:03:c5:86:a9:aa:90:49:89: - 0b:bc:8e:0e:2e:b1:67:ed:99:be:37:ee:75:7f:a9:fa:62:95: - 44:02:1c:99:26:fa:a7:17:61:d2:ec:e1:ca:42:2b:69:97:8f: - 71:dc:1b:41:7b:91:a8:d6:b2:82:05:ef:d0:0b:3c:46:a3:9d: - 7c:06:81:da:de:b6:54:ad:97:bd:c2:03:02:ff:1b:64:17:25: - 4a:4c:9b:85:c1:bb:6f:26:3a:b5:ba:9b:2d:17:b9:bd:36:b1: - 43:48:29:f7:da:88:8d:ce:f0:ac:7f:03:a7:93:e1:e9:c1:58: - 15:b3:30:22 ------BEGIN CERTIFICATE----- -MIIDIjCCAgygAwIBAgIBAzALBgkqhkiG9w0BAQUwLDEQMA4GA1UEChMHQWNtZSBD -bzEYMBYGA1UEAxMPSW50ZXJtZWRpYXRlIENBMB4XDTEzMDEwMTEwMDAwMFoXDTIz -MTIzMTEwMDAwMFowLTEQMA4GA1UEChMHQWNtZSBDbzEZMBcGA1UEAxMQTGVhZiBj -ZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANXKGXmO -qatG8E63WG2zo5poEFKv8ACUrjS9tFAfoyaknhyQN1s96Nc7vJP7APvHSVSb8dCa -8lGEe1mLvWbzrpJauWOMZKfQnuMMUNLPk53pShFXk8Her3taRB0KjCKmHcat6Y8W -jU6R8dPx84L+9lXccvERB3Xsu+k6NYdDgV7cQ0q3fKEa1dLBQDlpfYmtZBsxNKjq -nl4m/HHSxmvlwnMwP1mnNY2ppek9Q0G9VPIq4RUMNTBri/J3ylwHj1j0VHder86x -wSunu8Dpfe8a1wPuj2etxuYdqeeRP0Hn1oYgjFOz2HkJ4ksVWtiSO2JPaOTL0KRO -tn0+X7Ak6mJhz3sCAwEAAaNSMFAwDgYDVR0PAQH/BAQDAgCgMBMGA1UdJQQMMAoG -CCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwGwYDVR0RBBQwEoIQdGVzdC5leGFtcGxl -LmNvbTALBgkqhkiG9w0BAQUDggEBAFjD3ONN7HbGYpm6um3a5C/sAPj7KuP2pLw3 -yVMPcy6meY9r74cWVnuebawa7ItJcX3yERGkDV5uvpNr/stEG06ZKtLr2JGA18iH -/cj6z8JoBgctYK5WxDxJTeMFPxsVqKnqhdiv0/W+tXEoI40E8cbh+wwbrFot4H/7 -TnlHKbOcJwl9PIQLWQoDxYapqpBJiQu8jg4usWftmb437nV/qfpilUQCHJkm+qcX -YdLs4cpCK2mXj3HcG0F7kajWsoIF79ALPEajnXwGgdretlStl73CAwL/G2QXJUpM -m4XBu28mOrW6my0Xub02sUNIKffaiI3O8Kx/A6eT4enBWBWzMCI= ------END CERTIFICATE----- -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 2 (0x2) - Signature Algorithm: sha1WithRSAEncryption - Issuer: O=Acme Co, CN=Root CA - Validity - Not Before: Jan 1 10:00:00 2013 GMT - Not After : Dec 31 10:00:00 2023 GMT - Subject: O=Acme Co, CN=Intermediate CA - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) - Modulus: - 00:cd:35:50:e7:0a:68:80:e5:2b:f0:01:2b:93:11: - 0c:50:f7:23:e1:d8:d2:ed:48:9a:ea:3b:64:9f:82: - fa:e4:ad:23:96:a8:a1:9b:31:d1:d6:4a:b2:79:f1: - c1:80:03:18:41:54:a5:30:3a:82:bd:57:10:9c:fd: - 5d:34:fd:19:d3:21:1b:cb:06:e7:66:40:e1:27:89: - 98:82:2d:d7:2e:0d:5c:05:9a:74:0d:45:de:32:5e: - 78:4e:81:b4:c8:60:97:f0:8b:2a:8c:e0:57:f6:b9: - db:5a:53:64:1d:27:e0:93:47:d9:93:ee:ac:f6:7b: - e7:d2:97:b1:a6:85:37:75:ff:aa:f7:8f:ae:92:4e: - 30:0b:56:54:fd:32:f9:9d:3c:d8:2e:95:f5:64:17: - ff:26:d2:65:e2:b1:78:6c:83:5d:67:a4:d8:ae:89: - 6b:6e:b3:4b:35:a5:b1:03:3c:20:97:79:ed:0b:f8: - de:25:a1:3a:50:70:40:ae:9e:04:75:a2:6a:2f:15: - 84:5b:08:c3:e0:55:4e:47:db:bc:79:25:b0:2e:58: - 0d:bc:aa:a6:f2:ee:cd:e6:b8:02:8c:5b:00:b3:3d: - 44:d0:a6:bf:b3:e7:2e:9d:46:70:de:45:d1:bd:79: - bd:c0:f2:47:0b:71:28:60:91:c2:98:73:15:2d:b4: - b1:f3 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Key Usage: critical - Certificate Sign - X509v3 Extended Key Usage: - TLS Web Server Authentication - X509v3 Basic Constraints: critical - CA:TRUE - Signature Algorithm: sha1WithRSAEncryption - b5:66:2c:a1:f8:76:8a:3b:6c:06:2d:d5:1e:4b:25:5c:b8:6d: - ee:0e:7e:09:a4:43:58:65:93:e9:da:6c:42:2e:5d:74:3f:79: - 61:4d:e5:72:45:d7:2d:fd:73:8e:e2:98:fe:8e:4a:e4:11:6e: - 94:5c:d9:84:c9:cb:a1:1c:fa:95:d9:15:c1:87:72:98:2e:63: - df:67:4d:04:1f:da:d7:29:66:ec:20:ea:b6:5d:71:dd:bc:5a: - 16:55:87:8f:51:9f:40:05:00:3b:21:ee:74:bc:3b:11:9a:10: - ba:b4:e8:5e:6e:90:c3:22:ca:da:92:f8:fb:8e:73:fd:69:91: - 13:48:11:01:58:ae:f4:b2:8c:38:56:f0:a5:3b:2a:64:5c:25: - 9a:bb:fd:94:27:34:af:b4:21:4c:08:23:3c:fb:3f:08:6f:07: - b8:05:9d:85:1d:73:0e:f0:83:f4:3c:9b:cc:aa:fd:3d:fa:82: - a4:dd:01:10:9d:10:2c:c4:47:64:ca:b4:b5:6e:be:59:d1:d2: - a1:6a:b5:d3:08:23:49:fc:4f:d4:f3:a5:63:b5:e1:34:19:9d: - 8c:33:0f:8e:47:01:9a:eb:2a:eb:cb:f4:1a:0c:ee:8e:68:d3: - c1:8e:fd:4b:93:ff:40:8c:3a:11:2b:62:a3:c1:a7:13:bd:26: - 37:c5:85:c5 ------BEGIN CERTIFICATE----- -MIIC/zCCAemgAwIBAgIBAjALBgkqhkiG9w0BAQUwJDEQMA4GA1UEChMHQWNtZSBD -bzEQMA4GA1UEAxMHUm9vdCBDQTAeFw0xMzAxMDExMDAwMDBaFw0yMzEyMzExMDAw -MDBaMCwxEDAOBgNVBAoTB0FjbWUgQ28xGDAWBgNVBAMTD0ludGVybWVkaWF0ZSBD -QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM01UOcKaIDlK/ABK5MR -DFD3I+HY0u1Imuo7ZJ+C+uStI5aooZsx0dZKsnnxwYADGEFUpTA6gr1XEJz9XTT9 -GdMhG8sG52ZA4SeJmIIt1y4NXAWadA1F3jJeeE6BtMhgl/CLKozgV/a521pTZB0n -4JNH2ZPurPZ759KXsaaFN3X/qvePrpJOMAtWVP0y+Z082C6V9WQX/ybSZeKxeGyD -XWek2K6Ja26zSzWlsQM8IJd57Qv43iWhOlBwQK6eBHWiai8VhFsIw+BVTkfbvHkl -sC5YDbyqpvLuzea4AoxbALM9RNCmv7PnLp1GcN5F0b15vcDyRwtxKGCRwphzFS20 -sfMCAwEAAaM4MDYwDgYDVR0PAQH/BAQDAgAEMBMGA1UdJQQMMAoGCCsGAQUFBwMB -MA8GA1UdEwEB/wQFMAMBAf8wCwYJKoZIhvcNAQEFA4IBAQC1Ziyh+HaKO2wGLdUe -SyVcuG3uDn4JpENYZZPp2mxCLl10P3lhTeVyRdct/XOO4pj+jkrkEW6UXNmEycuh -HPqV2RXBh3KYLmPfZ00EH9rXKWbsIOq2XXHdvFoWVYePUZ9ABQA7Ie50vDsRmhC6 -tOhebpDDIsrakvj7jnP9aZETSBEBWK70sow4VvClOypkXCWau/2UJzSvtCFMCCM8 -+z8Ibwe4BZ2FHXMO8IP0PJvMqv09+oKk3QEQnRAsxEdkyrS1br5Z0dKharXTCCNJ -/E/U86VjteE0GZ2MMw+ORwGa6yrry/QaDO6OaNPBjv1Lk/9AjDoRK2KjwacTvSY3 -xYXF ------END CERTIFICATE----- -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 1 (0x1) - Signature Algorithm: sha1WithRSAEncryption - Issuer: O=Acme Co, CN=Root CA - Validity - Not Before: Jan 1 10:00:00 2013 GMT - Not After : Dec 31 10:00:00 2023 GMT - Subject: O=Acme Co, CN=Root CA - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) - Modulus: - 00:e4:2b:91:c7:7d:ab:32:b7:38:e1:38:ae:c8:b9: - 0b:15:1c:64:76:47:84:5d:cb:e7:e7:0c:30:77:84: - 6a:8e:75:95:42:b2:78:c8:88:10:ac:98:47:97:38: - d1:3a:7f:86:0d:20:f1:1d:70:84:a2:9d:ed:1a:28: - af:5e:43:dd:31:a3:bb:b8:5c:c4:83:79:b8:83:9a: - e7:a9:63:04:59:93:b6:26:67:2d:dd:e6:2d:bb:e4: - 13:eb:d5:17:0b:de:63:46:76:6f:10:05:40:b0:16: - fc:ea:f4:97:1c:d6:dc:fe:37:72:d5:40:df:e3:b4: - d5:ac:cf:c9:ae:7c:21:49:01:1e:7e:d4:c1:e1:2a: - 11:01:b4:70:3a:31:3d:9a:33:b7:7f:20:f2:8b:e7: - 54:8e:06:f2:4b:5f:f0:e2:b9:8f:64:1f:50:bd:b3: - a5:ac:69:44:42:6c:12:e9:11:9d:74:b4:49:77:e3: - 0f:8b:9c:94:53:17:0c:23:ba:61:fa:70:3d:93:8d: - ad:5f:dd:4f:32:84:5b:07:50:e4:58:c7:00:45:82: - 1f:21:14:4c:bf:43:92:76:fb:24:09:33:df:58:8d: - be:87:ee:b5:54:e4:d3:32:f6:b1:2d:69:74:86:ad: - 1f:57:7e:9b:05:11:74:b5:c4:68:ac:9a:80:74:7a: - 34:89 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Key Usage: critical - Certificate Sign - X509v3 Extended Key Usage: - TLS Web Server Authentication - X509v3 Basic Constraints: critical - CA:TRUE - Signature Algorithm: sha1WithRSAEncryption - 96:cd:db:46:6e:5b:de:fa:f1:d3:1c:e0:fe:47:67:2a:59:d5: - f8:c4:0b:25:14:0b:06:8d:82:67:f4:a9:36:e8:53:bc:eb:40: - 51:05:8a:42:09:e7:48:a3:7c:42:6d:c1:37:06:49:cf:58:87: - d0:0e:c7:9e:4b:0e:34:72:f8:65:65:b2:c4:68:ca:a3:14:e9: - 11:5c:da:78:4e:74:80:43:dc:b8:b6:ce:a8:0c:a2:8f:52:59: - 89:e0:5a:01:e5:e9:b8:4b:31:91:25:bf:7d:e1:7c:86:e9:36: - c1:5b:10:e5:2c:cc:6f:99:c4:66:79:30:41:1f:0b:f9:4b:ea: - 1e:8a:45:73:3c:79:21:20:c8:80:c4:f4:e9:4f:85:69:7c:2e: - 61:80:3a:4f:5b:92:be:97:12:75:9e:43:09:01:b6:b3:a1:c1: - 5f:2d:86:be:d1:6c:55:ee:27:f8:bf:3a:bc:fb:b2:42:8a:6f: - 51:a0:d3:46:54:f6:1e:73:42:2a:95:5e:eb:bc:40:6b:71:bf: - 90:94:62:f4:90:17:82:e5:1e:33:db:f4:50:11:e5:55:10:09: - 6a:11:a9:1e:d4:07:60:58:f7:16:b1:bd:8b:29:f6:3d:61:ad: - 73:da:ae:e3:e4:6e:59:46:7f:c0:fb:fa:be:6d:7c:31:94:86: - 2e:b3:29:7b ------BEGIN CERTIFICATE----- -MIIC9zCCAeGgAwIBAgIBATALBgkqhkiG9w0BAQUwJDEQMA4GA1UEChMHQWNtZSBD -bzEQMA4GA1UEAxMHUm9vdCBDQTAeFw0xMzAxMDExMDAwMDBaFw0yMzEyMzExMDAw -MDBaMCQxEDAOBgNVBAoTB0FjbWUgQ28xEDAOBgNVBAMTB1Jvb3QgQ0EwggEiMA0G -CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkK5HHfasytzjhOK7IuQsVHGR2R4Rd -y+fnDDB3hGqOdZVCsnjIiBCsmEeXONE6f4YNIPEdcISine0aKK9eQ90xo7u4XMSD -ebiDmuepYwRZk7YmZy3d5i275BPr1RcL3mNGdm8QBUCwFvzq9Jcc1tz+N3LVQN/j -tNWsz8mufCFJAR5+1MHhKhEBtHA6MT2aM7d/IPKL51SOBvJLX/DiuY9kH1C9s6Ws -aURCbBLpEZ10tEl34w+LnJRTFwwjumH6cD2Tja1f3U8yhFsHUORYxwBFgh8hFEy/ -Q5J2+yQJM99Yjb6H7rVU5NMy9rEtaXSGrR9XfpsFEXS1xGismoB0ejSJAgMBAAGj -ODA2MA4GA1UdDwEB/wQEAwIABDATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHRMB -Af8EBTADAQH/MAsGCSqGSIb3DQEBBQOCAQEAls3bRm5b3vrx0xzg/kdnKlnV+MQL -JRQLBo2CZ/SpNuhTvOtAUQWKQgnnSKN8Qm3BNwZJz1iH0A7HnksONHL4ZWWyxGjK -oxTpEVzaeE50gEPcuLbOqAyij1JZieBaAeXpuEsxkSW/feF8huk2wVsQ5SzMb5nE -ZnkwQR8L+UvqHopFczx5ISDIgMT06U+FaXwuYYA6T1uSvpcSdZ5DCQG2s6HBXy2G -vtFsVe4n+L86vPuyQopvUaDTRlT2HnNCKpVe67xAa3G/kJRi9JAXguUeM9v0UBHl -VRAJahGpHtQHYFj3FrG9iyn2PWGtc9qu4+RuWUZ/wPv6vm18MZSGLrMpew== ------END CERTIFICATE----- diff --git a/chromium/net/data/ssl/certificates/quic_intermediate.crt b/chromium/net/data/ssl/certificates/quic_intermediate.crt deleted file mode 100644 index 29e3a66fd37..00000000000 --- a/chromium/net/data/ssl/certificates/quic_intermediate.crt +++ /dev/null @@ -1,75 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 2 (0x2) - Signature Algorithm: sha1WithRSAEncryption - Issuer: O=Acme Co, CN=Root CA - Validity - Not Before: Jan 1 10:00:00 2013 GMT - Not After : Dec 31 10:00:00 2023 GMT - Subject: O=Acme Co, CN=Intermediate CA - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) - Modulus: - 00:cd:35:50:e7:0a:68:80:e5:2b:f0:01:2b:93:11: - 0c:50:f7:23:e1:d8:d2:ed:48:9a:ea:3b:64:9f:82: - fa:e4:ad:23:96:a8:a1:9b:31:d1:d6:4a:b2:79:f1: - c1:80:03:18:41:54:a5:30:3a:82:bd:57:10:9c:fd: - 5d:34:fd:19:d3:21:1b:cb:06:e7:66:40:e1:27:89: - 98:82:2d:d7:2e:0d:5c:05:9a:74:0d:45:de:32:5e: - 78:4e:81:b4:c8:60:97:f0:8b:2a:8c:e0:57:f6:b9: - db:5a:53:64:1d:27:e0:93:47:d9:93:ee:ac:f6:7b: - e7:d2:97:b1:a6:85:37:75:ff:aa:f7:8f:ae:92:4e: - 30:0b:56:54:fd:32:f9:9d:3c:d8:2e:95:f5:64:17: - ff:26:d2:65:e2:b1:78:6c:83:5d:67:a4:d8:ae:89: - 6b:6e:b3:4b:35:a5:b1:03:3c:20:97:79:ed:0b:f8: - de:25:a1:3a:50:70:40:ae:9e:04:75:a2:6a:2f:15: - 84:5b:08:c3:e0:55:4e:47:db:bc:79:25:b0:2e:58: - 0d:bc:aa:a6:f2:ee:cd:e6:b8:02:8c:5b:00:b3:3d: - 44:d0:a6:bf:b3:e7:2e:9d:46:70:de:45:d1:bd:79: - bd:c0:f2:47:0b:71:28:60:91:c2:98:73:15:2d:b4: - b1:f3 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Key Usage: critical - Certificate Sign - X509v3 Extended Key Usage: - TLS Web Server Authentication - X509v3 Basic Constraints: critical - CA:TRUE - Signature Algorithm: sha1WithRSAEncryption - b5:66:2c:a1:f8:76:8a:3b:6c:06:2d:d5:1e:4b:25:5c:b8:6d: - ee:0e:7e:09:a4:43:58:65:93:e9:da:6c:42:2e:5d:74:3f:79: - 61:4d:e5:72:45:d7:2d:fd:73:8e:e2:98:fe:8e:4a:e4:11:6e: - 94:5c:d9:84:c9:cb:a1:1c:fa:95:d9:15:c1:87:72:98:2e:63: - df:67:4d:04:1f:da:d7:29:66:ec:20:ea:b6:5d:71:dd:bc:5a: - 16:55:87:8f:51:9f:40:05:00:3b:21:ee:74:bc:3b:11:9a:10: - ba:b4:e8:5e:6e:90:c3:22:ca:da:92:f8:fb:8e:73:fd:69:91: - 13:48:11:01:58:ae:f4:b2:8c:38:56:f0:a5:3b:2a:64:5c:25: - 9a:bb:fd:94:27:34:af:b4:21:4c:08:23:3c:fb:3f:08:6f:07: - b8:05:9d:85:1d:73:0e:f0:83:f4:3c:9b:cc:aa:fd:3d:fa:82: - a4:dd:01:10:9d:10:2c:c4:47:64:ca:b4:b5:6e:be:59:d1:d2: - a1:6a:b5:d3:08:23:49:fc:4f:d4:f3:a5:63:b5:e1:34:19:9d: - 8c:33:0f:8e:47:01:9a:eb:2a:eb:cb:f4:1a:0c:ee:8e:68:d3: - c1:8e:fd:4b:93:ff:40:8c:3a:11:2b:62:a3:c1:a7:13:bd:26: - 37:c5:85:c5 ------BEGIN CERTIFICATE----- -MIIC/zCCAemgAwIBAgIBAjALBgkqhkiG9w0BAQUwJDEQMA4GA1UEChMHQWNtZSBD -bzEQMA4GA1UEAxMHUm9vdCBDQTAeFw0xMzAxMDExMDAwMDBaFw0yMzEyMzExMDAw -MDBaMCwxEDAOBgNVBAoTB0FjbWUgQ28xGDAWBgNVBAMTD0ludGVybWVkaWF0ZSBD -QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM01UOcKaIDlK/ABK5MR -DFD3I+HY0u1Imuo7ZJ+C+uStI5aooZsx0dZKsnnxwYADGEFUpTA6gr1XEJz9XTT9 -GdMhG8sG52ZA4SeJmIIt1y4NXAWadA1F3jJeeE6BtMhgl/CLKozgV/a521pTZB0n -4JNH2ZPurPZ759KXsaaFN3X/qvePrpJOMAtWVP0y+Z082C6V9WQX/ybSZeKxeGyD -XWek2K6Ja26zSzWlsQM8IJd57Qv43iWhOlBwQK6eBHWiai8VhFsIw+BVTkfbvHkl -sC5YDbyqpvLuzea4AoxbALM9RNCmv7PnLp1GcN5F0b15vcDyRwtxKGCRwphzFS20 -sfMCAwEAAaM4MDYwDgYDVR0PAQH/BAQDAgAEMBMGA1UdJQQMMAoGCCsGAQUFBwMB -MA8GA1UdEwEB/wQFMAMBAf8wCwYJKoZIhvcNAQEFA4IBAQC1Ziyh+HaKO2wGLdUe -SyVcuG3uDn4JpENYZZPp2mxCLl10P3lhTeVyRdct/XOO4pj+jkrkEW6UXNmEycuh -HPqV2RXBh3KYLmPfZ00EH9rXKWbsIOq2XXHdvFoWVYePUZ9ABQA7Ie50vDsRmhC6 -tOhebpDDIsrakvj7jnP9aZETSBEBWK70sow4VvClOypkXCWau/2UJzSvtCFMCCM8 -+z8Ibwe4BZ2FHXMO8IP0PJvMqv09+oKk3QEQnRAsxEdkyrS1br5Z0dKharXTCCNJ -/E/U86VjteE0GZ2MMw+ORwGa6yrry/QaDO6OaNPBjv1Lk/9AjDoRK2KjwacTvSY3 -xYXF ------END CERTIFICATE----- diff --git a/chromium/net/data/ssl/certificates/quic_intermediate.key b/chromium/net/data/ssl/certificates/quic_intermediate.key deleted file mode 100644 index a8d1b8cfaa9..00000000000 --- a/chromium/net/data/ssl/certificates/quic_intermediate.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAzTVQ5wpogOUr8AErkxEMUPcj4djS7Uia6jtkn4L65K0jlqih -mzHR1kqyefHBgAMYQVSlMDqCvVcQnP1dNP0Z0yEbywbnZkDhJ4mYgi3XLg1cBZp0 -DUXeMl54ToG0yGCX8IsqjOBX9rnbWlNkHSfgk0fZk+6s9nvn0pexpoU3df+q94+u -kk4wC1ZU/TL5nTzYLpX1ZBf/JtJl4rF4bINdZ6TYrolrbrNLNaWxAzwgl3ntC/je -JaE6UHBArp4EdaJqLxWEWwjD4FVOR9u8eSWwLlgNvKqm8u7N5rgCjFsAsz1E0Ka/ -s+cunUZw3kXRvXm9wPJHC3EoYJHCmHMVLbSx8wIDAQABAoIBAQCSQevVoA93vt8g -AlWCTmZO1raWY6mCQXtYcth28C3OCrEQ0kPMjyeV6ktmqq5VhN8mwSOzSiCgvosy -uUpTWAmt9y0N+W+364oOWf1+2xlA03jA7aLFSwThNX/dxIiLQH1KjoXXPpazXShA -KqtyNFfV4SHsU/KnAwzphgCyRMSQrk/5YZfdfkbnhKhXGtdBmja+4wB7khOcv5Vb -+S2FAxftWdyTo3AOSwSED5Evq8gML4RWl46bZ5r2Gu6W+eBxDyRT+iftNLOMO6PL -7ivn3mbZSBUxOZPvKNh6sxrUsSnxUrcZ5d819yiRolKywY5lM+BrqP9CFMfEKFP9 -R9zooJdhAoGBAOLXZviVGzOgLB418GKkw5NReeiKNPPX+w7vX+VYTiw60yRf87iS -RhgqTXQDYKExgOO/giEJ0M3VJ6RU8MqqeHtDoKPjzZmGXs/zB0WSPIYa1A4QjQHO -UNE1OvTwxHQCKZg0u46AZMnZWHpt005iVQ4LG8uHpUYdYxLn0LfPTvWpAoGBAOeW -Cecnv/1GU5ft4Y8LDlFzwFzgRjRBMuX8erQz6lJUlnWLq/ZwSbag0qK+9iVfrvUT -F9zNpfgFFsyMI8OPeJsEJkvQEZA4XDEZyvZCstjxWvI81T1bnc1/JU+YeaFcqSDq -X7+ARNquoH9ntbXRRW4ACafQdY3KNqeBCpKBlfQ7AoGAVK/cNoPcMuribajvhLRE -e7RYUfN/D2YbyZiecY4FKUgQ2ayk3cxmNNFeNyino6ZKmzw9Bb6XYLDqatR3TQJV -lpdJ2sXKVT2wGex+U3/j7qEHd/S/3+O5klFQIG/et/yysKtHNk1C04S8HoDv+XyG -ioalKtgKYOHJwh4fcvAHZ3kCgYAen25rzIvMl/IR0vjSi2m3R5EWNunRmxV55+rp -zTuc62aB4Jg6nBqDNbzknE+8HWzrJz0ui1r48uNS5O0NvPj7to7B05+e7HT0YS6/ -ZY50tWWLRpQD6wtw0vFCFy1uMuyCV7uVfQadzB2Y+0PB6Qw/QW4FbME+oJCdkaiu -OshzZQKBgQCXKYjh2fwBozDn7u8OQZ6sJt74EOZqAMfv7NQ2xbD5Jg5ABnOcFrXu -FWvE9KoiJYmDD26lFIbmQ9KlAsQjKrOiRit50IALrlfATRYpEGnlO8M+c209+5wx -FVncGUcoKbzLIrIJz7Cfd3MLbB8wSO8RBpeTa0IU5XhkTnk130Ue7A== ------END RSA PRIVATE KEY----- diff --git a/chromium/net/data/ssl/certificates/quic_root.crt b/chromium/net/data/ssl/certificates/quic_root.crt deleted file mode 100644 index 730bfcd6816..00000000000 --- a/chromium/net/data/ssl/certificates/quic_root.crt +++ /dev/null @@ -1,74 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 1 (0x1) - Signature Algorithm: sha1WithRSAEncryption - Issuer: O=Acme Co, CN=Root CA - Validity - Not Before: Jan 1 10:00:00 2013 GMT - Not After : Dec 31 10:00:00 2023 GMT - Subject: O=Acme Co, CN=Root CA - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) - Modulus: - 00:e4:2b:91:c7:7d:ab:32:b7:38:e1:38:ae:c8:b9: - 0b:15:1c:64:76:47:84:5d:cb:e7:e7:0c:30:77:84: - 6a:8e:75:95:42:b2:78:c8:88:10:ac:98:47:97:38: - d1:3a:7f:86:0d:20:f1:1d:70:84:a2:9d:ed:1a:28: - af:5e:43:dd:31:a3:bb:b8:5c:c4:83:79:b8:83:9a: - e7:a9:63:04:59:93:b6:26:67:2d:dd:e6:2d:bb:e4: - 13:eb:d5:17:0b:de:63:46:76:6f:10:05:40:b0:16: - fc:ea:f4:97:1c:d6:dc:fe:37:72:d5:40:df:e3:b4: - d5:ac:cf:c9:ae:7c:21:49:01:1e:7e:d4:c1:e1:2a: - 11:01:b4:70:3a:31:3d:9a:33:b7:7f:20:f2:8b:e7: - 54:8e:06:f2:4b:5f:f0:e2:b9:8f:64:1f:50:bd:b3: - a5:ac:69:44:42:6c:12:e9:11:9d:74:b4:49:77:e3: - 0f:8b:9c:94:53:17:0c:23:ba:61:fa:70:3d:93:8d: - ad:5f:dd:4f:32:84:5b:07:50:e4:58:c7:00:45:82: - 1f:21:14:4c:bf:43:92:76:fb:24:09:33:df:58:8d: - be:87:ee:b5:54:e4:d3:32:f6:b1:2d:69:74:86:ad: - 1f:57:7e:9b:05:11:74:b5:c4:68:ac:9a:80:74:7a: - 34:89 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Key Usage: critical - Certificate Sign - X509v3 Extended Key Usage: - TLS Web Server Authentication - X509v3 Basic Constraints: critical - CA:TRUE - Signature Algorithm: sha1WithRSAEncryption - 96:cd:db:46:6e:5b:de:fa:f1:d3:1c:e0:fe:47:67:2a:59:d5: - f8:c4:0b:25:14:0b:06:8d:82:67:f4:a9:36:e8:53:bc:eb:40: - 51:05:8a:42:09:e7:48:a3:7c:42:6d:c1:37:06:49:cf:58:87: - d0:0e:c7:9e:4b:0e:34:72:f8:65:65:b2:c4:68:ca:a3:14:e9: - 11:5c:da:78:4e:74:80:43:dc:b8:b6:ce:a8:0c:a2:8f:52:59: - 89:e0:5a:01:e5:e9:b8:4b:31:91:25:bf:7d:e1:7c:86:e9:36: - c1:5b:10:e5:2c:cc:6f:99:c4:66:79:30:41:1f:0b:f9:4b:ea: - 1e:8a:45:73:3c:79:21:20:c8:80:c4:f4:e9:4f:85:69:7c:2e: - 61:80:3a:4f:5b:92:be:97:12:75:9e:43:09:01:b6:b3:a1:c1: - 5f:2d:86:be:d1:6c:55:ee:27:f8:bf:3a:bc:fb:b2:42:8a:6f: - 51:a0:d3:46:54:f6:1e:73:42:2a:95:5e:eb:bc:40:6b:71:bf: - 90:94:62:f4:90:17:82:e5:1e:33:db:f4:50:11:e5:55:10:09: - 6a:11:a9:1e:d4:07:60:58:f7:16:b1:bd:8b:29:f6:3d:61:ad: - 73:da:ae:e3:e4:6e:59:46:7f:c0:fb:fa:be:6d:7c:31:94:86: - 2e:b3:29:7b ------BEGIN CERTIFICATE----- -MIIC9zCCAeGgAwIBAgIBATALBgkqhkiG9w0BAQUwJDEQMA4GA1UEChMHQWNtZSBD -bzEQMA4GA1UEAxMHUm9vdCBDQTAeFw0xMzAxMDExMDAwMDBaFw0yMzEyMzExMDAw -MDBaMCQxEDAOBgNVBAoTB0FjbWUgQ28xEDAOBgNVBAMTB1Jvb3QgQ0EwggEiMA0G -CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkK5HHfasytzjhOK7IuQsVHGR2R4Rd -y+fnDDB3hGqOdZVCsnjIiBCsmEeXONE6f4YNIPEdcISine0aKK9eQ90xo7u4XMSD -ebiDmuepYwRZk7YmZy3d5i275BPr1RcL3mNGdm8QBUCwFvzq9Jcc1tz+N3LVQN/j -tNWsz8mufCFJAR5+1MHhKhEBtHA6MT2aM7d/IPKL51SOBvJLX/DiuY9kH1C9s6Ws -aURCbBLpEZ10tEl34w+LnJRTFwwjumH6cD2Tja1f3U8yhFsHUORYxwBFgh8hFEy/ -Q5J2+yQJM99Yjb6H7rVU5NMy9rEtaXSGrR9XfpsFEXS1xGismoB0ejSJAgMBAAGj -ODA2MA4GA1UdDwEB/wQEAwIABDATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHRMB -Af8EBTADAQH/MAsGCSqGSIb3DQEBBQOCAQEAls3bRm5b3vrx0xzg/kdnKlnV+MQL -JRQLBo2CZ/SpNuhTvOtAUQWKQgnnSKN8Qm3BNwZJz1iH0A7HnksONHL4ZWWyxGjK -oxTpEVzaeE50gEPcuLbOqAyij1JZieBaAeXpuEsxkSW/feF8huk2wVsQ5SzMb5nE -ZnkwQR8L+UvqHopFczx5ISDIgMT06U+FaXwuYYA6T1uSvpcSdZ5DCQG2s6HBXy2G -vtFsVe4n+L86vPuyQopvUaDTRlT2HnNCKpVe67xAa3G/kJRi9JAXguUeM9v0UBHl -VRAJahGpHtQHYFj3FrG9iyn2PWGtc9qu4+RuWUZ/wPv6vm18MZSGLrMpew== ------END CERTIFICATE----- diff --git a/chromium/net/data/ssl/certificates/quic_root.key b/chromium/net/data/ssl/certificates/quic_root.key deleted file mode 100644 index 9791d1fdb48..00000000000 --- a/chromium/net/data/ssl/certificates/quic_root.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEA5CuRx32rMrc44TiuyLkLFRxkdkeEXcvn5wwwd4RqjnWVQrJ4 -yIgQrJhHlzjROn+GDSDxHXCEop3tGiivXkPdMaO7uFzEg3m4g5rnqWMEWZO2Jmct -3eYtu+QT69UXC95jRnZvEAVAsBb86vSXHNbc/jdy1UDf47TVrM/JrnwhSQEeftTB -4SoRAbRwOjE9mjO3fyDyi+dUjgbyS1/w4rmPZB9QvbOlrGlEQmwS6RGddLRJd+MP -i5yUUxcMI7ph+nA9k42tX91PMoRbB1DkWMcARYIfIRRMv0OSdvskCTPfWI2+h+61 -VOTTMvaxLWl0hq0fV36bBRF0tcRorJqAdHo0iQIDAQABAoIBAC9L/Mb+fMthgY/m -IQ0IloyEuyptfrm2t9aEB1PvBeuL4inWNwVSdypf0o89PtnCb3YvOuvgVA4lcG24 -u0luBd7xUstPp4idZasaJCVPmio7XUmun6pcuWQ2Tg7XuBREwA1uJW2LuTIHQdwu -YVigDWVA9zPPY9metaBB3kul/XxVM7+fXheCHzXTzJEaAw+7Gexe8QYuq4ftcocD -f7O/j/ts3IrKa1Xrl5RFC/tCNwpZ3yrp/Scdit32wbvCQwcdZ6/dDu6BWY4GJm8q -z7kaDZkXQa50EzT9g+DPTLC3qA2USh8M+NfqVjdHYkAqj64StCjvXHboTbDdZXoz -HvsONNUCgYEA/THRfqRpRPHW9ONSyRma6+XtzrCepVn/ceguO9bfD0e2+l1/6uXQ -hctuwelRD89Z6Ir5kW2I8fRT0mPhCcuv5TW1hOiwK6WKasYxRu3ox+bZiAoRsEBd -Xm4bvr814E/QO5DsDd5KMdEPb6ulStI1y94atCjX50r+vZWMGG82dK8CgYEA5rLF -FPBt+049Wq8bIXXVbInwPD0hHeIrhfTqsDeuLwYsmf7o29dU7sjDFS5x1cCfVsqO -UpXM5J4C3lhDC9ZTX0vVgT/TROq7etRZeBHVN+CJS0jgeMjUqWQTZYPMzE0Bu8/P -+9mqSZzkwipesG4JpdSkt/1IOIoDrbK8mYpDqEcCgYEA5wfGOOCcjaR+mAW1THpo -ukebrrXKjOaKB83sIf32m2K8u8cFKbl5hBwUfCwBI4P4bhAhmWlxRBXFRnyMovuR -DHztnNEVrz3mB3fBDw+XEJC8fT1y1nhkuf2Oo4amCn/JahDa0+y5lqtEgokE0jjt -jZCknS+Hki0ENMl4g/M2pVECgYB8oF6vbSM8+4tRjf8OGGXveKT7JdraFfCFMUYH -ZE0IwkEeAAMzoCQVywb4TlrYqnJppIs2Og6yAlpyWyP9JQ9tD76LUDuFo3kcZdLf -dmLFCNuifAAnv/aCe7muwYDFbWReXWlyGKhRlBxQeCsnDIrRtwo1CvMU+Bn8n+4a -1AKwyQKBgGpBZwN28VjqYkM5fO6RDNBvgQ1ApfSh/Kfwg0MrO8uhmvlWDuWCoei4 -v08pchPRO75ktIv4r9bR7ylTpB9JhCe2kNABWma4mnlUg4+nmiWMTZo6Pyabstkt -yzGIGZYdMDzOBjph7JxQZhGijz3uVc9CiFg+2AElbpCYDRHn5N3s ------END RSA PRIVATE KEY----- diff --git a/chromium/net/data/ssl/certificates/quic_test.example.com.crt b/chromium/net/data/ssl/certificates/quic_test.example.com.crt deleted file mode 100644 index b8123386fa9..00000000000 --- a/chromium/net/data/ssl/certificates/quic_test.example.com.crt +++ /dev/null @@ -1,77 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 3 (0x3) - Signature Algorithm: sha1WithRSAEncryption - Issuer: O=Acme Co, CN=Intermediate CA - Validity - Not Before: Jan 1 10:00:00 2013 GMT - Not After : Dec 31 10:00:00 2023 GMT - Subject: O=Acme Co, CN=Leaf certificate - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) - Modulus: - 00:d5:ca:19:79:8e:a9:ab:46:f0:4e:b7:58:6d:b3: - a3:9a:68:10:52:af:f0:00:94:ae:34:bd:b4:50:1f: - a3:26:a4:9e:1c:90:37:5b:3d:e8:d7:3b:bc:93:fb: - 00:fb:c7:49:54:9b:f1:d0:9a:f2:51:84:7b:59:8b: - bd:66:f3:ae:92:5a:b9:63:8c:64:a7:d0:9e:e3:0c: - 50:d2:cf:93:9d:e9:4a:11:57:93:c1:de:af:7b:5a: - 44:1d:0a:8c:22:a6:1d:c6:ad:e9:8f:16:8d:4e:91: - f1:d3:f1:f3:82:fe:f6:55:dc:72:f1:11:07:75:ec: - bb:e9:3a:35:87:43:81:5e:dc:43:4a:b7:7c:a1:1a: - d5:d2:c1:40:39:69:7d:89:ad:64:1b:31:34:a8:ea: - 9e:5e:26:fc:71:d2:c6:6b:e5:c2:73:30:3f:59:a7: - 35:8d:a9:a5:e9:3d:43:41:bd:54:f2:2a:e1:15:0c: - 35:30:6b:8b:f2:77:ca:5c:07:8f:58:f4:54:77:5e: - af:ce:b1:c1:2b:a7:bb:c0:e9:7d:ef:1a:d7:03:ee: - 8f:67:ad:c6:e6:1d:a9:e7:91:3f:41:e7:d6:86:20: - 8c:53:b3:d8:79:09:e2:4b:15:5a:d8:92:3b:62:4f: - 68:e4:cb:d0:a4:4e:b6:7d:3e:5f:b0:24:ea:62:61: - cf:7b - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Key Usage: critical - Digital Signature, Key Encipherment - X509v3 Extended Key Usage: - TLS Web Server Authentication - X509v3 Basic Constraints: critical - CA:FALSE - X509v3 Subject Alternative Name: - DNS:test.example.com - Signature Algorithm: sha1WithRSAEncryption - 58:c3:dc:e3:4d:ec:76:c6:62:99:ba:ba:6d:da:e4:2f:ec:00: - f8:fb:2a:e3:f6:a4:bc:37:c9:53:0f:73:2e:a6:79:8f:6b:ef: - 87:16:56:7b:9e:6d:ac:1a:ec:8b:49:71:7d:f2:11:11:a4:0d: - 5e:6e:be:93:6b:fe:cb:44:1b:4e:99:2a:d2:eb:d8:91:80:d7: - c8:87:fd:c8:fa:cf:c2:68:06:07:2d:60:ae:56:c4:3c:49:4d: - e3:05:3f:1b:15:a8:a9:ea:85:d8:af:d3:f5:be:b5:71:28:23: - 8d:04:f1:c6:e1:fb:0c:1b:ac:5a:2d:e0:7f:fb:4e:79:47:29: - b3:9c:27:09:7d:3c:84:0b:59:0a:03:c5:86:a9:aa:90:49:89: - 0b:bc:8e:0e:2e:b1:67:ed:99:be:37:ee:75:7f:a9:fa:62:95: - 44:02:1c:99:26:fa:a7:17:61:d2:ec:e1:ca:42:2b:69:97:8f: - 71:dc:1b:41:7b:91:a8:d6:b2:82:05:ef:d0:0b:3c:46:a3:9d: - 7c:06:81:da:de:b6:54:ad:97:bd:c2:03:02:ff:1b:64:17:25: - 4a:4c:9b:85:c1:bb:6f:26:3a:b5:ba:9b:2d:17:b9:bd:36:b1: - 43:48:29:f7:da:88:8d:ce:f0:ac:7f:03:a7:93:e1:e9:c1:58: - 15:b3:30:22 ------BEGIN CERTIFICATE----- -MIIDIjCCAgygAwIBAgIBAzALBgkqhkiG9w0BAQUwLDEQMA4GA1UEChMHQWNtZSBD -bzEYMBYGA1UEAxMPSW50ZXJtZWRpYXRlIENBMB4XDTEzMDEwMTEwMDAwMFoXDTIz -MTIzMTEwMDAwMFowLTEQMA4GA1UEChMHQWNtZSBDbzEZMBcGA1UEAxMQTGVhZiBj -ZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANXKGXmO -qatG8E63WG2zo5poEFKv8ACUrjS9tFAfoyaknhyQN1s96Nc7vJP7APvHSVSb8dCa -8lGEe1mLvWbzrpJauWOMZKfQnuMMUNLPk53pShFXk8Her3taRB0KjCKmHcat6Y8W -jU6R8dPx84L+9lXccvERB3Xsu+k6NYdDgV7cQ0q3fKEa1dLBQDlpfYmtZBsxNKjq -nl4m/HHSxmvlwnMwP1mnNY2ppek9Q0G9VPIq4RUMNTBri/J3ylwHj1j0VHder86x -wSunu8Dpfe8a1wPuj2etxuYdqeeRP0Hn1oYgjFOz2HkJ4ksVWtiSO2JPaOTL0KRO -tn0+X7Ak6mJhz3sCAwEAAaNSMFAwDgYDVR0PAQH/BAQDAgCgMBMGA1UdJQQMMAoG -CCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwGwYDVR0RBBQwEoIQdGVzdC5leGFtcGxl -LmNvbTALBgkqhkiG9w0BAQUDggEBAFjD3ONN7HbGYpm6um3a5C/sAPj7KuP2pLw3 -yVMPcy6meY9r74cWVnuebawa7ItJcX3yERGkDV5uvpNr/stEG06ZKtLr2JGA18iH -/cj6z8JoBgctYK5WxDxJTeMFPxsVqKnqhdiv0/W+tXEoI40E8cbh+wwbrFot4H/7 -TnlHKbOcJwl9PIQLWQoDxYapqpBJiQu8jg4usWftmb437nV/qfpilUQCHJkm+qcX -YdLs4cpCK2mXj3HcG0F7kajWsoIF79ALPEajnXwGgdretlStl73CAwL/G2QXJUpM -m4XBu28mOrW6my0Xub02sUNIKffaiI3O8Kx/A6eT4enBWBWzMCI= ------END CERTIFICATE----- diff --git a/chromium/net/data/ssl/certificates/quic_test.example.com.key b/chromium/net/data/ssl/certificates/quic_test.example.com.key deleted file mode 100644 index 9449ec673d7..00000000000 --- a/chromium/net/data/ssl/certificates/quic_test.example.com.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEA1coZeY6pq0bwTrdYbbOjmmgQUq/wAJSuNL20UB+jJqSeHJA3 -Wz3o1zu8k/sA+8dJVJvx0JryUYR7WYu9ZvOuklq5Y4xkp9Ce4wxQ0s+TnelKEVeT -wd6ve1pEHQqMIqYdxq3pjxaNTpHx0/Hzgv72Vdxy8REHdey76To1h0OBXtxDSrd8 -oRrV0sFAOWl9ia1kGzE0qOqeXib8cdLGa+XCczA/Wac1jaml6T1DQb1U8irhFQw1 -MGuL8nfKXAePWPRUd16vzrHBK6e7wOl97xrXA+6PZ63G5h2p55E/QefWhiCMU7PY -eQniSxVa2JI7Yk9o5MvQpE62fT5fsCTqYmHPewIDAQABAoIBABIwh8pX4Qe5mWiZ -IOT0i87vW7QtU/Y4sDm8ikLm7jKzfuBfRNZ2hgEKDBlrGcJSSmLwgbqF9GgLJZOQ -2CSSRyAcp/lYUJgWn+4hdh75mk2tM6gWE3RDRhrwqyrtYs7v40isM1sBSDSPJkwq -IdXba4oSn5TzJfdalQJa+YLws2kmnKL2cHvHJudazeV3JScfqOkjjYT1HZVFiech -KQOJo1d3guvyLzzqDJq/BkUvaAQepJu8oXGhq0lApXPit5aRRft4Fw+ewAbU9t7r -KzRp7YusZ1EQ2A5vn1F9o/JGRERL42BqwjRqfhHnK084Y4GhbpMrMkV0ae5i7xhK -npKHXIECgYEA5tW5imZhPtBWSSA1w+MTIoqXPrK3eirmgmHSeYtMbfcUwuSiQOXk -pqEJ9PoVmvNOuQPdbR4kfLuPUJecT+qEMPJAN3aWZYmSUi/6O1fml6DDvf0dx/LW -4mZ9Mu3DGGmK+zxplwv4IkkOWIu6hPsioyoMd+QxhIk2o7eBViev7IkCgYEA7Rip -T8k/5PFxs99OasNlu3fJxRbEeJEiZaW21gcK36LosNITgEQs3r2Q6us0hsfUCvEr -+QAjNOk6zsUlTbJYymshStBPh3OTf2zYwg8SXfuAoFDYTNk2uML2alvBRkIKYSVV -J2Lv2GoYxE1oTIgBDj3Jv4+xPZPx0AYmYsa6AuMCgYAd8wbirQva8X7wd+xh4Plf -lumuqdNiV2SW8Ag12tvsvI0GCFIA55L2B5jaHwRkmULSgGzfNnT3dgJPK4yNVdkW -3Kd2Sr2SqPnCDhWCU5JIhARBhzCw+5Hjx/ZggDa62R6+IAV3IodsM1xYIrDthgPl -dZQujf3au07KiQmP2xBZOQKBgQDACJ5xwgXfT/ORBYgFDxgh2+bvm/4rzRl4DN1m -wrN66P7g4HXtCMry6cUrkK+tjsJeznGYLxVU8Kax/Jm3MYGbCWQgrVIM2n6X0bhK -jVyKBH9s2a4nqDMbOMXO5VxIpIq1nkA3M3oh5eUDcdLNUcbRGxiB8EdVIbPUknaa -wGy+kwKBgQDE90KVnTzZQ6D20pAAvYaFCGkWUvKzf/C7NZcGH+UcWok3BCrkNiGK -YTEbEs6h26Q8S7Vm7FiRnfVQEW4HPFuQ8wpnYrYFJbfRbGsG8agxju25Kg+EBJGU -uu83oQ8zNiK/LMtNEGcQotXSVxAUdg1AoS5p1UX9cgmM9MZhkkbJIw== ------END RSA PRIVATE KEY----- diff --git a/chromium/net/data/ssl/certificates/quic_test.example.com.key.pkcs8 b/chromium/net/data/ssl/certificates/quic_test.example.com.key.pkcs8 Binary files differdeleted file mode 100644 index 5f341e52106..00000000000 --- a/chromium/net/data/ssl/certificates/quic_test.example.com.key.pkcs8 +++ /dev/null diff --git a/chromium/net/data/ssl/certificates/quic_test.example.com.key.pkcs8.pem b/chromium/net/data/ssl/certificates/quic_test.example.com.key.pkcs8.pem deleted file mode 100644 index e52b455f53f..00000000000 --- a/chromium/net/data/ssl/certificates/quic_test.example.com.key.pkcs8.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDVyhl5jqmrRvBO -t1hts6OaaBBSr/AAlK40vbRQH6MmpJ4ckDdbPejXO7yT+wD7x0lUm/HQmvJRhHtZ -i71m866SWrljjGSn0J7jDFDSz5Od6UoRV5PB3q97WkQdCowiph3GremPFo1OkfHT -8fOC/vZV3HLxEQd17LvpOjWHQ4Fe3ENKt3yhGtXSwUA5aX2JrWQbMTSo6p5eJvxx -0sZr5cJzMD9ZpzWNqaXpPUNBvVTyKuEVDDUwa4vyd8pcB49Y9FR3Xq/OscErp7vA -6X3vGtcD7o9nrcbmHannkT9B59aGIIxTs9h5CeJLFVrYkjtiT2jky9CkTrZ9Pl+w -JOpiYc97AgMBAAECggEAEjCHylfhB7mZaJkg5PSLzu9btC1T9jiwObyKQubuMrN+ -4F9E1naGAQoMGWsZwlJKYvCBuoX0aAslk5DYJJJHIByn+VhQmBaf7iF2HvmaTa0z -qBYTdENGGvCrKu1izu/jSKwzWwFINI8mTCoh1dtrihKflPMl91qVAlr5gvCzaSac -ovZwe8cm51rN5XclJx+o6SONhPUdlUWJ5yEpA4mjV3eC6/IvPOoMmr8GRS9oBB6k -m7yhcaGrSUClc+K3lpFF+3gXD57ABtT23usrNGnti6xnURDYDm+fUX2j8kZEREvj -YGrCNGp+EecrTzhjgaFukysyRXRp7mLvGEqekodcgQKBgQDm1bmKZmE+0FZJIDXD -4xMiipc+srd6KuaCYdJ5i0xt9xTC5KJA5eSmoQn0+hWa8065A91tHiR8u49Ql5xP -6oQw8kA3dpZliZJSL/o7V+aXoMO9/R3H8tbiZn0y7cMYaYr7PGmXC/giSQ5Yi7qE -+yKjKgx35DGEiTajt4FWJ6/siQKBgQDtGKlPyT/k8XGz305qw2W7d8nFFsR4kSJl -pbbWBwrfouiw0hOARCzevZDq6zSGx9QK8Sv5ACM06TrOxSVNsljKayFK0E+Hc5N/ -bNjCDxJd+4CgUNhM2Ta4wvZqW8FGQgphJVUnYu/YahjETWhMiAEOPcm/j7E9k/HQ -BiZixroC4wKBgB3zBuKtC9rxfvB37GHg+V+W6a6p02JXZJbwCDXa2+y8jQYIUgDn -kvYHmNofBGSZQtKAbN82dPd2Ak8rjI1V2Rbcp3ZKvZKo+cIOFYJTkkiEBEGHMLD7 -kePH9mCANrrZHr4gBXcih2wzXFgisO2GA+V1lC6N/dq7TsqJCY/bEFk5AoGBAMAI -nnHCBd9P85EFiAUPGCHb5u+b/ivNGXgM3WbCs3ro/uDgde0IyvLpxSuQr62Owl7O -cZgvFVTwprH8mbcxgZsJZCCtUgzafpfRuEqNXIoEf2zZrieoMxs4xc7lXEikirWe -QDczeiHl5QNx0s1RxtEbGIHwR1Uhs9SSdprAbL6TAoGBAMT3QpWdPNlDoPbSkAC9 -hoUIaRZS8rN/8Ls1lwYf5RxaiTcEKuQ2IYphMRsSzqHbpDxLtWbsWJGd9VARbgc8 -W5DzCmditgUlt9FsawbxqDGO7bkqD4QEkZS67zehDzM2Ir8sy00QZxCi1dJXEBR2 -DUChLmnVRf1yCYz0xmGSRskj ------END PRIVATE KEY----- diff --git a/chromium/net/data/ssl/certificates/quic_test_ecc.example.com.crt b/chromium/net/data/ssl/certificates/quic_test_ecc.example.com.crt deleted file mode 100644 index ff8a18def0a..00000000000 --- a/chromium/net/data/ssl/certificates/quic_test_ecc.example.com.crt +++ /dev/null @@ -1,60 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 4 (0x4) - Signature Algorithm: sha1WithRSAEncryption - Issuer: O=Acme Co, CN=Intermediate CA - Validity - Not Before: Jan 1 10:00:00 2013 GMT - Not After : Dec 31 10:00:00 2023 GMT - Subject: O=Acme Co, CN=ECDSA Leaf certificate - Subject Public Key Info: - Public Key Algorithm: id-ecPublicKey - Public-Key: (256 bit) - pub: - 04:05:26:22:0e:77:27:83:00:d0:6b:c0:86:af:f4: - f9:99:a8:28:a2:ed:5c:c7:5a:dc:29:72:79:4b:ef: - e8:85:aa:3a:9b:84:3d:e3:21:b3:6b:0a:79:52:89: - ce:bf:f1:a5:42:8b:ad:5e:34:66:5c:e5:e3:6d:aa: - d0:8f:b3:ff:d8 - ASN1 OID: prime256v1 - X509v3 extensions: - X509v3 Key Usage: critical - Digital Signature - X509v3 Extended Key Usage: - TLS Web Server Authentication - X509v3 Basic Constraints: critical - CA:FALSE - X509v3 Subject Alternative Name: - DNS:test.example.com - Signature Algorithm: sha1WithRSAEncryption - 40:cb:4b:4f:63:13:8a:4e:b9:76:f6:01:82:f1:29:6d:64:d5: - ab:87:2f:5f:4f:e9:97:f7:0d:1c:95:f1:c1:7e:9e:26:c1:f8: - b5:6c:5c:7d:7a:54:95:96:0c:ad:72:27:e5:47:2d:13:11:0e: - 56:d7:37:0e:9b:ea:1e:93:dc:78:e4:12:3b:bd:d5:21:44:92: - cb:bf:f1:36:f5:67:3a:85:92:78:da:1b:c6:01:04:4e:6d:a7: - 1b:0e:3b:96:59:a2:da:96:db:8e:97:be:dc:f0:7e:54:3b:12: - 3a:e9:44:a0:56:e4:a5:9f:f4:58:7a:22:b9:85:be:b7:ad:51: - 05:95:70:ba:d0:69:11:f1:2d:47:32:98:bf:e8:1c:9d:f9:19: - 29:f8:17:72:30:bb:3d:4a:d7:f5:cc:50:55:14:a9:6b:37:e7: - 08:f2:b6:87:4d:d8:3d:fb:eb:0d:45:3b:bc:3c:c1:92:2d:69: - 17:39:4b:b4:ff:04:21:ec:cc:74:ff:37:b4:6d:6f:b1:5d:89: - 9c:32:ee:99:60:52:87:15:8f:b7:50:ba:2d:f5:fd:11:f1:f8: - 38:94:b6:db:7f:cb:fa:2f:d1:41:26:cc:fa:ec:4d:49:ed:d8: - a8:8a:13:e7:14:32:6a:c6:6a:66:c9:5b:81:92:ca:cf:b4:7c: - c8:91:cc:a8 ------BEGIN CERTIFICATE----- -MIICXTCCAUegAwIBAgIBBDALBgkqhkiG9w0BAQUwLDEQMA4GA1UEChMHQWNtZSBD -bzEYMBYGA1UEAxMPSW50ZXJtZWRpYXRlIENBMB4XDTEzMDEwMTEwMDAwMFoXDTIz -MTIzMTEwMDAwMFowMzEQMA4GA1UEChMHQWNtZSBDbzEfMB0GA1UEAxMWRUNEU0Eg -TGVhZiBjZXJ0aWZpY2F0ZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAUmIg53 -J4MA0GvAhq/0+ZmoKKLtXMda3ClyeUvv6IWqOpuEPeMhs2sKeVKJzr/xpUKLrV40 -Zlzl422q0I+z/9ijUjBQMA4GA1UdDwEB/wQEAwIAgDATBgNVHSUEDDAKBggrBgEF -BQcDATAMBgNVHRMBAf8EAjAAMBsGA1UdEQQUMBKCEHRlc3QuZXhhbXBsZS5jb20w -CwYJKoZIhvcNAQEFA4IBAQBAy0tPYxOKTrl29gGC8SltZNWrhy9fT+mX9w0clfHB -fp4mwfi1bFx9elSVlgytciflRy0TEQ5W1zcOm+oek9x45BI7vdUhRJLLv/E29Wc6 -hZJ42hvGAQRObacbDjuWWaLaltuOl77c8H5UOxI66USgVuSln/RYeiK5hb63rVEF -lXC60GkR8S1HMpi/6Byd+Rkp+BdyMLs9Stf1zFBVFKlrN+cI8raHTdg9++sNRTu8 -PMGSLWkXOUu0/wQh7Mx0/ze0bW+xXYmcMu6ZYFKHFY+3ULot9f0R8fg4lLbbf8v6 -L9FBJsz67E1J7dioihPnFDJqxmpmyVuBksrPtHzIkcyo ------END CERTIFICATE----- diff --git a/chromium/net/data/ssl/certificates/quic_test_ecc.example.com.key b/chromium/net/data/ssl/certificates/quic_test_ecc.example.com.key deleted file mode 100644 index 0e2f2763b2b..00000000000 --- a/chromium/net/data/ssl/certificates/quic_test_ecc.example.com.key +++ /dev/null @@ -1,5 +0,0 @@ ------BEGIN EC PRIVATE KEY----- -MHcCAQEEIPqnEQNfDLijySw1wwD3RNPQvgPyAPvaZarw327ZM2lwoAoGCCqGSM49 -AwEHoUQDQgAEBSYiDncngwDQa8CGr/T5magoou1cx1rcKXJ5S+/ohao6m4Q94yGz -awp5UonOv/GlQoutXjRmXOXjbarQj7P/2A== ------END EC PRIVATE KEY----- diff --git a/chromium/net/data/ssl/certificates/quic_test_ecc.example.com.sct b/chromium/net/data/ssl/certificates/quic_test_ecc.example.com.sct Binary files differdeleted file mode 100644 index 37582658969..00000000000 --- a/chromium/net/data/ssl/certificates/quic_test_ecc.example.com.sct +++ /dev/null diff --git a/chromium/net/data/ssl/certificates/sha1_leaf.pem b/chromium/net/data/ssl/certificates/sha1_leaf.pem new file mode 100644 index 00000000000..598b48d8821 --- /dev/null +++ b/chromium/net/data/ssl/certificates/sha1_leaf.pem @@ -0,0 +1,112 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCt5Mpt4Jw+UG9v +qfdbenxHoJJ8YcG9PZssBRhmA4GIwNGoYqG5D50gMxppUybpdZtQus+FF/lS8v2R +0+my4D3cgLo+eIebg2oqhz/x5QLQlWsGvcjcn6bTg0INuK9vn9HNqeMQkDotxK9X +zvcbKazzxzV1K81PGgocpjhj10qdOZoboDu+eTN8bFe13uRNFG13l1nQmU0B6R6n +BreDtxggA/C9H0x9YjRVyDamxwXe5c1yrye2HZXdxJneEEm+CMUSjKXlpK1it/+U +1mafGMtrSdl++aspmO3lZ61TUNdSqdSUBGL8azw7AzewvRj48KN8V4EPG7WUvu4a +CrZpy3O1AgMBAAECggEAcz5ibcliouWZxK4m0YhuXuXqzuXWiP0QHm9OCSWfrirj +h62+MjBH2LQld9H0wtn/UdRMfY8y3CdPp1qC0dpNBRqG06n7bTP9oyu5VC2K3QN5 +R6F1QcnIvPqLRx6znc2UNLG3Wx3KgNSNxCrUlzradUD7i6i4ywid1PjP/FMNDv6q +k07xSxc0VpWwkUC0j3uau0qewfnjP3+Toe7au4vHhy+Opyudsu4WETlbhkZq2mlD +bgUS8/06FOjlf/2tfnElysL2NPvj0sFpm1yUckxZVjiepJ8QfqU46zsxUTqKrtca +b6kYiJmB30wSxwnsweBhJ6w7UOOV6kmB6scc5OD2IQKBgQDgZESH7yLkqBdY1qFE +AfWvyMfIe/buB8UNLcicGuSPkjdtCzsXoDgzXxt37RSLFMsPTDBM51KPAzJkWaeM +Jksbivw/+bEFTyY/AaYreiRHrpIXvLM/mNJFZ514ImZ+mY8YU7nuTZRMn7Ysfs9c +kHc7r3ET65KOcnXtPVGk6h2rHQKBgQDGY4dc0vWHktGLLqmgIJZHVcojj4NLuX67 +KCj1/DhNFpJhq24MKucxmaOlXXXPgEGTA/JwWnolo1fcT2Vv4LrlgL75SYVHOF71 +2PTIrlM3w6lOJNyzyD3Sjh2wZ87u993P2z6Z/qDWOMTdfD/jvyoU/k1uq6rTxJzy +SktzfqRveQKBgBwI6vcAzZ870Q7sYeGZTRTVRQCrXEKI/fmTisjWI1A8uGgLSyq8 +fckNTOVC3Zoy0tvqbO5uyEXN5HHdMa206xVZ3AIyNAexx9l/Xz93VykNinskvFBp +y3uYYngr9BpFHTew3j4Du0+HdL9CaK3r7rmqRbpzaDAb5NfrHVQ5W9ORAoGASfSq +bnkaHKsnwFnp1A6x1u/tRepnCKCi1MQ42NJobpxef1h30sNfokbjEW9QzsTCLTsI +csfXxxYoV7GlX9qH8axYBPhaXd1u0PlK71DFJwGiqMXnHIImQcrG2I8qPj1ai/Tw +VlnsvU82XFbIPm9yEZdnaD1Ill8yHsSBchGg3QkCgYEAxZcgtHjspR9TTzuyl8qm +gciF8YDwYIIHqOPnVKoC6+EQJf/BJnTU5naf56sa4aMg9eqqNA5eG0aohM1uZJAJ +TaxkXZ8wTCwFoIh6O05+SD4bHDWvr7Sur1z0HeasYH2OPf/H/N0Xuq10rphCr7dx +HYbEecCcSPrbEtOR7++xRvA= +-----END PRIVATE KEY----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 23 (0x17) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=California, L=Mountain View, O=Test CA, CN=Test Root CA + Validity + Not Before: Dec 20 00:00:00 2017 GMT + Not After : Dec 20 00:00:00 2020 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ad:e4:ca:6d:e0:9c:3e:50:6f:6f:a9:f7:5b:7a: + 7c:47:a0:92:7c:61:c1:bd:3d:9b:2c:05:18:66:03: + 81:88:c0:d1:a8:62:a1:b9:0f:9d:20:33:1a:69:53: + 26:e9:75:9b:50:ba:cf:85:17:f9:52:f2:fd:91:d3: + e9:b2:e0:3d:dc:80:ba:3e:78:87:9b:83:6a:2a:87: + 3f:f1:e5:02:d0:95:6b:06:bd:c8:dc:9f:a6:d3:83: + 42:0d:b8:af:6f:9f:d1:cd:a9:e3:10:90:3a:2d:c4: + af:57:ce:f7:1b:29:ac:f3:c7:35:75:2b:cd:4f:1a: + 0a:1c:a6:38:63:d7:4a:9d:39:9a:1b:a0:3b:be:79: + 33:7c:6c:57:b5:de:e4:4d:14:6d:77:97:59:d0:99: + 4d:01:e9:1e:a7:06:b7:83:b7:18:20:03:f0:bd:1f: + 4c:7d:62:34:55:c8:36:a6:c7:05:de:e5:cd:72:af: + 27:b6:1d:95:dd:c4:99:de:10:49:be:08:c5:12:8c: + a5:e5:a4:ad:62:b7:ff:94:d6:66:9f:18:cb:6b:49: + d9:7e:f9:ab:29:98:ed:e5:67:ad:53:50:d7:52:a9: + d4:94:04:62:fc:6b:3c:3b:03:37:b0:bd:18:f8:f0: + a3:7c:57:81:0f:1b:b5:94:be:ee:1a:0a:b6:69:cb: + 73:b5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + 18:9A:76:1E:86:4C:EF:67:5D:20:7F:24:4C:DC:3F:AE:B5:B5:5C:A1 + X509v3 Authority Key Identifier: + keyid:9B:26:0B:8A:98:A9:BB:1D:B9:1F:1C:E3:1A:40:33:ED:8E:17:88:AB + + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha1WithRSAEncryption + a0:b6:c2:65:a0:9b:25:b7:c9:81:9a:dc:63:aa:ae:6e:f3:8a: + 62:92:66:6e:ad:3d:a7:fd:26:d4:ea:7b:7c:00:80:2b:73:db: + 36:86:fe:b1:b5:8a:05:40:d3:3c:6f:1d:11:1b:b2:a0:0d:f6: + 26:aa:ac:63:62:61:c0:7e:b0:7d:da:73:2c:14:71:41:fd:93: + f5:76:cd:21:13:42:df:e5:b0:26:e8:d0:ec:a2:e4:26:b8:ba: + e8:bd:49:f9:38:7f:92:1c:a2:7e:8f:b3:d3:e6:0a:51:60:88: + c4:ab:08:65:14:53:fd:c3:70:8a:6f:49:99:d7:09:38:00:20: + b5:3d:3c:f1:7c:2c:ab:67:4d:df:1d:c2:1e:24:d3:31:60:71: + be:b3:85:7e:a7:1e:ce:41:1f:21:58:63:83:3c:e5:91:4a:18: + 4d:6c:97:13:d5:df:34:c7:22:0a:92:3a:fb:03:3a:b8:62:2b: + 7e:be:03:fb:39:74:03:1d:f3:c7:55:28:e7:ed:cd:28:75:2b: + 75:c5:38:b7:fd:da:98:60:61:0a:aa:eb:17:1a:26:e1:74:7e: + 84:e8:76:bf:15:18:e3:b2:4e:25:41:cb:2b:19:c9:63:6f:aa: + 8a:58:c7:01:2a:cd:fc:04:ea:63:7f:b3:ed:5d:96:a2:b0:26: + 63:8d:0d:3f +-----BEGIN CERTIFICATE----- +MIIDvzCCAqegAwIBAgIBFzANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzET +MBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzEQMA4G +A1UECgwHVGVzdCBDQTEVMBMGA1UEAwwMVGVzdCBSb290IENBMB4XDTE3MTIyMDAw +MDAwMFoXDTIwMTIyMDAwMDAwMFowYDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNh +bGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3Qg +Q0ExEjAQBgNVBAMMCTEyNy4wLjAuMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBAK3kym3gnD5Qb2+p91t6fEegknxhwb09mywFGGYDgYjA0ahiobkPnSAz +GmlTJul1m1C6z4UX+VLy/ZHT6bLgPdyAuj54h5uDaiqHP/HlAtCVawa9yNyfptOD +Qg24r2+f0c2p4xCQOi3Er1fO9xsprPPHNXUrzU8aChymOGPXSp05mhugO755M3xs +V7Xe5E0UbXeXWdCZTQHpHqcGt4O3GCAD8L0fTH1iNFXINqbHBd7lzXKvJ7Ydld3E +md4QSb4IxRKMpeWkrWK3/5TWZp8Yy2tJ2X75qymY7eVnrVNQ11Kp1JQEYvxrPDsD +N7C9GPjwo3xXgQ8btZS+7hoKtmnLc7UCAwEAAaOBgDB+MAwGA1UdEwEB/wQCMAAw +HQYDVR0OBBYEFBiadh6GTO9nXSB/JEzcP661tVyhMB8GA1UdIwQYMBaAFJsmC4qY +qbsduR8c4xpAM+2OF4irMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAP +BgNVHREECDAGhwR/AAABMA0GCSqGSIb3DQEBBQUAA4IBAQCgtsJloJslt8mBmtxj +qq5u84pikmZurT2n/SbU6nt8AIArc9s2hv6xtYoFQNM8bx0RG7KgDfYmqqxjYmHA +frB92nMsFHFB/ZP1ds0hE0Lf5bAm6NDsouQmuLrovUn5OH+SHKJ+j7PT5gpRYIjE +qwhlFFP9w3CKb0mZ1wk4ACC1PTzxfCyrZ03fHcIeJNMxYHG+s4V+px7OQR8hWGOD +POWRShhNbJcT1d80xyIKkjr7Azq4Yit+vgP7OXQDHfPHVSjn7c0odSt1xTi3/dqY +YGEKqusXGibhdH6E6Ha/FRjjsk4lQcsrGcljb6qKWMcBKs38BOpjf7PtXZaisCZj +jQ0/ +-----END CERTIFICATE----- diff --git a/chromium/net/data/ssl/scripts/crlsetutil.py b/chromium/net/data/ssl/scripts/crlsetutil.py index 2fcad54c5a9..c96d818f7f2 100755 --- a/chromium/net/data/ssl/scripts/crlsetutil.py +++ b/chromium/net/data/ssl/scripts/crlsetutil.py @@ -162,6 +162,39 @@ def pem_cert_file_to_spki_hash(pem_filename): return der_cert_to_spki_hash(_pem_cert_to_binary(pem_filename)) +def der_cert_to_subject_hash(der_bytes): + """Returns SHA256(subject) of a DER-encoded certificate + + Args: + der_bytes: A DER-encoded certificate (RFC 5280) + + Returns: + The SHA-256 hash of the certificate's subject. + """ + iterator = ASN1Iterator(der_bytes) + iterator.step_into() # enter certificate structure + iterator.step_into() # enter TBSCertificate + iterator.step_over() # over version + iterator.step_over() # over serial + iterator.step_over() # over signature algorithm + iterator.step_over() # over issuer name + iterator.step_over() # over validity + return hashlib.sha256(iterator.contents()).digest() + + +def pem_cert_file_to_subject_hash(pem_filename): + """Gets the SHA-256 hash of the subject of a cert in a file + + Args: + pem_filename: A file containing a PEM-encoded certificate. + + Returns: + The SHA-256 hash of the subject of the first certificate in the file, as a + byte sequence + """ + return der_cert_to_subject_hash(_pem_cert_to_binary(pem_filename)) + + def main(): parser = optparse.OptionParser(description=sys.modules[__name__].__doc__) parser.add_option('-o', '--output', @@ -179,6 +212,13 @@ def main(): pem_cert_file_to_spki_hash(pem_file): serials for pem_file, serials in config.get('BlockedByHash', {}).iteritems() } + limited_subjects = { + pem_cert_file_to_subject_hash(pem_file).encode('base64').strip(): [ + pem_cert_file_to_spki_hash(filename).encode('base64').strip() + for filename in allowed_pems + ] + for pem_file, allowed_pems in config.get('LimitedSubjects', {}).iteritems() + } header_json = { 'Version': 0, 'ContentType': 'CRLSet', @@ -186,6 +226,7 @@ def main(): 'DeltaFrom': 0, 'NumParents': len(parents), 'BlockedSPKIs': blocked_spkis, + 'LimitedSubjects': limited_subjects, } header = json.dumps(header_json) outfile.write(struct.pack('<H', len(header))) diff --git a/chromium/net/data/ssl/scripts/ee.cnf b/chromium/net/data/ssl/scripts/ee.cnf index 3d42df1b65b..d5811b914d7 100644 --- a/chromium/net/data/ssl/scripts/ee.cnf +++ b/chromium/net/data/ssl/scripts/ee.cnf @@ -17,6 +17,9 @@ L = Mountain View O = Test CA CN = 127.0.0.1 +[req_no_san] +basicConstraints = critical, CA:false + [req_duplicate_cn_1] O = Foo CN = Duplicate diff --git a/chromium/net/data/ssl/scripts/generate-quic-chain.sh b/chromium/net/data/ssl/scripts/generate-quic-chain.sh new file mode 100755 index 00000000000..707ecda67a5 --- /dev/null +++ b/chromium/net/data/ssl/scripts/generate-quic-chain.sh @@ -0,0 +1,97 @@ +#!/bin/sh + +# Copyright 2017 The Chromium Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +# This script generates a test chain of (end-entity, intermediate, root) +# certificates used to run a test QUIC server. + +try() { + "$@" || (e=$?; echo "$@" > /dev/stderr; exit $e) +} + +try rm -rf out +try mkdir out + +# Create the serial number files. +try /bin/sh -c "echo 01 > out/quic-test-root-serial" +try /bin/sh -c "echo 01 > out/quic-test-intermediate-serial" + +# Create the signers' DB files. +touch out/quic-test-root-index.txt +touch out/quic-test-intermediate-index.txt + +# Generate the keys +try openssl genrsa -out out/quic-test-root.key 2048 +try openssl genrsa -out out/quic-test-intermediate.key 2048 +try openssl genrsa -out out/quic-test-cert.key 2048 + +# Generate the root certificate +CA_COMMON_NAME="Test Root CA" \ + CA_DIR=out \ + CA_NAME=test-root \ + try openssl req \ + -new \ + -key out/quic-test-root.key \ + -out out/quic-test-root.csr \ + -config quic-test.cnf + +CA_COMMON_NAME="Test Root CA" \ + CA_DIR=out \ + CA_NAME=quic-test-root \ + try openssl x509 \ + -req -days 3650 \ + -in out/quic-test-root.csr \ + -out out/quic-test-root.pem \ + -signkey out/quic-test-root.key \ + -extfile quic-test.cnf \ + -extensions ca_cert \ + -text + +# Generate the intermediate +CA_COMMON_NAME="Test Intermediate CA" \ + CA_DIR=out \ + CA_NAME=quic-test-root \ + try openssl req \ + -new \ + -key out/quic-test-intermediate.key \ + -out out/quic-test-intermediate.csr \ + -config quic-test.cnf + +CA_COMMON_NAME="Test Intermediate CA" \ + CA_DIR=out \ + CA_NAME=quic-test-root \ + try openssl ca \ + -batch \ + -in out/quic-test-intermediate.csr \ + -out out/quic-test-intermediate.pem \ + -config quic-test.cnf \ + -extensions ca_cert + +# Generate the leaf +CA_COMMON_NAME="test.example.com" \ +CA_DIR=out \ +CA_NAME=quic-test-intermediate \ +try openssl req \ + -new \ + -key out/quic-test-cert.key \ + -out out/quic-test-cert.csr \ + -config quic-test.cnf + +CA_COMMON_NAME="Test Intermediate CA" \ + HOST_NAME="test.example.com" \ + CA_DIR=out \ + CA_NAME=quic-test-intermediate \ + try openssl ca \ + -batch \ + -in out/quic-test-cert.csr \ + -out out/quic-test-cert.pem \ + -config quic-test.cnf \ + -extensions user_cert + +# Copy to the file names that are actually checked in. +try openssl pkcs8 -topk8 -inform pem -outform der -in out/quic-test-cert.key -out ../certificates/quic-leaf-cert.key -nocrypt +try cat out/quic-test-cert.pem out/quic-test-intermediate.pem > ../certificates/quic-chain.pem +try cp out/quic-test-root.pem ../certificates/quic-root.pem +try openssl pkcs8 -nocrypt -inform der -outform pem -in ../certificates/quic-leaf-cert.key -out ../certificates/quic-leaf-cert.key.pkcs8.pem diff --git a/chromium/net/data/ssl/scripts/generate-test-certs.sh b/chromium/net/data/ssl/scripts/generate-test-certs.sh index ca8a3ca7ea6..622897b7b89 100755 --- a/chromium/net/data/ssl/scripts/generate-test-certs.sh +++ b/chromium/net/data/ssl/scripts/generate-test-certs.sh @@ -423,6 +423,61 @@ openssl req -x509 -newkey rsa:2048 \ -extensions req_extensions_with_tls_feature \ -nodes -config ee.cnf +# SHA-1 certificate issued by locally trusted CA +openssl req \ + -config ../scripts/ee.cnf \ + -newkey rsa:2048 \ + -text \ + -keyout out/sha1_leaf.key \ + -out out/sha1_leaf.req +CA_NAME="req_ca_dn" \ + openssl ca \ + -batch \ + -extensions user_cert \ + -startdate 171220000000Z \ + -enddate 201220000000Z \ + -in out/sha1_leaf.req \ + -out out/sha1_leaf.pem \ + -config ca.cnf \ + -md sha1 +/bin/sh -c "cat out/sha1_leaf.key out/sha1_leaf.pem \ + > ../certificates/sha1_leaf.pem" + +# Certificate with only a common name (no SAN) issued by a locally trusted CA +openssl req \ + -config ../scripts/ee.cnf \ + -reqexts req_no_san \ + -newkey rsa:2048 \ + -text \ + -keyout out/common_name_only.key \ + -out out/common_name_only.req +CA_NAME="req_ca_dn" \ + openssl ca \ + -batch \ + -extensions user_cert \ + -startdate 171220000000Z \ + -enddate 201220000000Z \ + -in out/common_name_only.req \ + -out out/common_name_only.pem \ + -config ca.cnf +/bin/sh -c "cat out/common_name_only.key out/common_name_only.pem \ + > ../certificates/common_name_only.pem" + +# Issued after 1 Dec 2017 (Symantec Legacy Distrust Date) +openssl req \ + -config ../scripts/ee.cnf \ + -newkey rsa:2048 \ + -text \ + -out out/dec_2017.req +CA_NAME="req_ca_dn" \ + openssl ca \ + -batch \ + -extensions user_cert \ + -startdate 171220000000Z \ + -enddate 201220000000Z \ + -in out/dec_2017.req \ + -out ../certificates/dec_2017.pem \ + -config ca.cnf # Regenerate CRLSets ## Block a leaf cert directly by SPKI @@ -454,3 +509,35 @@ python crlsetutil.py -o ../certificates/crlset_by_intermediate_serial.raw \ } } CRLSETBYINTERMEDIATESERIAL + +## Block a subject with a single-entry allowlist of SPKI hashes. +python crlsetutil.py -o ../certificates/crlset_by_root_subject.raw \ +<<CRLSETBYROOTSUBJECT +{ + "LimitedSubjects": { + "../certificates/root_ca_cert.pem": [ + "../certificates/root_ca_cert.pem" + ] + } +} +CRLSETBYROOTSUBJECT + +## Block a subject with an empty allowlist of SPKI hashes. +python crlsetutil.py -o ../certificates/crlset_by_root_subject_no_spki.raw \ +<<CRLSETBYROOTSUBJECTNOSPKI +{ + "LimitedSubjects": { + "../certificates/root_ca_cert.pem": [] + } +} +CRLSETBYROOTSUBJECTNOSPKI + +## Block a subject with an empty allowlist of SPKI hashes. +python crlsetutil.py -o ../certificates/crlset_by_leaf_subject_no_spki.raw \ +<<CRLSETBYLEAFSUBJECTNOSPKI +{ + "LimitedSubjects": { + "../certificates/ok_cert.pem": [] + } +} +CRLSETBYLEAFSUBJECTNOSPKI diff --git a/chromium/net/data/ssl/scripts/quic-test.cnf.txt b/chromium/net/data/ssl/scripts/quic-test.cnf.txt new file mode 100644 index 00000000000..c8daaf30d0a --- /dev/null +++ b/chromium/net/data/ssl/scripts/quic-test.cnf.txt @@ -0,0 +1,54 @@ +CA_DIR=out +CA_NAME=quic-test-root +HOST_NAME=test.example.com + +[ca] +default_ca = CA_root +preserve = yes + +[CA_root] +dir = ${ENV::CA_DIR} +key_size = 2048 +algo = sha256 +database = $dir/${ENV::CA_NAME}-index.txt +new_certs_dir = $dir +serial = $dir/${ENV::CA_NAME}-serial +certificate = $dir/${ENV::CA_NAME}.pem +private_key = $dir/${ENV::CA_NAME}.key +RANDFILE = $dir/.rand +default_days = 3650 +default_crl_days = 30 +default_md = sha256 +policy = policy_anything +unique_subject = no +copy_extensions = copy + +[user_cert] +basicConstraints = critical, CA:false +extendedKeyUsage = serverAuth, clientAuth +subjectAltName = DNS:${ENV::HOST_NAME} + +[ca_cert] +basicConstraints = critical, CA:true +keyUsage = critical, keyCertSign, cRLSign + +[policy_anything] +# Default signing policy +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = optional +emailAddress = optional + +[req] +default_bits = 2048 +default_md = sha256 +string_mask = utf8only +prompt = no +encrypt_key = no +distinguished_name = req_env_dn + +[req_env_dn] +CN = ${ENV::CA_COMMON_NAME} diff --git a/chromium/net/data/ssl/symantec/README.md b/chromium/net/data/ssl/symantec/README.md index f4926bbefc9..4d8219d121e 100644 --- a/chromium/net/data/ssl/symantec/README.md +++ b/chromium/net/data/ssl/symantec/README.md @@ -1,15 +1,17 @@ # Symantec Certificates This directory contains the set of known active and legacy root certificates -operated by Symantec Corporation. In order for certificates issued from -roots to be trusted, it is required that the certificates be logged using -Certificate Transparency. +that were operated by Symantec Corporation. In order for certificates issued +from these roots to be trusted, it is required that they comply with the +policies outlined at <https://security.googleblog.com/2017/09/chromes-plan-to-distrust-symantec.html>. -For details about why, see <https://security.googleblog.com/2015/10/sustaining-digital-certificate-security.html> +The exceptions to this are: + * Pre-existing independently operated sub-CAs, whose keys were and are not + controled by Symantec and which maintain current and appropriate audits. + * The set of Managed CAs in accordance with the above policies. -The exception to this is sub-CAs which have been disclosed as independently -operated, whose keys are not in control of Symantec, and which are -maintaining a current and appropriate audit. +In addition to the above, no changes exist from the Certificate Transparency +requirement outlined at <https://security.googleblog.com/2015/10/sustaining-digital-certificate-security.html> ## Roots @@ -34,6 +36,14 @@ The following command can be used to match certificates and their key hashes: * [ac2b922ecfd5e01711772fea8ed372de9d1e2245fce3f57a9cdbec77296a424b.pem](excluded/ac2b922ecfd5e01711772fea8ed372de9d1e2245fce3f57a9cdbec77296a424b.pem) * [a4fe7c7f15155f3f0aef7aaa83cf6e06deb97ca3f909df920ac1490882d488ed.pem](excluded/a4fe7c7f15155f3f0aef7aaa83cf6e06deb97ca3f909df920ac1490882d488ed.pem) +### DigiCert + +[WebTrust Audit](https://cert.webtrust.org/ViewSeal?id=2228) +[Certification Practices Statement](https://www.digicert.com/CPS) + + * [8bb593a93be1d0e8a822bb887c547890c3e706aad2dab76254f97fb36b82fc26.pem](excluded/8bb593a93be1d0e8a822bb887c547890c3e706aad2dab76254f97fb36b82fc26.pem) + * [b94c198300cec5c057ad0727b70bbe91816992256439a7b32f4598119dda9c97.pem](excluded/b94c198300cec5c057ad0727b70bbe91816992256439a7b32f4598119dda9c97.pem) + ### Google [WebTrust Audit](https://cert.webtrust.org/ViewSeal?id=1941) @@ -41,3 +51,9 @@ The following command can be used to match certificates and their key hashes: * [c3f697a92a293d86f9a3ee7ccb970e20e0050b8728cc83ed1b996ce9005d4c36.pem](excluded/c3f697a92a293d86f9a3ee7ccb970e20e0050b8728cc83ed1b996ce9005d4c36.pem) +## Excluded Managed CAs + +### DigiCert + + * [7cac9a0ff315387750ba8bafdb1c2bc29b3f0bba16362ca93a90f84da2df5f3e.pem](managed/7cac9a0ff315387750ba8bafdb1c2bc29b3f0bba16362ca93a90f84da2df5f3e.pem) + * [ac50b5fb738aed6cb781cc35fbfff7786f77109ada7c08867c04a573fd5cf9ee.pem](managed/ac50b5fb738aed6cb781cc35fbfff7786f77109ada7c08867c04a573fd5cf9ee.pem) diff --git a/chromium/net/data/ssl/symantec/excluded/8bb593a93be1d0e8a822bb887c547890c3e706aad2dab76254f97fb36b82fc26.pem b/chromium/net/data/ssl/symantec/excluded/8bb593a93be1d0e8a822bb887c547890c3e706aad2dab76254f97fb36b82fc26.pem new file mode 100644 index 00000000000..f6d561eb172 --- /dev/null +++ b/chromium/net/data/ssl/symantec/excluded/8bb593a93be1d0e8a822bb887c547890c3e706aad2dab76254f97fb36b82fc26.pem @@ -0,0 +1,103 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 63:18:0d:38:fb:80:97:78:a9:d0:35:a3:16:18:f8:40 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5 + Validity + Not Before: Nov 6 00:00:00 2017 GMT + Not After : Nov 5 23:59:59 2022 GMT + Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:bb:37:cd:34:dc:7b:6b:c9:b2:68:90:ad:4a:75: + ff:46:ba:21:0a:08:8d:f5:19:54:c9:fb:88:db:f3: + ae:f2:3a:89:91:3c:7a:e6:ab:06:1a:6b:cf:ac:2d: + e8:5e:09:24:44:ba:62:9a:7e:d6:a3:a8:7e:e0:54: + 75:20:05:ac:50:b7:9c:63:1a:6c:30:dc:da:1f:19: + b1:d7:1e:de:fd:d7:e0:cb:94:83:37:ae:ec:1f:43: + 4e:dd:7b:2c:d2:bd:2e:a5:2f:e4:a9:b8:ad:3a:d4: + 99:a4:b6:25:e9:9b:6b:00:60:92:60:ff:4f:21:49: + 18:f7:67:90:ab:61:06:9c:8f:f2:ba:e9:b4:e9:92: + 32:6b:b5:f3:57:e8:5d:1b:cd:8c:1d:ab:95:04:95: + 49:f3:35:2d:96:e3:49:6d:dd:77:e3:fb:49:4b:b4: + ac:55:07:a9:8f:95:b3:b4:23:bb:4c:6d:45:f0:f6: + a9:b2:95:30:b4:fd:4c:55:8c:27:4a:57:14:7c:82: + 9d:cd:73:92:d3:16:4a:06:0c:8c:50:d1:8f:1e:09: + be:17:a1:e6:21:ca:fd:83:e5:10:bc:83:a5:0a:c4: + 67:28:f6:73:14:14:3d:46:76:c3:87:14:89:21:34: + 4d:af:0f:45:0c:a6:49:a1:ba:bb:9c:c5:b1:33:83: + 29:85 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 4E:22:54:20:18:95:E6:E3:6E:E6:0F:FA:FA:B9:12:ED:06:17:8F:39 + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Certificate Policies: + Policy: X509v3 Any Policy + CPS: https://d.symcb.com/cps + User Notice: + Explicit Text: https://d.symcb.com/rpa + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://s.symcb.com/pca3-g5.crl + + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + Authority Information Access: + OCSP - URI:http://s.symcd.com + + X509v3 Authority Key Identifier: + keyid:7F:D3:65:A7:C2:DD:EC:BB:F0:30:09:F3:43:39:FA:02:AF:33:31:33 + + Signature Algorithm: sha256WithRSAEncryption + 50:dd:d3:56:29:25:01:8a:9e:a7:e5:7d:4d:b9:af:1b:8c:a2: + d2:27:35:e5:9d:eb:1c:6a:f3:c4:08:ca:45:06:52:08:28:7d: + a6:73:a9:8b:d9:7a:ff:c2:44:88:04:3a:ec:a8:03:b7:b0:17: + 26:a0:93:7e:9f:c5:77:d0:ee:49:7a:5a:ed:10:01:58:4b:24: + 43:5d:fb:bb:f1:99:47:9f:a9:2f:57:9f:e3:3d:41:44:08:43: + 3f:85:d3:74:c7:c5:9d:2e:91:a3:24:ca:9f:b3:41:06:e6:a1: + e3:f9:46:b1:a6:e7:16:0f:8e:39:c1:e6:b8:ce:52:bb:85:44: + 7e:30:0f:1f:ab:46:1d:d4:71:0a:8f:87:3c:4d:c8:1a:40:81: + cc:6b:82:87:af:8e:3c:71:0e:bd:7b:70:8f:10:24:61:44:d8: + 3e:44:02:93:d8:8e:d2:95:a5:73:2e:f6:81:ff:cc:b2:9b:6a: + 0c:08:4b:28:aa:24:53:f1:d6:d7:83:7e:5a:28:46:26:9b:39: + f7:3b:f9:a7:07:b6:c6:51:df:c4:52:b9:08:7f:b1:55:6a:68: + 18:65:dd:5f:4b:34:1e:83:57:07:a9:fd:23:6b:a7:87:a6:fa: + b6:6d:39:7e:71:61:47:6a:af:fc:e0:a9:47:7b:94:61:d0:2b: + 26:a5:9c:e7 +-----BEGIN CERTIFICATE----- +MIIE3zCCA8egAwIBAgIQYxgNOPuAl3ip0DWjFhj4QDANBgkqhkiG9w0BAQsFADCB +yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL +ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp +U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW +ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0 +aG9yaXR5IC0gRzUwHhcNMTcxMTA2MDAwMDAwWhcNMjIxMTA1MjM1OTU5WjBhMQsw +CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu +ZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMjCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALs3zTTce2vJsmiQrUp1/0a6 +IQoIjfUZVMn7iNvzrvI6iZE8euarBhprz6wt6F4JJES6Ypp+1qOofuBUdSAFrFC3 +nGMabDDc2h8Zsdce3v3X4MuUgzeu7B9DTt17LNK9LqUv5Km4rTrUmaS2JembawBg +kmD/TyFJGPdnkKthBpyP8rrptOmSMmu181foXRvNjB2rlQSVSfM1LZbjSW3dd+P7 +SUu0rFUHqY+Vs7Qju0xtRfD2qbKVMLT9TFWMJ0pXFHyCnc1zktMWSgYMjFDRjx4J +vheh5iHK/YPlELyDpQrEZyj2cxQUPUZ2w4cUiSE0Ta8PRQymSaG6u5zFsTODKYUC +AwEAAaOCAScwggEjMB0GA1UdDgQWBBROIlQgGJXm427mD/r6uRLtBhePOTAPBgNV +HRMBAf8EBTADAQH/MF8GA1UdIARYMFYwVAYEVR0gADBMMCMGCCsGAQUFBwIBFhdo +dHRwczovL2Quc3ltY2IuY29tL2NwczAlBggrBgEFBQcCAjAZDBdodHRwczovL2Qu +c3ltY2IuY29tL3JwYTAvBgNVHR8EKDAmMCSgIqAghh5odHRwOi8vcy5zeW1jYi5j +b20vcGNhMy1nNS5jcmwwDgYDVR0PAQH/BAQDAgGGMC4GCCsGAQUFBwEBBCIwIDAe +BggrBgEFBQcwAYYSaHR0cDovL3Muc3ltY2QuY29tMB8GA1UdIwQYMBaAFH/TZafC +3ey78DAJ80M5+gKvMzEzMA0GCSqGSIb3DQEBCwUAA4IBAQBQ3dNWKSUBip6n5X1N +ua8bjKLSJzXlnescavPECMpFBlIIKH2mc6mL2Xr/wkSIBDrsqAO3sBcmoJN+n8V3 +0O5JelrtEAFYSyRDXfu78ZlHn6kvV5/jPUFECEM/hdN0x8WdLpGjJMqfs0EG5qHj ++UaxpucWD445wea4zlK7hUR+MA8fq0Yd1HEKj4c8TcgaQIHMa4KHr448cQ69e3CP +ECRhRNg+RAKT2I7SlaVzLvaB/8yym2oMCEsoqiRT8dbXg35aKEYmmzn3O/mnB7bG +Ud/EUrkIf7FVamgYZd1fSzQeg1cHqf0ja6eHpvq2bTl+cWFHaq/84KlHe5Rh0Csm +pZzn +-----END CERTIFICATE----- diff --git a/chromium/net/data/ssl/symantec/excluded/b94c198300cec5c057ad0727b70bbe91816992256439a7b32f4598119dda9c97.pem b/chromium/net/data/ssl/symantec/excluded/b94c198300cec5c057ad0727b70bbe91816992256439a7b32f4598119dda9c97.pem new file mode 100644 index 00000000000..73543a32ea0 --- /dev/null +++ b/chromium/net/data/ssl/symantec/excluded/b94c198300cec5c057ad0727b70bbe91816992256439a7b32f4598119dda9c97.pem @@ -0,0 +1,76 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3d:cd:5f:22:5e:a4:c9:6d:4b:90:94:a0:2d:2b:56:c6 + Signature Algorithm: ecdsa-with-SHA384 + Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2007 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G4 + Validity + Not Before: Nov 6 00:00:00 2017 GMT + Not After : Nov 5 23:59:59 2022 GMT + Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G3 + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:dd:a7:d9:bb:8a:b8:0b:fb:0b:7f:21:d2:f0:be: + be:73:f3:33:5d:1a:bc:34:ea:de:c6:9b:bc:d0:95: + f6:f0:cc:d0:0b:ba:61:5b:51:46:7e:9e:2d:9f:ee: + 8e:63:0c:17:ec:07:70:f5:cf:84:2e:40:83:9c:e8: + 3f:41:6d:3b:ad:d3:a4:14:59:36:78:9d:03:43:ee: + 10:13:6c:72:de:ae:88:a7:a1:6b:b5:43:ce:67:dc: + 23:ff:03:1c:a3:e2:3e + ASN1 OID: secp384r1 + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + B3:DB:48:A4:F9:A1:C5:D8:AE:36:41:CC:11:63:69:62:29:BC:4B:C6 + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Certificate Policies: + Policy: X509v3 Any Policy + CPS: https://d.symcb.com/cps + User Notice: + Explicit Text: https://d.symcb.com/rpa + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://s.symcb.com/pca3-g4.crl + + Authority Information Access: + OCSP - URI:http://s.symcd.com + + X509v3 Authority Key Identifier: + keyid:B3:16:91:FD:EE:A6:6E:E4:B5:2E:49:8F:87:78:81:80:EC:E5:B1:B5 + + Signature Algorithm: ecdsa-with-SHA384 + 30:65:02:31:00:f7:91:70:39:bc:f0:9b:8f:73:b1:c1:bf:cb: + 62:a2:06:ef:04:f3:eb:bf:ee:4a:cf:a9:fb:02:21:17:c1:af: + 77:bc:cc:34:ff:2d:79:54:b3:8e:57:46:fb:9e:9d:f8:05:02: + 30:26:bf:8d:dd:63:bd:65:80:46:cd:4f:12:82:21:79:e4:cf: + 71:09:3b:fd:ac:90:3f:34:3d:ba:0c:0c:d9:5f:80:88:88:c9: + 92:af:93:24:4e:44:c9:1c:ed:40:24:15:23 +-----BEGIN CERTIFICATE----- +MIIDkDCCAxagAwIBAgIQPc1fIl6kyW1LkJSgLStWxjAKBggqhkjOPQQDAzCByjEL +MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW +ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2ln +biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp +U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y +aXR5IC0gRzQwHhcNMTcxMTA2MDAwMDAwWhcNMjIxMTA1MjM1OTU5WjBhMQswCQYD +VQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGln +aWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMzB2MBAG +ByqGSM49AgEGBSuBBAAiA2IABN2n2buKuAv7C38h0vC+vnPzM10avDTq3sabvNCV +9vDM0Au6YVtRRn6eLZ/ujmMMF+wHcPXPhC5Ag5zoP0FtO63TpBRZNnidA0PuEBNs +ct6uiKeha7VDzmfcI/8DHKPiPqOCAScwggEjMA4GA1UdDwEB/wQEAwIBhjAdBgNV +HQ4EFgQUs9tIpPmhxdiuNkHMEWNpYim8S8YwDwYDVR0TAQH/BAUwAwEB/zBfBgNV +HSAEWDBWMFQGBFUdIAAwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNv +bS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwLwYD +VR0fBCgwJjAkoCKgIIYeaHR0cDovL3Muc3ltY2IuY29tL3BjYTMtZzQuY3JsMC4G +CCsGAQUFBwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDovL3Muc3ltY2QuY29tMB8G +A1UdIwQYMBaAFLMWkf3upm7ktS5Jj4d4gYDs5bG1MAoGCCqGSM49BAMDA2gAMGUC +MQD3kXA5vPCbj3Oxwb/LYqIG7wTz67/uSs+p+wIhF8Gvd7zMNP8teVSzjldG+56d ++AUCMCa/jd1jvWWARs1PEoIheeTPcQk7/ayQPzQ9ugwM2V+AiIjJkq+TJE5EyRzt +QCQVIw== +-----END CERTIFICATE----- diff --git a/chromium/net/data/ssl/symantec/managed/7cac9a0ff315387750ba8bafdb1c2bc29b3f0bba16362ca93a90f84da2df5f3e.pem b/chromium/net/data/ssl/symantec/managed/7cac9a0ff315387750ba8bafdb1c2bc29b3f0bba16362ca93a90f84da2df5f3e.pem new file mode 100644 index 00000000000..b1efd7972ca --- /dev/null +++ b/chromium/net/data/ssl/symantec/managed/7cac9a0ff315387750ba8bafdb1c2bc29b3f0bba16362ca93a90f84da2df5f3e.pem @@ -0,0 +1,73 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 79:c6:70:41:b4:62:32:04:39:4d:d0:42:fb:6e:96:80 + Signature Algorithm: ecdsa-with-SHA384 + Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2007 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G4 + Validity + Not Before: Nov 6 00:00:00 2017 GMT + Not After : Nov 5 23:59:59 2022 GMT + Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Transition ECC Root + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:5a:ff:46:dc:c9:ae:bd:2c:e7:1c:56:97:e4:fa: + eb:d5:c6:ff:75:53:23:5e:c6:b0:7d:ac:ac:57:3a: + 9f:94:50:07:0d:f1:f3:4d:51:0d:7d:fd:88:41:82: + 3f:1c:7f:fb:c3:1e:fa:f6:eb:d4:37:ff:fe:18:9d: + 01:83:2a:80:3a + ASN1 OID: prime256v1 + X509v3 extensions: + X509v3 Subject Key Identifier: + CF:37:24:66:74:19:7E:7F:A3:64:E4:BD:99:36:34:8B:7D:FB:42:BE + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Certificate Policies: + Policy: X509v3 Any Policy + CPS: https://d.symcb.com/cps + User Notice: + Explicit Text: https://d.symcb.com/rpa + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://s.symcb.com/pca3-g4.crl + + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + Authority Information Access: + OCSP - URI:http://s.symcd.com + + X509v3 Authority Key Identifier: + keyid:B3:16:91:FD:EE:A6:6E:E4:B5:2E:49:8F:87:78:81:80:EC:E5:B1:B5 + + Signature Algorithm: ecdsa-with-SHA384 + 30:64:02:30:58:17:b0:44:e7:e3:c4:09:ba:de:bd:db:84:d9: + ca:b1:71:fb:68:5d:56:7a:68:d8:3a:ce:e3:a0:af:02:5e:80: + 7b:60:f0:97:de:0d:13:26:35:50:fe:ba:84:bd:d9:1b:02:30: + 08:2c:18:cf:8f:72:e1:b5:dc:2a:91:76:09:00:bf:80:3a:f0: + 79:4b:29:7f:89:c2:db:b6:4d:26:c6:6d:94:14:a6:40:78:9a: + ac:ab:af:96:52:63:f9:51:31:52:f6:f8 +-----BEGIN CERTIFICATE----- +MIIDdzCCAv6gAwIBAgIQecZwQbRiMgQ5TdBC+26WgDAKBggqhkjOPQQDAzCByjEL +MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW +ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2ln +biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp +U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y +aXR5IC0gRzQwHhcNMTcxMTA2MDAwMDAwWhcNMjIxMTA1MjM1OTU5WjBmMQswCQYD +VQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGln +aWNlcnQuY29tMSUwIwYDVQQDExxEaWdpQ2VydCBUcmFuc2l0aW9uIEVDQyBSb290 +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEWv9G3MmuvSznHFaX5Prr1cb/dVMj +XsawfaysVzqflFAHDfHzTVENff2IQYI/HH/7wx769uvUN//+GJ0BgyqAOqOCAScw +ggEjMB0GA1UdDgQWBBTPNyRmdBl+f6Nk5L2ZNjSLfftCvjAPBgNVHRMBAf8EBTAD +AQH/MF8GA1UdIARYMFYwVAYEVR0gADBMMCMGCCsGAQUFBwIBFhdodHRwczovL2Qu +c3ltY2IuY29tL2NwczAlBggrBgEFBQcCAjAZDBdodHRwczovL2Quc3ltY2IuY29t +L3JwYTAvBgNVHR8EKDAmMCSgIqAghh5odHRwOi8vcy5zeW1jYi5jb20vcGNhMy1n +NC5jcmwwDgYDVR0PAQH/BAQDAgGGMC4GCCsGAQUFBwEBBCIwIDAeBggrBgEFBQcw +AYYSaHR0cDovL3Muc3ltY2QuY29tMB8GA1UdIwQYMBaAFLMWkf3upm7ktS5Jj4d4 +gYDs5bG1MAoGCCqGSM49BAMDA2cAMGQCMFgXsETn48QJut6924TZyrFx+2hdVnpo +2DrO46CvAl6Ae2Dwl94NEyY1UP66hL3ZGwIwCCwYz49y4bXcKpF2CQC/gDrweUsp +f4nC27ZNJsZtlBSmQHiarKuvllJj+VExUvb4 +-----END CERTIFICATE----- diff --git a/chromium/net/data/ssl/symantec/managed/ac50b5fb738aed6cb781cc35fbfff7786f77109ada7c08867c04a573fd5cf9ee.pem b/chromium/net/data/ssl/symantec/managed/ac50b5fb738aed6cb781cc35fbfff7786f77109ada7c08867c04a573fd5cf9ee.pem new file mode 100644 index 00000000000..8f9d5c77e7b --- /dev/null +++ b/chromium/net/data/ssl/symantec/managed/ac50b5fb738aed6cb781cc35fbfff7786f77109ada7c08867c04a573fd5cf9ee.pem @@ -0,0 +1,103 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 78:ae:a4:31:c1:5c:eb:75:7b:0d:8a:61:0a:74:8e:67 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5 + Validity + Not Before: Nov 6 00:00:00 2017 GMT + Not After : Nov 5 23:59:59 2022 GMT + Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Transition RSA Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:b0:3e:d8:46:63:32:df:49:1f:61:6d:ae:df:c9: + 7f:2b:b1:63:a1:a7:e6:46:35:34:0e:d4:a5:3d:12: + af:04:6a:d5:f8:ba:a7:65:93:ec:66:c5:ca:eb:68: + 01:24:69:1f:af:b0:a3:59:af:3c:5b:39:44:29:60: + 6e:8b:41:98:49:21:d8:18:13:d3:41:55:fe:aa:22: + 7e:a7:51:4a:a6:d0:23:5f:73:84:a2:9c:b4:cb:17: + d0:65:24:87:e9:80:cb:b7:3c:a1:10:f5:97:b5:0d: + 9d:ec:f7:ba:5b:a3:0b:65:eb:12:75:a9:46:74:0d: + 80:d7:08:13:93:21:57:c6:38:3d:a8:4b:3b:0b:6f: + 18:e5:b3:4c:f7:c2:cd:18:f9:58:2d:03:33:1b:fc: + 16:dd:90:4e:c2:1f:37:9c:d6:7b:61:96:f1:c5:26: + 87:52:e3:e2:a4:f8:15:e5:4c:22:e9:09:2b:95:d1: + 93:f9:3a:39:76:74:2a:0b:80:be:be:0e:d3:10:0b: + e2:e1:48:a6:24:05:69:3d:17:fd:c7:37:21:b2:b0: + e3:77:47:39:87:01:e0:4e:db:23:e8:f9:39:9f:36: + 46:66:23:1e:c7:22:51:44:3f:33:c5:f5:76:a9:f8: + 06:b0:79:cc:ee:41:dc:71:8e:0d:50:8e:b0:3c:48: + ab:f5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 90:47:8A:1B:84:D3:A0:DF:A4:24:D6:19:B4:17:F5:21:A3:B2:9B:A8 + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Certificate Policies: + Policy: X509v3 Any Policy + CPS: https://d.symcb.com/cps + User Notice: + Explicit Text: https://d.symcb.com/rpa + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://s.symcb.com/pca3-g5.crl + + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + Authority Information Access: + OCSP - URI:http://s.symcd.com + + X509v3 Authority Key Identifier: + keyid:7F:D3:65:A7:C2:DD:EC:BB:F0:30:09:F3:43:39:FA:02:AF:33:31:33 + + Signature Algorithm: sha256WithRSAEncryption + 89:c4:a9:58:d9:16:5d:80:c5:9d:b0:ec:c5:56:48:5a:51:29: + 5a:01:89:94:56:cd:cd:2a:b9:b0:16:b7:4b:ea:17:69:f0:7c: + 4c:28:fe:73:85:4f:3c:f9:85:83:99:11:43:f7:5a:e0:a2:f8: + 43:8c:9a:2c:e3:83:f8:05:50:99:dc:f0:e7:ef:36:3b:36:48: + ff:5d:a3:18:d0:cb:c1:41:68:18:f1:f6:8f:0c:97:1c:4c:2a: + 69:17:dc:3f:24:20:5a:e4:26:61:c8:fe:e5:92:10:bf:4d:9e: + ec:f2:6e:ca:67:1e:46:b8:e3:f8:b0:69:e7:51:cf:26:cf:05: + 91:cf:1d:b7:c6:3a:89:41:78:2b:6e:eb:13:7a:4b:9d:da:88: + 0e:bd:53:08:8d:38:4d:17:5c:65:c9:42:d3:9b:35:36:e2:7e: + 60:df:e6:c3:24:e3:d0:fc:8b:36:1e:5a:38:bc:d4:c7:8c:3b: + 07:35:64:22:46:de:66:8a:34:5b:50:c5:42:95:68:dd:0c:84: + be:2c:e4:e4:2e:42:00:60:f9:1e:d7:0d:3d:40:a6:f0:3b:5d: + 9b:17:07:b7:f2:30:47:e4:8b:06:d7:a2:06:37:2b:3c:a2:a9: + 82:e8:0d:a3:e3:1b:4c:e5:91:43:fe:3d:78:b9:03:8a:e0:d6: + c1:05:a8:2c +-----BEGIN CERTIFICATE----- +MIIE5DCCA8ygAwIBAgIQeK6kMcFc63V7DYphCnSOZzANBgkqhkiG9w0BAQsFADCB +yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL +ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp +U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW +ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0 +aG9yaXR5IC0gRzUwHhcNMTcxMTA2MDAwMDAwWhcNMjIxMTA1MjM1OTU5WjBmMQsw +CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu +ZGlnaWNlcnQuY29tMSUwIwYDVQQDExxEaWdpQ2VydCBUcmFuc2l0aW9uIFJTQSBS +b290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsD7YRmMy30kfYW2u +38l/K7FjoafmRjU0DtSlPRKvBGrV+LqnZZPsZsXK62gBJGkfr7CjWa88WzlEKWBu +i0GYSSHYGBPTQVX+qiJ+p1FKptAjX3OEopy0yxfQZSSH6YDLtzyhEPWXtQ2d7Pe6 +W6MLZesSdalGdA2A1wgTkyFXxjg9qEs7C28Y5bNM98LNGPlYLQMzG/wW3ZBOwh83 +nNZ7YZbxxSaHUuPipPgV5Uwi6QkrldGT+To5dnQqC4C+vg7TEAvi4UimJAVpPRf9 +xzchsrDjd0c5hwHgTtsj6Pk5nzZGZiMexyJRRD8zxfV2qfgGsHnM7kHccY4NUI6w +PEir9QIDAQABo4IBJzCCASMwHQYDVR0OBBYEFJBHihuE06DfpCTWGbQX9SGjspuo +MA8GA1UdEwEB/wQFMAMBAf8wXwYDVR0gBFgwVjBUBgRVHSAAMEwwIwYIKwYBBQUH +AgEWF2h0dHBzOi8vZC5zeW1jYi5jb20vY3BzMCUGCCsGAQUFBwICMBkMF2h0dHBz +Oi8vZC5zeW1jYi5jb20vcnBhMC8GA1UdHwQoMCYwJKAioCCGHmh0dHA6Ly9zLnN5 +bWNiLmNvbS9wY2EzLWc1LmNybDAOBgNVHQ8BAf8EBAMCAYYwLgYIKwYBBQUHAQEE +IjAgMB4GCCsGAQUFBzABhhJodHRwOi8vcy5zeW1jZC5jb20wHwYDVR0jBBgwFoAU +f9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJKoZIhvcNAQELBQADggEBAInEqVjZFl2A +xZ2w7MVWSFpRKVoBiZRWzc0qubAWt0vqF2nwfEwo/nOFTzz5hYOZEUP3WuCi+EOM +mizjg/gFUJnc8OfvNjs2SP9doxjQy8FBaBjx9o8MlxxMKmkX3D8kIFrkJmHI/uWS +EL9NnuzybspnHka44/iwaedRzybPBZHPHbfGOolBeCtu6xN6S53aiA69UwiNOE0X +XGXJQtObNTbifmDf5sMk49D8izYeWji81MeMOwc1ZCJG3maKNFtQxUKVaN0MhL4s +5OQuQgBg+R7XDT1ApvA7XZsXB7fyMEfkiwbXogY3KzyiqYLoDaPjG0zlkUP+PXi5 +A4rg1sEFqCw= +-----END CERTIFICATE----- |