Merge pull request #7400 from AndrzejKurek/cert-write-sans
Add a possibility to generate certificates with a Subject Alternative Name
This commit is contained in:
commit
84b547b5ee
11 changed files with 397 additions and 36 deletions
6
ChangeLog.d/add-subjectAltName-certs.txt
Normal file
6
ChangeLog.d/add-subjectAltName-certs.txt
Normal file
|
@ -0,0 +1,6 @@
|
|||
Features
|
||||
* It is now possible to generate certificates with SubjectAltNames.
|
||||
Currently supported subtypes: DnsName, UniformResourceIdentifier,
|
||||
IP address, OtherName, and DirectoryName, as defined in RFC 5280.
|
||||
See mbedtls_x509write_crt_set_subject_alternative_name for
|
||||
more information.
|
|
@ -312,6 +312,12 @@ typedef struct mbedtls_x509_subject_alternative_name {
|
|||
}
|
||||
mbedtls_x509_subject_alternative_name;
|
||||
|
||||
typedef struct mbedtls_x509_san_list {
|
||||
mbedtls_x509_subject_alternative_name node;
|
||||
struct mbedtls_x509_san_list *next;
|
||||
}
|
||||
mbedtls_x509_san_list;
|
||||
|
||||
/** \} name Structures for parsing X.509 certificates, CRLs and CSRs */
|
||||
|
||||
/**
|
||||
|
|
|
@ -241,6 +241,21 @@ typedef struct mbedtls_x509write_cert {
|
|||
}
|
||||
mbedtls_x509write_cert;
|
||||
|
||||
/**
|
||||
* \brief Set Subject Alternative Name
|
||||
*
|
||||
* \param ctx Certificate context to use
|
||||
* \param san_list List of SAN values
|
||||
*
|
||||
* \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
|
||||
*
|
||||
* \note "dnsName", "uniformResourceIdentifier", "IP address",
|
||||
* "otherName", and "DirectoryName", as defined in RFC 5280,
|
||||
* are supported.
|
||||
*/
|
||||
int mbedtls_x509write_crt_set_subject_alternative_name(mbedtls_x509write_cert *ctx,
|
||||
const mbedtls_x509_san_list *san_list);
|
||||
|
||||
/**
|
||||
* Item in a verification chain: cert and flags for it
|
||||
*/
|
||||
|
|
|
@ -83,12 +83,6 @@ typedef struct mbedtls_x509write_csr {
|
|||
}
|
||||
mbedtls_x509write_csr;
|
||||
|
||||
typedef struct mbedtls_x509_san_list {
|
||||
mbedtls_x509_subject_alternative_name node;
|
||||
struct mbedtls_x509_san_list *next;
|
||||
}
|
||||
mbedtls_x509_san_list;
|
||||
|
||||
#if defined(MBEDTLS_X509_CSR_PARSE_C)
|
||||
/**
|
||||
* \brief Load a Certificate Signing Request (CSR) in DER format
|
||||
|
|
|
@ -31,10 +31,12 @@
|
|||
#include "mbedtls/asn1write.h"
|
||||
#include "mbedtls/error.h"
|
||||
#include "mbedtls/oid.h"
|
||||
#include "mbedtls/platform.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
#include "mbedtls/md.h"
|
||||
|
||||
#include <string.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#if defined(MBEDTLS_PEM_WRITE_C)
|
||||
#include "mbedtls/pem.h"
|
||||
|
@ -47,6 +49,16 @@
|
|||
|
||||
#include "hash_info.h"
|
||||
|
||||
#define CHECK_OVERFLOW_ADD(a, b) \
|
||||
do \
|
||||
{ \
|
||||
if (a > SIZE_MAX - (b)) \
|
||||
{ \
|
||||
return MBEDTLS_ERR_X509_BAD_INPUT_DATA; \
|
||||
} \
|
||||
a += b; \
|
||||
} while (0)
|
||||
|
||||
void mbedtls_x509write_crt_init(mbedtls_x509write_cert *ctx)
|
||||
{
|
||||
memset(ctx, 0, sizeof(mbedtls_x509write_cert));
|
||||
|
@ -152,6 +164,137 @@ int mbedtls_x509write_crt_set_validity(mbedtls_x509write_cert *ctx,
|
|||
return 0;
|
||||
}
|
||||
|
||||
int mbedtls_x509write_crt_set_subject_alternative_name(mbedtls_x509write_cert *ctx,
|
||||
const mbedtls_x509_san_list *san_list)
|
||||
{
|
||||
int ret = 0;
|
||||
const mbedtls_x509_san_list *cur;
|
||||
unsigned char *buf;
|
||||
unsigned char *p;
|
||||
size_t len;
|
||||
size_t buflen = 0;
|
||||
|
||||
/* Determine the maximum size of the SubjectAltName list */
|
||||
for (cur = san_list; cur != NULL; cur = cur->next) {
|
||||
/* Calculate size of the required buffer */
|
||||
switch (cur->node.type) {
|
||||
case MBEDTLS_X509_SAN_DNS_NAME:
|
||||
case MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER:
|
||||
case MBEDTLS_X509_SAN_IP_ADDRESS:
|
||||
case MBEDTLS_X509_SAN_RFC822_NAME:
|
||||
/* length of value for each name entry,
|
||||
* maximum 4 bytes for the length field,
|
||||
* 1 byte for the tag/type.
|
||||
*/
|
||||
CHECK_OVERFLOW_ADD(buflen, cur->node.san.unstructured_name.len);
|
||||
CHECK_OVERFLOW_ADD(buflen, 4 + 1);
|
||||
break;
|
||||
case MBEDTLS_X509_SAN_DIRECTORY_NAME:
|
||||
{
|
||||
const mbedtls_asn1_named_data *chunk = &cur->node.san.directory_name;
|
||||
while (chunk != NULL) {
|
||||
// Max 4 bytes for length, +1 for tag,
|
||||
// additional 4 max for length, +1 for tag.
|
||||
// See x509_write_name for more information.
|
||||
CHECK_OVERFLOW_ADD(buflen, 4 + 1 + 4 + 1);
|
||||
CHECK_OVERFLOW_ADD(buflen, chunk->oid.len);
|
||||
CHECK_OVERFLOW_ADD(buflen, chunk->val.len);
|
||||
chunk = chunk->next;
|
||||
}
|
||||
CHECK_OVERFLOW_ADD(buflen, 4 + 1);
|
||||
break;
|
||||
}
|
||||
default:
|
||||
/* Not supported - return. */
|
||||
return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE;
|
||||
}
|
||||
}
|
||||
|
||||
/* Add the extra length field and tag */
|
||||
CHECK_OVERFLOW_ADD(buflen, 4 + 1);
|
||||
|
||||
/* Allocate buffer */
|
||||
buf = mbedtls_calloc(1, buflen);
|
||||
if (buf == NULL) {
|
||||
return MBEDTLS_ERR_ASN1_ALLOC_FAILED;
|
||||
}
|
||||
p = buf + buflen;
|
||||
|
||||
/* Write ASN.1-based structure */
|
||||
cur = san_list;
|
||||
len = 0;
|
||||
while (cur != NULL) {
|
||||
size_t single_san_len = 0;
|
||||
switch (cur->node.type) {
|
||||
case MBEDTLS_X509_SAN_DNS_NAME:
|
||||
case MBEDTLS_X509_SAN_RFC822_NAME:
|
||||
case MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER:
|
||||
case MBEDTLS_X509_SAN_IP_ADDRESS:
|
||||
{
|
||||
const unsigned char *unstructured_name =
|
||||
(const unsigned char *) cur->node.san.unstructured_name.p;
|
||||
size_t unstructured_name_len = cur->node.san.unstructured_name.len;
|
||||
|
||||
MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len,
|
||||
mbedtls_asn1_write_raw_buffer(
|
||||
&p, buf,
|
||||
unstructured_name, unstructured_name_len));
|
||||
MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len, mbedtls_asn1_write_len(
|
||||
&p, buf, unstructured_name_len));
|
||||
MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len,
|
||||
mbedtls_asn1_write_tag(
|
||||
&p, buf,
|
||||
MBEDTLS_ASN1_CONTEXT_SPECIFIC | cur->node.type));
|
||||
}
|
||||
break;
|
||||
case MBEDTLS_X509_SAN_DIRECTORY_NAME:
|
||||
MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len,
|
||||
mbedtls_x509_write_names(&p, buf,
|
||||
(mbedtls_asn1_named_data *) &
|
||||
cur->node
|
||||
.san.directory_name));
|
||||
MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len,
|
||||
mbedtls_asn1_write_len(&p, buf, single_san_len));
|
||||
MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len,
|
||||
mbedtls_asn1_write_tag(&p, buf,
|
||||
MBEDTLS_ASN1_CONTEXT_SPECIFIC |
|
||||
MBEDTLS_ASN1_CONSTRUCTED |
|
||||
MBEDTLS_X509_SAN_DIRECTORY_NAME));
|
||||
break;
|
||||
default:
|
||||
/* Error out on an unsupported SAN */
|
||||
ret = MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE;
|
||||
goto cleanup;
|
||||
}
|
||||
cur = cur->next;
|
||||
/* check for overflow */
|
||||
if (len > SIZE_MAX - single_san_len) {
|
||||
ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA;
|
||||
goto cleanup;
|
||||
}
|
||||
len += single_san_len;
|
||||
}
|
||||
|
||||
MBEDTLS_ASN1_CHK_CLEANUP_ADD(len, mbedtls_asn1_write_len(&p, buf, len));
|
||||
MBEDTLS_ASN1_CHK_CLEANUP_ADD(len,
|
||||
mbedtls_asn1_write_tag(&p, buf,
|
||||
MBEDTLS_ASN1_CONSTRUCTED |
|
||||
MBEDTLS_ASN1_SEQUENCE));
|
||||
|
||||
ret = mbedtls_x509write_crt_set_extension(
|
||||
ctx,
|
||||
MBEDTLS_OID_SUBJECT_ALT_NAME,
|
||||
MBEDTLS_OID_SIZE(MBEDTLS_OID_SUBJECT_ALT_NAME),
|
||||
0,
|
||||
buf + buflen - len,
|
||||
len);
|
||||
|
||||
cleanup:
|
||||
mbedtls_free(buf);
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
int mbedtls_x509write_crt_set_extension(mbedtls_x509write_cert *ctx,
|
||||
const char *oid, size_t oid_len,
|
||||
int critical,
|
||||
|
|
|
@ -66,7 +66,7 @@ int main(void)
|
|||
" output_file=%%s default: cert.req\n" \
|
||||
" subject_name=%%s default: CN=Cert,O=mbed TLS,C=UK\n" \
|
||||
" san=%%s default: (none)\n" \
|
||||
" Comma-separated-list of values:\n" \
|
||||
" Semicolon-separated-list of values:\n" \
|
||||
" DNS:value\n" \
|
||||
" URI:value\n" \
|
||||
" IP:value (Only IPv4 is supported)\n" \
|
||||
|
@ -119,7 +119,7 @@ struct options {
|
|||
static void ip_string_to_bytes(const char *str, uint8_t *bytes, int maxBytes)
|
||||
{
|
||||
for (int i = 0; i < maxBytes; i++) {
|
||||
bytes[i] = (uint8_t) strtoul(str, NULL, 16);
|
||||
bytes[i] = (uint8_t) strtoul(str, NULL, 10);
|
||||
str = strchr(str, '.');
|
||||
if (str == NULL || *str == '\0') {
|
||||
break;
|
||||
|
|
|
@ -79,6 +79,7 @@ int main(void)
|
|||
#define DFL_NOT_AFTER "20301231235959"
|
||||
#define DFL_SERIAL "1"
|
||||
#define DFL_SERIAL_HEX "1"
|
||||
#define DFL_EXT_SUBJECTALTNAME ""
|
||||
#define DFL_SELFSIGN 0
|
||||
#define DFL_IS_CA 0
|
||||
#define DFL_MAX_PATHLEN -1
|
||||
|
@ -134,6 +135,13 @@ int main(void)
|
|||
" subject_identifier=%%s default: 1\n" \
|
||||
" Possible values: 0, 1\n" \
|
||||
" (Considered for v3 only)\n" \
|
||||
" san=%%s default: (none)\n" \
|
||||
" Semicolon-separated-list of values:\n" \
|
||||
" DNS:value\n" \
|
||||
" URI:value\n" \
|
||||
" RFC822:value\n" \
|
||||
" IP:value (Only IPv4 is supported)\n" \
|
||||
" DN:list of comma separated key=value pairs\n" \
|
||||
" authority_identifier=%%s default: 1\n" \
|
||||
" Possible values: 0, 1\n" \
|
||||
" (Considered for v3 only)\n" \
|
||||
|
@ -188,6 +196,7 @@ struct options {
|
|||
const char *issuer_pwd; /* password for the issuer key file */
|
||||
const char *output_file; /* where to store the constructed CRT */
|
||||
const char *subject_name; /* subject name for certificate */
|
||||
mbedtls_x509_san_list *san_list; /* subjectAltName for certificate */
|
||||
const char *issuer_name; /* issuer name for certificate */
|
||||
const char *not_before; /* validity period not before */
|
||||
const char *not_after; /* validity period not after */
|
||||
|
@ -207,6 +216,18 @@ struct options {
|
|||
int format; /* format */
|
||||
} opt;
|
||||
|
||||
static void ip_string_to_bytes(const char *str, uint8_t *bytes, int maxBytes)
|
||||
{
|
||||
for (int i = 0; i < maxBytes; i++) {
|
||||
bytes[i] = (uint8_t) strtoul(str, NULL, 10);
|
||||
str = strchr(str, '.');
|
||||
if (str == NULL || *str == '\0') {
|
||||
break;
|
||||
}
|
||||
str++;
|
||||
}
|
||||
}
|
||||
|
||||
int write_certificate(mbedtls_x509write_cert *crt, const char *output_file,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng)
|
||||
|
@ -314,7 +335,9 @@ int main(int argc, char *argv[])
|
|||
mbedtls_entropy_context entropy;
|
||||
mbedtls_ctr_drbg_context ctr_drbg;
|
||||
const char *pers = "crt example app";
|
||||
|
||||
mbedtls_x509_san_list *cur, *prev;
|
||||
mbedtls_asn1_named_data *ext_san_dirname = NULL;
|
||||
uint8_t ip[4] = { 0 };
|
||||
/*
|
||||
* Set to sane values
|
||||
*/
|
||||
|
@ -370,6 +393,7 @@ usage:
|
|||
opt.authority_identifier = DFL_AUTH_IDENT;
|
||||
opt.basic_constraints = DFL_CONSTRAINTS;
|
||||
opt.format = DFL_FORMAT;
|
||||
opt.san_list = NULL;
|
||||
|
||||
for (i = 1; i < argc; i++) {
|
||||
|
||||
|
@ -526,6 +550,92 @@ usage:
|
|||
*tail = ext_key_usage;
|
||||
tail = &ext_key_usage->next;
|
||||
|
||||
q = r;
|
||||
}
|
||||
} else if (strcmp(p, "san") == 0) {
|
||||
char *subtype_value;
|
||||
prev = NULL;
|
||||
|
||||
while (q != NULL) {
|
||||
char *semicolon;
|
||||
r = q;
|
||||
|
||||
/* Find the first non-escaped ; occurrence and remove escaped ones */
|
||||
do {
|
||||
if ((semicolon = strchr(r, ';')) != NULL) {
|
||||
if (*(semicolon-1) != '\\') {
|
||||
r = semicolon;
|
||||
break;
|
||||
}
|
||||
/* Remove the escape character */
|
||||
size_t size_left = strlen(semicolon);
|
||||
memmove(semicolon-1, semicolon, size_left);
|
||||
*(semicolon + size_left - 1) = '\0';
|
||||
/* r will now point at the character after the semicolon */
|
||||
r = semicolon;
|
||||
}
|
||||
|
||||
} while (semicolon != NULL);
|
||||
|
||||
if (semicolon != NULL) {
|
||||
*r++ = '\0';
|
||||
} else {
|
||||
r = NULL;
|
||||
}
|
||||
|
||||
cur = mbedtls_calloc(1, sizeof(mbedtls_x509_san_list));
|
||||
if (cur == NULL) {
|
||||
mbedtls_printf("Not enough memory for subjectAltName list\n");
|
||||
goto usage;
|
||||
}
|
||||
|
||||
cur->next = NULL;
|
||||
|
||||
if ((subtype_value = strchr(q, ':')) != NULL) {
|
||||
*subtype_value++ = '\0';
|
||||
}
|
||||
if (strcmp(q, "RFC822") == 0) {
|
||||
cur->node.type = MBEDTLS_X509_SAN_RFC822_NAME;
|
||||
} else if (strcmp(q, "URI") == 0) {
|
||||
cur->node.type = MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER;
|
||||
} else if (strcmp(q, "DNS") == 0) {
|
||||
cur->node.type = MBEDTLS_X509_SAN_DNS_NAME;
|
||||
} else if (strcmp(q, "IP") == 0) {
|
||||
cur->node.type = MBEDTLS_X509_SAN_IP_ADDRESS;
|
||||
ip_string_to_bytes(subtype_value, ip, 4);
|
||||
cur->node.san.unstructured_name.p = (unsigned char *) ip;
|
||||
cur->node.san.unstructured_name.len = sizeof(ip);
|
||||
} else if (strcmp(q, "DN") == 0) {
|
||||
cur->node.type = MBEDTLS_X509_SAN_DIRECTORY_NAME;
|
||||
if ((ret = mbedtls_x509_string_to_names(&ext_san_dirname,
|
||||
subtype_value)) != 0) {
|
||||
mbedtls_strerror(ret, buf, sizeof(buf));
|
||||
mbedtls_printf(
|
||||
" failed\n ! mbedtls_x509_string_to_names "
|
||||
"returned -0x%04x - %s\n\n",
|
||||
(unsigned int) -ret, buf);
|
||||
goto exit;
|
||||
}
|
||||
cur->node.san.directory_name = *ext_san_dirname;
|
||||
} else {
|
||||
mbedtls_free(cur);
|
||||
goto usage;
|
||||
}
|
||||
|
||||
if (cur->node.type == MBEDTLS_X509_SAN_RFC822_NAME ||
|
||||
cur->node.type == MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER ||
|
||||
cur->node.type == MBEDTLS_X509_SAN_DNS_NAME) {
|
||||
cur->node.san.unstructured_name.p = (unsigned char *) subtype_value;
|
||||
cur->node.san.unstructured_name.len = strlen(subtype_value);
|
||||
}
|
||||
|
||||
if (prev == NULL) {
|
||||
opt.san_list = cur;
|
||||
} else {
|
||||
prev->next = cur;
|
||||
}
|
||||
|
||||
prev = cur;
|
||||
q = r;
|
||||
}
|
||||
} else if (strcmp(p, "ns_cert_type") == 0) {
|
||||
|
@ -833,6 +943,17 @@ usage:
|
|||
mbedtls_printf(" ok\n");
|
||||
}
|
||||
|
||||
if (opt.san_list != NULL) {
|
||||
ret = mbedtls_x509write_crt_set_subject_alternative_name(&crt, opt.san_list);
|
||||
|
||||
if (ret != 0) {
|
||||
mbedtls_printf(
|
||||
" failed\n ! mbedtls_x509write_crt_set_subject_alternative_name returned %d",
|
||||
ret);
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
|
||||
if (opt.ext_key_usage) {
|
||||
mbedtls_printf(" . Adding the Extended Key Usage extension ...");
|
||||
fflush(stdout);
|
||||
|
@ -888,6 +1009,7 @@ exit:
|
|||
#if defined(MBEDTLS_X509_CSR_PARSE_C)
|
||||
mbedtls_x509_csr_free(&csr);
|
||||
#endif /* MBEDTLS_X509_CSR_PARSE_C */
|
||||
mbedtls_asn1_free_named_data_list(&ext_san_dirname);
|
||||
mbedtls_x509_crt_free(&issuer_crt);
|
||||
mbedtls_x509write_crt_free(&crt);
|
||||
mbedtls_pk_free(&loaded_subject_key);
|
||||
|
|
|
@ -1198,6 +1198,8 @@ test_ca_server1_config_file = test-ca.server1.opensslconf
|
|||
|
||||
server1.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
|
||||
$(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
|
||||
server1.allSubjectAltNames.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
|
||||
$(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ san=URI:http://pki.example.com\;IP:1.2.3.4\;DN:C=UK,O="Mbed TLS",CN="SubjectAltName test"\;DNS:example.com\;RFC822:mail@example.com
|
||||
server1.long_serial.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
|
||||
echo "112233445566778899aabbccddeeff0011223344" > test-ca.server1.tmp.serial
|
||||
$(OPENSSL) ca -in server1.req.sha256 -key PolarSSLTest -config test-ca.server1.test_serial.opensslconf -notext -batch -out $@
|
||||
|
|
23
tests/data_files/server1.allSubjectAltNames.crt
Normal file
23
tests/data_files/server1.allSubjectAltNames.crt
Normal file
|
@ -0,0 +1,23 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDzTCCArWgAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
|
||||
MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
|
||||
MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G
|
||||
A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN
|
||||
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/
|
||||
uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD
|
||||
d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf
|
||||
CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr
|
||||
lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w
|
||||
bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
|
||||
o4HaMIHXMAkGA1UdEwQCMAAwHQYDVR0OBBYEFB901j8pwXR0RTsFEiw9qL1DWQKm
|
||||
MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MIGJBgNVHREEgYEwf4EQ
|
||||
bWFpbEBleGFtcGxlLmNvbYILZXhhbXBsZS5jb22kQDA+MQswCQYDVQQGEwJVSzER
|
||||
MA8GA1UECgwITWJlZCBUTFMxHDAaBgNVBAMME1N1YmplY3RBbHROYW1lIHRlc3SH
|
||||
BAECAwSGFmh0dHA6Ly9wa2kuZXhhbXBsZS5jb20wDQYJKoZIhvcNAQEFBQADggEB
|
||||
AGPFB8YGpe6PRniPkYVlpCf5WwleYCpcP4AEvFHj5dD1UcBcqKjppJRGssg+S0fP
|
||||
nNwYRjaVjKuhWSGIMrk0nZqsiexnkCma0S8kdFvHtCfbR9c9pQSn44olVMbHx/t8
|
||||
dzv7Z48HqsqvG0hn3AwDlZ+KrnTZFzzpWzfLkbPdZko/oHoFmqEekEuyOK9vO3fj
|
||||
eNm5SzYtqOigw8TxkTb1+Qi9Cj66VEwVESW1y/TL9073Kx0lBoY8wj1Pvfdhplrg
|
||||
IwYIwrr0HM+7nlYEhEI++NAbZhjQoS2kF5i7xpomUkYH9ePbrwWYBcuN00pljXEm
|
||||
ioY0KKlx00fRehPH/6TBHZI=
|
||||
-----END CERTIFICATE-----
|
|
@ -60,107 +60,111 @@ x509_csr_check_opaque:"data_files/server5.key":MBEDTLS_MD_SHA256:MBEDTLS_X509_KU
|
|||
|
||||
Certificate write check Server1 SHA1
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.crt":0:0:"data_files/test-ca.crt"
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.crt":0:0:"data_files/test-ca.crt":0
|
||||
|
||||
Certificate write check Server1 SHA1, not before 1970
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"19700210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt"
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"19700210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt":0
|
||||
|
||||
Certificate write check Server1 SHA1, not after 2050
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20500210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt"
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20500210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt":0
|
||||
|
||||
Certificate write check Server1 SHA1, not before 1970, not after 2050
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"19700210144406":"20500210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt"
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"19700210144406":"20500210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt":0
|
||||
|
||||
Certificate write check Server1 SHA1, not before 2050, not after 2059
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20500210144406":"20590210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt"
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20500210144406":"20590210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt":0
|
||||
|
||||
Certificate write check Server1 SHA1, key_usage
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:1:-1:"data_files/server1.key_usage.crt":0:0:"data_files/test-ca.crt"
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:1:-1:"data_files/server1.key_usage.crt":0:0:"data_files/test-ca.crt":0
|
||||
|
||||
Certificate write check Server1 SHA1, one ext_key_usage
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:"serverAuth":0:0:1:-1:"data_files/server1.key_ext_usage.crt":0:0:"data_files/test-ca.crt"
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:"serverAuth":0:0:1:-1:"data_files/server1.key_ext_usage.crt":0:0:"data_files/test-ca.crt":0
|
||||
|
||||
Certificate write check Server1 SHA1, two ext_key_usages
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:"codeSigning,timeStamping":0:0:1:-1:"data_files/server1.key_ext_usages.crt":0:0:"data_files/test-ca.crt"
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:"codeSigning,timeStamping":0:0:1:-1:"data_files/server1.key_ext_usages.crt":0:0:"data_files/test-ca.crt":0
|
||||
|
||||
Certificate write check Server1 SHA1, ns_cert_type
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"data_files/server1.cert_type.crt":0:0:"data_files/test-ca.crt"
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"data_files/server1.cert_type.crt":0:0:"data_files/test-ca.crt":0
|
||||
|
||||
Certificate write check Server1 SHA1, version 1
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":0:0:"data_files/test-ca.crt"
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":0:0:"data_files/test-ca.crt":0
|
||||
|
||||
Certificate write check Server1 SHA1, CA
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.ca.crt":0:1:"data_files/test-ca.crt"
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.ca.crt":0:1:"data_files/test-ca.crt":0
|
||||
|
||||
Certificate write check Server1 SHA1, RSA_ALT
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:-1:"data_files/server1.noauthid.crt":1:0:"data_files/test-ca.crt"
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:-1:"data_files/server1.noauthid.crt":1:0:"data_files/test-ca.crt":0
|
||||
|
||||
Certificate write check Server1 SHA1, RSA_ALT, key_usage
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:0:-1:"data_files/server1.key_usage_noauthid.crt":1:0:"data_files/test-ca.crt"
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:0:-1:"data_files/server1.key_usage_noauthid.crt":1:0:"data_files/test-ca.crt":0
|
||||
|
||||
Certificate write check Server1 SHA1, RSA_ALT, ns_cert_type
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:0:-1:"data_files/server1.cert_type_noauthid.crt":1:0:"data_files/test-ca.crt"
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:0:-1:"data_files/server1.cert_type_noauthid.crt":1:0:"data_files/test-ca.crt":0
|
||||
|
||||
Certificate write check Server1 SHA1, RSA_ALT, version 1
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":1:0:"data_files/test-ca.crt"
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":1:0:"data_files/test-ca.crt":0
|
||||
|
||||
Certificate write check Server1 SHA1, RSA_ALT, CA
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:-1:"data_files/server1.ca_noauthid.crt":1:1:"data_files/test-ca.crt"
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:-1:"data_files/server1.ca_noauthid.crt":1:1:"data_files/test-ca.crt":0
|
||||
|
||||
Certificate write check Server1 SHA1, Opaque
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5:MBEDTLS_USE_PSA_CRYPTO
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.crt":2:0:"data_files/test-ca.crt"
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.crt":2:0:"data_files/test-ca.crt":0
|
||||
|
||||
Certificate write check Server1 SHA1, Opaque, key_usage
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5:MBEDTLS_USE_PSA_CRYPTO
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:1:-1:"data_files/server1.key_usage.crt":2:0:"data_files/test-ca.crt"
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:1:-1:"data_files/server1.key_usage.crt":2:0:"data_files/test-ca.crt":0
|
||||
|
||||
Certificate write check Server1 SHA1, Opaque, ns_cert_type
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5:MBEDTLS_USE_PSA_CRYPTO
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"data_files/server1.cert_type.crt":2:0:"data_files/test-ca.crt"
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"data_files/server1.cert_type.crt":2:0:"data_files/test-ca.crt":0
|
||||
|
||||
Certificate write check Server1 SHA1, Opaque, version 1
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5:MBEDTLS_USE_PSA_CRYPTO
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":2:0:"data_files/test-ca.crt"
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":2:0:"data_files/test-ca.crt":0
|
||||
|
||||
Certificate write check Server1 SHA1, Opaque, CA
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5:MBEDTLS_USE_PSA_CRYPTO
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.ca.crt":2:1:"data_files/test-ca.crt"
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.ca.crt":2:1:"data_files/test-ca.crt":0
|
||||
|
||||
Certificate write check Server1 SHA1, Full length serial
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"112233445566778899aabbccddeeff0011223344":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.long_serial.crt":0:0:"data_files/test-ca.crt"
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"112233445566778899aabbccddeeff0011223344":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.long_serial.crt":0:0:"data_files/test-ca.crt":0
|
||||
|
||||
Certificate write check Server1 SHA1, Serial starting with 0x80
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"8011223344":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.80serial.crt":0:0:"data_files/test-ca.crt"
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"8011223344":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.80serial.crt":0:0:"data_files/test-ca.crt":0
|
||||
|
||||
Certificate write check Server1 SHA1, All 0xFF full length serial
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"ffffffffffffffffffffffffffffffff":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.long_serial_FF.crt":0:0:"data_files/test-ca.crt"
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"ffffffffffffffffffffffffffffffff":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.long_serial_FF.crt":0:0:"data_files/test-ca.crt":0
|
||||
|
||||
Certificate write check Server5 ECDSA
|
||||
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
x509_crt_check:"data_files/server5.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca2.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=Polarssl Test EC CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA256:0:0:"NULL":0:0:1:-1:"data_files/server5.crt":0:0:"data_files/test-ca2.crt"
|
||||
x509_crt_check:"data_files/server5.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca2.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=Polarssl Test EC CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA256:0:0:"NULL":0:0:1:-1:"data_files/server5.crt":0:0:"data_files/test-ca2.crt":0
|
||||
|
||||
Certificate write check Server5 ECDSA, Opaque
|
||||
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_USE_PSA_CRYPTO
|
||||
x509_crt_check:"data_files/server5.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca2.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=Polarssl Test EC CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA256:0:0:"NULL":0:0:1:-1:"":2:0:"data_files/test-ca2.crt"
|
||||
x509_crt_check:"data_files/server5.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca2.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=Polarssl Test EC CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA256:0:0:"NULL":0:0:1:-1:"":2:0:"data_files/test-ca2.crt":0
|
||||
|
||||
Certificate write check Server1 SHA1, SubjectAltNames
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.allSubjectAltNames.crt":0:0:"data_files/test-ca.crt":1
|
||||
|
||||
X509 String to Names #1
|
||||
mbedtls_x509_string_to_names:"C=NL,O=Offspark\\, Inc., OU=PolarSSL":"C=NL, O=Offspark\\, Inc., OU=PolarSSL":0
|
||||
|
|
|
@ -326,7 +326,7 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd,
|
|||
char *ext_key_usage,
|
||||
int cert_type, int set_cert_type, int auth_ident,
|
||||
int ver, char *cert_check_file, int pk_wrap, int is_ca,
|
||||
char *cert_verify_file)
|
||||
char *cert_verify_file, int set_subjectAltNames)
|
||||
{
|
||||
mbedtls_pk_context subject_key, issuer_key, issuer_key_alt;
|
||||
mbedtls_pk_context *key = &issuer_key;
|
||||
|
@ -348,6 +348,48 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd,
|
|||
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
#endif
|
||||
mbedtls_pk_type_t issuer_key_type;
|
||||
mbedtls_x509_san_list san_ip;
|
||||
mbedtls_x509_san_list san_dns;
|
||||
mbedtls_x509_san_list san_uri;
|
||||
mbedtls_x509_san_list san_mail;
|
||||
mbedtls_x509_san_list san_dn;
|
||||
mbedtls_asn1_named_data *ext_san_dirname = NULL;
|
||||
const char san_ip_name[] = { 0x01, 0x02, 0x03, 0x04 };
|
||||
const char *san_dns_name = "example.com";
|
||||
const char *san_dn_name = "C=UK,O=Mbed TLS,CN=SubjectAltName test";
|
||||
const char *san_mail_name = "mail@example.com";
|
||||
const char *san_uri_name = "http://pki.example.com";
|
||||
mbedtls_x509_san_list *san_list = NULL;
|
||||
|
||||
if (set_subjectAltNames) {
|
||||
san_mail.node.type = MBEDTLS_X509_SAN_RFC822_NAME;
|
||||
san_mail.node.san.unstructured_name.p = (unsigned char *) san_mail_name;
|
||||
san_mail.node.san.unstructured_name.len = strlen(san_mail_name);
|
||||
san_mail.next = NULL;
|
||||
|
||||
san_dns.node.type = MBEDTLS_X509_SAN_DNS_NAME;
|
||||
san_dns.node.san.unstructured_name.p = (unsigned char *) san_dns_name;
|
||||
san_dns.node.san.unstructured_name.len = strlen(san_dns_name);
|
||||
san_dns.next = &san_mail;
|
||||
|
||||
san_dn.node.type = MBEDTLS_X509_SAN_DIRECTORY_NAME;
|
||||
TEST_ASSERT(mbedtls_x509_string_to_names(&ext_san_dirname,
|
||||
san_dn_name) == 0);
|
||||
san_dn.node.san.directory_name = *ext_san_dirname;
|
||||
san_dn.next = &san_dns;
|
||||
|
||||
san_ip.node.type = MBEDTLS_X509_SAN_IP_ADDRESS;
|
||||
san_ip.node.san.unstructured_name.p = (unsigned char *) san_ip_name;
|
||||
san_ip.node.san.unstructured_name.len = sizeof(san_ip_name);
|
||||
san_ip.next = &san_dn;
|
||||
|
||||
san_uri.node.type = MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER;
|
||||
san_uri.node.san.unstructured_name.p = (unsigned char *) san_uri_name;
|
||||
san_uri.node.san.unstructured_name.len = strlen(san_uri_name);
|
||||
san_uri.next = &san_ip;
|
||||
|
||||
san_list = &san_uri;
|
||||
}
|
||||
|
||||
memset(&rnd_info, 0x2a, sizeof(mbedtls_test_rnd_pseudo_info));
|
||||
#if defined(MBEDTLS_TEST_DEPRECATED) && defined(MBEDTLS_BIGNUM_C)
|
||||
|
@ -465,6 +507,9 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd,
|
|||
}
|
||||
}
|
||||
|
||||
if (set_subjectAltNames) {
|
||||
TEST_ASSERT(mbedtls_x509write_crt_set_subject_alternative_name(&crt, san_list) == 0);
|
||||
}
|
||||
ret = mbedtls_x509write_crt_pem(&crt, buf, sizeof(buf),
|
||||
mbedtls_test_rnd_pseudo_rand, &rnd_info);
|
||||
TEST_ASSERT(ret == 0);
|
||||
|
@ -573,6 +618,7 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd,
|
|||
TEST_ASSERT(ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL);
|
||||
|
||||
exit:
|
||||
mbedtls_asn1_free_named_data_list(&ext_san_dirname);
|
||||
mbedtls_x509write_crt_free(&crt);
|
||||
mbedtls_pk_free(&issuer_key_alt);
|
||||
mbedtls_pk_free(&subject_key);
|
||||
|
|
Loading…
Reference in a new issue