diff --git a/.evergreen/scripts/configure-env.sh b/.evergreen/scripts/configure-env.sh index 8dc328aab3..ae5da8c7e9 100755 --- a/.evergreen/scripts/configure-env.sh +++ b/.evergreen/scripts/configure-env.sh @@ -74,8 +74,8 @@ EOT # Write the .env file for drivers-tools. rm -rf $DRIVERS_TOOLS -BRANCH=master -ORG=mongodb-labs +BRANCH=allow-cert-folder-override +ORG=blink1073 git clone --branch $BRANCH https://github.com/$ORG/drivers-evergreen-tools.git $DRIVERS_TOOLS cat < ${DRIVERS_TOOLS}/.env diff --git a/.evergreen/scripts/setup_tests.py b/.evergreen/scripts/setup_tests.py index e188dcaa9d..1765f03c38 100644 --- a/.evergreen/scripts/setup_tests.py +++ b/.evergreen/scripts/setup_tests.py @@ -341,10 +341,8 @@ def handle_test_env() -> None: run_command(cmd, cwd=DRIVERS_TOOLS) if SSL != "nossl": - if not DRIVERS_TOOLS: - raise RuntimeError("Missing DRIVERS_TOOLS") - write_env("CLIENT_PEM", f"{DRIVERS_TOOLS}/.evergreen/x509gen/client.pem") - write_env("CA_PEM", f"{DRIVERS_TOOLS}/.evergreen/x509gen/ca.pem") + write_env("CLIENT_PEM", ROOT / "test/certificates/client.pem") + write_env("CA_PEM", ROOT / "test/certificates/ca.pem") compressors = os.environ.get("COMPRESSORS") or opts.compressor if compressors == "snappy": @@ -382,6 +380,20 @@ def handle_test_env() -> None: if not DRIVERS_TOOLS: raise RuntimeError("Missing DRIVERS_TOOLS") csfle_dir = Path(f"{DRIVERS_TOOLS}/.evergreen/csfle") + + # Set CSFLE TLS cert paths to our AKI-enabled test/certificates/ before + # setup-secrets.sh runs. setup-secrets.sh uses ${VAR:-default} so + # pre-setting these vars causes them to flow into secrets-export.sh via + # csfle/setup_secrets.py (which reads os.environ for these keys). + # load_config_from_file then persists all vars from that file for the + # test runner, so no separate write_env calls are needed. + certs = ROOT / "test/certificates" + os.environ["CSFLE_TLS_CA_FILE"] = str(certs / "ca.pem") + os.environ["CSFLE_TLS_CERT_FILE"] = str(certs / "server.pem") + os.environ["CSFLE_TLS_CLIENT_CERT_FILE"] = str(certs / "client.pem") + os.environ["CSFLE_TLS_WRONG_HOST_FILE"] = str(certs / "wrong-host.pem") + os.environ["CSFLE_TLS_EXPIRED_FILE"] = str(certs / "expired.pem") + run_command(f"bash {csfle_dir.as_posix()}/setup-secrets.sh", cwd=csfle_dir) load_config_from_file(csfle_dir / "secrets-export.sh") run_command(f"bash {csfle_dir.as_posix()}/start-servers.sh") diff --git a/.github/workflows/test-python.yml b/.github/workflows/test-python.yml index 2a70021cf7..5e31d3a41e 100644 --- a/.github/workflows/test-python.yml +++ b/.github/workflows/test-python.yml @@ -219,12 +219,16 @@ jobs: - id: setup-mongodb uses: mongodb-labs/drivers-evergreen-tools@master - name: Run tests - run: | + run: | just integration-tests - id: setup-mongodb-ssl uses: mongodb-labs/drivers-evergreen-tools@master with: ssl: true + env: + TLS_PEM_KEY_FILE: ${{ github.workspace }}/test/certificates/server.pem + TLS_CA_FILE: ${{ github.workspace }}/test/certificates/ca.pem + TLS_CERT_KEY_FILE: ${{ github.workspace }}/test/certificates/client.pem - name: Run tests run: | just integration-tests diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 773c9ec0d8..61ad4ece29 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -250,6 +250,16 @@ client = MongoClient( If you want to use the actual certificate file then set `tlsCertificateKeyFile` to the local path to `/test/certificates/client.pem` and `tlsCAFile` to the local path to `/test/certificates/ca.pem`. +#### Regenerating test certificates + +If the test certificates in `test/certificates/` need to be regenerated (e.g. after expiry or to add missing extensions), run: + +```bash +cd test/certificates && bash gen-certs.sh +``` + +See `test/certificates/README.md` for full details and constraints on certificate subjects/SANs that must be preserved. + ### Encryption tests - Run `just run-server` to start the server. diff --git a/test/asynchronous/test_encryption.py b/test/asynchronous/test_encryption.py index 455b1940c4..16d0feed4e 100644 --- a/test/asynchronous/test_encryption.py +++ b/test/asynchronous/test_encryption.py @@ -3047,8 +3047,6 @@ async def http_post(self, path, data=None): # each request because the server is single threaded. ctx = ssl.create_default_context(cafile=CA_PEM) ctx.load_cert_chain(CLIENT_PEM) - ctx.check_hostname = False - ctx.verify_mode = ssl.CERT_NONE conn = http.client.HTTPSConnection("127.0.0.1:9003", context=ctx) try: if data is not None: diff --git a/test/certificates/README.md b/test/certificates/README.md new file mode 100644 index 0000000000..5975b4c722 --- /dev/null +++ b/test/certificates/README.md @@ -0,0 +1,40 @@ +# Test TLS Certificates + +These certificates are used by the PyMongo test suite for TLS/SSL integration tests. + +## Regenerating certificates + +Run the generation script from this directory: + +```bash +bash gen-certs.sh +``` + +**Prerequisites:** OpenSSL 1.1+ or LibreSSL 3+ + +## Certificate details + +| File | Subject | Signed by | Purpose | +|---|---|---|---| +| `ca.pem` | `CN=Drivers Testing CA, ...` | Self (CA) | Root CA for test certs | +| `server.pem` | `CN=localhost, ...` + SAN | Drivers Testing CA | MongoDB server cert (key + cert) | +| `client.pem` | `CN=client, O=MDB, ...` | Drivers Testing CA | Client auth cert (key + cert) | +| `password_protected.pem` | Same as client | Drivers Testing CA | Client cert with AES-256 encrypted key | +| `crl.pem` | — | Drivers Testing CA | Empty Certificate Revocation List | +| `trusted-ca.pem` | `CN=Trusted Kernel Test CA, OU=Kernel, ...` | Self (CA) | Separate CA for bundle tests | + +**Password** for `password_protected.pem`: `qwerty` + +## Important constraints + +The following values are hardcoded in tests and **must not change**: + +- Client cert subject: `C=US,ST=New York,L=New York City,O=MDB,OU=Drivers,CN=client` + (used as the MongoDB X.509 username in `test/test_ssl.py`) +- Server cert SAN: `DNS:localhost, IP:127.0.0.1, IP:::1` +- The `server` hostname alias for `127.0.0.1` must be present in `/etc/hosts` for SSL tests to pass + (added automatically by `.evergreen/scripts/setup-system.sh`) + +## Background + +Certificates were regenerated to add the **Authority Key Identifier (AKI)** extension, which Python 3.13 requires for TLS certificate chain validation (PYTHON-5040). Prior to regeneration, certs were missing AKI, causing `ssl.SSLCertVerificationError: Missing Authority Key Identifier` on macOS and Windows with Python 3.13. diff --git a/test/certificates/ca.pem b/test/certificates/ca.pem index 24beea2d48..7e79d7087e 100644 --- a/test/certificates/ca.pem +++ b/test/certificates/ca.pem @@ -1,21 +1,23 @@ -----BEGIN CERTIFICATE----- -MIIDfzCCAmegAwIBAgIDB1MGMA0GCSqGSIb3DQEBCwUAMHkxGzAZBgNVBAMTEkRy -aXZlcnMgVGVzdGluZyBDQTEQMA4GA1UECxMHRHJpdmVyczEQMA4GA1UEChMHTW9u -Z29EQjEWMBQGA1UEBxMNTmV3IFlvcmsgQ2l0eTERMA8GA1UECBMITmV3IFlvcmsx -CzAJBgNVBAYTAlVTMB4XDTE5MDUyMjIwMjMxMVoXDTM5MDUyMjIwMjMxMVoweTEb -MBkGA1UEAxMSRHJpdmVycyBUZXN0aW5nIENBMRAwDgYDVQQLEwdEcml2ZXJzMRAw -DgYDVQQKEwdNb25nb0RCMRYwFAYDVQQHEw1OZXcgWW9yayBDaXR5MREwDwYDVQQI -EwhOZXcgWW9yazELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw -ggEKAoIBAQCl7VN+WsQfHlwapcOpTLZVoeMAl1LTbWTFuXSAavIyy0W1Ytky1UP/ -bxCSW0mSWwCgqoJ5aXbAvrNRp6ArWu3LsTQIEcD3pEdrFIVQhYzWUs9fXqPyI9k+ -QNNQ+MRFKeGteTPYwF2eVEtPzUHU5ws3+OKp1m6MCLkwAG3RBFUAfddUnLvGoZiT -pd8/eNabhgHvdrCw+tYFCWvSjz7SluEVievpQehrSEPKe8DxJq/IM3tSl3tdylzT -zeiKNO7c7LuQrgjAfrZl7n2SriHIlNmqiDR/kdd8+TxBuxjFlcf2WyHCO3lIcIgH -KXTlhUCg50KfHaxHu05Qw0x8869yIzqbAgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8w -DQYJKoZIhvcNAQELBQADggEBAEHuhTL8KQZcKCTSJbYA9MgZj7U32arMGBbc1hiq -VBREwvdVz4+9tIyWMzN9R/YCKmUTnCq8z3wTlC8kBtxYn/l4Tj8nJYcgLJjQ0Fwe -gT564CmvkUat8uXPz6olOCdwkMpJ9Sj62i0mpgXJdBfxKQ6TZ9yGz6m3jannjZpN -LchB7xSAEWtqUgvNusq0dApJsf4n7jZ+oBZVaQw2+tzaMfaLqHgMwcu1FzA8UKCD -sxCgIsZUs8DdxaD418Ot6nPfheOTqe24n+TTa+Z6O0W0QtnofJBx7tmAo1aEc57i -77s89pfwIJetpIlhzNSMKurCAocFCJMJLAASJFuu6dyDvPo= +MIIDwjCCAqqgAwIBAgIUG4yLbLc0MS98Rr9VPU52i4oeEcMwDQYJKoZIhvcNAQEL +BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O +ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA1MDE0MzE4WhcN +NDYwNTMxMDE0MzE4WjB5MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx +FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV +BAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMgVGVzdGluZyBDQTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMUpxRwvIP/vSWHitv/vN/T2k3zZO3+I +7j6fxLyQ3kqT9c3VZOCOV3yf9ESfEJpoKiOrUsWE7U/dBDT2gcBsYFuaRc9kzOzV +1XDIdfAhNMeSb9OHxW5gKN+bIiMOlEwzGsfty1hhmpAkZycfTkCvbQ/uyEtRApfC +QnvFYtn/gZ/1jXOa94Zz9uxDVwzBsCQlHf1WpD6h/Uk+QJWTj11osm6nGCFDkugd +BHF7iqcb05IFchM2u3MJQ9GcqHf+HIn/JuPbPP5/Y9kuFomHsabvqIq3Nj3iLUWx +emprLjwpchELbB4VfgOTX9dShQKPQaDZsZI/tsMtRe77AEMubDCsbeMCAwEAAaNC +MEAwHQYDVR0OBBYEFAedCCKz7kaIvK9mkpHLdhyfGtFyMA8GA1UdEwEB/wQFMAMB +Af8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4IBAQCjoRcYDpno/ja9 +jnRtJYBpqnKPv9L2cjChqMxQzfOqmD3aGW3mvn9tyqZ4gDpGrFuwojL7R2syALwX +OtII89+elyMuod/POley5nFBfko6UN6Ot3Anbk3d8YC7BeSJYlpOYJOjb5Cqk2ld +O8sUm2YxT64LdRQZbf0y068UgJiEhBUdY2gYrfj8DAjn+8TMOwXmXqJIzIdl+yX6 +jz8VL5RX++i79HE/PfqKR7uAgA19/KWcUUpT5dEJcFAH5uV+zP39ihlRCAYbEa/d +lI/p/Q4KfpdGSsNvrBK+0abYkH7JLsO6fXDhag8+es45LQPT6yCucXznq5tvl+QT +Z4yZLc0w -----END CERTIFICATE----- diff --git a/test/certificates/client.pem b/test/certificates/client.pem index 5b07001092..33e03ae915 100644 --- a/test/certificates/client.pem +++ b/test/certificates/client.pem @@ -1,48 +1,51 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAsNS8UEuin7/K29jXfIOLpIoh1jEyWVqxiie2Onx7uJJKcoKo -khA3XeUnVN0k6X5MwYWcN52xcns7LYtyt06nRpTG2/emoV44w9uKTuHsvUbiOwSV -m/ToKQQ4FUFZoqorXH+ZmJuIpJNfoW+3CkE1vEDCIecIq6BNg5ySsPtvSuSJHGjp -mc7/5ZUDvFE2aJ8QbJU3Ws0HXiEb6ymi048LlzEL2VKX3w6mqqh+7dcZGAy7qYk2 -5FZ9ktKvCeQau7mTyU1hsPrKFiKtMN8Q2ZAItX13asw5/IeSTq2LgLFHlbj5Kpq4 -GmLdNCshzH5X7Ew3IYM8EHmsX8dmD6mhv7vpVwIDAQABAoIBABOdpb4qhcG+3twA -c/cGCKmaASLnljQ/UU6IFTjrsjXJVKTbRaPeVKX/05sgZQXZ0t3s2mV5AsQ2U1w8 -Cd+3w+qaemzQThW8hAOGCROzEDX29QWi/o2sX0ydgTMqaq0Wv3SlWv6I0mGfT45y -/BURIsrdTCvCmz2erLqa1dL4MWJXRFjT9UTs5twlecIOM2IHKoGGagFhymRK4kDe -wTRC9fpfoAgyfus3pCO/wi/F8yKGPDEwY+zgkhrJQ+kSeki7oKdGD1H540vB8gRt -EIqssE0Y6rEYf97WssQlxJgvoJBDSftOijS6mwvoasDUwfFqyyPiirawXWWhHXkc -DjIi/XECgYEA5xfjilw9YyM2UGQNESbNNunPcj7gDZbN347xJwmYmi9AUdPLt9xN -3XaMqqR22k1DUOxC/5hH0uiXir7mDfqmC+XS/ic/VOsa3CDWejkEnyGLiwSHY502 -wD/xWgHwUiGVAG9HY64vnDGm6L3KGXA2oqxanL4V0+0+Ht49pZ16i8sCgYEAw+Ox -CHGtpkzjCP/z8xr+1VTSdpc/4CP2HONnYopcn48KfQnf7Nale69/1kZpypJlvQSG -eeA3jMGigNJEkb8/kaVoRLCisXcwLc0XIfCTeiK6FS0Ka30D/84Qm8UsHxRdpGkM -kYITAa2r64tgRL8as4/ukeXBKE+oOhX43LeEfyUCgYBkf7IX2Ndlhsm3GlvIarxy -NipeP9PGdR/hKlPbq0OvQf9R1q7QrcE7H7Q6/b0mYNV2mtjkOQB7S2WkFDMOP0P5 -BqDEoKLdNkV/F9TOYH+PCNKbyYNrodJOt0Ap6Y/u1+Xpw3sjcXwJDFrO+sKqX2+T -PStG4S+y84jBedsLbDoAEwKBgQCTz7/KC11o2yOFqv09N+WKvBKDgeWlD/2qFr3w -UU9K5viXGVhqshz0k5z25vL09Drowf1nAZVpFMO2SPOMtq8VC6b+Dfr1xmYIaXVH -Gu1tf77CM9Zk/VSDNc66e7GrUgbHBK2DLo+A+Ld9aRIfTcSsMbNnS+LQtCrQibvb -cG7+MQKBgQCY11oMT2dUekoZEyW4no7W5D74lR8ztMjp/fWWTDo/AZGPBY6cZoZF -IICrzYtDT/5BzB0Jh1f4O9ZQkm5+OvlFbmoZoSbMzHL3oJCBOY5K0/kdGXL46WWh -IRJSYakNU6VIS7SjDpKgm9D8befQqZeoSggSjIIULIiAtYgS80vmGA== ------END RSA PRIVATE KEY----- +-----BEGIN PRIVATE KEY----- +MIIEugIBADANBgkqhkiG9w0BAQEFAASCBKQwggSgAgEAAoIBAQC4AKy3yN1ylUiC +rP8wqfYzO7c+l+lL9V8Itz05uzHDOnxFVVeVs0Xfvzb7Sc/xepnBlCIRDP5ucmyi +CQw2paK+Sqdk4dteBj5pBXpx5KC8oi6vIrU16gB46f1fpTVMpU6AxMbMOy0i8mtJ +SAH+YgBcyGjpix2I2PQUNSp2tAt9DJlxzmRcclJkkkyHZPMZPkCH0R3Fw6MIGwgm +h14eQhqxvUxcnXDKVt0y0e6uVU6dF7bqyAivzxIU3qFmxxWCsFSANppU0P6TBkIx +ysUgdV/rYkBVxIEi+NZomeGjR3/iKVkpo6yerQoaROWIWnJLLY5BzJc9oG5xnoAg +1qJM1EDRAgMBAAECgf9JSFDXDDN7jzkcfQn7DQtLxwdpm9cECZWamGAqE1lJB+IL +5bwcQxTGfWwdvigIuhYX+DIZLbOntAAlXgp0jpi3xm56H080WLLtNjauEFXJdaO3 +h3s5yG39D4l6A7JWnv/FCUSj0m2ySBpdSpsrVUdlAexxbJaMCjGBBYEEBcZi5r95 +e8K/F78rZXuHJbHfOx+xhKwyIalM8wyp63v6KLBscDy+DaAunOJij8NCpEwENohU +R15jAr60liAOnqJpvUctjjiUdjztbh3v9pQaOrsQ1wgGUL86P7rWV6TgXDe/LWel +6MNLJ/N6Mwmy86Qjoz4mlnaY4LYBUWdAzqd/zKkCgYEA3KvY7Kd4tTs/iElMGk0v +k+l4rONn/GjabyOkkZlc7TulM+7DDKvd/V+ms8c2E1TpW6c2Fn7gaBuC+Wfw23T/ +kXF3T0jFNLI4zOHjE33yT9fqg+0m1iAPVgn4e0eQ+xeB0fr3ILl7hbQY9n3fAM6y +DjfrWDhbDr4x4gBy6C4J70kCgYEA1XX5D8Roa9sGA4RjZz0FlUT1fq3pxEt9O+5a +bId3BAjd1nv6vD6Dln5AGLizv/VnQA/W6lj9ZfPsPrQMQHUpHaeyrcewmbfJ5PVQ +YGQea7ZjuCU1T0IcjrHvLYZIHqAGPrOxDzRiLYuPmKwkl9yokqs1LWYgt1nMd93z +mYwF3UkCgYBhXESqLT2ZoFlolQZJuHJcbS78AJ1ZhR2S2YP7ZVHVrXI3FoniJlYc +Oz5+pU8bemQ3NvArPrFd3X2M8qoW+Wjkz84XIgE4PcXHx4X7jJ8DUT08Fb8DzENX +77A9HBdAYV+6uGKegpeYJxy4bFKetZNjqJJiawLp30p87zvDasShWQKBgA7+5qxQ +4/UPwfBlUIZkJwxBd+2aUh3UH8wiBoAxVA8YgF0dAJRQ3/WmkOIrt5T4rHQ3qKV1 +8vdCl4ogI+wzTtwid871hFaILsrC4Q6kee6fNYouMvyKbG8p2N+d21srasTk4r9q +sqr4bvIOxdNVURJcrLOvxQScblzNXtuelprhAoGAf51AFgJR+K13Y329T3Lex5ee +qvjMMuJIKMTddj0In7TeL5MqUBtMNjvmXQ/mJ2kAyAl7yod6xjAqmTSNc3Nju6qB +/9n2u8NBH9CRdxq7m6mJIbfvAMlqPw32B5jG/dP65eFacsjamTNjWcDy0coZOcQ3 +OfeAwH0y5PwSCsVtmLs= +-----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIIDgzCCAmugAwIBAgIDAxOUMA0GCSqGSIb3DQEBCwUAMHkxGzAZBgNVBAMTEkRy -aXZlcnMgVGVzdGluZyBDQTEQMA4GA1UECxMHRHJpdmVyczEQMA4GA1UEChMHTW9u -Z29EQjEWMBQGA1UEBxMNTmV3IFlvcmsgQ2l0eTERMA8GA1UECBMITmV3IFlvcmsx -CzAJBgNVBAYTAlVTMB4XDTE5MDUyMjIzNTU1NFoXDTM5MDUyMjIzNTU1NFowaTEP -MA0GA1UEAxMGY2xpZW50MRAwDgYDVQQLEwdEcml2ZXJzMQwwCgYDVQQKEwNNREIx -FjAUBgNVBAcTDU5ldyBZb3JrIENpdHkxETAPBgNVBAgTCE5ldyBZb3JrMQswCQYD -VQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALDUvFBLop+/ -ytvY13yDi6SKIdYxMllasYontjp8e7iSSnKCqJIQN13lJ1TdJOl+TMGFnDedsXJ7 -Oy2LcrdOp0aUxtv3pqFeOMPbik7h7L1G4jsElZv06CkEOBVBWaKqK1x/mZibiKST -X6FvtwpBNbxAwiHnCKugTYOckrD7b0rkiRxo6ZnO/+WVA7xRNmifEGyVN1rNB14h -G+spotOPC5cxC9lSl98Opqqofu3XGRgMu6mJNuRWfZLSrwnkGru5k8lNYbD6yhYi -rTDfENmQCLV9d2rMOfyHkk6ti4CxR5W4+SqauBpi3TQrIcx+V+xMNyGDPBB5rF/H -Zg+pob+76VcCAwEAAaMkMCIwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUF -BwMCMA0GCSqGSIb3DQEBCwUAA4IBAQAqRcLAGvYMaGYOV4HJTzNotT2qE0I9THNQ -wOV1fBg69x6SrUQTQLjJEptpOA288Wue6Jt3H+p5qAGV5GbXjzN/yjCoItggSKxG -Xg7279nz6/C5faoIKRjpS9R+MsJGlttP9nUzdSxrHvvqm62OuSVFjjETxD39DupE -YPFQoHOxdFTtBQlc/zIKxVdd20rs1xJeeU2/L7jtRBSPuR/Sk8zot7G2/dQHX49y -kHrq8qz12kj1T6XDXf8KZawFywXaz0/Ur+fUYKmkVk1T0JZaNtF4sKqDeNE4zcns -p3xLVDSl1Q5Gwj7bgph9o4Hxs9izPwiqjmNaSjPimGYZ399zcurY +MIID1DCCArygAwIBAgIUAYDeF//Jvzjf1eM+TBMe+oo6hhswDQYJKoZIhvcNAQEL +BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O +ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA1MDE0MzE4WhcN +NDYwNTMxMDE0MzE4WjBpMQ8wDQYDVQQDDAZjbGllbnQxEDAOBgNVBAsMB0RyaXZl +cnMxDDAKBgNVBAoMA01EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UE +CAwITmV3IFlvcmsxCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAuACst8jdcpVIgqz/MKn2Mzu3PpfpS/VfCLc9Obsxwzp8RVVXlbNF +3782+0nP8XqZwZQiEQz+bnJsogkMNqWivkqnZOHbXgY+aQV6ceSgvKIuryK1NeoA +eOn9X6U1TKVOgMTGzDstIvJrSUgB/mIAXMho6YsdiNj0FDUqdrQLfQyZcc5kXHJS +ZJJMh2TzGT5Ah9EdxcOjCBsIJodeHkIasb1MXJ1wylbdMtHurlVOnRe26sgIr88S +FN6hZscVgrBUgDaaVND+kwZCMcrFIHVf62JAVcSBIvjWaJnho0d/4ilZKaOsnq0K +GkTliFpySy2OQcyXPaBucZ6AINaiTNRA0QIDAQABo2QwYjAdBgNVHQ4EFgQUPQii +N1XUM2emxoJgNj8ry0yxRh4wHwYDVR0jBBgwFoAUB50IIrPuRoi8r2aSkct2HJ8a +0XIwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB +CwUAA4IBAQBIcLppLz1x+xEqvIWuopnRNqejMOxBqoHgoJs4p8EAmgi0HYZZq3NA +EnIMWE6AUIDbeI1bM64oKY17dQrNKF0okoNUNXW66vfsHLiKhnXsAxanlCeHLYIZ +cKS0/npzpFhKPd2GZM2jPXDNM2u9RAyoi+da5/NcWEoH6QEeAoll5/7dGABS2EM/ +tnKf74sjVQuYwPcWP0S4d5PIkb1t9PwCaKQ0wwZ6WM8lmtiiWOVNpgAjszBrvR5F +52xHHyoTkoXJRd/xV+xD2QPxPX12haVSeQNwAeW6vg4U0oSAECC3WIS/TfnkP1zS +cbmduwH5VCdKRaJXcKXP+YuK8XQfV3IA -----END CERTIFICATE----- diff --git a/test/certificates/crl.pem b/test/certificates/crl.pem index 733a0acdc0..a258bcf23d 100644 --- a/test/certificates/crl.pem +++ b/test/certificates/crl.pem @@ -1,13 +1,13 @@ -----BEGIN X509 CRL----- -MIIB6jCB0wIBATANBgkqhkiG9w0BAQsFADB5MRswGQYDVQQDExJEcml2ZXJzIFRl -c3RpbmcgQ0ExEDAOBgNVBAsTB0RyaXZlcnMxEDAOBgNVBAoTB01vbmdvREIxFjAU -BgNVBAcTDU5ldyBZb3JrIENpdHkxETAPBgNVBAgTCE5ldyBZb3JrMQswCQYDVQQG -EwJVUxcNMTkwNTIyMjI0NTUzWhcNMTkwNjIxMjI0NTUzWjAVMBMCAncVFw0xOTA1 -MjIyMjQ1MzJaoA8wDTALBgNVHRQEBAICEAAwDQYJKoZIhvcNAQELBQADggEBACwQ -W9OF6ExJSzzYbpCRroznkfdLG7ghNSxIpBQUGtcnYbkP4em6TdtAj5K3yBjcKn4a -hnUoa5EJGr2Xgg0QascV/1GuWEJC9rsYYB9boVi95l1CrkS0pseaunM086iItZ4a -hRVza8qEMBc3rdsracA7hElYMKdFTRLpIGciJehXzv40yT5XFBHGy/HIT0CD50O7 -BDOHzA+rCFCvxX8UY9myDfb1r1zUW7Gzjn241VT7bcIJmhFE9oV0popzDyqr6GvP -qB2t5VmFpbnSwkuc4ie8Jizip1P8Hg73lut3oVAHACFGPpfaNIAp4GcSH61zJmff -9UBe3CJ1INwqyiuqGeA= +MIIB6DCB0QIBATANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzERMA8GA1UE +CAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01v +bmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMgVGVzdGlu +ZyBDQRcNMjYwNjA1MDE0MzE4WhcNNDYwNTMxMDE0MzE4WjAUMBICAQEXDTI2MDYw +NTAxNDMxOFqgDjAMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQBh3+5E +QMyGj5BWnN7hC4/ZNj5Q0Rfm0qIZrKQJ2EsiRo/lT33/QGv1oHdd/i7QOWee3UaA +uow1hxHhhUw1gwL6RZz2HmxxxvsecoYIImNq4e+D3Na6B19earihYiZs6JXOi0n0 +2fMxvKd0GqhNyva5nZSNguoL2Bx6nMt2HH0jjKbJYLhfW21aazXjqLBbvXyJ6NMg +Mnoh7/23fqnjtow2lGcICq5N5lH0wvNb62xyqr4viaYy0Heox/yr0DxxAZ9ipXYp +3Ru/T2bnfu0gt+pcbdHq4u+FXtaila08P4pAMHKaXFGpxlv6S2lTuKKMgIV/yKtR +Em4RerccVwXzeI6T -----END X509 CRL----- diff --git a/test/certificates/expired.pem b/test/certificates/expired.pem new file mode 100644 index 0000000000..b0d50b5200 --- /dev/null +++ b/test/certificates/expired.pem @@ -0,0 +1,51 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCUqmrhMtP8RnGs +9TcWYFHSdLjdjezTmCNCVNIPnTky9oX7O6MwCahwaXJRNmGSvED2DK1q44QbSNRX +WMBtTFhckmx2aRCGVfaRFHHaUx58+DWTDQyc3YHQgIw+wo8endBlcSaCiyF6A7Xd +oir8IGTL90703GwS8pqM+urY4QcgrRrVfoGWgEdzLUSlqk1hC+jFwh0++Ob7EzX3 +I4WfUtLhRRevhS/V08PT1Q4n3kxUt3phFPFD5sb4dIUAZLbNmQ1oO8nnIjpQwhMC +WlAwhWVNYf8H9zkwW7ZPLT3hSeqgrUN1/l0wT1w5AaVElnrDsai2j/3DQdfW18qK +59Y+/y+/AgMBAAECggEAHSCwtTPYvfZtYlZfNzajAWmWKO6cRq7pxZ7J035aDSap +BJrgM9LImlHGsKvHfVD+J1c/iRBPu2rPE9gTR7bsHyMfNioKr09bcnx/fCfJ8vFM +yeWGIZvyyc/N6qQDF5wTDzUWtwAcjIP6l5Sk+GY+aYoogahIUoQPDO1Co0CfvWJw +wpAlaAIvEO1RgaEQVEq3YgbCIpmDEjgwQllVqQ+QBkXUDsw+aYFaktcYkz+LPp6M +MtPhe4DLRABeqDsFtLbi8L07rDdByZNDCa3GFLZOy71YrHHzqENAzvy/6HN+SYn9 +elrWc+qvuSRP/z1JBa8P2Bf5TLCKgSm5amRMFm4brQKBgQDJJF1PA5jmPKiG0ftD +ASn5375OGnTw3SkDFEWJKbEVu2TUa6eZhqUQzRz0j9qNDnpaVVa+88c/tJl1lymV +RG+EsPsoKzHEQJ5FYg+SJz/IR5XMqO9D9Yd+vGRBY9nqO7Q5lbyQqdBiHrQIzKS8 +VRCobA8MZSyGUifnJPNS6JXfqwKBgQC9Ni46GNF8za664JTfyD3PGq92edzMAWZd +x5yLBUC+eh9WKawjr98FFS4UEH22Hrznjp4FqqQnQ04DaDNd6Peeb0G9co2LSguv +8PXiuG4QshmA/yHLTFXbAGCPDV/CF0XqPTyMpHVax8Du/ITpucykenm83s8lhf+T +FwzvqQasPQKBgAQmQ+aFZHobdj6RxmUzePI2s25ZDWCKr3XozSZvPb/9Ba98KRD5 +vh4CnT5OWWvfiJakfA2kac/eoevTGoCB0Osj24qQmY465wj3ZOrW9HHlSCnYslbs +kccDi+3taWlzodwuQp2ZYzsi9wPXdO6NsrJGyGixDaIXv8r88CgdtDnRAoGAVSG+ +lNc70kp89oo7kaB35uobzlOwO33ZwBIi5g37/nfWB5+CWyAzWQcZj1+IIFweJJVv +lh8b8qp+vFuy2OsMFpX6XzHea7BqJ8Rj7ZmLtCld/kNMwjrbWkkGKPccgaiVBXp9 +9s28G5dKwHyPlNXLNKoCgi9BxqFOx7CUWnSTkwUCgYB2a+06EPZi290XgnnN2akt +/GI2xdnY2GDF4AyZuslffdm2MV8Gl8d0xUi5zkps7oEoqJUFg88FUxnnVxTAycLP +gJBSquCgzYaTlg7UrrYEUu27w+VV84zUzf9qnAy+YcqQcyROoDugP5AEhGoXLqke +DwKg2EIYHmc/qhVQXCKvuA== +-----END PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIID5zCCAs+gAwIBAgIUAYDeF//Jvzjf1eM+TBMe+oo6hh0wDQYJKoZIhvcNAQEL +BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O +ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMDAwMTAxMDAwMDAwWhcN +MDEwMTAxMDAwMDAwWjBwMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx +FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV +BAsMB0RyaXZlcnMxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBAJSqauEy0/xGcaz1NxZgUdJ0uN2N7NOYI0JU0g+dOTL2 +hfs7ozAJqHBpclE2YZK8QPYMrWrjhBtI1FdYwG1MWFySbHZpEIZV9pEUcdpTHnz4 +NZMNDJzdgdCAjD7Cjx6d0GVxJoKLIXoDtd2iKvwgZMv3TvTcbBLymoz66tjhByCt +GtV+gZaAR3MtRKWqTWEL6MXCHT745vsTNfcjhZ9S0uFFF6+FL9XTw9PVDifeTFS3 +emEU8UPmxvh0hQBkts2ZDWg7yeciOlDCEwJaUDCFZU1h/wf3OTBbtk8tPeFJ6qCt +Q3X+XTBPXDkBpUSWesOxqLaP/cNB19bXyorn1j7/L78CAwEAAaNwMG4wHQYDVR0O +BBYEFLwmWBzr5HQiC9AMIH8MaBKiVhPGMB8GA1UdIwQYMBaAFAedCCKz7kaIvK9m +kpHLdhyfGtFyMCwGA1UdEQQlMCOCCWxvY2FsaG9zdIcEfwAAAYcQAAAAAAAAAAAA +AAAAAAAAATANBgkqhkiG9w0BAQsFAAOCAQEAvAHnUpmT11dC3y6sEUyg5EqSQSD9 +dpOEIVnQ8kLyLAEhxu2LNyJFM0s+luhe4m/5OINlyOKizjGAA0MXjShNFfLioIlf +Gg1gPeTvGXJofIrHPF5EnVLcGGx3bjn3E5d5MEX2V6swA5jxcoiJpfIJACfZfY3M +n13NNIXKXtsoXE8G9HuW2TkINnyJCHJPT6aD7uuA+UElvGMQm1XEZiE69VZbWGgx +lCsR5Y8M9PaXJaO+WGubr4P08LAa+ZA/zFbJyY5ThXr15GkatW6kQvBo1g6zOdGp +inJ+VxAgjOMSlmES3IgypKvliTp1rSRU0j+xwGQNZ2j46ju+oqfV1bQ8wQ== +-----END CERTIFICATE----- diff --git a/test/certificates/gen-certs.sh b/test/certificates/gen-certs.sh new file mode 100755 index 0000000000..118e866ebe --- /dev/null +++ b/test/certificates/gen-certs.sh @@ -0,0 +1,246 @@ +#!/usr/bin/env bash +# Regenerate all TLS test certificates with proper Authority Key Identifier (AKI) +# and Subject Key Identifier (SKI) extensions. +# +# Usage: bash gen-certs.sh (run from test/certificates/) +# +# Prerequisites: OpenSSL 1.1+ or LibreSSL 3+ +# Password for password_protected.pem: qwerty +# See README.md for full details. + +set -euo pipefail + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +TMPDIR="$(mktemp -d)" +trap 'rm -rf "$TMPDIR"' EXIT + +DAYS=7300 # ~20 years + +# ---------------------------------------------------------------------------- +# OpenSSL extension config +# ---------------------------------------------------------------------------- +cat > "$TMPDIR/ext.cnf" << 'EOF' +[ v3_ca ] +subjectKeyIdentifier = hash +basicConstraints = critical, CA:TRUE +keyUsage = critical, keyCertSign + +[ v3_server ] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid +subjectAltName = DNS:localhost, IP:127.0.0.1, IP:::1 + +[ v3_client ] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid +keyUsage = digitalSignature +extendedKeyUsage = clientAuth +EOF + +# ---------------------------------------------------------------------------- +# OpenSSL CA config (for CRL generation) +# ---------------------------------------------------------------------------- +mkdir -p "$TMPDIR/cadb/newcerts" +touch "$TMPDIR/cadb/index.txt" +printf '01\n' > "$TMPDIR/cadb/serial" +printf '01\n' > "$TMPDIR/cadb/crlnumber" + +cat > "$TMPDIR/ca.cnf" << EOF +[ ca ] +default_ca = CA_default + +[ CA_default ] +dir = $TMPDIR/cadb +new_certs_dir = $TMPDIR/cadb/newcerts +database = $TMPDIR/cadb/index.txt +serial = $TMPDIR/cadb/serial +crlnumber = $TMPDIR/cadb/crlnumber +certificate = $TMPDIR/ca.pem +private_key = $TMPDIR/ca.key +default_days = $DAYS +default_crl_days = $DAYS +default_md = sha256 +preserve = no +policy = policy_match + +[ policy_match ] +countryName = optional +stateOrProvinceName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional +EOF + +# ---------------------------------------------------------------------------- +# 1. Drivers Testing CA +# ---------------------------------------------------------------------------- +echo "==> Generating Drivers Testing CA..." +openssl genrsa -out "$TMPDIR/ca.key" 2048 2>/dev/null +openssl req -new -x509 -days $DAYS \ + -key "$TMPDIR/ca.key" \ + -out "$TMPDIR/ca.pem" \ + -subj "/C=US/ST=New York/L=New York City/O=MongoDB/OU=Drivers/CN=Drivers Testing CA" \ + -extensions v3_ca \ + -config "$TMPDIR/ext.cnf" + +cp "$TMPDIR/ca.pem" "$SCRIPT_DIR/ca.pem" +echo " ca.pem written" + +# ---------------------------------------------------------------------------- +# 2. Server certificate +# Signed via `openssl ca` so the cert is tracked in the database and can +# be revoked, which is required for the tlsCRLFile test. +# ---------------------------------------------------------------------------- +echo "==> Generating server certificate..." +openssl genrsa -out "$TMPDIR/server.key" 2048 2>/dev/null +openssl req -new \ + -key "$TMPDIR/server.key" \ + -out "$TMPDIR/server.csr" \ + -subj "/C=US/ST=New York/L=New York City/O=MongoDB/OU=Drivers/CN=localhost" +openssl ca -config "$TMPDIR/ca.cnf" \ + -in "$TMPDIR/server.csr" \ + -out "$TMPDIR/server.crt" \ + -extensions v3_server \ + -extfile "$TMPDIR/ext.cnf" \ + -days $DAYS \ + -batch 2>/dev/null + +# server.pem = private key + certificate +cat "$TMPDIR/server.key" "$TMPDIR/server.crt" > "$SCRIPT_DIR/server.pem" +echo " server.pem written" + +# Revoke the server cert so crl.pem will block connections when checked. +# This is required by test_tlsCRLFile_support which verifies CRL enforcement. +openssl ca -config "$TMPDIR/ca.cnf" -revoke "$TMPDIR/server.crt" 2>/dev/null + +# ---------------------------------------------------------------------------- +# 3. Client certificate +# ---------------------------------------------------------------------------- +echo "==> Generating client certificate..." +openssl genrsa -out "$TMPDIR/client.key" 2048 2>/dev/null +openssl req -new \ + -key "$TMPDIR/client.key" \ + -out "$TMPDIR/client.csr" \ + -subj "/CN=client/OU=Drivers/O=MDB/L=New York City/ST=New York/C=US" +openssl x509 -req -days $DAYS \ + -in "$TMPDIR/client.csr" \ + -CA "$TMPDIR/ca.pem" \ + -CAkey "$TMPDIR/ca.key" \ + -CAcreateserial \ + -out "$TMPDIR/client.crt" \ + -extfile "$TMPDIR/ext.cnf" \ + -extensions v3_client 2>/dev/null + +# client.pem = private key + certificate +cat "$TMPDIR/client.key" "$TMPDIR/client.crt" > "$SCRIPT_DIR/client.pem" +echo " client.pem written" + +# ---------------------------------------------------------------------------- +# 4. Password-protected client certificate +# ---------------------------------------------------------------------------- +echo "==> Generating password-protected client certificate..." +openssl rsa -in "$TMPDIR/client.key" \ + -aes256 -passout pass:qwerty \ + -out "$TMPDIR/client_enc.key" 2>/dev/null + +# password_protected.pem = encrypted key + certificate (same cert as client) +cat "$TMPDIR/client_enc.key" "$TMPDIR/client.crt" > "$SCRIPT_DIR/password_protected.pem" +echo " password_protected.pem written (password: qwerty)" + +# ---------------------------------------------------------------------------- +# 5. CRL (empty — no revoked certs) +# ---------------------------------------------------------------------------- +echo "==> Generating CRL..." +openssl ca -config "$TMPDIR/ca.cnf" -gencrl -out "$SCRIPT_DIR/crl.pem" 2>/dev/null +echo " crl.pem written" + +# ---------------------------------------------------------------------------- +# 6. Wrong-host certificate (for KMS TLS tests — hostname deliberately wrong) +# ---------------------------------------------------------------------------- +echo "==> Generating wrong-host certificate..." +cat > "$TMPDIR/wrong_host_ext.cnf" << 'EOF' +[ v3_wrong_host ] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer +subjectAltName = DNS:wronghost.example.com +EOF + +openssl genrsa -out "$TMPDIR/wrong_host.key" 2048 2>/dev/null +openssl req -new \ + -key "$TMPDIR/wrong_host.key" \ + -out "$TMPDIR/wrong_host.csr" \ + -subj "/C=US/ST=New York/L=New York City/O=MongoDB/OU=Drivers/CN=wronghost.example.com" +openssl x509 -req -days $DAYS \ + -in "$TMPDIR/wrong_host.csr" \ + -CA "$TMPDIR/ca.pem" \ + -CAkey "$TMPDIR/ca.key" \ + -CAcreateserial \ + -out "$TMPDIR/wrong_host.crt" \ + -extfile "$TMPDIR/wrong_host_ext.cnf" \ + -extensions v3_wrong_host 2>/dev/null + +cat "$TMPDIR/wrong_host.key" "$TMPDIR/wrong_host.crt" > "$SCRIPT_DIR/wrong-host.pem" +echo " wrong-host.pem written (SAN: wronghost.example.com)" + +# ---------------------------------------------------------------------------- +# 7. Expired certificate (for KMS TLS tests — validity window in the past) +# ---------------------------------------------------------------------------- +echo "==> Generating expired certificate..." +openssl genrsa -out "$TMPDIR/expired.key" 2048 2>/dev/null +openssl req -new \ + -key "$TMPDIR/expired.key" \ + -out "$TMPDIR/expired.csr" \ + -subj "/C=US/ST=New York/L=New York City/O=MongoDB/OU=Drivers/CN=localhost" +openssl x509 -req \ + -not_before 20000101000000Z \ + -not_after 20010101000000Z \ + -in "$TMPDIR/expired.csr" \ + -CA "$TMPDIR/ca.pem" \ + -CAkey "$TMPDIR/ca.key" \ + -CAcreateserial \ + -out "$TMPDIR/expired.crt" \ + -extfile "$TMPDIR/ext.cnf" \ + -extensions v3_server 2>/dev/null + +cat "$TMPDIR/expired.key" "$TMPDIR/expired.crt" > "$SCRIPT_DIR/expired.pem" +echo " expired.pem written (expired 2001-01-01)" + +# ---------------------------------------------------------------------------- +# 8. Trusted Kernel Test CA (trusted-ca.pem) +# A separate CA used in CA-bundle tests; does NOT sign server/client certs. +# ---------------------------------------------------------------------------- +echo "==> Generating Trusted Kernel Test CA..." +cat > "$TMPDIR/trusted_ext.cnf" << 'EOF' +[ v3_trusted_ca ] +subjectKeyIdentifier = hash +basicConstraints = critical, CA:TRUE +keyUsage = critical, keyCertSign +EOF + +openssl genrsa -out "$TMPDIR/trusted_ca.key" 2048 2>/dev/null +openssl req -new -x509 -days $DAYS \ + -key "$TMPDIR/trusted_ca.key" \ + -out "$SCRIPT_DIR/trusted-ca.pem" \ + -subj "/C=US/ST=New York/L=New York City/O=MongoDB/OU=Kernel/CN=Trusted Kernel Test CA" \ + -extensions v3_trusted_ca \ + -config "$TMPDIR/trusted_ext.cnf" +echo " trusted-ca.pem written" + +# ---------------------------------------------------------------------------- +# Verify +# ---------------------------------------------------------------------------- +echo "" +echo "==> Verifying AKI is present on leaf certs..." +for cert in server.pem client.pem wrong-host.pem; do + result=$(openssl x509 -noout -text -in "$SCRIPT_DIR/$cert" 2>/dev/null | grep "Authority Key Identifier" | head -1) + if [ -n "$result" ]; then + echo " $cert: OK ($result)" + else + echo " $cert: MISSING AKI - check generation!" >&2 + exit 1 + fi +done + +echo "" +echo "Done. All certificates regenerated with AKI." diff --git a/test/certificates/password_protected.pem b/test/certificates/password_protected.pem index cc9e124703..32163a114c 100644 --- a/test/certificates/password_protected.pem +++ b/test/certificates/password_protected.pem @@ -1,51 +1,53 @@ -----BEGIN ENCRYPTED PRIVATE KEY----- -MIIFHzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQIC8as6PDVhwECAggA -MB0GCWCGSAFlAwQBAgQQTYOgCJcRqUI7dsgqNojv/ASCBNCG9fiu642V4AuFK34c -Q42lvy/cR0CIXLq/rDXN1L685kdeKex7AfDuRtnjY2+7CLJiJimgQNJXDJPHab/k -MBHbwbBs38fg6eSYX8V08/IyyTege5EJMhYxmieHDC3DXKt0gyHk6hA/r5+Mr49h -HeVGwqBLJEQ3gVIeHaOleZYspsXXWqOPHnFiqnk/biaJS0+LkDDEiQgTLEYSnOjP -lexxUc4BV/TN0Z920tZCMfwx7IXD/C+0AkV/Iqq4LALmT702EccB3indaIJ8biGR -radqDLR32Q+vT9uZHgT8EFiUsISMqhob2mnyTfFV/s9ghWwogjSz0HrRcq6fxdg7 -oeyT9K0ET53AGTGmV0206byPu6qCj1eNvtn+t1Ob+d5hecaTugRMVheWPlc5frsz -AcewDNa0pv4pZItjAGMqOPJHfzEDnzTJXpLqGYhg044H1+OCY8+1YK7U0u8dO+/3 -f5AoDMq18ipDVTFTooJURej4/Wjbrfad3ZFjp86nxfHPeWM1YjC9+IlLtK1wr0/U -V8TjGqCkw8yHayz01A86iA8X53YQBg+tyMGjxmivo6LgFGKa9mXGvDkN+B+0+OcA -PqldAuH/TJhnkqzja767e4n9kcr+TmV19Hn1hcJPTDrRU8+sSqQFsWN4pvHazAYB -UdWie+EXI0eU2Av9JFgrVcpRipXjB48BaPwuBw8hm+VStCH7ynF4lJy6/3esjYwk -Mx+NUf8+pp1DRzpzuJa2vAutzqia5r58+zloQMxkgTZtJkQU6OCRoUhHGVk7WNb1 -nxsibOSzyVSP9ZNbHIHAn43vICFGrPubRs200Kc4CdXsOSEWoP0XYebhiNJgGtQs -KoISsV4dFRLwhaJhIlayTBQz6w6Ph87WbtuiAqoLiuqdXhUGz/79j/6JZqCH8t/H -eZs4Dhu+HdD/wZKJDYAS+JBsiwYWnI3y/EowZYgLdOMI4u6xYDejhxwEw20LW445 -qjJ7pV/iX2uavazHgC91Bfd4zodfXIQ1IDyTmb51UFwx0ARzG6enntduO6xtcYU9 -MXwfrEpuZ/MkWTLkR0PHPbIPcR1MiVwPKdvrLk42Bzj/urtXYrAFUckMFMzEh+uv -0lix2hbq/Xwj4dXcY4w9hnC6QQDCJTf9S6MU6OisrZHKk0qZ2Vb4aU/eBcBsHBwo -X/QGcDHneHxlrrs2eLX26Vh8Odc5h8haeIxnfaa1t+Yv56OKHuAztPMnJOUL7KtQ -A556LxT0b5IGx0RcfUcbG8XbxEHseACptoDOoguh9923IBI0uXmpi8q0P815LPUu -0AsE47ATDMGPnXbopejRDicfgMGjykJn8vKO8r/Ia3Fpnomx4iJNCXGqomL+GMpZ -IhQbKNrRG6XZMlx5kVCT0Qr1nOWMiOTSDCQ5vrG3c1Viu+0bctvidEvs+LCm98tb -7ty8F0uOno0rYGNQz18OEE1Tj+E19Vauz1U35Z5SsgJJ/GfzhSJ79Srmdg2PsAzk -AUNTKXux1GLf1cMjTiiU5g+tCEtUL9Me7lsv3L6aFdrCyRbhXUQfJh4NAG8+3Pvh -EaprThBzKsVvbOfU81mOaH9YMmUgmxG86vxDiNtaWd4v6c1k+HGspJr/q49pcXZP -ltBMuS9AihstZ1sHJsyQCmNXkA== +MIIFJTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQDGn7dYhmn0u7DQZS +e+Fb2QICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEEeI3oDkWtJo14w7 +STucnF0EggTAM9qVjNQSvjtiSXRVhq6Ab1JVRmsr4VyVPhRTeGoj4z59g4/uFNLp +i12hGtZEH5Ql6icHY+X4vWrwt4IUhkdwzgcSLrZwYTEl5RP4C7N+iZb1PErNoe82 +iEC/gw3XpQZNWKEi8tjd8Wz6EHVn1zKS/7X/IOTlboIMlhnJgLHCqVhPLyxA78OT +2yNNQysHD6Vk3h83jkQAYy5W/pZIl5TVDLyLADt46cq3hDTS99S6jl+kwn0dijjo +mZUilPBman6TQt2vI/kNP0+Qy6DxYkBMLdhnPu40JpvcLpWAxMioqx7by7007W8H +3Aja81hqx2SN1IYVUEs8LshvL7YojhvkbTxH2ma+lnmkyxEBiwbMOiBV3OPEkWYv +HbAg1slT2UTCrClZ6CRPMtD6+fvEn2GgXmblCQf2W/3inTeARJ5p/oNjnFjoU0Yo +BIdVeqdqU09OsjUd8W4B0wKSEaSCpl/oSM2gw4fzEbaU2xlVevVyhrdDr0NS/j6w +QaDiUw0th3NViXy/BLb2l699h6TRInk4njhNNbJX+sYEFuMgwNKdj4PkPkP1t3PR +m91mpnGAhq82dMQnTLm536YXVbeJGQyX3kEXGStZNdQRfz68fAYQ56teQoZfOwDq +zKf4MT8JJfhZWy/dgCOkv72GMJM2ahThWUztbBnHiB0ODf9LdrqnPaDfpPgt4i0N +Gj+L3nuK1LOhp1Ay7Oij66yxWm5bJJ0M7RGgGQsZipEf8+N9iSA9cw1ZKOnSqyMQ +gSAjlnRK0OHyTauyOl22FeEzF7gtWKyLTgnw1zn22oaxZZLOhdcRJJz49bdl3pUm +Lv8JxfN2dbcC/XgOMoC+wFS//WnHro3qvloUEVeYA6acxfvjJizYlGEmw5xG+ZCG +Ju+tKWgA9lUpQXR9peMa958cLSCqlaWSFTSBQ6AMUw0rVZGlMxb1tVmmhRKYOhUN +Eugp0wUKrYArHzfkzqWv0JO2MHi2kbAZCJpFBrrt8ijF8t0KmWsFRl9P4QtBJ2dI +QcMBtgvWC3tr3CFZQ5UpiaP1whLFTG7GhZc7OHG2QF+Ba5fn1HgUgH35W8TQ80XS +uAkkF6GuxGOSTtsvF0nEkNALGM8E1/I+VVZ88d7sA2ws7GHyxtNYUYAdf6hE5X2t +82oIMrN058IL/Bpi/s+xe5zU5NYFXZLUfvlQW//1hDrTF8Vs4UbF882Xae+HNmvF +D9/bafdrdvJSEJ91A4hRl3M+G+qnnJza3fEnY7UKg597X1tSntNc9Grn2M/uKeGp +2df7K8VrEV6GQafbHq7PAOn6vTlwZAgljEj0LUk7ts8I0KY0hpxCo+Y2WKcmiB3P +b8BY/3j0DuJXacv2tC4RrUIC6pHcdQLJTCeCHQMC2IjCwlmnFqtTZ7RUooYmAxJd +DYNRzVw9aYUq7oAhab2x2iWqgTReqlVnKuytNAFJVu+34S8AbCcSrsoa7Xmjqkwr +qxyGb5pW9ZmSM/k0N0hLI/6BbKb7lQYm2EYJiksOhL+EAjH3Qfq6D27zh5UM97dp +7a93RbxCFAFjT+OZQr5PJ7oxRXcCSnabTXA4J6f8JRgfQIhbOfsfovCpxrqa0MSX +tKYeRyZHLqLs9Cgfv9eQhOF9gGddfJ6QKw== -----END ENCRYPTED PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIIDgzCCAmugAwIBAgIDBXUHMA0GCSqGSIb3DQEBCwUAMHkxGzAZBgNVBAMTEkRy -aXZlcnMgVGVzdGluZyBDQTEQMA4GA1UECxMHRHJpdmVyczEQMA4GA1UEChMHTW9u -Z29EQjEWMBQGA1UEBxMNTmV3IFlvcmsgQ2l0eTERMA8GA1UECBMITmV3IFlvcmsx -CzAJBgNVBAYTAlVTMB4XDTE5MDUyMzAwMDEyOVoXDTM5MDUyMzAwMDEyOVowaTEP -MA0GA1UEAxMGY2xpZW50MRAwDgYDVQQLEwdEcml2ZXJzMQwwCgYDVQQKEwNNREIx -FjAUBgNVBAcTDU5ldyBZb3JrIENpdHkxETAPBgNVBAgTCE5ldyBZb3JrMQswCQYD -VQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOqCb0Lo4XsV -W327Wlnqc5rwWa5Elw0rFuehSfViRIcYfuFWAPXoOj3fIDsYz6d41G8hp6tkF88p -swlbzDF8Fc7mXDhauwwl2F/NrWYUXwCT8fKju4DtGd2JlDMi1TRDeofkYCGVPp70 -vNqd0H8iDWWs8OmiNrdBLJwNiGaf9y15ena4ImQGitXLFn+qNSXYJ1Rs8p7Y2PTr -L+dff5gJCVbANwGII1rjMAsrMACPVmr8c1Lxoq4fSdJiLweosrv2Lk0WWGsO0Seg -ZY71dNHEyNjItE+VtFEtslJ5L261i3BfF/FqNnH2UmKXzShwfwxyHT8o84gSAltQ -5/lVJ4QQKosCAwEAAaMkMCIwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUF -BwMCMA0GCSqGSIb3DQEBCwUAA4IBAQBOAlKxIMFcTZ+4k8NJv97RSf+zOb5Wu2ct -uxSZxzgKTxLFUuEM8XQiEz1iHQ3XG+uV1fzA74YLQiKjjLrU0mx54eM1vaRtOXvF -sJlzZU8Z2+523FVPx4HBPyObQrfXmIoAiHoQ4VUeepkPRpXxpifgWd/OCWhLDr2/ -0Kgcb0ybaGVDpA0UD9uVIwgFjRu6id7wG+lVcdRxJYskTOOaN2o1hMdAKkrpFQbd -zNRfEoBPUYR3QAmAKP2HBjpgp4ktOHoOKMlfeAuuMCUocSnmPKc3xJaH/6O7rHcf -/Rm0X411RH8JfoXYsSiPsd601kZefhuWvJH0sJLibRDvT7zs8C1v +MIID1DCCArygAwIBAgIUAYDeF//Jvzjf1eM+TBMe+oo6hhswDQYJKoZIhvcNAQEL +BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O +ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA1MDE0MzE4WhcN +NDYwNTMxMDE0MzE4WjBpMQ8wDQYDVQQDDAZjbGllbnQxEDAOBgNVBAsMB0RyaXZl +cnMxDDAKBgNVBAoMA01EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UE +CAwITmV3IFlvcmsxCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAuACst8jdcpVIgqz/MKn2Mzu3PpfpS/VfCLc9Obsxwzp8RVVXlbNF +3782+0nP8XqZwZQiEQz+bnJsogkMNqWivkqnZOHbXgY+aQV6ceSgvKIuryK1NeoA +eOn9X6U1TKVOgMTGzDstIvJrSUgB/mIAXMho6YsdiNj0FDUqdrQLfQyZcc5kXHJS +ZJJMh2TzGT5Ah9EdxcOjCBsIJodeHkIasb1MXJ1wylbdMtHurlVOnRe26sgIr88S +FN6hZscVgrBUgDaaVND+kwZCMcrFIHVf62JAVcSBIvjWaJnho0d/4ilZKaOsnq0K +GkTliFpySy2OQcyXPaBucZ6AINaiTNRA0QIDAQABo2QwYjAdBgNVHQ4EFgQUPQii +N1XUM2emxoJgNj8ry0yxRh4wHwYDVR0jBBgwFoAUB50IIrPuRoi8r2aSkct2HJ8a +0XIwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB +CwUAA4IBAQBIcLppLz1x+xEqvIWuopnRNqejMOxBqoHgoJs4p8EAmgi0HYZZq3NA +EnIMWE6AUIDbeI1bM64oKY17dQrNKF0okoNUNXW66vfsHLiKhnXsAxanlCeHLYIZ +cKS0/npzpFhKPd2GZM2jPXDNM2u9RAyoi+da5/NcWEoH6QEeAoll5/7dGABS2EM/ +tnKf74sjVQuYwPcWP0S4d5PIkb1t9PwCaKQ0wwZ6WM8lmtiiWOVNpgAjszBrvR5F +52xHHyoTkoXJRd/xV+xD2QPxPX12haVSeQNwAeW6vg4U0oSAECC3WIS/TfnkP1zS +cbmduwH5VCdKRaJXcKXP+YuK8XQfV3IA -----END CERTIFICATE----- diff --git a/test/certificates/server.pem b/test/certificates/server.pem index e745e037fc..95fb7f32a8 100644 --- a/test/certificates/server.pem +++ b/test/certificates/server.pem @@ -1,49 +1,107 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAhNrB0E6GY/kFSd8/vNpu/t952tbnOsD5drV0XPvmuy7SgKDY -a/S+xb/jPnlZKKehdBnH7qP/gYbv34ZykzcDFZscjPLiGc2cRGP+NQCSFK0d2/7d -y15zSD3zhj14G8+MkpAejTU+0/qFNZMc5neDvGanTe0+8aWa0DXssM0MuTxIv7j6 -CtsMWeqLLofN7a1Kw2UvmieCHfHMuA/08pJwRnV/+5T9WONBPJja2ZQRrG1BjpI4 -81zSPUZesIqi8yDlExdvgNaRZIEHi/njREqwVgJOZomUY57zmKypiMzbz48dDTsV -gUStxrEqbaP+BEjQYPX5+QQk4GdMjkLf52LR6QIDAQABAoIBAHSs+hHLJNOf2zkp -S3y8CUblVMsQeTpsR6otaehPgi9Zy50TpX4KD5D0GMrBH8BIl86y5Zd7h+VlcDzK -gs0vPxI2izhuBovKuzaE6rf5rFFkSBjxGDCG3o/PeJOoYFdsS3RcBbjVzju0hFCs -xnDQ/Wz0anJRrTnjyraY5SnQqx/xuhLXkj/lwWoWjP2bUqDprnuLOj16soNu60Um -JziWbmWx9ty0wohkI/8DPBl9FjSniEEUi9pnZXPElFN6kwPkgdfT5rY/TkMH4lsu -ozOUc5xgwlkT6kVjXHcs3fleuT/mOfVXLPgNms85JKLucfd6KiV7jYZkT/bXIjQ+ -7CZEn0ECgYEA5QiKZgsfJjWvZpt21V/i7dPje2xdwHtZ8F9NjX7ZUFA7mUPxUlwe -GiXxmy6RGzNdnLOto4SF0/7ebuF3koO77oLup5a2etL+y/AnNAufbu4S5D72sbiz -wdLzr3d5JQ12xeaEH6kQNk2SD5/ShctdS6GmTgQPiJIgH0MIdi9F3v0CgYEAlH84 -hMWcC+5b4hHUEexeNkT8kCXwHVcUjGRaYFdSHgovvWllApZDHSWZ+vRcMBdlhNPu -09Btxo99cjOZwGYJyt20QQLGc/ZyiOF4ximQzabTeFgLkTH3Ox6Mh2Rx9yIruYoX -nE3UfMDkYELanEJUv0zenKpZHw7tTt5yXXSlEF0CgYBSsEOvVcKYO/eoluZPYQAA -F2jgzZ4HeUFebDoGpM52lZD+463Dq2hezmYtPaG77U6V3bUJ/TWH9VN/Or290vvN -v83ECcC2FWlSXdD5lFyqYx/E8gqE3YdgqfW62uqM+xBvoKsA9zvYLydVpsEN9v8m -6CSvs/2btA4O21e5u5WBTQKBgGtAb6vFpe0gHRDs24SOeYUs0lWycPhf+qFjobrP -lqnHpa9iPeheat7UV6BfeW3qmBIVl/s4IPE2ld4z0qqZiB0Tf6ssu/TpXNPsNXS6 -dLFz+myC+ufFdNEoQUtQitd5wKbjTCZCOGRaVRgJcSdG6Tq55Fa22mOKPm+mTmed -ZdKpAoGAFsTYBAHPxs8nzkCJCl7KLa4/zgbgywO6EcQgA7tfelB8bc8vcAMG5o+8 -YqAfwxrzhVSVbJx0fibTARXROmbh2pn010l2wj3+qUajM8NiskCPFbSjGy7HSUze -P8Kt1uMDJdj55gATzn44au31QBioZY2zXleorxF21cr+BZCJgfA= ------END RSA PRIVATE KEY----- ------BEGIN CERTIFICATE----- -MIIDlTCCAn2gAwIBAgICdxUwDQYJKoZIhvcNAQELBQAweTEbMBkGA1UEAxMSRHJp -dmVycyBUZXN0aW5nIENBMRAwDgYDVQQLEwdEcml2ZXJzMRAwDgYDVQQKEwdNb25n -b0RCMRYwFAYDVQQHEw1OZXcgWW9yayBDaXR5MREwDwYDVQQIEwhOZXcgWW9yazEL -MAkGA1UEBhMCVVMwHhcNMTkwNTIyMjIzMjU2WhcNMzkwNTIyMjIzMjU2WjBwMRIw -EAYDVQQDEwlsb2NhbGhvc3QxEDAOBgNVBAsTB0RyaXZlcnMxEDAOBgNVBAoTB01v -bmdvREIxFjAUBgNVBAcTDU5ldyBZb3JrIENpdHkxETAPBgNVBAgTCE5ldyBZb3Jr -MQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAITa -wdBOhmP5BUnfP7zabv7fedrW5zrA+Xa1dFz75rsu0oCg2Gv0vsW/4z55WSinoXQZ -x+6j/4GG79+GcpM3AxWbHIzy4hnNnERj/jUAkhStHdv+3ctec0g984Y9eBvPjJKQ -Ho01PtP6hTWTHOZ3g7xmp03tPvGlmtA17LDNDLk8SL+4+grbDFnqiy6Hze2tSsNl -L5ongh3xzLgP9PKScEZ1f/uU/VjjQTyY2tmUEaxtQY6SOPNc0j1GXrCKovMg5RMX -b4DWkWSBB4v540RKsFYCTmaJlGOe85isqYjM28+PHQ07FYFErcaxKm2j/gRI0GD1 -+fkEJOBnTI5C3+di0ekCAwEAAaMwMC4wLAYDVR0RBCUwI4IJbG9jYWxob3N0hwR/ -AAABhxAAAAAAAAAAAAAAAAAAAAABMA0GCSqGSIb3DQEBCwUAA4IBAQBol8+YH7MA -HwnIh7KcJ8h87GkCWsjOJCDJWiYBJArQ0MmgDO0qdx+QEtvLMn3XNtP05ZfK0WyX -or4cWllAkMFYaFbyB2hYazlD1UAAG+22Rku0UP6pJMLbWe6pnqzx+RL68FYdbZhN -fCW2xiiKsdPoo2VEY7eeZKrNr/0RFE5EKXgzmobpTBQT1Dl3Ve4aWLoTy9INlQ/g -z40qS7oq1PjjPLgxINhf4ncJqfmRXugYTOnyFiVXLZTys5Pb9SMKdToGl3NTYWLL -2AZdjr6bKtT+WtXyHqO0cQ8CkAW0M6VOlMluACllcJxfrtdlQS2S4lUIj76QKBdZ -khBHXq/b8MFX ------END CERTIFICATE----- +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC+qUpDlPLxEh16 +vAuN0M/t7i5cGBU3UQu+MfA9l59iPV6Yme9PQOMXiATEb7yp5G7AaqHqoofz7ntV +ZaPF82ZRGb2jOwplU2wsCIGKO+4ujUaZPThZgLXR7sVX6qSfRM4PYjSqm1Cv5AYC +GOHK1hesAMP5sGdf4LGIIWL9ngEAPrwARpgxVS7RtH1GX5yWUpYjhEyjpMWXkYUE +wFll00LGOqiK+U7V2yyCRU4BUSggFLhbL1n6z1eMFxHwAgJZo/boodPCPhxXFU+c +wFvQbiBlABujyY+iHkSpyytM13hUoWBfM3FLB2zSgmKMAbvaPs+CNjapW1kJGaBg +L1HfqcS3AgMBAAECggEAUTazV44+3cklnX40PbhQmbz3KmtnviRbqCyFdPb9AU+6 +163abhvpn8Bkp3ghGQ0gz/2b8uJAnvtatcmRtWQ0lR8t1DX1+6tJTIhjBYr5rgKn +q+aT9iwJRt86WHSuotkgHRVr8bAu8n1iwcnvhAMmGjJJSDaIEiMX/DCchgOj0YIq +VLJYQkrj6Dii33GeF5eQ4jr27I1RIQSvDEvSffuJpKNbWFap+/epja1MZIenioiu +Vrm6jLPtlqacpREPL8pCGTlAd0GM/nJ/8BrzrodL0P+h7FwnpfDENTWnE9oVSMdL +1t4c1psf3X+hYyMOs9/jtVzoXzeVraGHvwyopv5k4QKBgQD0Dl1PsISWg8mp6CVW +aeIG3cO8oUh5oxwmLQRS16//GMIJCo5o8+6W+3qI6ZGOwwo/THm/GKyuYUN8UKrx ++iNhDJbab3YM24lXDA5QFqO8Dv2JhyXfAb5DQk1ZsdIjbfA6G9T65Foa6dl0IXmi +ByfGXa+tRPNThUvV6XRUEelA5QKBgQDH/fkoU+NIRgaaEiVQneFZz6OlnnmEM+/+ +/Ctm09nCFJLZt8nFisD+F9dVKSv0m1xWgkrG4Pm9bbHq1iBn/09qNp2Jn6W5bYoB +RYI3EdXjb0B/vAm8295afEXXGA6szOZLlcY8sc0QPkdxMmeoV4XkFTlFBE0gNTPm +Q1YCk1PBawKBgDHsVk4cz6JyZugooqqgkinRZ17IpyiqovF0N/QyRsAp8lcjH6p8 +a4va+V/UV4AaiZgVLrpWc8xf/QwK/EzvXBlYF+uq7T0IE3oI70yWtPudHWPqj2ak +1qSvhV8ZruCsdn2Mf+6qk3v55g+JYXYxfINpWqxY9GVbWP3y+WbRGyO5AoGAO7nJ +UxXaZpcjGZgZtL2xsxSjlq6BM84e+lNs0sSp36AtSv/sLiaGBFwyXqhxDBfpt5wp +oMNHUh8UZ0GTY/uHR/0Phy46W+ousLqFbNTSv51V8c/CSLiQ6wz5/oacu1Zl4GTW +UwH2b8dpppCbDFc3ESqVc9sY/WlmGno5kYNWHAkCgYEAhd7xgqJUpM7Klbsl3BR/ +6iEZ30Exf1wlC+nWJSK4iHFH9l9BGHjImENxpKa62Akm0VvE9n1KgKxK1IESziiE +9kAXspYyBT/clOo4v0w5rPIiQ3itm5+ew9gaFiJ+Yfi8MYTIwznsqXvyekqLSrFo +w9efOvZV+XaA79X+bEEd2BA= +-----END PRIVATE KEY----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=New York, L=New York City, O=MongoDB, OU=Drivers, CN=Drivers Testing CA + Validity + Not Before: Jun 5 01:43:18 2026 GMT + Not After : May 31 01:43:18 2046 GMT + Subject: C=US, ST=New York, O=MongoDB, OU=Drivers, CN=localhost + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:be:a9:4a:43:94:f2:f1:12:1d:7a:bc:0b:8d:d0: + cf:ed:ee:2e:5c:18:15:37:51:0b:be:31:f0:3d:97: + 9f:62:3d:5e:98:99:ef:4f:40:e3:17:88:04:c4:6f: + bc:a9:e4:6e:c0:6a:a1:ea:a2:87:f3:ee:7b:55:65: + a3:c5:f3:66:51:19:bd:a3:3b:0a:65:53:6c:2c:08: + 81:8a:3b:ee:2e:8d:46:99:3d:38:59:80:b5:d1:ee: + c5:57:ea:a4:9f:44:ce:0f:62:34:aa:9b:50:af:e4: + 06:02:18:e1:ca:d6:17:ac:00:c3:f9:b0:67:5f:e0: + b1:88:21:62:fd:9e:01:00:3e:bc:00:46:98:31:55: + 2e:d1:b4:7d:46:5f:9c:96:52:96:23:84:4c:a3:a4: + c5:97:91:85:04:c0:59:65:d3:42:c6:3a:a8:8a:f9: + 4e:d5:db:2c:82:45:4e:01:51:28:20:14:b8:5b:2f: + 59:fa:cf:57:8c:17:11:f0:02:02:59:a3:f6:e8:a1: + d3:c2:3e:1c:57:15:4f:9c:c0:5b:d0:6e:20:65:00: + 1b:a3:c9:8f:a2:1e:44:a9:cb:2b:4c:d7:78:54:a1: + 60:5f:33:71:4b:07:6c:d2:82:62:8c:01:bb:da:3e: + cf:82:36:36:a9:5b:59:09:19:a0:60:2f:51:df:a9: + c4:b7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 90:97:88:F8:24:23:75:CF:5A:A6:3A:DF:44:A3:5A:DD:84:57:B2:F9 + X509v3 Authority Key Identifier: + 07:9D:08:22:B3:EE:46:88:BC:AF:66:92:91:CB:76:1C:9F:1A:D1:72 + X509v3 Subject Alternative Name: + DNS:localhost, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 0e:70:c7:0a:1a:ff:56:d8:e4:07:d0:e1:89:e8:0e:54:75:e5: + 66:73:28:88:5f:18:26:4f:32:af:8a:a4:74:2d:b1:70:38:68: + 0d:53:42:b9:82:be:77:f7:2c:31:c6:9b:42:68:f9:c8:d0:dc: + 3f:0e:48:89:b1:87:1d:14:f9:f8:ef:8f:63:3c:75:f3:79:dc: + a3:7c:de:8e:4f:29:2b:4c:17:99:da:69:43:9e:c0:03:28:f5: + d1:97:0f:14:58:de:80:15:58:7b:97:53:74:78:91:07:80:28: + 76:88:f6:f3:2a:49:23:95:2e:7e:bd:32:e3:1e:c0:a2:62:7f: + 3a:a7:f5:96:a8:91:90:c4:ed:31:66:80:01:0e:32:95:20:5b: + 6f:de:69:86:ea:48:ba:1b:bb:21:e9:49:07:31:8e:ba:2a:b7: + 3f:61:d1:a2:2b:fb:0c:16:17:9c:b3:c1:d6:ca:b4:af:74:3e: + 48:ca:c0:81:94:4e:ab:b9:65:b6:71:24:66:8b:ff:02:28:7b: + f7:d7:c9:63:3d:22:8c:54:dc:79:ce:e5:82:b0:64:68:3e:8a: + 84:96:80:73:2c:e8:e3:2c:19:34:3a:dc:cf:1f:ff:e1:b6:4c: + f9:b3:d2:2a:cb:ae:8d:76:aa:b9:cd:b5:80:75:6a:d2:b8:74: + ba:96:ad:e3 +-----BEGIN CERTIFICATE----- +MIIDvDCCAqSgAwIBAgIBATANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER +MA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNV +BAoMB01vbmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMg +VGVzdGluZyBDQTAeFw0yNjA2MDUwMTQzMThaFw00NjA1MzEwMTQzMThaMFgxCzAJ +BgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazEQMA4GA1UECgwHTW9uZ29EQjEQ +MA4GA1UECwwHRHJpdmVyczESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvqlKQ5Ty8RIderwLjdDP7e4uXBgVN1ELvjHw +PZefYj1emJnvT0DjF4gExG+8qeRuwGqh6qKH8+57VWWjxfNmURm9ozsKZVNsLAiB +ijvuLo1GmT04WYC10e7FV+qkn0TOD2I0qptQr+QGAhjhytYXrADD+bBnX+CxiCFi +/Z4BAD68AEaYMVUu0bR9Rl+cllKWI4RMo6TFl5GFBMBZZdNCxjqoivlO1dssgkVO +AVEoIBS4Wy9Z+s9XjBcR8AICWaP26KHTwj4cVxVPnMBb0G4gZQAbo8mPoh5Eqcsr +TNd4VKFgXzNxSwds0oJijAG72j7PgjY2qVtZCRmgYC9R36nEtwIDAQABo3AwbjAd +BgNVHQ4EFgQUkJeI+CQjdc9apjrfRKNa3YRXsvkwHwYDVR0jBBgwFoAUB50IIrPu +Roi8r2aSkct2HJ8a0XIwLAYDVR0RBCUwI4IJbG9jYWxob3N0hwR/AAABhxAAAAAA +AAAAAAAAAAAAAAABMA0GCSqGSIb3DQEBCwUAA4IBAQAOcMcKGv9W2OQH0OGJ6A5U +deVmcyiIXxgmTzKviqR0LbFwOGgNU0K5gr539ywxxptCaPnI0Nw/DkiJsYcdFPn4 +749jPHXzedyjfN6OTykrTBeZ2mlDnsADKPXRlw8UWN6AFVh7l1N0eJEHgCh2iPbz +KkkjlS5+vTLjHsCiYn86p/WWqJGQxO0xZoABDjKVIFtv3mmG6ki6G7sh6UkHMY66 +Krc/YdGiK/sMFhecs8HWyrSvdD5IysCBlE6ruWW2cSRmi/8CKHv318ljPSKMVNx5 +zuWCsGRoPoqEloBzLOjjLBk0OtzPH//htkz5s9Iqy66Ndqq5zbWAdWrSuHS6lq3j +-----END CERTIFICATE----- diff --git a/test/certificates/trusted-ca.pem b/test/certificates/trusted-ca.pem index a6f6f312d0..39165b7152 100644 --- a/test/certificates/trusted-ca.pem +++ b/test/certificates/trusted-ca.pem @@ -1,82 +1,23 @@ -# CA bundle file used to test tlsCAFile loading for OCSP. -# Copied from the server: -# https://github.com/mongodb/mongo/blob/r4.3.4/jstests/libs/trusted-ca.pem - -# Autogenerated file, do not edit. -# Generate using jstests/ssl/x509/mkcert.py --config jstests/ssl/x509/certs.yml trusted-ca.pem -# -# CA for alternate client/server certificate chain. -----BEGIN CERTIFICATE----- -MIIDojCCAooCBG585gswDQYJKoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMxETAP -BgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1OZXcgWW9yayBDaXR5MRAwDgYDVQQK -DAdNb25nb0RCMQ8wDQYDVQQLDAZLZXJuZWwxHzAdBgNVBAMMFlRydXN0ZWQgS2Vy -bmVsIFRlc3QgQ0EwHhcNMTkwOTI1MjMyNzQxWhcNMzkwOTI3MjMyNzQxWjB8MQsw -CQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3Jr -IENpdHkxEDAOBgNVBAoMB01vbmdvREIxDzANBgNVBAsMBktlcm5lbDEfMB0GA1UE -AwwWVHJ1c3RlZCBLZXJuZWwgVGVzdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBANlRxtpMeCGhkotkjHQqgqvO6O6hoRoAGGJlDaTVtqrjmC8nwySz -1nAFndqUHttxS3A5j4enOabvffdOcV7+Z6vDQmREF6QZmQAk81pmazSc3wOnRiRs -AhXjld7i+rhB50CW01oYzQB50rlBFu+ONKYj32nBjD+1YN4AZ2tuRlbxfx2uf8Bo -Zowfr4n9nHVcWXBLFmaQLn+88WFO/wuwYUOn6Di1Bvtkvqum0or5QeAF0qkJxfhg -3a4vBnomPdwEXCgAGLvHlB41CWG09EuAjrnE3HPPi5vII8pjY2dKKMomOEYmA+KJ -AC1NlTWdN0TtsoaKnyhMMhLWs3eTyXL7kbkCAwEAAaMxMC8wDAYDVR0TBAUwAwEB -/zAfBgNVHREEGDAWgglsb2NhbGhvc3SCCTEyNy4wLjAuMTANBgkqhkiG9w0BAQsF -AAOCAQEAQk56MO9xAhtO077COCqIYe6pYv3uzOplqjXpJ7Cph7GXwQqdFWfKls7B -cLfF/fhIUZIu5itStEkY+AIwht4mBr1F5+hZUp9KZOed30/ewoBXAUgobLipJV66 -FKg8NRtmJbiZrrC00BSO+pKfQThU8k0zZjBmNmpjxnbKZZSFWUKtbhHV1vujver6 -SXZC7R6692vLwRBMoZxhgy/FkYRdiN0U9wpluKd63eo/O02Nt6OEMyeiyl+Z3JWi -8g5iHNrBYGBbGSnDOnqV6tjEY3eq600JDWiodpA1OQheLi78pkc/VQZwof9dyBCm -6BoCskTjip/UB+vIhdPFT9sgUdgDTg== ------END CERTIFICATE----- ------BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDZUcbaTHghoZKL -ZIx0KoKrzujuoaEaABhiZQ2k1baq45gvJ8Mks9ZwBZ3alB7bcUtwOY+Hpzmm7333 -TnFe/merw0JkRBekGZkAJPNaZms0nN8Dp0YkbAIV45Xe4vq4QedAltNaGM0AedK5 -QRbvjjSmI99pwYw/tWDeAGdrbkZW8X8drn/AaGaMH6+J/Zx1XFlwSxZmkC5/vPFh -Tv8LsGFDp+g4tQb7ZL6rptKK+UHgBdKpCcX4YN2uLwZ6Jj3cBFwoABi7x5QeNQlh -tPRLgI65xNxzz4ubyCPKY2NnSijKJjhGJgPiiQAtTZU1nTdE7bKGip8oTDIS1rN3 -k8ly+5G5AgMBAAECggEAS7GjLKgT88reSzUTgubHquYf1fZwMak01RjTnsVdoboy -aMJVwzPsjgo2yEptUQvuNcGmz54cg5vJaVlmPaspGveg6WGaRmswEo/MP4GK98Fo -IFKkKM2CEHO74O14XLN/w8yFA02+IdtM3X/haEFE71VxXNmwawRXIBxN6Wp4j5Fb -mPLKIspnWQ/Y/Fn799sCFAzX5mKkbCt1IEgKssgQQEm1UkvmCkcZE+mdO/ErYP8A -COO0LpM+TK6WQY2LKiteeCCiosTZFb1GO7MkXrRP5uOBZKaW5kq1R0b6PcopJPCM -OcYF0Zli6KB7oiQLdXgU2jCaxYOnuRb6RYh2l7NvAQKBgQD6CZ9TKOn/EUQtukyw -pvYTyt1hoLXqYGcbRtLc1gcC+Z2BD28hd3eD/mEUv+g/8bq/OP4wYV9X+VRvR8xN -MmfAG/sJeOCOClz1A1TyNeA+G0GZ25qWHyHQ2W4WlSG1CXQgxGzU6wo/t6wiVW5R -O4jplFVEOXznf4vmVfBJK50R2QKBgQDegGxm23jF2N5sIYDZ14oxms8bbjPz8zH6 -tiIRYNGbSzI7J4KFGY2HiBwtf1yxS22HBL69Y1WrEzGm1vm4aZG/GUwBzI79QZAO -+YFIGaIrdlv12Zm6lpJMmAWlOs9XFirC17oQEwOQFweOdQSt7F/+HMZOigdikRBV -pK+8Kfay4QKBgQDarDevHwUmkg8yftA7Xomv3aenjkoK5KzH6jTX9kbDj1L0YG8s -sbLQuVRmNUAFTH+qZUnJPh+IbQIvIHfIu+CI3u+55QFeuCl8DqHoAr5PEr9Ys/qK -eEe2w7HIBj0oe1AYqDEWNUkNWLEuhdCpMowW3CeGN1DJlX7gvyAang4MYQKBgHwM -aWNnFQxo/oiWnTnWm2tQfgszA7AMdF7s0E2UBwhnghfMzU3bkzZuwhbznQATp3rR -QG5iRU7dop7717ni0akTN3cBTu8PcHuIy3UhJXLJyDdnG/gVHnepgew+v340E58R -muB/WUsqK8JWp0c4M8R+0mjTN47ShaLZ8EgdtTbBAoGBAKOcpuDfFEMI+YJgn8zX -h0nFT60LX6Lx+zcSDY9+6J6a4n5NhC+weYCDFOGlsLka1SwHcg1xanfrLVjpH7Ok -HDJGLrSh1FP2Rq/oFxZ/OKCjonHLa8IulqD/AA+sqYRbysKNsT3Pi0554F2xFEqQ -z/C84nlT1R2uTCWIxvrnpU2h ------END PRIVATE KEY----- -# Pre Oct 2019 trusted-ca.pem -# Transitional pending BUILD update. ------BEGIN CERTIFICATE----- -MIIDpjCCAo6gAwIBAgIDAghHMA0GCSqGSIb3DQEBBQUAMHwxHzAdBgNVBAMTFlRy -dXN0ZWQgS2VybmVsIFRlc3QgQ0ExDzANBgNVBAsTBktlcm5lbDEQMA4GA1UEChMH -TW9uZ29EQjEWMBQGA1UEBxMNTmV3IFlvcmsgQ2l0eTERMA8GA1UECBMITmV3IFlv -cmsxCzAJBgNVBAYTAlVTMB4XDTE2MDMzMTE0NTY1NVoXDTM2MDMzMTE0NTY1NVow -fDEfMB0GA1UEAxMWVHJ1c3RlZCBLZXJuZWwgVGVzdCBDQTEPMA0GA1UECxMGS2Vy -bmVsMRAwDgYDVQQKEwdNb25nb0RCMRYwFAYDVQQHEw1OZXcgWW9yayBDaXR5MREw -DwYDVQQIEwhOZXcgWW9yazELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUA -A4IBDwAwggEKAoIBAQCePFHZTydC96SlSHSyu73vw//ddaE33kPllBB9DP2L7yRF -6D/blFmno9fSM+Dfg64VfGV+0pCXPIZbpH29nzJu0DkvHzKiWK7P1zUj8rAHaX++ -d6k0yeTLFM9v+7YE9rHoANVn22aOyDvTgAyMmA0CLn+SmUy6WObwMIf9cZn97Znd -lww7IeFNyK8sWtfsVN4yRBnjr7kKN2Qo0QmWeFa7jxVQptMJQrY8k1PcyVUOgOjQ -ocJLbWLlm9k0/OMEQSwQHJ+d9weUbKjlZ9ExOrm4QuuA2tJhb38baTdAYw3Jui4f -yD6iBAGD0Jkpc+3YaWv6CBmK8NEFkYJD/gn+lJ75AgMBAAGjMTAvMAwGA1UdEwQF -MAMBAf8wHwYDVR0RBBgwFoIJbG9jYWxob3N0ggkxMjcuMC4wLjEwDQYJKoZIhvcN -AQEFBQADggEBADYikjB6iwAUs6sglwkE4rOkeMkJdRCNwK/5LpFJTWrDjBvBQCdA -Y5hlAVq8PfIYeh+wEuSvsEHXmx7W29X2+p4VuJ95/xBA6NLapwtzuiijRj2RBAOG -1EGuyFQUPTL27DR3+tfayNykDclsVDNN8+l7nt56j8HojP74P5OMHtn+6HX5+mtF -FfZMTy0mWguCsMOkZvjAskm6s4U5gEC8pYEoC0ZRbfUdyYsxZe/nrXIFguVlVPCB -XnfB/0iG9t+VH5cUVj1LP9skXTW4kXfhQmljUuo+EVBNR6n2nfTnpoC65WeAgHV4 -V+s9mJsUv2x72KtKYypqEVT0gaJ1WIN9N1s= +MIIDyDCCArCgAwIBAgIUXOZb4M9mVy82gQz6t1aJHVdG+/owDQYJKoZIhvcNAQEL +BQAwfDELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O +ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMQ8wDQYDVQQLDAZLZXJuZWwx +HzAdBgNVBAMMFlRydXN0ZWQgS2VybmVsIFRlc3QgQ0EwHhcNMjYwNjA1MDE0MzE4 +WhcNNDYwNTMxMDE0MzE4WjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlv +cmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxDzAN +BgNVBAsMBktlcm5lbDEfMB0GA1UEAwwWVHJ1c3RlZCBLZXJuZWwgVGVzdCBDQTCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANkffnDicTbF3B8yzIxz7DP8 +rvy9yVOOGoLyiXITiHmTMNIhfYUdxGqO4RRReztQvW7s6yOQdvqNE8LD7WrzsXOz +JOovPuQZMr6mnSu0bU98Eyar9SfRTbGVmkZiCJTT8jV9wP9nxgFag+1Y6DPUwbOp +zyt9/961woScVbJJwVAdJUv/cp7l7dT16rCS4yuDf+m6xI9Svev7iPcqcyIRDLD5 +EXS1RI8ZLmA3ueIqPQbnRiPzjVRgq56czkZ/g2USJlFlgYoeLAV7JnjYi6Rs/umw +0YqfNl6rD4BznrF4CGuvliWaZu/3pAv/ejmGJNMUbgi3gVAG9nZKzIdiFTtR3xEC +AwEAAaNCMEAwHQYDVR0OBBYEFH69MHf4jQo9TLkJRhgOFoQpFblIMA8GA1UdEwEB +/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4IBAQDFN3c7 +24yHj5lEvZX0H2IH25+5KhFouhkEgQk8OjcB8lpyJEB1scWX0v6RNNr4pmHNs/SF +FOqnVl+JMbcF+HuDM8pVVYeaDe/ZS/pAp6U9HwSNSYltEPThnVfQWKKPeI+8W0YY +WANQPhA8TAYft7lWxaUNlpI1RPEy/YTuMzxZC2H5CPnnIll+zTgt78Bi5halR0YO +EovTitdUom2y0UNPPczCRWoFjHE8MM+xeNhV2ybd8qT5L0sO9FDdh7UoYS1LmL0k ++naes5qWFXhvYXelWwr60H/MI53p+UMGfW95e4IyU4WPXh5Z2jG3hc6tg5kt1ThS +tLX9wRS/xICXNu2l -----END CERTIFICATE----- diff --git a/test/certificates/wrong-host.pem b/test/certificates/wrong-host.pem new file mode 100644 index 0000000000..c67bc1bfc3 --- /dev/null +++ b/test/certificates/wrong-host.pem @@ -0,0 +1,51 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCHx0jJhZSsT6J7 +qZZ3+15MvBddhi9Dn+U5koIMPE7tLOLlydbHhKQULtu2FUG4NaL9wrmfhIDmSySc +Tpc/1SScVmoDzrASj7Yw/fivj0ApfBvQUIzttW+C9zd1nLFyuuYZtNCdcE/MQu/f +Ls16ry/vBs5XgHyICxeShFy/eThVx8xczrSw93NHzdLh3g5G38soJl0kO4z6GLIj +hmEgenn54GWOakzKrSM2pIuw3gFM7d3skr+NiBw4UZpB2sUfJFuwMUaEc7bgG8t7 +dRT3aMoWkTraTr38IU0g0B/kCcjoAvV/lbXqpW0JrzWN+ZPkULQoUZGfj23cemu8 +ia0EBJLBAgMBAAECggEAECJOlF+ypG0MDiy/K/+rG2woTJ0yxZLc7qPpnyGVcVpp +lcuPoYKx6pIM2oyZFBYPiZ7XZsyccoEQVyCBmXyuzoL4Mv6e7n20NQsgv1/CzIsq +VO0VafOqzgGpTejyLwNlbz2MooCjgs6baUZK9V6W0AzbfQtQAOxsfyUKTlhNqOea +IZsNgjXPChrIsjhwcwF+nlHuDiuFa1nGNJNCGJN+mAaANDnmNb7/d62B4PEon6sj +oL8InNKdoBdwIqbPsQY6QWpqz7lGcH1On4M3JRQrprjWeWy6A3zu1kFFcJ2TrHb0 +TWwKW4ot9R25QSws+lwCysKEPD31hkkfA1gzukH9zwKBgQC9DZvhG/QgGmYkG4OD +lFTCZ6tY7xSZO5rnJiw/l+4dn/h9WtmjCu9TXtNifivt0bjQsHbWL25ifjvQf0i3 +XisMi0I2mILNUA5tDxIb2jgmh9JjXEQ9yBbsNVflcFMCwAhdMkp9IjdgGBsg3BV3 +Wt7FsiXPpJQgKsqn/aWhHtCgtwKBgQC33B6wGm9SU1R9xvUW63s31Rcm2knDC/Ng +5XiMrC4KviqAJnpo97OD+3w7Lmu94pnp0VTirr9Tb2UnKpEOZnXOo2Qukj5jnLd7 +4jnTvnSc9CBzx4GJYmCHTzx5kn/IvD/M+AajnkCafGVfTdPNKdVvBQ+A3dVLFsy7 +h0uP0RgARwKBgEdIhVkY2DDuo0rEEQ+g82CmBEaxRxwMDHlRvGdyGveSpPhnNB60 +9c6Ct8OwfVHbvQr7LqPOGJoMrPMNu1ZgrGy7aYj6cn+Fyxq2DwbvfjKRDfQnCxgc +hQAlkPHTK4mi7MRvPQT3zNdv33LBaVqqqcrzRCyKCswiNm2nRzd8Tf/7AoGAXj41 +eL1EHKXcJFCsZqAz282dfWvc7V6d1Sgqn6jOPPF3JZMToeR+HwP0jP1hesbBcCm9 +4igCqEjsR6Q5EHGSp2X3Pyv1UOgO4TB3xcLVUXKNg+taycokgpcp/4MJfyKHbZAh +DxNaOBXVfIGPNJXh8nNcnAiZgVDhhqp2H/Tk4ZcCgYEAn2yQ4lOLKEpxiTLhGmDl +IuowW57i0r3QlkwfhvzhEjN3u51RUIDL2+OypMZng7FkGJEnmsjrrTemswgMnca1 +cPBhdofRIZkKcsAvTzntkwWOpqIiwFJLUS2cpS2MrkACDGuB7OzAPPRn2ybQZ5XO +GCRE+vraCgRvuakD01NnIgs= +-----END PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIID5zCCAs+gAwIBAgIUAYDeF//Jvzjf1eM+TBMe+oo6hhwwDQYJKoZIhvcNAQEL +BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O +ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA1MDE0MzE4WhcN +NDYwNTMxMDE0MzE4WjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx +FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV +BAsMB0RyaXZlcnMxHjAcBgNVBAMMFXdyb25naG9zdC5leGFtcGxlLmNvbTCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIfHSMmFlKxPonuplnf7Xky8F12G +L0Of5TmSggw8Tu0s4uXJ1seEpBQu27YVQbg1ov3CuZ+EgOZLJJxOlz/VJJxWagPO +sBKPtjD9+K+PQCl8G9BQjO21b4L3N3WcsXK65hm00J1wT8xC798uzXqvL+8GzleA +fIgLF5KEXL95OFXHzFzOtLD3c0fN0uHeDkbfyygmXSQ7jPoYsiOGYSB6efngZY5q +TMqtIzaki7DeAUzt3eySv42IHDhRmkHaxR8kW7AxRoRztuAby3t1FPdoyhaROtpO +vfwhTSDQH+QJyOgC9X+VteqlbQmvNY35k+RQtChRkZ+Pbdx6a7yJrQQEksECAwEA +AaNkMGIwHQYDVR0OBBYEFCXWhDoXLKT10klVaEv5Rf524HXSMB8GA1UdIwQYMBaA +FAedCCKz7kaIvK9mkpHLdhyfGtFyMCAGA1UdEQQZMBeCFXdyb25naG9zdC5leGFt +cGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAtluArK33MrFPHbNBy6D01AcOk1sy +p2S++XGdPTyNwDGSBlK1FV29WPDt3WzxJ01XB93KZ3jyW6DwuSEpi9sggkHiypU4 +gQZtF65eZACoJWsdxuLCVVOAUHxij6MoEl4O1KCSXEYIUUpTb6aoA6+xJmnS4MfA +2Y5Q1DlbPTm0i72PwCHzhoDYlYPR7yisWCzNtGlXLbAZ8JRlXN0YLS7pw8F4FISG +Cu/kE4LgqSt8cCKRT4jp2NLqKamfxTr/7eFkT0tkZP1GLtWKPpNKgydKbQUhO1NN +IJFrV1sJTzVx9f3+ITp8s6ZGzFWdmMW6+6e5Wt1Bo4TqrYeJfJJUlPVZzA== +-----END CERTIFICATE----- diff --git a/test/test_encryption.py b/test/test_encryption.py index 7df9e7ac38..fd0e05e48d 100644 --- a/test/test_encryption.py +++ b/test/test_encryption.py @@ -3029,8 +3029,6 @@ def http_post(self, path, data=None): # each request because the server is single threaded. ctx = ssl.create_default_context(cafile=CA_PEM) ctx.load_cert_chain(CLIENT_PEM) - ctx.check_hostname = False - ctx.verify_mode = ssl.CERT_NONE conn = http.client.HTTPSConnection("127.0.0.1:9003", context=ctx) try: if data is not None: