From 44fe71ba4272464588d4c5ccefa4a0ae94be1632 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Thu, 4 Jun 2026 06:47:13 -0500 Subject: [PATCH 01/10] PYTHON-5040 Regenerate test TLS certificates with Authority Key Identifier Test certificates in test/certificates/ were missing the Authority Key Identifier (AKI) and Subject Key Identifier (SKI) extensions, causing ssl.SSLCertVerificationError on Python 3.13 (macOS and Windows). Adds gen-certs.sh to document and reproduce the generation process. Reverts the PYTHON-5038 workaround that had disabled SSL verification in TestKmsRetryProse.http_post(). --- CONTRIBUTING.md | 10 ++ test/asynchronous/test_encryption.py | 2 - test/certificates/README.md | 40 +++++ test/certificates/ca.pem | 40 ++--- test/certificates/client.pem | 95 ++++++------ test/certificates/crl.pem | 21 ++- test/certificates/gen-certs.sh | 190 +++++++++++++++++++++++ test/certificates/password_protected.pem | 96 ++++++------ test/certificates/server.pem | 100 ++++++------ test/certificates/trusted-ca.pem | 101 +++--------- test/test_encryption.py | 2 - 11 files changed, 441 insertions(+), 256 deletions(-) create mode 100644 test/certificates/README.md create mode 100755 test/certificates/gen-certs.sh diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 773c9ec0d8..61ad4ece29 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -250,6 +250,16 @@ client = MongoClient( If you want to use the actual certificate file then set `tlsCertificateKeyFile` to the local path to `/test/certificates/client.pem` and `tlsCAFile` to the local path to `/test/certificates/ca.pem`. +#### Regenerating test certificates + +If the test certificates in `test/certificates/` need to be regenerated (e.g. after expiry or to add missing extensions), run: + +```bash +cd test/certificates && bash gen-certs.sh +``` + +See `test/certificates/README.md` for full details and constraints on certificate subjects/SANs that must be preserved. + ### Encryption tests - Run `just run-server` to start the server. diff --git a/test/asynchronous/test_encryption.py b/test/asynchronous/test_encryption.py index 455b1940c4..16d0feed4e 100644 --- a/test/asynchronous/test_encryption.py +++ b/test/asynchronous/test_encryption.py @@ -3047,8 +3047,6 @@ async def http_post(self, path, data=None): # each request because the server is single threaded. ctx = ssl.create_default_context(cafile=CA_PEM) ctx.load_cert_chain(CLIENT_PEM) - ctx.check_hostname = False - ctx.verify_mode = ssl.CERT_NONE conn = http.client.HTTPSConnection("127.0.0.1:9003", context=ctx) try: if data is not None: diff --git a/test/certificates/README.md b/test/certificates/README.md new file mode 100644 index 0000000000..5975b4c722 --- /dev/null +++ b/test/certificates/README.md @@ -0,0 +1,40 @@ +# Test TLS Certificates + +These certificates are used by the PyMongo test suite for TLS/SSL integration tests. + +## Regenerating certificates + +Run the generation script from this directory: + +```bash +bash gen-certs.sh +``` + +**Prerequisites:** OpenSSL 1.1+ or LibreSSL 3+ + +## Certificate details + +| File | Subject | Signed by | Purpose | +|---|---|---|---| +| `ca.pem` | `CN=Drivers Testing CA, ...` | Self (CA) | Root CA for test certs | +| `server.pem` | `CN=localhost, ...` + SAN | Drivers Testing CA | MongoDB server cert (key + cert) | +| `client.pem` | `CN=client, O=MDB, ...` | Drivers Testing CA | Client auth cert (key + cert) | +| `password_protected.pem` | Same as client | Drivers Testing CA | Client cert with AES-256 encrypted key | +| `crl.pem` | — | Drivers Testing CA | Empty Certificate Revocation List | +| `trusted-ca.pem` | `CN=Trusted Kernel Test CA, OU=Kernel, ...` | Self (CA) | Separate CA for bundle tests | + +**Password** for `password_protected.pem`: `qwerty` + +## Important constraints + +The following values are hardcoded in tests and **must not change**: + +- Client cert subject: `C=US,ST=New York,L=New York City,O=MDB,OU=Drivers,CN=client` + (used as the MongoDB X.509 username in `test/test_ssl.py`) +- Server cert SAN: `DNS:localhost, IP:127.0.0.1, IP:::1` +- The `server` hostname alias for `127.0.0.1` must be present in `/etc/hosts` for SSL tests to pass + (added automatically by `.evergreen/scripts/setup-system.sh`) + +## Background + +Certificates were regenerated to add the **Authority Key Identifier (AKI)** extension, which Python 3.13 requires for TLS certificate chain validation (PYTHON-5040). Prior to regeneration, certs were missing AKI, causing `ssl.SSLCertVerificationError: Missing Authority Key Identifier` on macOS and Windows with Python 3.13. diff --git a/test/certificates/ca.pem b/test/certificates/ca.pem index 24beea2d48..e83edfc3b3 100644 --- a/test/certificates/ca.pem +++ b/test/certificates/ca.pem @@ -1,21 +1,23 @@ -----BEGIN CERTIFICATE----- -MIIDfzCCAmegAwIBAgIDB1MGMA0GCSqGSIb3DQEBCwUAMHkxGzAZBgNVBAMTEkRy -aXZlcnMgVGVzdGluZyBDQTEQMA4GA1UECxMHRHJpdmVyczEQMA4GA1UEChMHTW9u -Z29EQjEWMBQGA1UEBxMNTmV3IFlvcmsgQ2l0eTERMA8GA1UECBMITmV3IFlvcmsx -CzAJBgNVBAYTAlVTMB4XDTE5MDUyMjIwMjMxMVoXDTM5MDUyMjIwMjMxMVoweTEb -MBkGA1UEAxMSRHJpdmVycyBUZXN0aW5nIENBMRAwDgYDVQQLEwdEcml2ZXJzMRAw -DgYDVQQKEwdNb25nb0RCMRYwFAYDVQQHEw1OZXcgWW9yayBDaXR5MREwDwYDVQQI -EwhOZXcgWW9yazELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw -ggEKAoIBAQCl7VN+WsQfHlwapcOpTLZVoeMAl1LTbWTFuXSAavIyy0W1Ytky1UP/ -bxCSW0mSWwCgqoJ5aXbAvrNRp6ArWu3LsTQIEcD3pEdrFIVQhYzWUs9fXqPyI9k+ -QNNQ+MRFKeGteTPYwF2eVEtPzUHU5ws3+OKp1m6MCLkwAG3RBFUAfddUnLvGoZiT -pd8/eNabhgHvdrCw+tYFCWvSjz7SluEVievpQehrSEPKe8DxJq/IM3tSl3tdylzT -zeiKNO7c7LuQrgjAfrZl7n2SriHIlNmqiDR/kdd8+TxBuxjFlcf2WyHCO3lIcIgH -KXTlhUCg50KfHaxHu05Qw0x8869yIzqbAgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8w -DQYJKoZIhvcNAQELBQADggEBAEHuhTL8KQZcKCTSJbYA9MgZj7U32arMGBbc1hiq -VBREwvdVz4+9tIyWMzN9R/YCKmUTnCq8z3wTlC8kBtxYn/l4Tj8nJYcgLJjQ0Fwe -gT564CmvkUat8uXPz6olOCdwkMpJ9Sj62i0mpgXJdBfxKQ6TZ9yGz6m3jannjZpN -LchB7xSAEWtqUgvNusq0dApJsf4n7jZ+oBZVaQw2+tzaMfaLqHgMwcu1FzA8UKCD -sxCgIsZUs8DdxaD418Ot6nPfheOTqe24n+TTa+Z6O0W0QtnofJBx7tmAo1aEc57i -77s89pfwIJetpIlhzNSMKurCAocFCJMJLAASJFuu6dyDvPo= +MIID0zCCArugAwIBAgIUSQEGio4MzMdMRZD7CIzy3An1YDUwDQYJKoZIhvcNAQEL +BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O +ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTE0MjEwWhcN +NDYwNTMwMTE0MjEwWjB5MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx +FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV +BAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMgVGVzdGluZyBDQTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMciq/J5l9QbqRPRLvDV8Kj+GedoAddM +0WUtI2uMwo9AiFBqr3T7KVQYKaDLt2Kq/4xi3F6cTqNC/sYxeiTJIgsgZtm1wGNd +2orSIVmcMB7t4hZifNvQyWsl3egxEr7DFkcVFomc0aphEi3ukhOvbFvl+ln5W/B6 +DkgK3Kmd1cQd6giWi8FlXko442Kr+c4fhB1vO7Yq6rjmw7A6YgSE+FSS1Yj4ALUW +lBVZwj6h32dImzSeewnskN3VHu5LmTnGxGZFB+T5AKo67Ay7r57Xg9OvbcJqjdFC +6k2wbXFHJ6qKOCV230oP+PZk/MEpPfozXR8B32VNpw0fgtnxFDBv24UCAwEAAaNT +MFEwHQYDVR0OBBYEFO0dJi0baC83wSHVOLkkDWmJj3hvMB8GA1UdIwQYMBaAFO0d +Ji0baC83wSHVOLkkDWmJj3hvMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL +BQADggEBAC2fgKsYBylaHoC2qutDzgHWTYgjE1WbT2xRoEgRXeHJJtn6GD6+DXqs +JZ/hY5grQX7xtletFKpKGup+aMckukW/1UeRIOP5kFO3SCsL97HDH/nERFa18VYz +UZ9aQJdSkmxX4/DZ/wPK+S1AFVdoc1ukIq2Fjc8nBNTsSoePD5wglDZFdFVshMO4 +gL0g1b4GGUJ76tHefBbH7h9LHCWDoKsAYhXIN9hj/pUgKDan1KfCvPlHUOyiEw1K +60zwSW9aAiplxlxsrEYC2NkSPA4izRExxFQiYd6NfjN746Ti/80U+wdhnK86gQb/ +ackczk7G10fqlzvtKkAMdx+eB03Lq+c= -----END CERTIFICATE----- diff --git a/test/certificates/client.pem b/test/certificates/client.pem index 5b07001092..873506308a 100644 --- a/test/certificates/client.pem +++ b/test/certificates/client.pem @@ -1,48 +1,51 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAsNS8UEuin7/K29jXfIOLpIoh1jEyWVqxiie2Onx7uJJKcoKo -khA3XeUnVN0k6X5MwYWcN52xcns7LYtyt06nRpTG2/emoV44w9uKTuHsvUbiOwSV -m/ToKQQ4FUFZoqorXH+ZmJuIpJNfoW+3CkE1vEDCIecIq6BNg5ySsPtvSuSJHGjp -mc7/5ZUDvFE2aJ8QbJU3Ws0HXiEb6ymi048LlzEL2VKX3w6mqqh+7dcZGAy7qYk2 -5FZ9ktKvCeQau7mTyU1hsPrKFiKtMN8Q2ZAItX13asw5/IeSTq2LgLFHlbj5Kpq4 -GmLdNCshzH5X7Ew3IYM8EHmsX8dmD6mhv7vpVwIDAQABAoIBABOdpb4qhcG+3twA -c/cGCKmaASLnljQ/UU6IFTjrsjXJVKTbRaPeVKX/05sgZQXZ0t3s2mV5AsQ2U1w8 -Cd+3w+qaemzQThW8hAOGCROzEDX29QWi/o2sX0ydgTMqaq0Wv3SlWv6I0mGfT45y -/BURIsrdTCvCmz2erLqa1dL4MWJXRFjT9UTs5twlecIOM2IHKoGGagFhymRK4kDe -wTRC9fpfoAgyfus3pCO/wi/F8yKGPDEwY+zgkhrJQ+kSeki7oKdGD1H540vB8gRt -EIqssE0Y6rEYf97WssQlxJgvoJBDSftOijS6mwvoasDUwfFqyyPiirawXWWhHXkc -DjIi/XECgYEA5xfjilw9YyM2UGQNESbNNunPcj7gDZbN347xJwmYmi9AUdPLt9xN -3XaMqqR22k1DUOxC/5hH0uiXir7mDfqmC+XS/ic/VOsa3CDWejkEnyGLiwSHY502 -wD/xWgHwUiGVAG9HY64vnDGm6L3KGXA2oqxanL4V0+0+Ht49pZ16i8sCgYEAw+Ox -CHGtpkzjCP/z8xr+1VTSdpc/4CP2HONnYopcn48KfQnf7Nale69/1kZpypJlvQSG -eeA3jMGigNJEkb8/kaVoRLCisXcwLc0XIfCTeiK6FS0Ka30D/84Qm8UsHxRdpGkM -kYITAa2r64tgRL8as4/ukeXBKE+oOhX43LeEfyUCgYBkf7IX2Ndlhsm3GlvIarxy -NipeP9PGdR/hKlPbq0OvQf9R1q7QrcE7H7Q6/b0mYNV2mtjkOQB7S2WkFDMOP0P5 -BqDEoKLdNkV/F9TOYH+PCNKbyYNrodJOt0Ap6Y/u1+Xpw3sjcXwJDFrO+sKqX2+T -PStG4S+y84jBedsLbDoAEwKBgQCTz7/KC11o2yOFqv09N+WKvBKDgeWlD/2qFr3w -UU9K5viXGVhqshz0k5z25vL09Drowf1nAZVpFMO2SPOMtq8VC6b+Dfr1xmYIaXVH -Gu1tf77CM9Zk/VSDNc66e7GrUgbHBK2DLo+A+Ld9aRIfTcSsMbNnS+LQtCrQibvb -cG7+MQKBgQCY11oMT2dUekoZEyW4no7W5D74lR8ztMjp/fWWTDo/AZGPBY6cZoZF -IICrzYtDT/5BzB0Jh1f4O9ZQkm5+OvlFbmoZoSbMzHL3oJCBOY5K0/kdGXL46WWh -IRJSYakNU6VIS7SjDpKgm9D8befQqZeoSggSjIIULIiAtYgS80vmGA== ------END RSA PRIVATE KEY----- +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCn1zTqr1VSm9GZ +qpTrLfPyaMMCl2B8M571kIq9O5TYIbddQbpvT0xklJTDsWE3JMaQL5Vq4s/yv5Ut +h5J6mfQJC9AdHIQmOsjBTZnQ3KeAKUGcEniJ44C8nVMDy3v/NUq8kaAN5JnBFn0B +b3CoDSVUZfrG7HRfeflJCeKzE9gJAdoW2/EjG90LSfzTiEatHHCOlqX41dlJ0boA +bkhxL/MvL4L9JmxhGZSeDykGDJp081oQE3qMggIvlA8iCD0mwnUqFYoJlS8GeyG2 +jap1kWvjIeUYY16OMHCFCZLDeWubjE/9M7BY9V14ANvCOUnXJuX3MijjJrxwCmvp +y7pCat/LAgMBAAECggEAUOjsyIm3XvhgpWxXF7xyUhRwlco1qAoWghio2SpkyYAP +bfRmlIwsrnv17xSOYc/nrNBTflBSoJn8pxMo6NNYkhfQvoflqKxD5POsx8PnN2As +EbnRw98ZS1OoFjc80j11hsvI1YmzGSLnJg77xvd3XGVA7C5Gt1QMeUo7r8pMJaKm +zaL8Nee3klPn/giu/1iImCVn+7mHshYMZTwQuYJL0RWJiz12jdH2ILF3yLKraUQ+ +gAx2k5KL5AEPWQwstTfM+2G+5GQ8zMimBYm53ZlVlRX6JejgxQKO52A9+M4Jz2yO +uDPJEVc+ka201zDSKjUUNi4IIQyu5gGyMy+FfuEIQQKBgQDn1r4eXDJj/mpCmMag +NcibPnV7m2Ilr0tCGXFNBpW2HVtPNqQ4w+FENSHZU4wWQ03PNfd26j12Gin3wH3V +0xM89w5DGwvggCEj48TP8H9v9PuOI8KY0QlFoA9XeLZ4DPKLbna/1U9DXjqCj+JN +MwG0WPMI+sn+okU5Y48i/QPi6wKBgQC5VQxlGEiVLPdeneZnzg7u9CTDH3WaNjQO +bCZyHyFjCZn388vqtWdHpSkLECET4L+coLMVJO/NOD3k9oDJinklbE2VyicOOhLj +gt/OaURb/yt1exDQ5+LJWa9GhcKEVrohWQCnk9xLw9TdakUVlx0USoQDrQqRloCr +CLbkmnz+oQKBgQDGI+8KrYtXkJmqXz3qsOzJWYE46hzgzkdIr8v4o7cSFVbzhWSn +Kyn8jFhokBH6+PyoKpxb4mgy5ruVhctGEwavJQroaVYmQfuQ29paSVXxDnRsD74B +sy30do6GGKICSjaE2hzdaOY8Um05JtWnWv+K7jaQJx655F+7Y45yvcEzjwKBgA9w +ASdOnYUniLdt6apN5LqMxZ8nOLGOwElPQuiQpURNoXCg8yRq1d6G6GNOhaLVPsC6 +NhCV0g/DFozC57lh+nNekRvgCd7KgZZH6YKVDCepmqIfjSgJmL9y5AG41JoXa0up +0T8kNt5swodq+bQxsS9mgZaYzF+SLMeSY0GpiK3hAoGAR/8/tASO6MYV7uoP6BVl +MytqBmu66BN1AxqR1YBAqxlpEJR7EFc3QTAbLQiS1ZtczVKqNIGiqrv4EfWtVvkm +nvmdVOdta8kF4CsWdu2cpXGQ/Ov5NHHL+x2gqwOKpiInvGbNOnd9K2SGLJW5SSmz +7uONbtZyZcetWlsatP05gE0= +-----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIIDgzCCAmugAwIBAgIDAxOUMA0GCSqGSIb3DQEBCwUAMHkxGzAZBgNVBAMTEkRy -aXZlcnMgVGVzdGluZyBDQTEQMA4GA1UECxMHRHJpdmVyczEQMA4GA1UEChMHTW9u -Z29EQjEWMBQGA1UEBxMNTmV3IFlvcmsgQ2l0eTERMA8GA1UECBMITmV3IFlvcmsx -CzAJBgNVBAYTAlVTMB4XDTE5MDUyMjIzNTU1NFoXDTM5MDUyMjIzNTU1NFowaTEP -MA0GA1UEAxMGY2xpZW50MRAwDgYDVQQLEwdEcml2ZXJzMQwwCgYDVQQKEwNNREIx -FjAUBgNVBAcTDU5ldyBZb3JrIENpdHkxETAPBgNVBAgTCE5ldyBZb3JrMQswCQYD -VQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALDUvFBLop+/ -ytvY13yDi6SKIdYxMllasYontjp8e7iSSnKCqJIQN13lJ1TdJOl+TMGFnDedsXJ7 -Oy2LcrdOp0aUxtv3pqFeOMPbik7h7L1G4jsElZv06CkEOBVBWaKqK1x/mZibiKST -X6FvtwpBNbxAwiHnCKugTYOckrD7b0rkiRxo6ZnO/+WVA7xRNmifEGyVN1rNB14h -G+spotOPC5cxC9lSl98Opqqofu3XGRgMu6mJNuRWfZLSrwnkGru5k8lNYbD6yhYi -rTDfENmQCLV9d2rMOfyHkk6ti4CxR5W4+SqauBpi3TQrIcx+V+xMNyGDPBB5rF/H -Zg+pob+76VcCAwEAAaMkMCIwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUF -BwMCMA0GCSqGSIb3DQEBCwUAA4IBAQAqRcLAGvYMaGYOV4HJTzNotT2qE0I9THNQ -wOV1fBg69x6SrUQTQLjJEptpOA288Wue6Jt3H+p5qAGV5GbXjzN/yjCoItggSKxG -Xg7279nz6/C5faoIKRjpS9R+MsJGlttP9nUzdSxrHvvqm62OuSVFjjETxD39DupE -YPFQoHOxdFTtBQlc/zIKxVdd20rs1xJeeU2/L7jtRBSPuR/Sk8zot7G2/dQHX49y -kHrq8qz12kj1T6XDXf8KZawFywXaz0/Ur+fUYKmkVk1T0JZaNtF4sKqDeNE4zcns -p3xLVDSl1Q5Gwj7bgph9o4Hxs9izPwiqjmNaSjPimGYZ399zcurY +MIID1DCCArygAwIBAgIUKSPIVx8fGO7AXQ+UCeOeYSt3H9MwDQYJKoZIhvcNAQEL +BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O +ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTE0MjEwWhcN +NDYwNTMwMTE0MjEwWjBpMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx +FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxDDAKBgNVBAoMA01EQjEQMA4GA1UECwwH +RHJpdmVyczEPMA0GA1UEAwwGY2xpZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAp9c06q9VUpvRmaqU6y3z8mjDApdgfDOe9ZCKvTuU2CG3XUG6b09M +ZJSUw7FhNyTGkC+VauLP8r+VLYeSepn0CQvQHRyEJjrIwU2Z0NyngClBnBJ4ieOA +vJ1TA8t7/zVKvJGgDeSZwRZ9AW9wqA0lVGX6xux0X3n5SQnisxPYCQHaFtvxIxvd +C0n804hGrRxwjpal+NXZSdG6AG5IcS/zLy+C/SZsYRmUng8pBgyadPNaEBN6jIIC +L5QPIgg9JsJ1KhWKCZUvBnshto2qdZFr4yHlGGNejjBwhQmSw3lrm4xP/TOwWPVd +eADbwjlJ1ybl9zIo4ya8cApr6cu6QmrfywIDAQABo2QwYjAdBgNVHQ4EFgQU1aKR +s+y020aHbSsTpVcmfLPAqCQwHwYDVR0jBBgwFoAU7R0mLRtoLzfBIdU4uSQNaYmP +eG8wCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB +CwUAA4IBAQCaqWIGEPewAZoXKb+eaSa4MdiXujKE1s45UsY2xzGifkbSphdebdyA +5gQPEyEo0/zZXa2eZ9kMdBf36e5LVEXFBdM2emlTUYLFvLI4afcGhIX9cxtdiRR1 +PPONG3MZlVUKYvFatRzdsDjCC1SQwACvPma38oStnb4CCY3W7guTgks1rosm6q6d +zSR0Pp4JAABQaR6Zd6LqnF27Cc1e8fyBv0rkxty45Vpwqk/YhPm9Evd6xF1XnKpc +dOHQwwUNWdi/N1gC4dw6BydOeDoXa6ad6+Eus2M8GpN7Yiy22MQl1d6DdP6yMlBx +FM+uvMUzL20XOIQsyqvphH94FK/Ffw8u -----END CERTIFICATE----- diff --git a/test/certificates/crl.pem b/test/certificates/crl.pem index 733a0acdc0..9c0f0899ba 100644 --- a/test/certificates/crl.pem +++ b/test/certificates/crl.pem @@ -1,13 +1,12 @@ -----BEGIN X509 CRL----- -MIIB6jCB0wIBATANBgkqhkiG9w0BAQsFADB5MRswGQYDVQQDExJEcml2ZXJzIFRl -c3RpbmcgQ0ExEDAOBgNVBAsTB0RyaXZlcnMxEDAOBgNVBAoTB01vbmdvREIxFjAU -BgNVBAcTDU5ldyBZb3JrIENpdHkxETAPBgNVBAgTCE5ldyBZb3JrMQswCQYDVQQG -EwJVUxcNMTkwNTIyMjI0NTUzWhcNMTkwNjIxMjI0NTUzWjAVMBMCAncVFw0xOTA1 -MjIyMjQ1MzJaoA8wDTALBgNVHRQEBAICEAAwDQYJKoZIhvcNAQELBQADggEBACwQ -W9OF6ExJSzzYbpCRroznkfdLG7ghNSxIpBQUGtcnYbkP4em6TdtAj5K3yBjcKn4a -hnUoa5EJGr2Xgg0QascV/1GuWEJC9rsYYB9boVi95l1CrkS0pseaunM086iItZ4a -hRVza8qEMBc3rdsracA7hElYMKdFTRLpIGciJehXzv40yT5XFBHGy/HIT0CD50O7 -BDOHzA+rCFCvxX8UY9myDfb1r1zUW7Gzjn241VT7bcIJmhFE9oV0popzDyqr6GvP -qB2t5VmFpbnSwkuc4ie8Jizip1P8Hg73lut3oVAHACFGPpfaNIAp4GcSH61zJmff -9UBe3CJ1INwqyiuqGeA= +MIIB0jCBuwIBATANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzERMA8GA1UE +CAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01v +bmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMgVGVzdGlu +ZyBDQRcNMjYwNjA0MTE0MjEwWhcNNDYwNTMwMTE0MjEwWqAOMAwwCgYDVR0UBAMC +AQEwDQYJKoZIhvcNAQELBQADggEBAL9Sx5Q2z3yhREf0RZhpvayV/Ck3UOWqEVT5 +c+3yAjNsQrO2OD4Npks2qoopgSB8dfePZSZOfmzbSwiyPOPMs71VOwH2chmZ+3Xp +oDBPmVWsNzpK4fRbE86GIEwg2aBFLjOt4+KWFVftGDw9+Liozp+AWaBAUZTen8ac +eQLeACqbqvuriwqvtD6KCfVE3CDG+AK9CfCdlO52kpkfVBP/TG6FzRXp984Pa7Fg +ORKWRpHQ3XoQiKB6pUwUQdE5yGit1oXNRzouWRN0tq0BkvErQvq2RqKalwWJ65kx +KCWOrTBfDKS28R1P66Eo4+CaFdX4Xju2yCTQNYrg7MrG7T7TAFM= -----END X509 CRL----- diff --git a/test/certificates/gen-certs.sh b/test/certificates/gen-certs.sh new file mode 100755 index 0000000000..33689c3943 --- /dev/null +++ b/test/certificates/gen-certs.sh @@ -0,0 +1,190 @@ +#!/usr/bin/env bash +# Regenerate all TLS test certificates with proper Authority Key Identifier (AKI) +# and Subject Key Identifier (SKI) extensions. +# +# Usage: bash gen-certs.sh (run from test/certificates/) +# +# Prerequisites: OpenSSL 1.1+ or LibreSSL 3+ +# Password for password_protected.pem: qwerty +# See README.md for full details. + +set -euo pipefail + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +TMPDIR="$(mktemp -d)" +trap 'rm -rf "$TMPDIR"' EXIT + +DAYS=7300 # ~20 years + +# ---------------------------------------------------------------------------- +# OpenSSL extension config +# ---------------------------------------------------------------------------- +cat > "$TMPDIR/ext.cnf" << 'EOF' +[ v3_ca ] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer +basicConstraints = critical, CA:TRUE + +[ v3_server ] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer +subjectAltName = DNS:localhost, IP:127.0.0.1, IP:::1 + +[ v3_client ] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer +keyUsage = digitalSignature +extendedKeyUsage = clientAuth +EOF + +# ---------------------------------------------------------------------------- +# OpenSSL CA config (for CRL generation) +# ---------------------------------------------------------------------------- +mkdir -p "$TMPDIR/cadb/newcerts" +touch "$TMPDIR/cadb/index.txt" +printf '01\n' > "$TMPDIR/cadb/serial" +printf '01\n' > "$TMPDIR/cadb/crlnumber" + +cat > "$TMPDIR/ca.cnf" << EOF +[ ca ] +default_ca = CA_default + +[ CA_default ] +dir = $TMPDIR/cadb +new_certs_dir = $TMPDIR/cadb/newcerts +database = $TMPDIR/cadb/index.txt +serial = $TMPDIR/cadb/serial +crlnumber = $TMPDIR/cadb/crlnumber +certificate = $TMPDIR/ca.pem +private_key = $TMPDIR/ca.key +default_days = $DAYS +default_crl_days = $DAYS +default_md = sha256 +preserve = no +policy = policy_match + +[ policy_match ] +countryName = optional +stateOrProvinceName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional +EOF + +# ---------------------------------------------------------------------------- +# 1. Drivers Testing CA +# ---------------------------------------------------------------------------- +echo "==> Generating Drivers Testing CA..." +openssl genrsa -out "$TMPDIR/ca.key" 2048 2>/dev/null +openssl req -new -x509 -days $DAYS \ + -key "$TMPDIR/ca.key" \ + -out "$TMPDIR/ca.pem" \ + -subj "/C=US/ST=New York/L=New York City/O=MongoDB/OU=Drivers/CN=Drivers Testing CA" \ + -extensions v3_ca \ + -config "$TMPDIR/ext.cnf" + +cp "$TMPDIR/ca.pem" "$SCRIPT_DIR/ca.pem" +echo " ca.pem written" + +# ---------------------------------------------------------------------------- +# 2. Server certificate +# ---------------------------------------------------------------------------- +echo "==> Generating server certificate..." +openssl genrsa -out "$TMPDIR/server.key" 2048 2>/dev/null +openssl req -new \ + -key "$TMPDIR/server.key" \ + -out "$TMPDIR/server.csr" \ + -subj "/C=US/ST=New York/L=New York City/O=MongoDB/OU=Drivers/CN=localhost" +openssl x509 -req -days $DAYS \ + -in "$TMPDIR/server.csr" \ + -CA "$TMPDIR/ca.pem" \ + -CAkey "$TMPDIR/ca.key" \ + -CAcreateserial \ + -out "$TMPDIR/server.crt" \ + -extfile "$TMPDIR/ext.cnf" \ + -extensions v3_server 2>/dev/null + +# server.pem = private key + certificate +cat "$TMPDIR/server.key" "$TMPDIR/server.crt" > "$SCRIPT_DIR/server.pem" +echo " server.pem written" + +# ---------------------------------------------------------------------------- +# 3. Client certificate +# ---------------------------------------------------------------------------- +echo "==> Generating client certificate..." +openssl genrsa -out "$TMPDIR/client.key" 2048 2>/dev/null +openssl req -new \ + -key "$TMPDIR/client.key" \ + -out "$TMPDIR/client.csr" \ + -subj "/C=US/ST=New York/L=New York City/O=MDB/OU=Drivers/CN=client" +openssl x509 -req -days $DAYS \ + -in "$TMPDIR/client.csr" \ + -CA "$TMPDIR/ca.pem" \ + -CAkey "$TMPDIR/ca.key" \ + -CAserial "$TMPDIR/ca.srl" \ + -out "$TMPDIR/client.crt" \ + -extfile "$TMPDIR/ext.cnf" \ + -extensions v3_client 2>/dev/null + +# client.pem = private key + certificate +cat "$TMPDIR/client.key" "$TMPDIR/client.crt" > "$SCRIPT_DIR/client.pem" +echo " client.pem written" + +# ---------------------------------------------------------------------------- +# 4. Password-protected client certificate +# ---------------------------------------------------------------------------- +echo "==> Generating password-protected client certificate..." +openssl rsa -in "$TMPDIR/client.key" \ + -aes256 -passout pass:qwerty \ + -out "$TMPDIR/client_enc.key" 2>/dev/null + +# password_protected.pem = encrypted key + certificate (same cert as client) +cat "$TMPDIR/client_enc.key" "$TMPDIR/client.crt" > "$SCRIPT_DIR/password_protected.pem" +echo " password_protected.pem written (password: qwerty)" + +# ---------------------------------------------------------------------------- +# 5. CRL (empty — no revoked certs) +# ---------------------------------------------------------------------------- +echo "==> Generating CRL..." +openssl ca -config "$TMPDIR/ca.cnf" -gencrl -out "$SCRIPT_DIR/crl.pem" 2>/dev/null +echo " crl.pem written" + +# ---------------------------------------------------------------------------- +# 6. Trusted Kernel Test CA (trusted-ca.pem) +# A separate CA used in CA-bundle tests; does NOT sign server/client certs. +# ---------------------------------------------------------------------------- +echo "==> Generating Trusted Kernel Test CA..." +cat > "$TMPDIR/trusted_ext.cnf" << 'EOF' +[ v3_trusted_ca ] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer +basicConstraints = critical, CA:TRUE +EOF + +openssl genrsa -out "$TMPDIR/trusted_ca.key" 2048 2>/dev/null +openssl req -new -x509 -days $DAYS \ + -key "$TMPDIR/trusted_ca.key" \ + -out "$SCRIPT_DIR/trusted-ca.pem" \ + -subj "/C=US/ST=New York/L=New York City/O=MongoDB/OU=Kernel/CN=Trusted Kernel Test CA" \ + -extensions v3_trusted_ca \ + -config "$TMPDIR/trusted_ext.cnf" +echo " trusted-ca.pem written" + +# ---------------------------------------------------------------------------- +# Verify +# ---------------------------------------------------------------------------- +echo "" +echo "==> Verifying AKI is present..." +for cert in ca.pem server.pem client.pem trusted-ca.pem; do + result=$(openssl x509 -noout -text -in "$SCRIPT_DIR/$cert" 2>/dev/null | grep "Authority Key Identifier" | head -1) + if [ -n "$result" ]; then + echo " $cert: OK ($result)" + else + echo " $cert: MISSING AKI - check generation!" >&2 + exit 1 + fi +done + +echo "" +echo "Done. All certificates regenerated with AKI." diff --git a/test/certificates/password_protected.pem b/test/certificates/password_protected.pem index cc9e124703..7f9dfe45a7 100644 --- a/test/certificates/password_protected.pem +++ b/test/certificates/password_protected.pem @@ -1,51 +1,53 @@ -----BEGIN ENCRYPTED PRIVATE KEY----- -MIIFHzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQIC8as6PDVhwECAggA -MB0GCWCGSAFlAwQBAgQQTYOgCJcRqUI7dsgqNojv/ASCBNCG9fiu642V4AuFK34c -Q42lvy/cR0CIXLq/rDXN1L685kdeKex7AfDuRtnjY2+7CLJiJimgQNJXDJPHab/k -MBHbwbBs38fg6eSYX8V08/IyyTege5EJMhYxmieHDC3DXKt0gyHk6hA/r5+Mr49h -HeVGwqBLJEQ3gVIeHaOleZYspsXXWqOPHnFiqnk/biaJS0+LkDDEiQgTLEYSnOjP -lexxUc4BV/TN0Z920tZCMfwx7IXD/C+0AkV/Iqq4LALmT702EccB3indaIJ8biGR -radqDLR32Q+vT9uZHgT8EFiUsISMqhob2mnyTfFV/s9ghWwogjSz0HrRcq6fxdg7 -oeyT9K0ET53AGTGmV0206byPu6qCj1eNvtn+t1Ob+d5hecaTugRMVheWPlc5frsz -AcewDNa0pv4pZItjAGMqOPJHfzEDnzTJXpLqGYhg044H1+OCY8+1YK7U0u8dO+/3 -f5AoDMq18ipDVTFTooJURej4/Wjbrfad3ZFjp86nxfHPeWM1YjC9+IlLtK1wr0/U -V8TjGqCkw8yHayz01A86iA8X53YQBg+tyMGjxmivo6LgFGKa9mXGvDkN+B+0+OcA -PqldAuH/TJhnkqzja767e4n9kcr+TmV19Hn1hcJPTDrRU8+sSqQFsWN4pvHazAYB -UdWie+EXI0eU2Av9JFgrVcpRipXjB48BaPwuBw8hm+VStCH7ynF4lJy6/3esjYwk -Mx+NUf8+pp1DRzpzuJa2vAutzqia5r58+zloQMxkgTZtJkQU6OCRoUhHGVk7WNb1 -nxsibOSzyVSP9ZNbHIHAn43vICFGrPubRs200Kc4CdXsOSEWoP0XYebhiNJgGtQs -KoISsV4dFRLwhaJhIlayTBQz6w6Ph87WbtuiAqoLiuqdXhUGz/79j/6JZqCH8t/H -eZs4Dhu+HdD/wZKJDYAS+JBsiwYWnI3y/EowZYgLdOMI4u6xYDejhxwEw20LW445 -qjJ7pV/iX2uavazHgC91Bfd4zodfXIQ1IDyTmb51UFwx0ARzG6enntduO6xtcYU9 -MXwfrEpuZ/MkWTLkR0PHPbIPcR1MiVwPKdvrLk42Bzj/urtXYrAFUckMFMzEh+uv -0lix2hbq/Xwj4dXcY4w9hnC6QQDCJTf9S6MU6OisrZHKk0qZ2Vb4aU/eBcBsHBwo -X/QGcDHneHxlrrs2eLX26Vh8Odc5h8haeIxnfaa1t+Yv56OKHuAztPMnJOUL7KtQ -A556LxT0b5IGx0RcfUcbG8XbxEHseACptoDOoguh9923IBI0uXmpi8q0P815LPUu -0AsE47ATDMGPnXbopejRDicfgMGjykJn8vKO8r/Ia3Fpnomx4iJNCXGqomL+GMpZ -IhQbKNrRG6XZMlx5kVCT0Qr1nOWMiOTSDCQ5vrG3c1Viu+0bctvidEvs+LCm98tb -7ty8F0uOno0rYGNQz18OEE1Tj+E19Vauz1U35Z5SsgJJ/GfzhSJ79Srmdg2PsAzk -AUNTKXux1GLf1cMjTiiU5g+tCEtUL9Me7lsv3L6aFdrCyRbhXUQfJh4NAG8+3Pvh -EaprThBzKsVvbOfU81mOaH9YMmUgmxG86vxDiNtaWd4v6c1k+HGspJr/q49pcXZP -ltBMuS9AihstZ1sHJsyQCmNXkA== +MIIFNTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQKb6V8p8vtC23xKAM +DjowVQICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEECts1AXkxzEUdhl5 +4whQx6IEggTQpAjBXy1MHrgeHutm9BlTE6qd8DlAb928ul8M9utdoL8zCqSE/sVQ +vLo/WWjJ8qXzgRLvIQHEkpP1EmZ7aEHin6dWWJbPl1ENN2klC55ZlKf9bfFqtz12 +WSx0ZvEHfG02WPPyspT8uQ4uksL4EM9zap7h1GtOAeyxAQF9TqOdOcQnlnI4nyXH +YDcp7Ge/zSZKQdgNRid9T3Vw4EwGcmpYH3W34q36xcp5Dl88gGdueoMHbMgWYJx3 +Ng1pJ6yVc7CHCByGHT7WsRIeqsjyTHIPjbh66fKUy0tNLV5OJBd7Btm5d2ZzCere +oZGrW1AkWkvMM9KOZLz6UVIs63k1ffaVqrB5Br27K2hQGjuNvvh8mI0KmXCSDQmb +gVMFVCuWHMx6EJCDbuP+xceHs5+Af6KRavi+Lr7VVNom06Gxgjk/+gtAxS1cDt66 +NAmSxUTV+j+6Uva1mA87rfD6L0eYrE2QY8ogQY9HqKivWsj6nbhwVE1C+xU/zDua +FNHSjaRlXNbtCeYHBdBHVpR/SvcicCj/6vwjQd00hwZly0CXkmKmIR0UVx7rM+0q +yindY4Pyja8xqQERZcKGylmqkcGZFumpLoGDzCYqgKP8d0cGJRq5ow+oT3Rqi3Zi +S+oN9J3ls9zE5lHvFeGX/+jtCYs1QFokHoktKfg9OQNSrVLrPisalOL5Uel1VblS +rpmv8Ux5mffT3XLIYXyA817fKPfivrl9Nzgf4hsyk2NtoBIbakHKga7ckwbh6tXa +kbqukeHsRIIjYMixfvL21edcjCSTelFWSndAQPw4gPa7kgUO6+FRUSvr/nYsNAaR +bzw3jmezlT57E+iJyy/qlRJIeLHESUxc9nmhGE5f/5m5O2a1oNDiu8FCqkfDXD8Z +d8BNyD8LQt9quhmLSbz2VYnN9W9LOIF7cRLWGGylUhqA4yvZcpgpTfaCjFpMVuRT +PLpBpUbELlIThr2RnxcRDgEAITLtBCR5ZN2exW+OqSDvtoaIE9j1PCl0IRooieGI +wIcsoO/HGTK5WY7oRXgJ0UOxzB4L7hv5ZBlWtU9PQZwylBYjmE6IWBwUNXx1cpaV +bQpQygGJbGQNiqOYHvwQvMDbnlf1+KzrcXmiD29bTWOQYHO4dvku9uN/NZtynfgB +EmysMi1YTj6YyiIByOJQDvEKSj2XPJ6r7CP1oCpY+GSy8YnYHkWwlMOVkN7TjJX2 +g5ti/UGZpwr0RkhYbqCX4NGoUCrUER22NYsJqirJDHMZVGgpTKIQAklFz6igVjSy +vQyYTfqhCQgVtq+wcOJKQklMNserzXSC0CTkBXKRNfIUUUZxp9eri/eCIl3dPTr1 +boRaYCtlbhyTywuJdn1yVME71uhfyYeFhi1xLxo2myC3vw9natBAyUNCUdOOrKBa +RtO9vQgV9xVBFK8Ju3A3if/Abxxmbgev+ZS/4eOs7YD/VVOlGSYXyLzBT49KDXn1 +6Rwzqy19VHgbDkGr5NmEycYtUNZ46Kwk5zUjzeJ7Wgy07flbsK1MQkU1CapgklR+ +CplCKT5483NeP7n+K/qxTWj281W+/28ajogcmWi6rPew1UvtaTbxI/QH9CZSLnk6 +lUGQ7yoXKT+MB2a58j2ejj6XIQ4oXNyZOAERCD+a4x0VZzmHWqirn4o= -----END ENCRYPTED PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIIDgzCCAmugAwIBAgIDBXUHMA0GCSqGSIb3DQEBCwUAMHkxGzAZBgNVBAMTEkRy -aXZlcnMgVGVzdGluZyBDQTEQMA4GA1UECxMHRHJpdmVyczEQMA4GA1UEChMHTW9u -Z29EQjEWMBQGA1UEBxMNTmV3IFlvcmsgQ2l0eTERMA8GA1UECBMITmV3IFlvcmsx -CzAJBgNVBAYTAlVTMB4XDTE5MDUyMzAwMDEyOVoXDTM5MDUyMzAwMDEyOVowaTEP -MA0GA1UEAxMGY2xpZW50MRAwDgYDVQQLEwdEcml2ZXJzMQwwCgYDVQQKEwNNREIx -FjAUBgNVBAcTDU5ldyBZb3JrIENpdHkxETAPBgNVBAgTCE5ldyBZb3JrMQswCQYD -VQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOqCb0Lo4XsV -W327Wlnqc5rwWa5Elw0rFuehSfViRIcYfuFWAPXoOj3fIDsYz6d41G8hp6tkF88p -swlbzDF8Fc7mXDhauwwl2F/NrWYUXwCT8fKju4DtGd2JlDMi1TRDeofkYCGVPp70 -vNqd0H8iDWWs8OmiNrdBLJwNiGaf9y15ena4ImQGitXLFn+qNSXYJ1Rs8p7Y2PTr -L+dff5gJCVbANwGII1rjMAsrMACPVmr8c1Lxoq4fSdJiLweosrv2Lk0WWGsO0Seg -ZY71dNHEyNjItE+VtFEtslJ5L261i3BfF/FqNnH2UmKXzShwfwxyHT8o84gSAltQ -5/lVJ4QQKosCAwEAAaMkMCIwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUF -BwMCMA0GCSqGSIb3DQEBCwUAA4IBAQBOAlKxIMFcTZ+4k8NJv97RSf+zOb5Wu2ct -uxSZxzgKTxLFUuEM8XQiEz1iHQ3XG+uV1fzA74YLQiKjjLrU0mx54eM1vaRtOXvF -sJlzZU8Z2+523FVPx4HBPyObQrfXmIoAiHoQ4VUeepkPRpXxpifgWd/OCWhLDr2/ -0Kgcb0ybaGVDpA0UD9uVIwgFjRu6id7wG+lVcdRxJYskTOOaN2o1hMdAKkrpFQbd -zNRfEoBPUYR3QAmAKP2HBjpgp4ktOHoOKMlfeAuuMCUocSnmPKc3xJaH/6O7rHcf -/Rm0X411RH8JfoXYsSiPsd601kZefhuWvJH0sJLibRDvT7zs8C1v +MIID1DCCArygAwIBAgIUKSPIVx8fGO7AXQ+UCeOeYSt3H9MwDQYJKoZIhvcNAQEL +BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O +ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTE0MjEwWhcN +NDYwNTMwMTE0MjEwWjBpMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx +FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxDDAKBgNVBAoMA01EQjEQMA4GA1UECwwH +RHJpdmVyczEPMA0GA1UEAwwGY2xpZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAp9c06q9VUpvRmaqU6y3z8mjDApdgfDOe9ZCKvTuU2CG3XUG6b09M +ZJSUw7FhNyTGkC+VauLP8r+VLYeSepn0CQvQHRyEJjrIwU2Z0NyngClBnBJ4ieOA +vJ1TA8t7/zVKvJGgDeSZwRZ9AW9wqA0lVGX6xux0X3n5SQnisxPYCQHaFtvxIxvd +C0n804hGrRxwjpal+NXZSdG6AG5IcS/zLy+C/SZsYRmUng8pBgyadPNaEBN6jIIC +L5QPIgg9JsJ1KhWKCZUvBnshto2qdZFr4yHlGGNejjBwhQmSw3lrm4xP/TOwWPVd +eADbwjlJ1ybl9zIo4ya8cApr6cu6QmrfywIDAQABo2QwYjAdBgNVHQ4EFgQU1aKR +s+y020aHbSsTpVcmfLPAqCQwHwYDVR0jBBgwFoAU7R0mLRtoLzfBIdU4uSQNaYmP +eG8wCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB +CwUAA4IBAQCaqWIGEPewAZoXKb+eaSa4MdiXujKE1s45UsY2xzGifkbSphdebdyA +5gQPEyEo0/zZXa2eZ9kMdBf36e5LVEXFBdM2emlTUYLFvLI4afcGhIX9cxtdiRR1 +PPONG3MZlVUKYvFatRzdsDjCC1SQwACvPma38oStnb4CCY3W7guTgks1rosm6q6d +zSR0Pp4JAABQaR6Zd6LqnF27Cc1e8fyBv0rkxty45Vpwqk/YhPm9Evd6xF1XnKpc +dOHQwwUNWdi/N1gC4dw6BydOeDoXa6ad6+Eus2M8GpN7Yiy22MQl1d6DdP6yMlBx +FM+uvMUzL20XOIQsyqvphH94FK/Ffw8u -----END CERTIFICATE----- diff --git a/test/certificates/server.pem b/test/certificates/server.pem index e745e037fc..5540b38ca5 100644 --- a/test/certificates/server.pem +++ b/test/certificates/server.pem @@ -1,49 +1,51 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAhNrB0E6GY/kFSd8/vNpu/t952tbnOsD5drV0XPvmuy7SgKDY -a/S+xb/jPnlZKKehdBnH7qP/gYbv34ZykzcDFZscjPLiGc2cRGP+NQCSFK0d2/7d -y15zSD3zhj14G8+MkpAejTU+0/qFNZMc5neDvGanTe0+8aWa0DXssM0MuTxIv7j6 -CtsMWeqLLofN7a1Kw2UvmieCHfHMuA/08pJwRnV/+5T9WONBPJja2ZQRrG1BjpI4 -81zSPUZesIqi8yDlExdvgNaRZIEHi/njREqwVgJOZomUY57zmKypiMzbz48dDTsV -gUStxrEqbaP+BEjQYPX5+QQk4GdMjkLf52LR6QIDAQABAoIBAHSs+hHLJNOf2zkp -S3y8CUblVMsQeTpsR6otaehPgi9Zy50TpX4KD5D0GMrBH8BIl86y5Zd7h+VlcDzK -gs0vPxI2izhuBovKuzaE6rf5rFFkSBjxGDCG3o/PeJOoYFdsS3RcBbjVzju0hFCs -xnDQ/Wz0anJRrTnjyraY5SnQqx/xuhLXkj/lwWoWjP2bUqDprnuLOj16soNu60Um -JziWbmWx9ty0wohkI/8DPBl9FjSniEEUi9pnZXPElFN6kwPkgdfT5rY/TkMH4lsu -ozOUc5xgwlkT6kVjXHcs3fleuT/mOfVXLPgNms85JKLucfd6KiV7jYZkT/bXIjQ+ -7CZEn0ECgYEA5QiKZgsfJjWvZpt21V/i7dPje2xdwHtZ8F9NjX7ZUFA7mUPxUlwe -GiXxmy6RGzNdnLOto4SF0/7ebuF3koO77oLup5a2etL+y/AnNAufbu4S5D72sbiz -wdLzr3d5JQ12xeaEH6kQNk2SD5/ShctdS6GmTgQPiJIgH0MIdi9F3v0CgYEAlH84 -hMWcC+5b4hHUEexeNkT8kCXwHVcUjGRaYFdSHgovvWllApZDHSWZ+vRcMBdlhNPu -09Btxo99cjOZwGYJyt20QQLGc/ZyiOF4ximQzabTeFgLkTH3Ox6Mh2Rx9yIruYoX -nE3UfMDkYELanEJUv0zenKpZHw7tTt5yXXSlEF0CgYBSsEOvVcKYO/eoluZPYQAA -F2jgzZ4HeUFebDoGpM52lZD+463Dq2hezmYtPaG77U6V3bUJ/TWH9VN/Or290vvN -v83ECcC2FWlSXdD5lFyqYx/E8gqE3YdgqfW62uqM+xBvoKsA9zvYLydVpsEN9v8m -6CSvs/2btA4O21e5u5WBTQKBgGtAb6vFpe0gHRDs24SOeYUs0lWycPhf+qFjobrP -lqnHpa9iPeheat7UV6BfeW3qmBIVl/s4IPE2ld4z0qqZiB0Tf6ssu/TpXNPsNXS6 -dLFz+myC+ufFdNEoQUtQitd5wKbjTCZCOGRaVRgJcSdG6Tq55Fa22mOKPm+mTmed -ZdKpAoGAFsTYBAHPxs8nzkCJCl7KLa4/zgbgywO6EcQgA7tfelB8bc8vcAMG5o+8 -YqAfwxrzhVSVbJx0fibTARXROmbh2pn010l2wj3+qUajM8NiskCPFbSjGy7HSUze -P8Kt1uMDJdj55gATzn44au31QBioZY2zXleorxF21cr+BZCJgfA= ------END RSA PRIVATE KEY----- ------BEGIN CERTIFICATE----- -MIIDlTCCAn2gAwIBAgICdxUwDQYJKoZIhvcNAQELBQAweTEbMBkGA1UEAxMSRHJp -dmVycyBUZXN0aW5nIENBMRAwDgYDVQQLEwdEcml2ZXJzMRAwDgYDVQQKEwdNb25n -b0RCMRYwFAYDVQQHEw1OZXcgWW9yayBDaXR5MREwDwYDVQQIEwhOZXcgWW9yazEL -MAkGA1UEBhMCVVMwHhcNMTkwNTIyMjIzMjU2WhcNMzkwNTIyMjIzMjU2WjBwMRIw -EAYDVQQDEwlsb2NhbGhvc3QxEDAOBgNVBAsTB0RyaXZlcnMxEDAOBgNVBAoTB01v -bmdvREIxFjAUBgNVBAcTDU5ldyBZb3JrIENpdHkxETAPBgNVBAgTCE5ldyBZb3Jr -MQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAITa -wdBOhmP5BUnfP7zabv7fedrW5zrA+Xa1dFz75rsu0oCg2Gv0vsW/4z55WSinoXQZ -x+6j/4GG79+GcpM3AxWbHIzy4hnNnERj/jUAkhStHdv+3ctec0g984Y9eBvPjJKQ -Ho01PtP6hTWTHOZ3g7xmp03tPvGlmtA17LDNDLk8SL+4+grbDFnqiy6Hze2tSsNl -L5ongh3xzLgP9PKScEZ1f/uU/VjjQTyY2tmUEaxtQY6SOPNc0j1GXrCKovMg5RMX -b4DWkWSBB4v540RKsFYCTmaJlGOe85isqYjM28+PHQ07FYFErcaxKm2j/gRI0GD1 -+fkEJOBnTI5C3+di0ekCAwEAAaMwMC4wLAYDVR0RBCUwI4IJbG9jYWxob3N0hwR/ -AAABhxAAAAAAAAAAAAAAAAAAAAABMA0GCSqGSIb3DQEBCwUAA4IBAQBol8+YH7MA -HwnIh7KcJ8h87GkCWsjOJCDJWiYBJArQ0MmgDO0qdx+QEtvLMn3XNtP05ZfK0WyX -or4cWllAkMFYaFbyB2hYazlD1UAAG+22Rku0UP6pJMLbWe6pnqzx+RL68FYdbZhN -fCW2xiiKsdPoo2VEY7eeZKrNr/0RFE5EKXgzmobpTBQT1Dl3Ve4aWLoTy9INlQ/g -z40qS7oq1PjjPLgxINhf4ncJqfmRXugYTOnyFiVXLZTys5Pb9SMKdToGl3NTYWLL -2AZdjr6bKtT+WtXyHqO0cQ8CkAW0M6VOlMluACllcJxfrtdlQS2S4lUIj76QKBdZ -khBHXq/b8MFX ------END CERTIFICATE----- +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCUPK25g5b88xaz +AOQnx1u2oAANgl66JUXF6EDVYojoyH1f8t7yvEIQ7ZS1bupDuIg1lsypAf0VWFYa +5t+2n066XFr1cOl7W+h4nNoTm4uVV5ExZbs2w+TEvzlP7ef6Jo+p3lxCiuXh86Wf +vk/WuIlcGSUn600HrJaKnCIjHoD98iFXLRZpABS7pF8z+b8FxyJEHiiCi7auBo4I +0QLd4w22yl2cAjGb0Jr83KqqN5oii6L8xWwHrKz47Er154xq4/3rHNBWfbhGtfQT +ixB3W+IY8fOaM+cWNCa9MAtbEqj5x9zYDAnCmyUxpPywyFONBTftANiO7E0VVLAk +7vWtL/R5AgMBAAECggEABVyFzVjkuXSyqc9qxm7fx/oqJlLvHtJsSfJ9gyTo3hUq +Rlx1aILF7PDQLm5li1ooQFqaP7PyYGGX3lSNW4CQNg39vYoo7QJE+op0b2hyeE34 +0rg4OOHa61bIjuCEQbg//UfX6bw2Vkwb/cFssnptgBGUwMiHj7MpUA1s7/zmyMh5 +WZ194M/Fb8Oi3yuzngUnxqo8fBUVy1e/HMERLJCI1ifOjQ/3LRjDLHS3vSUUHJNK +fEIwFHIuVRKeT15qH1WiQHo9u2Gf/uRoxSuo6ZI4R8+/81ungk0wHbCG9FkA5zZT +6KJb2aeSY/2I4GhSEM7X/mHSrRlPIixzo6fzJd4JgQKBgQDNiH3/+6QKbIFRqNVG +uTOdY1TWuzPrqYIWyHLR1J/65tHxD6rJmzyJ8ETLH9VA85K0btTfzA83fJnRVTz8 +ouuLDeuMug8V2vCGJ4C7XRtp+4JYrKYmYQXGnW8UdsOUfTfFe0W5j71eVopCUIXo +mwhs//cJqQaZBzBIzodipjaHCQKBgQC4oqLm8hhwvrHe1ez63gHPkAkrFGUEwJkU +vF7Y6Rvlxe3Dd7q0v60OyyftKeLqKLyf1XjYaeI1O7Tb+4aCDleI65yF7cp3mLEy +kQU/VVCBZlV1XiJXaS5CJhen/ftaBDAi/qPqmonRjy/yXPZMJqFM+LjonGK+g+ip +tf6U9Hxt8QKBgCDmt5zRsInGotDqoPGIVh3ct8kEAKS55sw03ESAr/dfGb5oDqPl +SMSgBLMrblzOYO6nS0ZkCQ+Nz6W16mRaxC/nU4ycgCu0d4pSKoZTuj6190Cwqow8 +Pct0ikKRXG+Zt+LR//BbdSnz2oARGc6JesjQFMCkIR1ADFerT/rXtqTZAoGAOc65 +4EL2Qf6CpDkobFcsC/eV10YYZseCZkqgC5vYnzU8PxHyg/rrTRFwW8HciOHeRNDK +eD+WkoIyGxoCQCALahQSup/73zwQZrue//hPL2SB5zBk4idNU2qnx3Iuyz06cQp2 ++dIOymzhXymZ97e0kuvgwPuNswaLxu7zWWG+v5ECgYEAxpP+XbrDVAe696v5vQD8 +4w9LmqULtGAZyfLh3K5Fz8yRPP7uHsKivN8niaTWTGIGmD6Bk2aCdYgON0qp4fD6 +ICN+0lLcDPLcFy+qLACCP9BEONlXyihQGhwsQ3Z+n4bNyJ0kO8f/08UFxfz1xsO1 +y5FdRXA63aJyy1dEkpRauaM= +-----END PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIID5zCCAs+gAwIBAgIUKSPIVx8fGO7AXQ+UCeOeYSt3H9IwDQYJKoZIhvcNAQEL +BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O +ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTE0MjEwWhcN +NDYwNTMwMTE0MjEwWjBwMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx +FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV +BAsMB0RyaXZlcnMxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBAJQ8rbmDlvzzFrMA5CfHW7agAA2CXrolRcXoQNViiOjI +fV/y3vK8QhDtlLVu6kO4iDWWzKkB/RVYVhrm37afTrpcWvVw6Xtb6Hic2hObi5VX +kTFluzbD5MS/OU/t5/omj6neXEKK5eHzpZ++T9a4iVwZJSfrTQesloqcIiMegP3y +IVctFmkAFLukXzP5vwXHIkQeKIKLtq4GjgjRAt3jDbbKXZwCMZvQmvzcqqo3miKL +ovzFbAesrPjsSvXnjGrj/esc0FZ9uEa19BOLEHdb4hjx85oz5xY0Jr0wC1sSqPnH +3NgMCcKbJTGk/LDIU40FN+0A2I7sTRVUsCTu9a0v9HkCAwEAAaNwMG4wHQYDVR0O +BBYEFBOeLQ+CZYYAupW/IQXqUlBMjEdTMB8GA1UdIwQYMBaAFO0dJi0baC83wSHV +OLkkDWmJj3hvMCwGA1UdEQQlMCOCCWxvY2FsaG9zdIcEfwAAAYcQAAAAAAAAAAAA +AAAAAAAAATANBgkqhkiG9w0BAQsFAAOCAQEAP3OaQwijfrhDeJnQEiCLzhuyqh1B +7oWgC9CFG75Qe2VUVXcyIhhgYRE9SNUxv4v8VGEUB1HZmgMBO95xdKGCyIbkPmjI +qyXcGtJwBv4Uj2Fv5pswxMjInCE2qPHK162H2JG1nwRLertiOEvnLca1J9lysaIn +R2O6Ur0AwkWCnssD3z51SYt3xF+veFAMka8elQTMuj6LxerKf6SwaNo2zt24MrKh +zMAHfjrEVAAATUMcDchbcUd2E/DhbdbVEA4r4k4snB9Yg+5PouB824dqiwXiBHu3 +Ka+nFf/Pv+XVjR1pnVbiBaPnYxs+i+z0f3XMN1YMVNZpKF3ure94FQReHQ== +-----END CERTIFICATE----- diff --git a/test/certificates/trusted-ca.pem b/test/certificates/trusted-ca.pem index a6f6f312d0..d10496e8ab 100644 --- a/test/certificates/trusted-ca.pem +++ b/test/certificates/trusted-ca.pem @@ -1,82 +1,23 @@ -# CA bundle file used to test tlsCAFile loading for OCSP. -# Copied from the server: -# https://github.com/mongodb/mongo/blob/r4.3.4/jstests/libs/trusted-ca.pem - -# Autogenerated file, do not edit. -# Generate using jstests/ssl/x509/mkcert.py --config jstests/ssl/x509/certs.yml trusted-ca.pem -# -# CA for alternate client/server certificate chain. -----BEGIN CERTIFICATE----- -MIIDojCCAooCBG585gswDQYJKoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMxETAP -BgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1OZXcgWW9yayBDaXR5MRAwDgYDVQQK -DAdNb25nb0RCMQ8wDQYDVQQLDAZLZXJuZWwxHzAdBgNVBAMMFlRydXN0ZWQgS2Vy -bmVsIFRlc3QgQ0EwHhcNMTkwOTI1MjMyNzQxWhcNMzkwOTI3MjMyNzQxWjB8MQsw -CQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3Jr -IENpdHkxEDAOBgNVBAoMB01vbmdvREIxDzANBgNVBAsMBktlcm5lbDEfMB0GA1UE -AwwWVHJ1c3RlZCBLZXJuZWwgVGVzdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBANlRxtpMeCGhkotkjHQqgqvO6O6hoRoAGGJlDaTVtqrjmC8nwySz -1nAFndqUHttxS3A5j4enOabvffdOcV7+Z6vDQmREF6QZmQAk81pmazSc3wOnRiRs -AhXjld7i+rhB50CW01oYzQB50rlBFu+ONKYj32nBjD+1YN4AZ2tuRlbxfx2uf8Bo -Zowfr4n9nHVcWXBLFmaQLn+88WFO/wuwYUOn6Di1Bvtkvqum0or5QeAF0qkJxfhg -3a4vBnomPdwEXCgAGLvHlB41CWG09EuAjrnE3HPPi5vII8pjY2dKKMomOEYmA+KJ -AC1NlTWdN0TtsoaKnyhMMhLWs3eTyXL7kbkCAwEAAaMxMC8wDAYDVR0TBAUwAwEB -/zAfBgNVHREEGDAWgglsb2NhbGhvc3SCCTEyNy4wLjAuMTANBgkqhkiG9w0BAQsF -AAOCAQEAQk56MO9xAhtO077COCqIYe6pYv3uzOplqjXpJ7Cph7GXwQqdFWfKls7B -cLfF/fhIUZIu5itStEkY+AIwht4mBr1F5+hZUp9KZOed30/ewoBXAUgobLipJV66 -FKg8NRtmJbiZrrC00BSO+pKfQThU8k0zZjBmNmpjxnbKZZSFWUKtbhHV1vujver6 -SXZC7R6692vLwRBMoZxhgy/FkYRdiN0U9wpluKd63eo/O02Nt6OEMyeiyl+Z3JWi -8g5iHNrBYGBbGSnDOnqV6tjEY3eq600JDWiodpA1OQheLi78pkc/VQZwof9dyBCm -6BoCskTjip/UB+vIhdPFT9sgUdgDTg== ------END CERTIFICATE----- ------BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDZUcbaTHghoZKL -ZIx0KoKrzujuoaEaABhiZQ2k1baq45gvJ8Mks9ZwBZ3alB7bcUtwOY+Hpzmm7333 -TnFe/merw0JkRBekGZkAJPNaZms0nN8Dp0YkbAIV45Xe4vq4QedAltNaGM0AedK5 -QRbvjjSmI99pwYw/tWDeAGdrbkZW8X8drn/AaGaMH6+J/Zx1XFlwSxZmkC5/vPFh -Tv8LsGFDp+g4tQb7ZL6rptKK+UHgBdKpCcX4YN2uLwZ6Jj3cBFwoABi7x5QeNQlh -tPRLgI65xNxzz4ubyCPKY2NnSijKJjhGJgPiiQAtTZU1nTdE7bKGip8oTDIS1rN3 -k8ly+5G5AgMBAAECggEAS7GjLKgT88reSzUTgubHquYf1fZwMak01RjTnsVdoboy -aMJVwzPsjgo2yEptUQvuNcGmz54cg5vJaVlmPaspGveg6WGaRmswEo/MP4GK98Fo -IFKkKM2CEHO74O14XLN/w8yFA02+IdtM3X/haEFE71VxXNmwawRXIBxN6Wp4j5Fb -mPLKIspnWQ/Y/Fn799sCFAzX5mKkbCt1IEgKssgQQEm1UkvmCkcZE+mdO/ErYP8A -COO0LpM+TK6WQY2LKiteeCCiosTZFb1GO7MkXrRP5uOBZKaW5kq1R0b6PcopJPCM -OcYF0Zli6KB7oiQLdXgU2jCaxYOnuRb6RYh2l7NvAQKBgQD6CZ9TKOn/EUQtukyw -pvYTyt1hoLXqYGcbRtLc1gcC+Z2BD28hd3eD/mEUv+g/8bq/OP4wYV9X+VRvR8xN -MmfAG/sJeOCOClz1A1TyNeA+G0GZ25qWHyHQ2W4WlSG1CXQgxGzU6wo/t6wiVW5R -O4jplFVEOXznf4vmVfBJK50R2QKBgQDegGxm23jF2N5sIYDZ14oxms8bbjPz8zH6 -tiIRYNGbSzI7J4KFGY2HiBwtf1yxS22HBL69Y1WrEzGm1vm4aZG/GUwBzI79QZAO -+YFIGaIrdlv12Zm6lpJMmAWlOs9XFirC17oQEwOQFweOdQSt7F/+HMZOigdikRBV -pK+8Kfay4QKBgQDarDevHwUmkg8yftA7Xomv3aenjkoK5KzH6jTX9kbDj1L0YG8s -sbLQuVRmNUAFTH+qZUnJPh+IbQIvIHfIu+CI3u+55QFeuCl8DqHoAr5PEr9Ys/qK -eEe2w7HIBj0oe1AYqDEWNUkNWLEuhdCpMowW3CeGN1DJlX7gvyAang4MYQKBgHwM -aWNnFQxo/oiWnTnWm2tQfgszA7AMdF7s0E2UBwhnghfMzU3bkzZuwhbznQATp3rR -QG5iRU7dop7717ni0akTN3cBTu8PcHuIy3UhJXLJyDdnG/gVHnepgew+v340E58R -muB/WUsqK8JWp0c4M8R+0mjTN47ShaLZ8EgdtTbBAoGBAKOcpuDfFEMI+YJgn8zX -h0nFT60LX6Lx+zcSDY9+6J6a4n5NhC+weYCDFOGlsLka1SwHcg1xanfrLVjpH7Ok -HDJGLrSh1FP2Rq/oFxZ/OKCjonHLa8IulqD/AA+sqYRbysKNsT3Pi0554F2xFEqQ -z/C84nlT1R2uTCWIxvrnpU2h ------END PRIVATE KEY----- -# Pre Oct 2019 trusted-ca.pem -# Transitional pending BUILD update. ------BEGIN CERTIFICATE----- -MIIDpjCCAo6gAwIBAgIDAghHMA0GCSqGSIb3DQEBBQUAMHwxHzAdBgNVBAMTFlRy -dXN0ZWQgS2VybmVsIFRlc3QgQ0ExDzANBgNVBAsTBktlcm5lbDEQMA4GA1UEChMH -TW9uZ29EQjEWMBQGA1UEBxMNTmV3IFlvcmsgQ2l0eTERMA8GA1UECBMITmV3IFlv -cmsxCzAJBgNVBAYTAlVTMB4XDTE2MDMzMTE0NTY1NVoXDTM2MDMzMTE0NTY1NVow -fDEfMB0GA1UEAxMWVHJ1c3RlZCBLZXJuZWwgVGVzdCBDQTEPMA0GA1UECxMGS2Vy -bmVsMRAwDgYDVQQKEwdNb25nb0RCMRYwFAYDVQQHEw1OZXcgWW9yayBDaXR5MREw -DwYDVQQIEwhOZXcgWW9yazELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUA -A4IBDwAwggEKAoIBAQCePFHZTydC96SlSHSyu73vw//ddaE33kPllBB9DP2L7yRF -6D/blFmno9fSM+Dfg64VfGV+0pCXPIZbpH29nzJu0DkvHzKiWK7P1zUj8rAHaX++ -d6k0yeTLFM9v+7YE9rHoANVn22aOyDvTgAyMmA0CLn+SmUy6WObwMIf9cZn97Znd -lww7IeFNyK8sWtfsVN4yRBnjr7kKN2Qo0QmWeFa7jxVQptMJQrY8k1PcyVUOgOjQ -ocJLbWLlm9k0/OMEQSwQHJ+d9weUbKjlZ9ExOrm4QuuA2tJhb38baTdAYw3Jui4f -yD6iBAGD0Jkpc+3YaWv6CBmK8NEFkYJD/gn+lJ75AgMBAAGjMTAvMAwGA1UdEwQF -MAMBAf8wHwYDVR0RBBgwFoIJbG9jYWxob3N0ggkxMjcuMC4wLjEwDQYJKoZIhvcN -AQEFBQADggEBADYikjB6iwAUs6sglwkE4rOkeMkJdRCNwK/5LpFJTWrDjBvBQCdA -Y5hlAVq8PfIYeh+wEuSvsEHXmx7W29X2+p4VuJ95/xBA6NLapwtzuiijRj2RBAOG -1EGuyFQUPTL27DR3+tfayNykDclsVDNN8+l7nt56j8HojP74P5OMHtn+6HX5+mtF -FfZMTy0mWguCsMOkZvjAskm6s4U5gEC8pYEoC0ZRbfUdyYsxZe/nrXIFguVlVPCB -XnfB/0iG9t+VH5cUVj1LP9skXTW4kXfhQmljUuo+EVBNR6n2nfTnpoC65WeAgHV4 -V+s9mJsUv2x72KtKYypqEVT0gaJ1WIN9N1s= +MIID2TCCAsGgAwIBAgIUQCWo/PU6IvM6irHYGWdpa3ARHxYwDQYJKoZIhvcNAQEL +BQAwfDELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O +ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMQ8wDQYDVQQLDAZLZXJuZWwx +HzAdBgNVBAMMFlRydXN0ZWQgS2VybmVsIFRlc3QgQ0EwHhcNMjYwNjA0MTE0MjEw +WhcNNDYwNTMwMTE0MjEwWjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlv +cmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxDzAN +BgNVBAsMBktlcm5lbDEfMB0GA1UEAwwWVHJ1c3RlZCBLZXJuZWwgVGVzdCBDQTCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJyY5r4OksZl5CfOZWo+0gk1 +5sSpAr/B4iQPUdA4jQhi5ITfWjHoCB/qvGxW+HZIVe5ojPjfZ7FSum0RKu3XwM8n +nf3uqedHNq2ECSA+h652/Sv6ddT1qmT+UPSo/iRpAIeummTt6/X1aneIz4UtOfl+ +VU2g6mXUZtre/ZOEHruBOhNm1X+usk9BkGpXaeZWqJrLvEQCfmI+uoFxlt3B4V9G +ck/VLOitsr8zGszPe1b1fKmbah4vCDR7VXZx3K6RvMWihkcNlGriROO2OJIBIK8u +XU5pq5l8ltysSrop9RPGY6CROJXP7GYBI58kA6/GDd9288x+4QPuafif/jefrZkC +AwEAAaNTMFEwHQYDVR0OBBYEFAQGvt0Na7xdR65/dDTJ0VAg1mBVMB8GA1UdIwQY +MBaAFAQGvt0Na7xdR65/dDTJ0VAg1mBVMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBAB9VzX0c0Lk2qbKmt4ZQeeUouZhgJmcTFOC3inKqjBVZkLAI +g0iDmdPUzbq0tospuJMNuXdToVcCgQ16Yq5dTcDAHZWcOu8qv41gOGV6Ke0gR7V2 +c5GHJ4TuDVk3SfbuU6+6/P+3CjXWJRJoHM4IfcBMSWJnHSuMjgYQr27NNJdCNroU +0OXr4TqbjzCa3adbzOuQkXPKVq1bmJbfM1V0QBDqtCrvgh5Sl+VxCPJbNyipWGAw +KSAS1vFH1/6C9dD8Ihn9DWXmFPXYZ3kPDbUTKGFaV0rquX4MpYnW7Mcy9SyUuwho +nPyF7IQtRHLCj0eLoLfuayZWgK1c+hZlEZRURLo= -----END CERTIFICATE----- diff --git a/test/test_encryption.py b/test/test_encryption.py index 7df9e7ac38..fd0e05e48d 100644 --- a/test/test_encryption.py +++ b/test/test_encryption.py @@ -3029,8 +3029,6 @@ def http_post(self, path, data=None): # each request because the server is single threaded. ctx = ssl.create_default_context(cafile=CA_PEM) ctx.load_cert_chain(CLIENT_PEM) - ctx.check_hostname = False - ctx.verify_mode = ssl.CERT_NONE conn = http.client.HTTPSConnection("127.0.0.1:9003", context=ctx) try: if data is not None: From 7ea7b943ddb1427cba9283836d320228ec1717ab Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Thu, 4 Jun 2026 07:43:37 -0500 Subject: [PATCH 02/10] PYTHON-5040 Use test/certificates/ certs for SSL test client setup_tests.py was pointing CLIENT_PEM and CA_PEM at the x509gen certs from drivers-evergreen-tools, which were derived from the old test/certificates/ca.pem. After regenerating that CA with a new key pair, the server (which uses test/certificates/) and the client (which trusted x509gen/ca.pem) no longer agreed on the CA, causing ssl.SSLCertVerificationError in SSL auth tasks. --- .evergreen/scripts/setup_tests.py | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.evergreen/scripts/setup_tests.py b/.evergreen/scripts/setup_tests.py index e188dcaa9d..67dd3d6e20 100644 --- a/.evergreen/scripts/setup_tests.py +++ b/.evergreen/scripts/setup_tests.py @@ -341,10 +341,8 @@ def handle_test_env() -> None: run_command(cmd, cwd=DRIVERS_TOOLS) if SSL != "nossl": - if not DRIVERS_TOOLS: - raise RuntimeError("Missing DRIVERS_TOOLS") - write_env("CLIENT_PEM", f"{DRIVERS_TOOLS}/.evergreen/x509gen/client.pem") - write_env("CA_PEM", f"{DRIVERS_TOOLS}/.evergreen/x509gen/ca.pem") + write_env("CLIENT_PEM", ROOT / "test/certificates/client.pem") + write_env("CA_PEM", ROOT / "test/certificates/ca.pem") compressors = os.environ.get("COMPRESSORS") or opts.compressor if compressors == "snappy": From b5d4405effa6ce8a22e2fa5a13a1e4072daba0c0 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Thu, 4 Jun 2026 08:43:38 -0500 Subject: [PATCH 03/10] PYTHON-5040 Export TLS cert paths from integration_tests/run.sh Set TLS_PEM_KEY_FILE, TLS_CA_FILE, and TLS_CERT_KEY_FILE to test/certificates/ so that run-mongodb.sh uses our regenerated certs when the SSL server is started, and async_client_context connects with a CA that matches the server cert. --- integration_tests/run.sh | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/integration_tests/run.sh b/integration_tests/run.sh index 051e2b8a75..bdce3aeea7 100755 --- a/integration_tests/run.sh +++ b/integration_tests/run.sh @@ -2,6 +2,14 @@ # Run all of the integration test files using `uv run`. set -eu +ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" + +# Point run-mongodb.sh (and async_client_context) at our test certificates so +# the server and client agree on the CA, regardless of the CI tool's defaults. +export TLS_PEM_KEY_FILE="$ROOT/test/certificates/server.pem" +export TLS_CA_FILE="$ROOT/test/certificates/ca.pem" +export TLS_CERT_KEY_FILE="$ROOT/test/certificates/client.pem" + for file in integration_tests/test_*.py ; do echo "-----------------" echo "Running $file..." From 840e463a2990097a5f104b66bcdfcc0bd65f8983 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Thu, 4 Jun 2026 09:27:34 -0500 Subject: [PATCH 04/10] PYTHON-5040 Use test/certificates/ certs for SSL integration test server Set TLS_PEM_KEY_FILE, TLS_CA_FILE, and TLS_CERT_KEY_FILE on the setup-mongodb-ssl workflow step so run-mongodb.sh uses our regenerated test/certificates/ certs. async_client_context already trusts test/certificates/ca.pem by default (helpers_shared.py), so server and client now agree on the CA. Also reverts setup_tests.py and integration_tests/run.sh to their state before the failed x509gen fix attempts. --- .evergreen/scripts/setup_tests.py | 6 ++++-- .github/workflows/test-python.yml | 6 +++++- integration_tests/run.sh | 8 -------- 3 files changed, 9 insertions(+), 11 deletions(-) diff --git a/.evergreen/scripts/setup_tests.py b/.evergreen/scripts/setup_tests.py index 67dd3d6e20..e188dcaa9d 100644 --- a/.evergreen/scripts/setup_tests.py +++ b/.evergreen/scripts/setup_tests.py @@ -341,8 +341,10 @@ def handle_test_env() -> None: run_command(cmd, cwd=DRIVERS_TOOLS) if SSL != "nossl": - write_env("CLIENT_PEM", ROOT / "test/certificates/client.pem") - write_env("CA_PEM", ROOT / "test/certificates/ca.pem") + if not DRIVERS_TOOLS: + raise RuntimeError("Missing DRIVERS_TOOLS") + write_env("CLIENT_PEM", f"{DRIVERS_TOOLS}/.evergreen/x509gen/client.pem") + write_env("CA_PEM", f"{DRIVERS_TOOLS}/.evergreen/x509gen/ca.pem") compressors = os.environ.get("COMPRESSORS") or opts.compressor if compressors == "snappy": diff --git a/.github/workflows/test-python.yml b/.github/workflows/test-python.yml index 2a70021cf7..5e31d3a41e 100644 --- a/.github/workflows/test-python.yml +++ b/.github/workflows/test-python.yml @@ -219,12 +219,16 @@ jobs: - id: setup-mongodb uses: mongodb-labs/drivers-evergreen-tools@master - name: Run tests - run: | + run: | just integration-tests - id: setup-mongodb-ssl uses: mongodb-labs/drivers-evergreen-tools@master with: ssl: true + env: + TLS_PEM_KEY_FILE: ${{ github.workspace }}/test/certificates/server.pem + TLS_CA_FILE: ${{ github.workspace }}/test/certificates/ca.pem + TLS_CERT_KEY_FILE: ${{ github.workspace }}/test/certificates/client.pem - name: Run tests run: | just integration-tests diff --git a/integration_tests/run.sh b/integration_tests/run.sh index bdce3aeea7..051e2b8a75 100755 --- a/integration_tests/run.sh +++ b/integration_tests/run.sh @@ -2,14 +2,6 @@ # Run all of the integration test files using `uv run`. set -eu -ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" - -# Point run-mongodb.sh (and async_client_context) at our test certificates so -# the server and client agree on the CA, regardless of the CI tool's defaults. -export TLS_PEM_KEY_FILE="$ROOT/test/certificates/server.pem" -export TLS_CA_FILE="$ROOT/test/certificates/ca.pem" -export TLS_CERT_KEY_FILE="$ROOT/test/certificates/client.pem" - for file in integration_tests/test_*.py ; do echo "-----------------" echo "Running $file..." From 2530bab9c1f11350af933433bd97f3e0ec3d4840 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Thu, 4 Jun 2026 12:05:49 -0500 Subject: [PATCH 05/10] PYTHON-5040 Use test/certificates/ certs for Evergreen SSL test client setup_tests.py was pointing CLIENT_PEM and CA_PEM at x509gen/ certs from drivers-evergreen-tools, which were derived from the old ca.pem. After regenerating test/certificates/ with a new CA key, the server (test/certificates/) and client (x509gen/) no longer agree on the CA. Switch both to test/certificates/ to match the server cert. --- .evergreen/scripts/setup_tests.py | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.evergreen/scripts/setup_tests.py b/.evergreen/scripts/setup_tests.py index e188dcaa9d..67dd3d6e20 100644 --- a/.evergreen/scripts/setup_tests.py +++ b/.evergreen/scripts/setup_tests.py @@ -341,10 +341,8 @@ def handle_test_env() -> None: run_command(cmd, cwd=DRIVERS_TOOLS) if SSL != "nossl": - if not DRIVERS_TOOLS: - raise RuntimeError("Missing DRIVERS_TOOLS") - write_env("CLIENT_PEM", f"{DRIVERS_TOOLS}/.evergreen/x509gen/client.pem") - write_env("CA_PEM", f"{DRIVERS_TOOLS}/.evergreen/x509gen/ca.pem") + write_env("CLIENT_PEM", ROOT / "test/certificates/client.pem") + write_env("CA_PEM", ROOT / "test/certificates/ca.pem") compressors = os.environ.get("COMPRESSORS") or opts.compressor if compressors == "snappy": From ea3f9c499beb7ce72b5901ebe8337d7f9795be8d Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Thu, 4 Jun 2026 13:34:21 -0500 Subject: [PATCH 06/10] PYTHON-5040 Fix KMS mock server TLS for Python 3.13 The CSFLE mock KMS servers were started using x509gen certs that lack the Authority Key Identifier extension, causing Python 3.13 to reject them with ssl.SSLCertVerificationError. - Set CSFLE_TLS_CA_FILE and CSFLE_TLS_CERT_FILE to test/certificates/ in setup_tests.py so the KMIP server and HTTP mock servers use our AKI-enabled certs. - Add wrong-host.pem (SAN: wronghost.example.com) and expired.pem to test/certificates/ and gen-certs.sh for use in KMS TLS error tests. --- .evergreen/scripts/setup_tests.py | 7 ++++ test/certificates/expired.pem | 51 ++++++++++++++++++++++++++++ test/certificates/gen-certs.sh | 55 +++++++++++++++++++++++++++++-- test/certificates/wrong-host.pem | 51 ++++++++++++++++++++++++++++ 4 files changed, 162 insertions(+), 2 deletions(-) create mode 100644 test/certificates/expired.pem create mode 100644 test/certificates/wrong-host.pem diff --git a/.evergreen/scripts/setup_tests.py b/.evergreen/scripts/setup_tests.py index 67dd3d6e20..29d3c3a78b 100644 --- a/.evergreen/scripts/setup_tests.py +++ b/.evergreen/scripts/setup_tests.py @@ -382,6 +382,13 @@ def handle_test_env() -> None: csfle_dir = Path(f"{DRIVERS_TOOLS}/.evergreen/csfle") run_command(f"bash {csfle_dir.as_posix()}/setup-secrets.sh", cwd=csfle_dir) load_config_from_file(csfle_dir / "secrets-export.sh") + + # Override CSFLE TLS cert paths with our AKI-enabled test/certificates/ + # so mock servers use certs that Python 3.13 TLS validation accepts. + certs = ROOT / "test/certificates" + write_env("CSFLE_TLS_CA_FILE", certs / "ca.pem") + write_env("CSFLE_TLS_CERT_FILE", certs / "server.pem") + run_command(f"bash {csfle_dir.as_posix()}/start-servers.sh") if sub_test_name == "pyopenssl": diff --git a/test/certificates/expired.pem b/test/certificates/expired.pem new file mode 100644 index 0000000000..df740d80aa --- /dev/null +++ b/test/certificates/expired.pem @@ -0,0 +1,51 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDN0dp1gg34rnRb +aBXidThGfUiWvBfsMdeTI2sjlqTiEilUdxy2v6Y5XtaHE7ezK++IqML0YIZSyhM2 +obD6pj455eJ78XcFb4PcDVER9BVr3jQnfkXYsNa/9zr+RtPz2JOWy06taE8oYXp/ +hiS491sXApQwTkWBwJ1SNFyQKBFP1GiMYFShIREf1JySLVhzOw19S9VZxqw/1gaV +JyddZ5GYqJrk+CHjim881TdsH+3bBF/KVuN4taLG7E3+b4WIXbNuMlhxF8NDQjlw +el14rwmwsPO7oPg2Q/41ALyh8P58qDb67L5G8HQIkw+rnqeWWUV89SqmTyh30/Mp +2V90+vPzAgMBAAECggEAIW2aLyf9L+zZriI6HQqP0MxhVptca/rDuhHwa+/Nfirt +S9rVWY3H/XJnTQ9emyWhemR6gX654ka6wc6XdCY9s2FLHHlL16Cp3brLS4CwB/x8 +zltGadrS44vP045aYgpEx6Lj95XE9tiE26MZt3GepElBcJUN2fSYOJ/o1sBYi3U3 +u1ioODXHKuNFhFN/ebEYibYrv13amKuSIm5HYwNYbUiaT2ZjrGH2PKulILu5BtmM +melqaILSrhhGVPtDOBX9fgK4hPOWy9AY2fu+ZCdgrynX3jLNMnljw/etR9gf8s1T +E8hR5yi6yr5Lc0HwyUierAvdd3oMuPCXbMQ+0pjhOQKBgQD/fPI/eOta6ZX3VhSG +KemMgp6ecwNp17Fm5+0bLEW1nYLe6qScrsi2RISbM1X8vzpTciOmcoNh/w6APc4f +kPuOCNZ9sNaIMXr7UsBMgtzvW776YH08q3kO3AWtCaYQ9Ie/RX/OhnZ6kKg19oFa +vKhqQJVk4oIFZ6tu6SDTm7FDmwKBgQDOO23y41IQAFYiHq21UA8S/egLJOteb/aq +4FITHpl/QiPzyJKQRVk2EhiZ1vhXaiQE6Oes4L5mbA7PEKk3zfqhPbvutHejuoNF +dSo73oRg+MpIFMFKm/ylZBj4VVRnopN5HPNLpW2gKBxoA6/S//xigEztr1Jcd+z1 +ToOObhSyiQKBgQCp5y62lTR3FgX8IQuvGSpOngLcPoJTnfRFChF9U5jcKW6BzitA +Y1/pDnHdQGt7lLQ2EB6zL04+Gj9Le06bYXBYyXnSxoo0sisl/acSeqhwqWO83/QJ +J8Nu5VUE+PiuJ+AqjA5tirA52/9xO4hUjke1uVNgbt2muIWiUXjaIJzm5wKBgCGf +pNxt3YpIU8K6V73w8JQ7G2L9wPYjsQbJDfiaC5Ko+O2dLPAirlnXd3VVjCXMY1T9 +mBAikEhoo710zPIRPiSdyQ8xEzR5iz9+y8T5EYIx7eD0qVL9vaJFgKC0YM+IvRyI +8M3LieULxR3cRAVVwRNaMbCq3fW/g7228FH/dpZpAoGAdZtp3y4SzHWE8PLChm8z +xhHqVvrNjzY8NPAotYUOZJ7Sev+jlXqZp1sr4SI27tVrkJrYVb2lQdIRMMKJk7I4 +AZ68v+dQjGrX7Xrcu+iqIKlFY7HJT6fwr+syjt50RqYSDCPoETldpUyxyXk91r/L +irsU3E19H05+WGokTLkREts= +-----END PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIID5zCCAs+gAwIBAgIUeclhc3eoIxhcNOU4obPCurzh2rowDQYJKoZIhvcNAQEL +BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O +ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMDAwMTAxMDAwMDAwWhcN +MDEwMTAxMDAwMDAwWjBwMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx +FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV +BAsMB0RyaXZlcnMxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBAM3R2nWCDfiudFtoFeJ1OEZ9SJa8F+wx15MjayOWpOIS +KVR3HLa/pjle1ocTt7Mr74iowvRghlLKEzahsPqmPjnl4nvxdwVvg9wNURH0FWve +NCd+Rdiw1r/3Ov5G0/PYk5bLTq1oTyhhen+GJLj3WxcClDBORYHAnVI0XJAoEU/U +aIxgVKEhER/UnJItWHM7DX1L1VnGrD/WBpUnJ11nkZiomuT4IeOKbzzVN2wf7dsE +X8pW43i1osbsTf5vhYhds24yWHEXw0NCOXB6XXivCbCw87ug+DZD/jUAvKHw/nyo +NvrsvkbwdAiTD6uep5ZZRXz1KqZPKHfT8ynZX3T68/MCAwEAAaNwMG4wHQYDVR0O +BBYEFF9Iy+JbFAKCo4ATeQWKdiJKty8dMB8GA1UdIwQYMBaAFAyrGYdlc3lY1CvP +iPeUn/U/DOodMCwGA1UdEQQlMCOCCWxvY2FsaG9zdIcEfwAAAYcQAAAAAAAAAAAA +AAAAAAAAATANBgkqhkiG9w0BAQsFAAOCAQEAbLsFZ8XoDBqzWQ8Tki1TaMM15pr5 +rLayr9Qk4lLfAKISLSRQ9IC3UNlKt6wyWAm9dCTywGCY+1lwnpgCeK+Ve7w9A06e +AUN4TVNffHb9LNsu+wj9fvyj6FBINtgBKgNWqjy1tQBoEJsZiIIRN1QKNuEgXEvr ++2aKUysdniTIIeQG5HIFd1TIG+ugabVPXOE4sHdUwXpcY6zcF6za/J3y3UvECOtH +bLIoiq7Zo9CDQE4nN3l4c0WkgaSL1YUFZSa5mLJgqUhn9crN1Ir2edoRg/Mn/Qfa +bWg9TVBBYAqYqfSsygObNywBf7V4sdgc2rRxwqh/TQ6TWvVXyN5tmCnE4w== +-----END CERTIFICATE----- diff --git a/test/certificates/gen-certs.sh b/test/certificates/gen-certs.sh index 33689c3943..3cb82d63e4 100755 --- a/test/certificates/gen-certs.sh +++ b/test/certificates/gen-certs.sh @@ -151,7 +151,58 @@ openssl ca -config "$TMPDIR/ca.cnf" -gencrl -out "$SCRIPT_DIR/crl.pem" 2>/dev/nu echo " crl.pem written" # ---------------------------------------------------------------------------- -# 6. Trusted Kernel Test CA (trusted-ca.pem) +# 6. Wrong-host certificate (for KMS TLS tests — hostname deliberately wrong) +# ---------------------------------------------------------------------------- +echo "==> Generating wrong-host certificate..." +cat > "$TMPDIR/wrong_host_ext.cnf" << 'EOF' +[ v3_wrong_host ] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer +subjectAltName = DNS:wronghost.example.com +EOF + +openssl genrsa -out "$TMPDIR/wrong_host.key" 2048 2>/dev/null +openssl req -new \ + -key "$TMPDIR/wrong_host.key" \ + -out "$TMPDIR/wrong_host.csr" \ + -subj "/C=US/ST=New York/L=New York City/O=MongoDB/OU=Drivers/CN=wronghost.example.com" +openssl x509 -req -days $DAYS \ + -in "$TMPDIR/wrong_host.csr" \ + -CA "$TMPDIR/ca.pem" \ + -CAkey "$TMPDIR/ca.key" \ + -CAserial "$TMPDIR/ca.srl" \ + -out "$TMPDIR/wrong_host.crt" \ + -extfile "$TMPDIR/wrong_host_ext.cnf" \ + -extensions v3_wrong_host 2>/dev/null + +cat "$TMPDIR/wrong_host.key" "$TMPDIR/wrong_host.crt" > "$SCRIPT_DIR/wrong-host.pem" +echo " wrong-host.pem written (SAN: wronghost.example.com)" + +# ---------------------------------------------------------------------------- +# 7. Expired certificate (for KMS TLS tests — validity window in the past) +# ---------------------------------------------------------------------------- +echo "==> Generating expired certificate..." +openssl genrsa -out "$TMPDIR/expired.key" 2048 2>/dev/null +openssl req -new \ + -key "$TMPDIR/expired.key" \ + -out "$TMPDIR/expired.csr" \ + -subj "/C=US/ST=New York/L=New York City/O=MongoDB/OU=Drivers/CN=localhost" +openssl x509 -req \ + -not_before 20000101000000Z \ + -not_after 20010101000000Z \ + -in "$TMPDIR/expired.csr" \ + -CA "$TMPDIR/ca.pem" \ + -CAkey "$TMPDIR/ca.key" \ + -CAserial "$TMPDIR/ca.srl" \ + -out "$TMPDIR/expired.crt" \ + -extfile "$TMPDIR/ext.cnf" \ + -extensions v3_server 2>/dev/null + +cat "$TMPDIR/expired.key" "$TMPDIR/expired.crt" > "$SCRIPT_DIR/expired.pem" +echo " expired.pem written (expired 2001-01-01)" + +# ---------------------------------------------------------------------------- +# 8. Trusted Kernel Test CA (trusted-ca.pem) # A separate CA used in CA-bundle tests; does NOT sign server/client certs. # ---------------------------------------------------------------------------- echo "==> Generating Trusted Kernel Test CA..." @@ -176,7 +227,7 @@ echo " trusted-ca.pem written" # ---------------------------------------------------------------------------- echo "" echo "==> Verifying AKI is present..." -for cert in ca.pem server.pem client.pem trusted-ca.pem; do +for cert in ca.pem server.pem client.pem wrong-host.pem trusted-ca.pem; do result=$(openssl x509 -noout -text -in "$SCRIPT_DIR/$cert" 2>/dev/null | grep "Authority Key Identifier" | head -1) if [ -n "$result" ]; then echo " $cert: OK ($result)" diff --git a/test/certificates/wrong-host.pem b/test/certificates/wrong-host.pem new file mode 100644 index 0000000000..a32e592169 --- /dev/null +++ b/test/certificates/wrong-host.pem @@ -0,0 +1,51 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCrY75NyMLhLJSV +b5Vy8wU5jV/WxLj0Hw/+YfdDHZUJcYBqvhpT6wNaeF+IdqvIijwSmHbqvOXafXny +hk1er8Fqwi77yLhcAY2dBqh/8RUKyG8cqsh8FvEvNiVLg7Im/djpUjKpV2iQfYj/ +BwXRGdSloBw3dMPU27XOIGthYU0TKqY/6nhn/5pi3z0G/1txhaLAV/7PsYR6wxZH +d7kDYi10tWGRl1PqDQrTo9z1JXNT5Bda1YCV3YO/t3FUBT3kXbYImKKgAK7K7IRV +ptmS7w5QJyAGOZutP8I3/CVhDWr1zxm8eFteQ8uPk+CgZJtvuxxSIhMBvRNgHiKQ +YH7u99HzAgMBAAECggEAJlE6brF/wE/zOCWmR/jFJkTRNHbu0sVPEhRc74hhlabm +ivbNdA2KxmM7GItPhJpDK/UiQQDScrKy3OHh0lWA7JlVX71UWl2Oh5jBezku9yYw +kTwtbnDCo0d7txJOdiEyqZdS9EEyg3tNcZbkWgdoX08Yf91/Gsu0Lc1ZtH/Id4wn +v+ITs2B3pv5JWJooHDA1st2qXPCTxqBH5UJqFDBgpbYBDYyOHGWxCfOLZ0KMs+et +cUabDk01tU33GdYElNP6Ca12ZKh6i7UrNmVA40zzVYsQnIdx0qAX+TppkzQs2RxX +SuKAmQnnyxsKepqecm4UdzzXSQO3qnnXubfmYJDfYQKBgQDYuZnecTQ0anaVaNaP +sOxCPcqxZM4NqZdac08nW+vfpJm85l+id9FziY5IUTz8W5ijO8iE5oOZahtzbLZV +jQSq57N+CdClrB1HpPwJhXI/oU2Y6o6MDaQHyZq1RMfh+1A3+O65JkFdR25PAMQQ +ZSASxGLktJiuWImAicFtZAEr7QKBgQDKcuyHaxXYmKDWveWw39VgvFxKFles7KLH +ZzuFKyiBAR+COMheDZjvtDvs7gZyhikvVbPM2BdhuqxWqjTd8rMCXRPTsGpWEFkB +XN0BPoRPKeF1FYRfMJey//xUr6KOILQhKnOO3ijazOJy2BPXD7K/qLNlRVUGXOM3 +8YWOxiv5XwKBgHmq+K7gbqZefmQyjwHsGTa26evc47DX3Jhy06UM/cZ36bcaveW/ +zl5GgxImSU6DPZWmIlQ59PdTkkWialps6InpueKwL+pSTb3C6ZuOxyzhqWaHh68o +mUWl8KyDCJPdOpOxtJNM3rU3PL4td+ScYP0oMzyiBnUaT1dR/r0iv2WhAoGAA8Mz +BilFVKsxggwxcqIWUx/tDytvIbWcKNyQTJ9Kt2sP7NmlT6otB3dwDa02zXYU2d5b +4xi5BoXzogCzztQt44NbVPnYYBUZsl7JdLZ2uwnqOMTXmvVKPHdpdyF0gfO1pVAm +qacTV02rf7roU3zlM46tFtq9A8tCJc4FT2v7cT0CgYEAx7OlCb0GOpjkCbDvgc5w ++9yyUBcUqredtUXyAwKN2PticeTi2fi/hxZ6SOKoX2iNPq0JHeNEZl4EIHLGbnVL +CqWpj/V9UKevYU6VLb/EM3V0kGMCfuFU7huZ2T/MDEfT9sAjSHO1nSLK8AUE8H38 +6NARhxCZKTfN/1T/+aezph8= +-----END PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIID5zCCAs+gAwIBAgIUeclhc3eoIxhcNOU4obPCurzh2rkwDQYJKoZIhvcNAQEL +BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O +ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTgwNjEwWhcN +NDYwNTMwMTgwNjEwWjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx +FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV +BAsMB0RyaXZlcnMxHjAcBgNVBAMMFXdyb25naG9zdC5leGFtcGxlLmNvbTCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKtjvk3IwuEslJVvlXLzBTmNX9bE +uPQfD/5h90MdlQlxgGq+GlPrA1p4X4h2q8iKPBKYduq85dp9efKGTV6vwWrCLvvI +uFwBjZ0GqH/xFQrIbxyqyHwW8S82JUuDsib92OlSMqlXaJB9iP8HBdEZ1KWgHDd0 +w9Tbtc4ga2FhTRMqpj/qeGf/mmLfPQb/W3GFosBX/s+xhHrDFkd3uQNiLXS1YZGX +U+oNCtOj3PUlc1PkF1rVgJXdg7+3cVQFPeRdtgiYoqAArsrshFWm2ZLvDlAnIAY5 +m60/wjf8JWENavXPGbx4W15Dy4+T4KBkm2+7HFIiEwG9E2AeIpBgfu730fMCAwEA +AaNkMGIwHQYDVR0OBBYEFLmrT18i2YXmBZ9Reax2+ICrlb4bMB8GA1UdIwQYMBaA +FAyrGYdlc3lY1CvPiPeUn/U/DOodMCAGA1UdEQQZMBeCFXdyb25naG9zdC5leGFt +cGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEARxNAnJVW20EqXPMFaghwX5dKw+ss +1cG74XxecBo3AM7Y2G4o5aiS5DwpSarokw2nLlpgT9PGbvtSxcB5qFG5eArqKEx8 +x7ECw4V56lXJEAUprkS8AioTGpMJJUVJ+nNx0aztWZWfp9D4txU04eqQ373bL51S +ixJS4ruSk1O5sMEMU1Uh4LB8dkKhvNiqjZVm54QMBtYY85CfdsHDDCeukiScZco9 +nZ/KsprgKal1PJ+vls8XiVZVct1cFU+XEAs90U17p2w0zLu/7IkrJPLNH9ueRX2U +GNI6gmwB9XMVqBn3vnYoutsZl78JIN6xI5ifNPJoI05YhlWJ9V8ZsRV0qA== +-----END CERTIFICATE----- From 5180217ea64a394129fe6593345473018c982e9d Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Thu, 4 Jun 2026 13:53:43 -0500 Subject: [PATCH 07/10] PYTHON-5040 Fix x509 auth username and CRL revocation in test certs Two test failures from regenerated certs: 1. test_mongodb_x509_auth: MongoDB derives the x509 username from the cert subject using RFC 4514 reverse order. The old client cert stored the subject with CN first so the reversed form matched MONGODB_X509_USERNAME ("C=US,...,CN=client"). Our new cert stored C=US first, reversing to "CN=client,...,C=US". Fix: use CN-first subject order (/CN=client/OU=.../C=US) in gen-certs.sh. 2. test_tlsCRLFile_support: The test verifies CRL enforcement works by connecting with tlsCRLFile and expecting ConnectionFailure. This requires the server cert to be listed as revoked in crl.pem. Fix: sign the server cert via `openssl ca` (tracked in the CA database), revoke it, then generate the CRL with the revoked entry. --- test/certificates/ca.pem | 34 ++--- test/certificates/client.pem | 90 +++++++------- test/certificates/crl.pem | 17 +-- test/certificates/expired.pem | 82 ++++++------- test/certificates/gen-certs.sh | 23 ++-- test/certificates/password_protected.pem | 94 +++++++------- test/certificates/server.pem | 150 ++++++++++++++++------- test/certificates/trusted-ca.pem | 34 ++--- test/certificates/wrong-host.pem | 86 ++++++------- 9 files changed, 336 insertions(+), 274 deletions(-) diff --git a/test/certificates/ca.pem b/test/certificates/ca.pem index e83edfc3b3..f869356c03 100644 --- a/test/certificates/ca.pem +++ b/test/certificates/ca.pem @@ -1,23 +1,23 @@ -----BEGIN CERTIFICATE----- -MIID0zCCArugAwIBAgIUSQEGio4MzMdMRZD7CIzy3An1YDUwDQYJKoZIhvcNAQEL +MIID0zCCArugAwIBAgIUJseWjXTSpvUEw4c7Gmv15xTidHEwDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTE0MjEwWhcN -NDYwNTMwMTE0MjEwWjB5MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTg1MjM1WhcN +NDYwNTMwMTg1MjM1WjB5MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV BAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMgVGVzdGluZyBDQTCCASIwDQYJ -KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMciq/J5l9QbqRPRLvDV8Kj+GedoAddM -0WUtI2uMwo9AiFBqr3T7KVQYKaDLt2Kq/4xi3F6cTqNC/sYxeiTJIgsgZtm1wGNd -2orSIVmcMB7t4hZifNvQyWsl3egxEr7DFkcVFomc0aphEi3ukhOvbFvl+ln5W/B6 -DkgK3Kmd1cQd6giWi8FlXko442Kr+c4fhB1vO7Yq6rjmw7A6YgSE+FSS1Yj4ALUW -lBVZwj6h32dImzSeewnskN3VHu5LmTnGxGZFB+T5AKo67Ay7r57Xg9OvbcJqjdFC -6k2wbXFHJ6qKOCV230oP+PZk/MEpPfozXR8B32VNpw0fgtnxFDBv24UCAwEAAaNT -MFEwHQYDVR0OBBYEFO0dJi0baC83wSHVOLkkDWmJj3hvMB8GA1UdIwQYMBaAFO0d -Ji0baC83wSHVOLkkDWmJj3hvMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL -BQADggEBAC2fgKsYBylaHoC2qutDzgHWTYgjE1WbT2xRoEgRXeHJJtn6GD6+DXqs -JZ/hY5grQX7xtletFKpKGup+aMckukW/1UeRIOP5kFO3SCsL97HDH/nERFa18VYz -UZ9aQJdSkmxX4/DZ/wPK+S1AFVdoc1ukIq2Fjc8nBNTsSoePD5wglDZFdFVshMO4 -gL0g1b4GGUJ76tHefBbH7h9LHCWDoKsAYhXIN9hj/pUgKDan1KfCvPlHUOyiEw1K -60zwSW9aAiplxlxsrEYC2NkSPA4izRExxFQiYd6NfjN746Ti/80U+wdhnK86gQb/ -ackczk7G10fqlzvtKkAMdx+eB03Lq+c= +KoZIhvcNAQEBBQADggEPADCCAQoCggEBANyGgty8WHa3MAPAhzIFntWTRMx0CgRQ +rAlRwxgA5fmGvB2HQDdXpLmo3g74jt0p4OB+tOC0resv0WAsCSTMkz5suZRrfHk+ +Md1VdxHFl7LpVNtP5XZKIkIwnRB0R6yBPGg9McV5/f3CnYZcMrXtvGsMJF7jWLzf +17k/lHmsUUmFpmLSI0Zir8nRdgAlKSQLeApYudBnPNhCGUJxRtEkVe0EZkH0H2xl ++K6A3Lu8KHRuA0KLKV4rgrMAuFa4TQJjeeZ1LoSouBHslsOxbaQ5f9fqUCO6gjRU +JndsBiDyajI9HWbeKAxJb07lHg/5Zp4VovvosA1rwSQTdfoM7qvEZPUCAwEAAaNT +MFEwHQYDVR0OBBYEFA+r8H4sLl9BSYmez+zQ/3AVgq5dMB8GA1UdIwQYMBaAFA+r +8H4sLl9BSYmez+zQ/3AVgq5dMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL +BQADggEBAHQcCgoZeIcZkk8iEL0cwyeXV/lVrlz0NSoLURJbRwyd18p6xVCMQcg7 +xLk3iljcGSWx9QTrgdpfopLuOvWITl9gfmjHJF5tdA2kEVLZ9nXDZkFKHHGDcM/c +9h/L9X8SgvFGkZOdRLJSXi0QUJgMNCDHyxf/InXntlUI2cXtyfxm8bk2Jsegkw1Y +6jOJbZk+xIm4Qwt3xyYKoQulqp7TWrn0/bcvFcK27P/o9f8Ay06JxwobxRwQAfoq +ZcLea7KGdnvVuYgYea0ZPNNNfeTlgRwTv3KhszMmp5YluA+Pb8idKYfmWYtvYl4f +nynC5NTSKRanQDdqcFUJJqnHNNQLVS8= -----END CERTIFICATE----- diff --git a/test/certificates/client.pem b/test/certificates/client.pem index 873506308a..39f95c3a60 100644 --- a/test/certificates/client.pem +++ b/test/certificates/client.pem @@ -1,51 +1,51 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCn1zTqr1VSm9GZ -qpTrLfPyaMMCl2B8M571kIq9O5TYIbddQbpvT0xklJTDsWE3JMaQL5Vq4s/yv5Ut -h5J6mfQJC9AdHIQmOsjBTZnQ3KeAKUGcEniJ44C8nVMDy3v/NUq8kaAN5JnBFn0B -b3CoDSVUZfrG7HRfeflJCeKzE9gJAdoW2/EjG90LSfzTiEatHHCOlqX41dlJ0boA -bkhxL/MvL4L9JmxhGZSeDykGDJp081oQE3qMggIvlA8iCD0mwnUqFYoJlS8GeyG2 -jap1kWvjIeUYY16OMHCFCZLDeWubjE/9M7BY9V14ANvCOUnXJuX3MijjJrxwCmvp -y7pCat/LAgMBAAECggEAUOjsyIm3XvhgpWxXF7xyUhRwlco1qAoWghio2SpkyYAP -bfRmlIwsrnv17xSOYc/nrNBTflBSoJn8pxMo6NNYkhfQvoflqKxD5POsx8PnN2As -EbnRw98ZS1OoFjc80j11hsvI1YmzGSLnJg77xvd3XGVA7C5Gt1QMeUo7r8pMJaKm -zaL8Nee3klPn/giu/1iImCVn+7mHshYMZTwQuYJL0RWJiz12jdH2ILF3yLKraUQ+ -gAx2k5KL5AEPWQwstTfM+2G+5GQ8zMimBYm53ZlVlRX6JejgxQKO52A9+M4Jz2yO -uDPJEVc+ka201zDSKjUUNi4IIQyu5gGyMy+FfuEIQQKBgQDn1r4eXDJj/mpCmMag -NcibPnV7m2Ilr0tCGXFNBpW2HVtPNqQ4w+FENSHZU4wWQ03PNfd26j12Gin3wH3V -0xM89w5DGwvggCEj48TP8H9v9PuOI8KY0QlFoA9XeLZ4DPKLbna/1U9DXjqCj+JN -MwG0WPMI+sn+okU5Y48i/QPi6wKBgQC5VQxlGEiVLPdeneZnzg7u9CTDH3WaNjQO -bCZyHyFjCZn388vqtWdHpSkLECET4L+coLMVJO/NOD3k9oDJinklbE2VyicOOhLj -gt/OaURb/yt1exDQ5+LJWa9GhcKEVrohWQCnk9xLw9TdakUVlx0USoQDrQqRloCr -CLbkmnz+oQKBgQDGI+8KrYtXkJmqXz3qsOzJWYE46hzgzkdIr8v4o7cSFVbzhWSn -Kyn8jFhokBH6+PyoKpxb4mgy5ruVhctGEwavJQroaVYmQfuQ29paSVXxDnRsD74B -sy30do6GGKICSjaE2hzdaOY8Um05JtWnWv+K7jaQJx655F+7Y45yvcEzjwKBgA9w -ASdOnYUniLdt6apN5LqMxZ8nOLGOwElPQuiQpURNoXCg8yRq1d6G6GNOhaLVPsC6 -NhCV0g/DFozC57lh+nNekRvgCd7KgZZH6YKVDCepmqIfjSgJmL9y5AG41JoXa0up -0T8kNt5swodq+bQxsS9mgZaYzF+SLMeSY0GpiK3hAoGAR/8/tASO6MYV7uoP6BVl -MytqBmu66BN1AxqR1YBAqxlpEJR7EFc3QTAbLQiS1ZtczVKqNIGiqrv4EfWtVvkm -nvmdVOdta8kF4CsWdu2cpXGQ/Ov5NHHL+x2gqwOKpiInvGbNOnd9K2SGLJW5SSmz -7uONbtZyZcetWlsatP05gE0= +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCzQSIoBRUpj6re +P01yUUr6Qa+na6/WkmHuxMe+8blLykrK0cr8csjrM3dFovhCqBTGY3sfxWMn6/Iw +l3dHyG1RcVv//Vj+2elEg0Pt1DYXpWodMZm8XdlkkIH5CAKIVMY/kMpgnyhnDZkT +oLx9xrRtDf10Gp7J5f37Y0OIXGY60MZL66OfHXBgISKsyR5HVa0ysKn6MrlK6Eeu +AUdoMUMcNTdFnI/04NRJ8qQ+7nGQgxwt/iVvUCzpqkq0ZMDq5TD7rwdIivB1SCHK +yYbdTgtIxWQldLMNqzMwIpqIpYmfcKbaGCDO8m5ZQg40CKpd8LROJVMWUX+sWagi +ymVxTsuLAgMBAAECggEAPmpB/eRTK48KRGuPSGxU6pGfm3CMH+8FaZGcKXjad7De +3QMypjdDjV30vEsUHYWQAkoWT4g3z+lAgbnjvxtjMRYDHj31VHvE1OXN68xV72LZ +8YNZT/TvoqwMjY1D8HtwMib0yLLyavuZnvN7XmInZceWxmwUeSF7j6JPG/ZsZDLC +n/ypgxaBv1lrWZaPI0zQAtLrfjk9CMai2vwsvPTw7S9sbkRNfgXOfXtxz+Ngg1Jg +Tppa5GbULytdmxYmEL3zthnmQuJmFTvh8Sp9we80jyq035StvZue7RxeXm6QFF/o ++G9A0KXqfsgG9WuklWSXvXhHBLxIk7GUb3TIh4vWQQKBgQDu4hHcqRfTNwKrADxJ +pkKK/yM4XidkuCn1N/8VIXXpxavQPbshP6e+kyiDlFqgBdEXzKsKJF3T+sRoYaic +NpEVwNf08yAOTnORfKY6r2hEAdf0y4yB2Qv8GT1m9iq2LQSK43G2BlCsh2n+KTZk +/RKm6xs86VBL7qkQRpMfvUOvSwKBgQDAGUVRSDJx3VHLnb4k+6z687btGGYBo/Y+ +p0TAy1lZ7mLWcHfDQgXQ9VbCVQAyGkJrfUpcozMvARDUtzi5DCtEGpA2L0orstIJ +nZw9PLNldYDsfuTLhhBjBLT05ZTXa0PZDXi3Qtw0KWu3sRbZeRvJO+MAZ/zw8kkv +ej4VAXxswQKBgQDtdEkfF/J34PHE+0nyR9NTiYQADw+Hfc0vVUc5QPaNtxEvwX0W +8siSloMqMDjZYo7S4n6OaVHfWiEMRS8ugMs9XWENuvL9ZZxZXRd7tEqnd1Gsovz7 +Qb45DPnNNBuG1T7ztFye/K4KodyJaXwJbMqyo3eC18UahZUGebDbVu5F+wKBgBX6 +Ti3wfqT8V0FeeMSubqn/fCxAIFuLsL6WUI1mNoDNf01dbLZQNW4kw5pUM0OIMZUu +rnVOzqpQCubrV3gEZmbSSzGH04qQWOt0ts1ixnuTJ/7mvbJzUiih/zoNkivbP9Xz +bp447gyhuIs5nY2gB4fMbDo9q3i9n5Xo/HVWyC+BAoGAEqS3DpZLRLRjahMwiEd7 +ojsDa58sp1/q0MyrMuIQvKt6y0MrlGId/TTgr+uLp0PAHZiRcfj+MHYS3q4ftw3M +DKISS1HzC1EDRbrH4IUsJTbqHWTxOQnUWXmeNWuaf3k74H6rsL1er6mq+kG2bKTr +YzZCX2b+WKJ7kbvloaiFfuY= -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID1DCCArygAwIBAgIUKSPIVx8fGO7AXQ+UCeOeYSt3H9MwDQYJKoZIhvcNAQEL +MIID1DCCArygAwIBAgIUbEVC5hWQQpWYIXOynGd8Ku7ioaMwDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTE0MjEwWhcN -NDYwNTMwMTE0MjEwWjBpMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx -FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxDDAKBgNVBAoMA01EQjEQMA4GA1UECwwH -RHJpdmVyczEPMA0GA1UEAwwGY2xpZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEAp9c06q9VUpvRmaqU6y3z8mjDApdgfDOe9ZCKvTuU2CG3XUG6b09M -ZJSUw7FhNyTGkC+VauLP8r+VLYeSepn0CQvQHRyEJjrIwU2Z0NyngClBnBJ4ieOA -vJ1TA8t7/zVKvJGgDeSZwRZ9AW9wqA0lVGX6xux0X3n5SQnisxPYCQHaFtvxIxvd -C0n804hGrRxwjpal+NXZSdG6AG5IcS/zLy+C/SZsYRmUng8pBgyadPNaEBN6jIIC -L5QPIgg9JsJ1KhWKCZUvBnshto2qdZFr4yHlGGNejjBwhQmSw3lrm4xP/TOwWPVd -eADbwjlJ1ybl9zIo4ya8cApr6cu6QmrfywIDAQABo2QwYjAdBgNVHQ4EFgQU1aKR -s+y020aHbSsTpVcmfLPAqCQwHwYDVR0jBBgwFoAU7R0mLRtoLzfBIdU4uSQNaYmP -eG8wCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB -CwUAA4IBAQCaqWIGEPewAZoXKb+eaSa4MdiXujKE1s45UsY2xzGifkbSphdebdyA -5gQPEyEo0/zZXa2eZ9kMdBf36e5LVEXFBdM2emlTUYLFvLI4afcGhIX9cxtdiRR1 -PPONG3MZlVUKYvFatRzdsDjCC1SQwACvPma38oStnb4CCY3W7guTgks1rosm6q6d -zSR0Pp4JAABQaR6Zd6LqnF27Cc1e8fyBv0rkxty45Vpwqk/YhPm9Evd6xF1XnKpc -dOHQwwUNWdi/N1gC4dw6BydOeDoXa6ad6+Eus2M8GpN7Yiy22MQl1d6DdP6yMlBx -FM+uvMUzL20XOIQsyqvphH94FK/Ffw8u +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTg1MjM1WhcN +NDYwNTMwMTg1MjM1WjBpMQ8wDQYDVQQDDAZjbGllbnQxEDAOBgNVBAsMB0RyaXZl +cnMxDDAKBgNVBAoMA01EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UE +CAwITmV3IFlvcmsxCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAs0EiKAUVKY+q3j9NclFK+kGvp2uv1pJh7sTHvvG5S8pKytHK/HLI +6zN3RaL4QqgUxmN7H8VjJ+vyMJd3R8htUXFb//1Y/tnpRIND7dQ2F6VqHTGZvF3Z +ZJCB+QgCiFTGP5DKYJ8oZw2ZE6C8fca0bQ39dBqeyeX9+2NDiFxmOtDGS+ujnx1w +YCEirMkeR1WtMrCp+jK5SuhHrgFHaDFDHDU3RZyP9ODUSfKkPu5xkIMcLf4lb1As +6apKtGTA6uUw+68HSIrwdUghysmG3U4LSMVkJXSzDaszMCKaiKWJn3Cm2hggzvJu +WUIONAiqXfC0TiVTFlF/rFmoIsplcU7LiwIDAQABo2QwYjAdBgNVHQ4EFgQUJD1X +OCILxquIzaglCZR5D4+tImcwHwYDVR0jBBgwFoAUD6vwfiwuX0FJiZ7P7ND/cBWC +rl0wCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB +CwUAA4IBAQBODxEA8m3nXiUu783IWcNGsF2Mzn9vOdL6reTxd3hSqxZfLZi8VfQu +51LY9l3luZ4G+wCK2lcXXtyqNPBRGj8pYLI/KmfYFRMxo+pMDvq8WbALfkvYFvg/ +ZV2VCKvcM4e7IGPe7vx9gTlxVblEGok6t1zzJxCt3TRxi5uUT2tawtkhuZsVaxS9 +rZ1vX/tX7wCnY5dL9/2WXyNwvvpqIM01+u3sSrW9TRHDxGhiXk7h9xlivpET9jvb +Xa4IOq29XGVnTyddAWr0YVZjh7rAaLYY4fy7qrTQijDcdEyj6OVTyk6BXz+7gRgG +Zf70TZTjQH3898e64aClBRa/4v9goUsU -----END CERTIFICATE----- diff --git a/test/certificates/crl.pem b/test/certificates/crl.pem index 9c0f0899ba..b069630870 100644 --- a/test/certificates/crl.pem +++ b/test/certificates/crl.pem @@ -1,12 +1,13 @@ -----BEGIN X509 CRL----- -MIIB0jCBuwIBATANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzERMA8GA1UE +MIIB6DCB0QIBATANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzERMA8GA1UE CAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01v bmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMgVGVzdGlu -ZyBDQRcNMjYwNjA0MTE0MjEwWhcNNDYwNTMwMTE0MjEwWqAOMAwwCgYDVR0UBAMC -AQEwDQYJKoZIhvcNAQELBQADggEBAL9Sx5Q2z3yhREf0RZhpvayV/Ck3UOWqEVT5 -c+3yAjNsQrO2OD4Npks2qoopgSB8dfePZSZOfmzbSwiyPOPMs71VOwH2chmZ+3Xp -oDBPmVWsNzpK4fRbE86GIEwg2aBFLjOt4+KWFVftGDw9+Liozp+AWaBAUZTen8ac -eQLeACqbqvuriwqvtD6KCfVE3CDG+AK9CfCdlO52kpkfVBP/TG6FzRXp984Pa7Fg -ORKWRpHQ3XoQiKB6pUwUQdE5yGit1oXNRzouWRN0tq0BkvErQvq2RqKalwWJ65kx -KCWOrTBfDKS28R1P66Eo4+CaFdX4Xju2yCTQNYrg7MrG7T7TAFM= +ZyBDQRcNMjYwNjA0MTg1MjM1WhcNNDYwNTMwMTg1MjM1WjAUMBICAQEXDTI2MDYw +NDE4NTIzNVqgDjAMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQDOyT3+ +ktzOkBQt3mjCyz7DnzFu+DVh8RH4q1/IvMFtMoLe+QOBb3YzGcdvvbyIIupmrOHV +JsWxkuReJuEYoJxV1B1QNNu1zgqHg1o+gCkFxAFawrPSHHNT7Fp+VDu3Fy7gUcLp +Us1FD+WvRIorJ2NpwLZV862tqvGV1LZ48TsoG0lnW5uOtJN8ivtz8q1H6ZWj1Td2 +PnZx0ojYKH5C6CUSAPjB/jEQv2CnLLu8zOjFVpe0OeJM05xmlY92c6yWe+Ugb7jS +a6kxnblSk0zM7mf+JmV6f52Bvy5bxsYPtnpFE9enV4J+iuVYCE3N4Y9gqTljoxpJ +zEKrPp6XaFLCVRtl -----END X509 CRL----- diff --git a/test/certificates/expired.pem b/test/certificates/expired.pem index df740d80aa..13ed4feca3 100644 --- a/test/certificates/expired.pem +++ b/test/certificates/expired.pem @@ -1,51 +1,51 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDN0dp1gg34rnRb -aBXidThGfUiWvBfsMdeTI2sjlqTiEilUdxy2v6Y5XtaHE7ezK++IqML0YIZSyhM2 -obD6pj455eJ78XcFb4PcDVER9BVr3jQnfkXYsNa/9zr+RtPz2JOWy06taE8oYXp/ -hiS491sXApQwTkWBwJ1SNFyQKBFP1GiMYFShIREf1JySLVhzOw19S9VZxqw/1gaV -JyddZ5GYqJrk+CHjim881TdsH+3bBF/KVuN4taLG7E3+b4WIXbNuMlhxF8NDQjlw -el14rwmwsPO7oPg2Q/41ALyh8P58qDb67L5G8HQIkw+rnqeWWUV89SqmTyh30/Mp -2V90+vPzAgMBAAECggEAIW2aLyf9L+zZriI6HQqP0MxhVptca/rDuhHwa+/Nfirt -S9rVWY3H/XJnTQ9emyWhemR6gX654ka6wc6XdCY9s2FLHHlL16Cp3brLS4CwB/x8 -zltGadrS44vP045aYgpEx6Lj95XE9tiE26MZt3GepElBcJUN2fSYOJ/o1sBYi3U3 -u1ioODXHKuNFhFN/ebEYibYrv13amKuSIm5HYwNYbUiaT2ZjrGH2PKulILu5BtmM -melqaILSrhhGVPtDOBX9fgK4hPOWy9AY2fu+ZCdgrynX3jLNMnljw/etR9gf8s1T -E8hR5yi6yr5Lc0HwyUierAvdd3oMuPCXbMQ+0pjhOQKBgQD/fPI/eOta6ZX3VhSG -KemMgp6ecwNp17Fm5+0bLEW1nYLe6qScrsi2RISbM1X8vzpTciOmcoNh/w6APc4f -kPuOCNZ9sNaIMXr7UsBMgtzvW776YH08q3kO3AWtCaYQ9Ie/RX/OhnZ6kKg19oFa -vKhqQJVk4oIFZ6tu6SDTm7FDmwKBgQDOO23y41IQAFYiHq21UA8S/egLJOteb/aq -4FITHpl/QiPzyJKQRVk2EhiZ1vhXaiQE6Oes4L5mbA7PEKk3zfqhPbvutHejuoNF -dSo73oRg+MpIFMFKm/ylZBj4VVRnopN5HPNLpW2gKBxoA6/S//xigEztr1Jcd+z1 -ToOObhSyiQKBgQCp5y62lTR3FgX8IQuvGSpOngLcPoJTnfRFChF9U5jcKW6BzitA -Y1/pDnHdQGt7lLQ2EB6zL04+Gj9Le06bYXBYyXnSxoo0sisl/acSeqhwqWO83/QJ -J8Nu5VUE+PiuJ+AqjA5tirA52/9xO4hUjke1uVNgbt2muIWiUXjaIJzm5wKBgCGf -pNxt3YpIU8K6V73w8JQ7G2L9wPYjsQbJDfiaC5Ko+O2dLPAirlnXd3VVjCXMY1T9 -mBAikEhoo710zPIRPiSdyQ8xEzR5iz9+y8T5EYIx7eD0qVL9vaJFgKC0YM+IvRyI -8M3LieULxR3cRAVVwRNaMbCq3fW/g7228FH/dpZpAoGAdZtp3y4SzHWE8PLChm8z -xhHqVvrNjzY8NPAotYUOZJ7Sev+jlXqZp1sr4SI27tVrkJrYVb2lQdIRMMKJk7I4 -AZ68v+dQjGrX7Xrcu+iqIKlFY7HJT6fwr+syjt50RqYSDCPoETldpUyxyXk91r/L -irsU3E19H05+WGokTLkREts= +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCa26rANY8pf+t3 +U06CFjFEHTQ08O8opidSAnPMEGWLuiieIrSM/rMpxzIdk4sOlmj5CvBwvSGKiLhy +nPMGh03QZVfLOAdlspcglmmvLqnLMKGjXOKowqgBkwLRRXy66JTX1e06fXf6Nutw +KAYlGAU4PLTtkAASxbZiogCUeuCDrqtmHLxULzaRcPCUzdn/iiiLPrk9bBnUSfSq +8+0g8paCBAUHr4hV5s0SlCtG8d3b5JfRzyesTJllFbji29Ggeud7tsHVPuQfdZgk +pdL9pGeWG3AQWDC+UqKix+/puS1dnAXPFz+ZPZS06z317rDDb5pFMI35DWaGNcog +MR/0WWadAgMBAAECggEACbc3+IyzsXMa4xbpMUyypRce+CZYnuiDxYetW7N4p4JT +u44qXUE6nOeoO4ZO/miN5/gZez1GfjJTPi+eKL3y8hz1m+SlRCpnBG6jbVAEa6De +t0jj2Joz37tpPRd6uqBOfFcp5dZK4XoyHcyJDCk8ZJmccV4sPwFEDt6ioi4uaVyC +TiXbJooLMX1kiTlm4i9PE9aInKsp05DFz0e4oeOfKUBIFpvXWy4GAJTBAGZwl294 +h02Q2bF0ugKrlOh5lBd2bjloE/+k8zQwrILN8FKvPr9/DhO9fXWf1obmMQD3ETQF +jizxr0OTduMA4oDqagyNGtkM7pE4bGRcAFQN7VNfYQKBgQDVJBGT7AnDItx1evSU +kwr0IOhZ8GenpbVAjKAs7nh5D/gXbWyPUdfJQaCwXraVfDARWbnZiplZzvbzDs5Y +GzRbjQF0n2zOdrJfWicaRV7gDEVKshouBR23cpa9DF08Rx9zPPhdCxuQcljHCz8K +nmaHx1k4OlBbdbP/Q2EhQ6FavQKBgQC5/1o5zLNcBRbyQq4SOYJRJ7IxtqgNNk+C +Opdu+Kr0kFMKK+S+VXzI2VMja+Kfx6kyMqgjI+A0nXUzRw9b4WM3WvlVZ0XYh13a +iBB2D9lY8MjxhBwDHaA8yXKLDBtrd1PSi/zuN1NMGHRwIUEgQWW016RzW7QYBfOo +e6a/NSDpYQKBgQCwsyJPe9PsDq6uRq0Vr4HZOp7mUUPd3KcTSIJSPbFqzC5lXbYu +ay92Dg5lqV+9NiOzfqtxClJv/gEFKDUxHfyeGZwnTzQpRoZCPr9ELFancATSFC1Y +Ea29NCZ7vBBftKcCJn3QxTCo4+NtwIkXCJL/5ei1kMKl0ELVUMrphOP0EQKBgQCr +QyYYHJV2gLU9Qwq3ez60bWHWBsM8zyps1niD1PLNGGtt7TbFzz+ETSAReJCG4Ti5 +IQ3StYEH0YiOO7s3thQ+b0UwT1Rv6U0RIMJPg451J9lPEX8dm1TlQ/R1diN1U73a +G848prLLWaU1blliUvVMjFc/ZUwx5qESHTFP1KLGYQKBgQCzGcsFmd58po5CjjrY +sMvxab6U8FUmZVblCVb/KIepejwJRKbRYaiaqHrcD4m6bXVpRftLEDVPq1g+bvGV +1p070ta9y8Zk8BV/XfCv0HLELE7On//ThPhb7L3d2g0NWqhdOhZ1S4YBFiHYNlci ++XYSyDmJohYdvVxbG/YDqxBGbw== -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID5zCCAs+gAwIBAgIUeclhc3eoIxhcNOU4obPCurzh2rowDQYJKoZIhvcNAQEL +MIID5zCCAs+gAwIBAgIUbEVC5hWQQpWYIXOynGd8Ku7ioaUwDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMDAwMTAxMDAwMDAwWhcN MDEwMTAxMDAwMDAwWjBwMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV BAsMB0RyaXZlcnMxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBAM3R2nWCDfiudFtoFeJ1OEZ9SJa8F+wx15MjayOWpOIS -KVR3HLa/pjle1ocTt7Mr74iowvRghlLKEzahsPqmPjnl4nvxdwVvg9wNURH0FWve -NCd+Rdiw1r/3Ov5G0/PYk5bLTq1oTyhhen+GJLj3WxcClDBORYHAnVI0XJAoEU/U -aIxgVKEhER/UnJItWHM7DX1L1VnGrD/WBpUnJ11nkZiomuT4IeOKbzzVN2wf7dsE -X8pW43i1osbsTf5vhYhds24yWHEXw0NCOXB6XXivCbCw87ug+DZD/jUAvKHw/nyo -NvrsvkbwdAiTD6uep5ZZRXz1KqZPKHfT8ynZX3T68/MCAwEAAaNwMG4wHQYDVR0O -BBYEFF9Iy+JbFAKCo4ATeQWKdiJKty8dMB8GA1UdIwQYMBaAFAyrGYdlc3lY1CvP -iPeUn/U/DOodMCwGA1UdEQQlMCOCCWxvY2FsaG9zdIcEfwAAAYcQAAAAAAAAAAAA -AAAAAAAAATANBgkqhkiG9w0BAQsFAAOCAQEAbLsFZ8XoDBqzWQ8Tki1TaMM15pr5 -rLayr9Qk4lLfAKISLSRQ9IC3UNlKt6wyWAm9dCTywGCY+1lwnpgCeK+Ve7w9A06e -AUN4TVNffHb9LNsu+wj9fvyj6FBINtgBKgNWqjy1tQBoEJsZiIIRN1QKNuEgXEvr -+2aKUysdniTIIeQG5HIFd1TIG+ugabVPXOE4sHdUwXpcY6zcF6za/J3y3UvECOtH -bLIoiq7Zo9CDQE4nN3l4c0WkgaSL1YUFZSa5mLJgqUhn9crN1Ir2edoRg/Mn/Qfa -bWg9TVBBYAqYqfSsygObNywBf7V4sdgc2rRxwqh/TQ6TWvVXyN5tmCnE4w== +BQADggEPADCCAQoCggEBAJrbqsA1jyl/63dTToIWMUQdNDTw7yimJ1ICc8wQZYu6 +KJ4itIz+synHMh2Tiw6WaPkK8HC9IYqIuHKc8waHTdBlV8s4B2WylyCWaa8uqcsw +oaNc4qjCqAGTAtFFfLrolNfV7Tp9d/o263AoBiUYBTg8tO2QABLFtmKiAJR64IOu +q2YcvFQvNpFw8JTN2f+KKIs+uT1sGdRJ9Krz7SDyloIEBQeviFXmzRKUK0bx3dvk +l9HPJ6xMmWUVuOLb0aB653u2wdU+5B91mCSl0v2kZ5YbcBBYML5SoqLH7+m5LV2c +Bc8XP5k9lLTrPfXusMNvmkUwjfkNZoY1yiAxH/RZZp0CAwEAAaNwMG4wHQYDVR0O +BBYEFO8aTHYYTacj20OYic5ESjQNkMKHMB8GA1UdIwQYMBaAFA+r8H4sLl9BSYme +z+zQ/3AVgq5dMCwGA1UdEQQlMCOCCWxvY2FsaG9zdIcEfwAAAYcQAAAAAAAAAAAA +AAAAAAAAATANBgkqhkiG9w0BAQsFAAOCAQEAK7YzbtbkzBrjabmpuScvD6HNPwms +j7S0+eSb1uGyW5OtaH42lXICu4L9AGyIk2cdiY3dEzvvKNYqg9+Q+7Zq7XBtBJNb +xkdw011KJF3npgkDQNJIzYu0hBAeKcbZEKGYomE1p4naWbP4Exrsguikc/YyDdRy +DxgNsze67QMbUSvEPoiwnKXkbJ1OdYaGQQF6OZEmH3ARjfPY/OBx8LYGMfeHiLJU +CF4Sw3Ux8KUP2p5gF+jZAwA0mtcZ5EqowNsQ83dQECkHoN1VR1/mVWe2n9vbP2IQ +DeE4qT6t28ZWVv/ex2Kkt+OVcwdKUgi2ijLPEXH1cwWAIN/iv4jqUwKilA== -----END CERTIFICATE----- diff --git a/test/certificates/gen-certs.sh b/test/certificates/gen-certs.sh index 3cb82d63e4..750830b1b6 100755 --- a/test/certificates/gen-certs.sh +++ b/test/certificates/gen-certs.sh @@ -89,6 +89,8 @@ echo " ca.pem written" # ---------------------------------------------------------------------------- # 2. Server certificate +# Signed via `openssl ca` so the cert is tracked in the database and can +# be revoked, which is required for the tlsCRLFile test. # ---------------------------------------------------------------------------- echo "==> Generating server certificate..." openssl genrsa -out "$TMPDIR/server.key" 2048 2>/dev/null @@ -96,19 +98,22 @@ openssl req -new \ -key "$TMPDIR/server.key" \ -out "$TMPDIR/server.csr" \ -subj "/C=US/ST=New York/L=New York City/O=MongoDB/OU=Drivers/CN=localhost" -openssl x509 -req -days $DAYS \ +openssl ca -config "$TMPDIR/ca.cnf" \ -in "$TMPDIR/server.csr" \ - -CA "$TMPDIR/ca.pem" \ - -CAkey "$TMPDIR/ca.key" \ - -CAcreateserial \ -out "$TMPDIR/server.crt" \ + -extensions v3_server \ -extfile "$TMPDIR/ext.cnf" \ - -extensions v3_server 2>/dev/null + -days $DAYS \ + -batch 2>/dev/null # server.pem = private key + certificate cat "$TMPDIR/server.key" "$TMPDIR/server.crt" > "$SCRIPT_DIR/server.pem" echo " server.pem written" +# Revoke the server cert so crl.pem will block connections when checked. +# This is required by test_tlsCRLFile_support which verifies CRL enforcement. +openssl ca -config "$TMPDIR/ca.cnf" -revoke "$TMPDIR/server.crt" 2>/dev/null + # ---------------------------------------------------------------------------- # 3. Client certificate # ---------------------------------------------------------------------------- @@ -117,12 +122,12 @@ openssl genrsa -out "$TMPDIR/client.key" 2048 2>/dev/null openssl req -new \ -key "$TMPDIR/client.key" \ -out "$TMPDIR/client.csr" \ - -subj "/C=US/ST=New York/L=New York City/O=MDB/OU=Drivers/CN=client" + -subj "/CN=client/OU=Drivers/O=MDB/L=New York City/ST=New York/C=US" openssl x509 -req -days $DAYS \ -in "$TMPDIR/client.csr" \ -CA "$TMPDIR/ca.pem" \ -CAkey "$TMPDIR/ca.key" \ - -CAserial "$TMPDIR/ca.srl" \ + -CAcreateserial \ -out "$TMPDIR/client.crt" \ -extfile "$TMPDIR/ext.cnf" \ -extensions v3_client 2>/dev/null @@ -170,7 +175,7 @@ openssl x509 -req -days $DAYS \ -in "$TMPDIR/wrong_host.csr" \ -CA "$TMPDIR/ca.pem" \ -CAkey "$TMPDIR/ca.key" \ - -CAserial "$TMPDIR/ca.srl" \ + -CAcreateserial \ -out "$TMPDIR/wrong_host.crt" \ -extfile "$TMPDIR/wrong_host_ext.cnf" \ -extensions v3_wrong_host 2>/dev/null @@ -193,7 +198,7 @@ openssl x509 -req \ -in "$TMPDIR/expired.csr" \ -CA "$TMPDIR/ca.pem" \ -CAkey "$TMPDIR/ca.key" \ - -CAserial "$TMPDIR/ca.srl" \ + -CAcreateserial \ -out "$TMPDIR/expired.crt" \ -extfile "$TMPDIR/ext.cnf" \ -extensions v3_server 2>/dev/null diff --git a/test/certificates/password_protected.pem b/test/certificates/password_protected.pem index 7f9dfe45a7..6a8cc84126 100644 --- a/test/certificates/password_protected.pem +++ b/test/certificates/password_protected.pem @@ -1,53 +1,53 @@ -----BEGIN ENCRYPTED PRIVATE KEY----- -MIIFNTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQKb6V8p8vtC23xKAM -DjowVQICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEECts1AXkxzEUdhl5 -4whQx6IEggTQpAjBXy1MHrgeHutm9BlTE6qd8DlAb928ul8M9utdoL8zCqSE/sVQ -vLo/WWjJ8qXzgRLvIQHEkpP1EmZ7aEHin6dWWJbPl1ENN2klC55ZlKf9bfFqtz12 -WSx0ZvEHfG02WPPyspT8uQ4uksL4EM9zap7h1GtOAeyxAQF9TqOdOcQnlnI4nyXH -YDcp7Ge/zSZKQdgNRid9T3Vw4EwGcmpYH3W34q36xcp5Dl88gGdueoMHbMgWYJx3 -Ng1pJ6yVc7CHCByGHT7WsRIeqsjyTHIPjbh66fKUy0tNLV5OJBd7Btm5d2ZzCere -oZGrW1AkWkvMM9KOZLz6UVIs63k1ffaVqrB5Br27K2hQGjuNvvh8mI0KmXCSDQmb -gVMFVCuWHMx6EJCDbuP+xceHs5+Af6KRavi+Lr7VVNom06Gxgjk/+gtAxS1cDt66 -NAmSxUTV+j+6Uva1mA87rfD6L0eYrE2QY8ogQY9HqKivWsj6nbhwVE1C+xU/zDua -FNHSjaRlXNbtCeYHBdBHVpR/SvcicCj/6vwjQd00hwZly0CXkmKmIR0UVx7rM+0q -yindY4Pyja8xqQERZcKGylmqkcGZFumpLoGDzCYqgKP8d0cGJRq5ow+oT3Rqi3Zi -S+oN9J3ls9zE5lHvFeGX/+jtCYs1QFokHoktKfg9OQNSrVLrPisalOL5Uel1VblS -rpmv8Ux5mffT3XLIYXyA817fKPfivrl9Nzgf4hsyk2NtoBIbakHKga7ckwbh6tXa -kbqukeHsRIIjYMixfvL21edcjCSTelFWSndAQPw4gPa7kgUO6+FRUSvr/nYsNAaR -bzw3jmezlT57E+iJyy/qlRJIeLHESUxc9nmhGE5f/5m5O2a1oNDiu8FCqkfDXD8Z -d8BNyD8LQt9quhmLSbz2VYnN9W9LOIF7cRLWGGylUhqA4yvZcpgpTfaCjFpMVuRT -PLpBpUbELlIThr2RnxcRDgEAITLtBCR5ZN2exW+OqSDvtoaIE9j1PCl0IRooieGI -wIcsoO/HGTK5WY7oRXgJ0UOxzB4L7hv5ZBlWtU9PQZwylBYjmE6IWBwUNXx1cpaV -bQpQygGJbGQNiqOYHvwQvMDbnlf1+KzrcXmiD29bTWOQYHO4dvku9uN/NZtynfgB -EmysMi1YTj6YyiIByOJQDvEKSj2XPJ6r7CP1oCpY+GSy8YnYHkWwlMOVkN7TjJX2 -g5ti/UGZpwr0RkhYbqCX4NGoUCrUER22NYsJqirJDHMZVGgpTKIQAklFz6igVjSy -vQyYTfqhCQgVtq+wcOJKQklMNserzXSC0CTkBXKRNfIUUUZxp9eri/eCIl3dPTr1 -boRaYCtlbhyTywuJdn1yVME71uhfyYeFhi1xLxo2myC3vw9natBAyUNCUdOOrKBa -RtO9vQgV9xVBFK8Ju3A3if/Abxxmbgev+ZS/4eOs7YD/VVOlGSYXyLzBT49KDXn1 -6Rwzqy19VHgbDkGr5NmEycYtUNZ46Kwk5zUjzeJ7Wgy07flbsK1MQkU1CapgklR+ -CplCKT5483NeP7n+K/qxTWj281W+/28ajogcmWi6rPew1UvtaTbxI/QH9CZSLnk6 -lUGQ7yoXKT+MB2a58j2ejj6XIQ4oXNyZOAERCD+a4x0VZzmHWqirn4o= +MIIFNTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQhpFDlDzmGd+fd50P +flL5XAICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEMKwzbN1ulJC12iH +g+fJQL0EggTQIo0Du/ojwelIuPvDdWdnpKKQBNpYp2y92a7ACy3Y+jpFS6PrlUrF +2w24xma7e5YmTCOG2x3hj+wYno95pJxVJdQ/MF4BjQs8EKOrTwVD6fcxLuNI/8kP +xUlGQFyhc0KgqvISgVEEOHxkNAlkc6/ieaYHlxq0X07oMNF5AUUdLpnqG1trPolP +5Nfn1HxeSXvF+y2LlBKgcY6+ZLc3wdWGjo8nGDA2XdZUzcqQyFKXqragpHRTlIE0 +8mMv1nlu23x9S8nST63kM3GJ4iX8lVY8m6rBKNhuWUs+xbY+Mho8oH0t5h7Db1Pt +zu+SDFKp2Frtxe7uh0lVN1/m84gD8hBYAIm28aI5QhHEW2XKem/H8U/NLWXDwS8L +sy1jViqwKU5Cd1aDdxi2TMIDUanWaJwWZErUUQ/MaVxQGb3hts8ak8VM2jLNscvw +SadbKyiQGWhpze8OQX+eduOXADrRFFzhxRadCflKxh92AgfIP2LY0P8xKI49dSer +9LLDS7Rewu/S7TJPIUr94smL5qKfOWgYa2rx5heri07T6pniaL1R/Wgt7QsVTbey ++Omql0D3Do69RGEPTMjUFzniR0d/FqQRSl3ofntbDPJz4ydSMRDRt7FMTre6IykA +DRQfJ+/hdcZ4lVLY+5TmO4B2XUlufjX9W7NyYTPdiQoPWb4FHTK9V1J3qz0juv9d +6TvQuVDYkbI9beWiI24O6A0q8KbOh/tgABit8hTKItRxzPL6ZCne5g0wPH/0pGfD +tLO4xvWcEqx16CI3MpQggKyLOZADhgrXv+75ud66WkX8YP7ifYeeoXbcnUUVkt+R +r9SRLHs/2RjzO7IqwSTxow7QxrpbhuO0vQIfeiePeQysvgJBkyLNVewG3tmLRKrx +sIEG5XMqQ3hsF+UduzdWafzIdYUBG0chJts6dTrrWWtjGcWI0fq4p7VOA/juxJ1o +7iA7bWvKO/gb1UIK1B/3/I978YWH5p7rqkxoP2BIfBfvGsnBbNgegoVx/MrMPjHQ +nltvtlKycUCN8Hs7GU/1atygGBOoAamePJTkd2dHbwUhiU4Gp6BRw6OQO1fJEqG6 +xrw2vKwcRjsTqc1uciGNgRApRqAbe4JnBdq0PtXiwt0isEsLeG5QUdcayOAI7OPe +x0TH9u5LMHM/XDfk4dxMqopVcYzPr2Gn1FW+G+WD/KzbfGVS1XeeMHzBDl7R1IJA +3elGHWhDjRHp+eXWdjj/wc+iWaGsDKRi02d3AMeTBlEH/33DcRQsz+xNNUxUG0SX +KfXyjnrgtVLBBpQrLCTEZM7MSH5yrw62Q7nZrmS+jo8wJ3HNCTolunGGtQD+7T9E +xILMm3KMGmq/h3K2Jx7NuI7rE4ePrV/3kBHdDEpfzm2J33mKZjkI+tiWGfFSs8Iu +f2+6CQ+YdBBlJDd1KYvq8luASpEDVMhH97i5HinJr8alZuzJPeGYiE9rzoMtHh/R +l8D7xqY9xheyCtO9vTx+WfuMhQS72h1WLNcEYuziK5SlmXM9joXekd3LW5k8T/y6 +vfpzY7Z3UGSq03wL2IOthf7BNiVDze+cfNDjzWr4ps1R2GrAvP7OtF6WsHlphYCp +sAawhTx3ZaU0pNOk0IVQ3FNTCENq3Fn8sQkPMyWmOhtGvgCjD3mhdIs= -----END ENCRYPTED PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID1DCCArygAwIBAgIUKSPIVx8fGO7AXQ+UCeOeYSt3H9MwDQYJKoZIhvcNAQEL +MIID1DCCArygAwIBAgIUbEVC5hWQQpWYIXOynGd8Ku7ioaMwDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTE0MjEwWhcN -NDYwNTMwMTE0MjEwWjBpMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx -FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxDDAKBgNVBAoMA01EQjEQMA4GA1UECwwH -RHJpdmVyczEPMA0GA1UEAwwGY2xpZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEAp9c06q9VUpvRmaqU6y3z8mjDApdgfDOe9ZCKvTuU2CG3XUG6b09M -ZJSUw7FhNyTGkC+VauLP8r+VLYeSepn0CQvQHRyEJjrIwU2Z0NyngClBnBJ4ieOA -vJ1TA8t7/zVKvJGgDeSZwRZ9AW9wqA0lVGX6xux0X3n5SQnisxPYCQHaFtvxIxvd -C0n804hGrRxwjpal+NXZSdG6AG5IcS/zLy+C/SZsYRmUng8pBgyadPNaEBN6jIIC -L5QPIgg9JsJ1KhWKCZUvBnshto2qdZFr4yHlGGNejjBwhQmSw3lrm4xP/TOwWPVd -eADbwjlJ1ybl9zIo4ya8cApr6cu6QmrfywIDAQABo2QwYjAdBgNVHQ4EFgQU1aKR -s+y020aHbSsTpVcmfLPAqCQwHwYDVR0jBBgwFoAU7R0mLRtoLzfBIdU4uSQNaYmP -eG8wCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB -CwUAA4IBAQCaqWIGEPewAZoXKb+eaSa4MdiXujKE1s45UsY2xzGifkbSphdebdyA -5gQPEyEo0/zZXa2eZ9kMdBf36e5LVEXFBdM2emlTUYLFvLI4afcGhIX9cxtdiRR1 -PPONG3MZlVUKYvFatRzdsDjCC1SQwACvPma38oStnb4CCY3W7guTgks1rosm6q6d -zSR0Pp4JAABQaR6Zd6LqnF27Cc1e8fyBv0rkxty45Vpwqk/YhPm9Evd6xF1XnKpc -dOHQwwUNWdi/N1gC4dw6BydOeDoXa6ad6+Eus2M8GpN7Yiy22MQl1d6DdP6yMlBx -FM+uvMUzL20XOIQsyqvphH94FK/Ffw8u +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTg1MjM1WhcN +NDYwNTMwMTg1MjM1WjBpMQ8wDQYDVQQDDAZjbGllbnQxEDAOBgNVBAsMB0RyaXZl +cnMxDDAKBgNVBAoMA01EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UE +CAwITmV3IFlvcmsxCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAs0EiKAUVKY+q3j9NclFK+kGvp2uv1pJh7sTHvvG5S8pKytHK/HLI +6zN3RaL4QqgUxmN7H8VjJ+vyMJd3R8htUXFb//1Y/tnpRIND7dQ2F6VqHTGZvF3Z +ZJCB+QgCiFTGP5DKYJ8oZw2ZE6C8fca0bQ39dBqeyeX9+2NDiFxmOtDGS+ujnx1w +YCEirMkeR1WtMrCp+jK5SuhHrgFHaDFDHDU3RZyP9ODUSfKkPu5xkIMcLf4lb1As +6apKtGTA6uUw+68HSIrwdUghysmG3U4LSMVkJXSzDaszMCKaiKWJn3Cm2hggzvJu +WUIONAiqXfC0TiVTFlF/rFmoIsplcU7LiwIDAQABo2QwYjAdBgNVHQ4EFgQUJD1X +OCILxquIzaglCZR5D4+tImcwHwYDVR0jBBgwFoAUD6vwfiwuX0FJiZ7P7ND/cBWC +rl0wCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB +CwUAA4IBAQBODxEA8m3nXiUu783IWcNGsF2Mzn9vOdL6reTxd3hSqxZfLZi8VfQu +51LY9l3luZ4G+wCK2lcXXtyqNPBRGj8pYLI/KmfYFRMxo+pMDvq8WbALfkvYFvg/ +ZV2VCKvcM4e7IGPe7vx9gTlxVblEGok6t1zzJxCt3TRxi5uUT2tawtkhuZsVaxS9 +rZ1vX/tX7wCnY5dL9/2WXyNwvvpqIM01+u3sSrW9TRHDxGhiXk7h9xlivpET9jvb +Xa4IOq29XGVnTyddAWr0YVZjh7rAaLYY4fy7qrTQijDcdEyj6OVTyk6BXz+7gRgG +Zf70TZTjQH3898e64aClBRa/4v9goUsU -----END CERTIFICATE----- diff --git a/test/certificates/server.pem b/test/certificates/server.pem index 5540b38ca5..7e8a487c50 100644 --- a/test/certificates/server.pem +++ b/test/certificates/server.pem @@ -1,51 +1,107 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCUPK25g5b88xaz -AOQnx1u2oAANgl66JUXF6EDVYojoyH1f8t7yvEIQ7ZS1bupDuIg1lsypAf0VWFYa -5t+2n066XFr1cOl7W+h4nNoTm4uVV5ExZbs2w+TEvzlP7ef6Jo+p3lxCiuXh86Wf -vk/WuIlcGSUn600HrJaKnCIjHoD98iFXLRZpABS7pF8z+b8FxyJEHiiCi7auBo4I -0QLd4w22yl2cAjGb0Jr83KqqN5oii6L8xWwHrKz47Er154xq4/3rHNBWfbhGtfQT -ixB3W+IY8fOaM+cWNCa9MAtbEqj5x9zYDAnCmyUxpPywyFONBTftANiO7E0VVLAk -7vWtL/R5AgMBAAECggEABVyFzVjkuXSyqc9qxm7fx/oqJlLvHtJsSfJ9gyTo3hUq -Rlx1aILF7PDQLm5li1ooQFqaP7PyYGGX3lSNW4CQNg39vYoo7QJE+op0b2hyeE34 -0rg4OOHa61bIjuCEQbg//UfX6bw2Vkwb/cFssnptgBGUwMiHj7MpUA1s7/zmyMh5 -WZ194M/Fb8Oi3yuzngUnxqo8fBUVy1e/HMERLJCI1ifOjQ/3LRjDLHS3vSUUHJNK -fEIwFHIuVRKeT15qH1WiQHo9u2Gf/uRoxSuo6ZI4R8+/81ungk0wHbCG9FkA5zZT -6KJb2aeSY/2I4GhSEM7X/mHSrRlPIixzo6fzJd4JgQKBgQDNiH3/+6QKbIFRqNVG -uTOdY1TWuzPrqYIWyHLR1J/65tHxD6rJmzyJ8ETLH9VA85K0btTfzA83fJnRVTz8 -ouuLDeuMug8V2vCGJ4C7XRtp+4JYrKYmYQXGnW8UdsOUfTfFe0W5j71eVopCUIXo -mwhs//cJqQaZBzBIzodipjaHCQKBgQC4oqLm8hhwvrHe1ez63gHPkAkrFGUEwJkU -vF7Y6Rvlxe3Dd7q0v60OyyftKeLqKLyf1XjYaeI1O7Tb+4aCDleI65yF7cp3mLEy -kQU/VVCBZlV1XiJXaS5CJhen/ftaBDAi/qPqmonRjy/yXPZMJqFM+LjonGK+g+ip -tf6U9Hxt8QKBgCDmt5zRsInGotDqoPGIVh3ct8kEAKS55sw03ESAr/dfGb5oDqPl -SMSgBLMrblzOYO6nS0ZkCQ+Nz6W16mRaxC/nU4ycgCu0d4pSKoZTuj6190Cwqow8 -Pct0ikKRXG+Zt+LR//BbdSnz2oARGc6JesjQFMCkIR1ADFerT/rXtqTZAoGAOc65 -4EL2Qf6CpDkobFcsC/eV10YYZseCZkqgC5vYnzU8PxHyg/rrTRFwW8HciOHeRNDK -eD+WkoIyGxoCQCALahQSup/73zwQZrue//hPL2SB5zBk4idNU2qnx3Iuyz06cQp2 -+dIOymzhXymZ97e0kuvgwPuNswaLxu7zWWG+v5ECgYEAxpP+XbrDVAe696v5vQD8 -4w9LmqULtGAZyfLh3K5Fz8yRPP7uHsKivN8niaTWTGIGmD6Bk2aCdYgON0qp4fD6 -ICN+0lLcDPLcFy+qLACCP9BEONlXyihQGhwsQ3Z+n4bNyJ0kO8f/08UFxfz1xsO1 -y5FdRXA63aJyy1dEkpRauaM= +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCu6DrrhOOu7gCe +MG9iQAlcQwVG6RoXz/8lz416skDb5uVvzVfSEfsg4YB5qNLqcs3Hlq2WcAOZY8mY +1jF59xeatiojmqse0kgMr+GOpUiMJ/vCY8uWcgv94L+kJD25Z+Vgmo0Ja/XeBrOv +kHoDQxw3yHrEsUhD2AeZogh2BL77lCLVUIIugPWUfwOHHqjEo47lEW6RsFN8TY5V ++nJQYfIHNRHeLizVklY+5o41QsYukVsB/thTnVbmM//V89tZMUMUhhfj2QOQ9vZP +WklKOmFLn3Mvoc4eR1RXBpYHxvAVweWOheDo+OIWOrIGyGBNX7hGFmRVQeUOUSVT +rQdYfOspAgMBAAECggEASxFJxG5vB9OHOV2BWJIyUkJDgAkolULEd5ZqWtgpZRfm +rgLcJ8Fm3lhaOxzdlRj7v6coTnI54ToGOo3ngzitDU4UrN5DhkFrAeL0tDO0/M5m +S6poJORCyE4PAiQ5x5rTRBBg6sPGrOmEchvYehDyCfEF2+hYoyGTNXlpFzn3O+LD +gy1hYW/U1k6uqSGsMIc5H76+00xWSTPgpI7UcDll42bRO7Tv91QU4MqEqJhAIJ/F +TayPp6xyGT02zHmeliYC7KuYB4f85r055Ahl+97LsKnZKsLCy7wtgEHAZs0WFfWG +nR0b92WdjLdu4fZuJlyE7Lp6dBdAniLYKOi4po8XnwKBgQDx3wtZkmBJcMf7snUT +uUUCJ7A/BtAa9AboxpRBuVIUprzU3Owk9jucjcflcAFyUX4RFTtnZWYbwZDrN53J +jGDzkfUV8Y6c/tOwkYIh7n9OU63k+FOcKecelcDV4k+SptniZtXS8ZJkBJsAEBiu +q4F7r0gQacWBnqaWOMZQvzlVMwKBgQC5H80GJPz6jlenEhuK6ado5OYvHBngpOhT +XH/xOb37nRHPTQHnuUtfv5G3GYRTXA385Bh31PHbikmx+cUOYB+txY6mBWKewaC3 +TVbSkAQNoFnp8+aqgeTY5yegxMzehdBEHXb8614Xo3XguRubuiKvkKLW8Eog5r2J +jQi2CCdGMwKBgQCWeTDSdOI6TlPcHtX/g0+PW6mmTFLDsfVqc8Bgcy7BckogE6FG +DXpgl0Q5VUlRGanYbuEaHlc8BVxnOZ6MeS0H21IiaLlUqqSAQMY43euNizmwLV22 +1crXmErzxWvDzNHYrClypp9wYf0cOOdiI4jWreGjdGpPjagN5Rxbt9uvSQKBgEIt +gBlmN5lKMUNkUbxC8rmoujC1FvsbeIH0Wzhcr/G2oJs+qCOyNaOw0+JkmM1D5yw0 +ThroYN1efiHFbBBLhIeWS/xFiI/AIDfmydbT7N8CJ6JesmLZtHlliOEL+UDDDUSM +U/DuIuDIamc/RQNScvvX9J5pn9ZLJg56AFcyavfJAoGACwAYmEjQyOLZw+PKlNqN +W3Pm8ticsTx0KDdmOZ2VbGbb/olxLhBk11KUiyZwosLjXsMG2k6j34t3Nh9Gqgwp +tBpIFd4ii/IM1PL7yXIEIHnXN6oBT+DAqTzziE7fJhYAEJWYAt43Mzlm/joJzxwN +o1aioRCmCQZCCbzfCmqW9Jo= -----END PRIVATE KEY----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=New York, L=New York City, O=MongoDB, OU=Drivers, CN=Drivers Testing CA + Validity + Not Before: Jun 4 18:52:35 2026 GMT + Not After : May 30 18:52:35 2046 GMT + Subject: C=US, ST=New York, O=MongoDB, OU=Drivers, CN=localhost + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ae:e8:3a:eb:84:e3:ae:ee:00:9e:30:6f:62:40: + 09:5c:43:05:46:e9:1a:17:cf:ff:25:cf:8d:7a:b2: + 40:db:e6:e5:6f:cd:57:d2:11:fb:20:e1:80:79:a8: + d2:ea:72:cd:c7:96:ad:96:70:03:99:63:c9:98:d6: + 31:79:f7:17:9a:b6:2a:23:9a:ab:1e:d2:48:0c:af: + e1:8e:a5:48:8c:27:fb:c2:63:cb:96:72:0b:fd:e0: + bf:a4:24:3d:b9:67:e5:60:9a:8d:09:6b:f5:de:06: + b3:af:90:7a:03:43:1c:37:c8:7a:c4:b1:48:43:d8: + 07:99:a2:08:76:04:be:fb:94:22:d5:50:82:2e:80: + f5:94:7f:03:87:1e:a8:c4:a3:8e:e5:11:6e:91:b0: + 53:7c:4d:8e:55:fa:72:50:61:f2:07:35:11:de:2e: + 2c:d5:92:56:3e:e6:8e:35:42:c6:2e:91:5b:01:fe: + d8:53:9d:56:e6:33:ff:d5:f3:db:59:31:43:14:86: + 17:e3:d9:03:90:f6:f6:4f:5a:49:4a:3a:61:4b:9f: + 73:2f:a1:ce:1e:47:54:57:06:96:07:c6:f0:15:c1: + e5:8e:85:e0:e8:f8:e2:16:3a:b2:06:c8:60:4d:5f: + b8:46:16:64:55:41:e5:0e:51:25:53:ad:07:58:7c: + eb:29 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 3D:58:96:FA:DA:CE:50:8F:26:C1:85:AC:A6:4B:C7:7D:28:7C:27:5B + X509v3 Authority Key Identifier: + 0F:AB:F0:7E:2C:2E:5F:41:49:89:9E:CF:EC:D0:FF:70:15:82:AE:5D + X509v3 Subject Alternative Name: + DNS:localhost, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 65:75:d0:6a:e8:ea:58:55:ae:af:b5:fd:a3:86:d9:c6:a8:3b: + d0:3d:e8:fd:90:66:71:46:33:75:ee:47:73:85:25:88:8c:5c: + ff:74:db:95:2a:d4:16:18:0c:ac:5c:46:b7:32:bd:56:66:1e: + 22:48:a5:5f:c3:01:57:bc:f7:9a:49:a6:92:54:f1:85:9d:5f: + d5:49:18:9a:c3:36:1a:e6:a3:d3:06:18:fa:b8:0a:11:db:ff: + 91:35:42:7e:68:9c:16:31:f2:36:2c:a3:1e:61:36:d4:51:e0: + e0:f8:1a:a9:75:b9:3d:ae:07:5f:9b:8c:1d:5a:69:d4:38:21: + e3:75:93:6d:95:ac:2d:c6:02:7a:97:dd:e1:b5:62:3c:7f:b3: + 6a:e3:2a:c7:18:bb:30:7c:c6:b8:10:69:9e:3c:76:9e:f0:60: + ac:9b:4e:8b:18:1f:4b:89:34:f4:4f:46:3d:57:6a:7a:2f:1d: + 13:77:1d:87:ca:94:92:e0:9e:d8:93:e3:7c:95:15:6c:ce:d1: + 75:bc:dd:2f:9e:6c:dd:59:13:86:80:49:17:67:fe:77:75:51: + 18:6c:cd:70:9a:66:be:41:cc:c2:24:be:75:4a:95:78:67:cd: + 57:cf:d0:c2:0d:0e:ff:ac:f9:f6:37:a6:df:d3:d6:6d:e8:8e: + ae:df:1f:11 -----BEGIN CERTIFICATE----- -MIID5zCCAs+gAwIBAgIUKSPIVx8fGO7AXQ+UCeOeYSt3H9IwDQYJKoZIhvcNAQEL -BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O -ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTE0MjEwWhcN -NDYwNTMwMTE0MjEwWjBwMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx -FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV -BAsMB0RyaXZlcnMxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBAJQ8rbmDlvzzFrMA5CfHW7agAA2CXrolRcXoQNViiOjI -fV/y3vK8QhDtlLVu6kO4iDWWzKkB/RVYVhrm37afTrpcWvVw6Xtb6Hic2hObi5VX -kTFluzbD5MS/OU/t5/omj6neXEKK5eHzpZ++T9a4iVwZJSfrTQesloqcIiMegP3y -IVctFmkAFLukXzP5vwXHIkQeKIKLtq4GjgjRAt3jDbbKXZwCMZvQmvzcqqo3miKL -ovzFbAesrPjsSvXnjGrj/esc0FZ9uEa19BOLEHdb4hjx85oz5xY0Jr0wC1sSqPnH -3NgMCcKbJTGk/LDIU40FN+0A2I7sTRVUsCTu9a0v9HkCAwEAAaNwMG4wHQYDVR0O -BBYEFBOeLQ+CZYYAupW/IQXqUlBMjEdTMB8GA1UdIwQYMBaAFO0dJi0baC83wSHV -OLkkDWmJj3hvMCwGA1UdEQQlMCOCCWxvY2FsaG9zdIcEfwAAAYcQAAAAAAAAAAAA -AAAAAAAAATANBgkqhkiG9w0BAQsFAAOCAQEAP3OaQwijfrhDeJnQEiCLzhuyqh1B -7oWgC9CFG75Qe2VUVXcyIhhgYRE9SNUxv4v8VGEUB1HZmgMBO95xdKGCyIbkPmjI -qyXcGtJwBv4Uj2Fv5pswxMjInCE2qPHK162H2JG1nwRLertiOEvnLca1J9lysaIn -R2O6Ur0AwkWCnssD3z51SYt3xF+veFAMka8elQTMuj6LxerKf6SwaNo2zt24MrKh -zMAHfjrEVAAATUMcDchbcUd2E/DhbdbVEA4r4k4snB9Yg+5PouB824dqiwXiBHu3 -Ka+nFf/Pv+XVjR1pnVbiBaPnYxs+i+z0f3XMN1YMVNZpKF3ure94FQReHQ== +MIIDvDCCAqSgAwIBAgIBATANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER +MA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNV +BAoMB01vbmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMg +VGVzdGluZyBDQTAeFw0yNjA2MDQxODUyMzVaFw00NjA1MzAxODUyMzVaMFgxCzAJ +BgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazEQMA4GA1UECgwHTW9uZ29EQjEQ +MA4GA1UECwwHRHJpdmVyczESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEArug664Tjru4AnjBvYkAJXEMFRukaF8//Jc+N +erJA2+blb81X0hH7IOGAeajS6nLNx5atlnADmWPJmNYxefcXmrYqI5qrHtJIDK/h +jqVIjCf7wmPLlnIL/eC/pCQ9uWflYJqNCWv13gazr5B6A0McN8h6xLFIQ9gHmaII +dgS++5Qi1VCCLoD1lH8Dhx6oxKOO5RFukbBTfE2OVfpyUGHyBzUR3i4s1ZJWPuaO +NULGLpFbAf7YU51W5jP/1fPbWTFDFIYX49kDkPb2T1pJSjphS59zL6HOHkdUVwaW +B8bwFcHljoXg6PjiFjqyBshgTV+4RhZkVUHlDlElU60HWHzrKQIDAQABo3AwbjAd +BgNVHQ4EFgQUPViW+trOUI8mwYWspkvHfSh8J1swHwYDVR0jBBgwFoAUD6vwfiwu +X0FJiZ7P7ND/cBWCrl0wLAYDVR0RBCUwI4IJbG9jYWxob3N0hwR/AAABhxAAAAAA +AAAAAAAAAAAAAAABMA0GCSqGSIb3DQEBCwUAA4IBAQBlddBq6OpYVa6vtf2jhtnG +qDvQPej9kGZxRjN17kdzhSWIjFz/dNuVKtQWGAysXEa3Mr1WZh4iSKVfwwFXvPea +SaaSVPGFnV/VSRiawzYa5qPTBhj6uAoR2/+RNUJ+aJwWMfI2LKMeYTbUUeDg+Bqp +dbk9rgdfm4wdWmnUOCHjdZNtlawtxgJ6l93htWI8f7Nq4yrHGLswfMa4EGmePHae +8GCsm06LGB9LiTT0T0Y9V2p6Lx0Tdx2HypSS4J7Yk+N8lRVsztF1vN0vnmzdWROG +gEkXZ/53dVEYbM1wmma+QczCJL51SpV4Z81Xz9DCDQ7/rPn2N6bf09Zt6I6u3x8R -----END CERTIFICATE----- diff --git a/test/certificates/trusted-ca.pem b/test/certificates/trusted-ca.pem index d10496e8ab..0e6dbd0fe6 100644 --- a/test/certificates/trusted-ca.pem +++ b/test/certificates/trusted-ca.pem @@ -1,23 +1,23 @@ -----BEGIN CERTIFICATE----- -MIID2TCCAsGgAwIBAgIUQCWo/PU6IvM6irHYGWdpa3ARHxYwDQYJKoZIhvcNAQEL +MIID2TCCAsGgAwIBAgIUcDB3/OfLfieyLQ5ZtrTHZZfXYu8wDQYJKoZIhvcNAQEL BQAwfDELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMQ8wDQYDVQQLDAZLZXJuZWwx -HzAdBgNVBAMMFlRydXN0ZWQgS2VybmVsIFRlc3QgQ0EwHhcNMjYwNjA0MTE0MjEw -WhcNNDYwNTMwMTE0MjEwWjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlv +HzAdBgNVBAMMFlRydXN0ZWQgS2VybmVsIFRlc3QgQ0EwHhcNMjYwNjA0MTg1MjM1 +WhcNNDYwNTMwMTg1MjM1WjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlv cmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxDzAN BgNVBAsMBktlcm5lbDEfMB0GA1UEAwwWVHJ1c3RlZCBLZXJuZWwgVGVzdCBDQTCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJyY5r4OksZl5CfOZWo+0gk1 -5sSpAr/B4iQPUdA4jQhi5ITfWjHoCB/qvGxW+HZIVe5ojPjfZ7FSum0RKu3XwM8n -nf3uqedHNq2ECSA+h652/Sv6ddT1qmT+UPSo/iRpAIeummTt6/X1aneIz4UtOfl+ -VU2g6mXUZtre/ZOEHruBOhNm1X+usk9BkGpXaeZWqJrLvEQCfmI+uoFxlt3B4V9G -ck/VLOitsr8zGszPe1b1fKmbah4vCDR7VXZx3K6RvMWihkcNlGriROO2OJIBIK8u -XU5pq5l8ltysSrop9RPGY6CROJXP7GYBI58kA6/GDd9288x+4QPuafif/jefrZkC -AwEAAaNTMFEwHQYDVR0OBBYEFAQGvt0Na7xdR65/dDTJ0VAg1mBVMB8GA1UdIwQY -MBaAFAQGvt0Na7xdR65/dDTJ0VAg1mBVMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI -hvcNAQELBQADggEBAB9VzX0c0Lk2qbKmt4ZQeeUouZhgJmcTFOC3inKqjBVZkLAI -g0iDmdPUzbq0tospuJMNuXdToVcCgQ16Yq5dTcDAHZWcOu8qv41gOGV6Ke0gR7V2 -c5GHJ4TuDVk3SfbuU6+6/P+3CjXWJRJoHM4IfcBMSWJnHSuMjgYQr27NNJdCNroU -0OXr4TqbjzCa3adbzOuQkXPKVq1bmJbfM1V0QBDqtCrvgh5Sl+VxCPJbNyipWGAw -KSAS1vFH1/6C9dD8Ihn9DWXmFPXYZ3kPDbUTKGFaV0rquX4MpYnW7Mcy9SyUuwho -nPyF7IQtRHLCj0eLoLfuayZWgK1c+hZlEZRURLo= +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMxM+57BJzd0yEdwHJcpDT08 +uIAUwXDtqz73n1VUnD4UoBVx2XvyCvofXT1qSTmD9zDG/KwQu7fcWba7maGMcRMr +nz3/fiDO846pPnxgpklCJ5FO46xtZH5pM0WWjIL6+ee4vIzmS1TIURHBjS1DHBah +q0bz/4I/sOo2hUoABwztOJcm8rKx/vAV/ItKjgUUh8GEFUQj87hY3JFaWclkVTse +gPe2uPOxlbZQ7b+GeQt9EX8svg98GVJwxzqYeIIiOcuJKuOwUxuu55LxE5l8mjXt +bKAs73v5Y/mBU8P5VamABrWDI+HCdd0Ku/IBGeQKsjZdAqKcxTt9p9NpYHiyu2cC +AwEAAaNTMFEwHQYDVR0OBBYEFHy2L5ZFBWL44NIxmD0dYC2Vf8UmMB8GA1UdIwQY +MBaAFHy2L5ZFBWL44NIxmD0dYC2Vf8UmMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBAHrAmym51AOPKXfq39qQ1m516SEQv/ZpAnN5HaGIXSBAne1e +sj3n4YOrvZ23UwkeiCGAOCHTzuRXk+Pd+7Ft8C9fOyrYai5R9NeygNJMtgLB3dhm +iPi6oY3XUBUjbP8VCFiRLuhTQjm65Nt9u9pAaPLrtkXKZlrwFfuIOIB1nJI6NBk8 +q94lJoo5XgMgA3RDmuq1u57nzCCUTi77BZkASTPEIQ4s+wYB4XYb12SSPN95Ns6V +863KZQRFBVqz6ZZoZ9OMZzX4paRi9MCbdIhoibhafjbF5je8wujVVqRsD4ALzwUo +Kyss990wYIZDMTes4dVQRRat/qayHbeCSC+wxu8= -----END CERTIFICATE----- diff --git a/test/certificates/wrong-host.pem b/test/certificates/wrong-host.pem index a32e592169..028bc656a4 100644 --- a/test/certificates/wrong-host.pem +++ b/test/certificates/wrong-host.pem @@ -1,51 +1,51 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCrY75NyMLhLJSV -b5Vy8wU5jV/WxLj0Hw/+YfdDHZUJcYBqvhpT6wNaeF+IdqvIijwSmHbqvOXafXny -hk1er8Fqwi77yLhcAY2dBqh/8RUKyG8cqsh8FvEvNiVLg7Im/djpUjKpV2iQfYj/ -BwXRGdSloBw3dMPU27XOIGthYU0TKqY/6nhn/5pi3z0G/1txhaLAV/7PsYR6wxZH -d7kDYi10tWGRl1PqDQrTo9z1JXNT5Bda1YCV3YO/t3FUBT3kXbYImKKgAK7K7IRV -ptmS7w5QJyAGOZutP8I3/CVhDWr1zxm8eFteQ8uPk+CgZJtvuxxSIhMBvRNgHiKQ -YH7u99HzAgMBAAECggEAJlE6brF/wE/zOCWmR/jFJkTRNHbu0sVPEhRc74hhlabm -ivbNdA2KxmM7GItPhJpDK/UiQQDScrKy3OHh0lWA7JlVX71UWl2Oh5jBezku9yYw -kTwtbnDCo0d7txJOdiEyqZdS9EEyg3tNcZbkWgdoX08Yf91/Gsu0Lc1ZtH/Id4wn -v+ITs2B3pv5JWJooHDA1st2qXPCTxqBH5UJqFDBgpbYBDYyOHGWxCfOLZ0KMs+et -cUabDk01tU33GdYElNP6Ca12ZKh6i7UrNmVA40zzVYsQnIdx0qAX+TppkzQs2RxX -SuKAmQnnyxsKepqecm4UdzzXSQO3qnnXubfmYJDfYQKBgQDYuZnecTQ0anaVaNaP -sOxCPcqxZM4NqZdac08nW+vfpJm85l+id9FziY5IUTz8W5ijO8iE5oOZahtzbLZV -jQSq57N+CdClrB1HpPwJhXI/oU2Y6o6MDaQHyZq1RMfh+1A3+O65JkFdR25PAMQQ -ZSASxGLktJiuWImAicFtZAEr7QKBgQDKcuyHaxXYmKDWveWw39VgvFxKFles7KLH -ZzuFKyiBAR+COMheDZjvtDvs7gZyhikvVbPM2BdhuqxWqjTd8rMCXRPTsGpWEFkB -XN0BPoRPKeF1FYRfMJey//xUr6KOILQhKnOO3ijazOJy2BPXD7K/qLNlRVUGXOM3 -8YWOxiv5XwKBgHmq+K7gbqZefmQyjwHsGTa26evc47DX3Jhy06UM/cZ36bcaveW/ -zl5GgxImSU6DPZWmIlQ59PdTkkWialps6InpueKwL+pSTb3C6ZuOxyzhqWaHh68o -mUWl8KyDCJPdOpOxtJNM3rU3PL4td+ScYP0oMzyiBnUaT1dR/r0iv2WhAoGAA8Mz -BilFVKsxggwxcqIWUx/tDytvIbWcKNyQTJ9Kt2sP7NmlT6otB3dwDa02zXYU2d5b -4xi5BoXzogCzztQt44NbVPnYYBUZsl7JdLZ2uwnqOMTXmvVKPHdpdyF0gfO1pVAm -qacTV02rf7roU3zlM46tFtq9A8tCJc4FT2v7cT0CgYEAx7OlCb0GOpjkCbDvgc5w -+9yyUBcUqredtUXyAwKN2PticeTi2fi/hxZ6SOKoX2iNPq0JHeNEZl4EIHLGbnVL -CqWpj/V9UKevYU6VLb/EM3V0kGMCfuFU7huZ2T/MDEfT9sAjSHO1nSLK8AUE8H38 -6NARhxCZKTfN/1T/+aezph8= +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC6zToi+QIWIW24 +xTSa6ZHUy+r71b+6DRpv92hE9/vTNwWXSFYq8LE1g88UE1aamP1B96wDk/439uDS +9nv5Y/E16fnkuktzDFnWgpPrx1V79XC0lkQGXatiX9Tq1k+CzsPkTIhN5lD7Cqv8 +DdfMdSk6i+CEx1mVP9XMfWeXHuAvv9C2OAyy7dC1vLi5Q2MWQ19cU60mWKLt5LU9 +uCB8FcKwVlzBixXS10/9uNdubLRMEav6synALiFQ6y9Nh0T3MwW0HobynDffese1 +yEhoy2TgjdvMOyoS9nrYHlNbIZlxavd2H8XR7XA2usrF/CIP6FCpICalS4oKfdYB +816+J+CdAgMBAAECggEAHzcfQWvZ+OfCJY+ywDZKu8QNsuKfpM/+vHob7vZ/muaF +ZSfd2lQZUMeDaafnn3L0Uzs3f+uRnjl/jVFKGz0juC4up5Wn+QQ12P4+CLbpJos3 +t72qhWPOuWQpOMryQ3oYywQs/NOBccnxPm/zwUNMze9E5/tGEYY2zHKiRmMO9Htv +/F8llJRVVZwDm0dn3UDTOTr3R7owfF+BoR2R8SPKe9PFP91AqPYxqsvff3iozKPw +uHHFS0EpWD1P/FnK+MjOUlpZhkWkZ5Zh2PeWYqk9mKuQOgMTUWfM/96dmzeIMlrA +dKFN2fkqgEkdUK/fPMWLzwbV9PwiZSDLICe+Wna8kQKBgQD6VakPDTYNOGWbTBwF +8j58kc0AVE1CFSyJ9hKXmdAuj0w/X2+IIygb5VD3v6zp4MCLwG64cVeQW2E7mojD +Dg2dfhjvr9Csh8EURs3lwIylf9pi7OSTEmXHv2OIKOlrSdSPn3NQBX+q/8M793/1 +BonAR8lxMOdS2IvN9WVRY4S4OQKBgQC/B3tkLhIi7y8XLZ459Nehg06qm2GAXgse +Nb9vCXqvf9WHdZ1b0hjS8h2CK+BJ1Wn9QpbfLHET8pz8fBPyfJsXC+sD9JxhJ9tU +GU6rlXitrzF4WD4Slyk3mSpO+yqN4ZQGlhqJhW+kGqIDAyV3FncDYDCeSx6O/Qqm +44WRCWeDhQKBgQDfw7QTXTbEiHXiZBzkf821IcrCEZjhifW++DNUScwZ4kNAnnke +knZmwQsn+bCBekICaadOvRmNUvFOCutWl3g6IB4AGgMIRWykSEoBpaTSxr8aEDCc ++iP6caxxaEiFe4BCRUAY9mFRI7+LGcfJ6Oc29bQtto3/ssr89e5z2uYmmQKBgCqH +wOoR88nBVMulRWgD4go8kMQdKf0JcxI7xy4yfxUZsfGhtvIdeZdlfjpgCGSH1jwj +mjF/1IErb9YqzcocAe+EoMNVr4dV91fm9oPvGFoa+jmf89nxu6R8PlYtR1ElWu6I +dsoNYki4AUAIcEvuPXsL7GchtGEDZ162oyMiY+B9AoGAaOBoT/BWxMO1eDG/wTWj +gG3151f4bb5HEBV7s0xhHdhdnTexJTrAZBLkDpWJmj7d8zlvF1CxeJe8nhHFWbr0 +Zp8Resp6crar6P0aCvJz9e1ynmFMMClgdACoEr+MflImVawGnJ82EgsMk1u+6LQb +esBeRYGyOG5ccB0gLfkEKZg= -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID5zCCAs+gAwIBAgIUeclhc3eoIxhcNOU4obPCurzh2rkwDQYJKoZIhvcNAQEL +MIID5zCCAs+gAwIBAgIUbEVC5hWQQpWYIXOynGd8Ku7ioaQwDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTgwNjEwWhcN -NDYwNTMwMTgwNjEwWjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTg1MjM1WhcN +NDYwNTMwMTg1MjM1WjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV BAsMB0RyaXZlcnMxHjAcBgNVBAMMFXdyb25naG9zdC5leGFtcGxlLmNvbTCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKtjvk3IwuEslJVvlXLzBTmNX9bE -uPQfD/5h90MdlQlxgGq+GlPrA1p4X4h2q8iKPBKYduq85dp9efKGTV6vwWrCLvvI -uFwBjZ0GqH/xFQrIbxyqyHwW8S82JUuDsib92OlSMqlXaJB9iP8HBdEZ1KWgHDd0 -w9Tbtc4ga2FhTRMqpj/qeGf/mmLfPQb/W3GFosBX/s+xhHrDFkd3uQNiLXS1YZGX -U+oNCtOj3PUlc1PkF1rVgJXdg7+3cVQFPeRdtgiYoqAArsrshFWm2ZLvDlAnIAY5 -m60/wjf8JWENavXPGbx4W15Dy4+T4KBkm2+7HFIiEwG9E2AeIpBgfu730fMCAwEA -AaNkMGIwHQYDVR0OBBYEFLmrT18i2YXmBZ9Reax2+ICrlb4bMB8GA1UdIwQYMBaA -FAyrGYdlc3lY1CvPiPeUn/U/DOodMCAGA1UdEQQZMBeCFXdyb25naG9zdC5leGFt -cGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEARxNAnJVW20EqXPMFaghwX5dKw+ss -1cG74XxecBo3AM7Y2G4o5aiS5DwpSarokw2nLlpgT9PGbvtSxcB5qFG5eArqKEx8 -x7ECw4V56lXJEAUprkS8AioTGpMJJUVJ+nNx0aztWZWfp9D4txU04eqQ373bL51S -ixJS4ruSk1O5sMEMU1Uh4LB8dkKhvNiqjZVm54QMBtYY85CfdsHDDCeukiScZco9 -nZ/KsprgKal1PJ+vls8XiVZVct1cFU+XEAs90U17p2w0zLu/7IkrJPLNH9ueRX2U -GNI6gmwB9XMVqBn3vnYoutsZl78JIN6xI5ifNPJoI05YhlWJ9V8ZsRV0qA== +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALrNOiL5AhYhbbjFNJrpkdTL6vvV +v7oNGm/3aET3+9M3BZdIVirwsTWDzxQTVpqY/UH3rAOT/jf24NL2e/lj8TXp+eS6 +S3MMWdaCk+vHVXv1cLSWRAZdq2Jf1OrWT4LOw+RMiE3mUPsKq/wN18x1KTqL4ITH +WZU/1cx9Z5ce4C+/0LY4DLLt0LW8uLlDYxZDX1xTrSZYou3ktT24IHwVwrBWXMGL +FdLXT/24125stEwRq/qzKcAuIVDrL02HRPczBbQehvKcN996x7XISGjLZOCN28w7 +KhL2etgeU1shmXFq93YfxdHtcDa6ysX8Ig/oUKkgJqVLigp91gHzXr4n4J0CAwEA +AaNkMGIwHQYDVR0OBBYEFKvLZ/h0emSijTtXoVcPBibT/IQOMB8GA1UdIwQYMBaA +FA+r8H4sLl9BSYmez+zQ/3AVgq5dMCAGA1UdEQQZMBeCFXdyb25naG9zdC5leGFt +cGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAmz0paStjdFmdOOZMFykfwYY4BwOA +dfO5Lnqqoq3TH9mCoca9kNH4bQBhIzPW9aDnaKf2UuABFTcmxR0FL+Vg04+15sYu +hln/wcTDnFe8MZQGB34zaXIYD5L2NJYXuuHqiodC+Ggh20TGGMSXZpfJotJJF8PD +P5B8eQUdH7lR8UTPkxZQfze9u/uyLZkJoQEbLUwM+vw2eecfqOl5jqnTyUhpq8fY +QFmSboi7UZt8ZNdhzEKqaKloDqfo4Ba2hUZDW2Q6eAs8SgNeAZj2Q9LyEkIRoMLX +/g1tY5+oTuwbtVi55+MC5336sA2AmaTyf9dvgyYB1yIzA+KMJiSGc0rKLg== -----END CERTIFICATE----- From 2af05ecc40b79b3e935e73fa178e09888b2c2c68 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Thu, 4 Jun 2026 19:34:58 -0500 Subject: [PATCH 08/10] PYTHON-5040 Fix CSFLE TLS certs and configure-env for Python 3.13 - configure-env.sh: clone blink1073/allow-cert-folder-override branch of drivers-evergreen-tools which adds CSFLE_TLS_WRONG_HOST_FILE and CSFLE_TLS_EXPIRED_FILE support for overriding hardcoded cert paths - setup_tests.py: set all five CSFLE_TLS_* env vars before setup-secrets.sh runs so they flow through csfle/setup_secrets.py into secrets-export.sh; load_config_from_file persists them for the test runner - Regenerate test/certificates/ with: root CA without AKI (avoids macOS CSSMERR_TP_CERT_SUSPENDED), CN-first client subject (fixes x509 auth username), server cert revoked in CRL (fixes tlsCRLFile test), and wrong-host.pem/expired.pem for KMS TLS error tests --- .evergreen/scripts/configure-env.sh | 4 +- .evergreen/scripts/setup_tests.py | 19 ++- test/certificates/ca.pem | 33 +++-- test/certificates/client.pem | 86 ++++++------- test/certificates/crl.pem | 16 +-- test/certificates/expired.pem | 82 ++++++------ test/certificates/gen-certs.sh | 6 +- test/certificates/password_protected.pem | 90 ++++++------- test/certificates/server.pem | 156 +++++++++++------------ test/certificates/trusted-ca.pem | 33 +++-- test/certificates/wrong-host.pem | 86 ++++++------- 11 files changed, 307 insertions(+), 304 deletions(-) diff --git a/.evergreen/scripts/configure-env.sh b/.evergreen/scripts/configure-env.sh index 8dc328aab3..ae5da8c7e9 100755 --- a/.evergreen/scripts/configure-env.sh +++ b/.evergreen/scripts/configure-env.sh @@ -74,8 +74,8 @@ EOT # Write the .env file for drivers-tools. rm -rf $DRIVERS_TOOLS -BRANCH=master -ORG=mongodb-labs +BRANCH=allow-cert-folder-override +ORG=blink1073 git clone --branch $BRANCH https://github.com/$ORG/drivers-evergreen-tools.git $DRIVERS_TOOLS cat < ${DRIVERS_TOOLS}/.env diff --git a/.evergreen/scripts/setup_tests.py b/.evergreen/scripts/setup_tests.py index 29d3c3a78b..1765f03c38 100644 --- a/.evergreen/scripts/setup_tests.py +++ b/.evergreen/scripts/setup_tests.py @@ -380,15 +380,22 @@ def handle_test_env() -> None: if not DRIVERS_TOOLS: raise RuntimeError("Missing DRIVERS_TOOLS") csfle_dir = Path(f"{DRIVERS_TOOLS}/.evergreen/csfle") - run_command(f"bash {csfle_dir.as_posix()}/setup-secrets.sh", cwd=csfle_dir) - load_config_from_file(csfle_dir / "secrets-export.sh") - # Override CSFLE TLS cert paths with our AKI-enabled test/certificates/ - # so mock servers use certs that Python 3.13 TLS validation accepts. + # Set CSFLE TLS cert paths to our AKI-enabled test/certificates/ before + # setup-secrets.sh runs. setup-secrets.sh uses ${VAR:-default} so + # pre-setting these vars causes them to flow into secrets-export.sh via + # csfle/setup_secrets.py (which reads os.environ for these keys). + # load_config_from_file then persists all vars from that file for the + # test runner, so no separate write_env calls are needed. certs = ROOT / "test/certificates" - write_env("CSFLE_TLS_CA_FILE", certs / "ca.pem") - write_env("CSFLE_TLS_CERT_FILE", certs / "server.pem") + os.environ["CSFLE_TLS_CA_FILE"] = str(certs / "ca.pem") + os.environ["CSFLE_TLS_CERT_FILE"] = str(certs / "server.pem") + os.environ["CSFLE_TLS_CLIENT_CERT_FILE"] = str(certs / "client.pem") + os.environ["CSFLE_TLS_WRONG_HOST_FILE"] = str(certs / "wrong-host.pem") + os.environ["CSFLE_TLS_EXPIRED_FILE"] = str(certs / "expired.pem") + run_command(f"bash {csfle_dir.as_posix()}/setup-secrets.sh", cwd=csfle_dir) + load_config_from_file(csfle_dir / "secrets-export.sh") run_command(f"bash {csfle_dir.as_posix()}/start-servers.sh") if sub_test_name == "pyopenssl": diff --git a/test/certificates/ca.pem b/test/certificates/ca.pem index f869356c03..978edcddea 100644 --- a/test/certificates/ca.pem +++ b/test/certificates/ca.pem @@ -1,23 +1,22 @@ -----BEGIN CERTIFICATE----- -MIID0zCCArugAwIBAgIUJseWjXTSpvUEw4c7Gmv15xTidHEwDQYJKoZIhvcNAQEL +MIIDsjCCApqgAwIBAgIULKg2PII+nqQgPEEysgWStNhMZ+UwDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTg1MjM1WhcN -NDYwNTMwMTg1MjM1WjB5MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTk0OTMyWhcN +NDYwNTMwMTk0OTMyWjB5MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV BAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMgVGVzdGluZyBDQTCCASIwDQYJ -KoZIhvcNAQEBBQADggEPADCCAQoCggEBANyGgty8WHa3MAPAhzIFntWTRMx0CgRQ -rAlRwxgA5fmGvB2HQDdXpLmo3g74jt0p4OB+tOC0resv0WAsCSTMkz5suZRrfHk+ -Md1VdxHFl7LpVNtP5XZKIkIwnRB0R6yBPGg9McV5/f3CnYZcMrXtvGsMJF7jWLzf -17k/lHmsUUmFpmLSI0Zir8nRdgAlKSQLeApYudBnPNhCGUJxRtEkVe0EZkH0H2xl -+K6A3Lu8KHRuA0KLKV4rgrMAuFa4TQJjeeZ1LoSouBHslsOxbaQ5f9fqUCO6gjRU -JndsBiDyajI9HWbeKAxJb07lHg/5Zp4VovvosA1rwSQTdfoM7qvEZPUCAwEAAaNT -MFEwHQYDVR0OBBYEFA+r8H4sLl9BSYmez+zQ/3AVgq5dMB8GA1UdIwQYMBaAFA+r -8H4sLl9BSYmez+zQ/3AVgq5dMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL -BQADggEBAHQcCgoZeIcZkk8iEL0cwyeXV/lVrlz0NSoLURJbRwyd18p6xVCMQcg7 -xLk3iljcGSWx9QTrgdpfopLuOvWITl9gfmjHJF5tdA2kEVLZ9nXDZkFKHHGDcM/c -9h/L9X8SgvFGkZOdRLJSXi0QUJgMNCDHyxf/InXntlUI2cXtyfxm8bk2Jsegkw1Y -6jOJbZk+xIm4Qwt3xyYKoQulqp7TWrn0/bcvFcK27P/o9f8Ay06JxwobxRwQAfoq -ZcLea7KGdnvVuYgYea0ZPNNNfeTlgRwTv3KhszMmp5YluA+Pb8idKYfmWYtvYl4f -nynC5NTSKRanQDdqcFUJJqnHNNQLVS8= +KoZIhvcNAQEBBQADggEPADCCAQoCggEBANRxGUwLE/UuYqbxZpRXtywLyHiRezn2 +uXatT/PcKtICvHMFINe4Co1414lnL2qrhGCxANpeIobzE0w3WSKgHweTISV8+RZp +H2x3EYBd15MbdDdYDhBYUuGIH5N2C3gDYbkcZBY2cK4RB/cruuZLHf1WSVFFUvK1 +V6hWs4w87c1H+QxU5RKvX7T0VNH1PmGp5xSbxwjkdVLb0o9YVN4nTE2FAGvuUp+n +zUrZjGMDEjFYELeFVpQGTgXgvw31EzeOMZvXAo4mWzH1V6z0hdZg0RDbAxT5CcAg +157qSLbQi9BC0/O6kcflqgYOWwrkqOsNs3ryx/8lbxtZtCtRC15ynu0CAwEAAaMy +MDAwHQYDVR0OBBYEFMtZaaZbjHw6O5vfyZtBE20tgGMhMA8GA1UdEwEB/wQFMAMB +Af8wDQYJKoZIhvcNAQELBQADggEBAFRTyRmtpoVEst3l2TeovA4BeCv7zdaI3EbS +vOwCqNdJ84biNlTjtRWrrIdFZOAHnseEvkxXxBewzuFL1tXiGFkwr43vXyf/MIVj +inzIK2mViPM8vIhOCQSpStgvUaTrvxK659VoLC85SzcCDhUzT0MqXeYjw4sHsTvj +f6GLg2oLuPCcxkfbk+cGIkL/3Dc7Aaq1mqhlXmqueGtIgNf+TgqOyeUfBQ9EEuQX +IZyQZ4PlMPWZ54YBa97fmW2+5EhY1WQ7SJ8abpjA2tkCvPcjaubUCjsASb1OusQS +UPwefW3YA87ivSK5Z/D9HVzvNQcPkr9a2ennS94t69hgDdo65sc= -----END CERTIFICATE----- diff --git a/test/certificates/client.pem b/test/certificates/client.pem index 39f95c3a60..0dd0fb129d 100644 --- a/test/certificates/client.pem +++ b/test/certificates/client.pem @@ -1,51 +1,51 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCzQSIoBRUpj6re -P01yUUr6Qa+na6/WkmHuxMe+8blLykrK0cr8csjrM3dFovhCqBTGY3sfxWMn6/Iw -l3dHyG1RcVv//Vj+2elEg0Pt1DYXpWodMZm8XdlkkIH5CAKIVMY/kMpgnyhnDZkT -oLx9xrRtDf10Gp7J5f37Y0OIXGY60MZL66OfHXBgISKsyR5HVa0ysKn6MrlK6Eeu -AUdoMUMcNTdFnI/04NRJ8qQ+7nGQgxwt/iVvUCzpqkq0ZMDq5TD7rwdIivB1SCHK -yYbdTgtIxWQldLMNqzMwIpqIpYmfcKbaGCDO8m5ZQg40CKpd8LROJVMWUX+sWagi -ymVxTsuLAgMBAAECggEAPmpB/eRTK48KRGuPSGxU6pGfm3CMH+8FaZGcKXjad7De -3QMypjdDjV30vEsUHYWQAkoWT4g3z+lAgbnjvxtjMRYDHj31VHvE1OXN68xV72LZ -8YNZT/TvoqwMjY1D8HtwMib0yLLyavuZnvN7XmInZceWxmwUeSF7j6JPG/ZsZDLC -n/ypgxaBv1lrWZaPI0zQAtLrfjk9CMai2vwsvPTw7S9sbkRNfgXOfXtxz+Ngg1Jg -Tppa5GbULytdmxYmEL3zthnmQuJmFTvh8Sp9we80jyq035StvZue7RxeXm6QFF/o -+G9A0KXqfsgG9WuklWSXvXhHBLxIk7GUb3TIh4vWQQKBgQDu4hHcqRfTNwKrADxJ -pkKK/yM4XidkuCn1N/8VIXXpxavQPbshP6e+kyiDlFqgBdEXzKsKJF3T+sRoYaic -NpEVwNf08yAOTnORfKY6r2hEAdf0y4yB2Qv8GT1m9iq2LQSK43G2BlCsh2n+KTZk -/RKm6xs86VBL7qkQRpMfvUOvSwKBgQDAGUVRSDJx3VHLnb4k+6z687btGGYBo/Y+ -p0TAy1lZ7mLWcHfDQgXQ9VbCVQAyGkJrfUpcozMvARDUtzi5DCtEGpA2L0orstIJ -nZw9PLNldYDsfuTLhhBjBLT05ZTXa0PZDXi3Qtw0KWu3sRbZeRvJO+MAZ/zw8kkv -ej4VAXxswQKBgQDtdEkfF/J34PHE+0nyR9NTiYQADw+Hfc0vVUc5QPaNtxEvwX0W -8siSloMqMDjZYo7S4n6OaVHfWiEMRS8ugMs9XWENuvL9ZZxZXRd7tEqnd1Gsovz7 -Qb45DPnNNBuG1T7ztFye/K4KodyJaXwJbMqyo3eC18UahZUGebDbVu5F+wKBgBX6 -Ti3wfqT8V0FeeMSubqn/fCxAIFuLsL6WUI1mNoDNf01dbLZQNW4kw5pUM0OIMZUu -rnVOzqpQCubrV3gEZmbSSzGH04qQWOt0ts1ixnuTJ/7mvbJzUiih/zoNkivbP9Xz -bp447gyhuIs5nY2gB4fMbDo9q3i9n5Xo/HVWyC+BAoGAEqS3DpZLRLRjahMwiEd7 -ojsDa58sp1/q0MyrMuIQvKt6y0MrlGId/TTgr+uLp0PAHZiRcfj+MHYS3q4ftw3M -DKISS1HzC1EDRbrH4IUsJTbqHWTxOQnUWXmeNWuaf3k74H6rsL1er6mq+kG2bKTr -YzZCX2b+WKJ7kbvloaiFfuY= +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDtXBFcwtyqmqPK ++mBDuOxyURSuPSsVn+W2gHij2y145ArA821ivyCXKee/J98mElNXmGAAVpcnSksJ +FvFYz/SH8aHUB9JqczP05dHgCE5EQ6g6D5PF5oiaqac/2VHGqqEs/HRGyNhnROHk +ve0uHVHZUN3UGhTpzAHDRWN7/w5MWXNqRYETaZyI50osBJ+PSkAsgOl4PF1sqXWd +fKLpFkE1V/1Qa0ZsIp8YtXDF9EZp1P1NqoAAsijXIHI5mZefIn9osKeeIluf8/qS +caJRlQ54og/CmRqKK37RLrIV5droBav1OoDE2ANdq7PMVW+CGpUOB00LpNJ5hwrO +ZmCPccV5AgMBAAECggEAAlVUnV0UBsBQ6mKmNhw4BNKruZ/Dz+lbvHzMUs4JhyX0 +vhtWgLFAzIOesdgePzVQaOzIStCPGVWHYc4+LqGStZBoRxmRlbbOtLJaqxFh1ZV1 +rqZvDTO8NYsD6CKGhYWxYmwT54s7Z157uwAr9/dVUeXT3G0qNfcpsEX7GaGy/gih +OudyrWWE23l4EvLr05y/XxdpB7EVTg7XoHqU7auknSuAkqrfNU8w7ylqh8cJZwcM +hDdKeh6NfUc85ONpMU7FTeFlaPcN7Kjvz+hNgX+aGgty3vPzhwn4g5r+eweDFtS0 +JqfoFcj882YEP4EdQG2EU0BZ8s67I/HFN4WBhIZCJQKBgQD9W/+OfyMaGXMF4MEW +X+BxMg3g2cJQR/TG7FLly0boWEgoyUUk7ChPvuYTvfJNUXNEfkc7i4FF7eNNzTnp +VTKfEtxLf/4FsxAexxdJMe61mMnx/FBMYn6VyueNPT9rS1lwOYITclaQPHaDtSYI +wLvuEHktE4X9ViRn+gfsUTFnJQKBgQDv1WE72tQRY4DDrk7ZvKVR351nWWPmWDR1 +veUhpeC3zs9cdRdHeajz6rUpGUQpWV6f+BgwU80BkzgbVU4Qv18xPNDEevCfjPuD +PqQxRI/B0Z5VcbeT2JnqSSF1szOmnA9IZ8FFm/0I4XG6KlAuaaUVWaw+s5qILdn6 +oTgxRpXuxQKBgCvjuQSdX55Q1E0rXyeaGk5hpmfSMUgo/u1K2R13tmPfjziJjVHV +GzKdVkwLNqNQPdCas4pMI2vSxvKeX67dFHTcFo95r66bE2rRgGYsoTaSLkGePObO +lTErwisEdi0HE4pOXAs0XmyEHN+6DMmtYaDe967oV+jH+GyOsrqsYguFAoGAP4HX +T4wwn7IjhK2Bf7KubDG0cot/Ip20toDkTbao/MMssaTn1ytmC8DY29su62wY3G9L +qHBoVsRvFP3PwCuMv3MFLSII2Zbxet15iPpIvuAM9z83h1TR3PIkhBBB2xp0CY4/ +5Xja1iEshklyFfgvmKm4LJpOj0Tk9bL/OD0isqkCgYEA9+jDUU5U2v1gqk6OWiub +HBIpTUP2TL971gVlQrFe/mk+4+GX1vgeHe6xgIQedvombnK7FwyphWWp7+F2C1Ub +7uQN4RtFSft8kow9oF4qgdrWUmu8twi06a+uiKwhhNUSXGkprItR59XIXzQpoYK5 +446o5J4yiqZy/zk+ccgN0aE= -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID1DCCArygAwIBAgIUbEVC5hWQQpWYIXOynGd8Ku7ioaMwDQYJKoZIhvcNAQEL +MIID1DCCArygAwIBAgIUCbg8cGKRX0dJSw6VBWVTBPoft50wDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTg1MjM1WhcN -NDYwNTMwMTg1MjM1WjBpMQ8wDQYDVQQDDAZjbGllbnQxEDAOBgNVBAsMB0RyaXZl +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTk0OTMyWhcN +NDYwNTMwMTk0OTMyWjBpMQ8wDQYDVQQDDAZjbGllbnQxEDAOBgNVBAsMB0RyaXZl cnMxDDAKBgNVBAoMA01EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UE CAwITmV3IFlvcmsxCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEAs0EiKAUVKY+q3j9NclFK+kGvp2uv1pJh7sTHvvG5S8pKytHK/HLI -6zN3RaL4QqgUxmN7H8VjJ+vyMJd3R8htUXFb//1Y/tnpRIND7dQ2F6VqHTGZvF3Z -ZJCB+QgCiFTGP5DKYJ8oZw2ZE6C8fca0bQ39dBqeyeX9+2NDiFxmOtDGS+ujnx1w -YCEirMkeR1WtMrCp+jK5SuhHrgFHaDFDHDU3RZyP9ODUSfKkPu5xkIMcLf4lb1As -6apKtGTA6uUw+68HSIrwdUghysmG3U4LSMVkJXSzDaszMCKaiKWJn3Cm2hggzvJu -WUIONAiqXfC0TiVTFlF/rFmoIsplcU7LiwIDAQABo2QwYjAdBgNVHQ4EFgQUJD1X -OCILxquIzaglCZR5D4+tImcwHwYDVR0jBBgwFoAUD6vwfiwuX0FJiZ7P7ND/cBWC -rl0wCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB -CwUAA4IBAQBODxEA8m3nXiUu783IWcNGsF2Mzn9vOdL6reTxd3hSqxZfLZi8VfQu -51LY9l3luZ4G+wCK2lcXXtyqNPBRGj8pYLI/KmfYFRMxo+pMDvq8WbALfkvYFvg/ -ZV2VCKvcM4e7IGPe7vx9gTlxVblEGok6t1zzJxCt3TRxi5uUT2tawtkhuZsVaxS9 -rZ1vX/tX7wCnY5dL9/2WXyNwvvpqIM01+u3sSrW9TRHDxGhiXk7h9xlivpET9jvb -Xa4IOq29XGVnTyddAWr0YVZjh7rAaLYY4fy7qrTQijDcdEyj6OVTyk6BXz+7gRgG -Zf70TZTjQH3898e64aClBRa/4v9goUsU +MIIBCgKCAQEA7VwRXMLcqpqjyvpgQ7jsclEUrj0rFZ/ltoB4o9steOQKwPNtYr8g +lynnvyffJhJTV5hgAFaXJ0pLCRbxWM/0h/Gh1AfSanMz9OXR4AhOREOoOg+TxeaI +mqmnP9lRxqqhLPx0RsjYZ0Th5L3tLh1R2VDd1BoU6cwBw0Vje/8OTFlzakWBE2mc +iOdKLASfj0pALIDpeDxdbKl1nXyi6RZBNVf9UGtGbCKfGLVwxfRGadT9TaqAALIo +1yByOZmXnyJ/aLCnniJbn/P6knGiUZUOeKIPwpkaiit+0S6yFeXa6AWr9TqAxNgD +XauzzFVvghqVDgdNC6TSeYcKzmZgj3HFeQIDAQABo2QwYjAdBgNVHQ4EFgQUbgzD +I93lHfaMivTtylShgIGRCAcwHwYDVR0jBBgwFoAUy1lppluMfDo7m9/Jm0ETbS2A +YyEwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB +CwUAA4IBAQBNoP5tmkVAQT8+z6TugYjXn5cIGON8Lxpavku39iEr9lWtpfr8Wc30 +uYNzItqJ76sSRruuYVC7TNEldOl33OsW2qaLvjhH9FaGEq+tZszhN3bepAXCbIB8 +mc3jHZw1nUnMf1I26HW5U3HF/qu2sPWbGW4sj4NcTTJ9sJb+KlBRAcowAgLFo4yg +l5zAs1MFoiGa4slk920pU31eEt3zg+14wsxaUrpqTnOm/nZHJJPI0tp7IQsjRI3q +9FCycrgr+w3FnM5dgfggl0O9CBIg10cefRAIBzGE3esmUCjSOvYrvNVlV/yXnv5J +yUoJ6hJYPyB1GbcBwOpUCjnx5noUIKBv -----END CERTIFICATE----- diff --git a/test/certificates/crl.pem b/test/certificates/crl.pem index b069630870..58e2eef08c 100644 --- a/test/certificates/crl.pem +++ b/test/certificates/crl.pem @@ -2,12 +2,12 @@ MIIB6DCB0QIBATANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzERMA8GA1UE CAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01v bmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMgVGVzdGlu -ZyBDQRcNMjYwNjA0MTg1MjM1WhcNNDYwNTMwMTg1MjM1WjAUMBICAQEXDTI2MDYw -NDE4NTIzNVqgDjAMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQDOyT3+ -ktzOkBQt3mjCyz7DnzFu+DVh8RH4q1/IvMFtMoLe+QOBb3YzGcdvvbyIIupmrOHV -JsWxkuReJuEYoJxV1B1QNNu1zgqHg1o+gCkFxAFawrPSHHNT7Fp+VDu3Fy7gUcLp -Us1FD+WvRIorJ2NpwLZV862tqvGV1LZ48TsoG0lnW5uOtJN8ivtz8q1H6ZWj1Td2 -PnZx0ojYKH5C6CUSAPjB/jEQv2CnLLu8zOjFVpe0OeJM05xmlY92c6yWe+Ugb7jS -a6kxnblSk0zM7mf+JmV6f52Bvy5bxsYPtnpFE9enV4J+iuVYCE3N4Y9gqTljoxpJ -zEKrPp6XaFLCVRtl +ZyBDQRcNMjYwNjA0MTk0OTMyWhcNNDYwNTMwMTk0OTMyWjAUMBICAQEXDTI2MDYw +NDE5NDkzMlqgDjAMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQCknpas +Y9CVnP8wAYp/zViQQizwRRD5JtqMCDj8QJTfZ6nTOaRHY3581ulnK8ux/jGeo1WO +QfT1UyS9/CB8PZ4SDpSF1oiKaz3OkEivDeHWvUDYjukHkn1L5Kc/RYEje7/VRRlr +Rouz736sCz+G2BQZSwMpyxEPlozZG4Me4UufCcnkpI0cYRDwKgyUxeP+6xmtWCAK +QG/KzlNgjZPr2jwqlyVxBBtyYweIsJVSEveQQRkjdJYdeyER+vZmCHQSu98VHk0I +SkbaN1CCi56/8uWy8PuZU3FkLweO0gp3XAwh7TXiqVt1SH2gefjyzvyYnsts5Buu +9XP8u5uRAafgdK+k -----END X509 CRL----- diff --git a/test/certificates/expired.pem b/test/certificates/expired.pem index 13ed4feca3..bee2a1a3a7 100644 --- a/test/certificates/expired.pem +++ b/test/certificates/expired.pem @@ -1,51 +1,51 @@ -----BEGIN PRIVATE KEY----- -MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCa26rANY8pf+t3 -U06CFjFEHTQ08O8opidSAnPMEGWLuiieIrSM/rMpxzIdk4sOlmj5CvBwvSGKiLhy -nPMGh03QZVfLOAdlspcglmmvLqnLMKGjXOKowqgBkwLRRXy66JTX1e06fXf6Nutw -KAYlGAU4PLTtkAASxbZiogCUeuCDrqtmHLxULzaRcPCUzdn/iiiLPrk9bBnUSfSq -8+0g8paCBAUHr4hV5s0SlCtG8d3b5JfRzyesTJllFbji29Ggeud7tsHVPuQfdZgk -pdL9pGeWG3AQWDC+UqKix+/puS1dnAXPFz+ZPZS06z317rDDb5pFMI35DWaGNcog -MR/0WWadAgMBAAECggEACbc3+IyzsXMa4xbpMUyypRce+CZYnuiDxYetW7N4p4JT -u44qXUE6nOeoO4ZO/miN5/gZez1GfjJTPi+eKL3y8hz1m+SlRCpnBG6jbVAEa6De -t0jj2Joz37tpPRd6uqBOfFcp5dZK4XoyHcyJDCk8ZJmccV4sPwFEDt6ioi4uaVyC -TiXbJooLMX1kiTlm4i9PE9aInKsp05DFz0e4oeOfKUBIFpvXWy4GAJTBAGZwl294 -h02Q2bF0ugKrlOh5lBd2bjloE/+k8zQwrILN8FKvPr9/DhO9fXWf1obmMQD3ETQF -jizxr0OTduMA4oDqagyNGtkM7pE4bGRcAFQN7VNfYQKBgQDVJBGT7AnDItx1evSU -kwr0IOhZ8GenpbVAjKAs7nh5D/gXbWyPUdfJQaCwXraVfDARWbnZiplZzvbzDs5Y -GzRbjQF0n2zOdrJfWicaRV7gDEVKshouBR23cpa9DF08Rx9zPPhdCxuQcljHCz8K -nmaHx1k4OlBbdbP/Q2EhQ6FavQKBgQC5/1o5zLNcBRbyQq4SOYJRJ7IxtqgNNk+C -Opdu+Kr0kFMKK+S+VXzI2VMja+Kfx6kyMqgjI+A0nXUzRw9b4WM3WvlVZ0XYh13a -iBB2D9lY8MjxhBwDHaA8yXKLDBtrd1PSi/zuN1NMGHRwIUEgQWW016RzW7QYBfOo -e6a/NSDpYQKBgQCwsyJPe9PsDq6uRq0Vr4HZOp7mUUPd3KcTSIJSPbFqzC5lXbYu -ay92Dg5lqV+9NiOzfqtxClJv/gEFKDUxHfyeGZwnTzQpRoZCPr9ELFancATSFC1Y -Ea29NCZ7vBBftKcCJn3QxTCo4+NtwIkXCJL/5ei1kMKl0ELVUMrphOP0EQKBgQCr -QyYYHJV2gLU9Qwq3ez60bWHWBsM8zyps1niD1PLNGGtt7TbFzz+ETSAReJCG4Ti5 -IQ3StYEH0YiOO7s3thQ+b0UwT1Rv6U0RIMJPg451J9lPEX8dm1TlQ/R1diN1U73a -G848prLLWaU1blliUvVMjFc/ZUwx5qESHTFP1KLGYQKBgQCzGcsFmd58po5CjjrY -sMvxab6U8FUmZVblCVb/KIepejwJRKbRYaiaqHrcD4m6bXVpRftLEDVPq1g+bvGV -1p070ta9y8Zk8BV/XfCv0HLELE7On//ThPhb7L3d2g0NWqhdOhZ1S4YBFiHYNlci -+XYSyDmJohYdvVxbG/YDqxBGbw== +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDaBkqdhO2NgX3L +rEVBEA83eTZVqxvJ58NWPMMRjjunUcxVl87gH0Y6idTQPabkgtcm7EqoTp+RHf7S +TQanflcrmpQfjkUo/eE1lQkLWBktIB/ZPk3g5fAGveEaHyJ46P7bmPYRKCRuzyIH +8WtEylVwzkL4fBigG1Ecf5OuHccnarcAWFgEdt34FVeuUkq8WsiaDrZU955yQ2LG +zZOY1OPaLR1G/ZYCLAPgjzjjW6ssgrmBjB8c282glw2f6Wz7V0VU8SWS8LRVwd/O +HDM6NGoGzmSAWNzPjPGwlfhrDkMvm6VfTN83XaWqiezER8a5KqvQ2/+eIojVB8Gs +odmX0pw/AgMBAAECggEAA3OVC9BWaGaT5L0J7aFA9GpdU1bdnkEmhP96QRVk2V3A +o9w+4KpuFLAo59EKCtUNbebQucBg4027wn2IrO8hlyWf0a4RZzg5r/z3gy/2WhIH +nwtO9U/+kETCQwUaKRrbKgPOZXAiv4RU8BZA0fp4BsylH8TrKOG104Mrhdaf1/5f +gUxJohXHk7wNYzUxpl/uOChVom+HkwNAmWGCcr5o9g2Wk5KzWLlNc3hx2TBfldQk +y6pZI1foO9HcVzLAL6uaNUVQSNPfUO9F7USoxLjn1EmJtG/+DMo+hEevQXI/uWkU +IKGhIeS34UpUmcKajCdwPMobgdbCZDPaNy7n0Ys4PQKBgQD3egpKImN3vnXnQT/I +P0KJXISCgX/amhbGbCbEo4piWu9rrUQQUSNhS1j9sYNMCbFY5ALwJbRsNALT58HE +WitSmwUhFzXqiIPryH6uULdWqdv8hkOmxCG6y9yVbPL2ca5tSzKloxDXZS1JOKYH +yHYngaxbnp/o6hTnVJiOuaDuIwKBgQDhiJOnZCIKboSjEYJSO5BEJ1G/qjh40qpM +/filsFw4l6giE8vNJLilWmNuPQR4v3IaN1jemh56iU0/AobO5RRKWk1Ydz/fcJEE +izUi2/93/P6+1oCsKq7e7BOv8gPRFROzxTQRei6DAs/F8bwSZofCT1kFWl7ptFt+ +a/4wO1TlNQKBgF1gVvGR+CX+X05aeE5+UAS0O+tiIXPCIEXOGPKpIlXqKdxfDAd8 +FfVoELPofrn6DkiT/+fM0j7hgQ+jqqEDxMTuaQkLUPSlfeFBTUtIeWThwneN0Yjj +CDcLJLfc2+/RBReIABwvYvNi4at3DG5zXOGbNAV93KhtamW+rbFsqSQxAoGBAIy5 +yNAw9eCmd1K88SFYkztDgYnjr9sMMEFcU5MnSVPypXGmAovdtu1OSi6WGj0x0AO1 +t1kmt4/kLnP7opxkalW+pPZnak6EkahRKHW46l43WclAVQeYlob4rYwiqekDisio +a0XghDcxQO4VWTHuEhXXpwdlDUYsSM7ImdIEo4NlAoGAVoWkYct7h2eN/1wPu7/4 +2ahtxY3MuYwgjwJjytuZu2xdcfckCVQpE84YHoUw9Ui3W9oKqPi9vyCMW7YI940s +07SOFharlJtysSZr8fzJ0sQ8Ub0UtScFcYMsRgrijwk8NadtDuzwOrL1UU33JYox +mn7V5iAY2l8wehayhwWihAA= -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID5zCCAs+gAwIBAgIUbEVC5hWQQpWYIXOynGd8Ku7ioaUwDQYJKoZIhvcNAQEL +MIID5zCCAs+gAwIBAgIUCbg8cGKRX0dJSw6VBWVTBPoft58wDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMDAwMTAxMDAwMDAwWhcN MDEwMTAxMDAwMDAwWjBwMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV BAsMB0RyaXZlcnMxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBAJrbqsA1jyl/63dTToIWMUQdNDTw7yimJ1ICc8wQZYu6 -KJ4itIz+synHMh2Tiw6WaPkK8HC9IYqIuHKc8waHTdBlV8s4B2WylyCWaa8uqcsw -oaNc4qjCqAGTAtFFfLrolNfV7Tp9d/o263AoBiUYBTg8tO2QABLFtmKiAJR64IOu -q2YcvFQvNpFw8JTN2f+KKIs+uT1sGdRJ9Krz7SDyloIEBQeviFXmzRKUK0bx3dvk -l9HPJ6xMmWUVuOLb0aB653u2wdU+5B91mCSl0v2kZ5YbcBBYML5SoqLH7+m5LV2c -Bc8XP5k9lLTrPfXusMNvmkUwjfkNZoY1yiAxH/RZZp0CAwEAAaNwMG4wHQYDVR0O -BBYEFO8aTHYYTacj20OYic5ESjQNkMKHMB8GA1UdIwQYMBaAFA+r8H4sLl9BSYme -z+zQ/3AVgq5dMCwGA1UdEQQlMCOCCWxvY2FsaG9zdIcEfwAAAYcQAAAAAAAAAAAA -AAAAAAAAATANBgkqhkiG9w0BAQsFAAOCAQEAK7YzbtbkzBrjabmpuScvD6HNPwms -j7S0+eSb1uGyW5OtaH42lXICu4L9AGyIk2cdiY3dEzvvKNYqg9+Q+7Zq7XBtBJNb -xkdw011KJF3npgkDQNJIzYu0hBAeKcbZEKGYomE1p4naWbP4Exrsguikc/YyDdRy -DxgNsze67QMbUSvEPoiwnKXkbJ1OdYaGQQF6OZEmH3ARjfPY/OBx8LYGMfeHiLJU -CF4Sw3Ux8KUP2p5gF+jZAwA0mtcZ5EqowNsQ83dQECkHoN1VR1/mVWe2n9vbP2IQ -DeE4qT6t28ZWVv/ex2Kkt+OVcwdKUgi2ijLPEXH1cwWAIN/iv4jqUwKilA== +BQADggEPADCCAQoCggEBANoGSp2E7Y2BfcusRUEQDzd5NlWrG8nnw1Y8wxGOO6dR +zFWXzuAfRjqJ1NA9puSC1ybsSqhOn5Ed/tJNBqd+VyualB+ORSj94TWVCQtYGS0g +H9k+TeDl8Aa94RofInjo/tuY9hEoJG7PIgfxa0TKVXDOQvh8GKAbURx/k64dxydq +twBYWAR23fgVV65SSrxayJoOtlT3nnJDYsbNk5jU49otHUb9lgIsA+CPOONbqyyC +uYGMHxzbzaCXDZ/pbPtXRVTxJZLwtFXB384cMzo0agbOZIBY3M+M8bCV+GsOQy+b +pV9M3zddpaqJ7MRHxrkqq9Db/54iiNUHwayh2ZfSnD8CAwEAAaNwMG4wHQYDVR0O +BBYEFLdAeJ64HzEM3Rb33XIvJhEAKMxfMB8GA1UdIwQYMBaAFMtZaaZbjHw6O5vf +yZtBE20tgGMhMCwGA1UdEQQlMCOCCWxvY2FsaG9zdIcEfwAAAYcQAAAAAAAAAAAA +AAAAAAAAATANBgkqhkiG9w0BAQsFAAOCAQEAQJhjzibpwtZOjNEA8XnEdlQWUEmz +BkkTxNOQkWeClcE/sokv2mIjfp7Yx340wJ7O/CbBNcDUxGksk763HQdTUMIt52Lz +QDjie+TjZYFzmfwFMyGlxHKp9PMoVbxbJN5yVLm4e0Rb7fh5qjap/8mofJCC5Tar +OXz9+vYnVCpAFQmnblptqDp20RqSChMZMWHuLIWDQs5NZszopj6Nr3nFtAQwC6r4 +bVIz/8ulUcOCi+pl1ffO06Pzcda3nyGu1b4j2iG+yKyyViaRuzjCEFEU3WO8YA4Q +sMmKN3HahbyTxcVUaFygPEy+F8erqRWcGoEd0ghNLoFKtI42jZXYATOmJQ== -----END CERTIFICATE----- diff --git a/test/certificates/gen-certs.sh b/test/certificates/gen-certs.sh index 750830b1b6..eb032c7e83 100755 --- a/test/certificates/gen-certs.sh +++ b/test/certificates/gen-certs.sh @@ -22,7 +22,6 @@ DAYS=7300 # ~20 years cat > "$TMPDIR/ext.cnf" << 'EOF' [ v3_ca ] subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid:always,issuer basicConstraints = critical, CA:TRUE [ v3_server ] @@ -214,7 +213,6 @@ echo "==> Generating Trusted Kernel Test CA..." cat > "$TMPDIR/trusted_ext.cnf" << 'EOF' [ v3_trusted_ca ] subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid:always,issuer basicConstraints = critical, CA:TRUE EOF @@ -231,8 +229,8 @@ echo " trusted-ca.pem written" # Verify # ---------------------------------------------------------------------------- echo "" -echo "==> Verifying AKI is present..." -for cert in ca.pem server.pem client.pem wrong-host.pem trusted-ca.pem; do +echo "==> Verifying AKI is present on leaf certs..." +for cert in server.pem client.pem wrong-host.pem; do result=$(openssl x509 -noout -text -in "$SCRIPT_DIR/$cert" 2>/dev/null | grep "Authority Key Identifier" | head -1) if [ -n "$result" ]; then echo " $cert: OK ($result)" diff --git a/test/certificates/password_protected.pem b/test/certificates/password_protected.pem index 6a8cc84126..78428612d3 100644 --- a/test/certificates/password_protected.pem +++ b/test/certificates/password_protected.pem @@ -1,53 +1,53 @@ -----BEGIN ENCRYPTED PRIVATE KEY----- -MIIFNTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQhpFDlDzmGd+fd50P -flL5XAICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEMKwzbN1ulJC12iH -g+fJQL0EggTQIo0Du/ojwelIuPvDdWdnpKKQBNpYp2y92a7ACy3Y+jpFS6PrlUrF -2w24xma7e5YmTCOG2x3hj+wYno95pJxVJdQ/MF4BjQs8EKOrTwVD6fcxLuNI/8kP -xUlGQFyhc0KgqvISgVEEOHxkNAlkc6/ieaYHlxq0X07oMNF5AUUdLpnqG1trPolP -5Nfn1HxeSXvF+y2LlBKgcY6+ZLc3wdWGjo8nGDA2XdZUzcqQyFKXqragpHRTlIE0 -8mMv1nlu23x9S8nST63kM3GJ4iX8lVY8m6rBKNhuWUs+xbY+Mho8oH0t5h7Db1Pt -zu+SDFKp2Frtxe7uh0lVN1/m84gD8hBYAIm28aI5QhHEW2XKem/H8U/NLWXDwS8L -sy1jViqwKU5Cd1aDdxi2TMIDUanWaJwWZErUUQ/MaVxQGb3hts8ak8VM2jLNscvw -SadbKyiQGWhpze8OQX+eduOXADrRFFzhxRadCflKxh92AgfIP2LY0P8xKI49dSer -9LLDS7Rewu/S7TJPIUr94smL5qKfOWgYa2rx5heri07T6pniaL1R/Wgt7QsVTbey -+Omql0D3Do69RGEPTMjUFzniR0d/FqQRSl3ofntbDPJz4ydSMRDRt7FMTre6IykA -DRQfJ+/hdcZ4lVLY+5TmO4B2XUlufjX9W7NyYTPdiQoPWb4FHTK9V1J3qz0juv9d -6TvQuVDYkbI9beWiI24O6A0q8KbOh/tgABit8hTKItRxzPL6ZCne5g0wPH/0pGfD -tLO4xvWcEqx16CI3MpQggKyLOZADhgrXv+75ud66WkX8YP7ifYeeoXbcnUUVkt+R -r9SRLHs/2RjzO7IqwSTxow7QxrpbhuO0vQIfeiePeQysvgJBkyLNVewG3tmLRKrx -sIEG5XMqQ3hsF+UduzdWafzIdYUBG0chJts6dTrrWWtjGcWI0fq4p7VOA/juxJ1o -7iA7bWvKO/gb1UIK1B/3/I978YWH5p7rqkxoP2BIfBfvGsnBbNgegoVx/MrMPjHQ -nltvtlKycUCN8Hs7GU/1atygGBOoAamePJTkd2dHbwUhiU4Gp6BRw6OQO1fJEqG6 -xrw2vKwcRjsTqc1uciGNgRApRqAbe4JnBdq0PtXiwt0isEsLeG5QUdcayOAI7OPe -x0TH9u5LMHM/XDfk4dxMqopVcYzPr2Gn1FW+G+WD/KzbfGVS1XeeMHzBDl7R1IJA -3elGHWhDjRHp+eXWdjj/wc+iWaGsDKRi02d3AMeTBlEH/33DcRQsz+xNNUxUG0SX -KfXyjnrgtVLBBpQrLCTEZM7MSH5yrw62Q7nZrmS+jo8wJ3HNCTolunGGtQD+7T9E -xILMm3KMGmq/h3K2Jx7NuI7rE4ePrV/3kBHdDEpfzm2J33mKZjkI+tiWGfFSs8Iu -f2+6CQ+YdBBlJDd1KYvq8luASpEDVMhH97i5HinJr8alZuzJPeGYiE9rzoMtHh/R -l8D7xqY9xheyCtO9vTx+WfuMhQS72h1WLNcEYuziK5SlmXM9joXekd3LW5k8T/y6 -vfpzY7Z3UGSq03wL2IOthf7BNiVDze+cfNDjzWr4ps1R2GrAvP7OtF6WsHlphYCp -sAawhTx3ZaU0pNOk0IVQ3FNTCENq3Fn8sQkPMyWmOhtGvgCjD3mhdIs= +MIIFNTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQUjmGvGnDzF1d2KML +USvuYgICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEPxe/Opf8jx4H30l +gtFoWwMEggTQVO1+vF+10xVzKQAnX7xtXdNxhpTY0x8QFrx8fniQ2Blf2AmEM4V6 +tknYDhNnb0RY2TQ452cPb1OhYhLtMoGT4ZEkhhm+as+5V90MaJqSiLfDi7hvbOiX +d65kjNqJqS0rbtgFUMV9FtU4PP18Q0BscPNt4CP3fueqS6Zx/7VZEbEz5JqqvLmD ++MxszddisFCpcJvi2V2YW3MsB3Zrj6K2dGpqUFpPiTouDTOKxi7vuRf13F8BFnB0 +gLtgcwp4tbrk+LJYr0Iz4fMMNAYi+0t5eRWh97baQnEnbJaGx9oo2Ef+VwkpEJ9G +4aTrtIh0/LJcrG5SuPRu3FOrArEQItTxiNoHxQsvCvPO/vYTNZA5DAXYisaEGrZB +MMvz8U1tGtiNCJEjoURGOmNPJswTR9DDBu7cXA42vUcFbXZEyJB3pcw3mDu0X9+a +POkD3oXespiPpMfS1Y3WVnrR7DcBZ9DBWdNZ0BSB1kZBrhRUQaXPJ+22IacqtGAk +y/HtovMEw/CeQAdEucG8iIPAGPr8VPY1p7Bz+D+TYFhGlyDhNd7vVHRqtVXXDlQj +eqSwf5n/Gh/f7Q2h1vbzzVHuZ4UoZDP0ZszzGfSA1y8aHLFKHoTrUmvfLGrENh2V +LjcjQLYxnL48qVkClr0tME2fv7P9cPqtIEEXvmzFXT61QrZFiYHCk5HPKoFsBSQl +c7LsuM5X9D7xdV2BrEFXN2awH6z8MgoqdreILm70Ze1pTBM+NzGktMFABcxAXzaQ +llt4oGs8lmGPuQjCnvxPXiLRxj+fLU2YzpzSC2AYEKQ3KRrxYUXGu42oLiIUjK8f +BUsOGnYYGkHCT69WBbgtwl8iC0LDcBObMFFv1IQN4gh7TIZF9bvkCp0S8PNqaT/W +i56cZHVtu86bCBUeNz5SLGnCwGuuvQL53c5fgQuzK9OhxVgNFAsk1YeYcMOFJXvK +oTDqTiQ91aOJPxt88QaxkD/45Vc/EivZ/niB84/32uyT/6ymSzIKtU4ZOBne+Jx9 +MQ1ETkTLG1Qug/gRdJJ+hKuzAOeME1mQ3XbqG8yHVZ6Zkobf95X23yqMq72Ohi4p +BJiE2T4I/F1Cw2hyPOszGV5tXyfcrT2Z7FhJNZReD+gtoYnEeuNNMINYNDagIUNS +PPkwg7JTNOXEHbkGvjoWiAtxnfxpCKU6Fm6kd00vD9Wc9v/QsIBEhrFyvLZk/ucX +I3XYajuoQE/wGphYPuzlOzBOjiQfgVV27CalXJwGHAI/KR8D5lKP0aRwlkLUyU1c +gMlotqKNAxnhr/Nbdj2eo9aCFAW6i8eZIlviW139RWZEp8gRiWcTWQAvV4NhtxxF +4QzopulPmoz4wtQRrlotG+5JW6JqX81+VF53EsiP4C1tnpyxY+MVynAUroeOQvNI +D9aZu3/zA2+ixkrahfoGVSoGTaIAgchRyaEfxfA4YzcdfQkR5dhEJf4u4h5wvUS6 +ZWOA6Ei/NgtjLJXCaQywtseq2KSTgK0R0IyC91mEvR31w1WsMaZxCG9JuJU+Nha2 +R5qIQeMwEOR/+siKxh4QXYK7r70QqFbOkVZDBsaULrMHv66IUceOAjXpuUe4NbV2 +UcDbYWletvU8tKhBdA8SttQib/F2ra5CZVHwrPZOklhTVPQ7qzSDeus= -----END ENCRYPTED PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID1DCCArygAwIBAgIUbEVC5hWQQpWYIXOynGd8Ku7ioaMwDQYJKoZIhvcNAQEL +MIID1DCCArygAwIBAgIUCbg8cGKRX0dJSw6VBWVTBPoft50wDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTg1MjM1WhcN -NDYwNTMwMTg1MjM1WjBpMQ8wDQYDVQQDDAZjbGllbnQxEDAOBgNVBAsMB0RyaXZl +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTk0OTMyWhcN +NDYwNTMwMTk0OTMyWjBpMQ8wDQYDVQQDDAZjbGllbnQxEDAOBgNVBAsMB0RyaXZl cnMxDDAKBgNVBAoMA01EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UE CAwITmV3IFlvcmsxCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEAs0EiKAUVKY+q3j9NclFK+kGvp2uv1pJh7sTHvvG5S8pKytHK/HLI -6zN3RaL4QqgUxmN7H8VjJ+vyMJd3R8htUXFb//1Y/tnpRIND7dQ2F6VqHTGZvF3Z -ZJCB+QgCiFTGP5DKYJ8oZw2ZE6C8fca0bQ39dBqeyeX9+2NDiFxmOtDGS+ujnx1w -YCEirMkeR1WtMrCp+jK5SuhHrgFHaDFDHDU3RZyP9ODUSfKkPu5xkIMcLf4lb1As -6apKtGTA6uUw+68HSIrwdUghysmG3U4LSMVkJXSzDaszMCKaiKWJn3Cm2hggzvJu -WUIONAiqXfC0TiVTFlF/rFmoIsplcU7LiwIDAQABo2QwYjAdBgNVHQ4EFgQUJD1X -OCILxquIzaglCZR5D4+tImcwHwYDVR0jBBgwFoAUD6vwfiwuX0FJiZ7P7ND/cBWC -rl0wCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB -CwUAA4IBAQBODxEA8m3nXiUu783IWcNGsF2Mzn9vOdL6reTxd3hSqxZfLZi8VfQu -51LY9l3luZ4G+wCK2lcXXtyqNPBRGj8pYLI/KmfYFRMxo+pMDvq8WbALfkvYFvg/ -ZV2VCKvcM4e7IGPe7vx9gTlxVblEGok6t1zzJxCt3TRxi5uUT2tawtkhuZsVaxS9 -rZ1vX/tX7wCnY5dL9/2WXyNwvvpqIM01+u3sSrW9TRHDxGhiXk7h9xlivpET9jvb -Xa4IOq29XGVnTyddAWr0YVZjh7rAaLYY4fy7qrTQijDcdEyj6OVTyk6BXz+7gRgG -Zf70TZTjQH3898e64aClBRa/4v9goUsU +MIIBCgKCAQEA7VwRXMLcqpqjyvpgQ7jsclEUrj0rFZ/ltoB4o9steOQKwPNtYr8g +lynnvyffJhJTV5hgAFaXJ0pLCRbxWM/0h/Gh1AfSanMz9OXR4AhOREOoOg+TxeaI +mqmnP9lRxqqhLPx0RsjYZ0Th5L3tLh1R2VDd1BoU6cwBw0Vje/8OTFlzakWBE2mc +iOdKLASfj0pALIDpeDxdbKl1nXyi6RZBNVf9UGtGbCKfGLVwxfRGadT9TaqAALIo +1yByOZmXnyJ/aLCnniJbn/P6knGiUZUOeKIPwpkaiit+0S6yFeXa6AWr9TqAxNgD +XauzzFVvghqVDgdNC6TSeYcKzmZgj3HFeQIDAQABo2QwYjAdBgNVHQ4EFgQUbgzD +I93lHfaMivTtylShgIGRCAcwHwYDVR0jBBgwFoAUy1lppluMfDo7m9/Jm0ETbS2A +YyEwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB +CwUAA4IBAQBNoP5tmkVAQT8+z6TugYjXn5cIGON8Lxpavku39iEr9lWtpfr8Wc30 +uYNzItqJ76sSRruuYVC7TNEldOl33OsW2qaLvjhH9FaGEq+tZszhN3bepAXCbIB8 +mc3jHZw1nUnMf1I26HW5U3HF/qu2sPWbGW4sj4NcTTJ9sJb+KlBRAcowAgLFo4yg +l5zAs1MFoiGa4slk920pU31eEt3zg+14wsxaUrpqTnOm/nZHJJPI0tp7IQsjRI3q +9FCycrgr+w3FnM5dgfggl0O9CBIg10cefRAIBzGE3esmUCjSOvYrvNVlV/yXnv5J +yUoJ6hJYPyB1GbcBwOpUCjnx5noUIKBv -----END CERTIFICATE----- diff --git a/test/certificates/server.pem b/test/certificates/server.pem index 7e8a487c50..5b8a3a424d 100644 --- a/test/certificates/server.pem +++ b/test/certificates/server.pem @@ -1,30 +1,30 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCu6DrrhOOu7gCe -MG9iQAlcQwVG6RoXz/8lz416skDb5uVvzVfSEfsg4YB5qNLqcs3Hlq2WcAOZY8mY -1jF59xeatiojmqse0kgMr+GOpUiMJ/vCY8uWcgv94L+kJD25Z+Vgmo0Ja/XeBrOv -kHoDQxw3yHrEsUhD2AeZogh2BL77lCLVUIIugPWUfwOHHqjEo47lEW6RsFN8TY5V -+nJQYfIHNRHeLizVklY+5o41QsYukVsB/thTnVbmM//V89tZMUMUhhfj2QOQ9vZP -WklKOmFLn3Mvoc4eR1RXBpYHxvAVweWOheDo+OIWOrIGyGBNX7hGFmRVQeUOUSVT -rQdYfOspAgMBAAECggEASxFJxG5vB9OHOV2BWJIyUkJDgAkolULEd5ZqWtgpZRfm -rgLcJ8Fm3lhaOxzdlRj7v6coTnI54ToGOo3ngzitDU4UrN5DhkFrAeL0tDO0/M5m -S6poJORCyE4PAiQ5x5rTRBBg6sPGrOmEchvYehDyCfEF2+hYoyGTNXlpFzn3O+LD -gy1hYW/U1k6uqSGsMIc5H76+00xWSTPgpI7UcDll42bRO7Tv91QU4MqEqJhAIJ/F -TayPp6xyGT02zHmeliYC7KuYB4f85r055Ahl+97LsKnZKsLCy7wtgEHAZs0WFfWG -nR0b92WdjLdu4fZuJlyE7Lp6dBdAniLYKOi4po8XnwKBgQDx3wtZkmBJcMf7snUT -uUUCJ7A/BtAa9AboxpRBuVIUprzU3Owk9jucjcflcAFyUX4RFTtnZWYbwZDrN53J -jGDzkfUV8Y6c/tOwkYIh7n9OU63k+FOcKecelcDV4k+SptniZtXS8ZJkBJsAEBiu -q4F7r0gQacWBnqaWOMZQvzlVMwKBgQC5H80GJPz6jlenEhuK6ado5OYvHBngpOhT -XH/xOb37nRHPTQHnuUtfv5G3GYRTXA385Bh31PHbikmx+cUOYB+txY6mBWKewaC3 -TVbSkAQNoFnp8+aqgeTY5yegxMzehdBEHXb8614Xo3XguRubuiKvkKLW8Eog5r2J -jQi2CCdGMwKBgQCWeTDSdOI6TlPcHtX/g0+PW6mmTFLDsfVqc8Bgcy7BckogE6FG -DXpgl0Q5VUlRGanYbuEaHlc8BVxnOZ6MeS0H21IiaLlUqqSAQMY43euNizmwLV22 -1crXmErzxWvDzNHYrClypp9wYf0cOOdiI4jWreGjdGpPjagN5Rxbt9uvSQKBgEIt -gBlmN5lKMUNkUbxC8rmoujC1FvsbeIH0Wzhcr/G2oJs+qCOyNaOw0+JkmM1D5yw0 -ThroYN1efiHFbBBLhIeWS/xFiI/AIDfmydbT7N8CJ6JesmLZtHlliOEL+UDDDUSM -U/DuIuDIamc/RQNScvvX9J5pn9ZLJg56AFcyavfJAoGACwAYmEjQyOLZw+PKlNqN -W3Pm8ticsTx0KDdmOZ2VbGbb/olxLhBk11KUiyZwosLjXsMG2k6j34t3Nh9Gqgwp -tBpIFd4ii/IM1PL7yXIEIHnXN6oBT+DAqTzziE7fJhYAEJWYAt43Mzlm/joJzxwN -o1aioRCmCQZCCbzfCmqW9Jo= +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCtbTLMvCR2XPs1 +J01nXbnpvcWwwBWQuWwbMZlqNvZPiAgQgjuRmzTlvB/MMgbTPb8mynE9HtnjW0Kq +HDqAXUvBstGSd67Pjd9WCTLcV+JJ7IufUp7SuaijGlVLgtDTNoJ2s4lUN5DWZyx5 +EL8uHH1fXaNurDglGC//F2shUhNlO8xpZXMaKahJZwmsU7aeA9xvrudGwkYQm8Vl ++Zrj24t4J4Oy+7TJEzVZ8lH3wZ9FkG/eiozURmL9uK8bG6DmhqztEKZFpy5LUBY/ +RL2Y1Mcxec0wHxSamRslx3dAcnCutR3A4bs8OoXIwoZoIEQDOFoge67q8sl5lyaZ +SpmsJEq/AgMBAAECggEAALAiN3W3n1CXHordX7+bcTXzhtP8Qeq6ZxE3TpiROZeM +kKQzoExBVXf9mE3KgSQJkhnTgS6SJrjB9vLNuJymJEqVUkNvShuB+1FmBkHDABAU +LbmiL6vU43DDTd1i/rOEqPvlW5Qs2uzl3EUYvRIX3Tz93P6J6nvCFPz+y88LjKdC +aCsA60Hd+cQQ9dJa2qZ5db4YkU2cwGFdMtLEsdGy7SKviOscaTWDFoy6LR+lgqRN +jGoUOSCSzfyXcsDl2Cu36jnQWj7d6tmhTPkdRMPXEvFj7+s0xmB6Z/I3kMFHBCJq +6dAJ2if07JOiPK+AgFAQiK0DndqyTV5FJD21jlmEIQKBgQDY68V7bktXS0nquPGZ +WKnBm/vyulH1PwpTFQHyPAzEUU0jjRaEKYHhTzZu0728HZi8Yw24X3BtcxSQVHeb +8Hz1JCpvVPp+G/jxa+qxwz0upBJPy8rfz7N4R0OjSxVKe/7zu+cl7gAyb0hyo3cf +3pFOGRw5LwlA6dv7U9eOrPGS5QKBgQDMq39juOEKdjIRRsPpFMhF77SefnobqBm8 +9mpZTs4LQNXG8BcUvS6S/xmyDocznFYJbBm9m2+gUCidc5edgkimHdfcTAccxXKQ +ihTimWxubXB4KhhyP9EsTC2ppcPGSO49fCosvqmCFflGp2EUkl9SMSv40UP2xk5b +/7BJ9EvY0wKBgGwMZH2q3pRIyDTGknETnNr3W3P4IsLJ99aSbDnAd4uCA65lpIWI +N02HK1Hg3m1JQL71h+wCffnGjMOnjzx5eYSR0yFJbsxKGqIGYwzQdzU4PHbKx+7b +gkWzGZnI2H4VbVTyj5xxBGAa1jdj/P4+2pnQICLLrwxKcGyrwn8q3dmRAoGAckKP +1LFC2R9RJjn2ZyoWAI0orY74RnZbIBYFGySWfMvOTMh+ajKPTLsjsjbQHez6TzpN +SH/9GmeFtRjyHJm+SxbACplbIyHLqouby0FRunhYYI1HpoigEvXYTCxhllHixuqJ +dP9gDGKODnalCOIKWw1eegMByUO+PTgKR88dhMcCgYA6LNAlqxBwO6dTPQFvGlqS +d67iKwyjbK06iyjvcNf2q4/jh8MC8au8gHDxXG+I5Gp3nMXncuG4GG5Ii/tKX3kt +/6B3b3tlFmdsAmI8xEpiHhDBDXINLRs+w7rkl5oNduHKkCWd9r9KduupJDvTo78h +9yuZwMwRFAIPx9P3YL1SeA== -----END PRIVATE KEY----- Certificate: Data: @@ -33,75 +33,75 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=New York, L=New York City, O=MongoDB, OU=Drivers, CN=Drivers Testing CA Validity - Not Before: Jun 4 18:52:35 2026 GMT - Not After : May 30 18:52:35 2046 GMT + Not Before: Jun 4 19:49:32 2026 GMT + Not After : May 30 19:49:32 2046 GMT Subject: C=US, ST=New York, O=MongoDB, OU=Drivers, CN=localhost Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:ae:e8:3a:eb:84:e3:ae:ee:00:9e:30:6f:62:40: - 09:5c:43:05:46:e9:1a:17:cf:ff:25:cf:8d:7a:b2: - 40:db:e6:e5:6f:cd:57:d2:11:fb:20:e1:80:79:a8: - d2:ea:72:cd:c7:96:ad:96:70:03:99:63:c9:98:d6: - 31:79:f7:17:9a:b6:2a:23:9a:ab:1e:d2:48:0c:af: - e1:8e:a5:48:8c:27:fb:c2:63:cb:96:72:0b:fd:e0: - bf:a4:24:3d:b9:67:e5:60:9a:8d:09:6b:f5:de:06: - b3:af:90:7a:03:43:1c:37:c8:7a:c4:b1:48:43:d8: - 07:99:a2:08:76:04:be:fb:94:22:d5:50:82:2e:80: - f5:94:7f:03:87:1e:a8:c4:a3:8e:e5:11:6e:91:b0: - 53:7c:4d:8e:55:fa:72:50:61:f2:07:35:11:de:2e: - 2c:d5:92:56:3e:e6:8e:35:42:c6:2e:91:5b:01:fe: - d8:53:9d:56:e6:33:ff:d5:f3:db:59:31:43:14:86: - 17:e3:d9:03:90:f6:f6:4f:5a:49:4a:3a:61:4b:9f: - 73:2f:a1:ce:1e:47:54:57:06:96:07:c6:f0:15:c1: - e5:8e:85:e0:e8:f8:e2:16:3a:b2:06:c8:60:4d:5f: - b8:46:16:64:55:41:e5:0e:51:25:53:ad:07:58:7c: - eb:29 + 00:ad:6d:32:cc:bc:24:76:5c:fb:35:27:4d:67:5d: + b9:e9:bd:c5:b0:c0:15:90:b9:6c:1b:31:99:6a:36: + f6:4f:88:08:10:82:3b:91:9b:34:e5:bc:1f:cc:32: + 06:d3:3d:bf:26:ca:71:3d:1e:d9:e3:5b:42:aa:1c: + 3a:80:5d:4b:c1:b2:d1:92:77:ae:cf:8d:df:56:09: + 32:dc:57:e2:49:ec:8b:9f:52:9e:d2:b9:a8:a3:1a: + 55:4b:82:d0:d3:36:82:76:b3:89:54:37:90:d6:67: + 2c:79:10:bf:2e:1c:7d:5f:5d:a3:6e:ac:38:25:18: + 2f:ff:17:6b:21:52:13:65:3b:cc:69:65:73:1a:29: + a8:49:67:09:ac:53:b6:9e:03:dc:6f:ae:e7:46:c2: + 46:10:9b:c5:65:f9:9a:e3:db:8b:78:27:83:b2:fb: + b4:c9:13:35:59:f2:51:f7:c1:9f:45:90:6f:de:8a: + 8c:d4:46:62:fd:b8:af:1b:1b:a0:e6:86:ac:ed:10: + a6:45:a7:2e:4b:50:16:3f:44:bd:98:d4:c7:31:79: + cd:30:1f:14:9a:99:1b:25:c7:77:40:72:70:ae:b5: + 1d:c0:e1:bb:3c:3a:85:c8:c2:86:68:20:44:03:38: + 5a:20:7b:ae:ea:f2:c9:79:97:26:99:4a:99:ac:24: + 4a:bf Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 3D:58:96:FA:DA:CE:50:8F:26:C1:85:AC:A6:4B:C7:7D:28:7C:27:5B + 99:CA:D6:55:64:61:E3:D9:76:00:D1:9B:A1:D7:49:17:8D:5B:6E:DA X509v3 Authority Key Identifier: - 0F:AB:F0:7E:2C:2E:5F:41:49:89:9E:CF:EC:D0:FF:70:15:82:AE:5D + CB:59:69:A6:5B:8C:7C:3A:3B:9B:DF:C9:9B:41:13:6D:2D:80:63:21 X509v3 Subject Alternative Name: DNS:localhost, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1 Signature Algorithm: sha256WithRSAEncryption Signature Value: - 65:75:d0:6a:e8:ea:58:55:ae:af:b5:fd:a3:86:d9:c6:a8:3b: - d0:3d:e8:fd:90:66:71:46:33:75:ee:47:73:85:25:88:8c:5c: - ff:74:db:95:2a:d4:16:18:0c:ac:5c:46:b7:32:bd:56:66:1e: - 22:48:a5:5f:c3:01:57:bc:f7:9a:49:a6:92:54:f1:85:9d:5f: - d5:49:18:9a:c3:36:1a:e6:a3:d3:06:18:fa:b8:0a:11:db:ff: - 91:35:42:7e:68:9c:16:31:f2:36:2c:a3:1e:61:36:d4:51:e0: - e0:f8:1a:a9:75:b9:3d:ae:07:5f:9b:8c:1d:5a:69:d4:38:21: - e3:75:93:6d:95:ac:2d:c6:02:7a:97:dd:e1:b5:62:3c:7f:b3: - 6a:e3:2a:c7:18:bb:30:7c:c6:b8:10:69:9e:3c:76:9e:f0:60: - ac:9b:4e:8b:18:1f:4b:89:34:f4:4f:46:3d:57:6a:7a:2f:1d: - 13:77:1d:87:ca:94:92:e0:9e:d8:93:e3:7c:95:15:6c:ce:d1: - 75:bc:dd:2f:9e:6c:dd:59:13:86:80:49:17:67:fe:77:75:51: - 18:6c:cd:70:9a:66:be:41:cc:c2:24:be:75:4a:95:78:67:cd: - 57:cf:d0:c2:0d:0e:ff:ac:f9:f6:37:a6:df:d3:d6:6d:e8:8e: - ae:df:1f:11 + be:88:47:6a:1f:07:13:1a:5a:5e:08:1a:1f:b4:9c:2b:21:7c: + 4d:6d:c2:8b:b0:af:50:7c:87:b7:23:13:3f:1d:ff:c1:f4:52: + a6:c1:93:d6:85:ee:8d:ed:93:4f:35:c5:87:fa:8f:23:dd:11: + d0:76:32:8a:15:ef:53:ce:cc:e4:89:bc:9a:23:5d:8c:81:b7: + 10:2a:e6:c1:39:d5:f8:88:39:66:93:e3:2f:7c:55:34:d1:c9: + 6e:71:77:30:b1:32:49:35:59:f9:d8:16:c8:ad:77:33:5f:18: + c5:75:3f:e5:8a:ed:5a:d3:8b:21:5c:68:66:fd:62:c3:e7:46: + cb:b4:a6:bf:fe:f8:77:68:8b:c9:c3:a6:7a:1b:af:ee:ce:b1: + 8f:49:8e:a3:a5:c5:a9:d7:68:dc:97:54:d6:f2:f0:59:00:41: + 66:1a:c2:7d:26:da:dd:96:fd:ba:98:da:a3:88:86:17:93:4b: + 4f:b1:65:2c:20:c0:ad:46:73:b8:88:54:2f:0f:39:bc:e9:c8: + d5:3b:69:33:43:75:a3:3b:20:46:e3:fc:f2:8c:0f:11:55:ae: + 02:ef:05:9e:59:bb:ad:e8:b9:cd:f9:7b:5a:5d:93:fa:46:f6: + e0:29:c2:95:7d:30:22:fb:56:53:4a:82:c3:7b:88:49:f0:a1: + a6:ae:c1:c0 -----BEGIN CERTIFICATE----- MIIDvDCCAqSgAwIBAgIBATANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER MA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNV BAoMB01vbmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMg -VGVzdGluZyBDQTAeFw0yNjA2MDQxODUyMzVaFw00NjA1MzAxODUyMzVaMFgxCzAJ +VGVzdGluZyBDQTAeFw0yNjA2MDQxOTQ5MzJaFw00NjA1MzAxOTQ5MzJaMFgxCzAJ BgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazEQMA4GA1UECgwHTW9uZ29EQjEQ MA4GA1UECwwHRHJpdmVyczESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG -9w0BAQEFAAOCAQ8AMIIBCgKCAQEArug664Tjru4AnjBvYkAJXEMFRukaF8//Jc+N -erJA2+blb81X0hH7IOGAeajS6nLNx5atlnADmWPJmNYxefcXmrYqI5qrHtJIDK/h -jqVIjCf7wmPLlnIL/eC/pCQ9uWflYJqNCWv13gazr5B6A0McN8h6xLFIQ9gHmaII -dgS++5Qi1VCCLoD1lH8Dhx6oxKOO5RFukbBTfE2OVfpyUGHyBzUR3i4s1ZJWPuaO -NULGLpFbAf7YU51W5jP/1fPbWTFDFIYX49kDkPb2T1pJSjphS59zL6HOHkdUVwaW -B8bwFcHljoXg6PjiFjqyBshgTV+4RhZkVUHlDlElU60HWHzrKQIDAQABo3AwbjAd -BgNVHQ4EFgQUPViW+trOUI8mwYWspkvHfSh8J1swHwYDVR0jBBgwFoAUD6vwfiwu -X0FJiZ7P7ND/cBWCrl0wLAYDVR0RBCUwI4IJbG9jYWxob3N0hwR/AAABhxAAAAAA -AAAAAAAAAAAAAAABMA0GCSqGSIb3DQEBCwUAA4IBAQBlddBq6OpYVa6vtf2jhtnG -qDvQPej9kGZxRjN17kdzhSWIjFz/dNuVKtQWGAysXEa3Mr1WZh4iSKVfwwFXvPea -SaaSVPGFnV/VSRiawzYa5qPTBhj6uAoR2/+RNUJ+aJwWMfI2LKMeYTbUUeDg+Bqp -dbk9rgdfm4wdWmnUOCHjdZNtlawtxgJ6l93htWI8f7Nq4yrHGLswfMa4EGmePHae -8GCsm06LGB9LiTT0T0Y9V2p6Lx0Tdx2HypSS4J7Yk+N8lRVsztF1vN0vnmzdWROG -gEkXZ/53dVEYbM1wmma+QczCJL51SpV4Z81Xz9DCDQ7/rPn2N6bf09Zt6I6u3x8R +9w0BAQEFAAOCAQ8AMIIBCgKCAQEArW0yzLwkdlz7NSdNZ1256b3FsMAVkLlsGzGZ +ajb2T4gIEII7kZs05bwfzDIG0z2/JspxPR7Z41tCqhw6gF1LwbLRkneuz43fVgky +3FfiSeyLn1Ke0rmooxpVS4LQ0zaCdrOJVDeQ1mcseRC/Lhx9X12jbqw4JRgv/xdr +IVITZTvMaWVzGimoSWcJrFO2ngPcb67nRsJGEJvFZfma49uLeCeDsvu0yRM1WfJR +98GfRZBv3oqM1EZi/bivGxug5oas7RCmRacuS1AWP0S9mNTHMXnNMB8UmpkbJcd3 +QHJwrrUdwOG7PDqFyMKGaCBEAzhaIHuu6vLJeZcmmUqZrCRKvwIDAQABo3AwbjAd +BgNVHQ4EFgQUmcrWVWRh49l2ANGboddJF41bbtowHwYDVR0jBBgwFoAUy1lppluM +fDo7m9/Jm0ETbS2AYyEwLAYDVR0RBCUwI4IJbG9jYWxob3N0hwR/AAABhxAAAAAA +AAAAAAAAAAAAAAABMA0GCSqGSIb3DQEBCwUAA4IBAQC+iEdqHwcTGlpeCBoftJwr +IXxNbcKLsK9QfIe3IxM/Hf/B9FKmwZPWhe6N7ZNPNcWH+o8j3RHQdjKKFe9Tzszk +ibyaI12MgbcQKubBOdX4iDlmk+MvfFU00clucXcwsTJJNVn52BbIrXczXxjFdT/l +iu1a04shXGhm/WLD50bLtKa//vh3aIvJw6Z6G6/uzrGPSY6jpcWp12jcl1TW8vBZ +AEFmGsJ9Jtrdlv26mNqjiIYXk0tPsWUsIMCtRnO4iFQvDzm86cjVO2kzQ3WjOyBG +4/zyjA8RVa4C7wWeWbut6LnN+XtaXZP6RvbgKcKVfTAi+1ZTSoLDe4hJ8KGmrsHA -----END CERTIFICATE----- diff --git a/test/certificates/trusted-ca.pem b/test/certificates/trusted-ca.pem index 0e6dbd0fe6..26504fb0a5 100644 --- a/test/certificates/trusted-ca.pem +++ b/test/certificates/trusted-ca.pem @@ -1,23 +1,22 @@ -----BEGIN CERTIFICATE----- -MIID2TCCAsGgAwIBAgIUcDB3/OfLfieyLQ5ZtrTHZZfXYu8wDQYJKoZIhvcNAQEL +MIIDuDCCAqCgAwIBAgIUXyhWrw0JtVLpIVRkT9Mo+GDBODEwDQYJKoZIhvcNAQEL BQAwfDELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMQ8wDQYDVQQLDAZLZXJuZWwx -HzAdBgNVBAMMFlRydXN0ZWQgS2VybmVsIFRlc3QgQ0EwHhcNMjYwNjA0MTg1MjM1 -WhcNNDYwNTMwMTg1MjM1WjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlv +HzAdBgNVBAMMFlRydXN0ZWQgS2VybmVsIFRlc3QgQ0EwHhcNMjYwNjA0MTk0OTMy +WhcNNDYwNTMwMTk0OTMyWjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlv cmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxDzAN BgNVBAsMBktlcm5lbDEfMB0GA1UEAwwWVHJ1c3RlZCBLZXJuZWwgVGVzdCBDQTCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMxM+57BJzd0yEdwHJcpDT08 -uIAUwXDtqz73n1VUnD4UoBVx2XvyCvofXT1qSTmD9zDG/KwQu7fcWba7maGMcRMr -nz3/fiDO846pPnxgpklCJ5FO46xtZH5pM0WWjIL6+ee4vIzmS1TIURHBjS1DHBah -q0bz/4I/sOo2hUoABwztOJcm8rKx/vAV/ItKjgUUh8GEFUQj87hY3JFaWclkVTse -gPe2uPOxlbZQ7b+GeQt9EX8svg98GVJwxzqYeIIiOcuJKuOwUxuu55LxE5l8mjXt -bKAs73v5Y/mBU8P5VamABrWDI+HCdd0Ku/IBGeQKsjZdAqKcxTt9p9NpYHiyu2cC -AwEAAaNTMFEwHQYDVR0OBBYEFHy2L5ZFBWL44NIxmD0dYC2Vf8UmMB8GA1UdIwQY -MBaAFHy2L5ZFBWL44NIxmD0dYC2Vf8UmMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI -hvcNAQELBQADggEBAHrAmym51AOPKXfq39qQ1m516SEQv/ZpAnN5HaGIXSBAne1e -sj3n4YOrvZ23UwkeiCGAOCHTzuRXk+Pd+7Ft8C9fOyrYai5R9NeygNJMtgLB3dhm -iPi6oY3XUBUjbP8VCFiRLuhTQjm65Nt9u9pAaPLrtkXKZlrwFfuIOIB1nJI6NBk8 -q94lJoo5XgMgA3RDmuq1u57nzCCUTi77BZkASTPEIQ4s+wYB4XYb12SSPN95Ns6V -863KZQRFBVqz6ZZoZ9OMZzX4paRi9MCbdIhoibhafjbF5je8wujVVqRsD4ALzwUo -Kyss990wYIZDMTes4dVQRRat/qayHbeCSC+wxu8= +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALuE20ZJaaGRLzvMaurcKaP3 +AfNEp4n/AY+YjJY4znnXsgmVNDAPA3scOrjeSxjpC/Hw2HoBf4B57Rhy9HE/9alB +RIR7kTG+y/RA5EI6gy7cG1TddP88J0eLkvikVkQhhf8s5mD2n7p7CYtYorCif+57 +yOJVv7dI0Dn0RQ592IFGPDaCIp7XNcrSjBmIahBLOKNHNUkBQ6q69EuWnFfzF9z8 +Rhhn5k+mF8DWcEOxagizWSMIDVuu590OT60GTq7qisK1X3gSb9d3ndZ9OZLNaD8R +gBnkLbpALZl/iRmFTgyfhHqNVufo+gjZhWPscqMgyW8HGDqxr6ZKjCbRHrF885cC +AwEAAaMyMDAwHQYDVR0OBBYEFCszYGV2OdFVVbUnc9BWShN6WtmgMA8GA1UdEwEB +/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAC8jiq+HfRS0fD8nPbzVTv8agIDi +fDFFWPGW3EVjQT/BCaOM2FyfLcpdP0JMsl9B55xlqc4TtOuJkQ4IR93LFcQ+jG+4 +XlnJH3bqMuEgmNfIye2vHFDTDGHflQxDPJ42uwQIYKIE0zPdqEKvobbQ+mIRM5FQ +z7J8QqIqCb9UaaMFxUzDK0m6WQ+OREuf/bIcZhXL/kUmP/eVhHMy8P+NMqWe6UHj +tCDOuzLi+9jch0EaBHwPiOdzvrQc6EcuPT5kzcdN5mwPXCJG+HkYDe5FnRHhJKm1 +wffFeAe6Givp89hMfBpZMO/4gYzaXWrN1b0QjNJmhjqJ5AFp4bM4YqKF73k= -----END CERTIFICATE----- diff --git a/test/certificates/wrong-host.pem b/test/certificates/wrong-host.pem index 028bc656a4..7fc84d88a7 100644 --- a/test/certificates/wrong-host.pem +++ b/test/certificates/wrong-host.pem @@ -1,51 +1,51 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC6zToi+QIWIW24 -xTSa6ZHUy+r71b+6DRpv92hE9/vTNwWXSFYq8LE1g88UE1aamP1B96wDk/439uDS -9nv5Y/E16fnkuktzDFnWgpPrx1V79XC0lkQGXatiX9Tq1k+CzsPkTIhN5lD7Cqv8 -DdfMdSk6i+CEx1mVP9XMfWeXHuAvv9C2OAyy7dC1vLi5Q2MWQ19cU60mWKLt5LU9 -uCB8FcKwVlzBixXS10/9uNdubLRMEav6synALiFQ6y9Nh0T3MwW0HobynDffese1 -yEhoy2TgjdvMOyoS9nrYHlNbIZlxavd2H8XR7XA2usrF/CIP6FCpICalS4oKfdYB -816+J+CdAgMBAAECggEAHzcfQWvZ+OfCJY+ywDZKu8QNsuKfpM/+vHob7vZ/muaF -ZSfd2lQZUMeDaafnn3L0Uzs3f+uRnjl/jVFKGz0juC4up5Wn+QQ12P4+CLbpJos3 -t72qhWPOuWQpOMryQ3oYywQs/NOBccnxPm/zwUNMze9E5/tGEYY2zHKiRmMO9Htv -/F8llJRVVZwDm0dn3UDTOTr3R7owfF+BoR2R8SPKe9PFP91AqPYxqsvff3iozKPw -uHHFS0EpWD1P/FnK+MjOUlpZhkWkZ5Zh2PeWYqk9mKuQOgMTUWfM/96dmzeIMlrA -dKFN2fkqgEkdUK/fPMWLzwbV9PwiZSDLICe+Wna8kQKBgQD6VakPDTYNOGWbTBwF -8j58kc0AVE1CFSyJ9hKXmdAuj0w/X2+IIygb5VD3v6zp4MCLwG64cVeQW2E7mojD -Dg2dfhjvr9Csh8EURs3lwIylf9pi7OSTEmXHv2OIKOlrSdSPn3NQBX+q/8M793/1 -BonAR8lxMOdS2IvN9WVRY4S4OQKBgQC/B3tkLhIi7y8XLZ459Nehg06qm2GAXgse -Nb9vCXqvf9WHdZ1b0hjS8h2CK+BJ1Wn9QpbfLHET8pz8fBPyfJsXC+sD9JxhJ9tU -GU6rlXitrzF4WD4Slyk3mSpO+yqN4ZQGlhqJhW+kGqIDAyV3FncDYDCeSx6O/Qqm -44WRCWeDhQKBgQDfw7QTXTbEiHXiZBzkf821IcrCEZjhifW++DNUScwZ4kNAnnke -knZmwQsn+bCBekICaadOvRmNUvFOCutWl3g6IB4AGgMIRWykSEoBpaTSxr8aEDCc -+iP6caxxaEiFe4BCRUAY9mFRI7+LGcfJ6Oc29bQtto3/ssr89e5z2uYmmQKBgCqH -wOoR88nBVMulRWgD4go8kMQdKf0JcxI7xy4yfxUZsfGhtvIdeZdlfjpgCGSH1jwj -mjF/1IErb9YqzcocAe+EoMNVr4dV91fm9oPvGFoa+jmf89nxu6R8PlYtR1ElWu6I -dsoNYki4AUAIcEvuPXsL7GchtGEDZ162oyMiY+B9AoGAaOBoT/BWxMO1eDG/wTWj -gG3151f4bb5HEBV7s0xhHdhdnTexJTrAZBLkDpWJmj7d8zlvF1CxeJe8nhHFWbr0 -Zp8Resp6crar6P0aCvJz9e1ynmFMMClgdACoEr+MflImVawGnJ82EgsMk1u+6LQb -esBeRYGyOG5ccB0gLfkEKZg= +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC4SiuBOhAIB2OX +z1dPaQ3vY6r86AAKrJbajbJcDQ0ST5+GRfpIKrABbqrlUu+hjPIKtQWrBtBcAsWG +CRYhWq335mo3ygiHefdlTxjWnAn14qU0liyK+u3j51/7nLTjgY93nYylS5rjz2jP +/HdqMKdz1fYQEbmRD7e6+6DrOzQvZZuCgqbveULJmThiTJ/qhUP58BNywPSsCXoZ +KW8LZZhu1VK6MbtACXSF6TNfORYHHs9YrXb6UFY3ENx7kSF4CXdFOeS4JzHn7G4k +Ws7Tv2T6KFqNwVD7NU6cWHsGz37IpbXDg3w3OKxP84+qrlMNkqRvDLZerzSuz++u +8RCCTmedAgMBAAECggEAEBFXbbL0Rt7uDgRj5maQcnjMJbTMnCGkHXYRQPlaVGhg +zkI3qicepWFSwR/UCM/TIp/Z2KmFbSBIvID6TvorBNwwEqEo0TcPHOQilEOSkr+q +C8W0KIHsT9ySf8uP8e4P5iv0YU0QOiCRUOEAQF/xmaXkCE6jUUR/jmv2Acxtplwd +afIGu543/a84ca+3MJVf/O/l8T0Ri5YUl2PwdL3DfrSrf4njuRuAQZtNNGgKC3mu +Fszx+L/SAEtDK0fwGdOkbiTCyX1zwz4YnXYUG2WpOnyEpJa3u/usuK09u3fm3/fL +M3JSwdWbNKFSg0X+BP9XtJ94HefCECLycJ0d+ZJEAQKBgQD0PP+/jvvc02Kmi/pH +5KjRO8kDxSnrz/fHuMqqUv3CYEqf8+EkmLG4rX1b4HtR98VBCGGWGxG1aUgu50Lz +li7q2gGVb7c/zufd5zwJcbCPc52ZPo3VFcKd/6KVi3Fqv4YGRaFs6/r8JP65tQW9 +m3TNFslRPKcGd3dpzI9y5Q/OHQKBgQDBKh4RgceyquQgtzjEblCMzb+1N1s7ucRz +I68mibY6wE9IC+AUDidgOFFfQkrIeOqOM9hu6KmVD3859xbrw8ITMY0IqdOejiMf ++/JYt18uaBZ8zU2iTiHsuJRGwrWEUN3z+8x0uBgY56PIOTKbOciveOqQWa6T1RgS +UG96XmvHgQKBgHV8JjXaLNNTp5+fs9wDZSWI0bALlpfFaVZcULjPxRtMQHli0glN +nifM5IFeoVOTkQIwaujOypzuMPfG7NDJjHYSOjLNE2QRPj3i7mFIm/rVTZkamxVG +K2DfSDERa5RC3tCDjBweA5Roo1NnfYRwlCXXcS2vtFSLARkWemZ1Qz4NAoGACLZp +nMiJxVlH6OHawaFoKLGvD/FrQApk/fyCDe7wNT4vVUST2tO4mvJvWSiYTuqFSdy0 +ymvcGkkUp/ypIAE4Y708a0Ods+0dUHgAulerB2DSgtaPxd5YUWER7w8hONKc8EBP +PISBMb5g+Mr7qVy13JRLoC8rXKej6k+Od6qCmgECgYAZbJiGLpFFYMr0m3mxE/9e +lKUBYB94hrFqRy/+du/DNDJd4IxN75tnzXbfCKXK5Fp53dSG6ko2rb5/6cafxRB7 +uqa7z96VxzA9FPIGOV2sHu/3KMMmeIUor8Svy3MI+hTuNAbJMjVzm2J9OEBBsOT0 +S5pn4mtICgedhH0fkpCjEw== -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID5zCCAs+gAwIBAgIUbEVC5hWQQpWYIXOynGd8Ku7ioaQwDQYJKoZIhvcNAQEL +MIID5zCCAs+gAwIBAgIUCbg8cGKRX0dJSw6VBWVTBPoft54wDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTg1MjM1WhcN -NDYwNTMwMTg1MjM1WjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTk0OTMyWhcN +NDYwNTMwMTk0OTMyWjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV BAsMB0RyaXZlcnMxHjAcBgNVBAMMFXdyb25naG9zdC5leGFtcGxlLmNvbTCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALrNOiL5AhYhbbjFNJrpkdTL6vvV -v7oNGm/3aET3+9M3BZdIVirwsTWDzxQTVpqY/UH3rAOT/jf24NL2e/lj8TXp+eS6 -S3MMWdaCk+vHVXv1cLSWRAZdq2Jf1OrWT4LOw+RMiE3mUPsKq/wN18x1KTqL4ITH -WZU/1cx9Z5ce4C+/0LY4DLLt0LW8uLlDYxZDX1xTrSZYou3ktT24IHwVwrBWXMGL -FdLXT/24125stEwRq/qzKcAuIVDrL02HRPczBbQehvKcN996x7XISGjLZOCN28w7 -KhL2etgeU1shmXFq93YfxdHtcDa6ysX8Ig/oUKkgJqVLigp91gHzXr4n4J0CAwEA -AaNkMGIwHQYDVR0OBBYEFKvLZ/h0emSijTtXoVcPBibT/IQOMB8GA1UdIwQYMBaA -FA+r8H4sLl9BSYmez+zQ/3AVgq5dMCAGA1UdEQQZMBeCFXdyb25naG9zdC5leGFt -cGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAmz0paStjdFmdOOZMFykfwYY4BwOA -dfO5Lnqqoq3TH9mCoca9kNH4bQBhIzPW9aDnaKf2UuABFTcmxR0FL+Vg04+15sYu -hln/wcTDnFe8MZQGB34zaXIYD5L2NJYXuuHqiodC+Ggh20TGGMSXZpfJotJJF8PD -P5B8eQUdH7lR8UTPkxZQfze9u/uyLZkJoQEbLUwM+vw2eecfqOl5jqnTyUhpq8fY -QFmSboi7UZt8ZNdhzEKqaKloDqfo4Ba2hUZDW2Q6eAs8SgNeAZj2Q9LyEkIRoMLX -/g1tY5+oTuwbtVi55+MC5336sA2AmaTyf9dvgyYB1yIzA+KMJiSGc0rKLg== +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALhKK4E6EAgHY5fPV09pDe9jqvzo +AAqsltqNslwNDRJPn4ZF+kgqsAFuquVS76GM8gq1BasG0FwCxYYJFiFarffmajfK +CId592VPGNacCfXipTSWLIr67ePnX/uctOOBj3edjKVLmuPPaM/8d2owp3PV9hAR +uZEPt7r7oOs7NC9lm4KCpu95QsmZOGJMn+qFQ/nwE3LA9KwJehkpbwtlmG7VUrox +u0AJdIXpM185Fgcez1itdvpQVjcQ3HuRIXgJd0U55LgnMefsbiRaztO/ZPooWo3B +UPs1TpxYewbPfsiltcODfDc4rE/zj6quUw2SpG8Mtl6vNK7P767xEIJOZ50CAwEA +AaNkMGIwHQYDVR0OBBYEFN4vEIPI1Z1GFl1EdUv89wb116ybMB8GA1UdIwQYMBaA +FMtZaaZbjHw6O5vfyZtBE20tgGMhMCAGA1UdEQQZMBeCFXdyb25naG9zdC5leGFt +cGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAvMUw0MehwLo7xC8gc1qmhpSQ6Cm1 +KPc6oA1OivbP3FeDNjODoy7E5IFkw976lP24Q3v/O6F3TURZw+Q3LrqtL7MmwtrE +nOppNeS8mYfKy07k0DJcEak+zBczUSCjtVsmN5Azv9L8CLvMe2apYT5JTaMt2wJZ +gbfPQEy1dtsi3ZMPoyQ+4aNiGz5koWb162BZSaeszeshfgU7afrjg0ugPe+X9HRq +dKYHdEHtuwZb9wln7bwckp8B4ciNGOUMuHOlZWUdDAP9ffoV7GF0Y7c3MZC7KgVr +YUq3mLsGaIjjBG4Poz6/tIjhFWl4vNe5RjX9I/+qgY1+Zz2u0vFeNzAAlw== -----END CERTIFICATE----- From 3e6063c7d70fbfc1cee3ab7be8e61ae2b9092432 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Thu, 4 Jun 2026 20:10:40 -0500 Subject: [PATCH 09/10] PYTHON-5040 Fix CA keyUsage and remove issuer from leaf cert AKI Two macOS/Python 3.13 issues with the regenerated certs: 1. CSSMERR_TP_CERT_SUSPENDED on macOS SSL replica sets: the issuer component in leaf cert AKI (authorityKeyIdentifier=keyid,issuer) triggers macOS Secure Transport to do an online revocation lookup for the CA. With no OCSP/CRL URL present, this fails with CERT_SUSPENDED. Fix: use authorityKeyIdentifier=keyid (no issuer) on leaf certs. 2. "CA cert does not include key usage extension" on Python 3.13 macOS: the CA cert was missing a keyUsage extension. Fix: add keyUsage=critical,keyCertSign,cRLSign to the CA and trusted-CA certs. --- test/certificates/ca.pem | 33 ++--- test/certificates/client.pem | 86 ++++++------- test/certificates/crl.pem | 16 +-- test/certificates/expired.pem | 82 ++++++------ test/certificates/gen-certs.sh | 6 +- test/certificates/password_protected.pem | 90 ++++++------- test/certificates/server.pem | 156 +++++++++++------------ test/certificates/trusted-ca.pem | 33 ++--- test/certificates/wrong-host.pem | 86 ++++++------- 9 files changed, 296 insertions(+), 292 deletions(-) diff --git a/test/certificates/ca.pem b/test/certificates/ca.pem index 978edcddea..7037fe33ea 100644 --- a/test/certificates/ca.pem +++ b/test/certificates/ca.pem @@ -1,22 +1,23 @@ -----BEGIN CERTIFICATE----- -MIIDsjCCApqgAwIBAgIULKg2PII+nqQgPEEysgWStNhMZ+UwDQYJKoZIhvcNAQEL +MIIDwjCCAqqgAwIBAgIUCIworzyq+MZP6PgMwJUvbXynSh4wDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTk0OTMyWhcN -NDYwNTMwMTk0OTMyWjB5MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA1MDEwOTI2WhcN +NDYwNTMxMDEwOTI2WjB5MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV BAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMgVGVzdGluZyBDQTCCASIwDQYJ -KoZIhvcNAQEBBQADggEPADCCAQoCggEBANRxGUwLE/UuYqbxZpRXtywLyHiRezn2 -uXatT/PcKtICvHMFINe4Co1414lnL2qrhGCxANpeIobzE0w3WSKgHweTISV8+RZp -H2x3EYBd15MbdDdYDhBYUuGIH5N2C3gDYbkcZBY2cK4RB/cruuZLHf1WSVFFUvK1 -V6hWs4w87c1H+QxU5RKvX7T0VNH1PmGp5xSbxwjkdVLb0o9YVN4nTE2FAGvuUp+n -zUrZjGMDEjFYELeFVpQGTgXgvw31EzeOMZvXAo4mWzH1V6z0hdZg0RDbAxT5CcAg -157qSLbQi9BC0/O6kcflqgYOWwrkqOsNs3ryx/8lbxtZtCtRC15ynu0CAwEAAaMy -MDAwHQYDVR0OBBYEFMtZaaZbjHw6O5vfyZtBE20tgGMhMA8GA1UdEwEB/wQFMAMB -Af8wDQYJKoZIhvcNAQELBQADggEBAFRTyRmtpoVEst3l2TeovA4BeCv7zdaI3EbS -vOwCqNdJ84biNlTjtRWrrIdFZOAHnseEvkxXxBewzuFL1tXiGFkwr43vXyf/MIVj -inzIK2mViPM8vIhOCQSpStgvUaTrvxK659VoLC85SzcCDhUzT0MqXeYjw4sHsTvj -f6GLg2oLuPCcxkfbk+cGIkL/3Dc7Aaq1mqhlXmqueGtIgNf+TgqOyeUfBQ9EEuQX -IZyQZ4PlMPWZ54YBa97fmW2+5EhY1WQ7SJ8abpjA2tkCvPcjaubUCjsASb1OusQS -UPwefW3YA87ivSK5Z/D9HVzvNQcPkr9a2ennS94t69hgDdo65sc= +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMsrDsoEdGpjI2a0tZeg477dzEn2jJR7 ++ejm3NjhAndXi9SA59NhY/5xeKCP78YY5lEf6GXxf7H31AOryq2d3/E2cj6fNMvO +e9eVWPN1X7l902qkuopTd35XgpnD8728+m7qpyVDCtL5hlsdhf2g6ucMri5r2cAp +VWlQ5AsZUKtd/kNHZcR0pD7mwsau9rlOkuHvO8yojQ1ImNT5I8EH+Z71nsjNyybK +6rR3M6KOB9m6vxQD0i18vTONNBLMYuFRmzZuk4s5uUNTlN7o4CBejM+tVABrVTc1 +DumqwMu6gOTg6xjbdWSe/l/YuZYTC/qYYyf2RjLHHm/T/GKXUU80DocCAwEAAaNC +MEAwHQYDVR0OBBYEFBVUg7McKdezoLQJTeiDCxobmW5FMA8GA1UdEwEB/wQFMAMB +Af8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQBF9sb1RAXqYlbx +qZy4elELn1l+yIZTbO1+VDmg1gZflMtkge/wpBNk6yVXXog6XsZ8bdigNtDyPsC/ +30cy+M78AITUiGMnrQU9vfjAfNVRHOBXcQdh2rdDYI0B1ypVpzbyX6qZhg0SiM1S +xYNKSFYZ+4RghyPpP+cMqt43lnpBXUPU+/Y03Kk81e3bj03zy13YDHJAYEipU2i4 +INlZKQ0OcRJC3dWON8QsYiV0fbPKFwaaLvBceNf3JqquHufe3/UPhuN5WcMErOoV +Ys+1hKorovgnrXqm0Aon6lwJrf39C7t0+B+MoD2St8S64QT3dM31cG/7O1IXKQWy +TY31cOt+ -----END CERTIFICATE----- diff --git a/test/certificates/client.pem b/test/certificates/client.pem index 0dd0fb129d..4f74ebd0a9 100644 --- a/test/certificates/client.pem +++ b/test/certificates/client.pem @@ -1,51 +1,51 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDtXBFcwtyqmqPK -+mBDuOxyURSuPSsVn+W2gHij2y145ArA821ivyCXKee/J98mElNXmGAAVpcnSksJ -FvFYz/SH8aHUB9JqczP05dHgCE5EQ6g6D5PF5oiaqac/2VHGqqEs/HRGyNhnROHk -ve0uHVHZUN3UGhTpzAHDRWN7/w5MWXNqRYETaZyI50osBJ+PSkAsgOl4PF1sqXWd -fKLpFkE1V/1Qa0ZsIp8YtXDF9EZp1P1NqoAAsijXIHI5mZefIn9osKeeIluf8/qS -caJRlQ54og/CmRqKK37RLrIV5droBav1OoDE2ANdq7PMVW+CGpUOB00LpNJ5hwrO -ZmCPccV5AgMBAAECggEAAlVUnV0UBsBQ6mKmNhw4BNKruZ/Dz+lbvHzMUs4JhyX0 -vhtWgLFAzIOesdgePzVQaOzIStCPGVWHYc4+LqGStZBoRxmRlbbOtLJaqxFh1ZV1 -rqZvDTO8NYsD6CKGhYWxYmwT54s7Z157uwAr9/dVUeXT3G0qNfcpsEX7GaGy/gih -OudyrWWE23l4EvLr05y/XxdpB7EVTg7XoHqU7auknSuAkqrfNU8w7ylqh8cJZwcM -hDdKeh6NfUc85ONpMU7FTeFlaPcN7Kjvz+hNgX+aGgty3vPzhwn4g5r+eweDFtS0 -JqfoFcj882YEP4EdQG2EU0BZ8s67I/HFN4WBhIZCJQKBgQD9W/+OfyMaGXMF4MEW -X+BxMg3g2cJQR/TG7FLly0boWEgoyUUk7ChPvuYTvfJNUXNEfkc7i4FF7eNNzTnp -VTKfEtxLf/4FsxAexxdJMe61mMnx/FBMYn6VyueNPT9rS1lwOYITclaQPHaDtSYI -wLvuEHktE4X9ViRn+gfsUTFnJQKBgQDv1WE72tQRY4DDrk7ZvKVR351nWWPmWDR1 -veUhpeC3zs9cdRdHeajz6rUpGUQpWV6f+BgwU80BkzgbVU4Qv18xPNDEevCfjPuD -PqQxRI/B0Z5VcbeT2JnqSSF1szOmnA9IZ8FFm/0I4XG6KlAuaaUVWaw+s5qILdn6 -oTgxRpXuxQKBgCvjuQSdX55Q1E0rXyeaGk5hpmfSMUgo/u1K2R13tmPfjziJjVHV -GzKdVkwLNqNQPdCas4pMI2vSxvKeX67dFHTcFo95r66bE2rRgGYsoTaSLkGePObO -lTErwisEdi0HE4pOXAs0XmyEHN+6DMmtYaDe967oV+jH+GyOsrqsYguFAoGAP4HX -T4wwn7IjhK2Bf7KubDG0cot/Ip20toDkTbao/MMssaTn1ytmC8DY29su62wY3G9L -qHBoVsRvFP3PwCuMv3MFLSII2Zbxet15iPpIvuAM9z83h1TR3PIkhBBB2xp0CY4/ -5Xja1iEshklyFfgvmKm4LJpOj0Tk9bL/OD0isqkCgYEA9+jDUU5U2v1gqk6OWiub -HBIpTUP2TL971gVlQrFe/mk+4+GX1vgeHe6xgIQedvombnK7FwyphWWp7+F2C1Ub -7uQN4RtFSft8kow9oF4qgdrWUmu8twi06a+uiKwhhNUSXGkprItR59XIXzQpoYK5 -446o5J4yiqZy/zk+ccgN0aE= +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDBIuoc7BJXkj43 +Ogw4/lOj6l7qJ13wnQKNHLdCuKntuZD8mQ0T7xOKqiRbs4xy2d9zS9bGNfMrT70q +RRRdIrSOTBOGMtUTWtw2WBHOkPF1OlG4aIlLmiM3/W5gQfKxdUvA8UZOjCLtdOuf +Llcdk6sccWhtA4W4glXi46EDGT4tp7htgT076Qa2lfKc1CVgV3LaUIcW8JpHD0+y +U2gSWr8/oE9222fu2MVDyQqR/7WFRBBHR5KJSvx4tJ753Pu19o+T7U5ieLegR1P+ +rI3m0ktJoatomfDdc7R0XcbgqIS/cTjI/7QuRrD7RuHn5I3/0Ml+OwKzElpTlVT6 +LOURN0iBAgMBAAECggEACF3p+LoI4uKO369b9XGeH7sg5MGzFgAFSuXwMfukP+xS +scCzInaQWQjdJZxaBKU34wupaKGQcONF0YGX29+LpSD6VQ1ZcfrVEKUg01sv3Klb +vjKIJR5usWehGxosSIAJebiyGCfFwRX4OaeFJl698k/e618UUU2TKS69jE/xA8L9 +n4lzDyepPf2hA99KG0Es3Ie+lSl9M76Ssg9XY5+7n7W+VBVr5MebDtOEu26XYIIc +FJ0jxVId+xPGvhDcfKvFCcJrtIji38FZBdHbIIrjioFL631iqrRwQTRMUkMY8d44 +POSavdt17zgA3OkBwg7IHa4j6lMRg+D4YYgrmgTGuQKBgQDu4Q0R139ou+n6ZsWt +XeiX5ngCg7+Snq3X+1zNGsUW43DbgLwnMApsoyV0WWccfApMtQCXTgPX68VIg8RF +SbFA/L4S9cM11Ev+GfMXwu/JDnHmOjBj9stFnQMlGxuhvXF6YlK+Ptrt4HOTkrGQ +01eb8NtVqUAZe+3YTW212wikaQKBgQDO+pOygwQnIm+8hPjAV+MyN5v1nvxiOOs0 +o8mx1tqJEMKPQ6fk7JycPNDBilDojkgr8afjpQ5JbFl+Zc/OdhNyiuzfB0LU/5g3 +ExIf5Eq8cdIl7dARu9onQcsXqWcK18kGPnmB4WGo07XkcuYgqRgVoI554dJboJLk +1KRNWEEgWQKBgCOj7EFHN7k2oDg98SxmoHdZaXpmkcScbC+XT0dCwTkjAgmd8XSf +VE7VIJd1Z072qsq7DrWEbEpg4PRqxHPaBNo/W1SU2mVDoXruADkBWqlSwGerMuEX +R0jBnmCA5OSC0VWDKfk8g4mOPXA9KMUE40Ne8jqbn/ataNUm6EGDxoxRAoGBAKDF +bthogF9NlnFe8EGngujM3S3q8qvw/nIDD3Y+J73z8MyLhuyBBh0t+BF9uN8LNfA8 +Y2amHPTXXqSZvNLoUK7WTqvm3fjJGJkfDSMMlyjNWKjxkn9T5V488t5MTafUeWeK +O6OxR8R1voHW5f5UmkqiTklKKbXWgoOQ0JbriJrxAoGALor5MAuJbfaC/ZcW4FVU +gHZJ5I7pvP7+DI/D5Rq3XWhRLTgMERUAzpKQt2fd23g8LDjeTc8TLnrkLC9PpZ10 +fHZQ/a4QolZ9Pq5T9h9HjiCesyLowbfITwfShbTQWR92rvVVh/elSWehy5ANsc87 +pIpaN+cWsG9/np9Z9kWwoBU= -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID1DCCArygAwIBAgIUCbg8cGKRX0dJSw6VBWVTBPoft50wDQYJKoZIhvcNAQEL +MIID1DCCArygAwIBAgIUJMLeJCsPMuRPkCXuMs52RwfFbAAwDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTk0OTMyWhcN -NDYwNTMwMTk0OTMyWjBpMQ8wDQYDVQQDDAZjbGllbnQxEDAOBgNVBAsMB0RyaXZl +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA1MDEwOTI2WhcN +NDYwNTMxMDEwOTI2WjBpMQ8wDQYDVQQDDAZjbGllbnQxEDAOBgNVBAsMB0RyaXZl cnMxDDAKBgNVBAoMA01EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UE CAwITmV3IFlvcmsxCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEA7VwRXMLcqpqjyvpgQ7jsclEUrj0rFZ/ltoB4o9steOQKwPNtYr8g -lynnvyffJhJTV5hgAFaXJ0pLCRbxWM/0h/Gh1AfSanMz9OXR4AhOREOoOg+TxeaI -mqmnP9lRxqqhLPx0RsjYZ0Th5L3tLh1R2VDd1BoU6cwBw0Vje/8OTFlzakWBE2mc -iOdKLASfj0pALIDpeDxdbKl1nXyi6RZBNVf9UGtGbCKfGLVwxfRGadT9TaqAALIo -1yByOZmXnyJ/aLCnniJbn/P6knGiUZUOeKIPwpkaiit+0S6yFeXa6AWr9TqAxNgD -XauzzFVvghqVDgdNC6TSeYcKzmZgj3HFeQIDAQABo2QwYjAdBgNVHQ4EFgQUbgzD -I93lHfaMivTtylShgIGRCAcwHwYDVR0jBBgwFoAUy1lppluMfDo7m9/Jm0ETbS2A -YyEwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB -CwUAA4IBAQBNoP5tmkVAQT8+z6TugYjXn5cIGON8Lxpavku39iEr9lWtpfr8Wc30 -uYNzItqJ76sSRruuYVC7TNEldOl33OsW2qaLvjhH9FaGEq+tZszhN3bepAXCbIB8 -mc3jHZw1nUnMf1I26HW5U3HF/qu2sPWbGW4sj4NcTTJ9sJb+KlBRAcowAgLFo4yg -l5zAs1MFoiGa4slk920pU31eEt3zg+14wsxaUrpqTnOm/nZHJJPI0tp7IQsjRI3q -9FCycrgr+w3FnM5dgfggl0O9CBIg10cefRAIBzGE3esmUCjSOvYrvNVlV/yXnv5J -yUoJ6hJYPyB1GbcBwOpUCjnx5noUIKBv +MIIBCgKCAQEAwSLqHOwSV5I+NzoMOP5To+pe6idd8J0CjRy3Qrip7bmQ/JkNE+8T +iqokW7OMctnfc0vWxjXzK0+9KkUUXSK0jkwThjLVE1rcNlgRzpDxdTpRuGiJS5oj +N/1uYEHysXVLwPFGTowi7XTrny5XHZOrHHFobQOFuIJV4uOhAxk+Lae4bYE9O+kG +tpXynNQlYFdy2lCHFvCaRw9PslNoElq/P6BPdttn7tjFQ8kKkf+1hUQQR0eSiUr8 +eLSe+dz7tfaPk+1OYni3oEdT/qyN5tJLSaGraJnw3XO0dF3G4KiEv3E4yP+0Lkaw ++0bh5+SN/9DJfjsCsxJaU5VU+izlETdIgQIDAQABo2QwYjAdBgNVHQ4EFgQUcICQ +1PTXz/qx3lrQtE2Op0GknT0wHwYDVR0jBBgwFoAUFVSDsxwp17OgtAlN6IMLGhuZ +bkUwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB +CwUAA4IBAQAyFLdTJL3uJlIg4gsQLE7YOR8flyngDYneYhiqwM8VQzXFCGGi7VqC +o2H3SFMnZUm91qupDsa2qaQFULsRgCUm1ArvxVtedkQBlsPylRY5K2/UW/Flz/2C +0Ye8kQMTkCseNPKolwGf5TRSWg9fBNXEYHrtuEW83A0a2/cL3MjehGzblh9BF6Iz +HQvpxM1TcMCrrS96Me3UT6ENxCIzNprFjn58pDGGuOKJd+BXrqXSnXKSJULlEoWv +32/FDsUDe5uI27gu+GvSNZAOddhwXv5OwHNFBgtY/8X9jStUuzhrwLzv6U0V/6Y6 +qtrgSbev2AluiMko8NpevdP2NsOUMxyS -----END CERTIFICATE----- diff --git a/test/certificates/crl.pem b/test/certificates/crl.pem index 58e2eef08c..b729c6473f 100644 --- a/test/certificates/crl.pem +++ b/test/certificates/crl.pem @@ -2,12 +2,12 @@ MIIB6DCB0QIBATANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzERMA8GA1UE CAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01v bmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMgVGVzdGlu -ZyBDQRcNMjYwNjA0MTk0OTMyWhcNNDYwNTMwMTk0OTMyWjAUMBICAQEXDTI2MDYw -NDE5NDkzMlqgDjAMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQCknpas -Y9CVnP8wAYp/zViQQizwRRD5JtqMCDj8QJTfZ6nTOaRHY3581ulnK8ux/jGeo1WO -QfT1UyS9/CB8PZ4SDpSF1oiKaz3OkEivDeHWvUDYjukHkn1L5Kc/RYEje7/VRRlr -Rouz736sCz+G2BQZSwMpyxEPlozZG4Me4UufCcnkpI0cYRDwKgyUxeP+6xmtWCAK -QG/KzlNgjZPr2jwqlyVxBBtyYweIsJVSEveQQRkjdJYdeyER+vZmCHQSu98VHk0I -SkbaN1CCi56/8uWy8PuZU3FkLweO0gp3XAwh7TXiqVt1SH2gefjyzvyYnsts5Buu -9XP8u5uRAafgdK+k +ZyBDQRcNMjYwNjA1MDEwOTI2WhcNNDYwNTMxMDEwOTI2WjAUMBICAQEXDTI2MDYw +NTAxMDkyNlqgDjAMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQCkIvPE +1NaTmcm9wzkeQNuOxcAvT9tHiblThgGiamzMpvncf4e1kCxU6sbqBFp/7E1CmCi2 ++YRLvMQvAnM6QWuslUjHqLDdaEtpUF/E0KKknF/cLLxLN3FeFe41erlgdJa5AjSP +MynUzW28Yc2us6qNYeOnJqL/oEp09upHTDw/V1OcLFxBngzx3KZAvjsUkUCSRa83 +T5R8wM2ALG+ZOkT40gWh/N222vSIYNzfq8hsumG2ZYYEXs268BjclLvQOe8MCMun +NmO1F++wVpbPbKUS89xkewYRLK7L+AjUhINKXJTTtaepSFSA2IVGOmtXD3Z8VeWC +yaGBDaTeyljKqfhl -----END X509 CRL----- diff --git a/test/certificates/expired.pem b/test/certificates/expired.pem index bee2a1a3a7..bdf17a738d 100644 --- a/test/certificates/expired.pem +++ b/test/certificates/expired.pem @@ -1,51 +1,51 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDaBkqdhO2NgX3L -rEVBEA83eTZVqxvJ58NWPMMRjjunUcxVl87gH0Y6idTQPabkgtcm7EqoTp+RHf7S -TQanflcrmpQfjkUo/eE1lQkLWBktIB/ZPk3g5fAGveEaHyJ46P7bmPYRKCRuzyIH -8WtEylVwzkL4fBigG1Ecf5OuHccnarcAWFgEdt34FVeuUkq8WsiaDrZU955yQ2LG -zZOY1OPaLR1G/ZYCLAPgjzjjW6ssgrmBjB8c282glw2f6Wz7V0VU8SWS8LRVwd/O -HDM6NGoGzmSAWNzPjPGwlfhrDkMvm6VfTN83XaWqiezER8a5KqvQ2/+eIojVB8Gs -odmX0pw/AgMBAAECggEAA3OVC9BWaGaT5L0J7aFA9GpdU1bdnkEmhP96QRVk2V3A -o9w+4KpuFLAo59EKCtUNbebQucBg4027wn2IrO8hlyWf0a4RZzg5r/z3gy/2WhIH -nwtO9U/+kETCQwUaKRrbKgPOZXAiv4RU8BZA0fp4BsylH8TrKOG104Mrhdaf1/5f -gUxJohXHk7wNYzUxpl/uOChVom+HkwNAmWGCcr5o9g2Wk5KzWLlNc3hx2TBfldQk -y6pZI1foO9HcVzLAL6uaNUVQSNPfUO9F7USoxLjn1EmJtG/+DMo+hEevQXI/uWkU -IKGhIeS34UpUmcKajCdwPMobgdbCZDPaNy7n0Ys4PQKBgQD3egpKImN3vnXnQT/I -P0KJXISCgX/amhbGbCbEo4piWu9rrUQQUSNhS1j9sYNMCbFY5ALwJbRsNALT58HE -WitSmwUhFzXqiIPryH6uULdWqdv8hkOmxCG6y9yVbPL2ca5tSzKloxDXZS1JOKYH -yHYngaxbnp/o6hTnVJiOuaDuIwKBgQDhiJOnZCIKboSjEYJSO5BEJ1G/qjh40qpM -/filsFw4l6giE8vNJLilWmNuPQR4v3IaN1jemh56iU0/AobO5RRKWk1Ydz/fcJEE -izUi2/93/P6+1oCsKq7e7BOv8gPRFROzxTQRei6DAs/F8bwSZofCT1kFWl7ptFt+ -a/4wO1TlNQKBgF1gVvGR+CX+X05aeE5+UAS0O+tiIXPCIEXOGPKpIlXqKdxfDAd8 -FfVoELPofrn6DkiT/+fM0j7hgQ+jqqEDxMTuaQkLUPSlfeFBTUtIeWThwneN0Yjj -CDcLJLfc2+/RBReIABwvYvNi4at3DG5zXOGbNAV93KhtamW+rbFsqSQxAoGBAIy5 -yNAw9eCmd1K88SFYkztDgYnjr9sMMEFcU5MnSVPypXGmAovdtu1OSi6WGj0x0AO1 -t1kmt4/kLnP7opxkalW+pPZnak6EkahRKHW46l43WclAVQeYlob4rYwiqekDisio -a0XghDcxQO4VWTHuEhXXpwdlDUYsSM7ImdIEo4NlAoGAVoWkYct7h2eN/1wPu7/4 -2ahtxY3MuYwgjwJjytuZu2xdcfckCVQpE84YHoUw9Ui3W9oKqPi9vyCMW7YI940s -07SOFharlJtysSZr8fzJ0sQ8Ub0UtScFcYMsRgrijwk8NadtDuzwOrL1UU33JYox -mn7V5iAY2l8wehayhwWihAA= +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCshzk1c7wW26bs +o/GTWWN2nU+8w7lZClTibEY6/78DW0y0YU6+KPD41GxA4zIemxYY24JwqdnC9keH +JdWSL4YFgidVJUw12Tf+23oRN8+f//c9sb3Bmd6sZfbzYfrEiPdkHrGebcvdSK+O +wSOHZukiDwTz97w+98LD+Wd3p+Vde/jB/KNmcWlNl1Qkq7B3WaeoPNr078LNTuqO +MrGzqVo1bpodXkCvJruxdCNnhARbbHYLVwIaYuC6lqJvJL3u8xD2UebcvTbPos6I +Fjphgaf/FT7EWQflEkrqjvtViOqgfGPd6grrKFbTExOQPyonwe1iHA2rFr5IIicq +bdBpV1UtAgMBAAECggEADN8r1/6R/lyV6BrVJ6qoHo3fCJTLq8Z3DcuJM9an0B7M +KrsFzm8sh0wF5ZNtxlXIwMMDyNcLPZ31OTKL7BOqmpeayqH1PSE/Kb8DLOyui1/j ++NDdeOe7cr5Kvd7GAEq9tlUJ6GmFp7VID8z+ExiM9TMMqg0GGOaQO+HMI+O9W4uI +aDIQ1uaaqaZldHMut8m3hW7RDaqElV717RXHnZEpmZXdoRHPvtsYqPN3f5MKNDU1 +67AuVQCcdDys+8k9iUu3H4DCW4mrxP3PaXm6vuRxqgiNzmUva/pt12UuoDPqj729 +Gn1fRrXZQgbNpGK0WFengf01zFYt5SXVAZleg32rAQKBgQDSLkzT2QThzpbcu7fa +BsfFTDVBf63XycWh+C94g9hQ9OZjDL90X3pUjF/MuPTKcEuBZax4jws7GjOKPL95 +FwZG67TPmIunCUtvxuuj6rtvTjEz8ezYEsfOaU9prv7dPfxRcGOgSWkIXUX8z6H2 +Z2W3uVZSoSGPsH/n2oPX2MjlrQKBgQDSI54qIcfc50ST2RFpHqJpsdn4kMsouPOG +1g+LALTwFN46ABQdJE3K9g5fXvmF0sLPlWdqGCIxUrwXDAhEDmOrlZoJCS+Hn+7l +iG4XNCPVPWfixX2oUA99RfPiu0U9wSVsfwovdsghXG5QTyNa6XyZrhNBpYMIClYV ++tcXH1MdgQKBgQDJWT+SZ0GtDJsrxM1hGcPBN7uBDs68fXhOLRNU8YGGNMaMtwam +dl0bqAqSddFUKfW7dWqfZ/GLYhNj58RKPYtu35kskueeUmIpJ7hQJKwA+jhamfWa +HYu6Ktq/1LwluJ8CaZeXUxxCvhAxG7v98JnaQrv2lpQvMhemRoite+khVQKBgAcQ +UXHDHu/LCmAZ7N7mu7jn1JbpbxrYVL9UlMMsa+iiGvJCLGrqXH8VFFiaXbLk6c2G +jSpg001rJY10xxZakXkkF0B0gZeChcpLcr/u7cFuRf62esncnxir8E3P070GsBZc +kuATkxij/cVPU7XroVedJWKQiL4NcuVcQDyzvdyBAoGAUkPi724pAnlTST6mYMXb +Io82iSHeRwkuisSRDWfmrO3pGe6SkBwDwDyCxoS7fGj3JqsF5NtyRgmgZaLTu42H +oTXrhhMjOzXjBAoG7FtdEs3Wxwyjkf/q6850ZVhVYpdrSzYPaPN/52MoI71qIjHA +2GuEDub85LdRKAMc3fhmxXE= -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID5zCCAs+gAwIBAgIUCbg8cGKRX0dJSw6VBWVTBPoft58wDQYJKoZIhvcNAQEL +MIID5zCCAs+gAwIBAgIUJMLeJCsPMuRPkCXuMs52RwfFbAIwDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMDAwMTAxMDAwMDAwWhcN MDEwMTAxMDAwMDAwWjBwMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV BAsMB0RyaXZlcnMxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBANoGSp2E7Y2BfcusRUEQDzd5NlWrG8nnw1Y8wxGOO6dR -zFWXzuAfRjqJ1NA9puSC1ybsSqhOn5Ed/tJNBqd+VyualB+ORSj94TWVCQtYGS0g -H9k+TeDl8Aa94RofInjo/tuY9hEoJG7PIgfxa0TKVXDOQvh8GKAbURx/k64dxydq -twBYWAR23fgVV65SSrxayJoOtlT3nnJDYsbNk5jU49otHUb9lgIsA+CPOONbqyyC -uYGMHxzbzaCXDZ/pbPtXRVTxJZLwtFXB384cMzo0agbOZIBY3M+M8bCV+GsOQy+b -pV9M3zddpaqJ7MRHxrkqq9Db/54iiNUHwayh2ZfSnD8CAwEAAaNwMG4wHQYDVR0O -BBYEFLdAeJ64HzEM3Rb33XIvJhEAKMxfMB8GA1UdIwQYMBaAFMtZaaZbjHw6O5vf -yZtBE20tgGMhMCwGA1UdEQQlMCOCCWxvY2FsaG9zdIcEfwAAAYcQAAAAAAAAAAAA -AAAAAAAAATANBgkqhkiG9w0BAQsFAAOCAQEAQJhjzibpwtZOjNEA8XnEdlQWUEmz -BkkTxNOQkWeClcE/sokv2mIjfp7Yx340wJ7O/CbBNcDUxGksk763HQdTUMIt52Lz -QDjie+TjZYFzmfwFMyGlxHKp9PMoVbxbJN5yVLm4e0Rb7fh5qjap/8mofJCC5Tar -OXz9+vYnVCpAFQmnblptqDp20RqSChMZMWHuLIWDQs5NZszopj6Nr3nFtAQwC6r4 -bVIz/8ulUcOCi+pl1ffO06Pzcda3nyGu1b4j2iG+yKyyViaRuzjCEFEU3WO8YA4Q -sMmKN3HahbyTxcVUaFygPEy+F8erqRWcGoEd0ghNLoFKtI42jZXYATOmJQ== +BQADggEPADCCAQoCggEBAKyHOTVzvBbbpuyj8ZNZY3adT7zDuVkKVOJsRjr/vwNb +TLRhTr4o8PjUbEDjMh6bFhjbgnCp2cL2R4cl1ZIvhgWCJ1UlTDXZN/7behE3z5// +9z2xvcGZ3qxl9vNh+sSI92QesZ5ty91Ir47BI4dm6SIPBPP3vD73wsP5Z3en5V17 ++MH8o2ZxaU2XVCSrsHdZp6g82vTvws1O6o4ysbOpWjVumh1eQK8mu7F0I2eEBFts +dgtXAhpi4LqWom8kve7zEPZR5ty9Ns+izogWOmGBp/8VPsRZB+USSuqO+1WI6qB8 +Y93qCusoVtMTE5A/KifB7WIcDasWvkgiJypt0GlXVS0CAwEAAaNwMG4wHQYDVR0O +BBYEFIQZ8b2OANToGnZdHc4Vq1arH/VKMB8GA1UdIwQYMBaAFBVUg7McKdezoLQJ +TeiDCxobmW5FMCwGA1UdEQQlMCOCCWxvY2FsaG9zdIcEfwAAAYcQAAAAAAAAAAAA +AAAAAAAAATANBgkqhkiG9w0BAQsFAAOCAQEAWNhUCwXlWImKzbQqEZNwhptUHcm7 +LK/jWbOyo2mFoQyGim6ofMSbb4AMvtVgn9OJYwOajfc5GjrYZ3g9UkCq7hOpOn2A +OmaOL4mLadD6pFpuHvgindAUHZuqh3UFMDP4ekoFS8DhlvZg+GJZkRiaJ1Xo5quM +6sYCoL8VoYT3/ExRQWPocwkQibIBu67N4oMiOZUZ+jDSsPo7XmfFPZeVhAJ0Uxbe +wfgqBnGSwi+87oLUOuUAVeNtF1R7NB2q0xPUbymIL8Pi5R56Yt/fYWe1QP7TuecN +ccfEIaSEUKPoqYiLOseuzASNlpIJV8s+IjNHH1EVTab3+UQDSRmQSr86yQ== -----END CERTIFICATE----- diff --git a/test/certificates/gen-certs.sh b/test/certificates/gen-certs.sh index eb032c7e83..7898bacd93 100755 --- a/test/certificates/gen-certs.sh +++ b/test/certificates/gen-certs.sh @@ -23,15 +23,16 @@ cat > "$TMPDIR/ext.cnf" << 'EOF' [ v3_ca ] subjectKeyIdentifier = hash basicConstraints = critical, CA:TRUE +keyUsage = critical, keyCertSign, cRLSign [ v3_server ] subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid,issuer +authorityKeyIdentifier = keyid subjectAltName = DNS:localhost, IP:127.0.0.1, IP:::1 [ v3_client ] subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid,issuer +authorityKeyIdentifier = keyid keyUsage = digitalSignature extendedKeyUsage = clientAuth EOF @@ -214,6 +215,7 @@ cat > "$TMPDIR/trusted_ext.cnf" << 'EOF' [ v3_trusted_ca ] subjectKeyIdentifier = hash basicConstraints = critical, CA:TRUE +keyUsage = critical, keyCertSign, cRLSign EOF openssl genrsa -out "$TMPDIR/trusted_ca.key" 2048 2>/dev/null diff --git a/test/certificates/password_protected.pem b/test/certificates/password_protected.pem index 78428612d3..409a5677d0 100644 --- a/test/certificates/password_protected.pem +++ b/test/certificates/password_protected.pem @@ -1,53 +1,53 @@ -----BEGIN ENCRYPTED PRIVATE KEY----- -MIIFNTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQUjmGvGnDzF1d2KML -USvuYgICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEPxe/Opf8jx4H30l -gtFoWwMEggTQVO1+vF+10xVzKQAnX7xtXdNxhpTY0x8QFrx8fniQ2Blf2AmEM4V6 -tknYDhNnb0RY2TQ452cPb1OhYhLtMoGT4ZEkhhm+as+5V90MaJqSiLfDi7hvbOiX -d65kjNqJqS0rbtgFUMV9FtU4PP18Q0BscPNt4CP3fueqS6Zx/7VZEbEz5JqqvLmD -+MxszddisFCpcJvi2V2YW3MsB3Zrj6K2dGpqUFpPiTouDTOKxi7vuRf13F8BFnB0 -gLtgcwp4tbrk+LJYr0Iz4fMMNAYi+0t5eRWh97baQnEnbJaGx9oo2Ef+VwkpEJ9G -4aTrtIh0/LJcrG5SuPRu3FOrArEQItTxiNoHxQsvCvPO/vYTNZA5DAXYisaEGrZB -MMvz8U1tGtiNCJEjoURGOmNPJswTR9DDBu7cXA42vUcFbXZEyJB3pcw3mDu0X9+a -POkD3oXespiPpMfS1Y3WVnrR7DcBZ9DBWdNZ0BSB1kZBrhRUQaXPJ+22IacqtGAk -y/HtovMEw/CeQAdEucG8iIPAGPr8VPY1p7Bz+D+TYFhGlyDhNd7vVHRqtVXXDlQj -eqSwf5n/Gh/f7Q2h1vbzzVHuZ4UoZDP0ZszzGfSA1y8aHLFKHoTrUmvfLGrENh2V -LjcjQLYxnL48qVkClr0tME2fv7P9cPqtIEEXvmzFXT61QrZFiYHCk5HPKoFsBSQl -c7LsuM5X9D7xdV2BrEFXN2awH6z8MgoqdreILm70Ze1pTBM+NzGktMFABcxAXzaQ -llt4oGs8lmGPuQjCnvxPXiLRxj+fLU2YzpzSC2AYEKQ3KRrxYUXGu42oLiIUjK8f -BUsOGnYYGkHCT69WBbgtwl8iC0LDcBObMFFv1IQN4gh7TIZF9bvkCp0S8PNqaT/W -i56cZHVtu86bCBUeNz5SLGnCwGuuvQL53c5fgQuzK9OhxVgNFAsk1YeYcMOFJXvK -oTDqTiQ91aOJPxt88QaxkD/45Vc/EivZ/niB84/32uyT/6ymSzIKtU4ZOBne+Jx9 -MQ1ETkTLG1Qug/gRdJJ+hKuzAOeME1mQ3XbqG8yHVZ6Zkobf95X23yqMq72Ohi4p -BJiE2T4I/F1Cw2hyPOszGV5tXyfcrT2Z7FhJNZReD+gtoYnEeuNNMINYNDagIUNS -PPkwg7JTNOXEHbkGvjoWiAtxnfxpCKU6Fm6kd00vD9Wc9v/QsIBEhrFyvLZk/ucX -I3XYajuoQE/wGphYPuzlOzBOjiQfgVV27CalXJwGHAI/KR8D5lKP0aRwlkLUyU1c -gMlotqKNAxnhr/Nbdj2eo9aCFAW6i8eZIlviW139RWZEp8gRiWcTWQAvV4NhtxxF -4QzopulPmoz4wtQRrlotG+5JW6JqX81+VF53EsiP4C1tnpyxY+MVynAUroeOQvNI -D9aZu3/zA2+ixkrahfoGVSoGTaIAgchRyaEfxfA4YzcdfQkR5dhEJf4u4h5wvUS6 -ZWOA6Ei/NgtjLJXCaQywtseq2KSTgK0R0IyC91mEvR31w1WsMaZxCG9JuJU+Nha2 -R5qIQeMwEOR/+siKxh4QXYK7r70QqFbOkVZDBsaULrMHv66IUceOAjXpuUe4NbV2 -UcDbYWletvU8tKhBdA8SttQib/F2ra5CZVHwrPZOklhTVPQ7qzSDeus= +MIIFNTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQEBYtboqnWdJ8eESa +YxMmKQICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEECFmeuF/j03+YvpX +H2iJoQ8EggTQP8xnokAYXmoie9Zq8ZfMm3Z8V2a2IIzANeC/FrR9yQ1L77EuQpzG +/ah5TLBn/SasWRNPMV6M0TI8Cvg3GDKuBdK+GqwQik5masD5UsCx3ihLLiWasF8I +R6w+CWrpZZDLTfQE9ZXEHcb6A8d/pAQig4wPHfBPopTxiCsfCwqkVMMH/KMTfBqO +VKAkRE9e33gmEygO4t1LMtnR34mwgWA5KJOmAlPT3QiEBy/ZpDD/2PFqmqigibdj +YMRy6irIBqlHoDqtWmYuFNBBpVPVBtmFw3DDbbAIwMQ0zq4Il0Pl75REvIebgXEW +tjsOLGomW/gcxf/QCu0zdsNCYVNarXzM2UyJR6AibotjeoUDFn7wR+NRsI7rTYUN +r3cDDdxPebaltVAtwpIY4XoQXZVpfcyz6kmGKlkl9VuzKdSPV3fi7om7aytjFKxf +L0nZ2lsDZ0bhwMv7PKDkNHIPdyUt/XPayFb6+BtF2fCj6FRy5xyhX3sRuVmPdWn9 +21YY+TaE38/kB7ItD07XyrX4YB4lgG0wX+qMUDPH7tX+f/Yor5XQ/it7186z/Yl8 +L7wW4td+mbWWfV8HXhmSeJlbkOzvtzCOmf0ypOCi/Ixw7VVRXITevrdpyb74trQz +HV24x2V+dDHkXxv+kS8tuZ5kRg5ZSqrUSaDoUNIrYhbmJ2QXoew08zvJ6GL5UY2M +a6pQz41GO9cuVLXJiO8nV3VbKoFP1aoxaAYotMKpv00Bf7W39oS9lDY9rA+oHj8J +fKjYjr/ojCHkG4EElkAzcRvKCZpdMFDCf7IaNlSxkHvf33abeHwf7zb0WVXCorbu +499jo2Oc5QVQFxKQIjAjPX3NyvZYqorXa/vxDo2KvofCe2o1NOJ+5zvb0Nk89PWk +vunNo9Oq8M9Dw3S1jh17RJPLmBNsxQ4rqExynVZUcVcdDABnVUR9UDBA0/Pd41Yy +6kIlS2BgkvcL+Y0BK4oZVjz0zuNSlXgeh1gcNfFR8phxRAuYTZ0H70ZPTEfgJ3vn +jNsiPu3C6TLH4k7xs8VtIob5Nm4PrUcV7VNQLA55qZNQeL/uDwwvipY7ypKe0+7Q +bvESiFh4s56OjvBAp1wVjrKDmuzoL3aNr1dHNKMh01ft8pU8U+rcNYkAQ0ZS/mX/ +OIXR1Y+0v4x8OPYK1QWsZxKy2PbfL6oGEmsMh4viv3ZbSElw/gmuTP0+8jpXK71O +MwYdaWq9pCS9RLrcjYHff18vS3zWA6MVkanLNqsiUY8QBW/vTFGRfpFSZWP2AQ4f +IayDtfrqDcwEuOCFiRSrcZCzyGEs4NLgjBDfAi9Fz1Ec/o5f8xdM1Tdb9BSI0dS5 +P4a318l0hbaY5tUPMsOsYQlizgksCdgvxms2k5u4kpJkSkRw+BXgOdxYbeHNWqwL +snYwWmRLOXymu8OeJ2zTQ9QH6ComE+C27KOhxUml5XjHqY2j69qbXkhQWmi0EXj8 +DHJb7VPQZ+7IEjMTXRFmTLSS0S1k0C5CCGC/eYtUFFdQzG/RYSLbic0yICrPCnTq +GX/PiC3E+MTaZrr5ehAHAl+LC0iw6qXMUgBO2rWOYnF2vP56SIvI1yvCgNWpKFN3 +CKyHUKWyislcHqw9lvyzuouoidtUHpWMAEo/hEVb8JF4Y/yNND/4nLU= -----END ENCRYPTED PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID1DCCArygAwIBAgIUCbg8cGKRX0dJSw6VBWVTBPoft50wDQYJKoZIhvcNAQEL +MIID1DCCArygAwIBAgIUJMLeJCsPMuRPkCXuMs52RwfFbAAwDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTk0OTMyWhcN -NDYwNTMwMTk0OTMyWjBpMQ8wDQYDVQQDDAZjbGllbnQxEDAOBgNVBAsMB0RyaXZl +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA1MDEwOTI2WhcN +NDYwNTMxMDEwOTI2WjBpMQ8wDQYDVQQDDAZjbGllbnQxEDAOBgNVBAsMB0RyaXZl cnMxDDAKBgNVBAoMA01EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UE CAwITmV3IFlvcmsxCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEA7VwRXMLcqpqjyvpgQ7jsclEUrj0rFZ/ltoB4o9steOQKwPNtYr8g -lynnvyffJhJTV5hgAFaXJ0pLCRbxWM/0h/Gh1AfSanMz9OXR4AhOREOoOg+TxeaI -mqmnP9lRxqqhLPx0RsjYZ0Th5L3tLh1R2VDd1BoU6cwBw0Vje/8OTFlzakWBE2mc -iOdKLASfj0pALIDpeDxdbKl1nXyi6RZBNVf9UGtGbCKfGLVwxfRGadT9TaqAALIo -1yByOZmXnyJ/aLCnniJbn/P6knGiUZUOeKIPwpkaiit+0S6yFeXa6AWr9TqAxNgD -XauzzFVvghqVDgdNC6TSeYcKzmZgj3HFeQIDAQABo2QwYjAdBgNVHQ4EFgQUbgzD -I93lHfaMivTtylShgIGRCAcwHwYDVR0jBBgwFoAUy1lppluMfDo7m9/Jm0ETbS2A -YyEwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB -CwUAA4IBAQBNoP5tmkVAQT8+z6TugYjXn5cIGON8Lxpavku39iEr9lWtpfr8Wc30 -uYNzItqJ76sSRruuYVC7TNEldOl33OsW2qaLvjhH9FaGEq+tZszhN3bepAXCbIB8 -mc3jHZw1nUnMf1I26HW5U3HF/qu2sPWbGW4sj4NcTTJ9sJb+KlBRAcowAgLFo4yg -l5zAs1MFoiGa4slk920pU31eEt3zg+14wsxaUrpqTnOm/nZHJJPI0tp7IQsjRI3q -9FCycrgr+w3FnM5dgfggl0O9CBIg10cefRAIBzGE3esmUCjSOvYrvNVlV/yXnv5J -yUoJ6hJYPyB1GbcBwOpUCjnx5noUIKBv +MIIBCgKCAQEAwSLqHOwSV5I+NzoMOP5To+pe6idd8J0CjRy3Qrip7bmQ/JkNE+8T +iqokW7OMctnfc0vWxjXzK0+9KkUUXSK0jkwThjLVE1rcNlgRzpDxdTpRuGiJS5oj +N/1uYEHysXVLwPFGTowi7XTrny5XHZOrHHFobQOFuIJV4uOhAxk+Lae4bYE9O+kG +tpXynNQlYFdy2lCHFvCaRw9PslNoElq/P6BPdttn7tjFQ8kKkf+1hUQQR0eSiUr8 +eLSe+dz7tfaPk+1OYni3oEdT/qyN5tJLSaGraJnw3XO0dF3G4KiEv3E4yP+0Lkaw ++0bh5+SN/9DJfjsCsxJaU5VU+izlETdIgQIDAQABo2QwYjAdBgNVHQ4EFgQUcICQ +1PTXz/qx3lrQtE2Op0GknT0wHwYDVR0jBBgwFoAUFVSDsxwp17OgtAlN6IMLGhuZ +bkUwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB +CwUAA4IBAQAyFLdTJL3uJlIg4gsQLE7YOR8flyngDYneYhiqwM8VQzXFCGGi7VqC +o2H3SFMnZUm91qupDsa2qaQFULsRgCUm1ArvxVtedkQBlsPylRY5K2/UW/Flz/2C +0Ye8kQMTkCseNPKolwGf5TRSWg9fBNXEYHrtuEW83A0a2/cL3MjehGzblh9BF6Iz +HQvpxM1TcMCrrS96Me3UT6ENxCIzNprFjn58pDGGuOKJd+BXrqXSnXKSJULlEoWv +32/FDsUDe5uI27gu+GvSNZAOddhwXv5OwHNFBgtY/8X9jStUuzhrwLzv6U0V/6Y6 +qtrgSbev2AluiMko8NpevdP2NsOUMxyS -----END CERTIFICATE----- diff --git a/test/certificates/server.pem b/test/certificates/server.pem index 5b8a3a424d..08cd76dcfd 100644 --- a/test/certificates/server.pem +++ b/test/certificates/server.pem @@ -1,30 +1,30 @@ -----BEGIN PRIVATE KEY----- -MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCtbTLMvCR2XPs1 -J01nXbnpvcWwwBWQuWwbMZlqNvZPiAgQgjuRmzTlvB/MMgbTPb8mynE9HtnjW0Kq -HDqAXUvBstGSd67Pjd9WCTLcV+JJ7IufUp7SuaijGlVLgtDTNoJ2s4lUN5DWZyx5 -EL8uHH1fXaNurDglGC//F2shUhNlO8xpZXMaKahJZwmsU7aeA9xvrudGwkYQm8Vl -+Zrj24t4J4Oy+7TJEzVZ8lH3wZ9FkG/eiozURmL9uK8bG6DmhqztEKZFpy5LUBY/ -RL2Y1Mcxec0wHxSamRslx3dAcnCutR3A4bs8OoXIwoZoIEQDOFoge67q8sl5lyaZ -SpmsJEq/AgMBAAECggEAALAiN3W3n1CXHordX7+bcTXzhtP8Qeq6ZxE3TpiROZeM -kKQzoExBVXf9mE3KgSQJkhnTgS6SJrjB9vLNuJymJEqVUkNvShuB+1FmBkHDABAU -LbmiL6vU43DDTd1i/rOEqPvlW5Qs2uzl3EUYvRIX3Tz93P6J6nvCFPz+y88LjKdC -aCsA60Hd+cQQ9dJa2qZ5db4YkU2cwGFdMtLEsdGy7SKviOscaTWDFoy6LR+lgqRN -jGoUOSCSzfyXcsDl2Cu36jnQWj7d6tmhTPkdRMPXEvFj7+s0xmB6Z/I3kMFHBCJq -6dAJ2if07JOiPK+AgFAQiK0DndqyTV5FJD21jlmEIQKBgQDY68V7bktXS0nquPGZ -WKnBm/vyulH1PwpTFQHyPAzEUU0jjRaEKYHhTzZu0728HZi8Yw24X3BtcxSQVHeb -8Hz1JCpvVPp+G/jxa+qxwz0upBJPy8rfz7N4R0OjSxVKe/7zu+cl7gAyb0hyo3cf -3pFOGRw5LwlA6dv7U9eOrPGS5QKBgQDMq39juOEKdjIRRsPpFMhF77SefnobqBm8 -9mpZTs4LQNXG8BcUvS6S/xmyDocznFYJbBm9m2+gUCidc5edgkimHdfcTAccxXKQ -ihTimWxubXB4KhhyP9EsTC2ppcPGSO49fCosvqmCFflGp2EUkl9SMSv40UP2xk5b -/7BJ9EvY0wKBgGwMZH2q3pRIyDTGknETnNr3W3P4IsLJ99aSbDnAd4uCA65lpIWI -N02HK1Hg3m1JQL71h+wCffnGjMOnjzx5eYSR0yFJbsxKGqIGYwzQdzU4PHbKx+7b -gkWzGZnI2H4VbVTyj5xxBGAa1jdj/P4+2pnQICLLrwxKcGyrwn8q3dmRAoGAckKP -1LFC2R9RJjn2ZyoWAI0orY74RnZbIBYFGySWfMvOTMh+ajKPTLsjsjbQHez6TzpN -SH/9GmeFtRjyHJm+SxbACplbIyHLqouby0FRunhYYI1HpoigEvXYTCxhllHixuqJ -dP9gDGKODnalCOIKWw1eegMByUO+PTgKR88dhMcCgYA6LNAlqxBwO6dTPQFvGlqS -d67iKwyjbK06iyjvcNf2q4/jh8MC8au8gHDxXG+I5Gp3nMXncuG4GG5Ii/tKX3kt -/6B3b3tlFmdsAmI8xEpiHhDBDXINLRs+w7rkl5oNduHKkCWd9r9KduupJDvTo78h -9yuZwMwRFAIPx9P3YL1SeA== +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCuozfwg4XDRJs5 +zPCIEAd3iiS2z+G68X0N444O1Yb/35UslCY2ZkKWs738I/A9AI1Tm74C4l1PMHNO +OlCMcYg2w/fu3VuAa6E7QwPwjRhnoRYl2lgDX+TVKcHXOmD8bKZB+S9V7Rl6CANs +pLqeSlGBQqXORJ2nu0teou6BZUJ9qcRbsC/aHlQleOr13jx1+sfPvwK8rrBeYqH/ +pA982scfE/PU6QnB2v+9Wd/hHt7073ssIE8lsKxoJtSsfebyV5kn48e5kPKWnbLk +ONbD5QRzCs7Z8GbIrzGkXV4mRwUVK5+fCmhVE93g+99paeJpcXOrBmkCTkL9WTyg +GW0vGhDLAgMBAAECggEABaKOnjF1kiTB6COMv1cvu9O2oOTO9nvu+mZqobU8yJTW +ThHvCbeoU7neWicZYV6F249y73TjveJlAL6GStcppgVnbUsHNiWYQOlF/0UOPInI +xSqTxx1uV30kHBBuK2GgxmWGpCclDfhO4/qMwFQgPSOBZh52AoDbSw/G0mC0vIk9 +ddiGMvQHRgh/JEk1vrIqE+lEdiccPNswC2G2FyXWHia6plpZ0VAZXfQH6R4ttykF +CfHUk1gNDuGrXtwHicF4d6XXZsnuPkBQZ/GWmu51gGu5Xhr0TmXY/NPRhamsqsjn +lkrNGV25VxZX1lGM//cqL77Om7m9k5Rx9gnp+8n1QQKBgQDj09FNvc6kB8QzZ3Dn +1YMnNKpSiu5d8qW8iUGUMLIF+d+KTkHa7nLBfjEOUyCVOJh80pUFhvXwL4RtZ72A +Ln2EWZWYxN7aNzuTXQIO6zit+BgosCf2Vqgu06yZtmZARFNxTRRImRwUsPGaqnBH +drxJpQfuomNJfCJ4MY8OmC/URQKBgQDEO5rsV8OioXI7+y0qWSJO113sofwT9VSt +JCy26oN59sbgrcFPohsWISEBrYnjuPEeRf0Z3Hl52Tt49btuIqPmga2II/1Zj6ip +V9cTzwVij3XSfdb/SwcV3GBCzhQjgl6C/1ocpayQHGLaS47+hHFu6sGp2JyxhDKL +owO/twsJzwKBgQCU5crVVEfJTIoeTmysGA8vgGwQplxDamKHZe1GPM0cusIuUhcY +Tt8RNrg49HtHC0YdzkM26Y2y/FtAZZykOb4u0Z3Dymcblx2IojDGL1VL3elsLjTv ++pLQh+c2Ts9lEUK3ufiXuflwTHSa8OmQyzkjqIgWnmrljAu7IiitESmxQQKBgDEH +C1/9VX2uhJID4XbxKic0m9zhY8/AvdU8coeI9Cxmwa2k++VfhRD0WgDHUOo6bNO5 +fNEXSqps4fUIwDl2IikXQToAc+4KfINC1RO354qGeVOL6UmDf1Ow6cQHJPTyP5bP +Ib6Cjii7Tt9nfWSNxqGFubkry4p2kwJcSjV+EB31AoGAMv52cz2i3FDSHYBv+QRF +VrTEfMlV63o/zPYKRx0ZF+9b6Br8z4emeNnb6Fu7nk5glliGMsPbGT/0P2OPYl8/ +Q2Tcp/QlvAtQbeCsOvUQgi0eThxgskcNOMefAr7BFcHSZVgrGixDGrIiIViJGQMF +IyTjmZ1yDgFmUwf8ULuxegw= -----END PRIVATE KEY----- Certificate: Data: @@ -33,75 +33,75 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=New York, L=New York City, O=MongoDB, OU=Drivers, CN=Drivers Testing CA Validity - Not Before: Jun 4 19:49:32 2026 GMT - Not After : May 30 19:49:32 2046 GMT + Not Before: Jun 5 01:09:26 2026 GMT + Not After : May 31 01:09:26 2046 GMT Subject: C=US, ST=New York, O=MongoDB, OU=Drivers, CN=localhost Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:ad:6d:32:cc:bc:24:76:5c:fb:35:27:4d:67:5d: - b9:e9:bd:c5:b0:c0:15:90:b9:6c:1b:31:99:6a:36: - f6:4f:88:08:10:82:3b:91:9b:34:e5:bc:1f:cc:32: - 06:d3:3d:bf:26:ca:71:3d:1e:d9:e3:5b:42:aa:1c: - 3a:80:5d:4b:c1:b2:d1:92:77:ae:cf:8d:df:56:09: - 32:dc:57:e2:49:ec:8b:9f:52:9e:d2:b9:a8:a3:1a: - 55:4b:82:d0:d3:36:82:76:b3:89:54:37:90:d6:67: - 2c:79:10:bf:2e:1c:7d:5f:5d:a3:6e:ac:38:25:18: - 2f:ff:17:6b:21:52:13:65:3b:cc:69:65:73:1a:29: - a8:49:67:09:ac:53:b6:9e:03:dc:6f:ae:e7:46:c2: - 46:10:9b:c5:65:f9:9a:e3:db:8b:78:27:83:b2:fb: - b4:c9:13:35:59:f2:51:f7:c1:9f:45:90:6f:de:8a: - 8c:d4:46:62:fd:b8:af:1b:1b:a0:e6:86:ac:ed:10: - a6:45:a7:2e:4b:50:16:3f:44:bd:98:d4:c7:31:79: - cd:30:1f:14:9a:99:1b:25:c7:77:40:72:70:ae:b5: - 1d:c0:e1:bb:3c:3a:85:c8:c2:86:68:20:44:03:38: - 5a:20:7b:ae:ea:f2:c9:79:97:26:99:4a:99:ac:24: - 4a:bf + 00:ae:a3:37:f0:83:85:c3:44:9b:39:cc:f0:88:10: + 07:77:8a:24:b6:cf:e1:ba:f1:7d:0d:e3:8e:0e:d5: + 86:ff:df:95:2c:94:26:36:66:42:96:b3:bd:fc:23: + f0:3d:00:8d:53:9b:be:02:e2:5d:4f:30:73:4e:3a: + 50:8c:71:88:36:c3:f7:ee:dd:5b:80:6b:a1:3b:43: + 03:f0:8d:18:67:a1:16:25:da:58:03:5f:e4:d5:29: + c1:d7:3a:60:fc:6c:a6:41:f9:2f:55:ed:19:7a:08: + 03:6c:a4:ba:9e:4a:51:81:42:a5:ce:44:9d:a7:bb: + 4b:5e:a2:ee:81:65:42:7d:a9:c4:5b:b0:2f:da:1e: + 54:25:78:ea:f5:de:3c:75:fa:c7:cf:bf:02:bc:ae: + b0:5e:62:a1:ff:a4:0f:7c:da:c7:1f:13:f3:d4:e9: + 09:c1:da:ff:bd:59:df:e1:1e:de:f4:ef:7b:2c:20: + 4f:25:b0:ac:68:26:d4:ac:7d:e6:f2:57:99:27:e3: + c7:b9:90:f2:96:9d:b2:e4:38:d6:c3:e5:04:73:0a: + ce:d9:f0:66:c8:af:31:a4:5d:5e:26:47:05:15:2b: + 9f:9f:0a:68:55:13:dd:e0:fb:df:69:69:e2:69:71: + 73:ab:06:69:02:4e:42:fd:59:3c:a0:19:6d:2f:1a: + 10:cb Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 99:CA:D6:55:64:61:E3:D9:76:00:D1:9B:A1:D7:49:17:8D:5B:6E:DA + CC:CC:54:7B:F2:87:66:CD:2A:F4:75:39:36:9B:60:45:1D:3A:FE:44 X509v3 Authority Key Identifier: - CB:59:69:A6:5B:8C:7C:3A:3B:9B:DF:C9:9B:41:13:6D:2D:80:63:21 + 15:54:83:B3:1C:29:D7:B3:A0:B4:09:4D:E8:83:0B:1A:1B:99:6E:45 X509v3 Subject Alternative Name: DNS:localhost, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1 Signature Algorithm: sha256WithRSAEncryption Signature Value: - be:88:47:6a:1f:07:13:1a:5a:5e:08:1a:1f:b4:9c:2b:21:7c: - 4d:6d:c2:8b:b0:af:50:7c:87:b7:23:13:3f:1d:ff:c1:f4:52: - a6:c1:93:d6:85:ee:8d:ed:93:4f:35:c5:87:fa:8f:23:dd:11: - d0:76:32:8a:15:ef:53:ce:cc:e4:89:bc:9a:23:5d:8c:81:b7: - 10:2a:e6:c1:39:d5:f8:88:39:66:93:e3:2f:7c:55:34:d1:c9: - 6e:71:77:30:b1:32:49:35:59:f9:d8:16:c8:ad:77:33:5f:18: - c5:75:3f:e5:8a:ed:5a:d3:8b:21:5c:68:66:fd:62:c3:e7:46: - cb:b4:a6:bf:fe:f8:77:68:8b:c9:c3:a6:7a:1b:af:ee:ce:b1: - 8f:49:8e:a3:a5:c5:a9:d7:68:dc:97:54:d6:f2:f0:59:00:41: - 66:1a:c2:7d:26:da:dd:96:fd:ba:98:da:a3:88:86:17:93:4b: - 4f:b1:65:2c:20:c0:ad:46:73:b8:88:54:2f:0f:39:bc:e9:c8: - d5:3b:69:33:43:75:a3:3b:20:46:e3:fc:f2:8c:0f:11:55:ae: - 02:ef:05:9e:59:bb:ad:e8:b9:cd:f9:7b:5a:5d:93:fa:46:f6: - e0:29:c2:95:7d:30:22:fb:56:53:4a:82:c3:7b:88:49:f0:a1: - a6:ae:c1:c0 + 3a:72:ef:6a:0c:6a:f1:a6:e2:bc:11:e8:ab:71:01:3c:6f:20: + 35:fc:22:a3:6e:d2:91:6c:08:93:d2:ae:61:37:72:88:8a:73: + 80:87:ec:61:c8:25:e9:e9:df:0f:6b:fb:50:27:36:0f:a5:b0: + 71:1c:9f:c3:fe:94:5f:b2:f4:30:56:81:7a:4e:51:f9:30:cd: + de:0d:90:39:86:3f:c2:f0:cb:8d:c5:29:4a:7d:27:1d:78:5d: + e5:3e:a7:90:08:06:5a:0a:1d:50:d7:39:8d:ee:a4:58:3f:30: + 44:d4:89:dc:94:8f:66:4e:0b:7b:94:e1:06:67:ed:23:ab:22: + e8:77:18:fa:d1:6e:46:df:bd:75:de:c5:d2:b1:ac:ef:df:07: + da:b0:85:2d:47:18:fc:fb:d3:de:10:fb:e0:35:ef:d4:ef:0c: + f5:d4:d6:84:3d:22:fe:44:c9:d2:48:44:ec:24:69:52:15:9d: + 99:52:bc:e7:04:9b:15:85:7e:e0:06:12:bb:ba:96:58:78:a6: + 61:fa:33:01:7c:76:43:6c:c5:3d:11:c5:e1:9b:e8:59:d1:96: + 8c:30:21:e4:73:82:7f:44:76:fb:d2:f1:54:a7:b2:1a:28:ad: + 28:bd:f7:9a:47:ef:dc:b2:1b:26:d7:fe:0a:0d:ae:bd:38:13: + 61:43:f3:e3 -----BEGIN CERTIFICATE----- MIIDvDCCAqSgAwIBAgIBATANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER MA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNV BAoMB01vbmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMg -VGVzdGluZyBDQTAeFw0yNjA2MDQxOTQ5MzJaFw00NjA1MzAxOTQ5MzJaMFgxCzAJ +VGVzdGluZyBDQTAeFw0yNjA2MDUwMTA5MjZaFw00NjA1MzEwMTA5MjZaMFgxCzAJ BgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazEQMA4GA1UECgwHTW9uZ29EQjEQ MA4GA1UECwwHRHJpdmVyczESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG -9w0BAQEFAAOCAQ8AMIIBCgKCAQEArW0yzLwkdlz7NSdNZ1256b3FsMAVkLlsGzGZ -ajb2T4gIEII7kZs05bwfzDIG0z2/JspxPR7Z41tCqhw6gF1LwbLRkneuz43fVgky -3FfiSeyLn1Ke0rmooxpVS4LQ0zaCdrOJVDeQ1mcseRC/Lhx9X12jbqw4JRgv/xdr -IVITZTvMaWVzGimoSWcJrFO2ngPcb67nRsJGEJvFZfma49uLeCeDsvu0yRM1WfJR -98GfRZBv3oqM1EZi/bivGxug5oas7RCmRacuS1AWP0S9mNTHMXnNMB8UmpkbJcd3 -QHJwrrUdwOG7PDqFyMKGaCBEAzhaIHuu6vLJeZcmmUqZrCRKvwIDAQABo3AwbjAd -BgNVHQ4EFgQUmcrWVWRh49l2ANGboddJF41bbtowHwYDVR0jBBgwFoAUy1lppluM -fDo7m9/Jm0ETbS2AYyEwLAYDVR0RBCUwI4IJbG9jYWxob3N0hwR/AAABhxAAAAAA -AAAAAAAAAAAAAAABMA0GCSqGSIb3DQEBCwUAA4IBAQC+iEdqHwcTGlpeCBoftJwr -IXxNbcKLsK9QfIe3IxM/Hf/B9FKmwZPWhe6N7ZNPNcWH+o8j3RHQdjKKFe9Tzszk -ibyaI12MgbcQKubBOdX4iDlmk+MvfFU00clucXcwsTJJNVn52BbIrXczXxjFdT/l -iu1a04shXGhm/WLD50bLtKa//vh3aIvJw6Z6G6/uzrGPSY6jpcWp12jcl1TW8vBZ -AEFmGsJ9Jtrdlv26mNqjiIYXk0tPsWUsIMCtRnO4iFQvDzm86cjVO2kzQ3WjOyBG -4/zyjA8RVa4C7wWeWbut6LnN+XtaXZP6RvbgKcKVfTAi+1ZTSoLDe4hJ8KGmrsHA +9w0BAQEFAAOCAQ8AMIIBCgKCAQEArqM38IOFw0SbOczwiBAHd4okts/huvF9DeOO +DtWG/9+VLJQmNmZClrO9/CPwPQCNU5u+AuJdTzBzTjpQjHGINsP37t1bgGuhO0MD +8I0YZ6EWJdpYA1/k1SnB1zpg/GymQfkvVe0ZeggDbKS6nkpRgUKlzkSdp7tLXqLu +gWVCfanEW7Av2h5UJXjq9d48dfrHz78CvK6wXmKh/6QPfNrHHxPz1OkJwdr/vVnf +4R7e9O97LCBPJbCsaCbUrH3m8leZJ+PHuZDylp2y5DjWw+UEcwrO2fBmyK8xpF1e +JkcFFSufnwpoVRPd4PvfaWniaXFzqwZpAk5C/Vk8oBltLxoQywIDAQABo3AwbjAd +BgNVHQ4EFgQUzMxUe/KHZs0q9HU5NptgRR06/kQwHwYDVR0jBBgwFoAUFVSDsxwp +17OgtAlN6IMLGhuZbkUwLAYDVR0RBCUwI4IJbG9jYWxob3N0hwR/AAABhxAAAAAA +AAAAAAAAAAAAAAABMA0GCSqGSIb3DQEBCwUAA4IBAQA6cu9qDGrxpuK8EeircQE8 +byA1/CKjbtKRbAiT0q5hN3KIinOAh+xhyCXp6d8Pa/tQJzYPpbBxHJ/D/pRfsvQw +VoF6TlH5MM3eDZA5hj/C8MuNxSlKfScdeF3lPqeQCAZaCh1Q1zmN7qRYPzBE1Inc +lI9mTgt7lOEGZ+0jqyLodxj60W5G37113sXSsazv3wfasIUtRxj8+9PeEPvgNe/U +7wz11NaEPSL+RMnSSETsJGlSFZ2ZUrznBJsVhX7gBhK7upZYeKZh+jMBfHZDbMU9 +EcXhm+hZ0ZaMMCHkc4J/RHb70vFUp7IaKK0ovfeaR+/cshsm1/4KDa69OBNhQ/Pj -----END CERTIFICATE----- diff --git a/test/certificates/trusted-ca.pem b/test/certificates/trusted-ca.pem index 26504fb0a5..a7506ba3c7 100644 --- a/test/certificates/trusted-ca.pem +++ b/test/certificates/trusted-ca.pem @@ -1,22 +1,23 @@ -----BEGIN CERTIFICATE----- -MIIDuDCCAqCgAwIBAgIUXyhWrw0JtVLpIVRkT9Mo+GDBODEwDQYJKoZIhvcNAQEL +MIIDyDCCArCgAwIBAgIUUcgTcnV0MsAUzdlCtBW/GPxim3IwDQYJKoZIhvcNAQEL BQAwfDELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMQ8wDQYDVQQLDAZLZXJuZWwx -HzAdBgNVBAMMFlRydXN0ZWQgS2VybmVsIFRlc3QgQ0EwHhcNMjYwNjA0MTk0OTMy -WhcNNDYwNTMwMTk0OTMyWjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlv +HzAdBgNVBAMMFlRydXN0ZWQgS2VybmVsIFRlc3QgQ0EwHhcNMjYwNjA1MDEwOTI2 +WhcNNDYwNTMxMDEwOTI2WjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlv cmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxDzAN BgNVBAsMBktlcm5lbDEfMB0GA1UEAwwWVHJ1c3RlZCBLZXJuZWwgVGVzdCBDQTCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALuE20ZJaaGRLzvMaurcKaP3 -AfNEp4n/AY+YjJY4znnXsgmVNDAPA3scOrjeSxjpC/Hw2HoBf4B57Rhy9HE/9alB -RIR7kTG+y/RA5EI6gy7cG1TddP88J0eLkvikVkQhhf8s5mD2n7p7CYtYorCif+57 -yOJVv7dI0Dn0RQ592IFGPDaCIp7XNcrSjBmIahBLOKNHNUkBQ6q69EuWnFfzF9z8 -Rhhn5k+mF8DWcEOxagizWSMIDVuu590OT60GTq7qisK1X3gSb9d3ndZ9OZLNaD8R -gBnkLbpALZl/iRmFTgyfhHqNVufo+gjZhWPscqMgyW8HGDqxr6ZKjCbRHrF885cC -AwEAAaMyMDAwHQYDVR0OBBYEFCszYGV2OdFVVbUnc9BWShN6WtmgMA8GA1UdEwEB -/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAC8jiq+HfRS0fD8nPbzVTv8agIDi -fDFFWPGW3EVjQT/BCaOM2FyfLcpdP0JMsl9B55xlqc4TtOuJkQ4IR93LFcQ+jG+4 -XlnJH3bqMuEgmNfIye2vHFDTDGHflQxDPJ42uwQIYKIE0zPdqEKvobbQ+mIRM5FQ -z7J8QqIqCb9UaaMFxUzDK0m6WQ+OREuf/bIcZhXL/kUmP/eVhHMy8P+NMqWe6UHj -tCDOuzLi+9jch0EaBHwPiOdzvrQc6EcuPT5kzcdN5mwPXCJG+HkYDe5FnRHhJKm1 -wffFeAe6Givp89hMfBpZMO/4gYzaXWrN1b0QjNJmhjqJ5AFp4bM4YqKF73k= +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJX2Nj0SfMSPuUiViJP0dcw7 +egMyp6VYyY2TCE8HHNqIem163Hy3i49MHKEqr9b5OVIz0RWaU8SdkJ2WwfaOb4G/ +Xu2o7AsDRZVHJwh8BhWu5dco5Fd8DZiUnbiWwdnlmbF/vFB//zGMWGYpGkUOIKuD +dbVdhXTvBrGXY3fDOYa8kjxqhUTJFqhLVESTzfxaiBww0ZMlDpMwgjU9CZJ5C9Sw +wGeRavjIJdiz6ABG1vdSpZ/8E5bL/WYgImonq1vfT3fWjnq8GlaSAW7YrkJ2ANn4 +/BIgkEZbjv+UiadLzUKUT+QT2Uff7bDD+Eh3Bh/j17p5ey8e3M+hkjFbwpoGA4MC +AwEAAaNCMEAwHQYDVR0OBBYEFMnVB5JRAbHlPRh7a6CguKrHtr8kMA8GA1UdEwEB +/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQCAcHZ0 +bfasq8TuSakrHbXd6VN2orX2BUodlAM2Hs/hUtCim8M8dK5iSr/tfW80mfq+bssw +ay+yKJzFlB3PzzLo5b6XBapbjPWiD2lWT5WoIlS/9CAO4BN3edhLAgRRMFgPXyZN +JKkNqg5H0yoLy0z+f0vxx7IIe0GytiwT7T0JLoVGQpjCIkjjm0XSCBPdjTQOow1L +NSE0dfQ9LbsuiAA6t83cl6PUMJHrBpKmzdLYoN6nM/VxAhQSVqy5MfnXgA3BWzra +vXoHA5p2rL1QZ3wQRB3B7kAFxqnrwJJdUTwRjm5RmGMUNjj2hFwAJlfwBQlYoxt1 +6rE4DkIhabfv7Zu1 -----END CERTIFICATE----- diff --git a/test/certificates/wrong-host.pem b/test/certificates/wrong-host.pem index 7fc84d88a7..8f6ed82d07 100644 --- a/test/certificates/wrong-host.pem +++ b/test/certificates/wrong-host.pem @@ -1,51 +1,51 @@ -----BEGIN PRIVATE KEY----- -MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC4SiuBOhAIB2OX -z1dPaQ3vY6r86AAKrJbajbJcDQ0ST5+GRfpIKrABbqrlUu+hjPIKtQWrBtBcAsWG -CRYhWq335mo3ygiHefdlTxjWnAn14qU0liyK+u3j51/7nLTjgY93nYylS5rjz2jP -/HdqMKdz1fYQEbmRD7e6+6DrOzQvZZuCgqbveULJmThiTJ/qhUP58BNywPSsCXoZ -KW8LZZhu1VK6MbtACXSF6TNfORYHHs9YrXb6UFY3ENx7kSF4CXdFOeS4JzHn7G4k -Ws7Tv2T6KFqNwVD7NU6cWHsGz37IpbXDg3w3OKxP84+qrlMNkqRvDLZerzSuz++u -8RCCTmedAgMBAAECggEAEBFXbbL0Rt7uDgRj5maQcnjMJbTMnCGkHXYRQPlaVGhg -zkI3qicepWFSwR/UCM/TIp/Z2KmFbSBIvID6TvorBNwwEqEo0TcPHOQilEOSkr+q -C8W0KIHsT9ySf8uP8e4P5iv0YU0QOiCRUOEAQF/xmaXkCE6jUUR/jmv2Acxtplwd -afIGu543/a84ca+3MJVf/O/l8T0Ri5YUl2PwdL3DfrSrf4njuRuAQZtNNGgKC3mu -Fszx+L/SAEtDK0fwGdOkbiTCyX1zwz4YnXYUG2WpOnyEpJa3u/usuK09u3fm3/fL -M3JSwdWbNKFSg0X+BP9XtJ94HefCECLycJ0d+ZJEAQKBgQD0PP+/jvvc02Kmi/pH -5KjRO8kDxSnrz/fHuMqqUv3CYEqf8+EkmLG4rX1b4HtR98VBCGGWGxG1aUgu50Lz -li7q2gGVb7c/zufd5zwJcbCPc52ZPo3VFcKd/6KVi3Fqv4YGRaFs6/r8JP65tQW9 -m3TNFslRPKcGd3dpzI9y5Q/OHQKBgQDBKh4RgceyquQgtzjEblCMzb+1N1s7ucRz -I68mibY6wE9IC+AUDidgOFFfQkrIeOqOM9hu6KmVD3859xbrw8ITMY0IqdOejiMf -+/JYt18uaBZ8zU2iTiHsuJRGwrWEUN3z+8x0uBgY56PIOTKbOciveOqQWa6T1RgS -UG96XmvHgQKBgHV8JjXaLNNTp5+fs9wDZSWI0bALlpfFaVZcULjPxRtMQHli0glN -nifM5IFeoVOTkQIwaujOypzuMPfG7NDJjHYSOjLNE2QRPj3i7mFIm/rVTZkamxVG -K2DfSDERa5RC3tCDjBweA5Roo1NnfYRwlCXXcS2vtFSLARkWemZ1Qz4NAoGACLZp -nMiJxVlH6OHawaFoKLGvD/FrQApk/fyCDe7wNT4vVUST2tO4mvJvWSiYTuqFSdy0 -ymvcGkkUp/ypIAE4Y708a0Ods+0dUHgAulerB2DSgtaPxd5YUWER7w8hONKc8EBP -PISBMb5g+Mr7qVy13JRLoC8rXKej6k+Od6qCmgECgYAZbJiGLpFFYMr0m3mxE/9e -lKUBYB94hrFqRy/+du/DNDJd4IxN75tnzXbfCKXK5Fp53dSG6ko2rb5/6cafxRB7 -uqa7z96VxzA9FPIGOV2sHu/3KMMmeIUor8Svy3MI+hTuNAbJMjVzm2J9OEBBsOT0 -S5pn4mtICgedhH0fkpCjEw== +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCqOy2pgCy55SlP +jOefFgo814NQiTZUzjslthOd7uobrQYCoLC5N2QwB1I6JlsJuDigo2vWnTB8nTwj +taf1hnAumv1oBvYV25s6nmP6OoOz3rqK0ZqTmXMd7ZlCWi0KmwglfJCsLsFFpGgN +gi1W9eUzVIaJ3BabG02nxRTcsV5oxAIzYdayxqZ/czzAvhfD0bKlfnDkfysWFEP+ +bgHSqNbZtYD4/acHKj5zy5Dyvkf+4rEWJrasqjJW69Q/fRj4eaYpXIz2Jh8Btd6H +8sLsucM5qIKcEwLw7nASLJsKAV+TO0jUbPDEGR2rUxKHoagT6c1pOexa+MsFaAWm +UrHOIFgtAgMBAAECggEABU5WaEXfPwUaUkkzUAVdGNPj2y8Hs0GBXPXNqzrO78Fn +Ik5Va9SC6i9UPA1FgapNE468dgJMyFmTTg6jt1azKPS6SNOMuJYxgrR8q8hGoiTj +Xh/V6FtcV/a3s/aBGGdIK/jzvnYvnobXGnKwDJmaBQ1RqzrhtoB1nXDaa12Y8n16 +dIgqgFK7wIu2c4FRDd0xr3Kq7+Gs3U6z65xyEtRW3ITghaaWsBDXDvHxBOcRm7SM +d8hXPto5sk0V94yJqxY0Xq7rXkDiqeVg+q/5lq/aSdWCNU8mz/+Xmrvvc7uUaHGF +xtTNM5cpVQiyhU3PYAoNa6U1NxHlhNW2yKN8hOTPGQKBgQDqxu23FcX3U9mISWZb +HlG9bzXOxexJAPWuDcIJdA/fI290kFQW2rE/b1jFoUsZL6esFJprinihjE9rdhd8 +vIgiPb2T5eg2h4J/KtXqtySLM00ySu1l6JvSWpZ7hxBDkMon+P160815H0Mko5+V +v9Ndfs2eo0n2LsPMFgv0pRkiyQKBgQC5npEhlqUAmBoIx7PnO6qPlwzWj2lW8l2g +BT3CIjQfbN4++PS2qMmv/3eHkfq3aBpSAXpeeLNEV5flPsJ6OaQSfMT4Wj5bbKEb +Xl8i4WfbC10YIhs6Ur6BOnK6Uyi8ArOFYhVRu/2z3937XM7C7Mz4/g0TsLavJoEu +xelKyc44RQKBgGYOzb1d6K3INHLrPWR0vKG1m1Vkcn+VvDbKYkQLwO6GD+hC6Vr5 +/D0QIS3gHK45KhFC75G6IxBO1yNmtXUS27bO0f9d3OD/bTnsnAspS+h7B57KNYKs +aDg8Ctht8SL96PMRaNchBVwWu/BMdI37Ul19RtMkNn2e/JxWJSJXNqMJAoGAdOfF +iF4UtfcWDomYaP5PQfhkgY35TmV/ShWC/A4GvfQXVZn+pjxQKqS/Z4ctXO4YBaYg +p/dlEJoKdLu+SLSc/XfPpotP0szr+wzI5nMIshDKJTT16RnMGh/xuiA9+4vH/S31 +N3ErLGrGqFWfc20o+3kmS0x1AoNBwW+sqwnG8/ECgYEAzq4Qrm69OmU9zbC0phon +LF03QSPkTInuLvcKAgKeD+kZQ6ZpZCwRnYgRe2XTFcLEwrrZAaem+eNR4tBeE2b9 +duL76gyoukctgb6bZM8TNDJlHg6MoT0RXUjEezMLhYNumrXDO6TCA7ak6gV5AHHw +zs/hznKbNvFW7xLQDPW/1f0= -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID5zCCAs+gAwIBAgIUCbg8cGKRX0dJSw6VBWVTBPoft54wDQYJKoZIhvcNAQEL +MIID5zCCAs+gAwIBAgIUJMLeJCsPMuRPkCXuMs52RwfFbAEwDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTk0OTMyWhcN -NDYwNTMwMTk0OTMyWjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA1MDEwOTI2WhcN +NDYwNTMxMDEwOTI2WjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV BAsMB0RyaXZlcnMxHjAcBgNVBAMMFXdyb25naG9zdC5leGFtcGxlLmNvbTCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALhKK4E6EAgHY5fPV09pDe9jqvzo -AAqsltqNslwNDRJPn4ZF+kgqsAFuquVS76GM8gq1BasG0FwCxYYJFiFarffmajfK -CId592VPGNacCfXipTSWLIr67ePnX/uctOOBj3edjKVLmuPPaM/8d2owp3PV9hAR -uZEPt7r7oOs7NC9lm4KCpu95QsmZOGJMn+qFQ/nwE3LA9KwJehkpbwtlmG7VUrox -u0AJdIXpM185Fgcez1itdvpQVjcQ3HuRIXgJd0U55LgnMefsbiRaztO/ZPooWo3B -UPs1TpxYewbPfsiltcODfDc4rE/zj6quUw2SpG8Mtl6vNK7P767xEIJOZ50CAwEA -AaNkMGIwHQYDVR0OBBYEFN4vEIPI1Z1GFl1EdUv89wb116ybMB8GA1UdIwQYMBaA -FMtZaaZbjHw6O5vfyZtBE20tgGMhMCAGA1UdEQQZMBeCFXdyb25naG9zdC5leGFt -cGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAvMUw0MehwLo7xC8gc1qmhpSQ6Cm1 -KPc6oA1OivbP3FeDNjODoy7E5IFkw976lP24Q3v/O6F3TURZw+Q3LrqtL7MmwtrE -nOppNeS8mYfKy07k0DJcEak+zBczUSCjtVsmN5Azv9L8CLvMe2apYT5JTaMt2wJZ -gbfPQEy1dtsi3ZMPoyQ+4aNiGz5koWb162BZSaeszeshfgU7afrjg0ugPe+X9HRq -dKYHdEHtuwZb9wln7bwckp8B4ciNGOUMuHOlZWUdDAP9ffoV7GF0Y7c3MZC7KgVr -YUq3mLsGaIjjBG4Poz6/tIjhFWl4vNe5RjX9I/+qgY1+Zz2u0vFeNzAAlw== +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKo7LamALLnlKU+M558WCjzXg1CJ +NlTOOyW2E53u6hutBgKgsLk3ZDAHUjomWwm4OKCja9adMHydPCO1p/WGcC6a/WgG +9hXbmzqeY/o6g7PeuorRmpOZcx3tmUJaLQqbCCV8kKwuwUWkaA2CLVb15TNUhonc +FpsbTafFFNyxXmjEAjNh1rLGpn9zPMC+F8PRsqV+cOR/KxYUQ/5uAdKo1tm1gPj9 +pwcqPnPLkPK+R/7isRYmtqyqMlbr1D99GPh5pilcjPYmHwG13ofywuy5wzmogpwT +AvDucBIsmwoBX5M7SNRs8MQZHatTEoehqBPpzWk57Fr4ywVoBaZSsc4gWC0CAwEA +AaNkMGIwHQYDVR0OBBYEFH3RUzpBaqpydyCy2TtnS7kTvBT+MB8GA1UdIwQYMBaA +FBVUg7McKdezoLQJTeiDCxobmW5FMCAGA1UdEQQZMBeCFXdyb25naG9zdC5leGFt +cGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEADEIdgN8segXnSrWnZiWS0dd8qKUx +k8+LQjjhjds9CPh1sq20BPqSmiL2kG+fpzyKqgpcv9BbZB3fpBCfdjfcT+Fd3ceA +HNOvkGdm87mxhvCQrmqkKEPjCDBFgTE8o1UxNTCHEBZ5z496NQ+GrbNzvZRC+QWd +CEI3VtRY0k7tDOmZWZLaPU+E6IPAvMbP2Uaca0Oo1lqPFab5hQkvwjZQa316WcE6 +ZA3PU612Z1xTX2H+mR/uCmUJTJNttTZcLFGjc3XM8aZSuOvBVdwoy1YYeB7pUBL6 +NmYtemygaPiBrIfSC8CrWFL7mtyaZJ7UukniGG5PH9WWm5YRM1lzlZNezQ== -----END CERTIFICATE----- From f3ea73d7e6cfd42327cb4e4949c4dbe605a5b6fc Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Thu, 4 Jun 2026 20:44:00 -0500 Subject: [PATCH 10/10] PYTHON-5040 Remove cRLSign from CA keyUsage to fix macOS CERT_SUSPENDED macOS Secure Transport treats cRLSign in the CA keyUsage as a signal that CRLs exist for this CA and performs CRL revocation checking. Since our server cert IS revoked in crl.pem (required for test_tlsCRLFile_ support), macOS marks it as CSSMERR_TP_CERT_SUSPENDED and the mongod SSL replica set fails to initialise. Python 3.13 only requires that keyUsage is present on CA certs, not specifically cRLSign. Using keyUsage=critical,keyCertSign satisfies Python 3.13 without triggering macOS CRL enforcement. --- test/certificates/ca.pem | 34 ++--- test/certificates/client.pem | 86 ++++++------- test/certificates/crl.pem | 16 +-- test/certificates/expired.pem | 82 ++++++------ test/certificates/gen-certs.sh | 4 +- test/certificates/password_protected.pem | 90 ++++++------- test/certificates/server.pem | 156 +++++++++++------------ test/certificates/trusted-ca.pem | 34 ++--- test/certificates/wrong-host.pem | 86 ++++++------- 9 files changed, 294 insertions(+), 294 deletions(-) diff --git a/test/certificates/ca.pem b/test/certificates/ca.pem index 7037fe33ea..7e79d7087e 100644 --- a/test/certificates/ca.pem +++ b/test/certificates/ca.pem @@ -1,23 +1,23 @@ -----BEGIN CERTIFICATE----- -MIIDwjCCAqqgAwIBAgIUCIworzyq+MZP6PgMwJUvbXynSh4wDQYJKoZIhvcNAQEL +MIIDwjCCAqqgAwIBAgIUG4yLbLc0MS98Rr9VPU52i4oeEcMwDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA1MDEwOTI2WhcN -NDYwNTMxMDEwOTI2WjB5MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA1MDE0MzE4WhcN +NDYwNTMxMDE0MzE4WjB5MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV BAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMgVGVzdGluZyBDQTCCASIwDQYJ -KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMsrDsoEdGpjI2a0tZeg477dzEn2jJR7 -+ejm3NjhAndXi9SA59NhY/5xeKCP78YY5lEf6GXxf7H31AOryq2d3/E2cj6fNMvO -e9eVWPN1X7l902qkuopTd35XgpnD8728+m7qpyVDCtL5hlsdhf2g6ucMri5r2cAp -VWlQ5AsZUKtd/kNHZcR0pD7mwsau9rlOkuHvO8yojQ1ImNT5I8EH+Z71nsjNyybK -6rR3M6KOB9m6vxQD0i18vTONNBLMYuFRmzZuk4s5uUNTlN7o4CBejM+tVABrVTc1 -DumqwMu6gOTg6xjbdWSe/l/YuZYTC/qYYyf2RjLHHm/T/GKXUU80DocCAwEAAaNC -MEAwHQYDVR0OBBYEFBVUg7McKdezoLQJTeiDCxobmW5FMA8GA1UdEwEB/wQFMAMB -Af8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQBF9sb1RAXqYlbx -qZy4elELn1l+yIZTbO1+VDmg1gZflMtkge/wpBNk6yVXXog6XsZ8bdigNtDyPsC/ -30cy+M78AITUiGMnrQU9vfjAfNVRHOBXcQdh2rdDYI0B1ypVpzbyX6qZhg0SiM1S -xYNKSFYZ+4RghyPpP+cMqt43lnpBXUPU+/Y03Kk81e3bj03zy13YDHJAYEipU2i4 -INlZKQ0OcRJC3dWON8QsYiV0fbPKFwaaLvBceNf3JqquHufe3/UPhuN5WcMErOoV -Ys+1hKorovgnrXqm0Aon6lwJrf39C7t0+B+MoD2St8S64QT3dM31cG/7O1IXKQWy -TY31cOt+ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMUpxRwvIP/vSWHitv/vN/T2k3zZO3+I +7j6fxLyQ3kqT9c3VZOCOV3yf9ESfEJpoKiOrUsWE7U/dBDT2gcBsYFuaRc9kzOzV +1XDIdfAhNMeSb9OHxW5gKN+bIiMOlEwzGsfty1hhmpAkZycfTkCvbQ/uyEtRApfC +QnvFYtn/gZ/1jXOa94Zz9uxDVwzBsCQlHf1WpD6h/Uk+QJWTj11osm6nGCFDkugd +BHF7iqcb05IFchM2u3MJQ9GcqHf+HIn/JuPbPP5/Y9kuFomHsabvqIq3Nj3iLUWx +emprLjwpchELbB4VfgOTX9dShQKPQaDZsZI/tsMtRe77AEMubDCsbeMCAwEAAaNC +MEAwHQYDVR0OBBYEFAedCCKz7kaIvK9mkpHLdhyfGtFyMA8GA1UdEwEB/wQFMAMB +Af8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4IBAQCjoRcYDpno/ja9 +jnRtJYBpqnKPv9L2cjChqMxQzfOqmD3aGW3mvn9tyqZ4gDpGrFuwojL7R2syALwX +OtII89+elyMuod/POley5nFBfko6UN6Ot3Anbk3d8YC7BeSJYlpOYJOjb5Cqk2ld +O8sUm2YxT64LdRQZbf0y068UgJiEhBUdY2gYrfj8DAjn+8TMOwXmXqJIzIdl+yX6 +jz8VL5RX++i79HE/PfqKR7uAgA19/KWcUUpT5dEJcFAH5uV+zP39ihlRCAYbEa/d +lI/p/Q4KfpdGSsNvrBK+0abYkH7JLsO6fXDhag8+es45LQPT6yCucXznq5tvl+QT +Z4yZLc0w -----END CERTIFICATE----- diff --git a/test/certificates/client.pem b/test/certificates/client.pem index 4f74ebd0a9..33e03ae915 100644 --- a/test/certificates/client.pem +++ b/test/certificates/client.pem @@ -1,51 +1,51 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDBIuoc7BJXkj43 -Ogw4/lOj6l7qJ13wnQKNHLdCuKntuZD8mQ0T7xOKqiRbs4xy2d9zS9bGNfMrT70q -RRRdIrSOTBOGMtUTWtw2WBHOkPF1OlG4aIlLmiM3/W5gQfKxdUvA8UZOjCLtdOuf -Llcdk6sccWhtA4W4glXi46EDGT4tp7htgT076Qa2lfKc1CVgV3LaUIcW8JpHD0+y -U2gSWr8/oE9222fu2MVDyQqR/7WFRBBHR5KJSvx4tJ753Pu19o+T7U5ieLegR1P+ -rI3m0ktJoatomfDdc7R0XcbgqIS/cTjI/7QuRrD7RuHn5I3/0Ml+OwKzElpTlVT6 -LOURN0iBAgMBAAECggEACF3p+LoI4uKO369b9XGeH7sg5MGzFgAFSuXwMfukP+xS -scCzInaQWQjdJZxaBKU34wupaKGQcONF0YGX29+LpSD6VQ1ZcfrVEKUg01sv3Klb -vjKIJR5usWehGxosSIAJebiyGCfFwRX4OaeFJl698k/e618UUU2TKS69jE/xA8L9 -n4lzDyepPf2hA99KG0Es3Ie+lSl9M76Ssg9XY5+7n7W+VBVr5MebDtOEu26XYIIc -FJ0jxVId+xPGvhDcfKvFCcJrtIji38FZBdHbIIrjioFL631iqrRwQTRMUkMY8d44 -POSavdt17zgA3OkBwg7IHa4j6lMRg+D4YYgrmgTGuQKBgQDu4Q0R139ou+n6ZsWt -XeiX5ngCg7+Snq3X+1zNGsUW43DbgLwnMApsoyV0WWccfApMtQCXTgPX68VIg8RF -SbFA/L4S9cM11Ev+GfMXwu/JDnHmOjBj9stFnQMlGxuhvXF6YlK+Ptrt4HOTkrGQ -01eb8NtVqUAZe+3YTW212wikaQKBgQDO+pOygwQnIm+8hPjAV+MyN5v1nvxiOOs0 -o8mx1tqJEMKPQ6fk7JycPNDBilDojkgr8afjpQ5JbFl+Zc/OdhNyiuzfB0LU/5g3 -ExIf5Eq8cdIl7dARu9onQcsXqWcK18kGPnmB4WGo07XkcuYgqRgVoI554dJboJLk -1KRNWEEgWQKBgCOj7EFHN7k2oDg98SxmoHdZaXpmkcScbC+XT0dCwTkjAgmd8XSf -VE7VIJd1Z072qsq7DrWEbEpg4PRqxHPaBNo/W1SU2mVDoXruADkBWqlSwGerMuEX -R0jBnmCA5OSC0VWDKfk8g4mOPXA9KMUE40Ne8jqbn/ataNUm6EGDxoxRAoGBAKDF -bthogF9NlnFe8EGngujM3S3q8qvw/nIDD3Y+J73z8MyLhuyBBh0t+BF9uN8LNfA8 -Y2amHPTXXqSZvNLoUK7WTqvm3fjJGJkfDSMMlyjNWKjxkn9T5V488t5MTafUeWeK -O6OxR8R1voHW5f5UmkqiTklKKbXWgoOQ0JbriJrxAoGALor5MAuJbfaC/ZcW4FVU -gHZJ5I7pvP7+DI/D5Rq3XWhRLTgMERUAzpKQt2fd23g8LDjeTc8TLnrkLC9PpZ10 -fHZQ/a4QolZ9Pq5T9h9HjiCesyLowbfITwfShbTQWR92rvVVh/elSWehy5ANsc87 -pIpaN+cWsG9/np9Z9kWwoBU= +MIIEugIBADANBgkqhkiG9w0BAQEFAASCBKQwggSgAgEAAoIBAQC4AKy3yN1ylUiC +rP8wqfYzO7c+l+lL9V8Itz05uzHDOnxFVVeVs0Xfvzb7Sc/xepnBlCIRDP5ucmyi +CQw2paK+Sqdk4dteBj5pBXpx5KC8oi6vIrU16gB46f1fpTVMpU6AxMbMOy0i8mtJ +SAH+YgBcyGjpix2I2PQUNSp2tAt9DJlxzmRcclJkkkyHZPMZPkCH0R3Fw6MIGwgm +h14eQhqxvUxcnXDKVt0y0e6uVU6dF7bqyAivzxIU3qFmxxWCsFSANppU0P6TBkIx +ysUgdV/rYkBVxIEi+NZomeGjR3/iKVkpo6yerQoaROWIWnJLLY5BzJc9oG5xnoAg +1qJM1EDRAgMBAAECgf9JSFDXDDN7jzkcfQn7DQtLxwdpm9cECZWamGAqE1lJB+IL +5bwcQxTGfWwdvigIuhYX+DIZLbOntAAlXgp0jpi3xm56H080WLLtNjauEFXJdaO3 +h3s5yG39D4l6A7JWnv/FCUSj0m2ySBpdSpsrVUdlAexxbJaMCjGBBYEEBcZi5r95 +e8K/F78rZXuHJbHfOx+xhKwyIalM8wyp63v6KLBscDy+DaAunOJij8NCpEwENohU +R15jAr60liAOnqJpvUctjjiUdjztbh3v9pQaOrsQ1wgGUL86P7rWV6TgXDe/LWel +6MNLJ/N6Mwmy86Qjoz4mlnaY4LYBUWdAzqd/zKkCgYEA3KvY7Kd4tTs/iElMGk0v +k+l4rONn/GjabyOkkZlc7TulM+7DDKvd/V+ms8c2E1TpW6c2Fn7gaBuC+Wfw23T/ +kXF3T0jFNLI4zOHjE33yT9fqg+0m1iAPVgn4e0eQ+xeB0fr3ILl7hbQY9n3fAM6y +DjfrWDhbDr4x4gBy6C4J70kCgYEA1XX5D8Roa9sGA4RjZz0FlUT1fq3pxEt9O+5a +bId3BAjd1nv6vD6Dln5AGLizv/VnQA/W6lj9ZfPsPrQMQHUpHaeyrcewmbfJ5PVQ +YGQea7ZjuCU1T0IcjrHvLYZIHqAGPrOxDzRiLYuPmKwkl9yokqs1LWYgt1nMd93z +mYwF3UkCgYBhXESqLT2ZoFlolQZJuHJcbS78AJ1ZhR2S2YP7ZVHVrXI3FoniJlYc +Oz5+pU8bemQ3NvArPrFd3X2M8qoW+Wjkz84XIgE4PcXHx4X7jJ8DUT08Fb8DzENX +77A9HBdAYV+6uGKegpeYJxy4bFKetZNjqJJiawLp30p87zvDasShWQKBgA7+5qxQ +4/UPwfBlUIZkJwxBd+2aUh3UH8wiBoAxVA8YgF0dAJRQ3/WmkOIrt5T4rHQ3qKV1 +8vdCl4ogI+wzTtwid871hFaILsrC4Q6kee6fNYouMvyKbG8p2N+d21srasTk4r9q +sqr4bvIOxdNVURJcrLOvxQScblzNXtuelprhAoGAf51AFgJR+K13Y329T3Lex5ee +qvjMMuJIKMTddj0In7TeL5MqUBtMNjvmXQ/mJ2kAyAl7yod6xjAqmTSNc3Nju6qB +/9n2u8NBH9CRdxq7m6mJIbfvAMlqPw32B5jG/dP65eFacsjamTNjWcDy0coZOcQ3 +OfeAwH0y5PwSCsVtmLs= -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID1DCCArygAwIBAgIUJMLeJCsPMuRPkCXuMs52RwfFbAAwDQYJKoZIhvcNAQEL +MIID1DCCArygAwIBAgIUAYDeF//Jvzjf1eM+TBMe+oo6hhswDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA1MDEwOTI2WhcN -NDYwNTMxMDEwOTI2WjBpMQ8wDQYDVQQDDAZjbGllbnQxEDAOBgNVBAsMB0RyaXZl +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA1MDE0MzE4WhcN +NDYwNTMxMDE0MzE4WjBpMQ8wDQYDVQQDDAZjbGllbnQxEDAOBgNVBAsMB0RyaXZl cnMxDDAKBgNVBAoMA01EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UE CAwITmV3IFlvcmsxCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEAwSLqHOwSV5I+NzoMOP5To+pe6idd8J0CjRy3Qrip7bmQ/JkNE+8T -iqokW7OMctnfc0vWxjXzK0+9KkUUXSK0jkwThjLVE1rcNlgRzpDxdTpRuGiJS5oj -N/1uYEHysXVLwPFGTowi7XTrny5XHZOrHHFobQOFuIJV4uOhAxk+Lae4bYE9O+kG -tpXynNQlYFdy2lCHFvCaRw9PslNoElq/P6BPdttn7tjFQ8kKkf+1hUQQR0eSiUr8 -eLSe+dz7tfaPk+1OYni3oEdT/qyN5tJLSaGraJnw3XO0dF3G4KiEv3E4yP+0Lkaw -+0bh5+SN/9DJfjsCsxJaU5VU+izlETdIgQIDAQABo2QwYjAdBgNVHQ4EFgQUcICQ -1PTXz/qx3lrQtE2Op0GknT0wHwYDVR0jBBgwFoAUFVSDsxwp17OgtAlN6IMLGhuZ -bkUwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB -CwUAA4IBAQAyFLdTJL3uJlIg4gsQLE7YOR8flyngDYneYhiqwM8VQzXFCGGi7VqC -o2H3SFMnZUm91qupDsa2qaQFULsRgCUm1ArvxVtedkQBlsPylRY5K2/UW/Flz/2C -0Ye8kQMTkCseNPKolwGf5TRSWg9fBNXEYHrtuEW83A0a2/cL3MjehGzblh9BF6Iz -HQvpxM1TcMCrrS96Me3UT6ENxCIzNprFjn58pDGGuOKJd+BXrqXSnXKSJULlEoWv -32/FDsUDe5uI27gu+GvSNZAOddhwXv5OwHNFBgtY/8X9jStUuzhrwLzv6U0V/6Y6 -qtrgSbev2AluiMko8NpevdP2NsOUMxyS +MIIBCgKCAQEAuACst8jdcpVIgqz/MKn2Mzu3PpfpS/VfCLc9Obsxwzp8RVVXlbNF +3782+0nP8XqZwZQiEQz+bnJsogkMNqWivkqnZOHbXgY+aQV6ceSgvKIuryK1NeoA +eOn9X6U1TKVOgMTGzDstIvJrSUgB/mIAXMho6YsdiNj0FDUqdrQLfQyZcc5kXHJS +ZJJMh2TzGT5Ah9EdxcOjCBsIJodeHkIasb1MXJ1wylbdMtHurlVOnRe26sgIr88S +FN6hZscVgrBUgDaaVND+kwZCMcrFIHVf62JAVcSBIvjWaJnho0d/4ilZKaOsnq0K +GkTliFpySy2OQcyXPaBucZ6AINaiTNRA0QIDAQABo2QwYjAdBgNVHQ4EFgQUPQii +N1XUM2emxoJgNj8ry0yxRh4wHwYDVR0jBBgwFoAUB50IIrPuRoi8r2aSkct2HJ8a +0XIwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB +CwUAA4IBAQBIcLppLz1x+xEqvIWuopnRNqejMOxBqoHgoJs4p8EAmgi0HYZZq3NA +EnIMWE6AUIDbeI1bM64oKY17dQrNKF0okoNUNXW66vfsHLiKhnXsAxanlCeHLYIZ +cKS0/npzpFhKPd2GZM2jPXDNM2u9RAyoi+da5/NcWEoH6QEeAoll5/7dGABS2EM/ +tnKf74sjVQuYwPcWP0S4d5PIkb1t9PwCaKQ0wwZ6WM8lmtiiWOVNpgAjszBrvR5F +52xHHyoTkoXJRd/xV+xD2QPxPX12haVSeQNwAeW6vg4U0oSAECC3WIS/TfnkP1zS +cbmduwH5VCdKRaJXcKXP+YuK8XQfV3IA -----END CERTIFICATE----- diff --git a/test/certificates/crl.pem b/test/certificates/crl.pem index b729c6473f..a258bcf23d 100644 --- a/test/certificates/crl.pem +++ b/test/certificates/crl.pem @@ -2,12 +2,12 @@ MIIB6DCB0QIBATANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzERMA8GA1UE CAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01v bmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMgVGVzdGlu -ZyBDQRcNMjYwNjA1MDEwOTI2WhcNNDYwNTMxMDEwOTI2WjAUMBICAQEXDTI2MDYw -NTAxMDkyNlqgDjAMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQCkIvPE -1NaTmcm9wzkeQNuOxcAvT9tHiblThgGiamzMpvncf4e1kCxU6sbqBFp/7E1CmCi2 -+YRLvMQvAnM6QWuslUjHqLDdaEtpUF/E0KKknF/cLLxLN3FeFe41erlgdJa5AjSP -MynUzW28Yc2us6qNYeOnJqL/oEp09upHTDw/V1OcLFxBngzx3KZAvjsUkUCSRa83 -T5R8wM2ALG+ZOkT40gWh/N222vSIYNzfq8hsumG2ZYYEXs268BjclLvQOe8MCMun -NmO1F++wVpbPbKUS89xkewYRLK7L+AjUhINKXJTTtaepSFSA2IVGOmtXD3Z8VeWC -yaGBDaTeyljKqfhl +ZyBDQRcNMjYwNjA1MDE0MzE4WhcNNDYwNTMxMDE0MzE4WjAUMBICAQEXDTI2MDYw +NTAxNDMxOFqgDjAMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQBh3+5E +QMyGj5BWnN7hC4/ZNj5Q0Rfm0qIZrKQJ2EsiRo/lT33/QGv1oHdd/i7QOWee3UaA +uow1hxHhhUw1gwL6RZz2HmxxxvsecoYIImNq4e+D3Na6B19earihYiZs6JXOi0n0 +2fMxvKd0GqhNyva5nZSNguoL2Bx6nMt2HH0jjKbJYLhfW21aazXjqLBbvXyJ6NMg +Mnoh7/23fqnjtow2lGcICq5N5lH0wvNb62xyqr4viaYy0Heox/yr0DxxAZ9ipXYp +3Ru/T2bnfu0gt+pcbdHq4u+FXtaila08P4pAMHKaXFGpxlv6S2lTuKKMgIV/yKtR +Em4RerccVwXzeI6T -----END X509 CRL----- diff --git a/test/certificates/expired.pem b/test/certificates/expired.pem index bdf17a738d..b0d50b5200 100644 --- a/test/certificates/expired.pem +++ b/test/certificates/expired.pem @@ -1,51 +1,51 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCshzk1c7wW26bs -o/GTWWN2nU+8w7lZClTibEY6/78DW0y0YU6+KPD41GxA4zIemxYY24JwqdnC9keH -JdWSL4YFgidVJUw12Tf+23oRN8+f//c9sb3Bmd6sZfbzYfrEiPdkHrGebcvdSK+O -wSOHZukiDwTz97w+98LD+Wd3p+Vde/jB/KNmcWlNl1Qkq7B3WaeoPNr078LNTuqO -MrGzqVo1bpodXkCvJruxdCNnhARbbHYLVwIaYuC6lqJvJL3u8xD2UebcvTbPos6I -Fjphgaf/FT7EWQflEkrqjvtViOqgfGPd6grrKFbTExOQPyonwe1iHA2rFr5IIicq -bdBpV1UtAgMBAAECggEADN8r1/6R/lyV6BrVJ6qoHo3fCJTLq8Z3DcuJM9an0B7M -KrsFzm8sh0wF5ZNtxlXIwMMDyNcLPZ31OTKL7BOqmpeayqH1PSE/Kb8DLOyui1/j -+NDdeOe7cr5Kvd7GAEq9tlUJ6GmFp7VID8z+ExiM9TMMqg0GGOaQO+HMI+O9W4uI -aDIQ1uaaqaZldHMut8m3hW7RDaqElV717RXHnZEpmZXdoRHPvtsYqPN3f5MKNDU1 -67AuVQCcdDys+8k9iUu3H4DCW4mrxP3PaXm6vuRxqgiNzmUva/pt12UuoDPqj729 -Gn1fRrXZQgbNpGK0WFengf01zFYt5SXVAZleg32rAQKBgQDSLkzT2QThzpbcu7fa -BsfFTDVBf63XycWh+C94g9hQ9OZjDL90X3pUjF/MuPTKcEuBZax4jws7GjOKPL95 -FwZG67TPmIunCUtvxuuj6rtvTjEz8ezYEsfOaU9prv7dPfxRcGOgSWkIXUX8z6H2 -Z2W3uVZSoSGPsH/n2oPX2MjlrQKBgQDSI54qIcfc50ST2RFpHqJpsdn4kMsouPOG -1g+LALTwFN46ABQdJE3K9g5fXvmF0sLPlWdqGCIxUrwXDAhEDmOrlZoJCS+Hn+7l -iG4XNCPVPWfixX2oUA99RfPiu0U9wSVsfwovdsghXG5QTyNa6XyZrhNBpYMIClYV -+tcXH1MdgQKBgQDJWT+SZ0GtDJsrxM1hGcPBN7uBDs68fXhOLRNU8YGGNMaMtwam -dl0bqAqSddFUKfW7dWqfZ/GLYhNj58RKPYtu35kskueeUmIpJ7hQJKwA+jhamfWa -HYu6Ktq/1LwluJ8CaZeXUxxCvhAxG7v98JnaQrv2lpQvMhemRoite+khVQKBgAcQ -UXHDHu/LCmAZ7N7mu7jn1JbpbxrYVL9UlMMsa+iiGvJCLGrqXH8VFFiaXbLk6c2G -jSpg001rJY10xxZakXkkF0B0gZeChcpLcr/u7cFuRf62esncnxir8E3P070GsBZc -kuATkxij/cVPU7XroVedJWKQiL4NcuVcQDyzvdyBAoGAUkPi724pAnlTST6mYMXb -Io82iSHeRwkuisSRDWfmrO3pGe6SkBwDwDyCxoS7fGj3JqsF5NtyRgmgZaLTu42H -oTXrhhMjOzXjBAoG7FtdEs3Wxwyjkf/q6850ZVhVYpdrSzYPaPN/52MoI71qIjHA -2GuEDub85LdRKAMc3fhmxXE= +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCUqmrhMtP8RnGs +9TcWYFHSdLjdjezTmCNCVNIPnTky9oX7O6MwCahwaXJRNmGSvED2DK1q44QbSNRX +WMBtTFhckmx2aRCGVfaRFHHaUx58+DWTDQyc3YHQgIw+wo8endBlcSaCiyF6A7Xd +oir8IGTL90703GwS8pqM+urY4QcgrRrVfoGWgEdzLUSlqk1hC+jFwh0++Ob7EzX3 +I4WfUtLhRRevhS/V08PT1Q4n3kxUt3phFPFD5sb4dIUAZLbNmQ1oO8nnIjpQwhMC +WlAwhWVNYf8H9zkwW7ZPLT3hSeqgrUN1/l0wT1w5AaVElnrDsai2j/3DQdfW18qK +59Y+/y+/AgMBAAECggEAHSCwtTPYvfZtYlZfNzajAWmWKO6cRq7pxZ7J035aDSap +BJrgM9LImlHGsKvHfVD+J1c/iRBPu2rPE9gTR7bsHyMfNioKr09bcnx/fCfJ8vFM +yeWGIZvyyc/N6qQDF5wTDzUWtwAcjIP6l5Sk+GY+aYoogahIUoQPDO1Co0CfvWJw +wpAlaAIvEO1RgaEQVEq3YgbCIpmDEjgwQllVqQ+QBkXUDsw+aYFaktcYkz+LPp6M +MtPhe4DLRABeqDsFtLbi8L07rDdByZNDCa3GFLZOy71YrHHzqENAzvy/6HN+SYn9 +elrWc+qvuSRP/z1JBa8P2Bf5TLCKgSm5amRMFm4brQKBgQDJJF1PA5jmPKiG0ftD +ASn5375OGnTw3SkDFEWJKbEVu2TUa6eZhqUQzRz0j9qNDnpaVVa+88c/tJl1lymV +RG+EsPsoKzHEQJ5FYg+SJz/IR5XMqO9D9Yd+vGRBY9nqO7Q5lbyQqdBiHrQIzKS8 +VRCobA8MZSyGUifnJPNS6JXfqwKBgQC9Ni46GNF8za664JTfyD3PGq92edzMAWZd +x5yLBUC+eh9WKawjr98FFS4UEH22Hrznjp4FqqQnQ04DaDNd6Peeb0G9co2LSguv +8PXiuG4QshmA/yHLTFXbAGCPDV/CF0XqPTyMpHVax8Du/ITpucykenm83s8lhf+T +FwzvqQasPQKBgAQmQ+aFZHobdj6RxmUzePI2s25ZDWCKr3XozSZvPb/9Ba98KRD5 +vh4CnT5OWWvfiJakfA2kac/eoevTGoCB0Osj24qQmY465wj3ZOrW9HHlSCnYslbs +kccDi+3taWlzodwuQp2ZYzsi9wPXdO6NsrJGyGixDaIXv8r88CgdtDnRAoGAVSG+ +lNc70kp89oo7kaB35uobzlOwO33ZwBIi5g37/nfWB5+CWyAzWQcZj1+IIFweJJVv +lh8b8qp+vFuy2OsMFpX6XzHea7BqJ8Rj7ZmLtCld/kNMwjrbWkkGKPccgaiVBXp9 +9s28G5dKwHyPlNXLNKoCgi9BxqFOx7CUWnSTkwUCgYB2a+06EPZi290XgnnN2akt +/GI2xdnY2GDF4AyZuslffdm2MV8Gl8d0xUi5zkps7oEoqJUFg88FUxnnVxTAycLP +gJBSquCgzYaTlg7UrrYEUu27w+VV84zUzf9qnAy+YcqQcyROoDugP5AEhGoXLqke +DwKg2EIYHmc/qhVQXCKvuA== -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID5zCCAs+gAwIBAgIUJMLeJCsPMuRPkCXuMs52RwfFbAIwDQYJKoZIhvcNAQEL +MIID5zCCAs+gAwIBAgIUAYDeF//Jvzjf1eM+TBMe+oo6hh0wDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMDAwMTAxMDAwMDAwWhcN MDEwMTAxMDAwMDAwWjBwMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV BAsMB0RyaXZlcnMxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBAKyHOTVzvBbbpuyj8ZNZY3adT7zDuVkKVOJsRjr/vwNb -TLRhTr4o8PjUbEDjMh6bFhjbgnCp2cL2R4cl1ZIvhgWCJ1UlTDXZN/7behE3z5// -9z2xvcGZ3qxl9vNh+sSI92QesZ5ty91Ir47BI4dm6SIPBPP3vD73wsP5Z3en5V17 -+MH8o2ZxaU2XVCSrsHdZp6g82vTvws1O6o4ysbOpWjVumh1eQK8mu7F0I2eEBFts -dgtXAhpi4LqWom8kve7zEPZR5ty9Ns+izogWOmGBp/8VPsRZB+USSuqO+1WI6qB8 -Y93qCusoVtMTE5A/KifB7WIcDasWvkgiJypt0GlXVS0CAwEAAaNwMG4wHQYDVR0O -BBYEFIQZ8b2OANToGnZdHc4Vq1arH/VKMB8GA1UdIwQYMBaAFBVUg7McKdezoLQJ -TeiDCxobmW5FMCwGA1UdEQQlMCOCCWxvY2FsaG9zdIcEfwAAAYcQAAAAAAAAAAAA -AAAAAAAAATANBgkqhkiG9w0BAQsFAAOCAQEAWNhUCwXlWImKzbQqEZNwhptUHcm7 -LK/jWbOyo2mFoQyGim6ofMSbb4AMvtVgn9OJYwOajfc5GjrYZ3g9UkCq7hOpOn2A -OmaOL4mLadD6pFpuHvgindAUHZuqh3UFMDP4ekoFS8DhlvZg+GJZkRiaJ1Xo5quM -6sYCoL8VoYT3/ExRQWPocwkQibIBu67N4oMiOZUZ+jDSsPo7XmfFPZeVhAJ0Uxbe -wfgqBnGSwi+87oLUOuUAVeNtF1R7NB2q0xPUbymIL8Pi5R56Yt/fYWe1QP7TuecN -ccfEIaSEUKPoqYiLOseuzASNlpIJV8s+IjNHH1EVTab3+UQDSRmQSr86yQ== +BQADggEPADCCAQoCggEBAJSqauEy0/xGcaz1NxZgUdJ0uN2N7NOYI0JU0g+dOTL2 +hfs7ozAJqHBpclE2YZK8QPYMrWrjhBtI1FdYwG1MWFySbHZpEIZV9pEUcdpTHnz4 +NZMNDJzdgdCAjD7Cjx6d0GVxJoKLIXoDtd2iKvwgZMv3TvTcbBLymoz66tjhByCt +GtV+gZaAR3MtRKWqTWEL6MXCHT745vsTNfcjhZ9S0uFFF6+FL9XTw9PVDifeTFS3 +emEU8UPmxvh0hQBkts2ZDWg7yeciOlDCEwJaUDCFZU1h/wf3OTBbtk8tPeFJ6qCt +Q3X+XTBPXDkBpUSWesOxqLaP/cNB19bXyorn1j7/L78CAwEAAaNwMG4wHQYDVR0O +BBYEFLwmWBzr5HQiC9AMIH8MaBKiVhPGMB8GA1UdIwQYMBaAFAedCCKz7kaIvK9m +kpHLdhyfGtFyMCwGA1UdEQQlMCOCCWxvY2FsaG9zdIcEfwAAAYcQAAAAAAAAAAAA +AAAAAAAAATANBgkqhkiG9w0BAQsFAAOCAQEAvAHnUpmT11dC3y6sEUyg5EqSQSD9 +dpOEIVnQ8kLyLAEhxu2LNyJFM0s+luhe4m/5OINlyOKizjGAA0MXjShNFfLioIlf +Gg1gPeTvGXJofIrHPF5EnVLcGGx3bjn3E5d5MEX2V6swA5jxcoiJpfIJACfZfY3M +n13NNIXKXtsoXE8G9HuW2TkINnyJCHJPT6aD7uuA+UElvGMQm1XEZiE69VZbWGgx +lCsR5Y8M9PaXJaO+WGubr4P08LAa+ZA/zFbJyY5ThXr15GkatW6kQvBo1g6zOdGp +inJ+VxAgjOMSlmES3IgypKvliTp1rSRU0j+xwGQNZ2j46ju+oqfV1bQ8wQ== -----END CERTIFICATE----- diff --git a/test/certificates/gen-certs.sh b/test/certificates/gen-certs.sh index 7898bacd93..118e866ebe 100755 --- a/test/certificates/gen-certs.sh +++ b/test/certificates/gen-certs.sh @@ -23,7 +23,7 @@ cat > "$TMPDIR/ext.cnf" << 'EOF' [ v3_ca ] subjectKeyIdentifier = hash basicConstraints = critical, CA:TRUE -keyUsage = critical, keyCertSign, cRLSign +keyUsage = critical, keyCertSign [ v3_server ] subjectKeyIdentifier = hash @@ -215,7 +215,7 @@ cat > "$TMPDIR/trusted_ext.cnf" << 'EOF' [ v3_trusted_ca ] subjectKeyIdentifier = hash basicConstraints = critical, CA:TRUE -keyUsage = critical, keyCertSign, cRLSign +keyUsage = critical, keyCertSign EOF openssl genrsa -out "$TMPDIR/trusted_ca.key" 2048 2>/dev/null diff --git a/test/certificates/password_protected.pem b/test/certificates/password_protected.pem index 409a5677d0..32163a114c 100644 --- a/test/certificates/password_protected.pem +++ b/test/certificates/password_protected.pem @@ -1,53 +1,53 @@ -----BEGIN ENCRYPTED PRIVATE KEY----- -MIIFNTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQEBYtboqnWdJ8eESa -YxMmKQICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEECFmeuF/j03+YvpX -H2iJoQ8EggTQP8xnokAYXmoie9Zq8ZfMm3Z8V2a2IIzANeC/FrR9yQ1L77EuQpzG -/ah5TLBn/SasWRNPMV6M0TI8Cvg3GDKuBdK+GqwQik5masD5UsCx3ihLLiWasF8I -R6w+CWrpZZDLTfQE9ZXEHcb6A8d/pAQig4wPHfBPopTxiCsfCwqkVMMH/KMTfBqO -VKAkRE9e33gmEygO4t1LMtnR34mwgWA5KJOmAlPT3QiEBy/ZpDD/2PFqmqigibdj -YMRy6irIBqlHoDqtWmYuFNBBpVPVBtmFw3DDbbAIwMQ0zq4Il0Pl75REvIebgXEW -tjsOLGomW/gcxf/QCu0zdsNCYVNarXzM2UyJR6AibotjeoUDFn7wR+NRsI7rTYUN -r3cDDdxPebaltVAtwpIY4XoQXZVpfcyz6kmGKlkl9VuzKdSPV3fi7om7aytjFKxf -L0nZ2lsDZ0bhwMv7PKDkNHIPdyUt/XPayFb6+BtF2fCj6FRy5xyhX3sRuVmPdWn9 -21YY+TaE38/kB7ItD07XyrX4YB4lgG0wX+qMUDPH7tX+f/Yor5XQ/it7186z/Yl8 -L7wW4td+mbWWfV8HXhmSeJlbkOzvtzCOmf0ypOCi/Ixw7VVRXITevrdpyb74trQz -HV24x2V+dDHkXxv+kS8tuZ5kRg5ZSqrUSaDoUNIrYhbmJ2QXoew08zvJ6GL5UY2M -a6pQz41GO9cuVLXJiO8nV3VbKoFP1aoxaAYotMKpv00Bf7W39oS9lDY9rA+oHj8J -fKjYjr/ojCHkG4EElkAzcRvKCZpdMFDCf7IaNlSxkHvf33abeHwf7zb0WVXCorbu -499jo2Oc5QVQFxKQIjAjPX3NyvZYqorXa/vxDo2KvofCe2o1NOJ+5zvb0Nk89PWk -vunNo9Oq8M9Dw3S1jh17RJPLmBNsxQ4rqExynVZUcVcdDABnVUR9UDBA0/Pd41Yy -6kIlS2BgkvcL+Y0BK4oZVjz0zuNSlXgeh1gcNfFR8phxRAuYTZ0H70ZPTEfgJ3vn -jNsiPu3C6TLH4k7xs8VtIob5Nm4PrUcV7VNQLA55qZNQeL/uDwwvipY7ypKe0+7Q -bvESiFh4s56OjvBAp1wVjrKDmuzoL3aNr1dHNKMh01ft8pU8U+rcNYkAQ0ZS/mX/ -OIXR1Y+0v4x8OPYK1QWsZxKy2PbfL6oGEmsMh4viv3ZbSElw/gmuTP0+8jpXK71O -MwYdaWq9pCS9RLrcjYHff18vS3zWA6MVkanLNqsiUY8QBW/vTFGRfpFSZWP2AQ4f -IayDtfrqDcwEuOCFiRSrcZCzyGEs4NLgjBDfAi9Fz1Ec/o5f8xdM1Tdb9BSI0dS5 -P4a318l0hbaY5tUPMsOsYQlizgksCdgvxms2k5u4kpJkSkRw+BXgOdxYbeHNWqwL -snYwWmRLOXymu8OeJ2zTQ9QH6ComE+C27KOhxUml5XjHqY2j69qbXkhQWmi0EXj8 -DHJb7VPQZ+7IEjMTXRFmTLSS0S1k0C5CCGC/eYtUFFdQzG/RYSLbic0yICrPCnTq -GX/PiC3E+MTaZrr5ehAHAl+LC0iw6qXMUgBO2rWOYnF2vP56SIvI1yvCgNWpKFN3 -CKyHUKWyislcHqw9lvyzuouoidtUHpWMAEo/hEVb8JF4Y/yNND/4nLU= +MIIFJTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQDGn7dYhmn0u7DQZS +e+Fb2QICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEEeI3oDkWtJo14w7 +STucnF0EggTAM9qVjNQSvjtiSXRVhq6Ab1JVRmsr4VyVPhRTeGoj4z59g4/uFNLp +i12hGtZEH5Ql6icHY+X4vWrwt4IUhkdwzgcSLrZwYTEl5RP4C7N+iZb1PErNoe82 +iEC/gw3XpQZNWKEi8tjd8Wz6EHVn1zKS/7X/IOTlboIMlhnJgLHCqVhPLyxA78OT +2yNNQysHD6Vk3h83jkQAYy5W/pZIl5TVDLyLADt46cq3hDTS99S6jl+kwn0dijjo +mZUilPBman6TQt2vI/kNP0+Qy6DxYkBMLdhnPu40JpvcLpWAxMioqx7by7007W8H +3Aja81hqx2SN1IYVUEs8LshvL7YojhvkbTxH2ma+lnmkyxEBiwbMOiBV3OPEkWYv +HbAg1slT2UTCrClZ6CRPMtD6+fvEn2GgXmblCQf2W/3inTeARJ5p/oNjnFjoU0Yo +BIdVeqdqU09OsjUd8W4B0wKSEaSCpl/oSM2gw4fzEbaU2xlVevVyhrdDr0NS/j6w +QaDiUw0th3NViXy/BLb2l699h6TRInk4njhNNbJX+sYEFuMgwNKdj4PkPkP1t3PR +m91mpnGAhq82dMQnTLm536YXVbeJGQyX3kEXGStZNdQRfz68fAYQ56teQoZfOwDq +zKf4MT8JJfhZWy/dgCOkv72GMJM2ahThWUztbBnHiB0ODf9LdrqnPaDfpPgt4i0N +Gj+L3nuK1LOhp1Ay7Oij66yxWm5bJJ0M7RGgGQsZipEf8+N9iSA9cw1ZKOnSqyMQ +gSAjlnRK0OHyTauyOl22FeEzF7gtWKyLTgnw1zn22oaxZZLOhdcRJJz49bdl3pUm +Lv8JxfN2dbcC/XgOMoC+wFS//WnHro3qvloUEVeYA6acxfvjJizYlGEmw5xG+ZCG +Ju+tKWgA9lUpQXR9peMa958cLSCqlaWSFTSBQ6AMUw0rVZGlMxb1tVmmhRKYOhUN +Eugp0wUKrYArHzfkzqWv0JO2MHi2kbAZCJpFBrrt8ijF8t0KmWsFRl9P4QtBJ2dI +QcMBtgvWC3tr3CFZQ5UpiaP1whLFTG7GhZc7OHG2QF+Ba5fn1HgUgH35W8TQ80XS +uAkkF6GuxGOSTtsvF0nEkNALGM8E1/I+VVZ88d7sA2ws7GHyxtNYUYAdf6hE5X2t +82oIMrN058IL/Bpi/s+xe5zU5NYFXZLUfvlQW//1hDrTF8Vs4UbF882Xae+HNmvF +D9/bafdrdvJSEJ91A4hRl3M+G+qnnJza3fEnY7UKg597X1tSntNc9Grn2M/uKeGp +2df7K8VrEV6GQafbHq7PAOn6vTlwZAgljEj0LUk7ts8I0KY0hpxCo+Y2WKcmiB3P +b8BY/3j0DuJXacv2tC4RrUIC6pHcdQLJTCeCHQMC2IjCwlmnFqtTZ7RUooYmAxJd +DYNRzVw9aYUq7oAhab2x2iWqgTReqlVnKuytNAFJVu+34S8AbCcSrsoa7Xmjqkwr +qxyGb5pW9ZmSM/k0N0hLI/6BbKb7lQYm2EYJiksOhL+EAjH3Qfq6D27zh5UM97dp +7a93RbxCFAFjT+OZQr5PJ7oxRXcCSnabTXA4J6f8JRgfQIhbOfsfovCpxrqa0MSX +tKYeRyZHLqLs9Cgfv9eQhOF9gGddfJ6QKw== -----END ENCRYPTED PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID1DCCArygAwIBAgIUJMLeJCsPMuRPkCXuMs52RwfFbAAwDQYJKoZIhvcNAQEL +MIID1DCCArygAwIBAgIUAYDeF//Jvzjf1eM+TBMe+oo6hhswDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA1MDEwOTI2WhcN -NDYwNTMxMDEwOTI2WjBpMQ8wDQYDVQQDDAZjbGllbnQxEDAOBgNVBAsMB0RyaXZl +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA1MDE0MzE4WhcN +NDYwNTMxMDE0MzE4WjBpMQ8wDQYDVQQDDAZjbGllbnQxEDAOBgNVBAsMB0RyaXZl cnMxDDAKBgNVBAoMA01EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UE CAwITmV3IFlvcmsxCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEAwSLqHOwSV5I+NzoMOP5To+pe6idd8J0CjRy3Qrip7bmQ/JkNE+8T -iqokW7OMctnfc0vWxjXzK0+9KkUUXSK0jkwThjLVE1rcNlgRzpDxdTpRuGiJS5oj -N/1uYEHysXVLwPFGTowi7XTrny5XHZOrHHFobQOFuIJV4uOhAxk+Lae4bYE9O+kG -tpXynNQlYFdy2lCHFvCaRw9PslNoElq/P6BPdttn7tjFQ8kKkf+1hUQQR0eSiUr8 -eLSe+dz7tfaPk+1OYni3oEdT/qyN5tJLSaGraJnw3XO0dF3G4KiEv3E4yP+0Lkaw -+0bh5+SN/9DJfjsCsxJaU5VU+izlETdIgQIDAQABo2QwYjAdBgNVHQ4EFgQUcICQ -1PTXz/qx3lrQtE2Op0GknT0wHwYDVR0jBBgwFoAUFVSDsxwp17OgtAlN6IMLGhuZ -bkUwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB -CwUAA4IBAQAyFLdTJL3uJlIg4gsQLE7YOR8flyngDYneYhiqwM8VQzXFCGGi7VqC -o2H3SFMnZUm91qupDsa2qaQFULsRgCUm1ArvxVtedkQBlsPylRY5K2/UW/Flz/2C -0Ye8kQMTkCseNPKolwGf5TRSWg9fBNXEYHrtuEW83A0a2/cL3MjehGzblh9BF6Iz -HQvpxM1TcMCrrS96Me3UT6ENxCIzNprFjn58pDGGuOKJd+BXrqXSnXKSJULlEoWv -32/FDsUDe5uI27gu+GvSNZAOddhwXv5OwHNFBgtY/8X9jStUuzhrwLzv6U0V/6Y6 -qtrgSbev2AluiMko8NpevdP2NsOUMxyS +MIIBCgKCAQEAuACst8jdcpVIgqz/MKn2Mzu3PpfpS/VfCLc9Obsxwzp8RVVXlbNF +3782+0nP8XqZwZQiEQz+bnJsogkMNqWivkqnZOHbXgY+aQV6ceSgvKIuryK1NeoA +eOn9X6U1TKVOgMTGzDstIvJrSUgB/mIAXMho6YsdiNj0FDUqdrQLfQyZcc5kXHJS +ZJJMh2TzGT5Ah9EdxcOjCBsIJodeHkIasb1MXJ1wylbdMtHurlVOnRe26sgIr88S +FN6hZscVgrBUgDaaVND+kwZCMcrFIHVf62JAVcSBIvjWaJnho0d/4ilZKaOsnq0K +GkTliFpySy2OQcyXPaBucZ6AINaiTNRA0QIDAQABo2QwYjAdBgNVHQ4EFgQUPQii +N1XUM2emxoJgNj8ry0yxRh4wHwYDVR0jBBgwFoAUB50IIrPuRoi8r2aSkct2HJ8a +0XIwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB +CwUAA4IBAQBIcLppLz1x+xEqvIWuopnRNqejMOxBqoHgoJs4p8EAmgi0HYZZq3NA +EnIMWE6AUIDbeI1bM64oKY17dQrNKF0okoNUNXW66vfsHLiKhnXsAxanlCeHLYIZ +cKS0/npzpFhKPd2GZM2jPXDNM2u9RAyoi+da5/NcWEoH6QEeAoll5/7dGABS2EM/ +tnKf74sjVQuYwPcWP0S4d5PIkb1t9PwCaKQ0wwZ6WM8lmtiiWOVNpgAjszBrvR5F +52xHHyoTkoXJRd/xV+xD2QPxPX12haVSeQNwAeW6vg4U0oSAECC3WIS/TfnkP1zS +cbmduwH5VCdKRaJXcKXP+YuK8XQfV3IA -----END CERTIFICATE----- diff --git a/test/certificates/server.pem b/test/certificates/server.pem index 08cd76dcfd..95fb7f32a8 100644 --- a/test/certificates/server.pem +++ b/test/certificates/server.pem @@ -1,30 +1,30 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCuozfwg4XDRJs5 -zPCIEAd3iiS2z+G68X0N444O1Yb/35UslCY2ZkKWs738I/A9AI1Tm74C4l1PMHNO -OlCMcYg2w/fu3VuAa6E7QwPwjRhnoRYl2lgDX+TVKcHXOmD8bKZB+S9V7Rl6CANs -pLqeSlGBQqXORJ2nu0teou6BZUJ9qcRbsC/aHlQleOr13jx1+sfPvwK8rrBeYqH/ -pA982scfE/PU6QnB2v+9Wd/hHt7073ssIE8lsKxoJtSsfebyV5kn48e5kPKWnbLk -ONbD5QRzCs7Z8GbIrzGkXV4mRwUVK5+fCmhVE93g+99paeJpcXOrBmkCTkL9WTyg -GW0vGhDLAgMBAAECggEABaKOnjF1kiTB6COMv1cvu9O2oOTO9nvu+mZqobU8yJTW -ThHvCbeoU7neWicZYV6F249y73TjveJlAL6GStcppgVnbUsHNiWYQOlF/0UOPInI -xSqTxx1uV30kHBBuK2GgxmWGpCclDfhO4/qMwFQgPSOBZh52AoDbSw/G0mC0vIk9 -ddiGMvQHRgh/JEk1vrIqE+lEdiccPNswC2G2FyXWHia6plpZ0VAZXfQH6R4ttykF -CfHUk1gNDuGrXtwHicF4d6XXZsnuPkBQZ/GWmu51gGu5Xhr0TmXY/NPRhamsqsjn -lkrNGV25VxZX1lGM//cqL77Om7m9k5Rx9gnp+8n1QQKBgQDj09FNvc6kB8QzZ3Dn -1YMnNKpSiu5d8qW8iUGUMLIF+d+KTkHa7nLBfjEOUyCVOJh80pUFhvXwL4RtZ72A -Ln2EWZWYxN7aNzuTXQIO6zit+BgosCf2Vqgu06yZtmZARFNxTRRImRwUsPGaqnBH -drxJpQfuomNJfCJ4MY8OmC/URQKBgQDEO5rsV8OioXI7+y0qWSJO113sofwT9VSt -JCy26oN59sbgrcFPohsWISEBrYnjuPEeRf0Z3Hl52Tt49btuIqPmga2II/1Zj6ip -V9cTzwVij3XSfdb/SwcV3GBCzhQjgl6C/1ocpayQHGLaS47+hHFu6sGp2JyxhDKL -owO/twsJzwKBgQCU5crVVEfJTIoeTmysGA8vgGwQplxDamKHZe1GPM0cusIuUhcY -Tt8RNrg49HtHC0YdzkM26Y2y/FtAZZykOb4u0Z3Dymcblx2IojDGL1VL3elsLjTv -+pLQh+c2Ts9lEUK3ufiXuflwTHSa8OmQyzkjqIgWnmrljAu7IiitESmxQQKBgDEH -C1/9VX2uhJID4XbxKic0m9zhY8/AvdU8coeI9Cxmwa2k++VfhRD0WgDHUOo6bNO5 -fNEXSqps4fUIwDl2IikXQToAc+4KfINC1RO354qGeVOL6UmDf1Ow6cQHJPTyP5bP -Ib6Cjii7Tt9nfWSNxqGFubkry4p2kwJcSjV+EB31AoGAMv52cz2i3FDSHYBv+QRF -VrTEfMlV63o/zPYKRx0ZF+9b6Br8z4emeNnb6Fu7nk5glliGMsPbGT/0P2OPYl8/ -Q2Tcp/QlvAtQbeCsOvUQgi0eThxgskcNOMefAr7BFcHSZVgrGixDGrIiIViJGQMF -IyTjmZ1yDgFmUwf8ULuxegw= +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC+qUpDlPLxEh16 +vAuN0M/t7i5cGBU3UQu+MfA9l59iPV6Yme9PQOMXiATEb7yp5G7AaqHqoofz7ntV +ZaPF82ZRGb2jOwplU2wsCIGKO+4ujUaZPThZgLXR7sVX6qSfRM4PYjSqm1Cv5AYC +GOHK1hesAMP5sGdf4LGIIWL9ngEAPrwARpgxVS7RtH1GX5yWUpYjhEyjpMWXkYUE +wFll00LGOqiK+U7V2yyCRU4BUSggFLhbL1n6z1eMFxHwAgJZo/boodPCPhxXFU+c +wFvQbiBlABujyY+iHkSpyytM13hUoWBfM3FLB2zSgmKMAbvaPs+CNjapW1kJGaBg +L1HfqcS3AgMBAAECggEAUTazV44+3cklnX40PbhQmbz3KmtnviRbqCyFdPb9AU+6 +163abhvpn8Bkp3ghGQ0gz/2b8uJAnvtatcmRtWQ0lR8t1DX1+6tJTIhjBYr5rgKn +q+aT9iwJRt86WHSuotkgHRVr8bAu8n1iwcnvhAMmGjJJSDaIEiMX/DCchgOj0YIq +VLJYQkrj6Dii33GeF5eQ4jr27I1RIQSvDEvSffuJpKNbWFap+/epja1MZIenioiu +Vrm6jLPtlqacpREPL8pCGTlAd0GM/nJ/8BrzrodL0P+h7FwnpfDENTWnE9oVSMdL +1t4c1psf3X+hYyMOs9/jtVzoXzeVraGHvwyopv5k4QKBgQD0Dl1PsISWg8mp6CVW +aeIG3cO8oUh5oxwmLQRS16//GMIJCo5o8+6W+3qI6ZGOwwo/THm/GKyuYUN8UKrx ++iNhDJbab3YM24lXDA5QFqO8Dv2JhyXfAb5DQk1ZsdIjbfA6G9T65Foa6dl0IXmi +ByfGXa+tRPNThUvV6XRUEelA5QKBgQDH/fkoU+NIRgaaEiVQneFZz6OlnnmEM+/+ +/Ctm09nCFJLZt8nFisD+F9dVKSv0m1xWgkrG4Pm9bbHq1iBn/09qNp2Jn6W5bYoB +RYI3EdXjb0B/vAm8295afEXXGA6szOZLlcY8sc0QPkdxMmeoV4XkFTlFBE0gNTPm +Q1YCk1PBawKBgDHsVk4cz6JyZugooqqgkinRZ17IpyiqovF0N/QyRsAp8lcjH6p8 +a4va+V/UV4AaiZgVLrpWc8xf/QwK/EzvXBlYF+uq7T0IE3oI70yWtPudHWPqj2ak +1qSvhV8ZruCsdn2Mf+6qk3v55g+JYXYxfINpWqxY9GVbWP3y+WbRGyO5AoGAO7nJ +UxXaZpcjGZgZtL2xsxSjlq6BM84e+lNs0sSp36AtSv/sLiaGBFwyXqhxDBfpt5wp +oMNHUh8UZ0GTY/uHR/0Phy46W+ousLqFbNTSv51V8c/CSLiQ6wz5/oacu1Zl4GTW +UwH2b8dpppCbDFc3ESqVc9sY/WlmGno5kYNWHAkCgYEAhd7xgqJUpM7Klbsl3BR/ +6iEZ30Exf1wlC+nWJSK4iHFH9l9BGHjImENxpKa62Akm0VvE9n1KgKxK1IESziiE +9kAXspYyBT/clOo4v0w5rPIiQ3itm5+ew9gaFiJ+Yfi8MYTIwznsqXvyekqLSrFo +w9efOvZV+XaA79X+bEEd2BA= -----END PRIVATE KEY----- Certificate: Data: @@ -33,75 +33,75 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=New York, L=New York City, O=MongoDB, OU=Drivers, CN=Drivers Testing CA Validity - Not Before: Jun 5 01:09:26 2026 GMT - Not After : May 31 01:09:26 2046 GMT + Not Before: Jun 5 01:43:18 2026 GMT + Not After : May 31 01:43:18 2046 GMT Subject: C=US, ST=New York, O=MongoDB, OU=Drivers, CN=localhost Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:ae:a3:37:f0:83:85:c3:44:9b:39:cc:f0:88:10: - 07:77:8a:24:b6:cf:e1:ba:f1:7d:0d:e3:8e:0e:d5: - 86:ff:df:95:2c:94:26:36:66:42:96:b3:bd:fc:23: - f0:3d:00:8d:53:9b:be:02:e2:5d:4f:30:73:4e:3a: - 50:8c:71:88:36:c3:f7:ee:dd:5b:80:6b:a1:3b:43: - 03:f0:8d:18:67:a1:16:25:da:58:03:5f:e4:d5:29: - c1:d7:3a:60:fc:6c:a6:41:f9:2f:55:ed:19:7a:08: - 03:6c:a4:ba:9e:4a:51:81:42:a5:ce:44:9d:a7:bb: - 4b:5e:a2:ee:81:65:42:7d:a9:c4:5b:b0:2f:da:1e: - 54:25:78:ea:f5:de:3c:75:fa:c7:cf:bf:02:bc:ae: - b0:5e:62:a1:ff:a4:0f:7c:da:c7:1f:13:f3:d4:e9: - 09:c1:da:ff:bd:59:df:e1:1e:de:f4:ef:7b:2c:20: - 4f:25:b0:ac:68:26:d4:ac:7d:e6:f2:57:99:27:e3: - c7:b9:90:f2:96:9d:b2:e4:38:d6:c3:e5:04:73:0a: - ce:d9:f0:66:c8:af:31:a4:5d:5e:26:47:05:15:2b: - 9f:9f:0a:68:55:13:dd:e0:fb:df:69:69:e2:69:71: - 73:ab:06:69:02:4e:42:fd:59:3c:a0:19:6d:2f:1a: - 10:cb + 00:be:a9:4a:43:94:f2:f1:12:1d:7a:bc:0b:8d:d0: + cf:ed:ee:2e:5c:18:15:37:51:0b:be:31:f0:3d:97: + 9f:62:3d:5e:98:99:ef:4f:40:e3:17:88:04:c4:6f: + bc:a9:e4:6e:c0:6a:a1:ea:a2:87:f3:ee:7b:55:65: + a3:c5:f3:66:51:19:bd:a3:3b:0a:65:53:6c:2c:08: + 81:8a:3b:ee:2e:8d:46:99:3d:38:59:80:b5:d1:ee: + c5:57:ea:a4:9f:44:ce:0f:62:34:aa:9b:50:af:e4: + 06:02:18:e1:ca:d6:17:ac:00:c3:f9:b0:67:5f:e0: + b1:88:21:62:fd:9e:01:00:3e:bc:00:46:98:31:55: + 2e:d1:b4:7d:46:5f:9c:96:52:96:23:84:4c:a3:a4: + c5:97:91:85:04:c0:59:65:d3:42:c6:3a:a8:8a:f9: + 4e:d5:db:2c:82:45:4e:01:51:28:20:14:b8:5b:2f: + 59:fa:cf:57:8c:17:11:f0:02:02:59:a3:f6:e8:a1: + d3:c2:3e:1c:57:15:4f:9c:c0:5b:d0:6e:20:65:00: + 1b:a3:c9:8f:a2:1e:44:a9:cb:2b:4c:d7:78:54:a1: + 60:5f:33:71:4b:07:6c:d2:82:62:8c:01:bb:da:3e: + cf:82:36:36:a9:5b:59:09:19:a0:60:2f:51:df:a9: + c4:b7 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - CC:CC:54:7B:F2:87:66:CD:2A:F4:75:39:36:9B:60:45:1D:3A:FE:44 + 90:97:88:F8:24:23:75:CF:5A:A6:3A:DF:44:A3:5A:DD:84:57:B2:F9 X509v3 Authority Key Identifier: - 15:54:83:B3:1C:29:D7:B3:A0:B4:09:4D:E8:83:0B:1A:1B:99:6E:45 + 07:9D:08:22:B3:EE:46:88:BC:AF:66:92:91:CB:76:1C:9F:1A:D1:72 X509v3 Subject Alternative Name: DNS:localhost, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1 Signature Algorithm: sha256WithRSAEncryption Signature Value: - 3a:72:ef:6a:0c:6a:f1:a6:e2:bc:11:e8:ab:71:01:3c:6f:20: - 35:fc:22:a3:6e:d2:91:6c:08:93:d2:ae:61:37:72:88:8a:73: - 80:87:ec:61:c8:25:e9:e9:df:0f:6b:fb:50:27:36:0f:a5:b0: - 71:1c:9f:c3:fe:94:5f:b2:f4:30:56:81:7a:4e:51:f9:30:cd: - de:0d:90:39:86:3f:c2:f0:cb:8d:c5:29:4a:7d:27:1d:78:5d: - e5:3e:a7:90:08:06:5a:0a:1d:50:d7:39:8d:ee:a4:58:3f:30: - 44:d4:89:dc:94:8f:66:4e:0b:7b:94:e1:06:67:ed:23:ab:22: - e8:77:18:fa:d1:6e:46:df:bd:75:de:c5:d2:b1:ac:ef:df:07: - da:b0:85:2d:47:18:fc:fb:d3:de:10:fb:e0:35:ef:d4:ef:0c: - f5:d4:d6:84:3d:22:fe:44:c9:d2:48:44:ec:24:69:52:15:9d: - 99:52:bc:e7:04:9b:15:85:7e:e0:06:12:bb:ba:96:58:78:a6: - 61:fa:33:01:7c:76:43:6c:c5:3d:11:c5:e1:9b:e8:59:d1:96: - 8c:30:21:e4:73:82:7f:44:76:fb:d2:f1:54:a7:b2:1a:28:ad: - 28:bd:f7:9a:47:ef:dc:b2:1b:26:d7:fe:0a:0d:ae:bd:38:13: - 61:43:f3:e3 + 0e:70:c7:0a:1a:ff:56:d8:e4:07:d0:e1:89:e8:0e:54:75:e5: + 66:73:28:88:5f:18:26:4f:32:af:8a:a4:74:2d:b1:70:38:68: + 0d:53:42:b9:82:be:77:f7:2c:31:c6:9b:42:68:f9:c8:d0:dc: + 3f:0e:48:89:b1:87:1d:14:f9:f8:ef:8f:63:3c:75:f3:79:dc: + a3:7c:de:8e:4f:29:2b:4c:17:99:da:69:43:9e:c0:03:28:f5: + d1:97:0f:14:58:de:80:15:58:7b:97:53:74:78:91:07:80:28: + 76:88:f6:f3:2a:49:23:95:2e:7e:bd:32:e3:1e:c0:a2:62:7f: + 3a:a7:f5:96:a8:91:90:c4:ed:31:66:80:01:0e:32:95:20:5b: + 6f:de:69:86:ea:48:ba:1b:bb:21:e9:49:07:31:8e:ba:2a:b7: + 3f:61:d1:a2:2b:fb:0c:16:17:9c:b3:c1:d6:ca:b4:af:74:3e: + 48:ca:c0:81:94:4e:ab:b9:65:b6:71:24:66:8b:ff:02:28:7b: + f7:d7:c9:63:3d:22:8c:54:dc:79:ce:e5:82:b0:64:68:3e:8a: + 84:96:80:73:2c:e8:e3:2c:19:34:3a:dc:cf:1f:ff:e1:b6:4c: + f9:b3:d2:2a:cb:ae:8d:76:aa:b9:cd:b5:80:75:6a:d2:b8:74: + ba:96:ad:e3 -----BEGIN CERTIFICATE----- MIIDvDCCAqSgAwIBAgIBATANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER MA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNV BAoMB01vbmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMg -VGVzdGluZyBDQTAeFw0yNjA2MDUwMTA5MjZaFw00NjA1MzEwMTA5MjZaMFgxCzAJ +VGVzdGluZyBDQTAeFw0yNjA2MDUwMTQzMThaFw00NjA1MzEwMTQzMThaMFgxCzAJ BgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazEQMA4GA1UECgwHTW9uZ29EQjEQ MA4GA1UECwwHRHJpdmVyczESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG -9w0BAQEFAAOCAQ8AMIIBCgKCAQEArqM38IOFw0SbOczwiBAHd4okts/huvF9DeOO -DtWG/9+VLJQmNmZClrO9/CPwPQCNU5u+AuJdTzBzTjpQjHGINsP37t1bgGuhO0MD -8I0YZ6EWJdpYA1/k1SnB1zpg/GymQfkvVe0ZeggDbKS6nkpRgUKlzkSdp7tLXqLu -gWVCfanEW7Av2h5UJXjq9d48dfrHz78CvK6wXmKh/6QPfNrHHxPz1OkJwdr/vVnf -4R7e9O97LCBPJbCsaCbUrH3m8leZJ+PHuZDylp2y5DjWw+UEcwrO2fBmyK8xpF1e -JkcFFSufnwpoVRPd4PvfaWniaXFzqwZpAk5C/Vk8oBltLxoQywIDAQABo3AwbjAd -BgNVHQ4EFgQUzMxUe/KHZs0q9HU5NptgRR06/kQwHwYDVR0jBBgwFoAUFVSDsxwp -17OgtAlN6IMLGhuZbkUwLAYDVR0RBCUwI4IJbG9jYWxob3N0hwR/AAABhxAAAAAA -AAAAAAAAAAAAAAABMA0GCSqGSIb3DQEBCwUAA4IBAQA6cu9qDGrxpuK8EeircQE8 -byA1/CKjbtKRbAiT0q5hN3KIinOAh+xhyCXp6d8Pa/tQJzYPpbBxHJ/D/pRfsvQw -VoF6TlH5MM3eDZA5hj/C8MuNxSlKfScdeF3lPqeQCAZaCh1Q1zmN7qRYPzBE1Inc -lI9mTgt7lOEGZ+0jqyLodxj60W5G37113sXSsazv3wfasIUtRxj8+9PeEPvgNe/U -7wz11NaEPSL+RMnSSETsJGlSFZ2ZUrznBJsVhX7gBhK7upZYeKZh+jMBfHZDbMU9 -EcXhm+hZ0ZaMMCHkc4J/RHb70vFUp7IaKK0ovfeaR+/cshsm1/4KDa69OBNhQ/Pj +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvqlKQ5Ty8RIderwLjdDP7e4uXBgVN1ELvjHw +PZefYj1emJnvT0DjF4gExG+8qeRuwGqh6qKH8+57VWWjxfNmURm9ozsKZVNsLAiB +ijvuLo1GmT04WYC10e7FV+qkn0TOD2I0qptQr+QGAhjhytYXrADD+bBnX+CxiCFi +/Z4BAD68AEaYMVUu0bR9Rl+cllKWI4RMo6TFl5GFBMBZZdNCxjqoivlO1dssgkVO +AVEoIBS4Wy9Z+s9XjBcR8AICWaP26KHTwj4cVxVPnMBb0G4gZQAbo8mPoh5Eqcsr +TNd4VKFgXzNxSwds0oJijAG72j7PgjY2qVtZCRmgYC9R36nEtwIDAQABo3AwbjAd +BgNVHQ4EFgQUkJeI+CQjdc9apjrfRKNa3YRXsvkwHwYDVR0jBBgwFoAUB50IIrPu +Roi8r2aSkct2HJ8a0XIwLAYDVR0RBCUwI4IJbG9jYWxob3N0hwR/AAABhxAAAAAA +AAAAAAAAAAAAAAABMA0GCSqGSIb3DQEBCwUAA4IBAQAOcMcKGv9W2OQH0OGJ6A5U +deVmcyiIXxgmTzKviqR0LbFwOGgNU0K5gr539ywxxptCaPnI0Nw/DkiJsYcdFPn4 +749jPHXzedyjfN6OTykrTBeZ2mlDnsADKPXRlw8UWN6AFVh7l1N0eJEHgCh2iPbz +KkkjlS5+vTLjHsCiYn86p/WWqJGQxO0xZoABDjKVIFtv3mmG6ki6G7sh6UkHMY66 +Krc/YdGiK/sMFhecs8HWyrSvdD5IysCBlE6ruWW2cSRmi/8CKHv318ljPSKMVNx5 +zuWCsGRoPoqEloBzLOjjLBk0OtzPH//htkz5s9Iqy66Ndqq5zbWAdWrSuHS6lq3j -----END CERTIFICATE----- diff --git a/test/certificates/trusted-ca.pem b/test/certificates/trusted-ca.pem index a7506ba3c7..39165b7152 100644 --- a/test/certificates/trusted-ca.pem +++ b/test/certificates/trusted-ca.pem @@ -1,23 +1,23 @@ -----BEGIN CERTIFICATE----- -MIIDyDCCArCgAwIBAgIUUcgTcnV0MsAUzdlCtBW/GPxim3IwDQYJKoZIhvcNAQEL +MIIDyDCCArCgAwIBAgIUXOZb4M9mVy82gQz6t1aJHVdG+/owDQYJKoZIhvcNAQEL BQAwfDELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMQ8wDQYDVQQLDAZLZXJuZWwx -HzAdBgNVBAMMFlRydXN0ZWQgS2VybmVsIFRlc3QgQ0EwHhcNMjYwNjA1MDEwOTI2 -WhcNNDYwNTMxMDEwOTI2WjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlv +HzAdBgNVBAMMFlRydXN0ZWQgS2VybmVsIFRlc3QgQ0EwHhcNMjYwNjA1MDE0MzE4 +WhcNNDYwNTMxMDE0MzE4WjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlv cmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxDzAN BgNVBAsMBktlcm5lbDEfMB0GA1UEAwwWVHJ1c3RlZCBLZXJuZWwgVGVzdCBDQTCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJX2Nj0SfMSPuUiViJP0dcw7 -egMyp6VYyY2TCE8HHNqIem163Hy3i49MHKEqr9b5OVIz0RWaU8SdkJ2WwfaOb4G/ -Xu2o7AsDRZVHJwh8BhWu5dco5Fd8DZiUnbiWwdnlmbF/vFB//zGMWGYpGkUOIKuD -dbVdhXTvBrGXY3fDOYa8kjxqhUTJFqhLVESTzfxaiBww0ZMlDpMwgjU9CZJ5C9Sw -wGeRavjIJdiz6ABG1vdSpZ/8E5bL/WYgImonq1vfT3fWjnq8GlaSAW7YrkJ2ANn4 -/BIgkEZbjv+UiadLzUKUT+QT2Uff7bDD+Eh3Bh/j17p5ey8e3M+hkjFbwpoGA4MC -AwEAAaNCMEAwHQYDVR0OBBYEFMnVB5JRAbHlPRh7a6CguKrHtr8kMA8GA1UdEwEB -/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQCAcHZ0 -bfasq8TuSakrHbXd6VN2orX2BUodlAM2Hs/hUtCim8M8dK5iSr/tfW80mfq+bssw -ay+yKJzFlB3PzzLo5b6XBapbjPWiD2lWT5WoIlS/9CAO4BN3edhLAgRRMFgPXyZN -JKkNqg5H0yoLy0z+f0vxx7IIe0GytiwT7T0JLoVGQpjCIkjjm0XSCBPdjTQOow1L -NSE0dfQ9LbsuiAA6t83cl6PUMJHrBpKmzdLYoN6nM/VxAhQSVqy5MfnXgA3BWzra -vXoHA5p2rL1QZ3wQRB3B7kAFxqnrwJJdUTwRjm5RmGMUNjj2hFwAJlfwBQlYoxt1 -6rE4DkIhabfv7Zu1 +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANkffnDicTbF3B8yzIxz7DP8 +rvy9yVOOGoLyiXITiHmTMNIhfYUdxGqO4RRReztQvW7s6yOQdvqNE8LD7WrzsXOz +JOovPuQZMr6mnSu0bU98Eyar9SfRTbGVmkZiCJTT8jV9wP9nxgFag+1Y6DPUwbOp +zyt9/961woScVbJJwVAdJUv/cp7l7dT16rCS4yuDf+m6xI9Svev7iPcqcyIRDLD5 +EXS1RI8ZLmA3ueIqPQbnRiPzjVRgq56czkZ/g2USJlFlgYoeLAV7JnjYi6Rs/umw +0YqfNl6rD4BznrF4CGuvliWaZu/3pAv/ejmGJNMUbgi3gVAG9nZKzIdiFTtR3xEC +AwEAAaNCMEAwHQYDVR0OBBYEFH69MHf4jQo9TLkJRhgOFoQpFblIMA8GA1UdEwEB +/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4IBAQDFN3c7 +24yHj5lEvZX0H2IH25+5KhFouhkEgQk8OjcB8lpyJEB1scWX0v6RNNr4pmHNs/SF +FOqnVl+JMbcF+HuDM8pVVYeaDe/ZS/pAp6U9HwSNSYltEPThnVfQWKKPeI+8W0YY +WANQPhA8TAYft7lWxaUNlpI1RPEy/YTuMzxZC2H5CPnnIll+zTgt78Bi5halR0YO +EovTitdUom2y0UNPPczCRWoFjHE8MM+xeNhV2ybd8qT5L0sO9FDdh7UoYS1LmL0k ++naes5qWFXhvYXelWwr60H/MI53p+UMGfW95e4IyU4WPXh5Z2jG3hc6tg5kt1ThS +tLX9wRS/xICXNu2l -----END CERTIFICATE----- diff --git a/test/certificates/wrong-host.pem b/test/certificates/wrong-host.pem index 8f6ed82d07..c67bc1bfc3 100644 --- a/test/certificates/wrong-host.pem +++ b/test/certificates/wrong-host.pem @@ -1,51 +1,51 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCqOy2pgCy55SlP -jOefFgo814NQiTZUzjslthOd7uobrQYCoLC5N2QwB1I6JlsJuDigo2vWnTB8nTwj -taf1hnAumv1oBvYV25s6nmP6OoOz3rqK0ZqTmXMd7ZlCWi0KmwglfJCsLsFFpGgN -gi1W9eUzVIaJ3BabG02nxRTcsV5oxAIzYdayxqZ/czzAvhfD0bKlfnDkfysWFEP+ -bgHSqNbZtYD4/acHKj5zy5Dyvkf+4rEWJrasqjJW69Q/fRj4eaYpXIz2Jh8Btd6H -8sLsucM5qIKcEwLw7nASLJsKAV+TO0jUbPDEGR2rUxKHoagT6c1pOexa+MsFaAWm -UrHOIFgtAgMBAAECggEABU5WaEXfPwUaUkkzUAVdGNPj2y8Hs0GBXPXNqzrO78Fn -Ik5Va9SC6i9UPA1FgapNE468dgJMyFmTTg6jt1azKPS6SNOMuJYxgrR8q8hGoiTj -Xh/V6FtcV/a3s/aBGGdIK/jzvnYvnobXGnKwDJmaBQ1RqzrhtoB1nXDaa12Y8n16 -dIgqgFK7wIu2c4FRDd0xr3Kq7+Gs3U6z65xyEtRW3ITghaaWsBDXDvHxBOcRm7SM -d8hXPto5sk0V94yJqxY0Xq7rXkDiqeVg+q/5lq/aSdWCNU8mz/+Xmrvvc7uUaHGF -xtTNM5cpVQiyhU3PYAoNa6U1NxHlhNW2yKN8hOTPGQKBgQDqxu23FcX3U9mISWZb -HlG9bzXOxexJAPWuDcIJdA/fI290kFQW2rE/b1jFoUsZL6esFJprinihjE9rdhd8 -vIgiPb2T5eg2h4J/KtXqtySLM00ySu1l6JvSWpZ7hxBDkMon+P160815H0Mko5+V -v9Ndfs2eo0n2LsPMFgv0pRkiyQKBgQC5npEhlqUAmBoIx7PnO6qPlwzWj2lW8l2g -BT3CIjQfbN4++PS2qMmv/3eHkfq3aBpSAXpeeLNEV5flPsJ6OaQSfMT4Wj5bbKEb -Xl8i4WfbC10YIhs6Ur6BOnK6Uyi8ArOFYhVRu/2z3937XM7C7Mz4/g0TsLavJoEu -xelKyc44RQKBgGYOzb1d6K3INHLrPWR0vKG1m1Vkcn+VvDbKYkQLwO6GD+hC6Vr5 -/D0QIS3gHK45KhFC75G6IxBO1yNmtXUS27bO0f9d3OD/bTnsnAspS+h7B57KNYKs -aDg8Ctht8SL96PMRaNchBVwWu/BMdI37Ul19RtMkNn2e/JxWJSJXNqMJAoGAdOfF -iF4UtfcWDomYaP5PQfhkgY35TmV/ShWC/A4GvfQXVZn+pjxQKqS/Z4ctXO4YBaYg -p/dlEJoKdLu+SLSc/XfPpotP0szr+wzI5nMIshDKJTT16RnMGh/xuiA9+4vH/S31 -N3ErLGrGqFWfc20o+3kmS0x1AoNBwW+sqwnG8/ECgYEAzq4Qrm69OmU9zbC0phon -LF03QSPkTInuLvcKAgKeD+kZQ6ZpZCwRnYgRe2XTFcLEwrrZAaem+eNR4tBeE2b9 -duL76gyoukctgb6bZM8TNDJlHg6MoT0RXUjEezMLhYNumrXDO6TCA7ak6gV5AHHw -zs/hznKbNvFW7xLQDPW/1f0= +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCHx0jJhZSsT6J7 +qZZ3+15MvBddhi9Dn+U5koIMPE7tLOLlydbHhKQULtu2FUG4NaL9wrmfhIDmSySc +Tpc/1SScVmoDzrASj7Yw/fivj0ApfBvQUIzttW+C9zd1nLFyuuYZtNCdcE/MQu/f +Ls16ry/vBs5XgHyICxeShFy/eThVx8xczrSw93NHzdLh3g5G38soJl0kO4z6GLIj +hmEgenn54GWOakzKrSM2pIuw3gFM7d3skr+NiBw4UZpB2sUfJFuwMUaEc7bgG8t7 +dRT3aMoWkTraTr38IU0g0B/kCcjoAvV/lbXqpW0JrzWN+ZPkULQoUZGfj23cemu8 +ia0EBJLBAgMBAAECggEAECJOlF+ypG0MDiy/K/+rG2woTJ0yxZLc7qPpnyGVcVpp +lcuPoYKx6pIM2oyZFBYPiZ7XZsyccoEQVyCBmXyuzoL4Mv6e7n20NQsgv1/CzIsq +VO0VafOqzgGpTejyLwNlbz2MooCjgs6baUZK9V6W0AzbfQtQAOxsfyUKTlhNqOea +IZsNgjXPChrIsjhwcwF+nlHuDiuFa1nGNJNCGJN+mAaANDnmNb7/d62B4PEon6sj +oL8InNKdoBdwIqbPsQY6QWpqz7lGcH1On4M3JRQrprjWeWy6A3zu1kFFcJ2TrHb0 +TWwKW4ot9R25QSws+lwCysKEPD31hkkfA1gzukH9zwKBgQC9DZvhG/QgGmYkG4OD +lFTCZ6tY7xSZO5rnJiw/l+4dn/h9WtmjCu9TXtNifivt0bjQsHbWL25ifjvQf0i3 +XisMi0I2mILNUA5tDxIb2jgmh9JjXEQ9yBbsNVflcFMCwAhdMkp9IjdgGBsg3BV3 +Wt7FsiXPpJQgKsqn/aWhHtCgtwKBgQC33B6wGm9SU1R9xvUW63s31Rcm2knDC/Ng +5XiMrC4KviqAJnpo97OD+3w7Lmu94pnp0VTirr9Tb2UnKpEOZnXOo2Qukj5jnLd7 +4jnTvnSc9CBzx4GJYmCHTzx5kn/IvD/M+AajnkCafGVfTdPNKdVvBQ+A3dVLFsy7 +h0uP0RgARwKBgEdIhVkY2DDuo0rEEQ+g82CmBEaxRxwMDHlRvGdyGveSpPhnNB60 +9c6Ct8OwfVHbvQr7LqPOGJoMrPMNu1ZgrGy7aYj6cn+Fyxq2DwbvfjKRDfQnCxgc +hQAlkPHTK4mi7MRvPQT3zNdv33LBaVqqqcrzRCyKCswiNm2nRzd8Tf/7AoGAXj41 +eL1EHKXcJFCsZqAz282dfWvc7V6d1Sgqn6jOPPF3JZMToeR+HwP0jP1hesbBcCm9 +4igCqEjsR6Q5EHGSp2X3Pyv1UOgO4TB3xcLVUXKNg+taycokgpcp/4MJfyKHbZAh +DxNaOBXVfIGPNJXh8nNcnAiZgVDhhqp2H/Tk4ZcCgYEAn2yQ4lOLKEpxiTLhGmDl +IuowW57i0r3QlkwfhvzhEjN3u51RUIDL2+OypMZng7FkGJEnmsjrrTemswgMnca1 +cPBhdofRIZkKcsAvTzntkwWOpqIiwFJLUS2cpS2MrkACDGuB7OzAPPRn2ybQZ5XO +GCRE+vraCgRvuakD01NnIgs= -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID5zCCAs+gAwIBAgIUJMLeJCsPMuRPkCXuMs52RwfFbAEwDQYJKoZIhvcNAQEL +MIID5zCCAs+gAwIBAgIUAYDeF//Jvzjf1eM+TBMe+oo6hhwwDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA1MDEwOTI2WhcN -NDYwNTMxMDEwOTI2WjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA1MDE0MzE4WhcN +NDYwNTMxMDE0MzE4WjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV BAsMB0RyaXZlcnMxHjAcBgNVBAMMFXdyb25naG9zdC5leGFtcGxlLmNvbTCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKo7LamALLnlKU+M558WCjzXg1CJ -NlTOOyW2E53u6hutBgKgsLk3ZDAHUjomWwm4OKCja9adMHydPCO1p/WGcC6a/WgG -9hXbmzqeY/o6g7PeuorRmpOZcx3tmUJaLQqbCCV8kKwuwUWkaA2CLVb15TNUhonc -FpsbTafFFNyxXmjEAjNh1rLGpn9zPMC+F8PRsqV+cOR/KxYUQ/5uAdKo1tm1gPj9 -pwcqPnPLkPK+R/7isRYmtqyqMlbr1D99GPh5pilcjPYmHwG13ofywuy5wzmogpwT -AvDucBIsmwoBX5M7SNRs8MQZHatTEoehqBPpzWk57Fr4ywVoBaZSsc4gWC0CAwEA -AaNkMGIwHQYDVR0OBBYEFH3RUzpBaqpydyCy2TtnS7kTvBT+MB8GA1UdIwQYMBaA -FBVUg7McKdezoLQJTeiDCxobmW5FMCAGA1UdEQQZMBeCFXdyb25naG9zdC5leGFt -cGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEADEIdgN8segXnSrWnZiWS0dd8qKUx -k8+LQjjhjds9CPh1sq20BPqSmiL2kG+fpzyKqgpcv9BbZB3fpBCfdjfcT+Fd3ceA -HNOvkGdm87mxhvCQrmqkKEPjCDBFgTE8o1UxNTCHEBZ5z496NQ+GrbNzvZRC+QWd -CEI3VtRY0k7tDOmZWZLaPU+E6IPAvMbP2Uaca0Oo1lqPFab5hQkvwjZQa316WcE6 -ZA3PU612Z1xTX2H+mR/uCmUJTJNttTZcLFGjc3XM8aZSuOvBVdwoy1YYeB7pUBL6 -NmYtemygaPiBrIfSC8CrWFL7mtyaZJ7UukniGG5PH9WWm5YRM1lzlZNezQ== +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIfHSMmFlKxPonuplnf7Xky8F12G +L0Of5TmSggw8Tu0s4uXJ1seEpBQu27YVQbg1ov3CuZ+EgOZLJJxOlz/VJJxWagPO +sBKPtjD9+K+PQCl8G9BQjO21b4L3N3WcsXK65hm00J1wT8xC798uzXqvL+8GzleA +fIgLF5KEXL95OFXHzFzOtLD3c0fN0uHeDkbfyygmXSQ7jPoYsiOGYSB6efngZY5q +TMqtIzaki7DeAUzt3eySv42IHDhRmkHaxR8kW7AxRoRztuAby3t1FPdoyhaROtpO +vfwhTSDQH+QJyOgC9X+VteqlbQmvNY35k+RQtChRkZ+Pbdx6a7yJrQQEksECAwEA +AaNkMGIwHQYDVR0OBBYEFCXWhDoXLKT10klVaEv5Rf524HXSMB8GA1UdIwQYMBaA +FAedCCKz7kaIvK9mkpHLdhyfGtFyMCAGA1UdEQQZMBeCFXdyb25naG9zdC5leGFt +cGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAtluArK33MrFPHbNBy6D01AcOk1sy +p2S++XGdPTyNwDGSBlK1FV29WPDt3WzxJ01XB93KZ3jyW6DwuSEpi9sggkHiypU4 +gQZtF65eZACoJWsdxuLCVVOAUHxij6MoEl4O1KCSXEYIUUpTb6aoA6+xJmnS4MfA +2Y5Q1DlbPTm0i72PwCHzhoDYlYPR7yisWCzNtGlXLbAZ8JRlXN0YLS7pw8F4FISG +Cu/kE4LgqSt8cCKRT4jp2NLqKamfxTr/7eFkT0tkZP1GLtWKPpNKgydKbQUhO1NN +IJFrV1sJTzVx9f3+ITp8s6ZGzFWdmMW6+6e5Wt1Bo4TqrYeJfJJUlPVZzA== -----END CERTIFICATE-----