diff options
author | Jeremy Harris <jgh146exb@wizmail.org> | 2013-03-24 21:49:12 +0000 |
---|---|---|
committer | Jeremy Harris <jgh146exb@wizmail.org> | 2013-03-25 22:42:48 +0000 |
commit | f5d786885721c374cc22a1f1311ca01408a496fd (patch) | |
tree | 528ec5ecb56fc077445855d16014bc9a9c86d967 /test/aux-fixed/exim-ca/example.com/server2.example.com | |
parent | 26e72755c101f59e24735e9ca9a320d5f1ebc2b7 (diff) |
OCSP-stapling enhancement and testing.
Server:
Honor environment variable as well as running_in_test_harness in permitting bogus staplings
Update server tests
Add "-ocsp" option to client-ssl.
Server side: add verification of stapled status.
First cut server-mode ocsp testing.
Fix some uninitialized ocsp-related data.
Client (new):
Verify stapling using only the chain that verified the server cert, not any acceptable chain.
Add check for multiple responses in a stapling, which is not handled
Refuse verification on expired and revoking staplings.
Handle OCSP client refusal on lack of stapling from server.
More fixing in client OCSP: use the server cert signing chain to verify the OCSP info.
Add transport hosts_require_ocsp option.
Log stapling responses.
Start on tests for client-side.
Testing support:
Add CRL generation code and documentation update
Initial CA & certificate set for testing.
BUGFIX:
Once a single OCSP response has been extracted the validation
routine return code is no longer about the structure, but the actual
returned OCSP status.
Diffstat (limited to 'test/aux-fixed/exim-ca/example.com/server2.example.com')
14 files changed, 119 insertions, 0 deletions
diff --git a/test/aux-fixed/exim-ca/example.com/server2.example.com/ca_chain.pem b/test/aux-fixed/exim-ca/example.com/server2.example.com/ca_chain.pem new file mode 100644 index 000000000..dc1fbb709 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/server2.example.com/ca_chain.pem @@ -0,0 +1,47 @@ +Bag Attributes + friendlyName: Signing Cert +subject=/O=example.com/CN=clica Signing Cert +issuer=/O=example.com/CN=clica CA +-----BEGIN CERTIFICATE----- +MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw +MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALGUYGllRw9Y +7ATtT3iqwv3rnnpYYWaxGdamUYznYS6l8lAyHFOqfEktdHZ+bUyRVWsbvyx/a2St +u1vpZpkihvMCAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLmNvbS9s +YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EApouSZ4cX2rx+pZWcDHJH+KaCMpMa +ScrHO8bFSCWI02ckzoIxWfu1DMNO++EpyzrTgyaXoCROjvhdslwucMqAIg== +-----END CERTIFICATE----- +Bag Attributes + friendlyName: Certificate Authority +subject=/O=example.com/CN=clica CA +issuer=/O=example.com/CN=clica CA +-----BEGIN CERTIFICATE----- +MIIBaTCCAROgAwIBAgIBATANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAwWhcNMzgw +MTAxMTIzNDAwWjApMRQwEgYDVQQKEwtleGFtcGxlLmNvbTERMA8GA1UEAxMIY2xp +Y2EgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAxYR8NYQvEd7/e4MvOj9dh2+o +mnywT9ajMo1589DWt2z14ouRKhSZWlx4O4AicPZc6n4uvt7++t0tTHhmm5JIbwID +AQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIBBjANBgkq +hkiG9w0BAQUFAANBALjVd1KMBadFJFIzTEspoPYxJvXKvLMclekQs5QY0lmmUj5+ +ugITEG6ywu3s+REUB+8Dj+ofQz3tgIm9NBpkfsA= +-----END CERTIFICATE----- +Bag Attributes + friendlyName: server2.example.com + localKeyID: 69 B2 C3 8A B6 1C C2 19 F4 1B 4E 74 28 AF 12 89 E8 2E D9 BE +subject=/CN=server2.example.com +issuer=/O=example.com/CN=clica Signing Cert +-----BEGIN CERTIFICATE----- +MIICAzCCAa2gAwIBAgICAMkwDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhh +bXBsZS5jb20xGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx +MjM0MDFaFw0zODAxMDExMjM0MDFaMB4xHDAaBgNVBAMTE3NlcnZlcjIuZXhhbXBs +ZS5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEA2TCJENbO0UK+Cjs2HSqq1OlM +VIJQs/ctua3DEcPOphjNwLrUqVGv5qkWFDHbsJ00hpiW7uK9tDfawSWmcFis1wID +AQABo4G/MIG8MA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcD +AQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxl +LmNvbS9sYXRlc3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0 +cDovL29zY3AvZXhhbXBsZS5jb20vMB4GA1UdEQQXMBWCE3NlcnZlcjIuZXhhbXBs +ZS5jb20wDQYJKoZIhvcNAQEFBQADQQCeF6NprEufUaSaqXhBk7hP7kX2NtTEkHmg +hm1yvEzKL1/7gmqhMAGFapGV90k/8J6L4FiIEaxIHuTvm94KfKZi +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.com/server2.example.com/cert8.db b/test/aux-fixed/exim-ca/example.com/server2.example.com/cert8.db Binary files differnew file mode 100644 index 000000000..840f69431 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/server2.example.com/cert8.db diff --git a/test/aux-fixed/exim-ca/example.com/server2.example.com/key3.db b/test/aux-fixed/exim-ca/example.com/server2.example.com/key3.db Binary files differnew file mode 100644 index 000000000..89bff133c --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/server2.example.com/key3.db diff --git a/test/aux-fixed/exim-ca/example.com/server2.example.com/pwdfile b/test/aux-fixed/exim-ca/example.com/server2.example.com/pwdfile new file mode 100644 index 000000000..f3097ab13 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/server2.example.com/pwdfile @@ -0,0 +1 @@ +password diff --git a/test/aux-fixed/exim-ca/example.com/server2.example.com/secmod.db b/test/aux-fixed/exim-ca/example.com/server2.example.com/secmod.db Binary files differnew file mode 100644 index 000000000..8ea139c76 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/server2.example.com/secmod.db diff --git a/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.chain.pem b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.chain.pem new file mode 100644 index 000000000..52263a231 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.chain.pem @@ -0,0 +1,29 @@ +Bag Attributes + friendlyName: server2.example.com + localKeyID: 69 B2 C3 8A B6 1C C2 19 F4 1B 4E 74 28 AF 12 89 E8 2E D9 BE +subject=/CN=server2.example.com +issuer=/O=example.com/CN=clica Signing Cert +-----BEGIN CERTIFICATE----- +MIICAzCCAa2gAwIBAgICAMkwDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhh +bXBsZS5jb20xGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx +MjM0MDFaFw0zODAxMDExMjM0MDFaMB4xHDAaBgNVBAMTE3NlcnZlcjIuZXhhbXBs +ZS5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEA2TCJENbO0UK+Cjs2HSqq1OlM +VIJQs/ctua3DEcPOphjNwLrUqVGv5qkWFDHbsJ00hpiW7uK9tDfawSWmcFis1wID +AQABo4G/MIG8MA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcD +AQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxl +LmNvbS9sYXRlc3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0 +cDovL29zY3AvZXhhbXBsZS5jb20vMB4GA1UdEQQXMBWCE3NlcnZlcjIuZXhhbXBs +ZS5jb20wDQYJKoZIhvcNAQEFBQADQQCeF6NprEufUaSaqXhBk7hP7kX2NtTEkHmg +hm1yvEzKL1/7gmqhMAGFapGV90k/8J6L4FiIEaxIHuTvm94KfKZi +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt
+cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw
+MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp
+Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALGUYGllRw9Y
+7ATtT3iqwv3rnnpYYWaxGdamUYznYS6l8lAyHFOqfEktdHZ+bUyRVWsbvyx/a2St
+u1vpZpkihvMCAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB
+Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLmNvbS9s
+YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EApouSZ4cX2rx+pZWcDHJH+KaCMpMa
+ScrHO8bFSCWI02ckzoIxWfu1DMNO++EpyzrTgyaXoCROjvhdslwucMqAIg== +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.key b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.key new file mode 100644 index 000000000..a4960f965 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.key @@ -0,0 +1,15 @@ +Bag Attributes + friendlyName: server2.example.com + localKeyID: 69 B2 C3 8A B6 1C C2 19 F4 1B 4E 74 28 AF 12 89 E8 2E D9 BE +Key Attributes: <No Attributes> +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBnjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIFmRnQVx4IM4CAggA +MBQGCCqGSIb3DQMHBAj96PHFOGcW+gSCAVhUx92WT6m/52ZEGgqV+RyBKgHPv0Vk +NCrmKEJJAvGRWGl+jnpU780hLNx+qWHxGV6r+wyPN9F81oDhqeYQtIRIYC8tWBeC +9mouIU/iNXYUkun4ZaH6sIJSFfB/2l/pz5/GaiCqgQPPufGmRFsHcGcZlYpnLHkb +PyRFagan7QYIwUouBTyJ0o/OKBU/r6QM+ZO1zB4YqUutpYMTUbcD9zkj3eAFpIDZ +fuci+WK1imuUek9LdKifM8f5jdc4n/Ya5rFcpHg45CXz+pLntsprjQVzhFdQblZW +60ZyiJm682h7ioHhcJYmYyEa5DMItEqzLasQncMi/s8+SUCqTE0QaWYWJ+ofv1cD +GBYWoM7Ar47zaqgQYlKMKs9mDfUQ4FQy382yrnsPnyo+K8ra5ESUA++uIxMwouHo +x3dD4wV51jP8VC9VN2GWprZWffnxwMP4PxZejmZVbSWvPw== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.dated.resp b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.dated.resp Binary files differnew file mode 100644 index 000000000..baa228161 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.dated.resp diff --git a/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.good.resp b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.good.resp Binary files differnew file mode 100644 index 000000000..80180be4b --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.good.resp diff --git a/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.req b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.req Binary files differnew file mode 100644 index 000000000..fe4957efd --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.req diff --git a/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.revoked.resp b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.revoked.resp Binary files differnew file mode 100644 index 000000000..80180be4b --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.revoked.resp diff --git a/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.p12 b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.p12 Binary files differnew file mode 100644 index 000000000..c080a6a7e --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.p12 diff --git a/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.pem b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.pem new file mode 100644 index 000000000..eacf55c65 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.pem @@ -0,0 +1,18 @@ +Bag Attributes + friendlyName: server2.example.com + localKeyID: 69 B2 C3 8A B6 1C C2 19 F4 1B 4E 74 28 AF 12 89 E8 2E D9 BE +subject=/CN=server2.example.com +issuer=/O=example.com/CN=clica Signing Cert +-----BEGIN CERTIFICATE----- +MIICAzCCAa2gAwIBAgICAMkwDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhh +bXBsZS5jb20xGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx +MjM0MDFaFw0zODAxMDExMjM0MDFaMB4xHDAaBgNVBAMTE3NlcnZlcjIuZXhhbXBs +ZS5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEA2TCJENbO0UK+Cjs2HSqq1OlM +VIJQs/ctua3DEcPOphjNwLrUqVGv5qkWFDHbsJ00hpiW7uK9tDfawSWmcFis1wID +AQABo4G/MIG8MA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcD +AQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxl +LmNvbS9sYXRlc3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0 +cDovL29zY3AvZXhhbXBsZS5jb20vMB4GA1UdEQQXMBWCE3NlcnZlcjIuZXhhbXBs +ZS5jb20wDQYJKoZIhvcNAQEFBQADQQCeF6NprEufUaSaqXhBk7hP7kX2NtTEkHmg +hm1yvEzKL1/7gmqhMAGFapGV90k/8J6L4FiIEaxIHuTvm94KfKZi +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.unlocked.key b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.unlocked.key new file mode 100644 index 000000000..6e0c41e7a --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.unlocked.key @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBOQIBAAJBANkwiRDWztFCvgo7Nh0qqtTpTFSCULP3LbmtwxHDzqYYzcC61KlR +r+apFhQx27CdNIaYlu7ivbQ32sElpnBYrNcCAwEAAQJAAT7+ClKxLRIs9PISBWjR +Qhd0kKeOvvmUEZSlodx1uw42qqDQ0vfYMSOWzn8dlGQ/XGJ4xVwvFFklNCfWva4M +QQIhAPaoF/TqmR/dc2CLsQkWoZQqdu7w+uBnTnqqcQ1A2ci9AiEA4Wqw3SszsAwV +ELV+DCDouyncyMmCzJkDjYA1WYNiVyMCIAc3AYRjfFknRCG11Fbct5s65sG0gNIh +k3UZGTd3ByfNAiAbwAqt75eZYKNnPzCZRaPhBrJLdaNIlL2/Ob1Xm7kLiQIgWtVa +weFGKWW86QXScrel5sjNDxFv+ZvMd+heAiPqkXs= +-----END RSA PRIVATE KEY----- |