From 44fe71ba4272464588d4c5ccefa4a0ae94be1632 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Thu, 4 Jun 2026 06:47:13 -0500 Subject: [PATCH 01/28] PYTHON-5040 Regenerate test TLS certificates with Authority Key Identifier Test certificates in test/certificates/ were missing the Authority Key Identifier (AKI) and Subject Key Identifier (SKI) extensions, causing ssl.SSLCertVerificationError on Python 3.13 (macOS and Windows). Adds gen-certs.sh to document and reproduce the generation process. Reverts the PYTHON-5038 workaround that had disabled SSL verification in TestKmsRetryProse.http_post(). --- CONTRIBUTING.md | 10 ++ test/asynchronous/test_encryption.py | 2 - test/certificates/README.md | 40 +++++ test/certificates/ca.pem | 40 ++--- test/certificates/client.pem | 95 ++++++------ test/certificates/crl.pem | 21 ++- test/certificates/gen-certs.sh | 190 +++++++++++++++++++++++ test/certificates/password_protected.pem | 96 ++++++------ test/certificates/server.pem | 100 ++++++------ test/certificates/trusted-ca.pem | 101 +++--------- test/test_encryption.py | 2 - 11 files changed, 441 insertions(+), 256 deletions(-) create mode 100644 test/certificates/README.md create mode 100755 test/certificates/gen-certs.sh diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 773c9ec0d8..61ad4ece29 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -250,6 +250,16 @@ client = MongoClient( If you want to use the actual certificate file then set `tlsCertificateKeyFile` to the local path to `/test/certificates/client.pem` and `tlsCAFile` to the local path to `/test/certificates/ca.pem`. +#### Regenerating test certificates + +If the test certificates in `test/certificates/` need to be regenerated (e.g. after expiry or to add missing extensions), run: + +```bash +cd test/certificates && bash gen-certs.sh +``` + +See `test/certificates/README.md` for full details and constraints on certificate subjects/SANs that must be preserved. + ### Encryption tests - Run `just run-server` to start the server. diff --git a/test/asynchronous/test_encryption.py b/test/asynchronous/test_encryption.py index 455b1940c4..16d0feed4e 100644 --- a/test/asynchronous/test_encryption.py +++ b/test/asynchronous/test_encryption.py @@ -3047,8 +3047,6 @@ async def http_post(self, path, data=None): # each request because the server is single threaded. ctx = ssl.create_default_context(cafile=CA_PEM) ctx.load_cert_chain(CLIENT_PEM) - ctx.check_hostname = False - ctx.verify_mode = ssl.CERT_NONE conn = http.client.HTTPSConnection("127.0.0.1:9003", context=ctx) try: if data is not None: diff --git a/test/certificates/README.md b/test/certificates/README.md new file mode 100644 index 0000000000..5975b4c722 --- /dev/null +++ b/test/certificates/README.md @@ -0,0 +1,40 @@ +# Test TLS Certificates + +These certificates are used by the PyMongo test suite for TLS/SSL integration tests. + +## Regenerating certificates + +Run the generation script from this directory: + +```bash +bash gen-certs.sh +``` + +**Prerequisites:** OpenSSL 1.1+ or LibreSSL 3+ + +## Certificate details + +| File | Subject | Signed by | Purpose | +|---|---|---|---| +| `ca.pem` | `CN=Drivers Testing CA, ...` | Self (CA) | Root CA for test certs | +| `server.pem` | `CN=localhost, ...` + SAN | Drivers Testing CA | MongoDB server cert (key + cert) | +| `client.pem` | `CN=client, O=MDB, ...` | Drivers Testing CA | Client auth cert (key + cert) | +| `password_protected.pem` | Same as client | Drivers Testing CA | Client cert with AES-256 encrypted key | +| `crl.pem` | — | Drivers Testing CA | Empty Certificate Revocation List | +| `trusted-ca.pem` | `CN=Trusted Kernel Test CA, OU=Kernel, ...` | Self (CA) | Separate CA for bundle tests | + +**Password** for `password_protected.pem`: `qwerty` + +## Important constraints + +The following values are hardcoded in tests and **must not change**: + +- Client cert subject: `C=US,ST=New York,L=New York City,O=MDB,OU=Drivers,CN=client` + (used as the MongoDB X.509 username in `test/test_ssl.py`) +- Server cert SAN: `DNS:localhost, IP:127.0.0.1, IP:::1` +- The `server` hostname alias for `127.0.0.1` must be present in `/etc/hosts` for SSL tests to pass + (added automatically by `.evergreen/scripts/setup-system.sh`) + +## Background + +Certificates were regenerated to add the **Authority Key Identifier (AKI)** extension, which Python 3.13 requires for TLS certificate chain validation (PYTHON-5040). Prior to regeneration, certs were missing AKI, causing `ssl.SSLCertVerificationError: Missing Authority Key Identifier` on macOS and Windows with Python 3.13. diff --git a/test/certificates/ca.pem b/test/certificates/ca.pem index 24beea2d48..e83edfc3b3 100644 --- a/test/certificates/ca.pem +++ b/test/certificates/ca.pem @@ -1,21 +1,23 @@ -----BEGIN CERTIFICATE----- -MIIDfzCCAmegAwIBAgIDB1MGMA0GCSqGSIb3DQEBCwUAMHkxGzAZBgNVBAMTEkRy -aXZlcnMgVGVzdGluZyBDQTEQMA4GA1UECxMHRHJpdmVyczEQMA4GA1UEChMHTW9u -Z29EQjEWMBQGA1UEBxMNTmV3IFlvcmsgQ2l0eTERMA8GA1UECBMITmV3IFlvcmsx -CzAJBgNVBAYTAlVTMB4XDTE5MDUyMjIwMjMxMVoXDTM5MDUyMjIwMjMxMVoweTEb -MBkGA1UEAxMSRHJpdmVycyBUZXN0aW5nIENBMRAwDgYDVQQLEwdEcml2ZXJzMRAw -DgYDVQQKEwdNb25nb0RCMRYwFAYDVQQHEw1OZXcgWW9yayBDaXR5MREwDwYDVQQI -EwhOZXcgWW9yazELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw -ggEKAoIBAQCl7VN+WsQfHlwapcOpTLZVoeMAl1LTbWTFuXSAavIyy0W1Ytky1UP/ -bxCSW0mSWwCgqoJ5aXbAvrNRp6ArWu3LsTQIEcD3pEdrFIVQhYzWUs9fXqPyI9k+ -QNNQ+MRFKeGteTPYwF2eVEtPzUHU5ws3+OKp1m6MCLkwAG3RBFUAfddUnLvGoZiT -pd8/eNabhgHvdrCw+tYFCWvSjz7SluEVievpQehrSEPKe8DxJq/IM3tSl3tdylzT -zeiKNO7c7LuQrgjAfrZl7n2SriHIlNmqiDR/kdd8+TxBuxjFlcf2WyHCO3lIcIgH -KXTlhUCg50KfHaxHu05Qw0x8869yIzqbAgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8w -DQYJKoZIhvcNAQELBQADggEBAEHuhTL8KQZcKCTSJbYA9MgZj7U32arMGBbc1hiq -VBREwvdVz4+9tIyWMzN9R/YCKmUTnCq8z3wTlC8kBtxYn/l4Tj8nJYcgLJjQ0Fwe -gT564CmvkUat8uXPz6olOCdwkMpJ9Sj62i0mpgXJdBfxKQ6TZ9yGz6m3jannjZpN -LchB7xSAEWtqUgvNusq0dApJsf4n7jZ+oBZVaQw2+tzaMfaLqHgMwcu1FzA8UKCD -sxCgIsZUs8DdxaD418Ot6nPfheOTqe24n+TTa+Z6O0W0QtnofJBx7tmAo1aEc57i -77s89pfwIJetpIlhzNSMKurCAocFCJMJLAASJFuu6dyDvPo= +MIID0zCCArugAwIBAgIUSQEGio4MzMdMRZD7CIzy3An1YDUwDQYJKoZIhvcNAQEL +BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O +ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTE0MjEwWhcN +NDYwNTMwMTE0MjEwWjB5MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx +FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV +BAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMgVGVzdGluZyBDQTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMciq/J5l9QbqRPRLvDV8Kj+GedoAddM +0WUtI2uMwo9AiFBqr3T7KVQYKaDLt2Kq/4xi3F6cTqNC/sYxeiTJIgsgZtm1wGNd +2orSIVmcMB7t4hZifNvQyWsl3egxEr7DFkcVFomc0aphEi3ukhOvbFvl+ln5W/B6 +DkgK3Kmd1cQd6giWi8FlXko442Kr+c4fhB1vO7Yq6rjmw7A6YgSE+FSS1Yj4ALUW +lBVZwj6h32dImzSeewnskN3VHu5LmTnGxGZFB+T5AKo67Ay7r57Xg9OvbcJqjdFC +6k2wbXFHJ6qKOCV230oP+PZk/MEpPfozXR8B32VNpw0fgtnxFDBv24UCAwEAAaNT +MFEwHQYDVR0OBBYEFO0dJi0baC83wSHVOLkkDWmJj3hvMB8GA1UdIwQYMBaAFO0d +Ji0baC83wSHVOLkkDWmJj3hvMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL +BQADggEBAC2fgKsYBylaHoC2qutDzgHWTYgjE1WbT2xRoEgRXeHJJtn6GD6+DXqs +JZ/hY5grQX7xtletFKpKGup+aMckukW/1UeRIOP5kFO3SCsL97HDH/nERFa18VYz +UZ9aQJdSkmxX4/DZ/wPK+S1AFVdoc1ukIq2Fjc8nBNTsSoePD5wglDZFdFVshMO4 +gL0g1b4GGUJ76tHefBbH7h9LHCWDoKsAYhXIN9hj/pUgKDan1KfCvPlHUOyiEw1K +60zwSW9aAiplxlxsrEYC2NkSPA4izRExxFQiYd6NfjN746Ti/80U+wdhnK86gQb/ +ackczk7G10fqlzvtKkAMdx+eB03Lq+c= -----END CERTIFICATE----- diff --git a/test/certificates/client.pem b/test/certificates/client.pem index 5b07001092..873506308a 100644 --- a/test/certificates/client.pem +++ b/test/certificates/client.pem @@ -1,48 +1,51 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAsNS8UEuin7/K29jXfIOLpIoh1jEyWVqxiie2Onx7uJJKcoKo -khA3XeUnVN0k6X5MwYWcN52xcns7LYtyt06nRpTG2/emoV44w9uKTuHsvUbiOwSV -m/ToKQQ4FUFZoqorXH+ZmJuIpJNfoW+3CkE1vEDCIecIq6BNg5ySsPtvSuSJHGjp -mc7/5ZUDvFE2aJ8QbJU3Ws0HXiEb6ymi048LlzEL2VKX3w6mqqh+7dcZGAy7qYk2 -5FZ9ktKvCeQau7mTyU1hsPrKFiKtMN8Q2ZAItX13asw5/IeSTq2LgLFHlbj5Kpq4 -GmLdNCshzH5X7Ew3IYM8EHmsX8dmD6mhv7vpVwIDAQABAoIBABOdpb4qhcG+3twA -c/cGCKmaASLnljQ/UU6IFTjrsjXJVKTbRaPeVKX/05sgZQXZ0t3s2mV5AsQ2U1w8 -Cd+3w+qaemzQThW8hAOGCROzEDX29QWi/o2sX0ydgTMqaq0Wv3SlWv6I0mGfT45y -/BURIsrdTCvCmz2erLqa1dL4MWJXRFjT9UTs5twlecIOM2IHKoGGagFhymRK4kDe -wTRC9fpfoAgyfus3pCO/wi/F8yKGPDEwY+zgkhrJQ+kSeki7oKdGD1H540vB8gRt -EIqssE0Y6rEYf97WssQlxJgvoJBDSftOijS6mwvoasDUwfFqyyPiirawXWWhHXkc -DjIi/XECgYEA5xfjilw9YyM2UGQNESbNNunPcj7gDZbN347xJwmYmi9AUdPLt9xN -3XaMqqR22k1DUOxC/5hH0uiXir7mDfqmC+XS/ic/VOsa3CDWejkEnyGLiwSHY502 -wD/xWgHwUiGVAG9HY64vnDGm6L3KGXA2oqxanL4V0+0+Ht49pZ16i8sCgYEAw+Ox -CHGtpkzjCP/z8xr+1VTSdpc/4CP2HONnYopcn48KfQnf7Nale69/1kZpypJlvQSG -eeA3jMGigNJEkb8/kaVoRLCisXcwLc0XIfCTeiK6FS0Ka30D/84Qm8UsHxRdpGkM -kYITAa2r64tgRL8as4/ukeXBKE+oOhX43LeEfyUCgYBkf7IX2Ndlhsm3GlvIarxy -NipeP9PGdR/hKlPbq0OvQf9R1q7QrcE7H7Q6/b0mYNV2mtjkOQB7S2WkFDMOP0P5 -BqDEoKLdNkV/F9TOYH+PCNKbyYNrodJOt0Ap6Y/u1+Xpw3sjcXwJDFrO+sKqX2+T -PStG4S+y84jBedsLbDoAEwKBgQCTz7/KC11o2yOFqv09N+WKvBKDgeWlD/2qFr3w -UU9K5viXGVhqshz0k5z25vL09Drowf1nAZVpFMO2SPOMtq8VC6b+Dfr1xmYIaXVH -Gu1tf77CM9Zk/VSDNc66e7GrUgbHBK2DLo+A+Ld9aRIfTcSsMbNnS+LQtCrQibvb -cG7+MQKBgQCY11oMT2dUekoZEyW4no7W5D74lR8ztMjp/fWWTDo/AZGPBY6cZoZF -IICrzYtDT/5BzB0Jh1f4O9ZQkm5+OvlFbmoZoSbMzHL3oJCBOY5K0/kdGXL46WWh -IRJSYakNU6VIS7SjDpKgm9D8befQqZeoSggSjIIULIiAtYgS80vmGA== ------END RSA PRIVATE KEY----- +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCn1zTqr1VSm9GZ +qpTrLfPyaMMCl2B8M571kIq9O5TYIbddQbpvT0xklJTDsWE3JMaQL5Vq4s/yv5Ut +h5J6mfQJC9AdHIQmOsjBTZnQ3KeAKUGcEniJ44C8nVMDy3v/NUq8kaAN5JnBFn0B +b3CoDSVUZfrG7HRfeflJCeKzE9gJAdoW2/EjG90LSfzTiEatHHCOlqX41dlJ0boA +bkhxL/MvL4L9JmxhGZSeDykGDJp081oQE3qMggIvlA8iCD0mwnUqFYoJlS8GeyG2 +jap1kWvjIeUYY16OMHCFCZLDeWubjE/9M7BY9V14ANvCOUnXJuX3MijjJrxwCmvp +y7pCat/LAgMBAAECggEAUOjsyIm3XvhgpWxXF7xyUhRwlco1qAoWghio2SpkyYAP +bfRmlIwsrnv17xSOYc/nrNBTflBSoJn8pxMo6NNYkhfQvoflqKxD5POsx8PnN2As +EbnRw98ZS1OoFjc80j11hsvI1YmzGSLnJg77xvd3XGVA7C5Gt1QMeUo7r8pMJaKm +zaL8Nee3klPn/giu/1iImCVn+7mHshYMZTwQuYJL0RWJiz12jdH2ILF3yLKraUQ+ +gAx2k5KL5AEPWQwstTfM+2G+5GQ8zMimBYm53ZlVlRX6JejgxQKO52A9+M4Jz2yO +uDPJEVc+ka201zDSKjUUNi4IIQyu5gGyMy+FfuEIQQKBgQDn1r4eXDJj/mpCmMag +NcibPnV7m2Ilr0tCGXFNBpW2HVtPNqQ4w+FENSHZU4wWQ03PNfd26j12Gin3wH3V +0xM89w5DGwvggCEj48TP8H9v9PuOI8KY0QlFoA9XeLZ4DPKLbna/1U9DXjqCj+JN +MwG0WPMI+sn+okU5Y48i/QPi6wKBgQC5VQxlGEiVLPdeneZnzg7u9CTDH3WaNjQO +bCZyHyFjCZn388vqtWdHpSkLECET4L+coLMVJO/NOD3k9oDJinklbE2VyicOOhLj +gt/OaURb/yt1exDQ5+LJWa9GhcKEVrohWQCnk9xLw9TdakUVlx0USoQDrQqRloCr +CLbkmnz+oQKBgQDGI+8KrYtXkJmqXz3qsOzJWYE46hzgzkdIr8v4o7cSFVbzhWSn +Kyn8jFhokBH6+PyoKpxb4mgy5ruVhctGEwavJQroaVYmQfuQ29paSVXxDnRsD74B +sy30do6GGKICSjaE2hzdaOY8Um05JtWnWv+K7jaQJx655F+7Y45yvcEzjwKBgA9w +ASdOnYUniLdt6apN5LqMxZ8nOLGOwElPQuiQpURNoXCg8yRq1d6G6GNOhaLVPsC6 +NhCV0g/DFozC57lh+nNekRvgCd7KgZZH6YKVDCepmqIfjSgJmL9y5AG41JoXa0up +0T8kNt5swodq+bQxsS9mgZaYzF+SLMeSY0GpiK3hAoGAR/8/tASO6MYV7uoP6BVl +MytqBmu66BN1AxqR1YBAqxlpEJR7EFc3QTAbLQiS1ZtczVKqNIGiqrv4EfWtVvkm +nvmdVOdta8kF4CsWdu2cpXGQ/Ov5NHHL+x2gqwOKpiInvGbNOnd9K2SGLJW5SSmz +7uONbtZyZcetWlsatP05gE0= +-----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIIDgzCCAmugAwIBAgIDAxOUMA0GCSqGSIb3DQEBCwUAMHkxGzAZBgNVBAMTEkRy -aXZlcnMgVGVzdGluZyBDQTEQMA4GA1UECxMHRHJpdmVyczEQMA4GA1UEChMHTW9u -Z29EQjEWMBQGA1UEBxMNTmV3IFlvcmsgQ2l0eTERMA8GA1UECBMITmV3IFlvcmsx -CzAJBgNVBAYTAlVTMB4XDTE5MDUyMjIzNTU1NFoXDTM5MDUyMjIzNTU1NFowaTEP -MA0GA1UEAxMGY2xpZW50MRAwDgYDVQQLEwdEcml2ZXJzMQwwCgYDVQQKEwNNREIx -FjAUBgNVBAcTDU5ldyBZb3JrIENpdHkxETAPBgNVBAgTCE5ldyBZb3JrMQswCQYD -VQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALDUvFBLop+/ -ytvY13yDi6SKIdYxMllasYontjp8e7iSSnKCqJIQN13lJ1TdJOl+TMGFnDedsXJ7 -Oy2LcrdOp0aUxtv3pqFeOMPbik7h7L1G4jsElZv06CkEOBVBWaKqK1x/mZibiKST -X6FvtwpBNbxAwiHnCKugTYOckrD7b0rkiRxo6ZnO/+WVA7xRNmifEGyVN1rNB14h -G+spotOPC5cxC9lSl98Opqqofu3XGRgMu6mJNuRWfZLSrwnkGru5k8lNYbD6yhYi -rTDfENmQCLV9d2rMOfyHkk6ti4CxR5W4+SqauBpi3TQrIcx+V+xMNyGDPBB5rF/H -Zg+pob+76VcCAwEAAaMkMCIwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUF -BwMCMA0GCSqGSIb3DQEBCwUAA4IBAQAqRcLAGvYMaGYOV4HJTzNotT2qE0I9THNQ -wOV1fBg69x6SrUQTQLjJEptpOA288Wue6Jt3H+p5qAGV5GbXjzN/yjCoItggSKxG -Xg7279nz6/C5faoIKRjpS9R+MsJGlttP9nUzdSxrHvvqm62OuSVFjjETxD39DupE -YPFQoHOxdFTtBQlc/zIKxVdd20rs1xJeeU2/L7jtRBSPuR/Sk8zot7G2/dQHX49y -kHrq8qz12kj1T6XDXf8KZawFywXaz0/Ur+fUYKmkVk1T0JZaNtF4sKqDeNE4zcns -p3xLVDSl1Q5Gwj7bgph9o4Hxs9izPwiqjmNaSjPimGYZ399zcurY +MIID1DCCArygAwIBAgIUKSPIVx8fGO7AXQ+UCeOeYSt3H9MwDQYJKoZIhvcNAQEL +BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O +ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTE0MjEwWhcN +NDYwNTMwMTE0MjEwWjBpMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx +FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxDDAKBgNVBAoMA01EQjEQMA4GA1UECwwH +RHJpdmVyczEPMA0GA1UEAwwGY2xpZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAp9c06q9VUpvRmaqU6y3z8mjDApdgfDOe9ZCKvTuU2CG3XUG6b09M +ZJSUw7FhNyTGkC+VauLP8r+VLYeSepn0CQvQHRyEJjrIwU2Z0NyngClBnBJ4ieOA +vJ1TA8t7/zVKvJGgDeSZwRZ9AW9wqA0lVGX6xux0X3n5SQnisxPYCQHaFtvxIxvd +C0n804hGrRxwjpal+NXZSdG6AG5IcS/zLy+C/SZsYRmUng8pBgyadPNaEBN6jIIC +L5QPIgg9JsJ1KhWKCZUvBnshto2qdZFr4yHlGGNejjBwhQmSw3lrm4xP/TOwWPVd +eADbwjlJ1ybl9zIo4ya8cApr6cu6QmrfywIDAQABo2QwYjAdBgNVHQ4EFgQU1aKR +s+y020aHbSsTpVcmfLPAqCQwHwYDVR0jBBgwFoAU7R0mLRtoLzfBIdU4uSQNaYmP +eG8wCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB +CwUAA4IBAQCaqWIGEPewAZoXKb+eaSa4MdiXujKE1s45UsY2xzGifkbSphdebdyA +5gQPEyEo0/zZXa2eZ9kMdBf36e5LVEXFBdM2emlTUYLFvLI4afcGhIX9cxtdiRR1 +PPONG3MZlVUKYvFatRzdsDjCC1SQwACvPma38oStnb4CCY3W7guTgks1rosm6q6d +zSR0Pp4JAABQaR6Zd6LqnF27Cc1e8fyBv0rkxty45Vpwqk/YhPm9Evd6xF1XnKpc +dOHQwwUNWdi/N1gC4dw6BydOeDoXa6ad6+Eus2M8GpN7Yiy22MQl1d6DdP6yMlBx +FM+uvMUzL20XOIQsyqvphH94FK/Ffw8u -----END CERTIFICATE----- diff --git a/test/certificates/crl.pem b/test/certificates/crl.pem index 733a0acdc0..9c0f0899ba 100644 --- a/test/certificates/crl.pem +++ b/test/certificates/crl.pem @@ -1,13 +1,12 @@ -----BEGIN X509 CRL----- -MIIB6jCB0wIBATANBgkqhkiG9w0BAQsFADB5MRswGQYDVQQDExJEcml2ZXJzIFRl -c3RpbmcgQ0ExEDAOBgNVBAsTB0RyaXZlcnMxEDAOBgNVBAoTB01vbmdvREIxFjAU -BgNVBAcTDU5ldyBZb3JrIENpdHkxETAPBgNVBAgTCE5ldyBZb3JrMQswCQYDVQQG -EwJVUxcNMTkwNTIyMjI0NTUzWhcNMTkwNjIxMjI0NTUzWjAVMBMCAncVFw0xOTA1 -MjIyMjQ1MzJaoA8wDTALBgNVHRQEBAICEAAwDQYJKoZIhvcNAQELBQADggEBACwQ -W9OF6ExJSzzYbpCRroznkfdLG7ghNSxIpBQUGtcnYbkP4em6TdtAj5K3yBjcKn4a -hnUoa5EJGr2Xgg0QascV/1GuWEJC9rsYYB9boVi95l1CrkS0pseaunM086iItZ4a -hRVza8qEMBc3rdsracA7hElYMKdFTRLpIGciJehXzv40yT5XFBHGy/HIT0CD50O7 -BDOHzA+rCFCvxX8UY9myDfb1r1zUW7Gzjn241VT7bcIJmhFE9oV0popzDyqr6GvP -qB2t5VmFpbnSwkuc4ie8Jizip1P8Hg73lut3oVAHACFGPpfaNIAp4GcSH61zJmff -9UBe3CJ1INwqyiuqGeA= +MIIB0jCBuwIBATANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzERMA8GA1UE +CAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01v +bmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMgVGVzdGlu +ZyBDQRcNMjYwNjA0MTE0MjEwWhcNNDYwNTMwMTE0MjEwWqAOMAwwCgYDVR0UBAMC +AQEwDQYJKoZIhvcNAQELBQADggEBAL9Sx5Q2z3yhREf0RZhpvayV/Ck3UOWqEVT5 +c+3yAjNsQrO2OD4Npks2qoopgSB8dfePZSZOfmzbSwiyPOPMs71VOwH2chmZ+3Xp +oDBPmVWsNzpK4fRbE86GIEwg2aBFLjOt4+KWFVftGDw9+Liozp+AWaBAUZTen8ac +eQLeACqbqvuriwqvtD6KCfVE3CDG+AK9CfCdlO52kpkfVBP/TG6FzRXp984Pa7Fg +ORKWRpHQ3XoQiKB6pUwUQdE5yGit1oXNRzouWRN0tq0BkvErQvq2RqKalwWJ65kx +KCWOrTBfDKS28R1P66Eo4+CaFdX4Xju2yCTQNYrg7MrG7T7TAFM= -----END X509 CRL----- diff --git a/test/certificates/gen-certs.sh b/test/certificates/gen-certs.sh new file mode 100755 index 0000000000..33689c3943 --- /dev/null +++ b/test/certificates/gen-certs.sh @@ -0,0 +1,190 @@ +#!/usr/bin/env bash +# Regenerate all TLS test certificates with proper Authority Key Identifier (AKI) +# and Subject Key Identifier (SKI) extensions. +# +# Usage: bash gen-certs.sh (run from test/certificates/) +# +# Prerequisites: OpenSSL 1.1+ or LibreSSL 3+ +# Password for password_protected.pem: qwerty +# See README.md for full details. + +set -euo pipefail + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +TMPDIR="$(mktemp -d)" +trap 'rm -rf "$TMPDIR"' EXIT + +DAYS=7300 # ~20 years + +# ---------------------------------------------------------------------------- +# OpenSSL extension config +# ---------------------------------------------------------------------------- +cat > "$TMPDIR/ext.cnf" << 'EOF' +[ v3_ca ] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer +basicConstraints = critical, CA:TRUE + +[ v3_server ] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer +subjectAltName = DNS:localhost, IP:127.0.0.1, IP:::1 + +[ v3_client ] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer +keyUsage = digitalSignature +extendedKeyUsage = clientAuth +EOF + +# ---------------------------------------------------------------------------- +# OpenSSL CA config (for CRL generation) +# ---------------------------------------------------------------------------- +mkdir -p "$TMPDIR/cadb/newcerts" +touch "$TMPDIR/cadb/index.txt" +printf '01\n' > "$TMPDIR/cadb/serial" +printf '01\n' > "$TMPDIR/cadb/crlnumber" + +cat > "$TMPDIR/ca.cnf" << EOF +[ ca ] +default_ca = CA_default + +[ CA_default ] +dir = $TMPDIR/cadb +new_certs_dir = $TMPDIR/cadb/newcerts +database = $TMPDIR/cadb/index.txt +serial = $TMPDIR/cadb/serial +crlnumber = $TMPDIR/cadb/crlnumber +certificate = $TMPDIR/ca.pem +private_key = $TMPDIR/ca.key +default_days = $DAYS +default_crl_days = $DAYS +default_md = sha256 +preserve = no +policy = policy_match + +[ policy_match ] +countryName = optional +stateOrProvinceName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional +EOF + +# ---------------------------------------------------------------------------- +# 1. Drivers Testing CA +# ---------------------------------------------------------------------------- +echo "==> Generating Drivers Testing CA..." +openssl genrsa -out "$TMPDIR/ca.key" 2048 2>/dev/null +openssl req -new -x509 -days $DAYS \ + -key "$TMPDIR/ca.key" \ + -out "$TMPDIR/ca.pem" \ + -subj "/C=US/ST=New York/L=New York City/O=MongoDB/OU=Drivers/CN=Drivers Testing CA" \ + -extensions v3_ca \ + -config "$TMPDIR/ext.cnf" + +cp "$TMPDIR/ca.pem" "$SCRIPT_DIR/ca.pem" +echo " ca.pem written" + +# ---------------------------------------------------------------------------- +# 2. Server certificate +# ---------------------------------------------------------------------------- +echo "==> Generating server certificate..." +openssl genrsa -out "$TMPDIR/server.key" 2048 2>/dev/null +openssl req -new \ + -key "$TMPDIR/server.key" \ + -out "$TMPDIR/server.csr" \ + -subj "/C=US/ST=New York/L=New York City/O=MongoDB/OU=Drivers/CN=localhost" +openssl x509 -req -days $DAYS \ + -in "$TMPDIR/server.csr" \ + -CA "$TMPDIR/ca.pem" \ + -CAkey "$TMPDIR/ca.key" \ + -CAcreateserial \ + -out "$TMPDIR/server.crt" \ + -extfile "$TMPDIR/ext.cnf" \ + -extensions v3_server 2>/dev/null + +# server.pem = private key + certificate +cat "$TMPDIR/server.key" "$TMPDIR/server.crt" > "$SCRIPT_DIR/server.pem" +echo " server.pem written" + +# ---------------------------------------------------------------------------- +# 3. Client certificate +# ---------------------------------------------------------------------------- +echo "==> Generating client certificate..." +openssl genrsa -out "$TMPDIR/client.key" 2048 2>/dev/null +openssl req -new \ + -key "$TMPDIR/client.key" \ + -out "$TMPDIR/client.csr" \ + -subj "/C=US/ST=New York/L=New York City/O=MDB/OU=Drivers/CN=client" +openssl x509 -req -days $DAYS \ + -in "$TMPDIR/client.csr" \ + -CA "$TMPDIR/ca.pem" \ + -CAkey "$TMPDIR/ca.key" \ + -CAserial "$TMPDIR/ca.srl" \ + -out "$TMPDIR/client.crt" \ + -extfile "$TMPDIR/ext.cnf" \ + -extensions v3_client 2>/dev/null + +# client.pem = private key + certificate +cat "$TMPDIR/client.key" "$TMPDIR/client.crt" > "$SCRIPT_DIR/client.pem" +echo " client.pem written" + +# ---------------------------------------------------------------------------- +# 4. Password-protected client certificate +# ---------------------------------------------------------------------------- +echo "==> Generating password-protected client certificate..." +openssl rsa -in "$TMPDIR/client.key" \ + -aes256 -passout pass:qwerty \ + -out "$TMPDIR/client_enc.key" 2>/dev/null + +# password_protected.pem = encrypted key + certificate (same cert as client) +cat "$TMPDIR/client_enc.key" "$TMPDIR/client.crt" > "$SCRIPT_DIR/password_protected.pem" +echo " password_protected.pem written (password: qwerty)" + +# ---------------------------------------------------------------------------- +# 5. CRL (empty — no revoked certs) +# ---------------------------------------------------------------------------- +echo "==> Generating CRL..." +openssl ca -config "$TMPDIR/ca.cnf" -gencrl -out "$SCRIPT_DIR/crl.pem" 2>/dev/null +echo " crl.pem written" + +# ---------------------------------------------------------------------------- +# 6. Trusted Kernel Test CA (trusted-ca.pem) +# A separate CA used in CA-bundle tests; does NOT sign server/client certs. +# ---------------------------------------------------------------------------- +echo "==> Generating Trusted Kernel Test CA..." +cat > "$TMPDIR/trusted_ext.cnf" << 'EOF' +[ v3_trusted_ca ] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer +basicConstraints = critical, CA:TRUE +EOF + +openssl genrsa -out "$TMPDIR/trusted_ca.key" 2048 2>/dev/null +openssl req -new -x509 -days $DAYS \ + -key "$TMPDIR/trusted_ca.key" \ + -out "$SCRIPT_DIR/trusted-ca.pem" \ + -subj "/C=US/ST=New York/L=New York City/O=MongoDB/OU=Kernel/CN=Trusted Kernel Test CA" \ + -extensions v3_trusted_ca \ + -config "$TMPDIR/trusted_ext.cnf" +echo " trusted-ca.pem written" + +# ---------------------------------------------------------------------------- +# Verify +# ---------------------------------------------------------------------------- +echo "" +echo "==> Verifying AKI is present..." +for cert in ca.pem server.pem client.pem trusted-ca.pem; do + result=$(openssl x509 -noout -text -in "$SCRIPT_DIR/$cert" 2>/dev/null | grep "Authority Key Identifier" | head -1) + if [ -n "$result" ]; then + echo " $cert: OK ($result)" + else + echo " $cert: MISSING AKI - check generation!" >&2 + exit 1 + fi +done + +echo "" +echo "Done. All certificates regenerated with AKI." diff --git a/test/certificates/password_protected.pem b/test/certificates/password_protected.pem index cc9e124703..7f9dfe45a7 100644 --- a/test/certificates/password_protected.pem +++ b/test/certificates/password_protected.pem @@ -1,51 +1,53 @@ -----BEGIN ENCRYPTED PRIVATE KEY----- -MIIFHzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQIC8as6PDVhwECAggA -MB0GCWCGSAFlAwQBAgQQTYOgCJcRqUI7dsgqNojv/ASCBNCG9fiu642V4AuFK34c -Q42lvy/cR0CIXLq/rDXN1L685kdeKex7AfDuRtnjY2+7CLJiJimgQNJXDJPHab/k -MBHbwbBs38fg6eSYX8V08/IyyTege5EJMhYxmieHDC3DXKt0gyHk6hA/r5+Mr49h -HeVGwqBLJEQ3gVIeHaOleZYspsXXWqOPHnFiqnk/biaJS0+LkDDEiQgTLEYSnOjP -lexxUc4BV/TN0Z920tZCMfwx7IXD/C+0AkV/Iqq4LALmT702EccB3indaIJ8biGR -radqDLR32Q+vT9uZHgT8EFiUsISMqhob2mnyTfFV/s9ghWwogjSz0HrRcq6fxdg7 -oeyT9K0ET53AGTGmV0206byPu6qCj1eNvtn+t1Ob+d5hecaTugRMVheWPlc5frsz -AcewDNa0pv4pZItjAGMqOPJHfzEDnzTJXpLqGYhg044H1+OCY8+1YK7U0u8dO+/3 -f5AoDMq18ipDVTFTooJURej4/Wjbrfad3ZFjp86nxfHPeWM1YjC9+IlLtK1wr0/U -V8TjGqCkw8yHayz01A86iA8X53YQBg+tyMGjxmivo6LgFGKa9mXGvDkN+B+0+OcA -PqldAuH/TJhnkqzja767e4n9kcr+TmV19Hn1hcJPTDrRU8+sSqQFsWN4pvHazAYB -UdWie+EXI0eU2Av9JFgrVcpRipXjB48BaPwuBw8hm+VStCH7ynF4lJy6/3esjYwk -Mx+NUf8+pp1DRzpzuJa2vAutzqia5r58+zloQMxkgTZtJkQU6OCRoUhHGVk7WNb1 -nxsibOSzyVSP9ZNbHIHAn43vICFGrPubRs200Kc4CdXsOSEWoP0XYebhiNJgGtQs -KoISsV4dFRLwhaJhIlayTBQz6w6Ph87WbtuiAqoLiuqdXhUGz/79j/6JZqCH8t/H -eZs4Dhu+HdD/wZKJDYAS+JBsiwYWnI3y/EowZYgLdOMI4u6xYDejhxwEw20LW445 -qjJ7pV/iX2uavazHgC91Bfd4zodfXIQ1IDyTmb51UFwx0ARzG6enntduO6xtcYU9 -MXwfrEpuZ/MkWTLkR0PHPbIPcR1MiVwPKdvrLk42Bzj/urtXYrAFUckMFMzEh+uv -0lix2hbq/Xwj4dXcY4w9hnC6QQDCJTf9S6MU6OisrZHKk0qZ2Vb4aU/eBcBsHBwo -X/QGcDHneHxlrrs2eLX26Vh8Odc5h8haeIxnfaa1t+Yv56OKHuAztPMnJOUL7KtQ -A556LxT0b5IGx0RcfUcbG8XbxEHseACptoDOoguh9923IBI0uXmpi8q0P815LPUu -0AsE47ATDMGPnXbopejRDicfgMGjykJn8vKO8r/Ia3Fpnomx4iJNCXGqomL+GMpZ -IhQbKNrRG6XZMlx5kVCT0Qr1nOWMiOTSDCQ5vrG3c1Viu+0bctvidEvs+LCm98tb -7ty8F0uOno0rYGNQz18OEE1Tj+E19Vauz1U35Z5SsgJJ/GfzhSJ79Srmdg2PsAzk -AUNTKXux1GLf1cMjTiiU5g+tCEtUL9Me7lsv3L6aFdrCyRbhXUQfJh4NAG8+3Pvh -EaprThBzKsVvbOfU81mOaH9YMmUgmxG86vxDiNtaWd4v6c1k+HGspJr/q49pcXZP -ltBMuS9AihstZ1sHJsyQCmNXkA== +MIIFNTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQKb6V8p8vtC23xKAM +DjowVQICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEECts1AXkxzEUdhl5 +4whQx6IEggTQpAjBXy1MHrgeHutm9BlTE6qd8DlAb928ul8M9utdoL8zCqSE/sVQ +vLo/WWjJ8qXzgRLvIQHEkpP1EmZ7aEHin6dWWJbPl1ENN2klC55ZlKf9bfFqtz12 +WSx0ZvEHfG02WPPyspT8uQ4uksL4EM9zap7h1GtOAeyxAQF9TqOdOcQnlnI4nyXH +YDcp7Ge/zSZKQdgNRid9T3Vw4EwGcmpYH3W34q36xcp5Dl88gGdueoMHbMgWYJx3 +Ng1pJ6yVc7CHCByGHT7WsRIeqsjyTHIPjbh66fKUy0tNLV5OJBd7Btm5d2ZzCere +oZGrW1AkWkvMM9KOZLz6UVIs63k1ffaVqrB5Br27K2hQGjuNvvh8mI0KmXCSDQmb +gVMFVCuWHMx6EJCDbuP+xceHs5+Af6KRavi+Lr7VVNom06Gxgjk/+gtAxS1cDt66 +NAmSxUTV+j+6Uva1mA87rfD6L0eYrE2QY8ogQY9HqKivWsj6nbhwVE1C+xU/zDua +FNHSjaRlXNbtCeYHBdBHVpR/SvcicCj/6vwjQd00hwZly0CXkmKmIR0UVx7rM+0q +yindY4Pyja8xqQERZcKGylmqkcGZFumpLoGDzCYqgKP8d0cGJRq5ow+oT3Rqi3Zi +S+oN9J3ls9zE5lHvFeGX/+jtCYs1QFokHoktKfg9OQNSrVLrPisalOL5Uel1VblS +rpmv8Ux5mffT3XLIYXyA817fKPfivrl9Nzgf4hsyk2NtoBIbakHKga7ckwbh6tXa +kbqukeHsRIIjYMixfvL21edcjCSTelFWSndAQPw4gPa7kgUO6+FRUSvr/nYsNAaR +bzw3jmezlT57E+iJyy/qlRJIeLHESUxc9nmhGE5f/5m5O2a1oNDiu8FCqkfDXD8Z +d8BNyD8LQt9quhmLSbz2VYnN9W9LOIF7cRLWGGylUhqA4yvZcpgpTfaCjFpMVuRT +PLpBpUbELlIThr2RnxcRDgEAITLtBCR5ZN2exW+OqSDvtoaIE9j1PCl0IRooieGI +wIcsoO/HGTK5WY7oRXgJ0UOxzB4L7hv5ZBlWtU9PQZwylBYjmE6IWBwUNXx1cpaV +bQpQygGJbGQNiqOYHvwQvMDbnlf1+KzrcXmiD29bTWOQYHO4dvku9uN/NZtynfgB +EmysMi1YTj6YyiIByOJQDvEKSj2XPJ6r7CP1oCpY+GSy8YnYHkWwlMOVkN7TjJX2 +g5ti/UGZpwr0RkhYbqCX4NGoUCrUER22NYsJqirJDHMZVGgpTKIQAklFz6igVjSy +vQyYTfqhCQgVtq+wcOJKQklMNserzXSC0CTkBXKRNfIUUUZxp9eri/eCIl3dPTr1 +boRaYCtlbhyTywuJdn1yVME71uhfyYeFhi1xLxo2myC3vw9natBAyUNCUdOOrKBa +RtO9vQgV9xVBFK8Ju3A3if/Abxxmbgev+ZS/4eOs7YD/VVOlGSYXyLzBT49KDXn1 +6Rwzqy19VHgbDkGr5NmEycYtUNZ46Kwk5zUjzeJ7Wgy07flbsK1MQkU1CapgklR+ +CplCKT5483NeP7n+K/qxTWj281W+/28ajogcmWi6rPew1UvtaTbxI/QH9CZSLnk6 +lUGQ7yoXKT+MB2a58j2ejj6XIQ4oXNyZOAERCD+a4x0VZzmHWqirn4o= -----END ENCRYPTED PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIIDgzCCAmugAwIBAgIDBXUHMA0GCSqGSIb3DQEBCwUAMHkxGzAZBgNVBAMTEkRy -aXZlcnMgVGVzdGluZyBDQTEQMA4GA1UECxMHRHJpdmVyczEQMA4GA1UEChMHTW9u -Z29EQjEWMBQGA1UEBxMNTmV3IFlvcmsgQ2l0eTERMA8GA1UECBMITmV3IFlvcmsx -CzAJBgNVBAYTAlVTMB4XDTE5MDUyMzAwMDEyOVoXDTM5MDUyMzAwMDEyOVowaTEP -MA0GA1UEAxMGY2xpZW50MRAwDgYDVQQLEwdEcml2ZXJzMQwwCgYDVQQKEwNNREIx -FjAUBgNVBAcTDU5ldyBZb3JrIENpdHkxETAPBgNVBAgTCE5ldyBZb3JrMQswCQYD -VQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOqCb0Lo4XsV -W327Wlnqc5rwWa5Elw0rFuehSfViRIcYfuFWAPXoOj3fIDsYz6d41G8hp6tkF88p -swlbzDF8Fc7mXDhauwwl2F/NrWYUXwCT8fKju4DtGd2JlDMi1TRDeofkYCGVPp70 -vNqd0H8iDWWs8OmiNrdBLJwNiGaf9y15ena4ImQGitXLFn+qNSXYJ1Rs8p7Y2PTr -L+dff5gJCVbANwGII1rjMAsrMACPVmr8c1Lxoq4fSdJiLweosrv2Lk0WWGsO0Seg -ZY71dNHEyNjItE+VtFEtslJ5L261i3BfF/FqNnH2UmKXzShwfwxyHT8o84gSAltQ -5/lVJ4QQKosCAwEAAaMkMCIwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUF -BwMCMA0GCSqGSIb3DQEBCwUAA4IBAQBOAlKxIMFcTZ+4k8NJv97RSf+zOb5Wu2ct -uxSZxzgKTxLFUuEM8XQiEz1iHQ3XG+uV1fzA74YLQiKjjLrU0mx54eM1vaRtOXvF -sJlzZU8Z2+523FVPx4HBPyObQrfXmIoAiHoQ4VUeepkPRpXxpifgWd/OCWhLDr2/ -0Kgcb0ybaGVDpA0UD9uVIwgFjRu6id7wG+lVcdRxJYskTOOaN2o1hMdAKkrpFQbd -zNRfEoBPUYR3QAmAKP2HBjpgp4ktOHoOKMlfeAuuMCUocSnmPKc3xJaH/6O7rHcf -/Rm0X411RH8JfoXYsSiPsd601kZefhuWvJH0sJLibRDvT7zs8C1v +MIID1DCCArygAwIBAgIUKSPIVx8fGO7AXQ+UCeOeYSt3H9MwDQYJKoZIhvcNAQEL +BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O +ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTE0MjEwWhcN +NDYwNTMwMTE0MjEwWjBpMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx +FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxDDAKBgNVBAoMA01EQjEQMA4GA1UECwwH +RHJpdmVyczEPMA0GA1UEAwwGY2xpZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAp9c06q9VUpvRmaqU6y3z8mjDApdgfDOe9ZCKvTuU2CG3XUG6b09M +ZJSUw7FhNyTGkC+VauLP8r+VLYeSepn0CQvQHRyEJjrIwU2Z0NyngClBnBJ4ieOA +vJ1TA8t7/zVKvJGgDeSZwRZ9AW9wqA0lVGX6xux0X3n5SQnisxPYCQHaFtvxIxvd +C0n804hGrRxwjpal+NXZSdG6AG5IcS/zLy+C/SZsYRmUng8pBgyadPNaEBN6jIIC +L5QPIgg9JsJ1KhWKCZUvBnshto2qdZFr4yHlGGNejjBwhQmSw3lrm4xP/TOwWPVd +eADbwjlJ1ybl9zIo4ya8cApr6cu6QmrfywIDAQABo2QwYjAdBgNVHQ4EFgQU1aKR +s+y020aHbSsTpVcmfLPAqCQwHwYDVR0jBBgwFoAU7R0mLRtoLzfBIdU4uSQNaYmP +eG8wCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB +CwUAA4IBAQCaqWIGEPewAZoXKb+eaSa4MdiXujKE1s45UsY2xzGifkbSphdebdyA +5gQPEyEo0/zZXa2eZ9kMdBf36e5LVEXFBdM2emlTUYLFvLI4afcGhIX9cxtdiRR1 +PPONG3MZlVUKYvFatRzdsDjCC1SQwACvPma38oStnb4CCY3W7guTgks1rosm6q6d +zSR0Pp4JAABQaR6Zd6LqnF27Cc1e8fyBv0rkxty45Vpwqk/YhPm9Evd6xF1XnKpc +dOHQwwUNWdi/N1gC4dw6BydOeDoXa6ad6+Eus2M8GpN7Yiy22MQl1d6DdP6yMlBx +FM+uvMUzL20XOIQsyqvphH94FK/Ffw8u -----END CERTIFICATE----- diff --git a/test/certificates/server.pem b/test/certificates/server.pem index e745e037fc..5540b38ca5 100644 --- a/test/certificates/server.pem +++ b/test/certificates/server.pem @@ -1,49 +1,51 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAhNrB0E6GY/kFSd8/vNpu/t952tbnOsD5drV0XPvmuy7SgKDY -a/S+xb/jPnlZKKehdBnH7qP/gYbv34ZykzcDFZscjPLiGc2cRGP+NQCSFK0d2/7d -y15zSD3zhj14G8+MkpAejTU+0/qFNZMc5neDvGanTe0+8aWa0DXssM0MuTxIv7j6 -CtsMWeqLLofN7a1Kw2UvmieCHfHMuA/08pJwRnV/+5T9WONBPJja2ZQRrG1BjpI4 -81zSPUZesIqi8yDlExdvgNaRZIEHi/njREqwVgJOZomUY57zmKypiMzbz48dDTsV -gUStxrEqbaP+BEjQYPX5+QQk4GdMjkLf52LR6QIDAQABAoIBAHSs+hHLJNOf2zkp -S3y8CUblVMsQeTpsR6otaehPgi9Zy50TpX4KD5D0GMrBH8BIl86y5Zd7h+VlcDzK -gs0vPxI2izhuBovKuzaE6rf5rFFkSBjxGDCG3o/PeJOoYFdsS3RcBbjVzju0hFCs -xnDQ/Wz0anJRrTnjyraY5SnQqx/xuhLXkj/lwWoWjP2bUqDprnuLOj16soNu60Um -JziWbmWx9ty0wohkI/8DPBl9FjSniEEUi9pnZXPElFN6kwPkgdfT5rY/TkMH4lsu -ozOUc5xgwlkT6kVjXHcs3fleuT/mOfVXLPgNms85JKLucfd6KiV7jYZkT/bXIjQ+ -7CZEn0ECgYEA5QiKZgsfJjWvZpt21V/i7dPje2xdwHtZ8F9NjX7ZUFA7mUPxUlwe -GiXxmy6RGzNdnLOto4SF0/7ebuF3koO77oLup5a2etL+y/AnNAufbu4S5D72sbiz -wdLzr3d5JQ12xeaEH6kQNk2SD5/ShctdS6GmTgQPiJIgH0MIdi9F3v0CgYEAlH84 -hMWcC+5b4hHUEexeNkT8kCXwHVcUjGRaYFdSHgovvWllApZDHSWZ+vRcMBdlhNPu -09Btxo99cjOZwGYJyt20QQLGc/ZyiOF4ximQzabTeFgLkTH3Ox6Mh2Rx9yIruYoX -nE3UfMDkYELanEJUv0zenKpZHw7tTt5yXXSlEF0CgYBSsEOvVcKYO/eoluZPYQAA -F2jgzZ4HeUFebDoGpM52lZD+463Dq2hezmYtPaG77U6V3bUJ/TWH9VN/Or290vvN -v83ECcC2FWlSXdD5lFyqYx/E8gqE3YdgqfW62uqM+xBvoKsA9zvYLydVpsEN9v8m -6CSvs/2btA4O21e5u5WBTQKBgGtAb6vFpe0gHRDs24SOeYUs0lWycPhf+qFjobrP -lqnHpa9iPeheat7UV6BfeW3qmBIVl/s4IPE2ld4z0qqZiB0Tf6ssu/TpXNPsNXS6 -dLFz+myC+ufFdNEoQUtQitd5wKbjTCZCOGRaVRgJcSdG6Tq55Fa22mOKPm+mTmed -ZdKpAoGAFsTYBAHPxs8nzkCJCl7KLa4/zgbgywO6EcQgA7tfelB8bc8vcAMG5o+8 -YqAfwxrzhVSVbJx0fibTARXROmbh2pn010l2wj3+qUajM8NiskCPFbSjGy7HSUze -P8Kt1uMDJdj55gATzn44au31QBioZY2zXleorxF21cr+BZCJgfA= ------END RSA PRIVATE KEY----- ------BEGIN CERTIFICATE----- -MIIDlTCCAn2gAwIBAgICdxUwDQYJKoZIhvcNAQELBQAweTEbMBkGA1UEAxMSRHJp -dmVycyBUZXN0aW5nIENBMRAwDgYDVQQLEwdEcml2ZXJzMRAwDgYDVQQKEwdNb25n -b0RCMRYwFAYDVQQHEw1OZXcgWW9yayBDaXR5MREwDwYDVQQIEwhOZXcgWW9yazEL -MAkGA1UEBhMCVVMwHhcNMTkwNTIyMjIzMjU2WhcNMzkwNTIyMjIzMjU2WjBwMRIw -EAYDVQQDEwlsb2NhbGhvc3QxEDAOBgNVBAsTB0RyaXZlcnMxEDAOBgNVBAoTB01v -bmdvREIxFjAUBgNVBAcTDU5ldyBZb3JrIENpdHkxETAPBgNVBAgTCE5ldyBZb3Jr -MQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAITa -wdBOhmP5BUnfP7zabv7fedrW5zrA+Xa1dFz75rsu0oCg2Gv0vsW/4z55WSinoXQZ -x+6j/4GG79+GcpM3AxWbHIzy4hnNnERj/jUAkhStHdv+3ctec0g984Y9eBvPjJKQ -Ho01PtP6hTWTHOZ3g7xmp03tPvGlmtA17LDNDLk8SL+4+grbDFnqiy6Hze2tSsNl -L5ongh3xzLgP9PKScEZ1f/uU/VjjQTyY2tmUEaxtQY6SOPNc0j1GXrCKovMg5RMX -b4DWkWSBB4v540RKsFYCTmaJlGOe85isqYjM28+PHQ07FYFErcaxKm2j/gRI0GD1 -+fkEJOBnTI5C3+di0ekCAwEAAaMwMC4wLAYDVR0RBCUwI4IJbG9jYWxob3N0hwR/ -AAABhxAAAAAAAAAAAAAAAAAAAAABMA0GCSqGSIb3DQEBCwUAA4IBAQBol8+YH7MA -HwnIh7KcJ8h87GkCWsjOJCDJWiYBJArQ0MmgDO0qdx+QEtvLMn3XNtP05ZfK0WyX -or4cWllAkMFYaFbyB2hYazlD1UAAG+22Rku0UP6pJMLbWe6pnqzx+RL68FYdbZhN -fCW2xiiKsdPoo2VEY7eeZKrNr/0RFE5EKXgzmobpTBQT1Dl3Ve4aWLoTy9INlQ/g -z40qS7oq1PjjPLgxINhf4ncJqfmRXugYTOnyFiVXLZTys5Pb9SMKdToGl3NTYWLL -2AZdjr6bKtT+WtXyHqO0cQ8CkAW0M6VOlMluACllcJxfrtdlQS2S4lUIj76QKBdZ -khBHXq/b8MFX ------END CERTIFICATE----- +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCUPK25g5b88xaz +AOQnx1u2oAANgl66JUXF6EDVYojoyH1f8t7yvEIQ7ZS1bupDuIg1lsypAf0VWFYa +5t+2n066XFr1cOl7W+h4nNoTm4uVV5ExZbs2w+TEvzlP7ef6Jo+p3lxCiuXh86Wf +vk/WuIlcGSUn600HrJaKnCIjHoD98iFXLRZpABS7pF8z+b8FxyJEHiiCi7auBo4I +0QLd4w22yl2cAjGb0Jr83KqqN5oii6L8xWwHrKz47Er154xq4/3rHNBWfbhGtfQT +ixB3W+IY8fOaM+cWNCa9MAtbEqj5x9zYDAnCmyUxpPywyFONBTftANiO7E0VVLAk +7vWtL/R5AgMBAAECggEABVyFzVjkuXSyqc9qxm7fx/oqJlLvHtJsSfJ9gyTo3hUq +Rlx1aILF7PDQLm5li1ooQFqaP7PyYGGX3lSNW4CQNg39vYoo7QJE+op0b2hyeE34 +0rg4OOHa61bIjuCEQbg//UfX6bw2Vkwb/cFssnptgBGUwMiHj7MpUA1s7/zmyMh5 +WZ194M/Fb8Oi3yuzngUnxqo8fBUVy1e/HMERLJCI1ifOjQ/3LRjDLHS3vSUUHJNK +fEIwFHIuVRKeT15qH1WiQHo9u2Gf/uRoxSuo6ZI4R8+/81ungk0wHbCG9FkA5zZT +6KJb2aeSY/2I4GhSEM7X/mHSrRlPIixzo6fzJd4JgQKBgQDNiH3/+6QKbIFRqNVG +uTOdY1TWuzPrqYIWyHLR1J/65tHxD6rJmzyJ8ETLH9VA85K0btTfzA83fJnRVTz8 +ouuLDeuMug8V2vCGJ4C7XRtp+4JYrKYmYQXGnW8UdsOUfTfFe0W5j71eVopCUIXo +mwhs//cJqQaZBzBIzodipjaHCQKBgQC4oqLm8hhwvrHe1ez63gHPkAkrFGUEwJkU +vF7Y6Rvlxe3Dd7q0v60OyyftKeLqKLyf1XjYaeI1O7Tb+4aCDleI65yF7cp3mLEy +kQU/VVCBZlV1XiJXaS5CJhen/ftaBDAi/qPqmonRjy/yXPZMJqFM+LjonGK+g+ip +tf6U9Hxt8QKBgCDmt5zRsInGotDqoPGIVh3ct8kEAKS55sw03ESAr/dfGb5oDqPl +SMSgBLMrblzOYO6nS0ZkCQ+Nz6W16mRaxC/nU4ycgCu0d4pSKoZTuj6190Cwqow8 +Pct0ikKRXG+Zt+LR//BbdSnz2oARGc6JesjQFMCkIR1ADFerT/rXtqTZAoGAOc65 +4EL2Qf6CpDkobFcsC/eV10YYZseCZkqgC5vYnzU8PxHyg/rrTRFwW8HciOHeRNDK +eD+WkoIyGxoCQCALahQSup/73zwQZrue//hPL2SB5zBk4idNU2qnx3Iuyz06cQp2 ++dIOymzhXymZ97e0kuvgwPuNswaLxu7zWWG+v5ECgYEAxpP+XbrDVAe696v5vQD8 +4w9LmqULtGAZyfLh3K5Fz8yRPP7uHsKivN8niaTWTGIGmD6Bk2aCdYgON0qp4fD6 +ICN+0lLcDPLcFy+qLACCP9BEONlXyihQGhwsQ3Z+n4bNyJ0kO8f/08UFxfz1xsO1 +y5FdRXA63aJyy1dEkpRauaM= +-----END PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIID5zCCAs+gAwIBAgIUKSPIVx8fGO7AXQ+UCeOeYSt3H9IwDQYJKoZIhvcNAQEL +BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O +ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTE0MjEwWhcN +NDYwNTMwMTE0MjEwWjBwMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx +FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV +BAsMB0RyaXZlcnMxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBAJQ8rbmDlvzzFrMA5CfHW7agAA2CXrolRcXoQNViiOjI +fV/y3vK8QhDtlLVu6kO4iDWWzKkB/RVYVhrm37afTrpcWvVw6Xtb6Hic2hObi5VX +kTFluzbD5MS/OU/t5/omj6neXEKK5eHzpZ++T9a4iVwZJSfrTQesloqcIiMegP3y +IVctFmkAFLukXzP5vwXHIkQeKIKLtq4GjgjRAt3jDbbKXZwCMZvQmvzcqqo3miKL +ovzFbAesrPjsSvXnjGrj/esc0FZ9uEa19BOLEHdb4hjx85oz5xY0Jr0wC1sSqPnH +3NgMCcKbJTGk/LDIU40FN+0A2I7sTRVUsCTu9a0v9HkCAwEAAaNwMG4wHQYDVR0O +BBYEFBOeLQ+CZYYAupW/IQXqUlBMjEdTMB8GA1UdIwQYMBaAFO0dJi0baC83wSHV +OLkkDWmJj3hvMCwGA1UdEQQlMCOCCWxvY2FsaG9zdIcEfwAAAYcQAAAAAAAAAAAA +AAAAAAAAATANBgkqhkiG9w0BAQsFAAOCAQEAP3OaQwijfrhDeJnQEiCLzhuyqh1B +7oWgC9CFG75Qe2VUVXcyIhhgYRE9SNUxv4v8VGEUB1HZmgMBO95xdKGCyIbkPmjI +qyXcGtJwBv4Uj2Fv5pswxMjInCE2qPHK162H2JG1nwRLertiOEvnLca1J9lysaIn +R2O6Ur0AwkWCnssD3z51SYt3xF+veFAMka8elQTMuj6LxerKf6SwaNo2zt24MrKh +zMAHfjrEVAAATUMcDchbcUd2E/DhbdbVEA4r4k4snB9Yg+5PouB824dqiwXiBHu3 +Ka+nFf/Pv+XVjR1pnVbiBaPnYxs+i+z0f3XMN1YMVNZpKF3ure94FQReHQ== +-----END CERTIFICATE----- diff --git a/test/certificates/trusted-ca.pem b/test/certificates/trusted-ca.pem index a6f6f312d0..d10496e8ab 100644 --- a/test/certificates/trusted-ca.pem +++ b/test/certificates/trusted-ca.pem @@ -1,82 +1,23 @@ -# CA bundle file used to test tlsCAFile loading for OCSP. -# Copied from the server: -# https://github.com/mongodb/mongo/blob/r4.3.4/jstests/libs/trusted-ca.pem - -# Autogenerated file, do not edit. -# Generate using jstests/ssl/x509/mkcert.py --config jstests/ssl/x509/certs.yml trusted-ca.pem -# -# CA for alternate client/server certificate chain. -----BEGIN CERTIFICATE----- -MIIDojCCAooCBG585gswDQYJKoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMxETAP -BgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1OZXcgWW9yayBDaXR5MRAwDgYDVQQK -DAdNb25nb0RCMQ8wDQYDVQQLDAZLZXJuZWwxHzAdBgNVBAMMFlRydXN0ZWQgS2Vy -bmVsIFRlc3QgQ0EwHhcNMTkwOTI1MjMyNzQxWhcNMzkwOTI3MjMyNzQxWjB8MQsw -CQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3Jr -IENpdHkxEDAOBgNVBAoMB01vbmdvREIxDzANBgNVBAsMBktlcm5lbDEfMB0GA1UE -AwwWVHJ1c3RlZCBLZXJuZWwgVGVzdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBANlRxtpMeCGhkotkjHQqgqvO6O6hoRoAGGJlDaTVtqrjmC8nwySz -1nAFndqUHttxS3A5j4enOabvffdOcV7+Z6vDQmREF6QZmQAk81pmazSc3wOnRiRs -AhXjld7i+rhB50CW01oYzQB50rlBFu+ONKYj32nBjD+1YN4AZ2tuRlbxfx2uf8Bo -Zowfr4n9nHVcWXBLFmaQLn+88WFO/wuwYUOn6Di1Bvtkvqum0or5QeAF0qkJxfhg -3a4vBnomPdwEXCgAGLvHlB41CWG09EuAjrnE3HPPi5vII8pjY2dKKMomOEYmA+KJ -AC1NlTWdN0TtsoaKnyhMMhLWs3eTyXL7kbkCAwEAAaMxMC8wDAYDVR0TBAUwAwEB -/zAfBgNVHREEGDAWgglsb2NhbGhvc3SCCTEyNy4wLjAuMTANBgkqhkiG9w0BAQsF -AAOCAQEAQk56MO9xAhtO077COCqIYe6pYv3uzOplqjXpJ7Cph7GXwQqdFWfKls7B -cLfF/fhIUZIu5itStEkY+AIwht4mBr1F5+hZUp9KZOed30/ewoBXAUgobLipJV66 -FKg8NRtmJbiZrrC00BSO+pKfQThU8k0zZjBmNmpjxnbKZZSFWUKtbhHV1vujver6 -SXZC7R6692vLwRBMoZxhgy/FkYRdiN0U9wpluKd63eo/O02Nt6OEMyeiyl+Z3JWi -8g5iHNrBYGBbGSnDOnqV6tjEY3eq600JDWiodpA1OQheLi78pkc/VQZwof9dyBCm -6BoCskTjip/UB+vIhdPFT9sgUdgDTg== ------END CERTIFICATE----- ------BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDZUcbaTHghoZKL -ZIx0KoKrzujuoaEaABhiZQ2k1baq45gvJ8Mks9ZwBZ3alB7bcUtwOY+Hpzmm7333 -TnFe/merw0JkRBekGZkAJPNaZms0nN8Dp0YkbAIV45Xe4vq4QedAltNaGM0AedK5 -QRbvjjSmI99pwYw/tWDeAGdrbkZW8X8drn/AaGaMH6+J/Zx1XFlwSxZmkC5/vPFh -Tv8LsGFDp+g4tQb7ZL6rptKK+UHgBdKpCcX4YN2uLwZ6Jj3cBFwoABi7x5QeNQlh -tPRLgI65xNxzz4ubyCPKY2NnSijKJjhGJgPiiQAtTZU1nTdE7bKGip8oTDIS1rN3 -k8ly+5G5AgMBAAECggEAS7GjLKgT88reSzUTgubHquYf1fZwMak01RjTnsVdoboy -aMJVwzPsjgo2yEptUQvuNcGmz54cg5vJaVlmPaspGveg6WGaRmswEo/MP4GK98Fo -IFKkKM2CEHO74O14XLN/w8yFA02+IdtM3X/haEFE71VxXNmwawRXIBxN6Wp4j5Fb -mPLKIspnWQ/Y/Fn799sCFAzX5mKkbCt1IEgKssgQQEm1UkvmCkcZE+mdO/ErYP8A -COO0LpM+TK6WQY2LKiteeCCiosTZFb1GO7MkXrRP5uOBZKaW5kq1R0b6PcopJPCM -OcYF0Zli6KB7oiQLdXgU2jCaxYOnuRb6RYh2l7NvAQKBgQD6CZ9TKOn/EUQtukyw -pvYTyt1hoLXqYGcbRtLc1gcC+Z2BD28hd3eD/mEUv+g/8bq/OP4wYV9X+VRvR8xN -MmfAG/sJeOCOClz1A1TyNeA+G0GZ25qWHyHQ2W4WlSG1CXQgxGzU6wo/t6wiVW5R -O4jplFVEOXznf4vmVfBJK50R2QKBgQDegGxm23jF2N5sIYDZ14oxms8bbjPz8zH6 -tiIRYNGbSzI7J4KFGY2HiBwtf1yxS22HBL69Y1WrEzGm1vm4aZG/GUwBzI79QZAO -+YFIGaIrdlv12Zm6lpJMmAWlOs9XFirC17oQEwOQFweOdQSt7F/+HMZOigdikRBV -pK+8Kfay4QKBgQDarDevHwUmkg8yftA7Xomv3aenjkoK5KzH6jTX9kbDj1L0YG8s -sbLQuVRmNUAFTH+qZUnJPh+IbQIvIHfIu+CI3u+55QFeuCl8DqHoAr5PEr9Ys/qK -eEe2w7HIBj0oe1AYqDEWNUkNWLEuhdCpMowW3CeGN1DJlX7gvyAang4MYQKBgHwM -aWNnFQxo/oiWnTnWm2tQfgszA7AMdF7s0E2UBwhnghfMzU3bkzZuwhbznQATp3rR -QG5iRU7dop7717ni0akTN3cBTu8PcHuIy3UhJXLJyDdnG/gVHnepgew+v340E58R -muB/WUsqK8JWp0c4M8R+0mjTN47ShaLZ8EgdtTbBAoGBAKOcpuDfFEMI+YJgn8zX -h0nFT60LX6Lx+zcSDY9+6J6a4n5NhC+weYCDFOGlsLka1SwHcg1xanfrLVjpH7Ok -HDJGLrSh1FP2Rq/oFxZ/OKCjonHLa8IulqD/AA+sqYRbysKNsT3Pi0554F2xFEqQ -z/C84nlT1R2uTCWIxvrnpU2h ------END PRIVATE KEY----- -# Pre Oct 2019 trusted-ca.pem -# Transitional pending BUILD update. ------BEGIN CERTIFICATE----- -MIIDpjCCAo6gAwIBAgIDAghHMA0GCSqGSIb3DQEBBQUAMHwxHzAdBgNVBAMTFlRy -dXN0ZWQgS2VybmVsIFRlc3QgQ0ExDzANBgNVBAsTBktlcm5lbDEQMA4GA1UEChMH -TW9uZ29EQjEWMBQGA1UEBxMNTmV3IFlvcmsgQ2l0eTERMA8GA1UECBMITmV3IFlv -cmsxCzAJBgNVBAYTAlVTMB4XDTE2MDMzMTE0NTY1NVoXDTM2MDMzMTE0NTY1NVow -fDEfMB0GA1UEAxMWVHJ1c3RlZCBLZXJuZWwgVGVzdCBDQTEPMA0GA1UECxMGS2Vy -bmVsMRAwDgYDVQQKEwdNb25nb0RCMRYwFAYDVQQHEw1OZXcgWW9yayBDaXR5MREw -DwYDVQQIEwhOZXcgWW9yazELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUA -A4IBDwAwggEKAoIBAQCePFHZTydC96SlSHSyu73vw//ddaE33kPllBB9DP2L7yRF -6D/blFmno9fSM+Dfg64VfGV+0pCXPIZbpH29nzJu0DkvHzKiWK7P1zUj8rAHaX++ -d6k0yeTLFM9v+7YE9rHoANVn22aOyDvTgAyMmA0CLn+SmUy6WObwMIf9cZn97Znd -lww7IeFNyK8sWtfsVN4yRBnjr7kKN2Qo0QmWeFa7jxVQptMJQrY8k1PcyVUOgOjQ -ocJLbWLlm9k0/OMEQSwQHJ+d9weUbKjlZ9ExOrm4QuuA2tJhb38baTdAYw3Jui4f -yD6iBAGD0Jkpc+3YaWv6CBmK8NEFkYJD/gn+lJ75AgMBAAGjMTAvMAwGA1UdEwQF -MAMBAf8wHwYDVR0RBBgwFoIJbG9jYWxob3N0ggkxMjcuMC4wLjEwDQYJKoZIhvcN -AQEFBQADggEBADYikjB6iwAUs6sglwkE4rOkeMkJdRCNwK/5LpFJTWrDjBvBQCdA -Y5hlAVq8PfIYeh+wEuSvsEHXmx7W29X2+p4VuJ95/xBA6NLapwtzuiijRj2RBAOG -1EGuyFQUPTL27DR3+tfayNykDclsVDNN8+l7nt56j8HojP74P5OMHtn+6HX5+mtF -FfZMTy0mWguCsMOkZvjAskm6s4U5gEC8pYEoC0ZRbfUdyYsxZe/nrXIFguVlVPCB -XnfB/0iG9t+VH5cUVj1LP9skXTW4kXfhQmljUuo+EVBNR6n2nfTnpoC65WeAgHV4 -V+s9mJsUv2x72KtKYypqEVT0gaJ1WIN9N1s= +MIID2TCCAsGgAwIBAgIUQCWo/PU6IvM6irHYGWdpa3ARHxYwDQYJKoZIhvcNAQEL +BQAwfDELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O +ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMQ8wDQYDVQQLDAZLZXJuZWwx +HzAdBgNVBAMMFlRydXN0ZWQgS2VybmVsIFRlc3QgQ0EwHhcNMjYwNjA0MTE0MjEw +WhcNNDYwNTMwMTE0MjEwWjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlv +cmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxDzAN +BgNVBAsMBktlcm5lbDEfMB0GA1UEAwwWVHJ1c3RlZCBLZXJuZWwgVGVzdCBDQTCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJyY5r4OksZl5CfOZWo+0gk1 +5sSpAr/B4iQPUdA4jQhi5ITfWjHoCB/qvGxW+HZIVe5ojPjfZ7FSum0RKu3XwM8n +nf3uqedHNq2ECSA+h652/Sv6ddT1qmT+UPSo/iRpAIeummTt6/X1aneIz4UtOfl+ +VU2g6mXUZtre/ZOEHruBOhNm1X+usk9BkGpXaeZWqJrLvEQCfmI+uoFxlt3B4V9G +ck/VLOitsr8zGszPe1b1fKmbah4vCDR7VXZx3K6RvMWihkcNlGriROO2OJIBIK8u +XU5pq5l8ltysSrop9RPGY6CROJXP7GYBI58kA6/GDd9288x+4QPuafif/jefrZkC +AwEAAaNTMFEwHQYDVR0OBBYEFAQGvt0Na7xdR65/dDTJ0VAg1mBVMB8GA1UdIwQY +MBaAFAQGvt0Na7xdR65/dDTJ0VAg1mBVMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBAB9VzX0c0Lk2qbKmt4ZQeeUouZhgJmcTFOC3inKqjBVZkLAI +g0iDmdPUzbq0tospuJMNuXdToVcCgQ16Yq5dTcDAHZWcOu8qv41gOGV6Ke0gR7V2 +c5GHJ4TuDVk3SfbuU6+6/P+3CjXWJRJoHM4IfcBMSWJnHSuMjgYQr27NNJdCNroU +0OXr4TqbjzCa3adbzOuQkXPKVq1bmJbfM1V0QBDqtCrvgh5Sl+VxCPJbNyipWGAw +KSAS1vFH1/6C9dD8Ihn9DWXmFPXYZ3kPDbUTKGFaV0rquX4MpYnW7Mcy9SyUuwho +nPyF7IQtRHLCj0eLoLfuayZWgK1c+hZlEZRURLo= -----END CERTIFICATE----- diff --git a/test/test_encryption.py b/test/test_encryption.py index 7df9e7ac38..fd0e05e48d 100644 --- a/test/test_encryption.py +++ b/test/test_encryption.py @@ -3029,8 +3029,6 @@ def http_post(self, path, data=None): # each request because the server is single threaded. ctx = ssl.create_default_context(cafile=CA_PEM) ctx.load_cert_chain(CLIENT_PEM) - ctx.check_hostname = False - ctx.verify_mode = ssl.CERT_NONE conn = http.client.HTTPSConnection("127.0.0.1:9003", context=ctx) try: if data is not None: From 7ea7b943ddb1427cba9283836d320228ec1717ab Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Thu, 4 Jun 2026 07:43:37 -0500 Subject: [PATCH 02/28] PYTHON-5040 Use test/certificates/ certs for SSL test client setup_tests.py was pointing CLIENT_PEM and CA_PEM at the x509gen certs from drivers-evergreen-tools, which were derived from the old test/certificates/ca.pem. After regenerating that CA with a new key pair, the server (which uses test/certificates/) and the client (which trusted x509gen/ca.pem) no longer agreed on the CA, causing ssl.SSLCertVerificationError in SSL auth tasks. --- .evergreen/scripts/setup_tests.py | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.evergreen/scripts/setup_tests.py b/.evergreen/scripts/setup_tests.py index e188dcaa9d..67dd3d6e20 100644 --- a/.evergreen/scripts/setup_tests.py +++ b/.evergreen/scripts/setup_tests.py @@ -341,10 +341,8 @@ def handle_test_env() -> None: run_command(cmd, cwd=DRIVERS_TOOLS) if SSL != "nossl": - if not DRIVERS_TOOLS: - raise RuntimeError("Missing DRIVERS_TOOLS") - write_env("CLIENT_PEM", f"{DRIVERS_TOOLS}/.evergreen/x509gen/client.pem") - write_env("CA_PEM", f"{DRIVERS_TOOLS}/.evergreen/x509gen/ca.pem") + write_env("CLIENT_PEM", ROOT / "test/certificates/client.pem") + write_env("CA_PEM", ROOT / "test/certificates/ca.pem") compressors = os.environ.get("COMPRESSORS") or opts.compressor if compressors == "snappy": From b5d4405effa6ce8a22e2fa5a13a1e4072daba0c0 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Thu, 4 Jun 2026 08:43:38 -0500 Subject: [PATCH 03/28] PYTHON-5040 Export TLS cert paths from integration_tests/run.sh Set TLS_PEM_KEY_FILE, TLS_CA_FILE, and TLS_CERT_KEY_FILE to test/certificates/ so that run-mongodb.sh uses our regenerated certs when the SSL server is started, and async_client_context connects with a CA that matches the server cert. --- integration_tests/run.sh | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/integration_tests/run.sh b/integration_tests/run.sh index 051e2b8a75..bdce3aeea7 100755 --- a/integration_tests/run.sh +++ b/integration_tests/run.sh @@ -2,6 +2,14 @@ # Run all of the integration test files using `uv run`. set -eu +ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" + +# Point run-mongodb.sh (and async_client_context) at our test certificates so +# the server and client agree on the CA, regardless of the CI tool's defaults. +export TLS_PEM_KEY_FILE="$ROOT/test/certificates/server.pem" +export TLS_CA_FILE="$ROOT/test/certificates/ca.pem" +export TLS_CERT_KEY_FILE="$ROOT/test/certificates/client.pem" + for file in integration_tests/test_*.py ; do echo "-----------------" echo "Running $file..." From 840e463a2990097a5f104b66bcdfcc0bd65f8983 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Thu, 4 Jun 2026 09:27:34 -0500 Subject: [PATCH 04/28] PYTHON-5040 Use test/certificates/ certs for SSL integration test server Set TLS_PEM_KEY_FILE, TLS_CA_FILE, and TLS_CERT_KEY_FILE on the setup-mongodb-ssl workflow step so run-mongodb.sh uses our regenerated test/certificates/ certs. async_client_context already trusts test/certificates/ca.pem by default (helpers_shared.py), so server and client now agree on the CA. Also reverts setup_tests.py and integration_tests/run.sh to their state before the failed x509gen fix attempts. --- .evergreen/scripts/setup_tests.py | 6 ++++-- .github/workflows/test-python.yml | 6 +++++- integration_tests/run.sh | 8 -------- 3 files changed, 9 insertions(+), 11 deletions(-) diff --git a/.evergreen/scripts/setup_tests.py b/.evergreen/scripts/setup_tests.py index 67dd3d6e20..e188dcaa9d 100644 --- a/.evergreen/scripts/setup_tests.py +++ b/.evergreen/scripts/setup_tests.py @@ -341,8 +341,10 @@ def handle_test_env() -> None: run_command(cmd, cwd=DRIVERS_TOOLS) if SSL != "nossl": - write_env("CLIENT_PEM", ROOT / "test/certificates/client.pem") - write_env("CA_PEM", ROOT / "test/certificates/ca.pem") + if not DRIVERS_TOOLS: + raise RuntimeError("Missing DRIVERS_TOOLS") + write_env("CLIENT_PEM", f"{DRIVERS_TOOLS}/.evergreen/x509gen/client.pem") + write_env("CA_PEM", f"{DRIVERS_TOOLS}/.evergreen/x509gen/ca.pem") compressors = os.environ.get("COMPRESSORS") or opts.compressor if compressors == "snappy": diff --git a/.github/workflows/test-python.yml b/.github/workflows/test-python.yml index 2a70021cf7..5e31d3a41e 100644 --- a/.github/workflows/test-python.yml +++ b/.github/workflows/test-python.yml @@ -219,12 +219,16 @@ jobs: - id: setup-mongodb uses: mongodb-labs/drivers-evergreen-tools@master - name: Run tests - run: | + run: | just integration-tests - id: setup-mongodb-ssl uses: mongodb-labs/drivers-evergreen-tools@master with: ssl: true + env: + TLS_PEM_KEY_FILE: ${{ github.workspace }}/test/certificates/server.pem + TLS_CA_FILE: ${{ github.workspace }}/test/certificates/ca.pem + TLS_CERT_KEY_FILE: ${{ github.workspace }}/test/certificates/client.pem - name: Run tests run: | just integration-tests diff --git a/integration_tests/run.sh b/integration_tests/run.sh index bdce3aeea7..051e2b8a75 100755 --- a/integration_tests/run.sh +++ b/integration_tests/run.sh @@ -2,14 +2,6 @@ # Run all of the integration test files using `uv run`. set -eu -ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" - -# Point run-mongodb.sh (and async_client_context) at our test certificates so -# the server and client agree on the CA, regardless of the CI tool's defaults. -export TLS_PEM_KEY_FILE="$ROOT/test/certificates/server.pem" -export TLS_CA_FILE="$ROOT/test/certificates/ca.pem" -export TLS_CERT_KEY_FILE="$ROOT/test/certificates/client.pem" - for file in integration_tests/test_*.py ; do echo "-----------------" echo "Running $file..." From 2530bab9c1f11350af933433bd97f3e0ec3d4840 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Thu, 4 Jun 2026 12:05:49 -0500 Subject: [PATCH 05/28] PYTHON-5040 Use test/certificates/ certs for Evergreen SSL test client setup_tests.py was pointing CLIENT_PEM and CA_PEM at x509gen/ certs from drivers-evergreen-tools, which were derived from the old ca.pem. After regenerating test/certificates/ with a new CA key, the server (test/certificates/) and client (x509gen/) no longer agree on the CA. Switch both to test/certificates/ to match the server cert. --- .evergreen/scripts/setup_tests.py | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.evergreen/scripts/setup_tests.py b/.evergreen/scripts/setup_tests.py index e188dcaa9d..67dd3d6e20 100644 --- a/.evergreen/scripts/setup_tests.py +++ b/.evergreen/scripts/setup_tests.py @@ -341,10 +341,8 @@ def handle_test_env() -> None: run_command(cmd, cwd=DRIVERS_TOOLS) if SSL != "nossl": - if not DRIVERS_TOOLS: - raise RuntimeError("Missing DRIVERS_TOOLS") - write_env("CLIENT_PEM", f"{DRIVERS_TOOLS}/.evergreen/x509gen/client.pem") - write_env("CA_PEM", f"{DRIVERS_TOOLS}/.evergreen/x509gen/ca.pem") + write_env("CLIENT_PEM", ROOT / "test/certificates/client.pem") + write_env("CA_PEM", ROOT / "test/certificates/ca.pem") compressors = os.environ.get("COMPRESSORS") or opts.compressor if compressors == "snappy": From ea3f9c499beb7ce72b5901ebe8337d7f9795be8d Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Thu, 4 Jun 2026 13:34:21 -0500 Subject: [PATCH 06/28] PYTHON-5040 Fix KMS mock server TLS for Python 3.13 The CSFLE mock KMS servers were started using x509gen certs that lack the Authority Key Identifier extension, causing Python 3.13 to reject them with ssl.SSLCertVerificationError. - Set CSFLE_TLS_CA_FILE and CSFLE_TLS_CERT_FILE to test/certificates/ in setup_tests.py so the KMIP server and HTTP mock servers use our AKI-enabled certs. - Add wrong-host.pem (SAN: wronghost.example.com) and expired.pem to test/certificates/ and gen-certs.sh for use in KMS TLS error tests. --- .evergreen/scripts/setup_tests.py | 7 ++++ test/certificates/expired.pem | 51 ++++++++++++++++++++++++++++ test/certificates/gen-certs.sh | 55 +++++++++++++++++++++++++++++-- test/certificates/wrong-host.pem | 51 ++++++++++++++++++++++++++++ 4 files changed, 162 insertions(+), 2 deletions(-) create mode 100644 test/certificates/expired.pem create mode 100644 test/certificates/wrong-host.pem diff --git a/.evergreen/scripts/setup_tests.py b/.evergreen/scripts/setup_tests.py index 67dd3d6e20..29d3c3a78b 100644 --- a/.evergreen/scripts/setup_tests.py +++ b/.evergreen/scripts/setup_tests.py @@ -382,6 +382,13 @@ def handle_test_env() -> None: csfle_dir = Path(f"{DRIVERS_TOOLS}/.evergreen/csfle") run_command(f"bash {csfle_dir.as_posix()}/setup-secrets.sh", cwd=csfle_dir) load_config_from_file(csfle_dir / "secrets-export.sh") + + # Override CSFLE TLS cert paths with our AKI-enabled test/certificates/ + # so mock servers use certs that Python 3.13 TLS validation accepts. + certs = ROOT / "test/certificates" + write_env("CSFLE_TLS_CA_FILE", certs / "ca.pem") + write_env("CSFLE_TLS_CERT_FILE", certs / "server.pem") + run_command(f"bash {csfle_dir.as_posix()}/start-servers.sh") if sub_test_name == "pyopenssl": diff --git a/test/certificates/expired.pem b/test/certificates/expired.pem new file mode 100644 index 0000000000..df740d80aa --- /dev/null +++ b/test/certificates/expired.pem @@ -0,0 +1,51 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDN0dp1gg34rnRb +aBXidThGfUiWvBfsMdeTI2sjlqTiEilUdxy2v6Y5XtaHE7ezK++IqML0YIZSyhM2 +obD6pj455eJ78XcFb4PcDVER9BVr3jQnfkXYsNa/9zr+RtPz2JOWy06taE8oYXp/ +hiS491sXApQwTkWBwJ1SNFyQKBFP1GiMYFShIREf1JySLVhzOw19S9VZxqw/1gaV +JyddZ5GYqJrk+CHjim881TdsH+3bBF/KVuN4taLG7E3+b4WIXbNuMlhxF8NDQjlw +el14rwmwsPO7oPg2Q/41ALyh8P58qDb67L5G8HQIkw+rnqeWWUV89SqmTyh30/Mp +2V90+vPzAgMBAAECggEAIW2aLyf9L+zZriI6HQqP0MxhVptca/rDuhHwa+/Nfirt +S9rVWY3H/XJnTQ9emyWhemR6gX654ka6wc6XdCY9s2FLHHlL16Cp3brLS4CwB/x8 +zltGadrS44vP045aYgpEx6Lj95XE9tiE26MZt3GepElBcJUN2fSYOJ/o1sBYi3U3 +u1ioODXHKuNFhFN/ebEYibYrv13amKuSIm5HYwNYbUiaT2ZjrGH2PKulILu5BtmM +melqaILSrhhGVPtDOBX9fgK4hPOWy9AY2fu+ZCdgrynX3jLNMnljw/etR9gf8s1T +E8hR5yi6yr5Lc0HwyUierAvdd3oMuPCXbMQ+0pjhOQKBgQD/fPI/eOta6ZX3VhSG +KemMgp6ecwNp17Fm5+0bLEW1nYLe6qScrsi2RISbM1X8vzpTciOmcoNh/w6APc4f +kPuOCNZ9sNaIMXr7UsBMgtzvW776YH08q3kO3AWtCaYQ9Ie/RX/OhnZ6kKg19oFa +vKhqQJVk4oIFZ6tu6SDTm7FDmwKBgQDOO23y41IQAFYiHq21UA8S/egLJOteb/aq +4FITHpl/QiPzyJKQRVk2EhiZ1vhXaiQE6Oes4L5mbA7PEKk3zfqhPbvutHejuoNF +dSo73oRg+MpIFMFKm/ylZBj4VVRnopN5HPNLpW2gKBxoA6/S//xigEztr1Jcd+z1 +ToOObhSyiQKBgQCp5y62lTR3FgX8IQuvGSpOngLcPoJTnfRFChF9U5jcKW6BzitA +Y1/pDnHdQGt7lLQ2EB6zL04+Gj9Le06bYXBYyXnSxoo0sisl/acSeqhwqWO83/QJ +J8Nu5VUE+PiuJ+AqjA5tirA52/9xO4hUjke1uVNgbt2muIWiUXjaIJzm5wKBgCGf +pNxt3YpIU8K6V73w8JQ7G2L9wPYjsQbJDfiaC5Ko+O2dLPAirlnXd3VVjCXMY1T9 +mBAikEhoo710zPIRPiSdyQ8xEzR5iz9+y8T5EYIx7eD0qVL9vaJFgKC0YM+IvRyI +8M3LieULxR3cRAVVwRNaMbCq3fW/g7228FH/dpZpAoGAdZtp3y4SzHWE8PLChm8z +xhHqVvrNjzY8NPAotYUOZJ7Sev+jlXqZp1sr4SI27tVrkJrYVb2lQdIRMMKJk7I4 +AZ68v+dQjGrX7Xrcu+iqIKlFY7HJT6fwr+syjt50RqYSDCPoETldpUyxyXk91r/L +irsU3E19H05+WGokTLkREts= +-----END PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIID5zCCAs+gAwIBAgIUeclhc3eoIxhcNOU4obPCurzh2rowDQYJKoZIhvcNAQEL +BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O +ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMDAwMTAxMDAwMDAwWhcN +MDEwMTAxMDAwMDAwWjBwMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx +FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV +BAsMB0RyaXZlcnMxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBAM3R2nWCDfiudFtoFeJ1OEZ9SJa8F+wx15MjayOWpOIS +KVR3HLa/pjle1ocTt7Mr74iowvRghlLKEzahsPqmPjnl4nvxdwVvg9wNURH0FWve +NCd+Rdiw1r/3Ov5G0/PYk5bLTq1oTyhhen+GJLj3WxcClDBORYHAnVI0XJAoEU/U +aIxgVKEhER/UnJItWHM7DX1L1VnGrD/WBpUnJ11nkZiomuT4IeOKbzzVN2wf7dsE +X8pW43i1osbsTf5vhYhds24yWHEXw0NCOXB6XXivCbCw87ug+DZD/jUAvKHw/nyo +NvrsvkbwdAiTD6uep5ZZRXz1KqZPKHfT8ynZX3T68/MCAwEAAaNwMG4wHQYDVR0O +BBYEFF9Iy+JbFAKCo4ATeQWKdiJKty8dMB8GA1UdIwQYMBaAFAyrGYdlc3lY1CvP +iPeUn/U/DOodMCwGA1UdEQQlMCOCCWxvY2FsaG9zdIcEfwAAAYcQAAAAAAAAAAAA +AAAAAAAAATANBgkqhkiG9w0BAQsFAAOCAQEAbLsFZ8XoDBqzWQ8Tki1TaMM15pr5 +rLayr9Qk4lLfAKISLSRQ9IC3UNlKt6wyWAm9dCTywGCY+1lwnpgCeK+Ve7w9A06e +AUN4TVNffHb9LNsu+wj9fvyj6FBINtgBKgNWqjy1tQBoEJsZiIIRN1QKNuEgXEvr ++2aKUysdniTIIeQG5HIFd1TIG+ugabVPXOE4sHdUwXpcY6zcF6za/J3y3UvECOtH +bLIoiq7Zo9CDQE4nN3l4c0WkgaSL1YUFZSa5mLJgqUhn9crN1Ir2edoRg/Mn/Qfa +bWg9TVBBYAqYqfSsygObNywBf7V4sdgc2rRxwqh/TQ6TWvVXyN5tmCnE4w== +-----END CERTIFICATE----- diff --git a/test/certificates/gen-certs.sh b/test/certificates/gen-certs.sh index 33689c3943..3cb82d63e4 100755 --- a/test/certificates/gen-certs.sh +++ b/test/certificates/gen-certs.sh @@ -151,7 +151,58 @@ openssl ca -config "$TMPDIR/ca.cnf" -gencrl -out "$SCRIPT_DIR/crl.pem" 2>/dev/nu echo " crl.pem written" # ---------------------------------------------------------------------------- -# 6. Trusted Kernel Test CA (trusted-ca.pem) +# 6. Wrong-host certificate (for KMS TLS tests — hostname deliberately wrong) +# ---------------------------------------------------------------------------- +echo "==> Generating wrong-host certificate..." +cat > "$TMPDIR/wrong_host_ext.cnf" << 'EOF' +[ v3_wrong_host ] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer +subjectAltName = DNS:wronghost.example.com +EOF + +openssl genrsa -out "$TMPDIR/wrong_host.key" 2048 2>/dev/null +openssl req -new \ + -key "$TMPDIR/wrong_host.key" \ + -out "$TMPDIR/wrong_host.csr" \ + -subj "/C=US/ST=New York/L=New York City/O=MongoDB/OU=Drivers/CN=wronghost.example.com" +openssl x509 -req -days $DAYS \ + -in "$TMPDIR/wrong_host.csr" \ + -CA "$TMPDIR/ca.pem" \ + -CAkey "$TMPDIR/ca.key" \ + -CAserial "$TMPDIR/ca.srl" \ + -out "$TMPDIR/wrong_host.crt" \ + -extfile "$TMPDIR/wrong_host_ext.cnf" \ + -extensions v3_wrong_host 2>/dev/null + +cat "$TMPDIR/wrong_host.key" "$TMPDIR/wrong_host.crt" > "$SCRIPT_DIR/wrong-host.pem" +echo " wrong-host.pem written (SAN: wronghost.example.com)" + +# ---------------------------------------------------------------------------- +# 7. Expired certificate (for KMS TLS tests — validity window in the past) +# ---------------------------------------------------------------------------- +echo "==> Generating expired certificate..." +openssl genrsa -out "$TMPDIR/expired.key" 2048 2>/dev/null +openssl req -new \ + -key "$TMPDIR/expired.key" \ + -out "$TMPDIR/expired.csr" \ + -subj "/C=US/ST=New York/L=New York City/O=MongoDB/OU=Drivers/CN=localhost" +openssl x509 -req \ + -not_before 20000101000000Z \ + -not_after 20010101000000Z \ + -in "$TMPDIR/expired.csr" \ + -CA "$TMPDIR/ca.pem" \ + -CAkey "$TMPDIR/ca.key" \ + -CAserial "$TMPDIR/ca.srl" \ + -out "$TMPDIR/expired.crt" \ + -extfile "$TMPDIR/ext.cnf" \ + -extensions v3_server 2>/dev/null + +cat "$TMPDIR/expired.key" "$TMPDIR/expired.crt" > "$SCRIPT_DIR/expired.pem" +echo " expired.pem written (expired 2001-01-01)" + +# ---------------------------------------------------------------------------- +# 8. Trusted Kernel Test CA (trusted-ca.pem) # A separate CA used in CA-bundle tests; does NOT sign server/client certs. # ---------------------------------------------------------------------------- echo "==> Generating Trusted Kernel Test CA..." @@ -176,7 +227,7 @@ echo " trusted-ca.pem written" # ---------------------------------------------------------------------------- echo "" echo "==> Verifying AKI is present..." -for cert in ca.pem server.pem client.pem trusted-ca.pem; do +for cert in ca.pem server.pem client.pem wrong-host.pem trusted-ca.pem; do result=$(openssl x509 -noout -text -in "$SCRIPT_DIR/$cert" 2>/dev/null | grep "Authority Key Identifier" | head -1) if [ -n "$result" ]; then echo " $cert: OK ($result)" diff --git a/test/certificates/wrong-host.pem b/test/certificates/wrong-host.pem new file mode 100644 index 0000000000..a32e592169 --- /dev/null +++ b/test/certificates/wrong-host.pem @@ -0,0 +1,51 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCrY75NyMLhLJSV +b5Vy8wU5jV/WxLj0Hw/+YfdDHZUJcYBqvhpT6wNaeF+IdqvIijwSmHbqvOXafXny +hk1er8Fqwi77yLhcAY2dBqh/8RUKyG8cqsh8FvEvNiVLg7Im/djpUjKpV2iQfYj/ +BwXRGdSloBw3dMPU27XOIGthYU0TKqY/6nhn/5pi3z0G/1txhaLAV/7PsYR6wxZH +d7kDYi10tWGRl1PqDQrTo9z1JXNT5Bda1YCV3YO/t3FUBT3kXbYImKKgAK7K7IRV +ptmS7w5QJyAGOZutP8I3/CVhDWr1zxm8eFteQ8uPk+CgZJtvuxxSIhMBvRNgHiKQ +YH7u99HzAgMBAAECggEAJlE6brF/wE/zOCWmR/jFJkTRNHbu0sVPEhRc74hhlabm +ivbNdA2KxmM7GItPhJpDK/UiQQDScrKy3OHh0lWA7JlVX71UWl2Oh5jBezku9yYw +kTwtbnDCo0d7txJOdiEyqZdS9EEyg3tNcZbkWgdoX08Yf91/Gsu0Lc1ZtH/Id4wn +v+ITs2B3pv5JWJooHDA1st2qXPCTxqBH5UJqFDBgpbYBDYyOHGWxCfOLZ0KMs+et +cUabDk01tU33GdYElNP6Ca12ZKh6i7UrNmVA40zzVYsQnIdx0qAX+TppkzQs2RxX +SuKAmQnnyxsKepqecm4UdzzXSQO3qnnXubfmYJDfYQKBgQDYuZnecTQ0anaVaNaP +sOxCPcqxZM4NqZdac08nW+vfpJm85l+id9FziY5IUTz8W5ijO8iE5oOZahtzbLZV +jQSq57N+CdClrB1HpPwJhXI/oU2Y6o6MDaQHyZq1RMfh+1A3+O65JkFdR25PAMQQ +ZSASxGLktJiuWImAicFtZAEr7QKBgQDKcuyHaxXYmKDWveWw39VgvFxKFles7KLH +ZzuFKyiBAR+COMheDZjvtDvs7gZyhikvVbPM2BdhuqxWqjTd8rMCXRPTsGpWEFkB +XN0BPoRPKeF1FYRfMJey//xUr6KOILQhKnOO3ijazOJy2BPXD7K/qLNlRVUGXOM3 +8YWOxiv5XwKBgHmq+K7gbqZefmQyjwHsGTa26evc47DX3Jhy06UM/cZ36bcaveW/ +zl5GgxImSU6DPZWmIlQ59PdTkkWialps6InpueKwL+pSTb3C6ZuOxyzhqWaHh68o +mUWl8KyDCJPdOpOxtJNM3rU3PL4td+ScYP0oMzyiBnUaT1dR/r0iv2WhAoGAA8Mz +BilFVKsxggwxcqIWUx/tDytvIbWcKNyQTJ9Kt2sP7NmlT6otB3dwDa02zXYU2d5b +4xi5BoXzogCzztQt44NbVPnYYBUZsl7JdLZ2uwnqOMTXmvVKPHdpdyF0gfO1pVAm +qacTV02rf7roU3zlM46tFtq9A8tCJc4FT2v7cT0CgYEAx7OlCb0GOpjkCbDvgc5w ++9yyUBcUqredtUXyAwKN2PticeTi2fi/hxZ6SOKoX2iNPq0JHeNEZl4EIHLGbnVL +CqWpj/V9UKevYU6VLb/EM3V0kGMCfuFU7huZ2T/MDEfT9sAjSHO1nSLK8AUE8H38 +6NARhxCZKTfN/1T/+aezph8= +-----END PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIID5zCCAs+gAwIBAgIUeclhc3eoIxhcNOU4obPCurzh2rkwDQYJKoZIhvcNAQEL +BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O +ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTgwNjEwWhcN +NDYwNTMwMTgwNjEwWjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx +FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV +BAsMB0RyaXZlcnMxHjAcBgNVBAMMFXdyb25naG9zdC5leGFtcGxlLmNvbTCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKtjvk3IwuEslJVvlXLzBTmNX9bE +uPQfD/5h90MdlQlxgGq+GlPrA1p4X4h2q8iKPBKYduq85dp9efKGTV6vwWrCLvvI +uFwBjZ0GqH/xFQrIbxyqyHwW8S82JUuDsib92OlSMqlXaJB9iP8HBdEZ1KWgHDd0 +w9Tbtc4ga2FhTRMqpj/qeGf/mmLfPQb/W3GFosBX/s+xhHrDFkd3uQNiLXS1YZGX +U+oNCtOj3PUlc1PkF1rVgJXdg7+3cVQFPeRdtgiYoqAArsrshFWm2ZLvDlAnIAY5 +m60/wjf8JWENavXPGbx4W15Dy4+T4KBkm2+7HFIiEwG9E2AeIpBgfu730fMCAwEA +AaNkMGIwHQYDVR0OBBYEFLmrT18i2YXmBZ9Reax2+ICrlb4bMB8GA1UdIwQYMBaA +FAyrGYdlc3lY1CvPiPeUn/U/DOodMCAGA1UdEQQZMBeCFXdyb25naG9zdC5leGFt +cGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEARxNAnJVW20EqXPMFaghwX5dKw+ss +1cG74XxecBo3AM7Y2G4o5aiS5DwpSarokw2nLlpgT9PGbvtSxcB5qFG5eArqKEx8 +x7ECw4V56lXJEAUprkS8AioTGpMJJUVJ+nNx0aztWZWfp9D4txU04eqQ373bL51S +ixJS4ruSk1O5sMEMU1Uh4LB8dkKhvNiqjZVm54QMBtYY85CfdsHDDCeukiScZco9 +nZ/KsprgKal1PJ+vls8XiVZVct1cFU+XEAs90U17p2w0zLu/7IkrJPLNH9ueRX2U +GNI6gmwB9XMVqBn3vnYoutsZl78JIN6xI5ifNPJoI05YhlWJ9V8ZsRV0qA== +-----END CERTIFICATE----- From 5180217ea64a394129fe6593345473018c982e9d Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Thu, 4 Jun 2026 13:53:43 -0500 Subject: [PATCH 07/28] PYTHON-5040 Fix x509 auth username and CRL revocation in test certs Two test failures from regenerated certs: 1. test_mongodb_x509_auth: MongoDB derives the x509 username from the cert subject using RFC 4514 reverse order. The old client cert stored the subject with CN first so the reversed form matched MONGODB_X509_USERNAME ("C=US,...,CN=client"). Our new cert stored C=US first, reversing to "CN=client,...,C=US". Fix: use CN-first subject order (/CN=client/OU=.../C=US) in gen-certs.sh. 2. test_tlsCRLFile_support: The test verifies CRL enforcement works by connecting with tlsCRLFile and expecting ConnectionFailure. This requires the server cert to be listed as revoked in crl.pem. Fix: sign the server cert via `openssl ca` (tracked in the CA database), revoke it, then generate the CRL with the revoked entry. --- test/certificates/ca.pem | 34 ++--- test/certificates/client.pem | 90 +++++++------- test/certificates/crl.pem | 17 +-- test/certificates/expired.pem | 82 ++++++------- test/certificates/gen-certs.sh | 23 ++-- test/certificates/password_protected.pem | 94 +++++++------- test/certificates/server.pem | 150 ++++++++++++++++------- test/certificates/trusted-ca.pem | 34 ++--- test/certificates/wrong-host.pem | 86 ++++++------- 9 files changed, 336 insertions(+), 274 deletions(-) diff --git a/test/certificates/ca.pem b/test/certificates/ca.pem index e83edfc3b3..f869356c03 100644 --- a/test/certificates/ca.pem +++ b/test/certificates/ca.pem @@ -1,23 +1,23 @@ -----BEGIN CERTIFICATE----- -MIID0zCCArugAwIBAgIUSQEGio4MzMdMRZD7CIzy3An1YDUwDQYJKoZIhvcNAQEL +MIID0zCCArugAwIBAgIUJseWjXTSpvUEw4c7Gmv15xTidHEwDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTE0MjEwWhcN -NDYwNTMwMTE0MjEwWjB5MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTg1MjM1WhcN +NDYwNTMwMTg1MjM1WjB5MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV BAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMgVGVzdGluZyBDQTCCASIwDQYJ -KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMciq/J5l9QbqRPRLvDV8Kj+GedoAddM -0WUtI2uMwo9AiFBqr3T7KVQYKaDLt2Kq/4xi3F6cTqNC/sYxeiTJIgsgZtm1wGNd -2orSIVmcMB7t4hZifNvQyWsl3egxEr7DFkcVFomc0aphEi3ukhOvbFvl+ln5W/B6 -DkgK3Kmd1cQd6giWi8FlXko442Kr+c4fhB1vO7Yq6rjmw7A6YgSE+FSS1Yj4ALUW -lBVZwj6h32dImzSeewnskN3VHu5LmTnGxGZFB+T5AKo67Ay7r57Xg9OvbcJqjdFC -6k2wbXFHJ6qKOCV230oP+PZk/MEpPfozXR8B32VNpw0fgtnxFDBv24UCAwEAAaNT -MFEwHQYDVR0OBBYEFO0dJi0baC83wSHVOLkkDWmJj3hvMB8GA1UdIwQYMBaAFO0d -Ji0baC83wSHVOLkkDWmJj3hvMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL -BQADggEBAC2fgKsYBylaHoC2qutDzgHWTYgjE1WbT2xRoEgRXeHJJtn6GD6+DXqs -JZ/hY5grQX7xtletFKpKGup+aMckukW/1UeRIOP5kFO3SCsL97HDH/nERFa18VYz -UZ9aQJdSkmxX4/DZ/wPK+S1AFVdoc1ukIq2Fjc8nBNTsSoePD5wglDZFdFVshMO4 -gL0g1b4GGUJ76tHefBbH7h9LHCWDoKsAYhXIN9hj/pUgKDan1KfCvPlHUOyiEw1K -60zwSW9aAiplxlxsrEYC2NkSPA4izRExxFQiYd6NfjN746Ti/80U+wdhnK86gQb/ -ackczk7G10fqlzvtKkAMdx+eB03Lq+c= +KoZIhvcNAQEBBQADggEPADCCAQoCggEBANyGgty8WHa3MAPAhzIFntWTRMx0CgRQ +rAlRwxgA5fmGvB2HQDdXpLmo3g74jt0p4OB+tOC0resv0WAsCSTMkz5suZRrfHk+ +Md1VdxHFl7LpVNtP5XZKIkIwnRB0R6yBPGg9McV5/f3CnYZcMrXtvGsMJF7jWLzf +17k/lHmsUUmFpmLSI0Zir8nRdgAlKSQLeApYudBnPNhCGUJxRtEkVe0EZkH0H2xl ++K6A3Lu8KHRuA0KLKV4rgrMAuFa4TQJjeeZ1LoSouBHslsOxbaQ5f9fqUCO6gjRU +JndsBiDyajI9HWbeKAxJb07lHg/5Zp4VovvosA1rwSQTdfoM7qvEZPUCAwEAAaNT +MFEwHQYDVR0OBBYEFA+r8H4sLl9BSYmez+zQ/3AVgq5dMB8GA1UdIwQYMBaAFA+r +8H4sLl9BSYmez+zQ/3AVgq5dMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL +BQADggEBAHQcCgoZeIcZkk8iEL0cwyeXV/lVrlz0NSoLURJbRwyd18p6xVCMQcg7 +xLk3iljcGSWx9QTrgdpfopLuOvWITl9gfmjHJF5tdA2kEVLZ9nXDZkFKHHGDcM/c +9h/L9X8SgvFGkZOdRLJSXi0QUJgMNCDHyxf/InXntlUI2cXtyfxm8bk2Jsegkw1Y +6jOJbZk+xIm4Qwt3xyYKoQulqp7TWrn0/bcvFcK27P/o9f8Ay06JxwobxRwQAfoq +ZcLea7KGdnvVuYgYea0ZPNNNfeTlgRwTv3KhszMmp5YluA+Pb8idKYfmWYtvYl4f +nynC5NTSKRanQDdqcFUJJqnHNNQLVS8= -----END CERTIFICATE----- diff --git a/test/certificates/client.pem b/test/certificates/client.pem index 873506308a..39f95c3a60 100644 --- a/test/certificates/client.pem +++ b/test/certificates/client.pem @@ -1,51 +1,51 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCn1zTqr1VSm9GZ -qpTrLfPyaMMCl2B8M571kIq9O5TYIbddQbpvT0xklJTDsWE3JMaQL5Vq4s/yv5Ut -h5J6mfQJC9AdHIQmOsjBTZnQ3KeAKUGcEniJ44C8nVMDy3v/NUq8kaAN5JnBFn0B -b3CoDSVUZfrG7HRfeflJCeKzE9gJAdoW2/EjG90LSfzTiEatHHCOlqX41dlJ0boA -bkhxL/MvL4L9JmxhGZSeDykGDJp081oQE3qMggIvlA8iCD0mwnUqFYoJlS8GeyG2 -jap1kWvjIeUYY16OMHCFCZLDeWubjE/9M7BY9V14ANvCOUnXJuX3MijjJrxwCmvp -y7pCat/LAgMBAAECggEAUOjsyIm3XvhgpWxXF7xyUhRwlco1qAoWghio2SpkyYAP -bfRmlIwsrnv17xSOYc/nrNBTflBSoJn8pxMo6NNYkhfQvoflqKxD5POsx8PnN2As -EbnRw98ZS1OoFjc80j11hsvI1YmzGSLnJg77xvd3XGVA7C5Gt1QMeUo7r8pMJaKm -zaL8Nee3klPn/giu/1iImCVn+7mHshYMZTwQuYJL0RWJiz12jdH2ILF3yLKraUQ+ -gAx2k5KL5AEPWQwstTfM+2G+5GQ8zMimBYm53ZlVlRX6JejgxQKO52A9+M4Jz2yO -uDPJEVc+ka201zDSKjUUNi4IIQyu5gGyMy+FfuEIQQKBgQDn1r4eXDJj/mpCmMag -NcibPnV7m2Ilr0tCGXFNBpW2HVtPNqQ4w+FENSHZU4wWQ03PNfd26j12Gin3wH3V -0xM89w5DGwvggCEj48TP8H9v9PuOI8KY0QlFoA9XeLZ4DPKLbna/1U9DXjqCj+JN -MwG0WPMI+sn+okU5Y48i/QPi6wKBgQC5VQxlGEiVLPdeneZnzg7u9CTDH3WaNjQO -bCZyHyFjCZn388vqtWdHpSkLECET4L+coLMVJO/NOD3k9oDJinklbE2VyicOOhLj -gt/OaURb/yt1exDQ5+LJWa9GhcKEVrohWQCnk9xLw9TdakUVlx0USoQDrQqRloCr -CLbkmnz+oQKBgQDGI+8KrYtXkJmqXz3qsOzJWYE46hzgzkdIr8v4o7cSFVbzhWSn -Kyn8jFhokBH6+PyoKpxb4mgy5ruVhctGEwavJQroaVYmQfuQ29paSVXxDnRsD74B -sy30do6GGKICSjaE2hzdaOY8Um05JtWnWv+K7jaQJx655F+7Y45yvcEzjwKBgA9w -ASdOnYUniLdt6apN5LqMxZ8nOLGOwElPQuiQpURNoXCg8yRq1d6G6GNOhaLVPsC6 -NhCV0g/DFozC57lh+nNekRvgCd7KgZZH6YKVDCepmqIfjSgJmL9y5AG41JoXa0up -0T8kNt5swodq+bQxsS9mgZaYzF+SLMeSY0GpiK3hAoGAR/8/tASO6MYV7uoP6BVl -MytqBmu66BN1AxqR1YBAqxlpEJR7EFc3QTAbLQiS1ZtczVKqNIGiqrv4EfWtVvkm -nvmdVOdta8kF4CsWdu2cpXGQ/Ov5NHHL+x2gqwOKpiInvGbNOnd9K2SGLJW5SSmz -7uONbtZyZcetWlsatP05gE0= +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCzQSIoBRUpj6re +P01yUUr6Qa+na6/WkmHuxMe+8blLykrK0cr8csjrM3dFovhCqBTGY3sfxWMn6/Iw +l3dHyG1RcVv//Vj+2elEg0Pt1DYXpWodMZm8XdlkkIH5CAKIVMY/kMpgnyhnDZkT +oLx9xrRtDf10Gp7J5f37Y0OIXGY60MZL66OfHXBgISKsyR5HVa0ysKn6MrlK6Eeu +AUdoMUMcNTdFnI/04NRJ8qQ+7nGQgxwt/iVvUCzpqkq0ZMDq5TD7rwdIivB1SCHK +yYbdTgtIxWQldLMNqzMwIpqIpYmfcKbaGCDO8m5ZQg40CKpd8LROJVMWUX+sWagi +ymVxTsuLAgMBAAECggEAPmpB/eRTK48KRGuPSGxU6pGfm3CMH+8FaZGcKXjad7De +3QMypjdDjV30vEsUHYWQAkoWT4g3z+lAgbnjvxtjMRYDHj31VHvE1OXN68xV72LZ +8YNZT/TvoqwMjY1D8HtwMib0yLLyavuZnvN7XmInZceWxmwUeSF7j6JPG/ZsZDLC +n/ypgxaBv1lrWZaPI0zQAtLrfjk9CMai2vwsvPTw7S9sbkRNfgXOfXtxz+Ngg1Jg +Tppa5GbULytdmxYmEL3zthnmQuJmFTvh8Sp9we80jyq035StvZue7RxeXm6QFF/o ++G9A0KXqfsgG9WuklWSXvXhHBLxIk7GUb3TIh4vWQQKBgQDu4hHcqRfTNwKrADxJ +pkKK/yM4XidkuCn1N/8VIXXpxavQPbshP6e+kyiDlFqgBdEXzKsKJF3T+sRoYaic +NpEVwNf08yAOTnORfKY6r2hEAdf0y4yB2Qv8GT1m9iq2LQSK43G2BlCsh2n+KTZk +/RKm6xs86VBL7qkQRpMfvUOvSwKBgQDAGUVRSDJx3VHLnb4k+6z687btGGYBo/Y+ +p0TAy1lZ7mLWcHfDQgXQ9VbCVQAyGkJrfUpcozMvARDUtzi5DCtEGpA2L0orstIJ +nZw9PLNldYDsfuTLhhBjBLT05ZTXa0PZDXi3Qtw0KWu3sRbZeRvJO+MAZ/zw8kkv +ej4VAXxswQKBgQDtdEkfF/J34PHE+0nyR9NTiYQADw+Hfc0vVUc5QPaNtxEvwX0W +8siSloMqMDjZYo7S4n6OaVHfWiEMRS8ugMs9XWENuvL9ZZxZXRd7tEqnd1Gsovz7 +Qb45DPnNNBuG1T7ztFye/K4KodyJaXwJbMqyo3eC18UahZUGebDbVu5F+wKBgBX6 +Ti3wfqT8V0FeeMSubqn/fCxAIFuLsL6WUI1mNoDNf01dbLZQNW4kw5pUM0OIMZUu +rnVOzqpQCubrV3gEZmbSSzGH04qQWOt0ts1ixnuTJ/7mvbJzUiih/zoNkivbP9Xz +bp447gyhuIs5nY2gB4fMbDo9q3i9n5Xo/HVWyC+BAoGAEqS3DpZLRLRjahMwiEd7 +ojsDa58sp1/q0MyrMuIQvKt6y0MrlGId/TTgr+uLp0PAHZiRcfj+MHYS3q4ftw3M +DKISS1HzC1EDRbrH4IUsJTbqHWTxOQnUWXmeNWuaf3k74H6rsL1er6mq+kG2bKTr +YzZCX2b+WKJ7kbvloaiFfuY= -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID1DCCArygAwIBAgIUKSPIVx8fGO7AXQ+UCeOeYSt3H9MwDQYJKoZIhvcNAQEL +MIID1DCCArygAwIBAgIUbEVC5hWQQpWYIXOynGd8Ku7ioaMwDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTE0MjEwWhcN -NDYwNTMwMTE0MjEwWjBpMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx -FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxDDAKBgNVBAoMA01EQjEQMA4GA1UECwwH -RHJpdmVyczEPMA0GA1UEAwwGY2xpZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEAp9c06q9VUpvRmaqU6y3z8mjDApdgfDOe9ZCKvTuU2CG3XUG6b09M -ZJSUw7FhNyTGkC+VauLP8r+VLYeSepn0CQvQHRyEJjrIwU2Z0NyngClBnBJ4ieOA -vJ1TA8t7/zVKvJGgDeSZwRZ9AW9wqA0lVGX6xux0X3n5SQnisxPYCQHaFtvxIxvd -C0n804hGrRxwjpal+NXZSdG6AG5IcS/zLy+C/SZsYRmUng8pBgyadPNaEBN6jIIC -L5QPIgg9JsJ1KhWKCZUvBnshto2qdZFr4yHlGGNejjBwhQmSw3lrm4xP/TOwWPVd -eADbwjlJ1ybl9zIo4ya8cApr6cu6QmrfywIDAQABo2QwYjAdBgNVHQ4EFgQU1aKR -s+y020aHbSsTpVcmfLPAqCQwHwYDVR0jBBgwFoAU7R0mLRtoLzfBIdU4uSQNaYmP -eG8wCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB -CwUAA4IBAQCaqWIGEPewAZoXKb+eaSa4MdiXujKE1s45UsY2xzGifkbSphdebdyA -5gQPEyEo0/zZXa2eZ9kMdBf36e5LVEXFBdM2emlTUYLFvLI4afcGhIX9cxtdiRR1 -PPONG3MZlVUKYvFatRzdsDjCC1SQwACvPma38oStnb4CCY3W7guTgks1rosm6q6d -zSR0Pp4JAABQaR6Zd6LqnF27Cc1e8fyBv0rkxty45Vpwqk/YhPm9Evd6xF1XnKpc -dOHQwwUNWdi/N1gC4dw6BydOeDoXa6ad6+Eus2M8GpN7Yiy22MQl1d6DdP6yMlBx -FM+uvMUzL20XOIQsyqvphH94FK/Ffw8u +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTg1MjM1WhcN +NDYwNTMwMTg1MjM1WjBpMQ8wDQYDVQQDDAZjbGllbnQxEDAOBgNVBAsMB0RyaXZl +cnMxDDAKBgNVBAoMA01EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UE +CAwITmV3IFlvcmsxCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAs0EiKAUVKY+q3j9NclFK+kGvp2uv1pJh7sTHvvG5S8pKytHK/HLI +6zN3RaL4QqgUxmN7H8VjJ+vyMJd3R8htUXFb//1Y/tnpRIND7dQ2F6VqHTGZvF3Z +ZJCB+QgCiFTGP5DKYJ8oZw2ZE6C8fca0bQ39dBqeyeX9+2NDiFxmOtDGS+ujnx1w +YCEirMkeR1WtMrCp+jK5SuhHrgFHaDFDHDU3RZyP9ODUSfKkPu5xkIMcLf4lb1As +6apKtGTA6uUw+68HSIrwdUghysmG3U4LSMVkJXSzDaszMCKaiKWJn3Cm2hggzvJu +WUIONAiqXfC0TiVTFlF/rFmoIsplcU7LiwIDAQABo2QwYjAdBgNVHQ4EFgQUJD1X +OCILxquIzaglCZR5D4+tImcwHwYDVR0jBBgwFoAUD6vwfiwuX0FJiZ7P7ND/cBWC +rl0wCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB +CwUAA4IBAQBODxEA8m3nXiUu783IWcNGsF2Mzn9vOdL6reTxd3hSqxZfLZi8VfQu +51LY9l3luZ4G+wCK2lcXXtyqNPBRGj8pYLI/KmfYFRMxo+pMDvq8WbALfkvYFvg/ +ZV2VCKvcM4e7IGPe7vx9gTlxVblEGok6t1zzJxCt3TRxi5uUT2tawtkhuZsVaxS9 +rZ1vX/tX7wCnY5dL9/2WXyNwvvpqIM01+u3sSrW9TRHDxGhiXk7h9xlivpET9jvb +Xa4IOq29XGVnTyddAWr0YVZjh7rAaLYY4fy7qrTQijDcdEyj6OVTyk6BXz+7gRgG +Zf70TZTjQH3898e64aClBRa/4v9goUsU -----END CERTIFICATE----- diff --git a/test/certificates/crl.pem b/test/certificates/crl.pem index 9c0f0899ba..b069630870 100644 --- a/test/certificates/crl.pem +++ b/test/certificates/crl.pem @@ -1,12 +1,13 @@ -----BEGIN X509 CRL----- -MIIB0jCBuwIBATANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzERMA8GA1UE +MIIB6DCB0QIBATANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzERMA8GA1UE CAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01v bmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMgVGVzdGlu -ZyBDQRcNMjYwNjA0MTE0MjEwWhcNNDYwNTMwMTE0MjEwWqAOMAwwCgYDVR0UBAMC -AQEwDQYJKoZIhvcNAQELBQADggEBAL9Sx5Q2z3yhREf0RZhpvayV/Ck3UOWqEVT5 -c+3yAjNsQrO2OD4Npks2qoopgSB8dfePZSZOfmzbSwiyPOPMs71VOwH2chmZ+3Xp -oDBPmVWsNzpK4fRbE86GIEwg2aBFLjOt4+KWFVftGDw9+Liozp+AWaBAUZTen8ac -eQLeACqbqvuriwqvtD6KCfVE3CDG+AK9CfCdlO52kpkfVBP/TG6FzRXp984Pa7Fg -ORKWRpHQ3XoQiKB6pUwUQdE5yGit1oXNRzouWRN0tq0BkvErQvq2RqKalwWJ65kx -KCWOrTBfDKS28R1P66Eo4+CaFdX4Xju2yCTQNYrg7MrG7T7TAFM= +ZyBDQRcNMjYwNjA0MTg1MjM1WhcNNDYwNTMwMTg1MjM1WjAUMBICAQEXDTI2MDYw +NDE4NTIzNVqgDjAMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQDOyT3+ +ktzOkBQt3mjCyz7DnzFu+DVh8RH4q1/IvMFtMoLe+QOBb3YzGcdvvbyIIupmrOHV +JsWxkuReJuEYoJxV1B1QNNu1zgqHg1o+gCkFxAFawrPSHHNT7Fp+VDu3Fy7gUcLp +Us1FD+WvRIorJ2NpwLZV862tqvGV1LZ48TsoG0lnW5uOtJN8ivtz8q1H6ZWj1Td2 +PnZx0ojYKH5C6CUSAPjB/jEQv2CnLLu8zOjFVpe0OeJM05xmlY92c6yWe+Ugb7jS +a6kxnblSk0zM7mf+JmV6f52Bvy5bxsYPtnpFE9enV4J+iuVYCE3N4Y9gqTljoxpJ +zEKrPp6XaFLCVRtl -----END X509 CRL----- diff --git a/test/certificates/expired.pem b/test/certificates/expired.pem index df740d80aa..13ed4feca3 100644 --- a/test/certificates/expired.pem +++ b/test/certificates/expired.pem @@ -1,51 +1,51 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDN0dp1gg34rnRb -aBXidThGfUiWvBfsMdeTI2sjlqTiEilUdxy2v6Y5XtaHE7ezK++IqML0YIZSyhM2 -obD6pj455eJ78XcFb4PcDVER9BVr3jQnfkXYsNa/9zr+RtPz2JOWy06taE8oYXp/ -hiS491sXApQwTkWBwJ1SNFyQKBFP1GiMYFShIREf1JySLVhzOw19S9VZxqw/1gaV -JyddZ5GYqJrk+CHjim881TdsH+3bBF/KVuN4taLG7E3+b4WIXbNuMlhxF8NDQjlw -el14rwmwsPO7oPg2Q/41ALyh8P58qDb67L5G8HQIkw+rnqeWWUV89SqmTyh30/Mp -2V90+vPzAgMBAAECggEAIW2aLyf9L+zZriI6HQqP0MxhVptca/rDuhHwa+/Nfirt -S9rVWY3H/XJnTQ9emyWhemR6gX654ka6wc6XdCY9s2FLHHlL16Cp3brLS4CwB/x8 -zltGadrS44vP045aYgpEx6Lj95XE9tiE26MZt3GepElBcJUN2fSYOJ/o1sBYi3U3 -u1ioODXHKuNFhFN/ebEYibYrv13amKuSIm5HYwNYbUiaT2ZjrGH2PKulILu5BtmM -melqaILSrhhGVPtDOBX9fgK4hPOWy9AY2fu+ZCdgrynX3jLNMnljw/etR9gf8s1T -E8hR5yi6yr5Lc0HwyUierAvdd3oMuPCXbMQ+0pjhOQKBgQD/fPI/eOta6ZX3VhSG -KemMgp6ecwNp17Fm5+0bLEW1nYLe6qScrsi2RISbM1X8vzpTciOmcoNh/w6APc4f -kPuOCNZ9sNaIMXr7UsBMgtzvW776YH08q3kO3AWtCaYQ9Ie/RX/OhnZ6kKg19oFa -vKhqQJVk4oIFZ6tu6SDTm7FDmwKBgQDOO23y41IQAFYiHq21UA8S/egLJOteb/aq -4FITHpl/QiPzyJKQRVk2EhiZ1vhXaiQE6Oes4L5mbA7PEKk3zfqhPbvutHejuoNF -dSo73oRg+MpIFMFKm/ylZBj4VVRnopN5HPNLpW2gKBxoA6/S//xigEztr1Jcd+z1 -ToOObhSyiQKBgQCp5y62lTR3FgX8IQuvGSpOngLcPoJTnfRFChF9U5jcKW6BzitA -Y1/pDnHdQGt7lLQ2EB6zL04+Gj9Le06bYXBYyXnSxoo0sisl/acSeqhwqWO83/QJ -J8Nu5VUE+PiuJ+AqjA5tirA52/9xO4hUjke1uVNgbt2muIWiUXjaIJzm5wKBgCGf -pNxt3YpIU8K6V73w8JQ7G2L9wPYjsQbJDfiaC5Ko+O2dLPAirlnXd3VVjCXMY1T9 -mBAikEhoo710zPIRPiSdyQ8xEzR5iz9+y8T5EYIx7eD0qVL9vaJFgKC0YM+IvRyI -8M3LieULxR3cRAVVwRNaMbCq3fW/g7228FH/dpZpAoGAdZtp3y4SzHWE8PLChm8z -xhHqVvrNjzY8NPAotYUOZJ7Sev+jlXqZp1sr4SI27tVrkJrYVb2lQdIRMMKJk7I4 -AZ68v+dQjGrX7Xrcu+iqIKlFY7HJT6fwr+syjt50RqYSDCPoETldpUyxyXk91r/L -irsU3E19H05+WGokTLkREts= +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCa26rANY8pf+t3 +U06CFjFEHTQ08O8opidSAnPMEGWLuiieIrSM/rMpxzIdk4sOlmj5CvBwvSGKiLhy +nPMGh03QZVfLOAdlspcglmmvLqnLMKGjXOKowqgBkwLRRXy66JTX1e06fXf6Nutw +KAYlGAU4PLTtkAASxbZiogCUeuCDrqtmHLxULzaRcPCUzdn/iiiLPrk9bBnUSfSq +8+0g8paCBAUHr4hV5s0SlCtG8d3b5JfRzyesTJllFbji29Ggeud7tsHVPuQfdZgk +pdL9pGeWG3AQWDC+UqKix+/puS1dnAXPFz+ZPZS06z317rDDb5pFMI35DWaGNcog +MR/0WWadAgMBAAECggEACbc3+IyzsXMa4xbpMUyypRce+CZYnuiDxYetW7N4p4JT +u44qXUE6nOeoO4ZO/miN5/gZez1GfjJTPi+eKL3y8hz1m+SlRCpnBG6jbVAEa6De +t0jj2Joz37tpPRd6uqBOfFcp5dZK4XoyHcyJDCk8ZJmccV4sPwFEDt6ioi4uaVyC +TiXbJooLMX1kiTlm4i9PE9aInKsp05DFz0e4oeOfKUBIFpvXWy4GAJTBAGZwl294 +h02Q2bF0ugKrlOh5lBd2bjloE/+k8zQwrILN8FKvPr9/DhO9fXWf1obmMQD3ETQF +jizxr0OTduMA4oDqagyNGtkM7pE4bGRcAFQN7VNfYQKBgQDVJBGT7AnDItx1evSU +kwr0IOhZ8GenpbVAjKAs7nh5D/gXbWyPUdfJQaCwXraVfDARWbnZiplZzvbzDs5Y +GzRbjQF0n2zOdrJfWicaRV7gDEVKshouBR23cpa9DF08Rx9zPPhdCxuQcljHCz8K +nmaHx1k4OlBbdbP/Q2EhQ6FavQKBgQC5/1o5zLNcBRbyQq4SOYJRJ7IxtqgNNk+C +Opdu+Kr0kFMKK+S+VXzI2VMja+Kfx6kyMqgjI+A0nXUzRw9b4WM3WvlVZ0XYh13a +iBB2D9lY8MjxhBwDHaA8yXKLDBtrd1PSi/zuN1NMGHRwIUEgQWW016RzW7QYBfOo +e6a/NSDpYQKBgQCwsyJPe9PsDq6uRq0Vr4HZOp7mUUPd3KcTSIJSPbFqzC5lXbYu +ay92Dg5lqV+9NiOzfqtxClJv/gEFKDUxHfyeGZwnTzQpRoZCPr9ELFancATSFC1Y +Ea29NCZ7vBBftKcCJn3QxTCo4+NtwIkXCJL/5ei1kMKl0ELVUMrphOP0EQKBgQCr +QyYYHJV2gLU9Qwq3ez60bWHWBsM8zyps1niD1PLNGGtt7TbFzz+ETSAReJCG4Ti5 +IQ3StYEH0YiOO7s3thQ+b0UwT1Rv6U0RIMJPg451J9lPEX8dm1TlQ/R1diN1U73a +G848prLLWaU1blliUvVMjFc/ZUwx5qESHTFP1KLGYQKBgQCzGcsFmd58po5CjjrY +sMvxab6U8FUmZVblCVb/KIepejwJRKbRYaiaqHrcD4m6bXVpRftLEDVPq1g+bvGV +1p070ta9y8Zk8BV/XfCv0HLELE7On//ThPhb7L3d2g0NWqhdOhZ1S4YBFiHYNlci ++XYSyDmJohYdvVxbG/YDqxBGbw== -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID5zCCAs+gAwIBAgIUeclhc3eoIxhcNOU4obPCurzh2rowDQYJKoZIhvcNAQEL +MIID5zCCAs+gAwIBAgIUbEVC5hWQQpWYIXOynGd8Ku7ioaUwDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMDAwMTAxMDAwMDAwWhcN MDEwMTAxMDAwMDAwWjBwMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV BAsMB0RyaXZlcnMxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBAM3R2nWCDfiudFtoFeJ1OEZ9SJa8F+wx15MjayOWpOIS -KVR3HLa/pjle1ocTt7Mr74iowvRghlLKEzahsPqmPjnl4nvxdwVvg9wNURH0FWve -NCd+Rdiw1r/3Ov5G0/PYk5bLTq1oTyhhen+GJLj3WxcClDBORYHAnVI0XJAoEU/U -aIxgVKEhER/UnJItWHM7DX1L1VnGrD/WBpUnJ11nkZiomuT4IeOKbzzVN2wf7dsE -X8pW43i1osbsTf5vhYhds24yWHEXw0NCOXB6XXivCbCw87ug+DZD/jUAvKHw/nyo -NvrsvkbwdAiTD6uep5ZZRXz1KqZPKHfT8ynZX3T68/MCAwEAAaNwMG4wHQYDVR0O -BBYEFF9Iy+JbFAKCo4ATeQWKdiJKty8dMB8GA1UdIwQYMBaAFAyrGYdlc3lY1CvP -iPeUn/U/DOodMCwGA1UdEQQlMCOCCWxvY2FsaG9zdIcEfwAAAYcQAAAAAAAAAAAA -AAAAAAAAATANBgkqhkiG9w0BAQsFAAOCAQEAbLsFZ8XoDBqzWQ8Tki1TaMM15pr5 -rLayr9Qk4lLfAKISLSRQ9IC3UNlKt6wyWAm9dCTywGCY+1lwnpgCeK+Ve7w9A06e -AUN4TVNffHb9LNsu+wj9fvyj6FBINtgBKgNWqjy1tQBoEJsZiIIRN1QKNuEgXEvr -+2aKUysdniTIIeQG5HIFd1TIG+ugabVPXOE4sHdUwXpcY6zcF6za/J3y3UvECOtH -bLIoiq7Zo9CDQE4nN3l4c0WkgaSL1YUFZSa5mLJgqUhn9crN1Ir2edoRg/Mn/Qfa -bWg9TVBBYAqYqfSsygObNywBf7V4sdgc2rRxwqh/TQ6TWvVXyN5tmCnE4w== +BQADggEPADCCAQoCggEBAJrbqsA1jyl/63dTToIWMUQdNDTw7yimJ1ICc8wQZYu6 +KJ4itIz+synHMh2Tiw6WaPkK8HC9IYqIuHKc8waHTdBlV8s4B2WylyCWaa8uqcsw +oaNc4qjCqAGTAtFFfLrolNfV7Tp9d/o263AoBiUYBTg8tO2QABLFtmKiAJR64IOu +q2YcvFQvNpFw8JTN2f+KKIs+uT1sGdRJ9Krz7SDyloIEBQeviFXmzRKUK0bx3dvk +l9HPJ6xMmWUVuOLb0aB653u2wdU+5B91mCSl0v2kZ5YbcBBYML5SoqLH7+m5LV2c +Bc8XP5k9lLTrPfXusMNvmkUwjfkNZoY1yiAxH/RZZp0CAwEAAaNwMG4wHQYDVR0O +BBYEFO8aTHYYTacj20OYic5ESjQNkMKHMB8GA1UdIwQYMBaAFA+r8H4sLl9BSYme +z+zQ/3AVgq5dMCwGA1UdEQQlMCOCCWxvY2FsaG9zdIcEfwAAAYcQAAAAAAAAAAAA +AAAAAAAAATANBgkqhkiG9w0BAQsFAAOCAQEAK7YzbtbkzBrjabmpuScvD6HNPwms +j7S0+eSb1uGyW5OtaH42lXICu4L9AGyIk2cdiY3dEzvvKNYqg9+Q+7Zq7XBtBJNb +xkdw011KJF3npgkDQNJIzYu0hBAeKcbZEKGYomE1p4naWbP4Exrsguikc/YyDdRy +DxgNsze67QMbUSvEPoiwnKXkbJ1OdYaGQQF6OZEmH3ARjfPY/OBx8LYGMfeHiLJU +CF4Sw3Ux8KUP2p5gF+jZAwA0mtcZ5EqowNsQ83dQECkHoN1VR1/mVWe2n9vbP2IQ +DeE4qT6t28ZWVv/ex2Kkt+OVcwdKUgi2ijLPEXH1cwWAIN/iv4jqUwKilA== -----END CERTIFICATE----- diff --git a/test/certificates/gen-certs.sh b/test/certificates/gen-certs.sh index 3cb82d63e4..750830b1b6 100755 --- a/test/certificates/gen-certs.sh +++ b/test/certificates/gen-certs.sh @@ -89,6 +89,8 @@ echo " ca.pem written" # ---------------------------------------------------------------------------- # 2. Server certificate +# Signed via `openssl ca` so the cert is tracked in the database and can +# be revoked, which is required for the tlsCRLFile test. # ---------------------------------------------------------------------------- echo "==> Generating server certificate..." openssl genrsa -out "$TMPDIR/server.key" 2048 2>/dev/null @@ -96,19 +98,22 @@ openssl req -new \ -key "$TMPDIR/server.key" \ -out "$TMPDIR/server.csr" \ -subj "/C=US/ST=New York/L=New York City/O=MongoDB/OU=Drivers/CN=localhost" -openssl x509 -req -days $DAYS \ +openssl ca -config "$TMPDIR/ca.cnf" \ -in "$TMPDIR/server.csr" \ - -CA "$TMPDIR/ca.pem" \ - -CAkey "$TMPDIR/ca.key" \ - -CAcreateserial \ -out "$TMPDIR/server.crt" \ + -extensions v3_server \ -extfile "$TMPDIR/ext.cnf" \ - -extensions v3_server 2>/dev/null + -days $DAYS \ + -batch 2>/dev/null # server.pem = private key + certificate cat "$TMPDIR/server.key" "$TMPDIR/server.crt" > "$SCRIPT_DIR/server.pem" echo " server.pem written" +# Revoke the server cert so crl.pem will block connections when checked. +# This is required by test_tlsCRLFile_support which verifies CRL enforcement. +openssl ca -config "$TMPDIR/ca.cnf" -revoke "$TMPDIR/server.crt" 2>/dev/null + # ---------------------------------------------------------------------------- # 3. Client certificate # ---------------------------------------------------------------------------- @@ -117,12 +122,12 @@ openssl genrsa -out "$TMPDIR/client.key" 2048 2>/dev/null openssl req -new \ -key "$TMPDIR/client.key" \ -out "$TMPDIR/client.csr" \ - -subj "/C=US/ST=New York/L=New York City/O=MDB/OU=Drivers/CN=client" + -subj "/CN=client/OU=Drivers/O=MDB/L=New York City/ST=New York/C=US" openssl x509 -req -days $DAYS \ -in "$TMPDIR/client.csr" \ -CA "$TMPDIR/ca.pem" \ -CAkey "$TMPDIR/ca.key" \ - -CAserial "$TMPDIR/ca.srl" \ + -CAcreateserial \ -out "$TMPDIR/client.crt" \ -extfile "$TMPDIR/ext.cnf" \ -extensions v3_client 2>/dev/null @@ -170,7 +175,7 @@ openssl x509 -req -days $DAYS \ -in "$TMPDIR/wrong_host.csr" \ -CA "$TMPDIR/ca.pem" \ -CAkey "$TMPDIR/ca.key" \ - -CAserial "$TMPDIR/ca.srl" \ + -CAcreateserial \ -out "$TMPDIR/wrong_host.crt" \ -extfile "$TMPDIR/wrong_host_ext.cnf" \ -extensions v3_wrong_host 2>/dev/null @@ -193,7 +198,7 @@ openssl x509 -req \ -in "$TMPDIR/expired.csr" \ -CA "$TMPDIR/ca.pem" \ -CAkey "$TMPDIR/ca.key" \ - -CAserial "$TMPDIR/ca.srl" \ + -CAcreateserial \ -out "$TMPDIR/expired.crt" \ -extfile "$TMPDIR/ext.cnf" \ -extensions v3_server 2>/dev/null diff --git a/test/certificates/password_protected.pem b/test/certificates/password_protected.pem index 7f9dfe45a7..6a8cc84126 100644 --- a/test/certificates/password_protected.pem +++ b/test/certificates/password_protected.pem @@ -1,53 +1,53 @@ -----BEGIN ENCRYPTED PRIVATE KEY----- -MIIFNTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQKb6V8p8vtC23xKAM -DjowVQICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEECts1AXkxzEUdhl5 -4whQx6IEggTQpAjBXy1MHrgeHutm9BlTE6qd8DlAb928ul8M9utdoL8zCqSE/sVQ -vLo/WWjJ8qXzgRLvIQHEkpP1EmZ7aEHin6dWWJbPl1ENN2klC55ZlKf9bfFqtz12 -WSx0ZvEHfG02WPPyspT8uQ4uksL4EM9zap7h1GtOAeyxAQF9TqOdOcQnlnI4nyXH -YDcp7Ge/zSZKQdgNRid9T3Vw4EwGcmpYH3W34q36xcp5Dl88gGdueoMHbMgWYJx3 -Ng1pJ6yVc7CHCByGHT7WsRIeqsjyTHIPjbh66fKUy0tNLV5OJBd7Btm5d2ZzCere -oZGrW1AkWkvMM9KOZLz6UVIs63k1ffaVqrB5Br27K2hQGjuNvvh8mI0KmXCSDQmb -gVMFVCuWHMx6EJCDbuP+xceHs5+Af6KRavi+Lr7VVNom06Gxgjk/+gtAxS1cDt66 -NAmSxUTV+j+6Uva1mA87rfD6L0eYrE2QY8ogQY9HqKivWsj6nbhwVE1C+xU/zDua -FNHSjaRlXNbtCeYHBdBHVpR/SvcicCj/6vwjQd00hwZly0CXkmKmIR0UVx7rM+0q -yindY4Pyja8xqQERZcKGylmqkcGZFumpLoGDzCYqgKP8d0cGJRq5ow+oT3Rqi3Zi -S+oN9J3ls9zE5lHvFeGX/+jtCYs1QFokHoktKfg9OQNSrVLrPisalOL5Uel1VblS -rpmv8Ux5mffT3XLIYXyA817fKPfivrl9Nzgf4hsyk2NtoBIbakHKga7ckwbh6tXa -kbqukeHsRIIjYMixfvL21edcjCSTelFWSndAQPw4gPa7kgUO6+FRUSvr/nYsNAaR -bzw3jmezlT57E+iJyy/qlRJIeLHESUxc9nmhGE5f/5m5O2a1oNDiu8FCqkfDXD8Z -d8BNyD8LQt9quhmLSbz2VYnN9W9LOIF7cRLWGGylUhqA4yvZcpgpTfaCjFpMVuRT -PLpBpUbELlIThr2RnxcRDgEAITLtBCR5ZN2exW+OqSDvtoaIE9j1PCl0IRooieGI -wIcsoO/HGTK5WY7oRXgJ0UOxzB4L7hv5ZBlWtU9PQZwylBYjmE6IWBwUNXx1cpaV -bQpQygGJbGQNiqOYHvwQvMDbnlf1+KzrcXmiD29bTWOQYHO4dvku9uN/NZtynfgB -EmysMi1YTj6YyiIByOJQDvEKSj2XPJ6r7CP1oCpY+GSy8YnYHkWwlMOVkN7TjJX2 -g5ti/UGZpwr0RkhYbqCX4NGoUCrUER22NYsJqirJDHMZVGgpTKIQAklFz6igVjSy -vQyYTfqhCQgVtq+wcOJKQklMNserzXSC0CTkBXKRNfIUUUZxp9eri/eCIl3dPTr1 -boRaYCtlbhyTywuJdn1yVME71uhfyYeFhi1xLxo2myC3vw9natBAyUNCUdOOrKBa -RtO9vQgV9xVBFK8Ju3A3if/Abxxmbgev+ZS/4eOs7YD/VVOlGSYXyLzBT49KDXn1 -6Rwzqy19VHgbDkGr5NmEycYtUNZ46Kwk5zUjzeJ7Wgy07flbsK1MQkU1CapgklR+ -CplCKT5483NeP7n+K/qxTWj281W+/28ajogcmWi6rPew1UvtaTbxI/QH9CZSLnk6 -lUGQ7yoXKT+MB2a58j2ejj6XIQ4oXNyZOAERCD+a4x0VZzmHWqirn4o= +MIIFNTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQhpFDlDzmGd+fd50P +flL5XAICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEMKwzbN1ulJC12iH +g+fJQL0EggTQIo0Du/ojwelIuPvDdWdnpKKQBNpYp2y92a7ACy3Y+jpFS6PrlUrF +2w24xma7e5YmTCOG2x3hj+wYno95pJxVJdQ/MF4BjQs8EKOrTwVD6fcxLuNI/8kP +xUlGQFyhc0KgqvISgVEEOHxkNAlkc6/ieaYHlxq0X07oMNF5AUUdLpnqG1trPolP +5Nfn1HxeSXvF+y2LlBKgcY6+ZLc3wdWGjo8nGDA2XdZUzcqQyFKXqragpHRTlIE0 +8mMv1nlu23x9S8nST63kM3GJ4iX8lVY8m6rBKNhuWUs+xbY+Mho8oH0t5h7Db1Pt +zu+SDFKp2Frtxe7uh0lVN1/m84gD8hBYAIm28aI5QhHEW2XKem/H8U/NLWXDwS8L +sy1jViqwKU5Cd1aDdxi2TMIDUanWaJwWZErUUQ/MaVxQGb3hts8ak8VM2jLNscvw +SadbKyiQGWhpze8OQX+eduOXADrRFFzhxRadCflKxh92AgfIP2LY0P8xKI49dSer +9LLDS7Rewu/S7TJPIUr94smL5qKfOWgYa2rx5heri07T6pniaL1R/Wgt7QsVTbey ++Omql0D3Do69RGEPTMjUFzniR0d/FqQRSl3ofntbDPJz4ydSMRDRt7FMTre6IykA +DRQfJ+/hdcZ4lVLY+5TmO4B2XUlufjX9W7NyYTPdiQoPWb4FHTK9V1J3qz0juv9d +6TvQuVDYkbI9beWiI24O6A0q8KbOh/tgABit8hTKItRxzPL6ZCne5g0wPH/0pGfD +tLO4xvWcEqx16CI3MpQggKyLOZADhgrXv+75ud66WkX8YP7ifYeeoXbcnUUVkt+R +r9SRLHs/2RjzO7IqwSTxow7QxrpbhuO0vQIfeiePeQysvgJBkyLNVewG3tmLRKrx +sIEG5XMqQ3hsF+UduzdWafzIdYUBG0chJts6dTrrWWtjGcWI0fq4p7VOA/juxJ1o +7iA7bWvKO/gb1UIK1B/3/I978YWH5p7rqkxoP2BIfBfvGsnBbNgegoVx/MrMPjHQ +nltvtlKycUCN8Hs7GU/1atygGBOoAamePJTkd2dHbwUhiU4Gp6BRw6OQO1fJEqG6 +xrw2vKwcRjsTqc1uciGNgRApRqAbe4JnBdq0PtXiwt0isEsLeG5QUdcayOAI7OPe +x0TH9u5LMHM/XDfk4dxMqopVcYzPr2Gn1FW+G+WD/KzbfGVS1XeeMHzBDl7R1IJA +3elGHWhDjRHp+eXWdjj/wc+iWaGsDKRi02d3AMeTBlEH/33DcRQsz+xNNUxUG0SX +KfXyjnrgtVLBBpQrLCTEZM7MSH5yrw62Q7nZrmS+jo8wJ3HNCTolunGGtQD+7T9E +xILMm3KMGmq/h3K2Jx7NuI7rE4ePrV/3kBHdDEpfzm2J33mKZjkI+tiWGfFSs8Iu +f2+6CQ+YdBBlJDd1KYvq8luASpEDVMhH97i5HinJr8alZuzJPeGYiE9rzoMtHh/R +l8D7xqY9xheyCtO9vTx+WfuMhQS72h1WLNcEYuziK5SlmXM9joXekd3LW5k8T/y6 +vfpzY7Z3UGSq03wL2IOthf7BNiVDze+cfNDjzWr4ps1R2GrAvP7OtF6WsHlphYCp +sAawhTx3ZaU0pNOk0IVQ3FNTCENq3Fn8sQkPMyWmOhtGvgCjD3mhdIs= -----END ENCRYPTED PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID1DCCArygAwIBAgIUKSPIVx8fGO7AXQ+UCeOeYSt3H9MwDQYJKoZIhvcNAQEL +MIID1DCCArygAwIBAgIUbEVC5hWQQpWYIXOynGd8Ku7ioaMwDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTE0MjEwWhcN -NDYwNTMwMTE0MjEwWjBpMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx -FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxDDAKBgNVBAoMA01EQjEQMA4GA1UECwwH -RHJpdmVyczEPMA0GA1UEAwwGY2xpZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEAp9c06q9VUpvRmaqU6y3z8mjDApdgfDOe9ZCKvTuU2CG3XUG6b09M -ZJSUw7FhNyTGkC+VauLP8r+VLYeSepn0CQvQHRyEJjrIwU2Z0NyngClBnBJ4ieOA -vJ1TA8t7/zVKvJGgDeSZwRZ9AW9wqA0lVGX6xux0X3n5SQnisxPYCQHaFtvxIxvd -C0n804hGrRxwjpal+NXZSdG6AG5IcS/zLy+C/SZsYRmUng8pBgyadPNaEBN6jIIC -L5QPIgg9JsJ1KhWKCZUvBnshto2qdZFr4yHlGGNejjBwhQmSw3lrm4xP/TOwWPVd -eADbwjlJ1ybl9zIo4ya8cApr6cu6QmrfywIDAQABo2QwYjAdBgNVHQ4EFgQU1aKR -s+y020aHbSsTpVcmfLPAqCQwHwYDVR0jBBgwFoAU7R0mLRtoLzfBIdU4uSQNaYmP -eG8wCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB -CwUAA4IBAQCaqWIGEPewAZoXKb+eaSa4MdiXujKE1s45UsY2xzGifkbSphdebdyA -5gQPEyEo0/zZXa2eZ9kMdBf36e5LVEXFBdM2emlTUYLFvLI4afcGhIX9cxtdiRR1 -PPONG3MZlVUKYvFatRzdsDjCC1SQwACvPma38oStnb4CCY3W7guTgks1rosm6q6d -zSR0Pp4JAABQaR6Zd6LqnF27Cc1e8fyBv0rkxty45Vpwqk/YhPm9Evd6xF1XnKpc -dOHQwwUNWdi/N1gC4dw6BydOeDoXa6ad6+Eus2M8GpN7Yiy22MQl1d6DdP6yMlBx -FM+uvMUzL20XOIQsyqvphH94FK/Ffw8u +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTg1MjM1WhcN +NDYwNTMwMTg1MjM1WjBpMQ8wDQYDVQQDDAZjbGllbnQxEDAOBgNVBAsMB0RyaXZl +cnMxDDAKBgNVBAoMA01EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UE +CAwITmV3IFlvcmsxCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAs0EiKAUVKY+q3j9NclFK+kGvp2uv1pJh7sTHvvG5S8pKytHK/HLI +6zN3RaL4QqgUxmN7H8VjJ+vyMJd3R8htUXFb//1Y/tnpRIND7dQ2F6VqHTGZvF3Z +ZJCB+QgCiFTGP5DKYJ8oZw2ZE6C8fca0bQ39dBqeyeX9+2NDiFxmOtDGS+ujnx1w +YCEirMkeR1WtMrCp+jK5SuhHrgFHaDFDHDU3RZyP9ODUSfKkPu5xkIMcLf4lb1As +6apKtGTA6uUw+68HSIrwdUghysmG3U4LSMVkJXSzDaszMCKaiKWJn3Cm2hggzvJu +WUIONAiqXfC0TiVTFlF/rFmoIsplcU7LiwIDAQABo2QwYjAdBgNVHQ4EFgQUJD1X +OCILxquIzaglCZR5D4+tImcwHwYDVR0jBBgwFoAUD6vwfiwuX0FJiZ7P7ND/cBWC +rl0wCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB +CwUAA4IBAQBODxEA8m3nXiUu783IWcNGsF2Mzn9vOdL6reTxd3hSqxZfLZi8VfQu +51LY9l3luZ4G+wCK2lcXXtyqNPBRGj8pYLI/KmfYFRMxo+pMDvq8WbALfkvYFvg/ +ZV2VCKvcM4e7IGPe7vx9gTlxVblEGok6t1zzJxCt3TRxi5uUT2tawtkhuZsVaxS9 +rZ1vX/tX7wCnY5dL9/2WXyNwvvpqIM01+u3sSrW9TRHDxGhiXk7h9xlivpET9jvb +Xa4IOq29XGVnTyddAWr0YVZjh7rAaLYY4fy7qrTQijDcdEyj6OVTyk6BXz+7gRgG +Zf70TZTjQH3898e64aClBRa/4v9goUsU -----END CERTIFICATE----- diff --git a/test/certificates/server.pem b/test/certificates/server.pem index 5540b38ca5..7e8a487c50 100644 --- a/test/certificates/server.pem +++ b/test/certificates/server.pem @@ -1,51 +1,107 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCUPK25g5b88xaz -AOQnx1u2oAANgl66JUXF6EDVYojoyH1f8t7yvEIQ7ZS1bupDuIg1lsypAf0VWFYa -5t+2n066XFr1cOl7W+h4nNoTm4uVV5ExZbs2w+TEvzlP7ef6Jo+p3lxCiuXh86Wf -vk/WuIlcGSUn600HrJaKnCIjHoD98iFXLRZpABS7pF8z+b8FxyJEHiiCi7auBo4I -0QLd4w22yl2cAjGb0Jr83KqqN5oii6L8xWwHrKz47Er154xq4/3rHNBWfbhGtfQT -ixB3W+IY8fOaM+cWNCa9MAtbEqj5x9zYDAnCmyUxpPywyFONBTftANiO7E0VVLAk -7vWtL/R5AgMBAAECggEABVyFzVjkuXSyqc9qxm7fx/oqJlLvHtJsSfJ9gyTo3hUq -Rlx1aILF7PDQLm5li1ooQFqaP7PyYGGX3lSNW4CQNg39vYoo7QJE+op0b2hyeE34 -0rg4OOHa61bIjuCEQbg//UfX6bw2Vkwb/cFssnptgBGUwMiHj7MpUA1s7/zmyMh5 -WZ194M/Fb8Oi3yuzngUnxqo8fBUVy1e/HMERLJCI1ifOjQ/3LRjDLHS3vSUUHJNK -fEIwFHIuVRKeT15qH1WiQHo9u2Gf/uRoxSuo6ZI4R8+/81ungk0wHbCG9FkA5zZT -6KJb2aeSY/2I4GhSEM7X/mHSrRlPIixzo6fzJd4JgQKBgQDNiH3/+6QKbIFRqNVG -uTOdY1TWuzPrqYIWyHLR1J/65tHxD6rJmzyJ8ETLH9VA85K0btTfzA83fJnRVTz8 -ouuLDeuMug8V2vCGJ4C7XRtp+4JYrKYmYQXGnW8UdsOUfTfFe0W5j71eVopCUIXo -mwhs//cJqQaZBzBIzodipjaHCQKBgQC4oqLm8hhwvrHe1ez63gHPkAkrFGUEwJkU -vF7Y6Rvlxe3Dd7q0v60OyyftKeLqKLyf1XjYaeI1O7Tb+4aCDleI65yF7cp3mLEy -kQU/VVCBZlV1XiJXaS5CJhen/ftaBDAi/qPqmonRjy/yXPZMJqFM+LjonGK+g+ip -tf6U9Hxt8QKBgCDmt5zRsInGotDqoPGIVh3ct8kEAKS55sw03ESAr/dfGb5oDqPl -SMSgBLMrblzOYO6nS0ZkCQ+Nz6W16mRaxC/nU4ycgCu0d4pSKoZTuj6190Cwqow8 -Pct0ikKRXG+Zt+LR//BbdSnz2oARGc6JesjQFMCkIR1ADFerT/rXtqTZAoGAOc65 -4EL2Qf6CpDkobFcsC/eV10YYZseCZkqgC5vYnzU8PxHyg/rrTRFwW8HciOHeRNDK -eD+WkoIyGxoCQCALahQSup/73zwQZrue//hPL2SB5zBk4idNU2qnx3Iuyz06cQp2 -+dIOymzhXymZ97e0kuvgwPuNswaLxu7zWWG+v5ECgYEAxpP+XbrDVAe696v5vQD8 -4w9LmqULtGAZyfLh3K5Fz8yRPP7uHsKivN8niaTWTGIGmD6Bk2aCdYgON0qp4fD6 -ICN+0lLcDPLcFy+qLACCP9BEONlXyihQGhwsQ3Z+n4bNyJ0kO8f/08UFxfz1xsO1 -y5FdRXA63aJyy1dEkpRauaM= +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCu6DrrhOOu7gCe +MG9iQAlcQwVG6RoXz/8lz416skDb5uVvzVfSEfsg4YB5qNLqcs3Hlq2WcAOZY8mY +1jF59xeatiojmqse0kgMr+GOpUiMJ/vCY8uWcgv94L+kJD25Z+Vgmo0Ja/XeBrOv +kHoDQxw3yHrEsUhD2AeZogh2BL77lCLVUIIugPWUfwOHHqjEo47lEW6RsFN8TY5V ++nJQYfIHNRHeLizVklY+5o41QsYukVsB/thTnVbmM//V89tZMUMUhhfj2QOQ9vZP +WklKOmFLn3Mvoc4eR1RXBpYHxvAVweWOheDo+OIWOrIGyGBNX7hGFmRVQeUOUSVT +rQdYfOspAgMBAAECggEASxFJxG5vB9OHOV2BWJIyUkJDgAkolULEd5ZqWtgpZRfm +rgLcJ8Fm3lhaOxzdlRj7v6coTnI54ToGOo3ngzitDU4UrN5DhkFrAeL0tDO0/M5m +S6poJORCyE4PAiQ5x5rTRBBg6sPGrOmEchvYehDyCfEF2+hYoyGTNXlpFzn3O+LD +gy1hYW/U1k6uqSGsMIc5H76+00xWSTPgpI7UcDll42bRO7Tv91QU4MqEqJhAIJ/F +TayPp6xyGT02zHmeliYC7KuYB4f85r055Ahl+97LsKnZKsLCy7wtgEHAZs0WFfWG +nR0b92WdjLdu4fZuJlyE7Lp6dBdAniLYKOi4po8XnwKBgQDx3wtZkmBJcMf7snUT +uUUCJ7A/BtAa9AboxpRBuVIUprzU3Owk9jucjcflcAFyUX4RFTtnZWYbwZDrN53J +jGDzkfUV8Y6c/tOwkYIh7n9OU63k+FOcKecelcDV4k+SptniZtXS8ZJkBJsAEBiu +q4F7r0gQacWBnqaWOMZQvzlVMwKBgQC5H80GJPz6jlenEhuK6ado5OYvHBngpOhT +XH/xOb37nRHPTQHnuUtfv5G3GYRTXA385Bh31PHbikmx+cUOYB+txY6mBWKewaC3 +TVbSkAQNoFnp8+aqgeTY5yegxMzehdBEHXb8614Xo3XguRubuiKvkKLW8Eog5r2J +jQi2CCdGMwKBgQCWeTDSdOI6TlPcHtX/g0+PW6mmTFLDsfVqc8Bgcy7BckogE6FG +DXpgl0Q5VUlRGanYbuEaHlc8BVxnOZ6MeS0H21IiaLlUqqSAQMY43euNizmwLV22 +1crXmErzxWvDzNHYrClypp9wYf0cOOdiI4jWreGjdGpPjagN5Rxbt9uvSQKBgEIt +gBlmN5lKMUNkUbxC8rmoujC1FvsbeIH0Wzhcr/G2oJs+qCOyNaOw0+JkmM1D5yw0 +ThroYN1efiHFbBBLhIeWS/xFiI/AIDfmydbT7N8CJ6JesmLZtHlliOEL+UDDDUSM +U/DuIuDIamc/RQNScvvX9J5pn9ZLJg56AFcyavfJAoGACwAYmEjQyOLZw+PKlNqN +W3Pm8ticsTx0KDdmOZ2VbGbb/olxLhBk11KUiyZwosLjXsMG2k6j34t3Nh9Gqgwp +tBpIFd4ii/IM1PL7yXIEIHnXN6oBT+DAqTzziE7fJhYAEJWYAt43Mzlm/joJzxwN +o1aioRCmCQZCCbzfCmqW9Jo= -----END PRIVATE KEY----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=New York, L=New York City, O=MongoDB, OU=Drivers, CN=Drivers Testing CA + Validity + Not Before: Jun 4 18:52:35 2026 GMT + Not After : May 30 18:52:35 2046 GMT + Subject: C=US, ST=New York, O=MongoDB, OU=Drivers, CN=localhost + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ae:e8:3a:eb:84:e3:ae:ee:00:9e:30:6f:62:40: + 09:5c:43:05:46:e9:1a:17:cf:ff:25:cf:8d:7a:b2: + 40:db:e6:e5:6f:cd:57:d2:11:fb:20:e1:80:79:a8: + d2:ea:72:cd:c7:96:ad:96:70:03:99:63:c9:98:d6: + 31:79:f7:17:9a:b6:2a:23:9a:ab:1e:d2:48:0c:af: + e1:8e:a5:48:8c:27:fb:c2:63:cb:96:72:0b:fd:e0: + bf:a4:24:3d:b9:67:e5:60:9a:8d:09:6b:f5:de:06: + b3:af:90:7a:03:43:1c:37:c8:7a:c4:b1:48:43:d8: + 07:99:a2:08:76:04:be:fb:94:22:d5:50:82:2e:80: + f5:94:7f:03:87:1e:a8:c4:a3:8e:e5:11:6e:91:b0: + 53:7c:4d:8e:55:fa:72:50:61:f2:07:35:11:de:2e: + 2c:d5:92:56:3e:e6:8e:35:42:c6:2e:91:5b:01:fe: + d8:53:9d:56:e6:33:ff:d5:f3:db:59:31:43:14:86: + 17:e3:d9:03:90:f6:f6:4f:5a:49:4a:3a:61:4b:9f: + 73:2f:a1:ce:1e:47:54:57:06:96:07:c6:f0:15:c1: + e5:8e:85:e0:e8:f8:e2:16:3a:b2:06:c8:60:4d:5f: + b8:46:16:64:55:41:e5:0e:51:25:53:ad:07:58:7c: + eb:29 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 3D:58:96:FA:DA:CE:50:8F:26:C1:85:AC:A6:4B:C7:7D:28:7C:27:5B + X509v3 Authority Key Identifier: + 0F:AB:F0:7E:2C:2E:5F:41:49:89:9E:CF:EC:D0:FF:70:15:82:AE:5D + X509v3 Subject Alternative Name: + DNS:localhost, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 65:75:d0:6a:e8:ea:58:55:ae:af:b5:fd:a3:86:d9:c6:a8:3b: + d0:3d:e8:fd:90:66:71:46:33:75:ee:47:73:85:25:88:8c:5c: + ff:74:db:95:2a:d4:16:18:0c:ac:5c:46:b7:32:bd:56:66:1e: + 22:48:a5:5f:c3:01:57:bc:f7:9a:49:a6:92:54:f1:85:9d:5f: + d5:49:18:9a:c3:36:1a:e6:a3:d3:06:18:fa:b8:0a:11:db:ff: + 91:35:42:7e:68:9c:16:31:f2:36:2c:a3:1e:61:36:d4:51:e0: + e0:f8:1a:a9:75:b9:3d:ae:07:5f:9b:8c:1d:5a:69:d4:38:21: + e3:75:93:6d:95:ac:2d:c6:02:7a:97:dd:e1:b5:62:3c:7f:b3: + 6a:e3:2a:c7:18:bb:30:7c:c6:b8:10:69:9e:3c:76:9e:f0:60: + ac:9b:4e:8b:18:1f:4b:89:34:f4:4f:46:3d:57:6a:7a:2f:1d: + 13:77:1d:87:ca:94:92:e0:9e:d8:93:e3:7c:95:15:6c:ce:d1: + 75:bc:dd:2f:9e:6c:dd:59:13:86:80:49:17:67:fe:77:75:51: + 18:6c:cd:70:9a:66:be:41:cc:c2:24:be:75:4a:95:78:67:cd: + 57:cf:d0:c2:0d:0e:ff:ac:f9:f6:37:a6:df:d3:d6:6d:e8:8e: + ae:df:1f:11 -----BEGIN CERTIFICATE----- -MIID5zCCAs+gAwIBAgIUKSPIVx8fGO7AXQ+UCeOeYSt3H9IwDQYJKoZIhvcNAQEL -BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O -ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTE0MjEwWhcN -NDYwNTMwMTE0MjEwWjBwMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx -FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV -BAsMB0RyaXZlcnMxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBAJQ8rbmDlvzzFrMA5CfHW7agAA2CXrolRcXoQNViiOjI -fV/y3vK8QhDtlLVu6kO4iDWWzKkB/RVYVhrm37afTrpcWvVw6Xtb6Hic2hObi5VX -kTFluzbD5MS/OU/t5/omj6neXEKK5eHzpZ++T9a4iVwZJSfrTQesloqcIiMegP3y -IVctFmkAFLukXzP5vwXHIkQeKIKLtq4GjgjRAt3jDbbKXZwCMZvQmvzcqqo3miKL -ovzFbAesrPjsSvXnjGrj/esc0FZ9uEa19BOLEHdb4hjx85oz5xY0Jr0wC1sSqPnH -3NgMCcKbJTGk/LDIU40FN+0A2I7sTRVUsCTu9a0v9HkCAwEAAaNwMG4wHQYDVR0O -BBYEFBOeLQ+CZYYAupW/IQXqUlBMjEdTMB8GA1UdIwQYMBaAFO0dJi0baC83wSHV -OLkkDWmJj3hvMCwGA1UdEQQlMCOCCWxvY2FsaG9zdIcEfwAAAYcQAAAAAAAAAAAA -AAAAAAAAATANBgkqhkiG9w0BAQsFAAOCAQEAP3OaQwijfrhDeJnQEiCLzhuyqh1B -7oWgC9CFG75Qe2VUVXcyIhhgYRE9SNUxv4v8VGEUB1HZmgMBO95xdKGCyIbkPmjI -qyXcGtJwBv4Uj2Fv5pswxMjInCE2qPHK162H2JG1nwRLertiOEvnLca1J9lysaIn -R2O6Ur0AwkWCnssD3z51SYt3xF+veFAMka8elQTMuj6LxerKf6SwaNo2zt24MrKh -zMAHfjrEVAAATUMcDchbcUd2E/DhbdbVEA4r4k4snB9Yg+5PouB824dqiwXiBHu3 -Ka+nFf/Pv+XVjR1pnVbiBaPnYxs+i+z0f3XMN1YMVNZpKF3ure94FQReHQ== +MIIDvDCCAqSgAwIBAgIBATANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER +MA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNV +BAoMB01vbmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMg +VGVzdGluZyBDQTAeFw0yNjA2MDQxODUyMzVaFw00NjA1MzAxODUyMzVaMFgxCzAJ +BgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazEQMA4GA1UECgwHTW9uZ29EQjEQ +MA4GA1UECwwHRHJpdmVyczESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEArug664Tjru4AnjBvYkAJXEMFRukaF8//Jc+N +erJA2+blb81X0hH7IOGAeajS6nLNx5atlnADmWPJmNYxefcXmrYqI5qrHtJIDK/h +jqVIjCf7wmPLlnIL/eC/pCQ9uWflYJqNCWv13gazr5B6A0McN8h6xLFIQ9gHmaII +dgS++5Qi1VCCLoD1lH8Dhx6oxKOO5RFukbBTfE2OVfpyUGHyBzUR3i4s1ZJWPuaO +NULGLpFbAf7YU51W5jP/1fPbWTFDFIYX49kDkPb2T1pJSjphS59zL6HOHkdUVwaW +B8bwFcHljoXg6PjiFjqyBshgTV+4RhZkVUHlDlElU60HWHzrKQIDAQABo3AwbjAd +BgNVHQ4EFgQUPViW+trOUI8mwYWspkvHfSh8J1swHwYDVR0jBBgwFoAUD6vwfiwu +X0FJiZ7P7ND/cBWCrl0wLAYDVR0RBCUwI4IJbG9jYWxob3N0hwR/AAABhxAAAAAA +AAAAAAAAAAAAAAABMA0GCSqGSIb3DQEBCwUAA4IBAQBlddBq6OpYVa6vtf2jhtnG +qDvQPej9kGZxRjN17kdzhSWIjFz/dNuVKtQWGAysXEa3Mr1WZh4iSKVfwwFXvPea +SaaSVPGFnV/VSRiawzYa5qPTBhj6uAoR2/+RNUJ+aJwWMfI2LKMeYTbUUeDg+Bqp +dbk9rgdfm4wdWmnUOCHjdZNtlawtxgJ6l93htWI8f7Nq4yrHGLswfMa4EGmePHae +8GCsm06LGB9LiTT0T0Y9V2p6Lx0Tdx2HypSS4J7Yk+N8lRVsztF1vN0vnmzdWROG +gEkXZ/53dVEYbM1wmma+QczCJL51SpV4Z81Xz9DCDQ7/rPn2N6bf09Zt6I6u3x8R -----END CERTIFICATE----- diff --git a/test/certificates/trusted-ca.pem b/test/certificates/trusted-ca.pem index d10496e8ab..0e6dbd0fe6 100644 --- a/test/certificates/trusted-ca.pem +++ b/test/certificates/trusted-ca.pem @@ -1,23 +1,23 @@ -----BEGIN CERTIFICATE----- -MIID2TCCAsGgAwIBAgIUQCWo/PU6IvM6irHYGWdpa3ARHxYwDQYJKoZIhvcNAQEL +MIID2TCCAsGgAwIBAgIUcDB3/OfLfieyLQ5ZtrTHZZfXYu8wDQYJKoZIhvcNAQEL BQAwfDELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMQ8wDQYDVQQLDAZLZXJuZWwx -HzAdBgNVBAMMFlRydXN0ZWQgS2VybmVsIFRlc3QgQ0EwHhcNMjYwNjA0MTE0MjEw -WhcNNDYwNTMwMTE0MjEwWjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlv +HzAdBgNVBAMMFlRydXN0ZWQgS2VybmVsIFRlc3QgQ0EwHhcNMjYwNjA0MTg1MjM1 +WhcNNDYwNTMwMTg1MjM1WjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlv cmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxDzAN BgNVBAsMBktlcm5lbDEfMB0GA1UEAwwWVHJ1c3RlZCBLZXJuZWwgVGVzdCBDQTCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJyY5r4OksZl5CfOZWo+0gk1 -5sSpAr/B4iQPUdA4jQhi5ITfWjHoCB/qvGxW+HZIVe5ojPjfZ7FSum0RKu3XwM8n -nf3uqedHNq2ECSA+h652/Sv6ddT1qmT+UPSo/iRpAIeummTt6/X1aneIz4UtOfl+ -VU2g6mXUZtre/ZOEHruBOhNm1X+usk9BkGpXaeZWqJrLvEQCfmI+uoFxlt3B4V9G -ck/VLOitsr8zGszPe1b1fKmbah4vCDR7VXZx3K6RvMWihkcNlGriROO2OJIBIK8u -XU5pq5l8ltysSrop9RPGY6CROJXP7GYBI58kA6/GDd9288x+4QPuafif/jefrZkC -AwEAAaNTMFEwHQYDVR0OBBYEFAQGvt0Na7xdR65/dDTJ0VAg1mBVMB8GA1UdIwQY -MBaAFAQGvt0Na7xdR65/dDTJ0VAg1mBVMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI -hvcNAQELBQADggEBAB9VzX0c0Lk2qbKmt4ZQeeUouZhgJmcTFOC3inKqjBVZkLAI -g0iDmdPUzbq0tospuJMNuXdToVcCgQ16Yq5dTcDAHZWcOu8qv41gOGV6Ke0gR7V2 -c5GHJ4TuDVk3SfbuU6+6/P+3CjXWJRJoHM4IfcBMSWJnHSuMjgYQr27NNJdCNroU -0OXr4TqbjzCa3adbzOuQkXPKVq1bmJbfM1V0QBDqtCrvgh5Sl+VxCPJbNyipWGAw -KSAS1vFH1/6C9dD8Ihn9DWXmFPXYZ3kPDbUTKGFaV0rquX4MpYnW7Mcy9SyUuwho -nPyF7IQtRHLCj0eLoLfuayZWgK1c+hZlEZRURLo= +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMxM+57BJzd0yEdwHJcpDT08 +uIAUwXDtqz73n1VUnD4UoBVx2XvyCvofXT1qSTmD9zDG/KwQu7fcWba7maGMcRMr +nz3/fiDO846pPnxgpklCJ5FO46xtZH5pM0WWjIL6+ee4vIzmS1TIURHBjS1DHBah +q0bz/4I/sOo2hUoABwztOJcm8rKx/vAV/ItKjgUUh8GEFUQj87hY3JFaWclkVTse +gPe2uPOxlbZQ7b+GeQt9EX8svg98GVJwxzqYeIIiOcuJKuOwUxuu55LxE5l8mjXt +bKAs73v5Y/mBU8P5VamABrWDI+HCdd0Ku/IBGeQKsjZdAqKcxTt9p9NpYHiyu2cC +AwEAAaNTMFEwHQYDVR0OBBYEFHy2L5ZFBWL44NIxmD0dYC2Vf8UmMB8GA1UdIwQY +MBaAFHy2L5ZFBWL44NIxmD0dYC2Vf8UmMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBAHrAmym51AOPKXfq39qQ1m516SEQv/ZpAnN5HaGIXSBAne1e +sj3n4YOrvZ23UwkeiCGAOCHTzuRXk+Pd+7Ft8C9fOyrYai5R9NeygNJMtgLB3dhm +iPi6oY3XUBUjbP8VCFiRLuhTQjm65Nt9u9pAaPLrtkXKZlrwFfuIOIB1nJI6NBk8 +q94lJoo5XgMgA3RDmuq1u57nzCCUTi77BZkASTPEIQ4s+wYB4XYb12SSPN95Ns6V +863KZQRFBVqz6ZZoZ9OMZzX4paRi9MCbdIhoibhafjbF5je8wujVVqRsD4ALzwUo +Kyss990wYIZDMTes4dVQRRat/qayHbeCSC+wxu8= -----END CERTIFICATE----- diff --git a/test/certificates/wrong-host.pem b/test/certificates/wrong-host.pem index a32e592169..028bc656a4 100644 --- a/test/certificates/wrong-host.pem +++ b/test/certificates/wrong-host.pem @@ -1,51 +1,51 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCrY75NyMLhLJSV -b5Vy8wU5jV/WxLj0Hw/+YfdDHZUJcYBqvhpT6wNaeF+IdqvIijwSmHbqvOXafXny -hk1er8Fqwi77yLhcAY2dBqh/8RUKyG8cqsh8FvEvNiVLg7Im/djpUjKpV2iQfYj/ -BwXRGdSloBw3dMPU27XOIGthYU0TKqY/6nhn/5pi3z0G/1txhaLAV/7PsYR6wxZH -d7kDYi10tWGRl1PqDQrTo9z1JXNT5Bda1YCV3YO/t3FUBT3kXbYImKKgAK7K7IRV -ptmS7w5QJyAGOZutP8I3/CVhDWr1zxm8eFteQ8uPk+CgZJtvuxxSIhMBvRNgHiKQ -YH7u99HzAgMBAAECggEAJlE6brF/wE/zOCWmR/jFJkTRNHbu0sVPEhRc74hhlabm -ivbNdA2KxmM7GItPhJpDK/UiQQDScrKy3OHh0lWA7JlVX71UWl2Oh5jBezku9yYw -kTwtbnDCo0d7txJOdiEyqZdS9EEyg3tNcZbkWgdoX08Yf91/Gsu0Lc1ZtH/Id4wn -v+ITs2B3pv5JWJooHDA1st2qXPCTxqBH5UJqFDBgpbYBDYyOHGWxCfOLZ0KMs+et -cUabDk01tU33GdYElNP6Ca12ZKh6i7UrNmVA40zzVYsQnIdx0qAX+TppkzQs2RxX -SuKAmQnnyxsKepqecm4UdzzXSQO3qnnXubfmYJDfYQKBgQDYuZnecTQ0anaVaNaP -sOxCPcqxZM4NqZdac08nW+vfpJm85l+id9FziY5IUTz8W5ijO8iE5oOZahtzbLZV -jQSq57N+CdClrB1HpPwJhXI/oU2Y6o6MDaQHyZq1RMfh+1A3+O65JkFdR25PAMQQ -ZSASxGLktJiuWImAicFtZAEr7QKBgQDKcuyHaxXYmKDWveWw39VgvFxKFles7KLH -ZzuFKyiBAR+COMheDZjvtDvs7gZyhikvVbPM2BdhuqxWqjTd8rMCXRPTsGpWEFkB -XN0BPoRPKeF1FYRfMJey//xUr6KOILQhKnOO3ijazOJy2BPXD7K/qLNlRVUGXOM3 -8YWOxiv5XwKBgHmq+K7gbqZefmQyjwHsGTa26evc47DX3Jhy06UM/cZ36bcaveW/ -zl5GgxImSU6DPZWmIlQ59PdTkkWialps6InpueKwL+pSTb3C6ZuOxyzhqWaHh68o -mUWl8KyDCJPdOpOxtJNM3rU3PL4td+ScYP0oMzyiBnUaT1dR/r0iv2WhAoGAA8Mz -BilFVKsxggwxcqIWUx/tDytvIbWcKNyQTJ9Kt2sP7NmlT6otB3dwDa02zXYU2d5b -4xi5BoXzogCzztQt44NbVPnYYBUZsl7JdLZ2uwnqOMTXmvVKPHdpdyF0gfO1pVAm -qacTV02rf7roU3zlM46tFtq9A8tCJc4FT2v7cT0CgYEAx7OlCb0GOpjkCbDvgc5w -+9yyUBcUqredtUXyAwKN2PticeTi2fi/hxZ6SOKoX2iNPq0JHeNEZl4EIHLGbnVL -CqWpj/V9UKevYU6VLb/EM3V0kGMCfuFU7huZ2T/MDEfT9sAjSHO1nSLK8AUE8H38 -6NARhxCZKTfN/1T/+aezph8= +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC6zToi+QIWIW24 +xTSa6ZHUy+r71b+6DRpv92hE9/vTNwWXSFYq8LE1g88UE1aamP1B96wDk/439uDS +9nv5Y/E16fnkuktzDFnWgpPrx1V79XC0lkQGXatiX9Tq1k+CzsPkTIhN5lD7Cqv8 +DdfMdSk6i+CEx1mVP9XMfWeXHuAvv9C2OAyy7dC1vLi5Q2MWQ19cU60mWKLt5LU9 +uCB8FcKwVlzBixXS10/9uNdubLRMEav6synALiFQ6y9Nh0T3MwW0HobynDffese1 +yEhoy2TgjdvMOyoS9nrYHlNbIZlxavd2H8XR7XA2usrF/CIP6FCpICalS4oKfdYB +816+J+CdAgMBAAECggEAHzcfQWvZ+OfCJY+ywDZKu8QNsuKfpM/+vHob7vZ/muaF +ZSfd2lQZUMeDaafnn3L0Uzs3f+uRnjl/jVFKGz0juC4up5Wn+QQ12P4+CLbpJos3 +t72qhWPOuWQpOMryQ3oYywQs/NOBccnxPm/zwUNMze9E5/tGEYY2zHKiRmMO9Htv +/F8llJRVVZwDm0dn3UDTOTr3R7owfF+BoR2R8SPKe9PFP91AqPYxqsvff3iozKPw +uHHFS0EpWD1P/FnK+MjOUlpZhkWkZ5Zh2PeWYqk9mKuQOgMTUWfM/96dmzeIMlrA +dKFN2fkqgEkdUK/fPMWLzwbV9PwiZSDLICe+Wna8kQKBgQD6VakPDTYNOGWbTBwF +8j58kc0AVE1CFSyJ9hKXmdAuj0w/X2+IIygb5VD3v6zp4MCLwG64cVeQW2E7mojD +Dg2dfhjvr9Csh8EURs3lwIylf9pi7OSTEmXHv2OIKOlrSdSPn3NQBX+q/8M793/1 +BonAR8lxMOdS2IvN9WVRY4S4OQKBgQC/B3tkLhIi7y8XLZ459Nehg06qm2GAXgse +Nb9vCXqvf9WHdZ1b0hjS8h2CK+BJ1Wn9QpbfLHET8pz8fBPyfJsXC+sD9JxhJ9tU +GU6rlXitrzF4WD4Slyk3mSpO+yqN4ZQGlhqJhW+kGqIDAyV3FncDYDCeSx6O/Qqm +44WRCWeDhQKBgQDfw7QTXTbEiHXiZBzkf821IcrCEZjhifW++DNUScwZ4kNAnnke +knZmwQsn+bCBekICaadOvRmNUvFOCutWl3g6IB4AGgMIRWykSEoBpaTSxr8aEDCc ++iP6caxxaEiFe4BCRUAY9mFRI7+LGcfJ6Oc29bQtto3/ssr89e5z2uYmmQKBgCqH +wOoR88nBVMulRWgD4go8kMQdKf0JcxI7xy4yfxUZsfGhtvIdeZdlfjpgCGSH1jwj +mjF/1IErb9YqzcocAe+EoMNVr4dV91fm9oPvGFoa+jmf89nxu6R8PlYtR1ElWu6I +dsoNYki4AUAIcEvuPXsL7GchtGEDZ162oyMiY+B9AoGAaOBoT/BWxMO1eDG/wTWj +gG3151f4bb5HEBV7s0xhHdhdnTexJTrAZBLkDpWJmj7d8zlvF1CxeJe8nhHFWbr0 +Zp8Resp6crar6P0aCvJz9e1ynmFMMClgdACoEr+MflImVawGnJ82EgsMk1u+6LQb +esBeRYGyOG5ccB0gLfkEKZg= -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID5zCCAs+gAwIBAgIUeclhc3eoIxhcNOU4obPCurzh2rkwDQYJKoZIhvcNAQEL +MIID5zCCAs+gAwIBAgIUbEVC5hWQQpWYIXOynGd8Ku7ioaQwDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTgwNjEwWhcN -NDYwNTMwMTgwNjEwWjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTg1MjM1WhcN +NDYwNTMwMTg1MjM1WjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV BAsMB0RyaXZlcnMxHjAcBgNVBAMMFXdyb25naG9zdC5leGFtcGxlLmNvbTCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKtjvk3IwuEslJVvlXLzBTmNX9bE -uPQfD/5h90MdlQlxgGq+GlPrA1p4X4h2q8iKPBKYduq85dp9efKGTV6vwWrCLvvI -uFwBjZ0GqH/xFQrIbxyqyHwW8S82JUuDsib92OlSMqlXaJB9iP8HBdEZ1KWgHDd0 -w9Tbtc4ga2FhTRMqpj/qeGf/mmLfPQb/W3GFosBX/s+xhHrDFkd3uQNiLXS1YZGX -U+oNCtOj3PUlc1PkF1rVgJXdg7+3cVQFPeRdtgiYoqAArsrshFWm2ZLvDlAnIAY5 -m60/wjf8JWENavXPGbx4W15Dy4+T4KBkm2+7HFIiEwG9E2AeIpBgfu730fMCAwEA -AaNkMGIwHQYDVR0OBBYEFLmrT18i2YXmBZ9Reax2+ICrlb4bMB8GA1UdIwQYMBaA -FAyrGYdlc3lY1CvPiPeUn/U/DOodMCAGA1UdEQQZMBeCFXdyb25naG9zdC5leGFt -cGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEARxNAnJVW20EqXPMFaghwX5dKw+ss -1cG74XxecBo3AM7Y2G4o5aiS5DwpSarokw2nLlpgT9PGbvtSxcB5qFG5eArqKEx8 -x7ECw4V56lXJEAUprkS8AioTGpMJJUVJ+nNx0aztWZWfp9D4txU04eqQ373bL51S -ixJS4ruSk1O5sMEMU1Uh4LB8dkKhvNiqjZVm54QMBtYY85CfdsHDDCeukiScZco9 -nZ/KsprgKal1PJ+vls8XiVZVct1cFU+XEAs90U17p2w0zLu/7IkrJPLNH9ueRX2U -GNI6gmwB9XMVqBn3vnYoutsZl78JIN6xI5ifNPJoI05YhlWJ9V8ZsRV0qA== +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALrNOiL5AhYhbbjFNJrpkdTL6vvV +v7oNGm/3aET3+9M3BZdIVirwsTWDzxQTVpqY/UH3rAOT/jf24NL2e/lj8TXp+eS6 +S3MMWdaCk+vHVXv1cLSWRAZdq2Jf1OrWT4LOw+RMiE3mUPsKq/wN18x1KTqL4ITH +WZU/1cx9Z5ce4C+/0LY4DLLt0LW8uLlDYxZDX1xTrSZYou3ktT24IHwVwrBWXMGL +FdLXT/24125stEwRq/qzKcAuIVDrL02HRPczBbQehvKcN996x7XISGjLZOCN28w7 +KhL2etgeU1shmXFq93YfxdHtcDa6ysX8Ig/oUKkgJqVLigp91gHzXr4n4J0CAwEA +AaNkMGIwHQYDVR0OBBYEFKvLZ/h0emSijTtXoVcPBibT/IQOMB8GA1UdIwQYMBaA +FA+r8H4sLl9BSYmez+zQ/3AVgq5dMCAGA1UdEQQZMBeCFXdyb25naG9zdC5leGFt +cGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAmz0paStjdFmdOOZMFykfwYY4BwOA +dfO5Lnqqoq3TH9mCoca9kNH4bQBhIzPW9aDnaKf2UuABFTcmxR0FL+Vg04+15sYu +hln/wcTDnFe8MZQGB34zaXIYD5L2NJYXuuHqiodC+Ggh20TGGMSXZpfJotJJF8PD +P5B8eQUdH7lR8UTPkxZQfze9u/uyLZkJoQEbLUwM+vw2eecfqOl5jqnTyUhpq8fY +QFmSboi7UZt8ZNdhzEKqaKloDqfo4Ba2hUZDW2Q6eAs8SgNeAZj2Q9LyEkIRoMLX +/g1tY5+oTuwbtVi55+MC5336sA2AmaTyf9dvgyYB1yIzA+KMJiSGc0rKLg== -----END CERTIFICATE----- From 2af05ecc40b79b3e935e73fa178e09888b2c2c68 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Thu, 4 Jun 2026 19:34:58 -0500 Subject: [PATCH 08/28] PYTHON-5040 Fix CSFLE TLS certs and configure-env for Python 3.13 - configure-env.sh: clone blink1073/allow-cert-folder-override branch of drivers-evergreen-tools which adds CSFLE_TLS_WRONG_HOST_FILE and CSFLE_TLS_EXPIRED_FILE support for overriding hardcoded cert paths - setup_tests.py: set all five CSFLE_TLS_* env vars before setup-secrets.sh runs so they flow through csfle/setup_secrets.py into secrets-export.sh; load_config_from_file persists them for the test runner - Regenerate test/certificates/ with: root CA without AKI (avoids macOS CSSMERR_TP_CERT_SUSPENDED), CN-first client subject (fixes x509 auth username), server cert revoked in CRL (fixes tlsCRLFile test), and wrong-host.pem/expired.pem for KMS TLS error tests --- .evergreen/scripts/configure-env.sh | 4 +- .evergreen/scripts/setup_tests.py | 19 ++- test/certificates/ca.pem | 33 +++-- test/certificates/client.pem | 86 ++++++------- test/certificates/crl.pem | 16 +-- test/certificates/expired.pem | 82 ++++++------ test/certificates/gen-certs.sh | 6 +- test/certificates/password_protected.pem | 90 ++++++------- test/certificates/server.pem | 156 +++++++++++------------ test/certificates/trusted-ca.pem | 33 +++-- test/certificates/wrong-host.pem | 86 ++++++------- 11 files changed, 307 insertions(+), 304 deletions(-) diff --git a/.evergreen/scripts/configure-env.sh b/.evergreen/scripts/configure-env.sh index 8dc328aab3..ae5da8c7e9 100755 --- a/.evergreen/scripts/configure-env.sh +++ b/.evergreen/scripts/configure-env.sh @@ -74,8 +74,8 @@ EOT # Write the .env file for drivers-tools. rm -rf $DRIVERS_TOOLS -BRANCH=master -ORG=mongodb-labs +BRANCH=allow-cert-folder-override +ORG=blink1073 git clone --branch $BRANCH https://github.com/$ORG/drivers-evergreen-tools.git $DRIVERS_TOOLS cat < ${DRIVERS_TOOLS}/.env diff --git a/.evergreen/scripts/setup_tests.py b/.evergreen/scripts/setup_tests.py index 29d3c3a78b..1765f03c38 100644 --- a/.evergreen/scripts/setup_tests.py +++ b/.evergreen/scripts/setup_tests.py @@ -380,15 +380,22 @@ def handle_test_env() -> None: if not DRIVERS_TOOLS: raise RuntimeError("Missing DRIVERS_TOOLS") csfle_dir = Path(f"{DRIVERS_TOOLS}/.evergreen/csfle") - run_command(f"bash {csfle_dir.as_posix()}/setup-secrets.sh", cwd=csfle_dir) - load_config_from_file(csfle_dir / "secrets-export.sh") - # Override CSFLE TLS cert paths with our AKI-enabled test/certificates/ - # so mock servers use certs that Python 3.13 TLS validation accepts. + # Set CSFLE TLS cert paths to our AKI-enabled test/certificates/ before + # setup-secrets.sh runs. setup-secrets.sh uses ${VAR:-default} so + # pre-setting these vars causes them to flow into secrets-export.sh via + # csfle/setup_secrets.py (which reads os.environ for these keys). + # load_config_from_file then persists all vars from that file for the + # test runner, so no separate write_env calls are needed. certs = ROOT / "test/certificates" - write_env("CSFLE_TLS_CA_FILE", certs / "ca.pem") - write_env("CSFLE_TLS_CERT_FILE", certs / "server.pem") + os.environ["CSFLE_TLS_CA_FILE"] = str(certs / "ca.pem") + os.environ["CSFLE_TLS_CERT_FILE"] = str(certs / "server.pem") + os.environ["CSFLE_TLS_CLIENT_CERT_FILE"] = str(certs / "client.pem") + os.environ["CSFLE_TLS_WRONG_HOST_FILE"] = str(certs / "wrong-host.pem") + os.environ["CSFLE_TLS_EXPIRED_FILE"] = str(certs / "expired.pem") + run_command(f"bash {csfle_dir.as_posix()}/setup-secrets.sh", cwd=csfle_dir) + load_config_from_file(csfle_dir / "secrets-export.sh") run_command(f"bash {csfle_dir.as_posix()}/start-servers.sh") if sub_test_name == "pyopenssl": diff --git a/test/certificates/ca.pem b/test/certificates/ca.pem index f869356c03..978edcddea 100644 --- a/test/certificates/ca.pem +++ b/test/certificates/ca.pem @@ -1,23 +1,22 @@ -----BEGIN CERTIFICATE----- -MIID0zCCArugAwIBAgIUJseWjXTSpvUEw4c7Gmv15xTidHEwDQYJKoZIhvcNAQEL +MIIDsjCCApqgAwIBAgIULKg2PII+nqQgPEEysgWStNhMZ+UwDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTg1MjM1WhcN -NDYwNTMwMTg1MjM1WjB5MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTk0OTMyWhcN +NDYwNTMwMTk0OTMyWjB5MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV BAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMgVGVzdGluZyBDQTCCASIwDQYJ -KoZIhvcNAQEBBQADggEPADCCAQoCggEBANyGgty8WHa3MAPAhzIFntWTRMx0CgRQ -rAlRwxgA5fmGvB2HQDdXpLmo3g74jt0p4OB+tOC0resv0WAsCSTMkz5suZRrfHk+ -Md1VdxHFl7LpVNtP5XZKIkIwnRB0R6yBPGg9McV5/f3CnYZcMrXtvGsMJF7jWLzf -17k/lHmsUUmFpmLSI0Zir8nRdgAlKSQLeApYudBnPNhCGUJxRtEkVe0EZkH0H2xl -+K6A3Lu8KHRuA0KLKV4rgrMAuFa4TQJjeeZ1LoSouBHslsOxbaQ5f9fqUCO6gjRU -JndsBiDyajI9HWbeKAxJb07lHg/5Zp4VovvosA1rwSQTdfoM7qvEZPUCAwEAAaNT -MFEwHQYDVR0OBBYEFA+r8H4sLl9BSYmez+zQ/3AVgq5dMB8GA1UdIwQYMBaAFA+r -8H4sLl9BSYmez+zQ/3AVgq5dMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL -BQADggEBAHQcCgoZeIcZkk8iEL0cwyeXV/lVrlz0NSoLURJbRwyd18p6xVCMQcg7 -xLk3iljcGSWx9QTrgdpfopLuOvWITl9gfmjHJF5tdA2kEVLZ9nXDZkFKHHGDcM/c -9h/L9X8SgvFGkZOdRLJSXi0QUJgMNCDHyxf/InXntlUI2cXtyfxm8bk2Jsegkw1Y -6jOJbZk+xIm4Qwt3xyYKoQulqp7TWrn0/bcvFcK27P/o9f8Ay06JxwobxRwQAfoq -ZcLea7KGdnvVuYgYea0ZPNNNfeTlgRwTv3KhszMmp5YluA+Pb8idKYfmWYtvYl4f -nynC5NTSKRanQDdqcFUJJqnHNNQLVS8= +KoZIhvcNAQEBBQADggEPADCCAQoCggEBANRxGUwLE/UuYqbxZpRXtywLyHiRezn2 +uXatT/PcKtICvHMFINe4Co1414lnL2qrhGCxANpeIobzE0w3WSKgHweTISV8+RZp +H2x3EYBd15MbdDdYDhBYUuGIH5N2C3gDYbkcZBY2cK4RB/cruuZLHf1WSVFFUvK1 +V6hWs4w87c1H+QxU5RKvX7T0VNH1PmGp5xSbxwjkdVLb0o9YVN4nTE2FAGvuUp+n +zUrZjGMDEjFYELeFVpQGTgXgvw31EzeOMZvXAo4mWzH1V6z0hdZg0RDbAxT5CcAg +157qSLbQi9BC0/O6kcflqgYOWwrkqOsNs3ryx/8lbxtZtCtRC15ynu0CAwEAAaMy +MDAwHQYDVR0OBBYEFMtZaaZbjHw6O5vfyZtBE20tgGMhMA8GA1UdEwEB/wQFMAMB +Af8wDQYJKoZIhvcNAQELBQADggEBAFRTyRmtpoVEst3l2TeovA4BeCv7zdaI3EbS +vOwCqNdJ84biNlTjtRWrrIdFZOAHnseEvkxXxBewzuFL1tXiGFkwr43vXyf/MIVj +inzIK2mViPM8vIhOCQSpStgvUaTrvxK659VoLC85SzcCDhUzT0MqXeYjw4sHsTvj +f6GLg2oLuPCcxkfbk+cGIkL/3Dc7Aaq1mqhlXmqueGtIgNf+TgqOyeUfBQ9EEuQX +IZyQZ4PlMPWZ54YBa97fmW2+5EhY1WQ7SJ8abpjA2tkCvPcjaubUCjsASb1OusQS +UPwefW3YA87ivSK5Z/D9HVzvNQcPkr9a2ennS94t69hgDdo65sc= -----END CERTIFICATE----- diff --git a/test/certificates/client.pem b/test/certificates/client.pem index 39f95c3a60..0dd0fb129d 100644 --- a/test/certificates/client.pem +++ b/test/certificates/client.pem @@ -1,51 +1,51 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCzQSIoBRUpj6re -P01yUUr6Qa+na6/WkmHuxMe+8blLykrK0cr8csjrM3dFovhCqBTGY3sfxWMn6/Iw -l3dHyG1RcVv//Vj+2elEg0Pt1DYXpWodMZm8XdlkkIH5CAKIVMY/kMpgnyhnDZkT -oLx9xrRtDf10Gp7J5f37Y0OIXGY60MZL66OfHXBgISKsyR5HVa0ysKn6MrlK6Eeu -AUdoMUMcNTdFnI/04NRJ8qQ+7nGQgxwt/iVvUCzpqkq0ZMDq5TD7rwdIivB1SCHK -yYbdTgtIxWQldLMNqzMwIpqIpYmfcKbaGCDO8m5ZQg40CKpd8LROJVMWUX+sWagi -ymVxTsuLAgMBAAECggEAPmpB/eRTK48KRGuPSGxU6pGfm3CMH+8FaZGcKXjad7De -3QMypjdDjV30vEsUHYWQAkoWT4g3z+lAgbnjvxtjMRYDHj31VHvE1OXN68xV72LZ -8YNZT/TvoqwMjY1D8HtwMib0yLLyavuZnvN7XmInZceWxmwUeSF7j6JPG/ZsZDLC -n/ypgxaBv1lrWZaPI0zQAtLrfjk9CMai2vwsvPTw7S9sbkRNfgXOfXtxz+Ngg1Jg -Tppa5GbULytdmxYmEL3zthnmQuJmFTvh8Sp9we80jyq035StvZue7RxeXm6QFF/o -+G9A0KXqfsgG9WuklWSXvXhHBLxIk7GUb3TIh4vWQQKBgQDu4hHcqRfTNwKrADxJ -pkKK/yM4XidkuCn1N/8VIXXpxavQPbshP6e+kyiDlFqgBdEXzKsKJF3T+sRoYaic -NpEVwNf08yAOTnORfKY6r2hEAdf0y4yB2Qv8GT1m9iq2LQSK43G2BlCsh2n+KTZk -/RKm6xs86VBL7qkQRpMfvUOvSwKBgQDAGUVRSDJx3VHLnb4k+6z687btGGYBo/Y+ -p0TAy1lZ7mLWcHfDQgXQ9VbCVQAyGkJrfUpcozMvARDUtzi5DCtEGpA2L0orstIJ -nZw9PLNldYDsfuTLhhBjBLT05ZTXa0PZDXi3Qtw0KWu3sRbZeRvJO+MAZ/zw8kkv -ej4VAXxswQKBgQDtdEkfF/J34PHE+0nyR9NTiYQADw+Hfc0vVUc5QPaNtxEvwX0W -8siSloMqMDjZYo7S4n6OaVHfWiEMRS8ugMs9XWENuvL9ZZxZXRd7tEqnd1Gsovz7 -Qb45DPnNNBuG1T7ztFye/K4KodyJaXwJbMqyo3eC18UahZUGebDbVu5F+wKBgBX6 -Ti3wfqT8V0FeeMSubqn/fCxAIFuLsL6WUI1mNoDNf01dbLZQNW4kw5pUM0OIMZUu -rnVOzqpQCubrV3gEZmbSSzGH04qQWOt0ts1ixnuTJ/7mvbJzUiih/zoNkivbP9Xz -bp447gyhuIs5nY2gB4fMbDo9q3i9n5Xo/HVWyC+BAoGAEqS3DpZLRLRjahMwiEd7 -ojsDa58sp1/q0MyrMuIQvKt6y0MrlGId/TTgr+uLp0PAHZiRcfj+MHYS3q4ftw3M -DKISS1HzC1EDRbrH4IUsJTbqHWTxOQnUWXmeNWuaf3k74H6rsL1er6mq+kG2bKTr -YzZCX2b+WKJ7kbvloaiFfuY= +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDtXBFcwtyqmqPK ++mBDuOxyURSuPSsVn+W2gHij2y145ArA821ivyCXKee/J98mElNXmGAAVpcnSksJ +FvFYz/SH8aHUB9JqczP05dHgCE5EQ6g6D5PF5oiaqac/2VHGqqEs/HRGyNhnROHk +ve0uHVHZUN3UGhTpzAHDRWN7/w5MWXNqRYETaZyI50osBJ+PSkAsgOl4PF1sqXWd +fKLpFkE1V/1Qa0ZsIp8YtXDF9EZp1P1NqoAAsijXIHI5mZefIn9osKeeIluf8/qS +caJRlQ54og/CmRqKK37RLrIV5droBav1OoDE2ANdq7PMVW+CGpUOB00LpNJ5hwrO +ZmCPccV5AgMBAAECggEAAlVUnV0UBsBQ6mKmNhw4BNKruZ/Dz+lbvHzMUs4JhyX0 +vhtWgLFAzIOesdgePzVQaOzIStCPGVWHYc4+LqGStZBoRxmRlbbOtLJaqxFh1ZV1 +rqZvDTO8NYsD6CKGhYWxYmwT54s7Z157uwAr9/dVUeXT3G0qNfcpsEX7GaGy/gih +OudyrWWE23l4EvLr05y/XxdpB7EVTg7XoHqU7auknSuAkqrfNU8w7ylqh8cJZwcM +hDdKeh6NfUc85ONpMU7FTeFlaPcN7Kjvz+hNgX+aGgty3vPzhwn4g5r+eweDFtS0 +JqfoFcj882YEP4EdQG2EU0BZ8s67I/HFN4WBhIZCJQKBgQD9W/+OfyMaGXMF4MEW +X+BxMg3g2cJQR/TG7FLly0boWEgoyUUk7ChPvuYTvfJNUXNEfkc7i4FF7eNNzTnp +VTKfEtxLf/4FsxAexxdJMe61mMnx/FBMYn6VyueNPT9rS1lwOYITclaQPHaDtSYI +wLvuEHktE4X9ViRn+gfsUTFnJQKBgQDv1WE72tQRY4DDrk7ZvKVR351nWWPmWDR1 +veUhpeC3zs9cdRdHeajz6rUpGUQpWV6f+BgwU80BkzgbVU4Qv18xPNDEevCfjPuD +PqQxRI/B0Z5VcbeT2JnqSSF1szOmnA9IZ8FFm/0I4XG6KlAuaaUVWaw+s5qILdn6 +oTgxRpXuxQKBgCvjuQSdX55Q1E0rXyeaGk5hpmfSMUgo/u1K2R13tmPfjziJjVHV +GzKdVkwLNqNQPdCas4pMI2vSxvKeX67dFHTcFo95r66bE2rRgGYsoTaSLkGePObO +lTErwisEdi0HE4pOXAs0XmyEHN+6DMmtYaDe967oV+jH+GyOsrqsYguFAoGAP4HX +T4wwn7IjhK2Bf7KubDG0cot/Ip20toDkTbao/MMssaTn1ytmC8DY29su62wY3G9L +qHBoVsRvFP3PwCuMv3MFLSII2Zbxet15iPpIvuAM9z83h1TR3PIkhBBB2xp0CY4/ +5Xja1iEshklyFfgvmKm4LJpOj0Tk9bL/OD0isqkCgYEA9+jDUU5U2v1gqk6OWiub +HBIpTUP2TL971gVlQrFe/mk+4+GX1vgeHe6xgIQedvombnK7FwyphWWp7+F2C1Ub +7uQN4RtFSft8kow9oF4qgdrWUmu8twi06a+uiKwhhNUSXGkprItR59XIXzQpoYK5 +446o5J4yiqZy/zk+ccgN0aE= -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID1DCCArygAwIBAgIUbEVC5hWQQpWYIXOynGd8Ku7ioaMwDQYJKoZIhvcNAQEL +MIID1DCCArygAwIBAgIUCbg8cGKRX0dJSw6VBWVTBPoft50wDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTg1MjM1WhcN -NDYwNTMwMTg1MjM1WjBpMQ8wDQYDVQQDDAZjbGllbnQxEDAOBgNVBAsMB0RyaXZl +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTk0OTMyWhcN +NDYwNTMwMTk0OTMyWjBpMQ8wDQYDVQQDDAZjbGllbnQxEDAOBgNVBAsMB0RyaXZl cnMxDDAKBgNVBAoMA01EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UE CAwITmV3IFlvcmsxCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEAs0EiKAUVKY+q3j9NclFK+kGvp2uv1pJh7sTHvvG5S8pKytHK/HLI -6zN3RaL4QqgUxmN7H8VjJ+vyMJd3R8htUXFb//1Y/tnpRIND7dQ2F6VqHTGZvF3Z -ZJCB+QgCiFTGP5DKYJ8oZw2ZE6C8fca0bQ39dBqeyeX9+2NDiFxmOtDGS+ujnx1w -YCEirMkeR1WtMrCp+jK5SuhHrgFHaDFDHDU3RZyP9ODUSfKkPu5xkIMcLf4lb1As -6apKtGTA6uUw+68HSIrwdUghysmG3U4LSMVkJXSzDaszMCKaiKWJn3Cm2hggzvJu -WUIONAiqXfC0TiVTFlF/rFmoIsplcU7LiwIDAQABo2QwYjAdBgNVHQ4EFgQUJD1X -OCILxquIzaglCZR5D4+tImcwHwYDVR0jBBgwFoAUD6vwfiwuX0FJiZ7P7ND/cBWC -rl0wCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB -CwUAA4IBAQBODxEA8m3nXiUu783IWcNGsF2Mzn9vOdL6reTxd3hSqxZfLZi8VfQu -51LY9l3luZ4G+wCK2lcXXtyqNPBRGj8pYLI/KmfYFRMxo+pMDvq8WbALfkvYFvg/ -ZV2VCKvcM4e7IGPe7vx9gTlxVblEGok6t1zzJxCt3TRxi5uUT2tawtkhuZsVaxS9 -rZ1vX/tX7wCnY5dL9/2WXyNwvvpqIM01+u3sSrW9TRHDxGhiXk7h9xlivpET9jvb -Xa4IOq29XGVnTyddAWr0YVZjh7rAaLYY4fy7qrTQijDcdEyj6OVTyk6BXz+7gRgG -Zf70TZTjQH3898e64aClBRa/4v9goUsU +MIIBCgKCAQEA7VwRXMLcqpqjyvpgQ7jsclEUrj0rFZ/ltoB4o9steOQKwPNtYr8g +lynnvyffJhJTV5hgAFaXJ0pLCRbxWM/0h/Gh1AfSanMz9OXR4AhOREOoOg+TxeaI +mqmnP9lRxqqhLPx0RsjYZ0Th5L3tLh1R2VDd1BoU6cwBw0Vje/8OTFlzakWBE2mc +iOdKLASfj0pALIDpeDxdbKl1nXyi6RZBNVf9UGtGbCKfGLVwxfRGadT9TaqAALIo +1yByOZmXnyJ/aLCnniJbn/P6knGiUZUOeKIPwpkaiit+0S6yFeXa6AWr9TqAxNgD +XauzzFVvghqVDgdNC6TSeYcKzmZgj3HFeQIDAQABo2QwYjAdBgNVHQ4EFgQUbgzD +I93lHfaMivTtylShgIGRCAcwHwYDVR0jBBgwFoAUy1lppluMfDo7m9/Jm0ETbS2A +YyEwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB +CwUAA4IBAQBNoP5tmkVAQT8+z6TugYjXn5cIGON8Lxpavku39iEr9lWtpfr8Wc30 +uYNzItqJ76sSRruuYVC7TNEldOl33OsW2qaLvjhH9FaGEq+tZszhN3bepAXCbIB8 +mc3jHZw1nUnMf1I26HW5U3HF/qu2sPWbGW4sj4NcTTJ9sJb+KlBRAcowAgLFo4yg +l5zAs1MFoiGa4slk920pU31eEt3zg+14wsxaUrpqTnOm/nZHJJPI0tp7IQsjRI3q +9FCycrgr+w3FnM5dgfggl0O9CBIg10cefRAIBzGE3esmUCjSOvYrvNVlV/yXnv5J +yUoJ6hJYPyB1GbcBwOpUCjnx5noUIKBv -----END CERTIFICATE----- diff --git a/test/certificates/crl.pem b/test/certificates/crl.pem index b069630870..58e2eef08c 100644 --- a/test/certificates/crl.pem +++ b/test/certificates/crl.pem @@ -2,12 +2,12 @@ MIIB6DCB0QIBATANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzERMA8GA1UE CAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01v bmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMgVGVzdGlu -ZyBDQRcNMjYwNjA0MTg1MjM1WhcNNDYwNTMwMTg1MjM1WjAUMBICAQEXDTI2MDYw -NDE4NTIzNVqgDjAMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQDOyT3+ -ktzOkBQt3mjCyz7DnzFu+DVh8RH4q1/IvMFtMoLe+QOBb3YzGcdvvbyIIupmrOHV -JsWxkuReJuEYoJxV1B1QNNu1zgqHg1o+gCkFxAFawrPSHHNT7Fp+VDu3Fy7gUcLp -Us1FD+WvRIorJ2NpwLZV862tqvGV1LZ48TsoG0lnW5uOtJN8ivtz8q1H6ZWj1Td2 -PnZx0ojYKH5C6CUSAPjB/jEQv2CnLLu8zOjFVpe0OeJM05xmlY92c6yWe+Ugb7jS -a6kxnblSk0zM7mf+JmV6f52Bvy5bxsYPtnpFE9enV4J+iuVYCE3N4Y9gqTljoxpJ -zEKrPp6XaFLCVRtl +ZyBDQRcNMjYwNjA0MTk0OTMyWhcNNDYwNTMwMTk0OTMyWjAUMBICAQEXDTI2MDYw +NDE5NDkzMlqgDjAMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQCknpas +Y9CVnP8wAYp/zViQQizwRRD5JtqMCDj8QJTfZ6nTOaRHY3581ulnK8ux/jGeo1WO +QfT1UyS9/CB8PZ4SDpSF1oiKaz3OkEivDeHWvUDYjukHkn1L5Kc/RYEje7/VRRlr +Rouz736sCz+G2BQZSwMpyxEPlozZG4Me4UufCcnkpI0cYRDwKgyUxeP+6xmtWCAK +QG/KzlNgjZPr2jwqlyVxBBtyYweIsJVSEveQQRkjdJYdeyER+vZmCHQSu98VHk0I +SkbaN1CCi56/8uWy8PuZU3FkLweO0gp3XAwh7TXiqVt1SH2gefjyzvyYnsts5Buu +9XP8u5uRAafgdK+k -----END X509 CRL----- diff --git a/test/certificates/expired.pem b/test/certificates/expired.pem index 13ed4feca3..bee2a1a3a7 100644 --- a/test/certificates/expired.pem +++ b/test/certificates/expired.pem @@ -1,51 +1,51 @@ -----BEGIN PRIVATE KEY----- -MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCa26rANY8pf+t3 -U06CFjFEHTQ08O8opidSAnPMEGWLuiieIrSM/rMpxzIdk4sOlmj5CvBwvSGKiLhy -nPMGh03QZVfLOAdlspcglmmvLqnLMKGjXOKowqgBkwLRRXy66JTX1e06fXf6Nutw -KAYlGAU4PLTtkAASxbZiogCUeuCDrqtmHLxULzaRcPCUzdn/iiiLPrk9bBnUSfSq -8+0g8paCBAUHr4hV5s0SlCtG8d3b5JfRzyesTJllFbji29Ggeud7tsHVPuQfdZgk -pdL9pGeWG3AQWDC+UqKix+/puS1dnAXPFz+ZPZS06z317rDDb5pFMI35DWaGNcog -MR/0WWadAgMBAAECggEACbc3+IyzsXMa4xbpMUyypRce+CZYnuiDxYetW7N4p4JT -u44qXUE6nOeoO4ZO/miN5/gZez1GfjJTPi+eKL3y8hz1m+SlRCpnBG6jbVAEa6De -t0jj2Joz37tpPRd6uqBOfFcp5dZK4XoyHcyJDCk8ZJmccV4sPwFEDt6ioi4uaVyC -TiXbJooLMX1kiTlm4i9PE9aInKsp05DFz0e4oeOfKUBIFpvXWy4GAJTBAGZwl294 -h02Q2bF0ugKrlOh5lBd2bjloE/+k8zQwrILN8FKvPr9/DhO9fXWf1obmMQD3ETQF -jizxr0OTduMA4oDqagyNGtkM7pE4bGRcAFQN7VNfYQKBgQDVJBGT7AnDItx1evSU -kwr0IOhZ8GenpbVAjKAs7nh5D/gXbWyPUdfJQaCwXraVfDARWbnZiplZzvbzDs5Y -GzRbjQF0n2zOdrJfWicaRV7gDEVKshouBR23cpa9DF08Rx9zPPhdCxuQcljHCz8K -nmaHx1k4OlBbdbP/Q2EhQ6FavQKBgQC5/1o5zLNcBRbyQq4SOYJRJ7IxtqgNNk+C -Opdu+Kr0kFMKK+S+VXzI2VMja+Kfx6kyMqgjI+A0nXUzRw9b4WM3WvlVZ0XYh13a -iBB2D9lY8MjxhBwDHaA8yXKLDBtrd1PSi/zuN1NMGHRwIUEgQWW016RzW7QYBfOo -e6a/NSDpYQKBgQCwsyJPe9PsDq6uRq0Vr4HZOp7mUUPd3KcTSIJSPbFqzC5lXbYu -ay92Dg5lqV+9NiOzfqtxClJv/gEFKDUxHfyeGZwnTzQpRoZCPr9ELFancATSFC1Y -Ea29NCZ7vBBftKcCJn3QxTCo4+NtwIkXCJL/5ei1kMKl0ELVUMrphOP0EQKBgQCr -QyYYHJV2gLU9Qwq3ez60bWHWBsM8zyps1niD1PLNGGtt7TbFzz+ETSAReJCG4Ti5 -IQ3StYEH0YiOO7s3thQ+b0UwT1Rv6U0RIMJPg451J9lPEX8dm1TlQ/R1diN1U73a -G848prLLWaU1blliUvVMjFc/ZUwx5qESHTFP1KLGYQKBgQCzGcsFmd58po5CjjrY -sMvxab6U8FUmZVblCVb/KIepejwJRKbRYaiaqHrcD4m6bXVpRftLEDVPq1g+bvGV -1p070ta9y8Zk8BV/XfCv0HLELE7On//ThPhb7L3d2g0NWqhdOhZ1S4YBFiHYNlci -+XYSyDmJohYdvVxbG/YDqxBGbw== +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDaBkqdhO2NgX3L +rEVBEA83eTZVqxvJ58NWPMMRjjunUcxVl87gH0Y6idTQPabkgtcm7EqoTp+RHf7S +TQanflcrmpQfjkUo/eE1lQkLWBktIB/ZPk3g5fAGveEaHyJ46P7bmPYRKCRuzyIH +8WtEylVwzkL4fBigG1Ecf5OuHccnarcAWFgEdt34FVeuUkq8WsiaDrZU955yQ2LG +zZOY1OPaLR1G/ZYCLAPgjzjjW6ssgrmBjB8c282glw2f6Wz7V0VU8SWS8LRVwd/O +HDM6NGoGzmSAWNzPjPGwlfhrDkMvm6VfTN83XaWqiezER8a5KqvQ2/+eIojVB8Gs +odmX0pw/AgMBAAECggEAA3OVC9BWaGaT5L0J7aFA9GpdU1bdnkEmhP96QRVk2V3A +o9w+4KpuFLAo59EKCtUNbebQucBg4027wn2IrO8hlyWf0a4RZzg5r/z3gy/2WhIH +nwtO9U/+kETCQwUaKRrbKgPOZXAiv4RU8BZA0fp4BsylH8TrKOG104Mrhdaf1/5f +gUxJohXHk7wNYzUxpl/uOChVom+HkwNAmWGCcr5o9g2Wk5KzWLlNc3hx2TBfldQk +y6pZI1foO9HcVzLAL6uaNUVQSNPfUO9F7USoxLjn1EmJtG/+DMo+hEevQXI/uWkU +IKGhIeS34UpUmcKajCdwPMobgdbCZDPaNy7n0Ys4PQKBgQD3egpKImN3vnXnQT/I +P0KJXISCgX/amhbGbCbEo4piWu9rrUQQUSNhS1j9sYNMCbFY5ALwJbRsNALT58HE +WitSmwUhFzXqiIPryH6uULdWqdv8hkOmxCG6y9yVbPL2ca5tSzKloxDXZS1JOKYH +yHYngaxbnp/o6hTnVJiOuaDuIwKBgQDhiJOnZCIKboSjEYJSO5BEJ1G/qjh40qpM +/filsFw4l6giE8vNJLilWmNuPQR4v3IaN1jemh56iU0/AobO5RRKWk1Ydz/fcJEE +izUi2/93/P6+1oCsKq7e7BOv8gPRFROzxTQRei6DAs/F8bwSZofCT1kFWl7ptFt+ +a/4wO1TlNQKBgF1gVvGR+CX+X05aeE5+UAS0O+tiIXPCIEXOGPKpIlXqKdxfDAd8 +FfVoELPofrn6DkiT/+fM0j7hgQ+jqqEDxMTuaQkLUPSlfeFBTUtIeWThwneN0Yjj +CDcLJLfc2+/RBReIABwvYvNi4at3DG5zXOGbNAV93KhtamW+rbFsqSQxAoGBAIy5 +yNAw9eCmd1K88SFYkztDgYnjr9sMMEFcU5MnSVPypXGmAovdtu1OSi6WGj0x0AO1 +t1kmt4/kLnP7opxkalW+pPZnak6EkahRKHW46l43WclAVQeYlob4rYwiqekDisio +a0XghDcxQO4VWTHuEhXXpwdlDUYsSM7ImdIEo4NlAoGAVoWkYct7h2eN/1wPu7/4 +2ahtxY3MuYwgjwJjytuZu2xdcfckCVQpE84YHoUw9Ui3W9oKqPi9vyCMW7YI940s +07SOFharlJtysSZr8fzJ0sQ8Ub0UtScFcYMsRgrijwk8NadtDuzwOrL1UU33JYox +mn7V5iAY2l8wehayhwWihAA= -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID5zCCAs+gAwIBAgIUbEVC5hWQQpWYIXOynGd8Ku7ioaUwDQYJKoZIhvcNAQEL +MIID5zCCAs+gAwIBAgIUCbg8cGKRX0dJSw6VBWVTBPoft58wDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMDAwMTAxMDAwMDAwWhcN MDEwMTAxMDAwMDAwWjBwMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV BAsMB0RyaXZlcnMxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBAJrbqsA1jyl/63dTToIWMUQdNDTw7yimJ1ICc8wQZYu6 -KJ4itIz+synHMh2Tiw6WaPkK8HC9IYqIuHKc8waHTdBlV8s4B2WylyCWaa8uqcsw -oaNc4qjCqAGTAtFFfLrolNfV7Tp9d/o263AoBiUYBTg8tO2QABLFtmKiAJR64IOu -q2YcvFQvNpFw8JTN2f+KKIs+uT1sGdRJ9Krz7SDyloIEBQeviFXmzRKUK0bx3dvk -l9HPJ6xMmWUVuOLb0aB653u2wdU+5B91mCSl0v2kZ5YbcBBYML5SoqLH7+m5LV2c -Bc8XP5k9lLTrPfXusMNvmkUwjfkNZoY1yiAxH/RZZp0CAwEAAaNwMG4wHQYDVR0O -BBYEFO8aTHYYTacj20OYic5ESjQNkMKHMB8GA1UdIwQYMBaAFA+r8H4sLl9BSYme -z+zQ/3AVgq5dMCwGA1UdEQQlMCOCCWxvY2FsaG9zdIcEfwAAAYcQAAAAAAAAAAAA -AAAAAAAAATANBgkqhkiG9w0BAQsFAAOCAQEAK7YzbtbkzBrjabmpuScvD6HNPwms -j7S0+eSb1uGyW5OtaH42lXICu4L9AGyIk2cdiY3dEzvvKNYqg9+Q+7Zq7XBtBJNb -xkdw011KJF3npgkDQNJIzYu0hBAeKcbZEKGYomE1p4naWbP4Exrsguikc/YyDdRy -DxgNsze67QMbUSvEPoiwnKXkbJ1OdYaGQQF6OZEmH3ARjfPY/OBx8LYGMfeHiLJU -CF4Sw3Ux8KUP2p5gF+jZAwA0mtcZ5EqowNsQ83dQECkHoN1VR1/mVWe2n9vbP2IQ -DeE4qT6t28ZWVv/ex2Kkt+OVcwdKUgi2ijLPEXH1cwWAIN/iv4jqUwKilA== +BQADggEPADCCAQoCggEBANoGSp2E7Y2BfcusRUEQDzd5NlWrG8nnw1Y8wxGOO6dR +zFWXzuAfRjqJ1NA9puSC1ybsSqhOn5Ed/tJNBqd+VyualB+ORSj94TWVCQtYGS0g +H9k+TeDl8Aa94RofInjo/tuY9hEoJG7PIgfxa0TKVXDOQvh8GKAbURx/k64dxydq +twBYWAR23fgVV65SSrxayJoOtlT3nnJDYsbNk5jU49otHUb9lgIsA+CPOONbqyyC +uYGMHxzbzaCXDZ/pbPtXRVTxJZLwtFXB384cMzo0agbOZIBY3M+M8bCV+GsOQy+b +pV9M3zddpaqJ7MRHxrkqq9Db/54iiNUHwayh2ZfSnD8CAwEAAaNwMG4wHQYDVR0O +BBYEFLdAeJ64HzEM3Rb33XIvJhEAKMxfMB8GA1UdIwQYMBaAFMtZaaZbjHw6O5vf +yZtBE20tgGMhMCwGA1UdEQQlMCOCCWxvY2FsaG9zdIcEfwAAAYcQAAAAAAAAAAAA +AAAAAAAAATANBgkqhkiG9w0BAQsFAAOCAQEAQJhjzibpwtZOjNEA8XnEdlQWUEmz +BkkTxNOQkWeClcE/sokv2mIjfp7Yx340wJ7O/CbBNcDUxGksk763HQdTUMIt52Lz +QDjie+TjZYFzmfwFMyGlxHKp9PMoVbxbJN5yVLm4e0Rb7fh5qjap/8mofJCC5Tar +OXz9+vYnVCpAFQmnblptqDp20RqSChMZMWHuLIWDQs5NZszopj6Nr3nFtAQwC6r4 +bVIz/8ulUcOCi+pl1ffO06Pzcda3nyGu1b4j2iG+yKyyViaRuzjCEFEU3WO8YA4Q +sMmKN3HahbyTxcVUaFygPEy+F8erqRWcGoEd0ghNLoFKtI42jZXYATOmJQ== -----END CERTIFICATE----- diff --git a/test/certificates/gen-certs.sh b/test/certificates/gen-certs.sh index 750830b1b6..eb032c7e83 100755 --- a/test/certificates/gen-certs.sh +++ b/test/certificates/gen-certs.sh @@ -22,7 +22,6 @@ DAYS=7300 # ~20 years cat > "$TMPDIR/ext.cnf" << 'EOF' [ v3_ca ] subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid:always,issuer basicConstraints = critical, CA:TRUE [ v3_server ] @@ -214,7 +213,6 @@ echo "==> Generating Trusted Kernel Test CA..." cat > "$TMPDIR/trusted_ext.cnf" << 'EOF' [ v3_trusted_ca ] subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid:always,issuer basicConstraints = critical, CA:TRUE EOF @@ -231,8 +229,8 @@ echo " trusted-ca.pem written" # Verify # ---------------------------------------------------------------------------- echo "" -echo "==> Verifying AKI is present..." -for cert in ca.pem server.pem client.pem wrong-host.pem trusted-ca.pem; do +echo "==> Verifying AKI is present on leaf certs..." +for cert in server.pem client.pem wrong-host.pem; do result=$(openssl x509 -noout -text -in "$SCRIPT_DIR/$cert" 2>/dev/null | grep "Authority Key Identifier" | head -1) if [ -n "$result" ]; then echo " $cert: OK ($result)" diff --git a/test/certificates/password_protected.pem b/test/certificates/password_protected.pem index 6a8cc84126..78428612d3 100644 --- a/test/certificates/password_protected.pem +++ b/test/certificates/password_protected.pem @@ -1,53 +1,53 @@ -----BEGIN ENCRYPTED PRIVATE KEY----- -MIIFNTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQhpFDlDzmGd+fd50P -flL5XAICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEMKwzbN1ulJC12iH -g+fJQL0EggTQIo0Du/ojwelIuPvDdWdnpKKQBNpYp2y92a7ACy3Y+jpFS6PrlUrF -2w24xma7e5YmTCOG2x3hj+wYno95pJxVJdQ/MF4BjQs8EKOrTwVD6fcxLuNI/8kP -xUlGQFyhc0KgqvISgVEEOHxkNAlkc6/ieaYHlxq0X07oMNF5AUUdLpnqG1trPolP -5Nfn1HxeSXvF+y2LlBKgcY6+ZLc3wdWGjo8nGDA2XdZUzcqQyFKXqragpHRTlIE0 -8mMv1nlu23x9S8nST63kM3GJ4iX8lVY8m6rBKNhuWUs+xbY+Mho8oH0t5h7Db1Pt -zu+SDFKp2Frtxe7uh0lVN1/m84gD8hBYAIm28aI5QhHEW2XKem/H8U/NLWXDwS8L -sy1jViqwKU5Cd1aDdxi2TMIDUanWaJwWZErUUQ/MaVxQGb3hts8ak8VM2jLNscvw -SadbKyiQGWhpze8OQX+eduOXADrRFFzhxRadCflKxh92AgfIP2LY0P8xKI49dSer -9LLDS7Rewu/S7TJPIUr94smL5qKfOWgYa2rx5heri07T6pniaL1R/Wgt7QsVTbey -+Omql0D3Do69RGEPTMjUFzniR0d/FqQRSl3ofntbDPJz4ydSMRDRt7FMTre6IykA -DRQfJ+/hdcZ4lVLY+5TmO4B2XUlufjX9W7NyYTPdiQoPWb4FHTK9V1J3qz0juv9d -6TvQuVDYkbI9beWiI24O6A0q8KbOh/tgABit8hTKItRxzPL6ZCne5g0wPH/0pGfD -tLO4xvWcEqx16CI3MpQggKyLOZADhgrXv+75ud66WkX8YP7ifYeeoXbcnUUVkt+R -r9SRLHs/2RjzO7IqwSTxow7QxrpbhuO0vQIfeiePeQysvgJBkyLNVewG3tmLRKrx -sIEG5XMqQ3hsF+UduzdWafzIdYUBG0chJts6dTrrWWtjGcWI0fq4p7VOA/juxJ1o -7iA7bWvKO/gb1UIK1B/3/I978YWH5p7rqkxoP2BIfBfvGsnBbNgegoVx/MrMPjHQ -nltvtlKycUCN8Hs7GU/1atygGBOoAamePJTkd2dHbwUhiU4Gp6BRw6OQO1fJEqG6 -xrw2vKwcRjsTqc1uciGNgRApRqAbe4JnBdq0PtXiwt0isEsLeG5QUdcayOAI7OPe -x0TH9u5LMHM/XDfk4dxMqopVcYzPr2Gn1FW+G+WD/KzbfGVS1XeeMHzBDl7R1IJA -3elGHWhDjRHp+eXWdjj/wc+iWaGsDKRi02d3AMeTBlEH/33DcRQsz+xNNUxUG0SX -KfXyjnrgtVLBBpQrLCTEZM7MSH5yrw62Q7nZrmS+jo8wJ3HNCTolunGGtQD+7T9E -xILMm3KMGmq/h3K2Jx7NuI7rE4ePrV/3kBHdDEpfzm2J33mKZjkI+tiWGfFSs8Iu -f2+6CQ+YdBBlJDd1KYvq8luASpEDVMhH97i5HinJr8alZuzJPeGYiE9rzoMtHh/R -l8D7xqY9xheyCtO9vTx+WfuMhQS72h1WLNcEYuziK5SlmXM9joXekd3LW5k8T/y6 -vfpzY7Z3UGSq03wL2IOthf7BNiVDze+cfNDjzWr4ps1R2GrAvP7OtF6WsHlphYCp -sAawhTx3ZaU0pNOk0IVQ3FNTCENq3Fn8sQkPMyWmOhtGvgCjD3mhdIs= +MIIFNTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQUjmGvGnDzF1d2KML +USvuYgICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEPxe/Opf8jx4H30l +gtFoWwMEggTQVO1+vF+10xVzKQAnX7xtXdNxhpTY0x8QFrx8fniQ2Blf2AmEM4V6 +tknYDhNnb0RY2TQ452cPb1OhYhLtMoGT4ZEkhhm+as+5V90MaJqSiLfDi7hvbOiX +d65kjNqJqS0rbtgFUMV9FtU4PP18Q0BscPNt4CP3fueqS6Zx/7VZEbEz5JqqvLmD ++MxszddisFCpcJvi2V2YW3MsB3Zrj6K2dGpqUFpPiTouDTOKxi7vuRf13F8BFnB0 +gLtgcwp4tbrk+LJYr0Iz4fMMNAYi+0t5eRWh97baQnEnbJaGx9oo2Ef+VwkpEJ9G +4aTrtIh0/LJcrG5SuPRu3FOrArEQItTxiNoHxQsvCvPO/vYTNZA5DAXYisaEGrZB +MMvz8U1tGtiNCJEjoURGOmNPJswTR9DDBu7cXA42vUcFbXZEyJB3pcw3mDu0X9+a +POkD3oXespiPpMfS1Y3WVnrR7DcBZ9DBWdNZ0BSB1kZBrhRUQaXPJ+22IacqtGAk +y/HtovMEw/CeQAdEucG8iIPAGPr8VPY1p7Bz+D+TYFhGlyDhNd7vVHRqtVXXDlQj +eqSwf5n/Gh/f7Q2h1vbzzVHuZ4UoZDP0ZszzGfSA1y8aHLFKHoTrUmvfLGrENh2V +LjcjQLYxnL48qVkClr0tME2fv7P9cPqtIEEXvmzFXT61QrZFiYHCk5HPKoFsBSQl +c7LsuM5X9D7xdV2BrEFXN2awH6z8MgoqdreILm70Ze1pTBM+NzGktMFABcxAXzaQ +llt4oGs8lmGPuQjCnvxPXiLRxj+fLU2YzpzSC2AYEKQ3KRrxYUXGu42oLiIUjK8f +BUsOGnYYGkHCT69WBbgtwl8iC0LDcBObMFFv1IQN4gh7TIZF9bvkCp0S8PNqaT/W +i56cZHVtu86bCBUeNz5SLGnCwGuuvQL53c5fgQuzK9OhxVgNFAsk1YeYcMOFJXvK +oTDqTiQ91aOJPxt88QaxkD/45Vc/EivZ/niB84/32uyT/6ymSzIKtU4ZOBne+Jx9 +MQ1ETkTLG1Qug/gRdJJ+hKuzAOeME1mQ3XbqG8yHVZ6Zkobf95X23yqMq72Ohi4p +BJiE2T4I/F1Cw2hyPOszGV5tXyfcrT2Z7FhJNZReD+gtoYnEeuNNMINYNDagIUNS +PPkwg7JTNOXEHbkGvjoWiAtxnfxpCKU6Fm6kd00vD9Wc9v/QsIBEhrFyvLZk/ucX +I3XYajuoQE/wGphYPuzlOzBOjiQfgVV27CalXJwGHAI/KR8D5lKP0aRwlkLUyU1c +gMlotqKNAxnhr/Nbdj2eo9aCFAW6i8eZIlviW139RWZEp8gRiWcTWQAvV4NhtxxF +4QzopulPmoz4wtQRrlotG+5JW6JqX81+VF53EsiP4C1tnpyxY+MVynAUroeOQvNI +D9aZu3/zA2+ixkrahfoGVSoGTaIAgchRyaEfxfA4YzcdfQkR5dhEJf4u4h5wvUS6 +ZWOA6Ei/NgtjLJXCaQywtseq2KSTgK0R0IyC91mEvR31w1WsMaZxCG9JuJU+Nha2 +R5qIQeMwEOR/+siKxh4QXYK7r70QqFbOkVZDBsaULrMHv66IUceOAjXpuUe4NbV2 +UcDbYWletvU8tKhBdA8SttQib/F2ra5CZVHwrPZOklhTVPQ7qzSDeus= -----END ENCRYPTED PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID1DCCArygAwIBAgIUbEVC5hWQQpWYIXOynGd8Ku7ioaMwDQYJKoZIhvcNAQEL +MIID1DCCArygAwIBAgIUCbg8cGKRX0dJSw6VBWVTBPoft50wDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTg1MjM1WhcN -NDYwNTMwMTg1MjM1WjBpMQ8wDQYDVQQDDAZjbGllbnQxEDAOBgNVBAsMB0RyaXZl +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTk0OTMyWhcN +NDYwNTMwMTk0OTMyWjBpMQ8wDQYDVQQDDAZjbGllbnQxEDAOBgNVBAsMB0RyaXZl cnMxDDAKBgNVBAoMA01EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UE CAwITmV3IFlvcmsxCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEAs0EiKAUVKY+q3j9NclFK+kGvp2uv1pJh7sTHvvG5S8pKytHK/HLI -6zN3RaL4QqgUxmN7H8VjJ+vyMJd3R8htUXFb//1Y/tnpRIND7dQ2F6VqHTGZvF3Z -ZJCB+QgCiFTGP5DKYJ8oZw2ZE6C8fca0bQ39dBqeyeX9+2NDiFxmOtDGS+ujnx1w -YCEirMkeR1WtMrCp+jK5SuhHrgFHaDFDHDU3RZyP9ODUSfKkPu5xkIMcLf4lb1As -6apKtGTA6uUw+68HSIrwdUghysmG3U4LSMVkJXSzDaszMCKaiKWJn3Cm2hggzvJu -WUIONAiqXfC0TiVTFlF/rFmoIsplcU7LiwIDAQABo2QwYjAdBgNVHQ4EFgQUJD1X -OCILxquIzaglCZR5D4+tImcwHwYDVR0jBBgwFoAUD6vwfiwuX0FJiZ7P7ND/cBWC -rl0wCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB -CwUAA4IBAQBODxEA8m3nXiUu783IWcNGsF2Mzn9vOdL6reTxd3hSqxZfLZi8VfQu -51LY9l3luZ4G+wCK2lcXXtyqNPBRGj8pYLI/KmfYFRMxo+pMDvq8WbALfkvYFvg/ -ZV2VCKvcM4e7IGPe7vx9gTlxVblEGok6t1zzJxCt3TRxi5uUT2tawtkhuZsVaxS9 -rZ1vX/tX7wCnY5dL9/2WXyNwvvpqIM01+u3sSrW9TRHDxGhiXk7h9xlivpET9jvb -Xa4IOq29XGVnTyddAWr0YVZjh7rAaLYY4fy7qrTQijDcdEyj6OVTyk6BXz+7gRgG -Zf70TZTjQH3898e64aClBRa/4v9goUsU +MIIBCgKCAQEA7VwRXMLcqpqjyvpgQ7jsclEUrj0rFZ/ltoB4o9steOQKwPNtYr8g +lynnvyffJhJTV5hgAFaXJ0pLCRbxWM/0h/Gh1AfSanMz9OXR4AhOREOoOg+TxeaI +mqmnP9lRxqqhLPx0RsjYZ0Th5L3tLh1R2VDd1BoU6cwBw0Vje/8OTFlzakWBE2mc +iOdKLASfj0pALIDpeDxdbKl1nXyi6RZBNVf9UGtGbCKfGLVwxfRGadT9TaqAALIo +1yByOZmXnyJ/aLCnniJbn/P6knGiUZUOeKIPwpkaiit+0S6yFeXa6AWr9TqAxNgD +XauzzFVvghqVDgdNC6TSeYcKzmZgj3HFeQIDAQABo2QwYjAdBgNVHQ4EFgQUbgzD +I93lHfaMivTtylShgIGRCAcwHwYDVR0jBBgwFoAUy1lppluMfDo7m9/Jm0ETbS2A +YyEwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB +CwUAA4IBAQBNoP5tmkVAQT8+z6TugYjXn5cIGON8Lxpavku39iEr9lWtpfr8Wc30 +uYNzItqJ76sSRruuYVC7TNEldOl33OsW2qaLvjhH9FaGEq+tZszhN3bepAXCbIB8 +mc3jHZw1nUnMf1I26HW5U3HF/qu2sPWbGW4sj4NcTTJ9sJb+KlBRAcowAgLFo4yg +l5zAs1MFoiGa4slk920pU31eEt3zg+14wsxaUrpqTnOm/nZHJJPI0tp7IQsjRI3q +9FCycrgr+w3FnM5dgfggl0O9CBIg10cefRAIBzGE3esmUCjSOvYrvNVlV/yXnv5J +yUoJ6hJYPyB1GbcBwOpUCjnx5noUIKBv -----END CERTIFICATE----- diff --git a/test/certificates/server.pem b/test/certificates/server.pem index 7e8a487c50..5b8a3a424d 100644 --- a/test/certificates/server.pem +++ b/test/certificates/server.pem @@ -1,30 +1,30 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCu6DrrhOOu7gCe -MG9iQAlcQwVG6RoXz/8lz416skDb5uVvzVfSEfsg4YB5qNLqcs3Hlq2WcAOZY8mY -1jF59xeatiojmqse0kgMr+GOpUiMJ/vCY8uWcgv94L+kJD25Z+Vgmo0Ja/XeBrOv -kHoDQxw3yHrEsUhD2AeZogh2BL77lCLVUIIugPWUfwOHHqjEo47lEW6RsFN8TY5V -+nJQYfIHNRHeLizVklY+5o41QsYukVsB/thTnVbmM//V89tZMUMUhhfj2QOQ9vZP -WklKOmFLn3Mvoc4eR1RXBpYHxvAVweWOheDo+OIWOrIGyGBNX7hGFmRVQeUOUSVT -rQdYfOspAgMBAAECggEASxFJxG5vB9OHOV2BWJIyUkJDgAkolULEd5ZqWtgpZRfm -rgLcJ8Fm3lhaOxzdlRj7v6coTnI54ToGOo3ngzitDU4UrN5DhkFrAeL0tDO0/M5m -S6poJORCyE4PAiQ5x5rTRBBg6sPGrOmEchvYehDyCfEF2+hYoyGTNXlpFzn3O+LD -gy1hYW/U1k6uqSGsMIc5H76+00xWSTPgpI7UcDll42bRO7Tv91QU4MqEqJhAIJ/F -TayPp6xyGT02zHmeliYC7KuYB4f85r055Ahl+97LsKnZKsLCy7wtgEHAZs0WFfWG -nR0b92WdjLdu4fZuJlyE7Lp6dBdAniLYKOi4po8XnwKBgQDx3wtZkmBJcMf7snUT -uUUCJ7A/BtAa9AboxpRBuVIUprzU3Owk9jucjcflcAFyUX4RFTtnZWYbwZDrN53J -jGDzkfUV8Y6c/tOwkYIh7n9OU63k+FOcKecelcDV4k+SptniZtXS8ZJkBJsAEBiu -q4F7r0gQacWBnqaWOMZQvzlVMwKBgQC5H80GJPz6jlenEhuK6ado5OYvHBngpOhT -XH/xOb37nRHPTQHnuUtfv5G3GYRTXA385Bh31PHbikmx+cUOYB+txY6mBWKewaC3 -TVbSkAQNoFnp8+aqgeTY5yegxMzehdBEHXb8614Xo3XguRubuiKvkKLW8Eog5r2J -jQi2CCdGMwKBgQCWeTDSdOI6TlPcHtX/g0+PW6mmTFLDsfVqc8Bgcy7BckogE6FG -DXpgl0Q5VUlRGanYbuEaHlc8BVxnOZ6MeS0H21IiaLlUqqSAQMY43euNizmwLV22 -1crXmErzxWvDzNHYrClypp9wYf0cOOdiI4jWreGjdGpPjagN5Rxbt9uvSQKBgEIt -gBlmN5lKMUNkUbxC8rmoujC1FvsbeIH0Wzhcr/G2oJs+qCOyNaOw0+JkmM1D5yw0 -ThroYN1efiHFbBBLhIeWS/xFiI/AIDfmydbT7N8CJ6JesmLZtHlliOEL+UDDDUSM -U/DuIuDIamc/RQNScvvX9J5pn9ZLJg56AFcyavfJAoGACwAYmEjQyOLZw+PKlNqN -W3Pm8ticsTx0KDdmOZ2VbGbb/olxLhBk11KUiyZwosLjXsMG2k6j34t3Nh9Gqgwp -tBpIFd4ii/IM1PL7yXIEIHnXN6oBT+DAqTzziE7fJhYAEJWYAt43Mzlm/joJzxwN -o1aioRCmCQZCCbzfCmqW9Jo= +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCtbTLMvCR2XPs1 +J01nXbnpvcWwwBWQuWwbMZlqNvZPiAgQgjuRmzTlvB/MMgbTPb8mynE9HtnjW0Kq +HDqAXUvBstGSd67Pjd9WCTLcV+JJ7IufUp7SuaijGlVLgtDTNoJ2s4lUN5DWZyx5 +EL8uHH1fXaNurDglGC//F2shUhNlO8xpZXMaKahJZwmsU7aeA9xvrudGwkYQm8Vl ++Zrj24t4J4Oy+7TJEzVZ8lH3wZ9FkG/eiozURmL9uK8bG6DmhqztEKZFpy5LUBY/ +RL2Y1Mcxec0wHxSamRslx3dAcnCutR3A4bs8OoXIwoZoIEQDOFoge67q8sl5lyaZ +SpmsJEq/AgMBAAECggEAALAiN3W3n1CXHordX7+bcTXzhtP8Qeq6ZxE3TpiROZeM +kKQzoExBVXf9mE3KgSQJkhnTgS6SJrjB9vLNuJymJEqVUkNvShuB+1FmBkHDABAU +LbmiL6vU43DDTd1i/rOEqPvlW5Qs2uzl3EUYvRIX3Tz93P6J6nvCFPz+y88LjKdC +aCsA60Hd+cQQ9dJa2qZ5db4YkU2cwGFdMtLEsdGy7SKviOscaTWDFoy6LR+lgqRN +jGoUOSCSzfyXcsDl2Cu36jnQWj7d6tmhTPkdRMPXEvFj7+s0xmB6Z/I3kMFHBCJq +6dAJ2if07JOiPK+AgFAQiK0DndqyTV5FJD21jlmEIQKBgQDY68V7bktXS0nquPGZ +WKnBm/vyulH1PwpTFQHyPAzEUU0jjRaEKYHhTzZu0728HZi8Yw24X3BtcxSQVHeb +8Hz1JCpvVPp+G/jxa+qxwz0upBJPy8rfz7N4R0OjSxVKe/7zu+cl7gAyb0hyo3cf +3pFOGRw5LwlA6dv7U9eOrPGS5QKBgQDMq39juOEKdjIRRsPpFMhF77SefnobqBm8 +9mpZTs4LQNXG8BcUvS6S/xmyDocznFYJbBm9m2+gUCidc5edgkimHdfcTAccxXKQ +ihTimWxubXB4KhhyP9EsTC2ppcPGSO49fCosvqmCFflGp2EUkl9SMSv40UP2xk5b +/7BJ9EvY0wKBgGwMZH2q3pRIyDTGknETnNr3W3P4IsLJ99aSbDnAd4uCA65lpIWI +N02HK1Hg3m1JQL71h+wCffnGjMOnjzx5eYSR0yFJbsxKGqIGYwzQdzU4PHbKx+7b +gkWzGZnI2H4VbVTyj5xxBGAa1jdj/P4+2pnQICLLrwxKcGyrwn8q3dmRAoGAckKP +1LFC2R9RJjn2ZyoWAI0orY74RnZbIBYFGySWfMvOTMh+ajKPTLsjsjbQHez6TzpN +SH/9GmeFtRjyHJm+SxbACplbIyHLqouby0FRunhYYI1HpoigEvXYTCxhllHixuqJ +dP9gDGKODnalCOIKWw1eegMByUO+PTgKR88dhMcCgYA6LNAlqxBwO6dTPQFvGlqS +d67iKwyjbK06iyjvcNf2q4/jh8MC8au8gHDxXG+I5Gp3nMXncuG4GG5Ii/tKX3kt +/6B3b3tlFmdsAmI8xEpiHhDBDXINLRs+w7rkl5oNduHKkCWd9r9KduupJDvTo78h +9yuZwMwRFAIPx9P3YL1SeA== -----END PRIVATE KEY----- Certificate: Data: @@ -33,75 +33,75 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=New York, L=New York City, O=MongoDB, OU=Drivers, CN=Drivers Testing CA Validity - Not Before: Jun 4 18:52:35 2026 GMT - Not After : May 30 18:52:35 2046 GMT + Not Before: Jun 4 19:49:32 2026 GMT + Not After : May 30 19:49:32 2046 GMT Subject: C=US, ST=New York, O=MongoDB, OU=Drivers, CN=localhost Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:ae:e8:3a:eb:84:e3:ae:ee:00:9e:30:6f:62:40: - 09:5c:43:05:46:e9:1a:17:cf:ff:25:cf:8d:7a:b2: - 40:db:e6:e5:6f:cd:57:d2:11:fb:20:e1:80:79:a8: - d2:ea:72:cd:c7:96:ad:96:70:03:99:63:c9:98:d6: - 31:79:f7:17:9a:b6:2a:23:9a:ab:1e:d2:48:0c:af: - e1:8e:a5:48:8c:27:fb:c2:63:cb:96:72:0b:fd:e0: - bf:a4:24:3d:b9:67:e5:60:9a:8d:09:6b:f5:de:06: - b3:af:90:7a:03:43:1c:37:c8:7a:c4:b1:48:43:d8: - 07:99:a2:08:76:04:be:fb:94:22:d5:50:82:2e:80: - f5:94:7f:03:87:1e:a8:c4:a3:8e:e5:11:6e:91:b0: - 53:7c:4d:8e:55:fa:72:50:61:f2:07:35:11:de:2e: - 2c:d5:92:56:3e:e6:8e:35:42:c6:2e:91:5b:01:fe: - d8:53:9d:56:e6:33:ff:d5:f3:db:59:31:43:14:86: - 17:e3:d9:03:90:f6:f6:4f:5a:49:4a:3a:61:4b:9f: - 73:2f:a1:ce:1e:47:54:57:06:96:07:c6:f0:15:c1: - e5:8e:85:e0:e8:f8:e2:16:3a:b2:06:c8:60:4d:5f: - b8:46:16:64:55:41:e5:0e:51:25:53:ad:07:58:7c: - eb:29 + 00:ad:6d:32:cc:bc:24:76:5c:fb:35:27:4d:67:5d: + b9:e9:bd:c5:b0:c0:15:90:b9:6c:1b:31:99:6a:36: + f6:4f:88:08:10:82:3b:91:9b:34:e5:bc:1f:cc:32: + 06:d3:3d:bf:26:ca:71:3d:1e:d9:e3:5b:42:aa:1c: + 3a:80:5d:4b:c1:b2:d1:92:77:ae:cf:8d:df:56:09: + 32:dc:57:e2:49:ec:8b:9f:52:9e:d2:b9:a8:a3:1a: + 55:4b:82:d0:d3:36:82:76:b3:89:54:37:90:d6:67: + 2c:79:10:bf:2e:1c:7d:5f:5d:a3:6e:ac:38:25:18: + 2f:ff:17:6b:21:52:13:65:3b:cc:69:65:73:1a:29: + a8:49:67:09:ac:53:b6:9e:03:dc:6f:ae:e7:46:c2: + 46:10:9b:c5:65:f9:9a:e3:db:8b:78:27:83:b2:fb: + b4:c9:13:35:59:f2:51:f7:c1:9f:45:90:6f:de:8a: + 8c:d4:46:62:fd:b8:af:1b:1b:a0:e6:86:ac:ed:10: + a6:45:a7:2e:4b:50:16:3f:44:bd:98:d4:c7:31:79: + cd:30:1f:14:9a:99:1b:25:c7:77:40:72:70:ae:b5: + 1d:c0:e1:bb:3c:3a:85:c8:c2:86:68:20:44:03:38: + 5a:20:7b:ae:ea:f2:c9:79:97:26:99:4a:99:ac:24: + 4a:bf Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 3D:58:96:FA:DA:CE:50:8F:26:C1:85:AC:A6:4B:C7:7D:28:7C:27:5B + 99:CA:D6:55:64:61:E3:D9:76:00:D1:9B:A1:D7:49:17:8D:5B:6E:DA X509v3 Authority Key Identifier: - 0F:AB:F0:7E:2C:2E:5F:41:49:89:9E:CF:EC:D0:FF:70:15:82:AE:5D + CB:59:69:A6:5B:8C:7C:3A:3B:9B:DF:C9:9B:41:13:6D:2D:80:63:21 X509v3 Subject Alternative Name: DNS:localhost, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1 Signature Algorithm: sha256WithRSAEncryption Signature Value: - 65:75:d0:6a:e8:ea:58:55:ae:af:b5:fd:a3:86:d9:c6:a8:3b: - d0:3d:e8:fd:90:66:71:46:33:75:ee:47:73:85:25:88:8c:5c: - ff:74:db:95:2a:d4:16:18:0c:ac:5c:46:b7:32:bd:56:66:1e: - 22:48:a5:5f:c3:01:57:bc:f7:9a:49:a6:92:54:f1:85:9d:5f: - d5:49:18:9a:c3:36:1a:e6:a3:d3:06:18:fa:b8:0a:11:db:ff: - 91:35:42:7e:68:9c:16:31:f2:36:2c:a3:1e:61:36:d4:51:e0: - e0:f8:1a:a9:75:b9:3d:ae:07:5f:9b:8c:1d:5a:69:d4:38:21: - e3:75:93:6d:95:ac:2d:c6:02:7a:97:dd:e1:b5:62:3c:7f:b3: - 6a:e3:2a:c7:18:bb:30:7c:c6:b8:10:69:9e:3c:76:9e:f0:60: - ac:9b:4e:8b:18:1f:4b:89:34:f4:4f:46:3d:57:6a:7a:2f:1d: - 13:77:1d:87:ca:94:92:e0:9e:d8:93:e3:7c:95:15:6c:ce:d1: - 75:bc:dd:2f:9e:6c:dd:59:13:86:80:49:17:67:fe:77:75:51: - 18:6c:cd:70:9a:66:be:41:cc:c2:24:be:75:4a:95:78:67:cd: - 57:cf:d0:c2:0d:0e:ff:ac:f9:f6:37:a6:df:d3:d6:6d:e8:8e: - ae:df:1f:11 + be:88:47:6a:1f:07:13:1a:5a:5e:08:1a:1f:b4:9c:2b:21:7c: + 4d:6d:c2:8b:b0:af:50:7c:87:b7:23:13:3f:1d:ff:c1:f4:52: + a6:c1:93:d6:85:ee:8d:ed:93:4f:35:c5:87:fa:8f:23:dd:11: + d0:76:32:8a:15:ef:53:ce:cc:e4:89:bc:9a:23:5d:8c:81:b7: + 10:2a:e6:c1:39:d5:f8:88:39:66:93:e3:2f:7c:55:34:d1:c9: + 6e:71:77:30:b1:32:49:35:59:f9:d8:16:c8:ad:77:33:5f:18: + c5:75:3f:e5:8a:ed:5a:d3:8b:21:5c:68:66:fd:62:c3:e7:46: + cb:b4:a6:bf:fe:f8:77:68:8b:c9:c3:a6:7a:1b:af:ee:ce:b1: + 8f:49:8e:a3:a5:c5:a9:d7:68:dc:97:54:d6:f2:f0:59:00:41: + 66:1a:c2:7d:26:da:dd:96:fd:ba:98:da:a3:88:86:17:93:4b: + 4f:b1:65:2c:20:c0:ad:46:73:b8:88:54:2f:0f:39:bc:e9:c8: + d5:3b:69:33:43:75:a3:3b:20:46:e3:fc:f2:8c:0f:11:55:ae: + 02:ef:05:9e:59:bb:ad:e8:b9:cd:f9:7b:5a:5d:93:fa:46:f6: + e0:29:c2:95:7d:30:22:fb:56:53:4a:82:c3:7b:88:49:f0:a1: + a6:ae:c1:c0 -----BEGIN CERTIFICATE----- MIIDvDCCAqSgAwIBAgIBATANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER MA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNV BAoMB01vbmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMg -VGVzdGluZyBDQTAeFw0yNjA2MDQxODUyMzVaFw00NjA1MzAxODUyMzVaMFgxCzAJ +VGVzdGluZyBDQTAeFw0yNjA2MDQxOTQ5MzJaFw00NjA1MzAxOTQ5MzJaMFgxCzAJ BgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazEQMA4GA1UECgwHTW9uZ29EQjEQ MA4GA1UECwwHRHJpdmVyczESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG -9w0BAQEFAAOCAQ8AMIIBCgKCAQEArug664Tjru4AnjBvYkAJXEMFRukaF8//Jc+N -erJA2+blb81X0hH7IOGAeajS6nLNx5atlnADmWPJmNYxefcXmrYqI5qrHtJIDK/h -jqVIjCf7wmPLlnIL/eC/pCQ9uWflYJqNCWv13gazr5B6A0McN8h6xLFIQ9gHmaII -dgS++5Qi1VCCLoD1lH8Dhx6oxKOO5RFukbBTfE2OVfpyUGHyBzUR3i4s1ZJWPuaO -NULGLpFbAf7YU51W5jP/1fPbWTFDFIYX49kDkPb2T1pJSjphS59zL6HOHkdUVwaW -B8bwFcHljoXg6PjiFjqyBshgTV+4RhZkVUHlDlElU60HWHzrKQIDAQABo3AwbjAd -BgNVHQ4EFgQUPViW+trOUI8mwYWspkvHfSh8J1swHwYDVR0jBBgwFoAUD6vwfiwu -X0FJiZ7P7ND/cBWCrl0wLAYDVR0RBCUwI4IJbG9jYWxob3N0hwR/AAABhxAAAAAA -AAAAAAAAAAAAAAABMA0GCSqGSIb3DQEBCwUAA4IBAQBlddBq6OpYVa6vtf2jhtnG -qDvQPej9kGZxRjN17kdzhSWIjFz/dNuVKtQWGAysXEa3Mr1WZh4iSKVfwwFXvPea -SaaSVPGFnV/VSRiawzYa5qPTBhj6uAoR2/+RNUJ+aJwWMfI2LKMeYTbUUeDg+Bqp -dbk9rgdfm4wdWmnUOCHjdZNtlawtxgJ6l93htWI8f7Nq4yrHGLswfMa4EGmePHae -8GCsm06LGB9LiTT0T0Y9V2p6Lx0Tdx2HypSS4J7Yk+N8lRVsztF1vN0vnmzdWROG -gEkXZ/53dVEYbM1wmma+QczCJL51SpV4Z81Xz9DCDQ7/rPn2N6bf09Zt6I6u3x8R +9w0BAQEFAAOCAQ8AMIIBCgKCAQEArW0yzLwkdlz7NSdNZ1256b3FsMAVkLlsGzGZ +ajb2T4gIEII7kZs05bwfzDIG0z2/JspxPR7Z41tCqhw6gF1LwbLRkneuz43fVgky +3FfiSeyLn1Ke0rmooxpVS4LQ0zaCdrOJVDeQ1mcseRC/Lhx9X12jbqw4JRgv/xdr +IVITZTvMaWVzGimoSWcJrFO2ngPcb67nRsJGEJvFZfma49uLeCeDsvu0yRM1WfJR +98GfRZBv3oqM1EZi/bivGxug5oas7RCmRacuS1AWP0S9mNTHMXnNMB8UmpkbJcd3 +QHJwrrUdwOG7PDqFyMKGaCBEAzhaIHuu6vLJeZcmmUqZrCRKvwIDAQABo3AwbjAd +BgNVHQ4EFgQUmcrWVWRh49l2ANGboddJF41bbtowHwYDVR0jBBgwFoAUy1lppluM +fDo7m9/Jm0ETbS2AYyEwLAYDVR0RBCUwI4IJbG9jYWxob3N0hwR/AAABhxAAAAAA +AAAAAAAAAAAAAAABMA0GCSqGSIb3DQEBCwUAA4IBAQC+iEdqHwcTGlpeCBoftJwr +IXxNbcKLsK9QfIe3IxM/Hf/B9FKmwZPWhe6N7ZNPNcWH+o8j3RHQdjKKFe9Tzszk +ibyaI12MgbcQKubBOdX4iDlmk+MvfFU00clucXcwsTJJNVn52BbIrXczXxjFdT/l +iu1a04shXGhm/WLD50bLtKa//vh3aIvJw6Z6G6/uzrGPSY6jpcWp12jcl1TW8vBZ +AEFmGsJ9Jtrdlv26mNqjiIYXk0tPsWUsIMCtRnO4iFQvDzm86cjVO2kzQ3WjOyBG +4/zyjA8RVa4C7wWeWbut6LnN+XtaXZP6RvbgKcKVfTAi+1ZTSoLDe4hJ8KGmrsHA -----END CERTIFICATE----- diff --git a/test/certificates/trusted-ca.pem b/test/certificates/trusted-ca.pem index 0e6dbd0fe6..26504fb0a5 100644 --- a/test/certificates/trusted-ca.pem +++ b/test/certificates/trusted-ca.pem @@ -1,23 +1,22 @@ -----BEGIN CERTIFICATE----- -MIID2TCCAsGgAwIBAgIUcDB3/OfLfieyLQ5ZtrTHZZfXYu8wDQYJKoZIhvcNAQEL +MIIDuDCCAqCgAwIBAgIUXyhWrw0JtVLpIVRkT9Mo+GDBODEwDQYJKoZIhvcNAQEL BQAwfDELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMQ8wDQYDVQQLDAZLZXJuZWwx -HzAdBgNVBAMMFlRydXN0ZWQgS2VybmVsIFRlc3QgQ0EwHhcNMjYwNjA0MTg1MjM1 -WhcNNDYwNTMwMTg1MjM1WjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlv +HzAdBgNVBAMMFlRydXN0ZWQgS2VybmVsIFRlc3QgQ0EwHhcNMjYwNjA0MTk0OTMy +WhcNNDYwNTMwMTk0OTMyWjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlv cmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxDzAN BgNVBAsMBktlcm5lbDEfMB0GA1UEAwwWVHJ1c3RlZCBLZXJuZWwgVGVzdCBDQTCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMxM+57BJzd0yEdwHJcpDT08 -uIAUwXDtqz73n1VUnD4UoBVx2XvyCvofXT1qSTmD9zDG/KwQu7fcWba7maGMcRMr -nz3/fiDO846pPnxgpklCJ5FO46xtZH5pM0WWjIL6+ee4vIzmS1TIURHBjS1DHBah -q0bz/4I/sOo2hUoABwztOJcm8rKx/vAV/ItKjgUUh8GEFUQj87hY3JFaWclkVTse -gPe2uPOxlbZQ7b+GeQt9EX8svg98GVJwxzqYeIIiOcuJKuOwUxuu55LxE5l8mjXt -bKAs73v5Y/mBU8P5VamABrWDI+HCdd0Ku/IBGeQKsjZdAqKcxTt9p9NpYHiyu2cC -AwEAAaNTMFEwHQYDVR0OBBYEFHy2L5ZFBWL44NIxmD0dYC2Vf8UmMB8GA1UdIwQY -MBaAFHy2L5ZFBWL44NIxmD0dYC2Vf8UmMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI -hvcNAQELBQADggEBAHrAmym51AOPKXfq39qQ1m516SEQv/ZpAnN5HaGIXSBAne1e -sj3n4YOrvZ23UwkeiCGAOCHTzuRXk+Pd+7Ft8C9fOyrYai5R9NeygNJMtgLB3dhm -iPi6oY3XUBUjbP8VCFiRLuhTQjm65Nt9u9pAaPLrtkXKZlrwFfuIOIB1nJI6NBk8 -q94lJoo5XgMgA3RDmuq1u57nzCCUTi77BZkASTPEIQ4s+wYB4XYb12SSPN95Ns6V -863KZQRFBVqz6ZZoZ9OMZzX4paRi9MCbdIhoibhafjbF5je8wujVVqRsD4ALzwUo -Kyss990wYIZDMTes4dVQRRat/qayHbeCSC+wxu8= +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALuE20ZJaaGRLzvMaurcKaP3 +AfNEp4n/AY+YjJY4znnXsgmVNDAPA3scOrjeSxjpC/Hw2HoBf4B57Rhy9HE/9alB +RIR7kTG+y/RA5EI6gy7cG1TddP88J0eLkvikVkQhhf8s5mD2n7p7CYtYorCif+57 +yOJVv7dI0Dn0RQ592IFGPDaCIp7XNcrSjBmIahBLOKNHNUkBQ6q69EuWnFfzF9z8 +Rhhn5k+mF8DWcEOxagizWSMIDVuu590OT60GTq7qisK1X3gSb9d3ndZ9OZLNaD8R +gBnkLbpALZl/iRmFTgyfhHqNVufo+gjZhWPscqMgyW8HGDqxr6ZKjCbRHrF885cC +AwEAAaMyMDAwHQYDVR0OBBYEFCszYGV2OdFVVbUnc9BWShN6WtmgMA8GA1UdEwEB +/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAC8jiq+HfRS0fD8nPbzVTv8agIDi +fDFFWPGW3EVjQT/BCaOM2FyfLcpdP0JMsl9B55xlqc4TtOuJkQ4IR93LFcQ+jG+4 +XlnJH3bqMuEgmNfIye2vHFDTDGHflQxDPJ42uwQIYKIE0zPdqEKvobbQ+mIRM5FQ +z7J8QqIqCb9UaaMFxUzDK0m6WQ+OREuf/bIcZhXL/kUmP/eVhHMy8P+NMqWe6UHj +tCDOuzLi+9jch0EaBHwPiOdzvrQc6EcuPT5kzcdN5mwPXCJG+HkYDe5FnRHhJKm1 +wffFeAe6Givp89hMfBpZMO/4gYzaXWrN1b0QjNJmhjqJ5AFp4bM4YqKF73k= -----END CERTIFICATE----- diff --git a/test/certificates/wrong-host.pem b/test/certificates/wrong-host.pem index 028bc656a4..7fc84d88a7 100644 --- a/test/certificates/wrong-host.pem +++ b/test/certificates/wrong-host.pem @@ -1,51 +1,51 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC6zToi+QIWIW24 -xTSa6ZHUy+r71b+6DRpv92hE9/vTNwWXSFYq8LE1g88UE1aamP1B96wDk/439uDS -9nv5Y/E16fnkuktzDFnWgpPrx1V79XC0lkQGXatiX9Tq1k+CzsPkTIhN5lD7Cqv8 -DdfMdSk6i+CEx1mVP9XMfWeXHuAvv9C2OAyy7dC1vLi5Q2MWQ19cU60mWKLt5LU9 -uCB8FcKwVlzBixXS10/9uNdubLRMEav6synALiFQ6y9Nh0T3MwW0HobynDffese1 -yEhoy2TgjdvMOyoS9nrYHlNbIZlxavd2H8XR7XA2usrF/CIP6FCpICalS4oKfdYB -816+J+CdAgMBAAECggEAHzcfQWvZ+OfCJY+ywDZKu8QNsuKfpM/+vHob7vZ/muaF -ZSfd2lQZUMeDaafnn3L0Uzs3f+uRnjl/jVFKGz0juC4up5Wn+QQ12P4+CLbpJos3 -t72qhWPOuWQpOMryQ3oYywQs/NOBccnxPm/zwUNMze9E5/tGEYY2zHKiRmMO9Htv -/F8llJRVVZwDm0dn3UDTOTr3R7owfF+BoR2R8SPKe9PFP91AqPYxqsvff3iozKPw -uHHFS0EpWD1P/FnK+MjOUlpZhkWkZ5Zh2PeWYqk9mKuQOgMTUWfM/96dmzeIMlrA -dKFN2fkqgEkdUK/fPMWLzwbV9PwiZSDLICe+Wna8kQKBgQD6VakPDTYNOGWbTBwF -8j58kc0AVE1CFSyJ9hKXmdAuj0w/X2+IIygb5VD3v6zp4MCLwG64cVeQW2E7mojD -Dg2dfhjvr9Csh8EURs3lwIylf9pi7OSTEmXHv2OIKOlrSdSPn3NQBX+q/8M793/1 -BonAR8lxMOdS2IvN9WVRY4S4OQKBgQC/B3tkLhIi7y8XLZ459Nehg06qm2GAXgse -Nb9vCXqvf9WHdZ1b0hjS8h2CK+BJ1Wn9QpbfLHET8pz8fBPyfJsXC+sD9JxhJ9tU -GU6rlXitrzF4WD4Slyk3mSpO+yqN4ZQGlhqJhW+kGqIDAyV3FncDYDCeSx6O/Qqm -44WRCWeDhQKBgQDfw7QTXTbEiHXiZBzkf821IcrCEZjhifW++DNUScwZ4kNAnnke -knZmwQsn+bCBekICaadOvRmNUvFOCutWl3g6IB4AGgMIRWykSEoBpaTSxr8aEDCc -+iP6caxxaEiFe4BCRUAY9mFRI7+LGcfJ6Oc29bQtto3/ssr89e5z2uYmmQKBgCqH -wOoR88nBVMulRWgD4go8kMQdKf0JcxI7xy4yfxUZsfGhtvIdeZdlfjpgCGSH1jwj -mjF/1IErb9YqzcocAe+EoMNVr4dV91fm9oPvGFoa+jmf89nxu6R8PlYtR1ElWu6I -dsoNYki4AUAIcEvuPXsL7GchtGEDZ162oyMiY+B9AoGAaOBoT/BWxMO1eDG/wTWj -gG3151f4bb5HEBV7s0xhHdhdnTexJTrAZBLkDpWJmj7d8zlvF1CxeJe8nhHFWbr0 -Zp8Resp6crar6P0aCvJz9e1ynmFMMClgdACoEr+MflImVawGnJ82EgsMk1u+6LQb -esBeRYGyOG5ccB0gLfkEKZg= +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC4SiuBOhAIB2OX +z1dPaQ3vY6r86AAKrJbajbJcDQ0ST5+GRfpIKrABbqrlUu+hjPIKtQWrBtBcAsWG +CRYhWq335mo3ygiHefdlTxjWnAn14qU0liyK+u3j51/7nLTjgY93nYylS5rjz2jP +/HdqMKdz1fYQEbmRD7e6+6DrOzQvZZuCgqbveULJmThiTJ/qhUP58BNywPSsCXoZ +KW8LZZhu1VK6MbtACXSF6TNfORYHHs9YrXb6UFY3ENx7kSF4CXdFOeS4JzHn7G4k +Ws7Tv2T6KFqNwVD7NU6cWHsGz37IpbXDg3w3OKxP84+qrlMNkqRvDLZerzSuz++u +8RCCTmedAgMBAAECggEAEBFXbbL0Rt7uDgRj5maQcnjMJbTMnCGkHXYRQPlaVGhg +zkI3qicepWFSwR/UCM/TIp/Z2KmFbSBIvID6TvorBNwwEqEo0TcPHOQilEOSkr+q +C8W0KIHsT9ySf8uP8e4P5iv0YU0QOiCRUOEAQF/xmaXkCE6jUUR/jmv2Acxtplwd +afIGu543/a84ca+3MJVf/O/l8T0Ri5YUl2PwdL3DfrSrf4njuRuAQZtNNGgKC3mu +Fszx+L/SAEtDK0fwGdOkbiTCyX1zwz4YnXYUG2WpOnyEpJa3u/usuK09u3fm3/fL +M3JSwdWbNKFSg0X+BP9XtJ94HefCECLycJ0d+ZJEAQKBgQD0PP+/jvvc02Kmi/pH +5KjRO8kDxSnrz/fHuMqqUv3CYEqf8+EkmLG4rX1b4HtR98VBCGGWGxG1aUgu50Lz +li7q2gGVb7c/zufd5zwJcbCPc52ZPo3VFcKd/6KVi3Fqv4YGRaFs6/r8JP65tQW9 +m3TNFslRPKcGd3dpzI9y5Q/OHQKBgQDBKh4RgceyquQgtzjEblCMzb+1N1s7ucRz +I68mibY6wE9IC+AUDidgOFFfQkrIeOqOM9hu6KmVD3859xbrw8ITMY0IqdOejiMf ++/JYt18uaBZ8zU2iTiHsuJRGwrWEUN3z+8x0uBgY56PIOTKbOciveOqQWa6T1RgS +UG96XmvHgQKBgHV8JjXaLNNTp5+fs9wDZSWI0bALlpfFaVZcULjPxRtMQHli0glN +nifM5IFeoVOTkQIwaujOypzuMPfG7NDJjHYSOjLNE2QRPj3i7mFIm/rVTZkamxVG +K2DfSDERa5RC3tCDjBweA5Roo1NnfYRwlCXXcS2vtFSLARkWemZ1Qz4NAoGACLZp +nMiJxVlH6OHawaFoKLGvD/FrQApk/fyCDe7wNT4vVUST2tO4mvJvWSiYTuqFSdy0 +ymvcGkkUp/ypIAE4Y708a0Ods+0dUHgAulerB2DSgtaPxd5YUWER7w8hONKc8EBP +PISBMb5g+Mr7qVy13JRLoC8rXKej6k+Od6qCmgECgYAZbJiGLpFFYMr0m3mxE/9e +lKUBYB94hrFqRy/+du/DNDJd4IxN75tnzXbfCKXK5Fp53dSG6ko2rb5/6cafxRB7 +uqa7z96VxzA9FPIGOV2sHu/3KMMmeIUor8Svy3MI+hTuNAbJMjVzm2J9OEBBsOT0 +S5pn4mtICgedhH0fkpCjEw== -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID5zCCAs+gAwIBAgIUbEVC5hWQQpWYIXOynGd8Ku7ioaQwDQYJKoZIhvcNAQEL +MIID5zCCAs+gAwIBAgIUCbg8cGKRX0dJSw6VBWVTBPoft54wDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTg1MjM1WhcN -NDYwNTMwMTg1MjM1WjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTk0OTMyWhcN +NDYwNTMwMTk0OTMyWjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV BAsMB0RyaXZlcnMxHjAcBgNVBAMMFXdyb25naG9zdC5leGFtcGxlLmNvbTCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALrNOiL5AhYhbbjFNJrpkdTL6vvV -v7oNGm/3aET3+9M3BZdIVirwsTWDzxQTVpqY/UH3rAOT/jf24NL2e/lj8TXp+eS6 -S3MMWdaCk+vHVXv1cLSWRAZdq2Jf1OrWT4LOw+RMiE3mUPsKq/wN18x1KTqL4ITH -WZU/1cx9Z5ce4C+/0LY4DLLt0LW8uLlDYxZDX1xTrSZYou3ktT24IHwVwrBWXMGL -FdLXT/24125stEwRq/qzKcAuIVDrL02HRPczBbQehvKcN996x7XISGjLZOCN28w7 -KhL2etgeU1shmXFq93YfxdHtcDa6ysX8Ig/oUKkgJqVLigp91gHzXr4n4J0CAwEA -AaNkMGIwHQYDVR0OBBYEFKvLZ/h0emSijTtXoVcPBibT/IQOMB8GA1UdIwQYMBaA -FA+r8H4sLl9BSYmez+zQ/3AVgq5dMCAGA1UdEQQZMBeCFXdyb25naG9zdC5leGFt -cGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAmz0paStjdFmdOOZMFykfwYY4BwOA -dfO5Lnqqoq3TH9mCoca9kNH4bQBhIzPW9aDnaKf2UuABFTcmxR0FL+Vg04+15sYu -hln/wcTDnFe8MZQGB34zaXIYD5L2NJYXuuHqiodC+Ggh20TGGMSXZpfJotJJF8PD -P5B8eQUdH7lR8UTPkxZQfze9u/uyLZkJoQEbLUwM+vw2eecfqOl5jqnTyUhpq8fY -QFmSboi7UZt8ZNdhzEKqaKloDqfo4Ba2hUZDW2Q6eAs8SgNeAZj2Q9LyEkIRoMLX -/g1tY5+oTuwbtVi55+MC5336sA2AmaTyf9dvgyYB1yIzA+KMJiSGc0rKLg== +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALhKK4E6EAgHY5fPV09pDe9jqvzo +AAqsltqNslwNDRJPn4ZF+kgqsAFuquVS76GM8gq1BasG0FwCxYYJFiFarffmajfK +CId592VPGNacCfXipTSWLIr67ePnX/uctOOBj3edjKVLmuPPaM/8d2owp3PV9hAR +uZEPt7r7oOs7NC9lm4KCpu95QsmZOGJMn+qFQ/nwE3LA9KwJehkpbwtlmG7VUrox +u0AJdIXpM185Fgcez1itdvpQVjcQ3HuRIXgJd0U55LgnMefsbiRaztO/ZPooWo3B +UPs1TpxYewbPfsiltcODfDc4rE/zj6quUw2SpG8Mtl6vNK7P767xEIJOZ50CAwEA +AaNkMGIwHQYDVR0OBBYEFN4vEIPI1Z1GFl1EdUv89wb116ybMB8GA1UdIwQYMBaA +FMtZaaZbjHw6O5vfyZtBE20tgGMhMCAGA1UdEQQZMBeCFXdyb25naG9zdC5leGFt +cGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAvMUw0MehwLo7xC8gc1qmhpSQ6Cm1 +KPc6oA1OivbP3FeDNjODoy7E5IFkw976lP24Q3v/O6F3TURZw+Q3LrqtL7MmwtrE +nOppNeS8mYfKy07k0DJcEak+zBczUSCjtVsmN5Azv9L8CLvMe2apYT5JTaMt2wJZ +gbfPQEy1dtsi3ZMPoyQ+4aNiGz5koWb162BZSaeszeshfgU7afrjg0ugPe+X9HRq +dKYHdEHtuwZb9wln7bwckp8B4ciNGOUMuHOlZWUdDAP9ffoV7GF0Y7c3MZC7KgVr +YUq3mLsGaIjjBG4Poz6/tIjhFWl4vNe5RjX9I/+qgY1+Zz2u0vFeNzAAlw== -----END CERTIFICATE----- From 3e6063c7d70fbfc1cee3ab7be8e61ae2b9092432 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Thu, 4 Jun 2026 20:10:40 -0500 Subject: [PATCH 09/28] PYTHON-5040 Fix CA keyUsage and remove issuer from leaf cert AKI Two macOS/Python 3.13 issues with the regenerated certs: 1. CSSMERR_TP_CERT_SUSPENDED on macOS SSL replica sets: the issuer component in leaf cert AKI (authorityKeyIdentifier=keyid,issuer) triggers macOS Secure Transport to do an online revocation lookup for the CA. With no OCSP/CRL URL present, this fails with CERT_SUSPENDED. Fix: use authorityKeyIdentifier=keyid (no issuer) on leaf certs. 2. "CA cert does not include key usage extension" on Python 3.13 macOS: the CA cert was missing a keyUsage extension. Fix: add keyUsage=critical,keyCertSign,cRLSign to the CA and trusted-CA certs. --- test/certificates/ca.pem | 33 ++--- test/certificates/client.pem | 86 ++++++------- test/certificates/crl.pem | 16 +-- test/certificates/expired.pem | 82 ++++++------ test/certificates/gen-certs.sh | 6 +- test/certificates/password_protected.pem | 90 ++++++------- test/certificates/server.pem | 156 +++++++++++------------ test/certificates/trusted-ca.pem | 33 ++--- test/certificates/wrong-host.pem | 86 ++++++------- 9 files changed, 296 insertions(+), 292 deletions(-) diff --git a/test/certificates/ca.pem b/test/certificates/ca.pem index 978edcddea..7037fe33ea 100644 --- a/test/certificates/ca.pem +++ b/test/certificates/ca.pem @@ -1,22 +1,23 @@ -----BEGIN CERTIFICATE----- -MIIDsjCCApqgAwIBAgIULKg2PII+nqQgPEEysgWStNhMZ+UwDQYJKoZIhvcNAQEL +MIIDwjCCAqqgAwIBAgIUCIworzyq+MZP6PgMwJUvbXynSh4wDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTk0OTMyWhcN -NDYwNTMwMTk0OTMyWjB5MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA1MDEwOTI2WhcN +NDYwNTMxMDEwOTI2WjB5MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV BAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMgVGVzdGluZyBDQTCCASIwDQYJ -KoZIhvcNAQEBBQADggEPADCCAQoCggEBANRxGUwLE/UuYqbxZpRXtywLyHiRezn2 -uXatT/PcKtICvHMFINe4Co1414lnL2qrhGCxANpeIobzE0w3WSKgHweTISV8+RZp -H2x3EYBd15MbdDdYDhBYUuGIH5N2C3gDYbkcZBY2cK4RB/cruuZLHf1WSVFFUvK1 -V6hWs4w87c1H+QxU5RKvX7T0VNH1PmGp5xSbxwjkdVLb0o9YVN4nTE2FAGvuUp+n -zUrZjGMDEjFYELeFVpQGTgXgvw31EzeOMZvXAo4mWzH1V6z0hdZg0RDbAxT5CcAg -157qSLbQi9BC0/O6kcflqgYOWwrkqOsNs3ryx/8lbxtZtCtRC15ynu0CAwEAAaMy -MDAwHQYDVR0OBBYEFMtZaaZbjHw6O5vfyZtBE20tgGMhMA8GA1UdEwEB/wQFMAMB -Af8wDQYJKoZIhvcNAQELBQADggEBAFRTyRmtpoVEst3l2TeovA4BeCv7zdaI3EbS -vOwCqNdJ84biNlTjtRWrrIdFZOAHnseEvkxXxBewzuFL1tXiGFkwr43vXyf/MIVj -inzIK2mViPM8vIhOCQSpStgvUaTrvxK659VoLC85SzcCDhUzT0MqXeYjw4sHsTvj -f6GLg2oLuPCcxkfbk+cGIkL/3Dc7Aaq1mqhlXmqueGtIgNf+TgqOyeUfBQ9EEuQX -IZyQZ4PlMPWZ54YBa97fmW2+5EhY1WQ7SJ8abpjA2tkCvPcjaubUCjsASb1OusQS -UPwefW3YA87ivSK5Z/D9HVzvNQcPkr9a2ennS94t69hgDdo65sc= +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMsrDsoEdGpjI2a0tZeg477dzEn2jJR7 ++ejm3NjhAndXi9SA59NhY/5xeKCP78YY5lEf6GXxf7H31AOryq2d3/E2cj6fNMvO +e9eVWPN1X7l902qkuopTd35XgpnD8728+m7qpyVDCtL5hlsdhf2g6ucMri5r2cAp +VWlQ5AsZUKtd/kNHZcR0pD7mwsau9rlOkuHvO8yojQ1ImNT5I8EH+Z71nsjNyybK +6rR3M6KOB9m6vxQD0i18vTONNBLMYuFRmzZuk4s5uUNTlN7o4CBejM+tVABrVTc1 +DumqwMu6gOTg6xjbdWSe/l/YuZYTC/qYYyf2RjLHHm/T/GKXUU80DocCAwEAAaNC +MEAwHQYDVR0OBBYEFBVUg7McKdezoLQJTeiDCxobmW5FMA8GA1UdEwEB/wQFMAMB +Af8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQBF9sb1RAXqYlbx +qZy4elELn1l+yIZTbO1+VDmg1gZflMtkge/wpBNk6yVXXog6XsZ8bdigNtDyPsC/ +30cy+M78AITUiGMnrQU9vfjAfNVRHOBXcQdh2rdDYI0B1ypVpzbyX6qZhg0SiM1S +xYNKSFYZ+4RghyPpP+cMqt43lnpBXUPU+/Y03Kk81e3bj03zy13YDHJAYEipU2i4 +INlZKQ0OcRJC3dWON8QsYiV0fbPKFwaaLvBceNf3JqquHufe3/UPhuN5WcMErOoV +Ys+1hKorovgnrXqm0Aon6lwJrf39C7t0+B+MoD2St8S64QT3dM31cG/7O1IXKQWy +TY31cOt+ -----END CERTIFICATE----- diff --git a/test/certificates/client.pem b/test/certificates/client.pem index 0dd0fb129d..4f74ebd0a9 100644 --- a/test/certificates/client.pem +++ b/test/certificates/client.pem @@ -1,51 +1,51 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDtXBFcwtyqmqPK -+mBDuOxyURSuPSsVn+W2gHij2y145ArA821ivyCXKee/J98mElNXmGAAVpcnSksJ -FvFYz/SH8aHUB9JqczP05dHgCE5EQ6g6D5PF5oiaqac/2VHGqqEs/HRGyNhnROHk -ve0uHVHZUN3UGhTpzAHDRWN7/w5MWXNqRYETaZyI50osBJ+PSkAsgOl4PF1sqXWd -fKLpFkE1V/1Qa0ZsIp8YtXDF9EZp1P1NqoAAsijXIHI5mZefIn9osKeeIluf8/qS -caJRlQ54og/CmRqKK37RLrIV5droBav1OoDE2ANdq7PMVW+CGpUOB00LpNJ5hwrO -ZmCPccV5AgMBAAECggEAAlVUnV0UBsBQ6mKmNhw4BNKruZ/Dz+lbvHzMUs4JhyX0 -vhtWgLFAzIOesdgePzVQaOzIStCPGVWHYc4+LqGStZBoRxmRlbbOtLJaqxFh1ZV1 -rqZvDTO8NYsD6CKGhYWxYmwT54s7Z157uwAr9/dVUeXT3G0qNfcpsEX7GaGy/gih -OudyrWWE23l4EvLr05y/XxdpB7EVTg7XoHqU7auknSuAkqrfNU8w7ylqh8cJZwcM -hDdKeh6NfUc85ONpMU7FTeFlaPcN7Kjvz+hNgX+aGgty3vPzhwn4g5r+eweDFtS0 -JqfoFcj882YEP4EdQG2EU0BZ8s67I/HFN4WBhIZCJQKBgQD9W/+OfyMaGXMF4MEW -X+BxMg3g2cJQR/TG7FLly0boWEgoyUUk7ChPvuYTvfJNUXNEfkc7i4FF7eNNzTnp -VTKfEtxLf/4FsxAexxdJMe61mMnx/FBMYn6VyueNPT9rS1lwOYITclaQPHaDtSYI -wLvuEHktE4X9ViRn+gfsUTFnJQKBgQDv1WE72tQRY4DDrk7ZvKVR351nWWPmWDR1 -veUhpeC3zs9cdRdHeajz6rUpGUQpWV6f+BgwU80BkzgbVU4Qv18xPNDEevCfjPuD -PqQxRI/B0Z5VcbeT2JnqSSF1szOmnA9IZ8FFm/0I4XG6KlAuaaUVWaw+s5qILdn6 -oTgxRpXuxQKBgCvjuQSdX55Q1E0rXyeaGk5hpmfSMUgo/u1K2R13tmPfjziJjVHV -GzKdVkwLNqNQPdCas4pMI2vSxvKeX67dFHTcFo95r66bE2rRgGYsoTaSLkGePObO -lTErwisEdi0HE4pOXAs0XmyEHN+6DMmtYaDe967oV+jH+GyOsrqsYguFAoGAP4HX -T4wwn7IjhK2Bf7KubDG0cot/Ip20toDkTbao/MMssaTn1ytmC8DY29su62wY3G9L -qHBoVsRvFP3PwCuMv3MFLSII2Zbxet15iPpIvuAM9z83h1TR3PIkhBBB2xp0CY4/ -5Xja1iEshklyFfgvmKm4LJpOj0Tk9bL/OD0isqkCgYEA9+jDUU5U2v1gqk6OWiub -HBIpTUP2TL971gVlQrFe/mk+4+GX1vgeHe6xgIQedvombnK7FwyphWWp7+F2C1Ub -7uQN4RtFSft8kow9oF4qgdrWUmu8twi06a+uiKwhhNUSXGkprItR59XIXzQpoYK5 -446o5J4yiqZy/zk+ccgN0aE= +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDBIuoc7BJXkj43 +Ogw4/lOj6l7qJ13wnQKNHLdCuKntuZD8mQ0T7xOKqiRbs4xy2d9zS9bGNfMrT70q +RRRdIrSOTBOGMtUTWtw2WBHOkPF1OlG4aIlLmiM3/W5gQfKxdUvA8UZOjCLtdOuf +Llcdk6sccWhtA4W4glXi46EDGT4tp7htgT076Qa2lfKc1CVgV3LaUIcW8JpHD0+y +U2gSWr8/oE9222fu2MVDyQqR/7WFRBBHR5KJSvx4tJ753Pu19o+T7U5ieLegR1P+ +rI3m0ktJoatomfDdc7R0XcbgqIS/cTjI/7QuRrD7RuHn5I3/0Ml+OwKzElpTlVT6 +LOURN0iBAgMBAAECggEACF3p+LoI4uKO369b9XGeH7sg5MGzFgAFSuXwMfukP+xS +scCzInaQWQjdJZxaBKU34wupaKGQcONF0YGX29+LpSD6VQ1ZcfrVEKUg01sv3Klb +vjKIJR5usWehGxosSIAJebiyGCfFwRX4OaeFJl698k/e618UUU2TKS69jE/xA8L9 +n4lzDyepPf2hA99KG0Es3Ie+lSl9M76Ssg9XY5+7n7W+VBVr5MebDtOEu26XYIIc +FJ0jxVId+xPGvhDcfKvFCcJrtIji38FZBdHbIIrjioFL631iqrRwQTRMUkMY8d44 +POSavdt17zgA3OkBwg7IHa4j6lMRg+D4YYgrmgTGuQKBgQDu4Q0R139ou+n6ZsWt +XeiX5ngCg7+Snq3X+1zNGsUW43DbgLwnMApsoyV0WWccfApMtQCXTgPX68VIg8RF +SbFA/L4S9cM11Ev+GfMXwu/JDnHmOjBj9stFnQMlGxuhvXF6YlK+Ptrt4HOTkrGQ +01eb8NtVqUAZe+3YTW212wikaQKBgQDO+pOygwQnIm+8hPjAV+MyN5v1nvxiOOs0 +o8mx1tqJEMKPQ6fk7JycPNDBilDojkgr8afjpQ5JbFl+Zc/OdhNyiuzfB0LU/5g3 +ExIf5Eq8cdIl7dARu9onQcsXqWcK18kGPnmB4WGo07XkcuYgqRgVoI554dJboJLk +1KRNWEEgWQKBgCOj7EFHN7k2oDg98SxmoHdZaXpmkcScbC+XT0dCwTkjAgmd8XSf +VE7VIJd1Z072qsq7DrWEbEpg4PRqxHPaBNo/W1SU2mVDoXruADkBWqlSwGerMuEX +R0jBnmCA5OSC0VWDKfk8g4mOPXA9KMUE40Ne8jqbn/ataNUm6EGDxoxRAoGBAKDF +bthogF9NlnFe8EGngujM3S3q8qvw/nIDD3Y+J73z8MyLhuyBBh0t+BF9uN8LNfA8 +Y2amHPTXXqSZvNLoUK7WTqvm3fjJGJkfDSMMlyjNWKjxkn9T5V488t5MTafUeWeK +O6OxR8R1voHW5f5UmkqiTklKKbXWgoOQ0JbriJrxAoGALor5MAuJbfaC/ZcW4FVU +gHZJ5I7pvP7+DI/D5Rq3XWhRLTgMERUAzpKQt2fd23g8LDjeTc8TLnrkLC9PpZ10 +fHZQ/a4QolZ9Pq5T9h9HjiCesyLowbfITwfShbTQWR92rvVVh/elSWehy5ANsc87 +pIpaN+cWsG9/np9Z9kWwoBU= -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID1DCCArygAwIBAgIUCbg8cGKRX0dJSw6VBWVTBPoft50wDQYJKoZIhvcNAQEL +MIID1DCCArygAwIBAgIUJMLeJCsPMuRPkCXuMs52RwfFbAAwDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTk0OTMyWhcN -NDYwNTMwMTk0OTMyWjBpMQ8wDQYDVQQDDAZjbGllbnQxEDAOBgNVBAsMB0RyaXZl +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA1MDEwOTI2WhcN +NDYwNTMxMDEwOTI2WjBpMQ8wDQYDVQQDDAZjbGllbnQxEDAOBgNVBAsMB0RyaXZl cnMxDDAKBgNVBAoMA01EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UE CAwITmV3IFlvcmsxCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEA7VwRXMLcqpqjyvpgQ7jsclEUrj0rFZ/ltoB4o9steOQKwPNtYr8g -lynnvyffJhJTV5hgAFaXJ0pLCRbxWM/0h/Gh1AfSanMz9OXR4AhOREOoOg+TxeaI -mqmnP9lRxqqhLPx0RsjYZ0Th5L3tLh1R2VDd1BoU6cwBw0Vje/8OTFlzakWBE2mc -iOdKLASfj0pALIDpeDxdbKl1nXyi6RZBNVf9UGtGbCKfGLVwxfRGadT9TaqAALIo -1yByOZmXnyJ/aLCnniJbn/P6knGiUZUOeKIPwpkaiit+0S6yFeXa6AWr9TqAxNgD -XauzzFVvghqVDgdNC6TSeYcKzmZgj3HFeQIDAQABo2QwYjAdBgNVHQ4EFgQUbgzD -I93lHfaMivTtylShgIGRCAcwHwYDVR0jBBgwFoAUy1lppluMfDo7m9/Jm0ETbS2A -YyEwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB -CwUAA4IBAQBNoP5tmkVAQT8+z6TugYjXn5cIGON8Lxpavku39iEr9lWtpfr8Wc30 -uYNzItqJ76sSRruuYVC7TNEldOl33OsW2qaLvjhH9FaGEq+tZszhN3bepAXCbIB8 -mc3jHZw1nUnMf1I26HW5U3HF/qu2sPWbGW4sj4NcTTJ9sJb+KlBRAcowAgLFo4yg -l5zAs1MFoiGa4slk920pU31eEt3zg+14wsxaUrpqTnOm/nZHJJPI0tp7IQsjRI3q -9FCycrgr+w3FnM5dgfggl0O9CBIg10cefRAIBzGE3esmUCjSOvYrvNVlV/yXnv5J -yUoJ6hJYPyB1GbcBwOpUCjnx5noUIKBv +MIIBCgKCAQEAwSLqHOwSV5I+NzoMOP5To+pe6idd8J0CjRy3Qrip7bmQ/JkNE+8T +iqokW7OMctnfc0vWxjXzK0+9KkUUXSK0jkwThjLVE1rcNlgRzpDxdTpRuGiJS5oj +N/1uYEHysXVLwPFGTowi7XTrny5XHZOrHHFobQOFuIJV4uOhAxk+Lae4bYE9O+kG +tpXynNQlYFdy2lCHFvCaRw9PslNoElq/P6BPdttn7tjFQ8kKkf+1hUQQR0eSiUr8 +eLSe+dz7tfaPk+1OYni3oEdT/qyN5tJLSaGraJnw3XO0dF3G4KiEv3E4yP+0Lkaw ++0bh5+SN/9DJfjsCsxJaU5VU+izlETdIgQIDAQABo2QwYjAdBgNVHQ4EFgQUcICQ +1PTXz/qx3lrQtE2Op0GknT0wHwYDVR0jBBgwFoAUFVSDsxwp17OgtAlN6IMLGhuZ +bkUwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB +CwUAA4IBAQAyFLdTJL3uJlIg4gsQLE7YOR8flyngDYneYhiqwM8VQzXFCGGi7VqC +o2H3SFMnZUm91qupDsa2qaQFULsRgCUm1ArvxVtedkQBlsPylRY5K2/UW/Flz/2C +0Ye8kQMTkCseNPKolwGf5TRSWg9fBNXEYHrtuEW83A0a2/cL3MjehGzblh9BF6Iz +HQvpxM1TcMCrrS96Me3UT6ENxCIzNprFjn58pDGGuOKJd+BXrqXSnXKSJULlEoWv +32/FDsUDe5uI27gu+GvSNZAOddhwXv5OwHNFBgtY/8X9jStUuzhrwLzv6U0V/6Y6 +qtrgSbev2AluiMko8NpevdP2NsOUMxyS -----END CERTIFICATE----- diff --git a/test/certificates/crl.pem b/test/certificates/crl.pem index 58e2eef08c..b729c6473f 100644 --- a/test/certificates/crl.pem +++ b/test/certificates/crl.pem @@ -2,12 +2,12 @@ MIIB6DCB0QIBATANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzERMA8GA1UE CAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01v bmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMgVGVzdGlu -ZyBDQRcNMjYwNjA0MTk0OTMyWhcNNDYwNTMwMTk0OTMyWjAUMBICAQEXDTI2MDYw -NDE5NDkzMlqgDjAMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQCknpas -Y9CVnP8wAYp/zViQQizwRRD5JtqMCDj8QJTfZ6nTOaRHY3581ulnK8ux/jGeo1WO -QfT1UyS9/CB8PZ4SDpSF1oiKaz3OkEivDeHWvUDYjukHkn1L5Kc/RYEje7/VRRlr -Rouz736sCz+G2BQZSwMpyxEPlozZG4Me4UufCcnkpI0cYRDwKgyUxeP+6xmtWCAK -QG/KzlNgjZPr2jwqlyVxBBtyYweIsJVSEveQQRkjdJYdeyER+vZmCHQSu98VHk0I -SkbaN1CCi56/8uWy8PuZU3FkLweO0gp3XAwh7TXiqVt1SH2gefjyzvyYnsts5Buu -9XP8u5uRAafgdK+k +ZyBDQRcNMjYwNjA1MDEwOTI2WhcNNDYwNTMxMDEwOTI2WjAUMBICAQEXDTI2MDYw +NTAxMDkyNlqgDjAMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQCkIvPE +1NaTmcm9wzkeQNuOxcAvT9tHiblThgGiamzMpvncf4e1kCxU6sbqBFp/7E1CmCi2 ++YRLvMQvAnM6QWuslUjHqLDdaEtpUF/E0KKknF/cLLxLN3FeFe41erlgdJa5AjSP +MynUzW28Yc2us6qNYeOnJqL/oEp09upHTDw/V1OcLFxBngzx3KZAvjsUkUCSRa83 +T5R8wM2ALG+ZOkT40gWh/N222vSIYNzfq8hsumG2ZYYEXs268BjclLvQOe8MCMun +NmO1F++wVpbPbKUS89xkewYRLK7L+AjUhINKXJTTtaepSFSA2IVGOmtXD3Z8VeWC +yaGBDaTeyljKqfhl -----END X509 CRL----- diff --git a/test/certificates/expired.pem b/test/certificates/expired.pem index bee2a1a3a7..bdf17a738d 100644 --- a/test/certificates/expired.pem +++ b/test/certificates/expired.pem @@ -1,51 +1,51 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDaBkqdhO2NgX3L -rEVBEA83eTZVqxvJ58NWPMMRjjunUcxVl87gH0Y6idTQPabkgtcm7EqoTp+RHf7S -TQanflcrmpQfjkUo/eE1lQkLWBktIB/ZPk3g5fAGveEaHyJ46P7bmPYRKCRuzyIH -8WtEylVwzkL4fBigG1Ecf5OuHccnarcAWFgEdt34FVeuUkq8WsiaDrZU955yQ2LG -zZOY1OPaLR1G/ZYCLAPgjzjjW6ssgrmBjB8c282glw2f6Wz7V0VU8SWS8LRVwd/O -HDM6NGoGzmSAWNzPjPGwlfhrDkMvm6VfTN83XaWqiezER8a5KqvQ2/+eIojVB8Gs -odmX0pw/AgMBAAECggEAA3OVC9BWaGaT5L0J7aFA9GpdU1bdnkEmhP96QRVk2V3A -o9w+4KpuFLAo59EKCtUNbebQucBg4027wn2IrO8hlyWf0a4RZzg5r/z3gy/2WhIH -nwtO9U/+kETCQwUaKRrbKgPOZXAiv4RU8BZA0fp4BsylH8TrKOG104Mrhdaf1/5f -gUxJohXHk7wNYzUxpl/uOChVom+HkwNAmWGCcr5o9g2Wk5KzWLlNc3hx2TBfldQk -y6pZI1foO9HcVzLAL6uaNUVQSNPfUO9F7USoxLjn1EmJtG/+DMo+hEevQXI/uWkU -IKGhIeS34UpUmcKajCdwPMobgdbCZDPaNy7n0Ys4PQKBgQD3egpKImN3vnXnQT/I -P0KJXISCgX/amhbGbCbEo4piWu9rrUQQUSNhS1j9sYNMCbFY5ALwJbRsNALT58HE -WitSmwUhFzXqiIPryH6uULdWqdv8hkOmxCG6y9yVbPL2ca5tSzKloxDXZS1JOKYH -yHYngaxbnp/o6hTnVJiOuaDuIwKBgQDhiJOnZCIKboSjEYJSO5BEJ1G/qjh40qpM -/filsFw4l6giE8vNJLilWmNuPQR4v3IaN1jemh56iU0/AobO5RRKWk1Ydz/fcJEE -izUi2/93/P6+1oCsKq7e7BOv8gPRFROzxTQRei6DAs/F8bwSZofCT1kFWl7ptFt+ -a/4wO1TlNQKBgF1gVvGR+CX+X05aeE5+UAS0O+tiIXPCIEXOGPKpIlXqKdxfDAd8 -FfVoELPofrn6DkiT/+fM0j7hgQ+jqqEDxMTuaQkLUPSlfeFBTUtIeWThwneN0Yjj -CDcLJLfc2+/RBReIABwvYvNi4at3DG5zXOGbNAV93KhtamW+rbFsqSQxAoGBAIy5 -yNAw9eCmd1K88SFYkztDgYnjr9sMMEFcU5MnSVPypXGmAovdtu1OSi6WGj0x0AO1 -t1kmt4/kLnP7opxkalW+pPZnak6EkahRKHW46l43WclAVQeYlob4rYwiqekDisio -a0XghDcxQO4VWTHuEhXXpwdlDUYsSM7ImdIEo4NlAoGAVoWkYct7h2eN/1wPu7/4 -2ahtxY3MuYwgjwJjytuZu2xdcfckCVQpE84YHoUw9Ui3W9oKqPi9vyCMW7YI940s -07SOFharlJtysSZr8fzJ0sQ8Ub0UtScFcYMsRgrijwk8NadtDuzwOrL1UU33JYox -mn7V5iAY2l8wehayhwWihAA= +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCshzk1c7wW26bs +o/GTWWN2nU+8w7lZClTibEY6/78DW0y0YU6+KPD41GxA4zIemxYY24JwqdnC9keH +JdWSL4YFgidVJUw12Tf+23oRN8+f//c9sb3Bmd6sZfbzYfrEiPdkHrGebcvdSK+O +wSOHZukiDwTz97w+98LD+Wd3p+Vde/jB/KNmcWlNl1Qkq7B3WaeoPNr078LNTuqO +MrGzqVo1bpodXkCvJruxdCNnhARbbHYLVwIaYuC6lqJvJL3u8xD2UebcvTbPos6I +Fjphgaf/FT7EWQflEkrqjvtViOqgfGPd6grrKFbTExOQPyonwe1iHA2rFr5IIicq +bdBpV1UtAgMBAAECggEADN8r1/6R/lyV6BrVJ6qoHo3fCJTLq8Z3DcuJM9an0B7M +KrsFzm8sh0wF5ZNtxlXIwMMDyNcLPZ31OTKL7BOqmpeayqH1PSE/Kb8DLOyui1/j ++NDdeOe7cr5Kvd7GAEq9tlUJ6GmFp7VID8z+ExiM9TMMqg0GGOaQO+HMI+O9W4uI +aDIQ1uaaqaZldHMut8m3hW7RDaqElV717RXHnZEpmZXdoRHPvtsYqPN3f5MKNDU1 +67AuVQCcdDys+8k9iUu3H4DCW4mrxP3PaXm6vuRxqgiNzmUva/pt12UuoDPqj729 +Gn1fRrXZQgbNpGK0WFengf01zFYt5SXVAZleg32rAQKBgQDSLkzT2QThzpbcu7fa +BsfFTDVBf63XycWh+C94g9hQ9OZjDL90X3pUjF/MuPTKcEuBZax4jws7GjOKPL95 +FwZG67TPmIunCUtvxuuj6rtvTjEz8ezYEsfOaU9prv7dPfxRcGOgSWkIXUX8z6H2 +Z2W3uVZSoSGPsH/n2oPX2MjlrQKBgQDSI54qIcfc50ST2RFpHqJpsdn4kMsouPOG +1g+LALTwFN46ABQdJE3K9g5fXvmF0sLPlWdqGCIxUrwXDAhEDmOrlZoJCS+Hn+7l +iG4XNCPVPWfixX2oUA99RfPiu0U9wSVsfwovdsghXG5QTyNa6XyZrhNBpYMIClYV ++tcXH1MdgQKBgQDJWT+SZ0GtDJsrxM1hGcPBN7uBDs68fXhOLRNU8YGGNMaMtwam +dl0bqAqSddFUKfW7dWqfZ/GLYhNj58RKPYtu35kskueeUmIpJ7hQJKwA+jhamfWa +HYu6Ktq/1LwluJ8CaZeXUxxCvhAxG7v98JnaQrv2lpQvMhemRoite+khVQKBgAcQ +UXHDHu/LCmAZ7N7mu7jn1JbpbxrYVL9UlMMsa+iiGvJCLGrqXH8VFFiaXbLk6c2G +jSpg001rJY10xxZakXkkF0B0gZeChcpLcr/u7cFuRf62esncnxir8E3P070GsBZc +kuATkxij/cVPU7XroVedJWKQiL4NcuVcQDyzvdyBAoGAUkPi724pAnlTST6mYMXb +Io82iSHeRwkuisSRDWfmrO3pGe6SkBwDwDyCxoS7fGj3JqsF5NtyRgmgZaLTu42H +oTXrhhMjOzXjBAoG7FtdEs3Wxwyjkf/q6850ZVhVYpdrSzYPaPN/52MoI71qIjHA +2GuEDub85LdRKAMc3fhmxXE= -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID5zCCAs+gAwIBAgIUCbg8cGKRX0dJSw6VBWVTBPoft58wDQYJKoZIhvcNAQEL +MIID5zCCAs+gAwIBAgIUJMLeJCsPMuRPkCXuMs52RwfFbAIwDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMDAwMTAxMDAwMDAwWhcN MDEwMTAxMDAwMDAwWjBwMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV BAsMB0RyaXZlcnMxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBANoGSp2E7Y2BfcusRUEQDzd5NlWrG8nnw1Y8wxGOO6dR -zFWXzuAfRjqJ1NA9puSC1ybsSqhOn5Ed/tJNBqd+VyualB+ORSj94TWVCQtYGS0g -H9k+TeDl8Aa94RofInjo/tuY9hEoJG7PIgfxa0TKVXDOQvh8GKAbURx/k64dxydq -twBYWAR23fgVV65SSrxayJoOtlT3nnJDYsbNk5jU49otHUb9lgIsA+CPOONbqyyC -uYGMHxzbzaCXDZ/pbPtXRVTxJZLwtFXB384cMzo0agbOZIBY3M+M8bCV+GsOQy+b -pV9M3zddpaqJ7MRHxrkqq9Db/54iiNUHwayh2ZfSnD8CAwEAAaNwMG4wHQYDVR0O -BBYEFLdAeJ64HzEM3Rb33XIvJhEAKMxfMB8GA1UdIwQYMBaAFMtZaaZbjHw6O5vf -yZtBE20tgGMhMCwGA1UdEQQlMCOCCWxvY2FsaG9zdIcEfwAAAYcQAAAAAAAAAAAA -AAAAAAAAATANBgkqhkiG9w0BAQsFAAOCAQEAQJhjzibpwtZOjNEA8XnEdlQWUEmz -BkkTxNOQkWeClcE/sokv2mIjfp7Yx340wJ7O/CbBNcDUxGksk763HQdTUMIt52Lz -QDjie+TjZYFzmfwFMyGlxHKp9PMoVbxbJN5yVLm4e0Rb7fh5qjap/8mofJCC5Tar -OXz9+vYnVCpAFQmnblptqDp20RqSChMZMWHuLIWDQs5NZszopj6Nr3nFtAQwC6r4 -bVIz/8ulUcOCi+pl1ffO06Pzcda3nyGu1b4j2iG+yKyyViaRuzjCEFEU3WO8YA4Q -sMmKN3HahbyTxcVUaFygPEy+F8erqRWcGoEd0ghNLoFKtI42jZXYATOmJQ== +BQADggEPADCCAQoCggEBAKyHOTVzvBbbpuyj8ZNZY3adT7zDuVkKVOJsRjr/vwNb +TLRhTr4o8PjUbEDjMh6bFhjbgnCp2cL2R4cl1ZIvhgWCJ1UlTDXZN/7behE3z5// +9z2xvcGZ3qxl9vNh+sSI92QesZ5ty91Ir47BI4dm6SIPBPP3vD73wsP5Z3en5V17 ++MH8o2ZxaU2XVCSrsHdZp6g82vTvws1O6o4ysbOpWjVumh1eQK8mu7F0I2eEBFts +dgtXAhpi4LqWom8kve7zEPZR5ty9Ns+izogWOmGBp/8VPsRZB+USSuqO+1WI6qB8 +Y93qCusoVtMTE5A/KifB7WIcDasWvkgiJypt0GlXVS0CAwEAAaNwMG4wHQYDVR0O +BBYEFIQZ8b2OANToGnZdHc4Vq1arH/VKMB8GA1UdIwQYMBaAFBVUg7McKdezoLQJ +TeiDCxobmW5FMCwGA1UdEQQlMCOCCWxvY2FsaG9zdIcEfwAAAYcQAAAAAAAAAAAA +AAAAAAAAATANBgkqhkiG9w0BAQsFAAOCAQEAWNhUCwXlWImKzbQqEZNwhptUHcm7 +LK/jWbOyo2mFoQyGim6ofMSbb4AMvtVgn9OJYwOajfc5GjrYZ3g9UkCq7hOpOn2A +OmaOL4mLadD6pFpuHvgindAUHZuqh3UFMDP4ekoFS8DhlvZg+GJZkRiaJ1Xo5quM +6sYCoL8VoYT3/ExRQWPocwkQibIBu67N4oMiOZUZ+jDSsPo7XmfFPZeVhAJ0Uxbe +wfgqBnGSwi+87oLUOuUAVeNtF1R7NB2q0xPUbymIL8Pi5R56Yt/fYWe1QP7TuecN +ccfEIaSEUKPoqYiLOseuzASNlpIJV8s+IjNHH1EVTab3+UQDSRmQSr86yQ== -----END CERTIFICATE----- diff --git a/test/certificates/gen-certs.sh b/test/certificates/gen-certs.sh index eb032c7e83..7898bacd93 100755 --- a/test/certificates/gen-certs.sh +++ b/test/certificates/gen-certs.sh @@ -23,15 +23,16 @@ cat > "$TMPDIR/ext.cnf" << 'EOF' [ v3_ca ] subjectKeyIdentifier = hash basicConstraints = critical, CA:TRUE +keyUsage = critical, keyCertSign, cRLSign [ v3_server ] subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid,issuer +authorityKeyIdentifier = keyid subjectAltName = DNS:localhost, IP:127.0.0.1, IP:::1 [ v3_client ] subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid,issuer +authorityKeyIdentifier = keyid keyUsage = digitalSignature extendedKeyUsage = clientAuth EOF @@ -214,6 +215,7 @@ cat > "$TMPDIR/trusted_ext.cnf" << 'EOF' [ v3_trusted_ca ] subjectKeyIdentifier = hash basicConstraints = critical, CA:TRUE +keyUsage = critical, keyCertSign, cRLSign EOF openssl genrsa -out "$TMPDIR/trusted_ca.key" 2048 2>/dev/null diff --git a/test/certificates/password_protected.pem b/test/certificates/password_protected.pem index 78428612d3..409a5677d0 100644 --- a/test/certificates/password_protected.pem +++ b/test/certificates/password_protected.pem @@ -1,53 +1,53 @@ -----BEGIN ENCRYPTED PRIVATE KEY----- -MIIFNTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQUjmGvGnDzF1d2KML -USvuYgICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEPxe/Opf8jx4H30l -gtFoWwMEggTQVO1+vF+10xVzKQAnX7xtXdNxhpTY0x8QFrx8fniQ2Blf2AmEM4V6 -tknYDhNnb0RY2TQ452cPb1OhYhLtMoGT4ZEkhhm+as+5V90MaJqSiLfDi7hvbOiX -d65kjNqJqS0rbtgFUMV9FtU4PP18Q0BscPNt4CP3fueqS6Zx/7VZEbEz5JqqvLmD -+MxszddisFCpcJvi2V2YW3MsB3Zrj6K2dGpqUFpPiTouDTOKxi7vuRf13F8BFnB0 -gLtgcwp4tbrk+LJYr0Iz4fMMNAYi+0t5eRWh97baQnEnbJaGx9oo2Ef+VwkpEJ9G -4aTrtIh0/LJcrG5SuPRu3FOrArEQItTxiNoHxQsvCvPO/vYTNZA5DAXYisaEGrZB -MMvz8U1tGtiNCJEjoURGOmNPJswTR9DDBu7cXA42vUcFbXZEyJB3pcw3mDu0X9+a -POkD3oXespiPpMfS1Y3WVnrR7DcBZ9DBWdNZ0BSB1kZBrhRUQaXPJ+22IacqtGAk -y/HtovMEw/CeQAdEucG8iIPAGPr8VPY1p7Bz+D+TYFhGlyDhNd7vVHRqtVXXDlQj -eqSwf5n/Gh/f7Q2h1vbzzVHuZ4UoZDP0ZszzGfSA1y8aHLFKHoTrUmvfLGrENh2V -LjcjQLYxnL48qVkClr0tME2fv7P9cPqtIEEXvmzFXT61QrZFiYHCk5HPKoFsBSQl -c7LsuM5X9D7xdV2BrEFXN2awH6z8MgoqdreILm70Ze1pTBM+NzGktMFABcxAXzaQ -llt4oGs8lmGPuQjCnvxPXiLRxj+fLU2YzpzSC2AYEKQ3KRrxYUXGu42oLiIUjK8f -BUsOGnYYGkHCT69WBbgtwl8iC0LDcBObMFFv1IQN4gh7TIZF9bvkCp0S8PNqaT/W -i56cZHVtu86bCBUeNz5SLGnCwGuuvQL53c5fgQuzK9OhxVgNFAsk1YeYcMOFJXvK -oTDqTiQ91aOJPxt88QaxkD/45Vc/EivZ/niB84/32uyT/6ymSzIKtU4ZOBne+Jx9 -MQ1ETkTLG1Qug/gRdJJ+hKuzAOeME1mQ3XbqG8yHVZ6Zkobf95X23yqMq72Ohi4p -BJiE2T4I/F1Cw2hyPOszGV5tXyfcrT2Z7FhJNZReD+gtoYnEeuNNMINYNDagIUNS -PPkwg7JTNOXEHbkGvjoWiAtxnfxpCKU6Fm6kd00vD9Wc9v/QsIBEhrFyvLZk/ucX -I3XYajuoQE/wGphYPuzlOzBOjiQfgVV27CalXJwGHAI/KR8D5lKP0aRwlkLUyU1c -gMlotqKNAxnhr/Nbdj2eo9aCFAW6i8eZIlviW139RWZEp8gRiWcTWQAvV4NhtxxF -4QzopulPmoz4wtQRrlotG+5JW6JqX81+VF53EsiP4C1tnpyxY+MVynAUroeOQvNI -D9aZu3/zA2+ixkrahfoGVSoGTaIAgchRyaEfxfA4YzcdfQkR5dhEJf4u4h5wvUS6 -ZWOA6Ei/NgtjLJXCaQywtseq2KSTgK0R0IyC91mEvR31w1WsMaZxCG9JuJU+Nha2 -R5qIQeMwEOR/+siKxh4QXYK7r70QqFbOkVZDBsaULrMHv66IUceOAjXpuUe4NbV2 -UcDbYWletvU8tKhBdA8SttQib/F2ra5CZVHwrPZOklhTVPQ7qzSDeus= +MIIFNTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQEBYtboqnWdJ8eESa +YxMmKQICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEECFmeuF/j03+YvpX +H2iJoQ8EggTQP8xnokAYXmoie9Zq8ZfMm3Z8V2a2IIzANeC/FrR9yQ1L77EuQpzG +/ah5TLBn/SasWRNPMV6M0TI8Cvg3GDKuBdK+GqwQik5masD5UsCx3ihLLiWasF8I +R6w+CWrpZZDLTfQE9ZXEHcb6A8d/pAQig4wPHfBPopTxiCsfCwqkVMMH/KMTfBqO +VKAkRE9e33gmEygO4t1LMtnR34mwgWA5KJOmAlPT3QiEBy/ZpDD/2PFqmqigibdj +YMRy6irIBqlHoDqtWmYuFNBBpVPVBtmFw3DDbbAIwMQ0zq4Il0Pl75REvIebgXEW +tjsOLGomW/gcxf/QCu0zdsNCYVNarXzM2UyJR6AibotjeoUDFn7wR+NRsI7rTYUN +r3cDDdxPebaltVAtwpIY4XoQXZVpfcyz6kmGKlkl9VuzKdSPV3fi7om7aytjFKxf +L0nZ2lsDZ0bhwMv7PKDkNHIPdyUt/XPayFb6+BtF2fCj6FRy5xyhX3sRuVmPdWn9 +21YY+TaE38/kB7ItD07XyrX4YB4lgG0wX+qMUDPH7tX+f/Yor5XQ/it7186z/Yl8 +L7wW4td+mbWWfV8HXhmSeJlbkOzvtzCOmf0ypOCi/Ixw7VVRXITevrdpyb74trQz +HV24x2V+dDHkXxv+kS8tuZ5kRg5ZSqrUSaDoUNIrYhbmJ2QXoew08zvJ6GL5UY2M +a6pQz41GO9cuVLXJiO8nV3VbKoFP1aoxaAYotMKpv00Bf7W39oS9lDY9rA+oHj8J +fKjYjr/ojCHkG4EElkAzcRvKCZpdMFDCf7IaNlSxkHvf33abeHwf7zb0WVXCorbu +499jo2Oc5QVQFxKQIjAjPX3NyvZYqorXa/vxDo2KvofCe2o1NOJ+5zvb0Nk89PWk +vunNo9Oq8M9Dw3S1jh17RJPLmBNsxQ4rqExynVZUcVcdDABnVUR9UDBA0/Pd41Yy +6kIlS2BgkvcL+Y0BK4oZVjz0zuNSlXgeh1gcNfFR8phxRAuYTZ0H70ZPTEfgJ3vn +jNsiPu3C6TLH4k7xs8VtIob5Nm4PrUcV7VNQLA55qZNQeL/uDwwvipY7ypKe0+7Q +bvESiFh4s56OjvBAp1wVjrKDmuzoL3aNr1dHNKMh01ft8pU8U+rcNYkAQ0ZS/mX/ +OIXR1Y+0v4x8OPYK1QWsZxKy2PbfL6oGEmsMh4viv3ZbSElw/gmuTP0+8jpXK71O +MwYdaWq9pCS9RLrcjYHff18vS3zWA6MVkanLNqsiUY8QBW/vTFGRfpFSZWP2AQ4f +IayDtfrqDcwEuOCFiRSrcZCzyGEs4NLgjBDfAi9Fz1Ec/o5f8xdM1Tdb9BSI0dS5 +P4a318l0hbaY5tUPMsOsYQlizgksCdgvxms2k5u4kpJkSkRw+BXgOdxYbeHNWqwL +snYwWmRLOXymu8OeJ2zTQ9QH6ComE+C27KOhxUml5XjHqY2j69qbXkhQWmi0EXj8 +DHJb7VPQZ+7IEjMTXRFmTLSS0S1k0C5CCGC/eYtUFFdQzG/RYSLbic0yICrPCnTq +GX/PiC3E+MTaZrr5ehAHAl+LC0iw6qXMUgBO2rWOYnF2vP56SIvI1yvCgNWpKFN3 +CKyHUKWyislcHqw9lvyzuouoidtUHpWMAEo/hEVb8JF4Y/yNND/4nLU= -----END ENCRYPTED PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID1DCCArygAwIBAgIUCbg8cGKRX0dJSw6VBWVTBPoft50wDQYJKoZIhvcNAQEL +MIID1DCCArygAwIBAgIUJMLeJCsPMuRPkCXuMs52RwfFbAAwDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTk0OTMyWhcN -NDYwNTMwMTk0OTMyWjBpMQ8wDQYDVQQDDAZjbGllbnQxEDAOBgNVBAsMB0RyaXZl +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA1MDEwOTI2WhcN +NDYwNTMxMDEwOTI2WjBpMQ8wDQYDVQQDDAZjbGllbnQxEDAOBgNVBAsMB0RyaXZl cnMxDDAKBgNVBAoMA01EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UE CAwITmV3IFlvcmsxCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEA7VwRXMLcqpqjyvpgQ7jsclEUrj0rFZ/ltoB4o9steOQKwPNtYr8g -lynnvyffJhJTV5hgAFaXJ0pLCRbxWM/0h/Gh1AfSanMz9OXR4AhOREOoOg+TxeaI -mqmnP9lRxqqhLPx0RsjYZ0Th5L3tLh1R2VDd1BoU6cwBw0Vje/8OTFlzakWBE2mc -iOdKLASfj0pALIDpeDxdbKl1nXyi6RZBNVf9UGtGbCKfGLVwxfRGadT9TaqAALIo -1yByOZmXnyJ/aLCnniJbn/P6knGiUZUOeKIPwpkaiit+0S6yFeXa6AWr9TqAxNgD -XauzzFVvghqVDgdNC6TSeYcKzmZgj3HFeQIDAQABo2QwYjAdBgNVHQ4EFgQUbgzD -I93lHfaMivTtylShgIGRCAcwHwYDVR0jBBgwFoAUy1lppluMfDo7m9/Jm0ETbS2A -YyEwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB -CwUAA4IBAQBNoP5tmkVAQT8+z6TugYjXn5cIGON8Lxpavku39iEr9lWtpfr8Wc30 -uYNzItqJ76sSRruuYVC7TNEldOl33OsW2qaLvjhH9FaGEq+tZszhN3bepAXCbIB8 -mc3jHZw1nUnMf1I26HW5U3HF/qu2sPWbGW4sj4NcTTJ9sJb+KlBRAcowAgLFo4yg -l5zAs1MFoiGa4slk920pU31eEt3zg+14wsxaUrpqTnOm/nZHJJPI0tp7IQsjRI3q -9FCycrgr+w3FnM5dgfggl0O9CBIg10cefRAIBzGE3esmUCjSOvYrvNVlV/yXnv5J -yUoJ6hJYPyB1GbcBwOpUCjnx5noUIKBv +MIIBCgKCAQEAwSLqHOwSV5I+NzoMOP5To+pe6idd8J0CjRy3Qrip7bmQ/JkNE+8T +iqokW7OMctnfc0vWxjXzK0+9KkUUXSK0jkwThjLVE1rcNlgRzpDxdTpRuGiJS5oj +N/1uYEHysXVLwPFGTowi7XTrny5XHZOrHHFobQOFuIJV4uOhAxk+Lae4bYE9O+kG +tpXynNQlYFdy2lCHFvCaRw9PslNoElq/P6BPdttn7tjFQ8kKkf+1hUQQR0eSiUr8 +eLSe+dz7tfaPk+1OYni3oEdT/qyN5tJLSaGraJnw3XO0dF3G4KiEv3E4yP+0Lkaw ++0bh5+SN/9DJfjsCsxJaU5VU+izlETdIgQIDAQABo2QwYjAdBgNVHQ4EFgQUcICQ +1PTXz/qx3lrQtE2Op0GknT0wHwYDVR0jBBgwFoAUFVSDsxwp17OgtAlN6IMLGhuZ +bkUwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB +CwUAA4IBAQAyFLdTJL3uJlIg4gsQLE7YOR8flyngDYneYhiqwM8VQzXFCGGi7VqC +o2H3SFMnZUm91qupDsa2qaQFULsRgCUm1ArvxVtedkQBlsPylRY5K2/UW/Flz/2C +0Ye8kQMTkCseNPKolwGf5TRSWg9fBNXEYHrtuEW83A0a2/cL3MjehGzblh9BF6Iz +HQvpxM1TcMCrrS96Me3UT6ENxCIzNprFjn58pDGGuOKJd+BXrqXSnXKSJULlEoWv +32/FDsUDe5uI27gu+GvSNZAOddhwXv5OwHNFBgtY/8X9jStUuzhrwLzv6U0V/6Y6 +qtrgSbev2AluiMko8NpevdP2NsOUMxyS -----END CERTIFICATE----- diff --git a/test/certificates/server.pem b/test/certificates/server.pem index 5b8a3a424d..08cd76dcfd 100644 --- a/test/certificates/server.pem +++ b/test/certificates/server.pem @@ -1,30 +1,30 @@ -----BEGIN PRIVATE KEY----- -MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCtbTLMvCR2XPs1 -J01nXbnpvcWwwBWQuWwbMZlqNvZPiAgQgjuRmzTlvB/MMgbTPb8mynE9HtnjW0Kq -HDqAXUvBstGSd67Pjd9WCTLcV+JJ7IufUp7SuaijGlVLgtDTNoJ2s4lUN5DWZyx5 -EL8uHH1fXaNurDglGC//F2shUhNlO8xpZXMaKahJZwmsU7aeA9xvrudGwkYQm8Vl -+Zrj24t4J4Oy+7TJEzVZ8lH3wZ9FkG/eiozURmL9uK8bG6DmhqztEKZFpy5LUBY/ -RL2Y1Mcxec0wHxSamRslx3dAcnCutR3A4bs8OoXIwoZoIEQDOFoge67q8sl5lyaZ -SpmsJEq/AgMBAAECggEAALAiN3W3n1CXHordX7+bcTXzhtP8Qeq6ZxE3TpiROZeM -kKQzoExBVXf9mE3KgSQJkhnTgS6SJrjB9vLNuJymJEqVUkNvShuB+1FmBkHDABAU -LbmiL6vU43DDTd1i/rOEqPvlW5Qs2uzl3EUYvRIX3Tz93P6J6nvCFPz+y88LjKdC -aCsA60Hd+cQQ9dJa2qZ5db4YkU2cwGFdMtLEsdGy7SKviOscaTWDFoy6LR+lgqRN -jGoUOSCSzfyXcsDl2Cu36jnQWj7d6tmhTPkdRMPXEvFj7+s0xmB6Z/I3kMFHBCJq -6dAJ2if07JOiPK+AgFAQiK0DndqyTV5FJD21jlmEIQKBgQDY68V7bktXS0nquPGZ -WKnBm/vyulH1PwpTFQHyPAzEUU0jjRaEKYHhTzZu0728HZi8Yw24X3BtcxSQVHeb -8Hz1JCpvVPp+G/jxa+qxwz0upBJPy8rfz7N4R0OjSxVKe/7zu+cl7gAyb0hyo3cf -3pFOGRw5LwlA6dv7U9eOrPGS5QKBgQDMq39juOEKdjIRRsPpFMhF77SefnobqBm8 -9mpZTs4LQNXG8BcUvS6S/xmyDocznFYJbBm9m2+gUCidc5edgkimHdfcTAccxXKQ -ihTimWxubXB4KhhyP9EsTC2ppcPGSO49fCosvqmCFflGp2EUkl9SMSv40UP2xk5b -/7BJ9EvY0wKBgGwMZH2q3pRIyDTGknETnNr3W3P4IsLJ99aSbDnAd4uCA65lpIWI -N02HK1Hg3m1JQL71h+wCffnGjMOnjzx5eYSR0yFJbsxKGqIGYwzQdzU4PHbKx+7b -gkWzGZnI2H4VbVTyj5xxBGAa1jdj/P4+2pnQICLLrwxKcGyrwn8q3dmRAoGAckKP -1LFC2R9RJjn2ZyoWAI0orY74RnZbIBYFGySWfMvOTMh+ajKPTLsjsjbQHez6TzpN -SH/9GmeFtRjyHJm+SxbACplbIyHLqouby0FRunhYYI1HpoigEvXYTCxhllHixuqJ -dP9gDGKODnalCOIKWw1eegMByUO+PTgKR88dhMcCgYA6LNAlqxBwO6dTPQFvGlqS -d67iKwyjbK06iyjvcNf2q4/jh8MC8au8gHDxXG+I5Gp3nMXncuG4GG5Ii/tKX3kt -/6B3b3tlFmdsAmI8xEpiHhDBDXINLRs+w7rkl5oNduHKkCWd9r9KduupJDvTo78h -9yuZwMwRFAIPx9P3YL1SeA== +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCuozfwg4XDRJs5 +zPCIEAd3iiS2z+G68X0N444O1Yb/35UslCY2ZkKWs738I/A9AI1Tm74C4l1PMHNO +OlCMcYg2w/fu3VuAa6E7QwPwjRhnoRYl2lgDX+TVKcHXOmD8bKZB+S9V7Rl6CANs +pLqeSlGBQqXORJ2nu0teou6BZUJ9qcRbsC/aHlQleOr13jx1+sfPvwK8rrBeYqH/ +pA982scfE/PU6QnB2v+9Wd/hHt7073ssIE8lsKxoJtSsfebyV5kn48e5kPKWnbLk +ONbD5QRzCs7Z8GbIrzGkXV4mRwUVK5+fCmhVE93g+99paeJpcXOrBmkCTkL9WTyg +GW0vGhDLAgMBAAECggEABaKOnjF1kiTB6COMv1cvu9O2oOTO9nvu+mZqobU8yJTW +ThHvCbeoU7neWicZYV6F249y73TjveJlAL6GStcppgVnbUsHNiWYQOlF/0UOPInI +xSqTxx1uV30kHBBuK2GgxmWGpCclDfhO4/qMwFQgPSOBZh52AoDbSw/G0mC0vIk9 +ddiGMvQHRgh/JEk1vrIqE+lEdiccPNswC2G2FyXWHia6plpZ0VAZXfQH6R4ttykF +CfHUk1gNDuGrXtwHicF4d6XXZsnuPkBQZ/GWmu51gGu5Xhr0TmXY/NPRhamsqsjn +lkrNGV25VxZX1lGM//cqL77Om7m9k5Rx9gnp+8n1QQKBgQDj09FNvc6kB8QzZ3Dn +1YMnNKpSiu5d8qW8iUGUMLIF+d+KTkHa7nLBfjEOUyCVOJh80pUFhvXwL4RtZ72A +Ln2EWZWYxN7aNzuTXQIO6zit+BgosCf2Vqgu06yZtmZARFNxTRRImRwUsPGaqnBH +drxJpQfuomNJfCJ4MY8OmC/URQKBgQDEO5rsV8OioXI7+y0qWSJO113sofwT9VSt +JCy26oN59sbgrcFPohsWISEBrYnjuPEeRf0Z3Hl52Tt49btuIqPmga2II/1Zj6ip +V9cTzwVij3XSfdb/SwcV3GBCzhQjgl6C/1ocpayQHGLaS47+hHFu6sGp2JyxhDKL +owO/twsJzwKBgQCU5crVVEfJTIoeTmysGA8vgGwQplxDamKHZe1GPM0cusIuUhcY +Tt8RNrg49HtHC0YdzkM26Y2y/FtAZZykOb4u0Z3Dymcblx2IojDGL1VL3elsLjTv ++pLQh+c2Ts9lEUK3ufiXuflwTHSa8OmQyzkjqIgWnmrljAu7IiitESmxQQKBgDEH +C1/9VX2uhJID4XbxKic0m9zhY8/AvdU8coeI9Cxmwa2k++VfhRD0WgDHUOo6bNO5 +fNEXSqps4fUIwDl2IikXQToAc+4KfINC1RO354qGeVOL6UmDf1Ow6cQHJPTyP5bP +Ib6Cjii7Tt9nfWSNxqGFubkry4p2kwJcSjV+EB31AoGAMv52cz2i3FDSHYBv+QRF +VrTEfMlV63o/zPYKRx0ZF+9b6Br8z4emeNnb6Fu7nk5glliGMsPbGT/0P2OPYl8/ +Q2Tcp/QlvAtQbeCsOvUQgi0eThxgskcNOMefAr7BFcHSZVgrGixDGrIiIViJGQMF +IyTjmZ1yDgFmUwf8ULuxegw= -----END PRIVATE KEY----- Certificate: Data: @@ -33,75 +33,75 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=New York, L=New York City, O=MongoDB, OU=Drivers, CN=Drivers Testing CA Validity - Not Before: Jun 4 19:49:32 2026 GMT - Not After : May 30 19:49:32 2046 GMT + Not Before: Jun 5 01:09:26 2026 GMT + Not After : May 31 01:09:26 2046 GMT Subject: C=US, ST=New York, O=MongoDB, OU=Drivers, CN=localhost Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:ad:6d:32:cc:bc:24:76:5c:fb:35:27:4d:67:5d: - b9:e9:bd:c5:b0:c0:15:90:b9:6c:1b:31:99:6a:36: - f6:4f:88:08:10:82:3b:91:9b:34:e5:bc:1f:cc:32: - 06:d3:3d:bf:26:ca:71:3d:1e:d9:e3:5b:42:aa:1c: - 3a:80:5d:4b:c1:b2:d1:92:77:ae:cf:8d:df:56:09: - 32:dc:57:e2:49:ec:8b:9f:52:9e:d2:b9:a8:a3:1a: - 55:4b:82:d0:d3:36:82:76:b3:89:54:37:90:d6:67: - 2c:79:10:bf:2e:1c:7d:5f:5d:a3:6e:ac:38:25:18: - 2f:ff:17:6b:21:52:13:65:3b:cc:69:65:73:1a:29: - a8:49:67:09:ac:53:b6:9e:03:dc:6f:ae:e7:46:c2: - 46:10:9b:c5:65:f9:9a:e3:db:8b:78:27:83:b2:fb: - b4:c9:13:35:59:f2:51:f7:c1:9f:45:90:6f:de:8a: - 8c:d4:46:62:fd:b8:af:1b:1b:a0:e6:86:ac:ed:10: - a6:45:a7:2e:4b:50:16:3f:44:bd:98:d4:c7:31:79: - cd:30:1f:14:9a:99:1b:25:c7:77:40:72:70:ae:b5: - 1d:c0:e1:bb:3c:3a:85:c8:c2:86:68:20:44:03:38: - 5a:20:7b:ae:ea:f2:c9:79:97:26:99:4a:99:ac:24: - 4a:bf + 00:ae:a3:37:f0:83:85:c3:44:9b:39:cc:f0:88:10: + 07:77:8a:24:b6:cf:e1:ba:f1:7d:0d:e3:8e:0e:d5: + 86:ff:df:95:2c:94:26:36:66:42:96:b3:bd:fc:23: + f0:3d:00:8d:53:9b:be:02:e2:5d:4f:30:73:4e:3a: + 50:8c:71:88:36:c3:f7:ee:dd:5b:80:6b:a1:3b:43: + 03:f0:8d:18:67:a1:16:25:da:58:03:5f:e4:d5:29: + c1:d7:3a:60:fc:6c:a6:41:f9:2f:55:ed:19:7a:08: + 03:6c:a4:ba:9e:4a:51:81:42:a5:ce:44:9d:a7:bb: + 4b:5e:a2:ee:81:65:42:7d:a9:c4:5b:b0:2f:da:1e: + 54:25:78:ea:f5:de:3c:75:fa:c7:cf:bf:02:bc:ae: + b0:5e:62:a1:ff:a4:0f:7c:da:c7:1f:13:f3:d4:e9: + 09:c1:da:ff:bd:59:df:e1:1e:de:f4:ef:7b:2c:20: + 4f:25:b0:ac:68:26:d4:ac:7d:e6:f2:57:99:27:e3: + c7:b9:90:f2:96:9d:b2:e4:38:d6:c3:e5:04:73:0a: + ce:d9:f0:66:c8:af:31:a4:5d:5e:26:47:05:15:2b: + 9f:9f:0a:68:55:13:dd:e0:fb:df:69:69:e2:69:71: + 73:ab:06:69:02:4e:42:fd:59:3c:a0:19:6d:2f:1a: + 10:cb Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 99:CA:D6:55:64:61:E3:D9:76:00:D1:9B:A1:D7:49:17:8D:5B:6E:DA + CC:CC:54:7B:F2:87:66:CD:2A:F4:75:39:36:9B:60:45:1D:3A:FE:44 X509v3 Authority Key Identifier: - CB:59:69:A6:5B:8C:7C:3A:3B:9B:DF:C9:9B:41:13:6D:2D:80:63:21 + 15:54:83:B3:1C:29:D7:B3:A0:B4:09:4D:E8:83:0B:1A:1B:99:6E:45 X509v3 Subject Alternative Name: DNS:localhost, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1 Signature Algorithm: sha256WithRSAEncryption Signature Value: - be:88:47:6a:1f:07:13:1a:5a:5e:08:1a:1f:b4:9c:2b:21:7c: - 4d:6d:c2:8b:b0:af:50:7c:87:b7:23:13:3f:1d:ff:c1:f4:52: - a6:c1:93:d6:85:ee:8d:ed:93:4f:35:c5:87:fa:8f:23:dd:11: - d0:76:32:8a:15:ef:53:ce:cc:e4:89:bc:9a:23:5d:8c:81:b7: - 10:2a:e6:c1:39:d5:f8:88:39:66:93:e3:2f:7c:55:34:d1:c9: - 6e:71:77:30:b1:32:49:35:59:f9:d8:16:c8:ad:77:33:5f:18: - c5:75:3f:e5:8a:ed:5a:d3:8b:21:5c:68:66:fd:62:c3:e7:46: - cb:b4:a6:bf:fe:f8:77:68:8b:c9:c3:a6:7a:1b:af:ee:ce:b1: - 8f:49:8e:a3:a5:c5:a9:d7:68:dc:97:54:d6:f2:f0:59:00:41: - 66:1a:c2:7d:26:da:dd:96:fd:ba:98:da:a3:88:86:17:93:4b: - 4f:b1:65:2c:20:c0:ad:46:73:b8:88:54:2f:0f:39:bc:e9:c8: - d5:3b:69:33:43:75:a3:3b:20:46:e3:fc:f2:8c:0f:11:55:ae: - 02:ef:05:9e:59:bb:ad:e8:b9:cd:f9:7b:5a:5d:93:fa:46:f6: - e0:29:c2:95:7d:30:22:fb:56:53:4a:82:c3:7b:88:49:f0:a1: - a6:ae:c1:c0 + 3a:72:ef:6a:0c:6a:f1:a6:e2:bc:11:e8:ab:71:01:3c:6f:20: + 35:fc:22:a3:6e:d2:91:6c:08:93:d2:ae:61:37:72:88:8a:73: + 80:87:ec:61:c8:25:e9:e9:df:0f:6b:fb:50:27:36:0f:a5:b0: + 71:1c:9f:c3:fe:94:5f:b2:f4:30:56:81:7a:4e:51:f9:30:cd: + de:0d:90:39:86:3f:c2:f0:cb:8d:c5:29:4a:7d:27:1d:78:5d: + e5:3e:a7:90:08:06:5a:0a:1d:50:d7:39:8d:ee:a4:58:3f:30: + 44:d4:89:dc:94:8f:66:4e:0b:7b:94:e1:06:67:ed:23:ab:22: + e8:77:18:fa:d1:6e:46:df:bd:75:de:c5:d2:b1:ac:ef:df:07: + da:b0:85:2d:47:18:fc:fb:d3:de:10:fb:e0:35:ef:d4:ef:0c: + f5:d4:d6:84:3d:22:fe:44:c9:d2:48:44:ec:24:69:52:15:9d: + 99:52:bc:e7:04:9b:15:85:7e:e0:06:12:bb:ba:96:58:78:a6: + 61:fa:33:01:7c:76:43:6c:c5:3d:11:c5:e1:9b:e8:59:d1:96: + 8c:30:21:e4:73:82:7f:44:76:fb:d2:f1:54:a7:b2:1a:28:ad: + 28:bd:f7:9a:47:ef:dc:b2:1b:26:d7:fe:0a:0d:ae:bd:38:13: + 61:43:f3:e3 -----BEGIN CERTIFICATE----- MIIDvDCCAqSgAwIBAgIBATANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER MA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNV BAoMB01vbmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMg -VGVzdGluZyBDQTAeFw0yNjA2MDQxOTQ5MzJaFw00NjA1MzAxOTQ5MzJaMFgxCzAJ +VGVzdGluZyBDQTAeFw0yNjA2MDUwMTA5MjZaFw00NjA1MzEwMTA5MjZaMFgxCzAJ BgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazEQMA4GA1UECgwHTW9uZ29EQjEQ MA4GA1UECwwHRHJpdmVyczESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG -9w0BAQEFAAOCAQ8AMIIBCgKCAQEArW0yzLwkdlz7NSdNZ1256b3FsMAVkLlsGzGZ -ajb2T4gIEII7kZs05bwfzDIG0z2/JspxPR7Z41tCqhw6gF1LwbLRkneuz43fVgky -3FfiSeyLn1Ke0rmooxpVS4LQ0zaCdrOJVDeQ1mcseRC/Lhx9X12jbqw4JRgv/xdr -IVITZTvMaWVzGimoSWcJrFO2ngPcb67nRsJGEJvFZfma49uLeCeDsvu0yRM1WfJR -98GfRZBv3oqM1EZi/bivGxug5oas7RCmRacuS1AWP0S9mNTHMXnNMB8UmpkbJcd3 -QHJwrrUdwOG7PDqFyMKGaCBEAzhaIHuu6vLJeZcmmUqZrCRKvwIDAQABo3AwbjAd -BgNVHQ4EFgQUmcrWVWRh49l2ANGboddJF41bbtowHwYDVR0jBBgwFoAUy1lppluM -fDo7m9/Jm0ETbS2AYyEwLAYDVR0RBCUwI4IJbG9jYWxob3N0hwR/AAABhxAAAAAA -AAAAAAAAAAAAAAABMA0GCSqGSIb3DQEBCwUAA4IBAQC+iEdqHwcTGlpeCBoftJwr -IXxNbcKLsK9QfIe3IxM/Hf/B9FKmwZPWhe6N7ZNPNcWH+o8j3RHQdjKKFe9Tzszk -ibyaI12MgbcQKubBOdX4iDlmk+MvfFU00clucXcwsTJJNVn52BbIrXczXxjFdT/l -iu1a04shXGhm/WLD50bLtKa//vh3aIvJw6Z6G6/uzrGPSY6jpcWp12jcl1TW8vBZ -AEFmGsJ9Jtrdlv26mNqjiIYXk0tPsWUsIMCtRnO4iFQvDzm86cjVO2kzQ3WjOyBG -4/zyjA8RVa4C7wWeWbut6LnN+XtaXZP6RvbgKcKVfTAi+1ZTSoLDe4hJ8KGmrsHA +9w0BAQEFAAOCAQ8AMIIBCgKCAQEArqM38IOFw0SbOczwiBAHd4okts/huvF9DeOO +DtWG/9+VLJQmNmZClrO9/CPwPQCNU5u+AuJdTzBzTjpQjHGINsP37t1bgGuhO0MD +8I0YZ6EWJdpYA1/k1SnB1zpg/GymQfkvVe0ZeggDbKS6nkpRgUKlzkSdp7tLXqLu +gWVCfanEW7Av2h5UJXjq9d48dfrHz78CvK6wXmKh/6QPfNrHHxPz1OkJwdr/vVnf +4R7e9O97LCBPJbCsaCbUrH3m8leZJ+PHuZDylp2y5DjWw+UEcwrO2fBmyK8xpF1e +JkcFFSufnwpoVRPd4PvfaWniaXFzqwZpAk5C/Vk8oBltLxoQywIDAQABo3AwbjAd +BgNVHQ4EFgQUzMxUe/KHZs0q9HU5NptgRR06/kQwHwYDVR0jBBgwFoAUFVSDsxwp +17OgtAlN6IMLGhuZbkUwLAYDVR0RBCUwI4IJbG9jYWxob3N0hwR/AAABhxAAAAAA +AAAAAAAAAAAAAAABMA0GCSqGSIb3DQEBCwUAA4IBAQA6cu9qDGrxpuK8EeircQE8 +byA1/CKjbtKRbAiT0q5hN3KIinOAh+xhyCXp6d8Pa/tQJzYPpbBxHJ/D/pRfsvQw +VoF6TlH5MM3eDZA5hj/C8MuNxSlKfScdeF3lPqeQCAZaCh1Q1zmN7qRYPzBE1Inc +lI9mTgt7lOEGZ+0jqyLodxj60W5G37113sXSsazv3wfasIUtRxj8+9PeEPvgNe/U +7wz11NaEPSL+RMnSSETsJGlSFZ2ZUrznBJsVhX7gBhK7upZYeKZh+jMBfHZDbMU9 +EcXhm+hZ0ZaMMCHkc4J/RHb70vFUp7IaKK0ovfeaR+/cshsm1/4KDa69OBNhQ/Pj -----END CERTIFICATE----- diff --git a/test/certificates/trusted-ca.pem b/test/certificates/trusted-ca.pem index 26504fb0a5..a7506ba3c7 100644 --- a/test/certificates/trusted-ca.pem +++ b/test/certificates/trusted-ca.pem @@ -1,22 +1,23 @@ -----BEGIN CERTIFICATE----- -MIIDuDCCAqCgAwIBAgIUXyhWrw0JtVLpIVRkT9Mo+GDBODEwDQYJKoZIhvcNAQEL +MIIDyDCCArCgAwIBAgIUUcgTcnV0MsAUzdlCtBW/GPxim3IwDQYJKoZIhvcNAQEL BQAwfDELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMQ8wDQYDVQQLDAZLZXJuZWwx -HzAdBgNVBAMMFlRydXN0ZWQgS2VybmVsIFRlc3QgQ0EwHhcNMjYwNjA0MTk0OTMy -WhcNNDYwNTMwMTk0OTMyWjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlv +HzAdBgNVBAMMFlRydXN0ZWQgS2VybmVsIFRlc3QgQ0EwHhcNMjYwNjA1MDEwOTI2 +WhcNNDYwNTMxMDEwOTI2WjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlv cmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxDzAN BgNVBAsMBktlcm5lbDEfMB0GA1UEAwwWVHJ1c3RlZCBLZXJuZWwgVGVzdCBDQTCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALuE20ZJaaGRLzvMaurcKaP3 -AfNEp4n/AY+YjJY4znnXsgmVNDAPA3scOrjeSxjpC/Hw2HoBf4B57Rhy9HE/9alB -RIR7kTG+y/RA5EI6gy7cG1TddP88J0eLkvikVkQhhf8s5mD2n7p7CYtYorCif+57 -yOJVv7dI0Dn0RQ592IFGPDaCIp7XNcrSjBmIahBLOKNHNUkBQ6q69EuWnFfzF9z8 -Rhhn5k+mF8DWcEOxagizWSMIDVuu590OT60GTq7qisK1X3gSb9d3ndZ9OZLNaD8R -gBnkLbpALZl/iRmFTgyfhHqNVufo+gjZhWPscqMgyW8HGDqxr6ZKjCbRHrF885cC -AwEAAaMyMDAwHQYDVR0OBBYEFCszYGV2OdFVVbUnc9BWShN6WtmgMA8GA1UdEwEB -/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAC8jiq+HfRS0fD8nPbzVTv8agIDi -fDFFWPGW3EVjQT/BCaOM2FyfLcpdP0JMsl9B55xlqc4TtOuJkQ4IR93LFcQ+jG+4 -XlnJH3bqMuEgmNfIye2vHFDTDGHflQxDPJ42uwQIYKIE0zPdqEKvobbQ+mIRM5FQ -z7J8QqIqCb9UaaMFxUzDK0m6WQ+OREuf/bIcZhXL/kUmP/eVhHMy8P+NMqWe6UHj -tCDOuzLi+9jch0EaBHwPiOdzvrQc6EcuPT5kzcdN5mwPXCJG+HkYDe5FnRHhJKm1 -wffFeAe6Givp89hMfBpZMO/4gYzaXWrN1b0QjNJmhjqJ5AFp4bM4YqKF73k= +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJX2Nj0SfMSPuUiViJP0dcw7 +egMyp6VYyY2TCE8HHNqIem163Hy3i49MHKEqr9b5OVIz0RWaU8SdkJ2WwfaOb4G/ +Xu2o7AsDRZVHJwh8BhWu5dco5Fd8DZiUnbiWwdnlmbF/vFB//zGMWGYpGkUOIKuD +dbVdhXTvBrGXY3fDOYa8kjxqhUTJFqhLVESTzfxaiBww0ZMlDpMwgjU9CZJ5C9Sw +wGeRavjIJdiz6ABG1vdSpZ/8E5bL/WYgImonq1vfT3fWjnq8GlaSAW7YrkJ2ANn4 +/BIgkEZbjv+UiadLzUKUT+QT2Uff7bDD+Eh3Bh/j17p5ey8e3M+hkjFbwpoGA4MC +AwEAAaNCMEAwHQYDVR0OBBYEFMnVB5JRAbHlPRh7a6CguKrHtr8kMA8GA1UdEwEB +/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQCAcHZ0 +bfasq8TuSakrHbXd6VN2orX2BUodlAM2Hs/hUtCim8M8dK5iSr/tfW80mfq+bssw +ay+yKJzFlB3PzzLo5b6XBapbjPWiD2lWT5WoIlS/9CAO4BN3edhLAgRRMFgPXyZN +JKkNqg5H0yoLy0z+f0vxx7IIe0GytiwT7T0JLoVGQpjCIkjjm0XSCBPdjTQOow1L +NSE0dfQ9LbsuiAA6t83cl6PUMJHrBpKmzdLYoN6nM/VxAhQSVqy5MfnXgA3BWzra +vXoHA5p2rL1QZ3wQRB3B7kAFxqnrwJJdUTwRjm5RmGMUNjj2hFwAJlfwBQlYoxt1 +6rE4DkIhabfv7Zu1 -----END CERTIFICATE----- diff --git a/test/certificates/wrong-host.pem b/test/certificates/wrong-host.pem index 7fc84d88a7..8f6ed82d07 100644 --- a/test/certificates/wrong-host.pem +++ b/test/certificates/wrong-host.pem @@ -1,51 +1,51 @@ -----BEGIN PRIVATE KEY----- -MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC4SiuBOhAIB2OX -z1dPaQ3vY6r86AAKrJbajbJcDQ0ST5+GRfpIKrABbqrlUu+hjPIKtQWrBtBcAsWG -CRYhWq335mo3ygiHefdlTxjWnAn14qU0liyK+u3j51/7nLTjgY93nYylS5rjz2jP -/HdqMKdz1fYQEbmRD7e6+6DrOzQvZZuCgqbveULJmThiTJ/qhUP58BNywPSsCXoZ -KW8LZZhu1VK6MbtACXSF6TNfORYHHs9YrXb6UFY3ENx7kSF4CXdFOeS4JzHn7G4k -Ws7Tv2T6KFqNwVD7NU6cWHsGz37IpbXDg3w3OKxP84+qrlMNkqRvDLZerzSuz++u -8RCCTmedAgMBAAECggEAEBFXbbL0Rt7uDgRj5maQcnjMJbTMnCGkHXYRQPlaVGhg -zkI3qicepWFSwR/UCM/TIp/Z2KmFbSBIvID6TvorBNwwEqEo0TcPHOQilEOSkr+q -C8W0KIHsT9ySf8uP8e4P5iv0YU0QOiCRUOEAQF/xmaXkCE6jUUR/jmv2Acxtplwd -afIGu543/a84ca+3MJVf/O/l8T0Ri5YUl2PwdL3DfrSrf4njuRuAQZtNNGgKC3mu -Fszx+L/SAEtDK0fwGdOkbiTCyX1zwz4YnXYUG2WpOnyEpJa3u/usuK09u3fm3/fL -M3JSwdWbNKFSg0X+BP9XtJ94HefCECLycJ0d+ZJEAQKBgQD0PP+/jvvc02Kmi/pH -5KjRO8kDxSnrz/fHuMqqUv3CYEqf8+EkmLG4rX1b4HtR98VBCGGWGxG1aUgu50Lz -li7q2gGVb7c/zufd5zwJcbCPc52ZPo3VFcKd/6KVi3Fqv4YGRaFs6/r8JP65tQW9 -m3TNFslRPKcGd3dpzI9y5Q/OHQKBgQDBKh4RgceyquQgtzjEblCMzb+1N1s7ucRz -I68mibY6wE9IC+AUDidgOFFfQkrIeOqOM9hu6KmVD3859xbrw8ITMY0IqdOejiMf -+/JYt18uaBZ8zU2iTiHsuJRGwrWEUN3z+8x0uBgY56PIOTKbOciveOqQWa6T1RgS -UG96XmvHgQKBgHV8JjXaLNNTp5+fs9wDZSWI0bALlpfFaVZcULjPxRtMQHli0glN -nifM5IFeoVOTkQIwaujOypzuMPfG7NDJjHYSOjLNE2QRPj3i7mFIm/rVTZkamxVG -K2DfSDERa5RC3tCDjBweA5Roo1NnfYRwlCXXcS2vtFSLARkWemZ1Qz4NAoGACLZp -nMiJxVlH6OHawaFoKLGvD/FrQApk/fyCDe7wNT4vVUST2tO4mvJvWSiYTuqFSdy0 -ymvcGkkUp/ypIAE4Y708a0Ods+0dUHgAulerB2DSgtaPxd5YUWER7w8hONKc8EBP -PISBMb5g+Mr7qVy13JRLoC8rXKej6k+Od6qCmgECgYAZbJiGLpFFYMr0m3mxE/9e -lKUBYB94hrFqRy/+du/DNDJd4IxN75tnzXbfCKXK5Fp53dSG6ko2rb5/6cafxRB7 -uqa7z96VxzA9FPIGOV2sHu/3KMMmeIUor8Svy3MI+hTuNAbJMjVzm2J9OEBBsOT0 -S5pn4mtICgedhH0fkpCjEw== +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCqOy2pgCy55SlP +jOefFgo814NQiTZUzjslthOd7uobrQYCoLC5N2QwB1I6JlsJuDigo2vWnTB8nTwj +taf1hnAumv1oBvYV25s6nmP6OoOz3rqK0ZqTmXMd7ZlCWi0KmwglfJCsLsFFpGgN +gi1W9eUzVIaJ3BabG02nxRTcsV5oxAIzYdayxqZ/czzAvhfD0bKlfnDkfysWFEP+ +bgHSqNbZtYD4/acHKj5zy5Dyvkf+4rEWJrasqjJW69Q/fRj4eaYpXIz2Jh8Btd6H +8sLsucM5qIKcEwLw7nASLJsKAV+TO0jUbPDEGR2rUxKHoagT6c1pOexa+MsFaAWm +UrHOIFgtAgMBAAECggEABU5WaEXfPwUaUkkzUAVdGNPj2y8Hs0GBXPXNqzrO78Fn +Ik5Va9SC6i9UPA1FgapNE468dgJMyFmTTg6jt1azKPS6SNOMuJYxgrR8q8hGoiTj +Xh/V6FtcV/a3s/aBGGdIK/jzvnYvnobXGnKwDJmaBQ1RqzrhtoB1nXDaa12Y8n16 +dIgqgFK7wIu2c4FRDd0xr3Kq7+Gs3U6z65xyEtRW3ITghaaWsBDXDvHxBOcRm7SM +d8hXPto5sk0V94yJqxY0Xq7rXkDiqeVg+q/5lq/aSdWCNU8mz/+Xmrvvc7uUaHGF +xtTNM5cpVQiyhU3PYAoNa6U1NxHlhNW2yKN8hOTPGQKBgQDqxu23FcX3U9mISWZb +HlG9bzXOxexJAPWuDcIJdA/fI290kFQW2rE/b1jFoUsZL6esFJprinihjE9rdhd8 +vIgiPb2T5eg2h4J/KtXqtySLM00ySu1l6JvSWpZ7hxBDkMon+P160815H0Mko5+V +v9Ndfs2eo0n2LsPMFgv0pRkiyQKBgQC5npEhlqUAmBoIx7PnO6qPlwzWj2lW8l2g +BT3CIjQfbN4++PS2qMmv/3eHkfq3aBpSAXpeeLNEV5flPsJ6OaQSfMT4Wj5bbKEb +Xl8i4WfbC10YIhs6Ur6BOnK6Uyi8ArOFYhVRu/2z3937XM7C7Mz4/g0TsLavJoEu +xelKyc44RQKBgGYOzb1d6K3INHLrPWR0vKG1m1Vkcn+VvDbKYkQLwO6GD+hC6Vr5 +/D0QIS3gHK45KhFC75G6IxBO1yNmtXUS27bO0f9d3OD/bTnsnAspS+h7B57KNYKs +aDg8Ctht8SL96PMRaNchBVwWu/BMdI37Ul19RtMkNn2e/JxWJSJXNqMJAoGAdOfF +iF4UtfcWDomYaP5PQfhkgY35TmV/ShWC/A4GvfQXVZn+pjxQKqS/Z4ctXO4YBaYg +p/dlEJoKdLu+SLSc/XfPpotP0szr+wzI5nMIshDKJTT16RnMGh/xuiA9+4vH/S31 +N3ErLGrGqFWfc20o+3kmS0x1AoNBwW+sqwnG8/ECgYEAzq4Qrm69OmU9zbC0phon +LF03QSPkTInuLvcKAgKeD+kZQ6ZpZCwRnYgRe2XTFcLEwrrZAaem+eNR4tBeE2b9 +duL76gyoukctgb6bZM8TNDJlHg6MoT0RXUjEezMLhYNumrXDO6TCA7ak6gV5AHHw +zs/hznKbNvFW7xLQDPW/1f0= -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID5zCCAs+gAwIBAgIUCbg8cGKRX0dJSw6VBWVTBPoft54wDQYJKoZIhvcNAQEL +MIID5zCCAs+gAwIBAgIUJMLeJCsPMuRPkCXuMs52RwfFbAEwDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA0MTk0OTMyWhcN -NDYwNTMwMTk0OTMyWjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA1MDEwOTI2WhcN +NDYwNTMxMDEwOTI2WjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV BAsMB0RyaXZlcnMxHjAcBgNVBAMMFXdyb25naG9zdC5leGFtcGxlLmNvbTCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALhKK4E6EAgHY5fPV09pDe9jqvzo -AAqsltqNslwNDRJPn4ZF+kgqsAFuquVS76GM8gq1BasG0FwCxYYJFiFarffmajfK -CId592VPGNacCfXipTSWLIr67ePnX/uctOOBj3edjKVLmuPPaM/8d2owp3PV9hAR -uZEPt7r7oOs7NC9lm4KCpu95QsmZOGJMn+qFQ/nwE3LA9KwJehkpbwtlmG7VUrox -u0AJdIXpM185Fgcez1itdvpQVjcQ3HuRIXgJd0U55LgnMefsbiRaztO/ZPooWo3B -UPs1TpxYewbPfsiltcODfDc4rE/zj6quUw2SpG8Mtl6vNK7P767xEIJOZ50CAwEA -AaNkMGIwHQYDVR0OBBYEFN4vEIPI1Z1GFl1EdUv89wb116ybMB8GA1UdIwQYMBaA -FMtZaaZbjHw6O5vfyZtBE20tgGMhMCAGA1UdEQQZMBeCFXdyb25naG9zdC5leGFt -cGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAvMUw0MehwLo7xC8gc1qmhpSQ6Cm1 -KPc6oA1OivbP3FeDNjODoy7E5IFkw976lP24Q3v/O6F3TURZw+Q3LrqtL7MmwtrE -nOppNeS8mYfKy07k0DJcEak+zBczUSCjtVsmN5Azv9L8CLvMe2apYT5JTaMt2wJZ -gbfPQEy1dtsi3ZMPoyQ+4aNiGz5koWb162BZSaeszeshfgU7afrjg0ugPe+X9HRq -dKYHdEHtuwZb9wln7bwckp8B4ciNGOUMuHOlZWUdDAP9ffoV7GF0Y7c3MZC7KgVr -YUq3mLsGaIjjBG4Poz6/tIjhFWl4vNe5RjX9I/+qgY1+Zz2u0vFeNzAAlw== +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKo7LamALLnlKU+M558WCjzXg1CJ +NlTOOyW2E53u6hutBgKgsLk3ZDAHUjomWwm4OKCja9adMHydPCO1p/WGcC6a/WgG +9hXbmzqeY/o6g7PeuorRmpOZcx3tmUJaLQqbCCV8kKwuwUWkaA2CLVb15TNUhonc +FpsbTafFFNyxXmjEAjNh1rLGpn9zPMC+F8PRsqV+cOR/KxYUQ/5uAdKo1tm1gPj9 +pwcqPnPLkPK+R/7isRYmtqyqMlbr1D99GPh5pilcjPYmHwG13ofywuy5wzmogpwT +AvDucBIsmwoBX5M7SNRs8MQZHatTEoehqBPpzWk57Fr4ywVoBaZSsc4gWC0CAwEA +AaNkMGIwHQYDVR0OBBYEFH3RUzpBaqpydyCy2TtnS7kTvBT+MB8GA1UdIwQYMBaA +FBVUg7McKdezoLQJTeiDCxobmW5FMCAGA1UdEQQZMBeCFXdyb25naG9zdC5leGFt +cGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEADEIdgN8segXnSrWnZiWS0dd8qKUx +k8+LQjjhjds9CPh1sq20BPqSmiL2kG+fpzyKqgpcv9BbZB3fpBCfdjfcT+Fd3ceA +HNOvkGdm87mxhvCQrmqkKEPjCDBFgTE8o1UxNTCHEBZ5z496NQ+GrbNzvZRC+QWd +CEI3VtRY0k7tDOmZWZLaPU+E6IPAvMbP2Uaca0Oo1lqPFab5hQkvwjZQa316WcE6 +ZA3PU612Z1xTX2H+mR/uCmUJTJNttTZcLFGjc3XM8aZSuOvBVdwoy1YYeB7pUBL6 +NmYtemygaPiBrIfSC8CrWFL7mtyaZJ7UukniGG5PH9WWm5YRM1lzlZNezQ== -----END CERTIFICATE----- From f3ea73d7e6cfd42327cb4e4949c4dbe605a5b6fc Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Thu, 4 Jun 2026 20:44:00 -0500 Subject: [PATCH 10/28] PYTHON-5040 Remove cRLSign from CA keyUsage to fix macOS CERT_SUSPENDED macOS Secure Transport treats cRLSign in the CA keyUsage as a signal that CRLs exist for this CA and performs CRL revocation checking. Since our server cert IS revoked in crl.pem (required for test_tlsCRLFile_ support), macOS marks it as CSSMERR_TP_CERT_SUSPENDED and the mongod SSL replica set fails to initialise. Python 3.13 only requires that keyUsage is present on CA certs, not specifically cRLSign. Using keyUsage=critical,keyCertSign satisfies Python 3.13 without triggering macOS CRL enforcement. --- test/certificates/ca.pem | 34 ++--- test/certificates/client.pem | 86 ++++++------- test/certificates/crl.pem | 16 +-- test/certificates/expired.pem | 82 ++++++------ test/certificates/gen-certs.sh | 4 +- test/certificates/password_protected.pem | 90 ++++++------- test/certificates/server.pem | 156 +++++++++++------------ test/certificates/trusted-ca.pem | 34 ++--- test/certificates/wrong-host.pem | 86 ++++++------- 9 files changed, 294 insertions(+), 294 deletions(-) diff --git a/test/certificates/ca.pem b/test/certificates/ca.pem index 7037fe33ea..7e79d7087e 100644 --- a/test/certificates/ca.pem +++ b/test/certificates/ca.pem @@ -1,23 +1,23 @@ -----BEGIN CERTIFICATE----- -MIIDwjCCAqqgAwIBAgIUCIworzyq+MZP6PgMwJUvbXynSh4wDQYJKoZIhvcNAQEL +MIIDwjCCAqqgAwIBAgIUG4yLbLc0MS98Rr9VPU52i4oeEcMwDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA1MDEwOTI2WhcN -NDYwNTMxMDEwOTI2WjB5MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA1MDE0MzE4WhcN +NDYwNTMxMDE0MzE4WjB5MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV BAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMgVGVzdGluZyBDQTCCASIwDQYJ -KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMsrDsoEdGpjI2a0tZeg477dzEn2jJR7 -+ejm3NjhAndXi9SA59NhY/5xeKCP78YY5lEf6GXxf7H31AOryq2d3/E2cj6fNMvO -e9eVWPN1X7l902qkuopTd35XgpnD8728+m7qpyVDCtL5hlsdhf2g6ucMri5r2cAp -VWlQ5AsZUKtd/kNHZcR0pD7mwsau9rlOkuHvO8yojQ1ImNT5I8EH+Z71nsjNyybK -6rR3M6KOB9m6vxQD0i18vTONNBLMYuFRmzZuk4s5uUNTlN7o4CBejM+tVABrVTc1 -DumqwMu6gOTg6xjbdWSe/l/YuZYTC/qYYyf2RjLHHm/T/GKXUU80DocCAwEAAaNC -MEAwHQYDVR0OBBYEFBVUg7McKdezoLQJTeiDCxobmW5FMA8GA1UdEwEB/wQFMAMB -Af8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQBF9sb1RAXqYlbx -qZy4elELn1l+yIZTbO1+VDmg1gZflMtkge/wpBNk6yVXXog6XsZ8bdigNtDyPsC/ -30cy+M78AITUiGMnrQU9vfjAfNVRHOBXcQdh2rdDYI0B1ypVpzbyX6qZhg0SiM1S -xYNKSFYZ+4RghyPpP+cMqt43lnpBXUPU+/Y03Kk81e3bj03zy13YDHJAYEipU2i4 -INlZKQ0OcRJC3dWON8QsYiV0fbPKFwaaLvBceNf3JqquHufe3/UPhuN5WcMErOoV -Ys+1hKorovgnrXqm0Aon6lwJrf39C7t0+B+MoD2St8S64QT3dM31cG/7O1IXKQWy -TY31cOt+ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMUpxRwvIP/vSWHitv/vN/T2k3zZO3+I +7j6fxLyQ3kqT9c3VZOCOV3yf9ESfEJpoKiOrUsWE7U/dBDT2gcBsYFuaRc9kzOzV +1XDIdfAhNMeSb9OHxW5gKN+bIiMOlEwzGsfty1hhmpAkZycfTkCvbQ/uyEtRApfC +QnvFYtn/gZ/1jXOa94Zz9uxDVwzBsCQlHf1WpD6h/Uk+QJWTj11osm6nGCFDkugd +BHF7iqcb05IFchM2u3MJQ9GcqHf+HIn/JuPbPP5/Y9kuFomHsabvqIq3Nj3iLUWx +emprLjwpchELbB4VfgOTX9dShQKPQaDZsZI/tsMtRe77AEMubDCsbeMCAwEAAaNC +MEAwHQYDVR0OBBYEFAedCCKz7kaIvK9mkpHLdhyfGtFyMA8GA1UdEwEB/wQFMAMB +Af8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4IBAQCjoRcYDpno/ja9 +jnRtJYBpqnKPv9L2cjChqMxQzfOqmD3aGW3mvn9tyqZ4gDpGrFuwojL7R2syALwX +OtII89+elyMuod/POley5nFBfko6UN6Ot3Anbk3d8YC7BeSJYlpOYJOjb5Cqk2ld +O8sUm2YxT64LdRQZbf0y068UgJiEhBUdY2gYrfj8DAjn+8TMOwXmXqJIzIdl+yX6 +jz8VL5RX++i79HE/PfqKR7uAgA19/KWcUUpT5dEJcFAH5uV+zP39ihlRCAYbEa/d +lI/p/Q4KfpdGSsNvrBK+0abYkH7JLsO6fXDhag8+es45LQPT6yCucXznq5tvl+QT +Z4yZLc0w -----END CERTIFICATE----- diff --git a/test/certificates/client.pem b/test/certificates/client.pem index 4f74ebd0a9..33e03ae915 100644 --- a/test/certificates/client.pem +++ b/test/certificates/client.pem @@ -1,51 +1,51 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDBIuoc7BJXkj43 -Ogw4/lOj6l7qJ13wnQKNHLdCuKntuZD8mQ0T7xOKqiRbs4xy2d9zS9bGNfMrT70q -RRRdIrSOTBOGMtUTWtw2WBHOkPF1OlG4aIlLmiM3/W5gQfKxdUvA8UZOjCLtdOuf -Llcdk6sccWhtA4W4glXi46EDGT4tp7htgT076Qa2lfKc1CVgV3LaUIcW8JpHD0+y -U2gSWr8/oE9222fu2MVDyQqR/7WFRBBHR5KJSvx4tJ753Pu19o+T7U5ieLegR1P+ -rI3m0ktJoatomfDdc7R0XcbgqIS/cTjI/7QuRrD7RuHn5I3/0Ml+OwKzElpTlVT6 -LOURN0iBAgMBAAECggEACF3p+LoI4uKO369b9XGeH7sg5MGzFgAFSuXwMfukP+xS -scCzInaQWQjdJZxaBKU34wupaKGQcONF0YGX29+LpSD6VQ1ZcfrVEKUg01sv3Klb -vjKIJR5usWehGxosSIAJebiyGCfFwRX4OaeFJl698k/e618UUU2TKS69jE/xA8L9 -n4lzDyepPf2hA99KG0Es3Ie+lSl9M76Ssg9XY5+7n7W+VBVr5MebDtOEu26XYIIc -FJ0jxVId+xPGvhDcfKvFCcJrtIji38FZBdHbIIrjioFL631iqrRwQTRMUkMY8d44 -POSavdt17zgA3OkBwg7IHa4j6lMRg+D4YYgrmgTGuQKBgQDu4Q0R139ou+n6ZsWt -XeiX5ngCg7+Snq3X+1zNGsUW43DbgLwnMApsoyV0WWccfApMtQCXTgPX68VIg8RF -SbFA/L4S9cM11Ev+GfMXwu/JDnHmOjBj9stFnQMlGxuhvXF6YlK+Ptrt4HOTkrGQ -01eb8NtVqUAZe+3YTW212wikaQKBgQDO+pOygwQnIm+8hPjAV+MyN5v1nvxiOOs0 -o8mx1tqJEMKPQ6fk7JycPNDBilDojkgr8afjpQ5JbFl+Zc/OdhNyiuzfB0LU/5g3 -ExIf5Eq8cdIl7dARu9onQcsXqWcK18kGPnmB4WGo07XkcuYgqRgVoI554dJboJLk -1KRNWEEgWQKBgCOj7EFHN7k2oDg98SxmoHdZaXpmkcScbC+XT0dCwTkjAgmd8XSf -VE7VIJd1Z072qsq7DrWEbEpg4PRqxHPaBNo/W1SU2mVDoXruADkBWqlSwGerMuEX -R0jBnmCA5OSC0VWDKfk8g4mOPXA9KMUE40Ne8jqbn/ataNUm6EGDxoxRAoGBAKDF -bthogF9NlnFe8EGngujM3S3q8qvw/nIDD3Y+J73z8MyLhuyBBh0t+BF9uN8LNfA8 -Y2amHPTXXqSZvNLoUK7WTqvm3fjJGJkfDSMMlyjNWKjxkn9T5V488t5MTafUeWeK -O6OxR8R1voHW5f5UmkqiTklKKbXWgoOQ0JbriJrxAoGALor5MAuJbfaC/ZcW4FVU -gHZJ5I7pvP7+DI/D5Rq3XWhRLTgMERUAzpKQt2fd23g8LDjeTc8TLnrkLC9PpZ10 -fHZQ/a4QolZ9Pq5T9h9HjiCesyLowbfITwfShbTQWR92rvVVh/elSWehy5ANsc87 -pIpaN+cWsG9/np9Z9kWwoBU= +MIIEugIBADANBgkqhkiG9w0BAQEFAASCBKQwggSgAgEAAoIBAQC4AKy3yN1ylUiC +rP8wqfYzO7c+l+lL9V8Itz05uzHDOnxFVVeVs0Xfvzb7Sc/xepnBlCIRDP5ucmyi +CQw2paK+Sqdk4dteBj5pBXpx5KC8oi6vIrU16gB46f1fpTVMpU6AxMbMOy0i8mtJ +SAH+YgBcyGjpix2I2PQUNSp2tAt9DJlxzmRcclJkkkyHZPMZPkCH0R3Fw6MIGwgm +h14eQhqxvUxcnXDKVt0y0e6uVU6dF7bqyAivzxIU3qFmxxWCsFSANppU0P6TBkIx +ysUgdV/rYkBVxIEi+NZomeGjR3/iKVkpo6yerQoaROWIWnJLLY5BzJc9oG5xnoAg +1qJM1EDRAgMBAAECgf9JSFDXDDN7jzkcfQn7DQtLxwdpm9cECZWamGAqE1lJB+IL +5bwcQxTGfWwdvigIuhYX+DIZLbOntAAlXgp0jpi3xm56H080WLLtNjauEFXJdaO3 +h3s5yG39D4l6A7JWnv/FCUSj0m2ySBpdSpsrVUdlAexxbJaMCjGBBYEEBcZi5r95 +e8K/F78rZXuHJbHfOx+xhKwyIalM8wyp63v6KLBscDy+DaAunOJij8NCpEwENohU +R15jAr60liAOnqJpvUctjjiUdjztbh3v9pQaOrsQ1wgGUL86P7rWV6TgXDe/LWel +6MNLJ/N6Mwmy86Qjoz4mlnaY4LYBUWdAzqd/zKkCgYEA3KvY7Kd4tTs/iElMGk0v +k+l4rONn/GjabyOkkZlc7TulM+7DDKvd/V+ms8c2E1TpW6c2Fn7gaBuC+Wfw23T/ +kXF3T0jFNLI4zOHjE33yT9fqg+0m1iAPVgn4e0eQ+xeB0fr3ILl7hbQY9n3fAM6y +DjfrWDhbDr4x4gBy6C4J70kCgYEA1XX5D8Roa9sGA4RjZz0FlUT1fq3pxEt9O+5a +bId3BAjd1nv6vD6Dln5AGLizv/VnQA/W6lj9ZfPsPrQMQHUpHaeyrcewmbfJ5PVQ +YGQea7ZjuCU1T0IcjrHvLYZIHqAGPrOxDzRiLYuPmKwkl9yokqs1LWYgt1nMd93z +mYwF3UkCgYBhXESqLT2ZoFlolQZJuHJcbS78AJ1ZhR2S2YP7ZVHVrXI3FoniJlYc +Oz5+pU8bemQ3NvArPrFd3X2M8qoW+Wjkz84XIgE4PcXHx4X7jJ8DUT08Fb8DzENX +77A9HBdAYV+6uGKegpeYJxy4bFKetZNjqJJiawLp30p87zvDasShWQKBgA7+5qxQ +4/UPwfBlUIZkJwxBd+2aUh3UH8wiBoAxVA8YgF0dAJRQ3/WmkOIrt5T4rHQ3qKV1 +8vdCl4ogI+wzTtwid871hFaILsrC4Q6kee6fNYouMvyKbG8p2N+d21srasTk4r9q +sqr4bvIOxdNVURJcrLOvxQScblzNXtuelprhAoGAf51AFgJR+K13Y329T3Lex5ee +qvjMMuJIKMTddj0In7TeL5MqUBtMNjvmXQ/mJ2kAyAl7yod6xjAqmTSNc3Nju6qB +/9n2u8NBH9CRdxq7m6mJIbfvAMlqPw32B5jG/dP65eFacsjamTNjWcDy0coZOcQ3 +OfeAwH0y5PwSCsVtmLs= -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID1DCCArygAwIBAgIUJMLeJCsPMuRPkCXuMs52RwfFbAAwDQYJKoZIhvcNAQEL +MIID1DCCArygAwIBAgIUAYDeF//Jvzjf1eM+TBMe+oo6hhswDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA1MDEwOTI2WhcN -NDYwNTMxMDEwOTI2WjBpMQ8wDQYDVQQDDAZjbGllbnQxEDAOBgNVBAsMB0RyaXZl +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA1MDE0MzE4WhcN +NDYwNTMxMDE0MzE4WjBpMQ8wDQYDVQQDDAZjbGllbnQxEDAOBgNVBAsMB0RyaXZl cnMxDDAKBgNVBAoMA01EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UE CAwITmV3IFlvcmsxCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEAwSLqHOwSV5I+NzoMOP5To+pe6idd8J0CjRy3Qrip7bmQ/JkNE+8T -iqokW7OMctnfc0vWxjXzK0+9KkUUXSK0jkwThjLVE1rcNlgRzpDxdTpRuGiJS5oj -N/1uYEHysXVLwPFGTowi7XTrny5XHZOrHHFobQOFuIJV4uOhAxk+Lae4bYE9O+kG -tpXynNQlYFdy2lCHFvCaRw9PslNoElq/P6BPdttn7tjFQ8kKkf+1hUQQR0eSiUr8 -eLSe+dz7tfaPk+1OYni3oEdT/qyN5tJLSaGraJnw3XO0dF3G4KiEv3E4yP+0Lkaw -+0bh5+SN/9DJfjsCsxJaU5VU+izlETdIgQIDAQABo2QwYjAdBgNVHQ4EFgQUcICQ -1PTXz/qx3lrQtE2Op0GknT0wHwYDVR0jBBgwFoAUFVSDsxwp17OgtAlN6IMLGhuZ -bkUwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB -CwUAA4IBAQAyFLdTJL3uJlIg4gsQLE7YOR8flyngDYneYhiqwM8VQzXFCGGi7VqC -o2H3SFMnZUm91qupDsa2qaQFULsRgCUm1ArvxVtedkQBlsPylRY5K2/UW/Flz/2C -0Ye8kQMTkCseNPKolwGf5TRSWg9fBNXEYHrtuEW83A0a2/cL3MjehGzblh9BF6Iz -HQvpxM1TcMCrrS96Me3UT6ENxCIzNprFjn58pDGGuOKJd+BXrqXSnXKSJULlEoWv -32/FDsUDe5uI27gu+GvSNZAOddhwXv5OwHNFBgtY/8X9jStUuzhrwLzv6U0V/6Y6 -qtrgSbev2AluiMko8NpevdP2NsOUMxyS +MIIBCgKCAQEAuACst8jdcpVIgqz/MKn2Mzu3PpfpS/VfCLc9Obsxwzp8RVVXlbNF +3782+0nP8XqZwZQiEQz+bnJsogkMNqWivkqnZOHbXgY+aQV6ceSgvKIuryK1NeoA +eOn9X6U1TKVOgMTGzDstIvJrSUgB/mIAXMho6YsdiNj0FDUqdrQLfQyZcc5kXHJS +ZJJMh2TzGT5Ah9EdxcOjCBsIJodeHkIasb1MXJ1wylbdMtHurlVOnRe26sgIr88S +FN6hZscVgrBUgDaaVND+kwZCMcrFIHVf62JAVcSBIvjWaJnho0d/4ilZKaOsnq0K +GkTliFpySy2OQcyXPaBucZ6AINaiTNRA0QIDAQABo2QwYjAdBgNVHQ4EFgQUPQii +N1XUM2emxoJgNj8ry0yxRh4wHwYDVR0jBBgwFoAUB50IIrPuRoi8r2aSkct2HJ8a +0XIwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB +CwUAA4IBAQBIcLppLz1x+xEqvIWuopnRNqejMOxBqoHgoJs4p8EAmgi0HYZZq3NA +EnIMWE6AUIDbeI1bM64oKY17dQrNKF0okoNUNXW66vfsHLiKhnXsAxanlCeHLYIZ +cKS0/npzpFhKPd2GZM2jPXDNM2u9RAyoi+da5/NcWEoH6QEeAoll5/7dGABS2EM/ +tnKf74sjVQuYwPcWP0S4d5PIkb1t9PwCaKQ0wwZ6WM8lmtiiWOVNpgAjszBrvR5F +52xHHyoTkoXJRd/xV+xD2QPxPX12haVSeQNwAeW6vg4U0oSAECC3WIS/TfnkP1zS +cbmduwH5VCdKRaJXcKXP+YuK8XQfV3IA -----END CERTIFICATE----- diff --git a/test/certificates/crl.pem b/test/certificates/crl.pem index b729c6473f..a258bcf23d 100644 --- a/test/certificates/crl.pem +++ b/test/certificates/crl.pem @@ -2,12 +2,12 @@ MIIB6DCB0QIBATANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzERMA8GA1UE CAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01v bmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMgVGVzdGlu -ZyBDQRcNMjYwNjA1MDEwOTI2WhcNNDYwNTMxMDEwOTI2WjAUMBICAQEXDTI2MDYw -NTAxMDkyNlqgDjAMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQCkIvPE -1NaTmcm9wzkeQNuOxcAvT9tHiblThgGiamzMpvncf4e1kCxU6sbqBFp/7E1CmCi2 -+YRLvMQvAnM6QWuslUjHqLDdaEtpUF/E0KKknF/cLLxLN3FeFe41erlgdJa5AjSP -MynUzW28Yc2us6qNYeOnJqL/oEp09upHTDw/V1OcLFxBngzx3KZAvjsUkUCSRa83 -T5R8wM2ALG+ZOkT40gWh/N222vSIYNzfq8hsumG2ZYYEXs268BjclLvQOe8MCMun -NmO1F++wVpbPbKUS89xkewYRLK7L+AjUhINKXJTTtaepSFSA2IVGOmtXD3Z8VeWC -yaGBDaTeyljKqfhl +ZyBDQRcNMjYwNjA1MDE0MzE4WhcNNDYwNTMxMDE0MzE4WjAUMBICAQEXDTI2MDYw +NTAxNDMxOFqgDjAMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQBh3+5E +QMyGj5BWnN7hC4/ZNj5Q0Rfm0qIZrKQJ2EsiRo/lT33/QGv1oHdd/i7QOWee3UaA +uow1hxHhhUw1gwL6RZz2HmxxxvsecoYIImNq4e+D3Na6B19earihYiZs6JXOi0n0 +2fMxvKd0GqhNyva5nZSNguoL2Bx6nMt2HH0jjKbJYLhfW21aazXjqLBbvXyJ6NMg +Mnoh7/23fqnjtow2lGcICq5N5lH0wvNb62xyqr4viaYy0Heox/yr0DxxAZ9ipXYp +3Ru/T2bnfu0gt+pcbdHq4u+FXtaila08P4pAMHKaXFGpxlv6S2lTuKKMgIV/yKtR +Em4RerccVwXzeI6T -----END X509 CRL----- diff --git a/test/certificates/expired.pem b/test/certificates/expired.pem index bdf17a738d..b0d50b5200 100644 --- a/test/certificates/expired.pem +++ b/test/certificates/expired.pem @@ -1,51 +1,51 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCshzk1c7wW26bs -o/GTWWN2nU+8w7lZClTibEY6/78DW0y0YU6+KPD41GxA4zIemxYY24JwqdnC9keH -JdWSL4YFgidVJUw12Tf+23oRN8+f//c9sb3Bmd6sZfbzYfrEiPdkHrGebcvdSK+O -wSOHZukiDwTz97w+98LD+Wd3p+Vde/jB/KNmcWlNl1Qkq7B3WaeoPNr078LNTuqO -MrGzqVo1bpodXkCvJruxdCNnhARbbHYLVwIaYuC6lqJvJL3u8xD2UebcvTbPos6I -Fjphgaf/FT7EWQflEkrqjvtViOqgfGPd6grrKFbTExOQPyonwe1iHA2rFr5IIicq -bdBpV1UtAgMBAAECggEADN8r1/6R/lyV6BrVJ6qoHo3fCJTLq8Z3DcuJM9an0B7M -KrsFzm8sh0wF5ZNtxlXIwMMDyNcLPZ31OTKL7BOqmpeayqH1PSE/Kb8DLOyui1/j -+NDdeOe7cr5Kvd7GAEq9tlUJ6GmFp7VID8z+ExiM9TMMqg0GGOaQO+HMI+O9W4uI -aDIQ1uaaqaZldHMut8m3hW7RDaqElV717RXHnZEpmZXdoRHPvtsYqPN3f5MKNDU1 -67AuVQCcdDys+8k9iUu3H4DCW4mrxP3PaXm6vuRxqgiNzmUva/pt12UuoDPqj729 -Gn1fRrXZQgbNpGK0WFengf01zFYt5SXVAZleg32rAQKBgQDSLkzT2QThzpbcu7fa -BsfFTDVBf63XycWh+C94g9hQ9OZjDL90X3pUjF/MuPTKcEuBZax4jws7GjOKPL95 -FwZG67TPmIunCUtvxuuj6rtvTjEz8ezYEsfOaU9prv7dPfxRcGOgSWkIXUX8z6H2 -Z2W3uVZSoSGPsH/n2oPX2MjlrQKBgQDSI54qIcfc50ST2RFpHqJpsdn4kMsouPOG -1g+LALTwFN46ABQdJE3K9g5fXvmF0sLPlWdqGCIxUrwXDAhEDmOrlZoJCS+Hn+7l -iG4XNCPVPWfixX2oUA99RfPiu0U9wSVsfwovdsghXG5QTyNa6XyZrhNBpYMIClYV -+tcXH1MdgQKBgQDJWT+SZ0GtDJsrxM1hGcPBN7uBDs68fXhOLRNU8YGGNMaMtwam -dl0bqAqSddFUKfW7dWqfZ/GLYhNj58RKPYtu35kskueeUmIpJ7hQJKwA+jhamfWa -HYu6Ktq/1LwluJ8CaZeXUxxCvhAxG7v98JnaQrv2lpQvMhemRoite+khVQKBgAcQ -UXHDHu/LCmAZ7N7mu7jn1JbpbxrYVL9UlMMsa+iiGvJCLGrqXH8VFFiaXbLk6c2G -jSpg001rJY10xxZakXkkF0B0gZeChcpLcr/u7cFuRf62esncnxir8E3P070GsBZc -kuATkxij/cVPU7XroVedJWKQiL4NcuVcQDyzvdyBAoGAUkPi724pAnlTST6mYMXb -Io82iSHeRwkuisSRDWfmrO3pGe6SkBwDwDyCxoS7fGj3JqsF5NtyRgmgZaLTu42H -oTXrhhMjOzXjBAoG7FtdEs3Wxwyjkf/q6850ZVhVYpdrSzYPaPN/52MoI71qIjHA -2GuEDub85LdRKAMc3fhmxXE= +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCUqmrhMtP8RnGs +9TcWYFHSdLjdjezTmCNCVNIPnTky9oX7O6MwCahwaXJRNmGSvED2DK1q44QbSNRX +WMBtTFhckmx2aRCGVfaRFHHaUx58+DWTDQyc3YHQgIw+wo8endBlcSaCiyF6A7Xd +oir8IGTL90703GwS8pqM+urY4QcgrRrVfoGWgEdzLUSlqk1hC+jFwh0++Ob7EzX3 +I4WfUtLhRRevhS/V08PT1Q4n3kxUt3phFPFD5sb4dIUAZLbNmQ1oO8nnIjpQwhMC +WlAwhWVNYf8H9zkwW7ZPLT3hSeqgrUN1/l0wT1w5AaVElnrDsai2j/3DQdfW18qK +59Y+/y+/AgMBAAECggEAHSCwtTPYvfZtYlZfNzajAWmWKO6cRq7pxZ7J035aDSap +BJrgM9LImlHGsKvHfVD+J1c/iRBPu2rPE9gTR7bsHyMfNioKr09bcnx/fCfJ8vFM +yeWGIZvyyc/N6qQDF5wTDzUWtwAcjIP6l5Sk+GY+aYoogahIUoQPDO1Co0CfvWJw +wpAlaAIvEO1RgaEQVEq3YgbCIpmDEjgwQllVqQ+QBkXUDsw+aYFaktcYkz+LPp6M +MtPhe4DLRABeqDsFtLbi8L07rDdByZNDCa3GFLZOy71YrHHzqENAzvy/6HN+SYn9 +elrWc+qvuSRP/z1JBa8P2Bf5TLCKgSm5amRMFm4brQKBgQDJJF1PA5jmPKiG0ftD +ASn5375OGnTw3SkDFEWJKbEVu2TUa6eZhqUQzRz0j9qNDnpaVVa+88c/tJl1lymV +RG+EsPsoKzHEQJ5FYg+SJz/IR5XMqO9D9Yd+vGRBY9nqO7Q5lbyQqdBiHrQIzKS8 +VRCobA8MZSyGUifnJPNS6JXfqwKBgQC9Ni46GNF8za664JTfyD3PGq92edzMAWZd +x5yLBUC+eh9WKawjr98FFS4UEH22Hrznjp4FqqQnQ04DaDNd6Peeb0G9co2LSguv +8PXiuG4QshmA/yHLTFXbAGCPDV/CF0XqPTyMpHVax8Du/ITpucykenm83s8lhf+T +FwzvqQasPQKBgAQmQ+aFZHobdj6RxmUzePI2s25ZDWCKr3XozSZvPb/9Ba98KRD5 +vh4CnT5OWWvfiJakfA2kac/eoevTGoCB0Osj24qQmY465wj3ZOrW9HHlSCnYslbs +kccDi+3taWlzodwuQp2ZYzsi9wPXdO6NsrJGyGixDaIXv8r88CgdtDnRAoGAVSG+ +lNc70kp89oo7kaB35uobzlOwO33ZwBIi5g37/nfWB5+CWyAzWQcZj1+IIFweJJVv +lh8b8qp+vFuy2OsMFpX6XzHea7BqJ8Rj7ZmLtCld/kNMwjrbWkkGKPccgaiVBXp9 +9s28G5dKwHyPlNXLNKoCgi9BxqFOx7CUWnSTkwUCgYB2a+06EPZi290XgnnN2akt +/GI2xdnY2GDF4AyZuslffdm2MV8Gl8d0xUi5zkps7oEoqJUFg88FUxnnVxTAycLP +gJBSquCgzYaTlg7UrrYEUu27w+VV84zUzf9qnAy+YcqQcyROoDugP5AEhGoXLqke +DwKg2EIYHmc/qhVQXCKvuA== -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID5zCCAs+gAwIBAgIUJMLeJCsPMuRPkCXuMs52RwfFbAIwDQYJKoZIhvcNAQEL +MIID5zCCAs+gAwIBAgIUAYDeF//Jvzjf1eM+TBMe+oo6hh0wDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMDAwMTAxMDAwMDAwWhcN MDEwMTAxMDAwMDAwWjBwMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV BAsMB0RyaXZlcnMxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBAKyHOTVzvBbbpuyj8ZNZY3adT7zDuVkKVOJsRjr/vwNb -TLRhTr4o8PjUbEDjMh6bFhjbgnCp2cL2R4cl1ZIvhgWCJ1UlTDXZN/7behE3z5// -9z2xvcGZ3qxl9vNh+sSI92QesZ5ty91Ir47BI4dm6SIPBPP3vD73wsP5Z3en5V17 -+MH8o2ZxaU2XVCSrsHdZp6g82vTvws1O6o4ysbOpWjVumh1eQK8mu7F0I2eEBFts -dgtXAhpi4LqWom8kve7zEPZR5ty9Ns+izogWOmGBp/8VPsRZB+USSuqO+1WI6qB8 -Y93qCusoVtMTE5A/KifB7WIcDasWvkgiJypt0GlXVS0CAwEAAaNwMG4wHQYDVR0O -BBYEFIQZ8b2OANToGnZdHc4Vq1arH/VKMB8GA1UdIwQYMBaAFBVUg7McKdezoLQJ -TeiDCxobmW5FMCwGA1UdEQQlMCOCCWxvY2FsaG9zdIcEfwAAAYcQAAAAAAAAAAAA -AAAAAAAAATANBgkqhkiG9w0BAQsFAAOCAQEAWNhUCwXlWImKzbQqEZNwhptUHcm7 -LK/jWbOyo2mFoQyGim6ofMSbb4AMvtVgn9OJYwOajfc5GjrYZ3g9UkCq7hOpOn2A -OmaOL4mLadD6pFpuHvgindAUHZuqh3UFMDP4ekoFS8DhlvZg+GJZkRiaJ1Xo5quM -6sYCoL8VoYT3/ExRQWPocwkQibIBu67N4oMiOZUZ+jDSsPo7XmfFPZeVhAJ0Uxbe -wfgqBnGSwi+87oLUOuUAVeNtF1R7NB2q0xPUbymIL8Pi5R56Yt/fYWe1QP7TuecN -ccfEIaSEUKPoqYiLOseuzASNlpIJV8s+IjNHH1EVTab3+UQDSRmQSr86yQ== +BQADggEPADCCAQoCggEBAJSqauEy0/xGcaz1NxZgUdJ0uN2N7NOYI0JU0g+dOTL2 +hfs7ozAJqHBpclE2YZK8QPYMrWrjhBtI1FdYwG1MWFySbHZpEIZV9pEUcdpTHnz4 +NZMNDJzdgdCAjD7Cjx6d0GVxJoKLIXoDtd2iKvwgZMv3TvTcbBLymoz66tjhByCt +GtV+gZaAR3MtRKWqTWEL6MXCHT745vsTNfcjhZ9S0uFFF6+FL9XTw9PVDifeTFS3 +emEU8UPmxvh0hQBkts2ZDWg7yeciOlDCEwJaUDCFZU1h/wf3OTBbtk8tPeFJ6qCt +Q3X+XTBPXDkBpUSWesOxqLaP/cNB19bXyorn1j7/L78CAwEAAaNwMG4wHQYDVR0O +BBYEFLwmWBzr5HQiC9AMIH8MaBKiVhPGMB8GA1UdIwQYMBaAFAedCCKz7kaIvK9m +kpHLdhyfGtFyMCwGA1UdEQQlMCOCCWxvY2FsaG9zdIcEfwAAAYcQAAAAAAAAAAAA +AAAAAAAAATANBgkqhkiG9w0BAQsFAAOCAQEAvAHnUpmT11dC3y6sEUyg5EqSQSD9 +dpOEIVnQ8kLyLAEhxu2LNyJFM0s+luhe4m/5OINlyOKizjGAA0MXjShNFfLioIlf +Gg1gPeTvGXJofIrHPF5EnVLcGGx3bjn3E5d5MEX2V6swA5jxcoiJpfIJACfZfY3M +n13NNIXKXtsoXE8G9HuW2TkINnyJCHJPT6aD7uuA+UElvGMQm1XEZiE69VZbWGgx +lCsR5Y8M9PaXJaO+WGubr4P08LAa+ZA/zFbJyY5ThXr15GkatW6kQvBo1g6zOdGp +inJ+VxAgjOMSlmES3IgypKvliTp1rSRU0j+xwGQNZ2j46ju+oqfV1bQ8wQ== -----END CERTIFICATE----- diff --git a/test/certificates/gen-certs.sh b/test/certificates/gen-certs.sh index 7898bacd93..118e866ebe 100755 --- a/test/certificates/gen-certs.sh +++ b/test/certificates/gen-certs.sh @@ -23,7 +23,7 @@ cat > "$TMPDIR/ext.cnf" << 'EOF' [ v3_ca ] subjectKeyIdentifier = hash basicConstraints = critical, CA:TRUE -keyUsage = critical, keyCertSign, cRLSign +keyUsage = critical, keyCertSign [ v3_server ] subjectKeyIdentifier = hash @@ -215,7 +215,7 @@ cat > "$TMPDIR/trusted_ext.cnf" << 'EOF' [ v3_trusted_ca ] subjectKeyIdentifier = hash basicConstraints = critical, CA:TRUE -keyUsage = critical, keyCertSign, cRLSign +keyUsage = critical, keyCertSign EOF openssl genrsa -out "$TMPDIR/trusted_ca.key" 2048 2>/dev/null diff --git a/test/certificates/password_protected.pem b/test/certificates/password_protected.pem index 409a5677d0..32163a114c 100644 --- a/test/certificates/password_protected.pem +++ b/test/certificates/password_protected.pem @@ -1,53 +1,53 @@ -----BEGIN ENCRYPTED PRIVATE KEY----- -MIIFNTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQEBYtboqnWdJ8eESa -YxMmKQICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEECFmeuF/j03+YvpX -H2iJoQ8EggTQP8xnokAYXmoie9Zq8ZfMm3Z8V2a2IIzANeC/FrR9yQ1L77EuQpzG -/ah5TLBn/SasWRNPMV6M0TI8Cvg3GDKuBdK+GqwQik5masD5UsCx3ihLLiWasF8I -R6w+CWrpZZDLTfQE9ZXEHcb6A8d/pAQig4wPHfBPopTxiCsfCwqkVMMH/KMTfBqO -VKAkRE9e33gmEygO4t1LMtnR34mwgWA5KJOmAlPT3QiEBy/ZpDD/2PFqmqigibdj -YMRy6irIBqlHoDqtWmYuFNBBpVPVBtmFw3DDbbAIwMQ0zq4Il0Pl75REvIebgXEW -tjsOLGomW/gcxf/QCu0zdsNCYVNarXzM2UyJR6AibotjeoUDFn7wR+NRsI7rTYUN -r3cDDdxPebaltVAtwpIY4XoQXZVpfcyz6kmGKlkl9VuzKdSPV3fi7om7aytjFKxf -L0nZ2lsDZ0bhwMv7PKDkNHIPdyUt/XPayFb6+BtF2fCj6FRy5xyhX3sRuVmPdWn9 -21YY+TaE38/kB7ItD07XyrX4YB4lgG0wX+qMUDPH7tX+f/Yor5XQ/it7186z/Yl8 -L7wW4td+mbWWfV8HXhmSeJlbkOzvtzCOmf0ypOCi/Ixw7VVRXITevrdpyb74trQz -HV24x2V+dDHkXxv+kS8tuZ5kRg5ZSqrUSaDoUNIrYhbmJ2QXoew08zvJ6GL5UY2M -a6pQz41GO9cuVLXJiO8nV3VbKoFP1aoxaAYotMKpv00Bf7W39oS9lDY9rA+oHj8J -fKjYjr/ojCHkG4EElkAzcRvKCZpdMFDCf7IaNlSxkHvf33abeHwf7zb0WVXCorbu -499jo2Oc5QVQFxKQIjAjPX3NyvZYqorXa/vxDo2KvofCe2o1NOJ+5zvb0Nk89PWk -vunNo9Oq8M9Dw3S1jh17RJPLmBNsxQ4rqExynVZUcVcdDABnVUR9UDBA0/Pd41Yy -6kIlS2BgkvcL+Y0BK4oZVjz0zuNSlXgeh1gcNfFR8phxRAuYTZ0H70ZPTEfgJ3vn -jNsiPu3C6TLH4k7xs8VtIob5Nm4PrUcV7VNQLA55qZNQeL/uDwwvipY7ypKe0+7Q -bvESiFh4s56OjvBAp1wVjrKDmuzoL3aNr1dHNKMh01ft8pU8U+rcNYkAQ0ZS/mX/ -OIXR1Y+0v4x8OPYK1QWsZxKy2PbfL6oGEmsMh4viv3ZbSElw/gmuTP0+8jpXK71O -MwYdaWq9pCS9RLrcjYHff18vS3zWA6MVkanLNqsiUY8QBW/vTFGRfpFSZWP2AQ4f -IayDtfrqDcwEuOCFiRSrcZCzyGEs4NLgjBDfAi9Fz1Ec/o5f8xdM1Tdb9BSI0dS5 -P4a318l0hbaY5tUPMsOsYQlizgksCdgvxms2k5u4kpJkSkRw+BXgOdxYbeHNWqwL -snYwWmRLOXymu8OeJ2zTQ9QH6ComE+C27KOhxUml5XjHqY2j69qbXkhQWmi0EXj8 -DHJb7VPQZ+7IEjMTXRFmTLSS0S1k0C5CCGC/eYtUFFdQzG/RYSLbic0yICrPCnTq -GX/PiC3E+MTaZrr5ehAHAl+LC0iw6qXMUgBO2rWOYnF2vP56SIvI1yvCgNWpKFN3 -CKyHUKWyislcHqw9lvyzuouoidtUHpWMAEo/hEVb8JF4Y/yNND/4nLU= +MIIFJTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQDGn7dYhmn0u7DQZS +e+Fb2QICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEEeI3oDkWtJo14w7 +STucnF0EggTAM9qVjNQSvjtiSXRVhq6Ab1JVRmsr4VyVPhRTeGoj4z59g4/uFNLp +i12hGtZEH5Ql6icHY+X4vWrwt4IUhkdwzgcSLrZwYTEl5RP4C7N+iZb1PErNoe82 +iEC/gw3XpQZNWKEi8tjd8Wz6EHVn1zKS/7X/IOTlboIMlhnJgLHCqVhPLyxA78OT +2yNNQysHD6Vk3h83jkQAYy5W/pZIl5TVDLyLADt46cq3hDTS99S6jl+kwn0dijjo +mZUilPBman6TQt2vI/kNP0+Qy6DxYkBMLdhnPu40JpvcLpWAxMioqx7by7007W8H +3Aja81hqx2SN1IYVUEs8LshvL7YojhvkbTxH2ma+lnmkyxEBiwbMOiBV3OPEkWYv +HbAg1slT2UTCrClZ6CRPMtD6+fvEn2GgXmblCQf2W/3inTeARJ5p/oNjnFjoU0Yo +BIdVeqdqU09OsjUd8W4B0wKSEaSCpl/oSM2gw4fzEbaU2xlVevVyhrdDr0NS/j6w +QaDiUw0th3NViXy/BLb2l699h6TRInk4njhNNbJX+sYEFuMgwNKdj4PkPkP1t3PR +m91mpnGAhq82dMQnTLm536YXVbeJGQyX3kEXGStZNdQRfz68fAYQ56teQoZfOwDq +zKf4MT8JJfhZWy/dgCOkv72GMJM2ahThWUztbBnHiB0ODf9LdrqnPaDfpPgt4i0N +Gj+L3nuK1LOhp1Ay7Oij66yxWm5bJJ0M7RGgGQsZipEf8+N9iSA9cw1ZKOnSqyMQ +gSAjlnRK0OHyTauyOl22FeEzF7gtWKyLTgnw1zn22oaxZZLOhdcRJJz49bdl3pUm +Lv8JxfN2dbcC/XgOMoC+wFS//WnHro3qvloUEVeYA6acxfvjJizYlGEmw5xG+ZCG +Ju+tKWgA9lUpQXR9peMa958cLSCqlaWSFTSBQ6AMUw0rVZGlMxb1tVmmhRKYOhUN +Eugp0wUKrYArHzfkzqWv0JO2MHi2kbAZCJpFBrrt8ijF8t0KmWsFRl9P4QtBJ2dI +QcMBtgvWC3tr3CFZQ5UpiaP1whLFTG7GhZc7OHG2QF+Ba5fn1HgUgH35W8TQ80XS +uAkkF6GuxGOSTtsvF0nEkNALGM8E1/I+VVZ88d7sA2ws7GHyxtNYUYAdf6hE5X2t +82oIMrN058IL/Bpi/s+xe5zU5NYFXZLUfvlQW//1hDrTF8Vs4UbF882Xae+HNmvF +D9/bafdrdvJSEJ91A4hRl3M+G+qnnJza3fEnY7UKg597X1tSntNc9Grn2M/uKeGp +2df7K8VrEV6GQafbHq7PAOn6vTlwZAgljEj0LUk7ts8I0KY0hpxCo+Y2WKcmiB3P +b8BY/3j0DuJXacv2tC4RrUIC6pHcdQLJTCeCHQMC2IjCwlmnFqtTZ7RUooYmAxJd +DYNRzVw9aYUq7oAhab2x2iWqgTReqlVnKuytNAFJVu+34S8AbCcSrsoa7Xmjqkwr +qxyGb5pW9ZmSM/k0N0hLI/6BbKb7lQYm2EYJiksOhL+EAjH3Qfq6D27zh5UM97dp +7a93RbxCFAFjT+OZQr5PJ7oxRXcCSnabTXA4J6f8JRgfQIhbOfsfovCpxrqa0MSX +tKYeRyZHLqLs9Cgfv9eQhOF9gGddfJ6QKw== -----END ENCRYPTED PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID1DCCArygAwIBAgIUJMLeJCsPMuRPkCXuMs52RwfFbAAwDQYJKoZIhvcNAQEL +MIID1DCCArygAwIBAgIUAYDeF//Jvzjf1eM+TBMe+oo6hhswDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA1MDEwOTI2WhcN -NDYwNTMxMDEwOTI2WjBpMQ8wDQYDVQQDDAZjbGllbnQxEDAOBgNVBAsMB0RyaXZl +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA1MDE0MzE4WhcN +NDYwNTMxMDE0MzE4WjBpMQ8wDQYDVQQDDAZjbGllbnQxEDAOBgNVBAsMB0RyaXZl cnMxDDAKBgNVBAoMA01EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UE CAwITmV3IFlvcmsxCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEAwSLqHOwSV5I+NzoMOP5To+pe6idd8J0CjRy3Qrip7bmQ/JkNE+8T -iqokW7OMctnfc0vWxjXzK0+9KkUUXSK0jkwThjLVE1rcNlgRzpDxdTpRuGiJS5oj -N/1uYEHysXVLwPFGTowi7XTrny5XHZOrHHFobQOFuIJV4uOhAxk+Lae4bYE9O+kG -tpXynNQlYFdy2lCHFvCaRw9PslNoElq/P6BPdttn7tjFQ8kKkf+1hUQQR0eSiUr8 -eLSe+dz7tfaPk+1OYni3oEdT/qyN5tJLSaGraJnw3XO0dF3G4KiEv3E4yP+0Lkaw -+0bh5+SN/9DJfjsCsxJaU5VU+izlETdIgQIDAQABo2QwYjAdBgNVHQ4EFgQUcICQ -1PTXz/qx3lrQtE2Op0GknT0wHwYDVR0jBBgwFoAUFVSDsxwp17OgtAlN6IMLGhuZ -bkUwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB -CwUAA4IBAQAyFLdTJL3uJlIg4gsQLE7YOR8flyngDYneYhiqwM8VQzXFCGGi7VqC -o2H3SFMnZUm91qupDsa2qaQFULsRgCUm1ArvxVtedkQBlsPylRY5K2/UW/Flz/2C -0Ye8kQMTkCseNPKolwGf5TRSWg9fBNXEYHrtuEW83A0a2/cL3MjehGzblh9BF6Iz -HQvpxM1TcMCrrS96Me3UT6ENxCIzNprFjn58pDGGuOKJd+BXrqXSnXKSJULlEoWv -32/FDsUDe5uI27gu+GvSNZAOddhwXv5OwHNFBgtY/8X9jStUuzhrwLzv6U0V/6Y6 -qtrgSbev2AluiMko8NpevdP2NsOUMxyS +MIIBCgKCAQEAuACst8jdcpVIgqz/MKn2Mzu3PpfpS/VfCLc9Obsxwzp8RVVXlbNF +3782+0nP8XqZwZQiEQz+bnJsogkMNqWivkqnZOHbXgY+aQV6ceSgvKIuryK1NeoA +eOn9X6U1TKVOgMTGzDstIvJrSUgB/mIAXMho6YsdiNj0FDUqdrQLfQyZcc5kXHJS +ZJJMh2TzGT5Ah9EdxcOjCBsIJodeHkIasb1MXJ1wylbdMtHurlVOnRe26sgIr88S +FN6hZscVgrBUgDaaVND+kwZCMcrFIHVf62JAVcSBIvjWaJnho0d/4ilZKaOsnq0K +GkTliFpySy2OQcyXPaBucZ6AINaiTNRA0QIDAQABo2QwYjAdBgNVHQ4EFgQUPQii +N1XUM2emxoJgNj8ry0yxRh4wHwYDVR0jBBgwFoAUB50IIrPuRoi8r2aSkct2HJ8a +0XIwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB +CwUAA4IBAQBIcLppLz1x+xEqvIWuopnRNqejMOxBqoHgoJs4p8EAmgi0HYZZq3NA +EnIMWE6AUIDbeI1bM64oKY17dQrNKF0okoNUNXW66vfsHLiKhnXsAxanlCeHLYIZ +cKS0/npzpFhKPd2GZM2jPXDNM2u9RAyoi+da5/NcWEoH6QEeAoll5/7dGABS2EM/ +tnKf74sjVQuYwPcWP0S4d5PIkb1t9PwCaKQ0wwZ6WM8lmtiiWOVNpgAjszBrvR5F +52xHHyoTkoXJRd/xV+xD2QPxPX12haVSeQNwAeW6vg4U0oSAECC3WIS/TfnkP1zS +cbmduwH5VCdKRaJXcKXP+YuK8XQfV3IA -----END CERTIFICATE----- diff --git a/test/certificates/server.pem b/test/certificates/server.pem index 08cd76dcfd..95fb7f32a8 100644 --- a/test/certificates/server.pem +++ b/test/certificates/server.pem @@ -1,30 +1,30 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCuozfwg4XDRJs5 -zPCIEAd3iiS2z+G68X0N444O1Yb/35UslCY2ZkKWs738I/A9AI1Tm74C4l1PMHNO -OlCMcYg2w/fu3VuAa6E7QwPwjRhnoRYl2lgDX+TVKcHXOmD8bKZB+S9V7Rl6CANs -pLqeSlGBQqXORJ2nu0teou6BZUJ9qcRbsC/aHlQleOr13jx1+sfPvwK8rrBeYqH/ -pA982scfE/PU6QnB2v+9Wd/hHt7073ssIE8lsKxoJtSsfebyV5kn48e5kPKWnbLk -ONbD5QRzCs7Z8GbIrzGkXV4mRwUVK5+fCmhVE93g+99paeJpcXOrBmkCTkL9WTyg -GW0vGhDLAgMBAAECggEABaKOnjF1kiTB6COMv1cvu9O2oOTO9nvu+mZqobU8yJTW -ThHvCbeoU7neWicZYV6F249y73TjveJlAL6GStcppgVnbUsHNiWYQOlF/0UOPInI -xSqTxx1uV30kHBBuK2GgxmWGpCclDfhO4/qMwFQgPSOBZh52AoDbSw/G0mC0vIk9 -ddiGMvQHRgh/JEk1vrIqE+lEdiccPNswC2G2FyXWHia6plpZ0VAZXfQH6R4ttykF -CfHUk1gNDuGrXtwHicF4d6XXZsnuPkBQZ/GWmu51gGu5Xhr0TmXY/NPRhamsqsjn -lkrNGV25VxZX1lGM//cqL77Om7m9k5Rx9gnp+8n1QQKBgQDj09FNvc6kB8QzZ3Dn -1YMnNKpSiu5d8qW8iUGUMLIF+d+KTkHa7nLBfjEOUyCVOJh80pUFhvXwL4RtZ72A -Ln2EWZWYxN7aNzuTXQIO6zit+BgosCf2Vqgu06yZtmZARFNxTRRImRwUsPGaqnBH -drxJpQfuomNJfCJ4MY8OmC/URQKBgQDEO5rsV8OioXI7+y0qWSJO113sofwT9VSt -JCy26oN59sbgrcFPohsWISEBrYnjuPEeRf0Z3Hl52Tt49btuIqPmga2II/1Zj6ip -V9cTzwVij3XSfdb/SwcV3GBCzhQjgl6C/1ocpayQHGLaS47+hHFu6sGp2JyxhDKL -owO/twsJzwKBgQCU5crVVEfJTIoeTmysGA8vgGwQplxDamKHZe1GPM0cusIuUhcY -Tt8RNrg49HtHC0YdzkM26Y2y/FtAZZykOb4u0Z3Dymcblx2IojDGL1VL3elsLjTv -+pLQh+c2Ts9lEUK3ufiXuflwTHSa8OmQyzkjqIgWnmrljAu7IiitESmxQQKBgDEH -C1/9VX2uhJID4XbxKic0m9zhY8/AvdU8coeI9Cxmwa2k++VfhRD0WgDHUOo6bNO5 -fNEXSqps4fUIwDl2IikXQToAc+4KfINC1RO354qGeVOL6UmDf1Ow6cQHJPTyP5bP -Ib6Cjii7Tt9nfWSNxqGFubkry4p2kwJcSjV+EB31AoGAMv52cz2i3FDSHYBv+QRF -VrTEfMlV63o/zPYKRx0ZF+9b6Br8z4emeNnb6Fu7nk5glliGMsPbGT/0P2OPYl8/ -Q2Tcp/QlvAtQbeCsOvUQgi0eThxgskcNOMefAr7BFcHSZVgrGixDGrIiIViJGQMF -IyTjmZ1yDgFmUwf8ULuxegw= +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC+qUpDlPLxEh16 +vAuN0M/t7i5cGBU3UQu+MfA9l59iPV6Yme9PQOMXiATEb7yp5G7AaqHqoofz7ntV +ZaPF82ZRGb2jOwplU2wsCIGKO+4ujUaZPThZgLXR7sVX6qSfRM4PYjSqm1Cv5AYC +GOHK1hesAMP5sGdf4LGIIWL9ngEAPrwARpgxVS7RtH1GX5yWUpYjhEyjpMWXkYUE +wFll00LGOqiK+U7V2yyCRU4BUSggFLhbL1n6z1eMFxHwAgJZo/boodPCPhxXFU+c +wFvQbiBlABujyY+iHkSpyytM13hUoWBfM3FLB2zSgmKMAbvaPs+CNjapW1kJGaBg +L1HfqcS3AgMBAAECggEAUTazV44+3cklnX40PbhQmbz3KmtnviRbqCyFdPb9AU+6 +163abhvpn8Bkp3ghGQ0gz/2b8uJAnvtatcmRtWQ0lR8t1DX1+6tJTIhjBYr5rgKn +q+aT9iwJRt86WHSuotkgHRVr8bAu8n1iwcnvhAMmGjJJSDaIEiMX/DCchgOj0YIq +VLJYQkrj6Dii33GeF5eQ4jr27I1RIQSvDEvSffuJpKNbWFap+/epja1MZIenioiu +Vrm6jLPtlqacpREPL8pCGTlAd0GM/nJ/8BrzrodL0P+h7FwnpfDENTWnE9oVSMdL +1t4c1psf3X+hYyMOs9/jtVzoXzeVraGHvwyopv5k4QKBgQD0Dl1PsISWg8mp6CVW +aeIG3cO8oUh5oxwmLQRS16//GMIJCo5o8+6W+3qI6ZGOwwo/THm/GKyuYUN8UKrx ++iNhDJbab3YM24lXDA5QFqO8Dv2JhyXfAb5DQk1ZsdIjbfA6G9T65Foa6dl0IXmi +ByfGXa+tRPNThUvV6XRUEelA5QKBgQDH/fkoU+NIRgaaEiVQneFZz6OlnnmEM+/+ +/Ctm09nCFJLZt8nFisD+F9dVKSv0m1xWgkrG4Pm9bbHq1iBn/09qNp2Jn6W5bYoB +RYI3EdXjb0B/vAm8295afEXXGA6szOZLlcY8sc0QPkdxMmeoV4XkFTlFBE0gNTPm +Q1YCk1PBawKBgDHsVk4cz6JyZugooqqgkinRZ17IpyiqovF0N/QyRsAp8lcjH6p8 +a4va+V/UV4AaiZgVLrpWc8xf/QwK/EzvXBlYF+uq7T0IE3oI70yWtPudHWPqj2ak +1qSvhV8ZruCsdn2Mf+6qk3v55g+JYXYxfINpWqxY9GVbWP3y+WbRGyO5AoGAO7nJ +UxXaZpcjGZgZtL2xsxSjlq6BM84e+lNs0sSp36AtSv/sLiaGBFwyXqhxDBfpt5wp +oMNHUh8UZ0GTY/uHR/0Phy46W+ousLqFbNTSv51V8c/CSLiQ6wz5/oacu1Zl4GTW +UwH2b8dpppCbDFc3ESqVc9sY/WlmGno5kYNWHAkCgYEAhd7xgqJUpM7Klbsl3BR/ +6iEZ30Exf1wlC+nWJSK4iHFH9l9BGHjImENxpKa62Akm0VvE9n1KgKxK1IESziiE +9kAXspYyBT/clOo4v0w5rPIiQ3itm5+ew9gaFiJ+Yfi8MYTIwznsqXvyekqLSrFo +w9efOvZV+XaA79X+bEEd2BA= -----END PRIVATE KEY----- Certificate: Data: @@ -33,75 +33,75 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=New York, L=New York City, O=MongoDB, OU=Drivers, CN=Drivers Testing CA Validity - Not Before: Jun 5 01:09:26 2026 GMT - Not After : May 31 01:09:26 2046 GMT + Not Before: Jun 5 01:43:18 2026 GMT + Not After : May 31 01:43:18 2046 GMT Subject: C=US, ST=New York, O=MongoDB, OU=Drivers, CN=localhost Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:ae:a3:37:f0:83:85:c3:44:9b:39:cc:f0:88:10: - 07:77:8a:24:b6:cf:e1:ba:f1:7d:0d:e3:8e:0e:d5: - 86:ff:df:95:2c:94:26:36:66:42:96:b3:bd:fc:23: - f0:3d:00:8d:53:9b:be:02:e2:5d:4f:30:73:4e:3a: - 50:8c:71:88:36:c3:f7:ee:dd:5b:80:6b:a1:3b:43: - 03:f0:8d:18:67:a1:16:25:da:58:03:5f:e4:d5:29: - c1:d7:3a:60:fc:6c:a6:41:f9:2f:55:ed:19:7a:08: - 03:6c:a4:ba:9e:4a:51:81:42:a5:ce:44:9d:a7:bb: - 4b:5e:a2:ee:81:65:42:7d:a9:c4:5b:b0:2f:da:1e: - 54:25:78:ea:f5:de:3c:75:fa:c7:cf:bf:02:bc:ae: - b0:5e:62:a1:ff:a4:0f:7c:da:c7:1f:13:f3:d4:e9: - 09:c1:da:ff:bd:59:df:e1:1e:de:f4:ef:7b:2c:20: - 4f:25:b0:ac:68:26:d4:ac:7d:e6:f2:57:99:27:e3: - c7:b9:90:f2:96:9d:b2:e4:38:d6:c3:e5:04:73:0a: - ce:d9:f0:66:c8:af:31:a4:5d:5e:26:47:05:15:2b: - 9f:9f:0a:68:55:13:dd:e0:fb:df:69:69:e2:69:71: - 73:ab:06:69:02:4e:42:fd:59:3c:a0:19:6d:2f:1a: - 10:cb + 00:be:a9:4a:43:94:f2:f1:12:1d:7a:bc:0b:8d:d0: + cf:ed:ee:2e:5c:18:15:37:51:0b:be:31:f0:3d:97: + 9f:62:3d:5e:98:99:ef:4f:40:e3:17:88:04:c4:6f: + bc:a9:e4:6e:c0:6a:a1:ea:a2:87:f3:ee:7b:55:65: + a3:c5:f3:66:51:19:bd:a3:3b:0a:65:53:6c:2c:08: + 81:8a:3b:ee:2e:8d:46:99:3d:38:59:80:b5:d1:ee: + c5:57:ea:a4:9f:44:ce:0f:62:34:aa:9b:50:af:e4: + 06:02:18:e1:ca:d6:17:ac:00:c3:f9:b0:67:5f:e0: + b1:88:21:62:fd:9e:01:00:3e:bc:00:46:98:31:55: + 2e:d1:b4:7d:46:5f:9c:96:52:96:23:84:4c:a3:a4: + c5:97:91:85:04:c0:59:65:d3:42:c6:3a:a8:8a:f9: + 4e:d5:db:2c:82:45:4e:01:51:28:20:14:b8:5b:2f: + 59:fa:cf:57:8c:17:11:f0:02:02:59:a3:f6:e8:a1: + d3:c2:3e:1c:57:15:4f:9c:c0:5b:d0:6e:20:65:00: + 1b:a3:c9:8f:a2:1e:44:a9:cb:2b:4c:d7:78:54:a1: + 60:5f:33:71:4b:07:6c:d2:82:62:8c:01:bb:da:3e: + cf:82:36:36:a9:5b:59:09:19:a0:60:2f:51:df:a9: + c4:b7 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - CC:CC:54:7B:F2:87:66:CD:2A:F4:75:39:36:9B:60:45:1D:3A:FE:44 + 90:97:88:F8:24:23:75:CF:5A:A6:3A:DF:44:A3:5A:DD:84:57:B2:F9 X509v3 Authority Key Identifier: - 15:54:83:B3:1C:29:D7:B3:A0:B4:09:4D:E8:83:0B:1A:1B:99:6E:45 + 07:9D:08:22:B3:EE:46:88:BC:AF:66:92:91:CB:76:1C:9F:1A:D1:72 X509v3 Subject Alternative Name: DNS:localhost, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1 Signature Algorithm: sha256WithRSAEncryption Signature Value: - 3a:72:ef:6a:0c:6a:f1:a6:e2:bc:11:e8:ab:71:01:3c:6f:20: - 35:fc:22:a3:6e:d2:91:6c:08:93:d2:ae:61:37:72:88:8a:73: - 80:87:ec:61:c8:25:e9:e9:df:0f:6b:fb:50:27:36:0f:a5:b0: - 71:1c:9f:c3:fe:94:5f:b2:f4:30:56:81:7a:4e:51:f9:30:cd: - de:0d:90:39:86:3f:c2:f0:cb:8d:c5:29:4a:7d:27:1d:78:5d: - e5:3e:a7:90:08:06:5a:0a:1d:50:d7:39:8d:ee:a4:58:3f:30: - 44:d4:89:dc:94:8f:66:4e:0b:7b:94:e1:06:67:ed:23:ab:22: - e8:77:18:fa:d1:6e:46:df:bd:75:de:c5:d2:b1:ac:ef:df:07: - da:b0:85:2d:47:18:fc:fb:d3:de:10:fb:e0:35:ef:d4:ef:0c: - f5:d4:d6:84:3d:22:fe:44:c9:d2:48:44:ec:24:69:52:15:9d: - 99:52:bc:e7:04:9b:15:85:7e:e0:06:12:bb:ba:96:58:78:a6: - 61:fa:33:01:7c:76:43:6c:c5:3d:11:c5:e1:9b:e8:59:d1:96: - 8c:30:21:e4:73:82:7f:44:76:fb:d2:f1:54:a7:b2:1a:28:ad: - 28:bd:f7:9a:47:ef:dc:b2:1b:26:d7:fe:0a:0d:ae:bd:38:13: - 61:43:f3:e3 + 0e:70:c7:0a:1a:ff:56:d8:e4:07:d0:e1:89:e8:0e:54:75:e5: + 66:73:28:88:5f:18:26:4f:32:af:8a:a4:74:2d:b1:70:38:68: + 0d:53:42:b9:82:be:77:f7:2c:31:c6:9b:42:68:f9:c8:d0:dc: + 3f:0e:48:89:b1:87:1d:14:f9:f8:ef:8f:63:3c:75:f3:79:dc: + a3:7c:de:8e:4f:29:2b:4c:17:99:da:69:43:9e:c0:03:28:f5: + d1:97:0f:14:58:de:80:15:58:7b:97:53:74:78:91:07:80:28: + 76:88:f6:f3:2a:49:23:95:2e:7e:bd:32:e3:1e:c0:a2:62:7f: + 3a:a7:f5:96:a8:91:90:c4:ed:31:66:80:01:0e:32:95:20:5b: + 6f:de:69:86:ea:48:ba:1b:bb:21:e9:49:07:31:8e:ba:2a:b7: + 3f:61:d1:a2:2b:fb:0c:16:17:9c:b3:c1:d6:ca:b4:af:74:3e: + 48:ca:c0:81:94:4e:ab:b9:65:b6:71:24:66:8b:ff:02:28:7b: + f7:d7:c9:63:3d:22:8c:54:dc:79:ce:e5:82:b0:64:68:3e:8a: + 84:96:80:73:2c:e8:e3:2c:19:34:3a:dc:cf:1f:ff:e1:b6:4c: + f9:b3:d2:2a:cb:ae:8d:76:aa:b9:cd:b5:80:75:6a:d2:b8:74: + ba:96:ad:e3 -----BEGIN CERTIFICATE----- MIIDvDCCAqSgAwIBAgIBATANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER MA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNV BAoMB01vbmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMg -VGVzdGluZyBDQTAeFw0yNjA2MDUwMTA5MjZaFw00NjA1MzEwMTA5MjZaMFgxCzAJ +VGVzdGluZyBDQTAeFw0yNjA2MDUwMTQzMThaFw00NjA1MzEwMTQzMThaMFgxCzAJ BgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazEQMA4GA1UECgwHTW9uZ29EQjEQ MA4GA1UECwwHRHJpdmVyczESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG -9w0BAQEFAAOCAQ8AMIIBCgKCAQEArqM38IOFw0SbOczwiBAHd4okts/huvF9DeOO -DtWG/9+VLJQmNmZClrO9/CPwPQCNU5u+AuJdTzBzTjpQjHGINsP37t1bgGuhO0MD -8I0YZ6EWJdpYA1/k1SnB1zpg/GymQfkvVe0ZeggDbKS6nkpRgUKlzkSdp7tLXqLu -gWVCfanEW7Av2h5UJXjq9d48dfrHz78CvK6wXmKh/6QPfNrHHxPz1OkJwdr/vVnf -4R7e9O97LCBPJbCsaCbUrH3m8leZJ+PHuZDylp2y5DjWw+UEcwrO2fBmyK8xpF1e -JkcFFSufnwpoVRPd4PvfaWniaXFzqwZpAk5C/Vk8oBltLxoQywIDAQABo3AwbjAd -BgNVHQ4EFgQUzMxUe/KHZs0q9HU5NptgRR06/kQwHwYDVR0jBBgwFoAUFVSDsxwp -17OgtAlN6IMLGhuZbkUwLAYDVR0RBCUwI4IJbG9jYWxob3N0hwR/AAABhxAAAAAA -AAAAAAAAAAAAAAABMA0GCSqGSIb3DQEBCwUAA4IBAQA6cu9qDGrxpuK8EeircQE8 -byA1/CKjbtKRbAiT0q5hN3KIinOAh+xhyCXp6d8Pa/tQJzYPpbBxHJ/D/pRfsvQw -VoF6TlH5MM3eDZA5hj/C8MuNxSlKfScdeF3lPqeQCAZaCh1Q1zmN7qRYPzBE1Inc -lI9mTgt7lOEGZ+0jqyLodxj60W5G37113sXSsazv3wfasIUtRxj8+9PeEPvgNe/U -7wz11NaEPSL+RMnSSETsJGlSFZ2ZUrznBJsVhX7gBhK7upZYeKZh+jMBfHZDbMU9 -EcXhm+hZ0ZaMMCHkc4J/RHb70vFUp7IaKK0ovfeaR+/cshsm1/4KDa69OBNhQ/Pj +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvqlKQ5Ty8RIderwLjdDP7e4uXBgVN1ELvjHw +PZefYj1emJnvT0DjF4gExG+8qeRuwGqh6qKH8+57VWWjxfNmURm9ozsKZVNsLAiB +ijvuLo1GmT04WYC10e7FV+qkn0TOD2I0qptQr+QGAhjhytYXrADD+bBnX+CxiCFi +/Z4BAD68AEaYMVUu0bR9Rl+cllKWI4RMo6TFl5GFBMBZZdNCxjqoivlO1dssgkVO +AVEoIBS4Wy9Z+s9XjBcR8AICWaP26KHTwj4cVxVPnMBb0G4gZQAbo8mPoh5Eqcsr +TNd4VKFgXzNxSwds0oJijAG72j7PgjY2qVtZCRmgYC9R36nEtwIDAQABo3AwbjAd +BgNVHQ4EFgQUkJeI+CQjdc9apjrfRKNa3YRXsvkwHwYDVR0jBBgwFoAUB50IIrPu +Roi8r2aSkct2HJ8a0XIwLAYDVR0RBCUwI4IJbG9jYWxob3N0hwR/AAABhxAAAAAA +AAAAAAAAAAAAAAABMA0GCSqGSIb3DQEBCwUAA4IBAQAOcMcKGv9W2OQH0OGJ6A5U +deVmcyiIXxgmTzKviqR0LbFwOGgNU0K5gr539ywxxptCaPnI0Nw/DkiJsYcdFPn4 +749jPHXzedyjfN6OTykrTBeZ2mlDnsADKPXRlw8UWN6AFVh7l1N0eJEHgCh2iPbz +KkkjlS5+vTLjHsCiYn86p/WWqJGQxO0xZoABDjKVIFtv3mmG6ki6G7sh6UkHMY66 +Krc/YdGiK/sMFhecs8HWyrSvdD5IysCBlE6ruWW2cSRmi/8CKHv318ljPSKMVNx5 +zuWCsGRoPoqEloBzLOjjLBk0OtzPH//htkz5s9Iqy66Ndqq5zbWAdWrSuHS6lq3j -----END CERTIFICATE----- diff --git a/test/certificates/trusted-ca.pem b/test/certificates/trusted-ca.pem index a7506ba3c7..39165b7152 100644 --- a/test/certificates/trusted-ca.pem +++ b/test/certificates/trusted-ca.pem @@ -1,23 +1,23 @@ -----BEGIN CERTIFICATE----- -MIIDyDCCArCgAwIBAgIUUcgTcnV0MsAUzdlCtBW/GPxim3IwDQYJKoZIhvcNAQEL +MIIDyDCCArCgAwIBAgIUXOZb4M9mVy82gQz6t1aJHVdG+/owDQYJKoZIhvcNAQEL BQAwfDELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMQ8wDQYDVQQLDAZLZXJuZWwx -HzAdBgNVBAMMFlRydXN0ZWQgS2VybmVsIFRlc3QgQ0EwHhcNMjYwNjA1MDEwOTI2 -WhcNNDYwNTMxMDEwOTI2WjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlv +HzAdBgNVBAMMFlRydXN0ZWQgS2VybmVsIFRlc3QgQ0EwHhcNMjYwNjA1MDE0MzE4 +WhcNNDYwNTMxMDE0MzE4WjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlv cmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxDzAN BgNVBAsMBktlcm5lbDEfMB0GA1UEAwwWVHJ1c3RlZCBLZXJuZWwgVGVzdCBDQTCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJX2Nj0SfMSPuUiViJP0dcw7 -egMyp6VYyY2TCE8HHNqIem163Hy3i49MHKEqr9b5OVIz0RWaU8SdkJ2WwfaOb4G/ -Xu2o7AsDRZVHJwh8BhWu5dco5Fd8DZiUnbiWwdnlmbF/vFB//zGMWGYpGkUOIKuD -dbVdhXTvBrGXY3fDOYa8kjxqhUTJFqhLVESTzfxaiBww0ZMlDpMwgjU9CZJ5C9Sw -wGeRavjIJdiz6ABG1vdSpZ/8E5bL/WYgImonq1vfT3fWjnq8GlaSAW7YrkJ2ANn4 -/BIgkEZbjv+UiadLzUKUT+QT2Uff7bDD+Eh3Bh/j17p5ey8e3M+hkjFbwpoGA4MC -AwEAAaNCMEAwHQYDVR0OBBYEFMnVB5JRAbHlPRh7a6CguKrHtr8kMA8GA1UdEwEB -/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQCAcHZ0 -bfasq8TuSakrHbXd6VN2orX2BUodlAM2Hs/hUtCim8M8dK5iSr/tfW80mfq+bssw -ay+yKJzFlB3PzzLo5b6XBapbjPWiD2lWT5WoIlS/9CAO4BN3edhLAgRRMFgPXyZN -JKkNqg5H0yoLy0z+f0vxx7IIe0GytiwT7T0JLoVGQpjCIkjjm0XSCBPdjTQOow1L -NSE0dfQ9LbsuiAA6t83cl6PUMJHrBpKmzdLYoN6nM/VxAhQSVqy5MfnXgA3BWzra -vXoHA5p2rL1QZ3wQRB3B7kAFxqnrwJJdUTwRjm5RmGMUNjj2hFwAJlfwBQlYoxt1 -6rE4DkIhabfv7Zu1 +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANkffnDicTbF3B8yzIxz7DP8 +rvy9yVOOGoLyiXITiHmTMNIhfYUdxGqO4RRReztQvW7s6yOQdvqNE8LD7WrzsXOz +JOovPuQZMr6mnSu0bU98Eyar9SfRTbGVmkZiCJTT8jV9wP9nxgFag+1Y6DPUwbOp +zyt9/961woScVbJJwVAdJUv/cp7l7dT16rCS4yuDf+m6xI9Svev7iPcqcyIRDLD5 +EXS1RI8ZLmA3ueIqPQbnRiPzjVRgq56czkZ/g2USJlFlgYoeLAV7JnjYi6Rs/umw +0YqfNl6rD4BznrF4CGuvliWaZu/3pAv/ejmGJNMUbgi3gVAG9nZKzIdiFTtR3xEC +AwEAAaNCMEAwHQYDVR0OBBYEFH69MHf4jQo9TLkJRhgOFoQpFblIMA8GA1UdEwEB +/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4IBAQDFN3c7 +24yHj5lEvZX0H2IH25+5KhFouhkEgQk8OjcB8lpyJEB1scWX0v6RNNr4pmHNs/SF +FOqnVl+JMbcF+HuDM8pVVYeaDe/ZS/pAp6U9HwSNSYltEPThnVfQWKKPeI+8W0YY +WANQPhA8TAYft7lWxaUNlpI1RPEy/YTuMzxZC2H5CPnnIll+zTgt78Bi5halR0YO +EovTitdUom2y0UNPPczCRWoFjHE8MM+xeNhV2ybd8qT5L0sO9FDdh7UoYS1LmL0k ++naes5qWFXhvYXelWwr60H/MI53p+UMGfW95e4IyU4WPXh5Z2jG3hc6tg5kt1ThS +tLX9wRS/xICXNu2l -----END CERTIFICATE----- diff --git a/test/certificates/wrong-host.pem b/test/certificates/wrong-host.pem index 8f6ed82d07..c67bc1bfc3 100644 --- a/test/certificates/wrong-host.pem +++ b/test/certificates/wrong-host.pem @@ -1,51 +1,51 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCqOy2pgCy55SlP -jOefFgo814NQiTZUzjslthOd7uobrQYCoLC5N2QwB1I6JlsJuDigo2vWnTB8nTwj -taf1hnAumv1oBvYV25s6nmP6OoOz3rqK0ZqTmXMd7ZlCWi0KmwglfJCsLsFFpGgN -gi1W9eUzVIaJ3BabG02nxRTcsV5oxAIzYdayxqZ/czzAvhfD0bKlfnDkfysWFEP+ -bgHSqNbZtYD4/acHKj5zy5Dyvkf+4rEWJrasqjJW69Q/fRj4eaYpXIz2Jh8Btd6H -8sLsucM5qIKcEwLw7nASLJsKAV+TO0jUbPDEGR2rUxKHoagT6c1pOexa+MsFaAWm -UrHOIFgtAgMBAAECggEABU5WaEXfPwUaUkkzUAVdGNPj2y8Hs0GBXPXNqzrO78Fn -Ik5Va9SC6i9UPA1FgapNE468dgJMyFmTTg6jt1azKPS6SNOMuJYxgrR8q8hGoiTj -Xh/V6FtcV/a3s/aBGGdIK/jzvnYvnobXGnKwDJmaBQ1RqzrhtoB1nXDaa12Y8n16 -dIgqgFK7wIu2c4FRDd0xr3Kq7+Gs3U6z65xyEtRW3ITghaaWsBDXDvHxBOcRm7SM -d8hXPto5sk0V94yJqxY0Xq7rXkDiqeVg+q/5lq/aSdWCNU8mz/+Xmrvvc7uUaHGF -xtTNM5cpVQiyhU3PYAoNa6U1NxHlhNW2yKN8hOTPGQKBgQDqxu23FcX3U9mISWZb -HlG9bzXOxexJAPWuDcIJdA/fI290kFQW2rE/b1jFoUsZL6esFJprinihjE9rdhd8 -vIgiPb2T5eg2h4J/KtXqtySLM00ySu1l6JvSWpZ7hxBDkMon+P160815H0Mko5+V -v9Ndfs2eo0n2LsPMFgv0pRkiyQKBgQC5npEhlqUAmBoIx7PnO6qPlwzWj2lW8l2g -BT3CIjQfbN4++PS2qMmv/3eHkfq3aBpSAXpeeLNEV5flPsJ6OaQSfMT4Wj5bbKEb -Xl8i4WfbC10YIhs6Ur6BOnK6Uyi8ArOFYhVRu/2z3937XM7C7Mz4/g0TsLavJoEu -xelKyc44RQKBgGYOzb1d6K3INHLrPWR0vKG1m1Vkcn+VvDbKYkQLwO6GD+hC6Vr5 -/D0QIS3gHK45KhFC75G6IxBO1yNmtXUS27bO0f9d3OD/bTnsnAspS+h7B57KNYKs -aDg8Ctht8SL96PMRaNchBVwWu/BMdI37Ul19RtMkNn2e/JxWJSJXNqMJAoGAdOfF -iF4UtfcWDomYaP5PQfhkgY35TmV/ShWC/A4GvfQXVZn+pjxQKqS/Z4ctXO4YBaYg -p/dlEJoKdLu+SLSc/XfPpotP0szr+wzI5nMIshDKJTT16RnMGh/xuiA9+4vH/S31 -N3ErLGrGqFWfc20o+3kmS0x1AoNBwW+sqwnG8/ECgYEAzq4Qrm69OmU9zbC0phon -LF03QSPkTInuLvcKAgKeD+kZQ6ZpZCwRnYgRe2XTFcLEwrrZAaem+eNR4tBeE2b9 -duL76gyoukctgb6bZM8TNDJlHg6MoT0RXUjEezMLhYNumrXDO6TCA7ak6gV5AHHw -zs/hznKbNvFW7xLQDPW/1f0= +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCHx0jJhZSsT6J7 +qZZ3+15MvBddhi9Dn+U5koIMPE7tLOLlydbHhKQULtu2FUG4NaL9wrmfhIDmSySc +Tpc/1SScVmoDzrASj7Yw/fivj0ApfBvQUIzttW+C9zd1nLFyuuYZtNCdcE/MQu/f +Ls16ry/vBs5XgHyICxeShFy/eThVx8xczrSw93NHzdLh3g5G38soJl0kO4z6GLIj +hmEgenn54GWOakzKrSM2pIuw3gFM7d3skr+NiBw4UZpB2sUfJFuwMUaEc7bgG8t7 +dRT3aMoWkTraTr38IU0g0B/kCcjoAvV/lbXqpW0JrzWN+ZPkULQoUZGfj23cemu8 +ia0EBJLBAgMBAAECggEAECJOlF+ypG0MDiy/K/+rG2woTJ0yxZLc7qPpnyGVcVpp +lcuPoYKx6pIM2oyZFBYPiZ7XZsyccoEQVyCBmXyuzoL4Mv6e7n20NQsgv1/CzIsq +VO0VafOqzgGpTejyLwNlbz2MooCjgs6baUZK9V6W0AzbfQtQAOxsfyUKTlhNqOea +IZsNgjXPChrIsjhwcwF+nlHuDiuFa1nGNJNCGJN+mAaANDnmNb7/d62B4PEon6sj +oL8InNKdoBdwIqbPsQY6QWpqz7lGcH1On4M3JRQrprjWeWy6A3zu1kFFcJ2TrHb0 +TWwKW4ot9R25QSws+lwCysKEPD31hkkfA1gzukH9zwKBgQC9DZvhG/QgGmYkG4OD +lFTCZ6tY7xSZO5rnJiw/l+4dn/h9WtmjCu9TXtNifivt0bjQsHbWL25ifjvQf0i3 +XisMi0I2mILNUA5tDxIb2jgmh9JjXEQ9yBbsNVflcFMCwAhdMkp9IjdgGBsg3BV3 +Wt7FsiXPpJQgKsqn/aWhHtCgtwKBgQC33B6wGm9SU1R9xvUW63s31Rcm2knDC/Ng +5XiMrC4KviqAJnpo97OD+3w7Lmu94pnp0VTirr9Tb2UnKpEOZnXOo2Qukj5jnLd7 +4jnTvnSc9CBzx4GJYmCHTzx5kn/IvD/M+AajnkCafGVfTdPNKdVvBQ+A3dVLFsy7 +h0uP0RgARwKBgEdIhVkY2DDuo0rEEQ+g82CmBEaxRxwMDHlRvGdyGveSpPhnNB60 +9c6Ct8OwfVHbvQr7LqPOGJoMrPMNu1ZgrGy7aYj6cn+Fyxq2DwbvfjKRDfQnCxgc +hQAlkPHTK4mi7MRvPQT3zNdv33LBaVqqqcrzRCyKCswiNm2nRzd8Tf/7AoGAXj41 +eL1EHKXcJFCsZqAz282dfWvc7V6d1Sgqn6jOPPF3JZMToeR+HwP0jP1hesbBcCm9 +4igCqEjsR6Q5EHGSp2X3Pyv1UOgO4TB3xcLVUXKNg+taycokgpcp/4MJfyKHbZAh +DxNaOBXVfIGPNJXh8nNcnAiZgVDhhqp2H/Tk4ZcCgYEAn2yQ4lOLKEpxiTLhGmDl +IuowW57i0r3QlkwfhvzhEjN3u51RUIDL2+OypMZng7FkGJEnmsjrrTemswgMnca1 +cPBhdofRIZkKcsAvTzntkwWOpqIiwFJLUS2cpS2MrkACDGuB7OzAPPRn2ybQZ5XO +GCRE+vraCgRvuakD01NnIgs= -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID5zCCAs+gAwIBAgIUJMLeJCsPMuRPkCXuMs52RwfFbAEwDQYJKoZIhvcNAQEL +MIID5zCCAs+gAwIBAgIUAYDeF//Jvzjf1eM+TBMe+oo6hhwwDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA1MDEwOTI2WhcN -NDYwNTMxMDEwOTI2WjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx +MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA1MDE0MzE4WhcN +NDYwNTMxMDE0MzE4WjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV BAsMB0RyaXZlcnMxHjAcBgNVBAMMFXdyb25naG9zdC5leGFtcGxlLmNvbTCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKo7LamALLnlKU+M558WCjzXg1CJ -NlTOOyW2E53u6hutBgKgsLk3ZDAHUjomWwm4OKCja9adMHydPCO1p/WGcC6a/WgG -9hXbmzqeY/o6g7PeuorRmpOZcx3tmUJaLQqbCCV8kKwuwUWkaA2CLVb15TNUhonc -FpsbTafFFNyxXmjEAjNh1rLGpn9zPMC+F8PRsqV+cOR/KxYUQ/5uAdKo1tm1gPj9 -pwcqPnPLkPK+R/7isRYmtqyqMlbr1D99GPh5pilcjPYmHwG13ofywuy5wzmogpwT -AvDucBIsmwoBX5M7SNRs8MQZHatTEoehqBPpzWk57Fr4ywVoBaZSsc4gWC0CAwEA -AaNkMGIwHQYDVR0OBBYEFH3RUzpBaqpydyCy2TtnS7kTvBT+MB8GA1UdIwQYMBaA -FBVUg7McKdezoLQJTeiDCxobmW5FMCAGA1UdEQQZMBeCFXdyb25naG9zdC5leGFt -cGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEADEIdgN8segXnSrWnZiWS0dd8qKUx -k8+LQjjhjds9CPh1sq20BPqSmiL2kG+fpzyKqgpcv9BbZB3fpBCfdjfcT+Fd3ceA -HNOvkGdm87mxhvCQrmqkKEPjCDBFgTE8o1UxNTCHEBZ5z496NQ+GrbNzvZRC+QWd -CEI3VtRY0k7tDOmZWZLaPU+E6IPAvMbP2Uaca0Oo1lqPFab5hQkvwjZQa316WcE6 -ZA3PU612Z1xTX2H+mR/uCmUJTJNttTZcLFGjc3XM8aZSuOvBVdwoy1YYeB7pUBL6 -NmYtemygaPiBrIfSC8CrWFL7mtyaZJ7UukniGG5PH9WWm5YRM1lzlZNezQ== +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIfHSMmFlKxPonuplnf7Xky8F12G +L0Of5TmSggw8Tu0s4uXJ1seEpBQu27YVQbg1ov3CuZ+EgOZLJJxOlz/VJJxWagPO +sBKPtjD9+K+PQCl8G9BQjO21b4L3N3WcsXK65hm00J1wT8xC798uzXqvL+8GzleA +fIgLF5KEXL95OFXHzFzOtLD3c0fN0uHeDkbfyygmXSQ7jPoYsiOGYSB6efngZY5q +TMqtIzaki7DeAUzt3eySv42IHDhRmkHaxR8kW7AxRoRztuAby3t1FPdoyhaROtpO +vfwhTSDQH+QJyOgC9X+VteqlbQmvNY35k+RQtChRkZ+Pbdx6a7yJrQQEksECAwEA +AaNkMGIwHQYDVR0OBBYEFCXWhDoXLKT10klVaEv5Rf524HXSMB8GA1UdIwQYMBaA +FAedCCKz7kaIvK9mkpHLdhyfGtFyMCAGA1UdEQQZMBeCFXdyb25naG9zdC5leGFt +cGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAtluArK33MrFPHbNBy6D01AcOk1sy +p2S++XGdPTyNwDGSBlK1FV29WPDt3WzxJ01XB93KZ3jyW6DwuSEpi9sggkHiypU4 +gQZtF65eZACoJWsdxuLCVVOAUHxij6MoEl4O1KCSXEYIUUpTb6aoA6+xJmnS4MfA +2Y5Q1DlbPTm0i72PwCHzhoDYlYPR7yisWCzNtGlXLbAZ8JRlXN0YLS7pw8F4FISG +Cu/kE4LgqSt8cCKRT4jp2NLqKamfxTr/7eFkT0tkZP1GLtWKPpNKgydKbQUhO1NN +IJFrV1sJTzVx9f3+ITp8s6ZGzFWdmMW6+6e5Wt1Bo4TqrYeJfJJUlPVZzA== -----END CERTIFICATE----- From 5397e5062f136fd1c071c4f687727c676646654e Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Mon, 8 Jun 2026 10:29:06 -0500 Subject: [PATCH 11/28] PYTHON-5040 Use cryptography library to generate certs with AKI but no CA SKI Replace the OpenSSL shell script with a Python script (gen-certs.py) that uses the cryptography library for precise extension control. AKI is present on all leaf certs (required by Python 3.13 / OpenSSL 3.x chain building), but SKI is intentionally omitted from the CA cert. Without an explicit SKI on the CA, macOS SecTrust cannot perform keyid-based chain lookup and therefore does not trigger its hard-fail OCSP check, which was the root cause of CSSMERR_TP_CERT_SUSPENDED errors during replica-set inter-node TLS. gen-certs.sh is replaced with a thin wrapper that calls gen-certs.py. OpenSSL 3.6+ automatically injects SKI into every cert it signs regardless of the extension config, making precise control impossible via the CLI. --- test/certificates/ca.pem | 40 ++- test/certificates/client.pem | 96 +++---- test/certificates/crl.pem | 17 +- test/certificates/expired.pem | 96 +++---- test/certificates/gen-certs.py | 349 +++++++++++++++++++++++ test/certificates/gen-certs.sh | 248 +--------------- test/certificates/password_protected.pem | 101 ++++--- test/certificates/server.pem | 148 +++------- test/certificates/trusted-ca.pem | 40 ++- test/certificates/wrong-host.pem | 96 +++---- 10 files changed, 638 insertions(+), 593 deletions(-) create mode 100755 test/certificates/gen-certs.py diff --git a/test/certificates/ca.pem b/test/certificates/ca.pem index 7e79d7087e..9d7397cd62 100644 --- a/test/certificates/ca.pem +++ b/test/certificates/ca.pem @@ -1,23 +1,21 @@ -----BEGIN CERTIFICATE----- -MIIDwjCCAqqgAwIBAgIUG4yLbLc0MS98Rr9VPU52i4oeEcMwDQYJKoZIhvcNAQEL -BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O -ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA1MDE0MzE4WhcN -NDYwNTMxMDE0MzE4WjB5MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx -FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV -BAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMgVGVzdGluZyBDQTCCASIwDQYJ -KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMUpxRwvIP/vSWHitv/vN/T2k3zZO3+I -7j6fxLyQ3kqT9c3VZOCOV3yf9ESfEJpoKiOrUsWE7U/dBDT2gcBsYFuaRc9kzOzV -1XDIdfAhNMeSb9OHxW5gKN+bIiMOlEwzGsfty1hhmpAkZycfTkCvbQ/uyEtRApfC -QnvFYtn/gZ/1jXOa94Zz9uxDVwzBsCQlHf1WpD6h/Uk+QJWTj11osm6nGCFDkugd -BHF7iqcb05IFchM2u3MJQ9GcqHf+HIn/JuPbPP5/Y9kuFomHsabvqIq3Nj3iLUWx -emprLjwpchELbB4VfgOTX9dShQKPQaDZsZI/tsMtRe77AEMubDCsbeMCAwEAAaNC -MEAwHQYDVR0OBBYEFAedCCKz7kaIvK9mkpHLdhyfGtFyMA8GA1UdEwEB/wQFMAMB -Af8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4IBAQCjoRcYDpno/ja9 -jnRtJYBpqnKPv9L2cjChqMxQzfOqmD3aGW3mvn9tyqZ4gDpGrFuwojL7R2syALwX -OtII89+elyMuod/POley5nFBfko6UN6Ot3Anbk3d8YC7BeSJYlpOYJOjb5Cqk2ld -O8sUm2YxT64LdRQZbf0y068UgJiEhBUdY2gYrfj8DAjn+8TMOwXmXqJIzIdl+yX6 -jz8VL5RX++i79HE/PfqKR7uAgA19/KWcUUpT5dEJcFAH5uV+zP39ihlRCAYbEa/d -lI/p/Q4KfpdGSsNvrBK+0abYkH7JLsO6fXDhag8+es45LQPT6yCucXznq5tvl+QT -Z4yZLc0w +MIIDfTCCAmWgAwIBAgIBZDANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER +MA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNV +BAoMB01vbmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMg +VGVzdGluZyBDQTAeFw0yNjA2MDcxNDQwNDFaFw00NjA2MDMxNDQwNDFaMHkxCzAJ +BgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazEWMBQGA1UEBwwNTmV3IFlvcmsg +Q2l0eTEQMA4GA1UECgwHTW9uZ29EQjEQMA4GA1UECwwHRHJpdmVyczEbMBkGA1UE +AwwSRHJpdmVycyBUZXN0aW5nIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEAxTjF0WGvlWXVtzfL+sMHX6gAoS7G1Z0gL1p4iFH59YbGBbVRTgcOf3U3 +yclcyP5bxavT8uFYPwlKNrygUPEZZbc+kPWYuH75FA7KXTJSZxX/YPPV2RxoWljH +eoVapM1Fp6gVJ3MA7nPDGQw8KaRFWHW/7qO52hsHxPW+Of8cZwt473cqZTLpLqJY +jHkJOYDk9RmzAyCLTb1Jebg27MThpuBvwBRBmKXihsysLOu49v3Guk13sCPXhKhP +dGj4f6wJ4NMqraVhGrqcb4vBH/rwf4hzHWox/lEyBEZi2XOIg8pCd2AKrvlh23Pv +ar1MMTvImYNOGpsg1WXrUVGcT8WZ2QIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0G +CSqGSIb3DQEBCwUAA4IBAQByXF3qV07B5LF+YJhKzd/jc1si+rV45IZGHAYvwNx2 +Ftn7EKYGW/d4aGyHg2rTU0A0bch3EIXqE6zQH7YEs/HLDdfubRk6hIiddVGPJozK +Pw7tj5zReTFBe201X62+q8OypVbGZz2wXIGvh5H30c40s0k2AMpUi+DR5Dus+T+b +0if/Pwxsx8HCP1GMLQH6CpxD5gXCMVBGCg+dxZm1pnkZE3ZXHHWProyxJWdNmNK8 +GNWrl0PVSe7STBCmapoDJdgVXpqEz4+qJSPTXgL1HVX6o/wh+EDQRwCak269ia3x +GljNKUeJsvqh2iL3jz1l/vRYvkN5uq66YXEwacqP8NIM -----END CERTIFICATE----- diff --git a/test/certificates/client.pem b/test/certificates/client.pem index 33e03ae915..24a3a6eb6b 100644 --- a/test/certificates/client.pem +++ b/test/certificates/client.pem @@ -1,51 +1,49 @@ ------BEGIN PRIVATE KEY----- -MIIEugIBADANBgkqhkiG9w0BAQEFAASCBKQwggSgAgEAAoIBAQC4AKy3yN1ylUiC -rP8wqfYzO7c+l+lL9V8Itz05uzHDOnxFVVeVs0Xfvzb7Sc/xepnBlCIRDP5ucmyi -CQw2paK+Sqdk4dteBj5pBXpx5KC8oi6vIrU16gB46f1fpTVMpU6AxMbMOy0i8mtJ -SAH+YgBcyGjpix2I2PQUNSp2tAt9DJlxzmRcclJkkkyHZPMZPkCH0R3Fw6MIGwgm -h14eQhqxvUxcnXDKVt0y0e6uVU6dF7bqyAivzxIU3qFmxxWCsFSANppU0P6TBkIx -ysUgdV/rYkBVxIEi+NZomeGjR3/iKVkpo6yerQoaROWIWnJLLY5BzJc9oG5xnoAg -1qJM1EDRAgMBAAECgf9JSFDXDDN7jzkcfQn7DQtLxwdpm9cECZWamGAqE1lJB+IL -5bwcQxTGfWwdvigIuhYX+DIZLbOntAAlXgp0jpi3xm56H080WLLtNjauEFXJdaO3 -h3s5yG39D4l6A7JWnv/FCUSj0m2ySBpdSpsrVUdlAexxbJaMCjGBBYEEBcZi5r95 -e8K/F78rZXuHJbHfOx+xhKwyIalM8wyp63v6KLBscDy+DaAunOJij8NCpEwENohU -R15jAr60liAOnqJpvUctjjiUdjztbh3v9pQaOrsQ1wgGUL86P7rWV6TgXDe/LWel -6MNLJ/N6Mwmy86Qjoz4mlnaY4LYBUWdAzqd/zKkCgYEA3KvY7Kd4tTs/iElMGk0v -k+l4rONn/GjabyOkkZlc7TulM+7DDKvd/V+ms8c2E1TpW6c2Fn7gaBuC+Wfw23T/ -kXF3T0jFNLI4zOHjE33yT9fqg+0m1iAPVgn4e0eQ+xeB0fr3ILl7hbQY9n3fAM6y -DjfrWDhbDr4x4gBy6C4J70kCgYEA1XX5D8Roa9sGA4RjZz0FlUT1fq3pxEt9O+5a -bId3BAjd1nv6vD6Dln5AGLizv/VnQA/W6lj9ZfPsPrQMQHUpHaeyrcewmbfJ5PVQ -YGQea7ZjuCU1T0IcjrHvLYZIHqAGPrOxDzRiLYuPmKwkl9yokqs1LWYgt1nMd93z -mYwF3UkCgYBhXESqLT2ZoFlolQZJuHJcbS78AJ1ZhR2S2YP7ZVHVrXI3FoniJlYc -Oz5+pU8bemQ3NvArPrFd3X2M8qoW+Wjkz84XIgE4PcXHx4X7jJ8DUT08Fb8DzENX -77A9HBdAYV+6uGKegpeYJxy4bFKetZNjqJJiawLp30p87zvDasShWQKBgA7+5qxQ -4/UPwfBlUIZkJwxBd+2aUh3UH8wiBoAxVA8YgF0dAJRQ3/WmkOIrt5T4rHQ3qKV1 -8vdCl4ogI+wzTtwid871hFaILsrC4Q6kee6fNYouMvyKbG8p2N+d21srasTk4r9q -sqr4bvIOxdNVURJcrLOvxQScblzNXtuelprhAoGAf51AFgJR+K13Y329T3Lex5ee -qvjMMuJIKMTddj0In7TeL5MqUBtMNjvmXQ/mJ2kAyAl7yod6xjAqmTSNc3Nju6qB -/9n2u8NBH9CRdxq7m6mJIbfvAMlqPw32B5jG/dP65eFacsjamTNjWcDy0coZOcQ3 -OfeAwH0y5PwSCsVtmLs= ------END PRIVATE KEY----- +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAuRygTOnG7ttRP9IV+fdZbetsMJ3QCCLhws/Vv+zGUqHLR8Qo +G0J6PogYCBGQnXTy3NYN5N1DBH8k5pxamyAQERp/hW41re4oJ88i/OIK2PCRDdnI +4SnEZTOX9iLcdGR8sQoUtW8M2G6pNsvKiZhYskwF/oSsJnLda898KMKf6wCW/TF9 +9W4wlOSgdTvcAB+IrpZ2x2uBUJuyERvKy9k5WfxP2ikdHSXxIw4kwMokXLcJ1Q2k +n7COBBv00K7rBJyCdkrTE6hDnbfzsVZTuTEmaFp1TpDpOXge2ih5YMDREfscEcCl +R7jJpTL/LWbUy0n8TFqfvG5M6NIyJJFwajl4BwIDAQABAoIBABNsopGPknVsBCmb +RP0W7IZxRsgPN04zQtdrcbWTBfiTy737Im5B2owHQeZO2Yr8Q6PSvmB+q1KkeN3O +GF/gzG7PBgSdXPqkXAhZXwWEPrkm/UGj0cV22Yn5EQAeBl4cUU1Ojn+/aGypqA38 +8oLfvqbu/U4I4/ug4AU5H4Ezcw54sq32xCs/pzcNITOGRpIeNjynW+WtnTsWNOVm +KBMagHitFGavNnBbeiHsg7RsvSYZ2NYlr29yCpJlZFBZ3hYxC9ZAJiXWEYbBowxW +Uk9f2GSNRBytzsVRzhkL82/DUfKXXXXjOj1GZlnLaXUHZwvE7s0fteKZMpFbnUi3 +EWaRekkCgYEA3W9PP6bwkVP9D46NSg4AwFBHSrnUZ5GeOMwGoeagAEX7H1Exs15R +gfIKc1hRUYw+4b2zy4pgnsBRVJcAHOZCvOR5N/6nlFWU1tGBkQPBxTXN5jwoew30 +PQzQsRcHqMCxwysw8+nDsY5J5SGdznUFiOkoYi7XHM0tP4UL5qjF61sCgYEA1gHT +H/ec6VflqHpM9hFcTaQMOFYMn/4SNX8wk8wmN28AJPd3WkaOp8vsSr4JdefFz7fP +khbbpDOsmH3ynSCnWUT8XPQDRuhsmm/hUZd2dhDydSo8OhYzYoiV5NA6alJaustc +bbWjEB2xxnVTKnoBMz7rZmDEmM2ASz6vVowAAcUCgYA7wBFOR6maTWN3kyuk0+p3 ++jGChGpAGBbtlIAlp6l86WU9qhcTI1wzCDCxtx8aNhGxsBKX1ZsEuzg27xfktG1F +sxDSfzCQ4hbrcFTZ4H2kzUPl4E28BqPk5VRatLAoZPaSh1EKQAXCH3bpEQ0X7JO1 +wdRXyfPZnbOb9Dal4tylCQKBgHFtpilbZJ+JJwCVUhVaPkIooRF7ClYCpEQWlfjA +S8E15C2zvF7s5s+pFiTHdNw5bG8cTbhwxRnTCbgJiX4ewJRgLCJYcyQyLN3uTs6g +KPmLIfdX23QuMC4ZltkgRNX1sIExKFw92Z/BHWjC5sGsyNYQk1RAFfOneEhpgSWu +LpLBAoGAGrcpDU2lw2iDmaDYqItDlO6kbAcoAb6iQJJXc3c9vdEAfDNbJ+qO+T/a +3YHQ0/1w1XelHDa2ZCwbis2Ik0S6Q73wcapIjEV5+7sWWwZbUM7yPMUoqOe19fdt +aqE+sHpUAAduzULRoeh7/oxDoD+Ha2CfOgElnXctZWRvOxnFOVc= +-----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID1DCCArygAwIBAgIUAYDeF//Jvzjf1eM+TBMe+oo6hhswDQYJKoZIhvcNAQEL -BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O -ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA1MDE0MzE4WhcN -NDYwNTMxMDE0MzE4WjBpMQ8wDQYDVQQDDAZjbGllbnQxEDAOBgNVBAsMB0RyaXZl -cnMxDDAKBgNVBAoMA01EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UE -CAwITmV3IFlvcmsxCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEAuACst8jdcpVIgqz/MKn2Mzu3PpfpS/VfCLc9Obsxwzp8RVVXlbNF -3782+0nP8XqZwZQiEQz+bnJsogkMNqWivkqnZOHbXgY+aQV6ceSgvKIuryK1NeoA -eOn9X6U1TKVOgMTGzDstIvJrSUgB/mIAXMho6YsdiNj0FDUqdrQLfQyZcc5kXHJS -ZJJMh2TzGT5Ah9EdxcOjCBsIJodeHkIasb1MXJ1wylbdMtHurlVOnRe26sgIr88S -FN6hZscVgrBUgDaaVND+kwZCMcrFIHVf62JAVcSBIvjWaJnho0d/4ilZKaOsnq0K -GkTliFpySy2OQcyXPaBucZ6AINaiTNRA0QIDAQABo2QwYjAdBgNVHQ4EFgQUPQii -N1XUM2emxoJgNj8ry0yxRh4wHwYDVR0jBBgwFoAUB50IIrPuRoi8r2aSkct2HJ8a -0XIwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB -CwUAA4IBAQBIcLppLz1x+xEqvIWuopnRNqejMOxBqoHgoJs4p8EAmgi0HYZZq3NA -EnIMWE6AUIDbeI1bM64oKY17dQrNKF0okoNUNXW66vfsHLiKhnXsAxanlCeHLYIZ -cKS0/npzpFhKPd2GZM2jPXDNM2u9RAyoi+da5/NcWEoH6QEeAoll5/7dGABS2EM/ -tnKf74sjVQuYwPcWP0S4d5PIkb1t9PwCaKQ0wwZ6WM8lmtiiWOVNpgAjszBrvR5F -52xHHyoTkoXJRd/xV+xD2QPxPX12haVSeQNwAeW6vg4U0oSAECC3WIS/TfnkP1zS -cbmduwH5VCdKRaJXcKXP+YuK8XQfV3IA +MIIDojCCAoqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER +MA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNV +BAoMB01vbmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMg +VGVzdGluZyBDQTAeFw0yNjA2MDcxNDQwNDFaFw00NjA2MDMxNDQwNDFaMGkxDzAN +BgNVBAMMBmNsaWVudDEQMA4GA1UECwwHRHJpdmVyczEMMAoGA1UECgwDTURCMRYw +FAYDVQQHDA1OZXcgWW9yayBDaXR5MREwDwYDVQQIDAhOZXcgWW9yazELMAkGA1UE +BhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5HKBM6cbu21E/ +0hX591lt62wwndAIIuHCz9W/7MZSoctHxCgbQno+iBgIEZCddPLc1g3k3UMEfyTm +nFqbIBARGn+FbjWt7ignzyL84grY8JEN2cjhKcRlM5f2Itx0ZHyxChS1bwzYbqk2 +y8qJmFiyTAX+hKwmct1rz3wowp/rAJb9MX31bjCU5KB1O9wAH4iulnbHa4FQm7IR +G8rL2TlZ/E/aKR0dJfEjDiTAyiRctwnVDaSfsI4EG/TQrusEnIJ2StMTqEOdt/Ox +VlO5MSZoWnVOkOk5eB7aKHlgwNER+xwRwKVHuMmlMv8tZtTLSfxMWp+8bkzo0jIk +kXBqOXgHAgMBAAGjRTBDMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcD +AjAfBgNVHSMEGDAWgBT4Dj3pNC2ZWJ8q1sWwfkj4H03pmjANBgkqhkiG9w0BAQsF +AAOCAQEAXB/eH7x92bayPaBXr+Pcm3ZoQL22la/YByga6N42xwPNHx0mH70hbf6R +zOZw1pU3vJ0Rx4mrQkfjNE9UkrhHvyF/jdhtyaaneLrE1NiAZfdhKkU4dLb9kV6u +hf8X0Z+Lzo7NTLPJHo2uVaYoVvgOamYK1oALxlIYiZkonCHHXJyCv6l/NQHVwXGd +0QSFYslV9NkpW913T/ZcX3doQ81yLdl4HlzI3Ta+AF7pqnxBibtEGECIYW1Jl7sn +RIiMMcz0gwXMghgdqI//8pO3tvfGBx0nBaKpB+y4hHlbfBlVUVKZA4tndSE3RNE+ +MOhV6IIFKhYkejnmhLQitvpybFqw2w== -----END CERTIFICATE----- diff --git a/test/certificates/crl.pem b/test/certificates/crl.pem index a258bcf23d..2cd6afd097 100644 --- a/test/certificates/crl.pem +++ b/test/certificates/crl.pem @@ -1,13 +1,12 @@ -----BEGIN X509 CRL----- -MIIB6DCB0QIBATANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzERMA8GA1UE +MIIB2DCBwQIBATANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzERMA8GA1UE CAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01v bmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMgVGVzdGlu -ZyBDQRcNMjYwNjA1MDE0MzE4WhcNNDYwNTMxMDE0MzE4WjAUMBICAQEXDTI2MDYw -NTAxNDMxOFqgDjAMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQBh3+5E -QMyGj5BWnN7hC4/ZNj5Q0Rfm0qIZrKQJ2EsiRo/lT33/QGv1oHdd/i7QOWee3UaA -uow1hxHhhUw1gwL6RZz2HmxxxvsecoYIImNq4e+D3Na6B19earihYiZs6JXOi0n0 -2fMxvKd0GqhNyva5nZSNguoL2Bx6nMt2HH0jjKbJYLhfW21aazXjqLBbvXyJ6NMg -Mnoh7/23fqnjtow2lGcICq5N5lH0wvNb62xyqr4viaYy0Heox/yr0DxxAZ9ipXYp -3Ru/T2bnfu0gt+pcbdHq4u+FXtaila08P4pAMHKaXFGpxlv6S2lTuKKMgIV/yKtR -Em4RerccVwXzeI6T +ZyBDQRcNMjYwNjA4MTQ0MDQxWhcNNDYwNjAzMTQ0MDQxWjAUMBICAQEXDTI2MDYw +ODE0NDA0MVowDQYJKoZIhvcNAQELBQADggEBAIXW67werrJCUtUgkbYEzqb2CxQD +/ayr8bf+0vlVoi4w1xjh8C03s3NFBDFSJ8kGQaNMR+Oko9gATUwkY+21+XCzT+4Q +wjaDrJKu1zW6L6aBG8gxOGoxcDbEDizQX8cl9QMIPxDHcslqXGgWlO6o0YOYHThi +BfM1jPP21ZcuQNH4NpnpjhmnIwj5HDYdHVuWKCoxLkpBR/tTMJOtT7g5Pfle5RvU +TJNmY8noQ5TZbO0wJvE8Jb1H531q0OMdgrZ0kM9y2+QudrdDclblvUdpAnax2Jjq +up49pMnDy1hQXgpJffiS4CzVzV9AEGhPgwIdV/xBGFw4xbYVoBaIRnWo7VQ= -----END X509 CRL----- diff --git a/test/certificates/expired.pem b/test/certificates/expired.pem index b0d50b5200..5ddf325461 100644 --- a/test/certificates/expired.pem +++ b/test/certificates/expired.pem @@ -1,51 +1,49 @@ ------BEGIN PRIVATE KEY----- -MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCUqmrhMtP8RnGs -9TcWYFHSdLjdjezTmCNCVNIPnTky9oX7O6MwCahwaXJRNmGSvED2DK1q44QbSNRX -WMBtTFhckmx2aRCGVfaRFHHaUx58+DWTDQyc3YHQgIw+wo8endBlcSaCiyF6A7Xd -oir8IGTL90703GwS8pqM+urY4QcgrRrVfoGWgEdzLUSlqk1hC+jFwh0++Ob7EzX3 -I4WfUtLhRRevhS/V08PT1Q4n3kxUt3phFPFD5sb4dIUAZLbNmQ1oO8nnIjpQwhMC -WlAwhWVNYf8H9zkwW7ZPLT3hSeqgrUN1/l0wT1w5AaVElnrDsai2j/3DQdfW18qK -59Y+/y+/AgMBAAECggEAHSCwtTPYvfZtYlZfNzajAWmWKO6cRq7pxZ7J035aDSap -BJrgM9LImlHGsKvHfVD+J1c/iRBPu2rPE9gTR7bsHyMfNioKr09bcnx/fCfJ8vFM -yeWGIZvyyc/N6qQDF5wTDzUWtwAcjIP6l5Sk+GY+aYoogahIUoQPDO1Co0CfvWJw -wpAlaAIvEO1RgaEQVEq3YgbCIpmDEjgwQllVqQ+QBkXUDsw+aYFaktcYkz+LPp6M -MtPhe4DLRABeqDsFtLbi8L07rDdByZNDCa3GFLZOy71YrHHzqENAzvy/6HN+SYn9 -elrWc+qvuSRP/z1JBa8P2Bf5TLCKgSm5amRMFm4brQKBgQDJJF1PA5jmPKiG0ftD -ASn5375OGnTw3SkDFEWJKbEVu2TUa6eZhqUQzRz0j9qNDnpaVVa+88c/tJl1lymV -RG+EsPsoKzHEQJ5FYg+SJz/IR5XMqO9D9Yd+vGRBY9nqO7Q5lbyQqdBiHrQIzKS8 -VRCobA8MZSyGUifnJPNS6JXfqwKBgQC9Ni46GNF8za664JTfyD3PGq92edzMAWZd -x5yLBUC+eh9WKawjr98FFS4UEH22Hrznjp4FqqQnQ04DaDNd6Peeb0G9co2LSguv -8PXiuG4QshmA/yHLTFXbAGCPDV/CF0XqPTyMpHVax8Du/ITpucykenm83s8lhf+T -FwzvqQasPQKBgAQmQ+aFZHobdj6RxmUzePI2s25ZDWCKr3XozSZvPb/9Ba98KRD5 -vh4CnT5OWWvfiJakfA2kac/eoevTGoCB0Osj24qQmY465wj3ZOrW9HHlSCnYslbs -kccDi+3taWlzodwuQp2ZYzsi9wPXdO6NsrJGyGixDaIXv8r88CgdtDnRAoGAVSG+ -lNc70kp89oo7kaB35uobzlOwO33ZwBIi5g37/nfWB5+CWyAzWQcZj1+IIFweJJVv -lh8b8qp+vFuy2OsMFpX6XzHea7BqJ8Rj7ZmLtCld/kNMwjrbWkkGKPccgaiVBXp9 -9s28G5dKwHyPlNXLNKoCgi9BxqFOx7CUWnSTkwUCgYB2a+06EPZi290XgnnN2akt -/GI2xdnY2GDF4AyZuslffdm2MV8Gl8d0xUi5zkps7oEoqJUFg88FUxnnVxTAycLP -gJBSquCgzYaTlg7UrrYEUu27w+VV84zUzf9qnAy+YcqQcyROoDugP5AEhGoXLqke -DwKg2EIYHmc/qhVQXCKvuA== ------END PRIVATE KEY----- +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAq4Pw2/PV4aBoSt1YE1d4SFL8bi4HaypP7J/cdW6RtxloXKr/ +DqfVQPDdiTIWQE5lrKDzqDpA4Ms7ecIH1iRnEvGXV1Ylj+n+gBF2Vi7UE4JGKbnx ++10X7ysy3X8hNwN571lxvjnVUaO6IHEjLlhNXOsLoOvOz9C78Evk4rRd6dNpt9du +L+4y4XunstTTbqsuV7puzR27HCkwn3Xbz470jPMpUQJ/NRPA9b6+WHaEI7kEp805 +Sklig8nap/GdDxd2i5EPZqpcbgV0RfN42t3Qsak98Beb919xR01GXU1Jurwn2wcJ +EUAnKbBxXyIx4Ltw3Bfald7htvFryhhKjx4tWQIDAQABAoIBAAg0Ma1nqqOV718j +Wr7kGHAHLiVcBMVSuwtzsxEX5pbmO3hxQm1ySDBIxSP2lhth1JmvAjCaBrfp6LCg +gAz1ZUvB7A4EpBvP4rk//JPPPhwnx1DgIMu37njlbVOsbMuLmkXBVsA1VneG+BRs +rPTeyuaGpKIAHX6RuqeaDbrtSy+vtbKPdmuc6g+ariIpkrI920UDdgbfpFAu/4hs ++951C+RVvu9+ZX5HhVFw9/q2+qxGzZj6rbMuSGxifb2ftnMEFAWDUzCI8sPB3QwH +F05zYbMMA4zS0QIVvbYaJN+HEDaOYFXC11hHWfDYZL/Wt3k/evUJd2pExKajomNU +qHHhN70CgYEA5yr5en/uywMVahYzXY9hoZb9v8kt69Nucpkq/sRJ3ZDV7yDr0b3k +0jAc2Up105aq4EBp2tya/KdY4TPIzVeOZ9FZL2rSly4uI8QohSRo4hjCBc5z8SKl +OESFqFruSlMXIaVc5I/R4sJUCnvBkeQw7j4QFFFIR6UcTJBvaCq41X0CgYEAvfCL +9iwPhTnTBQ0WVbtPOYF9Kk1xLCwPWaTS2lAkFsUZ9YIdVZmQMCCvpDKSWUVVsPJx +A0K/Rg8pkYFFPs3EOI2PV51DZrSCgDAdxikZby9amrG1KEwUyR82B9VWgVhIxZnq +KNL1GVRoYOhcnkY/Zv4dn7PnRfEPvCXU65OQjg0CgYEAy7cJZ7S6IVm0U2sBFSA3 +74j6UTrfJwWKPZ9RTnZ4ibMLdNJUPt/TeI9BvRNrRm1uZHUfU+o5AxIOt1dFTAAu +1Lqel7TRpLzjmE1TUBHIBAfBZBCOCCB57V4lUzne6MzUg6gQdrNvSR/ro9lvujuY +CzvSO7VttwWALNDT/L45aJkCgYEAiUg7YQonjZtlsdjrs7tWX7H/zXt7uPl/fsNq +wu/5pZuAT7pjiWMcnCyDxqHmtS8v6FzS4hB0PybmXIyah/IhSN7IJAM+nBUL3arp +WjiKcZpAWl7nGOEkhNlSLAc+Ju6wamH8pNUU4eHoL2LCzoLngIFa1/snxZ2eSdbu +NfbKHGECgYBEdsSWW93KOU4DbEezFWFd83H0ySvf1crdHr7psWBXTpYLnKN9HfS/ +GZ26sYeeq3ouJxG8Eb2yhYCtI20JnWk8lhjYA5lQSA6H0nyqrzKRfPdGerhTKgDK +FHUALHvAM6yF7EpA0ibXGCSrDHJAGGIlMAyUzObbDlTs5+Qwd20+lw== +-----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID5zCCAs+gAwIBAgIUAYDeF//Jvzjf1eM+TBMe+oo6hh0wDQYJKoZIhvcNAQEL -BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O -ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMDAwMTAxMDAwMDAwWhcN -MDEwMTAxMDAwMDAwWjBwMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx -FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV -BAsMB0RyaXZlcnMxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBAJSqauEy0/xGcaz1NxZgUdJ0uN2N7NOYI0JU0g+dOTL2 -hfs7ozAJqHBpclE2YZK8QPYMrWrjhBtI1FdYwG1MWFySbHZpEIZV9pEUcdpTHnz4 -NZMNDJzdgdCAjD7Cjx6d0GVxJoKLIXoDtd2iKvwgZMv3TvTcbBLymoz66tjhByCt -GtV+gZaAR3MtRKWqTWEL6MXCHT745vsTNfcjhZ9S0uFFF6+FL9XTw9PVDifeTFS3 -emEU8UPmxvh0hQBkts2ZDWg7yeciOlDCEwJaUDCFZU1h/wf3OTBbtk8tPeFJ6qCt -Q3X+XTBPXDkBpUSWesOxqLaP/cNB19bXyorn1j7/L78CAwEAAaNwMG4wHQYDVR0O -BBYEFLwmWBzr5HQiC9AMIH8MaBKiVhPGMB8GA1UdIwQYMBaAFAedCCKz7kaIvK9m -kpHLdhyfGtFyMCwGA1UdEQQlMCOCCWxvY2FsaG9zdIcEfwAAAYcQAAAAAAAAAAAA -AAAAAAAAATANBgkqhkiG9w0BAQsFAAOCAQEAvAHnUpmT11dC3y6sEUyg5EqSQSD9 -dpOEIVnQ8kLyLAEhxu2LNyJFM0s+luhe4m/5OINlyOKizjGAA0MXjShNFfLioIlf -Gg1gPeTvGXJofIrHPF5EnVLcGGx3bjn3E5d5MEX2V6swA5jxcoiJpfIJACfZfY3M -n13NNIXKXtsoXE8G9HuW2TkINnyJCHJPT6aD7uuA+UElvGMQm1XEZiE69VZbWGgx -lCsR5Y8M9PaXJaO+WGubr4P08LAa+ZA/zFbJyY5ThXr15GkatW6kQvBo1g6zOdGp -inJ+VxAgjOMSlmES3IgypKvliTp1rSRU0j+xwGQNZ2j46ju+oqfV1bQ8wQ== +MIIDtTCCAp2gAwIBAgIBBDANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER +MA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNV +BAoMB01vbmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMg +VGVzdGluZyBDQTAeFw0wMDAxMDEwMDAwMDBaFw0wMTAxMDEwMDAwMDBaMHAxCzAJ +BgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazEWMBQGA1UEBwwNTmV3IFlvcmsg +Q2l0eTEQMA4GA1UECgwHTW9uZ29EQjEQMA4GA1UECwwHRHJpdmVyczESMBAGA1UE +AwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq4Pw +2/PV4aBoSt1YE1d4SFL8bi4HaypP7J/cdW6RtxloXKr/DqfVQPDdiTIWQE5lrKDz +qDpA4Ms7ecIH1iRnEvGXV1Ylj+n+gBF2Vi7UE4JGKbnx+10X7ysy3X8hNwN571lx +vjnVUaO6IHEjLlhNXOsLoOvOz9C78Evk4rRd6dNpt9duL+4y4XunstTTbqsuV7pu +zR27HCkwn3Xbz470jPMpUQJ/NRPA9b6+WHaEI7kEp805Sklig8nap/GdDxd2i5EP +ZqpcbgV0RfN42t3Qsak98Beb919xR01GXU1Jurwn2wcJEUAnKbBxXyIx4Ltw3Bfa +ld7htvFryhhKjx4tWQIDAQABo1EwTzAsBgNVHREEJTAjgglsb2NhbGhvc3SHBH8A +AAGHEAAAAAAAAAAAAAAAAAAAAAEwHwYDVR0jBBgwFoAU+A496TQtmVifKtbFsH5I ++B9N6ZowDQYJKoZIhvcNAQELBQADggEBAE1vb99WxOr5zlobULL8hrjCXbH5dkL8 +djZfloUZiflzmz5ICxkBe7irBJhK8k4CdE1+NsYHXeEbnfaPxV8Ex8ytQhS7xAOl +nw5TnJX7Su2N9lFW9TLh1nBPX7JxZtK2tCGKM/iTWDrJUw75DadZKexMSZaV0SZR +bjKj/jIFjf4mqkLs97pKXvhjbq6PN0VdRcE+PDxMrAZiJAoF/WThiJ4DCOpts6iQ +tWEcaf5poR4HNaehFS3H92X8Ots5On6nhTlfpMSsDxZjg+c5OQ33yIdgMh437LJL +XQT9eqoqw0l0VUvBQlWTpHZPwH+nGJyj5Jqe1Lo3W+G7I2sDpUPnbBk= -----END CERTIFICATE----- diff --git a/test/certificates/gen-certs.py b/test/certificates/gen-certs.py new file mode 100755 index 0000000000..bf44694a03 --- /dev/null +++ b/test/certificates/gen-certs.py @@ -0,0 +1,349 @@ +#!/usr/bin/env python3 +"""Generate TLS test certificates for the PyMongo test suite. + +Certificates include AKI on leaf certs (required by Python 3.13 / OpenSSL 3.x +chain building) but deliberately omit SKI on the CA cert. Without an explicit +SKI on the CA, macOS SecTrust cannot perform keyid-based chain lookup and +therefore does not trigger its hard-fail OCSP check, which was causing +CSSMERR_TP_CERT_SUSPENDED errors during MongoDB replica-set inter-node TLS. + +Usage: + pip install cryptography + python gen-certs.py # run from test/certificates/ + +Password for password_protected.pem: qwerty +""" +from __future__ import annotations + +import datetime +import ipaddress +import sys +from pathlib import Path + +try: + from cryptography import x509 + from cryptography.hazmat.primitives import hashes, serialization + from cryptography.hazmat.primitives.asymmetric import rsa + from cryptography.hazmat.primitives.serialization import ( + BestAvailableEncryption, + Encoding, + NoEncryption, + PrivateFormat, + ) + from cryptography.x509.oid import ExtendedKeyUsageOID, NameOID +except ImportError: + sys.exit("cryptography package is required: pip install cryptography") + +SCRIPT_DIR = Path(__file__).parent.resolve() +DAYS = 7300 # ~20 years +NOW = datetime.datetime.now(datetime.timezone.utc) +NOT_BEFORE = NOW - datetime.timedelta(days=1) +NOT_AFTER = NOW + datetime.timedelta(days=DAYS) + + +def make_key() -> rsa.RSAPrivateKey: + return rsa.generate_private_key(public_exponent=65537, key_size=2048) + + +def key_pem(key, password=None) -> bytes: + enc = BestAvailableEncryption(password) if password else NoEncryption() + return key.private_bytes(Encoding.PEM, PrivateFormat.TraditionalOpenSSL, enc) + + +def cert_pem(cert) -> bytes: + return cert.public_bytes(Encoding.PEM) + + +def aki_from_ca(ca_key) -> x509.AuthorityKeyIdentifier: + # Derives keyid from the CA's public key directly — no SKI extension needed + # on the CA cert. Python 3.13 / OpenSSL 3.x require AKI to be present on + # leaf certs; the keyid form satisfies that without requiring CA SKI. + return x509.AuthorityKeyIdentifier.from_issuer_public_key(ca_key.public_key()) + + +def server_san() -> x509.SubjectAlternativeName: + return x509.SubjectAlternativeName( + [ + x509.DNSName("localhost"), + x509.IPAddress(ipaddress.IPv4Address("127.0.0.1")), + x509.IPAddress(ipaddress.IPv6Address("::1")), + ] + ) + + +# Canonical names — kept stable so tests that hard-code DN strings keep passing. +CA_NAME = x509.Name( + [ + x509.NameAttribute(NameOID.COUNTRY_NAME, "US"), + x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, "New York"), + x509.NameAttribute(NameOID.LOCALITY_NAME, "New York City"), + x509.NameAttribute(NameOID.ORGANIZATION_NAME, "MongoDB"), + x509.NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, "Drivers"), + x509.NameAttribute(NameOID.COMMON_NAME, "Drivers Testing CA"), + ] +) + +SERVER_NAME = x509.Name( + [ + x509.NameAttribute(NameOID.COUNTRY_NAME, "US"), + x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, "New York"), + x509.NameAttribute(NameOID.LOCALITY_NAME, "New York City"), + x509.NameAttribute(NameOID.ORGANIZATION_NAME, "MongoDB"), + x509.NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, "Drivers"), + x509.NameAttribute(NameOID.COMMON_NAME, "localhost"), + ] +) + +# Attribute order must be CN→OU→O→L→ST→C so that MongoDB's reversed-order +# x509 username string is "C=US,ST=New York,L=New York City,O=MDB,OU=Drivers,CN=client" +# (see MONGODB_X509_USERNAME in test/test_ssl.py). +CLIENT_NAME = x509.Name( + [ + x509.NameAttribute(NameOID.COMMON_NAME, "client"), + x509.NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, "Drivers"), + x509.NameAttribute(NameOID.ORGANIZATION_NAME, "MDB"), + x509.NameAttribute(NameOID.LOCALITY_NAME, "New York City"), + x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, "New York"), + x509.NameAttribute(NameOID.COUNTRY_NAME, "US"), + ] +) + +TRUSTED_CA_NAME = x509.Name( + [ + x509.NameAttribute(NameOID.COUNTRY_NAME, "US"), + x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, "New York"), + x509.NameAttribute(NameOID.LOCALITY_NAME, "New York City"), + x509.NameAttribute(NameOID.ORGANIZATION_NAME, "MongoDB"), + x509.NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, "Kernel"), + x509.NameAttribute(NameOID.COMMON_NAME, "Trusted Kernel Test CA"), + ] +) + + +# --------------------------------------------------------------------------- +# 1. Drivers Testing CA +# --------------------------------------------------------------------------- +print("==> Generating Drivers Testing CA...") +ca_key = make_key() +ca_cert = ( + x509.CertificateBuilder() + .subject_name(CA_NAME) + .issuer_name(CA_NAME) + .public_key(ca_key.public_key()) + .serial_number(100) + .not_valid_before(NOT_BEFORE) + .not_valid_after(NOT_AFTER) + # basicConstraints without critical flag, no SKI — matches old x509gen CA + # structure. Omitting SKI prevents macOS SecTrust from resolving the CA + # via AKI keyid, so it skips OCSP revocation checking for inter-node TLS. + .add_extension(x509.BasicConstraints(ca=True, path_length=None), critical=False) + .sign(ca_key, hashes.SHA256()) +) +(SCRIPT_DIR / "ca.pem").write_bytes(cert_pem(ca_cert)) +print(" ca.pem written") + + +# --------------------------------------------------------------------------- +# 2. Server certificate — serial 1, revoked in crl.pem for test_tlsCRLFile_support +# --------------------------------------------------------------------------- +print("==> Generating server certificate...") +server_key = make_key() +server_cert = ( + x509.CertificateBuilder() + .subject_name(SERVER_NAME) + .issuer_name(CA_NAME) + .public_key(server_key.public_key()) + .serial_number(1) + .not_valid_before(NOT_BEFORE) + .not_valid_after(NOT_AFTER) + .add_extension(server_san(), critical=False) + .add_extension(aki_from_ca(ca_key), critical=False) + .sign(ca_key, hashes.SHA256()) +) +(SCRIPT_DIR / "server.pem").write_bytes(key_pem(server_key) + cert_pem(server_cert)) +print(" server.pem written") + + +# --------------------------------------------------------------------------- +# 3. Client certificate — serial 2 +# --------------------------------------------------------------------------- +print("==> Generating client certificate...") +client_key = make_key() +client_cert = ( + x509.CertificateBuilder() + .subject_name(CLIENT_NAME) + .issuer_name(CA_NAME) + .public_key(client_key.public_key()) + .serial_number(2) + .not_valid_before(NOT_BEFORE) + .not_valid_after(NOT_AFTER) + .add_extension( + x509.KeyUsage( + digital_signature=True, + content_commitment=False, + key_encipherment=False, + data_encipherment=False, + key_agreement=False, + key_cert_sign=False, + crl_sign=False, + encipher_only=False, + decipher_only=False, + ), + critical=False, + ) + .add_extension( + x509.ExtendedKeyUsage([ExtendedKeyUsageOID.CLIENT_AUTH]), + critical=False, + ) + .add_extension(aki_from_ca(ca_key), critical=False) + .sign(ca_key, hashes.SHA256()) +) +(SCRIPT_DIR / "client.pem").write_bytes(key_pem(client_key) + cert_pem(client_cert)) +print(" client.pem written") + + +# --------------------------------------------------------------------------- +# 4. Password-protected client certificate (same cert, encrypted key) +# --------------------------------------------------------------------------- +print("==> Generating password-protected client certificate...") +(SCRIPT_DIR / "password_protected.pem").write_bytes( + key_pem(client_key, password=b"qwerty") + cert_pem(client_cert) +) +print(" password_protected.pem written (password: qwerty)") + + +# --------------------------------------------------------------------------- +# 5. CRL — revokes the server cert (serial 1) for test_tlsCRLFile_support +# --------------------------------------------------------------------------- +print("==> Generating CRL...") +crl = ( + x509.CertificateRevocationListBuilder() + .issuer_name(CA_NAME) + .last_update(NOW) + .next_update(NOW + datetime.timedelta(days=DAYS)) + .add_revoked_certificate( + x509.RevokedCertificateBuilder().serial_number(1).revocation_date(NOW).build() + ) + .sign(ca_key, hashes.SHA256()) +) +(SCRIPT_DIR / "crl.pem").write_bytes(crl.public_bytes(Encoding.PEM)) +print(" crl.pem written") + + +# --------------------------------------------------------------------------- +# 6. Wrong-host certificate (serial 3) — used in KMS TLS tests +# --------------------------------------------------------------------------- +print("==> Generating wrong-host certificate...") +wrong_host_key = make_key() +wrong_host_cert = ( + x509.CertificateBuilder() + .subject_name( + x509.Name( + [ + x509.NameAttribute(NameOID.COUNTRY_NAME, "US"), + x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, "New York"), + x509.NameAttribute(NameOID.LOCALITY_NAME, "New York City"), + x509.NameAttribute(NameOID.ORGANIZATION_NAME, "MongoDB"), + x509.NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, "Drivers"), + x509.NameAttribute(NameOID.COMMON_NAME, "wronghost.example.com"), + ] + ) + ) + .issuer_name(CA_NAME) + .public_key(wrong_host_key.public_key()) + .serial_number(3) + .not_valid_before(NOT_BEFORE) + .not_valid_after(NOT_AFTER) + .add_extension( + x509.SubjectAlternativeName([x509.DNSName("wronghost.example.com")]), + critical=False, + ) + .add_extension(aki_from_ca(ca_key), critical=False) + .sign(ca_key, hashes.SHA256()) +) +(SCRIPT_DIR / "wrong-host.pem").write_bytes(key_pem(wrong_host_key) + cert_pem(wrong_host_cert)) +print(" wrong-host.pem written (SAN: wronghost.example.com)") + + +# --------------------------------------------------------------------------- +# 7. Expired certificate (serial 4) — used in KMS TLS tests +# --------------------------------------------------------------------------- +print("==> Generating expired certificate...") +expired_key = make_key() +expired_cert = ( + x509.CertificateBuilder() + .subject_name(SERVER_NAME) + .issuer_name(CA_NAME) + .public_key(expired_key.public_key()) + .serial_number(4) + .not_valid_before(datetime.datetime(2000, 1, 1, tzinfo=datetime.timezone.utc)) + .not_valid_after(datetime.datetime(2001, 1, 1, tzinfo=datetime.timezone.utc)) + .add_extension(server_san(), critical=False) + .add_extension(aki_from_ca(ca_key), critical=False) + .sign(ca_key, hashes.SHA256()) +) +(SCRIPT_DIR / "expired.pem").write_bytes(key_pem(expired_key) + cert_pem(expired_cert)) +print(" expired.pem written (expired 2001-01-01)") + + +# --------------------------------------------------------------------------- +# 8. Trusted Kernel Test CA — separate CA, used in CA-bundle tests +# --------------------------------------------------------------------------- +print("==> Generating Trusted Kernel Test CA...") +trusted_ca_key = make_key() +trusted_ca_cert = ( + x509.CertificateBuilder() + .subject_name(TRUSTED_CA_NAME) + .issuer_name(TRUSTED_CA_NAME) + .public_key(trusted_ca_key.public_key()) + .serial_number(200) + .not_valid_before(NOT_BEFORE) + .not_valid_after(NOT_AFTER) + .add_extension(x509.BasicConstraints(ca=True, path_length=None), critical=False) + .sign(trusted_ca_key, hashes.SHA256()) +) +(SCRIPT_DIR / "trusted-ca.pem").write_bytes(cert_pem(trusted_ca_cert)) +print(" trusted-ca.pem written") + + +# --------------------------------------------------------------------------- +# Verification +# --------------------------------------------------------------------------- +print() +print("==> Verifying AKI on leaf certs and no SKI on CA...") + +import subprocess + + +def cert_extensions(path: Path) -> str: + return subprocess.check_output( + ["openssl", "x509", "-noout", "-text", "-in", str(path)], + stderr=subprocess.DEVNULL, + ).decode() + + +errors = 0 +for name in ("server.pem", "client.pem", "wrong-host.pem", "expired.pem"): + text = cert_extensions(SCRIPT_DIR / name) + has_aki = "Authority Key Identifier" in text + has_ski = "Subject Key Identifier" in text + if not has_aki: + print(f" {name}: MISSING AKI", file=sys.stderr) + errors += 1 + elif has_ski: + print(f" {name}: OK (AKI present, but unexpected SKI also present)") + else: + print(f" {name}: OK") + +ca_text = cert_extensions(SCRIPT_DIR / "ca.pem") +if "Subject Key Identifier" in ca_text: + print(" ca.pem: UNEXPECTED SKI — OpenSSL auto-added it", file=sys.stderr) + errors += 1 +else: + print(" ca.pem: OK (no SKI)") + +if errors: + sys.exit(1) + +print() +print("Done. All certificates regenerated.") diff --git a/test/certificates/gen-certs.sh b/test/certificates/gen-certs.sh index 118e866ebe..0733e1e515 100755 --- a/test/certificates/gen-certs.sh +++ b/test/certificates/gen-certs.sh @@ -1,246 +1,12 @@ #!/usr/bin/env bash -# Regenerate all TLS test certificates with proper Authority Key Identifier (AKI) -# and Subject Key Identifier (SKI) extensions. +# Thin wrapper — delegates certificate generation to gen-certs.py. +# Using Python's cryptography library gives precise extension control; +# in particular it lets us add AKI to leaf certs without adding SKI to +# the CA cert, which avoids the macOS SecTrust hard-fail OCSP check. # # Usage: bash gen-certs.sh (run from test/certificates/) -# -# Prerequisites: OpenSSL 1.1+ or LibreSSL 3+ -# Password for password_protected.pem: qwerty -# See README.md for full details. +# Requires: pip install cryptography set -euo pipefail - -SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" -TMPDIR="$(mktemp -d)" -trap 'rm -rf "$TMPDIR"' EXIT - -DAYS=7300 # ~20 years - -# ---------------------------------------------------------------------------- -# OpenSSL extension config -# ---------------------------------------------------------------------------- -cat > "$TMPDIR/ext.cnf" << 'EOF' -[ v3_ca ] -subjectKeyIdentifier = hash -basicConstraints = critical, CA:TRUE -keyUsage = critical, keyCertSign - -[ v3_server ] -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid -subjectAltName = DNS:localhost, IP:127.0.0.1, IP:::1 - -[ v3_client ] -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid -keyUsage = digitalSignature -extendedKeyUsage = clientAuth -EOF - -# ---------------------------------------------------------------------------- -# OpenSSL CA config (for CRL generation) -# ---------------------------------------------------------------------------- -mkdir -p "$TMPDIR/cadb/newcerts" -touch "$TMPDIR/cadb/index.txt" -printf '01\n' > "$TMPDIR/cadb/serial" -printf '01\n' > "$TMPDIR/cadb/crlnumber" - -cat > "$TMPDIR/ca.cnf" << EOF -[ ca ] -default_ca = CA_default - -[ CA_default ] -dir = $TMPDIR/cadb -new_certs_dir = $TMPDIR/cadb/newcerts -database = $TMPDIR/cadb/index.txt -serial = $TMPDIR/cadb/serial -crlnumber = $TMPDIR/cadb/crlnumber -certificate = $TMPDIR/ca.pem -private_key = $TMPDIR/ca.key -default_days = $DAYS -default_crl_days = $DAYS -default_md = sha256 -preserve = no -policy = policy_match - -[ policy_match ] -countryName = optional -stateOrProvinceName = optional -organizationName = optional -organizationalUnitName = optional -commonName = supplied -emailAddress = optional -EOF - -# ---------------------------------------------------------------------------- -# 1. Drivers Testing CA -# ---------------------------------------------------------------------------- -echo "==> Generating Drivers Testing CA..." -openssl genrsa -out "$TMPDIR/ca.key" 2048 2>/dev/null -openssl req -new -x509 -days $DAYS \ - -key "$TMPDIR/ca.key" \ - -out "$TMPDIR/ca.pem" \ - -subj "/C=US/ST=New York/L=New York City/O=MongoDB/OU=Drivers/CN=Drivers Testing CA" \ - -extensions v3_ca \ - -config "$TMPDIR/ext.cnf" - -cp "$TMPDIR/ca.pem" "$SCRIPT_DIR/ca.pem" -echo " ca.pem written" - -# ---------------------------------------------------------------------------- -# 2. Server certificate -# Signed via `openssl ca` so the cert is tracked in the database and can -# be revoked, which is required for the tlsCRLFile test. -# ---------------------------------------------------------------------------- -echo "==> Generating server certificate..." -openssl genrsa -out "$TMPDIR/server.key" 2048 2>/dev/null -openssl req -new \ - -key "$TMPDIR/server.key" \ - -out "$TMPDIR/server.csr" \ - -subj "/C=US/ST=New York/L=New York City/O=MongoDB/OU=Drivers/CN=localhost" -openssl ca -config "$TMPDIR/ca.cnf" \ - -in "$TMPDIR/server.csr" \ - -out "$TMPDIR/server.crt" \ - -extensions v3_server \ - -extfile "$TMPDIR/ext.cnf" \ - -days $DAYS \ - -batch 2>/dev/null - -# server.pem = private key + certificate -cat "$TMPDIR/server.key" "$TMPDIR/server.crt" > "$SCRIPT_DIR/server.pem" -echo " server.pem written" - -# Revoke the server cert so crl.pem will block connections when checked. -# This is required by test_tlsCRLFile_support which verifies CRL enforcement. -openssl ca -config "$TMPDIR/ca.cnf" -revoke "$TMPDIR/server.crt" 2>/dev/null - -# ---------------------------------------------------------------------------- -# 3. Client certificate -# ---------------------------------------------------------------------------- -echo "==> Generating client certificate..." -openssl genrsa -out "$TMPDIR/client.key" 2048 2>/dev/null -openssl req -new \ - -key "$TMPDIR/client.key" \ - -out "$TMPDIR/client.csr" \ - -subj "/CN=client/OU=Drivers/O=MDB/L=New York City/ST=New York/C=US" -openssl x509 -req -days $DAYS \ - -in "$TMPDIR/client.csr" \ - -CA "$TMPDIR/ca.pem" \ - -CAkey "$TMPDIR/ca.key" \ - -CAcreateserial \ - -out "$TMPDIR/client.crt" \ - -extfile "$TMPDIR/ext.cnf" \ - -extensions v3_client 2>/dev/null - -# client.pem = private key + certificate -cat "$TMPDIR/client.key" "$TMPDIR/client.crt" > "$SCRIPT_DIR/client.pem" -echo " client.pem written" - -# ---------------------------------------------------------------------------- -# 4. Password-protected client certificate -# ---------------------------------------------------------------------------- -echo "==> Generating password-protected client certificate..." -openssl rsa -in "$TMPDIR/client.key" \ - -aes256 -passout pass:qwerty \ - -out "$TMPDIR/client_enc.key" 2>/dev/null - -# password_protected.pem = encrypted key + certificate (same cert as client) -cat "$TMPDIR/client_enc.key" "$TMPDIR/client.crt" > "$SCRIPT_DIR/password_protected.pem" -echo " password_protected.pem written (password: qwerty)" - -# ---------------------------------------------------------------------------- -# 5. CRL (empty — no revoked certs) -# ---------------------------------------------------------------------------- -echo "==> Generating CRL..." -openssl ca -config "$TMPDIR/ca.cnf" -gencrl -out "$SCRIPT_DIR/crl.pem" 2>/dev/null -echo " crl.pem written" - -# ---------------------------------------------------------------------------- -# 6. Wrong-host certificate (for KMS TLS tests — hostname deliberately wrong) -# ---------------------------------------------------------------------------- -echo "==> Generating wrong-host certificate..." -cat > "$TMPDIR/wrong_host_ext.cnf" << 'EOF' -[ v3_wrong_host ] -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid,issuer -subjectAltName = DNS:wronghost.example.com -EOF - -openssl genrsa -out "$TMPDIR/wrong_host.key" 2048 2>/dev/null -openssl req -new \ - -key "$TMPDIR/wrong_host.key" \ - -out "$TMPDIR/wrong_host.csr" \ - -subj "/C=US/ST=New York/L=New York City/O=MongoDB/OU=Drivers/CN=wronghost.example.com" -openssl x509 -req -days $DAYS \ - -in "$TMPDIR/wrong_host.csr" \ - -CA "$TMPDIR/ca.pem" \ - -CAkey "$TMPDIR/ca.key" \ - -CAcreateserial \ - -out "$TMPDIR/wrong_host.crt" \ - -extfile "$TMPDIR/wrong_host_ext.cnf" \ - -extensions v3_wrong_host 2>/dev/null - -cat "$TMPDIR/wrong_host.key" "$TMPDIR/wrong_host.crt" > "$SCRIPT_DIR/wrong-host.pem" -echo " wrong-host.pem written (SAN: wronghost.example.com)" - -# ---------------------------------------------------------------------------- -# 7. Expired certificate (for KMS TLS tests — validity window in the past) -# ---------------------------------------------------------------------------- -echo "==> Generating expired certificate..." -openssl genrsa -out "$TMPDIR/expired.key" 2048 2>/dev/null -openssl req -new \ - -key "$TMPDIR/expired.key" \ - -out "$TMPDIR/expired.csr" \ - -subj "/C=US/ST=New York/L=New York City/O=MongoDB/OU=Drivers/CN=localhost" -openssl x509 -req \ - -not_before 20000101000000Z \ - -not_after 20010101000000Z \ - -in "$TMPDIR/expired.csr" \ - -CA "$TMPDIR/ca.pem" \ - -CAkey "$TMPDIR/ca.key" \ - -CAcreateserial \ - -out "$TMPDIR/expired.crt" \ - -extfile "$TMPDIR/ext.cnf" \ - -extensions v3_server 2>/dev/null - -cat "$TMPDIR/expired.key" "$TMPDIR/expired.crt" > "$SCRIPT_DIR/expired.pem" -echo " expired.pem written (expired 2001-01-01)" - -# ---------------------------------------------------------------------------- -# 8. Trusted Kernel Test CA (trusted-ca.pem) -# A separate CA used in CA-bundle tests; does NOT sign server/client certs. -# ---------------------------------------------------------------------------- -echo "==> Generating Trusted Kernel Test CA..." -cat > "$TMPDIR/trusted_ext.cnf" << 'EOF' -[ v3_trusted_ca ] -subjectKeyIdentifier = hash -basicConstraints = critical, CA:TRUE -keyUsage = critical, keyCertSign -EOF - -openssl genrsa -out "$TMPDIR/trusted_ca.key" 2048 2>/dev/null -openssl req -new -x509 -days $DAYS \ - -key "$TMPDIR/trusted_ca.key" \ - -out "$SCRIPT_DIR/trusted-ca.pem" \ - -subj "/C=US/ST=New York/L=New York City/O=MongoDB/OU=Kernel/CN=Trusted Kernel Test CA" \ - -extensions v3_trusted_ca \ - -config "$TMPDIR/trusted_ext.cnf" -echo " trusted-ca.pem written" - -# ---------------------------------------------------------------------------- -# Verify -# ---------------------------------------------------------------------------- -echo "" -echo "==> Verifying AKI is present on leaf certs..." -for cert in server.pem client.pem wrong-host.pem; do - result=$(openssl x509 -noout -text -in "$SCRIPT_DIR/$cert" 2>/dev/null | grep "Authority Key Identifier" | head -1) - if [ -n "$result" ]; then - echo " $cert: OK ($result)" - else - echo " $cert: MISSING AKI - check generation!" >&2 - exit 1 - fi -done - -echo "" -echo "Done. All certificates regenerated with AKI." +cd "$(dirname "${BASH_SOURCE[0]}")" +python3 gen-certs.py diff --git a/test/certificates/password_protected.pem b/test/certificates/password_protected.pem index 32163a114c..4c912a26e5 100644 --- a/test/certificates/password_protected.pem +++ b/test/certificates/password_protected.pem @@ -1,53 +1,52 @@ ------BEGIN ENCRYPTED PRIVATE KEY----- -MIIFJTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQDGn7dYhmn0u7DQZS -e+Fb2QICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEEeI3oDkWtJo14w7 -STucnF0EggTAM9qVjNQSvjtiSXRVhq6Ab1JVRmsr4VyVPhRTeGoj4z59g4/uFNLp -i12hGtZEH5Ql6icHY+X4vWrwt4IUhkdwzgcSLrZwYTEl5RP4C7N+iZb1PErNoe82 -iEC/gw3XpQZNWKEi8tjd8Wz6EHVn1zKS/7X/IOTlboIMlhnJgLHCqVhPLyxA78OT -2yNNQysHD6Vk3h83jkQAYy5W/pZIl5TVDLyLADt46cq3hDTS99S6jl+kwn0dijjo -mZUilPBman6TQt2vI/kNP0+Qy6DxYkBMLdhnPu40JpvcLpWAxMioqx7by7007W8H -3Aja81hqx2SN1IYVUEs8LshvL7YojhvkbTxH2ma+lnmkyxEBiwbMOiBV3OPEkWYv -HbAg1slT2UTCrClZ6CRPMtD6+fvEn2GgXmblCQf2W/3inTeARJ5p/oNjnFjoU0Yo -BIdVeqdqU09OsjUd8W4B0wKSEaSCpl/oSM2gw4fzEbaU2xlVevVyhrdDr0NS/j6w -QaDiUw0th3NViXy/BLb2l699h6TRInk4njhNNbJX+sYEFuMgwNKdj4PkPkP1t3PR -m91mpnGAhq82dMQnTLm536YXVbeJGQyX3kEXGStZNdQRfz68fAYQ56teQoZfOwDq -zKf4MT8JJfhZWy/dgCOkv72GMJM2ahThWUztbBnHiB0ODf9LdrqnPaDfpPgt4i0N -Gj+L3nuK1LOhp1Ay7Oij66yxWm5bJJ0M7RGgGQsZipEf8+N9iSA9cw1ZKOnSqyMQ -gSAjlnRK0OHyTauyOl22FeEzF7gtWKyLTgnw1zn22oaxZZLOhdcRJJz49bdl3pUm -Lv8JxfN2dbcC/XgOMoC+wFS//WnHro3qvloUEVeYA6acxfvjJizYlGEmw5xG+ZCG -Ju+tKWgA9lUpQXR9peMa958cLSCqlaWSFTSBQ6AMUw0rVZGlMxb1tVmmhRKYOhUN -Eugp0wUKrYArHzfkzqWv0JO2MHi2kbAZCJpFBrrt8ijF8t0KmWsFRl9P4QtBJ2dI -QcMBtgvWC3tr3CFZQ5UpiaP1whLFTG7GhZc7OHG2QF+Ba5fn1HgUgH35W8TQ80XS -uAkkF6GuxGOSTtsvF0nEkNALGM8E1/I+VVZ88d7sA2ws7GHyxtNYUYAdf6hE5X2t -82oIMrN058IL/Bpi/s+xe5zU5NYFXZLUfvlQW//1hDrTF8Vs4UbF882Xae+HNmvF -D9/bafdrdvJSEJ91A4hRl3M+G+qnnJza3fEnY7UKg597X1tSntNc9Grn2M/uKeGp -2df7K8VrEV6GQafbHq7PAOn6vTlwZAgljEj0LUk7ts8I0KY0hpxCo+Y2WKcmiB3P -b8BY/3j0DuJXacv2tC4RrUIC6pHcdQLJTCeCHQMC2IjCwlmnFqtTZ7RUooYmAxJd -DYNRzVw9aYUq7oAhab2x2iWqgTReqlVnKuytNAFJVu+34S8AbCcSrsoa7Xmjqkwr -qxyGb5pW9ZmSM/k0N0hLI/6BbKb7lQYm2EYJiksOhL+EAjH3Qfq6D27zh5UM97dp -7a93RbxCFAFjT+OZQr5PJ7oxRXcCSnabTXA4J6f8JRgfQIhbOfsfovCpxrqa0MSX -tKYeRyZHLqLs9Cgfv9eQhOF9gGddfJ6QKw== ------END ENCRYPTED PRIVATE KEY----- +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,ACE894CD3148E73BAF1F3F4372149CDC + +WIOLZOyncVs7TWk/9OQSqP3yMKgtLY8I/OfmaZTAkTBk16ok39WLcMHBdfsCOQKN +D2cZUDgAWMpQDsuvrqmazDfO1fJiKF0fRUspKyPTBPEMoWu7tLgS0HUteSylKEfj +TCT1U5yxcjMZ6Ytj4b6E6ur/zIV3fFrXhfpaF8+EDxbSpdaESVfyZZwmrXc2P0Yl +iUedLaVL6atXrzQ7x6MyzNxQGWFlxkETmD0QB5mTvNOiBFiBwpQ/+JnnKo1KQs+H +uwRcQYU2bw77vuovFiukRQ+50bcVRwYq8ebw+nclExZC+eW7N9gPR1k76cHZpXga +91GzwZacMbLrL4STWqFFhQoICEm5aWO0YGodHl3vlpcrkWIjjshinHPEPUVB0EQ4 +I5fY4DO+P5bOoIztlkn6mxSBSGfZpq/p3xFW7pk1IiSJzDyc5bav6+e3maPNG1iT +YMluXSdmuL1NUpgI6BnTyOEmhKTEQWmvJOW9BcCApph7htVVPcT6zLPCtR1BO+3b +qQ/c91sjN7FXfJY+qGGk/swJWwBHITsRW+iYRMqodCtMbDbwH0Zg5FxvUGMm/yOZ +F/vo39zBfXPnI3mUJ+ZuKhkX7fk3SXCt5/lzukvZCFno+4qk0X8AXveDNFPlhScI +xQ7MUCzbg+aZ+l7F/C/sLQrKr1aU00tNitvUwia3NR0Vs7atnKaQJttx8DSa0iBx +bRMq0V1v/aua3b7SUZz7hrvKex855vQPTVSQLMDpR5MmC6M5izA8dXemDdHoafHq +wtTzletA83Y4HRC9Sx0QT7zr5gG5Ng+DnM0yPAH1sUP+rArbl/DqHVxmNkGFo4uL +F80lSToqSvocPZ8jlTDVq7KmTm0B7EIeG0Qp6gzH6iRnT2PArSN4VHnyn1c4POas +ClC15kWXE3qo0RBc88DYzJAuBh5/uk0JhqpCnUKMLnBQskdwVlUUKvNtzHDalvUc +SaddsBUjsNw2dyc9wmK/ai5sFbNIUP9fLK9DAQJWf+u+T5l8TqUYQTG784opNXda +gTI0drGuYJLEK/JxxICD5ZWqpb2KHtSkePfkloKkSj4KRVpL5kvkNMEEjOYOUvjw +qyGia043F8ZIV9K0kgyk8bCgMfU78EsHcFMA8IWaGyCUJi0ocyQydtI8JPIB8Ot9 +CdCSI06wIrVC8ctkrody31jtNtHzNTuBvnd4b1LGOmuzOL2NukE0zcsjXo3+xjPc +hsKp7wsAzVRP1D6bj/gCCjo9c9qFPDw8NTJfS4jpckmIj2ilNH8phdMzV+wImveW +F8sg+tPbvaQQUHDUu7wTZDwL/we5z+FcFo0Evgvrvm2xGBVH8Z6VGZ/Gcr2iWnCl +qMxdhGH8c7vyUBsQlsutwJ8m1PhCs//hRmvrY1lMdq+UND3ncIZTFZRdlT6djb6/ +Gsr8jdCEr7XJJAUUDNqDcWKi54QpxImxiEr8OBcCyxbdCWFjLNXroFxwm1bKnuJu ++z37mzjuJGqCEfxb1mbmTQW8OU8BplBlqbWfYdlkYxVo/dez89qujwl4HGsYpEfu +PEAnLqXlPWlKRw9u8e/FQl/SWZEEdQDB4hsDT45p9h6FEkFeYO2e2WO0PTturI8x +-----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID1DCCArygAwIBAgIUAYDeF//Jvzjf1eM+TBMe+oo6hhswDQYJKoZIhvcNAQEL -BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O -ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA1MDE0MzE4WhcN -NDYwNTMxMDE0MzE4WjBpMQ8wDQYDVQQDDAZjbGllbnQxEDAOBgNVBAsMB0RyaXZl -cnMxDDAKBgNVBAoMA01EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UE -CAwITmV3IFlvcmsxCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEAuACst8jdcpVIgqz/MKn2Mzu3PpfpS/VfCLc9Obsxwzp8RVVXlbNF -3782+0nP8XqZwZQiEQz+bnJsogkMNqWivkqnZOHbXgY+aQV6ceSgvKIuryK1NeoA -eOn9X6U1TKVOgMTGzDstIvJrSUgB/mIAXMho6YsdiNj0FDUqdrQLfQyZcc5kXHJS -ZJJMh2TzGT5Ah9EdxcOjCBsIJodeHkIasb1MXJ1wylbdMtHurlVOnRe26sgIr88S -FN6hZscVgrBUgDaaVND+kwZCMcrFIHVf62JAVcSBIvjWaJnho0d/4ilZKaOsnq0K -GkTliFpySy2OQcyXPaBucZ6AINaiTNRA0QIDAQABo2QwYjAdBgNVHQ4EFgQUPQii -N1XUM2emxoJgNj8ry0yxRh4wHwYDVR0jBBgwFoAUB50IIrPuRoi8r2aSkct2HJ8a -0XIwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB -CwUAA4IBAQBIcLppLz1x+xEqvIWuopnRNqejMOxBqoHgoJs4p8EAmgi0HYZZq3NA -EnIMWE6AUIDbeI1bM64oKY17dQrNKF0okoNUNXW66vfsHLiKhnXsAxanlCeHLYIZ -cKS0/npzpFhKPd2GZM2jPXDNM2u9RAyoi+da5/NcWEoH6QEeAoll5/7dGABS2EM/ -tnKf74sjVQuYwPcWP0S4d5PIkb1t9PwCaKQ0wwZ6WM8lmtiiWOVNpgAjszBrvR5F -52xHHyoTkoXJRd/xV+xD2QPxPX12haVSeQNwAeW6vg4U0oSAECC3WIS/TfnkP1zS -cbmduwH5VCdKRaJXcKXP+YuK8XQfV3IA +MIIDojCCAoqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER +MA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNV +BAoMB01vbmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMg +VGVzdGluZyBDQTAeFw0yNjA2MDcxNDQwNDFaFw00NjA2MDMxNDQwNDFaMGkxDzAN +BgNVBAMMBmNsaWVudDEQMA4GA1UECwwHRHJpdmVyczEMMAoGA1UECgwDTURCMRYw +FAYDVQQHDA1OZXcgWW9yayBDaXR5MREwDwYDVQQIDAhOZXcgWW9yazELMAkGA1UE +BhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5HKBM6cbu21E/ +0hX591lt62wwndAIIuHCz9W/7MZSoctHxCgbQno+iBgIEZCddPLc1g3k3UMEfyTm +nFqbIBARGn+FbjWt7ignzyL84grY8JEN2cjhKcRlM5f2Itx0ZHyxChS1bwzYbqk2 +y8qJmFiyTAX+hKwmct1rz3wowp/rAJb9MX31bjCU5KB1O9wAH4iulnbHa4FQm7IR +G8rL2TlZ/E/aKR0dJfEjDiTAyiRctwnVDaSfsI4EG/TQrusEnIJ2StMTqEOdt/Ox +VlO5MSZoWnVOkOk5eB7aKHlgwNER+xwRwKVHuMmlMv8tZtTLSfxMWp+8bkzo0jIk +kXBqOXgHAgMBAAGjRTBDMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcD +AjAfBgNVHSMEGDAWgBT4Dj3pNC2ZWJ8q1sWwfkj4H03pmjANBgkqhkiG9w0BAQsF +AAOCAQEAXB/eH7x92bayPaBXr+Pcm3ZoQL22la/YByga6N42xwPNHx0mH70hbf6R +zOZw1pU3vJ0Rx4mrQkfjNE9UkrhHvyF/jdhtyaaneLrE1NiAZfdhKkU4dLb9kV6u +hf8X0Z+Lzo7NTLPJHo2uVaYoVvgOamYK1oALxlIYiZkonCHHXJyCv6l/NQHVwXGd +0QSFYslV9NkpW913T/ZcX3doQ81yLdl4HlzI3Ta+AF7pqnxBibtEGECIYW1Jl7sn +RIiMMcz0gwXMghgdqI//8pO3tvfGBx0nBaKpB+y4hHlbfBlVUVKZA4tndSE3RNE+ +MOhV6IIFKhYkejnmhLQitvpybFqw2w== -----END CERTIFICATE----- diff --git a/test/certificates/server.pem b/test/certificates/server.pem index 95fb7f32a8..6eb66f594c 100644 --- a/test/certificates/server.pem +++ b/test/certificates/server.pem @@ -1,107 +1,49 @@ ------BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC+qUpDlPLxEh16 -vAuN0M/t7i5cGBU3UQu+MfA9l59iPV6Yme9PQOMXiATEb7yp5G7AaqHqoofz7ntV -ZaPF82ZRGb2jOwplU2wsCIGKO+4ujUaZPThZgLXR7sVX6qSfRM4PYjSqm1Cv5AYC -GOHK1hesAMP5sGdf4LGIIWL9ngEAPrwARpgxVS7RtH1GX5yWUpYjhEyjpMWXkYUE -wFll00LGOqiK+U7V2yyCRU4BUSggFLhbL1n6z1eMFxHwAgJZo/boodPCPhxXFU+c -wFvQbiBlABujyY+iHkSpyytM13hUoWBfM3FLB2zSgmKMAbvaPs+CNjapW1kJGaBg -L1HfqcS3AgMBAAECggEAUTazV44+3cklnX40PbhQmbz3KmtnviRbqCyFdPb9AU+6 -163abhvpn8Bkp3ghGQ0gz/2b8uJAnvtatcmRtWQ0lR8t1DX1+6tJTIhjBYr5rgKn -q+aT9iwJRt86WHSuotkgHRVr8bAu8n1iwcnvhAMmGjJJSDaIEiMX/DCchgOj0YIq -VLJYQkrj6Dii33GeF5eQ4jr27I1RIQSvDEvSffuJpKNbWFap+/epja1MZIenioiu -Vrm6jLPtlqacpREPL8pCGTlAd0GM/nJ/8BrzrodL0P+h7FwnpfDENTWnE9oVSMdL -1t4c1psf3X+hYyMOs9/jtVzoXzeVraGHvwyopv5k4QKBgQD0Dl1PsISWg8mp6CVW -aeIG3cO8oUh5oxwmLQRS16//GMIJCo5o8+6W+3qI6ZGOwwo/THm/GKyuYUN8UKrx -+iNhDJbab3YM24lXDA5QFqO8Dv2JhyXfAb5DQk1ZsdIjbfA6G9T65Foa6dl0IXmi -ByfGXa+tRPNThUvV6XRUEelA5QKBgQDH/fkoU+NIRgaaEiVQneFZz6OlnnmEM+/+ -/Ctm09nCFJLZt8nFisD+F9dVKSv0m1xWgkrG4Pm9bbHq1iBn/09qNp2Jn6W5bYoB -RYI3EdXjb0B/vAm8295afEXXGA6szOZLlcY8sc0QPkdxMmeoV4XkFTlFBE0gNTPm -Q1YCk1PBawKBgDHsVk4cz6JyZugooqqgkinRZ17IpyiqovF0N/QyRsAp8lcjH6p8 -a4va+V/UV4AaiZgVLrpWc8xf/QwK/EzvXBlYF+uq7T0IE3oI70yWtPudHWPqj2ak -1qSvhV8ZruCsdn2Mf+6qk3v55g+JYXYxfINpWqxY9GVbWP3y+WbRGyO5AoGAO7nJ -UxXaZpcjGZgZtL2xsxSjlq6BM84e+lNs0sSp36AtSv/sLiaGBFwyXqhxDBfpt5wp -oMNHUh8UZ0GTY/uHR/0Phy46W+ousLqFbNTSv51V8c/CSLiQ6wz5/oacu1Zl4GTW -UwH2b8dpppCbDFc3ESqVc9sY/WlmGno5kYNWHAkCgYEAhd7xgqJUpM7Klbsl3BR/ -6iEZ30Exf1wlC+nWJSK4iHFH9l9BGHjImENxpKa62Akm0VvE9n1KgKxK1IESziiE -9kAXspYyBT/clOo4v0w5rPIiQ3itm5+ew9gaFiJ+Yfi8MYTIwznsqXvyekqLSrFo -w9efOvZV+XaA79X+bEEd2BA= ------END PRIVATE KEY----- -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 1 (0x1) - Signature Algorithm: sha256WithRSAEncryption - Issuer: C=US, ST=New York, L=New York City, O=MongoDB, OU=Drivers, CN=Drivers Testing CA - Validity - Not Before: Jun 5 01:43:18 2026 GMT - Not After : May 31 01:43:18 2046 GMT - Subject: C=US, ST=New York, O=MongoDB, OU=Drivers, CN=localhost - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) - Modulus: - 00:be:a9:4a:43:94:f2:f1:12:1d:7a:bc:0b:8d:d0: - cf:ed:ee:2e:5c:18:15:37:51:0b:be:31:f0:3d:97: - 9f:62:3d:5e:98:99:ef:4f:40:e3:17:88:04:c4:6f: - bc:a9:e4:6e:c0:6a:a1:ea:a2:87:f3:ee:7b:55:65: - a3:c5:f3:66:51:19:bd:a3:3b:0a:65:53:6c:2c:08: - 81:8a:3b:ee:2e:8d:46:99:3d:38:59:80:b5:d1:ee: - c5:57:ea:a4:9f:44:ce:0f:62:34:aa:9b:50:af:e4: - 06:02:18:e1:ca:d6:17:ac:00:c3:f9:b0:67:5f:e0: - b1:88:21:62:fd:9e:01:00:3e:bc:00:46:98:31:55: - 2e:d1:b4:7d:46:5f:9c:96:52:96:23:84:4c:a3:a4: - c5:97:91:85:04:c0:59:65:d3:42:c6:3a:a8:8a:f9: - 4e:d5:db:2c:82:45:4e:01:51:28:20:14:b8:5b:2f: - 59:fa:cf:57:8c:17:11:f0:02:02:59:a3:f6:e8:a1: - d3:c2:3e:1c:57:15:4f:9c:c0:5b:d0:6e:20:65:00: - 1b:a3:c9:8f:a2:1e:44:a9:cb:2b:4c:d7:78:54:a1: - 60:5f:33:71:4b:07:6c:d2:82:62:8c:01:bb:da:3e: - cf:82:36:36:a9:5b:59:09:19:a0:60:2f:51:df:a9: - c4:b7 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Subject Key Identifier: - 90:97:88:F8:24:23:75:CF:5A:A6:3A:DF:44:A3:5A:DD:84:57:B2:F9 - X509v3 Authority Key Identifier: - 07:9D:08:22:B3:EE:46:88:BC:AF:66:92:91:CB:76:1C:9F:1A:D1:72 - X509v3 Subject Alternative Name: - DNS:localhost, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1 - Signature Algorithm: sha256WithRSAEncryption - Signature Value: - 0e:70:c7:0a:1a:ff:56:d8:e4:07:d0:e1:89:e8:0e:54:75:e5: - 66:73:28:88:5f:18:26:4f:32:af:8a:a4:74:2d:b1:70:38:68: - 0d:53:42:b9:82:be:77:f7:2c:31:c6:9b:42:68:f9:c8:d0:dc: - 3f:0e:48:89:b1:87:1d:14:f9:f8:ef:8f:63:3c:75:f3:79:dc: - a3:7c:de:8e:4f:29:2b:4c:17:99:da:69:43:9e:c0:03:28:f5: - d1:97:0f:14:58:de:80:15:58:7b:97:53:74:78:91:07:80:28: - 76:88:f6:f3:2a:49:23:95:2e:7e:bd:32:e3:1e:c0:a2:62:7f: - 3a:a7:f5:96:a8:91:90:c4:ed:31:66:80:01:0e:32:95:20:5b: - 6f:de:69:86:ea:48:ba:1b:bb:21:e9:49:07:31:8e:ba:2a:b7: - 3f:61:d1:a2:2b:fb:0c:16:17:9c:b3:c1:d6:ca:b4:af:74:3e: - 48:ca:c0:81:94:4e:ab:b9:65:b6:71:24:66:8b:ff:02:28:7b: - f7:d7:c9:63:3d:22:8c:54:dc:79:ce:e5:82:b0:64:68:3e:8a: - 84:96:80:73:2c:e8:e3:2c:19:34:3a:dc:cf:1f:ff:e1:b6:4c: - f9:b3:d2:2a:cb:ae:8d:76:aa:b9:cd:b5:80:75:6a:d2:b8:74: - ba:96:ad:e3 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEA0hBNfElPk0JZEnSzJHx4bsEgju56r2GmyParCLUR3BvKyqpX +rRLx3TacFDDff92ldI8jZL/Akh1/VZVJe7gTEGmirUGhjAe3efITE5ORERxA8926 +NaUxpzta/IZUNIDwDQQYS/ecYohC4j4qAhWJePKZxeV/HMhNxdp3/9TcnpTBglca +ttVYwXvZc3Y5nwiScmTuisqw6ngpRRRnt+AVcpr3cffCAs8NKwOgf7ed//p6zkP2 +5uoaWuwNS8Gyid5P0HaNxiRjb9mq7D9dL3DxhR4oeCmyX06/rjDp5KsRcSkQvg5L +iSahW9kEA6zYNd2P2ExbZOwVsCokibWSjF8nvwIDAQABAoIBAA861ltV91p+W3Xe +lyRkj9i70M/8E1IG2vBEDgduFVLngu7ppbyrHHUE4hEGsBWVrMrEG/VQf7Y4RESg +s7iwElXEyuIT2ZIM9yz0s5ReRQzAByeHIlqEVRLCV2jqlk1OMdlHvDk5xRFRvsOn +bSVEiXiG4kY6Stp73UOkgMHAHZSzo6fP6yK41k7jwzgXe9pq2fQw6M42QytT0em1 +1i+MJmkbjn30OqbMvY9Tlsj5QEeenzMaRa3VUB7F2nKXSIyKfw67JWr74gKfCpl9 +UmyQjq8CylUKoFXzVcyh1KkdLZQwxCotjhNB5/omYE+OaelBl4nena+JkQlNLBbq +7QxC7IUCgYEA7NR/h8oQX1HF9TAMoGeiFyOxvZjidz6GMZjq/D2uv7z/W1yslKs6 +jxqbHNcQAQlTGi2hKY498HE/CRzWu04nxEg3NZb87Z/pPmzbk71y06mIT1X2eYRP +xI80OkwIHcMGQzpmL+dx4A8WWiSSnrq+2XT0rUp5Hi/XPR+4F/IX31sCgYEA4xEp +Y9rpEiCIjDVCN4O1A/Bk9f8Fz4Aycjc70x4LMQ8FCwRPbYJIsazjWXgb5QFF5TxD +ZX3LcTcgYjPxZYfJNVexUJSW9eEflPVHSkzKg+zojxZ0/IkDCQX0LzVnB4qO3MPC +YvnS98RnXrBTETmhpXj3URojoL0BgCcL1tTKim0CgYALW5mOIpOsbpiGzLoeSzoL +0AtrI1ThER+Qa1wBotepnF/GuugP7TJOwKDlvi6nThItNDkBbC/uQxAZ2Mc3jmT7 +1dbH/Ci/IKcn9kKFkFVcb0n5PA8o/r5wl8mSbikJfFvlh3x1Ga1taGvTAOQDNsOG +XESLtwGd//9bkBTdGSAp9wKBgQCubluWau+KzlU3KB6zGMlwujZEx2EGUxvto8Kg +Xr8IM9qS6P+/R0tiukZ4T41WMdEo1U+M4sLrOQb2iaKSdWo7QR9koJELV6J0Qqw+ +Rpl4GQFaEk1SRkp/nwRDU8nPAEDZFMT6VaIcVdN26QsW+2fS/wc2VVczPp6tfNFa +emMRTQKBgBRiKSQtnWq8hMkGiXl1g/0uoRgITZie+JbvKQdwEHQ1urGjwEQhVLRK +hHFq3hWwgg7L5IDdyJq2pM7XiXl+YW+skPW09+zNzuwDJP0pqfpqo4BtGcGAB4r7 +KSCywCfo61cqwv9rf5RLvfTjOS/fyiwdlKgGQdrFetzVQobAClbf +-----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIIDvDCCAqSgAwIBAgIBATANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER +MIIDtTCCAp2gAwIBAgIBATANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER MA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNV BAoMB01vbmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMg -VGVzdGluZyBDQTAeFw0yNjA2MDUwMTQzMThaFw00NjA1MzEwMTQzMThaMFgxCzAJ -BgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazEQMA4GA1UECgwHTW9uZ29EQjEQ -MA4GA1UECwwHRHJpdmVyczESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG -9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvqlKQ5Ty8RIderwLjdDP7e4uXBgVN1ELvjHw -PZefYj1emJnvT0DjF4gExG+8qeRuwGqh6qKH8+57VWWjxfNmURm9ozsKZVNsLAiB -ijvuLo1GmT04WYC10e7FV+qkn0TOD2I0qptQr+QGAhjhytYXrADD+bBnX+CxiCFi -/Z4BAD68AEaYMVUu0bR9Rl+cllKWI4RMo6TFl5GFBMBZZdNCxjqoivlO1dssgkVO -AVEoIBS4Wy9Z+s9XjBcR8AICWaP26KHTwj4cVxVPnMBb0G4gZQAbo8mPoh5Eqcsr -TNd4VKFgXzNxSwds0oJijAG72j7PgjY2qVtZCRmgYC9R36nEtwIDAQABo3AwbjAd -BgNVHQ4EFgQUkJeI+CQjdc9apjrfRKNa3YRXsvkwHwYDVR0jBBgwFoAUB50IIrPu -Roi8r2aSkct2HJ8a0XIwLAYDVR0RBCUwI4IJbG9jYWxob3N0hwR/AAABhxAAAAAA -AAAAAAAAAAAAAAABMA0GCSqGSIb3DQEBCwUAA4IBAQAOcMcKGv9W2OQH0OGJ6A5U -deVmcyiIXxgmTzKviqR0LbFwOGgNU0K5gr539ywxxptCaPnI0Nw/DkiJsYcdFPn4 -749jPHXzedyjfN6OTykrTBeZ2mlDnsADKPXRlw8UWN6AFVh7l1N0eJEHgCh2iPbz -KkkjlS5+vTLjHsCiYn86p/WWqJGQxO0xZoABDjKVIFtv3mmG6ki6G7sh6UkHMY66 -Krc/YdGiK/sMFhecs8HWyrSvdD5IysCBlE6ruWW2cSRmi/8CKHv318ljPSKMVNx5 -zuWCsGRoPoqEloBzLOjjLBk0OtzPH//htkz5s9Iqy66Ndqq5zbWAdWrSuHS6lq3j +VGVzdGluZyBDQTAeFw0yNjA2MDcxNDQwNDFaFw00NjA2MDMxNDQwNDFaMHAxCzAJ +BgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazEWMBQGA1UEBwwNTmV3IFlvcmsg +Q2l0eTEQMA4GA1UECgwHTW9uZ29EQjEQMA4GA1UECwwHRHJpdmVyczESMBAGA1UE +AwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0hBN +fElPk0JZEnSzJHx4bsEgju56r2GmyParCLUR3BvKyqpXrRLx3TacFDDff92ldI8j +ZL/Akh1/VZVJe7gTEGmirUGhjAe3efITE5ORERxA8926NaUxpzta/IZUNIDwDQQY +S/ecYohC4j4qAhWJePKZxeV/HMhNxdp3/9TcnpTBglcattVYwXvZc3Y5nwiScmTu +isqw6ngpRRRnt+AVcpr3cffCAs8NKwOgf7ed//p6zkP25uoaWuwNS8Gyid5P0HaN +xiRjb9mq7D9dL3DxhR4oeCmyX06/rjDp5KsRcSkQvg5LiSahW9kEA6zYNd2P2Exb +ZOwVsCokibWSjF8nvwIDAQABo1EwTzAsBgNVHREEJTAjgglsb2NhbGhvc3SHBH8A +AAGHEAAAAAAAAAAAAAAAAAAAAAEwHwYDVR0jBBgwFoAU+A496TQtmVifKtbFsH5I ++B9N6ZowDQYJKoZIhvcNAQELBQADggEBABHkqK0cIV7/Q7PCk/i10vVoMruirXQf +5Xw/7XViDugKsfcH9Oavl4Kdi+C0Sigvgjrp8JY13kRsbphwOH6w3Be5HCFK+Wmi +tbktvoB0yMHa7WO0y4bJtOL7ofWwKgjye57NeFM/fmosOPn6mqzm+MYg4V+qEim2 +dQ0iTztt0C/EibQZgO/aqylDYu8fWBMa84To0Pk8jD2fpNF8Ji11564mie3DUtcU +fZCNsZhWOoUNnfrhpmyixabA1f+WHwhPsqikRlo4Rpa/nrJVujlk3PO+7zgH1UCA +WKX9A3R8KlhbPDd94zZf5+gpm39vxo82Lfvc6HunRtcBjE7HdF0tCcg= -----END CERTIFICATE----- diff --git a/test/certificates/trusted-ca.pem b/test/certificates/trusted-ca.pem index 39165b7152..27d32a5db4 100644 --- a/test/certificates/trusted-ca.pem +++ b/test/certificates/trusted-ca.pem @@ -1,23 +1,21 @@ -----BEGIN CERTIFICATE----- -MIIDyDCCArCgAwIBAgIUXOZb4M9mVy82gQz6t1aJHVdG+/owDQYJKoZIhvcNAQEL -BQAwfDELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O -ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMQ8wDQYDVQQLDAZLZXJuZWwx -HzAdBgNVBAMMFlRydXN0ZWQgS2VybmVsIFRlc3QgQ0EwHhcNMjYwNjA1MDE0MzE4 -WhcNNDYwNTMxMDE0MzE4WjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlv -cmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxDzAN -BgNVBAsMBktlcm5lbDEfMB0GA1UEAwwWVHJ1c3RlZCBLZXJuZWwgVGVzdCBDQTCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANkffnDicTbF3B8yzIxz7DP8 -rvy9yVOOGoLyiXITiHmTMNIhfYUdxGqO4RRReztQvW7s6yOQdvqNE8LD7WrzsXOz -JOovPuQZMr6mnSu0bU98Eyar9SfRTbGVmkZiCJTT8jV9wP9nxgFag+1Y6DPUwbOp -zyt9/961woScVbJJwVAdJUv/cp7l7dT16rCS4yuDf+m6xI9Svev7iPcqcyIRDLD5 -EXS1RI8ZLmA3ueIqPQbnRiPzjVRgq56czkZ/g2USJlFlgYoeLAV7JnjYi6Rs/umw -0YqfNl6rD4BznrF4CGuvliWaZu/3pAv/ejmGJNMUbgi3gVAG9nZKzIdiFTtR3xEC -AwEAAaNCMEAwHQYDVR0OBBYEFH69MHf4jQo9TLkJRhgOFoQpFblIMA8GA1UdEwEB -/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4IBAQDFN3c7 -24yHj5lEvZX0H2IH25+5KhFouhkEgQk8OjcB8lpyJEB1scWX0v6RNNr4pmHNs/SF -FOqnVl+JMbcF+HuDM8pVVYeaDe/ZS/pAp6U9HwSNSYltEPThnVfQWKKPeI+8W0YY -WANQPhA8TAYft7lWxaUNlpI1RPEy/YTuMzxZC2H5CPnnIll+zTgt78Bi5halR0YO -EovTitdUom2y0UNPPczCRWoFjHE8MM+xeNhV2ybd8qT5L0sO9FDdh7UoYS1LmL0k -+naes5qWFXhvYXelWwr60H/MI53p+UMGfW95e4IyU4WPXh5Z2jG3hc6tg5kt1ThS -tLX9wRS/xICXNu2l +MIIDhDCCAmygAwIBAgICAMgwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMx +ETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1OZXcgWW9yayBDaXR5MRAwDgYD +VQQKDAdNb25nb0RCMQ8wDQYDVQQLDAZLZXJuZWwxHzAdBgNVBAMMFlRydXN0ZWQg +S2VybmVsIFRlc3QgQ0EwHhcNMjYwNjA3MTQ0MDQxWhcNNDYwNjAzMTQ0MDQxWjB8 +MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZ +b3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxDzANBgNVBAsMBktlcm5lbDEfMB0G +A1UEAwwWVHJ1c3RlZCBLZXJuZWwgVGVzdCBDQTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAKiEqyUOFwSIyN1n65k1/gZmo1aUPnTsCYrwrjP2Z6EazrQP +tKtneZmhqPxEDYtHHtO8KmDt5IXf3bxTQowKVTDuBG7FiwhYN8PmtLRZiWuoq7Ng +uDLFml+psm5zn1exD2/XWpPjaMz/+PepLyUyyovz6G0cUefBBXwMO+YvoBfHIOco +TCF/SSIU4BLCGfzp1E5URwx43etGvqE/4UCGI+TR/tKOsuIPX4gKqX3tWGs5qZAg +NkohTDoRA3lQHDmlopcK+05K9hEvtfDzOavFt5doHEaQlPseUSLjxQpIgK+iaTFt +or62TLF26fMxzQt1h/pRJrLm5rOmA9BxGlI7BAECAwEAAaMQMA4wDAYDVR0TBAUw +AwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAA0dyoOr6z59yoIOvrV2D9EMQcgJJEK6+ +kwsINMPWrJYFATZXwbvg/VJeGMNlw/h6wkDf6pxeRA7E6lELmz3ins3xBsMm8H5D +u8APws9dhy5WjBjBCwSJ6uJpOkQfoREz0ZD+H5ZASmMyFsbI68j8DmW/2+Sfneea ++SVKZNJddaCLajF3kU46iHWLUXHA0zfEeoGPDkSXce+056wth0CQlymVWXrr5KJl +7ZTi31PIhhIRaooclQD5evFgopPf5SEjY2bzJ+LUa3V+9781R4QkQ2YCBJYTInRt +Ol55BOwpQjDajgUnfxyO/oMPbcoQ60zwuwK2hzfwO2b6atfqV044eg== -----END CERTIFICATE----- diff --git a/test/certificates/wrong-host.pem b/test/certificates/wrong-host.pem index c67bc1bfc3..6da8cb6e26 100644 --- a/test/certificates/wrong-host.pem +++ b/test/certificates/wrong-host.pem @@ -1,51 +1,49 @@ ------BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCHx0jJhZSsT6J7 -qZZ3+15MvBddhi9Dn+U5koIMPE7tLOLlydbHhKQULtu2FUG4NaL9wrmfhIDmSySc -Tpc/1SScVmoDzrASj7Yw/fivj0ApfBvQUIzttW+C9zd1nLFyuuYZtNCdcE/MQu/f -Ls16ry/vBs5XgHyICxeShFy/eThVx8xczrSw93NHzdLh3g5G38soJl0kO4z6GLIj -hmEgenn54GWOakzKrSM2pIuw3gFM7d3skr+NiBw4UZpB2sUfJFuwMUaEc7bgG8t7 -dRT3aMoWkTraTr38IU0g0B/kCcjoAvV/lbXqpW0JrzWN+ZPkULQoUZGfj23cemu8 -ia0EBJLBAgMBAAECggEAECJOlF+ypG0MDiy/K/+rG2woTJ0yxZLc7qPpnyGVcVpp -lcuPoYKx6pIM2oyZFBYPiZ7XZsyccoEQVyCBmXyuzoL4Mv6e7n20NQsgv1/CzIsq -VO0VafOqzgGpTejyLwNlbz2MooCjgs6baUZK9V6W0AzbfQtQAOxsfyUKTlhNqOea -IZsNgjXPChrIsjhwcwF+nlHuDiuFa1nGNJNCGJN+mAaANDnmNb7/d62B4PEon6sj -oL8InNKdoBdwIqbPsQY6QWpqz7lGcH1On4M3JRQrprjWeWy6A3zu1kFFcJ2TrHb0 -TWwKW4ot9R25QSws+lwCysKEPD31hkkfA1gzukH9zwKBgQC9DZvhG/QgGmYkG4OD -lFTCZ6tY7xSZO5rnJiw/l+4dn/h9WtmjCu9TXtNifivt0bjQsHbWL25ifjvQf0i3 -XisMi0I2mILNUA5tDxIb2jgmh9JjXEQ9yBbsNVflcFMCwAhdMkp9IjdgGBsg3BV3 -Wt7FsiXPpJQgKsqn/aWhHtCgtwKBgQC33B6wGm9SU1R9xvUW63s31Rcm2knDC/Ng -5XiMrC4KviqAJnpo97OD+3w7Lmu94pnp0VTirr9Tb2UnKpEOZnXOo2Qukj5jnLd7 -4jnTvnSc9CBzx4GJYmCHTzx5kn/IvD/M+AajnkCafGVfTdPNKdVvBQ+A3dVLFsy7 -h0uP0RgARwKBgEdIhVkY2DDuo0rEEQ+g82CmBEaxRxwMDHlRvGdyGveSpPhnNB60 -9c6Ct8OwfVHbvQr7LqPOGJoMrPMNu1ZgrGy7aYj6cn+Fyxq2DwbvfjKRDfQnCxgc -hQAlkPHTK4mi7MRvPQT3zNdv33LBaVqqqcrzRCyKCswiNm2nRzd8Tf/7AoGAXj41 -eL1EHKXcJFCsZqAz282dfWvc7V6d1Sgqn6jOPPF3JZMToeR+HwP0jP1hesbBcCm9 -4igCqEjsR6Q5EHGSp2X3Pyv1UOgO4TB3xcLVUXKNg+taycokgpcp/4MJfyKHbZAh -DxNaOBXVfIGPNJXh8nNcnAiZgVDhhqp2H/Tk4ZcCgYEAn2yQ4lOLKEpxiTLhGmDl -IuowW57i0r3QlkwfhvzhEjN3u51RUIDL2+OypMZng7FkGJEnmsjrrTemswgMnca1 -cPBhdofRIZkKcsAvTzntkwWOpqIiwFJLUS2cpS2MrkACDGuB7OzAPPRn2ybQZ5XO -GCRE+vraCgRvuakD01NnIgs= ------END PRIVATE KEY----- +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAmZdTypo3siRWms5U4cnrQFI5r9sVyndKw8pzMYCy5lhKxadg +vAwQF/6QAnjRvgifjxJOTTXPKSN9aAbpPkn6OEibtffcHtKALmvPNs65b1fE7meL +1MS1PPSi/ymrGdAJQab5wTZ08Fc9BQ2+hFXWBPU1XvJfYqjjKgnezhm3alv0CDxy +e9geIkEwxb4IBxLF4OI07X/6YmORwRZOn98NqqcKXFLhS3B+elJABrSU/td04B6e +RAs1ostFBDm3MDBrS7rs1BFuSKF/g7AWD7yxAffO/MOmHSDiNlcnPnMbSihbRBmz +kGYT77l2NnMPHimCcCueUt44ijDAQVlIKMgJMwIDAQABAoIBAEodA4nYMNf9QO0i +c0MgtCwtgTiidzljpugjYMKaX7lXEX2e7sbO61UouUT4F/2jG5tmMfJ/7J7lSTZR +X2t3Nw7BuqFsIQOef8vmqe7AgiqAJ78CqC7bXLk1MxH9gVrLUCwl7o6VQIhZEFDH ++Q7SfJuX11Ehk3WAGV3HtYOuVRs01IGy0Aj19+wv+dQuoxF/2DjwHbJzZjqVooqA +8jDZI3HfVZmtiOpOmi6InEIP1ANzKtzT01s7SwP8S58Ba7OX+BHRe0OkN2atK+P5 +PM9iT5mSpHbGfNPnjy1HvGd/Ndu0SryCmiD9BkelSL96JcTBkU7r3XzzIaoKHSwX +mBNmCcECgYEAyRXRN3lqAV7pvxsmjTCIalXyHOEmOHxzlWxL4i01lEN/tZte+qJu +FEN8fdBoTp7/BYgtbB+uDrkxwVB/L8wxugANeDMXvTvAFOB3DZJn9olEFoIsljmM +jkmZ9KJeVixnZMOg/38UBWu7Vq/XKgRWpcgEsCeCOIjq3mZgk+n3NQcCgYEAw4kf +gsyAG9bFS2x7ccU5x/I6lH98l+J5TViVWK5oztzuaRSZNvcM3q10VekBTByQwhup +DPoV/nFYG+2mG3VSNFt3d/R015/Z0ZkksR89jV3O3xCeBu6/XnEN8OIwHtnugKFk +P/yrLHZMnDeDLbTudzy8jqPwcX0x4KOxHAhui3UCgYEAiTQuvehFMUw+t5vh8SJ1 +YgDko1nox0/7WbA8EsaAMXrg79xksSUVcRQfJIWINmT8YxzoyUbQb9FjJqEzNzzf +jScuCZ7rCr5zMIt8EDGeaDR+1dDadWItCoUj3CzRq4C+x51IBC0ETzKT7/EpIc02 +BgX1VPCQRNz/TOKT8TkJ6Q8CgYBpFECF1wYlb8Z44OR54GZLyCWo9dXr/X34jdk8 +XgXe3SWV/MbVnfAhno89N8lFsLguSBUR7zdwlFKoN48jhGnXzyuloA5GbhXtKGJq +eQJn/PiWMWTrDtRymUjHoZYAjlc4cwLfzBXk//HtpXtuTaQ1GcOu1/T32DK8qNsd +2H4nnQKBgQDI+5gky0GJX/USYR8aHqvJDuKOUsRvmhtfoH3Yx1BLj+3UX6m8dKnz +3mbfUreuJe96kw2tboNvkLVk2yyRq+xUveCFsBycF7URK4db28uj+cwY7j0CSRMA +fPBqnukm4HzsUTXlUmMFTt5OvjYalZkVfvhUMk6b/Upy9/Dekqg3oQ== +-----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID5zCCAs+gAwIBAgIUAYDeF//Jvzjf1eM+TBMe+oo6hhwwDQYJKoZIhvcNAQEL -BQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1O -ZXcgWW9yayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMRAwDgYDVQQLDAdEcml2ZXJz -MRswGQYDVQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0EwHhcNMjYwNjA1MDE0MzE4WhcN -NDYwNTMxMDE0MzE4WjB8MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsx -FjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNV -BAsMB0RyaXZlcnMxHjAcBgNVBAMMFXdyb25naG9zdC5leGFtcGxlLmNvbTCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIfHSMmFlKxPonuplnf7Xky8F12G -L0Of5TmSggw8Tu0s4uXJ1seEpBQu27YVQbg1ov3CuZ+EgOZLJJxOlz/VJJxWagPO -sBKPtjD9+K+PQCl8G9BQjO21b4L3N3WcsXK65hm00J1wT8xC798uzXqvL+8GzleA -fIgLF5KEXL95OFXHzFzOtLD3c0fN0uHeDkbfyygmXSQ7jPoYsiOGYSB6efngZY5q -TMqtIzaki7DeAUzt3eySv42IHDhRmkHaxR8kW7AxRoRztuAby3t1FPdoyhaROtpO -vfwhTSDQH+QJyOgC9X+VteqlbQmvNY35k+RQtChRkZ+Pbdx6a7yJrQQEksECAwEA -AaNkMGIwHQYDVR0OBBYEFCXWhDoXLKT10klVaEv5Rf524HXSMB8GA1UdIwQYMBaA -FAedCCKz7kaIvK9mkpHLdhyfGtFyMCAGA1UdEQQZMBeCFXdyb25naG9zdC5leGFt -cGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAtluArK33MrFPHbNBy6D01AcOk1sy -p2S++XGdPTyNwDGSBlK1FV29WPDt3WzxJ01XB93KZ3jyW6DwuSEpi9sggkHiypU4 -gQZtF65eZACoJWsdxuLCVVOAUHxij6MoEl4O1KCSXEYIUUpTb6aoA6+xJmnS4MfA -2Y5Q1DlbPTm0i72PwCHzhoDYlYPR7yisWCzNtGlXLbAZ8JRlXN0YLS7pw8F4FISG -Cu/kE4LgqSt8cCKRT4jp2NLqKamfxTr/7eFkT0tkZP1GLtWKPpNKgydKbQUhO1NN -IJFrV1sJTzVx9f3+ITp8s6ZGzFWdmMW6+6e5Wt1Bo4TqrYeJfJJUlPVZzA== +MIIDtTCCAp2gAwIBAgIBAzANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER +MA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNV +BAoMB01vbmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMg +VGVzdGluZyBDQTAeFw0yNjA2MDcxNDQwNDFaFw00NjA2MDMxNDQwNDFaMHwxCzAJ +BgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazEWMBQGA1UEBwwNTmV3IFlvcmsg +Q2l0eTEQMA4GA1UECgwHTW9uZ29EQjEQMA4GA1UECwwHRHJpdmVyczEeMBwGA1UE +AwwVd3Jvbmdob3N0LmV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAmZdTypo3siRWms5U4cnrQFI5r9sVyndKw8pzMYCy5lhKxadgvAwQ +F/6QAnjRvgifjxJOTTXPKSN9aAbpPkn6OEibtffcHtKALmvPNs65b1fE7meL1MS1 +PPSi/ymrGdAJQab5wTZ08Fc9BQ2+hFXWBPU1XvJfYqjjKgnezhm3alv0CDxye9ge +IkEwxb4IBxLF4OI07X/6YmORwRZOn98NqqcKXFLhS3B+elJABrSU/td04B6eRAs1 +ostFBDm3MDBrS7rs1BFuSKF/g7AWD7yxAffO/MOmHSDiNlcnPnMbSihbRBmzkGYT +77l2NnMPHimCcCueUt44ijDAQVlIKMgJMwIDAQABo0UwQzAgBgNVHREEGTAXghV3 +cm9uZ2hvc3QuZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAU+A496TQtmVifKtbFsH5I ++B9N6ZowDQYJKoZIhvcNAQELBQADggEBAKyB6OAeBsZ+4h2KUfSHAi6r6eLNquu4 +qUx2fF7CeTQjTNbcV8WyL9LsXt2afTGbyiBVUWJivD735egaumA9pyk8OdcIi9rN +M+RyLroH9o3p2dwbjOQOMUoNVnxySZuzEEOdRj0vrTZciOvokSzRmNyp94YXZZbT +/xEAWI629PsChzBFWbBJ5ZgOgD4Yh7jw0AVuskM7gSUf5CqJUpetDDXR8nRxIXKx +HZ5ug+ph+93mBwIO+XPhk4hdVRNvEGmnqq0gBk2PYp+WacRWZkGmqVHvSAtxYCUp +moylFFxGxn0Jhm5iosJASJArcxg0a8bt9/d83IVl7n15/QUa0F2myrs= -----END CERTIFICATE----- From 6709f4a5fc272fd0f69ec727b5024097af9a02fc Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Mon, 8 Jun 2026 11:46:59 -0500 Subject: [PATCH 12/28] PYTHON-5040 Add OCSPNoCheck to leaf certs and fix CA basicConstraints critical flag Two fixes: 1. Add the id-pkix-ocsp-nocheck extension to server and client certs. This tells macOS SecTrust to skip OCSP revocation checking for these certs, suppressing CSSMERR_TP_CERT_SUSPENDED during MongoDB replica-set inter-node TLS without removing the AKI that Python 3.13 requires. 2. Restore critical=True on the CA basicConstraints extension. Python 3.13 on Windows rejects CA certs where basicConstraints is not marked critical (ssl.SSLCertVerificationError: Basic Constraints of CA cert not marked critical). --- test/certificates/ca.pem | 28 ++++---- test/certificates/client.pem | 82 +++++++++++------------ test/certificates/crl.pem | 14 ++-- test/certificates/expired.pem | 78 +++++++++++----------- test/certificates/gen-certs.py | 13 ++-- test/certificates/password_protected.pem | 84 ++++++++++++------------ test/certificates/server.pem | 83 +++++++++++------------ test/certificates/trusted-ca.pem | 28 ++++---- test/certificates/wrong-host.pem | 78 +++++++++++----------- 9 files changed, 246 insertions(+), 242 deletions(-) diff --git a/test/certificates/ca.pem b/test/certificates/ca.pem index 9d7397cd62..076c0bc330 100644 --- a/test/certificates/ca.pem +++ b/test/certificates/ca.pem @@ -1,21 +1,21 @@ -----BEGIN CERTIFICATE----- -MIIDfTCCAmWgAwIBAgIBZDANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER +MIIDgDCCAmigAwIBAgIBZDANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER MA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNV BAoMB01vbmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMg -VGVzdGluZyBDQTAeFw0yNjA2MDcxNDQwNDFaFw00NjA2MDMxNDQwNDFaMHkxCzAJ +VGVzdGluZyBDQTAeFw0yNjA2MDcxNjQ2MzRaFw00NjA2MDMxNjQ2MzRaMHkxCzAJ BgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazEWMBQGA1UEBwwNTmV3IFlvcmsg Q2l0eTEQMA4GA1UECgwHTW9uZ29EQjEQMA4GA1UECwwHRHJpdmVyczEbMBkGA1UE AwwSRHJpdmVycyBUZXN0aW5nIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB -CgKCAQEAxTjF0WGvlWXVtzfL+sMHX6gAoS7G1Z0gL1p4iFH59YbGBbVRTgcOf3U3 -yclcyP5bxavT8uFYPwlKNrygUPEZZbc+kPWYuH75FA7KXTJSZxX/YPPV2RxoWljH -eoVapM1Fp6gVJ3MA7nPDGQw8KaRFWHW/7qO52hsHxPW+Of8cZwt473cqZTLpLqJY -jHkJOYDk9RmzAyCLTb1Jebg27MThpuBvwBRBmKXihsysLOu49v3Guk13sCPXhKhP -dGj4f6wJ4NMqraVhGrqcb4vBH/rwf4hzHWox/lEyBEZi2XOIg8pCd2AKrvlh23Pv -ar1MMTvImYNOGpsg1WXrUVGcT8WZ2QIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0G -CSqGSIb3DQEBCwUAA4IBAQByXF3qV07B5LF+YJhKzd/jc1si+rV45IZGHAYvwNx2 -Ftn7EKYGW/d4aGyHg2rTU0A0bch3EIXqE6zQH7YEs/HLDdfubRk6hIiddVGPJozK -Pw7tj5zReTFBe201X62+q8OypVbGZz2wXIGvh5H30c40s0k2AMpUi+DR5Dus+T+b -0if/Pwxsx8HCP1GMLQH6CpxD5gXCMVBGCg+dxZm1pnkZE3ZXHHWProyxJWdNmNK8 -GNWrl0PVSe7STBCmapoDJdgVXpqEz4+qJSPTXgL1HVX6o/wh+EDQRwCak269ia3x -GljNKUeJsvqh2iL3jz1l/vRYvkN5uq66YXEwacqP8NIM +CgKCAQEAtivC7IhVZ8tIMg+A0PPooBvh46mHE1wv4UOxbGQ8pTYl0IKQPiDQoKB4 +ZAXPRsImlWP0eXE+Fm5M/Xy5/kcQ378KjEVD+bDW8uO7WIo0pBr9ikZrXb7NzY6G +zJ86+xxKK2gsRDlz9oR4KhKkEtn/refCBbyyBknVkut4aIkEVhRgUkcz0TpaBb49 +UZtk03muOINZHEmxQG+0EHm2MSebuBDRIMWmpJm0UGgAacx7IkV5B1TKPmTh4xk5 +go4O4y0JnF5JN3mvwShUX0tPG4XXSb/52PcZRV7wrMLQpf8ANfd2ADuClAYLncJR +PHIJ5PoBFa9KTrUc6KwoLutGeNDP0wIDAQABoxMwETAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQBdOjwb+/O7c8C8r7ZIpe8ycaElrTlX6z0qWLgx +PSuz9twGfxHFcw28r61dMSsojFxVFoUpVxrcbCnFIk7oyiGNTX8MlShVtWswDlmp +Ch6PcB6UxqYhimCCLJG1m1Lcu8oKvj3Ujx8Yjc69S1sphpb3aMn8mBxYd05VMPcH +WLY2i+BByRA+t1+sEROo5I1zzMVHeqsUC1ajUH4Jq5CXl07fZAzrA6jVq7N4KS7v +XeNfhUt0x0xF4oeYBIFTdJJTn7Quy6zgtC4GFdQmS1QtyPmfU5Hasqbn/1ZCEKE6 +IRbWJMZIfc7JDScu2RXSsd8CPeWrCA+AhpzOlRLW/VmiMvrB -----END CERTIFICATE----- diff --git a/test/certificates/client.pem b/test/certificates/client.pem index 24a3a6eb6b..4971d523ab 100644 --- a/test/certificates/client.pem +++ b/test/certificates/client.pem @@ -1,49 +1,49 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAuRygTOnG7ttRP9IV+fdZbetsMJ3QCCLhws/Vv+zGUqHLR8Qo -G0J6PogYCBGQnXTy3NYN5N1DBH8k5pxamyAQERp/hW41re4oJ88i/OIK2PCRDdnI -4SnEZTOX9iLcdGR8sQoUtW8M2G6pNsvKiZhYskwF/oSsJnLda898KMKf6wCW/TF9 -9W4wlOSgdTvcAB+IrpZ2x2uBUJuyERvKy9k5WfxP2ikdHSXxIw4kwMokXLcJ1Q2k -n7COBBv00K7rBJyCdkrTE6hDnbfzsVZTuTEmaFp1TpDpOXge2ih5YMDREfscEcCl -R7jJpTL/LWbUy0n8TFqfvG5M6NIyJJFwajl4BwIDAQABAoIBABNsopGPknVsBCmb -RP0W7IZxRsgPN04zQtdrcbWTBfiTy737Im5B2owHQeZO2Yr8Q6PSvmB+q1KkeN3O -GF/gzG7PBgSdXPqkXAhZXwWEPrkm/UGj0cV22Yn5EQAeBl4cUU1Ojn+/aGypqA38 -8oLfvqbu/U4I4/ug4AU5H4Ezcw54sq32xCs/pzcNITOGRpIeNjynW+WtnTsWNOVm -KBMagHitFGavNnBbeiHsg7RsvSYZ2NYlr29yCpJlZFBZ3hYxC9ZAJiXWEYbBowxW -Uk9f2GSNRBytzsVRzhkL82/DUfKXXXXjOj1GZlnLaXUHZwvE7s0fteKZMpFbnUi3 -EWaRekkCgYEA3W9PP6bwkVP9D46NSg4AwFBHSrnUZ5GeOMwGoeagAEX7H1Exs15R -gfIKc1hRUYw+4b2zy4pgnsBRVJcAHOZCvOR5N/6nlFWU1tGBkQPBxTXN5jwoew30 -PQzQsRcHqMCxwysw8+nDsY5J5SGdznUFiOkoYi7XHM0tP4UL5qjF61sCgYEA1gHT -H/ec6VflqHpM9hFcTaQMOFYMn/4SNX8wk8wmN28AJPd3WkaOp8vsSr4JdefFz7fP -khbbpDOsmH3ynSCnWUT8XPQDRuhsmm/hUZd2dhDydSo8OhYzYoiV5NA6alJaustc -bbWjEB2xxnVTKnoBMz7rZmDEmM2ASz6vVowAAcUCgYA7wBFOR6maTWN3kyuk0+p3 -+jGChGpAGBbtlIAlp6l86WU9qhcTI1wzCDCxtx8aNhGxsBKX1ZsEuzg27xfktG1F -sxDSfzCQ4hbrcFTZ4H2kzUPl4E28BqPk5VRatLAoZPaSh1EKQAXCH3bpEQ0X7JO1 -wdRXyfPZnbOb9Dal4tylCQKBgHFtpilbZJ+JJwCVUhVaPkIooRF7ClYCpEQWlfjA -S8E15C2zvF7s5s+pFiTHdNw5bG8cTbhwxRnTCbgJiX4ewJRgLCJYcyQyLN3uTs6g -KPmLIfdX23QuMC4ZltkgRNX1sIExKFw92Z/BHWjC5sGsyNYQk1RAFfOneEhpgSWu -LpLBAoGAGrcpDU2lw2iDmaDYqItDlO6kbAcoAb6iQJJXc3c9vdEAfDNbJ+qO+T/a -3YHQ0/1w1XelHDa2ZCwbis2Ik0S6Q73wcapIjEV5+7sWWwZbUM7yPMUoqOe19fdt -aqE+sHpUAAduzULRoeh7/oxDoD+Ha2CfOgElnXctZWRvOxnFOVc= +MIIEowIBAAKCAQEAttV0C2SQIDO2jVeWSmp64eI5YFjDpIrSMiRx64sBBHna/jv5 +GutSJHBszK7y+UEfC36GrPzyOLLnMileyzvxTiOkf9GlwAtUiFfyliRBUQK796Cd +HOt46Na7p5c3L1zuYaci/pCRy6tGD+F8td8if6ywVUbfLjNW4x/yIzvh0XKuoP2r +fs2nfky6dMhc6E4KoudXez0xGlze9mVpNwYl9euIS7QnQ1m9L66F5gy6t2+SEmGM +yTYBcNHKZ2d/AJcN97ZQeYSiUcWOJMvwEr+ZXhoqAPmwT0x5kB01VPmbOFUTNYND +fK2uTAooVXQHvGJTDf5UEZrWTjcb6/ktakJPqwIDAQABAoIBAFUrq2LRRmiR3oUK +W7svzi2ixmqw/vaMKq3sF1uMBf3RTChpxLn7DGloK+7PwuVFJlKi7tbwAGBUSuot +pniTZG4roWpfvdBwFsFrAtlZa0nzNZ/95KK/uLPysDk6cp0wM+Yux1kB/MD9eOZV ++tP4bag/SGd5W+c4SE4GqDQspZ38/jy3rhKzfFvASE2Ve0jYEPfY0xqO3aQ1O+42 +UzBcQe6Lq8nbEh1MPbjCZSh/Ky90uAVEcI1hHLFtAq/WlgH7+kaarJwg/Dngh40q +g61YABgtmYsiyGritoHgQ+G9VphkZz4g1HH7CUQIyMmQPVmudVBCHlZNvD/jfgq8 +zEMrSYUCgYEA4tVMtyUUtHeAeTGDxBAYsSqXwsYxQqe77ZzANQa+ViawnLKgElVJ +bGPQB0j2e3ngQlx4nKev70gwzOhvG34z3YAMP8mTCaWjlsZMljxqJ8FxmrN9/kKX +WRrvzeyfUml6cOUifsy4eu7W8P3l0hd/I5giYSBohdEuoEdqCLhCg38CgYEAzlfR +t74G/blokMG/+ty3fc3o+nbWCYgiR/rAJZJHxHLy3ugS2oKreCC07Mw8IWRPKe0o +MbwwlgfCxykI/AzuFxWYFdIc+IFcdF8wTtMFI1MydXpiR3QxqqjqsTgve5zhtLgy +OZOF95awgdJiNU8w4ki/JQL7MWcnXeKyIH+smdUCgYEAy6oObmZp17twa+CMWY7G +TNRcXLKM6jcmYisa3MGIRlwIuTkcxjkzapGX5+KYBLeiJpNWa/mX2vVrc5/CmuHO +ebONy/wV/FRvtGGpxD7MZZOnh+pfVtq9f3DTHYa2ak1wdUsWlNkFTsOB0/Fz1xXn +vrLLM3/guT3famOUje27MssCgYAVbCClxuDK7rjgbn0T+l5CfWI2vqeyDaQhfPL9 +85Xn21dDtSxf6zkKG7ss6ndDsDpXy/tkTnls2hlqu+Pm5yDA3MkRWuMPGb8Thd5q +EJZz+GtArxgM+w88/JSBGag0WTFFpenw+FPsRITGtaTki/gzRgIyQYD6vA7mPGbp +4Nd2kQKBgFGftdMlOReVYotXikYVwyGYm3zCernrZcJkk8nz1sfA5dtWfveKwhYM +c5LiRvy3Kq57E2GQlOX8jkNzLG8lBmDdp7XwNeZQkiMBUUuNBwigufdSY7Gs1lSF +R1/Bju01Sonoct4PSATZ92HAIlb4jLkE4YwzTtdIjVzCdjSag90U -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIIDojCCAoqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER +MIIDszCCApugAwIBAgIBAjANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER MA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNV BAoMB01vbmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMg -VGVzdGluZyBDQTAeFw0yNjA2MDcxNDQwNDFaFw00NjA2MDMxNDQwNDFaMGkxDzAN +VGVzdGluZyBDQTAeFw0yNjA2MDcxNjQ2MzRaFw00NjA2MDMxNjQ2MzRaMGkxDzAN BgNVBAMMBmNsaWVudDEQMA4GA1UECwwHRHJpdmVyczEMMAoGA1UECgwDTURCMRYw FAYDVQQHDA1OZXcgWW9yayBDaXR5MREwDwYDVQQIDAhOZXcgWW9yazELMAkGA1UE -BhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5HKBM6cbu21E/ -0hX591lt62wwndAIIuHCz9W/7MZSoctHxCgbQno+iBgIEZCddPLc1g3k3UMEfyTm -nFqbIBARGn+FbjWt7ignzyL84grY8JEN2cjhKcRlM5f2Itx0ZHyxChS1bwzYbqk2 -y8qJmFiyTAX+hKwmct1rz3wowp/rAJb9MX31bjCU5KB1O9wAH4iulnbHa4FQm7IR -G8rL2TlZ/E/aKR0dJfEjDiTAyiRctwnVDaSfsI4EG/TQrusEnIJ2StMTqEOdt/Ox -VlO5MSZoWnVOkOk5eB7aKHlgwNER+xwRwKVHuMmlMv8tZtTLSfxMWp+8bkzo0jIk -kXBqOXgHAgMBAAGjRTBDMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcD -AjAfBgNVHSMEGDAWgBT4Dj3pNC2ZWJ8q1sWwfkj4H03pmjANBgkqhkiG9w0BAQsF -AAOCAQEAXB/eH7x92bayPaBXr+Pcm3ZoQL22la/YByga6N42xwPNHx0mH70hbf6R -zOZw1pU3vJ0Rx4mrQkfjNE9UkrhHvyF/jdhtyaaneLrE1NiAZfdhKkU4dLb9kV6u -hf8X0Z+Lzo7NTLPJHo2uVaYoVvgOamYK1oALxlIYiZkonCHHXJyCv6l/NQHVwXGd -0QSFYslV9NkpW913T/ZcX3doQ81yLdl4HlzI3Ta+AF7pqnxBibtEGECIYW1Jl7sn -RIiMMcz0gwXMghgdqI//8pO3tvfGBx0nBaKpB+y4hHlbfBlVUVKZA4tndSE3RNE+ -MOhV6IIFKhYkejnmhLQitvpybFqw2w== +BhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC21XQLZJAgM7aN +V5ZKanrh4jlgWMOkitIyJHHriwEEedr+O/ka61IkcGzMrvL5QR8Lfoas/PI4sucy +KV7LO/FOI6R/0aXAC1SIV/KWJEFRArv3oJ0c63jo1runlzcvXO5hpyL+kJHLq0YP +4Xy13yJ/rLBVRt8uM1bjH/IjO+HRcq6g/at+zad+TLp0yFzoTgqi51d7PTEaXN72 +ZWk3BiX164hLtCdDWb0vroXmDLq3b5ISYYzJNgFw0cpnZ38Alw33tlB5hKJRxY4k +y/ASv5leGioA+bBPTHmQHTVU+Zs4VRM1g0N8ra5MCihVdAe8YlMN/lQRmtZONxvr ++S1qQk+rAgMBAAGjVjBUMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcD +AjAfBgNVHSMEGDAWgBS7jDcgkwn6bfnpLrIixK9qJjBn4TAPBgkrBgEFBQcwAQUE +AgUAMA0GCSqGSIb3DQEBCwUAA4IBAQAsOBKVk0iB8MBN8/1mnzrlVZ0Md7VEid27 +fgK1b7xv37PlahEOe0tWxutX4iLneZS+XfWCpvok2UjqJi9di3bWeAckoNNo7GoZ +tu1uom6ne52nQIn7g5VNjOZk66NyAyvlPr+2SMu40GxnOe8OihpNk0aqT4x/Ux54 +/9pLbBd8oHru5Acqwnez3mzSr/wj8l88lpdwFmAx8xvtEzOGn0vOZA1YXHS1lzOZ +jecVNu5q94kXf+3zyVyzE2IgHd+K4Sx7hGuFN2PB05acFV36ZjmdSWFtBxmFV3/8 +rt/0ztRoJyBoX1oSCYIuPtwiYSV0JnaM23YJzPdztv/JnB43Qh3O -----END CERTIFICATE----- diff --git a/test/certificates/crl.pem b/test/certificates/crl.pem index 2cd6afd097..d1a95df0de 100644 --- a/test/certificates/crl.pem +++ b/test/certificates/crl.pem @@ -2,11 +2,11 @@ MIIB2DCBwQIBATANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzERMA8GA1UE CAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01v bmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMgVGVzdGlu -ZyBDQRcNMjYwNjA4MTQ0MDQxWhcNNDYwNjAzMTQ0MDQxWjAUMBICAQEXDTI2MDYw -ODE0NDA0MVowDQYJKoZIhvcNAQELBQADggEBAIXW67werrJCUtUgkbYEzqb2CxQD -/ayr8bf+0vlVoi4w1xjh8C03s3NFBDFSJ8kGQaNMR+Oko9gATUwkY+21+XCzT+4Q -wjaDrJKu1zW6L6aBG8gxOGoxcDbEDizQX8cl9QMIPxDHcslqXGgWlO6o0YOYHThi -BfM1jPP21ZcuQNH4NpnpjhmnIwj5HDYdHVuWKCoxLkpBR/tTMJOtT7g5Pfle5RvU -TJNmY8noQ5TZbO0wJvE8Jb1H531q0OMdgrZ0kM9y2+QudrdDclblvUdpAnax2Jjq -up49pMnDy1hQXgpJffiS4CzVzV9AEGhPgwIdV/xBGFw4xbYVoBaIRnWo7VQ= +ZyBDQRcNMjYwNjA4MTY0NjM0WhcNNDYwNjAzMTY0NjM0WjAUMBICAQEXDTI2MDYw +ODE2NDYzNFowDQYJKoZIhvcNAQELBQADggEBAF6NeCwKF477Zt9hYpVuk7d3Aqhk +m7RXgcrcPpWSA8dDAFCoaxAl09NAEjwePW7n93XEaxSIgyA2NFvvMvJ+nMaIpjNo +HbznIS+57jsxqwbK3mFt268Dv3W4Qrdv1ZFOW+cxd8Wn9XWCwA2Hcvf8lkL6DC4s +qJ8bHVK/GFL9WKBrBK8Xtz1V3jicYn7XdNY5HBxJg0QZkSCTK55nIWBaJLuZPlZ7 +nBARgl2uY2C5MrEjjubQZiFAf081IelQtPIZMRY1E2DhGlKcF3qYKT9xzuVEu4zs +mxkaG8Nf3gHuycnKJQOXvd9ZCYSIB4KHJ7egFCUgLefKSFY4/JNQP2IIWi0= -----END X509 CRL----- diff --git a/test/certificates/expired.pem b/test/certificates/expired.pem index 5ddf325461..141db20b34 100644 --- a/test/certificates/expired.pem +++ b/test/certificates/expired.pem @@ -1,29 +1,29 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAq4Pw2/PV4aBoSt1YE1d4SFL8bi4HaypP7J/cdW6RtxloXKr/ -DqfVQPDdiTIWQE5lrKDzqDpA4Ms7ecIH1iRnEvGXV1Ylj+n+gBF2Vi7UE4JGKbnx -+10X7ysy3X8hNwN571lxvjnVUaO6IHEjLlhNXOsLoOvOz9C78Evk4rRd6dNpt9du -L+4y4XunstTTbqsuV7puzR27HCkwn3Xbz470jPMpUQJ/NRPA9b6+WHaEI7kEp805 -Sklig8nap/GdDxd2i5EPZqpcbgV0RfN42t3Qsak98Beb919xR01GXU1Jurwn2wcJ -EUAnKbBxXyIx4Ltw3Bfald7htvFryhhKjx4tWQIDAQABAoIBAAg0Ma1nqqOV718j -Wr7kGHAHLiVcBMVSuwtzsxEX5pbmO3hxQm1ySDBIxSP2lhth1JmvAjCaBrfp6LCg -gAz1ZUvB7A4EpBvP4rk//JPPPhwnx1DgIMu37njlbVOsbMuLmkXBVsA1VneG+BRs -rPTeyuaGpKIAHX6RuqeaDbrtSy+vtbKPdmuc6g+ariIpkrI920UDdgbfpFAu/4hs -+951C+RVvu9+ZX5HhVFw9/q2+qxGzZj6rbMuSGxifb2ftnMEFAWDUzCI8sPB3QwH -F05zYbMMA4zS0QIVvbYaJN+HEDaOYFXC11hHWfDYZL/Wt3k/evUJd2pExKajomNU -qHHhN70CgYEA5yr5en/uywMVahYzXY9hoZb9v8kt69Nucpkq/sRJ3ZDV7yDr0b3k -0jAc2Up105aq4EBp2tya/KdY4TPIzVeOZ9FZL2rSly4uI8QohSRo4hjCBc5z8SKl -OESFqFruSlMXIaVc5I/R4sJUCnvBkeQw7j4QFFFIR6UcTJBvaCq41X0CgYEAvfCL -9iwPhTnTBQ0WVbtPOYF9Kk1xLCwPWaTS2lAkFsUZ9YIdVZmQMCCvpDKSWUVVsPJx -A0K/Rg8pkYFFPs3EOI2PV51DZrSCgDAdxikZby9amrG1KEwUyR82B9VWgVhIxZnq -KNL1GVRoYOhcnkY/Zv4dn7PnRfEPvCXU65OQjg0CgYEAy7cJZ7S6IVm0U2sBFSA3 -74j6UTrfJwWKPZ9RTnZ4ibMLdNJUPt/TeI9BvRNrRm1uZHUfU+o5AxIOt1dFTAAu -1Lqel7TRpLzjmE1TUBHIBAfBZBCOCCB57V4lUzne6MzUg6gQdrNvSR/ro9lvujuY -CzvSO7VttwWALNDT/L45aJkCgYEAiUg7YQonjZtlsdjrs7tWX7H/zXt7uPl/fsNq -wu/5pZuAT7pjiWMcnCyDxqHmtS8v6FzS4hB0PybmXIyah/IhSN7IJAM+nBUL3arp -WjiKcZpAWl7nGOEkhNlSLAc+Ju6wamH8pNUU4eHoL2LCzoLngIFa1/snxZ2eSdbu -NfbKHGECgYBEdsSWW93KOU4DbEezFWFd83H0ySvf1crdHr7psWBXTpYLnKN9HfS/ -GZ26sYeeq3ouJxG8Eb2yhYCtI20JnWk8lhjYA5lQSA6H0nyqrzKRfPdGerhTKgDK -FHUALHvAM6yF7EpA0ibXGCSrDHJAGGIlMAyUzObbDlTs5+Qwd20+lw== +MIIEpAIBAAKCAQEA+JjRo9fw3m4ldcmlEWfr3toV82PzadoT01MssjOCNfz0R0cI +BOxkzUkDsVLnhbcyksK5cfqvC5aQoCjXwG/fugkN579zvsmPwHhfu8zJLpO9k8Jg ++0kohDDb+k6PQ8OcPU6unRswLQZ43uiRiB9AHbE/BfchXOE9xAnHfHxin47k3dTQ +vj8dHuDyIDe6s7guUNstfdtZq+Xa9DJDuhIEShMBLt4GalEqfUOJ7zZhBB5ag7sm +Waognhvynzj2nmPQ3FCIXnfK1y3at/jEXQxm1ubwVXpG5iFxvYPDRR4JWsYy9yTA +h7QOpZKbh5Kp60kD+AslKyJos+/kTc8RKC1SwwIDAQABAoIBADt9usGWZj6cpltL +P7TsJS6mCxW9aB1/QjpSz8HvgKwx1jWOgpVHCxJzdC5F1EEUJ8amUeG8Z5KC3CZv +z73uJ+Cp1QmOMAFK1Btv0x0qs0Rxt676F+JazhbgaGw8y50gXS3wu+m9/WfxAhD6 +IAWu0NWqOpZPX00OXA0jd/lK/QEIpO2p3EufDCKfJT2jtfl5nAWvR2Iw2FnJ9CpK +HHfhJIX9QNV4v4Uh416MmjdaRCjeDS+ScFOqGbFY0izUXlRsZ1chrB1CK0pShbpi +FnU98uor5QHndBe8xdS3Np449BNH5GhoSivrR0rewaSytM4Ze1E4HGbD94v0Ksrx +Mq52Q50CgYEA/vqYIFBdDseN9LUNciQT8sfmFEtS99HGhXjv1fH3sjEsMuzZaS5Y +gAk+67M00Xq/X6Ds5xkQ1xq8Hgapu49NZaR7g5/KhqVl6gSdwSDQss2AkAPr7EEF +btDWRTp/FLp9lll2YP7KVOqEquGzk8yNzSrkoHPYIPi5gLS70d4BNf0CgYEA+Zeu +ju1C4RMyLuN9eJ7tMicWsJe5BhUkF8CkwPJo8QPGdvvgksog/dLH8Qye/JAqgl0o +9HvRxEUzQqzOrNdM4DY5Xh0f5J/EhyZzgfoks6ay0lInCdXcI4vGspX+Izt3Qm9t +USi7L31elUG/0eKojNozqAhV310ygiLjtG2mp78CgYEAu8i/BP1qq5nYOGKnFmrv +rhv+nO+kmRMLy/z3VW+w5rFERfUdYVNapmEoz9nZinWGP9162/Af8Oulo89wbcvq +SnNK6/Ng6q0hU6o2rKeITEcA6g+ZTxPL9oMjazTbpt5546Lbhi/fv45ASsGSycUa +ogF3A5yNjirgI6P3t2ZzKdkCgYAJtSmX64h/YpTAGB8IMv48xiJuyefrYaUeu2Jt +EsCcJy5v8EoCy5PO64TVTk1cu2q72U2/fJVjEeH1hO0g8drOma1PiMh1xvUI4Kj7 +dDQ7PI+V+JYGHuhKBaS7y3OwAR8ZWWYiEvh81153ZbBFRJCTseTycyiL4H8Xaq36 +lY021wKBgQDV+wxziAlb3UK1M2BAcYKKd8QdFcyC7xmbCyEv+uQUxGJ/DBZ+fGVG +rW973uFRxrBwVkss7WWA/odnP5KuCvsj9uCMWfezPsTlt41pV56O3Xe0cnbbPBGU +v6Y3z4UBT8g91c2307BbX/+krr/2Gq3zvWl8G486zNxNM1mZJof4Ag== -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDtTCCAp2gAwIBAgIBBDANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER @@ -32,18 +32,18 @@ BAoMB01vbmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMg VGVzdGluZyBDQTAeFw0wMDAxMDEwMDAwMDBaFw0wMTAxMDEwMDAwMDBaMHAxCzAJ BgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazEWMBQGA1UEBwwNTmV3IFlvcmsg Q2l0eTEQMA4GA1UECgwHTW9uZ29EQjEQMA4GA1UECwwHRHJpdmVyczESMBAGA1UE -AwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq4Pw -2/PV4aBoSt1YE1d4SFL8bi4HaypP7J/cdW6RtxloXKr/DqfVQPDdiTIWQE5lrKDz -qDpA4Ms7ecIH1iRnEvGXV1Ylj+n+gBF2Vi7UE4JGKbnx+10X7ysy3X8hNwN571lx -vjnVUaO6IHEjLlhNXOsLoOvOz9C78Evk4rRd6dNpt9duL+4y4XunstTTbqsuV7pu -zR27HCkwn3Xbz470jPMpUQJ/NRPA9b6+WHaEI7kEp805Sklig8nap/GdDxd2i5EP -ZqpcbgV0RfN42t3Qsak98Beb919xR01GXU1Jurwn2wcJEUAnKbBxXyIx4Ltw3Bfa -ld7htvFryhhKjx4tWQIDAQABo1EwTzAsBgNVHREEJTAjgglsb2NhbGhvc3SHBH8A -AAGHEAAAAAAAAAAAAAAAAAAAAAEwHwYDVR0jBBgwFoAU+A496TQtmVifKtbFsH5I -+B9N6ZowDQYJKoZIhvcNAQELBQADggEBAE1vb99WxOr5zlobULL8hrjCXbH5dkL8 -djZfloUZiflzmz5ICxkBe7irBJhK8k4CdE1+NsYHXeEbnfaPxV8Ex8ytQhS7xAOl -nw5TnJX7Su2N9lFW9TLh1nBPX7JxZtK2tCGKM/iTWDrJUw75DadZKexMSZaV0SZR -bjKj/jIFjf4mqkLs97pKXvhjbq6PN0VdRcE+PDxMrAZiJAoF/WThiJ4DCOpts6iQ -tWEcaf5poR4HNaehFS3H92X8Ots5On6nhTlfpMSsDxZjg+c5OQ33yIdgMh437LJL -XQT9eqoqw0l0VUvBQlWTpHZPwH+nGJyj5Jqe1Lo3W+G7I2sDpUPnbBk= +AwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+JjR +o9fw3m4ldcmlEWfr3toV82PzadoT01MssjOCNfz0R0cIBOxkzUkDsVLnhbcyksK5 +cfqvC5aQoCjXwG/fugkN579zvsmPwHhfu8zJLpO9k8Jg+0kohDDb+k6PQ8OcPU6u +nRswLQZ43uiRiB9AHbE/BfchXOE9xAnHfHxin47k3dTQvj8dHuDyIDe6s7guUNst +fdtZq+Xa9DJDuhIEShMBLt4GalEqfUOJ7zZhBB5ag7smWaognhvynzj2nmPQ3FCI +XnfK1y3at/jEXQxm1ubwVXpG5iFxvYPDRR4JWsYy9yTAh7QOpZKbh5Kp60kD+Asl +KyJos+/kTc8RKC1SwwIDAQABo1EwTzAsBgNVHREEJTAjgglsb2NhbGhvc3SHBH8A +AAGHEAAAAAAAAAAAAAAAAAAAAAEwHwYDVR0jBBgwFoAUu4w3IJMJ+m356S6yIsSv +aiYwZ+EwDQYJKoZIhvcNAQELBQADggEBAGW/3QzJYeUK6vScwm4nuN8oW7ha9NQl +jqlPAPV6jNCDY5aQJ3zN9v/DDKE1Umpmv739LmyQS1xmKnvT7C3s4nI/BL312Mb5 +9UypdnvB9VGxTs2OaglxPsfMqxacq7wr5MC6ikIv7GieA0EEsWqkKeSf7id3z3cr +WeYmCPGID1OrYpWMT/fTFBEVVYrDpBZc9sla25u7l2ymK2JjqWZorrJAAkzo6WkW +ZRfAh3SUzgHVZMJ9dSdRT0xFiu31tpwKRAdRs/sKVJ/+MIlpfwxjx52RJQCzDd92 +DlaJ/lYEJuwPdOylRi+9EtC5enfyIvlqft00teDAMYM6ZM8D/cLbyBU= -----END CERTIFICATE----- diff --git a/test/certificates/gen-certs.py b/test/certificates/gen-certs.py index bf44694a03..4fd00cee60 100755 --- a/test/certificates/gen-certs.py +++ b/test/certificates/gen-certs.py @@ -133,10 +133,7 @@ def server_san() -> x509.SubjectAlternativeName: .serial_number(100) .not_valid_before(NOT_BEFORE) .not_valid_after(NOT_AFTER) - # basicConstraints without critical flag, no SKI — matches old x509gen CA - # structure. Omitting SKI prevents macOS SecTrust from resolving the CA - # via AKI keyid, so it skips OCSP revocation checking for inter-node TLS. - .add_extension(x509.BasicConstraints(ca=True, path_length=None), critical=False) + .add_extension(x509.BasicConstraints(ca=True, path_length=None), critical=True) .sign(ca_key, hashes.SHA256()) ) (SCRIPT_DIR / "ca.pem").write_bytes(cert_pem(ca_cert)) @@ -158,6 +155,11 @@ def server_san() -> x509.SubjectAlternativeName: .not_valid_after(NOT_AFTER) .add_extension(server_san(), critical=False) .add_extension(aki_from_ca(ca_key), critical=False) + # OCSPNoCheck tells macOS SecTrust to skip OCSP revocation checking for + # this cert. Without it, MongoDB Enterprise's hard-fail OCSP policy + # (kSecRevocationRequirePositiveResponse) causes CSSMERR_TP_CERT_SUSPENDED + # during replica-set inter-node TLS on macOS when AKI is present. + .add_extension(x509.OCSPNoCheck(), critical=False) .sign(ca_key, hashes.SHA256()) ) (SCRIPT_DIR / "server.pem").write_bytes(key_pem(server_key) + cert_pem(server_cert)) @@ -196,6 +198,7 @@ def server_san() -> x509.SubjectAlternativeName: critical=False, ) .add_extension(aki_from_ca(ca_key), critical=False) + .add_extension(x509.OCSPNoCheck(), critical=False) .sign(ca_key, hashes.SHA256()) ) (SCRIPT_DIR / "client.pem").write_bytes(key_pem(client_key) + cert_pem(client_cert)) @@ -299,7 +302,7 @@ def server_san() -> x509.SubjectAlternativeName: .serial_number(200) .not_valid_before(NOT_BEFORE) .not_valid_after(NOT_AFTER) - .add_extension(x509.BasicConstraints(ca=True, path_length=None), critical=False) + .add_extension(x509.BasicConstraints(ca=True, path_length=None), critical=True) .sign(trusted_ca_key, hashes.SHA256()) ) (SCRIPT_DIR / "trusted-ca.pem").write_bytes(cert_pem(trusted_ca_cert)) diff --git a/test/certificates/password_protected.pem b/test/certificates/password_protected.pem index 4c912a26e5..0a4202b87c 100644 --- a/test/certificates/password_protected.pem +++ b/test/certificates/password_protected.pem @@ -1,52 +1,52 @@ -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: AES-256-CBC,ACE894CD3148E73BAF1F3F4372149CDC +DEK-Info: AES-256-CBC,CD109B29CB2ED1E1F980D87AD3B2D4A6 -WIOLZOyncVs7TWk/9OQSqP3yMKgtLY8I/OfmaZTAkTBk16ok39WLcMHBdfsCOQKN -D2cZUDgAWMpQDsuvrqmazDfO1fJiKF0fRUspKyPTBPEMoWu7tLgS0HUteSylKEfj -TCT1U5yxcjMZ6Ytj4b6E6ur/zIV3fFrXhfpaF8+EDxbSpdaESVfyZZwmrXc2P0Yl -iUedLaVL6atXrzQ7x6MyzNxQGWFlxkETmD0QB5mTvNOiBFiBwpQ/+JnnKo1KQs+H -uwRcQYU2bw77vuovFiukRQ+50bcVRwYq8ebw+nclExZC+eW7N9gPR1k76cHZpXga -91GzwZacMbLrL4STWqFFhQoICEm5aWO0YGodHl3vlpcrkWIjjshinHPEPUVB0EQ4 -I5fY4DO+P5bOoIztlkn6mxSBSGfZpq/p3xFW7pk1IiSJzDyc5bav6+e3maPNG1iT -YMluXSdmuL1NUpgI6BnTyOEmhKTEQWmvJOW9BcCApph7htVVPcT6zLPCtR1BO+3b -qQ/c91sjN7FXfJY+qGGk/swJWwBHITsRW+iYRMqodCtMbDbwH0Zg5FxvUGMm/yOZ -F/vo39zBfXPnI3mUJ+ZuKhkX7fk3SXCt5/lzukvZCFno+4qk0X8AXveDNFPlhScI -xQ7MUCzbg+aZ+l7F/C/sLQrKr1aU00tNitvUwia3NR0Vs7atnKaQJttx8DSa0iBx -bRMq0V1v/aua3b7SUZz7hrvKex855vQPTVSQLMDpR5MmC6M5izA8dXemDdHoafHq -wtTzletA83Y4HRC9Sx0QT7zr5gG5Ng+DnM0yPAH1sUP+rArbl/DqHVxmNkGFo4uL -F80lSToqSvocPZ8jlTDVq7KmTm0B7EIeG0Qp6gzH6iRnT2PArSN4VHnyn1c4POas -ClC15kWXE3qo0RBc88DYzJAuBh5/uk0JhqpCnUKMLnBQskdwVlUUKvNtzHDalvUc -SaddsBUjsNw2dyc9wmK/ai5sFbNIUP9fLK9DAQJWf+u+T5l8TqUYQTG784opNXda -gTI0drGuYJLEK/JxxICD5ZWqpb2KHtSkePfkloKkSj4KRVpL5kvkNMEEjOYOUvjw -qyGia043F8ZIV9K0kgyk8bCgMfU78EsHcFMA8IWaGyCUJi0ocyQydtI8JPIB8Ot9 -CdCSI06wIrVC8ctkrody31jtNtHzNTuBvnd4b1LGOmuzOL2NukE0zcsjXo3+xjPc -hsKp7wsAzVRP1D6bj/gCCjo9c9qFPDw8NTJfS4jpckmIj2ilNH8phdMzV+wImveW -F8sg+tPbvaQQUHDUu7wTZDwL/we5z+FcFo0Evgvrvm2xGBVH8Z6VGZ/Gcr2iWnCl -qMxdhGH8c7vyUBsQlsutwJ8m1PhCs//hRmvrY1lMdq+UND3ncIZTFZRdlT6djb6/ -Gsr8jdCEr7XJJAUUDNqDcWKi54QpxImxiEr8OBcCyxbdCWFjLNXroFxwm1bKnuJu -+z37mzjuJGqCEfxb1mbmTQW8OU8BplBlqbWfYdlkYxVo/dez89qujwl4HGsYpEfu -PEAnLqXlPWlKRw9u8e/FQl/SWZEEdQDB4hsDT45p9h6FEkFeYO2e2WO0PTturI8x +zdAY4vil6uYL6KeaFDrMxIqcI4GYxAtur4N/V2tVb687zYNPtdrpYbavsHBAX4an +BkKcsfYHVeCx5NNCyZdUcgbJR4VqRUKkF9g+ou8WzsNMmPcgz8WrSR17c++LqFOX +2HtvuWEOvNoOiCRQQVfB33KCMZp6td5lRNkIJ0RkO0ojE3Oi0VW5qydER0BQ0FuK +P7BnxD7ydqEaIY5gZcTV7CCLwO5R2ryahXvBuyK22DEQwA0Jni+4Bm1KDuoAxnVm +t2xB+xac6nVBdrKrdVRn+W+kXNkDWdQmHh6UTEQhZVgW6oLXsbLEu2uy3gOdH53m +LTHuWcJd82CxtpyJ1S1SGtOgE3HjjKWQ/6O7YMXWmuiJHdoBx+HwlcOCjx8ps6+v +0KOVP/OYxZSTU6bVlYhjeEFGt016dDFMwg94aA3tq5jImfPs4a9zCAG5vffS8joz +7ohg4Gr29um0CLbnYitVCPWoVfAlORzoSjzExDpHg7/AZlAOV0jWqkDRAIO+m8Z4 +rxnPZ2EU8oPZmY0GEuW6YVqFQ3NKdifr2/9weAo8KB86ODc2LtCad2aHcgLFeLyG +xgV6ECJaXYy5vCHVXsYifQvdg/ptYN2ekThmAHVJFWJEJyH37Q+YmEoLiRfBsrdw +KEoQR8Pc3vMp41TeSrrNu8xCGG7cjjAJj3+F3zQVPUN9cn7zrKwiU8FL4zo3MV1M +XoTLzOM1NObZAyEbUYcTBPOBtYRq0CIKxOx/6Hwg1k8QXh9Vuft/EeWd5fqLUtx/ +kNW7jSsd/d165cbY10XVZmuCHqGaMHlIr7llHXrETbOqJPG2CCT7a8wX4Dih8ZF9 +x2NBPgVR6bS+BnnmjocHzqPzmFPunDcWjoUkkgX+wHm8ZhltrbhD+eIhyDkaWZD8 +QsrDgdB+9fceYRha0hUjzBYIIvRUsQpIT2s3OJDwWQkJ4l1QavluLu4bvr3GqWL8 +GfzzoD1UZK7KZnzLwsJwJwt8po1g04buT3N98Xk/s6HmlLLYe8+1sQaX/XMjXmg6 +7/SABoi9JRrogUZtYdThpYP47Q1CC9PD9IC3aXo5O5+deo25s+WJ7GSxm6ocKO0s +5yg2BkEBkF4ig7JZisVaWrgzgTdJzeBux6CcIgdt9qqcuhQU00k+VGDTGM3Wsx+y +Y5KzhZZ8RdKv9USmOS9jnpL3XADCWFrGIcC1bbzs2B8EUlpFWTkSZvnpUvJPNUqi +SEiepHif1DnOe+oBp/w4xLkR6rB5Bjs6qU46Gq8equlDIu0Mu+fCD1ZrKrwbsrJx +EL3ZJ6pCOAm6yddEbddbXY3gL80L3JXTmBgopdq9bn4CgYC53qZeNJcwNSHD/LaC +Tq6XSeo7XM0iQ4VVhW37dWBXRSmtKjgykfOfFw3QMjzu8M7DgKX/nN/FC1bkZkyB +nSQvQy26djNlW7DD8lVl75N8yDkMbNnYolEJb9h5o7paoNGSPEJjYJdZLYqS5qv1 +P0TljqrufzdTRBQ8hHvv5javcjEbc9Ng58PeQNaqShQttcn01Kl+nOmXNBOzLEg/ +XpWewTnDLdUjWpuyHmSvTOJzoVgdQ0B4qLPIvuCE4G8G3eCSQ6elerMH3VYj6GRY -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIIDojCCAoqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER +MIIDszCCApugAwIBAgIBAjANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER MA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNV BAoMB01vbmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMg -VGVzdGluZyBDQTAeFw0yNjA2MDcxNDQwNDFaFw00NjA2MDMxNDQwNDFaMGkxDzAN +VGVzdGluZyBDQTAeFw0yNjA2MDcxNjQ2MzRaFw00NjA2MDMxNjQ2MzRaMGkxDzAN BgNVBAMMBmNsaWVudDEQMA4GA1UECwwHRHJpdmVyczEMMAoGA1UECgwDTURCMRYw FAYDVQQHDA1OZXcgWW9yayBDaXR5MREwDwYDVQQIDAhOZXcgWW9yazELMAkGA1UE -BhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5HKBM6cbu21E/ -0hX591lt62wwndAIIuHCz9W/7MZSoctHxCgbQno+iBgIEZCddPLc1g3k3UMEfyTm -nFqbIBARGn+FbjWt7ignzyL84grY8JEN2cjhKcRlM5f2Itx0ZHyxChS1bwzYbqk2 -y8qJmFiyTAX+hKwmct1rz3wowp/rAJb9MX31bjCU5KB1O9wAH4iulnbHa4FQm7IR -G8rL2TlZ/E/aKR0dJfEjDiTAyiRctwnVDaSfsI4EG/TQrusEnIJ2StMTqEOdt/Ox -VlO5MSZoWnVOkOk5eB7aKHlgwNER+xwRwKVHuMmlMv8tZtTLSfxMWp+8bkzo0jIk -kXBqOXgHAgMBAAGjRTBDMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcD -AjAfBgNVHSMEGDAWgBT4Dj3pNC2ZWJ8q1sWwfkj4H03pmjANBgkqhkiG9w0BAQsF -AAOCAQEAXB/eH7x92bayPaBXr+Pcm3ZoQL22la/YByga6N42xwPNHx0mH70hbf6R -zOZw1pU3vJ0Rx4mrQkfjNE9UkrhHvyF/jdhtyaaneLrE1NiAZfdhKkU4dLb9kV6u -hf8X0Z+Lzo7NTLPJHo2uVaYoVvgOamYK1oALxlIYiZkonCHHXJyCv6l/NQHVwXGd -0QSFYslV9NkpW913T/ZcX3doQ81yLdl4HlzI3Ta+AF7pqnxBibtEGECIYW1Jl7sn -RIiMMcz0gwXMghgdqI//8pO3tvfGBx0nBaKpB+y4hHlbfBlVUVKZA4tndSE3RNE+ -MOhV6IIFKhYkejnmhLQitvpybFqw2w== +BhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC21XQLZJAgM7aN +V5ZKanrh4jlgWMOkitIyJHHriwEEedr+O/ka61IkcGzMrvL5QR8Lfoas/PI4sucy +KV7LO/FOI6R/0aXAC1SIV/KWJEFRArv3oJ0c63jo1runlzcvXO5hpyL+kJHLq0YP +4Xy13yJ/rLBVRt8uM1bjH/IjO+HRcq6g/at+zad+TLp0yFzoTgqi51d7PTEaXN72 +ZWk3BiX164hLtCdDWb0vroXmDLq3b5ISYYzJNgFw0cpnZ38Alw33tlB5hKJRxY4k +y/ASv5leGioA+bBPTHmQHTVU+Zs4VRM1g0N8ra5MCihVdAe8YlMN/lQRmtZONxvr ++S1qQk+rAgMBAAGjVjBUMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcD +AjAfBgNVHSMEGDAWgBS7jDcgkwn6bfnpLrIixK9qJjBn4TAPBgkrBgEFBQcwAQUE +AgUAMA0GCSqGSIb3DQEBCwUAA4IBAQAsOBKVk0iB8MBN8/1mnzrlVZ0Md7VEid27 +fgK1b7xv37PlahEOe0tWxutX4iLneZS+XfWCpvok2UjqJi9di3bWeAckoNNo7GoZ +tu1uom6ne52nQIn7g5VNjOZk66NyAyvlPr+2SMu40GxnOe8OihpNk0aqT4x/Ux54 +/9pLbBd8oHru5Acqwnez3mzSr/wj8l88lpdwFmAx8xvtEzOGn0vOZA1YXHS1lzOZ +jecVNu5q94kXf+3zyVyzE2IgHd+K4Sx7hGuFN2PB05acFV36ZjmdSWFtBxmFV3/8 +rt/0ztRoJyBoX1oSCYIuPtwiYSV0JnaM23YJzPdztv/JnB43Qh3O -----END CERTIFICATE----- diff --git a/test/certificates/server.pem b/test/certificates/server.pem index 6eb66f594c..6a2d8afb33 100644 --- a/test/certificates/server.pem +++ b/test/certificates/server.pem @@ -1,49 +1,50 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEA0hBNfElPk0JZEnSzJHx4bsEgju56r2GmyParCLUR3BvKyqpX -rRLx3TacFDDff92ldI8jZL/Akh1/VZVJe7gTEGmirUGhjAe3efITE5ORERxA8926 -NaUxpzta/IZUNIDwDQQYS/ecYohC4j4qAhWJePKZxeV/HMhNxdp3/9TcnpTBglca -ttVYwXvZc3Y5nwiScmTuisqw6ngpRRRnt+AVcpr3cffCAs8NKwOgf7ed//p6zkP2 -5uoaWuwNS8Gyid5P0HaNxiRjb9mq7D9dL3DxhR4oeCmyX06/rjDp5KsRcSkQvg5L -iSahW9kEA6zYNd2P2ExbZOwVsCokibWSjF8nvwIDAQABAoIBAA861ltV91p+W3Xe -lyRkj9i70M/8E1IG2vBEDgduFVLngu7ppbyrHHUE4hEGsBWVrMrEG/VQf7Y4RESg -s7iwElXEyuIT2ZIM9yz0s5ReRQzAByeHIlqEVRLCV2jqlk1OMdlHvDk5xRFRvsOn -bSVEiXiG4kY6Stp73UOkgMHAHZSzo6fP6yK41k7jwzgXe9pq2fQw6M42QytT0em1 -1i+MJmkbjn30OqbMvY9Tlsj5QEeenzMaRa3VUB7F2nKXSIyKfw67JWr74gKfCpl9 -UmyQjq8CylUKoFXzVcyh1KkdLZQwxCotjhNB5/omYE+OaelBl4nena+JkQlNLBbq -7QxC7IUCgYEA7NR/h8oQX1HF9TAMoGeiFyOxvZjidz6GMZjq/D2uv7z/W1yslKs6 -jxqbHNcQAQlTGi2hKY498HE/CRzWu04nxEg3NZb87Z/pPmzbk71y06mIT1X2eYRP -xI80OkwIHcMGQzpmL+dx4A8WWiSSnrq+2XT0rUp5Hi/XPR+4F/IX31sCgYEA4xEp -Y9rpEiCIjDVCN4O1A/Bk9f8Fz4Aycjc70x4LMQ8FCwRPbYJIsazjWXgb5QFF5TxD -ZX3LcTcgYjPxZYfJNVexUJSW9eEflPVHSkzKg+zojxZ0/IkDCQX0LzVnB4qO3MPC -YvnS98RnXrBTETmhpXj3URojoL0BgCcL1tTKim0CgYALW5mOIpOsbpiGzLoeSzoL -0AtrI1ThER+Qa1wBotepnF/GuugP7TJOwKDlvi6nThItNDkBbC/uQxAZ2Mc3jmT7 -1dbH/Ci/IKcn9kKFkFVcb0n5PA8o/r5wl8mSbikJfFvlh3x1Ga1taGvTAOQDNsOG -XESLtwGd//9bkBTdGSAp9wKBgQCubluWau+KzlU3KB6zGMlwujZEx2EGUxvto8Kg -Xr8IM9qS6P+/R0tiukZ4T41WMdEo1U+M4sLrOQb2iaKSdWo7QR9koJELV6J0Qqw+ -Rpl4GQFaEk1SRkp/nwRDU8nPAEDZFMT6VaIcVdN26QsW+2fS/wc2VVczPp6tfNFa -emMRTQKBgBRiKSQtnWq8hMkGiXl1g/0uoRgITZie+JbvKQdwEHQ1urGjwEQhVLRK -hHFq3hWwgg7L5IDdyJq2pM7XiXl+YW+skPW09+zNzuwDJP0pqfpqo4BtGcGAB4r7 -KSCywCfo61cqwv9rf5RLvfTjOS/fyiwdlKgGQdrFetzVQobAClbf +MIIEogIBAAKCAQEApnGeOYXcLNRyDN6Mg6CZYCjemex7Oc3s1SFrBAWCg1fZ9crd +AGka73j2RQyQlRyJv9kMLgNtc5xzTKsFde50h87ZvPe470TYe4TR2MdkNV4TKy/q +SZeRqcoMOgvxitvaR0s80avi+QQzyGl0Pb+hQfL+SMbLdFXEZ3Sfb29001bG1NnQ +KpT6rry3xpHTlBun+Hk4DcLa/3dwVSRLW8Yweh6cN25Z7ywZjHlSf6rnul2ivP/P +W7hKGKde/bssNwJyt5fHuKa9lxc2GkrPlRf03jiBLjF0CUeIvkaZuzRBe5Etnlf/ +5SmSwsjtsW7swcRUm0BkQWmlvlP6qG2PQfjLkwIDAQABAoIBAAf6OLUVS0Tv/Voy +wNvxzEtPE8HSrOJ+3uO/AWP4DaLU7zK4J+W3cLda/iOEfPOHCO69U1E4EDyZZyKD +RrSgNE0EDYYtZPUKDcqRxmsHV30bueIShSSrOcVZ1HWXXlrWiCMHO9S2BWydyaUv +F+3ghU6Y/ALdJrtrMInGDa3OH9sD+q9+R4W17o7pUP8Eu9be97DnAFQwNaTK3Qx1 +pHjrKkmr8SFGg4cyMCXMRni3KQeH+6QHVxBLIbDioGjGuNNngYgL0aZbw8DNH2Vp +S6My1QCQZ3yaQ0jS/yzgCCPQyglQf3LmE3ydIyK9FaKgOCd3mFM2yEiS87jVzQxx ++RxQMUECgYEA6ei27IJMa7SBMmtdfTQgyb9mXVYFTbtTgHbx8KamdjuRmTQNElYu +iphyyOLCuGxoVj4l6zVwashFshPVax7Oi4ndHNVqIx+iIfohvS0Cl7E6X4yTKnBg +XkqbRyxeXCmfZ6BfJhEiH6unapFesoBdBuwctCEaqOreHNZDvzGeQsECgYEAtinH +Fhcm2kOE/AiszEn1Q5IfDWliEs/lbEzqUmn6T295EY0pF9y5UJcplcgZdMJ2K0iE +Pk1eXAYqhlbkp2MjttYvkD9B4CCnTq5BrlMuYFSC9tnyeFKFYc0EaLbGv7MIYFqD +b1MgZp9wLaF7Kl0y/1AZ/Vv4zTLKCoc0toGt51MCgYA5vNDSZoNYnrC5clkcW66w +PgeViHM8sb212yZzYZ97Vc7lwzxqx00rtt+2iIrKHTBQAX04pvM92HujrlOi4nLX +bMtgn6lYTCmoO2bynFakfQHMrhVxh1WyULYthl0wYLHRUXvLGLWUnblwi7uVUiwk +VknriLRc98Sl15nXavcGwQKBgCY7kIBvbYUj5LZtL69U2nhLI99RvfbK0ZEwd4HC +onmnoNZxNS2/8tkaUO0R6V3bLqgY+UCGRoaz+Jrng+gp46YNQEBbNn1O/S6DXl+z +L6miMzaSOdTNJReIyyMbMY2sitaGSM3FuagwUIATQ2F53Ck/66SEeCzBOyyIgiTI +BPLnAoGAQwkswMBqhr1C9QugLS4VrmsIo3EgsGPYFcif4HY1w/m1Dk9nBk3j4nJT +BqrTcYlhgUXngJZTDifL6sOu47PZ0HOdlEEeEwK+hXEriZPnZ7cCKrScrFzQDbwe +st9MAi7rcu8tW64lfglKS5WX0aE8NGZpef5BDvyYTFkkQ24aZn4= -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIIDtTCCAp2gAwIBAgIBATANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER +MIIDxjCCAq6gAwIBAgIBATANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER MA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNV BAoMB01vbmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMg -VGVzdGluZyBDQTAeFw0yNjA2MDcxNDQwNDFaFw00NjA2MDMxNDQwNDFaMHAxCzAJ +VGVzdGluZyBDQTAeFw0yNjA2MDcxNjQ2MzRaFw00NjA2MDMxNjQ2MzRaMHAxCzAJ BgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazEWMBQGA1UEBwwNTmV3IFlvcmsg Q2l0eTEQMA4GA1UECgwHTW9uZ29EQjEQMA4GA1UECwwHRHJpdmVyczESMBAGA1UE -AwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0hBN -fElPk0JZEnSzJHx4bsEgju56r2GmyParCLUR3BvKyqpXrRLx3TacFDDff92ldI8j -ZL/Akh1/VZVJe7gTEGmirUGhjAe3efITE5ORERxA8926NaUxpzta/IZUNIDwDQQY -S/ecYohC4j4qAhWJePKZxeV/HMhNxdp3/9TcnpTBglcattVYwXvZc3Y5nwiScmTu -isqw6ngpRRRnt+AVcpr3cffCAs8NKwOgf7ed//p6zkP25uoaWuwNS8Gyid5P0HaN -xiRjb9mq7D9dL3DxhR4oeCmyX06/rjDp5KsRcSkQvg5LiSahW9kEA6zYNd2P2Exb -ZOwVsCokibWSjF8nvwIDAQABo1EwTzAsBgNVHREEJTAjgglsb2NhbGhvc3SHBH8A -AAGHEAAAAAAAAAAAAAAAAAAAAAEwHwYDVR0jBBgwFoAU+A496TQtmVifKtbFsH5I -+B9N6ZowDQYJKoZIhvcNAQELBQADggEBABHkqK0cIV7/Q7PCk/i10vVoMruirXQf -5Xw/7XViDugKsfcH9Oavl4Kdi+C0Sigvgjrp8JY13kRsbphwOH6w3Be5HCFK+Wmi -tbktvoB0yMHa7WO0y4bJtOL7ofWwKgjye57NeFM/fmosOPn6mqzm+MYg4V+qEim2 -dQ0iTztt0C/EibQZgO/aqylDYu8fWBMa84To0Pk8jD2fpNF8Ji11564mie3DUtcU -fZCNsZhWOoUNnfrhpmyixabA1f+WHwhPsqikRlo4Rpa/nrJVujlk3PO+7zgH1UCA -WKX9A3R8KlhbPDd94zZf5+gpm39vxo82Lfvc6HunRtcBjE7HdF0tCcg= +AwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApnGe +OYXcLNRyDN6Mg6CZYCjemex7Oc3s1SFrBAWCg1fZ9crdAGka73j2RQyQlRyJv9kM +LgNtc5xzTKsFde50h87ZvPe470TYe4TR2MdkNV4TKy/qSZeRqcoMOgvxitvaR0s8 +0avi+QQzyGl0Pb+hQfL+SMbLdFXEZ3Sfb29001bG1NnQKpT6rry3xpHTlBun+Hk4 +DcLa/3dwVSRLW8Yweh6cN25Z7ywZjHlSf6rnul2ivP/PW7hKGKde/bssNwJyt5fH +uKa9lxc2GkrPlRf03jiBLjF0CUeIvkaZuzRBe5Etnlf/5SmSwsjtsW7swcRUm0Bk +QWmlvlP6qG2PQfjLkwIDAQABo2IwYDAsBgNVHREEJTAjgglsb2NhbGhvc3SHBH8A +AAGHEAAAAAAAAAAAAAAAAAAAAAEwHwYDVR0jBBgwFoAUu4w3IJMJ+m356S6yIsSv +aiYwZ+EwDwYJKwYBBQUHMAEFBAIFADANBgkqhkiG9w0BAQsFAAOCAQEAG0Bxa8TG +CGGOh56knXFYef+k1c1SYr8sjq/XpcYgbG5uuoe8jjxq7ZJF2arKOIINodGTW4+/ +aRliIDa70NL/10rK2x2YVj0M232tTBi/GRuL6MTHAc1zCuYsPco6n37bmXgfVJFH +eThrXCj5UU/rZzf1RQ9YCtxzgPF+gUuY5wMkBdwAjgw4N5KoplU4CYR7LDqHbfmn +a4+I1jiDeMxsptwOmqWhpwpDAUVpfE3zmCIjydFLSmpO5KJMyaf1xqqNAqS1IUVw +fyEogCV0U6SGL9vYdk81PRGaH2FDkpIyKJOfgPkNx4SUxUTn16xS0wlrTauaMotW +q0znO+NPLt8XnA== -----END CERTIFICATE----- diff --git a/test/certificates/trusted-ca.pem b/test/certificates/trusted-ca.pem index 27d32a5db4..794d12f28c 100644 --- a/test/certificates/trusted-ca.pem +++ b/test/certificates/trusted-ca.pem @@ -1,21 +1,21 @@ -----BEGIN CERTIFICATE----- -MIIDhDCCAmygAwIBAgICAMgwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMx +MIIDhzCCAm+gAwIBAgICAMgwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMx ETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1OZXcgWW9yayBDaXR5MRAwDgYD VQQKDAdNb25nb0RCMQ8wDQYDVQQLDAZLZXJuZWwxHzAdBgNVBAMMFlRydXN0ZWQg -S2VybmVsIFRlc3QgQ0EwHhcNMjYwNjA3MTQ0MDQxWhcNNDYwNjAzMTQ0MDQxWjB8 +S2VybmVsIFRlc3QgQ0EwHhcNMjYwNjA3MTY0NjM0WhcNNDYwNjAzMTY0NjM0WjB8 MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZ b3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxDzANBgNVBAsMBktlcm5lbDEfMB0G A1UEAwwWVHJ1c3RlZCBLZXJuZWwgVGVzdCBDQTCCASIwDQYJKoZIhvcNAQEBBQAD -ggEPADCCAQoCggEBAKiEqyUOFwSIyN1n65k1/gZmo1aUPnTsCYrwrjP2Z6EazrQP -tKtneZmhqPxEDYtHHtO8KmDt5IXf3bxTQowKVTDuBG7FiwhYN8PmtLRZiWuoq7Ng -uDLFml+psm5zn1exD2/XWpPjaMz/+PepLyUyyovz6G0cUefBBXwMO+YvoBfHIOco -TCF/SSIU4BLCGfzp1E5URwx43etGvqE/4UCGI+TR/tKOsuIPX4gKqX3tWGs5qZAg -NkohTDoRA3lQHDmlopcK+05K9hEvtfDzOavFt5doHEaQlPseUSLjxQpIgK+iaTFt -or62TLF26fMxzQt1h/pRJrLm5rOmA9BxGlI7BAECAwEAAaMQMA4wDAYDVR0TBAUw -AwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAA0dyoOr6z59yoIOvrV2D9EMQcgJJEK6+ -kwsINMPWrJYFATZXwbvg/VJeGMNlw/h6wkDf6pxeRA7E6lELmz3ins3xBsMm8H5D -u8APws9dhy5WjBjBCwSJ6uJpOkQfoREz0ZD+H5ZASmMyFsbI68j8DmW/2+Sfneea -+SVKZNJddaCLajF3kU46iHWLUXHA0zfEeoGPDkSXce+056wth0CQlymVWXrr5KJl -7ZTi31PIhhIRaooclQD5evFgopPf5SEjY2bzJ+LUa3V+9781R4QkQ2YCBJYTInRt -Ol55BOwpQjDajgUnfxyO/oMPbcoQ60zwuwK2hzfwO2b6atfqV044eg== +ggEPADCCAQoCggEBALfSG9E11bX9gzMVmppmg9qNkuz5HpK78xaT4IAoSMtPXPXS +38Eh/DYfMWAggWZwJj+14C8CbGegERRWMJTA9DVetBr2VvF5CdaMkSqygdOCwm6r +zF8Dv8wcUCGf3DEU5PizCvbPBwROeSAh7ShjSUm81kA7gXeQGxF78JwpsWwJ1T5l +bgvWSlCf6x8wg1d4zzK99YRpPlHzDwg2QHbEw+d42jXAOEvmW2K9QcZPuywCDfwR +i8o6Gprowo/O7QUt2+zf3e4nbBA85cERUM3IIEjLFfnQO+sKJCECS66pwucrSg91 +m6+nXKfQi6rLizOd8zpqHEv2vIj+DVB85mTwF48CAwEAAaMTMBEwDwYDVR0TAQH/ +BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAkpVLHfsziEh+BXGZ6hhV8ilQ7LQD +bR8CS9haRPTqA/i9V3R/qykN0ORUGer+3su5te5r3g1auPL5siFCdpUDpi3i83EQ +qkGNQ1bMEwRTUil94CWHpSkz+MhCoU2SMK3MBkqxq/INJB+NUb9VCFdWA3WSPdHi +CVLYu5xftZ5Q69ikViJABrdyoyv0+Xy9hqGm7QTJBP0Bw+HjVVJUK/7Vv2MgXdUC +27bPCC8p/EI8fpDURikjYHRi43nw394WkYzQHBlLCC4hYtuh39+Q+C3gj1tEhLub +KVKGkx4rC4/pxYXhUx/E83jh8VCMo0X8z0PlJwtIv1bkBRzds2VX2m+7LQ== -----END CERTIFICATE----- diff --git a/test/certificates/wrong-host.pem b/test/certificates/wrong-host.pem index 6da8cb6e26..785af3e2f4 100644 --- a/test/certificates/wrong-host.pem +++ b/test/certificates/wrong-host.pem @@ -1,49 +1,49 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAmZdTypo3siRWms5U4cnrQFI5r9sVyndKw8pzMYCy5lhKxadg -vAwQF/6QAnjRvgifjxJOTTXPKSN9aAbpPkn6OEibtffcHtKALmvPNs65b1fE7meL -1MS1PPSi/ymrGdAJQab5wTZ08Fc9BQ2+hFXWBPU1XvJfYqjjKgnezhm3alv0CDxy -e9geIkEwxb4IBxLF4OI07X/6YmORwRZOn98NqqcKXFLhS3B+elJABrSU/td04B6e -RAs1ostFBDm3MDBrS7rs1BFuSKF/g7AWD7yxAffO/MOmHSDiNlcnPnMbSihbRBmz -kGYT77l2NnMPHimCcCueUt44ijDAQVlIKMgJMwIDAQABAoIBAEodA4nYMNf9QO0i -c0MgtCwtgTiidzljpugjYMKaX7lXEX2e7sbO61UouUT4F/2jG5tmMfJ/7J7lSTZR -X2t3Nw7BuqFsIQOef8vmqe7AgiqAJ78CqC7bXLk1MxH9gVrLUCwl7o6VQIhZEFDH -+Q7SfJuX11Ehk3WAGV3HtYOuVRs01IGy0Aj19+wv+dQuoxF/2DjwHbJzZjqVooqA -8jDZI3HfVZmtiOpOmi6InEIP1ANzKtzT01s7SwP8S58Ba7OX+BHRe0OkN2atK+P5 -PM9iT5mSpHbGfNPnjy1HvGd/Ndu0SryCmiD9BkelSL96JcTBkU7r3XzzIaoKHSwX -mBNmCcECgYEAyRXRN3lqAV7pvxsmjTCIalXyHOEmOHxzlWxL4i01lEN/tZte+qJu -FEN8fdBoTp7/BYgtbB+uDrkxwVB/L8wxugANeDMXvTvAFOB3DZJn9olEFoIsljmM -jkmZ9KJeVixnZMOg/38UBWu7Vq/XKgRWpcgEsCeCOIjq3mZgk+n3NQcCgYEAw4kf -gsyAG9bFS2x7ccU5x/I6lH98l+J5TViVWK5oztzuaRSZNvcM3q10VekBTByQwhup -DPoV/nFYG+2mG3VSNFt3d/R015/Z0ZkksR89jV3O3xCeBu6/XnEN8OIwHtnugKFk -P/yrLHZMnDeDLbTudzy8jqPwcX0x4KOxHAhui3UCgYEAiTQuvehFMUw+t5vh8SJ1 -YgDko1nox0/7WbA8EsaAMXrg79xksSUVcRQfJIWINmT8YxzoyUbQb9FjJqEzNzzf -jScuCZ7rCr5zMIt8EDGeaDR+1dDadWItCoUj3CzRq4C+x51IBC0ETzKT7/EpIc02 -BgX1VPCQRNz/TOKT8TkJ6Q8CgYBpFECF1wYlb8Z44OR54GZLyCWo9dXr/X34jdk8 -XgXe3SWV/MbVnfAhno89N8lFsLguSBUR7zdwlFKoN48jhGnXzyuloA5GbhXtKGJq -eQJn/PiWMWTrDtRymUjHoZYAjlc4cwLfzBXk//HtpXtuTaQ1GcOu1/T32DK8qNsd -2H4nnQKBgQDI+5gky0GJX/USYR8aHqvJDuKOUsRvmhtfoH3Yx1BLj+3UX6m8dKnz -3mbfUreuJe96kw2tboNvkLVk2yyRq+xUveCFsBycF7URK4db28uj+cwY7j0CSRMA -fPBqnukm4HzsUTXlUmMFTt5OvjYalZkVfvhUMk6b/Upy9/Dekqg3oQ== +MIIEpAIBAAKCAQEAthxinLqUjedrn5/5rQ//P1GoKVssNg28mEXDLAWNISM57PF9 +f1mZZVeD86DuGuCN77caUhN62sjWVX+ipexn2Lwaq0tpiXGWK3BwdJFfeqxxO8mp +sKMFZmgl4rAjIzGxPM3Ql/qchX4iwn8nVWB+Fm4U+N+pIR0Lhx9sRe9ysGvhLPXa +bPWqWhzkp3/hdt6JALxYrhHkIFhXkDq8rU+K97SpXrg72hNlQA+p+LZVu1WvDUcR +VefaTvq5an9HN0ItO3eQc5jO6Gsezvhvuwkg6vGCYQ6gkp1nW0uTeI0Wcs1PVUC1 +U1l6GzI6huhdOKSgukUXL84yrfy8fy0AbSGHrQIDAQABAoIBAFeTkfa2IW+WjWKf +v6WyzjiIj9qHjlzWQU5nKiM27jYz5wzj20rNb1/VdM7KIwdI2ukfQGidFpU1RSGr +ti+d3xjS6O5cXz3qImH0ehgMuwJXAENUySZ5V0T2q9V2iAdKQ+YuQfR8YB4wWQ34 +sRU1SJ2Hxc0jXgXfHmaWPW7qZlihTl3lMexkkezezd2DtM7m6GlUip3oqLW2QS1t +wQU8bU+Cdvl6d3+xqS25W5ASd9Okz7ql7ytFLpM/A2EoWRYJxYrGVwgOCqUrH3N2 +AjXfPEQT/ZCspFzCrZ0eKr6EzZoz0V6cPAdrB/QNCtnO2qOy78OIx/eb5LzFMUxC +axJoxd8CgYEA/F5+b1LSXl5JijDZxKj0usRcoAAHCdwJpZtLb7RmYuOBh8daStDr +OPDQWeD+R80D9CRVa9NBzLp537G2dGULHyfUPH1cOeaPf1Dn1tRSpN82o/IfsPN7 +tQtOu0TIlTNl1lbcOiJ98Y87qlATKMFAUYnSnLsZRbZnTCZx5L6bvCMCgYEAuLsf +J3nBMBpYSserICylnedWYn+DXlsLD+gmcCwXruRxp/MmdJLt5tMZZtlbQMhJmrdA +dn2CF0ZwacG4wC85vB405aCr1VmJWdn+gKO8wAfQDkya4bhow2iMbEtX61OPt1L2 +If97qW9b5jTo/xRNUoL9cBvBgDoQlkWi/CioQe8CgYBTLFVhHRul7E8yUx1COijF +8PdR6BBpyHIJeV/oRb1EtBQ5ipMQe0A6uOsB5CwJv+CgsuTQL4TNE1wdRDWMsMx0 +jSzebrZZgsoiPKjb3YgLPGGGsMKPD//iUAK3p1iwC4txk5jrM/jsBre0TsWxtdcb +yF94NhWDKzVqHHWG3Ob4nwKBgQCNx3f6uTSvcZjQE/zf3cRis5mWUV2G/oM3+yn9 +L6ohnc0pZLHgCKC0ZtJ5IFssFkx/hSPhjSRaLsK6OGdOgTBjlB9vGein/2cuYeQ1 +4PVNwPFK+DprATjOuSAFQbJBt8l2nyKvJ0FG4mP7BCLLG07ZBBX1hCf3/Rib7OhR +dfblWwKBgQCtSs3ADkNpXzxh8XufKVDWKuTmBsH15HPPk7coem4K0FwiIZ8ZwE37 +tTtqOHx/wsSqGs6CFr0UW3iS9uRjKrEUCtVWxl/nJGYQYDN+H1Iac8FEEqD2d+5c +VKpULLKMZjfISMhV/QOQMp17wcRFZ5i3QPq6faQA78ogNxuaBAQvLQ== -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDtTCCAp2gAwIBAgIBAzANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER MA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNV BAoMB01vbmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMg -VGVzdGluZyBDQTAeFw0yNjA2MDcxNDQwNDFaFw00NjA2MDMxNDQwNDFaMHwxCzAJ +VGVzdGluZyBDQTAeFw0yNjA2MDcxNjQ2MzRaFw00NjA2MDMxNjQ2MzRaMHwxCzAJ BgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazEWMBQGA1UEBwwNTmV3IFlvcmsg Q2l0eTEQMA4GA1UECgwHTW9uZ29EQjEQMA4GA1UECwwHRHJpdmVyczEeMBwGA1UE AwwVd3Jvbmdob3N0LmV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEAmZdTypo3siRWms5U4cnrQFI5r9sVyndKw8pzMYCy5lhKxadgvAwQ -F/6QAnjRvgifjxJOTTXPKSN9aAbpPkn6OEibtffcHtKALmvPNs65b1fE7meL1MS1 -PPSi/ymrGdAJQab5wTZ08Fc9BQ2+hFXWBPU1XvJfYqjjKgnezhm3alv0CDxye9ge -IkEwxb4IBxLF4OI07X/6YmORwRZOn98NqqcKXFLhS3B+elJABrSU/td04B6eRAs1 -ostFBDm3MDBrS7rs1BFuSKF/g7AWD7yxAffO/MOmHSDiNlcnPnMbSihbRBmzkGYT -77l2NnMPHimCcCueUt44ijDAQVlIKMgJMwIDAQABo0UwQzAgBgNVHREEGTAXghV3 -cm9uZ2hvc3QuZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAU+A496TQtmVifKtbFsH5I -+B9N6ZowDQYJKoZIhvcNAQELBQADggEBAKyB6OAeBsZ+4h2KUfSHAi6r6eLNquu4 -qUx2fF7CeTQjTNbcV8WyL9LsXt2afTGbyiBVUWJivD735egaumA9pyk8OdcIi9rN -M+RyLroH9o3p2dwbjOQOMUoNVnxySZuzEEOdRj0vrTZciOvokSzRmNyp94YXZZbT -/xEAWI629PsChzBFWbBJ5ZgOgD4Yh7jw0AVuskM7gSUf5CqJUpetDDXR8nRxIXKx -HZ5ug+ph+93mBwIO+XPhk4hdVRNvEGmnqq0gBk2PYp+WacRWZkGmqVHvSAtxYCUp -moylFFxGxn0Jhm5iosJASJArcxg0a8bt9/d83IVl7n15/QUa0F2myrs= +MIIBCgKCAQEAthxinLqUjedrn5/5rQ//P1GoKVssNg28mEXDLAWNISM57PF9f1mZ +ZVeD86DuGuCN77caUhN62sjWVX+ipexn2Lwaq0tpiXGWK3BwdJFfeqxxO8mpsKMF +Zmgl4rAjIzGxPM3Ql/qchX4iwn8nVWB+Fm4U+N+pIR0Lhx9sRe9ysGvhLPXabPWq +Whzkp3/hdt6JALxYrhHkIFhXkDq8rU+K97SpXrg72hNlQA+p+LZVu1WvDUcRVefa +Tvq5an9HN0ItO3eQc5jO6Gsezvhvuwkg6vGCYQ6gkp1nW0uTeI0Wcs1PVUC1U1l6 +GzI6huhdOKSgukUXL84yrfy8fy0AbSGHrQIDAQABo0UwQzAgBgNVHREEGTAXghV3 +cm9uZ2hvc3QuZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUu4w3IJMJ+m356S6yIsSv +aiYwZ+EwDQYJKoZIhvcNAQELBQADggEBAHwgMdOsr7myp2O5P2pHLPiUur75H/vK +P/l3asgejFngVDecpJfMVOhNbqeAI7KY8l3fqklRSJXWQ6cfBnXJSoBO5TKF2kSq +DXYfuVHX+Yw7DZvIZ2Kt7ffKR4ljUPqXB1lrKOiTBNs6S++Zzv9rxDJUd/91gcRz +sDZwx/ZHvXyksZC3B8ssA/V1qsKBv/apLE/VM7yTO0FyHhw75OvodZmhxVTuGsn1 ++aQ1xxxBbN3UBA9TPGVSNADGJ7B269jnfNeeRKRDnBxN07iFfc031yDEbvdFr/6K +egMB6Tv0CkupJ9YwTgp63MXW6Z6RebU8TRKggHuFzYUDMKVZrMTpUOs= -----END CERTIFICATE----- From c3fe1b6e16989041bf507bece2e077f36b169c87 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Mon, 8 Jun 2026 13:55:06 -0500 Subject: [PATCH 13/28] PYTHON-5040 Switch AKI to issuer form and add CA keyUsage MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Use the issuer form of AKI (DirName + serial, no keyid) on leaf certs. The keyid form was enabling macOS SecTrust keyid-based chain verification, which triggered hard-fail OCSP (CSSMERR_TP_CERT_SUSPENDED) because the test certs have no OCSP URL. The issuer form satisfies Python 3.13 / OpenSSL 3.x's AKI requirement without providing a keyid, so macOS uses name-based chain matching and does not attempt OCSP. This matches the approach used by MongoDB's own jstests/libs server certs. Also add critical keyUsage (keyCertSign, cRLSign) to the CA cert, which Python 3.13 on Windows (OpenSSL 3.x) now requires on CA certs. Also remove OCSPNoCheck from leaf certs — macOS ignores it on non-OCSP- responder certs, and it added unnecessary complexity. --- test/certificates/ca.pem | 29 ++++---- test/certificates/client.pem | 84 ++++++++++++----------- test/certificates/crl.pem | 14 ++-- test/certificates/expired.pem | 83 ++++++++++++----------- test/certificates/gen-certs.py | 78 +++++++++++++++------ test/certificates/gen-certs.sh | 4 +- test/certificates/password_protected.pem | 86 ++++++++++++------------ test/certificates/server.pem | 86 ++++++++++++------------ test/certificates/trusted-ca.pem | 29 ++++---- test/certificates/wrong-host.pem | 83 ++++++++++++----------- 10 files changed, 312 insertions(+), 264 deletions(-) diff --git a/test/certificates/ca.pem b/test/certificates/ca.pem index 076c0bc330..b895b13102 100644 --- a/test/certificates/ca.pem +++ b/test/certificates/ca.pem @@ -1,21 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIDgDCCAmigAwIBAgIBZDANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER +MIIDkDCCAnigAwIBAgIBZDANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER MA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNV BAoMB01vbmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMg -VGVzdGluZyBDQTAeFw0yNjA2MDcxNjQ2MzRaFw00NjA2MDMxNjQ2MzRaMHkxCzAJ +VGVzdGluZyBDQTAeFw0yNjA2MDcxODUzMjBaFw00NjA2MDMxODUzMjBaMHkxCzAJ BgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazEWMBQGA1UEBwwNTmV3IFlvcmsg Q2l0eTEQMA4GA1UECgwHTW9uZ29EQjEQMA4GA1UECwwHRHJpdmVyczEbMBkGA1UE AwwSRHJpdmVycyBUZXN0aW5nIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB -CgKCAQEAtivC7IhVZ8tIMg+A0PPooBvh46mHE1wv4UOxbGQ8pTYl0IKQPiDQoKB4 -ZAXPRsImlWP0eXE+Fm5M/Xy5/kcQ378KjEVD+bDW8uO7WIo0pBr9ikZrXb7NzY6G -zJ86+xxKK2gsRDlz9oR4KhKkEtn/refCBbyyBknVkut4aIkEVhRgUkcz0TpaBb49 -UZtk03muOINZHEmxQG+0EHm2MSebuBDRIMWmpJm0UGgAacx7IkV5B1TKPmTh4xk5 -go4O4y0JnF5JN3mvwShUX0tPG4XXSb/52PcZRV7wrMLQpf8ANfd2ADuClAYLncJR -PHIJ5PoBFa9KTrUc6KwoLutGeNDP0wIDAQABoxMwETAPBgNVHRMBAf8EBTADAQH/ -MA0GCSqGSIb3DQEBCwUAA4IBAQBdOjwb+/O7c8C8r7ZIpe8ycaElrTlX6z0qWLgx -PSuz9twGfxHFcw28r61dMSsojFxVFoUpVxrcbCnFIk7oyiGNTX8MlShVtWswDlmp -Ch6PcB6UxqYhimCCLJG1m1Lcu8oKvj3Ujx8Yjc69S1sphpb3aMn8mBxYd05VMPcH -WLY2i+BByRA+t1+sEROo5I1zzMVHeqsUC1ajUH4Jq5CXl07fZAzrA6jVq7N4KS7v -XeNfhUt0x0xF4oeYBIFTdJJTn7Quy6zgtC4GFdQmS1QtyPmfU5Hasqbn/1ZCEKE6 -IRbWJMZIfc7JDScu2RXSsd8CPeWrCA+AhpzOlRLW/VmiMvrB +CgKCAQEAstE5hAPpY4cVlDdQEx6L4Hg4ZTFFrovlB1f5I7lyZxplyOCU+jLRvdyj +pta346xDEBZRKHenFEWtkUZwEklXv3ZxHGANxnz5POiyPQvkJXXfE431Umtnl/T3 +/zDjTqspTQTbvdvW1+Qiy6rIjZUGUqYuzwe9P+YVH4tBL7yIOWbm8vTnu5xLXp0o +Ww707dIxIEIp7hD5P+At86oFk6dy6GhEkNiall6rNXg9gsCrF2kF0eH24/URm0F/ +mS2c7S2TIlZD0llD6MYtmo/KWLpLZLBSzLO6/F+t5r9nfXSJhXWcIWVs2o0T2sLh +XIJFKJsXwykZ3WaAj+WdoBYCueiyuwIDAQABoyMwITAPBgNVHRMBAf8EBTADAQH/ +MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAdEL/OI5F5ddSoywA +P6Rt/fNPj+skMI7IfUia7Mf26KXR6WnLXCBidhGRdoVyzsXC6KvGAMQ0zY8fOQVe +T3/a7JqvwqcmSURGgNKFVZg8rgdcbhAnORmMePLpmXK4E8NifBZcNbhLiEVR2/XK +AGt/yTAg0RS+H/1Hg+7Mj8jLm1/7aQFki/s7ip4XyFDj4nMBKnTXB8XLp6BAYGBs +8sCuosOecDKUjdrKVRl/p/vurwwyQHX8mLi3rNSSVYwE432MKs4aFhe5TxxNhWPv +PxlJ9T6pioqDPmTbAvFTBgg5WgqTrlkm/wxJ51YO9OzrEZ+aACb3454Jv8Tw+x5q +fAvsug== -----END CERTIFICATE----- diff --git a/test/certificates/client.pem b/test/certificates/client.pem index 4971d523ab..e3198e3365 100644 --- a/test/certificates/client.pem +++ b/test/certificates/client.pem @@ -1,49 +1,51 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAttV0C2SQIDO2jVeWSmp64eI5YFjDpIrSMiRx64sBBHna/jv5 -GutSJHBszK7y+UEfC36GrPzyOLLnMileyzvxTiOkf9GlwAtUiFfyliRBUQK796Cd -HOt46Na7p5c3L1zuYaci/pCRy6tGD+F8td8if6ywVUbfLjNW4x/yIzvh0XKuoP2r -fs2nfky6dMhc6E4KoudXez0xGlze9mVpNwYl9euIS7QnQ1m9L66F5gy6t2+SEmGM -yTYBcNHKZ2d/AJcN97ZQeYSiUcWOJMvwEr+ZXhoqAPmwT0x5kB01VPmbOFUTNYND -fK2uTAooVXQHvGJTDf5UEZrWTjcb6/ktakJPqwIDAQABAoIBAFUrq2LRRmiR3oUK -W7svzi2ixmqw/vaMKq3sF1uMBf3RTChpxLn7DGloK+7PwuVFJlKi7tbwAGBUSuot -pniTZG4roWpfvdBwFsFrAtlZa0nzNZ/95KK/uLPysDk6cp0wM+Yux1kB/MD9eOZV -+tP4bag/SGd5W+c4SE4GqDQspZ38/jy3rhKzfFvASE2Ve0jYEPfY0xqO3aQ1O+42 -UzBcQe6Lq8nbEh1MPbjCZSh/Ky90uAVEcI1hHLFtAq/WlgH7+kaarJwg/Dngh40q -g61YABgtmYsiyGritoHgQ+G9VphkZz4g1HH7CUQIyMmQPVmudVBCHlZNvD/jfgq8 -zEMrSYUCgYEA4tVMtyUUtHeAeTGDxBAYsSqXwsYxQqe77ZzANQa+ViawnLKgElVJ -bGPQB0j2e3ngQlx4nKev70gwzOhvG34z3YAMP8mTCaWjlsZMljxqJ8FxmrN9/kKX -WRrvzeyfUml6cOUifsy4eu7W8P3l0hd/I5giYSBohdEuoEdqCLhCg38CgYEAzlfR -t74G/blokMG/+ty3fc3o+nbWCYgiR/rAJZJHxHLy3ugS2oKreCC07Mw8IWRPKe0o -MbwwlgfCxykI/AzuFxWYFdIc+IFcdF8wTtMFI1MydXpiR3QxqqjqsTgve5zhtLgy -OZOF95awgdJiNU8w4ki/JQL7MWcnXeKyIH+smdUCgYEAy6oObmZp17twa+CMWY7G -TNRcXLKM6jcmYisa3MGIRlwIuTkcxjkzapGX5+KYBLeiJpNWa/mX2vVrc5/CmuHO -ebONy/wV/FRvtGGpxD7MZZOnh+pfVtq9f3DTHYa2ak1wdUsWlNkFTsOB0/Fz1xXn -vrLLM3/guT3famOUje27MssCgYAVbCClxuDK7rjgbn0T+l5CfWI2vqeyDaQhfPL9 -85Xn21dDtSxf6zkKG7ss6ndDsDpXy/tkTnls2hlqu+Pm5yDA3MkRWuMPGb8Thd5q -EJZz+GtArxgM+w88/JSBGag0WTFFpenw+FPsRITGtaTki/gzRgIyQYD6vA7mPGbp -4Nd2kQKBgFGftdMlOReVYotXikYVwyGYm3zCernrZcJkk8nz1sfA5dtWfveKwhYM -c5LiRvy3Kq57E2GQlOX8jkNzLG8lBmDdp7XwNeZQkiMBUUuNBwigufdSY7Gs1lSF -R1/Bju01Sonoct4PSATZ92HAIlb4jLkE4YwzTtdIjVzCdjSag90U +MIIEowIBAAKCAQEAhox4m8i+hLbia83C39Bvsw6MRIK/D8u0+rPRm9Cmh9Aonf2K +z223wYHs6OhipcowMgkGlTSztuVvVSpSISNyy4RVPKukUV5M3II7aH2+p4H6HFWG +yHvLHIWCDc0vawADtCwCcBoQjJ8gGaYdpBcDQBrIJPtWz/9QYcc2e1Kr+ka/2Lh/ +Dd6JjFqVmSWzHTRUJPN9J9DEsUgpZuRldEGBZmmSzvj2HwoOK2tgMMv2zmykuLIK +mPEO+wgcxQMC/uNIBdQGLsiHrmMkXIE7Ay/X1qR8P3HOhyePyM2MbZnkfbLpIwcc +93EIgK1z4JQn7EO8h7LTMRUqs7I8kv08u1zMawIDAQABAoIBAAOVAOBjo/ARzv7n +bwBFe47h4adYDP01SDwHgYbGboOigWEXGO2Ufqnk9P9lJ9AZ0hFsyyqv5oDxuABM +560ApCKDjRgmtpkKvOR+6KPVhS4KAiCfSpd6RDyn2AnFGlz/W5AKF5mZqUY1IgEv +RFznr1KfRl726M7C8/KVOrEDqaqa+lIg8Zvn+fsy6AIvfa3KGQliwpJ898f5Z7Fj +RpjL73biGu2JpHEBVl7OUYNIFehhzERbbmrb+R9Xc6KBwVb2Eukq35M7qtju6MY3 +uNStq8kmfLEI8vrcNg5EgHM2NW/AT341ux9zP9phk4hPP9wXrn3NOUF67c2tjZxF +NZRm8NECgYEAuZlZorjrDAVDKGrwpXs1sa3OK5XCCXQ9Plb8gadxl+PQFid/qIOE +7Ddgz2HUVorMgZ5A8oZ4uGviTdyZbS5VsxF00OjjM8ayTIDK9C3OhkmhqTj6Rf42 +XCDaoemueH/m4ynr47FPzqEXM24AbQBnQFiqLjzVAtK1IHeOSF9wj8cCgYEAuZXd +fQRWD3hVgW0fslFfzYrtTHdr0/P7Agm20YckQGiona+J/NYycv3lF8koQRh8lGtd +bqRY1DXmde5qgrnFzqwOpiraB4r5Y/YYP17vE47MplsT9jjtRm8p7xgx71lvZ4wg +BE1vF5gXfqFYrVDrhfdGc7Wg8N6q9VSDVlw1Jj0CgYB7JrQBcy4TldJQGVWAmFay +hR9OcFqGJ2kT2mhGJ7MKFBHZAXCFgm9Kxhwov0NEAWldgIKb6npj9MH+5Cex+JLI +9QZMMJvBmVBpzvPcPiDRnj30qWf31YyAaRRpZ0NrlYLArOpm9Rp9gwqAB7eknCXm +3m5dq+OzsdiZqHryrtFjtQKBgCZDR88mvbeiz75HiWlybZYrNpG1bX3dp7rb1d2N +R2QgL+OS9ZgzcWNUBY/J4YrKSaUwHataJxZZppJZ/YvGUYoy3zJTU3CKrrB1ZLps +EE6v+nGyBYOWaRVEhhjNnD4E6nsm4NMCRA1RRkbNbUMOlACi4tuobu46enTqX8nG +aQ7hAoGBAI2EkcAymqZg2+sfVMIYfdPmM3p6D7jWKRn6dnSU2H//eLRjRZX2I7Sh +V6hOYjdZm2HhtodePXu9IceZqgXyMdEB9TgaBAvJnEvUE1xHRCJK8RL22vDoeW77 +Ig/BNEmsh2SgWFEo7Q0ZImObOcqbP9YLNZRjLeI0+aeoti8olTjt -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIIDszCCApugAwIBAgIBAjANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER +MIIEEzCCAvugAwIBAgIBAjANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER MA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNV BAoMB01vbmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMg -VGVzdGluZyBDQTAeFw0yNjA2MDcxNjQ2MzRaFw00NjA2MDMxNjQ2MzRaMGkxDzAN +VGVzdGluZyBDQTAeFw0yNjA2MDcxODUzMjBaFw00NjA2MDMxODUzMjBaMGkxDzAN BgNVBAMMBmNsaWVudDEQMA4GA1UECwwHRHJpdmVyczEMMAoGA1UECgwDTURCMRYw FAYDVQQHDA1OZXcgWW9yayBDaXR5MREwDwYDVQQIDAhOZXcgWW9yazELMAkGA1UE -BhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC21XQLZJAgM7aN -V5ZKanrh4jlgWMOkitIyJHHriwEEedr+O/ka61IkcGzMrvL5QR8Lfoas/PI4sucy -KV7LO/FOI6R/0aXAC1SIV/KWJEFRArv3oJ0c63jo1runlzcvXO5hpyL+kJHLq0YP -4Xy13yJ/rLBVRt8uM1bjH/IjO+HRcq6g/at+zad+TLp0yFzoTgqi51d7PTEaXN72 -ZWk3BiX164hLtCdDWb0vroXmDLq3b5ISYYzJNgFw0cpnZ38Alw33tlB5hKJRxY4k -y/ASv5leGioA+bBPTHmQHTVU+Zs4VRM1g0N8ra5MCihVdAe8YlMN/lQRmtZONxvr -+S1qQk+rAgMBAAGjVjBUMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcD -AjAfBgNVHSMEGDAWgBS7jDcgkwn6bfnpLrIixK9qJjBn4TAPBgkrBgEFBQcwAQUE -AgUAMA0GCSqGSIb3DQEBCwUAA4IBAQAsOBKVk0iB8MBN8/1mnzrlVZ0Md7VEid27 -fgK1b7xv37PlahEOe0tWxutX4iLneZS+XfWCpvok2UjqJi9di3bWeAckoNNo7GoZ -tu1uom6ne52nQIn7g5VNjOZk66NyAyvlPr+2SMu40GxnOe8OihpNk0aqT4x/Ux54 -/9pLbBd8oHru5Acqwnez3mzSr/wj8l88lpdwFmAx8xvtEzOGn0vOZA1YXHS1lzOZ -jecVNu5q94kXf+3zyVyzE2IgHd+K4Sx7hGuFN2PB05acFV36ZjmdSWFtBxmFV3/8 -rt/0ztRoJyBoX1oSCYIuPtwiYSV0JnaM23YJzPdztv/JnB43Qh3O +BhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCGjHibyL6EtuJr +zcLf0G+zDoxEgr8Py7T6s9Gb0KaH0Cid/YrPbbfBgezo6GKlyjAyCQaVNLO25W9V +KlIhI3LLhFU8q6RRXkzcgjtofb6ngfocVYbIe8schYINzS9rAAO0LAJwGhCMnyAZ +ph2kFwNAGsgk+1bP/1BhxzZ7Uqv6Rr/YuH8N3omMWpWZJbMdNFQk830n0MSxSClm +5GV0QYFmaZLO+PYfCg4ra2Awy/bObKS4sgqY8Q77CBzFAwL+40gF1AYuyIeuYyRc +gTsDL9fWpHw/cc6HJ4/IzYxtmeR9sukjBxz3cQiArXPglCfsQ7yHstMxFSqzsjyS +/Ty7XMxrAgMBAAGjgbUwgbIwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUF +BwMCMIGNBgNVHSMEgYUwgYKhfaR7MHkxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhO +ZXcgWW9yazEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTEQMA4GA1UECgwHTW9uZ29E +QjEQMA4GA1UECwwHRHJpdmVyczEbMBkGA1UEAwwSRHJpdmVycyBUZXN0aW5nIENB +ggFkMA0GCSqGSIb3DQEBCwUAA4IBAQCi1zSezWD8IpIjzj+I6hlXIRbV5twftNkd +nA86NaYfx+k1khoOV99gjALYff4IzCZoDZ027VeqL1mQblh4OM2o7Iirns4G21ka +bpSbjgKs3PbijcWHgWpjnWHL1osQsP/WApaZQbNIyh29F0qDmKm5fgn7eHqX4oTV +DTHzOd+tTVTkM1UHzJnYf1+1IdFwzyTVz2RT5uakuHwpJRTQhQBAdahOZPxFUURN +x7N9s/T7UnAmKHCzl7QFxfN/BsjPb8RxgRP5Rl+lU/WF+MIeK2QiJ7d2jRa9Eewn +v+8kv+HCaER3D5KpjFzM5IFofUF58J7RCZQYf71gK9kqgcIq4jpX -----END CERTIFICATE----- diff --git a/test/certificates/crl.pem b/test/certificates/crl.pem index d1a95df0de..ec5de0bd5f 100644 --- a/test/certificates/crl.pem +++ b/test/certificates/crl.pem @@ -2,11 +2,11 @@ MIIB2DCBwQIBATANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzERMA8GA1UE CAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01v bmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMgVGVzdGlu -ZyBDQRcNMjYwNjA4MTY0NjM0WhcNNDYwNjAzMTY0NjM0WjAUMBICAQEXDTI2MDYw -ODE2NDYzNFowDQYJKoZIhvcNAQELBQADggEBAF6NeCwKF477Zt9hYpVuk7d3Aqhk -m7RXgcrcPpWSA8dDAFCoaxAl09NAEjwePW7n93XEaxSIgyA2NFvvMvJ+nMaIpjNo -HbznIS+57jsxqwbK3mFt268Dv3W4Qrdv1ZFOW+cxd8Wn9XWCwA2Hcvf8lkL6DC4s -qJ8bHVK/GFL9WKBrBK8Xtz1V3jicYn7XdNY5HBxJg0QZkSCTK55nIWBaJLuZPlZ7 -nBARgl2uY2C5MrEjjubQZiFAf081IelQtPIZMRY1E2DhGlKcF3qYKT9xzuVEu4zs -mxkaG8Nf3gHuycnKJQOXvd9ZCYSIB4KHJ7egFCUgLefKSFY4/JNQP2IIWi0= +ZyBDQRcNMjYwNjA4MTg1MzIwWhcNNDYwNjAzMTg1MzIwWjAUMBICAQEXDTI2MDYw +ODE4NTMyMFowDQYJKoZIhvcNAQELBQADggEBAB6LRmtO+u2zn4IFE/CRdOBsCTsz +tZ8EaZSBP6P+Ag/GeLT4M6CIjHhJV1SUMt2aEAU3JBBye+sKX6Rk1JK6UzEjDnUf ++TRoGFvqh057ujD01LVh9FQpobr0Nsa/Xx4551/Nc91z/khlG5aBrTBoB4I7Q2VB +OeYjdhrAKZ0jc2xEKy6z+vJWAgj0UmSwxjhJ8Qf3xiaPnf9Nqu2UhAv+IwhWMxBC +GrXaJBOhkv9GqtNmnLJrOJoHgoO/MAKvaKi+/YqCH7pCHKt62t2f6ZD0oNuqFZYx +QofmyawIOr6FY2tHQNL2ZN4cVHgQ2X6b4vhJnpNw6tKG4s4niK3MVr7qo2A= -----END X509 CRL----- diff --git a/test/certificates/expired.pem b/test/certificates/expired.pem index 141db20b34..8c9c0ad8a6 100644 --- a/test/certificates/expired.pem +++ b/test/certificates/expired.pem @@ -1,49 +1,52 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEA+JjRo9fw3m4ldcmlEWfr3toV82PzadoT01MssjOCNfz0R0cI -BOxkzUkDsVLnhbcyksK5cfqvC5aQoCjXwG/fugkN579zvsmPwHhfu8zJLpO9k8Jg -+0kohDDb+k6PQ8OcPU6unRswLQZ43uiRiB9AHbE/BfchXOE9xAnHfHxin47k3dTQ -vj8dHuDyIDe6s7guUNstfdtZq+Xa9DJDuhIEShMBLt4GalEqfUOJ7zZhBB5ag7sm -Waognhvynzj2nmPQ3FCIXnfK1y3at/jEXQxm1ubwVXpG5iFxvYPDRR4JWsYy9yTA -h7QOpZKbh5Kp60kD+AslKyJos+/kTc8RKC1SwwIDAQABAoIBADt9usGWZj6cpltL -P7TsJS6mCxW9aB1/QjpSz8HvgKwx1jWOgpVHCxJzdC5F1EEUJ8amUeG8Z5KC3CZv -z73uJ+Cp1QmOMAFK1Btv0x0qs0Rxt676F+JazhbgaGw8y50gXS3wu+m9/WfxAhD6 -IAWu0NWqOpZPX00OXA0jd/lK/QEIpO2p3EufDCKfJT2jtfl5nAWvR2Iw2FnJ9CpK -HHfhJIX9QNV4v4Uh416MmjdaRCjeDS+ScFOqGbFY0izUXlRsZ1chrB1CK0pShbpi -FnU98uor5QHndBe8xdS3Np449BNH5GhoSivrR0rewaSytM4Ze1E4HGbD94v0Ksrx -Mq52Q50CgYEA/vqYIFBdDseN9LUNciQT8sfmFEtS99HGhXjv1fH3sjEsMuzZaS5Y -gAk+67M00Xq/X6Ds5xkQ1xq8Hgapu49NZaR7g5/KhqVl6gSdwSDQss2AkAPr7EEF -btDWRTp/FLp9lll2YP7KVOqEquGzk8yNzSrkoHPYIPi5gLS70d4BNf0CgYEA+Zeu -ju1C4RMyLuN9eJ7tMicWsJe5BhUkF8CkwPJo8QPGdvvgksog/dLH8Qye/JAqgl0o -9HvRxEUzQqzOrNdM4DY5Xh0f5J/EhyZzgfoks6ay0lInCdXcI4vGspX+Izt3Qm9t -USi7L31elUG/0eKojNozqAhV310ygiLjtG2mp78CgYEAu8i/BP1qq5nYOGKnFmrv -rhv+nO+kmRMLy/z3VW+w5rFERfUdYVNapmEoz9nZinWGP9162/Af8Oulo89wbcvq -SnNK6/Ng6q0hU6o2rKeITEcA6g+ZTxPL9oMjazTbpt5546Lbhi/fv45ASsGSycUa -ogF3A5yNjirgI6P3t2ZzKdkCgYAJtSmX64h/YpTAGB8IMv48xiJuyefrYaUeu2Jt -EsCcJy5v8EoCy5PO64TVTk1cu2q72U2/fJVjEeH1hO0g8drOma1PiMh1xvUI4Kj7 -dDQ7PI+V+JYGHuhKBaS7y3OwAR8ZWWYiEvh81153ZbBFRJCTseTycyiL4H8Xaq36 -lY021wKBgQDV+wxziAlb3UK1M2BAcYKKd8QdFcyC7xmbCyEv+uQUxGJ/DBZ+fGVG -rW973uFRxrBwVkss7WWA/odnP5KuCvsj9uCMWfezPsTlt41pV56O3Xe0cnbbPBGU -v6Y3z4UBT8g91c2307BbX/+krr/2Gq3zvWl8G486zNxNM1mZJof4Ag== +MIIEogIBAAKCAQEA4nSKxBpsnS1QX4PCO3VEEdBcCqHxKU2j4dmY8soANTyva3xs +Q1Mvu7tr+0kDWVMCI/clnMsbCIoLikiNaLXhz84/Ne7WTHkEMr31GPH4XDu6FMxz +g4zydQQ9fuCC0FyxR0KlqBLzVcrC3HIP56MzXLlbCAfCitubti8dHdZdtgC/vbTX +f2LiOG/R0M++6M4Wj+KAEagnV4bn5MiCt4KnZyf2w57ylSorhFHhszEI7YmzHjkW +4czGmHuE50NVPftU09750bFRrnxvlO/wsknER9ZrBqjkbw0E9ezMtoAGwK9Sp8hR +bVGXKBdw4aXG43MLDleaenGGJBeAJPjY76Es6wIDAQABAoIBAC2hSRLRtkAHkPHm +FT2w19n1D47O6c6mR9bq5yBI5rjTdQ9l/1SjjvM3hT8Zi7S0frJriucon9ZdJo0j +KGdIeutKBj+iVAkNu3RUBW6U1zQSjuDA/6eqv3InvBJ0P7enbctLmSCgTOrlE9Wi +oCTPJDrTWI3qLl+Xd61Cmg3Yk4JoDCkPzdWaaTBIwLCfIlgcn6Y9hmM9vxGHKR5P +NGw2pdziXBKwTvE/eM+ducNnWhHbgmG97yaLLzxDl96BQ2768ZdD/eEOpM74sr+a +mo+HyCHAQvcrEyoBGHlk+qdyBBBA2AVUiiuBXx2zlYlsHmgYJBaVnENrQSccWTzg +vkVv0hkCgYEA933L13nL4BQHFKyhRsbHaE/0GOGY/Pe6T8a31jXHqQN4jka44gGP +JD/S6Cfc+jSbiPu2EN0Yu4P8vYiTGIeKeCcD5zsh0Dk/Ht9Lts7hu1UBmVxoOokG +ndR35L7R4FE7LNqXjFO+SNKxhpSXqabUmCLGBswFdAApgU83Q8m5w1MCgYEA6j2a +mw1oRelSeYQlG0eRQ99Y9vUzf5Hb1p44A1F3zQNSzX86L+mpPLF7i7sD7TM+b9J2 +Ik2ClaQ5r1vMH/pkBHrjGHYKU9JIJc/9YOZWMmKcvb9X9/4xs5us/Q0UN255/Lgx +xynjR67NRC70oAdxTi37E+OgVXDkOlheaU2ulQkCgYA5/GxVGQFOiAK8slG7Hnm8 +E/eSGNFae8RYSqvp8YHNNLX7R9Cri0f5a0bEBAr/SHIkny0iOFtCHAOMeMJWHfOw +gRumArHCcpc6aYD43PIAjUMppn/5Lv+w3QYWPys3TnD56mFVjI1pzIuxh4EdS6xF +1Ofm0ch5TExtMp01Mb9nZwKBgEPAhdOLUTnHfv9+5Wy6ip3jIExuJ/MiMUAmi3UK +P2ihKXYe8qmhID5Z565G7Z/STqDxcxIA8WBvG/BI0QX+2qchFEai/eG41P1654L7 +nLr+IvAPRFaKw717rdGT0uElp0sdy+gbiY3WVbD/E+qlvHQsgI8ELAAKozjtDoHO +4kxhAoGAT2zXUOdWDHqqC/Kezjjuz22JvLD1IZ5B7k/Y15KX0OIZ0W2pXY4isFhC +hsbCzYRN5PFqx+Mr+OawjzO+CaW2wnLK33a4QrooY0NJ/tHsXYWFAA00asAtNlp2 +i0SwTRuvmb/M08m1338+HAFdpQrhlz4uhtbeA4ZEGRjUKCg0OqU= -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIIDtTCCAp2gAwIBAgIBBDANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER +MIIEJjCCAw6gAwIBAgIBBDANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER MA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNV BAoMB01vbmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMg VGVzdGluZyBDQTAeFw0wMDAxMDEwMDAwMDBaFw0wMTAxMDEwMDAwMDBaMHAxCzAJ BgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazEWMBQGA1UEBwwNTmV3IFlvcmsg Q2l0eTEQMA4GA1UECgwHTW9uZ29EQjEQMA4GA1UECwwHRHJpdmVyczESMBAGA1UE -AwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+JjR -o9fw3m4ldcmlEWfr3toV82PzadoT01MssjOCNfz0R0cIBOxkzUkDsVLnhbcyksK5 -cfqvC5aQoCjXwG/fugkN579zvsmPwHhfu8zJLpO9k8Jg+0kohDDb+k6PQ8OcPU6u -nRswLQZ43uiRiB9AHbE/BfchXOE9xAnHfHxin47k3dTQvj8dHuDyIDe6s7guUNst -fdtZq+Xa9DJDuhIEShMBLt4GalEqfUOJ7zZhBB5ag7smWaognhvynzj2nmPQ3FCI -XnfK1y3at/jEXQxm1ubwVXpG5iFxvYPDRR4JWsYy9yTAh7QOpZKbh5Kp60kD+Asl -KyJos+/kTc8RKC1SwwIDAQABo1EwTzAsBgNVHREEJTAjgglsb2NhbGhvc3SHBH8A -AAGHEAAAAAAAAAAAAAAAAAAAAAEwHwYDVR0jBBgwFoAUu4w3IJMJ+m356S6yIsSv -aiYwZ+EwDQYJKoZIhvcNAQELBQADggEBAGW/3QzJYeUK6vScwm4nuN8oW7ha9NQl -jqlPAPV6jNCDY5aQJ3zN9v/DDKE1Umpmv739LmyQS1xmKnvT7C3s4nI/BL312Mb5 -9UypdnvB9VGxTs2OaglxPsfMqxacq7wr5MC6ikIv7GieA0EEsWqkKeSf7id3z3cr -WeYmCPGID1OrYpWMT/fTFBEVVYrDpBZc9sla25u7l2ymK2JjqWZorrJAAkzo6WkW -ZRfAh3SUzgHVZMJ9dSdRT0xFiu31tpwKRAdRs/sKVJ/+MIlpfwxjx52RJQCzDd92 -DlaJ/lYEJuwPdOylRi+9EtC5enfyIvlqft00teDAMYM6ZM8D/cLbyBU= +AwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4nSK +xBpsnS1QX4PCO3VEEdBcCqHxKU2j4dmY8soANTyva3xsQ1Mvu7tr+0kDWVMCI/cl +nMsbCIoLikiNaLXhz84/Ne7WTHkEMr31GPH4XDu6FMxzg4zydQQ9fuCC0FyxR0Kl +qBLzVcrC3HIP56MzXLlbCAfCitubti8dHdZdtgC/vbTXf2LiOG/R0M++6M4Wj+KA +EagnV4bn5MiCt4KnZyf2w57ylSorhFHhszEI7YmzHjkW4czGmHuE50NVPftU0975 +0bFRrnxvlO/wsknER9ZrBqjkbw0E9ezMtoAGwK9Sp8hRbVGXKBdw4aXG43MLDlea +enGGJBeAJPjY76Es6wIDAQABo4HBMIG+MCwGA1UdEQQlMCOCCWxvY2FsaG9zdIcE +fwAAAYcQAAAAAAAAAAAAAAAAAAAAATCBjQYDVR0jBIGFMIGCoX2kezB5MQswCQYD +VQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENp +dHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMM +EkRyaXZlcnMgVGVzdGluZyBDQYIBZDANBgkqhkiG9w0BAQsFAAOCAQEADH7WYlZY +Mbkn+87kgMhNFk9RDXtGYHxQ29+8PL1lDyqOli1nMVBnh57pq7oBOeUXuqdosFVG +KnQIvUa1EZrT4/y+RaQXzD2xcWbdCzXQj3DT/mFYuwwtI5T6hUCHAw45LcZQxc+t +4xhnssnl7Nm7fnOl1KVkLiQWaEZqZohm7vATvNjRcZaeGS4MxAAERKWbC7wbkfBt +Eqp6h+/GnpBAW4PV/lH6hSemlr7/9UkGrbZbyqkHsOeXwOdmgxkMGUL7M3uuonwa ++XBGXvH8cxzpnmgQvqzvxC5oixJjq3wvNxa/T4T2o1Ez22jNuI8TVri1F1yfjnBs +XstbsY3QF7jg8A== -----END CERTIFICATE----- diff --git a/test/certificates/gen-certs.py b/test/certificates/gen-certs.py index 4fd00cee60..8c339b3acc 100755 --- a/test/certificates/gen-certs.py +++ b/test/certificates/gen-certs.py @@ -1,11 +1,18 @@ #!/usr/bin/env python3 """Generate TLS test certificates for the PyMongo test suite. -Certificates include AKI on leaf certs (required by Python 3.13 / OpenSSL 3.x -chain building) but deliberately omit SKI on the CA cert. Without an explicit -SKI on the CA, macOS SecTrust cannot perform keyid-based chain lookup and -therefore does not trigger its hard-fail OCSP check, which was causing -CSSMERR_TP_CERT_SUSPENDED errors during MongoDB replica-set inter-node TLS. +Leaf certs carry AKI in the *issuer* form (DirName + serial, no keyid). +Python 3.13 / OpenSSL 3.x requires AKI to be present for chain building. +The issuer form satisfies that requirement while avoiding the *keyid* form, +which would enable macOS SecTrust's keyid-based chain verification and trigger +its hard-fail OCSP check (CSSMERR_TP_CERT_SUSPENDED) against test certs that +have no OCSP URL. MongoDB's own jstests/libs certs use the same approach. + +The CA cert carries keyUsage (keyCertSign + cRLSign, critical), required by +Python 3.13 on Windows (OpenSSL 3.x enforces keyUsage on CA certs). + +Using Python's cryptography library gives precise control over extensions — +in particular it lets us add AKI without OpenSSL 3.x auto-adding SKI. Usage: pip install cryptography @@ -22,7 +29,7 @@ try: from cryptography import x509 - from cryptography.hazmat.primitives import hashes, serialization + from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives.asymmetric import rsa from cryptography.hazmat.primitives.serialization import ( BestAvailableEncryption, @@ -54,11 +61,18 @@ def cert_pem(cert) -> bytes: return cert.public_bytes(Encoding.PEM) -def aki_from_ca(ca_key) -> x509.AuthorityKeyIdentifier: - # Derives keyid from the CA's public key directly — no SKI extension needed - # on the CA cert. Python 3.13 / OpenSSL 3.x require AKI to be present on - # leaf certs; the keyid form satisfies that without requiring CA SKI. - return x509.AuthorityKeyIdentifier.from_issuer_public_key(ca_key.public_key()) +def aki_from_ca(ca_cert: x509.Certificate) -> x509.AuthorityKeyIdentifier: + # Use the issuer form (DirName + serial) rather than the keyid form. + # The keyid form enables macOS SecTrust keyid-based chain verification, which + # then triggers hard-fail OCSP (CSSMERR_TP_CERT_SUSPENDED) because our test + # certs have no OCSP URL. The issuer form satisfies Python 3.13 / OpenSSL + # 3.x's AKI requirement without providing a keyid, so macOS falls back to + # name-based chain matching and does not attempt OCSP at all. + return x509.AuthorityKeyIdentifier( + key_identifier=None, + authority_cert_issuer=[x509.DirectoryName(ca_cert.subject)], + authority_cert_serial_number=ca_cert.serial_number, + ) def server_san() -> x509.SubjectAlternativeName: @@ -134,6 +148,20 @@ def server_san() -> x509.SubjectAlternativeName: .not_valid_before(NOT_BEFORE) .not_valid_after(NOT_AFTER) .add_extension(x509.BasicConstraints(ca=True, path_length=None), critical=True) + .add_extension( + x509.KeyUsage( + digital_signature=False, + content_commitment=False, + key_encipherment=False, + data_encipherment=False, + key_agreement=False, + key_cert_sign=True, + crl_sign=True, + encipher_only=False, + decipher_only=False, + ), + critical=True, + ) .sign(ca_key, hashes.SHA256()) ) (SCRIPT_DIR / "ca.pem").write_bytes(cert_pem(ca_cert)) @@ -154,12 +182,7 @@ def server_san() -> x509.SubjectAlternativeName: .not_valid_before(NOT_BEFORE) .not_valid_after(NOT_AFTER) .add_extension(server_san(), critical=False) - .add_extension(aki_from_ca(ca_key), critical=False) - # OCSPNoCheck tells macOS SecTrust to skip OCSP revocation checking for - # this cert. Without it, MongoDB Enterprise's hard-fail OCSP policy - # (kSecRevocationRequirePositiveResponse) causes CSSMERR_TP_CERT_SUSPENDED - # during replica-set inter-node TLS on macOS when AKI is present. - .add_extension(x509.OCSPNoCheck(), critical=False) + .add_extension(aki_from_ca(ca_cert), critical=False) .sign(ca_key, hashes.SHA256()) ) (SCRIPT_DIR / "server.pem").write_bytes(key_pem(server_key) + cert_pem(server_cert)) @@ -197,8 +220,7 @@ def server_san() -> x509.SubjectAlternativeName: x509.ExtendedKeyUsage([ExtendedKeyUsageOID.CLIENT_AUTH]), critical=False, ) - .add_extension(aki_from_ca(ca_key), critical=False) - .add_extension(x509.OCSPNoCheck(), critical=False) + .add_extension(aki_from_ca(ca_cert), critical=False) .sign(ca_key, hashes.SHA256()) ) (SCRIPT_DIR / "client.pem").write_bytes(key_pem(client_key) + cert_pem(client_cert)) @@ -261,7 +283,7 @@ def server_san() -> x509.SubjectAlternativeName: x509.SubjectAlternativeName([x509.DNSName("wronghost.example.com")]), critical=False, ) - .add_extension(aki_from_ca(ca_key), critical=False) + .add_extension(aki_from_ca(ca_cert), critical=False) .sign(ca_key, hashes.SHA256()) ) (SCRIPT_DIR / "wrong-host.pem").write_bytes(key_pem(wrong_host_key) + cert_pem(wrong_host_cert)) @@ -282,7 +304,7 @@ def server_san() -> x509.SubjectAlternativeName: .not_valid_before(datetime.datetime(2000, 1, 1, tzinfo=datetime.timezone.utc)) .not_valid_after(datetime.datetime(2001, 1, 1, tzinfo=datetime.timezone.utc)) .add_extension(server_san(), critical=False) - .add_extension(aki_from_ca(ca_key), critical=False) + .add_extension(aki_from_ca(ca_cert), critical=False) .sign(ca_key, hashes.SHA256()) ) (SCRIPT_DIR / "expired.pem").write_bytes(key_pem(expired_key) + cert_pem(expired_cert)) @@ -303,6 +325,20 @@ def server_san() -> x509.SubjectAlternativeName: .not_valid_before(NOT_BEFORE) .not_valid_after(NOT_AFTER) .add_extension(x509.BasicConstraints(ca=True, path_length=None), critical=True) + .add_extension( + x509.KeyUsage( + digital_signature=False, + content_commitment=False, + key_encipherment=False, + data_encipherment=False, + key_agreement=False, + key_cert_sign=True, + crl_sign=True, + encipher_only=False, + decipher_only=False, + ), + critical=True, + ) .sign(trusted_ca_key, hashes.SHA256()) ) (SCRIPT_DIR / "trusted-ca.pem").write_bytes(cert_pem(trusted_ca_cert)) diff --git a/test/certificates/gen-certs.sh b/test/certificates/gen-certs.sh index 0733e1e515..42285b2aa3 100755 --- a/test/certificates/gen-certs.sh +++ b/test/certificates/gen-certs.sh @@ -1,8 +1,6 @@ #!/usr/bin/env bash # Thin wrapper — delegates certificate generation to gen-certs.py. -# Using Python's cryptography library gives precise extension control; -# in particular it lets us add AKI to leaf certs without adding SKI to -# the CA cert, which avoids the macOS SecTrust hard-fail OCSP check. +# See gen-certs.py for full documentation on the cert design. # # Usage: bash gen-certs.sh (run from test/certificates/) # Requires: pip install cryptography diff --git a/test/certificates/password_protected.pem b/test/certificates/password_protected.pem index 0a4202b87c..f9df236a2c 100644 --- a/test/certificates/password_protected.pem +++ b/test/certificates/password_protected.pem @@ -1,52 +1,54 @@ -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: AES-256-CBC,CD109B29CB2ED1E1F980D87AD3B2D4A6 +DEK-Info: AES-256-CBC,2A1A2A327D032B31FE54E4A4C4C470C7 -zdAY4vil6uYL6KeaFDrMxIqcI4GYxAtur4N/V2tVb687zYNPtdrpYbavsHBAX4an -BkKcsfYHVeCx5NNCyZdUcgbJR4VqRUKkF9g+ou8WzsNMmPcgz8WrSR17c++LqFOX -2HtvuWEOvNoOiCRQQVfB33KCMZp6td5lRNkIJ0RkO0ojE3Oi0VW5qydER0BQ0FuK -P7BnxD7ydqEaIY5gZcTV7CCLwO5R2ryahXvBuyK22DEQwA0Jni+4Bm1KDuoAxnVm -t2xB+xac6nVBdrKrdVRn+W+kXNkDWdQmHh6UTEQhZVgW6oLXsbLEu2uy3gOdH53m -LTHuWcJd82CxtpyJ1S1SGtOgE3HjjKWQ/6O7YMXWmuiJHdoBx+HwlcOCjx8ps6+v -0KOVP/OYxZSTU6bVlYhjeEFGt016dDFMwg94aA3tq5jImfPs4a9zCAG5vffS8joz -7ohg4Gr29um0CLbnYitVCPWoVfAlORzoSjzExDpHg7/AZlAOV0jWqkDRAIO+m8Z4 -rxnPZ2EU8oPZmY0GEuW6YVqFQ3NKdifr2/9weAo8KB86ODc2LtCad2aHcgLFeLyG -xgV6ECJaXYy5vCHVXsYifQvdg/ptYN2ekThmAHVJFWJEJyH37Q+YmEoLiRfBsrdw -KEoQR8Pc3vMp41TeSrrNu8xCGG7cjjAJj3+F3zQVPUN9cn7zrKwiU8FL4zo3MV1M -XoTLzOM1NObZAyEbUYcTBPOBtYRq0CIKxOx/6Hwg1k8QXh9Vuft/EeWd5fqLUtx/ -kNW7jSsd/d165cbY10XVZmuCHqGaMHlIr7llHXrETbOqJPG2CCT7a8wX4Dih8ZF9 -x2NBPgVR6bS+BnnmjocHzqPzmFPunDcWjoUkkgX+wHm8ZhltrbhD+eIhyDkaWZD8 -QsrDgdB+9fceYRha0hUjzBYIIvRUsQpIT2s3OJDwWQkJ4l1QavluLu4bvr3GqWL8 -GfzzoD1UZK7KZnzLwsJwJwt8po1g04buT3N98Xk/s6HmlLLYe8+1sQaX/XMjXmg6 -7/SABoi9JRrogUZtYdThpYP47Q1CC9PD9IC3aXo5O5+deo25s+WJ7GSxm6ocKO0s -5yg2BkEBkF4ig7JZisVaWrgzgTdJzeBux6CcIgdt9qqcuhQU00k+VGDTGM3Wsx+y -Y5KzhZZ8RdKv9USmOS9jnpL3XADCWFrGIcC1bbzs2B8EUlpFWTkSZvnpUvJPNUqi -SEiepHif1DnOe+oBp/w4xLkR6rB5Bjs6qU46Gq8equlDIu0Mu+fCD1ZrKrwbsrJx -EL3ZJ6pCOAm6yddEbddbXY3gL80L3JXTmBgopdq9bn4CgYC53qZeNJcwNSHD/LaC -Tq6XSeo7XM0iQ4VVhW37dWBXRSmtKjgykfOfFw3QMjzu8M7DgKX/nN/FC1bkZkyB -nSQvQy26djNlW7DD8lVl75N8yDkMbNnYolEJb9h5o7paoNGSPEJjYJdZLYqS5qv1 -P0TljqrufzdTRBQ8hHvv5javcjEbc9Ng58PeQNaqShQttcn01Kl+nOmXNBOzLEg/ -XpWewTnDLdUjWpuyHmSvTOJzoVgdQ0B4qLPIvuCE4G8G3eCSQ6elerMH3VYj6GRY +MkuZ4JgpxXQs5zYCF9a5CgWhWBNs/eF1KUv1lKzSh6LjjsGczgonpq2sx+ll541B +P6dTMXt9nypkRWuOr5NTMGV1RE4evHgvNEtztQLCyqSK1sZWjsqnDNR9kON4+W2P +KaLKD5ARsw8xvibV3mS2a6an2zWdL5DPm/wGBgUMcmLReX+xxGm6HbCvAr2Xjapi +x/xnmFgqKN/SbdS08M1Lwndpuxa/+LBcSt3zm5JEpEEzSXh+dX//pDM90R8XYBJj +Y4Am3f7uKibFPjFea7qUxDCIlvLaaE594cDztYiz8GdBFihZBWzp05dG+fFj+U5V +6L4EjIHoJ4j5bZUfmPJTOvXmG9H8PSayOC+JuxR7HcarZF2HsvQa5+yJLy5VP3zM +0fOkHnbIZdwCys3rkZxqh+77JfJIuu8eX0+Mu2uW7UBoyNxs4n1rqQXWk3nx5PgZ +DVUbSDwzqwOhl2nF7VeiurfLQLcbQMuUkWBh4n4Pyki1VCekqQMisi7ibMgZ+iPi +lSnTR8MvXVaK53lpvLdG0K0yQDIMA5TmRnStH0zWQwZBqfrVSgnt2Lm3bJrj2owf +yeh192X3wlL2GNUzu+tBSGs1QCllLXqnDM+6lV+zYzZEg2KhsUxGS8IpUvv96w8m +RayHj5+AFlPWBWEnNLlMK+hVBXuklerZufHvNQ+y1q2muiKPCCdXK+s+zw33LOis +ibohNvjtfgawcxXaEw0GqoVnd17J/CO7gY6jrnS+9hS4UinXiPvfMuVUdbKsMiMA +WWwta7xPz41IohewdwjByjN1qHTzFaGCiGRoXda7l2sRXfF9HjxepB6wYpQApN4z +ki3bBuuwR+vJo6SnAkpkcYAdQMsztTrpiOVlu/HUha0+l6A9eb/rkm8n+7O5hLgs +O6m/n/Rjw2biX8U2ElBstvsyQgECXKmjU/NBz5mZ72KuG9lJg2wdk3QNFGWxZnPH +wnbWyqhqwPmeIGkYQXfqMFAFpzmOxdqAlG/v9hp4kLPmuV8vc1S2g85TVX/vCRxP +cET3zfR7s+Glb793gN1vx6z1MTbs4MuamfjfVjGvSY0Dm8tiboupDC1PowBw3fVE +DIx6lLK4E/2uNQOXy2mu/enTQ1D7lAwSflfMTEjscIstCLkW3IprdV9nQOZdDysq +3jkB/FpX/u4hhveZaNwUVFxyI4i3ligJjvfGVDxPmNreO4cJ6b9UrWbj15HfjfkF +1QUlqe+pie3X9+yv2K7FmACmtR8ZAFBWGpYRNuQQiIgXe+HUiyrkkLubn6gqBjcF +jwc64lMRTAQHWY/MlYKg+6YMsVYgcCjhi16RG+8zWyBsXIJISZzJbv/OIqrhxTcY +mqEsyR+/GCoEoKeaLgxiEPizNtOH37gG0bFuRVsJDUJ0Wg89ZvJexLY3VuQmdTDn +Kew8O25oqMboz5oI5hcnJiYl8AkUvmMSbWG1akpwExtWv6FQckJznUaSiwaiIgtd +v5fBzxiGrqBs/9cxuDfBdG5hN91NiGv7XfJh3az9/Ln3lnSABFH0ZFtyHQhuvhaa +MyT/MW3DnEHlpAXPamWuxgZsS5BeyJWimCi9JjCmVcknZrxP8CFVXHiPDic4ZD8s -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIIDszCCApugAwIBAgIBAjANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER +MIIEEzCCAvugAwIBAgIBAjANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER MA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNV BAoMB01vbmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMg -VGVzdGluZyBDQTAeFw0yNjA2MDcxNjQ2MzRaFw00NjA2MDMxNjQ2MzRaMGkxDzAN +VGVzdGluZyBDQTAeFw0yNjA2MDcxODUzMjBaFw00NjA2MDMxODUzMjBaMGkxDzAN BgNVBAMMBmNsaWVudDEQMA4GA1UECwwHRHJpdmVyczEMMAoGA1UECgwDTURCMRYw FAYDVQQHDA1OZXcgWW9yayBDaXR5MREwDwYDVQQIDAhOZXcgWW9yazELMAkGA1UE -BhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC21XQLZJAgM7aN -V5ZKanrh4jlgWMOkitIyJHHriwEEedr+O/ka61IkcGzMrvL5QR8Lfoas/PI4sucy -KV7LO/FOI6R/0aXAC1SIV/KWJEFRArv3oJ0c63jo1runlzcvXO5hpyL+kJHLq0YP -4Xy13yJ/rLBVRt8uM1bjH/IjO+HRcq6g/at+zad+TLp0yFzoTgqi51d7PTEaXN72 -ZWk3BiX164hLtCdDWb0vroXmDLq3b5ISYYzJNgFw0cpnZ38Alw33tlB5hKJRxY4k -y/ASv5leGioA+bBPTHmQHTVU+Zs4VRM1g0N8ra5MCihVdAe8YlMN/lQRmtZONxvr -+S1qQk+rAgMBAAGjVjBUMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcD -AjAfBgNVHSMEGDAWgBS7jDcgkwn6bfnpLrIixK9qJjBn4TAPBgkrBgEFBQcwAQUE -AgUAMA0GCSqGSIb3DQEBCwUAA4IBAQAsOBKVk0iB8MBN8/1mnzrlVZ0Md7VEid27 -fgK1b7xv37PlahEOe0tWxutX4iLneZS+XfWCpvok2UjqJi9di3bWeAckoNNo7GoZ -tu1uom6ne52nQIn7g5VNjOZk66NyAyvlPr+2SMu40GxnOe8OihpNk0aqT4x/Ux54 -/9pLbBd8oHru5Acqwnez3mzSr/wj8l88lpdwFmAx8xvtEzOGn0vOZA1YXHS1lzOZ -jecVNu5q94kXf+3zyVyzE2IgHd+K4Sx7hGuFN2PB05acFV36ZjmdSWFtBxmFV3/8 -rt/0ztRoJyBoX1oSCYIuPtwiYSV0JnaM23YJzPdztv/JnB43Qh3O +BhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCGjHibyL6EtuJr +zcLf0G+zDoxEgr8Py7T6s9Gb0KaH0Cid/YrPbbfBgezo6GKlyjAyCQaVNLO25W9V +KlIhI3LLhFU8q6RRXkzcgjtofb6ngfocVYbIe8schYINzS9rAAO0LAJwGhCMnyAZ +ph2kFwNAGsgk+1bP/1BhxzZ7Uqv6Rr/YuH8N3omMWpWZJbMdNFQk830n0MSxSClm +5GV0QYFmaZLO+PYfCg4ra2Awy/bObKS4sgqY8Q77CBzFAwL+40gF1AYuyIeuYyRc +gTsDL9fWpHw/cc6HJ4/IzYxtmeR9sukjBxz3cQiArXPglCfsQ7yHstMxFSqzsjyS +/Ty7XMxrAgMBAAGjgbUwgbIwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUF +BwMCMIGNBgNVHSMEgYUwgYKhfaR7MHkxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhO +ZXcgWW9yazEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTEQMA4GA1UECgwHTW9uZ29E +QjEQMA4GA1UECwwHRHJpdmVyczEbMBkGA1UEAwwSRHJpdmVycyBUZXN0aW5nIENB +ggFkMA0GCSqGSIb3DQEBCwUAA4IBAQCi1zSezWD8IpIjzj+I6hlXIRbV5twftNkd +nA86NaYfx+k1khoOV99gjALYff4IzCZoDZ027VeqL1mQblh4OM2o7Iirns4G21ka +bpSbjgKs3PbijcWHgWpjnWHL1osQsP/WApaZQbNIyh29F0qDmKm5fgn7eHqX4oTV +DTHzOd+tTVTkM1UHzJnYf1+1IdFwzyTVz2RT5uakuHwpJRTQhQBAdahOZPxFUURN +x7N9s/T7UnAmKHCzl7QFxfN/BsjPb8RxgRP5Rl+lU/WF+MIeK2QiJ7d2jRa9Eewn +v+8kv+HCaER3D5KpjFzM5IFofUF58J7RCZQYf71gK9kqgcIq4jpX -----END CERTIFICATE----- diff --git a/test/certificates/server.pem b/test/certificates/server.pem index 6a2d8afb33..813ff71d63 100644 --- a/test/certificates/server.pem +++ b/test/certificates/server.pem @@ -1,50 +1,52 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEApnGeOYXcLNRyDN6Mg6CZYCjemex7Oc3s1SFrBAWCg1fZ9crd -AGka73j2RQyQlRyJv9kMLgNtc5xzTKsFde50h87ZvPe470TYe4TR2MdkNV4TKy/q -SZeRqcoMOgvxitvaR0s80avi+QQzyGl0Pb+hQfL+SMbLdFXEZ3Sfb29001bG1NnQ -KpT6rry3xpHTlBun+Hk4DcLa/3dwVSRLW8Yweh6cN25Z7ywZjHlSf6rnul2ivP/P -W7hKGKde/bssNwJyt5fHuKa9lxc2GkrPlRf03jiBLjF0CUeIvkaZuzRBe5Etnlf/ -5SmSwsjtsW7swcRUm0BkQWmlvlP6qG2PQfjLkwIDAQABAoIBAAf6OLUVS0Tv/Voy -wNvxzEtPE8HSrOJ+3uO/AWP4DaLU7zK4J+W3cLda/iOEfPOHCO69U1E4EDyZZyKD -RrSgNE0EDYYtZPUKDcqRxmsHV30bueIShSSrOcVZ1HWXXlrWiCMHO9S2BWydyaUv -F+3ghU6Y/ALdJrtrMInGDa3OH9sD+q9+R4W17o7pUP8Eu9be97DnAFQwNaTK3Qx1 -pHjrKkmr8SFGg4cyMCXMRni3KQeH+6QHVxBLIbDioGjGuNNngYgL0aZbw8DNH2Vp -S6My1QCQZ3yaQ0jS/yzgCCPQyglQf3LmE3ydIyK9FaKgOCd3mFM2yEiS87jVzQxx -+RxQMUECgYEA6ei27IJMa7SBMmtdfTQgyb9mXVYFTbtTgHbx8KamdjuRmTQNElYu -iphyyOLCuGxoVj4l6zVwashFshPVax7Oi4ndHNVqIx+iIfohvS0Cl7E6X4yTKnBg -XkqbRyxeXCmfZ6BfJhEiH6unapFesoBdBuwctCEaqOreHNZDvzGeQsECgYEAtinH -Fhcm2kOE/AiszEn1Q5IfDWliEs/lbEzqUmn6T295EY0pF9y5UJcplcgZdMJ2K0iE -Pk1eXAYqhlbkp2MjttYvkD9B4CCnTq5BrlMuYFSC9tnyeFKFYc0EaLbGv7MIYFqD -b1MgZp9wLaF7Kl0y/1AZ/Vv4zTLKCoc0toGt51MCgYA5vNDSZoNYnrC5clkcW66w -PgeViHM8sb212yZzYZ97Vc7lwzxqx00rtt+2iIrKHTBQAX04pvM92HujrlOi4nLX -bMtgn6lYTCmoO2bynFakfQHMrhVxh1WyULYthl0wYLHRUXvLGLWUnblwi7uVUiwk -VknriLRc98Sl15nXavcGwQKBgCY7kIBvbYUj5LZtL69U2nhLI99RvfbK0ZEwd4HC -onmnoNZxNS2/8tkaUO0R6V3bLqgY+UCGRoaz+Jrng+gp46YNQEBbNn1O/S6DXl+z -L6miMzaSOdTNJReIyyMbMY2sitaGSM3FuagwUIATQ2F53Ck/66SEeCzBOyyIgiTI -BPLnAoGAQwkswMBqhr1C9QugLS4VrmsIo3EgsGPYFcif4HY1w/m1Dk9nBk3j4nJT -BqrTcYlhgUXngJZTDifL6sOu47PZ0HOdlEEeEwK+hXEriZPnZ7cCKrScrFzQDbwe -st9MAi7rcu8tW64lfglKS5WX0aE8NGZpef5BDvyYTFkkQ24aZn4= +MIIEowIBAAKCAQEAxnAdSc+RDsXTgJipcYiVMhAhiOUzMGDjruTp4nrRFiothP4K +JO+73eA38GhAzlCLVXtsewQRBYS0jFsGACPf9qO6YmBLdRh7SqftlYsENiZDiC+E +WUT58R+2z8zoYSl6mJUk4ARwUlB9PxLKI9OSC9ZpcVOWg/LNv5pE/vTMCUoPWNAK +Fx0ltNzMkWt8yzZvAStEwm/oOiPb+ngtJQM/748L3Ra6m7HK/VUzcgZbb7TJN2ag +ydO8Y46lEjQKqzJOoK4LiPtMdJYlI1SlEX67CPGw0VEjDU7G2+IUzR573bE99Qvq +fLcTvV/aIgUo9tCz4fcuvKrStczh299btcLspQIDAQABAoIBAAZ9HggO2IByKZNX +6pqCy9YiPuZ6EC1xzaAnbhpwx6uA35IsuGoyyKLdtRaQYiYc7iFycr6nCGN0zm6U +f2K7yZQIEI0s9uqyTT3ItfUg4Zdfsu+eFibRIZcn4VN0MNkUgSTCI72Lh5y5cw7/ +70oyneDzNul0wUQ5SU8NnVn06UMYcQ7uRnBtVwW5BY6ziVQh3NU+wspc5ywhocVp +NULn/mc3xcwMrv6Y08Dp4sYP5mS4tvVEqZfmssakzV14PgJIpklV/pGdHa89RLdw +lXAEJS1NBf63weCpEi4b5EtktxS4Q5EkNE7zuL2RAdMBWqfVccUu4jLM1xiMBRgo +m8h52ZUCgYEA+DtODv+T6e6oxsIB+Ma5GSoRsxvDCN5pZbWggeJmtBytJheckpF0 +lRRzodfigVUoTKLqQJjADoiYZ3tFeKUeDKsiURzsCiLxEJCt6JT0c/xPupdC1m3O +WtYr8uied1ghvnlKm2CRj1F4jIiedmNN+gFZjxNnh7KAqjwzuJ51mFcCgYEAzKXj +xffn6RnwQZKYssP1g9GnPiJ4mueEt5uSbA2KlyWlcxy+e0TqJRjTv7gpxT5fm8LC +/gx812LWOX7ZIU+03IpbmQU+Ske8QrgBih9phdTSTqg58zfRUIZ6tpWn+ssp7IAz +0PFgcnfhKf/BhtT2Sjpe3L4LR4CYmCABLSzZNWMCgYAcTxcd2sPRn+gbkrCK4I7n +ccbG+FmLv2Ghuc7uQRWZYNPWTkcK6A+1mLl/MZGhUkbgRowUhdcRUT6gPoyzr5D3 +vOSS/4tjtIxtaTKMHcCrIZEuJGX48ljgPyCP+TtpPOHMSSTbB25SO+ZVkJcRxU11 +P4YpLPtXnGHUCD2Vxmx+zQKBgQCKr309gvRBzxc3iN48f3oZe/HntLqg13bkauR+ +n2qlZZjK+tbHePtoanvNeEOubMekKge03MeZu1xMGH+TCI4byxOqDpiZBCY73LEG +ZqU/Ueu37F9hSRlrhccRhzgQSLA/mt4CoiFnUYBg0vbWpenGgeoZlBzWtvoyVbYW +ZEdK2wKBgG7WHcgNW5wuTojLp2Jpybxt7sV7kDhm89px/bhMcA6VNCYQU6GiYdi5 +yY3H12XJfMOJzVsSZpqjc0pCFVd8q7BHVfZAai9Ampcd61dBOak7pEQyNxyysaCE +tueB7Fz43W52sgCzt0m5ekghJjXaMJRoBVKOzTlx2bXydEHWM5MA -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIIDxjCCAq6gAwIBAgIBATANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER +MIIEJjCCAw6gAwIBAgIBATANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER MA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNV BAoMB01vbmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMg -VGVzdGluZyBDQTAeFw0yNjA2MDcxNjQ2MzRaFw00NjA2MDMxNjQ2MzRaMHAxCzAJ +VGVzdGluZyBDQTAeFw0yNjA2MDcxODUzMjBaFw00NjA2MDMxODUzMjBaMHAxCzAJ BgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazEWMBQGA1UEBwwNTmV3IFlvcmsg Q2l0eTEQMA4GA1UECgwHTW9uZ29EQjEQMA4GA1UECwwHRHJpdmVyczESMBAGA1UE -AwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApnGe -OYXcLNRyDN6Mg6CZYCjemex7Oc3s1SFrBAWCg1fZ9crdAGka73j2RQyQlRyJv9kM -LgNtc5xzTKsFde50h87ZvPe470TYe4TR2MdkNV4TKy/qSZeRqcoMOgvxitvaR0s8 -0avi+QQzyGl0Pb+hQfL+SMbLdFXEZ3Sfb29001bG1NnQKpT6rry3xpHTlBun+Hk4 -DcLa/3dwVSRLW8Yweh6cN25Z7ywZjHlSf6rnul2ivP/PW7hKGKde/bssNwJyt5fH -uKa9lxc2GkrPlRf03jiBLjF0CUeIvkaZuzRBe5Etnlf/5SmSwsjtsW7swcRUm0Bk -QWmlvlP6qG2PQfjLkwIDAQABo2IwYDAsBgNVHREEJTAjgglsb2NhbGhvc3SHBH8A -AAGHEAAAAAAAAAAAAAAAAAAAAAEwHwYDVR0jBBgwFoAUu4w3IJMJ+m356S6yIsSv -aiYwZ+EwDwYJKwYBBQUHMAEFBAIFADANBgkqhkiG9w0BAQsFAAOCAQEAG0Bxa8TG -CGGOh56knXFYef+k1c1SYr8sjq/XpcYgbG5uuoe8jjxq7ZJF2arKOIINodGTW4+/ -aRliIDa70NL/10rK2x2YVj0M232tTBi/GRuL6MTHAc1zCuYsPco6n37bmXgfVJFH -eThrXCj5UU/rZzf1RQ9YCtxzgPF+gUuY5wMkBdwAjgw4N5KoplU4CYR7LDqHbfmn -a4+I1jiDeMxsptwOmqWhpwpDAUVpfE3zmCIjydFLSmpO5KJMyaf1xqqNAqS1IUVw -fyEogCV0U6SGL9vYdk81PRGaH2FDkpIyKJOfgPkNx4SUxUTn16xS0wlrTauaMotW -q0znO+NPLt8XnA== +AwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxnAd +Sc+RDsXTgJipcYiVMhAhiOUzMGDjruTp4nrRFiothP4KJO+73eA38GhAzlCLVXts +ewQRBYS0jFsGACPf9qO6YmBLdRh7SqftlYsENiZDiC+EWUT58R+2z8zoYSl6mJUk +4ARwUlB9PxLKI9OSC9ZpcVOWg/LNv5pE/vTMCUoPWNAKFx0ltNzMkWt8yzZvAStE +wm/oOiPb+ngtJQM/748L3Ra6m7HK/VUzcgZbb7TJN2agydO8Y46lEjQKqzJOoK4L +iPtMdJYlI1SlEX67CPGw0VEjDU7G2+IUzR573bE99QvqfLcTvV/aIgUo9tCz4fcu +vKrStczh299btcLspQIDAQABo4HBMIG+MCwGA1UdEQQlMCOCCWxvY2FsaG9zdIcE +fwAAAYcQAAAAAAAAAAAAAAAAAAAAATCBjQYDVR0jBIGFMIGCoX2kezB5MQswCQYD +VQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENp +dHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMM +EkRyaXZlcnMgVGVzdGluZyBDQYIBZDANBgkqhkiG9w0BAQsFAAOCAQEAo6XZjd/0 +Jmc80JOMp5T3qGWGgu1CE0bmtwMbNy3E2z6nxfb6nLJlHn3Pxczp3/9acALakOyZ +9eK9Y0ipu50Vd6wAyD7C9lMGFkiNbHagvC6RGbBff3OJvL5ijsiQDHaJNaC9UuX1 +9l0A60XgOj5nk56+W0a3NKo5phEIHbgY1nyJcK7Ih951MMDmrtg7Kgq+czssQwvV +8AtB+10zN3WIanRC0lR3YhihiOi+a0qnNjWwFGt5cHqBxZQcJ6sVqC994haBNiPf +8l5FcbCFwLhuXN7tTxIgT88757nzm2zm9ZMCWt7UdDa4mXqpJTW7+0zKDYAIw2p7 +3Y0OEy4KgIAgOg== -----END CERTIFICATE----- diff --git a/test/certificates/trusted-ca.pem b/test/certificates/trusted-ca.pem index 794d12f28c..b759fe503e 100644 --- a/test/certificates/trusted-ca.pem +++ b/test/certificates/trusted-ca.pem @@ -1,21 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIDhzCCAm+gAwIBAgICAMgwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMx +MIIDlzCCAn+gAwIBAgICAMgwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMx ETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1OZXcgWW9yayBDaXR5MRAwDgYD VQQKDAdNb25nb0RCMQ8wDQYDVQQLDAZLZXJuZWwxHzAdBgNVBAMMFlRydXN0ZWQg -S2VybmVsIFRlc3QgQ0EwHhcNMjYwNjA3MTY0NjM0WhcNNDYwNjAzMTY0NjM0WjB8 +S2VybmVsIFRlc3QgQ0EwHhcNMjYwNjA3MTg1MzIwWhcNNDYwNjAzMTg1MzIwWjB8 MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZ b3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxDzANBgNVBAsMBktlcm5lbDEfMB0G A1UEAwwWVHJ1c3RlZCBLZXJuZWwgVGVzdCBDQTCCASIwDQYJKoZIhvcNAQEBBQAD -ggEPADCCAQoCggEBALfSG9E11bX9gzMVmppmg9qNkuz5HpK78xaT4IAoSMtPXPXS -38Eh/DYfMWAggWZwJj+14C8CbGegERRWMJTA9DVetBr2VvF5CdaMkSqygdOCwm6r -zF8Dv8wcUCGf3DEU5PizCvbPBwROeSAh7ShjSUm81kA7gXeQGxF78JwpsWwJ1T5l -bgvWSlCf6x8wg1d4zzK99YRpPlHzDwg2QHbEw+d42jXAOEvmW2K9QcZPuywCDfwR -i8o6Gprowo/O7QUt2+zf3e4nbBA85cERUM3IIEjLFfnQO+sKJCECS66pwucrSg91 -m6+nXKfQi6rLizOd8zpqHEv2vIj+DVB85mTwF48CAwEAAaMTMBEwDwYDVR0TAQH/ -BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAkpVLHfsziEh+BXGZ6hhV8ilQ7LQD -bR8CS9haRPTqA/i9V3R/qykN0ORUGer+3su5te5r3g1auPL5siFCdpUDpi3i83EQ -qkGNQ1bMEwRTUil94CWHpSkz+MhCoU2SMK3MBkqxq/INJB+NUb9VCFdWA3WSPdHi -CVLYu5xftZ5Q69ikViJABrdyoyv0+Xy9hqGm7QTJBP0Bw+HjVVJUK/7Vv2MgXdUC -27bPCC8p/EI8fpDURikjYHRi43nw394WkYzQHBlLCC4hYtuh39+Q+C3gj1tEhLub -KVKGkx4rC4/pxYXhUx/E83jh8VCMo0X8z0PlJwtIv1bkBRzds2VX2m+7LQ== +ggEPADCCAQoCggEBAOYdJ8NPq6BIcrtz+EznoGo6RI1U3xJ+IELSyQesvaO8OKp5 +o3JOoDbCfaXWwVGq8qbUzcyhkA8gl1xf0MIzHOKrd8f1dieNOPM8tPe3uMcOF2tf +04Ov+ArmYDxtk5k/N6fDCd8anVG1uo1GhQywcYwn2TUHT+NpYuGDDfpv+nLFoj4T +Lap3cbHlKgsoWK5/ZzbbsKwHHPbh8LIuSVbafZymvylNsyNrrEMvWTfkGRp5AekS ++Mp1m9plwcezpmkumPgXHuHL0KZOZvy9Slo2EgByl4UjR67ABp4JcoX+JBeHhP/h +8MQLkDW+MYddZ8MBOhRvR8vvgl2tQ/9n3Uz2MrkCAwEAAaMjMCEwDwYDVR0TAQH/ +BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAAfwMivK +0MVkRGPg3PbSh6zgx3wfTnn08Kg9zcSoAG55WkkrW5Kq4H8NQIsEDvbHEFbkRoB+ +vcoKVgepMXhgMbrH9F00yAwTep1kFDzqs4RBPvQs4sOf4xxMs6Ba65hLUIVrBEpN +46XN2NwEyzi2x4J00KfJgGghwNQjFhk0IRIlJ0ygFzGy46QR2j4AzW9PPs4B2lC6 +NkbgvM0O1Bju+cgpKObQG3mCOHQTDXmLMN8Sr9EfZxvvmzQNF/ijFPR6cs/rJmAf +kWOpaEWRul95rs5cZtzYXvhiHVM2FTJs7/hvJIuyhjCFkJP4yppOFsLNCDLwF4lo +Uf2yrrLhqcO6pHc= -----END CERTIFICATE----- diff --git a/test/certificates/wrong-host.pem b/test/certificates/wrong-host.pem index 785af3e2f4..5cb119b72f 100644 --- a/test/certificates/wrong-host.pem +++ b/test/certificates/wrong-host.pem @@ -1,49 +1,52 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAthxinLqUjedrn5/5rQ//P1GoKVssNg28mEXDLAWNISM57PF9 -f1mZZVeD86DuGuCN77caUhN62sjWVX+ipexn2Lwaq0tpiXGWK3BwdJFfeqxxO8mp -sKMFZmgl4rAjIzGxPM3Ql/qchX4iwn8nVWB+Fm4U+N+pIR0Lhx9sRe9ysGvhLPXa -bPWqWhzkp3/hdt6JALxYrhHkIFhXkDq8rU+K97SpXrg72hNlQA+p+LZVu1WvDUcR -VefaTvq5an9HN0ItO3eQc5jO6Gsezvhvuwkg6vGCYQ6gkp1nW0uTeI0Wcs1PVUC1 -U1l6GzI6huhdOKSgukUXL84yrfy8fy0AbSGHrQIDAQABAoIBAFeTkfa2IW+WjWKf -v6WyzjiIj9qHjlzWQU5nKiM27jYz5wzj20rNb1/VdM7KIwdI2ukfQGidFpU1RSGr -ti+d3xjS6O5cXz3qImH0ehgMuwJXAENUySZ5V0T2q9V2iAdKQ+YuQfR8YB4wWQ34 -sRU1SJ2Hxc0jXgXfHmaWPW7qZlihTl3lMexkkezezd2DtM7m6GlUip3oqLW2QS1t -wQU8bU+Cdvl6d3+xqS25W5ASd9Okz7ql7ytFLpM/A2EoWRYJxYrGVwgOCqUrH3N2 -AjXfPEQT/ZCspFzCrZ0eKr6EzZoz0V6cPAdrB/QNCtnO2qOy78OIx/eb5LzFMUxC -axJoxd8CgYEA/F5+b1LSXl5JijDZxKj0usRcoAAHCdwJpZtLb7RmYuOBh8daStDr -OPDQWeD+R80D9CRVa9NBzLp537G2dGULHyfUPH1cOeaPf1Dn1tRSpN82o/IfsPN7 -tQtOu0TIlTNl1lbcOiJ98Y87qlATKMFAUYnSnLsZRbZnTCZx5L6bvCMCgYEAuLsf -J3nBMBpYSserICylnedWYn+DXlsLD+gmcCwXruRxp/MmdJLt5tMZZtlbQMhJmrdA -dn2CF0ZwacG4wC85vB405aCr1VmJWdn+gKO8wAfQDkya4bhow2iMbEtX61OPt1L2 -If97qW9b5jTo/xRNUoL9cBvBgDoQlkWi/CioQe8CgYBTLFVhHRul7E8yUx1COijF -8PdR6BBpyHIJeV/oRb1EtBQ5ipMQe0A6uOsB5CwJv+CgsuTQL4TNE1wdRDWMsMx0 -jSzebrZZgsoiPKjb3YgLPGGGsMKPD//iUAK3p1iwC4txk5jrM/jsBre0TsWxtdcb -yF94NhWDKzVqHHWG3Ob4nwKBgQCNx3f6uTSvcZjQE/zf3cRis5mWUV2G/oM3+yn9 -L6ohnc0pZLHgCKC0ZtJ5IFssFkx/hSPhjSRaLsK6OGdOgTBjlB9vGein/2cuYeQ1 -4PVNwPFK+DprATjOuSAFQbJBt8l2nyKvJ0FG4mP7BCLLG07ZBBX1hCf3/Rib7OhR -dfblWwKBgQCtSs3ADkNpXzxh8XufKVDWKuTmBsH15HPPk7coem4K0FwiIZ8ZwE37 -tTtqOHx/wsSqGs6CFr0UW3iS9uRjKrEUCtVWxl/nJGYQYDN+H1Iac8FEEqD2d+5c -VKpULLKMZjfISMhV/QOQMp17wcRFZ5i3QPq6faQA78ogNxuaBAQvLQ== +MIIEowIBAAKCAQEA6PnNveV+f6FvvClQFMlur4j7ZK3RQHEIIRVDOiuOvpIvWzti +oEfQSjfTJjuggcsmWI+gk08ntXhk+6qqBaXSM2FzD2KeaXEJ7kMVujF9f8N++SDb +QX73aTtKjifvfW8IhbtRYJ96njd6dACE21lmm3Nraub1JMF3pF3GyKglSXqsslet +hcEHGhsBv8CJm/J/c+WEfwXWT42Vrik3FLM72zjtw067+f+MftX5CjfAqAl5r0xT +/g7HwPYLQByBuIyAYmmVsb6ejp7r31BqAFGzFeaInsqqVmz8HUCaqa8Zk1enZnmh +4/H821D4n4r/aWFWovWzJkIPp1soNMUU81bHSQIDAQABAoIBAAC1yDSAt1C8xXop +lxKlJYb38Co3pGhhn9B3/980xEfc6rOIvA14gpBDWMuoSV4z6A9Dis4AIwMY1Zf1 +xnRjc79P1/mvR4PTQiA9iJqrbXI+/otUWA68TBVARsMlqIN1m+1Ka55Thhxm12L0 +oHMJs/gb0zM9dnhQ9aQk3Ab/CjQN3+0+g9319Z7F4hYgM9Hr3GvElFlyeaF28g7u +1jT0zPr0NVF5XR0ifIit1Q754xSDotMPzMcG10ESEJQ4pfXsX/88k5NP+vI91sY5 +0Ijg2rUfHaCcxukjwn2AoMcsCBZuWAorYRrjIXvoX5h0ngllCFRwYs0HFgISA1rd +RmcieaECgYEA9rxQ8sax100ioqoVbEudT0QmX1/H/x9Rw4iWivDNuwxOJawWyTMj +gszPe/UzK5QgKQhHRJPPzIfqOYHMrcqzM2bqyAiZijExDiP3p4/xbjt58I4XF4Uc +pG7dooHxq1jSwHqvd9nfcwNUmMoRDGzV45ISgpCkDDVFzZKz3X8CVPkCgYEA8bk5 +h9Vjqy1oDQz3wnta1k8lM9OIEtww5djPsJIaxV43Ait9rtqYiaS9dAk7nn738Jln +TxOWFzYS/zGvZPqOG9Ftvhp+x9NKmgtVOL1qF2MkL1KBj7hssQ6s8VzZnQ4SPHNs +QWhJz/ZJRC2iVF91seajcWqCF8A75dgMY3cMqNECgYAdtz50jtOaX5LdTmi4Gz89 +7bJFaE64/jelugyPfUL51RiQVvKDluIe/bW7cyOPiw54gqO6saakNnZSKLzS7Ye5 +mBqMruR3DUegMVrBVoe4Q/eCrko/retuLmAJE2dcwJzZS61YXOgZfPwyTpvRCEaW +WuBZ0zu+sKfQg2ugMIzCWQKBgHGkTirRJMGGYGO6VATn74XPwcLC0Tdks8xriQEP +P2zI5X2sqrL47DvR6ovSB2h1cuV3iX1AzRBuiLHXTwlfTk4/wKNeW3pgmLMhXtiF +HIqQPqPM20KRRvBa4O28ZEaVJferoBqECCewNzPJbIbUNkYEE5UvqKe35bEiSHi+ +sIHxAoGBAJRC0MA6gFhXwoj/LM1wF5pVUqqm8QXSXKPGDnW7HEuFSIA2dY1UtDvC +q8tZ5cwN4VBWQrxoFN99RUqyOqXq3sH/sdDYduqMvO+FKJknkzitPDiowCVi/uu4 +b8fOQPejGUXHVgAuVVTTrUS7MIy4Uy43S2+Sn/kfxUKVrphoNbKy -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIIDtTCCAp2gAwIBAgIBAzANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER +MIIEJjCCAw6gAwIBAgIBAzANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER MA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNV BAoMB01vbmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMg -VGVzdGluZyBDQTAeFw0yNjA2MDcxNjQ2MzRaFw00NjA2MDMxNjQ2MzRaMHwxCzAJ +VGVzdGluZyBDQTAeFw0yNjA2MDcxODUzMjBaFw00NjA2MDMxODUzMjBaMHwxCzAJ BgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazEWMBQGA1UEBwwNTmV3IFlvcmsg Q2l0eTEQMA4GA1UECgwHTW9uZ29EQjEQMA4GA1UECwwHRHJpdmVyczEeMBwGA1UE AwwVd3Jvbmdob3N0LmV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEAthxinLqUjedrn5/5rQ//P1GoKVssNg28mEXDLAWNISM57PF9f1mZ -ZVeD86DuGuCN77caUhN62sjWVX+ipexn2Lwaq0tpiXGWK3BwdJFfeqxxO8mpsKMF -Zmgl4rAjIzGxPM3Ql/qchX4iwn8nVWB+Fm4U+N+pIR0Lhx9sRe9ysGvhLPXabPWq -Whzkp3/hdt6JALxYrhHkIFhXkDq8rU+K97SpXrg72hNlQA+p+LZVu1WvDUcRVefa -Tvq5an9HN0ItO3eQc5jO6Gsezvhvuwkg6vGCYQ6gkp1nW0uTeI0Wcs1PVUC1U1l6 -GzI6huhdOKSgukUXL84yrfy8fy0AbSGHrQIDAQABo0UwQzAgBgNVHREEGTAXghV3 -cm9uZ2hvc3QuZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUu4w3IJMJ+m356S6yIsSv -aiYwZ+EwDQYJKoZIhvcNAQELBQADggEBAHwgMdOsr7myp2O5P2pHLPiUur75H/vK -P/l3asgejFngVDecpJfMVOhNbqeAI7KY8l3fqklRSJXWQ6cfBnXJSoBO5TKF2kSq -DXYfuVHX+Yw7DZvIZ2Kt7ffKR4ljUPqXB1lrKOiTBNs6S++Zzv9rxDJUd/91gcRz -sDZwx/ZHvXyksZC3B8ssA/V1qsKBv/apLE/VM7yTO0FyHhw75OvodZmhxVTuGsn1 -+aQ1xxxBbN3UBA9TPGVSNADGJ7B269jnfNeeRKRDnBxN07iFfc031yDEbvdFr/6K -egMB6Tv0CkupJ9YwTgp63MXW6Z6RebU8TRKggHuFzYUDMKVZrMTpUOs= +MIIBCgKCAQEA6PnNveV+f6FvvClQFMlur4j7ZK3RQHEIIRVDOiuOvpIvWztioEfQ +SjfTJjuggcsmWI+gk08ntXhk+6qqBaXSM2FzD2KeaXEJ7kMVujF9f8N++SDbQX73 +aTtKjifvfW8IhbtRYJ96njd6dACE21lmm3Nraub1JMF3pF3GyKglSXqsslethcEH +GhsBv8CJm/J/c+WEfwXWT42Vrik3FLM72zjtw067+f+MftX5CjfAqAl5r0xT/g7H +wPYLQByBuIyAYmmVsb6ejp7r31BqAFGzFeaInsqqVmz8HUCaqa8Zk1enZnmh4/H8 +21D4n4r/aWFWovWzJkIPp1soNMUU81bHSQIDAQABo4G1MIGyMCAGA1UdEQQZMBeC +FXdyb25naG9zdC5leGFtcGxlLmNvbTCBjQYDVR0jBIGFMIGCoX2kezB5MQswCQYD +VQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENp +dHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMM +EkRyaXZlcnMgVGVzdGluZyBDQYIBZDANBgkqhkiG9w0BAQsFAAOCAQEAoRmIKS3Q +X4xrluZfFsdK+RtK/adFYdmIVAWEajBgQEBJGfyrhQJCGu+mysaIFo8ITPEApliE +xr4myEOjfSABBPQle1W8v6qCoXo9+D9Gk//Kc6vYjvyZHJw/SPUkcYlAngLwJnse +8iHSfpCkFIDH2m+iXMgoncgaW5ALdO6OBuRHz30JJSfTmcDp42zqE3BHvWM0qZSI +5Cj+DWCITXfpTUBwOKdE+TL0eGARck8x5xH99dUfJXJbzwlOXYpNeAOB7hpmcuUF +QlT7Mr+zvD/lsPRGKZCJFKcGMCEVQ4an6+XCETUNLofM7cAlBZx6tgNEP2QJA9lL +t0F/hOBFGS072Q== -----END CERTIFICATE----- From 4a346f901514c0089a15fdb4442684cbe6283c41 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Tue, 9 Jun 2026 09:03:00 -0500 Subject: [PATCH 14/28] PYTHON-5040 Use self-generated Drivers Testing CA and separate KMS server cert MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Revert ca.pem to a freshly generated Drivers Testing CA with only basicConstraints:CA:TRUE (no keyUsage, no SAN, no SKI/AKI). The macos-trusted-ca.pem approach failed because that CA is only pre-installed in the macOS system keychain on MongoDB server CI machines, not on Evergreen driver CI hosts. Any CA cert with SAN or SKI/AKI that is not in the macOS system keychain causes Apple SecTrust (used by MongoDB Enterprise) to attempt OCSP on the CA cert itself, returning CSSMERR_TP_CERT_SUSPENDED. The minimal CA profile (basicConstraints only, no extras) matches the original 2019 test CA that worked on macOS for years. Add server-kms.pem: a server cert WITH AKI (issuer form) used exclusively by kms_failpoint_server.py. Python 3.13 / OpenSSL 3.x requires AKI on non-root certs when verifying the KMS server. Since kms_failpoint_server.py is a Python HTTP server (not MongoDB Enterprise), its cert is verified via OpenSSL — not Apple SecTrust — so AKI does not trigger OCSP issues. server.pem and client.pem retain no AKI so MongoDB inter-node and x509-auth TLS continues to work on macOS. --- test/certificates/ca.pem | 39 ++--- test/certificates/client.pem | 87 +++++---- test/certificates/crl.pem | 20 +-- test/certificates/expired.pem | 96 +++++----- test/certificates/gen-certs.py | 213 +++++++++++++---------- test/certificates/password_protected.pem | 89 +++++----- test/certificates/server-kms.pem | 52 ++++++ test/certificates/server.pem | 93 +++++----- test/certificates/trusted-ca.pem | 40 ++--- test/certificates/wrong-host.pem | 96 +++++----- 10 files changed, 450 insertions(+), 375 deletions(-) create mode 100644 test/certificates/server-kms.pem diff --git a/test/certificates/ca.pem b/test/certificates/ca.pem index b895b13102..eddd5531e4 100644 --- a/test/certificates/ca.pem +++ b/test/certificates/ca.pem @@ -1,22 +1,21 @@ -----BEGIN CERTIFICATE----- -MIIDkDCCAnigAwIBAgIBZDANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER -MA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNV -BAoMB01vbmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMg -VGVzdGluZyBDQTAeFw0yNjA2MDcxODUzMjBaFw00NjA2MDMxODUzMjBaMHkxCzAJ -BgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazEWMBQGA1UEBwwNTmV3IFlvcmsg -Q2l0eTEQMA4GA1UECgwHTW9uZ29EQjEQMA4GA1UECwwHRHJpdmVyczEbMBkGA1UE -AwwSRHJpdmVycyBUZXN0aW5nIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB -CgKCAQEAstE5hAPpY4cVlDdQEx6L4Hg4ZTFFrovlB1f5I7lyZxplyOCU+jLRvdyj -pta346xDEBZRKHenFEWtkUZwEklXv3ZxHGANxnz5POiyPQvkJXXfE431Umtnl/T3 -/zDjTqspTQTbvdvW1+Qiy6rIjZUGUqYuzwe9P+YVH4tBL7yIOWbm8vTnu5xLXp0o -Ww707dIxIEIp7hD5P+At86oFk6dy6GhEkNiall6rNXg9gsCrF2kF0eH24/URm0F/ -mS2c7S2TIlZD0llD6MYtmo/KWLpLZLBSzLO6/F+t5r9nfXSJhXWcIWVs2o0T2sLh -XIJFKJsXwykZ3WaAj+WdoBYCueiyuwIDAQABoyMwITAPBgNVHRMBAf8EBTADAQH/ -MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAdEL/OI5F5ddSoywA -P6Rt/fNPj+skMI7IfUia7Mf26KXR6WnLXCBidhGRdoVyzsXC6KvGAMQ0zY8fOQVe -T3/a7JqvwqcmSURGgNKFVZg8rgdcbhAnORmMePLpmXK4E8NifBZcNbhLiEVR2/XK -AGt/yTAg0RS+H/1Hg+7Mj8jLm1/7aQFki/s7ip4XyFDj4nMBKnTXB8XLp6BAYGBs -8sCuosOecDKUjdrKVRl/p/vurwwyQHX8mLi3rNSSVYwE432MKs4aFhe5TxxNhWPv -PxlJ9T6pioqDPmTbAvFTBgg5WgqTrlkm/wxJ51YO9OzrEZ+aACb3454Jv8Tw+x5q -fAvsug== +MIIDfzCCAmegAwIBAgIDB1MGMA0GCSqGSIb3DQEBCwUAMHkxGzAZBgNVBAMMEkRy +aXZlcnMgVGVzdGluZyBDQTEQMA4GA1UECwwHRHJpdmVyczEQMA4GA1UECgwHTW9u +Z29EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UECAwITmV3IFlvcmsx +CzAJBgNVBAYTAlVTMB4XDTI2MDYwODEzNTgyMFoXDTQ2MDYwNDEzNTgyMFoweTEb +MBkGA1UEAwwSRHJpdmVycyBUZXN0aW5nIENBMRAwDgYDVQQLDAdEcml2ZXJzMRAw +DgYDVQQKDAdNb25nb0RCMRYwFAYDVQQHDA1OZXcgWW9yayBDaXR5MREwDwYDVQQI +DAhOZXcgWW9yazELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQChHJfF2RcIuLXCZphAO6hVCuRlfT6clQNa5UJ3OMyzyDu8Q0ssNS5J +l7tm2mu7QVkHsnZonzICPW/fGi3a0zpJzVxHG0nrCbGInGHA6MVLJSqCCaMG4gnC +4BnKuD2pdQopuv6zhts5aoxgBSkpVCEe5lfmhIDTDDSprsTKEKBMjwrN2cP/THFR +QwbT8ruVsXm+go/6B3+cX1UXgM4p9xeVJeL5jz+N2S4puU7K0EzZirNcgUcDMZZl +sEigd0EDBvUQiHZei6ifw7y2JWScdXhfj5Pb9PtIr7kepc8Q72jyqWj+cxrObVVg +y1iQbRolJVn3k6edISHm5pNwjjc2laQ1AgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8w +DQYJKoZIhvcNAQELBQADggEBABSBzlbE93kAUd+BVp0AURZTvBiIvtGtwneCQEnc +9brsyX6Jw+zznsl5DyUSUv9QGH49n679ctpGLuFGUpk6LNpjP5Sgwzf+0h4BXFlQ +6dAYY0Coi/vfEXw+IALmKSVE33na2ofO60zDX8mnuj3S6on7TLsnwttV33qRgydb +jF17XMNuGt4uC2QwDxpcY8pEo7Q6liZFuzpAKt7lhSg24+Ujw0q+8mDwJmmqIxMK +URn1yM5KTXkTZY3wyjG41RzC4N9fhjmjcRAqBCElaspp41gqbLxtcwYCUtwLmIvg +3FSqOZPxdwUyV14hL2Iu1SoUCcN90QPVYGGxzrP49QoVoeU= -----END CERTIFICATE----- diff --git a/test/certificates/client.pem b/test/certificates/client.pem index e3198e3365..588c26c7df 100644 --- a/test/certificates/client.pem +++ b/test/certificates/client.pem @@ -1,51 +1,48 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAhox4m8i+hLbia83C39Bvsw6MRIK/D8u0+rPRm9Cmh9Aonf2K -z223wYHs6OhipcowMgkGlTSztuVvVSpSISNyy4RVPKukUV5M3II7aH2+p4H6HFWG -yHvLHIWCDc0vawADtCwCcBoQjJ8gGaYdpBcDQBrIJPtWz/9QYcc2e1Kr+ka/2Lh/ -Dd6JjFqVmSWzHTRUJPN9J9DEsUgpZuRldEGBZmmSzvj2HwoOK2tgMMv2zmykuLIK -mPEO+wgcxQMC/uNIBdQGLsiHrmMkXIE7Ay/X1qR8P3HOhyePyM2MbZnkfbLpIwcc -93EIgK1z4JQn7EO8h7LTMRUqs7I8kv08u1zMawIDAQABAoIBAAOVAOBjo/ARzv7n -bwBFe47h4adYDP01SDwHgYbGboOigWEXGO2Ufqnk9P9lJ9AZ0hFsyyqv5oDxuABM -560ApCKDjRgmtpkKvOR+6KPVhS4KAiCfSpd6RDyn2AnFGlz/W5AKF5mZqUY1IgEv -RFznr1KfRl726M7C8/KVOrEDqaqa+lIg8Zvn+fsy6AIvfa3KGQliwpJ898f5Z7Fj -RpjL73biGu2JpHEBVl7OUYNIFehhzERbbmrb+R9Xc6KBwVb2Eukq35M7qtju6MY3 -uNStq8kmfLEI8vrcNg5EgHM2NW/AT341ux9zP9phk4hPP9wXrn3NOUF67c2tjZxF -NZRm8NECgYEAuZlZorjrDAVDKGrwpXs1sa3OK5XCCXQ9Plb8gadxl+PQFid/qIOE -7Ddgz2HUVorMgZ5A8oZ4uGviTdyZbS5VsxF00OjjM8ayTIDK9C3OhkmhqTj6Rf42 -XCDaoemueH/m4ynr47FPzqEXM24AbQBnQFiqLjzVAtK1IHeOSF9wj8cCgYEAuZXd -fQRWD3hVgW0fslFfzYrtTHdr0/P7Agm20YckQGiona+J/NYycv3lF8koQRh8lGtd -bqRY1DXmde5qgrnFzqwOpiraB4r5Y/YYP17vE47MplsT9jjtRm8p7xgx71lvZ4wg -BE1vF5gXfqFYrVDrhfdGc7Wg8N6q9VSDVlw1Jj0CgYB7JrQBcy4TldJQGVWAmFay -hR9OcFqGJ2kT2mhGJ7MKFBHZAXCFgm9Kxhwov0NEAWldgIKb6npj9MH+5Cex+JLI -9QZMMJvBmVBpzvPcPiDRnj30qWf31YyAaRRpZ0NrlYLArOpm9Rp9gwqAB7eknCXm -3m5dq+OzsdiZqHryrtFjtQKBgCZDR88mvbeiz75HiWlybZYrNpG1bX3dp7rb1d2N -R2QgL+OS9ZgzcWNUBY/J4YrKSaUwHataJxZZppJZ/YvGUYoy3zJTU3CKrrB1ZLps -EE6v+nGyBYOWaRVEhhjNnD4E6nsm4NMCRA1RRkbNbUMOlACi4tuobu46enTqX8nG -aQ7hAoGBAI2EkcAymqZg2+sfVMIYfdPmM3p6D7jWKRn6dnSU2H//eLRjRZX2I7Sh -V6hOYjdZm2HhtodePXu9IceZqgXyMdEB9TgaBAvJnEvUE1xHRCJK8RL22vDoeW77 -Ig/BNEmsh2SgWFEo7Q0ZImObOcqbP9YLNZRjLeI0+aeoti8olTjt +MIIEowIBAAKCAQEA7pQTnTiV2W8/EzkMWjSUZmebkOh5bfUM2oX+bBi8fhwMDlRv +SlD2iZGQYmwHT2j8WGVIjjsbRiBQiFCq77HWTtea+co+4HzUnqKGSX4N7i+ef+sV +xZAOQEZABQjVmpTnqw8y6zwPg/IetPxBVHX/VfyzN0QlURrUYHTFuhathwJVFFzw +Vjgv2XkWsAtI3eirohXax5ZLfS/ZHCPje1x1iUm5y9kZIicFW2n/0hF12fzIT501 +va9w65Z3FVCQ78jHvpdhTkcbLjEyzNVzDLbRWs/HB8ZM0FpYZXyram8jGgIL15U/ +67f4G/IxRxdkPyPVQwHKEd1c3UYta5EJftfJIQIDAQABAoIBACIWnkbUkvSiZIzG +lfE9mgaXvy6RSOhhHxkKFDQ1xJjwQPi7L7uand9CITMu5EyAX63xqtBHubnnXBpe +DE57Rne1brtKHnnM3EReTHmrvSnPPAJjAJVd4+tjHjqZ7ItNw1w5q7jYuA7ORXzu +nhcHVRhgJus6nWpdPwMZLDdOjjS/5e+Fmn86nqyRbICPDZp85J0bMB/6OTrjV1LH +fcCsWvxtJjc1NCSHSZnBrNjd7vpf/CJhfaYoeu8WcFN9R5Scq66Fcgk5UNX6Lh5M +kAFmtKfgNs0MmJiAvGazrJ0eHSfBFfqOB82T5IfVb+s8i5txPu8yD9sZFyfQjkI4 +petk65ECgYEA+eJX3/ovnBniIRXVv0RRpyU+UQGUQZBWh3R1r48nLW/eWcyaGkP1 +sOoHpFRD8Rt2hK1qzTZPbmb1IqEn7bs4mgGimy7eWx1nBt4XYG97f52s7FaHldxr +jGu+4x5EvTWfmERBpOS3ZDIRf1OmNIoB2H2CIT4BA1xNqzoe25wJUcsCgYEA9Grl +n7N8qPxHbdax0KN5FC4cnern3rMYBzxTiHMYM9jlc8fRqIodQnrq+tyJnQM6TaEr +FKnDfjXbadWo07UMZdv7bejb2ECa0Xugs9vtZv4RuMH+JncDVK9EvsMRuyNP0FF+ +oIF891Mh/J854mTXx5zmlqSX8O+JWOPxdu8WA0MCgYAl8hkmCffw3H1aSNaMlPNR +TnaIFpVM335EU4sLfdGVNMevG0LLekZ09xTx/1nR4zm8LBlr0DN/sGLJP2+wyh1u +RZFLv3JEo9JhWJh0LHm0h10bBojQWQh76mCyXIZTtTDnDnZpc9HlhTTjAPDcSZi+ +J1D7e07sE7g3qDvHXYqMwQKBgQDOZU6Os5S7Zn4zBK+XTdQ69E16FRnEd1v9EDZB +7V8suSXZxY0IU8ktkHrJaF5U1prvXv/wLQNGmtgz4Rb139ceVMtXHuI3FScnasxj +1X3+EOKKMFcbyDhp1K+qnzNj4gfOFGNnyrDqcasrlpHc2edVSut1nnwoGz7Sb3pC +QtdF3QKBgCB/C93NkvnBLg8ejDCuidERScLTO4sQsLnlV9DvuqRBkAPrFMBCm0g5 +fha8nNQY2Y9CesblCouwqBcnqIEKi9DNCxjhv3gbw1HPJodsuGvIfSaUD5PbB/+I +NxRPsVzkthdxbVpplXWeyzuIzJiPEDT4e5dGk5I0he0DnnW4yz64 -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIIEEzCCAvugAwIBAgIBAjANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER -MA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNV -BAoMB01vbmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMg -VGVzdGluZyBDQTAeFw0yNjA2MDcxODUzMjBaFw00NjA2MDMxODUzMjBaMGkxDzAN +MIIDgTCCAmmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADB5MRswGQYDVQQDDBJEcml2 +ZXJzIFRlc3RpbmcgQ0ExEDAOBgNVBAsMB0RyaXZlcnMxEDAOBgNVBAoMB01vbmdv +REIxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxETAPBgNVBAgMCE5ldyBZb3JrMQsw +CQYDVQQGEwJVUzAeFw0yNjA2MDgxMzU4MjBaFw00NjA2MDQxMzU4MjBaMGkxDzAN BgNVBAMMBmNsaWVudDEQMA4GA1UECwwHRHJpdmVyczEMMAoGA1UECgwDTURCMRYw FAYDVQQHDA1OZXcgWW9yayBDaXR5MREwDwYDVQQIDAhOZXcgWW9yazELMAkGA1UE -BhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCGjHibyL6EtuJr -zcLf0G+zDoxEgr8Py7T6s9Gb0KaH0Cid/YrPbbfBgezo6GKlyjAyCQaVNLO25W9V -KlIhI3LLhFU8q6RRXkzcgjtofb6ngfocVYbIe8schYINzS9rAAO0LAJwGhCMnyAZ -ph2kFwNAGsgk+1bP/1BhxzZ7Uqv6Rr/YuH8N3omMWpWZJbMdNFQk830n0MSxSClm -5GV0QYFmaZLO+PYfCg4ra2Awy/bObKS4sgqY8Q77CBzFAwL+40gF1AYuyIeuYyRc -gTsDL9fWpHw/cc6HJ4/IzYxtmeR9sukjBxz3cQiArXPglCfsQ7yHstMxFSqzsjyS -/Ty7XMxrAgMBAAGjgbUwgbIwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUF -BwMCMIGNBgNVHSMEgYUwgYKhfaR7MHkxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhO -ZXcgWW9yazEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTEQMA4GA1UECgwHTW9uZ29E -QjEQMA4GA1UECwwHRHJpdmVyczEbMBkGA1UEAwwSRHJpdmVycyBUZXN0aW5nIENB -ggFkMA0GCSqGSIb3DQEBCwUAA4IBAQCi1zSezWD8IpIjzj+I6hlXIRbV5twftNkd -nA86NaYfx+k1khoOV99gjALYff4IzCZoDZ027VeqL1mQblh4OM2o7Iirns4G21ka -bpSbjgKs3PbijcWHgWpjnWHL1osQsP/WApaZQbNIyh29F0qDmKm5fgn7eHqX4oTV -DTHzOd+tTVTkM1UHzJnYf1+1IdFwzyTVz2RT5uakuHwpJRTQhQBAdahOZPxFUURN -x7N9s/T7UnAmKHCzl7QFxfN/BsjPb8RxgRP5Rl+lU/WF+MIeK2QiJ7d2jRa9Eewn -v+8kv+HCaER3D5KpjFzM5IFofUF58J7RCZQYf71gK9kqgcIq4jpX +BhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDulBOdOJXZbz8T +OQxaNJRmZ5uQ6Hlt9Qzahf5sGLx+HAwOVG9KUPaJkZBibAdPaPxYZUiOOxtGIFCI +UKrvsdZO15r5yj7gfNSeooZJfg3uL55/6xXFkA5ARkAFCNWalOerDzLrPA+D8h60 +/EFUdf9V/LM3RCVRGtRgdMW6Fq2HAlUUXPBWOC/ZeRawC0jd6KuiFdrHlkt9L9kc +I+N7XHWJSbnL2RkiJwVbaf/SEXXZ/MhPnTW9r3DrlncVUJDvyMe+l2FORxsuMTLM +1XMMttFaz8cHxkzQWlhlfKtqbyMaAgvXlT/rt/gb8jFHF2Q/I9VDAcoR3VzdRi1r +kQl+18khAgMBAAGjJDAiMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcD +AjANBgkqhkiG9w0BAQsFAAOCAQEAambnQsweSB/Ojj4aUzWd2vc6DxkvONlYmVqJ +IGL4xAt01S3e+i3CVYbCLAu1juOyMfcwQwIwX2YCP/Ojm1+9oELow+scHK3jOnRI +bF43XONqrcqyWPCm7OTN0rpjZQ460BwR8ODQaKoLHDRWY93ND83VnbjcNHLfZmzL +vAGUJrdgAW5MMg2sj1mwGmoBxY9LuU3YFdJka98fzx3UlGHbrS1NodyAbIkOE94c +kxkWk60DHbMGeTkuOm0wduKXk7paAz6OIUjzLFhF497KtnXqP3TLED7kurSXOhW6 +bcOQ9ENVAWGaPGH0xhm/66GtMl06dHB7/sN7MtbiQCQOXbm5Nw== -----END CERTIFICATE----- diff --git a/test/certificates/crl.pem b/test/certificates/crl.pem index ec5de0bd5f..f2b6bdf1c9 100644 --- a/test/certificates/crl.pem +++ b/test/certificates/crl.pem @@ -1,12 +1,12 @@ -----BEGIN X509 CRL----- -MIIB2DCBwQIBATANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzERMA8GA1UE -CAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01v -bmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMgVGVzdGlu -ZyBDQRcNMjYwNjA4MTg1MzIwWhcNNDYwNjAzMTg1MzIwWjAUMBICAQEXDTI2MDYw -ODE4NTMyMFowDQYJKoZIhvcNAQELBQADggEBAB6LRmtO+u2zn4IFE/CRdOBsCTsz -tZ8EaZSBP6P+Ag/GeLT4M6CIjHhJV1SUMt2aEAU3JBBye+sKX6Rk1JK6UzEjDnUf -+TRoGFvqh057ujD01LVh9FQpobr0Nsa/Xx4551/Nc91z/khlG5aBrTBoB4I7Q2VB -OeYjdhrAKZ0jc2xEKy6z+vJWAgj0UmSwxjhJ8Qf3xiaPnf9Nqu2UhAv+IwhWMxBC -GrXaJBOhkv9GqtNmnLJrOJoHgoO/MAKvaKi+/YqCH7pCHKt62t2f6ZD0oNuqFZYx -QofmyawIOr6FY2tHQNL2ZN4cVHgQ2X6b4vhJnpNw6tKG4s4niK3MVr7qo2A= +MIIB2DCBwQIBATANBgkqhkiG9w0BAQsFADB5MRswGQYDVQQDDBJEcml2ZXJzIFRl +c3RpbmcgQ0ExEDAOBgNVBAsMB0RyaXZlcnMxEDAOBgNVBAoMB01vbmdvREIxFjAU +BgNVBAcMDU5ldyBZb3JrIENpdHkxETAPBgNVBAgMCE5ldyBZb3JrMQswCQYDVQQG +EwJVUxcNMjYwNjA5MTM1ODIwWhcNNDYwNjA0MTM1ODIwWjAUMBICAQEXDTI2MDYw +OTEzNTgyMFowDQYJKoZIhvcNAQELBQADggEBADAGv1p/woo8UVlvZXdzSJAOeqdv +UaTJTcGr2sR9W9eBQTpOjHHZ1MPTy8Vnruo1po/5CV7HWkJeWrm9JAUgdOyNGUVk +xVP+sGgkC0GzZhUk5gq9jSRtDWYuRFyORBn3Ax3/e0pOoXtvHY8tv+a6ll+RN8qU +N40tKwDbP2zCGi6i59g8kRmR0UVEEKsJ9Ybv4AnpHHfhJ/CPgDn+xIWFS2ZLwQ/M +2K1m6ZjPL4CrIqtkTvED/sXU+rOUiK4NKTc7edkFjuo9L+vaFWnjliXukWT8AXkT +jcdl/XTdDtnm5O/6LJp26G8zPwOUElMO6xaabdrgVw/hunui1Rq71IV6ZLY= -----END X509 CRL----- diff --git a/test/certificates/expired.pem b/test/certificates/expired.pem index 8c9c0ad8a6..c996184342 100644 --- a/test/certificates/expired.pem +++ b/test/certificates/expired.pem @@ -1,52 +1,52 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEA4nSKxBpsnS1QX4PCO3VEEdBcCqHxKU2j4dmY8soANTyva3xs -Q1Mvu7tr+0kDWVMCI/clnMsbCIoLikiNaLXhz84/Ne7WTHkEMr31GPH4XDu6FMxz -g4zydQQ9fuCC0FyxR0KlqBLzVcrC3HIP56MzXLlbCAfCitubti8dHdZdtgC/vbTX -f2LiOG/R0M++6M4Wj+KAEagnV4bn5MiCt4KnZyf2w57ylSorhFHhszEI7YmzHjkW -4czGmHuE50NVPftU09750bFRrnxvlO/wsknER9ZrBqjkbw0E9ezMtoAGwK9Sp8hR -bVGXKBdw4aXG43MLDleaenGGJBeAJPjY76Es6wIDAQABAoIBAC2hSRLRtkAHkPHm -FT2w19n1D47O6c6mR9bq5yBI5rjTdQ9l/1SjjvM3hT8Zi7S0frJriucon9ZdJo0j -KGdIeutKBj+iVAkNu3RUBW6U1zQSjuDA/6eqv3InvBJ0P7enbctLmSCgTOrlE9Wi -oCTPJDrTWI3qLl+Xd61Cmg3Yk4JoDCkPzdWaaTBIwLCfIlgcn6Y9hmM9vxGHKR5P -NGw2pdziXBKwTvE/eM+ducNnWhHbgmG97yaLLzxDl96BQ2768ZdD/eEOpM74sr+a -mo+HyCHAQvcrEyoBGHlk+qdyBBBA2AVUiiuBXx2zlYlsHmgYJBaVnENrQSccWTzg -vkVv0hkCgYEA933L13nL4BQHFKyhRsbHaE/0GOGY/Pe6T8a31jXHqQN4jka44gGP -JD/S6Cfc+jSbiPu2EN0Yu4P8vYiTGIeKeCcD5zsh0Dk/Ht9Lts7hu1UBmVxoOokG -ndR35L7R4FE7LNqXjFO+SNKxhpSXqabUmCLGBswFdAApgU83Q8m5w1MCgYEA6j2a -mw1oRelSeYQlG0eRQ99Y9vUzf5Hb1p44A1F3zQNSzX86L+mpPLF7i7sD7TM+b9J2 -Ik2ClaQ5r1vMH/pkBHrjGHYKU9JIJc/9YOZWMmKcvb9X9/4xs5us/Q0UN255/Lgx -xynjR67NRC70oAdxTi37E+OgVXDkOlheaU2ulQkCgYA5/GxVGQFOiAK8slG7Hnm8 -E/eSGNFae8RYSqvp8YHNNLX7R9Cri0f5a0bEBAr/SHIkny0iOFtCHAOMeMJWHfOw -gRumArHCcpc6aYD43PIAjUMppn/5Lv+w3QYWPys3TnD56mFVjI1pzIuxh4EdS6xF -1Ofm0ch5TExtMp01Mb9nZwKBgEPAhdOLUTnHfv9+5Wy6ip3jIExuJ/MiMUAmi3UK -P2ihKXYe8qmhID5Z565G7Z/STqDxcxIA8WBvG/BI0QX+2qchFEai/eG41P1654L7 -nLr+IvAPRFaKw717rdGT0uElp0sdy+gbiY3WVbD/E+qlvHQsgI8ELAAKozjtDoHO -4kxhAoGAT2zXUOdWDHqqC/Kezjjuz22JvLD1IZ5B7k/Y15KX0OIZ0W2pXY4isFhC -hsbCzYRN5PFqx+Mr+OawjzO+CaW2wnLK33a4QrooY0NJ/tHsXYWFAA00asAtNlp2 -i0SwTRuvmb/M08m1338+HAFdpQrhlz4uhtbeA4ZEGRjUKCg0OqU= +MIIEowIBAAKCAQEAuLxHQmnfos7kQY+erHO16c9WKBlU1KexkZMDspR+dUUVbO1O +bT9UXbCWzFafZAaHZpUlEOl41T5IydSirFKrbhX2HXXydlW6s5pCvAOXeD/UQqM7 +SOfetrCHhWHlVdJlVcMblyei3tQutr+KNuUUTOv0YYC/5gc3EXk2LvSZzvr2+VVW +5Pz9812gWLu6WrqqE7/N8K0tM62PxhFiMQNGyDysnhyWSJtvf8OpJyk2Vr8NXg1G +GVbR/7zEniG8QPp/e1AnIm5AKuljWqPirWMClKa6OMI9Daw2uwlTucJjWGMVg1ql +YBX9ktUajVkdqKp+gPvnCKPXwMmy1ZQb4BHqiwIDAQABAoIBAAEGqq6nv+I7m/Dx +R0RV8DC4QhY+7cWwmL/iPScExB8Kny/XsZPRwjoy/ONtp7z6fE4JjgcmBNHKYsUc +NTsXynP2E0Pen9Yga8ULmktJCdJVKGymU3H4N7h0CoynGor7fCyZxNF2GuV58Dh7 +n9zmMNKsjNLt0CMK7zddoPtpyGDp6YDHQmOMP9TqAx9QNKlKu1vd0AcjliNmfvH2 +QkvmhAfl8CaioOGe0qwjceEo+vkjdAjVyCzGyLxy9CUAabBXqkTRlx1wI42IuBrf +/tfH5IJFQotEd6rxj7hsjn2lhFKkWAmeVAX0NbS39a9ARyBtKdGH87wkMYdd47xw +RhBxrCECgYEA6+qpBHfuWNwwdYGbP2JTIVTpzqSaoY1pwJnIEXLROAoHY0FuVhrZ +6EzT/zhiUBOianEujgUkz/j934G6be1mhOD3w2Xn15XCIl9VWIGaDwNVBkh4fROp +GFkLfELel0B7KaWj7ShACn88oRgStm8JoQ+n6iKvDSbm1vBmJuhzprUCgYEAyHY5 +kSevbtJc90VQUohNwf63IGLZYioJ5VtDgdyRwRbYarePpUdIWuseEZhet8LP2vx4 +u+fqnUp69gWBi692ArPDVlqWlzrwpoq1a2If9NwH/LXoCYieyJc/TuHJF/ANa+R9 +TR5aaJPUrKaIP1helTfRsOBhVMGuChT/L4oW1D8CgYBFk29FYhlpG4cvIIoop1bc +/a32w5TXEF2f77qRastJO6vyGdnwivq5B+991aMo+qFrwvV37QxuSYCV6iyRPvJ9 +PdvURLmbWw9mE7eX4qEMzG7G65idSq8T/y7j9tSuxtWL8s3lo3k/n0bCO9dI9nZg +ib17z77QoihyO3PlBakWAQKBgDeM030PA0VxlAONuKl2Th3xKOwXmGfkgGOHe9iT +t+xLGWPRREQn0bwoJWf40l6X5KOpjQd9R/2YcyST+Acuc0RibkISzmJQGfn8vDNq +uLJQ+wGjow5pRp8NkqSYWvKAOifo5HQnciRCuw+xAlaTdXpiQoCCXVZwaXsvwFt7 +J8JfAoGBAOu9qgOKKz4miax54EaE3Ecko5WqkIF0JSKaBgoRaWZ+noMURWlAWOvo +6KbpkMeAYlSfHo18ILljNVf4owPiHpVy97L5TvApWZWv+O5/2lscVfXmYV2MLC6l +n2eG9x9WRBpBupmfJ6W6943LdGLlDxx+b+Tg0coMyFY5ofmpE1Aq -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIIEJjCCAw6gAwIBAgIBBDANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER -MA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNV -BAoMB01vbmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMg -VGVzdGluZyBDQTAeFw0wMDAxMDEwMDAwMDBaFw0wMTAxMDEwMDAwMDBaMHAxCzAJ -BgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazEWMBQGA1UEBwwNTmV3IFlvcmsg -Q2l0eTEQMA4GA1UECgwHTW9uZ29EQjEQMA4GA1UECwwHRHJpdmVyczESMBAGA1UE -AwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4nSK -xBpsnS1QX4PCO3VEEdBcCqHxKU2j4dmY8soANTyva3xsQ1Mvu7tr+0kDWVMCI/cl -nMsbCIoLikiNaLXhz84/Ne7WTHkEMr31GPH4XDu6FMxzg4zydQQ9fuCC0FyxR0Kl -qBLzVcrC3HIP56MzXLlbCAfCitubti8dHdZdtgC/vbTXf2LiOG/R0M++6M4Wj+KA -EagnV4bn5MiCt4KnZyf2w57ylSorhFHhszEI7YmzHjkW4czGmHuE50NVPftU0975 -0bFRrnxvlO/wsknER9ZrBqjkbw0E9ezMtoAGwK9Sp8hRbVGXKBdw4aXG43MLDlea -enGGJBeAJPjY76Es6wIDAQABo4HBMIG+MCwGA1UdEQQlMCOCCWxvY2FsaG9zdIcE -fwAAAYcQAAAAAAAAAAAAAAAAAAAAATCBjQYDVR0jBIGFMIGCoX2kezB5MQswCQYD -VQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENp -dHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMM -EkRyaXZlcnMgVGVzdGluZyBDQYIBZDANBgkqhkiG9w0BAQsFAAOCAQEADH7WYlZY -Mbkn+87kgMhNFk9RDXtGYHxQ29+8PL1lDyqOli1nMVBnh57pq7oBOeUXuqdosFVG -KnQIvUa1EZrT4/y+RaQXzD2xcWbdCzXQj3DT/mFYuwwtI5T6hUCHAw45LcZQxc+t -4xhnssnl7Nm7fnOl1KVkLiQWaEZqZohm7vATvNjRcZaeGS4MxAAERKWbC7wbkfBt -Eqp6h+/GnpBAW4PV/lH6hSemlr7/9UkGrbZbyqkHsOeXwOdmgxkMGUL7M3uuonwa -+XBGXvH8cxzpnmgQvqzvxC5oixJjq3wvNxa/T4T2o1Ez22jNuI8TVri1F1yfjnBs -XstbsY3QF7jg8A== +MIIEKDCCAxCgAwIBAgIBBDANBgkqhkiG9w0BAQsFADB5MRswGQYDVQQDDBJEcml2 +ZXJzIFRlc3RpbmcgQ0ExEDAOBgNVBAsMB0RyaXZlcnMxEDAOBgNVBAoMB01vbmdv +REIxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxETAPBgNVBAgMCE5ldyBZb3JrMQsw +CQYDVQQGEwJVUzAeFw0wMDAxMDEwMDAwMDBaFw0wMTAxMDEwMDAwMDBaMHAxEjAQ +BgNVBAMMCWxvY2FsaG9zdDEQMA4GA1UECwwHRHJpdmVyczEQMA4GA1UECgwHTW9u +Z29EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UECAwITmV3IFlvcmsx +CzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuLxH +Qmnfos7kQY+erHO16c9WKBlU1KexkZMDspR+dUUVbO1ObT9UXbCWzFafZAaHZpUl +EOl41T5IydSirFKrbhX2HXXydlW6s5pCvAOXeD/UQqM7SOfetrCHhWHlVdJlVcMb +lyei3tQutr+KNuUUTOv0YYC/5gc3EXk2LvSZzvr2+VVW5Pz9812gWLu6WrqqE7/N +8K0tM62PxhFiMQNGyDysnhyWSJtvf8OpJyk2Vr8NXg1GGVbR/7zEniG8QPp/e1An +Im5AKuljWqPirWMClKa6OMI9Daw2uwlTucJjWGMVg1qlYBX9ktUajVkdqKp+gPvn +CKPXwMmy1ZQb4BHqiwIDAQABo4HDMIHAMCwGA1UdEQQlMCOCCWxvY2FsaG9zdIcE +fwAAAYcQAAAAAAAAAAAAAAAAAAAAATCBjwYDVR0jBIGHMIGEoX2kezB5MRswGQYD +VQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0ExEDAOBgNVBAsMB0RyaXZlcnMxEDAOBgNV +BAoMB01vbmdvREIxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxETAPBgNVBAgMCE5l +dyBZb3JrMQswCQYDVQQGEwJVU4IDB1MGMA0GCSqGSIb3DQEBCwUAA4IBAQCRdSa7 +JKhp9ezkCKHMsbVEqql0n+5rBmZUK/mf8SYFIlnSNl1q/ME2migPVoDj/zd+Xqk7 +6TbFbhXqVRiXV7+BqVMgY2bMolZG9iXfJ43tBKeFzH0cBOCMUE753mAGg0vEGAmD +z8jUkvD8n34ikTmW5H9BAF1Oz5CMIl9rOp9JHi3CUom6vr2srOqZ4l+DC8p34j6P +zsB1NFiy/ZPNDOf75v5027YtLvcRZ0tgxGU0L7Ccdslh/D17woAmb8XMT5pvMKEv +L4c44LDL0ixcFZOgu+0sMOE5b1Cdsg0gukl/oNXJqOcDFRQUXMbM92yfuuJtBvUs +zeyE7ov1ry/8FCOy -----END CERTIFICATE----- diff --git a/test/certificates/gen-certs.py b/test/certificates/gen-certs.py index 8c339b3acc..41083d31ce 100755 --- a/test/certificates/gen-certs.py +++ b/test/certificates/gen-certs.py @@ -1,18 +1,30 @@ #!/usr/bin/env python3 """Generate TLS test certificates for the PyMongo test suite. -Leaf certs carry AKI in the *issuer* form (DirName + serial, no keyid). -Python 3.13 / OpenSSL 3.x requires AKI to be present for chain building. -The issuer form satisfies that requirement while avoiding the *keyid* form, -which would enable macOS SecTrust's keyid-based chain verification and trigger -its hard-fail OCSP check (CSSMERR_TP_CERT_SUSPENDED) against test certs that -have no OCSP URL. MongoDB's own jstests/libs certs use the same approach. - -The CA cert carries keyUsage (keyCertSign + cRLSign, critical), required by -Python 3.13 on Windows (OpenSSL 3.x enforces keyUsage on CA certs). - -Using Python's cryptography library gives precise control over extensions — -in particular it lets us add AKI without OpenSSL 3.x auto-adding SKI. +Two classes of leaf cert are generated: + + MongoDB certs (server.pem, client.pem, password_protected.pem): + No AKI extension. MongoDB Enterprise on macOS uses Apple SecTrust with + kSecRevocationRequirePositiveResponse. When AKI is present, SecTrust uses + it to identify the issuer, then attempts OCSP. Because our CA is not in + the macOS system keychain on Evergreen driver CI hosts, OCSP fails and + SecTrust returns CSSMERR_TP_CERT_SUSPENDED. Without AKI, SecTrust cannot + identify the issuer and skips the OCSP attempt. + + KMS certs (server-kms.pem, wrong-host.pem, expired.pem): + Carry AKI in the issuer form (DirName + serial, no keyid). These certs + are verified by Python's ssl module (OpenSSL), not by MongoDB Enterprise. + Python 3.13 / OpenSSL 3.x requires AKI on non-root certs. The issuer + form satisfies that requirement. Using the issuer form (not keyid) avoids + providing a keyid, which would separately enable macOS SecTrust's + keyid-based OCSP lookup on any path that does use SecTrust. + +The CA (ca.pem) intentionally has only basicConstraints: CA:TRUE and no other +extensions. The original test CA shipped in this directory (from 2019) used +exactly this minimal profile and worked fine on macOS. Adding keyUsage, +subjectAltName, or SKI/AKI to the CA cert causes macOS SecTrust to treat it +like a leaf cert requiring its own OCSP check, which then fails +(CSSMERR_TP_CERT_SUSPENDED) because the CA is not in the system keychain. Usage: pip install cryptography @@ -29,7 +41,7 @@ try: from cryptography import x509 - from cryptography.hazmat.primitives import hashes + from cryptography.hazmat.primitives import hashes, serialization from cryptography.hazmat.primitives.asymmetric import rsa from cryptography.hazmat.primitives.serialization import ( BestAvailableEncryption, @@ -62,12 +74,9 @@ def cert_pem(cert) -> bytes: def aki_from_ca(ca_cert: x509.Certificate) -> x509.AuthorityKeyIdentifier: - # Use the issuer form (DirName + serial) rather than the keyid form. - # The keyid form enables macOS SecTrust keyid-based chain verification, which - # then triggers hard-fail OCSP (CSSMERR_TP_CERT_SUSPENDED) because our test - # certs have no OCSP URL. The issuer form satisfies Python 3.13 / OpenSSL - # 3.x's AKI requirement without providing a keyid, so macOS falls back to - # name-based chain matching and does not attempt OCSP at all. + # Issuer form (DirName + serial, no keyid). Provides the AKI that + # Python 3.13 / OpenSSL 3.x requires without including a keyid that would + # separately trigger macOS SecTrust's keyid-based OCSP lookup. return x509.AuthorityKeyIdentifier( key_identifier=None, authority_cert_issuer=[x509.DirectoryName(ca_cert.subject)], @@ -85,32 +94,30 @@ def server_san() -> x509.SubjectAlternativeName: ) -# Canonical names — kept stable so tests that hard-code DN strings keep passing. CA_NAME = x509.Name( [ - x509.NameAttribute(NameOID.COUNTRY_NAME, "US"), - x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, "New York"), - x509.NameAttribute(NameOID.LOCALITY_NAME, "New York City"), - x509.NameAttribute(NameOID.ORGANIZATION_NAME, "MongoDB"), - x509.NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, "Drivers"), x509.NameAttribute(NameOID.COMMON_NAME, "Drivers Testing CA"), + x509.NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, "Drivers"), + x509.NameAttribute(NameOID.ORGANIZATION_NAME, "MongoDB"), + x509.NameAttribute(NameOID.LOCALITY_NAME, "New York City"), + x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, "New York"), + x509.NameAttribute(NameOID.COUNTRY_NAME, "US"), ] ) SERVER_NAME = x509.Name( [ - x509.NameAttribute(NameOID.COUNTRY_NAME, "US"), - x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, "New York"), - x509.NameAttribute(NameOID.LOCALITY_NAME, "New York City"), - x509.NameAttribute(NameOID.ORGANIZATION_NAME, "MongoDB"), - x509.NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, "Drivers"), x509.NameAttribute(NameOID.COMMON_NAME, "localhost"), + x509.NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, "Drivers"), + x509.NameAttribute(NameOID.ORGANIZATION_NAME, "MongoDB"), + x509.NameAttribute(NameOID.LOCALITY_NAME, "New York City"), + x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, "New York"), + x509.NameAttribute(NameOID.COUNTRY_NAME, "US"), ] ) # Attribute order must be CN→OU→O→L→ST→C so that MongoDB's reversed-order # x509 username string is "C=US,ST=New York,L=New York City,O=MDB,OU=Drivers,CN=client" -# (see MONGODB_X509_USERNAME in test/test_ssl.py). CLIENT_NAME = x509.Name( [ x509.NameAttribute(NameOID.COMMON_NAME, "client"), @@ -124,18 +131,22 @@ def server_san() -> x509.SubjectAlternativeName: TRUSTED_CA_NAME = x509.Name( [ - x509.NameAttribute(NameOID.COUNTRY_NAME, "US"), - x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, "New York"), - x509.NameAttribute(NameOID.LOCALITY_NAME, "New York City"), - x509.NameAttribute(NameOID.ORGANIZATION_NAME, "MongoDB"), - x509.NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, "Kernel"), x509.NameAttribute(NameOID.COMMON_NAME, "Trusted Kernel Test CA"), + x509.NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, "Kernel"), + x509.NameAttribute(NameOID.ORGANIZATION_NAME, "MongoDB"), + x509.NameAttribute(NameOID.LOCALITY_NAME, "New York City"), + x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, "New York"), + x509.NameAttribute(NameOID.COUNTRY_NAME, "US"), ] ) # --------------------------------------------------------------------------- -# 1. Drivers Testing CA +# 0. Drivers Testing CA — minimal profile matching the original 2019 cert. +# Only basicConstraints: CA:TRUE. No keyUsage, no SAN, no SKI, no AKI. +# Adding any of those to a CA cert that is NOT in the macOS system keychain +# causes Apple SecTrust to treat it as a leaf cert needing OCSP, which then +# fails (CSSMERR_TP_CERT_SUSPENDED) because the CA has no OCSP URL. # --------------------------------------------------------------------------- print("==> Generating Drivers Testing CA...") ca_key = make_key() @@ -144,34 +155,21 @@ def server_san() -> x509.SubjectAlternativeName: .subject_name(CA_NAME) .issuer_name(CA_NAME) .public_key(ca_key.public_key()) - .serial_number(100) + .serial_number(480006) .not_valid_before(NOT_BEFORE) .not_valid_after(NOT_AFTER) - .add_extension(x509.BasicConstraints(ca=True, path_length=None), critical=True) - .add_extension( - x509.KeyUsage( - digital_signature=False, - content_commitment=False, - key_encipherment=False, - data_encipherment=False, - key_agreement=False, - key_cert_sign=True, - crl_sign=True, - encipher_only=False, - decipher_only=False, - ), - critical=True, - ) + .add_extension(x509.BasicConstraints(ca=True, path_length=None), critical=False) .sign(ca_key, hashes.SHA256()) ) (SCRIPT_DIR / "ca.pem").write_bytes(cert_pem(ca_cert)) -print(" ca.pem written") +print(" ca.pem written (subject:", ca_cert.subject.rfc4514_string(), ")") # --------------------------------------------------------------------------- -# 2. Server certificate — serial 1, revoked in crl.pem for test_tlsCRLFile_support +# 1. Server certificate — serial 1, revoked in crl.pem for test_tlsCRLFile_support +# No AKI: presented to MongoDB Enterprise (Apple SecTrust on macOS). # --------------------------------------------------------------------------- -print("==> Generating server certificate...") +print("==> Generating server certificate (no AKI)...") server_key = make_key() server_cert = ( x509.CertificateBuilder() @@ -182,7 +180,6 @@ def server_san() -> x509.SubjectAlternativeName: .not_valid_before(NOT_BEFORE) .not_valid_after(NOT_AFTER) .add_extension(server_san(), critical=False) - .add_extension(aki_from_ca(ca_cert), critical=False) .sign(ca_key, hashes.SHA256()) ) (SCRIPT_DIR / "server.pem").write_bytes(key_pem(server_key) + cert_pem(server_cert)) @@ -190,9 +187,34 @@ def server_san() -> x509.SubjectAlternativeName: # --------------------------------------------------------------------------- -# 3. Client certificate — serial 2 +# 1b. KMS server certificate — serial 5, with AKI. +# Used by kms_failpoint_server.py (port 9003). Verified by Python's ssl +# module (OpenSSL), NOT by MongoDB Enterprise — so AKI is safe here and +# is required for Python 3.13 / OpenSSL 3.x chain building. # --------------------------------------------------------------------------- -print("==> Generating client certificate...") +print("==> Generating KMS server certificate (with AKI)...") +server_kms_key = make_key() +server_kms_cert = ( + x509.CertificateBuilder() + .subject_name(SERVER_NAME) + .issuer_name(CA_NAME) + .public_key(server_kms_key.public_key()) + .serial_number(5) + .not_valid_before(NOT_BEFORE) + .not_valid_after(NOT_AFTER) + .add_extension(server_san(), critical=False) + .add_extension(aki_from_ca(ca_cert), critical=False) + .sign(ca_key, hashes.SHA256()) +) +(SCRIPT_DIR / "server-kms.pem").write_bytes(key_pem(server_kms_key) + cert_pem(server_kms_cert)) +print(" server-kms.pem written") + + +# --------------------------------------------------------------------------- +# 2. Client certificate — serial 2 +# No AKI: presented to MongoDB Enterprise during x509 auth. +# --------------------------------------------------------------------------- +print("==> Generating client certificate (no AKI)...") client_key = make_key() client_cert = ( x509.CertificateBuilder() @@ -220,7 +242,6 @@ def server_san() -> x509.SubjectAlternativeName: x509.ExtendedKeyUsage([ExtendedKeyUsageOID.CLIENT_AUTH]), critical=False, ) - .add_extension(aki_from_ca(ca_cert), critical=False) .sign(ca_key, hashes.SHA256()) ) (SCRIPT_DIR / "client.pem").write_bytes(key_pem(client_key) + cert_pem(client_cert)) @@ -228,7 +249,7 @@ def server_san() -> x509.SubjectAlternativeName: # --------------------------------------------------------------------------- -# 4. Password-protected client certificate (same cert, encrypted key) +# 3. Password-protected client certificate (same cert, encrypted key) # --------------------------------------------------------------------------- print("==> Generating password-protected client certificate...") (SCRIPT_DIR / "password_protected.pem").write_bytes( @@ -238,7 +259,7 @@ def server_san() -> x509.SubjectAlternativeName: # --------------------------------------------------------------------------- -# 5. CRL — revokes the server cert (serial 1) for test_tlsCRLFile_support +# 4. CRL — revokes the server cert (serial 1) for test_tlsCRLFile_support # --------------------------------------------------------------------------- print("==> Generating CRL...") crl = ( @@ -256,21 +277,21 @@ def server_san() -> x509.SubjectAlternativeName: # --------------------------------------------------------------------------- -# 6. Wrong-host certificate (serial 3) — used in KMS TLS tests +# 5. Wrong-host certificate (serial 3) — used in KMS TLS tests (with AKI) # --------------------------------------------------------------------------- -print("==> Generating wrong-host certificate...") +print("==> Generating wrong-host certificate (with AKI)...") wrong_host_key = make_key() wrong_host_cert = ( x509.CertificateBuilder() .subject_name( x509.Name( [ - x509.NameAttribute(NameOID.COUNTRY_NAME, "US"), - x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, "New York"), - x509.NameAttribute(NameOID.LOCALITY_NAME, "New York City"), - x509.NameAttribute(NameOID.ORGANIZATION_NAME, "MongoDB"), - x509.NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, "Drivers"), x509.NameAttribute(NameOID.COMMON_NAME, "wronghost.example.com"), + x509.NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, "Drivers"), + x509.NameAttribute(NameOID.ORGANIZATION_NAME, "MongoDB"), + x509.NameAttribute(NameOID.LOCALITY_NAME, "New York City"), + x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, "New York"), + x509.NameAttribute(NameOID.COUNTRY_NAME, "US"), ] ) ) @@ -291,9 +312,9 @@ def server_san() -> x509.SubjectAlternativeName: # --------------------------------------------------------------------------- -# 7. Expired certificate (serial 4) — used in KMS TLS tests +# 6. Expired certificate (serial 4) — used in KMS TLS tests (with AKI) # --------------------------------------------------------------------------- -print("==> Generating expired certificate...") +print("==> Generating expired certificate (with AKI)...") expired_key = make_key() expired_cert = ( x509.CertificateBuilder() @@ -312,7 +333,8 @@ def server_san() -> x509.SubjectAlternativeName: # --------------------------------------------------------------------------- -# 8. Trusted Kernel Test CA — separate CA, used in CA-bundle tests +# 7. Trusted Kernel Test CA — separate CA used in CA-bundle tests only. +# This is an independent CA unrelated to the main Drivers Testing CA. # --------------------------------------------------------------------------- print("==> Generating Trusted Kernel Test CA...") trusted_ca_key = make_key() @@ -349,12 +371,12 @@ def server_san() -> x509.SubjectAlternativeName: # Verification # --------------------------------------------------------------------------- print() -print("==> Verifying AKI on leaf certs and no SKI on CA...") +print("==> Verifying cert properties...") import subprocess -def cert_extensions(path: Path) -> str: +def cert_text(path: Path) -> str: return subprocess.check_output( ["openssl", "x509", "-noout", "-text", "-in", str(path)], stderr=subprocess.DEVNULL, @@ -362,24 +384,35 @@ def cert_extensions(path: Path) -> str: errors = 0 -for name in ("server.pem", "client.pem", "wrong-host.pem", "expired.pem"): - text = cert_extensions(SCRIPT_DIR / name) - has_aki = "Authority Key Identifier" in text - has_ski = "Subject Key Identifier" in text - if not has_aki: - print(f" {name}: MISSING AKI", file=sys.stderr) + +# CA cert must NOT have AKI, SKI, or SAN (would trigger macOS SecTrust OCSP). +ca_text = cert_text(SCRIPT_DIR / "ca.pem") +for ext in ("Authority Key Identifier", "Subject Key Identifier", "Subject Alternative Name"): + if ext in ca_text: + print(f" ca.pem: ERROR — has {ext} (would cause macOS OCSP issues)", file=sys.stderr) + errors += 1 +print(" ca.pem: OK") if not errors else None + +# MongoDB certs must NOT have AKI. +for name in ("server.pem", "client.pem"): + text = cert_text(SCRIPT_DIR / name) + if "Authority Key Identifier" in text: + print( + f" {name}: ERROR — has AKI (would cause CSSMERR_TP_CERT_SUSPENDED on macOS)", + file=sys.stderr, + ) + errors += 1 + else: + print(f" {name}: OK (no AKI)") + +# KMS certs MUST have AKI. +for name in ("server-kms.pem", "wrong-host.pem", "expired.pem"): + text = cert_text(SCRIPT_DIR / name) + if "Authority Key Identifier" not in text: + print(f" {name}: ERROR — missing AKI (required for Python 3.13)", file=sys.stderr) errors += 1 - elif has_ski: - print(f" {name}: OK (AKI present, but unexpected SKI also present)") else: - print(f" {name}: OK") - -ca_text = cert_extensions(SCRIPT_DIR / "ca.pem") -if "Subject Key Identifier" in ca_text: - print(" ca.pem: UNEXPECTED SKI — OpenSSL auto-added it", file=sys.stderr) - errors += 1 -else: - print(" ca.pem: OK (no SKI)") + print(f" {name}: OK (has AKI)") if errors: sys.exit(1) diff --git a/test/certificates/password_protected.pem b/test/certificates/password_protected.pem index f9df236a2c..9e264fbd55 100644 --- a/test/certificates/password_protected.pem +++ b/test/certificates/password_protected.pem @@ -1,54 +1,51 @@ -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: AES-256-CBC,2A1A2A327D032B31FE54E4A4C4C470C7 +DEK-Info: AES-256-CBC,01E668EBECC8623A8D736B1B9F7242A0 -MkuZ4JgpxXQs5zYCF9a5CgWhWBNs/eF1KUv1lKzSh6LjjsGczgonpq2sx+ll541B -P6dTMXt9nypkRWuOr5NTMGV1RE4evHgvNEtztQLCyqSK1sZWjsqnDNR9kON4+W2P -KaLKD5ARsw8xvibV3mS2a6an2zWdL5DPm/wGBgUMcmLReX+xxGm6HbCvAr2Xjapi -x/xnmFgqKN/SbdS08M1Lwndpuxa/+LBcSt3zm5JEpEEzSXh+dX//pDM90R8XYBJj -Y4Am3f7uKibFPjFea7qUxDCIlvLaaE594cDztYiz8GdBFihZBWzp05dG+fFj+U5V -6L4EjIHoJ4j5bZUfmPJTOvXmG9H8PSayOC+JuxR7HcarZF2HsvQa5+yJLy5VP3zM -0fOkHnbIZdwCys3rkZxqh+77JfJIuu8eX0+Mu2uW7UBoyNxs4n1rqQXWk3nx5PgZ -DVUbSDwzqwOhl2nF7VeiurfLQLcbQMuUkWBh4n4Pyki1VCekqQMisi7ibMgZ+iPi -lSnTR8MvXVaK53lpvLdG0K0yQDIMA5TmRnStH0zWQwZBqfrVSgnt2Lm3bJrj2owf -yeh192X3wlL2GNUzu+tBSGs1QCllLXqnDM+6lV+zYzZEg2KhsUxGS8IpUvv96w8m -RayHj5+AFlPWBWEnNLlMK+hVBXuklerZufHvNQ+y1q2muiKPCCdXK+s+zw33LOis -ibohNvjtfgawcxXaEw0GqoVnd17J/CO7gY6jrnS+9hS4UinXiPvfMuVUdbKsMiMA -WWwta7xPz41IohewdwjByjN1qHTzFaGCiGRoXda7l2sRXfF9HjxepB6wYpQApN4z -ki3bBuuwR+vJo6SnAkpkcYAdQMsztTrpiOVlu/HUha0+l6A9eb/rkm8n+7O5hLgs -O6m/n/Rjw2biX8U2ElBstvsyQgECXKmjU/NBz5mZ72KuG9lJg2wdk3QNFGWxZnPH -wnbWyqhqwPmeIGkYQXfqMFAFpzmOxdqAlG/v9hp4kLPmuV8vc1S2g85TVX/vCRxP -cET3zfR7s+Glb793gN1vx6z1MTbs4MuamfjfVjGvSY0Dm8tiboupDC1PowBw3fVE -DIx6lLK4E/2uNQOXy2mu/enTQ1D7lAwSflfMTEjscIstCLkW3IprdV9nQOZdDysq -3jkB/FpX/u4hhveZaNwUVFxyI4i3ligJjvfGVDxPmNreO4cJ6b9UrWbj15HfjfkF -1QUlqe+pie3X9+yv2K7FmACmtR8ZAFBWGpYRNuQQiIgXe+HUiyrkkLubn6gqBjcF -jwc64lMRTAQHWY/MlYKg+6YMsVYgcCjhi16RG+8zWyBsXIJISZzJbv/OIqrhxTcY -mqEsyR+/GCoEoKeaLgxiEPizNtOH37gG0bFuRVsJDUJ0Wg89ZvJexLY3VuQmdTDn -Kew8O25oqMboz5oI5hcnJiYl8AkUvmMSbWG1akpwExtWv6FQckJznUaSiwaiIgtd -v5fBzxiGrqBs/9cxuDfBdG5hN91NiGv7XfJh3az9/Ln3lnSABFH0ZFtyHQhuvhaa -MyT/MW3DnEHlpAXPamWuxgZsS5BeyJWimCi9JjCmVcknZrxP8CFVXHiPDic4ZD8s +h3FAkObxGZfI7R0uWjWmpG8y7tsA9SxHkbi2C86hQ0QoLSYSvEV3uI42ahPKbjeu +KxseeyHLdHe9XuGGKdPlB/rhNjZc086lq/b0JHMobOQKP8b88IQUp8iDgTsTNHbL +7N7avfn+EkT4FEF8ad3+o1x/KFaHymxHRGkm7nHsfGXoAsxoGz3oeD+fQgG4m2Ew +8sKUGFLUhlpd+n2oglQI6BI2FwkIu870WmbHDt+nBhUjsz9c9JRksS2Z7+w4hxkh +V//73Jm3n0rwI4wSO/GHcojLAV35bVuR/b6n8Z6opSCQzctQALIhMfa2ouZpjUM8 +RrbSgOszWj5rgMVkc+9+N9n4ThnL43J1hmVtpOQ3Nm5SOjsk536jxMCp61W+k7vI +teZjH/Z216+NPpiZVuclVbpO5Dj26t+BtZJo2Bd1KNh72V50d5leBrv1R+XPH9ll +Sj1pZDkKFu0nKfNBzv7NNK8c3MkkTPvsvTZj0KYP05ueCsUqOUXePY7Bv+GeF+iL +rkP8e1HeV4MAXSUrEfT+XOfzmGG8vZOcwlg8opDbjgJX4Bqfwpgprc4FdTIj2AP8 +21PFHrfAveYf4ixNTICQR2PqQ1aMz6pqnCpObCU+pRWLOg4HayGH9d1qOjSSlQhc +ZJL7gtRhePJOhcmBQETCHueKessIPhqgm37O5MAUZ6qijIT2LHabqgnYX2QnzfeS +AzWYzmXDOITtBv7FyrOk0WUuIkRPBoIfKoskUy29xqA6PVVQfRwVH/InllLXUMcF +ECb4pd0i4yVuDy21g2BP94LvLF4RMnN8aCMm4ocvNj7b3ZTyuUbw9XA0tFi9VO5L +BvnbKtFw0sH/HXA5a9HA4H+o7XG9QgWj+iqYBX/bvmbVbZUFEBDjvxjUnH+gejKO +A9QvB5HKiMHF90llPc0Zf2sWhcjED5+WEe5LJ58bTTwdUmLaJ4FharuM4KEQ4kcV +y8wB9MsR2619QJhjcmXxFkJdgAjoBw5PG/QFQEELjFnRE9DZR00jIz0zZv2LeAfJ +pzU7jI3A8ZQfBvpXBbqb73kfBbvcmcEfNU3ixlMwTUCn5AS2G014Oo3KQ0L5d5Kq +NUw8VXQ7OV85krxYNHQxYWDmwc5nCXRdF/A1U+if3DDwAJTx9bVW90mKephFekPP +ZoiWhwBSyqOZ5WiwRffOOt46UwRfVCWlwIGYJfYtl7I+qhWcL67Pcn3PVBRH3pOA +dW0bDMUqKIIUjG7NvTW+EvFDXm8W68E8qi3QXxF1lJRP9TF9p3lxxf1DQauvZ8EA +V4oH/ubXgnBTbHkHosVQgtl0ZjIZsCPfdmyHcqAwu7jCRuJmk4qN8Dkacmu3gz0I +/31t7TXWIpZ5G6haDY3D23BSEKKNCc4KBIYWaN7ZsHoTOyghManM44pj+5r7+PR+ +6ErxlR4eHCI/4+H4yFmFtTO8fku7n7jyIeVpxGE24ZU3Sh1OZESf1JmMwpuoUa6H +YXrHDhD9VKZeJdU5yR5gDEqL8UJqXZbOaNg7xZ2CbHvIInX6lsRjISR49e6IdmEf +uD530tOlKNfB6Ibhb4dopv3HJjxen38P1hiJV24zRJuS0mnv2TDXStMwPTdcaBPx -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIIEEzCCAvugAwIBAgIBAjANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER -MA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNV -BAoMB01vbmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMg -VGVzdGluZyBDQTAeFw0yNjA2MDcxODUzMjBaFw00NjA2MDMxODUzMjBaMGkxDzAN +MIIDgTCCAmmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADB5MRswGQYDVQQDDBJEcml2 +ZXJzIFRlc3RpbmcgQ0ExEDAOBgNVBAsMB0RyaXZlcnMxEDAOBgNVBAoMB01vbmdv +REIxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxETAPBgNVBAgMCE5ldyBZb3JrMQsw +CQYDVQQGEwJVUzAeFw0yNjA2MDgxMzU4MjBaFw00NjA2MDQxMzU4MjBaMGkxDzAN BgNVBAMMBmNsaWVudDEQMA4GA1UECwwHRHJpdmVyczEMMAoGA1UECgwDTURCMRYw FAYDVQQHDA1OZXcgWW9yayBDaXR5MREwDwYDVQQIDAhOZXcgWW9yazELMAkGA1UE -BhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCGjHibyL6EtuJr -zcLf0G+zDoxEgr8Py7T6s9Gb0KaH0Cid/YrPbbfBgezo6GKlyjAyCQaVNLO25W9V -KlIhI3LLhFU8q6RRXkzcgjtofb6ngfocVYbIe8schYINzS9rAAO0LAJwGhCMnyAZ -ph2kFwNAGsgk+1bP/1BhxzZ7Uqv6Rr/YuH8N3omMWpWZJbMdNFQk830n0MSxSClm -5GV0QYFmaZLO+PYfCg4ra2Awy/bObKS4sgqY8Q77CBzFAwL+40gF1AYuyIeuYyRc -gTsDL9fWpHw/cc6HJ4/IzYxtmeR9sukjBxz3cQiArXPglCfsQ7yHstMxFSqzsjyS -/Ty7XMxrAgMBAAGjgbUwgbIwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUF -BwMCMIGNBgNVHSMEgYUwgYKhfaR7MHkxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhO -ZXcgWW9yazEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTEQMA4GA1UECgwHTW9uZ29E -QjEQMA4GA1UECwwHRHJpdmVyczEbMBkGA1UEAwwSRHJpdmVycyBUZXN0aW5nIENB -ggFkMA0GCSqGSIb3DQEBCwUAA4IBAQCi1zSezWD8IpIjzj+I6hlXIRbV5twftNkd -nA86NaYfx+k1khoOV99gjALYff4IzCZoDZ027VeqL1mQblh4OM2o7Iirns4G21ka -bpSbjgKs3PbijcWHgWpjnWHL1osQsP/WApaZQbNIyh29F0qDmKm5fgn7eHqX4oTV -DTHzOd+tTVTkM1UHzJnYf1+1IdFwzyTVz2RT5uakuHwpJRTQhQBAdahOZPxFUURN -x7N9s/T7UnAmKHCzl7QFxfN/BsjPb8RxgRP5Rl+lU/WF+MIeK2QiJ7d2jRa9Eewn -v+8kv+HCaER3D5KpjFzM5IFofUF58J7RCZQYf71gK9kqgcIq4jpX +BhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDulBOdOJXZbz8T +OQxaNJRmZ5uQ6Hlt9Qzahf5sGLx+HAwOVG9KUPaJkZBibAdPaPxYZUiOOxtGIFCI +UKrvsdZO15r5yj7gfNSeooZJfg3uL55/6xXFkA5ARkAFCNWalOerDzLrPA+D8h60 +/EFUdf9V/LM3RCVRGtRgdMW6Fq2HAlUUXPBWOC/ZeRawC0jd6KuiFdrHlkt9L9kc +I+N7XHWJSbnL2RkiJwVbaf/SEXXZ/MhPnTW9r3DrlncVUJDvyMe+l2FORxsuMTLM +1XMMttFaz8cHxkzQWlhlfKtqbyMaAgvXlT/rt/gb8jFHF2Q/I9VDAcoR3VzdRi1r +kQl+18khAgMBAAGjJDAiMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcD +AjANBgkqhkiG9w0BAQsFAAOCAQEAambnQsweSB/Ojj4aUzWd2vc6DxkvONlYmVqJ +IGL4xAt01S3e+i3CVYbCLAu1juOyMfcwQwIwX2YCP/Ojm1+9oELow+scHK3jOnRI +bF43XONqrcqyWPCm7OTN0rpjZQ460BwR8ODQaKoLHDRWY93ND83VnbjcNHLfZmzL +vAGUJrdgAW5MMg2sj1mwGmoBxY9LuU3YFdJka98fzx3UlGHbrS1NodyAbIkOE94c +kxkWk60DHbMGeTkuOm0wduKXk7paAz6OIUjzLFhF497KtnXqP3TLED7kurSXOhW6 +bcOQ9ENVAWGaPGH0xhm/66GtMl06dHB7/sN7MtbiQCQOXbm5Nw== -----END CERTIFICATE----- diff --git a/test/certificates/server-kms.pem b/test/certificates/server-kms.pem new file mode 100644 index 0000000000..c78d18a3bf --- /dev/null +++ b/test/certificates/server-kms.pem @@ -0,0 +1,52 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAvmDFbq60oFjq8DYQiglVk4ijRKZQThgLB8Ds/xy18I/AA4V2 +rPyF1WvjOVlHZUaKKHWl2I05J8r6uqfnum0+yjt8EEd7k/358W+wrRuXnhMArg3x +MU4aHSf7c1Az50pNuCDVSzZofHG3qFehsyfjLE1/4n3lhZBQFfBtrL5mny2MLQfD +nFQ5MZs9aNsuxUoAIL45b1mq6lh1q5xc1kpdLUJxEoSSp2zf9DlSIaNrTPFHZQl3 +uPtHMG19/nhK9gtDeUbYk/iDFjpG+edRkFOKBtlYF2GVywF1AysSuHD9SM4JX/lE ++4MQraAE2FFlwVyi2deGXbZ2kXjPW1qKdvkiowIDAQABAoIBAFHbBPjOmG5bXQTU +ki7vzYJGXUDuq5ewYcm/K4eTPi1FeZ9p+rltSFQX89acKwUCG/RChYEDU8Bm14B7 +Ijk3sKg+hFzxh1J+AMJNLi94Liwy6ndsGjkDZloD72tI4FBB1AHn6B3TMoDTWk7B +Aw8nhtdtKR/m1tGjV7PfMSD1quUkb+cU3/01XxX6+8TQTPyvP10nwEY3IWcctQpy +TmXmzvcKz4yE7TT9+gJJT0YYADlMJJoD5JKXd6wdUtiGGuEcEfKX/b5Bvqq9AJb1 +jFq3AEJ9l/XMKDK9Sp4FhENhK7zOhVlD7400VoQnw1Vs/5KgnzDu+BYhiGQ9y2l2 +b1dd6pkCgYEA5TxGTOy5mAQo1fs7Qb41n3e1xGVQ5MfkW0PQ2iP61NyIkRl2ZxNs +nZ7BHcUPqYYhIyPp+vER0/WgihuC26xVrCmYfptfufvy3JHlkkoIyR2JOSFrZOk2 +nLUOB/lK1FaEj6n83ZVfQb7hwXZ0htGLURCnBui8H1yX5r/PwkmMQ5kCgYEA1JsR +jkmx6WB8Ru7oRo9UMJRBNiF+EY0PTL+NZfDYUQoUPfHKy1QWN6gbmeemyE9+HoCP +A2t8ZGAEYC9avLsFj4vzfBsBkmupC0KSMeNGzBvQHVS+aftW3QRybcKFKiaAF7op +lcDtO6uZMl53btYo9qsA1o2pHKt3leQzSDju/ZsCgYBQKocPSc4R6op5YrWzZRiN +nyiy+ReUGo+ylwHH98M1g7ZCwBvXKkTWznkMtyimCWE3T8z41Ct+66xr//kAZ8FC +Rv2scRvGB+VD28XkJf3yj2C42QYcsS5HGU5B3Z2cqnELaNAkkaNRc7axmIJhz5Ag +FmnDEcsQUKpSqQu4D059KQKBgQDEHOp7ywTe1s6si9IczDeHvCnPKePlgq37SLLA +twKC9n4nibNcDYuU+W/EbwfMvG8E6eeB6xNKb7t5khTsBMQjXqBR+YNgsgizx0ud +0x1KR9mYRMSEdIDyzRhUoNs/P1ZnDKUxa04p/acJ7FPVHJ2as7DJONEnDg/4ZxDa +7RGfQwKBgH1mZ/fd/XyGjCZSzZ3GKSrPHpuQwcdNt0kfa1cUq0Kn8rKuFiyCSfCC +K0yC1dcafUayT0IP1LZFXVwNA75hA0fd3+rC22EdFdQ5s5aXC2WGRVW6aryTPpK4 ++vEdKnm2pdP+2tP2Z6+2f6fr8GBkoxgkiXd9DkgWLr1iK73A1MNN +-----END RSA PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIIEKDCCAxCgAwIBAgIBBTANBgkqhkiG9w0BAQsFADB5MRswGQYDVQQDDBJEcml2 +ZXJzIFRlc3RpbmcgQ0ExEDAOBgNVBAsMB0RyaXZlcnMxEDAOBgNVBAoMB01vbmdv +REIxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxETAPBgNVBAgMCE5ldyBZb3JrMQsw +CQYDVQQGEwJVUzAeFw0yNjA2MDgxMzU4MjBaFw00NjA2MDQxMzU4MjBaMHAxEjAQ +BgNVBAMMCWxvY2FsaG9zdDEQMA4GA1UECwwHRHJpdmVyczEQMA4GA1UECgwHTW9u +Z29EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UECAwITmV3IFlvcmsx +CzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvmDF +bq60oFjq8DYQiglVk4ijRKZQThgLB8Ds/xy18I/AA4V2rPyF1WvjOVlHZUaKKHWl +2I05J8r6uqfnum0+yjt8EEd7k/358W+wrRuXnhMArg3xMU4aHSf7c1Az50pNuCDV +SzZofHG3qFehsyfjLE1/4n3lhZBQFfBtrL5mny2MLQfDnFQ5MZs9aNsuxUoAIL45 +b1mq6lh1q5xc1kpdLUJxEoSSp2zf9DlSIaNrTPFHZQl3uPtHMG19/nhK9gtDeUbY +k/iDFjpG+edRkFOKBtlYF2GVywF1AysSuHD9SM4JX/lE+4MQraAE2FFlwVyi2deG +XbZ2kXjPW1qKdvkiowIDAQABo4HDMIHAMCwGA1UdEQQlMCOCCWxvY2FsaG9zdIcE +fwAAAYcQAAAAAAAAAAAAAAAAAAAAATCBjwYDVR0jBIGHMIGEoX2kezB5MRswGQYD +VQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0ExEDAOBgNVBAsMB0RyaXZlcnMxEDAOBgNV +BAoMB01vbmdvREIxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxETAPBgNVBAgMCE5l +dyBZb3JrMQswCQYDVQQGEwJVU4IDB1MGMA0GCSqGSIb3DQEBCwUAA4IBAQBqBF+p +Xqe5gDU628y6IJBzQHU5Xhm/iCPMsj4wTIIxqgAa15E73b68VS6PQuz+kGdm2wwp +Vu4nudlAVhBXWd3+95zzh6H+UJj+XSet3AZ1A18A+5rU9BGOTqTnv/KWm2Nyccuu +iYoZtVCRXzgX69YKzNmUPaUUQRpMQYwWnbSV42SWJpQ1Ikll7U5M4VV6koKb+EPB +moXUqRravG3XJMVdDUG13EeL/INukTjzHtPCOIIq3+tDGAcP/X0ldfVWn4gjJBvX +Wp+mySlHpnkb9ktg7KaG6iHLEeuOXG1fZXtjKr8Vska93YMB3aOderKyXkJg6wML +SaK7XW5H122pnhHP +-----END CERTIFICATE----- diff --git a/test/certificates/server.pem b/test/certificates/server.pem index 813ff71d63..7dd98bbf61 100644 --- a/test/certificates/server.pem +++ b/test/certificates/server.pem @@ -1,52 +1,49 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAxnAdSc+RDsXTgJipcYiVMhAhiOUzMGDjruTp4nrRFiothP4K -JO+73eA38GhAzlCLVXtsewQRBYS0jFsGACPf9qO6YmBLdRh7SqftlYsENiZDiC+E -WUT58R+2z8zoYSl6mJUk4ARwUlB9PxLKI9OSC9ZpcVOWg/LNv5pE/vTMCUoPWNAK -Fx0ltNzMkWt8yzZvAStEwm/oOiPb+ngtJQM/748L3Ra6m7HK/VUzcgZbb7TJN2ag -ydO8Y46lEjQKqzJOoK4LiPtMdJYlI1SlEX67CPGw0VEjDU7G2+IUzR573bE99Qvq -fLcTvV/aIgUo9tCz4fcuvKrStczh299btcLspQIDAQABAoIBAAZ9HggO2IByKZNX -6pqCy9YiPuZ6EC1xzaAnbhpwx6uA35IsuGoyyKLdtRaQYiYc7iFycr6nCGN0zm6U -f2K7yZQIEI0s9uqyTT3ItfUg4Zdfsu+eFibRIZcn4VN0MNkUgSTCI72Lh5y5cw7/ -70oyneDzNul0wUQ5SU8NnVn06UMYcQ7uRnBtVwW5BY6ziVQh3NU+wspc5ywhocVp -NULn/mc3xcwMrv6Y08Dp4sYP5mS4tvVEqZfmssakzV14PgJIpklV/pGdHa89RLdw -lXAEJS1NBf63weCpEi4b5EtktxS4Q5EkNE7zuL2RAdMBWqfVccUu4jLM1xiMBRgo -m8h52ZUCgYEA+DtODv+T6e6oxsIB+Ma5GSoRsxvDCN5pZbWggeJmtBytJheckpF0 -lRRzodfigVUoTKLqQJjADoiYZ3tFeKUeDKsiURzsCiLxEJCt6JT0c/xPupdC1m3O -WtYr8uied1ghvnlKm2CRj1F4jIiedmNN+gFZjxNnh7KAqjwzuJ51mFcCgYEAzKXj -xffn6RnwQZKYssP1g9GnPiJ4mueEt5uSbA2KlyWlcxy+e0TqJRjTv7gpxT5fm8LC -/gx812LWOX7ZIU+03IpbmQU+Ske8QrgBih9phdTSTqg58zfRUIZ6tpWn+ssp7IAz -0PFgcnfhKf/BhtT2Sjpe3L4LR4CYmCABLSzZNWMCgYAcTxcd2sPRn+gbkrCK4I7n -ccbG+FmLv2Ghuc7uQRWZYNPWTkcK6A+1mLl/MZGhUkbgRowUhdcRUT6gPoyzr5D3 -vOSS/4tjtIxtaTKMHcCrIZEuJGX48ljgPyCP+TtpPOHMSSTbB25SO+ZVkJcRxU11 -P4YpLPtXnGHUCD2Vxmx+zQKBgQCKr309gvRBzxc3iN48f3oZe/HntLqg13bkauR+ -n2qlZZjK+tbHePtoanvNeEOubMekKge03MeZu1xMGH+TCI4byxOqDpiZBCY73LEG -ZqU/Ueu37F9hSRlrhccRhzgQSLA/mt4CoiFnUYBg0vbWpenGgeoZlBzWtvoyVbYW -ZEdK2wKBgG7WHcgNW5wuTojLp2Jpybxt7sV7kDhm89px/bhMcA6VNCYQU6GiYdi5 -yY3H12XJfMOJzVsSZpqjc0pCFVd8q7BHVfZAai9Ampcd61dBOak7pEQyNxyysaCE -tueB7Fz43W52sgCzt0m5ekghJjXaMJRoBVKOzTlx2bXydEHWM5MA +MIIEpAIBAAKCAQEAtzoGxcDM1KTqph/LjodIPMTTct/5HGe938TDKfj8mQjty4Bx +Gto8m7MhBhCd/0F79gowN0yHtMz8+/Q3hBxDsJ9IxVeh1xK4uq2IvpBQTp3Ozwic +5fEnwi0QaFVl+S1Q4VN7TQ2alGeY+IQbnX3MKmZnTlLC6lINjL0bPIPtNqrWw8K9 +lCdC2b+85aePGuIF8ZN+HBnesCLsFLVd+0pzTXTVT5GUWYF6h8mVo4t4KrTaPegl +hOYTufs7iN6iA/v4ZJCf77OEoBkHaCPft0XA2rAMWHyMVuqWNlkM2zEUu07D3Que +7O7UExShyHZeRDqo7AQtIroGBh/B6FiNoDimGQIDAQABAoIBAAwBS0xNs54DKDS2 +RJoUFxGUO958+k94JKKyu67WV4aXZS0+PyrpPatd8z34fMGqwrp+NGaLJyEbhT/k +4nZPe8fox9XWRg5Xda8Vi64guoJMKK67+7u9L0OzvC152vKWm4QH+j40M/qhRw6R +aVXKVkQ47W/eUFMWCTk9crlmU3aPYow1M34ekjGNHMD/wybbUIyZPsMcMjj64aFR +itvzRBQE5ydx+ZJpOGOG8hyPdPM/A5oVH4P8+Z4g5tpgLnHBMTT6oKdXqOtDesOH +swPL3Q3ZHFg7gUnErJVSf3Gu7X2wS1DtUVCB1GJiPdVlZ9zHUAvXSBBLXs6Znowu +NnXmxQECgYEA6ASgYOocYvjVL2cN5DTjqK16uB7fEYCRFWSFASJjaUTBJ/ojYI04 +hNuJvNWw788mlnLNehlB3btmQuIqp0FOP4uFipYvFgGcOMFgAity7FQQdp7KgHWX +KhGeiNAWHMXc0wwKPB5yTv6inXP9R83EyV7soqjzUHfmJSjwGHKLz2kCgYEAyipX +raqD//IgqvBwpC8tQnFrNCRmuF5dGZFbKGni3T5rOxWw6ffCS1vshbnZAwJ9C1RN +P+wmFSODn5/20nZjnnyGokng8ZrEd237KJNm/XDpnngBXfU9lM2fKj9th3t6tEp4 +IXnCsmB7EN8SHKbrZBKtMB62qnfnCE+E6r0K+zECgYEAq92Rd3izolS0hjKORbcv +1Gj8+JpVnr9fuTsGkvqILRgzBIvz3Ld/YFrHQswADwOhj9xmfMVs1vTUIUMrWU20 +yrltKGVrZ5+1uwzzM2g/7vOuZk/lrRZt7Umz56BMYO/oTaUjh7j976oLhxq+SYwQ +8yGPpEYGRlsqbehPQazIB9ECgYAXWGxnkZlMpRlApCNd0lTXp2FJ1CpIgB0gJrjw +Icog4mRfnlGfswysxyC5EI0O2+q0tDd3ej2rkz5P4JkQFLvMQXUKqJ1hSQ4G/JxU +QzFRcwiHVDRUNU23MUeACXMMgiXZTAAzXWwuTRXpDNl6lYv5Mm7tb56IcPAs9YHT +2aC7AQKBgQDOrVPZttZj7DRANEe0U5u2KHdynXXE4dnSEIWybv5yy3lsHbDGfLQJ +Y0xkmCN0GEHKOW7+wx7JH+Mn8UPb9znYuB06B1p6ws7bQXWNC8+C83JBNwGt2SKf +g7Z/e8uUiG/qh9gUgg2AWDRzws5JBPffZGtNwg+5I0gGRL0W29/wiA== -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIIEJjCCAw6gAwIBAgIBATANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER -MA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNV -BAoMB01vbmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMg -VGVzdGluZyBDQTAeFw0yNjA2MDcxODUzMjBaFw00NjA2MDMxODUzMjBaMHAxCzAJ -BgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazEWMBQGA1UEBwwNTmV3IFlvcmsg -Q2l0eTEQMA4GA1UECgwHTW9uZ29EQjEQMA4GA1UECwwHRHJpdmVyczESMBAGA1UE -AwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxnAd -Sc+RDsXTgJipcYiVMhAhiOUzMGDjruTp4nrRFiothP4KJO+73eA38GhAzlCLVXts -ewQRBYS0jFsGACPf9qO6YmBLdRh7SqftlYsENiZDiC+EWUT58R+2z8zoYSl6mJUk -4ARwUlB9PxLKI9OSC9ZpcVOWg/LNv5pE/vTMCUoPWNAKFx0ltNzMkWt8yzZvAStE -wm/oOiPb+ngtJQM/748L3Ra6m7HK/VUzcgZbb7TJN2agydO8Y46lEjQKqzJOoK4L -iPtMdJYlI1SlEX67CPGw0VEjDU7G2+IUzR573bE99QvqfLcTvV/aIgUo9tCz4fcu -vKrStczh299btcLspQIDAQABo4HBMIG+MCwGA1UdEQQlMCOCCWxvY2FsaG9zdIcE -fwAAAYcQAAAAAAAAAAAAAAAAAAAAATCBjQYDVR0jBIGFMIGCoX2kezB5MQswCQYD -VQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENp -dHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMM -EkRyaXZlcnMgVGVzdGluZyBDQYIBZDANBgkqhkiG9w0BAQsFAAOCAQEAo6XZjd/0 -Jmc80JOMp5T3qGWGgu1CE0bmtwMbNy3E2z6nxfb6nLJlHn3Pxczp3/9acALakOyZ -9eK9Y0ipu50Vd6wAyD7C9lMGFkiNbHagvC6RGbBff3OJvL5ijsiQDHaJNaC9UuX1 -9l0A60XgOj5nk56+W0a3NKo5phEIHbgY1nyJcK7Ih951MMDmrtg7Kgq+czssQwvV -8AtB+10zN3WIanRC0lR3YhihiOi+a0qnNjWwFGt5cHqBxZQcJ6sVqC994haBNiPf -8l5FcbCFwLhuXN7tTxIgT88757nzm2zm9ZMCWt7UdDa4mXqpJTW7+0zKDYAIw2p7 -3Y0OEy4KgIAgOg== +MIIDlDCCAnygAwIBAgIBATANBgkqhkiG9w0BAQsFADB5MRswGQYDVQQDDBJEcml2 +ZXJzIFRlc3RpbmcgQ0ExEDAOBgNVBAsMB0RyaXZlcnMxEDAOBgNVBAoMB01vbmdv +REIxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxETAPBgNVBAgMCE5ldyBZb3JrMQsw +CQYDVQQGEwJVUzAeFw0yNjA2MDgxMzU4MjBaFw00NjA2MDQxMzU4MjBaMHAxEjAQ +BgNVBAMMCWxvY2FsaG9zdDEQMA4GA1UECwwHRHJpdmVyczEQMA4GA1UECgwHTW9u +Z29EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UECAwITmV3IFlvcmsx +CzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtzoG +xcDM1KTqph/LjodIPMTTct/5HGe938TDKfj8mQjty4BxGto8m7MhBhCd/0F79gow +N0yHtMz8+/Q3hBxDsJ9IxVeh1xK4uq2IvpBQTp3Ozwic5fEnwi0QaFVl+S1Q4VN7 +TQ2alGeY+IQbnX3MKmZnTlLC6lINjL0bPIPtNqrWw8K9lCdC2b+85aePGuIF8ZN+ +HBnesCLsFLVd+0pzTXTVT5GUWYF6h8mVo4t4KrTaPeglhOYTufs7iN6iA/v4ZJCf +77OEoBkHaCPft0XA2rAMWHyMVuqWNlkM2zEUu07D3Que7O7UExShyHZeRDqo7AQt +IroGBh/B6FiNoDimGQIDAQABozAwLjAsBgNVHREEJTAjgglsb2NhbGhvc3SHBH8A +AAGHEAAAAAAAAAAAAAAAAAAAAAEwDQYJKoZIhvcNAQELBQADggEBAHHvPwJTWIet +nYppvasTA+qjT7jpOdkw1467ocALFi90C0CVTyaAX0Ut5dl7eVp560FD2LkCE7Ox +yshUWKCnfPtDLbhRoel0FQbvjy2umvEzDhDEmWQ9N4QemJ+75guJQkKg1YZ0eIRv +SM7gvt1SIoYAWrDSxeg6L4iKIdQR5+RDhR5pE6/4bgb0IdEeAJEolvG/OFrgu0jm +Xf4Erg+6hBDtIFh0pd89GYi1WKpgZNPkrrFF8FPsFDQuL6mruUNGOt3ezIxn03XT +MtpQozl7g6a8hHFRZdEZLD9EF5WGZsSoxKlVfY3E50+MHhCk5lO4XNPX++ZBVa+X +2NtIV6MMemg= -----END CERTIFICATE----- diff --git a/test/certificates/trusted-ca.pem b/test/certificates/trusted-ca.pem index b759fe503e..781ff3c6f3 100644 --- a/test/certificates/trusted-ca.pem +++ b/test/certificates/trusted-ca.pem @@ -1,22 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIDlzCCAn+gAwIBAgICAMgwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMx -ETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1OZXcgWW9yayBDaXR5MRAwDgYD -VQQKDAdNb25nb0RCMQ8wDQYDVQQLDAZLZXJuZWwxHzAdBgNVBAMMFlRydXN0ZWQg -S2VybmVsIFRlc3QgQ0EwHhcNMjYwNjA3MTg1MzIwWhcNNDYwNjAzMTg1MzIwWjB8 -MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZ -b3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxDzANBgNVBAsMBktlcm5lbDEfMB0G -A1UEAwwWVHJ1c3RlZCBLZXJuZWwgVGVzdCBDQTCCASIwDQYJKoZIhvcNAQEBBQAD -ggEPADCCAQoCggEBAOYdJ8NPq6BIcrtz+EznoGo6RI1U3xJ+IELSyQesvaO8OKp5 -o3JOoDbCfaXWwVGq8qbUzcyhkA8gl1xf0MIzHOKrd8f1dieNOPM8tPe3uMcOF2tf -04Ov+ArmYDxtk5k/N6fDCd8anVG1uo1GhQywcYwn2TUHT+NpYuGDDfpv+nLFoj4T -Lap3cbHlKgsoWK5/ZzbbsKwHHPbh8LIuSVbafZymvylNsyNrrEMvWTfkGRp5AekS -+Mp1m9plwcezpmkumPgXHuHL0KZOZvy9Slo2EgByl4UjR67ABp4JcoX+JBeHhP/h -8MQLkDW+MYddZ8MBOhRvR8vvgl2tQ/9n3Uz2MrkCAwEAAaMjMCEwDwYDVR0TAQH/ -BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAAfwMivK -0MVkRGPg3PbSh6zgx3wfTnn08Kg9zcSoAG55WkkrW5Kq4H8NQIsEDvbHEFbkRoB+ -vcoKVgepMXhgMbrH9F00yAwTep1kFDzqs4RBPvQs4sOf4xxMs6Ba65hLUIVrBEpN -46XN2NwEyzi2x4J00KfJgGghwNQjFhk0IRIlJ0ygFzGy46QR2j4AzW9PPs4B2lC6 -NkbgvM0O1Bju+cgpKObQG3mCOHQTDXmLMN8Sr9EfZxvvmzQNF/ijFPR6cs/rJmAf -kWOpaEWRul95rs5cZtzYXvhiHVM2FTJs7/hvJIuyhjCFkJP4yppOFsLNCDLwF4lo -Uf2yrrLhqcO6pHc= +MIIDlzCCAn+gAwIBAgICAMgwDQYJKoZIhvcNAQELBQAwfDEfMB0GA1UEAwwWVHJ1 +c3RlZCBLZXJuZWwgVGVzdCBDQTEPMA0GA1UECwwGS2VybmVsMRAwDgYDVQQKDAdN +b25nb0RCMRYwFAYDVQQHDA1OZXcgWW9yayBDaXR5MREwDwYDVQQIDAhOZXcgWW9y +azELMAkGA1UEBhMCVVMwHhcNMjYwNjA4MTM1ODIwWhcNNDYwNjA0MTM1ODIwWjB8 +MR8wHQYDVQQDDBZUcnVzdGVkIEtlcm5lbCBUZXN0IENBMQ8wDQYDVQQLDAZLZXJu +ZWwxEDAOBgNVBAoMB01vbmdvREIxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxETAP +BgNVBAgMCE5ldyBZb3JrMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAJ+OVNEE+olztiLdghDMcAK+4n6ZO8/hTa96ZWUs8aFdXPWz +hbqQMlUS3LoiZpJhvxonWdeBCatdTextvYVAb6eYtEiVCO+8T95ZAP6lrnh5wxW1 +qMAtISLNG7rVjN8FrRYdN/BVpJFqhpGK2b8/uXizUnB8uIlPQFUEzRu+0MILaXaA +iCAJwATJPPaYGwM/Ygb0LMw5ECCDPeIwnu16ilunrIWLod9xA6mHLrUR9VQT+/eV +2S7bUqzoUR+623/MraEkgF+nwkJPeoSTuZAlqO2hWs5D5PyXGCxDq+E/SqdHwNrr +o2FmHZK/pv2Qm2psCInty5jVmlGUYmEWFPxq+qUCAwEAAaMjMCEwDwYDVR0TAQH/ +BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAGBRlP1y +CVfcehUxqgal9f2Iu1p/yiwLyMlnQw6MRqF9snZH0F6E0BmwLeVdDLsHfvz28HO6 +n9th3kUytv90N6vs17G/NdU579xyr+em7fTd+sNSI9cq/vqbQRjGEcIpCaWpHqOz +wZ9gbD/FAaUlJG89eG8w/2zJ3vfO45wZL+3YBg0KbsCrUlPeLTE8l7LCXaE8GIrA +ks1vlVbjrVRg1pYQPtLz0x+i3l48S5n9vQn3lgw5xuTLednaTptw12K7ohAPzAUm +5+zpXGSvQA+eAQ8OzB24ulfXtVb3f7jjCG5PEbrwIjjQLrwBe2DR0t1djBwc+91f +fwN5XVxQYWiFK5Y= -----END CERTIFICATE----- diff --git a/test/certificates/wrong-host.pem b/test/certificates/wrong-host.pem index 5cb119b72f..dedd94b6f2 100644 --- a/test/certificates/wrong-host.pem +++ b/test/certificates/wrong-host.pem @@ -1,52 +1,52 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEA6PnNveV+f6FvvClQFMlur4j7ZK3RQHEIIRVDOiuOvpIvWzti -oEfQSjfTJjuggcsmWI+gk08ntXhk+6qqBaXSM2FzD2KeaXEJ7kMVujF9f8N++SDb -QX73aTtKjifvfW8IhbtRYJ96njd6dACE21lmm3Nraub1JMF3pF3GyKglSXqsslet -hcEHGhsBv8CJm/J/c+WEfwXWT42Vrik3FLM72zjtw067+f+MftX5CjfAqAl5r0xT -/g7HwPYLQByBuIyAYmmVsb6ejp7r31BqAFGzFeaInsqqVmz8HUCaqa8Zk1enZnmh -4/H821D4n4r/aWFWovWzJkIPp1soNMUU81bHSQIDAQABAoIBAAC1yDSAt1C8xXop -lxKlJYb38Co3pGhhn9B3/980xEfc6rOIvA14gpBDWMuoSV4z6A9Dis4AIwMY1Zf1 -xnRjc79P1/mvR4PTQiA9iJqrbXI+/otUWA68TBVARsMlqIN1m+1Ka55Thhxm12L0 -oHMJs/gb0zM9dnhQ9aQk3Ab/CjQN3+0+g9319Z7F4hYgM9Hr3GvElFlyeaF28g7u -1jT0zPr0NVF5XR0ifIit1Q754xSDotMPzMcG10ESEJQ4pfXsX/88k5NP+vI91sY5 -0Ijg2rUfHaCcxukjwn2AoMcsCBZuWAorYRrjIXvoX5h0ngllCFRwYs0HFgISA1rd -RmcieaECgYEA9rxQ8sax100ioqoVbEudT0QmX1/H/x9Rw4iWivDNuwxOJawWyTMj -gszPe/UzK5QgKQhHRJPPzIfqOYHMrcqzM2bqyAiZijExDiP3p4/xbjt58I4XF4Uc -pG7dooHxq1jSwHqvd9nfcwNUmMoRDGzV45ISgpCkDDVFzZKz3X8CVPkCgYEA8bk5 -h9Vjqy1oDQz3wnta1k8lM9OIEtww5djPsJIaxV43Ait9rtqYiaS9dAk7nn738Jln -TxOWFzYS/zGvZPqOG9Ftvhp+x9NKmgtVOL1qF2MkL1KBj7hssQ6s8VzZnQ4SPHNs -QWhJz/ZJRC2iVF91seajcWqCF8A75dgMY3cMqNECgYAdtz50jtOaX5LdTmi4Gz89 -7bJFaE64/jelugyPfUL51RiQVvKDluIe/bW7cyOPiw54gqO6saakNnZSKLzS7Ye5 -mBqMruR3DUegMVrBVoe4Q/eCrko/retuLmAJE2dcwJzZS61YXOgZfPwyTpvRCEaW -WuBZ0zu+sKfQg2ugMIzCWQKBgHGkTirRJMGGYGO6VATn74XPwcLC0Tdks8xriQEP -P2zI5X2sqrL47DvR6ovSB2h1cuV3iX1AzRBuiLHXTwlfTk4/wKNeW3pgmLMhXtiF -HIqQPqPM20KRRvBa4O28ZEaVJferoBqECCewNzPJbIbUNkYEE5UvqKe35bEiSHi+ -sIHxAoGBAJRC0MA6gFhXwoj/LM1wF5pVUqqm8QXSXKPGDnW7HEuFSIA2dY1UtDvC -q8tZ5cwN4VBWQrxoFN99RUqyOqXq3sH/sdDYduqMvO+FKJknkzitPDiowCVi/uu4 -b8fOQPejGUXHVgAuVVTTrUS7MIy4Uy43S2+Sn/kfxUKVrphoNbKy +MIIEowIBAAKCAQEA13eE0NkBw9YjON6K3twzJkhtnPigMLdpm1XeYWq3uf7l+1rP +OQ5GvSNa/zD80rIgqfTsUecQIcORi/10wjNXZLRVq85MPuM5ITPxxuVdXgRNfd6X +TImPXgUun9TM+XNIItUUbZ9vTToyryBBx/9UnZztc5UcDHrD0onR/0U91kg/pbg+ +z/Wv94ER5wgwmaMfJexxuMJt/PdIocFuGh2jcumU1MVZdLvqC6rDNoH/MbSavKf0 +hYc6uvb65DfWAQ2NA19fP8zm0j/0o7eKMdCxMgRM27BTGktTW5FrzDmr4VUd0oOV +Eir0U936DuwR7Butoiopxg/+s0dMRgt+3yXXhQIDAQABAoIBAAO3EdkwBLHFvXG7 +lJVnIpKkaQ9t0gVFBFMjVeREHMreNETzOeN39YxJUcZYp+NSIvILQQ/gdgy+/IF3 +a0316KnZ2ihONE5ZSKDj7mVJiySV2mgzMFSngotSd41V8/rRHAtNtT52o0qnmDwg +yEGUi3b0P7vgdE1ayImWysImBXzuVeDqfrZGGT25QO7bL+AQkV6Cr4HtDJhOQ7Gm +FkAbgxCGaQFKniHt3+QdG0/QpzKInAZNDiGAIX/damZF00P10jzE1qg8+GPDwxll +Nm5PBtqRaQnI5m1T2ymcRx6ouJxW6021fODUA6HlGCxl2AIkfFa5nDgG4SkisBkO +wgTpDAECgYEA7vncxYzagQrLQIVZewPwiEtgYghEKZXz+P2tEpXxVe57WyO+jDs7 +2krXEazAgeY1SJEIxEVGDceq7PCkXfYf983HkwacqhXBxUYMNq27xbWSbyHo5yG5 +BrOM9ZcuDwwwPbtzVxqDRIpMK8wfCutCo0Ws6eVgYs6DC6phSLYd/gUCgYEA5tDt +Oo9++X/a0rdKaLpMUUkXKHii2Z4Ym1PuUfUMUgo2mdDUL2w+2zJUDNreQh+XNWtD +kKKEdeZnLjEleItcjAOCLdk3WDVvfX1QvwIqZ7oBllGUoHqL2FTGONOqXLSgptuH +Rg0zluM7P6Z6eLvddmCUJMYoUSEQF+MPdh9GK4ECgYBZo+H7PD2OIAVju2F4Ml8c +UOHjg+RFkRkF8enkydfP+vfMlRjZszJdTKtl1t4TG84q3TRjovSHILltzUpqcHNH +Waod7WIArs6TeBYGwJ5pqBU4mIirgkvMRrd+O+or/M9vqIu4RZqtsA6ocxXF27+Q +TQdyaPcBuSMQ0iVRx/ZyHQKBgDOo1y+gJj8ZSpSWyWSfLa2TukcomOoz5DX/lvto +6RUDjCzo/FSQ2ZCdtwoZgl0yTNl75GdeuF7a7oT8IvLT3ibIMj6ouyZW71kazxOx +HGSS0QAfyjAQvXPxpVvao+qT0tEFmUUodz9yJDSewhJ7mZmBDCce4q8lw0BVZYR+ +g2oBAoGBANCeMVz5xib3n3o3beQVJIyaOs1SD5Pm7789Poupd/sD9hlU5xTtvFsK +9Aac4nSYOlqDW/PWCrC7MpvjOY6vmFmm0HEVIo4I5yA/Fj9fO3g+pUTCc7F+ccBs +2ARSE1cR3nZkQ8iGsOWQD1TCs8Hp8dywLubmT5vnLhrxW5iil2mk -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIIEJjCCAw6gAwIBAgIBAzANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzER -MA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNV -BAoMB01vbmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMMEkRyaXZlcnMg -VGVzdGluZyBDQTAeFw0yNjA2MDcxODUzMjBaFw00NjA2MDMxODUzMjBaMHwxCzAJ -BgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazEWMBQGA1UEBwwNTmV3IFlvcmsg -Q2l0eTEQMA4GA1UECgwHTW9uZ29EQjEQMA4GA1UECwwHRHJpdmVyczEeMBwGA1UE -AwwVd3Jvbmdob3N0LmV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEA6PnNveV+f6FvvClQFMlur4j7ZK3RQHEIIRVDOiuOvpIvWztioEfQ -SjfTJjuggcsmWI+gk08ntXhk+6qqBaXSM2FzD2KeaXEJ7kMVujF9f8N++SDbQX73 -aTtKjifvfW8IhbtRYJ96njd6dACE21lmm3Nraub1JMF3pF3GyKglSXqsslethcEH -GhsBv8CJm/J/c+WEfwXWT42Vrik3FLM72zjtw067+f+MftX5CjfAqAl5r0xT/g7H -wPYLQByBuIyAYmmVsb6ejp7r31BqAFGzFeaInsqqVmz8HUCaqa8Zk1enZnmh4/H8 -21D4n4r/aWFWovWzJkIPp1soNMUU81bHSQIDAQABo4G1MIGyMCAGA1UdEQQZMBeC -FXdyb25naG9zdC5leGFtcGxlLmNvbTCBjQYDVR0jBIGFMIGCoX2kezB5MQswCQYD -VQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENp -dHkxEDAOBgNVBAoMB01vbmdvREIxEDAOBgNVBAsMB0RyaXZlcnMxGzAZBgNVBAMM -EkRyaXZlcnMgVGVzdGluZyBDQYIBZDANBgkqhkiG9w0BAQsFAAOCAQEAoRmIKS3Q -X4xrluZfFsdK+RtK/adFYdmIVAWEajBgQEBJGfyrhQJCGu+mysaIFo8ITPEApliE -xr4myEOjfSABBPQle1W8v6qCoXo9+D9Gk//Kc6vYjvyZHJw/SPUkcYlAngLwJnse -8iHSfpCkFIDH2m+iXMgoncgaW5ALdO6OBuRHz30JJSfTmcDp42zqE3BHvWM0qZSI -5Cj+DWCITXfpTUBwOKdE+TL0eGARck8x5xH99dUfJXJbzwlOXYpNeAOB7hpmcuUF -QlT7Mr+zvD/lsPRGKZCJFKcGMCEVQ4an6+XCETUNLofM7cAlBZx6tgNEP2QJA9lL -t0F/hOBFGS072Q== +MIIEKDCCAxCgAwIBAgIBAzANBgkqhkiG9w0BAQsFADB5MRswGQYDVQQDDBJEcml2 +ZXJzIFRlc3RpbmcgQ0ExEDAOBgNVBAsMB0RyaXZlcnMxEDAOBgNVBAoMB01vbmdv +REIxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxETAPBgNVBAgMCE5ldyBZb3JrMQsw +CQYDVQQGEwJVUzAeFw0yNjA2MDgxMzU4MjBaFw00NjA2MDQxMzU4MjBaMHwxHjAc +BgNVBAMMFXdyb25naG9zdC5leGFtcGxlLmNvbTEQMA4GA1UECwwHRHJpdmVyczEQ +MA4GA1UECgwHTW9uZ29EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UE +CAwITmV3IFlvcmsxCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEA13eE0NkBw9YjON6K3twzJkhtnPigMLdpm1XeYWq3uf7l+1rPOQ5G +vSNa/zD80rIgqfTsUecQIcORi/10wjNXZLRVq85MPuM5ITPxxuVdXgRNfd6XTImP +XgUun9TM+XNIItUUbZ9vTToyryBBx/9UnZztc5UcDHrD0onR/0U91kg/pbg+z/Wv +94ER5wgwmaMfJexxuMJt/PdIocFuGh2jcumU1MVZdLvqC6rDNoH/MbSavKf0hYc6 +uvb65DfWAQ2NA19fP8zm0j/0o7eKMdCxMgRM27BTGktTW5FrzDmr4VUd0oOVEir0 +U936DuwR7Butoiopxg/+s0dMRgt+3yXXhQIDAQABo4G3MIG0MCAGA1UdEQQZMBeC +FXdyb25naG9zdC5leGFtcGxlLmNvbTCBjwYDVR0jBIGHMIGEoX2kezB5MRswGQYD +VQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0ExEDAOBgNVBAsMB0RyaXZlcnMxEDAOBgNV +BAoMB01vbmdvREIxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxETAPBgNVBAgMCE5l +dyBZb3JrMQswCQYDVQQGEwJVU4IDB1MGMA0GCSqGSIb3DQEBCwUAA4IBAQA0BCre +W44hWpSlyTYkpOThnZ/ESWxcNDvqFkW4zczPSAD/qdvWJjTO+K2ChlfZqv+CvHyc +MNihaurlt3sWQvFThQyPjBRK8OluH2dBBNSFuFq9mBh0mHLAUQsIYQZ1fawXZKR8 +Zyp7ZzMk4RfOcXQGU3NxDOD7asqKnAKePF3svR2x1XEw0X588vvF9iYVObAhoOdi +hzS2xLchQ3RTLOuknleBBgw2MBFBV+nl3AMKnJHaV4NbPejWiQbFcAAB+lP25uaa +rIDygMc66dYEEqt8PDDPen2L1o1fgf6vk21vVxNje9pC+O5QTAMgZMEqJJNODcQb +VfWkadXZl6a2KqEN -----END CERTIFICATE----- From c23e618191e6d7bfd0c3e2e627778466337a913a Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Tue, 9 Jun 2026 13:48:50 -0500 Subject: [PATCH 15/28] PYTHON-5040 Disable TLS revocation check on macOS for SSL tests Set TLS_DISABLE_CERTIFICATE_REVOCATION_CHECK env var on macOS for non-OCSP SSL tests, which causes mongodb_runner.py to pass --tlsDisableCertificateRevocationCheck to mongod. Fixes CSSMERR_TP_CERT_SUSPENDED during replica set initiation on macOS where MongoDB Enterprise enforces OCSP with kSecRevocationRequirePositiveResponse. --- .evergreen/scripts/run_server.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.evergreen/scripts/run_server.py b/.evergreen/scripts/run_server.py index 9757eb3a4f..e515db1c68 100644 --- a/.evergreen/scripts/run_server.py +++ b/.evergreen/scripts/run_server.py @@ -1,6 +1,7 @@ from __future__ import annotations import os +import sys from typing import Any from utils import DRIVERS_TOOLS, ROOT, get_test_options, run_command @@ -42,6 +43,8 @@ def start_server(): set_env("TLS_CERT_KEY_FILE", certs / "client.pem") set_env("TLS_PEM_KEY_FILE", certs / "server.pem") set_env("TLS_CA_FILE", certs / "ca.pem") + if sys.platform == "darwin": + extra_opts.append("--tls-allow-invalid-certificates") if opts.auth: extra_opts.append("--auth") From b8de97223cec1f096fc2d58f42ebcd91bf63ffaa Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Tue, 9 Jun 2026 15:35:45 -0500 Subject: [PATCH 16/28] PYTHON-5040 Use keyid-form AKI for Python 3.14 compatibility Python 3.14 / OpenSSL 3.x strict mode requires the keyIdentifier field in the Authority Key Identifier extension. The prior issuer-form AKI (DirName + serial, no keyid) was insufficient. The macOS OCSP concern that motivated the issuer form is now resolved via --tlsAllowInvalidCertificates, so from_issuer_public_key (keyid form) is safe to use. --- test/certificates/ca.pem | 26 ++++---- test/certificates/client.pem | 78 +++++++++++----------- test/certificates/crl.pem | 14 ++-- test/certificates/expired.pem | 83 +++++++++++------------ test/certificates/gen-certs.py | 12 ++-- test/certificates/password_protected.pem | 80 +++++++++++----------- test/certificates/server-kms.pem | 85 ++++++++++++------------ test/certificates/server.pem | 80 +++++++++++----------- test/certificates/trusted-ca.pem | 28 ++++---- test/certificates/wrong-host.pem | 83 +++++++++++------------ 10 files changed, 278 insertions(+), 291 deletions(-) diff --git a/test/certificates/ca.pem b/test/certificates/ca.pem index eddd5531e4..1d94edbe29 100644 --- a/test/certificates/ca.pem +++ b/test/certificates/ca.pem @@ -2,20 +2,20 @@ MIIDfzCCAmegAwIBAgIDB1MGMA0GCSqGSIb3DQEBCwUAMHkxGzAZBgNVBAMMEkRy aXZlcnMgVGVzdGluZyBDQTEQMA4GA1UECwwHRHJpdmVyczEQMA4GA1UECgwHTW9u Z29EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UECAwITmV3IFlvcmsx -CzAJBgNVBAYTAlVTMB4XDTI2MDYwODEzNTgyMFoXDTQ2MDYwNDEzNTgyMFoweTEb +CzAJBgNVBAYTAlVTMB4XDTI2MDYwODIwMzUxNVoXDTQ2MDYwNDIwMzUxNVoweTEb MBkGA1UEAwwSRHJpdmVycyBUZXN0aW5nIENBMRAwDgYDVQQLDAdEcml2ZXJzMRAw DgYDVQQKDAdNb25nb0RCMRYwFAYDVQQHDA1OZXcgWW9yayBDaXR5MREwDwYDVQQI DAhOZXcgWW9yazELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw -ggEKAoIBAQChHJfF2RcIuLXCZphAO6hVCuRlfT6clQNa5UJ3OMyzyDu8Q0ssNS5J -l7tm2mu7QVkHsnZonzICPW/fGi3a0zpJzVxHG0nrCbGInGHA6MVLJSqCCaMG4gnC -4BnKuD2pdQopuv6zhts5aoxgBSkpVCEe5lfmhIDTDDSprsTKEKBMjwrN2cP/THFR -QwbT8ruVsXm+go/6B3+cX1UXgM4p9xeVJeL5jz+N2S4puU7K0EzZirNcgUcDMZZl -sEigd0EDBvUQiHZei6ifw7y2JWScdXhfj5Pb9PtIr7kepc8Q72jyqWj+cxrObVVg -y1iQbRolJVn3k6edISHm5pNwjjc2laQ1AgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8w -DQYJKoZIhvcNAQELBQADggEBABSBzlbE93kAUd+BVp0AURZTvBiIvtGtwneCQEnc -9brsyX6Jw+zznsl5DyUSUv9QGH49n679ctpGLuFGUpk6LNpjP5Sgwzf+0h4BXFlQ -6dAYY0Coi/vfEXw+IALmKSVE33na2ofO60zDX8mnuj3S6on7TLsnwttV33qRgydb -jF17XMNuGt4uC2QwDxpcY8pEo7Q6liZFuzpAKt7lhSg24+Ujw0q+8mDwJmmqIxMK -URn1yM5KTXkTZY3wyjG41RzC4N9fhjmjcRAqBCElaspp41gqbLxtcwYCUtwLmIvg -3FSqOZPxdwUyV14hL2Iu1SoUCcN90QPVYGGxzrP49QoVoeU= +ggEKAoIBAQDPCKTzQFxW8ye5s614v9LnYiSJukCiwQH9dPlj/T//ll4KUNrK7pti +gZ84MvoGBKWGmEQIijP66TwwufsuS9st/whiLHXn6g7FdN/S3V5UTCIzOKdO1Usl +QMwxafOYO6dvwplT0yEoZ4NUwcOkJHEMEB0JAUa/tb1vyCMZQ+Vryv44gO34deE8 +Z7Z7RX8cuAbeVkh27kvpiOmt/HhvMjsyh+2EAvKPjkl+A9frXl8gVRUY3sk+quTr +XlRyDAy+5BVONWpZGksB21jft/rZaGLzjFPg8qNYK5bShlzZgWunl5vQiaGJZf5n +Cp4CSCANOG2d0BnBTSlaqevcKIqwQ9G7AgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8w +DQYJKoZIhvcNAQELBQADggEBAAL3IR9nsT59HTX+/jYrF96eicKlKQv8MS46qzJo +wArUa8mtj2Ro2rAFsa14dEjcDihgbyxgD5BgQAJnFXpkHqMnhPGM525lqOLCKju+ +DJTS6T9dl6evj1Qb+rdi51C7kUxEgtHRRsK8IeKnQ/j7aF/vrykRdt5Mr/xL8zCE +pSJzW6x5gRhDjj6pzyjC1KWOOMXNnfAVd0GSYa+JQ3WlWPfGDdk8pzAVFb5E+U1a +u29SoTIZkSyySHiiZ//2+ZIfZR9xAosIamMMZN+I3r2OUTbbPmA6ge0FHnnIq+ys +tk0vMVlmcPcXXEdwBksyIasMM8ljSSfXYQ9v5BvBGBFEDKE= -----END CERTIFICATE----- diff --git a/test/certificates/client.pem b/test/certificates/client.pem index 588c26c7df..1891954636 100644 --- a/test/certificates/client.pem +++ b/test/certificates/client.pem @@ -1,48 +1,48 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEA7pQTnTiV2W8/EzkMWjSUZmebkOh5bfUM2oX+bBi8fhwMDlRv -SlD2iZGQYmwHT2j8WGVIjjsbRiBQiFCq77HWTtea+co+4HzUnqKGSX4N7i+ef+sV -xZAOQEZABQjVmpTnqw8y6zwPg/IetPxBVHX/VfyzN0QlURrUYHTFuhathwJVFFzw -Vjgv2XkWsAtI3eirohXax5ZLfS/ZHCPje1x1iUm5y9kZIicFW2n/0hF12fzIT501 -va9w65Z3FVCQ78jHvpdhTkcbLjEyzNVzDLbRWs/HB8ZM0FpYZXyram8jGgIL15U/ -67f4G/IxRxdkPyPVQwHKEd1c3UYta5EJftfJIQIDAQABAoIBACIWnkbUkvSiZIzG -lfE9mgaXvy6RSOhhHxkKFDQ1xJjwQPi7L7uand9CITMu5EyAX63xqtBHubnnXBpe -DE57Rne1brtKHnnM3EReTHmrvSnPPAJjAJVd4+tjHjqZ7ItNw1w5q7jYuA7ORXzu -nhcHVRhgJus6nWpdPwMZLDdOjjS/5e+Fmn86nqyRbICPDZp85J0bMB/6OTrjV1LH -fcCsWvxtJjc1NCSHSZnBrNjd7vpf/CJhfaYoeu8WcFN9R5Scq66Fcgk5UNX6Lh5M -kAFmtKfgNs0MmJiAvGazrJ0eHSfBFfqOB82T5IfVb+s8i5txPu8yD9sZFyfQjkI4 -petk65ECgYEA+eJX3/ovnBniIRXVv0RRpyU+UQGUQZBWh3R1r48nLW/eWcyaGkP1 -sOoHpFRD8Rt2hK1qzTZPbmb1IqEn7bs4mgGimy7eWx1nBt4XYG97f52s7FaHldxr -jGu+4x5EvTWfmERBpOS3ZDIRf1OmNIoB2H2CIT4BA1xNqzoe25wJUcsCgYEA9Grl -n7N8qPxHbdax0KN5FC4cnern3rMYBzxTiHMYM9jlc8fRqIodQnrq+tyJnQM6TaEr -FKnDfjXbadWo07UMZdv7bejb2ECa0Xugs9vtZv4RuMH+JncDVK9EvsMRuyNP0FF+ -oIF891Mh/J854mTXx5zmlqSX8O+JWOPxdu8WA0MCgYAl8hkmCffw3H1aSNaMlPNR -TnaIFpVM335EU4sLfdGVNMevG0LLekZ09xTx/1nR4zm8LBlr0DN/sGLJP2+wyh1u -RZFLv3JEo9JhWJh0LHm0h10bBojQWQh76mCyXIZTtTDnDnZpc9HlhTTjAPDcSZi+ -J1D7e07sE7g3qDvHXYqMwQKBgQDOZU6Os5S7Zn4zBK+XTdQ69E16FRnEd1v9EDZB -7V8suSXZxY0IU8ktkHrJaF5U1prvXv/wLQNGmtgz4Rb139ceVMtXHuI3FScnasxj -1X3+EOKKMFcbyDhp1K+qnzNj4gfOFGNnyrDqcasrlpHc2edVSut1nnwoGz7Sb3pC -QtdF3QKBgCB/C93NkvnBLg8ejDCuidERScLTO4sQsLnlV9DvuqRBkAPrFMBCm0g5 -fha8nNQY2Y9CesblCouwqBcnqIEKi9DNCxjhv3gbw1HPJodsuGvIfSaUD5PbB/+I -NxRPsVzkthdxbVpplXWeyzuIzJiPEDT4e5dGk5I0he0DnnW4yz64 +MIIEogIBAAKCAQEAtFFpcEQKjDygcF0rleKtia7bV9aiw9d1N7bGT/OjrhM9nmvw +NmVbT9aRB/Rlzn1okJG+6XADQ3BqXS9orSjI41+QzfzC0IPK6edrtKkKaxj99yav +Xw1inwNQl+pXe3pN6ea2G/TYifMAOGMNn2qdHlDM2vkCOdPQanBg99BXyDGEYLmZ +sMap834mYHoOP4daP5hy0YneKirTWJJmXMwjapglQ4ieAoIzEobMqkistTHsz5B1 +KR965YtM8F7JbxGbkKYn7UE2TFBbWXHXru7M3pWh6JorSzXxdLkJSkcB7paKAj6I +WLBT61s5KfmZpHmi1oEGkDlIhjFnXVpHrIrSaQIDAQABAoIBABAPVDHAjaPx3mRD +mBcwaj5iCX0oS7TforwElmMWkxR0+D785BckLd7NgHtR5CNg/ggqQvOtm0zNXVvR +ViReBo5hu5btFTjXFCKDDw+3IotpXW0+z83KdmctN2dgYsxHl1rmxn907jhTIUjk +YZk6OKYzkhtKpE0cNWrVeX142+ijggYMqpaU/O45oRfv3nLcyzc5V+TKvS6OwUhu +e8/0JBZWM3U0CwFpmxamZwpn3XMjBUgJ5RWEpb9jzR1iWcFs8x5/13tz4u3E4UlX +8QAuXf5M2zKWWB77kH7b+zt9tlxTd+ngK5quhE/zCmk7Reo8ZiKhzu6Y6f+eWyC1 +WY+jG1ECgYEA5nuspw2sx/6/0SvPHX5dgn31WgrzfJNjAnIeHcKsvDbEk+/EY/VI +SPXGskyXD/lZOISCt3Z6wLIxOuNRNEOlUA2uHNcFbdralab0YQNe0IEE9wBJWAuH +2YYeUIelEWMHsMzQBiCjQNq+4wphCKG4ziKqMgso0MQeXcmvsPr0FF0CgYEAyEf2 +2/OZcYnK8zOpIBbaBH2tIpgR7kXdcfBrlsgs/1NNzzF9yAtbfOTw+XsVOG4b9t4D +vGhnRTqyKM4j20PG+D/Hqyf62y+MtSckjElvhetSPFJXSP5YX6pXFqPNf00+OghM +Rzx5thvpHcD2xG8c6qyPquFvs5nif2CBvrFiVX0CgYB3hfc5AmxxonhSvsc/YkKX +4z4THc668avMnuVjRYtSZ4x1s0dDFvYPb/VEjVdhX0uXdZBcF8L8nuvMwAlicxoN +c6qxJgiYuX/VT6k3jgnjUqUCelGOqRwf/99En7NIWvSoCO5v3wkKHuYS01USptsx +euSL4yGdcbbVqDvGKb3duQKBgEZ5dDcfd84I854yfn+pKtxLsOGsaxrSAMM4G1O6 +aoMJuCaBPsZmoLHJCbZwBh6OOE7c/qmMf1JP/iL3roxYRCpUnxjt/4qjJ7sS4/xt +Vs3j6VMKkmZAAa7gDLcNuqDh+FSJWPX0JMvc9GGg5fRnOOCnCgLSQvEK5DV4Kw+D +8ZstAoGAWzq18c9rdJjyLHwysLdqABV46Lta7nigMawaANN72obCmLNxsB8Caqxo +nq5DLPZkN4cnL5x7KQp2nTSGd8jwIfejx/Of54MJy21TRiGIGvCxKRlzwmMUi0Jk +rmwtA2PllPLOt6tHGXECrUo2Y8cWJ3wwaQiMcsohiV576YBRD0M= -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDgTCCAmmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADB5MRswGQYDVQQDDBJEcml2 ZXJzIFRlc3RpbmcgQ0ExEDAOBgNVBAsMB0RyaXZlcnMxEDAOBgNVBAoMB01vbmdv REIxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxETAPBgNVBAgMCE5ldyBZb3JrMQsw -CQYDVQQGEwJVUzAeFw0yNjA2MDgxMzU4MjBaFw00NjA2MDQxMzU4MjBaMGkxDzAN +CQYDVQQGEwJVUzAeFw0yNjA2MDgyMDM1MTVaFw00NjA2MDQyMDM1MTVaMGkxDzAN BgNVBAMMBmNsaWVudDEQMA4GA1UECwwHRHJpdmVyczEMMAoGA1UECgwDTURCMRYw FAYDVQQHDA1OZXcgWW9yayBDaXR5MREwDwYDVQQIDAhOZXcgWW9yazELMAkGA1UE -BhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDulBOdOJXZbz8T -OQxaNJRmZ5uQ6Hlt9Qzahf5sGLx+HAwOVG9KUPaJkZBibAdPaPxYZUiOOxtGIFCI -UKrvsdZO15r5yj7gfNSeooZJfg3uL55/6xXFkA5ARkAFCNWalOerDzLrPA+D8h60 -/EFUdf9V/LM3RCVRGtRgdMW6Fq2HAlUUXPBWOC/ZeRawC0jd6KuiFdrHlkt9L9kc -I+N7XHWJSbnL2RkiJwVbaf/SEXXZ/MhPnTW9r3DrlncVUJDvyMe+l2FORxsuMTLM -1XMMttFaz8cHxkzQWlhlfKtqbyMaAgvXlT/rt/gb8jFHF2Q/I9VDAcoR3VzdRi1r -kQl+18khAgMBAAGjJDAiMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcD -AjANBgkqhkiG9w0BAQsFAAOCAQEAambnQsweSB/Ojj4aUzWd2vc6DxkvONlYmVqJ -IGL4xAt01S3e+i3CVYbCLAu1juOyMfcwQwIwX2YCP/Ojm1+9oELow+scHK3jOnRI -bF43XONqrcqyWPCm7OTN0rpjZQ460BwR8ODQaKoLHDRWY93ND83VnbjcNHLfZmzL -vAGUJrdgAW5MMg2sj1mwGmoBxY9LuU3YFdJka98fzx3UlGHbrS1NodyAbIkOE94c -kxkWk60DHbMGeTkuOm0wduKXk7paAz6OIUjzLFhF497KtnXqP3TLED7kurSXOhW6 -bcOQ9ENVAWGaPGH0xhm/66GtMl06dHB7/sN7MtbiQCQOXbm5Nw== +BhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0UWlwRAqMPKBw +XSuV4q2JrttX1qLD13U3tsZP86OuEz2ea/A2ZVtP1pEH9GXOfWiQkb7pcANDcGpd +L2itKMjjX5DN/MLQg8rp52u0qQprGP33Jq9fDWKfA1CX6ld7ek3p5rYb9NiJ8wA4 +Yw2fap0eUMza+QI509BqcGD30FfIMYRguZmwxqnzfiZgeg4/h1o/mHLRid4qKtNY +kmZczCNqmCVDiJ4CgjMShsyqSKy1MezPkHUpH3rli0zwXslvEZuQpiftQTZMUFtZ +cdeu7szelaHomitLNfF0uQlKRwHulooCPohYsFPrWzkp+ZmkeaLWgQaQOUiGMWdd +WkesitJpAgMBAAGjJDAiMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcD +AjANBgkqhkiG9w0BAQsFAAOCAQEAV9z4d+BQU3r5U8Nuw+MdAe9filIlbbMZQOgu +i9pknDYb7OUf1S7c2fNIUjt5/9LspSDmi0FO6xIsW5ZYDH99/eP5/gL9iBCYho2d +g+awZenny7IGZjVIpsP184vZJfyZ8kWvcFPX3D/HP6Sz7nWe5FwfUnmyfKRLoURY +gS80HsxxincfMRw1D+vNGCXcsV5S+3NMe/2P88XWM6ka240Jj/GR4dCiEfw81Jl5 +5JxiRuKeaUyz954DmTljjiN8lCJVGLM1UXVUam2mDStkITgknYjo95IWWnddHzP1 +ZBBVw/u7dr0T4alJ8JZGtnrmwIwvDe+64wUEcbZH2XV2JVksXg== -----END CERTIFICATE----- diff --git a/test/certificates/crl.pem b/test/certificates/crl.pem index f2b6bdf1c9..1eec0276dc 100644 --- a/test/certificates/crl.pem +++ b/test/certificates/crl.pem @@ -2,11 +2,11 @@ MIIB2DCBwQIBATANBgkqhkiG9w0BAQsFADB5MRswGQYDVQQDDBJEcml2ZXJzIFRl c3RpbmcgQ0ExEDAOBgNVBAsMB0RyaXZlcnMxEDAOBgNVBAoMB01vbmdvREIxFjAU BgNVBAcMDU5ldyBZb3JrIENpdHkxETAPBgNVBAgMCE5ldyBZb3JrMQswCQYDVQQG -EwJVUxcNMjYwNjA5MTM1ODIwWhcNNDYwNjA0MTM1ODIwWjAUMBICAQEXDTI2MDYw -OTEzNTgyMFowDQYJKoZIhvcNAQELBQADggEBADAGv1p/woo8UVlvZXdzSJAOeqdv -UaTJTcGr2sR9W9eBQTpOjHHZ1MPTy8Vnruo1po/5CV7HWkJeWrm9JAUgdOyNGUVk -xVP+sGgkC0GzZhUk5gq9jSRtDWYuRFyORBn3Ax3/e0pOoXtvHY8tv+a6ll+RN8qU -N40tKwDbP2zCGi6i59g8kRmR0UVEEKsJ9Ybv4AnpHHfhJ/CPgDn+xIWFS2ZLwQ/M -2K1m6ZjPL4CrIqtkTvED/sXU+rOUiK4NKTc7edkFjuo9L+vaFWnjliXukWT8AXkT -jcdl/XTdDtnm5O/6LJp26G8zPwOUElMO6xaabdrgVw/hunui1Rq71IV6ZLY= +EwJVUxcNMjYwNjA5MjAzNTE1WhcNNDYwNjA0MjAzNTE1WjAUMBICAQEXDTI2MDYw +OTIwMzUxNVowDQYJKoZIhvcNAQELBQADggEBAFWjb7KWnb2Dibdb9s6ll5xfoHj1 +jvhIOzzCjfglubDdSgylYwRuoggdYdCZBoUDWU9V6rFcdNKtuVYPYS0SO8m8S5ob +oamz5gEEUari61sUJ3GU+TIYIVn+clwgNwYY+gcXMiv401SEpSZgz7v2FtV60uq4 +aM4xZ25tmPKl9OzJNQkyOeDJXNx4WvSrkCL90CsChv8t8bOP5vA6GSUjHuvaRV2b +ThQBXnwdEgHk5kfotVKarmnlgTVrPm6yz1ONyyKsCzRlubiUnkAE8ct5Z36LsEwj +VdGryqZVpmjbssCLLKRjIVZ4rXFZcI5zsxSVN1u0Bkob9eNMaItw2j5Luc4= -----END X509 CRL----- diff --git a/test/certificates/expired.pem b/test/certificates/expired.pem index c996184342..73debaa250 100644 --- a/test/certificates/expired.pem +++ b/test/certificates/expired.pem @@ -1,52 +1,49 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAuLxHQmnfos7kQY+erHO16c9WKBlU1KexkZMDspR+dUUVbO1O -bT9UXbCWzFafZAaHZpUlEOl41T5IydSirFKrbhX2HXXydlW6s5pCvAOXeD/UQqM7 -SOfetrCHhWHlVdJlVcMblyei3tQutr+KNuUUTOv0YYC/5gc3EXk2LvSZzvr2+VVW -5Pz9812gWLu6WrqqE7/N8K0tM62PxhFiMQNGyDysnhyWSJtvf8OpJyk2Vr8NXg1G -GVbR/7zEniG8QPp/e1AnIm5AKuljWqPirWMClKa6OMI9Daw2uwlTucJjWGMVg1ql -YBX9ktUajVkdqKp+gPvnCKPXwMmy1ZQb4BHqiwIDAQABAoIBAAEGqq6nv+I7m/Dx -R0RV8DC4QhY+7cWwmL/iPScExB8Kny/XsZPRwjoy/ONtp7z6fE4JjgcmBNHKYsUc -NTsXynP2E0Pen9Yga8ULmktJCdJVKGymU3H4N7h0CoynGor7fCyZxNF2GuV58Dh7 -n9zmMNKsjNLt0CMK7zddoPtpyGDp6YDHQmOMP9TqAx9QNKlKu1vd0AcjliNmfvH2 -QkvmhAfl8CaioOGe0qwjceEo+vkjdAjVyCzGyLxy9CUAabBXqkTRlx1wI42IuBrf -/tfH5IJFQotEd6rxj7hsjn2lhFKkWAmeVAX0NbS39a9ARyBtKdGH87wkMYdd47xw -RhBxrCECgYEA6+qpBHfuWNwwdYGbP2JTIVTpzqSaoY1pwJnIEXLROAoHY0FuVhrZ -6EzT/zhiUBOianEujgUkz/j934G6be1mhOD3w2Xn15XCIl9VWIGaDwNVBkh4fROp -GFkLfELel0B7KaWj7ShACn88oRgStm8JoQ+n6iKvDSbm1vBmJuhzprUCgYEAyHY5 -kSevbtJc90VQUohNwf63IGLZYioJ5VtDgdyRwRbYarePpUdIWuseEZhet8LP2vx4 -u+fqnUp69gWBi692ArPDVlqWlzrwpoq1a2If9NwH/LXoCYieyJc/TuHJF/ANa+R9 -TR5aaJPUrKaIP1helTfRsOBhVMGuChT/L4oW1D8CgYBFk29FYhlpG4cvIIoop1bc -/a32w5TXEF2f77qRastJO6vyGdnwivq5B+991aMo+qFrwvV37QxuSYCV6iyRPvJ9 -PdvURLmbWw9mE7eX4qEMzG7G65idSq8T/y7j9tSuxtWL8s3lo3k/n0bCO9dI9nZg -ib17z77QoihyO3PlBakWAQKBgDeM030PA0VxlAONuKl2Th3xKOwXmGfkgGOHe9iT -t+xLGWPRREQn0bwoJWf40l6X5KOpjQd9R/2YcyST+Acuc0RibkISzmJQGfn8vDNq -uLJQ+wGjow5pRp8NkqSYWvKAOifo5HQnciRCuw+xAlaTdXpiQoCCXVZwaXsvwFt7 -J8JfAoGBAOu9qgOKKz4miax54EaE3Ecko5WqkIF0JSKaBgoRaWZ+noMURWlAWOvo -6KbpkMeAYlSfHo18ILljNVf4owPiHpVy97L5TvApWZWv+O5/2lscVfXmYV2MLC6l -n2eG9x9WRBpBupmfJ6W6943LdGLlDxx+b+Tg0coMyFY5ofmpE1Aq +MIIEpAIBAAKCAQEAmhB1ikvQK2V3XgTbUIKHZ2o+CrwnLQrDE0itRjT84HuCSAl7 +bDEp2A9+i0OfM1iSYzzfNtfoyEXj1CQFaPnOZQ6TnSqXiIWCeEFoFCXGQbOINYtt +C6SYIeZRd9PrN4L8S3ecab4FPPVrkMJmz5HSBUYw6DbxM0Qxt0kQikc94G18DbqE +pdi3oiJvimoqdyXoCD7lNdmST2GtZjm3lWmgqf7PKblbdzE7punhqYOMFYE14gtG +o6zjuXclS7fw0BexbJj21KxjwnLHadKv37WJpEEDZOvRgaMQvYMo5ULqwMBgIJAz +Biou72KeorERrWzesdkgqX9N8iIaDREAbTcDOQIDAQABAoIBABsfxTXrOZP+Wfjv +VXZz+KdcJN6qeCI9uBET1U/cQd462Hna04Q9lp6fwbl+lw+I60L2A12KP0VNSrp9 +egdcnbociiAcUM/8I3eNGmgbq29DTrqQmMr5OECVpme4o3ujP8yAm0Thq9Xq5nx2 +wXePdoCvtioYDDioq7EXd8ZEmzABCKi04imLFAlWjlzmQyL4m21JnQp32PeOT8vr +hAhogMqjdU1VFVt33FS+ZkCXZtxvBTKNTz8J+0ihBZmo8hx2yIax1yG9LKK1GyrQ +v+MjKP28OdMi3fp8A0dSia6H2mjxcySiw2FeZ++1KEwENEYHBDN9g81JaBlvhpUJ +iOK94gUCgYEAyz6MpqjLXnLT+Vr1og2w+ljMaNd0pXlBxKZBhAtl9F3vJEDK7dm/ +b6niAzQbu0DNeDiOB8vPi83an3DSZsLwZ1LjkH61ws8EMG3IflQluP2C4oxdG1KE +sfcMmAXIq/8OQWKmFvda1vMfd3myeFEHHL6fvUeQDCUyfoRvwWFnz5UCgYEAwg3t +xvLm2h8L/u5LZxwI/C0DmT+6h6Sw8wiz8wsA7x2rBGw4aY27MjUdUu923BEU0UeF +pdPwIPR5UtOI+W1MRojKh/9TwZXNf23cgX+wzetKVpMySIcaBtzU8EPHacEPnrtM +aiRvnF0KTdV6EE5lhQNds7REJbWriBuHI6wYDBUCgYAIYrxK5AwACZzVXPtlhEsZ +CTDl4n3dlfMwuetaF15NhtKnHEVDKwjLAqdgmnXKdBIGM88oYzBdBFFQ4sbLlp90 +o+bfv1qgfwodNWpgS/iCeXM9Ba2RwwXWkerjGtn8vrlH2Vog+HO3CrDxrQPAExfI +B9VvadR3q9E5hx1VTT+LQQKBgQCMPEambKlZ3e/sVkcVh5QSsXEVUZG6LtFVgOeS +b1RIeRc6xf5qgWtTmEDNy5II7SsvJlG2ChhRqHr42Tf2kP77RiWe7GyZzGlKeplM +2HtsBGqfcBZ5hXDQnswfqcu1aDiijFZnqlciF7a3ktt4Zz9ERa90i4RoAAarAMHD +jL2AFQKBgQCtWsu5rWfqCOq9zW6HBlwQJWFOWUBIYnlBaN/iSMKqPpOTYKvt0zCs +pikjB/aXbLd3+EAxo4mjJo9NZ257ioWVzQvbjlh8lSwb3Vb2FHIBsQaDFeIFlakW +kInm2dorlFUcjul4CCNvhi735WIbaj4BzBw/kCj0uMtBvesDk0y4QQ== -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIIEKDCCAxCgAwIBAgIBBDANBgkqhkiG9w0BAQsFADB5MRswGQYDVQQDDBJEcml2 +MIIDtTCCAp2gAwIBAgIBBDANBgkqhkiG9w0BAQsFADB5MRswGQYDVQQDDBJEcml2 ZXJzIFRlc3RpbmcgQ0ExEDAOBgNVBAsMB0RyaXZlcnMxEDAOBgNVBAoMB01vbmdv REIxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxETAPBgNVBAgMCE5ldyBZb3JrMQsw CQYDVQQGEwJVUzAeFw0wMDAxMDEwMDAwMDBaFw0wMTAxMDEwMDAwMDBaMHAxEjAQ BgNVBAMMCWxvY2FsaG9zdDEQMA4GA1UECwwHRHJpdmVyczEQMA4GA1UECgwHTW9u Z29EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UECAwITmV3IFlvcmsx -CzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuLxH -Qmnfos7kQY+erHO16c9WKBlU1KexkZMDspR+dUUVbO1ObT9UXbCWzFafZAaHZpUl -EOl41T5IydSirFKrbhX2HXXydlW6s5pCvAOXeD/UQqM7SOfetrCHhWHlVdJlVcMb -lyei3tQutr+KNuUUTOv0YYC/5gc3EXk2LvSZzvr2+VVW5Pz9812gWLu6WrqqE7/N -8K0tM62PxhFiMQNGyDysnhyWSJtvf8OpJyk2Vr8NXg1GGVbR/7zEniG8QPp/e1An -Im5AKuljWqPirWMClKa6OMI9Daw2uwlTucJjWGMVg1qlYBX9ktUajVkdqKp+gPvn -CKPXwMmy1ZQb4BHqiwIDAQABo4HDMIHAMCwGA1UdEQQlMCOCCWxvY2FsaG9zdIcE -fwAAAYcQAAAAAAAAAAAAAAAAAAAAATCBjwYDVR0jBIGHMIGEoX2kezB5MRswGQYD -VQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0ExEDAOBgNVBAsMB0RyaXZlcnMxEDAOBgNV -BAoMB01vbmdvREIxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxETAPBgNVBAgMCE5l -dyBZb3JrMQswCQYDVQQGEwJVU4IDB1MGMA0GCSqGSIb3DQEBCwUAA4IBAQCRdSa7 -JKhp9ezkCKHMsbVEqql0n+5rBmZUK/mf8SYFIlnSNl1q/ME2migPVoDj/zd+Xqk7 -6TbFbhXqVRiXV7+BqVMgY2bMolZG9iXfJ43tBKeFzH0cBOCMUE753mAGg0vEGAmD -z8jUkvD8n34ikTmW5H9BAF1Oz5CMIl9rOp9JHi3CUom6vr2srOqZ4l+DC8p34j6P -zsB1NFiy/ZPNDOf75v5027YtLvcRZ0tgxGU0L7Ccdslh/D17woAmb8XMT5pvMKEv -L4c44LDL0ixcFZOgu+0sMOE5b1Cdsg0gukl/oNXJqOcDFRQUXMbM92yfuuJtBvUs -zeyE7ov1ry/8FCOy +CzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmhB1 +ikvQK2V3XgTbUIKHZ2o+CrwnLQrDE0itRjT84HuCSAl7bDEp2A9+i0OfM1iSYzzf +NtfoyEXj1CQFaPnOZQ6TnSqXiIWCeEFoFCXGQbOINYttC6SYIeZRd9PrN4L8S3ec +ab4FPPVrkMJmz5HSBUYw6DbxM0Qxt0kQikc94G18DbqEpdi3oiJvimoqdyXoCD7l +NdmST2GtZjm3lWmgqf7PKblbdzE7punhqYOMFYE14gtGo6zjuXclS7fw0BexbJj2 +1KxjwnLHadKv37WJpEEDZOvRgaMQvYMo5ULqwMBgIJAzBiou72KeorERrWzesdkg +qX9N8iIaDREAbTcDOQIDAQABo1EwTzAsBgNVHREEJTAjgglsb2NhbGhvc3SHBH8A +AAGHEAAAAAAAAAAAAAAAAAAAAAEwHwYDVR0jBBgwFoAUGNqWLL14sQKUElEgNjmw +YzBeeSMwDQYJKoZIhvcNAQELBQADggEBAA6yyK0AMnnUyEJ29ZTKOHREgklO+VcZ +j3dEYyqz+86NejotWBEDgDrfcEoLP4bACAvkBWo6SFbIL0PnpyA6qsHebLxgRHgg +0v/b+An+R4Qu3FSAGPJFcFHiVnxarMuCZ8h7B7Gx7mCKeStsAYlCbQmqgQaqrieU +Z7dHhmOwLVhniN+skdM+8gc3NWxPaJjYREzNBbzp1OvT4vDHqxMywnpSPhvfNOoY +yJOERR/9NrKtPvAb/CXwOTkU+ae6ZLrn9XiX2ooja2kXiARNYCNknYD3iTD3M8h8 +ySxdscA1S07Y+gJ8vd9B2T3rXKzNQ2ZD4v5a6pDv0pDV9DEQagfDlTg= -----END CERTIFICATE----- diff --git a/test/certificates/gen-certs.py b/test/certificates/gen-certs.py index 41083d31ce..48cc2e8f73 100755 --- a/test/certificates/gen-certs.py +++ b/test/certificates/gen-certs.py @@ -74,14 +74,10 @@ def cert_pem(cert) -> bytes: def aki_from_ca(ca_cert: x509.Certificate) -> x509.AuthorityKeyIdentifier: - # Issuer form (DirName + serial, no keyid). Provides the AKI that - # Python 3.13 / OpenSSL 3.x requires without including a keyid that would - # separately trigger macOS SecTrust's keyid-based OCSP lookup. - return x509.AuthorityKeyIdentifier( - key_identifier=None, - authority_cert_issuer=[x509.DirectoryName(ca_cert.subject)], - authority_cert_serial_number=ca_cert.serial_number, - ) + # keyid form: SHA-1 hash of the CA's public key. Required by Python 3.14 / + # OpenSSL 3.x strict chain building. macOS OCSP enforcement on the server + # side is bypassed via --tlsAllowInvalidCertificates, so keyid form is safe. + return x509.AuthorityKeyIdentifier.from_issuer_public_key(ca_cert.public_key()) def server_san() -> x509.SubjectAlternativeName: diff --git a/test/certificates/password_protected.pem b/test/certificates/password_protected.pem index 9e264fbd55..b75d0931dc 100644 --- a/test/certificates/password_protected.pem +++ b/test/certificates/password_protected.pem @@ -1,51 +1,51 @@ -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: AES-256-CBC,01E668EBECC8623A8D736B1B9F7242A0 +DEK-Info: AES-256-CBC,C0A455BA629E0E4906FCB74274DB3E9E -h3FAkObxGZfI7R0uWjWmpG8y7tsA9SxHkbi2C86hQ0QoLSYSvEV3uI42ahPKbjeu -KxseeyHLdHe9XuGGKdPlB/rhNjZc086lq/b0JHMobOQKP8b88IQUp8iDgTsTNHbL -7N7avfn+EkT4FEF8ad3+o1x/KFaHymxHRGkm7nHsfGXoAsxoGz3oeD+fQgG4m2Ew -8sKUGFLUhlpd+n2oglQI6BI2FwkIu870WmbHDt+nBhUjsz9c9JRksS2Z7+w4hxkh -V//73Jm3n0rwI4wSO/GHcojLAV35bVuR/b6n8Z6opSCQzctQALIhMfa2ouZpjUM8 -RrbSgOszWj5rgMVkc+9+N9n4ThnL43J1hmVtpOQ3Nm5SOjsk536jxMCp61W+k7vI -teZjH/Z216+NPpiZVuclVbpO5Dj26t+BtZJo2Bd1KNh72V50d5leBrv1R+XPH9ll -Sj1pZDkKFu0nKfNBzv7NNK8c3MkkTPvsvTZj0KYP05ueCsUqOUXePY7Bv+GeF+iL -rkP8e1HeV4MAXSUrEfT+XOfzmGG8vZOcwlg8opDbjgJX4Bqfwpgprc4FdTIj2AP8 -21PFHrfAveYf4ixNTICQR2PqQ1aMz6pqnCpObCU+pRWLOg4HayGH9d1qOjSSlQhc -ZJL7gtRhePJOhcmBQETCHueKessIPhqgm37O5MAUZ6qijIT2LHabqgnYX2QnzfeS -AzWYzmXDOITtBv7FyrOk0WUuIkRPBoIfKoskUy29xqA6PVVQfRwVH/InllLXUMcF -ECb4pd0i4yVuDy21g2BP94LvLF4RMnN8aCMm4ocvNj7b3ZTyuUbw9XA0tFi9VO5L -BvnbKtFw0sH/HXA5a9HA4H+o7XG9QgWj+iqYBX/bvmbVbZUFEBDjvxjUnH+gejKO -A9QvB5HKiMHF90llPc0Zf2sWhcjED5+WEe5LJ58bTTwdUmLaJ4FharuM4KEQ4kcV -y8wB9MsR2619QJhjcmXxFkJdgAjoBw5PG/QFQEELjFnRE9DZR00jIz0zZv2LeAfJ -pzU7jI3A8ZQfBvpXBbqb73kfBbvcmcEfNU3ixlMwTUCn5AS2G014Oo3KQ0L5d5Kq -NUw8VXQ7OV85krxYNHQxYWDmwc5nCXRdF/A1U+if3DDwAJTx9bVW90mKephFekPP -ZoiWhwBSyqOZ5WiwRffOOt46UwRfVCWlwIGYJfYtl7I+qhWcL67Pcn3PVBRH3pOA -dW0bDMUqKIIUjG7NvTW+EvFDXm8W68E8qi3QXxF1lJRP9TF9p3lxxf1DQauvZ8EA -V4oH/ubXgnBTbHkHosVQgtl0ZjIZsCPfdmyHcqAwu7jCRuJmk4qN8Dkacmu3gz0I -/31t7TXWIpZ5G6haDY3D23BSEKKNCc4KBIYWaN7ZsHoTOyghManM44pj+5r7+PR+ -6ErxlR4eHCI/4+H4yFmFtTO8fku7n7jyIeVpxGE24ZU3Sh1OZESf1JmMwpuoUa6H -YXrHDhD9VKZeJdU5yR5gDEqL8UJqXZbOaNg7xZ2CbHvIInX6lsRjISR49e6IdmEf -uD530tOlKNfB6Ibhb4dopv3HJjxen38P1hiJV24zRJuS0mnv2TDXStMwPTdcaBPx +YobJKIbO9h4eRPA6rzCOZX1z6UbmtcRqXbedF1K566C5iKfwt8Wx0dDDjKr0DFSZ +QzD/6j/4s/Q7f9TkOT2mi5lhhzs0STwg8PyumzhRiKQrDiLU52jxr2hIiw8Qk8Bz +FF6std0Um3VFCTTURIFY2YCU/SbM1tPVqDYc93oAsfODibzryA8+bU1FybNQDJPN +Z17D0igFR965N+xBKGQXSNR6IyjzURSfHVQl/eOfoymfbFKcMNEu1j5y10+kes4V +g8G1c9Wt0vfcnpGFQdTetN11ttv5pbQWb+qUp1kg5EEb7BOaEDVrZiMGTkUk1uct +S6/8nfBRkhEwbF7wMZyEjjdB70bRqLmLEAwj5MYrB4JzHgYKG8dRA4CQeeDBrMZL +NDR70G4lWmu+OPMgEbe3gdZ3sDJ0hd/A/refenWd5uRwa4/v35IZUpodibxk/uPV +RZFMQZM8+D25xhq+5T+UAaoUJ+VQYX0akxVSA0oQ99rZwaYuUHnnkgsM0x/Jdee9 +v0/2WfvEZnZjH5nx4YyfVHtY4Ig2JmEoAQ1w1/LTl6yy++6kIUcwZyyKwQSLmFgN +54ad38Vc8VApwKGaS0ZA5Gb9wccNFs+BAKlW3Okz1I/gWAVGFLTizcympX34gcnR +Plhh0iMEGyoMT/C9dS/SK5n6rqPnZj+9hg9WYDPkGsaYnveLeREQihfYtDVsM0ah +TsFQ2kG4DTlC3sFYBXp9hK065yEiCWI66m6dzteczNJj/uz4Yr5g4oHZCRh6vjIS +lhG4pdpV3lNWgdjr5BRoPrmikMLo6b2wKZCH6XHJ342RLM1W/HjkqVozRgz7pI4q +wIIh0ph05G30kkp8eI0rm3WKadX1is0su0WwXNQY8zhnayIRJ5UeGEIRXFwSiEQA +vnNCWXzld88S5N9EPcxl5PYfa/LcrwA9ciK6xdiOPK2bXjqc76e+jxCyWGEdJbPr +l3pt2RA2kt5AUBYF98ml4WSA4MHpmw4H2hG1tTsKPgf+YLbGQfV0sdxjgeDhwItS +howVIVqj2WCKw/nUGIwwJy9CQxQb/eCvJ7hQixks2pFm16dLEnMOsRSdqzmvK4za +SbD3MbntkupYg+PcvGwZZW+BdKc8mRM8zrOPSLKmt188qBaj9N6Bfvc7FuayzgoW +tSKJC3n+t2UQJovKnJT+iXsId2R1eCDdfO/UXNTiuzVMS5AUxYDgatwtWT1AwOBP +b9ysFpQwVZ6ohx7rWxcXmfOc5j9RfGW8ODlgjClUt55J1WTV+dXCm2aB83TZ0oJN +jqJud/l4SL8nrL0YOiRQZxCp20wChu0D6XEz9Hn2HimOguGfZa3ugAWF8D2UkmAs +Y+QC6mPJaTTNJ8rl0FFroCTfOO8TzJ72BAbLIDh5DQzW/kIGGlGwNYDn0G+5MV0u +l+YfTECmjCy9ga+BcaSy6vkVx48nb2nvPLHRdDSfnbNg8bFmK5m3FoRkiNILmQwZ +Yx8kNmuy/Rthnl0ZUQvCeFAxD6BM8QaWY5lnRTGFAs8hg/ZxFPxOXe4njNgZCWQA +BmXRHTX5lQWzkGxGhOwiEudhlv2PHdNH9NNpx4ubDCqnY1Be4kut5E7BUmaOUo9M -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDgTCCAmmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADB5MRswGQYDVQQDDBJEcml2 ZXJzIFRlc3RpbmcgQ0ExEDAOBgNVBAsMB0RyaXZlcnMxEDAOBgNVBAoMB01vbmdv REIxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxETAPBgNVBAgMCE5ldyBZb3JrMQsw -CQYDVQQGEwJVUzAeFw0yNjA2MDgxMzU4MjBaFw00NjA2MDQxMzU4MjBaMGkxDzAN +CQYDVQQGEwJVUzAeFw0yNjA2MDgyMDM1MTVaFw00NjA2MDQyMDM1MTVaMGkxDzAN BgNVBAMMBmNsaWVudDEQMA4GA1UECwwHRHJpdmVyczEMMAoGA1UECgwDTURCMRYw FAYDVQQHDA1OZXcgWW9yayBDaXR5MREwDwYDVQQIDAhOZXcgWW9yazELMAkGA1UE -BhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDulBOdOJXZbz8T -OQxaNJRmZ5uQ6Hlt9Qzahf5sGLx+HAwOVG9KUPaJkZBibAdPaPxYZUiOOxtGIFCI -UKrvsdZO15r5yj7gfNSeooZJfg3uL55/6xXFkA5ARkAFCNWalOerDzLrPA+D8h60 -/EFUdf9V/LM3RCVRGtRgdMW6Fq2HAlUUXPBWOC/ZeRawC0jd6KuiFdrHlkt9L9kc -I+N7XHWJSbnL2RkiJwVbaf/SEXXZ/MhPnTW9r3DrlncVUJDvyMe+l2FORxsuMTLM -1XMMttFaz8cHxkzQWlhlfKtqbyMaAgvXlT/rt/gb8jFHF2Q/I9VDAcoR3VzdRi1r -kQl+18khAgMBAAGjJDAiMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcD -AjANBgkqhkiG9w0BAQsFAAOCAQEAambnQsweSB/Ojj4aUzWd2vc6DxkvONlYmVqJ -IGL4xAt01S3e+i3CVYbCLAu1juOyMfcwQwIwX2YCP/Ojm1+9oELow+scHK3jOnRI -bF43XONqrcqyWPCm7OTN0rpjZQ460BwR8ODQaKoLHDRWY93ND83VnbjcNHLfZmzL -vAGUJrdgAW5MMg2sj1mwGmoBxY9LuU3YFdJka98fzx3UlGHbrS1NodyAbIkOE94c -kxkWk60DHbMGeTkuOm0wduKXk7paAz6OIUjzLFhF497KtnXqP3TLED7kurSXOhW6 -bcOQ9ENVAWGaPGH0xhm/66GtMl06dHB7/sN7MtbiQCQOXbm5Nw== +BhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0UWlwRAqMPKBw +XSuV4q2JrttX1qLD13U3tsZP86OuEz2ea/A2ZVtP1pEH9GXOfWiQkb7pcANDcGpd +L2itKMjjX5DN/MLQg8rp52u0qQprGP33Jq9fDWKfA1CX6ld7ek3p5rYb9NiJ8wA4 +Yw2fap0eUMza+QI509BqcGD30FfIMYRguZmwxqnzfiZgeg4/h1o/mHLRid4qKtNY +kmZczCNqmCVDiJ4CgjMShsyqSKy1MezPkHUpH3rli0zwXslvEZuQpiftQTZMUFtZ +cdeu7szelaHomitLNfF0uQlKRwHulooCPohYsFPrWzkp+ZmkeaLWgQaQOUiGMWdd +WkesitJpAgMBAAGjJDAiMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcD +AjANBgkqhkiG9w0BAQsFAAOCAQEAV9z4d+BQU3r5U8Nuw+MdAe9filIlbbMZQOgu +i9pknDYb7OUf1S7c2fNIUjt5/9LspSDmi0FO6xIsW5ZYDH99/eP5/gL9iBCYho2d +g+awZenny7IGZjVIpsP184vZJfyZ8kWvcFPX3D/HP6Sz7nWe5FwfUnmyfKRLoURY +gS80HsxxincfMRw1D+vNGCXcsV5S+3NMe/2P88XWM6ka240Jj/GR4dCiEfw81Jl5 +5JxiRuKeaUyz954DmTljjiN8lCJVGLM1UXVUam2mDStkITgknYjo95IWWnddHzP1 +ZBBVw/u7dr0T4alJ8JZGtnrmwIwvDe+64wUEcbZH2XV2JVksXg== -----END CERTIFICATE----- diff --git a/test/certificates/server-kms.pem b/test/certificates/server-kms.pem index c78d18a3bf..f3d9afe709 100644 --- a/test/certificates/server-kms.pem +++ b/test/certificates/server-kms.pem @@ -1,52 +1,49 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAvmDFbq60oFjq8DYQiglVk4ijRKZQThgLB8Ds/xy18I/AA4V2 -rPyF1WvjOVlHZUaKKHWl2I05J8r6uqfnum0+yjt8EEd7k/358W+wrRuXnhMArg3x -MU4aHSf7c1Az50pNuCDVSzZofHG3qFehsyfjLE1/4n3lhZBQFfBtrL5mny2MLQfD -nFQ5MZs9aNsuxUoAIL45b1mq6lh1q5xc1kpdLUJxEoSSp2zf9DlSIaNrTPFHZQl3 -uPtHMG19/nhK9gtDeUbYk/iDFjpG+edRkFOKBtlYF2GVywF1AysSuHD9SM4JX/lE -+4MQraAE2FFlwVyi2deGXbZ2kXjPW1qKdvkiowIDAQABAoIBAFHbBPjOmG5bXQTU -ki7vzYJGXUDuq5ewYcm/K4eTPi1FeZ9p+rltSFQX89acKwUCG/RChYEDU8Bm14B7 -Ijk3sKg+hFzxh1J+AMJNLi94Liwy6ndsGjkDZloD72tI4FBB1AHn6B3TMoDTWk7B -Aw8nhtdtKR/m1tGjV7PfMSD1quUkb+cU3/01XxX6+8TQTPyvP10nwEY3IWcctQpy -TmXmzvcKz4yE7TT9+gJJT0YYADlMJJoD5JKXd6wdUtiGGuEcEfKX/b5Bvqq9AJb1 -jFq3AEJ9l/XMKDK9Sp4FhENhK7zOhVlD7400VoQnw1Vs/5KgnzDu+BYhiGQ9y2l2 -b1dd6pkCgYEA5TxGTOy5mAQo1fs7Qb41n3e1xGVQ5MfkW0PQ2iP61NyIkRl2ZxNs -nZ7BHcUPqYYhIyPp+vER0/WgihuC26xVrCmYfptfufvy3JHlkkoIyR2JOSFrZOk2 -nLUOB/lK1FaEj6n83ZVfQb7hwXZ0htGLURCnBui8H1yX5r/PwkmMQ5kCgYEA1JsR -jkmx6WB8Ru7oRo9UMJRBNiF+EY0PTL+NZfDYUQoUPfHKy1QWN6gbmeemyE9+HoCP -A2t8ZGAEYC9avLsFj4vzfBsBkmupC0KSMeNGzBvQHVS+aftW3QRybcKFKiaAF7op -lcDtO6uZMl53btYo9qsA1o2pHKt3leQzSDju/ZsCgYBQKocPSc4R6op5YrWzZRiN -nyiy+ReUGo+ylwHH98M1g7ZCwBvXKkTWznkMtyimCWE3T8z41Ct+66xr//kAZ8FC -Rv2scRvGB+VD28XkJf3yj2C42QYcsS5HGU5B3Z2cqnELaNAkkaNRc7axmIJhz5Ag -FmnDEcsQUKpSqQu4D059KQKBgQDEHOp7ywTe1s6si9IczDeHvCnPKePlgq37SLLA -twKC9n4nibNcDYuU+W/EbwfMvG8E6eeB6xNKb7t5khTsBMQjXqBR+YNgsgizx0ud -0x1KR9mYRMSEdIDyzRhUoNs/P1ZnDKUxa04p/acJ7FPVHJ2as7DJONEnDg/4ZxDa -7RGfQwKBgH1mZ/fd/XyGjCZSzZ3GKSrPHpuQwcdNt0kfa1cUq0Kn8rKuFiyCSfCC -K0yC1dcafUayT0IP1LZFXVwNA75hA0fd3+rC22EdFdQ5s5aXC2WGRVW6aryTPpK4 -+vEdKnm2pdP+2tP2Z6+2f6fr8GBkoxgkiXd9DkgWLr1iK73A1MNN +MIIEowIBAAKCAQEAqINRxmjXE2N5XVX1a8pHfWFG93LCwzg/jrJJeWxC5mkULuby +vHO4Gt+Dl/4Q+MavDQCv1jykf29UXHotIgTjlfhMeJA/KXErwLAl/YYQ4+TM0PJB +A6P4HroXLjFcXNwAShUaMoGYwemGM2R6hMTocjwiophg2C8R86kZa8eabEUhK/s7 +9nu20jadhEPV/tjqDc7whZiLEk3r4C+AbwZYBq/XPmB4M1+se2mTHGGEvr1NgsEx +UJWbg6P/rnmD2XXTXwunqYM8FM6kGh9D8jLuygTVjAxhp0x3TdFNUaZEox61iIOn +wU1AkBqfYGec8cIiBPz34DeaPrx1bC4zIlUjmQIDAQABAoIBABORPBun7OGJeXxH +EPp1QJvkgdMV9luo2mh9d16sHZCXvwo7MxCC92vXbHZnwBzDJWyDGefsnsVVbhxW +64q5upude3O8fDkZtRTo32BzAt8ToFza5IXBsnwO68YnYSw/N6Fileordkt+DGFH +V5q3Kq6pIPR0cTppLNJ4XkVPpjTQGa1XImLaMwnhrhA3cN2QdH/K1kSKTzfgbs6O +qDZklkQSJbdpR1qwg0JM0yzkKp4dcVQcmhW5p8GVsyonUBdThxQI28X4q8CyB3rt +UXXGq3s1y4QHNDRYoDhO85sNijULGdtawxIJIr0B4rL6owP866iJfNCJZ9KHgxvT +LUnAiKkCgYEA5lqDEezrmOsXKscLWxIU1galh1cL0SsZ3VPjEc10TOCeKhd5fl0o +TDfsbG5UYG64gEu7qmKm++ke1kOzdvjiWJLFXqNsGvilVQAlpR3mmNRNZJyIQ8+8 +yy65GDvDERGJRLnkKHMl71Wiw0tgLjQEOkULbeS358+L+fv+EYbIMcMCgYEAu0Y9 +cCS5bio+d1FSApg3zCorbV/HeDtQoLbFLHWtVkc5YPBOBeGGGGGgoA/3OaF+IEDY +x4HSc1vmoAlWFpyAbQUyClu5A5hvRjA3xia2MSlpcHh5RtSj55DCF4yqTrrquKWP +vU9+A9oI/geHMoExKunSAawrHTWv/WDFdIhQg3MCgYEAiTzhm9tgHdHqEoVVoaNr +IHwDQFe+5ZZdKXyh6uhR4r9r273ylzNfH9GtnIg64tz0NRNpskBmJe0kfxkEodvz +1jtTNWf9ry/2KGcXBoGC8giCN2/+yw/H9fFXOzXXqKKe+oAZi3PW5PlLKDkPC1fY +MPMTtRwv6P7A8WWNX9nCCcsCgYA6LfAYTtBssSMG3nSj6bYr703ehMrrR0IdK6rF +zSk0jJv+yajzmsSV/n5wO4WKmekdDAhMssA2pm5XeY8NJ0GenOaW4TfxLgIjxAcP +wCcJztu63TKQFq902TvzJPgjzV3uT0EAhxmXCL2SbbRKtGgZ9NoROvOJ94vdI5s0 +QMUCkQKBgDl1k5z3irtvPyMYaor86aK41rIRKfIHcAgv/N76nyOTBipcTrjJSnIv +HCFWgR43PBqXKlOB4uQf7Tj3JwimVmQJcKeGqj/MBTFAq/mwOLzRy2nS84QDQ80y +nhNCOtRuObxvgc50WrQ5iGCX4qB1JOyCZkaCm/Lp6Ee9jCF3LS/O -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIIEKDCCAxCgAwIBAgIBBTANBgkqhkiG9w0BAQsFADB5MRswGQYDVQQDDBJEcml2 +MIIDtTCCAp2gAwIBAgIBBTANBgkqhkiG9w0BAQsFADB5MRswGQYDVQQDDBJEcml2 ZXJzIFRlc3RpbmcgQ0ExEDAOBgNVBAsMB0RyaXZlcnMxEDAOBgNVBAoMB01vbmdv REIxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxETAPBgNVBAgMCE5ldyBZb3JrMQsw -CQYDVQQGEwJVUzAeFw0yNjA2MDgxMzU4MjBaFw00NjA2MDQxMzU4MjBaMHAxEjAQ +CQYDVQQGEwJVUzAeFw0yNjA2MDgyMDM1MTVaFw00NjA2MDQyMDM1MTVaMHAxEjAQ BgNVBAMMCWxvY2FsaG9zdDEQMA4GA1UECwwHRHJpdmVyczEQMA4GA1UECgwHTW9u Z29EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UECAwITmV3IFlvcmsx -CzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvmDF -bq60oFjq8DYQiglVk4ijRKZQThgLB8Ds/xy18I/AA4V2rPyF1WvjOVlHZUaKKHWl -2I05J8r6uqfnum0+yjt8EEd7k/358W+wrRuXnhMArg3xMU4aHSf7c1Az50pNuCDV -SzZofHG3qFehsyfjLE1/4n3lhZBQFfBtrL5mny2MLQfDnFQ5MZs9aNsuxUoAIL45 -b1mq6lh1q5xc1kpdLUJxEoSSp2zf9DlSIaNrTPFHZQl3uPtHMG19/nhK9gtDeUbY -k/iDFjpG+edRkFOKBtlYF2GVywF1AysSuHD9SM4JX/lE+4MQraAE2FFlwVyi2deG -XbZ2kXjPW1qKdvkiowIDAQABo4HDMIHAMCwGA1UdEQQlMCOCCWxvY2FsaG9zdIcE -fwAAAYcQAAAAAAAAAAAAAAAAAAAAATCBjwYDVR0jBIGHMIGEoX2kezB5MRswGQYD -VQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0ExEDAOBgNVBAsMB0RyaXZlcnMxEDAOBgNV -BAoMB01vbmdvREIxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxETAPBgNVBAgMCE5l -dyBZb3JrMQswCQYDVQQGEwJVU4IDB1MGMA0GCSqGSIb3DQEBCwUAA4IBAQBqBF+p -Xqe5gDU628y6IJBzQHU5Xhm/iCPMsj4wTIIxqgAa15E73b68VS6PQuz+kGdm2wwp -Vu4nudlAVhBXWd3+95zzh6H+UJj+XSet3AZ1A18A+5rU9BGOTqTnv/KWm2Nyccuu -iYoZtVCRXzgX69YKzNmUPaUUQRpMQYwWnbSV42SWJpQ1Ikll7U5M4VV6koKb+EPB -moXUqRravG3XJMVdDUG13EeL/INukTjzHtPCOIIq3+tDGAcP/X0ldfVWn4gjJBvX -Wp+mySlHpnkb9ktg7KaG6iHLEeuOXG1fZXtjKr8Vska93YMB3aOderKyXkJg6wML -SaK7XW5H122pnhHP +CzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqINR +xmjXE2N5XVX1a8pHfWFG93LCwzg/jrJJeWxC5mkULubyvHO4Gt+Dl/4Q+MavDQCv +1jykf29UXHotIgTjlfhMeJA/KXErwLAl/YYQ4+TM0PJBA6P4HroXLjFcXNwAShUa +MoGYwemGM2R6hMTocjwiophg2C8R86kZa8eabEUhK/s79nu20jadhEPV/tjqDc7w +hZiLEk3r4C+AbwZYBq/XPmB4M1+se2mTHGGEvr1NgsExUJWbg6P/rnmD2XXTXwun +qYM8FM6kGh9D8jLuygTVjAxhp0x3TdFNUaZEox61iIOnwU1AkBqfYGec8cIiBPz3 +4DeaPrx1bC4zIlUjmQIDAQABo1EwTzAsBgNVHREEJTAjgglsb2NhbGhvc3SHBH8A +AAGHEAAAAAAAAAAAAAAAAAAAAAEwHwYDVR0jBBgwFoAUGNqWLL14sQKUElEgNjmw +YzBeeSMwDQYJKoZIhvcNAQELBQADggEBAIWpHelOqKcUHn7zksFmvBkOnhx7XaE9 +Ctw0/HtKOuf3i1NIgiRZK3OHP/tAI3IUrk4EccWrV/7DcLcJzaNuEivgg/gTdhKu +uwZysK6nEGmdz3afkSCnhyeYXV7Umx7UWv78Pm35ZOFinIw0jGjALfbq8GpRS0mM +0AGvPtzpRvAWokYdhpJBnm1ODfcSpxxvmXP6YQ3AeqcqSMkGdaRApYqspDFHi2a6 +c8Dl/dPaKkzUGhjBlhX3wgtWxr870Dj4P4dMzSyjjxRBv7dDQIAPfHbYrXM1TZYh +M7P8MeiCI8gGN7P4EP2DpqjHfd+OdMPo5ygn8kILcD0rTvTsTbnDXsw= -----END CERTIFICATE----- diff --git a/test/certificates/server.pem b/test/certificates/server.pem index 7dd98bbf61..1094551aee 100644 --- a/test/certificates/server.pem +++ b/test/certificates/server.pem @@ -1,49 +1,49 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAtzoGxcDM1KTqph/LjodIPMTTct/5HGe938TDKfj8mQjty4Bx -Gto8m7MhBhCd/0F79gowN0yHtMz8+/Q3hBxDsJ9IxVeh1xK4uq2IvpBQTp3Ozwic -5fEnwi0QaFVl+S1Q4VN7TQ2alGeY+IQbnX3MKmZnTlLC6lINjL0bPIPtNqrWw8K9 -lCdC2b+85aePGuIF8ZN+HBnesCLsFLVd+0pzTXTVT5GUWYF6h8mVo4t4KrTaPegl -hOYTufs7iN6iA/v4ZJCf77OEoBkHaCPft0XA2rAMWHyMVuqWNlkM2zEUu07D3Que -7O7UExShyHZeRDqo7AQtIroGBh/B6FiNoDimGQIDAQABAoIBAAwBS0xNs54DKDS2 -RJoUFxGUO958+k94JKKyu67WV4aXZS0+PyrpPatd8z34fMGqwrp+NGaLJyEbhT/k -4nZPe8fox9XWRg5Xda8Vi64guoJMKK67+7u9L0OzvC152vKWm4QH+j40M/qhRw6R -aVXKVkQ47W/eUFMWCTk9crlmU3aPYow1M34ekjGNHMD/wybbUIyZPsMcMjj64aFR -itvzRBQE5ydx+ZJpOGOG8hyPdPM/A5oVH4P8+Z4g5tpgLnHBMTT6oKdXqOtDesOH -swPL3Q3ZHFg7gUnErJVSf3Gu7X2wS1DtUVCB1GJiPdVlZ9zHUAvXSBBLXs6Znowu -NnXmxQECgYEA6ASgYOocYvjVL2cN5DTjqK16uB7fEYCRFWSFASJjaUTBJ/ojYI04 -hNuJvNWw788mlnLNehlB3btmQuIqp0FOP4uFipYvFgGcOMFgAity7FQQdp7KgHWX -KhGeiNAWHMXc0wwKPB5yTv6inXP9R83EyV7soqjzUHfmJSjwGHKLz2kCgYEAyipX -raqD//IgqvBwpC8tQnFrNCRmuF5dGZFbKGni3T5rOxWw6ffCS1vshbnZAwJ9C1RN -P+wmFSODn5/20nZjnnyGokng8ZrEd237KJNm/XDpnngBXfU9lM2fKj9th3t6tEp4 -IXnCsmB7EN8SHKbrZBKtMB62qnfnCE+E6r0K+zECgYEAq92Rd3izolS0hjKORbcv -1Gj8+JpVnr9fuTsGkvqILRgzBIvz3Ld/YFrHQswADwOhj9xmfMVs1vTUIUMrWU20 -yrltKGVrZ5+1uwzzM2g/7vOuZk/lrRZt7Umz56BMYO/oTaUjh7j976oLhxq+SYwQ -8yGPpEYGRlsqbehPQazIB9ECgYAXWGxnkZlMpRlApCNd0lTXp2FJ1CpIgB0gJrjw -Icog4mRfnlGfswysxyC5EI0O2+q0tDd3ej2rkz5P4JkQFLvMQXUKqJ1hSQ4G/JxU -QzFRcwiHVDRUNU23MUeACXMMgiXZTAAzXWwuTRXpDNl6lYv5Mm7tb56IcPAs9YHT -2aC7AQKBgQDOrVPZttZj7DRANEe0U5u2KHdynXXE4dnSEIWybv5yy3lsHbDGfLQJ -Y0xkmCN0GEHKOW7+wx7JH+Mn8UPb9znYuB06B1p6ws7bQXWNC8+C83JBNwGt2SKf -g7Z/e8uUiG/qh9gUgg2AWDRzws5JBPffZGtNwg+5I0gGRL0W29/wiA== +MIIEowIBAAKCAQEAq70XvXDbDgL9/DZ3529o5qIpP8J8eyWRaLHHdGyUDoclKdZT +xRrwv2yOei0bc4iAD2VTza7pwuCFqzpnLPMGxcHbOhfj+hiqT+WrUcGPJ8miEc2n +2bLvAnLk3mOCRZ3/DYzi20ig7hHWLFDmOtRywyA4UXiQhhO7Udzm52JsWn7IH5Wx +VxffRnP3w+/GHVcGcgv03Qwk/LSm3HvXS0n/Jbf3m+GxyvtY2d5an8po66xG/BVT +RFVExJHhxjupxLhTxbD8soBNRAIpYurFYBmRrYHaGRPHZb8mHWXlYzFrqGU4VLx5 +UY4q+dCyXfoEEVxuIaDSvBS52flni/oFxZnz9QIDAQABAoIBAD4OQMLKQc0pVZ9K +Cz+MaUpVNDR+0T4qUAWVn625AjLRsKMSeAiT+IQi9MS/AdlYbHWjtolu97bcLFC3 +9MowMrVInC+8rDsVqIzgP2x2VYUZ/b8TIeCvIGAxJfQZ3tvLAHtj+iEkeEouFcbD +oL2HQMSzIsaFmytne9tTx/e5/88eww3gRTtrmiy3PdImB7pD8DdxRVuwSk6x5y2F +/xZu/xoMHcJp/NW2y/Ey+gsDxuWnnaYLby2HJXZonwhMi6EM9B20614iVMVt6kb7 +04uQSwZXJr1v75VV+Q8PVGOwUoFKuABhTjd5KyOxfsK/L8i3J6ustPTnCNj2XRzB +lhtyNO0CgYEA2WcgTPCCvM4DnVEQ8xgZwUNggDiUaoCi+gNJQO3PM5RXkZqwhepu +6cKNxfCIB6W6PRcvn9QrZuz19PbIHQM7hZ3ylOH3bFeTgJRSnRx/IHMGw9iNF11C +AO6Xp932AbiH7j8hXkPhrhHhnSEX93NAqUMQXGamJCa74JgRolmL0L8CgYEAyjqL +/tc9MmE/BRYAEUYrgO1Q3fUVlM+LWNuxYt7sBF1w9kYfIxSrVWqhjDhedJYvZ99J +KiLgduDfZgRUUcopdKYxLaH3iM+avIPv2yDDZXiCO1B8V4aeOH1hw60+i/YZfTSb +Tfu+/RX6qrA4IFu+jtdROcR8oU99rMxruY8DNEsCgYAWwMdNpiJYtksEjPZ0KsKP +SojwAnvuBZaJCg0BoaH86PqdP45YBagkCPujisAB5ONv/1w5oxADzqsTPzzEZJE3 +M8eus1Oc4DGM1Hks/k2DzOYZWzGxD06YIGB47i8QEQsQ8USBxCL7f92X/12txT8w +N9efhBLBV9hz8hZuYmbSqwKBgQCJvLivWTBwSPXgY+yl11I4HOsQUiZh1b5GRlQa +UFUWYAJZasc4YJKVuevQEnCbHdOp/tXZYinaLi1aUaaQko4LykoCl6d+QlBVB9Pt +PvJ3AU5KUfZusty/Av78hNnuAC+6LIN+6PFbdYXmjeGcgIBYz+Sd4Os1/2tMr2rL +1tFK4wKBgDQkhV/TomlzUrzl+hgXdpFOVrKXj9uS5WQe1DQh59Ve6bZOfSDhHu4m +iICmJFVxbiBEBo1xBeb+oQOph8ovivyL/vhl58xg537/Ur0HjtRimd6cg/1W3Mxa +yGkIA8EtGWhYKsgGdrF0lEg/eP6J8E8RulyefFtLTuSy+Nt59S0L -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDlDCCAnygAwIBAgIBATANBgkqhkiG9w0BAQsFADB5MRswGQYDVQQDDBJEcml2 ZXJzIFRlc3RpbmcgQ0ExEDAOBgNVBAsMB0RyaXZlcnMxEDAOBgNVBAoMB01vbmdv REIxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxETAPBgNVBAgMCE5ldyBZb3JrMQsw -CQYDVQQGEwJVUzAeFw0yNjA2MDgxMzU4MjBaFw00NjA2MDQxMzU4MjBaMHAxEjAQ +CQYDVQQGEwJVUzAeFw0yNjA2MDgyMDM1MTVaFw00NjA2MDQyMDM1MTVaMHAxEjAQ BgNVBAMMCWxvY2FsaG9zdDEQMA4GA1UECwwHRHJpdmVyczEQMA4GA1UECgwHTW9u Z29EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UECAwITmV3IFlvcmsx -CzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtzoG -xcDM1KTqph/LjodIPMTTct/5HGe938TDKfj8mQjty4BxGto8m7MhBhCd/0F79gow -N0yHtMz8+/Q3hBxDsJ9IxVeh1xK4uq2IvpBQTp3Ozwic5fEnwi0QaFVl+S1Q4VN7 -TQ2alGeY+IQbnX3MKmZnTlLC6lINjL0bPIPtNqrWw8K9lCdC2b+85aePGuIF8ZN+ -HBnesCLsFLVd+0pzTXTVT5GUWYF6h8mVo4t4KrTaPeglhOYTufs7iN6iA/v4ZJCf -77OEoBkHaCPft0XA2rAMWHyMVuqWNlkM2zEUu07D3Que7O7UExShyHZeRDqo7AQt -IroGBh/B6FiNoDimGQIDAQABozAwLjAsBgNVHREEJTAjgglsb2NhbGhvc3SHBH8A -AAGHEAAAAAAAAAAAAAAAAAAAAAEwDQYJKoZIhvcNAQELBQADggEBAHHvPwJTWIet -nYppvasTA+qjT7jpOdkw1467ocALFi90C0CVTyaAX0Ut5dl7eVp560FD2LkCE7Ox -yshUWKCnfPtDLbhRoel0FQbvjy2umvEzDhDEmWQ9N4QemJ+75guJQkKg1YZ0eIRv -SM7gvt1SIoYAWrDSxeg6L4iKIdQR5+RDhR5pE6/4bgb0IdEeAJEolvG/OFrgu0jm -Xf4Erg+6hBDtIFh0pd89GYi1WKpgZNPkrrFF8FPsFDQuL6mruUNGOt3ezIxn03XT -MtpQozl7g6a8hHFRZdEZLD9EF5WGZsSoxKlVfY3E50+MHhCk5lO4XNPX++ZBVa+X -2NtIV6MMemg= +CzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq70X +vXDbDgL9/DZ3529o5qIpP8J8eyWRaLHHdGyUDoclKdZTxRrwv2yOei0bc4iAD2VT +za7pwuCFqzpnLPMGxcHbOhfj+hiqT+WrUcGPJ8miEc2n2bLvAnLk3mOCRZ3/DYzi +20ig7hHWLFDmOtRywyA4UXiQhhO7Udzm52JsWn7IH5WxVxffRnP3w+/GHVcGcgv0 +3Qwk/LSm3HvXS0n/Jbf3m+GxyvtY2d5an8po66xG/BVTRFVExJHhxjupxLhTxbD8 +soBNRAIpYurFYBmRrYHaGRPHZb8mHWXlYzFrqGU4VLx5UY4q+dCyXfoEEVxuIaDS +vBS52flni/oFxZnz9QIDAQABozAwLjAsBgNVHREEJTAjgglsb2NhbGhvc3SHBH8A +AAGHEAAAAAAAAAAAAAAAAAAAAAEwDQYJKoZIhvcNAQELBQADggEBABeBfD06AsLX +FRLq5Jdu5qSfrGgz6FU8APctqND9hxRZojPNuWuqSCwQDdPF9hwIrDb0Fxuemwmt +xzAgZQkQf6c6s6JbDnp1ld3qgFRasuR+Pn1C+ygFp4YArwkeBxr1MhQhilMlS8qJ +QEcAmjWWupDMmF4cKNqD9Orh/mFWj5F/qnp218ZKUpthG0/R2zYzUjNUOXHMxH4G +WsXzGKffuVOz7VLnwDiP8hFTXCNg1m9xwPG0fuLvcSWFpMufhMuCEFSfJQZEv6ot +dQG5LnM/+OyHd336QPtSKK1NSzO9It7qEJNQ1Y6Z5+v6jNG0RuyRkMkV6hEFuW7V +bIiGJLg33Bg= -----END CERTIFICATE----- diff --git a/test/certificates/trusted-ca.pem b/test/certificates/trusted-ca.pem index 781ff3c6f3..5f2831d78c 100644 --- a/test/certificates/trusted-ca.pem +++ b/test/certificates/trusted-ca.pem @@ -2,21 +2,21 @@ MIIDlzCCAn+gAwIBAgICAMgwDQYJKoZIhvcNAQELBQAwfDEfMB0GA1UEAwwWVHJ1 c3RlZCBLZXJuZWwgVGVzdCBDQTEPMA0GA1UECwwGS2VybmVsMRAwDgYDVQQKDAdN b25nb0RCMRYwFAYDVQQHDA1OZXcgWW9yayBDaXR5MREwDwYDVQQIDAhOZXcgWW9y -azELMAkGA1UEBhMCVVMwHhcNMjYwNjA4MTM1ODIwWhcNNDYwNjA0MTM1ODIwWjB8 +azELMAkGA1UEBhMCVVMwHhcNMjYwNjA4MjAzNTE1WhcNNDYwNjA0MjAzNTE1WjB8 MR8wHQYDVQQDDBZUcnVzdGVkIEtlcm5lbCBUZXN0IENBMQ8wDQYDVQQLDAZLZXJu ZWwxEDAOBgNVBAoMB01vbmdvREIxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxETAP BgNVBAgMCE5ldyBZb3JrMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQAD -ggEPADCCAQoCggEBAJ+OVNEE+olztiLdghDMcAK+4n6ZO8/hTa96ZWUs8aFdXPWz -hbqQMlUS3LoiZpJhvxonWdeBCatdTextvYVAb6eYtEiVCO+8T95ZAP6lrnh5wxW1 -qMAtISLNG7rVjN8FrRYdN/BVpJFqhpGK2b8/uXizUnB8uIlPQFUEzRu+0MILaXaA -iCAJwATJPPaYGwM/Ygb0LMw5ECCDPeIwnu16ilunrIWLod9xA6mHLrUR9VQT+/eV -2S7bUqzoUR+623/MraEkgF+nwkJPeoSTuZAlqO2hWs5D5PyXGCxDq+E/SqdHwNrr -o2FmHZK/pv2Qm2psCInty5jVmlGUYmEWFPxq+qUCAwEAAaMjMCEwDwYDVR0TAQH/ -BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAGBRlP1y -CVfcehUxqgal9f2Iu1p/yiwLyMlnQw6MRqF9snZH0F6E0BmwLeVdDLsHfvz28HO6 -n9th3kUytv90N6vs17G/NdU579xyr+em7fTd+sNSI9cq/vqbQRjGEcIpCaWpHqOz -wZ9gbD/FAaUlJG89eG8w/2zJ3vfO45wZL+3YBg0KbsCrUlPeLTE8l7LCXaE8GIrA -ks1vlVbjrVRg1pYQPtLz0x+i3l48S5n9vQn3lgw5xuTLednaTptw12K7ohAPzAUm -5+zpXGSvQA+eAQ8OzB24ulfXtVb3f7jjCG5PEbrwIjjQLrwBe2DR0t1djBwc+91f -fwN5XVxQYWiFK5Y= +ggEPADCCAQoCggEBAK1KP1TwK5PjRXe9/WSRe6Pu+mkkRsWSyzsBSn7URrIKhQIz +K2Qdeynh1o0iVgdUH5PQOKa/0CReqT0AucB38TRYoqzOIcqWq4JapuZTiEVzJ9kA +2GRbFk2hPYaPrtWLdApoNjGypEZsl7xJXGWoltGcKdMDqMj93+SMXXazPfIeM9v7 +UChMOKGM1jIQAjSRMElcGb96UAsGpeZAKPc+3S3loQthy+0Pb02yMF4F7MXHQbHy +1ArDP6eeGW0SK/DPdEZcSpU5NPdoiUPILUKfuJhKraRm3M+iMwKAmXyo8P/WbF0j +waaEBdiHu0cbFrHmY4ibkkNgU6VC87zFSug4ZhkCAwEAAaMjMCEwDwYDVR0TAQH/ +BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAFj/uyx2 +rSqwUu+LrxmQ42VIqv4wEZX8HTePG0jJoxU+Qh8evqliV2eLntt414te8mODi8DK +gdR9V38setXS/TzcyI3geNj45YXmLm3/yOg7kmrcUODZHnMRMPKqAbLlPqJNg8RF +JYWPl6fWujzf5DRsTcsfrPZt/40mTvB5xaTIIXYrVITLyXjDbmAOFd0iqKwpB7hj +zXl3wY5N7TRw6nfmwk4ikuOMrvmqoD2xV08fitu7b/KRLC30ThXpUuaJEFcbH7Pn +Pi3dtKZ4GZbpBViXKjMW71yDPv5qF4ACSzD4XZ5dPtPUVc/TKyGWIiTQzEg7/P6U +JnIaG6m1fD/Clm0= -----END CERTIFICATE----- diff --git a/test/certificates/wrong-host.pem b/test/certificates/wrong-host.pem index dedd94b6f2..123ecc45f6 100644 --- a/test/certificates/wrong-host.pem +++ b/test/certificates/wrong-host.pem @@ -1,52 +1,49 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEA13eE0NkBw9YjON6K3twzJkhtnPigMLdpm1XeYWq3uf7l+1rP -OQ5GvSNa/zD80rIgqfTsUecQIcORi/10wjNXZLRVq85MPuM5ITPxxuVdXgRNfd6X -TImPXgUun9TM+XNIItUUbZ9vTToyryBBx/9UnZztc5UcDHrD0onR/0U91kg/pbg+ -z/Wv94ER5wgwmaMfJexxuMJt/PdIocFuGh2jcumU1MVZdLvqC6rDNoH/MbSavKf0 -hYc6uvb65DfWAQ2NA19fP8zm0j/0o7eKMdCxMgRM27BTGktTW5FrzDmr4VUd0oOV -Eir0U936DuwR7Butoiopxg/+s0dMRgt+3yXXhQIDAQABAoIBAAO3EdkwBLHFvXG7 -lJVnIpKkaQ9t0gVFBFMjVeREHMreNETzOeN39YxJUcZYp+NSIvILQQ/gdgy+/IF3 -a0316KnZ2ihONE5ZSKDj7mVJiySV2mgzMFSngotSd41V8/rRHAtNtT52o0qnmDwg -yEGUi3b0P7vgdE1ayImWysImBXzuVeDqfrZGGT25QO7bL+AQkV6Cr4HtDJhOQ7Gm -FkAbgxCGaQFKniHt3+QdG0/QpzKInAZNDiGAIX/damZF00P10jzE1qg8+GPDwxll -Nm5PBtqRaQnI5m1T2ymcRx6ouJxW6021fODUA6HlGCxl2AIkfFa5nDgG4SkisBkO -wgTpDAECgYEA7vncxYzagQrLQIVZewPwiEtgYghEKZXz+P2tEpXxVe57WyO+jDs7 -2krXEazAgeY1SJEIxEVGDceq7PCkXfYf983HkwacqhXBxUYMNq27xbWSbyHo5yG5 -BrOM9ZcuDwwwPbtzVxqDRIpMK8wfCutCo0Ws6eVgYs6DC6phSLYd/gUCgYEA5tDt -Oo9++X/a0rdKaLpMUUkXKHii2Z4Ym1PuUfUMUgo2mdDUL2w+2zJUDNreQh+XNWtD -kKKEdeZnLjEleItcjAOCLdk3WDVvfX1QvwIqZ7oBllGUoHqL2FTGONOqXLSgptuH -Rg0zluM7P6Z6eLvddmCUJMYoUSEQF+MPdh9GK4ECgYBZo+H7PD2OIAVju2F4Ml8c -UOHjg+RFkRkF8enkydfP+vfMlRjZszJdTKtl1t4TG84q3TRjovSHILltzUpqcHNH -Waod7WIArs6TeBYGwJ5pqBU4mIirgkvMRrd+O+or/M9vqIu4RZqtsA6ocxXF27+Q -TQdyaPcBuSMQ0iVRx/ZyHQKBgDOo1y+gJj8ZSpSWyWSfLa2TukcomOoz5DX/lvto -6RUDjCzo/FSQ2ZCdtwoZgl0yTNl75GdeuF7a7oT8IvLT3ibIMj6ouyZW71kazxOx -HGSS0QAfyjAQvXPxpVvao+qT0tEFmUUodz9yJDSewhJ7mZmBDCce4q8lw0BVZYR+ -g2oBAoGBANCeMVz5xib3n3o3beQVJIyaOs1SD5Pm7789Poupd/sD9hlU5xTtvFsK -9Aac4nSYOlqDW/PWCrC7MpvjOY6vmFmm0HEVIo4I5yA/Fj9fO3g+pUTCc7F+ccBs -2ARSE1cR3nZkQ8iGsOWQD1TCs8Hp8dywLubmT5vnLhrxW5iil2mk +MIIEpAIBAAKCAQEAxJ6Gne7SD1Gm43MM1d/PNAboYdRhEK/V1VmmNYxN3QKDKHvP +Jyf4QEiBoKRCHlKKnGPlm65qMvL/XNkxAOlmZ11ZISZQHCVSkIdW+IowTGXt66KV +jNwvrWdXlW4uWrcM7jVZUdDrZZMs1F9jHJl8p6OTzcD/T/zGmAHj8jIakNr9mNL9 +Irvz+u3ujMM83Q4tVz7Oiw9/3O2KLxWkEIFUf3PuZiNOtYcREqHH8T55miJbzpG+ +lttmFAki0zvuqc4xFWdSD69oZmowSi5+8l40RLYuJ1s9SPQGvwlZs6mttETdUuUC +pirmePmRt9gBacZvVIL2VqlNwIv/3diYPNw5LwIDAQABAoIBAAc0r3FP+dcsN7tj +5tywaEsbVQk/e9PdOy8nqx2Q8p+UF9N0KiTguZ/oKFwHTmcHFmO3ON3U7WPISmSQ +OdQIjxi1r+5flZWv0SVRLcuhC4vD5o15YWq5Um6pTWlBZvsrHz2xqyrXnHDrYma2 +x46aRMUYtnIsIw8+5SutUg8jwpvRYlbhHWI7gaqTP8ecwTZz0xsnfGL61+GHanx1 +rZ3zkwGwkuRrFEanoYV0AurC1mrNV4+OUEIwrizr65AIQhZpPxOC+2M5upx/0/wK +l/nKz8XhmOgEEty52BtV5wehw+eflWj9U+wmDbF1mv6JUEAZP5i10Bri/OgIajJJ +ySMRDJkCgYEA5ObuohkDleMSjmbwdBlZ0cBl6sSS1u4Lgjgp6jCEWiixLe5mUMrV +BPw5spjkoLSa4+hSdyfbjeDUABJ0ucfeSs/CSQSfy1U2AJAF5fBoQD0ofp2Lf1CC +me/XxTs45oA54AcQhraq3jThtJlEDAz6/v1aM5Zdy21R0g+/fU0W3vcCgYEA2+U8 +RzYtjRIgy7mL/qghZ/AIES8utSaYaiSOq0JK7oPtMxVPUA0h6E0rjon+GAiRblFO +xXzu28cMgrz1zp0eViQrsuHoGwbRePKIqimLV+Ebl1BLCeX2zHxpVqEtjfF/20mn +ukpZTi894lO2o573a4NUqHTkzPxhHIRBEJ0TkYkCgYEAj2zDiX3y6S/mqKOHdreL +uAm90mRpPZLaUzWtzbeotnVYz1bZdTYiU4VXAbkbSDbh9nvTcCXhQ/zj2Ue3K9E4 +T9ft/KKRHW6+74tOps0EBXxMq0k75wIjUyEdKc/5zzP5D45dpItAdQrdgbOnF4Xq +n2tP4ZMOIjDVW7HSYkizU/ECgYEArnAiKkejSPaph5NQqBqOLZqve5pXTiMo44LO +nrL/KEkFoPF1soZIcLTPKcr0A/LAE6hyeZ3LChPUK95kjJv9Vc5p0AT/kHkPMQgN +PBeqz3Lm5VkvvdFsv/itw6gmsCR1DetXICQcxjYZvHI2P4Q6uFI9lUjtvGM1Ul7k +Ep7YyCkCgYBJ2jT8y9fYgl3amIuTImrJyuDe6l9+NJUR6Oyxh9UUZqaGwLP+gCzy +26fK2E1n8vzF6v9wTA0nqy8Pt+qlrmB/Ro2WegDEmPwIKlJDjEEqWhORYtMLBFO8 +2W8VQsxf3kZ1A0bkxkqMUpUrz13Ed6eyZBDRuQLrWMwNmMKjYt9gQw== -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIIEKDCCAxCgAwIBAgIBAzANBgkqhkiG9w0BAQsFADB5MRswGQYDVQQDDBJEcml2 +MIIDtTCCAp2gAwIBAgIBAzANBgkqhkiG9w0BAQsFADB5MRswGQYDVQQDDBJEcml2 ZXJzIFRlc3RpbmcgQ0ExEDAOBgNVBAsMB0RyaXZlcnMxEDAOBgNVBAoMB01vbmdv REIxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxETAPBgNVBAgMCE5ldyBZb3JrMQsw -CQYDVQQGEwJVUzAeFw0yNjA2MDgxMzU4MjBaFw00NjA2MDQxMzU4MjBaMHwxHjAc +CQYDVQQGEwJVUzAeFw0yNjA2MDgyMDM1MTVaFw00NjA2MDQyMDM1MTVaMHwxHjAc BgNVBAMMFXdyb25naG9zdC5leGFtcGxlLmNvbTEQMA4GA1UECwwHRHJpdmVyczEQ MA4GA1UECgwHTW9uZ29EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UE CAwITmV3IFlvcmsxCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEA13eE0NkBw9YjON6K3twzJkhtnPigMLdpm1XeYWq3uf7l+1rPOQ5G -vSNa/zD80rIgqfTsUecQIcORi/10wjNXZLRVq85MPuM5ITPxxuVdXgRNfd6XTImP -XgUun9TM+XNIItUUbZ9vTToyryBBx/9UnZztc5UcDHrD0onR/0U91kg/pbg+z/Wv -94ER5wgwmaMfJexxuMJt/PdIocFuGh2jcumU1MVZdLvqC6rDNoH/MbSavKf0hYc6 -uvb65DfWAQ2NA19fP8zm0j/0o7eKMdCxMgRM27BTGktTW5FrzDmr4VUd0oOVEir0 -U936DuwR7Butoiopxg/+s0dMRgt+3yXXhQIDAQABo4G3MIG0MCAGA1UdEQQZMBeC -FXdyb25naG9zdC5leGFtcGxlLmNvbTCBjwYDVR0jBIGHMIGEoX2kezB5MRswGQYD -VQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0ExEDAOBgNVBAsMB0RyaXZlcnMxEDAOBgNV -BAoMB01vbmdvREIxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxETAPBgNVBAgMCE5l -dyBZb3JrMQswCQYDVQQGEwJVU4IDB1MGMA0GCSqGSIb3DQEBCwUAA4IBAQA0BCre -W44hWpSlyTYkpOThnZ/ESWxcNDvqFkW4zczPSAD/qdvWJjTO+K2ChlfZqv+CvHyc -MNihaurlt3sWQvFThQyPjBRK8OluH2dBBNSFuFq9mBh0mHLAUQsIYQZ1fawXZKR8 -Zyp7ZzMk4RfOcXQGU3NxDOD7asqKnAKePF3svR2x1XEw0X588vvF9iYVObAhoOdi -hzS2xLchQ3RTLOuknleBBgw2MBFBV+nl3AMKnJHaV4NbPejWiQbFcAAB+lP25uaa -rIDygMc66dYEEqt8PDDPen2L1o1fgf6vk21vVxNje9pC+O5QTAMgZMEqJJNODcQb -VfWkadXZl6a2KqEN +MIIBCgKCAQEAxJ6Gne7SD1Gm43MM1d/PNAboYdRhEK/V1VmmNYxN3QKDKHvPJyf4 +QEiBoKRCHlKKnGPlm65qMvL/XNkxAOlmZ11ZISZQHCVSkIdW+IowTGXt66KVjNwv +rWdXlW4uWrcM7jVZUdDrZZMs1F9jHJl8p6OTzcD/T/zGmAHj8jIakNr9mNL9Irvz ++u3ujMM83Q4tVz7Oiw9/3O2KLxWkEIFUf3PuZiNOtYcREqHH8T55miJbzpG+lttm +FAki0zvuqc4xFWdSD69oZmowSi5+8l40RLYuJ1s9SPQGvwlZs6mttETdUuUCpirm +ePmRt9gBacZvVIL2VqlNwIv/3diYPNw5LwIDAQABo0UwQzAgBgNVHREEGTAXghV3 +cm9uZ2hvc3QuZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUGNqWLL14sQKUElEgNjmw +YzBeeSMwDQYJKoZIhvcNAQELBQADggEBAMP4mo2VD2IzBy1Q441ckQwBrVbHIqwH +DgUzNSI43Mb2/S/HOjXaEbW2LgZanZu1upFPhEdcU/oCQyjFv/hvU7LLPpLf/rKy +yIB70/+62w4HFmue/rUrNEzi6dX9E6FG97wa4u8hgsRxi/W+QwWsByOOL+dlVZYR +fJPpJf32LagB/qSS7/NfR14Bd/7mgl1177DcpZWL7E0h5OIBJSslF2FwofP+GJZ5 +ImaKWPwV5TJcgXh+aSKe11lQJEVm1bcKghsgCAWrqtXOXjV0YvTI8o6bEloCMjcJ +e904OEa/EUkmOLwzikdWGzosHYijIY0M+FQtzBVcrZPAcSV5STpPOyA= -----END CERTIFICATE----- From 59a27aac0e678b1ee4baf32754d8b10f646473d2 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Tue, 9 Jun 2026 17:41:31 -0500 Subject: [PATCH 17/28] PYTHON-5040 Fix CSFLE_TLS_CERT_FILE to use server-kms.pem server-kms.pem has keyid-form AKI required by Python 3.14's strict cert verification in ssl.create_default_context(). server.pem (the MongoDB TLS cert) lacks AKI, causing TestKmsRetryProse::test_kms_retry to fail on both macOS and Windows when connecting to the KMS failpoint server on port 9003. --- .evergreen/scripts/setup_tests.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.evergreen/scripts/setup_tests.py b/.evergreen/scripts/setup_tests.py index 1765f03c38..4f5da987ed 100644 --- a/.evergreen/scripts/setup_tests.py +++ b/.evergreen/scripts/setup_tests.py @@ -389,7 +389,7 @@ def handle_test_env() -> None: # test runner, so no separate write_env calls are needed. certs = ROOT / "test/certificates" os.environ["CSFLE_TLS_CA_FILE"] = str(certs / "ca.pem") - os.environ["CSFLE_TLS_CERT_FILE"] = str(certs / "server.pem") + os.environ["CSFLE_TLS_CERT_FILE"] = str(certs / "server-kms.pem") os.environ["CSFLE_TLS_CLIENT_CERT_FILE"] = str(certs / "client.pem") os.environ["CSFLE_TLS_WRONG_HOST_FILE"] = str(certs / "wrong-host.pem") os.environ["CSFLE_TLS_EXPIRED_FILE"] = str(certs / "expired.pem") From 31e939d2dff7bb10055aa0e5a25f873519d39a77 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Tue, 9 Jun 2026 18:07:24 -0500 Subject: [PATCH 18/28] PYTHON-5040 Make CA basicConstraints critical, regenerate certs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit RFC 5280 §4.2.1.9 requires basicConstraints to be marked critical on CA certificates. Python 3.14 / OpenSSL 3.x strict mode (enabled by ssl.create_default_context) enforces this, causing TestKmsRetryProse to fail with "Basic Constraints of CA cert not marked critical". Change critical=False to critical=True on the Drivers Testing CA and regenerate all test certificates. Also skip PEM files in codespell to avoid false positives from base64-encoded binary data. --- .pre-commit-config.yaml | 2 +- test/certificates/ca.pem | 28 ++++----- test/certificates/client.pem | 78 +++++++++++------------ test/certificates/crl.pem | 14 ++--- test/certificates/expired.pem | 78 +++++++++++------------ test/certificates/gen-certs.py | 30 ++++++--- test/certificates/password_protected.pem | 80 ++++++++++++------------ test/certificates/server-kms.pem | 80 ++++++++++++------------ test/certificates/server.pem | 80 ++++++++++++------------ test/certificates/trusted-ca.pem | 28 ++++----- test/certificates/wrong-host.pem | 78 +++++++++++------------ 11 files changed, 294 insertions(+), 282 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 00026f8661..e21b4e7eb0 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -103,7 +103,7 @@ repos: # - test/test_bson.py:267: isnt ==> isn't # - test/versioned-api/crud-api-version-1-strict.json:514: nin ==> inn, min, bin, nine # - test/test_client.py:188: te ==> the, be, we, to - args: ["-L", "fle,fo,infinit,isnt,nin,te,aks"] + args: ["-L", "fle,fo,infinit,isnt,nin,te,aks", "--skip", "test/certificates/*.pem"] - repo: local hooks: diff --git a/test/certificates/ca.pem b/test/certificates/ca.pem index 1d94edbe29..452e76db6a 100644 --- a/test/certificates/ca.pem +++ b/test/certificates/ca.pem @@ -1,21 +1,21 @@ -----BEGIN CERTIFICATE----- -MIIDfzCCAmegAwIBAgIDB1MGMA0GCSqGSIb3DQEBCwUAMHkxGzAZBgNVBAMMEkRy +MIIDgjCCAmqgAwIBAgIDB1MGMA0GCSqGSIb3DQEBCwUAMHkxGzAZBgNVBAMMEkRy aXZlcnMgVGVzdGluZyBDQTEQMA4GA1UECwwHRHJpdmVyczEQMA4GA1UECgwHTW9u Z29EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UECAwITmV3IFlvcmsx -CzAJBgNVBAYTAlVTMB4XDTI2MDYwODIwMzUxNVoXDTQ2MDYwNDIwMzUxNVoweTEb +CzAJBgNVBAYTAlVTMB4XDTI2MDYwODIzMDMwOVoXDTQ2MDYwNDIzMDMwOVoweTEb MBkGA1UEAwwSRHJpdmVycyBUZXN0aW5nIENBMRAwDgYDVQQLDAdEcml2ZXJzMRAw DgYDVQQKDAdNb25nb0RCMRYwFAYDVQQHDA1OZXcgWW9yayBDaXR5MREwDwYDVQQI DAhOZXcgWW9yazELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw -ggEKAoIBAQDPCKTzQFxW8ye5s614v9LnYiSJukCiwQH9dPlj/T//ll4KUNrK7pti -gZ84MvoGBKWGmEQIijP66TwwufsuS9st/whiLHXn6g7FdN/S3V5UTCIzOKdO1Usl -QMwxafOYO6dvwplT0yEoZ4NUwcOkJHEMEB0JAUa/tb1vyCMZQ+Vryv44gO34deE8 -Z7Z7RX8cuAbeVkh27kvpiOmt/HhvMjsyh+2EAvKPjkl+A9frXl8gVRUY3sk+quTr -XlRyDAy+5BVONWpZGksB21jft/rZaGLzjFPg8qNYK5bShlzZgWunl5vQiaGJZf5n -Cp4CSCANOG2d0BnBTSlaqevcKIqwQ9G7AgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8w -DQYJKoZIhvcNAQELBQADggEBAAL3IR9nsT59HTX+/jYrF96eicKlKQv8MS46qzJo -wArUa8mtj2Ro2rAFsa14dEjcDihgbyxgD5BgQAJnFXpkHqMnhPGM525lqOLCKju+ -DJTS6T9dl6evj1Qb+rdi51C7kUxEgtHRRsK8IeKnQ/j7aF/vrykRdt5Mr/xL8zCE -pSJzW6x5gRhDjj6pzyjC1KWOOMXNnfAVd0GSYa+JQ3WlWPfGDdk8pzAVFb5E+U1a -u29SoTIZkSyySHiiZ//2+ZIfZR9xAosIamMMZN+I3r2OUTbbPmA6ge0FHnnIq+ys -tk0vMVlmcPcXXEdwBksyIasMM8ljSSfXYQ9v5BvBGBFEDKE= +ggEKAoIBAQC7IaiW/jJP1/+7BRElB8J/Rm9ZFQ/FX5rRd5b33qbLGW95yX131Nv7 +kCMuAxcB/IDl50VvZjonAmM9E+QYd+sRxnQOcfPb4kpB0QOPRQUUqU0NPP9qjFI5 +G7+mebzZNOG7YwLPDqJCQVKOPZ6QoYzX/nheS3j9w8yFEVSgryMrVA7wVHH892rA +LtSFBnfALvVzagxoHeOds+tJof9AsRyyunU7fOJSEmppg6MTlelHLc+tTa1vuYjs +sHmWjeswCVSY2H5+rXzRXx+yOmpZqOfErbvi6yFWdbOBd42CLqRKinlSo6eZ9BiJ +YyY504Dr3ZS+TXz319rRQej1W4S3sEzJAgMBAAGjEzARMA8GA1UdEwEB/wQFMAMB +Af8wDQYJKoZIhvcNAQELBQADggEBAJuMBjQ0V9K7ghanm+DLKoKa4WYmLRFuoYBg +lt3zuf1tBL5f+MCUZrpEgQSS/FOVemnOy/bZVdJWQl11mB4A/p6PZPf/ExNOae8V +AKT0S/AUV489dM1JkpepKw2e7Fd9CfjTcGfDZmMbBGCrLVXgzBY+xDp5BlJQ8TRf +ClcUU6x94xKFRNvVRwI5JZypaxA6Y28R0fa9Ym7Sb+dAJ+xip9Bai0b3b3hjE90D +8l44bBpO3WBx072Xn6Ey1AyJ8TCNQ9fRKmA4QHk7f7kj/YFlAu6+Ny4QXGkykhEQ +lbixxC7fH0u5MwnxKUKOwaooBbyT4Xcgh0bM+lyuqkCVeT4p93c= -----END CERTIFICATE----- diff --git a/test/certificates/client.pem b/test/certificates/client.pem index 1891954636..14c1db8736 100644 --- a/test/certificates/client.pem +++ b/test/certificates/client.pem @@ -1,48 +1,48 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAtFFpcEQKjDygcF0rleKtia7bV9aiw9d1N7bGT/OjrhM9nmvw -NmVbT9aRB/Rlzn1okJG+6XADQ3BqXS9orSjI41+QzfzC0IPK6edrtKkKaxj99yav -Xw1inwNQl+pXe3pN6ea2G/TYifMAOGMNn2qdHlDM2vkCOdPQanBg99BXyDGEYLmZ -sMap834mYHoOP4daP5hy0YneKirTWJJmXMwjapglQ4ieAoIzEobMqkistTHsz5B1 -KR965YtM8F7JbxGbkKYn7UE2TFBbWXHXru7M3pWh6JorSzXxdLkJSkcB7paKAj6I -WLBT61s5KfmZpHmi1oEGkDlIhjFnXVpHrIrSaQIDAQABAoIBABAPVDHAjaPx3mRD -mBcwaj5iCX0oS7TforwElmMWkxR0+D785BckLd7NgHtR5CNg/ggqQvOtm0zNXVvR -ViReBo5hu5btFTjXFCKDDw+3IotpXW0+z83KdmctN2dgYsxHl1rmxn907jhTIUjk -YZk6OKYzkhtKpE0cNWrVeX142+ijggYMqpaU/O45oRfv3nLcyzc5V+TKvS6OwUhu -e8/0JBZWM3U0CwFpmxamZwpn3XMjBUgJ5RWEpb9jzR1iWcFs8x5/13tz4u3E4UlX -8QAuXf5M2zKWWB77kH7b+zt9tlxTd+ngK5quhE/zCmk7Reo8ZiKhzu6Y6f+eWyC1 -WY+jG1ECgYEA5nuspw2sx/6/0SvPHX5dgn31WgrzfJNjAnIeHcKsvDbEk+/EY/VI -SPXGskyXD/lZOISCt3Z6wLIxOuNRNEOlUA2uHNcFbdralab0YQNe0IEE9wBJWAuH -2YYeUIelEWMHsMzQBiCjQNq+4wphCKG4ziKqMgso0MQeXcmvsPr0FF0CgYEAyEf2 -2/OZcYnK8zOpIBbaBH2tIpgR7kXdcfBrlsgs/1NNzzF9yAtbfOTw+XsVOG4b9t4D -vGhnRTqyKM4j20PG+D/Hqyf62y+MtSckjElvhetSPFJXSP5YX6pXFqPNf00+OghM -Rzx5thvpHcD2xG8c6qyPquFvs5nif2CBvrFiVX0CgYB3hfc5AmxxonhSvsc/YkKX -4z4THc668avMnuVjRYtSZ4x1s0dDFvYPb/VEjVdhX0uXdZBcF8L8nuvMwAlicxoN -c6qxJgiYuX/VT6k3jgnjUqUCelGOqRwf/99En7NIWvSoCO5v3wkKHuYS01USptsx -euSL4yGdcbbVqDvGKb3duQKBgEZ5dDcfd84I854yfn+pKtxLsOGsaxrSAMM4G1O6 -aoMJuCaBPsZmoLHJCbZwBh6OOE7c/qmMf1JP/iL3roxYRCpUnxjt/4qjJ7sS4/xt -Vs3j6VMKkmZAAa7gDLcNuqDh+FSJWPX0JMvc9GGg5fRnOOCnCgLSQvEK5DV4Kw+D -8ZstAoGAWzq18c9rdJjyLHwysLdqABV46Lta7nigMawaANN72obCmLNxsB8Caqxo -nq5DLPZkN4cnL5x7KQp2nTSGd8jwIfejx/Of54MJy21TRiGIGvCxKRlzwmMUi0Jk -rmwtA2PllPLOt6tHGXECrUo2Y8cWJ3wwaQiMcsohiV576YBRD0M= +MIIEpAIBAAKCAQEApWhDuV3ooyJZMaCSmxp0GM6DrDUqfe7ycp/Pf+EIXnqGvHM6 +OdylU71eJicxVf+TJb7KbfsCw5MXsibOZReA0qtZzOHhKj51wl3IMc7nMOlQgLtg +wRgFv0TpNHlVTAo6/98QTvbLiZimW4EdEHcvnNlnHIKR3DUWcUdlDVf6rdETUOUo +S/AII6vW0BTtTyN9rWjU7tf8Wc8k7GROuBU86b6fXTHZ8LBHErRGA0+MVMBK5FBH +OLeihHmccMCMSohLC3UrJuy7ib9uO52QjLCnhs+1zR5y5ntFZAYrJVufjimUtfBT +eMCx1W+9pZQ0/bY54n2weWpwS+jayl05QFuOWwIDAQABAoIBAEN1nR1WNAGIijkH +xJMWfF/7pc8Pledrkxz1mZKNjDTAIwBrvEUJ/LGE64eC94eb5v7/a57kPzHVZVYm +pomrRsJk2QiK3SK1+6AMUJAj0r1rgoYmJaVK71kdOUFJ9ORAzeQ6LPQPil5xT/PE +2j4zZctCDWAezm8xhZgopomFJrtJgI1Z/H4zOAJQAWZn6pY6+t17ir4rSu6Q3/hk +qQ/LNyMlVd0tDSPxqh6mbCtGUnkAJec9Jp9Ok865kXGwcnqXDGuTLiz7MWLxxpCr +ImPSfDAb5SSRg68GOpmKN9jxP39adLYIeMm8FI271StLUxyhFrltEYJn74cwgokW +JtbQHSkCgYEAzvwDuWreEriEIYvci9WYbLjfSWhrrjBBguOjocCiN8VZysYe2T+O +srpgiqqujhxXNvvsiT8ECzxsyY2a2cbKMfMemkDUsMKp7HHJvbKTTYVJU2MezVa/ +VT2YbztyV4SMTlAf0XU7YXKK+7xkGqgQMbhAu586Dcgur6oO0FwU1eMCgYEAzJO5 +k54oXSj92KcJO/FbIONjnp3MHaSAG9eLpNNvJEkicR6v3pmNcaa4jKScDabhKj/B ++XpTFrwpsIstIMnFNGP9/jQsX0pxHlQOl6gpsn/CamXCSfpuezZYCWCaZjdZSBkO +amcLe1NIalIeEZwRPgfFBiK7UiZTAQCMoLYfDykCgYBFgrrZdPs5PEAbZ/Xb/BJh +SMCrzWaEK+6EP2B/fMq9gghCocBQYxjQCulLCEDwtrHPZFEuUjxQba13DpgXVLwo +hCYd1XHYHrekER6YFzWCziUu3NXGTcCZpsLfcA5ZN8lKr3vQAte7RRVJrx3LGe++ +UstidvmvETAkjC7HaHUS0wKBgQDEV6eNYQbWWog/ThlTuZI/n122FzaW4JG/pwC0 +YeTSi4qNzOj4GKGjCWMoQLgxdg+2z9hoixmBwXe1o+3dASnO3YUhW4uWrUih1gTn +UxMp6Op72Uw+Wid9A6w828V0Av0icEHgpyNi6oye1k9bkVEPGr/i4qSr9HJHjPJr +MD/g+QKBgQC+MZgCROT+HwQGMIqAZVPpX2u6yJlPbZH5xYhmDWn6axdK/pdAagE4 +8sAPGSw+2QIEb2bDm7qdiJQeon20BP2yrg+/yxurHSWTIVchBrLHAp5/opJXuD9+ +TBZYLVDj9tylk9Lkm2mr/GB6l9Ho9LssDsyRLYe4BsQck5idAhnj1Q== -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDgTCCAmmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADB5MRswGQYDVQQDDBJEcml2 ZXJzIFRlc3RpbmcgQ0ExEDAOBgNVBAsMB0RyaXZlcnMxEDAOBgNVBAoMB01vbmdv REIxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxETAPBgNVBAgMCE5ldyBZb3JrMQsw -CQYDVQQGEwJVUzAeFw0yNjA2MDgyMDM1MTVaFw00NjA2MDQyMDM1MTVaMGkxDzAN +CQYDVQQGEwJVUzAeFw0yNjA2MDgyMzAzMDlaFw00NjA2MDQyMzAzMDlaMGkxDzAN BgNVBAMMBmNsaWVudDEQMA4GA1UECwwHRHJpdmVyczEMMAoGA1UECgwDTURCMRYw FAYDVQQHDA1OZXcgWW9yayBDaXR5MREwDwYDVQQIDAhOZXcgWW9yazELMAkGA1UE -BhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0UWlwRAqMPKBw -XSuV4q2JrttX1qLD13U3tsZP86OuEz2ea/A2ZVtP1pEH9GXOfWiQkb7pcANDcGpd -L2itKMjjX5DN/MLQg8rp52u0qQprGP33Jq9fDWKfA1CX6ld7ek3p5rYb9NiJ8wA4 -Yw2fap0eUMza+QI509BqcGD30FfIMYRguZmwxqnzfiZgeg4/h1o/mHLRid4qKtNY -kmZczCNqmCVDiJ4CgjMShsyqSKy1MezPkHUpH3rli0zwXslvEZuQpiftQTZMUFtZ -cdeu7szelaHomitLNfF0uQlKRwHulooCPohYsFPrWzkp+ZmkeaLWgQaQOUiGMWdd -WkesitJpAgMBAAGjJDAiMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcD -AjANBgkqhkiG9w0BAQsFAAOCAQEAV9z4d+BQU3r5U8Nuw+MdAe9filIlbbMZQOgu -i9pknDYb7OUf1S7c2fNIUjt5/9LspSDmi0FO6xIsW5ZYDH99/eP5/gL9iBCYho2d -g+awZenny7IGZjVIpsP184vZJfyZ8kWvcFPX3D/HP6Sz7nWe5FwfUnmyfKRLoURY -gS80HsxxincfMRw1D+vNGCXcsV5S+3NMe/2P88XWM6ka240Jj/GR4dCiEfw81Jl5 -5JxiRuKeaUyz954DmTljjiN8lCJVGLM1UXVUam2mDStkITgknYjo95IWWnddHzP1 -ZBBVw/u7dr0T4alJ8JZGtnrmwIwvDe+64wUEcbZH2XV2JVksXg== +BhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClaEO5XeijIlkx +oJKbGnQYzoOsNSp97vJyn89/4Qheeoa8czo53KVTvV4mJzFV/5Mlvspt+wLDkxey +Js5lF4DSq1nM4eEqPnXCXcgxzucw6VCAu2DBGAW/ROk0eVVMCjr/3xBO9suJmKZb +gR0Qdy+c2WccgpHcNRZxR2UNV/qt0RNQ5ShL8Agjq9bQFO1PI32taNTu1/xZzyTs +ZE64FTzpvp9dMdnwsEcStEYDT4xUwErkUEc4t6KEeZxwwIxKiEsLdSsm7LuJv247 +nZCMsKeGz7XNHnLme0VkBislW5+OKZS18FN4wLHVb72llDT9tjnifbB5anBL6NrK +XTlAW45bAgMBAAGjJDAiMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcD +AjANBgkqhkiG9w0BAQsFAAOCAQEAl8eJAHr1qVNsFXwzyRlcOqa5luOfNniWuAV/ +/+ypN+qwD9QjJLLooawoIon3Wf0gnLbdU8oQZCpFEXUki9gKCvjdT9W1sgkJKKi4 +/kob+/RHa/GNPJp+4yyZF16uF1blhVMqhYPAx3TrKaEiFzHKTduh9DOxsBCHkteb +9BzR8EzVrYzbi1cJL9qBpXMy8ZELb1LG9y8t6gx3955v3pP0LdxYfe9frN7MESC1 ++9ZPXOz3YcJBDSubibpvU7a44XDpfISdX7QauNsO8JVDUqLNWx5SgZavDYs2Czff +H3I10vSZrvhZC+nNc+FWdINJzzqBaH758yDOLvlM4/yQXbyywA== -----END CERTIFICATE----- diff --git a/test/certificates/crl.pem b/test/certificates/crl.pem index 1eec0276dc..89895ff340 100644 --- a/test/certificates/crl.pem +++ b/test/certificates/crl.pem @@ -2,11 +2,11 @@ MIIB2DCBwQIBATANBgkqhkiG9w0BAQsFADB5MRswGQYDVQQDDBJEcml2ZXJzIFRl c3RpbmcgQ0ExEDAOBgNVBAsMB0RyaXZlcnMxEDAOBgNVBAoMB01vbmdvREIxFjAU BgNVBAcMDU5ldyBZb3JrIENpdHkxETAPBgNVBAgMCE5ldyBZb3JrMQswCQYDVQQG -EwJVUxcNMjYwNjA5MjAzNTE1WhcNNDYwNjA0MjAzNTE1WjAUMBICAQEXDTI2MDYw -OTIwMzUxNVowDQYJKoZIhvcNAQELBQADggEBAFWjb7KWnb2Dibdb9s6ll5xfoHj1 -jvhIOzzCjfglubDdSgylYwRuoggdYdCZBoUDWU9V6rFcdNKtuVYPYS0SO8m8S5ob -oamz5gEEUari61sUJ3GU+TIYIVn+clwgNwYY+gcXMiv401SEpSZgz7v2FtV60uq4 -aM4xZ25tmPKl9OzJNQkyOeDJXNx4WvSrkCL90CsChv8t8bOP5vA6GSUjHuvaRV2b -ThQBXnwdEgHk5kfotVKarmnlgTVrPm6yz1ONyyKsCzRlubiUnkAE8ct5Z36LsEwj -VdGryqZVpmjbssCLLKRjIVZ4rXFZcI5zsxSVN1u0Bkob9eNMaItw2j5Luc4= +EwJVUxcNMjYwNjA5MjMwMzA5WhcNNDYwNjA0MjMwMzA5WjAUMBICAQEXDTI2MDYw +OTIzMDMwOVowDQYJKoZIhvcNAQELBQADggEBAGcqL7m9i4YNsx4+Dj4QVJrp3KNi +lAgL06eytsKO69U7Z1pcr9n9Zyfk511sHQOjk6JJGh2+JxIe3UkZmpVL2MJ6s4kt +YpOLOlGBkPS38+8hFKL2UOwc6ue1oAVxR9qvGoysiaJEZKsVd2PT7mHms52iNdDb +tZQ42Bw/CGYArUgq5+4Wly2f0M7CmcQ8n3P8dZ/hESZaBA/vnkx2faBwSacuCduU +Ao+SxLDktdqHOLsAD4eA1waUMjuvY2stBlPYFLl4mr1uNlmPZkWSObD1AZXBKP0V +ov215QwKR+al+feMoqaMvnTbY7wUORx7AuXU1loy6sEp2OncXQCOq7/5ICs= -----END X509 CRL----- diff --git a/test/certificates/expired.pem b/test/certificates/expired.pem index 73debaa250..7d841e46eb 100644 --- a/test/certificates/expired.pem +++ b/test/certificates/expired.pem @@ -1,29 +1,29 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAmhB1ikvQK2V3XgTbUIKHZ2o+CrwnLQrDE0itRjT84HuCSAl7 -bDEp2A9+i0OfM1iSYzzfNtfoyEXj1CQFaPnOZQ6TnSqXiIWCeEFoFCXGQbOINYtt -C6SYIeZRd9PrN4L8S3ecab4FPPVrkMJmz5HSBUYw6DbxM0Qxt0kQikc94G18DbqE -pdi3oiJvimoqdyXoCD7lNdmST2GtZjm3lWmgqf7PKblbdzE7punhqYOMFYE14gtG -o6zjuXclS7fw0BexbJj21KxjwnLHadKv37WJpEEDZOvRgaMQvYMo5ULqwMBgIJAz -Biou72KeorERrWzesdkgqX9N8iIaDREAbTcDOQIDAQABAoIBABsfxTXrOZP+Wfjv -VXZz+KdcJN6qeCI9uBET1U/cQd462Hna04Q9lp6fwbl+lw+I60L2A12KP0VNSrp9 -egdcnbociiAcUM/8I3eNGmgbq29DTrqQmMr5OECVpme4o3ujP8yAm0Thq9Xq5nx2 -wXePdoCvtioYDDioq7EXd8ZEmzABCKi04imLFAlWjlzmQyL4m21JnQp32PeOT8vr -hAhogMqjdU1VFVt33FS+ZkCXZtxvBTKNTz8J+0ihBZmo8hx2yIax1yG9LKK1GyrQ -v+MjKP28OdMi3fp8A0dSia6H2mjxcySiw2FeZ++1KEwENEYHBDN9g81JaBlvhpUJ -iOK94gUCgYEAyz6MpqjLXnLT+Vr1og2w+ljMaNd0pXlBxKZBhAtl9F3vJEDK7dm/ -b6niAzQbu0DNeDiOB8vPi83an3DSZsLwZ1LjkH61ws8EMG3IflQluP2C4oxdG1KE -sfcMmAXIq/8OQWKmFvda1vMfd3myeFEHHL6fvUeQDCUyfoRvwWFnz5UCgYEAwg3t -xvLm2h8L/u5LZxwI/C0DmT+6h6Sw8wiz8wsA7x2rBGw4aY27MjUdUu923BEU0UeF -pdPwIPR5UtOI+W1MRojKh/9TwZXNf23cgX+wzetKVpMySIcaBtzU8EPHacEPnrtM -aiRvnF0KTdV6EE5lhQNds7REJbWriBuHI6wYDBUCgYAIYrxK5AwACZzVXPtlhEsZ -CTDl4n3dlfMwuetaF15NhtKnHEVDKwjLAqdgmnXKdBIGM88oYzBdBFFQ4sbLlp90 -o+bfv1qgfwodNWpgS/iCeXM9Ba2RwwXWkerjGtn8vrlH2Vog+HO3CrDxrQPAExfI -B9VvadR3q9E5hx1VTT+LQQKBgQCMPEambKlZ3e/sVkcVh5QSsXEVUZG6LtFVgOeS -b1RIeRc6xf5qgWtTmEDNy5II7SsvJlG2ChhRqHr42Tf2kP77RiWe7GyZzGlKeplM -2HtsBGqfcBZ5hXDQnswfqcu1aDiijFZnqlciF7a3ktt4Zz9ERa90i4RoAAarAMHD -jL2AFQKBgQCtWsu5rWfqCOq9zW6HBlwQJWFOWUBIYnlBaN/iSMKqPpOTYKvt0zCs -pikjB/aXbLd3+EAxo4mjJo9NZ257ioWVzQvbjlh8lSwb3Vb2FHIBsQaDFeIFlakW -kInm2dorlFUcjul4CCNvhi735WIbaj4BzBw/kCj0uMtBvesDk0y4QQ== +MIIEogIBAAKCAQEAqFk51RFy2K7WgX3w7H7YLen/+gOYpKslQ5uaOWATUPIrhJC3 +Kndf92o6/E73j6h44wTW5xv65TLtIoQbk/WJIO9q4J8V1OWRz5HM/P0RsSceR3aQ +Q7UU6lMVoBq1s2Mz9RF2rLIL4MSjKseZFXkI1qFYae4AKot90F/xUiFWWL+WSF7W +gPt//Y4ykzMO4py5oB+qhV5bzvlVGLuXuK3UDJ0vtBmeuwUMvtXQLIhxVkiw0HUi +Yx8OqkCiOVUSjwF8GQmIexOyCAUSZUuX690CKkG1PCUO49ZZHkZSwr+n6OCdYLdp +NDpVwLs7dLOWUnH7bK8RF7kSvUSVwGaFmdGPOQIDAQABAoIBAAdPnax4RiStHh1w +SNvaa9y9mGtlB9Zh5NvFaIqUlq4poDRw/PVkCwfBhieCLevgGQTh50vQ2iHlRulc +c56mt4J1x05TNlVhNWZ+alizzFaFUIIxvtTj6rE887fY5Rpx5NYgIKdiEZQ8senY +Eni9YYIBrodmKb1vQqLfockrb7appEforL55qmj5wMVFAiDCFDx+CcRBhFocJkbv +NYleMn83Pyqu9ruvuTiwMNDD7M5tmJqpznPAo3amP+sbQnCxzwUmq6x6+gQP17Pk +CZCKwCfrbMclX0txeyOpnmiE3+XqDt9KnXS2Hl2+tOwHxoT1hj4fICam0eIshPBw +tR/9SMECgYEA2205J4PBnOelHrpHa6Gfv4PlcW0knz3fKDemRUcg4tOO7WtSa7VC +vQuFKzGJGROIFlSKlVoX8UkKtNGV0bdGFPoM+/D9Gm3GOX3XcdRAb7CJCFkTXm9a +7eJ0J5tIyx5bkq42udLhNUOXWCI3a1PFMHHXPs/+Ekj/tTsrnAjq20ECgYEAxGiJ +UdXwT0Gnqf02H3gP4Kj9+BTiG36KEXAZm75JtTmSzmH/GPgokRPHmU11AuRUAyAI +RJmqWVCNItAaaQTz8ubutoIukDkxv1l2VYJzjMKA7JujRgq/TIEAKKVO6TkF+jG+ +sUMkTHON5deFarCY376USrGwxGSJfw4u+jBADfkCgYBJqmePvooXlSU4Ja2oksBA +2ZUD+XJcC7eJlvU5OOHvhLrtNiSbiGT5do6kq6KtSoNbi9JixbZYCP+RKPO1TmQ2 +0qPdSVCPuN7dmkPkMS/Yz1mR9eWsxJGwX2BDk7xihLSVj+tLg2KcMS70JbiZTaxb +0TxEGCviE6PVQiIn5k6CgQKBgAbNkCQTgvVb0tDigmNopzQi5lkXcBV/toyQE3L/ +jlIGon0fi9RzlAQiaUF4G1t0SSyqiV7G682YKqtQBfopP8HkGdScgbxhHsX/9UdU +82emvQx0/5zHdoTR2w2NXERbw0c9Pdup9bHoNrwFUQu2/jSRx1Um/nZu/Qw3k4z6 +6t0RAoGAWRPktUYyNZGCPlWz6zRIvxbU1gSosrskmuorXOucPOi2KgzCXS4Ikzg+ +Q/5/iL54D2OqNku62NzTBMf+dQ2SJdo9QVTpQczEIQhF1tDEFECDtYS624Y6MIkQ +FdeP62RzhntpTKJZeZm3SAQc2znPG0JhovPpfKh4u2sx3ALczK8= -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDtTCCAp2gAwIBAgIBBDANBgkqhkiG9w0BAQsFADB5MRswGQYDVQQDDBJEcml2 @@ -32,18 +32,18 @@ REIxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxETAPBgNVBAgMCE5ldyBZb3JrMQsw CQYDVQQGEwJVUzAeFw0wMDAxMDEwMDAwMDBaFw0wMTAxMDEwMDAwMDBaMHAxEjAQ BgNVBAMMCWxvY2FsaG9zdDEQMA4GA1UECwwHRHJpdmVyczEQMA4GA1UECgwHTW9u Z29EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UECAwITmV3IFlvcmsx -CzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmhB1 -ikvQK2V3XgTbUIKHZ2o+CrwnLQrDE0itRjT84HuCSAl7bDEp2A9+i0OfM1iSYzzf -NtfoyEXj1CQFaPnOZQ6TnSqXiIWCeEFoFCXGQbOINYttC6SYIeZRd9PrN4L8S3ec -ab4FPPVrkMJmz5HSBUYw6DbxM0Qxt0kQikc94G18DbqEpdi3oiJvimoqdyXoCD7l -NdmST2GtZjm3lWmgqf7PKblbdzE7punhqYOMFYE14gtGo6zjuXclS7fw0BexbJj2 -1KxjwnLHadKv37WJpEEDZOvRgaMQvYMo5ULqwMBgIJAzBiou72KeorERrWzesdkg -qX9N8iIaDREAbTcDOQIDAQABo1EwTzAsBgNVHREEJTAjgglsb2NhbGhvc3SHBH8A -AAGHEAAAAAAAAAAAAAAAAAAAAAEwHwYDVR0jBBgwFoAUGNqWLL14sQKUElEgNjmw -YzBeeSMwDQYJKoZIhvcNAQELBQADggEBAA6yyK0AMnnUyEJ29ZTKOHREgklO+VcZ -j3dEYyqz+86NejotWBEDgDrfcEoLP4bACAvkBWo6SFbIL0PnpyA6qsHebLxgRHgg -0v/b+An+R4Qu3FSAGPJFcFHiVnxarMuCZ8h7B7Gx7mCKeStsAYlCbQmqgQaqrieU -Z7dHhmOwLVhniN+skdM+8gc3NWxPaJjYREzNBbzp1OvT4vDHqxMywnpSPhvfNOoY -yJOERR/9NrKtPvAb/CXwOTkU+ae6ZLrn9XiX2ooja2kXiARNYCNknYD3iTD3M8h8 -ySxdscA1S07Y+gJ8vd9B2T3rXKzNQ2ZD4v5a6pDv0pDV9DEQagfDlTg= +CzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqFk5 +1RFy2K7WgX3w7H7YLen/+gOYpKslQ5uaOWATUPIrhJC3Kndf92o6/E73j6h44wTW +5xv65TLtIoQbk/WJIO9q4J8V1OWRz5HM/P0RsSceR3aQQ7UU6lMVoBq1s2Mz9RF2 +rLIL4MSjKseZFXkI1qFYae4AKot90F/xUiFWWL+WSF7WgPt//Y4ykzMO4py5oB+q +hV5bzvlVGLuXuK3UDJ0vtBmeuwUMvtXQLIhxVkiw0HUiYx8OqkCiOVUSjwF8GQmI +exOyCAUSZUuX690CKkG1PCUO49ZZHkZSwr+n6OCdYLdpNDpVwLs7dLOWUnH7bK8R +F7kSvUSVwGaFmdGPOQIDAQABo1EwTzAsBgNVHREEJTAjgglsb2NhbGhvc3SHBH8A +AAGHEAAAAAAAAAAAAAAAAAAAAAEwHwYDVR0jBBgwFoAUklEU6qFiRqDnOtWJ4nkN +OnNtMmgwDQYJKoZIhvcNAQELBQADggEBAGdq+EvG7FsmAYu29Nw9Wz/K8Nz595OH +J9ugYVAbarV+ik6WzyUiuY0wvjydeqzxja6bD5JYtyxD43eInOMQStgYAnZOiBzl +W9tsP5d7/BNp2YUpV/8rPlta666wWpXjmf8/zoh+ClZTIUze4+kRsls/n9A9biXq +/X2+KdAShvkeRTL6AlX0ywuDplGKw77dwNGeBYldgGIZVW4BzevVRqdHScsSLR2B +1iLteAHtcSZwMvuvL3p7PJOOSLu1AFNW7LYmuqvjswQ7Leu1/EjCDGQrFH6rmlsI +SfKmKR/QJtXywpDNOSl70ElaGfU4614For9JSVcWbj1pJDZVuDPeKXg= -----END CERTIFICATE----- diff --git a/test/certificates/gen-certs.py b/test/certificates/gen-certs.py index 48cc2e8f73..72d2189011 100755 --- a/test/certificates/gen-certs.py +++ b/test/certificates/gen-certs.py @@ -138,11 +138,13 @@ def server_san() -> x509.SubjectAlternativeName: # --------------------------------------------------------------------------- -# 0. Drivers Testing CA — minimal profile matching the original 2019 cert. -# Only basicConstraints: CA:TRUE. No keyUsage, no SAN, no SKI, no AKI. -# Adding any of those to a CA cert that is NOT in the macOS system keychain -# causes Apple SecTrust to treat it as a leaf cert needing OCSP, which then -# fails (CSSMERR_TP_CERT_SUSPENDED) because the CA has no OCSP URL. +# 0. Drivers Testing CA — minimal profile. +# Only basicConstraints: CA:TRUE (critical). No keyUsage, no SAN, no SKI, +# no AKI. Adding SKI/AKI/SAN to a CA cert that is NOT in the macOS system +# keychain causes Apple SecTrust to treat it as a leaf cert needing OCSP, +# which then fails (CSSMERR_TP_CERT_SUSPENDED) because the CA has no OCSP +# URL. RFC 5280 §4.2.1.9 requires basicConstraints to be critical on CA +# certs; Python 3.14 / OpenSSL 3.x strict mode enforces this. # --------------------------------------------------------------------------- print("==> Generating Drivers Testing CA...") ca_key = make_key() @@ -154,7 +156,7 @@ def server_san() -> x509.SubjectAlternativeName: .serial_number(480006) .not_valid_before(NOT_BEFORE) .not_valid_after(NOT_AFTER) - .add_extension(x509.BasicConstraints(ca=True, path_length=None), critical=False) + .add_extension(x509.BasicConstraints(ca=True, path_length=None), critical=True) .sign(ca_key, hashes.SHA256()) ) (SCRIPT_DIR / "ca.pem").write_bytes(cert_pem(ca_cert)) @@ -381,13 +383,23 @@ def cert_text(path: Path) -> str: errors = 0 -# CA cert must NOT have AKI, SKI, or SAN (would trigger macOS SecTrust OCSP). +# CA cert must have critical basicConstraints and must NOT have AKI/SKI/SAN. ca_text = cert_text(SCRIPT_DIR / "ca.pem") +ca_errors = 0 +if "Basic Constraints: critical" not in ca_text: + print( + " ca.pem: ERROR — basicConstraints not critical (required by RFC 5280 / Python 3.14)", + file=sys.stderr, + ) + ca_errors += 1 for ext in ("Authority Key Identifier", "Subject Key Identifier", "Subject Alternative Name"): if ext in ca_text: print(f" ca.pem: ERROR — has {ext} (would cause macOS OCSP issues)", file=sys.stderr) - errors += 1 -print(" ca.pem: OK") if not errors else None + ca_errors += 1 +if ca_errors: + errors += ca_errors +else: + print(" ca.pem: OK") # MongoDB certs must NOT have AKI. for name in ("server.pem", "client.pem"): diff --git a/test/certificates/password_protected.pem b/test/certificates/password_protected.pem index b75d0931dc..907c7cf60e 100644 --- a/test/certificates/password_protected.pem +++ b/test/certificates/password_protected.pem @@ -1,51 +1,51 @@ -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: AES-256-CBC,C0A455BA629E0E4906FCB74274DB3E9E +DEK-Info: AES-256-CBC,1AB3C94672176436308209E474105793 -YobJKIbO9h4eRPA6rzCOZX1z6UbmtcRqXbedF1K566C5iKfwt8Wx0dDDjKr0DFSZ -QzD/6j/4s/Q7f9TkOT2mi5lhhzs0STwg8PyumzhRiKQrDiLU52jxr2hIiw8Qk8Bz -FF6std0Um3VFCTTURIFY2YCU/SbM1tPVqDYc93oAsfODibzryA8+bU1FybNQDJPN -Z17D0igFR965N+xBKGQXSNR6IyjzURSfHVQl/eOfoymfbFKcMNEu1j5y10+kes4V -g8G1c9Wt0vfcnpGFQdTetN11ttv5pbQWb+qUp1kg5EEb7BOaEDVrZiMGTkUk1uct -S6/8nfBRkhEwbF7wMZyEjjdB70bRqLmLEAwj5MYrB4JzHgYKG8dRA4CQeeDBrMZL -NDR70G4lWmu+OPMgEbe3gdZ3sDJ0hd/A/refenWd5uRwa4/v35IZUpodibxk/uPV -RZFMQZM8+D25xhq+5T+UAaoUJ+VQYX0akxVSA0oQ99rZwaYuUHnnkgsM0x/Jdee9 -v0/2WfvEZnZjH5nx4YyfVHtY4Ig2JmEoAQ1w1/LTl6yy++6kIUcwZyyKwQSLmFgN -54ad38Vc8VApwKGaS0ZA5Gb9wccNFs+BAKlW3Okz1I/gWAVGFLTizcympX34gcnR -Plhh0iMEGyoMT/C9dS/SK5n6rqPnZj+9hg9WYDPkGsaYnveLeREQihfYtDVsM0ah -TsFQ2kG4DTlC3sFYBXp9hK065yEiCWI66m6dzteczNJj/uz4Yr5g4oHZCRh6vjIS -lhG4pdpV3lNWgdjr5BRoPrmikMLo6b2wKZCH6XHJ342RLM1W/HjkqVozRgz7pI4q -wIIh0ph05G30kkp8eI0rm3WKadX1is0su0WwXNQY8zhnayIRJ5UeGEIRXFwSiEQA -vnNCWXzld88S5N9EPcxl5PYfa/LcrwA9ciK6xdiOPK2bXjqc76e+jxCyWGEdJbPr -l3pt2RA2kt5AUBYF98ml4WSA4MHpmw4H2hG1tTsKPgf+YLbGQfV0sdxjgeDhwItS -howVIVqj2WCKw/nUGIwwJy9CQxQb/eCvJ7hQixks2pFm16dLEnMOsRSdqzmvK4za -SbD3MbntkupYg+PcvGwZZW+BdKc8mRM8zrOPSLKmt188qBaj9N6Bfvc7FuayzgoW -tSKJC3n+t2UQJovKnJT+iXsId2R1eCDdfO/UXNTiuzVMS5AUxYDgatwtWT1AwOBP -b9ysFpQwVZ6ohx7rWxcXmfOc5j9RfGW8ODlgjClUt55J1WTV+dXCm2aB83TZ0oJN -jqJud/l4SL8nrL0YOiRQZxCp20wChu0D6XEz9Hn2HimOguGfZa3ugAWF8D2UkmAs -Y+QC6mPJaTTNJ8rl0FFroCTfOO8TzJ72BAbLIDh5DQzW/kIGGlGwNYDn0G+5MV0u -l+YfTECmjCy9ga+BcaSy6vkVx48nb2nvPLHRdDSfnbNg8bFmK5m3FoRkiNILmQwZ -Yx8kNmuy/Rthnl0ZUQvCeFAxD6BM8QaWY5lnRTGFAs8hg/ZxFPxOXe4njNgZCWQA -BmXRHTX5lQWzkGxGhOwiEudhlv2PHdNH9NNpx4ubDCqnY1Be4kut5E7BUmaOUo9M +9xXwggZIukBDMJ0gT7P1vu5S0dRsIeU7ANtlQXerQjnHsH1FgbYSsCz3tuNsEHKO +u/IqtlXtQVUIBZ+pU+PbhpQyge++5TkTQsXjZLXP/npECZ+Me4J95yCzSBN1Bbb9 +fZjwdRrGO5Gw04b3N0Lc8u7ax+THinadIACqPROFhrix6i8Gkm7WsbOPgs1iCv7v +dNS8xszjRSDknmSQ5M550uL+gAQkNgZ+KXsf6377Uj4O49m2By8DTjyhmeh2FMVA +fdj9KJ4U1iq8FQ86IfSkX7FJC9IL09/BDRCm4Tqnq6t6ha6+UbHnLFnVb2yeEyRd +V+KS+3F2NEdvyDh4+tIHN9aXZYDqsJ6bcLxI3sPQ7CSs+buhZ3kxSXOKhZBkL46C +Uvijstkil3BusIbEdhWA+XvZ0Xn9UHhr0EkRt29HPnVG18MG/BEg7+/bRpi1IuVr +qEJI3VxyWIgii62HEmY7ZF8eHIx7nQIrdYZehtKczUd2MDoLi5D/J71/7PicQiyS +Zm/qKkhAp70qZ65qkYsC7s9XZgkAOitTRya+IAM+N/U07IYR6A6AzsZsWcxx5nJs +e/qquL8pnmD+Se3JnoOxSuF6e/KxSGmhgRZjh/zn975D40Ok4xs9VBZC7SWtFFsW +5iVYYTW/hei22jP0aBkfaehubN+eA3Cumll28RarSzOIeF63F7TEwmDf8NgXqJrt +2QnK9pwejrkcPMyqV1Zk6Outy3mUpGUpLn/XZQvYHKHd7YOzO9oVdsGGaceyiGEy +jzeCzSNay9CgN3m3YeYifDKphV0PfM0tjQLagPnCkKsem5ipUzMTZPVaXqt1NA+H +dRR4SxUZ073y6b2f4gkMN+XflFMPlOhHGo9sDUFJQK3n4cbPE8kdEj+KwXcc0p5+ +R4qDGN2LvLyqUHwebAzsV9x0Jm9ROXfNOQ3v55MBZWttRgJOgnKoFsWc51RQLF+k +MZ9iRCG7FDfwxbCCouBGbdL/GTHu6AyRpdUML8zmWIic7jt0VR46dLHK1fnhABv7 +NctvCTY199jg6Yf0WcUiec4rUqroUmMO6TQ4osV174lzqM86AF3arabPqBOF/L+2 +JuXNLZeLtXp6g+tI5o+52z/CHgKy/fQcPLLxFqvyzEGjJplbQGeSJUVLfAESDcTr +s0gNM0el0Ly7ViQsfYZ+7hgGPOb622/Opf6GJhNu0U05UuAlGVmsaLXAtpWPx9q9 +Bl1Iqu6TdaFoaL4iMt4+eZFR1SrJlg5cg0bHBOi3zBJKUy7sUwMEk3ykRVpm54Yq +ROoW+Z+ycyE5hDdoo1PdTdngWSMmEdVybDiMpoG4jH+N4Ate3a+rfVUmpCydp2JB +W9RQxjCUfQXgYaNFYoRGt1kBIC6ysF2k4nCkZ9waBuzXs2PzDjLZvbNyAVFpjUNK +4u4thI9hISImXDfSb5N2lpSQt6+OR7XB2xQdVhP4FRQSh9KNtb5SYXhqGzvMvxeQ +7dPK2imlSKml6BUDRb8k5qLjb5kT+MYKXoswBAomSXqq5rkkoDkFi0WYM7f72XRX +Pc659lKRF0FKTPfWkXwWRZtIeogJiS88/7FsZ/efJbb+PqiDKZmq0HZmoc2AdUf4 -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDgTCCAmmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADB5MRswGQYDVQQDDBJEcml2 ZXJzIFRlc3RpbmcgQ0ExEDAOBgNVBAsMB0RyaXZlcnMxEDAOBgNVBAoMB01vbmdv REIxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxETAPBgNVBAgMCE5ldyBZb3JrMQsw -CQYDVQQGEwJVUzAeFw0yNjA2MDgyMDM1MTVaFw00NjA2MDQyMDM1MTVaMGkxDzAN +CQYDVQQGEwJVUzAeFw0yNjA2MDgyMzAzMDlaFw00NjA2MDQyMzAzMDlaMGkxDzAN BgNVBAMMBmNsaWVudDEQMA4GA1UECwwHRHJpdmVyczEMMAoGA1UECgwDTURCMRYw FAYDVQQHDA1OZXcgWW9yayBDaXR5MREwDwYDVQQIDAhOZXcgWW9yazELMAkGA1UE -BhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0UWlwRAqMPKBw -XSuV4q2JrttX1qLD13U3tsZP86OuEz2ea/A2ZVtP1pEH9GXOfWiQkb7pcANDcGpd -L2itKMjjX5DN/MLQg8rp52u0qQprGP33Jq9fDWKfA1CX6ld7ek3p5rYb9NiJ8wA4 -Yw2fap0eUMza+QI509BqcGD30FfIMYRguZmwxqnzfiZgeg4/h1o/mHLRid4qKtNY -kmZczCNqmCVDiJ4CgjMShsyqSKy1MezPkHUpH3rli0zwXslvEZuQpiftQTZMUFtZ -cdeu7szelaHomitLNfF0uQlKRwHulooCPohYsFPrWzkp+ZmkeaLWgQaQOUiGMWdd -WkesitJpAgMBAAGjJDAiMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcD -AjANBgkqhkiG9w0BAQsFAAOCAQEAV9z4d+BQU3r5U8Nuw+MdAe9filIlbbMZQOgu -i9pknDYb7OUf1S7c2fNIUjt5/9LspSDmi0FO6xIsW5ZYDH99/eP5/gL9iBCYho2d -g+awZenny7IGZjVIpsP184vZJfyZ8kWvcFPX3D/HP6Sz7nWe5FwfUnmyfKRLoURY -gS80HsxxincfMRw1D+vNGCXcsV5S+3NMe/2P88XWM6ka240Jj/GR4dCiEfw81Jl5 -5JxiRuKeaUyz954DmTljjiN8lCJVGLM1UXVUam2mDStkITgknYjo95IWWnddHzP1 -ZBBVw/u7dr0T4alJ8JZGtnrmwIwvDe+64wUEcbZH2XV2JVksXg== +BhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClaEO5XeijIlkx +oJKbGnQYzoOsNSp97vJyn89/4Qheeoa8czo53KVTvV4mJzFV/5Mlvspt+wLDkxey +Js5lF4DSq1nM4eEqPnXCXcgxzucw6VCAu2DBGAW/ROk0eVVMCjr/3xBO9suJmKZb +gR0Qdy+c2WccgpHcNRZxR2UNV/qt0RNQ5ShL8Agjq9bQFO1PI32taNTu1/xZzyTs +ZE64FTzpvp9dMdnwsEcStEYDT4xUwErkUEc4t6KEeZxwwIxKiEsLdSsm7LuJv247 +nZCMsKeGz7XNHnLme0VkBislW5+OKZS18FN4wLHVb72llDT9tjnifbB5anBL6NrK +XTlAW45bAgMBAAGjJDAiMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcD +AjANBgkqhkiG9w0BAQsFAAOCAQEAl8eJAHr1qVNsFXwzyRlcOqa5luOfNniWuAV/ +/+ypN+qwD9QjJLLooawoIon3Wf0gnLbdU8oQZCpFEXUki9gKCvjdT9W1sgkJKKi4 +/kob+/RHa/GNPJp+4yyZF16uF1blhVMqhYPAx3TrKaEiFzHKTduh9DOxsBCHkteb +9BzR8EzVrYzbi1cJL9qBpXMy8ZELb1LG9y8t6gx3955v3pP0LdxYfe9frN7MESC1 ++9ZPXOz3YcJBDSubibpvU7a44XDpfISdX7QauNsO8JVDUqLNWx5SgZavDYs2Czff +H3I10vSZrvhZC+nNc+FWdINJzzqBaH758yDOLvlM4/yQXbyywA== -----END CERTIFICATE----- diff --git a/test/certificates/server-kms.pem b/test/certificates/server-kms.pem index f3d9afe709..83c6fc0cac 100644 --- a/test/certificates/server-kms.pem +++ b/test/certificates/server-kms.pem @@ -1,49 +1,49 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAqINRxmjXE2N5XVX1a8pHfWFG93LCwzg/jrJJeWxC5mkULuby -vHO4Gt+Dl/4Q+MavDQCv1jykf29UXHotIgTjlfhMeJA/KXErwLAl/YYQ4+TM0PJB -A6P4HroXLjFcXNwAShUaMoGYwemGM2R6hMTocjwiophg2C8R86kZa8eabEUhK/s7 -9nu20jadhEPV/tjqDc7whZiLEk3r4C+AbwZYBq/XPmB4M1+se2mTHGGEvr1NgsEx -UJWbg6P/rnmD2XXTXwunqYM8FM6kGh9D8jLuygTVjAxhp0x3TdFNUaZEox61iIOn -wU1AkBqfYGec8cIiBPz34DeaPrx1bC4zIlUjmQIDAQABAoIBABORPBun7OGJeXxH -EPp1QJvkgdMV9luo2mh9d16sHZCXvwo7MxCC92vXbHZnwBzDJWyDGefsnsVVbhxW -64q5upude3O8fDkZtRTo32BzAt8ToFza5IXBsnwO68YnYSw/N6Fileordkt+DGFH -V5q3Kq6pIPR0cTppLNJ4XkVPpjTQGa1XImLaMwnhrhA3cN2QdH/K1kSKTzfgbs6O -qDZklkQSJbdpR1qwg0JM0yzkKp4dcVQcmhW5p8GVsyonUBdThxQI28X4q8CyB3rt -UXXGq3s1y4QHNDRYoDhO85sNijULGdtawxIJIr0B4rL6owP866iJfNCJZ9KHgxvT -LUnAiKkCgYEA5lqDEezrmOsXKscLWxIU1galh1cL0SsZ3VPjEc10TOCeKhd5fl0o -TDfsbG5UYG64gEu7qmKm++ke1kOzdvjiWJLFXqNsGvilVQAlpR3mmNRNZJyIQ8+8 -yy65GDvDERGJRLnkKHMl71Wiw0tgLjQEOkULbeS358+L+fv+EYbIMcMCgYEAu0Y9 -cCS5bio+d1FSApg3zCorbV/HeDtQoLbFLHWtVkc5YPBOBeGGGGGgoA/3OaF+IEDY -x4HSc1vmoAlWFpyAbQUyClu5A5hvRjA3xia2MSlpcHh5RtSj55DCF4yqTrrquKWP -vU9+A9oI/geHMoExKunSAawrHTWv/WDFdIhQg3MCgYEAiTzhm9tgHdHqEoVVoaNr -IHwDQFe+5ZZdKXyh6uhR4r9r273ylzNfH9GtnIg64tz0NRNpskBmJe0kfxkEodvz -1jtTNWf9ry/2KGcXBoGC8giCN2/+yw/H9fFXOzXXqKKe+oAZi3PW5PlLKDkPC1fY -MPMTtRwv6P7A8WWNX9nCCcsCgYA6LfAYTtBssSMG3nSj6bYr703ehMrrR0IdK6rF -zSk0jJv+yajzmsSV/n5wO4WKmekdDAhMssA2pm5XeY8NJ0GenOaW4TfxLgIjxAcP -wCcJztu63TKQFq902TvzJPgjzV3uT0EAhxmXCL2SbbRKtGgZ9NoROvOJ94vdI5s0 -QMUCkQKBgDl1k5z3irtvPyMYaor86aK41rIRKfIHcAgv/N76nyOTBipcTrjJSnIv -HCFWgR43PBqXKlOB4uQf7Tj3JwimVmQJcKeGqj/MBTFAq/mwOLzRy2nS84QDQ80y -nhNCOtRuObxvgc50WrQ5iGCX4qB1JOyCZkaCm/Lp6Ee9jCF3LS/O +MIIEowIBAAKCAQEAuFZEsI0K+Bb1/Nd+x0h6NrlKeVo0BS4e8lI1vMvmZz1L7TS7 +vBi24ZHR4aV6bR4J2U3rgx1amMbtyYaxAvcA6MsXjeBBXy5hG1at2oN7z/80m2Yj +vgdyUn6aLDMj30DoKNgS3SXIbGoMUNSsU43PTgQ+jDEIFkp7oSwJ6o/v/enxcu3O +OkOrhLql0gV8Jd4tQyT4EYfeoRxEsL1Cksvu7bERSI8GYartYhbAkRIOLpuo4mmy +vSniOJ06xqR2ZOpOufvAiLEq1/GGGKGlmpHUHeo+bqj3mvFlzh/xDP8r7GN/jaCV +JV7uwWafeCLJa1K6HBD7JHRxPez6PSfjVz+xMwIDAQABAoIBAE1jmm7sp+BD8331 +ErqjiPuUitmrrw9Fr6RYM0tR5ycMquWpL+/mCFFnINA04tMQu13JwshG+JQPYCEt +NP9jp7QUH41myssk84vAtjh43vAR2oorNXJAOhS8JgnMZpEB9PXA0RqbFCu/0e/V +eYuSi6fbTE8a/qQtHP4rOPaK+1yDtYELu0OrB8qMOBxmS9LbDFVQwPA9KlEpXYev +hiagi8JEEsGEvQqCCD37mNr9NagncBO/G5YnPBTLqAwbUyaWmtcRs7NfcdAXINJr +HBnY5XdaUVQBSpNcqljP4qgZtCyQyNoy4xbnzqrkovxiqkpoaGPij0SkndmuwGfV +mdFf8+ECgYEA8QYln72cjQRTKw4U90qAToaWIFvnAZcabBeJ8PyUfBXynhis+TG/ +lRNGS8Hsaex/FPg1O/vmLDTHnBDpmcL5PcC2aXEjT8DrSezudSYSfnjlRCTgqT7Y +PmXvBY0WkLnNwvdeO4IwPDYQjY441BqO9OeNO/eyaUXX04dk8rXoonkCgYEAw8pt +l21RBY0dJnZRnfyOdwbe/OrsOTk9M5EPA77CLEVekYEiInuI/a7uBImRh2btlrH1 +WW86y5UKZ6+mldPHLvSTkGWWoMsOCs5XOF+b8UkYLPAoOoRM1UEhFr8U8r/CoFRs +iu8PdReA48XyTqoeA+Bk+dF7uQv4QEXeBNSI5gsCgYBmQCBYC13N6WbLHjdAzedu +6OPpqHNxFkSMVNQdW1o25iy+a2N+eF95g+rPmt6L9VvYbpBO+Uelu2JvUDF6HOAW +FZqNUwUTAZoQC6cCJfu0kd9ZsHdq9ZFRr3bemQNYtKqZKs5cWpfSA3G0TADJ4taB +CXa+WQ/kX0/3mjn2Sbv+qQKBgB1pal8mD9bKpQdjHM2j4+7jfFn4HHZYL+ZwMxY3 +8Mlfvl4TTQJrFmAtiBnsZI03nBdYMmg1+loc0IxU6ax2POTD3usBJ8iN2FUtPBL+ +4dk0RspxZUmtGDGs8ACPweDZh644IHoagXLwje8pjEXe7lVcvy58Fp7sumVFWZ3W +I56TAoGBALamHe4tQfyet4kQrq9U6BYguv9LZKY6WrCpdABQm1yDM1VwOtLMCIv7 +R0GeAf1O0xRoM4YdZNPcNBOPDQbOdxxkoReI6eFU0oVrJJGwvUdOY1a7KnMSHVx4 +bAmhQEZhLvORlrEIeYrHorMXyw8M8ajieGD0mKYcc88WfuHq9IBv -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDtTCCAp2gAwIBAgIBBTANBgkqhkiG9w0BAQsFADB5MRswGQYDVQQDDBJEcml2 ZXJzIFRlc3RpbmcgQ0ExEDAOBgNVBAsMB0RyaXZlcnMxEDAOBgNVBAoMB01vbmdv REIxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxETAPBgNVBAgMCE5ldyBZb3JrMQsw -CQYDVQQGEwJVUzAeFw0yNjA2MDgyMDM1MTVaFw00NjA2MDQyMDM1MTVaMHAxEjAQ +CQYDVQQGEwJVUzAeFw0yNjA2MDgyMzAzMDlaFw00NjA2MDQyMzAzMDlaMHAxEjAQ BgNVBAMMCWxvY2FsaG9zdDEQMA4GA1UECwwHRHJpdmVyczEQMA4GA1UECgwHTW9u Z29EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UECAwITmV3IFlvcmsx -CzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqINR -xmjXE2N5XVX1a8pHfWFG93LCwzg/jrJJeWxC5mkULubyvHO4Gt+Dl/4Q+MavDQCv -1jykf29UXHotIgTjlfhMeJA/KXErwLAl/YYQ4+TM0PJBA6P4HroXLjFcXNwAShUa -MoGYwemGM2R6hMTocjwiophg2C8R86kZa8eabEUhK/s79nu20jadhEPV/tjqDc7w -hZiLEk3r4C+AbwZYBq/XPmB4M1+se2mTHGGEvr1NgsExUJWbg6P/rnmD2XXTXwun -qYM8FM6kGh9D8jLuygTVjAxhp0x3TdFNUaZEox61iIOnwU1AkBqfYGec8cIiBPz3 -4DeaPrx1bC4zIlUjmQIDAQABo1EwTzAsBgNVHREEJTAjgglsb2NhbGhvc3SHBH8A -AAGHEAAAAAAAAAAAAAAAAAAAAAEwHwYDVR0jBBgwFoAUGNqWLL14sQKUElEgNjmw -YzBeeSMwDQYJKoZIhvcNAQELBQADggEBAIWpHelOqKcUHn7zksFmvBkOnhx7XaE9 -Ctw0/HtKOuf3i1NIgiRZK3OHP/tAI3IUrk4EccWrV/7DcLcJzaNuEivgg/gTdhKu -uwZysK6nEGmdz3afkSCnhyeYXV7Umx7UWv78Pm35ZOFinIw0jGjALfbq8GpRS0mM -0AGvPtzpRvAWokYdhpJBnm1ODfcSpxxvmXP6YQ3AeqcqSMkGdaRApYqspDFHi2a6 -c8Dl/dPaKkzUGhjBlhX3wgtWxr870Dj4P4dMzSyjjxRBv7dDQIAPfHbYrXM1TZYh -M7P8MeiCI8gGN7P4EP2DpqjHfd+OdMPo5ygn8kILcD0rTvTsTbnDXsw= +CzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuFZE +sI0K+Bb1/Nd+x0h6NrlKeVo0BS4e8lI1vMvmZz1L7TS7vBi24ZHR4aV6bR4J2U3r +gx1amMbtyYaxAvcA6MsXjeBBXy5hG1at2oN7z/80m2YjvgdyUn6aLDMj30DoKNgS +3SXIbGoMUNSsU43PTgQ+jDEIFkp7oSwJ6o/v/enxcu3OOkOrhLql0gV8Jd4tQyT4 +EYfeoRxEsL1Cksvu7bERSI8GYartYhbAkRIOLpuo4mmyvSniOJ06xqR2ZOpOufvA +iLEq1/GGGKGlmpHUHeo+bqj3mvFlzh/xDP8r7GN/jaCVJV7uwWafeCLJa1K6HBD7 +JHRxPez6PSfjVz+xMwIDAQABo1EwTzAsBgNVHREEJTAjgglsb2NhbGhvc3SHBH8A +AAGHEAAAAAAAAAAAAAAAAAAAAAEwHwYDVR0jBBgwFoAUklEU6qFiRqDnOtWJ4nkN +OnNtMmgwDQYJKoZIhvcNAQELBQADggEBAGxzwyWq4JRXeYvZXSa6p9eLGNjXgZRX +zNOQpDn+u+JaeHRyVs281gukfvqHgsAGnOhdo3fH16QDH/4mTU2avOdG/KfiXAlh +zZ6dynllLiwSzPn3ZIWVAWQ2N9baLEs81KHRVS++Ohvy+vBmMffy9u5kEhT43SU+ +TVK+I3YGLQ+KOghDCmNmbf+b6f5aTf4fqtaqjfta1c/T22+8nkeGKf1DZWKQF8TT +tikJW/6d5beNiguQf9VuFHNP20o6EDtdwdC6au7pzqO+SesYkBcDljP3O01y7JlQ +NooFttVNcLo+FNUWaxvcADikps7Jzkj9kKdHe9K3ayPkfi9JP6/pOEI= -----END CERTIFICATE----- diff --git a/test/certificates/server.pem b/test/certificates/server.pem index 1094551aee..42c3f2a54c 100644 --- a/test/certificates/server.pem +++ b/test/certificates/server.pem @@ -1,49 +1,49 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAq70XvXDbDgL9/DZ3529o5qIpP8J8eyWRaLHHdGyUDoclKdZT -xRrwv2yOei0bc4iAD2VTza7pwuCFqzpnLPMGxcHbOhfj+hiqT+WrUcGPJ8miEc2n -2bLvAnLk3mOCRZ3/DYzi20ig7hHWLFDmOtRywyA4UXiQhhO7Udzm52JsWn7IH5Wx -VxffRnP3w+/GHVcGcgv03Qwk/LSm3HvXS0n/Jbf3m+GxyvtY2d5an8po66xG/BVT -RFVExJHhxjupxLhTxbD8soBNRAIpYurFYBmRrYHaGRPHZb8mHWXlYzFrqGU4VLx5 -UY4q+dCyXfoEEVxuIaDSvBS52flni/oFxZnz9QIDAQABAoIBAD4OQMLKQc0pVZ9K -Cz+MaUpVNDR+0T4qUAWVn625AjLRsKMSeAiT+IQi9MS/AdlYbHWjtolu97bcLFC3 -9MowMrVInC+8rDsVqIzgP2x2VYUZ/b8TIeCvIGAxJfQZ3tvLAHtj+iEkeEouFcbD -oL2HQMSzIsaFmytne9tTx/e5/88eww3gRTtrmiy3PdImB7pD8DdxRVuwSk6x5y2F -/xZu/xoMHcJp/NW2y/Ey+gsDxuWnnaYLby2HJXZonwhMi6EM9B20614iVMVt6kb7 -04uQSwZXJr1v75VV+Q8PVGOwUoFKuABhTjd5KyOxfsK/L8i3J6ustPTnCNj2XRzB -lhtyNO0CgYEA2WcgTPCCvM4DnVEQ8xgZwUNggDiUaoCi+gNJQO3PM5RXkZqwhepu -6cKNxfCIB6W6PRcvn9QrZuz19PbIHQM7hZ3ylOH3bFeTgJRSnRx/IHMGw9iNF11C -AO6Xp932AbiH7j8hXkPhrhHhnSEX93NAqUMQXGamJCa74JgRolmL0L8CgYEAyjqL -/tc9MmE/BRYAEUYrgO1Q3fUVlM+LWNuxYt7sBF1w9kYfIxSrVWqhjDhedJYvZ99J -KiLgduDfZgRUUcopdKYxLaH3iM+avIPv2yDDZXiCO1B8V4aeOH1hw60+i/YZfTSb -Tfu+/RX6qrA4IFu+jtdROcR8oU99rMxruY8DNEsCgYAWwMdNpiJYtksEjPZ0KsKP -SojwAnvuBZaJCg0BoaH86PqdP45YBagkCPujisAB5ONv/1w5oxADzqsTPzzEZJE3 -M8eus1Oc4DGM1Hks/k2DzOYZWzGxD06YIGB47i8QEQsQ8USBxCL7f92X/12txT8w -N9efhBLBV9hz8hZuYmbSqwKBgQCJvLivWTBwSPXgY+yl11I4HOsQUiZh1b5GRlQa -UFUWYAJZasc4YJKVuevQEnCbHdOp/tXZYinaLi1aUaaQko4LykoCl6d+QlBVB9Pt -PvJ3AU5KUfZusty/Av78hNnuAC+6LIN+6PFbdYXmjeGcgIBYz+Sd4Os1/2tMr2rL -1tFK4wKBgDQkhV/TomlzUrzl+hgXdpFOVrKXj9uS5WQe1DQh59Ve6bZOfSDhHu4m -iICmJFVxbiBEBo1xBeb+oQOph8ovivyL/vhl58xg537/Ur0HjtRimd6cg/1W3Mxa -yGkIA8EtGWhYKsgGdrF0lEg/eP6J8E8RulyefFtLTuSy+Nt59S0L +MIIEogIBAAKCAQEAwi2f/878YomXyzlk00Mly9jvySMiQCVM8Egss2/RlgIpckzb +VpRyyRo72mO/7+w8JkNqqIjDOtxXaZGdtZmAJyyZ6GAiKWBRDhRHvUXtWYHscB52 +GO7E3WWk+hWPu/LwKNFgz44yJtXlWvuj2XG2Px3K/dtdSwTvKDIwCGLlJy1TNWTr +7/axSQWMJ5rH2OvUqXHy34FUjZfd1Lg2yNo8oJSv5sCzDi2cMiCVioJU7Qtmbage +l15tz6fTO7R77QlNzBPdm8A7hUlixYh76CrBYZ8YBNDhcNkrxQ2ePTq8T9vUPFJc +I5DcfeNNIya+YyAgP0ogK2/hvJk3BuqFJIzmcQIDAQABAoIBACZYeDY+G90hqtY5 +GU4W/onI52FjDMp6Ez2IIzu0I0FqX+DwiIgKfLh188fm1up8TkyIF7H8gAFJrgFs +/iX0kDgsOKCJC3X8TUVof9pCyuJYI+boPQ4jaMEH55JzW5UUHpUQ8/tI62J77vUO +qIayS/ke2w1SmpPL/6aCcrXVQceAdUqUwIUHQK7aFxRle995bB2NCPjzrmAM3c3K +KEBCzfGCZgq4o3427D7gRXOaGpsEn9yFfYzGOl5l3nUnC8/WMCjIfD6wpCKkQIdD +u3KnIx3cdM17MhlmC5laLJdz6XJLh2wa68uwlmChGSMrRATQ+2NOTs7RKPouH6xN +NQtC7PkCgYEA+RViWsF8jWBvXteQcW0AvwOor0PG46pBxaKTiW93rntSTlG+EBWn +0gc5e+NPcN9rZROcX1JIpXTcZQDgzwEGTDN35LSn3fcFkVOEWT33fKVu2eFIGYWa +uNXkYFzlqyhJ1JsUfJgR3oBf0wtzCLiYBS3D4hI8sPfhx586YnGuz1cCgYEAx5Hx ++B+5rl7RzAWxot/Oh5B6w7UdFISkWWtPUr71AahlzBkXZuZvWXZBpi09m5g5DMMi +DuayV8p4kpsWwIbanUobdRn0CDJvltNKssdEIEeSGpMYwIx+AQKXEIHPkewC833o +JW/0Nd23gSER67R7NGvjU9/WQ/f3SitrRce3g3cCgYB6YY9ZmAdiTydpKfDGShA7 +ychvlJV79oMqX56twB7Fk8H0ySThMkKqZvJPdHfrtVpG50PFceBPqwM+fRf3nUFC +32bg8AIqhNwvcyFr145pp763PoD2STaj6jOzRPFzDvB3jVqbfPwKnnh2cQGsH0ZS +BRJhWSSIrsI4GnvNMp35MQKBgEeu0G8DVjqfrFPQJ8INCa3/41iwkUVxb2b++HsM +RAzYY9gvmwxG8O/9Xg9GaL6eqr8+x9j6XEzUWQKv2jhFN/kPSVWCgPkAxLw0ILye +foXprz0EYPuoewn52DEBr4EGePjk3KG12M4QWX10V2+GYEqwBfN2jwvS4WwutFVY +Kz55AoGAN4s3W/FUZpO01xaQ91Req7oF9M5zR8th3pJgCkMz0g8UxbSAJXMNyfRD +96x+4nH1axnHyBDLejv8657gSBO1vdAgSoRvdh4TALQ+LoT8djy69jbReO9A06wK +rX/smkK+35iDtwcsKmqhXx7ENdwfyHUp3pl7sS9crrhX9t5dE0s= -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDlDCCAnygAwIBAgIBATANBgkqhkiG9w0BAQsFADB5MRswGQYDVQQDDBJEcml2 ZXJzIFRlc3RpbmcgQ0ExEDAOBgNVBAsMB0RyaXZlcnMxEDAOBgNVBAoMB01vbmdv REIxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxETAPBgNVBAgMCE5ldyBZb3JrMQsw -CQYDVQQGEwJVUzAeFw0yNjA2MDgyMDM1MTVaFw00NjA2MDQyMDM1MTVaMHAxEjAQ +CQYDVQQGEwJVUzAeFw0yNjA2MDgyMzAzMDlaFw00NjA2MDQyMzAzMDlaMHAxEjAQ BgNVBAMMCWxvY2FsaG9zdDEQMA4GA1UECwwHRHJpdmVyczEQMA4GA1UECgwHTW9u Z29EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UECAwITmV3IFlvcmsx -CzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq70X -vXDbDgL9/DZ3529o5qIpP8J8eyWRaLHHdGyUDoclKdZTxRrwv2yOei0bc4iAD2VT -za7pwuCFqzpnLPMGxcHbOhfj+hiqT+WrUcGPJ8miEc2n2bLvAnLk3mOCRZ3/DYzi -20ig7hHWLFDmOtRywyA4UXiQhhO7Udzm52JsWn7IH5WxVxffRnP3w+/GHVcGcgv0 -3Qwk/LSm3HvXS0n/Jbf3m+GxyvtY2d5an8po66xG/BVTRFVExJHhxjupxLhTxbD8 -soBNRAIpYurFYBmRrYHaGRPHZb8mHWXlYzFrqGU4VLx5UY4q+dCyXfoEEVxuIaDS -vBS52flni/oFxZnz9QIDAQABozAwLjAsBgNVHREEJTAjgglsb2NhbGhvc3SHBH8A -AAGHEAAAAAAAAAAAAAAAAAAAAAEwDQYJKoZIhvcNAQELBQADggEBABeBfD06AsLX -FRLq5Jdu5qSfrGgz6FU8APctqND9hxRZojPNuWuqSCwQDdPF9hwIrDb0Fxuemwmt -xzAgZQkQf6c6s6JbDnp1ld3qgFRasuR+Pn1C+ygFp4YArwkeBxr1MhQhilMlS8qJ -QEcAmjWWupDMmF4cKNqD9Orh/mFWj5F/qnp218ZKUpthG0/R2zYzUjNUOXHMxH4G -WsXzGKffuVOz7VLnwDiP8hFTXCNg1m9xwPG0fuLvcSWFpMufhMuCEFSfJQZEv6ot -dQG5LnM/+OyHd336QPtSKK1NSzO9It7qEJNQ1Y6Z5+v6jNG0RuyRkMkV6hEFuW7V -bIiGJLg33Bg= +CzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwi2f +/878YomXyzlk00Mly9jvySMiQCVM8Egss2/RlgIpckzbVpRyyRo72mO/7+w8JkNq +qIjDOtxXaZGdtZmAJyyZ6GAiKWBRDhRHvUXtWYHscB52GO7E3WWk+hWPu/LwKNFg +z44yJtXlWvuj2XG2Px3K/dtdSwTvKDIwCGLlJy1TNWTr7/axSQWMJ5rH2OvUqXHy +34FUjZfd1Lg2yNo8oJSv5sCzDi2cMiCVioJU7Qtmbagel15tz6fTO7R77QlNzBPd +m8A7hUlixYh76CrBYZ8YBNDhcNkrxQ2ePTq8T9vUPFJcI5DcfeNNIya+YyAgP0og +K2/hvJk3BuqFJIzmcQIDAQABozAwLjAsBgNVHREEJTAjgglsb2NhbGhvc3SHBH8A +AAGHEAAAAAAAAAAAAAAAAAAAAAEwDQYJKoZIhvcNAQELBQADggEBABlOiXrfHEmu +keU8mPicvx3q97eeSyPZ1UroWDLUwIPPnOVfuwImtm7nOrngxs1K8uMy1+Kh8eZl +wUNROxcl5nBufrON6tbpPEiXuCqcQ9NcSkB3LykzhhsjVTUXCJRBY8Mg7LAsRe5s +X3EF6QJqzuPMxlzv+5iimwPzlhe+9XV6qlW1zN9RllTzRMkTNuoFJO3GEZJ6xdJ3 +PAxs4kY3qQQthWsVtY4+vVL8WPbvlW2Llfs3+xMqgCSh1b10bLhuY4Nidq/lmtgh +bqV2yc1YcxSycaCcMynIB3k3/+/gRr5G6ufVVWSjDQNfuaaRU6zuY9hX/bwmmpFk +ynM5so5WILY= -----END CERTIFICATE----- diff --git a/test/certificates/trusted-ca.pem b/test/certificates/trusted-ca.pem index 5f2831d78c..1d8451e044 100644 --- a/test/certificates/trusted-ca.pem +++ b/test/certificates/trusted-ca.pem @@ -2,21 +2,21 @@ MIIDlzCCAn+gAwIBAgICAMgwDQYJKoZIhvcNAQELBQAwfDEfMB0GA1UEAwwWVHJ1 c3RlZCBLZXJuZWwgVGVzdCBDQTEPMA0GA1UECwwGS2VybmVsMRAwDgYDVQQKDAdN b25nb0RCMRYwFAYDVQQHDA1OZXcgWW9yayBDaXR5MREwDwYDVQQIDAhOZXcgWW9y -azELMAkGA1UEBhMCVVMwHhcNMjYwNjA4MjAzNTE1WhcNNDYwNjA0MjAzNTE1WjB8 +azELMAkGA1UEBhMCVVMwHhcNMjYwNjA4MjMwMzA5WhcNNDYwNjA0MjMwMzA5WjB8 MR8wHQYDVQQDDBZUcnVzdGVkIEtlcm5lbCBUZXN0IENBMQ8wDQYDVQQLDAZLZXJu ZWwxEDAOBgNVBAoMB01vbmdvREIxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxETAP BgNVBAgMCE5ldyBZb3JrMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQAD -ggEPADCCAQoCggEBAK1KP1TwK5PjRXe9/WSRe6Pu+mkkRsWSyzsBSn7URrIKhQIz -K2Qdeynh1o0iVgdUH5PQOKa/0CReqT0AucB38TRYoqzOIcqWq4JapuZTiEVzJ9kA -2GRbFk2hPYaPrtWLdApoNjGypEZsl7xJXGWoltGcKdMDqMj93+SMXXazPfIeM9v7 -UChMOKGM1jIQAjSRMElcGb96UAsGpeZAKPc+3S3loQthy+0Pb02yMF4F7MXHQbHy -1ArDP6eeGW0SK/DPdEZcSpU5NPdoiUPILUKfuJhKraRm3M+iMwKAmXyo8P/WbF0j -waaEBdiHu0cbFrHmY4ibkkNgU6VC87zFSug4ZhkCAwEAAaMjMCEwDwYDVR0TAQH/ -BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAFj/uyx2 -rSqwUu+LrxmQ42VIqv4wEZX8HTePG0jJoxU+Qh8evqliV2eLntt414te8mODi8DK -gdR9V38setXS/TzcyI3geNj45YXmLm3/yOg7kmrcUODZHnMRMPKqAbLlPqJNg8RF -JYWPl6fWujzf5DRsTcsfrPZt/40mTvB5xaTIIXYrVITLyXjDbmAOFd0iqKwpB7hj -zXl3wY5N7TRw6nfmwk4ikuOMrvmqoD2xV08fitu7b/KRLC30ThXpUuaJEFcbH7Pn -Pi3dtKZ4GZbpBViXKjMW71yDPv5qF4ACSzD4XZ5dPtPUVc/TKyGWIiTQzEg7/P6U -JnIaG6m1fD/Clm0= +ggEPADCCAQoCggEBAM5IePvVAoUXoBFcviuhhyW/MdRxFreYwiduzJUVn9crz6ib +dBMrdykrGS03P0e2fzYQukx+0hCWD4asnooDn8c4kpZ+oNnE08C3BeRQIKuHQdhe +r/l4+/eTj6YCWyL9ZxvqDYfwcPKAk3wTqGYHID1Zk41t3a8y/tWWwuaf9V+FfSNY +ouZpwlg1dpU1CYxX3Uq9OHb/nzpnlHisXRMp/VygxrjHReKq6AxnbfXJ85CgE7EW +Qn2cyXierJ0nEbLB88RosNOh3kCxK+Gp0pMRE3Ew7BLNWzhgOIH3uGwkY8wVdEz0 +kDUczP0M5wDDhRyZRMZn9rLEon7GTVA30x3lv08CAwEAAaMjMCEwDwYDVR0TAQH/ +BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAKNwx8yW +UHf61qI/G0u3ETU0+Ns1MnD+8r8XGO/4RdMxoa93OppQxlEp8EO0Pks4IFieeQoy +GaMSkiH9WOgUaQat/kq6IMVQwAACw25XK9EnNlp5P8LYdqZTxQ1SdIJugeWwz8H9 +b8N01Ibro9p3hIm2RM0gdHjl9fNLtdWPohbeF9N2YNH5DlxHJHkwJpuks4fszzXQ +/slYsoQMppZv8O98wOgXMR5hIwa6Q2Uc41HUz7oB1QbCeQr1UBFLQLVKYQJNh/DC +CuKVm5dD9VgpuNpxpQTgS05AraW+9jr6ep2MufAfP6oJmKLxfTajOOXEbcoKb2jT +079+8YSDI1vMe9o= -----END CERTIFICATE----- diff --git a/test/certificates/wrong-host.pem b/test/certificates/wrong-host.pem index 123ecc45f6..4090220780 100644 --- a/test/certificates/wrong-host.pem +++ b/test/certificates/wrong-host.pem @@ -1,49 +1,49 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAxJ6Gne7SD1Gm43MM1d/PNAboYdRhEK/V1VmmNYxN3QKDKHvP -Jyf4QEiBoKRCHlKKnGPlm65qMvL/XNkxAOlmZ11ZISZQHCVSkIdW+IowTGXt66KV -jNwvrWdXlW4uWrcM7jVZUdDrZZMs1F9jHJl8p6OTzcD/T/zGmAHj8jIakNr9mNL9 -Irvz+u3ujMM83Q4tVz7Oiw9/3O2KLxWkEIFUf3PuZiNOtYcREqHH8T55miJbzpG+ -lttmFAki0zvuqc4xFWdSD69oZmowSi5+8l40RLYuJ1s9SPQGvwlZs6mttETdUuUC -pirmePmRt9gBacZvVIL2VqlNwIv/3diYPNw5LwIDAQABAoIBAAc0r3FP+dcsN7tj -5tywaEsbVQk/e9PdOy8nqx2Q8p+UF9N0KiTguZ/oKFwHTmcHFmO3ON3U7WPISmSQ -OdQIjxi1r+5flZWv0SVRLcuhC4vD5o15YWq5Um6pTWlBZvsrHz2xqyrXnHDrYma2 -x46aRMUYtnIsIw8+5SutUg8jwpvRYlbhHWI7gaqTP8ecwTZz0xsnfGL61+GHanx1 -rZ3zkwGwkuRrFEanoYV0AurC1mrNV4+OUEIwrizr65AIQhZpPxOC+2M5upx/0/wK -l/nKz8XhmOgEEty52BtV5wehw+eflWj9U+wmDbF1mv6JUEAZP5i10Bri/OgIajJJ -ySMRDJkCgYEA5ObuohkDleMSjmbwdBlZ0cBl6sSS1u4Lgjgp6jCEWiixLe5mUMrV -BPw5spjkoLSa4+hSdyfbjeDUABJ0ucfeSs/CSQSfy1U2AJAF5fBoQD0ofp2Lf1CC -me/XxTs45oA54AcQhraq3jThtJlEDAz6/v1aM5Zdy21R0g+/fU0W3vcCgYEA2+U8 -RzYtjRIgy7mL/qghZ/AIES8utSaYaiSOq0JK7oPtMxVPUA0h6E0rjon+GAiRblFO -xXzu28cMgrz1zp0eViQrsuHoGwbRePKIqimLV+Ebl1BLCeX2zHxpVqEtjfF/20mn -ukpZTi894lO2o573a4NUqHTkzPxhHIRBEJ0TkYkCgYEAj2zDiX3y6S/mqKOHdreL -uAm90mRpPZLaUzWtzbeotnVYz1bZdTYiU4VXAbkbSDbh9nvTcCXhQ/zj2Ue3K9E4 -T9ft/KKRHW6+74tOps0EBXxMq0k75wIjUyEdKc/5zzP5D45dpItAdQrdgbOnF4Xq -n2tP4ZMOIjDVW7HSYkizU/ECgYEArnAiKkejSPaph5NQqBqOLZqve5pXTiMo44LO -nrL/KEkFoPF1soZIcLTPKcr0A/LAE6hyeZ3LChPUK95kjJv9Vc5p0AT/kHkPMQgN -PBeqz3Lm5VkvvdFsv/itw6gmsCR1DetXICQcxjYZvHI2P4Q6uFI9lUjtvGM1Ul7k -Ep7YyCkCgYBJ2jT8y9fYgl3amIuTImrJyuDe6l9+NJUR6Oyxh9UUZqaGwLP+gCzy -26fK2E1n8vzF6v9wTA0nqy8Pt+qlrmB/Ro2WegDEmPwIKlJDjEEqWhORYtMLBFO8 -2W8VQsxf3kZ1A0bkxkqMUpUrz13Ed6eyZBDRuQLrWMwNmMKjYt9gQw== +MIIEogIBAAKCAQEA0onHw7bFSD8VTBXZCZ7TT5pJe6DA9918f0fplp/BqsspAJwI +bu2YSXjO0plOUvDlw2iT+M9Tp8+hEKkNyt9xvuXHmp8dpDo8igE6UaBEzdBsHwPq +Qwu0QEkfc6sybyz+uhX3lcsL9IbuZdkjsIY9gSKdb4R8BMirvKi9FoDz5WW3hT+0 +L0iBPYSw+0gTPPDaFLNB7JNwyDEcrRgwf6+JJs5zY7enaRnRS6XycgL8eeuoX5EK +5u4DUklCUkw3hqwP4szuM1WMaxx2mxpkyB8/2FGOITjYHBaYGdysWVJK80p7CPce +54pkD58AI7M1IjtLn54a+aOTmpyY3IT6bbo/WwIDAQABAoIBACe9hx4LuVhmQ+xd +MV8OAkAD1PwHf3Up8w6Jce+TDzjgaUhqq3LY2UaBDbUV6AFi5FPKwSeVZuqFmBbv +eiGBpNRORiuK/kraDURVb/8pW+NnhIkkMYtfQbJiuxOXzIjMuvZAIEA/l+2brJM/ +9esjo6dk88exf8FdaYFOboa5Z5A0l3RJRC5vA3dALZ3Vu/gOo4fiYmcl+DHfMiNk +DQadVSUaYpBjEOtqE7qGGNaCHzDsN8h1qJWhWsQIY+qB4EaTPvw9KtnyG550I29h +KPoDAu3+2WS92+RqXSsxGUKQuMpxKu6U6JWREWHASYzRDh7FdvQ0Go0d+INkWgg8 +XqtVVcUCgYEA/v+5p+dE03DHzF9A8sGLEVz84E/DDgYdrOnNazW0HQkzE7zVRnkT +d7g1ieWQ/rsyH6qnwVm5FQfhf2loG0TCW+OWkhH0wXZ1b6dxc4606ohvVjz0QdzI +8WDY0cxV+YiZqFRpuz+4JBsraSbSZ9wIXomBeAXE6A4BQXB2doTb3pcCgYEA011f +NzKE6t+w4fXYN3z31+Az6FUXAjYxxjuLFIjlYJ8KFc8EtE4sjH4OF5muH/5KGc0/ +xK1goRJkiLrEfmweYSMKoXmWuzysiL8lXCYOVmig3iNhbp9HU885lnPSVQOiLI4g +SPXWBGu9qL3PTllHBAXLCyo+bkQA2VxCMO5ngd0CgYByplO49DhzwK90ahdvjimS +wvZHfFU8xu8swWpEm77Bl1NJuotBxkpEd6RKvda1UUE2D6qhOlAG7qYqfR/7sqyY +V/lo733WRgaDDwvpYu5gzLsSURGZU0VdkaeqnG7DZPGBR4LKV9nZEgYwnu3XGI0C +xFxbtGxV0YYq//+jRhT9PQKBgCajDuC8L2fv9BmaIyghg/zGUzbJNyeEWJzwDYB3 +ddavu9w4t5duIt6bvF+8DAR1K36D8oA1YVCQWChWW8zwXq1LBop1+4PGl5N3vZCW +tFA/WAjDVvAt1ZAQdWp3SZ+YxnB2mpg7uB+ewlCyQc8EquKlXHRyCG+HptAU+VSQ +gANRAoGAeUL8bUGnlVbqCPt48SqSFO9fISl08DJ7rQnmJAo68nZHuP9T+LLHoUMB +XvXDbGNm00vF4wlnGpB9RGGinjD+rpj3M5z/7CccjDGy5tPmBCHA13/9VrKScDNR +SzTb0yaYiKF0PmHFH0ZOhgPKcRretwjig39kMjUC6+XyWzf6+Fc= -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDtTCCAp2gAwIBAgIBAzANBgkqhkiG9w0BAQsFADB5MRswGQYDVQQDDBJEcml2 ZXJzIFRlc3RpbmcgQ0ExEDAOBgNVBAsMB0RyaXZlcnMxEDAOBgNVBAoMB01vbmdv REIxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxETAPBgNVBAgMCE5ldyBZb3JrMQsw -CQYDVQQGEwJVUzAeFw0yNjA2MDgyMDM1MTVaFw00NjA2MDQyMDM1MTVaMHwxHjAc +CQYDVQQGEwJVUzAeFw0yNjA2MDgyMzAzMDlaFw00NjA2MDQyMzAzMDlaMHwxHjAc BgNVBAMMFXdyb25naG9zdC5leGFtcGxlLmNvbTEQMA4GA1UECwwHRHJpdmVyczEQ MA4GA1UECgwHTW9uZ29EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UE CAwITmV3IFlvcmsxCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEAxJ6Gne7SD1Gm43MM1d/PNAboYdRhEK/V1VmmNYxN3QKDKHvPJyf4 -QEiBoKRCHlKKnGPlm65qMvL/XNkxAOlmZ11ZISZQHCVSkIdW+IowTGXt66KVjNwv -rWdXlW4uWrcM7jVZUdDrZZMs1F9jHJl8p6OTzcD/T/zGmAHj8jIakNr9mNL9Irvz -+u3ujMM83Q4tVz7Oiw9/3O2KLxWkEIFUf3PuZiNOtYcREqHH8T55miJbzpG+lttm -FAki0zvuqc4xFWdSD69oZmowSi5+8l40RLYuJ1s9SPQGvwlZs6mttETdUuUCpirm -ePmRt9gBacZvVIL2VqlNwIv/3diYPNw5LwIDAQABo0UwQzAgBgNVHREEGTAXghV3 -cm9uZ2hvc3QuZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUGNqWLL14sQKUElEgNjmw -YzBeeSMwDQYJKoZIhvcNAQELBQADggEBAMP4mo2VD2IzBy1Q441ckQwBrVbHIqwH -DgUzNSI43Mb2/S/HOjXaEbW2LgZanZu1upFPhEdcU/oCQyjFv/hvU7LLPpLf/rKy -yIB70/+62w4HFmue/rUrNEzi6dX9E6FG97wa4u8hgsRxi/W+QwWsByOOL+dlVZYR -fJPpJf32LagB/qSS7/NfR14Bd/7mgl1177DcpZWL7E0h5OIBJSslF2FwofP+GJZ5 -ImaKWPwV5TJcgXh+aSKe11lQJEVm1bcKghsgCAWrqtXOXjV0YvTI8o6bEloCMjcJ -e904OEa/EUkmOLwzikdWGzosHYijIY0M+FQtzBVcrZPAcSV5STpPOyA= +MIIBCgKCAQEA0onHw7bFSD8VTBXZCZ7TT5pJe6DA9918f0fplp/BqsspAJwIbu2Y +SXjO0plOUvDlw2iT+M9Tp8+hEKkNyt9xvuXHmp8dpDo8igE6UaBEzdBsHwPqQwu0 +QEkfc6sybyz+uhX3lcsL9IbuZdkjsIY9gSKdb4R8BMirvKi9FoDz5WW3hT+0L0iB +PYSw+0gTPPDaFLNB7JNwyDEcrRgwf6+JJs5zY7enaRnRS6XycgL8eeuoX5EK5u4D +UklCUkw3hqwP4szuM1WMaxx2mxpkyB8/2FGOITjYHBaYGdysWVJK80p7CPce54pk +D58AI7M1IjtLn54a+aOTmpyY3IT6bbo/WwIDAQABo0UwQzAgBgNVHREEGTAXghV3 +cm9uZ2hvc3QuZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUklEU6qFiRqDnOtWJ4nkN +OnNtMmgwDQYJKoZIhvcNAQELBQADggEBAHunBCtQYoXnwkAVahw3Vcnfbbndm8lh +GGRAcSMLtZbD+57c+aOnLdaBTzFly6+872FAWZAzT3i1Avrras9NWG70mHM1gbte +Tu071eFxM/u+tciKignK542Z0gwkMDMaUf3bIBx471/h+6ZIYIYz9/xeuA4ksosa +ejIRsTw9Ltj0JcwTRJbdxmHAOElrZ46hldKlR39voEUcVcM6yqxl5TdKuiPMfatV +nfv6jtstTcPOrHpvYwt22n59aWPfSJAE0e1tJaa8iKIRZDi9Ane7PTNXBnDjFhwn +Xx3l4tGIbJSfX/mUszIn84lBJSiTl8c0vRtnHZHiM0ZnqLrXf13VxTQ= -----END CERTIFICATE----- From 13e655a669a2a47b3d8cfecd93726e0a765c8817 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Tue, 9 Jun 2026 21:04:26 -0500 Subject: [PATCH 19/28] PYTHON-5040 Add keyUsage to CA cert, regenerate certs Python 3.14 / OpenSSL 3.x strict mode (ssl.create_default_context) requires CA certificates to have a critical keyUsage extension with keyCertSign set. Without it, chain verification fails with "CA cert does not include key usage extension". Add critical keyUsage (keyCertSign + crlSign) to the Drivers Testing CA, matching the profile already used by the Trusted Kernel Test CA. No SKI/AKI/SAN added -- those would trigger macOS SecTrust OCSP checks for the CA, which would fail because the CA has no OCSP URL. Regenerate all test certificates. --- test/certificates/ca.pem | 29 ++++----- test/certificates/client.pem | 78 +++++++++++------------ test/certificates/crl.pem | 14 ++--- test/certificates/expired.pem | 78 +++++++++++------------ test/certificates/gen-certs.py | 36 ++++++++--- test/certificates/password_protected.pem | 80 ++++++++++++------------ test/certificates/server-kms.pem | 80 ++++++++++++------------ test/certificates/server.pem | 80 ++++++++++++------------ test/certificates/trusted-ca.pem | 28 ++++----- test/certificates/wrong-host.pem | 78 +++++++++++------------ 10 files changed, 301 insertions(+), 280 deletions(-) diff --git a/test/certificates/ca.pem b/test/certificates/ca.pem index 452e76db6a..2305e7b08e 100644 --- a/test/certificates/ca.pem +++ b/test/certificates/ca.pem @@ -1,21 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIDgjCCAmqgAwIBAgIDB1MGMA0GCSqGSIb3DQEBCwUAMHkxGzAZBgNVBAMMEkRy +MIIDkjCCAnqgAwIBAgIDB1MGMA0GCSqGSIb3DQEBCwUAMHkxGzAZBgNVBAMMEkRy aXZlcnMgVGVzdGluZyBDQTEQMA4GA1UECwwHRHJpdmVyczEQMA4GA1UECgwHTW9u Z29EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UECAwITmV3IFlvcmsx -CzAJBgNVBAYTAlVTMB4XDTI2MDYwODIzMDMwOVoXDTQ2MDYwNDIzMDMwOVoweTEb +CzAJBgNVBAYTAlVTMB4XDTI2MDYwOTAyMDI0NFoXDTQ2MDYwNTAyMDI0NFoweTEb MBkGA1UEAwwSRHJpdmVycyBUZXN0aW5nIENBMRAwDgYDVQQLDAdEcml2ZXJzMRAw DgYDVQQKDAdNb25nb0RCMRYwFAYDVQQHDA1OZXcgWW9yayBDaXR5MREwDwYDVQQI DAhOZXcgWW9yazELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw -ggEKAoIBAQC7IaiW/jJP1/+7BRElB8J/Rm9ZFQ/FX5rRd5b33qbLGW95yX131Nv7 -kCMuAxcB/IDl50VvZjonAmM9E+QYd+sRxnQOcfPb4kpB0QOPRQUUqU0NPP9qjFI5 -G7+mebzZNOG7YwLPDqJCQVKOPZ6QoYzX/nheS3j9w8yFEVSgryMrVA7wVHH892rA -LtSFBnfALvVzagxoHeOds+tJof9AsRyyunU7fOJSEmppg6MTlelHLc+tTa1vuYjs -sHmWjeswCVSY2H5+rXzRXx+yOmpZqOfErbvi6yFWdbOBd42CLqRKinlSo6eZ9BiJ -YyY504Dr3ZS+TXz319rRQej1W4S3sEzJAgMBAAGjEzARMA8GA1UdEwEB/wQFMAMB -Af8wDQYJKoZIhvcNAQELBQADggEBAJuMBjQ0V9K7ghanm+DLKoKa4WYmLRFuoYBg -lt3zuf1tBL5f+MCUZrpEgQSS/FOVemnOy/bZVdJWQl11mB4A/p6PZPf/ExNOae8V -AKT0S/AUV489dM1JkpepKw2e7Fd9CfjTcGfDZmMbBGCrLVXgzBY+xDp5BlJQ8TRf -ClcUU6x94xKFRNvVRwI5JZypaxA6Y28R0fa9Ym7Sb+dAJ+xip9Bai0b3b3hjE90D -8l44bBpO3WBx072Xn6Ey1AyJ8TCNQ9fRKmA4QHk7f7kj/YFlAu6+Ny4QXGkykhEQ -lbixxC7fH0u5MwnxKUKOwaooBbyT4Xcgh0bM+lyuqkCVeT4p93c= +ggEKAoIBAQDFmYBpfUIwOhyRQr6Kn1fXqIxfnRs8DpNC0R9u5E+pJkmcWCsXwgdI +pqiNPMl4jFf2YBOcbu1NYFrkZ830jQR9IVyvtCFtzphogGXxcjhJ7TBlgeH/g4QS +kOx1eLxQ934jGzfaomznnG6KMOQbeLwKVqMNtkQwteCl51vACCk3jYl9g9YNQ942 +6P5jB87VgroXUT21DECVkUGkwebhqmFfc++rRvZxaYiDiUWusOaeV3usfFemH0ju +G6W2JtTUc4ckxaBXWR5uY9GbEo3g03dP3o8If4BtFwowOpLT93hUwEMdWDRlqVMn +ZbmmZYMjmxjuTnL5onCDXkwp8upVMsYXAgMBAAGjIzAhMA8GA1UdEwEB/wQFMAMB +Af8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQByYkmYSVkvnGDA +rfOZCJWiak/Vm2AoYVrGxpejsYbWhsUyaWGd0bWdxnIvU53Rptakuq9gBAoN55ak +d+e9AVPm9h9es05k3PKwbapPRt8aRWX+x0kmSLOcInjcDSu+9RNq3IrFrBKfs20K +/ybpcRDIUFBQ1Xk91k0c+l+4+lRj3+wwY5IE4tu9yznOTHT+YyC8Vmg5NrCmyD5T +9i0V40Gre4Ew53DcqyouY1bUodcBuYYTuoHEXT0uYHT5yLMzsgKIsEL39xfQ3akG +LTb7UlfhQHvlaBP2qzs3TfXWiftTBN8W2goN2EIBJpvI6hPUI8ssJJVwhND0Qu7O +oN1QJkDk -----END CERTIFICATE----- diff --git a/test/certificates/client.pem b/test/certificates/client.pem index 14c1db8736..fe12499a9e 100644 --- a/test/certificates/client.pem +++ b/test/certificates/client.pem @@ -1,48 +1,48 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEApWhDuV3ooyJZMaCSmxp0GM6DrDUqfe7ycp/Pf+EIXnqGvHM6 -OdylU71eJicxVf+TJb7KbfsCw5MXsibOZReA0qtZzOHhKj51wl3IMc7nMOlQgLtg -wRgFv0TpNHlVTAo6/98QTvbLiZimW4EdEHcvnNlnHIKR3DUWcUdlDVf6rdETUOUo -S/AII6vW0BTtTyN9rWjU7tf8Wc8k7GROuBU86b6fXTHZ8LBHErRGA0+MVMBK5FBH -OLeihHmccMCMSohLC3UrJuy7ib9uO52QjLCnhs+1zR5y5ntFZAYrJVufjimUtfBT -eMCx1W+9pZQ0/bY54n2weWpwS+jayl05QFuOWwIDAQABAoIBAEN1nR1WNAGIijkH -xJMWfF/7pc8Pledrkxz1mZKNjDTAIwBrvEUJ/LGE64eC94eb5v7/a57kPzHVZVYm -pomrRsJk2QiK3SK1+6AMUJAj0r1rgoYmJaVK71kdOUFJ9ORAzeQ6LPQPil5xT/PE -2j4zZctCDWAezm8xhZgopomFJrtJgI1Z/H4zOAJQAWZn6pY6+t17ir4rSu6Q3/hk -qQ/LNyMlVd0tDSPxqh6mbCtGUnkAJec9Jp9Ok865kXGwcnqXDGuTLiz7MWLxxpCr -ImPSfDAb5SSRg68GOpmKN9jxP39adLYIeMm8FI271StLUxyhFrltEYJn74cwgokW -JtbQHSkCgYEAzvwDuWreEriEIYvci9WYbLjfSWhrrjBBguOjocCiN8VZysYe2T+O -srpgiqqujhxXNvvsiT8ECzxsyY2a2cbKMfMemkDUsMKp7HHJvbKTTYVJU2MezVa/ -VT2YbztyV4SMTlAf0XU7YXKK+7xkGqgQMbhAu586Dcgur6oO0FwU1eMCgYEAzJO5 -k54oXSj92KcJO/FbIONjnp3MHaSAG9eLpNNvJEkicR6v3pmNcaa4jKScDabhKj/B -+XpTFrwpsIstIMnFNGP9/jQsX0pxHlQOl6gpsn/CamXCSfpuezZYCWCaZjdZSBkO -amcLe1NIalIeEZwRPgfFBiK7UiZTAQCMoLYfDykCgYBFgrrZdPs5PEAbZ/Xb/BJh -SMCrzWaEK+6EP2B/fMq9gghCocBQYxjQCulLCEDwtrHPZFEuUjxQba13DpgXVLwo -hCYd1XHYHrekER6YFzWCziUu3NXGTcCZpsLfcA5ZN8lKr3vQAte7RRVJrx3LGe++ -UstidvmvETAkjC7HaHUS0wKBgQDEV6eNYQbWWog/ThlTuZI/n122FzaW4JG/pwC0 -YeTSi4qNzOj4GKGjCWMoQLgxdg+2z9hoixmBwXe1o+3dASnO3YUhW4uWrUih1gTn -UxMp6Op72Uw+Wid9A6w828V0Av0icEHgpyNi6oye1k9bkVEPGr/i4qSr9HJHjPJr -MD/g+QKBgQC+MZgCROT+HwQGMIqAZVPpX2u6yJlPbZH5xYhmDWn6axdK/pdAagE4 -8sAPGSw+2QIEb2bDm7qdiJQeon20BP2yrg+/yxurHSWTIVchBrLHAp5/opJXuD9+ -TBZYLVDj9tylk9Lkm2mr/GB6l9Ho9LssDsyRLYe4BsQck5idAhnj1Q== +MIIEowIBAAKCAQEAjkz/rmm1UwgyOR7TZq4Q+3/7zvMXVFnvv2WKxL5zIJ+ayL5s +VY3goKUX6pEPU2Oj3OJO8BLySP8WTasDLlb+Ea7AB5Nqr66q2JoXfgy4zeGuij7y +XB0gRyWhS42eY5xPvH3i+Qe1OvOzpNJEHqrhzNd6ueygEo9a4+tB7hmqwEKBLgPv ++id5XdlYWgKPND5o1Z6dLAHigcVk9udTNK3hFVJOBWvPNTHtmHfZSGKDrCGj8sHV +rJ7C/B7mAcpXvtydvgNUYQZNt/4LTSNdluzezMHXqYF3Qb5JptPm/NCjdfTW9C56 +OwkE+e5hBRz5tILlS2jw/mwNiaIaCjFuIp8/8QIDAQABAoIBABYGlQzKD+bqPdvZ +iZ87EiXbiX5e4h2MTi+x5+jMEcXa7npj/yC+9SXoZ+tGyLh/k718yfse86GY2jrr +XXKuxGS4R8DkcH8A6jDcqQY5seEsLXf4hkr7tyNMD8tCAGIqr6zdT2R8bPDTB9tb +MHAOwySRtc1RcvVsewUMRQg1sNhRN8kqA+vavan/MmcXMYmaaY7eKJIGDNnZs3tb +VI6sdpbOZT3SNZXvCRBmwdNz/p5Y4tzmY+JuBHvrxJLbg6iD2DRtk/g8ocx389nD +RVfjwxCb1dQtyPGnhLSIorSrBaMtIJjiswfBVOrJpvbyduIgnXR2FRpqlxtQK1h5 +I0gEpgECgYEAx2DMd3yoCLhRJVcdc+0+pd2+eCuX1oKZF8zl3YAMPSapLrQbWSN5 +r2b1Ty/CT8Ic0kBUDy5VrTr2wiegE5Y8WORX6pRJrEbc2Po6cdrKPr0Br3+/zxq5 +dqsFaMas1bUFThCOchq7/cxqyeG1XWaA1xPL0Gw8YUFeX/Cj7NJBWmUCgYEAtraP +KmlXoPs2ubeMdbSG8zA19o/K+9kNRvrK828nkHfSaH+PxQFzn+x3lL2gjeYyAzdx +yx27lehRUE2lQaJhQp9g56JS/UZ8cazGN8TJ63WIRaObxgv0G8O/XsjFdi179POx +f2ICAgbJZqs+E044+xx4i4/FcF+AIHF3ABLKkJ0CgYEAnEqHPctcNam3ApxtnCiI +CaHv42fY2PD7barTLnVoIq+hw9iv74pdo2AEQJThr4As86w1uMjLpMYqFTzWwUPt +/ojRWjPwJLpP+U7+ba3jCJdFMPvlskXyyNF7pgzIA6aph+52m3/VijiqJaNndtYZ +fYApLzMJifuiLXcIKWcQj/kCgYAFtEFX8532uqEEv0Q1UIN+CB1HK0oM/sO5WY8I +donnqrX46TKV1evELF+3VwwyIeOh0hNNYgo/LdeMCECGgglDSTJ/SMQKgC7WZaxy +hURAg5TTh74POsROMZhB30a638Sk6w65iVfCtG+JMwNnGuQQgt0Ijl59mZ2oZaJv +cCa+yQKBgDMOg++TbgkTITovE2ppwFBjHeFdtuvB8QEYW9NfAKnOLz99VfjCO3mq +T1B+eSiyeLl/uGVqMjjXoJR53Bjhsm4V7o1yDRVMyn8WKzv0NTSeel2mUbx+pGqT +3XMcdy6q3MymnhSAztMp5Oe3TFOIvSFYit2qmqP/pnebQLij3wVi -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDgTCCAmmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADB5MRswGQYDVQQDDBJEcml2 ZXJzIFRlc3RpbmcgQ0ExEDAOBgNVBAsMB0RyaXZlcnMxEDAOBgNVBAoMB01vbmdv REIxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxETAPBgNVBAgMCE5ldyBZb3JrMQsw -CQYDVQQGEwJVUzAeFw0yNjA2MDgyMzAzMDlaFw00NjA2MDQyMzAzMDlaMGkxDzAN +CQYDVQQGEwJVUzAeFw0yNjA2MDkwMjAyNDRaFw00NjA2MDUwMjAyNDRaMGkxDzAN BgNVBAMMBmNsaWVudDEQMA4GA1UECwwHRHJpdmVyczEMMAoGA1UECgwDTURCMRYw FAYDVQQHDA1OZXcgWW9yayBDaXR5MREwDwYDVQQIDAhOZXcgWW9yazELMAkGA1UE -BhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClaEO5XeijIlkx -oJKbGnQYzoOsNSp97vJyn89/4Qheeoa8czo53KVTvV4mJzFV/5Mlvspt+wLDkxey -Js5lF4DSq1nM4eEqPnXCXcgxzucw6VCAu2DBGAW/ROk0eVVMCjr/3xBO9suJmKZb -gR0Qdy+c2WccgpHcNRZxR2UNV/qt0RNQ5ShL8Agjq9bQFO1PI32taNTu1/xZzyTs -ZE64FTzpvp9dMdnwsEcStEYDT4xUwErkUEc4t6KEeZxwwIxKiEsLdSsm7LuJv247 -nZCMsKeGz7XNHnLme0VkBislW5+OKZS18FN4wLHVb72llDT9tjnifbB5anBL6NrK -XTlAW45bAgMBAAGjJDAiMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcD -AjANBgkqhkiG9w0BAQsFAAOCAQEAl8eJAHr1qVNsFXwzyRlcOqa5luOfNniWuAV/ -/+ypN+qwD9QjJLLooawoIon3Wf0gnLbdU8oQZCpFEXUki9gKCvjdT9W1sgkJKKi4 -/kob+/RHa/GNPJp+4yyZF16uF1blhVMqhYPAx3TrKaEiFzHKTduh9DOxsBCHkteb -9BzR8EzVrYzbi1cJL9qBpXMy8ZELb1LG9y8t6gx3955v3pP0LdxYfe9frN7MESC1 -+9ZPXOz3YcJBDSubibpvU7a44XDpfISdX7QauNsO8JVDUqLNWx5SgZavDYs2Czff -H3I10vSZrvhZC+nNc+FWdINJzzqBaH758yDOLvlM4/yQXbyywA== +BhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCOTP+uabVTCDI5 +HtNmrhD7f/vO8xdUWe+/ZYrEvnMgn5rIvmxVjeCgpRfqkQ9TY6Pc4k7wEvJI/xZN +qwMuVv4RrsAHk2qvrqrYmhd+DLjN4a6KPvJcHSBHJaFLjZ5jnE+8feL5B7U687Ok +0kQequHM13q57KASj1rj60HuGarAQoEuA+/6J3ld2VhaAo80PmjVnp0sAeKBxWT2 +51M0reEVUk4Fa881Me2Yd9lIYoOsIaPywdWsnsL8HuYByle+3J2+A1RhBk23/gtN +I12W7N7MwdepgXdBvkmm0+b80KN19Nb0Lno7CQT57mEFHPm0guVLaPD+bA2JohoK +MW4inz/xAgMBAAGjJDAiMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcD +AjANBgkqhkiG9w0BAQsFAAOCAQEAbq/Qi+EP+gMZ5T5SBQOzHg4Qju5ermGyXSGY +A622mzbWAeC06TyP/iC5YNrdwwiWXccoNQ3YNUBzHrkCij8AGj3C+qHCwpC9z+C8 +X4yeKsV6SL4iPM6hM/g4pRjgN75a3xFmIX31C0p6AJilJX4+6xypLFEUIII5Viw9 +ZsXpUeVyXq6FXmeEN3nFt3c7gbqNzYHc6E4jRpC/atrOdkB5xZ3DtQmTtRSkPGjJ +IF5ymoetcd2xkthL4hAndAaXAWfrfT6mTXV6o4lps+TkK7uW32O5e9c/mBU59W1U +OqGIAmmiUYM/YLUrR/xDk15Ve1B4NJ5D+DYu2SRBA+0Ff3picw== -----END CERTIFICATE----- diff --git a/test/certificates/crl.pem b/test/certificates/crl.pem index 89895ff340..0e105e7e7c 100644 --- a/test/certificates/crl.pem +++ b/test/certificates/crl.pem @@ -2,11 +2,11 @@ MIIB2DCBwQIBATANBgkqhkiG9w0BAQsFADB5MRswGQYDVQQDDBJEcml2ZXJzIFRl c3RpbmcgQ0ExEDAOBgNVBAsMB0RyaXZlcnMxEDAOBgNVBAoMB01vbmdvREIxFjAU BgNVBAcMDU5ldyBZb3JrIENpdHkxETAPBgNVBAgMCE5ldyBZb3JrMQswCQYDVQQG -EwJVUxcNMjYwNjA5MjMwMzA5WhcNNDYwNjA0MjMwMzA5WjAUMBICAQEXDTI2MDYw -OTIzMDMwOVowDQYJKoZIhvcNAQELBQADggEBAGcqL7m9i4YNsx4+Dj4QVJrp3KNi -lAgL06eytsKO69U7Z1pcr9n9Zyfk511sHQOjk6JJGh2+JxIe3UkZmpVL2MJ6s4kt -YpOLOlGBkPS38+8hFKL2UOwc6ue1oAVxR9qvGoysiaJEZKsVd2PT7mHms52iNdDb -tZQ42Bw/CGYArUgq5+4Wly2f0M7CmcQ8n3P8dZ/hESZaBA/vnkx2faBwSacuCduU -Ao+SxLDktdqHOLsAD4eA1waUMjuvY2stBlPYFLl4mr1uNlmPZkWSObD1AZXBKP0V -ov215QwKR+al+feMoqaMvnTbY7wUORx7AuXU1loy6sEp2OncXQCOq7/5ICs= +EwJVUxcNMjYwNjEwMDIwMjQ0WhcNNDYwNjA1MDIwMjQ0WjAUMBICAQEXDTI2MDYx +MDAyMDI0NFowDQYJKoZIhvcNAQELBQADggEBAEezvNHMKT/uequIYxgF32BZVTy6 +1Ej72pegtIp6eeawBp/RJQZ12am1J9lBy1sG6ABP0CQJ7RcQS47NjVTFlXipz5Yw +kJn0WnvoVKGr+LVHWqO9EuM3Id9fEmLwg9KLC5cnKrJ3JCO4/pXdNe/IZRAYejQq +uL87p/VBzt4+Ld1rDKBA5+0+Vt6Bd6IUadVB6k1M0Pxo9oRx8cj8jmORU1EKQDTJ +oFVDl9V6xVlCJGkZDMMpLk3oWDvxQUqtlP+Ruj7qMziLvy3RvCFkpwLxzfvBg36J +TMQXQw0CaTBmKisnLN4n8y+8YXNfr6Hp9uN9qSJlOLRFrJy7HzeYkKMkkgc= -----END X509 CRL----- diff --git a/test/certificates/expired.pem b/test/certificates/expired.pem index 7d841e46eb..2afe657751 100644 --- a/test/certificates/expired.pem +++ b/test/certificates/expired.pem @@ -1,29 +1,29 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAqFk51RFy2K7WgX3w7H7YLen/+gOYpKslQ5uaOWATUPIrhJC3 -Kndf92o6/E73j6h44wTW5xv65TLtIoQbk/WJIO9q4J8V1OWRz5HM/P0RsSceR3aQ -Q7UU6lMVoBq1s2Mz9RF2rLIL4MSjKseZFXkI1qFYae4AKot90F/xUiFWWL+WSF7W -gPt//Y4ykzMO4py5oB+qhV5bzvlVGLuXuK3UDJ0vtBmeuwUMvtXQLIhxVkiw0HUi -Yx8OqkCiOVUSjwF8GQmIexOyCAUSZUuX690CKkG1PCUO49ZZHkZSwr+n6OCdYLdp -NDpVwLs7dLOWUnH7bK8RF7kSvUSVwGaFmdGPOQIDAQABAoIBAAdPnax4RiStHh1w -SNvaa9y9mGtlB9Zh5NvFaIqUlq4poDRw/PVkCwfBhieCLevgGQTh50vQ2iHlRulc -c56mt4J1x05TNlVhNWZ+alizzFaFUIIxvtTj6rE887fY5Rpx5NYgIKdiEZQ8senY -Eni9YYIBrodmKb1vQqLfockrb7appEforL55qmj5wMVFAiDCFDx+CcRBhFocJkbv -NYleMn83Pyqu9ruvuTiwMNDD7M5tmJqpznPAo3amP+sbQnCxzwUmq6x6+gQP17Pk -CZCKwCfrbMclX0txeyOpnmiE3+XqDt9KnXS2Hl2+tOwHxoT1hj4fICam0eIshPBw -tR/9SMECgYEA2205J4PBnOelHrpHa6Gfv4PlcW0knz3fKDemRUcg4tOO7WtSa7VC -vQuFKzGJGROIFlSKlVoX8UkKtNGV0bdGFPoM+/D9Gm3GOX3XcdRAb7CJCFkTXm9a -7eJ0J5tIyx5bkq42udLhNUOXWCI3a1PFMHHXPs/+Ekj/tTsrnAjq20ECgYEAxGiJ -UdXwT0Gnqf02H3gP4Kj9+BTiG36KEXAZm75JtTmSzmH/GPgokRPHmU11AuRUAyAI -RJmqWVCNItAaaQTz8ubutoIukDkxv1l2VYJzjMKA7JujRgq/TIEAKKVO6TkF+jG+ -sUMkTHON5deFarCY376USrGwxGSJfw4u+jBADfkCgYBJqmePvooXlSU4Ja2oksBA -2ZUD+XJcC7eJlvU5OOHvhLrtNiSbiGT5do6kq6KtSoNbi9JixbZYCP+RKPO1TmQ2 -0qPdSVCPuN7dmkPkMS/Yz1mR9eWsxJGwX2BDk7xihLSVj+tLg2KcMS70JbiZTaxb -0TxEGCviE6PVQiIn5k6CgQKBgAbNkCQTgvVb0tDigmNopzQi5lkXcBV/toyQE3L/ -jlIGon0fi9RzlAQiaUF4G1t0SSyqiV7G682YKqtQBfopP8HkGdScgbxhHsX/9UdU -82emvQx0/5zHdoTR2w2NXERbw0c9Pdup9bHoNrwFUQu2/jSRx1Um/nZu/Qw3k4z6 -6t0RAoGAWRPktUYyNZGCPlWz6zRIvxbU1gSosrskmuorXOucPOi2KgzCXS4Ikzg+ -Q/5/iL54D2OqNku62NzTBMf+dQ2SJdo9QVTpQczEIQhF1tDEFECDtYS624Y6MIkQ -FdeP62RzhntpTKJZeZm3SAQc2znPG0JhovPpfKh4u2sx3ALczK8= +MIIEogIBAAKCAQEAqn5MfJ1M10rG9KikS1tY8bleGMKbocwLMuiixRtzpjOSDqhS +gGMRpp33f1oa0kwjHwzcfZgJCV7gcT0VASpN8lm/yiVKjQE6lWokH6n696raFi/4 +l7udSaAKWohTaK4gN7YWyKPiHg62vgXUYUQriyhdw3TVzrpP0IFgpW0UGvFfWr++ +me0/24bDgZJfRJX60mQ35OiCV3g0iJ9jHq4VX7gTrLSdvkERSV9h1aDfslXgF2QS +qf6LGe9CV2DUYH7TMYZkTbKBSMT85VFbN328YUH8QkuLzTRWmBQbOYMw3L+QMWoo +vflRf7XBO/gX/Xdf0bVQzvajiEfiz1o10O0S5wIDAQABAoIBAEXYjPwmMwMmKsCz +T+9hQlxw7Ngm7bxIi7P08y3d07CcgvMHSRk4vNPt9iVRpBhQQbkoOzImtVkF6dvq +Qq8iBiHJW9V0FokSnk302EyyhdKtxz98spJytXqimmtBWy5Q23kHW2kiHnHi5EGP +wNSCKXaOeG8o76iL0kPgpNfQioKIgbFiM4OFr9XTpTyjrTxPtOIzJMtR77z+Ib8G +FNfUOWaqVtGEb7zm8WBo7+ZBPTPaaIZwRfavkP8U5I5iPPbWnyVmGXIE0ZS+Nce1 +XeOiCVAIZrf8/26AYVHK+UivrS7t2WD4Nwz1FicXTq8KKwVX3zvIGMGVQr3G30AF +mMHmZIUCgYEA0uVy5aujocrtCT2bf7JkrI14V9lUPSwgvhSOqglurzGI65tZijRh +1oik54eiihPoB7/QUb7JBaSdCbW7y+nrcUAedMNmwbX2VhlgCVMjRawk0ZMl1o/T +mvw5IeMHoIPe8aXLFmp91M0Y7w+RG1Biidr/kF+FP2fxjJBckf3+AOsCgYEAzvTL +H/qGGCyqulWTh4762EZSoQTzPiqh7bwKsrlZTbIUT5iwKMi3IKIW69X8IKRA/5qW +D95sIF3yfRl5BppnEGsvOR2kacbv3c88T8U9zow/7ct5Qk9R2bbAMbnngYFFpikq +wQ7LukrAzuPdxyzZ53MMOpdO/F3D6t00ytnGFvUCgYAjmbX+jS3PJwlCcRLpyHx0 +IGF7OuWcefGBBMlcbMExc8QwOYYw7UzCwUhNCTln45pcjIWm9vTKLhKQTAxKjM9A +y9kYTs/uzT+rIxdyG4WtwjRo6FUP1jGbTQ576O4lq30b/6e7vfhFzuVxnYgaO0SX +Ds/rWCSPIoXE+62Uu3KARwKBgHRI57lYMvByaJu6aeLJW/kZymPfPC26FrJV7kzu +CFe3r+HpkVHZNcyIRwjMe5Z7tGnqmlbgSzEEmLPiFDa5mx+GmkoldbRZq32ea+0G +juv3shQTOFch6oPCQ8utAX+q+0+Z4gQIJEDQr/WP45V+hhGee0iQrDjxFpxpHri8 +FKnhAoGAL3VBSGgePKV4pAKX/bRAMcOPjlCH+C+XlBzq/Qh3Od28Piq2GAOV72+0 +Q+/o9OPVES5v2l2IOpi0vSsJGmY6MQZ52T7/BsUKTHzyVefZoHJ1tz7Fo7o5EWsw +51Z2jOJlItXukqWCav9IcsZummRgkw66SrzlO/hmZE+f9WNzQAc= -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDtTCCAp2gAwIBAgIBBDANBgkqhkiG9w0BAQsFADB5MRswGQYDVQQDDBJEcml2 @@ -32,18 +32,18 @@ REIxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxETAPBgNVBAgMCE5ldyBZb3JrMQsw CQYDVQQGEwJVUzAeFw0wMDAxMDEwMDAwMDBaFw0wMTAxMDEwMDAwMDBaMHAxEjAQ BgNVBAMMCWxvY2FsaG9zdDEQMA4GA1UECwwHRHJpdmVyczEQMA4GA1UECgwHTW9u Z29EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UECAwITmV3IFlvcmsx -CzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqFk5 -1RFy2K7WgX3w7H7YLen/+gOYpKslQ5uaOWATUPIrhJC3Kndf92o6/E73j6h44wTW -5xv65TLtIoQbk/WJIO9q4J8V1OWRz5HM/P0RsSceR3aQQ7UU6lMVoBq1s2Mz9RF2 -rLIL4MSjKseZFXkI1qFYae4AKot90F/xUiFWWL+WSF7WgPt//Y4ykzMO4py5oB+q -hV5bzvlVGLuXuK3UDJ0vtBmeuwUMvtXQLIhxVkiw0HUiYx8OqkCiOVUSjwF8GQmI -exOyCAUSZUuX690CKkG1PCUO49ZZHkZSwr+n6OCdYLdpNDpVwLs7dLOWUnH7bK8R -F7kSvUSVwGaFmdGPOQIDAQABo1EwTzAsBgNVHREEJTAjgglsb2NhbGhvc3SHBH8A -AAGHEAAAAAAAAAAAAAAAAAAAAAEwHwYDVR0jBBgwFoAUklEU6qFiRqDnOtWJ4nkN -OnNtMmgwDQYJKoZIhvcNAQELBQADggEBAGdq+EvG7FsmAYu29Nw9Wz/K8Nz595OH -J9ugYVAbarV+ik6WzyUiuY0wvjydeqzxja6bD5JYtyxD43eInOMQStgYAnZOiBzl -W9tsP5d7/BNp2YUpV/8rPlta666wWpXjmf8/zoh+ClZTIUze4+kRsls/n9A9biXq -/X2+KdAShvkeRTL6AlX0ywuDplGKw77dwNGeBYldgGIZVW4BzevVRqdHScsSLR2B -1iLteAHtcSZwMvuvL3p7PJOOSLu1AFNW7LYmuqvjswQ7Leu1/EjCDGQrFH6rmlsI -SfKmKR/QJtXywpDNOSl70ElaGfU4614For9JSVcWbj1pJDZVuDPeKXg= +CzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqn5M +fJ1M10rG9KikS1tY8bleGMKbocwLMuiixRtzpjOSDqhSgGMRpp33f1oa0kwjHwzc +fZgJCV7gcT0VASpN8lm/yiVKjQE6lWokH6n696raFi/4l7udSaAKWohTaK4gN7YW +yKPiHg62vgXUYUQriyhdw3TVzrpP0IFgpW0UGvFfWr++me0/24bDgZJfRJX60mQ3 +5OiCV3g0iJ9jHq4VX7gTrLSdvkERSV9h1aDfslXgF2QSqf6LGe9CV2DUYH7TMYZk +TbKBSMT85VFbN328YUH8QkuLzTRWmBQbOYMw3L+QMWoovflRf7XBO/gX/Xdf0bVQ +zvajiEfiz1o10O0S5wIDAQABo1EwTzAsBgNVHREEJTAjgglsb2NhbGhvc3SHBH8A +AAGHEAAAAAAAAAAAAAAAAAAAAAEwHwYDVR0jBBgwFoAU3TSaGIXoNZb6DBO2WaR6 +YUvjQdswDQYJKoZIhvcNAQELBQADggEBAHsi4XjDa7cDB0JUEj7bJPj9AoPC/Zgo +AiXPGzkZ5or3U1Bt+8ZtHLVV2Ao8KdGznHV47aB/4Dwu5IaP3ehlyEzlzU8lWCA8 +814iA2ysu3ekm+w4MBRJ0mIeFz+vCOfbssp2dd3Lgji/WWS1eNrqELgOZn52u/ju +beucg+A9lUquK1n4WtCnKWV7zvAnG3WJCl7us475fEOXrV0GDgDclmlsKT0WNsz/ ++3Yz/fYNKiXHAPBM4OJtO3XqrWdf0E9QK29du006qY8/Mr7PRWKDCw1bmfy4lmQm +RuFMzWpjoLjXdl8sSxu5YmMOSAo2Qb1c7NJZr2eyjorz/q50bevRE7A= -----END CERTIFICATE----- diff --git a/test/certificates/gen-certs.py b/test/certificates/gen-certs.py index 72d2189011..5a3633bba3 100755 --- a/test/certificates/gen-certs.py +++ b/test/certificates/gen-certs.py @@ -138,13 +138,13 @@ def server_san() -> x509.SubjectAlternativeName: # --------------------------------------------------------------------------- -# 0. Drivers Testing CA — minimal profile. -# Only basicConstraints: CA:TRUE (critical). No keyUsage, no SAN, no SKI, -# no AKI. Adding SKI/AKI/SAN to a CA cert that is NOT in the macOS system -# keychain causes Apple SecTrust to treat it as a leaf cert needing OCSP, -# which then fails (CSSMERR_TP_CERT_SUSPENDED) because the CA has no OCSP -# URL. RFC 5280 §4.2.1.9 requires basicConstraints to be critical on CA -# certs; Python 3.14 / OpenSSL 3.x strict mode enforces this. +# 0. Drivers Testing CA. +# Has basicConstraints (critical) and keyUsage (critical, keyCertSign + +# crlSign) as required by RFC 5280 and enforced by Python 3.14 / OpenSSL +# 3.x strict mode (ssl.create_default_context). No SAN, no SKI, no AKI — +# adding those to a CA that is NOT in the macOS system keychain causes +# Apple SecTrust to enable OCSP for that CA, which then fails because the +# CA has no OCSP URL. keyUsage alone does not trigger that behaviour. # --------------------------------------------------------------------------- print("==> Generating Drivers Testing CA...") ca_key = make_key() @@ -157,6 +157,20 @@ def server_san() -> x509.SubjectAlternativeName: .not_valid_before(NOT_BEFORE) .not_valid_after(NOT_AFTER) .add_extension(x509.BasicConstraints(ca=True, path_length=None), critical=True) + .add_extension( + x509.KeyUsage( + digital_signature=False, + content_commitment=False, + key_encipherment=False, + data_encipherment=False, + key_agreement=False, + key_cert_sign=True, + crl_sign=True, + encipher_only=False, + decipher_only=False, + ), + critical=True, + ) .sign(ca_key, hashes.SHA256()) ) (SCRIPT_DIR / "ca.pem").write_bytes(cert_pem(ca_cert)) @@ -383,7 +397,7 @@ def cert_text(path: Path) -> str: errors = 0 -# CA cert must have critical basicConstraints and must NOT have AKI/SKI/SAN. +# CA cert must have critical basicConstraints + keyUsage; must NOT have AKI/SKI/SAN. ca_text = cert_text(SCRIPT_DIR / "ca.pem") ca_errors = 0 if "Basic Constraints: critical" not in ca_text: @@ -392,6 +406,12 @@ def cert_text(path: Path) -> str: file=sys.stderr, ) ca_errors += 1 +if "Key Usage: critical" not in ca_text: + print( + " ca.pem: ERROR — keyUsage missing or not critical (required by Python 3.14)", + file=sys.stderr, + ) + ca_errors += 1 for ext in ("Authority Key Identifier", "Subject Key Identifier", "Subject Alternative Name"): if ext in ca_text: print(f" ca.pem: ERROR — has {ext} (would cause macOS OCSP issues)", file=sys.stderr) diff --git a/test/certificates/password_protected.pem b/test/certificates/password_protected.pem index 907c7cf60e..ccc9001cac 100644 --- a/test/certificates/password_protected.pem +++ b/test/certificates/password_protected.pem @@ -1,51 +1,51 @@ -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: AES-256-CBC,1AB3C94672176436308209E474105793 +DEK-Info: AES-256-CBC,98AA1AC089EF885796DDBC668ED02D18 -9xXwggZIukBDMJ0gT7P1vu5S0dRsIeU7ANtlQXerQjnHsH1FgbYSsCz3tuNsEHKO -u/IqtlXtQVUIBZ+pU+PbhpQyge++5TkTQsXjZLXP/npECZ+Me4J95yCzSBN1Bbb9 -fZjwdRrGO5Gw04b3N0Lc8u7ax+THinadIACqPROFhrix6i8Gkm7WsbOPgs1iCv7v -dNS8xszjRSDknmSQ5M550uL+gAQkNgZ+KXsf6377Uj4O49m2By8DTjyhmeh2FMVA -fdj9KJ4U1iq8FQ86IfSkX7FJC9IL09/BDRCm4Tqnq6t6ha6+UbHnLFnVb2yeEyRd -V+KS+3F2NEdvyDh4+tIHN9aXZYDqsJ6bcLxI3sPQ7CSs+buhZ3kxSXOKhZBkL46C -Uvijstkil3BusIbEdhWA+XvZ0Xn9UHhr0EkRt29HPnVG18MG/BEg7+/bRpi1IuVr -qEJI3VxyWIgii62HEmY7ZF8eHIx7nQIrdYZehtKczUd2MDoLi5D/J71/7PicQiyS -Zm/qKkhAp70qZ65qkYsC7s9XZgkAOitTRya+IAM+N/U07IYR6A6AzsZsWcxx5nJs -e/qquL8pnmD+Se3JnoOxSuF6e/KxSGmhgRZjh/zn975D40Ok4xs9VBZC7SWtFFsW -5iVYYTW/hei22jP0aBkfaehubN+eA3Cumll28RarSzOIeF63F7TEwmDf8NgXqJrt -2QnK9pwejrkcPMyqV1Zk6Outy3mUpGUpLn/XZQvYHKHd7YOzO9oVdsGGaceyiGEy -jzeCzSNay9CgN3m3YeYifDKphV0PfM0tjQLagPnCkKsem5ipUzMTZPVaXqt1NA+H -dRR4SxUZ073y6b2f4gkMN+XflFMPlOhHGo9sDUFJQK3n4cbPE8kdEj+KwXcc0p5+ -R4qDGN2LvLyqUHwebAzsV9x0Jm9ROXfNOQ3v55MBZWttRgJOgnKoFsWc51RQLF+k -MZ9iRCG7FDfwxbCCouBGbdL/GTHu6AyRpdUML8zmWIic7jt0VR46dLHK1fnhABv7 -NctvCTY199jg6Yf0WcUiec4rUqroUmMO6TQ4osV174lzqM86AF3arabPqBOF/L+2 -JuXNLZeLtXp6g+tI5o+52z/CHgKy/fQcPLLxFqvyzEGjJplbQGeSJUVLfAESDcTr -s0gNM0el0Ly7ViQsfYZ+7hgGPOb622/Opf6GJhNu0U05UuAlGVmsaLXAtpWPx9q9 -Bl1Iqu6TdaFoaL4iMt4+eZFR1SrJlg5cg0bHBOi3zBJKUy7sUwMEk3ykRVpm54Yq -ROoW+Z+ycyE5hDdoo1PdTdngWSMmEdVybDiMpoG4jH+N4Ate3a+rfVUmpCydp2JB -W9RQxjCUfQXgYaNFYoRGt1kBIC6ysF2k4nCkZ9waBuzXs2PzDjLZvbNyAVFpjUNK -4u4thI9hISImXDfSb5N2lpSQt6+OR7XB2xQdVhP4FRQSh9KNtb5SYXhqGzvMvxeQ -7dPK2imlSKml6BUDRb8k5qLjb5kT+MYKXoswBAomSXqq5rkkoDkFi0WYM7f72XRX -Pc659lKRF0FKTPfWkXwWRZtIeogJiS88/7FsZ/efJbb+PqiDKZmq0HZmoc2AdUf4 +pvmdLDMaibCn0WCqDfwCk+HAQ1vbGRtFIzJNh8x7UmsieHk+x1cMK69B0n0sHOlV +aJRmUyz2c8bMOC/0b7sxisG3PQ+ONo8RNUlW41JQ4EUP+KtVebbhwv2zwiFSscZS +mtmkgD3J9/L42BtT2tWwgduwdwFBpN5gWJfpVZvA8bSY/e4p2YqpCrZGSAqbGr8b +TExcm8Sh9ZjPm3b50vDH/AWf7HpZQri/hNt/kmPUfuRXHEWh9cySewOcUbsBH+w7 +sVXtJTXrTa9AJ8zGLxxbFsaf4do4uJQXex9KwnaOjsq22Wq7fH9ehetgqzE6QFHb +7NXTWE37hZi/0IxD2alILAAgH0iNru5QAD+ov7X9Ewl7HFOXhwm0S67Ku8jS5g4z +2cb08h/xBiWILNm1V3icRpxic1agVwRdG2dcCUbinL17Q9TcwFXYbpy5yVOmCm8U +vWvJ0gJJ+251NsWvHm3TZpK6clMOEL1p1rOoA3lsjx/zbuYhM5qw/ysTYvsO/Zb/ +Ad2mTOX1i0bbHzzEFBpEkij2w42XkF4M2FkiQ24P2FTxpwxXNWzD4svdI28yzD0A +iUHrdBG9IsWBX7CkpNvPrSvnbJhJmkI4BJegFJ3QGIIdZvTpa9jXObV3Tt3YLZRa +dfqFziVttHTVSXnEiB6LPU8jVEk8jruMoPE+HXKp/dwSSCEvyhoqa3SqMX4EroNY +ML9aUmrHP0bgH6GgJ/qUwBWT6mHNGAPxr9dsMyujc5WiNzSwxIlh+EX5m6NizJsW +mDKarHdlUn4vLqukXdZiySS/Z0d6kzVlFv9slvk7g7Bocbf7oemh6if3YRcpLKib +sAYqx5vPl/csp8FqbQHfkRtuAPa9RlT5a3dvmn4XLmLP5geBPinxxO16SQiv7SH1 +ir++D1Y1hu0bSx1NYs+JqCPHHGiriEIlH1GemO55PAQ82IyHvRLt58EXhWhCLGvw +dOdcQuhelVXuGOWz9p/OWj+H7niT8UjWXcAelQELIF7VhMic1usRqVm6jpMuACfX +I61epH2YtOnUF/JshKeDgdNn1pFitJ/gLefwBKE5ET0zLit9xI+3DXd2LAwubf1I +xuUzD4pPar/lc3WqImFFiQfSzVu1y/xwzD/pdgIq+M9odXs5/ZRdSfYPVnr1jEIc +MzYwjiGS7Ija0xzBB3wB585cU2Fv8ZAmpLCxltgwKdUEYwe22LZzb0DcDWzdwqXV +H60CZNw423Tm0ramb1uVCjx5oXNhwUPPiaivqRpfkZ0tOMxFcx0RWYsndVgLhzX/ +CSZmL8AO9e/GNpQUSp4EwCGt6E+si5N5Ev4plIAayTG0kesJXzMdTvRvw8I9vclK +3qGL+6gkPpZLjfkgAvMv5Fym7wZQszHN8YlgFSInncp7JAkp0ZzmObXhS/toWOWB +My5CqFjn8Kzpp6zL+qqjTjEMJf9v7VNrfLz4Cwd/fp3SwN6GhKRqBTyLycrplVuS +RFqTsPrH94M64UDD2iASKIcajaMnWSmSMQt1KKKmKnlO6+KG1xa5ZN+001P/QQWm +WQpSscB+OAgYXwvASHBd8isNkGcm3khHrMjC4ceYSh3DYJ0j2jMOVOJ1pF8ZLytf -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDgTCCAmmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADB5MRswGQYDVQQDDBJEcml2 ZXJzIFRlc3RpbmcgQ0ExEDAOBgNVBAsMB0RyaXZlcnMxEDAOBgNVBAoMB01vbmdv REIxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxETAPBgNVBAgMCE5ldyBZb3JrMQsw -CQYDVQQGEwJVUzAeFw0yNjA2MDgyMzAzMDlaFw00NjA2MDQyMzAzMDlaMGkxDzAN +CQYDVQQGEwJVUzAeFw0yNjA2MDkwMjAyNDRaFw00NjA2MDUwMjAyNDRaMGkxDzAN BgNVBAMMBmNsaWVudDEQMA4GA1UECwwHRHJpdmVyczEMMAoGA1UECgwDTURCMRYw FAYDVQQHDA1OZXcgWW9yayBDaXR5MREwDwYDVQQIDAhOZXcgWW9yazELMAkGA1UE -BhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClaEO5XeijIlkx -oJKbGnQYzoOsNSp97vJyn89/4Qheeoa8czo53KVTvV4mJzFV/5Mlvspt+wLDkxey -Js5lF4DSq1nM4eEqPnXCXcgxzucw6VCAu2DBGAW/ROk0eVVMCjr/3xBO9suJmKZb -gR0Qdy+c2WccgpHcNRZxR2UNV/qt0RNQ5ShL8Agjq9bQFO1PI32taNTu1/xZzyTs -ZE64FTzpvp9dMdnwsEcStEYDT4xUwErkUEc4t6KEeZxwwIxKiEsLdSsm7LuJv247 -nZCMsKeGz7XNHnLme0VkBislW5+OKZS18FN4wLHVb72llDT9tjnifbB5anBL6NrK -XTlAW45bAgMBAAGjJDAiMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcD -AjANBgkqhkiG9w0BAQsFAAOCAQEAl8eJAHr1qVNsFXwzyRlcOqa5luOfNniWuAV/ -/+ypN+qwD9QjJLLooawoIon3Wf0gnLbdU8oQZCpFEXUki9gKCvjdT9W1sgkJKKi4 -/kob+/RHa/GNPJp+4yyZF16uF1blhVMqhYPAx3TrKaEiFzHKTduh9DOxsBCHkteb -9BzR8EzVrYzbi1cJL9qBpXMy8ZELb1LG9y8t6gx3955v3pP0LdxYfe9frN7MESC1 -+9ZPXOz3YcJBDSubibpvU7a44XDpfISdX7QauNsO8JVDUqLNWx5SgZavDYs2Czff -H3I10vSZrvhZC+nNc+FWdINJzzqBaH758yDOLvlM4/yQXbyywA== +BhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCOTP+uabVTCDI5 +HtNmrhD7f/vO8xdUWe+/ZYrEvnMgn5rIvmxVjeCgpRfqkQ9TY6Pc4k7wEvJI/xZN +qwMuVv4RrsAHk2qvrqrYmhd+DLjN4a6KPvJcHSBHJaFLjZ5jnE+8feL5B7U687Ok +0kQequHM13q57KASj1rj60HuGarAQoEuA+/6J3ld2VhaAo80PmjVnp0sAeKBxWT2 +51M0reEVUk4Fa881Me2Yd9lIYoOsIaPywdWsnsL8HuYByle+3J2+A1RhBk23/gtN +I12W7N7MwdepgXdBvkmm0+b80KN19Nb0Lno7CQT57mEFHPm0guVLaPD+bA2JohoK +MW4inz/xAgMBAAGjJDAiMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcD +AjANBgkqhkiG9w0BAQsFAAOCAQEAbq/Qi+EP+gMZ5T5SBQOzHg4Qju5ermGyXSGY +A622mzbWAeC06TyP/iC5YNrdwwiWXccoNQ3YNUBzHrkCij8AGj3C+qHCwpC9z+C8 +X4yeKsV6SL4iPM6hM/g4pRjgN75a3xFmIX31C0p6AJilJX4+6xypLFEUIII5Viw9 +ZsXpUeVyXq6FXmeEN3nFt3c7gbqNzYHc6E4jRpC/atrOdkB5xZ3DtQmTtRSkPGjJ +IF5ymoetcd2xkthL4hAndAaXAWfrfT6mTXV6o4lps+TkK7uW32O5e9c/mBU59W1U +OqGIAmmiUYM/YLUrR/xDk15Ve1B4NJ5D+DYu2SRBA+0Ff3picw== -----END CERTIFICATE----- diff --git a/test/certificates/server-kms.pem b/test/certificates/server-kms.pem index 83c6fc0cac..c1cfdc590f 100644 --- a/test/certificates/server-kms.pem +++ b/test/certificates/server-kms.pem @@ -1,49 +1,49 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAuFZEsI0K+Bb1/Nd+x0h6NrlKeVo0BS4e8lI1vMvmZz1L7TS7 -vBi24ZHR4aV6bR4J2U3rgx1amMbtyYaxAvcA6MsXjeBBXy5hG1at2oN7z/80m2Yj -vgdyUn6aLDMj30DoKNgS3SXIbGoMUNSsU43PTgQ+jDEIFkp7oSwJ6o/v/enxcu3O -OkOrhLql0gV8Jd4tQyT4EYfeoRxEsL1Cksvu7bERSI8GYartYhbAkRIOLpuo4mmy -vSniOJ06xqR2ZOpOufvAiLEq1/GGGKGlmpHUHeo+bqj3mvFlzh/xDP8r7GN/jaCV -JV7uwWafeCLJa1K6HBD7JHRxPez6PSfjVz+xMwIDAQABAoIBAE1jmm7sp+BD8331 -ErqjiPuUitmrrw9Fr6RYM0tR5ycMquWpL+/mCFFnINA04tMQu13JwshG+JQPYCEt -NP9jp7QUH41myssk84vAtjh43vAR2oorNXJAOhS8JgnMZpEB9PXA0RqbFCu/0e/V -eYuSi6fbTE8a/qQtHP4rOPaK+1yDtYELu0OrB8qMOBxmS9LbDFVQwPA9KlEpXYev -hiagi8JEEsGEvQqCCD37mNr9NagncBO/G5YnPBTLqAwbUyaWmtcRs7NfcdAXINJr -HBnY5XdaUVQBSpNcqljP4qgZtCyQyNoy4xbnzqrkovxiqkpoaGPij0SkndmuwGfV -mdFf8+ECgYEA8QYln72cjQRTKw4U90qAToaWIFvnAZcabBeJ8PyUfBXynhis+TG/ -lRNGS8Hsaex/FPg1O/vmLDTHnBDpmcL5PcC2aXEjT8DrSezudSYSfnjlRCTgqT7Y -PmXvBY0WkLnNwvdeO4IwPDYQjY441BqO9OeNO/eyaUXX04dk8rXoonkCgYEAw8pt -l21RBY0dJnZRnfyOdwbe/OrsOTk9M5EPA77CLEVekYEiInuI/a7uBImRh2btlrH1 -WW86y5UKZ6+mldPHLvSTkGWWoMsOCs5XOF+b8UkYLPAoOoRM1UEhFr8U8r/CoFRs -iu8PdReA48XyTqoeA+Bk+dF7uQv4QEXeBNSI5gsCgYBmQCBYC13N6WbLHjdAzedu -6OPpqHNxFkSMVNQdW1o25iy+a2N+eF95g+rPmt6L9VvYbpBO+Uelu2JvUDF6HOAW -FZqNUwUTAZoQC6cCJfu0kd9ZsHdq9ZFRr3bemQNYtKqZKs5cWpfSA3G0TADJ4taB -CXa+WQ/kX0/3mjn2Sbv+qQKBgB1pal8mD9bKpQdjHM2j4+7jfFn4HHZYL+ZwMxY3 -8Mlfvl4TTQJrFmAtiBnsZI03nBdYMmg1+loc0IxU6ax2POTD3usBJ8iN2FUtPBL+ -4dk0RspxZUmtGDGs8ACPweDZh644IHoagXLwje8pjEXe7lVcvy58Fp7sumVFWZ3W -I56TAoGBALamHe4tQfyet4kQrq9U6BYguv9LZKY6WrCpdABQm1yDM1VwOtLMCIv7 -R0GeAf1O0xRoM4YdZNPcNBOPDQbOdxxkoReI6eFU0oVrJJGwvUdOY1a7KnMSHVx4 -bAmhQEZhLvORlrEIeYrHorMXyw8M8ajieGD0mKYcc88WfuHq9IBv +MIIEowIBAAKCAQEAvi5DPb2rDUFHR5QVp0YSj084yeLBntKQ87T7SLEAKqf9cwbi +UZJExpOr9V/9MHOhElKQBFXA3tfKCMXIwv7LrAKbO/ggvY0raKPh0s+uukNDU6J5 +CKs6bxfGexpXeNlGN766rjINrZ1HGmjEnEjX89ZOibzGxTSF0PD3NSPSwdg5ELRF +fIsCb7gWGd5peyu4IKp/lM+oScS4DWb0oBmmkrZp9vCra2BZs4Y43Z/s/3gYyBpB +0QFM6WSCelhiqO44kj+5dbpvH5KGLcGafr/iaO12Be4DNhVKXBFwEfZFc9KrZyFK +mQW5hWzCjL6znArfYMiU5s1/K0VJlkGwUlk5fwIDAQABAoIBAESMXEQ2xx7B9rVA +FQXz5eCtx2RNTUi30PNmumQbGFpHrrz1MEICnLOOqp6I+LOsGdSG2c4WMqyfzvyW +faR7PmJDljxpVTO9XHYdC9p2bR5J/Ex69XFAdpFwWmQovHqcpgiVwKfk9rUrSWOl +e6hxQRVsm2ZeGq8eHVWQZSpMPT0M2WradcGytkQ2PMzMvJw51ApJU4rC9nszuUsv +110ltsiZepqM5aeyQEXcLSxUxz05ESZ5r41CVw+u42KZWxNjZQweTjM6Et3ChETB +RtHWzR2f4B2jRlqL4wtinPtgpot9fuW3OhLFEoLrTo5P8HS4w7Sjd78ZwWMgpMdR +NIGdLSECgYEA5KFFdrActJIF2ryV52thzf7srMgb0NbQuUNObQHcVpQge4o1htmA +GC/2uM7pzQ3YRzt0LaRwwXAWCwVrdSRMWz6OsQS/wOa84WgkMN/ZdGusAsc25dFw +/KYGru/H+God+65B3+h7qWY0l/B4ts8Lf03CkAUwcuwIcGodN57WjEcCgYEA1PKn +Ij6WJIW2jk1hB06vGZ6ub64ivNSpFQSP19NUs0LhPOiV8mLt+fFcGSmAfAooIHNH +wAtWpfA8dwzsFgUi9FQ9i/JlXMq71CkmbEvYw6SjgmagAnmezXhASXexCyq81PfF +eXM7Fo8278oWnrQlJlFTWaqm3HdlgtetIegj3QkCgYBaLCExhpRLw6v7cZXOCFQy +4vCF1Qbjf1YjO6Ca7bjxjMqi7wfdf7s9zu0IRtN/xI4gyhowRkMSiBqpjiGruf1D +n5C30J+wfVDRtjlP7XneqPjWv6uvSMO/YdwQ8xFzsKbStQ/WN+NOFLl5k6aIs3Bd +bVXnZ6SMLvvFGpUbctI70QKBgQCyychpiAKnR1yuvWjpqbZ53DC4s4uW3zXW362l +l1lV6KETcnPyvfzwDSU2OxIVErH+DMwBAYQOblVV3xOYqVdfrBrAlRNlhRGOX75S +zpuAJ4rgwSk26sXZ3UycYlHS/l7sr9qszYKevj9xtEqplLZcJYvFjPHryJMB9/L0 +tOLngQKBgCFkEgxYWqVG0e1eq1ZVAA5l0m4/C7/uMuwsLd9JsvAKzcA5UYhD+U0p +PSmFNHVi+Ty1z+lhv4qeZRdRPVlDiGVEfrjSKieAC1FE0aglM8szUHBHQEYr8cEe +d6jKIIFtKbKkoxYhDnQ0en4oUbADQi+OofaoBjmjuvj1KGTXWkK4 -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDtTCCAp2gAwIBAgIBBTANBgkqhkiG9w0BAQsFADB5MRswGQYDVQQDDBJEcml2 ZXJzIFRlc3RpbmcgQ0ExEDAOBgNVBAsMB0RyaXZlcnMxEDAOBgNVBAoMB01vbmdv REIxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxETAPBgNVBAgMCE5ldyBZb3JrMQsw -CQYDVQQGEwJVUzAeFw0yNjA2MDgyMzAzMDlaFw00NjA2MDQyMzAzMDlaMHAxEjAQ +CQYDVQQGEwJVUzAeFw0yNjA2MDkwMjAyNDRaFw00NjA2MDUwMjAyNDRaMHAxEjAQ BgNVBAMMCWxvY2FsaG9zdDEQMA4GA1UECwwHRHJpdmVyczEQMA4GA1UECgwHTW9u Z29EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UECAwITmV3IFlvcmsx -CzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuFZE -sI0K+Bb1/Nd+x0h6NrlKeVo0BS4e8lI1vMvmZz1L7TS7vBi24ZHR4aV6bR4J2U3r -gx1amMbtyYaxAvcA6MsXjeBBXy5hG1at2oN7z/80m2YjvgdyUn6aLDMj30DoKNgS -3SXIbGoMUNSsU43PTgQ+jDEIFkp7oSwJ6o/v/enxcu3OOkOrhLql0gV8Jd4tQyT4 -EYfeoRxEsL1Cksvu7bERSI8GYartYhbAkRIOLpuo4mmyvSniOJ06xqR2ZOpOufvA -iLEq1/GGGKGlmpHUHeo+bqj3mvFlzh/xDP8r7GN/jaCVJV7uwWafeCLJa1K6HBD7 -JHRxPez6PSfjVz+xMwIDAQABo1EwTzAsBgNVHREEJTAjgglsb2NhbGhvc3SHBH8A -AAGHEAAAAAAAAAAAAAAAAAAAAAEwHwYDVR0jBBgwFoAUklEU6qFiRqDnOtWJ4nkN -OnNtMmgwDQYJKoZIhvcNAQELBQADggEBAGxzwyWq4JRXeYvZXSa6p9eLGNjXgZRX -zNOQpDn+u+JaeHRyVs281gukfvqHgsAGnOhdo3fH16QDH/4mTU2avOdG/KfiXAlh -zZ6dynllLiwSzPn3ZIWVAWQ2N9baLEs81KHRVS++Ohvy+vBmMffy9u5kEhT43SU+ -TVK+I3YGLQ+KOghDCmNmbf+b6f5aTf4fqtaqjfta1c/T22+8nkeGKf1DZWKQF8TT -tikJW/6d5beNiguQf9VuFHNP20o6EDtdwdC6au7pzqO+SesYkBcDljP3O01y7JlQ -NooFttVNcLo+FNUWaxvcADikps7Jzkj9kKdHe9K3ayPkfi9JP6/pOEI= +CzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvi5D +Pb2rDUFHR5QVp0YSj084yeLBntKQ87T7SLEAKqf9cwbiUZJExpOr9V/9MHOhElKQ +BFXA3tfKCMXIwv7LrAKbO/ggvY0raKPh0s+uukNDU6J5CKs6bxfGexpXeNlGN766 +rjINrZ1HGmjEnEjX89ZOibzGxTSF0PD3NSPSwdg5ELRFfIsCb7gWGd5peyu4IKp/ +lM+oScS4DWb0oBmmkrZp9vCra2BZs4Y43Z/s/3gYyBpB0QFM6WSCelhiqO44kj+5 +dbpvH5KGLcGafr/iaO12Be4DNhVKXBFwEfZFc9KrZyFKmQW5hWzCjL6znArfYMiU +5s1/K0VJlkGwUlk5fwIDAQABo1EwTzAsBgNVHREEJTAjgglsb2NhbGhvc3SHBH8A +AAGHEAAAAAAAAAAAAAAAAAAAAAEwHwYDVR0jBBgwFoAU3TSaGIXoNZb6DBO2WaR6 +YUvjQdswDQYJKoZIhvcNAQELBQADggEBAI9GHeflEo8gzo932pa1WtXnG/tHMrCU +LryT9yhnfH5k3HJ2h+dzYrkLQOba9CemPKdCDliZhIHnAH1T0VS/2WP71pBkHaeY +4VIihu/YHmCruTv5ybRSQdk2PBbsF/wJG8kSoMgd9UXI96w1Bh2I7KhXuRHbgUeU +48qboZ3ytteUrJu5FIujtiroo85xJGCW21kC0GCoAqn3Wa2jH1q9mgl5c066/5xw +y11oH368FtRDxvDWGLNuoiWagiFm6c1uX39ib4tSD5DT+cZh9ki2/aIUW4nxS0nt +7+9pvrgZeRAyLGUockxDeQI29S4w0UGrJ8JZ1Pfqc0Nm27ZmIg7iqDA= -----END CERTIFICATE----- diff --git a/test/certificates/server.pem b/test/certificates/server.pem index 42c3f2a54c..d986732a1d 100644 --- a/test/certificates/server.pem +++ b/test/certificates/server.pem @@ -1,49 +1,49 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAwi2f/878YomXyzlk00Mly9jvySMiQCVM8Egss2/RlgIpckzb -VpRyyRo72mO/7+w8JkNqqIjDOtxXaZGdtZmAJyyZ6GAiKWBRDhRHvUXtWYHscB52 -GO7E3WWk+hWPu/LwKNFgz44yJtXlWvuj2XG2Px3K/dtdSwTvKDIwCGLlJy1TNWTr -7/axSQWMJ5rH2OvUqXHy34FUjZfd1Lg2yNo8oJSv5sCzDi2cMiCVioJU7Qtmbage -l15tz6fTO7R77QlNzBPdm8A7hUlixYh76CrBYZ8YBNDhcNkrxQ2ePTq8T9vUPFJc -I5DcfeNNIya+YyAgP0ogK2/hvJk3BuqFJIzmcQIDAQABAoIBACZYeDY+G90hqtY5 -GU4W/onI52FjDMp6Ez2IIzu0I0FqX+DwiIgKfLh188fm1up8TkyIF7H8gAFJrgFs -/iX0kDgsOKCJC3X8TUVof9pCyuJYI+boPQ4jaMEH55JzW5UUHpUQ8/tI62J77vUO -qIayS/ke2w1SmpPL/6aCcrXVQceAdUqUwIUHQK7aFxRle995bB2NCPjzrmAM3c3K -KEBCzfGCZgq4o3427D7gRXOaGpsEn9yFfYzGOl5l3nUnC8/WMCjIfD6wpCKkQIdD -u3KnIx3cdM17MhlmC5laLJdz6XJLh2wa68uwlmChGSMrRATQ+2NOTs7RKPouH6xN -NQtC7PkCgYEA+RViWsF8jWBvXteQcW0AvwOor0PG46pBxaKTiW93rntSTlG+EBWn -0gc5e+NPcN9rZROcX1JIpXTcZQDgzwEGTDN35LSn3fcFkVOEWT33fKVu2eFIGYWa -uNXkYFzlqyhJ1JsUfJgR3oBf0wtzCLiYBS3D4hI8sPfhx586YnGuz1cCgYEAx5Hx -+B+5rl7RzAWxot/Oh5B6w7UdFISkWWtPUr71AahlzBkXZuZvWXZBpi09m5g5DMMi -DuayV8p4kpsWwIbanUobdRn0CDJvltNKssdEIEeSGpMYwIx+AQKXEIHPkewC833o -JW/0Nd23gSER67R7NGvjU9/WQ/f3SitrRce3g3cCgYB6YY9ZmAdiTydpKfDGShA7 -ychvlJV79oMqX56twB7Fk8H0ySThMkKqZvJPdHfrtVpG50PFceBPqwM+fRf3nUFC -32bg8AIqhNwvcyFr145pp763PoD2STaj6jOzRPFzDvB3jVqbfPwKnnh2cQGsH0ZS -BRJhWSSIrsI4GnvNMp35MQKBgEeu0G8DVjqfrFPQJ8INCa3/41iwkUVxb2b++HsM -RAzYY9gvmwxG8O/9Xg9GaL6eqr8+x9j6XEzUWQKv2jhFN/kPSVWCgPkAxLw0ILye -foXprz0EYPuoewn52DEBr4EGePjk3KG12M4QWX10V2+GYEqwBfN2jwvS4WwutFVY -Kz55AoGAN4s3W/FUZpO01xaQ91Req7oF9M5zR8th3pJgCkMz0g8UxbSAJXMNyfRD -96x+4nH1axnHyBDLejv8657gSBO1vdAgSoRvdh4TALQ+LoT8djy69jbReO9A06wK -rX/smkK+35iDtwcsKmqhXx7ENdwfyHUp3pl7sS9crrhX9t5dE0s= +MIIEowIBAAKCAQEAoVQT1GF4FQdkmUqn6U+iJh3QZFq1O2S0kFtj3KsXP4kHjFDk +Ie3sxh09YtLyhRsh3PRLLeHJjjrP0v480WRsfkHmd5tLszBZTFwQ7PRasdblAEZK +0l2CioVvRUVg7jhH/VbsTi1e1h1seFOUuoPFjh0Fh9ZS9nXrmtxn2k7x6hAeMkSB ++fA92qZH7qZxsn5TZtHar4dXNwSBPUP8aImSIDs7g+SC8nYwIdUad/McZDgTyMrb +u9LC4SeyK0GQQEyBIdr+hqUPTNWnVbZSw9L8C2laR7hGlOz9rrvKUFqzMVnWyBlt +6b0jPEu2ZI7XGFMpAZCKmqO1boODSFT7POGOBQIDAQABAoIBABLkeHUC3A/kX37H +HB5JrdS2YZja+YXEz5NnLGzjWVPerXRcZbbmeLejpXRs/SsiyAaq0iIDorml///2 +t3MTBlSLzZw8orMPiqmTT4UcQYG5h3ROhwUXH8ougZ8UVptXGnEbzI0EKaq749+8 +c/qao1g25FapvenwWcC3Jm9Nlu1guXtGwebv/GnmFSkEqCsXyEHAtapc7Icg4AZ6 +aVmAcoOgDy+ToCiJi7qaUfPZz/yiEoXeXBotWiuNxlOqVSdNmV98yHRFoXUuz6cI +S9phnnlJPoS8MqUPZwPitg1CqX667QWOi0O0LzfyVpcI/ZHhn+QErEEuT/MYVpq/ +PzPp48kCgYEA4SzpjcXH8CeL33X3wOXpFVo9zyZ0hMey4svTx1ol0S2zb5nIwAvl +1C+ysyXscKxD7TpdM+EXlWBnSWMDGV5JXMEGLk3NLeM5+3X7QKy7qxEoqe04G4N8 +zyYgGqL3nXy/kV3u3VIFdbELsTcvt/I8BTePTqyHI8MDiVhGFky1Xf0CgYEAt2mz +AhcO1S3tzPY1Jrz1EBmSVpnbZWZ1KcBnGTLJuQ5lpWq+jFD0b3RHsaP5JniRFgWj +hLqrSeRjYg36X7ZmJ2cFocv7kn+FvsaBwqNnk3WhOD9CFo/qLegsnMYOHB8tmMfW +ITVPbQdf7JTQiZFGGsDOA9acJuIi0HcBYN4XKqkCgYAEFdGC7fSrqbwC6Nv+1uz8 +oy9945+3jPv022fTNRJ8kgywWKTovw6DY/4k++onPSjaU/W+7DWGU0JsdWxn+Gry +UNow2t5/F6FEq6ZMTRX2i5AmTRR4g1EvXOy2LwC5DbtYAtFDmKpasUSaCXtHJhDq +s1BZSA4HmxEkW8KhwvCDbQKBgEIevsPAID7F4faDw8GFWStGrLS/npI9j3tPu1sg +Lgying42Hx9ih9wuJTJrFITD7jnsKnjM+rcWuKU+uMYMcWM/Bo6/hJ/ZjROraFgM +pGhKfaZTV7Xeh+Oo0XxrAectbjinwhASseFySSh2tX8Cei1m2F4V3hE+cKKKZFrR +dbSRAoGBAKlg/tB9JYLYjcDkHwjy+U1B2k62V2DiMIsnvb4LtkWaYgbJUxzjTib3 +iVYjNaNcD+Jq5oySWI0CKoE9mrJmbTLXeLZF9NwPtgq4YpEtszBmgngt8PDld2N/ +IFEWruXaT9ZXOA5WvifMmfO3/0soEND2S7LedrVtwR8vt+ZrwXF1 -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDlDCCAnygAwIBAgIBATANBgkqhkiG9w0BAQsFADB5MRswGQYDVQQDDBJEcml2 ZXJzIFRlc3RpbmcgQ0ExEDAOBgNVBAsMB0RyaXZlcnMxEDAOBgNVBAoMB01vbmdv REIxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxETAPBgNVBAgMCE5ldyBZb3JrMQsw -CQYDVQQGEwJVUzAeFw0yNjA2MDgyMzAzMDlaFw00NjA2MDQyMzAzMDlaMHAxEjAQ +CQYDVQQGEwJVUzAeFw0yNjA2MDkwMjAyNDRaFw00NjA2MDUwMjAyNDRaMHAxEjAQ BgNVBAMMCWxvY2FsaG9zdDEQMA4GA1UECwwHRHJpdmVyczEQMA4GA1UECgwHTW9u Z29EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UECAwITmV3IFlvcmsx -CzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwi2f -/878YomXyzlk00Mly9jvySMiQCVM8Egss2/RlgIpckzbVpRyyRo72mO/7+w8JkNq -qIjDOtxXaZGdtZmAJyyZ6GAiKWBRDhRHvUXtWYHscB52GO7E3WWk+hWPu/LwKNFg -z44yJtXlWvuj2XG2Px3K/dtdSwTvKDIwCGLlJy1TNWTr7/axSQWMJ5rH2OvUqXHy -34FUjZfd1Lg2yNo8oJSv5sCzDi2cMiCVioJU7Qtmbagel15tz6fTO7R77QlNzBPd -m8A7hUlixYh76CrBYZ8YBNDhcNkrxQ2ePTq8T9vUPFJcI5DcfeNNIya+YyAgP0og -K2/hvJk3BuqFJIzmcQIDAQABozAwLjAsBgNVHREEJTAjgglsb2NhbGhvc3SHBH8A -AAGHEAAAAAAAAAAAAAAAAAAAAAEwDQYJKoZIhvcNAQELBQADggEBABlOiXrfHEmu -keU8mPicvx3q97eeSyPZ1UroWDLUwIPPnOVfuwImtm7nOrngxs1K8uMy1+Kh8eZl -wUNROxcl5nBufrON6tbpPEiXuCqcQ9NcSkB3LykzhhsjVTUXCJRBY8Mg7LAsRe5s -X3EF6QJqzuPMxlzv+5iimwPzlhe+9XV6qlW1zN9RllTzRMkTNuoFJO3GEZJ6xdJ3 -PAxs4kY3qQQthWsVtY4+vVL8WPbvlW2Llfs3+xMqgCSh1b10bLhuY4Nidq/lmtgh -bqV2yc1YcxSycaCcMynIB3k3/+/gRr5G6ufVVWSjDQNfuaaRU6zuY9hX/bwmmpFk -ynM5so5WILY= +CzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoVQT +1GF4FQdkmUqn6U+iJh3QZFq1O2S0kFtj3KsXP4kHjFDkIe3sxh09YtLyhRsh3PRL +LeHJjjrP0v480WRsfkHmd5tLszBZTFwQ7PRasdblAEZK0l2CioVvRUVg7jhH/Vbs +Ti1e1h1seFOUuoPFjh0Fh9ZS9nXrmtxn2k7x6hAeMkSB+fA92qZH7qZxsn5TZtHa +r4dXNwSBPUP8aImSIDs7g+SC8nYwIdUad/McZDgTyMrbu9LC4SeyK0GQQEyBIdr+ +hqUPTNWnVbZSw9L8C2laR7hGlOz9rrvKUFqzMVnWyBlt6b0jPEu2ZI7XGFMpAZCK +mqO1boODSFT7POGOBQIDAQABozAwLjAsBgNVHREEJTAjgglsb2NhbGhvc3SHBH8A +AAGHEAAAAAAAAAAAAAAAAAAAAAEwDQYJKoZIhvcNAQELBQADggEBAGGXzO8c7OtQ +nHS+SHKt+gZGENYu8Log3T3/lMkzz1to9ib36RhkATFH3fHOd3xdEkECoifeIqvW +R43RjZ59/yQJQCIA0LN3F+yJcG5VKUsjGQGNmKeR4Lr2vdIO+IliFX53zQDEwpPZ +j2XM1dSFYW2DXz3fWMi9KpOPiwgZn74OlLEFLZdfNNsd5WDIal62jsXSAxOi/tIY +0z6NLxl9Wf5j9M/ApLjyniM1vFFRqkvVVu+ajorGxFECOCdq93F+ou6kKK2Ax0WQ +9/MEqEUTdOVJ8+SeTxEjrSySu2XHslix0Lm6SNb1GngsUuzhy1xbZMk0wK5Pp11R +q5gT8viro+E= -----END CERTIFICATE----- diff --git a/test/certificates/trusted-ca.pem b/test/certificates/trusted-ca.pem index 1d8451e044..be62f78076 100644 --- a/test/certificates/trusted-ca.pem +++ b/test/certificates/trusted-ca.pem @@ -2,21 +2,21 @@ MIIDlzCCAn+gAwIBAgICAMgwDQYJKoZIhvcNAQELBQAwfDEfMB0GA1UEAwwWVHJ1 c3RlZCBLZXJuZWwgVGVzdCBDQTEPMA0GA1UECwwGS2VybmVsMRAwDgYDVQQKDAdN b25nb0RCMRYwFAYDVQQHDA1OZXcgWW9yayBDaXR5MREwDwYDVQQIDAhOZXcgWW9y -azELMAkGA1UEBhMCVVMwHhcNMjYwNjA4MjMwMzA5WhcNNDYwNjA0MjMwMzA5WjB8 +azELMAkGA1UEBhMCVVMwHhcNMjYwNjA5MDIwMjQ0WhcNNDYwNjA1MDIwMjQ0WjB8 MR8wHQYDVQQDDBZUcnVzdGVkIEtlcm5lbCBUZXN0IENBMQ8wDQYDVQQLDAZLZXJu ZWwxEDAOBgNVBAoMB01vbmdvREIxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxETAP BgNVBAgMCE5ldyBZb3JrMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQAD -ggEPADCCAQoCggEBAM5IePvVAoUXoBFcviuhhyW/MdRxFreYwiduzJUVn9crz6ib -dBMrdykrGS03P0e2fzYQukx+0hCWD4asnooDn8c4kpZ+oNnE08C3BeRQIKuHQdhe -r/l4+/eTj6YCWyL9ZxvqDYfwcPKAk3wTqGYHID1Zk41t3a8y/tWWwuaf9V+FfSNY -ouZpwlg1dpU1CYxX3Uq9OHb/nzpnlHisXRMp/VygxrjHReKq6AxnbfXJ85CgE7EW -Qn2cyXierJ0nEbLB88RosNOh3kCxK+Gp0pMRE3Ew7BLNWzhgOIH3uGwkY8wVdEz0 -kDUczP0M5wDDhRyZRMZn9rLEon7GTVA30x3lv08CAwEAAaMjMCEwDwYDVR0TAQH/ -BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAKNwx8yW -UHf61qI/G0u3ETU0+Ns1MnD+8r8XGO/4RdMxoa93OppQxlEp8EO0Pks4IFieeQoy -GaMSkiH9WOgUaQat/kq6IMVQwAACw25XK9EnNlp5P8LYdqZTxQ1SdIJugeWwz8H9 -b8N01Ibro9p3hIm2RM0gdHjl9fNLtdWPohbeF9N2YNH5DlxHJHkwJpuks4fszzXQ -/slYsoQMppZv8O98wOgXMR5hIwa6Q2Uc41HUz7oB1QbCeQr1UBFLQLVKYQJNh/DC -CuKVm5dD9VgpuNpxpQTgS05AraW+9jr6ep2MufAfP6oJmKLxfTajOOXEbcoKb2jT -079+8YSDI1vMe9o= +ggEPADCCAQoCggEBANZZGuJckntGsfFnlQx/TSmFOhMKIaI0Ua+5j3cyLgcgDyQz +qbpl6OgjL0uOjykswWG+8ioAcXBkPG8NZt+owIrd96FOgyF0GfmnlcZjYOmY1kUu +LmimFKAY2v9oz9Poqz8JlhHdctgEJGW005H/PhyyRHgGObg3MNPudxzlB5kt4yRK +zUPVVCaBCnHN883o8ffb8A/F50vKZpPWLa00wfXeDdMeIahiCx5KuhCH4iyd8y2i +Si2nskfvEcB/7gF3AoYIobH+W44mbRupc0oOPqsoNbn9qhRPD6BPJf07zWnUqLr1 +tokQPldV2K7ZlyEPB7R3QgH8HkIr8+9qGDcUjzMCAwEAAaMjMCEwDwYDVR0TAQH/ +BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAJxP4hAz +l7W1OpPpeNPHfMuHCggNuG8FnxoP3RLyNU5j0y0iH7aJrwX7O+4UdIlFUqFb3px6 +BKCWKamn8Qfb+rZUFZhdkvL/0eqZd0ZxUHRadkAfLR9z6KQKfvbQWHbTM6q2kKbT +TEbPd77qh1wPOPTez514XloL38iRmpVbe1ofAGPbGm+PJy5vc+lNqCfMRygoXb1O +14b/lr6l++OhypyTZrljNdTndsLKgpsgS7t8TIigxHUQ1kc2lLxI5YRONMVRXxZP +JzVC8Q3Y3OmC/EDRYBpsFU2NOHjImsnNUgZLYXMVCs36M8tlrcEOWb7VhnNb2N88 +GdveWKDjucOFHJc= -----END CERTIFICATE----- diff --git a/test/certificates/wrong-host.pem b/test/certificates/wrong-host.pem index 4090220780..f9bd075cd3 100644 --- a/test/certificates/wrong-host.pem +++ b/test/certificates/wrong-host.pem @@ -1,49 +1,49 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEA0onHw7bFSD8VTBXZCZ7TT5pJe6DA9918f0fplp/BqsspAJwI -bu2YSXjO0plOUvDlw2iT+M9Tp8+hEKkNyt9xvuXHmp8dpDo8igE6UaBEzdBsHwPq -Qwu0QEkfc6sybyz+uhX3lcsL9IbuZdkjsIY9gSKdb4R8BMirvKi9FoDz5WW3hT+0 -L0iBPYSw+0gTPPDaFLNB7JNwyDEcrRgwf6+JJs5zY7enaRnRS6XycgL8eeuoX5EK -5u4DUklCUkw3hqwP4szuM1WMaxx2mxpkyB8/2FGOITjYHBaYGdysWVJK80p7CPce -54pkD58AI7M1IjtLn54a+aOTmpyY3IT6bbo/WwIDAQABAoIBACe9hx4LuVhmQ+xd -MV8OAkAD1PwHf3Up8w6Jce+TDzjgaUhqq3LY2UaBDbUV6AFi5FPKwSeVZuqFmBbv -eiGBpNRORiuK/kraDURVb/8pW+NnhIkkMYtfQbJiuxOXzIjMuvZAIEA/l+2brJM/ -9esjo6dk88exf8FdaYFOboa5Z5A0l3RJRC5vA3dALZ3Vu/gOo4fiYmcl+DHfMiNk -DQadVSUaYpBjEOtqE7qGGNaCHzDsN8h1qJWhWsQIY+qB4EaTPvw9KtnyG550I29h -KPoDAu3+2WS92+RqXSsxGUKQuMpxKu6U6JWREWHASYzRDh7FdvQ0Go0d+INkWgg8 -XqtVVcUCgYEA/v+5p+dE03DHzF9A8sGLEVz84E/DDgYdrOnNazW0HQkzE7zVRnkT -d7g1ieWQ/rsyH6qnwVm5FQfhf2loG0TCW+OWkhH0wXZ1b6dxc4606ohvVjz0QdzI -8WDY0cxV+YiZqFRpuz+4JBsraSbSZ9wIXomBeAXE6A4BQXB2doTb3pcCgYEA011f -NzKE6t+w4fXYN3z31+Az6FUXAjYxxjuLFIjlYJ8KFc8EtE4sjH4OF5muH/5KGc0/ -xK1goRJkiLrEfmweYSMKoXmWuzysiL8lXCYOVmig3iNhbp9HU885lnPSVQOiLI4g -SPXWBGu9qL3PTllHBAXLCyo+bkQA2VxCMO5ngd0CgYByplO49DhzwK90ahdvjimS -wvZHfFU8xu8swWpEm77Bl1NJuotBxkpEd6RKvda1UUE2D6qhOlAG7qYqfR/7sqyY -V/lo733WRgaDDwvpYu5gzLsSURGZU0VdkaeqnG7DZPGBR4LKV9nZEgYwnu3XGI0C -xFxbtGxV0YYq//+jRhT9PQKBgCajDuC8L2fv9BmaIyghg/zGUzbJNyeEWJzwDYB3 -ddavu9w4t5duIt6bvF+8DAR1K36D8oA1YVCQWChWW8zwXq1LBop1+4PGl5N3vZCW -tFA/WAjDVvAt1ZAQdWp3SZ+YxnB2mpg7uB+ewlCyQc8EquKlXHRyCG+HptAU+VSQ -gANRAoGAeUL8bUGnlVbqCPt48SqSFO9fISl08DJ7rQnmJAo68nZHuP9T+LLHoUMB -XvXDbGNm00vF4wlnGpB9RGGinjD+rpj3M5z/7CccjDGy5tPmBCHA13/9VrKScDNR -SzTb0yaYiKF0PmHFH0ZOhgPKcRretwjig39kMjUC6+XyWzf6+Fc= +MIIEpAIBAAKCAQEAufLZxaqlYDhuIMNq1UfcgebO50PxJ5wCRTW4aOZiYeyDVl3p +UEJ1FO9x6LquL7+0oEo/1a9NIfO4sCxY9XhzRhJB/U9Oyvk1EGWWwTmtq+nvCeQZ +349dCCy6NOTuIqPkOQWAQUs1PxX+ZMnRM1QpbNiGegtX6T94vkM78zS+CFVjOj14 +i7O6PZ9qAdgn5xnEbmyGAPt00/SG7VA8GkaGNCwIdGz2k8ulqZBxyvj2qOZ+0o7F +ACHKY4s37FAtY4bbdlHwMRQG0PrXzHOI9tXAttTiVqvQ0YycnDQIuP2zhumgIVui +Tc1SehbNKkniowqefmu8tbDLge6d/KNR6AiHRQIDAQABAoIBAFu1eQ9ixtaKblJN +Xwrautf8gE4SNcVtzbbZtF5URfB66Bm4DoKNjFYrdBguvgsBtzGY/RvELjwRCqUk +8ij644uLJK2sqDU2LKQuHmilLFEN+t17eQFIIT+PY7UDtakzALPY0TUixRucms+V +s85nc1jh/40AvDZnHgNkgJRGDnVn4+UOyE7q1Q4Imj+pjohgE0upEbmFioK69Eat +Mz03OHL/N1mab6M0U6V4aaVyLA4ty6Cls07ztxSWrXkE0r60TjotIhYPtEhfnQcM +BctZuF3KUaM1s4yp2/hJ1VUhHPHTkVpC3CYCsFaWwSo3Q8cSVmih3mUgsdZ+pfN7 +s5UW608CgYEA6aLUe7qBC0VsyL7Sd4+lGG4ZnfApDPljv+KWMX/6nsHSFtxztgz5 +iOAEykm5peh0/Abcc9MC1PDUPRf2z4OTLIUBo9MgXVr7yOK+VyoTAzRnrmxQRA7b +vw6vDHIjlY+hGJJr8EF4YOTt8q67It2V2P1gFo0mnOypyGCxUAWIPUcCgYEAy791 +A/KdtonPHFLOAihZgRqMc5Q2LAXIQyRkasIhoPqoBKKbsWpybhDWq1vx2SBjv0dR +7cnmlCd6m5V04Rqi1KysrmCvmOAdnHL/7z9hpSOVvSTrsvLfv3V7uMsNWBzIA+kV +BSLGYbPVbZ21wYv2b9b0GB8xeOaMwguXR/vlrRMCgYBjohjTGtnlIJofkaDXc96H +6IvsGnqnGcM8FTjPqzAJe8ZIEYMW47mWcVIZog8VfWhGAfcJPbc7b+hSlWGfZRDi +L2Zfoq1uolo1dNyO91ZcS4DblT01iNCVTYHA4Pvjz/h3LhnxvznCuF3w3CrZ130L +qCHN/Cu3SAWveeyjn3hWCQKBgQCD2ft0uY38ccQY1TFBzjDVzoNzzEceSAOoB6YA +PG8cyPjwPva4YmV4+uag8BhbZY2HXDUVx+GyoLXEd3yyq9USAkihdCpOqUIgW39q +qT6caqHdTEZHgMrxEKsnFCgnjECX3z9eGnn9Ai6tCDF19ghdqeI+tfkC/1e5v1yA +FfA1BwKBgQC4qxS7zLbYT0atNeC1Y2LnUdy0D3KIJ0329VtOQOkG7QDRHhZ7oDeK +tFXaaf3CLxJWE9srfCJgKod4B2uCJURCUj3+59/L8AleiY7TGoT1xVORRPcL70Qh +9DWMWyUGaGg7UlW2AsB2DUMiu6Cwf3m/HUkZppFdK61MrTEmrdn5oA== -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDtTCCAp2gAwIBAgIBAzANBgkqhkiG9w0BAQsFADB5MRswGQYDVQQDDBJEcml2 ZXJzIFRlc3RpbmcgQ0ExEDAOBgNVBAsMB0RyaXZlcnMxEDAOBgNVBAoMB01vbmdv REIxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxETAPBgNVBAgMCE5ldyBZb3JrMQsw -CQYDVQQGEwJVUzAeFw0yNjA2MDgyMzAzMDlaFw00NjA2MDQyMzAzMDlaMHwxHjAc +CQYDVQQGEwJVUzAeFw0yNjA2MDkwMjAyNDRaFw00NjA2MDUwMjAyNDRaMHwxHjAc BgNVBAMMFXdyb25naG9zdC5leGFtcGxlLmNvbTEQMA4GA1UECwwHRHJpdmVyczEQ MA4GA1UECgwHTW9uZ29EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UE CAwITmV3IFlvcmsxCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEA0onHw7bFSD8VTBXZCZ7TT5pJe6DA9918f0fplp/BqsspAJwIbu2Y -SXjO0plOUvDlw2iT+M9Tp8+hEKkNyt9xvuXHmp8dpDo8igE6UaBEzdBsHwPqQwu0 -QEkfc6sybyz+uhX3lcsL9IbuZdkjsIY9gSKdb4R8BMirvKi9FoDz5WW3hT+0L0iB -PYSw+0gTPPDaFLNB7JNwyDEcrRgwf6+JJs5zY7enaRnRS6XycgL8eeuoX5EK5u4D -UklCUkw3hqwP4szuM1WMaxx2mxpkyB8/2FGOITjYHBaYGdysWVJK80p7CPce54pk -D58AI7M1IjtLn54a+aOTmpyY3IT6bbo/WwIDAQABo0UwQzAgBgNVHREEGTAXghV3 -cm9uZ2hvc3QuZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUklEU6qFiRqDnOtWJ4nkN -OnNtMmgwDQYJKoZIhvcNAQELBQADggEBAHunBCtQYoXnwkAVahw3Vcnfbbndm8lh -GGRAcSMLtZbD+57c+aOnLdaBTzFly6+872FAWZAzT3i1Avrras9NWG70mHM1gbte -Tu071eFxM/u+tciKignK542Z0gwkMDMaUf3bIBx471/h+6ZIYIYz9/xeuA4ksosa -ejIRsTw9Ltj0JcwTRJbdxmHAOElrZ46hldKlR39voEUcVcM6yqxl5TdKuiPMfatV -nfv6jtstTcPOrHpvYwt22n59aWPfSJAE0e1tJaa8iKIRZDi9Ane7PTNXBnDjFhwn -Xx3l4tGIbJSfX/mUszIn84lBJSiTl8c0vRtnHZHiM0ZnqLrXf13VxTQ= +MIIBCgKCAQEAufLZxaqlYDhuIMNq1UfcgebO50PxJ5wCRTW4aOZiYeyDVl3pUEJ1 +FO9x6LquL7+0oEo/1a9NIfO4sCxY9XhzRhJB/U9Oyvk1EGWWwTmtq+nvCeQZ349d +CCy6NOTuIqPkOQWAQUs1PxX+ZMnRM1QpbNiGegtX6T94vkM78zS+CFVjOj14i7O6 +PZ9qAdgn5xnEbmyGAPt00/SG7VA8GkaGNCwIdGz2k8ulqZBxyvj2qOZ+0o7FACHK +Y4s37FAtY4bbdlHwMRQG0PrXzHOI9tXAttTiVqvQ0YycnDQIuP2zhumgIVuiTc1S +ehbNKkniowqefmu8tbDLge6d/KNR6AiHRQIDAQABo0UwQzAgBgNVHREEGTAXghV3 +cm9uZ2hvc3QuZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAU3TSaGIXoNZb6DBO2WaR6 +YUvjQdswDQYJKoZIhvcNAQELBQADggEBAASYdV+WD7ElYB9MHnzeJPob8gR2W5f6 +ejvG2HV/t52/fb3JkOREzBCSoixzAphhJgUEqtZ7ZnFZRQGjEHhcOcxpgWq05loC +OTT+rsgVmJxmrF1LslbX87OJ7tD2DU6Pg9ztJMjWbuiHUOVjMluxppZ3ceWqH6fw +4lWC4R6P+3pAo3B6XuHKPEBlO0mlbQba84dJ9Dy0kDLiqZWjix31dVoIW9TCBS6w +1+gvZhHZvT4a20O34pIwYyYIWCKEbHN0gbzy4KMnpSNdaD5ELqIOQ+nJF4p27o1q +/MNJDEHeRAOEj5N2Qm3t/l6+MannhV+GBI3G1P3lXQYMBbWIhNyLQdI= -----END CERTIFICATE----- From a71871f7e0687ec0459bfacaab1ffe144c8e81b2 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Wed, 10 Jun 2026 08:06:59 -0500 Subject: [PATCH 20/28] PYTHON-5040 Add SKI to KMS leaf certs, remove from CA MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Python 3.14 strict mode (ssl.create_default_context) requires Subject Key Identifier on non-root leaf certs. The KMS certs (server-kms.pem, wrong-host.pem, expired.pem) were missing it. Adding SKI to the CA cert was a previous wrong fix — it triggers macOS SecTrust OCSP sweeps on the MongoDB 4.2 server startup path, causing ~67-second connection timeouts in sharded-cluster SSL tests. The root CA is self-signed and Python 3.14 only requires SKI on non-root certs, so the CA can safely omit it. gen-certs.py updated accordingly: CA omits SKI; KMS leaf certs now include both AKI and SKI. Verification section updated to match. --- test/certificates/ca.pem | 28 ++++---- test/certificates/client.pem | 78 +++++++++++----------- test/certificates/crl.pem | 14 ++-- test/certificates/expired.pem | 81 +++++++++++------------ test/certificates/gen-certs.py | 34 ++++++++-- test/certificates/password_protected.pem | 80 +++++++++++------------ test/certificates/server-kms.pem | 83 ++++++++++++------------ test/certificates/server.pem | 80 +++++++++++------------ test/certificates/trusted-ca.pem | 28 ++++---- test/certificates/wrong-host.pem | 81 +++++++++++------------ 10 files changed, 305 insertions(+), 282 deletions(-) diff --git a/test/certificates/ca.pem b/test/certificates/ca.pem index 2305e7b08e..be443b612f 100644 --- a/test/certificates/ca.pem +++ b/test/certificates/ca.pem @@ -2,21 +2,21 @@ MIIDkjCCAnqgAwIBAgIDB1MGMA0GCSqGSIb3DQEBCwUAMHkxGzAZBgNVBAMMEkRy aXZlcnMgVGVzdGluZyBDQTEQMA4GA1UECwwHRHJpdmVyczEQMA4GA1UECgwHTW9u Z29EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UECAwITmV3IFlvcmsx -CzAJBgNVBAYTAlVTMB4XDTI2MDYwOTAyMDI0NFoXDTQ2MDYwNTAyMDI0NFoweTEb +CzAJBgNVBAYTAlVTMB4XDTI2MDYwOTEzMDQ1NloXDTQ2MDYwNTEzMDQ1NloweTEb MBkGA1UEAwwSRHJpdmVycyBUZXN0aW5nIENBMRAwDgYDVQQLDAdEcml2ZXJzMRAw DgYDVQQKDAdNb25nb0RCMRYwFAYDVQQHDA1OZXcgWW9yayBDaXR5MREwDwYDVQQI DAhOZXcgWW9yazELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw -ggEKAoIBAQDFmYBpfUIwOhyRQr6Kn1fXqIxfnRs8DpNC0R9u5E+pJkmcWCsXwgdI -pqiNPMl4jFf2YBOcbu1NYFrkZ830jQR9IVyvtCFtzphogGXxcjhJ7TBlgeH/g4QS -kOx1eLxQ934jGzfaomznnG6KMOQbeLwKVqMNtkQwteCl51vACCk3jYl9g9YNQ942 -6P5jB87VgroXUT21DECVkUGkwebhqmFfc++rRvZxaYiDiUWusOaeV3usfFemH0ju -G6W2JtTUc4ckxaBXWR5uY9GbEo3g03dP3o8If4BtFwowOpLT93hUwEMdWDRlqVMn -ZbmmZYMjmxjuTnL5onCDXkwp8upVMsYXAgMBAAGjIzAhMA8GA1UdEwEB/wQFMAMB -Af8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQByYkmYSVkvnGDA -rfOZCJWiak/Vm2AoYVrGxpejsYbWhsUyaWGd0bWdxnIvU53Rptakuq9gBAoN55ak -d+e9AVPm9h9es05k3PKwbapPRt8aRWX+x0kmSLOcInjcDSu+9RNq3IrFrBKfs20K -/ybpcRDIUFBQ1Xk91k0c+l+4+lRj3+wwY5IE4tu9yznOTHT+YyC8Vmg5NrCmyD5T -9i0V40Gre4Ew53DcqyouY1bUodcBuYYTuoHEXT0uYHT5yLMzsgKIsEL39xfQ3akG -LTb7UlfhQHvlaBP2qzs3TfXWiftTBN8W2goN2EIBJpvI6hPUI8ssJJVwhND0Qu7O -oN1QJkDk +ggEKAoIBAQDQPPKgBuJsJiRmjN5H3RAoh9F5XvBArELZhgaD5iHGZUxkktaoZSJ1 +Xq8YEYNr46zUtAhOd7bD/B8tFCQ0ryZA13THt2/g+lgK1pq5yvu7+kwjCNfhC6CU +Aax0JR0K6L5/BtU3MerRZjSOqk8ecfnkWCDZUDj4N90f8EH4e8DXq58LvmVxDicm +FeJX4yflNMu5MOjBe3dbFVygM/g8zGHAt5S3uWQ1RXnaxx0rgUJ671iWPS4iih41 +hGOzwhBn2cXfGSKzYIq/8hzPqNtl7vCsR38dEZ1p0oZ2C/Q3M5QyNK7HF3JlSJ7o +FvyVb5DgqjRTjPT1aEpXmQgeKHi8NedrAgMBAAGjIzAhMA8GA1UdEwEB/wQFMAMB +Af8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQAogVQicZM+YjVA +Wtxj0T+HUmTQg8HGFDFwhY0s0ToCr4dufFSq94u+lVgCXAWpVvZdb7P5NWgd+elD +5BaxmosTty137OIdyhA4zBgB7Mo5ZaDXTpLpvsllgPlxEIbBIW2Ja/Vx7IjJwk9H +qPvstV221uvfx1Hk6BVpXYtEyk74UZuBs+m+k5copPN+vXJoYJOwZM1aidy5Jju1 +bzsk6pniBGjwWujUCg/hrjX6nst1kKba+Kc4Ts23kNrM5+HnzwM8/NJinlh1sz/i +3LUOe+Z7YkdO73VRv4TL8cbCe8t7SwUDQl+sIa8CW/f96ypl0wqj44iFdxJPv4qv +O7KzjQ3A -----END CERTIFICATE----- diff --git a/test/certificates/client.pem b/test/certificates/client.pem index fe12499a9e..700c22e266 100644 --- a/test/certificates/client.pem +++ b/test/certificates/client.pem @@ -1,48 +1,48 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAjkz/rmm1UwgyOR7TZq4Q+3/7zvMXVFnvv2WKxL5zIJ+ayL5s -VY3goKUX6pEPU2Oj3OJO8BLySP8WTasDLlb+Ea7AB5Nqr66q2JoXfgy4zeGuij7y -XB0gRyWhS42eY5xPvH3i+Qe1OvOzpNJEHqrhzNd6ueygEo9a4+tB7hmqwEKBLgPv -+id5XdlYWgKPND5o1Z6dLAHigcVk9udTNK3hFVJOBWvPNTHtmHfZSGKDrCGj8sHV -rJ7C/B7mAcpXvtydvgNUYQZNt/4LTSNdluzezMHXqYF3Qb5JptPm/NCjdfTW9C56 -OwkE+e5hBRz5tILlS2jw/mwNiaIaCjFuIp8/8QIDAQABAoIBABYGlQzKD+bqPdvZ -iZ87EiXbiX5e4h2MTi+x5+jMEcXa7npj/yC+9SXoZ+tGyLh/k718yfse86GY2jrr -XXKuxGS4R8DkcH8A6jDcqQY5seEsLXf4hkr7tyNMD8tCAGIqr6zdT2R8bPDTB9tb -MHAOwySRtc1RcvVsewUMRQg1sNhRN8kqA+vavan/MmcXMYmaaY7eKJIGDNnZs3tb -VI6sdpbOZT3SNZXvCRBmwdNz/p5Y4tzmY+JuBHvrxJLbg6iD2DRtk/g8ocx389nD -RVfjwxCb1dQtyPGnhLSIorSrBaMtIJjiswfBVOrJpvbyduIgnXR2FRpqlxtQK1h5 -I0gEpgECgYEAx2DMd3yoCLhRJVcdc+0+pd2+eCuX1oKZF8zl3YAMPSapLrQbWSN5 -r2b1Ty/CT8Ic0kBUDy5VrTr2wiegE5Y8WORX6pRJrEbc2Po6cdrKPr0Br3+/zxq5 -dqsFaMas1bUFThCOchq7/cxqyeG1XWaA1xPL0Gw8YUFeX/Cj7NJBWmUCgYEAtraP -KmlXoPs2ubeMdbSG8zA19o/K+9kNRvrK828nkHfSaH+PxQFzn+x3lL2gjeYyAzdx -yx27lehRUE2lQaJhQp9g56JS/UZ8cazGN8TJ63WIRaObxgv0G8O/XsjFdi179POx -f2ICAgbJZqs+E044+xx4i4/FcF+AIHF3ABLKkJ0CgYEAnEqHPctcNam3ApxtnCiI -CaHv42fY2PD7barTLnVoIq+hw9iv74pdo2AEQJThr4As86w1uMjLpMYqFTzWwUPt -/ojRWjPwJLpP+U7+ba3jCJdFMPvlskXyyNF7pgzIA6aph+52m3/VijiqJaNndtYZ -fYApLzMJifuiLXcIKWcQj/kCgYAFtEFX8532uqEEv0Q1UIN+CB1HK0oM/sO5WY8I -donnqrX46TKV1evELF+3VwwyIeOh0hNNYgo/LdeMCECGgglDSTJ/SMQKgC7WZaxy -hURAg5TTh74POsROMZhB30a638Sk6w65iVfCtG+JMwNnGuQQgt0Ijl59mZ2oZaJv -cCa+yQKBgDMOg++TbgkTITovE2ppwFBjHeFdtuvB8QEYW9NfAKnOLz99VfjCO3mq -T1B+eSiyeLl/uGVqMjjXoJR53Bjhsm4V7o1yDRVMyn8WKzv0NTSeel2mUbx+pGqT -3XMcdy6q3MymnhSAztMp5Oe3TFOIvSFYit2qmqP/pnebQLij3wVi +MIIEogIBAAKCAQEA3h97gt9AX1KZGDwRZb2YZH7q/FUJ+6E+4iqByKHYgHzwwjLj +wf0H6pH1mAir8ZSsoJ8PL79ae4XJOyxolz/8AO6+/JpBOmcb8Vu7a64xks6QH3Tf +xWmfG65Rlqrks16bYLvKrgXwlrXjWvanJ1pjBBOtSNjACuaThScaR9ZzMXF9zPfA +cnIyp4k48UkBLHg4rc+xoWAsrdSVh3pDm2+XVM2YkSon2cJDIwIWTR1WCoOnPPhD +1n8reOxyFahKh20f2lUY/byqOD6EIuH1xxhi4APU8J9AmtZaSTswub0YXlaUYAkN +vLf7qDsBVOmqZWJmpb8OSnIP84T35SX5ql+HxQIDAQABAoIBAALQXsnyZpgejYJ1 +VloV3A2f3v253RHDQe7vD2xZgorkKk+ngeOl/zjtRvF5YKZDlilFwpU+BRkuAXXe +sueBn8FqROCh2qQxBLVazmXHk+iydbh0TFZtp16cJ3vzZ8jO8MR5tJBeUmUyYjI3 +kDgLKNh3IFmdJ1esAp/r9iUFVjnA2oajbPsF5koUMn2VqVjgZJV9Rqhm5UdTTHG8 +7cBM3liFOvV6za/URrF+dlfObdlBR0SAZDLR8axep0A7p/sP3U1AO8Q6hCT8uL18 +pojbHYykSIAQyXVwj6PnSTRKgTsdEoANrHe4u95nVtHxmKLqNg7OGcezbPnMaWF+ +JE5Ne6ECgYEA741i7nYRCg5uudPfkwcU72WK5rLS0/QTFtHOjgdvUadYV40RvTLW +vigFlrZ2SNW5Z+Cpn8kmNv6CAGffWjfqZK8MayqJokAaV/mirwZAr+wyb7OR/FGF +i+GbVOYIv544uRflULjpjaL0v80x4FWPpXIt5hlyBDzhv/WmSGVkHaUCgYEA7V+9 +o4TvNReueo6aZoC8o+TLfgXkeWsupD0mC/9ESxuW3pcrjzoCj5ypwlaqPcpL0h8h +LQtgW3HCNPiCVv93hMnWWzOLt+BwuaARtl7l6XMPZ8B4fBpxFJAxq7O6C1IFxVnQ +ycQmH/fMKTz4l+A7Smh5xh+D9g95dcmQ3hK156ECgYAlDoARV15Hafgi8u2Q9vV8 +Gv8jtOH8O7OAQjBrtCa6QOLfmEj4NZcWj2Zd7BfcKIOn2A8lUp6Av1oo6eiZMjEm +JhYLtebYnIX2uf06igMTs7wRn3ujxpCcFOhMd9E+oyEvMM0ecZxfdqfZy8o9Y772 +3vTOtXz3vttFMKDqbhTQqQKBgC0x82t03g6fyaqwCBnIHSKfZ1dBS/UKQUEoG1xh +Z+FdCWasJbEJfH9XdsL3uUY2hCUnpCttZRVEHZP0VOy3i0wPGe8Xa1zBMPVG0tiE +TQYb0C0S6l3Gsw0VPz/P4nZRUaP3q9cer5ualJatcy+HlAJgzf649WkeHSQeEqUV +rujBAoGAWj0rov2mieKgYKkL2EX+6VVFmP4d+rjJrhlas8jYgzydUPxHoVb/m64U +BzwbqO6wX+CqoKQciSMq3tiu/WCbg81lY5bttqZkB3Z7iSzE07uZKeXXwhKCNRCB +i7jdG0N9EoBGyvRgkdjlJIenqgfSM4crtigBM/JNMfs1hDgUFNM= -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDgTCCAmmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADB5MRswGQYDVQQDDBJEcml2 ZXJzIFRlc3RpbmcgQ0ExEDAOBgNVBAsMB0RyaXZlcnMxEDAOBgNVBAoMB01vbmdv REIxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxETAPBgNVBAgMCE5ldyBZb3JrMQsw -CQYDVQQGEwJVUzAeFw0yNjA2MDkwMjAyNDRaFw00NjA2MDUwMjAyNDRaMGkxDzAN +CQYDVQQGEwJVUzAeFw0yNjA2MDkxMzA0NTZaFw00NjA2MDUxMzA0NTZaMGkxDzAN BgNVBAMMBmNsaWVudDEQMA4GA1UECwwHRHJpdmVyczEMMAoGA1UECgwDTURCMRYw FAYDVQQHDA1OZXcgWW9yayBDaXR5MREwDwYDVQQIDAhOZXcgWW9yazELMAkGA1UE -BhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCOTP+uabVTCDI5 -HtNmrhD7f/vO8xdUWe+/ZYrEvnMgn5rIvmxVjeCgpRfqkQ9TY6Pc4k7wEvJI/xZN -qwMuVv4RrsAHk2qvrqrYmhd+DLjN4a6KPvJcHSBHJaFLjZ5jnE+8feL5B7U687Ok -0kQequHM13q57KASj1rj60HuGarAQoEuA+/6J3ld2VhaAo80PmjVnp0sAeKBxWT2 -51M0reEVUk4Fa881Me2Yd9lIYoOsIaPywdWsnsL8HuYByle+3J2+A1RhBk23/gtN -I12W7N7MwdepgXdBvkmm0+b80KN19Nb0Lno7CQT57mEFHPm0guVLaPD+bA2JohoK -MW4inz/xAgMBAAGjJDAiMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcD -AjANBgkqhkiG9w0BAQsFAAOCAQEAbq/Qi+EP+gMZ5T5SBQOzHg4Qju5ermGyXSGY -A622mzbWAeC06TyP/iC5YNrdwwiWXccoNQ3YNUBzHrkCij8AGj3C+qHCwpC9z+C8 -X4yeKsV6SL4iPM6hM/g4pRjgN75a3xFmIX31C0p6AJilJX4+6xypLFEUIII5Viw9 -ZsXpUeVyXq6FXmeEN3nFt3c7gbqNzYHc6E4jRpC/atrOdkB5xZ3DtQmTtRSkPGjJ -IF5ymoetcd2xkthL4hAndAaXAWfrfT6mTXV6o4lps+TkK7uW32O5e9c/mBU59W1U -OqGIAmmiUYM/YLUrR/xDk15Ve1B4NJ5D+DYu2SRBA+0Ff3picw== +BhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDeH3uC30BfUpkY +PBFlvZhkfur8VQn7oT7iKoHIodiAfPDCMuPB/QfqkfWYCKvxlKygnw8vv1p7hck7 +LGiXP/wA7r78mkE6ZxvxW7trrjGSzpAfdN/FaZ8brlGWquSzXptgu8quBfCWteNa +9qcnWmMEE61I2MAK5pOFJxpH1nMxcX3M98BycjKniTjxSQEseDitz7GhYCyt1JWH +ekObb5dUzZiRKifZwkMjAhZNHVYKg6c8+EPWfyt47HIVqEqHbR/aVRj9vKo4PoQi +4fXHGGLgA9Twn0Ca1lpJOzC5vRheVpRgCQ28t/uoOwFU6aplYmalvw5Kcg/zhPfl +JfmqX4fFAgMBAAGjJDAiMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcD +AjANBgkqhkiG9w0BAQsFAAOCAQEAkMnK8ZI7rEMCLBWyIL9KR0XqvoD2KcwkFioG +wkVGrEO+1IX9tEshAlZuWbk01zmRars2dlu9lwAtq3LXuiuwx74GTXECvP7meWWL +NwGKX6rC5INxs6U3wyTyNXUDr5alf+S0i2eGvOZSujqnUV29ZU3W4Kni+CYYc64w +yzf1V3jb7TBrWvx0FyV4zDTuK/Tvfr8ZwXeAIlOAzjlzZKsL+Mc3Wwo+mq+D8KKM +Kfs+vycF2zIz11JbRo7LojPuTch4JMBcWZJf6pebZb59lezmGC8zxfDIiAWzx4VS +GQmxRYvNL0mFXALGL+LGe+4/9UcMMzRG7CCLONzl2mb4GETWGQ== -----END CERTIFICATE----- diff --git a/test/certificates/crl.pem b/test/certificates/crl.pem index 0e105e7e7c..c52d890bd9 100644 --- a/test/certificates/crl.pem +++ b/test/certificates/crl.pem @@ -2,11 +2,11 @@ MIIB2DCBwQIBATANBgkqhkiG9w0BAQsFADB5MRswGQYDVQQDDBJEcml2ZXJzIFRl c3RpbmcgQ0ExEDAOBgNVBAsMB0RyaXZlcnMxEDAOBgNVBAoMB01vbmdvREIxFjAU BgNVBAcMDU5ldyBZb3JrIENpdHkxETAPBgNVBAgMCE5ldyBZb3JrMQswCQYDVQQG -EwJVUxcNMjYwNjEwMDIwMjQ0WhcNNDYwNjA1MDIwMjQ0WjAUMBICAQEXDTI2MDYx -MDAyMDI0NFowDQYJKoZIhvcNAQELBQADggEBAEezvNHMKT/uequIYxgF32BZVTy6 -1Ej72pegtIp6eeawBp/RJQZ12am1J9lBy1sG6ABP0CQJ7RcQS47NjVTFlXipz5Yw -kJn0WnvoVKGr+LVHWqO9EuM3Id9fEmLwg9KLC5cnKrJ3JCO4/pXdNe/IZRAYejQq -uL87p/VBzt4+Ld1rDKBA5+0+Vt6Bd6IUadVB6k1M0Pxo9oRx8cj8jmORU1EKQDTJ -oFVDl9V6xVlCJGkZDMMpLk3oWDvxQUqtlP+Ruj7qMziLvy3RvCFkpwLxzfvBg36J -TMQXQw0CaTBmKisnLN4n8y+8YXNfr6Hp9uN9qSJlOLRFrJy7HzeYkKMkkgc= +EwJVUxcNMjYwNjEwMTMwNDU2WhcNNDYwNjA1MTMwNDU2WjAUMBICAQEXDTI2MDYx +MDEzMDQ1NlowDQYJKoZIhvcNAQELBQADggEBAL+bz2hs+aE1kiWfAGKSR9WL1KvH +8nhZ6BfDvQBUbbdrAhr5FOIanZUnENYawlYjrzyOo1GPImNNpatQzGOdYz4b5eWu +t5lYoty3tAJEaauyqxCzoynEc9zzrLLhXh1dXMGQHX+UMNMLx+/+kVckD+eHMmPE +4kjMlS8fVZkBsFTKEbLW2MEZImSdhIh2zKQn6Rf5iU/wum9N9mJQhQM3AhvGBSnv +azhDXs2PjUv8v3cOzC/bhxlZwjIuLYHYu+ZurfE4mZrGZIsBpi0WyYVBj69W0MMZ +BjZCoaSKy4/zDDv7IXns903lo8F9Gk7D5GSPGbPI8ZhMGMtDlUTaokLNfiw= -----END X509 CRL----- diff --git a/test/certificates/expired.pem b/test/certificates/expired.pem index 2afe657751..8b705a279a 100644 --- a/test/certificates/expired.pem +++ b/test/certificates/expired.pem @@ -1,49 +1,50 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAqn5MfJ1M10rG9KikS1tY8bleGMKbocwLMuiixRtzpjOSDqhS -gGMRpp33f1oa0kwjHwzcfZgJCV7gcT0VASpN8lm/yiVKjQE6lWokH6n696raFi/4 -l7udSaAKWohTaK4gN7YWyKPiHg62vgXUYUQriyhdw3TVzrpP0IFgpW0UGvFfWr++ -me0/24bDgZJfRJX60mQ35OiCV3g0iJ9jHq4VX7gTrLSdvkERSV9h1aDfslXgF2QS -qf6LGe9CV2DUYH7TMYZkTbKBSMT85VFbN328YUH8QkuLzTRWmBQbOYMw3L+QMWoo -vflRf7XBO/gX/Xdf0bVQzvajiEfiz1o10O0S5wIDAQABAoIBAEXYjPwmMwMmKsCz -T+9hQlxw7Ngm7bxIi7P08y3d07CcgvMHSRk4vNPt9iVRpBhQQbkoOzImtVkF6dvq -Qq8iBiHJW9V0FokSnk302EyyhdKtxz98spJytXqimmtBWy5Q23kHW2kiHnHi5EGP -wNSCKXaOeG8o76iL0kPgpNfQioKIgbFiM4OFr9XTpTyjrTxPtOIzJMtR77z+Ib8G -FNfUOWaqVtGEb7zm8WBo7+ZBPTPaaIZwRfavkP8U5I5iPPbWnyVmGXIE0ZS+Nce1 -XeOiCVAIZrf8/26AYVHK+UivrS7t2WD4Nwz1FicXTq8KKwVX3zvIGMGVQr3G30AF -mMHmZIUCgYEA0uVy5aujocrtCT2bf7JkrI14V9lUPSwgvhSOqglurzGI65tZijRh -1oik54eiihPoB7/QUb7JBaSdCbW7y+nrcUAedMNmwbX2VhlgCVMjRawk0ZMl1o/T -mvw5IeMHoIPe8aXLFmp91M0Y7w+RG1Biidr/kF+FP2fxjJBckf3+AOsCgYEAzvTL -H/qGGCyqulWTh4762EZSoQTzPiqh7bwKsrlZTbIUT5iwKMi3IKIW69X8IKRA/5qW -D95sIF3yfRl5BppnEGsvOR2kacbv3c88T8U9zow/7ct5Qk9R2bbAMbnngYFFpikq -wQ7LukrAzuPdxyzZ53MMOpdO/F3D6t00ytnGFvUCgYAjmbX+jS3PJwlCcRLpyHx0 -IGF7OuWcefGBBMlcbMExc8QwOYYw7UzCwUhNCTln45pcjIWm9vTKLhKQTAxKjM9A -y9kYTs/uzT+rIxdyG4WtwjRo6FUP1jGbTQ576O4lq30b/6e7vfhFzuVxnYgaO0SX -Ds/rWCSPIoXE+62Uu3KARwKBgHRI57lYMvByaJu6aeLJW/kZymPfPC26FrJV7kzu -CFe3r+HpkVHZNcyIRwjMe5Z7tGnqmlbgSzEEmLPiFDa5mx+GmkoldbRZq32ea+0G -juv3shQTOFch6oPCQ8utAX+q+0+Z4gQIJEDQr/WP45V+hhGee0iQrDjxFpxpHri8 -FKnhAoGAL3VBSGgePKV4pAKX/bRAMcOPjlCH+C+XlBzq/Qh3Od28Piq2GAOV72+0 -Q+/o9OPVES5v2l2IOpi0vSsJGmY6MQZ52T7/BsUKTHzyVefZoHJ1tz7Fo7o5EWsw -51Z2jOJlItXukqWCav9IcsZummRgkw66SrzlO/hmZE+f9WNzQAc= +MIIEowIBAAKCAQEA0xjfduRNQle/zEsTop+FVo79bxoLEBEkYqOiJ6JsJrfk+XQG +Dy1BxEorwCVVtdVr8+DGSks3N3m0xf1qBpLAKgiBXhnRkjF8PZ8ODDRZXfaqM6AG +AhbXItfS/xbZsTavIwzI9OehH5ya6L6Wn1Y0Ipo5OEkEhdtbR1KvHNcl++xvgraH +gsANO2H6bWTrpwIeGIVp8GzdxLPK7/0Hh6Lq5KiqiikTciOUZE9lgP9QHCjo5N/v +ntTFJ7cfhgVxxe9aQ8sW90TiB85keO2QC5NFiNqoPXxie8OneddPMlcDkwUVUSV/ +6f+sbZRi9f+8pU4ZNE3Y0YKz/KEd9sqsQvpIVwIDAQABAoIBADtGcDU/zSv0XOB+ +MmDHP1c7ZpGkc/fKgHeMMDPF6W2D1LFxMWRglmeKVjeppCQfbiU4eCWTcklLDQZN +btCys2/6HG1yfYT6DUN2XqjxqCh443kElbtPc5COnupPHcijrNEAPYt7YSRxwpPZ +NI1AVPpkaO3TnwgBPOPNpWtJRJq02keUom7nGQe43zUm+XQkVLAiiI+bdN3ZS+S7 +T9mqnP1D9lFajVA4JmfWew5TMtaJdHE4KpumYdM/0YBmat/yGJZGkJVP+52XZ32U +/QW4fLxyUG8WweLVOt869vW92KpobVjfA1YiSPN+H6QWs0QVcBH7yldx3UHPjMRp +T8BsAb0CgYEA8JyUuwpg/d51p2oB62OPmodxbkUEcYVfHb/Ss7J8Mwfm3FSviyqp +wkHYvt0ud3d7yHSSo184HXLavQmYUbfBFL/+rQDHfN2mj+h8zy1jg+WA6pBI9986 +qGJdvGdZBaNbjuvBY1RsVd7R1yRlHZ4aN5nAQdbLWrK7Q3m7LNplxhMCgYEA4JkQ +wBpIZlEwwRPzzsXeDKzum6jnVawbVNTAlnCEukVJQBMBNJtW+oaciFD4qifnL2lf +Z9Y8Ln1lJhLluyjiNHRgOM1zdOdzimdwB0+jih6d2Doznla9w/vXuLDlxFco7wZP +bgn7fV90O0Geafzn06w8cQT+Yh6r8LSF8SLKjS0CgYBwmuckTewsg4MOcZcqYXLg +gAi+8X/t3Nwx4Qcr4BkuDMGnVd69w56k8goM8RiBAqMkoiHKYZKyfYEPPUFS5Stw +mZYHwziZIGaGLOjUUMqk/LCDljkAADHEghyaQsev0s7TqVPdN7Jn0ZrlE/xaixZ7 +9PG8HlkXPlRTdNH7YM6GjwKBgACQwhcJuebwC2RhDXsWynFTuiIQMczoawUyp+15 +CQyDAiU0Jwuf3H8y+Y/qTEX5Zb6b0E6tnmcrj6ah44wuFSu2o0thUQoZTxQpIIIU +NEAzxYf21YxvgXjN2IQxhdKRuZuoc2i+g7CUHfHMP37a0SaaR2itb4qFsz8e5Ttv +L/1dAoGBAI2Yo19pZcgowjdqy2qamVN+zAPUEfeeLXzKTGLOG8lIJzUUYBtf5stj +4KGmdiqFs6Ddlh6bQ0nNxo59C5SQ2izSmKpcBFjWQ3voQPR0+3Lgr9nR9+X8iWeR +w9leG4cORGjI83gp4ZTU3wu85FpE7iyYlcB1A+ZwDZtqedvNQ/Mv -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIIDtTCCAp2gAwIBAgIBBDANBgkqhkiG9w0BAQsFADB5MRswGQYDVQQDDBJEcml2 +MIID1DCCArygAwIBAgIBBDANBgkqhkiG9w0BAQsFADB5MRswGQYDVQQDDBJEcml2 ZXJzIFRlc3RpbmcgQ0ExEDAOBgNVBAsMB0RyaXZlcnMxEDAOBgNVBAoMB01vbmdv REIxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxETAPBgNVBAgMCE5ldyBZb3JrMQsw CQYDVQQGEwJVUzAeFw0wMDAxMDEwMDAwMDBaFw0wMTAxMDEwMDAwMDBaMHAxEjAQ BgNVBAMMCWxvY2FsaG9zdDEQMA4GA1UECwwHRHJpdmVyczEQMA4GA1UECgwHTW9u Z29EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UECAwITmV3IFlvcmsx -CzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqn5M -fJ1M10rG9KikS1tY8bleGMKbocwLMuiixRtzpjOSDqhSgGMRpp33f1oa0kwjHwzc -fZgJCV7gcT0VASpN8lm/yiVKjQE6lWokH6n696raFi/4l7udSaAKWohTaK4gN7YW -yKPiHg62vgXUYUQriyhdw3TVzrpP0IFgpW0UGvFfWr++me0/24bDgZJfRJX60mQ3 -5OiCV3g0iJ9jHq4VX7gTrLSdvkERSV9h1aDfslXgF2QSqf6LGe9CV2DUYH7TMYZk -TbKBSMT85VFbN328YUH8QkuLzTRWmBQbOYMw3L+QMWoovflRf7XBO/gX/Xdf0bVQ -zvajiEfiz1o10O0S5wIDAQABo1EwTzAsBgNVHREEJTAjgglsb2NhbGhvc3SHBH8A -AAGHEAAAAAAAAAAAAAAAAAAAAAEwHwYDVR0jBBgwFoAU3TSaGIXoNZb6DBO2WaR6 -YUvjQdswDQYJKoZIhvcNAQELBQADggEBAHsi4XjDa7cDB0JUEj7bJPj9AoPC/Zgo -AiXPGzkZ5or3U1Bt+8ZtHLVV2Ao8KdGznHV47aB/4Dwu5IaP3ehlyEzlzU8lWCA8 -814iA2ysu3ekm+w4MBRJ0mIeFz+vCOfbssp2dd3Lgji/WWS1eNrqELgOZn52u/ju -beucg+A9lUquK1n4WtCnKWV7zvAnG3WJCl7us475fEOXrV0GDgDclmlsKT0WNsz/ -+3Yz/fYNKiXHAPBM4OJtO3XqrWdf0E9QK29du006qY8/Mr7PRWKDCw1bmfy4lmQm -RuFMzWpjoLjXdl8sSxu5YmMOSAo2Qb1c7NJZr2eyjorz/q50bevRE7A= +CzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0xjf +duRNQle/zEsTop+FVo79bxoLEBEkYqOiJ6JsJrfk+XQGDy1BxEorwCVVtdVr8+DG +Sks3N3m0xf1qBpLAKgiBXhnRkjF8PZ8ODDRZXfaqM6AGAhbXItfS/xbZsTavIwzI +9OehH5ya6L6Wn1Y0Ipo5OEkEhdtbR1KvHNcl++xvgraHgsANO2H6bWTrpwIeGIVp +8GzdxLPK7/0Hh6Lq5KiqiikTciOUZE9lgP9QHCjo5N/vntTFJ7cfhgVxxe9aQ8sW +90TiB85keO2QC5NFiNqoPXxie8OneddPMlcDkwUVUSV/6f+sbZRi9f+8pU4ZNE3Y +0YKz/KEd9sqsQvpIVwIDAQABo3AwbjAsBgNVHREEJTAjgglsb2NhbGhvc3SHBH8A +AAGHEAAAAAAAAAAAAAAAAAAAAAEwHwYDVR0jBBgwFoAU7Qw4hf3NPDzKlN3YuMMI +GfY6BUswHQYDVR0OBBYEFHIn2M+lD8gmrNA1L9FxX8Yyas2IMA0GCSqGSIb3DQEB +CwUAA4IBAQBKHR3VWowe4o0AkrIGvInL3Z8cItJKQglM90Ycpjq86mLfzZXEojrX +JC5B8RJVaxzwUrzJ7FojjNct9H+O5pp+3Oe5cGZrcQU0g7dmeQ7+m6Y2Diutrv86 +KIzMNnyt2R9a6YjkT26r/JJhO7dh8p/AyIgP019EMXDuKnHdrKxJ7d/2jYb+qGlQ +yUmrH2toV30osvV0+isHIDMsc0JwtEIN5eQfQ3ZjJLCA4TAczHZCPp1SC4B0rVx0 +L122wKVDFk3oD0lTKEDwP9nXVPgEgskUoVJqan0eZ8hFbAAQtIpKgLBtCVyhqztf +Pa/PfMRcOAp5LtZpRUIEOajuXTlfM9Go -----END CERTIFICATE----- diff --git a/test/certificates/gen-certs.py b/test/certificates/gen-certs.py index 5a3633bba3..a3c15f2f93 100755 --- a/test/certificates/gen-certs.py +++ b/test/certificates/gen-certs.py @@ -141,10 +141,12 @@ def server_san() -> x509.SubjectAlternativeName: # 0. Drivers Testing CA. # Has basicConstraints (critical) and keyUsage (critical, keyCertSign + # crlSign) as required by RFC 5280 and enforced by Python 3.14 / OpenSSL -# 3.x strict mode (ssl.create_default_context). No SAN, no SKI, no AKI — -# adding those to a CA that is NOT in the macOS system keychain causes -# Apple SecTrust to enable OCSP for that CA, which then fails because the -# CA has no OCSP URL. keyUsage alone does not trigger that behaviour. +# 3.x strict mode (ssl.create_default_context). +# No SKI, no AKI, no SAN. Adding SKI to the CA triggers a macOS +# SecTrust OCSP sweep on the server startup path even when +# --tlsAllowInvalidCertificates is set, causing connection timeouts +# on MongoDB 4.2 sharded-cluster tests. Python 3.14 only requires SKI +# on non-root (leaf) certs, so the CA can safely omit it. # --------------------------------------------------------------------------- print("==> Generating Drivers Testing CA...") ca_key = make_key() @@ -216,6 +218,9 @@ def server_san() -> x509.SubjectAlternativeName: .not_valid_after(NOT_AFTER) .add_extension(server_san(), critical=False) .add_extension(aki_from_ca(ca_cert), critical=False) + .add_extension( + x509.SubjectKeyIdentifier.from_public_key(server_kms_key.public_key()), critical=False + ) .sign(ca_key, hashes.SHA256()) ) (SCRIPT_DIR / "server-kms.pem").write_bytes(key_pem(server_kms_key) + cert_pem(server_kms_cert)) @@ -317,6 +322,9 @@ def server_san() -> x509.SubjectAlternativeName: critical=False, ) .add_extension(aki_from_ca(ca_cert), critical=False) + .add_extension( + x509.SubjectKeyIdentifier.from_public_key(wrong_host_key.public_key()), critical=False + ) .sign(ca_key, hashes.SHA256()) ) (SCRIPT_DIR / "wrong-host.pem").write_bytes(key_pem(wrong_host_key) + cert_pem(wrong_host_cert)) @@ -338,6 +346,9 @@ def server_san() -> x509.SubjectAlternativeName: .not_valid_after(datetime.datetime(2001, 1, 1, tzinfo=datetime.timezone.utc)) .add_extension(server_san(), critical=False) .add_extension(aki_from_ca(ca_cert), critical=False) + .add_extension( + x509.SubjectKeyIdentifier.from_public_key(expired_key.public_key()), critical=False + ) .sign(ca_key, hashes.SHA256()) ) (SCRIPT_DIR / "expired.pem").write_bytes(key_pem(expired_key) + cert_pem(expired_cert)) @@ -398,6 +409,9 @@ def cert_text(path: Path) -> str: errors = 0 # CA cert must have critical basicConstraints + keyUsage; must NOT have AKI/SKI/SAN. +# SKI is intentionally omitted from the CA: adding it causes macOS SecTrust to +# attempt OCSP on the MongoDB server startup path, producing 67-second timeouts. +# Python 3.14 only requires SKI on non-root leaf certs, not on the root CA. ca_text = cert_text(SCRIPT_DIR / "ca.pem") ca_errors = 0 if "Basic Constraints: critical" not in ca_text: @@ -433,14 +447,20 @@ def cert_text(path: Path) -> str: else: print(f" {name}: OK (no AKI)") -# KMS certs MUST have AKI. +# KMS certs MUST have AKI and SKI. for name in ("server-kms.pem", "wrong-host.pem", "expired.pem"): text = cert_text(SCRIPT_DIR / name) + cert_errors = 0 if "Authority Key Identifier" not in text: print(f" {name}: ERROR — missing AKI (required for Python 3.13)", file=sys.stderr) - errors += 1 + cert_errors += 1 + if "Subject Key Identifier" not in text: + print(f" {name}: ERROR — missing SKI (required for Python 3.14)", file=sys.stderr) + cert_errors += 1 + if cert_errors: + errors += cert_errors else: - print(f" {name}: OK (has AKI)") + print(f" {name}: OK (has AKI + SKI)") if errors: sys.exit(1) diff --git a/test/certificates/password_protected.pem b/test/certificates/password_protected.pem index ccc9001cac..30918e930d 100644 --- a/test/certificates/password_protected.pem +++ b/test/certificates/password_protected.pem @@ -1,51 +1,51 @@ -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: AES-256-CBC,98AA1AC089EF885796DDBC668ED02D18 +DEK-Info: AES-256-CBC,D05A1E2BD266E41DAE31CCF2E495F10A -pvmdLDMaibCn0WCqDfwCk+HAQ1vbGRtFIzJNh8x7UmsieHk+x1cMK69B0n0sHOlV -aJRmUyz2c8bMOC/0b7sxisG3PQ+ONo8RNUlW41JQ4EUP+KtVebbhwv2zwiFSscZS -mtmkgD3J9/L42BtT2tWwgduwdwFBpN5gWJfpVZvA8bSY/e4p2YqpCrZGSAqbGr8b -TExcm8Sh9ZjPm3b50vDH/AWf7HpZQri/hNt/kmPUfuRXHEWh9cySewOcUbsBH+w7 -sVXtJTXrTa9AJ8zGLxxbFsaf4do4uJQXex9KwnaOjsq22Wq7fH9ehetgqzE6QFHb -7NXTWE37hZi/0IxD2alILAAgH0iNru5QAD+ov7X9Ewl7HFOXhwm0S67Ku8jS5g4z -2cb08h/xBiWILNm1V3icRpxic1agVwRdG2dcCUbinL17Q9TcwFXYbpy5yVOmCm8U -vWvJ0gJJ+251NsWvHm3TZpK6clMOEL1p1rOoA3lsjx/zbuYhM5qw/ysTYvsO/Zb/ -Ad2mTOX1i0bbHzzEFBpEkij2w42XkF4M2FkiQ24P2FTxpwxXNWzD4svdI28yzD0A -iUHrdBG9IsWBX7CkpNvPrSvnbJhJmkI4BJegFJ3QGIIdZvTpa9jXObV3Tt3YLZRa -dfqFziVttHTVSXnEiB6LPU8jVEk8jruMoPE+HXKp/dwSSCEvyhoqa3SqMX4EroNY -ML9aUmrHP0bgH6GgJ/qUwBWT6mHNGAPxr9dsMyujc5WiNzSwxIlh+EX5m6NizJsW -mDKarHdlUn4vLqukXdZiySS/Z0d6kzVlFv9slvk7g7Bocbf7oemh6if3YRcpLKib -sAYqx5vPl/csp8FqbQHfkRtuAPa9RlT5a3dvmn4XLmLP5geBPinxxO16SQiv7SH1 -ir++D1Y1hu0bSx1NYs+JqCPHHGiriEIlH1GemO55PAQ82IyHvRLt58EXhWhCLGvw -dOdcQuhelVXuGOWz9p/OWj+H7niT8UjWXcAelQELIF7VhMic1usRqVm6jpMuACfX -I61epH2YtOnUF/JshKeDgdNn1pFitJ/gLefwBKE5ET0zLit9xI+3DXd2LAwubf1I -xuUzD4pPar/lc3WqImFFiQfSzVu1y/xwzD/pdgIq+M9odXs5/ZRdSfYPVnr1jEIc -MzYwjiGS7Ija0xzBB3wB585cU2Fv8ZAmpLCxltgwKdUEYwe22LZzb0DcDWzdwqXV -H60CZNw423Tm0ramb1uVCjx5oXNhwUPPiaivqRpfkZ0tOMxFcx0RWYsndVgLhzX/ -CSZmL8AO9e/GNpQUSp4EwCGt6E+si5N5Ev4plIAayTG0kesJXzMdTvRvw8I9vclK -3qGL+6gkPpZLjfkgAvMv5Fym7wZQszHN8YlgFSInncp7JAkp0ZzmObXhS/toWOWB -My5CqFjn8Kzpp6zL+qqjTjEMJf9v7VNrfLz4Cwd/fp3SwN6GhKRqBTyLycrplVuS -RFqTsPrH94M64UDD2iASKIcajaMnWSmSMQt1KKKmKnlO6+KG1xa5ZN+001P/QQWm -WQpSscB+OAgYXwvASHBd8isNkGcm3khHrMjC4ceYSh3DYJ0j2jMOVOJ1pF8ZLytf ++N2pLPepvYngv58VxE1SGmekzFfrnbCbZGtZTSzy+b38nle07dhBu1aSEzhJBByM +pNKckRgO0yeMQX5I0Ajh4qH1eH6Pd2fpDbt8H7xDznbsDmBCg/++MvlQ/qikDh4w +oL+ZBNEkvJW5CfOp8t+xwTjBp2Y2+i9+bw5P/YuUki9fGQtOJzvhL7yPAXTWZ+zJ +4MhYSql3bS5SG3VP71mqTlGAeN3COnSX6QXVQYQqELHYm5byHvL1WES/pXESyUa1 +krkMglNteFV52albiI0wRc286bW+YMnHwZxKXEbcBg9Zu4bq6IXt1b8wQe/fy6wg +L6da6y7Z9ie+ApbuhqW7VNkBTQoJTZjBblia85fFAKdd1drDTR9CebfGrxgAh4pe +X8WyQsxhXzSG0bv28nZUaIqqyBzD9u9fKbMM2FQrbChQMdp7MJ9HVg4gsfTX2jr4 +sj0a04zveK3SN2A4YCz3t4lcAoRuxrHl/fKIfBHM8ivKr7SPJc49sSjU0xiTDc7g +bmSXTI2BiMGOP1tbvSmEQOlwM8H9QLp5K/tqej6QU2qYBq1SnjY0FfXmWkoINVq6 +qCH3y21p0+gZEjTJgkoTannduEbu0ylnyQKFJmOktqgGHrop5dMFNEudoeuQnJjM +m5hp5lTo2l0MYYremNSLbuP/g6Lv6G3g6spzqEj9JHFAwJkdqu7gFBGHXXidFwd2 +h3ok8IGc0YcRNZhzYvvy1BlaDqxy0vaB/6Y5WC8QxqLnrrstnatqc+FT/UHGb+pH +t19bkEit+UDHgqiGtoknfkb61pTT625YXLq/eg1wHjcNy3jDDwTIB/O84+AKH6Yy +c/j1DA0zbf0ogk4ZKX9bmYi7DcymEegDSrlW7ogTq2T8KMXZ+HG86UY+uvWTH9sr +g3lofrHIoFwWORIIZSutQOzBgdupJTv7bc+1SHDQyp/vrC2TRhY0obFsyPgKB067 +/unlbg8kcR/5b7Zfi0bJ/zp4LFI0gtZ56FeoT9X7lOrMZ+1jjhQsgOYxAaUnRJee +ajfa2EJ96ud/3UZsTTl+i7U1HworCofraY0efzbtHNDqQ8cp6rIFZHnCBZOgeCdS +0yzoH+R0EyUSCb089yBF+wplY4tJJt80IGmS82BFvHrjiQcgLOhiuGYKWDODV5Yn +0sjNM0w3L+MdGFmi45fplVm9bCUV9pbmD78CKu97/oksF9hUEPuwTXGLGA/3kX8z +y15Zaryknp1FybaBVw1Xs63bQU76SOjHxXEk/1zVdaJBJLE5vJIMjxwNiD+XWH9K +dKhQwTB8qjuao8ZUN0eu6i4u15Mtt5evWSCABZghOp2o0eSedpYHeaf+4cXv8qGS +7yu50dhnPk78C37kqFI4Jhm3dAqFc1AW74EVUc/VRY5Zqf19HCYsUEQESChVIfBB +F14lm8gF3Gr1AfR1/TBuuZJABCeI86YMDiB6LyOkHvUCtp8PRqfPkq+XbTMNL8Eu +11GwQA3AGfC++b50vZ0yXnhAuLLJiStdrqUwUPzxsca6O7IdLVL9lMvxW1k5l96Q +6hMAoLctC97Ej6Cbwo4fuN3SSYc+rcM5rZ3VNojx8L+OnYnsmBDW6Gus9BDcL291 -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDgTCCAmmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADB5MRswGQYDVQQDDBJEcml2 ZXJzIFRlc3RpbmcgQ0ExEDAOBgNVBAsMB0RyaXZlcnMxEDAOBgNVBAoMB01vbmdv REIxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxETAPBgNVBAgMCE5ldyBZb3JrMQsw -CQYDVQQGEwJVUzAeFw0yNjA2MDkwMjAyNDRaFw00NjA2MDUwMjAyNDRaMGkxDzAN +CQYDVQQGEwJVUzAeFw0yNjA2MDkxMzA0NTZaFw00NjA2MDUxMzA0NTZaMGkxDzAN BgNVBAMMBmNsaWVudDEQMA4GA1UECwwHRHJpdmVyczEMMAoGA1UECgwDTURCMRYw FAYDVQQHDA1OZXcgWW9yayBDaXR5MREwDwYDVQQIDAhOZXcgWW9yazELMAkGA1UE -BhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCOTP+uabVTCDI5 -HtNmrhD7f/vO8xdUWe+/ZYrEvnMgn5rIvmxVjeCgpRfqkQ9TY6Pc4k7wEvJI/xZN -qwMuVv4RrsAHk2qvrqrYmhd+DLjN4a6KPvJcHSBHJaFLjZ5jnE+8feL5B7U687Ok -0kQequHM13q57KASj1rj60HuGarAQoEuA+/6J3ld2VhaAo80PmjVnp0sAeKBxWT2 -51M0reEVUk4Fa881Me2Yd9lIYoOsIaPywdWsnsL8HuYByle+3J2+A1RhBk23/gtN -I12W7N7MwdepgXdBvkmm0+b80KN19Nb0Lno7CQT57mEFHPm0guVLaPD+bA2JohoK -MW4inz/xAgMBAAGjJDAiMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcD -AjANBgkqhkiG9w0BAQsFAAOCAQEAbq/Qi+EP+gMZ5T5SBQOzHg4Qju5ermGyXSGY -A622mzbWAeC06TyP/iC5YNrdwwiWXccoNQ3YNUBzHrkCij8AGj3C+qHCwpC9z+C8 -X4yeKsV6SL4iPM6hM/g4pRjgN75a3xFmIX31C0p6AJilJX4+6xypLFEUIII5Viw9 -ZsXpUeVyXq6FXmeEN3nFt3c7gbqNzYHc6E4jRpC/atrOdkB5xZ3DtQmTtRSkPGjJ -IF5ymoetcd2xkthL4hAndAaXAWfrfT6mTXV6o4lps+TkK7uW32O5e9c/mBU59W1U -OqGIAmmiUYM/YLUrR/xDk15Ve1B4NJ5D+DYu2SRBA+0Ff3picw== +BhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDeH3uC30BfUpkY +PBFlvZhkfur8VQn7oT7iKoHIodiAfPDCMuPB/QfqkfWYCKvxlKygnw8vv1p7hck7 +LGiXP/wA7r78mkE6ZxvxW7trrjGSzpAfdN/FaZ8brlGWquSzXptgu8quBfCWteNa +9qcnWmMEE61I2MAK5pOFJxpH1nMxcX3M98BycjKniTjxSQEseDitz7GhYCyt1JWH +ekObb5dUzZiRKifZwkMjAhZNHVYKg6c8+EPWfyt47HIVqEqHbR/aVRj9vKo4PoQi +4fXHGGLgA9Twn0Ca1lpJOzC5vRheVpRgCQ28t/uoOwFU6aplYmalvw5Kcg/zhPfl +JfmqX4fFAgMBAAGjJDAiMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcD +AjANBgkqhkiG9w0BAQsFAAOCAQEAkMnK8ZI7rEMCLBWyIL9KR0XqvoD2KcwkFioG +wkVGrEO+1IX9tEshAlZuWbk01zmRars2dlu9lwAtq3LXuiuwx74GTXECvP7meWWL +NwGKX6rC5INxs6U3wyTyNXUDr5alf+S0i2eGvOZSujqnUV29ZU3W4Kni+CYYc64w +yzf1V3jb7TBrWvx0FyV4zDTuK/Tvfr8ZwXeAIlOAzjlzZKsL+Mc3Wwo+mq+D8KKM +Kfs+vycF2zIz11JbRo7LojPuTch4JMBcWZJf6pebZb59lezmGC8zxfDIiAWzx4VS +GQmxRYvNL0mFXALGL+LGe+4/9UcMMzRG7CCLONzl2mb4GETWGQ== -----END CERTIFICATE----- diff --git a/test/certificates/server-kms.pem b/test/certificates/server-kms.pem index c1cfdc590f..d462a1c5cd 100644 --- a/test/certificates/server-kms.pem +++ b/test/certificates/server-kms.pem @@ -1,49 +1,50 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAvi5DPb2rDUFHR5QVp0YSj084yeLBntKQ87T7SLEAKqf9cwbi -UZJExpOr9V/9MHOhElKQBFXA3tfKCMXIwv7LrAKbO/ggvY0raKPh0s+uukNDU6J5 -CKs6bxfGexpXeNlGN766rjINrZ1HGmjEnEjX89ZOibzGxTSF0PD3NSPSwdg5ELRF -fIsCb7gWGd5peyu4IKp/lM+oScS4DWb0oBmmkrZp9vCra2BZs4Y43Z/s/3gYyBpB -0QFM6WSCelhiqO44kj+5dbpvH5KGLcGafr/iaO12Be4DNhVKXBFwEfZFc9KrZyFK -mQW5hWzCjL6znArfYMiU5s1/K0VJlkGwUlk5fwIDAQABAoIBAESMXEQ2xx7B9rVA -FQXz5eCtx2RNTUi30PNmumQbGFpHrrz1MEICnLOOqp6I+LOsGdSG2c4WMqyfzvyW -faR7PmJDljxpVTO9XHYdC9p2bR5J/Ex69XFAdpFwWmQovHqcpgiVwKfk9rUrSWOl -e6hxQRVsm2ZeGq8eHVWQZSpMPT0M2WradcGytkQ2PMzMvJw51ApJU4rC9nszuUsv -110ltsiZepqM5aeyQEXcLSxUxz05ESZ5r41CVw+u42KZWxNjZQweTjM6Et3ChETB -RtHWzR2f4B2jRlqL4wtinPtgpot9fuW3OhLFEoLrTo5P8HS4w7Sjd78ZwWMgpMdR -NIGdLSECgYEA5KFFdrActJIF2ryV52thzf7srMgb0NbQuUNObQHcVpQge4o1htmA -GC/2uM7pzQ3YRzt0LaRwwXAWCwVrdSRMWz6OsQS/wOa84WgkMN/ZdGusAsc25dFw -/KYGru/H+God+65B3+h7qWY0l/B4ts8Lf03CkAUwcuwIcGodN57WjEcCgYEA1PKn -Ij6WJIW2jk1hB06vGZ6ub64ivNSpFQSP19NUs0LhPOiV8mLt+fFcGSmAfAooIHNH -wAtWpfA8dwzsFgUi9FQ9i/JlXMq71CkmbEvYw6SjgmagAnmezXhASXexCyq81PfF -eXM7Fo8278oWnrQlJlFTWaqm3HdlgtetIegj3QkCgYBaLCExhpRLw6v7cZXOCFQy -4vCF1Qbjf1YjO6Ca7bjxjMqi7wfdf7s9zu0IRtN/xI4gyhowRkMSiBqpjiGruf1D -n5C30J+wfVDRtjlP7XneqPjWv6uvSMO/YdwQ8xFzsKbStQ/WN+NOFLl5k6aIs3Bd -bVXnZ6SMLvvFGpUbctI70QKBgQCyychpiAKnR1yuvWjpqbZ53DC4s4uW3zXW362l -l1lV6KETcnPyvfzwDSU2OxIVErH+DMwBAYQOblVV3xOYqVdfrBrAlRNlhRGOX75S -zpuAJ4rgwSk26sXZ3UycYlHS/l7sr9qszYKevj9xtEqplLZcJYvFjPHryJMB9/L0 -tOLngQKBgCFkEgxYWqVG0e1eq1ZVAA5l0m4/C7/uMuwsLd9JsvAKzcA5UYhD+U0p -PSmFNHVi+Ty1z+lhv4qeZRdRPVlDiGVEfrjSKieAC1FE0aglM8szUHBHQEYr8cEe -d6jKIIFtKbKkoxYhDnQ0en4oUbADQi+OofaoBjmjuvj1KGTXWkK4 +MIIEpAIBAAKCAQEA0cBfhW6MFSKPWS/tq8w86UT4puHw52Rs6ycEt8AxYiCtN4px +w8hfhYJssifFOq/flgYH8VF6BPogtb7BLVNF+EqVe+K8AiVmOOdd7pnsXTfICAfj +mne7CVrY/EmMCbIDLnT3wfoEo51aswRJSkv8ocGpgH1q4tZLH4xjI4Kmupclpwko +jKS/Z4iRiWwqL3A7EjTrK33r5FUbq3N3yrAA2KDd8wGvQcB+8H88db4cTuZ/km7t +tIvkH8FVyqGurCzn+v1Bw/fpgHFE4gTUSL9gV75KH+au0hgB2Pd4jEBOyxmip77W +TAPRSL2WoxPjHS8A+4wiEnSe9sXNdYQpu9JpmwIDAQABAoIBAB7NOTnG+htAb/yQ +5T4NSASZdEpNc6sHPFdr621wc9ANLGKzmfE+Q4i/lmazIGt12EeXqyLs7BY/BP6r +fILDb8r+aOVAbouCInjIwSqAwA0QW/eR8QKGApllFeg2hLIHyh/QXXHG3VeJjAAt +6PVYI0k9vz53LHMTNQT1ALn+Pa24sF7y7NI8nCJ8lUdWYEn/kb+paijHgYt7QbKO +zVz4qg6wRvmRqQfjxyOQ1kuqX/Vp58CguZuVhqxW+hXaawfTYTUXuU1ftXDj6zUa +oRFMiGKyWQwYC/e+YM7nr/FWBZiGVCyk4KeSMe+bidxGUgDR9Kbzr27u4kit7ylN +CJyjssECgYEA71D+Xa6nAYpE17paobfNdR+Rw8uPvPz+C58ARcNSMyl7hxYRuzp8 +KgYHHG6EJ1GCauySG3uasO/KbW0O+zD1EKiekPzTcjaiG37RiwjD+8IvHzxBwpyq +g0deCyr4fLSEdGuyw3ArhSdjPGGzpNJxkLwZhNh/lp17gKPLBrOsJMcCgYEA4F++ +S+Z3FOyRMRYMApr28WE1ublDPe7fixsetyRcIHspBOKqgsbffV2Ya+Dngag4iCGz +Q/TeadPiTs6p33i08Nho8pxXrRxyRXM3zbh9y5m+GNeywM2ErNGjrCERlbD43AOg +d9Ixa8or7D33YMnjz1iMnm79TKts/a1vdOp0mI0CgYEA3VblzDOq1uvRfE0pYgUj +i74lDRgK21qKhKkMkXlzX0pwq6InyCjxidSFYzB8HflvTAF9qNmLWzaM3ORPRNgk +8MFj1ulfj3UkPZXvrE3xJbqV5qfOknZf5odtXZritEQpdZvefJAUUFT7nW8nvbu9 +uYWffJTYfK8u+O2E66/l+SUCgYEAiSWc0RIXOd/8Q6/BOZp1VUfhKhv24RVw6Lt0 +A+gis+v0P7s5FGTxWNTsBQzdFWC45WUMCX7UsIVGMHucVC+ZEhqF074CzZq0soTh +2EpsAhaAnvjBl55H+cbOr7kq4X/iLcG9xV/iu4tBW87ote3R5PywP2uCQuoJ3em0 +Vhe1m0UCgYATaCTSkIyb8tbj1VTqwy3CZ0ZddUFAadfTyx5GBS5V+6h+xbW3Hv4f +FR7wobSASYWxpAYary1j0XB/69xUQjHXIl7MJYE6x9rqY//ONfFHAd3raQ+wYfOu +EKsyPFGMGiqgRwqElBpTfeYVSGDNcpqJZ5PwB5uu3AIRlMd9j9GQsQ== -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIIDtTCCAp2gAwIBAgIBBTANBgkqhkiG9w0BAQsFADB5MRswGQYDVQQDDBJEcml2 +MIID1DCCArygAwIBAgIBBTANBgkqhkiG9w0BAQsFADB5MRswGQYDVQQDDBJEcml2 ZXJzIFRlc3RpbmcgQ0ExEDAOBgNVBAsMB0RyaXZlcnMxEDAOBgNVBAoMB01vbmdv REIxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxETAPBgNVBAgMCE5ldyBZb3JrMQsw -CQYDVQQGEwJVUzAeFw0yNjA2MDkwMjAyNDRaFw00NjA2MDUwMjAyNDRaMHAxEjAQ +CQYDVQQGEwJVUzAeFw0yNjA2MDkxMzA0NTZaFw00NjA2MDUxMzA0NTZaMHAxEjAQ BgNVBAMMCWxvY2FsaG9zdDEQMA4GA1UECwwHRHJpdmVyczEQMA4GA1UECgwHTW9u Z29EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UECAwITmV3IFlvcmsx -CzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvi5D -Pb2rDUFHR5QVp0YSj084yeLBntKQ87T7SLEAKqf9cwbiUZJExpOr9V/9MHOhElKQ -BFXA3tfKCMXIwv7LrAKbO/ggvY0raKPh0s+uukNDU6J5CKs6bxfGexpXeNlGN766 -rjINrZ1HGmjEnEjX89ZOibzGxTSF0PD3NSPSwdg5ELRFfIsCb7gWGd5peyu4IKp/ -lM+oScS4DWb0oBmmkrZp9vCra2BZs4Y43Z/s/3gYyBpB0QFM6WSCelhiqO44kj+5 -dbpvH5KGLcGafr/iaO12Be4DNhVKXBFwEfZFc9KrZyFKmQW5hWzCjL6znArfYMiU -5s1/K0VJlkGwUlk5fwIDAQABo1EwTzAsBgNVHREEJTAjgglsb2NhbGhvc3SHBH8A -AAGHEAAAAAAAAAAAAAAAAAAAAAEwHwYDVR0jBBgwFoAU3TSaGIXoNZb6DBO2WaR6 -YUvjQdswDQYJKoZIhvcNAQELBQADggEBAI9GHeflEo8gzo932pa1WtXnG/tHMrCU -LryT9yhnfH5k3HJ2h+dzYrkLQOba9CemPKdCDliZhIHnAH1T0VS/2WP71pBkHaeY -4VIihu/YHmCruTv5ybRSQdk2PBbsF/wJG8kSoMgd9UXI96w1Bh2I7KhXuRHbgUeU -48qboZ3ytteUrJu5FIujtiroo85xJGCW21kC0GCoAqn3Wa2jH1q9mgl5c066/5xw -y11oH368FtRDxvDWGLNuoiWagiFm6c1uX39ib4tSD5DT+cZh9ki2/aIUW4nxS0nt -7+9pvrgZeRAyLGUockxDeQI29S4w0UGrJ8JZ1Pfqc0Nm27ZmIg7iqDA= +CzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0cBf +hW6MFSKPWS/tq8w86UT4puHw52Rs6ycEt8AxYiCtN4pxw8hfhYJssifFOq/flgYH +8VF6BPogtb7BLVNF+EqVe+K8AiVmOOdd7pnsXTfICAfjmne7CVrY/EmMCbIDLnT3 +wfoEo51aswRJSkv8ocGpgH1q4tZLH4xjI4KmupclpwkojKS/Z4iRiWwqL3A7EjTr +K33r5FUbq3N3yrAA2KDd8wGvQcB+8H88db4cTuZ/km7ttIvkH8FVyqGurCzn+v1B +w/fpgHFE4gTUSL9gV75KH+au0hgB2Pd4jEBOyxmip77WTAPRSL2WoxPjHS8A+4wi +EnSe9sXNdYQpu9JpmwIDAQABo3AwbjAsBgNVHREEJTAjgglsb2NhbGhvc3SHBH8A +AAGHEAAAAAAAAAAAAAAAAAAAAAEwHwYDVR0jBBgwFoAU7Qw4hf3NPDzKlN3YuMMI +GfY6BUswHQYDVR0OBBYEFGVa/2vNKWjJL3ayoya6CVMNvzKVMA0GCSqGSIb3DQEB +CwUAA4IBAQDFxu/xqDcQUEM3vvUPOHdIURcLl9cVli+ZQPWB00+sieGMXcuGE/Ff +ICdDnqLUdcZQy2It1sRC2D50WRJI0w5t+dhNn87F7uVYlsrO88baRK6YFIXiOMCN +Hfn+0KWaTcyiM8Ud5mcaVEm5OrU2+CgfqZzAyFRpVt3XAGqvVdQW7zqhlIfgAutA +ff6MdBx9xXi8p7AXJm2CjnAOPjtpaTmt59GutE06SgAI7DQ+Lainu2QPjedoq0sN +/jcWxklSco5yI4N/vGMNlM18YsxDoQieC8dmb3v4BxKAVL38wode7FN1nD3u0L9H +AJ3sPZEzwDGQoyj19TDmfyvkG+6jQg7v -----END CERTIFICATE----- diff --git a/test/certificates/server.pem b/test/certificates/server.pem index d986732a1d..e357704b2f 100644 --- a/test/certificates/server.pem +++ b/test/certificates/server.pem @@ -1,49 +1,49 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAoVQT1GF4FQdkmUqn6U+iJh3QZFq1O2S0kFtj3KsXP4kHjFDk -Ie3sxh09YtLyhRsh3PRLLeHJjjrP0v480WRsfkHmd5tLszBZTFwQ7PRasdblAEZK -0l2CioVvRUVg7jhH/VbsTi1e1h1seFOUuoPFjh0Fh9ZS9nXrmtxn2k7x6hAeMkSB -+fA92qZH7qZxsn5TZtHar4dXNwSBPUP8aImSIDs7g+SC8nYwIdUad/McZDgTyMrb -u9LC4SeyK0GQQEyBIdr+hqUPTNWnVbZSw9L8C2laR7hGlOz9rrvKUFqzMVnWyBlt -6b0jPEu2ZI7XGFMpAZCKmqO1boODSFT7POGOBQIDAQABAoIBABLkeHUC3A/kX37H -HB5JrdS2YZja+YXEz5NnLGzjWVPerXRcZbbmeLejpXRs/SsiyAaq0iIDorml///2 -t3MTBlSLzZw8orMPiqmTT4UcQYG5h3ROhwUXH8ougZ8UVptXGnEbzI0EKaq749+8 -c/qao1g25FapvenwWcC3Jm9Nlu1guXtGwebv/GnmFSkEqCsXyEHAtapc7Icg4AZ6 -aVmAcoOgDy+ToCiJi7qaUfPZz/yiEoXeXBotWiuNxlOqVSdNmV98yHRFoXUuz6cI -S9phnnlJPoS8MqUPZwPitg1CqX667QWOi0O0LzfyVpcI/ZHhn+QErEEuT/MYVpq/ -PzPp48kCgYEA4SzpjcXH8CeL33X3wOXpFVo9zyZ0hMey4svTx1ol0S2zb5nIwAvl -1C+ysyXscKxD7TpdM+EXlWBnSWMDGV5JXMEGLk3NLeM5+3X7QKy7qxEoqe04G4N8 -zyYgGqL3nXy/kV3u3VIFdbELsTcvt/I8BTePTqyHI8MDiVhGFky1Xf0CgYEAt2mz -AhcO1S3tzPY1Jrz1EBmSVpnbZWZ1KcBnGTLJuQ5lpWq+jFD0b3RHsaP5JniRFgWj -hLqrSeRjYg36X7ZmJ2cFocv7kn+FvsaBwqNnk3WhOD9CFo/qLegsnMYOHB8tmMfW -ITVPbQdf7JTQiZFGGsDOA9acJuIi0HcBYN4XKqkCgYAEFdGC7fSrqbwC6Nv+1uz8 -oy9945+3jPv022fTNRJ8kgywWKTovw6DY/4k++onPSjaU/W+7DWGU0JsdWxn+Gry -UNow2t5/F6FEq6ZMTRX2i5AmTRR4g1EvXOy2LwC5DbtYAtFDmKpasUSaCXtHJhDq -s1BZSA4HmxEkW8KhwvCDbQKBgEIevsPAID7F4faDw8GFWStGrLS/npI9j3tPu1sg -Lgying42Hx9ih9wuJTJrFITD7jnsKnjM+rcWuKU+uMYMcWM/Bo6/hJ/ZjROraFgM -pGhKfaZTV7Xeh+Oo0XxrAectbjinwhASseFySSh2tX8Cei1m2F4V3hE+cKKKZFrR -dbSRAoGBAKlg/tB9JYLYjcDkHwjy+U1B2k62V2DiMIsnvb4LtkWaYgbJUxzjTib3 -iVYjNaNcD+Jq5oySWI0CKoE9mrJmbTLXeLZF9NwPtgq4YpEtszBmgngt8PDld2N/ -IFEWruXaT9ZXOA5WvifMmfO3/0soEND2S7LedrVtwR8vt+ZrwXF1 +MIIEogIBAAKCAQEAkrQf8DLdScaAN3uOLMfnYoPpeIFWmiU66VfGjQNaeLNQ4W39 +Kj5ISidV/0b7/iUwxu9VhXjJalmD9vF570dUdBa5rM4kuRDmj5Low55uGW3Mg7Zw +o6FkFJqy8B+WZa+sEiOTMDXmltPlsACqRuAUAsVFHIOlyEpCKCKV48nnBdAOFqIH +mDceBBHxrqz9xd3xl31ltmagDqlXcbmIgtj3f6Y/tSkc4khFQ0lOKLXM5QdfbsNP +KBtMB/XSm8ajBcpUOClVya263B4nBxokdHPzldJrE7tYRc0jFHIxHOU3MS095LFz +9dAhyEMqH7V/4sUTxX/GYc/2VhepXUWY74UOZQIDAQABAoIBAADpfKjmorhzegjQ +DGQfjEMNiHN/rQUoiW4A189HEYEJC3iu35hkaoNOLNtAcA8SxFcy8mMOYKFNaWQQ +o5jfyhj1VW7ZfT6Dhn78dSo6LZfxUrMtmRQe6GmZttZpyE4kbOX+o0rYqSnI5CIe +i2I+Fixtyqc0ZW8gV/NlCd+F5Jk+FnvZwEdXQxfYuBXBISEp1ttQgbRE8nSc2K/d +glHf2yAawk99y7YuirGTN0/woqdPBOpiaD/U/A2IonuyVZn+Pv38j3B2MWG2B1j7 +Gm0xZl23oxAZsTTPlJQnOoZu6rJZ/M4srT8DXnchE0t5F9lM69yx2xFdli4uGfUv +HURN0qECgYEAxFCXMyYoqOWi94E7qQRUk0Z2AxR+ceBsg/vV559OVa1e28T/JVNq +UfkJ9AoFb6qOIevwwFVEacH77ayJqTk/B0msKHwVU190kgSih6WgMFOteX3J9fyb +o+h95doLtrwoy4KnCzjrskPsR583Abue/0gOIrIOlX0K9E+bTCEASokCgYEAv048 +u+JA3kHOc/sdAGEBpD297nd4laOca2meZgGFHfi/fDcGp399ITj9qPqhDTB8lwkT +yGhedgTCPl1gUppx99MODFaNis1i5UmIHIRgki1Exr8laRcz1cQgIONrHhAytAs9 +qnxrJqtfn8QtYO8GWmdICoUbpqqoOzEnd/eC/f0CgYEAsyXQNQ8Xf7m/VBoM9ZpM +C/H686iaExV4MaF5fFt2Qt1peSh2pftPROr82ETk3RhJiE8lbn7hZZlua2BOZ60k +BWSHxJIna+PqHu43242bdz6FSh8uVFpnNdaOPVkT43glykG6apVREWbGkj2LFvu+ +hrucmrDeejCX9IdI8toSx/ECgYEAhawEUgAg9Wwj9vSS6i3eOMYPja4bKuwcow00 +6e/L9QpXulK0qpsxcuJglA80M4QaumpUUWdkAbEHjQ4v/OgAFHt7yHE+C6vBm5cK +rWpuFBXfhcQQPuNAi/CzxmdB9Mq6swVbvGGdeXKrqXYpgx7hYI/kTb1+ebGrRVju +TCw9cn0Cf2wSpeQmRQqqWcPYL6ZzBze3q3rbBpDi/DDPgsePddlu0tUQd21oEGGp +HEjlfmeWIhFCwlsKDf7opZaFZihoNUrKZIcYzLk4W92RodjKLpSIO4Ax5KoQIpQ0 +okNoeOfgTYEoSZ1/V1A42n55yoGnzwSaMgRf5DsxUQkJE6oySLQ= -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDlDCCAnygAwIBAgIBATANBgkqhkiG9w0BAQsFADB5MRswGQYDVQQDDBJEcml2 ZXJzIFRlc3RpbmcgQ0ExEDAOBgNVBAsMB0RyaXZlcnMxEDAOBgNVBAoMB01vbmdv REIxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxETAPBgNVBAgMCE5ldyBZb3JrMQsw -CQYDVQQGEwJVUzAeFw0yNjA2MDkwMjAyNDRaFw00NjA2MDUwMjAyNDRaMHAxEjAQ +CQYDVQQGEwJVUzAeFw0yNjA2MDkxMzA0NTZaFw00NjA2MDUxMzA0NTZaMHAxEjAQ BgNVBAMMCWxvY2FsaG9zdDEQMA4GA1UECwwHRHJpdmVyczEQMA4GA1UECgwHTW9u Z29EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UECAwITmV3IFlvcmsx -CzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoVQT -1GF4FQdkmUqn6U+iJh3QZFq1O2S0kFtj3KsXP4kHjFDkIe3sxh09YtLyhRsh3PRL -LeHJjjrP0v480WRsfkHmd5tLszBZTFwQ7PRasdblAEZK0l2CioVvRUVg7jhH/Vbs -Ti1e1h1seFOUuoPFjh0Fh9ZS9nXrmtxn2k7x6hAeMkSB+fA92qZH7qZxsn5TZtHa -r4dXNwSBPUP8aImSIDs7g+SC8nYwIdUad/McZDgTyMrbu9LC4SeyK0GQQEyBIdr+ -hqUPTNWnVbZSw9L8C2laR7hGlOz9rrvKUFqzMVnWyBlt6b0jPEu2ZI7XGFMpAZCK -mqO1boODSFT7POGOBQIDAQABozAwLjAsBgNVHREEJTAjgglsb2NhbGhvc3SHBH8A -AAGHEAAAAAAAAAAAAAAAAAAAAAEwDQYJKoZIhvcNAQELBQADggEBAGGXzO8c7OtQ -nHS+SHKt+gZGENYu8Log3T3/lMkzz1to9ib36RhkATFH3fHOd3xdEkECoifeIqvW -R43RjZ59/yQJQCIA0LN3F+yJcG5VKUsjGQGNmKeR4Lr2vdIO+IliFX53zQDEwpPZ -j2XM1dSFYW2DXz3fWMi9KpOPiwgZn74OlLEFLZdfNNsd5WDIal62jsXSAxOi/tIY -0z6NLxl9Wf5j9M/ApLjyniM1vFFRqkvVVu+ajorGxFECOCdq93F+ou6kKK2Ax0WQ -9/MEqEUTdOVJ8+SeTxEjrSySu2XHslix0Lm6SNb1GngsUuzhy1xbZMk0wK5Pp11R -q5gT8viro+E= +CzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkrQf +8DLdScaAN3uOLMfnYoPpeIFWmiU66VfGjQNaeLNQ4W39Kj5ISidV/0b7/iUwxu9V +hXjJalmD9vF570dUdBa5rM4kuRDmj5Low55uGW3Mg7Zwo6FkFJqy8B+WZa+sEiOT +MDXmltPlsACqRuAUAsVFHIOlyEpCKCKV48nnBdAOFqIHmDceBBHxrqz9xd3xl31l +tmagDqlXcbmIgtj3f6Y/tSkc4khFQ0lOKLXM5QdfbsNPKBtMB/XSm8ajBcpUOClV +ya263B4nBxokdHPzldJrE7tYRc0jFHIxHOU3MS095LFz9dAhyEMqH7V/4sUTxX/G +Yc/2VhepXUWY74UOZQIDAQABozAwLjAsBgNVHREEJTAjgglsb2NhbGhvc3SHBH8A +AAGHEAAAAAAAAAAAAAAAAAAAAAEwDQYJKoZIhvcNAQELBQADggEBAL60C/EIi0wQ +udeN97ul0zkXF0Ak6KC14Wna5Sq82/wQQFQujnmfs2xpxbc8CHv1rSLWSjn7jsQt +Z/IAbIDmku/RjXMUQsHNqGbai/9Gvh3M7enpdt14Pb15xgXFeRQlvtBfueGPPOPo +G/5jFybxyy2I44BSEWj19rh37TDzPFS34EIUB66zAkw7TBgbVdeTxnbXIxB0tyIX +s08FeBRt9qjJYydKBLgRYxmZLKDdQrwPTLruzwr0qGQna4jjp+gda8HK1AeNR8hr +z81f2sGXYCYeP2av66Hgt+9i9ZRdvkTGFD07zNwsqqpilP1y//5oGfFh0Xn86kyB +kcCQOGTokTc= -----END CERTIFICATE----- diff --git a/test/certificates/trusted-ca.pem b/test/certificates/trusted-ca.pem index be62f78076..1a8336de90 100644 --- a/test/certificates/trusted-ca.pem +++ b/test/certificates/trusted-ca.pem @@ -2,21 +2,21 @@ MIIDlzCCAn+gAwIBAgICAMgwDQYJKoZIhvcNAQELBQAwfDEfMB0GA1UEAwwWVHJ1 c3RlZCBLZXJuZWwgVGVzdCBDQTEPMA0GA1UECwwGS2VybmVsMRAwDgYDVQQKDAdN b25nb0RCMRYwFAYDVQQHDA1OZXcgWW9yayBDaXR5MREwDwYDVQQIDAhOZXcgWW9y -azELMAkGA1UEBhMCVVMwHhcNMjYwNjA5MDIwMjQ0WhcNNDYwNjA1MDIwMjQ0WjB8 +azELMAkGA1UEBhMCVVMwHhcNMjYwNjA5MTMwNDU2WhcNNDYwNjA1MTMwNDU2WjB8 MR8wHQYDVQQDDBZUcnVzdGVkIEtlcm5lbCBUZXN0IENBMQ8wDQYDVQQLDAZLZXJu ZWwxEDAOBgNVBAoMB01vbmdvREIxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxETAP BgNVBAgMCE5ldyBZb3JrMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQAD -ggEPADCCAQoCggEBANZZGuJckntGsfFnlQx/TSmFOhMKIaI0Ua+5j3cyLgcgDyQz -qbpl6OgjL0uOjykswWG+8ioAcXBkPG8NZt+owIrd96FOgyF0GfmnlcZjYOmY1kUu -LmimFKAY2v9oz9Poqz8JlhHdctgEJGW005H/PhyyRHgGObg3MNPudxzlB5kt4yRK -zUPVVCaBCnHN883o8ffb8A/F50vKZpPWLa00wfXeDdMeIahiCx5KuhCH4iyd8y2i -Si2nskfvEcB/7gF3AoYIobH+W44mbRupc0oOPqsoNbn9qhRPD6BPJf07zWnUqLr1 -tokQPldV2K7ZlyEPB7R3QgH8HkIr8+9qGDcUjzMCAwEAAaMjMCEwDwYDVR0TAQH/ -BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAJxP4hAz -l7W1OpPpeNPHfMuHCggNuG8FnxoP3RLyNU5j0y0iH7aJrwX7O+4UdIlFUqFb3px6 -BKCWKamn8Qfb+rZUFZhdkvL/0eqZd0ZxUHRadkAfLR9z6KQKfvbQWHbTM6q2kKbT -TEbPd77qh1wPOPTez514XloL38iRmpVbe1ofAGPbGm+PJy5vc+lNqCfMRygoXb1O -14b/lr6l++OhypyTZrljNdTndsLKgpsgS7t8TIigxHUQ1kc2lLxI5YRONMVRXxZP -JzVC8Q3Y3OmC/EDRYBpsFU2NOHjImsnNUgZLYXMVCs36M8tlrcEOWb7VhnNb2N88 -GdveWKDjucOFHJc= +ggEPADCCAQoCggEBALeFpjfUC3HcR9jGmX3c4POybMAWd+sAPt6RNDHaKdWHNI9S +BJk0mkdt1G5NAALOq3Z/hdkpX2TJo3Op24x9l13nj38emdBnv1bgWczHGmsSLiKQ +Pw1XFNw/6Tqox1oqvKcehhQz+MIa9ZhKBVOYvSK4+nZuWbQl/FiHioJqBY8Z5jYS +VsuU43mmMljJcSW1cW9Z13q3zfJWt6DA1x4DsrtAiDe0LIuhZcZb3x5dKJLn2xrO +Zy2heRIADP6MCwWVMsoaywvqOSEy/ZAyMAPxPgLWY8mf7GrwYVYTDjUHMg7Ty+tc +cCgmMeP45hvrM1wf1nN7M7CRf1nCfA8S3XbtPI8CAwEAAaMjMCEwDwYDVR0TAQH/ +BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAH8M9GVc +0YgtFcZBffada8tmC1qYigD2bVfWlAKrRwMPCrL3bGjXjrwZVuqaek1l90ti2G9/ +CFs/oP3R95MYUDLbAQoepAh9n3FAdLyt8b3WMe+DIWj/yviB20W5UyNgiqVWn/TK +d+E9pSW+xwFx8HI8WUIkPaqr+0TB45hLETjJ3ssG4rhgE1aQ29B2gHTyzlILKfY6 +++rDCcuXP8Z2VnhhtvnoxbX9Nnr7ZUXsijb0XBymDVc4Jxle8KGk1lrr5mdkN09y +zkaph8PTKF56IPagHnU78emhT9cF9QTsHN5JYVVgcCEOnS1bNs1Wt4H8VaaccBWf +/VyGcJ5dM/CkIbw= -----END CERTIFICATE----- diff --git a/test/certificates/wrong-host.pem b/test/certificates/wrong-host.pem index f9bd075cd3..db64af5432 100644 --- a/test/certificates/wrong-host.pem +++ b/test/certificates/wrong-host.pem @@ -1,49 +1,50 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAufLZxaqlYDhuIMNq1UfcgebO50PxJ5wCRTW4aOZiYeyDVl3p -UEJ1FO9x6LquL7+0oEo/1a9NIfO4sCxY9XhzRhJB/U9Oyvk1EGWWwTmtq+nvCeQZ -349dCCy6NOTuIqPkOQWAQUs1PxX+ZMnRM1QpbNiGegtX6T94vkM78zS+CFVjOj14 -i7O6PZ9qAdgn5xnEbmyGAPt00/SG7VA8GkaGNCwIdGz2k8ulqZBxyvj2qOZ+0o7F -ACHKY4s37FAtY4bbdlHwMRQG0PrXzHOI9tXAttTiVqvQ0YycnDQIuP2zhumgIVui -Tc1SehbNKkniowqefmu8tbDLge6d/KNR6AiHRQIDAQABAoIBAFu1eQ9ixtaKblJN -Xwrautf8gE4SNcVtzbbZtF5URfB66Bm4DoKNjFYrdBguvgsBtzGY/RvELjwRCqUk -8ij644uLJK2sqDU2LKQuHmilLFEN+t17eQFIIT+PY7UDtakzALPY0TUixRucms+V -s85nc1jh/40AvDZnHgNkgJRGDnVn4+UOyE7q1Q4Imj+pjohgE0upEbmFioK69Eat -Mz03OHL/N1mab6M0U6V4aaVyLA4ty6Cls07ztxSWrXkE0r60TjotIhYPtEhfnQcM -BctZuF3KUaM1s4yp2/hJ1VUhHPHTkVpC3CYCsFaWwSo3Q8cSVmih3mUgsdZ+pfN7 -s5UW608CgYEA6aLUe7qBC0VsyL7Sd4+lGG4ZnfApDPljv+KWMX/6nsHSFtxztgz5 -iOAEykm5peh0/Abcc9MC1PDUPRf2z4OTLIUBo9MgXVr7yOK+VyoTAzRnrmxQRA7b -vw6vDHIjlY+hGJJr8EF4YOTt8q67It2V2P1gFo0mnOypyGCxUAWIPUcCgYEAy791 -A/KdtonPHFLOAihZgRqMc5Q2LAXIQyRkasIhoPqoBKKbsWpybhDWq1vx2SBjv0dR -7cnmlCd6m5V04Rqi1KysrmCvmOAdnHL/7z9hpSOVvSTrsvLfv3V7uMsNWBzIA+kV -BSLGYbPVbZ21wYv2b9b0GB8xeOaMwguXR/vlrRMCgYBjohjTGtnlIJofkaDXc96H -6IvsGnqnGcM8FTjPqzAJe8ZIEYMW47mWcVIZog8VfWhGAfcJPbc7b+hSlWGfZRDi -L2Zfoq1uolo1dNyO91ZcS4DblT01iNCVTYHA4Pvjz/h3LhnxvznCuF3w3CrZ130L -qCHN/Cu3SAWveeyjn3hWCQKBgQCD2ft0uY38ccQY1TFBzjDVzoNzzEceSAOoB6YA -PG8cyPjwPva4YmV4+uag8BhbZY2HXDUVx+GyoLXEd3yyq9USAkihdCpOqUIgW39q -qT6caqHdTEZHgMrxEKsnFCgnjECX3z9eGnn9Ai6tCDF19ghdqeI+tfkC/1e5v1yA -FfA1BwKBgQC4qxS7zLbYT0atNeC1Y2LnUdy0D3KIJ0329VtOQOkG7QDRHhZ7oDeK -tFXaaf3CLxJWE9srfCJgKod4B2uCJURCUj3+59/L8AleiY7TGoT1xVORRPcL70Qh -9DWMWyUGaGg7UlW2AsB2DUMiu6Cwf3m/HUkZppFdK61MrTEmrdn5oA== +MIIEpAIBAAKCAQEA8AnJHu3V7er++/WK3A78gb4bx1LKaPxn0EmS2PRl/+bJaCzV +CRxWzjOBiAZLhtri0cWGa7AAxlydiPIs7lv/Px1+GnfqD6pg6b870j5Z8FlzYZM7 +gvo0EVCjZLD7piYDSI0gPpAugLxQVSO1yZykbT/KUea8z8JZEbI+Va8krcZMJHig +8Q5rJeBhur8Zn7UsCwKH4Ja7mdkhhJrCNA/sawlL9O5MsT30ye5gO39qeKknCx7D +KD7BQsfDR5YsjoLXcLkLbESro4frAMiQlu73HqWdGlOjaLZyixIHmrcwCjzPgI60 +GSw1enlvFcgMXoY5NMKOm0VzyER6BIZBCSECIwIDAQABAoIBAAiFm9h3Zyg6gAPW +1IsVgkQHNxodNVkDaZpoLbZV2BQPT+04dtF4/IWt3rr5/Rgq/qfvCyzP2mcwc/7E +ht77gydaoER+S/JOuBL0Y4t0BBkgzQICiknqjq+HQcyjNsUZKmPRuR8xyKlwhhfi +AIik3JtIVFjuCAm9XxBwfJEzDMXijFsnTMVWyMgrXJkemwyjn9ET0g9LfpdEIWZ6 +OdQDasXPetoMsA6QEwpx9OIaIckM4P9ydE0s9rOHFNs9UIRVl8wbmXoUnArotCns +jEyR7UO+tyVdRpiNDiyBi3uXnNGOODUL3+1KsZIHovnG/S2ajMMReHhiJ9ETXOd/ +fXUCMBECgYEA+Mgbg9c7K0ttZH3Az5tETjXIxtqiRV4rN2M6rVipCowro7U3FZNH +lux6ZUGLrk5l8TXYVZrJzuQP4LWnwGLhET/ZxbI44Ub9T7XiiEXtatmLAgu6cxV+ +vaQm+1lC+UGrurYG13rOsqauqkYhFMqQnlRXHLaqrLhcSTANmGqxdKkCgYEA9wC7 +3tWQPupTB07Hik8HDLCYZJ6saDkl4Ur1kt+yhoIF3qdZLZyKiYkYMqy6RDdcdsKN +ZCWQDug2W4A6zsLj8szclUeT4SyZCyLVYNPZiEAzvDKX74ngUCZ/ST4MYek5grWt +9x3dYHt7H/IwTPjKCpx17rXea/tkESRWqlsbc+sCgYB3Jn/nGQJBrhJqesAJrnd8 +bc4HT1dAmeVg1amYtEnhv1h3Q6dqMeuroP7N2CKqDOpOKFfASC43ZIsmOFprje/1 +bvtB8CXF31YbAyXH1pXrAt3M0QkvbTASa7gv0YR+FLHG7r9AHJU6gxJMguH9Lzcs +XYCLRAFiT7oDY3xfb1omYQKBgQDLm5BCPNt98Vzl7juwODrAbCYC84V9GHawQ0Ex +hDK+jBnYkyyA28SbYSZQR2/34YbX4sH4procf7CnNonDfIW41MSUTX+KI2A4/MrV +2Ww802eSIEZ8T7RXfZR5RKuiXkVpCOhRhw3AhalWCSdlm8O4gYb5cnPZoU24j7Ld +FOMJZwKBgQChCaiWhFdp4qNzCNgehds4a4TgYjujw4XMuRwbkYF/YY0ESkXxcQy9 +OqsIyI6crq4TXQP7mtbaFB3Hib+3sIBmxXxtod50zKkTw9jd5/jYR6ii/mEsxvOs +wvsNBWwQF7KJ0h42hN51neOLVBVDxlNT5QFWVchZqzflQELPb7Q6Ag== -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIIDtTCCAp2gAwIBAgIBAzANBgkqhkiG9w0BAQsFADB5MRswGQYDVQQDDBJEcml2 +MIID1DCCArygAwIBAgIBAzANBgkqhkiG9w0BAQsFADB5MRswGQYDVQQDDBJEcml2 ZXJzIFRlc3RpbmcgQ0ExEDAOBgNVBAsMB0RyaXZlcnMxEDAOBgNVBAoMB01vbmdv REIxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxETAPBgNVBAgMCE5ldyBZb3JrMQsw -CQYDVQQGEwJVUzAeFw0yNjA2MDkwMjAyNDRaFw00NjA2MDUwMjAyNDRaMHwxHjAc +CQYDVQQGEwJVUzAeFw0yNjA2MDkxMzA0NTZaFw00NjA2MDUxMzA0NTZaMHwxHjAc BgNVBAMMFXdyb25naG9zdC5leGFtcGxlLmNvbTEQMA4GA1UECwwHRHJpdmVyczEQ MA4GA1UECgwHTW9uZ29EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UE CAwITmV3IFlvcmsxCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEAufLZxaqlYDhuIMNq1UfcgebO50PxJ5wCRTW4aOZiYeyDVl3pUEJ1 -FO9x6LquL7+0oEo/1a9NIfO4sCxY9XhzRhJB/U9Oyvk1EGWWwTmtq+nvCeQZ349d -CCy6NOTuIqPkOQWAQUs1PxX+ZMnRM1QpbNiGegtX6T94vkM78zS+CFVjOj14i7O6 -PZ9qAdgn5xnEbmyGAPt00/SG7VA8GkaGNCwIdGz2k8ulqZBxyvj2qOZ+0o7FACHK -Y4s37FAtY4bbdlHwMRQG0PrXzHOI9tXAttTiVqvQ0YycnDQIuP2zhumgIVuiTc1S -ehbNKkniowqefmu8tbDLge6d/KNR6AiHRQIDAQABo0UwQzAgBgNVHREEGTAXghV3 -cm9uZ2hvc3QuZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAU3TSaGIXoNZb6DBO2WaR6 -YUvjQdswDQYJKoZIhvcNAQELBQADggEBAASYdV+WD7ElYB9MHnzeJPob8gR2W5f6 -ejvG2HV/t52/fb3JkOREzBCSoixzAphhJgUEqtZ7ZnFZRQGjEHhcOcxpgWq05loC -OTT+rsgVmJxmrF1LslbX87OJ7tD2DU6Pg9ztJMjWbuiHUOVjMluxppZ3ceWqH6fw -4lWC4R6P+3pAo3B6XuHKPEBlO0mlbQba84dJ9Dy0kDLiqZWjix31dVoIW9TCBS6w -1+gvZhHZvT4a20O34pIwYyYIWCKEbHN0gbzy4KMnpSNdaD5ELqIOQ+nJF4p27o1q -/MNJDEHeRAOEj5N2Qm3t/l6+MannhV+GBI3G1P3lXQYMBbWIhNyLQdI= +MIIBCgKCAQEA8AnJHu3V7er++/WK3A78gb4bx1LKaPxn0EmS2PRl/+bJaCzVCRxW +zjOBiAZLhtri0cWGa7AAxlydiPIs7lv/Px1+GnfqD6pg6b870j5Z8FlzYZM7gvo0 +EVCjZLD7piYDSI0gPpAugLxQVSO1yZykbT/KUea8z8JZEbI+Va8krcZMJHig8Q5r +JeBhur8Zn7UsCwKH4Ja7mdkhhJrCNA/sawlL9O5MsT30ye5gO39qeKknCx7DKD7B +QsfDR5YsjoLXcLkLbESro4frAMiQlu73HqWdGlOjaLZyixIHmrcwCjzPgI60GSw1 +enlvFcgMXoY5NMKOm0VzyER6BIZBCSECIwIDAQABo2QwYjAgBgNVHREEGTAXghV3 +cm9uZ2hvc3QuZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAU7Qw4hf3NPDzKlN3YuMMI +GfY6BUswHQYDVR0OBBYEFO0PTJ1J98R+I8mqX7u5KpnSVL2pMA0GCSqGSIb3DQEB +CwUAA4IBAQCYL0zfRVglUlX4H9tUZ9J9mf0p3rtxvTN3UfxwfzhlXAWvtFR42U/u +tNT0r0Vw2ormHLx2QUTGPZkTREhAWVOpk+71vLcb5tBtjKVgihmA+cpwAz8hbo/j +YKntYI8ilmuAg77Vyijm8iqcrswT5Q8KK6wtloo16yY37YrxJUpnPHbWqftrGHiy +bKWOE4HRC2DNLtuLQW/8G3/VRwaBIJvSnV10yvPGcNzXS6JDrQ0shm+MEBvutUYS +z92gL38esOqXUMnhrx3J9bnWT8/CYxqncBZFXfa6XXoDmCvTeY1jajMEemqEkGHL +RO60b2+cVAXNA6548VstWx/S/XiuIhVB -----END CERTIFICATE----- From b317e1d11e0402c714797381f4635775a3cd01de Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Wed, 10 Jun 2026 13:20:19 -0500 Subject: [PATCH 21/28] PYTHON-5040 Use PROTOCOL_TLS_CLIENT in http_post for Python 3.14 Python 3.14 sets X509_V_FLAG_X509_STRICT in ssl.create_default_context(), which requires Subject Key Identifier on all certs including the root CA. We intentionally omit SKI from the CA cert because adding it causes macOS SecTrust to trigger OCSP revocation checks during MongoDB 4.2 server startup, resulting in ~67-second connection timeouts. Using ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) instead gives the same security guarantees (certificate verification, hostname checking) without enabling strict mode, matching pre-Python-3.14 behavior. --- test/asynchronous/test_encryption.py | 8 +++++++- test/test_encryption.py | 8 +++++++- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/test/asynchronous/test_encryption.py b/test/asynchronous/test_encryption.py index 16d0feed4e..1689da5a6d 100644 --- a/test/asynchronous/test_encryption.py +++ b/test/asynchronous/test_encryption.py @@ -3045,7 +3045,13 @@ async def asyncSetUp(self): async def http_post(self, path, data=None): # Note, the connection to the mock server needs to be closed after # each request because the server is single threaded. - ctx = ssl.create_default_context(cafile=CA_PEM) + # Use PROTOCOL_TLS_CLIENT instead of create_default_context so that + # X509_V_FLAG_X509_STRICT is not set. Python 3.14 enables strict mode + # in create_default_context, which requires SKI on the root CA cert. + # We intentionally omit SKI from the CA cert to prevent macOS SecTrust + # from triggering OCSP revocation checks during MongoDB 4.2 server startup. + ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) + ctx.load_verify_locations(cafile=CA_PEM) ctx.load_cert_chain(CLIENT_PEM) conn = http.client.HTTPSConnection("127.0.0.1:9003", context=ctx) try: diff --git a/test/test_encryption.py b/test/test_encryption.py index fd0e05e48d..1790405e24 100644 --- a/test/test_encryption.py +++ b/test/test_encryption.py @@ -3027,7 +3027,13 @@ def setUp(self): def http_post(self, path, data=None): # Note, the connection to the mock server needs to be closed after # each request because the server is single threaded. - ctx = ssl.create_default_context(cafile=CA_PEM) + # Use PROTOCOL_TLS_CLIENT instead of create_default_context so that + # X509_V_FLAG_X509_STRICT is not set. Python 3.14 enables strict mode + # in create_default_context, which requires SKI on the root CA cert. + # We intentionally omit SKI from the CA cert to prevent macOS SecTrust + # from triggering OCSP revocation checks during MongoDB 4.2 server startup. + ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) + ctx.load_verify_locations(cafile=CA_PEM) ctx.load_cert_chain(CLIENT_PEM) conn = http.client.HTTPSConnection("127.0.0.1:9003", context=ctx) try: From 54163017c49de885aadf0b2c48f1fb6dc74973ec Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Wed, 10 Jun 2026 14:41:28 -0500 Subject: [PATCH 22/28] PYTHON-5040 Update README and add run_server.py comment --- .evergreen/scripts/run_server.py | 2 ++ test/certificates/README.md | 46 +++++++++++++++++++++++++------- 2 files changed, 38 insertions(+), 10 deletions(-) diff --git a/.evergreen/scripts/run_server.py b/.evergreen/scripts/run_server.py index e515db1c68..b02836ed18 100644 --- a/.evergreen/scripts/run_server.py +++ b/.evergreen/scripts/run_server.py @@ -44,6 +44,8 @@ def start_server(): set_env("TLS_PEM_KEY_FILE", certs / "server.pem") set_env("TLS_CA_FILE", certs / "ca.pem") if sys.platform == "darwin": + # macOS MongoDB Enterprise uses Apple SecTrust, which rejects our + # test CA and certs. See test/certificates/README.md for details. extra_opts.append("--tls-allow-invalid-certificates") if opts.auth: diff --git a/test/certificates/README.md b/test/certificates/README.md index 5975b4c722..d741464063 100644 --- a/test/certificates/README.md +++ b/test/certificates/README.md @@ -10,18 +10,32 @@ Run the generation script from this directory: bash gen-certs.sh ``` -**Prerequisites:** OpenSSL 1.1+ or LibreSSL 3+ +**Prerequisites:** Python 3 with the `cryptography` package (`pip install cryptography`). ## Certificate details -| File | Subject | Signed by | Purpose | -|---|---|---|---| -| `ca.pem` | `CN=Drivers Testing CA, ...` | Self (CA) | Root CA for test certs | -| `server.pem` | `CN=localhost, ...` + SAN | Drivers Testing CA | MongoDB server cert (key + cert) | -| `client.pem` | `CN=client, O=MDB, ...` | Drivers Testing CA | Client auth cert (key + cert) | -| `password_protected.pem` | Same as client | Drivers Testing CA | Client cert with AES-256 encrypted key | -| `crl.pem` | — | Drivers Testing CA | Empty Certificate Revocation List | -| `trusted-ca.pem` | `CN=Trusted Kernel Test CA, OU=Kernel, ...` | Self (CA) | Separate CA for bundle tests | +Two classes of leaf certificate are generated, with different extension profiles to satisfy +conflicting requirements from Python's ssl module and macOS's SecTrust framework: + +**MongoDB certs** — presented to MongoDB Enterprise, verified by Apple SecTrust on macOS. +No AKI or SKI. Adding AKI causes SecTrust to attempt OCSP revocation checks; because our +CA is not in the macOS system keychain, those checks fail with `CSSMERR_TP_CERT_SUSPENDED`. + +**KMS certs** — presented by KMS mock servers, verified by Python's ssl module (OpenSSL). +Carry both AKI and SKI. Python 3.13 requires AKI on non-root certs; Python 3.14 enables +`X509_V_FLAG_X509_STRICT` in `ssl.create_default_context()`, which requires SKI too. + +| File | Subject | Signed by | Extensions | Purpose | +|---|---|---|---|---| +| `ca.pem` | `CN=Drivers Testing CA, ...` | Self (CA) | basicConstraints critical, keyUsage critical | Root CA for all test certs | +| `server.pem` | `CN=localhost, ...` + SAN | Drivers Testing CA | SAN only | MongoDB server cert (key + cert) | +| `client.pem` | `CN=client, O=MDB, ...` | Drivers Testing CA | keyUsage, extKeyUsage | Client auth cert (key + cert) | +| `password_protected.pem` | Same as client | Drivers Testing CA | keyUsage, extKeyUsage | Client cert with AES-256 encrypted key | +| `crl.pem` | — | Drivers Testing CA | — | CRL revoking serial 1 (server.pem) | +| `server-kms.pem` | `CN=localhost, ...` + SAN | Drivers Testing CA | SAN, AKI, SKI | KMS mock server cert (key + cert) | +| `wrong-host.pem` | `CN=wronghost.example.com` | Drivers Testing CA | SAN, AKI, SKI | KMS wrong-host test cert | +| `expired.pem` | `CN=localhost, ...` + SAN | Drivers Testing CA | SAN, AKI, SKI | KMS expired cert (validity 2000–2001) | +| `trusted-ca.pem` | `CN=Trusted Kernel Test CA, ...` | Self (CA) | basicConstraints critical, keyUsage critical | Separate CA for CA-bundle tests | **Password** for `password_protected.pem`: `qwerty` @@ -37,4 +51,16 @@ The following values are hardcoded in tests and **must not change**: ## Background -Certificates were regenerated to add the **Authority Key Identifier (AKI)** extension, which Python 3.13 requires for TLS certificate chain validation (PYTHON-5040). Prior to regeneration, certs were missing AKI, causing `ssl.SSLCertVerificationError: Missing Authority Key Identifier` on macOS and Windows with Python 3.13. +Certificates were regenerated for PYTHON-5040 to fix `ssl.SSLCertVerificationError` failures on +macOS and Windows with Python 3.13+. The root causes were: + +1. Python 3.13 / OpenSSL 3.x requires **AKI** on non-root certs. The original 2019 certs had none. +2. Python 3.14 enables `X509_V_FLAG_X509_STRICT` in `ssl.create_default_context()`, which + additionally requires **SKI** on non-root certs and `basicConstraints`/`keyUsage` to be critical + on CA certs. + +The CA cert intentionally omits SKI even though strict mode would normally require it on all +certs: adding SKI to the CA triggers macOS SecTrust OCSP revocation checks on the MongoDB server +startup path (MongoDB 4.2 Enterprise uses Apple SecTrust), causing ~67-second connection +timeouts. KMS connections bypass this by using `ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)` instead +of `ssl.create_default_context()`, which does not enable strict mode. From 15d7c4842a6f0278bbd75326abd2cfb767936169 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Wed, 10 Jun 2026 16:17:14 -0500 Subject: [PATCH 23/28] PYTHON-5040 Fix mypy typing errors in synchro.py and gen-certs.py Use bare type: ignore in synchro.py so it suppresses whichever import error mypy raises depending on whether unasync is installed. Add arg-type ignore in gen-certs.py for a cryptography stubs version skew. --- test/certificates/gen-certs.py | 2 +- tools/synchro.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/test/certificates/gen-certs.py b/test/certificates/gen-certs.py index a3c15f2f93..0c8937dbe8 100755 --- a/test/certificates/gen-certs.py +++ b/test/certificates/gen-certs.py @@ -77,7 +77,7 @@ def aki_from_ca(ca_cert: x509.Certificate) -> x509.AuthorityKeyIdentifier: # keyid form: SHA-1 hash of the CA's public key. Required by Python 3.14 / # OpenSSL 3.x strict chain building. macOS OCSP enforcement on the server # side is bypassed via --tlsAllowInvalidCertificates, so keyid form is safe. - return x509.AuthorityKeyIdentifier.from_issuer_public_key(ca_cert.public_key()) + return x509.AuthorityKeyIdentifier.from_issuer_public_key(ca_cert.public_key()) # type: ignore[arg-type] def server_san() -> x509.SubjectAlternativeName: diff --git a/tools/synchro.py b/tools/synchro.py index 5570a22bdb..c96b569db3 100644 --- a/tools/synchro.py +++ b/tools/synchro.py @@ -25,7 +25,7 @@ from os import listdir from pathlib import Path -from unasync import Rule, unasync_files # type: ignore[import-not-found] +from unasync import Rule, unasync_files # type: ignore replacements = { "AsyncCollection": "Collection", From 637ce772f634295dd2813072904b0271c076d286 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Wed, 10 Jun 2026 19:22:09 -0500 Subject: [PATCH 24/28] PYTHON-5040 Clarify comments about macOS SecTrust and cert env vars --- .github/workflows/test-python.yml | 2 ++ test/asynchronous/test_encryption.py | 2 +- test/certificates/README.md | 2 +- test/test_encryption.py | 2 +- 4 files changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/test-python.yml b/.github/workflows/test-python.yml index cc6c45ecb5..e8506d96f5 100644 --- a/.github/workflows/test-python.yml +++ b/.github/workflows/test-python.yml @@ -226,6 +226,8 @@ jobs: with: ssl: true env: + # drivers-evergreen-tools invokes run-mongodb.sh directly (not via + # run_server.py), so cert paths must be provided explicitly here. TLS_PEM_KEY_FILE: ${{ github.workspace }}/test/certificates/server.pem TLS_CA_FILE: ${{ github.workspace }}/test/certificates/ca.pem TLS_CERT_KEY_FILE: ${{ github.workspace }}/test/certificates/client.pem diff --git a/test/asynchronous/test_encryption.py b/test/asynchronous/test_encryption.py index 1689da5a6d..d59dd3d5f5 100644 --- a/test/asynchronous/test_encryption.py +++ b/test/asynchronous/test_encryption.py @@ -3049,7 +3049,7 @@ async def http_post(self, path, data=None): # X509_V_FLAG_X509_STRICT is not set. Python 3.14 enables strict mode # in create_default_context, which requires SKI on the root CA cert. # We intentionally omit SKI from the CA cert to prevent macOS SecTrust - # from triggering OCSP revocation checks during MongoDB 4.2 server startup. + # from triggering OCSP revocation checks during MongoDB server startup. ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) ctx.load_verify_locations(cafile=CA_PEM) ctx.load_cert_chain(CLIENT_PEM) diff --git a/test/certificates/README.md b/test/certificates/README.md index d741464063..112e793d38 100644 --- a/test/certificates/README.md +++ b/test/certificates/README.md @@ -61,6 +61,6 @@ macOS and Windows with Python 3.13+. The root causes were: The CA cert intentionally omits SKI even though strict mode would normally require it on all certs: adding SKI to the CA triggers macOS SecTrust OCSP revocation checks on the MongoDB server -startup path (MongoDB 4.2 Enterprise uses Apple SecTrust), causing ~67-second connection +startup path (MongoDB Enterprise on macOS uses Apple SecTrust), causing ~67-second connection timeouts. KMS connections bypass this by using `ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)` instead of `ssl.create_default_context()`, which does not enable strict mode. diff --git a/test/test_encryption.py b/test/test_encryption.py index 1790405e24..9207a4034a 100644 --- a/test/test_encryption.py +++ b/test/test_encryption.py @@ -3031,7 +3031,7 @@ def http_post(self, path, data=None): # X509_V_FLAG_X509_STRICT is not set. Python 3.14 enables strict mode # in create_default_context, which requires SKI on the root CA cert. # We intentionally omit SKI from the CA cert to prevent macOS SecTrust - # from triggering OCSP revocation checks during MongoDB 4.2 server startup. + # from triggering OCSP revocation checks during MongoDB server startup. ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) ctx.load_verify_locations(cafile=CA_PEM) ctx.load_cert_chain(CLIENT_PEM) From 0385fa2d2ad8ec043da94d6a1e895db6c2e46f46 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Wed, 10 Jun 2026 19:24:28 -0500 Subject: [PATCH 25/28] PYTHON-5040 Only use PROTOCOL_TLS_CLIENT in http_post on macOS --- test/asynchronous/test_encryption.py | 16 ++++++++++------ test/test_encryption.py | 16 ++++++++++------ 2 files changed, 20 insertions(+), 12 deletions(-) diff --git a/test/asynchronous/test_encryption.py b/test/asynchronous/test_encryption.py index d59dd3d5f5..e7d4bbbc69 100644 --- a/test/asynchronous/test_encryption.py +++ b/test/asynchronous/test_encryption.py @@ -3045,12 +3045,16 @@ async def asyncSetUp(self): async def http_post(self, path, data=None): # Note, the connection to the mock server needs to be closed after # each request because the server is single threaded. - # Use PROTOCOL_TLS_CLIENT instead of create_default_context so that - # X509_V_FLAG_X509_STRICT is not set. Python 3.14 enables strict mode - # in create_default_context, which requires SKI on the root CA cert. - # We intentionally omit SKI from the CA cert to prevent macOS SecTrust - # from triggering OCSP revocation checks during MongoDB server startup. - ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) + if sys.platform == "darwin": + # macOS: use PROTOCOL_TLS_CLIENT instead of create_default_context + # so that X509_V_FLAG_X509_STRICT is not set. Python 3.14 enables + # strict mode in create_default_context, which requires SKI on the + # root CA cert. We intentionally omit SKI from the CA cert to + # prevent macOS SecTrust from triggering OCSP revocation checks + # during MongoDB server startup. + ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) + else: + ctx = ssl.create_default_context() ctx.load_verify_locations(cafile=CA_PEM) ctx.load_cert_chain(CLIENT_PEM) conn = http.client.HTTPSConnection("127.0.0.1:9003", context=ctx) diff --git a/test/test_encryption.py b/test/test_encryption.py index 9207a4034a..402ee64f99 100644 --- a/test/test_encryption.py +++ b/test/test_encryption.py @@ -3027,12 +3027,16 @@ def setUp(self): def http_post(self, path, data=None): # Note, the connection to the mock server needs to be closed after # each request because the server is single threaded. - # Use PROTOCOL_TLS_CLIENT instead of create_default_context so that - # X509_V_FLAG_X509_STRICT is not set. Python 3.14 enables strict mode - # in create_default_context, which requires SKI on the root CA cert. - # We intentionally omit SKI from the CA cert to prevent macOS SecTrust - # from triggering OCSP revocation checks during MongoDB server startup. - ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) + if sys.platform == "darwin": + # macOS: use PROTOCOL_TLS_CLIENT instead of create_default_context + # so that X509_V_FLAG_X509_STRICT is not set. Python 3.14 enables + # strict mode in create_default_context, which requires SKI on the + # root CA cert. We intentionally omit SKI from the CA cert to + # prevent macOS SecTrust from triggering OCSP revocation checks + # during MongoDB server startup. + ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) + else: + ctx = ssl.create_default_context() ctx.load_verify_locations(cafile=CA_PEM) ctx.load_cert_chain(CLIENT_PEM) conn = http.client.HTTPSConnection("127.0.0.1:9003", context=ctx) From 60ef3df216a0da8a8a29b489db600be77cfd0ba0 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Wed, 10 Jun 2026 19:29:05 -0500 Subject: [PATCH 26/28] PYTHON-5040 Use uv run with PEP 723 inline metadata in gen-certs.py --- test/certificates/README.md | 4 ++-- test/certificates/gen-certs.py | 31 +++++++++++++++---------------- test/certificates/gen-certs.sh | 4 ++-- 3 files changed, 19 insertions(+), 20 deletions(-) mode change 100755 => 100644 test/certificates/gen-certs.py diff --git a/test/certificates/README.md b/test/certificates/README.md index 112e793d38..a8e32afeb9 100644 --- a/test/certificates/README.md +++ b/test/certificates/README.md @@ -7,10 +7,10 @@ These certificates are used by the PyMongo test suite for TLS/SSL integration te Run the generation script from this directory: ```bash -bash gen-certs.sh +uv run gen-certs.py ``` -**Prerequisites:** Python 3 with the `cryptography` package (`pip install cryptography`). +**Prerequisites:** Python 3 and [uv](https://docs.astral.sh/uv/). The script declares its own dependency on `cryptography` via PEP 723 inline metadata, so `uv` installs it automatically. ## Certificate details diff --git a/test/certificates/gen-certs.py b/test/certificates/gen-certs.py old mode 100755 new mode 100644 index 0c8937dbe8..9a5d13c459 --- a/test/certificates/gen-certs.py +++ b/test/certificates/gen-certs.py @@ -1,4 +1,7 @@ -#!/usr/bin/env python3 +# /// script +# requires-python = ">=3.8" +# dependencies = ["cryptography"] +# /// """Generate TLS test certificates for the PyMongo test suite. Two classes of leaf cert are generated: @@ -27,8 +30,7 @@ (CSSMERR_TP_CERT_SUSPENDED) because the CA is not in the system keychain. Usage: - pip install cryptography - python gen-certs.py # run from test/certificates/ + uv run gen-certs.py # run from test/certificates/ Password for password_protected.pem: qwerty """ @@ -39,19 +41,16 @@ import sys from pathlib import Path -try: - from cryptography import x509 - from cryptography.hazmat.primitives import hashes, serialization - from cryptography.hazmat.primitives.asymmetric import rsa - from cryptography.hazmat.primitives.serialization import ( - BestAvailableEncryption, - Encoding, - NoEncryption, - PrivateFormat, - ) - from cryptography.x509.oid import ExtendedKeyUsageOID, NameOID -except ImportError: - sys.exit("cryptography package is required: pip install cryptography") +from cryptography import x509 +from cryptography.hazmat.primitives import hashes, serialization +from cryptography.hazmat.primitives.asymmetric import rsa +from cryptography.hazmat.primitives.serialization import ( + BestAvailableEncryption, + Encoding, + NoEncryption, + PrivateFormat, +) +from cryptography.x509.oid import ExtendedKeyUsageOID, NameOID SCRIPT_DIR = Path(__file__).parent.resolve() DAYS = 7300 # ~20 years diff --git a/test/certificates/gen-certs.sh b/test/certificates/gen-certs.sh index 42285b2aa3..84db9ec1e2 100755 --- a/test/certificates/gen-certs.sh +++ b/test/certificates/gen-certs.sh @@ -3,8 +3,8 @@ # See gen-certs.py for full documentation on the cert design. # # Usage: bash gen-certs.sh (run from test/certificates/) -# Requires: pip install cryptography +# Requires: uv set -euo pipefail cd "$(dirname "${BASH_SOURCE[0]}")" -python3 gen-certs.py +uv run gen-certs.py From 729e6f722bc7db2fac820f3150a3f0e6f1f2a49b Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Thu, 11 Jun 2026 06:31:39 -0500 Subject: [PATCH 27/28] PYTHON-5040 Fix Windows KMS cert failures: issuer-form AKI, win32 guard Switch KMS certs from keyid-form to issuer-form AKI (DirName + serial). OpenSSL 3.3+ (bundled with Windows Python 3.13+) requires the issuer to have SKI when the leaf uses keyid-form AKI; our CA omits SKI, so keyid form caused ssl.SSLCertVerificationError on Windows Python 3.13. Extend the PROTOCOL_TLS_CLIENT guard in http_post to also cover win32, so Python 3.14 strict mode does not require SKI on the CA cert on Windows. --- test/asynchronous/test_encryption.py | 15 +++-- test/certificates/ca.pem | 28 ++++---- test/certificates/client.pem | 78 ++++++++++----------- test/certificates/crl.pem | 14 ++-- test/certificates/expired.pem | 84 ++++++++++++----------- test/certificates/gen-certs.py | 14 ++-- test/certificates/password_protected.pem | 80 +++++++++++----------- test/certificates/server-kms.pem | 86 ++++++++++++------------ test/certificates/server.pem | 80 +++++++++++----------- test/certificates/trusted-ca.pem | 28 ++++---- test/certificates/wrong-host.pem | 84 ++++++++++++----------- test/test_encryption.py | 15 +++-- 12 files changed, 310 insertions(+), 296 deletions(-) diff --git a/test/asynchronous/test_encryption.py b/test/asynchronous/test_encryption.py index e7d4bbbc69..da3dddef4b 100644 --- a/test/asynchronous/test_encryption.py +++ b/test/asynchronous/test_encryption.py @@ -3045,13 +3045,14 @@ async def asyncSetUp(self): async def http_post(self, path, data=None): # Note, the connection to the mock server needs to be closed after # each request because the server is single threaded. - if sys.platform == "darwin": - # macOS: use PROTOCOL_TLS_CLIENT instead of create_default_context - # so that X509_V_FLAG_X509_STRICT is not set. Python 3.14 enables - # strict mode in create_default_context, which requires SKI on the - # root CA cert. We intentionally omit SKI from the CA cert to - # prevent macOS SecTrust from triggering OCSP revocation checks - # during MongoDB server startup. + if sys.platform in ("darwin", "win32"): + # macOS/Windows: use PROTOCOL_TLS_CLIENT instead of + # create_default_context so that X509_V_FLAG_X509_STRICT is not + # set. Python 3.14 enables strict mode in create_default_context, + # which requires SKI on the root CA cert. The CA cert omits SKI + # to prevent macOS SecTrust from triggering OCSP revocation checks + # during MongoDB server startup; the same cert is used on all + # platforms, so Windows inherits the same constraint. ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) else: ctx = ssl.create_default_context() diff --git a/test/certificates/ca.pem b/test/certificates/ca.pem index be443b612f..6e371ff44f 100644 --- a/test/certificates/ca.pem +++ b/test/certificates/ca.pem @@ -2,21 +2,21 @@ MIIDkjCCAnqgAwIBAgIDB1MGMA0GCSqGSIb3DQEBCwUAMHkxGzAZBgNVBAMMEkRy aXZlcnMgVGVzdGluZyBDQTEQMA4GA1UECwwHRHJpdmVyczEQMA4GA1UECgwHTW9u Z29EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UECAwITmV3IFlvcmsx -CzAJBgNVBAYTAlVTMB4XDTI2MDYwOTEzMDQ1NloXDTQ2MDYwNTEzMDQ1NloweTEb +CzAJBgNVBAYTAlVTMB4XDTI2MDYxMDExMzA1NVoXDTQ2MDYwNjExMzA1NVoweTEb MBkGA1UEAwwSRHJpdmVycyBUZXN0aW5nIENBMRAwDgYDVQQLDAdEcml2ZXJzMRAw DgYDVQQKDAdNb25nb0RCMRYwFAYDVQQHDA1OZXcgWW9yayBDaXR5MREwDwYDVQQI DAhOZXcgWW9yazELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw -ggEKAoIBAQDQPPKgBuJsJiRmjN5H3RAoh9F5XvBArELZhgaD5iHGZUxkktaoZSJ1 -Xq8YEYNr46zUtAhOd7bD/B8tFCQ0ryZA13THt2/g+lgK1pq5yvu7+kwjCNfhC6CU -Aax0JR0K6L5/BtU3MerRZjSOqk8ecfnkWCDZUDj4N90f8EH4e8DXq58LvmVxDicm -FeJX4yflNMu5MOjBe3dbFVygM/g8zGHAt5S3uWQ1RXnaxx0rgUJ671iWPS4iih41 -hGOzwhBn2cXfGSKzYIq/8hzPqNtl7vCsR38dEZ1p0oZ2C/Q3M5QyNK7HF3JlSJ7o -FvyVb5DgqjRTjPT1aEpXmQgeKHi8NedrAgMBAAGjIzAhMA8GA1UdEwEB/wQFMAMB -Af8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQAogVQicZM+YjVA -Wtxj0T+HUmTQg8HGFDFwhY0s0ToCr4dufFSq94u+lVgCXAWpVvZdb7P5NWgd+elD -5BaxmosTty137OIdyhA4zBgB7Mo5ZaDXTpLpvsllgPlxEIbBIW2Ja/Vx7IjJwk9H -qPvstV221uvfx1Hk6BVpXYtEyk74UZuBs+m+k5copPN+vXJoYJOwZM1aidy5Jju1 -bzsk6pniBGjwWujUCg/hrjX6nst1kKba+Kc4Ts23kNrM5+HnzwM8/NJinlh1sz/i -3LUOe+Z7YkdO73VRv4TL8cbCe8t7SwUDQl+sIa8CW/f96ypl0wqj44iFdxJPv4qv -O7KzjQ3A +ggEKAoIBAQC9zwos89VjHIVZU7vsE4hdbXnxlncuePLhRTM50VZpp4TK9zbEJAyg +KXn2NDKGKGjy9wNtH5rPhhQSColJPZX5o2G68XF4wVQvFOMiaQ7Gwcy4b2RJzKHo +uc2pnEokw83oo1C01xkk2fiBHz0G6Ozukcb2980Pye3srdRZUbXvKxJwxdHvQ2s/ +f0ILzs2aQbVKgXryZjJNSZQqex/SbY0PsAsK4u1ztf/AXiykdIaIHNezFSMbC6UW +jqlDGj+30vg9ULB9WKlB75I0kmJOab3FpRA22ZJxLrYLxa7uypS49WLQUDUObVKM +cGDoWvUFeG/871/xgARNu2H1BG4ZaHYdAgMBAAGjIzAhMA8GA1UdEwEB/wQFMAMB +Af8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQB6qfoZk85/hTmt +Moo3KEDmMxq0pZaPQ96qo9aVvb2l25H6+1CGXSbXQ+aTL0WhOHpAIGIJNB+Vg0ih +6/rrQi59wp2lsNcxbhR77A2fIKdsnj2rBrT62a8u27aK8jLm8DRV79Cq0yJPFTNw +IiiTo1jM/KS7okRe06tuV1xGpYWWnxILBRonlYLr58mmrZc2JJ6DOUPUSOd8BipJ +aYI+p1FcvFcDocxDf3fQuI3PVIEMRQ8wpz/BpcF8yYt/ZCiEy2n28NH35sRTrdSX +EbaA90fUAkFJd7qKXTocplVDrexz0SdUklp4xE2pDffqQlWuigX34HCHmh4EKXf1 +djoKlfPP -----END CERTIFICATE----- diff --git a/test/certificates/client.pem b/test/certificates/client.pem index 700c22e266..4159ddcc2a 100644 --- a/test/certificates/client.pem +++ b/test/certificates/client.pem @@ -1,48 +1,48 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEA3h97gt9AX1KZGDwRZb2YZH7q/FUJ+6E+4iqByKHYgHzwwjLj -wf0H6pH1mAir8ZSsoJ8PL79ae4XJOyxolz/8AO6+/JpBOmcb8Vu7a64xks6QH3Tf -xWmfG65Rlqrks16bYLvKrgXwlrXjWvanJ1pjBBOtSNjACuaThScaR9ZzMXF9zPfA -cnIyp4k48UkBLHg4rc+xoWAsrdSVh3pDm2+XVM2YkSon2cJDIwIWTR1WCoOnPPhD -1n8reOxyFahKh20f2lUY/byqOD6EIuH1xxhi4APU8J9AmtZaSTswub0YXlaUYAkN -vLf7qDsBVOmqZWJmpb8OSnIP84T35SX5ql+HxQIDAQABAoIBAALQXsnyZpgejYJ1 -VloV3A2f3v253RHDQe7vD2xZgorkKk+ngeOl/zjtRvF5YKZDlilFwpU+BRkuAXXe -sueBn8FqROCh2qQxBLVazmXHk+iydbh0TFZtp16cJ3vzZ8jO8MR5tJBeUmUyYjI3 -kDgLKNh3IFmdJ1esAp/r9iUFVjnA2oajbPsF5koUMn2VqVjgZJV9Rqhm5UdTTHG8 -7cBM3liFOvV6za/URrF+dlfObdlBR0SAZDLR8axep0A7p/sP3U1AO8Q6hCT8uL18 -pojbHYykSIAQyXVwj6PnSTRKgTsdEoANrHe4u95nVtHxmKLqNg7OGcezbPnMaWF+ -JE5Ne6ECgYEA741i7nYRCg5uudPfkwcU72WK5rLS0/QTFtHOjgdvUadYV40RvTLW -vigFlrZ2SNW5Z+Cpn8kmNv6CAGffWjfqZK8MayqJokAaV/mirwZAr+wyb7OR/FGF -i+GbVOYIv544uRflULjpjaL0v80x4FWPpXIt5hlyBDzhv/WmSGVkHaUCgYEA7V+9 -o4TvNReueo6aZoC8o+TLfgXkeWsupD0mC/9ESxuW3pcrjzoCj5ypwlaqPcpL0h8h -LQtgW3HCNPiCVv93hMnWWzOLt+BwuaARtl7l6XMPZ8B4fBpxFJAxq7O6C1IFxVnQ -ycQmH/fMKTz4l+A7Smh5xh+D9g95dcmQ3hK156ECgYAlDoARV15Hafgi8u2Q9vV8 -Gv8jtOH8O7OAQjBrtCa6QOLfmEj4NZcWj2Zd7BfcKIOn2A8lUp6Av1oo6eiZMjEm -JhYLtebYnIX2uf06igMTs7wRn3ujxpCcFOhMd9E+oyEvMM0ecZxfdqfZy8o9Y772 -3vTOtXz3vttFMKDqbhTQqQKBgC0x82t03g6fyaqwCBnIHSKfZ1dBS/UKQUEoG1xh -Z+FdCWasJbEJfH9XdsL3uUY2hCUnpCttZRVEHZP0VOy3i0wPGe8Xa1zBMPVG0tiE -TQYb0C0S6l3Gsw0VPz/P4nZRUaP3q9cer5ualJatcy+HlAJgzf649WkeHSQeEqUV -rujBAoGAWj0rov2mieKgYKkL2EX+6VVFmP4d+rjJrhlas8jYgzydUPxHoVb/m64U -BzwbqO6wX+CqoKQciSMq3tiu/WCbg81lY5bttqZkB3Z7iSzE07uZKeXXwhKCNRCB -i7jdG0N9EoBGyvRgkdjlJIenqgfSM4crtigBM/JNMfs1hDgUFNM= +MIIEpAIBAAKCAQEAy4ygO9HgfleMeoHKTGiufL+Akjd6HSUfTy76fvYmd8uoY8XX +PKndPSl4HC9U3/nuF5qR6sWwIZryhd+1PMD9NTdZvwbO9vm2ctvu3uyVWyDiC5iG +04xb0eoxrpz8dHye36rU0qlbbsKSV97QcPrxbHsCZUHPs37D4S8fZTLpEFgjYl9P +hitgx0vVlQ8VQFxCzEXprmVZaT/ECIq58nV8gDKy+FDVYdhYmD3oOHUvO+ZqvtbB +2TNCS2+1ZH869voM4awBG4ySEXKLMWUY/+Cav11zLc8VsE8LMKsdrMPaEfarDAfo +x+31M00CSo+b/lG7+wLY2nyYhO231XQH8zTWQwIDAQABAoIBACNUr/ViKxzS9nPH +NoWHwA2wMdFvZrdLW8FjTqCd+jRd+ccDrqX9eATnP01pG8rat2yKbFx7XuSeYA1D +tNIsT2ceyemh9WeiFXyfVzmDiDMupH3Nxk1O9hscEu6TmjBf9zWskc9VDSVPCZbN ++pE5xZEGUvafcz1dOgPKqaDnstOeoUrvLpFazxAyioGZyU6tuotV696IZdWdftbX +SKlJIuB5/R3qS29N9A5Ec7M+b7jOcmSEvTl8jM+axoVGODpxGDsL8GMPABXBbMtQ +4y1pDUCAGeo97fL0qFpsLiZDIzb2duAhccZb1fqTZ7SdZoGWeYhrLNDo/CNXHpdT +dQv/R4kCgYEA+XKvSN/I/iWMO/2k+CSCYqSzd3W4PcDkaBi2heq5tdrIvaHllRe5 +OtrEz8Io7YfEglu+hT0RzdHsd57eCEvp68yDRg1Q3E8GY63BnU1NKbF3qg+mNMhd +KgH0XgamOVBq30yrTmJ+3DKo0S7V3hwz9MuwRhlVWhQb4hdiKWtnltkCgYEA0OVQ +R8+XxI9fBG2sXnlSnla1YTtE+5Dgk1i7HFTWp2hIjz+ABrLCPkPy0ro8ZEmgRv8u +1km/K83bi9EF1of4oXH2v+qn+ddRU+7EaE2gd9O0SfLJJr13FozTsvUoBoqqMR3u +AcCqLPdLGfZDsQ5TrHOvwlafFy9+moMHNHnovHsCgYEAxtoZyao7+/3KsPgeToIs +Pp61QoHhgbkHW8R3nIHl0Ya7iBBLiHMFAlnrkwNgxRn6GUExu91XGBBExYcr0MlT +jNnXvDxZPYbxvPyC3/cDkD0c+8DF6kXfnuE4AMykLgRhbekclrwGDVuFIFyJuSoa +cQb/WqJPXCOzpqSlaAdq6OECgYEAxtlS51jMPra/myaPS0swAzvE4u6ZhuLtdDWl +v51ey/LwBzRKOZYWY1EpJ8FSVaDkalDlk+SVjywhjmGFria23W/vk9ba2XBGoaAK +5MLoOsiSuUXchv0aDKQ3rQXDeR6sTZ8Q/igZlj49BlSvMS7TJbjmGRd9z4NNf+W0 +iRZ3HlsCgYATyGpPgdR+ICbUUUkb3fCF2uDetgkqVZaB77JXq378JN2Iu84SmNSI +TI7qgwCcNlHx7qEz0aF/BIPyd/Q6C3uegrBtmiNKLCYmLINn0yl1en3WWK1v8rFC +NO8+wP6wYwNvXVbCFY4bWEqvGOb7e4VXc1xl8eqmvjm9Bd/3zuOVJA== -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDgTCCAmmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADB5MRswGQYDVQQDDBJEcml2 ZXJzIFRlc3RpbmcgQ0ExEDAOBgNVBAsMB0RyaXZlcnMxEDAOBgNVBAoMB01vbmdv REIxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxETAPBgNVBAgMCE5ldyBZb3JrMQsw -CQYDVQQGEwJVUzAeFw0yNjA2MDkxMzA0NTZaFw00NjA2MDUxMzA0NTZaMGkxDzAN +CQYDVQQGEwJVUzAeFw0yNjA2MTAxMTMwNTVaFw00NjA2MDYxMTMwNTVaMGkxDzAN BgNVBAMMBmNsaWVudDEQMA4GA1UECwwHRHJpdmVyczEMMAoGA1UECgwDTURCMRYw FAYDVQQHDA1OZXcgWW9yayBDaXR5MREwDwYDVQQIDAhOZXcgWW9yazELMAkGA1UE -BhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDeH3uC30BfUpkY -PBFlvZhkfur8VQn7oT7iKoHIodiAfPDCMuPB/QfqkfWYCKvxlKygnw8vv1p7hck7 -LGiXP/wA7r78mkE6ZxvxW7trrjGSzpAfdN/FaZ8brlGWquSzXptgu8quBfCWteNa -9qcnWmMEE61I2MAK5pOFJxpH1nMxcX3M98BycjKniTjxSQEseDitz7GhYCyt1JWH -ekObb5dUzZiRKifZwkMjAhZNHVYKg6c8+EPWfyt47HIVqEqHbR/aVRj9vKo4PoQi -4fXHGGLgA9Twn0Ca1lpJOzC5vRheVpRgCQ28t/uoOwFU6aplYmalvw5Kcg/zhPfl -JfmqX4fFAgMBAAGjJDAiMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcD -AjANBgkqhkiG9w0BAQsFAAOCAQEAkMnK8ZI7rEMCLBWyIL9KR0XqvoD2KcwkFioG -wkVGrEO+1IX9tEshAlZuWbk01zmRars2dlu9lwAtq3LXuiuwx74GTXECvP7meWWL -NwGKX6rC5INxs6U3wyTyNXUDr5alf+S0i2eGvOZSujqnUV29ZU3W4Kni+CYYc64w -yzf1V3jb7TBrWvx0FyV4zDTuK/Tvfr8ZwXeAIlOAzjlzZKsL+Mc3Wwo+mq+D8KKM -Kfs+vycF2zIz11JbRo7LojPuTch4JMBcWZJf6pebZb59lezmGC8zxfDIiAWzx4VS -GQmxRYvNL0mFXALGL+LGe+4/9UcMMzRG7CCLONzl2mb4GETWGQ== +BhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLjKA70eB+V4x6 +gcpMaK58v4CSN3odJR9PLvp+9iZ3y6hjxdc8qd09KXgcL1Tf+e4XmpHqxbAhmvKF +37U8wP01N1m/Bs72+bZy2+7e7JVbIOILmIbTjFvR6jGunPx0fJ7fqtTSqVtuwpJX +3tBw+vFsewJlQc+zfsPhLx9lMukQWCNiX0+GK2DHS9WVDxVAXELMRemuZVlpP8QI +irnydXyAMrL4UNVh2FiYPeg4dS875mq+1sHZM0JLb7Vkfzr2+gzhrAEbjJIRcosx +ZRj/4Jq/XXMtzxWwTwswqx2sw9oR9qsMB+jH7fUzTQJKj5v+Ubv7AtjafJiE7bfV +dAfzNNZDAgMBAAGjJDAiMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcD +AjANBgkqhkiG9w0BAQsFAAOCAQEABR1ZOvDOiwAVTy+z/MtzfCHrVXUmYmnPybaG +j8ADepJhgEzeZjDmiLkR7Cuo10g9N2TzZYTzrhFWjjOP3iWDU47oCYR5j30V3U6x +zX1/Uh/KOKuIu2NkcYNUSPlU2zq3JvyMErYiPvIQ8t8y8M/AhjPxy2uWNQ98hb3j +s9qdiScJ+ejsoI72BzgRMh7eK+wrxhqZRIAKI9VSy1TIGlXwtnTcU3Tk0uN21HaH +LgOksFqnTEOafbvYUZruaU0XM6p3LvUn/9fCTB7NPUiGaDQIfAAixyH5Nuxu/X/Z +j7PvajaG6jMGgYZl9OXGGMw9zRaAiE2NDOOl5XEQ1tbeZr1ANQ== -----END CERTIFICATE----- diff --git a/test/certificates/crl.pem b/test/certificates/crl.pem index c52d890bd9..845797f3ce 100644 --- a/test/certificates/crl.pem +++ b/test/certificates/crl.pem @@ -2,11 +2,11 @@ MIIB2DCBwQIBATANBgkqhkiG9w0BAQsFADB5MRswGQYDVQQDDBJEcml2ZXJzIFRl c3RpbmcgQ0ExEDAOBgNVBAsMB0RyaXZlcnMxEDAOBgNVBAoMB01vbmdvREIxFjAU BgNVBAcMDU5ldyBZb3JrIENpdHkxETAPBgNVBAgMCE5ldyBZb3JrMQswCQYDVQQG -EwJVUxcNMjYwNjEwMTMwNDU2WhcNNDYwNjA1MTMwNDU2WjAUMBICAQEXDTI2MDYx -MDEzMDQ1NlowDQYJKoZIhvcNAQELBQADggEBAL+bz2hs+aE1kiWfAGKSR9WL1KvH -8nhZ6BfDvQBUbbdrAhr5FOIanZUnENYawlYjrzyOo1GPImNNpatQzGOdYz4b5eWu -t5lYoty3tAJEaauyqxCzoynEc9zzrLLhXh1dXMGQHX+UMNMLx+/+kVckD+eHMmPE -4kjMlS8fVZkBsFTKEbLW2MEZImSdhIh2zKQn6Rf5iU/wum9N9mJQhQM3AhvGBSnv -azhDXs2PjUv8v3cOzC/bhxlZwjIuLYHYu+ZurfE4mZrGZIsBpi0WyYVBj69W0MMZ -BjZCoaSKy4/zDDv7IXns903lo8F9Gk7D5GSPGbPI8ZhMGMtDlUTaokLNfiw= +EwJVUxcNMjYwNjExMTEzMDU1WhcNNDYwNjA2MTEzMDU1WjAUMBICAQEXDTI2MDYx +MTExMzA1NVowDQYJKoZIhvcNAQELBQADggEBAIWkzWOI2wCWjr7rEwQBgf4mi3iG +edHPWV+4BXQeR9R4SfpfeNAgZidUFEGpX6vLdYNcYysuuqhPZKgnNsQl1IiX8Lp8 +ijUpAZAsj3t29Q/ntK23swW4PJ/rnRjWKoLMRwJybf/8CSEct5knRi1kfxN69kv8 +SgeTo97xrEfBH6czdzk8A1Wwlz44Qz28Q4VdsMkl7lqsJERjSH2XFTuhbq2Dvj3S +PvnUnj0i+RFH4T2CVaZnp2zbFh1gaDAbQstHtdd8ZFCmsTmkFjcZ4NRxUmJAEgd8 +chaq11h3Zto8Ja26TK8Yi3vS8sXq6pHjmCbEwgvvo6+F0FogM0hlxiCw3AY= -----END X509 CRL----- diff --git a/test/certificates/expired.pem b/test/certificates/expired.pem index 8b705a279a..31a54f3dc7 100644 --- a/test/certificates/expired.pem +++ b/test/certificates/expired.pem @@ -1,50 +1,52 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEA0xjfduRNQle/zEsTop+FVo79bxoLEBEkYqOiJ6JsJrfk+XQG -Dy1BxEorwCVVtdVr8+DGSks3N3m0xf1qBpLAKgiBXhnRkjF8PZ8ODDRZXfaqM6AG -AhbXItfS/xbZsTavIwzI9OehH5ya6L6Wn1Y0Ipo5OEkEhdtbR1KvHNcl++xvgraH -gsANO2H6bWTrpwIeGIVp8GzdxLPK7/0Hh6Lq5KiqiikTciOUZE9lgP9QHCjo5N/v -ntTFJ7cfhgVxxe9aQ8sW90TiB85keO2QC5NFiNqoPXxie8OneddPMlcDkwUVUSV/ -6f+sbZRi9f+8pU4ZNE3Y0YKz/KEd9sqsQvpIVwIDAQABAoIBADtGcDU/zSv0XOB+ -MmDHP1c7ZpGkc/fKgHeMMDPF6W2D1LFxMWRglmeKVjeppCQfbiU4eCWTcklLDQZN -btCys2/6HG1yfYT6DUN2XqjxqCh443kElbtPc5COnupPHcijrNEAPYt7YSRxwpPZ -NI1AVPpkaO3TnwgBPOPNpWtJRJq02keUom7nGQe43zUm+XQkVLAiiI+bdN3ZS+S7 -T9mqnP1D9lFajVA4JmfWew5TMtaJdHE4KpumYdM/0YBmat/yGJZGkJVP+52XZ32U -/QW4fLxyUG8WweLVOt869vW92KpobVjfA1YiSPN+H6QWs0QVcBH7yldx3UHPjMRp -T8BsAb0CgYEA8JyUuwpg/d51p2oB62OPmodxbkUEcYVfHb/Ss7J8Mwfm3FSviyqp -wkHYvt0ud3d7yHSSo184HXLavQmYUbfBFL/+rQDHfN2mj+h8zy1jg+WA6pBI9986 -qGJdvGdZBaNbjuvBY1RsVd7R1yRlHZ4aN5nAQdbLWrK7Q3m7LNplxhMCgYEA4JkQ -wBpIZlEwwRPzzsXeDKzum6jnVawbVNTAlnCEukVJQBMBNJtW+oaciFD4qifnL2lf -Z9Y8Ln1lJhLluyjiNHRgOM1zdOdzimdwB0+jih6d2Doznla9w/vXuLDlxFco7wZP -bgn7fV90O0Geafzn06w8cQT+Yh6r8LSF8SLKjS0CgYBwmuckTewsg4MOcZcqYXLg -gAi+8X/t3Nwx4Qcr4BkuDMGnVd69w56k8goM8RiBAqMkoiHKYZKyfYEPPUFS5Stw -mZYHwziZIGaGLOjUUMqk/LCDljkAADHEghyaQsev0s7TqVPdN7Jn0ZrlE/xaixZ7 -9PG8HlkXPlRTdNH7YM6GjwKBgACQwhcJuebwC2RhDXsWynFTuiIQMczoawUyp+15 -CQyDAiU0Jwuf3H8y+Y/qTEX5Zb6b0E6tnmcrj6ah44wuFSu2o0thUQoZTxQpIIIU -NEAzxYf21YxvgXjN2IQxhdKRuZuoc2i+g7CUHfHMP37a0SaaR2itb4qFsz8e5Ttv -L/1dAoGBAI2Yo19pZcgowjdqy2qamVN+zAPUEfeeLXzKTGLOG8lIJzUUYBtf5stj -4KGmdiqFs6Ddlh6bQ0nNxo59C5SQ2izSmKpcBFjWQ3voQPR0+3Lgr9nR9+X8iWeR -w9leG4cORGjI83gp4ZTU3wu85FpE7iyYlcB1A+ZwDZtqedvNQ/Mv +MIIEpAIBAAKCAQEAygbU020ifgr+Pe4ee9JtQQS6lsnuQs7FWBno5P196F12gb94 +7uRhFT6e63ZTJ82Ds0peSqTgmek8kM8EMXU4rsQL3LQKToaAKRVWPBmssPTMolBS +1XmG55cgXy5QUkfvo826pwrSATqEFpkByEoP55wn9jX3C2UBPo4hoVdBjDFCplY1 +IvvFe4fvbxfZSbM3TPdkyxnfAuoRvmuu2h5kcKsKrqSyHqFV3e4K5PgmRtnONHH2 +dhwVXQRHNLxAFpwRSYLZBUJcoOdV9hUBK+5oayMAFjeQao0dmH75Vtu8uDrlBKCm +8ruI5xqsUaWFyoLDhdv+4rptL+M+Zjj3iaAEYwIDAQABAoIBADvnpKoAvW6UgekJ +N57NubnC1jUqMW079MZ4AFgOVoxVUnOMvCZSL/tlsyfs0SGHThsW3TjTBQp+X4gs +6nhj4ufnmADcngXE2jHUctqlXlCmdhtXKAjG3VrEtEOk7wpG7Gcs9MDdc4ILwOkW +e7HRTEAITM00GUoWrDTJXm2B+xy/YuRa8xM83JLtN63pm1g6Bp4I22wngig+ZBgg +7UXZiGTJ4RBj0xdXT2A0xBNzJ791snenN+m73fhqbsqdFFt867jrKNVB7LVm50vD +sBiJFo37q1PwFIq/7Nr5vdjo4TfIyuIMmgkkSFRhxpqZteVq/A0ehInQYxaMvHA4 +d54Y3VECgYEA/nN14Xes3PYScAga/XOeDzNpcFp+2MVaVmMt3DoJtIcwOHfpgh9i +gQ+kHxK5DkpQgc2i+22YdHoHKLBf++hW75Eqt4ZU0msDMjtuETTrdwWfi0BQvx89 +aVAGsCpyWbaCSGd09TNgf6u0VHuBmAXIsihNPjX5s1Y1r/BfFpbVokkCgYEAy0Gs +Ez+aUNGGe8PDwvQqfI3bV8tEKufO4YoZZ++0LNTwUTc0+EjGQhzJnv2jBmerlwZR +J0HZFrF6QFHNZoQ5J34AIqZLHIl+v1NHtUztKoCpO9ow2JuSNYd/Pmb1SYv9XlT1 +5Iw5pfYRAW0/wf3IXjfVoWIqZ6KxuC5poTUtsUsCgYEAgmhCXg+rtIMY5/n/ey4q +L7g1rbNzlz1uEyA5fMjx+GfgutAaCOp03ZhakOJTnZNQt3XgteNxYyC3Uo8yYjSt +eZJ4xh4+kqjttmzm+EKa+yESp5eKyqkEHFk7VEYs3PXAx8LeGlz+c/BYN4Qk4vjz +5vrou52GH/drBIS49ybOzqECgYA3e+vfLUOQwEF3047Czygx6/9uTdyD4deFlc8t +oi+K9W3Mncdl52fHcFhRgGdaPj6G8YCBuOXr3fLDUBFD5OA9OZYL310toxLoY3F1 +ulQbgBeycPNYjc8xsZU4kZ5vvzkg4QxmoSizdyJZQ1teN0rU/WThswxkUfM1leXb +zcp1VQKBgQCvCkuRVBliJethGU0fj8rhTycFC1uACqwCcw5PAwm6SjW2rfsB/+y8 +U0XvKbed8AB8yNIbzxVmIyPQa1TTiuTSLmSZVLDlepmfMRcTnsZJJzfM8mrZHdFP +Exg0mcIBDqI5V6z0PKAOjrYqFQBC8Yvk/dc31dfyLlOJiwHerOpP2g== -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID1DCCArygAwIBAgIBBDANBgkqhkiG9w0BAQsFADB5MRswGQYDVQQDDBJEcml2 +MIIERzCCAy+gAwIBAgIBBDANBgkqhkiG9w0BAQsFADB5MRswGQYDVQQDDBJEcml2 ZXJzIFRlc3RpbmcgQ0ExEDAOBgNVBAsMB0RyaXZlcnMxEDAOBgNVBAoMB01vbmdv REIxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxETAPBgNVBAgMCE5ldyBZb3JrMQsw CQYDVQQGEwJVUzAeFw0wMDAxMDEwMDAwMDBaFw0wMTAxMDEwMDAwMDBaMHAxEjAQ BgNVBAMMCWxvY2FsaG9zdDEQMA4GA1UECwwHRHJpdmVyczEQMA4GA1UECgwHTW9u Z29EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UECAwITmV3IFlvcmsx -CzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0xjf -duRNQle/zEsTop+FVo79bxoLEBEkYqOiJ6JsJrfk+XQGDy1BxEorwCVVtdVr8+DG -Sks3N3m0xf1qBpLAKgiBXhnRkjF8PZ8ODDRZXfaqM6AGAhbXItfS/xbZsTavIwzI -9OehH5ya6L6Wn1Y0Ipo5OEkEhdtbR1KvHNcl++xvgraHgsANO2H6bWTrpwIeGIVp -8GzdxLPK7/0Hh6Lq5KiqiikTciOUZE9lgP9QHCjo5N/vntTFJ7cfhgVxxe9aQ8sW -90TiB85keO2QC5NFiNqoPXxie8OneddPMlcDkwUVUSV/6f+sbZRi9f+8pU4ZNE3Y -0YKz/KEd9sqsQvpIVwIDAQABo3AwbjAsBgNVHREEJTAjgglsb2NhbGhvc3SHBH8A -AAGHEAAAAAAAAAAAAAAAAAAAAAEwHwYDVR0jBBgwFoAU7Qw4hf3NPDzKlN3YuMMI -GfY6BUswHQYDVR0OBBYEFHIn2M+lD8gmrNA1L9FxX8Yyas2IMA0GCSqGSIb3DQEB -CwUAA4IBAQBKHR3VWowe4o0AkrIGvInL3Z8cItJKQglM90Ycpjq86mLfzZXEojrX -JC5B8RJVaxzwUrzJ7FojjNct9H+O5pp+3Oe5cGZrcQU0g7dmeQ7+m6Y2Diutrv86 -KIzMNnyt2R9a6YjkT26r/JJhO7dh8p/AyIgP019EMXDuKnHdrKxJ7d/2jYb+qGlQ -yUmrH2toV30osvV0+isHIDMsc0JwtEIN5eQfQ3ZjJLCA4TAczHZCPp1SC4B0rVx0 -L122wKVDFk3oD0lTKEDwP9nXVPgEgskUoVJqan0eZ8hFbAAQtIpKgLBtCVyhqztf -Pa/PfMRcOAp5LtZpRUIEOajuXTlfM9Go +CzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAygbU +020ifgr+Pe4ee9JtQQS6lsnuQs7FWBno5P196F12gb947uRhFT6e63ZTJ82Ds0pe +SqTgmek8kM8EMXU4rsQL3LQKToaAKRVWPBmssPTMolBS1XmG55cgXy5QUkfvo826 +pwrSATqEFpkByEoP55wn9jX3C2UBPo4hoVdBjDFCplY1IvvFe4fvbxfZSbM3TPdk +yxnfAuoRvmuu2h5kcKsKrqSyHqFV3e4K5PgmRtnONHH2dhwVXQRHNLxAFpwRSYLZ +BUJcoOdV9hUBK+5oayMAFjeQao0dmH75Vtu8uDrlBKCm8ruI5xqsUaWFyoLDhdv+ +4rptL+M+Zjj3iaAEYwIDAQABo4HiMIHfMCwGA1UdEQQlMCOCCWxvY2FsaG9zdIcE +fwAAAYcQAAAAAAAAAAAAAAAAAAAAATCBjwYDVR0jBIGHMIGEoX2kezB5MRswGQYD +VQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0ExEDAOBgNVBAsMB0RyaXZlcnMxEDAOBgNV +BAoMB01vbmdvREIxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxETAPBgNVBAgMCE5l +dyBZb3JrMQswCQYDVQQGEwJVU4IDB1MGMB0GA1UdDgQWBBQ3oyQ4KHs5v8o4YN73 +YoZSOuL3szANBgkqhkiG9w0BAQsFAAOCAQEAROHXMBYMDlcpcpsyVp40Wiapl9wJ +nB7ZIjAiFxW3B88O4Grc3coHibBleoiRRXrJLYX6dnSp2e7h8lv5o0MEhBxkTs/W +iCJCqeC6U3G8pLVgbmW+nOjcvGgfUCMx3cBUvet1tfwiaqj0Vu+nYuHTy3LkZGbE +INm/G1kL3vZQC/OLpnL3yXG9Nw/z3JM3k85Dj0ewZHLEjKgIg2l6N8lC0v+R/z1y +X+n9ZfK187r0aEumgR8GQq+NbtnGIKlUx60mN5FGdDFsEDkGQbuL1XygRjs6VdS0 +Rq3gELV0aYZnxETX15YeTB/6IZ1vkkMmCrgFXwvaq7w3fg29h+Yww3eySQ== -----END CERTIFICATE----- diff --git a/test/certificates/gen-certs.py b/test/certificates/gen-certs.py index 9a5d13c459..ac6b1a968e 100644 --- a/test/certificates/gen-certs.py +++ b/test/certificates/gen-certs.py @@ -73,10 +73,16 @@ def cert_pem(cert) -> bytes: def aki_from_ca(ca_cert: x509.Certificate) -> x509.AuthorityKeyIdentifier: - # keyid form: SHA-1 hash of the CA's public key. Required by Python 3.14 / - # OpenSSL 3.x strict chain building. macOS OCSP enforcement on the server - # side is bypassed via --tlsAllowInvalidCertificates, so keyid form is safe. - return x509.AuthorityKeyIdentifier.from_issuer_public_key(ca_cert.public_key()) # type: ignore[arg-type] + # Issuer form (DirName + serial, no keyid). OpenSSL 3.3+ (bundled with + # Windows Python 3.13+) requires the issuer cert to have SKI when the leaf + # uses keyid-form AKI. Our CA intentionally omits SKI, so we use issuer + # form to avoid that requirement. Issuer form still satisfies Python 3.13+ + # which requires AKI to be present on non-root certs. + return x509.AuthorityKeyIdentifier( + key_identifier=None, + authority_cert_issuer=[x509.DirectoryName(ca_cert.issuer)], + authority_cert_serial_number=ca_cert.serial_number, + ) def server_san() -> x509.SubjectAlternativeName: diff --git a/test/certificates/password_protected.pem b/test/certificates/password_protected.pem index 30918e930d..7b1fb0be78 100644 --- a/test/certificates/password_protected.pem +++ b/test/certificates/password_protected.pem @@ -1,51 +1,51 @@ -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: AES-256-CBC,D05A1E2BD266E41DAE31CCF2E495F10A +DEK-Info: AES-256-CBC,9B26104D72E90A4AE4E8355541FD1B81 -+N2pLPepvYngv58VxE1SGmekzFfrnbCbZGtZTSzy+b38nle07dhBu1aSEzhJBByM -pNKckRgO0yeMQX5I0Ajh4qH1eH6Pd2fpDbt8H7xDznbsDmBCg/++MvlQ/qikDh4w -oL+ZBNEkvJW5CfOp8t+xwTjBp2Y2+i9+bw5P/YuUki9fGQtOJzvhL7yPAXTWZ+zJ -4MhYSql3bS5SG3VP71mqTlGAeN3COnSX6QXVQYQqELHYm5byHvL1WES/pXESyUa1 -krkMglNteFV52albiI0wRc286bW+YMnHwZxKXEbcBg9Zu4bq6IXt1b8wQe/fy6wg -L6da6y7Z9ie+ApbuhqW7VNkBTQoJTZjBblia85fFAKdd1drDTR9CebfGrxgAh4pe -X8WyQsxhXzSG0bv28nZUaIqqyBzD9u9fKbMM2FQrbChQMdp7MJ9HVg4gsfTX2jr4 -sj0a04zveK3SN2A4YCz3t4lcAoRuxrHl/fKIfBHM8ivKr7SPJc49sSjU0xiTDc7g -bmSXTI2BiMGOP1tbvSmEQOlwM8H9QLp5K/tqej6QU2qYBq1SnjY0FfXmWkoINVq6 -qCH3y21p0+gZEjTJgkoTannduEbu0ylnyQKFJmOktqgGHrop5dMFNEudoeuQnJjM -m5hp5lTo2l0MYYremNSLbuP/g6Lv6G3g6spzqEj9JHFAwJkdqu7gFBGHXXidFwd2 -h3ok8IGc0YcRNZhzYvvy1BlaDqxy0vaB/6Y5WC8QxqLnrrstnatqc+FT/UHGb+pH -t19bkEit+UDHgqiGtoknfkb61pTT625YXLq/eg1wHjcNy3jDDwTIB/O84+AKH6Yy -c/j1DA0zbf0ogk4ZKX9bmYi7DcymEegDSrlW7ogTq2T8KMXZ+HG86UY+uvWTH9sr -g3lofrHIoFwWORIIZSutQOzBgdupJTv7bc+1SHDQyp/vrC2TRhY0obFsyPgKB067 -/unlbg8kcR/5b7Zfi0bJ/zp4LFI0gtZ56FeoT9X7lOrMZ+1jjhQsgOYxAaUnRJee -ajfa2EJ96ud/3UZsTTl+i7U1HworCofraY0efzbtHNDqQ8cp6rIFZHnCBZOgeCdS -0yzoH+R0EyUSCb089yBF+wplY4tJJt80IGmS82BFvHrjiQcgLOhiuGYKWDODV5Yn -0sjNM0w3L+MdGFmi45fplVm9bCUV9pbmD78CKu97/oksF9hUEPuwTXGLGA/3kX8z -y15Zaryknp1FybaBVw1Xs63bQU76SOjHxXEk/1zVdaJBJLE5vJIMjxwNiD+XWH9K -dKhQwTB8qjuao8ZUN0eu6i4u15Mtt5evWSCABZghOp2o0eSedpYHeaf+4cXv8qGS -7yu50dhnPk78C37kqFI4Jhm3dAqFc1AW74EVUc/VRY5Zqf19HCYsUEQESChVIfBB -F14lm8gF3Gr1AfR1/TBuuZJABCeI86YMDiB6LyOkHvUCtp8PRqfPkq+XbTMNL8Eu -11GwQA3AGfC++b50vZ0yXnhAuLLJiStdrqUwUPzxsca6O7IdLVL9lMvxW1k5l96Q -6hMAoLctC97Ej6Cbwo4fuN3SSYc+rcM5rZ3VNojx8L+OnYnsmBDW6Gus9BDcL291 +QDsm9JSkQpHo9VB3dll1d9B8IDwWVyJ0afv5OibY68tMkUizJfwDIg4NdKHeJ93F +gfSRTt5WYLJX//WTJS9QaERD3Om5/k/4Jgp4RXysh9qApCojwWWEziKqcGmO4rYq +nD9caU9XDheDmM8bFzoOQMP08DAEpDv6pjVh4S8zdjx/x2rP6+9pSCMcW0AA4L9F +U2RF67rWoZL10hetrpuPCq955axY8O0p6spXicbMOWnXvK2muTmpzpm896Q8pEu9 +NHmKsb0NnY2WiC0iZMz1FUPyHgCiMrOb5OXrX9UkPM8Kk5eHiiMmSV77ry2awPD0 +o5czmvjY6m8dKaDbsKEUjNV7NNm2HfbF0B3Cl9Yi6OQj81WavwreQ7y3AcHxiqmz +RVwItH0txM7HWOUqc6oCbLkiRGz3ahRLzUGG+Uvba6KON+zIp+6E2dC9z8CTbTxo +3vSh3MKK9rH/4L/CTeef5dPdnZIN0jlWPJlK9hyY2clu8AdpqYzg+p9fo2R8q5Yf +YNlsBv8UdnD0WA2aS8vQfSXYtcOckgtnS4xY8H1ODzm7js472H3svSi4rvXLqHsU +npsttzgrKPJlLtGcI7c6OGDyWGMyDAz+ERYEp2qNHVYI4LM+GY99UhvnxJJvchGJ +Cw05gJMHUXbYaap/NQRTJTLgmYmJpbKZGMEvg97JrM10wHM4Tte0OqTdYjEPREHo +20Z3wx4ocunA23V749HyknhgzrsMwQ8p6wVUu5RglgyutWr97y+HatyPswLPHI1d +gzUqx8ujBt3wrUYVfFy8ZxNgqumwZau98rMF87YwH1w/dikVjzceFbfAU7wvESG0 +t2ZkIhmJ6N73nc2/AUx0uwbHBcpax4eP7dNSEhWJ/DSRfbdC8Gw1n+uxzGaNqfXF +z5Ex9imurgQGTRqwX+JgUK6S7DMaw+5sqEJxqpfwmP8l6RCy36Ty2u3wfu/cXBN3 +PWt8GQRDWaqgZmfu7qrkA4qk6Wx1/ZuKzpSMgLzhm3l+xT92+bXf+PnlQ3KaJNlF +mq71/0lLnWxkPDQ+E3BE5xDyJxsE11Tj0Gu1+Q+diENVkb0ASdNlCDap/IbTRs/2 +ngYN1jAAtJnqoBe0DE30NExtTbEBX1RZTTRBAwAw2PKCZHI8ncCZr7ITWm9O8yAC +HlNn0/nLsbnySbzVs8/CSO16K5bDz64ltAwJE7nj3VG7g2F+ouCaMIAcTd1iLpSF +qHsjYjPg767lU08MLhsbcMfhP6mciGfbjlRyvSyHqTir+I1r2X6gvrqJkTHdmER9 +t/QPA16FaA8HeqF1xmqccr9TCZyeco/TW4e6M9R4NVn1ey5BS7SM9iq/O3LyLtqm +x0Qriy3KQlO8eIWsmzKxEqvP2RQhvUxN1zeOgCv7VrfTRp0nmv0Iz+zwRZhlulYB +gSsV6Frta3jl7v29bKtbkqMuB+Ix4VeycuALfz6JkKyIfYtSJOPZfvQrBaFXX/8I +Bo6fJ26nhCf2/dFRynC5uTtefU/7X5mP1uBcEku8QKv6f0VhnUnUaKkt+4RLNPgT +iDek+Mc8gxZr5BAbYnahE790m9ho8F3ce60ITr2K4pypE6zHHjSHr4Cz75CXeoz0 -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDgTCCAmmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADB5MRswGQYDVQQDDBJEcml2 ZXJzIFRlc3RpbmcgQ0ExEDAOBgNVBAsMB0RyaXZlcnMxEDAOBgNVBAoMB01vbmdv REIxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxETAPBgNVBAgMCE5ldyBZb3JrMQsw -CQYDVQQGEwJVUzAeFw0yNjA2MDkxMzA0NTZaFw00NjA2MDUxMzA0NTZaMGkxDzAN +CQYDVQQGEwJVUzAeFw0yNjA2MTAxMTMwNTVaFw00NjA2MDYxMTMwNTVaMGkxDzAN BgNVBAMMBmNsaWVudDEQMA4GA1UECwwHRHJpdmVyczEMMAoGA1UECgwDTURCMRYw FAYDVQQHDA1OZXcgWW9yayBDaXR5MREwDwYDVQQIDAhOZXcgWW9yazELMAkGA1UE -BhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDeH3uC30BfUpkY -PBFlvZhkfur8VQn7oT7iKoHIodiAfPDCMuPB/QfqkfWYCKvxlKygnw8vv1p7hck7 -LGiXP/wA7r78mkE6ZxvxW7trrjGSzpAfdN/FaZ8brlGWquSzXptgu8quBfCWteNa -9qcnWmMEE61I2MAK5pOFJxpH1nMxcX3M98BycjKniTjxSQEseDitz7GhYCyt1JWH -ekObb5dUzZiRKifZwkMjAhZNHVYKg6c8+EPWfyt47HIVqEqHbR/aVRj9vKo4PoQi -4fXHGGLgA9Twn0Ca1lpJOzC5vRheVpRgCQ28t/uoOwFU6aplYmalvw5Kcg/zhPfl -JfmqX4fFAgMBAAGjJDAiMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcD -AjANBgkqhkiG9w0BAQsFAAOCAQEAkMnK8ZI7rEMCLBWyIL9KR0XqvoD2KcwkFioG -wkVGrEO+1IX9tEshAlZuWbk01zmRars2dlu9lwAtq3LXuiuwx74GTXECvP7meWWL -NwGKX6rC5INxs6U3wyTyNXUDr5alf+S0i2eGvOZSujqnUV29ZU3W4Kni+CYYc64w -yzf1V3jb7TBrWvx0FyV4zDTuK/Tvfr8ZwXeAIlOAzjlzZKsL+Mc3Wwo+mq+D8KKM -Kfs+vycF2zIz11JbRo7LojPuTch4JMBcWZJf6pebZb59lezmGC8zxfDIiAWzx4VS -GQmxRYvNL0mFXALGL+LGe+4/9UcMMzRG7CCLONzl2mb4GETWGQ== +BhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLjKA70eB+V4x6 +gcpMaK58v4CSN3odJR9PLvp+9iZ3y6hjxdc8qd09KXgcL1Tf+e4XmpHqxbAhmvKF +37U8wP01N1m/Bs72+bZy2+7e7JVbIOILmIbTjFvR6jGunPx0fJ7fqtTSqVtuwpJX +3tBw+vFsewJlQc+zfsPhLx9lMukQWCNiX0+GK2DHS9WVDxVAXELMRemuZVlpP8QI +irnydXyAMrL4UNVh2FiYPeg4dS875mq+1sHZM0JLb7Vkfzr2+gzhrAEbjJIRcosx +ZRj/4Jq/XXMtzxWwTwswqx2sw9oR9qsMB+jH7fUzTQJKj5v+Ubv7AtjafJiE7bfV +dAfzNNZDAgMBAAGjJDAiMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcD +AjANBgkqhkiG9w0BAQsFAAOCAQEABR1ZOvDOiwAVTy+z/MtzfCHrVXUmYmnPybaG +j8ADepJhgEzeZjDmiLkR7Cuo10g9N2TzZYTzrhFWjjOP3iWDU47oCYR5j30V3U6x +zX1/Uh/KOKuIu2NkcYNUSPlU2zq3JvyMErYiPvIQ8t8y8M/AhjPxy2uWNQ98hb3j +s9qdiScJ+ejsoI72BzgRMh7eK+wrxhqZRIAKI9VSy1TIGlXwtnTcU3Tk0uN21HaH +LgOksFqnTEOafbvYUZruaU0XM6p3LvUn/9fCTB7NPUiGaDQIfAAixyH5Nuxu/X/Z +j7PvajaG6jMGgYZl9OXGGMw9zRaAiE2NDOOl5XEQ1tbeZr1ANQ== -----END CERTIFICATE----- diff --git a/test/certificates/server-kms.pem b/test/certificates/server-kms.pem index d462a1c5cd..1a4cf62255 100644 --- a/test/certificates/server-kms.pem +++ b/test/certificates/server-kms.pem @@ -1,50 +1,52 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEA0cBfhW6MFSKPWS/tq8w86UT4puHw52Rs6ycEt8AxYiCtN4px -w8hfhYJssifFOq/flgYH8VF6BPogtb7BLVNF+EqVe+K8AiVmOOdd7pnsXTfICAfj -mne7CVrY/EmMCbIDLnT3wfoEo51aswRJSkv8ocGpgH1q4tZLH4xjI4Kmupclpwko -jKS/Z4iRiWwqL3A7EjTrK33r5FUbq3N3yrAA2KDd8wGvQcB+8H88db4cTuZ/km7t -tIvkH8FVyqGurCzn+v1Bw/fpgHFE4gTUSL9gV75KH+au0hgB2Pd4jEBOyxmip77W -TAPRSL2WoxPjHS8A+4wiEnSe9sXNdYQpu9JpmwIDAQABAoIBAB7NOTnG+htAb/yQ -5T4NSASZdEpNc6sHPFdr621wc9ANLGKzmfE+Q4i/lmazIGt12EeXqyLs7BY/BP6r -fILDb8r+aOVAbouCInjIwSqAwA0QW/eR8QKGApllFeg2hLIHyh/QXXHG3VeJjAAt -6PVYI0k9vz53LHMTNQT1ALn+Pa24sF7y7NI8nCJ8lUdWYEn/kb+paijHgYt7QbKO -zVz4qg6wRvmRqQfjxyOQ1kuqX/Vp58CguZuVhqxW+hXaawfTYTUXuU1ftXDj6zUa -oRFMiGKyWQwYC/e+YM7nr/FWBZiGVCyk4KeSMe+bidxGUgDR9Kbzr27u4kit7ylN -CJyjssECgYEA71D+Xa6nAYpE17paobfNdR+Rw8uPvPz+C58ARcNSMyl7hxYRuzp8 -KgYHHG6EJ1GCauySG3uasO/KbW0O+zD1EKiekPzTcjaiG37RiwjD+8IvHzxBwpyq -g0deCyr4fLSEdGuyw3ArhSdjPGGzpNJxkLwZhNh/lp17gKPLBrOsJMcCgYEA4F++ -S+Z3FOyRMRYMApr28WE1ublDPe7fixsetyRcIHspBOKqgsbffV2Ya+Dngag4iCGz -Q/TeadPiTs6p33i08Nho8pxXrRxyRXM3zbh9y5m+GNeywM2ErNGjrCERlbD43AOg -d9Ixa8or7D33YMnjz1iMnm79TKts/a1vdOp0mI0CgYEA3VblzDOq1uvRfE0pYgUj -i74lDRgK21qKhKkMkXlzX0pwq6InyCjxidSFYzB8HflvTAF9qNmLWzaM3ORPRNgk -8MFj1ulfj3UkPZXvrE3xJbqV5qfOknZf5odtXZritEQpdZvefJAUUFT7nW8nvbu9 -uYWffJTYfK8u+O2E66/l+SUCgYEAiSWc0RIXOd/8Q6/BOZp1VUfhKhv24RVw6Lt0 -A+gis+v0P7s5FGTxWNTsBQzdFWC45WUMCX7UsIVGMHucVC+ZEhqF074CzZq0soTh -2EpsAhaAnvjBl55H+cbOr7kq4X/iLcG9xV/iu4tBW87ote3R5PywP2uCQuoJ3em0 -Vhe1m0UCgYATaCTSkIyb8tbj1VTqwy3CZ0ZddUFAadfTyx5GBS5V+6h+xbW3Hv4f -FR7wobSASYWxpAYary1j0XB/69xUQjHXIl7MJYE6x9rqY//ONfFHAd3raQ+wYfOu -EKsyPFGMGiqgRwqElBpTfeYVSGDNcpqJZ5PwB5uu3AIRlMd9j9GQsQ== +MIIEpAIBAAKCAQEAnr7w+Qvx3cfgYSj3Ha+kbO/1dJoZ3PZA+NbG5gBuePZVrFS2 ++g4heiVMy1vv9oCbNpTcszqaC0yqkQKz3r63ar5u8uqYjOaf3RHEMDQEP3GFYaOF +XDFKUx+CZXrmgZoeMWNYmUP5VwTF2M3dq/APE3zAB0mnMcBv8omJ8jgb2DbvI3X1 +KmK9SWqaRvG8OQu/9gaAyBzR/dS+NpcVxakdeK2uBe3UzldYnqu7VRrFJfQ4zjdp +9LJ098vYVhKwLhaByj3IdqIBiaQpGtDkbJUVHgZoHYKjmnK8bc4rRdkvxTbH1jJg +B9pBnyDpCfWezSP+G9a7nsXFkaAp+zx40bgKQwIDAQABAoIBAAhmmgGdl5u6zSDQ +wysUaKlfLxuP+b7PK8Cl1ROTTqu8e+vJW+ZY9kqTGMCv4wxyrkQYL3AvF+6kv84G +v5Z4SOQvcCQPNPcX6VPdcdPY0A5V2pvAXiyMnmtOgPipciaS2lz9h4Qs31AZYsL5 +05/nh1S3rSd1k8SDpsKS2fSYi/JIK8x1PdtSy3K2+1LMIxEya2oP05nLfA2g5yW8 +ejpM2IlAqgHalfJlrHa5BH8L95QUnKmYKL8dTjdlATeC4WsEJB60MBwnpS2pscKH +u7sXGm32mK9b58bxDiKbQSxxyF51tyRWGk8Ls7yA04rN5+pzdghzMxhOcksia3Gk +k1EzdEkCgYEA0FgiLA33B+X6/ds/2vBoWu623KjQNff6e2ynWktBmQWQR+ixEuJs +s098QyXKrHPvFvtl9WzQjqyixARhvcRr5Ex+q43vjbrPqtFis5rhqIankZoBC5z0 +Z0/hQ0hA/ugXW6bZR0OYXVcAFxhm8oRGupVfUnG/U/jkDT3ibkP0RH8CgYEAww6C +ZdHV9TMSOCdps02Er/kIVSetnJNTqAdNnGtILGmT/31ufjTQM4TIZReGhlHXfXSD +MA5SjxFzlfxxtW+HwBs96KNy1H7ieM7dFWcveyg8JFxXa+Azr8UkrmEVZHEGJhK0 +gQoVi7/bQUCIwlBSOPJsdgL4dqWZewY/nnLASD0CgYEAp8lCg+4fMrow3z4x97VC +pXC3zY8aV0xE6h8/y4Tt6DlFz9OCv22gEuwBa+ZEiYu4Ue7WVsdyUmSPlILe4EAO +j8ZXAPwGn0KCOdP0xCYIc3s1+hlnnB2j6ou3I0NOLLtnDEWbmDvEue71wKPDTK3g +dCUVpkS6y/qWVl+vOhP55SsCgYATSUv7ZVQSeopCoyMAZ5nHDIiWYuX3pVmQM6io +3rK0MXxAttZGBFLRxT9LP5g9j7oO3YZbKg9ftgoHun5DwlNZ21ezuPWRrToXV9zk +UN+Q/dl0fuzl7bUum/+UfmTvGX3SJedTGvwmZUH4objj/a0jlFTFFmYa1STn1SZV +NGNuwQKBgQDBc1VxI4ynqIny+yOUIS+I6Z+QpnFFJqS2QC9+NQMwf4XIpIz1vieQ +Icg0pszZele0P9szv/MP8uEJI65SCTwYwMYSakFXq7r9M6CplDRZsib1ZzjzO4uB +bH/XeYMR2xdhyHsw8D35gDdkewBCJlwIWKVNidhQZxLILoQPlwXXcg== -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID1DCCArygAwIBAgIBBTANBgkqhkiG9w0BAQsFADB5MRswGQYDVQQDDBJEcml2 +MIIERzCCAy+gAwIBAgIBBTANBgkqhkiG9w0BAQsFADB5MRswGQYDVQQDDBJEcml2 ZXJzIFRlc3RpbmcgQ0ExEDAOBgNVBAsMB0RyaXZlcnMxEDAOBgNVBAoMB01vbmdv REIxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxETAPBgNVBAgMCE5ldyBZb3JrMQsw -CQYDVQQGEwJVUzAeFw0yNjA2MDkxMzA0NTZaFw00NjA2MDUxMzA0NTZaMHAxEjAQ +CQYDVQQGEwJVUzAeFw0yNjA2MTAxMTMwNTVaFw00NjA2MDYxMTMwNTVaMHAxEjAQ BgNVBAMMCWxvY2FsaG9zdDEQMA4GA1UECwwHRHJpdmVyczEQMA4GA1UECgwHTW9u Z29EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UECAwITmV3IFlvcmsx -CzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0cBf -hW6MFSKPWS/tq8w86UT4puHw52Rs6ycEt8AxYiCtN4pxw8hfhYJssifFOq/flgYH -8VF6BPogtb7BLVNF+EqVe+K8AiVmOOdd7pnsXTfICAfjmne7CVrY/EmMCbIDLnT3 -wfoEo51aswRJSkv8ocGpgH1q4tZLH4xjI4KmupclpwkojKS/Z4iRiWwqL3A7EjTr -K33r5FUbq3N3yrAA2KDd8wGvQcB+8H88db4cTuZ/km7ttIvkH8FVyqGurCzn+v1B -w/fpgHFE4gTUSL9gV75KH+au0hgB2Pd4jEBOyxmip77WTAPRSL2WoxPjHS8A+4wi -EnSe9sXNdYQpu9JpmwIDAQABo3AwbjAsBgNVHREEJTAjgglsb2NhbGhvc3SHBH8A -AAGHEAAAAAAAAAAAAAAAAAAAAAEwHwYDVR0jBBgwFoAU7Qw4hf3NPDzKlN3YuMMI -GfY6BUswHQYDVR0OBBYEFGVa/2vNKWjJL3ayoya6CVMNvzKVMA0GCSqGSIb3DQEB -CwUAA4IBAQDFxu/xqDcQUEM3vvUPOHdIURcLl9cVli+ZQPWB00+sieGMXcuGE/Ff -ICdDnqLUdcZQy2It1sRC2D50WRJI0w5t+dhNn87F7uVYlsrO88baRK6YFIXiOMCN -Hfn+0KWaTcyiM8Ud5mcaVEm5OrU2+CgfqZzAyFRpVt3XAGqvVdQW7zqhlIfgAutA -ff6MdBx9xXi8p7AXJm2CjnAOPjtpaTmt59GutE06SgAI7DQ+Lainu2QPjedoq0sN -/jcWxklSco5yI4N/vGMNlM18YsxDoQieC8dmb3v4BxKAVL38wode7FN1nD3u0L9H -AJ3sPZEzwDGQoyj19TDmfyvkG+6jQg7v +CzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnr7w ++Qvx3cfgYSj3Ha+kbO/1dJoZ3PZA+NbG5gBuePZVrFS2+g4heiVMy1vv9oCbNpTc +szqaC0yqkQKz3r63ar5u8uqYjOaf3RHEMDQEP3GFYaOFXDFKUx+CZXrmgZoeMWNY +mUP5VwTF2M3dq/APE3zAB0mnMcBv8omJ8jgb2DbvI3X1KmK9SWqaRvG8OQu/9gaA +yBzR/dS+NpcVxakdeK2uBe3UzldYnqu7VRrFJfQ4zjdp9LJ098vYVhKwLhaByj3I +dqIBiaQpGtDkbJUVHgZoHYKjmnK8bc4rRdkvxTbH1jJgB9pBnyDpCfWezSP+G9a7 +nsXFkaAp+zx40bgKQwIDAQABo4HiMIHfMCwGA1UdEQQlMCOCCWxvY2FsaG9zdIcE +fwAAAYcQAAAAAAAAAAAAAAAAAAAAATCBjwYDVR0jBIGHMIGEoX2kezB5MRswGQYD +VQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0ExEDAOBgNVBAsMB0RyaXZlcnMxEDAOBgNV +BAoMB01vbmdvREIxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxETAPBgNVBAgMCE5l +dyBZb3JrMQswCQYDVQQGEwJVU4IDB1MGMB0GA1UdDgQWBBSb8uTbKT1h1ac1q2q3 +EFUpyKS+JzANBgkqhkiG9w0BAQsFAAOCAQEAlzfi7bSvgQTU3pivzOiQUMBzNA+i +UULX/GdcK2526LvTbrdMKWxolsZyMiLawOXHCmPdM2fuqKXzsaYGIF4u6AVZAOce +ouBAUsMZRwM/tIiFQWEO8fZRBAYtxTTS/EofNZXnoQyqEzabSn4KPabBtN+U8nk1 +pJ0s8ZIyoww39I3x7ePrIVU0fJh7HyI8FkCe2RO0C1F5SlHViSIDZIYDEgx7lFvc +xhytgDRLaI28cSiQrOVD/cDSNzIMZkaQMZEfOoyS1VHNW2HVkl3wiHZf4/p/9GoY +FbL4Ivp7EI7wV7Y9u2h9oPni7s/GbmJ72peYwbkbftswL/kFP/YuKeZvTw== -----END CERTIFICATE----- diff --git a/test/certificates/server.pem b/test/certificates/server.pem index e357704b2f..dc249d39eb 100644 --- a/test/certificates/server.pem +++ b/test/certificates/server.pem @@ -1,49 +1,49 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAkrQf8DLdScaAN3uOLMfnYoPpeIFWmiU66VfGjQNaeLNQ4W39 -Kj5ISidV/0b7/iUwxu9VhXjJalmD9vF570dUdBa5rM4kuRDmj5Low55uGW3Mg7Zw -o6FkFJqy8B+WZa+sEiOTMDXmltPlsACqRuAUAsVFHIOlyEpCKCKV48nnBdAOFqIH -mDceBBHxrqz9xd3xl31ltmagDqlXcbmIgtj3f6Y/tSkc4khFQ0lOKLXM5QdfbsNP -KBtMB/XSm8ajBcpUOClVya263B4nBxokdHPzldJrE7tYRc0jFHIxHOU3MS095LFz -9dAhyEMqH7V/4sUTxX/GYc/2VhepXUWY74UOZQIDAQABAoIBAADpfKjmorhzegjQ -DGQfjEMNiHN/rQUoiW4A189HEYEJC3iu35hkaoNOLNtAcA8SxFcy8mMOYKFNaWQQ -o5jfyhj1VW7ZfT6Dhn78dSo6LZfxUrMtmRQe6GmZttZpyE4kbOX+o0rYqSnI5CIe -i2I+Fixtyqc0ZW8gV/NlCd+F5Jk+FnvZwEdXQxfYuBXBISEp1ttQgbRE8nSc2K/d -glHf2yAawk99y7YuirGTN0/woqdPBOpiaD/U/A2IonuyVZn+Pv38j3B2MWG2B1j7 -Gm0xZl23oxAZsTTPlJQnOoZu6rJZ/M4srT8DXnchE0t5F9lM69yx2xFdli4uGfUv -HURN0qECgYEAxFCXMyYoqOWi94E7qQRUk0Z2AxR+ceBsg/vV559OVa1e28T/JVNq -UfkJ9AoFb6qOIevwwFVEacH77ayJqTk/B0msKHwVU190kgSih6WgMFOteX3J9fyb -o+h95doLtrwoy4KnCzjrskPsR583Abue/0gOIrIOlX0K9E+bTCEASokCgYEAv048 -u+JA3kHOc/sdAGEBpD297nd4laOca2meZgGFHfi/fDcGp399ITj9qPqhDTB8lwkT -yGhedgTCPl1gUppx99MODFaNis1i5UmIHIRgki1Exr8laRcz1cQgIONrHhAytAs9 -qnxrJqtfn8QtYO8GWmdICoUbpqqoOzEnd/eC/f0CgYEAsyXQNQ8Xf7m/VBoM9ZpM -C/H686iaExV4MaF5fFt2Qt1peSh2pftPROr82ETk3RhJiE8lbn7hZZlua2BOZ60k -BWSHxJIna+PqHu43242bdz6FSh8uVFpnNdaOPVkT43glykG6apVREWbGkj2LFvu+ -hrucmrDeejCX9IdI8toSx/ECgYEAhawEUgAg9Wwj9vSS6i3eOMYPja4bKuwcow00 -6e/L9QpXulK0qpsxcuJglA80M4QaumpUUWdkAbEHjQ4v/OgAFHt7yHE+C6vBm5cK -rWpuFBXfhcQQPuNAi/CzxmdB9Mq6swVbvGGdeXKrqXYpgx7hYI/kTb1+ebGrRVju -TCw9cn0Cf2wSpeQmRQqqWcPYL6ZzBze3q3rbBpDi/DDPgsePddlu0tUQd21oEGGp -HEjlfmeWIhFCwlsKDf7opZaFZihoNUrKZIcYzLk4W92RodjKLpSIO4Ax5KoQIpQ0 -okNoeOfgTYEoSZ1/V1A42n55yoGnzwSaMgRf5DsxUQkJE6oySLQ= +MIIEoQIBAAKCAQEAtu0LbjJp24OJQEc67YfvP42Gtvu12gjvJSsaqd1lkIvxs+qs +CvaN48ZKeMMgcPZHKZdKntI1vkJZTDmmn/XkBju/uoN+5QE6vEZJ6vEYR3JKVLRR +SAbGTv3FaIF3DsJbWjjzZzaZ571OC55vEwX6oClPO3HbY3N3cNshnvm/1lo0hBVO +WAyqMIoCfpV1fDts8kTL1j/AWWu15Vd5IaibdzKEzzZZmH4+r2pq6IXSXsrLRK3N +iI59uXkuHNXw6vYlDzhluWxH2J1I1ABILM2/aljQ8Ij2X/rKrpoShoKun2RJdVBR +pKRCcij2WqWOtozO7S0FjYzYNZeOPMVfgKSYPQIDAQABAoIBAADDbXxIvpNZca2w +fmj2W8O+ofTKiSA/UEwt6V8TGvTm+JvBG3WyQLZWIgJuAgkmpfZg+ME/7FR+b2P3 +i5/4RTrXbf3nxZRMFIQroOxXlDvcGL5QwFQWHya+PWApxibsHbh7K1zfZ/YFHrnC +sAD60ehwM7HyUDGSjkmMyI+iyC+rT+Fd0pSlkwi+Nsdlglj/mOfwPGD9DuQQFou5 +Itx1iBOPs1lfO3alK7pAyt+i1SkfNosR3n/PC0y+4XVhoNOj+lD2AgIlCKQH7kVU +Hez+BEGakhQY+dsQ/A+cRGuHO0GKfwXwQYeYTHmYaj485B7GpUQe32lHBxe3AeZi +9PB6Z9sCgYEA9va3i1dZpTUKQn2kXr8SKqzpaiEK2EG6Ev+I7bK7n8HDlEUQfjRt +Mzn308U/I5p3W6lYnX+blUkY/WdGFjuw3QM9FIicQy2R5JmUurggZx+zeo9noYAM +FzEF7mw1FbzQ4tKMiHL7/CshH/mjRNZmEMd5H0CZflyZrFkhR1bCBa8CgYEAvZ5+ +Gox9B35PDoaFr8UrOGjK8D10qyNp7fSc21+U9vEUOuKGa6bdrt1TlVUo66Z93rpN +ooe8/ErEJxqR/9+oihfYtpsCw432DHfVjVqFzLZzFwp/cdn/biLyLpceh8ghnXQr +tpz92rwiqj5AMslwLjhLCUK2KeJCGp4KwD0359MCgYEAn5Gv7GeHM7i+pVGbJ+Db +MxnAQ2OQJ0TonqffaH5IvqOq5B1v16u2NxgoafuTnUSMBHy6FiHCfEXb0Leu0GTH +FTane6H9HWbPUl5te+vGe/s+s1z/P5mFtmJli7T848u5SCV0yiFJcZjIcWmSNcM1 +9Xd9alUKGFxqqrJ4Tyjeel8CgYBTcu74bB+SLqpIMDehdVpiBuxY8hLoRjuWN3LY +sKX0T4ChsZOKyPMCw/DG5aWOn8UBQmhsQOSQ+657rxvVye54Z6o+ItYCjfVc41ge +T1pXD2xzFXGk/1WEeOiwTF1pUFBK5Rdf1JN7shRna+IA99ng3XFYb/2PTT3eTPNa +SxbRdQJ/HXiUZE941VKKPbAXODRL0YG/hZvFmHAJbaPbo4SCi6m4uk/bSRGYRTZ8 +OWZplp1PjIKkxK76+Wd6AINLRluwQKbGThq3ESup/rbcnTxF0haGds6iyuvsKLJc +lD406o2rIhIPFSDco2fiLNmAlA2X6j811ysszB4FjTGYHeSNTA== -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDlDCCAnygAwIBAgIBATANBgkqhkiG9w0BAQsFADB5MRswGQYDVQQDDBJEcml2 ZXJzIFRlc3RpbmcgQ0ExEDAOBgNVBAsMB0RyaXZlcnMxEDAOBgNVBAoMB01vbmdv REIxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxETAPBgNVBAgMCE5ldyBZb3JrMQsw -CQYDVQQGEwJVUzAeFw0yNjA2MDkxMzA0NTZaFw00NjA2MDUxMzA0NTZaMHAxEjAQ +CQYDVQQGEwJVUzAeFw0yNjA2MTAxMTMwNTVaFw00NjA2MDYxMTMwNTVaMHAxEjAQ BgNVBAMMCWxvY2FsaG9zdDEQMA4GA1UECwwHRHJpdmVyczEQMA4GA1UECgwHTW9u Z29EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UECAwITmV3IFlvcmsx -CzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkrQf -8DLdScaAN3uOLMfnYoPpeIFWmiU66VfGjQNaeLNQ4W39Kj5ISidV/0b7/iUwxu9V -hXjJalmD9vF570dUdBa5rM4kuRDmj5Low55uGW3Mg7Zwo6FkFJqy8B+WZa+sEiOT -MDXmltPlsACqRuAUAsVFHIOlyEpCKCKV48nnBdAOFqIHmDceBBHxrqz9xd3xl31l -tmagDqlXcbmIgtj3f6Y/tSkc4khFQ0lOKLXM5QdfbsNPKBtMB/XSm8ajBcpUOClV -ya263B4nBxokdHPzldJrE7tYRc0jFHIxHOU3MS095LFz9dAhyEMqH7V/4sUTxX/G -Yc/2VhepXUWY74UOZQIDAQABozAwLjAsBgNVHREEJTAjgglsb2NhbGhvc3SHBH8A -AAGHEAAAAAAAAAAAAAAAAAAAAAEwDQYJKoZIhvcNAQELBQADggEBAL60C/EIi0wQ -udeN97ul0zkXF0Ak6KC14Wna5Sq82/wQQFQujnmfs2xpxbc8CHv1rSLWSjn7jsQt -Z/IAbIDmku/RjXMUQsHNqGbai/9Gvh3M7enpdt14Pb15xgXFeRQlvtBfueGPPOPo -G/5jFybxyy2I44BSEWj19rh37TDzPFS34EIUB66zAkw7TBgbVdeTxnbXIxB0tyIX -s08FeBRt9qjJYydKBLgRYxmZLKDdQrwPTLruzwr0qGQna4jjp+gda8HK1AeNR8hr -z81f2sGXYCYeP2av66Hgt+9i9ZRdvkTGFD07zNwsqqpilP1y//5oGfFh0Xn86kyB -kcCQOGTokTc= +CzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtu0L +bjJp24OJQEc67YfvP42Gtvu12gjvJSsaqd1lkIvxs+qsCvaN48ZKeMMgcPZHKZdK +ntI1vkJZTDmmn/XkBju/uoN+5QE6vEZJ6vEYR3JKVLRRSAbGTv3FaIF3DsJbWjjz +ZzaZ571OC55vEwX6oClPO3HbY3N3cNshnvm/1lo0hBVOWAyqMIoCfpV1fDts8kTL +1j/AWWu15Vd5IaibdzKEzzZZmH4+r2pq6IXSXsrLRK3NiI59uXkuHNXw6vYlDzhl +uWxH2J1I1ABILM2/aljQ8Ij2X/rKrpoShoKun2RJdVBRpKRCcij2WqWOtozO7S0F +jYzYNZeOPMVfgKSYPQIDAQABozAwLjAsBgNVHREEJTAjgglsb2NhbGhvc3SHBH8A +AAGHEAAAAAAAAAAAAAAAAAAAAAEwDQYJKoZIhvcNAQELBQADggEBAIiuZmP4NFfn +/nNrZCMgR5cVPeFgBmFhyOS4HgqdXjSeebUYyz2Jbhu7y5djbo2r92lTjvKZKGUE +u1+Xj4qhJ8WrcCP6Bfz7/zBCqZRw++uT6lfEdLr76c+8GbqoJPfoYyDxlYWYtSCn +AGb7VbXkeUYPDLUgcIAUFdyfOjGTxdZDiaM2MQa7tw1GRJTAncX7efCfCjLpcN16 +Iywhn4E/r7QhNXwe5Vfwee1dn08MFYn2lud38he6oW0N2A0/aIyVz25xB+H5DP5j +RDpoXUquyhjOyEFrcDelDFX+EBxCPr+VvVXJK773JK8jTi7C3mu3Eip2KqJ/7gRZ +A23MpqOzisM= -----END CERTIFICATE----- diff --git a/test/certificates/trusted-ca.pem b/test/certificates/trusted-ca.pem index 1a8336de90..b968a1c62e 100644 --- a/test/certificates/trusted-ca.pem +++ b/test/certificates/trusted-ca.pem @@ -2,21 +2,21 @@ MIIDlzCCAn+gAwIBAgICAMgwDQYJKoZIhvcNAQELBQAwfDEfMB0GA1UEAwwWVHJ1 c3RlZCBLZXJuZWwgVGVzdCBDQTEPMA0GA1UECwwGS2VybmVsMRAwDgYDVQQKDAdN b25nb0RCMRYwFAYDVQQHDA1OZXcgWW9yayBDaXR5MREwDwYDVQQIDAhOZXcgWW9y -azELMAkGA1UEBhMCVVMwHhcNMjYwNjA5MTMwNDU2WhcNNDYwNjA1MTMwNDU2WjB8 +azELMAkGA1UEBhMCVVMwHhcNMjYwNjEwMTEzMDU1WhcNNDYwNjA2MTEzMDU1WjB8 MR8wHQYDVQQDDBZUcnVzdGVkIEtlcm5lbCBUZXN0IENBMQ8wDQYDVQQLDAZLZXJu ZWwxEDAOBgNVBAoMB01vbmdvREIxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxETAP BgNVBAgMCE5ldyBZb3JrMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQAD -ggEPADCCAQoCggEBALeFpjfUC3HcR9jGmX3c4POybMAWd+sAPt6RNDHaKdWHNI9S -BJk0mkdt1G5NAALOq3Z/hdkpX2TJo3Op24x9l13nj38emdBnv1bgWczHGmsSLiKQ -Pw1XFNw/6Tqox1oqvKcehhQz+MIa9ZhKBVOYvSK4+nZuWbQl/FiHioJqBY8Z5jYS -VsuU43mmMljJcSW1cW9Z13q3zfJWt6DA1x4DsrtAiDe0LIuhZcZb3x5dKJLn2xrO -Zy2heRIADP6MCwWVMsoaywvqOSEy/ZAyMAPxPgLWY8mf7GrwYVYTDjUHMg7Ty+tc -cCgmMeP45hvrM1wf1nN7M7CRf1nCfA8S3XbtPI8CAwEAAaMjMCEwDwYDVR0TAQH/ -BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAH8M9GVc -0YgtFcZBffada8tmC1qYigD2bVfWlAKrRwMPCrL3bGjXjrwZVuqaek1l90ti2G9/ -CFs/oP3R95MYUDLbAQoepAh9n3FAdLyt8b3WMe+DIWj/yviB20W5UyNgiqVWn/TK -d+E9pSW+xwFx8HI8WUIkPaqr+0TB45hLETjJ3ssG4rhgE1aQ29B2gHTyzlILKfY6 -++rDCcuXP8Z2VnhhtvnoxbX9Nnr7ZUXsijb0XBymDVc4Jxle8KGk1lrr5mdkN09y -zkaph8PTKF56IPagHnU78emhT9cF9QTsHN5JYVVgcCEOnS1bNs1Wt4H8VaaccBWf -/VyGcJ5dM/CkIbw= +ggEPADCCAQoCggEBAKnupoVXRCZ/jsWlG243YaCG3i9EzIcW/X8CKbhkpPdwr6eH +bi3z+67U/6epks32zQBZTwWOomSlm1BD7OUrUW+k1ahujGFHnwOmLeXxN9otgBr6 +aGPUu1P8P4kU1dDFKMBPdfFRrHs3f8LKMkdLFwnJ1w32P+6X6Drq4Sq0kB0kZqu5 +fFCVvW2a1Uit6JWdfgMybN98pGsMDqI+T25eMMN6MwDj5C5XhVk4OZGOJ6ltJN34 +UnRqURZvOXAxGP94Uw6IAbyWcYWw/Z4LpleMyWk9djHntFzenwKiRDfpHrs6i2Xh +/kdAdYYIWfyqSTUfywxZX+OFCAG991lZUKRwcf0CAwEAAaMjMCEwDwYDVR0TAQH/ +BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAJSkpDcH +Ar9hyACHDm1c6Gotl+ZW2J+IU9W9RHsmfMvD2rKg/zMylVXcUzwWeuxf9CsZ2Kxc +yK/bKcLyKOQ8oAlQVmgaaYaH655t8jXSoLJqd79N7huEP3uuzJSpiei9c4G/UOdi +XWqJlJkevdLpoqmVyvFrXutcxbAIWTBx3WM2xxTu1hEmDEI+fOr6xdvcxQ6X+9h1 +/Cp+ZFvasCQfcSfozeneQPkd3B7WGfhPLZdJDvO/ppQD7P0xAcOsxBCAaHVDpQM0 ++aMt+lavkJv449NJy2pdrF00M3V1KLrF2JBeRUbRae9EZPGvL60eGeqB1ngd+pb8 +0+P1vwrci1lNtwU= -----END CERTIFICATE----- diff --git a/test/certificates/wrong-host.pem b/test/certificates/wrong-host.pem index db64af5432..3b7c92d91f 100644 --- a/test/certificates/wrong-host.pem +++ b/test/certificates/wrong-host.pem @@ -1,50 +1,52 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEA8AnJHu3V7er++/WK3A78gb4bx1LKaPxn0EmS2PRl/+bJaCzV -CRxWzjOBiAZLhtri0cWGa7AAxlydiPIs7lv/Px1+GnfqD6pg6b870j5Z8FlzYZM7 -gvo0EVCjZLD7piYDSI0gPpAugLxQVSO1yZykbT/KUea8z8JZEbI+Va8krcZMJHig -8Q5rJeBhur8Zn7UsCwKH4Ja7mdkhhJrCNA/sawlL9O5MsT30ye5gO39qeKknCx7D -KD7BQsfDR5YsjoLXcLkLbESro4frAMiQlu73HqWdGlOjaLZyixIHmrcwCjzPgI60 -GSw1enlvFcgMXoY5NMKOm0VzyER6BIZBCSECIwIDAQABAoIBAAiFm9h3Zyg6gAPW -1IsVgkQHNxodNVkDaZpoLbZV2BQPT+04dtF4/IWt3rr5/Rgq/qfvCyzP2mcwc/7E -ht77gydaoER+S/JOuBL0Y4t0BBkgzQICiknqjq+HQcyjNsUZKmPRuR8xyKlwhhfi -AIik3JtIVFjuCAm9XxBwfJEzDMXijFsnTMVWyMgrXJkemwyjn9ET0g9LfpdEIWZ6 -OdQDasXPetoMsA6QEwpx9OIaIckM4P9ydE0s9rOHFNs9UIRVl8wbmXoUnArotCns -jEyR7UO+tyVdRpiNDiyBi3uXnNGOODUL3+1KsZIHovnG/S2ajMMReHhiJ9ETXOd/ -fXUCMBECgYEA+Mgbg9c7K0ttZH3Az5tETjXIxtqiRV4rN2M6rVipCowro7U3FZNH -lux6ZUGLrk5l8TXYVZrJzuQP4LWnwGLhET/ZxbI44Ub9T7XiiEXtatmLAgu6cxV+ -vaQm+1lC+UGrurYG13rOsqauqkYhFMqQnlRXHLaqrLhcSTANmGqxdKkCgYEA9wC7 -3tWQPupTB07Hik8HDLCYZJ6saDkl4Ur1kt+yhoIF3qdZLZyKiYkYMqy6RDdcdsKN -ZCWQDug2W4A6zsLj8szclUeT4SyZCyLVYNPZiEAzvDKX74ngUCZ/ST4MYek5grWt -9x3dYHt7H/IwTPjKCpx17rXea/tkESRWqlsbc+sCgYB3Jn/nGQJBrhJqesAJrnd8 -bc4HT1dAmeVg1amYtEnhv1h3Q6dqMeuroP7N2CKqDOpOKFfASC43ZIsmOFprje/1 -bvtB8CXF31YbAyXH1pXrAt3M0QkvbTASa7gv0YR+FLHG7r9AHJU6gxJMguH9Lzcs -XYCLRAFiT7oDY3xfb1omYQKBgQDLm5BCPNt98Vzl7juwODrAbCYC84V9GHawQ0Ex -hDK+jBnYkyyA28SbYSZQR2/34YbX4sH4procf7CnNonDfIW41MSUTX+KI2A4/MrV -2Ww802eSIEZ8T7RXfZR5RKuiXkVpCOhRhw3AhalWCSdlm8O4gYb5cnPZoU24j7Ld -FOMJZwKBgQChCaiWhFdp4qNzCNgehds4a4TgYjujw4XMuRwbkYF/YY0ESkXxcQy9 -OqsIyI6crq4TXQP7mtbaFB3Hib+3sIBmxXxtod50zKkTw9jd5/jYR6ii/mEsxvOs -wvsNBWwQF7KJ0h42hN51neOLVBVDxlNT5QFWVchZqzflQELPb7Q6Ag== +MIIEpAIBAAKCAQEAvz86Ioh1BWdD+J4jUGRlmgx16sLlaC/u3Gq/KCfIwIw9/MJ5 +p24cEqT6tnPEVV5cg2mhL8lAzZvsZEZcXpFGqMHoub+AA7Cxkddh1kOuWHzBanfs +Q6Q0jEV5FRu7g7u/ucS+PekQ5j8LkF/4YJNGjBNWFgWgbnzA941/h6aCr0oZQqpW +g8SFiXfYtmV7DSvA+Fw9kEmkVh3j6yM9+rGTv0LqCZ1BjRuVb8e/MsDl8wKTXjCU +D7OwA0efC87WtB/Z4d7lUIfRV4iHb5EtcfKAB0YsFp7F7tsfchxTZ//3SyWffheI +pduc9zxDRDM44Tev5UvNEoJtSICnLu1DuLVEEwIDAQABAoIBABNVz0kDgR/r5KWD +nhq4Hm+N1/QarTqJ3L01y6AXLvGMnDhsPwQW7/P7RbUMN5V78KAr80BouUpa+8eC +4j7WCDidQNawDj9mmKVKixkwXDWVCLGncIsW1GXkIOLp8VzXBAIXlTZJfyG6zllT +4pbSUlJszV9079c2egSX2S9mkxV+nGi2dK/0yNVdhav1C9FyKjyXfHGepTiTGR4w +PXzLwf0Sk/TuVVNDmqTt3+1XAxIpdxnkorR9KyOx/8NIxNb4/0LzrWsF9nZJyXew +sNPwnRLyXaqF2aSyOcqTx51+O1uDJWfb0SBapyBwwaDkqCxpUDoZTm/sCKjrwAMs +jBOtGBECgYEA5F6xsHCd43meX1A/X0CUWmxT6JJlnDqcj9ioPPJyFdBiOu00e7aU +tOkiM2vg+djLRYcmtP9DwB2yOs3uy59wXpciGoxIjbRnoqJyNuWlg0KcGQU2NDhb +RzyoJbI3aSCeDZzrWkLy1uZtLlevEb/OPIs4bbVlTGTAPXcto/I8J5ECgYEA1mK5 +WlZmKpDbPl6Unjr6Go06ZbRXqhiRwSHjnMZwuS0UgezRKLzUbKJQ8z5zd1k+b2u0 +B6C8tahGVGi3LiQC3qkzMvfjvbGOXF6jyETorf4A4v0ueqAtzNTcBR5Boq+F8Z76 +uhO2cZoy7DBLDuVxIKP/ye17EgDfzsz1LyQNB2MCgYEAtCdPnZT5uR2UJjS0CXx0 +i/CxMONsbRZ/s6qC7bGE9lhxZXMC2CVsolrXtCECVZcEpFC95EMLO18x3tnd65xX +lQc8zBymj8MljlMALvZy312IruRBomhi+YuMSlCRDcnBZZPIxmfSEl2s+8YIQcRB ++dkKJuHWi7FfRh3iT1ckxUECgYEA0X0W8heLLfzuwDtbrmKjEl7+uXNIVoY7pyWe +bQvcCpbqeysWF2Ctkpnp0EcuPWmPgQEVon6G6FvOnZzVoti9lSZxSVTBzhM6sTgp +gwES/TI/W49bY6gyGP3HIZk3OemaUUiwaDPrC4dKS1HFhoDd0q9uu7q7kBQantHY +pH/t21ECgYBOLQrxiI9pqQuHd6S9P7bm72j61D/iTf91gJ4S1FouBURTvU8KioX8 +vwzVxbdyr0wP5Wzo7vqaUrmD9OKUpuCR1W8twvOKZeBku5YacSJSIgDH9L0T9Z6K +WVTIWEnOf/JaFYrhrOu/15UtrnY/KYfiQS/C6q3el9tIKY8e110IBw== -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID1DCCArygAwIBAgIBAzANBgkqhkiG9w0BAQsFADB5MRswGQYDVQQDDBJEcml2 +MIIERzCCAy+gAwIBAgIBAzANBgkqhkiG9w0BAQsFADB5MRswGQYDVQQDDBJEcml2 ZXJzIFRlc3RpbmcgQ0ExEDAOBgNVBAsMB0RyaXZlcnMxEDAOBgNVBAoMB01vbmdv REIxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxETAPBgNVBAgMCE5ldyBZb3JrMQsw -CQYDVQQGEwJVUzAeFw0yNjA2MDkxMzA0NTZaFw00NjA2MDUxMzA0NTZaMHwxHjAc +CQYDVQQGEwJVUzAeFw0yNjA2MTAxMTMwNTVaFw00NjA2MDYxMTMwNTVaMHwxHjAc BgNVBAMMFXdyb25naG9zdC5leGFtcGxlLmNvbTEQMA4GA1UECwwHRHJpdmVyczEQ MA4GA1UECgwHTW9uZ29EQjEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTERMA8GA1UE CAwITmV3IFlvcmsxCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEA8AnJHu3V7er++/WK3A78gb4bx1LKaPxn0EmS2PRl/+bJaCzVCRxW -zjOBiAZLhtri0cWGa7AAxlydiPIs7lv/Px1+GnfqD6pg6b870j5Z8FlzYZM7gvo0 -EVCjZLD7piYDSI0gPpAugLxQVSO1yZykbT/KUea8z8JZEbI+Va8krcZMJHig8Q5r -JeBhur8Zn7UsCwKH4Ja7mdkhhJrCNA/sawlL9O5MsT30ye5gO39qeKknCx7DKD7B -QsfDR5YsjoLXcLkLbESro4frAMiQlu73HqWdGlOjaLZyixIHmrcwCjzPgI60GSw1 -enlvFcgMXoY5NMKOm0VzyER6BIZBCSECIwIDAQABo2QwYjAgBgNVHREEGTAXghV3 -cm9uZ2hvc3QuZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAU7Qw4hf3NPDzKlN3YuMMI -GfY6BUswHQYDVR0OBBYEFO0PTJ1J98R+I8mqX7u5KpnSVL2pMA0GCSqGSIb3DQEB -CwUAA4IBAQCYL0zfRVglUlX4H9tUZ9J9mf0p3rtxvTN3UfxwfzhlXAWvtFR42U/u -tNT0r0Vw2ormHLx2QUTGPZkTREhAWVOpk+71vLcb5tBtjKVgihmA+cpwAz8hbo/j -YKntYI8ilmuAg77Vyijm8iqcrswT5Q8KK6wtloo16yY37YrxJUpnPHbWqftrGHiy -bKWOE4HRC2DNLtuLQW/8G3/VRwaBIJvSnV10yvPGcNzXS6JDrQ0shm+MEBvutUYS -z92gL38esOqXUMnhrx3J9bnWT8/CYxqncBZFXfa6XXoDmCvTeY1jajMEemqEkGHL -RO60b2+cVAXNA6548VstWx/S/XiuIhVB +MIIBCgKCAQEAvz86Ioh1BWdD+J4jUGRlmgx16sLlaC/u3Gq/KCfIwIw9/MJ5p24c +EqT6tnPEVV5cg2mhL8lAzZvsZEZcXpFGqMHoub+AA7Cxkddh1kOuWHzBanfsQ6Q0 +jEV5FRu7g7u/ucS+PekQ5j8LkF/4YJNGjBNWFgWgbnzA941/h6aCr0oZQqpWg8SF +iXfYtmV7DSvA+Fw9kEmkVh3j6yM9+rGTv0LqCZ1BjRuVb8e/MsDl8wKTXjCUD7Ow +A0efC87WtB/Z4d7lUIfRV4iHb5EtcfKAB0YsFp7F7tsfchxTZ//3SyWffheIpduc +9zxDRDM44Tev5UvNEoJtSICnLu1DuLVEEwIDAQABo4HWMIHTMCAGA1UdEQQZMBeC +FXdyb25naG9zdC5leGFtcGxlLmNvbTCBjwYDVR0jBIGHMIGEoX2kezB5MRswGQYD +VQQDDBJEcml2ZXJzIFRlc3RpbmcgQ0ExEDAOBgNVBAsMB0RyaXZlcnMxEDAOBgNV +BAoMB01vbmdvREIxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxETAPBgNVBAgMCE5l +dyBZb3JrMQswCQYDVQQGEwJVU4IDB1MGMB0GA1UdDgQWBBSQFJeOAoIcQj1SsDX/ +wEZu7Z1JkTANBgkqhkiG9w0BAQsFAAOCAQEAKhRUllW9XSWZjpsWosKQg0iDaBk5 +tTpkg0eeNAT8PexmeTzeoPyT3dPmlJ/ouVgp8CGHHYP+Lrdo6xUxUpRQXYTjN9lL +h0GS4qKaELJauKVimA0+CqK6OzSn/TnS0/Gv82YC1i4KWYBwhnH73USjnRleiZ9W +/oDH6PTSWmbCG312W30fYaDCOnBafbIsbDHrzbe/HF8XWWgFX/Q5WKb/91goahmN +Fiz0GbjWRv0MyaL4wy/hUw+XIHimW7cccl2RaMI3BRyw6Rirsu4p1eqAXVOkeN4v +X+VnZQUtuG7fle/t9dZqArN7FUId9lzOX7ERr3ZAh6Ss/Ps9Ll6m8/KJWg== -----END CERTIFICATE----- diff --git a/test/test_encryption.py b/test/test_encryption.py index 402ee64f99..898763a892 100644 --- a/test/test_encryption.py +++ b/test/test_encryption.py @@ -3027,13 +3027,14 @@ def setUp(self): def http_post(self, path, data=None): # Note, the connection to the mock server needs to be closed after # each request because the server is single threaded. - if sys.platform == "darwin": - # macOS: use PROTOCOL_TLS_CLIENT instead of create_default_context - # so that X509_V_FLAG_X509_STRICT is not set. Python 3.14 enables - # strict mode in create_default_context, which requires SKI on the - # root CA cert. We intentionally omit SKI from the CA cert to - # prevent macOS SecTrust from triggering OCSP revocation checks - # during MongoDB server startup. + if sys.platform in ("darwin", "win32"): + # macOS/Windows: use PROTOCOL_TLS_CLIENT instead of + # create_default_context so that X509_V_FLAG_X509_STRICT is not + # set. Python 3.14 enables strict mode in create_default_context, + # which requires SKI on the root CA cert. The CA cert omits SKI + # to prevent macOS SecTrust from triggering OCSP revocation checks + # during MongoDB server startup; the same cert is used on all + # platforms, so Windows inherits the same constraint. ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) else: ctx = ssl.create_default_context() From 836ac6a193e766ae689c252ee306d8af5bb00791 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Thu, 11 Jun 2026 07:45:57 -0500 Subject: [PATCH 28/28] PYTHON-5040 Define AKI/SKI on first use, pin cryptography>=44.0.0 --- test/asynchronous/test_encryption.py | 3 ++- test/certificates/README.md | 2 +- test/certificates/gen-certs.py | 6 +++--- test/test_encryption.py | 3 ++- 4 files changed, 8 insertions(+), 6 deletions(-) diff --git a/test/asynchronous/test_encryption.py b/test/asynchronous/test_encryption.py index da3dddef4b..e567833b68 100644 --- a/test/asynchronous/test_encryption.py +++ b/test/asynchronous/test_encryption.py @@ -3049,7 +3049,8 @@ async def http_post(self, path, data=None): # macOS/Windows: use PROTOCOL_TLS_CLIENT instead of # create_default_context so that X509_V_FLAG_X509_STRICT is not # set. Python 3.14 enables strict mode in create_default_context, - # which requires SKI on the root CA cert. The CA cert omits SKI + # which requires a Subject Key Identifier (SKI) on the root CA cert. + # The CA cert omits SKI # to prevent macOS SecTrust from triggering OCSP revocation checks # during MongoDB server startup; the same cert is used on all # platforms, so Windows inherits the same constraint. diff --git a/test/certificates/README.md b/test/certificates/README.md index a8e32afeb9..3cba9c2a98 100644 --- a/test/certificates/README.md +++ b/test/certificates/README.md @@ -18,7 +18,7 @@ Two classes of leaf certificate are generated, with different extension profiles conflicting requirements from Python's ssl module and macOS's SecTrust framework: **MongoDB certs** — presented to MongoDB Enterprise, verified by Apple SecTrust on macOS. -No AKI or SKI. Adding AKI causes SecTrust to attempt OCSP revocation checks; because our +No Authority Key Identifier (AKI) or Subject Key Identifier (SKI). Adding AKI causes SecTrust to attempt OCSP revocation checks; because our CA is not in the macOS system keychain, those checks fail with `CSSMERR_TP_CERT_SUSPENDED`. **KMS certs** — presented by KMS mock servers, verified by Python's ssl module (OpenSSL). diff --git a/test/certificates/gen-certs.py b/test/certificates/gen-certs.py index ac6b1a968e..a2d99926a1 100644 --- a/test/certificates/gen-certs.py +++ b/test/certificates/gen-certs.py @@ -1,13 +1,13 @@ # /// script # requires-python = ">=3.8" -# dependencies = ["cryptography"] +# dependencies = ["cryptography>=44.0.0"] # /// """Generate TLS test certificates for the PyMongo test suite. Two classes of leaf cert are generated: MongoDB certs (server.pem, client.pem, password_protected.pem): - No AKI extension. MongoDB Enterprise on macOS uses Apple SecTrust with + No Authority Key Identifier (AKI) extension. MongoDB Enterprise on macOS uses Apple SecTrust with kSecRevocationRequirePositiveResponse. When AKI is present, SecTrust uses it to identify the issuer, then attempts OCSP. Because our CA is not in the macOS system keychain on Evergreen driver CI hosts, OCSP fails and @@ -25,7 +25,7 @@ The CA (ca.pem) intentionally has only basicConstraints: CA:TRUE and no other extensions. The original test CA shipped in this directory (from 2019) used exactly this minimal profile and worked fine on macOS. Adding keyUsage, -subjectAltName, or SKI/AKI to the CA cert causes macOS SecTrust to treat it +subjectAltName, or Subject Key Identifier (SKI)/AKI to the CA cert causes macOS SecTrust to treat it like a leaf cert requiring its own OCSP check, which then fails (CSSMERR_TP_CERT_SUSPENDED) because the CA is not in the system keychain. diff --git a/test/test_encryption.py b/test/test_encryption.py index 898763a892..1a6f9b93e1 100644 --- a/test/test_encryption.py +++ b/test/test_encryption.py @@ -3031,7 +3031,8 @@ def http_post(self, path, data=None): # macOS/Windows: use PROTOCOL_TLS_CLIENT instead of # create_default_context so that X509_V_FLAG_X509_STRICT is not # set. Python 3.14 enables strict mode in create_default_context, - # which requires SKI on the root CA cert. The CA cert omits SKI + # which requires a Subject Key Identifier (SKI) on the root CA cert. + # The CA cert omits SKI # to prevent macOS SecTrust from triggering OCSP revocation checks # during MongoDB server startup; the same cert is used on all # platforms, so Windows inherits the same constraint.