tests: Update server and user certificates (2017)

The previous versions expired, so need to re-sign these to fix number of
the EAP test cases. In addition, add a shell script (update.sh) and the
needed CA files to automate this full update process.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests/hwsim/auth_serv/index.txt

@@ -4,5 +4,5 @@ V	140102000000Z		D8D3E3A6CBE3CCCA	unknown	/C=FI/O=w1.fi/CN=server4.w1.fi
 V	150215083008Z		D8D3E3A6CBE3CCCB	unknown	/C=FI/O=w1.fi/CN=server5.w1.fi
 V	150228224144Z		D8D3E3A6CBE3CCCC	unknown	/C=FI/O=w1.fi/CN=server6.w1.fi
 V	160111185024Z		D8D3E3A6CBE3CCCD	unknown	/C=FI/O=w1.fi/CN=ocsp.w1.fi
-V	170930181357Z		D8D3E3A6CBE3CCE9	unknown	/C=FI/O=w1.fi/CN=server.w1.fi
 V	150929211300Z		D8D3E3A6CBE3CCD1	unknown	/C=FI/O=w1.fi/CN=Test User
+V	181001154204Z		D8D3E3A6CBE3CD12	unknown	/C=FI/O=w1.fi/CN=server.w1.fi

tests/hwsim/auth_serv/openssl2.cnf

@@ -0,0 +1,146 @@
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+oid_section		= new_oids
+
+[ new_oids ]
+
+[ ca ]
+default_ca	= CA_default
+
+[ CA_default ]
+
+dir		= ./test-ca
+certs		= $dir/certs
+crl_dir		= $dir/crl
+database	= $dir/index.txt
+unique_subject	= no
+new_certs_dir	= $dir/newcerts
+certificate	= $dir/cacert.pem
+serial		= $dir/serial
+crlnumber	= $dir/crlnumber
+crl		= $dir/crl.pem
+private_key	= $dir/private/cakey.pem
+RANDFILE	= $dir/private/.rand
+
+x509_extensions	= usr_cert
+
+name_opt 	= ca_default
+cert_opt 	= ca_default
+
+default_days	= 365
+default_crl_days= 30
+default_md	= default
+preserve	= no
+
+policy		= policy_match
+
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= optional
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+[ req ]
+default_bits		= 1024
+default_keyfile 	= privkey.pem
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca
+
+string_mask = utf8only
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= FI
+countryName_min			= 2
+countryName_max			= 2
+
+localityName			= Locality Name (eg, city)
+localityName_default		= Tuusula
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= w1.fi
+
+commonName			= Common Name (e.g. server FQDN or YOUR name)
+#@CN@
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_max		= 64
+
+##0.subjectAltName = dNSName:server.w1.fi
+
+[ req_attributes ]
+
+[ usr_cert ]
+
+basicConstraints=CA:FALSE
+
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+authorityInfoAccess = OCSP;URI:http://server.w1.fi:8888/
+
+[ v3_req ]
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+subjectAltName=DNS:example.com,DNS:another.example.com
+
+[ v3_ca ]
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer
+
+basicConstraints = CA:true
+
+[ crl_ext ]
+
+authorityKeyIdentifier=keyid:always
+
+[ v3_OCSP ]
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+extendedKeyUsage = OCSPSigning
+
+[ ext_client ]
+
+basicConstraints=CA:FALSE
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+authorityInfoAccess = OCSP;URI:http://server.w1.fi:8888/
+#@ALTNAME@
+
+extendedKeyUsage = clientAuth
+
+[ ext_server ]
+
+basicConstraints=CA:FALSE
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+authorityInfoAccess = OCSP;URI:http://server.w1.fi:8888/
+#@ALTNAME@
+
+extendedKeyUsage = serverAuth
+
+[ ext_client_server ]
+
+basicConstraints=CA:FALSE
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+authorityInfoAccess = OCSP;URI:http://server.w1.fi:8888/
+#@ALTNAME@
+
+extendedKeyUsage = clientAuth, serverAuth

tests/hwsim/auth_serv/server-eku-client-server.csr

@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBhjCB8AIBADBHMQswCQYDVQQGEwJGSTEQMA4GA1UEBwwHVHV1c3VsYTEOMAwG
+A1UECgwFdzEuZmkxFjAUBgNVBAMMDXNlcnZlcjYudzEuZmkwgZ8wDQYJKoZIhvcN
+AQEBBQADgY0AMIGJAoGBAMowHv0TagIoUZoOqR5yfudayMsMfoqZgY0FswmwqYbn
+rkT64Mfu8xi0MWXjBW9mTuPkhYGbR39ftRYrsFmRnMVV09PKLIHO8CeoVN4OT9jw
+Eb0LEFY4Jt+pOpUVk6YW7dIetLXAqGGOrhAE/eYmykoNkEu5rMmU8rFrl2tgJOq9
+AgMBAAGgADANBgkqhkiG9w0BAQUFAAOBgQA9gLu0fMZobrP6pkMTQFB/e8iDxeEl
+LlTqNoZ1hMJ5CQHHB/CLK5D0D+oGrheb/7WA9kT9aMnk1KVFHFmNb0rGMHMLHIWb
+PBb7d1xEFskl/iB1VshJX0DhYhkgwxuQzPF3fQCJV+pUf7hOI0tzY4yXgLykO5Us
+qzQNeSKKXD3XbQ==
+-----END CERTIFICATE REQUEST-----

tests/hwsim/auth_serv/server-eku-client-server.pem

@@ -1,12 +1,12 @@
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number: 15624081837803162862 (0xd8d3e3a6cbe3ccee)
+        Serial Number: 15624081837803162901 (0xd8d3e3a6cbe3cd15)
     Signature Algorithm: sha256WithRSAEncryption
         Issuer: C=FI, O=w1.fi, CN=Root CA
         Validity
-            Not Before: Feb 18 19:37:20 2017 GMT
-            Not After : Feb 18 19:37:20 2018 GMT
+            Not Before: Oct  1 15:42:04 2017 GMT
+            Not After : Oct  1 15:42:04 2018 GMT
         Subject: C=FI, O=w1.fi, CN=server6.w1.fi
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
@@ -36,18 +36,18 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Client Authentication, TLS Web Server Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         23:d4:9e:22:e4:d2:74:de:e6:39:ce:f9:67:e4:55:2d:75:51:
-         29:14:de:f4:b6:67:4b:df:c1:10:20:87:3b:ed:39:58:7c:a8:
-         73:b3:8e:6e:59:54:88:ca:88:b9:9d:e5:e9:4d:fd:cd:ad:84:
-         8d:30:d6:a8:8d:0d:b7:23:73:bc:83:36:bd:ff:9a:6a:b4:29:
-         30:47:a6:7e:85:1c:76:f2:a9:34:c2:f8:a4:82:f8:7f:f7:d1:
-         e1:62:b0:6f:b1:0d:67:d3:34:0c:a1:97:23:13:cf:78:67:64:
-         f1:8c:30:b2:6a:08:61:59:79:7b:4e:9e:57:10:83:4d:d5:bc:
-         4d:15
+         83:42:07:58:30:ac:24:5a:9f:cf:7e:87:a6:9b:b1:e7:27:e8:
+         17:ff:43:bf:b9:82:0a:8c:97:59:a9:96:4e:fa:5c:dc:05:1f:
+         8d:6c:89:a6:b1:df:e4:ab:09:89:c5:c1:bd:99:22:41:79:0f:
+         88:ef:4c:48:51:a0:bd:0a:28:f3:91:d0:fe:c1:bb:3e:3b:5f:
+         36:bb:3b:5f:1b:06:ce:3c:98:c9:3c:6a:9d:5c:4a:bf:75:45:
+         94:df:45:d6:3b:1c:68:68:e2:ed:ca:0a:e9:f4:fa:15:e3:04:
+         c1:e1:8a:8c:ca:b7:0a:96:74:83:c7:fd:38:22:5f:c7:b1:df:
+         4c:1e
 -----BEGIN CERTIFICATE-----
-MIIChzCCAfCgAwIBAgIJANjT46bL48zuMA0GCSqGSIb3DQEBCwUAMC8xCzAJBgNV
-BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTAeFw0xNzAy
-MTgxOTM3MjBaFw0xODAyMTgxOTM3MjBaMDUxCzAJBgNVBAYTAkZJMQ4wDAYDVQQK
+MIIChzCCAfCgAwIBAgIJANjT46bL480VMA0GCSqGSIb3DQEBCwUAMC8xCzAJBgNV
+BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTAeFw0xNzEw
+MDExNTQyMDRaFw0xODEwMDExNTQyMDRaMDUxCzAJBgNVBAYTAkZJMQ4wDAYDVQQK
 DAV3MS5maTEWMBQGA1UEAwwNc2VydmVyNi53MS5maTCBnzANBgkqhkiG9w0BAQEF
 AAOBjQAwgYkCgYEAyjAe/RNqAihRmg6pHnJ+51rIywx+ipmBjQWzCbCphueuRPrg
 x+7zGLQxZeMFb2ZO4+SFgZtHf1+1FiuwWZGcxVXT08osgc7wJ6hU3g5P2PARvQsQ
@@ -55,8 +55,8 @@ Vjgm36k6lRWTphbt0h60tcCoYY6uEAT95ibKSg2QS7msyZTysWuXa2Ak6r0CAwEA
 AaOBpDCBoTAJBgNVHRMEAjAAMB0GA1UdDgQWBBTHxu/1YdKgCIFqa0Qs9XL32t5b
 uTAfBgNVHSMEGDAWgBS4kt79ihizMMOfVfMzXbTIKYpBFDA1BggrBgEFBQcBAQQp
 MCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9zZXJ2ZXIudzEuZmk6ODg4OC8wHQYDVR0l
-BBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4GBACPUniLk
-0nTe5jnO+WfkVS11USkU3vS2Z0vfwRAghzvtOVh8qHOzjm5ZVIjKiLmd5elN/c2t
-hI0w1qiNDbcjc7yDNr3/mmq0KTBHpn6FHHbyqTTC+KSC+H/30eFisG+xDWfTNAyh
-lyMTz3hnZPGMMLJqCGFZeXtOnlcQg03VvE0V
+BBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4GBAINCB1gw
+rCRan89+h6absecn6Bf/Q7+5ggqMl1mplk76XNwFH41siaax3+SrCYnFwb2ZIkF5
+D4jvTEhRoL0KKPOR0P7Buz47Xza7O18bBs48mMk8ap1cSr91RZTfRdY7HGho4u3K
+Cun0+hXjBMHhiozKtwqWdIPH/TgiX8ex30we
 -----END CERTIFICATE-----

tests/hwsim/auth_serv/server-eku-client.csr

@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBhjCB8AIBADBHMQswCQYDVQQGEwJGSTEQMA4GA1UEBwwHVHV1c3VsYTEOMAwG
+A1UECgwFdzEuZmkxFjAUBgNVBAMMDXNlcnZlcjUudzEuZmkwgZ8wDQYJKoZIhvcN
+AQEBBQADgY0AMIGJAoGBAKOZ6eLhF2A7cDQadFxG47i9u6rJ8+77EjCgacN0OIA6
+uiNSx8Fqz7rdQePSaTWkpmBsMR+FvVZsewljzadRa4RAkHd+l2h7OLXEFTt0NzQo
+unri14RTeHZNFre43wly54cmdCwEysXOKfW0ztso60VHQo/tiFqjI0mbe7w54QFT
+AgMBAAGgADANBgkqhkiG9w0BAQUFAAOBgQBtsWMoDQr3miJluL8rnbsu7t7HhGn8
+BBJ393C6P8UHYJTlfMPfg+H2zfyrP68EV76lym5jmNOltZUv14joZjpYX9VOT+5r
+e4wq697O7BDG7aBt2BR2BgYCMQiiAXisL0bOs6crYxapqCh3tyzkhxwOyqdqRO7R
++1BujmtweBGlBQ==
+-----END CERTIFICATE REQUEST-----

tests/hwsim/auth_serv/server-eku-client.pem

@@ -1,12 +1,12 @@
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number: 15624081837803162861 (0xd8d3e3a6cbe3cced)
+        Serial Number: 15624081837803162900 (0xd8d3e3a6cbe3cd14)
     Signature Algorithm: sha256WithRSAEncryption
         Issuer: C=FI, O=w1.fi, CN=Root CA
         Validity
-            Not Before: Feb 18 19:36:36 2017 GMT
-            Not After : Feb 18 19:36:36 2018 GMT
+            Not Before: Oct  1 15:42:04 2017 GMT
+            Not After : Oct  1 15:42:04 2018 GMT
         Subject: C=FI, O=w1.fi, CN=server5.w1.fi
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
@@ -36,18 +36,18 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Client Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         8a:68:22:48:71:eb:9f:c2:30:17:9d:27:3c:18:2b:8d:0d:70:
-         a1:80:b7:64:ff:3a:b9:6c:64:51:d8:57:a8:49:aa:e6:fa:1f:
-         e7:41:a1:2d:27:95:ba:83:6c:8b:9a:78:4c:b1:51:96:ba:a1:
-         5e:63:23:bf:aa:57:26:28:33:54:01:38:a3:44:dd:96:bd:5b:
-         92:e9:36:67:1a:66:11:4f:0a:0b:52:6d:bf:20:a0:79:78:61:
-         8d:d9:6b:38:a0:a4:c7:a0:99:66:cd:57:e4:99:cd:e7:f3:00:
-         e8:29:74:99:d1:83:a7:9d:6e:5f:70:7c:e2:a2:3c:3c:6d:d3:
-         a2:1d
+         1d:31:a8:51:d5:36:37:2c:e8:9f:00:62:c4:ad:2d:9d:79:9d:
+         85:3f:3e:3e:18:d3:d2:47:85:dd:b2:e0:e7:ae:bd:33:b6:1f:
+         02:7c:2a:cd:af:d4:24:66:5d:58:35:aa:14:19:a6:d3:bd:6a:
+         51:f8:a9:ba:ef:0d:7e:83:6a:8e:d1:82:4f:ac:ab:e7:b7:dd:
+         23:22:2b:3a:72:c8:2f:cb:11:4c:49:b1:44:cc:e9:3d:52:28:
+         82:12:75:c3:ef:1d:08:a4:bf:01:84:24:78:9f:2a:c3:1a:5c:
+         e5:c9:89:c2:1e:25:04:5a:50:2b:ef:b2:2e:59:2b:19:8a:f7:
+         dc:8d
 -----BEGIN CERTIFICATE-----
-MIICfTCCAeagAwIBAgIJANjT46bL48ztMA0GCSqGSIb3DQEBCwUAMC8xCzAJBgNV
-BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTAeFw0xNzAy
-MTgxOTM2MzZaFw0xODAyMTgxOTM2MzZaMDUxCzAJBgNVBAYTAkZJMQ4wDAYDVQQK
+MIICfTCCAeagAwIBAgIJANjT46bL480UMA0GCSqGSIb3DQEBCwUAMC8xCzAJBgNV
+BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTAeFw0xNzEw
+MDExNTQyMDRaFw0xODEwMDExNTQyMDRaMDUxCzAJBgNVBAYTAkZJMQ4wDAYDVQQK
 DAV3MS5maTEWMBQGA1UEAwwNc2VydmVyNS53MS5maTCBnzANBgkqhkiG9w0BAQEF
 AAOBjQAwgYkCgYEAo5np4uEXYDtwNBp0XEbjuL27qsnz7vsSMKBpw3Q4gDq6I1LH
 wWrPut1B49JpNaSmYGwxH4W9Vmx7CWPNp1FrhECQd36XaHs4tcQVO3Q3NCi6euLX
@@ -55,8 +55,8 @@ hFN4dk0Wt7jfCXLnhyZ0LATKxc4p9bTO2yjrRUdCj+2IWqMjSZt7vDnhAVMCAwEA
 AaOBmjCBlzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQzFp07FxWCKzRuOOjMIr9Jp14q
 KzAfBgNVHSMEGDAWgBS4kt79ihizMMOfVfMzXbTIKYpBFDA1BggrBgEFBQcBAQQp
 MCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9zZXJ2ZXIudzEuZmk6ODg4OC8wEwYDVR0l
-BAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADgYEAimgiSHHrn8IwF50nPBgr
-jQ1woYC3ZP86uWxkUdhXqEmq5vof50GhLSeVuoNsi5p4TLFRlrqhXmMjv6pXJigz
-VAE4o0Tdlr1bkuk2ZxpmEU8KC1JtvyCgeXhhjdlrOKCkx6CZZs1X5JnN5/MA6Cl0
-mdGDp51uX3B84qI8PG3Toh0=
+BAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADgYEAHTGoUdU2NyzonwBixK0t
+nXmdhT8+PhjT0keF3bLg5669M7YfAnwqza/UJGZdWDWqFBmm071qUfipuu8NfoNq
+jtGCT6yr57fdIyIrOnLIL8sRTEmxRMzpPVIoghJ1w+8dCKS/AYQkeJ8qwxpc5cmJ
+wh4lBFpQK++yLlkrGYr33I0=
 -----END CERTIFICATE-----

tests/hwsim/auth_serv/server-no-dnsname.csr

@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBhjCB8AIBADBHMQswCQYDVQQGEwJGSTEQMA4GA1UEBwwHVHV1c3VsYTEOMAwG
+A1UECgwFdzEuZmkxFjAUBgNVBAMMDXNlcnZlcjMudzEuZmkwgZ8wDQYJKoZIhvcN
+AQEBBQADgY0AMIGJAoGBANv8D6FIh2iGxJ56+Bgod22jWA/bvmvUQ0PEuhc3m6j/
+lqJzFBMcrhkPgVQ1EGSU42RlvpsLFtKekph3h+KamfwdVwyKDUwhL65n12Nh65Fb
+WC+tZ2Zl5IMHymo2peYg9lyZJ9tj5YbYK3wdkESBIiF3CgMFw+tjYbNMMsCHhzpH
+AgMBAAGgADANBgkqhkiG9w0BAQUFAAOBgQCIMaSR51fy0AWM/sbq3xYrdq682feE
+rbsL03Cj89+oa0UAhE5A96Xd+wE5S2M6YhRStzOG3dV+JHcK22Toc8forosURcR4
+iiIHtNxShQ716L2nf3hfb+flO5oiZGxaqFUKRxxPSdPaqwp0OedfhMl/KJhEHPH9
+wpobDyIzqeqcPw==
+-----END CERTIFICATE REQUEST-----

tests/hwsim/auth_serv/server-no-dnsname.pem

@@ -1,12 +1,12 @@
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number: 15624081837803162860 (0xd8d3e3a6cbe3ccec)
+        Serial Number: 15624081837803162899 (0xd8d3e3a6cbe3cd13)
     Signature Algorithm: sha256WithRSAEncryption
         Issuer: C=FI, O=w1.fi, CN=Root CA
         Validity
-            Not Before: Feb 18 19:35:21 2017 GMT
-            Not After : Feb 18 19:35:21 2018 GMT
+            Not Before: Oct  1 15:42:04 2017 GMT
+            Not After : Oct  1 15:42:04 2018 GMT
         Subject: C=FI, O=w1.fi, CN=server3.w1.fi
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
@@ -36,18 +36,18 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         62:93:83:da:f7:ca:dc:c1:0b:f0:40:e8:59:21:e4:ed:16:fa:
-         c5:fe:4d:8e:29:c0:f7:b7:0c:c5:da:32:6f:dc:0e:95:06:20:
-         48:1c:d0:38:f4:91:1c:c0:91:6e:08:8b:eb:04:ab:7e:21:47:
-         be:15:cf:3b:48:d6:3b:9b:69:bc:c1:8e:23:96:09:b5:1d:b5:
-         58:8d:37:de:12:82:44:c5:f9:ec:c3:c1:9e:12:0c:ae:11:80:
-         d9:2b:67:ab:cc:a6:f3:dc:3e:bf:f6:40:32:e3:ca:93:38:6a:
-         8a:ef:90:b8:10:0b:6e:c8:9e:57:1f:60:50:e3:f6:c5:7c:6f:
-         3c:52
+         1d:c5:10:12:04:f4:7e:56:e0:6d:74:26:bb:95:fc:df:32:af:
+         46:75:65:7c:8d:54:e4:db:ee:c8:8b:2f:1f:65:b4:d3:57:5b:
+         38:b1:70:32:36:bf:2f:79:21:14:9d:c7:c1:bc:ca:c4:29:b5:
+         38:58:32:99:e8:01:c0:fa:f3:d5:ad:31:41:fb:c2:15:b6:93:
+         f9:a9:3c:16:f5:6b:55:40:67:c2:d2:31:02:53:b5:de:6f:bd:
+         30:ca:97:18:16:1c:12:0a:3b:84:a3:29:ef:b7:38:7d:fe:19:
+         d1:15:e4:ec:57:09:c4:27:a5:77:4a:ed:a9:f1:17:83:a6:06:
+         2c:9a
 -----BEGIN CERTIFICATE-----
-MIICfTCCAeagAwIBAgIJANjT46bL48zsMA0GCSqGSIb3DQEBCwUAMC8xCzAJBgNV
-BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTAeFw0xNzAy
-MTgxOTM1MjFaFw0xODAyMTgxOTM1MjFaMDUxCzAJBgNVBAYTAkZJMQ4wDAYDVQQK
+MIICfTCCAeagAwIBAgIJANjT46bL480TMA0GCSqGSIb3DQEBCwUAMC8xCzAJBgNV
+BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTAeFw0xNzEw
+MDExNTQyMDRaFw0xODEwMDExNTQyMDRaMDUxCzAJBgNVBAYTAkZJMQ4wDAYDVQQK
 DAV3MS5maTEWMBQGA1UEAwwNc2VydmVyMy53MS5maTCBnzANBgkqhkiG9w0BAQEF
 AAOBjQAwgYkCgYEA2/wPoUiHaIbEnnr4GCh3baNYD9u+a9RDQ8S6FzebqP+WonMU
 ExyuGQ+BVDUQZJTjZGW+mwsW0p6SmHeH4pqZ/B1XDIoNTCEvrmfXY2HrkVtYL61n
@@ -55,8 +55,8 @@ ZmXkgwfKajal5iD2XJkn22PlhtgrfB2QRIEiIXcKAwXD62Nhs0wywIeHOkcCAwEA
 AaOBmjCBlzAJBgNVHRMEAjAAMB0GA1UdDgQWBBSOmk9NRq1ZrH9MnL5tW9eZY43H
 cDAfBgNVHSMEGDAWgBS4kt79ihizMMOfVfMzXbTIKYpBFDA1BggrBgEFBQcBAQQp
 MCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9zZXJ2ZXIudzEuZmk6ODg4OC8wEwYDVR0l
-BAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADgYEAYpOD2vfK3MEL8EDoWSHk
-7Rb6xf5NjinA97cMxdoyb9wOlQYgSBzQOPSRHMCRbgiL6wSrfiFHvhXPO0jWO5tp
-vMGOI5YJtR21WI033hKCRMX57MPBnhIMrhGA2Stnq8ym89w+v/ZAMuPKkzhqiu+Q
-uBALbsieVx9gUOP2xXxvPFI=
+BAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADgYEAHcUQEgT0flbgbXQmu5X8
+3zKvRnVlfI1U5NvuyIsvH2W001dbOLFwMja/L3khFJ3HwbzKxCm1OFgymegBwPrz
+1a0xQfvCFbaT+ak8FvVrVUBnwtIxAlO13m+9MMqXGBYcEgo7hKMp77c4ff4Z0RXk
+7FcJxCeld0rtqfEXg6YGLJo=
 -----END CERTIFICATE-----

tests/hwsim/auth_serv/server.csr

@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBhTCB7wIBADBGMQswCQYDVQQGEwJGSTEQMA4GA1UEBwwHVHV1c3VsYTEOMAwG
+A1UECgwFdzEuZmkxFTATBgNVBAMMDHNlcnZlci53MS5maTCBnzANBgkqhkiG9w0B
+AQEFAAOBjQAwgYkCgYEAuqB3VSIUhVVlm2Qsre2b3WUxydpgUM441jTc6LwbnjDn
+EuNTbMntSAN5gWmYzoq4d0c2Rc/G4PF7HnGJVPcBzCKtoEKxqDWeYKo6mFHQ/x/u
+vo0KY/uiORfyZGH2ZQIyeXThn9GJZVWpwyCev2lWs/dPP6lUwtqPPK/ydVT6foEC
+AwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAHa+iMFm3en/hRmhLfMCE7n4l9nczk/P
+sLlxcBIeu3pnEXQsI8SZjG8T5kehyFva7mmqcbpFfDxddXxNsqckBfKDjwLEhH49
+gpUg6ggYQ1R82IgMEmTdHKyIeTCIvyzPV2Vz1LrGpdCiRMg713zumghsCsn781mN
+q7p5YSQL5DdY
+-----END CERTIFICATE REQUEST-----

tests/hwsim/auth_serv/server.pem

@@ -1,12 +1,12 @@
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number: 15624081837803162857 (0xd8d3e3a6cbe3cce9)
+        Serial Number: 15624081837803162898 (0xd8d3e3a6cbe3cd12)
     Signature Algorithm: sha256WithRSAEncryption
         Issuer: C=FI, O=w1.fi, CN=Root CA
         Validity
-            Not Before: Sep 30 18:13:57 2016 GMT
-            Not After : Sep 30 18:13:57 2017 GMT
+            Not Before: Oct  1 15:42:04 2017 GMT
+            Not After : Oct  1 15:42:04 2018 GMT
         Subject: C=FI, O=w1.fi, CN=server.w1.fi
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
@@ -38,18 +38,18 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         24:da:48:be:a8:ae:6e:25:ed:12:bd:f5:a3:32:1f:40:4c:ab:
-         50:87:23:b1:46:45:b0:e5:9b:02:ad:c9:d3:fb:c0:52:78:b5:
-         91:2a:d4:8f:f8:c8:a4:48:b4:66:f7:2e:f1:cf:8c:3a:7a:54:
-         fc:e2:41:a7:af:e3:d1:66:d6:02:d8:93:de:52:b2:c2:6e:d9:
-         7a:bd:8c:ce:e5:dc:3b:0b:7a:f6:fc:a0:4e:9c:64:84:14:3f:
-         9b:24:fc:d0:8f:9c:78:c8:57:0f:32:dd:ed:97:f1:c1:a2:b3:
-         0a:14:9e:c8:35:68:30:1a:10:22:14:66:4a:6b:a4:47:b4:c6:
-         4f:3b
+         49:e5:e2:10:b5:23:63:1e:7f:00:8c:29:21:a4:9e:9b:da:63:
+         d8:f6:54:35:de:c9:fb:b7:94:bd:fa:23:7c:7f:87:cc:d5:72:
+         c0:ad:8f:04:97:cf:da:11:86:6a:a2:1a:a7:6f:bc:a1:8c:e5:
+         27:b8:da:f0:3f:cc:da:8f:d3:12:f3:d2:2d:33:84:e1:be:ee:
+         df:91:4e:9a:d2:f5:a4:6a:f0:ab:85:95:63:ed:a1:c6:9d:eb:
+         ad:09:19:24:2b:f6:4c:b0:c6:e2:9c:66:e6:9f:93:d0:af:ec:
+         da:82:40:ea:c5:80:40:98:a1:87:15:ed:46:6e:ca:49:8c:fb:
+         8b:89
 -----BEGIN CERTIFICATE-----
-MIIClTCCAf6gAwIBAgIJANjT46bL48zpMA0GCSqGSIb3DQEBCwUAMC8xCzAJBgNV
-BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTAeFw0xNjA5
-MzAxODEzNTdaFw0xNzA5MzAxODEzNTdaMDQxCzAJBgNVBAYTAkZJMQ4wDAYDVQQK
+MIIClTCCAf6gAwIBAgIJANjT46bL480SMA0GCSqGSIb3DQEBCwUAMC8xCzAJBgNV
+BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTAeFw0xNzEw
+MDExNTQyMDRaFw0xODEwMDExNTQyMDRaMDQxCzAJBgNVBAYTAkZJMQ4wDAYDVQQK
 DAV3MS5maTEVMBMGA1UEAwwMc2VydmVyLncxLmZpMIGfMA0GCSqGSIb3DQEBAQUA
 A4GNADCBiQKBgQC6oHdVIhSFVWWbZCyt7ZvdZTHJ2mBQzjjWNNzovBueMOcS41Ns
 ye1IA3mBaZjOirh3RzZFz8bg8XsecYlU9wHMIq2gQrGoNZ5gqjqYUdD/H+6+jQpj
@@ -58,7 +58,7 @@ o4GzMIGwMAkGA1UdEwQCMAAwHQYDVR0OBBYEFDFPEFxnn75OiNbcxaueEoiGaQJP
 MB8GA1UdIwQYMBaAFLiS3v2KGLMww59V8zNdtMgpikEUMDUGCCsGAQUFBwEBBCkw
 JzAlBggrBgEFBQcwAYYZaHR0cDovL3NlcnZlci53MS5maTo4ODg4LzAXBgNVHREE
 EDAOggxzZXJ2ZXIudzEuZmkwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcN
-AQELBQADgYEAJNpIvqiubiXtEr31ozIfQEyrUIcjsUZFsOWbAq3J0/vAUni1kSrU
-j/jIpEi0Zvcu8c+MOnpU/OJBp6/j0WbWAtiT3lKywm7Zer2MzuXcOwt69vygTpxk
-hBQ/myT80I+ceMhXDzLd7ZfxwaKzChSeyDVoMBoQIhRmSmukR7TGTzs=
+AQELBQADgYEASeXiELUjYx5/AIwpIaSem9pj2PZUNd7J+7eUvfojfH+HzNVywK2P
+BJfP2hGGaqIap2+8oYzlJ7ja8D/M2o/TEvPSLTOE4b7u35FOmtL1pGrwq4WVY+2h
+xp3rrQkZJCv2TLDG4pxm5p+T0K/s2oJA6sWAQJihhxXtRm7KSYz7i4k=
 -----END CERTIFICATE-----

tests/hwsim/auth_serv/test-ca/cacert.pem

@@ -0,0 +1,55 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 15624081837803162817 (0xd8d3e3a6cbe3ccc1)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=FI, O=w1.fi, CN=Root CA
+        Validity
+            Not Before: Jun 29 16:41:22 2013 GMT
+            Not After : Jun 27 16:41:22 2023 GMT
+        Subject: C=FI, O=w1.fi, CN=Root CA
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:be:1e:86:e4:79:03:c1:d1:94:d5:d4:b3:b1:28:
+                    90:76:fb:b8:a6:cd:6d:1c:d1:48:f4:08:9a:67:ff:
+                    f9:a6:54:b1:19:29:df:29:1b:cd:f1:6f:66:01:e7:
+                    db:79:ce:c0:39:2a:25:13:26:94:0c:2c:7b:5a:2c:
+                    81:0f:94:ee:51:d0:75:e6:46:db:17:46:a7:15:8b:
+                    0e:57:0f:b0:54:76:63:12:ca:86:18:bc:1a:c3:16:
+                    c0:70:09:d6:6b:43:39:b8:98:29:46:ac:cb:6a:ad:
+                    38:88:3b:07:dc:81:cd:3a:f6:1d:f6:2f:ef:1d:d7:
+                    ae:8a:b6:d1:e7:b3:15:02:b9
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                B8:92:DE:FD:8A:18:B3:30:C3:9F:55:F3:33:5D:B4:C8:29:8A:41:14
+            X509v3 Authority Key Identifier: 
+                keyid:B8:92:DE:FD:8A:18:B3:30:C3:9F:55:F3:33:5D:B4:C8:29:8A:41:14
+
+            X509v3 Basic Constraints: 
+                CA:TRUE
+    Signature Algorithm: sha1WithRSAEncryption
+         1a:cf:77:60:44:43:c4:55:0e:99:e0:89:aa:b9:d3:7b:32:b7:
+         5c:9c:7c:ca:fe:8c:d4:94:c6:5e:f3:83:19:5f:29:59:68:a4:
+         4f:dc:04:2e:b8:71:c0:6d:3b:ae:01:e4:b9:88:99:cc:ce:82:
+         be:6a:28:c2:ac:6a:94:c6:87:90:ed:85:3c:10:71:c5:ff:3c:
+         70:64:e2:41:62:31:ea:86:7b:11:8c:93:ea:c6:f3:f3:4e:f9:
+         d4:f2:81:90:d7:f4:fa:a1:91:6e:d4:dd:15:3e:26:3b:ac:1e:
+         c3:c2:1f:ed:bb:34:bf:cb:b2:67:c6:c6:51:e8:51:22:b4:f3:
+         92:e8
+-----BEGIN CERTIFICATE-----
+MIICLDCCAZWgAwIBAgIJANjT46bL48zBMA0GCSqGSIb3DQEBBQUAMC8xCzAJBgNV
+BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTAeFw0xMzA2
+MjkxNjQxMjJaFw0yMzA2MjcxNjQxMjJaMC8xCzAJBgNVBAYTAkZJMQ4wDAYDVQQK
+DAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
+gYkCgYEAvh6G5HkDwdGU1dSzsSiQdvu4ps1tHNFI9AiaZ//5plSxGSnfKRvN8W9m
+Aefbec7AOSolEyaUDCx7WiyBD5TuUdB15kbbF0anFYsOVw+wVHZjEsqGGLwawxbA
+cAnWa0M5uJgpRqzLaq04iDsH3IHNOvYd9i/vHdeuirbR57MVArkCAwEAAaNQME4w
+HQYDVR0OBBYEFLiS3v2KGLMww59V8zNdtMgpikEUMB8GA1UdIwQYMBaAFLiS3v2K
+GLMww59V8zNdtMgpikEUMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA
+Gs93YERDxFUOmeCJqrnTezK3XJx8yv6M1JTGXvODGV8pWWikT9wELrhxwG07rgHk
+uYiZzM6CvmoowqxqlMaHkO2FPBBxxf88cGTiQWIx6oZ7EYyT6sbz80751PKBkNf0
++qGRbtTdFT4mO6wew8If7bs0v8uyZ8bGUehRIrTzkug=
+-----END CERTIFICATE-----

tests/hwsim/auth_serv/test-ca/index.txt

@@ -0,0 +1,39 @@
+V	181001144953Z		D8D3E3A6CBE3CCEF	unknown	/C=FI/O=w1.fi/CN=server.w1.fi
+V	181001145631Z		D8D3E3A6CBE3CCF1	unknown	/C=FI/O=w1.fi/CN=server.w1.fi
+V	181001145633Z		D8D3E3A6CBE3CCF2	unknown	/C=FI/O=w1.fi/CN=server.w1.fi
+V	181001145742Z		D8D3E3A6CBE3CCF3	unknown	/C=FI/O=w1.fi/CN=server.w1.fi
+V	181001145742Z		D8D3E3A6CBE3CCF4	unknown	/C=FI/O=w1.fi/CN=Test User
+V	181001150518Z		D8D3E3A6CBE3CCF5	unknown	/C=FI/O=w1.fi/CN=server.w1.fi
+V	181001150546Z		D8D3E3A6CBE3CCF6	unknown	/C=FI/O=w1.fi/CN=Test User
+V	181001151024Z		D8D3E3A6CBE3CCF7	unknown	/C=FI/O=w1.fi/CN=server.w1.fi
+V	181001151024Z		D8D3E3A6CBE3CCF8	unknown	/C=FI/O=w1.fi/CN=Test User
+V	181001151254Z		D8D3E3A6CBE3CCF9	unknown	/C=FI/O=w1.fi/CN=server.w1.fi
+V	181001151254Z		D8D3E3A6CBE3CCFA	unknown	/C=FI/O=w1.fi/CN=server3.w1.fi
+V	181001151254Z		D8D3E3A6CBE3CCFB	unknown	/C=FI/O=w1.fi/CN=server5.w1.fi
+V	181001151254Z		D8D3E3A6CBE3CCFC	unknown	/C=FI/O=w1.fi/CN=server6.w1.fi
+V	181001151254Z		D8D3E3A6CBE3CCFD	unknown	/C=FI/O=w1.fi/CN=Test User
+V	181001152159Z		D8D3E3A6CBE3CCFE	unknown	/C=FI/O=w1.fi/CN=server.w1.fi
+V	181001152159Z		D8D3E3A6CBE3CCFF	unknown	/C=FI/O=w1.fi/CN=server3.w1.fi
+V	181001152159Z		D8D3E3A6CBE3CD00	unknown	/C=FI/O=w1.fi/CN=server5.w1.fi
+V	181001152159Z		D8D3E3A6CBE3CD01	unknown	/C=FI/O=w1.fi/CN=server6.w1.fi
+V	181001152159Z		D8D3E3A6CBE3CD02	unknown	/C=FI/O=w1.fi/CN=Test User
+V	181001152221Z		D8D3E3A6CBE3CD03	unknown	/C=FI/O=w1.fi/CN=server.w1.fi
+V	181001152221Z		D8D3E3A6CBE3CD04	unknown	/C=FI/O=w1.fi/CN=server3.w1.fi
+V	181001152221Z		D8D3E3A6CBE3CD05	unknown	/C=FI/O=w1.fi/CN=server5.w1.fi
+V	181001152221Z		D8D3E3A6CBE3CD06	unknown	/C=FI/O=w1.fi/CN=server6.w1.fi
+V	181001152221Z		D8D3E3A6CBE3CD07	unknown	/C=FI/O=w1.fi/CN=Test User
+V	181001152519Z		D8D3E3A6CBE3CD08	unknown	/C=FI/O=w1.fi/CN=server.w1.fi
+V	181001152519Z		D8D3E3A6CBE3CD09	unknown	/C=FI/O=w1.fi/CN=server3.w1.fi
+V	181001152519Z		D8D3E3A6CBE3CD0A	unknown	/C=FI/O=w1.fi/CN=server5.w1.fi
+V	181001152519Z		D8D3E3A6CBE3CD0B	unknown	/C=FI/O=w1.fi/CN=server6.w1.fi
+V	181001152519Z		D8D3E3A6CBE3CD0C	unknown	/C=FI/O=w1.fi/CN=Test User
+V	181001152815Z		D8D3E3A6CBE3CD0D	unknown	/C=FI/O=w1.fi/CN=server.w1.fi
+V	181001152815Z		D8D3E3A6CBE3CD0E	unknown	/C=FI/O=w1.fi/CN=server3.w1.fi
+V	181001152815Z		D8D3E3A6CBE3CD0F	unknown	/C=FI/O=w1.fi/CN=server5.w1.fi
+V	181001152815Z		D8D3E3A6CBE3CD10	unknown	/C=FI/O=w1.fi/CN=server6.w1.fi
+V	181001152815Z		D8D3E3A6CBE3CD11	unknown	/C=FI/O=w1.fi/CN=Test User
+V	181001154204Z		D8D3E3A6CBE3CD12	unknown	/C=FI/O=w1.fi/CN=server.w1.fi
+V	181001154204Z		D8D3E3A6CBE3CD13	unknown	/C=FI/O=w1.fi/CN=server3.w1.fi
+V	181001154204Z		D8D3E3A6CBE3CD14	unknown	/C=FI/O=w1.fi/CN=server5.w1.fi
+V	181001154204Z		D8D3E3A6CBE3CD15	unknown	/C=FI/O=w1.fi/CN=server6.w1.fi
+V	181001154204Z		D8D3E3A6CBE3CD16	unknown	/C=FI/O=w1.fi/CN=Test User

tests/hwsim/auth_serv/test-ca/index.txt.attr

@@ -0,0 +1 @@
+unique_subject = no

tests/hwsim/auth_serv/test-ca/private/cakey.pem

@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQC+HobkeQPB0ZTV1LOxKJB2+7imzW0c0Uj0CJpn//mmVLEZKd8p
+G83xb2YB59t5zsA5KiUTJpQMLHtaLIEPlO5R0HXmRtsXRqcViw5XD7BUdmMSyoYY
+vBrDFsBwCdZrQzm4mClGrMtqrTiIOwfcgc069h32L+8d166KttHnsxUCuQIDAQAB
+AoGAEPKDr8Yh0ZsvG0iUpAwrpI+XzDavrUvypt5FdVPaGzudddLHs9BosUbu3uie
+JeOKOw5Is8ZSmCs267jf4FW0UKtgpnHGK2H0ba0iramzz07oK48V4y7C7nS3eJr/
+Oen6H9BW4DNXreFZ5yTRFOiQ4eD1pHqR/M/bBieDfRjakgECQQDfgiYYInio4TmM
+9q/h1q5T1bGgajz5U4GInd0K2diNqVoGhSTAyRRGauH+68tPQuX7WCM1VE/lZfZL
+4/dlOaRhAkEA2cHNkrFh4CAlXgtCub+psmT032AIFDEpNNT0K22XIE8savYNqs8w
+aGPurrwGQflxCB19boiaKEcW5FQDkff9WQJAbUznNiw9V1D05OOKNWXX0HWTLMBn
+WwIkOVwByZmo1fX4aXHY/FIZESqZpCFJRlSPxS9f4Gd/vs3y+T/dLupWYQJAJDGX
+RrOfDg6px1jdzVvzC8jF/r7KePi23aYrs3Ayt1cRjfG50dNAO4moqXhtHdglFnE4
+YP/ph5pRTsA8G635eQJBAKbh0zB4HqFI2PmnKsShFBPNkK5x17nAZlYNJf2Ip4Ii
+2Gjxyx4H0iBVgFYLsLB6hRBkOPpx6Jl8mJXOtFXb8lE=
+-----END RSA PRIVATE KEY-----

tests/hwsim/auth_serv/test-ca/serial

@@ -0,0 +1 @@
+D8D3E3A6CBE3CD17

tests/hwsim/auth_serv/update.sh

@@ -0,0 +1,74 @@
+#!/bin/sh
+
+OPENSSL=openssl
+
+mkdir -p test-ca/newcerts
+
+echo
+echo "---[ Update server certificates ]---------------------------------------"
+echo
+
+cat openssl2.cnf |
+	sed "s/#@CN@/commonName_default = server.w1.fi/" |
+	sed "s/#@ALTNAME@/subjectAltName=DNS:server.w1.fi/" \
+	> openssl.cnf.tmp
+$OPENSSL ca -config $PWD/openssl.cnf.tmp -batch -in server.csr -out server.pem -extensions ext_server
+
+$OPENSSL pkcs12 -export -out server.pkcs12 -in server.pem -inkey server.key -passout pass:
+$OPENSSL pkcs12 -export -out server-extra.pkcs12 -in server.pem -inkey server.key -descert -certfile user.pem -passout pass:whatever -name server
+
+cat openssl2.cnf |
+	sed "s/#@CN@/commonName_default = server3.w1.fi/" \
+	> openssl.cnf.tmp
+$OPENSSL ca -config $PWD/openssl.cnf.tmp -batch -in server-no-dnsname.csr -out server-no-dnsname.pem -extensions ext_server
+
+cat openssl2.cnf |
+	sed "s/#@CN@/commonName_default = server5.w1.fi/" \
+	> openssl.cnf.tmp
+$OPENSSL ca -config $PWD/openssl.cnf.tmp -batch -in server-eku-client.csr -out server-eku-client.pem -extensions ext_client
+
+cat openssl2.cnf |
+	sed "s/#@CN@/commonName_default = server6.w1.fi/" \
+	> openssl.cnf.tmp
+$OPENSSL ca -config $PWD/openssl.cnf.tmp -batch -in server-eku-client-server.csr -out server-eku-client-server.pem -extensions ext_client_server
+
+echo
+echo "---[ Update user certificates ]-----------------------------------------"
+echo
+
+cat openssl2.cnf | sed "s/#@CN@/commonName_default = User/" > openssl.cnf.tmp
+$OPENSSL ca -config $PWD/openssl.cnf.tmp -batch -in user.csr -out user.pem -extensions ext_client
+rm openssl.cnf.tmp
+
+$OPENSSL pkcs12 -export -out user.pkcs12 -in user.pem -inkey user.key -descert -passout pass:whatever
+$OPENSSL pkcs12 -export -out user2.pkcs12 -in user.pem -inkey user.key -descert -name Test -certfile server.pem -passout pass:whatever
+$OPENSSL pkcs12 -export -out user3.pkcs12 -in user.pem -inkey user.key -descert -name "my certificates" -certfile ca.pem -passout pass:whatever
+
+echo
+echo "---[ Update OCSP ]------------------------------------------------------"
+echo
+
+$OPENSSL ocsp -CAfile test-ca/cacert.pem -issuer test-ca/cacert.pem -cert server.pem -reqout ocsp-req.der -no_nonce
+$OPENSSL ocsp -index test-ca/index.txt -rsigner test-ca/cacert.pem -rkey test-ca/private/cakey.pem -CA test-ca/cacert.pem -resp_no_certs -reqin ocsp-req.der -respout ocsp-server-cache.der
+
+echo
+echo "---[ Additional steps ]-------------------------------------------------"
+echo
+
+echo "test_ap_eap.py: ap_wpa2_eap_ttls_server_cert_hash srv_cert_hash"
+
+$OPENSSL x509 -in server.pem -out server.der -outform DER
+HASH=`sha256sum server.der | cut -f1 -d' '`
+rm server.der
+sed -i "s/srv_cert_hash =.*/srv_cert_hash = \"$HASH\"/" ../test_ap_eap.py
+
+echo "index.txt: server time+serial"
+
+grep -v CN=server.w1.fi index.txt > index.txt.new
+grep CN=server.w1.fi test-ca/index.txt | tail -1 >> index.txt.new
+mv index.txt.new index.txt
+
+echo "start.sh: openssl ocsp -reqout serial"
+
+SERIAL=`grep CN=server.w1.fi test-ca/index.txt | tail -1 | cut -f4`
+sed -i "s/serial 0x[^ ]* -no_nonce/serial 0x$SERIAL -no_nonce/" ../start.sh

tests/hwsim/auth_serv/user.csr

@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBgjCB7AIBADBDMQswCQYDVQQGEwJGSTEQMA4GA1UEBwwHVHV1c3VsYTEOMAwG
+A1UECgwFdzEuZmkxEjAQBgNVBAMMCVRlc3QgVXNlcjCBnzANBgkqhkiG9w0BAQEF
+AAOBjQAwgYkCgYEAppYumyKM35S+i4lJ9nh2omB+FJXzlv6rGSUDNGR0AT6on3zx
+R2FgTIKSKHwroA7Lh79Z69fzYSI7FPOrMfZalR+4ergsPKlhU3ib6D5Q7MLWROdD
+zbw+TudG/pKew5gPKVjIy4kBdUfplVcPdsUvBV7HHg3yPBJjXblUGa9/QGsCAwEA
+AaAAMA0GCSqGSIb3DQEBCwUAA4GBACZXujbQL1Y5fOWK2pRyckyk92NAwgPXWqo7
+8d9FF2bIDBfautK2GYd74SDdUOzjNjGLoEO9tIhB3jWQp8qaC/HiWwbDGd6Ugo8g
+WnuLTf2vfL67IdVzG26IAdflrEF4XX3HjuHJO1NxtXKw/u5hm6qiJAu9tkA+2zEM
+bbG4Bg/+
+-----END CERTIFICATE REQUEST-----

tests/hwsim/auth_serv/user.pem

@@ -1,12 +1,12 @@
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number: 15624081837803162859 (0xd8d3e3a6cbe3cceb)
+        Serial Number: 15624081837803162902 (0xd8d3e3a6cbe3cd16)
     Signature Algorithm: sha256WithRSAEncryption
         Issuer: C=FI, O=w1.fi, CN=Root CA
         Validity
-            Not Before: Sep 30 18:20:27 2016 GMT
-            Not After : Sep 30 18:20:27 2017 GMT
+            Not Before: Oct  1 15:42:04 2017 GMT
+            Not After : Oct  1 15:42:04 2018 GMT
         Subject: C=FI, O=w1.fi, CN=Test User
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
@@ -36,18 +36,18 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Client Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         47:2e:3d:23:86:d0:3e:fb:b5:7f:d6:32:6b:12:fb:7c:76:78:
-         ec:82:db:ab:fa:5e:0f:1d:97:36:f9:de:b3:cb:fd:08:9e:d5:
-         cd:3d:97:78:c5:00:ce:78:f1:39:3b:84:c9:d0:e6:17:58:ed:
-         ac:e2:d2:a8:7a:fd:b9:19:a4:1c:57:08:17:8c:7f:70:88:82:
-         d5:89:0f:1e:18:22:6d:62:69:4c:12:92:32:bc:cc:1b:a0:05:
-         bc:af:7f:53:a9:dc:a9:55:48:e0:28:34:3e:60:3f:82:16:ac:
-         70:a1:01:e7:75:cf:a0:72:ad:39:ad:52:65:a8:64:fa:7f:11:
-         f2:f5
+         bc:cf:10:42:b7:13:7f:1b:59:89:a7:27:2b:de:71:26:cc:2d:
+         59:bb:c8:12:dd:56:7a:88:14:e1:b5:09:6e:f9:64:72:96:56:
+         ed:2f:f9:00:e7:08:9c:8b:5c:fe:cf:a2:9d:bd:48:80:95:41:
+         e4:3e:ce:75:4a:41:a6:49:77:e1:48:0b:29:dd:ee:d1:f3:68:
+         7c:94:7c:95:2a:7f:d5:a9:a5:a6:a4:b2:9b:8e:70:ec:05:3d:
+         46:62:37:dc:ea:71:ae:32:0e:a5:ed:77:26:d4:e0:b5:0f:bd:
+         d5:8f:6a:99:65:75:58:57:31:02:78:d5:e5:b0:ae:68:af:d5:
+         0d:92
 -----BEGIN CERTIFICATE-----
-MIICeTCCAeKgAwIBAgIJANjT46bL48zrMA0GCSqGSIb3DQEBCwUAMC8xCzAJBgNV
-BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTAeFw0xNjA5
-MzAxODIwMjdaFw0xNzA5MzAxODIwMjdaMDExCzAJBgNVBAYTAkZJMQ4wDAYDVQQK
+MIICeTCCAeKgAwIBAgIJANjT46bL480WMA0GCSqGSIb3DQEBCwUAMC8xCzAJBgNV
+BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTAeFw0xNzEw
+MDExNTQyMDRaFw0xODEwMDExNTQyMDRaMDExCzAJBgNVBAYTAkZJMQ4wDAYDVQQK
 DAV3MS5maTESMBAGA1UEAwwJVGVzdCBVc2VyMIGfMA0GCSqGSIb3DQEBAQUAA4GN
 ADCBiQKBgQCmli6bIozflL6LiUn2eHaiYH4UlfOW/qsZJQM0ZHQBPqiffPFHYWBM
 gpIofCugDsuHv1nr1/NhIjsU86sx9lqVH7h6uCw8qWFTeJvoPlDswtZE50PNvD5O
@@ -55,8 +55,8 @@ gpIofCugDsuHv1nr1/NhIjsU86sx9lqVH7h6uCw8qWFTeJvoPlDswtZE50PNvD5O
 MIGXMAkGA1UdEwQCMAAwHQYDVR0OBBYEFIHe3+laABrKZ9YG3WWyTsWaBEN9MB8G
 A1UdIwQYMBaAFLiS3v2KGLMww59V8zNdtMgpikEUMDUGCCsGAQUFBwEBBCkwJzAl
 BggrBgEFBQcwAYYZaHR0cDovL3NlcnZlci53MS5maTo4ODg4LzATBgNVHSUEDDAK
-BggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOBgQBHLj0jhtA++7V/1jJrEvt8dnjs
-gtur+l4PHZc2+d6zy/0IntXNPZd4xQDOePE5O4TJ0OYXWO2s4tKoev25GaQcVwgX
-jH9wiILViQ8eGCJtYmlMEpIyvMwboAW8r39TqdypVUjgKDQ+YD+CFqxwoQHndc+g
-cq05rVJlqGT6fxHy9Q==
+BggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOBgQC8zxBCtxN/G1mJpycr3nEmzC1Z
+u8gS3VZ6iBThtQlu+WRyllbtL/kA5wici1z+z6KdvUiAlUHkPs51SkGmSXfhSAsp
+3e7R82h8lHyVKn/VqaWmpLKbjnDsBT1GYjfc6nGuMg6l7Xcm1OC1D73Vj2qZZXVY
+VzECeNXlsK5or9UNkg==
 -----END CERTIFICATE-----

tests/hwsim/start.sh

@@ -165,7 +165,7 @@ for i in unknown revoked; do
 done
 
 openssl ocsp -reqout $LOGDIR/ocsp-req.der -issuer $DIR/auth_serv/ca.pem \
-    -serial 0xD8D3E3A6CBE3CCE9 -no_nonce -sha256 >> $LOGDIR/ocsp.log 2>&1
+    -serial 0xD8D3E3A6CBE3CD12 -no_nonce -sha256 >> $LOGDIR/ocsp.log 2>&1
 for i in "" "-unknown" "-revoked"; do
     openssl ocsp -index $DIR/auth_serv/index$i.txt \
 	-rsigner $DIR/auth_serv/ca.pem \

tests/hwsim/test_ap_eap.py

@@ -2507,7 +2507,7 @@ def test_ap_wpa2_eap_ttls_server_cert_hash(dev, apdev):
     """WPA2-Enterprise connection using EAP-TTLS and server certificate hash"""
     check_cert_probe_support(dev[0])
     skip_with_fips(dev[0])
-    srv_cert_hash = "bdb9cb55d3df278e52a071abf58e7f0238fbec3ad8fb2c254742f63562628272"
+    srv_cert_hash = "53728dde442d4adc27cb10a847234a4315590f0b36786353023c3b0f2e9fdf49"
     params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
     hapd = hostapd.add_ap(apdev[0], params)
     dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",