From 0ba13e86132a1c6dd4bc304178f7328e1b73cf52 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sun, 1 Oct 2017 18:45:07 +0300 Subject: [PATCH] tests: Update server and user certificates (2017) The previous versions expired, so need to re-sign these to fix number of the EAP test cases. In addition, add a shell script (update.sh) and the needed CA files to automate this full update process. Signed-off-by: Jouni Malinen --- tests/hwsim/auth_serv/index.txt | 2 +- tests/hwsim/auth_serv/ocsp-req.der | Bin 76 -> 76 bytes tests/hwsim/auth_serv/ocsp-server-cache.der | Bin 343 -> 343 bytes tests/hwsim/auth_serv/openssl2.cnf | 146 ++++++++++++++++++ .../auth_serv/server-eku-client-server.csr | 11 ++ .../auth_serv/server-eku-client-server.pem | 36 ++--- tests/hwsim/auth_serv/server-eku-client.csr | 11 ++ tests/hwsim/auth_serv/server-eku-client.pem | 36 ++--- tests/hwsim/auth_serv/server-extra.pkcs12 | Bin 2426 -> 2426 bytes tests/hwsim/auth_serv/server-no-dnsname.csr | 11 ++ tests/hwsim/auth_serv/server-no-dnsname.pem | 36 ++--- tests/hwsim/auth_serv/server.csr | 11 ++ tests/hwsim/auth_serv/server.pem | 34 ++-- tests/hwsim/auth_serv/server.pkcs12 | Bin 1685 -> 1685 bytes tests/hwsim/auth_serv/test-ca/cacert.pem | 55 +++++++ tests/hwsim/auth_serv/test-ca/index.txt | 39 +++++ tests/hwsim/auth_serv/test-ca/index.txt.attr | 1 + .../hwsim/auth_serv/test-ca/private/cakey.pem | 15 ++ tests/hwsim/auth_serv/test-ca/serial | 1 + tests/hwsim/auth_serv/update.sh | 74 +++++++++ tests/hwsim/auth_serv/user.csr | 11 ++ tests/hwsim/auth_serv/user.pem | 36 ++--- tests/hwsim/auth_serv/user.pkcs12 | Bin 1653 -> 1653 bytes tests/hwsim/auth_serv/user2.pkcs12 | Bin 2414 -> 2414 bytes tests/hwsim/auth_serv/user3.pkcs12 | Bin 2356 -> 2356 bytes tests/hwsim/start.sh | 2 +- tests/hwsim/test_ap_eap.py | 2 +- 27 files changed, 478 insertions(+), 92 deletions(-) create mode 100644 tests/hwsim/auth_serv/openssl2.cnf create mode 100644 tests/hwsim/auth_serv/server-eku-client-server.csr create mode 100644 tests/hwsim/auth_serv/server-eku-client.csr create mode 100644 tests/hwsim/auth_serv/server-no-dnsname.csr create mode 100644 tests/hwsim/auth_serv/server.csr create mode 100644 tests/hwsim/auth_serv/test-ca/cacert.pem create mode 100644 tests/hwsim/auth_serv/test-ca/index.txt create mode 100644 tests/hwsim/auth_serv/test-ca/index.txt.attr create mode 100644 tests/hwsim/auth_serv/test-ca/private/cakey.pem create mode 100644 tests/hwsim/auth_serv/test-ca/serial create mode 100755 tests/hwsim/auth_serv/update.sh create mode 100644 tests/hwsim/auth_serv/user.csr diff --git a/tests/hwsim/auth_serv/index.txt b/tests/hwsim/auth_serv/index.txt index 06a2bf439..6e94570cb 100644 --- a/tests/hwsim/auth_serv/index.txt +++ b/tests/hwsim/auth_serv/index.txt @@ -4,5 +4,5 @@ V 140102000000Z D8D3E3A6CBE3CCCA unknown /C=FI/O=w1.fi/CN=server4.w1.fi V 150215083008Z D8D3E3A6CBE3CCCB unknown /C=FI/O=w1.fi/CN=server5.w1.fi V 150228224144Z D8D3E3A6CBE3CCCC unknown /C=FI/O=w1.fi/CN=server6.w1.fi V 160111185024Z D8D3E3A6CBE3CCCD unknown /C=FI/O=w1.fi/CN=ocsp.w1.fi -V 170930181357Z D8D3E3A6CBE3CCE9 unknown /C=FI/O=w1.fi/CN=server.w1.fi V 150929211300Z D8D3E3A6CBE3CCD1 unknown /C=FI/O=w1.fi/CN=Test User +V 181001154204Z D8D3E3A6CBE3CD12 unknown /C=FI/O=w1.fi/CN=server.w1.fi diff --git a/tests/hwsim/auth_serv/ocsp-req.der b/tests/hwsim/auth_serv/ocsp-req.der index 974ed1ef60f5388e46a80d14432464a9a658045b..117e65343af2d6700afdbe88b65822e16b4f6258 100644 GIT binary patch delta 7 OcmebAnc&5ARtNwIjRI5v delta 7 OcmebAnc&5A<|P0MVgo7w diff --git a/tests/hwsim/auth_serv/ocsp-server-cache.der b/tests/hwsim/auth_serv/ocsp-server-cache.der index 4b2fd1f24d26c6fc107ecfc95c52bc8d97b41b64..99c204383368cd38f3cb4622de9c1779e5943a77 100644 GIT binary patch delta 190 zcmcc4be(BJESI^Vfq|i+sfm%n#B`7PvqB9F68uI6h6rJkC<9(LPOUbNw(q=*jNGgY z%#Do0UC3=zU6Q3kwhoLX%jZQpqr8M#>* zm>U}ztUpcW`?E-R&G!4EhK|ck1ljc_`?_6U!@8j9{Qj$A`867+Z9ntzuHJd!zrN89 zrLG;7TY5gucKLLEt-`XSX)h8M$S;XF8NKz|N8yVz-ME}0&cDm?lsT!vt65%?%`oxq p&m$AA>@M5xFk4PcIYv<5ajl)e!ACh~k8QlFTy%TyLa+B`{{SntP)Ps) diff --git a/tests/hwsim/auth_serv/openssl2.cnf b/tests/hwsim/auth_serv/openssl2.cnf new file mode 100644 index 000000000..503d140d7 --- /dev/null +++ b/tests/hwsim/auth_serv/openssl2.cnf @@ -0,0 +1,146 @@ +HOME = . +RANDFILE = $ENV::HOME/.rnd +oid_section = new_oids + +[ new_oids ] + +[ ca ] +default_ca = CA_default + +[ CA_default ] + +dir = ./test-ca +certs = $dir/certs +crl_dir = $dir/crl +database = $dir/index.txt +unique_subject = no +new_certs_dir = $dir/newcerts +certificate = $dir/cacert.pem +serial = $dir/serial +crlnumber = $dir/crlnumber +crl = $dir/crl.pem +private_key = $dir/private/cakey.pem +RANDFILE = $dir/private/.rand + +x509_extensions = usr_cert + +name_opt = ca_default +cert_opt = ca_default + +default_days = 365 +default_crl_days= 30 +default_md = default +preserve = no + +policy = policy_match + +[ policy_match ] +countryName = match +stateOrProvinceName = optional +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +[ req ] +default_bits = 1024 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca + +string_mask = utf8only + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = FI +countryName_min = 2 +countryName_max = 2 + +localityName = Locality Name (eg, city) +localityName_default = Tuusula + +0.organizationName = Organization Name (eg, company) +0.organizationName_default = w1.fi + +commonName = Common Name (e.g. server FQDN or YOUR name) +#@CN@ +commonName_max = 64 + +emailAddress = Email Address +emailAddress_max = 64 + +##0.subjectAltName = dNSName:server.w1.fi + +[ req_attributes ] + +[ usr_cert ] + +basicConstraints=CA:FALSE + +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +authorityInfoAccess = OCSP;URI:http://server.w1.fi:8888/ + +[ v3_req ] + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment +subjectAltName=DNS:example.com,DNS:another.example.com + +[ v3_ca ] + +subjectKeyIdentifier=hash + +authorityKeyIdentifier=keyid:always,issuer + +basicConstraints = CA:true + +[ crl_ext ] + +authorityKeyIdentifier=keyid:always + +[ v3_OCSP ] +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment +extendedKeyUsage = OCSPSigning + +[ ext_client ] + +basicConstraints=CA:FALSE +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer +authorityInfoAccess = OCSP;URI:http://server.w1.fi:8888/ +#@ALTNAME@ + +extendedKeyUsage = clientAuth + +[ ext_server ] + +basicConstraints=CA:FALSE +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer +authorityInfoAccess = OCSP;URI:http://server.w1.fi:8888/ +#@ALTNAME@ + +extendedKeyUsage = serverAuth + +[ ext_client_server ] + +basicConstraints=CA:FALSE +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer +authorityInfoAccess = OCSP;URI:http://server.w1.fi:8888/ +#@ALTNAME@ + +extendedKeyUsage = clientAuth, serverAuth diff --git a/tests/hwsim/auth_serv/server-eku-client-server.csr b/tests/hwsim/auth_serv/server-eku-client-server.csr new file mode 100644 index 000000000..e4a7a856e --- /dev/null +++ b/tests/hwsim/auth_serv/server-eku-client-server.csr @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBhjCB8AIBADBHMQswCQYDVQQGEwJGSTEQMA4GA1UEBwwHVHV1c3VsYTEOMAwG +A1UECgwFdzEuZmkxFjAUBgNVBAMMDXNlcnZlcjYudzEuZmkwgZ8wDQYJKoZIhvcN +AQEBBQADgY0AMIGJAoGBAMowHv0TagIoUZoOqR5yfudayMsMfoqZgY0FswmwqYbn +rkT64Mfu8xi0MWXjBW9mTuPkhYGbR39ftRYrsFmRnMVV09PKLIHO8CeoVN4OT9jw +Eb0LEFY4Jt+pOpUVk6YW7dIetLXAqGGOrhAE/eYmykoNkEu5rMmU8rFrl2tgJOq9 +AgMBAAGgADANBgkqhkiG9w0BAQUFAAOBgQA9gLu0fMZobrP6pkMTQFB/e8iDxeEl +LlTqNoZ1hMJ5CQHHB/CLK5D0D+oGrheb/7WA9kT9aMnk1KVFHFmNb0rGMHMLHIWb +PBb7d1xEFskl/iB1VshJX0DhYhkgwxuQzPF3fQCJV+pUf7hOI0tzY4yXgLykO5Us +qzQNeSKKXD3XbQ== +-----END CERTIFICATE REQUEST----- diff --git a/tests/hwsim/auth_serv/server-eku-client-server.pem b/tests/hwsim/auth_serv/server-eku-client-server.pem index 0ff897737..6891237ae 100644 --- a/tests/hwsim/auth_serv/server-eku-client-server.pem +++ b/tests/hwsim/auth_serv/server-eku-client-server.pem @@ -1,12 +1,12 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: 15624081837803162862 (0xd8d3e3a6cbe3ccee) + Serial Number: 15624081837803162901 (0xd8d3e3a6cbe3cd15) Signature Algorithm: sha256WithRSAEncryption Issuer: C=FI, O=w1.fi, CN=Root CA Validity - Not Before: Feb 18 19:37:20 2017 GMT - Not After : Feb 18 19:37:20 2018 GMT + Not Before: Oct 1 15:42:04 2017 GMT + Not After : Oct 1 15:42:04 2018 GMT Subject: C=FI, O=w1.fi, CN=server6.w1.fi Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -36,18 +36,18 @@ Certificate: X509v3 Extended Key Usage: TLS Web Client Authentication, TLS Web Server Authentication Signature Algorithm: sha256WithRSAEncryption - 23:d4:9e:22:e4:d2:74:de:e6:39:ce:f9:67:e4:55:2d:75:51: - 29:14:de:f4:b6:67:4b:df:c1:10:20:87:3b:ed:39:58:7c:a8: - 73:b3:8e:6e:59:54:88:ca:88:b9:9d:e5:e9:4d:fd:cd:ad:84: - 8d:30:d6:a8:8d:0d:b7:23:73:bc:83:36:bd:ff:9a:6a:b4:29: - 30:47:a6:7e:85:1c:76:f2:a9:34:c2:f8:a4:82:f8:7f:f7:d1: - e1:62:b0:6f:b1:0d:67:d3:34:0c:a1:97:23:13:cf:78:67:64: - f1:8c:30:b2:6a:08:61:59:79:7b:4e:9e:57:10:83:4d:d5:bc: - 4d:15 + 83:42:07:58:30:ac:24:5a:9f:cf:7e:87:a6:9b:b1:e7:27:e8: + 17:ff:43:bf:b9:82:0a:8c:97:59:a9:96:4e:fa:5c:dc:05:1f: + 8d:6c:89:a6:b1:df:e4:ab:09:89:c5:c1:bd:99:22:41:79:0f: + 88:ef:4c:48:51:a0:bd:0a:28:f3:91:d0:fe:c1:bb:3e:3b:5f: + 36:bb:3b:5f:1b:06:ce:3c:98:c9:3c:6a:9d:5c:4a:bf:75:45: + 94:df:45:d6:3b:1c:68:68:e2:ed:ca:0a:e9:f4:fa:15:e3:04: + c1:e1:8a:8c:ca:b7:0a:96:74:83:c7:fd:38:22:5f:c7:b1:df: + 4c:1e -----BEGIN CERTIFICATE----- -MIIChzCCAfCgAwIBAgIJANjT46bL48zuMA0GCSqGSIb3DQEBCwUAMC8xCzAJBgNV -BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTAeFw0xNzAy -MTgxOTM3MjBaFw0xODAyMTgxOTM3MjBaMDUxCzAJBgNVBAYTAkZJMQ4wDAYDVQQK +MIIChzCCAfCgAwIBAgIJANjT46bL480VMA0GCSqGSIb3DQEBCwUAMC8xCzAJBgNV +BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTAeFw0xNzEw +MDExNTQyMDRaFw0xODEwMDExNTQyMDRaMDUxCzAJBgNVBAYTAkZJMQ4wDAYDVQQK DAV3MS5maTEWMBQGA1UEAwwNc2VydmVyNi53MS5maTCBnzANBgkqhkiG9w0BAQEF AAOBjQAwgYkCgYEAyjAe/RNqAihRmg6pHnJ+51rIywx+ipmBjQWzCbCphueuRPrg x+7zGLQxZeMFb2ZO4+SFgZtHf1+1FiuwWZGcxVXT08osgc7wJ6hU3g5P2PARvQsQ @@ -55,8 +55,8 @@ Vjgm36k6lRWTphbt0h60tcCoYY6uEAT95ibKSg2QS7msyZTysWuXa2Ak6r0CAwEA AaOBpDCBoTAJBgNVHRMEAjAAMB0GA1UdDgQWBBTHxu/1YdKgCIFqa0Qs9XL32t5b uTAfBgNVHSMEGDAWgBS4kt79ihizMMOfVfMzXbTIKYpBFDA1BggrBgEFBQcBAQQp MCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9zZXJ2ZXIudzEuZmk6ODg4OC8wHQYDVR0l -BBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4GBACPUniLk -0nTe5jnO+WfkVS11USkU3vS2Z0vfwRAghzvtOVh8qHOzjm5ZVIjKiLmd5elN/c2t -hI0w1qiNDbcjc7yDNr3/mmq0KTBHpn6FHHbyqTTC+KSC+H/30eFisG+xDWfTNAyh -lyMTz3hnZPGMMLJqCGFZeXtOnlcQg03VvE0V +BBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4GBAINCB1gw +rCRan89+h6absecn6Bf/Q7+5ggqMl1mplk76XNwFH41siaax3+SrCYnFwb2ZIkF5 +D4jvTEhRoL0KKPOR0P7Buz47Xza7O18bBs48mMk8ap1cSr91RZTfRdY7HGho4u3K +Cun0+hXjBMHhiozKtwqWdIPH/TgiX8ex30we -----END CERTIFICATE----- diff --git a/tests/hwsim/auth_serv/server-eku-client.csr b/tests/hwsim/auth_serv/server-eku-client.csr new file mode 100644 index 000000000..72ab7903c --- /dev/null +++ b/tests/hwsim/auth_serv/server-eku-client.csr @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBhjCB8AIBADBHMQswCQYDVQQGEwJGSTEQMA4GA1UEBwwHVHV1c3VsYTEOMAwG +A1UECgwFdzEuZmkxFjAUBgNVBAMMDXNlcnZlcjUudzEuZmkwgZ8wDQYJKoZIhvcN +AQEBBQADgY0AMIGJAoGBAKOZ6eLhF2A7cDQadFxG47i9u6rJ8+77EjCgacN0OIA6 +uiNSx8Fqz7rdQePSaTWkpmBsMR+FvVZsewljzadRa4RAkHd+l2h7OLXEFTt0NzQo +unri14RTeHZNFre43wly54cmdCwEysXOKfW0ztso60VHQo/tiFqjI0mbe7w54QFT +AgMBAAGgADANBgkqhkiG9w0BAQUFAAOBgQBtsWMoDQr3miJluL8rnbsu7t7HhGn8 +BBJ393C6P8UHYJTlfMPfg+H2zfyrP68EV76lym5jmNOltZUv14joZjpYX9VOT+5r +e4wq697O7BDG7aBt2BR2BgYCMQiiAXisL0bOs6crYxapqCh3tyzkhxwOyqdqRO7R ++1BujmtweBGlBQ== +-----END CERTIFICATE REQUEST----- diff --git a/tests/hwsim/auth_serv/server-eku-client.pem b/tests/hwsim/auth_serv/server-eku-client.pem index b2115472f..7b9600e46 100644 --- a/tests/hwsim/auth_serv/server-eku-client.pem +++ b/tests/hwsim/auth_serv/server-eku-client.pem @@ -1,12 +1,12 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: 15624081837803162861 (0xd8d3e3a6cbe3cced) + Serial Number: 15624081837803162900 (0xd8d3e3a6cbe3cd14) Signature Algorithm: sha256WithRSAEncryption Issuer: C=FI, O=w1.fi, CN=Root CA Validity - Not Before: Feb 18 19:36:36 2017 GMT - Not After : Feb 18 19:36:36 2018 GMT + Not Before: Oct 1 15:42:04 2017 GMT + Not After : Oct 1 15:42:04 2018 GMT Subject: C=FI, O=w1.fi, CN=server5.w1.fi Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -36,18 +36,18 @@ Certificate: X509v3 Extended Key Usage: TLS Web Client Authentication Signature Algorithm: sha256WithRSAEncryption - 8a:68:22:48:71:eb:9f:c2:30:17:9d:27:3c:18:2b:8d:0d:70: - a1:80:b7:64:ff:3a:b9:6c:64:51:d8:57:a8:49:aa:e6:fa:1f: - e7:41:a1:2d:27:95:ba:83:6c:8b:9a:78:4c:b1:51:96:ba:a1: - 5e:63:23:bf:aa:57:26:28:33:54:01:38:a3:44:dd:96:bd:5b: - 92:e9:36:67:1a:66:11:4f:0a:0b:52:6d:bf:20:a0:79:78:61: - 8d:d9:6b:38:a0:a4:c7:a0:99:66:cd:57:e4:99:cd:e7:f3:00: - e8:29:74:99:d1:83:a7:9d:6e:5f:70:7c:e2:a2:3c:3c:6d:d3: - a2:1d + 1d:31:a8:51:d5:36:37:2c:e8:9f:00:62:c4:ad:2d:9d:79:9d: + 85:3f:3e:3e:18:d3:d2:47:85:dd:b2:e0:e7:ae:bd:33:b6:1f: + 02:7c:2a:cd:af:d4:24:66:5d:58:35:aa:14:19:a6:d3:bd:6a: + 51:f8:a9:ba:ef:0d:7e:83:6a:8e:d1:82:4f:ac:ab:e7:b7:dd: + 23:22:2b:3a:72:c8:2f:cb:11:4c:49:b1:44:cc:e9:3d:52:28: + 82:12:75:c3:ef:1d:08:a4:bf:01:84:24:78:9f:2a:c3:1a:5c: + e5:c9:89:c2:1e:25:04:5a:50:2b:ef:b2:2e:59:2b:19:8a:f7: + dc:8d -----BEGIN CERTIFICATE----- -MIICfTCCAeagAwIBAgIJANjT46bL48ztMA0GCSqGSIb3DQEBCwUAMC8xCzAJBgNV -BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTAeFw0xNzAy -MTgxOTM2MzZaFw0xODAyMTgxOTM2MzZaMDUxCzAJBgNVBAYTAkZJMQ4wDAYDVQQK +MIICfTCCAeagAwIBAgIJANjT46bL480UMA0GCSqGSIb3DQEBCwUAMC8xCzAJBgNV +BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTAeFw0xNzEw +MDExNTQyMDRaFw0xODEwMDExNTQyMDRaMDUxCzAJBgNVBAYTAkZJMQ4wDAYDVQQK DAV3MS5maTEWMBQGA1UEAwwNc2VydmVyNS53MS5maTCBnzANBgkqhkiG9w0BAQEF AAOBjQAwgYkCgYEAo5np4uEXYDtwNBp0XEbjuL27qsnz7vsSMKBpw3Q4gDq6I1LH wWrPut1B49JpNaSmYGwxH4W9Vmx7CWPNp1FrhECQd36XaHs4tcQVO3Q3NCi6euLX @@ -55,8 +55,8 @@ hFN4dk0Wt7jfCXLnhyZ0LATKxc4p9bTO2yjrRUdCj+2IWqMjSZt7vDnhAVMCAwEA AaOBmjCBlzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQzFp07FxWCKzRuOOjMIr9Jp14q KzAfBgNVHSMEGDAWgBS4kt79ihizMMOfVfMzXbTIKYpBFDA1BggrBgEFBQcBAQQp MCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9zZXJ2ZXIudzEuZmk6ODg4OC8wEwYDVR0l -BAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADgYEAimgiSHHrn8IwF50nPBgr -jQ1woYC3ZP86uWxkUdhXqEmq5vof50GhLSeVuoNsi5p4TLFRlrqhXmMjv6pXJigz -VAE4o0Tdlr1bkuk2ZxpmEU8KC1JtvyCgeXhhjdlrOKCkx6CZZs1X5JnN5/MA6Cl0 -mdGDp51uX3B84qI8PG3Toh0= +BAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADgYEAHTGoUdU2NyzonwBixK0t +nXmdhT8+PhjT0keF3bLg5669M7YfAnwqza/UJGZdWDWqFBmm071qUfipuu8NfoNq +jtGCT6yr57fdIyIrOnLIL8sRTEmxRMzpPVIoghJ1w+8dCKS/AYQkeJ8qwxpc5cmJ +wh4lBFpQK++yLlkrGYr33I0= -----END CERTIFICATE----- diff --git a/tests/hwsim/auth_serv/server-extra.pkcs12 b/tests/hwsim/auth_serv/server-extra.pkcs12 index 1ae6ce58ad7e7c3cbdcd5b0c8ef7d503b680a959..244c538e3178a443737507a8a480126541e4eed8 100644 GIT binary patch delta 2248 zcmV;(2siio68aL5U4JUnX#6n#%J>2T2mpYB1;B2AmM|MD-p#38f)^~38ts3d0Tdd| z_xJ_*@hGWyg*qIYf7>i^A12j3sLcbSo#SG)Xx+wi`HZb@LxyZHnu#vb&4P=2!Pqx;XtfwYz`_mIr^k-W?jB-6oVWis`k{>HyPB%A}`ZEChrx)xF{{~QbA zFyw2PK947Xx}wnFIeol)szYk*Q%a0M{s!|nUPy+9+e}k%(g?9#D|rJiurU9#XY5q} zWxjhT`7$sEIe(@m);1-}R5VGBH8}g6q!SCN1zAVWvntVJ^YFD`8BI~uHU%I+`71B? z#WhENWQZxfA2aR#%^)HGM*xU|N|`#oGyU45SeDrhWRk&^V#91}PE%=10Ll&iURYt->a(lo&+2*G{+V;u){n& zB%-s)t-Q4h4EhCsTi@6O+;{ugsQ{MRi>jFc zhJS6{(}jEysS+CVh}HYa|rc`97KPna#saeDU?@Jr@R_kD!s#o0lo z*xXTv=Z>_W!+G$Es5M9@Z<}bi62dV?n>=+H)7L;o`=$0$VU?6| zdu;!0_A*68PFul-p*5#a`5epif9EHDqOe5wK)@hJc`kG-_^;o)^Mm6e{D171)|<9Y z=a!~yRU}0%RENA3BEQ1dw9Kmc@qim~(_=d#^M=Tc@hCApY@ORO{1E#-0QeBuk2r8T z?8D+lP|R&Flo}KJ{#cUUti-D+WTZyb6RZi*4QvIVS$GR>-Jq(+geoh)nZSftYFQuz zC*&G?vS6uqH2(F*pyBc`FX(=?Sj&tUH+MB&O@3*eteXnCPG^RV(yCQe@dOT)fErz zsvh9&WdqwUD}=a-dayR=RQpWST=}lGI;SQi!Bl4y1bsd4I{`A_Egyb_* zm=or(mvGgAFUJ^6t`e*wdm>Ne_FW3fT(@c#@x8>$5!`z-VNSF04z2F0Ma# z@Q0CGw;)bFyU_V^S#Gd+Dz^iKC+efne5rz+*K;6qe6EY0%N?)-q~%r8m0JO(RL{|= zpLtNoAAeRlo~5MxIaTAP>R*ai`QMQU=Da+eVa)53XErZ8sKw5>11UwKA(}@e|7m&_ zivA%U28{g_tX?eTvVWmJR?Cgt%|H=S)bI!@hDo-Q*PCNs z{9bG76ZMWvFUj?w<0+X_1&Ve91~YBAsz;lKpK_#1*2! zc%p1qFaw+_)o4p(PV~bH>hu!kKrAb8|5EXpUp2Vy#G^_VzxM`ST_gs1)QWtCqI=!n zhJTUS3O>Xfh8f76SNnS4Pa;K1H}%9Sl8}b!oicpTLQ(67s37>O9Z*oEn$*-0%e?Cm zyB;^amXw|4VepeMxQjeuTuGYh@SwbfSPq8r3>x(DwVH?y+;X%PwwMK%Zz(7DQg&j^ zcf!$n>^&vK@|vtoSCr0hhCuV!-Hm>WoE04o4JmaQKLybhE6wTT>yc3>a{#fE0|_uk z^Du3Or delta 2248 zcmV;(2siio68aL5U4O~b{8)RCC+7kJ2mpYB1;B+se&{gH4n&<<>8ZWe)!G#39hIN> zPL;JS*CJ`1j*2DyCH!}Swbu(?d(BWoLZf%T)C?Bl@8y!|W|WPqBzQj7Pp&A%pNVbs z`)W*F+ESfFm21<*lk7ilPeTBC6`B)u#;)kR{cZbrY>d9uvk24gt6Q&BC)Mfm znI{FN!~*!J)zHgqr(Vwq#T;x$JD-r@$rU|&(S$>Tn6&P;7L)&&s?02aN6nbgZnxoTcsfd8C^ENpae``9L`O zryQnvnCjX?K5uUO^#{9E2YhrSy1{NFND8|L%9pQ?Y=6@XY}7uWbLRlqiBl ztK~I9L;6K;8Xkp5WZ##uq(BuljkGN)4nH)|Z(TK0KqI1?bc^ZO2ptmS<9EQC#Jxsr zXn!JuB0~{J<~YV8Pjv#P_WJR(X5@ytOs6WFO0|znwJ%!%ZaUw@l_hu7c!{nGHS?|Z zEJg^yy@pPb$4x)}rGFcN5!PEn4kIBu0rg!VJ~ya*L+@cKqrqXij9d{7TQ9WiotG;K z@uRmy&-^e#f?`9Hx7OD3BE=TtCZgTnHh-MG?e}e3q&__jcZTt23{GxS^;FAddG>=3 z%N`n5@JGWyFBE>dUdJGUQ@&Dy8p1De$DoNDO3Di~5>p*L{~k&5h)=|sdG|eZARIOw zM{cJPwIc$_mcM(rDluq1sSXq>y80=Jf6V3r_fGABApF!*Vwg|IKmizMylBr zMxL`|S8yn2u2hoG!bN)p_Q8&91qPn7FQf5%P$Zec+j8fzzW{MYM)^d<QCSs8{c!!J=gH&1?HQBN=03ymm%aQa3IzX*c&aWNP7nvxCJ6%fc&@N^_%8jb9p zQ@Ji-N8m&@nO1xeJ@`x{bw@dS<`cfnIy&m_t%JG>+jBG^W30GM-~wZ z+^Wen&z_?c3xK=bDoV=zRGzy`dGQm+x=TB^=Q2JzqEHRG>`c;FLk`Ccah8w~2{WnY z4*=u|ag!|uMt>slXZjoN1G@qO2ml0v0)Xkhan7*|^-q&l=25z|H!sFZ%d;%wdjd<; zBg?h~s%8aG#i{zO2YrhCkkt&+Ev)g7o!;3~H~O}SV-uboeuzxo5adTfhSxnY7&@5D zB0^RQs$}u~gAF*K)agWE$jjM)Q`iT|_1pIXTHKEQmVa~uDS($eYNmW@lENNg+G$)~ zP^7lb_x)E88p#P&l_tsRzssxWqhzhUd8%)Ha~*HZQbF`@P(XE2-6Aa8fWmE+tfKrS zS7JB6qF2rdYepb_wA3eK>U`lp3iy~t*m!O;40Og?{c>*es%7|N`6 zC6O=uFFCfvkh~(L*FQ@?)2al4pr+a|nq2CK?$7q}}CTQVzKt(KJD%t8IWrFm*(%IX3S&fGxJ-fKN z$CfX(0&ed6K?mzvjWl<#N^Fb}NOQFg3iKzoV8^L;IUE!*K?q~Oo^EwiQU#$cX9YhF zihmbGdQtACi*94FCZ{48OWZuY?W4MW#`1E8(d1j`;Yb~XS*$}&H-vWN)$Q6-UI8mJ zVk0PmBS`sWB^W|nrVPWsN#1Fx7e3{z`PCA*b30QoOv2L+)%WwesJ-7pl z!2L}dnTsz|K3-RJ#Im#{nSt9YJx=AOiWN$)7C(E_aznJ+z%sOHw{hqqgu_RZ0|_uk zcs2#MX6CbE16F{1feuM6`7PmNFflM8FbM_)D-Ht!8U+9Z6z%y6s}_!WiWZ7O+hGo) WG{_D1&jbjAU%K&v4`7;6n2mpYB0{Co?pfV&E4pvf=S;H?jhpLpx`q={Fuxz~mU45)7#$lAmNuFPW>q!fKdhyA-s5iu%VhdUx z>%)6JjHo0@LVrn5*ytSyp9K`bbLrl*)9*hi;SnBpHPbxPIe>tVe_begRPFU}dSQDB zf8nFr%1GBV3Ox#wiApfj9B->)>t-#rF)#{3Ye?%CUcA{@ElH09QlDycTY!ScM>fYS zUlWsBEbDarWG#nYtX`ENrm&Xh=bDv;E>x?jm=*Ex^?awK0A3YB;n-ph&@X=E|BvosFGM zG)N(})ed(T)Hb}&>M|1c8(U9iSdz~})X9`@;Frv{=^5}IDD;j(QTrClClU88IM^nS zVww}KN@GtXVS`w;f-@p9gd_8?*+Ga1Wt5KGV)Y{-i$R3t#X3VScwU9@>R$_MpfW3%Q8MH};|DI)kTrVsy zU~#AqbIOO!3JfOHzIM0=*9=H?`nm3wzLn?@qjs?r$b%M-8kIi^UoH2{>EaJPnG_6dof(tf50{*i3@w_qdNSrCcAsXQ+O+uZx4l$yQI}ZR)83~ zV|4l2&?u@1>{N{CT|HR7x7)&as8xc?LOa9T#I~})5$k$hSfEP%U~tz1oUCwCx^Sgo z>Zr!sY9@c1OuVlYuMy_!f3oY*w5Jijv4(b45nFD(cC=xnNJJPc+tV3xBdHQubrdDN4PR1Nro3V1Mp+2oVY>H<&DKE@bgm? zrB$TFW91mRx6xw+Kv%QC);q#!hMY!#v0rbMxPo8~ie}?|7U<^#f53!jUgT#TfN;l? zsg(v9P)VxPi&ot>D|bx6UtB^25I93h+T9O?`RSvPYl|+(cdhN>7<5Xh@aH4SUXBK>xf3Ld7k`2l8pt~l+2D2p@*NMD)E~a|*eaz>q-*A+5moW}w&XP%M zBJ21b?tjueF!?241R*kTq3TZdw9dphssO4MbYg>JE1~EbvzqpuqkN`B?FV*HkM*C zQf9E7ZvZhRFe3&DDuzgg_YDCF6)_eB6!S1`hNqTBkfHbIY_E^F?MWme+b}UOAutIB v1uG5%0vZJX1QdpeGU3Os@z_yJxj*2QV$(f~Aq4~o|LVpydN80n0s;sC^VRk8 delta 1545 zcmV+k2KM=t4V4X$U4O~gXY!olI7V;z<*YA0BOFK2|QoavXPK% z-U}4tQlZ3#W(=1z&RA1JN!czOM7pTn;U0gz z6=)@{p6}yyab=JoX|YkzY_yn*)N<>&~wKxbE20m?3iYK;Mrd3LNnUoH>k#(e&J?T z>a;_fzC%vLQec`q*2GF3)C66CsQ1rqF6hKy7b7n0<@Wn@W`|{-wa}x2)!pW#h^^gooC3N zc(>GyNj_@n)IeYA=+IP(ZL?l1NH~GjX_g&Q`n3kZZ!Z>w!2aifJ25iXnu9KODCuEU zVCb0HJAVrv%0gHeo+q1OmCv^cQE?Q0O@ck02FdyHv?ahc@NL%M_~JXv^Ju8np)nm7 z6&^GE&jb=C@B7Pi>7z5Hu+$S!>iyo%klBGf)tkK0Flvrh&YnaOQ;>j(+*(!c6Iu$| z;@PD9JfYYeJ6?8*lR4JnqDrY8f7(?|P01i@Fn@8wUqG>(w{n?*8uxq}&_zBn*!X^7 zOjbjja(0|_=|d8Jad`@syfJ;ueS*pI0KYHzzy`UFQR1i#xw+lfQ-txgB_WifIz){7 zH?6H9R4P%W>a8fuu(I5SLSVSFlZG!+7?bU{waV~qSRC31yTrH>q`ae*mHfmAkmRl# z-VQ6fF^6M!>?M_A!0W>AlVt-&e=r~@$XRB*`T_z700e>pfZbNDF1wdI#-BinFj)r~ zq*%Go#mSa($Q}T>Us!=TirQSBxf1-$5gpD@M4m*v9y~1yOQF(u`nOrKUP1n;#oQ!Gmz}_*&@mf$Y-ahah>dg+0Q@j!wB;0Vse+My|a{7!x zwDXmZk<8*JOnP(U&@%1}xF|ZCfi>|ieBcM11mmr7I03y-=j+kn{D@T108#z!D~(F$ zYCEc@5`)Hrfs$|sxZ>4WpB{FerK3#PZDdkA@D1;7z12Gk{ZkwLY7PIf8$;Eg_>s|8 zXt-=rl=5*Xx91`6AlF4BwcjuoDc%Do5hkmCMO7eWN)G+HVO`4@e<7dWlTMpdo?dfG zodLGP=T5D_0kbm7R6vSi9n|^;X;%KJ=k7XFAmf>S^s z8+drwzF|s2H7mzCwW*$6J!p`hk|ffG2rzVXUtD!V(lO=a(jMcN%{DM3%c3O*%B_n| z|D=8g<~VnAhJV{ae**b!Bk=$D9!dQhSQqweUqy=zO;{%;xkaBO11nKG!nrB~`2j8J zpJ=`=!aEHNgZ9Qc3tD&P?fmpYV;bQ^lbQDJo_0G+Hfb-da;H4BNYN;T4FRRT#kOcW zn&Jnh^;BhD(_e)FsW>89kGl*hds;x+SE02#(4QPo`AX%qZ@7!^{*PbA2Tz`dyVscP zO3qh}O$RY0Fe3&DDuzgg_YDCF6)_eB6nHiTw`S(EVgpuye1Q&0E%`0sV=yr=AutIB v1uG5%0vZJX1Qchy{eB5A$0TmEv3{#|>~}q+yqyFHs*I-*goAV(0s;sCKZNl% diff --git a/tests/hwsim/auth_serv/test-ca/cacert.pem b/tests/hwsim/auth_serv/test-ca/cacert.pem new file mode 100644 index 000000000..b128893a1 --- /dev/null +++ b/tests/hwsim/auth_serv/test-ca/cacert.pem @@ -0,0 +1,55 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 15624081837803162817 (0xd8d3e3a6cbe3ccc1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=FI, O=w1.fi, CN=Root CA + Validity + Not Before: Jun 29 16:41:22 2013 GMT + Not After : Jun 27 16:41:22 2023 GMT + Subject: C=FI, O=w1.fi, CN=Root CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:be:1e:86:e4:79:03:c1:d1:94:d5:d4:b3:b1:28: + 90:76:fb:b8:a6:cd:6d:1c:d1:48:f4:08:9a:67:ff: + f9:a6:54:b1:19:29:df:29:1b:cd:f1:6f:66:01:e7: + db:79:ce:c0:39:2a:25:13:26:94:0c:2c:7b:5a:2c: + 81:0f:94:ee:51:d0:75:e6:46:db:17:46:a7:15:8b: + 0e:57:0f:b0:54:76:63:12:ca:86:18:bc:1a:c3:16: + c0:70:09:d6:6b:43:39:b8:98:29:46:ac:cb:6a:ad: + 38:88:3b:07:dc:81:cd:3a:f6:1d:f6:2f:ef:1d:d7: + ae:8a:b6:d1:e7:b3:15:02:b9 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + B8:92:DE:FD:8A:18:B3:30:C3:9F:55:F3:33:5D:B4:C8:29:8A:41:14 + X509v3 Authority Key Identifier: + keyid:B8:92:DE:FD:8A:18:B3:30:C3:9F:55:F3:33:5D:B4:C8:29:8A:41:14 + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha1WithRSAEncryption + 1a:cf:77:60:44:43:c4:55:0e:99:e0:89:aa:b9:d3:7b:32:b7: + 5c:9c:7c:ca:fe:8c:d4:94:c6:5e:f3:83:19:5f:29:59:68:a4: + 4f:dc:04:2e:b8:71:c0:6d:3b:ae:01:e4:b9:88:99:cc:ce:82: + be:6a:28:c2:ac:6a:94:c6:87:90:ed:85:3c:10:71:c5:ff:3c: + 70:64:e2:41:62:31:ea:86:7b:11:8c:93:ea:c6:f3:f3:4e:f9: + d4:f2:81:90:d7:f4:fa:a1:91:6e:d4:dd:15:3e:26:3b:ac:1e: + c3:c2:1f:ed:bb:34:bf:cb:b2:67:c6:c6:51:e8:51:22:b4:f3: + 92:e8 +-----BEGIN CERTIFICATE----- +MIICLDCCAZWgAwIBAgIJANjT46bL48zBMA0GCSqGSIb3DQEBBQUAMC8xCzAJBgNV +BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTAeFw0xMzA2 +MjkxNjQxMjJaFw0yMzA2MjcxNjQxMjJaMC8xCzAJBgNVBAYTAkZJMQ4wDAYDVQQK +DAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw +gYkCgYEAvh6G5HkDwdGU1dSzsSiQdvu4ps1tHNFI9AiaZ//5plSxGSnfKRvN8W9m +Aefbec7AOSolEyaUDCx7WiyBD5TuUdB15kbbF0anFYsOVw+wVHZjEsqGGLwawxbA +cAnWa0M5uJgpRqzLaq04iDsH3IHNOvYd9i/vHdeuirbR57MVArkCAwEAAaNQME4w +HQYDVR0OBBYEFLiS3v2KGLMww59V8zNdtMgpikEUMB8GA1UdIwQYMBaAFLiS3v2K +GLMww59V8zNdtMgpikEUMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA +Gs93YERDxFUOmeCJqrnTezK3XJx8yv6M1JTGXvODGV8pWWikT9wELrhxwG07rgHk +uYiZzM6CvmoowqxqlMaHkO2FPBBxxf88cGTiQWIx6oZ7EYyT6sbz80751PKBkNf0 ++qGRbtTdFT4mO6wew8If7bs0v8uyZ8bGUehRIrTzkug= +-----END CERTIFICATE----- diff --git a/tests/hwsim/auth_serv/test-ca/index.txt b/tests/hwsim/auth_serv/test-ca/index.txt new file mode 100644 index 000000000..c85734cb6 --- /dev/null +++ b/tests/hwsim/auth_serv/test-ca/index.txt @@ -0,0 +1,39 @@ +V 181001144953Z D8D3E3A6CBE3CCEF unknown /C=FI/O=w1.fi/CN=server.w1.fi +V 181001145631Z D8D3E3A6CBE3CCF1 unknown /C=FI/O=w1.fi/CN=server.w1.fi +V 181001145633Z D8D3E3A6CBE3CCF2 unknown /C=FI/O=w1.fi/CN=server.w1.fi +V 181001145742Z D8D3E3A6CBE3CCF3 unknown /C=FI/O=w1.fi/CN=server.w1.fi +V 181001145742Z D8D3E3A6CBE3CCF4 unknown /C=FI/O=w1.fi/CN=Test User +V 181001150518Z D8D3E3A6CBE3CCF5 unknown /C=FI/O=w1.fi/CN=server.w1.fi +V 181001150546Z D8D3E3A6CBE3CCF6 unknown /C=FI/O=w1.fi/CN=Test User +V 181001151024Z D8D3E3A6CBE3CCF7 unknown /C=FI/O=w1.fi/CN=server.w1.fi +V 181001151024Z D8D3E3A6CBE3CCF8 unknown /C=FI/O=w1.fi/CN=Test User +V 181001151254Z D8D3E3A6CBE3CCF9 unknown /C=FI/O=w1.fi/CN=server.w1.fi +V 181001151254Z D8D3E3A6CBE3CCFA unknown /C=FI/O=w1.fi/CN=server3.w1.fi +V 181001151254Z D8D3E3A6CBE3CCFB unknown /C=FI/O=w1.fi/CN=server5.w1.fi +V 181001151254Z D8D3E3A6CBE3CCFC unknown /C=FI/O=w1.fi/CN=server6.w1.fi +V 181001151254Z D8D3E3A6CBE3CCFD unknown /C=FI/O=w1.fi/CN=Test User +V 181001152159Z D8D3E3A6CBE3CCFE unknown /C=FI/O=w1.fi/CN=server.w1.fi +V 181001152159Z D8D3E3A6CBE3CCFF unknown /C=FI/O=w1.fi/CN=server3.w1.fi +V 181001152159Z D8D3E3A6CBE3CD00 unknown /C=FI/O=w1.fi/CN=server5.w1.fi +V 181001152159Z D8D3E3A6CBE3CD01 unknown /C=FI/O=w1.fi/CN=server6.w1.fi +V 181001152159Z D8D3E3A6CBE3CD02 unknown /C=FI/O=w1.fi/CN=Test User +V 181001152221Z D8D3E3A6CBE3CD03 unknown /C=FI/O=w1.fi/CN=server.w1.fi +V 181001152221Z D8D3E3A6CBE3CD04 unknown /C=FI/O=w1.fi/CN=server3.w1.fi +V 181001152221Z D8D3E3A6CBE3CD05 unknown /C=FI/O=w1.fi/CN=server5.w1.fi +V 181001152221Z D8D3E3A6CBE3CD06 unknown /C=FI/O=w1.fi/CN=server6.w1.fi +V 181001152221Z D8D3E3A6CBE3CD07 unknown /C=FI/O=w1.fi/CN=Test User +V 181001152519Z D8D3E3A6CBE3CD08 unknown /C=FI/O=w1.fi/CN=server.w1.fi +V 181001152519Z D8D3E3A6CBE3CD09 unknown /C=FI/O=w1.fi/CN=server3.w1.fi +V 181001152519Z D8D3E3A6CBE3CD0A unknown /C=FI/O=w1.fi/CN=server5.w1.fi +V 181001152519Z D8D3E3A6CBE3CD0B unknown /C=FI/O=w1.fi/CN=server6.w1.fi +V 181001152519Z D8D3E3A6CBE3CD0C unknown /C=FI/O=w1.fi/CN=Test User +V 181001152815Z D8D3E3A6CBE3CD0D unknown /C=FI/O=w1.fi/CN=server.w1.fi +V 181001152815Z D8D3E3A6CBE3CD0E unknown /C=FI/O=w1.fi/CN=server3.w1.fi +V 181001152815Z D8D3E3A6CBE3CD0F unknown /C=FI/O=w1.fi/CN=server5.w1.fi +V 181001152815Z D8D3E3A6CBE3CD10 unknown /C=FI/O=w1.fi/CN=server6.w1.fi +V 181001152815Z D8D3E3A6CBE3CD11 unknown /C=FI/O=w1.fi/CN=Test User +V 181001154204Z D8D3E3A6CBE3CD12 unknown /C=FI/O=w1.fi/CN=server.w1.fi +V 181001154204Z D8D3E3A6CBE3CD13 unknown /C=FI/O=w1.fi/CN=server3.w1.fi +V 181001154204Z D8D3E3A6CBE3CD14 unknown /C=FI/O=w1.fi/CN=server5.w1.fi +V 181001154204Z D8D3E3A6CBE3CD15 unknown /C=FI/O=w1.fi/CN=server6.w1.fi +V 181001154204Z D8D3E3A6CBE3CD16 unknown /C=FI/O=w1.fi/CN=Test User diff --git a/tests/hwsim/auth_serv/test-ca/index.txt.attr b/tests/hwsim/auth_serv/test-ca/index.txt.attr new file mode 100644 index 000000000..3a7e39e6e --- /dev/null +++ b/tests/hwsim/auth_serv/test-ca/index.txt.attr @@ -0,0 +1 @@ +unique_subject = no diff --git a/tests/hwsim/auth_serv/test-ca/private/cakey.pem b/tests/hwsim/auth_serv/test-ca/private/cakey.pem new file mode 100644 index 000000000..cddf6b1cf --- /dev/null +++ b/tests/hwsim/auth_serv/test-ca/private/cakey.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQC+HobkeQPB0ZTV1LOxKJB2+7imzW0c0Uj0CJpn//mmVLEZKd8p +G83xb2YB59t5zsA5KiUTJpQMLHtaLIEPlO5R0HXmRtsXRqcViw5XD7BUdmMSyoYY +vBrDFsBwCdZrQzm4mClGrMtqrTiIOwfcgc069h32L+8d166KttHnsxUCuQIDAQAB +AoGAEPKDr8Yh0ZsvG0iUpAwrpI+XzDavrUvypt5FdVPaGzudddLHs9BosUbu3uie +JeOKOw5Is8ZSmCs267jf4FW0UKtgpnHGK2H0ba0iramzz07oK48V4y7C7nS3eJr/ +Oen6H9BW4DNXreFZ5yTRFOiQ4eD1pHqR/M/bBieDfRjakgECQQDfgiYYInio4TmM +9q/h1q5T1bGgajz5U4GInd0K2diNqVoGhSTAyRRGauH+68tPQuX7WCM1VE/lZfZL +4/dlOaRhAkEA2cHNkrFh4CAlXgtCub+psmT032AIFDEpNNT0K22XIE8savYNqs8w +aGPurrwGQflxCB19boiaKEcW5FQDkff9WQJAbUznNiw9V1D05OOKNWXX0HWTLMBn +WwIkOVwByZmo1fX4aXHY/FIZESqZpCFJRlSPxS9f4Gd/vs3y+T/dLupWYQJAJDGX +RrOfDg6px1jdzVvzC8jF/r7KePi23aYrs3Ayt1cRjfG50dNAO4moqXhtHdglFnE4 +YP/ph5pRTsA8G635eQJBAKbh0zB4HqFI2PmnKsShFBPNkK5x17nAZlYNJf2Ip4Ii +2Gjxyx4H0iBVgFYLsLB6hRBkOPpx6Jl8mJXOtFXb8lE= +-----END RSA PRIVATE KEY----- diff --git a/tests/hwsim/auth_serv/test-ca/serial b/tests/hwsim/auth_serv/test-ca/serial new file mode 100644 index 000000000..f4980db40 --- /dev/null +++ b/tests/hwsim/auth_serv/test-ca/serial @@ -0,0 +1 @@ +D8D3E3A6CBE3CD17 diff --git a/tests/hwsim/auth_serv/update.sh b/tests/hwsim/auth_serv/update.sh new file mode 100755 index 000000000..1defe3ba4 --- /dev/null +++ b/tests/hwsim/auth_serv/update.sh @@ -0,0 +1,74 @@ +#!/bin/sh + +OPENSSL=openssl + +mkdir -p test-ca/newcerts + +echo +echo "---[ Update server certificates ]---------------------------------------" +echo + +cat openssl2.cnf | + sed "s/#@CN@/commonName_default = server.w1.fi/" | + sed "s/#@ALTNAME@/subjectAltName=DNS:server.w1.fi/" \ + > openssl.cnf.tmp +$OPENSSL ca -config $PWD/openssl.cnf.tmp -batch -in server.csr -out server.pem -extensions ext_server + +$OPENSSL pkcs12 -export -out server.pkcs12 -in server.pem -inkey server.key -passout pass: +$OPENSSL pkcs12 -export -out server-extra.pkcs12 -in server.pem -inkey server.key -descert -certfile user.pem -passout pass:whatever -name server + +cat openssl2.cnf | + sed "s/#@CN@/commonName_default = server3.w1.fi/" \ + > openssl.cnf.tmp +$OPENSSL ca -config $PWD/openssl.cnf.tmp -batch -in server-no-dnsname.csr -out server-no-dnsname.pem -extensions ext_server + +cat openssl2.cnf | + sed "s/#@CN@/commonName_default = server5.w1.fi/" \ + > openssl.cnf.tmp +$OPENSSL ca -config $PWD/openssl.cnf.tmp -batch -in server-eku-client.csr -out server-eku-client.pem -extensions ext_client + +cat openssl2.cnf | + sed "s/#@CN@/commonName_default = server6.w1.fi/" \ + > openssl.cnf.tmp +$OPENSSL ca -config $PWD/openssl.cnf.tmp -batch -in server-eku-client-server.csr -out server-eku-client-server.pem -extensions ext_client_server + +echo +echo "---[ Update user certificates ]-----------------------------------------" +echo + +cat openssl2.cnf | sed "s/#@CN@/commonName_default = User/" > openssl.cnf.tmp +$OPENSSL ca -config $PWD/openssl.cnf.tmp -batch -in user.csr -out user.pem -extensions ext_client +rm openssl.cnf.tmp + +$OPENSSL pkcs12 -export -out user.pkcs12 -in user.pem -inkey user.key -descert -passout pass:whatever +$OPENSSL pkcs12 -export -out user2.pkcs12 -in user.pem -inkey user.key -descert -name Test -certfile server.pem -passout pass:whatever +$OPENSSL pkcs12 -export -out user3.pkcs12 -in user.pem -inkey user.key -descert -name "my certificates" -certfile ca.pem -passout pass:whatever + +echo +echo "---[ Update OCSP ]------------------------------------------------------" +echo + +$OPENSSL ocsp -CAfile test-ca/cacert.pem -issuer test-ca/cacert.pem -cert server.pem -reqout ocsp-req.der -no_nonce +$OPENSSL ocsp -index test-ca/index.txt -rsigner test-ca/cacert.pem -rkey test-ca/private/cakey.pem -CA test-ca/cacert.pem -resp_no_certs -reqin ocsp-req.der -respout ocsp-server-cache.der + +echo +echo "---[ Additional steps ]-------------------------------------------------" +echo + +echo "test_ap_eap.py: ap_wpa2_eap_ttls_server_cert_hash srv_cert_hash" + +$OPENSSL x509 -in server.pem -out server.der -outform DER +HASH=`sha256sum server.der | cut -f1 -d' '` +rm server.der +sed -i "s/srv_cert_hash =.*/srv_cert_hash = \"$HASH\"/" ../test_ap_eap.py + +echo "index.txt: server time+serial" + +grep -v CN=server.w1.fi index.txt > index.txt.new +grep CN=server.w1.fi test-ca/index.txt | tail -1 >> index.txt.new +mv index.txt.new index.txt + +echo "start.sh: openssl ocsp -reqout serial" + +SERIAL=`grep CN=server.w1.fi test-ca/index.txt | tail -1 | cut -f4` +sed -i "s/serial 0x[^ ]* -no_nonce/serial 0x$SERIAL -no_nonce/" ../start.sh diff --git a/tests/hwsim/auth_serv/user.csr b/tests/hwsim/auth_serv/user.csr new file mode 100644 index 000000000..921eb68a1 --- /dev/null +++ b/tests/hwsim/auth_serv/user.csr @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBgjCB7AIBADBDMQswCQYDVQQGEwJGSTEQMA4GA1UEBwwHVHV1c3VsYTEOMAwG +A1UECgwFdzEuZmkxEjAQBgNVBAMMCVRlc3QgVXNlcjCBnzANBgkqhkiG9w0BAQEF +AAOBjQAwgYkCgYEAppYumyKM35S+i4lJ9nh2omB+FJXzlv6rGSUDNGR0AT6on3zx +R2FgTIKSKHwroA7Lh79Z69fzYSI7FPOrMfZalR+4ergsPKlhU3ib6D5Q7MLWROdD +zbw+TudG/pKew5gPKVjIy4kBdUfplVcPdsUvBV7HHg3yPBJjXblUGa9/QGsCAwEA +AaAAMA0GCSqGSIb3DQEBCwUAA4GBACZXujbQL1Y5fOWK2pRyckyk92NAwgPXWqo7 +8d9FF2bIDBfautK2GYd74SDdUOzjNjGLoEO9tIhB3jWQp8qaC/HiWwbDGd6Ugo8g +WnuLTf2vfL67IdVzG26IAdflrEF4XX3HjuHJO1NxtXKw/u5hm6qiJAu9tkA+2zEM +bbG4Bg/+ +-----END CERTIFICATE REQUEST----- diff --git a/tests/hwsim/auth_serv/user.pem b/tests/hwsim/auth_serv/user.pem index 81a0860db..4f667b339 100644 --- a/tests/hwsim/auth_serv/user.pem +++ b/tests/hwsim/auth_serv/user.pem @@ -1,12 +1,12 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: 15624081837803162859 (0xd8d3e3a6cbe3cceb) + Serial Number: 15624081837803162902 (0xd8d3e3a6cbe3cd16) Signature Algorithm: sha256WithRSAEncryption Issuer: C=FI, O=w1.fi, CN=Root CA Validity - Not Before: Sep 30 18:20:27 2016 GMT - Not After : Sep 30 18:20:27 2017 GMT + Not Before: Oct 1 15:42:04 2017 GMT + Not After : Oct 1 15:42:04 2018 GMT Subject: C=FI, O=w1.fi, CN=Test User Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -36,18 +36,18 @@ Certificate: X509v3 Extended Key Usage: TLS Web Client Authentication Signature Algorithm: sha256WithRSAEncryption - 47:2e:3d:23:86:d0:3e:fb:b5:7f:d6:32:6b:12:fb:7c:76:78: - ec:82:db:ab:fa:5e:0f:1d:97:36:f9:de:b3:cb:fd:08:9e:d5: - cd:3d:97:78:c5:00:ce:78:f1:39:3b:84:c9:d0:e6:17:58:ed: - ac:e2:d2:a8:7a:fd:b9:19:a4:1c:57:08:17:8c:7f:70:88:82: - d5:89:0f:1e:18:22:6d:62:69:4c:12:92:32:bc:cc:1b:a0:05: - bc:af:7f:53:a9:dc:a9:55:48:e0:28:34:3e:60:3f:82:16:ac: - 70:a1:01:e7:75:cf:a0:72:ad:39:ad:52:65:a8:64:fa:7f:11: - f2:f5 + bc:cf:10:42:b7:13:7f:1b:59:89:a7:27:2b:de:71:26:cc:2d: + 59:bb:c8:12:dd:56:7a:88:14:e1:b5:09:6e:f9:64:72:96:56: + ed:2f:f9:00:e7:08:9c:8b:5c:fe:cf:a2:9d:bd:48:80:95:41: + e4:3e:ce:75:4a:41:a6:49:77:e1:48:0b:29:dd:ee:d1:f3:68: + 7c:94:7c:95:2a:7f:d5:a9:a5:a6:a4:b2:9b:8e:70:ec:05:3d: + 46:62:37:dc:ea:71:ae:32:0e:a5:ed:77:26:d4:e0:b5:0f:bd: + d5:8f:6a:99:65:75:58:57:31:02:78:d5:e5:b0:ae:68:af:d5: + 0d:92 -----BEGIN CERTIFICATE----- -MIICeTCCAeKgAwIBAgIJANjT46bL48zrMA0GCSqGSIb3DQEBCwUAMC8xCzAJBgNV -BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTAeFw0xNjA5 -MzAxODIwMjdaFw0xNzA5MzAxODIwMjdaMDExCzAJBgNVBAYTAkZJMQ4wDAYDVQQK +MIICeTCCAeKgAwIBAgIJANjT46bL480WMA0GCSqGSIb3DQEBCwUAMC8xCzAJBgNV +BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTAeFw0xNzEw +MDExNTQyMDRaFw0xODEwMDExNTQyMDRaMDExCzAJBgNVBAYTAkZJMQ4wDAYDVQQK DAV3MS5maTESMBAGA1UEAwwJVGVzdCBVc2VyMIGfMA0GCSqGSIb3DQEBAQUAA4GN ADCBiQKBgQCmli6bIozflL6LiUn2eHaiYH4UlfOW/qsZJQM0ZHQBPqiffPFHYWBM gpIofCugDsuHv1nr1/NhIjsU86sx9lqVH7h6uCw8qWFTeJvoPlDswtZE50PNvD5O @@ -55,8 +55,8 @@ gpIofCugDsuHv1nr1/NhIjsU86sx9lqVH7h6uCw8qWFTeJvoPlDswtZE50PNvD5O MIGXMAkGA1UdEwQCMAAwHQYDVR0OBBYEFIHe3+laABrKZ9YG3WWyTsWaBEN9MB8G A1UdIwQYMBaAFLiS3v2KGLMww59V8zNdtMgpikEUMDUGCCsGAQUFBwEBBCkwJzAl BggrBgEFBQcwAYYZaHR0cDovL3NlcnZlci53MS5maTo4ODg4LzATBgNVHSUEDDAK -BggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOBgQBHLj0jhtA++7V/1jJrEvt8dnjs -gtur+l4PHZc2+d6zy/0IntXNPZd4xQDOePE5O4TJ0OYXWO2s4tKoev25GaQcVwgX -jH9wiILViQ8eGCJtYmlMEpIyvMwboAW8r39TqdypVUjgKDQ+YD+CFqxwoQHndc+g -cq05rVJlqGT6fxHy9Q== +BggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOBgQC8zxBCtxN/G1mJpycr3nEmzC1Z +u8gS3VZ6iBThtQlu+WRyllbtL/kA5wici1z+z6KdvUiAlUHkPs51SkGmSXfhSAsp +3e7R82h8lHyVKn/VqaWmpLKbjnDsBT1GYjfc6nGuMg6l7Xcm1OC1D73Vj2qZZXVY +VzECeNXlsK5or9UNkg== -----END CERTIFICATE----- diff --git a/tests/hwsim/auth_serv/user.pkcs12 b/tests/hwsim/auth_serv/user.pkcs12 index a1d6366d0f0e017cc41fe61957b0f8b8316f14b7..a8dd8c5d9bdcb55b70eb34f50b99b37c5395cd1a 100644 GIT binary patch delta 1530 zcmV-S_aqBG@Jyt8o=n!);s`N$4 za-$7!>bxgMpn`G4w_F-y=9X8^!>s)F9GH3u^LsIhV}G9|lGsfHsIiO_Q%;n^!K72g zmq$^)>3~eZ{5&ueJaP4QbUtESQ;Tvi4Az$IF@LqT=bo`20e2J~y`;-t9)QGk>`VxW ztUaoF!sapD$seD3M$_j`mt&ZMl>1FnGedLLUoBiR*dY^;LtzkDUjwg04Mp%h=+ZKYu7!Eg3oyJa=#l(SaF%tFImJSi%mh z^Xj<12f^d5@c>Gkz(Lnt+~fl}l`QUcLCftUamk8MP5k_AU9Pm7m^S6xSHMxWzWUa_1n zHKp2$8A{-hH!NNf5*3ZcP(69`wPU*Q8-Rw?*ME25q8+(wKlLy$65faUJWTz;;($f| zg+MqD<^7?=SsR9baC}=;$5YKlqBWE++?LYdg&y2`-fy+hm&u6VOx5Yz!AWt`Q1g?R z#qM{MAJiz`#|!2d&WJM>d`R-(6&mV?(%$y{D2;CI+dSZWEn8faO1oC!KJcnzuD$GY z?te)9egz6498+SzwV)8hQHf_xvLN36C;4Oyx*Q6-vZ{O6zyraSz*5)w!~SC8e>=09qj1t{?>Uh+| znHV_!ljKkDZ69un^v2oD+of_VN9vcHfd{F9MW(X=&L#}{%p+IZ(n;l^k`?`Ua4tMk zMmvPR0j$@(1i4@dwk)pZk5w4#rP-OXf{R7WVG^#V5=fSc^ysYyWRpzv5uqundVWQq9p<$STmXk885EN0=P3&+%6}*j3Nm$l@%6GKKX2l?9gCa7MTYm9c0y{Ej*!E3k4k_sB`_lf2`Yw2 zhW8Bt2^BFG1Qh0FKD?1@HntztdWRVfy&B4Z!l03cvmTd0I&NpV<}Jtx;C~DQEk{3odnq6P6$>v( zF{XNt{cqpE?rN5mfW@=`ac}k}!5e~LaS1Bh^!*HdHt}1b=7wilDen1~BbbGdz7R0k zqMb1LvAD@6^cw%9oAyRT2|4m|ZzSjNk~G;JgR~dNVi|Y${u}~$JZ#VB-VG!=tlN?Y z1ZI}_y-VGEs()!#bh1UX4W$4>EArfU_38xanBjq&JUQ84O^ecE59f#UrTgNqiUc#X zfe=CY_QQHVDBIfUyRcW$gD&Jv0YF>hStzcz+((O4KXy}IK#+M&d6-t>jb&WWSksLc0sj4Mpz)~8}g)cOF37uNN zEtaVn11{!O5=l@*G&rG>QsSUNdI6VH5g>uoKvRUY2Mbk%pFBFPxWhds*%Ro@V-$^{ zoo7KI5P#zW_fvIO2x`RTXG6(*+YiCY)g9zFTJPMmcxGRgU9O8kAWB}US=jsc2tTYZ z`opl@$=37f@k1E3d%U3Vne=4xN?08~4bFx=fK2koT0-3o;b76_!$UoW1hrskWPN|F zG*lYe40Z%VxK-|VV?>~s*3*jBO|_&mJdjZC@qbQNoKv+iZ`azk>f5c9y5qqJnFTk< zk~(F14gbDQ*4*m4r7%-T<0DpkT=Q|YAjM64FqDP7(DzzE$eHVY_0VH+x|doEJFN^HUTxdCO-PHy-iV;pnr1CY`m_Nmg103(!8~*KD0uHWl8;s zsE{p}Gw_}3C;#)7W%V>JKMdiN3jGKh4RKYpyML=?Hc*h|7hyc@i#WV0wqxdV+C z*p~FsD(DSkl+nP}F>G25_;n<}N-W(oiAPxI_+Xxk?B*3-XH*4xJ#(4l>SK7A=x)S< zy$&{{;kTI5!@tnOv>`cXzqOv{6I+H~weU6mxH+@-0^CL)clQik0Om+)KqIxzO9A#* z$$u&fxlx_$?f8m`<0@B6BpBJ%K8Rkn@*2};G-k6i#x!^HtLHu|<4$d8Y)^NFf2GxT zccf}SlR1@!Q+m$YHtHN!0v@z%ZhJ-3Da=LZ?f(>X!PvDToJ_m{q6o1AyRyHMrK@eo zGqJ=fDd^-n-E+y_iB^HA0*Ghfns0gBP=7}J>1TqXYWoHb->r{X(zn$2d)mRz$7Q~{ zD(*QJOKG$Xc;(fgipCo66dVc2a~>cCyE%1kq!bi&(~j--k`*LE$@k;M=AneQ%pL;h&HSN~N28D_7g0RL78Oc0uvYeeb_@XxcG27kju z_Zf875CCD3$9^VQf~s`=-l*ENSF6+etlO%*aD;L-Pg>I@;QlQqZ-{5}@@#DM&CeFd;Ar1_dh)0|FWa00b19J)ha| gi)a%E90Zm)*CQcPb$);Z2rjM)aVFJCP67f507jPExc~qF diff --git a/tests/hwsim/auth_serv/user2.pkcs12 b/tests/hwsim/auth_serv/user2.pkcs12 index 67ef81ce8743c3e9bfd9212d74cfa42661943c03..4c0246fd4e2a1403fec658802c9649b34e87f84f 100644 GIT binary patch delta 2240 zcmV;x2tW7k67CX^U4Q8i=RcrdMXLe=2mpYB1-Kc@yCni8U=}jCvu6NPYqj`~ny)&l zb!?1;Oz`R4{MpCGJRZ(t(7Vn(j5#aSfQ}_ysE<%;1_551^oc$3JEoMAJ3^f`4rNmI zW;$(p4hSPrG(RXP0Z#Qxaq7(WX(6clbvUpBGL#qUGq6twe1GCo69j?8JOsXMDd6>A zFeCH0rf=^SsaKn;8!QbF@l7<0iw0TZum_O@+lHt(w#d2kGm_U&SJXH?GV@;NA(<>j zRE&ucPv2{aJZ}arQk1{O zBf8kg&A{<0et(SN2C#g1OY@t#Mao1avmdKU6W3H*yLPAZhJKJe+-zJ5N)wuraFK=! zXAT8Gf0_wUJSupl|NGe47%5$BbkMPlJrPhW$D(+ySSIB};w&G#{Xe2Sz5n$}cD`qG zPd>%8R9z03A+hK+d#U7=%8~BNkSr&K{Qu5ZVlW00@PGNN!ypbN$XGRzu8WS-^aHaR zjBPxze6!=$sFjENQBa@-{wT-T0PzQvfn{}StVD~Yj@+*bBl<8JV=d)SCu0B>WbK5) z^C6xyuswM_=c2b8nRk>=R09QGkOwZ?~HWZ3zsgxp2M})eR$84Tc`xCBmG9 zF;Kz7Z-2;%R9YlCM#1e&N3ih^4!&HOP`rEg)qpwvdCsc?_s>4IqX%0>#RUDEwux#j z%`b~vV>zM2#iJZ1deR}KAfREnx4E(T4@fi8wrG*A>h845l6&7JHMfO;AZSfMoQ+PD z)3+M)i|dEc`FskeL`6nJzB>BGjGs#peZ=_A<9`?F1#;iB*jUvL=oA{@=Wu(ifvz3yeu8eH z6@UL^Wo(*w!Wx}5%}N9Vp%Pm?M0)lmL_~wAHA_qS^vPODyGp$Y6#!Fs`VP4~#CBaO z;HYjCEJYF4Uu}t$?!cBnTlZTbUFT!2PO;E*uc4tPy-GP!VmJ~y?I`%(j;!XUFgVD{ zk}4KAj@Ik&j_;%BrHu{(hK?v_Rp`+Puzz2LEkFJpxr;`&7@|O;P{<35|iV4 zK>mjCohrG25uNG_5Ebpac;rH}Jl`SvFP-CBKTQAJv5Y6r9mAIT=J_5J1UzR$(Rsxx zhKB}$W6iy>L821o;X_d!86vFpkhHh(>l?P3ZE99_pnfEeJpb*6Du9vkp{uE&=6}9= z3--Ldz)`LmFB{RQ`mw_q=B?3YMc2Io-p?0@kBdFDmNfRznX^4}mD(_QunElFR&cFp z=!vkGYk=8dLbP^V*u#*yeE>Y5r?X+(aKiycfj%yQoB%4KA?lacxcOOx6V>v*W3}P5 z!kXxqSptK7k|qPAs=3hYQa5A427gO%5O*Thc+;QBFH9X^Tw_JhaGw0Wq^5r%?t+#WT&>S72R{oY z(>5fkIavQ3GMwhAZlaKMVJ@It{Uf4(OBMal;*p@#?8YZncr|zq$#3y5Hh;%iqL!C} zCh|@3A0NYqb=;!#C@I@TczGMF!B^}$Al$Y!g`{u+=xz*Rsd_ncS~|>*c&)r+UE9}j}=ZOKad4A9T%pMmx*a@MIP_W^{3>js@AAphHI1dm#uz zx=zHk-WA-RkY53^eV8|P>QhcBPD43-2)dR^%tgFR@nBr5gAU>V7#%+I#7}WAC7f$^ zOeTqf!8MV+VDi^eELjj?`Jk>{l=jc;Ub;EVJa4e9FB6|qSq~90*M5xPh;^oeu9GDO zMt@h=iL-O0`pW_W2ml0v0)Ul>h_QItftk^+hFMJ0d6V=+Z@%UCP3Sp9^Rrc{)^xV$ z3ZkYhOWyYZe}hAQ*IPb%`sdR&n}XWWy?~JWGh5~`RUQE~`+V6&_5y!_8GXQ9+lD!} zI`yb;d%SzKs)iPa*bAMsi z>8BliJUgBHz*7`Z1(Up1D|=12UcHzOK~4>Of;83igsZhs+5r}ZT}|OC6Ntw^V?3jF zJp`Io5jy-u@VEDj##Vfi(zj504gYu>aC~T7CEizRDQC+tW9dU^W2-%E%#P*!1#s3% zJ;{6ehJCxF&$u*RY-B1c5CjR$Eta3gt;}`Y!0CMP*igVJZJC>fG=G&iLe6N* z@v&j}f@3A=w?{KVt}9uJ%3}gK=jfZ;bKcIG&LFG}o1*kxR4r^khqf1PcuTNfF26}v zFn{+C?%@a|iiAFUybw(S;sg=WNca;LyP?F%S{4`#vO3}-;5bEhqfMCE;Z>7><}8Sq z^*)91I~FO|W9MlG_)&&jMiul~s(4iuaseFmcdy(v-Xh+B;)b}B`v@#Y=4Iod6x0)T zxx32;y$ftJuCMKhXJ)NvHY z`8NBSyMc3wBwa1Kz@=3$Ud=IV0L@;b7tonX-K5iYr#B2`$~aSL?X~39-g8J3H4_heRx3{;;>vT`;Q)k|hR&}xOqKWFcS zNnxSzEB?X|pyLPF5xO{qDG{3Th>#vmTE)@ippN{%}zo1b}1HMN-Dc z4E?J@mrRRXD&Wi2n-JI>sn7%*R1GO+BLs@bDF2k4lrRuep1!_b7??lge%!@2_5D$O z=w|-fSX#CgA{*Id=&eogqgdd&`{GH-oBGDet)$oBN^g_!}RbBpn~{84TPSNUtP=X2g?jqu6i!;hyW zf@rs@Rh+yQv1IqfHnlmH^3*0+veTGKR^1Q=n)p2cDgF}(yQuw8{>}=#W0fuvwv?G3z_Zz{91`j!JAP!Ei8rLZi4^R z39ZO&wo*~b3a-!+Q8=%bX(vqH=xwTl@3~P9pbnnGlRjWvdAGNF9vA7Gox&a*$<_ik zHc&j7*=TQ0VOt>qe^gE7`KYn&sxEx+O8H^D*Opa5rp}W3Xa$fB0ARbXj)R|RE40Rq z^?w|>o9d_&f-;3yIdzaU{g77RJrLeoL@K(LnVw9rI+bXRjoTUNU52XuU{27I1G4u!lD2KLP0tapk~}S z0{`Tsp|CixW@;9tli8O}t?%(fKa`rpv!_NJ79>EEzq%=DI*U&(*zuZ)so&k##W)zVIah{z^4wcMlLCkW|u0)KCElngH@|zbbENys6au$v#*T02G4} z+!>tiKaLNgB4w=>k^Xn9IIIyxTG7Z6a}y&V`#y%ILPU~HL(T_3Aa?c$#cV*sE}6gE zi{}&@s6tB)ntPw2&qN08Wb>KEe}9+azrsI%-*pVfQ|gBnu+|u6muom(g=2frsR#?5 zBIQ&a>jxg>Sk(W5MMQ$U=Pxha1LwE1dlYmghIYj*=aVrco7Ut_Z>$yYrX}|H9? z$U)spnkgAA#jccbFPPw|H@ly zsz9XwC#G^|g-HKi_NXJvz;7Q;7EN%X%UdmZd+%ij{b~HR270rgX7ap==^n#vqn{>v z%TU^r7d%EzCt)k;cnHC1up8XD+2CQIC&o~x_a=e_# z=vbPQUflj~1|5lz7*{KEgyfe^r2tp-q&#;H;QWl*O`i`L#m6@@rh$B$XKF$(&XXku zMt`#u1@Z%8qz(cC2ml0v0)X-yJx7a{q2a@0|LuzRdGtJ0xxJ?LnfCU|Ijfiqv&YGM zmaL5iv!%0@E>bTHF40|xe*0%8r@8Vk9x0z$ZB2gSK$6TZ5-mF8pkX%RO)uB_Mw3`j zG;ImNS{)cN&J9lTF`P3C)mvQx9phFqIDfKm3a2_ugG`V&FaI!f6sp7U{^Zc6Okr_k ztaMjkndKm>cxUeJAi;z&=>!D)bFEvBe9 z8+IpRh(JNUkSq-UROCTT@-WC7?IYM5w6YLou6D?q#Eh6Wxy%uQ_uy1!Stx2me}7r6 z2Ob4AeUs=)yMXw{itT!Z9P9NB82=K? zcQ3eMb{P4n^6d|ir?KOJ=N_~~s|2aC`h1mnXuct+Ih+(?u%3TjgMVsRIIvL;>=8c1 z$;rGFp!!mONMN^aa!?j+j(nPYUGAU7?@q*`{)~cnAFb<-YA|I3#&c2bJAV)-D_Aus z23tI*dc5=!J^NP&o_mxr|w$hwJ7JV$DFp6-H9Uut9%^UUiiOFX5SQRjZ{oNxACCWRm3L`S7XE?O%8O~CZ`v@#YV9A(_&2TSk zMN{iW8?F+d^+72}FflM8FbM_)D-Ht!8U+9Z6z%{0PNmM38?u@Q9{N!RWh@Y00R#vt Olt;s9ZusB=0tf)$kV?=1 diff --git a/tests/hwsim/auth_serv/user3.pkcs12 b/tests/hwsim/auth_serv/user3.pkcs12 index c9ed0b4620b28c0fd39f6a650ea4c7008e8b4aaf..c5e9f4667992005e9ce1739326afed1ec6c0f9cc 100644 GIT binary patch delta 2162 zcmV-&2#xo&60{PKU4PC&CaGT$`C0-32mpYB1!$|hBgu+$AoiJmTi)LTms#XKAO0Tx z3isdTh>jx9;LIV2Z)hN@)wdHfC&@J#Cuw%_{e?r2QwSG2_r4@}!xL%LHzwDgd6 zh@|@1Sj~wgL~*C`WhjMVR|D5BO~NfAkpLR(chP1gw#l8A=0O#tmO9~1E%A?xVif|c zyk|Z&kcJ-@h<^wuX9oAWqns@|+$olz_L+P&x-F-9xL#A;TR2!8=(04_#F1nV-eh0h zci`MWu7Qg%J0%wWu(1lx1$j{V)6eD~^)NU#$?v#MY4oa)<*qAqYVU@pFv>2(8Yk;w zXd{#tlJDE17U*fM+PeTE;E+#^!rjzxp?kU9m|c|I<9}M{iSPmWLxD3y3&e)3(O8r@ zJPa;SDaP28wlr4st`PBtO+rzbov8bH+=oJ%2=U*_3x?`US=SFx8;4o3U0Bl2*eg8y0HP`oy$$vr*e_n zbv~{T+BJgTSq)u_tg%S*YYWPLwHtZ~#P}fmqLc{X z<&?-_PgsVY6JTI}A+we?5a?o{>hr*t&^*PC&TPmW{WeB@a(0}8pD?StJ4hfe8v}-Z zvfEa9%?-k%=IY$u4eB# zsFYUG4T`v147hj8za^;ON~VK?0@3HD(g<$WM;dQx?-9xlEMnum>u7USx>gEyLx1vx zIU(e3uQ{NAZ5T*@Ouy2nG~))^q{FQg@IPjU0qDH%XuI2l*kso%Hq?&!v+>^Yc|P4= zE!Y4pbte4Gnwe?6eR!4`=iGr4u%)0&EF;9sVBryrMCOEdcB7PL!~8*+B`pp2_!|#l zmL^+oIBW2HImsuVSkJJN13#9Y)_SsLoDtCMx-;69;L#U3Ar=b6my|yo;o0OFj!ZCs1FeujQN8n4?*L}h0Dp!af2R!7 z-m?1O{h3`tBWhLe?EZ3r&IO$WEX)S20peEspt)xxQsvvoOt=LKZm}`U5=Uag)^rMt?^nF{&a&3jhKF2ml0v0)VxXsB;>^L*4E= zfMxrx6Cy&@qniqtr0(@y&`;NM68XsG9jVUTYZA6}6*HX7fmyVa?vEyk&X|X(o>d6y;V5ge0eB6I%c_skTByc4yUs5YFM?Q-GbAe+sTimjtXvbs%uazdAxiH+ zPhn#CFKlDUOu7ZvS6Y`-cJfH7BpErzA6@PB;Iefn-jm^VodGLMc!`#d&4Z?bimw6q zCaKt8o(Vb*atw$Bi*Zt5DIjM-9Dh_oe2UQLJl|fRY$0kDfk|bLQA4BD7D~Cfjm2Pm zf@{6j0QoL z)j5|H>@^WT`+Ko7hko7d#O1Ab@+V%4JyF<-Y5V|c`pL9NsW*BbBj=wqDStLPEULeF zhB?%8049ydpc=UEV_oB_o|vnKL?2IB@9n9=P6}bJr}L-Mm=m6wOSDJ@bnRlt=j%^t z&dz0E=T>Gu1!HXQ7M#2z7#`y7yTgQKpp-fr;`D+@uI~Ru!uIcn3o1vB6~}7MCOQe| zgrUa=^p{dM347%9?;2)HcYmdvscX;n8d=%Io=d{gGn7D6@LAl7IZ_A-AI4g$+(Nz1 zbpYyia;5n!yc#yQB3wPcIm^PB>BA6|Bhtl_w*Cm!X*fk5sD!bPa}1Cz#BPaK^;v?V zS##qbM=hXat+T3JJ10rP(JQ7v1`)w%u!iE|nRubkOgCdgTZ$PAP&`X?zl27*m{dfk z{2bm|2OlAdtE@~ delta 2162 zcmV-&2#xo&60{PKU4I2qfTNTpX>U_(Go*xQHbGe>5Ts@u796rEY;{RW5!y1bY?Z$ z7GS}IQ}A)-nUb{U5}NB6;$&#NANz8A+$??hk4=wWnS=Buh#T57j6T=TIYa(o1m$cE z82V+QyzD881zro#EqIz~)YF6#IJL=n9!d@kkZOaVV=pLDmLe;nC2gWu7=q>gA}(us z<^vOmKABiao_{xkh;`5wYhqdB&k^b%xjwi0qH5f}p)9q;WsoH%MvRcXlBIF|yv7r` zo=ZZ)N2rVuC>z~Rmwi!vF>vF!`6^NWO7jaw&F6_a!=zhBZ544M#SqCSN2sqeA-!#6 zID=Nx$<6^rRnXLV?+!bzth-pigmX*e`Hs4cr)`s2TYsE$TZbFrz}c!{tY`@pD=&YF zRsp!hN}MqMH45+1n{Y;kXUF#z(xBm47hG%0ZhD7Fn_@ypkA+yy=o{}}}RZvh|zW4&ENhClKFsHD$`>zW^!x#Z(>PLB8dt4geo^a6T2)IVwTY^`cc+Rik^I-`gz@Ic6mlPT3O`j;U5&u;Rd>C5}5vSx_U%6 z0X;@xPB?ji3t*fkY+MAfMc6Yt;+^gC=OJ|fl|7o3cdT8)RdUTuBEo5Uz7qZfHOSDA z_$!rt-S*5NGkJ!pDL~HT<_weN3rzz7Usqt6pzu|(UbtZROCla}5-vb$)=A7`}m=m-na!F3aXbHs8 zH{sa>UQ5$?K;H4Y`|?^>*3xlw?3DDR>O~@uY125M^cwk?P@oS~HWj`4^HNH`27f4! z>IJvPAIKl|5AF6SW3sz?xvk4T$=LtGp!FlXgOJFHnh$H z)ElDz+lq*7&fg#0L10AAPf7*HH^t7L%mm4toPnQT!5cbA4VTt;eX5VpXFj+ zfUQo4hL`SFVRa7}k*G0*m&^GFvNI}wgpsuB$PlS^1c)r>_`(~B@jGlk>_C$3ZFVuD3BFjPj)l=2oXoDxB;Gy($ zYZ89MFIeO3D@B7-(DY61cR2ml0v0)Tt{-Ydf%v@6nk z4q|JZ2q{jvG@`zdOPK`0UKI_LRyOPKxR@NF1k&D8rg_(f+yQl6=9sgd)oY;RvYQgE z;Op3YYz9GI$E&U+Sv6i(uJ$;LH$<{X3s$fzsl~S}Loi!%419VyfPmdFA}p_1HO7p}(%jrWjPS{+3uy!wiyfk_c_i8)f# za#ui4|f^f2*_wQ_9u{J%&uVn2aMynhxQw0*o2 zTE`|=-M6u0YP*vwZmf!2<0rNE*aV8tMZ9a^wA78}RGlT&SYsCrw0QabtrZ?4P+^_Q z9!c!gRu>w}cSN|PJ%H}Yh786eQxu{4^O7q_0(-YDI=JVNM3ibjdtZ7|Y2O7;+g*?% z%AW!W%d|Ir&|VS`>?q!&`G4RZ5%jqMBDok*!(FNqZ-{5}@@#DM*vj o2tXns+f`Was@7X5s(ZQDe#|kepF8vf2&(&ex>8bM`T_z70NB(tzW@LL diff --git a/tests/hwsim/start.sh b/tests/hwsim/start.sh index dce65ba82..02a5f866c 100755 --- a/tests/hwsim/start.sh +++ b/tests/hwsim/start.sh @@ -165,7 +165,7 @@ for i in unknown revoked; do done openssl ocsp -reqout $LOGDIR/ocsp-req.der -issuer $DIR/auth_serv/ca.pem \ - -serial 0xD8D3E3A6CBE3CCE9 -no_nonce -sha256 >> $LOGDIR/ocsp.log 2>&1 + -serial 0xD8D3E3A6CBE3CD12 -no_nonce -sha256 >> $LOGDIR/ocsp.log 2>&1 for i in "" "-unknown" "-revoked"; do openssl ocsp -index $DIR/auth_serv/index$i.txt \ -rsigner $DIR/auth_serv/ca.pem \ diff --git a/tests/hwsim/test_ap_eap.py b/tests/hwsim/test_ap_eap.py index f55ce04c5..f0f5e38ef 100644 --- a/tests/hwsim/test_ap_eap.py +++ b/tests/hwsim/test_ap_eap.py @@ -2507,7 +2507,7 @@ def test_ap_wpa2_eap_ttls_server_cert_hash(dev, apdev): """WPA2-Enterprise connection using EAP-TTLS and server certificate hash""" check_cert_probe_support(dev[0]) skip_with_fips(dev[0]) - srv_cert_hash = "bdb9cb55d3df278e52a071abf58e7f0238fbec3ad8fb2c254742f63562628272" + srv_cert_hash = "53728dde442d4adc27cb10a847234a4315590f0b36786353023c3b0f2e9fdf49" params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") hapd = hostapd.add_ap(apdev[0], params) dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",