jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

tests: Expired server certificate

Browse source 
Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2014-02-15 10:28:22 +02:00
parent 64e05f9644
commit 6a4d0dbe1c
3 changed files with 110 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
tests/hwsim/auth_serv/server-expired.key Normal file
View file

@ -0,0 +1,16 @@
-----BEGIN PRIVATE KEY-----
MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBANA7a4aeP7QOYEhU
Tcbci7lrddDkYPChQwuv+cR3aRGEUr6efXG0qoAf6+bAN95J9IVDrk1S8+swc67m
GAQUj8JjMKQM6/XWy/SvHU/WOkN4FDLe5YilNL6rmqSj3muE43iTHBwpx/xrzGjX
7sBd1z2RiIFWulQRnk7ogIPgbMrxAgMBAAECgYEArWSNSO+FRD2kVxY8HZeQkbm1
xVgmkLj3x0elx79XMkrpS+lVs9UpFL+ABAmTe/pBLqcJAUJN8k3KRp066krk2QyQ
uilRkugON0vBJzLse9HryXilx0aWEVl3xZBKu1E3G4mcCl2LoPaASCZtjQXd/XCd
zdBR24qe123ofMpIo0ECQQDooUnHsruInBX9bRP11xXs7bI5298ZLCWHFAhGa/Tb
KvVXkXnzPVYhRi2w0Leqb0lht/4GX9MB06xcHs5TLvltAkEA5SasURCjxXc7svGJ
yP1s779DxYWoEBvGiRPygtyO40cnkOuupXKLaSkSuNUGag+6UxNzxGSUx9aiadse
oxOJFQJAL6y2SSXZBxMt8oUDPTO6O5cvGmp0G12Px1IUrBH92VjBdRPMUUw1tZYD
USRFL7mk6VDiz32d6dbukOaDVErhNQJASwnoAb/WMXLDHO0VtriudLAIbGVBTM0b
rYXXs1yweeKyJTXYghtJZc1qcRZpPFAcLto+3cAmLG6vzsRPew2JpQJBAN8krD5c
RYAGuXtslPkH7BWypJXI+K3brZkKBiyXVB/fbwnpXI1KTbzeBSly60JrjuymY9+X
NKs5A4HSiCtQjSk=
-----END PRIVATE KEY-----

62
tests/hwsim/auth_serv/server-expired.pem Normal file
View file

@ -0,0 +1,62 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15624081837803162826 (0xd8d3e3a6cbe3ccca)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=FI, O=w1.fi, CN=Root CA
Validity
Not Before: Jan 1 00:00:00 2014 GMT
Not After : Jan 2 00:00:00 2014 GMT
Subject: C=FI, O=w1.fi, CN=server4.w1.fi
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:d0:3b:6b:86:9e:3f:b4:0e:60:48:54:4d:c6:dc:
8b:b9:6b:75:d0:e4:60:f0:a1:43:0b:af:f9:c4:77:
69:11:84:52:be:9e:7d:71:b4:aa:80:1f:eb:e6:c0:
37:de:49:f4:85:43:ae:4d:52:f3:eb:30:73:ae:e6:
18:04:14:8f:c2:63:30:a4:0c:eb:f5:d6:cb:f4:af:
1d:4f:d6:3a:43:78:14:32:de:e5:88:a5:34:be:ab:
9a:a4:a3:de:6b:84:e3:78:93:1c:1c:29:c7:fc:6b:
cc:68:d7:ee:c0:5d:d7:3d:91:88:81:56:ba:54:11:
9e:4e:e8:80:83:e0:6c:ca:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
75:B0:65:1F:2F:A9:BE:D7:D0:EE:9D:42:8F:8B:13:5F:D0:AD:13:7B
X509v3 Authority Key Identifier:
keyid:B8:92:DE:FD:8A:18:B3:30:C3:9F:55:F3:33:5D:B4:C8:29:8A:41:14
Authority Information Access:
OCSP - URI:http://server.w1.fi:8888/
X509v3 Extended Key Usage:
TLS Web Server Authentication
Signature Algorithm: sha1WithRSAEncryption
12:e7:8a:e1:3d:d9:fd:36:ce:71:66:b3:74:48:c1:f0:38:75:
30:56:c7:2c:9c:0d:da:d0:68:19:47:a2:37:38:0d:db:4f:f9:
b9:cc:0d:25:b1:35:ed:df:19:8c:4b:bd:f0:08:11:13:4b:e9:
a7:d7:50:2e:fa:7a:16:e1:4f:0f:5a:b4:42:34:ff:43:08:5c:
3c:04:6a:f8:44:8d:f6:e5:a7:82:38:60:d0:5c:d1:59:f9:02:
84:7f:da:ae:6c:e9:55:c8:f5:0e:da:55:70:f3:77:48:30:1f:
ab:60:39:a1:77:49:29:e3:51:54:62:72:c7:78:ae:17:14:c5:
dd:2c
-----BEGIN CERTIFICATE-----
MIICfTCCAeagAwIBAgIJANjT46bL48zKMA0GCSqGSIb3DQEBBQUAMC8xCzAJBgNV
BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTAeFw0xNDAx
MDEwMDAwMDBaFw0xNDAxMDIwMDAwMDBaMDUxCzAJBgNVBAYTAkZJMQ4wDAYDVQQK
DAV3MS5maTEWMBQGA1UEAwwNc2VydmVyNC53MS5maTCBnzANBgkqhkiG9w0BAQEF
AAOBjQAwgYkCgYEA0Dtrhp4/tA5gSFRNxtyLuWt10ORg8KFDC6/5xHdpEYRSvp59
cbSqgB/r5sA33kn0hUOuTVLz6zBzruYYBBSPwmMwpAzr9dbL9K8dT9Y6Q3gUMt7l
iKU0vquapKPea4TjeJMcHCnH/GvMaNfuwF3XPZGIgVa6VBGeTuiAg+BsyvECAwEA
AaOBmjCBlzAJBgNVHRMEAjAAMB0GA1UdDgQWBBR1sGUfL6m+19DunUKPixNf0K0T
ezAfBgNVHSMEGDAWgBS4kt79ihizMMOfVfMzXbTIKYpBFDA1BggrBgEFBQcBAQQp
MCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9zZXJ2ZXIudzEuZmk6ODg4OC8wEwYDVR0l
BAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQEFBQADgYEAEueK4T3Z/TbOcWazdEjB
8Dh1MFbHLJwN2tBoGUeiNzgN20/5ucwNJbE17d8ZjEu98AgRE0vpp9dQLvp6FuFP
D1q0QjT/QwhcPARq+ESN9uWngjhg0FzRWfkChH/armzpVcj1DtpVcPN3SDAfq2A5
oXdJKeNRVGJyx3iuFxTF3Sw=
-----END CERTIFICATE-----

32
tests/hwsim/test_ap_eap.py
View file

@ -917,3 +917,35 @@ def test_ap_wpa2_eap_tls_domain_suffix_mismatch_cn(dev, apdev):
ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"])
if ev is None:
raise Exception("Timeout on EAP failure report")
def test_ap_wpa2_eap_ttls_expired_cert(dev, apdev):
"""WPA2-Enterprise using EAP-TTLS and expired certificate"""
params = int_eap_server_params()
params["server_cert"] = "auth_serv/server-expired.pem"
params["private_key"] = "auth_serv/server-expired.key"
hostapd.add_ap(apdev[0]['ifname'], params)
dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
identity="mschap user", password="password",
ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAP",
wait_connect=False,
scan_freq="2412")
ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"])
if ev is None:
raise Exception("Timeout on EAP certificate error report")
if "reason=4" not in ev or "certificate has expired" not in ev:
raise Exception("Unexpected failure reason: " + ev)
ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"])
if ev is None:
raise Exception("Timeout on EAP failure report")
def test_ap_wpa2_eap_ttls_ignore_expired_cert(dev, apdev):
"""WPA2-Enterprise using EAP-TTLS and ignore certificate expiration"""
params = int_eap_server_params()
params["server_cert"] = "auth_serv/server-expired.pem"
params["private_key"] = "auth_serv/server-expired.key"
hostapd.add_ap(apdev[0]['ifname'], params)
dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
identity="mschap user", password="password",
ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAP",
phase1="tls_disable_time_checks=1",
scan_freq="2412")