From 328b92e8e7762986de8b6297e13e34b347950639 Mon Sep 17 00:00:00 2001 From: Xiang Li Date: Fri, 9 Aug 2013 14:00:12 -0700 Subject: [PATCH 01/22] able to get root dir --- store/tree.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/store/tree.go b/store/tree.go index 11b8092b2..3d6d1bfa4 100644 --- a/store/tree.go +++ b/store/tree.go @@ -124,6 +124,11 @@ func (t *tree) set(key string, value Node) bool { func (t *tree) internalGet(key string) (*treeNode, bool) { nodesName := split(key) + // should be able to get root + if len(nodesName) == 1 && nodesName[0] == "" { + return t.Root, true + } + nodeMap := t.Root.NodeMap var i int From 81746695191a899e877d7b0af47b8d35cb5a6795 Mon Sep 17 00:00:00 2001 From: Brandon Philips Date: Sat, 10 Aug 2013 09:42:39 -0700 Subject: [PATCH 02/22] fix(etcd): be more explicit with name error message --- etcd.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etcd.go b/etcd.go index 0c76a8072..f34b3c2ac 100644 --- a/etcd.go +++ b/etcd.go @@ -204,7 +204,7 @@ func main() { argInfo.Name = strings.TrimSpace(argInfo.Name) if argInfo.Name == "" { - fatal("Please give the name of the server") + fatal("ERROR: server name required. e.g. '-n=server_name'") } argInfo.RaftURL = checkURL(argInfo.RaftURL, "http") From 0e5ee2742d3ac778ce2043d043ebfe91cada51c9 Mon Sep 17 00:00:00 2001 From: Brandon Philips Date: Sat, 10 Aug 2013 10:54:59 -0700 Subject: [PATCH 03/22] fix(web): don't share the DefaultMux All of the web handlers were sharing one mux. Separate them out into individual muxes. --- etcd.go | 67 ++++++++++++++++++++++++++++++------------------------ web/web.go | 19 ++++++++++++---- 2 files changed, 51 insertions(+), 35 deletions(-) diff --git a/etcd.go b/etcd.go index f34b3c2ac..cfdaea0b9 100644 --- a/etcd.go +++ b/etcd.go @@ -389,27 +389,30 @@ func dialTimeout(network, addr string) (net.Conn, error) { // Start to listen and response raft command func startRaftTransport(info Info, tlsConf *tls.Config) { - - // internal commands - http.HandleFunc("/name", NameHttpHandler) - http.HandleFunc("/join", JoinHttpHandler) - http.HandleFunc("/vote", VoteHttpHandler) - http.HandleFunc("/log", GetLogHttpHandler) - http.HandleFunc("/log/append", AppendEntriesHttpHandler) - http.HandleFunc("/snapshot", SnapshotHttpHandler) - http.HandleFunc("/snapshotRecovery", SnapshotRecoveryHttpHandler) - http.HandleFunc("/etcdURL", EtcdURLHttpHandler) - u, _ := url.Parse(info.RaftURL) fmt.Printf("raft server [%s] listening on %s\n", info.Name, u) + raftMux := http.NewServeMux() + + server := &http.Server{ + Handler: raftMux, + TLSConfig: tlsConf, + Addr: u.Host, + } + + // internal commands + raftMux.HandleFunc("/name", NameHttpHandler) + raftMux.HandleFunc("/join", JoinHttpHandler) + raftMux.HandleFunc("/vote", VoteHttpHandler) + raftMux.HandleFunc("/log", GetLogHttpHandler) + raftMux.HandleFunc("/log/append", AppendEntriesHttpHandler) + raftMux.HandleFunc("/snapshot", SnapshotHttpHandler) + raftMux.HandleFunc("/snapshotRecovery", SnapshotRecoveryHttpHandler) + raftMux.HandleFunc("/etcdURL", EtcdURLHttpHandler) + if tlsConf == nil { - http.ListenAndServe(u.Host, nil) + fatal(server.ListenAndServe()) } else { - server := &http.Server{ - TLSConfig: tlsConf, - Addr: u.Host, - } fatal(server.ListenAndServeTLS(info.ServerCertFile, argInfo.ServerKeyFile)) } @@ -417,25 +420,29 @@ func startRaftTransport(info Info, tlsConf *tls.Config) { // Start to listen and response client command func startEtcdTransport(info Info, tlsConf *tls.Config) { - // external commands - http.HandleFunc("/"+version+"/keys/", Multiplexer) - http.HandleFunc("/"+version+"/watch/", WatchHttpHandler) - http.HandleFunc("/leader", LeaderHttpHandler) - http.HandleFunc("/machines", MachinesHttpHandler) - http.HandleFunc("/", VersionHttpHandler) - http.HandleFunc("/stats", StatsHttpHandler) - http.HandleFunc("/test/", TestHttpHandler) - u, _ := url.Parse(info.EtcdURL) fmt.Printf("etcd server [%s] listening on %s\n", info.Name, u) + etcdMux := http.NewServeMux() + + server := &http.Server{ + Handler: etcdMux, + TLSConfig: tlsConf, + Addr: u.Host, + } + + // external commands + etcdMux.HandleFunc("/"+version+"/keys/", Multiplexer) + etcdMux.HandleFunc("/"+version+"/watch/", WatchHttpHandler) + etcdMux.HandleFunc("/leader", LeaderHttpHandler) + etcdMux.HandleFunc("/machines", MachinesHttpHandler) + etcdMux.HandleFunc("/", VersionHttpHandler) + etcdMux.HandleFunc("/stats", StatsHttpHandler) + etcdMux.HandleFunc("/test/", TestHttpHandler) + if tlsConf == nil { - fatal(http.ListenAndServe(u.Host, nil)) + fatal(server.ListenAndServe()) } else { - server := &http.Server{ - TLSConfig: tlsConf, - Addr: u.Host, - } fatal(server.ListenAndServeTLS(info.ClientCertFile, info.ClientKeyFile)) } } diff --git a/web/web.go b/web/web.go index 63086f6a6..38a272552 100644 --- a/web/web.go +++ b/web/web.go @@ -25,16 +25,25 @@ func mainHandler(c http.ResponseWriter, req *http.Request) { mainTempl.Execute(c, p) } -func Start(server *raft.Server, webURL string) { +func Start(raftServer *raft.Server, webURL string) { u, _ := url.Parse(webURL) + webMux := http.NewServeMux() + + server := &http.Server{ + Handler: webMux, + Addr: u.Host, + } + + s = raftServer + mainTempl = template.Must(template.New("index.html").Parse(index_html)) - s = server go h.run() - http.HandleFunc("/", mainHandler) - http.Handle("/ws", websocket.Handler(wsHandler)) + webMux.HandleFunc("/", mainHandler) + webMux.Handle("/ws", websocket.Handler(wsHandler)) fmt.Printf("etcd web server listening on %s\n", u) - http.ListenAndServe(u.Host, nil) + + server.ListenAndServe() } From 60c71a98a4988ab811ee506c4f80b043192604ef Mon Sep 17 00:00:00 2001 From: Brandon Philips Date: Sat, 10 Aug 2013 11:01:09 -0700 Subject: [PATCH 04/22] fix(etcd): checkURL on webURL make it so that dropping the schema isn't fatal. --- etcd.go | 1 + 1 file changed, 1 insertion(+) diff --git a/etcd.go b/etcd.go index cfdaea0b9..e47a37179 100644 --- a/etcd.go +++ b/etcd.go @@ -237,6 +237,7 @@ func main() { if argInfo.WebURL != "" { // start web + argInfo.WebURL = checkURL(argInfo.WebURL, "http") etcdStore.SetMessager(storeMsg) go webHelper() go web.Start(raftServer, argInfo.WebURL) From ba697f6ac9da068ffdcf2623e75144a94be01a83 Mon Sep 17 00:00:00 2001 From: Xiang Li Date: Sat, 10 Aug 2013 16:20:00 -0700 Subject: [PATCH 05/22] fix web --- etcd.go | 1 - util.go | 1 + web/web.go | 13 +++++++------ 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/etcd.go b/etcd.go index e47a37179..43e6654cb 100644 --- a/etcd.go +++ b/etcd.go @@ -238,7 +238,6 @@ func main() { if argInfo.WebURL != "" { // start web argInfo.WebURL = checkURL(argInfo.WebURL, "http") - etcdStore.SetMessager(storeMsg) go webHelper() go web.Start(raftServer, argInfo.WebURL) } diff --git a/util.go b/util.go index d82dea498..716a0854c 100644 --- a/util.go +++ b/util.go @@ -18,6 +18,7 @@ var storeMsg chan string // Help to send msg from store to webHub func webHelper() { storeMsg = make(chan string) + etcdStore.SetMessager(storeMsg) for { // transfer the new msg to webHub web.Hub().Send(<-storeMsg) diff --git a/web/web.go b/web/web.go index 38a272552..0cd2463c0 100644 --- a/web/web.go +++ b/web/web.go @@ -9,8 +9,8 @@ import ( "net/url" ) -var s *raft.Server var mainTempl *template.Template +var mainPage *MainPage type MainPage struct { Leader string @@ -18,9 +18,7 @@ type MainPage struct { } func mainHandler(c http.ResponseWriter, req *http.Request) { - - p := &MainPage{Leader: s.Leader(), - Address: s.Name()} + p := mainPage mainTempl.Execute(c, p) } @@ -35,7 +33,10 @@ func Start(raftServer *raft.Server, webURL string) { Addr: u.Host, } - s = raftServer + mainPage = &MainPage{ + Leader: raftServer.Leader(), + Address: u.Host, + } mainTempl = template.Must(template.New("index.html").Parse(index_html)) @@ -43,7 +44,7 @@ func Start(raftServer *raft.Server, webURL string) { webMux.HandleFunc("/", mainHandler) webMux.Handle("/ws", websocket.Handler(wsHandler)) - fmt.Printf("etcd web server listening on %s\n", u) + fmt.Printf("etcd web server [%s] listening on %s\n", raftServer.Name(), u) server.ListenAndServe() } From bbf78b076afa75bdc756e562213eb3538de29b87 Mon Sep 17 00:00:00 2001 From: Xiang Li Date: Sat, 10 Aug 2013 16:23:51 -0700 Subject: [PATCH 06/22] update --- etcd.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/etcd.go b/etcd.go index 43e6654cb..4e9414fa7 100644 --- a/etcd.go +++ b/etcd.go @@ -60,9 +60,9 @@ func init() { flag.StringVar(&machinesFile, "CF", "", "the file contains a list of existing machines in the cluster, seperate by comma") flag.StringVar(&argInfo.Name, "n", "", "the node name (required)") - flag.StringVar(&argInfo.EtcdURL, "c", "127.0.0.1:4001", "the port to communicate with clients") - flag.StringVar(&argInfo.RaftURL, "s", "127.0.0.1:7001", "the port to communicate with servers") - flag.StringVar(&argInfo.WebURL, "w", "", "the port of web interface") + flag.StringVar(&argInfo.EtcdURL, "c", "127.0.0.1:4001", "the hostname:port for etcd client communication") + flag.StringVar(&argInfo.RaftURL, "s", "127.0.0.1:7001", "the hostname:port for raft server communication") + flag.StringVar(&argInfo.WebURL, "w", "", "the hostname:port of web interface") flag.StringVar(&argInfo.ServerCAFile, "serverCAFile", "", "the path of the CAFile") flag.StringVar(&argInfo.ServerCertFile, "serverCert", "", "the cert file of the server") From 84624f1ec0b39a2fbdf5700246ac183003bdf0be Mon Sep 17 00:00:00 2001 From: Xiang Li Date: Sat, 10 Aug 2013 17:00:25 -0700 Subject: [PATCH 07/22] fix join command --- etcd.go | 8 +------- etcd_handlers.go | 11 ++++++----- 2 files changed, 7 insertions(+), 12 deletions(-) diff --git a/etcd.go b/etcd.go index 4e9414fa7..c77c3fce2 100644 --- a/etcd.go +++ b/etcd.go @@ -17,7 +17,6 @@ import ( "net/url" "os" "os/signal" - "path" "runtime/pprof" "strings" "time" @@ -624,15 +623,10 @@ func joinCluster(s *raft.Server, serverName string) error { address := resp.Header.Get("Location") debugf("Send Join Request to %s", address) - u, err := url.Parse(address) - - if err != nil { - return fmt.Errorf("Unable to join: %s", err.Error()) - } json.NewEncoder(&b).Encode(command) - resp, err = t.Post(path.Join(u.Host, u.Path), &b) + resp, err = t.Post(address, &b) } else if resp.StatusCode == http.StatusBadRequest { debug("Reach max number machines in the cluster") diff --git a/etcd_handlers.go b/etcd_handlers.go index e330ab926..704cb811a 100644 --- a/etcd_handlers.go +++ b/etcd_handlers.go @@ -106,7 +106,7 @@ func DeleteHttpHandler(w *http.ResponseWriter, req *http.Request) { } // Dispatch the command to leader -func dispatch(c Command, w *http.ResponseWriter, req *http.Request, client bool) { +func dispatch(c Command, w *http.ResponseWriter, req *http.Request, etcd bool) { if raftServer.State() == "leader" { if body, err := raftServer.Do(c); err != nil { if _, ok := err.(store.NotFoundError); ok { @@ -170,11 +170,12 @@ func dispatch(c Command, w *http.ResponseWriter, req *http.Request, client bool) var url string - if client { - clientAddr, _ := getEtcdURL(raftServer.Leader()) - url = clientAddr + path + if etcd { + etcdAddr, _ := nameToEtcdURL(raftServer.Leader()) + url = etcdAddr + path } else { - url = raftServer.Leader() + path + raftAddr, _ := nameToRaftURL(raftServer.Leader()) + url = raftAddr + path } debugf("Redirect to %s", url) From 6610fc39cc1a1916bfa58b63e3836f51ca4c6816 Mon Sep 17 00:00:00 2001 From: Xiang Li Date: Sat, 10 Aug 2013 17:49:30 -0700 Subject: [PATCH 08/22] defaultScheme based on tls --- etcd.go | 34 ++++++++++++++++++++++------------ 1 file changed, 22 insertions(+), 12 deletions(-) diff --git a/etcd.go b/etcd.go index c77c3fce2..7bfb6c957 100644 --- a/etcd.go +++ b/etcd.go @@ -199,6 +199,26 @@ func main() { cluster = strings.Split(string(b), ",") } + raftTlsConfs, ok := tlsConf(RaftServer) + if !ok { + fatal("Please specify cert and key file or cert and key file and CAFile or none of the three") + } + + raftDefaultScheme := "http" + if raftTlsConfs[0] != nil { + raftDefaultScheme = "https" + } + + etcdTlsConfs, ok := tlsConf(EtcdServer) + if !ok { + fatal("Please specify cert and key file or cert and key file and CAFile or none of the three") + } + + etcdDefaultScheme := "http" + if etcdTlsConfs[0] != nil { + raftDefaultScheme = "https" + } + // Otherwise ask user for info and write it to file. argInfo.Name = strings.TrimSpace(argInfo.Name) @@ -206,8 +226,8 @@ func main() { fatal("ERROR: server name required. e.g. '-n=server_name'") } - argInfo.RaftURL = checkURL(argInfo.RaftURL, "http") - argInfo.EtcdURL = checkURL(argInfo.EtcdURL, "http") + argInfo.RaftURL = checkURL(argInfo.RaftURL, raftDefaultScheme) + argInfo.EtcdURL = checkURL(argInfo.EtcdURL, etcdDefaultScheme) // Setup commands. registerCommands() @@ -219,16 +239,6 @@ func main() { info = getInfo(dirPath) - raftTlsConfs, ok := tlsConf(RaftServer) - if !ok { - fatal("Please specify cert and key file or cert and key file and CAFile or none of the three") - } - - etcdTlsConfs, ok := tlsConf(EtcdServer) - if !ok { - fatal("Please specify cert and key file or cert and key file and CAFile or none of the three") - } - // Create etcd key-value store etcdStore = store.CreateStore(maxSize) From 9111617f3252526b26a45af9c5193c47b8e2bc7a Mon Sep 17 00:00:00 2001 From: Brandon Philips Date: Sat, 10 Aug 2013 19:22:04 -0700 Subject: [PATCH 09/22] chore(etcd): introduce sanitizeURL checkURL was a little weird and allowed two different ways to specify flags. Introduce sanitizeURL which will make sure the host passed in is simply hostname:port and then appends a Scheme. --- etcd.go | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/etcd.go b/etcd.go index 7bfb6c957..1cf9ca41d 100644 --- a/etcd.go +++ b/etcd.go @@ -142,18 +142,27 @@ var info *Info // //------------------------------------------------------------------------------ -// Check a URL and clean it up if the user forgot the schema -func checkURL(u string, defaultSchema string) string { - p, err := url.Parse(u) +// sanitizeURL will cleanup a host string in the format hostname:port and +// attach a schema. +func sanitizeURL(host string, defaultScheme string) string { + // Blank URLs are fine input, just return it + if len(host) == 0 { + return host + } + p, err := url.Parse(host) if err != nil { - panic(err) + fatal(err) } - if len(p.Host) == 0 && len(defaultSchema) != 0 { - return checkURL(fmt.Sprintf("%s://%s", defaultSchema, u), "") + // Make sure the host is in Host:Port format + _, _, err = net.SplitHostPort(host) + if err != nil { + fatal(err) } + p = &url.URL{Host: host, Scheme: defaultScheme} + return p.String() } @@ -226,8 +235,9 @@ func main() { fatal("ERROR: server name required. e.g. '-n=server_name'") } - argInfo.RaftURL = checkURL(argInfo.RaftURL, raftDefaultScheme) - argInfo.EtcdURL = checkURL(argInfo.EtcdURL, etcdDefaultScheme) + argInfo.RaftURL = sanitizeURL(argInfo.RaftURL, raftTlsConfig.Scheme) + argInfo.EtcdURL = sanitizeURL(argInfo.EtcdURL, etcdTlsConfig.Scheme) + argInfo.WebURL = sanitizeURL(argInfo.WebURL, "http") // Setup commands. registerCommands() From 8c09f98882e0e4db551eba73a783af24602d204b Mon Sep 17 00:00:00 2001 From: Brandon Philips Date: Sat, 10 Aug 2013 19:26:21 -0700 Subject: [PATCH 10/22] chore(etcd): cleanup TLS configuration the TLS configuration was getting rather complex with slices of tls.Config's being passed around and pointer nil checking for schema types. Introduce a new TLSInfo type that is in charge of holding the various TLS key/cert/CA filenames the user passes in. Then create a new TlsConfig type that has a Scheme and the Client and Server tls.Config objects inside of it. This is used by the two transport start methods which had been using a slice of tls.Config objects and guessing at the scheme based on the non-nil value of the Config. --- etcd.go | 176 ++++++++++++++++++++++---------------------------------- 1 file changed, 70 insertions(+), 106 deletions(-) diff --git a/etcd.go b/etcd.go index 1cf9ca41d..b583c09fd 100644 --- a/etcd.go +++ b/etcd.go @@ -63,13 +63,13 @@ func init() { flag.StringVar(&argInfo.RaftURL, "s", "127.0.0.1:7001", "the hostname:port for raft server communication") flag.StringVar(&argInfo.WebURL, "w", "", "the hostname:port of web interface") - flag.StringVar(&argInfo.ServerCAFile, "serverCAFile", "", "the path of the CAFile") - flag.StringVar(&argInfo.ServerCertFile, "serverCert", "", "the cert file of the server") - flag.StringVar(&argInfo.ServerKeyFile, "serverKey", "", "the key file of the server") + flag.StringVar(&argInfo.RaftTLS.CAFile, "serverCAFile", "", "the path of the CAFile") + flag.StringVar(&argInfo.RaftTLS.CertFile, "serverCert", "", "the cert file of the server") + flag.StringVar(&argInfo.RaftTLS.KeyFile, "serverKey", "", "the key file of the server") - flag.StringVar(&argInfo.ClientCAFile, "clientCAFile", "", "the path of the client CAFile") - flag.StringVar(&argInfo.ClientCertFile, "clientCert", "", "the cert file of the client") - flag.StringVar(&argInfo.ClientKeyFile, "clientKey", "", "the key file of the client") + flag.StringVar(&argInfo.EtcdTLS.CAFile, "clientCAFile", "", "the path of the client CAFile") + flag.StringVar(&argInfo.EtcdTLS.CertFile, "clientCert", "", "the cert file of the client") + flag.StringVar(&argInfo.EtcdTLS.KeyFile, "clientKey", "", "the key file of the client") flag.StringVar(&dirPath, "d", ".", "the directory to store log and snapshot") @@ -86,12 +86,6 @@ func init() { flag.StringVar(&cpuprofile, "cpuprofile", "", "write cpu profile to file") } -// CONSTANTS -const ( - RaftServer = iota - EtcdServer -) - const ( ELECTIONTIMEOUT = 200 * time.Millisecond HEARTBEATTIMEOUT = 50 * time.Millisecond @@ -109,6 +103,12 @@ const ( // //------------------------------------------------------------------------------ +type TLSInfo struct { + CertFile string `json:"serverCertFile"` + KeyFile string `json:"serverKeyFile"` + CAFile string `json:"serverCAFile"` +} + type Info struct { Name string `json:"name"` @@ -116,13 +116,8 @@ type Info struct { EtcdURL string `json:"etcdURL"` WebURL string `json:"webURL"` - ServerCertFile string `json:"serverCertFile"` - ServerKeyFile string `json:"serverKeyFile"` - ServerCAFile string `json:"serverCAFile"` - - ClientCertFile string `json:"clientCertFile"` - ClientKeyFile string `json:"clientKeyFile"` - ClientCAFile string `json:"clientCAFile"` + RaftTLS TLSInfo `json:"raftTLS"` + EtcdTLS TLSInfo `json:"raftTLS"` } //------------------------------------------------------------------------------ @@ -208,35 +203,23 @@ func main() { cluster = strings.Split(string(b), ",") } - raftTlsConfs, ok := tlsConf(RaftServer) + raftTLSConfig, ok := tlsConfigFromInfo(argInfo.RaftTLS) if !ok { fatal("Please specify cert and key file or cert and key file and CAFile or none of the three") } - raftDefaultScheme := "http" - if raftTlsConfs[0] != nil { - raftDefaultScheme = "https" - } - - etcdTlsConfs, ok := tlsConf(EtcdServer) + etcdTLSConfig, ok := tlsConfigFromInfo(argInfo.EtcdTLS) if !ok { fatal("Please specify cert and key file or cert and key file and CAFile or none of the three") } - etcdDefaultScheme := "http" - if etcdTlsConfs[0] != nil { - raftDefaultScheme = "https" - } - - // Otherwise ask user for info and write it to file. argInfo.Name = strings.TrimSpace(argInfo.Name) - if argInfo.Name == "" { fatal("ERROR: server name required. e.g. '-n=server_name'") } - argInfo.RaftURL = sanitizeURL(argInfo.RaftURL, raftTlsConfig.Scheme) - argInfo.EtcdURL = sanitizeURL(argInfo.EtcdURL, etcdTlsConfig.Scheme) + argInfo.RaftURL = sanitizeURL(argInfo.RaftURL, raftTLSConfig.Scheme) + argInfo.EtcdURL = sanitizeURL(argInfo.EtcdURL, etcdTLSConfig.Scheme) argInfo.WebURL = sanitizeURL(argInfo.WebURL, "http") // Setup commands. @@ -252,27 +235,27 @@ func main() { // Create etcd key-value store etcdStore = store.CreateStore(maxSize) - startRaft(raftTlsConfs) + startRaft(raftTLSConfig) if argInfo.WebURL != "" { // start web - argInfo.WebURL = checkURL(argInfo.WebURL, "http") + argInfo.WebURL = sanitizeURL(argInfo.WebURL, "http") go webHelper() go web.Start(raftServer, argInfo.WebURL) } - startEtcdTransport(*info, etcdTlsConfs[0]) + startEtcdTransport(*info, etcdTLSConfig.Scheme, etcdTLSConfig.Server) } // Start the raft server -func startRaft(tlsConfs []*tls.Config) { +func startRaft(tlsConfig TLSConfig) { var err error raftName := info.Name // Create transporter for raft - raftTransporter = newTransporter(tlsConfs[1]) + raftTransporter = newTransporter(tlsConfig.Scheme, tlsConfig.Client) // Create raft server raftServer, err = raft.NewServer(raftName, dirPath, raftTransporter, etcdStore, nil) @@ -367,37 +350,29 @@ func startRaft(tlsConfs []*tls.Config) { } // start to response to raft requests - go startRaftTransport(*info, tlsConfs[0]) + go startRaftTransport(*info, tlsConfig.Scheme, tlsConfig.Server) } // Create transporter using by raft server // Create http or https transporter based on // whether the user give the server cert and key -func newTransporter(tlsConf *tls.Config) transporter { +func newTransporter(scheme string, tlsConf tls.Config) transporter { t := transporter{} - if tlsConf == nil { - t.scheme = "http://" + t.scheme = scheme - t.client = &http.Client{ - Transport: &http.Transport{ - Dial: dialTimeout, - }, - } - - } else { - t.scheme = "https://" - - tr := &http.Transport{ - TLSClientConfig: tlsConf, - Dial: dialTimeout, - DisableCompression: true, - } - - t.client = &http.Client{Transport: tr} + tr := &http.Transport{ + Dial: dialTimeout, } + if scheme == "https" { + tr.TLSClientConfig = &tlsConf + tr.DisableCompression = true + } + + t.client = &http.Client{Transport: tr} + return t } @@ -407,7 +382,7 @@ func dialTimeout(network, addr string) (net.Conn, error) { } // Start to listen and response raft command -func startRaftTransport(info Info, tlsConf *tls.Config) { +func startRaftTransport(info Info, scheme string, tlsConf tls.Config) { u, _ := url.Parse(info.RaftURL) fmt.Printf("raft server [%s] listening on %s\n", info.Name, u) @@ -415,7 +390,7 @@ func startRaftTransport(info Info, tlsConf *tls.Config) { server := &http.Server{ Handler: raftMux, - TLSConfig: tlsConf, + TLSConfig: &tlsConf, Addr: u.Host, } @@ -429,16 +404,16 @@ func startRaftTransport(info Info, tlsConf *tls.Config) { raftMux.HandleFunc("/snapshotRecovery", SnapshotRecoveryHttpHandler) raftMux.HandleFunc("/etcdURL", EtcdURLHttpHandler) - if tlsConf == nil { + if scheme == "http" { fatal(server.ListenAndServe()) } else { - fatal(server.ListenAndServeTLS(info.ServerCertFile, argInfo.ServerKeyFile)) + fatal(server.ListenAndServeTLS(info.RaftTLS.CertFile, info.RaftTLS.KeyFile)) } } // Start to listen and response client command -func startEtcdTransport(info Info, tlsConf *tls.Config) { +func startEtcdTransport(info Info, scheme string, tlsConf tls.Config) { u, _ := url.Parse(info.EtcdURL) fmt.Printf("etcd server [%s] listening on %s\n", info.Name, u) @@ -446,7 +421,7 @@ func startEtcdTransport(info Info, tlsConf *tls.Config) { server := &http.Server{ Handler: etcdMux, - TLSConfig: tlsConf, + TLSConfig: &tlsConf, Addr: u.Host, } @@ -459,68 +434,57 @@ func startEtcdTransport(info Info, tlsConf *tls.Config) { etcdMux.HandleFunc("/stats", StatsHttpHandler) etcdMux.HandleFunc("/test/", TestHttpHandler) - if tlsConf == nil { + if scheme == "http" { fatal(server.ListenAndServe()) } else { - fatal(server.ListenAndServeTLS(info.ClientCertFile, info.ClientKeyFile)) + fatal(server.ListenAndServeTLS(info.EtcdTLS.CertFile, info.EtcdTLS.KeyFile)) } } //-------------------------------------- // Config //-------------------------------------- -func tlsConf(source int) ([]*tls.Config, bool) { + +type TLSConfig struct { + Scheme string + Server tls.Config + Client tls.Config +} + +func tlsConfigFromInfo(info TLSInfo) (t TLSConfig, ok bool) { var keyFile, certFile, CAFile string var tlsCert tls.Certificate - var isAuth bool var err error - switch source { + t.Scheme = "http" - case RaftServer: - keyFile = info.ServerKeyFile - certFile = info.ServerCertFile - CAFile = info.ServerCAFile - - if keyFile != "" && certFile != "" { - tlsCert, err = tls.LoadX509KeyPair(certFile, keyFile) - if err == nil { - fatal(err) - } - isAuth = true - } - - case EtcdServer: - keyFile = info.ClientKeyFile - certFile = info.ClientCertFile - CAFile = info.ClientCAFile - } + keyFile = info.KeyFile + certFile = info.CertFile + CAFile = info.CAFile // If the user do not specify key file, cert file and // CA file, the type will be HTTP if keyFile == "" && certFile == "" && CAFile == "" { - return []*tls.Config{nil, nil}, true + return t, true } - if keyFile != "" && certFile != "" { - serverConf := &tls.Config{} - serverConf.ClientAuth, serverConf.ClientCAs = newCertPool(CAFile) - - if isAuth { - raftTransConf := &tls.Config{ - Certificates: []tls.Certificate{tlsCert}, - InsecureSkipVerify: true, - } - return []*tls.Config{serverConf, raftTransConf}, true - } - - return []*tls.Config{serverConf, nil}, true - + // both the key and cert must be present + if keyFile == "" || certFile == "" { + return t, false } - // bad specification - return nil, false + tlsCert, err = tls.LoadX509KeyPair(certFile, keyFile) + if err == nil { + fatal(err) + } + t.Scheme = "https" + t.Server.Certificates = []tls.Certificate{tlsCert} + t.Server.InsecureSkipVerify = true + + t.Client.ClientAuth, t.Client.ClientCAs = newCertPool(CAFile) + + return t, true } func parseInfo(path string) *Info { From eb8f1dc6eb17afb3cfed46cc8a1ae7c7ba94918b Mon Sep 17 00:00:00 2001 From: Brandon Philips Date: Sat, 10 Aug 2013 19:52:29 -0700 Subject: [PATCH 11/22] fix(etcd): fixup TLSInfo json the JSON wasn't getting generated properly. Fix it up. --- etcd.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/etcd.go b/etcd.go index b583c09fd..a8ee7e4b6 100644 --- a/etcd.go +++ b/etcd.go @@ -104,9 +104,9 @@ const ( //------------------------------------------------------------------------------ type TLSInfo struct { - CertFile string `json:"serverCertFile"` - KeyFile string `json:"serverKeyFile"` - CAFile string `json:"serverCAFile"` + CertFile string `json:"CertFile"` + KeyFile string `json:"KeyFile"` + CAFile string `json:"CAFile"` } type Info struct { @@ -117,7 +117,7 @@ type Info struct { WebURL string `json:"webURL"` RaftTLS TLSInfo `json:"raftTLS"` - EtcdTLS TLSInfo `json:"raftTLS"` + EtcdTLS TLSInfo `json:"etcdTLS"` } //------------------------------------------------------------------------------ From 7db07aa96a1bd284d76b4583e8f57b7a2949ee48 Mon Sep 17 00:00:00 2001 From: Brandon Philips Date: Sat, 10 Aug 2013 20:16:37 -0700 Subject: [PATCH 12/22] fix(etcd): fatal when err != nil stupid typo, fix --- etcd.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etcd.go b/etcd.go index a8ee7e4b6..e64593794 100644 --- a/etcd.go +++ b/etcd.go @@ -474,7 +474,7 @@ func tlsConfigFromInfo(info TLSInfo) (t TLSConfig, ok bool) { } tlsCert, err = tls.LoadX509KeyPair(certFile, keyFile) - if err == nil { + if err != nil { fatal(err) } From 3be13a38f18ff64e91cb1161dd67dff930478b6f Mon Sep 17 00:00:00 2001 From: Brandon Philips Date: Sat, 10 Aug 2013 21:35:22 -0700 Subject: [PATCH 13/22] fix(etcd): use transporter scheme in joinCluster Follow the transporter scheme when trying to join the cluster. Otherwise the scheme is empty and the http client errors. --- etcd.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/etcd.go b/etcd.go index e64593794..a5d0a8b74 100644 --- a/etcd.go +++ b/etcd.go @@ -592,7 +592,8 @@ func joinCluster(s *raft.Server, serverName string) error { debugf("Send Join Request to %s", serverName) - resp, err := t.Post(fmt.Sprintf("%s/join", serverName), &b) + joinURL := url.URL{Host: serverName, Scheme: raftTransporter.scheme, Path: "/join"} + resp, err := t.Post(joinURL.String(), &b) for { if err != nil { From d9a8ca1a662d5920264bf7ab53a3ee0bda7c9cc8 Mon Sep 17 00:00:00 2001 From: Brandon Philips Date: Sat, 10 Aug 2013 22:02:44 -0700 Subject: [PATCH 14/22] feat(fixtures/ca): Initial commit --- fixtures/ca/.gitattributes | 1 + fixtures/ca/README | 18 ++ fixtures/ca/broken/README | 21 ++ fixtures/ca/broken/ca.crt | 33 +++ fixtures/ca/broken/ca.key | 51 ++++ fixtures/ca/broken/server.crt | 29 +++ fixtures/ca/broken/server.csr | 27 ++ fixtures/ca/broken/server.key | 51 ++++ fixtures/ca/broken/server.key.insecure | 51 ++++ fixtures/ca/broken/server.pub | 14 ++ fixtures/ca/broken/server.pub.sig | Bin 0 -> 512 bytes fixtures/ca/ca.crt | 31 +++ fixtures/ca/ca.key | 54 ++++ fixtures/ca/chain.pem | 61 +++++ fixtures/ca/chain2.pem | 61 +++++ fixtures/ca/openssl.cnf | 335 +++++++++++++++++++++++++ fixtures/ca/server.crt | 30 +++ fixtures/ca/server.csr | 28 +++ fixtures/ca/server.key | 54 ++++ fixtures/ca/server.key.insecure | 51 ++++ fixtures/ca/server.pem | 14 ++ fixtures/ca/server.pub | 14 ++ fixtures/ca/server.pub.sig | Bin 0 -> 512 bytes fixtures/ca/server2.crt | 30 +++ fixtures/ca/server2.csr | 28 +++ fixtures/ca/server2.key | 54 ++++ fixtures/ca/server2.key.insecure | 51 ++++ fixtures/ca/server2.pub | 14 ++ 28 files changed, 1206 insertions(+) create mode 100644 fixtures/ca/.gitattributes create mode 100644 fixtures/ca/README create mode 100644 fixtures/ca/broken/README create mode 100644 fixtures/ca/broken/ca.crt create mode 100644 fixtures/ca/broken/ca.key create mode 100644 fixtures/ca/broken/server.crt create mode 100644 fixtures/ca/broken/server.csr create mode 100644 fixtures/ca/broken/server.key create mode 100644 fixtures/ca/broken/server.key.insecure create mode 100644 fixtures/ca/broken/server.pub create mode 100644 fixtures/ca/broken/server.pub.sig create mode 100644 fixtures/ca/ca.crt create mode 100644 fixtures/ca/ca.key create mode 100644 fixtures/ca/chain.pem create mode 100644 fixtures/ca/chain2.pem create mode 100644 fixtures/ca/openssl.cnf create mode 100644 fixtures/ca/server.crt create mode 100644 fixtures/ca/server.csr create mode 100644 fixtures/ca/server.key create mode 100644 fixtures/ca/server.key.insecure create mode 100644 fixtures/ca/server.pem create mode 100644 fixtures/ca/server.pub create mode 100644 fixtures/ca/server.pub.sig create mode 100644 fixtures/ca/server2.crt create mode 100644 fixtures/ca/server2.csr create mode 100644 fixtures/ca/server2.key create mode 100644 fixtures/ca/server2.key.insecure create mode 100644 fixtures/ca/server2.pub diff --git a/fixtures/ca/.gitattributes b/fixtures/ca/.gitattributes new file mode 100644 index 000000000..fa1385d99 --- /dev/null +++ b/fixtures/ca/.gitattributes @@ -0,0 +1 @@ +* -text diff --git a/fixtures/ca/README b/fixtures/ca/README new file mode 100644 index 000000000..308bcfe50 --- /dev/null +++ b/fixtures/ca/README @@ -0,0 +1,18 @@ +Testing x509 certs for luacrypto + +# Make the CA cert +openssl genrsa -des3 -out ca.key 4096 +openssl req -new -x509 -days 365 -key ca.key -out ca.crt -extfile openssl.cnf -extensions v3_ca + +# Make server cert and signing request +openssl genrsa -des3 -out server.key 4096 +openssl req -new -key server.key -out server.csr -config openssl.cnf + +# Sign the server csr and generate a crt +openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt -extfile openssl.cnf -extensions v3_req + +# Output unencrypted server key +openssl rsa -in server.key -out server.key.insecure + +# Output "raw" public key from server crt +openssl x509 -pubkey -noout -in server.crt > server.pub diff --git a/fixtures/ca/broken/README b/fixtures/ca/broken/README new file mode 100644 index 000000000..362002293 --- /dev/null +++ b/fixtures/ca/broken/README @@ -0,0 +1,21 @@ +## Testing x509 certs for luvit + +# Make the CA cert +openssl genrsa -out ca.key 4096 +openssl req -new -x509 -days 365 -key ca.key -out ca.crt + +# Make server cert and signing request +openssl genrsa -out server.key 4096 +openssl req -new -key server.key -out server.csr + +# Sign the server csr and generate a crt +openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt + +# Output unencrypted server key +openssl rsa -in server.key -out server.key.insecure + +# Output "raw" public key from server crt +openssl x509 -pubkey -noout -in server.crt > server.pub + +# Sign the public key with the key (just for testing signatures) +openssl dgst -sign server.key.insecure -sha256 server.pub > server.pub.sig diff --git a/fixtures/ca/broken/ca.crt b/fixtures/ca/broken/ca.crt new file mode 100644 index 000000000..34a317181 --- /dev/null +++ b/fixtures/ca/broken/ca.crt @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFtTCCA52gAwIBAgIJANfWYo0ePBBqMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQwHhcNMTIwMzE1MjMxMzMwWhcNMTMwMzE1MjMxMzMwWjBF +MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50 +ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC +CgKCAgEAyzBV/DH0PWmPxdnr3BTogxPYKVJQ4OQjiiALRRtYPjvQYKPWWsbt4Zlw +kfYsc6ihIKUL1tGEnjD6YDTtTwWH7DXeq0mWebFr3kQg/ssoTM5oHN9VglwPMRnx +7qqbBG0/LO/K2Go/UMFGmWHiRYRWcOYegq6DXJpj1sRJz8o3uk4Fxz/xr1sjng1l +EfAfE4segFLRhmXy1e6Ooy2U5WcpDeKGrD1O01DKsYdR+RavcgkmFYfZ5rdtaKrE +wpYLylJNmOAkss7w5tOyEEDLoZHtkRFX5Ss38wuU2h9Li8P9vhyL4Ylzcuy/pBXW +MA89D8bBXjR3G4Hk7qX7gqlI9GdRXtPqnRpgEy/vw/+6aJVfNJtLIRdabSr3vStL +rhF1y4ocr8OJdNjHGp8tssc9I0LhhItT7bWgjQLHTRezVXV5kzpggAlDCQc48bdc +aYjBoLuu8jH9mgGCnPtrJMyV+T96rV5V4XJieA9k4IQ3nWJk1Nslqm5S/FSQbM32 ++ineL0ZlT/x8qXNnL3FHQFDOKCng3Ww6wC7M9BDf9+Di04lNtd37pri/i5dcvsn1 +WaYzvHpSGom234Bl4NQSoupKlEhfgTc5w/uuhbGSWcsH+wB4Yi7dg5U7voNkwtVo +loEaZ58ldd4Dkz16lZSSg4wzwDbMQWpGCPRAfVDAVk/AxpfOiOsCAwEAAaOBpzCB +pDAdBgNVHQ4EFgQUpahFGYUWGD8RygULRRlo6TlAkxowdQYDVR0jBG4wbIAUpahF +GYUWGD8RygULRRlo6TlAkxqhSaRHMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpT +b21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGSCCQDX +1mKNHjwQajAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4ICAQAvdXT3GIjK +diHYGurJKSGhja8nVcZ9vm0SICyMQU3nOaMhNdrFXUP21dqO1xP+uqgc7vHGOyPg +MNLvamCY7JtmcLEgByG5Z+aeNESdwGjP4Rl4YRB83JUyOHke0cONiJXYTjGwF7FL +vCXjJm/3t5rTj+gPPMkcN3FtYpiVUn2Ra5LURCiRucsqnStEKiLeIM3WluKOFssZ +AHGkUEGXpYyuobdBvejCqdc02+ywyqGuV05mOHB7dDAt0eS0tUqaEyoKlWgIuVlN +770LJGjQkQqa0oYwrbsgKuPjH4zu7MDjzooZsYkEpgPCaK64HQ03mdWYWiqW3KY5 +JxT4TdOwSXQfvmeLbT/By1Qo0m9R2Sqb4Q0t3VDILyJmvTr4dLCRjAMfDaADxiPI +58cXUeT5kLbF2kHQ8GZIFXpWQRhX5Go0sETlv35HtL9szNK/p2ngob6XkbxJf8rC +ygP96Xa09J94CPrJF34slRM3hsdf/t92ytG8HTOf+42QjT60zgApibVVXwEYwx2S +M/1FZbt9xR2nfvrKBZG4luyPuIVbAI3VbtgfP2ywIxQI7OkBQec52Ck2e4AvZk9q +PUgxRqZbzpQSdEr3U3bhEtKf/Yq3Lgx/4Luo11BlZkWRKViBpK1yTUe1C4UkFo5Z +gZO0oCwwO5YWxTCA1xCJDJeSuz16snOXpw== +-----END CERTIFICATE----- diff --git a/fixtures/ca/broken/ca.key b/fixtures/ca/broken/ca.key new file mode 100644 index 000000000..bd1596378 --- /dev/null +++ b/fixtures/ca/broken/ca.key @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKQIBAAKCAgEAyzBV/DH0PWmPxdnr3BTogxPYKVJQ4OQjiiALRRtYPjvQYKPW +Wsbt4ZlwkfYsc6ihIKUL1tGEnjD6YDTtTwWH7DXeq0mWebFr3kQg/ssoTM5oHN9V +glwPMRnx7qqbBG0/LO/K2Go/UMFGmWHiRYRWcOYegq6DXJpj1sRJz8o3uk4Fxz/x +r1sjng1lEfAfE4segFLRhmXy1e6Ooy2U5WcpDeKGrD1O01DKsYdR+RavcgkmFYfZ +5rdtaKrEwpYLylJNmOAkss7w5tOyEEDLoZHtkRFX5Ss38wuU2h9Li8P9vhyL4Ylz +cuy/pBXWMA89D8bBXjR3G4Hk7qX7gqlI9GdRXtPqnRpgEy/vw/+6aJVfNJtLIRda +bSr3vStLrhF1y4ocr8OJdNjHGp8tssc9I0LhhItT7bWgjQLHTRezVXV5kzpggAlD +CQc48bdcaYjBoLuu8jH9mgGCnPtrJMyV+T96rV5V4XJieA9k4IQ3nWJk1Nslqm5S +/FSQbM32+ineL0ZlT/x8qXNnL3FHQFDOKCng3Ww6wC7M9BDf9+Di04lNtd37pri/ +i5dcvsn1WaYzvHpSGom234Bl4NQSoupKlEhfgTc5w/uuhbGSWcsH+wB4Yi7dg5U7 +voNkwtVoloEaZ58ldd4Dkz16lZSSg4wzwDbMQWpGCPRAfVDAVk/AxpfOiOsCAwEA +AQKCAgEAkOSBDHxa3Mg//CiwZpqKS56FEMJgZl6JcV/0aW1cedSRfbiXjNg6nhub +CJrxi/B+JhdL3/48gcoPYTec2jLpgGnRxXeOVG1OrIsMtGUO8eZmm+Auy+z18F++ +BCGotXlqCZNdpQHu8JlCzPHeNxBty8htjWcAybJW67nBoOlk3/fvauyQXimxtm16 +21XN81PLhlqIizx79E5PbNF+UjBEOGCHBKAba9k7EWmb7PJeXgVkIQplOn8nB/Ju +qQvykG4sY43C3bdwVkozuh9alnbHYCFr+kHdffWOShTy/FHgygb1QPmRWCy3ZD0m +JdNYCb4D+jeTkAwKwpueRMiO+6oJfT5P/J6eovfFVN+fdcg7v/0AdnUO1vkb5ykV +9YpYw7igF+ueRTl2LLEI4xHRfeAybpIouVgRtIBkSd8Cjp4fhKCLOKsEYWgP+uWS +o1tHJ7KliweWPK/eZPrgRHiyH/4gP+EyYDZwDJxFvpr3Tw7STR9DUXMTWrQ4U7/w +3dfGPROOjieZiTT/zG6NjL2U+zq829k/48+rOaxN+ga7d8OV0aP+9/HmpcrmbRqI +H77KOdogCpemZkoxSE82eJbwrCQLR/LWbhNRyrllI3njh8djJ/LWMOXP7SRRRESa +6DcFW7mNtzIloKq1FTck3NYef2GjjqkElqVNHl/xkzwwU5aanUECggEBAOvNp2Cr +OGeym/It8MxiunuOOzwYwDup96mICBME810Dfv0fLjhdw6y3ervKzBE82CKre7O4 +VueGhdIg7x0A5K8h1jYpgjkJtn77YXGJ+c4IbhfXz66uL5JL0t44gtARCSbLm+ks +5NXdwUEkgPeKFik/cECqLE9yeeMQc9uoeKXx/nNBIPW44hr2KAIW/occyWJym2fu +oeYV54OqXxWWDFsg0ZDGBAQ0EZiKQwfA9cd7UQrgCPrLlBcuDEtHLyF37cHt6ePk +dzdrCg5Jy1OrmMjlKLYoaWSwfIj5CgVIncRcV6dq+EVPxoZ9MYz9Wr7e/SoiL5jC +RiLNaixmI2S7HvECggEBANyXjyI3WWp9cMVnc76BF/fsNQvcCkFKdiDEm+yMcPdz +IhiaaQdakhQ1GR/EKKrHIrnuPw85LmSmwHut6VD6Hk1H1mmlZ9enTLgDuntFs+ls +/WWGvDCyddbpqblkMlKeteFlCWVnpcKGoqCBMWWOMsLbMOhh8+yEFpwJ3l/N2XSv +TVbWoKJa0skhvNgAe/JpriOurU7mEfhDj1jMFxJNZZkoOTWGCYAB3FoLxd76I+sF +IBy/g4ehwf4/+GRwBm/LpnGRvmjRWk4zSspo9tqnsdJlq+6YWbWBjs23ci37bT3k +qtRUpKb/ltzFh9ai8ohEeMH34AIQRxTLipzJ3wMZnZsCggEBAN0jR6YTzNkLGs67 +IMk8ibCXyZtphtYtZvLZfOEBUo3XWn9df4YjAP/4LiTxYgGEcxnIgkEgTnfgo51V +f4lOrihD7lVrBhIhtsFNVKwa/menZj/8B2vFNR3Y+A+pJZylbVSxvCyoCo864SML +bds35+KU+Nvb+6QiMoashkroqwTNdph16sgms/0e/pQ/JkJlz8MAwhdtJu3VewHy +hCuFRV8s3vwLh/a9MgdBGu2pm5WRY4Z0Zld1FhPK/oKWZm/XveSSDzfGqbsSKiMO +N53nHmjA6DY0nepszM3T5/7eg/6Drzx1yBGQaBj2TcLwUusPypJ57vMutoGq7Lho +rSapibECggEAGzTqJ2syMQslpIM86EsdvKs6Y6sQ7LqVVTdKj+NGb46YrvYkbA7E +o49k+OEFrwJ+ivYSevsveKSEavypIR6oLBnnHQKUiymMMcnr7xZKuUiC/Emg3lS0 +afxJvZ7ZAg2nGxSOEx60eAiI+EjW4dKm+hd0scSbBBnKfBZPgftujZCtdj9kcoHH +K51ooC93Gg/ktWvu3iNMJhWXEXmigtRe6oPmgm50r4ALQGPhVL3/PhZUvpb0Tv8p +YQVcym5yrMkuTyWNmXnwrGJxIAPQJmm2ad+2U+ggcF15UnAEuh0ffRm95BBIenxd +i/8k4NkaFqpzRmEfFMITMkJkZzASvFwlbwKCAQAQe+VFR5gKXY1ateUlo4PixXOz +i0ktP+VvrcXRi6u+J9nhUHd0sZofVERO7u7Y8xg2bSjGfpNhY2DCaa36lnrZzuCH +56JYSIFPk9UvclD3nqWxsICGUmfRHj9p2yEHAtn2NCGuVK24bSQMSo7Iuth9geIL +zMY4q3Hayq2OK/1BQY6wwJvxvKQC8gBUoXfn3Ecih3Q2V17+6yauNUW8ebnm5ccb +tIiufc92E/TU/32pJmrweHkI+FRJKmPEmHzxJOSLhxMcQ0IXCKD/ukFvGDVm1KvF +XNwJKCwQ2KnC2gt2BRCVGxV5oKw4TnX4PVEZbC/yOsPBxnFw4QbKjtw3Bdms +-----END RSA PRIVATE KEY----- diff --git a/fixtures/ca/broken/server.crt b/fixtures/ca/broken/server.crt new file mode 100644 index 000000000..442f3f40c --- /dev/null +++ b/fixtures/ca/broken/server.crt @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE/jCCAuYCAQEwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQVUxEzARBgNV +BAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0 +ZDAeFw0xMjAzMTUyMzEzNDZaFw0xMzAzMTUyMzEzNDZaMEUxCzAJBgNVBAYTAkFV +MRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRz +IFB0eSBMdGQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDOwQ+StykH +YPBXIQPgD+ZqU4RBgbwpT94p9Fvf5/OZIenI2Ujv9wCEeRbwdtbKj+RlvcM8BX2I +27MNp0dd5G9+dLizKbDgigjDRJXVNk4d9RPd7r/51jBT3WIkkI+4qkbTMjqfhkJn +iBQZisAajucaO02F6FGxdqlFcU/l92CG12MRbvmNqmJ9odWniylKHwAfV1jSbnQS +ckvtsxAc9bCNm3mDrjAwZlZCaHWEy0sq3VoBA7y1IWxOSg7aXR5t6NHEMs61ARfQ +/bdGR4ww4haGVdflS68oSZtOa9TJytv0BaMnIFLkFDvEpq39KXjP0yrSGqJQC5cA +3yh3uJQxUcZ9A2rPRR7LoS6ZVEk+4OWRP0kPW6FILDRiHMOlj0jeMmfLzLGLW/NW +WBPBAG6pwNJaO1Y4LLHZRUJE3dM70v/lNMmB/T1S3kJ7TX+pluTgdCKo2qjxvnQI +A0CnQeeQSV7TiefuIixXwAGGdg7dZO0MSkX8NASPiS/B3KWP4pSDDEzsRmz4UqRG +0tnkFRfCKHtkBPJ7OWdHapgXnlUBImQWO2MStPenmZBzuVcCkv52QwuFC8g/EKlr +tvzRl11Ajgg9LZApI0BaOtXE/LGkBpPpXNh0Pi10ETniPhvfZhX/RYb4g6WeVGsx +oD6V9vHrD1Psp4u+QKZRldsD0d1aRvXvzwIDAQABMA0GCSqGSIb3DQEBBQUAA4IC +AQCAzJrMHAIZVPupdJiiooCHvLc3M/4wn02Wws/NgvkIO3mNs+9uZvJ/IsLSOS/0 +x9gIVIXscoT0y/RRCg9IUwCGmCp9XkfL0MzBNPfhOXZ2/SXLGv2ubBTv7nyXAeF9 +Oh719bbir+vmEKoMXej0LBQ3qGT6zS8Zs2iKGj1bXZjZXiTt67YkYZgr65uZTYW4 +XtywTnJ+vUg9Mp6fReXgOWDlM8BiJ6JKnRn9f5Y66INSePV4NvtcIrqNNvrBEDqX +LOWuh1Vs32gOySF8A1jM/GdSCdV1Wsng5HxGMMuGAKnw35YguW598Fk8LLfE8w5V +x9Gth2RdxvimMu+qsNMq0mc78C1yPDSfRXC51t8J8d5+hke/apb6KfB/47gooQeH +TCRMorOzO8tWhK6NDPp9iKoNSYznmtWq+0Lc4Upa+cc3ktIOCiTWh9OBaFsFd8jB +Dlhw3sqwhMtqxJEoEJIZMGSE0W9p9y+D1XeNqfHmJ04NaTvuqfkt2z6ROd+pPdqb +A+b6aFZfBdh+ynOq2g6Epwq8rNe338E23gVGgNfcw4pdFq9NmpdVKREIQKObQWCQ +oElaQwIgyPI9rkpkT3QsHHJnEb9mRn05tlEplOi6S05/NIb+yz07Jb09UdAjxHDR +4MiUfXVXZwUAvuWKBnKK4ZjjgEZe21aoliLDl3yekewVqA== +-----END CERTIFICATE----- diff --git a/fixtures/ca/broken/server.csr b/fixtures/ca/broken/server.csr new file mode 100644 index 000000000..2065d3a4e --- /dev/null +++ b/fixtures/ca/broken/server.csr @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEijCCAnICAQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx +ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBAM7BD5K3KQdg8FchA+AP5mpThEGBvClP3in0W9/n +85kh6cjZSO/3AIR5FvB21sqP5GW9wzwFfYjbsw2nR13kb350uLMpsOCKCMNEldU2 +Th31E93uv/nWMFPdYiSQj7iqRtMyOp+GQmeIFBmKwBqO5xo7TYXoUbF2qUVxT+X3 +YIbXYxFu+Y2qYn2h1aeLKUofAB9XWNJudBJyS+2zEBz1sI2beYOuMDBmVkJodYTL +SyrdWgEDvLUhbE5KDtpdHm3o0cQyzrUBF9D9t0ZHjDDiFoZV1+VLryhJm05r1MnK +2/QFoycgUuQUO8Smrf0peM/TKtIaolALlwDfKHe4lDFRxn0Das9FHsuhLplUST7g +5ZE/SQ9boUgsNGIcw6WPSN4yZ8vMsYtb81ZYE8EAbqnA0lo7VjgssdlFQkTd0zvS +/+U0yYH9PVLeQntNf6mW5OB0IqjaqPG+dAgDQKdB55BJXtOJ5+4iLFfAAYZ2Dt1k +7QxKRfw0BI+JL8HcpY/ilIMMTOxGbPhSpEbS2eQVF8Ioe2QE8ns5Z0dqmBeeVQEi +ZBY7YxK096eZkHO5VwKS/nZDC4ULyD8QqWu2/NGXXUCOCD0tkCkjQFo61cT8saQG +k+lc2HQ+LXQROeI+G99mFf9FhviDpZ5UazGgPpX28esPU+yni75AplGV2wPR3VpG +9e/PAgMBAAGgADANBgkqhkiG9w0BAQUFAAOCAgEAyqppt9mxmlqAUkYCbNxPnc+M +1d5OQZ1Fqy0a4eF9/WxK+PqjRTKbD+rvGEulYdeCGiz8wP5HxVCdT2xzdVZdhMUX +opZGG3x5H1xXy0YLzBsxB9rkYjz+NeVtl8lKXvWDfgZ1vjjRHOIc261Eq6CPoXjT +5ENHnTyT0xbDmdkyjGNT0qowl50rlZotx6Vb2VPquAtau1m2nrvx5t0wkbJPocPA +XTndphgdH0aecJXZOgN8MWh9LYObNM5UqIFPaiNHHAetJIOLoDDIpEl5ZVj4PwtU +uiiaWpNjz3ODx2j5tmEz1SUF+6vS0OfvKx/pInQzFFRLfudgphzGYLf9rwOswBI7 +8d0sEfrUNEladzvIz/IvJpuRrWJ/uLfpE4LXYTNbGWP50d1YRGxv7Zl8Bio0CU34 +q+Du1CXpWce5bcOJ25KYZd7Lrf0YVzQjneuyNbBCPrp2gbweeydQWd6LGdtUab0l +gjQ3lj4E8Y1vIpTOL2K3bvkqJxJYoaYdzzGEzuv6/FS7ATYVn5sBYxJrsUqgYdjp +SMx6RS6ImNbHVy56nb6MiaztwAE4uo59vkrdKdvIETvP5duD4qDBsZL3WzJwhMxl +d9An+z3VAqEABzNtM7/Cdq7pZmgdPAHgGFasB3eihdmHsONWqExRPhcmW4H1hpVQ +pkguJFDOpRqebdLHZPI= +-----END CERTIFICATE REQUEST----- diff --git a/fixtures/ca/broken/server.key b/fixtures/ca/broken/server.key new file mode 100644 index 000000000..5efb4b520 --- /dev/null +++ b/fixtures/ca/broken/server.key @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKAIBAAKCAgEAzsEPkrcpB2DwVyED4A/malOEQYG8KU/eKfRb3+fzmSHpyNlI +7/cAhHkW8HbWyo/kZb3DPAV9iNuzDadHXeRvfnS4symw4IoIw0SV1TZOHfUT3e6/ ++dYwU91iJJCPuKpG0zI6n4ZCZ4gUGYrAGo7nGjtNhehRsXapRXFP5fdghtdjEW75 +japifaHVp4spSh8AH1dY0m50EnJL7bMQHPWwjZt5g64wMGZWQmh1hMtLKt1aAQO8 +tSFsTkoO2l0ebejRxDLOtQEX0P23RkeMMOIWhlXX5UuvKEmbTmvUycrb9AWjJyBS +5BQ7xKat/Sl4z9Mq0hqiUAuXAN8od7iUMVHGfQNqz0Uey6EumVRJPuDlkT9JD1uh +SCw0YhzDpY9I3jJny8yxi1vzVlgTwQBuqcDSWjtWOCyx2UVCRN3TO9L/5TTJgf09 +Ut5Ce01/qZbk4HQiqNqo8b50CANAp0HnkEle04nn7iIsV8ABhnYO3WTtDEpF/DQE +j4kvwdylj+KUgwxM7EZs+FKkRtLZ5BUXwih7ZATyezlnR2qYF55VASJkFjtjErT3 +p5mQc7lXApL+dkMLhQvIPxCpa7b80ZddQI4IPS2QKSNAWjrVxPyxpAaT6VzYdD4t +dBE54j4b32YV/0WG+IOlnlRrMaA+lfbx6w9T7KeLvkCmUZXbA9HdWkb1788CAwEA +AQKCAgEAyFMhDquu8jpHxHP1uERPoZfYHkxgjrqW7JmZ50FrsmS8iuGVHQR7GN/m +jQjoJo3y421Q3DgJoPAV9dWtfVjXenQHfXiYq4ay5NfwQQyD9dy+6hrpIV4Zpzhq +Xjk/N9KsGveg+23vqzabGwBoD5OEcdMh0uv9M3BgpCsdGhltCllo4LxgyZVcJpQG +Wnaog+uzh6pvIjzo8/KQhPgpVZXsAdixjRfaExsk2uUxcIA1DYw5J6CCWBHRSa3R +5FuzHxUlIe+EfrZXaCRcTpkGSVrWLkTAkaeaR/PBqeMq4nZOVYqcwU09Y0YDfw9s +p01mhB77b2Vk/R+tqKeQIyfRVlQAduQ4ONyQwHQo7wzLcWicxR06AdYDDgAsW5W4 +na0El8PG8vsUQQrdY+rVHvye7GsKGlRqzTiuvy9QVJxPtoJlMlK1ktzRbrOJjZy3 +NuP87o4rlZljcqJbcIuTY9be6JGVwKSoUGLGxV28NgOJwnNhp3NjEvp1gaQhY5w1 +DAwD1H6W7OQ2aWpkScy9H+u7aY2rOQNyB+5E79KuAOiqhi3oH4g8V/hhRFVkDi7X +AJHPbeTa3pQ8CxNJF76p56nxkBZfxTN21m7kWqtnZ+O7YU6I47UuT2xHPEgsy28m +lZfWACLVU0oLLSUpiuvWGAo/J0TTxVpNGmGZjSaiD7TnIW5GnokCggEBAOySIQFr +8DDeiESmFpSbnXLNeO8CTqxUMbaidD1zf7nkZ9JuOODkBOXNlkw8ECOLzb85dEVv +TZTbKB2mRKgtiucEQJDLiYXtQGrpJNrcHt0f/QZQwlUGi9z9yOuboLb9ypJgcRb8 +t4+BuNNInP3DGGGGpnECC/DATgvp5s4RQU9qO5F7AXSRqw4YKnFU39mE257oMotx +ypOklhFkvaRJaSJdcANPxTJR4IFZ6zxuLfhVgcJsfoY2+vMV/8Hm03CDQ/bwvNe7 +iOEVtxVdClhEFuWZl49HbiqLKH3F8VrsFhrS7GKK+llZRMAAt+BGcocQiqLs/G9p +tc3SZSYmAazqbT0CggEBAN+8Ckoopa2gj1a0JDzti8rn61xyYrCm8ifG2QvN4A9J +YqvXEwcKuiILwA/nZjM1CciZPLDi7PhplHYTA9uyCXJ8gf7aeM+MlS3KElaTohhN +TvNUsqPO8sQUtaInzJeM3HcD8UkIl3N2Czsj2zr9WjCOMFazNG3euoCYV827Kx58 +5T3T1oXnV0vlGXRN73WFkd20agkSnYRZadefFbRV5NtW84UQ19mdOtCpvbWSQ1kW +ps9q10spuBaqvGs2xp2+ZpawzKmWitLOOFPCF+GTigz3K6B3iCi9Q9UbLtlnYEaf +wIQTtJwMI8GLmbxyXqluQf69g+CtiqR5djfet4sXefsCggEAeGcLK1kPPyATRLUv +auUkpkhTU3neJrEXODfIZ3pAOJE6EgyNIFCM+ZS/+P7cy+qchcWtGqXCW4+LBEQa +T2oWdutgHRGqZaJRldghLM65WpusQKmbroCNcKUtvFRR4LCciBFTnXpzxjMkqUwc +sr63yvMoBP4gq6CEWGXsVVbM4alUtf9fxz9YSu0btOCYqXGIAYF2MChzDN/IjQOz +zUibnKTnnJfd6nVniQ4FvpTpCqoiR5zGbHLRGCVLLRnY5Tu5vJXb1wSYbs6JhvL6 +j9/fs22PiJm3RSncKt8yrq7XtUFClAjdz9myNvJmo1vXcEyH8tIgzGeF40JAvsC7 +O5F4lQKCAQBrZZU+4eIdxVvpD9HxWUnoXYlyOAo9p/XHuEEJ1IqAbAasXDJrB/Av +VZqdR8OcQxJuM3iZpGSCHhRA1YHdnMnCJhg0oOSrJF2bvEsvOfDuX3XNglO6JCYO +j65cp2QjP1+41bCmETS6HOjpO54J5AG+GxMDG0TIlMjL39UOEZFyMhvMoPpyDomu +Ccw9MwgGTtalKOxZbJEmLdGLynaduTmBPGzq7BnhAQNxlHlXRl2Dz0bFfBDaqK0Q +XGbTxFh08ifGoBmuMnBzHsCVHC9gffUfoipT/ezjOW7tRf4oJ+JkJF1CST9CROWJ +C50Bg5kDFcUiJhC+8i8CIrfnu8Y5Q0yvAoIBAEnzE7VgiObij2fytS+Qo8C5Abgz +e9ZN3cKC9vpGYK95mBnoK/TYMGj62+ETNHS244VuOCEnHk+ypnLU/yfx/eVcbq2K +JCFjcrM2O9k9AuJidA320Zmr0NvGRIu/NZnRy6GvYSeBS2xWhY0d13IcrZM+KnBV +64eB2aX7OI33yyFiCYeW+1fzg3qf5m+iFKQtAmLwlcWgmbcHJCXP/Z49kPw229/2 +IszEW0PbXsA22i/CVCSn7mw7M+8Cw8JkVKS1VB2bTDkTZeO1SXuP/0nmBfE3qaie +WuWdp6bI7KPXuxcy6aPWJVU3uoA7GeGTnne29vmRs2l8MuIAswMOkCSHnQk= +-----END RSA PRIVATE KEY----- diff --git a/fixtures/ca/broken/server.key.insecure b/fixtures/ca/broken/server.key.insecure new file mode 100644 index 000000000..5efb4b520 --- /dev/null +++ b/fixtures/ca/broken/server.key.insecure @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKAIBAAKCAgEAzsEPkrcpB2DwVyED4A/malOEQYG8KU/eKfRb3+fzmSHpyNlI +7/cAhHkW8HbWyo/kZb3DPAV9iNuzDadHXeRvfnS4symw4IoIw0SV1TZOHfUT3e6/ ++dYwU91iJJCPuKpG0zI6n4ZCZ4gUGYrAGo7nGjtNhehRsXapRXFP5fdghtdjEW75 +japifaHVp4spSh8AH1dY0m50EnJL7bMQHPWwjZt5g64wMGZWQmh1hMtLKt1aAQO8 +tSFsTkoO2l0ebejRxDLOtQEX0P23RkeMMOIWhlXX5UuvKEmbTmvUycrb9AWjJyBS +5BQ7xKat/Sl4z9Mq0hqiUAuXAN8od7iUMVHGfQNqz0Uey6EumVRJPuDlkT9JD1uh +SCw0YhzDpY9I3jJny8yxi1vzVlgTwQBuqcDSWjtWOCyx2UVCRN3TO9L/5TTJgf09 +Ut5Ce01/qZbk4HQiqNqo8b50CANAp0HnkEle04nn7iIsV8ABhnYO3WTtDEpF/DQE +j4kvwdylj+KUgwxM7EZs+FKkRtLZ5BUXwih7ZATyezlnR2qYF55VASJkFjtjErT3 +p5mQc7lXApL+dkMLhQvIPxCpa7b80ZddQI4IPS2QKSNAWjrVxPyxpAaT6VzYdD4t +dBE54j4b32YV/0WG+IOlnlRrMaA+lfbx6w9T7KeLvkCmUZXbA9HdWkb1788CAwEA +AQKCAgEAyFMhDquu8jpHxHP1uERPoZfYHkxgjrqW7JmZ50FrsmS8iuGVHQR7GN/m +jQjoJo3y421Q3DgJoPAV9dWtfVjXenQHfXiYq4ay5NfwQQyD9dy+6hrpIV4Zpzhq +Xjk/N9KsGveg+23vqzabGwBoD5OEcdMh0uv9M3BgpCsdGhltCllo4LxgyZVcJpQG +Wnaog+uzh6pvIjzo8/KQhPgpVZXsAdixjRfaExsk2uUxcIA1DYw5J6CCWBHRSa3R +5FuzHxUlIe+EfrZXaCRcTpkGSVrWLkTAkaeaR/PBqeMq4nZOVYqcwU09Y0YDfw9s +p01mhB77b2Vk/R+tqKeQIyfRVlQAduQ4ONyQwHQo7wzLcWicxR06AdYDDgAsW5W4 +na0El8PG8vsUQQrdY+rVHvye7GsKGlRqzTiuvy9QVJxPtoJlMlK1ktzRbrOJjZy3 +NuP87o4rlZljcqJbcIuTY9be6JGVwKSoUGLGxV28NgOJwnNhp3NjEvp1gaQhY5w1 +DAwD1H6W7OQ2aWpkScy9H+u7aY2rOQNyB+5E79KuAOiqhi3oH4g8V/hhRFVkDi7X +AJHPbeTa3pQ8CxNJF76p56nxkBZfxTN21m7kWqtnZ+O7YU6I47UuT2xHPEgsy28m +lZfWACLVU0oLLSUpiuvWGAo/J0TTxVpNGmGZjSaiD7TnIW5GnokCggEBAOySIQFr +8DDeiESmFpSbnXLNeO8CTqxUMbaidD1zf7nkZ9JuOODkBOXNlkw8ECOLzb85dEVv +TZTbKB2mRKgtiucEQJDLiYXtQGrpJNrcHt0f/QZQwlUGi9z9yOuboLb9ypJgcRb8 +t4+BuNNInP3DGGGGpnECC/DATgvp5s4RQU9qO5F7AXSRqw4YKnFU39mE257oMotx +ypOklhFkvaRJaSJdcANPxTJR4IFZ6zxuLfhVgcJsfoY2+vMV/8Hm03CDQ/bwvNe7 +iOEVtxVdClhEFuWZl49HbiqLKH3F8VrsFhrS7GKK+llZRMAAt+BGcocQiqLs/G9p +tc3SZSYmAazqbT0CggEBAN+8Ckoopa2gj1a0JDzti8rn61xyYrCm8ifG2QvN4A9J +YqvXEwcKuiILwA/nZjM1CciZPLDi7PhplHYTA9uyCXJ8gf7aeM+MlS3KElaTohhN +TvNUsqPO8sQUtaInzJeM3HcD8UkIl3N2Czsj2zr9WjCOMFazNG3euoCYV827Kx58 +5T3T1oXnV0vlGXRN73WFkd20agkSnYRZadefFbRV5NtW84UQ19mdOtCpvbWSQ1kW +ps9q10spuBaqvGs2xp2+ZpawzKmWitLOOFPCF+GTigz3K6B3iCi9Q9UbLtlnYEaf +wIQTtJwMI8GLmbxyXqluQf69g+CtiqR5djfet4sXefsCggEAeGcLK1kPPyATRLUv +auUkpkhTU3neJrEXODfIZ3pAOJE6EgyNIFCM+ZS/+P7cy+qchcWtGqXCW4+LBEQa +T2oWdutgHRGqZaJRldghLM65WpusQKmbroCNcKUtvFRR4LCciBFTnXpzxjMkqUwc +sr63yvMoBP4gq6CEWGXsVVbM4alUtf9fxz9YSu0btOCYqXGIAYF2MChzDN/IjQOz +zUibnKTnnJfd6nVniQ4FvpTpCqoiR5zGbHLRGCVLLRnY5Tu5vJXb1wSYbs6JhvL6 +j9/fs22PiJm3RSncKt8yrq7XtUFClAjdz9myNvJmo1vXcEyH8tIgzGeF40JAvsC7 +O5F4lQKCAQBrZZU+4eIdxVvpD9HxWUnoXYlyOAo9p/XHuEEJ1IqAbAasXDJrB/Av +VZqdR8OcQxJuM3iZpGSCHhRA1YHdnMnCJhg0oOSrJF2bvEsvOfDuX3XNglO6JCYO +j65cp2QjP1+41bCmETS6HOjpO54J5AG+GxMDG0TIlMjL39UOEZFyMhvMoPpyDomu +Ccw9MwgGTtalKOxZbJEmLdGLynaduTmBPGzq7BnhAQNxlHlXRl2Dz0bFfBDaqK0Q +XGbTxFh08ifGoBmuMnBzHsCVHC9gffUfoipT/ezjOW7tRf4oJ+JkJF1CST9CROWJ +C50Bg5kDFcUiJhC+8i8CIrfnu8Y5Q0yvAoIBAEnzE7VgiObij2fytS+Qo8C5Abgz +e9ZN3cKC9vpGYK95mBnoK/TYMGj62+ETNHS244VuOCEnHk+ypnLU/yfx/eVcbq2K +JCFjcrM2O9k9AuJidA320Zmr0NvGRIu/NZnRy6GvYSeBS2xWhY0d13IcrZM+KnBV +64eB2aX7OI33yyFiCYeW+1fzg3qf5m+iFKQtAmLwlcWgmbcHJCXP/Z49kPw229/2 +IszEW0PbXsA22i/CVCSn7mw7M+8Cw8JkVKS1VB2bTDkTZeO1SXuP/0nmBfE3qaie +WuWdp6bI7KPXuxcy6aPWJVU3uoA7GeGTnne29vmRs2l8MuIAswMOkCSHnQk= +-----END RSA PRIVATE KEY----- diff --git a/fixtures/ca/broken/server.pub b/fixtures/ca/broken/server.pub new file mode 100644 index 000000000..7ce0ef9ce --- /dev/null +++ b/fixtures/ca/broken/server.pub @@ -0,0 +1,14 @@ +-----BEGIN PUBLIC KEY----- +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzsEPkrcpB2DwVyED4A/m +alOEQYG8KU/eKfRb3+fzmSHpyNlI7/cAhHkW8HbWyo/kZb3DPAV9iNuzDadHXeRv +fnS4symw4IoIw0SV1TZOHfUT3e6/+dYwU91iJJCPuKpG0zI6n4ZCZ4gUGYrAGo7n +GjtNhehRsXapRXFP5fdghtdjEW75japifaHVp4spSh8AH1dY0m50EnJL7bMQHPWw +jZt5g64wMGZWQmh1hMtLKt1aAQO8tSFsTkoO2l0ebejRxDLOtQEX0P23RkeMMOIW +hlXX5UuvKEmbTmvUycrb9AWjJyBS5BQ7xKat/Sl4z9Mq0hqiUAuXAN8od7iUMVHG +fQNqz0Uey6EumVRJPuDlkT9JD1uhSCw0YhzDpY9I3jJny8yxi1vzVlgTwQBuqcDS +WjtWOCyx2UVCRN3TO9L/5TTJgf09Ut5Ce01/qZbk4HQiqNqo8b50CANAp0HnkEle +04nn7iIsV8ABhnYO3WTtDEpF/DQEj4kvwdylj+KUgwxM7EZs+FKkRtLZ5BUXwih7 +ZATyezlnR2qYF55VASJkFjtjErT3p5mQc7lXApL+dkMLhQvIPxCpa7b80ZddQI4I +PS2QKSNAWjrVxPyxpAaT6VzYdD4tdBE54j4b32YV/0WG+IOlnlRrMaA+lfbx6w9T +7KeLvkCmUZXbA9HdWkb1788CAwEAAQ== +-----END PUBLIC KEY----- diff --git a/fixtures/ca/broken/server.pub.sig b/fixtures/ca/broken/server.pub.sig new file mode 100644 index 0000000000000000000000000000000000000000..17afa1836815f68592c3cb5c6efacd295d376ac3 GIT binary patch literal 512 zcmV+b0{{ImzCTg?BrRrxEKqt@NCvfO`}aYhoKxMvj*jmC^%{AXBz%W1Kxk2Uc3>+& zN=S-$h1&f``{z;Yh9kkEiG5Kqtnk*AX(f1f5#<4sJ=kg6-IY zGpnduV8Wr2T=5ZqW|>fmj$%r1t6}cw2H$u!p3!R%U@mQKlGcy7^!u{RiQhYB9Xq}n zLjGD7iSfDdP^U+eosy~UX*0{%Ur_lx#)o=NHuxv}!9skPFE+Dz0Jq;-iMJ}O?#++p zLd}9D_Vy8iq(ceMvm@4LPlwICyCvQNpX(Y_c{nzv&PQ!;1eh}UdsjAb zR%zzt;Ev1|s@J{BR9LZly00S#`-xlp C>k5AW literal 0 HcmV?d00001 diff --git a/fixtures/ca/ca.crt b/fixtures/ca/ca.crt new file mode 100644 index 000000000..1bea67e70 --- /dev/null +++ b/fixtures/ca/ca.crt @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIFajCCA1KgAwIBAgIJAL6GUooGHc/oMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQwHhcNMTMwODExMDUxMTI0WhcNMTQwODExMDUxMTI0WjBF +MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50 +ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC +CgKCAgEAyAJNWQmsBtTBPv/jSjFk+EqCZM9zLcnS9P7bg8snLu1RaDS0NA8RjQFm +1fw+fAoNyOJ5X4FdEep6piMcVaYa/xGgls3DVkUytOvJ0BcdUJgrcyH0CDodDhu4 +T/qi1W7I+y3gbjr+VyyBdOSQuybyun9RwRrktcfVDfObaA0AmLt1PtJzMI+tB2As +XRgxPfFLETUTy9nIQc3PQxs11sWeEzvxcVrO595XsumPYZZAan86KNrQzES4r61R +0pOGAIEEfyvT2uU5y7fnFNtRr2xxjdgUj2/ghJX6M49BnYp4edyQuyNQp+weSA6c +3ueTu98gin1vxzMaVJJIaRRerKzekCerXLq3YsFzS7HFzMaR201faPw45b7K83bh +/DJ2wcc8JhyrhnOBM76jCnug4FReiETnCyUAc7fP+iCOCpgCzYky7wi8Jc+MTXWG +RIvpfmcB326gUdyG8n/yvIc95E6ZiQFNx9B75wikaEUcSOkp3pZxG0Fc7l60oe1l +hYpA5kL6YOdaBPSq5y1B6kFT4D6gfLYs+KS3vTWjxeLTpyRhF9eVMdxoOqUviK5X +MVVxc8KkrQbqKQw7VlmqNeA7kIsBGMOfMn3WetRY7pi1OyYMhMr/eG5r9YtaWN6Y +sHicwmyNfVHIi0McJgAS+c+7sAVnGPoHIWUf24xll4z9DUqk65cCAwEAAaNdMFsw +HQYDVR0OBBYEFLOtmFVLJOtj9kytXy/vDJROI8lSMB8GA1UdIwQYMBaAFLOtmFVL +JOtj9kytXy/vDJROI8lSMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqG +SIb3DQEBBQUAA4ICAQAN8vTepTHSkJNyU1guATIFZTil/RM1dqnC0mM1B6dkkrJj +H9m2wldxuUJJ6PwkLZXHKBBrkHSP+DaFwFD3AkNJQWoslT+o1rU/bI5fSK0QqaD7 +ZHx2BBkvfOsj8as+nzhYArlJy8YH786qG1Gbd8toP3IjzHq2HR58xeiHB0X/rvY0 +sfxPfpP0id52vJyh1Cl91hI8+KYFv3b6pesAG9drYnLZIKh0mAIdpmH5n8V9FQ2y +gkGORvRfBQdA+xTmy1MpQFeXgbE9CLHoHDXmTZneKzxSRSqwoqFxsj1fcqXC87lz +aqJWvnL6iF6exaqV7df4iT6xHp9R7sahRLKbkpe7r/jbcr1i/6aaa7Ve+Z4MtZRd +TcrNerwchF9RborO86baM6gDR3SJ4wCnfyncKFqmGJs1rrzg8gEBddZtzVZiSntt +GMup4eh1Yt/0w/AIvX8nxOUhc9P1zw3Fb80Dd7ucxbKdkOXfqZ/cEm5zyh92HMvd +RqkQee31tENYzjpqx8CXfeZ+B/tHq1baOFv6zM7yJ3Hr9KzPhKhLHXooO+qMNk+g +E5QjY82R6pRSVfVRDbJMEfS7xeJ3qrEU8UueJYx9S7qJSxB3lwunf6T4SJ4vqEmU +fwX4jSahFIUIlXGwfIDqM7P+biIyJS2AaMC5KMcatnyXDNbEZzg1ibhhpHLWIA== +-----END CERTIFICATE----- diff --git a/fixtures/ca/ca.key b/fixtures/ca/ca.key new file mode 100644 index 000000000..d32b78564 --- /dev/null +++ b/fixtures/ca/ca.key @@ -0,0 +1,54 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,90DB77765661F24C + +f0pCWQG7S6EdHqlN0tHfpowMyEFR/WYtQTjYws93+2MBcEDa9fqecN1mqNkskWsA +As1HVdp6o357bJ3VtoFHBRvv4iql6xutkZV8NoVAQseLjjZkYGFbIJ8Dv/O6xnXy +XDqm3WopCQB9hLKjORcwJN3Q9SRKmmRCxkndVcNkCjoY/TdN1jPEmQqtfWfmLy5S +GVmTHmoTPVvJh34mvkUsLrNkQ6XOrIisz93zmFO0VpskvxUmE2lOdLzTALbz2MZP +TJalI2zZSfoU6ZaF8eUG8DA5+3PknGNSRP4ivbA0CYkYn0Wssatf6+YUg1kMJ5+B +nPhh1tTeeE9bMaTEmcrJiDQFqn+EBmzXBzLDxYsUIEzCzcc4bPbvuHpZSThXFTQa +D6bakKXYW/bmO190o3XxpfQkLqzRQLWhURqjx57k2uXdxftqosoyPEcxW+o/L9am +z1PaL0EtpyQUdX0T51vjmOhe5tgtQXNXdcGkL4nkR9p75kVPCKYpPv5PBcNE/PWR +zsCJWVERknr1ZMVWdOfcOGdaINK/WcFSzK2NUpTI1urqPuvXq1Uc0hxYdkWo3GU2 +vKSqYPIOZHC6QcwQILD8xukPMjncf0vA/K1XV5WLfLwQIZLo9XoFVWESr6sOCXTU +qJ/hYB+yUQSOJD0+gBptJLu15z854YpoHoFrHpjzrSaw7NXrNex5cMzjQSNsUzDQ +p0zP3lrnftLUdSZRrPR8Uq2usv3tSRrZmQGU/We26CuajrJVB3uui8uj8i/lABJD +Ikvq/Xse5krjrlX2LTtUpE1YGfl7jE556AuDI46V2e81io0yqMDQiEU22+0REB0s +4u4Rzg8g5XFGt+gnG+RnZ+Z6/o0RgKsmilq82EuHl2WHnmCyTU3tl/t7vlPGkHa9 +D7pvMF3OkW9/tAKISx/KkDEEIlTYAnNjFhA5wd0din0xR1WpeAx6qkEwbFPzBZZi +nhgP22bX66+ST+dQ6h4+jTupiKFJX7uXo7B7ptTO4eo73+5H8xOujdtEaZ2two6a +VYUre+/ZyhmCBwdKqpXcTwXs2osqTrvkgWktVCTQYYIWNbjy+gSvuYWK+RJbzFLc +gwxASDyledtgpC+PhK9O3BxWTwqU+j4YdhjYxX5ZBdVqp5dlQVPN6fseYDjaEvrS +wgPtHpXueOCJv7vhltc5ABS4ZbxSUCQphiXYdof9FVPh9jwYF8SOlP3WWAP5opec +Vk91CWUNcTi1AgLgt/1L/FzOE6bf/x+bWIvOHLZKDO+9hT635NlQ6+HIzPbeLA0P +KksFuQ2WDjh2xHG/RAdNG6eWavzPuAKom+LiEiOQFBDNhnDTaURPSSxPhwQNYaEw +++WupENWp31GLRF1BKmZwP7hgO5fkh3Zy0Ah/fEiGIw59QLjl7bCHNBeGyl1CIKJ +h5v2zFo6PNpd6Hcxj8Wf1WKQcSJgZdZ+QjUbK4pdr1OokulgNZyL04LNndTFqh6z +PrX12xhkjxxv4xlTuyW26VMA9YJYKA+9Pg13LSTFQKklxTg/j1CK88c7IOYk8X2k +mH+fioME9sy5wDvpuAF5ufrANqeUdhn0/MrKExNDVCh4i4BDYJck/qt21w03sdx3 +jCQF32S4ltGoEA6AQCALqgfuSLUUWVuOu71dl9a08zR52MP/2pLnzF+PsHoiih09 +OA+9395WoiRvip5ei+JQGLwXfC8C9zX6kGSPeckju9v/72Gv8M5QxHvAakHZFpxe +FWG3y4BEG6TeNgSAlXYvGwDlpjSF8osjlNWubMYY7pbbM9WhNZ35NUU6fWQ8KtVL +coqQgJc07f3liv+TNiXjNsxVu72rE3L/6efbtwNnCpPO1kRcs0w1q99S/j+kVzAv +8bdfEm8S63m6+OR8AUe0EzJrLu2KA5WqkMUgtDM4Rk8fvcEMhyIGbwyRQEB8NCpT +4MQqz7fpnZZ6YZadQ8F8HI2YeOhl2M8iVWG4BhRX05MEkd9mqf8qvqmEmj2PCkKT +5vAI25LY/lwidvdCpzYOFpSFSQf4YuzHRvYnF8qKCDDdE1x9TAV4DZsjoeRnjgEq +TNXCYMxzyBw8WYxWB3e8emgK/9lHmROzb46LDVixmu9l84dx7S8SL/f+R2K4yqQ0 +jajSzMrDlBUXtjm1RHMhyTZq7PQxQxau49V+N7SCS2eej549XH5pPb2g/LwYUtr4 +UVtYYE5CH7RuS3pBBdXsAE9GnkW7JOXaUt91w831JlLofuZLn1JEGJCoVk4j+fuR +LHuHmKdbPJUacgqMYFf+XvVq7JERnhO0/MeQBoKyYy9C9x1JAPfyuThO5HHEotQa +vnaVt5S2TjTSaKAoiq1x1IkFus1yVyrRNCHIfaOKv/L/ty62Q0LVNX+7xrZrkwPp +KlWIQuhFAGVts8H6dub+M167tatDK0I0V4iHSExKLLJn3EV8yX1/7wwW3qpy6Lmm +Kt+Dme9NpTFXP3ejV3n3tpIxCUsihaeecYB7G6LnVGOMRZ5cDjv6SU0kE6MEwczd +p2tghbaNKAdV2AnhohDxVFTMVcUuMI9qdnixSMIBdx6Nax+JeFAT9dec0Hk+U8x4 +rYOZ6UV5IWrteF+I0r1oD9HL0BL0C8Va6rMq5wDhOfs1Cy5ccek/1HmcYlI5DV9D +JNAQyfH1ut3yFRusS4rgJP6GpfUeJm7EIsY4jI3uI3Z4o1zSDCOCO4mCnXfq3Lgc +Pn6CcQKxNrPCiefs7EOiPRWWbffwlpUakkTyAaU057Ge3lqBUL++bHIP9yek/UEn +26qDVzbiWRFsKWx1wvoXTAURIhAlzdjKwjje5P6GKpJcc3bUw3HsprA9JFmOPlvZ +LKCxk4ew6/7IeGYZT1L1rzziV8DBq8pqio1M0VMTxLnXfc7P9wdHXE9A2wL2dFdJ +gP9utDzrZLvP2sOf/Bz/WJB7IAPMZOTBSlRquKQjDqBpXjHWSEaknLxYxmyF0HN7 +3iutUpLtDR3KebLoW3P0lgcPj8cv6xEyGUDV8tZHkUkw7chGn0LfEQxyVWhcQbYv +69by3FV4wnTATAnWMzoYHCP+e42uLWD/a3WDpsDuasddhyHCAineUHmHMoWliMVY +z7nBoJttya5IiB1oh4ksCGjkCaqPpbtdOqXMc/KBWi75fV8GidFH4UgGPADUKa1Z +-----END RSA PRIVATE KEY----- diff --git a/fixtures/ca/chain.pem b/fixtures/ca/chain.pem new file mode 100644 index 000000000..fa770f861 --- /dev/null +++ b/fixtures/ca/chain.pem @@ -0,0 +1,61 @@ +-----BEGIN CERTIFICATE----- +MIIFMDCCAxigAwIBAgIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJBVTET +MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ +dHkgTHRkMB4XDTEzMDgxMTA1MTE0OVoXDTE0MDgxMTA1MTE0OVowRTELMAkGA1UE +BhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdp +ZGdpdHMgUHR5IEx0ZDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMeY +u5Nby4uG4s5HFuky6eiLf7bMiTl4cDomb6keKMaHuSYN0zEr8jdw4r8TDSguv5MO +E3xWSLvQwLgkOQT0N7opDeEqm5Yj458+M9Z5lqYUSshWpnFNUyu8GBCfARB80YCy +8dLbYp5ORJ2AWzS5fxtp4TXEf8qlrAMoeJz2ZXMvGHMUuv8TFa3KPAajQ5n2DPSu +iFevaDitiRamz6aT48bnOowMO0Enek8UkfpTeR7uh0vOPbWOUIjzuqr7G4MnJkYD +yd7R3KscZN4iXf6NRMj2f6V4PGY0WljUbli/fT7bC8IbBgLkQxT8mO7dcJ9QHKte +Jgdju/9eto3zC3kDC3Yh2RaxfxM1vtmgZm3QT5oz95QjjskzW1gz2giE45wojbOg +nTI+QRtw2EMBX6mzaP/YU6vCvPCqhJ9zrVMsM88EK0TTdkE/NWC25JUmsPXX37Z5 +jFXIFamM0FWE/zhDip8Xfl3yqAM+NVQ5xnmWGMpqyHn/A1EaRv0ASVTMsg413N3j +r815qKy/xSCbyRIFhrBmKkwy0bSZVP+9Y0sC8+bBTZNdbNwrdp0It7BH/xKmG0Ma +TNpAgVdkbnnSt5DlqS91Sbta5i+kHibkFml4KnZ6OvJgQuTbC+UsbpD5B1vM8Rd2 +64xOQmH9KFNgouDhiBOtwAL3bn+76Pdt8OnMbO0JAgMBAAGjKzApMAkGA1UdEwQC +MAAwCwYDVR0PBAQDAgXgMA8GA1UdEQQIMAaHBH8AAAEwDQYJKoZIhvcNAQEFBQAD +ggIBAJIVOwXJkpI9bPRq6FxN7a0/2NcEU5cC9NvtvEZEjgMFkZwiPMsguwHbbsK/ +Hmg+UBo9HdOCleaPq0HhrhqDzqDGzuzCCwqDinYJl/MaTs7dBE5sJw5sCn+oESF0 +5S1rCKvvF82o1KSzj458aTWKYpOJpdJYPVu8QEm9sBPPAFcQHhevFRuVp8QBdRJD +6H4+6b4eZyADL1yM+Txt/ucuyx/6A8S/G+Uqe5Lnh1pvhZXFfWO1UF8QmYNUb0H2 +7soxruLh4k2mwF8MPSmKw8D3k4rCAMZ7W1P6OEV55Jc4OMVQ5es8tRuj9e2SHD0c +gL84rv9lNYfA/4DEKEviJTko+dD/NyIKrZCyc39Q3MmSBR+ekCNRhdCHWL5IyMB9 +o2u5g2ffsKLLjqBNIrOcGQ8vYSTsuX+y1Tonml6FiBHCgtDv7ZcwxXq37jmeorMt +QqpGJsndMObmvTVkYDN8vgEoia/nndhU7SGgi9NIYDLarDzWrU9baLta8Oq7BHaR +oMV44flX7/2Co6SOzK4y2WgQngCUaAxezN0tZPFIhZjwGwc3CbaigIaF8LTKHQ8a +cGIBGQmZ3670IDQ/vgtjHqG6LlMiJ+WR9GtWSJl3cb+4yHM/wu4oFgjYoB1MSWl2 +f5fczxP6ZXwER7NwcRaooJ/0C7XDE7ux2HsN422jgDaGT/Zw +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFajCCA1KgAwIBAgIJAL6GUooGHc/oMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQwHhcNMTMwODExMDUxMTI0WhcNMTQwODExMDUxMTI0WjBF +MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50 +ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC +CgKCAgEAyAJNWQmsBtTBPv/jSjFk+EqCZM9zLcnS9P7bg8snLu1RaDS0NA8RjQFm +1fw+fAoNyOJ5X4FdEep6piMcVaYa/xGgls3DVkUytOvJ0BcdUJgrcyH0CDodDhu4 +T/qi1W7I+y3gbjr+VyyBdOSQuybyun9RwRrktcfVDfObaA0AmLt1PtJzMI+tB2As +XRgxPfFLETUTy9nIQc3PQxs11sWeEzvxcVrO595XsumPYZZAan86KNrQzES4r61R +0pOGAIEEfyvT2uU5y7fnFNtRr2xxjdgUj2/ghJX6M49BnYp4edyQuyNQp+weSA6c +3ueTu98gin1vxzMaVJJIaRRerKzekCerXLq3YsFzS7HFzMaR201faPw45b7K83bh +/DJ2wcc8JhyrhnOBM76jCnug4FReiETnCyUAc7fP+iCOCpgCzYky7wi8Jc+MTXWG +RIvpfmcB326gUdyG8n/yvIc95E6ZiQFNx9B75wikaEUcSOkp3pZxG0Fc7l60oe1l +hYpA5kL6YOdaBPSq5y1B6kFT4D6gfLYs+KS3vTWjxeLTpyRhF9eVMdxoOqUviK5X +MVVxc8KkrQbqKQw7VlmqNeA7kIsBGMOfMn3WetRY7pi1OyYMhMr/eG5r9YtaWN6Y +sHicwmyNfVHIi0McJgAS+c+7sAVnGPoHIWUf24xll4z9DUqk65cCAwEAAaNdMFsw +HQYDVR0OBBYEFLOtmFVLJOtj9kytXy/vDJROI8lSMB8GA1UdIwQYMBaAFLOtmFVL +JOtj9kytXy/vDJROI8lSMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqG +SIb3DQEBBQUAA4ICAQAN8vTepTHSkJNyU1guATIFZTil/RM1dqnC0mM1B6dkkrJj +H9m2wldxuUJJ6PwkLZXHKBBrkHSP+DaFwFD3AkNJQWoslT+o1rU/bI5fSK0QqaD7 +ZHx2BBkvfOsj8as+nzhYArlJy8YH786qG1Gbd8toP3IjzHq2HR58xeiHB0X/rvY0 +sfxPfpP0id52vJyh1Cl91hI8+KYFv3b6pesAG9drYnLZIKh0mAIdpmH5n8V9FQ2y +gkGORvRfBQdA+xTmy1MpQFeXgbE9CLHoHDXmTZneKzxSRSqwoqFxsj1fcqXC87lz +aqJWvnL6iF6exaqV7df4iT6xHp9R7sahRLKbkpe7r/jbcr1i/6aaa7Ve+Z4MtZRd +TcrNerwchF9RborO86baM6gDR3SJ4wCnfyncKFqmGJs1rrzg8gEBddZtzVZiSntt +GMup4eh1Yt/0w/AIvX8nxOUhc9P1zw3Fb80Dd7ucxbKdkOXfqZ/cEm5zyh92HMvd +RqkQee31tENYzjpqx8CXfeZ+B/tHq1baOFv6zM7yJ3Hr9KzPhKhLHXooO+qMNk+g +E5QjY82R6pRSVfVRDbJMEfS7xeJ3qrEU8UueJYx9S7qJSxB3lwunf6T4SJ4vqEmU +fwX4jSahFIUIlXGwfIDqM7P+biIyJS2AaMC5KMcatnyXDNbEZzg1ibhhpHLWIA== +-----END CERTIFICATE----- diff --git a/fixtures/ca/chain2.pem b/fixtures/ca/chain2.pem new file mode 100644 index 000000000..4cfa6604a --- /dev/null +++ b/fixtures/ca/chain2.pem @@ -0,0 +1,61 @@ +-----BEGIN CERTIFICATE----- +MIIFMDCCAxigAwIBAgIBAjANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJBVTET +MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ +dHkgTHRkMB4XDTEzMDgxMTA1MzE1OVoXDTE0MDgxMTA1MzE1OVowRTELMAkGA1UE +BhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdp +ZGdpdHMgUHR5IEx0ZDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALRv +lwJo+lU+QkAol+sFEAyW+qTNxdTKiSqeHhigpbyuo18/ILvXJRRz4Slrx1sqLjf4 +ne00N0wTy3l+DGi9kI39BrVrj8Lg9mTlfJQy/JJSDVIMli/lnkbfjNlsC3miRLmY +YxqKLZJH5onErIR+XCTJ3o4kVk6QMy3oR0LPWWz/cs4PrXNVosL6jl4tTTOyqWAC +4dtDGlDElSFui78KuSQCKO+9sepVvSFXE8Wo32LZWQ1vahg/+J/eagbw6rakl+uu +VJgfin7JH+bFsiBCkOAN4v0QF3JYchMIBeXwQzEq/HpN73Es2wPGuyglB0OGkxpu +nZ0B7bAJSOQMMNL7NkGIu6HNqORt2FzXypiXaIMUCVcIvvf2VqGBpULe+4fdLvbc +Ho/F6MzmmxfDNMwvBb1P+1nPOKc78pKWO2mqN+hOudxTbdzAiYURtjIp6oyEzvl3 +Hdgf3UUVmBQe6jPw9Cm17c7y58icPdRERoxCSdhOfwYFuls/fenPwBhMZ53+cRYG +eP2f3TT6cMzcEUkz2ZIZa4XZp0JCox1yQxy8vrmWfLo9sghqE2iRGWqRKexhr7IM +Iv9Q2wL5qcGaX1wA1gOMfpuqySb6zp8LouVEXAII9RfiRFundqYjJjtZg2sosjRJ +Eab94wfwLu9d0lKZtNBkAh65q02+Ys4Ah94IEu+ZAgMBAAGjKzApMAkGA1UdEwQC +MAAwCwYDVR0PBAQDAgXgMA8GA1UdEQQIMAaHBH8AAAEwDQYJKoZIhvcNAQEFBQAD +ggIBALWlvNm8kp3bdzymrJnvE4+sV5p+2AnKx1yZIs3h62rUM22ROU1wCAoJfyCA +LuXQNaXuWVOWUq96BCzlTScTSa1xhB/vbn9RPJVo0t+uni5fx/Pm2CHLAUijrT8z +10BHbaIPjYnmvz0lkii4Y5+Tb4WQ6yLrUYm2dpLexYwyOUhmGQNGRgY750dwf8Fe +2TBFOV9rkXlhgdopWYPhUv0ZmciYGwrJ2+9jULDFhT+PDrdAjbeDARPKcMi0jpZ1 +zBHyC6lNT167Gdj9LVV6dIFEHozzrqdMecz5CJrgKPL0s5bM88DRssupS1WgT1RG +qGVxfcuBYRLtz10W5+JBXvA3JRHgaPotkqvKsUqeII/nqvu+qSRDnh7O+i1PJUTr +D+5CSMxUK9DvxH1gUYhnQ5asP9PXZxp8hlGGwyDVu2rYTQpDyiJnHGmsWfSZuSOy +W8ViseuFe3WmdsD0wo6VguyPFMHGzh5Sx/onb4eeASz/BtcGYVPApD4WByF9WlVF +Cg3SfvNPj2fvI92DP6KAKtDgOdcHidzwPAh3XCZGikN19Oz3cCYf+AT+s/KNfvMt +B6DplYeleAlKTXYsS4ycGojGp4DpRzrxSb2mhHdHsz51H/gn9+Rgx4+QAIJGKqxk +yNRnW/UpsJbN7G7hI3pgBEFRD+QE4zvGwkn6+SwxxozhtZZ4 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFajCCA1KgAwIBAgIJAL6GUooGHc/oMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQwHhcNMTMwODExMDUxMTI0WhcNMTQwODExMDUxMTI0WjBF +MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50 +ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC +CgKCAgEAyAJNWQmsBtTBPv/jSjFk+EqCZM9zLcnS9P7bg8snLu1RaDS0NA8RjQFm +1fw+fAoNyOJ5X4FdEep6piMcVaYa/xGgls3DVkUytOvJ0BcdUJgrcyH0CDodDhu4 +T/qi1W7I+y3gbjr+VyyBdOSQuybyun9RwRrktcfVDfObaA0AmLt1PtJzMI+tB2As +XRgxPfFLETUTy9nIQc3PQxs11sWeEzvxcVrO595XsumPYZZAan86KNrQzES4r61R +0pOGAIEEfyvT2uU5y7fnFNtRr2xxjdgUj2/ghJX6M49BnYp4edyQuyNQp+weSA6c +3ueTu98gin1vxzMaVJJIaRRerKzekCerXLq3YsFzS7HFzMaR201faPw45b7K83bh +/DJ2wcc8JhyrhnOBM76jCnug4FReiETnCyUAc7fP+iCOCpgCzYky7wi8Jc+MTXWG +RIvpfmcB326gUdyG8n/yvIc95E6ZiQFNx9B75wikaEUcSOkp3pZxG0Fc7l60oe1l +hYpA5kL6YOdaBPSq5y1B6kFT4D6gfLYs+KS3vTWjxeLTpyRhF9eVMdxoOqUviK5X +MVVxc8KkrQbqKQw7VlmqNeA7kIsBGMOfMn3WetRY7pi1OyYMhMr/eG5r9YtaWN6Y +sHicwmyNfVHIi0McJgAS+c+7sAVnGPoHIWUf24xll4z9DUqk65cCAwEAAaNdMFsw +HQYDVR0OBBYEFLOtmFVLJOtj9kytXy/vDJROI8lSMB8GA1UdIwQYMBaAFLOtmFVL +JOtj9kytXy/vDJROI8lSMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqG +SIb3DQEBBQUAA4ICAQAN8vTepTHSkJNyU1guATIFZTil/RM1dqnC0mM1B6dkkrJj +H9m2wldxuUJJ6PwkLZXHKBBrkHSP+DaFwFD3AkNJQWoslT+o1rU/bI5fSK0QqaD7 +ZHx2BBkvfOsj8as+nzhYArlJy8YH786qG1Gbd8toP3IjzHq2HR58xeiHB0X/rvY0 +sfxPfpP0id52vJyh1Cl91hI8+KYFv3b6pesAG9drYnLZIKh0mAIdpmH5n8V9FQ2y +gkGORvRfBQdA+xTmy1MpQFeXgbE9CLHoHDXmTZneKzxSRSqwoqFxsj1fcqXC87lz +aqJWvnL6iF6exaqV7df4iT6xHp9R7sahRLKbkpe7r/jbcr1i/6aaa7Ve+Z4MtZRd +TcrNerwchF9RborO86baM6gDR3SJ4wCnfyncKFqmGJs1rrzg8gEBddZtzVZiSntt +GMup4eh1Yt/0w/AIvX8nxOUhc9P1zw3Fb80Dd7ucxbKdkOXfqZ/cEm5zyh92HMvd +RqkQee31tENYzjpqx8CXfeZ+B/tHq1baOFv6zM7yJ3Hr9KzPhKhLHXooO+qMNk+g +E5QjY82R6pRSVfVRDbJMEfS7xeJ3qrEU8UueJYx9S7qJSxB3lwunf6T4SJ4vqEmU +fwX4jSahFIUIlXGwfIDqM7P+biIyJS2AaMC5KMcatnyXDNbEZzg1ibhhpHLWIA== +-----END CERTIFICATE----- diff --git a/fixtures/ca/openssl.cnf b/fixtures/ca/openssl.cnf new file mode 100644 index 000000000..c70a6ac15 --- /dev/null +++ b/fixtures/ca/openssl.cnf @@ -0,0 +1,335 @@ +[ new_oids ] + +# We can add new OIDs in here for use by 'ca', 'req' and 'ts'. +# Add a simple OID like this: +# testoid1=1.2.3.4 +# Or use config file substitution like this: +# testoid2=${testoid1}.5.6 + +# Policies used by the TSA examples. +tsa_policy1 = 1.2.3.4.1 +tsa_policy2 = 1.2.3.4.5.6 +tsa_policy3 = 1.2.3.4.5.7 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = ./demoCA # Where everything is kept +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +#unique_subject = no # Set to 'no' to allow creation of + # several ctificates with same subject. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/cacert.pem # The CA certificate +serial = $dir/serial # The current serial number +crlnumber = $dir/crlnumber # the current crl number + # must be commented out to leave a V1 CRL +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/cakey.pem# The private key +RANDFILE = $dir/private/.rand # private random number file + +x509_extensions = usr_cert # The extentions to add to the cert + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +# crl_extensions = crl_ext + +default_days = 365 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = default # use public key default MD +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ req ] +default_bits = 1024 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extentions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString (PKIX recommendation before 2004) +# utf8only: only UTF8Strings (PKIX recommendation after 2004). +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. +string_mask = utf8only + +req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = AU +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = Some-State + +localityName = Locality Name (eg, city) + +0.organizationName = Organization Name (eg, company) +0.organizationName_default = Internet Widgits Pty Ltd + +# we can do this but it is not needed normally :-) +#1.organizationName = Second Organization Name (eg, company) +#1.organizationName_default = World Wide Web Pty Ltd + +organizationalUnitName = Organizational Unit Name (eg, section) +#organizationalUnitName_default = + +commonName = Common Name (e.g. server FQDN or YOUR name) +commonName_max = 64 + +emailAddress = Email Address +emailAddress_max = 64 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +challengePassword = A challenge password +challengePassword_min = 4 +challengePassword_max = 20 + +unstructuredName = An optional company name + +[ usr_cert ] + +# These extensions are added when 'ca' signs a request. + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +# This is required for TSA certificates. +# extendedKeyUsage = critical,timeStamping + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment +subjectAltName = @alt_names + +[ v3_ca ] + + +# Extensions for a typical CA + + +# PKIX recommendation. + +subjectKeyIdentifier=hash + +authorityKeyIdentifier=keyid:always,issuer + +# This is what PKIX recommends but some broken software chokes on critical +# extensions. +#basicConstraints = critical,CA:true +# So we do this instead. +basicConstraints = CA:true +keyUsage = keyCertSign, cRLSign + +# Key usage: this is typical for a CA certificate. However since it will +# prevent it being used as an test self-signed certificate it is best +# left out by default. +# keyUsage = cRLSign, keyCertSign + +# Some might want this also +# nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +# subjectAltName=email:copy +# Copy issuer details +# issuerAltName=issuer:copy + +# DER hex encoding of an extension: beware experts only! +# obj=DER:02:03 +# Where 'obj' is a standard or added object +# You can even override a supported extension: +# basicConstraints= critical, DER:30:03:01:01:FF + +[ crl_ext ] + +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +# issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always + +[ proxy_cert_ext ] +# These extensions should be added when creating a proxy certificate + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +# This really needs to be in place for it to be a proxy certificate. +proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo + +#################################################################### +[ tsa ] + +default_tsa = tsa_config1 # the default TSA section + +[ tsa_config1 ] + +# These are used by the TSA reply generation only. +dir = ./demoCA # TSA root directory +serial = $dir/tsaserial # The current serial number (mandatory) +crypto_device = builtin # OpenSSL engine to use for signing +signer_cert = $dir/tsacert.pem # The TSA signing certificate + # (optional) +certs = $dir/cacert.pem # Certificate chain to include in reply + # (optional) +signer_key = $dir/private/tsakey.pem # The TSA private key (optional) + +default_policy = tsa_policy1 # Policy if request did not specify it + # (optional) +other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) +digests = md5, sha1 # Acceptable message digests (mandatory) +accuracy = secs:1, millisecs:500, microsecs:100 # (optional) +clock_precision_digits = 0 # number of digits after dot. (optional) +ordering = yes # Is ordering defined for timestamps? + # (optional, default: no) +tsa_name = yes # Must the TSA name be included in the reply? + # (optional, default: no) +ess_cert_id_chain = no # Must the ESS cert id chain be included? + # (optional, default: no) + + +[alt_names] +IP.1 = 127.0.0.1 diff --git a/fixtures/ca/server.crt b/fixtures/ca/server.crt new file mode 100644 index 000000000..ba5f557af --- /dev/null +++ b/fixtures/ca/server.crt @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFMDCCAxigAwIBAgIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJBVTET +MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ +dHkgTHRkMB4XDTEzMDgxMTA1MTE0OVoXDTE0MDgxMTA1MTE0OVowRTELMAkGA1UE +BhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdp +ZGdpdHMgUHR5IEx0ZDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMeY +u5Nby4uG4s5HFuky6eiLf7bMiTl4cDomb6keKMaHuSYN0zEr8jdw4r8TDSguv5MO +E3xWSLvQwLgkOQT0N7opDeEqm5Yj458+M9Z5lqYUSshWpnFNUyu8GBCfARB80YCy +8dLbYp5ORJ2AWzS5fxtp4TXEf8qlrAMoeJz2ZXMvGHMUuv8TFa3KPAajQ5n2DPSu +iFevaDitiRamz6aT48bnOowMO0Enek8UkfpTeR7uh0vOPbWOUIjzuqr7G4MnJkYD +yd7R3KscZN4iXf6NRMj2f6V4PGY0WljUbli/fT7bC8IbBgLkQxT8mO7dcJ9QHKte +Jgdju/9eto3zC3kDC3Yh2RaxfxM1vtmgZm3QT5oz95QjjskzW1gz2giE45wojbOg +nTI+QRtw2EMBX6mzaP/YU6vCvPCqhJ9zrVMsM88EK0TTdkE/NWC25JUmsPXX37Z5 +jFXIFamM0FWE/zhDip8Xfl3yqAM+NVQ5xnmWGMpqyHn/A1EaRv0ASVTMsg413N3j +r815qKy/xSCbyRIFhrBmKkwy0bSZVP+9Y0sC8+bBTZNdbNwrdp0It7BH/xKmG0Ma +TNpAgVdkbnnSt5DlqS91Sbta5i+kHibkFml4KnZ6OvJgQuTbC+UsbpD5B1vM8Rd2 +64xOQmH9KFNgouDhiBOtwAL3bn+76Pdt8OnMbO0JAgMBAAGjKzApMAkGA1UdEwQC +MAAwCwYDVR0PBAQDAgXgMA8GA1UdEQQIMAaHBH8AAAEwDQYJKoZIhvcNAQEFBQAD +ggIBAJIVOwXJkpI9bPRq6FxN7a0/2NcEU5cC9NvtvEZEjgMFkZwiPMsguwHbbsK/ +Hmg+UBo9HdOCleaPq0HhrhqDzqDGzuzCCwqDinYJl/MaTs7dBE5sJw5sCn+oESF0 +5S1rCKvvF82o1KSzj458aTWKYpOJpdJYPVu8QEm9sBPPAFcQHhevFRuVp8QBdRJD +6H4+6b4eZyADL1yM+Txt/ucuyx/6A8S/G+Uqe5Lnh1pvhZXFfWO1UF8QmYNUb0H2 +7soxruLh4k2mwF8MPSmKw8D3k4rCAMZ7W1P6OEV55Jc4OMVQ5es8tRuj9e2SHD0c +gL84rv9lNYfA/4DEKEviJTko+dD/NyIKrZCyc39Q3MmSBR+ekCNRhdCHWL5IyMB9 +o2u5g2ffsKLLjqBNIrOcGQ8vYSTsuX+y1Tonml6FiBHCgtDv7ZcwxXq37jmeorMt +QqpGJsndMObmvTVkYDN8vgEoia/nndhU7SGgi9NIYDLarDzWrU9baLta8Oq7BHaR +oMV44flX7/2Co6SOzK4y2WgQngCUaAxezN0tZPFIhZjwGwc3CbaigIaF8LTKHQ8a +cGIBGQmZ3670IDQ/vgtjHqG6LlMiJ+WR9GtWSJl3cb+4yHM/wu4oFgjYoB1MSWl2 +f5fczxP6ZXwER7NwcRaooJ/0C7XDE7ux2HsN422jgDaGT/Zw +-----END CERTIFICATE----- diff --git a/fixtures/ca/server.csr b/fixtures/ca/server.csr new file mode 100644 index 000000000..76c5c1237 --- /dev/null +++ b/fixtures/ca/server.csr @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIExDCCAqwCAQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx +ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBAMeYu5Nby4uG4s5HFuky6eiLf7bMiTl4cDomb6ke +KMaHuSYN0zEr8jdw4r8TDSguv5MOE3xWSLvQwLgkOQT0N7opDeEqm5Yj458+M9Z5 +lqYUSshWpnFNUyu8GBCfARB80YCy8dLbYp5ORJ2AWzS5fxtp4TXEf8qlrAMoeJz2 +ZXMvGHMUuv8TFa3KPAajQ5n2DPSuiFevaDitiRamz6aT48bnOowMO0Enek8UkfpT +eR7uh0vOPbWOUIjzuqr7G4MnJkYDyd7R3KscZN4iXf6NRMj2f6V4PGY0WljUbli/ +fT7bC8IbBgLkQxT8mO7dcJ9QHKteJgdju/9eto3zC3kDC3Yh2RaxfxM1vtmgZm3Q +T5oz95QjjskzW1gz2giE45wojbOgnTI+QRtw2EMBX6mzaP/YU6vCvPCqhJ9zrVMs +M88EK0TTdkE/NWC25JUmsPXX37Z5jFXIFamM0FWE/zhDip8Xfl3yqAM+NVQ5xnmW +GMpqyHn/A1EaRv0ASVTMsg413N3jr815qKy/xSCbyRIFhrBmKkwy0bSZVP+9Y0sC +8+bBTZNdbNwrdp0It7BH/xKmG0MaTNpAgVdkbnnSt5DlqS91Sbta5i+kHibkFml4 +KnZ6OvJgQuTbC+UsbpD5B1vM8Rd264xOQmH9KFNgouDhiBOtwAL3bn+76Pdt8OnM +bO0JAgMBAAGgOjA4BgkqhkiG9w0BCQ4xKzApMAkGA1UdEwQCMAAwCwYDVR0PBAQD +AgXgMA8GA1UdEQQIMAaHBH8AAAEwDQYJKoZIhvcNAQEFBQADggIBAHTfbwYPhVqt +4reb7CFy7xWSV+R4JITL7Obzjxm7ngyLaiHG4heF880ldFBxVlssPfcf+JDdvnLD +ilMfeNxgZiKrcS3qz05ZimTX1SSHrpPk6RS5YuvQhGpb6HmVEtBxLM4XxAKU6zxN +aWPHydif80uecmbx5264Xl+BNb4WHjbKFd0Qj6UPv67CbSl+dLvbhZagCcQNTffB +Hs2JWniyuprkOlj+cTgoKT6ZHiBw7eDlT+56qihBmGad+YOIzDNqTiE1gMT/NpfW +y8VQk32Nk8IyWR/1/mSbwpz+6Npoa6rckkvQFz80+ipnaYeN0xqpHKpcN0zGDgd5 +tsTXPelioKvtd9WcgrUMI6tJImiGJa65SZmgYVH4J9BvoDIMLpte298PzYNWp1or +x+ogjX9rAfABS3AL6QskoK8iuT/Hg3q7T5u3kJ76hmqVjMwfqP4W9o7bsvS+Fz4t +V8ncjiVjBTlD1uR/6HMQXedoDKHnhstF7s9/qPQBw0K4yxqscwJB4/LwRsqoU6pz +w3rNFduPSKfIpxSDiQDuJ+3I+vF7CcNdJHtJyCT6eJZrCjH8IKUTj0525xo7aR0J +yP7dLbKL0nUccBxvHzm0OUKmet8NQ5rcI/VLtw1fUS7vQR93VW+2kDbaswHAtjJX +U82UvzS7mp+uJAAbvjYdl1mzfZFeC9KO +-----END CERTIFICATE REQUEST----- diff --git a/fixtures/ca/server.key b/fixtures/ca/server.key new file mode 100644 index 000000000..142934212 --- /dev/null +++ b/fixtures/ca/server.key @@ -0,0 +1,54 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,34239066AD971D20 + +BEq7ca8qDXV9TYCqW/mFBtgvzU778iPdYJcRWU+T4etNUhcT3dYoANMvUX6/xvOi +UBgNguRfOTRJXRQTmbjLFz9kERVfF9N6ZBaZnCGCURHohK9HOvo37U7r+mmarJH/ +KswF7jQOOSNIY0ikp349NWFj8gYvN+ivGAcEbnW8C5p91nRYwqvtluZ7v+qXhzDV +3elSXL8ahCaqIRFra1WjsR6/LG1pQ86yjDq9twRlNylQA4VVQ3tIXw/i7gdmfZw/ +HxrMBv/ZnkbpLeew3cykmV9NxUO+e1wBIooPvqmYzQIwsXTqtH6BWI29PNE6X8ZL +sVkO1bowK7B0aUKsk7Xlu11CGTEpTv0AZUJXmtcl7T1szDdXHZ917tSFSaKPuvpB +fETWc201PRy28QGD0w8LrXVOtweH1HP7sI5vpcDRhhKTu+sj0VQn29rNImuqeyoM +6XoR9pCUt+iZTDjQ0dNpa2zIKxehrAqWDNfYw8AH7+kBEi1jULnwouQK7y8qQaul +DXhIRqRodO0fDaw0RTmYO9bciqL55N22VBfngG4CNtknaCB1e42cDuFRtyL61hpP +oDS/3u+zbmd1eeMpQl6DD6EjRSIC5apPa3jrVqCZ/vshlX1N2UK0sTWNwK+Jj66L +f8Px/AZzgKIZaKDoIpKSfuKyHo6lDf6qggw2LWy2evLKI7qAtU5vNpAJ5QIPNLu1 +d24tlJYMrHLvqMNpvq2x+CExTcsqpMvUnanl/LjaKw/+aluzqcz00rc14CRGmv9C +B3LjyUXTVNhMw9CGLS5QkFgKQfg2kUNLycy5R1/9Y850aqLKRDV+VxYebepNK3QA +fhzf7sjv5PKeomimsuEJvHKvXcF094bOrxYR+t3ZZxf+nH+51ZY/Z1MKuTyHlECi +db/cMnTNY3MJDj7Si7xmowN4hcA2EZ6xFWQKuLua+0i721ifrx+QTSuja7Nd6moq +qqjMExJCRz5dLdlMANVo2ZqZqm0Au4mBTEXHkvdvxzjx+pElvtadc/IQXx3Waty5 +jlQJfJg3HnMUP355GMQ/Z1/g9unUZw+Uj6/KriEcWYWMniSfsjgp+2CCXasjmdmS +IwFVTy47r+w2IeWgeoK4zatbFjBLMS9O4AnszxQmu9avfo+1Kd2WBgs9kKgAkIfk +HdEfaNFwuzUoGnAzpMKDWOwTXqeNw4Jw8IAh6daTnfS46ZIYYTTjEF4urTV2gI0t +5X5pxf1RzP1Fywo2E6KCCnA2TKic1f1Em9+wR7wfzlAVtqEBaCFBC1BB+k+98bZ/ +NKUVQq/4KnFVD1eScqrj877/Z+UI6xvRMBrKA2lDaE0J+QSJGbFQ0zO42OeLdyl8 +Nv28EnnPOgBV3Fz1QVwJOedYep+u9qYvVRdIY03mSuUUpkyqG/vzgkcYQ4DNEZ+9 +NynKZX7mH5PqtCn53YpukT5dIMmVoMzXdqXzzwaHz6uEtapLCUC54nz7PjG4qAlV +dWSq5EqXQRr/C3PcvgVEh1WfD3mtevjWHfIryrEW4BHQ/D00A6IDfWx9gRyj0+00 +9Day2IEYvVUZ5RBf29cTINjESHOYKHY62S1p/aFMSxALHe6KLVAHDog+dGPl8sbX +Bv0Ze7Jvvv19BIlj6LqCqNjrTSI7ymmuWLiUghewjTfeCEE/HdIu0Xw+Y2m9J6iD +3GFFY/IpLUjnA6Yvi0/GAkWxBQhREppY0mcYv5RQCAGY48yeKSj9+xB4+IffwA8w +luUBbEYgPSCzytDxbkapFfSm0pr6n/44WzTQyQlW2WbMOIc9IHOH1A78curgguOw +d1el66q0UmFK2j2dJq/uimGfKjwVhAn9L1rzl0yhzXLcHs1EYTnKnm2W3yMdkq4s +16hVPx08klq7Nwg8TN7h49ZNwPW8axFOTXzk0OQhSmTUdARtZjk24KJfmINsM54H +54FVzzqvJBdcuEr9N3zBva3JqeSHPKTko69sjN1l/WVxI2Rd0aaBzavQfMtAlx8V +gtYzFAMCSm4SFwIg7aOr9pkNembNClMY0xBm8HaIhZNNctPu9f3A57nV/h2vH7YC +cU3pg4RABMhUnI45KuPXUpcrlw/U6mvJYYqnGS7T74e+e0KrJSebwL+JwQkQO9M0 +JFvm+OEYfJB1jnZXFG8itpanb68EoV5OGvCMenhLzBtE8HXGiG3rqiMsWwvAsnsM +sdV5AF8tI3g73Vc6OhLGH6Cy0yazyEV3FmDUEbNyz706LVL5rT/Rl0hp9IOj7cA8 +3mqC25msKAJxSyFj5ZnnjKakch8iJ3beNXvWCkjusV6cB9pS46RhEkz8Vp5bYNaX +8V4nWPiQz88/L6eS4hFadwjow+KtAwA++2rYzW79SDxX9o2wYMuKTotux7eN+3N3 +8GitvyWAGNanaNlkxwwGbrFYomEgcS+bARZSeDqfTD9AkAnnmRHUAK/lCaUWqP4P +VUdm0wXGs/lDD1YJRqR95Kp8btSAfbS9S6Y1EWpIoL0+ZzxtwiUL/od2xlVNO+CS +cC8U7gt9VpGkpBzR/hLEElHUvqgeMtVeOdvLvvaW7eXX5IrLewkYb7cBjaAFrhdA +o/IUQjjuMdzhTyRay9//uSCloojRWqjDDGg068BXfF+lAi5WpGEuL1zivkqm5dwW +fn1N606kmn5Ja8IlMkqKr0xX04h1RH1/W3czUbF7HmHchmUQOkF7QQceKKrkH+EW +Yxr3rxjV2IW/SjueW1g9MM71IR/ZaMwxz7x3S1cMk1JsA9MtP9ZsGJ7aU0kDZLvh +/0jfyQWcP6gsycmpz2PbuaxHKyPgj/FP+egd1DggKrvtwsZlF3V0wC2GkPyyPCgf +yfnfJgANCARo8Bjqx74Jv1KryGVzvPS+uCghVbuELXLvri6VHoAcu28knkYjHUDu +8saxFdJLPL4GGtJLwON4mGSYiuuYooyowpjajhgHSh/Kg5REijEBZjNeEFVQlxWu +dMcmEBQaqs8e2XoeynS4bvgjQpyZ304FxMNUpxo++oQdZcUm5ZlU5Lh2Urggbjwr +PqOsQbZdkoCpssnwbRkYE9OcCw/CuAS4fkpI5RR8/2WMoxV1ki014caGKlZ7VzzT +paNHYlBA//PtGsuaYptb9b4I8rXw2TCC2rgnfg/WeK7ZyAAxZ3BRv+CyqTEP0tRV +-----END RSA PRIVATE KEY----- diff --git a/fixtures/ca/server.key.insecure b/fixtures/ca/server.key.insecure new file mode 100644 index 000000000..72db8bd18 --- /dev/null +++ b/fixtures/ca/server.key.insecure @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKgIBAAKCAgEAx5i7k1vLi4bizkcW6TLp6It/tsyJOXhwOiZvqR4oxoe5Jg3T +MSvyN3DivxMNKC6/kw4TfFZIu9DAuCQ5BPQ3uikN4SqbliPjnz4z1nmWphRKyFam +cU1TK7wYEJ8BEHzRgLLx0ttink5EnYBbNLl/G2nhNcR/yqWsAyh4nPZlcy8YcxS6 +/xMVrco8BqNDmfYM9K6IV69oOK2JFqbPppPjxuc6jAw7QSd6TxSR+lN5Hu6HS849 +tY5QiPO6qvsbgycmRgPJ3tHcqxxk3iJd/o1EyPZ/pXg8ZjRaWNRuWL99PtsLwhsG +AuRDFPyY7t1wn1Acq14mB2O7/162jfMLeQMLdiHZFrF/EzW+2aBmbdBPmjP3lCOO +yTNbWDPaCITjnCiNs6CdMj5BG3DYQwFfqbNo/9hTq8K88KqEn3OtUywzzwQrRNN2 +QT81YLbklSaw9dfftnmMVcgVqYzQVYT/OEOKnxd+XfKoAz41VDnGeZYYymrIef8D +URpG/QBJVMyyDjXc3eOvzXmorL/FIJvJEgWGsGYqTDLRtJlU/71jSwLz5sFNk11s +3Ct2nQi3sEf/EqYbQxpM2kCBV2RuedK3kOWpL3VJu1rmL6QeJuQWaXgqdno68mBC +5NsL5SxukPkHW8zxF3brjE5CYf0oU2Ci4OGIE63AAvduf7vo923w6cxs7QkCAwEA +AQKCAgEAlrAifUACTdaKCP32uBxuJ9iZlSKaPz9ES0KVbnKMikYRbD9nwGnTNjQN +nAAAIOQaUiWAZJCn3NPfi6YdPjY6lFtGVUZbrGBwCttlO3kUWVJcmx+ADW45an1Z +FcNVhGMXsDhpBa4HqEii2N38/bNF2SZ4lqVBbXbihIfbd3U2Zl2Z8dgmzUhVR520 +77X25ZezdE8INFsDLjcllmpdvv9MKfCMbQsW+TuaxXVcOEco3Eds8bhFMnq9JogL +1+Y4gS3fYWCe2ZBLLwwCwwnjOLjiw24GNKCvyOGhjArlPC9lmTy6hdLtGOXIF2IU ++9FGo6BR5LbxswaC+mtBG63wbW31CedPjm/3xei8gCGvTsdvPYMbh9gDd4MPTfkU +a1zAhTvDWdw46ld7bLbvjNb9h+uvbyEbd7cpsrFxFsqSjLWf5iAgxiZtfDYZaNzz +GQuit+Q1uN68ULThfrWZDYfnGOX5RR+A8D4pZgcGtTF/ephRzxEIKhpzIrhACKHr ++X1mU7cYbuaVgs278TdP45ZId/02Jfe1hi1vhEHs7upnX0pifBoFWaOg4Qvn8EL0 +b0LvD8HHOqqW33tw9ZB23UXRyg4xdk3aO93Vc6uVBnPMut4SESt7/BJl/NbwAFIo +87hTk7w9a4s1EJNSrlOOiddxc4XP99vFz9ia9+nRsln9R7fxkgECggEBAOjp21OI +7IBi1PvPDJluQmU+BF2ZTCiJ0OwqoRX05Lbv/dqAXyFxC5s1Qw986/Mrvh8FZZ1B +mLj/xzgT3titpkV7BTKb1jEI34SeJW22mH9X0nr5VYEwS+qBXbG4XyTU8skiks7Y +XpsCpAQKCgjChzRJTVZ55+/TDvJ6RpbmKuYrSA+pLe2cIfsDNBNnuIuxLiVh8et/ +C/W6xDlSDBWv4t+oZvai67KA6uss3wSbop21Gr7n5t4X4798MjUl3Sl4mvoTKrhd +X8oZ0t0FuZKNdym62Wjyp/12YRlPFhX72ksaZy/N7g5X3cWnQmKKpDPP+MF6NGtX +Y8wM/A9iP0JrxSkCggEBANthdxPg/XgI7eWhsb/Qz/JGeekFimtnHUCIW85yCH+d +Kd7kYjFYLcpLPUERIxfhT2v+FTURqOkwnEcuqpnOBGcGj1/ZRs7wYKuwVpVZ1omF +Ob8H+mdGHzrPBOZ4FxwHVYYCjaq4Y93worxW/lXWn2t7kUTjnnDQyeCgS7ja8EUg +qTxiN4MIMOOxQkvdW+N/QHiqJbdKSe0pFS4K7LvQR73ALv5qdwN5MpzXFNGHABAP +1QEpcFXWNvdoXM4DXZPVvg2KuhwGG8URorhaF7RKKk1xFbb9X+jZRLExZKHLO+L1 +lB4XyxiWSQkBh6ybickc8CfmVny4HzFIFkFTdMugBOECggEBANYhij72d1hhhKYs +6Mx2jhw+NA1JTrdGXQmC964UA+IcKiqkMtGv+JetFAY9Nz/NS3GBqLY3BI2wuhtY +SVyz6VWfkFvC4d0a50QpkQeZBAKvXxcn+/BV0rW6UcV+WBqonL1GR+pbCj9A4kHE +aQ08qsjrS2rhkNbwF6HdwOAio/YQfKPJSixVivgXLd1ZUlU7g81iiuOTXg+Asb5x +LCMUHWS6kk7V4hOuakvkaPT3kT2krv4sfhhZpkz5hb9PHFFwTCr1TCVL0zEfJLmG +9eFCpfd7jT3rOX7RQtvd1dRIQ50gnRVaIi6VoZKB/4pRJD1uSqi2DVNSeLG0jlgm +XzpVkmECggEAWpCW5vb3zIjrJOQmjAg5AEyF4WOvK/2KfuyL8eLzjTMlaOWhf7tm +U9/Rrr3TXfVeozdmK91ZfMLbkSs7tHjvKlTz9V6uM5naXqZSaB+JSIZeO3Wgsueo +1s9Ft5sV9zUz4jnFoBe06pd/pv7GykrqzyVY6DaLXwlifb/O4sZHcFI2az4kqoxE +Gos/0i/U0krjI60iGtOpRyWxn6tU5YfrRfNDszXiYeWztjm4V3NC3F6c0Xj47gab +9HD59vY+uFwBtHdzs0P2TNml8jMHHB+N7SBlFYDuCiM/j2LTp1NOKri05+NsrX7F +MdmW1/Px4rt2jRIy3BPqlJ6syVUZn0I1IQKCAQEAsLejmPoaWxfDxLxFsdH/bozg +89DFvWRVjAoU1EWmVQ6d1DdS2TkG0iLgomoyg8hI6SmJ1cxPZBA9aFSTnomZizxL +CfeFV0lIyDwHD/d4gtuG2+los9Y5dwLKI2HT0eFumyMIWdtPRelmzS9rJGXEJjKU +YKbDyne6Fn/2HfrUFwVVe1RTg5vN/9nOKQoxP9i9N25GuklHSPRWb0KUSj+qV1rP +SHI2wixMm789GLuWZQaH2LntS0tu9IitrTGccXa+CJev06Pw2tQjWrFBAOdp3cZl +aJXR3MR1b6bQyOUpoL2hcg/jZhQLup/Y7RPNGNqvV5PMpL7YArpBMd6uhWH1Sg== +-----END RSA PRIVATE KEY----- diff --git a/fixtures/ca/server.pem b/fixtures/ca/server.pem new file mode 100644 index 000000000..37e41f5df --- /dev/null +++ b/fixtures/ca/server.pem @@ -0,0 +1,14 @@ +-----BEGIN PUBLIC KEY----- +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAmmCdKFi6X1mpk5AU6EEH +exou9NTRyiQVaHmTQvyPu6rd9krXB47/TgBDXcGIstkhFkGLwAh3cHDEPEF2jEcw +W27S+/MvQdVgC4SJaN83pmk6ZYOvr0AX6zmPschoLxl84AT9xKHhFJuH5X1eCzP5 +DY1rAvNLdB9lFC/DM8m2AySwKHc1kAPhs//j6RPcI8R37yDOEta7e/ikhbAwnOFv +/rs3Aob/nYE0ql2CMpO68uU9vbDYQt2bFdiX/zau402Zi9kU1lAaeNBNM0UP9thU +/SSOYuDFqy+XbRVvItLhjvo5hP46GOw9GLz9ICQQohiXjC33e4Hs8sq2XkM+jYyk +DGRiPEtVwt95x9h/ReCYJowJzJWnaSvQKEPNQaMvwGCV5ZLZ0IlI8cqS3m+ns4ZK +gTQDQjeRJADz0JY3jBpBhLebH2HfrYJGp3EWC7CdhhTvYXN5ZkBK6A7xkzPY0mZj +RAvS5K417LkAc+G0gO6qyJtXplkL4G/Q07Vdt8zc7ZAg5rbGWY83lw8E/7h0Gpu2 +JXfANZzdPKiV5P2tB6ZEwdxTABY/kHEk0u0WoPjqqgNv9I/zwLCbjefon8RcIJ5D +EXXm9DibcaCpRYUkq5redFXDG8VHVzYVce2CJdrko8GvWUIOsAh0Y4CbyrXgXepV +BvDtjEvMJUJ/iI33Ytzi6w0CAwEAAQ== +-----END PUBLIC KEY----- diff --git a/fixtures/ca/server.pub b/fixtures/ca/server.pub new file mode 100644 index 000000000..ae60b0431 --- /dev/null +++ b/fixtures/ca/server.pub @@ -0,0 +1,14 @@ +-----BEGIN PUBLIC KEY----- +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAx5i7k1vLi4bizkcW6TLp +6It/tsyJOXhwOiZvqR4oxoe5Jg3TMSvyN3DivxMNKC6/kw4TfFZIu9DAuCQ5BPQ3 +uikN4SqbliPjnz4z1nmWphRKyFamcU1TK7wYEJ8BEHzRgLLx0ttink5EnYBbNLl/ +G2nhNcR/yqWsAyh4nPZlcy8YcxS6/xMVrco8BqNDmfYM9K6IV69oOK2JFqbPppPj +xuc6jAw7QSd6TxSR+lN5Hu6HS849tY5QiPO6qvsbgycmRgPJ3tHcqxxk3iJd/o1E +yPZ/pXg8ZjRaWNRuWL99PtsLwhsGAuRDFPyY7t1wn1Acq14mB2O7/162jfMLeQML +diHZFrF/EzW+2aBmbdBPmjP3lCOOyTNbWDPaCITjnCiNs6CdMj5BG3DYQwFfqbNo +/9hTq8K88KqEn3OtUywzzwQrRNN2QT81YLbklSaw9dfftnmMVcgVqYzQVYT/OEOK +nxd+XfKoAz41VDnGeZYYymrIef8DURpG/QBJVMyyDjXc3eOvzXmorL/FIJvJEgWG +sGYqTDLRtJlU/71jSwLz5sFNk11s3Ct2nQi3sEf/EqYbQxpM2kCBV2RuedK3kOWp +L3VJu1rmL6QeJuQWaXgqdno68mBC5NsL5SxukPkHW8zxF3brjE5CYf0oU2Ci4OGI +E63AAvduf7vo923w6cxs7QkCAwEAAQ== +-----END PUBLIC KEY----- diff --git a/fixtures/ca/server.pub.sig b/fixtures/ca/server.pub.sig new file mode 100644 index 0000000000000000000000000000000000000000..24283ce8afd9d8e102e2c14cb62477dd0393290b GIT binary patch literal 512 zcmV+b0{{I#vaBJH6F^Scg`R$e`9YDG8#{+soOi`sfK^l%%j95`h(*_(QJ``Us#a;5 zh-MX1XHc2CgZGZ|k=^>a$*M4aH|9qS_0Cas-?%7XTK@J3|1x&*AMRvVK|2i0zm#1G z3V4od&7SRqVOqFY5O=j^9TIBq&T77KzP2p~m-H zf;fBsFf=vy(So)4rVaotLcBfQHypSMBqDgz8W@o;R?J_{lct!J1=fO!+V-g%QwLd> z>l~SEiEXh)i{{(0?L7W8_C{l0iD~`EO8wQU0#1-!>BbGkbYLc0k7hHMNTlaed>yOf zGLa$;$me#tEXN;N!^n8ShCy27rT_XJ`ApwLH*uRNYoT|`-u6+l9^n2m%mB!72%HMC zL7XRZo09eNvooJNFkHzJ_gEEU!KFx^%@wT)>6*dwqkL;15g#^93lbzuCJ=(jSzve0 zU+Cnbw|ifEmDj3es(I!)0)Z4j79w#pWvSydVqD9eYYk;xN26&lYN}lpTLro`AQUN6 z=b_Cqq2Q?QeT1k_dH=u~Tb$3cRoQogQK3*^E+?JD*=n~qrVHTShr!T1^DSg60Pt?A zo7Pe+8%7mQ%7l&*=k0z;Gj*&jo}y-_yf6cOP2hS{I9#`*UU*zt!TN-f>tiSqQ*vIH C4)<&T literal 0 HcmV?d00001 diff --git a/fixtures/ca/server2.crt b/fixtures/ca/server2.crt new file mode 100644 index 000000000..dab56c8b4 --- /dev/null +++ b/fixtures/ca/server2.crt @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFMDCCAxigAwIBAgIBAjANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJBVTET +MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ +dHkgTHRkMB4XDTEzMDgxMTA1MzE1OVoXDTE0MDgxMTA1MzE1OVowRTELMAkGA1UE +BhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdp +ZGdpdHMgUHR5IEx0ZDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALRv +lwJo+lU+QkAol+sFEAyW+qTNxdTKiSqeHhigpbyuo18/ILvXJRRz4Slrx1sqLjf4 +ne00N0wTy3l+DGi9kI39BrVrj8Lg9mTlfJQy/JJSDVIMli/lnkbfjNlsC3miRLmY +YxqKLZJH5onErIR+XCTJ3o4kVk6QMy3oR0LPWWz/cs4PrXNVosL6jl4tTTOyqWAC +4dtDGlDElSFui78KuSQCKO+9sepVvSFXE8Wo32LZWQ1vahg/+J/eagbw6rakl+uu +VJgfin7JH+bFsiBCkOAN4v0QF3JYchMIBeXwQzEq/HpN73Es2wPGuyglB0OGkxpu +nZ0B7bAJSOQMMNL7NkGIu6HNqORt2FzXypiXaIMUCVcIvvf2VqGBpULe+4fdLvbc +Ho/F6MzmmxfDNMwvBb1P+1nPOKc78pKWO2mqN+hOudxTbdzAiYURtjIp6oyEzvl3 +Hdgf3UUVmBQe6jPw9Cm17c7y58icPdRERoxCSdhOfwYFuls/fenPwBhMZ53+cRYG +eP2f3TT6cMzcEUkz2ZIZa4XZp0JCox1yQxy8vrmWfLo9sghqE2iRGWqRKexhr7IM +Iv9Q2wL5qcGaX1wA1gOMfpuqySb6zp8LouVEXAII9RfiRFundqYjJjtZg2sosjRJ +Eab94wfwLu9d0lKZtNBkAh65q02+Ys4Ah94IEu+ZAgMBAAGjKzApMAkGA1UdEwQC +MAAwCwYDVR0PBAQDAgXgMA8GA1UdEQQIMAaHBH8AAAEwDQYJKoZIhvcNAQEFBQAD +ggIBALWlvNm8kp3bdzymrJnvE4+sV5p+2AnKx1yZIs3h62rUM22ROU1wCAoJfyCA +LuXQNaXuWVOWUq96BCzlTScTSa1xhB/vbn9RPJVo0t+uni5fx/Pm2CHLAUijrT8z +10BHbaIPjYnmvz0lkii4Y5+Tb4WQ6yLrUYm2dpLexYwyOUhmGQNGRgY750dwf8Fe +2TBFOV9rkXlhgdopWYPhUv0ZmciYGwrJ2+9jULDFhT+PDrdAjbeDARPKcMi0jpZ1 +zBHyC6lNT167Gdj9LVV6dIFEHozzrqdMecz5CJrgKPL0s5bM88DRssupS1WgT1RG +qGVxfcuBYRLtz10W5+JBXvA3JRHgaPotkqvKsUqeII/nqvu+qSRDnh7O+i1PJUTr +D+5CSMxUK9DvxH1gUYhnQ5asP9PXZxp8hlGGwyDVu2rYTQpDyiJnHGmsWfSZuSOy +W8ViseuFe3WmdsD0wo6VguyPFMHGzh5Sx/onb4eeASz/BtcGYVPApD4WByF9WlVF +Cg3SfvNPj2fvI92DP6KAKtDgOdcHidzwPAh3XCZGikN19Oz3cCYf+AT+s/KNfvMt +B6DplYeleAlKTXYsS4ycGojGp4DpRzrxSb2mhHdHsz51H/gn9+Rgx4+QAIJGKqxk +yNRnW/UpsJbN7G7hI3pgBEFRD+QE4zvGwkn6+SwxxozhtZZ4 +-----END CERTIFICATE----- diff --git a/fixtures/ca/server2.csr b/fixtures/ca/server2.csr new file mode 100644 index 000000000..6c83b47e2 --- /dev/null +++ b/fixtures/ca/server2.csr @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIExDCCAqwCAQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx +ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBALRvlwJo+lU+QkAol+sFEAyW+qTNxdTKiSqeHhig +pbyuo18/ILvXJRRz4Slrx1sqLjf4ne00N0wTy3l+DGi9kI39BrVrj8Lg9mTlfJQy +/JJSDVIMli/lnkbfjNlsC3miRLmYYxqKLZJH5onErIR+XCTJ3o4kVk6QMy3oR0LP +WWz/cs4PrXNVosL6jl4tTTOyqWAC4dtDGlDElSFui78KuSQCKO+9sepVvSFXE8Wo +32LZWQ1vahg/+J/eagbw6rakl+uuVJgfin7JH+bFsiBCkOAN4v0QF3JYchMIBeXw +QzEq/HpN73Es2wPGuyglB0OGkxpunZ0B7bAJSOQMMNL7NkGIu6HNqORt2FzXypiX +aIMUCVcIvvf2VqGBpULe+4fdLvbcHo/F6MzmmxfDNMwvBb1P+1nPOKc78pKWO2mq +N+hOudxTbdzAiYURtjIp6oyEzvl3Hdgf3UUVmBQe6jPw9Cm17c7y58icPdRERoxC +SdhOfwYFuls/fenPwBhMZ53+cRYGeP2f3TT6cMzcEUkz2ZIZa4XZp0JCox1yQxy8 +vrmWfLo9sghqE2iRGWqRKexhr7IMIv9Q2wL5qcGaX1wA1gOMfpuqySb6zp8LouVE +XAII9RfiRFundqYjJjtZg2sosjRJEab94wfwLu9d0lKZtNBkAh65q02+Ys4Ah94I +Eu+ZAgMBAAGgOjA4BgkqhkiG9w0BCQ4xKzApMAkGA1UdEwQCMAAwCwYDVR0PBAQD +AgXgMA8GA1UdEQQIMAaHBH8AAAEwDQYJKoZIhvcNAQEFBQADggIBAE8B/gcXrrvn +jCLRfW/CoD4+4qu6kTqsMHWWtiPQDn9qbF2f+uxe7iIxJ932NB65PpBWMezAxJzc +Iy1f+g63vUKqHrIKAvpWFuu6hXciubaFgMNp9DYaWIfPzelRTyKEgxXMeYNZ3edA +CjfXvg00VOY58hqrUEUYySPtKJzgYc8duvlSR+I/VO6q0M+yP4tATEtClFDz4+vH +e3wiCBpXTp/wuR97Qdgw1c6SrM6nriEyHIt/qFSsx4qXLS14qtGi3ynCUPgVGMrs +3POd5Ynl9JnSMXM2tLtTm03gHk8V05t3IpcQ8zgp01bNvRoPjZWL6tlb829GcUTJ +ZYLgZhLpKrDLr9BDa2wNrLWw3DryfjRNQT2b13BmingmltaGXfiZJLb6VZy4Mzca +vGgvlEU5s0wS7jmEh+5jIHtDVNbDEs2VzjUGo2ZGi2HyotXWK2s3/FXU6xnFaqTj +BVjwxCFkVRhroT+icA2WXVAZu8LZFniQ81BTsa9+Ywn/7LIvK8KdJa16zJOqTepp +D6h1RD8p3d1Wb8slDVKvDZV5vxGhaN+Zzoo2tGy0q63n70yAOs7BZRiO6Z9tFEWG +1VKAP0c7yYR2QFBrjrMQDmU5p1Ac5QbVmvYBkDC6Ha3LG+7jkF+ksJED3FdnpSLP +/FB8JiR1kDofxznOmq8Ta+JH+ZBygkka +-----END CERTIFICATE REQUEST----- diff --git a/fixtures/ca/server2.key b/fixtures/ca/server2.key new file mode 100644 index 000000000..9d7e1e1fd --- /dev/null +++ b/fixtures/ca/server2.key @@ -0,0 +1,54 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,6357944A31F1FA4D + +8JSh0AAkpFI4wbTIxc461YY18lytg4AQHXDj3DU2lmkOcdS5vPQOqqWvqOW7DrmU +FyNkQRke/SyL6ZkcEPAe0wCaRV4KlU49HZOfxMGlJLeRbrSbcVsE/Kk1dJo3VB+x +Dm496BZMqVLrEuXx05kLiy3TUEsMNN3NSyFT/F76ZiV9HJ/ruVv/P5CS1Rwxzju7 +lZM4nEEsFCnGTPjdB/Es9HCjPX4HZmSdTwcU/vDBctS5aj91aE1EBSMdJfSYq2k4 +Ct6tAmOfBoi4qj+6Wr+gmaDyGvJyIscUbaBNXdM530CckkaFbZ00zXIqwnV33oiZ +1CZ6uEd0Uk7Hu0n8lnBClqLJmXVMyxnO2lv2MPAPkBeLK5OEFj8aX9ekZDrkIL7M +VgNgA5UCzmvtiEHNvow3BcEXhRFO1oT3O6AEyHpDUW3Ev7jn3SGg8Dg6suLs6GBc +h9sFynnKO0cPT0tJDBbPNqZwcgktnpIiWHPJutMl6kQxAGDijK3WrGOialvuK99x +rP/IIQm8bzi8eRvCulLtGw1al+yEH5Kwbu804cEgt2GFNXXvTo4M1RDFyxYiD9wz +g+Gs0ZCkwpjasM2iNnURDX/xgZo4o2G/R53221Y47/xVu94DVSTD/AQWvEbgWPga +zV7AQhUHGyoHMt5IyStcx1tobR2cmro4yCq3AN1aQwnUJm8LDY+KJpCAL+t4P61j +hUCrJ6ZyUsQAPnvJmYJ4gkm8e8uNKfB57SONkNw35aE1W0AK8sKY2ax+dcTuEtnd +6Pdh7WtucjMS8BEb2FvO1hOaidZ7aHfkU2QDJRlRsfKM0dfwVRN7BWmHGNPfGt1p +f13Odpsa2OHS5htrcQ1PsxykXdHxrCLKlwz/dA1lu84L2F/Ious0B7rq5+Jf+R6U +/xrzg24X63TYz0ysUfily4h0L1HyDQsseaSHCl5yYVKbjkBmapQwS4DmrlcTUUcF +KA6myKCyRuHsMr8sXo7qUmKhuUIjrgStbHIzueIlan69HdL0c8mhNHlIXP2tWQkI +v4pJXwtHp8sRMtF2Kbf/ZYCa5HKowu2JndFU45O+msWEq0xL0N+r+L16y74CEpuF +6N3aI0UnLdhzVG4ZGCEQ+YYvFySIzP/veGhrJj/UaJyRkf15YEKKs8sULOhVGmdR +LSHBe8yo7i1Vqec5bS6ZrttCNdaNWriylsEPjIZOkrlAAZGYqmwP2PR7NBvnWLX0 +QGIQoPQJuiibM9L9o+DEDDldzxFkWYdjsAO/ROs2bLng6uVU5oNsoTxZZOT2S+KN +eM/TkQasJn27JHAIRb64GFayY6ianh2RJHFOGrVNnZ8aU8SM/eP7r07vYxXgNAA0 +r748yVacwLk7nhq1IXrrcRSNugTXUVgQSQw7VL5+ftxpHIHC5ZNj+NWYB8dAB2m+ +e0+BJhxoEFzNa3PypvLPqhOPs4FshVyzcejrULjEZDJZ59pLHJENu4IS9MV0/spo +fjytvXK07Lk+UpAEbtUOONl9WIV06EAbJjH1Ow6cBGvJVypYqgWfhMH5vLvpID6k +RAKVGU3/J1Sq4J2OcgRQ6g2oQQV4GXwOEL9o+6mesbcGHFiu8YLGriKGul5HxE3k +5sSJUNKna1s6PxL+0vJQLljf9qrNG/bYS6p9jGtd1Wxma7vAEbpUvB644kSEEo1h +1GleOr/8bz7BvMgoLg7pikogqOCRxHBN7AsGXzasF7bQXITIQLv/b46G5auvNECn +mLXQayPx1okwSkYeOkDsoHATiFqmjyE6z5JGVF21z31K85ksxEzB+agchfD28Lme +7GmlvfiEq7eSK/MUhkW+msnuURY6WJpKg+9LOm83sp9OVXDWLWdkurfQTh4iXdPX +zLrQFhiHqmsZtLUUAQE9Hr34lvUwctDm7+LaL8IZgydlNAZks0xUuZhrmHHbbiRj +iuqCHvvVFrlhJPAUsL6ICw1ygUJVo/jXdsky7K5zeeLuPFr2IlrlUiGKgt4ew/xa +x3aFOw7zO5wVFSBjv7AfiImeM6/ke4fR7Jry75KWE2RLDQ8Gcnc8R8bIYUMZJjnV +JCjAb+PJbyfTqth5/epjYw2c5XulxGgQnab+P3gZL3W0GiHggPOviNVx8LPjW9Os +PQsRFGTB7S4lA1GCNRjwUgKdx5SKjNTcmGRltEju95Jdk2mOnI6cqTLiaXix9+fH +WWb9s9TiL6FvaDCEbU4npb0vpkJNtHHudy0x7FdbQhLMtPeVH4qLlDAIHyrrt7g4 +Mzu6LUlQCvvcrB2jfWym+hYCIkIn+MbMK2jaknh0jPS3F72i2wHRd3ykIg5Rdv7T +5OjApmDgMXibTBf2NmQAix/O6PYZp+jFZ/P3KNh7XSDC+Ne6qa8O3cdwaQsNLblt +7e+fTGHJeWnQT5Kk0fY5Q1Lrje0lQ3iZgnUrsNX1wzYwOJtCbKXYC7wgBQmz6/IQ +WSvlSZANwuutp9XdR44J3wbBm9Ux9cTgyL43PHSPTirPdu2QjQKE4A4ryqg+v64G +q4Mal0kMhfSJ1OP7t7dAkMCNjBrsmi9QsBlmSX18BOP3B4TzqiAWIH2NGxnH5MVg +TN/yQiIMyD24Zia7Z/CpMulQWyYKw9PkP7bdfyG65aJ0+LnYRu5MYS9wO694dcUG +kZDyBq866y8GIDVvzWHNIh+iEbvnGvAgIFOT9i983Y/3SqTJA5EJ6iK/1AAsnERd +14gQ/2SybyHZVB6RyPIw3E/QHu8ywNVOHg+pQDecFD0nQWV+l7fhRxn7+w4oLfx9 +PUIA/VFHaxx4pr14oHX1xUMOxuovhEjdXS1JkU6Niib5EqfrL3MDBnoMcH4EiAuT +XfNy5K+uxD2uW0bxq6yjRGTB1yec8kcrcZyArQkAI7mfTOAywSiQyD6O038hQ7Rl +hfMBSNjJiEhEvr4teNK6YPacQvsUEaAK411sHpb+enMR7l75PUazNdLHkVr/4rYo +Z4eL6J3TAVmCN2QKvPDEgz9lr5pl4ogTN5mysPzCc8YtT+B7o096TcD8U+8bstFa +GcTfsEGcxggX321Xc7kbfBPXKS7yq8b9wqwB3zbDTWgf3H/fd2aHozPBFeYWi8iK +6qIM1wiFYYV20So/jF3U8a6EdOjy47JdXXdUONj9Qe+fE+8iNA2x0FzWUJIXy0dI +-----END RSA PRIVATE KEY----- diff --git a/fixtures/ca/server2.key.insecure b/fixtures/ca/server2.key.insecure new file mode 100644 index 000000000..0f2b9c0c1 --- /dev/null +++ b/fixtures/ca/server2.key.insecure @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKgIBAAKCAgEAtG+XAmj6VT5CQCiX6wUQDJb6pM3F1MqJKp4eGKClvK6jXz8g +u9clFHPhKWvHWyouN/id7TQ3TBPLeX4MaL2Qjf0GtWuPwuD2ZOV8lDL8klINUgyW +L+WeRt+M2WwLeaJEuZhjGootkkfmicSshH5cJMnejiRWTpAzLehHQs9ZbP9yzg+t +c1WiwvqOXi1NM7KpYALh20MaUMSVIW6Lvwq5JAIo772x6lW9IVcTxajfYtlZDW9q +GD/4n95qBvDqtqSX665UmB+Kfskf5sWyIEKQ4A3i/RAXclhyEwgF5fBDMSr8ek3v +cSzbA8a7KCUHQ4aTGm6dnQHtsAlI5Aww0vs2QYi7oc2o5G3YXNfKmJdogxQJVwi+ +9/ZWoYGlQt77h90u9twej8XozOabF8M0zC8FvU/7Wc84pzvykpY7aao36E653FNt +3MCJhRG2MinqjITO+Xcd2B/dRRWYFB7qM/D0KbXtzvLnyJw91ERGjEJJ2E5/BgW6 +Wz996c/AGExnnf5xFgZ4/Z/dNPpwzNwRSTPZkhlrhdmnQkKjHXJDHLy+uZZ8uj2y +CGoTaJEZapEp7GGvsgwi/1DbAvmpwZpfXADWA4x+m6rJJvrOnwui5URcAgj1F+JE +W6d2piMmO1mDayiyNEkRpv3jB/Au713SUpm00GQCHrmrTb5izgCH3ggS75kCAwEA +AQKCAgBeBBcHJnPpnrseewhNaSHnrXOEE8QVEENQdXrxEiPJoKV3p4kC1yN2+LpF +vubtVZkniN+hDSgS9+15rHgCy2Na2JB6T0VlIZrBD+JNxhNcmmxeaDiJVHeYLjtR +vr5r7mUo34Ij/gOoyNYSyuupTb3tXVIddkmSPgiszu7ynN/Xr3K+c+TIx8I7Hhq4 +b5peaaVfZaERgnFfzE54UQV30bqOTKHP6WOe2nXlvV2MDGX5N47zNS5u3EZL5rQQ +Uc+6wyB1qSxi52xei6WXtUMPFCAw3ot7mLre1b76s59/JCWepOtRPvKYYersmMxE +KqcSRDi5+REfEjYrF2tniAKYrFSkCKQXSOySmSNBcbpvmRhG5l4/s/dAgWuox0ha +qj+VteV8H+CruVEonBFDxiXy9cEQFeRQJU2hP1HighYe4pjfMmA6VggdnTSKaUGq +VLVYiKsEZW6G4tP11q1h8EVANFLUUVjXYLsoROKNai9n+tHRA+VxDbX2cMnbqsb7 +LT9xDpCOjl0cZ2Sw7FF8ENuDttQXr6ehhpUSPk6dNh++g7juCuYHQvceHCL4t+m8 +IIuQxWNMC6kjpOXSDpkedaGPu7OwSpxqTc6HyYb4t3quesTsha+ZELd2txNgrCHj +TfIHnoE7rqmwYAKMlloxk3xWaOzXk5M1JkazpxTHiFd/SpgeQQKCAQEA49Qy8NCJ +VQIJTs54mljKNWEUuWjt48k1K2eQmPsbj/wJHFDwOM2TKktAthJmgW4lmOYHbIB9 +xIRBF/+Auzhcbuh/W7gPatwGD+w36ljluX9NxXrLDxGD8rYCJArr1WE0Elb6fUnN +oNijYlLOSv6BVWLt9l6tdchl62pkhunrp5JmbGxe4npmCfACnR1OqJF/l0CwnQRz +23qR3Zfyaek9sL1MkXp5DIhLrBlWD9b4JU7DwriWZPuTGRKOYiUrkRa4QcVwBRIF +MfmK+pJvJ+X49sIE7bpByCBKyki/8raUBdGJq80iFetvogYGdpld/aLMuni/2EIS +fIrKTjLmyBNjpQKCAQEAyr8w3ye8PhE7TFJjUCgaCcUmrNf//ePcC/wCjzacLgxh +TzIVRAVpE3hp7r6XfSmtEuad2d/3OyIjKckcp+46+YVmhD3L2vv5q7myl1+nWU22 +qnK1nO8xt9W9rH3wn51UjAK31wa3x9OGuu7HJ8UeX+McgSL42uOxI0IEGu9FQts6 +oU8FUmnptdw3xXLKN55yQlwfd+apMZCiVd5RjPusoLeGjfjg/vS4mJMi+MuFued4 +5SE/GqRHwFxT0zNXh73DyvkQ8S/JxZpgdJiWk4tckM3gfAwZdqqnCczIj0XTn612 +SZ+RN9S3J8FlEThXcA4NX/zBb+GGe0QRgyOzIjIJ5QKCAQEArO//dwKkrE1uaU6b +B3ZMj7ZQd+kpYpXx8S+c+DLsGiCTfdYGcufBRQJ4bXyMKMVGbsh1bCwgy5IkoyXE +PtkqeNmtCx8tPM0lIOMLEq1GO8dhbnymNJr0EMGN4HQVzhQJ5b32SDJEj0rCwrje +dNi5ren5feEiRFzI2KkbA7n+smWTr8uXPszwNazlHwQHGDfRpStqpNWjaD+jB5T2 +YuS0ejtHKsrPpe6zmkBlLoLcO92NBXr+VksMvqRyRhe2+VxIo0xOmtqx7NxiXY/Y +Jm4PzKc7/IQ8uL+iZehRI9jphX0nxqxgqkjbpR5zu4Txbr0sMIPGBE8rHzRvGmrS ++Z6WLQKCAQEAsWgu2XWpkB3/5z7ITCFq91WeC+xNwdmaeJohmzNL4jdPBr9qQEUD +ttfMye3YHNtU6I8HXNhPO10Zq7yg6Ija7e++zsRMFugZhhxNm4tFoi0QQ4FwTUw4 +EwZinAbvgJtomcLfHrZwJdh/sh6yAajIdVsDXDQ/0TkfjRx8/xyTXHb8jJ3aqEyp +BksWOh3BuH1auZpmpsIdFpPamIyai2TFnzQ39w7pwe5dgJRvK4jbENrsvIIk96j8 +Z+PiLZJlaw+vvXHHU2RfiBsXf67tQ1nUu5iKb8EenumglECu1j9hd/2O3clUhqgJ +RC5Dw5erWw/QwEco9D9BL6dWM4wPeUKTyQKCAQEA2EXIdcrehSjYRouLoR6j9Io1 +/0yeydM5mSdrwjaQTC7AmPF7tt6BUpth2TfG1hbkuouu6eUNqMiMGs1sLPXEPpvh +geA1vdMzX5c9f/rx14jTRwVZnVoPiapLBNr4Z/Hgojr42vYqqvsrMaC0k8G/xH85 +9oUBKBrSApDycP5Pdufex8TGRHF9NW4VKDdZS86jIhQVfUVgvIacx4D2Y6XHIgtW +3mJvoRvIPLipbeXgJQgNi+RhsFuYkfVerC1O4ZMsIlLFzmpclcF/nmVmb5rF03wx +wJLEKmAS4yAjFtPuhdqbdeDdR2W8SCZDmkrZIiZuCWvHxPByGbxL7gQJlVqpTA== +-----END RSA PRIVATE KEY----- diff --git a/fixtures/ca/server2.pub b/fixtures/ca/server2.pub new file mode 100644 index 000000000..33361caf5 --- /dev/null +++ b/fixtures/ca/server2.pub @@ -0,0 +1,14 @@ +-----BEGIN PUBLIC KEY----- +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtG+XAmj6VT5CQCiX6wUQ +DJb6pM3F1MqJKp4eGKClvK6jXz8gu9clFHPhKWvHWyouN/id7TQ3TBPLeX4MaL2Q +jf0GtWuPwuD2ZOV8lDL8klINUgyWL+WeRt+M2WwLeaJEuZhjGootkkfmicSshH5c +JMnejiRWTpAzLehHQs9ZbP9yzg+tc1WiwvqOXi1NM7KpYALh20MaUMSVIW6Lvwq5 +JAIo772x6lW9IVcTxajfYtlZDW9qGD/4n95qBvDqtqSX665UmB+Kfskf5sWyIEKQ +4A3i/RAXclhyEwgF5fBDMSr8ek3vcSzbA8a7KCUHQ4aTGm6dnQHtsAlI5Aww0vs2 +QYi7oc2o5G3YXNfKmJdogxQJVwi+9/ZWoYGlQt77h90u9twej8XozOabF8M0zC8F +vU/7Wc84pzvykpY7aao36E653FNt3MCJhRG2MinqjITO+Xcd2B/dRRWYFB7qM/D0 +KbXtzvLnyJw91ERGjEJJ2E5/BgW6Wz996c/AGExnnf5xFgZ4/Z/dNPpwzNwRSTPZ +khlrhdmnQkKjHXJDHLy+uZZ8uj2yCGoTaJEZapEp7GGvsgwi/1DbAvmpwZpfXADW +A4x+m6rJJvrOnwui5URcAgj1F+JEW6d2piMmO1mDayiyNEkRpv3jB/Au713SUpm0 +0GQCHrmrTb5izgCH3ggS75kCAwEAAQ== +-----END PUBLIC KEY----- From f1ad9078755f3adf3047fb0f06dd9b7b6de61ec5 Mon Sep 17 00:00:00 2001 From: Brandon Philips Date: Sat, 10 Aug 2013 22:35:16 -0700 Subject: [PATCH 15/22] chore(transporter): add spaces before return just a little nip --- transporter.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/transporter.go b/transporter.go index 9e12b9012..a84eb2064 100644 --- a/transporter.go +++ b/transporter.go @@ -39,6 +39,7 @@ func (t transporter) SendAppendEntriesRequest(server *raft.Server, peer *raft.Pe } } + return aersp } @@ -88,6 +89,7 @@ func (t transporter) SendSnapshotRequest(server *raft.Server, peer *raft.Peer, r return aersp } } + return aersp } @@ -110,6 +112,7 @@ func (t transporter) SendSnapshotRecoveryRequest(server *raft.Server, peer *raft return aersp } } + return aersp } From 7f9c2eee45ce606974d63292685761806699a1f0 Mon Sep 17 00:00:00 2001 From: Brandon Philips Date: Sat, 10 Aug 2013 22:35:45 -0700 Subject: [PATCH 16/22] fix(transporter): consistently print debug not all transporter handlers were printing debug on failure. Fix. --- transporter.go | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/transporter.go b/transporter.go index a84eb2064..211774e5a 100644 --- a/transporter.go +++ b/transporter.go @@ -81,6 +81,10 @@ func (t transporter) SendSnapshotRequest(server *raft.Server, peer *raft.Peer, r resp, err := t.Post(fmt.Sprintf("%s/snapshot", u), &b) + if err != nil { + debugf("Cannot send SendSnapshotRequest to %s : %s", u, err) + } + if resp != nil { defer resp.Body.Close() aersp = &raft.SnapshotResponse{} @@ -105,6 +109,10 @@ func (t transporter) SendSnapshotRecoveryRequest(server *raft.Server, peer *raft resp, err := t.Post(fmt.Sprintf("%s/snapshotRecovery", u), &b) + if err != nil { + debugf("Cannot send SendSnapshotRecoveryRequest to %s : %s", u, err) + } + if resp != nil { defer resp.Body.Close() aersp = &raft.SnapshotRecoveryResponse{} From 466229cf4d7f80f4a3ca5afbf676ee033636910b Mon Sep 17 00:00:00 2001 From: Brandon Philips Date: Sat, 10 Aug 2013 23:33:40 -0700 Subject: [PATCH 17/22] fix(etcd): reverse the cert handling the server tls config needs the client CA information and the client needs the pub/priv key. This is how this code used to work. --- etcd.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/etcd.go b/etcd.go index a5d0a8b74..55faf5e24 100644 --- a/etcd.go +++ b/etcd.go @@ -479,10 +479,10 @@ func tlsConfigFromInfo(info TLSInfo) (t TLSConfig, ok bool) { } t.Scheme = "https" - t.Server.Certificates = []tls.Certificate{tlsCert} - t.Server.InsecureSkipVerify = true + t.Server.ClientAuth, t.Server.ClientCAs = newCertPool(CAFile) - t.Client.ClientAuth, t.Client.ClientCAs = newCertPool(CAFile) + t.Client.Certificates = []tls.Certificate{tlsCert} + t.Client.InsecureSkipVerify = true return t, true } From 6f388513fbc5a71f60475b6113f6e3b56fc0b738 Mon Sep 17 00:00:00 2001 From: Xiang Li Date: Sun, 11 Aug 2013 00:41:03 -0700 Subject: [PATCH 18/22] fix test --- test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test.go b/test.go index ae82d637a..68e0b6584 100644 --- a/test.go +++ b/test.go @@ -62,7 +62,7 @@ func createCluster(size int, procAttr *os.ProcAttr) ([][]string, []*os.Process, argGroup[i] = []string{"etcd", "-d=/tmp/node1", "-n=node1"} } else { strI := strconv.Itoa(i + 1) - argGroup[i] = []string{"etcd", "-n=node" + strI, "-c=127.0.0.1:400" + strI, "-s=127.0.0.1:700" + strI, "-d=/tmp/node" + strI, "-C=http://127.0.0.1:7001"} + argGroup[i] = []string{"etcd", "-n=node" + strI, "-c=127.0.0.1:400" + strI, "-s=127.0.0.1:700" + strI, "-d=/tmp/node" + strI, "-C=127.0.0.1:7001"} } } From 0e1125666f9da15cd97b9edc4e148f949a57def8 Mon Sep 17 00:00:00 2001 From: Xiang Li Date: Sun, 11 Aug 2013 00:42:46 -0700 Subject: [PATCH 19/22] better naming in join --- etcd.go | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/etcd.go b/etcd.go index 55faf5e24..9367def86 100644 --- a/etcd.go +++ b/etcd.go @@ -572,7 +572,7 @@ func newCertPool(CAFile string) (tls.ClientAuthType, *x509.CertPool) { } // Send join requests to the leader. -func joinCluster(s *raft.Server, serverName string) error { +func joinCluster(s *raft.Server, raftURL string) error { var b bytes.Buffer command := &JoinCommand{ @@ -590,9 +590,10 @@ func joinCluster(s *raft.Server, serverName string) error { panic("wrong type") } - debugf("Send Join Request to %s", serverName) + joinURL := url.URL{Host: raftURL, Scheme: raftTransporter.scheme, Path: "/join"} - joinURL := url.URL{Host: serverName, Scheme: raftTransporter.scheme, Path: "/join"} + debugf("Send Join Request to %s", raftURL) + resp, err := t.Post(joinURL.String(), &b) for { From 03a2d608c29929591445edb5f25c365280352a54 Mon Sep 17 00:00:00 2001 From: Xiang Li Date: Sun, 11 Aug 2013 00:46:08 -0700 Subject: [PATCH 20/22] add x509 extended key usage --- fixtures/ca/openssl.cnf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fixtures/ca/openssl.cnf b/fixtures/ca/openssl.cnf index c70a6ac15..a100e38b6 100644 --- a/fixtures/ca/openssl.cnf +++ b/fixtures/ca/openssl.cnf @@ -191,7 +191,8 @@ authorityKeyIdentifier=keyid,issuer #nsSslServerName # This is required for TSA certificates. -# extendedKeyUsage = critical,timeStamping +# This is required for client Auth and server Auth +# extendedKeyUsage = critical,timeStamping,serverauth,clientauth [ v3_req ] From 9f14e75360a92a21fb0889cc29a8e3363b9cb7e1 Mon Sep 17 00:00:00 2001 From: Brandon Philips Date: Sun, 11 Aug 2013 08:36:53 -0700 Subject: [PATCH 21/22] fix(fixtures/ca): generate with clientAuth and serverAuth clientAuth and serverAuth are required for ssl cert auth to work! Add it to the fixtures. --- fixtures/ca/openssl.cnf | 9 +++++---- fixtures/ca/server.crt | 31 ++++++++++++++++--------------- fixtures/ca/server.csr | 29 +++++++++++++++-------------- fixtures/ca/server.pub | 24 ++++++++++++------------ fixtures/ca/server2.crt | 31 ++++++++++++++++--------------- fixtures/ca/server2.csr | 29 +++++++++++++++-------------- 6 files changed, 79 insertions(+), 74 deletions(-) diff --git a/fixtures/ca/openssl.cnf b/fixtures/ca/openssl.cnf index a100e38b6..ec6489a59 100644 --- a/fixtures/ca/openssl.cnf +++ b/fixtures/ca/openssl.cnf @@ -141,6 +141,10 @@ unstructuredName = An optional company name [ usr_cert ] +# This is required for TSA certificates. +# This is required for client Auth and server Auth +extendedKeyUsage = critical,timeStamping,serverAuth,clientAuth + # These extensions are added when 'ca' signs a request. # This goes against PKIX guidelines but some CAs do it and some software @@ -190,16 +194,13 @@ authorityKeyIdentifier=keyid,issuer #nsCaPolicyUrl #nsSslServerName -# This is required for TSA certificates. -# This is required for client Auth and server Auth -# extendedKeyUsage = critical,timeStamping,serverauth,clientauth - [ v3_req ] # Extensions to add to a certificate request basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment +extendedKeyUsage = critical,timeStamping,serverAuth,clientAuth subjectAltName = @alt_names [ v3_ca ] diff --git a/fixtures/ca/server.crt b/fixtures/ca/server.crt index ba5f557af..7363b399d 100644 --- a/fixtures/ca/server.crt +++ b/fixtures/ca/server.crt @@ -1,7 +1,7 @@ -----BEGIN CERTIFICATE----- -MIIFMDCCAxigAwIBAgIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJBVTET +MIIFXDCCA0SgAwIBAgIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJBVTET MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ -dHkgTHRkMB4XDTEzMDgxMTA1MTE0OVoXDTE0MDgxMTA1MTE0OVowRTELMAkGA1UE +dHkgTHRkMB4XDTEzMDgxMTE1MzIyNloXDTE0MDgxMTE1MzIyNlowRTELMAkGA1UE BhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdp ZGdpdHMgUHR5IEx0ZDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMeY u5Nby4uG4s5HFuky6eiLf7bMiTl4cDomb6keKMaHuSYN0zEr8jdw4r8TDSguv5MO @@ -14,17 +14,18 @@ nTI+QRtw2EMBX6mzaP/YU6vCvPCqhJ9zrVMsM88EK0TTdkE/NWC25JUmsPXX37Z5 jFXIFamM0FWE/zhDip8Xfl3yqAM+NVQ5xnmWGMpqyHn/A1EaRv0ASVTMsg413N3j r815qKy/xSCbyRIFhrBmKkwy0bSZVP+9Y0sC8+bBTZNdbNwrdp0It7BH/xKmG0Ma TNpAgVdkbnnSt5DlqS91Sbta5i+kHibkFml4KnZ6OvJgQuTbC+UsbpD5B1vM8Rd2 -64xOQmH9KFNgouDhiBOtwAL3bn+76Pdt8OnMbO0JAgMBAAGjKzApMAkGA1UdEwQC -MAAwCwYDVR0PBAQDAgXgMA8GA1UdEQQIMAaHBH8AAAEwDQYJKoZIhvcNAQEFBQAD -ggIBAJIVOwXJkpI9bPRq6FxN7a0/2NcEU5cC9NvtvEZEjgMFkZwiPMsguwHbbsK/ -Hmg+UBo9HdOCleaPq0HhrhqDzqDGzuzCCwqDinYJl/MaTs7dBE5sJw5sCn+oESF0 -5S1rCKvvF82o1KSzj458aTWKYpOJpdJYPVu8QEm9sBPPAFcQHhevFRuVp8QBdRJD -6H4+6b4eZyADL1yM+Txt/ucuyx/6A8S/G+Uqe5Lnh1pvhZXFfWO1UF8QmYNUb0H2 -7soxruLh4k2mwF8MPSmKw8D3k4rCAMZ7W1P6OEV55Jc4OMVQ5es8tRuj9e2SHD0c -gL84rv9lNYfA/4DEKEviJTko+dD/NyIKrZCyc39Q3MmSBR+ekCNRhdCHWL5IyMB9 -o2u5g2ffsKLLjqBNIrOcGQ8vYSTsuX+y1Tonml6FiBHCgtDv7ZcwxXq37jmeorMt -QqpGJsndMObmvTVkYDN8vgEoia/nndhU7SGgi9NIYDLarDzWrU9baLta8Oq7BHaR -oMV44flX7/2Co6SOzK4y2WgQngCUaAxezN0tZPFIhZjwGwc3CbaigIaF8LTKHQ8a -cGIBGQmZ3670IDQ/vgtjHqG6LlMiJ+WR9GtWSJl3cb+4yHM/wu4oFgjYoB1MSWl2 -f5fczxP6ZXwER7NwcRaooJ/0C7XDE7ux2HsN422jgDaGT/Zw +64xOQmH9KFNgouDhiBOtwAL3bn+76Pdt8OnMbO0JAgMBAAGjVzBVMAkGA1UdEwQC +MAAwCwYDVR0PBAQDAgXgMCoGA1UdJQEB/wQgMB4GCCsGAQUFBwMIBggrBgEFBQcD +AQYIKwYBBQUHAwIwDwYDVR0RBAgwBocEfwAAATANBgkqhkiG9w0BAQUFAAOCAgEA +eM4HmrFKqN3KJK8pC6oVOLvN7BLyy634udGInNmeAbfhDehrSrwqS9zUIJ6EpP4m +rBWP9NFK3pKt2hDhPhGGCyR2LWSJ+jPzpsNcQedGpQm7K+mhWaXsk2+ogzq9Gh51 +dtViSPQWziGVV4bjeM8nwk9f8vV1qNRfu1+kSZz5W58+JtYq6a1yqr8iudhtDVy6 ++yvrzCiMRJ6Oiqen8/5S/9VaaUq5alu8eseNwQ2+PZCBAwMB4UWjRiD+xC1gJo6f +KctVHDLnxUCweMZ+ZQzvi+S/sVIz0UbQ/u2tC2VdNmIlyQPi0RcQ+a423nrDculB +nBHiPbx6uSGK2sS4yiU8v2J/K9RS5m5qi/hJZTv8RRrxG93aIbiD5rjQsN3Tcg8X +IIfU648G2CJq3iH7P1OYrC5P5DriCXnn9higxKNecqN7yZDl+u7NBBFReucLi8Qw +bZlvtsIwumu/Z9mkcVIOxt9ZJgW51uzarozdLZlkFvnLFpuvferRdrb47R/Hj+GT +UVZ8knL4pgT3oXVS7vfyl/X99gZTRg+UaRzIAhGYFiy9RZJ+iG5mjRtrFQVtHjbP +UGiKS/e0GwpM5wFQfIh3pHvmQ67nyhe9xcaf5sLlpgTNIUgkM8TViaVeFVwPIIUS +he8NCYMr31zwHSDl8rrTapldn19XHrhiGnD6xvN38cs= -----END CERTIFICATE----- diff --git a/fixtures/ca/server.csr b/fixtures/ca/server.csr index 76c5c1237..324d13347 100644 --- a/fixtures/ca/server.csr +++ b/fixtures/ca/server.csr @@ -1,5 +1,5 @@ -----BEGIN CERTIFICATE REQUEST----- -MIIExDCCAqwCAQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx +MIIE8DCCAtgCAQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCAiIwDQYJKoZIhvcN AQEBBQADggIPADCCAgoCggIBAMeYu5Nby4uG4s5HFuky6eiLf7bMiTl4cDomb6ke KMaHuSYN0zEr8jdw4r8TDSguv5MOE3xWSLvQwLgkOQT0N7opDeEqm5Yj458+M9Z5 @@ -12,17 +12,18 @@ M88EK0TTdkE/NWC25JUmsPXX37Z5jFXIFamM0FWE/zhDip8Xfl3yqAM+NVQ5xnmW GMpqyHn/A1EaRv0ASVTMsg413N3jr815qKy/xSCbyRIFhrBmKkwy0bSZVP+9Y0sC 8+bBTZNdbNwrdp0It7BH/xKmG0MaTNpAgVdkbnnSt5DlqS91Sbta5i+kHibkFml4 KnZ6OvJgQuTbC+UsbpD5B1vM8Rd264xOQmH9KFNgouDhiBOtwAL3bn+76Pdt8OnM -bO0JAgMBAAGgOjA4BgkqhkiG9w0BCQ4xKzApMAkGA1UdEwQCMAAwCwYDVR0PBAQD -AgXgMA8GA1UdEQQIMAaHBH8AAAEwDQYJKoZIhvcNAQEFBQADggIBAHTfbwYPhVqt -4reb7CFy7xWSV+R4JITL7Obzjxm7ngyLaiHG4heF880ldFBxVlssPfcf+JDdvnLD -ilMfeNxgZiKrcS3qz05ZimTX1SSHrpPk6RS5YuvQhGpb6HmVEtBxLM4XxAKU6zxN -aWPHydif80uecmbx5264Xl+BNb4WHjbKFd0Qj6UPv67CbSl+dLvbhZagCcQNTffB -Hs2JWniyuprkOlj+cTgoKT6ZHiBw7eDlT+56qihBmGad+YOIzDNqTiE1gMT/NpfW -y8VQk32Nk8IyWR/1/mSbwpz+6Npoa6rckkvQFz80+ipnaYeN0xqpHKpcN0zGDgd5 -tsTXPelioKvtd9WcgrUMI6tJImiGJa65SZmgYVH4J9BvoDIMLpte298PzYNWp1or -x+ogjX9rAfABS3AL6QskoK8iuT/Hg3q7T5u3kJ76hmqVjMwfqP4W9o7bsvS+Fz4t -V8ncjiVjBTlD1uR/6HMQXedoDKHnhstF7s9/qPQBw0K4yxqscwJB4/LwRsqoU6pz -w3rNFduPSKfIpxSDiQDuJ+3I+vF7CcNdJHtJyCT6eJZrCjH8IKUTj0525xo7aR0J -yP7dLbKL0nUccBxvHzm0OUKmet8NQ5rcI/VLtw1fUS7vQR93VW+2kDbaswHAtjJX -U82UvzS7mp+uJAAbvjYdl1mzfZFeC9KO +bO0JAgMBAAGgZjBkBgkqhkiG9w0BCQ4xVzBVMAkGA1UdEwQCMAAwCwYDVR0PBAQD +AgXgMCoGA1UdJQEB/wQgMB4GCCsGAQUFBwMIBggrBgEFBQcDAQYIKwYBBQUHAwIw +DwYDVR0RBAgwBocEfwAAATANBgkqhkiG9w0BAQUFAAOCAgEAL5fYwydR3LaAEX0N +RNYbAyeunF0oYSKFz7vL3XF+nDHN8WBd49wfApBb9VCEcjINRInC7/i57xNlw4Bw +phdQiPGTG4dUdtfMw56n9z47RmZpmMs1sfS3CdPuJFb5NcrLGfBJRjRZ9+UgkbmA ++4LP2QHMi4viS3r2DmRhIrKl8Ov+S2TTyY4QdazK4PjtmtqYrB6XeE4I5cT4UsK2 +6jB32U4JCK7mUwaFenSkMKOSXNKBz4dzM1508WuO8z+lbTQSoUBW6YK89XHzhye3 +URDlLzSQy0BYZ/J4djpEDbJ/t+52vQrXU/mAbSZMuiRaacVs90b2r8MkYqTH/BCM +3e5dtZIk28K27mR54/K0noS46l2TXPbDZIxaCVyaBjw/ogC2FoIEVOcVdISZ7XOj +NigTBW1ndBRqXYpKAAlGVV3dIxe54OH7awt+Arn63S9YXprjXn78N6ohl1OMxG/8 +ES+FAY+0Oly7pOZsbg9W08Ao3CTqW5cobVcQE36ZWO2lahb1w6Ya7B843g7S56WS +GatSli9UHN5bUrb135elwwzDixeb/PPnYqBIGG2hOSZJz5oxwnWqxiGR/pApHuRx +Beta1BwPNZ897jbZ/M+JuOep52OGsZYKdJ1dDICrVdnSmEUPbS6L3vG6ZH1SdAix +LRTenXfl/mlG3QW2aLSn+kjtGW8= -----END CERTIFICATE REQUEST----- diff --git a/fixtures/ca/server.pub b/fixtures/ca/server.pub index ae60b0431..33361caf5 100644 --- a/fixtures/ca/server.pub +++ b/fixtures/ca/server.pub @@ -1,14 +1,14 @@ -----BEGIN PUBLIC KEY----- -MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAx5i7k1vLi4bizkcW6TLp -6It/tsyJOXhwOiZvqR4oxoe5Jg3TMSvyN3DivxMNKC6/kw4TfFZIu9DAuCQ5BPQ3 -uikN4SqbliPjnz4z1nmWphRKyFamcU1TK7wYEJ8BEHzRgLLx0ttink5EnYBbNLl/ -G2nhNcR/yqWsAyh4nPZlcy8YcxS6/xMVrco8BqNDmfYM9K6IV69oOK2JFqbPppPj -xuc6jAw7QSd6TxSR+lN5Hu6HS849tY5QiPO6qvsbgycmRgPJ3tHcqxxk3iJd/o1E -yPZ/pXg8ZjRaWNRuWL99PtsLwhsGAuRDFPyY7t1wn1Acq14mB2O7/162jfMLeQML -diHZFrF/EzW+2aBmbdBPmjP3lCOOyTNbWDPaCITjnCiNs6CdMj5BG3DYQwFfqbNo -/9hTq8K88KqEn3OtUywzzwQrRNN2QT81YLbklSaw9dfftnmMVcgVqYzQVYT/OEOK -nxd+XfKoAz41VDnGeZYYymrIef8DURpG/QBJVMyyDjXc3eOvzXmorL/FIJvJEgWG -sGYqTDLRtJlU/71jSwLz5sFNk11s3Ct2nQi3sEf/EqYbQxpM2kCBV2RuedK3kOWp -L3VJu1rmL6QeJuQWaXgqdno68mBC5NsL5SxukPkHW8zxF3brjE5CYf0oU2Ci4OGI -E63AAvduf7vo923w6cxs7QkCAwEAAQ== +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtG+XAmj6VT5CQCiX6wUQ +DJb6pM3F1MqJKp4eGKClvK6jXz8gu9clFHPhKWvHWyouN/id7TQ3TBPLeX4MaL2Q +jf0GtWuPwuD2ZOV8lDL8klINUgyWL+WeRt+M2WwLeaJEuZhjGootkkfmicSshH5c +JMnejiRWTpAzLehHQs9ZbP9yzg+tc1WiwvqOXi1NM7KpYALh20MaUMSVIW6Lvwq5 +JAIo772x6lW9IVcTxajfYtlZDW9qGD/4n95qBvDqtqSX665UmB+Kfskf5sWyIEKQ +4A3i/RAXclhyEwgF5fBDMSr8ek3vcSzbA8a7KCUHQ4aTGm6dnQHtsAlI5Aww0vs2 +QYi7oc2o5G3YXNfKmJdogxQJVwi+9/ZWoYGlQt77h90u9twej8XozOabF8M0zC8F +vU/7Wc84pzvykpY7aao36E653FNt3MCJhRG2MinqjITO+Xcd2B/dRRWYFB7qM/D0 +KbXtzvLnyJw91ERGjEJJ2E5/BgW6Wz996c/AGExnnf5xFgZ4/Z/dNPpwzNwRSTPZ +khlrhdmnQkKjHXJDHLy+uZZ8uj2yCGoTaJEZapEp7GGvsgwi/1DbAvmpwZpfXADW +A4x+m6rJJvrOnwui5URcAgj1F+JEW6d2piMmO1mDayiyNEkRpv3jB/Au713SUpm0 +0GQCHrmrTb5izgCH3ggS75kCAwEAAQ== -----END PUBLIC KEY----- diff --git a/fixtures/ca/server2.crt b/fixtures/ca/server2.crt index dab56c8b4..c68687389 100644 --- a/fixtures/ca/server2.crt +++ b/fixtures/ca/server2.crt @@ -1,7 +1,7 @@ -----BEGIN CERTIFICATE----- -MIIFMDCCAxigAwIBAgIBAjANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJBVTET +MIIFXDCCA0SgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJBVTET MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ -dHkgTHRkMB4XDTEzMDgxMTA1MzE1OVoXDTE0MDgxMTA1MzE1OVowRTELMAkGA1UE +dHkgTHRkMB4XDTEzMDgxMTE1MzMxMVoXDTE0MDgxMTE1MzMxMVowRTELMAkGA1UE BhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdp ZGdpdHMgUHR5IEx0ZDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALRv lwJo+lU+QkAol+sFEAyW+qTNxdTKiSqeHhigpbyuo18/ILvXJRRz4Slrx1sqLjf4 @@ -14,17 +14,18 @@ Ho/F6MzmmxfDNMwvBb1P+1nPOKc78pKWO2mqN+hOudxTbdzAiYURtjIp6oyEzvl3 Hdgf3UUVmBQe6jPw9Cm17c7y58icPdRERoxCSdhOfwYFuls/fenPwBhMZ53+cRYG eP2f3TT6cMzcEUkz2ZIZa4XZp0JCox1yQxy8vrmWfLo9sghqE2iRGWqRKexhr7IM Iv9Q2wL5qcGaX1wA1gOMfpuqySb6zp8LouVEXAII9RfiRFundqYjJjtZg2sosjRJ -Eab94wfwLu9d0lKZtNBkAh65q02+Ys4Ah94IEu+ZAgMBAAGjKzApMAkGA1UdEwQC -MAAwCwYDVR0PBAQDAgXgMA8GA1UdEQQIMAaHBH8AAAEwDQYJKoZIhvcNAQEFBQAD -ggIBALWlvNm8kp3bdzymrJnvE4+sV5p+2AnKx1yZIs3h62rUM22ROU1wCAoJfyCA -LuXQNaXuWVOWUq96BCzlTScTSa1xhB/vbn9RPJVo0t+uni5fx/Pm2CHLAUijrT8z -10BHbaIPjYnmvz0lkii4Y5+Tb4WQ6yLrUYm2dpLexYwyOUhmGQNGRgY750dwf8Fe -2TBFOV9rkXlhgdopWYPhUv0ZmciYGwrJ2+9jULDFhT+PDrdAjbeDARPKcMi0jpZ1 -zBHyC6lNT167Gdj9LVV6dIFEHozzrqdMecz5CJrgKPL0s5bM88DRssupS1WgT1RG -qGVxfcuBYRLtz10W5+JBXvA3JRHgaPotkqvKsUqeII/nqvu+qSRDnh7O+i1PJUTr -D+5CSMxUK9DvxH1gUYhnQ5asP9PXZxp8hlGGwyDVu2rYTQpDyiJnHGmsWfSZuSOy -W8ViseuFe3WmdsD0wo6VguyPFMHGzh5Sx/onb4eeASz/BtcGYVPApD4WByF9WlVF -Cg3SfvNPj2fvI92DP6KAKtDgOdcHidzwPAh3XCZGikN19Oz3cCYf+AT+s/KNfvMt -B6DplYeleAlKTXYsS4ycGojGp4DpRzrxSb2mhHdHsz51H/gn9+Rgx4+QAIJGKqxk -yNRnW/UpsJbN7G7hI3pgBEFRD+QE4zvGwkn6+SwxxozhtZZ4 +Eab94wfwLu9d0lKZtNBkAh65q02+Ys4Ah94IEu+ZAgMBAAGjVzBVMAkGA1UdEwQC +MAAwCwYDVR0PBAQDAgXgMCoGA1UdJQEB/wQgMB4GCCsGAQUFBwMIBggrBgEFBQcD +AQYIKwYBBQUHAwIwDwYDVR0RBAgwBocEfwAAATANBgkqhkiG9w0BAQUFAAOCAgEA +HpP6XxoL3470/1+9OD2uTZGLSjv5lvC9jaAthRQIuSmyhD10XG2uWl7EULBgPfX2 +QYyCWAu3Upuji7KEoxzoCRmD0WOUL8YaNhJSNPe4+acYg1vJYdWSO47jaIy/l69s +LOry4DCbefw497DxHmbJB0NtxLVFinmkzy+earnm0+Fp1qnTmMSPoupQatGHXgMQ +uHVLnTz3oC4OZVN+yyo629j3SaZKWlZ4MOS+RIAaKMCpT8i+4xBRrBJ1XkZVjaH3 +0PPWBKVT7dLxmybm/hZO7PTJdcbEEzl58lgAj1uw9biLG56/0FJ8ZTDbtEqRoxnO +7EEdEhcSdoghoQEm9LkOX7l4wxM7j+MD8mAn0kyEeh8iFeq/zxYhV4IbRchqPs0k +5GZ9DeHBzbgxSENO0KRQLLTLWjWfeY6XplISCfTp34LY/gXnxU732EhezV3FehXh +AVpDOO0LynBTOKvHaZa+/y7fkynHNr2OgxB4CITNoXoNrJd2PSc/wV8HNwDMVdpf +PdTgx3+UW/g4E9KN4GL8IqTLLWRydHez2mLEL4Wp2DIlKs8WZ9ZMlL49sitarEbP +McgOYeUpzvx4UFwJ/ilQEOQODb7BOrX51Cf8k6dBhBze7sMUxIecu1P8amjDlzoS +nIF5foVRbt8G/nfdV3ygegcLj6nz9ynO5Xp2QUu+E+c= -----END CERTIFICATE----- diff --git a/fixtures/ca/server2.csr b/fixtures/ca/server2.csr index 6c83b47e2..51bb28110 100644 --- a/fixtures/ca/server2.csr +++ b/fixtures/ca/server2.csr @@ -1,5 +1,5 @@ -----BEGIN CERTIFICATE REQUEST----- -MIIExDCCAqwCAQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx +MIIE8DCCAtgCAQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCAiIwDQYJKoZIhvcN AQEBBQADggIPADCCAgoCggIBALRvlwJo+lU+QkAol+sFEAyW+qTNxdTKiSqeHhig pbyuo18/ILvXJRRz4Slrx1sqLjf4ne00N0wTy3l+DGi9kI39BrVrj8Lg9mTlfJQy @@ -12,17 +12,18 @@ N+hOudxTbdzAiYURtjIp6oyEzvl3Hdgf3UUVmBQe6jPw9Cm17c7y58icPdRERoxC SdhOfwYFuls/fenPwBhMZ53+cRYGeP2f3TT6cMzcEUkz2ZIZa4XZp0JCox1yQxy8 vrmWfLo9sghqE2iRGWqRKexhr7IMIv9Q2wL5qcGaX1wA1gOMfpuqySb6zp8LouVE XAII9RfiRFundqYjJjtZg2sosjRJEab94wfwLu9d0lKZtNBkAh65q02+Ys4Ah94I -Eu+ZAgMBAAGgOjA4BgkqhkiG9w0BCQ4xKzApMAkGA1UdEwQCMAAwCwYDVR0PBAQD -AgXgMA8GA1UdEQQIMAaHBH8AAAEwDQYJKoZIhvcNAQEFBQADggIBAE8B/gcXrrvn -jCLRfW/CoD4+4qu6kTqsMHWWtiPQDn9qbF2f+uxe7iIxJ932NB65PpBWMezAxJzc -Iy1f+g63vUKqHrIKAvpWFuu6hXciubaFgMNp9DYaWIfPzelRTyKEgxXMeYNZ3edA -CjfXvg00VOY58hqrUEUYySPtKJzgYc8duvlSR+I/VO6q0M+yP4tATEtClFDz4+vH -e3wiCBpXTp/wuR97Qdgw1c6SrM6nriEyHIt/qFSsx4qXLS14qtGi3ynCUPgVGMrs -3POd5Ynl9JnSMXM2tLtTm03gHk8V05t3IpcQ8zgp01bNvRoPjZWL6tlb829GcUTJ -ZYLgZhLpKrDLr9BDa2wNrLWw3DryfjRNQT2b13BmingmltaGXfiZJLb6VZy4Mzca -vGgvlEU5s0wS7jmEh+5jIHtDVNbDEs2VzjUGo2ZGi2HyotXWK2s3/FXU6xnFaqTj -BVjwxCFkVRhroT+icA2WXVAZu8LZFniQ81BTsa9+Ywn/7LIvK8KdJa16zJOqTepp -D6h1RD8p3d1Wb8slDVKvDZV5vxGhaN+Zzoo2tGy0q63n70yAOs7BZRiO6Z9tFEWG -1VKAP0c7yYR2QFBrjrMQDmU5p1Ac5QbVmvYBkDC6Ha3LG+7jkF+ksJED3FdnpSLP -/FB8JiR1kDofxznOmq8Ta+JH+ZBygkka +Eu+ZAgMBAAGgZjBkBgkqhkiG9w0BCQ4xVzBVMAkGA1UdEwQCMAAwCwYDVR0PBAQD +AgXgMCoGA1UdJQEB/wQgMB4GCCsGAQUFBwMIBggrBgEFBQcDAQYIKwYBBQUHAwIw +DwYDVR0RBAgwBocEfwAAATANBgkqhkiG9w0BAQUFAAOCAgEARkq8KI9Oy6Hjx83L +Kq/+532CEv/vz750uwc3MzejQJYDL9x7tkZR4ujDy1uspCUwAfAmq+EWsj0qMiLS +d1GYEEJAxGsWMxj2dRIgCnbXLsS4r08JMxzPVES1kgpiHw0neuT1q7jlfioqoIUG +WBMKV3PW4JqcxblBUCZzx0hTeEmvKP/aDikyw57kfUHJZG4P/TUzjBOn+afha7Ly +ptpdlNNFEZzmEOttrbu3V/KA2QjQEsN2Q73Sga595OUGaFLFbLtsvQ4Udj16M6gW +Z0Ays4XgjItsODS0W/q/InHKCP0dQyuyIb2PrWF5hZ7XcXb+iNExYN4E/WlG4vF6 +3EVIZPeL4TsPRK4lleQkCDyCfm7Ihrac1fhuzlacSyqz9Fp0fH7COyBltRvjrBPD +eqqUWZ5ZmxzT+GEG8tZJCxmMTNF6Lhqrq5n7E3t7kn73q7ikXjmkaVqlOFKR530z +Q5EXw6IFRrUnmbZGWdIdPMG3W1bkwYV5hhpytr2LsB7C0QZEu0phPje5eSsuh5SY +MX8cVh34T2vVqLURLf53N0cQBOR6UBeTa5YPSTuABlHwsGDEXwQdWGYSVVSFrf+o +d0hdZoAbDwXGGximscpQX8t3nUe3R/3lQtem3dxJ+lGq+rxamEgltXnjoOwSXFaU +djj5eM7u0qX1tjAezwt7OYAHEco= -----END CERTIFICATE REQUEST----- From a86e3aa7d9ce13002255fd53d3f960aca8dda6da Mon Sep 17 00:00:00 2001 From: Brandon Philips Date: Sun, 11 Aug 2013 08:50:00 -0700 Subject: [PATCH 22/22] feat(test): add TLS tests add some basic TLS tests --- etcd_long_test.go | 16 ++++++++++++---- etcd_test.go | 14 +++++++++++--- test.go | 21 +++++++++++++++++++-- 3 files changed, 42 insertions(+), 9 deletions(-) diff --git a/etcd_long_test.go b/etcd_long_test.go index ff59caadc..1589bd153 100644 --- a/etcd_long_test.go +++ b/etcd_long_test.go @@ -18,7 +18,7 @@ func TestKillLeader(t *testing.T) { procAttr.Files = []*os.File{nil, os.Stdout, os.Stderr} clusterSize := 5 - argGroup, etcds, err := createCluster(clusterSize, procAttr) + argGroup, etcds, err := createCluster(clusterSize, procAttr, false) if err != nil { t.Fatal("cannot create cluster") @@ -70,7 +70,7 @@ func TestKillRandom(t *testing.T) { procAttr.Files = []*os.File{nil, os.Stdout, os.Stderr} clusterSize := 9 - argGroup, etcds, err := createCluster(clusterSize, procAttr) + argGroup, etcds, err := createCluster(clusterSize, procAttr, false) if err != nil { t.Fatal("cannot create cluster") @@ -122,12 +122,12 @@ func TestKillRandom(t *testing.T) { } -func BenchmarkEtcdDirectCall(b *testing.B) { +func templateBenchmarkEtcdDirectCall(b *testing.B, tls bool) { procAttr := new(os.ProcAttr) procAttr.Files = []*os.File{nil, os.Stdout, os.Stderr} clusterSize := 3 - _, etcds, _ := createCluster(clusterSize, procAttr) + _, etcds, _ := createCluster(clusterSize, procAttr, tls) defer destroyCluster(etcds) @@ -140,3 +140,11 @@ func BenchmarkEtcdDirectCall(b *testing.B) { } } + +func BenchmarkEtcdDirectCall(b *testing.B) { + templateBenchmarkEtcdDirectCall(b, false) +} + +func BenchmarkEtcdDirectCallTls(b *testing.B) { + templateBenchmarkEtcdDirectCall(b, true) +} diff --git a/etcd_test.go b/etcd_test.go index c6c68aac0..5cfbc07a0 100644 --- a/etcd_test.go +++ b/etcd_test.go @@ -110,13 +110,13 @@ func TestSingleNodeRecovery(t *testing.T) { } // Create a three nodes and try to set value -func TestSimpleMultiNode(t *testing.T) { +func templateTestSimpleMultiNode(t *testing.T, tls bool) { procAttr := new(os.ProcAttr) procAttr.Files = []*os.File{nil, os.Stdout, os.Stderr} clusterSize := 3 - _, etcds, err := createCluster(clusterSize, procAttr) + _, etcds, err := createCluster(clusterSize, procAttr, tls) if err != nil { t.Fatal("cannot create cluster") @@ -154,6 +154,14 @@ func TestSimpleMultiNode(t *testing.T) { } +func TestSimpleMultiNode(t *testing.T) { + templateTestSimpleMultiNode(t, false) +} + +func TestSimpleMultiNodeTls(t *testing.T) { + templateTestSimpleMultiNode(t, true) +} + // Create a five nodes // Randomly kill one of the node and keep on sending set command to the cluster func TestMultiNodeRecovery(t *testing.T) { @@ -161,7 +169,7 @@ func TestMultiNodeRecovery(t *testing.T) { procAttr.Files = []*os.File{nil, os.Stdout, os.Stderr} clusterSize := 5 - argGroup, etcds, err := createCluster(clusterSize, procAttr) + argGroup, etcds, err := createCluster(clusterSize, procAttr, false) if err != nil { t.Fatal("cannot create cluster") diff --git a/test.go b/test.go index 68e0b6584..59e505559 100644 --- a/test.go +++ b/test.go @@ -55,14 +55,31 @@ func set(stop chan bool) { } // Create a cluster of etcd nodes -func createCluster(size int, procAttr *os.ProcAttr) ([][]string, []*os.Process, error) { +func createCluster(size int, procAttr *os.ProcAttr, ssl bool) ([][]string, []*os.Process, error) { argGroup := make([][]string, size) + + sslServer1 := []string{"-serverCAFile=./fixtures/ca/ca.crt", + "-serverCert=./fixtures/ca/server.crt", + "-serverKey=./fixtures/ca/server.key.insecure", + } + + sslServer2 := []string{"-serverCAFile=./fixtures/ca/ca.crt", + "-serverCert=./fixtures/ca/server2.crt", + "-serverKey=./fixtures/ca/server2.key.insecure", + } + for i := 0; i < size; i++ { if i == 0 { - argGroup[i] = []string{"etcd", "-d=/tmp/node1", "-n=node1"} + argGroup[i] = []string{"etcd", "-d=/tmp/node1", "-n=node1", "-vv"} + if ssl { + argGroup[i] = append(argGroup[i], sslServer1...) + } } else { strI := strconv.Itoa(i + 1) argGroup[i] = []string{"etcd", "-n=node" + strI, "-c=127.0.0.1:400" + strI, "-s=127.0.0.1:700" + strI, "-d=/tmp/node" + strI, "-C=127.0.0.1:7001"} + if ssl { + argGroup[i] = append(argGroup[i], sslServer2...) + } } }