diff --git a/config/generate.go b/config/generate.go index 0033dd75..f277a32b 100644 --- a/config/generate.go +++ b/config/generate.go @@ -92,7 +92,7 @@ func GenerateCertificateAuthority(commonName string, parentCert *x509.Certificat }, NotBefore: now, NotAfter: now.Add(validityPeriod), - KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment | x509.KeyUsageCertSign, + KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment | x509.KeyUsageCertSign | x509.KeyUsageCRLSign, IsCA: true, ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageAny}, BasicConstraintsValid: true, @@ -186,6 +186,51 @@ func writeCertificateAndKey(path string, cert *x509.Certificate, key *rsa.Privat return nil } +func GenerateCRL(cert *x509.Certificate, privateKey *rsa.PrivateKey, revokedCerts []pkix.RevokedCertificate, isExpired bool) ([]byte, error) { + now := time.Now() + + next := now.Add(30 * 24 * time.Hour) + if isExpired { + next = now + } + + crl := &x509.RevocationList{ + SignatureAlgorithm: x509.SHA256WithRSA, + ThisUpdate: now, + NextUpdate: next, + RevokedCertificates: revokedCerts, + Number: big.NewInt(1), + Issuer: cert.Subject, + } + + crlBytes, err := x509.CreateRevocationList(rand.Reader, crl, cert, privateKey) + if err != nil { + return nil, fmt.Errorf("cannot create revocation list: %v", err) + } + + return crlBytes, nil +} + +func writeCRLs(filename string, crlData [][]byte) error { + crlPemBytes := new(bytes.Buffer) + for _, data := range crlData { + crlPem := &pem.Block{ + Type: "X509 CRL", + Bytes: data, + } + err := pem.Encode(crlPemBytes, crlPem) + if err != nil { + return err + } + } + + if crlPemBytes == nil { + return fmt.Errorf("empty CRL to write") + } + + return os.WriteFile(filename, crlPemBytes.Bytes(), 0644) +} + func main() { log.Println("Generating root CA") rootCert, rootKey, err := GenerateCertificateAuthority("Prometheus Root CA", nil, nil) @@ -199,6 +244,12 @@ func main() { log.Fatal(err) } + log.Println("Generating Irrelevant CA") + irlvtCert, irlvtKey, err := GenerateCertificateAuthority("Prometheus TLS Irrelevant CA", nil, nil) + if err != nil { + log.Fatal(err) + } + log.Println("Generating server certificate") cert, key, err := GenerateCertificate(caCert, caKey, true, "localhost", net.IPv4(127, 0, 0, 1), net.IPv4(127, 0, 0, 0)) if err != nil { @@ -209,6 +260,16 @@ func main() { log.Fatal(err) } + log.Println("Generating revoked server certificate") + revokedCert, revokedKey, err := GenerateCertificate(caCert, caKey, true, "localhost", net.IPv4(127, 0, 0, 1), net.IPv4(127, 0, 0, 0)) + if err != nil { + log.Fatal(err) + } + + if err := writeCertificateAndKey("testdata/server_revoked", revokedCert, revokedKey); err != nil { + log.Fatal(err) + } + log.Println("Generating client certificate") cert, key, err = GenerateCertificate(caCert, caKey, false, "localhost") if err != nil { @@ -235,6 +296,10 @@ func main() { log.Fatal(err) } + if err := os.WriteFile("testdata/tls-ca-no-root.pem", b.Bytes(), 0644); err != nil { + log.Fatal(err) + } + if err := EncodeCertificate(&b, rootCert); err != nil { log.Fatal(err) } @@ -242,4 +307,97 @@ func main() { if err := os.WriteFile("testdata/tls-ca-chain.pem", b.Bytes(), 0644); err != nil { log.Fatal(err) } + + if err := EncodeCertificate(&b, irlvtCert); err != nil { + log.Fatal(err) + } + + if err := os.WriteFile("testdata/tls-ca-chain-add-irlvt-ca.pem", b.Bytes(), 0644); err != nil { + log.Fatal(err) + } + + log.Println("Generating CRLs") + crlProp_revokedCert := []pkix.RevokedCertificate{ + { + SerialNumber: revokedCert.SerialNumber, + RevocationTime: time.Now(), + }, + } + + crl_RevokedCert, err := GenerateCRL(caCert, caKey, crlProp_revokedCert, false) + if err != nil { + log.Fatal(err) + } + + if err := writeCRLs("testdata/crl_cert_revoked.pem", [][]byte{crl_RevokedCert}); err != nil { + log.Fatal(err) + } + + crl_RevokedCert_expired, err := GenerateCRL(caCert, caKey, crlProp_revokedCert, true) + if err != nil { + log.Fatal(err) + } + + if err := writeCRLs("testdata/crl_cert_revoked_expired.pem", [][]byte{crl_RevokedCert_expired}); err != nil { + log.Fatal(err) + } + + crl_irlvtRevokedCert, err := GenerateCRL(irlvtCert, irlvtKey, crlProp_revokedCert, false) + if err != nil { + log.Fatal(err) + } + + crlProp_empty := []pkix.RevokedCertificate{ + { + SerialNumber: big.NewInt(1), + RevocationTime: time.Now(), + }, + } + + crl_InterCA_Empty, err := GenerateCRL(caCert, caKey, crlProp_empty, false) + if err != nil { + log.Fatal(err) + } + + if err := writeCRLs("testdata/crl_inter_empty.pem", [][]byte{crl_InterCA_Empty}); err != nil { + log.Fatal(err) + } + + crlProp_RevokedInterCA := []pkix.RevokedCertificate{ + { + SerialNumber: caCert.SerialNumber, + RevocationTime: time.Now(), + }, + } + + crl_revokedInterCA, err := GenerateCRL(rootCert, rootKey, crlProp_RevokedInterCA, false) + if err != nil { + log.Fatal(err) + } + + crl_Root_Empty, err := GenerateCRL(rootCert, rootKey, crlProp_empty, false) + if err != nil { + log.Fatal(err) + } + + if err := writeCRLs("testdata/crl_root_empty.pem", [][]byte{crl_Root_Empty}); err != nil { + log.Fatal(err) + } + + if err := writeCRLs("testdata/crl_chain_all_empty.pem", [][]byte{crl_InterCA_Empty, crl_Root_Empty}); err != nil { + log.Fatal(err) + } + + if err := writeCRLs("testdata/crl_chain_cert_revoked.pem", [][]byte{crl_Root_Empty, crl_RevokedCert}); err != nil { + log.Fatal(err) + } + + if err := writeCRLs("testdata/crl_chain_inter_ca_cert_revoked.pem", [][]byte{crl_revokedInterCA, crl_InterCA_Empty}); err != nil { + log.Fatal(err) + } + + if err := writeCRLs("testdata/crl_chain_irlvt_cert_revoked.pem", [][]byte{crl_InterCA_Empty, crl_irlvtRevokedCert}); err != nil { + log.Fatal(err) + } + } diff --git a/config/http_config.go b/config/http_config.go index 37aa9667..c632f9e3 100644 --- a/config/http_config.go +++ b/config/http_config.go @@ -20,6 +20,7 @@ import ( "crypto/tls" "crypto/x509" "encoding/json" + "encoding/pem" "fmt" "net" "net/http" @@ -861,6 +862,13 @@ func NewTLSConfig(cfg *TLSConfig) (*tls.Config, error) { tlsConfig.GetClientCertificate = cfg.getClientCertificate } + // If Certificate Revocation List(s) are provided + // then let's read it in so we can validate the + // scrape target's certificate properly. + if len(cfg.CRLFile) > 0 || len(cfg.CRL) > 0 { + tlsConfig.VerifyPeerCertificate = cfg.verifyPeerCertificate + } + return tlsConfig, nil } @@ -872,12 +880,16 @@ type TLSConfig struct { Cert string `yaml:"cert,omitempty" json:"cert,omitempty"` // Text of the client key file for the targets. Key Secret `yaml:"key,omitempty" json:"key,omitempty"` + // Text of the CRL to use for certificate revocation verification. + CRL string `yaml:"crl,omitempty" json:"crl,omitempty"` // The CA cert to use for the targets. CAFile string `yaml:"ca_file,omitempty" json:"ca_file,omitempty"` // The client cert file for the targets. CertFile string `yaml:"cert_file,omitempty" json:"cert_file,omitempty"` // The client key file for the targets. KeyFile string `yaml:"key_file,omitempty" json:"key_file,omitempty"` + // The CRL to use for for certificate revocation verification. + CRLFile string `yaml:"crl_file,omitempty" json:"crl_file,omitempty"` // Used to verify the hostname for the targets. ServerName string `yaml:"server_name,omitempty" json:"server_name,omitempty"` // Disable target certificate validation. @@ -896,6 +908,7 @@ func (c *TLSConfig) SetDirectory(dir string) { c.CAFile = JoinDir(dir, c.CAFile) c.CertFile = JoinDir(dir, c.CertFile) c.KeyFile = JoinDir(dir, c.KeyFile) + c.CRLFile = JoinDir(dir, c.CRLFile) } // UnmarshalYAML implements the yaml.Unmarshaler interface. @@ -920,6 +933,9 @@ func (c *TLSConfig) Validate() error { if len(c.Key) > 0 && len(c.KeyFile) > 0 { return fmt.Errorf("at most one of key and key_file must be configured") } + if len(c.CRL) > 0 && len(c.CRLFile) > 0 { + return fmt.Errorf("at most one of crl and crl_file must be configured") + } if c.usingClientCert() && !c.usingClientKey() { return fmt.Errorf("exactly one of key or key_file must be configured when a client certificate is configured") @@ -946,6 +962,8 @@ func (c *TLSConfig) roundTripperSettings() TLSRoundTripperSettings { CertFile: c.CertFile, Key: string(c.Key), KeyFile: c.KeyFile, + CRL: c.CRL, + CRLFile: c.CRLFile, } } @@ -1014,6 +1032,7 @@ type tlsRoundTripper struct { hashCAData []byte hashCertData []byte hashKeyData []byte + hashCRLData []byte tlsConfig *tls.Config } @@ -1021,6 +1040,7 @@ type TLSRoundTripperSettings struct { CA, CAFile string Cert, CertFile string Key, KeyFile string + CRL, CRLFile string } func NewTLSRoundTripper( @@ -1039,7 +1059,7 @@ func NewTLSRoundTripper( return nil, err } t.rt = rt - _, t.hashCAData, t.hashCertData, t.hashKeyData, err = t.getTLSDataWithHash() + _, t.hashCAData, t.hashCertData, t.hashKeyData, t.hashCRLData, err = t.getTLSDataWithHash() if err != nil { return nil, err } @@ -1047,9 +1067,9 @@ func NewTLSRoundTripper( return t, nil } -func (t *tlsRoundTripper) getTLSDataWithHash() ([]byte, []byte, []byte, []byte, error) { +func (t *tlsRoundTripper) getTLSDataWithHash() ([]byte, []byte, []byte, []byte, []byte, error) { var ( - caBytes, certBytes, keyBytes []byte + caBytes, certBytes, keyBytes, crlBytes []byte err error ) @@ -1057,7 +1077,7 @@ func (t *tlsRoundTripper) getTLSDataWithHash() ([]byte, []byte, []byte, []byte, if t.settings.CAFile != "" { caBytes, err = os.ReadFile(t.settings.CAFile) if err != nil { - return nil, nil, nil, nil, err + return nil, nil, nil, nil, nil, err } } else if t.settings.CA != "" { caBytes = []byte(t.settings.CA) @@ -1066,7 +1086,7 @@ func (t *tlsRoundTripper) getTLSDataWithHash() ([]byte, []byte, []byte, []byte, if t.settings.CertFile != "" { certBytes, err = os.ReadFile(t.settings.CertFile) if err != nil { - return nil, nil, nil, nil, err + return nil, nil, nil, nil, nil, err } } else if t.settings.Cert != "" { certBytes = []byte(t.settings.Cert) @@ -1075,13 +1095,22 @@ func (t *tlsRoundTripper) getTLSDataWithHash() ([]byte, []byte, []byte, []byte, if t.settings.KeyFile != "" { keyBytes, err = os.ReadFile(t.settings.KeyFile) if err != nil { - return nil, nil, nil, nil, err + return nil, nil, nil, nil, nil, err } } else if t.settings.Key != "" { keyBytes = []byte(t.settings.Key) } - var caHash, certHash, keyHash [32]byte + if t.settings.CRLFile != "" { + crlBytes, err = os.ReadFile(t.settings.CRLFile) + if err != nil { + return nil, nil, nil, nil, nil, err + } + } else if t.settings.CRL != "" { + crlBytes = []byte(t.settings.CRL) + } + + var caHash, certHash, keyHash, crlHash [32]byte if len(caBytes) > 0 { caHash = sha256.Sum256(caBytes) @@ -1092,13 +1121,16 @@ func (t *tlsRoundTripper) getTLSDataWithHash() ([]byte, []byte, []byte, []byte, if len(keyBytes) > 0 { keyHash = sha256.Sum256(keyBytes) } + if len(crlBytes) > 0 { + crlHash = sha256.Sum256(crlBytes) + } - return caBytes, caHash[:], certHash[:], keyHash[:], nil + return caBytes, caHash[:], certHash[:], keyHash[:], crlHash[:], nil } // RoundTrip implements the http.RoundTrip interface. func (t *tlsRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) { - caData, caHash, certHash, keyHash, err := t.getTLSDataWithHash() + caData, caHash, certHash, keyHash, crlHash, err := t.getTLSDataWithHash() if err != nil { return nil, err } @@ -1106,7 +1138,8 @@ func (t *tlsRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) { t.mtx.RLock() equal := bytes.Equal(caHash[:], t.hashCAData) && bytes.Equal(certHash[:], t.hashCertData) && - bytes.Equal(keyHash[:], t.hashKeyData) + bytes.Equal(keyHash[:], t.hashKeyData) && + bytes.Equal(crlHash[:], t.hashCRLData) rt := t.rt t.mtx.RUnlock() if equal { @@ -1132,6 +1165,7 @@ func (t *tlsRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) { t.hashCAData = caHash[:] t.hashCertData = certHash[:] t.hashKeyData = keyHash[:] + t.hashCRLData = crlHash[:] t.mtx.Unlock() return rt.RoundTrip(req) @@ -1249,3 +1283,179 @@ func (c *ProxyConfig) Proxy() (fn func(*http.Request) (*url.URL, error)) { func (c *ProxyConfig) GetProxyConnectHeader() http.Header { return c.ProxyConnectHeader.HTTPHeader() } + +// The function is invoked at the end of TLS handshake. +// It is verifying peer provided certificate chain status +// with provided Certificate Revocation List. If the +// verifiedChains is nil, skip the verifyPeerCeritificate. +func (c *TLSConfig) verifyPeerCertificate(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error { + // Skip the CRL verification while verifiedChains is nil. + if verifiedChains == nil { + return nil + } + + // Ensure the peer provide certificates. + if rawCerts == nil { + return fmt.Errorf("unable to get peer certificates") + } + + // Parse CA certificates to a slice of certificates if provided. + var rawCAs []byte + var err error + + if len(c.CA) > 0 { + rawCAs = []byte(c.CA) + } else if len(c.CAFile) > 0 { + rawCAs, err = readCAFile(c.CAFile) + if err != nil { + return err + } + } + + var cAs []*x509.Certificate + if rawCAs != nil { + cAs, err = parseCerts(rawCAs) + if err != nil { + return err + } + } + + // Append the peer's verified CA chain to parsed CA, + // in case there is any missing CA. + cAs = append(cAs, verifiedChains[0][1:]...) + + // Remove any irrelevant CA certificate from CA chain. + cAs, err = CreateCAChain(verifiedChains[0][0], cAs) + if err != nil { + return err + } + + // Parse CRLs raw data. + var rawCRL []byte + if len(c.CRL) > 0 { + rawCRL = []byte(c.CRL) + } else if len(c.CRLFile) > 0 { + rawCRL, err = os.ReadFile(c.CRLFile) + if err != nil { + return err + } + } + if len(rawCRL) == 0 { + return fmt.Errorf("CRL is empty") + } + + // Verify CRLs that are signed by trusted CA and not expired, + // return a slice of valid CRLs. + crlsList, err := parseCRLs(rawCRL, cAs) + if err != nil { + return err + } + + // Append the end-entity certificate that sent from peer, + // and verify the peer's certificates chain revocation status + // against valid CRLs. + cAs = append(cAs, verifiedChains[0][0]) + + for _, cert := range cAs { + for _, crl := range crlsList { + for _, revokedCertificate := range crl.RevokedCertificates { + if revokedCertificate.SerialNumber.Cmp(cert.SerialNumber) == 0 { + return fmt.Errorf("certificate was revoked") + } + } + } + } + + return nil +} + +// Parse all CRLs and return a slice of valid CRLs. +func parseCRLs(rawCRL []byte, cAs []*x509.Certificate) ([]*x509.RevocationList, error) { + var crls []*x509.RevocationList + for p, r := pem.Decode(rawCRL); p != nil; p, r = pem.Decode(r) { + if p.Type != "X509 CRL" { + return nil, fmt.Errorf("unable to decode raw certificate revocation list") + } + crl, err := x509.ParseRevocationList(p.Bytes) + if err != nil { + return nil, err + } + + // Check CRL exipry status. + if crl.NextUpdate.Before(time.Now()) { + return nil, fmt.Errorf("certificate revocation list is outdated") + } + + // Check each CRL is signed by any CA, if not, ignore the CRL. + // Otherwise, append to the valid slice of CRL. + for _, ca := range cAs { + err = crl.CheckSignatureFrom(ca) + if err == nil { + crls = append(crls, crl) + break + } + } + } + return crls, nil +} + +// Parse raw certificates with padding structure. +func parseCerts(rawCerts []byte) ([]*x509.Certificate, error) { + var certList []*x509.Certificate + for p, r := pem.Decode(rawCerts); p != nil; p, r = pem.Decode(r) { + if p.Type != "CERTIFICATE" { + return nil, fmt.Errorf("unable to decode raw certificates") + } + cert, err := x509.ParseCertificate(p.Bytes) + if err != nil { + return nil, err + } + certList = append(certList, cert) + } + return certList, nil +} + +// Construct the certificate chain with the provided certificate as base. +func CreateCAChain(cert *x509.Certificate, cAs []*x509.Certificate) ([]*x509.Certificate, error) { + chain := make([]*x509.Certificate, 0) + chain = append(chain, cert) + + for { + // Reach the root certificate, stop constructing the CA Chain. + if isRoot(cert) { + break + } + + // Find the issuer by current certificate, + // stop constructing the CA Chain if none of issuers found. + issuer, err := findIssuer(cert, cAs) + if err != nil { + break + } + + // Append relevant issuer + chain = append(chain, issuer) + + // Assign the found issuer as the next certificate that to find its issuer. + cert = issuer + } + + return chain, nil +} + +// Find the issuer certificate from the set of possible issuers. +func findIssuer(cert *x509.Certificate, possibleIssuers []*x509.Certificate) (*x509.Certificate, error) { + for _, issuer := range possibleIssuers { + err := cert.CheckSignatureFrom(issuer) + if err == nil { + // Found iusser certificate. + return issuer, nil + } + } + return nil, fmt.Errorf("no issuer found") +} + +// Check if the certificate is at a root. +func isRoot(cert *x509.Certificate) bool { + return bytes.Equal(cert.RawIssuer, cert.RawSubject) && cert.IsCA +} diff --git a/config/http_config_test.go b/config/http_config_test.go index ca2ed71a..5ee94f3d 100644 --- a/config/http_config_test.go +++ b/config/http_config_test.go @@ -39,18 +39,23 @@ import ( ) const ( - TLSCAChainPath = "testdata/tls-ca-chain.pem" - ServerCertificatePath = "testdata/server.crt" - ServerKeyPath = "testdata/server.key" - ClientCertificatePath = "testdata/client.crt" - ClientKeyNoPassPath = "testdata/client.key" - InvalidCA = "testdata/client.key" - WrongClientCertPath = "testdata/self-signed-client.crt" - WrongClientKeyPath = "testdata/self-signed-client.key" - EmptyFile = "testdata/empty" - MissingCA = "missing/ca.crt" - MissingCert = "missing/cert.crt" - MissingKey = "missing/secret.key" + TLSCAChainPath = "testdata/tls-ca-chain.pem" + TLSCACHainNoRootPath = "testdata/tls-ca-no-root.pem" + ServerCertificatePath = "testdata/server.crt" + ServerKeyPath = "testdata/server.key" + ServerCertificatePath_CRL = "testdata/server_revoked.crt" + ServerKeyPath_CRL = "testdata/server_revoked.key" + ClientCertificatePath = "testdata/client.crt" + ClientKeyNoPassPath = "testdata/client.key" + InvalidCA = "testdata/client.key" + WrongClientCertPath = "testdata/self-signed-client.crt" + WrongClientKeyPath = "testdata/self-signed-client.key" + EmptyFile = "testdata/empty" + MissingCA = "missing/ca.crt" + MissingCert = "missing/cert.crt" + MissingKey = "missing/secret.key" + FullCRLChainPath = "testdata/crl_chain_all_empty.pem" + FullCRLChainCertReovkedPath = "testdata/crl_chain_cert_revoked.pem" ExpectedMessage = "I'm here to serve you!!!" ExpectedError = "expected error" @@ -160,6 +165,33 @@ func newTestServer(handler func(w http.ResponseWriter, r *http.Request)) (*httpt return testServer, nil } +func newTestCRLServer(handler func(w http.ResponseWriter, r *http.Request), serverCertPath, serverKeyPath string) (*httptest.Server, error) { + testServer := httptest.NewUnstartedServer(http.HandlerFunc(handler)) + + tlsCAChain, err := os.ReadFile(TLSCAChainPath) + if err != nil { + return nil, fmt.Errorf("Can't read %s", TLSCAChainPath) + } + serverCertificate, err := tls.LoadX509KeyPair(serverCertPath, serverKeyPath) + if err != nil { + return nil, fmt.Errorf("Can't load X509 key pair %s - %s", serverCertPath, serverKeyPath) + } + + rootCAs := x509.NewCertPool() + rootCAs.AppendCertsFromPEM(tlsCAChain) + + testServer.TLS = &tls.Config{ + Certificates: make([]tls.Certificate, 1), + RootCAs: rootCAs, + ClientAuth: tls.RequireAndVerifyClientCert, + ClientCAs: rootCAs} + testServer.TLS.Certificates[0] = serverCertificate + + testServer.StartTLS() + + return testServer, nil +} + func TestNewClientFromConfig(t *testing.T) { var newClientValidConfig = []struct { clientConfig HTTPClientConfig @@ -1980,6 +2012,224 @@ no_proxy: promcon.io,cncf.io`, proxyServer.URL), } } +// Test with empty CRL and irrelevant CRL. +func TestNewClientFromEmptyCRLConfig(t *testing.T) { + var newClientValidConfig = []struct { + clientConfig HTTPClientConfig + handler func(w http.ResponseWriter, r *http.Request) + }{ + { // Full chain of CA and empty CRL. + clientConfig: HTTPClientConfig{ + TLSConfig: TLSConfig{ + CAFile: TLSCAChainPath, + CertFile: ClientCertificatePath, + KeyFile: ClientKeyNoPassPath, + ServerName: "", + CRLFile: FullCRLChainPath, + InsecureSkipVerify: false}, + }, + handler: func(w http.ResponseWriter, r *http.Request) { + fmt.Fprint(w, ExpectedMessage) + }, + }, { // Full chain of CA and single empty intermediate CRL. + clientConfig: HTTPClientConfig{ + TLSConfig: TLSConfig{ + CAFile: TLSCAChainPath, + CertFile: ClientCertificatePath, + KeyFile: ClientKeyNoPassPath, + ServerName: "", + CRLFile: "testdata/crl_inter_empty.pem", + InsecureSkipVerify: false}, + }, + handler: func(w http.ResponseWriter, r *http.Request) { + fmt.Fprint(w, ExpectedMessage) + }, + }, { // Full chain of CA and single empty root CRL. + clientConfig: HTTPClientConfig{ + TLSConfig: TLSConfig{ + CAFile: TLSCAChainPath, + CertFile: ClientCertificatePath, + KeyFile: ClientKeyNoPassPath, + ServerName: "", + CRLFile: "testdata/crl_root_empty.pem", + InsecureSkipVerify: false}, + }, + handler: func(w http.ResponseWriter, r *http.Request) { + fmt.Fprint(w, ExpectedMessage) + }, + }, { // Missing root in the chain of CA and full chain of CRL. + clientConfig: HTTPClientConfig{ + TLSConfig: TLSConfig{ + CAFile: TLSCACHainNoRootPath, + CertFile: ClientCertificatePath, + KeyFile: ClientKeyNoPassPath, + ServerName: "", + CRLFile: FullCRLChainPath, + InsecureSkipVerify: false}, + }, + handler: func(w http.ResponseWriter, r *http.Request) { + fmt.Fprint(w, ExpectedMessage) + }, + }, { // TLS Config contain a pair of irrelevant CA and CRL + clientConfig: HTTPClientConfig{ + TLSConfig: TLSConfig{ + CAFile: "testdata/tls-ca-chain-add-irlvt-ca.pem", + CertFile: ClientCertificatePath, + KeyFile: ClientKeyNoPassPath, + ServerName: "", + CRLFile: "testdata/crl_chain_irlvt_cert_revoked.pem", + InsecureSkipVerify: false}, + }, + handler: func(w http.ResponseWriter, r *http.Request) { + fmt.Fprint(w, ExpectedMessage) + }, + }, { // Full chain of CA and CRL, the Intermediate CA revoke the peer certificate, + // set true to InsecureSkipVerify should skip the verifyPeerCertificate. + clientConfig: HTTPClientConfig{ + TLSConfig: TLSConfig{ + CAFile: TLSCAChainPath, + CertFile: ClientCertificatePath, + KeyFile: ClientKeyNoPassPath, + ServerName: "", + CRLFile: FullCRLChainCertReovkedPath, + InsecureSkipVerify: true}, + }, + handler: func(w http.ResponseWriter, r *http.Request) { + fmt.Fprint(w, ExpectedMessage) + }, + }, + } + + for _, validConfig := range newClientValidConfig { + testServer, err := newTestCRLServer((validConfig.handler), ServerCertificatePath_CRL, ServerKeyPath_CRL) + if err != nil { + t.Fatal(err.Error()) + } + defer testServer.Close() + + client, err := NewClientFromConfig(validConfig.clientConfig, "test") + if err != nil { + t.Errorf("Can't create a client from this config: %+v", validConfig.clientConfig) + continue + } + + _, err = client.Get(testServer.URL) + if err != nil { + t.Errorf("Got Error %q", err) + } + } +} + +// Test with revoked certificate. +func TestNewClientFromRevokedCertConfig(t *testing.T) { + var newClientValidConfig = []struct { + clientConfig HTTPClientConfig + handler func(w http.ResponseWriter, r *http.Request) + }{ + { // Full chain of CA and CRL, the Intermediate CA revoke the peer certificate. + clientConfig: HTTPClientConfig{ + TLSConfig: TLSConfig{ + CAFile: TLSCAChainPath, + CertFile: ClientCertificatePath, + KeyFile: ClientKeyNoPassPath, + ServerName: "", + CRLFile: FullCRLChainCertReovkedPath, + InsecureSkipVerify: false}, + }, + handler: func(w http.ResponseWriter, r *http.Request) { + fmt.Fprint(w, ExpectedMessage) + }, + }, { // Full chain of CA and the single root CA revoke the intermediate CA certificate. + clientConfig: HTTPClientConfig{ + TLSConfig: TLSConfig{ + CAFile: TLSCAChainPath, + CertFile: ClientCertificatePath, + KeyFile: ClientKeyNoPassPath, + ServerName: "", + CRLFile: "testdata/crl_chain_inter_ca_cert_revoked.pem", + InsecureSkipVerify: false}, + }, + handler: func(w http.ResponseWriter, r *http.Request) { + fmt.Fprint(w, ExpectedMessage) + }, + }, { // Missing root in the CA Chain and the full chain of CRLs, the Intermediate CA revoke the peer certificate. + clientConfig: HTTPClientConfig{ + TLSConfig: TLSConfig{ + CAFile: TLSCACHainNoRootPath, + CertFile: ClientCertificatePath, + KeyFile: ClientKeyNoPassPath, + ServerName: "", + CRLFile: FullCRLChainCertReovkedPath, + InsecureSkipVerify: false}, + }, + handler: func(w http.ResponseWriter, r *http.Request) { + fmt.Fprint(w, ExpectedMessage) + }, + }, + } + + for _, validConfig := range newClientValidConfig { + testServer, err := newTestCRLServer((validConfig.handler), ServerCertificatePath_CRL, ServerKeyPath_CRL) + if err != nil { + t.Fatal(err.Error()) + } + defer testServer.Close() + + client, err := NewClientFromConfig(validConfig.clientConfig, "test") + if err != nil { + t.Errorf("Can't create a client from this config: %+v", validConfig.clientConfig) + continue + } + + _, err = client.Get(testServer.URL) + if err == nil || !strings.Contains(err.Error(), "certificate was revoked") { + t.Errorf("Expected error %q but got %q", "certificate was revoked", err) + } + } +} + +// Test with expired CRL. +func TestNewClientFromExpiredCRLConfig(t *testing.T) { + var newClientValidConfig = []struct { + clientConfig HTTPClientConfig + handler func(w http.ResponseWriter, r *http.Request) + }{ + { + clientConfig: HTTPClientConfig{ + TLSConfig: TLSConfig{ + CAFile: TLSCAChainPath, + CertFile: ClientCertificatePath, + KeyFile: ClientKeyNoPassPath, + ServerName: "", + CRLFile: "testdata/crl_cert_revoked_expired.pem", + InsecureSkipVerify: false}, + }, + handler: func(w http.ResponseWriter, r *http.Request) { + fmt.Fprint(w, ExpectedMessage) + }, + }, + } + + for _, validConfig := range newClientValidConfig { + testServer, err := newTestCRLServer((validConfig.handler), ServerCertificatePath_CRL, ServerKeyPath_CRL) + if err != nil { + t.Fatal(err.Error()) + } + defer testServer.Close() + + client, err := NewClientFromConfig(validConfig.clientConfig, "test") + if err != nil { + t.Errorf("Can't create a client from this config: %+v", validConfig.clientConfig) + continue + } + + _, err = client.Get(testServer.URL) + if err == nil || !strings.Contains(err.Error(), "certificate revocation list is outdated") { + t.Errorf("Expected error %q but got %q", "certificate revocation list is outdated", err) + } + } +} + func readFile(t *testing.T, filename string) string { t.Helper() diff --git a/config/testdata/client.crt b/config/testdata/client.crt index 5e68bd44..189a1c08 100644 --- a/config/testdata/client.crt +++ b/config/testdata/client.crt @@ -1,32 +1,32 @@ -----BEGIN CERTIFICATE----- -MIIFgjCCA2qgAwIBAgIRAMMSh5NoexSCjSvDRf1fpgQwDQYJKoZIhvcNAQELBQAw +MIIFgjCCA2qgAwIBAgIRAJhzsQ9PS6cSzJuE6HX04fswDQYJKoZIhvcNAQELBQAw aTELMAkGA1UEBhMCVVMxEzARBgNVBAoTClByb21ldGhldXMxKTAnBgNVBAsTIFBy b21ldGhldXMgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRowGAYDVQQDExFQcm9tZXRo -ZXVzIFRMUyBDQTAgFw0yMjA3MDgwOTE1MDhaGA8yMDcyMDYyNTA5MTUwOFowNjEL +ZXVzIFRMUyBDQTAgFw0yMzA3MzEwNDUxMzlaGA8yMDczMDcxODA0NTEzOVowNjEL MAkGA1UEBhMCVVMxEzARBgNVBAoTClByb21ldGhldXMxEjAQBgNVBAMTCWxvY2Fs -aG9zdDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKE5sMf63irOiAEo -a5GMONLHDji9ATAVs1erm6NW/17UPOSjN1Q1n6JGTp2XLKb5gle7gdGdjXW9IB6n -PhXwQp4ZvTaucMxcZ+Zik19tn+azKdfj/FXU0c9R5oEv4B/1jfKG258dQF5es/Ga -A2WW3nWA6IwQkHcBcN7cBQCZZ1GcM81rxybuyU4k/FyMheehcJ5MN8iy0Y0YrMcZ -KxmRfAR/EfVYjenWXjZNncsUXotQr5I4wBUJ/pj5pYQWpSuyO6oADX1EzcxuL6bO -XoEHfGFqmr90lM/x19bHzllu1UxIwqmT8jW3Je89EhlBxb0htNWNg4hKY7658Khq -L0tx0AsdIru/JuoQGXrDs4yf+3xL51zSeMr6jewl6AyGQKCc5E+c/zwklCdsVFw7 -zapbT6Hok5HjSoMnRi/EGLtd33CQjvgGooPA4LLzWpbZhoA7QZLBXhvAG3qIkTXr -1SaDQcP6GvYItEo3Yvqle7hWqhJB5E7QJ2+0j0ztbOLZBkuQGmiT4Ebsx5IJrRaT -jDCkqYzuHjdTAtwDQR6Tuy2Sc+AuAxI4kDH6EwpX5X7E2mkE2RyYusiu6o400K6F -QhRysPf1BXxSwQgcvsQTjcl8InyY/JT+7q7TCOLaXoj5rQDwIQdao0IRgr1+M7FQ -5rsuLRD92EI/vLfSikk3MxcwZ1qzAgMBAAGjVjBUMA4GA1UdDwEB/wQEAwIFIDAT -BgNVHSUEDDAKBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFMaa -Hh5g0+YopeLd1IkizXyK9K/zMA0GCSqGSIb3DQEBCwUAA4ICAQA1qIgzzSid9YZS -v3kfqaDmZ3ickDuoJg4DjOz4AoZF+o2SnS/kXrIs/pTABUcfhgxt6xNJUFPIi2Pa -IQXkS24Ya85RJxNUrJmqwhavONoxNoC9RBdNqwQy30DxrBcB+881Y/Ln3VQu6mfj -aLFk09LFddz3Uc26spc257GkWfvdKjki5xDiFYze8KO0s+J/OWluNOiBG1Pehj+c -CkwPzy9lwX0JCbAhsDkJGSY4rh+MO/bg9RemuqCPrmOIH8laBnJFvMTZyZRUTQlB -pAcS8Oa6Bth5DUV7XSwWD6ZOe8Jo5BzJmw5hd5/EA+0+LwZqxmB9d7lGMKgEOMJw -rIQZCN5PlYYkp31y190rw5XklHMeUJUNzcZKa/tNhjwmU5Pj01gdS5/AnFqO3zRW -w3jUI6GR7rqj8g4P/kigIUyuX1Our6K27HUWVmt/SC+DHrhF+J7xet0q3R+UwUx1 -4wTzXnA1++s19G9wzo/HenCOTvU2bprl/WQ66/lICU+xxwHfs6kltY3SItvczqOf -+iZrmDn/0jmoarkhaND0EpiG6FbsNWsCprPP1uj0ICqvcBD7VfqT4NWY8QWcoqqr -JxiOAuuh0iNj8dmax3suNmd+XKIhVHZ3lRBRxrsqqi67axk3mgQby2j9sLxNmrqD -Lc+UGxJB/WZg4NvzZSaj2MZmt4zOHQ== +aG9zdDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKIvHXO/uIiJGBRU +5L9h3Hg5n7jDy6Hcc12m99SUKnoRQxV7Td7w3VxmyhQ+t1WtNKPCb12ChTO4U0j0 +zctQbF1zg+R1dKIGA+TtzzRFNvrqSDkhA7z/4k2JH8GVpMRrmi8DDMntSwKp5Doq +YD/dShuofRm+xfzsjvwj+fUHZKhR9lQhiGbdTdi+wlSdpiCCs2F1v92BC+PSy1kP +F0V65lrvRJTxZ0y9BK7GqLgGscMYxP1VMjSZ2xdVIcnXk7xgJ3QaG0I3vGhJGGmm +cgfvdUMLP6ydnPp7OUPJuCt2GqIvkILiHvctbKhuptAgDR0+S87bL7xDcGl5VldL +SpyWAIgFp7De2AksI/QySSaOrSwORWFYPi0/8ybIUjanTjJBQx05Mv4IVHlBQESk +dojG+BtccoygbT3vYk8tRjByi7XHZFqy34U+bRJ2pi6yw0RMHdO8QUihUeTxqw2r +hRLleqofvlt20XIHCdlDzLTaSwfZrvw/Gaphv6rnlZhZwFCF0SULpFNH9CI/Sud7 +nWoI//SnQcyNBnZtDReTYlDCl5UfZGiuZeZYG/Vr8Y6X2y7PVvOsxnCxc8a8RdZL +sjiNzP3yRzrYY23hZu+nwvWq2Xm4/iYdGowSftT0ThaD9GhMhUKgXUu8e/n1kHq3 +GKr7ph2Gu1sLWVGkRMufhKbefXf1AgMBAAGjVjBUMA4GA1UdDwEB/wQEAwIFIDAT +BgNVHSUEDDAKBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFAoA +zCK5fa32Yi/QFHlVTvarRTuBMA0GCSqGSIb3DQEBCwUAA4ICAQCebDl3YIEK+4Z8 +eOfSVbURIY6KC1eeh1/MPJRIR/5kI1Njp3dFLveqpaLWUlV1VQeVJxq5bLWeuh1a +JcZyEUPoB8A0Yk3Vl6FkT2Ff4gp1F9B8or5V3swrOLKvTXcBWWquHp5v8H7nbmzB +4KOAD2jcUYS45UB/wYSPJiL3frHigHBf7j9X8xrdTap4xHmSeXUH5qfgj7hAaMIR +rf+19AwRrBWnqEnledUPDheEm3ZAvU+9kvTaqGvD01VW1mvmbKSA1VZZX17Ob5ol +vXZ3Kn3gKBVu3KxYup13jPyirLhZEBgvBW4O1gYT3aRKvqGfAU8kCDDZoYipQlva +67zUGdbnOEz8HPpTJSCtSiHb+y6nUcwAVB6NN3bGtL4ZOa/R2h9zEQaqggWuzeej +bNArPWVbMiDhH+HwIeS3+IghHj82Wlinp0uqHvAVcn3Bi8SflcMTCCo8wET25EOq +852bf3v9+NVYjEGfYSKRYtKcu2Uz5R8Y3Fkg9cd8eH+rbSS3S7bJmPCFKxYKVuGl +iH0qlAKKTLBd1FS6tdeanrkI76REOKU6Qvx1TNwio+6XsC3oobvEjVqnZ4nD04dp +Yyj/9whS4G8bwl4UWgTHCMsTENKhn0y/YY5/hDRxa5yBmEanmxX+3QG9wDnmr5ls +sfVQAwvCPssjj2jfrb5Bb18R/MZ6dQ== -----END CERTIFICATE----- diff --git a/config/testdata/client.key b/config/testdata/client.key index 9c768235..42c142eb 100644 --- a/config/testdata/client.key +++ b/config/testdata/client.key @@ -1,52 +1,52 @@ -----BEGIN PRIVATE KEY----- -MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQChObDH+t4qzogB -KGuRjDjSxw44vQEwFbNXq5ujVv9e1DzkozdUNZ+iRk6dlyym+YJXu4HRnY11vSAe -pz4V8EKeGb02rnDMXGfmYpNfbZ/msynX4/xV1NHPUeaBL+Af9Y3yhtufHUBeXrPx -mgNllt51gOiMEJB3AXDe3AUAmWdRnDPNa8cm7slOJPxcjIXnoXCeTDfIstGNGKzH -GSsZkXwEfxH1WI3p1l42TZ3LFF6LUK+SOMAVCf6Y+aWEFqUrsjuqAA19RM3Mbi+m -zl6BB3xhapq/dJTP8dfWx85ZbtVMSMKpk/I1tyXvPRIZQcW9IbTVjYOISmO+ufCo -ai9LcdALHSK7vybqEBl6w7OMn/t8S+dc0njK+o3sJegMhkCgnORPnP88JJQnbFRc -O82qW0+h6JOR40qDJ0YvxBi7Xd9wkI74BqKDwOCy81qW2YaAO0GSwV4bwBt6iJE1 -69Umg0HD+hr2CLRKN2L6pXu4VqoSQeRO0CdvtI9M7Wzi2QZLkBpok+BG7MeSCa0W -k4wwpKmM7h43UwLcA0Eek7stknPgLgMSOJAx+hMKV+V+xNppBNkcmLrIruqONNCu -hUIUcrD39QV8UsEIHL7EE43JfCJ8mPyU/u6u0wji2l6I+a0A8CEHWqNCEYK9fjOx -UOa7Li0Q/dhCP7y30opJNzMXMGdaswIDAQABAoICAHKXAmLgl09tg5TvGaVVOH33 -JNCG5XU7t0A0pGYvy0mnJ7CJoSWlB1TbC71OWVpENLQOfXJyvLxWM6IV1DbbkT21 -pZpb2agmdWJ15bEJxYC/Dpp3XD3VCVqFJ4PidzW/3afm2en5bGqmfNbXVFq8JFj3 -ylDi5QrwZzy+vH90iM6kat0yIVY2mbWE7CkLZ5D+WYDpQyzOi8nxI7xO0ydVFARO -HIF480SkLEoEWIaib6AtNNyEoWFSvTYVGeMMBVFNWMK3Tt8eK/eEyTGRs/GZVHoY -vuwc/Dff+Dybvrop4Ehb3p+Qm7I5/ihQC7EP4m9Oqayu7DHOTZ6docLR1dOVjPt4 -F0qkeMGaGTDnfGmocqaKskGmhNWEnav5+aaYtFRXEqkLW53lIaGcWv2kyaFfvCYg -L810FEn9D5OVmlLjgUrzeEctFmhO2Br33dLl90imtuVI3Kg/qzsM9fiV0KbsONzq -I7aIvZZjXrevCOFtNSTfxNT8PrkyjWYN+2sbLWCR7hRvuzSTHI/qh2TzvyhqKeWc -ZPVlIT2qvBN5OP+j42J54VXwJNIwUmbKfnETvHMp3Cht/UaEtj/vzAkYB0paEQUs -O80vWwN4zk6H/qRV0HewUoNIGYlnTFLg/uOlLwbkctYH9ubEaobtVtwx6hsZ12AM -m7N27FsiAf6KJOGN2CqhAoIBAQDBuQgDxtf3XaoUc8YJKnvGRFMmuq8VWIELF2E1 -/u+IWP8f89BoUon7J5VMHvKiuvsVa6bOJpENrp/fV9+5IA7a925U7il8LmGis+v7 -Sg5pWMJ6gUXq65jssXw0PPDyHEHL0WTwI6KlcI0+Pt8zPujq0TPeHBOadlaPHdg2 -lHEWPvuoAeZknLnYWF7Eq0y3cD2LBiFiZWNRO0wccFf7CA1O5ToUDkFB0zXB5ZOJ -RgVSUQ5Gnva2OSB+dfFc3HwOADqjnBW+nMDi/ofH2rQEysEp4iTV4N+HkWxpNUPU -9Z3KRUN645P1BK9ufwNnqsagJU8gKNR9EJKITiPU3jqKi/IvAoIBAQDVDjDi574a -btsUQcUcip2na+D5jRts+/5lugA5OT6GzIRyYP8WgH7JMbwC91cB3avV08y5SHMB -P1wo04qaBL+p1by19ewZ6f4Kfytoad7ZGb/P9tX8H30N8Q/k9kucn4igpJ6XaQXU -tJIKWoBsNuUTZkPwa0+FMBBbRFRagu+mbOwnKR6zNIXNh18K7/LCJSb9jy73xG7k -DEuRJH10Ow0Ijo4/UACm0CLdavtVtbkGfarETfZSUPuKMHs6dyAME94+IG3WgmWW -B1WbtrWXw6RNhaecYDfjeW3iFOjgo+MpaQpnfiz7nqNrUu5zbteJYM2EdHI1baJ+ -/VXsXsc4hdK9AoIBAEyWkJqdpIiBmVpYozTAfQrXvGAVcl7oDKyL47zrO1wWg1bo -l76G01JeReJAYgEAF4BSfTIHgVV9cmtkXGjeScE8DXy6Y+BanfMrWuKQVr5Dfy/b -p/7GgkEhsk8cwM2XalPgRx3BmO37X3v6c1fZSVB8wRrQ0tdAbdxLGk4JxePbpra3 -eZTReZAU7/KlHsFvOIWcONqj5u4YmXCs4bu3ZTuJ2LpRIG+bxycPUpL1AemXbiNx -eWx1jWkxy+jAqrMGWCiS7u3bH08e/iN/TaiPWGrso0+Dhhwc3FWD33t0V5u+Yn1V -OAuofIsc4AW+OKTb2zqFqex//s6wxe3EpjRcO7UCggEAXVL5APtn3yY92pKwp77k -LejoRAeWQtfi6GZgILC9fchqH7vzIMUqRDD/3QDA4PVbhq9e1q4wihRZ5xw6cxqv -ZdJU9hOB1xwTBkAMIJF3ZvuLdKn3s5eLbKbyQmXMWw/ahht1yHbdcf2iltxrsnsd -PrEmA1LOI1YZZBD7LiZ6mRjPHJw7cV4JWiz46c6PNJGXkau9dBRcSpJEK5CjT11q -aRwgnQULNAaprvlknHecU4aKXbCUvBvzAuYXpFV3+TJewDHuSu8VVnFiA3I1+wNc -ngR0ld/ju0V+Z3CnTXccUxBK2WiAhbtIdAOApZmg2fFINMPZHyQl8KBBmecuNskP -tQKCAQALxoCzLhdq6Kl/mqqdPTlvncIuAoaH2VjEc5ZpMIHShPd1YfPv5/sQkD4B -8X7QNLPITaSGvNTevyg/KtVPuWyyCxEjmIXDXOCXkylmJFY9tgaaSGPLRJ62sIbz -EJGmUUOBYD+/ybV+dQd3GgkGJ0Hytp+FM8NCWukCFRAxb1m56xfs+RTBuLdJpou7 -AV+RafQV1roAQ+Pj3dFsoR6jBJIM4w0S5Q6609W062hrR6hBrlVBGfZpo/Mgmv5K -HEnQ7X+AqPaK7BLdzBQb2Qd6hGF8DMVTSBRlc/THnhK/HlVCuWMNuEliGtmIuGYE -0FRrwC2EvZmAS7m/FHfkpry76CRU +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCiLx1zv7iIiRgU +VOS/Ydx4OZ+4w8uh3HNdpvfUlCp6EUMVe03e8N1cZsoUPrdVrTSjwm9dgoUzuFNI +9M3LUGxdc4PkdXSiBgPk7c80RTb66kg5IQO8/+JNiR/BlaTEa5ovAwzJ7UsCqeQ6 +KmA/3UobqH0ZvsX87I78I/n1B2SoUfZUIYhm3U3YvsJUnaYggrNhdb/dgQvj0stZ +DxdFeuZa70SU8WdMvQSuxqi4BrHDGMT9VTI0mdsXVSHJ15O8YCd0GhtCN7xoSRhp +pnIH73VDCz+snZz6ezlDybgrdhqiL5CC4h73LWyobqbQIA0dPkvO2y+8Q3BpeVZX +S0qclgCIBaew3tgJLCP0Mkkmjq0sDkVhWD4tP/MmyFI2p04yQUMdOTL+CFR5QUBE +pHaIxvgbXHKMoG0972JPLUYwcou1x2Rast+FPm0SdqYussNETB3TvEFIoVHk8asN +q4US5XqqH75bdtFyBwnZQ8y02ksH2a78PxmqYb+q55WYWcBQhdElC6RTR/QiP0rn +e51qCP/0p0HMjQZ2bQ0Xk2JQwpeVH2RormXmWBv1a/GOl9suz1bzrMZwsXPGvEXW +S7I4jcz98kc62GNt4Wbvp8L1qtl5uP4mHRqMEn7U9E4Wg/RoTIVCoF1LvHv59ZB6 +txiq+6YdhrtbC1lRpETLn4Sm3n139QIDAQABAoICAB0be5u0gvfuMuYjPlKiy6DA +JsxQR5GrMQFT4BLE7MKvqmyGjrk+XVwiDo6HmvvDdDkXwkj0Ddf0cu4bEXw12N0E +yF0OP3p8veIuVAu7iFyMA55NMJCRFBp6S7rAkqu17BwX3gm3jsjRmOZfiJqtqolA +OgOO25XDFv5lroytYQFchGshAYwEl94YjmQFTzVyf6M0MNUePfYLdPds3+5WWlVj +r9lTYgjBu79qZAlzGiA7p88XpUUPf+S2ILRK/nbGgw4xSUcfHa9RvxHnD3whG9iG +gk0GlI/X4bUq1OTn82u8QaFb19bgzimEgmfD+NaQwaZEbFLLf7dOUZKlLqTfvwRh +a5YsMifFw3z/3D/xizT+To/IT/NKrczCBt0S3/sAWjSYvfwEEXeYmuVYMdGF5ILZ +qm/lToEjb7Hjzgd4hdjo3mJsZ+yeg1Kqnhqu4zBruyPzDo48J/eMlW9UKaAh4hoX +M0L3xSpuWflTKElSEgRzV1n77rtcDYKwI/Vb07mbFtqdd1TPyZLiOBd2eCFi2CSJ +nhKwVUnkiyf+05r8zpoXBPj7zeHWVQwQppFy1JHw9WndXC8ONIaviLDdqxfKMC1o +mqcZE56XhlsBpCJWOZrTZt0YQEnemDmC4D/jglmLPD/kIf0R5k+nidNbw3rkv/fy +nejqqVBJgpbD5FVrK+oBAoIBAQDL10NGqINEGHPrm3APSrSAaoFgcT8sByX6QbsW +JZXORlrZ4X/fepQA9RDuf6/n9Enqfz7hXvj0b0dIxs04cQ3AkG4oLsftai17q4pP +QaE4QR4Bl1YYh1mFkNE616JFQh2BV7Japts2/9GiS+e+ppSCFG8ZXQEvHjj5SFk5 +M1bhFqf20My8AxoH2BfOWgWkqjzpd11UCl9xfOlLZSwuyUuLQneoHDn38JFJKePe +eVzwjfz/+61hmvVQrvOQK+ArqozjQut/E33wVO+VeNn9E9TAoH8tZz6rU+lfa3v6 +H/rYgonBYIeeqYTF1XT2ZLzxhLjTZd1w14tBA+zOx4n4Mz61AoIBAQDLrxfNMrOS +OEbfyjqz5ntaEF8OfEcKGpevCSVL1f5tkDfh+5dzCZyZFZL5aRN4Bax7+lJSkftJ +Bie5UU4aV5EzjGtqH1Oz//PIKat2ZrT97rz+j0dnAevUSrr9m15anH6pKsJ3L0k1 +iteXt6N8Sx2aHzO1dRztT9qKhFKtQnbRbH0/nhCOU8l+jieuqkG4iDnbmHSRZQkk +zowtAkiRVWKSt2xqTQhv3VVMd8mDUUL4swzQnb5tlkjoqikoAKICG6jkAgJkyd8+ +qeiQuCcIRa/UrY/4xJ/qq3ZJq6bzH6sDfXPH1P87kQq3HsYTyIx72wifLsJTMyOc +bsnd8qt4m9xBAoIBAQChwIa1OiE31wOdkbHBoLFNObbCdfsAEAgV5zTzZQ3UKsYL +IULcbqOlgtJVv2Mx+Arzltep9Tgul2MEoCTXRfb4uGOBZWXmwpunCD9vlw+82Qdb +keCTBEyIjZtKSzSMKuPI8HMqNj+8DBIo7HzQL9Wmx1pF0SSQZDYnsj6DAndNlDHi +zFu6UefFE7gIWi0iNqixRrP7bWPBZbKmznjaA4f70NmswAFL+0z+tswIjVuv06xQ +4UD7NAC4bqv92qM/Y037RO4k363PGUco4EZy6dqopHNm7weu4p5MxrkRiXD/f86a +ceQMhk5CwpjWsKeyK3SS48FtuszY4al3iKW2G8wFAoIBABvovgYr8FcUxwFbIHgO +GNDadWvys3k685XUVvvxMo+otz+LzdDBfGetgRoTv8suW9gREL6nqhrzcPX/oggR +/59kmkNMT5fWdnzy2L+8iwhQci0fTNVcegf4xW6Cn4ci8mgTp9nU7N8dSzVKwGgD +kubPZ7Jxfak2y+c3Am0jMky35OGWswYNjQp+SAmy4pZ6dBMW7MIPahVVB/gS3Aau +AHfCEmTucT2CwnFb6IzJ0bdqMVNUigdSFGNtDX6ht5E6YQX9EH7m+mQHvAo4cYC8 +q78kmRmpN5BcNjUaBCJEMJal1fuHwAFVenZlDRcg378I4EGPkqj71OFWfOqgmcZI +9QECggEAT7aZ61D5by+D1MucBTlFf8coSasPUmFEnbF79r9A4Qd1Cok0H01/2wXt +X5ZeuwRX50+9x3MwlDsAUgK6DprBls+ReB9Qdwy/IXNYGLYuOG1qcoVSJtdGNXWK +1rP/5J9nZAkZbma/j/sLfj9p+oRW5eDncHSfZCUF4IiJSvbpV4kqna1iWQ4Kwg/e +1162pOL/vS7CpoIYvmTK0PTSKW9I6sb/sVaJmaspjDNR1Wox/Un4ykN0T0FWLH6d +IZxvXyv7Tsx1aZlWXicDjFg4c+7SgoJupgUNgzRZUmFOTKXBUA4EsFmzDi+mfDcy +SkiztxLj1Lqz7t/tItLbXl2+cXX2fQ== -----END PRIVATE KEY----- diff --git a/config/testdata/crl_cert_revoked.pem b/config/testdata/crl_cert_revoked.pem new file mode 100644 index 00000000..e470bcb9 --- /dev/null +++ b/config/testdata/crl_cert_revoked.pem @@ -0,0 +1,19 @@ +-----BEGIN X509 CRL----- +MIIDCTCB8gIBATANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzETMBEGA1UE +ChMKUHJvbWV0aGV1czEpMCcGA1UECxMgUHJvbWV0aGV1cyBDZXJ0aWZpY2F0ZSBB +dXRob3JpdHkxGjAYBgNVBAMTEVByb21ldGhldXMgVExTIENBFw0yMzA3MzEwNDUx +NDRaFw0yMzA4MzAwNDUxNDRaMCQwIgIRAJhzsQ9PS6cSzJuE6HX04foXDTIzMDcz +MTA0NTE0NFqgLzAtMB8GA1UdIwQYMBaAFAoAzCK5fa32Yi/QFHlVTvarRTuBMAoG +A1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4ICAQBBgnGL2IxYkHUtVEsHJr+/u9Gk +Lw8sCcadLDSCT3z7VbJbyxSwEP9oAofKDoH7ycSg/P2aPwtmSYbK31UJuHsGUNHI +tb14DGtWYz0Uq8DKE+biXquRW9lLTOulCU7L7jraHgnZTEMku3q/ngamYZhvfViT +zPQiVKTp9i89QgqYh8DiFhhmD2urA/kzmyo93/uAAsrhzdcOwW9bfLhAP0iQty22 +Lx839auxO//3VqBCF34/XkoSDXwNIsU1ezk7f3kTjNhlLv4XPPQfx6NdIZhgDJ6a +HQS0ef4/7Is4pOPeCSpee961EOOW134xWSnlZ8BIA53MLnlwLYBqse3iYKnxF+nu +IwBWexgakhEUm2pem8V2xw3ww6fMlaXIaH635s4ZuGRFvyYI6/2BXrsCXpNpRHrm +pb10mI/fX3kuqQeX/fZ0oUIXnTLGuLMM2ruzN6V8gUpdEIU6m3jToI6h85qVSMRa +4Ki5QOWLng3lhs/swYPZbbz1VMpdTMAL16a++hfDkV0S4or93XCfxyjT42JI6Vfh +dsc0Xqg1WrA9n3Mc/Epja3A2Epme48/W1urnmUdpwzHalaeKL054jR1KAZzj/DEW +mY/XnGmv1pwYPfz24wbbkFtIk1jF4Z2fwudfG+RMAuhI6mK5YM0ACawlF4EVuZ4g +odbYxmxO/SbHGldMxA== +-----END X509 CRL----- diff --git a/config/testdata/crl_cert_revoked_expired.pem b/config/testdata/crl_cert_revoked_expired.pem new file mode 100644 index 00000000..9248b7b0 --- /dev/null +++ b/config/testdata/crl_cert_revoked_expired.pem @@ -0,0 +1,19 @@ +-----BEGIN X509 CRL----- +MIIDCTCB8gIBATANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzETMBEGA1UE +ChMKUHJvbWV0aGV1czEpMCcGA1UECxMgUHJvbWV0aGV1cyBDZXJ0aWZpY2F0ZSBB +dXRob3JpdHkxGjAYBgNVBAMTEVByb21ldGhldXMgVExTIENBFw0yMzA3MzEwNDUx +NDRaFw0yMzA3MzEwNDUxNDRaMCQwIgIRAJhzsQ9PS6cSzJuE6HX04foXDTIzMDcz +MTA0NTE0NFqgLzAtMB8GA1UdIwQYMBaAFAoAzCK5fa32Yi/QFHlVTvarRTuBMAoG +A1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4ICAQClxhuga0SCqdEpMn1uj5ALxKbz +7P8wyfEBfRRJIp+sTx8H0oCRV/rc4YxUOwTinlrI77il0+rkEAw4lr++74fZBLNZ +UgkggqR//upMwq7wvLxMv1j7b5178J681/1lxtpLmZWkC6wbHZsNxzRkVTDpDylE +cWGs73orr9Z6yiZbAryVFgbDXRy6N+B/nrLehAoW8GZRXUxSdCF4iuzi5EmdAK6I +0j3NqWGZ8D33DA772AF6n90ecVXT0uFFPX4TXeuE0vPRq6StgloKoutI68A+aivU +rIBNomV8SN9GnKQy6C0Wu4A9qT756ON6BSs5EJ05gJCBCCjP57s3r5lruGguQfAH +TJCFijtdD64OsT095TmhI4zNbvdA09+uxSSjJJ9oRk2Wq7WJ0kSoQFg/IxM/dy5U +I82P6C+RnJ+3UkcgJcSpsEZYWocQbPgUr6RA5cFwRsNud4npuKAuzpGKxXeZQJZy +GKqF1LkWG5t9Ci1BAXm8a/TFevNkHxnZqurm88APcsEMepwTJO3ZPgrcGckTQA72 +/uiufF25/NXKNOVJH4nOr/7qG9THm7odbLTJJmc4UaaHOZTb/DQkt9I7eFav2tmn +2kUbMBgDOe2WxNbpq1rHJa7GcFmE5bOm5UDOs+K6kWtqLF0fMoVfFwLRVeX0Lpgy +MGDXUxdS2IRwkY9c3w== +-----END X509 CRL----- diff --git a/config/testdata/crl_chain_all_empty.pem b/config/testdata/crl_chain_all_empty.pem new file mode 100644 index 00000000..05d43f54 --- /dev/null +++ b/config/testdata/crl_chain_all_empty.pem @@ -0,0 +1,36 @@ +-----BEGIN X509 CRL----- +MIIC+TCB4gIBATANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzETMBEGA1UE +ChMKUHJvbWV0aGV1czEpMCcGA1UECxMgUHJvbWV0aGV1cyBDZXJ0aWZpY2F0ZSBB +dXRob3JpdHkxGjAYBgNVBAMTEVByb21ldGhldXMgVExTIENBFw0yMzA3MzEwNDUx +NDRaFw0yMzA4MzAwNDUxNDRaMBQwEgIBARcNMjMwNzMxMDQ1MTQ0WqAvMC0wHwYD +VR0jBBgwFoAUCgDMIrl9rfZiL9AUeVVO9qtFO4EwCgYDVR0UBAMCAQEwDQYJKoZI +hvcNAQELBQADggIBAAPPar7DIQC/ouHWq4kKUlInhyc/8d5WFloaLwb6NYJRsoEz +H//oUBuh2uaY8QxR30a88ulujQYUj+5CvxGgqQxLXn3ktGJC0quiugRIP9eKl1ny +cQ2C9boPTEJUAuh+sPof/ZKKKv1jKe2nPuSBtD1e/aN80h9lHtT9S9BQUBnAbrgA +3DJTLFg1HDTggayMgxRi+nRwngRB4/yRG88RSDG3wp8izxnDnoCU6G6Iu3ekTaN7 +/Q9frQF66H29O13lHNeTZ5C/o8MHXWi9BwZymGw3V3HIfDj3mAlJvvwAATOrYkON +AAtvd6EgM3x7gEyrVNO3VMZfKA9XFdkMK8BfRuaFTU2E4oJHNeBxtyCTlcuoC0mK +KcsY0TRZQws8oynpMF8+WF+4ySlDHN0z4ZzOm4Y1MglA/6b9fKmP2de2Gid/mCLg +XuDOqoqm5Dd2DLIaT5Zcn6y75o5okrr5k185Ms+iNXojJreN9no65xg6tlHon4if +9vYbq5QPUSKr7Yh5P7nGfSeAaP8ISu/peJ0OiwN0FJWATy8lPQfwTJ3ZlEvpHaf4 +D70PVIgO9BmvyYlQuGmH6cEKKjOZ2QZ2a7DyLlHlGyowWNbnZqOQX1gAjNeZxz6R +J5UjjXVmMeSgrAlQGWp6lKzxOowSAQ5d556CaLdqWdHwa0Z742kXAeRRa9M9 +-----END X509 CRL----- +-----BEGIN X509 CRL----- +MIIC+jCB4wIBATANBgkqhkiG9w0BAQsFADBqMQswCQYDVQQGEwJVUzETMBEGA1UE +ChMKUHJvbWV0aGV1czEpMCcGA1UECxMgUHJvbWV0aGV1cyBDZXJ0aWZpY2F0ZSBB +dXRob3JpdHkxGzAZBgNVBAMTElByb21ldGhldXMgUm9vdCBDQRcNMjMwNzMxMDQ1 +MTQ0WhcNMjMwODMwMDQ1MTQ0WjAUMBICAQEXDTIzMDczMTA0NTE0NFqgLzAtMB8G +A1UdIwQYMBaAFIyFWoNHt08m0ox3NtZvy80ffbtWMAoGA1UdFAQDAgEBMA0GCSqG +SIb3DQEBCwUAA4ICAQBRheDo6/ZE6kUF8/9HQPy5Is+HoHYUs2wRm0NN5avQnvI0 +PpFbqvnSOmuxfloDDED+qExlXmCEus6qYmQ6OW+Mb5Dt07olAgqRxWlRb8/MB9vr +HMkyB3dcmp1okqroUhpLctsFjK7aCmkjur0dtI4uRwHyHerGKylBmS/7wMZDZgRh +tFKlNaGKDDEwiTqlixtr04Nk35UDDqGvG0xMbCrmNcTpj0EMq7OnesXI5qMIBTxE +jGkjJ9MONuZRihUWpXyKgi1HjDWn4Qn5o/m6U2SN4601vwHmkdDuvtDCoQtwaziT +cOPzQ/0TzPdvOGbyupubyH0mkYzs9t3RYmSbDM/EWmhcHWuhzzG398sIbOYK7Ile +rQ2w86uZH/vygeZAp7dUx/NfjKlFWydukf8Lw2L82Ux3K80zTuuI3+YGW+k5hoWr +k/FrwxOIZIGW+1TLYpC9nStpSuAiJ/P8/XH+V1xO0uoq4iEedvhZQOR6psvuR/nP +PZ6nJSpkBKtaZOsTimKYvHJLuI86fVEn+VEIqoBClkXtjTGns1bFQ+GwWedtM5F3 +uYwlIrIcOWIttTxoTq9lz6Q0i1n29dkgQTBI+LE/u1vc7miHe4DKoDpZTc+NbrAj +eKkuKCONbFgvpuD59BBI8NJNR1AdgqIUJDRXYudlOUVGnLRHfNE+UvrxmIevMg== +-----END X509 CRL----- diff --git a/config/testdata/crl_chain_cert_revoked.pem b/config/testdata/crl_chain_cert_revoked.pem new file mode 100644 index 00000000..14d8f3eb --- /dev/null +++ b/config/testdata/crl_chain_cert_revoked.pem @@ -0,0 +1,37 @@ +-----BEGIN X509 CRL----- +MIIC+jCB4wIBATANBgkqhkiG9w0BAQsFADBqMQswCQYDVQQGEwJVUzETMBEGA1UE +ChMKUHJvbWV0aGV1czEpMCcGA1UECxMgUHJvbWV0aGV1cyBDZXJ0aWZpY2F0ZSBB +dXRob3JpdHkxGzAZBgNVBAMTElByb21ldGhldXMgUm9vdCBDQRcNMjMwNzMxMDQ1 +MTQ0WhcNMjMwODMwMDQ1MTQ0WjAUMBICAQEXDTIzMDczMTA0NTE0NFqgLzAtMB8G +A1UdIwQYMBaAFIyFWoNHt08m0ox3NtZvy80ffbtWMAoGA1UdFAQDAgEBMA0GCSqG +SIb3DQEBCwUAA4ICAQBRheDo6/ZE6kUF8/9HQPy5Is+HoHYUs2wRm0NN5avQnvI0 +PpFbqvnSOmuxfloDDED+qExlXmCEus6qYmQ6OW+Mb5Dt07olAgqRxWlRb8/MB9vr +HMkyB3dcmp1okqroUhpLctsFjK7aCmkjur0dtI4uRwHyHerGKylBmS/7wMZDZgRh +tFKlNaGKDDEwiTqlixtr04Nk35UDDqGvG0xMbCrmNcTpj0EMq7OnesXI5qMIBTxE +jGkjJ9MONuZRihUWpXyKgi1HjDWn4Qn5o/m6U2SN4601vwHmkdDuvtDCoQtwaziT +cOPzQ/0TzPdvOGbyupubyH0mkYzs9t3RYmSbDM/EWmhcHWuhzzG398sIbOYK7Ile +rQ2w86uZH/vygeZAp7dUx/NfjKlFWydukf8Lw2L82Ux3K80zTuuI3+YGW+k5hoWr +k/FrwxOIZIGW+1TLYpC9nStpSuAiJ/P8/XH+V1xO0uoq4iEedvhZQOR6psvuR/nP +PZ6nJSpkBKtaZOsTimKYvHJLuI86fVEn+VEIqoBClkXtjTGns1bFQ+GwWedtM5F3 +uYwlIrIcOWIttTxoTq9lz6Q0i1n29dkgQTBI+LE/u1vc7miHe4DKoDpZTc+NbrAj +eKkuKCONbFgvpuD59BBI8NJNR1AdgqIUJDRXYudlOUVGnLRHfNE+UvrxmIevMg== +-----END X509 CRL----- +-----BEGIN X509 CRL----- +MIIDCTCB8gIBATANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzETMBEGA1UE +ChMKUHJvbWV0aGV1czEpMCcGA1UECxMgUHJvbWV0aGV1cyBDZXJ0aWZpY2F0ZSBB +dXRob3JpdHkxGjAYBgNVBAMTEVByb21ldGhldXMgVExTIENBFw0yMzA3MzEwNDUx +NDRaFw0yMzA4MzAwNDUxNDRaMCQwIgIRAJhzsQ9PS6cSzJuE6HX04foXDTIzMDcz +MTA0NTE0NFqgLzAtMB8GA1UdIwQYMBaAFAoAzCK5fa32Yi/QFHlVTvarRTuBMAoG +A1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4ICAQBBgnGL2IxYkHUtVEsHJr+/u9Gk +Lw8sCcadLDSCT3z7VbJbyxSwEP9oAofKDoH7ycSg/P2aPwtmSYbK31UJuHsGUNHI +tb14DGtWYz0Uq8DKE+biXquRW9lLTOulCU7L7jraHgnZTEMku3q/ngamYZhvfViT +zPQiVKTp9i89QgqYh8DiFhhmD2urA/kzmyo93/uAAsrhzdcOwW9bfLhAP0iQty22 +Lx839auxO//3VqBCF34/XkoSDXwNIsU1ezk7f3kTjNhlLv4XPPQfx6NdIZhgDJ6a +HQS0ef4/7Is4pOPeCSpee961EOOW134xWSnlZ8BIA53MLnlwLYBqse3iYKnxF+nu +IwBWexgakhEUm2pem8V2xw3ww6fMlaXIaH635s4ZuGRFvyYI6/2BXrsCXpNpRHrm +pb10mI/fX3kuqQeX/fZ0oUIXnTLGuLMM2ruzN6V8gUpdEIU6m3jToI6h85qVSMRa +4Ki5QOWLng3lhs/swYPZbbz1VMpdTMAL16a++hfDkV0S4or93XCfxyjT42JI6Vfh +dsc0Xqg1WrA9n3Mc/Epja3A2Epme48/W1urnmUdpwzHalaeKL054jR1KAZzj/DEW +mY/XnGmv1pwYPfz24wbbkFtIk1jF4Z2fwudfG+RMAuhI6mK5YM0ACawlF4EVuZ4g +odbYxmxO/SbHGldMxA== +-----END X509 CRL----- diff --git a/config/testdata/crl_chain_inter_ca_cert_revoked.pem b/config/testdata/crl_chain_inter_ca_cert_revoked.pem new file mode 100644 index 00000000..f7c450a3 --- /dev/null +++ b/config/testdata/crl_chain_inter_ca_cert_revoked.pem @@ -0,0 +1,37 @@ +-----BEGIN X509 CRL----- +MIIDCjCB8wIBATANBgkqhkiG9w0BAQsFADBqMQswCQYDVQQGEwJVUzETMBEGA1UE +ChMKUHJvbWV0aGV1czEpMCcGA1UECxMgUHJvbWV0aGV1cyBDZXJ0aWZpY2F0ZSBB +dXRob3JpdHkxGzAZBgNVBAMTElByb21ldGhldXMgUm9vdCBDQRcNMjMwNzMxMDQ1 +MTQ0WhcNMjMwODMwMDQ1MTQ0WjAkMCICEQCYc7EPT0unEsybhOh19OH3Fw0yMzA3 +MzEwNDUxNDRaoC8wLTAfBgNVHSMEGDAWgBSMhVqDR7dPJtKMdzbWb8vNH327VjAK +BgNVHRQEAwIBATANBgkqhkiG9w0BAQsFAAOCAgEAY1ad7uo/hqV2d81hUJc/iFVC +mPcK9xS+Q7JSd+CNtiQ/gFwaZWAkaMF2ckny2JPsDEy/20q9fOwsk7G22hppI36g +xlgOh1CWEOK5C0DWdVA3cRJJw9Rl16dAfN7iw3DXMTp99s1/nh5qHWhljTWPSRtm +BeDDNUqj7ZHzV2H/sY5WkirD5nwTEBa9/jNnHroV9iVzda1QJd8IODzAHm8yZBpm +ZzSxEpwxObMSoPjqOFSc/0pdoZ4zulyVyvNBV+lUXP2cXOxjt3TM++JZ4+OxHOaq +i2Yf0e/P71u97nVf2DWbf5a9voIFIO79TbayX5pEzYK2lEuy6nnf8+M6zV65/EbH +BMmfWRlyMYfEd8CZA2Bc5Cagu/wLI7EaoO+14efGnN5MxOj6loD+oUCLDGnj88or +V3LzAoqO+WVVt0275uzoIOzgVMeV4NvN3ZC+1IRfXsROEwjJZzx3e3iGfCboqATT +5U/j8W9j3PZQ4gVqsQIp70mNteWuNFNCHrF7FPXLCDlxD5rAiHuoMMhtt3lQ4F9W +wCmEEuFzHB5lcCqkIktZlhJ2jQWByjiKksBxv9atMM7UYFZ2VD/hdIOL6ZlKovLM +hz/5VzqMyI/mHhbpM1evg9aPtNgVhpj1qQdxwefKXdg4woMHOisGCI+02RjeSVUC +s3nE+AmagioczzM+0q8= +-----END X509 CRL----- +-----BEGIN X509 CRL----- +MIIC+TCB4gIBATANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzETMBEGA1UE +ChMKUHJvbWV0aGV1czEpMCcGA1UECxMgUHJvbWV0aGV1cyBDZXJ0aWZpY2F0ZSBB +dXRob3JpdHkxGjAYBgNVBAMTEVByb21ldGhldXMgVExTIENBFw0yMzA3MzEwNDUx +NDRaFw0yMzA4MzAwNDUxNDRaMBQwEgIBARcNMjMwNzMxMDQ1MTQ0WqAvMC0wHwYD +VR0jBBgwFoAUCgDMIrl9rfZiL9AUeVVO9qtFO4EwCgYDVR0UBAMCAQEwDQYJKoZI +hvcNAQELBQADggIBAAPPar7DIQC/ouHWq4kKUlInhyc/8d5WFloaLwb6NYJRsoEz +H//oUBuh2uaY8QxR30a88ulujQYUj+5CvxGgqQxLXn3ktGJC0quiugRIP9eKl1ny +cQ2C9boPTEJUAuh+sPof/ZKKKv1jKe2nPuSBtD1e/aN80h9lHtT9S9BQUBnAbrgA +3DJTLFg1HDTggayMgxRi+nRwngRB4/yRG88RSDG3wp8izxnDnoCU6G6Iu3ekTaN7 +/Q9frQF66H29O13lHNeTZ5C/o8MHXWi9BwZymGw3V3HIfDj3mAlJvvwAATOrYkON +AAtvd6EgM3x7gEyrVNO3VMZfKA9XFdkMK8BfRuaFTU2E4oJHNeBxtyCTlcuoC0mK +KcsY0TRZQws8oynpMF8+WF+4ySlDHN0z4ZzOm4Y1MglA/6b9fKmP2de2Gid/mCLg +XuDOqoqm5Dd2DLIaT5Zcn6y75o5okrr5k185Ms+iNXojJreN9no65xg6tlHon4if +9vYbq5QPUSKr7Yh5P7nGfSeAaP8ISu/peJ0OiwN0FJWATy8lPQfwTJ3ZlEvpHaf4 +D70PVIgO9BmvyYlQuGmH6cEKKjOZ2QZ2a7DyLlHlGyowWNbnZqOQX1gAjNeZxz6R +J5UjjXVmMeSgrAlQGWp6lKzxOowSAQ5d556CaLdqWdHwa0Z742kXAeRRa9M9 +-----END X509 CRL----- diff --git a/config/testdata/crl_chain_irlvt_cert_revoked.pem b/config/testdata/crl_chain_irlvt_cert_revoked.pem new file mode 100644 index 00000000..e7f97743 --- /dev/null +++ b/config/testdata/crl_chain_irlvt_cert_revoked.pem @@ -0,0 +1,37 @@ +-----BEGIN X509 CRL----- +MIIC+TCB4gIBATANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzETMBEGA1UE +ChMKUHJvbWV0aGV1czEpMCcGA1UECxMgUHJvbWV0aGV1cyBDZXJ0aWZpY2F0ZSBB +dXRob3JpdHkxGjAYBgNVBAMTEVByb21ldGhldXMgVExTIENBFw0yMzA3MzEwNDUx +NDRaFw0yMzA4MzAwNDUxNDRaMBQwEgIBARcNMjMwNzMxMDQ1MTQ0WqAvMC0wHwYD +VR0jBBgwFoAUCgDMIrl9rfZiL9AUeVVO9qtFO4EwCgYDVR0UBAMCAQEwDQYJKoZI +hvcNAQELBQADggIBAAPPar7DIQC/ouHWq4kKUlInhyc/8d5WFloaLwb6NYJRsoEz +H//oUBuh2uaY8QxR30a88ulujQYUj+5CvxGgqQxLXn3ktGJC0quiugRIP9eKl1ny +cQ2C9boPTEJUAuh+sPof/ZKKKv1jKe2nPuSBtD1e/aN80h9lHtT9S9BQUBnAbrgA +3DJTLFg1HDTggayMgxRi+nRwngRB4/yRG88RSDG3wp8izxnDnoCU6G6Iu3ekTaN7 +/Q9frQF66H29O13lHNeTZ5C/o8MHXWi9BwZymGw3V3HIfDj3mAlJvvwAATOrYkON +AAtvd6EgM3x7gEyrVNO3VMZfKA9XFdkMK8BfRuaFTU2E4oJHNeBxtyCTlcuoC0mK +KcsY0TRZQws8oynpMF8+WF+4ySlDHN0z4ZzOm4Y1MglA/6b9fKmP2de2Gid/mCLg +XuDOqoqm5Dd2DLIaT5Zcn6y75o5okrr5k185Ms+iNXojJreN9no65xg6tlHon4if +9vYbq5QPUSKr7Yh5P7nGfSeAaP8ISu/peJ0OiwN0FJWATy8lPQfwTJ3ZlEvpHaf4 +D70PVIgO9BmvyYlQuGmH6cEKKjOZ2QZ2a7DyLlHlGyowWNbnZqOQX1gAjNeZxz6R +J5UjjXVmMeSgrAlQGWp6lKzxOowSAQ5d556CaLdqWdHwa0Z742kXAeRRa9M9 +-----END X509 CRL----- +-----BEGIN X509 CRL----- +MIIDFDCB/QIBATANBgkqhkiG9w0BAQsFADB0MQswCQYDVQQGEwJVUzETMBEGA1UE +ChMKUHJvbWV0aGV1czEpMCcGA1UECxMgUHJvbWV0aGV1cyBDZXJ0aWZpY2F0ZSBB +dXRob3JpdHkxJTAjBgNVBAMTHFByb21ldGhldXMgVExTIElycmVsZXZhbnQgQ0EX +DTIzMDczMTA0NTE0NFoXDTIzMDgzMDA0NTE0NFowJDAiAhEAmHOxD09LpxLMm4To +dfTh+hcNMjMwNzMxMDQ1MTQ0WqAvMC0wHwYDVR0jBBgwFoAUWTCoYlK7Heg8oL1N +PLi3eoZDXMcwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQELBQADggIBAMjkKE8vODNr +eBs/+9MssfPupEykuMSunlEEUlbQ+IQ623Qtt8YN4zUP+5vo/wMqkBHERgEqd2xK +NprdBg0NEqpoQXFBwcsR5reS/nwZDer7dFYpkB0j84bRLDUUpuU4K76r9j2cNEjW +qUTSOY7DQMOGqh7Y0rNXMRP6lY/WINIEbaXV+wSXxl3a3iEODsa7nC8W51y+beC9 +VYMMjZcyPLBLAcY2Z10s4YwUCc4nqsSnIfHyAmP7sUFfBb0sav+j/A+wnH/Ab/BK +/LxQmTv+8ycjeqpjCPSZhr1NWwTAsW2T1+pnjAOf4GxxB5BJ33tnSutJMK7/qLDG +P53Sp739d5XjN88vrzLvwaDVhKoOU9h0/2aDGQzeN4AmN+Yvrw4WVWmHBHK7a4z/ +ly2xCTO3w49YILCnZFIXmdQAHQpdJkBg6tAcuWS7cyK092r0tyJOFXybkAWuQkQu +lQmoC4rKKhBkkGy6sEYFIq0AJiYqkj50px9tce2uM4qtKO3orlHyYXMDZymiVZMw +29G2yikmP6yT+nPikdGcV9h+ONEJ22QJtNpHFh6ZVccDHQliG0ZqhkAwtBtYQ3SW +4+Y1XwiGu2+G++A/plcGBcUnsT0tcwTiyEdF7yF3nN/fPnBinkmzJRobnWQDqv1a +z4KBtUWLnuHQAGQ7cvdc9Uknvqpb/dCX +-----END X509 CRL----- diff --git a/config/testdata/crl_inter_empty.pem b/config/testdata/crl_inter_empty.pem new file mode 100644 index 00000000..2935397b --- /dev/null +++ b/config/testdata/crl_inter_empty.pem @@ -0,0 +1,18 @@ +-----BEGIN X509 CRL----- +MIIC+TCB4gIBATANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzETMBEGA1UE +ChMKUHJvbWV0aGV1czEpMCcGA1UECxMgUHJvbWV0aGV1cyBDZXJ0aWZpY2F0ZSBB +dXRob3JpdHkxGjAYBgNVBAMTEVByb21ldGhldXMgVExTIENBFw0yMzA3MzEwNDUx +NDRaFw0yMzA4MzAwNDUxNDRaMBQwEgIBARcNMjMwNzMxMDQ1MTQ0WqAvMC0wHwYD +VR0jBBgwFoAUCgDMIrl9rfZiL9AUeVVO9qtFO4EwCgYDVR0UBAMCAQEwDQYJKoZI +hvcNAQELBQADggIBAAPPar7DIQC/ouHWq4kKUlInhyc/8d5WFloaLwb6NYJRsoEz +H//oUBuh2uaY8QxR30a88ulujQYUj+5CvxGgqQxLXn3ktGJC0quiugRIP9eKl1ny +cQ2C9boPTEJUAuh+sPof/ZKKKv1jKe2nPuSBtD1e/aN80h9lHtT9S9BQUBnAbrgA +3DJTLFg1HDTggayMgxRi+nRwngRB4/yRG88RSDG3wp8izxnDnoCU6G6Iu3ekTaN7 +/Q9frQF66H29O13lHNeTZ5C/o8MHXWi9BwZymGw3V3HIfDj3mAlJvvwAATOrYkON +AAtvd6EgM3x7gEyrVNO3VMZfKA9XFdkMK8BfRuaFTU2E4oJHNeBxtyCTlcuoC0mK +KcsY0TRZQws8oynpMF8+WF+4ySlDHN0z4ZzOm4Y1MglA/6b9fKmP2de2Gid/mCLg +XuDOqoqm5Dd2DLIaT5Zcn6y75o5okrr5k185Ms+iNXojJreN9no65xg6tlHon4if +9vYbq5QPUSKr7Yh5P7nGfSeAaP8ISu/peJ0OiwN0FJWATy8lPQfwTJ3ZlEvpHaf4 +D70PVIgO9BmvyYlQuGmH6cEKKjOZ2QZ2a7DyLlHlGyowWNbnZqOQX1gAjNeZxz6R +J5UjjXVmMeSgrAlQGWp6lKzxOowSAQ5d556CaLdqWdHwa0Z742kXAeRRa9M9 +-----END X509 CRL----- diff --git a/config/testdata/crl_root_empty.pem b/config/testdata/crl_root_empty.pem new file mode 100644 index 00000000..f00cc4e4 --- /dev/null +++ b/config/testdata/crl_root_empty.pem @@ -0,0 +1,18 @@ +-----BEGIN X509 CRL----- +MIIC+jCB4wIBATANBgkqhkiG9w0BAQsFADBqMQswCQYDVQQGEwJVUzETMBEGA1UE +ChMKUHJvbWV0aGV1czEpMCcGA1UECxMgUHJvbWV0aGV1cyBDZXJ0aWZpY2F0ZSBB +dXRob3JpdHkxGzAZBgNVBAMTElByb21ldGhldXMgUm9vdCBDQRcNMjMwNzMxMDQ1 +MTQ0WhcNMjMwODMwMDQ1MTQ0WjAUMBICAQEXDTIzMDczMTA0NTE0NFqgLzAtMB8G +A1UdIwQYMBaAFIyFWoNHt08m0ox3NtZvy80ffbtWMAoGA1UdFAQDAgEBMA0GCSqG +SIb3DQEBCwUAA4ICAQBRheDo6/ZE6kUF8/9HQPy5Is+HoHYUs2wRm0NN5avQnvI0 +PpFbqvnSOmuxfloDDED+qExlXmCEus6qYmQ6OW+Mb5Dt07olAgqRxWlRb8/MB9vr +HMkyB3dcmp1okqroUhpLctsFjK7aCmkjur0dtI4uRwHyHerGKylBmS/7wMZDZgRh +tFKlNaGKDDEwiTqlixtr04Nk35UDDqGvG0xMbCrmNcTpj0EMq7OnesXI5qMIBTxE +jGkjJ9MONuZRihUWpXyKgi1HjDWn4Qn5o/m6U2SN4601vwHmkdDuvtDCoQtwaziT +cOPzQ/0TzPdvOGbyupubyH0mkYzs9t3RYmSbDM/EWmhcHWuhzzG398sIbOYK7Ile +rQ2w86uZH/vygeZAp7dUx/NfjKlFWydukf8Lw2L82Ux3K80zTuuI3+YGW+k5hoWr +k/FrwxOIZIGW+1TLYpC9nStpSuAiJ/P8/XH+V1xO0uoq4iEedvhZQOR6psvuR/nP +PZ6nJSpkBKtaZOsTimKYvHJLuI86fVEn+VEIqoBClkXtjTGns1bFQ+GwWedtM5F3 +uYwlIrIcOWIttTxoTq9lz6Q0i1n29dkgQTBI+LE/u1vc7miHe4DKoDpZTc+NbrAj +eKkuKCONbFgvpuD59BBI8NJNR1AdgqIUJDRXYudlOUVGnLRHfNE+UvrxmIevMg== +-----END X509 CRL----- diff --git a/config/testdata/self-signed-client.crt b/config/testdata/self-signed-client.crt index a0a5cdc6..ef7de8d3 100644 --- a/config/testdata/self-signed-client.crt +++ b/config/testdata/self-signed-client.crt @@ -1,30 +1,30 @@ -----BEGIN CERTIFICATE----- -MIIFLjCCAxagAwIBAgIRAMMSh5NoexSCjSvDRf1fpgUwDQYJKoZIhvcNAQELBQAw +MIIFLjCCAxagAwIBAgIRAJhzsQ9PS6cSzJuE6HX04fwwDQYJKoZIhvcNAQELBQAw NjELMAkGA1UEBhMCVVMxEzARBgNVBAoTClByb21ldGhldXMxEjAQBgNVBAMTCWxv -Y2FsaG9zdDAgFw0yMjA3MDgwOTE1MDlaGA8yMDcyMDYyNTA5MTUwOVowNjELMAkG +Y2FsaG9zdDAgFw0yMzA3MzEwNDUxNDJaGA8yMDczMDcxODA0NTE0MlowNjELMAkG A1UEBhMCVVMxEzARBgNVBAoTClByb21ldGhldXMxEjAQBgNVBAMTCWxvY2FsaG9z -dDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALtrXxnHr7eUM7Xh7awY -LwompmuznbTa/8+OsihSaelUN6RDsAdm7eOMA7KMqZB5NOfeDqEqMIUoaoQ1gzIm -0BJ4dCgi99SnA8b0MjAGqUpRJ3gLLSXsPa5647gxUSP5zQ0hWMMgGaw4rJ9LDOtU -z2S8dtqKTHrXl34mpdsLrZyLXwyz8UJ83Jq2Ngx4cApZrbs+g1XlMRV8Vh89Z2bk -bbKmDYmIOhTeE1wLdrZ/XecEOvkGZcj3bWiO/yTnP8mTER2hTvSxUrpyHn/55LkU -8PR6wCO7hntZ9LLWxg85XTRdWL7cIyjgJgfL9+hVQQyNEjWC2+LTq1QExqa+IxoH -iL4xX/1y+6o1W5XKLf/uplgaWuSK+mjQeqc387DwYbj61QWOjCoaJA1wl6RHuGGV -6ygpdAO1l8o+2U8nuULHW5lx+1BtMG5ytAXy9dWPercs5L8gh1IRNCVXWKsQCCWg -iG67nErFV5iRFLuAIX7ixLKJ5MGp/fVKUI9V1EViM2GUU46PVAPhhlZ1qcygjbZ5 -CelBnQ/XvGof5b4zm4eEgCc0ZkqsQDeS5jPjTtES8/y5WEKqbyijmvx2P40nuO/d -aTxNretMwaptWzu+WXHih0WG2Sq85m41070xsIMEwlqSfdiOOPdax6393NJgkdM7 -5NKC3+pzcHK1S1+x/Guawv0NAgMBAAGjNTAzMA4GA1UdDwEB/wQEAwIFIDATBgNV +dDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMQmav6J830Zg9KDziF+ +/hZVo7Vj+jqujqPrwITKvVM8FWTPsv4KyniLoApKvLpetOEEqoGNHboMXMEmtu9E +FQYB7J4xqyCwo8BIyAxpqj3FqX1J8lkpRrSYeYPB/W2vfMX4spP6jJkg3KCQmZjf +zVliCY9xg+S5vObxGBQIa6oIce8zVVLWLgwHzcGhspF2boh31OyKU0KgnxAI3TSV +mNThVi/rbP2Jus8/yAuZKy1F9U9MF7XpLLPp4JZfzUsE8FBEIN+yUIzthteg1stF +qiJGknTcWHpmq1nOmV41CBEf9fvHhyQHpMFWhfHY2ga/JE+4UuJTUjtZSiXpC/qM +mJAYHwD816fqREWl+zWX7MuYBx/NY3LQCFn9TWBkm9zqND+UWXp2oDYA+/TIPzDU +xiHt6k3UhIfEZYc/ue3I6pgGv8B3mnoG58uQ1Z8HI1X2za5cqiFahw9z13SoKaoB +tM12ZB5/0FlLQfTmFCVDM12rtDDpKCWiaPlXYEs8QPbr0t1ik70aE2tDQtlwTgnG +1NQ3Wq7sNyPui3zQfhVsrRQRTu14ZzAp5GgEtbF6pHXoNxygXkH4pSnmpHeFjrVA +6efSu5grCiinJamLmf9YNxkqebp2YJcXxi0+65h/2cv+QyQYNuFdqbQQiRv5jYUK +Mkcp4cSPg9d13+tTf/dqx+uVAgMBAAGjNTAzMA4GA1UdDwEB/wQEAwIFIDATBgNV HSUEDDAKBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4IC -AQBTLnU8jFCmYpPUBOqj/xzBqokiQK92axG/h/3JgB7fFSLzUCV3NtvwBVCU28rA -wHwBYPjmGhi1vyHha/hb6V2WMPt0jhMRpNxCf16dAMoyIoWNas88vU2Mef90Chfj -8e6wLtzqAquX/ruwIfsOMnbcSGuh+y54DspCXgsTZ9cnCI2lnQroXZi4WUqi3Enj -mFPpVc+mMlffGW6LISo3ehRLA7k3/01yJhqzpTQw44k9ZfJ7VXZTRJKJsaqeljzV -VfzDbDfW8ftbZ8IWQGAOQfTa23aHIYcvJfvyxpfQRyrwRxjGytLHoOH/G+1TZuOt -KBJ2Xdi9qrr+Wep4eNJm2cTBd1Fpr0hWZ9K27BwwYdZZF8Eu8eP8hSeRmA4PqzAj -HauCl8PgWJIWzMloXVZaGxiYX7sGVs79m/Yl9A6+p8RTpK7DVB9+sDIiD2bhiZqL -i9YWM8aD2cR20t2ZkuBBPlVTOouF/WotOWrLhT4J+SngkdmLkAjP/5jPFvpTfeGi -THyAmp4gigwaM0nIZskPcPCbkk+zFYPToyS49ZJwQMzqK2hkjyQ9LyzUdo9vlDjL -8lFjlUZzqaR0DF3pbf8fs5/16gPurR65SU/ebOs+uxZLYJrP2zKmeISE+q4AMudc -rQ0Z6KmGUiXnIvpB105UJ7jlXCxbsruc8gRTbjkgW7yoXg== +AQCm5wZAYYrdQzRKOpFhlCB0rY9HH5c8ugKt4N+h/vSC4mMKT3rFhSaW5Gq47auY +797o9sC7rFazwmcnnpg6EbGHPtSr0BKy9L1gtRLnL+yEOW2Rj7yCvsEU4Ha9IZj/ +Ui9932BVkZlVKSpSxC6RYf9RBRjzF1FS1rP/XWCXjagKEecnuMY04AkCuLYEhMVt +bT53vuG7MkYO+Az0sIlN5nBIczM46uI9MBGXzOTPtRVkb4owOG1vSgsyAWmJJsJz +BT+Z09JB/6EfItQ1lHPMuRevxKDA9JNGpXIss9sZdrCSGlZYDW0Qv5VnevWEJrMq +nLJ+V3B8Qk0Ug2a4A73mZElbdDNeNlntfOGY4xD9naWkwUEYP8K281o0pKcSndH9 +UBNHmoEeWBNKz8BdYDM45LaAN7Q/vLen1MyWDhPfCEghx5muBg0xmgBVLZpIhJaW +h6TOnxeoN2zCAtWiX0a+suCNxQFXpm+z0D3JuMK6uZPX+DLR7XJi+XAFXbqT5WCc +tvv+wEuzobyxXpTSo282pxjvHKVd9/5dPw6FOQU1QFhdsjCvFjkIyPu1yg3Ss1c1 +GelgihSTTUgS3k/zmJf/4r/HnZDW80cX7pIjXXFox9vBpcLDFah608WX3UedGzNl +zJdcYCbc4BBcEGXQjW6kDkEAxw/Bl2O/A/jJGAhE+kZ4+g== -----END CERTIFICATE----- diff --git a/config/testdata/self-signed-client.key b/config/testdata/self-signed-client.key index 4e4b2c2e..46538e40 100644 --- a/config/testdata/self-signed-client.key +++ b/config/testdata/self-signed-client.key @@ -1,52 +1,52 @@ -----BEGIN PRIVATE KEY----- -MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC7a18Zx6+3lDO1 -4e2sGC8KJqZrs5202v/PjrIoUmnpVDekQ7AHZu3jjAOyjKmQeTTn3g6hKjCFKGqE -NYMyJtASeHQoIvfUpwPG9DIwBqlKUSd4Cy0l7D2ueuO4MVEj+c0NIVjDIBmsOKyf -SwzrVM9kvHbaikx615d+JqXbC62ci18Ms/FCfNyatjYMeHAKWa27PoNV5TEVfFYf -PWdm5G2ypg2JiDoU3hNcC3a2f13nBDr5BmXI921ojv8k5z/JkxEdoU70sVK6ch5/ -+eS5FPD0esAju4Z7WfSy1sYPOV00XVi+3CMo4CYHy/foVUEMjRI1gtvi06tUBMam -viMaB4i+MV/9cvuqNVuVyi3/7qZYGlrkivpo0HqnN/Ow8GG4+tUFjowqGiQNcJek -R7hhlesoKXQDtZfKPtlPJ7lCx1uZcftQbTBucrQF8vXVj3q3LOS/IIdSETQlV1ir -EAgloIhuu5xKxVeYkRS7gCF+4sSyieTBqf31SlCPVdRFYjNhlFOOj1QD4YZWdanM -oI22eQnpQZ0P17xqH+W+M5uHhIAnNGZKrEA3kuYz407REvP8uVhCqm8oo5r8dj+N -J7jv3Wk8Ta3rTMGqbVs7vllx4odFhtkqvOZuNdO9MbCDBMJakn3Yjjj3Wset/dzS -YJHTO+TSgt/qc3BytUtfsfxrmsL9DQIDAQABAoICAAyGlIiIi/nc8cfKHbROuXYY -Ny8jhfq8WDRq+QUw3Ns3QbC8xVr5ShTXGrgoJnz9XMfSU2/5/dwoY1YKrYYAig9x -9XFpRN71eo8lauVCzLWmzth7Br1uGIE8vVNmGGIrI8Uo4WHJF24nK4JJ5cckl+fH -oLniXFIpbnqD4rnNAgFgXy3eKNWkuqmsW9hhhDts2uuUtfpbovgooyjbVbnOsnYq -GuWCMT+LyAdyzLBNutzhr39NKihQQQOn6u1wdxbluVMdoMVBxKGpVth+vwaPm7r7 -KTQ6KDa+QFhjekEyOERzqKa417C3qlMDEsJ4UCyikQD6ie+S7fRjjVM/ieEHd+AA -66CbJ8u3yfXxaicn+SPCeHVKd4GKmJgsg1KDSSg0+w5JWwmAiCJjEydX2HOdx2ys -SV2C4o+gxhA48U8ZgGTVoom0OgouQ7rnMd6n3juBDq2/Xp1FeDcE39yEffN7t4XN -vHfD7Hjp5capxVyEnpzu0tTVf8KP00NJKtS6I7d8IavUBCgFiJZFXJWdsbhgSsg9 -UdypUMd6rW81VaaKvi3JSjWwFpmUVAhr3hFNyQB9+2rxvDCWhUqFKWqjWdPfMgxx -qO6eam1S22vrZcyJVkfTzArFQd0J/41Ak0yErLJKLTDEYaBRxFPV0ujWskrmU96c -f+m4/k7p3sD8KooXfrERAoIBAQDWSmsFzSOugShur9phJV162XrtbOnV7n1Ko0Vu -U/ftohC5FNq0kHxAkY4kGMz2QHdJnqpQoJaCK8pJ+8nA1Osutt31tS3YrOotlNwk -KsFSiy+i9xf4NcOr9xKoSEstFPJeM650xPfVP1p4sq87BB2Z3uWfLtWnRxTJnpA2 -nwwtdrK5fO3pZnVlWQ4akqbndCjUWURXVOVxDHCyDdwoiz3BpGmVV6jCYanC3e3S -E7/OlRLJfRAXoCEbzFsQpsOYncaEG7cAz9pBBXA6VVyEPlVyMG0GHs30W7aG5Bfp -IcbhacGyjdV5Wwx8WGun1pOHoclLX7pJ6jOXLobpUVH4FUNTAoIBAQDf5gX9aBqK -QxBYcqhZ0aby9K9ZAXSRr03drf4s+TXSU7rUdBqV4BRj1cjQLB6pxpo2ryLoHhkf -tLVRnEWpRgSlfu7qSYxU8rNUacAKAPnebjQxU6NMVzFx7zDQz4TJT2StsxoSIw+l -O4MwWDvIxHcpjIrl1eZh79BSzrq5dsf3vrPCM+Xxivdkx82WJqiVX/LrY3l9R+kC -ud1b3O5vFdhpo8e0sygCdF0+sC0jwE82SCjMMGHMZWd74rmkuHFpJ1xSQf9/jRCf -yKhITI/su21FS4rn1rApWpzAvhfhV7HqnwWzFTtmLeGsI+yW4fb1j6oK7t/rVZ+p -lnwISXpOPBIfAoIBADnMttNIwsAV7F72pdOgLXeuY37Y6rWeb0MLiPW6RlxdY19Y -pakgc7NCz3EjE120g7hiyJOYzR/tSdHszT1q8MiX4ISeyu/vq/aBeWNz+NMX4dB2 -D4wOjGm86dZkMYrGZJ1OGVc7rZFiVjfKEoO7l3Rib9Mg4dYN0SiU0Vc6TSGSK6Dm -dpGG5lFg1PIL7mLtrPmh3lIj/wMgFOGh5Wk2LYEmpKf4jfdoOk7qZ3RLiWfiQ7// -MLD+qw+BbmquYIGwxNPrWdApQDhbjCrfzWWKHqf/Mdj9xBWOC0yVB3IFf0xbpzhP -E255RYPgoaESupZR6CahenDnb+TuUstp+M8OhSsCggEBANw/9gJ65yi9ohWv7MY2 -g+maI+gFk3tAnPOGFnR9TqGxdidKc2CeBtDS2/FUhXFzif5jOI5oFUToSjmW5bwH -wchfXn0gjqh9+0T9pkjw/tv9QuCHKyuM1noC1t2CVliF/j8U4X+X9+sN6RakpWLx -SVuZAoXnbfNHqoHbFToei8W9Vi2jSf7bOlRsbGPZcZtHwLonp7pDBAeHeSbF5dNn -BPWehHTQjHolqBhjzHPP2NxIDcIXkg00b6Ehvoc4XXAYpSvR+pmp1gGorUo57pbt -JSe2kVVRDwgPOAYuuWUWFFH9zuiE6WKxnb7ts+4VKRAVHCwXIjTpjN+Rxj+MsIDH -fPcCggEBAIRgZPwB6eI+rvYOPUGSeU681O+8/ZgjyAi8HSOk3dCc3J2fX31m/GsR -xM+FExbGYJ3BfdgB9YbLSI8eY7weJRodm0FoCuHePu81z4xj9yEi5hBodXhhDjQM -/xbgsSWeotQ+5lTmc5hgve1hl+3t09qNttHaELWASD+0ixBC6A6J4GB68ZKRIunW -+ZGiEvrNey6Uunf7T/Wgc+VDcA3HsniaY2yTZY/jWsmDxt/BAwUaQrNwAbHvm/1P -J04mvCreWfOITe7CURcLq4FMGzsCEXtdQ77/uJllew1Uv2Yn2WFUiqVxH+UicR1P -vOJ7/LvbOa8BlIMsprB2rz3PDSUSaIw= +MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDEJmr+ifN9GYPS +g84hfv4WVaO1Y/o6ro6j68CEyr1TPBVkz7L+Csp4i6AKSry6XrThBKqBjR26DFzB +JrbvRBUGAeyeMasgsKPASMgMaao9xal9SfJZKUa0mHmDwf1tr3zF+LKT+oyZINyg +kJmY381ZYgmPcYPkubzm8RgUCGuqCHHvM1VS1i4MB83BobKRdm6Id9TsilNCoJ8Q +CN00lZjU4VYv62z9ibrPP8gLmSstRfVPTBe16Syz6eCWX81LBPBQRCDfslCM7YbX +oNbLRaoiRpJ03Fh6ZqtZzpleNQgRH/X7x4ckB6TBVoXx2NoGvyRPuFLiU1I7WUol +6Qv6jJiQGB8A/Nen6kRFpfs1l+zLmAcfzWNy0AhZ/U1gZJvc6jQ/lFl6dqA2APv0 +yD8w1MYh7epN1ISHxGWHP7ntyOqYBr/Ad5p6BufLkNWfByNV9s2uXKohWocPc9d0 +qCmqAbTNdmQef9BZS0H05hQlQzNdq7Qw6Sglomj5V2BLPED269LdYpO9GhNrQ0LZ +cE4JxtTUN1qu7Dcj7ot80H4VbK0UEU7teGcwKeRoBLWxeqR16DccoF5B+KUp5qR3 +hY61QOnn0ruYKwoopyWpi5n/WDcZKnm6dmCXF8YtPuuYf9nL/kMkGDbhXam0EIkb ++Y2FCjJHKeHEj4PXdd/rU3/3asfrlQIDAQABAoICAQCBWBQV5UH6rGiQ2PmEfQlw +EOjzJApNx+2nij5ZUpel22kAITYW72a0Nt5B6yaofusntrv40eVYWe6QL8dR38M9 +QueVKYt+8vwIP/YquULZmQ464Bg/U0icri7zA2jqe1377hNUIVO1ZkYWW0Pt2ya+ +WjeTr3cZzKEUaMdH7oWQiiEXavJIvZN/u2Wi2c22vjIFK3/suwpMVT6OhEnZ8wvk +1PLQhp5IUhotsBFqFIa0Q/2PXM4F1szzlrXSczoczhTp2QMUf7E+PSM97YG2aSnX +kFHjXam6jRlRDztzM+Ut5bV/YgNrbt7l3vhUknqzGDgJmbKOLAN9v1N1zEdp4Gx4 +8KzD1e+5LPBI+C3qIWJVFmeBmRcPK4Oy2DmnpvtCePNexTOxZ6Iic6486TePX5RS +ZSWttjZssRHbfEgMnA/w1P7fdE64KayCBAxobeU1WDj442uCEDoQWLcvwQDt+AP6 +EXgw22mP5ZuqSTX+T/KeKi62KUP6PaonkBcAAYBxwQYRdSQcxxLcFZNGoGmpqGy1 +PqKeiKzIF/XG8YLjMzJlxCRL83EazLOchbPUBoSyGp4mBef5J9U/yjig+sKxMXzN +arKP/aqMBh0WeeOnaV7Y+C0ds6wiuAn5RMsTzfOmS6LqDcYlTkrPshYEvhdIMEh9 +AgShzcYkCJvB/UurCzoBwQKCAQEA14h10ualNZ6h949ui7ozJmrwJgkiGubqXkCr +9PDjoeLKscjoB9JdApWhZ1+R8X1TBcGYVGKMRVGAkfwv5RQkkakqIjk7yizLO40q +3MLFoSUK12whAfuHGLaFdIWW6rEfDLIvUxNRLNQiyNuzVbrKgTe/CgMb+J6BNhie +yuGFXy58YX7j7GXsu95cTbgmODut91XSZOMweoA/gN5Dv9TFndNRGgzMBIZo1Kma +gLVtztrk+ozf3qKsQjGrS27ErfwWzWgKjPNhtGrTdwYSpQwNdvvgj0GIPdyCM5V4 +O/Iv1tTceEKU6Rg3pN0+iTljsVPmJIaAoUf95zmDA7+SjHw3JwKCAQEA6PpR5qBz +/LflmQ4G1qsFrEyGFttzefiYfthjHIdgF/IoQJJVbCEZaNVPKfg2Zfa3oTdJwqTC +3lcmiSKhJbrjdS9MYvG1U1rrkrWpLl83uxU/7anUA6U27Hnh4lDdM7iaehQcvhGa +Xm58Hrw9MeV86WQVmo8TUjA7UMXra8c1QsMq6dPRb1y5JcXx4cEkwMs09/CYaO5v +9ztMn0aaejMNZLt95gATmKDzkcNWCc4XjV59AKD00l2fq+LbFl7+AgXNX++XkWu8 +tUIzrnCoqmlNV4TswmIfysSBukYm8O2mlYKfq8zyY2mYfmdkwoa0lwpHLbkTGtP1 +5111hu1db0dc4wKCAQEAzwZuVkPhEN3sqYQGJQSXOSGixoYjUj/Xgu0PvtjbbZYQ +KDDYXxr66A6d2FN+Nb2xT2gjT3rRTYv5uT/JKXrtnVQl+nWLLqlUFUGFmEMl3aFd +BosAMY1OuLgo/EGNMqUrM+C7gEqfwDWLq+8MFR60gOXxBEb0SRzG9BU2AZ4Zo9Fc ++7EMcPd+Kv5tHuHxJDZ+5YJz8yAeYqxpUvkrjklsACsITcNY/Ee2zf6TP2oFrZmo +M9m493q9h196L5yYIp5vsKFs8PKeONQbhso4gnxPOqi5jCDgIrt5/N5nfP0mYm5X +ztP1gOgYGq3A8cJENgJmn1LqnwAtrDob1C/hLjvqJQKCAQAa5Xs7Et8RF/Hrv5DO +i6P2Bkecr+0e8bI5QqX+jypq2UwIWFyARTn3vliLUdqF3vvIIufjDr5oiMssHdFY +18CWsMUyzxDN9LspjstfTSLT+FoPCAIwAYzbtB590DQZWoCLA3NmBgY6TKsLqVOv +RP0svJ853rauUF8orhDFupPNh1aW9BtDrgK596Y7F980WsFctmwCATTv5+qqoK4I +2Yf8TyDzwqKAhmRYOaLfMunJKlVoEyzwdFqQr3n3lTPh6+WP48stwLBihKgOxXbT +ZaDGL9RdhJKDCDip1pt8SRNoQ1JHtTtueqxeO3WId6C1pzwcbTdla38CHOoKj7Cv +vh9dAoIBAQC7/8tr3EntcFd9SEMU7i+WnIekDrAR3fMoYnJyMqyzWZkombc8lj7v +iilWKV3HnPvH8Muy2Iw5FUp3OUxOGGa1S1SJKSf7CdCvvdJBRLvMvjQ4BFuje0/G +rxcphxbqdmuOjieakNa24i41cNE9SESCfx3zPzMJIUFXGmdOE4sYts3FOErATZ+a +FXzM0AMrEtrnpScKZKiIcy9PqfaMRUbSfOB5e/4IM4kt+xwgbpa4jEBK684z/Kh+ +P2KEB5mwwsjXaWXyZzhA0S3BeNf78NkJ/Va/20YlBM/0rFzjgzOMHfOvFpqsfVwW +1PI3stXnaLqhAbfnoTRRyM1/QKwBhw9a -----END PRIVATE KEY----- diff --git a/config/testdata/server.crt b/config/testdata/server.crt index 1b86f58f..f1da09eb 100644 --- a/config/testdata/server.crt +++ b/config/testdata/server.crt @@ -1,33 +1,33 @@ -----BEGIN CERTIFICATE----- -MIIFsDCCA5igAwIBAgIRAMMSh5NoexSCjSvDRf1fpgMwDQYJKoZIhvcNAQELBQAw +MIIFsDCCA5igAwIBAgIRAJhzsQ9PS6cSzJuE6HX04fkwDQYJKoZIhvcNAQELBQAw aTELMAkGA1UEBhMCVVMxEzARBgNVBAoTClByb21ldGhldXMxKTAnBgNVBAsTIFBy b21ldGhldXMgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRowGAYDVQQDExFQcm9tZXRo -ZXVzIFRMUyBDQTAgFw0yMjA3MDgwOTE1MDdaGA8yMDcyMDYyNTA5MTUwN1owNjEL +ZXVzIFRMUyBDQTAgFw0yMzA3MzEwNDUxMzRaGA8yMDczMDcxODA0NTEzNFowNjEL MAkGA1UEBhMCVVMxEzARBgNVBAoTClByb21ldGhldXMxEjAQBgNVBAMTCWxvY2Fs -aG9zdDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANPl1Iv/z+M8jHHU -SggOhvCS/0IfNi82+OprwalmhSL1FyRrGeHDpKArIrHhal7oukizJq96wKTddUVu -hjPR7srSYX7J2oPznjb2FmLHnD8y+zxO83XNA5WCDB0yA/KhWHhDmd2pihTTZOo9 -jvGi3+LyIqXUeiwIpxuNnH2ghoUy+DTzNCknLkIKAVnDPoM1AI0Wu24rs14A8ZVW -ivzY/P8xGwlMmDndrrHwJzMSEMeH7IJi9hx4zJalpoYTVq6Z0Rv0+7SpS+iswi/e -MILDhmSvLw0R4x31xkzsPOtUsocVjgBCGGGHo70ISsAxsL6E9QFe2uwZSvbBKfou -JaM0txRIZahMeHy5egh2+J08vuZKo9PDBWwKwqQZ4Kb7WtgekiycLmFa/OYHLUX+ -Ow8QXu5HU9v9XlP9GV2FQDka2IuMTtS5JCEt5e9ddSb4KVbkRAhfL2snA+w0nmrf -CBlrlThFz5Evy5QNAo1ORwiE+8gNUc12EAu9K3TK9WSUYNrLCbkN3oBL+DVp8Y6q -quUpKEbElhsJ9V49Err3LPaXpz5aW7Th6oFq7UOB7chqKQ2SNl3/hTlNUw8wFb9Q -i8AXs+4SzHo41IEe9QZBvpeucVmdewbJKvNS8Uxs2wmtTq2G2Ae3qGzWl682J7aU -w1X6Y46OanQDNtDVQvGN1CW5kvCXAgMBAAGjgYMwgYAwDgYDVR0PAQH/BAQDAgUg +aG9zdDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANKg3RLmRpZ8XZhc +YGrU9SwG0FTzr58cb5SetDlkaEIaSuGetAAdw1GXVDGwqqkORqVhEJ8fkhxmA5so +SGfVRLeKH+SVQ6uP353C4x7PWe3SvtxoN/IIaks4rUHJHZLs3ceE0BM+muPw6CCG +rD7rmBK01HhKPiCYNklcJX9T4SlsQ7WHLx4pgQdeCDhj2f9hNRHXnl7dHxqxHu9c +YiC+3Qw0IUBYToU03qDdYqtiXnLoeKzHUWAznhsMJxbIyPI8cbmwPSBgWK5LqqoB +ZtWvn2mCUAr9nU2XpjBiPlclVSlROnEZATJyL+552icgrqhOt740NvRw3dXcrfQD +8SlLXYH9h7vZCF8lq16Nzrpalu8q25VFbta7ZQ0Cw7sjxivrm4448s8pN94eqoYp +aEG/C6iydX6uK2/7cdRG+e4R8ZQ/4F1oggMMP9GWY08ttKhv3nTLyB26NdYzoaEu +4Ef7Ja45hf3nxzK2iQCqjeCrA2ufWWi/qPwtYqUn/woY6zJ44R2qFo3YIoo5qwf+ +PdRbJIMWzUOSf9vdsdUHHxT+G7ny3KOI8NiJwdsvxTS21Fll87HkC8SATrsl9qYd +TdNu1P3XB3hE6qFQXl4pmZtw9dVuSi0DwwnRTKdleR/Qx+1XuJGLFqY7GER7ZYQ4 +3ethni02ZOlz1FGXgis6Qtmlr8L/AgMBAAGjgYMwgYAwDgYDVR0PAQH/BAQDAgUg MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMB8G -A1UdIwQYMBaAFMaaHh5g0+YopeLd1IkizXyK9K/zMCAGA1UdEQQZMBeCCWxvY2Fs -aG9zdIcEfwAAAYcEfwAAADANBgkqhkiG9w0BAQsFAAOCAgEAUXL/lzbgbs6whVrE -3wkp0oDGVZ0Jti1hpeQk7Slt3PHsgu9OQOSGcv9QHs0ybhkDWZQjoCH6Nurx5QaY -GnpNQjylfy3zAziO0c7C1uXf7Z9AEMQwbOHFLefnvq86MtnwJ7sadQo+ViwtMgOW -He4YhkTyu2CqK8GFXRQUNm/SunffXp5zErPCNQURh4hrDUGlXPzyxgx1DyqFvF4S -X8IpsoED3d7cbEL7E9dgXNl7wuy3qoPi9P9KydFTIELBGt1oco980S1attSM9159 -t9iUIUMT4EdzmZxpIyJMCD+Lz9Y3zWVyz7DTqFWOtAtmhM4lu44K4S4d/JfAGEal -3h3SMCbBPKwpsloO4r9TeGi2f+T7hfiFMdCezEyG8sXrObCDyVudyUnXnxDkZ5TQ -NOzqJaUJHeKzb+Z9WSovce3Pb8ok3GoDugmwqyjuN/rz/0jsDTJm18I6HHtONbUp -AIV/H/4+Kewc+Ztv97J7MeQB/2VKcY3vpZpMSEkg2ummRhXUfi0haxfoSCKvRwiD -BElUVtwHTsn3OBnKMGcBt32iLVsvbb/0AtNpohznPdQT7dqDVguejmwHn/fc4u4Q -vfAay/ACARti9XKGplQi7xn+OoYcAVPLYitYBRNEc6t+4f3EKehrDIMRCnxOFBVX -9Dnm1DebturSQQEOuX5rP15lG1I= +A1UdIwQYMBaAFAoAzCK5fa32Yi/QFHlVTvarRTuBMCAGA1UdEQQZMBeCCWxvY2Fs +aG9zdIcEfwAAAYcEfwAAADANBgkqhkiG9w0BAQsFAAOCAgEAwPVi2TjlgpW/sheF +GIsJba8hcBWzyHs8Ha0UQ2PPFTAWegnPnOt/9oiP+eBLh3Ej8CTHCEzmucrbU98q +hZHAw3TbZiBsicbNUlzdDqdUPr3hbGfPhwRAiytYx1rnuSocWxhue1gPEkoWZV4R +hrpCZBHCm9eLWFOXPHRzLx/NjR3Vc6JZXrIE5lD2rwThANawMkpqzgvilGvPdJxo +ueM7eCcacWblGCePwdLPQGnrV8gYOU7xb4lFwpPRgRU60S1vuUx8B8nb4NLxU2DL +i4v5B28HntzX/+uXOtSRoxyvjhJTLyaA9j6mUJtTRJ1BKRTLFlA+7AzHvAg3R4LN +P/sqjDptbP0y8H7t3vRzVPkAUZ7fVXtIvQB15ycjyo5fNDotX4zyQI1fVztkFSxF +DgePisY2fMu6PZw8JSjHem9MEt4DSP+Kc+r3RW44N0py22r4c8/fE5fHAFXip/sH +C6J34c06q5reP3jtczc8wuHhBpQr/ctz3QJS6VqlenfJKnlUjDKvBqp3qeNkzX6t +TGdH6pIfLg9tTUqOI1qFHBxCexP6urjRI/U75/ye5ds/qiPi6e4o0XSED7QrMhFO +atPJcGQ7C0vESbjVJDvhxVpZ+uBT7Gopbwg4NeuPOCRG7XsBsba6s3rM2DJKl9ly +8xsFhNDnRqayXTMnwTfwhoPRSSo= -----END CERTIFICATE----- diff --git a/config/testdata/server.key b/config/testdata/server.key index 678da7b1..fdfd056a 100644 --- a/config/testdata/server.key +++ b/config/testdata/server.key @@ -1,52 +1,52 @@ -----BEGIN PRIVATE KEY----- -MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDT5dSL/8/jPIxx -1EoIDobwkv9CHzYvNvjqa8GpZoUi9Rckaxnhw6SgKyKx4Wpe6LpIsyavesCk3XVF -boYz0e7K0mF+ydqD85429hZix5w/Mvs8TvN1zQOVggwdMgPyoVh4Q5ndqYoU02Tq -PY7xot/i8iKl1HosCKcbjZx9oIaFMvg08zQpJy5CCgFZwz6DNQCNFrtuK7NeAPGV -Vor82Pz/MRsJTJg53a6x8CczEhDHh+yCYvYceMyWpaaGE1aumdEb9Pu0qUvorMIv -3jCCw4Zkry8NEeMd9cZM7DzrVLKHFY4AQhhhh6O9CErAMbC+hPUBXtrsGUr2wSn6 -LiWjNLcUSGWoTHh8uXoIdvidPL7mSqPTwwVsCsKkGeCm+1rYHpIsnC5hWvzmBy1F -/jsPEF7uR1Pb/V5T/RldhUA5GtiLjE7UuSQhLeXvXXUm+ClW5EQIXy9rJwPsNJ5q -3wgZa5U4Rc+RL8uUDQKNTkcIhPvIDVHNdhALvSt0yvVklGDaywm5Dd6AS/g1afGO -qqrlKShGxJYbCfVePRK69yz2l6c+Wlu04eqBau1Dge3IaikNkjZd/4U5TVMPMBW/ -UIvAF7PuEsx6ONSBHvUGQb6XrnFZnXsGySrzUvFMbNsJrU6thtgHt6hs1pevNie2 -lMNV+mOOjmp0AzbQ1ULxjdQluZLwlwIDAQABAoICAQCxGs9jlBQ1YU4hdcXKphmy -yan/ogavv8qcZCQhakasyRzmm32ubM8T7/m3oyg821eXm+Uhlf+dzFtQBOi2NyjW -7LAAQMYas2vxlA1x0lSNnhbOeU6Tjx8HvwJRBJS4HpLLMfVQh3uZnHYkMf9fhzqJ -fMfowoa6dyD0ro+1kI3elpNN7lgSbWUEXUhztfRxxcMIKY/OrUflsfQ5VXQlkVck -E+78/r/c3aQ9pPOeg+LyYnETKZN6iJy27Q0Z0uAIXxefvksC3N1NQ9eqGpOBN9sE -HEe/LMwfJmTvtiPUrZ3pueJN5PBr0+rO/Dc+HEoVcxs0Yguoehtl0l07dYaPumep -TmXdrKvCkwM5cwnbXSWrCpqMS8Medb3zWvNnWO/mjRwTZyhmNdscjh3Ilvo+YCus -wM8HJFD4FuMtL3GtIfoKeszppACTkOOYiViGHmKUiQaSEwF7nhuIQqgN3ULCP7Z5 -mhL2RhLWacPfATITNkm4g2o16mFohZ9HPZSkPGm8rw7yhB1s2emoocXsms2iR1oa -mggNnUS3m87Z/HmOEyObIQZtYf1ZNuVAGGP4kmhhtNfMTmq3CPYM3oMRR1nb8Ci8 -zYwjEIvLYuDVlZFff4+IA7tCBZPichieoioaxutnYtO+nvuzDRiitL4my2EcXeE7 -tcIunkP9u5BNiXsfNcy3gQKCAQEA3X9eZ/IPF9Rrsjwtqkt7Oxn/uJ8JCotVBLnq -SCd7sCSaM06jUzMjMoj4SYyjzBYLycH/q+euT4UoPdPMKCfwx2NgR87MfuehWzwG -pmPbAbLJtLmZ+M/Bz5QzGS3J3f4qYxLptLHX971JgtTdcJhOAc+p/Elt3l43d/fr -sMVrZ8hqHlXmA6WuwqHjHnGP1ML6xFfsjDZ2jQ3VEV17XKtinucgitvkVuHYmtdQ -wm/yrM8vDkyglgk47j9CyfQdL10elBxe32WY5B0g9TmhIMypmlJk7inPPnAqJ4TF -JJBMvZOB9cJAjrtsDN3tAW/1q+wPF1HLwurqTLluZEc5MVjaOQKCAQEA9OenKlxB -5HiANjH0riaokFDtjC27iHoeBkbEt+CyegGXVHEotVcKnG+N4Tw/GXcS9m33vu/X -Lmeowp/Z2BKxB7xvw81jQh8gEoUHFlH6DgksTPjVVSEa4wnESrqlFjRquBexpU6e -X//xVD72b0txAqJvpvtbxZC41WIwUBTBkHDlj2hegEzUvgzdO92FPRUDrAgB0wSv -05U6fh1/4c3XTHqIHK4/gxiVRmjnpEdjEbOZsfbN8LGQK2eq4FkIS870VKigUZ/U -m2YB+8PKKyqKdXpWQHMZ9QvXoU9AwMw4Q+NEk4a/ZrnnMo59voKP1Qoqhd/rEAP7 -xa1AMOAl2DhhTwKCAQBdY4Z6bSTP91AxJg5a7thWYu/e967oMzb1dy3AnmUYL1aU -q2NRgQ4mEHofCJ1HP0RZHOKfqF9mR85fwx0hETYD23KM1DSEjUULIpPrM87zOF6z -RE4XCgG9c87XnuauIqvceezvssxMOBL2hqmW/6BkQxp4tL0ONMtOWcmWDqbqayXT -BISmpQS6K2eHPnpWSp9QiYHC3HO/pUVgvPl2aQx70xd1dKEhwLeDEaWLVYgMNI6y -iLxshhbq3OFcJQDpJ2ntKMkXh86e32k1+8Zj/ebEmljT0ez/dmtPnjtA31Z71+XD -qNNvWraD9k4nfP0oL69tNZ+j30hKcSSKQz1qAPyBAoIBAGBaI3KPCX2Ryx+HV/SM -URU2Qb883uM66EUf4pVVWeKWbatTOejebdZOLUvIICsspdE+QpJkWgxvy/2GVnak -I/IfOPmX/M0u4bdnjvpBFlgfU8aUv5nWhHV+ijO8aubpiHMVH1ciLz0lvRSgEOSI -kdWvgq33houb/Jw3HTrkb6McR7S8IzHnCGwdM40yAhGeCuvL2qvi1CoyM+kaQg3c -pi/4pURjaalyKoihDUGctGVqe7WAnFVuBoKNLrVFUfZBXe9QyIJUl5jr8SvUQ93n -xsGhd/2zSysVlahpPdicgCZ1a61+/h60VTmWxfIF/ACdF03EYv7SEmQbXX3dMgZ3 -aBECggEBALXqdEIkb9pBhwCvUHFG+c/IKBhS6j7BUj9PrZ3MATPXHo6Iy09d/dlV -psFQzWVvBmf3pcI0MEi7xdUMSN0jhZ8xp1owDlOQSM8DCQPFLaC38sfhZNThIfz0 -Q+fWYPe1lkRBtMVSokN1PtE5zETHlUKkh3fdQs0wihX4Wikc64rjCgXqXc8ng8Lk -NCUNBY/7pNfrEm0Zxz+8CvmRaBbL4OT2/hFsdcMiO3P24mCdAPgJ4v97pr8KxRHe -SmOyiSdaAyXHr/6+3KgO5pX8YUn9WiTF2hxo4SG3NQuuva0SBZT9B8iFXt1uFUtP -Rri7hsjysanKPyaPM1oofbRyWApMyRo= +MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQDSoN0S5kaWfF2Y +XGBq1PUsBtBU86+fHG+UnrQ5ZGhCGkrhnrQAHcNRl1QxsKqpDkalYRCfH5IcZgOb +KEhn1US3ih/klUOrj9+dwuMez1nt0r7caDfyCGpLOK1ByR2S7N3HhNATPprj8Ogg +hqw+65gStNR4Sj4gmDZJXCV/U+EpbEO1hy8eKYEHXgg4Y9n/YTUR155e3R8asR7v +XGIgvt0MNCFAWE6FNN6g3WKrYl5y6Hisx1FgM54bDCcWyMjyPHG5sD0gYFiuS6qq +AWbVr59pglAK/Z1Nl6YwYj5XJVUpUTpxGQEyci/uedonIK6oTre+NDb0cN3V3K30 +A/EpS12B/Ye72QhfJatejc66WpbvKtuVRW7Wu2UNAsO7I8Yr65uOOPLPKTfeHqqG +KWhBvwuosnV+ritv+3HURvnuEfGUP+BdaIIDDD/RlmNPLbSob950y8gdujXWM6Gh +LuBH+yWuOYX958cytokAqo3gqwNrn1lov6j8LWKlJ/8KGOsyeOEdqhaN2CKKOasH +/j3UWySDFs1Dkn/b3bHVBx8U/hu58tyjiPDYicHbL8U0ttRZZfOx5AvEgE67Jfam +HU3TbtT91wd4ROqhUF5eKZmbcPXVbkotA8MJ0UynZXkf0MftV7iRixamOxhEe2WE +ON3rYZ4tNmTpc9RRl4IrOkLZpa/C/wIDAQABAoICAGYFhQ+ieo5pruwd0pXskNTC +eCat4mMvYtyaArHJ8LYUBjFCre1gfTsIEb//0qoQQCfa3DI3GI6o2xZMbMXeh2pf +fRM7OYvgJHBF9bz2sph/e/NGh9K0QMguq70xrSF9me8KZb7slBnUlpsqoEPZ2c81 +x7R8QZuIHsNp3r/N4UIvLpy+3hO+BsGKynCF7RHGA+6gghVxBZ/oKxPFq8IwsOE4 +XuLL4zyiXzOMCD77ZsRB1jHaWZA/cFWpjUV7+9lZbbyDoRgNkubZv9CY3Taj2pNA +i4THU2pCCj1lWMzdSGK69ZPSiMHmjVD1tLU/H1pmxplasUO1Z74vJhML1cQqvR9Y +tI1XueypBgUEnWHOQ1kvsEiO6J6PGJCnV1gWTlTujHsssCVz9My4rg+MvyMPUyov +WJtDIxrf3UVjbsM3urtdjrdZ6kNnkcQUe+L7MV6cjM7qh2A2evV2TzLJWe89q4nT +jwV/TGW8+LifpgzGJHWJ7jFc1HI2IDik24feNAGZjmdM4fAWzeil35FKLHe6tkbu +4ipDb4NoESS35wlXExRVDlQP5wNTjpqpOsDGE+JpNZRju0JYoN1iqXABxF2tcbvG +wQ7wb3UdGJcdaR9em0cPxT9hcCnpAexM4SNThTgaDXgxuGFexuPP3AXJaY8CWJ7g +GNaD6z7/cz99mMluO2ABAoIBAQDk2osJ1V+NGJZMimQiyqyp/1/4JhhIh2sGVooj +NcrEN2qlI5f3E6LMWlMWvtWpe3vwBOTYkEp9BwwFY/nQwuTAO8SZHCFfhyeY16GE +yuZUq+EpA4PsX+mVWcdAcHLQu7uccIFZujX7lz+k5A5bfxvMjaWSUHTcoShdoEP3 +RblGe6KiLQVImUBNg2hpqluhf6u1w8EAgZEV2qxPsl8ldtiUhl2+Zk4SbE1lzzvd +rxBmtsW/HrVXCPNwDtySHNWi3IcMqsXgJn82xAZoWjyv3JKXQWFnp3KLGmnh5uom +xgzLkoe4oBG7GcgvMF+zaxLRthV4C6IN/S2N29NnZrANEMzjAoIBAQDrnOJCPMT9 +15J95IsG+2zuNAM+b5pi7/UVZPAeMIwEioMdyFwQ5cZPQjKZQMdSi5T/UhBSAZ02 +OO71z3LpdPuwmAqMB7Wo8A3PnENov75hjpz++azrCS7NNfizftwzfPvpRUjTlXZ2 +DbV4g0UNDicw9ZtYp2ABH4/YqLxgIZqiyJIJYtkipjJHcYBGqJ4WLRYMD4Az2Zd+ +Ymko4NRQKCSoYUu9rXuKzXBvdy6E2ZqRoAngJ5dCR2i24fWVF3KObUr651xRKopB +wB2DT2Vm0btEWrzYoKkivvi/2ZAUAMBLlmhHv7do9bDCZwhZMiIDt08HMJSV04Ec +24NM/J83jMg1AoIBAEiS4YrBxqZpCKjHLlA2M6FJYfbApezCPPdqlC3sThwBculh +qzxoVrU1Y6oP5JP1m+0WsDfZMjYJ+Q7wkHVaiM5JZeQkHpU7uBvpLch9y6NISoQG +IFziYaHCMcTGpDJ7hlhq+SoqOhpJ8Z3p0H/FhFxPAxWuPBEHblSakVMmIkYuyPlj +C4zlRJYQORlhM+O4KAzhQiBV9luW2BQB/dhUowQexDWwHcwL2lOR72syrCHWjkk4 +hMtQBFsh62LOkBUwmAc1VMDrlGYaremDzED80uPykOAdIt7oBnHkF5cqMT6RfkbX +RCgwWeJVFdRA/VvRwWcrUT3cbwjQkG73CpdqH38CggEAVT9OHeke3TlCJ4qpQr11 +jDoFcnGuyl1Hr5X1yvaFsp7rEbuMlBCOz96DsC9f7t3R6w8mGIW8/AFddFK6oP1S +k3JvXnrrn1Q7qwI+4Yd+uo1/AEIV7nREGruMYGVmBrsR6jTHRMavNceAATp9oVud +knlK26izc7SXtyxV+/IsoPkw3XSGW6MGThMi9m3LxPpLH9H78MapqXCx27h9GQNt +P/70CIzcRjxOkgXtLuQMqOPertukPrbXjFP1Jxx0tlOU7XMIU9WwcFmyU/BGIA2C +VBkAeuCmUYwHNGLjXllnOfIRiOQ02CUM70mYG62n4PBSB6fsGsmLzYUe3JwKf27Q +gQKCAQB/rMm4fzG9632stM1LfDICF7r8veYrzW4Tx0pwfR0tPJmB0AB7cjBYiPd4 +KnwifNthduhLsQh90Z3E13GcsOtRhuJanfnmZrDIw3Yh1K0IukfPlPEyqAV63Kbb +2pFoDFffC0oADTRWkEZvDIoCyiTzxzGCUrC74k4/v6VQ7E+W34DoSfMDJ7imaWQ2 +vX+ynPKDIYpW63mOSfUpyQ6/aF6LEPcUmhGGssnu1Lh+gO8NGMGjsx1VLTK7mjQ2 +pGS4Du/lFwRi+ssnZcOvHFnCvwePoma6YcuRK7mYGIrUKBq3URIes2NxAeNpuwUw +m0RIojd5xiU0ak99bluF3jB2Zte4 -----END PRIVATE KEY----- diff --git a/config/testdata/server_revoked.crt b/config/testdata/server_revoked.crt new file mode 100644 index 00000000..54651cfd --- /dev/null +++ b/config/testdata/server_revoked.crt @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFsDCCA5igAwIBAgIRAJhzsQ9PS6cSzJuE6HX04fowDQYJKoZIhvcNAQELBQAw +aTELMAkGA1UEBhMCVVMxEzARBgNVBAoTClByb21ldGhldXMxKTAnBgNVBAsTIFBy +b21ldGhldXMgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRowGAYDVQQDExFQcm9tZXRo +ZXVzIFRMUyBDQTAgFw0yMzA3MzEwNDUxMzZaGA8yMDczMDcxODA0NTEzNlowNjEL +MAkGA1UEBhMCVVMxEzARBgNVBAoTClByb21ldGhldXMxEjAQBgNVBAMTCWxvY2Fs +aG9zdDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJGAv9axdu5lGDAF +dD2C1vpgNd/HfERW66zf1ubV62cBgZUSiQGYsFeVi+tokD+RPSb7nB0SF3pczZgt +n2ktH+X7+Y1Le8ETI44ttMho7TWlti2m73he8eWUxoWV5XDjZTEVCYZYeiA6cgY+ +Vzr5fe8OuJcm5X6xfRxlH0BnhVwG1VNdj2wcxKW1H6TSBPV6hzqnXiHh7/cMUqfO +4cCnYOfBhandd3G8HRBGvnguP/n9EkrWQY6wfWSg6CMot14kofJ73ADlRrr7b203 +07s4ruWzyZv4RMLpkQfz/UOPwLM1W/f6FNWY0f/DWmbrxXG3r6sdJCw3ESLImTDD +rdSnFK/LphZSfNSi7OzSAqnhF42dS+hg0cXOLxue/TMpg+RAqJveceryIcMigYhj +MiKDX8cJHBYnrZmEkC+UpDzugxxdqhOR9RbgbbHIE6q9TAqNUunOXklQ3OxTHw7d +0xqT3fCKvHMpp5gnz05woayyuLbYfqivonlTnuTtzv7g32cxHEM3CvSPL9Y5T8w0 +FvT+qFu25iG0Cn8jJ+X0tsE1ItX5s2tRo+sZesI9kSQ75yiGlySLtRYY3d/lLwQz +ZX8XRMwGfgVsW/I21i/FNpCiLU2hoMpK4evCAZa4Rbh5dJ2qpgQaERCI1IH6Zxfp +Zlad5fGXJXH3OjRO6qukFqUJJiDhAgMBAAGjgYMwgYAwDgYDVR0PAQH/BAQDAgUg +MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMB8G +A1UdIwQYMBaAFAoAzCK5fa32Yi/QFHlVTvarRTuBMCAGA1UdEQQZMBeCCWxvY2Fs +aG9zdIcEfwAAAYcEfwAAADANBgkqhkiG9w0BAQsFAAOCAgEABq5gfNmpPrYz72oC +driGu3AzX7jNjYOZ9QTRSN/MzpxR+UkHn/S2u3DCrdWYG8tXzk//UJgqxu9THvEv +NKyTkQqM7rrNelu5tUUDqz2B16f+rCtEy1ntQn3ofNhPI9zjfA4QBkVTD/eZBrk5 +iEr8NqoqunrgbFkzV+WG3lmwVVYzgmp4/o8kxB7oIrdPvns4cUEDd9lf/tFJPX9x +kcCRYeFPH/PwJUqmTd5lL904UgczPP25iLjbG/Vt27QwfFMbZ5Dfpz3oA+MHV8PE +aYsqRd+JLcCGbKqSt5Gawy8M8eCsmznQqwfW70WLPQJVlWeLmK6uwJJDmmZMlIk7 +uCXvYVTmgvOGZXfBvrAcZVDdH5W/RBKCmFvVzGBllHzeo/Xp41z771oMCc0Paz1S +m9gN1RjQlJI/SF75t7jNgJ8TYMsIudHzJmHnroqbufMMZZZY83FzGaL+Yr3CEGU+ +NOT08cFFWp4o42Tx81oOK4Qhcn43lYUIiXHrXZgwNR/oaValS9pxVrabdYMZxuBy +0Uj/RLmVSlcRfZ17SPk+BgLtldQyJrmF1Q7uR7M/Ggcv49qX0wbEkFnEI+oQDsqR ++Xmd7UAJRyOLjZh9xYgpYKjarHMnqwCHytKbLjYmz2czfaMDnbSjVdlEbMvCSW5a +4aTZryalxu/zBs19haqwrlxQmc8= +-----END CERTIFICATE----- diff --git a/config/testdata/server_revoked.key b/config/testdata/server_revoked.key new file mode 100644 index 00000000..8aa48603 --- /dev/null +++ b/config/testdata/server_revoked.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCRgL/WsXbuZRgw +BXQ9gtb6YDXfx3xEVuus39bm1etnAYGVEokBmLBXlYvraJA/kT0m+5wdEhd6XM2Y +LZ9pLR/l+/mNS3vBEyOOLbTIaO01pbYtpu94XvHllMaFleVw42UxFQmGWHogOnIG +Plc6+X3vDriXJuV+sX0cZR9AZ4VcBtVTXY9sHMSltR+k0gT1eoc6p14h4e/3DFKn +zuHAp2DnwYWp3XdxvB0QRr54Lj/5/RJK1kGOsH1koOgjKLdeJKHye9wA5Ua6+29t +N9O7OK7ls8mb+ETC6ZEH8/1Dj8CzNVv3+hTVmNH/w1pm68Vxt6+rHSQsNxEiyJkw +w63UpxSvy6YWUnzUouzs0gKp4ReNnUvoYNHFzi8bnv0zKYPkQKib3nHq8iHDIoGI +YzIig1/HCRwWJ62ZhJAvlKQ87oMcXaoTkfUW4G2xyBOqvUwKjVLpzl5JUNzsUx8O +3dMak93wirxzKaeYJ89OcKGssri22H6or6J5U57k7c7+4N9nMRxDNwr0jy/WOU/M +NBb0/qhbtuYhtAp/Iyfl9LbBNSLV+bNrUaPrGXrCPZEkO+cohpcki7UWGN3f5S8E +M2V/F0TMBn4FbFvyNtYvxTaQoi1NoaDKSuHrwgGWuEW4eXSdqqYEGhEQiNSB+mcX +6WZWneXxlyVx9zo0TuqrpBalCSYg4QIDAQABAoICACtIycjschzpJhDjDnld+uXw +yRYRGf6afPGohR2Wdbjm0c2u/eLjsVHcwwr8yCyg4DhAkWh0gVd9VAv5RnrbWanp +E4vc8Ku3LdSV9DnKPQbAjTl3d7WvSParE4OZ2++BNhEr2PGGUI5V1KXW1cxNfBEp +p/APOiY+VqGj03AtW5bM0ZlDM+9Nf5JsF0XI1IDSOnhQYchilihAGjahbLcLE+Dd +yQ2HPIkxFNRKt065M38CsfZhVo9EIYlV9LjA3Au9ig/AmOoLSsdFFRjAitQfQKhE +m60yZgI1yVc8VhNLKGAnd3yFgL0qAQ685p/Hc60on7GfsasVlptqYWgITiX8rkJK +1pymtmCzBYIwwIIdzjJ5/JKIv/4vEaD7BibFN8Cg+UQRRy+vKmV1qPwkDVf987A4 +QaC0r4STXFlFu1OsHUPfqlTJgZAKJTMWrZ5xUuaVJM7dZuF6vuRvoUalBSHXEOYx +8dVhRyD9+5K1SLKfpUNZXI6pRq5ctCJaboMnegimBznghn/3nrZXw4pOvZ7w2rkx +iI3CQuF+IaS48Ha0NockJ3Sw3zdY6vFp7sixN5GXyYysQzOlvatCl5flIRfYVJwY +fBLxLAty45Q/EI6+ovYNy0K0OIZ5sjgpmukoOJL5UIEjagxmfitmZd7BdcRM5LdS +nEvm3BBb0v9KG4z6mC4BAoIBAQDA2FcV60kTFkNcXk+MwFgZuAeR8A4w6Tns6lNN +Ii94ptA0vMbvfUizuPhajZdM3PigK179HQh+ZfiZeNk13gsPgl9b/aZRPharAFI0 +pMRVAkyVNKE1Zc6w+nlzi3ZR3y1cxfC21l9VZ5B52sYt2Tam97S3Dhbu6cdipT6x +qt1bCuBb6TWvRtIMg4Aq89x0bfRfXR9FxujndZmZGbpmYOHZjR9RTCn6Rj2AFVE1 +7XWc8qRUCeJS2lV8ZxnbgQ++Nn8XAxnSWNbDzB/Lt7cBOzWBhnhHnC7qs4yGJN4K +9qyW6qX4/d5nbMLYHHLiuxSxH5jlYCra4lVJAlDcoARXr0bpAoIBAQDBJ1vlp5zg +VAUVYiKtNNrbGC2h/k3YGhOIK9ok4jUIy9cUZI6MwJH2a3eYv3ziHBgZ66kcsg9b +qULS+yeJXHrrA51CmAlastiezK/XhrX9VsJhh8sr8+ws8LaHA2A8tPNA+eFD6DKO +lwET73MsNvc64Km7KXN4vRyDECahvlvTINRPagL4TGruYBI600paMyDniC2sVqf5 +Di1VxIdt1d5YeSsDILTvRgfhTVvmWk4uTVuwlGh+q2SWwQ3/UxbhI3ZB1b27bjHW +owXAE6Atr790pgbOSUYbyVdADytG3c7OkK+zDHmpF60BgAvFYBK5Sc9oFcNx9Qgz ++rJtMMiHzD85AoIBADYrTuMIUWF8KnXCxCOsT9MBn5a90K6qhKvo8ndDOARzDx8R +O+w/y/E37wM4rJxZobkUFb2RrzYaHKe3i4QXGBJGM9UaPeKqRyHHmE/TTJb4a1yq +CPJ/43xRD1aGgTjkMNDThRdGxkauLaYc7vgoALML94ZH/eckYe5yrlanwT/2oSkQ +LBVNFmmPcqweDfnifPdgqA0on3mMzhV0ZaimZCqA+qASfeQgYNweoM4+IoBwo/o7 +QIi3bbXhHCFNcoeitTZYl6M/cyxSpUfLFivRXulARX8P/xnMT5fKuVhpC/fkd7Sm +UxfIND8SVq8bj+dlEcS0q7UKSJyWevJOPIoI4SkCggEBAJSxzBkb07UOeWtgxPk6 +O1F3Z4nRz/OQ/4BQ4fqK+fDvm3/jean5hWSCjutUXrtijVtHBEVG/nO99eed2W3x +d978RVBC4tCj5gc55BSza96/r5yNgWcwvJxMIvgFLU0OsEVRGI3Cb0k+DmJeb/eV +yPXWhlPDMVW9n/l1sYfKl74NA+Su4+JqUdd4tg/7IL4XpjkXqLGHdIBS3autQ+TW +Q/kwLmCWCTQ6YU6c0yaeVplmjDN/zIHXR/SWYkQwnuhq+FruRMXJqyxlC8Q2V5VU +Ort+JLchyYsSkMyL4PEJSG/VCq136SC3TUReYrFrqH5jx/uE5ZUQ4WPClyFf8MA6 +CGECggEAZRyF7w77w2d7u3tObGx6G4wF7FUI+HcQm1Y3voWPeSnwZSX3wU8cVUBf +NSbDGaLpjsBZRK9es0iBGpVTk0LNpTR/4CdMwU2nSG4qzkE7hlMdgTNnpV7fU7Nv +lg67f5hpQWG1H2Q8uHl3EWX793T18DTtxrPdgeZwkl6y9PUT5vFFoiU9V56E1VR8 +aoywhbuv+AgbBvM+KaUVLWONhRv/uVPXRkT+oJs3u/DBCb0EMlFerno1pEJHYdsc +k5jNG7atq/1OxUDytKWITBhCyCBOdbymy8yzB7ExCET4t64+C9gFdt9deaSEmXyV +R1B9WgmlgDHaJ2TfG6iDG2mQ2LbIrg== +-----END PRIVATE KEY----- diff --git a/config/testdata/tls-ca-chain-add-irlvt-ca.pem b/config/testdata/tls-ca-chain-add-irlvt-ca.pem new file mode 100644 index 00000000..32208b5d --- /dev/null +++ b/config/testdata/tls-ca-chain-add-irlvt-ca.pem @@ -0,0 +1,100 @@ +-----BEGIN CERTIFICATE----- +MIIF1DCCA7ygAwIBAgIRAJhzsQ9PS6cSzJuE6HX04fcwDQYJKoZIhvcNAQELBQAw +ajELMAkGA1UEBhMCVVMxEzARBgNVBAoTClByb21ldGhldXMxKTAnBgNVBAsTIFBy +b21ldGhldXMgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRswGQYDVQQDExJQcm9tZXRo +ZXVzIFJvb3QgQ0EwIBcNMjMwNzMxMDQ1MTI1WhgPMjA3MzA3MTgwNDUxMjVaMGkx +CzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpQcm9tZXRoZXVzMSkwJwYDVQQLEyBQcm9t +ZXRoZXVzIENlcnRpZmljYXRlIEF1dGhvcml0eTEaMBgGA1UEAxMRUHJvbWV0aGV1 +cyBUTFMgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDCuw6dfOUW +ogpZcsw0/6kH2AWi2STZnfPoib5gkoGlFSDyHPNugIS/aynHf60/LfmwbQuOj06A +/eIgYVN1n0skJMOVITkbVzPS6Bbo39b1AfL3jhRDu/WGlXSlRB+joUhf8pP4aaZz +lZ404lC5a8E0qTqsWVUchQMOdJtisK2cOhVAdUwNfB/2tOqAMr5iQ97J0RivD7Yq +7y/l/ylmQv82tVR5XSiwWa71GsNLMJyv3fl7KrLb+ErbgQOfkk1XuGpE8/3oTNhg +u/2fSo4lDbak9NMrBryGYpzYnNX7XBeR+cEigjUvwdQtBIX+jC+qn2IJqvZF3izL +qWJWYISfg14RJmB2A2Qdp3+363KQSmOh1kmeu7NeVWdIYRiR2+e8a/E/Ez7n6k9m +a7xkljQtQc0eNz35ob2R+uCNgTkR2Fjy8HQ8jNjl3YTd5WMTdhvx/74hgbaNV1nf +VeAsEdoZTf/KedpEwcgcwCVv6MNDsSu5NAjA1lg+iA8hyalCXRsPbiNVYSk52SEV +r+DNw63NdaOE/roQ37YEsWgTiq4zrcnhZl4tSmhag/l1gKucnGFzxP0Mg77gNgyI +XO1r0BX1XUJ4eNbKwRju7CV1FjRI/gv3lqZqvEkYX0LP1ynZw0dN33b2ERdEi5YK +k4wqk46C4oSyDK/BNH606qclLNHLoEl9bQIDAQABo3QwcjAOBgNVHQ8BAf8EBAMC +AaYwDwYDVR0lBAgwBgYEVR0lADAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQK +AMwiuX2t9mIv0BR5VU72q0U7gTAfBgNVHSMEGDAWgBSMhVqDR7dPJtKMdzbWb8vN +H327VjANBgkqhkiG9w0BAQsFAAOCAgEAGWjhP8z2LJBUo0jfGGBMxUNhiutosvvk +9XqVqRG6R+TynzR7Jsyi8Jf5ued9UUVavq2urqx4ar61etH2c1at2AQe4FACrrWe ++Bj5iMywEc3ypKKy9zLevvPM37pVBWCG8OlvI0WINxfYmZh9rR/xD2+FHbw5Dbyt +VUboFRVBMxDHgvkAPMRmJQooQjxBXY5ElB3DTHsyYrDGOQskUPrn6m1gbdSbSqNy +Mxmhaxw5i3CMBaKHUQ7ztm85K8d8ZV8eojCNcRFNTDYT3/x7zIxtPpZKux2Kjm4T +S6kY3seZSjFurs2YkMvumVV0M8PsVNvrw1F1otIMFdR8pj4gA0lAcil/QdHeg/Tu +GGv23QedsvTQYYhx7C+t+nh+M34vVV5DEBa9p0TKXzS2QJuzGcEtuTuCfJrbVHO9 +dRCLNEC2leCc1EhBnMj0LjBTRjOluC8y/08nzJJBNoQlDUrL+kZ2STvkzhJ15PmA +uddX5wleINDx+qc+e/hqf/o28o5dsUf0B4iqWo5dzKRIB4eeVu0WG91r7NMDgIe/ +bn42VolPjHquPgibE2zDISFUBukJsJIakOzkHbkorbupIaa5n0uzDs9D8wg/6vAR +o1VgW0XC0KUTmCiuqVYbAwsm7GiJcCOIP+588/RvbVvAqQkpN/PcQJ2uT57cXPxY +Rq4oaSeLcio= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFtDCCA5ygAwIBAgIRAJhzsQ9PS6cSzJuE6HX04fYwDQYJKoZIhvcNAQELBQAw +ajELMAkGA1UEBhMCVVMxEzARBgNVBAoTClByb21ldGhldXMxKTAnBgNVBAsTIFBy +b21ldGhldXMgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRswGQYDVQQDExJQcm9tZXRo +ZXVzIFJvb3QgQ0EwIBcNMjMwNzMxMDQ1MTIwWhgPMjA3MzA3MTgwNDUxMjBaMGox +CzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpQcm9tZXRoZXVzMSkwJwYDVQQLEyBQcm9t +ZXRoZXVzIENlcnRpZmljYXRlIEF1dGhvcml0eTEbMBkGA1UEAxMSUHJvbWV0aGV1 +cyBSb290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4PctUOlH +K3x4a3EmOwP1PhBYc1D4TaSmR35Uer6cosLLhDI9YW4kBuAsdavjUyGYHBTOC3h1 +YnaREOLs7fCOntRa7DjxwgKdVvu1YGFrnXg/n9AsXMtkEPenFJYhF588h+xQD4Kp +2KISOYBe/QEyj7ql/VESrfHLsRL3PZOjZyuYV9XQH2B64OnGnwZpALKuD0aesUor +iIpGghnvY9VlJa2yuZb77HRetrBSusaOO4SFuvatA7OD7o06CM8uad8nlTqiwCX8 +49mT3AGjzZezSTZO3LvXVLIhjbzDWjceXH5zdNL0FRmLYXRRo9iQ7QrO2YP+hVQd +m13/+/S+YkyWzhi/G1Upx2aAPUErS1c862yGeqK+l55qRfAnl7JzIZmcqAZKtwL2 +ChcupLyoY2UYFBEFAFFjfqlyHt26QCiQ0RASGy7pLjWo3dDqPAM0DLXQfZO38UQl +VGeK0X3i8BsgaHI6AHhp12Bzas3i/zk9YdevlMrbQ04/OmxFXyUMPD3k2nornjcI ++fnOk6nGyGAAAtVk9HDdP5Z9zyrtQYhUOe4BT0fi5gSnvIZB8Bq5mzdKK4xiFhrA +TqcyPSp/l4HQKYgQhIuezO8eMIuBWvDNZ17MNf6LdlBDdvFGWM5myPUMk4jllEZ7 +RAItzdKd8sV/9vPd5r7knFF3W4QtYeFC1iUCAwEAAaNTMFEwDgYDVR0PAQH/BAQD +AgGmMA8GA1UdJQQIMAYGBFUdJQAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU +jIVag0e3TybSjHc21m/LzR99u1YwDQYJKoZIhvcNAQELBQADggIBAFs7zA9s8kd0 +hrFDAMBS/c3r48u8+AkAVVskwBMhUEohuCEKkHhObJbVTczx6Vk18sCWz/opDNAP +Op71MT1Kl797EfCJNUEynED3zJqQmqpI+Z+4+PaIjst5E/nGdoqtomgo1jMxIbJP +Bu5ZHYWOueJFIMYnGgE7OGRndhzlJSWI8uafu0NazbANfnfA/jsRL5W/YDwuMEPb +vkbrYpfZs65ICATauSnrBZ5dFEHJ1Tdl0SYujRO/e/E0w1Sc5cVMV+1jlKTmt4IJ +giojJ82+CV6AQh3EC3A7CTGWwsYGkXnovEoTBOwHthSDnswkm2DyAquHVnOegIgW +FiJXQIQnIzP3QoEIlSy7jsQHvKJ0jt4W3M76Jd8PQQ3DnC95pR0llYMjslc+stin +RI0S2HRIxHS5qQ1XowquMdwAJFBZpM805Tp4ieDPfS9sZT54ah4SE/7MzXDjPS3w +W4Q2kp5X6bcbhkMH4kt1jYFggm2KdFcL3huXw6qakveDWelaLRY8c47y98zYmNPP +MCREDXhLpR5J7udX1kInmFZ/JI99zWC/V1HXGJ5eND/1USrmSABJlgxU0gdvLJ9o +jFO2ULVuF14vraAItqtMT9z/ge4zNJC7rQnSiAtdjvQOeS5asbRvatE/jDlsqBdI +X1AyiJu2jRQxqARA5J6iIZ5sHTzHJ6vH +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFyDCCA7CgAwIBAgIRAJhzsQ9PS6cSzJuE6HX04fgwDQYJKoZIhvcNAQELBQAw +dDELMAkGA1UEBhMCVVMxEzARBgNVBAoTClByb21ldGhldXMxKTAnBgNVBAsTIFBy +b21ldGhldXMgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MSUwIwYDVQQDExxQcm9tZXRo +ZXVzIFRMUyBJcnJlbGV2YW50IENBMCAXDTIzMDczMTA0NTEyOFoYDzIwNzMwNzE4 +MDQ1MTI4WjB0MQswCQYDVQQGEwJVUzETMBEGA1UEChMKUHJvbWV0aGV1czEpMCcG +A1UECxMgUHJvbWV0aGV1cyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxJTAjBgNVBAMT +HFByb21ldGhldXMgVExTIElycmVsZXZhbnQgQ0EwggIiMA0GCSqGSIb3DQEBAQUA +A4ICDwAwggIKAoICAQDYgx/DdoBGBVxVVl7A9y0jeNqfNC34Q3LFQbwq7iISNi8o +nfQlsWXCBcygzlitCMhTv2bBH4wBtzhvI10qWWb1x9h3UW3AtYIxxHn4kfIuTfbu +yuwqnxvzFnPqiJqzKIdiZc2bqbPnZYtkcM6JwNb4orvViZdQ1CfQnOBKbp+CYcLf +V8M2qYQi1w0HW8Bdcz0rqOsdudK9hDlsGju7yZPrKOIIkEy9Qxmlaz3GJM9qyGrm +WHErKlIjXlZOFlN2lGTdTYSkXy06Cr9wsDSl/hE2tbmDurmB6C8vNRD+IKtCAqyd +egO9ot/mYq52zRnGefA6bBsI3BRERlOw1NUJirni3z9p1cyg+B5LmeOq7zPwFoZI +1vH8xcFN+diJIHmBR7j7U2yiGSM8QwtRw+jXTJsl4wpcLAuZNfW/HjjW9BBztK+7 +BxhCQ3guyHM8V+tZh7Y8H/r6CPR+IoVboNTgVIuvJ7f8Xjzq7HPF8dnYdX5PHxtJ +UwSYPoQQ2Lp9BeBGeNnGO2MXl6Y736+dj8ZWnHOsEr6KBorXa6HX8TK5BstHFsfs +nvdllNwEKVtu8neCTeWZNGD+2JhihXF1FoAROIV7N0sUjfrphoKLIkHJxA6AHY8E +ARILzHdpwXzZ0aSLgphwqwHiSp3WRV+mqZZLX0464nmJNPHAc2HuFjt7vKRE6QID +AQABo1MwUTAOBgNVHQ8BAf8EBAMCAaYwDwYDVR0lBAgwBgYEVR0lADAPBgNVHRMB +Af8EBTADAQH/MB0GA1UdDgQWBBRZMKhiUrsd6DygvU08uLd6hkNcxzANBgkqhkiG +9w0BAQsFAAOCAgEAC3kVo2h2dnogDcOMKyjJrDsIrM8cLVzJBJ1XhUGRdfaZpkyp +DzgtwoB06kxePLeu3qJoeFitml6zYZzlFC15E5f79hXd7BTjL5qIfWV2u0iDewte +VMMNb36iDGyNgpkWAKGpahbjh45pjB4iL0+5ZuPLBmcdd+T/wQzGS5VtyHQczvY8 +XPk1DT8wnnExiRKR7xaZibVGrsqYqUtYhMqZT6vNmiwjwpoik9zQbTGWYxr8EEu6 +3RW0F31ovonz5yC++/UavnBl5C+TwD0677CsKWC41sErqaiKylSIyd8oUrlP0lIS +l0G7UvmBrtmBkbNb0x/u97MYN5L87JpN+wpmOF4dhyjnL9CnwPEMl43EkHVfaOEN +9/dBl0IQalGbJZyhDAnLPgGEi6U7OolLv41ENAuFhSarFGjFyoRMOBrkRikg8+Li +n2iSPzobtrt3VTgnT2Ir7hE7elI5TyUWZoM9fGjuO2l5SYDU2PEA1u1XsZMUBjxE +RX1Oa1m9wGoU4SbTiWcm8cL/+XSkZxFF5aNma+3Oe2rskp/rNhi+XN8V3yqdyL5Z +sknP8kljATJvILBdhx6IOUFIActJmOtzxO7IUo8NtvgOHira+kcphaMuykrw6JSB +61zJplX0KPjZGdazEK6XBpo8cHJcyNAyitBv670euK61KeRKwlBqrdOv3uA= +-----END CERTIFICATE----- diff --git a/config/testdata/tls-ca-chain.pem b/config/testdata/tls-ca-chain.pem index b67023a7..246b4d80 100644 --- a/config/testdata/tls-ca-chain.pem +++ b/config/testdata/tls-ca-chain.pem @@ -1,67 +1,67 @@ -----BEGIN CERTIFICATE----- -MIIF1DCCA7ygAwIBAgIRAMMSh5NoexSCjSvDRf1fpgIwDQYJKoZIhvcNAQELBQAw +MIIF1DCCA7ygAwIBAgIRAJhzsQ9PS6cSzJuE6HX04fcwDQYJKoZIhvcNAQELBQAw ajELMAkGA1UEBhMCVVMxEzARBgNVBAoTClByb21ldGhldXMxKTAnBgNVBAsTIFBy b21ldGhldXMgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRswGQYDVQQDExJQcm9tZXRo -ZXVzIFJvb3QgQ0EwIBcNMjIwNzA4MDkxNTA2WhgPMjA3MjA2MjUwOTE1MDZaMGkx +ZXVzIFJvb3QgQ0EwIBcNMjMwNzMxMDQ1MTI1WhgPMjA3MzA3MTgwNDUxMjVaMGkx CzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpQcm9tZXRoZXVzMSkwJwYDVQQLEyBQcm9t ZXRoZXVzIENlcnRpZmljYXRlIEF1dGhvcml0eTEaMBgGA1UEAxMRUHJvbWV0aGV1 -cyBUTFMgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDXtUbZhHR2 -xElyGJ+BwcZh4hm4dh1OhlJ6g98H2rEOK6bBxeO5YZnthfCnHI6WYN270ylusUc6 -JVkuU/1PO7NLYsl1D4ZIrRKQBWfg88BYrDO38HUkrm4aohlpT0+f7SiA7eRl1Mb5 -x6fi5BAVE5wnQJTE8VPBU+lXJB+SfZEixu+o1PlxVAdMYPAu1Yijakr1lDuZex+/ -j/700mihSAcwOvJ/+p4u2WNj0CMvQWiV5+VBZYrfpRN4/201FoyWILIv3HLq5OKp -Bpl/TvJ4J8oG1Cbzjm52qLgUOvHkAJ0I04DxWWywHF0VRumwLSqae0xo+KPPijj7 -bdnCx+vy37PbFOghzKzSIbPuccfKivVpChgy9n0kkgQhm9cgFE5SBuO6jfRwto0g -drSOMIzyXELDG0h0nB2gsPUHjD/OD1DT0VsW/9xXOPBfVgtPFn5LoZ8ninAFmk2r -ZiRJhCXhh+Rlw2F/s2STP66RnUGVdfP2syV+UlgJlE7EPE8cDbyfQqg7FTflq+t+ -HgXFCAkJ4S34+/qCbGv3DlbnC1lq+FiVwexm1TcfL/lYfhPr/J6VoeFZw4bjTPNa -jUILpsXv6IQzgPfCBxeZC6dDkK1D0cEXAqRRYKEFxdLnMjBcUZlWUV9uTuk01fDc -58bmlHt5sEqhcdUqHrR5PdoWJVOSbFwYBwIDAQABo3QwcjAOBgNVHQ8BAf8EBAMC -AqQwDwYDVR0lBAgwBgYEVR0lADAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTG -mh4eYNPmKKXi3dSJIs18ivSv8zAfBgNVHSMEGDAWgBRJPrEOm2ZrMgr9AFTz9LZy -0fDNNjANBgkqhkiG9w0BAQsFAAOCAgEAoc0OImcyyKSbVK63QA8VmD2o9Xr7abxX -o+f+QXWDqKAlNDAuXLYBjHMCc9YFsxXa9XkuKZeIxzop4h9iGG+fxMVPTx3T0gTm -MAuHcPka10z4Gy6ZxLzDmxJPkJ46b1n0K2fsv9XshzsHERz3VavwHXbC5mBo1CwI -6xLLtTWMuJdoyt0261D7Dat1JAFIWm2j+kxGvyIP0gNtRsUKOFA22Tlt42sEYnXa -7wmY7b15rndG69Xg9ZiVI5Mb/10gDJQcym23PXRn+JEgssE+WcYhll8f/LRmD49v -ZlBBD1dVoc9JyrgT+An+2Z8lE6wCSPqWSwhzvBW4dyB/u7Jn23dlV1SwJR8x/IaW -j/DhCELNqD6cSlRK3yjE/a2/iK0F6pNrVgKDY+/9uwFxwkjIRwqfcFtT6YpZ33mg -kSdTTbYpeg3XkLYZayE3ntzEhooyQdrJR6YyFVwsgcBCkeLrEbC7y/AG1MQEdKsZ -i3q730vztGQBR1ymPwgbB6qzGOXhmnhJHnQjeP2CJWnzDeOh2Vs4CxLAQZJ/dhYd -qrbYPAT8FJkp2PvoJP8zpmD7a8QC+6Gr17kl9OupPQrIIfxCXYZKDdGOlkDSUC16 -6y0E1WZnI+LVbQB1M584lB2/8jU4xqMqUPfoIcbjkjih9nvVA6t547527MeeTvXT -0ig2QvMFWMw= +cyBUTFMgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDCuw6dfOUW +ogpZcsw0/6kH2AWi2STZnfPoib5gkoGlFSDyHPNugIS/aynHf60/LfmwbQuOj06A +/eIgYVN1n0skJMOVITkbVzPS6Bbo39b1AfL3jhRDu/WGlXSlRB+joUhf8pP4aaZz +lZ404lC5a8E0qTqsWVUchQMOdJtisK2cOhVAdUwNfB/2tOqAMr5iQ97J0RivD7Yq +7y/l/ylmQv82tVR5XSiwWa71GsNLMJyv3fl7KrLb+ErbgQOfkk1XuGpE8/3oTNhg +u/2fSo4lDbak9NMrBryGYpzYnNX7XBeR+cEigjUvwdQtBIX+jC+qn2IJqvZF3izL +qWJWYISfg14RJmB2A2Qdp3+363KQSmOh1kmeu7NeVWdIYRiR2+e8a/E/Ez7n6k9m +a7xkljQtQc0eNz35ob2R+uCNgTkR2Fjy8HQ8jNjl3YTd5WMTdhvx/74hgbaNV1nf +VeAsEdoZTf/KedpEwcgcwCVv6MNDsSu5NAjA1lg+iA8hyalCXRsPbiNVYSk52SEV +r+DNw63NdaOE/roQ37YEsWgTiq4zrcnhZl4tSmhag/l1gKucnGFzxP0Mg77gNgyI +XO1r0BX1XUJ4eNbKwRju7CV1FjRI/gv3lqZqvEkYX0LP1ynZw0dN33b2ERdEi5YK +k4wqk46C4oSyDK/BNH606qclLNHLoEl9bQIDAQABo3QwcjAOBgNVHQ8BAf8EBAMC +AaYwDwYDVR0lBAgwBgYEVR0lADAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQK +AMwiuX2t9mIv0BR5VU72q0U7gTAfBgNVHSMEGDAWgBSMhVqDR7dPJtKMdzbWb8vN +H327VjANBgkqhkiG9w0BAQsFAAOCAgEAGWjhP8z2LJBUo0jfGGBMxUNhiutosvvk +9XqVqRG6R+TynzR7Jsyi8Jf5ued9UUVavq2urqx4ar61etH2c1at2AQe4FACrrWe ++Bj5iMywEc3ypKKy9zLevvPM37pVBWCG8OlvI0WINxfYmZh9rR/xD2+FHbw5Dbyt +VUboFRVBMxDHgvkAPMRmJQooQjxBXY5ElB3DTHsyYrDGOQskUPrn6m1gbdSbSqNy +Mxmhaxw5i3CMBaKHUQ7ztm85K8d8ZV8eojCNcRFNTDYT3/x7zIxtPpZKux2Kjm4T +S6kY3seZSjFurs2YkMvumVV0M8PsVNvrw1F1otIMFdR8pj4gA0lAcil/QdHeg/Tu +GGv23QedsvTQYYhx7C+t+nh+M34vVV5DEBa9p0TKXzS2QJuzGcEtuTuCfJrbVHO9 +dRCLNEC2leCc1EhBnMj0LjBTRjOluC8y/08nzJJBNoQlDUrL+kZ2STvkzhJ15PmA +uddX5wleINDx+qc+e/hqf/o28o5dsUf0B4iqWo5dzKRIB4eeVu0WG91r7NMDgIe/ +bn42VolPjHquPgibE2zDISFUBukJsJIakOzkHbkorbupIaa5n0uzDs9D8wg/6vAR +o1VgW0XC0KUTmCiuqVYbAwsm7GiJcCOIP+588/RvbVvAqQkpN/PcQJ2uT57cXPxY +Rq4oaSeLcio= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIFtDCCA5ygAwIBAgIRAMMSh5NoexSCjSvDRf1fpgEwDQYJKoZIhvcNAQELBQAw +MIIFtDCCA5ygAwIBAgIRAJhzsQ9PS6cSzJuE6HX04fYwDQYJKoZIhvcNAQELBQAw ajELMAkGA1UEBhMCVVMxEzARBgNVBAoTClByb21ldGhldXMxKTAnBgNVBAsTIFBy b21ldGhldXMgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRswGQYDVQQDExJQcm9tZXRo -ZXVzIFJvb3QgQ0EwIBcNMjIwNzA4MDkxNTA0WhgPMjA3MjA2MjUwOTE1MDRaMGox +ZXVzIFJvb3QgQ0EwIBcNMjMwNzMxMDQ1MTIwWhgPMjA3MzA3MTgwNDUxMjBaMGox CzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpQcm9tZXRoZXVzMSkwJwYDVQQLEyBQcm9t ZXRoZXVzIENlcnRpZmljYXRlIEF1dGhvcml0eTEbMBkGA1UEAxMSUHJvbWV0aGV1 -cyBSb290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArkzRPi21 -E299vXw4FBbMfCXI258SxvvjRVRuKdAHLOBpEEqkYH6r6ScbZaisBFtIePv4ddKl -rmv+nDwN84/KS54OOtw1cWD4AnDB0kL3B0pWXjTS1F/u57hRLxM6Ta0UubKbta/h -WqSOR/fAA5sgcl+JbbR61QWVeYYXg9bM8YGTwQMeJod26tIUeX/Reo9BHuiW4jPb -pvVf7rsOs8E2cGwfYjZu6Zj2qcCxQ/ivCpopKFLNlaKko/KlGDGz9KxK5X3ik+sE -fPK9LzLC0k2RLGc3EmcMkdyqE3VNih9nV9SalAXN5yBdYaWWjJXykty7ilU32MBF -yO4myL48vif2K68pD/CFhG8YmIOud3woMm1IYS9xlsYKf7+f5CNlxqz+eSoOGhcG -dSDNft3h5nuq9J/qb2rIgWMSc2puFNRsx+fis0kS5GvjVadR0lxtArbrNm4S+F22 -EjGxeBF5VIWiu31uppbdASIw6DTKcrSVVoWxq+Fk3OOB+7q+rornosop9a/omXGH -0cTmgarjJtMqa0TEQiUPQPPnmpC1joeC7/kh7aks93wfHtY73uAVnTjLGTOwlr50 -CgRShcRoLLN049V93l46AFHU/4HWns8dqgdcdGnvIdUCFik916pKDSvEc/DfMLGh -H6w9Xlg4+2LgCyG2/FBEMTj+bLoraydzyaECAwEAAaNTMFEwDgYDVR0PAQH/BAQD -AgKkMA8GA1UdJQQIMAYGBFUdJQAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU -ST6xDptmazIK/QBU8/S2ctHwzTYwDQYJKoZIhvcNAQELBQADggIBAHM79R/uQwQX -vsBDfKyBXWFlrhHAgX8XAwMKHjstpQYCcJoiGLRJaMMjxj31T1tylqPdcxz88THN -uj9kVFYMo1GU5K9E9lq0LoWQBmX2R7/RgxWqB7FNS+S0xfGyeUb3YPVPI1yhtsKa -6mCtTuCVgsgs/hTa+umjtffxj7l+IQxD8Fq0RFBae+S0v5mjVC2sUVd6usqVt7F6 -LUVuYShyAI705guIV9nkz8ZyLzUBJnQAJ8g6DU+nLmdizigUG+JoD/hBbK2hvcjX -SL7JLAhYRI4kzWcYR0GUfDf2knFEWNhU8gCPnw70FHMD9QC3NKkQsPvyQRyJh99+ -ipwUFbGJJRYWjFBbUxlqZNqBg6+ylZNFGEnG42u2KvPXjgPdivlQWkrX6nG0ayyl -rYrvi0FawP3OBpCrhYhqsqkA2m+5L2Pl+J2SsDv4qmPB6fh7K0YDVB37AZSG+nfL -oXXpUtwfc9tR71S7GmgkcqYOkHfSzl7ecxXtE2xyl3zhkUPR9YcG+rQhXRRp0lxF -kR0EtGOGuvXMCQ/vBVPNEDS3jdceqIrIRI1yPUdhFkF7lrLsfFULllOt6qQWnhn2 -A2ObxHToohwuyri/v8QhqNI2Bg0jJHcAJi8I8taToAstCWrtn+WXyfj/QknAik47 -aOK9l5wSyyqPfkHybKvT6z9pqWUchJsz +cyBSb290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4PctUOlH +K3x4a3EmOwP1PhBYc1D4TaSmR35Uer6cosLLhDI9YW4kBuAsdavjUyGYHBTOC3h1 +YnaREOLs7fCOntRa7DjxwgKdVvu1YGFrnXg/n9AsXMtkEPenFJYhF588h+xQD4Kp +2KISOYBe/QEyj7ql/VESrfHLsRL3PZOjZyuYV9XQH2B64OnGnwZpALKuD0aesUor +iIpGghnvY9VlJa2yuZb77HRetrBSusaOO4SFuvatA7OD7o06CM8uad8nlTqiwCX8 +49mT3AGjzZezSTZO3LvXVLIhjbzDWjceXH5zdNL0FRmLYXRRo9iQ7QrO2YP+hVQd +m13/+/S+YkyWzhi/G1Upx2aAPUErS1c862yGeqK+l55qRfAnl7JzIZmcqAZKtwL2 +ChcupLyoY2UYFBEFAFFjfqlyHt26QCiQ0RASGy7pLjWo3dDqPAM0DLXQfZO38UQl +VGeK0X3i8BsgaHI6AHhp12Bzas3i/zk9YdevlMrbQ04/OmxFXyUMPD3k2nornjcI ++fnOk6nGyGAAAtVk9HDdP5Z9zyrtQYhUOe4BT0fi5gSnvIZB8Bq5mzdKK4xiFhrA +TqcyPSp/l4HQKYgQhIuezO8eMIuBWvDNZ17MNf6LdlBDdvFGWM5myPUMk4jllEZ7 +RAItzdKd8sV/9vPd5r7knFF3W4QtYeFC1iUCAwEAAaNTMFEwDgYDVR0PAQH/BAQD +AgGmMA8GA1UdJQQIMAYGBFUdJQAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU +jIVag0e3TybSjHc21m/LzR99u1YwDQYJKoZIhvcNAQELBQADggIBAFs7zA9s8kd0 +hrFDAMBS/c3r48u8+AkAVVskwBMhUEohuCEKkHhObJbVTczx6Vk18sCWz/opDNAP +Op71MT1Kl797EfCJNUEynED3zJqQmqpI+Z+4+PaIjst5E/nGdoqtomgo1jMxIbJP +Bu5ZHYWOueJFIMYnGgE7OGRndhzlJSWI8uafu0NazbANfnfA/jsRL5W/YDwuMEPb +vkbrYpfZs65ICATauSnrBZ5dFEHJ1Tdl0SYujRO/e/E0w1Sc5cVMV+1jlKTmt4IJ +giojJ82+CV6AQh3EC3A7CTGWwsYGkXnovEoTBOwHthSDnswkm2DyAquHVnOegIgW +FiJXQIQnIzP3QoEIlSy7jsQHvKJ0jt4W3M76Jd8PQQ3DnC95pR0llYMjslc+stin +RI0S2HRIxHS5qQ1XowquMdwAJFBZpM805Tp4ieDPfS9sZT54ah4SE/7MzXDjPS3w +W4Q2kp5X6bcbhkMH4kt1jYFggm2KdFcL3huXw6qakveDWelaLRY8c47y98zYmNPP +MCREDXhLpR5J7udX1kInmFZ/JI99zWC/V1HXGJ5eND/1USrmSABJlgxU0gdvLJ9o +jFO2ULVuF14vraAItqtMT9z/ge4zNJC7rQnSiAtdjvQOeS5asbRvatE/jDlsqBdI +X1AyiJu2jRQxqARA5J6iIZ5sHTzHJ6vH -----END CERTIFICATE----- diff --git a/config/testdata/tls-ca-no-root.pem b/config/testdata/tls-ca-no-root.pem new file mode 100644 index 00000000..e0338fff --- /dev/null +++ b/config/testdata/tls-ca-no-root.pem @@ -0,0 +1,34 @@ +-----BEGIN CERTIFICATE----- +MIIF1DCCA7ygAwIBAgIRAJhzsQ9PS6cSzJuE6HX04fcwDQYJKoZIhvcNAQELBQAw +ajELMAkGA1UEBhMCVVMxEzARBgNVBAoTClByb21ldGhldXMxKTAnBgNVBAsTIFBy +b21ldGhldXMgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRswGQYDVQQDExJQcm9tZXRo +ZXVzIFJvb3QgQ0EwIBcNMjMwNzMxMDQ1MTI1WhgPMjA3MzA3MTgwNDUxMjVaMGkx +CzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpQcm9tZXRoZXVzMSkwJwYDVQQLEyBQcm9t +ZXRoZXVzIENlcnRpZmljYXRlIEF1dGhvcml0eTEaMBgGA1UEAxMRUHJvbWV0aGV1 +cyBUTFMgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDCuw6dfOUW +ogpZcsw0/6kH2AWi2STZnfPoib5gkoGlFSDyHPNugIS/aynHf60/LfmwbQuOj06A +/eIgYVN1n0skJMOVITkbVzPS6Bbo39b1AfL3jhRDu/WGlXSlRB+joUhf8pP4aaZz +lZ404lC5a8E0qTqsWVUchQMOdJtisK2cOhVAdUwNfB/2tOqAMr5iQ97J0RivD7Yq +7y/l/ylmQv82tVR5XSiwWa71GsNLMJyv3fl7KrLb+ErbgQOfkk1XuGpE8/3oTNhg +u/2fSo4lDbak9NMrBryGYpzYnNX7XBeR+cEigjUvwdQtBIX+jC+qn2IJqvZF3izL +qWJWYISfg14RJmB2A2Qdp3+363KQSmOh1kmeu7NeVWdIYRiR2+e8a/E/Ez7n6k9m +a7xkljQtQc0eNz35ob2R+uCNgTkR2Fjy8HQ8jNjl3YTd5WMTdhvx/74hgbaNV1nf +VeAsEdoZTf/KedpEwcgcwCVv6MNDsSu5NAjA1lg+iA8hyalCXRsPbiNVYSk52SEV +r+DNw63NdaOE/roQ37YEsWgTiq4zrcnhZl4tSmhag/l1gKucnGFzxP0Mg77gNgyI +XO1r0BX1XUJ4eNbKwRju7CV1FjRI/gv3lqZqvEkYX0LP1ynZw0dN33b2ERdEi5YK +k4wqk46C4oSyDK/BNH606qclLNHLoEl9bQIDAQABo3QwcjAOBgNVHQ8BAf8EBAMC +AaYwDwYDVR0lBAgwBgYEVR0lADAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQK +AMwiuX2t9mIv0BR5VU72q0U7gTAfBgNVHSMEGDAWgBSMhVqDR7dPJtKMdzbWb8vN +H327VjANBgkqhkiG9w0BAQsFAAOCAgEAGWjhP8z2LJBUo0jfGGBMxUNhiutosvvk +9XqVqRG6R+TynzR7Jsyi8Jf5ued9UUVavq2urqx4ar61etH2c1at2AQe4FACrrWe ++Bj5iMywEc3ypKKy9zLevvPM37pVBWCG8OlvI0WINxfYmZh9rR/xD2+FHbw5Dbyt +VUboFRVBMxDHgvkAPMRmJQooQjxBXY5ElB3DTHsyYrDGOQskUPrn6m1gbdSbSqNy +Mxmhaxw5i3CMBaKHUQ7ztm85K8d8ZV8eojCNcRFNTDYT3/x7zIxtPpZKux2Kjm4T +S6kY3seZSjFurs2YkMvumVV0M8PsVNvrw1F1otIMFdR8pj4gA0lAcil/QdHeg/Tu +GGv23QedsvTQYYhx7C+t+nh+M34vVV5DEBa9p0TKXzS2QJuzGcEtuTuCfJrbVHO9 +dRCLNEC2leCc1EhBnMj0LjBTRjOluC8y/08nzJJBNoQlDUrL+kZ2STvkzhJ15PmA +uddX5wleINDx+qc+e/hqf/o28o5dsUf0B4iqWo5dzKRIB4eeVu0WG91r7NMDgIe/ +bn42VolPjHquPgibE2zDISFUBukJsJIakOzkHbkorbupIaa5n0uzDs9D8wg/6vAR +o1VgW0XC0KUTmCiuqVYbAwsm7GiJcCOIP+588/RvbVvAqQkpN/PcQJ2uT57cXPxY +Rq4oaSeLcio= +-----END CERTIFICATE-----