[glib-networking] tests: added certificate chain unit tests
- From: Aleix Conchillo Flaqué <aconchillo src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [glib-networking] tests: added certificate chain unit tests
- Date: Mon, 6 Oct 2014 17:24:44 +0000 (UTC)
commit dc1ffeee2e166c6129285127124bc50878c17815
Author: Aleix Conchillo Flaqué <aconchillo gmail com>
Date: Mon Oct 6 10:22:32 2014 -0700
tests: added certificate chain unit tests
We add a new intermediate CA and a new server certificate signed by this
new CA. Unit tests verify that the chain is loaded successfully and that
the old behavior is kept by loading a file with an invalid chain.
https://bugzilla.gnome.org/show_bug.cgi?id=729739
tls/tests/certificate.c | 55 +++++++++++++++++++++++
tls/tests/files/chain.pem | 59 +++++++++++++++++++++++++
tls/tests/files/create-files.sh | 61 +++++++++++++++++++++++++-
tls/tests/files/intermediate-ca-csr.pem | 12 +++++
tls/tests/files/intermediate-ca-key.pem | 9 ++++
tls/tests/files/intermediate-ca.pem | 22 +++++++++
tls/tests/files/server-intermediate-csr.pem | 9 ++++
tls/tests/files/server-intermediate-key.pem | 9 ++++
tls/tests/files/server-intermediate.pem | 14 ++++++
tls/tests/files/ssl/intermediate-ca.conf | 31 +++++++++++++
tls/tests/files/ssl/server-intermediate.conf | 27 +++++++++++
11 files changed, 306 insertions(+), 2 deletions(-)
---
diff --git a/tls/tests/certificate.c b/tls/tests/certificate.c
index 6ba85d9..541d217 100644
--- a/tls/tests/certificate.c
+++ b/tls/tests/certificate.c
@@ -221,6 +221,59 @@ test_create_certificate_with_issuer (TestCertificate *test,
}
static void
+test_create_certificate_chain (void)
+{
+ GTlsCertificate *cert, *intermediate, *root;
+ GError *error = NULL;
+
+ cert = g_tls_certificate_new_from_file (tls_test_file_path ("chain.pem"), &error);
+ g_assert_no_error (error);
+ g_assert (G_IS_TLS_CERTIFICATE (cert));
+
+ intermediate = g_tls_certificate_get_issuer (cert);
+ g_assert (G_IS_TLS_CERTIFICATE (intermediate));
+
+ root = g_tls_certificate_get_issuer (intermediate);
+ g_assert (G_IS_TLS_CERTIFICATE (root));
+
+ g_assert (g_tls_certificate_get_issuer (root) == NULL);
+
+ g_object_unref (cert);
+}
+
+static void
+test_create_certificate_no_chain (void)
+{
+ GTlsCertificate *cert, *issuer;
+ GError *error = NULL;
+ gchar *cert_pem;
+ gsize cert_pem_length;
+
+ cert = g_tls_certificate_new_from_file (tls_test_file_path ("non-ca.pem"), &error);
+ g_assert_no_error (error);
+ g_assert (G_IS_TLS_CERTIFICATE (cert));
+
+ issuer = g_tls_certificate_get_issuer (cert);
+ g_assert (issuer == NULL);
+ g_object_unref (cert);
+
+ /* Truncate a valid chain certificate file. We should only get the
+ * first certificate.
+ */
+ g_file_get_contents (tls_test_file_path ("chain.pem"), &cert_pem,
+ &cert_pem_length, &error);
+ g_assert_no_error (error);
+
+ cert = g_tls_certificate_new_from_pem (cert_pem, cert_pem_length - 100, &error);
+ g_assert_no_error (error);
+ g_assert (G_IS_TLS_CERTIFICATE (cert));
+
+ issuer = g_tls_certificate_get_issuer (cert);
+ g_assert (issuer == NULL);
+ g_object_unref (cert);
+}
+
+static void
test_create_list (void)
{
GList *list;
@@ -494,6 +547,8 @@ main (int argc,
setup_certificate, test_create_with_key_der, teardown_certificate);
g_test_add ("/tls/certificate/create-with-issuer", TestCertificate, NULL,
setup_certificate, test_create_certificate_with_issuer, teardown_certificate);
+ g_test_add_func ("/tls/certificate/create-chain", test_create_certificate_chain);
+ g_test_add_func ("/tls/certificate/create-no-chain", test_create_certificate_no_chain);
g_test_add_func ("/tls/certificate/create-list", test_create_list);
g_test_add_func ("/tls/certificate/create-list-bad", test_create_list_bad);
diff --git a/tls/tests/files/chain.pem b/tls/tests/files/chain.pem
new file mode 100644
index 0000000..dc21b3e
--- /dev/null
+++ b/tls/tests/files/chain.pem
@@ -0,0 +1,59 @@
+-----BEGIN CERTIFICATE-----
+MIICKjCCAdSgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBrTETMBEGCgmSJomT8ixk
+ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxKzApBgNVBAsMIkludGVy
+bWVkaWF0ZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxJDAiBgNVBAMMG2ludGVybWVk
+aWF0ZS1jYS5leGFtcGxlLmNvbTEqMCgGCSqGSIb3DQEJARYbaW50ZXJtZWRpYXRl
+LWNhQGV4YW1wbGUuY29tMB4XDTE0MDczMTE4MDQwNVoXDTM5MDcyNTE4MDQwNVow
+WDETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUx
+KDAmBgNVBAMMH3NlcnZlci1pbnRlcm1lZGlhdGUuZXhhbXBsZS5jb20wXDANBgkq
+hkiG9w0BAQEFAANLADBIAkEAtJ7gH4CHiiALnnOqu79ToTGj8I1xd8m62+WDGwib
+tMfNrQ+Jjw7SU0gjv2GFk3TX3HY456Sp/OnCPTB2C3lx5wIDAQABozMwMTAJBgNV
+HRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1UdEQQIMAaHBMCoARYwDQYJ
+KoZIhvcNAQEFBQADQQBPcxVN1ylw3GKWeZMm6ZD+CSTSfgFjlbm/c0oGZCnz8fvs
+vCf7OpmCBLaArbkZlxNP6a6dAP23mcx6+WwKP8km
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDrjCCAxegAwIBAgIBBTANBgkqhkiG9w0BAQUFADCBhjETMBEGCgmSJomT8ixk
+ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRp
+ZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkq
+hkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tMB4XDTE0MDczMTE4MDQwNVoXDTM5MDcy
+NTE4MDQwNVowga0xEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZ
+FgdFWEFNUExFMSswKQYDVQQLDCJJbnRlcm1lZGlhdGUgQ2VydGlmaWNhdGUgQXV0
+aG9yaXR5MSQwIgYDVQQDDBtpbnRlcm1lZGlhdGUtY2EuZXhhbXBsZS5jb20xKjAo
+BgkqhkiG9w0BCQEWG2ludGVybWVkaWF0ZS1jYUBleGFtcGxlLmNvbTBcMA0GCSqG
+SIb3DQEBAQUAA0sAMEgCQQDZy5UlNwps/3/XguGKO8EmWhzTXJl6LcRmFaDcrlXO
+Dg8bak8LftX8e3coQR2/1UBHGrc/vx3iuaPo4zqb6klvAgMBAAGjggFFMIIBQTAd
+BgNVHQ4EFgQUY8cTwoNkLNWWDASVAmwmL8Upfk0wgbsGA1UdIwSBszCBsIAUuR3p
+wFSjo4H3Mb3UQDjQ4rxKDTehgYykgYkwgYYxEzARBgoJkiaJk/IsZAEZFgNDT00x
+FzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0ZSBB
+dXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcNAQkB
+Fg5jYUBleGFtcGxlLmNvbYIJAIKoNLAclgPoMA8GA1UdEwEB/wQFMAMBAf8wDgYD
+VR0PAQH/BAQDAgEGMCYGA1UdEQQfMB2BG2ludGVybWVkaWF0ZS1jYUBleGFtcGxl
+LmNvbTAZBgNVHRIEEjAQgQ5jYUBleGFtcGxlLmNvbTANBgkqhkiG9w0BAQUFAAOB
+gQBVb72AEGUWEbE9ZUZIy/zNJrsywSl3SDWcUIbHwCFihH0V7RfgmR+v22aPWSfq
+3r8Y3FIZ82RuFhAc1q0W1ZlbOvdVgVvCC/R97m2t/AzZ5Xo797aJYZ9TY+b6wVJH
+H/P3JPD/RrBXIW/OaK+L70n6O/ikhXwWDkpenPIoY4BBsg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDxjCCAy+gAwIBAgIJAIKoNLAclgPoMA0GCSqGSIb3DQEBBQUAMIGGMRMwEQYK
+CZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYHRVhBTVBMRTEeMBwGA1UE
+CwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcwFQYDVQQDDA5jYS5leGFtcGxlLmNv
+bTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wHhcNMDAwNzE3MTYwMDUz
+WhcNMzAwNzEwMTYwMDUzWjCBhjETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmS
+JomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0
+eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkqhkiG9w0BCQEWDmNhQGV4
+YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGfSd/mHqbKBQe
+5aIe3T/ZgVAxP0IczXrpP1CYeohiDfvcSff9000/6dk46XlVhSM4JPIMbrd23YPf
+u8bnlzHqrPD1+HdqwhnmwMhLl3GphB/0PuWoOeEDoFhYSE2XWccCLLc1GtX9nKiS
+GOH3Uam4WrQCibQ4IVL3WKs++U77jwIDAQABo4IBODCCATQwHQYDVR0OBBYEFLkd
+6cBUo6OB9zG91EA40OK8Sg03MIG7BgNVHSMEgbMwgbCAFLkd6cBUo6OB9zG91EA4
+0OK8Sg03oYGMpIGJMIGGMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPy
+LGQBGRYHRVhBTVBMRTEeMBwGA1UECwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcw
+FQYDVQQDDA5jYS5leGFtcGxlLmNvbTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBs
+ZS5jb22CCQCCqDSwHJYD6DAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
+BjAZBgNVHREEEjAQgQ5jYUBleGFtcGxlLmNvbTAZBgNVHRIEEjAQgQ5jYUBleGFt
+cGxlLmNvbTANBgkqhkiG9w0BAQUFAAOBgQAnIzWB2+yQIsyKfD6CpsPy9f/njn2A
+KZGI0CSJxOMPr4vxL7JvZHtGc3LLRdMtxlk1QlNQlGTr/SsEzZDQfYIF+gzVPZ+h
+bUy8HHWYerWh6Vz1yOe07I7XyGAyvu9xRaIN2DjDUEvXTd4wgZ+6TjzmwX34bvon
+JEOrMtYPA+tV4Q==
+-----END CERTIFICATE-----
diff --git a/tls/tests/files/create-files.sh b/tls/tests/files/create-files.sh
index ec2c752..9b4a737 100755
--- a/tls/tests/files/create-files.sh
+++ b/tls/tests/files/create-files.sh
@@ -29,7 +29,10 @@ echo
read -p "Press [Enter] key to continue..." key
-# Create serial file
+#######################################################################
+### Root CA
+#######################################################################
+
echo "00" > serial
msg "Creating CA private key"
@@ -38,6 +41,10 @@ openssl genrsa -out ca-key.pem 1024
msg "Creating CA certificate"
openssl req -x509 -new -config ssl/ca.conf -days 10950 -key ca-key.pem -out ca.pem
+#######################################################################
+### Server
+#######################################################################
+
msg "Creating server private key"
openssl genrsa -out server-key.pem 512
@@ -57,9 +64,17 @@ openssl x509 -in server.pem -outform DER -out server.der
msg "Converting server private key from PEM to DER"
openssl rsa -in server-key.pem -outform DER -out server-key.der
+#######################################################################
+### Server (self-signed)
+#######################################################################
+
msg "Creating server self-signed certificate"
openssl x509 -req -days 9125 -in server-csr.pem -signkey server-key.pem -out server-self.pem
+#######################################################################
+### Client
+#######################################################################
+
msg "Creating client private key"
openssl genrsa -out client-key.pem 2048
@@ -87,6 +102,10 @@ openssl x509 -req -in client-csr.pem -days 365 -startdate -enddate -CA ca.pem -C
sudo hwclock -s
touch client-future.pem
+#######################################################################
+### Concatenate all non-CA certificates
+#######################################################################
+
msg "Concatenating all non-CA certificates into a single file"
echo "client.pem:" > non-ca.pem
cat client.pem >> non-ca.pem
@@ -103,5 +122,43 @@ echo >> non-ca.pem
echo "server-self.pem:" >> non-ca.pem
cat server-self.pem >> non-ca.pem
-# We don't need the serial file anymore
+#######################################################################
+### Intermediate CA
+#######################################################################
+
+echo "00" > intermediate-serial
+
+msg "Creating intermediate CA private key"
+openssl genrsa -out intermediate-ca-key.pem 512
+
+msg "Creating intermediate CA certificate request"
+openssl req -config ssl/intermediate-ca.conf -key intermediate-ca-key.pem -new -out intermediate-ca-csr.pem
+
+msg "Creating intermediate CA certificate"
+openssl x509 -req -in intermediate-ca-csr.pem -days 9125 -CA ca.pem -CAkey ca-key.pem -CAserial serial
-extfile ssl/intermediate-ca.conf -extensions v3_req_ext -out intermediate-ca.pem
+
+#######################################################################
+### Server (signed by Intermediate CA)
+#######################################################################
+
+msg "Creating server (intermediate CA) private key"
+openssl genrsa -out server-intermediate-key.pem 512
+
+msg "Creating server (intermediate CA) certificate request"
+openssl req -config ssl/server-intermediate.conf -key server-intermediate-key.pem -new -out
server-intermediate-csr.pem
+
+msg "Creating server (intermediate CA) certificate"
+openssl x509 -req -in server-intermediate-csr.pem -days 9125 -CA intermediate-ca.pem -CAkey
intermediate-ca-key.pem -CAserial intermediate-serial -extfile ssl/server-intermediate.conf -extensions
v3_req_ext -out server-intermediate.pem
+
+msg "Concatenating server (intermediate CA) chain into a file"
+cat server-intermediate.pem > chain.pem
+cat intermediate-ca.pem >> chain.pem
+cat ca.pem >> chain.pem
+
+#######################################################################
+### Cleanup
+#######################################################################
+
+# We don't need the serial files anymore
rm -f serial
+rm -f intermediate-serial
diff --git a/tls/tests/files/intermediate-ca-csr.pem b/tls/tests/files/intermediate-ca-csr.pem
new file mode 100644
index 0000000..475c6da
--- /dev/null
+++ b/tls/tests/files/intermediate-ca-csr.pem
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBujCCAWQCAQAwga0xEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/Is
+ZAEZFgdFWEFNUExFMSswKQYDVQQLDCJJbnRlcm1lZGlhdGUgQ2VydGlmaWNhdGUg
+QXV0aG9yaXR5MSQwIgYDVQQDDBtpbnRlcm1lZGlhdGUtY2EuZXhhbXBsZS5jb20x
+KjAoBgkqhkiG9w0BCQEWG2ludGVybWVkaWF0ZS1jYUBleGFtcGxlLmNvbTBcMA0G
+CSqGSIb3DQEBAQUAA0sAMEgCQQDZy5UlNwps/3/XguGKO8EmWhzTXJl6LcRmFaDc
+rlXODg8bak8LftX8e3coQR2/1UBHGrc/vx3iuaPo4zqb6klvAgMBAAGgUTBPBgkq
+hkiG9w0BCQ4xQjBAMB0GA1UdDgQWBBRjxxPCg2Qs1ZYMBJUCbCYvxSl+TTAPBgNV
+HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAANBAL7G
+C93dOvWLF1e732ReW1O0jJwBy93EuEDJKWdkl4fP5ATqXXEVxtIOvodBRgJjZHjR
+orZTdnMZS2lJPRZHOms=
+-----END CERTIFICATE REQUEST-----
diff --git a/tls/tests/files/intermediate-ca-key.pem b/tls/tests/files/intermediate-ca-key.pem
new file mode 100644
index 0000000..9b29fd8
--- /dev/null
+++ b/tls/tests/files/intermediate-ca-key.pem
@@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBPAIBAAJBANnLlSU3Cmz/f9eC4Yo7wSZaHNNcmXotxGYVoNyuVc4ODxtqTwt+
+1fx7dyhBHb/VQEcatz+/HeK5o+jjOpvqSW8CAwEAAQJBAJBMZwOiJQE0guIpr/7j
+OkSLvb94AaPGgPJV8B9mTilXRFqOhU2fw/i+SbX42JM6wVY+ByomPfpNj1V/sI4K
+hrECIQDt6B6V//oXOLzsPx3idn3lPa9OUtKsneFU+0IIP6NvVwIhAOpb6BRPghIl
+Oq/jLHkRWOKaoU553YgEeMmKx/kMn9+pAiEAqBITAY9MQ/l+ZjwUxbdGK5xPa7rR
+QMdsuBelR6SFtpMCIQCIVntHBZIX2Eyx8ij3LZ5WBbr9mmvEK0XRickYG74OMQIg
+agZFDu2+IR8oP+KcXvT9gcMs1fgC90poZYiCsKD7Jss=
+-----END RSA PRIVATE KEY-----
diff --git a/tls/tests/files/intermediate-ca.pem b/tls/tests/files/intermediate-ca.pem
new file mode 100644
index 0000000..2de5efd
--- /dev/null
+++ b/tls/tests/files/intermediate-ca.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDrjCCAxegAwIBAgIBBTANBgkqhkiG9w0BAQUFADCBhjETMBEGCgmSJomT8ixk
+ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRp
+ZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkq
+hkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tMB4XDTE0MDczMTE4MDQwNVoXDTM5MDcy
+NTE4MDQwNVowga0xEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZ
+FgdFWEFNUExFMSswKQYDVQQLDCJJbnRlcm1lZGlhdGUgQ2VydGlmaWNhdGUgQXV0
+aG9yaXR5MSQwIgYDVQQDDBtpbnRlcm1lZGlhdGUtY2EuZXhhbXBsZS5jb20xKjAo
+BgkqhkiG9w0BCQEWG2ludGVybWVkaWF0ZS1jYUBleGFtcGxlLmNvbTBcMA0GCSqG
+SIb3DQEBAQUAA0sAMEgCQQDZy5UlNwps/3/XguGKO8EmWhzTXJl6LcRmFaDcrlXO
+Dg8bak8LftX8e3coQR2/1UBHGrc/vx3iuaPo4zqb6klvAgMBAAGjggFFMIIBQTAd
+BgNVHQ4EFgQUY8cTwoNkLNWWDASVAmwmL8Upfk0wgbsGA1UdIwSBszCBsIAUuR3p
+wFSjo4H3Mb3UQDjQ4rxKDTehgYykgYkwgYYxEzARBgoJkiaJk/IsZAEZFgNDT00x
+FzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0ZSBB
+dXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcNAQkB
+Fg5jYUBleGFtcGxlLmNvbYIJAIKoNLAclgPoMA8GA1UdEwEB/wQFMAMBAf8wDgYD
+VR0PAQH/BAQDAgEGMCYGA1UdEQQfMB2BG2ludGVybWVkaWF0ZS1jYUBleGFtcGxl
+LmNvbTAZBgNVHRIEEjAQgQ5jYUBleGFtcGxlLmNvbTANBgkqhkiG9w0BAQUFAAOB
+gQBVb72AEGUWEbE9ZUZIy/zNJrsywSl3SDWcUIbHwCFihH0V7RfgmR+v22aPWSfq
+3r8Y3FIZ82RuFhAc1q0W1ZlbOvdVgVvCC/R97m2t/AzZ5Xo797aJYZ9TY+b6wVJH
+H/P3JPD/RrBXIW/OaK+L70n6O/ikhXwWDkpenPIoY4BBsg==
+-----END CERTIFICATE-----
diff --git a/tls/tests/files/server-intermediate-csr.pem b/tls/tests/files/server-intermediate-csr.pem
new file mode 100644
index 0000000..ee82a25
--- /dev/null
+++ b/tls/tests/files/server-intermediate-csr.pem
@@ -0,0 +1,9 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBQzCB7gIBADBYMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPyLGQB
+GRYHRVhBTVBMRTEoMCYGA1UEAwwfc2VydmVyLWludGVybWVkaWF0ZS5leGFtcGxl
+LmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC0nuAfgIeKIAuec6q7v1OhMaPw
+jXF3ybrb5YMbCJu0x82tD4mPDtJTSCO/YYWTdNfcdjjnpKn86cI9MHYLeXHnAgMB
+AAGgMTAvBgkqhkiG9w0BCQ4xIjAgMAkGA1UdEwQCMAAwEwYDVR0lBAwwCgYIKwYB
+BQUHAwEwDQYJKoZIhvcNAQEFBQADQQAqVMCLX4TCIVVJWisEcXYSrAVJHtqsd1Tn
+SbN7hLt1p1wnHhf3BItUYzD0Fn9DtSXjvXs37lYEl7XA3qzICP/3
+-----END CERTIFICATE REQUEST-----
diff --git a/tls/tests/files/server-intermediate-key.pem b/tls/tests/files/server-intermediate-key.pem
new file mode 100644
index 0000000..e161e74
--- /dev/null
+++ b/tls/tests/files/server-intermediate-key.pem
@@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOgIBAAJBALSe4B+Ah4ogC55zqru/U6Exo/CNcXfJutvlgxsIm7THza0PiY8O
+0lNII79hhZN019x2OOekqfzpwj0wdgt5cecCAwEAAQJAGdZsWzVIrlKdNuJ29vqM
+nQ970yp4o9kguNohIhneJEL/NFnjMUAJTd5CIgXvKTzLtuT0l8QSeS3vu0m61RzY
+eQIhAN4glP7Hh8LeWf8y7R0MjufwC7LNLNIZGK6tSZ6G0h0rAiEA0Cn0JrJb0ZwZ
+lm/j3nyvyhW9d9tfH88NbTQqgSbIODUCID82EnB2o6HG2OGQwn1Tx48ldo7JaInZ
+bna3BY5BW6XFAiEAlvWF2LZJ/hWNPNrBzqxvs0bW01/keSXnn8VP+b9NPe0CIGtO
+aVNEJl+f7cGqtjXe9FYM0A2yn7YoBYH3yCpPOPRb
+-----END RSA PRIVATE KEY-----
diff --git a/tls/tests/files/server-intermediate.pem b/tls/tests/files/server-intermediate.pem
new file mode 100644
index 0000000..577bf85
--- /dev/null
+++ b/tls/tests/files/server-intermediate.pem
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICKjCCAdSgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBrTETMBEGCgmSJomT8ixk
+ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxKzApBgNVBAsMIkludGVy
+bWVkaWF0ZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxJDAiBgNVBAMMG2ludGVybWVk
+aWF0ZS1jYS5leGFtcGxlLmNvbTEqMCgGCSqGSIb3DQEJARYbaW50ZXJtZWRpYXRl
+LWNhQGV4YW1wbGUuY29tMB4XDTE0MDczMTE4MDQwNVoXDTM5MDcyNTE4MDQwNVow
+WDETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUx
+KDAmBgNVBAMMH3NlcnZlci1pbnRlcm1lZGlhdGUuZXhhbXBsZS5jb20wXDANBgkq
+hkiG9w0BAQEFAANLADBIAkEAtJ7gH4CHiiALnnOqu79ToTGj8I1xd8m62+WDGwib
+tMfNrQ+Jjw7SU0gjv2GFk3TX3HY456Sp/OnCPTB2C3lx5wIDAQABozMwMTAJBgNV
+HRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1UdEQQIMAaHBMCoARYwDQYJ
+KoZIhvcNAQEFBQADQQBPcxVN1ylw3GKWeZMm6ZD+CSTSfgFjlbm/c0oGZCnz8fvs
+vCf7OpmCBLaArbkZlxNP6a6dAP23mcx6+WwKP8km
+-----END CERTIFICATE-----
diff --git a/tls/tests/files/ssl/intermediate-ca.conf b/tls/tests/files/ssl/intermediate-ca.conf
new file mode 100644
index 0000000..f766c14
--- /dev/null
+++ b/tls/tests/files/ssl/intermediate-ca.conf
@@ -0,0 +1,31 @@
+# Intermediate Root CA
+
+[ req ]
+default_md = sha1
+utf8 = yes
+string_mask = utf8only
+prompt = no
+distinguished_name = req_dn
+req_extensions = req_ext
+x509_extensions = v3_req_ext
+
+[ req_dn ]
+0.domainComponent = "COM"
+1.domainComponent = "EXAMPLE"
+organizationalUnitName = "Intermediate Certificate Authority"
+commonName = "intermediate-ca.example.com"
+emailAddress = "intermediate-ca example com"
+
+[ req_ext ]
+subjectKeyIdentifier = hash
+#authorityKeyIdentifier = keyid:always,issuer:always
+basicConstraints = critical,CA:true
+keyUsage = critical,keyCertSign,cRLSign
+
+[ v3_req_ext ]
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer:always
+basicConstraints = critical,CA:true
+keyUsage = critical,keyCertSign,cRLSign
+subjectAltName = email:intermediate-ca example com
+issuerAltName = issuer:copy
diff --git a/tls/tests/files/ssl/server-intermediate.conf b/tls/tests/files/ssl/server-intermediate.conf
new file mode 100644
index 0000000..740a6ce
--- /dev/null
+++ b/tls/tests/files/ssl/server-intermediate.conf
@@ -0,0 +1,27 @@
+# Server
+
+[ req ]
+default_md = sha1
+utf8 = yes
+string_mask = utf8only
+prompt = no
+distinguished_name = req_dn
+req_extensions = req_ext
+x509_extensions = v3_req_ext
+
+[ req_dn ]
+0.domainComponent = "COM"
+1.domainComponent = "EXAMPLE"
+commonName = "server-intermediate.example.com"
+
+[ req_ext ]
+basicConstraints = CA:false
+extendedKeyUsage = serverAuth
+
+[ v3_req_ext ]
+basicConstraints = CA:false
+extendedKeyUsage = serverAuth
+subjectAltName = @alt_names
+
+[ alt_names ]
+IP.0 = 192.168.1.22
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
